From 5a6d40518926a9953c0a112c543773e67c020c5a Mon Sep 17 00:00:00 2001 From: <> Date: Tue, 26 Nov 2024 09:54:54 +0000 Subject: [PATCH] Deployed f41239dc4 with MkDocs version: 1.6.1 --- en/index.html | 10 +++++----- index.html | 10 +++++----- search/search_index.json | 2 +- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/en/index.html b/en/index.html index 41e34e3c31..3d700118c5 100644 --- a/en/index.html +++ b/en/index.html @@ -246,7 +246,7 @@
\u9019\u662f\u8c50\u6536\u4e8c\u865f AI \u7b97\u529b\u4e2d\u5fc3\u7684\u6a94\u6848\u7ad9\u3002
\u8fd9\u662f\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u9762\u5411\u7ba1\u7406\u5458\u7684\u8fd0\u7ef4\u6587\u6863\u3002
\u4e91\u4e3b\u673a
\u4e91\u4e3b\u673a\u662f\u90e8\u7f72\u5728\u4e91\u7aef\u7684\u865a\u62df\u673a\u3002
\u5bb9\u5668\u7ba1\u7406
\u7ba1\u7406 K8s \u96c6\u7fa4\u3001\u8282\u70b9\u3001\u5e94\u7528\u3001\u8d44\u6e90\u548c\u6743\u9650\u3002
\u7b97\u6cd5\u5f00\u53d1
\u7ba1\u7406 AI \u8d44\u6e90\u548c\u961f\u5217\u3002
\u53ef\u89c2\u6d4b\u6027
\u4e86\u89e3\u53ef\u89c2\u6d4b\u6027\u8d44\u6e90\uff0c\u914d\u7f6e\u548c\u6545\u969c\u6392\u67e5\u3002
\u5168\u5c40\u7ba1\u7406
\u7ba1\u63a7\u7528\u6237\u3001\u7528\u6237\u7ec4\u3001\u5de5\u4f5c\u7a7a\u95f4\u3001\u8d44\u6e90\u7b49\u8bbf\u95ee\u6743\u9650\u3002
5.0 AI Lab \u63d0\u4f9b\u4e86\u4efb\u52a1\u8c03\u5ea6\u5668\uff0c\u53ef\u4ee5\u5e2e\u52a9\u60a8\u66f4\u597d\u5730\u7ba1\u7406\u4efb\u52a1\uff0c\u9664\u4e86\u63d0\u4f9b\u57fa\u7840\u7684\u8c03\u5ea6\u5668\u4e4b\u5916\uff0c\u76ee\u524d\u4e5f\u652f\u6301\u7528\u6237\u81ea\u5b9a\u4e49\u8c03\u5ea6\u5668\u3002
"},{"location":"admin/baize/best-practice/add-scheduler.html#_2","title":"\u4efb\u52a1\u8c03\u5ea6\u5668\u4ecb\u7ecd","text":"\u5728 Kubernetes \u4e2d\uff0c\u4efb\u52a1\u8c03\u5ea6\u5668\u8d1f\u8d23\u51b3\u5b9a\u5c06 Pod \u5206\u914d\u5230\u54ea\u4e2a\u8282\u70b9\u4e0a\u8fd0\u884c\u3002\u5b83\u8003\u8651\u591a\u79cd\u56e0\u7d20\uff0c\u5982\u8d44\u6e90\u9700\u6c42\u3001\u786c\u4ef6/\u8f6f\u4ef6\u7ea6\u675f\u3001\u4eb2\u548c\u6027/\u53cd\u4eb2\u548c\u6027\u89c4\u5219\u3001\u6570\u636e\u5c40\u90e8\u6027\u7b49\u3002
\u9ed8\u8ba4\u8c03\u5ea6\u5668\u662f Kubernetes \u96c6\u7fa4\u4e2d\u7684\u4e00\u4e2a\u6838\u5fc3\u7ec4\u4ef6\uff0c\u8d1f\u8d23\u51b3\u5b9a\u5c06 Pod \u5206\u914d\u5230\u54ea\u4e2a\u8282\u70b9\u4e0a\u8fd0\u884c\u3002\u8ba9\u6211\u4eec\u6df1\u5165\u4e86\u89e3\u5b83\u7684\u5de5\u4f5c\u539f\u7406\u3001\u7279\u6027\u548c\u914d\u7f6e\u65b9\u6cd5\u3002
"},{"location":"admin/baize/best-practice/add-scheduler.html#_3","title":"\u8c03\u5ea6\u5668\u7684\u5de5\u4f5c\u6d41\u7a0b","text":"\u9ed8\u8ba4\u8c03\u5ea6\u5668\u7684\u5de5\u4f5c\u6d41\u7a0b\u53ef\u4ee5\u5206\u4e3a\u4e24\u4e2a\u4e3b\u8981\u9636\u6bb5\uff1a\u8fc7\u6ee4\uff08Filtering\uff09\u548c\u8bc4\u5206\uff08Scoring\uff09\u3002
"},{"location":"admin/baize/best-practice/add-scheduler.html#_4","title":"\u8fc7\u6ee4\u9636\u6bb5","text":"\u8c03\u5ea6\u5668\u4f1a\u904d\u5386\u6240\u6709\u8282\u70b9\uff0c\u6392\u9664\u4e0d\u6ee1\u8db3 Pod \u8981\u6c42\u7684\u8282\u70b9\uff0c\u8003\u8651\u7684\u56e0\u7d20\u5305\u62ec\uff1a
\u4ee5\u4e0a\u53c2\u6570\uff0c\u6211\u4eec\u53ef\u4ee5\u901a\u8fc7\u521b\u5efa\u4efb\u52a1\u65f6\u7684\u9ad8\u7ea7\u914d\u7f6e\u6765\u8bbe\u7f6e\uff0c\u5982\u4e0b\u56fe\u6240\u793a\uff1a
"},{"location":"admin/baize/best-practice/add-scheduler.html#_5","title":"\u8bc4\u5206\u9636\u6bb5","text":"\u5bf9\u901a\u8fc7\u8fc7\u6ee4\u7684\u8282\u70b9\u8fdb\u884c\u6253\u5206\uff0c\u9009\u62e9\u5f97\u5206\u6700\u9ad8\u7684\u8282\u70b9\u6765\u8fd0\u884c Pod\uff0c\u8003\u8651\u56e0\u7d20\u5305\u62ec\uff1a
\u9664\u4e86\u57fa\u7840\u7684\u4e00\u4e9b\u4efb\u52a1\u8c03\u5ea6\u80fd\u529b\u4e4b\u5916\uff0c\u6211\u4eec\u8fd8\u652f\u6301\u4f7f\u7528 Scheduler Plugins\uff1aKubernetes SIG Scheduling
\u7ef4\u62a4\u7684\u4e00\u7ec4\u8c03\u5ea6\u5668\u63d2\u4ef6\uff0c\u5305\u62ec Coscheduling (Gang Scheduling)
\u7b49\u529f\u80fd\u3002
\u5728\u5de5\u4f5c\u96c6\u7fa4\u4e2d\u90e8\u7f72\u7b2c\u4e8c\u8c03\u5ea6\u5668\u63d2\u4ef6\uff0c\u8bf7\u53c2\u8003\u90e8\u7f72\u7b2c\u4e8c\u8c03\u5ea6\u5668\u63d2\u4ef6\u3002
"},{"location":"admin/baize/best-practice/add-scheduler.html#ai-lab","title":"\u5728 AI Lab \u4e2d\u542f\u7528\u8c03\u5ea6\u5668\u63d2\u4ef6","text":"Danger
\u589e\u52a0\u8c03\u5ea6\u5668\u63d2\u4ef6\u82e5\u64cd\u4f5c\u4e0d\u5f53\uff0c\u53ef\u80fd\u4f1a\u5f71\u54cd\u5230\u6574\u4e2a\u96c6\u7fa4\u7684\u7a33\u5b9a\u6027\uff0c\u5efa\u8bae\u5728\u6d4b\u8bd5\u73af\u5883\u4e2d\u8fdb\u884c\u6d4b\u8bd5\uff1b\u6216\u8005\u8054\u7cfb\u6211\u4eec\u7684\u6280\u672f\u652f\u6301\u56e2\u961f\u3002
\u6ce8\u610f\uff0c\u5982\u679c\u5e0c\u671b\u5728\u8bad\u7ec3\u4efb\u52a1\u4e2d\u4f7f\u7528\u66f4\u591a\u7684\u8c03\u5ea6\u5668\u63d2\u4ef6\uff0c\u9700\u8981\u4e8b\u5148\u624b\u5de5\u5728\u5de5\u4f5c\u96c6\u7fa4\u4e2d\u6210\u529f\u5b89\u88c5\uff0c\u7136\u540e\u5728\u96c6\u7fa4\u4e2d\u90e8\u7f72 baize-agent
\u65f6\uff0c\u589e\u52a0\u5bf9\u5e94\u7684\u8c03\u5ea6\u5668\u63d2\u4ef6\u914d\u7f6e\u3002
\u901a\u8fc7\u5bb9\u5668\u7ba1\u7406\u63d0\u4f9b\u7684\u754c\u9762 Helm \u5e94\u7528 \u7ba1\u7406\u80fd\u529b\uff0c\u53ef\u4ee5\u65b9\u4fbf\u5730\u5728\u96c6\u7fa4\u4e2d\u90e8\u7f72\u8c03\u5ea6\u5668\u63d2\u4ef6\uff0c\u5982\u4e0b\u56fe\u6240\u793a\uff1a
\u7136\u540e\uff0c\u5728\u53f3\u4e0a\u89d2\u70b9\u51fb \u5b89\u88c5 \uff0c\uff08\u82e5\u5df2\u90e8\u7f72\u4e86 baize-agent
\uff0c\u53ef\u4ee5\u5230 Helm \u5e94\u7528\u5217\u8868\u53bb\u66f4\u65b0\uff09\uff0c\u6839\u636e\u5982\u4e0b\u56fe\u6240\u793a\u7684\u914d\u7f6e\uff0c\u589e\u52a0\u8c03\u5ea6\u5668\u3002
\u6ce8\u610f\u8c03\u5ea6\u5668\u7684\u53c2\u6570\u5c42\u7ea7\uff0c\u6dfb\u52a0\u5b8c\u6210\u540e\uff0c\u70b9\u51fb \u786e\u5b9a \u5373\u53ef\u3002
\u6ce8\u610f\u4ee5\u540e\u5728\u66f4\u65b0 baize-agent
\u65f6\uff0c\u4e0d\u8981\u9057\u6f0f\u8fd9\u4e2a\u914d\u7f6e\u3002
\u5f53\u60a8\u5728\u96c6\u7fa4\u4e2d\u6210\u529f\u90e8\u7f72\u4e86\u5bf9\u5e94\u7684\u8c03\u5ea6\u5668\u63d2\u4ef6\uff0c\u5e76\u4e14\u5728 baize-agent
\u4e5f\u6b63\u786e\u589e\u52a0\u4e86\u5bf9\u5e94\u7684\u8c03\u5ea6\u5668\u914d\u7f6e\u540e\uff0c\u53ef\u4ee5\u5728\u521b\u5efa\u4efb\u52a1\u65f6\uff0c\u6307\u5b9a\u8c03\u5ea6\u5668\u3002
\u4e00\u5207\u6b63\u5e38\u7684\u60c5\u51b5\u4e0b\uff0c\u60a8\u53ef\u4ee5\u5728\u8c03\u5ea6\u5668\u4e0b\u62c9\u6846\u4e2d\u770b\u5230\u60a8\u90e8\u7f72\u7684\u8c03\u5ea6\u5668\u63d2\u4ef6\u3002
\u4ee5\u4e0a\uff0c\u5c31\u662f\u6211\u4eec\u5728 AI Lab \u4e2d\uff0c\u4e3a\u4efb\u52a1\u589e\u52a0\u8c03\u5ea6\u5668\u9009\u9879\u7684\u914d\u7f6e\u4f7f\u7528\u8bf4\u660e\u3002
"},{"location":"admin/baize/best-practice/change-notebook-image.html","title":"\u66f4\u65b0 Notebook \u5185\u7f6e\u955c\u50cf","text":"\u5728 Notebook \u4e2d\uff0c\u9ed8\u8ba4\u63d0\u4f9b\u4e86\u591a\u4e2a\u53ef\u7528\u7684\u57fa\u7840\u955c\u50cf\uff0c\u4f9b\u5f00\u53d1\u8005\u9009\u62e9\uff1b\u5927\u90e8\u5206\u60c5\u51b5\u4e0b\uff0c\u8fd9\u4f1a\u6ee1\u8db3\u5f00\u53d1\u8005\u7684\u4f7f\u7528\u3002
\u7b97\u4e30\u63d0\u4f9b\u4e86\u4e00\u4e2a\u9ed8\u8ba4\u7684 Notebook \u955c\u50cf\uff0c\u5305\u542b\u4e86\u6240\u9700\u7684\u4efb\u4f55\u5f00\u53d1\u5de5\u5177\u548c\u8d44\u6599\u3002
baize/baize-notebook\n
\u8fd9\u4e2a Notebook \u91cc\u9762\u5305\u542b\u4e86\u57fa\u7840\u7684\u5f00\u53d1\u5de5\u5177\uff0c\u4ee5 baize-notebook:v0.5.0
\uff082024 \u5e74 5 \u6708 30 \u65e5\uff09\u4e3a\u4f8b\uff0c\u76f8\u5173\u4f9d\u8d56\u53ca\u7248\u672c\u5982\u4e0b\uff1a
\u4f46\u6709\u65f6\u7528\u6237\u53ef\u80fd\u9700\u8981\u81ea\u5b9a\u4e49\u955c\u50cf\uff0c\u672c\u6587\u4ecb\u7ecd\u4e86\u5982\u4f55\u66f4\u65b0\u955c\u50cf\uff0c\u5e76\u589e\u52a0\u5230 Notebook \u521b\u5efa\u754c\u9762\u4e2d\u8fdb\u884c\u9009\u62e9\u3002
"},{"location":"admin/baize/best-practice/change-notebook-image.html#_1","title":"\u6784\u5efa\u81ea\u5b9a\u4e49\u955c\u50cf\uff08\u4ec5\u4f9b\u53c2\u8003\uff09","text":"Note
\u6ce8\u610f\uff0c\u6784\u5efa\u65b0\u955c\u50cf \u9700\u8981\u4ee5 baize-notebook
\u4f5c\u4e3a\u57fa\u7840\u955c\u50cf\uff0c\u4ee5\u4fdd\u8bc1 Notebook \u7684\u6b63\u5e38\u8fd0\u884c\u3002
\u5728\u6784\u5efa\u81ea\u5b9a\u4e49\u955c\u50cf\u65f6\uff0c\u5efa\u8bae\u5148\u4e86\u89e3 baize-notebook \u955c\u50cf\u7684 Dockerfile\uff0c\u4ee5\u4fbf\u66f4\u597d\u5730\u7406\u89e3\u5982\u4f55\u6784\u5efa\u81ea\u5b9a\u4e49\u955c\u50cf\u3002
"},{"location":"admin/baize/best-practice/change-notebook-image.html#baize-noteboook-dockerfile","title":"baize-noteboook \u7684 Dockerfile","text":"ARG BASE_IMG=docker.m.daocloud.io/kubeflownotebookswg/jupyter:v1.8.0\n\nFROM $BASE_IMG\n\nUSER root\n\n# install - useful linux packages\nRUN export DEBIAN_FRONTEND=noninteractive \\\n && apt-get -yq update \\\n && apt-get -yq install --no-install-recommends \\\n openssh-server git git-lfs bash-completion \\\n && apt-get clean \\\n && rm -rf /var/lib/apt/lists/*\n\n# remove default s6 jupyterlab run script\nRUN rm -rf /etc/services.d/jupyterlab\n\n# install - useful jupyter plugins\nRUN mamba install -n base -y jupyterlab-language-pack-zh-cn \\\n && mamba clean --all -y\n\nARG CODESERVER_VERSION=4.89.1\nARG TARGETARCH\n\nRUN curl -fsSL \"https://github.com/coder/code-server/releases/download/v$CODESERVER_VERSION/code-server_${CODESERVER_VERSION}_$TARGETARCH.deb\" -o /tmp/code-server.deb \\\n && dpkg -i /tmp/code-server.deb \\\n && rm -f /tmp/code-server.deb\n\nARG CODESERVER_PYTHON_VERSION=2024.4.1\nARG CODESERVER_JUPYTER_VERSION=2024.3.1\nARG CODESERVER_LANGUAGE_PACK_ZH_CN=1.89.0\nARG CODESERVER_YAML=1.14.0\nARG CODESERVER_DOTENV=1.0.1\nARG CODESERVER_EDITORCONFIG=0.16.6\nARG CODESERVER_TOML=0.19.1\nARG CODESERVER_GITLENS=15.0.4\n\n# configure for code-server extensions\n# # https://github.com/kubeflow/kubeflow/blob/709254159986d2cc99e675d0fad5a128ddeb0917/components/example-notebook-servers/codeserver-python/Dockerfile\n# # and\n# # https://github.com/kubeflow/kubeflow/blob/709254159986d2cc99e675d0fad5a128ddeb0917/components/example-notebook-servers/codeserver/Dockerfile\nRUN code-server --list-extensions --show-versions \\\n && code-server --list-extensions --show-versions \\\n && code-server \\\n --install-extension MS-CEINTL.vscode-language-pack-zh-hans@$CODESERVER_LANGUAGE_PACK_ZH_CN \\\n --install-extension ms-python.python@$CODESERVER_PYTHON_VERSION \\\n --install-extension ms-toolsai.jupyter@$CODESERVER_JUPYTER_VERSION \\\n --install-extension redhat.vscode-yaml@$CODESERVER_YAML \\\n --install-extension mikestead.dotenv@$CODESERVER_DOTENV \\\n --install-extension EditorConfig.EditorConfig@$CODESERVER_EDITORCONFIG \\\n --install-extension tamasfe.even-better-toml@$CODESERVER_TOML \\\n --install-extension eamodio.gitlens@$CODESERVER_GITLENS \\\n --install-extension catppuccin.catppuccin-vsc-pack \\\n --force \\\n && code-server --list-extensions --show-versions\n\n# configure for code-server\nRUN mkdir -p /home/${NB_USER}/.local/share/code-server/User \\\n && chown -R ${NB_USER}:users /home/${NB_USER} \\\n && cat <<EOF > /home/${NB_USER}/.local/share/code-server/User/settings.json\n{\n \"gitlens.showWelcomeOnInstall\": false,\n \"workbench.colorTheme\": \"Catppuccin Mocha\",\n}\nEOF\n\nRUN mkdir -p /tmp_home/${NB_USER}/.local/share \\\n && mv /home/${NB_USER}/.local/share/code-server /tmp_home/${NB_USER}/.local/share\n\n# set ssh configuration\nRUN mkdir -p /run/sshd \\\n && chown -R ${NB_USER}:users /etc/ssh \\\n && chown -R ${NB_USER}:users /run/sshd \\\n && sed -i \"/#\\?Port/s/^.*$/Port 2222/g\" /etc/ssh/sshd_config \\\n && sed -i \"/#\\?PasswordAuthentication/s/^.*$/PasswordAuthentication no/g\" /etc/ssh/sshd_config \\\n && sed -i \"/#\\?PubkeyAuthentication/s/^.*$/PubkeyAuthentication yes/g\" /etc/ssh/sshd_config \\\n && rclone_version=v1.65.0 && \\\n arch=$(uname -m | sed -E 's/x86_64/amd64/g;s/aarch64/arm64/g') && \\\n filename=rclone-${rclone_version}-linux-${arch} && \\\n curl -fsSL https://github.com/rclone/rclone/releases/download/${rclone_version}/${filename}.zip -o ${filename}.zip && \\\n unzip ${filename}.zip && mv ${filename}/rclone /usr/local/bin && rm -rf ${filename} ${filename}.zip\n\n# Init mamba\nRUN mamba init --system\n\n# init baize-base environment for essential python packages\nRUN mamba create -n baize-base -y python \\\n && /opt/conda/envs/baize-base/bin/pip install tensorboard \\\n && mamba clean --all -y \\\n && ln -s /opt/conda/envs/baize-base/bin/tensorboard /usr/local/bin/tensorboard\n\n# prepare baize-runtime-env directory\nRUN mkdir -p /opt/baize-runtime-env \\\n && chown -R ${NB_USER}:users /opt/baize-runtime-env\n\nARG APP\nARG PROD_NAME\nARG TARGETOS\n\nCOPY out/$TARGETOS/$TARGETARCH/data-loader /usr/local/bin/\nCOPY out/$TARGETOS/$TARGETARCH/baizectl /usr/local/bin/\n\nRUN chmod +x /usr/local/bin/baizectl /usr/local/bin/data-loader && \\\n echo \"source /etc/bash_completion\" >> /opt/conda/etc/profile.d/conda.sh && \\\n echo \"source <(baizectl completion bash)\" >> /opt/conda/etc/profile.d/conda.sh && \\\n echo \"source <(kubectl completion bash)\" >> /opt/conda/etc/profile.d/conda.sh && \\\n echo '[ -f /run/baize-env ] && export $(cat /run/baize-env | xargs)' >> /opt/conda/etc/profile.d/conda.sh && \\\n echo 'alias conda=\"mamba\"' >> /opt/conda/etc/profile.d/conda.sh\n\nUSER ${NB_UID}\n
"},{"location":"admin/baize/best-practice/change-notebook-image.html#_2","title":"\u6784\u5efa\u4f60\u7684\u955c\u50cf","text":"ARG BASE_IMG=release.daocloud.io/baize/baize-notebook:v0.5.0\n\nFROM $BASE_IMG\nUSER root\n\n# Do Customization\nRUN mamba install -n baize-base -y pytorch torchvision torchaudio cpuonly -c pytorch \\\n && mamba install -n baize-base -y tensorflow \\\n && mamba clean --all -y\n\nUSER ${NB_UID}\n
"},{"location":"admin/baize/best-practice/change-notebook-image.html#notebook-helm","title":"\u589e\u52a0\u5230 Notebook \u955c\u50cf\u5217\u8868\uff08Helm\uff09","text":"Warning
\u6ce8\u610f\uff0c\u5fc5\u987b\u7531\u5e73\u53f0\u7ba1\u7406\u5458\u64cd\u4f5c\uff0c\u8c28\u614e\u53d8\u66f4\u3002
\u76ee\u524d\uff0c\u955c\u50cf\u9009\u62e9\u5668\u9700\u8981\u901a\u8fc7\u66f4\u65b0 baize
\u7684 Helm
\u53c2\u6570\u6765\u4fee\u6539\uff0c\u5177\u4f53\u6b65\u9aa4\u5982\u4e0b\uff1a
\u5728 kpanda-global-cluster \u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u7684 Helm \u5e94\u7528
\u5217\u8868\uff0c\u627e\u5230 baize\uff0c\u8fdb\u5165\u66f4\u65b0\u9875\u9762\uff0c\u5728 YAML
\u53c2\u6570\u4e2d\u4fee\u6539 Notebook \u955c\u50cf\uff1a
\u6ce8\u610f\u53c2\u6570\u4fee\u6539\u7684\u8def\u5f84\u5982\u4e0b global.config.notebook_images
\uff1a
...\nglobal:\n ...\n config:\n notebook_images:\n ...\n names: release.daocloud.io/baize/baize-notebook:v0.5.0\n # \u5728\u8fd9\u91cc\u589e\u52a0\u4f60\u7684\u955c\u50cf\u4fe1\u606f\n
\u66f4\u65b0\u5b8c\u6210\u4e4b\u540e\uff0c\u5f85 Helm \u5e94\u7528\u91cd\u542f\u6210\u529f\u4e4b\u540e\uff0c\u53ef\u4ee5\u5728 Notebook \u521b\u5efa\u754c\u9762\u4e2d\u7684\u9009\u62e9\u955c\u50cf\u770b\u5230\u65b0\u7684\u955c\u50cf\u3002
"},{"location":"admin/baize/best-practice/checkpoint.html","title":"Checkpoint \u673a\u5236\u53ca\u4f7f\u7528\u4ecb\u7ecd","text":"\u5728\u6df1\u5ea6\u5b66\u4e60\u7684\u5b9e\u9645\u573a\u666f\u4e2d\uff0c\u6a21\u578b\u8bad\u7ec3\u4e00\u822c\u90fd\u4f1a\u6301\u7eed\u4e00\u6bb5\u65f6\u95f4\uff0c\u8fd9\u5bf9\u5206\u5e03\u5f0f\u8bad\u7ec3\u4efb\u52a1\u7684\u7a33\u5b9a\u6027\u548c\u6548\u7387\u63d0\u51fa\u4e86\u66f4\u9ad8\u7684\u8981\u6c42\u3002 \u800c\u4e14\uff0c\u5728\u5b9e\u9645\u8bad\u7ec3\u7684\u8fc7\u7a0b\u4e2d\uff0c\u5f02\u5e38\u4e2d\u65ad\u4f1a\u5bfc\u81f4\u8bad\u7ec3\u8fc7\u7a0b\u4e2d\u7684\u6a21\u578b\u72b6\u6001\u4e22\u5931\uff0c\u9700\u8981\u91cd\u65b0\u5f00\u59cb\u8bad\u7ec3\uff0c \u8fd9\u4e0d\u4ec5\u6d6a\u8d39\u4e86\u65f6\u95f4\u548c\u8d44\u6e90\uff0c\u8fd9\u5728 LLM \u8bad\u7ec3\u4e2d\u5c24\u4e3a\u660e\u663e\uff0c\u800c\u4e14\u4e5f\u4f1a\u5f71\u54cd\u6a21\u578b\u7684\u8bad\u7ec3\u6548\u679c\u3002
\u80fd\u591f\u5728\u8bad\u7ec3\u8fc7\u7a0b\u4e2d\u4fdd\u5b58\u6a21\u578b\u7684\u72b6\u6001\uff0c\u4ee5\u4fbf\u5728\u8bad\u7ec3\u8fc7\u7a0b\u4e2d\u51fa\u73b0\u5f02\u5e38\u65f6\u80fd\u591f\u6062\u590d\u6a21\u578b\u72b6\u6001\uff0c\u53d8\u5f97\u81f3\u5173\u91cd\u8981\u3002 Checkpoint \u5c31\u662f\u76ee\u524d\u4e3b\u6d41\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u672c\u6587\u5c06\u4ecb\u7ecd Checkpoint \u673a\u5236\u7684\u57fa\u672c\u6982\u5ff5\u548c\u5728 PyTorch \u548c TensorFlow \u4e2d\u7684\u4f7f\u7528\u65b9\u6cd5\u3002
"},{"location":"admin/baize/best-practice/checkpoint.html#checkpoint_1","title":"\u4ec0\u4e48\u662f Checkpoint\uff1f","text":"Checkpoint \u662f\u5728\u6a21\u578b\u8bad\u7ec3\u8fc7\u7a0b\u4e2d\u4fdd\u5b58\u6a21\u578b\u72b6\u6001\u7684\u673a\u5236\u3002\u901a\u8fc7\u5b9a\u671f\u4fdd\u5b58 Checkpoint\uff0c\u53ef\u4ee5\u5728\u4ee5\u4e0b\u60c5\u51b5\u4e0b\u6062\u590d\u6a21\u578b\uff1a
\u5728 PyTorch \u4e2d\uff0ctorch.save
\u548c torch.load
\u662f\u7528\u4e8e\u4fdd\u5b58\u548c\u52a0\u8f7d\u6a21\u578b\u7684\u57fa\u672c\u51fd\u6570\u3002
\u5728 PyTorch \u4e2d\uff0c\u901a\u5e38\u4f7f\u7528 state_dict
\u4fdd\u5b58\u6a21\u578b\u7684\u53c2\u6570\u3002\u4ee5\u4e0b\u662f\u4e00\u4e2a\u7b80\u5355\u7684\u793a\u4f8b\uff1a
import torch\nimport torch.nn as nn\n\n# \u5047\u8bbe\u6211\u4eec\u6709\u4e00\u4e2a\u7b80\u5355\u7684\u795e\u7ecf\u7f51\u7edc\nclass SimpleModel(nn.Module):\n def __init__(self):\n super(SimpleModel, self).__init__()\n self.fc = nn.Linear(10, 2)\n\n def forward(self, x):\n return self.fc(x)\n\n# \u521d\u59cb\u5316\u6a21\u578b\u548c\u4f18\u5316\u5668\nmodel = SimpleModel()\noptimizer = torch.optim.Adam(model.parameters(), lr=0.001)\n\n# \u8bad\u7ec3\u6a21\u578b...\n# \u4fdd\u5b58 Checkpoint\ncheckpoint_path = 'model_checkpoint.pth'\ntorch.save({\n 'epoch': 10,\n 'model_state_dict': model.state_dict(),\n 'optimizer_state_dict': optimizer.state_dict(),\n 'loss': 0.02,\n}, checkpoint_path)\n
"},{"location":"admin/baize/best-practice/checkpoint.html#pytorch-checkpoint_1","title":"PyTorch \u6062\u590d Checkpoint","text":"\u52a0\u8f7d\u6a21\u578b\u65f6\uff0c\u9700\u8981\u6062\u590d\u6a21\u578b\u53c2\u6570\u548c\u4f18\u5316\u5668\u72b6\u6001\uff0c\u5e76\u7ee7\u7eed\u8bad\u7ec3\u6216\u63a8\u7406\uff1a
# \u6062\u590d Checkpoint\ncheckpoint = torch.load('model_checkpoint.pth')\nmodel.load_state_dict(checkpoint['model_state_dict'])\noptimizer.load_state_dict(checkpoint['optimizer_state_dict'])\nepoch = checkpoint['epoch']\nloss = checkpoint['loss']\n\n# \u7ee7\u7eed\u8bad\u7ec3\u6216\u63a8\u7406...\n
model_state_dict
: \u6a21\u578b\u53c2\u6570optimizer_state_dict
: \u4f18\u5316\u5668\u72b6\u6001epoch
: \u5f53\u524d\u8bad\u7ec3\u8f6e\u6570loss
: \u635f\u5931\u503clearning_rate
: \u5b66\u4e60\u7387best_accuracy
: \u6700\u4f73\u51c6\u786e\u7387TensorFlow \u63d0\u4f9b\u4e86 tf.train.Checkpoint
\u7c7b\u6765\u7ba1\u7406\u6a21\u578b\u548c\u4f18\u5316\u5668\u7684\u4fdd\u5b58\u548c\u6062\u590d\u3002
\u4ee5\u4e0b\u662f\u4e00\u4e2a\u5728 TensorFlow \u4e2d\u4fdd\u5b58 Checkpoint \u7684\u793a\u4f8b\uff1a
import tensorflow as tf\n\n# \u5047\u8bbe\u6211\u4eec\u6709\u4e00\u4e2a\u7b80\u5355\u7684\u6a21\u578b\nmodel = tf.keras.Sequential([\n tf.keras.layers.Dense(2, input_shape=(10,))\n])\noptimizer = tf.keras.optimizers.Adam(learning_rate=0.001)\n\n# \u5b9a\u4e49 Checkpoint\ncheckpoint = tf.train.Checkpoint(optimizer=optimizer, model=model)\ncheckpoint_dir = './checkpoints'\ncheckpoint_prefix = f'{checkpoint_dir}/ckpt'\n\n# \u8bad\u7ec3\u6a21\u578b...\n# \u4fdd\u5b58 Checkpoint\ncheckpoint.save(file_prefix=checkpoint_prefix)\n
Note
\u4f7f\u7528 AI Lab \u7684\u7528\u6237\uff0c\u53ef\u4ee5\u76f4\u63a5\u5c06\u9ad8\u6027\u80fd\u5b58\u50a8\u6302\u8f7d\u4e3a Checkpoint \u76ee\u5f55\uff0c\u4ee5\u63d0\u9ad8 Checkpoint \u4fdd\u5b58\u548c\u6062\u590d\u7684\u901f\u5ea6\u3002
"},{"location":"admin/baize/best-practice/checkpoint.html#tensorflow-checkpoint_1","title":"TensorFlow \u6062\u590d Checkpoint","text":"\u52a0\u8f7d Checkpoint \u5e76\u6062\u590d\u6a21\u578b\u548c\u4f18\u5316\u5668\u72b6\u6001\uff1a
# \u6062\u590d Checkpoint\nlatest_checkpoint = tf.train.latest_checkpoint(checkpoint_dir)\ncheckpoint.restore(latest_checkpoint)\n\n# \u7ee7\u7eed\u8bad\u7ec3\u6216\u63a8\u7406...\n
"},{"location":"admin/baize/best-practice/checkpoint.html#tensorflow-checkpoint_2","title":"TensorFlow \u5728\u5206\u5e03\u5f0f\u8bad\u7ec3\u7684 Checkpoint \u7ba1\u7406","text":"TensorFlow \u5728\u5206\u5e03\u5f0f\u8bad\u7ec3\u4e2d\u7ba1\u7406 Checkpoint \u7684\u4e3b\u8981\u65b9\u6cd5\u5982\u4e0b\uff1a
\u4f7f\u7528 tf.train.Checkpoint
\u548c tf.train.CheckpointManager
checkpoint = tf.train.Checkpoint(model=model, optimizer=optimizer)\nmanager = tf.train.CheckpointManager(checkpoint, directory='/tmp/model', max_to_keep=3)\n
\u5728\u5206\u5e03\u5f0f\u7b56\u7565\u4e2d\u4fdd\u5b58 Checkpoint
strategy = tf.distribute.MirroredStrategy()\nwith strategy.scope():\n checkpoint = tf.train.Checkpoint(model=model, optimizer=optimizer)\n manager = tf.train.CheckpointManager(checkpoint, directory='/tmp/model', max_to_keep=3)\n
\u53ea\u5728\u4e3b\u8282\u70b9 (chief worker) \u4fdd\u5b58 Checkpoint
if strategy.cluster_resolver.task_type == 'chief':\n manager.save()\n
\u4f7f\u7528 MultiWorkerMirroredStrategy \u65f6\u7684\u7279\u6b8a\u5904\u7406
strategy = tf.distribute.MultiWorkerMirroredStrategy()\nwith strategy.scope():\n # \u6a21\u578b\u5b9a\u4e49\n ...\n checkpoint = tf.train.Checkpoint(model=model, optimizer=optimizer)\n manager = tf.train.CheckpointManager(checkpoint, '/tmp/model', max_to_keep=3)\n\ndef _chief_worker(task_type, task_id):\n return task_type is None or task_type == 'chief' or (task_type == 'worker' and task_id == 0)\n\nif _chief_worker(strategy.cluster_resolver.task_type, strategy.cluster_resolver.task_id):\n manager.save()\n
\u4f7f\u7528\u5206\u5e03\u5f0f\u6587\u4ef6\u7cfb\u7edf
\u786e\u4fdd\u6240\u6709\u5de5\u4f5c\u8282\u70b9\u90fd\u80fd\u8bbf\u95ee\u5230\u540c\u4e00\u4e2a Checkpoint \u76ee\u5f55\uff0c\u901a\u5e38\u4f7f\u7528\u5206\u5e03\u5f0f\u6587\u4ef6\u7cfb\u7edf\u5982 HDFS \u6216 GCS\u3002
\u5f02\u6b65\u4fdd\u5b58
\u4f7f\u7528 tf.keras.callbacks.ModelCheckpoint
\u5e76\u8bbe\u7f6e save_freq
\u53c2\u6570\u53ef\u4ee5\u5728\u8bad\u7ec3\u8fc7\u7a0b\u4e2d\u5f02\u6b65\u4fdd\u5b58 Checkpoint\u3002
Checkpoint \u6062\u590d
status = checkpoint.restore(manager.latest_checkpoint)\nstatus.assert_consumed() # (1)!\n
\u6027\u80fd\u4f18\u5316
tf.train.experimental.enable_mixed_precision_graph_rewrite()
\u542f\u7528\u6df7\u5408\u7cbe\u5ea6\u8bad\u7ec3tf.saved_model.save()
\u4fdd\u5b58\u6574\u4e2a\u6a21\u578b\uff0c\u800c\u4e0d\u4ec5\u4ec5\u662f\u6743\u91cd\u5b9a\u671f\u4fdd\u5b58\uff1a\u6839\u636e\u8bad\u7ec3\u65f6\u95f4\u548c\u8d44\u6e90\u6d88\u8017\uff0c\u51b3\u5b9a\u5408\u9002\u7684\u4fdd\u5b58\u9891\u7387\u3002\u5982\u6bcf\u4e2a epoch \u6216\u6bcf\u9694\u4e00\u5b9a\u7684\u8bad\u7ec3\u6b65\u6570\u3002
\u4fdd\u5b58\u591a\u4e2a Checkpoint\uff1a\u4fdd\u7559\u6700\u65b0\u7684\u51e0\u4e2a Checkpoint \u4ee5\u9632\u6b62\u6587\u4ef6\u635f\u574f\u6216\u4e0d\u9002\u7528\u7684\u60c5\u51b5\u3002
\u8bb0\u5f55\u5143\u6570\u636e\uff1a\u5728 Checkpoint \u4e2d\u4fdd\u5b58\u989d\u5916\u7684\u4fe1\u606f\uff0c\u5982 epoch \u6570\u3001\u635f\u5931\u503c\u7b49\uff0c\u4ee5\u4fbf\u66f4\u597d\u5730\u6062\u590d\u8bad\u7ec3\u72b6\u6001\u3002
\u4f7f\u7528\u7248\u672c\u63a7\u5236\uff1a\u4fdd\u5b58\u4e0d\u540c\u5b9e\u9a8c\u7684 Checkpoint\uff0c\u4fbf\u4e8e\u5bf9\u6bd4\u548c\u590d\u7528\u3002
\u9a8c\u8bc1\u548c\u6d4b\u8bd5\uff1a\u5728\u8bad\u7ec3\u7684\u4e0d\u540c\u9636\u6bb5\u4f7f\u7528 Checkpoint \u8fdb\u884c\u9a8c\u8bc1\u548c\u6d4b\u8bd5\uff0c\u786e\u4fdd\u6a21\u578b\u6027\u80fd\u548c\u7a33\u5b9a\u6027\u3002
Checkpoint \u673a\u5236\u5728\u6df1\u5ea6\u5b66\u4e60\u8bad\u7ec3\u4e2d\u8d77\u5230\u4e86\u5173\u952e\u4f5c\u7528\u3002\u901a\u8fc7\u5408\u7406\u4f7f\u7528 PyTorch \u548c TensorFlow \u4e2d\u7684 Checkpoint \u529f\u80fd\uff0c \u53ef\u4ee5\u6709\u6548\u63d0\u9ad8\u8bad\u7ec3\u7684\u53ef\u9760\u6027\u548c\u6548\u7387\u3002\u5e0c\u671b\u672c\u6587\u6240\u8ff0\u7684\u65b9\u6cd5\u548c\u6700\u4f73\u5b9e\u8df5\u80fd\u5e2e\u52a9\u4f60\u66f4\u597d\u5730\u7ba1\u7406\u6df1\u5ea6\u5b66\u4e60\u6a21\u578b\u7684\u8bad\u7ec3\u8fc7\u7a0b\u3002
"},{"location":"admin/baize/best-practice/deploy-nfs-in-worker.html","title":"\u90e8\u7f72 NFS \u505a\u6570\u636e\u96c6\u9884\u70ed","text":"\u7f51\u7edc\u6587\u4ef6\u7cfb\u7edf (NFS) \u5141\u8bb8\u8fdc\u7a0b\u4e3b\u673a\u901a\u8fc7\u7f51\u7edc\u6302\u8f7d\u6587\u4ef6\uff0c\u5e76\u50cf\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u4e00\u6837\u8fdb\u884c\u4ea4\u4e92\u3002 \u8fd9\u4f7f\u7cfb\u7edf\u7ba1\u7406\u5458\u80fd\u591f\u5c06\u8d44\u6e90\u96c6\u4e2d\u5230\u7f51\u7edc\u670d\u52a1\u5668\u4e0a\u8fdb\u884c\u7ba1\u7406\u3002
\u6570\u636e\u96c6 \u662f AI Lab \u4e2d\u7684\u6838\u5fc3\u6570\u636e\u7ba1\u7406\u529f\u80fd\uff0c\u5c06 MLOps \u751f\u547d\u5468\u671f\u4e2d\u5bf9\u4e8e\u6570\u636e\u7684\u4f9d\u8d56\u7edf\u4e00\u62bd\u8c61\u4e3a\u6570\u636e\u96c6\uff1b \u652f\u6301\u7528\u6237\u5c06\u5404\u7c7b\u6570\u636e\u7eb3\u7ba1\u5230\u6570\u636e\u96c6\u5185\uff0c\u4ee5\u4fbf\u8bad\u7ec3\u4efb\u52a1\u53ef\u4ee5\u76f4\u63a5\u4f7f\u7528\u6570\u636e\u96c6\u4e2d\u7684\u6570\u636e\u3002
\u5f53\u8fdc\u7aef\u6570\u636e\u4e0d\u5728\u5de5\u4f5c\u96c6\u7fa4\u5185\u65f6\uff0c\u6570\u636e\u96c6\u63d0\u4f9b\u4e86\u81ea\u52a8\u8fdb\u884c\u9884\u70ed\u7684\u80fd\u529b\uff0c\u652f\u6301 Git
\u3001S3
\u3001HTTP
\u7b49\u6570\u636e\u63d0\u524d\u9884\u70ed\u5230\u96c6\u7fa4\u672c\u5730\u3002
\u6570\u636e\u96c6\u9700\u8981\u4e00\u4e2a\u652f\u6301 ReadWriteMany
\u6a21\u5f0f\u7684\u5b58\u50a8\u670d\u52a1\u5bf9\u8fdc\u7aef\u6570\u636e\u8fdb\u884c\u9884\u70ed\uff0c\u63a8\u8350\u5728\u96c6\u7fa4\u5185\u90e8\u7f72 NFS\u3002
\u672c\u6587\u4e3b\u8981\u4ecb\u7ecd\u4e86\u5982\u4f55\u5feb\u901f\u90e8\u7f72\u4e00\u4e2a NFS \u670d\u52a1\uff0c\u5e76\u5c06\u5176\u6dfb\u52a0\u4e3a\u96c6\u7fa4\u7684\u5b58\u50a8\u7c7b
\u3002
Helm
\u4e0e Kubectl
\uff0c\u8bf7\u786e\u4fdd\u5df2\u7ecf\u5b89\u88c5\u597d\u3002\u4e00\u5171\u9700\u8981\u5b89\u88c5\u51e0\u4e2a\u7ec4\u4ef6\uff1a
\u6240\u6709\u7cfb\u7edf\u7ec4\u4ef6\u4f1a\u5b89\u88c5\u5230 nfs
\u547d\u540d\u7a7a\u95f4\u5185\uff0c\u56e0\u6b64\u9700\u8981\u5148\u521b\u5efa\u6b64\u547d\u540d\u7a7a\u95f4\u3002
kubectl create namespace nfs\n
"},{"location":"admin/baize/best-practice/deploy-nfs-in-worker.html#nfs-server","title":"\u5b89\u88c5 NFS Server","text":"\u8fd9\u91cc\u662f\u4e00\u4e2a\u7b80\u5355\u7684 YAML \u90e8\u7f72\u6587\u4ef6\uff0c\u53ef\u4ee5\u76f4\u63a5\u4f7f\u7528\u3002
Note
\u6ce8\u610f\u68c0\u67e5 image:
\uff0c\u6839\u636e\u96c6\u7fa4\u6240\u5728\u4f4d\u7f6e\u60c5\u51b5\uff0c\u53ef\u80fd\u9700\u8981\u4fee\u6539\u4e3a\u56fd\u5185\u955c\u50cf\u3002
kind: Service\napiVersion: v1\nmetadata:\n name: nfs-server\n namespace: nfs\n labels:\n app: nfs-server\nspec:\n type: ClusterIP\n selector:\n app: nfs-server\n ports:\n - name: tcp-2049\n port: 2049\n protocol: TCP\n - name: udp-111\n port: 111\n protocol: UDP\n---\nkind: Deployment\napiVersion: apps/v1\nmetadata:\n name: nfs-server\n namespace: nfs\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: nfs-server\n template:\n metadata:\n name: nfs-server\n labels:\n app: nfs-server\n spec:\n nodeSelector:\n \"kubernetes.io/os\": linux\n containers:\n - name: nfs-server\n image: itsthenetwork/nfs-server-alpine:latest\n env:\n - name: SHARED_DIRECTORY\n value: \"/exports\"\n volumeMounts:\n - mountPath: /exports\n name: nfs-vol\n securityContext:\n privileged: true\n ports:\n - name: tcp-2049\n containerPort: 2049\n protocol: TCP\n - name: udp-111\n containerPort: 111\n protocol: UDP\n volumes:\n - name: nfs-vol\n hostPath:\n path: /nfsdata # (1)!\n type: DirectoryOrCreate\n
\u5c06\u4e0a\u8ff0 YAML
\u4fdd\u5b58\u4e3a nfs-server.yaml
\uff0c\u7136\u540e\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u8fdb\u884c\u90e8\u7f72\uff1a
kubectl -n nfs apply -f nfs-server.yaml\n\n# \u68c0\u67e5\u90e8\u7f72\u7ed3\u679c\nkubectl -n nfs get pod,svc\n
"},{"location":"admin/baize/best-practice/deploy-nfs-in-worker.html#csi-driver-nfs","title":"\u5b89\u88c5 csi-driver-nfs","text":"\u5b89\u88c5 csi-driver-nfs
\u9700\u8981\u4f7f\u7528 Helm
\uff0c\u8bf7\u6ce8\u610f\u63d0\u524d\u5b89\u88c5\u3002
# \u6dfb\u52a0 Helm \u4ed3\u5e93\nhelm repo add csi-driver-nfs https://mirror.ghproxy.com/https://raw.githubusercontent.com/kubernetes-csi/csi-driver-nfs/master/charts\nhelm repo update csi-driver-nfs\n\n# \u90e8\u7f72 csi-driver-nfs\n# \u8fd9\u91cc\u53c2\u6570\u4e3b\u8981\u4f18\u5316\u4e86\u955c\u50cf\u5730\u5740\uff0c\u52a0\u901f\u56fd\u5185\u4e0b\u8f7d\nhelm upgrade --install csi-driver-nfs csi-driver-nfs/csi-driver-nfs \\\n --set image.nfs.repository=k8s.m.daocloud.io/sig-storage/nfsplugin \\\n --set image.csiProvisioner.repository=k8s.m.daocloud.io/sig-storage/csi-provisioner \\\n --set image.livenessProbe.repository=k8s.m.daocloud.io/sig-storage/livenessprobe \\\n --set image.nodeDriverRegistrar.repository=k8s.m.daocloud.io/sig-storage/csi-node-driver-registrar \\\n --namespace nfs \\\n --version v4.5.0\n
Warning
csi-nfs-controller
\u7684\u955c\u50cf\u5e76\u672a\u5168\u90e8\u652f\u6301 helm
\u53c2\u6570\uff0c\u9700\u8981\u624b\u5de5\u4fee\u6539 deployment
\u7684 image
\u5b57\u6bb5\u3002 \u5c06 image: registry.k8s.io
\u6539\u4e3a image: k8s.dockerproxy.com
\u4ee5\u52a0\u901f\u56fd\u5185\u4e0b\u8f7d\u3002
\u5c06\u4ee5\u4e0b YAML
\u4fdd\u5b58\u4e3a nfs-sc.yaml
\uff1a
apiVersion: storage.k8s.io/v1\nkind: StorageClass\nmetadata:\n name: nfs-csi\nprovisioner: nfs.csi.k8s.io\nparameters:\n server: nfs-server.nfs.svc.cluster.local\n share: /\n # csi.storage.k8s.io/provisioner-secret is only needed for providing mountOptions in DeleteVolume\n # csi.storage.k8s.io/provisioner-secret-name: \"mount-options\"\n # csi.storage.k8s.io/provisioner-secret-namespace: \"default\"\nreclaimPolicy: Retain\nvolumeBindingMode: Immediate\nmountOptions:\n - nfsvers=4.1\n
\u7136\u540e\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u8fdb\u884c\u90e8\u7f72\uff1a
kubectl apply -f nfs-sc.yaml\n
"},{"location":"admin/baize/best-practice/deploy-nfs-in-worker.html#_4","title":"\u6d4b\u8bd5","text":"\u521b\u5efa\u6570\u636e\u96c6\uff0c\u5e76\u5c06\u6570\u636e\u96c6\u7684 \u5173\u8054\u5b58\u50a8\u7c7b \uff0c\u9884\u70ed\u65b9\u5f0f
\u8bbe\u7f6e\u4e3a NFS
\uff0c\u5373\u53ef\u5c06\u8fdc\u7aef\u6570\u636e\u9884\u70ed\u5230\u96c6\u7fa4\u5185\u3002
\u6570\u636e\u96c6\u521b\u5efa\u6210\u529f\u540e\uff0c\u53ef\u4ee5\u770b\u5230\u6570\u636e\u96c6\u7684\u72b6\u6001\u4e3a \u9884\u70ed\u4e2d
\uff0c\u7b49\u5f85\u9884\u70ed\u5b8c\u6210\u540e\u5373\u53ef\u4f7f\u7528\u3002
/sbin/mount
","text":"bad option; for several filesystems (e.g. nfs, cifs) you might need a /sbin/mount.<type> helper program.\n
\u5728\u8fd0\u884c Kubernetes \u7684\u8282\u70b9\u673a\u5668\u4e0a\uff0c\u786e\u4fdd\u5df2\u5b89\u88c5 NFS \u5ba2\u6237\u7aef\uff1a
Ubuntu/DebianCentOS/RHEL\u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\u5b89\u88c5 NFS \u5ba2\u6237\u7aef\uff1a
sudo apt-get update\nsudo apt-get install nfs-common\n
\u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\u5b89\u88c5 NFS \u5ba2\u6237\u7aef\uff1a
sudo yum install nfs-utils\n
\u68c0\u67e5 NFS \u670d\u52a1\u5668\u914d\u7f6e\uff0c\u786e\u4fdd NFS \u670d\u52a1\u5668\u6b63\u5728\u8fd0\u884c\u4e14\u914d\u7f6e\u6b63\u786e\u3002\u4f60\u53ef\u4ee5\u5c1d\u8bd5\u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\u624b\u52a8\u6302\u8f7d\u6765\u6d4b\u8bd5\uff1a
sudo mkdir -p /mnt/test\nsudo mount -t nfs <nfs-server>:/nfsdata /mnt/test\n
"},{"location":"admin/baize/best-practice/finetunel-llm.html","title":"\u4f7f\u7528 AI Lab \u5fae\u8c03 ChatGLM3 \u6a21\u578b","text":"\u672c\u6587\u4ee5 ChatGLM3
\u6a21\u578b\u4e3a\u4f8b\uff0c\u6f14\u793a\u5982\u4f55\u5728 AI Lab \u4e2d\u4f7f\u7528 LoRA\uff08Low-Rank Adaptation\uff0c\u4f4e\u79e9\u81ea\u9002\u5e94\uff09\u5fae\u8c03 ChatGLM3 \u6a21\u578b\u3002 Demo \u7a0b\u5e8f\u6765\u81ea ChatGLM3 \u5b98\u65b9\u6848\u4f8b\u3002
\u5fae\u8c03\u7684\u5927\u81f4\u6d41\u7a0b\u4e3a\uff1a
"},{"location":"admin/baize/best-practice/finetunel-llm.html#_1","title":"\u73af\u5883\u4f9d\u8d56","text":"Info
\u5728\u5f00\u59cb\u4f53\u9a8c\u4e4b\u524d\uff0c\u8bf7\u68c0\u67e5 AI \u7b97\u529b\u5e73\u53f0\u4ee5\u53ca AI Lab \u90e8\u7f72\u6b63\u786e\uff0cGPU \u961f\u5217\u8d44\u6e90\u521d\u59cb\u5316\u6210\u529f\uff0c\u4e14\u7b97\u529b\u8d44\u6e90\u5145\u8db3\u3002
"},{"location":"admin/baize/best-practice/finetunel-llm.html#_2","title":"\u6570\u636e\u51c6\u5907","text":"\u5229\u7528 AI Lab \u63d0\u4f9b\u7684\u6570\u636e\u96c6\u7ba1\u7406\u529f\u80fd\uff0c\u5feb\u901f\u5c06\u5fae\u8c03\u5927\u6a21\u578b\u6240\u9700\u7684\u6570\u636e\u8fdb\u884c\u9884\u70ed\u53ca\u6301\u4e45\u5316\uff0c\u51cf\u5c11\u56e0\u4e3a\u51c6\u5907\u6570\u636e\u5bfc\u81f4\u7684 GPU \u8d44\u6e90\u5360\u7528\uff0c\u63d0\u9ad8\u8d44\u6e90\u5229\u7528\u6548\u7387\u3002
\u5728\u6570\u636e\u96c6\u5217\u8868\u9875\u9762\uff0c\u521b\u5efa\u9700\u8981\u7684\u6570\u636e\u8d44\u6e90\uff0c\u8fd9\u4e9b\u8d44\u6e90\u5305\u542b\u4e86 ChatGLM3 \u4ee3\u7801\uff0c\u4e5f\u53ef\u4ee5\u662f\u6570\u636e\u6587\u4ef6\uff0c\u6240\u6709\u8fd9\u4e9b\u6570\u636e\u90fd\u53ef\u4ee5\u901a\u8fc7\u6570\u636e\u96c6\u5217\u8868\u6765\u7edf\u4e00\u7ba1\u7406\u3002
"},{"location":"admin/baize/best-practice/finetunel-llm.html#_3","title":"\u4ee3\u7801\u53ca\u6a21\u578b\u6587\u4ef6","text":"ChatGLM3 \u662f\u667a\u8c31 AI \u548c\u6e05\u534e\u5927\u5b66 KEG \u5b9e\u9a8c\u5ba4\u8054\u5408\u53d1\u5e03\u7684\u5bf9\u8bdd\u9884\u8bad\u7ec3\u6a21\u578b\u3002
\u5148\u62c9\u53d6 ChatGLM3 \u4ee3\u7801\u4ed3\u5e93\uff0c\u4e0b\u8f7d\u9884\u8bad\u7ec3\u6a21\u578b\uff0c\u7528\u4e8e\u540e\u7eed\u7684\u5fae\u8c03\u4efb\u52a1\u3002
AI Lab \u4f1a\u5728\u540e\u53f0\u8fdb\u884c\u5168\u81ea\u52a8\u6570\u636e\u9884\u70ed\uff0c\u4ee5\u4fbf\u540e\u7eed\u7684\u4efb\u52a1\u80fd\u591f\u5feb\u901f\u8bbf\u95ee\u6570\u636e\u3002
"},{"location":"admin/baize/best-practice/finetunel-llm.html#advertisegen","title":"AdvertiseGen \u6570\u636e\u96c6","text":"\u56fd\u5185\u6570\u636e\u53ef\u4ee5\u4ece Tsinghua Cloud \u76f4\u63a5\u83b7\u53d6\uff0c\u8fd9\u91cc\u4f7f\u7528 HTTP
\u7684\u6570\u636e\u6e90\u65b9\u5f0f\u3002
\u6ce8\u610f\u521b\u5efa\u5b8c\u6210\u540e\uff0c\u9700\u8981\u7b49\u5f85\u6570\u636e\u96c6\u9884\u70ed\u5b8c\u6210\uff0c\u4e00\u822c\u5f88\u5feb\uff0c\u6839\u636e\u60a8\u7684\u7f51\u7edc\u60c5\u51b5\u800c\u5b9a\u3002
"},{"location":"admin/baize/best-practice/finetunel-llm.html#_4","title":"\u5fae\u8c03\u8f93\u51fa\u6570\u636e","text":"\u540c\u65f6\uff0c\u60a8\u9700\u8981\u51c6\u5907\u4e00\u4e2a\u7a7a\u7684\u6570\u636e\u96c6\uff0c\u7528\u4e8e\u5b58\u653e\u5fae\u8c03\u4efb\u52a1\u5b8c\u6210\u540e\u8f93\u51fa\u7684\u6a21\u578b\u6587\u4ef6\uff0c\u8fd9\u91cc\u521b\u5efa\u4e00\u4e2a\u7a7a\u7684\u6570\u636e\u96c6\uff0c\u4ee5 PVC
\u4e3a\u4f8b\u3002
Warning
\u6ce8\u610f\u9700\u8981\u4f7f\u7528\u652f\u6301 ReadWriteMany
\u7684\u5b58\u50a8\u7c7b\u578b\uff0c\u4ee5\u4fbf\u540e\u7eed\u7684\u4efb\u52a1\u80fd\u591f\u5feb\u901f\u8bbf\u95ee\u6570\u636e\u3002
\u5bf9\u4e8e\u6a21\u578b\u5f00\u53d1\u8005\u6765\u8bf4\uff0c\u51c6\u5907\u6a21\u578b\u5f00\u53d1\u9700\u8981\u7684 Python \u73af\u5883\u4f9d\u8d56\u662f\u975e\u5e38\u91cd\u8981\u7684\uff0c\u4f20\u7edf\u505a\u6cd5\u5c06\u73af\u5883\u4f9d\u8d56\u76f4\u63a5\u6253\u5305\u5230\u5f00\u53d1\u5de5\u5177\u7684\u955c\u50cf\u4e2d\uff0c \u6216\u8005\u76f4\u63a5\u5728\u672c\u5730\u73af\u5883\u4e2d\u5b89\u88c5\uff0c\u4f46\u662f\u8fd9\u6837\u505a\u4f1a\u5bfc\u81f4\u73af\u5883\u4f9d\u8d56\u7684\u4e0d\u4e00\u81f4\uff0c\u800c\u4e14\u4e0d\u5229\u4e8e\u73af\u5883\u7684\u7ba1\u7406\u548c\u4f9d\u8d56\u66f4\u65b0\u53ca\u540c\u6b65\u3002
AI Lab \u63d0\u4f9b\u4e86\u73af\u5883\u7ba1\u7406\u7684\u80fd\u529b\uff0c\u5c06 Python \u73af\u5883\u4f9d\u8d56\u5305\u7ba1\u7406\u548c\u5f00\u53d1\u5de5\u5177\u3001\u4efb\u52a1\u955c\u50cf\u7b49\u8fdb\u884c\u89e3\u8026\uff0c\u89e3\u51b3\u4e86\u4f9d\u8d56\u7ba1\u7406\u6df7\u4e71\uff0c\u73af\u5883\u4e0d\u4e00\u81f4\u7b49\u95ee\u9898\u3002
\u8fd9\u91cc\u4f7f\u7528 AI Lab \u63d0\u4f9b\u7684\u73af\u5883\u7ba1\u7406\u529f\u80fd\uff0c\u521b\u5efa ChatGLM3 \u5fae\u8c03\u6240\u9700\u7684\u73af\u5883\uff0c\u4ee5\u5907\u540e\u7eed\u4f7f\u7528\u3002
Warning
requirements.txt
\u6587\u4ef6\uff0c\u91cc\u9762\u5305\u542b\u4e86 ChatGLM3 \u5fae\u8c03\u6240\u9700\u7684\u73af\u5883\u4f9d\u8d56deepspeed
\u548c mpi4py
\u5305\uff0c\u5efa\u8bae\u4ece requirements.txt
\u6587\u4ef6\u4e2d\u5c06\u5176\u6ce8\u91ca\u6389\uff0c\u5426\u5219\u53ef\u80fd\u51fa\u73b0\u5305\u7f16\u8bd1\u4e0d\u901a\u8fc7\u7684\u60c5\u51b5\u5728\u73af\u5883\u7ba1\u7406\u5217\u8868\uff0c\u60a8\u53ef\u4ee5\u5feb\u901f\u521b\u5efa\u4e00\u4e2a Python \u73af\u5883\uff0c\u5e76\u901a\u8fc7\u7b80\u5355\u7684\u8868\u5355\u914d\u7f6e\u6765\u5b8c\u6210\u73af\u5883\u7684\u521b\u5efa\uff1b\u8fd9\u91cc\u9700\u8981\u4e00\u4e2a Python 3.11.x \u73af\u5883\uff0c
\u56e0\u4e3a\u672c\u5b9e\u9a8c\u9700\u8981\u4f7f\u7528 CUDA\uff0c\u6240\u4ee5\u5728\u8fd9\u91cc\u9700\u8981\u914d\u7f6e GPU \u8d44\u6e90\uff0c\u7528\u4e8e\u9884\u70ed\u9700\u8981\u8d44\u6e90\u7684\u4f9d\u8d56\u5e93\u3002
\u521b\u5efa\u73af\u5883\uff0c\u9700\u8981\u53bb\u4e0b\u8f7d\u4e00\u7cfb\u5217\u7684 Python \u4f9d\u8d56\uff0c\u6839\u636e\u60a8\u7684\u5b9e\u9645\u4f4d\u7f6e\u4e0d\u540c\uff0c\u53ef\u80fd\u4f1a\u6709\u4e0d\u540c\u7684\u4e0b\u8f7d\u901f\u5ea6\uff0c\u8fd9\u91cc\u4f7f\u7528\u4e86\u56fd\u5185\u7684\u955c\u50cf\u52a0\u901f\uff0c\u53ef\u4ee5\u52a0\u5feb\u4e0b\u8f7d\u901f\u5ea6\u3002
"},{"location":"admin/baize/best-practice/finetunel-llm.html#notebook-ide","title":"\u4f7f\u7528 Notebook \u4f5c\u4e3a IDE","text":"AI Lab \u63d0\u4f9b\u4e86 Notebook \u4f5c\u4e3a IDE \u7684\u529f\u80fd\uff0c\u53ef\u4ee5\u8ba9\u7528\u6237\u5728\u6d4f\u89c8\u5668\u4e2d\u76f4\u63a5\u7f16\u5199\u4ee3\u7801\uff0c\u8fd0\u884c\u4ee3\u7801\uff0c\u67e5\u770b\u4ee3\u7801\u8fd0\u884c\u7ed3\u679c\uff0c\u975e\u5e38\u9002\u5408\u4e8e\u6570\u636e\u5206\u6790\u3001\u673a\u5668\u5b66\u4e60\u3001\u6df1\u5ea6\u5b66\u4e60\u7b49\u9886\u57df\u7684\u5f00\u53d1\u3002
\u60a8\u53ef\u4ee5\u4f7f\u7528 AI Lab \u63d0\u4f9b\u7684 JupyterLab Notebook \u6765\u8fdb\u884c ChatGLM3 \u7684\u5fae\u8c03\u4efb\u52a1\u3002
"},{"location":"admin/baize/best-practice/finetunel-llm.html#jupyterlab-notebook","title":"\u521b\u5efa JupyterLab Notebook","text":"\u5728 Notebook \u5217\u8868\u4e2d\uff0c\u53ef\u4ee5\u6839\u636e\u9875\u9762\u64cd\u4f5c\u6307\u5f15\uff0c\u521b\u5efa\u4e00\u4e2a Notebook\u3002\u6ce8\u610f\u60a8\u9700\u8981\u6839\u636e\u524d\u6587\u63d0\u5230\u7684\u8d44\u6e90\u8981\u6c42\u6765\u914d\u7f6e\u5bf9\u5e94\u7684 Notebook \u8d44\u6e90\u53c2\u6570\uff0c \u907f\u514d\u540e\u7eed\u56e0\u4e3a\u8d44\u6e90\u95ee\u9898\uff0c\u5f71\u54cd\u5fae\u8c03\u8fc7\u7a0b\u3002
Note
\u5728\u521b\u5efa Notebook \u65f6\uff0c\u53ef\u4ee5\u5c06\u4e4b\u524d\u9884\u52a0\u8f7d\u7684\u6a21\u578b\u4ee3\u7801\u6570\u636e\u96c6\u548c\u73af\u5883\uff0c\u76f4\u63a5\u6302\u8f7d\u5230 Notebook \u4e2d\uff0c\u6781\u5927\u8282\u7701\u4e86\u6570\u636e\u51c6\u5907\u7684\u65f6\u95f4\u3002
"},{"location":"admin/baize/best-practice/finetunel-llm.html#_6","title":"\u6302\u8f7d\u6570\u636e\u96c6\u548c\u4ee3\u7801","text":"\u6ce8\u610f\uff1aChatGLM3 \u7684\u4ee3\u7801\u6587\u4ef6\u6302\u8f7d\u5230\u4e86 /home/jovyan/ChatGLM3
\u76ee\u5f55\u4e0b\uff0c\u540c\u65f6\u60a8\u4e5f\u9700\u8981\u5c06 AdvertiseGen
\u6570\u636e\u96c6\u6302\u8f7d\u5230 /home/jovyan/ChatGLM3/finetune_demo/data/AdvertiseGen
\u76ee\u5f55\u4e0b\uff0c\u4ee5\u4fbf\u540e\u7eed\u7684\u5fae\u8c03\u4efb\u52a1\u80fd\u591f\u8bbf\u95ee\u6570\u636e\u3002
\u672c\u6b21\u4f7f\u7528\u7684\u6a21\u578b\u8f93\u51fa\u4f4d\u7f6e\u5728 /home/jovyan/ChatGLM3/finetune_demo/output
\u76ee\u5f55\u4e0b\uff0c\u53ef\u4ee5\u5c06\u4e4b\u524d\u521b\u5efa\u7684 PVC
\u6570\u636e\u96c6\u6302\u8f7d\u5230\u8fd9\u4e2a\u76ee\u5f55\u4e0b\uff0c \u8fd9\u6837\u8bad\u7ec3\u8f93\u51fa\u7684\u6a21\u578b\u5c31\u53ef\u4ee5\u4fdd\u5b58\u5230\u6570\u636e\u96c6\u4e2d\uff0c\u540e\u7eed\u6a21\u578b\u63a8\u7406\u7b49\u4efb\u52a1\u53ef\u4ee5\u76f4\u63a5\u8bbf\u95ee\u3002
\u521b\u5efa\u5b8c\u6210\u540e\uff0c\u53ef\u4ee5\u770b\u5230 Notebook \u7684\u754c\u9762\uff0c\u60a8\u53ef\u4ee5\u76f4\u63a5\u5728 Notebook \u4e2d\u7f16\u5199\u4ee3\u7801\uff0c\u8fd0\u884c\u4ee3\u7801\uff0c\u67e5\u770b\u4ee3\u7801\u8fd0\u884c\u7ed3\u679c\u3002
"},{"location":"admin/baize/best-practice/finetunel-llm.html#chatglm3","title":"\u5fae\u8c03 ChatGLM3","text":"\u5f53\u60a8\u8fdb\u5165\u5230 Notebook \u4e2d\u540e\uff0c\u53ef\u4ee5\u5728 Notebook \u4fa7\u8fb9\u680f\u4f1a\u53d1\u73b0\u6709\u4e00\u4e2a File Browser
\u7684\u9009\u9879\uff0c\u53ef\u4ee5\u770b\u5230\u4e4b\u524d\u6302\u8f7d\u7684\u6570\u636e\u96c6\u548c\u4ee3\u7801\uff0c\u5728\u8fd9\u91cc\u627e\u5230 ChatGLM3 \u7684\u6587\u4ef6\u5939\u3002
\u60a8\u53ef\u4ee5\u770b\u5230 ChatGLM3 \u7684\u5fae\u8c03\u4ee3\u7801\u5728 finetune_demo
\u6587\u4ef6\u5939\u4e2d\uff0c\u8fd9\u91cc\u53ef\u4ee5\u76f4\u63a5\u6253\u5f00 lora_finetune.ipynb
\u6587\u4ef6\uff0c\u8fd9\u662f ChatGLM3 \u7684\u5fae\u8c03\u4ee3\u7801\u3002
\u9996\u5148\uff0c\u6839\u636e README.md
\u7684\u8bf4\u660e\uff0c\u60a8\u53ef\u4ee5\u4e86\u89e3\u5230\u6574\u4e2a\u5fae\u8c03\u7684\u8fc7\u7a0b\uff0c\u5efa\u8bae\u5148\u9605\u8bfb\u4e00\u904d\uff0c\u786e\u4fdd\u57fa\u7840\u7684\u73af\u5883\u4f9d\u8d56\u548c\u6570\u636e\u51c6\u5907\u5de5\u4f5c\u90fd\u5df2\u7ecf\u5b8c\u6210\u3002
\u6253\u5f00\u7ec8\u7aef\uff0c\u5e76\u4f7f\u7528 conda
\u5207\u6362\u5230\u60a8\u63d0\u524d\u9884\u70ed\u7684\u73af\u5883\u4e2d\uff0c\u6b64\u73af\u5883\u4e0e JupyterLab Kernel \u4fdd\u6301\u4e00\u81f4\uff0c\u4ee5\u4fbf\u540e\u7eed\u7684\u4ee3\u7801\u8fd0\u884c\u3002
\u9996\u5148\uff0c\u60a8\u9700\u8981\u5c06 AdvertiseGen
\u6570\u636e\u96c6\u8fdb\u884c\u9884\u5904\u7406\uff0c\u5bf9\u6570\u636e\u8fdb\u884c\u6807\u51c6\u5316\u5904\u7406\uff0c\u4f7f\u5176\u7b26\u5408 Lora
\u9884\u8bad\u7ec3\u7684\u6807\u51c6\u683c\u5f0f\u8981\u6c42\uff1b \u8fd9\u91cc\u5c06\u5904\u7406\u540e\u7684\u6570\u636e\u4fdd\u5b58\u5230 AdvertiseGen_fix
\u6587\u4ef6\u5939\u4e2d\u3002
import json\nfrom typing import Union\nfrom pathlib import Path\n\ndef _resolve_path(path: Union[str, Path]) -> Path:\n return Path(path).expanduser().resolve()\n\ndef _mkdir(dir_name: Union[str, Path]):\n dir_name = _resolve_path(dir_name)\n if not dir_name.is_dir():\n dir_name.mkdir(parents=True, exist_ok=False)\n\ndef convert_adgen(data_dir: Union[str, Path], save_dir: Union[str, Path]):\n def _convert(in_file: Path, out_file: Path):\n _mkdir(out_file.parent)\n with open(in_file, encoding='utf-8') as fin:\n with open(out_file, 'wt', encoding='utf-8') as fout:\n for line in fin:\n dct = json.loads(line)\n sample = {'conversations': [{'role': 'user', 'content': dct['content']},\n {'role': 'assistant', 'content': dct['summary']}]}\n fout.write(json.dumps(sample, ensure_ascii=False) + '\\n')\n\n data_dir = _resolve_path(data_dir)\n save_dir = _resolve_path(save_dir)\n\n train_file = data_dir / 'train.json'\n if train_file.is_file():\n out_file = save_dir / train_file.relative_to(data_dir)\n _convert(train_file, out_file)\n\n dev_file = data_dir / 'dev.json'\n if dev_file.is_file():\n out_file = save_dir / dev_file.relative_to(data_dir)\n _convert(dev_file, out_file)\n\nconvert_adgen('data/AdvertiseGen', 'data/AdvertiseGen_fix')\n
\u4e3a\u4e86\u8282\u7701\u8c03\u8bd5\u7684\u65f6\u95f4\uff0c\u60a8\u53ef\u4ee5\u5c06 /home/jovyan/ChatGLM3/finetune_demo/data/AdvertiseGen_fix/dev.json
\u4e2d\u7684\u6570\u636e\u91cf\u7f29\u51cf\u5230 50 \u6761\uff0c\u8fd9\u91cc\u7684\u6570\u636e\u662f JSON \u683c\u5f0f\uff0c\u5904\u7406\u8d77\u6765\u4e5f\u662f\u6bd4\u8f83\u65b9\u4fbf\u7684\u3002
\u5b8c\u6210\u6570\u636e\u7684\u9884\u5904\u7406\u4e4b\u540e\uff0c\u57fa\u672c\u4e0a\u60a8\u5c31\u53ef\u4ee5\u76f4\u63a5\u5fae\u8c03\u6d4b\u8bd5\u4e86\uff0c\u53ef\u4ee5\u5728 /home/jovyan/ChatGLM3/finetune_demo/configs/lora.yaml
\u6587\u4ef6\u4e2d\u914d\u7f6e\u5fae\u8c03\u7684\u53c2\u6570\uff0c\u4e00\u822c\u9700\u8981\u5173\u6ce8\u7684\u53c2\u6570\u57fa\u672c\u5982\u4e0b\uff1a
\u65b0\u5f00\u4e00\u4e2a\u7ec8\u7aef\u7a97\u53e3\uff0c\u4f7f\u7528\u5982\u4e0b\u547d\u4ee4\u5373\u53ef\u8fdb\u884c\u672c\u5730\u5fae\u8c03\u6d4b\u8bd5\uff0c\u8bf7\u786e\u4fdd\u53c2\u6570\u914d\u7f6e\u548c\u8def\u5f84\u6b63\u786e\uff1a
!CUDA_VISIBLE_DEVICES=0 NCCL_P2P_DISABLE=\"1\" NCCL_IB_DISABLE=\"1\" python finetune_hf.py data/AdvertiseGen_fix ./chatglm3-6b configs/lora.yaml\n
\u5728\u8fd9\u6761\u547d\u4ee4\u4e2d\uff0c
finetune_hf.py
\u662f ChatGLM3 \u4ee3\u7801\u4e2d\u7684\u5fae\u8c03\u811a\u672cdata/AdvertiseGen_fix
\u662f\u60a8\u9884\u5904\u7406\u540e\u7684\u6570\u636e\u96c6./chatglm3-6b
\u662f\u60a8\u9884\u8bad\u7ec3\u6a21\u578b\u7684\u8def\u5f84configs/lora.yaml
\u662f\u5fae\u8c03\u7684\u914d\u7f6e\u6587\u4ef6\u5fae\u8c03\u8fc7\u7a0b\u4e2d\u53ef\u4ee5\u4f7f\u7528 nvidia-smi
\u547d\u4ee4\u67e5\u770b GPU \u663e\u5b58\u4f7f\u7528\u60c5\u51b5\uff1a
\u5728\u5fae\u8c03\u5b8c\u6210\u540e\uff0c\u5728 finetune_demo
\u76ee\u5f55\u4e0b\u4f1a\u751f\u6210\u4e00\u4e2a output
\u76ee\u5f55\uff0c\u91cc\u9762\u5305\u542b\u4e86\u5fae\u8c03\u7684\u6a21\u578b\u6587\u4ef6\uff0c \u8fd9\u6837\u5fae\u8c03\u7684\u6a21\u578b\u6587\u4ef6\u5c31\u76f4\u63a5\u4fdd\u5b58\u5230\u60a8\u4e4b\u524d\u521b\u5efa\u7684 PVC
\u6570\u636e\u96c6\u4e2d\u4e86\u3002
\u5728\u672c\u5730\u5fae\u8c03\u6d4b\u8bd5\u5b8c\u6210\u540e\uff0c\u786e\u4fdd\u60a8\u7684\u4ee3\u7801\u548c\u6570\u636e\u6ca1\u6709\u95ee\u9898\uff0c\u63a5\u4e0b\u6765\u53ef\u4ee5\u5c06\u5fae\u8c03\u4efb\u52a1\u63d0\u4ea4\u5230AI Lab \u4e2d\uff0c\u8fdb\u884c\u5927\u89c4\u6a21\u7684\u8bad\u7ec3\u548c\u5fae\u8c03\u4efb\u52a1\u3002
\u8fd9\u4e5f\u662f\u63a8\u8350\u7684\u6a21\u578b\u5f00\u53d1\u548c\u5fae\u8c03\u6d41\u7a0b\uff0c\u5148\u5728\u672c\u5730\u8fdb\u884c\u5fae\u8c03\u6d4b\u8bd5\uff0c\u786e\u4fdd\u4ee3\u7801\u548c\u6570\u636e\u6ca1\u6709\u95ee\u9898\u3002
"},{"location":"admin/baize/best-practice/finetunel-llm.html#_9","title":"\u4f7f\u7528\u754c\u9762\u63d0\u4ea4\u5fae\u8c03\u4efb\u52a1","text":"\u8fd9\u91cc\u4f7f\u7528 Pytorch
\u6765\u521b\u5efa\u5fae\u8c03\u4efb\u52a1\uff0c\u6839\u636e\u60a8\u7684\u5b9e\u9645\u60c5\u51b5\uff0c\u9009\u62e9\u9700\u8981\u4f7f\u7528\u54ea\u4e2a\u96c6\u7fa4\u7684\u8d44\u6e90\uff0c\u6ce8\u610f\u9700\u8981\u6ee1\u8db3\u524d\u9762\u8d44\u6e90\u51c6\u5907\u4e2d\u63d0\u53ca\u7684\u8d44\u6e90\u8981\u6c42\u3002
\u542f\u52a8\u547d\u4ee4\uff0c\u6839\u636e\u60a8\u5728 Notebook \u4e2d\u4f7f\u7528 LoRA \u5fae\u8c03\u7684\u7ecf\u9a8c\uff0c\u4ee3\u7801\u6587\u4ef6\u548c\u6570\u636e\u5728 /home/jovyan/ChatGLM3/finetune_demo
\u76ee\u5f55\u4e0b\uff0c\u6240\u4ee5\u60a8\u53ef\u4ee5\u76f4\u63a5\u4f7f\u7528\u8fd9\u4e2a\u8def\u5f84\uff1a
bash -c \"cd /home/jovyan/ChatGLM3/finetune_demo && CUDA_VISIBLE_DEVICES=0 NCCL_P2P_DISABLE=\"1\" NCCL_IB_DISABLE=\"1\" python finetune_hf.py data/AdvertiseGen_fix ./chatglm3-6b configs/lora.yaml\"\n
\u6302\u8f7d\u73af\u5883\uff0c\u8fd9\u6837\u4e4b\u524d\u9884\u52a0\u8f7d\u7684\u73af\u5883\u4f9d\u8d56\u4e0d\u4ec5\u53ef\u4ee5\u5728 Notebook \u4e2d\u4f7f\u7528\uff0c\u540c\u65f6\u4e5f\u53ef\u4ee5\u5728\u4efb\u52a1\u4e2d\u4f7f\u7528
AdvertiseGen
\u6570\u636e\u96c6\u6302\u8f7d\u5230 /home/jovyan/ChatGLM3/finetune_demo/data/AdvertiseGen
\u76ee\u5f55\u4e0b\u4efb\u52a1\u6210\u529f\u63d0\u4ea4\u540e\uff0c\u60a8\u53ef\u4ee5\u5728\u4efb\u52a1\u5217\u8868\u4e2d\u5b9e\u65f6\u67e5\u770b\u4efb\u52a1\u7684\u8bad\u7ec3\u8fdb\u5c55\uff0c\u8fd9\u91cc\u60a8\u53ef\u4ee5\u770b\u5230\u4efb\u52a1\u7684\u72b6\u6001\u3001\u8d44\u6e90\u4f7f\u7528\u60c5\u51b5\u3001\u65e5\u5fd7\u7b49\u4fe1\u606f\u3002
\u67e5\u770b\u4efb\u52a1\u65e5\u5fd7
\u4efb\u52a1\u8fd0\u884c\u5b8c\u6210\u540e\uff0c\u60a8\u53ef\u4ee5\u5728\u6570\u636e\u8f93\u51fa\u7684\u6570\u636e\u96c6\u4e2d\u67e5\u770b\u5fae\u8c03\u7684\u6a21\u578b\u6587\u4ef6\uff0c\u8fd9\u6837\u5c31\u53ef\u4ee5\u4f7f\u7528\u8fd9\u4e2a\u6a21\u578b\u6587\u4ef6\u8fdb\u884c\u540e\u7eed\u7684\u63a8\u7406\u4efb\u52a1\u3002
"},{"location":"admin/baize/best-practice/finetunel-llm.html#baizectl","title":"\u4f7f\u7528baizectl
\u63d0\u4ea4\u4efb\u52a1","text":"AI Lab \u7684 Notebook \u652f\u6301\u514d\u8ba4\u8bc1\u76f4\u63a5\u4f7f\u7528 baizectl
\u547d\u4ee4\u884c\u5de5\u5177\uff0c \u5982\u679c\u60a8\u559c\u6b22\u4f7f\u7528 CLI\uff0c\u90a3\u4e48\u53ef\u4ee5\u76f4\u63a5\u4f7f\u7528 baizectl
\u63d0\u4f9b\u7684\u547d\u4ee4\u884c\u5de5\u5177\uff0c\u63d0\u4ea4\u4efb\u52a1\u3002
baizectl job submit --name finetunel-chatglm3 -t PYTORCH \\\n --image release.daocloud.io/baize/baize-notebook:v0.5.0 \\\n --priority baize-high-priority \\\n --resources cpu=8,memory=16Gi,nvidia.com/gpu=1 \\\n --workers 1 \\\n --queue default \\\n --working-dir /home/jovyan/ChatGLM3 \\\n --datasets AdvertiseGen:/home/jovyan/ChatGLM3/finetune_demo/data/AdvertiseGen \\\n --datasets output:/home/jovyan/ChatGLM3/finetune_demo/output \\\n --labels job_type=pytorch \\\n --restart-policy on-failure \\\n -- bash -c \"cd /home/jovyan/ChatGLM3/finetune_demo && CUDA_VISIBLE_DEVICES=0 NCCL_P2P_DISABLE=\"1\" NCCL_IB_DISABLE=\"1\" python finetune_hf.py data/AdvertiseGen_fix ./chatglm3-6b configs/lora.yaml\"\n
\u5982\u679c\u5e0c\u671b\u4e86\u89e3\u66f4\u591a baizectl
\u7684\u4f7f\u7528\u8bf4\u660e\uff0c\u53ef\u4ee5\u67e5\u770b baizectl \u4f7f\u7528\u6587\u6863\u3002
\u5728\u5fae\u8c03\u4efb\u52a1\u5b8c\u6210\u540e\uff0c\u60a8\u53ef\u4ee5\u4f7f\u7528\u5fae\u8c03\u7684\u6a21\u578b\u8fdb\u884c\u63a8\u7406\u4efb\u52a1\uff0c\u8fd9\u91cc\u60a8\u53ef\u4ee5\u4f7f\u7528AI Lab \u63d0\u4f9b\u7684\u63a8\u7406\u670d\u52a1\uff0c\u5c06\u8f93\u51fa\u540e\u7684\u6a21\u578b\u521b\u5efa\u4e3a\u63a8\u7406\u670d\u52a1\u3002
\u5728\u63a8\u7406\u670d\u52a1\u5217\u8868\u4e2d\uff0c\u60a8\u53ef\u4ee5\u521b\u5efa\u4e00\u4e2a\u65b0\u7684\u63a8\u7406\u670d\u52a1\uff0c\u5728\u9009\u62e9\u6a21\u578b\u7684\u4f4d\u7f6e\uff0c\u9009\u62e9\u4e4b\u524d\u63a8\u7406\u8f93\u51fa\u7684\u6570\u636e\u96c6\uff0c\u5e76\u914d\u7f6e\u6a21\u578b\u8def\u5f84\u3002
\u6709\u5173\u6a21\u578b\u8d44\u6e90\u8981\u6c42\u3001\u63a8\u7406\u670d\u52a1\u7684 GPU \u8d44\u6e90\u8981\u6c42\uff0c\u9700\u8981\u6839\u636e\u6a21\u578b\u7684\u5927\u5c0f\u548c\u63a8\u7406\u7684\u5e76\u53d1\u91cf\u6765\u914d\u7f6e\uff0c\u8fd9\u91cc\u60a8\u53ef\u4ee5\u6839\u636e\u4e4b\u524d\u5fae\u8c03\u4efb\u52a1\u7684\u8d44\u6e90\u914d\u7f6e\u6765\u914d\u7f6e\u3002
"},{"location":"admin/baize/best-practice/finetunel-llm.html#_12","title":"\u914d\u7f6e\u6a21\u578b\u8fd0\u884c\u65f6","text":"\u914d\u7f6e\u6a21\u578b\u7684\u8fd0\u884c\u65f6\u5c24\u4e3a\u91cd\u8981\uff0c\u76ee\u524d AI Lab \u5df2\u7ecf\u652f\u6301 vLLM
\u4f5c\u4e3a\u6a21\u578b\u63a8\u7406\u670d\u52a1\u7684\u8fd0\u884c\u65f6\uff0c\u53ef\u4ee5\u76f4\u63a5\u9009\u62e9 vLLM
\u3002
vLLM \u652f\u6301\u975e\u5e38\u4e30\u5bcc\u7684\u5927\u8bed\u8a00\u6a21\u578b\uff0c\u5efa\u8bae\u8bbf\u95ee vLLM \u4e86\u89e3\u66f4\u591a\u4fe1\u606f\uff0c\u8fd9\u4e9b\u6a21\u578b\u90fd\u53ef\u4ee5\u5f88\u65b9\u4fbf\u5730\u5728 AI Lab \u4e2d\u4f7f\u7528\u3002
\u521b\u5efa\u5b8c\u6210\u540e\uff0c\u60a8\u53ef\u4ee5\u5728\u63a8\u7406\u670d\u52a1\u5217\u8868\u4e2d\u770b\u5230\u60a8\u521b\u5efa\u7684\u63a8\u7406\u670d\u52a1\uff0c\u5728\u6a21\u578b\u670d\u52a1\u5217\u8868\uff0c\u60a8\u53ef\u4ee5\u76f4\u63a5\u83b7\u53d6\u6a21\u578b\u7684\u8bbf\u95ee\u5730\u5740
"},{"location":"admin/baize/best-practice/finetunel-llm.html#_13","title":"\u4f7f\u7528\u6a21\u578b\u670d\u52a1\u6d4b\u8bd5","text":"\u7b80\u5355\u5728\u7ec8\u7aef\u4e2d\u5c1d\u8bd5\uff0c\u4f7f\u7528 curl
\u547d\u4ee4\u6765\u6d4b\u8bd5\u6a21\u578b\u670d\u52a1\uff0c\u8fd9\u91cc\u60a8\u53ef\u4ee5\u770b\u5230\u8fd4\u56de\u7684\u7ed3\u679c\uff0c\u8fd9\u6837\u5c31\u53ef\u4ee5\u4f7f\u7528\u6a21\u578b\u670d\u52a1\u8fdb\u884c\u63a8\u7406\u4efb\u52a1\u4e86\u3002
curl -X POST http://10.20.100.210:31118/v2/models/chatglm3-6b/generate \\\n -d '{\"text_input\": \"hello\", \"stream\": false, \"sampling_parameters\": \"{\\\"temperature\\\": 0.7, \\\"top_p\\\": 0.95, \\'max_tokens\\\": 1024\uff5d\"\uff5d'\n
"},{"location":"admin/baize/best-practice/finetunel-llm.html#_14","title":"\u7ed3\u8bed","text":"\u672c\u6587\u4ee5 ChatGLM3
\u4e3a\u4f8b\uff0c\u5e26\u60a8\u5feb\u901f\u4e86\u89e3\u548c\u4e0a\u624b AI Lab \u7684\u6a21\u578b\u5fae\u8c03\uff0c\u4f7f\u7528 LoRA
\u5fae\u8c03\u4e86 ChatGLM3 \u6a21\u578b\u3002
AI Lab \u63d0\u4f9b\u4e86\u975e\u5e38\u4e30\u5bcc\u7684\u529f\u80fd\uff0c\u53ef\u4ee5\u5e2e\u52a9\u6a21\u578b\u5f00\u53d1\u8005\u5feb\u901f\u8fdb\u884c\u6a21\u578b\u5f00\u53d1\u3001\u5fae\u8c03\u3001\u63a8\u7406\u7b49\u4efb\u52a1\uff0c\u540c\u65f6\u4e5f\u63d0\u4f9b\u4e86\u4e30\u5bcc\u7684 OpenAPI \u63a5\u53e3\uff0c\u53ef\u4ee5\u65b9\u4fbf\u5730\u4e0e\u7b2c\u4e09\u65b9\u5e94\u7528\u751f\u6001\u8fdb\u884c\u7ed3\u5408\u3002
"},{"location":"admin/baize/best-practice/label-studio.html","title":"\u90e8\u7f72 Label Studio","text":"Label Studio \u662f\u4e00\u4e2a\u5f00\u6e90\u7684\u6570\u636e\u6807\u6ce8\u5de5\u5177\uff0c\u7528\u4e8e\u5404\u79cd\u673a\u5668\u5b66\u4e60\u548c\u4eba\u5de5\u667a\u80fd\u4efb\u52a1\u3002 \u4ee5\u4e0b\u662f Label Studio \u7684\u7b80\u8981\u4ecb\u7ecd\uff1a
Label Studio \u901a\u8fc7\u5176\u7075\u6d3b\u6027\u548c\u529f\u80fd\u4e30\u5bcc\u6027\uff0c\u4e3a\u6570\u636e\u79d1\u5b66\u5bb6\u548c\u673a\u5668\u5b66\u4e60\u5de5\u7a0b\u5e08\u63d0\u4f9b\u4e86\u5f3a\u5927\u7684\u6570\u636e\u6807\u6ce8\u89e3\u51b3\u65b9\u6848\u3002
"},{"location":"admin/baize/best-practice/label-studio.html#ai","title":"\u90e8\u7f72\u5230 AI \u7b97\u529b\u5e73\u53f0","text":"\u8981\u60f3\u5728 AI Lab \u4e2d\u4f7f\u7528 Label Studio\uff0c\u9700\u5c06\u5176\u90e8\u7f72\u5230\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\uff0c \u4f60\u53ef\u4ee5\u901a\u8fc7 Helm \u7684\u65b9\u5f0f\u5feb\u901f\u90e8\u7f72\u3002
Note
\u66f4\u591a\u90e8\u7f72\u8be6\u60c5\uff0c\u8bf7\u53c2\u9605 Deploy Label Studio on Kubernetes\u3002
\u6253\u5f00\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u754c\u9762\uff0c\u4ece\u5de6\u4fa7\u5bfc\u822a\u680f\u627e\u5230 Helm \u5e94\u7528 -> Helm \u4ed3\u5e93 \uff0c\u9009\u62e9 \u521b\u5efa\u4ed3\u5e93 \u6309\u94ae\uff0c\u586b\u5199\u5982\u4e0b\u53c2\u6570\uff1a
\u6dfb\u52a0\u6210\u529f\u540e\uff0c\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507 \uff0c\u9009\u62e9 \u540c\u6b65\u4ed3\u5e93 \uff0c\u7a0d\u7b49\u7247\u523b\u540e\u5b8c\u6210\u540c\u6b65\u3002\uff08\u540e\u7eed\u66f4\u65b0 Label Studio \u4e5f\u4f1a\u7528\u5230\u8fd9\u4e2a\u540c\u6b65\u64cd\u4f5c\uff09\u3002
\u7136\u540e\u8df3\u8f6c\u5230 Helm \u6a21\u677f \u9875\u9762\uff0c\u4f60\u53ef\u4ee5\u641c\u7d22\u627e\u5230 label-studio
\uff0c\u70b9\u51fb\u5361\u7247\u3002
\u9009\u62e9\u6700\u65b0\u7684\u7248\u672c\uff0c\u5982\u4e0b\u56fe\u914d\u7f6e\u5b89\u88c5\u53c2\u6570\uff0c\u540d\u79f0\u4e3a label-stuio
\uff0c\u5efa\u8bae\u521b\u5efa\u65b0\u7684\u547d\u4ee4\u7a7a\u95f4\uff0c\u914d\u7f6e\u53c2\u6570\u5207\u6362\u5230 YAML
\uff0c\u6839\u636e\u8bf4\u660e\u4fee\u6539\u5176\u4e2d\u914d\u7f6e\u3002
global:\n image:\n repository: heartexlabs/label-studio # \u5982\u679c\u65e0\u6cd5\u8bbf\u95ee docker.io\uff0c\u5728\u6b64\u5904\u914d\u7f6e\u4ee3\u7406\u5730\u5740\n extraEnvironmentVars:\n LABEL_STUDIO_HOST: https://{\u8bbf\u95ee\u5730\u5740}/label-studio # \u4f7f\u7528\u7684\u767b\u5f55\u5730\u5740\uff0c\u8bf7\u53c2\u9605\u5f53\u524d\u7f51\u9875 URL\n LABEL_STUDIO_USERNAME: {\u7528\u6237\u90ae\u7bb1} # \u5fc5\u987b\u662f\u90ae\u7bb1\uff0c\u66ff\u6362\u4e3a\u81ea\u5df1\u7684\n LABEL_STUDIO_PASSWORD: {\u7528\u6237\u5bc6\u7801} \napp:\n nginx:\n livenessProbe:\n path: /label-studio/nginx_health\n readinessProbe:\n path: /label-studio/version\n
\u81f3\u6b64\uff0c\u5b8c\u6210\u4e86 Label studio \u7684\u5b89\u88c5\u3002
Warning
\u9ed8\u8ba4\u4f1a\u5b89\u88c5 PostgreSQL \u4f5c\u4e3a\u6570\u636e\u670d\u52a1\u4e2d\u95f4\u4ef6\uff0c\u5982\u679c\u955c\u50cf\u62c9\u53d6\u5931\u8d25\uff0c\u53ef\u80fd\u662f docker.io
\u65e0\u6cd5\u8bbf\u95ee\uff0c\u6ce8\u610f\u5207\u6362\u5230\u53ef\u7528\u4ee3\u7406\u5373\u53ef\u3002
\u5982\u679c\u4f60\u6709\u81ea\u5df1\u7684 PostgreSQL \u6570\u636e\u670d\u52a1\u4e2d\u95f4\u4ef6\uff0c\u53ef\u4ee5\u4f7f\u7528\u5982\u4e0b\u53c2\u6570\u914d\u7f6e\uff1a
global:\n image:\n repository: heartexlabs/label-studio # \u5982\u679c\u65e0\u6cd5\u8bbf\u95ee docker.io\uff0c\u5728\u6b64\u5904\u914d\u7f6e\u4ee3\u7406\u5730\u5740\n extraEnvironmentVars:\n LABEL_STUDIO_HOST: https://{\u8bbf\u95ee\u5730\u5740}/label-studio # \u4f7f\u7528\u7684\u767b\u5f55\u5730\u5740\uff0c\u53c2\u9605\u5f53\u524d\u7f51\u9875 URL\n LABEL_STUDIO_USERNAME: {\u7528\u6237\u90ae\u7bb1} # \u5fc5\u987b\u662f\u90ae\u7bb1\uff0c\u66ff\u6362\u4e3a\u81ea\u5df1\u7684\n LABEL_STUDIO_PASSWORD: {\u7528\u6237\u5bc6\u7801} \napp:\n nginx:\n livenessProbe:\n path: /label-studio/nginx_health\n readinessProbe:\n path: /label-studio/version\npostgresql:\n enabled: false # \u7981\u7528\u5185\u7f6e\u7684 PostgreSQL\nexternalPostgresql:\n host: \"postgres-postgresql\" # PostgreSQL \u5730\u5740\n port: 5432\n username: \"label_studio\" # PostgreSQL \u7528\u6237\u540d\n password: \"your_label_studio_password\" # PostgreSQL \u5bc6\u7801\n database: \"label_studio\" # PostgreSQL \u6570\u636e\u5e93\u540d\n
"},{"location":"admin/baize/best-practice/label-studio.html#gproduct","title":"\u6dfb\u52a0 GProduct \u5230\u5bfc\u822a\u680f","text":"\u5982\u679c\u8981\u6dfb\u52a0 Label Studio \u5230\u5bfc\u822a\u680f\uff0c\u53ef\u4ee5\u53c2\u8003\u5168\u5c40\u7ba1\u7406 OEM IN \u7684\u65b9\u5f0f\u3002 \u4ee5\u4e0b\u6848\u4f8b\u662f\u589e\u52a0\u5230 AI Lab \u4e8c\u7ea7\u5bfc\u822a\u7684\u6dfb\u52a0\u65b9\u5f0f\u3002
"},{"location":"admin/baize/best-practice/label-studio.html#_1","title":"\u6dfb\u52a0\u4ee3\u7406\u8bbf\u95ee","text":"apiVersion: ghippo.io/v1alpha1\nkind: GProductProxy\nmetadata:\n name: label-studio\nspec:\n gproduct: label-studio\n proxies:\n - authnCheck: false\n destination:\n host: label-studio-ls-app.label-studio.svc.cluster.local\n port: 80\n match:\n uri:\n prefix: /label-studio\n
"},{"location":"admin/baize/best-practice/label-studio.html#ai-lab","title":"\u6dfb\u52a0\u5230 AI Lab","text":"\u4fee\u6539 CRD \u4e3a GProductNavigator
\u7684 CR baize
\uff0c\u7136\u540e\u5728\u73b0\u6709\u914d\u7f6e\u4e2d\u8fdb\u884c\u5982\u4e0b\u53d8\u66f4\uff1a
apiVersion: ghippo.io/v1alpha1\nkind: GProductNavigator\nmetadata:\n annotations:\n meta.helm.sh/release-name: baize\n meta.helm.sh/release-namespace: baize-system\n labels:\n app.kubernetes.io/managed-by: Helm\n gProductName: baize\n name: baize\nspec:\n category: cloudnativeai\n gproduct: baize\n iconUrl: ./ui/baize/logo.svg\n isCustom: false\n localizedName:\n en-US: AI Lab\n zh-CN: AI Lab\n menus:\n - iconUrl: ''\n isCustom: false\n localizedName:\n en-US: AI Lab\n zh-CN: AI Lab\n name: workspace-view\n order: 1\n url: ./baize\n visible: true\n - iconUrl: ''\n isCustom: false\n localizedName:\n en-US: Operator\n zh-CN: \u8fd0\u7ef4\u7ba1\u7406\n name: admin-view\n order: 1\n url: ./baize/admin\n visible: true\n # \u6dfb\u52a0\u5f00\u59cb\n - iconUrl: ''\n localizedName:\n en-US: Data Annotation\n zh-CN: \u6570\u636e\u6807\u6ce8\n name: label-studio\n order: 1\n target: blank # \u63a7\u5236\u65b0\u5f00\u9875\n url: https://{\u8bbf\u95ee\u5730\u5740}/label-studio # \u8bbf\u95ee\u5730\u5740\n visible: true\n # \u6dfb\u52a0\u7ed3\u675f\n name: AI Lab\n order: 10\n url: ./baize\n visible: true\n
"},{"location":"admin/baize/best-practice/label-studio.html#_2","title":"\u6dfb\u52a0\u6548\u679c","text":""},{"location":"admin/baize/best-practice/label-studio.html#_3","title":"\u7ed3\u8bed","text":"\u4ee5\u4e0a\uff0c\u5c31\u662f\u5982\u4f55\u6dfb\u52a0 Label Studio \u5e76\u5c06\u5176\u4f5c\u4e3a AI Lab \u7684\u6807\u6ce8\u7ec4\u4ef6\uff0c\u901a\u8fc7\u5c06\u6807\u6ce8\u540e\u7684\u6570\u636e\u6dfb\u52a0\u5230 AI Lab \u7684\u6570\u636e\u96c6\u4e2d\uff0c \u8054\u52a8\u7b97\u6cd5\u5f00\u53d1\uff0c\u5b8c\u5584\u7b97\u6cd5\u5f00\u53d1\u6d41\u7a0b\uff0c\u540e\u7eed\u5982\u4f55\u4f7f\u7528\u8bf7\u5173\u6ce8\u5176\u4ed6\u6587\u6863\u53c2\u8003\u3002
"},{"location":"admin/baize/best-practice/train-with-deepspeed.html","title":"\u5982\u4f55\u63d0\u4ea4 DeepSpeed \u8bad\u7ec3\u4efb\u52a1","text":"\u6839\u636e DeepSpeed \u5b98\u65b9\u6587\u6863\uff0c\u6211\u4eec\u63a8\u8350\u4f7f\u7528\u4fee\u6539\u4ee3\u7801\u7684\u65b9\u5f0f\u5b9e\u73b0\u3002
\u5373\u4f7f\u7528 deepspeed.init_distributed()
\u4ee3\u66ff torch.distributed.init_process_group(...)
\u3002 \u7136\u540e\u8fd0\u884c\u547d\u4ee4\u4f7f\u7528 torchrun
\uff0c\u63d0\u4ea4\u4e3a Pytorch \u5206\u5e03\u5f0f\u4efb\u52a1\uff0c\u65e2\u53ef\u8fd0\u884c DeepSpeed \u4efb\u52a1\u3002
\u662f\u7684\uff0c\u4f60\u53ef\u4ee5\u4f7f\u7528 torchrun
\u8fd0\u884c\u4f60\u7684 DeepSpeed \u8bad\u7ec3\u811a\u672c\u3002 torchrun
\u662f PyTorch \u63d0\u4f9b\u7684\u4e00\u4e2a\u5b9e\u7528\u5de5\u5177\uff0c\u7528\u4e8e\u5206\u5e03\u5f0f\u8bad\u7ec3\u3002\u4f60\u53ef\u4ee5\u7ed3\u5408 torchrun
\u548c DeepSpeed API \u6765\u542f\u52a8\u4f60\u7684\u8bad\u7ec3\u4efb\u52a1\u3002
\u4ee5\u4e0b\u662f\u4e00\u4e2a\u4f7f\u7528 torchrun
\u8fd0\u884c DeepSpeed \u8bad\u7ec3\u811a\u672c\u7684\u793a\u4f8b\uff1a
\u7f16\u5199\u8bad\u7ec3\u811a\u672c\uff1a
train.pyimport torch\nimport deepspeed\nfrom torch.utils.data import DataLoader\n\n# \u6a21\u578b\u548c\u6570\u636e\u52a0\u8f7d\nmodel = YourModel()\ntrain_dataset = YourDataset()\ntrain_dataloader = DataLoader(train_dataset, batch_size=32)\n\n# \u914d\u7f6e\u6587\u4ef6\u8def\u5f84\ndeepspeed_config = \"deepspeed_config.json\"\n\n# \u521b\u5efa DeepSpeed \u8bad\u7ec3\u5f15\u64ce\nmodel_engine, optimizer, _, _ = deepspeed.initialize(\n model=model,\n model_parameters=model.parameters(),\n config_params=deepspeed_config\n)\n\n# \u8bad\u7ec3\u5faa\u73af\nfor batch in train_dataloader:\n loss = model_engine(batch)\n model_engine.backward(loss)\n model_engine.step()\n
\u521b\u5efa DeepSpeed \u914d\u7f6e\u6587\u4ef6\uff1a
deepspeed_config.json{\n \"train_batch_size\": 32,\n \"gradient_accumulation_steps\": 1,\n \"fp16\": {\n \"enabled\": true,\n \"loss_scale\": 0\n },\n \"optimizer\": {\n \"type\": \"Adam\",\n \"params\": {\n \"lr\": 0.00015,\n \"betas\": [0.9, 0.999],\n \"eps\": 1e-08,\n \"weight_decay\": 0\n }\n }\n}\n
\u4f7f\u7528 torchrun
\u6216\u8005 baizectl
\u8fd0\u884c\u8bad\u7ec3\u811a\u672c\uff1a
torchrun train.py\n
\u901a\u8fc7\u8fd9\u79cd\u65b9\u5f0f\uff0c\u4f60\u53ef\u4ee5\u7ed3\u5408 PyTorch \u7684\u5206\u5e03\u5f0f\u8bad\u7ec3\u529f\u80fd\u548c DeepSpeed \u7684\u4f18\u5316\u6280\u672f\uff0c\u4ece\u800c\u5b9e\u73b0\u66f4\u9ad8\u6548\u7684\u8bad\u7ec3\u3002 \u60a8\u53ef\u4ee5\u5728 Notebook \u4e2d\uff0c\u4f7f\u7528 baizectl
\u63d0\u4ea4\u547d\u4ee4\uff1a
baizectl job submit --pytorch --workers 2 -- torchrun train.py\n
\u8fd0\u7ef4\u7ba1\u7406\u662f IT \u8fd0\u7ef4\u4eba\u5458\u65e5\u5e38\u7ba1\u7406 IT \u8d44\u6e90\uff0c\u5904\u7406\u5de5\u4f5c\u7684\u7a7a\u95f4\u3002
\u5728\u8fd9\u91cc\u53ef\u4ee5\u76f4\u89c2\u5730\u4e86\u89e3\u5f53\u524d\u96c6\u7fa4\u3001\u8282\u70b9\u3001CPU\u3001GPU\u3001vGPU \u7b49\u8d44\u6e90\u7684\u4f7f\u7528\u72b6\u51b5\u3002
"},{"location":"admin/baize/oam/index.html#_2","title":"\u5e38\u89c1\u672f\u8bed","text":"\u81ea\u52a8\u5316\u6c47\u603b\u6574\u4e2a\u5e73\u53f0\u4e2d\u7684 GPU \u8d44\u6e90\u4fe1\u606f\uff0c\u63d0\u4f9b\u8be6\u5c3d\u7684 GPU \u8bbe\u5907\u4fe1\u606f\u5c55\u793a\uff0c\u53ef\u67e5\u770b\u5404\u79cd GPU \u5361\u7684\u8d1f\u8f7d\u7edf\u8ba1\u548c\u4efb\u52a1\u8fd0\u884c\u4fe1\u606f\u3002
\u8fdb\u5165 \u8fd0\u7ef4\u7ba1\u7406 \u540e\uff0c\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u7684 \u8d44\u6e90\u7ba1\u7406 -> GPU \u7ba1\u7406 \uff0c\u53ef\u4ee5\u67e5\u770b GPU \u5361\u548c\u4efb\u52a1\u4fe1\u606f\u3002
"},{"location":"admin/baize/oam/queue/create.html","title":"\u521b\u5efa\u961f\u5217","text":"\u5728\u8fd0\u7ef4\u7ba1\u7406\u6a21\u5f0f\u4e2d\uff0c\u961f\u5217\u53ef\u7528\u4e8e\u8c03\u5ea6\u548c\u4f18\u5316\u6279\u5904\u7406\u5de5\u4f5c\u8d1f\u8f7d\uff0c\u5b83\u53ef\u4ee5\u6709\u6548\u5730\u7ba1\u7406\u5728\u96c6\u7fa4\u4e0a\u8fd0\u884c\u7684\u591a\u4e2a\u4efb\u52a1\uff0c\u901a\u8fc7\u961f\u5217\u7cfb\u7edf\u6765\u4f18\u5316\u8d44\u6e90\u5229\u7528\u7387\u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u4e2d\u70b9\u51fb \u961f\u5217\u7ba1\u7406 \uff0c\u70b9\u51fb\u53f3\u4fa7\u7684 \u521b\u5efa \u6309\u94ae\u3002
\u7cfb\u7edf\u4f1a\u9884\u5148\u586b\u5145\u57fa\u7840\u8bbe\u7f6e\u6570\u636e\uff0c\u5305\u62ec\u8981\u90e8\u7f72\u7684\u96c6\u7fa4\u3001\u5de5\u4f5c\u7a7a\u95f4\u3001\u6392\u961f\u7b56\u7565\u7b49\u3002 \u8c03\u6574\u8fd9\u4e9b\u53c2\u6570\u540e\u70b9\u51fb \u786e\u5b9a \u3002
\u5c4f\u5e55\u63d0\u793a\u521b\u5efa\uff0c\u8fd4\u56de\u961f\u5217\u7ba1\u7406\u5217\u8868\u3002\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507 \uff0c\u53ef\u4ee5\u6267\u884c\u66f4\u65b0\u3001\u5220\u9664\u7b49\u66f4\u591a\u64cd\u4f5c\u3002
\u5728\u8fd0\u7ef4\u7ba1\u7406\u6a21\u5f0f\u4e2d\uff0c\u5982\u679c\u53d1\u73b0\u961f\u5217\u5197\u4f59\u3001\u8fc7\u671f\u6216\u56e0\u5176\u4ed6\u7f18\u6545\u4e0d\u518d\u9700\u8981\uff0c\u53ef\u4ee5\u4ece\u961f\u5217\u5217\u8868\u4e2d\u5220\u9664\u3002
\u5728\u961f\u5217\u5217\u8868\u53f3\u4fa7\u70b9\u51fb \u2507 \uff0c\u5728\u5f39\u51fa\u83dc\u5355\u4e2d\u9009\u62e9 \u5220\u9664 \u3002
\u5728\u5f39\u7a97\u4e2d\u786e\u8ba4\u8981\u5220\u9664\u7684\u961f\u5217\uff0c\u8f93\u5165\u961f\u5217\u540d\u79f0\u540e\u70b9\u51fb \u5220\u9664 \u3002
\u5c4f\u5e55\u63d0\u793a\u5220\u9664\u6210\u529f\uff0c\u8be5\u961f\u5217\u4ece\u5217\u8868\u4e2d\u6d88\u5931\u3002
Caution
\u961f\u5217\u4e00\u65e6\u5220\u9664\u5c06\u4e0d\u53ef\u6062\u590d\uff0c\u8bf7\u8c28\u614e\u64cd\u4f5c\u3002
"},{"location":"admin/baize/troubleshoot/index.html","title":"\u6545\u969c\u6392\u67e5","text":"\u672c\u6587\u5c06\u6301\u7eed\u7edf\u8ba1\u548c\u68b3\u7406 AI Lab \u4f7f\u7528\u8fc7\u7a0b\u53ef\u80fd\u56e0\u73af\u5883\u6216\u64cd\u4f5c\u4e0d\u89c4\u8303\u5f15\u8d77\u7684\u62a5\u9519\uff0c\u4ee5\u53ca\u5728\u4f7f\u7528\u8fc7\u7a0b\u4e2d\u9047\u5230\u67d0\u4e9b\u62a5\u9519\u7684\u95ee\u9898\u5206\u6790\u3001\u89e3\u51b3\u65b9\u6848\u3002
Warning
\u672c\u6587\u6863\u4ec5\u9002\u7528\u4e8e AI \u7b97\u529b\u4e2d\u5fc3\u7248\u672c\uff0c\u82e5\u9047\u5230 AI Lab \u7684\u4f7f\u7528\u95ee\u9898\uff0c\u8bf7\u4f18\u5148\u67e5\u770b\u6b64\u6392\u969c\u624b\u518c\u3002
AI Lab \u5728 AI \u7b97\u529b\u4e2d\u5fc3\u4e2d\u6a21\u5757\u540d\u79f0 baize
\uff0c\u63d0\u4f9b\u4e86\u4e00\u7ad9\u5f0f\u7684\u6a21\u578b\u8bad\u7ec3\u3001\u63a8\u7406\u3001\u6a21\u578b\u7ba1\u7406\u7b49\u529f\u80fd\u3002
\u5728 AI Lab \u5f00\u53d1\u63a7\u5236\u53f0\u3001\u8fd0\u7ef4\u63a7\u5236\u53f0\uff0c\u529f\u80fd\u6a21\u5757\u7684\u96c6\u7fa4\u641c\u7d22\u6761\u4ef6\u7684\u4e0b\u62c9\u5217\u8868\u627e\u4e0d\u5230\u60f3\u8981\u7684\u96c6\u7fa4\u3002
"},{"location":"admin/baize/troubleshoot/cluster-not-found.html#_3","title":"\u95ee\u9898\u5206\u6790","text":"\u5728 AI Lab \u4e2d\uff0c\u96c6\u7fa4\u4e0b\u62c9\u5217\u8868\u5982\u679c\u7f3a\u5c11\u4e86\u60f3\u8981\u7684\u96c6\u7fa4\uff0c\u53ef\u80fd\u662f\u7531\u4e8e\u4ee5\u4e0b\u539f\u56e0\u5bfc\u81f4\u7684\uff1a
baize-agent
\u672a\u5b89\u88c5\u6216\u5b89\u88c5\u4e0d\u6210\u529f\uff0c\u5bfc\u81f4 AI Lab \u65e0\u6cd5\u83b7\u53d6\u96c6\u7fa4\u4fe1\u606fbaize-agent
\u672a\u914d\u7f6e\u96c6\u7fa4\u540d\u79f0\uff0c\u5bfc\u81f4 AI Lab \u65e0\u6cd5\u83b7\u53d6\u96c6\u7fa4\u4fe1\u606fbaize-agent
\u672a\u5b89\u88c5\u6216\u5b89\u88c5\u4e0d\u6210\u529f","text":"AI Lab \u6709\u4e00\u4e9b\u57fa\u7840\u7ec4\u4ef6\u9700\u8981\u5728\u6bcf\u4e2a\u5de5\u4f5c\u96c6\u7fa4\u5185\u8fdb\u884c\u5b89\u88c5\uff0c\u5982\u679c\u5de5\u4f5c\u96c6\u7fa4\u5185\u672a\u5b89\u88c5 baize-agent
\u65f6\uff0c\u53ef\u4ee5\u5728\u754c\u9762\u4e0a\u9009\u62e9\u5b89\u88c5\uff0c\u53ef\u80fd\u4f1a\u5bfc\u81f4\u4e00\u4e9b\u975e\u9884\u671f\u7684\u62a5\u9519\u7b49\u95ee\u9898\u3002
\u6240\u4ee5\uff0c\u4e3a\u4e86\u4fdd\u969c\u4f7f\u7528\u4f53\u9a8c\uff0c\u53ef\u9009\u62e9\u7684\u96c6\u7fa4\u8303\u56f4\u4ec5\u5305\u542b\u4e86\u5df2\u7ecf\u6210\u529f\u5b89\u88c5\u4e86 baize-agent
\u7684\u96c6\u7fa4\u3002
\u5982\u679c\u662f\u56e0\u4e3a baize-agent
\u672a\u5b89\u88c5\u6216\u5b89\u88c5\u5931\u8d25\uff0c\u5219\u4f7f\u7528 \u5bb9\u5668\u7ba1\u7406 -> \u96c6\u7fa4\u7ba1\u7406 -> Helm \u5e94\u7528 -> Helm \u6a21\u677f \uff0c\u627e\u5230 baize-agent
\u5e76\u5b89\u88c5\u3002
Note
\u6b64\u5730\u5740\u5feb\u901f\u8df3\u8f6c https://<ai_host>/kpanda/clusters/<cluster_name>/helm/charts/addon/baize-agent
\u3002 \u6ce8\u610f\u5c06 <ai_host>
\u66ff\u6362\u4e3a\u5b9e\u9645\u7684 AI \u7b97\u529b\u4e2d\u5fc3\u63a7\u5236\u53f0\u5730\u5740\uff0c<cluster_name>
\u66ff\u6362\u4e3a\u5b9e\u9645\u7684\u96c6\u7fa4\u540d\u79f0\u3002
baize-agent
\u65f6\u672a\u914d\u7f6e\u96c6\u7fa4\u540d\u79f0","text":"\u5728\u5b89\u88c5 baize-agent
\u65f6\uff0c\u9700\u8981\u6ce8\u610f\u914d\u7f6e\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u8fd9\u4e2a\u540d\u79f0\u4f1a\u7528\u4e8e\u53ef\u89c2\u6d4b\u6307\u6807\u91c7\u96c6\uff0c \u9ed8\u8ba4\u4e3a\u7a7a\uff0c\u9700\u624b\u5de5\u914d\u7f6e \u3002
\u5982\u679c\u96c6\u7fa4\u5185\u53ef\u89c2\u6d4b\u7ec4\u4ef6\u5f02\u5e38\uff0c\u53ef\u80fd\u4f1a\u5bfc\u81f4 AI Lab \u65e0\u6cd5\u83b7\u53d6\u96c6\u7fa4\u4fe1\u606f\uff0c\u8bf7\u68c0\u67e5\u5e73\u53f0\u7684\u53ef\u89c2\u6d4b\u670d\u52a1\u662f\u5426\u6b63\u5e38\u8fd0\u884c\u53ca\u914d\u7f6e\u3002
\u5728\u521b\u5efa Notebook\u3001\u8bad\u7ec3\u4efb\u52a1\u6216\u8005\u63a8\u7406\u670d\u52a1\u65f6\uff0c\u5f53\u961f\u5217\u662f\u9996\u6b21\u5728\u8be5\u547d\u540d\u7a7a\u95f4\u4f7f\u7528\u65f6\uff0c\u4f1a\u63d0\u793a\u9700\u8981\u4e00\u952e\u521d\u59cb\u5316\u961f\u5217\uff0c\u4f46\u662f\u521d\u59cb\u5316\u5931\u8d25\u3002
"},{"location":"admin/baize/troubleshoot/local-queue-initialization-failed.html#_3","title":"\u95ee\u9898\u5206\u6790","text":"\u5728 AI Lab \u4e2d\uff0c\u961f\u5217\u7ba1\u7406\u80fd\u529b\u7531 Kueue \u63d0\u4f9b\uff0c \u800c Kueue \u63d0\u4f9b\u4e86 \u4e24\u79cd\u961f\u5217\u7ba1\u7406\u8d44\u6e90\uff1a
\u5728 AI Lab \u4e2d\uff0c\u5982\u679c\u521b\u5efa\u670d\u52a1\u65f6\uff0c\u53d1\u73b0\u6307\u5b9a\u7684\u547d\u540d\u7a7a\u95f4\u4e0d\u5b58\u5728 LocalQueue
\uff0c\u5219\u4f1a\u63d0\u793a\u9700\u8981\u521d\u59cb\u5316\u961f\u5217\u3002
\u5728\u6781\u5c11\u6570\u60c5\u51b5\u4e0b\uff0c\u53ef\u80fd\u7531\u4e8e\u7279\u6b8a\u539f\u56e0\u4f1a\u5bfc\u81f4 LocalQueue
\u521d\u59cb\u5316\u5931\u8d25\u3002
\u68c0\u67e5 Kueue \u662f\u5426\u6b63\u5e38\u8fd0\u884c\uff0c\u5982\u679c kueue-controller-manager
\u672a\u8fd0\u884c\uff0c\u53ef\u4ee5\u901a\u8fc7\u4ee5\u4e0b\u547d\u4ee4\u67e5\u770b\u3002
kubectl get deploy kueue-controller-manager -n baize-sysatem\n
\u5982\u679c kueue-controller-manager
\u672a\u6b63\u5e38\u8fd0\u884c\uff0c\u8bf7\u5148\u4fee\u590d Kueue\u3002
\u5728 AI Lab \u4e2d\uff0c\u7528\u6237\u5728\u521b\u5efa Notebook \u65f6\uff0c\u53d1\u73b0\u9009\u62e9\u7684\u961f\u5217\u5373\u4f7f\u8d44\u6e90\u4e0d\u8db3\uff0cNotebook \u4f9d\u7136\u53ef\u4ee5\u521b\u5efa\u6210\u529f\u3002
"},{"location":"admin/baize/troubleshoot/notebook-not-controlled-by-quotas.html#01-kubernetes","title":"\u95ee\u9898 01: Kubernetes \u7248\u672c\u4e0d\u652f\u6301","text":"\u5206\u6790\uff1a
AI Lab \u4e2d\u7684\u961f\u5217\u7ba1\u7406\u80fd\u529b\u7531 Kueue \u63d0\u4f9b\uff0c Notebook \u670d\u52a1\u662f\u901a\u8fc7 JupyterHub \u63d0\u4f9b\u7684\u3002 JupyterHub \u5bf9 Kubernetes \u7684\u7248\u672c\u8981\u6c42\u8f83\u9ad8\uff0c\u5bf9\u4e8e\u4f4e\u4e8e v1.27 \u7684\u7248\u672c\uff0c\u5373\u4f7f\u5728 AI \u7b97\u529b\u4e2d\u5fc3\u4e2d\u8bbe\u7f6e\u4e86\u961f\u5217\u914d\u989d\uff0c \u7528\u6237\u5728\u521b\u5efa Notebook \u65f6\u4e5f\u9009\u62e9\u4e86\u914d\u989d\uff0c\u4f46 Notebook \u5b9e\u9645\u4e5f\u4e0d\u4f1a\u53d7\u5230\u961f\u5217\u914d\u989d\u7684\u9650\u5236\u3002
\u89e3\u51b3\u529e\u6cd5\uff1a\u63d0\u524d\u89c4\u5212\uff0c\u751f\u4ea7\u73af\u5883\u4e2d\u5efa\u8bae\u4f7f\u7528 Kubernetes \u7248\u672c v1.27
\u4ee5\u4e0a\u3002
\u53c2\u8003\u8d44\u6599\uff1aJupyter Notebook Documentation
\u5206\u6790\uff1a
\u5f53 Kubernetes \u96c6\u7fa4\u7248\u672c \u5927\u4e8e v1.27 \u65f6\uff0cNotebook \u4ecd\u65e0\u6cd5\u53d7\u5230\u961f\u5217\u914d\u989d\u7684\u9650\u5236\u3002
\u8fd9\u662f\u56e0\u4e3a\uff0cKueue \u9700\u8981\u542f\u7528\u5bf9 enablePlainPod
\u652f\u6301\uff0c\u624d\u4f1a\u5bf9 Notebook \u670d\u52a1\u751f\u6548\u3002
\u89e3\u51b3\u529e\u6cd5\uff1a\u5728\u5de5\u4f5c\u96c6\u7fa4\u4e2d\u90e8\u7f72 baize-agent
\u65f6\uff0c\u542f\u7528 Kueue \u5bf9 enablePlainPod
\u7684\u652f\u6301\u3002
\u53c2\u8003\u8d44\u6599\uff1aRun Plain Pods as a Kueue-Managed Job
\u5982\u679c\u60a8\u5fd8\u8bb0\u5bc6\u7801\uff0c\u53ef\u4ee5\u6309\u672c\u9875\u9762\u8bf4\u660e\u91cd\u7f6e\u5bc6\u7801\u3002
"},{"location":"admin/ghippo/password.html#_2","title":"\u91cd\u7f6e\u5bc6\u7801\u6b65\u9aa4","text":"\u7ba1\u7406\u5458\u6700\u521d\u521b\u5efa\u4e00\u4e2a\u7528\u6237\u65f6\uff0c\u4f1a\u4e3a\u5176\u8bbe\u7f6e\u7528\u6237\u540d\u548c\u5bc6\u7801\u3002 \u8be5\u7528\u6237\u767b\u5f55\u540e\uff0c\u5728 \u4e2a\u4eba\u4e2d\u5fc3 \u586b\u5199\u90ae\u7bb1\u5e76\u4fee\u6539\u5bc6\u7801\u3002 \u82e5\u8be5\u7528\u6237\u672a\u8bbe\u7f6e\u90ae\u7bb1\uff0c\u5219\u53ea\u80fd\u8054\u7cfb\u7ba1\u7406\u5458\u8fdb\u884c\u5bc6\u7801\u91cd\u7f6e\u3002
\u5982\u679c\u7528\u6237\u5fd8\u8bb0\u4e86\u5bc6\u7801\uff0c\u53ef\u4ee5\u5728\u767b\u5f55\u754c\u9762\u70b9\u51fb \u5fd8\u8bb0\u5bc6\u7801 \u3002
\u8f93\u5165\u767b\u5f55\u90ae\u7bb1\uff0c\u70b9\u51fb \u63d0\u4ea4 \u3002
\u5728\u90ae\u7bb1\u4e2d\u627e\u5230\u5bc6\u7801\u91cd\u7f6e\u90ae\u4ef6\uff0c\u70b9\u51fb\u4e0b\u65b9\u94fe\u63a5\u8fdb\u884c\u5bc6\u7801\u91cd\u7f6e\uff0c\u94fe\u63a5\u65f6\u6548 5 \u5206\u949f\u3002
\u5728\u624b\u673a\u7b49\u7ec8\u7aef\u8bbe\u5907\u5b89\u88c5\u652f\u6301 2FA \u52a8\u6001\u53e3\u4ee4\u751f\u6210\u7684\u5e94\u7528\uff08\u5982 Google Authenticator\uff09\uff0c\u6309\u7167\u9875\u9762\u63d0\u793a\u914d\u7f6e\u52a8\u6001\u53e3\u4ee4\u4ee5\u6fc0\u6d3b\u8d26\u6237\uff0c\u70b9\u51fb \u63d0\u4ea4 \u3002
\u8bbe\u7f6e\u65b0\u5bc6\u7801\uff0c\u70b9\u51fb \u63d0\u4ea4 \u3002\u8bbe\u7f6e\u65b0\u5bc6\u7801\u7684\u8981\u6c42\u4e0e\u521b\u5efa\u7528\u6237\u65f6\u7684\u5bc6\u7801\u89c4\u5219\u4e00\u81f4\u3002
\u4fee\u6539\u5bc6\u7801\u6210\u529f\uff0c\u76f4\u63a5\u8df3\u8f6c\u9996\u9875\u3002
\u6574\u4e2a\u5bc6\u7801\u91cd\u7f6e\u7684\u6d41\u7a0b\u793a\u610f\u56fe\u5982\u4e0b\u3002
graph TB\n\npass[\u5fd8\u8bb0\u5bc6\u7801] --> usern[\u8f93\u5165\u7528\u6237\u540d]\n--> button[\u70b9\u51fb\u53d1\u9001\u9a8c\u8bc1\u90ae\u4ef6\u7684\u6309\u94ae] --> judge1[\u5224\u65ad\u7528\u6237\u540d\u662f\u5426\u6b63\u786e]\n\n judge1 -.\u6b63\u786e.-> judge2[\u5224\u65ad\u662f\u5426\u7ed1\u5b9a\u90ae\u7bb1]\n judge1 -.\u9519\u8bef.-> tip1[\u63d0\u793a\u7528\u6237\u540d\u4e0d\u6b63\u786e]\n\n judge2 -.\u5df2\u7ed1\u5b9a\u90ae\u7bb1.-> send[\u53d1\u9001\u91cd\u7f6e\u90ae\u4ef6]\n judge2 -.\u672a\u7ed1\u5b9a\u90ae\u7bb1.-> tip2[\u63d0\u793a\u672a\u7ed1\u5b9a\u90ae\u7bb1<br>\u8054\u7cfb\u7ba1\u7406\u5458\u91cd\u7f6e\u5bc6\u7801]\n\nsend --> click[\u70b9\u51fb\u90ae\u4ef6\u4e2d\u7684\u94fe\u63a5] --> config[\u914d\u7f6e\u52a8\u6001\u53e3\u4ee4] --> reset[\u91cd\u7f6e\u5bc6\u7801]\n--> success[\u6210\u529f\u91cd\u7f6e\u5bc6\u7801]\n\nclassDef plain fill:#ddd,stroke:#fff,stroke-width:1px,color:#000;\nclassDef k8s fill:#326ce5,stroke:#fff,stroke-width:1px,color:#fff;\nclassDef cluster fill:#fff,stroke:#bbb,stroke-width:1px,color:#326ce5;\n\nclass pass,usern,button,tip1,send,tip2,send,click,config,reset,success plain;\nclass judge1,judge2 k8s
"},{"location":"admin/ghippo/access-control/custom-role.html","title":"\u81ea\u5b9a\u4e49\u89d2\u8272","text":"\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u652f\u6301\u521b\u5efa\u4e09\u79cd\u8303\u56f4\u7684\u81ea\u5b9a\u4e49\u89d2\u8272\uff1a
\u5e73\u53f0\u89d2\u8272\u662f\u7c97\u7c92\u5ea6\u89d2\u8272\uff0c\u80fd\u591f\u5bf9\u6240\u9009\u6743\u9650\u5185\u7684\u6240\u6709\u8d44\u6e90\u751f\u6548\u3002\u5982\u6388\u6743\u540e\u7528\u6237\u53ef\u4ee5\u62e5\u6709\u6240\u6709\u5de5\u4f5c\u7a7a\u95f4\u7684\u67e5\u770b\u6743\u9650\u3001\u6240\u6709\u96c6\u7fa4\u7684\u7f16\u8f91\u6743\u9650\u7b49\uff0c\u800c\u4e0d\u80fd\u9488\u5bf9\u67d0\u4e2a\u5de5\u4f5c\u7a7a\u95f4\u6216\u67d0\u4e2a\u96c6\u7fa4\u751f\u6548\u3002\u5e73\u53f0\u89d2\u8272\u521b\u5efa\u5b8c\u6210\u540e\u53ef\u4ee5\u5728\u7528\u6237/\u7528\u6237\u7ec4\u5217\u8868\u4e2d\u8fdb\u884c\u6388\u6743\u3002
\u4ece\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u5168\u5c40\u7ba1\u7406 -> \u7528\u6237\u4e0e\u8bbf\u95ee\u63a7\u5236 -> \u89d2\u8272 \uff0c\u70b9\u51fb \u521b\u5efa\u81ea\u5b9a\u4e49\u89d2\u8272 \u3002
\u8f93\u5165\u540d\u79f0\u3001\u63cf\u8ff0\uff0c\u9009\u62e9 \u5e73\u53f0\u89d2\u8272 \uff0c\u52fe\u9009\u89d2\u8272\u6743\u9650\u540e\u70b9\u51fb \u786e\u5b9a \u3002
\u8fd4\u56de\u89d2\u8272\u5217\u8868\uff0c\u641c\u7d22\u521a\u521b\u5efa\u7684\u81ea\u5b9a\u4e49\u89d2\u8272\uff0c\u70b9\u51fb\u53f3\u4fa7\u7684 \u2507 \uff0c\u53ef\u4ee5\u6267\u884c\u590d\u5236\u3001\u7f16\u8f91\u548c\u5220\u9664\u7b49\u64cd\u4f5c\u3002
\u5e73\u53f0\u89d2\u8272\u521b\u5efa\u6210\u529f\u540e\uff0c\u53ef\u4ee5\u53bb\u7528\u6237/\u7528\u6237\u7ec4\u6388\u6743\uff0c\u4e3a\u8fd9\u4e2a\u89d2\u8272\u6dfb\u52a0\u7528\u6237\u548c\u7528\u6237\u7ec4\u3002
\u5de5\u4f5c\u7a7a\u95f4\u89d2\u8272\u662f\u7ec6\u7c92\u5ea6\u89d2\u8272\uff0c\u9488\u5bf9\u67d0\u4e2a\u5de5\u4f5c\u7a7a\u95f4\u751f\u6548\u3002\u5982\u5728\u8be5\u89d2\u8272\u4e2d\u9009\u62e9\u5e94\u7528\u5de5\u4f5c\u53f0\u7684\u5168\u90e8\u6743\u9650\uff0c\u7ed9\u7528\u6237\u5728\u67d0\u4e2a\u5de5\u4f5c\u7a7a\u95f4\u4e0b\u6388\u4e88\u8be5\u89d2\u8272\u540e\uff0c\u8be5\u7528\u6237\u5c06\u4ec5\u80fd\u5728\u8be5\u5de5\u4f5c\u7a7a\u95f4\u4e0b\u4f7f\u7528\u5e94\u7528\u5de5\u4f5c\u53f0\u76f8\u5173\u7684\u529f\u80fd\uff0c\u800c\u65e0\u6cd5\u4f7f\u7528\u5982\u5fae\u670d\u52a1\u5f15\u64ce\u3001\u4e2d\u95f4\u4ef6\u7b49\u5176\u4ed6\u6a21\u5757\u7684\u80fd\u529b\u3002\u5de5\u4f5c\u7a7a\u95f4\u89d2\u8272\u521b\u5efa\u5b8c\u6210\u540e\uff0c\u53ef\u4ee5\u5728\u5de5\u4f5c\u7a7a\u95f4\u4e0e\u5c42\u7ea7\u4e2d\u9009\u62e9\u5de5\u4f5c\u7a7a\u95f4\u540e\u8fdb\u884c\u6388\u6743\u3002
\u4ece\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u5168\u5c40\u7ba1\u7406 -> \u7528\u6237\u4e0e\u8bbf\u95ee\u63a7\u5236 -> \u89d2\u8272 \uff0c\u70b9\u51fb \u521b\u5efa\u81ea\u5b9a\u4e49\u89d2\u8272 \u3002
\u8f93\u5165\u540d\u79f0\u3001\u63cf\u8ff0\uff0c\u9009\u62e9 \u5de5\u4f5c\u7a7a\u95f4\u89d2\u8272 \uff0c\u52fe\u9009\u89d2\u8272\u6743\u9650\u540e\u70b9\u51fb \u786e\u5b9a \u3002
\u8fd4\u56de\u89d2\u8272\u5217\u8868\uff0c\u641c\u7d22\u521a\u521b\u5efa\u7684\u81ea\u5b9a\u4e49\u89d2\u8272\uff0c\u70b9\u51fb\u53f3\u4fa7\u7684 \u2507 \uff0c\u53ef\u4ee5\u6267\u884c\u590d\u5236\u3001\u7f16\u8f91\u548c\u5220\u9664\u7b49\u64cd\u4f5c\u3002
\u5de5\u4f5c\u7a7a\u95f4\u89d2\u8272\u521b\u5efa\u6210\u529f\u540e\uff0c\u53ef\u4ee5\u53bb\u5de5\u4f5c\u7a7a\u95f4\u6388\u6743\uff0c\u8bbe\u5b9a\u8fd9\u4e2a\u89d2\u8272\u53ef\u4ee5\u7ba1\u7406\u54ea\u4e9b\u5de5\u4f5c\u7a7a\u95f4\u3002
\u6587\u4ef6\u5939\u89d2\u8272\u9488\u5bf9\u67d0\u4e2a\u6587\u4ef6\u5939\u548c\u8be5\u6587\u4ef6\u5939\u4e0b\u7684\u6240\u6709\u5b50\u6587\u4ef6\u5939\u53ca\u5de5\u4f5c\u7a7a\u95f4\u751f\u6548\u3002\u5982\u5728\u8be5\u89d2\u8272\u4e2d\u9009\u62e9\u5168\u5c40\u7ba1\u7406-\u5de5\u4f5c\u7a7a\u95f4\u548c\u5e94\u7528\u5de5\u4f5c\u53f0\uff0c\u7ed9\u7528\u6237\u5728\u67d0\u4e2a\u6587\u4ef6\u5939\u4e0b\u6388\u4e88\u8be5\u89d2\u8272\u540e\uff0c\u8be5\u7528\u6237\u5c06\u80fd\u591f\u5728\u5176\u4e0b\u7684\u6240\u6709\u5de5\u4f5c\u7a7a\u95f4\u4e2d\u4f7f\u7528\u5e94\u7528\u5de5\u4f5c\u53f0\u7684\u76f8\u5173\u529f\u80fd\uff0c\u800c\u65e0\u6cd5\u4f7f\u7528\u5982\u5fae\u670d\u52a1\u5f15\u64ce\u3001\u4e2d\u95f4\u4ef6\u7b49\u5176\u4ed6\u6a21\u5757\u7684\u80fd\u529b\u3002\u6587\u4ef6\u5939\u89d2\u8272\u521b\u5efa\u5b8c\u6210\u540e\uff0c\u53ef\u4ee5\u5728\u5de5\u4f5c\u7a7a\u95f4\u4e0e\u5c42\u7ea7\u4e2d\u9009\u62e9\u6587\u4ef6\u5939\u540e\u8fdb\u884c\u6388\u6743\u3002 \u8bf7\u6ce8\u610f\uff1a\u5e94\u7528\u5de5\u4f5c\u53f0\u3001\u591a\u4e91\u7f16\u6392\u3001\u955c\u50cf\u4ed3\u5e93\u3001\u5fae\u670d\u52a1\u5f15\u64ce\u3001\u670d\u52a1\u7f51\u683c\u548c\u4e2d\u95f4\u4ef6\u5747\u4f9d\u8d56\u4e8e\u5de5\u4f5c\u7a7a\u95f4\uff0c\u56e0\u6b64\u5728\u521b\u5efa\u6587\u4ef6\u5939\u89d2\u8272\u65f6\u5927\u90e8\u5206\u573a\u666f\u4e0b\u9700\u8981\u7528\u5230\u5de5\u4f5c\u7a7a\u95f4\uff0c\u8bf7\u6ce8\u610f\u5728\u5168\u5c40\u7ba1\u7406-\u5de5\u4f5c\u7a7a\u95f4\u4e0b\u52fe\u9009\u3002
\u4ece\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u5168\u5c40\u7ba1\u7406 -> \u7528\u6237\u4e0e\u8bbf\u95ee\u63a7\u5236 -> \u89d2\u8272 \uff0c\u70b9\u51fb \u521b\u5efa\u81ea\u5b9a\u4e49\u89d2\u8272 \u3002
\u8f93\u5165\u540d\u79f0\u3001\u63cf\u8ff0\uff0c\u9009\u62e9 \u6587\u4ef6\u5939\u89d2\u8272 \uff0c\u52fe\u9009\u89d2\u8272\u6743\u9650\u540e\u70b9\u51fb \u786e\u5b9a \u3002
\u8fd4\u56de\u89d2\u8272\u5217\u8868\uff0c\u641c\u7d22\u521a\u521b\u5efa\u7684\u81ea\u5b9a\u4e49\u89d2\u8272\uff0c\u70b9\u51fb\u53f3\u4fa7\u7684 \u2507 \uff0c\u53ef\u4ee5\u6267\u884c\u590d\u5236\u3001\u7f16\u8f91\u548c\u5220\u9664\u7b49\u64cd\u4f5c\u3002
\u6587\u4ef6\u5939\u89d2\u8272\u521b\u5efa\u6210\u529f\u540e\uff0c\u53ef\u4ee5\u53bb\u6587\u4ef6\u5939\u6388\u6743\uff0c\u8bbe\u5b9a\u8fd9\u4e2a\u89d2\u8272\u53ef\u4ee5\u7ba1\u7406\u54ea\u4e9b\u6587\u4ef6\u5939\u3002
\u5f53\u4e24\u4e2a\u6216\u4e24\u4e2a\u4ee5\u4e0a\u5e73\u53f0\u76f8\u4e92\u5bf9\u63a5\u6216\u5d4c\u5165\u65f6\uff0c\u901a\u5e38\u9700\u8981\u8fdb\u884c\u7528\u6237\u4f53\u7cfb\u6253\u901a\u3002 \u5728\u7528\u6237\u6253\u901a\u8fc7\u7a0b\u4e2d\uff0c \u63a5\u5165\u7ba1\u7406 \u4e3b\u8981\u63d0\u4f9b SSO \u63a5\u5165\u80fd\u529b\uff0c\u5f53\u60a8\u9700\u8981\u5c06\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4f5c\u4e3a\u7528\u6237\u6e90\u63a5\u5165\u5ba2\u6237\u7cfb\u7edf\u65f6\uff0c \u60a8\u53ef\u4ee5\u901a\u8fc7 \u63a5\u5165\u7ba1\u7406 \u521b\u5efa SSO \u63a5\u5165\u6765\u5b9e\u73b0\u3002
"},{"location":"admin/ghippo/access-control/docking.html#sso","title":"\u521b\u5efa SSO \u63a5\u5165","text":"\u524d\u63d0\uff1a\u62e5\u6709\u5e73\u53f0\u7ba1\u7406\u5458 Admin \u6743\u9650\u6216\u8005\u7528\u6237\u4e0e\u8bbf\u95ee\u63a7\u5236\u7ba1\u7406\u5458 IAM Owner \u6743\u9650\u3002
\u7ba1\u7406\u5458\u8fdb\u5165 \u7528\u6237\u4e0e\u8bbf\u95ee\u63a7\u5236 \uff0c\u9009\u62e9 \u63a5\u5165\u7ba1\u7406 \uff0c\u8fdb\u5165\u63a5\u5165\u7ba1\u7406\u5217\u8868\uff0c\u70b9\u51fb\u53f3\u4e0a\u65b9\u7684 \u521b\u5efa SSO \u63a5\u5165 \u3002
\u5728 \u521b\u5efa SSO \u63a5\u5165 \u9875\u9762\u586b\u5199\u5ba2\u6237\u7aef ID\u3002
\u521b\u5efa SSO \u63a5\u5165\u6210\u529f\u540e\uff0c\u5728 \u63a5\u5165\u7ba1\u7406 \u7ba1\u7406\u5217\u8868\uff0c\u70b9\u51fb\u521a\u521b\u5efa\u7684\u5ba2\u6237\u7aef ID \u8fdb\u5165\u8be6\u60c5\uff0c \u590d\u5236\u5ba2\u6237\u7aef ID\u3001\u5bc6\u94a5\u548c\u5355\u70b9\u767b\u5f55 URL \u4fe1\u606f\uff0c\u586b\u5199\u81f3\u5ba2\u6237\u7cfb\u7edf\u5b8c\u6210\u7528\u6237\u4f53\u7cfb\u6253\u901a\u3002
Note
realm \u540d\u79f0\u4e3a ghippo\u3002
\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u63d0\u4f9b\u4e86\u9884\u7f6e\u7684\u7cfb\u7edf\u89d2\u8272\uff0c\u5e2e\u52a9\u7528\u6237\u7b80\u5316\u89d2\u8272\u6743\u9650\u7684\u4f7f\u7528\u6b65\u9aa4\u3002
Note
\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u63d0\u4f9b\u4e86\u4e09\u79cd\u7c7b\u578b\u7684\u7cfb\u7edf\u89d2\u8272\uff0c\u5206\u522b\u4e3a\u5e73\u53f0\u89d2\u8272\u3001\u5de5\u4f5c\u7a7a\u95f4\u89d2\u8272\u548c\u6587\u4ef6\u5939\u89d2\u8272\u3002
- \u5e73\u53f0\u89d2\u8272\uff1a\u5bf9\u5e73\u53f0\u4e0a\u6240\u6709\u76f8\u5173\u8d44\u6e90\u5177\u6709\u76f8\u5e94\u6743\u9650\uff0c\u8bf7\u524d\u5f80\u7528\u6237/\u7528\u6237\u7ec4\u6388\u6743\u3002\n- \u5de5\u4f5c\u7a7a\u95f4\u89d2\u8272\uff1a\u5bf9\u67d0\u4e2a\u5de5\u4f5c\u7a7a\u95f4\u5177\u6709\u76f8\u5e94\u6743\u9650\uff0c\u8bf7\u524d\u5f80\u5177\u4f53\u5de5\u4f5c\u7a7a\u95f4\u6388\u6743\u3002\n- \u6587\u4ef6\u5939\u89d2\u8272\uff1a\u5bf9\u67d0\u4e2a\u6587\u4ef6\u5939\u3001\u5b50\u6587\u4ef6\u5939\u53ca\u5176\u5de5\u4f5c\u7a7a\u95f4\u4e0b\u7684\u8d44\u6e90\u5177\u6709\u76f8\u5e94\u6743\u9650\uff0c\u8bf7\u524d\u5f80\u5177\u4f53\u6587\u4ef6\u5939\u6388\u6743\u3002\n
"},{"location":"admin/ghippo/access-control/global.html#_3","title":"\u5e73\u53f0\u89d2\u8272","text":"\u5728\u7528\u6237\u4e0e\u8bbf\u95ee\u63a7\u5236\u4e2d\u9884\u5b9a\u4e49\u4e86 5 \u4e2a\u7cfb\u7edf\u89d2\u8272\uff0c\u5206\u522b\u662f\uff1aAdmin\u3001IAM Owner\u3001Audit Owner\u3001 Kpanda Owner \u548c Workspace and Folder Owner \u3002\u8fd9 5 \u4e2a\u89d2\u8272\u7531\u7cfb\u7edf\u521b\u5efa\uff0c\u7528\u6237\u53ea\u80fd\u4f7f\u7528\u4e0d\u80fd\u4fee\u6539\u3002\u89d2\u8272\u5bf9\u5e94\u7684\u6743\u9650\u5982\u4e0b\uff1a
\u89d2\u8272\u540d\u79f0 \u89d2\u8272\u7c7b\u578b \u6240\u5c5e\u6a21\u5757 \u89d2\u8272\u6743\u9650 Admin \u7cfb\u7edf\u89d2\u8272 \u5168\u90e8 \u5e73\u53f0\u7ba1\u7406\u5458\uff0c\u7ba1\u7406\u6240\u6709\u5e73\u53f0\u8d44\u6e90\uff0c\u4ee3\u8868\u5e73\u53f0\u7684\u6700\u9ad8\u6743\u9650 IAM Owner \u7cfb\u7edf\u89d2\u8272 \u7528\u6237\u4e0e\u8bbf\u95ee\u63a7\u5236 \u7528\u6237\u4e0e\u8bbf\u95ee\u63a7\u5236\u7684\u7ba1\u7406\u5458\uff0c\u62e5\u6709\u8be5\u670d\u52a1\u4e0b\u7684\u6240\u6709\u6743\u9650\uff0c\u5982\u7ba1\u7406\u7528\u6237/\u7528\u6237\u7ec4\u53ca\u6388\u6743 Audit Owner \u7cfb\u7edf\u89d2\u8272 \u5ba1\u8ba1\u65e5\u5fd7 \u5ba1\u8ba1\u65e5\u5fd7\u7684\u7ba1\u7406\u5458\uff0c\u62e5\u6709\u8be5\u670d\u52a1\u4e0b\u7684\u6240\u6709\u6743\u9650\uff0c\u5982\u8bbe\u7f6e\u5ba1\u8ba1\u65e5\u5fd7\u7b56\u7565\uff0c\u5bfc\u51fa\u5ba1\u8ba1\u65e5\u5fd7 Kpanda Owner \u7cfb\u7edf\u89d2\u8272 \u5bb9\u5668\u7ba1\u7406 \u5bb9\u5668\u7ba1\u7406\u7684\u7ba1\u7406\u5458\uff0c\u62e5\u6709\u8be5\u670d\u52a1\u4e0b\u7684\u6240\u6709\u6743\u9650\uff0c\u5982\u521b\u5efa/\u63a5\u5165\u96c6\u7fa4\uff0c\u90e8\u7f72\u5e94\u7528\uff0c\u7ed9\u7528\u6237/\u7528\u6237\u7ec4\u6388\u4e88\u96c6\u7fa4/\u547d\u540d\u7a7a\u95f4\u76f8\u5173\u7684\u6743\u9650 Workspace and Folder Owner \u7cfb\u7edf\u89d2\u8272 \u5de5\u4f5c\u7a7a\u95f4\u4e0e\u5c42\u7ea7 \u5de5\u4f5c\u7a7a\u95f4\u4e0e\u5c42\u7ea7\u7ba1\u7406\u5458\uff0c\u62e5\u6709\u8be5\u670d\u52a1\u4e0b\u7684\u6240\u6709\u6743\u9650\uff0c\u5982\u521b\u5efa\u6587\u4ef6\u5939/\u5de5\u4f5c\u7a7a\u95f4\uff0c\u7ed9\u7528\u6237/\u7528\u6237\u7ec4\u6388\u6743\u6587\u4ef6\u5939/\u5de5\u4f5c\u7a7a\u95f4\u7684\u76f8\u5173\u6743\u9650\uff0c\u5728\u5de5\u4f5c\u7a7a\u95f4\u4e0b\u4f7f\u7528\u5e94\u7528\u5de5\u4f5c\u53f0\u3001\u5fae\u670d\u52a1\u5f15\u64ce\u7b49\u529f\u80fd"},{"location":"admin/ghippo/access-control/global.html#_4","title":"\u5de5\u4f5c\u7a7a\u95f4\u89d2\u8272","text":"\u5728\u7528\u6237\u4e0e\u8bbf\u95ee\u63a7\u5236\u4e2d\u9884\u5b9a\u4e49\u4e86 3 \u4e2a\u7cfb\u7edf\u89d2\u8272\uff0c\u5206\u522b\u662f\uff1aWorkspace Admin\u3001Workspace Editor\u3001Workspace Viewer\u3002\u8fd9 3 \u4e2a\u89d2\u8272\u7531\u7cfb\u7edf\u521b\u5efa\uff0c\u7528\u6237\u53ea\u80fd\u4f7f\u7528\u4e0d\u80fd\u4fee\u6539\u3002\u89d2\u8272\u5bf9\u5e94\u7684\u6743\u9650\u5982\u4e0b\uff1a
\u89d2\u8272\u540d\u79f0 \u89d2\u8272\u7c7b\u578b \u6240\u5c5e\u6a21\u5757 \u89d2\u8272\u6743\u9650 Workspace Admin \u7cfb\u7edf\u89d2\u8272 \u5de5\u4f5c\u7a7a\u95f4 \u5de5\u4f5c\u7a7a\u95f4\u7684\u7ba1\u7406\u6743\u9650 Workspace Editor \u7cfb\u7edf\u89d2\u8272 \u5de5\u4f5c\u7a7a\u95f4 \u5de5\u4f5c\u7a7a\u95f4\u7684\u7f16\u8f91\u6743\u9650 Workspace Viewer \u7cfb\u7edf\u89d2\u8272 \u5de5\u4f5c\u7a7a\u95f4 \u5de5\u4f5c\u7a7a\u95f4\u7684\u53ea\u8bfb\u6743\u9650"},{"location":"admin/ghippo/access-control/global.html#_5","title":"\u6587\u4ef6\u5939\u89d2\u8272","text":"\u5728\u7528\u6237\u4e0e\u8bbf\u95ee\u63a7\u5236\u4e2d\u9884\u5b9a\u4e49\u4e86 3 \u4e2a\u7cfb\u7edf\u89d2\u8272\uff0c\u5206\u522b\u662f\uff1aFolder Admin\u3001Folder Editor\u3001Folder Viewer\u3002\u8fd9 3 \u4e2a\u89d2\u8272\u7531\u7cfb\u7edf\u521b\u5efa\uff0c\u7528\u6237\u53ea\u80fd\u4f7f\u7528\u4e0d\u80fd\u4fee\u6539\u3002\u89d2\u8272\u5bf9\u5e94\u7684\u6743\u9650\u5982\u4e0b\uff1a
\u89d2\u8272\u540d\u79f0 \u89d2\u8272\u7c7b\u578b \u6240\u5c5e\u6a21\u5757 \u89d2\u8272\u6743\u9650 Folder Admin \u7cfb\u7edf\u89d2\u8272 \u5de5\u4f5c\u7a7a\u95f4 \u6587\u4ef6\u5939\u53ca\u5176\u4e0b\u5b50\u6587\u4ef6\u5939\u3001\u5de5\u4f5c\u7a7a\u95f4\u7684\u7ba1\u7406\u6743\u9650 Folder Editor \u7cfb\u7edf\u89d2\u8272 \u5de5\u4f5c\u7a7a\u95f4 \u6587\u4ef6\u5939\u53ca\u5176\u4e0b\u5b50\u6587\u4ef6\u5939\u3001\u5de5\u4f5c\u7a7a\u95f4\u7684\u7f16\u8f91\u6743\u9650 Folder Viewer \u7cfb\u7edf\u89d2\u8272 \u5de5\u4f5c\u7a7a\u95f4 \u6587\u4ef6\u5939\u53ca\u5176\u4e0b\u5b50\u6587\u4ef6\u5939\u3001\u5de5\u4f5c\u7a7a\u95f4\u7684\u53ea\u8bfb\u6743\u9650"},{"location":"admin/ghippo/access-control/group.html","title":"\u7528\u6237\u7ec4","text":"\u7528\u6237\u7ec4\u662f\u7528\u6237\u7684\u96c6\u5408\uff0c\u7528\u6237\u53ef\u4ee5\u901a\u8fc7\u52a0\u5165\u7528\u6237\u7ec4\uff0c\u7ee7\u627f\u7528\u6237\u7ec4\u7684\u89d2\u8272\u6743\u9650\u3002\u901a\u8fc7\u7528\u6237\u7ec4\u6279\u91cf\u5730\u7ed9\u7528\u6237\u8fdb\u884c\u6388\u6743\uff0c\u53ef\u4ee5\u66f4\u597d\u5730\u7ba1\u7406\u7528\u6237\u53ca\u5176\u6743\u9650\u3002
"},{"location":"admin/ghippo/access-control/group.html#_2","title":"\u9002\u7528\u573a\u666f","text":"\u5f53\u7528\u6237\u6743\u9650\u53d1\u751f\u53d8\u5316\u65f6\uff0c\u53ea\u9700\u5c06\u5176\u79fb\u5230\u76f8\u5e94\u7684\u7528\u6237\u7ec4\u4e0b\uff0c\u4e0d\u4f1a\u5bf9\u5176\u4ed6\u7528\u6237\u4ea7\u751f\u5f71\u54cd\u3002
\u5f53\u7528\u6237\u7ec4\u7684\u6743\u9650\u53d1\u751f\u53d8\u5316\u65f6\uff0c\u53ea\u9700\u4fee\u6539\u7528\u6237\u7ec4\u7684\u89d2\u8272\u6743\u9650\uff0c\u5373\u53ef\u5e94\u7528\u5230\u7ec4\u5185\u7684\u6240\u6709\u7528\u6237\u3002
"},{"location":"admin/ghippo/access-control/group.html#_3","title":"\u521b\u5efa\u7528\u6237\u7ec4","text":"\u524d\u63d0\uff1a\u62e5\u6709\u5e73\u53f0\u7ba1\u7406\u5458 Admin \u6743\u9650\u6216\u8005\u7528\u6237\u4e0e\u8bbf\u95ee\u63a7\u5236\u7ba1\u7406\u5458 IAM Owner \u6743\u9650\u3002
\u7ba1\u7406\u5458\u8fdb\u5165 \u7528\u6237\u4e0e\u8bbf\u95ee\u63a7\u5236 \uff0c\u9009\u62e9 \u7528\u6237\u7ec4 \uff0c\u8fdb\u5165\u7528\u6237\u7ec4\u5217\u8868\uff0c\u70b9\u51fb\u53f3\u4e0a\u65b9\u7684 \u521b\u5efa\u7528\u6237\u7ec4 \u3002
\u5728 \u521b\u5efa\u7528\u6237\u7ec4 \u9875\u9762\u586b\u5199\u7528\u6237\u7ec4\u4fe1\u606f\u3002
\u70b9\u51fb \u786e\u5b9a \uff0c\u521b\u5efa\u7528\u6237\u7ec4\u6210\u529f\uff0c\u8fd4\u56de\u7528\u6237\u7ec4\u5217\u8868\u9875\u9762\u3002\u5217\u8868\u4e2d\u7684\u7b2c\u4e00\u884c\u662f\u65b0\u521b\u5efa\u7684\u7528\u6237\u7ec4\u3002
\u524d\u63d0\uff1a\u8be5\u7528\u6237\u7ec4\u5df2\u5b58\u5728\u3002
\u7ba1\u7406\u5458\u8fdb\u5165 \u7528\u6237\u4e0e\u8bbf\u95ee\u63a7\u5236 \uff0c\u9009\u62e9 \u7528\u6237\u7ec4 \uff0c\u8fdb\u5165\u7528\u6237\u7ec4\u5217\u8868\uff0c\u70b9\u51fb ... -> \u6388\u6743 \u3002
\u5728 \u6388\u6743 \u9875\u9762\u52fe\u9009\u9700\u8981\u7684\u89d2\u8272\u6743\u9650\uff08\u53ef\u591a\u9009\uff09\u3002
\u70b9\u51fb \u786e\u5b9a \u5b8c\u6210\u4e3a\u7528\u6237\u7ec4\u7684\u6388\u6743\u3002\u81ea\u52a8\u8fd4\u56de\u7528\u6237\u7ec4\u5217\u8868\uff0c\u70b9\u51fb\u67d0\u4e2a\u7528\u6237\u7ec4\uff0c\u53ef\u4ee5\u67e5\u770b\u7528\u6237\u7ec4\u88ab\u6388\u4e88\u7684\u6743\u9650\u3002
\u7ba1\u7406\u5458\u8fdb\u5165 \u7528\u6237\u4e0e\u8bbf\u95ee\u63a7\u5236 \uff0c\u9009\u62e9 \u7528\u6237\u7ec4 \u8fdb\u5165\u7528\u6237\u7ec4\u5217\u8868\uff0c\u5728\u67d0\u4e2a\u7528\u6237\u7ec4\u53f3\u4fa7\uff0c\u70b9\u51fb ... -> \u6dfb\u52a0\u7528\u6237 \u3002
\u5728 \u6dfb\u52a0\u7528\u6237 \u9875\u9762\u70b9\u9009\u9700\u8981\u6dfb\u52a0\u7684\u7528\u6237\uff08\u53ef\u591a\u9009\uff09\u3002\u82e5\u6ca1\u6709\u53ef\u9009\u7684\u7528\u6237\uff0c\u70b9\u51fb \u524d\u5f80\u521b\u5efa\u65b0\u7528\u6237 \uff0c\u5148\u524d\u5f80\u521b\u5efa\u7528\u6237\uff0c\u518d\u8fd4\u56de\u8be5\u9875\u9762\u70b9\u51fb \u5237\u65b0 \u6309\u94ae\uff0c\u663e\u793a\u521a\u521b\u5efa\u7684\u7528\u6237\u3002
\u70b9\u51fb \u786e\u5b9a \u5b8c\u6210\u7ed9\u7528\u6237\u7ec4\u6dfb\u52a0\u7528\u6237\u3002
Note
\u7528\u6237\u7ec4\u4e2d\u7684\u7528\u6237\u4f1a\u7ee7\u627f\u7528\u6237\u7ec4\u7684\u6743\u9650\uff1b\u53ef\u4ee5\u5728\u7528\u6237\u7ec4\u8be6\u60c5\u4e2d\u67e5\u770b\u52a0\u5165\u8be5\u7ec4\u7684\u7528\u6237\u3002
"},{"location":"admin/ghippo/access-control/group.html#_6","title":"\u5220\u9664\u7528\u6237\u7ec4","text":"\u8bf4\u660e\uff1a\u5220\u9664\u7528\u6237\u7ec4\uff0c\u4e0d\u4f1a\u5220\u9664\u7ec4\u5185\u7684\u7528\u6237\uff0c\u4f46\u7ec4\u5185\u7528\u6237\u5c06\u65e0\u6cd5\u518d\u7ee7\u627f\u8be5\u7ec4\u7684\u6743\u9650
\u7ba1\u7406\u5458\u8fdb\u5165 \u7528\u6237\u4e0e\u8bbf\u95ee\u63a7\u5236 \uff0c\u9009\u62e9 \u7528\u6237\u7ec4 \u8fdb\u5165\u7528\u6237\u7ec4\u5217\u8868\uff0c\u5728\u67d0\u4e2a\u7528\u6237\u7ec4\u53f3\u4fa7\uff0c\u70b9\u51fb ... -> \u5220\u9664 \u3002
\u70b9\u51fb \u79fb\u9664 \u5220\u9664\u7528\u6237\u7ec4\u3002
\u8fd4\u56de\u7528\u6237\u7ec4\u5217\u8868\uff0c\u5c4f\u5e55\u4e0a\u65b9\u5c06\u63d0\u793a\u5220\u9664\u6210\u529f\u3002
Note
\u8bf4\u660e\uff1a\u5220\u9664\u7528\u6237\u7ec4\uff0c\u4e0d\u4f1a\u5220\u9664\u7ec4\u5185\u7684\u7528\u6237\uff0c\u4f46\u7ec4\u5185\u7528\u6237\u5c06\u65e0\u6cd5\u518d\u7ee7\u627f\u8be5\u7ec4\u7684\u6743\u9650\u3002
"},{"location":"admin/ghippo/access-control/iam.html","title":"\u4ec0\u4e48\u662f\u7528\u6237\u4e0e\u8bbf\u95ee\u63a7\u5236","text":"IAM\uff08Identity and Access Management\uff0c\u7528\u6237\u4e0e\u8bbf\u95ee\u63a7\u5236\uff09\u662f\u5168\u5c40\u7ba1\u7406\u7684\u4e00\u4e2a\u91cd\u8981\u6a21\u5757\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7\u7528\u6237\u4e0e\u8bbf\u95ee\u63a7\u5236\u6a21\u5757\u521b\u5efa\u3001\u7ba1\u7406\u548c\u9500\u6bc1\u7528\u6237\uff08\u7528\u6237\u7ec4\uff09\uff0c\u5e76\u4f7f\u7528\u7cfb\u7edf\u89d2\u8272\u548c\u81ea\u5b9a\u4e49\u89d2\u8272\u63a7\u5236\u5176\u4ed6\u7528\u6237\u4f7f\u7528\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u7684\u6743\u9650\u3002
"},{"location":"admin/ghippo/access-control/iam.html#_2","title":"\u4f18\u52bf","text":"\u7b80\u6d01\u6d41\u7545
\u4f01\u4e1a\u5185\u90e8\u7684\u7ed3\u6784\u548c\u89d2\u8272\u53ef\u80fd\u975e\u5e38\u590d\u6742\uff0c\u9879\u76ee\u3001\u5de5\u4f5c\u5c0f\u7ec4\u53ca\u6388\u6743\u7684\u7ba1\u7406\u90fd\u5728\u4e0d\u65ad\u5730\u53d8\u5316\u3002\u7528\u6237\u4e0e\u8bbf\u95ee\u63a7\u5236\u91c7\u7528\u6e05\u6670\u6574\u6d01\u7684\u9875\u9762\uff0c\u6253\u901a\u7528\u6237\u3001\u7528\u6237\u7ec4\u3001\u89d2\u8272\u4e4b\u95f4\u7684\u6388\u6743\u5173\u7cfb\uff0c\u4ee5\u6700\u77ed\u94fe\u8def\u5b9e\u73b0\u5bf9\u7528\u6237\uff08\u7528\u6237\u7ec4\uff09\u7684\u6388\u6743\u3002
\u9002\u5f53\u7684\u89d2\u8272
\u7528\u6237\u4e0e\u8bbf\u95ee\u63a7\u5236\u4e3a\u6bcf\u4e2a\u5b50\u6a21\u5757\u9884\u5b9a\u4e49\u4e86\u4e00\u4e2a\u7ba1\u7406\u5458\u89d2\u8272\uff0c\u65e0\u9700\u7528\u6237\u7ef4\u62a4\uff0c\u60a8\u53ef\u4ee5\u76f4\u63a5\u5c06\u5e73\u53f0\u9884\u5b9a\u4e49\u7684\u7cfb\u7edf\u89d2\u8272\u6388\u6743\u7ed9\u7528\u6237\uff0c\u5b9e\u73b0\u5e73\u53f0\u7684\u6a21\u5757\u5316\u7ba1\u7406\uff08\u7ec6\u7c92\u5ea6\u6743\u9650\u8bf7\u53c2\u9605\u6743\u9650\u7ba1\u7406\u3002
\u4f01\u4e1a\u7ea7\u8bbf\u95ee\u63a7\u5236
\u5f53\u60a8\u5e0c\u671b\u672c\u4f01\u4e1a\u5458\u5de5\u53ef\u4ee5\u4f7f\u7528\u4f01\u4e1a\u5185\u90e8\u7684\u8ba4\u8bc1\u7cfb\u7edf\u767b\u5f55\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\uff0c\u800c\u4e0d\u9700\u8981\u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u521b\u5efa\u5bf9\u5e94\u7684\u7528\u6237\uff0c\u60a8\u53ef\u4ee5\u4f7f\u7528\u7528\u6237\u4e0e\u8bbf\u95ee\u63a7\u5236\u7684\u8eab\u4efd\u63d0\u4f9b\u5546\u529f\u80fd\uff0c\u5efa\u7acb\u60a8\u6240\u5728\u4f01\u4e1a\u4e0e\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u7684\u4fe1\u4efb\u5173\u7cfb\uff0c\u901a\u8fc7\u8054\u5408\u8ba4\u8bc1\u4f7f\u5458\u5de5\u4f7f\u7528\u4f01\u4e1a\u5df2\u6709\u8d26\u53f7\u76f4\u63a5\u767b\u5f55\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\uff0c\u5b9e\u73b0\u5355\u70b9\u767b\u5f55\u3002
\u6709\u5173\u8bbf\u95ee\u63a7\u5236\u7684\u5e38\u89c4\u6d41\u7a0b\u4e3a\uff1a
graph TD\n login[\u767b\u5f55] --> user[\u521b\u5efa\u7528\u6237]\n user --> auth[\u4e3a\u7528\u6237\u6388\u6743]\n auth --> group[\u521b\u5efa\u7528\u6237\u7ec4]\n group --> role[\u521b\u5efa\u81ea\u5b9a\u4e49\u89d2\u8272]\n role --> id[\u521b\u5efa\u8eab\u4efd\u63d0\u4f9b\u5546]\n\n classDef plain fill:#ddd,stroke:#fff,stroke-width:4px,color:#000;\n classDef k8s fill:#326ce5,stroke:#fff,stroke-width:4px,color:#fff;\n classDef cluster fill:#fff,stroke:#bbb,stroke-width:1px,color:#326ce5;\n class login,user,auth,group,role,id cluster;
"},{"location":"admin/ghippo/access-control/idprovider.html","title":"\u8eab\u4efd\u63d0\u4f9b\u5546","text":"\u5168\u5c40\u7ba1\u7406\u652f\u6301\u57fa\u4e8e LDAP \u548c OIDC \u534f\u8bae\u7684\u5355\u70b9\u767b\u5f55\uff0c\u5982\u679c\u60a8\u7684\u4f01\u4e1a\u6216\u7ec4\u7ec7\u5df2\u6709\u81ea\u5df1\u7684\u8d26\u53f7\u4f53\u7cfb\uff0c\u540c\u65f6\u5e0c\u671b\u7ba1\u7406\u7ec4\u7ec7\u5185\u7684\u6210\u5458\u4f7f\u7528\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u8d44\u6e90\uff0c\u60a8\u53ef\u4ee5\u4f7f\u7528\u5168\u5c40\u7ba1\u7406\u63d0\u4f9b\u7684\u8eab\u4efd\u63d0\u4f9b\u5546\u529f\u80fd\uff0c\u800c\u4e0d\u5fc5\u5728\u60a8\u7684\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4e2d\u4e3a\u6bcf\u4e00\u4f4d\u7ec4\u7ec7\u6210\u5458\u521b\u5efa\u7528\u6237\u540d/\u5bc6\u7801\u3002\u60a8\u53ef\u4ee5\u5411\u8fd9\u4e9b\u5916\u90e8\u7528\u6237\u8eab\u4efd\u6388\u4e88\u4f7f\u7528\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u8d44\u6e90\u7684\u6743\u9650\u3002
"},{"location":"admin/ghippo/access-control/idprovider.html#_2","title":"\u57fa\u672c\u6982\u5ff5","text":"\u8eab\u4efd\u63d0\u4f9b\u5546\uff08Identity Provider\uff0c\u7b80\u79f0 IdP\uff09
\u8d1f\u8d23\u6536\u96c6\u548c\u5b58\u50a8\u7528\u6237\u8eab\u4efd\u4fe1\u606f\u3001\u7528\u6237\u540d\u3001\u5bc6\u7801\u7b49\uff0c\u5728\u7528\u6237\u767b\u5f55\u65f6\u8d1f\u8d23\u8ba4\u8bc1\u7528\u6237\u7684\u670d\u52a1\u3002\u5728\u4f01\u4e1a\u4e0e\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u8fdb\u884c\u8eab\u4efd\u8ba4\u8bc1\u7684\u8fc7\u7a0b\u4e2d\uff0c\u8eab\u4efd\u63d0\u4f9b\u5546\u6307\u4f01\u4e1a\u81ea\u8eab\u7684\u8eab\u4efd\u63d0\u4f9b\u5546\u3002
\u670d\u52a1\u63d0\u4f9b\u5546\uff08Service Provider\uff0c\u7b80\u79f0 SP\uff09
\u670d\u52a1\u63d0\u4f9b\u5546\u901a\u8fc7\u4e0e\u8eab\u4efd\u63d0\u4f9b\u5546 IdP \u5efa\u7acb\u4fe1\u4efb\u5173\u7cfb\uff0c\u4f7f\u7528 IDP \u63d0\u4f9b\u7684\u7528\u6237\u4fe1\u606f\uff0c\u4e3a\u7528\u6237\u63d0\u4f9b\u5177\u4f53\u7684\u670d\u52a1\u3002\u5728\u4f01\u4e1a\u4e0e\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u8fdb\u884c\u8eab\u4efd\u8ba4\u8bc1\u7684\u8fc7\u7a0b\u4e2d\uff0c\u670d\u52a1\u63d0\u4f9b\u5546\u6307 \u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u3002
LDAP
LDAP \u6307\u8f7b\u578b\u76ee\u5f55\u8bbf\u95ee\u534f\u8bae\uff08Lightweight Directory Access Protocol\uff09\uff0c\u5e38\u7528\u4e8e\u5355\u70b9\u767b\u5f55\uff0c\u5373\u7528\u6237\u53ef\u4ee5\u5728\u591a\u4e2a\u670d\u52a1\u4e2d\u4f7f\u7528\u4e00\u4e2a\u8d26\u53f7\u5bc6\u7801\u8fdb\u884c\u767b\u5f55\u3002\u5168\u5c40\u7ba1\u7406\u652f\u6301 LDAP \u8fdb\u884c\u8eab\u4efd\u8ba4\u8bc1\uff0c\u56e0\u6b64\u4e0e\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u901a\u8fc7 LDAP \u534f\u8bae\u5efa\u7acb\u8eab\u4efd\u8ba4\u8bc1\u7684\u4f01\u4e1a IdP \u5fc5\u987b\u652f\u6301 LDAP \u534f\u8bae\u3002\u5173\u4e8e LDAP \u7684\u8be6\u7ec6\u63cf\u8ff0\u8bf7\u53c2\u89c1\uff1a\u6b22\u8fce\u4f7f\u7528 LDAP\u3002
OIDC
OIDC \u662f OpenID Connect \u7684\u7b80\u79f0\uff0c\u662f\u4e00\u4e2a\u57fa\u4e8e OAuth 2.0 \u534f\u8bae\u7684\u8eab\u4efd\u8ba4\u8bc1\u6807\u51c6\u534f\u8bae\u3002\u5168\u5c40\u7ba1\u7406\u652f\u6301\u4f7f\u7528 OIDC \u534f\u8bae\u8fdb\u884c\u8eab\u4efd\u8ba4\u8bc1\uff0c\u56e0\u6b64\u4e0e\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u901a\u8fc7 OIDC \u534f\u8bae\u5efa\u7acb\u8eab\u4efd\u8ba4\u8bc1\u7684\u4f01\u4e1a IdP \u5fc5\u987b\u652f\u6301 OIDC \u534f\u8bae\u3002\u5173\u4e8e OIDC \u7684\u8be6\u7ec6\u63cf\u8ff0\u8bf7\u53c2\u89c1\uff1a\u6b22\u8fce\u4f7f\u7528 OpenID Connect\u3002
OAuth 2.0
OAuth 2.0 \u662f Open Authorization 2.0 \u7684\u7b80\u79f0\uff0c\u662f\u4e00\u79cd\u5f00\u653e\u6388\u6743\u534f\u8bae\uff0c\u6388\u6743\u6846\u67b6\u652f\u6301\u7b2c\u4e09\u65b9\u5e94\u7528\u7a0b\u5e8f\u4ee5\u81ea\u5df1\u7684\u540d\u4e49\u83b7\u53d6\u8bbf\u95ee\u6743\u9650\u3002
\u7ba1\u7406\u5458\u65e0\u9700\u91cd\u65b0\u521b\u5efa\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u7528\u6237
\u4f7f\u7528\u8eab\u4efd\u63d0\u4f9b\u5546\u8fdb\u884c\u8eab\u4efd\u8ba4\u8bc1\u524d\uff0c\u7ba1\u7406\u5458\u9700\u8981\u5728\u4f01\u4e1a\u7ba1\u7406\u7cfb\u7edf\u548c\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4e2d\u5206\u522b\u4e3a\u7528\u6237\u521b\u5efa\u8d26\u53f7\uff1b\u4f7f\u7528\u8eab\u4efd\u63d0\u4f9b\u5546\u8fdb\u884c\u8eab\u4efd\u8ba4\u8bc1\u540e\uff0c\u4f01\u4e1a\u7ba1\u7406\u5458\u53ea\u9700\u8981\u5728\u4f01\u4e1a\u7ba1\u7406\u7cfb\u7edf\u4e2d\u4e3a\u7528\u6237\u521b\u5efa\u8d26\u53f7\uff0c\u7528\u6237\u5373\u53ef\u540c\u65f6\u8bbf\u95ee\u4e24\u4e2a\u7cfb\u7edf\uff0c\u964d\u4f4e\u4e86\u4eba\u5458\u7ba1\u7406\u6210\u672c\u3002
\u7528\u6237\u65e0\u9700\u8bb0\u4f4f\u4e24\u5957\u5e73\u53f0\u8d26\u53f7
\u4f7f\u7528\u8eab\u4efd\u63d0\u4f9b\u5546\u8fdb\u884c\u8eab\u4efd\u8ba4\u8bc1\u524d\uff0c\u7528\u6237\u8bbf\u95ee\u4f01\u4e1a\u7ba1\u7406\u7cfb\u7edf\u548c\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u9700\u8981\u4f7f\u7528\u4e24\u4e2a\u7cfb\u7edf\u7684\u8d26\u53f7\u767b\u5f55\uff1b\u4f7f\u7528\u8eab\u4efd\u63d0\u4f9b\u5546\u8fdb\u884c\u8eab\u4efd\u8ba4\u8bc1\u540e\uff0c\u7528\u6237\u5728\u672c\u4f01\u4e1a\u7ba1\u7406\u7cfb\u7edf\u4e2d\u767b\u5f55\u5373\u53ef\u8bbf\u95ee\u4e24\u4e2a\u7cfb\u7edf\u3002
LDAP \u82f1\u6587\u5168\u79f0\u4e3a Lightweight Directory Access Protocol\uff0c\u5373\u8f7b\u578b\u76ee\u5f55\u8bbf\u95ee\u534f\u8bae\uff0c\u8fd9\u662f\u4e00\u4e2a\u5f00\u653e\u7684\u3001\u4e2d\u7acb\u7684\u5de5\u4e1a\u6807\u51c6\u5e94\u7528\u534f\u8bae\uff0c \u901a\u8fc7 IP \u534f\u8bae\u63d0\u4f9b\u8bbf\u95ee\u63a7\u5236\u548c\u7ef4\u62a4\u5206\u5e03\u5f0f\u4fe1\u606f\u7684\u76ee\u5f55\u4fe1\u606f\u3002
\u5982\u679c\u60a8\u7684\u4f01\u4e1a\u6216\u7ec4\u7ec7\u5df2\u6709\u81ea\u5df1\u7684\u8d26\u53f7\u4f53\u7cfb\uff0c\u540c\u65f6\u60a8\u7684\u4f01\u4e1a\u7528\u6237\u7ba1\u7406\u7cfb\u7edf\u652f\u6301 LDAP \u534f\u8bae\uff0c\u5c31\u53ef\u4ee5\u4f7f\u7528\u5168\u5c40\u7ba1\u7406\u63d0\u4f9b\u7684\u57fa\u4e8e LDAP \u534f\u8bae\u7684\u8eab\u4efd\u63d0\u4f9b\u5546\u529f\u80fd\uff0c\u800c\u4e0d\u5fc5\u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4e2d\u4e3a\u6bcf\u4e00\u4f4d\u7ec4\u7ec7\u6210\u5458\u521b\u5efa\u7528\u6237\u540d/\u5bc6\u7801\u3002 \u60a8\u53ef\u4ee5\u5411\u8fd9\u4e9b\u5916\u90e8\u7528\u6237\u8eab\u4efd\u6388\u4e88\u4f7f\u7528\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u8d44\u6e90\u7684\u6743\u9650\u3002
\u5728\u5168\u5c40\u7ba1\u7406\u4e2d\uff0c\u5176\u64cd\u4f5c\u6b65\u9aa4\u5982\u4e0b\uff1a
\u4f7f\u7528\u5177\u6709 admin \u89d2\u8272\u7684\u7528\u6237\u767b\u5f55 AI \u7b97\u529b\u5e73\u53f0\u3002\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u5de6\u4e0b\u89d2\u7684 \u5168\u5c40\u7ba1\u7406 -> \u7528\u6237\u4e0e\u8bbf\u95ee\u63a7\u5236 \u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u8eab\u4efd\u63d0\u4f9b\u5546 \uff0c\u70b9\u51fb \u521b\u5efa\u8eab\u4efd\u63d0\u4f9b\u5546 \u6309\u94ae\u3002
\u5728 LDAP \u9875\u7b7e\u4e2d\uff0c\u586b\u5199\u4ee5\u4e0b\u5b57\u6bb5\u540e\u70b9\u51fb \u4fdd\u5b58 \uff0c\u5efa\u7acb\u4e0e\u8eab\u4efd\u63d0\u4f9b\u5546\u7684\u4fe1\u4efb\u5173\u7cfb\u53ca\u7528\u6237\u7684\u6620\u5c04\u5173\u7cfb\u3002
\u5b57\u6bb5 \u63cf\u8ff0 \u7c7b\u578b\uff08Vendor\uff09 \u652f\u6301 LDAP (Lightweight Directory Access Protocol) \u548c AD (Active Directory) \u8eab\u4efd\u63d0\u4f9b\u5546\u540d\u79f0\uff08UI display name\uff09 \u7528\u4e8e\u533a\u5206\u4e0d\u540c\u7684\u8eab\u4efd\u63d0\u4f9b\u5546 \u670d\u52a1\u5668\uff08Connection URL\uff09 LDAP \u670d\u52a1\u7684\u5730\u5740\u548c\u7aef\u53e3\u53f7\uff0c\u5982 ldap://10.6.165.2:30061 \u7528\u6237\u540d\u79f0\uff08Bind DN\uff09 LDAP \u7ba1\u7406\u5458\u7684 DN\uff0cKeycloak \u5c06\u4f7f\u7528\u8be5 DN \u6765\u8bbf\u95ee LDAP \u670d\u52a1\u5668 \u5bc6\u7801\uff08Bind credentials\uff09 LDAP \u7ba1\u7406\u5458\u7684\u5bc6\u7801\u3002\u8be5\u5b57\u6bb5\u53ef\u4ee5\u4ece vault \u4e2d\u83b7\u53d6\u5176\u503c\uff0c\u4f7f\u7528 ${vault.ID} \u683c\u5f0f\u3002 \u7528\u6237 DN\uff08Users DN\uff09 \u60a8\u7684\u7528\u6237\u6240\u5728\u7684 LDAP \u6811\u7684\u5b8c\u6574 DN\u3002\u6b64 DN \u662f LDAP \u7528\u6237\u7684\u7236\u7ea7\u3002\u4f8b\u5982\uff0c\u5047\u8bbe\u60a8\u7684\u5178\u578b\u7528\u6237\u7684 DN \u7c7b\u4f3c\u4e8e\u201cuid='john',ou=users,dc=example,dc=com\u201d\uff0c\u5219\u53ef\u4ee5\u662f\u201cou=users,dc=example,dc=com\u201d\u3002 \u7528\u6237\u5bf9\u8c61\u7c7b\uff08User object classes\uff09 LDAP \u4e2d\u7528\u6237\u7684 LDAP objectClass \u5c5e\u6027\u7684\u6240\u6709\u503c\uff0c\u4ee5\u9017\u53f7\u5206\u9694\u3002\u4f8b\u5982\uff1a\u201cinetOrgPerson\uff0corganizationalPerson\u201d\u3002\u65b0\u521b\u5efa\u7684 Keycloak \u7528\u6237\u5c06\u4e0e\u6240\u6709\u8fd9\u4e9b\u5bf9\u8c61\u7c7b\u4e00\u8d77\u5199\u5165 L\u200b\u200bDAP\uff0c\u5e76\u4e14\u53ea\u8981\u73b0\u6709 LDAP \u7528\u6237\u8bb0\u5f55\u5305\u542b\u6240\u6709\u8fd9\u4e9b\u5bf9\u8c61\u7c7b\uff0c\u5c31\u4f1a\u627e\u5230\u5b83\u4eec\u3002 \u662f\u5426\u542f\u7528TLS\uff08Enable StartTLS\uff09 \u542f\u7528\u540e\u5c06\u52a0\u5bc6\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4e0e LDAP \u7684\u8fde\u63a5 \u9884\u8bbe\u6743\u9650\uff08Default permission\uff09 \u540c\u6b65\u540e\u7684\u7528\u6237/\u7528\u6237\u7ec4\u9ed8\u8ba4\u6ca1\u6709\u4efb\u4f55\u6743\u9650 \u5168\u540d\u6620\u5c04\uff08First/Last name mapping\uff09 \u5bf9\u5e94 First name \u548c Last Name \u7528\u6237\u540d\u6620\u5c04\uff08User name mapping\uff09 \u7528\u6237\u552f\u4e00\u7684\u7528\u6237\u540d \u90ae\u7bb1\u6620\u5c04\uff08Mailbox mapping\uff09 \u7528\u6237\u7684\u90ae\u7bb1\u9ad8\u7ea7\u914d\u7f6e
\u5b57\u6bb5 \u63cf\u8ff0 \u662f\u5426\u542f\u7528\uff08Enable or not\uff09 \u9ed8\u8ba4\u542f\u7528\uff0c\u5173\u95ed\u540e\u8be5 LDAP \u914d\u7f6e\u4e0d\u751f\u6548 \u81ea\u52a8\u540c\u6b65\u7528\u6237\uff08Periodic full sync\uff09 \u9ed8\u8ba4\u4e0d\u542f\u7528\uff0c\u542f\u7528\u540e\u53ef\u914d\u7f6e\u540c\u6b65\u5468\u671f\uff0c\u5982\u6bcf\u5c0f\u65f6\u540c\u6b65\u4e00\u6b21 \u6570\u636e\u540c\u6b65\u6a21\u5f0f\uff08Edit mode\uff09 \u53ea\u8bfb\u6a21\u5f0f\u4e0d\u4f1a\u4fee\u6539 LDAP \u7684\u6e90\u6570\u636e\uff1b\u5199\u5165\u6a21\u5f0f\u5728\u5e73\u53f0\u7f16\u8f91\u7528\u6237\u4fe1\u606f\u540e\uff0c\u6570\u636e\u5c06\u540c\u6b65\u56deLDAP \u8bfb\u53d6\u8d85\u65f6\uff08Read timeout\uff09 \u5f53LDAP\u6570\u636e\u91cf\u8f83\u5927\u65f6\uff0c\u8c03\u6574\u8be5\u6570\u503c\u53ef\u4ee5\u6709\u6548\u907f\u514d\u63a5\u53e3\u8d85\u65f6 \u7528\u6237\u5bf9\u8c61\u8fc7\u6ee4\u5668\uff08User LDAP filter\uff09 \u7528\u4e8e\u8fc7\u6ee4\u641c\u7d22\u7528\u6237\u7684\u9644\u52a0 LDAP \u8fc7\u6ee4\u5668\u3002\u5982\u679c\u60a8\u4e0d\u9700\u8981\u989d\u5916\u7684\u8fc7\u6ee4\u5668\uff0c\u8bf7\u5c06\u5176\u7559\u7a7a\u3002\u786e\u4fdd\u5b83\u4ee5\u201c(\u201d\u5f00\u5934\uff0c\u5e76\u4ee5\u201c)\u201d\u7ed3\u5c3e\u3002 \u7528\u6237\u540d\u5c5e\u6027\uff08Username LDAP attribute\uff09 LDAP \u5c5e\u6027\u7684\u540d\u79f0\uff0c\u6620\u5c04\u4e3a Keycloak \u7528\u6237\u540d\u3002\u5bf9\u4e8e\u8bb8\u591a LDAP \u670d\u52a1\u5668\u4f9b\u5e94\u5546\u6765\u8bf4\uff0c\u5b83\u53ef\u4ee5\u662f\u201cuid\u201d\u3002\u5bf9\u4e8e Active Directory\uff0c\u5b83\u53ef\u4ee5\u662f\u201csAMAccountName\u201d\u6216\u201ccn\u201d\u3002\u5e94\u4e3a\u60a8\u60f3\u8981\u4ece LDAP \u5bfc\u5165\u5230 Keycloak \u7684\u6240\u6709 LDAP \u7528\u6237\u8bb0\u5f55\u586b\u5199\u8be5\u5c5e\u6027\u3002 RDN\u5c5e\u6027\uff08RDN LDAP attribute\uff09 LDAP \u5c5e\u6027\u540d\u79f0\uff0c\u4f5c\u4e3a\u5178\u578b\u7528\u6237DN\u7684RDN\uff08\u9876\u7ea7\u5c5e\u6027\uff09\u3002\u901a\u5e38\u5b83\u4e0e\u7528\u6237\u540d LDAP \u5c5e\u6027\u76f8\u540c\uff0c\u4f46\u8fd9\u4e0d\u662f\u5fc5\u9700\u7684\u3002\u4f8b\u5982\uff0c\u5bf9\u4e8e Active Directory\uff0c\u5f53\u7528\u6237\u540d\u5c5e\u6027\u53ef\u80fd\u662f\u201csAMAccountName\u201d\u65f6\uff0c\u901a\u5e38\u4f7f\u7528\u201ccn\u201d\u4f5c\u4e3a RDN \u5c5e\u6027\u3002 UUID\u5c5e\u6027\uff08UUID LDAP attribute\uff09 LDAP \u5c5e\u6027\u7684\u540d\u79f0\uff0c\u7528\u4f5c LDAP \u4e2d\u5bf9\u8c61\u7684\u552f\u4e00\u5bf9\u8c61\u6807\u8bc6\u7b26 (UUID)\u3002\u5bf9\u4e8e\u8bb8\u591a LDAP \u670d\u52a1\u5668\u4f9b\u5e94\u5546\u6765\u8bf4\uff0c\u5b83\u662f\u201centryUUID\u201d\uff1b\u7136\u800c\u6709\u4e9b\u662f\u4e0d\u540c\u7684\u3002\u4f8b\u5982\uff0c\u5bf9\u4e8e Active Directory\uff0c\u5b83\u5e94\u8be5\u662f\u201cobjectGUID\u201d\u3002\u5982\u679c\u60a8\u7684 LDAP \u670d\u52a1\u5668\u4e0d\u652f\u6301 UUID \u6982\u5ff5\uff0c\u60a8\u53ef\u4ee5\u4f7f\u7528\u5728\u6811\u4e2d\u7684 LDAP \u7528\u6237\u4e4b\u95f4\u5e94\u8be5\u552f\u4e00\u7684\u4efb\u4f55\u5176\u4ed6\u5c5e\u6027\u3002\u4f8b\u5982\u201cuid\u201d\u6216\u201centryDN\u201d\u3002\u5728 \u540c\u6b65\u7528\u6237\u7ec4 \u9875\u7b7e\u4e2d\uff0c\u586b\u5199\u4ee5\u4e0b\u5b57\u6bb5\u914d\u7f6e\u7528\u6237\u7ec4\u7684\u6620\u5c04\u5173\u7cfb\u540e\uff0c\u518d\u6b21\u70b9\u51fb \u4fdd\u5b58 \u3002
\u5b57\u6bb5 \u63cf\u8ff0 \u4e3e\u4f8b\u503c \u57fa\u51c6 DN \u7528\u6237\u7ec4\u5728 LDAP \u6811\u72b6\u7ed3\u6784\u4e2d\u7684\u4f4d\u7f6e ou=groups,dc=example,dc=org \u7528\u6237\u7ec4\u5bf9\u8c61\u8fc7\u6ee4\u5668 \u7528\u6237\u7ec4\u7684\u5bf9\u8c61\u7c7b\uff0c\u5982\u679c\u9700\u8981\u66f4\u591a\u7c7b\uff0c\u5219\u7528\u9017\u53f7\u5206\u9694\u3002\u5728\u5178\u578b\u7684 LDAP \u90e8\u7f72\u4e2d\uff0c\u901a\u5e38\u662f \u201cgroupOfNames\u201d\uff0c\u7cfb\u7edf\u5df2\u81ea\u52a8\u586b\u5165\uff0c\u5982\u9700\u66f4\u6539\u8bf7\u76f4\u63a5\u7f16\u8f91\u3002* \u8868\u793a\u6240\u6709\u3002 * \u7528\u6237\u7ec4\u540d cn \u4e0d\u53ef\u66f4\u6539Note
\u5982\u679c\u60a8\u7684\u4f01\u4e1a\u6216\u7ec4\u7ec7\u4e2d\u7684\u6210\u5458\u5747\u7ba1\u7406\u5728\u4f01\u4e1a\u5fae\u4fe1\u4e2d\uff0c\u60a8\u53ef\u4ee5\u4f7f\u7528\u5168\u5c40\u7ba1\u7406\u63d0\u4f9b\u7684\u57fa\u4e8e OAuth 2.0 \u534f\u8bae\u7684\u8eab\u4efd\u63d0\u4f9b\u5546\u529f\u80fd\uff0c \u800c\u4e0d\u5fc5\u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4e2d\u4e3a\u6bcf\u4e00\u4f4d\u7ec4\u7ec7\u6210\u5458\u521b\u5efa\u7528\u6237\u540d/\u5bc6\u7801\u3002 \u60a8\u53ef\u4ee5\u5411\u8fd9\u4e9b\u5916\u90e8\u7528\u6237\u8eab\u4efd\u6388\u4e88\u4f7f\u7528\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u8d44\u6e90\u7684\u6743\u9650\u3002
"},{"location":"admin/ghippo/access-control/oauth2.0.html#_1","title":"\u64cd\u4f5c\u6b65\u9aa4","text":"\u4f7f\u7528\u5177\u6709 Admin \u89d2\u8272\u7684\u7528\u6237\u767b\u5f55 AI \u7b97\u529b\u5e73\u53f0\u3002\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u5e95\u90e8\u7684 \u5168\u5c40\u7ba1\u7406 -> \u7528\u6237\u4e0e\u8bbf\u95ee\u63a7\u5236 \u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u9009\u62e9 \u8eab\u4efd\u63d0\u4f9b\u5546 \uff0c\u70b9\u51fb OAuth2.0 \u9875\u7b7e\u3002\u586b\u5199\u8868\u5355\u5b57\u6bb5\uff0c\u5efa\u7acb\u4e0e\u4f01\u4e1a\u5fae\u4fe1\u7684\u4fe1\u4efb\u5173\u7cfb\u540e\uff0c\u70b9\u51fb \u4fdd\u5b58 \u3002
Note
\u5bf9\u63a5\u524d\u9700\u8981\u5728\u4f01\u4e1a\u5fae\u4fe1\u7ba1\u7406\u540e\u53f0\u4e2d\u521b\u5efa\u81ea\u5efa\u5e94\u7528\uff0c\u53c2\u9605\u5982\u4f55\u521b\u5efa\u81ea\u5efa\u5e94\u7528\u94fe\u63a5\u3002
\u5b57\u6bb5 \u63cf\u8ff0 \u4f01\u4e1a ID \u4f01\u4e1a\u5fae\u4fe1\u7684 ID Agent ID \u81ea\u5efa\u5e94\u7528\u7684 ID ClientSecret \u81ea\u5efa\u5e94\u7528\u7684 Secret\u4f01\u4e1a\u5fae\u4fe1 ID\uff1a
Agent ID \u548c ClientSecret\uff1a
"},{"location":"admin/ghippo/access-control/oidc.html","title":"\u521b\u5efa\u548c\u7ba1\u7406 OIDC","text":"OIDC\uff08OpenID Connect\uff09\u662f\u5efa\u7acb\u5728 OAuth 2.0 \u57fa\u7840\u4e0a\u7684\u4e00\u4e2a\u8eab\u4efd\u5c42\uff0c\u662f\u57fa\u4e8e OAuth2 \u534f\u8bae\u7684\u8eab\u4efd\u8ba4\u8bc1\u6807\u51c6\u534f\u8bae\u3002
\u5982\u679c\u60a8\u7684\u4f01\u4e1a\u6216\u7ec4\u7ec7\u5df2\u6709\u81ea\u5df1\u7684\u8d26\u53f7\u4f53\u7cfb\uff0c\u540c\u65f6\u60a8\u7684\u4f01\u4e1a\u7528\u6237\u7ba1\u7406\u7cfb\u7edf\u652f\u6301 OIDC \u534f\u8bae\uff0c \u53ef\u4ee5\u4f7f\u7528\u5168\u5c40\u7ba1\u7406\u63d0\u4f9b\u7684\u57fa\u4e8e OIDC \u534f\u8bae\u7684\u8eab\u4efd\u63d0\u4f9b\u5546\u529f\u80fd\uff0c\u800c\u4e0d\u5fc5\u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4e2d\u4e3a\u6bcf\u4e00\u4f4d\u7ec4\u7ec7\u6210\u5458\u521b\u5efa\u7528\u6237\u540d/\u5bc6\u7801\u3002 \u60a8\u53ef\u4ee5\u5411\u8fd9\u4e9b\u5916\u90e8\u7528\u6237\u8eab\u4efd\u6388\u4e88\u4f7f\u7528\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u8d44\u6e90\u7684\u6743\u9650\u3002
\u5177\u4f53\u64cd\u4f5c\u6b65\u9aa4\u5982\u4e0b\u3002
\u4f7f\u7528\u5177\u6709 admin \u89d2\u8272\u7684\u7528\u6237\u767b\u5f55 AI \u7b97\u529b\u5e73\u53f0\u3002\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u5e95\u90e8\u7684 \u5168\u5c40\u7ba1\u7406 -> \u7528\u6237\u4e0e\u8bbf\u95ee\u63a7\u5236 \u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u9009\u62e9 \u8eab\u4efd\u63d0\u4f9b\u5546 \uff0c\u70b9\u51fb OIDC \u9875\u7b7e -> \u521b\u5efa\u8eab\u4efd\u63d0\u4f9b\u5546 \u6309\u94ae\u3002
\u586b\u5199\u8868\u5355\u5b57\u6bb5\uff0c\u5efa\u7acb\u4e0e\u8eab\u4efd\u63d0\u4f9b\u5546\u7684\u4fe1\u4efb\u5173\u7cfb\u540e\uff0c\u70b9\u51fb \u786e\u5b9a \u3002
\u5b57\u6bb5 \u63cf\u8ff0 \u63d0\u4f9b\u5546\u540d\u79f0 \u663e\u793a\u5728\u767b\u5f55\u9875\u4e0a\uff0c\u662f\u8eab\u4efd\u63d0\u4f9b\u5546\u7684\u5165\u53e3 \u8ba4\u8bc1\u65b9\u5f0f \u5ba2\u6237\u7aef\u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5\u3002\u5982\u679c JWT \u4f7f\u7528\u79c1\u94a5\u7b7e\u540d\uff0c\u8bf7\u4e0b\u62c9\u9009\u62e9 JWT signed with private key \u3002\u5177\u4f53\u53c2\u9605 Client Authentication\u3002 \u5ba2\u6237\u7aef ID \u5ba2\u6237\u7aef\u7684 ID \u5ba2\u6237\u7aef\u5bc6\u94a5 \u5ba2\u6237\u7aef\u5bc6\u7801 \u5ba2\u6237\u7aef URL \u53ef\u901a\u8fc7\u8eab\u4efd\u63d0\u4f9b\u5546 well-known \u63a5\u53e3\u4e00\u952e\u83b7\u53d6\u767b\u5f55 URL\u3001Token URL\u3001\u7528\u6237\u4fe1\u606f URL \u548c\u767b\u51fa URL \u81ea\u52a8\u5173\u8054 \u5f00\u542f\u540e\u5f53\u8eab\u4efd\u63d0\u4f9b\u5546\u7528\u6237\u540d/\u90ae\u7bb1\u4e0e\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u7528\u6237\u540d/\u90ae\u7bb1\u91cd\u590d\u65f6\u5c06\u81ea\u52a8\u4f7f\u4e8c\u8005\u5173\u8054Note
\u7528\u6237\u8eab\u4efd\u8ba4\u8bc1\u7684\u4ea4\u4e92\u6d41\u7a0b\u4e3a\uff1a
\u4e00\u4e2a\u89d2\u8272\u5bf9\u5e94\u4e00\u7ec4\u6743\u9650\u3002\u6743\u9650\u51b3\u5b9a\u4e86\u53ef\u4ee5\u5bf9\u8d44\u6e90\u6267\u884c\u7684\u64cd\u4f5c\u3002\u5411\u7528\u6237\u6388\u4e88\u67d0\u89d2\u8272\uff0c\u5373\u6388\u4e88\u8be5\u89d2\u8272\u6240\u5305\u542b\u7684\u6240\u6709\u6743\u9650\u3002
\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u5b58\u5728\u4e09\u79cd\u89d2\u8272\u8303\u56f4\uff0c\u80fd\u591f\u7075\u6d3b\u3001\u6709\u6548\u5730\u89e3\u51b3\u60a8\u5728\u6743\u9650\u4e0a\u7684\u4f7f\u7528\u95ee\u9898\uff1a
\u5e73\u53f0\u89d2\u8272\u662f\u7c97\u7c92\u5ea6\u6743\u9650\uff0c\u5bf9\u5e73\u53f0\u4e0a\u6240\u6709\u76f8\u5173\u8d44\u6e90\u5177\u6709\u76f8\u5e94\u6743\u9650\u3002\u901a\u8fc7\u5e73\u53f0\u89d2\u8272\u53ef\u4ee5\u8d4b\u4e88\u7528\u6237\u5bf9\u6240\u6709\u96c6\u7fa4\u3001\u6240\u6709\u5de5\u4f5c\u7a7a\u95f4\u7b49\u7684\u589e\u5220\u6539\u67e5\u6743\u9650\uff0c \u800c\u4e0d\u80fd\u5177\u4f53\u5230\u67d0\u4e00\u4e2a\u96c6\u7fa4\u6216\u67d0\u4e00\u4e2a\u5de5\u4f5c\u7a7a\u95f4\u3002\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u63d0\u4f9b\u4e86 5 \u4e2a\u9884\u7f6e\u7684\u3001\u7528\u6237\u53ef\u76f4\u63a5\u4f7f\u7528\u7684\u5e73\u53f0\u89d2\u8272\uff1a
\u540c\u65f6\uff0c\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u8fd8\u652f\u6301\u7528\u6237\u521b\u5efa\u81ea\u5b9a\u4e49\u5e73\u53f0\u89d2\u8272\uff0c\u53ef\u6839\u636e\u9700\u8981\u81ea\u5b9a\u4e49\u89d2\u8272\u5185\u5bb9\u3002 \u5982\u521b\u5efa\u4e00\u4e2a\u5e73\u53f0\u89d2\u8272\uff0c\u5305\u542b\u5e94\u7528\u5de5\u4f5c\u53f0\u7684\u6240\u6709\u529f\u80fd\u6743\u9650\uff0c\u7531\u4e8e\u5e94\u7528\u5de5\u4f5c\u53f0\u4f9d\u8d56\u4e8e\u5de5\u4f5c\u7a7a\u95f4\uff0c \u56e0\u6b64\u5e73\u53f0\u4f1a\u5e2e\u52a9\u7528\u6237\u9ed8\u8ba4\u52fe\u9009\u5de5\u4f5c\u7a7a\u95f4\u7684\u67e5\u770b\u6743\u9650\uff0c\u8bf7\u4e0d\u8981\u624b\u52a8\u53d6\u6d88\u52fe\u9009\u3002 \u82e5\u7528\u6237 A \u88ab\u6388\u4e88\u8be5 Workbench\uff08\u5e94\u7528\u5de5\u4f5c\u53f0\uff09\u89d2\u8272\uff0c\u5c06\u81ea\u52a8\u62e5\u6709\u6240\u6709\u5de5\u4f5c\u7a7a\u95f4\u4e0b\u7684\u5e94\u7528\u5de5\u4f5c\u53f0\u76f8\u5173\u529f\u80fd\u7684\u589e\u5220\u6539\u67e5\u7b49\u6743\u9650\u3002
"},{"location":"admin/ghippo/access-control/role.html#_3","title":"\u5e73\u53f0\u89d2\u8272\u6388\u6743\u65b9\u5f0f","text":"\u7ed9\u5e73\u53f0\u89d2\u8272\u6388\u6743\u5171\u6709\u4e09\u79cd\u65b9\u5f0f\uff1a
\u5728 \u5168\u5c40\u7ba1\u7406 -> \u7528\u6237\u4e0e\u8bbf\u95ee\u63a7\u5236 -> \u7528\u6237 \u7684\u7528\u6237\u5217\u8868\u4e2d\uff0c\u627e\u5230\u8be5\u7528\u6237\uff0c\u70b9\u51fb ... \uff0c\u9009\u62e9 \u6388\u6743 \uff0c\u4e3a\u8be5\u7528\u6237\u8d4b\u4e88\u5e73\u53f0\u89d2\u8272\u6743\u9650\u3002
\u5728 \u5168\u5c40\u7ba1\u7406 -> \u7528\u6237\u4e0e\u8bbf\u95ee\u63a7\u5236 -> \u7528\u6237\u7ec4 \u7684\u7528\u6237\u7ec4\u5217\u8868\u4e2d\u521b\u5efa\u7528\u6237\u7ec4\uff0c\u5c06\u8be5\u7528\u6237\u52a0\u5165\u7528\u6237\u7ec4\uff0c\u5e76\u7ed9\u7528\u6237\u7ec4\u6388\u6743 \uff08\u5177\u4f53\u64cd\u4f5c\u4e3a\uff1a\u5728\u7528\u6237\u7ec4\u5217\u8868\u627e\u5230\u8be5\u7528\u6237\u7ec4\uff0c\u70b9\u51fb ... \uff0c\u9009\u62e9 \u6388\u6743 \uff0c\u4e3a\u8be5\u7528\u6237\u7ec4\u8d4b\u4e88\u5e73\u53f0\u89d2\u8272\uff09\u3002
\u5728 \u5168\u5c40\u7ba1\u7406 -> \u7528\u6237\u4e0e\u8bbf\u95ee\u63a7\u5236 -> \u89d2\u8272 \u7684\u89d2\u8272\u5217\u8868\u4e2d\uff0c\u627e\u5230\u76f8\u5e94\u7684\u5e73\u53f0\u89d2\u8272\uff0c \u70b9\u51fb\u89d2\u8272\u540d\u79f0\u8fdb\u5165\u8be6\u60c5\uff0c\u70b9\u51fb \u5173\u8054\u6210\u5458 \u6309\u94ae\uff0c\u9009\u4e2d\u8be5\u7528\u6237\u6216\u7528\u6237\u6240\u5728\u7684\u7528\u6237\u7ec4\uff0c\u70b9\u51fb \u786e\u5b9a \u3002
\u5de5\u4f5c\u7a7a\u95f4\u89d2\u8272\u662f\u7ec6\u7c92\u5ea6\u89d2\u8272\uff0c\u901a\u8fc7\u5de5\u4f5c\u7a7a\u95f4\u89d2\u8272\u53ef\u4ee5\u8d4b\u4e88\u7528\u6237\u67d0\u4e2a\u5de5\u4f5c\u7a7a\u95f4\u7684\u7ba1\u7406\u6743\u9650\u3001\u67e5\u770b\u6743\u9650\u6216\u8be5\u5de5\u4f5c\u7a7a\u95f4\u5e94\u7528\u5de5\u4f5c\u53f0\u76f8\u5173\u7684\u6743\u9650\u7b49\u3002 \u83b7\u5f97\u8be5\u89d2\u8272\u6743\u9650\u7684\u7528\u6237\u53ea\u80fd\u7ba1\u7406\u8be5\u5de5\u4f5c\u7a7a\u95f4\uff0c\u800c\u65e0\u6cd5\u8bbf\u95ee\u5176\u4ed6\u5de5\u4f5c\u7a7a\u95f4\u3002\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u63d0\u4f9b\u4e86 3 \u4e2a\u9884\u7f6e\u7684\u3001\u7528\u6237\u53ef\u76f4\u63a5\u4f7f\u7528\u7684\u5de5\u4f5c\u7a7a\u95f4\u89d2\u8272\uff1a
\u540c\u65f6\uff0c\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u8fd8\u652f\u6301\u7528\u6237\u521b\u5efa\u81ea\u5b9a\u4e49\u5de5\u4f5c\u7a7a\u95f4\u89d2\u8272\uff0c\u53ef\u6839\u636e\u9700\u8981\u81ea\u5b9a\u4e49\u89d2\u8272\u5185\u5bb9\u3002\u5982\u521b\u5efa\u4e00\u4e2a\u5de5\u4f5c\u7a7a\u95f4\u89d2\u8272\uff0c \u5305\u542b\u5e94\u7528\u5de5\u4f5c\u53f0\u7684\u6240\u6709\u529f\u80fd\u6743\u9650\uff0c\u7531\u4e8e\u5e94\u7528\u5de5\u4f5c\u53f0\u4f9d\u8d56\u4e8e\u5de5\u4f5c\u7a7a\u95f4\uff0c\u56e0\u6b64\u5e73\u53f0\u4f1a\u5e2e\u52a9\u7528\u6237\u9ed8\u8ba4\u52fe\u9009\u5de5\u4f5c\u7a7a\u95f4\u7684\u67e5\u770b\u6743\u9650\uff0c \u8bf7\u4e0d\u8981\u624b\u52a8\u53d6\u6d88\u52fe\u9009\u3002\u82e5\u7528\u6237 A \u5728\u5de5\u4f5c\u7a7a\u95f4 01 \u4e2d\u88ab\u6388\u4e88\u8be5\u89d2\u8272\uff0c\u5c06\u62e5\u6709\u5de5\u4f5c\u7a7a\u95f4 01 \u4e0b\u7684\u5e94\u7528\u5de5\u4f5c\u53f0\u76f8\u5173\u529f\u80fd\u7684\u589e\u5220\u6539\u67e5\u6743\u9650\u3002
Note
\u4e0e\u5e73\u53f0\u89d2\u8272\u4e0d\u540c\uff0c\u5de5\u4f5c\u7a7a\u95f4\u89d2\u8272\u88ab\u521b\u5efa\u540e\u9700\u8981\u524d\u5f80\u5de5\u4f5c\u7a7a\u95f4\u4f7f\u7528\uff0c\u88ab\u6388\u6743\u540e\u7528\u6237\u4ec5\u5728\u8be5\u5de5\u4f5c\u7a7a\u95f4\u4e0b\u62e5\u6709\u8be5\u89d2\u8272\u4e2d\u7684\u529f\u80fd\u6743\u9650\u3002
"},{"location":"admin/ghippo/access-control/role.html#_5","title":"\u5de5\u4f5c\u7a7a\u95f4\u89d2\u8272\u6388\u6743\u65b9\u5f0f","text":"\u5728 \u5168\u5c40\u7ba1\u7406 -> \u5de5\u4f5c\u7a7a\u95f4\u4e0e\u5c42\u7ea7 \u5217\u8868\u4e2d\uff0c\u627e\u5230\u8be5\u5de5\u4f5c\u7a7a\u95f4\uff0c\u70b9\u51fb \u6dfb\u52a0\u6388\u6743 \uff0c\u4e3a\u8be5\u7528\u6237\u8d4b\u4e88\u5de5\u4f5c\u7a7a\u95f4\u89d2\u8272\u6743\u9650\u3002
"},{"location":"admin/ghippo/access-control/role.html#_6","title":"\u6587\u4ef6\u5939\u89d2\u8272","text":"\u6587\u4ef6\u5939\u89d2\u8272\u7684\u6743\u9650\u7c92\u5ea6\u4ecb\u4e8e\u5e73\u53f0\u89d2\u8272\u4e0e\u5de5\u4f5c\u7a7a\u95f4\u89d2\u8272\u4e4b\u95f4\uff0c\u901a\u8fc7\u6587\u4ef6\u5939\u89d2\u8272\u53ef\u4ee5\u8d4b\u4e88\u7528\u6237\u67d0\u4e2a\u6587\u4ef6\u5939\u53ca\u5176\u5b50\u6587\u4ef6\u5939\u548c\u8be5\u6587\u4ef6\u5939\u4e0b\u6240\u6709\u5de5\u4f5c\u7a7a\u95f4\u7684\u7ba1\u7406\u6743\u9650\u3001\u67e5\u770b\u6743\u9650\u7b49\uff0c \u5e38\u9002\u7528\u4e8e\u4f01\u4e1a\u4e2d\u7684\u90e8\u95e8\u573a\u666f\u3002\u6bd4\u5982\u7528\u6237 B \u662f\u4e00\u7ea7\u90e8\u95e8\u7684 Leader\uff0c\u901a\u5e38\u7528\u6237 B \u80fd\u591f\u7ba1\u7406\u8be5\u4e00\u7ea7\u90e8\u95e8\u3001\u5176\u4e0b\u7684\u6240\u6709\u4e8c\u7ea7\u90e8\u95e8\u548c\u90e8\u95e8\u4e2d\u7684\u9879\u76ee\u7b49\uff0c \u5728\u6b64\u573a\u666f\u4e2d\u7ed9\u7528\u6237 B \u6388\u4e88\u4e00\u7ea7\u6587\u4ef6\u5939\u7684\u7ba1\u7406\u5458\u6743\u9650\uff0c\u7528\u6237 B \u4e5f\u5c06\u62e5\u6709\u5176\u4e0b\u7684\u4e8c\u7ea7\u6587\u4ef6\u5939\u548c\u5de5\u4f5c\u7a7a\u95f4\u7684\u76f8\u5e94\u6743\u9650\u3002 \u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u63d0\u4f9b\u4e86 3 \u4e2a\u9884\u7f6e\u7684\u3001\u7528\u6237\u53ef\u76f4\u63a5\u4f7f\u7528\u6587\u4ef6\u5939\u89d2\u8272\uff1a
\u540c\u65f6\uff0c\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u8fd8\u652f\u6301\u7528\u6237\u521b\u5efa\u81ea\u5b9a\u4e49\u6587\u4ef6\u5939\u89d2\u8272\uff0c\u53ef\u6839\u636e\u9700\u8981\u81ea\u5b9a\u4e49\u89d2\u8272\u5185\u5bb9\u3002 \u5982\u521b\u5efa\u4e00\u4e2a\u6587\u4ef6\u5939\u89d2\u8272\uff0c\u5305\u542b\u5e94\u7528\u5de5\u4f5c\u53f0\u7684\u6240\u6709\u529f\u80fd\u6743\u9650\u3002\u82e5\u7528\u6237 A \u5728\u6587\u4ef6\u5939 01 \u4e2d\u88ab\u6388\u4e88\u8be5\u89d2\u8272\uff0c \u5c06\u62e5\u6709\u8be5\u6587\u4ef6\u5939\u4e0b\u6240\u6709\u5de5\u4f5c\u7a7a\u95f4\u4e2d\u5e94\u7528\u5de5\u4f5c\u53f0\u76f8\u5173\u529f\u80fd\u7684\u589e\u5220\u6539\u67e5\u6743\u9650\u3002
Note
\u529f\u80fd\u6a21\u5757\u672c\u8eab\u4f9d\u8d56\u7684\u662f\u5de5\u4f5c\u7a7a\u95f4\uff0c\u6587\u4ef6\u5939\u662f\u5de5\u4f5c\u7a7a\u95f4\u4e0a\u7684\u8fdb\u4e00\u6b65\u5206\u7ec4\u673a\u5236\u4e14\u5177\u6709\u6743\u9650\u7ee7\u627f\u80fd\u529b\uff0c \u56e0\u6b64\u6587\u4ef6\u5939\u6743\u9650\u4e0d\u5149\u5305\u542b\u6587\u4ef6\u5939\u672c\u8eab\uff0c\u8fd8\u5305\u62ec\u5176\u4e0b\u7684\u5b50\u6587\u4ef6\u5939\u548c\u5de5\u4f5c\u7a7a\u95f4\u3002
"},{"location":"admin/ghippo/access-control/role.html#_7","title":"\u6587\u4ef6\u5939\u89d2\u8272\u6388\u6743\u65b9\u5f0f","text":"\u5728 \u5168\u5c40\u7ba1\u7406 -> \u5de5\u4f5c\u7a7a\u95f4\u4e0e\u5c42\u7ea7 \u5217\u8868\u4e2d\uff0c\u627e\u5230\u8be5\u6587\u4ef6\u5939\uff0c\u70b9\u51fb \u6dfb\u52a0\u6388\u6743 \uff0c\u4e3a\u8be5\u7528\u6237\u8d4b\u4e88\u6587\u4ef6\u5939\u89d2\u8272\u6743\u9650\u3002
"},{"location":"admin/ghippo/access-control/user.html","title":"\u7528\u6237","text":"\u7528\u6237\u6307\u7684\u662f\u7531\u5e73\u53f0\u7ba1\u7406\u5458 admin \u6216\u8005\u7528\u6237\u4e0e\u8bbf\u95ee\u63a7\u5236\u7ba1\u7406\u5458 IAM Owner \u5728 \u5168\u5c40\u7ba1\u7406 -> \u7528\u6237\u4e0e\u8bbf\u95ee\u63a7\u5236 -> \u7528\u6237 \u9875\u9762\u521b\u5efa\u7684\u7528\u6237\uff0c\u6216\u8005\u901a\u8fc7 LDAP / OIDC \u5bf9\u63a5\u8fc7\u6765\u7684\u7528\u6237\u3002 \u7528\u6237\u540d\u4ee3\u8868\u8d26\u53f7\uff0c\u7528\u6237\u901a\u8fc7\u7528\u6237\u540d\u548c\u5bc6\u7801\u767b\u5f55\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u3002
\u62e5\u6709\u4e00\u4e2a\u7528\u6237\u8d26\u53f7\u662f\u7528\u6237\u8bbf\u95ee\u5e73\u53f0\u7684\u524d\u63d0\u3002\u65b0\u5efa\u7684\u7528\u6237\u9ed8\u8ba4\u6ca1\u6709\u4efb\u4f55\u6743\u9650\uff0c\u4f8b\u5982\u60a8\u9700\u8981\u7ed9\u7528\u6237\u8d4b\u4e88\u76f8\u5e94\u7684\u89d2\u8272\u6743\u9650\uff0c\u6bd4\u5982\u5728 \u7528\u6237\u5217\u8868 \u6216 \u7528\u6237\u8be6\u60c5 \u6388\u4e88\u5b50\u6a21\u5757\u7684\u7ba1\u7406\u5458\u6743\u9650\u3002 \u5b50\u6a21\u5757\u7ba1\u7406\u5458\u62e5\u6709\u8be5\u5b50\u6a21\u5757\u7684\u6700\u9ad8\u6743\u9650\uff0c\u80fd\u591f\u521b\u5efa\u3001\u7ba1\u7406\u3001\u5220\u9664\u8be5\u6a21\u5757\u7684\u6240\u6709\u8d44\u6e90\u3002 \u5982\u679c\u7528\u6237\u9700\u8981\u88ab\u6388\u4e88\u5177\u4f53\u8d44\u6e90\u7684\u6743\u9650\uff0c\u6bd4\u5982\u67d0\u4e2a\u8d44\u6e90\u7684\u4f7f\u7528\u6743\u9650\uff0c\u8bf7\u67e5\u770b\u8d44\u6e90\u6388\u6743\u8bf4\u660e\u3002
\u672c\u9875\u4ecb\u7ecd\u7528\u6237\u7684\u521b\u5efa\u3001\u6388\u6743\u3001\u7981\u7528\u3001\u542f\u7528\u3001\u5220\u9664\u7b49\u64cd\u4f5c\u3002
"},{"location":"admin/ghippo/access-control/user.html#_2","title":"\u521b\u5efa\u7528\u6237","text":"\u524d\u63d0\uff1a\u62e5\u6709\u5e73\u53f0\u7ba1\u7406\u5458 Admin \u6743\u9650\u6216\u8005\u7528\u6237\u4e0e\u8bbf\u95ee\u63a7\u5236\u7ba1\u7406\u5458 IAM Owner \u6743\u9650\u3002
\u7ba1\u7406\u5458\u8fdb\u5165 \u7528\u6237\u4e0e\u8bbf\u95ee\u63a7\u5236 \uff0c\u9009\u62e9 \u7528\u6237 \uff0c\u8fdb\u5165\u7528\u6237\u5217\u8868\uff0c\u70b9\u51fb\u53f3\u4e0a\u65b9\u7684 \u521b\u5efa\u7528\u6237 \u3002
\u5728 \u521b\u5efa\u7528\u6237 \u9875\u9762\u586b\u5199\u7528\u6237\u540d\u548c\u767b\u5f55\u5bc6\u7801\u3002\u5982\u9700\u4e00\u6b21\u6027\u521b\u5efa\u591a\u4e2a\u7528\u6237\uff0c\u53ef\u4ee5\u70b9\u51fb \u521b\u5efa\u7528\u6237 \u540e\u8fdb\u884c\u6279\u91cf\u521b\u5efa\uff0c\u4e00\u6b21\u6027\u6700\u591a\u521b\u5efa 5 \u4e2a\u7528\u6237\u3002\u6839\u636e\u60a8\u7684\u5b9e\u9645\u60c5\u51b5\u786e\u5b9a\u662f\u5426\u8bbe\u7f6e\u7528\u6237\u5728\u9996\u6b21\u767b\u5f55\u65f6\u91cd\u7f6e\u5bc6\u7801\u3002
\u70b9\u51fb \u786e\u5b9a \uff0c\u521b\u5efa\u7528\u6237\u6210\u529f\uff0c\u8fd4\u56de\u7528\u6237\u5217\u8868\u9875\u3002
Note
\u6b64\u5904\u8bbe\u7f6e\u7684\u7528\u6237\u540d\u548c\u5bc6\u7801\u5c06\u7528\u4e8e\u767b\u5f55\u5e73\u53f0\u3002
"},{"location":"admin/ghippo/access-control/user.html#grant-admin-permissions","title":"\u4e3a\u7528\u6237\u6388\u4e88\u5b50\u6a21\u5757\u7ba1\u7406\u5458\u6743\u9650","text":"\u524d\u63d0\uff1a\u8be5\u7528\u6237\u5df2\u5b58\u5728\u3002
\u7ba1\u7406\u5458\u8fdb\u5165 \u7528\u6237\u4e0e\u8bbf\u95ee\u63a7\u5236 \uff0c\u9009\u62e9 \u7528\u6237 \uff0c\u8fdb\u5165\u7528\u6237\u5217\u8868\uff0c\u70b9\u51fb \u2507 -> \u6388\u6743 \u3002
\u5728 \u6388\u6743 \u9875\u9762\u52fe\u9009\u9700\u8981\u7684\u89d2\u8272\u6743\u9650\uff08\u53ef\u591a\u9009\uff09\u3002
\u70b9\u51fb \u786e\u5b9a \u5b8c\u6210\u4e3a\u7528\u6237\u7684\u6388\u6743\u3002
Note
\u5728\u7528\u6237\u5217\u8868\u4e2d\uff0c\u70b9\u51fb\u67d0\u4e2a\u7528\u6237\uff0c\u53ef\u4ee5\u8fdb\u5165\u7528\u6237\u8be6\u60c5\u9875\u9762\u3002
"},{"location":"admin/ghippo/access-control/user.html#_3","title":"\u5c06\u7528\u6237\u52a0\u5165\u7528\u6237\u7ec4","text":"\u7ba1\u7406\u5458\u8fdb\u5165 \u7528\u6237\u4e0e\u8bbf\u95ee\u63a7\u5236 \uff0c\u9009\u62e9 \u7528\u6237 \uff0c\u8fdb\u5165\u7528\u6237\u5217\u8868\uff0c\u70b9\u51fb \u2507 -> \u52a0\u5165\u7528\u6237\u7ec4 \u3002
\u5728 \u52a0\u5165\u7528\u6237\u7ec4 \u9875\u9762\u52fe\u9009\u9700\u8981\u52a0\u5165\u7684\u7528\u6237\u7ec4\uff08\u53ef\u591a\u9009\uff09\u3002\u82e5\u6ca1\u6709\u53ef\u9009\u7684\u7528\u6237\u7ec4\uff0c\u70b9\u51fb \u521b\u5efa\u7528\u6237\u7ec4 \u521b\u5efa\u7528\u6237\u7ec4\uff0c\u518d\u8fd4\u56de\u8be5\u9875\u9762\u70b9\u51fb \u5237\u65b0 \u6309\u94ae\uff0c\u663e\u793a\u521a\u521b\u5efa\u7684\u7528\u6237\u7ec4\u3002
\u70b9\u51fb \u786e\u5b9a \u5c06\u7528\u6237\u52a0\u5165\u7528\u6237\u7ec4\u3002
Note
\u7528\u6237\u4f1a\u7ee7\u627f\u7528\u6237\u7ec4\u7684\u6743\u9650\uff0c\u53ef\u4ee5\u5728 \u7528\u6237\u8be6\u60c5 \u4e2d\u67e5\u770b\u8be5\u7528\u6237\u5df2\u52a0\u5165\u7684\u7528\u6237\u7ec4\u3002
"},{"location":"admin/ghippo/access-control/user.html#_4","title":"\u542f\u7528/\u7981\u7528\u7528\u6237","text":"\u7981\u7528\u7528\u6237\u540e\uff0c\u8be5\u7528\u6237\u5c06\u65e0\u6cd5\u518d\u8bbf\u95ee\u5e73\u53f0\u3002\u4e0e\u5220\u9664\u7528\u6237\u4e0d\u540c\uff0c\u7981\u7528\u7684\u7528\u6237\u53ef\u4ee5\u6839\u636e\u9700\u8981\u518d\u6b21\u542f\u7528\uff0c\u5efa\u8bae\u5220\u9664\u7528\u6237\u524d\u5148\u7981\u7528\uff0c\u4ee5\u786e\u4fdd\u6ca1\u6709\u5173\u952e\u670d\u52a1\u5728\u4f7f\u7528\u8be5\u7528\u6237\u521b\u5efa\u7684\u5bc6\u94a5\u3002
\u7ba1\u7406\u5458\u8fdb\u5165 \u7528\u6237\u4e0e\u8bbf\u95ee\u63a7\u5236 \uff0c\u9009\u62e9 \u7528\u6237 \uff0c\u8fdb\u5165\u7528\u6237\u5217\u8868\uff0c\u70b9\u51fb\u4e00\u4e2a\u7528\u6237\u540d\u8fdb\u5165\u7528\u6237\u8be6\u60c5\u3002
\u70b9\u51fb\u53f3\u4e0a\u65b9\u7684 \u7f16\u8f91 \uff0c\u5173\u95ed\u72b6\u6001\u6309\u94ae\uff0c\u4f7f\u6309\u94ae\u7f6e\u7070\u4e14\u5904\u4e8e\u672a\u542f\u7528\u72b6\u6001\u3002
\u70b9\u51fb \u786e\u5b9a \u5b8c\u6210\u7981\u7528\u7528\u6237\u7684\u64cd\u4f5c\u3002
\u524d\u63d0\uff1a\u9700\u8981\u8bbe\u7f6e\u7528\u6237\u90ae\u7bb1\uff0c\u6709\u4e24\u79cd\u65b9\u5f0f\u53ef\u4ee5\u8bbe\u7f6e\u7528\u6237\u90ae\u7bb1\u3002
\u7ba1\u7406\u5458\u5728\u8be5\u7528\u6237\u8be6\u60c5\u9875\u9762\uff0c\u70b9\u51fb \u7f16\u8f91 \uff0c\u5728\u5f39\u51fa\u6846\u8f93\u5165\u7528\u6237\u90ae\u7bb1\u5730\u5740\uff0c\u70b9\u51fb \u786e\u5b9a \u5b8c\u6210\u90ae\u7bb1\u8bbe\u7f6e\u3002
\u7528\u6237\u8fd8\u53ef\u4ee5\u8fdb\u5165 \u4e2a\u4eba\u4e2d\u5fc3 \uff0c\u5728 \u5b89\u5168\u8bbe\u7f6e \u9875\u9762\u8bbe\u7f6e\u90ae\u7bb1\u5730\u5740\u3002
\u5982\u679c\u7528\u6237\u767b\u5f55\u65f6\u5fd8\u8bb0\u5bc6\u7801\uff0c\u8bf7\u53c2\u8003\u91cd\u7f6e\u5bc6\u7801\u3002
"},{"location":"admin/ghippo/access-control/user.html#_6","title":"\u5220\u9664\u7528\u6237","text":"Warning
\u5220\u9664\u7528\u6237\u540e\uff0c\u8be5\u7528\u6237\u5c06\u65e0\u6cd5\u518d\u901a\u8fc7\u4efb\u4f55\u65b9\u5f0f\u8bbf\u95ee\u5e73\u53f0\u8d44\u6e90\uff0c\u8bf7\u8c28\u614e\u5220\u9664\u3002 \u5728\u5220\u9664\u7528\u6237\u4e4b\u524d\uff0c\u8bf7\u786e\u4fdd\u60a8\u7684\u5173\u952e\u7a0b\u5e8f\u4e0d\u518d\u4f7f\u7528\u8be5\u7528\u6237\u521b\u5efa\u7684\u5bc6\u94a5\u3002 \u5982\u679c\u60a8\u4e0d\u786e\u5b9a\uff0c\u5efa\u8bae\u5728\u5220\u9664\u524d\u5148\u7981\u7528\u8be5\u7528\u6237\u3002 \u5982\u679c\u60a8\u5220\u9664\u4e86\u4e00\u4e2a\u7528\u6237\uff0c\u7136\u540e\u518d\u521b\u5efa\u4e00\u4e2a\u540c\u540d\u7684\u65b0\u7528\u6237\uff0c\u5219\u65b0\u7528\u6237\u5c06\u88ab\u89c6\u4e3a\u4e00\u4e2a\u65b0\u7684\u72ec\u7acb\u8eab\u4efd\uff0c\u5b83\u4e0d\u4f1a\u7ee7\u627f\u5df2\u5220\u9664\u7528\u6237\u7684\u89d2\u8272\u3002
\u7ba1\u7406\u5458\u8fdb\u5165 \u7528\u6237\u4e0e\u8bbf\u95ee\u63a7\u5236 \uff0c\u9009\u62e9 \u7528\u6237 \uff0c\u8fdb\u5165\u7528\u6237\u5217\u8868\uff0c\u70b9\u51fb \u2507 -> \u5220\u9664 \u3002
\u70b9\u51fb \u79fb\u9664 \u5b8c\u6210\u5220\u9664\u7528\u6237\u7684\u64cd\u4f5c\u3002
\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u5728\u63a5\u5165\u5ba2\u6237\u7684\u7cfb\u7edf\u540e\uff0c\u53ef\u4ee5\u521b\u5efa Webhook\uff0c\u5728\u7528\u6237\u521b\u5efa/\u66f4\u65b0/\u5220\u9664/\u767b\u5f55/\u767b\u51fa\u4e4b\u65f6\u53d1\u9001\u6d88\u606f\u901a\u77e5\u3002
Webhook \u662f\u4e00\u79cd\u7528\u4e8e\u5b9e\u73b0\u5b9e\u65f6\u4e8b\u4ef6\u901a\u77e5\u7684\u673a\u5236\u3002\u5b83\u5141\u8bb8\u4e00\u4e2a\u5e94\u7528\u7a0b\u5e8f\u5c06\u6570\u636e\u6216\u4e8b\u4ef6\u63a8\u9001\u5230\u53e6\u4e00\u4e2a\u5e94\u7528\u7a0b\u5e8f\uff0c \u800c\u65e0\u9700\u8f6e\u8be2\u6216\u6301\u7eed\u67e5\u8be2\u3002\u901a\u8fc7\u914d\u7f6e Webhook\uff0c\u60a8\u53ef\u4ee5\u6307\u5b9a\u5728\u67d0\u4e2a\u4e8b\u4ef6\u53d1\u751f\u65f6\uff0c\u7531\u76ee\u6807\u5e94\u7528\u7a0b\u5e8f\u63a5\u6536\u5e76\u5904\u7406\u901a\u77e5\u3002
Webhook \u7684\u5de5\u4f5c\u539f\u7406\u5982\u4e0b\uff1a
\u901a\u8fc7\u4f7f\u7528 Webhook\uff0c\u60a8\u53ef\u4ee5\u5b9e\u73b0\u4ee5\u4e0b\u529f\u80fd\uff1a
\u5e38\u89c1\u7684\u5e94\u7528\u573a\u666f\u5305\u62ec\uff1a
\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u56fe\u5f62\u5316\u914d\u7f6e Webhook \u7684\u64cd\u4f5c\u6b65\u9aa4\u5982\u4e0b\uff1a
\u5728 \u5168\u5c40\u7ba1\u7406 -> \u7528\u6237\u4e0e\u8bbf\u95ee\u63a7\u5236 -> \u63a5\u5165\u7ba1\u7406 \uff0c\u521b\u5efa\u4e00\u4e2a\u5ba2\u6237\u7aef ID\u3002
\u70b9\u51fb\u67d0\u4e2a\u5ba2\u6237\u7aef ID\uff0c\u8fdb\u5165\u8be6\u60c5\u9875\uff0c\u70b9\u51fb \u521b\u5efa Webhook \u6309\u94ae\u3002
\u5728\u5f39\u7a97\u4e2d\u586b\u5165\u5b57\u6bb5\u4fe1\u606f\u540e\u70b9\u51fb \u786e\u5b9a \u3002
\u5c4f\u5e55\u63d0\u793a Webhook \u521b\u5efa\u6210\u529f\u3002
\u73b0\u5728\u53bb\u8bd5\u7740\u521b\u5efa\u4e00\u4e2a\u7528\u6237\u3002
\u7528\u6237\u521b\u5efa\u6210\u529f\uff0c\u53ef\u4ee5\u770b\u5230\u4f01\u4e1a\u5fae\u4fe1\u7fa4\u6536\u5230\u4e86\u4e00\u6761\u6d88\u606f\u3002
\u7cfb\u7edf\u9ed8\u8ba4\u7684\u6d88\u606f\u4f53
\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u9884\u5148\u5b9a\u4e49\u4e86\u4e00\u4e9b\u53d8\u91cf\uff0c\u60a8\u53ef\u4ee5\u6839\u636e\u81ea\u5df1\u60c5\u51b5\u5728\u6d88\u606f\u4f53\u4e2d\u4f7f\u7528\u8fd9\u4e9b\u53d8\u91cf\u3002
{\n \"id\": \"{{$$.ID$$}}\",\n \"email\": \"{{$$.Email$$}}\",\n \"username\": \"{{$$.Name$$}}\",\n \"last_name\": \"{{$$.LastName$$}}\",\n \"first_name\": \"{{$$.FirstName$$}}\",\n \"created_at\": \"{{$$.CreatedAt$$}}\",\n \"enabled\": \"{{$$.Enabled$$}}\"\n}\n
\u4f01\u4e1a\u5fae\u4fe1\u7fa4\u673a\u5668\u4eba\u7684 Message Body
{\n \"msgtype\": \"text\",\n \"text\": {\n \"content\": \"{{$$.Name$$}} hello world\"\n }\n}\n
"},{"location":"admin/ghippo/access-control/webhook.html#_3","title":"\u53c2\u8003\u6587\u6863","text":"\u5ba1\u8ba1\u65e5\u5fd7\u5e2e\u52a9\u60a8\u76d1\u63a7\u5e76\u8bb0\u5f55\u6bcf\u4e2a\u7528\u6237\u7684\u6d3b\u52a8\uff0c\u63d0\u4f9b\u4e86\u4e0e\u5b89\u5168\u76f8\u5173\u7684\u3001\u6309\u65f6\u95f4\u987a\u5e8f\u6392\u5217\u7684\u8bb0\u5f55\u7684\u6536\u96c6\u3001\u5b58\u50a8\u548c\u67e5\u8be2\u529f\u80fd\u3002 \u501f\u52a9\u5ba1\u8ba1\u65e5\u5fd7\u670d\u52a1\uff0c\u60a8\u53ef\u4ee5\u6301\u7eed\u76d1\u63a7\u5e76\u4fdd\u7559\u7528\u6237\u5728\u5168\u5c40\u7ba1\u7406\u6a21\u5757\u7684\u4f7f\u7528\u884c\u4e3a\uff0c\u5305\u62ec\u4f46\u4e0d\u9650\u4e8e\u521b\u5efa\u7528\u6237\u3001\u7528\u6237\u767b\u5f55/\u767b\u51fa\u3001\u7528\u6237\u6388\u6743\u4ee5\u53ca\u4e0e Kubernetes \u76f8\u5173\u7684\u7528\u6237\u64cd\u4f5c\u884c\u4e3a\u3002
"},{"location":"admin/ghippo/audit/audit-log.html#_2","title":"\u529f\u80fd\u7279\u6027","text":"\u5ba1\u8ba1\u65e5\u5fd7\u529f\u80fd\u5177\u6709\u4ee5\u4e0b\u7279\u70b9\uff1a
\u4f7f\u7528\u5177\u6709 admin \u6216 Audit Owner \u89d2\u8272\u7684\u7528\u6237\u767b\u5f55 AI \u7b97\u529b\u5e73\u53f0\u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u5e95\u90e8\uff0c\u70b9\u51fb \u5168\u5c40\u7ba1\u7406 -> \u5ba1\u8ba1\u65e5\u5fd7 \u3002
\u5728 \u7528\u6237\u64cd\u4f5c \u9875\u7b7e\u4e2d\uff0c\u53ef\u4ee5\u6309\u65f6\u95f4\u8303\u56f4\uff0c\u4e5f\u53ef\u4ee5\u901a\u8fc7\u6a21\u7cca\u641c\u7d22\u3001\u7cbe\u786e\u641c\u7d22\u6765\u67e5\u627e\u7528\u6237\u64cd\u4f5c\u4e8b\u4ef6\u3002
\u70b9\u51fb\u67d0\u4e2a\u4e8b\u4ef6\u6700\u53f3\u4fa7\u7684 \u2507 \uff0c\u53ef\u4ee5\u67e5\u770b\u4e8b\u4ef6\u8be6\u60c5\u3002
\u4e8b\u4ef6\u8be6\u60c5\u5982\u4e0b\u56fe\u6240\u793a\u3002
\u70b9\u51fb\u53f3\u4e0a\u89d2\u7684 \u5bfc\u51fa \u6309\u94ae\uff0c\u53ef\u4ee5\u6309 CSV \u548c Excel \u683c\u5f0f\u5bfc\u51fa\u5f53\u524d\u6240\u9009\u65f6\u95f4\u8303\u56f4\u5185\u7684\u7528\u6237\u64cd\u4f5c\u65e5\u5fd7\u3002
"},{"location":"admin/ghippo/audit/audit-log.html#_5","title":"\u7cfb\u7edf\u64cd\u4f5c","text":"\u5728 \u7cfb\u7edf\u64cd\u4f5c \u9875\u7b7e\u4e2d\uff0c\u53ef\u4ee5\u6309\u65f6\u95f4\u8303\u56f4\uff0c\u4e5f\u53ef\u4ee5\u901a\u8fc7\u6a21\u7cca\u641c\u7d22\u3001\u7cbe\u786e\u641c\u7d22\u6765\u67e5\u627e\u7cfb\u7edf\u64cd\u4f5c\u4e8b\u4ef6\u3002
\u540c\u6837\u70b9\u51fb\u67d0\u4e2a\u4e8b\u4ef6\u6700\u53f3\u4fa7\u7684 \u2507 \uff0c\u53ef\u4ee5\u67e5\u770b\u4e8b\u4ef6\u8be6\u60c5\u3002
\u70b9\u51fb\u53f3\u4e0a\u89d2\u7684 \u5bfc\u51fa \u6309\u94ae\uff0c\u53ef\u4ee5\u6309 CSV \u548c Excel \u683c\u5f0f\u5bfc\u51fa\u5f53\u524d\u6240\u9009\u65f6\u95f4\u8303\u56f4\u5185\u7684\u7cfb\u7edf\u64cd\u4f5c\u65e5\u5fd7\u3002
"},{"location":"admin/ghippo/audit/audit-log.html#_6","title":"\u8bbe\u7f6e","text":"\u5728 \u8bbe\u7f6e \u9875\u7b7e\u4e2d\uff0c\u60a8\u53ef\u4ee5\u6e05\u7406\u7528\u6237\u64cd\u4f5c\u548c\u7cfb\u7edf\u64cd\u4f5c\u7684\u5ba1\u8ba1\u65e5\u5fd7\u3002
\u53ef\u4ee5\u624b\u52a8\u6e05\u7406\uff0c\u5efa\u8bae\u6e05\u7406\u524d\u5148\u5bfc\u51fa\u5e76\u4fdd\u5b58\u3002\u4e5f\u53ef\u4ee5\u8bbe\u7f6e\u65e5\u5fd7\u7684\u6700\u957f\u4fdd\u5b58\u65f6\u95f4\u5b9e\u73b0\u81ea\u52a8\u6e05\u7406\u3002
Note
\u5ba1\u8ba1\u65e5\u5fd7\u4e2d\u4e0e Kubernetes \u76f8\u5173\u7684\u65e5\u5fd7\u8bb0\u5f55\u7531\u53ef\u89c2\u6d4b\u6027\u6a21\u5757\u63d0\u4f9b\uff0c\u4e3a\u51cf\u8f7b\u5ba1\u8ba1\u65e5\u5fd7\u7684\u5b58\u50a8\u538b\u529b\uff0c\u5168\u5c40\u7ba1\u7406\u9ed8\u8ba4\u4e0d\u91c7\u96c6 Kubernetes \u76f8\u5173\u65e5\u5fd7\u3002 \u5982\u9700\u8bb0\u5f55\u8bf7\u53c2\u9605\u5f00\u542f K8s \u5ba1\u8ba1\u65e5\u5fd7\u3002\u5f00\u542f\u540e\u7684\u6e05\u7406\u529f\u80fd\u4e0e\u5168\u5c40\u7ba1\u7406\u7684\u6e05\u7406\u529f\u80fd\u4e00\u81f4\uff0c\u4f46\u4e92\u4e0d\u5f71\u54cd\u3002
"},{"location":"admin/ghippo/audit/open-audit.html","title":"\u91c7\u96c6 K8s \u5ba1\u8ba1\u65e5\u5fd7","text":"\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u67e5\u770b /var/log/kubernetes/audit \u76ee\u5f55\u4e0b\u662f\u5426\u6709\u5ba1\u8ba1\u65e5\u5fd7\u751f\u6210\u3002 \u82e5\u6709\uff0c\u5219\u8868\u793a K8s \u5ba1\u8ba1\u65e5\u5fd7\u6210\u529f\u5f00\u542f\u3002
ls /var/log/kubernetes/audit\n
\u82e5\u672a\u5f00\u542f\uff0c\u8bf7\u53c2\u8003\u751f\u6210 K8s \u5ba1\u8ba1\u65e5\u5fd7\u3002
"},{"location":"admin/ghippo/audit/open-audit.html#k8s_3","title":"\u5f00\u542f\u91c7\u96c6 K8s \u5ba1\u8ba1\u65e5\u5fd7\u6d41\u7a0b","text":"\u6dfb\u52a0 chartmuseum \u5230 helm repo \u4e2d
helm repo add chartmuseum http://10.5.14.30:8081\n
\u8fd9\u6761\u547d\u4ee4\u4e2d\u7684 IP \u9700\u8981\u4fee\u6539\u4e3a\u706b\u79cd\u8282\u70b9\u7684 IP \u5730\u5740\u3002
Note
\u4f7f\u7528\u81ea\u5efa Harbor \u4ed3\u5e93\u7684\u60c5\u51b5\u4e0b\uff0c\u8bf7\u4fee\u6539\u7b2c\u4e00\u6b65\u4e2d\u7684 chart repo \u5730\u5740\u4e3a\u81ea\u5efa\u4ed3\u5e93\u7684 insight-agent chart \u5730\u5740\u3002
\u4fdd\u5b58\u5f53\u524d insight-agent helm value
helm get values insight-agent -n insight-system -o yaml > insight-agent-values-bak.yaml\n
\u83b7\u53d6\u5f53\u524d\u7248\u672c\u53f7 ${insight_version_code}
insight_version_code=`helm list -n insight-system |grep insight-agent | awk {'print $10'}`\n
\u66f4\u65b0 helm value \u914d\u7f6e
helm upgrade --install --create-namespace --version ${insight_version_code} --cleanup-on-fail insight-agent chartmuseum/insight-agent -n insight-system -f insight-agent-values-bak.yaml --set global.exporters.auditLog.kubeAudit.enabled=true\n
\u91cd\u542f insight-system \u4e0b\u7684\u6240\u6709 fluentBit pod
fluent_pod=`kubectl get pod -n insight-system | grep insight-agent-fluent-bit | awk {'print $1'} | xargs`\nkubectl delete pod ${fluent_pod} -n insight-system\n
\u5176\u4f59\u6b65\u9aa4\u548c\u5f00\u542f\u91c7\u96c6 K8s \u5ba1\u8ba1\u65e5\u5fd7\u4e00\u81f4\uff0c\u4ec5\u9700\u4fee\u6539\u4e0a\u4e00\u8282\u4e2d\u7b2c 4 \u6b65\uff1a\u66f4\u65b0 helm value \u914d\u7f6e\u3002
helm upgrade --install --create-namespace --version ${insight_version_code} --cleanup-on-fail insight-agent chartmuseum/insight-agent -n insight-system -f insight-agent-values-bak.yaml --set global.exporters.auditLog.kubeAudit.enabled=false\n
"},{"location":"admin/ghippo/audit/open-audit.html#_1","title":"\u5de5\u4f5c\u96c6\u7fa4\u5f00\u5173","text":"\u5404\u5de5\u4f5c\u96c6\u7fa4\u5f00\u5173\u72ec\u7acb\uff0c\u6309\u9700\u5f00\u542f\u3002
"},{"location":"admin/ghippo/audit/open-audit.html#_2","title":"\u521b\u5efa\u96c6\u7fa4\u65f6\u6253\u5f00\u91c7\u96c6\u5ba1\u8ba1\u65e5\u5fd7\u6b65\u9aa4","text":"\u91c7\u96c6 K8s \u5ba1\u8ba1\u65e5\u5fd7\u529f\u80fd\u9ed8\u8ba4\u4e3a\u5173\u95ed\u72b6\u6001\u3002\u82e5\u9700\u8981\u5f00\u542f\uff0c\u53ef\u4ee5\u6309\u7167\u5982\u4e0b\u6b65\u9aa4\uff1a
\u5c06\u8be5\u6309\u94ae\u8bbe\u7f6e\u4e3a\u542f\u7528\u72b6\u6001\uff0c\u5f00\u542f\u91c7\u96c6 K8s \u5ba1\u8ba1\u65e5\u5fd7\u529f\u80fd\u3002
\u901a\u8fc7\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u521b\u5efa\u5de5\u4f5c\u96c6\u7fa4\u65f6\uff0c\u786e\u8ba4\u8be5\u96c6\u7fa4\u7684 K8s \u5ba1\u8ba1\u65e5\u5fd7\u9009\u62e9 \u2018true'\uff0c\u8fd9\u6837\u521b\u5efa\u51fa\u6765\u7684\u5de5\u4f5c\u96c6\u7fa4 K8s \u5ba1\u8ba1\u65e5\u5fd7\u662f\u5f00\u542f\u7684\u3002
\u7b49\u5f85\u96c6\u7fa4\u521b\u5efa\u6210\u529f\u540e\uff0c\u8be5\u5de5\u4f5c\u96c6\u7fa4\u7684 K8s \u5ba1\u8ba1\u65e5\u5fd7\u5c06\u88ab\u91c7\u96c6\u3002
"},{"location":"admin/ghippo/audit/open-audit.html#_3","title":"\u63a5\u5165\u7684\u96c6\u7fa4\u548c\u521b\u5efa\u5b8c\u6210\u540e\u5f00\u5173\u6b65\u9aa4","text":""},{"location":"admin/ghippo/audit/open-audit.html#k8s_5","title":"\u786e\u8ba4\u5f00\u542f K8s \u5ba1\u8ba1\u65e5\u5fd7","text":"\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u67e5\u770b /var/log/kubernetes/audit \u76ee\u5f55\u4e0b\u662f\u5426\u6709\u5ba1\u8ba1\u65e5\u5fd7\u751f\u6210\uff0c\u82e5\u6709\uff0c\u5219\u8868\u793a K8s \u5ba1\u8ba1\u65e5\u5fd7\u6210\u529f\u5f00\u542f\u3002
ls /var/log/kubernetes/audit\n
\u82e5\u672a\u5f00\u542f\uff0c\u8bf7\u53c2\u8003\u6587\u6863\u7684\u5f00\u542f\u5173\u95ed K8s \u5ba1\u8ba1\u65e5\u5fd7
"},{"location":"admin/ghippo/audit/open-audit.html#k8s_6","title":"\u5f00\u542f\u91c7\u96c6 K8s \u5ba1\u8ba1\u65e5\u5fd7","text":"\u91c7\u96c6 K8s \u5ba1\u8ba1\u65e5\u5fd7\u529f\u80fd\u9ed8\u8ba4\u4e3a\u5173\u95ed\u72b6\u6001\uff0c\u82e5\u9700\u8981\u5f00\u542f\uff0c\u53ef\u4ee5\u6309\u7167\u5982\u4e0b\u6b65\u9aa4\uff1a
\u9009\u4e2d\u5df2\u63a5\u5165\u5e76\u4e14\u9700\u8981\u5f00\u542f\u91c7\u96c6 K8s \u5ba1\u8ba1\u65e5\u5fd7\u529f\u80fd\u7684\u96c6\u7fa4
\u8fdb\u5165 helm \u5e94\u7528\u7ba1\u7406\u9875\u9762\uff0c\u66f4\u65b0 insight-agent \u914d\u7f6e \uff08\u82e5\u672a\u5b89\u88c5 insight-agent\uff0c\u53ef\u4ee5\u5b89\u88c5 insight-agent\uff09
\u5f00\u542f/\u5173\u95ed\u91c7\u96c6 K8s \u5ba1\u8ba1\u65e5\u5fd7\u6309\u94ae
\u63a5\u5165\u96c6\u7fa4\u7684\u60c5\u51b5\u4e0b\u5f00\u5173\u540e\u4ecd\u9700\u8981\u91cd\u542f fluent-bit pod \u624d\u80fd\u751f\u6548
\u9ed8\u8ba4 Kubernetes \u96c6\u7fa4\u4e0d\u4f1a\u751f\u6210\u5ba1\u8ba1\u65e5\u5fd7\u4fe1\u606f\u3002\u901a\u8fc7\u4ee5\u4e0b\u914d\u7f6e\uff0c\u53ef\u4ee5\u5f00\u542f Kubernetes \u7684\u5ba1\u8ba1\u65e5\u5fd7\u529f\u80fd\u3002
Note
\u516c\u6709\u4e91\u73af\u5883\u4e2d\u53ef\u80fd\u65e0\u6cd5\u63a7\u5236 Kubernetes \u5ba1\u8ba1\u65e5\u5fd7\u8f93\u51fa\u53ca\u8f93\u51fa\u8def\u5f84\u3002
apiVersion: audit.k8s.io/v1\nkind: Policy\nrules:\n# The following requests were manually identified as high-volume and low-risk,\n# so drop them.\n- level: None\n users: [\"system:kube-proxy\"]\n verbs: [\"watch\"]\n resources:\n - group: \"\" # core\n resources: [\"endpoints\", \"services\", \"services/status\"]\n- level: None\n # Ingress controller reads `configmaps/ingress-uid` through the unsecured port.\n # TODO(#46983): Change this to the ingress controller service account.\n users: [\"system:unsecured\"]\n namespaces: [\"kube-system\"]\n verbs: [\"get\"]\n resources:\n - group: \"\" # core\n resources: [\"configmaps\"]\n- level: None\n users: [\"kubelet\"] # legacy kubelet identity\n verbs: [\"get\"]\n resources:\n - group: \"\" # core\n resources: [\"nodes\", \"nodes/status\"]\n- level: None\n userGroups: [\"system:nodes\"]\n verbs: [\"get\"]\n resources:\n - group: \"\" # core\n resources: [\"nodes\", \"nodes/status\"]\n- level: None\n users:\n - system:kube-controller-manager\n - system:kube-scheduler\n - system:serviceaccount:kube-system:endpoint-controller\n verbs: [\"get\", \"update\"]\n namespaces: [\"kube-system\"]\n resources:\n - group: \"\" # core\n resources: [\"endpoints\"]\n- level: None\n users: [\"system:apiserver\"]\n verbs: [\"get\"]\n resources:\n - group: \"\" # core\n resources: [\"namespaces\", \"namespaces/status\", \"namespaces/finalize\"]\n# Don't log HPA fetching metrics.\n- level: None\n users:\n - system:kube-controller-manager\n verbs: [\"get\", \"list\"]\n resources:\n - group: \"metrics.k8s.io\"\n# Don't log these read-only URLs.\n- level: None\n nonResourceURLs:\n - /healthz*\n - /version\n - /swagger*\n# Don't log events requests.\n- level: None\n resources:\n - group: \"\" # core\n resources: [\"events\"]\n# Secrets, ConfigMaps, TokenRequest and TokenReviews can contain sensitive & binary data,\n# so only log at the Metadata level.\n- level: Metadata\n resources:\n - group: \"\" # core\n resources: [\"secrets\", \"configmaps\", \"serviceaccounts/token\"]\n - group: authentication.k8s.io\n resources: [\"tokenreviews\"]\n omitStages:\n - \"RequestReceived\"\n# Get responses can be large; skip them.\n- level: Request\n verbs: [\"get\", \"list\", \"watch\"]\n resources:\n - group: \"\" # core\n - group: \"admissionregistration.k8s.io\"\n - group: \"apiextensions.k8s.io\"\n - group: \"apiregistration.k8s.io\"\n - group: \"apps\"\n - group: \"authentication.k8s.io\"\n - group: \"authorization.k8s.io\"\n - group: \"autoscaling\"\n - group: \"batch\"\n - group: \"certificates.k8s.io\"\n - group: \"extensions\"\n - group: \"metrics.k8s.io\"\n - group: \"networking.k8s.io\"\n - group: \"policy\"\n - group: \"rbac.authorization.k8s.io\"\n - group: \"settings.k8s.io\"\n - group: \"storage.k8s.io\"\n omitStages:\n - \"RequestReceived\"\n# Default level for known APIs\n- level: RequestResponse\n resources:\n - group: \"\" # core\n - group: \"admissionregistration.k8s.io\"\n - group: \"apiextensions.k8s.io\"\n - group: \"apiregistration.k8s.io\"\n - group: \"apps\"\n - group: \"authentication.k8s.io\"\n - group: \"authorization.k8s.io\"\n - group: \"autoscaling\"\n - group: \"batch\"\n - group: \"certificates.k8s.io\"\n - group: \"extensions\"\n - group: \"metrics.k8s.io\"\n - group: \"networking.k8s.io\"\n - group: \"policy\"\n - group: \"rbac.authorization.k8s.io\"\n - group: \"settings.k8s.io\"\n - group: \"storage.k8s.io\"\n omitStages:\n - \"RequestReceived\"\n# Default level for all other requests.\n- level: Metadata\n omitStages:\n - \"RequestReceived\"\n
\u5c06\u4ee5\u4e0a\u5ba1\u8ba1\u65e5\u5fd7\u6587\u4ef6\u653e\u5230 /etc/kubernetes/audit-policy/ \u6587\u4ef6\u5939\u4e0b\uff0c\u5e76\u53d6\u540d\u4e3a apiserver-audit-policy.yaml \u3002
"},{"location":"admin/ghippo/audit/open-k8s-audit.html#api","title":"\u914d\u7f6e API \u670d\u52a1\u5668","text":"\u6253\u5f00 API \u670d\u52a1\u5668\u7684\u914d\u7f6e\u6587\u4ef6 kube-apiserver.yaml \uff0c\u4e00\u822c\u4f1a\u5728 /etc/kubernetes/manifests/ \u6587\u4ef6\u5939\u4e0b\uff0c\u5e76\u6dfb\u52a0\u4ee5\u4e0b\u914d\u7f6e\u4fe1\u606f\uff1a
\u8fd9\u4e00\u6b65\u64cd\u4f5c\u524d\u8bf7\u5907\u4efd kube-apiserver.yaml \uff0c\u5e76\u4e14\u5907\u4efd\u7684\u6587\u4ef6\u4e0d\u80fd\u653e\u5728 /etc/kubernetes/manifests/ \u4e0b\uff0c\u5efa\u8bae\u653e\u5728 /etc/kubernetes/tmp \u3002
\u5728 spec.containers.command \u4e0b\u6dfb\u52a0\u547d\u4ee4\uff1a
--audit-log-maxage=30\n--audit-log-maxbackup=10\n--audit-log-maxsize=100\n--audit-log-path=/var/log/audit/kube-apiserver-audit.log\n--audit-policy-file=/etc/kubernetes/audit-policy/apiserver-audit-policy.yaml\n
\u5728 spec.containers.volumeMounts \u4e0b\u6dfb\u52a0\uff1a
- mountPath: /var/log/audit\n name: audit-logs\n- mountPath: /etc/kubernetes/audit-policy\n name: audit-policy\n
\u5728 spec.volumes \u4e0b\u6dfb\u52a0\uff1a
- hostPath:\n path: /var/log/kubernetes/audit\n type: \"\"\n name: audit-logs\n- hostPath:\n path: /etc/kubernetes/audit-policy\n type: \"\"\n name: audit-policy\n
\u7a0d\u7b49\u4e00\u4f1a\uff0cAPI \u670d\u52a1\u5668\u4f1a\u81ea\u52a8\u91cd\u542f\uff0c\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u67e5\u770b /var/log/kubernetes/audit \u76ee\u5f55\u4e0b\u662f\u5426\u6709\u5ba1\u8ba1\u65e5\u5fd7\u751f\u6210\uff0c\u82e5\u6709\uff0c\u5219\u8868\u793a K8s \u5ba1\u8ba1\u65e5\u5fd7\u6210\u529f\u5f00\u542f\u3002
ls /var/log/kubernetes/audit\n
\u5982\u679c\u60f3\u5173\u95ed\uff0c\u53bb\u6389 spec.containers.command \u4e2d\u7684\u76f8\u5173\u547d\u4ee4\u5373\u53ef\u3002
"},{"location":"admin/ghippo/audit/source-ip.html","title":"\u5ba1\u8ba1\u65e5\u5fd7\u83b7\u53d6\u6e90 IP","text":"\u5ba1\u8ba1\u65e5\u5fd7\u6e90 IP \u5728\u7cfb\u7edf\u548c\u7f51\u7edc\u7ba1\u7406\u4e2d\u626e\u6f14\u7740\u5173\u952e\u89d2\u8272\uff0c\u5b83\u6709\u52a9\u4e8e\u8ffd\u8e2a\u6d3b\u52a8\u3001\u7ef4\u62a4\u5b89\u5168\u3001\u89e3\u51b3\u95ee\u9898\u5e76\u786e\u4fdd\u7cfb\u7edf\u5408\u89c4\u6027\u3002 \u4f46\u662f\u83b7\u53d6\u6e90 IP \u4f1a\u5e26\u6765\u4e00\u5b9a\u7684\u6027\u80fd\u635f\u8017\uff0c\u6240\u4ee5\u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4e2d\u5ba1\u8ba1\u65e5\u5fd7\u5e76\u4e0d\u603b\u662f\u5f00\u542f\u7684\uff0c \u5728\u4e0d\u540c\u7684\u5b89\u88c5\u6a21\u5f0f\u4e0b\uff0c\u5ba1\u8ba1\u65e5\u5fd7\u6e90 IP \u7684\u9ed8\u8ba4\u5f00\u542f\u60c5\u51b5\u4e0d\u540c\uff0c\u5e76\u4e14\u5f00\u542f\u7684\u65b9\u5f0f\u4e0d\u540c\u3002 \u4e0b\u9762\u4f1a\u6839\u636e\u5b89\u88c5\u6a21\u5f0f\u5206\u522b\u4ecb\u7ecd\u5ba1\u8ba1\u65e5\u5fd7\u6e90 IP \u7684\u9ed8\u8ba4\u5f00\u542f\u60c5\u51b5\u4ee5\u53ca\u5982\u4f55\u5f00\u542f\u3002
Note
\u5f00\u542f\u5ba1\u8ba1\u65e5\u5fd7\u4f1a\u4fee\u6539 istio-ingressgateway \u7684\u526f\u672c\u6570\uff0c\u5e26\u6765\u4e00\u5b9a\u7684\u6027\u80fd\u635f\u8017\u3002 \u5f00\u542f\u5ba1\u8ba1\u65e5\u5fd7\u9700\u8981\u5173\u95ed kube-proxy \u7684\u8d1f\u8f7d\u5747\u8861\u4ee5\u53ca\u62d3\u6251\u611f\u77e5\u8def\u7531\uff0c\u4f1a\u5bf9\u96c6\u7fa4\u6027\u80fd\u4ea7\u751f\u4e00\u5b9a\u7684\u5f71\u54cd\u3002 \u5f00\u542f\u5ba1\u8ba1\u65e5\u5fd7\u540e\uff0c\u8bbf\u95eeIP\u6240\u5bf9\u5e94\u7684\u8282\u70b9\u4e0a\u5fc5\u987b\u4fdd\u8bc1\u5b58\u5728 istio-ingressgateway \uff0c\u82e5\u56e0\u4e3a\u8282\u70b9\u5065\u5eb7\u6216\u5176\u4ed6\u95ee\u9898\u5bfc\u81f4 istio-ingressgateway \u53d1\u751f\u6f02\u79fb\uff0c\u9700\u8981\u624b\u52a8\u8c03\u5ea6\u56de\u8be5\u8282\u70b9\uff0c\u5426\u5219\u4f1a\u5f71\u54cd\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u7684\u6b63\u5e38\u4f7f\u7528\u3002
"},{"location":"admin/ghippo/audit/source-ip.html#_1","title":"\u5224\u65ad\u5b89\u88c5\u6a21\u5f0f\u7684\u65b9\u6cd5","text":"kubectl get pod -n metallb-system\n
\u5728\u96c6\u7fa4\u4e2d\u6267\u884c\u4e0a\u9762\u7684\u547d\u4ee4\uff0c\u82e5\u8fd4\u56de\u7ed3\u679c\u5982\u4e0b\uff0c\u5219\u8868\u793a\u8be5\u96c6\u7fa4\u4e3a\u975e MetalLB \u5b89\u88c5\u6a21\u5f0f
No resources found in metallbs-system namespace.\n
"},{"location":"admin/ghippo/audit/source-ip.html#nodeport","title":"NodePort \u5b89\u88c5\u6a21\u5f0f","text":"\u8be5\u6a21\u5f0f\u5b89\u88c5\u4e0b\uff0c\u5ba1\u8ba1\u65e5\u5fd7\u6e90 IP \u9ed8\u8ba4\u662f\u5173\u95ed\u7684\uff0c\u5f00\u542f\u6b65\u9aa4\u5982\u4e0b\uff1a
\u8bbe\u7f6e istio-ingressgateway \u7684 HPA \u7684\u6700\u5c0f\u526f\u672c\u6570\u4e3a\u63a7\u5236\u9762\u8282\u70b9\u6570
count=$(kubectl get nodes --selector=node-role.kubernetes.io/control-plane | wc -l)\ncount=$((count-1))\n\nkubectl patch hpa istio-ingressgateway -n istio-system -p '{\"spec\":{\"minReplicas\":'$count'}}'\n
\u4fee\u6539 istio-ingressgateway \u7684 service \u7684 externalTrafficPolicy \u548c internalTrafficPolicy \u503c\u4e3a \"Local\"
kubectl patch svc istio-ingressgateway -n istio-system -p '{\"spec\":{\"externalTrafficPolicy\":\"Local\",\"internalTrafficPolicy\":\"Local\"}}'\n
\u8be5\u6a21\u5f0f\u4e0b\u5b89\u88c5\u5b8c\u6210\u540e\uff0c\u4f1a\u9ed8\u8ba4\u83b7\u53d6\u5ba1\u8ba1\u65e5\u5fd7\u6e90 IP\u3002
"},{"location":"admin/ghippo/audit/gproduct-audit/ghippo.html","title":"\u5168\u5c40\u7ba1\u7406\u5ba1\u8ba1\u9879\u6c47\u603b","text":"\u4e8b\u4ef6\u540d\u79f0 \u8d44\u6e90\u7c7b\u578b \u5907\u6ce8 \u4fee\u6539\u7528\u6237email\uff1aUpdateEmail-Account Account \u4fee\u6539\u7528\u6237\u5bc6\u7801\uff1aUpdatePassword-Account Account \u521b\u5efask\uff1aCreateAccessKeys-Account Account \u4fee\u6539sk\uff1aUpdateAccessKeys-Account Account \u5220\u9664sk\uff1aDeleteAccessKeys-Account Account \u521b\u5efa\u7528\u6237\uff1aCreate-User User \u5220\u9664\u7528\u6237\uff1aDelete-User User \u66f4\u65b0\u7528\u6237\u4fe1\u606f\uff1aUpdate-User User \u66f4\u65b0\u7528\u6237\u89d2\u8272\uff1a UpdateRoles-User User \u8bbe\u7f6e\u7528\u6237\u5bc6\u7801\uff1a UpdatePassword-User User \u521b\u5efa\u7528\u6237\u5bc6\u94a5\uff1a CreateAccessKeys-User User \u66f4\u65b0\u7528\u6237\u5bc6\u94a5\uff1a UpdateAccessKeys-User User \u5220\u9664\u7528\u6237\u5bc6\u94a5\uff1aDeleteAccessKeys-User User \u521b\u5efa\u7528\u6237\u7ec4\uff1aCreate-Group Group \u5220\u9664\u7528\u6237\u7ec4\uff1aDelete-Group Group \u66f4\u65b0\u7528\u6237\u7ec4\uff1aUpdate-Group Group \u6dfb\u52a0\u7528\u6237\u81f3\u7528\u6237\u7ec4\uff1aAddUserTo-Group Group \u4ece\u7528\u6237\u7ec4\u5220\u9664\u7528\u6237\uff1a RemoveUserFrom-Group Group \u66f4\u65b0\u7528\u6237\u7ec4\u89d2\u8272\uff1a UpdateRoles-Group Group \u89d2\u8272\u5173\u8054\u7528\u6237\uff1aUpdateRoles-User User \u521b\u5efaLdap \uff1aCreate-LADP LADP \u66f4\u65b0Ldap\uff1aUpdate-LADP LADP \u5220\u9664Ldap \uff1a Delete-LADP LADP OIDC\u6ca1\u6709\u8d70APIserver\u5ba1\u8ba1\u4e0d\u5230 \u767b\u5f55\uff1aLogin-User User \u767b\u51fa\uff1aLogout-User User \u8bbe\u7f6e\u5bc6\u7801\u7b56\u7565\uff1aUpdatePassword-SecurityPolicy SecurityPolicy \u8bbe\u7f6e\u4f1a\u8bdd\u8d85\u65f6\uff1aUpdateSessionTimeout-SecurityPolicy SecurityPolicy \u8bbe\u7f6e\u8d26\u53f7\u9501\u5b9a\uff1aUpdateAccountLockout-SecurityPolicy SecurityPolicy \u8bbe\u7f6e\u81ea\u52a8\u767b\u51fa\uff1aUpdateLogout-SecurityPolicy SecurityPolicy \u90ae\u4ef6\u670d\u52a1\u5668\u8bbe\u7f6e MailServer-SecurityPolicy SecurityPolicy \u5916\u89c2\u5b9a\u5236 CustomAppearance-SecurityPolicy SecurityPolicy \u6b63\u7248\u6388\u6743 OfficialAuthz-SecurityPolicy SecurityPolicy \u521b\u5efa\u5de5\u4f5c\u7a7a\u95f4\uff1aCreate-Workspace Workspace \u5220\u9664\u5de5\u4f5c\u7a7a\u95f4\uff1aDelete-Workspace Workspace \u7ed1\u5b9a\u8d44\u6e90\uff1aBindResourceTo-Workspace Workspace \u89e3\u7ed1\u8d44\u6e90\uff1aUnBindResource-Workspace Workspace \u7ed1\u5b9a\u5171\u4eab\u8d44\u6e90\uff1aBindShared-Workspace Workspace \u8bbe\u7f6e\u8d44\u6e90\u914d\u989d\uff1aSetQuota-Workspace Workspace \u5de5\u4f5c\u7a7a\u95f4\u6388\u6743\uff1aAuthorize-Workspace Workspace \u5220\u9664\u6388\u6743 DeAuthorize-Workspace Workspace \u7f16\u8f91\u6388\u6743 UpdateDeAuthorize-Workspace Workspace \u66f4\u65b0\u5de5\u4f5c\u7a7a\u95f4 Update-Workspace Workspace \u521b\u5efa\u6587\u4ef6\u5939\uff1aCreate-Folder Folder \u5220\u9664\u6587\u4ef6\u5939\uff1aDelete-Folder Folder \u7f16\u8f91\u6587\u4ef6\u5939\u6388\u6743\uff1aUpdateAuthorize-Folder Folder \u66f4\u65b0\u6587\u4ef6\u5939\uff1aUpdate-Folder Folder \u65b0\u589e\u6587\u4ef6\u5939\u6388\u6743\uff1aAuthorize-Folder Folder \u5220\u9664\u6587\u4ef6\u5939\u6388\u6743\uff1aDeAuthorize-Folder Folder \u8bbe\u7f6e\u5ba1\u8ba1\u65e5\u5fd7\u81ea\u52a8\u6e05\u7406\uff1aAutoCleanup-Audit Audit \u624b\u52a8\u6e05\u7406\u5ba1\u8ba1\u65e5\u5fd7\uff1aManualCleanup-Audit Audit \u5bfc\u51fa\u5ba1\u8ba1\u65e5\u5fd7\uff1aExport-Audit Audit"},{"location":"admin/ghippo/audit/gproduct-audit/insight.html","title":"\u53ef\u89c2\u6d4b\u6027\u5ba1\u8ba1\u9879\u6c47\u603b","text":"\u4e8b\u4ef6\u540d\u79f0 \u8d44\u6e90\u7c7b\u578b \u5907\u6ce8 \u521b\u5efa\u62e8\u6d4b\u4efb\u52a1\uff1aCreate-ProbeJob ProbeJob \u7f16\u8f91\u62e8\u6d4b\u4efb\u52a1\uff1aUpdate-ProbeJob ProbeJob \u5220\u9664\u62e8\u6d4b\u4efb\u52a1\uff1aDelete-ProbeJob ProbeJob \u521b\u5efa\u544a\u8b66\u7b56\u7565\uff1aCreate-AlertPolicy AlertPolicy \u7f16\u8f91\u544a\u8b66\u7b56\u7565\uff1aUpdate-AlertPolicy AlertPolicy \u5220\u9664\u544a\u8b66\u7b56\u7565\uff1aDelete-AlertPolicy AlertPolicy \u5bfc\u5165\u544a\u8b66\u7b56\u7565\uff1aImport-AlertPolicy AlertPolicy \u5728\u544a\u8b66\u7b56\u7565\u4e2d\u6dfb\u52a0\u89c4\u5219\uff1aCreate-AlertRule AlertRule \u5728\u544a\u8b66\u7b56\u7565\u4e2d\u7f16\u8f91\u89c4\u5219\uff1aUpdate-AlertRule AlertRule \u5728\u544a\u8b66\u7b56\u7565\u4e2d\u5220\u9664\u89c4\u5219\uff1aDelete-AlertRule AlertRule \u521b\u5efa\u544a\u8b66\u6a21\u677f\uff1aCreate-RuleTemplate RuleTemplate \u7f16\u8f91\u544a\u8b66\u6a21\u677f\uff1aUpdate-RuleTemplate RuleTemplate \u5220\u9664\u544a\u8b66\u6a21\u677f\uff1aDelete-RuleTemplate RuleTemplate \u521b\u5efa\u90ae\u7bb1\u7ec4\uff1aCreate-email email \u7f16\u8f91\u90ae\u7bb1\u7ec4\uff1aUpdate-email email \u5220\u9664\u90ae\u7bb1\u7ec4\uff1aDelete-Receiver Receiver \u521b\u5efa\u9489\u9489\u673a\u5668\u4eba\uff1aCreate-dingtalk dingtalk \u7f16\u8f91\u9489\u9489\u673a\u5668\u4eba\uff1aUpdate-dingtalk dingtalk \u5220\u9664\u9489\u9489\u673a\u5668\u4eba\uff1aDelete-Receiver Receiver \u521b\u5efa\u4f01\u5fae\u673a\u5668\u4eba\uff1aCreate-wecom wecom \u7f16\u8f91\u4f01\u5fae\u673a\u5668\u4eba\uff1aUpdate-wecom wecom \u5220\u9664\u4f01\u5fae\u673a\u5668\u4eba\uff1aDelete-Receiver Receiver \u521b\u5efa Webhook\uff1aCreate-webhook webhook \u7f16\u8f91 Webhook\uff1aUpdate-webhook webhook \u5220\u9664 Webhook\uff1aDelete-Receiver Receiver \u521b\u5efa SMS\uff1aCreate-sms sms \u7f16\u8f91 SMS\uff1aUpdate-sms sms \u5220\u9664 SMS\uff1aDelete-Receiver Receiver \u521b\u5efa SMS \u670d\u52a1\u5668\uff1aCreate-aliyun(\u6216\u8005\uff1atencent\uff0ccustom) aliyun, tencent, custom \u7f16\u8f91 SMS \u670d\u52a1\u5668\uff1aUpdate-aliyun(\u6216\u8005\uff1atencent\uff0ccustom) aliyun, tencent, custom \u5220\u9664 SMS \u670d\u52a1\u5668\uff1aDelete-SMSserver SMSserver \u521b\u5efa\u6d88\u606f\u6a21\u677f\uff1aCreate-MessageTemplate MessageTemplate \u7f16\u8f91\u6d88\u606f\u6a21\u677f\uff1aUpdate-MessageTemplate MessageTemplate \u5220\u9664\u6d88\u606f\u6a21\u677f\uff1aDelete-MessageTemplate MessageTemplate \u521b\u5efa\u544a\u8b66\u9759\u9ed8\uff1aCreate-AlertSilence AlertSilence \u7f16\u8f91\u544a\u8b66\u9759\u9ed8\uff1aUpdate-AlertSilence AlertSilence \u5220\u9664\u544a\u8b66\u9759\u9ed8\uff1aDelete-AlertSilence AlertSilence \u521b\u5efa\u544a\u8b66\u6291\u5236\u89c4\u5219\uff1aCreate-AlertInhibition AlertInhibition \u7f16\u8f91\u544a\u8b66\u6291\u5236\u89c4\u5219\uff1aUpdate-AlertInhibition AlertInhibition \u5220\u9664\u544a\u8b66\u6291\u5236\u89c4\u5219\uff1aDelete-AlertInhibition AlertInhibition \u66f4\u65b0\u7cfb\u7edf\u914d\u7f6e\uff1aUpdate-SystemSettings SystemSettings"},{"location":"admin/ghippo/audit/gproduct-audit/kpanda.html","title":"\u5bb9\u5668\u7ba1\u7406\u5ba1\u8ba1\u9879\u6c47\u603b","text":"\u4e8b\u4ef6\u540d\u79f0 \u8d44\u6e90\u7c7b\u578b \u521b\u5efa\u96c6\u7fa4\uff1aCreate-Cluster Cluster \u5378\u8f7d\u96c6\u7fa4\uff1aDelete-Cluster Cluster \u63a5\u5165\u96c6\u7fa4\uff1aIntegrate-Cluster Cluster \u89e3\u9664\u63a5\u5165\u7684\u96c6\u7fa4\uff1aRemove-Cluster Cluster \u96c6\u7fa4\u5347\u7ea7\uff1aUpgrade-Cluster Cluster \u96c6\u7fa4\u63a5\u5165\u8282\u70b9\uff1aIntegrate-Node Node \u96c6\u7fa4\u8282\u70b9\u79fb\u9664\uff1aRemove-Node Node \u96c6\u7fa4\u8282\u70b9 GPU \u6a21\u5f0f\u5207\u6362\uff1aUpdate-NodeGPUMode NodeGPUMode helm\u4ed3\u5e93\u521b\u5efa\uff1aCreate-HelmRepo HelmRepo helm\u5e94\u7528\u90e8\u7f72\uff1aCreate-HelmApp HelmApp helm\u5e94\u7528\u5220\u9664\uff1aDelete-HelmApp HelmApp \u521b\u5efa\u65e0\u72b6\u6001\u8d1f\u8f7d\uff1aCreate-Deployment Deployment \u5220\u9664\u65e0\u72b6\u6001\u8d1f\u8f7d\uff1aDelete-Deployment Deployment \u521b\u5efa\u5b88\u62a4\u8fdb\u7a0b\uff1aCreate-DaemonSet DaemonSet \u5220\u9664\u5b88\u62a4\u8fdb\u7a0b\uff1aDelete-DaemonSet DaemonSet \u521b\u5efa\u6709\u72b6\u6001\u8d1f\u8f7d\uff1aCreate-StatefulSet StatefulSet \u5220\u9664\u6709\u72b6\u6001\u8d1f\u8f7d\uff1aDelete-StatefulSet StatefulSet \u521b\u5efa\u4efb\u52a1\uff1aCreate-Job Job \u5220\u9664\u4efb\u52a1\uff1aDelete-Job Job \u521b\u5efa\u5b9a\u65f6\u4efb\u52a1\uff1aCreate-CronJob CronJob \u5220\u9664\u5b9a\u65f6\u4efb\u52a1\uff1aDelete-CronJob CronJob \u5220\u9664\u5bb9\u5668\u7ec4\uff1aDelete-Pod Pod \u521b\u5efa\u670d\u52a1\uff1aCreate-Service Service \u5220\u9664\u670d\u52a1\uff1aDelete-Service Service \u521b\u5efa\u8def\u7531\uff1aCreate-Ingress Ingress \u5220\u9664\u8def\u7531\uff1aDelete-Ingress Ingress \u521b\u5efa\u5b58\u50a8\u6c60\uff1aCreate-StorageClass StorageClass \u5220\u9664\u5b58\u50a8\u6c60\uff1aDelete-StorageClass StorageClass \u521b\u5efa\u6570\u636e\u5377\uff1aCreate-PersistentVolume PersistentVolume \u5220\u9664\u6570\u636e\u5377\uff1aDelete-PersistentVolume PersistentVolume \u521b\u5efa\u6570\u636e\u5377\u58f0\u660e\uff1aCreate-PersistentVolumeClaim PersistentVolumeClaim \u5220\u9664\u6570\u636e\u5377\u58f0\u660e\uff1aDelete-PersistentVolumeClaim PersistentVolumeClaim \u5220\u9664\u526f\u672c\u96c6\uff1aDelete-ReplicaSet ReplicaSet ns\u7ed1\u5b9a\u5de5\u4f5c\u7a7a\u95f4\uff1aBindResourceTo-Workspace Workspace ns\u89e3\u7ed1\u5de5\u4f5c\u7a7a\u95f4 \uff1aUnBindResource-Workspace Workspace \u96c6\u7fa4\u7ed1\u5b9a\u5de5\u4f5c\u7a7a\u95f4\uff1aBindResourceTo-Workspace Workspace \u96c6\u7fa4\u89e3\u7ed1\u5de5\u4f5c\u7a7a\u95f4\uff1aUnBindResource-Workspace Workspace \u6253\u5f00\u63a7\u5236\u53f0\uff1aCreate-CloudShell CloudShell \u5173\u95ed\u63a7\u5236\u53f0\uff1aDelete-CloudShell CloudShell"},{"location":"admin/ghippo/audit/gproduct-audit/virtnest.html","title":"\u4e91\u4e3b\u673a\u5ba1\u8ba1\u9879\u6c47\u603b","text":"\u4e8b\u4ef6\u540d\u79f0 \u8d44\u6e90\u7c7b\u578b \u5907\u6ce8 \u91cd\u542f\u4e91\u4e3b\u673a\uff1aRestart-VMs VM \u4e91\u4e3b\u673a\u8f6c\u6362\u4e3a\u6a21\u677f\uff1aConvertToTemplate-VMs VM \u7f16\u8f91\u4e91\u4e3b\u673a\uff1aEdit-VMs VM \u66f4\u65b0\u4e91\u4e3b\u673a\uff1aUpdate-VMs VM \u5feb\u7167\u6062\u590d\uff1aRestore-VMs VM \u5f00\u673a\u4e91\u4e3b\u673a\uff1aPower on-VMs VM \u5b9e\u65f6\u8fc1\u79fb\uff1aLiveMigrate-VMs VM \u5220\u9664\u4e91\u4e3b\u673a\uff1aDelete-VMs VM \u5220\u9664\u4e91\u4e3b\u673a\u6a21\u677f\uff1aDelete-VM Template VM Template \u521b\u5efa\u4e91\u4e3b\u673a\uff1aCreate-VMs VM \u521b\u5efa\u5feb\u7167\uff1aCreateSnapshot-VMs VM \u5173\u673a\u4e91\u4e3b\u673a\uff1aPower off-VMs VM \u514b\u9686\u4e91\u4e3b\u673a\uff1aClone-VMs VM"},{"location":"admin/ghippo/best-practice/authz-plan.html","title":"\u666e\u901a\u7528\u6237\u6388\u6743\u89c4\u5212","text":"\u666e\u901a\u7528\u6237\u662f\u6307\u80fd\u591f\u4f7f\u7528 AI \u7b97\u529b\u4e2d\u5fc3\u5927\u90e8\u5206\u4ea7\u54c1\u6a21\u5757\u53ca\u529f\u80fd\uff08\u7ba1\u7406\u529f\u80fd\u9664\u5916\uff09\uff0c\u5bf9\u6743\u9650\u8303\u56f4\u5185\u7684\u8d44\u6e90\u6709\u4e00\u5b9a\u7684\u64cd\u4f5c\u6743\u9650\uff0c\u80fd\u591f\u72ec\u7acb\u4f7f\u7528\u8d44\u6e90\u90e8\u7f72\u5e94\u7528\u3002
\u5bf9\u8fd9\u7c7b\u7528\u6237\u7684\u6388\u6743\u53ca\u8d44\u6e90\u89c4\u5212\u6d41\u7a0b\u5982\u4e0b\u56fe\u6240\u793a\u3002
graph TB\n\n start([\u5f00\u59cb]) --> user[1. \u521b\u5efa\u7528\u6237]\n user --> ns[2. \u51c6\u5907 Kubernetes \u547d\u540d\u7a7a\u95f4]\n ns --> ws[3. \u51c6\u5907\u5de5\u4f5c\u7a7a\u95f4]\n ws --> ws-to-ns[4. \u5de5\u4f5c\u7a7a\u95f4\u7ed1\u5b9a\u547d\u540d\u7a7a\u95f4]\n ws-to-ns --> authu[5. \u7ed9\u7528\u6237\u6388\u6743 Workspace Editor]\n authu --> complete([\u7ed3\u675f])\n\n classDef plain fill:#ddd,stroke:#fff,stroke-width:4px,color:#000;\n classDef k8s fill:#326ce5,stroke:#fff,stroke-width:4px,color:#fff;\n classDef cluster fill:#fff,stroke:#bbb,stroke-width:1px,color:#326ce5;\n class user,ns,ws,ws-to-ns,authu cluster;\n class start,complete plain;
"},{"location":"admin/ghippo/best-practice/cluster-for-multiws.html","title":"\u5c06\u96c6\u7fa4\u5206\u914d\u7ed9\u591a\u4e2a\u5de5\u4f5c\u7a7a\u95f4\uff08\u79df\u6237\uff09","text":"\u96c6\u7fa4\u8d44\u6e90\u901a\u5e38\u7531\u8fd0\u7ef4\u4eba\u5458\u8fdb\u884c\u7ba1\u7406\u3002\u5728\u5206\u914d\u8d44\u6e90\u5206\u914d\u65f6\uff0c\u4ed6\u4eec\u9700\u8981\u521b\u5efa\u547d\u540d\u7a7a\u95f4\u6765\u9694\u79bb\u8d44\u6e90\uff0c\u5e76\u8bbe\u7f6e\u8d44\u6e90\u914d\u989d\u3002 \u8fd9\u79cd\u65b9\u5f0f\u6709\u4e2a\u5f0a\u7aef\uff0c\u5982\u679c\u4f01\u4e1a\u7684\u4e1a\u52a1\u91cf\u5f88\u5927\uff0c\u624b\u52a8\u5206\u914d\u8d44\u6e90\u9700\u8981\u8f83\u5927\u7684\u5de5\u4f5c\u91cf\uff0c\u800c\u60f3\u8981\u7075\u6d3b\u8c03\u914d\u8d44\u6e90\u989d\u5ea6\u4e5f\u6709\u4e0d\u5c0f\u96be\u5ea6\u3002
AI \u7b97\u529b\u4e2d\u5fc3\u4e3a\u6b64\u5f15\u5165\u4e86\u5de5\u4f5c\u7a7a\u95f4\u7684\u6982\u5ff5\u3002\u5de5\u4f5c\u7a7a\u95f4\u901a\u8fc7\u5171\u4eab\u8d44\u6e90\u53ef\u4ee5\u63d0\u4f9b\u66f4\u9ad8\u7ef4\u5ea6\u7684\u8d44\u6e90\u9650\u989d\u80fd\u529b\uff0c\u5b9e\u73b0\u5de5\u4f5c\u7a7a\u95f4\uff08\u79df\u6237\uff09\u5728\u8d44\u6e90\u9650\u989d\u4e0b\u81ea\u52a9\u5f0f\u521b\u5efa Kubernetes \u547d\u540d\u7a7a\u95f4\u7684\u80fd\u529b\u3002
\u4e3e\u4f8b\u800c\u8a00\uff0c\u5982\u679c\u60f3\u8981\u8ba9\u51e0\u4e2a\u90e8\u95e8\u5171\u4eab\u4e0d\u540c\u7684\u96c6\u7fa4\u3002
Cluster01\uff08\u666e\u901a\uff09 Cluster02\uff08\u9ad8\u53ef\u7528\uff09 \u90e8\u95e8\uff08\u5de5\u4f5c\u7a7a\u95f4\uff09A 50 quota 10 quota \u90e8\u95e8\uff08\u5de5\u4f5c\u7a7a\u95f4\uff09B 100 quota 20 quota\u53ef\u4ee5\u53c2\u7167\u4ee5\u4e0b\u6d41\u7a0b\u5c06\u96c6\u7fa4\u5206\u4eab\u7ed9\u591a\u4e2a\u90e8\u95e8/\u5de5\u4f5c\u7a7a\u95f4/\u79df\u6237\uff1a
graph TB\n\npreparews[\u51c6\u5907\u5de5\u4f5c\u7a7a\u95f4] --> preparecs[\u51c6\u5907\u96c6\u7fa4]\n--> share[\u5c06\u96c6\u7fa4\u5171\u4eab\u5230\u5de5\u4f5c\u7a7a\u95f4]\n--> judge([\u5224\u65ad\u5de5\u4f5c\u7a7a\u95f4\u5269\u4f59\u989d\u5ea6])\njudge -.\u5927\u4e8e\u5269\u4f59\u989d\u5ea6.->modifyns[\u4fee\u6539\u547d\u540d\u7a7a\u95f4\u989d\u5ea6]\njudge -.\u5c0f\u4e8e\u5269\u4f59\u989d\u5ea6.->createns[\u521b\u5efa\u547d\u540d\u7a7a\u95f4]\n\nclassDef plain fill:#ddd,stroke:#fff,stroke-width:1px,color:#000;\nclassDef k8s fill:#326ce5,stroke:#fff,stroke-width:1px,color:#fff;\nclassDef cluster fill:#fff,stroke:#bbb,stroke-width:1px,color:#326ce5;\n\nclass preparews,preparecs,share, cluster;\nclass judge plain\nclass modifyns,createns k8s
"},{"location":"admin/ghippo/best-practice/cluster-for-multiws.html#_2","title":"\u51c6\u5907\u4e00\u4e2a\u5de5\u4f5c\u7a7a\u95f4","text":"\u5de5\u4f5c\u7a7a\u95f4\u662f\u4e3a\u4e86\u6ee1\u8db3\u591a\u79df\u6237\u7684\u4f7f\u7528\u573a\u666f\uff0c\u57fa\u4e8e\u96c6\u7fa4\u3001\u96c6\u7fa4\u547d\u540d\u7a7a\u95f4\u3001\u7f51\u683c\u3001\u7f51\u683c\u547d\u540d\u7a7a\u95f4\u3001\u591a\u4e91\u3001\u591a\u4e91\u547d\u540d\u7a7a\u95f4\u7b49\u591a\u79cd\u8d44\u6e90\u5f62\u6210\u76f8\u4e92\u9694\u79bb\u7684\u8d44\u6e90\u73af\u5883\uff0c \u5de5\u4f5c\u7a7a\u95f4\u53ef\u4ee5\u6620\u5c04\u4e3a\u9879\u76ee\u3001\u79df\u6237\u3001\u4f01\u4e1a\u3001\u4f9b\u5e94\u5546\u7b49\u591a\u79cd\u6982\u5ff5\u3002
\u4f7f\u7528 admin/folder admin \u89d2\u8272\u7684\u7528\u6237\u767b\u5f55 AI \u7b97\u529b\u4e2d\u5fc3\uff0c\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u5e95\u90e8\u7684 \u5168\u5c40\u7ba1\u7406 -> \u5de5\u4f5c\u7a7a\u95f4\u4e0e\u5c42\u7ea7 \u3002
\u70b9\u51fb\u53f3\u4e0a\u89d2\u7684 \u521b\u5efa\u5de5\u4f5c\u7a7a\u95f4 \u6309\u94ae\u3002
\u586b\u5199\u5de5\u4f5c\u7a7a\u95f4\u540d\u79f0\u3001\u6240\u5c5e\u6587\u4ef6\u5939\u7b49\u4fe1\u606f\u540e\uff0c\u70b9\u51fb \u786e\u5b9a \uff0c\u5b8c\u6210\u521b\u5efa\u5de5\u4f5c\u7a7a\u95f4\u3002
\u5de5\u4f5c\u7a7a\u95f4\u662f\u4e3a\u4e86\u6ee1\u8db3\u591a\u79df\u6237\u7684\u4f7f\u7528\u573a\u666f\uff0c\u57fa\u4e8e\u96c6\u7fa4\u3001\u96c6\u7fa4\u547d\u540d\u7a7a\u95f4\u3001\u7f51\u683c\u3001\u7f51\u683c\u547d\u540d\u7a7a\u95f4\u3001\u591a\u4e91\u3001\u591a\u4e91\u547d\u540d\u7a7a\u95f4\u7b49\u591a\u79cd\u8d44\u6e90\u5f62\u6210\u76f8\u4e92\u9694\u79bb\u7684\u8d44\u6e90\u73af\u5883\uff0c\u5de5\u4f5c\u7a7a\u95f4\u53ef\u4ee5\u6620\u5c04\u4e3a\u9879\u76ee\u3001\u79df\u6237\u3001\u4f01\u4e1a\u3001\u4f9b\u5e94\u5546\u7b49\u591a\u79cd\u6982\u5ff5\u3002
\u53c2\u7167\u4ee5\u4e0b\u6b65\u9aa4\u51c6\u5907\u4e00\u4e2a\u96c6\u7fa4\u3002
\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u5e95\u90e8\u7684 \u5bb9\u5668\u7ba1\u7406 \uff0c\u9009\u62e9 \u96c6\u7fa4\u5217\u8868 \u3002
\u70b9\u51fb \u521b\u5efa\u96c6\u7fa4 \u521b\u5efa\u4e00\u4e2a\u96c6\u7fa4\uff0c\u6216\u70b9\u51fb \u63a5\u5165\u96c6\u7fa4 \u63a5\u5165\u4e00\u4e2a\u96c6\u7fa4\u3002
\u8fd4\u56de \u5168\u5c40\u7ba1\u7406 \uff0c\u4e3a\u5de5\u4f5c\u7a7a\u95f4\u6dfb\u52a0\u96c6\u7fa4\u3002
\u4f9d\u6b21\u70b9\u51fb \u5168\u5c40\u7ba1\u7406 -> \u5de5\u4f5c\u7a7a\u95f4\u4e0e\u5c42\u7ea7 -> \u5171\u4eab\u8d44\u6e90 \uff0c\u70b9\u51fb\u67d0\u4e2a\u5de5\u4f5c\u7a7a\u95f4\u540d\u79f0\u540e\uff0c\u70b9\u51fb \u65b0\u589e\u5171\u4eab\u8d44\u6e90 \u6309\u94ae\u3002
\u9009\u62e9\u96c6\u7fa4\uff0c\u586b\u5199\u8d44\u6e90\u9650\u989d\u540e\uff0c\u70b9\u51fb \u786e\u5b9a \u3002
\u6587\u4ef6\u5939\u4ee3\u8868\u4e00\u4e2a\u7ec4\u7ec7\u673a\u6784\uff08\u4f8b\u5982\u4e00\u4e2a\u90e8\u95e8\uff09\uff0c\u662f\u8d44\u6e90\u5c42\u6b21\u7ed3\u6784\u4e2d\u7684\u4e00\u4e2a\u8282\u70b9\u3002
\u4e00\u4e2a\u6587\u4ef6\u5939\u53ef\u4ee5\u5305\u542b\u5de5\u4f5c\u7a7a\u95f4\u3001\u5b50\u6587\u4ef6\u5939\u6216\u4e24\u8005\u7684\u7ec4\u5408\u3002 \u5b83\u63d0\u4f9b\u4e86\u8eab\u4efd\u7ba1\u7406\u3001\u591a\u5c42\u7ea7\u548c\u6743\u9650\u6620\u5c04\u80fd\u529b\uff0c\u80fd\u591f\u5c06\u7528\u6237/\u7528\u6237\u7ec4\u5728\u6587\u4ef6\u5939\u4e2d\u7684\u89d2\u8272\u6620\u5c04\u5230\u5176\u4e0b\u7684\u5b50\u6587\u4ef6\u5939\u3001\u5de5\u4f5c\u7a7a\u95f4\u548c\u8d44\u6e90\u4e0a\u3002 \u56e0\u6b64\u501f\u52a9\u4e8e\u6587\u4ef6\u5939\uff0c\u4f01\u4e1a\u7ba1\u7406\u8005\u80fd\u591f\u96c6\u4e2d\u7ba1\u63a7\u6240\u6709\u8d44\u6e90\u3002
\u6784\u5efa\u4f01\u4e1a\u5c42\u7ea7\u5173\u7cfb
\u9996\u5148\u8981\u6309\u7167\u73b0\u6709\u7684\u4f01\u4e1a\u5c42\u7ea7\u7ed3\u6784\uff0c\u6784\u5efa\u4e0e\u4f01\u4e1a\u76f8\u540c\u7684\u6587\u4ef6\u5939\u5c42\u7ea7\u3002 AI \u7b97\u529b\u4e2d\u5fc3\u652f\u6301 5 \u7ea7\u6587\u4ef6\u5939\uff0c\u53ef\u4ee5\u6839\u636e\u4f01\u4e1a\u5b9e\u9645\u60c5\u51b5\u81ea\u7531\u7ec4\u5408\uff0c\u5c06\u6587\u4ef6\u5939\u548c\u5de5\u4f5c\u7a7a\u95f4\u6620\u5c04\u4e3a\u4f01\u4e1a\u4e2d\u7684\u90e8\u95e8\u3001\u9879\u76ee\u3001\u4f9b\u5e94\u5546\u7b49\u5b9e\u4f53\u3002
\u6587\u4ef6\u5939\u4e0d\u76f4\u63a5\u4e0e\u8d44\u6e90\u6302\u94a9\uff0c\u800c\u662f\u901a\u8fc7\u5de5\u4f5c\u7a7a\u95f4\u95f4\u63a5\u5b9e\u73b0\u8d44\u6e90\u5206\u7ec4\u3002
\u7528\u6237\u8eab\u4efd\u7ba1\u7406
\u6587\u4ef6\u5939\u63d0\u4f9b\u4e86 Folder Admin\u3001Folder Editor\u3001Folder Viewer \u4e09\u79cd\u89d2\u8272\u3002 \u67e5\u770b\u89d2\u8272\u6743\u9650\uff0c\u53ef\u901a\u8fc7\u6388\u6743\u7ed9\u540c\u4e00\u6587\u4ef6\u5939\u4e2d\u7684\u7528\u6237/\u7528\u6237\u7ec4\u6388\u4e88\u4e0d\u540c\u7684\u89d2\u8272\u3002
\u89d2\u8272\u6743\u9650\u6620\u5c04
\u4f01\u4e1a\u7ba1\u7406\u8005\uff1a\u5728\u6839\u6587\u4ef6\u5939\u6388\u4e88 Folder Admin \u89d2\u8272\u3002\u4ed6\u5c06\u62e5\u6709\u6240\u6709\u90e8\u95e8\u3001\u9879\u76ee\u53ca\u5176\u8d44\u6e90\u7684\u7ba1\u7406\u6743\u9650\u3002
\u90e8\u95e8\u7ba1\u7406\u8005\uff1a\u5728\u5404\u4e2a\u5b50\u6587\u4ef6\u5939\u3001\u5de5\u4f5c\u7a7a\u95f4\u5355\u72ec\u6388\u4e88\u7ba1\u7406\u6743\u9650\u3002
\u9879\u76ee\u6210\u5458\uff1a\u5728\u5de5\u4f5c\u7a7a\u95f4\u3001\u8d44\u6e90\u5c42\u7ea7\u5355\u72ec\u6388\u4e88\u7ba1\u7406\u6743\u9650\u3002
\u4f34\u968f\u4e1a\u52a1\u7684\u6301\u7eed\u6269\u5f20\uff0c\u516c\u53f8\u89c4\u6a21\u4e0d\u65ad\u58ee\u5927\uff0c\u5b50\u516c\u53f8\u3001\u5206\u516c\u53f8\u7eb7\u7eb7\u8bbe\u7acb\uff0c\u6709\u7684\u5b50\u516c\u53f8\u8fd8\u8fdb\u4e00\u6b65\u8bbe\u7acb\u5b59\u516c\u53f8\uff0c \u539f\u5148\u7684\u5927\u90e8\u95e8\u4e5f\u9010\u6e10\u7ec6\u5206\u6210\u591a\u4e2a\u5c0f\u90e8\u95e8\uff0c\u4ece\u800c\u4f7f\u5f97\u7ec4\u7ec7\u7ed3\u6784\u7684\u5c42\u7ea7\u65e5\u76ca\u589e\u591a\u3002\u8fd9\u79cd\u7ec4\u7ec7\u7ed3\u6784\u7684\u53d8\u5316\uff0c\u4e5f\u5bf9 IT \u6cbb\u7406\u67b6\u6784\u4ea7\u751f\u4e86\u5f71\u54cd\u3002
\u5177\u4f53\u64cd\u4f5c\u6b65\u9aa4\u5982\u4e0b\uff1a
\u5f00\u542f Folder/WS \u4e4b\u95f4\u7684\u9694\u79bb\u6a21\u5f0f
\u8bf7\u53c2\u8003\u5f00\u542f Folder/WS \u4e4b\u95f4\u7684\u9694\u79bb\u6a21\u5f0f\u3002
\u6309\u7167\u5b9e\u9645\u60c5\u51b5\u89c4\u5212\u4f01\u4e1a\u67b6\u6784
\u5728\u591a\u5c42\u7ea7\u7ec4\u7ec7\u67b6\u6784\u4e0b\uff0c\u5efa\u8bae\u5c06\u4e8c\u7ea7\u6587\u4ef6\u5939\u4f5c\u4e3a\u9694\u79bb\u5355\u5143\uff0c\u8fdb\u884c\u201c\u5b50\u516c\u53f8\u201d\u4e4b\u95f4\u7684\u7528\u6237/\u7528\u6237\u7ec4/\u8d44\u6e90\u4e4b\u95f4\u7684\u9694\u79bb\u3002 \u9694\u79bb\u540e\u201c\u5b50\u516c\u53f8\u201d\u4e4b\u95f4\u7684\u7528\u6237/\u7528\u6237\u7ec4/\u8d44\u6e90\u4e92\u4e0d\u53ef\u89c1\u3002
\u521b\u5efa\u7528\u6237/\u6253\u901a\u7528\u6237\u4f53\u7cfb
\u7531\u4e3b\u5e73\u53f0\u7ba1\u7406\u5458 Admin \u5728\u5e73\u53f0\u7edf\u4e00\u521b\u5efa\u7528\u6237\u6216\u901a\u8fc7 LDAP/OIDC/OAuth2.0 \u7b49\u8eab\u4efd\u63d0\u4f9b\u5546\u80fd\u529b\u5c06\u7528\u6237\u7edf\u4e00\u5bf9\u63a5\u5230 AI \u7b97\u529b\u4e2d\u5fc3\u3002
\u521b\u5efa\u6587\u4ef6\u5939\u89d2\u8272
\u5728 Folder/WS \u7684\u9694\u79bb\u6a21\u5f0f\u4e0b\uff0c\u9700\u8981\u5e73\u53f0\u7ba1\u7406\u5458 Admin \u901a\u8fc7 \u6388\u6743 \u9996\u5148\u5c06\u7528\u6237\u9080\u8bf7\u5230\u5404\u4e2a\u5b50\u516c\u53f8\uff0c\u201c\u5b50\u516c\u53f8\u7ba1\u7406\u5458\uff08Folder Admin\uff09\u201d\u624d\u80fd\u591f\u5bf9\u8fd9\u4e9b\u7528\u6237\u8fdb\u884c\u7ba1\u7406\uff0c \u5982\u4e8c\u6b21\u6388\u6743\u6216\u8005\u7f16\u8f91\u6743\u9650\u3002\u5efa\u8bae\u7b80\u5316\u5e73\u53f0\u7ba1\u7406\u5458 Admin \u7684\u7ba1\u7406\u5de5\u4f5c\uff0c\u521b\u5efa\u4e00\u4e2a\u65e0\u5b9e\u9645\u6743\u9650\u7684\u89d2\u8272\u6765\u8f85\u52a9\u5e73\u53f0\u7ba1\u7406\u5458 Admin \u5b9e\u73b0\u901a\u8fc7\u201c\u6388\u6743\u201d\u5c06\u7528\u6237\u9080\u8bf7\u5230\u5b50\u516c\u53f8\u7684\u64cd\u4f5c\u3002 \u800c\u5b50\u516c\u53f8\u7528\u6237\u7684\u5b9e\u9645\u6743\u9650\u4e0b\u653e\u5230\u5404\u4e2a\u5b50\u516c\u53f8\u7ba1\u7406\u5458\uff08Folder Admin\uff09\u81ea\u884c\u7ba1\u7406\u3002
Note
\u8d44\u6e90\u7ed1\u5b9a\u6743\u9650\u70b9\u5355\u72ec\u4f7f\u7528\u4e0d\u751f\u6548\uff0c\u56e0\u6b64\u7b26\u5408\u4e0a\u8ff0\u901a\u8fc7\u201c\u6388\u6743\u201d\u5c06\u7528\u6237\u9080\u8bf7\u5230\u5b50\u516c\u53f8\u7684\u64cd\u4f5c\uff0c\u518d\u7531\u5b50\u516c\u53f8\u7ba1\u7406\u5458 Folder Admin \u81ea\u884c\u7ba1\u7406\u7684\u8981\u6c42\u3002
\u4ee5\u4e0b\u6f14\u793a\u5982\u4f55\u521b\u5efa\u8d44\u6e90\u7ed1\u5b9a \u65e0\u5b9e\u9645\u6743\u9650\u7684\u89d2\u8272 \uff0c\u5373 minirole\u3002
\u7ed9\u7528\u6237\u6388\u6743
\u5e73\u53f0\u7ba1\u7406\u5458\u901a\u8fc7\u201c\u6388\u6743\u201d\u5c06\u7528\u6237\u6309\u7167\u5b9e\u9645\u60c5\u51b5\u9080\u8bf7\u5230\u5404\u4e2a\u5b50\u516c\u53f8\uff0c\u5e76\u4efb\u547d\u5b50\u516c\u53f8\u7ba1\u7406\u5458\u3002
\u5c06\u5b50\u516c\u53f8\u666e\u901a\u7528\u6237\u6388\u6743\u4e3a \u201cminirole\u201d (1)\uff0c\u5c06\u5b50\u516c\u53f8\u7ba1\u7406\u5458\u6388\u6743\u4e3a Floder Admin\u3002
\u5b50\u516c\u53f8\u7ba1\u7406\u5458\u81ea\u884c\u7ba1\u7406\u7528\u6237/\u7528\u6237\u7ec4
\u5b50\u516c\u53f8\u7ba1\u7406\u5458 Folder Admin \u767b\u5f55\u5e73\u53f0\u540e\u53ea\u80fd\u770b\u5230\u81ea\u5df1\u6240\u5728\u7684\u201c\u5b50\u516c\u53f8 2\u201d\uff0c \u5e76\u80fd\u591f\u901a\u8fc7\u521b\u5efa\u6587\u4ef6\u5939\u3001\u521b\u5efa\u5de5\u4f5c\u7a7a\u95f4\u8c03\u6574\u67b6\u6784\uff0c\u901a\u8fc7\u6dfb\u52a0\u6388\u6743/\u7f16\u8f91\u6743\u9650\u4e3a\u5b50\u516c\u53f8 2 \u4e2d\u7684\u7528\u6237\u8d4b\u4e88\u5176\u4ed6\u6743\u9650\u3002
\u5728\u6dfb\u52a0\u6388\u6743\u65f6\uff0c\u5b50\u516c\u53f8\u7ba1\u7406\u5458 Folder Admin \u53ea\u80fd\u770b\u5230\u88ab\u5e73\u53f0\u7ba1\u7406\u5458\u901a\u8fc7\u201c\u6388\u6743\u201d\u9080\u8bf7\u8fdb\u6765\u7684\u7528\u6237\uff0c\u800c\u4e0d\u80fd\u770b\u5230\u5e73\u53f0\u4e0a\u7684\u6240\u6709\u7528\u6237\uff0c \u4ece\u800c\u5b9e\u73b0 Folder/WS \u4e4b\u95f4\u7684\u7528\u6237\u9694\u79bb\uff0c\u7528\u6237\u7ec4\u540c\u7406\uff08\u5e73\u53f0\u7ba1\u7406\u5458\u89c6\u89d2\u80fd\u591f\u770b\u5230\u5e76\u6388\u6743\u5e73\u53f0\u4e0a\u6240\u6709\u7684\u7528\u6237\u548c\u7528\u6237\u7ec4\uff09\u3002
Note
\u8d85\u5927\u578b\u4f01\u4e1a\u4e0e\u5927/\u4e2d/\u5c0f\u578b\u4f01\u4e1a\u7684\u4e3b\u8981\u533a\u522b\u5728\u4e8e Folder \u548c\u5de5\u4f5c\u7a7a\u95f4\u4e2d\u7528\u6237/\u7528\u6237\u7ec4\u4e4b\u95f4\u662f\u5426\u53ef\u89c1\u3002 \u8d85\u5927\u578b\u4f01\u4e1a\u91cc\u5b50\u516c\u53f8\u4e0e\u5b50\u516c\u53f8\u4e4b\u95f4\u7528\u6237/\u7528\u6237\u7ec4\u4e0d\u53ef\u89c1 + \u6743\u9650\u9694\u79bb\uff1b \u5927/\u4e2d/\u5c0f\u578b\u4f01\u4e1a\u90e8\u95e8\u4e4b\u95f4\u7684\u7528\u6237\u76f8\u4e92\u53ef\u89c1 + \u6743\u9650\u9694\u79bb\u3002
"},{"location":"admin/ghippo/best-practice/system-message.html","title":"\u7cfb\u7edf\u6d88\u606f","text":"\u7cfb\u7edf\u6d88\u606f\u7528\u4e8e\u901a\u77e5\u6240\u6709\u7528\u6237\uff0c\u7c7b\u4f3c\u4e8e\u7cfb\u7edf\u516c\u544a\uff0c\u4f1a\u5728\u7279\u5b9a\u65f6\u95f4\u663e\u793a\u5728 AI \u7b97\u529b\u4e2d\u5fc3UI \u7684\u9876\u90e8\u680f\u3002
"},{"location":"admin/ghippo/best-practice/system-message.html#_2","title":"\u914d\u7f6e\u7cfb\u7edf\u6d88\u606f","text":"\u901a\u8fc7\u5728\u5168\u5c40\u670d\u52a1\u96c6\u7fa4 apply \u7cfb\u7edf\u6d88\u606f\u7684 YAML \u5373\u53ef\u521b\u5efa\u4e00\u6761\u7cfb\u7edf\u6d88\u606f\uff0c\u6d88\u606f\u7684\u663e\u793a\u65f6\u95f4\u7531 YAML \u4e2d\u7684\u65f6\u95f4\u5b57\u6bb5\u51b3\u5b9a\u3002 \u7cfb\u7edf\u6d88\u606f\u4ec5\u5728 start\u3001end \u5b57\u6bb5\u914d\u7f6e\u7684\u65f6\u95f4\u8303\u56f4\u4e4b\u5185\u624d\u4f1a\u663e\u793a\u3002
\u5728\u96c6\u7fa4\u5217\u8868\u4e2d\uff0c\u70b9\u51fb\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u8fdb\u5165\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u3002
\u9009\u62e9\u5de6\u4fa7\u5bfc\u822a\u680f\u7684 \u81ea\u5b9a\u4e49\u8d44\u6e90 \uff0c\u641c\u7d22 ghippoconfig
\uff0c\u70b9\u51fb\u641c\u7d22\u51fa\u6765\u7684 ghippoconfigs.ghippo.io
\u70b9\u51fb YAML \u521b\u5efa \uff0c\u6216\u4fee\u6539\u5df2\u5b58\u5728\u7684 YAML
\u6700\u7ec8\u6548\u679c\u5982\u4e0b
\u4ee5\u4e0b\u662f\u4e00\u4e2a YAML \u793a\u4f8b\uff1a
apiVersion: ghippo.io/v1alpha1\nkind: GhippoConfig\nmetadata:\n name: system-message\nspec:\n message: \"this is a message\"\n start: 2024-01-02T15:04:05+08:00\n end: 2024-07-24T17:26:05+08:00\n
"},{"location":"admin/ghippo/best-practice/ws-best-practice.html","title":"\u5de5\u4f5c\u7a7a\u95f4\u6700\u4f73\u5b9e\u8df5","text":"\u5de5\u4f5c\u7a7a\u95f4\u662f\u4e00\u79cd\u8d44\u6e90\u5206\u7ec4\u5355\u5143\uff0c\u5927\u591a\u6570\u8d44\u6e90\u90fd\u53ef\u4ee5\u5728\u5de5\u4f5c\u7a7a\u95f4\u4e0b\u521b\u5efa\u6216\u624b\u52a8\u7ed1\u5b9a\u5230\u67d0\u4e00\u4e2a\u5de5\u4f5c\u7a7a\u95f4\u4e2d\u3002 \u800c\u5de5\u4f5c\u7a7a\u95f4\u901a\u8fc7\u6388\u6743\u548c\u8d44\u6e90\u7ed1\u5b9a\uff0c\u80fd\u591f\u5b9e\u73b0\u7528\u6237\u4e0e\u89d2\u8272\u7684\u7ed1\u5b9a\u5173\u7cfb\uff0c\u5e76\u4e00\u6b21\u6027\u5e94\u7528\u5230\u5de5\u4f5c\u7a7a\u95f4\u7684\u6240\u6709\u8d44\u6e90\u4e0a\u3002
\u901a\u8fc7\u5de5\u4f5c\u7a7a\u95f4\uff0c\u53ef\u4ee5\u8f7b\u677e\u7ba1\u7406\u56e2\u961f\u4e0e\u8d44\u6e90\uff0c\u89e3\u51b3\u8de8\u6a21\u5757\u3001\u8de8\u96c6\u7fa4\u7684\u8d44\u6e90\u6388\u6743\u95ee\u9898\u3002
"},{"location":"admin/ghippo/best-practice/ws-best-practice.html#_2","title":"\u5de5\u4f5c\u7a7a\u95f4\u7684\u529f\u80fd","text":"\u5de5\u4f5c\u7a7a\u95f4\u5305\u542b\u4e09\u4e2a\u529f\u80fd\uff1a\u6388\u6743\u3001\u8d44\u6e90\u7ec4\u548c\u5171\u4eab\u8d44\u6e90\u3002\u4e3b\u8981\u89e3\u51b3\u8d44\u6e90\u7edf\u4e00\u6388\u6743\u3001\u8d44\u6e90\u5206\u7ec4\u53ca\u8d44\u6e90\u914d\u989d\u95ee\u9898\u3002
\u6388\u6743\uff1a\u4e3a\u7528\u6237/\u7528\u6237\u7ec4\u6388\u4e88\u8be5\u5de5\u4f5c\u7a7a\u95f4\u7684\u4e0d\u540c\u89d2\u8272\uff0c\u5e76\u5c06\u89d2\u8272\u5e94\u7528\u5230\u5de5\u4f5c\u7a7a\u95f4\u7684\u8d44\u6e90\u4e0a\u3002
\u6700\u4f73\u5b9e\u8df5\uff1a\u666e\u901a\u7528\u6237\u60f3\u8981\u4f7f\u7528\u5e94\u7528\u5de5\u4f5c\u53f0\u3001\u5fae\u670d\u52a1\u5f15\u64ce\u3001\u670d\u52a1\u7f51\u683c\u3001\u4e2d\u95f4\u4ef6\u6a21\u5757\u529f\u80fd\uff0c\u6216\u8005\u9700\u8981\u62e5\u6709\u5bb9\u5668\u7ba1\u7406\u3001\u670d\u52a1\u7f51\u683c\u4e2d\u90e8\u5206\u8d44\u6e90\u7684\u4f7f\u7528\u6743\u9650\u65f6\uff0c\u9700\u8981\u7ba1\u7406\u5458\u6388\u4e88\u8be5\u5de5\u4f5c\u7a7a\u95f4\u7684\u4f7f\u7528\u6743\u9650\uff08Workspace Admin\u3001Workspace Edit\u3001Workspace View\uff09\u3002 \u8fd9\u91cc\u7684\u7ba1\u7406\u5458\u53ef\u4ee5\u662f Admin \u89d2\u8272\u3001\u8be5\u5de5\u4f5c\u7a7a\u95f4\u7684 Workspace Admin \u89d2\u8272\u6216\u8be5\u5de5\u4f5c\u7a7a\u95f4\u4e0a\u5c42\u7684 Folder Admin \u89d2\u8272\u3002 \u67e5\u770b Folder \u4e0e Workspace \u7684\u5173\u7cfb\u3002
\u8d44\u6e90\u7ec4\uff1a\u8d44\u6e90\u7ec4\u652f\u6301 Cluster\u3001Cluster-Namespace (\u8de8\u96c6\u7fa4)\u3001Mesh\u3001Mesh-Namespace\u3001Kairship\u3001Kairship-Namespace \u516d\u79cd\u8d44\u6e90\u7c7b\u578b\u3002 \u4e00\u4e2a\u8d44\u6e90\u53ea\u80fd\u7ed1\u5b9a\u4e00\u4e2a\u8d44\u6e90\u7ec4\uff0c\u8d44\u6e90\u88ab\u7ed1\u5b9a\u5230\u8d44\u6e90\u7ec4\u540e\uff0c\u5de5\u4f5c\u7a7a\u95f4\u7684\u6240\u6709\u8005\u5c06\u62e5\u6709\u8be5\u8d44\u6e90\u7684\u6240\u6709\u7ba1\u7406\u6743\u9650\uff0c\u76f8\u5f53\u4e8e\u8be5\u8d44\u6e90\u7684\u6240\u6709\u8005\uff0c\u56e0\u6b64\u4e0d\u53d7\u8d44\u6e90\u914d\u989d\u7684\u9650\u5236\u3002
\u6700\u4f73\u5b9e\u8df5\uff1a\u5de5\u4f5c\u7a7a\u95f4\u901a\u8fc7\u201c\u6388\u6743\u201d\u529f\u80fd\u53ef\u4ee5\u7ed9\u90e8\u95e8\u6210\u5458\u6388\u4e88\u4e0d\u540c\u89d2\u8272\u6743\u9650\uff0c\u800c\u5de5\u4f5c\u7a7a\u95f4\u80fd\u591f\u628a\u4eba\u4e0e\u89d2\u8272\u7684\u6388\u6743\u5173\u7cfb\u4e00\u6b21\u6027\u5e94\u7528\u5230\u5de5\u4f5c\u7a7a\u95f4\u7684\u6240\u6709\u8d44\u6e90\u4e0a\u3002\u56e0\u6b64\u8fd0\u7ef4\u4eba\u5458\u53ea\u9700\u5c06\u8d44\u6e90\u7ed1\u5b9a\u5230\u8d44\u6e90\u7ec4\uff0c\u5c06\u90e8\u95e8\u4e2d\u7684\u4e0d\u540c\u89d2\u8272\u52a0\u5165\u4e0d\u540c\u7684\u8d44\u6e90\u7ec4\uff0c\u5c31\u80fd\u786e\u4fdd\u8d44\u6e90\u7684\u6743\u9650\u88ab\u6b63\u786e\u5206\u914d\u3002
\u89d2\u8272 \u96c6\u7fa4 Cluster \u8de8\u96c6\u7fa4 Cluster-Namespace Workspace Admin Cluster Admin NS Admin Workspace Edit \u2717 NS Editor Workspace View \u2717 NS Viewer\u5171\u4eab\u8d44\u6e90\uff1a\u5171\u4eab\u8d44\u6e90\u529f\u80fd\u4e3b\u8981\u9488\u5bf9\u96c6\u7fa4\u8d44\u6e90\u3002
\u4e00\u4e2a\u96c6\u7fa4\u53ef\u4ee5\u5171\u4eab\u7ed9\u591a\u4e2a\u5de5\u4f5c\u7a7a\u95f4\uff08\u6307\u5de5\u4f5c\u7a7a\u95f4\u4e2d\u7684\u5171\u4eab\u8d44\u6e90\u529f\u80fd\uff09\uff1b\u4e00\u4e2a\u5de5\u4f5c\u7a7a\u95f4\u4e5f\u53ef\u4ee5\u540c\u65f6\u4f7f\u7528\u591a\u4e2a\u96c6\u7fa4\u7684\u8d44\u6e90\u3002 \u4f46\u662f\u96c6\u7fa4\u8d44\u6e90\u88ab\u5171\u4eab\u540e\uff0c\u4e0d\u610f\u5473\u7740\u88ab\u5171\u4eab\u8005\uff08\u5de5\u4f5c\u7a7a\u95f4\uff09\u53ef\u4ee5\u65e0\u9650\u5236\u5730\u4f7f\u7528\uff0c\u56e0\u6b64\u901a\u5e38\u4f1a\u9650\u5236\u88ab\u5171\u4eab\u8005\uff08\u5de5\u4f5c\u7a7a\u95f4\uff09\u80fd\u591f\u4f7f\u7528\u7684\u8d44\u6e90\u9650\u989d\u3002
\u540c\u65f6\uff0c\u4e0e\u8d44\u6e90\u7ec4\u4e0d\u540c\uff0c\u5de5\u4f5c\u7a7a\u95f4\u6210\u5458\u53ea\u662f\u5171\u4eab\u8d44\u6e90\u7684\u4f7f\u7528\u8005\uff0c\u80fd\u591f\u5728\u8d44\u6e90\u9650\u989d\u4e0b\u4f7f\u7528\u96c6\u7fa4\u4e2d\u7684\u8d44\u6e90\u3002\u6bd4\u5982\u524d\u5f80\u5e94\u7528\u5de5\u4f5c\u53f0\u521b\u5efa\u547d\u540d\u7a7a\u95f4\u3001\u90e8\u7f72\u5e94\u7528\u7b49\uff0c\u4f46\u5e76\u4e0d\u5177\u5907\u96c6\u7fa4\u7684\u7ba1\u7406\u6743\u9650\uff0c\u9650\u5236\u540e\u5728\u8be5\u5de5\u4f5c\u7a7a\u95f4\u4e0b\u521b\u5efa/\u7ed1\u5b9a\u7684\u547d\u540d\u7a7a\u95f4\u7684\u8d44\u6e90\u914d\u989d\u603b\u548c\u4e0d\u80fd\u8d85\u8fc7\u96c6\u7fa4\u5728\u8be5\u5de5\u4f5c\u7a7a\u95f4\u8bbe\u7f6e\u7684\u8d44\u6e90\u4f7f\u7528\u4e0a\u9650\u3002
\u6700\u4f73\u5b9e\u8df5\uff1a\u8fd0\u7ef4\u90e8\u95e8\u624b\u4e2d\u6709\u4e00\u4e2a\u9ad8\u53ef\u7528\u96c6\u7fa4 01\uff0c\u60f3\u8981\u5206\u914d\u7ed9\u90e8\u95e8 A\uff08\u5de5\u4f5c\u7a7a\u95f4 A\uff09\u548c\u90e8\u95e8 B\uff08\u5de5\u4f5c\u7a7a\u95f4 B\uff09\u4f7f\u7528\uff0c\u5176\u4e2d\u90e8\u95e8 A \u5206\u914d CPU 50 \u6838\uff0c\u90e8\u95e8 B \u5206\u914d CPU 100 \u6838\u3002 \u90a3\u4e48\u53ef\u4ee5\u501f\u7528\u5171\u4eab\u8d44\u6e90\u7684\u6982\u5ff5\uff0c\u5c06\u96c6\u7fa4 01 \u5206\u522b\u5171\u4eab\u7ed9\u90e8\u95e8 A \u548c\u90e8\u95e8 B\uff0c\u5e76\u9650\u5236\u90e8\u95e8 A \u7684 CPU \u4f7f\u7528\u989d\u5ea6\u4e3a 50\uff0c\u90e8\u95e8 B \u7684 CPU \u4f7f\u7528\u989d\u5ea6\u4e3a 100\u3002 \u90a3\u4e48\u90e8\u95e8 A \u7684\u7ba1\u7406\u5458\uff08\u5de5\u4f5c\u7a7a\u95f4 A Admin\uff09\u80fd\u591f\u5728\u5e94\u7528\u5de5\u4f5c\u53f0\u521b\u5efa\u5e76\u4f7f\u7528\u547d\u540d\u7a7a\u95f4\uff0c\u5176\u4e2d\u547d\u540d\u7a7a\u95f4\u989d\u5ea6\u603b\u548c\u4e0d\u80fd\u8d85\u8fc7 50 \u6838\uff0c\u90e8\u95e8 B \u7684\u7ba1\u7406\u5458\uff08\u5de5\u4f5c\u7a7a\u95f4 B Admin\uff09\u80fd\u591f\u5728\u5e94\u7528\u5de5\u4f5c\u53f0\u521b\u5efa\u5e76\u4f7f\u7528\u547d\u540d\u7a7a\u95f4\uff0c\u5176\u4e2d\u547d\u540d\u7a7a\u95f4\u989d\u5ea6\u603b\u548c\u4e0d\u80fd\u8d85\u8fc7 100 \u6838\u3002 \u90e8\u95e8 A \u7684\u7ba1\u7406\u5458\u548c\u90e8\u95e8 B \u7ba1\u7406\u5458\u521b\u5efa\u7684\u547d\u540d\u7a7a\u95f4\u4f1a\u88ab\u81ea\u52a8\u7ed1\u5b9a\u5728\u8be5\u90e8\u95e8\uff0c\u90e8\u95e8\u4e2d\u7684\u5176\u4ed6\u6210\u5458\u5c06\u5bf9\u5e94\u7684\u62e5\u6709\u547d\u540d\u7a7a\u95f4\u7684 Namesapce Admin\u3001Namesapce Edit\u3001Namesapce View \u89d2\u8272\uff08\u8fd9\u91cc\u90e8\u95e8\u6307\u7684\u662f\u5de5\u4f5c\u7a7a\u95f4\uff0c\u5de5\u4f5c\u7a7a\u95f4\u8fd8\u53ef\u4ee5\u6620\u5c04\u4e3a\u7ec4\u7ec7\u3001\u4f9b\u5e94\u5546\u7b49\u5176\u4ed6\u6982\u5ff5\uff09\u3002\u6574\u4e2a\u8fc7\u7a0b\u5982\u4e0b\u8868\uff1a
\u90e8\u95e8 \u89d2\u8272 \u5171\u4eab\u96c6\u7fa4 Cluster \u8d44\u6e90\u914d\u989d \u90e8\u95e8\u7ba1\u7406\u5458 A Workspace Admin \u96c6\u7fa4 01 CPU 50 \u6838 \u90e8\u95e8\u7ba1\u7406\u5458 B Workspace Admin \u96c6\u7fa4 01 CPU 100 \u6838\u6a21\u5757\u540d\u79f0\uff1a\u5bb9\u5668\u7ba1\u7406
\u7531\u4e8e\u529f\u80fd\u6a21\u5757\u7684\u7279\u6b8a\u6027\uff0c\u5728\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u521b\u5efa\u7684\u8d44\u6e90\u4e0d\u4f1a\u81ea\u52a8\u88ab\u7ed1\u5b9a\u5230\u67d0\u4e2a\u5de5\u4f5c\u7a7a\u95f4\u3002
\u5982\u679c\u60a8\u9700\u8981\u901a\u8fc7\u5de5\u4f5c\u7a7a\u95f4\u5bf9\u4eba\u548c\u8d44\u6e90\u8fdb\u884c\u7edf\u4e00\u6388\u6743\u7ba1\u7406\uff0c\u53ef\u4ee5\u624b\u52a8\u5c06\u9700\u8981\u7684\u8d44\u6e90\u7ed1\u5b9a\u5230\u67d0\u4e2a\u5de5\u4f5c\u7a7a\u95f4\u4e2d\uff0c\u4ece\u800c\u5c06\u7528\u6237\u5728\u8be5\u5de5\u4f5c\u7a7a\u95f4\u7684\u89d2\u8272\u5e94\u7528\u5230\u8d44\u6e90\u4e0a\uff08\u8fd9\u91cc\u7684\u8d44\u6e90\u662f\u53ef\u4ee5\u8de8\u96c6\u7fa4\u7684\uff09\u3002
\u53e6\u5916\uff0c\u5728\u8d44\u6e90\u7684\u7ed1\u5b9a\u5165\u53e3\u4e0a\u5bb9\u5668\u7ba1\u7406\u4e0e\u670d\u52a1\u7f51\u683c\u7a0d\u6709\u5dee\u5f02\uff0c\u5de5\u4f5c\u7a7a\u95f4\u63d0\u4f9b\u4e86\u5bb9\u5668\u7ba1\u7406\u4e2d\u7684 Cluster \u3001 Cluster-Namesapce \u548c\u670d\u52a1\u7f51\u683c\u4e2d\u7684 Mesh\u3001Mesh-Namespace \u8d44\u6e90\u7684\u7ed1\u5b9a\u5165\u53e3\uff0c\u4f46\u5c1a\u672a\u5f00\u653e\u5bf9\u670d\u52a1\u7f51\u683c\u7684 kairship \u548c Kairship-Namespace \u8d44\u6e90\u7684\u7ed1\u5b9a\u3002
\u5bf9\u4e8e kairship \u548c Kairship-Namespace \u8d44\u6e90\uff0c\u53ef\u4ee5\u5728\u670d\u52a1\u7f51\u683c\u7684\u8d44\u6e90\u5217\u8868\u8fdb\u884c\u624b\u52a8\u7ed1\u5b9a\u3002
"},{"location":"admin/ghippo/best-practice/ws-best-practice.html#_3","title":"\u5de5\u4f5c\u7a7a\u95f4\u7684\u4f7f\u7528\u573a\u666f","text":"\u5de5\u4f5c\u7a7a\u95f4\uff08\u79df\u6237\uff09\u4e0b\u7ed1\u5b9a\u6765\u81ea\u4e0d\u540c\u96c6\u7fa4\u7684\u547d\u540d\u7a7a\u95f4\uff0c\u80fd\u591f\u4f7f\u5de5\u4f5c\u7a7a\u95f4\uff08\u79df\u6237\uff09\u7075\u6d3b\u7eb3\u7ba1\u5e73\u53f0\u4e0a\u4efb\u610f\u96c6\u7fa4\u4e0b\u7684 Kubernetes Namespace\u3002 \u540c\u65f6\u5e73\u53f0\u63d0\u4f9b\u4e86\u6743\u9650\u6620\u5c04\u80fd\u529b\uff0c\u80fd\u591f\u5c06\u7528\u6237\u5728\u5de5\u4f5c\u7a7a\u95f4\u7684\u6743\u9650\u6620\u5c04\u5230\u7ed1\u5b9a\u7684\u547d\u540d\u7a7a\u95f4\u8eab\u4e0a\u3002
\u5f53\u5de5\u4f5c\u7a7a\u95f4\uff08\u79df\u6237\uff09\u4e0b\u7ed1\u5b9a\u4e00\u4e2a\u6216\u591a\u4e2a\u8de8\u96c6\u7fa4\u7684\u547d\u540d\u7a7a\u95f4\u65f6\uff0c\u7ba1\u7406\u5458\u65e0\u9700\u518d\u6b21\u7ed9\u5de5\u4f5c\u7a7a\u95f4\u4e2d\u7684\u6210\u5458\u6388\u6743\uff0c \u6210\u5458\u4eec\u5728\u5de5\u4f5c\u7a7a\u95f4\u4e0a\u7684\u89d2\u8272\u5c06\u6839\u636e\u4ee5\u4e0b\u6620\u5c04\u5173\u7cfb\u81ea\u52a8\u6620\u5c04\u5b8c\u6210\u6388\u6743\uff0c\u907f\u514d\u4e86\u591a\u6b21\u6388\u6743\u7684\u91cd\u590d\u6027\u64cd\u4f5c\uff1a
\u4ee5\u4e0b\u662f\u4e00\u4e2a\u4f8b\u5b50\uff1a
\u7528\u6237 \u5de5\u4f5c\u7a7a\u95f4 \u89d2\u8272 \u7528\u6237 A Workspace01 Workspace Admin\u5c06\u4e00\u4e2a\u547d\u540d\u7a7a\u95f4\u7ed1\u5b9a\u5230\u5de5\u4f5c\u7a7a\u95f4\u540e\uff1a
\u7528\u6237 \u6240\u5c5e\u8303\u7574 \u89d2\u8272 \u7528\u6237 A Workspace01 Workspace Admin Namespace01 Namespace Admin"},{"location":"admin/ghippo/best-practice/ws-to-ns.html#_2","title":"\u5b9e\u73b0\u65b9\u6848","text":"\u5c06\u6765\u81ea\u4e0d\u540c\u96c6\u7fa4\u7684\u4e0d\u540c\u547d\u540d\u7a7a\u95f4\u7ed1\u5b9a\u5230\u540c\u4e00\u5de5\u4f5c\u7a7a\u95f4\uff08\u79df\u6237\uff09\uff0c\u7ed9\u5de5\u4f5c\u7a7a\u95f4\uff08\u79df\u6237\uff09\u4e0b\u7684\u6210\u5458\u4f7f\u7528\u6d41\u7a0b\u5982\u56fe\u3002
graph TB\n\npreparews[\u51c6\u5907\u5de5\u4f5c\u7a7a\u95f4] --> preparens[\u51c6\u5907\u547d\u540d\u7a7a\u95f4]\n--> judge([\u547d\u540d\u7a7a\u95f4\u662f\u5426\u4e0e\u7ed1\u5b9a\u5230\u5176\u4ed6\u5de5\u4f5c\u7a7a\u95f4])\njudge -.\u672a\u7ed1\u5b9a.->nstows[\u5c06\u547d\u540d\u7a7a\u95f4\u7ed1\u5b9a\u5230\u5de5\u4f5c\u7a7a\u95f4] --> wsperm[\u7ba1\u7406\u5de5\u4f5c\u7a7a\u95f4\u8bbf\u95ee\u6743\u9650]\njudge -.\u5df2\u7ed1\u5b9a.->createns[\u521b\u5efa\u65b0\u7684\u547d\u540d\u7a7a\u95f4]\n\nclassDef plain fill:#ddd,stroke:#fff,stroke-width:1px,color:#000;\nclassDef k8s fill:#326ce5,stroke:#fff,stroke-width:1px,color:#fff;\nclassDef cluster fill:#fff,stroke:#bbb,stroke-width:1px,color:#326ce5;\n\nclass preparews,preparens,createns,nstows,wsperm cluster;\nclass judge plain
Tip
\u4e00\u4e2a\u547d\u540d\u7a7a\u95f4\u53ea\u80fd\u88ab\u4e00\u4e2a\u5de5\u4f5c\u7a7a\u95f4\u7ed1\u5b9a\u3002
"},{"location":"admin/ghippo/best-practice/ws-to-ns.html#_3","title":"\u51c6\u5907\u5de5\u4f5c\u7a7a\u95f4","text":"\u5de5\u4f5c\u7a7a\u95f4\u662f\u4e3a\u4e86\u6ee1\u8db3\u591a\u79df\u6237\u7684\u4f7f\u7528\u573a\u666f\uff0c\u57fa\u4e8e\u96c6\u7fa4\u3001\u96c6\u7fa4\u547d\u540d\u7a7a\u95f4\u3001\u7f51\u683c\u3001\u7f51\u683c\u547d\u540d\u7a7a\u95f4\u3001\u591a\u4e91\u3001\u591a\u4e91\u547d\u540d\u7a7a\u95f4\u7b49\u591a\u79cd\u8d44\u6e90\u5f62\u6210\u76f8\u4e92\u9694\u79bb\u7684\u8d44\u6e90\u73af\u5883\u3002 \u5de5\u4f5c\u7a7a\u95f4\u53ef\u4ee5\u6620\u5c04\u4e3a\u9879\u76ee\u3001\u79df\u6237\u3001\u4f01\u4e1a\u3001\u4f9b\u5e94\u5546\u7b49\u591a\u79cd\u6982\u5ff5\u3002
\u4f7f\u7528 admin/folder admin \u89d2\u8272\u7684\u7528\u6237\u767b\u5f55 AI \u7b97\u529b\u4e2d\u5fc3\uff0c\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u5e95\u90e8\u7684 \u5168\u5c40\u7ba1\u7406 \u3002
\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u7684 \u5de5\u4f5c\u7a7a\u95f4\u4e0e\u5c42\u7ea7 \uff0c\u70b9\u51fb\u53f3\u4e0a\u89d2\u7684 \u521b\u5efa\u5de5\u4f5c\u7a7a\u95f4 \u6309\u94ae\u3002
\u586b\u5199\u5de5\u4f5c\u7a7a\u95f4\u540d\u79f0\u3001\u6240\u5c5e\u6587\u4ef6\u5939\u7b49\u4fe1\u606f\u540e\uff0c\u70b9\u51fb \u786e\u5b9a \uff0c\u5b8c\u6210\u521b\u5efa\u5de5\u4f5c\u7a7a\u95f4\u3002
\u63d0\u793a\uff1a\u82e5\u5e73\u53f0\u4e2d\u5df2\u5b58\u5728\u521b\u5efa\u597d\u7684\u547d\u540d\u7a7a\u95f4\uff0c\u70b9\u51fb\u67d0\u4e2a\u5de5\u4f5c\u7a7a\u95f4\uff0c\u5728 \u8d44\u6e90\u7ec4 \u9875\u7b7e\u4e0b\uff0c\u70b9\u51fb \u7ed1\u5b9a\u8d44\u6e90 \uff0c\u53ef\u4ee5\u76f4\u63a5\u7ed1\u5b9a\u547d\u540d\u7a7a\u95f4\u3002
"},{"location":"admin/ghippo/best-practice/ws-to-ns.html#_4","title":"\u51c6\u5907\u547d\u540d\u7a7a\u95f4","text":"\u547d\u540d\u7a7a\u95f4\u662f\u66f4\u5c0f\u7684\u8d44\u6e90\u9694\u79bb\u5355\u5143\uff0c\u5c06\u5176\u7ed1\u5b9a\u5230\u5de5\u4f5c\u7a7a\u95f4\u540e\uff0c\u5de5\u4f5c\u7a7a\u95f4\u7684\u6210\u5458\u5c31\u53ef\u4ee5\u8fdb\u884c\u7ba1\u7406\u548c\u4f7f\u7528\u3002
\u53c2\u7167\u4ee5\u4e0b\u6b65\u9aa4\u51c6\u5907\u4e00\u4e2a\u8fd8\u672a\u7ed1\u5b9a\u5230\u4efb\u4f55\u5de5\u4f5c\u7a7a\u95f4\u7684\u547d\u540d\u7a7a\u95f4\u3002
\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u5e95\u90e8\u7684 \u5bb9\u5668\u7ba1\u7406 \u3002
\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u547d\u540d\u7a7a\u95f4 \uff0c\u8fdb\u5165\u547d\u540d\u7a7a\u95f4\u7ba1\u7406\u9875\u9762\uff0c\u70b9\u51fb\u9875\u9762\u53f3\u4fa7\u7684 \u521b\u5efa \u6309\u94ae\u3002
\u586b\u5199\u547d\u540d\u7a7a\u95f4\u7684\u540d\u79f0\uff0c\u914d\u7f6e\u5de5\u4f5c\u7a7a\u95f4\u548c\u6807\u7b7e\uff08\u53ef\u9009\u8bbe\u7f6e\uff09\uff0c\u7136\u540e\u70b9\u51fb \u786e\u5b9a \u3002
Info
\u5de5\u4f5c\u7a7a\u95f4\u4e3b\u8981\u7528\u4e8e\u5212\u5206\u8d44\u6e90\u7ec4\u5e76\u4e3a\u7528\u6237\uff08\u7528\u6237\u7ec4\uff09\u6388\u4e88\u5bf9\u8be5\u8d44\u6e90\u7684\u4e0d\u540c\u8bbf\u95ee\u6743\u9650\u3002\u6709\u5173\u5de5\u4f5c\u7a7a\u95f4\u7684\u8be6\u7ec6\u8bf4\u660e\uff0c\u53ef\u53c2\u8003\u5de5\u4f5c\u7a7a\u95f4\u4e0e\u5c42\u7ea7\u3002
\u70b9\u51fb \u786e\u5b9a \uff0c\u5b8c\u6210\u547d\u540d\u7a7a\u95f4\u7684\u521b\u5efa\u3002\u5728\u547d\u540d\u7a7a\u95f4\u5217\u8868\u53f3\u4fa7\uff0c\u70b9\u51fb \u2507 \uff0c\u53ef\u4ee5\u4ece\u5f39\u51fa\u83dc\u5355\u4e2d\u9009\u62e9 \u7ed1\u5b9a\u5de5\u4f5c\u7a7a\u95f4 \u3002
\u9664\u4e86\u5728\u547d\u540d\u7a7a\u95f4\u5217\u8868\u4e2d\u7ed1\u5b9a\u5916\uff0c\u4e5f\u53ef\u4ee5\u8fd4\u56de \u5168\u5c40\u7ba1\u7406 \uff0c\u6309\u7167\u4ee5\u4e0b\u6b65\u9aa4\u7ed1\u5b9a\u5de5\u4f5c\u7a7a\u95f4\u3002
\u4f9d\u6b21\u70b9\u51fb \u5168\u5c40\u7ba1\u7406 -> \u5de5\u4f5c\u7a7a\u95f4\u4e0e\u5c42\u7ea7 -> \u8d44\u6e90\u7ec4 \uff0c\u70b9\u51fb\u67d0\u4e2a\u5de5\u4f5c\u7a7a\u95f4\u540d\u79f0\u540e\uff0c\u70b9\u51fb \u7ed1\u5b9a\u8d44\u6e90 \u6309\u94ae\u3002
\u9009\u4e2d\u8981\u7ed1\u5b9a\u7684\u5de5\u4f5c\u7a7a\u95f4\uff08\u53ef\u591a\u9009\uff09\uff0c\u70b9\u51fb \u786e\u5b9a \u5b8c\u6210\u7ed1\u5b9a\u3002
\u5728 \u5de5\u4f5c\u7a7a\u95f4\u4e0e\u5c42\u7ea7 -> \u6388\u6743 \u4e2d\uff0c\u70b9\u51fb\u67d0\u4e2a\u5de5\u4f5c\u7a7a\u95f4\u540d\u79f0\u540e\uff0c\u70b9\u51fb \u6dfb\u52a0\u6388\u6743 \u6309\u94ae\u3002
\u9009\u62e9\u8981\u6388\u6743\u7684 \u7528\u6237/\u7528\u6237\u7ec4 \u3001 \u89d2\u8272 \u540e\uff0c\u70b9\u51fb \u786e\u5b9a \u5b8c\u6210\u6388\u6743\u3002
GProduct \u662f AI \u7b97\u529b\u4e2d\u5fc3\u4e2d\u9664\u5168\u5c40\u7ba1\u7406\u5916\u7684\u6240\u6709\u5176\u4ed6\u6a21\u5757\u7684\u7edf\u79f0\uff0c\u8fd9\u4e9b\u6a21\u5757\u9700\u8981\u4e0e\u5168\u5c40\u7ba1\u7406\u5bf9\u63a5\u540e\u624d\u80fd\u52a0\u5165\u5230 AI \u7b97\u529b\u4e2d\u5fc3\u4e2d\u3002
"},{"location":"admin/ghippo/best-practice/gproduct/intro.html#_1","title":"\u5bf9\u63a5\u4ec0\u4e48","text":"\u5bf9\u63a5\u5bfc\u822a\u680f
\u5165\u53e3\u7edf\u4e00\u653e\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u3002
\u63a5\u5165\u8def\u7531\u548c AuthN
\u7edf\u4e00 IP \u6216\u57df\u540d\uff0c\u5c06\u8def\u7531\u5165\u53e3\u7edf\u4e00\u8d70\u5168\u5c40\u7ba1\u7406\u7684 Istio Gateway\u3002
\u7edf\u4e00\u767b\u5f55 / \u7edf\u4e00 AuthN \u8ba4\u8bc1
\u767b\u5f55\u7edf\u4e00\u4f7f\u7528\u5168\u5c40\u7ba1\u7406 (Keycloak) \u767b\u5f55\u9875\uff0cAPI authn token \u9a8c\u8bc1\u4f7f\u7528 Istio Gateway\u3002 GProduct \u5bf9\u63a5\u5168\u5c40\u7ba1\u7406\u540e\u4e0d\u9700\u8981\u5173\u6ce8\u5982\u4f55\u5b9e\u73b0\u767b\u5f55\u548c\u8ba4\u8bc1\u3002
\u4ee5\u5bb9\u5668\u7ba1\u7406\uff08\u5f00\u53d1\u4ee3\u53f7 kpanda
\uff09\u4e3a\u4f8b\uff0c\u5bf9\u63a5\u5230\u5bfc\u822a\u680f\u3002
\u5bf9\u63a5\u540e\u7684\u9884\u671f\u6548\u679c\u5982\u56fe\uff1a
"},{"location":"admin/ghippo/best-practice/gproduct/nav.html#_2","title":"\u5bf9\u63a5\u65b9\u6cd5","text":"\u53c2\u7167\u4ee5\u4e0b\u6b65\u9aa4\u5bf9\u63a5 GProduct\uff1a
\u901a\u8fc7 GProductNavigator CR \u5c06\u5bb9\u5668\u7ba1\u7406\u7684\u5404\u529f\u80fd\u9879\u6ce8\u518c\u5230\u5bfc\u822a\u680f\u83dc\u5355\u3002
apiVersion: ghippo.io/v1alpha1\nkind: GProductNavigator\nmetadata:\n name: kpanda\nspec:\n gproduct: kpanda\n name: \u5bb9\u5668\u7ba1\u7406\n localizedName:\n zh-CN: \u5bb9\u5668\u7ba1\u7406\n en-US: Container Management\n url: /kpanda\n category: \u5bb9\u5668 # (1)\n iconUrl: /kpanda/nav-icon.png\n order: 10 # (2)\n menus:\n - name: \u5907\u4efd\u7ba1\u7406\n localizedName:\n zh-CN: \u5907\u4efd\u7ba1\u7406\n en-US: Backup Management\n iconUrl: /kpanda/bkup-icon.png\n url: /kpanda/backup\n
\u5168\u5c40\u7ba1\u7406\u7684\u5bfc\u822a\u680f category \u914d\u7f6e\u5728 ConfigMap\uff0c\u6682\u65f6\u4e0d\u80fd\u4ee5\u6ce8\u518c\u65b9\u5f0f\u589e\u52a0\uff0c\u9700\u8981\u8054\u7cfb\u5168\u5c40\u7ba1\u7406\u56e2\u961f\u6765\u6dfb\u52a0\u3002
kpanda
\u524d\u7aef\u4f5c\u4e3a\u5fae\u524d\u7aef\u63a5\u5165\u5230 AI \u7b97\u529b\u4e2d\u5fc3\u7236\u5e94\u7528 Anakin \u4e2d
\u524d\u7aef\u4f7f\u7528 qiankun \u6765\u63a5\u5165\u5b50\u5e94\u7528 UI\uff0c \u53ef\u4ee5\u53c2\u8003\u5feb\u901f\u4e0a\u624b\u3002
\u5728\u6ce8\u518c GProductNavigator CR \u540e\uff0c\u63a5\u53e3\u4f1a\u751f\u6210\u5bf9\u5e94\u7684\u6ce8\u518c\u4fe1\u606f\uff0c\u4f9b\u524d\u7aef\u7236\u5e94\u7528\u6ce8\u518c\u4f7f\u7528\u3002 \u4f8b\u5982 kpanda
\u5c31\u4f1a\u751f\u6210\u4ee5\u4e0b\u6ce8\u518c\u4fe1\u606f\uff1a
{\n \"id\": \"kpanda\",\n \"title\": \"\u5bb9\u5668\u7ba1\u7406\",\n \"url\": \"/kpanda\",\n \"uiAssetsUrl\": \"/ui/kpanda/\", // \u7ed3\u5c3e\u7684/\u662f\u5fc5\u987b\u7684\n \"needImportLicense\": false\n},\n
\u4ee5\u4e0a\u6ce8\u518c\u4fe1\u606f\u4e0e qiankun \u5b50\u5e94\u7528\u4fe1\u606f\u5b57\u6bb5\u7684\u5bf9\u5e94\u5173\u7cfb\u662f\uff1a
{\n name: id,\n entry: uiAssetsUrl,\n container: '#container',\n activeRule: url, \n loader,\n props: globalProps,\n}\n
container \u548c loader \u7531\u524d\u7aef\u7236\u5e94\u7528\u63d0\u4f9b\uff0c\u5b50\u5e94\u7528\u65e0\u9700\u5173\u5fc3\u3002 props \u4f1a\u63d0\u4f9b\u4e00\u4e2a\u5305\u542b\u7528\u6237\u57fa\u672c\u4fe1\u606f\u3001\u5b50\u4ea7\u54c1\u6ce8\u518c\u4fe1\u606f\u7b49\u7684 pinia store\u3002
qiankun \u542f\u52a8\u65f6\u4f1a\u4f7f\u7528\u5982\u4e0b\u53c2\u6570\uff1a
start({\n sandbox: {\n experimentalStyleIsolation: true,\n },\n // \u53bb\u9664\u5b50\u5e94\u7528\u4e2d\u7684favicon\u9632\u6b62\u5728Firefox\u4e2d\u8986\u76d6\u7236\u5e94\u7528\u7684favicon\n getTemplate: (template) => template.replaceAll(/<link\\s* rel=\"[\\w\\s]*icon[\\w\\s]*\"\\s*( href=\".*?\")?\\s*\\/?>/g, ''),\n});\n
\u8bf7\u53c2\u9605\u524d\u7aef\u56e2\u961f\u51fa\u5177\u7684 GProduct \u5bf9\u63a5 demo tar \u5305\u3002
"},{"location":"admin/ghippo/best-practice/gproduct/route-auth.html","title":"\u63a5\u5165\u8def\u7531\u548c\u767b\u5f55\u8ba4\u8bc1","text":"\u63a5\u5165\u540e\u7edf\u4e00\u767b\u5f55\u548c\u5bc6\u7801\u9a8c\u8bc1\uff0c\u6548\u679c\u5982\u4e0b\u56fe\uff1a
\u5404\u4e2a GProduct \u6a21\u5757\u7684 API bear token \u9a8c\u8bc1\u90fd\u8d70 Istio Gateway\u3002
\u63a5\u5165\u540e\u7684\u8def\u7531\u6620\u5c04\u56fe\u5982\u4e0b\uff1a
"},{"location":"admin/ghippo/best-practice/gproduct/route-auth.html#_2","title":"\u63a5\u5165\u65b9\u6cd5","text":"\u4ee5 kpanda
\u4e3a\u4f8b\u6ce8\u518c GProductProxy CR\u3002
# GProductProxy CR \u793a\u4f8b, \u5305\u542b\u8def\u7531\u548c\u767b\u5f55\u8ba4\u8bc1\n\n# spec.proxies: \u540e\u5199\u7684\u8def\u7531\u4e0d\u80fd\u662f\u5148\u5199\u7684\u8def\u7531\u5b50\u96c6, \u53cd\u4e4b\u53ef\u4ee5\n# spec.proxies.match.uri.prefix: \u5982\u679c\u662f\u540e\u7aef api, \u5efa\u8bae\u5728 prefix \u672b\u5c3e\u6dfb\u52a0 \"/\" \u8868\u8ff0\u8fd9\u6bb5 path \u7ed3\u675f\uff08\u7279\u6b8a\u9700\u6c42\u53ef\u4ee5\u4e0d\u7528\u52a0\uff09\n# spec.proxies.match.uri: \u652f\u6301 prefix \u548c exact \u6a21\u5f0f; Prefix \u548c Exact \u53ea\u80fd 2 \u9009 1; Prefix \u4f18\u5148\u7ea7\u5927\u4e8e Exact\n\napiVersion: ghippo.io/v1alpha1\nkind: GProductProxy\nmetadata:\n name: kpanda # (1)\nspec:\n gproduct: kpanda # (2)\n proxies:\n - labels:\n kind: UIEntry\n match:\n uri:\n prefix: /kpanda # (3)\n rewrite:\n uri: /index.html\n destination:\n host: ghippo-anakin.ghippo-system.svc.cluster.local\n port: 80\n authnCheck: false # (4)\n - labels:\n kind: UIAssets\n match:\n uri:\n prefix: /ui/kpanda/ # (5)\n destination:\n host: kpanda-ui.kpanda-system.svc.cluster.local\n port: 80\n authnCheck: false\n - match:\n uri:\n prefix: /apis/kpanda.io/v1/a\n destination:\n host: kpanda-service.kpanda-system.svc.cluster.local\n port: 80\n authnCheck: false\n - match:\n uri:\n prefix: /apis/kpanda.io/v1 # (6)\n destination:\n host: kpanda-service.kpanda-system.svc.cluster.local\n port: 80\n authnCheck: true\n
\u5728\u73b0\u6709\u7684\u6743\u9650\u4f53\u7cfb\u4e0b, \u5168\u5c40\u7ba1\u7406\u53ef\u4ee5\u6839\u636e\u7528\u6237\u7684\u6743\u9650\u63a7\u5236\u5bfc\u822a\u680f\u7684\u83dc\u5355\u662f\u5426\u5c55\u793a\uff0c \u4f46\u662f\u7531\u4e8e\u5bb9\u5668\u7ba1\u7406\u7684\u6388\u6743\u4fe1\u606f\u672a\u540c\u6b65\u5230\u5168\u5c40\u7ba1\u7406\uff0c\u5bfc\u81f4\u5168\u5c40\u7ba1\u7406\u65e0\u6cd5\u51c6\u786e\u5224\u65ad\u5bb9\u5668\u7ba1\u7406\u83dc\u5355\u662f\u5426\u9700\u8981\u5c55\u793a\u3002
\u672c\u6587\u901a\u8fc7\u914d\u7f6e\u5b9e\u73b0\u4e86\uff1a \u5c06\u5bb9\u5668\u7ba1\u7406\u53ca\u53ef\u89c2\u6d4b\u6027\u7684\u83dc\u5355\u5728 \u5168\u5c40\u7ba1\u7406\u65e0\u6cd5\u5224\u65ad\u7684\u90e8\u5206, \u9ed8\u8ba4\u4e0d\u663e\u793a \uff0c \u901a\u8fc7 \u767d\u540d\u5355 \u6388\u6743\u7684\u65b9\u5f0f\uff0c\u5b9e\u73b0\u83dc\u5355\u7684\u9690\u85cf\u4e0e\u663e\u793a\uff08\u901a\u8fc7\u5bb9\u5668\u7ba1\u7406\u9875\u9762\u6388\u6743\u7684\u96c6\u7fa4\u6216\u547d\u540d\u7a7a\u95f4\u6743\u9650\uff0c\u5168\u5c40\u7ba1\u7406\u5747\u65e0\u6cd5\u611f\u77e5\u548c\u5224\u65ad\uff09\u3002
\u4f8b\u5982\uff1aA \u7528\u6237\u5728\u5bb9\u5668\u7ba1\u7406\u662f cluster A \u7684 Cluster Admin \u89d2\u8272\uff0c \u8fd9\u79cd\u60c5\u51b5\u4e0b\u5168\u5c40\u7ba1\u7406\u65e0\u6cd5\u5224\u65ad\u662f\u5426\u6709\u6743\u9650\u5c55\u793a\u5bb9\u5668\u7ba1\u7406\u83dc\u5355\u3002 \u901a\u8fc7\u672c\u6587\u6863\u914d\u7f6e\u540e\uff0c\u7528\u6237 A \u9ed8\u8ba4\u4e0d\u53ef\u89c1\u5bb9\u5668\u7ba1\u7406\u83dc\u5355\uff0c\u9700\u8981 \u663e\u5f0f\u5730\u5728\u5168\u5c40\u7ba1\u7406\u6388\u6743 \u624d\u53ef\u4ee5\u770b\u5230\u5bb9\u5668\u7ba1\u7406\u83dc\u5355\u3002
"},{"location":"admin/ghippo/best-practice/menu/menu-display-or-hiding.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u5df2\u5f00\u542f\u57fa\u4e8e\u6743\u9650\u663e\u793a/\u9690\u85cf\u83dc\u5355\u7684\u529f\u80fd\uff0c\u5f00\u542f\u65b9\u6cd5\u5982\u4e0b\uff1a
helm install
\u65f6\u589e\u52a0 --set global.navigatorVisibleDependency=true
\u53c2\u6570helm get values ghippo -n ghippo-system -o yaml
\u5907\u4efd values, \u968f\u540e\u4fee\u6539 bak.yaml \u5e76\u6dfb\u52a0 global.navigatorVisibleDependency: true
\u518d\u4f7f\u7528\u4ee5\u4e0b\u547d\u4ee4\u5347\u7ea7\u5168\u5c40\u7ba1\u7406\uff1a
helm upgrade ghippo ghippo-release/ghippo \\ \n -n ghippo-system \\ \n -f ./bak.yaml \\ \n --version ${version}\n
"},{"location":"admin/ghippo/best-practice/menu/menu-display-or-hiding.html#_3","title":"\u914d\u7f6e\u5bfc\u822a\u680f","text":"\u5728 kpanda-global-cluster \u4e2d apply \u5982\u4e0b YAML\uff1a
apiVersion: ghippo.io/v1alpha1 \nkind: GProductNavigator \nmetadata: \n name: kpanda-menus-custom \nspec: \n category: container \n gproduct: kpanda \n iconUrl: ./ui/kpanda/kpanda.svg \n isCustom: true \n localizedName: \n en-US: Container Management \n zh-CN: \u5bb9\u5668\u7ba1\u7406 \n menus: \n - iconUrl: '' \n isCustom: true \n localizedName: \n en-US: Clusters \n zh-CN: \u96c6\u7fa4\u5217\u8868 \n name: Clusters \n order: 80 \n url: ./kpanda/clusters \n visible: true \n visibleDependency: \n permissions: \n - kpanda.cluster.* \n - kpanda.menu.get \n - iconUrl: '' \n isCustom: true \n localizedName: \n en-US: Namespaces \n zh-CN: \u547d\u540d\u7a7a\u95f4 \n name: Namespaces \n order: 70 \n url: ./kpanda/namespaces \n visible: true \n visibleDependency: \n permissions: \n - kpanda.cluster.* \n - kpanda.menu.get \n - iconUrl: '' \n isCustom: true \n localizedName: \n en-US: Workloads \n zh-CN: \u5de5\u4f5c\u8d1f\u8f7d \n name: Workloads \n order: 60 \n url: ./kpanda/workloads/deployments \n visible: true \n visibleDependency: \n permissions: \n - kpanda.cluster.* \n - kpanda.menu.get \n - iconUrl: '' \n isCustom: true \n localizedName: \n en-US: Permissions \n zh-CN: \u6743\u9650\u7ba1\u7406 \n name: Permissions \n order: 10 \n url: ./kpanda/rbac/content/cluster \n visible: true \n visibleDependency: \n permissions: \n - kpanda.cluster.* \n - kpanda.menu.get \n name: \u5bb9\u5668\u7ba1\u7406 \n order: 50 \n url: ./kpanda/clusters \n visible: true \n\n---\napiVersion: ghippo.io/v1alpha1 \nkind: GProductNavigator \nmetadata: \n name: insight-menus-custom \nspec: \n category: microservice \n gproduct: insight \n iconUrl: ./ui/insight/logo.svg \n isCustom: true \n localizedName: \n en-US: Insight \n zh-CN: \u53ef\u89c2\u6d4b\u6027 \n menus: \n - iconUrl: '' \n isCustom: true \n localizedName: \n en-US: Overview \n zh-CN: \u6982\u89c8 \n name: Overview \n order: 9 \n url: ./insight/overview \n visible: true \n visibleDependency: \n permissions: \n - kpanda.cluster.* \n - kpanda.menu.get \n - iconUrl: '' \n isCustom: true \n localizedName: \n en-US: Dashboard \n zh-CN: \u4eea\u8868\u76d8 \n name: Dashboard \n order: 8 \n url: ./insight/dashboard \n visible: true \n visibleDependency: \n permissions: \n - kpanda.cluster.* \n - kpanda.menu.get \n - iconUrl: '' \n isCustom: true \n localizedName: \n en-US: Infrastructure \n zh-CN: \u57fa\u7840\u8bbe\u65bd \n name: Infrastructure \n order: 7 \n url: ./insight/clusters \n visible: true \n visibleDependency: \n permissions: \n - kpanda.cluster.* \n - kpanda.menu.get \n - iconUrl: '' \n isCustom: true \n localizedName: \n en-US: Metrics \n zh-CN: \u6307\u6807 \n name: Metrics \n order: 6 \n url: ./insight/metric/basic \n visible: true \n visibleDependency: \n permissions: \n - kpanda.cluster.* \n - kpanda.menu.get \n - iconUrl: '' \n isCustom: true \n localizedName: \n en-US: Logs \n zh-CN: \u65e5\u5fd7 \n name: Logs \n order: 5 \n url: ./insight/logs \n visible: true \n visibleDependency: \n permissions: \n - kpanda.cluster.* \n - kpanda.menu.get \n - iconUrl: '' \n isCustom: true \n localizedName: \n en-US: Trace Tracking \n zh-CN: \u94fe\u8def\u8ffd\u8e2a \n name: Trace Tracking \n order: 4 \n url: ./insight/topology \n visible: true \n visibleDependency: \n permissions: \n - kpanda.cluster.* \n - kpanda.menu.get \n - iconUrl: '' \n isCustom: true \n localizedName: \n en-US: Alerts \n zh-CN: \u544a\u8b66 \n name: Alerts \n order: 3 \n url: ./insight/alerts/active/metrics \n visible: true \n visibleDependency: \n permissions: \n - kpanda.cluster.* \n - kpanda.menu.get \n - iconUrl: '' \n isCustom: true \n localizedName: \n en-US: Collect Management \n zh-CN: \u91c7\u96c6\u7ba1\u7406 \n name: Collect Management \n order: 2 \n url: ./insight/agents \n visible: true \n visibleDependency: \n permissions: \n - kpanda.cluster.* \n - kpanda.menu.get \n - iconUrl: '' \n isCustom: true \n localizedName: \n en-US: System Management \n zh-CN: \u7cfb\u7edf\u7ba1\u7406 \n name: System Management \n order: 1 \n url: ./insight/system-components \n visible: true \n visibleDependency: \n permissions: \n - kpanda.cluster.* \n - kpanda.menu.get \n name: \u53ef\u89c2\u6d4b\u6027 \n order: 30 \n url: ./insight \n visible: true \n\n---\napiVersion: ghippo.io/v1alpha1 \nkind: GProductResourcePermissions \nmetadata: \n name: kpanda \nspec: \n actions: \n - localizedName: \n en-US: Create \n zh-CN: \u521b\u5efa \n name: create \n - localizedName: \n en-US: Delete \n zh-CN: \u5220\u9664 \n name: delete \n - localizedName: \n en-US: Update \n zh-CN: \u7f16\u8f91 \n name: update \n - localizedName: \n en-US: Get \n zh-CN: \u67e5\u770b \n name: get \n - localizedName: \n en-US: Admin \n zh-CN: \u7ba1\u7406 \n name: admin \n authScopes: \n - resourcePermissions: \n - actions: \n - name: get \n - dependPermissions: \n - action: get \n name: create \n - dependPermissions: \n - action: get \n name: update \n - dependPermissions: \n - action: get \n name: delete \n resourceType: cluster \n - actions: \n - name: get \n resourceType: menu \n scope: platform \n - resourcePermissions: \n - actions: \n - name: admin \n tips: \n - en-US: >- \n If the workspace is bound to a cluster, it will be assigned \n the Cluster Admin role upon authorization. \n zh-CN: \u82e5\u5de5\u4f5c\u7a7a\u95f4\u7ed1\u5b9a\u4e86\u96c6\u7fa4\uff0c\u6388\u6743\u540e\u8fd8\u5c06\u88ab\u6620\u5c04\u4e3a\u5bf9\u5e94\u96c6\u7fa4\u7684 Cluster Admin \u89d2\u8272 \n resourceType: cluster \n - actions: \n - name: get \n tips: \n - en-US: >- \n If the workspace is bound to a namespace, it will be \n assigned the NS View role upon authorization. \n zh-CN: \u82e5\u5de5\u4f5c\u7a7a\u95f4\u7ed1\u5b9a\u4e86\u547d\u540d\u7a7a\u95f4\uff0c\u6388\u6743\u540e\u8fd8\u5c06\u88ab\u6620\u5c04\u4e3a\u5bf9\u5e94\u547d\u540d\u7a7a\u95f4\u7684 NS View \u89d2\u8272 \n - name: update \n tips: \n - en-US: >- \n If the workspace is bound to a namespace, it will be \n assigned the NS Edit role upon authorization. \n zh-CN: \u82e5\u5de5\u4f5c\u7a7a\u95f4\u7ed1\u5b9a\u4e86\u547d\u540d\u7a7a\u95f4\uff0c\u6388\u6743\u540e\u8fd8\u5c06\u88ab\u6620\u5c04\u4e3a\u5bf9\u5e94\u547d\u540d\u7a7a\u95f4\u7684 NS Edit \u89d2\u8272 \n - name: admin \n tips: \n - en-US: >- \n If the workspace is bound to a namespace, it will be \n assigned the NS Admin role upon authorization. \n zh-CN: \u82e5\u5de5\u4f5c\u7a7a\u95f4\u7ed1\u5b9a\u4e86\u547d\u540d\u7a7a\u95f4\uff0c\u6388\u6743\u540e\u8fd8\u5c06\u88ab\u6620\u5c04\u4e3a\u5bf9\u5e94\u547d\u540d\u7a7a\u95f4\u7684 NS Admin \u89d2\u8272 \n resourceType: namespace \n scope: workspace \n gproduct: kpanda \n resourceTypes: \n - localizedName: \n en-US: Cluster Management \n zh-CN: \u96c6\u7fa4\u7ba1\u7406 \n name: cluster \n - localizedName: \n en-US: Menu \n zh-CN: \u83dc\u5355 \n name: menu \n - localizedName: \n en-US: Namespace Management \n zh-CN: \u547d\u540d\u7a7a\u95f4 \n name: namespace\n
"},{"location":"admin/ghippo/best-practice/menu/menu-display-or-hiding.html#_4","title":"\u901a\u8fc7\u81ea\u5b9a\u4e49\u89d2\u8272\u5b9e\u73b0\u4e0a\u8ff0\u6548\u679c","text":"Note
\u4ec5\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u7684\u83dc\u5355\u9700\u8981\u5355\u72ec\u914d\u7f6e\u83dc\u5355\u6743\u9650\uff0c\u5176\u4ed6\u6a21\u5757\u4f1a\u6839\u636e\u7528\u6237\u7684\u6743\u9650\u81ea\u52a8\u663e\u793a/\u9690\u85cf
\u521b\u5efa\u4e00\u4e2a\u81ea\u5b9a\u4e49\u89d2\u8272\uff0c\u5305\u542b\u7684\u6743\u9650\u70b9\u4e3a\u5bb9\u5668\u7ba1\u7406\u7684\u83dc\u5355\u67e5\u770b\u6743\u9650\uff0c\u540e\u7eed\u6388\u6743\u7ed9\u9700\u8981\u67e5\u770b\u5bb9\u5668\u7ba1\u7406\u83dc\u5355\u7684\u7528\u6237\u3002
\u6548\u679c\u5982\u4e0b\uff0c\u53ef\u4ee5\u770b\u5230\u5bb9\u5668\u7ba1\u7406\u548c\u53ef\u89c2\u6d4b\u6027\u7684\u5bfc\u822a\u680f\u83dc\u5355\uff1a
"},{"location":"admin/ghippo/best-practice/menu/navigator.html","title":"\u81ea\u5b9a\u4e49\u5bfc\u822a\u680f","text":"\u5f53\u524d\u81ea\u5b9a\u4e49\u5bfc\u822a\u680f\u9700\u8981\u901a\u8fc7\u624b\u52a8\u521b\u5efa\u5bfc\u822a\u680f\u7684 YAML \uff0c\u5e76 apply \u5230\u96c6\u7fa4\u4e2d\u3002
"},{"location":"admin/ghippo/best-practice/menu/navigator.html#_2","title":"\u5bfc\u822a\u680f\u5206\u7c7b","text":"\u82e5\u9700\u8981\u65b0\u589e\u6216\u91cd\u65b0\u6392\u5e8f\u5bfc\u822a\u680f\u5206\u7c7b\u53ef\u4ee5\u901a\u8fc7\u65b0\u589e\u3001\u4fee\u6539 category YAML \u5b9e\u73b0\u3002
category \u7684 YAML \u793a\u4f8b\u5982\u4e0b\uff1a
apiVersion: ghippo.io/v1alpha1\nkind: NavigatorCategory\nmetadata:\n name: management-custom # (1)!\nspec:\n name: Management # (2)!\n isCustom: true # (3)!\n localizedName: # (4)!\n zh-CN: \u7ba1\u7406\n en-US: Management\n order: 100 # (5)!\n
\u7f16\u5199\u597d YAML \u6587\u4ef6\u540e\uff0c\u901a\u8fc7\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u540e\uff0c\u5237\u65b0\u9875\u9762\u5373\u53ef\u770b\u5230\u65b0\u589e\u3001\u4fee\u6539\u7684\u5bfc\u822a\u680f\u5206\u7c7b\u3002
kubectl apply -f xxx.yaml\n
"},{"location":"admin/ghippo/best-practice/menu/navigator.html#_3","title":"\u5bfc\u822a\u680f\u83dc\u5355","text":"\u82e5\u9700\u8981\u65b0\u589e\u6216\u91cd\u65b0\u6392\u5e8f\u5bfc\u822a\u680f\u83dc\u5355\u53ef\u4ee5\u901a\u8fc7\u65b0\u589e navigator YAML \u5b9e\u73b0\u3002
Note
\u82e5\u9700\u8981\u7f16\u8f91\u5df2\u5b58\u5728\u7684\u5bfc\u822a\u680f\u83dc\u5355\uff08\u975e\u7528\u6237\u81ea\u5df1\u65b0\u589e\u7684 custom \u83dc\u5355\uff09\uff0c\u9700\u8981\u4ee4\u65b0\u589e custom \u83dc\u5355 gproduct \u5b57\u6bb5\u4e0e\u9700\u8981\u8986\u76d6\u7684\u83dc\u5355\u7684 gproduct \u76f8\u540c\uff0c \u65b0\u7684\u5bfc\u822a\u680f\u83dc\u5355\u4f1a\u5c06 menus \u4e2d name \u76f8\u540c\u7684\u90e8\u5206\u6267\u884c\u8986\u76d6\uff0cname \u4e0d\u540c\u7684\u5730\u65b9\u505a\u65b0\u589e\u64cd\u4f5c\u3002
"},{"location":"admin/ghippo/best-practice/menu/navigator.html#_4","title":"\u4e00\u7ea7\u83dc\u5355","text":"\u4f5c\u4e3a\u4ea7\u54c1\u63d2\u5165\u5230\u67d0\u4e2a\u5bfc\u822a\u680f\u5206\u7c7b\u4e0b
apiVersion: ghippo.io/v1alpha1\nkind: GProductNavigator\nmetadata:\n name: gmagpie-custom # (1)!\nspec:\n name: Operations Management\n iconUrl: ./ui/gmagpie/gmagpie.svg\n localizedName: # (2)!\n zh-CN: \u8fd0\u8425\u7ba1\u7406\n en-US: Operations Management\n url: ./gmagpie\n category: management # (3)!\n menus: # (4)!\n - name: Access Control\n iconUrl: ./ui/ghippo/menus/access-control.svg\n localizedName:\n zh-CN: \u7528\u6237\u4e0e\u8bbf\u95ee\u63a7\u5236\n en-US: Access Control\n url: ./ghippo/users\n order: 50 # (5)!\n - name: Workspace\n iconUrl: ./ui/ghippo/menus/workspace-folder.svg\n localizedName:\n zh-CN: \u5de5\u4f5c\u7a7a\u95f4\u4e0e\u5c42\u7ea7\n en-US: Workspace and Folder\n url: ./ghippo/workspaces\n order: 40\n - name: Audit Log\n iconUrl: ./ui/ghippo/menus/audit-logs.svg\n localizedName:\n zh-CN: \u5ba1\u8ba1\u65e5\u5fd7\n en-US: Audit Log\n url: ./ghippo/audit\n order: 30\n - name: Settings\n iconUrl: ./ui/ghippo/menus/setting.svg\n localizedName:\n zh-CN: \u5e73\u53f0\u8bbe\u7f6e\n en-US: Settings\n url: ./ghippo/settings\n order: 10\n gproduct: gmagpie # (6)!\n visible: true # (7)!\n isCustom: true # (8)!\n order: 20 # (9)!\n target: blank # (10)!\n
\u4f5c\u4e3a\u5b50\u4ea7\u54c1\u63d2\u5165\u5230\u67d0\u4e2a\u4e00\u7ea7\u83dc\u5355\u7684\u4e8c\u7ea7\u83dc\u5355\u4e2d
apiVersion: ghippo.io/v1alpha1\nkind: GProductNavigator\nmetadata:\n name: gmagpie-custom # (1)!\nspec:\n name: Operations Management\n iconUrl: ./ui/gmagpie/gmagpie.svg\n localizedName: # (2)!\n zh-CN: \u8fd0\u8425\u7ba1\u7406\n en-US: Operations Management\n url: ./gmagpie\n parentGProduct: ghippo # (3)!\n gproduct: gmagpie # (4)!\n visible: true # (5)!\n isCustom: true # (6)!\n order: 20 # (7)!\n
\u8eab\u4efd\u63d0\u4f9b\u5546\uff08IdP, Identity Provider\uff09\uff1a\u5f53 AI \u7b97\u529b\u4e2d\u5fc3\u9700\u8981\u4f7f\u7528\u5ba2\u6237\u7cfb\u7edf\u4f5c\u4e3a\u7528\u6237\u6e90\uff0c \u4f7f\u7528\u5ba2\u6237\u7cfb\u7edf\u767b\u5f55\u754c\u9762\u6765\u8fdb\u884c\u767b\u5f55\u8ba4\u8bc1\u65f6\uff0c\u8be5\u5ba2\u6237\u7cfb\u7edf\u88ab\u79f0\u4e3a AI \u7b97\u529b\u4e2d\u5fc3\u7684\u8eab\u4efd\u63d0\u4f9b\u5546
"},{"location":"admin/ghippo/best-practice/oem/custom-idp.html#_1","title":"\u9002\u7528\u573a\u666f","text":"\u5982\u679c\u5ba2\u6237\u5bf9 Ghippo \u767b\u5f55 IdP \u6709\u9ad8\u5ea6\u5b9a\u5236\u9700\u6c42\uff0c\u4f8b\u5982\u652f\u6301\u4f01\u4e1a\u5fae\u4fe1\u3001\u5fae\u4fe1\u7b49\u5176\u4ed6\u793e\u4f1a\u7ec4\u7ec7\u767b\u5f55\u9700\u6c42\uff0c\u8bf7\u6839\u636e\u672c\u6587\u6863\u5b9e\u65bd\u3002
"},{"location":"admin/ghippo/best-practice/oem/custom-idp.html#_2","title":"\u652f\u6301\u7248\u672c","text":"Ghippo 0.15.0\u53ca\u4ee5\u4e0a\u7248\u672c\u3002
"},{"location":"admin/ghippo/best-practice/oem/custom-idp.html#_3","title":"\u5177\u4f53\u65b9\u6cd5","text":""},{"location":"admin/ghippo/best-practice/oem/custom-idp.html#ghippo-keycloak-plugin","title":"\u81ea\u5b9a\u4e49 ghippo keycloak plugin","text":"\u5b9a\u5236 plugin
\u53c2\u8003 keycloak \u5b98\u65b9\u6587\u6863\u548c keycloak \u81ea\u5b9a\u4e49 IdP \u8fdb\u884c\u5f00\u53d1\u3002
\u6784\u5efa\u955c\u50cf
# FROM scratch\nFROM scratch\n\n# plugin\nCOPY ./xxx-jar-with-dependencies.jar /plugins/\n
Note
\u5982\u679c\u9700\u8981\u4e24\u4e2a\u5b9a\u5236\u5316 IdP\uff0c\u9700\u8981\u590d\u5236\u4e24\u4e2a jar \u5305\u3002
"},{"location":"admin/ghippo/best-practice/oem/custom-idp.html#ghippo-keycloak-plugin_1","title":"\u90e8\u7f72 Ghippo keycloak plugin \u6b65\u9aa4","text":"\u628a Ghippo \u5347\u7ea7\u5230 0.15.0 \u6216\u4ee5\u4e0a\u3002 \u60a8\u4e5f\u53ef\u4ee5\u76f4\u63a5\u5b89\u88c5\u90e8\u7f72 Ghippo 0.15.0 \u7248\u672c\uff0c\u4f46\u9700\u8981\u628a\u4ee5\u4e0b\u4fe1\u606f\u624b\u52a8\u8bb0\u5f55\u4e0b\u6765\u3002
helm -n ghippo-system get values ghippo -o yaml\n
apiserver:\n image:\n repository: release.daocloud.io/ghippo-ci/ghippo-apiserver\n tag: v0.4.2-test-3-gaba5ec2\ncontrollermanager:\n image:\n repository: release.daocloud.io/ghippo-ci/ghippo-apiserver\n tag: v0.4.2-test-3-gaba5ec2\nglobal:\n database:\n builtIn: true\n reverseProxy: http://192.168.31.10:32628\n
\u5347\u7ea7\u6210\u529f\u540e\uff0c\u624b\u5de5\u8dd1\u4e00\u4e2a\u5b89\u88c5\u547d\u4ee4\uff0c --set
\u91cc\u8bbe\u7684\u53c2\u6570\u503c\u4ece\u4e0a\u8ff0\u4fdd\u5b58\u7684\u5185\u5bb9\u91cc\u5f97\u5230\uff0c\u5e76\u4e14\u5916\u52a0\u51e0\u4e2a\u53c2\u6570\u503c\uff1a
\u5177\u4f53\u793a\u4f8b\u5982\u4e0b\uff1a
helm upgrade \\\n ghippo \\\n ghippo-release/ghippo \\\n --version v0.4.2-test-3-gaba5ec2 \\\n -n ghippo-system \\\n --set apiserver.image.repository=release.daocloud.io/ghippo-ci/ghippo-apiserver \\\n --set apiserver.image.tag=v0.4.2-test-3-gaba5ec2 \\\n --set controllermanager.image.repository=release.daocloud.io/ghippo-ci/ghippo-apiserver \\\n --set controllermanager.image.tag=v0.4.2-test-3-gaba5ec2 \\\n --set global.reverseProxy=http://192.168.31.10:32628 \\\n --set global.database.builtIn=true \\\n --set global.idpPlugin.enabled=true \\\n --set global.idpPlugin.image.repository=chenyang-idp \\\n --set global.idpPlugin.image.tag=v0.0.1 \\\n --set global.idpPlugin.path=/plugins/.\n
\u5728 keycloak \u7ba1\u7406\u9875\u9762\u9009\u62e9\u6240\u8981\u4f7f\u7528\u7684\u63d2\u4ef6\u3002
\u672c\u9875\u8bf4\u660e\u5982\u4f55\u642d\u5efa GProduct Demo \u73af\u5883\u3002
"},{"location":"admin/ghippo/best-practice/oem/demo.html#_1","title":"\u642d\u5efa\u73af\u5883","text":"npm install\n
\u7f16\u8bd1\u548c\u70ed\u52a0\u8f7d\u5f00\u53d1\u73af\u5883\uff1a
npm run serve\n
\u7f16\u8bd1\u548c\u6784\u5efa\uff1a
npm run build\n
\u8865\u5168 Lint \u68c0\u67e5\u6587\u4ef6\uff1a
npm run lint\n
"},{"location":"admin/ghippo/best-practice/oem/demo.html#_2","title":"\u81ea\u5b9a\u4e49\u914d\u7f6e","text":"\u53c2\u89c1\u914d\u7f6e\u53c2\u8003\u3002
\u6784\u5efa\u955c\u50cf\uff1a
docker build -t release.daocloud.io/henry/gproduct-demo .\n
\u5728 K8s \u4e0a\u8fd0\u884c\uff1a
kubectl apply -f demo.yaml\n
"},{"location":"admin/ghippo/best-practice/oem/keycloak-idp.html","title":"Keycloak \u81ea\u5b9a\u4e49 IdP","text":"\u8981\u6c42\uff1akeycloak >= v20
\u5df2\u77e5\u95ee\u9898 keycloak >= v21\uff0c\u5220\u9664\u4e86\u65e7\u7248 theme \u7684\u652f\u6301\uff0c\u53ef\u80fd\u4f1a\u5728 v22 \u4fee\u590d\u3002 \u53c2\u89c1 Issue #15344 \u3002
\u6b64\u6b21 demo \u4f7f\u7528 Keycloak v20.0.5\u3002
"},{"location":"admin/ghippo/best-practice/oem/keycloak-idp.html#source","title":"\u57fa\u4e8e source \u5f00\u53d1","text":""},{"location":"admin/ghippo/best-practice/oem/keycloak-idp.html#_1","title":"\u914d\u7f6e\u73af\u5883","text":"\u53c2\u7167 keycloak/building.md \u914d\u7f6e\u73af\u5883\u3002
\u53c2\u7167 keycloak/README.md \u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a
cd quarkus\nmvn -f ../pom.xml clean install -DskipTestsuite -DskipExamples -DskipTests\n
"},{"location":"admin/ghippo/best-practice/oem/keycloak-idp.html#ide","title":"\u4ece IDE \u8fd0\u884c","text":""},{"location":"admin/ghippo/best-practice/oem/keycloak-idp.html#service","title":"\u6dfb\u52a0 service \u4ee3\u7801","text":""},{"location":"admin/ghippo/best-practice/oem/keycloak-idp.html#keycloak","title":"\u5982\u679c\u53ef\u4ece keycloak \u7ee7\u627f\u90e8\u5206\u529f\u80fd","text":"\u5728\u76ee\u5f55 services/src/main/java/org/keycloak/broker \u4e0b\u6dfb\u52a0\u6587\u4ef6\uff1a
\u6587\u4ef6\u540d\u9700\u8981\u662f xxxProvider.java \u548c xxxProviderFactory.java
xxxProviderFactory.java \u793a\u4f8b\uff1a
\u7559\u610f PROVIDER_ID = \"oauth\"; \u8fd9\u4e2a\u53d8\u91cf\uff0c\u540e\u9762\u5b9a\u4e49 html \u4f1a\u7528\u5230\u3002
xxxProvider.java \u793a\u4f8b
"},{"location":"admin/ghippo/best-practice/oem/keycloak-idp.html#keycloak_1","title":"\u5982\u679c\u4e0d\u80fd\u4ece keycloak \u7ee7\u627f\u529f\u80fd","text":"\u53c2\u8003\u4e0b\u56fe\u4e2d\u7684\u4e09\u4e2a\u6587\u4ef6\u7f16\u5199\u4f60\u7684\u4ee3\u7801\uff1a
\u6dfb\u52a0 xxxProviderFactory \u5230 resource service
\u5728 services/src/main/resources/META-INF/services/org.keycloak.broker.provider.IdentityProviderFactory \u6dfb\u52a0 xxxProviderFactory\uff0c\u8fd9\u6837\u521a\u521a\u7f16\u5199\u7684\u80fd\u5de5\u4f5c\u4e86\uff1a
\u6dfb\u52a0 html \u6587\u4ef6
\u590d\u5236 themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-oidc.html \u6587\u4ef6\u5230\uff08\u6539\u540d\u4e3a realm-identity-provider-oauth.html \uff0c\u8fd8\u8bb0\u5f97\u4e0a\u6587\u4e2d\u9700\u8981\u7559\u610f\u7684\u53d8\u91cf\u5417\uff09 themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-oauth.html
\u5230\u6b64\u6240\u6709\u7684\u6587\u4ef6\u90fd\u6dfb\u52a0\u5b8c\u6210\u4e86\uff0c\u5f00\u59cb\u8c03\u8bd5\u529f\u80fd\u3002
"},{"location":"admin/ghippo/best-practice/oem/keycloak-idp.html#jar","title":"\u6253\u5305\u6210 jar \u4f5c\u4e3a\u63d2\u4ef6\u8fd0\u884c","text":"\u65b0\u5efa\u4e00\u4e2a java \u9879\u76ee\uff0c\u5e76\u5c06\u4e0a\u9762\u7684\u4ee3\u7801\u590d\u5236\u5230\u9879\u76ee\u4e2d\uff0c\u5982\u4e0b\u6240\u793a\uff1a
\u53c2\u89c1 pom.xml\u3002
\u8fd0\u884c mvn clean package \uff0c\u6253\u5305\u5b8c\u6210\u5f97\u5230 xxx-jar-with-dependencies.jar \u6587\u4ef6\u3002
\u4e0b\u8f7d keycloak Release 20.0.5 zip \u5305\u5e76\u89e3\u538b\u3002
\u5c06 xxx-jar-with-dependencies.jar \u590d\u5236\u5230 keycloak-20.0.5/providers \u76ee\u5f55\u4e2d\u3002
\u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\u67e5\u770b\u529f\u80fd\u662f\u5426\u5b8c\u6574\uff1a
bin/kc.sh start-dev\n
"},{"location":"admin/ghippo/best-practice/oem/oem-in.html","title":"\u5982\u4f55\u5c06\u5ba2\u6237\u7cfb\u7edf\u96c6\u6210\u5230 AI \u7b97\u529b\u4e2d\u5fc3\uff08OEM IN\uff09","text":"OEM IN \u662f\u6307\u5408\u4f5c\u4f19\u4f34\u7684\u5e73\u53f0\u4f5c\u4e3a\u5b50\u6a21\u5757\u5d4c\u5165 AI \u7b97\u529b\u4e2d\u5fc3\uff0c\u51fa\u73b0\u5728 AI \u7b97\u529b\u4e2d\u5fc3\u4e00\u7ea7\u5bfc\u822a\u680f\u3002 \u7528\u6237\u901a\u8fc7 AI \u7b97\u529b\u4e2d\u5fc3\u8fdb\u884c\u767b\u5f55\u548c\u7edf\u4e00\u7ba1\u7406\u3002\u5b9e\u73b0 OEM IN \u5171\u5206\u4e3a 5 \u6b65\uff0c\u5206\u522b\u662f\uff1a
Note
\u4ee5\u4e0b\u4f7f\u7528\u5f00\u6e90\u8f6f\u4ef6 Label Studio \u6765\u505a\u5d4c\u5957\u6f14\u793a\u3002\u5b9e\u9645\u573a\u666f\u9700\u8981\u81ea\u5df1\u89e3\u51b3\u5ba2\u6237\u7cfb\u7edf\u7684\u95ee\u9898\uff1a
\u4f8b\u5982\u5ba2\u6237\u7cfb\u7edf\u9700\u8981\u81ea\u5df1\u6dfb\u52a0\u4e00\u4e2a Subpath\uff0c\u7528\u4e8e\u533a\u5206\u54ea\u4e9b\u662f AI \u7b97\u529b\u4e2d\u5fc3\u7684\u670d\u52a1\uff0c\u54ea\u4e9b\u662f\u5ba2\u6237\u7cfb\u7edf\u7684\u670d\u52a1\u3002
"},{"location":"admin/ghippo/best-practice/oem/oem-in.html#_1","title":"\u73af\u5883\u51c6\u5907","text":"\u90e8\u7f72 AI \u7b97\u529b\u4e2d\u5fc3\u73af\u5883\uff1a
https://10.6.202.177:30443
\u4f5c\u4e3a AI \u7b97\u529b\u4e2d\u5fc3\u7684\u73af\u5883\u3002
\u90e8\u7f72\u5ba2\u6237\u7cfb\u7edf\u73af\u5883\uff1a
http://10.6.202.177:30123
\u4f5c\u4e3a\u5ba2\u6237\u7cfb\u7edf
\u5e94\u7528\u8fc7\u7a0b\u4e2d\u5bf9\u5ba2\u6237\u7cfb\u7edf\u7684\u64cd\u4f5c\u8bf7\u6839\u636e\u5b9e\u9645\u60c5\u51b5\u8fdb\u884c\u8c03\u6574\u3002
\u89c4\u5212\u5ba2\u6237\u7cfb\u7edf\u7684 Subpath \u8def\u5f84\uff1a http://10.6.202.177:30123/label-studio
\uff08\u5efa\u8bae\u4f7f\u7528\u8fa8\u8bc6\u5ea6\u9ad8\u7684\u540d\u79f0\u4f5c\u4e3a Subpath\uff0c\u4e0d\u80fd\u4e0e\u4e3b AI \u7b97\u529b\u4e2d\u5fc3\u7684 HTTP router \u53d1\u751f\u51b2\u7a81\uff09\u3002 \u8bf7\u786e\u4fdd\u7528\u6237\u901a\u8fc7 http://10.6.202.177:30123/label-studio
\u80fd\u591f\u6b63\u5e38\u8bbf\u95ee\u5ba2\u6237\u7cfb\u7edf\u3002
SSH \u767b\u5f55\u5230 AI \u7b97\u529b\u4e2d\u5fc3\u670d\u52a1\u5668\u3002
ssh root@10.6.202.177\n
\u4f7f\u7528 vim
\u547d\u4ee4\u521b\u5efa\u548c\u4fee\u6539 label-studio.yaml \u6587\u4ef6
vim label-studio.yaml\n
label-studio.yamlapiVersion: networking.istio.io/v1beta1\nkind: ServiceEntry\nmetadata:\n name: label-studio\n namespace: ghippo-system\nspec:\n exportTo:\n - \"*\"\n hosts:\n - label-studio.svc.external\n ports:\n # \u6dfb\u52a0\u865a\u62df\u7aef\u53e3\n - number: 80\n name: http\n protocol: HTTP\n location: MESH_EXTERNAL\n resolution: STATIC\n endpoints:\n # \u6539\u4e3a\u5ba2\u6237\u7cfb\u7edf\u7684\u57df\u540d\uff08\u6216IP\uff09\n - address: 10.6.202.177\n ports:\n # \u6539\u4e3a\u5ba2\u6237\u7cfb\u7edf\u7684\u7aef\u53e3\u53f7\n http: 30123\n---\napiVersion: networking.istio.io/v1alpha3\nkind: VirtualService\nmetadata:\n # \u4fee\u6539\u4e3a\u5ba2\u6237\u7cfb\u7edf\u7684\u540d\u5b57\n name: label-studio\n namespace: ghippo-system\nspec:\n exportTo:\n - \"*\"\n hosts:\n - \"*\"\n gateways:\n - ghippo-gateway\n http:\n - match:\n - uri:\n exact: /label-studio # \u4fee\u6539\u4e3a\u5ba2\u6237\u7cfb\u7edf\u5728 AI \u7b97\u529b\u4e2d\u5fc3.0 Web UI \u5165\u53e3\u4e2d\u7684\u8def\u7531\u5730\u5740\n - uri:\n prefix: /label-studio/ # \u4fee\u6539\u4e3a\u5ba2\u6237\u7cfb\u7edf\u5728 AI \u7b97\u529b\u4e2d\u5fc3.0 Web UI \u5165\u53e3\u4e2d\u7684\u8def\u7531\u5730\u5740\n route:\n - destination:\n # \u4fee\u6539\u4e3a\u4e0a\u6587 ServiceEntry \u4e2d\u7684 spec.hosts \u7684\u503c\n host: label-studio.svc.external\n port:\n # \u4fee\u6539\u4e3a\u4e0a\u6587 ServiceEntry \u4e2d\u7684 spec.ports \u7684\u503c\n number: 80\n---\napiVersion: security.istio.io/v1beta1\nkind: AuthorizationPolicy\nmetadata:\n # \u4fee\u6539\u4e3a\u5ba2\u6237\u7cfb\u7edf\u7684\u540d\u5b57\n name: label-studio\n namespace: istio-system\nspec:\n action: ALLOW\n selector:\n matchLabels:\n app: istio-ingressgateway\n rules:\n - from:\n - source:\n requestPrincipals:\n - '*'\n - to:\n - operation:\n paths:\n - /label-studio # \u4fee\u6539\u4e3a VirtualService \u4e2d\u7684 spec.http.match.uri.prefix \u7684\u503c\n - /label-studio/* # \u4fee\u6539\u4e3a VirtualService \u4e2d\u7684 spec.http.match.uri.prefix \u7684\u503c\uff08\u6ce8\u610f\uff0c\u672b\u5c3e\u9700\u8981\u6dfb\u52a0 \"*\"\uff09\n
\u4f7f\u7528 kubectl
\u547d\u4ee4\u5e94\u7528 label-studio.yaml \uff1a
kubectl apply -f\u00a0label-studio.yaml\n
\u9a8c\u8bc1 Label Studio UI \u7684 IP \u548c \u7aef\u53e3\u662f\u5426\u4e00\u81f4\uff1a
\u5c06\u5ba2\u6237\u7cfb\u7edf\u4e0e AI \u7b97\u529b\u4e2d\u5fc3\u5e73\u53f0\u901a\u8fc7 OIDC/OAUTH \u7b49\u534f\u8bae\u5bf9\u63a5\uff0c\u4f7f\u7528\u6237\u767b\u5f55 AI \u7b97\u529b\u4e2d\u5fc3\u5e73\u53f0\u540e\u8fdb\u5165\u5ba2\u6237\u7cfb\u7edf\u65f6\u65e0\u9700\u518d\u6b21\u767b\u5f55\u3002
Note
\u8fd9\u91cc\u4f7f\u7528\u4e24\u5957 AI \u7b97\u529b\u4e2d\u5fc3\u76f8\u4e92\u5bf9\u63a5\u6765\u8fdb\u884c\u6f14\u793a\u3002\u6db5\u76d6\u5c06 AI \u7b97\u529b\u4e2d\u5fc3 \u4f5c\u4e3a\u7528\u6237\u6e90\u767b\u5f55\u5ba2\u6237\u5e73\u53f0\uff0c\u548c\u5c06\u5ba2\u6237\u5e73\u53f0\u4f5c\u4e3a\u7528\u6237\u6e90\u767b\u5f55 AI \u7b97\u529b\u4e2d\u5fc3 \u5e73\u53f0\u4e24\u79cd\u573a\u666f\u3002
AI \u7b97\u529b\u4e2d\u5fc3\u4f5c\u4e3a\u7528\u6237\u6e90\uff0c\u767b\u5f55\u5ba2\u6237\u5e73\u53f0\uff1a \u9996\u5148\u5c06\u7b2c\u4e00\u5957 AI \u7b97\u529b\u4e2d\u5fc3\u4f5c\u4e3a\u7528\u6237\u6e90\uff0c\u5b9e\u73b0\u5bf9\u63a5\u540e\u7b2c\u4e00\u5957 AI \u7b97\u529b\u4e2d\u5fc3\u4e2d\u7684\u7528\u6237\u53ef\u4ee5\u901a\u8fc7 OIDC \u76f4\u63a5\u767b\u5f55\u7b2c\u4e8c\u5957 AI \u7b97\u529b\u4e2d\u5fc3\uff0c \u800c\u65e0\u9700\u5728\u7b2c\u4e8c\u5957\u4e2d\u518d\u6b21\u521b\u5efa\u7528\u6237\u3002\u5728\u7b2c\u4e00\u5957 AI \u7b97\u529b\u4e2d\u5fc3\u4e2d\u901a\u8fc7 \u5168\u5c40\u7ba1\u7406 -> \u7528\u6237\u4e0e\u8bbf\u95ee\u63a7\u5236 -> \u63a5\u5165\u7ba1\u7406 \u521b\u5efa SSO \u63a5\u5165\u3002
\u5ba2\u6237\u5e73\u53f0\u4f5c\u4e3a\u7528\u6237\u6e90\uff0c\u767b\u5f55 AI \u7b97\u529b\u4e2d\u5fc3\uff1a \u5c06\u7b2c\u4e00\u5957 AI \u7b97\u529b\u4e2d\u5fc3 \u4e2d\u751f\u6210\u7684\u5ba2\u6237\u7aef ID\u3001\u5ba2\u6237\u7aef\u5bc6\u94a5\u3001\u5355\u70b9\u767b\u5f55 URL \u7b49\u586b\u5199\u5230\u7b2c\u4e8c\u5957 AI \u7b97\u529b\u4e2d\u5fc3 \u5168\u5c40\u7ba1\u7406 -> \u7528\u6237\u4e0e\u8bbf\u95ee\u63a7\u5236 -> \u8eab\u4efd\u63d0\u4f9b\u5546 -> OIDC \u4e2d\uff0c\u5b8c\u6210\u7528\u6237\u5bf9\u63a5\u3002 \u5bf9\u63a5\u540e\uff0c\u7b2c\u4e00\u5957 AI \u7b97\u529b\u4e2d\u5fc3\u4e2d\u7684\u7528\u6237\u53ef\u4ee5\u901a\u8fc7 OIDC \u76f4\u63a5\u767b\u5f55\u7b2c\u4e8c\u5957 AI \u7b97\u529b\u4e2d\u5fc3\uff0c\u800c\u65e0\u9700\u5728\u7b2c\u4e8c\u5957\u4e2d\u518d\u6b21\u521b\u5efa\u7528\u6237\u3002
\u5bf9\u63a5\u5b8c\u6210\u540e\uff0c\u7b2c\u4e8c\u5957 AI \u7b97\u529b\u4e2d\u5fc3 \u767b\u5f55\u9875\u9762\u5c06\u51fa\u73b0 OIDC \u9009\u9879\uff0c\u9996\u6b21\u767b\u5f55\u65f6\u9009\u62e9\u901a\u8fc7 OIDC \u767b\u5f55\uff08\u81ea\u5b9a\u4e49\u540d\u79f0\uff0c\u8fd9\u91cc\u662f\u540d\u79f0\u662f loginname\uff09\uff0c \u540e\u7eed\u5c06\u76f4\u63a5\u8fdb\u5165\u65e0\u9700\u518d\u6b21\u9009\u62e9\u3002
Note
\u4f7f\u7528\u4e24\u5957 AI \u7b97\u529b\u4e2d\u5fc3,\u8868\u660e\u5ba2\u6237\u53ea\u8981\u652f\u6301 OIDC \u534f\u8bae\uff0c\u65e0\u8bba\u662f AI \u7b97\u529b\u4e2d\u5fc3\u4f5c\u4e3a\u7528\u6237\u6e90\uff0c\u8fd8\u662f\u201c\u5ba2\u6237\u5e73\u53f0\u201d\u4f5c\u4e3a\u7528\u6237\u6e90\uff0c\u4e24\u79cd\u573a\u666f\u90fd\u652f\u6301\u3002
"},{"location":"admin/ghippo/best-practice/oem/oem-in.html#_4","title":"\u5bf9\u63a5\u5bfc\u822a\u680f","text":"\u53c2\u8003\u6587\u6863\u4e0b\u65b9\u7684 tar \u5305\u6765\u5b9e\u73b0\u4e00\u4e2a\u7a7a\u58f3\u7684\u524d\u7aef\u5b50\u5e94\u7528\uff0c\u628a\u5ba2\u6237\u7cfb\u7edf\u4ee5 iframe \u7684\u5f62\u5f0f\u653e\u8fdb\u8be5\u7a7a\u58f3\u5e94\u7528\u91cc\u3002
\u4e0b\u8f7d gproduct-demo-main.tar.gz \u6587\u4ef6\uff0c\u6253\u5f00 src/App-iframe.vue \u6587\u4ef6\uff0c\u4fee\u6539\u5176\u4e2d\u7684 src \u5c5e\u6027\u503c\uff08\u5373\u8fdb\u5165\u5ba2\u6237\u7cfb\u7edf\u7684\u5730\u5740\uff09\uff1a
src=\"https://10.6.202.177:30443/label-studio\" (AI \u7b97\u529b\u4e2d\u5fc3\u5730\u5740 + Subpath)
src=\"./external-anyproduct/insight\"
<template>\n <iframe>\n src=\"https://daocloud.io\"\n title=\"demo\"\n class=\"iframe-container\"\n </iframe>\n</template>\n\n<style lang=\"scss\">\nhtml,\nbody {\n height: 100%;\n}\n\n# app {\n display: flex;\n height: 100%;\n .iframe-container {\n border: 0;\n flex: 1 1 0;\n }\n}\n</style>\n
\u5220\u9664 src \u6587\u4ef6\u5939\u4e0b\u7684 App.vue \u548c main.ts \u6587\u4ef6\uff0c\u540c\u65f6\u5c06\uff1a
\u6309\u7167 readme \u6b65\u9aa4\u6784\u5efa\u955c\u50cf\uff08\u6ce8\u610f\uff1a\u6267\u884c\u6700\u540e\u4e00\u6b65\u524d\u9700\u8981\u5c06 demo.yaml \u4e2d\u7684\u955c\u50cf\u5730\u5740\u66ff\u6362\u6210\u6784\u5efa\u51fa\u7684\u955c\u50cf\u5730\u5740\uff09
demo.yamlkind: Namespace\napiVersion: v1\nmetadata:\n name: gproduct-demo\n---\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: gproduct-demo\n namespace: gproduct-demo\n labels:\n app: gproduct-demo\nspec:\n selector:\n matchLabels:\n app: gproduct-demo\n template:\n metadata:\n name: gproduct-demo\n labels:\n app: gproduct-demo\n spec:\n containers:\n - name: gproduct-demo\n image: release.daocloud.io/gproduct-demo # \u4fee\u6539\u8fd9\u4e2a\u955c\u50cf\u5730\u5740\n ports:\n - containerPort: 80\n---\napiVersion: v1\nkind: Service\n...\n
\u5bf9\u63a5\u5b8c\u6210\u540e\uff0c\u5c06\u5728 AI \u7b97\u529b\u4e2d\u5fc3\u7684\u4e00\u7ea7\u5bfc\u822a\u680f\u51fa\u73b0 \u5ba2\u6237\u7cfb\u7edf \uff0c\u70b9\u51fb\u53ef\u8fdb\u5165\u5ba2\u6237\u7cfb\u7edf\u3002
"},{"location":"admin/ghippo/best-practice/oem/oem-in.html#_5","title":"\u5b9a\u5236\u5916\u89c2","text":"Note
AI \u7b97\u529b\u4e2d\u5fc3\u652f\u6301\u901a\u8fc7\u5199 CSS \u7684\u65b9\u5f0f\u6765\u5b9e\u73b0\u5916\u89c2\u5b9a\u5236\u3002\u5b9e\u9645\u5e94\u7528\u4e2d\u5ba2\u6237\u7cfb\u7edf\u5982\u4f55\u5b9e\u73b0\u5916\u89c2\u5b9a\u5236\u9700\u8981\u6839\u636e\u5b9e\u9645\u60c5\u51b5\u5904\u7406\u3002
\u767b\u5f55\u5ba2\u6237\u7cfb\u7edf\uff0c\u901a\u8fc7 \u5168\u5c40\u7ba1\u7406 -> \u5e73\u53f0\u8bbe\u7f6e -> \u5916\u89c2\u5b9a\u5236 \u53ef\u4ee5\u81ea\u5b9a\u4e49\u5e73\u53f0\u80cc\u666f\u989c\u8272\u3001logo\u3001\u540d\u79f0\u7b49\uff0c \u5177\u4f53\u64cd\u4f5c\u8bf7\u53c2\u7167\u5916\u89c2\u5b9a\u5236\u3002
"},{"location":"admin/ghippo/best-practice/oem/oem-in.html#_6","title":"\u6253\u901a\u6743\u9650\u4f53\u7cfb\uff08\u53ef\u9009\uff09","text":"\u65b9\u6848\u601d\u8def\u4e00\uff1a
\u5b9a\u5236\u5316\u56e2\u961f\u53ef\u5b9e\u73b0\u4e00\u5b9a\u5236\u6a21\u5757\uff0cAI \u7b97\u529b\u4e2d\u5fc3\u5c06\u6bcf\u4e00\u6b21\u7684\u7528\u6237\u767b\u5f55\u4e8b\u4ef6\u901a\u8fc7 Webhook \u7684\u65b9\u5f0f\u901a\u77e5\u5230\u5b9a\u5236\u6a21\u5757\uff0c \u5b9a\u5236\u6a21\u5757\u53ef\u81ea\u884c\u8c03\u7528 AnyProduct \u548c AI \u7b97\u529b\u4e2d\u5fc3\u7684 OpenAPI \u5c06\u8be5\u7528\u6237\u7684\u6743\u9650\u4fe1\u606f\u540c\u6b65\u3002
\u65b9\u6848\u601d\u8def\u4e8c\uff1a
\u901a\u8fc7 Webhook \u65b9\u5f0f\uff0c\u5c06\u6bcf\u4e00\u6b21\u7684\u6388\u6743\u53d8\u5316\u90fd\u901a\u77e5\u5230 AnyProduct\uff08\u5982\u6709\u9700\u6c42\uff0c\u540e\u7eed\u53ef\u5b9e\u73b0\uff09\u3002
"},{"location":"admin/ghippo/best-practice/oem/oem-in.html#anyproduct-ai","title":"AnyProduct \u4f7f\u7528 AI \u7b97\u529b\u4e2d\u5fc3\u7684\u5176\u4ed6\u80fd\u529b(\u53ef\u9009)","text":"\u64cd\u4f5c\u65b9\u6cd5\u4e3a\u8c03\u7528 AI \u7b97\u529b\u4e2d\u5fc3OpenAPI\u3002
"},{"location":"admin/ghippo/best-practice/oem/oem-in.html#_7","title":"\u53c2\u8003\u8d44\u6599","text":"OEM OUT \u662f\u6307\u5c06 AI \u7b97\u529b\u4e2d\u5fc3\u4f5c\u4e3a\u5b50\u6a21\u5757\u63a5\u5165\u5176\u4ed6\u4ea7\u54c1\uff0c\u51fa\u73b0\u5728\u5176\u4ed6\u4ea7\u54c1\u7684\u83dc\u5355\u4e2d\u3002 \u7528\u6237\u767b\u5f55\u5176\u4ed6\u4ea7\u54c1\u540e\u53ef\u76f4\u63a5\u8df3\u8f6c\u81f3 AI \u7b97\u529b\u4e2d\u5fc3\u65e0\u9700\u4e8c\u6b21\u767b\u5f55\u3002\u5b9e\u73b0 OEM OUT \u5171\u5206\u4e3a 5 \u6b65\uff0c\u5206\u522b\u662f\uff1a
\u90e8\u7f72 AI \u7b97\u529b\u4e2d\u5fc3\uff08\u5047\u8bbe\u90e8\u7f72\u5b8c\u7684\u8bbf\u95ee\u5730\u5740\u4e3a https://10.6.8.2:30343/
\uff09
\u5ba2\u6237\u7cfb\u7edf\u548c AI \u7b97\u529b\u4e2d\u5fc3\u524d\u53ef\u4ee5\u653e\u4e00\u4e2a nginx \u53cd\u4ee3\u6765\u5b9e\u73b0\u540c\u57df\u8bbf\u95ee\uff0c / \u8def\u7531\u5230\u5ba2\u6237\u7cfb\u7edf\uff0c /dce5 (subpath) \u8def\u7531\u5230 AI \u7b97\u529b\u4e2d\u5fc3\u7cfb\u7edf\uff0c vi /etc/nginx/conf.d/default.conf \u793a\u4f8b\u5982\u4e0b\uff1a
server {\n listen 80;\n server_name localhost;\n\n location /dce5/ {\n proxy_pass https://10.6.8.2:30343/;\n proxy_http_version 1.1;\n proxy_read_timeout 300s; # \u5982\u9700\u8981\u4f7f\u7528 kpanda cloudtty\u529f\u80fd\u9700\u8981\u8fd9\u884c\uff0c\u5426\u5219\u53ef\u4ee5\u53bb\u6389\n proxy_send_timeout 300s; # \u5982\u9700\u8981\u4f7f\u7528 kpanda cloudtty\u529f\u80fd\u9700\u8981\u8fd9\u884c\uff0c\u5426\u5219\u53ef\u4ee5\u53bb\u6389\n\n proxy_set_header Host $host;\n proxy_set_header X-Real-IP $remote_addr;\n proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\n\n proxy_set_header Upgrade $http_upgrade; # \u5982\u9700\u8981\u4f7f\u7528 kpanda cloudtty\u529f\u80fd\u9700\u8981\u8fd9\u884c\uff0c\u5426\u5219\u53ef\u4ee5\u53bb\u6389\n proxy_set_header Connection $connection_upgrade; # \u5982\u9700\u8981\u4f7f\u7528 kpanda cloudtty\u529f\u80fd\u9700\u8981\u8fd9\u884c\uff0c\u5426\u5219\u53ef\u4ee5\u53bb\u6389\n }\n\n location / {\n proxy_pass https://10.6.165.50:30443/; # \u5047\u8bbe\u8fd9\u662f\u5ba2\u6237\u7cfb\u7edf\u5730\u5740(\u5982\u610f\u4e91)\n proxy_http_version 1.1;\n\n proxy_set_header Host $host;\n proxy_set_header X-Real-IP $remote_addr;\n proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\n }\n}\n
\u5047\u8bbe nginx \u5165\u53e3\u5730\u5740\u4e3a 10.6.165.50\uff0c\u6309\u81ea\u5b9a\u4e49 AI \u7b97\u529b\u4e2d\u5fc3\u53cd\u5411\u4ee3\u7406\u670d\u52a1\u5668\u5730\u5740\u628a AI_PROXY \u53cd\u4ee3\u8bbe\u4e3a http://10.6.165.50/dce5
\u3002\u786e\u4fdd\u80fd\u591f\u901a\u8fc7 http://10.6.165.50/dce5
\u8bbf\u95ee AI \u7b97\u529b\u4e2d\u5fc3\u3002 \u5ba2\u6237\u7cfb\u7edf\u4e5f\u9700\u8981\u8fdb\u884c\u53cd\u4ee3\u8bbe\u7f6e\uff0c\u9700\u8981\u6839\u636e\u4e0d\u540c\u5e73\u53f0\u7684\u60c5\u51b5\u8fdb\u884c\u5904\u7406\u3002
\u5c06\u5ba2\u6237\u7cfb\u7edf\u4e0e AI \u7b97\u529b\u4e2d\u5fc3\u5e73\u53f0\u901a\u8fc7 OIDC/OAUTH \u7b49\u534f\u8bae\u5bf9\u63a5\uff0c\u4f7f\u7528\u6237\u767b\u5f55\u5ba2\u6237\u7cfb\u7edf\u540e\u8fdb\u5165 AI \u7b97\u529b\u4e2d\u5fc3\u65f6\u65e0\u9700\u518d\u6b21\u767b\u5f55\u3002 \u5728\u62ff\u5230\u5ba2\u6237\u7cfb\u7edf\u7684 OIDC \u4fe1\u606f\u540e\u586b\u5165 \u5168\u5c40\u7ba1\u7406 -> \u7528\u6237\u4e0e\u8bbf\u95ee\u63a7\u5236 -> \u8eab\u4efd\u63d0\u4f9b\u5546 \u4e2d\u3002
\u5bf9\u63a5\u5b8c\u6210\u540e\uff0cAI \u7b97\u529b\u4e2d\u5fc3\u767b\u5f55\u9875\u9762\u5c06\u51fa\u73b0 OIDC\uff08\u81ea\u5b9a\u4e49\uff09\u9009\u9879\uff0c\u9996\u6b21\u4ece\u5ba2\u6237\u7cfb\u7edf\u8fdb\u5165 AI \u7b97\u529b\u4e2d\u5fc3\u65f6\u9009\u62e9\u901a\u8fc7 OIDC \u767b\u5f55\uff0c \u540e\u7eed\u5c06\u76f4\u63a5\u8fdb\u5165 AI \u7b97\u529b\u4e2d\u5fc3\u65e0\u9700\u518d\u6b21\u9009\u62e9\u3002
"},{"location":"admin/ghippo/best-practice/oem/oem-out.html#_3","title":"\u5bf9\u63a5\u5bfc\u822a\u680f","text":"\u5bf9\u63a5\u5bfc\u822a\u680f\u662f\u6307 AI \u7b97\u529b\u4e2d\u5fc3\u51fa\u73b0\u5728\u5ba2\u6237\u7cfb\u7edf\u7684\u83dc\u5355\u4e2d\uff0c\u7528\u6237\u70b9\u51fb\u76f8\u5e94\u7684\u83dc\u5355\u540d\u79f0\u80fd\u591f\u76f4\u63a5\u8fdb\u5165 AI \u7b97\u529b\u4e2d\u5fc3\u3002 \u56e0\u6b64\u5bf9\u63a5\u5bfc\u822a\u680f\u4f9d\u8d56\u4e8e\u5ba2\u6237\u7cfb\u7edf\uff0c\u4e0d\u540c\u5e73\u53f0\u9700\u8981\u6309\u7167\u5177\u4f53\u60c5\u51b5\u8fdb\u884c\u5904\u7406\u3002
"},{"location":"admin/ghippo/best-practice/oem/oem-out.html#_4","title":"\u5b9a\u5236\u5916\u89c2","text":"\u901a\u8fc7 \u5168\u5c40\u7ba1\u7406 -> \u5e73\u53f0\u8bbe\u7f6e -> \u5916\u89c2\u5b9a\u5236 \u53ef\u4ee5\u81ea\u5b9a\u4e49\u5e73\u53f0\u80cc\u666f\u989c\u8272\u3001logo\u3001\u540d\u79f0\u7b49\uff0c \u5177\u4f53\u64cd\u4f5c\u8bf7\u53c2\u7167\u5916\u89c2\u5b9a\u5236\u3002
"},{"location":"admin/ghippo/best-practice/oem/oem-out.html#_5","title":"\u6253\u901a\u6743\u9650\u4f53\u7cfb\uff08\u53ef\u9009\uff09","text":"\u6253\u901a\u6743\u9650\u8f83\u4e3a\u590d\u6742\uff0c\u5982\u6709\u9700\u6c42\u8bf7\u8054\u7cfb\u5168\u5c40\u7ba1\u7406\u56e2\u961f\u3002
"},{"location":"admin/ghippo/best-practice/oem/oem-out.html#_6","title":"\u53c2\u8003","text":"\u53c2\u7167\u4ee5\u4e0b\u6b65\u9aa4\u4e3a AI \u7b97\u529b\u4e2d\u5fc3\u914d\u7f6e\u56fd\u5bc6\u7f51\u5173\u3002
"},{"location":"admin/ghippo/install/gm-gateway.html#_1","title":"\u8f6f\u4ef6\u4ecb\u7ecd","text":"Tengine: Tengine \u662f\u7531\u6dd8\u5b9d\u7f51\u53d1\u8d77\u7684 Web \u670d\u52a1\u5668\u9879\u76ee\u3002\u5b83\u5728 Nginx \u7684\u57fa\u7840\u4e0a\uff0c \u9488\u5bf9\u5927\u8bbf\u95ee\u91cf\u7f51\u7ad9\u7684\u9700\u6c42\uff0c\u6dfb\u52a0\u4e86\u5f88\u591a\u9ad8\u7ea7\u529f\u80fd\u548c\u7279\u6027\u3002\u6bd4\u5982\u652f\u6301 Tongsuo \u63d2\u4ef6\uff0c\u652f\u6301\u56fd\u5bc6\u8bc1\u4e66\u7b49\u3002
Tongsuo: \u94dc\u9501/Tongsuo\uff08\u539f BabaSSL\uff09\u662f\u4e00\u4e2a\u63d0\u4f9b\u73b0\u4ee3\u5bc6\u7801\u5b66\u7b97\u6cd5\u548c\u5b89\u5168\u901a\u4fe1\u534f\u8bae\u7684\u5f00\u6e90\u57fa\u7840\u5bc6\u7801\u5e93\uff0c \u4e3a\u5b58\u50a8\u3001\u7f51\u7edc\u3001\u5bc6\u94a5\u7ba1\u7406\u3001\u9690\u79c1\u8ba1\u7b97\u7b49\u8bf8\u591a\u4e1a\u52a1\u573a\u666f\u63d0\u4f9b\u5e95\u5c42\u7684\u5bc6\u7801\u5b66\u57fa\u7840\u80fd\u529b\uff0c\u5b9e\u73b0\u6570\u636e\u5728\u4f20\u8f93\u3001\u4f7f\u7528\u3001\u5b58\u50a8\u7b49\u8fc7\u7a0b\u4e2d\u7684\u79c1\u5bc6\u6027\u3001\u5b8c\u6574\u6027\u548c\u53ef\u8ba4\u8bc1\u6027\uff0c \u4e3a\u6570\u636e\u751f\u547d\u5468\u671f\u4e2d\u7684\u9690\u79c1\u548c\u5b89\u5168\u63d0\u4f9b\u4fdd\u62a4\u80fd\u529b\u3002
"},{"location":"admin/ghippo/install/gm-gateway.html#_2","title":"\u51c6\u5907\u5de5\u4f5c","text":"\u4e00\u53f0\u5b89\u88c5\u4e86 Docker \u7684 Linux \u4e3b\u673a\uff0c\u5e76\u4e14\u786e\u4fdd\u5b83\u80fd\u8bbf\u95ee\u4e92\u8054\u7f51\u3002
"},{"location":"admin/ghippo/install/gm-gateway.html#_3","title":"\u7f16\u8bd1\u548c\u5b89\u88c5\u56fd\u5bc6\u7f51\u5173","text":"\u4e0b\u9762\u4ecb\u7ecd\u5982\u4f55\u4f7f\u7528 Tengine \u548c Tongsuo \u6784\u5efa\u56fd\u5bc6\u7f51\u5173\u3002
Note
\u6b64\u914d\u7f6e\u4ec5\u4f9b\u53c2\u8003\u3002
FROM docker.m.daocloud.io/debian:11.3\n\n# Version\nENV TENGINE_VERSION=\"2.3.4\" \\\n TONGSUO_VERSION=\"8.3.2\"\n\n# Install required system packages and dependencies\nRUN apt update && \\\n apt -y install \\\n wget \\\n gcc \\\n make \\\n libpcre3 \\\n libpcre3-dev \\\n zlib1g-dev \\\n perl \\\n && apt clean\n\n# Build tengine\nRUN mkdir -p /tmp/pkg/cache/ && cd /tmp/pkg/cache/ \\\n && wget https://github.com/alibaba/tengine/archive/refs/tags/${TENGINE_VERSION}.tar.gz -O tengine-${TENGINE_VERSION}.tar.gz \\\n && tar zxvf tengine-${TENGINE_VERSION}.tar.gz \\\n && wget https://github.com/Tongsuo-Project/Tongsuo/archive/refs/tags/${TONGSUO_VERSION}.tar.gz -O Tongsuo-${TONGSUO_VERSION}.tar.gz \\\n && tar zxvf Tongsuo-${TONGSUO_VERSION}.tar.gz \\\n && cd tengine-${TENGINE_VERSION} \\\n && ./configure \\\n --add-module=modules/ngx_openssl_ntls \\\n --with-openssl=/tmp/pkg/cache/Tongsuo-${TONGSUO_VERSION} \\\n --with-openssl-opt=\"--strict-warnings enable-ntls\" \\\n --with-http_ssl_module --with-stream \\\n --with-stream_ssl_module --with-stream_sni \\\n && make \\\n && make install \\\n && ln -s /usr/local/nginx/sbin/nginx /usr/sbin/ \\\n && rm -rf /tmp/pkg/cache\n\nEXPOSE 80 443\nSTOPSIGNAL SIGTERM\nCMD [\"nginx\", \"-g\", \"daemon off;\"]\n
docker build -t tengine:0.0.1 .\n
"},{"location":"admin/ghippo/install/gm-gateway.html#sm2-rsa-tls","title":"\u751f\u6210 SM2 \u548c RSA TLS \u8bc1\u4e66","text":"\u4e0b\u9762\u4ecb\u7ecd\u5982\u4f55\u751f\u6210 SM2 \u548c RSA TLS \u8bc1\u4e66\uff0c\u5e76\u914d\u7f6e\u56fd\u5bc6\u7f51\u5173\u3002
"},{"location":"admin/ghippo/install/gm-gateway.html#sm2-tls","title":"SM2 TLS \u8bc1\u4e66","text":"Note
\u6b64\u8bc1\u4e66\u4ec5\u9002\u7528\u4e8e\u6d4b\u8bd5\u73af\u5883\u3002
\u60a8\u53ef\u4ee5\u53c2\u8003 Tongsuo \u5b98\u65b9\u6587\u6863\u4f7f\u7528 OpenSSL \u751f\u6210 SM2 \u8bc1\u4e66\uff0c \u6216\u8005\u8bbf\u95ee\u56fd\u5bc6 SSL \u5b9e\u9a8c\u5ba4\u7533\u8bf7 SM2 \u8bc1\u4e66\u3002
\u6700\u7ec8\u6211\u4eec\u4f1a\u5f97\u5230\u4ee5\u4e0b\u6587\u4ef6\uff1a
-rw-r--r-- 1 root root 749 Dec 8 02:59 sm2.*.enc.crt.pem\n-rw-r--r-- 1 root root 258 Dec 8 02:59 sm2.*.enc.key.pem\n-rw-r--r-- 1 root root 749 Dec 8 02:59 sm2.*.sig.crt.pem\n-rw-r--r-- 1 root root 258 Dec 8 02:59 sm2.*.sig.key.pem\n
"},{"location":"admin/ghippo/install/gm-gateway.html#rsa-tls","title":"RSA TLS \u8bc1\u4e66","text":"-rw-r--r-- 1 root root 216 Dec 8 03:21 rsa.*.crt.pem\n-rw-r--r-- 1 root root 4096 Dec 8 02:59 rsa.*.key.pem\n
"},{"location":"admin/ghippo/install/gm-gateway.html#sm2-rsa-tls_1","title":"\u7ed9\u56fd\u5bc6\u7f51\u5173\u914d\u7f6e SM2 \u548c RSA TLS \u8bc1\u4e66","text":"\u672c\u6587\u4e2d\u4f7f\u7528\u7684\u56fd\u5bc6\u7f51\u5173\uff0c\u652f\u6301 SM2 \u548c RSA \u7b49 TLS \u8bc1\u4e66\u3002\u53cc\u8bc1\u4e66\u7684\u4f18\u70b9\u662f\uff1a\u5f53\u6d4f\u89c8\u5668\u4e0d\u652f\u6301 SM2 TLS \u8bc1\u4e66\u65f6\uff0c\u81ea\u52a8\u5207\u6362\u5230 RSA TLS \u8bc1\u4e66\u3002
\u66f4\u591a\u8be6\u7ec6\u914d\u7f6e\uff0c\u8bf7\u53c2\u8003Tongsuo \u5b98\u65b9\u6587\u6863\u3002
\u6211\u4eec\u8fdb\u5165 Tengine \u5bb9\u5668\u5185\u90e8\uff1a
# \u8fdb\u5165 nginx \u914d\u7f6e\u6587\u4ef6\u5b58\u653e\u76ee\u5f55\ncd /usr/local/nginx/conf\n\n# \u521b\u5efa cert \u6587\u4ef6\u5939\uff0c\u7528\u4e8e\u5b58\u653e TLS \u8bc1\u4e66\nmkdir cert\n\n# \u628a SM2\u3001RSA TLS \u8bc1\u4e66\u62f7\u8d1d\u5230 `/usr/local/nginx/conf/cert` \u76ee\u5f55\u4e0b\ncp sm2.*.enc.crt.pem sm2.*.enc.key.pem sm2.*.sig.crt.pem sm2.*.sig.key.pem /usr/local/nginx/conf/cert\ncp rsa.*.crt.pem rsa.*.key.pem /usr/local/nginx/conf/cert\n\n# \u7f16\u8f91 nginx.conf \u914d\u7f6e\nvim nginx.conf\n...\nserver {\n listen 443 ssl;\n proxy_http_version 1.1;\n # \u5f00\u542f\u56fd\u5bc6\u529f\u80fd\uff0c\u4f7f\u5176\u652f\u6301 SM2 \u7b97\u6cd5\u7684 TLS \u8bc1\u4e66\n enable_ntls on;\n\n # RSA \u8bc1\u4e66\n # \u5982\u679c\u60a8\u7684\u6d4f\u89c8\u5668\u4e0d\u652f\u6301\u56fd\u5bc6\u8bc1\u4e66\uff0c\u90a3\u4e48\u60a8\u53ef\u4ee5\u5f00\u542f\u6b64\u9009\u9879\uff0cTengine \u4f1a\u81ea\u52a8\u8bc6\u522b\u6700\u7ec8\u7528\u6237\u7684\u6d4f\u89c8\u5668\uff0c\u5e76\u4f7f\u7528 RSA \u8bc1\u4e66\u8fdb\u884c\u56de\u9000\n ssl_certificate /usr/local/nginx/conf/cert/rsa.*.crt.pem;\n ssl_certificate_key /usr/local/nginx/conf/cert/rsa.*.key.pem;\n\n # \u914d\u7f6e\u4e24\u5bf9 SM2 \u8bc1\u4e66\uff0c\u7528\u4e8e\u52a0\u5bc6\u548c\u7b7e\u540d\n # SM2 \u7b7e\u540d\u8bc1\u4e66\n ssl_sign_certificate /usr/local/nginx/conf/cert/sm2.*.sig.crt.pem;\n ssl_sign_certificate_key /usr/local/nginx/conf/cert/sm2.*.sig.key.pem;\n # SM2 \u52a0\u5bc6\u8bc1\u4e66\n ssl_enc_certificate /usr/local/nginx/conf/cert/sm2.*.enc.crt.pem;\n ssl_enc_certificate_key /usr/local/nginx/conf/cert/sm2.*.enc.key.pem;\n ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;\n\n location / {\n proxy_set_header Host $http_host;\n proxy_set_header X-Real-IP $remote_addr;\n proxy_set_header REMOTE-HOST $remote_addr;\n proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\n # \u60a8\u9700\u8981\u5c06\u8fd9\u91cc\u7684\u5730\u5740\u4fee\u6539\u4e3a Istio \u5165\u53e3\u7f51\u5173\u7684\u5730\u5740\n # \u4f8b\u5982 proxy_pass https://istio-ingressgateway.istio-system.svc.cluster.local\n # \u6216\u8005 proxy_pass https://demo-dev.daocloud.io\n proxy_pass https://istio-ingressgateway.istio-system.svc.cluster.local;\n }\n}\n
"},{"location":"admin/ghippo/install/gm-gateway.html#_4","title":"\u91cd\u65b0\u52a0\u8f7d\u56fd\u5bc6\u7f51\u5173\u7684\u914d\u7f6e","text":"nginx -s reload\n
"},{"location":"admin/ghippo/install/gm-gateway.html#_5","title":"\u4e0b\u4e00\u6b65","text":"\u56fd\u5bc6\u7f51\u5173\u90e8\u7f72\u6210\u529f\u4e4b\u540e\uff0c\u81ea\u5b9a\u4e49 AI \u7b97\u529b\u4e2d\u5fc3\u53cd\u5411\u4ee3\u7406\u670d\u52a1\u5668\u5730\u5740\u3002
"},{"location":"admin/ghippo/install/gm-gateway.html#_6","title":"\u9a8c\u8bc1","text":"\u60a8\u53ef\u4ee5\u90e8\u7f72\u4e00\u4e2a\u652f\u6301\u56fd\u5bc6\u8bc1\u4e66\u7684 Web \u6d4f\u89c8\u5668\u3002 \u4f8b\u5982 Samarium Browser\uff0c \u7136\u540e\u901a\u8fc7 Tengine \u8bbf\u95ee AI \u7b97\u529b\u4e2d\u5fc3 UI \u754c\u9762\uff0c\u9a8c\u8bc1\u56fd\u5bc6\u8bc1\u4e66\u662f\u5426\u751f\u6548\u3002
"},{"location":"admin/ghippo/install/login.html","title":"\u767b\u5f55","text":"\u7528\u6237\u5728\u4f7f\u7528\u4e00\u4e2a\u65b0\u7cfb\u7edf\u524d\uff0c\u5728\u8fd9\u4e2a\u7cfb\u7edf\u4e2d\u662f\u6ca1\u6709\u4efb\u4f55\u6570\u636e\u7684\uff0c\u7cfb\u7edf\u4e5f\u65e0\u6cd5\u8bc6\u522b\u8fd9\u4e2a\u65b0\u7528\u6237\u3002\u4e3a\u4e86\u6807\u8bc6\u7528\u6237\u8eab\u4efd\u3001\u7ed1\u5b9a\u7528\u6237\u6570\u636e\uff0c\u7528\u6237\u9700\u8981\u4e00\u4e2a\u80fd\u552f\u4e00\u6807\u8bc6\u7528\u6237\u8eab\u4efd\u7684\u5e10\u53f7\u3002
AI \u7b97\u529b\u4e2d\u5fc3\u5728 \u7528\u6237\u4e0e\u8bbf\u95ee\u63a7\u5236 \u4e2d\u901a\u8fc7\u7ba1\u7406\u5458\u521b\u5efa\u65b0\u7528\u6237\u7684\u65b9\u5f0f\u4e3a\u7528\u6237\u5206\u914d\u4e00\u4e2a\u9644\u6709\u4e00\u5b9a\u6743\u9650\u7684\u8d26\u53f7\u3002\u8be5\u7528\u6237\u4ea7\u751f\u7684\u6240\u6709\u884c\u4e3a\u90fd\u5c06\u5173\u8054\u5230\u81ea\u5df1\u7684\u5e10\u53f7\u3002
\u7528\u6237\u901a\u8fc7\u8d26\u53f7/\u5bc6\u7801\u8fdb\u884c\u767b\u5f55\uff0c\u7cfb\u7edf\u9a8c\u8bc1\u8eab\u4efd\u662f\u5426\u5408\u6cd5\uff0c\u5982\u679c\u9a8c\u8bc1\u5408\u6cd5\uff0c\u5219\u7528\u6237\u6210\u529f\u767b\u5f55\u3002
Note
\u5982\u679c\u7528\u6237\u767b\u5f55\u540e 24 \u5c0f\u65f6\u5185\u65e0\u4efb\u4f55\u64cd\u4f5c\uff0c\u5c06\u81ea\u52a8\u9000\u51fa\u767b\u5f55\u72b6\u6001\u3002\u5982\u679c\u767b\u5f55\u7684\u7528\u6237\u59cb\u7ec8\u6d3b\u8dc3\uff0c\u5c06\u6301\u7eed\u5904\u4e8e\u767b\u5f55\u72b6\u6001\u3002
\u7528\u6237\u767b\u5f55\u7684\u7b80\u5355\u6d41\u7a0b\u5982\u4e0b\u56fe\u3002
graph TB\n\nuser[\u8f93\u5165\u7528\u6237\u540d] --> pass[\u8f93\u5165\u5bc6\u7801] --> judge([\u70b9\u51fb\u767b\u5f55\u5e76\u6821\u9a8c\u7528\u6237\u540d\u548c\u5bc6\u7801])\njudge -.\u6b63\u786e.->success[\u767b\u5f55\u6210\u529f]\njudge -.\u9519\u8bef.->fail[\u63d0\u793a\u9519\u8bef]\n\nclassDef plain fill:#ddd,stroke:#fff,stroke-width:1px,color:#000;\nclassDef k8s fill:#326ce5,stroke:#fff,stroke-width:1px,color:#fff;\nclassDef cluster fill:#fff,stroke:#bbb,stroke-width:1px,color:#326ce5;\n\nclass user,pass cluster;\nclass judge plain\nclass success,fail k8s
\u7528\u6237\u767b\u5f55\u754c\u9762\u5982\u4e0b\u56fe\u3002\u5177\u4f53\u767b\u5f55\u753b\u9762\uff0c\u8bf7\u4e0e\u5b9e\u9645\u4ea7\u54c1\u4e3a\u51c6\u3002
"},{"location":"admin/ghippo/install/offline-install.html","title":"\u79bb\u7ebf\u5347\u7ea7\u5168\u5c40\u7ba1\u7406\u6a21\u5757","text":"\u672c\u9875\u8bf4\u4e0b\u8f7d\u5168\u5c40\u7ba1\u7406\u6a21\u5757\u7684\u79bb\u7ebf\u5305\u540e\uff0c\u5e94\u8be5\u5982\u4f55\u5b89\u88c5\u6216\u5347\u7ea7\u3002
Info
\u4e0b\u8ff0\u547d\u4ee4\u6216\u811a\u672c\u5185\u51fa\u73b0\u7684 ghippo
\u5b57\u6837\u662f\u5168\u5c40\u7ba1\u7406\u6a21\u5757\u7684\u5185\u90e8\u5f00\u53d1\u4ee3\u53f7\u3002
\u60a8\u53ef\u4ee5\u6839\u636e\u4e0b\u9762\u4e24\u79cd\u65b9\u5f0f\u4e4b\u4e00\u52a0\u8f7d\u955c\u50cf\uff0c\u5f53\u73af\u5883\u4e2d\u5b58\u5728\u955c\u50cf\u4ed3\u5e93\u65f6\uff0c\u5efa\u8bae\u9009\u62e9 chart-syncer \u540c\u6b65\u955c\u50cf\u5230\u955c\u50cf\u4ed3\u5e93\uff0c\u8be5\u65b9\u6cd5\u66f4\u52a0\u9ad8\u6548\u4fbf\u6377\u3002
"},{"location":"admin/ghippo/install/offline-install.html#chart-syncer","title":"chart-syncer \u540c\u6b65\u955c\u50cf\u5230\u955c\u50cf\u4ed3\u5e93","text":"\u521b\u5efa load-image.yaml
Note
\u8be5 YAML \u6587\u4ef6\u4e2d\u7684\u5404\u9879\u53c2\u6570\u5747\u4e3a\u5fc5\u586b\u9879\u3002\u60a8\u9700\u8981\u4e00\u4e2a\u79c1\u6709\u7684\u955c\u50cf\u4ed3\u5e93\uff0c\u5e76\u4fee\u6539\u76f8\u5173\u914d\u7f6e\u3002
\u5df2\u5b89\u88c5 chart repo\u672a\u5b89\u88c5 chart repo\u82e5\u5f53\u524d\u73af\u5883\u5df2\u5b89\u88c5 chart repo\uff0cchart-syncer \u4e5f\u652f\u6301\u5c06 Chart \u5bfc\u51fa\u4e3a tgz \u6587\u4ef6\u3002
load-image.yamlsource:\n intermediateBundlesPath: ghippo-offline # (1)!\ntarget:\n containerRegistry: 10.16.10.111 # (2)!\n containerRepository: release.daocloud.io/ghippo # (3)!\n repo:\n kind: HARBOR # (4)!\n url: http://10.16.10.111/chartrepo/release.daocloud.io # (5)!\n auth:\n username: \"admin\" # (6)!\n password: \"Harbor12345\" # (7)!\n containers:\n auth:\n username: \"admin\" # (8)!\n password: \"Harbor12345\" # (9)!\n
\u82e5\u5f53\u524d\u73af\u5883\u672a\u5b89\u88c5 chart repo\uff0cchart-syncer \u4e5f\u652f\u6301\u5c06 Chart \u5bfc\u51fa\u4e3a tgz \u6587\u4ef6\uff0c\u5e76\u5b58\u653e\u5728\u6307\u5b9a\u8def\u5f84\u3002
load-image.yamlsource:\n intermediateBundlesPath: ghippo-offline # (1)!\ntarget:\n containerRegistry: 10.16.10.111 # (2)!\n containerRepository: release.daocloud.io/ghippo # (3)!\n repo:\n kind: LOCAL\n path: ./local-repo # (4)!\n containers:\n auth:\n username: \"admin\" # (5)!\n password: \"Harbor12345\" # (6)!\n
\u6267\u884c\u540c\u6b65\u955c\u50cf\u547d\u4ee4\u3002
charts-syncer sync --config load-image.yaml\n
\u89e3\u538b\u5e76\u52a0\u8f7d\u955c\u50cf\u6587\u4ef6\u3002
\u89e3\u538b tar \u538b\u7f29\u5305\u3002
tar xvf ghippo.bundle.tar\n
\u89e3\u538b\u6210\u529f\u540e\u4f1a\u5f97\u5230\u51e0\u4e2a\u6587\u4ef6\uff1a
\u4ece\u672c\u5730\u52a0\u8f7d\u955c\u50cf\u5230 Docker \u6216 containerd\u3002
Dockercontainerddocker load -i images.tar\n
ctr -n k8s.io image import images.tar\n
Note
\u6bcf\u4e2a node \u90fd\u9700\u8981\u505a Docker \u6216 containerd \u52a0\u8f7d\u955c\u50cf\u64cd\u4f5c\uff0c \u52a0\u8f7d\u5b8c\u6210\u540e\u9700\u8981 tag \u955c\u50cf\uff0c\u4fdd\u6301 Registry\u3001Repository \u4e0e\u5b89\u88c5\u65f6\u4e00\u81f4\u3002
"},{"location":"admin/ghippo/install/offline-install.html#_3","title":"\u5347\u7ea7","text":"\u5347\u7ea7\u6ce8\u610f\u4e8b\u9879\uff1a
\u4ece v0.11.x \u5347\u7ea7\u5230 \u2265v0.12.0\u4ece v0.15.x \u5347\u7ea7\u5230 \u2265v0.16.0\u5f53\u4ece v0.11.x (\u6216\u66f4\u4f4e\u7248\u672c) \u5347\u7ea7\u5230 v0.12.0 (\u6216\u66f4\u9ad8\u7248\u672c) \u65f6\uff0c\u9700\u8981\u5c06 bak.yaml \u4e2d\u6240\u6709 keycloak key \u4fee\u6539\u4e3a keycloakx \u3002
\u4fee\u6539\u524d\uff1a
bak.yamlUSER-SUPPLIED VALUES:\nkeycloak:\n ...\n
\u4fee\u6539\u540e\uff1a
bak.yamlUSER-SUPPLIED VALUES:\nkeycloakx:\n ...\n
\u5f53\u4ece v0.15.x (\u6216\u66f4\u4f4e\u7248\u672c) \u5347\u7ea7\u5230 v0.16.0 (\u6216\u66f4\u9ad8\u7248\u672c) \u65f6\uff0c\u9700\u8981\u4fee\u6539\u6570\u636e\u5e93\u8fde\u63a5\u53c2\u6570\u3002
\u4fee\u6539\u524d\uff1a
bak.yamlUSER-SUPPLIED VALUES:\nglobal:\n database:\n host: 127.0.0.1\n port: 3306\n apiserver:\n dbname: ghippo\n password: passowrd\n user: ghippo\n keycloakx:\n dbname: keycloak\n password: passowrd\n user: keycloak\n auditDatabase:\n auditserver:\n dbname: audit\n password: passowrd\n user: audit\n host: 127.0.0.1\n port: 3306\n
\u4fee\u6539\u540e\uff1a
bak.yamlUSER-SUPPLIED VALUES:\nglobal:\n storage:\n ghippo:\n - driver: mysql\n accessType: readwrite\n dsn: {global.database.apiserver.user}:{global.database.apiserver.password}@tcp({global.database.host}:{global.database.port})/{global.database.apiserver.dbname}?charset=utf8mb4&multiStatements=true&parseTime=true\n audit:\n - driver: mysql\n accessType: readwrite\n dsn: {global.auditDatabase.auditserver.user}:{global.auditDatabase.auditserver.password}@tcp({global.auditDatabase.host}:{global.auditDatabase.port})/{global.auditDatabase.auditserver.dbname}?charset=utf8mb4&multiStatements=true&parseTime=true\n keycloak:\n - driver: mysql\n accessType: readwrite\n dsn: {global.database.keycloakx.user}:{global.database.keycloakx.password}@tcp({global.database.host}:{global.database.port})/{global.database.keycloakx.dbname}?charset=utf8mb4\n
\u6709\u4e24\u79cd\u5347\u7ea7\u65b9\u5f0f\u3002\u60a8\u53ef\u4ee5\u6839\u636e\u524d\u7f6e\u64cd\u4f5c\uff0c\u9009\u62e9\u5bf9\u5e94\u7684\u5347\u7ea7\u65b9\u6848\uff1a
\u901a\u8fc7 Helm \u4ed3\u5e93\u5347\u7ea7\u901a\u8fc7 Chart \u5305\u5347\u7ea7\u68c0\u67e5\u5168\u5c40\u7ba1\u7406 Helm \u4ed3\u5e93\u662f\u5426\u5b58\u5728\u3002
helm repo list | grep ghippo\n
\u82e5\u8fd4\u56de\u7ed3\u679c\u4e3a\u7a7a\u6216\u5982\u4e0b\u63d0\u793a\uff0c\u5219\u8fdb\u884c\u4e0b\u4e00\u6b65\uff1b\u53cd\u4e4b\u5219\u8df3\u8fc7\u4e0b\u4e00\u6b65\u3002
Error: no repositories to show\n
\u6dfb\u52a0\u5168\u5c40\u7ba1\u7406\u7684 Helm \u4ed3\u5e93\u3002
helm repo add ghippo http://{harbor url}/chartrepo/{project}\n
\u66f4\u65b0\u5168\u5c40\u7ba1\u7406\u7684 Helm \u4ed3\u5e93\u3002
helm repo update ghippo # (1)!\n
helm update repo
\u9009\u62e9\u60a8\u60f3\u5b89\u88c5\u7684\u5168\u5c40\u7ba1\u7406\u7248\u672c\uff08\u5efa\u8bae\u5b89\u88c5\u6700\u65b0\u7248\u672c\uff09\u3002
helm search repo ghippo/ghippo --versions\n
NAME CHART VERSION APP VERSION DESCRIPTION\nghippo/ghippo 0.9.0 v0.9.0 A Helm chart for GHippo\n...\n
\u5907\u4efd --set
\u53c2\u6570\u3002
\u5728\u5347\u7ea7\u5168\u5c40\u7ba1\u7406\u7248\u672c\u4e4b\u524d\uff0c\u5efa\u8bae\u60a8\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5907\u4efd\u8001\u7248\u672c\u7684 --set
\u53c2\u6570\u3002
helm get values ghippo -n ghippo-system -o yaml > bak.yaml\n
\u66f4\u65b0 Ghippo CRD\uff1a
helm pull ghippo/ghippo --version 0.9.0 && tar -zxf ghippo-0.9.0.tgz\nkubectl apply -f ghippo/crds\n
\u6267\u884c helm upgrade
\u3002
\u5347\u7ea7\u524d\u5efa\u8bae\u60a8\u8986\u76d6 bak.yaml \u4e2d\u7684 global.imageRegistry
\u5b57\u6bb5\u4e3a\u5f53\u524d\u4f7f\u7528\u7684\u955c\u50cf\u4ed3\u5e93\u5730\u5740\u3002
export imageRegistry={\u4f60\u7684\u955c\u50cf\u4ed3\u5e93}\n
helm upgrade ghippo ghippo/ghippo \\\n -n ghippo-system \\\n -f ./bak.yaml \\\n --set global.imageRegistry=$imageRegistry \\\n --version 0.9.0\n
\u5907\u4efd --set
\u53c2\u6570\u3002
\u5728\u5347\u7ea7\u5168\u5c40\u7ba1\u7406\u7248\u672c\u4e4b\u524d\uff0c\u5efa\u8bae\u60a8\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5907\u4efd\u8001\u7248\u672c\u7684 --set
\u53c2\u6570\u3002
helm get values ghippo -n ghippo-system -o yaml > bak.yaml\n
\u66f4\u65b0 Ghippo CRD\uff1a
kubectl apply -f ./crds\n
\u6267\u884c helm upgrade
\u3002
\u5347\u7ea7\u524d\u5efa\u8bae\u60a8\u8986\u76d6 bak.yaml \u4e2d\u7684 global.imageRegistry
\u4e3a\u5f53\u524d\u4f7f\u7528\u7684\u955c\u50cf\u4ed3\u5e93\u5730\u5740\u3002
export imageRegistry={\u4f60\u7684\u955c\u50cf\u4ed3\u5e93}\n
helm upgrade ghippo . \\\n -n ghippo-system \\\n -f ./bak.yaml \\\n --set global.imageRegistry=$imageRegistry\n
\u5177\u4f53\u8bbe\u7f6e\u6b65\u9aa4\u5982\u4e0b\uff1a
\u68c0\u67e5\u5168\u5c40\u7ba1\u7406 helm \u4ed3\u5e93\u662f\u5426\u5b58\u5728\u3002
helm repo list | grep ghippo\n
\u82e5\u8fd4\u56de\u7ed3\u679c\u4e3a\u7a7a\u6216\u5982\u4e0b\u63d0\u793a\uff0c\u5219\u8fdb\u884c\u4e0b\u4e00\u6b65\uff1b\u53cd\u4e4b\u5219\u8df3\u8fc7\u4e0b\u4e00\u6b65\u3002
Error: no repositories to show\n
\u6dfb\u52a0\u5e76\u4e14\u66f4\u65b0\u5168\u5c40\u7ba1\u7406\u7684 helm \u4ed3\u5e93\u3002
helm repo add ghippo http://{harbor url}/chartrepo/{project}\nhelm repo update ghippo\n
\u8bbe\u7f6e\u73af\u5883\u53d8\u91cf\uff0c\u65b9\u4fbf\u5728\u4e0b\u6587\u4e2d\u4f7f\u7528\u3002
# \u60a8\u7684\u53cd\u5411\u4ee3\u7406\u5730\u5740\uff0c\u4f8b\u5982 `export AI_PROXY=\"https://demo-alpha.daocloud.io\"` \nexport AI_PROXY=\"https://domain:port\"\n\n# helm --set \u53c2\u6570\u5907\u4efd\u6587\u4ef6\nexport GHIPPO_VALUES_BAK=\"ghippo-values-bak.yaml\"\n\n# \u83b7\u53d6\u5f53\u524d ghippo \u7684\u7248\u672c\u53f7\nexport GHIPPO_HELM_VERSION=$(helm get notes ghippo -n ghippo-system | grep \"Chart Version\" | awk -F ': ' '{ print $2 }')\n
\u5907\u4efd --set \u53c2\u6570\u3002
helm get values ghippo -n ghippo-system -o yaml > ${GHIPPO_VALUES_BAK}\n
\u6dfb\u52a0\u60a8\u7684\u53cd\u5411\u4ee3\u7406\u5730\u5740\u3002
Note
\u5982\u679c\u53ef\u4ee5\uff0c\u60a8\u53ef\u4ee5\u4f7f\u7528 yq \u547d\u4ee4\uff1a
yq -i \".global.reverseProxy = \\\"${AI_PROXY}\\\"\" ${GHIPPO_VALUES_BAK}\n
\u6216\u8005\u60a8\u53ef\u4ee5\u4f7f\u7528 vim \u547d\u4ee4\u7f16\u8f91\u5e76\u4fdd\u5b58\uff1a
vim ${GHIPPO_VALUES_BAK}\n\nUSER-SUPPLIED VALUES:\n...\nglobal:\n ...\n reverseProxy: ${AI_PROXY} # \u53ea\u9700\u8981\u4fee\u6539\u8fd9\u4e00\u884c\n
\u6267\u884c helm upgrade
\u4f7f\u914d\u7f6e\u751f\u6548\u3002
helm upgrade ghippo ghippo/ghippo \\\n -n ghippo-system \\\n -f ${GHIPPO_VALUES_BAK} \\\n --version ${GHIPPO_HELM_VERSION}\n
\u4f7f\u7528 kubectl \u91cd\u542f\u5168\u5c40\u7ba1\u7406 Pod\uff0c\u4f7f\u914d\u7f6e\u751f\u6548\u3002
kubectl rollout restart deploy/ghippo-apiserver -n ghippo-system\nkubectl rollout restart statefulset/ghippo-keycloakx -n ghippo-system\n
\u5177\u4f53\u8bbe\u7f6e\u6b65\u9aa4\u5982\u4e0b\uff1a
\u68c0\u67e5\u5168\u5c40\u7ba1\u7406 helm \u4ed3\u5e93\u662f\u5426\u5b58\u5728\u3002
helm repo list | grep ghippo\n
\u82e5\u8fd4\u56de\u7ed3\u679c\u4e3a\u7a7a\u6216\u5982\u4e0b\u63d0\u793a\uff0c\u5219\u8fdb\u884c\u4e0b\u4e00\u6b65\uff1b\u53cd\u4e4b\u5219\u8df3\u8fc7\u4e0b\u4e00\u6b65\u3002
Error: no repositories to show\n
\u6dfb\u52a0\u5e76\u4e14\u66f4\u65b0\u5168\u5c40\u7ba1\u7406\u7684 helm \u4ed3\u5e93\u3002
helm repo add ghippo http://{harbor url}/chartrepo/{project}\nhelm repo update ghippo\n
\u8bbe\u7f6e\u73af\u5883\u53d8\u91cf\uff0c\u65b9\u4fbf\u5728\u4e0b\u6587\u4e2d\u4f7f\u7528\u3002
# helm --set \u53c2\u6570\u5907\u4efd\u6587\u4ef6\nexport GHIPPO_VALUES_BAK=\"ghippo-values-bak.yaml\"\n\n# \u83b7\u53d6\u5f53\u524d ghippo \u7684\u7248\u672c\u53f7\nexport GHIPPO_HELM_VERSION=$(helm get notes ghippo -n ghippo-system | grep \"Chart Version\" | awk -F ': ' '{ print $2 }')\n
\u5907\u4efd --set \u53c2\u6570\u3002
helm get values ghippo -n ghippo-system -o yaml > ${GHIPPO_VALUES_BAK}\n
\u6253\u5f00 Folder/WS \u4e4b\u95f4\u7684\u9694\u79bb\u6a21\u5f0f\u5f00\u5173\u3002
Note
\u5982\u679c\u53ef\u4ee5\uff0c\u60a8\u53ef\u4ee5\u4f7f\u7528 yq \u547d\u4ee4\uff1a
yq -i \".apiserver.userIsolationMode = \\\"Folder\\\"\" ${GHIPPO_VALUES_BAK}\n
\u6216\u8005\u60a8\u53ef\u4ee5\u4f7f\u7528 vim \u547d\u4ee4\u7f16\u8f91\u5e76\u4fdd\u5b58\uff1a
vim ${GHIPPO_VALUES_BAK}\n\nUSER-SUPPLIED VALUES:\n...\n# \u6dfb\u52a0\u4e0b\u9762\u4e24\u884c\u5373\u53ef\napiserver:\n userIsolationMode: Folder\n
\u6267\u884c helm upgrade
\u4f7f\u914d\u7f6e\u751f\u6548\u3002
helm upgrade ghippo ghippo/ghippo \\\n -n ghippo-system \\\n -f ${GHIPPO_VALUES_BAK} \\\n --version ${GHIPPO_HELM_VERSION}\n
\u4f7f\u7528 kubectl \u91cd\u542f\u5168\u5c40\u7ba1\u7406 Pod\uff0c\u4f7f\u914d\u7f6e\u751f\u6548\u3002
kubectl rollout restart deploy/ghippo-apiserver -n ghippo-system\n
AI Lab \u652f\u6301\u56db\u79cd\u7528\u6237\u89d2\u8272\uff1a
\u5f00\u53d1\u63a7\u5236\u53f0
\u548c \u8fd0\u7ef4\u7ba1\u7406
\u5168\u90e8\u529f\u80fd\u7684\u589e\u5220\u6539\u67e5\u7684\u6743\u9650\u3002\u5f00\u53d1\u63a7\u5236\u53f0
\u5168\u90e8\u529f\u80fd\u7684\u589e\u5220\u6539\u67e5\u7684\u6743\u9650\u3002\u5f00\u53d1\u63a7\u5236\u53f0
\u5168\u90e8\u529f\u80fd\u7684\u66f4\u65b0\u3001\u67e5\u8be2\u7684\u6743\u9650\u3002\u5f00\u53d1\u63a7\u5236\u53f0
\u5168\u90e8\u529f\u80fd\u7684\u67e5\u8be2\u7684\u6743\u9650\u3002\u6bcf\u79cd\u89d2\u8272\u5177\u6709\u4e0d\u540c\u7684\u6743\u9650\uff0c\u5177\u4f53\u8bf4\u660e\u5982\u4e0b\u3002
\u83dc\u5355\u5bf9\u8c61 \u64cd\u4f5c Admin / Baize Owner Workspace Admin Workspace Editor Workspace Viewer \u5f00\u53d1\u63a7\u5236\u53f0 \u6982\u89c8 \u67e5\u770b\u6982\u89c8 \u2713 \u2713 \u2713 \u2713 Notebooks \u67e5\u770b Notebooks \u5217\u8868 \u2713 \u2713 \u2713 \u2713 \u67e5\u770b Notebooks \u8be6\u60c5 \u2713 \u2713 \u2713 \u2717 \u521b\u5efa Notebooks \u2713 \u2713 \u2717 \u2717 \u66f4\u65b0 Notebooks \u2713 \u2713 \u2713 \u2717 \u514b\u9686 Notebooks \u2713 \u2713 \u2717 \u2717 \u505c\u6b62 Notebooks \u2713 \u2713 \u2713 \u2717 \u542f\u52a8 Notebooks \u2713 \u2713 \u2713 \u2717 \u5220\u9664 Notebooks \u2713 \u2713 \u2717 \u2717 \u4efb\u52a1\u5217\u8868 \u67e5\u770b\u4efb\u52a1\u5217\u8868 \u2713 \u2713 \u2713 \u2713 \u67e5\u770b\u4efb\u52a1\u8be6\u60c5 \u2713 \u2713 \u2713 \u2713 \u521b\u5efa\u4efb\u52a1 \u2713 \u2713 \u2717 \u2717 \u514b\u9686\u4efb\u52a1 \u2713 \u2713 \u2717 \u2717 \u67e5\u770b\u4efb\u52a1\u8d1f\u8f7d\u8be6\u60c5 \u2713 \u2713 \u2713 \u2717 \u5220\u9664\u4efb\u52a1 \u2713 \u2713 \u2717 \u2717 \u4efb\u52a1\u5206\u6790 \u67e5\u770b\u4efb\u52a1\u5206\u6790 \u2713 \u2713 \u2713 \u2713 \u67e5\u770b\u4efb\u52a1\u5206\u6790\u8be6\u60c5 \u2713 \u2713 \u2713 \u2713 \u5220\u9664\u4efb\u52a1\u5206\u6790 \u2713 \u2713 \u2717 \u2717 \u6570\u636e\u96c6\u5217\u8868 \u67e5\u770b\u6570\u636e\u96c6\u5217\u8868 \u2713 \u2713 \u2713 \u2717 \u521b\u5efa\u6570\u636e\u96c6 \u2713 \u2713 \u2717 \u2717 \u91cd\u65b0\u540c\u6b65\u6570\u636e\u96c6 \u2713 \u2713 \u2713 \u2717 \u66f4\u65b0\u51ed\u8bc1 \u2713 \u2713 \u2713 \u2717 \u5220\u9664\u6570\u636e\u96c6 \u2713 \u2713 \u2717 \u2717 \u73af\u5883\u7ba1\u7406 \u67e5\u770b\u73af\u5883\u7ba1\u7406\u5217\u8868 \u2713 \u2713 \u2713 \u2713 \u521b\u5efa\u73af\u5883 \u2713 \u2713 \u2717 \u2717 \u66f4\u65b0\u73af\u5883 \u2713 \u2713 \u2713 \u2717 \u5220\u9664\u73af\u5883 \u2713 \u2713 \u2717 \u2717 \u63a8\u7406\u670d\u52a1 \u67e5\u770b\u63a8\u7406\u670d\u52a1\u5217\u8868 \u2713 \u2713 \u2713 \u2713 \u67e5\u770b\u63a8\u7406\u670d\u52a1\u8be6\u60c5 \u2713 \u2713 \u2713 \u2713 \u521b\u5efa\u63a8\u7406\u670d\u52a1 \u2713 \u2713 \u2717 \u2717 \u66f4\u65b0\u63a8\u7406\u670d\u52a1 \u2713 \u2713 \u2713 \u2717 \u505c\u6b62\u63a8\u7406\u670d\u52a1 \u2713 \u2713 \u2713 \u2717 \u542f\u52a8\u63a8\u7406\u670d\u52a1 \u2713 \u2713 \u2713 \u2717 \u5220\u9664\u63a8\u7406\u670d\u52a1 \u2713 \u2713 \u2717 \u2717 \u8fd0\u7ef4\u7ba1\u7406 \u6982\u89c8 \u67e5\u770b\u6982\u89c8 \u2713 \u2717 \u2717 \u2717 GPU \u7ba1\u7406 \u67e5\u770b GPU \u7ba1\u7406\u5217\u8868 \u2713 \u2717 \u2717 \u2717 \u961f\u5217\u7ba1\u7406 \u67e5\u770b\u961f\u5217\u7ba1\u7406\u5217\u8868 \u2713 \u2717 \u2717 \u2717 \u67e5\u770b\u961f\u5217\u8be6\u60c5 \u2713 \u2717 \u2717 \u2717 \u521b\u5efa\u961f\u5217 \u2713 \u2717 \u2717 \u2717 \u66f4\u65b0\u961f\u5217 \u2713 \u2717 \u2717 \u2717 \u5220\u9664\u961f\u5217 \u2713 \u2717 \u2717 \u2717"},{"location":"admin/ghippo/permissions/kpanda.html","title":"\u5bb9\u5668\u7ba1\u7406\u6743\u9650\u8bf4\u660e","text":"\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u4f7f\u7528\u4ee5\u4e0b\u89d2\u8272\uff1a
Note
\u5404\u89d2\u8272\u6240\u5177\u5907\u7684\u6743\u9650\u5982\u4e0b\uff1a
\u4e00\u7ea7\u529f\u80fd \u4e8c\u7ea7\u529f\u80fd \u6743\u9650\u70b9 Cluster Admin Ns Admin Ns Editor NS Viewer \u96c6\u7fa4 \u96c6\u7fa4\u5217\u8868 \u67e5\u770b\u96c6\u7fa4\u5217\u8868 \u2713 \u2713 \u2713 \u2713 \u63a5\u5165\u96c6\u7fa4 \u2717 \u2717 \u2717 \u2717 \u521b\u5efa\u96c6\u7fa4 \u2717 \u2717 \u2717 \u2717 \u96c6\u7fa4\u64cd\u4f5c \u8fdb\u5165\u63a7\u5236\u53f0 \u2713 \u2713\uff08\u4ec5\u5217\u8868\u5185\u53ef\u4ee5\u8fdb\u5165\uff09 \u2713 \u2717 \u67e5\u770b\u76d1\u63a7 \u2713 \u2717 \u2717 \u2717 \u7f16\u8f91\u57fa\u7840\u914d\u7f6e \u2713 \u2717 \u2717 \u2717 \u4e0b\u8f7d kubeconfig \u2713 \u2713\uff08\u4e0b\u8f7dns\u6743\u9650\u7684kubeconfig\uff09 \u2713\uff08\u4e0b\u8f7d ns \u6743\u9650\u7684 kubeconfig\uff09 \u2713\uff08\u4e0b\u8f7d ns \u6743\u9650\u7684 kubeconfig\uff09 \u89e3\u9664\u63a5\u5165 \u2717 \u2717 \u2717 \u2717 \u67e5\u770b\u65e5\u5fd7 \u2713 \u2717 \u2717 \u2717 \u91cd\u8bd5 \u2717 \u2717 \u2717 \u2717 \u5378\u8f7d\u96c6\u7fa4 \u2717 \u2717 \u2717 \u2717 \u96c6\u7fa4\u6982\u89c8 \u67e5\u770b\u96c6\u7fa4\u6982\u89c8 \u2713 \u2717 \u2717 \u2717 \u8282\u70b9\u7ba1\u7406 \u63a5\u5165\u8282\u70b9 \u2717 \u2717 \u2717 \u2717 \u67e5\u770b\u8282\u70b9\u5217\u8868 \u2713 \u2717 \u2717 \u2717 \u67e5\u770b\u8282\u70b9\u8be6\u60c5 \u2713 \u2717 \u2717 \u2717 \u67e5\u770b YAML \u2713 \u2717 \u2717 \u2717 \u6682\u505c\u8c03\u5ea6 \u2713 \u2717 \u2717 \u2717 \u4fee\u6539\u6807\u7b7e \u2713 \u2717 \u2717 \u2717 \u4fee\u6539\u6ce8\u89e3 \u2713 \u2717 \u2717 \u2717 \u4fee\u6539\u6c61\u70b9 \u2713 \u2717 \u2717 \u2717 \u79fb\u9664\u8282\u70b9 \u2717 \u2717 \u2717 \u2717 \u65e0\u72b6\u6001\u8d1f\u8f7d \u67e5\u770b\u5217\u8868 \u2713 \u2713 \u2713 \u2713 \u67e5\u770b/\u7ba1\u7406\u8be6\u60c5 \u2713 \u2713 \u2713 \u2713\uff08\u4ec5\u67e5\u770b\uff09 YAML \u521b\u5efa \u2713 \u2713 \u2713 \u2717 \u955c\u50cf\u521b\u5efa \u2713 \u2713 \u2713 \u2717 \u9009\u62e9 ns \u7ed1\u5b9a\u7684 ws \u5185\u7684\u5b9e\u4f8b \u9009\u62e9\u955c\u50cf \u2713 \u2713 \u2713 \u2717 IP \u6c60\u67e5\u770b \u2713 \u2713 \u2713 \u2717 \u7f51\u5361\u7f16\u8f91 \u2713 \u2713 \u2713 \u2717 \u8fdb\u5165\u63a7\u5236\u53f0 \u2713 \u2713 \u2713 \u2717 \u67e5\u770b\u76d1\u63a7 \u2713 \u2713 \u2713 \u2713 \u67e5\u770b\u65e5\u5fd7 \u2713 \u2713 \u2713 \u2713 \u8d1f\u8f7d\u4f38\u7f29 \u2713 \u2713 \u2713 \u2717 \u7f16\u8f91 YAML \u2713 \u2713 \u2713 \u2717 \u66f4\u65b0 \u2713 \u2713 \u2713 \u2717 \u72b6\u6001 - \u6682\u505c\u5347\u7ea7 \u2713 \u2713 \u2713 \u2717 \u72b6\u6001 - \u505c\u6b62 \u2713 \u2713 \u2713 \u2717 \u72b6\u6001 - \u91cd\u542f \u2713 \u2713 \u2713 \u2717 \u5220\u9664 \u2713 \u2713 \u2713 \u2717 \u6709\u72b6\u6001\u8d1f\u8f7d \u67e5\u770b\u5217\u8868 \u2713 \u2713 \u2713 \u2713 \u67e5\u770b/\u7ba1\u7406\u8be6\u60c5 \u2713 \u2713 \u2713 \u2713\uff08\u4ec5\u67e5\u770b\uff09 YAML \u521b\u5efa \u2713 \u2713 \u2713 \u2717 \u955c\u50cf\u521b\u5efa \u2713 \u2713 \u2713 \u2717 \u9009\u62e9ns\u7ed1\u5b9a\u7684ws\u5185\u7684\u5b9e\u4f8b \u9009\u62e9\u955c\u50cf \u2713 \u2713 \u2713 \u2717 \u8fdb\u5165\u63a7\u5236\u53f0 \u2713 \u2713 \u2713 \u2717 \u67e5\u770b\u76d1\u63a7 \u2713 \u2713 \u2713 \u2713 \u67e5\u770b\u65e5\u5fd7 \u2713 \u2713 \u2713 \u2713 \u8d1f\u8f7d\u4f38\u7f29 \u2713 \u2713 \u2713 \u2717 \u7f16\u8f91 YAML \u2713 \u2713 \u2713 \u2717 \u66f4\u65b0 \u2713 \u2713 \u2713 \u2717 \u72b6\u6001-\u505c\u6b62 \u2713 \u2713 \u2713 \u2717 \u72b6\u6001-\u91cd\u542f \u2713 \u2713 \u2713 \u2717 \u5220\u9664 \u2713 \u2713 \u2713 \u2717 \u5b88\u62a4\u8fdb\u7a0b \u67e5\u770b\u5217\u8868 \u2713 \u2713 \u2713 \u2713 \u67e5\u770b/\u7ba1\u7406\u8be6\u60c5 \u2713 \u2713 \u2713 \u2713\uff08\u4ec5\u67e5\u770b\uff09 YAML \u521b\u5efa \u2713 \u2713 \u2713 \u2717 \u955c\u50cf\u521b\u5efa \u2713 \u2713 \u2713 \u2717 \u9009\u62e9ns\u7ed1\u5b9a\u7684ws\u5185\u7684\u5b9e\u4f8b \u9009\u62e9\u955c\u50cf \u2713 \u2713 \u2713 \u2717 \u8fdb\u5165\u63a7\u5236\u53f0 \u2713 \u2713 \u2713 \u2717 \u67e5\u770b\u76d1\u63a7 \u2713 \u2713 \u2713 \u2713 \u67e5\u770b\u65e5\u5fd7 \u2713 \u2713 \u2713 \u2713 \u7f16\u8f91 YAML \u2713 \u2713 \u2713 \u2717 \u66f4\u65b0 \u2713 \u2713 \u2713 \u2717 \u72b6\u6001-\u91cd\u542f \u2713 \u2713 \u2713 \u2717 \u5220\u9664 \u2713 \u2713 \u2713 \u2717 \u4efb\u52a1 \u67e5\u770b\u5217\u8868 \u2713 \u2713 \u2713 \u2713 \u67e5\u770b/\u7ba1\u7406\u8be6\u60c5 \u2713 \u2713 \u2713 \u2713\uff08\u4ec5\u67e5\u770b\uff09 YAML \u521b\u5efa \u2713 \u2713 \u2713 \u2717 \u955c\u50cf\u521b\u5efa \u2713 \u2713 \u2713 \u2717 \u5b9e\u4f8b\u5217\u8868 \u2713 \u2713 \u2713 \u2713 \u9009\u62e9ns\u7ed1\u5b9a\u7684ws\u5185\u7684\u5b9e\u4f8b \u9009\u62e9\u955c\u50cf \u2713 \u2713 \u2713 \u2717 \u8fdb\u5165\u63a7\u5236\u53f0 \u2713 \u2713 \u2713 \u2717 \u67e5\u770b\u65e5\u5fd7 \u2713 \u2713 \u2713 \u2713 \u67e5\u770b YAML \u2713 \u2713 \u2713 \u2713 \u91cd\u542f \u2713 \u2713 \u2713 \u2717 \u67e5\u770b\u4e8b\u4ef6 \u2713 \u2713 \u2713 \u2713 \u5220\u9664 \u2713 \u2713 \u2713 \u2717 \u5b9a\u65f6\u4efb\u52a1 \u67e5\u770b\u5217\u8868 \u2713 \u2713 \u2713 \u2713 \u67e5\u770b/\u7ba1\u7406\u8be6\u60c5 \u2713 \u2713 \u2713 \u2713\uff08\u4ec5\u67e5\u770b\uff09 YAML \u521b\u5efa \u2713 \u2713 \u2713 \u2717 \u955c\u50cf\u521b\u5efa \u2713 \u2713 \u2713 \u2717 \u9009\u62e9ns\u7ed1\u5b9a\u7684ws\u5185\u7684\u5b9e\u4f8b \u9009\u62e9\u955c\u50cf \u2713 \u2713 \u2713 \u2717 \u7f16\u8f91 YAML \u2713 \u2713 \u2713 \u2717 \u505c\u6b62 \u2713 \u2713 \u2713 \u2717 \u67e5\u770b\u4efb\u52a1\u5217\u8868 \u2713 \u2713 \u2713 \u2713 \u67e5\u770b\u4e8b\u4ef6 \u2713 \u2713 \u2713 \u2713 \u5220\u9664 \u2713 \u2713 \u2713 \u2717 \u5bb9\u5668\u7ec4 \u67e5\u770b\u5217\u8868 \u2713 \u2713 \u2713 \u2713 \u67e5\u770b/\u7ba1\u7406\u8be6\u60c5 \u2713 \u2713 \u2713 \u2713\uff08\u4ec5\u67e5\u770b\uff09 \u8fdb\u5165\u63a7\u5236\u53f0 \u2713 \u2713 \u2713 \u2717 \u67e5\u770b\u76d1\u63a7 \u2713 \u2713 \u2713 \u2713 \u67e5\u770b\u65e5\u5fd7 \u2713 \u2713 \u2713 \u2713 \u67e5\u770b YAML \u2713 \u2713 \u2713 \u2713 \u4e0a\u4f20\u6587\u4ef6 \u2713 \u2713 \u2713 \u2717 \u4e0b\u8f7d\u6587\u4ef6 \u2713 \u2713 \u2713 \u2717 \u67e5\u770b\u5bb9\u5668\u5217\u8868 \u2713 \u2713 \u2713 \u2713 \u67e5\u770b\u4e8b\u4ef6 \u2713 \u2713 \u2713 \u2713 \u5220\u9664 \u2713 \u2713 \u2713 \u2717 ReplicaSet \u67e5\u770b\u5217\u8868 \u2713 \u2713 \u2713 \u2713 \u67e5\u770b/\u7ba1\u7406\u8be6\u60c5 \u2713 \u2713 \u2713 \u2713\uff08\u4ec5\u67e5\u770b\uff09 \u8fdb\u5165\u63a7\u5236\u53f0 \u2713 \u2713 \u2713 \u2717 \u67e5\u770b\u76d1\u63a7 \u2713 \u2713 \u2713 \u2713 \u67e5\u770b\u65e5\u5fd7 \u2713 \u2713 \u2713 \u2713 \u67e5\u770b YAML \u2713 \u2713 \u2713 \u2713 \u5220\u9664 \u2713 \u2713 \u2713 \u2717 Helm \u5e94\u7528 \u67e5\u770b\u5217\u8868 \u2713 \u2713 \u2713 \u2713 \u67e5\u770b/\u7ba1\u7406\u8be6\u60c5 \u2713 \u2713 \u2713 \u2713\uff08\u4ec5\u67e5\u770b\uff09 \u66f4\u65b0 \u2713 \u2713 \u2713 \u2717 \u67e5\u770b YAML \u2713 \u2713 \u2713 \u2713 \u5220\u9664 \u2713 \u2713 \u2713 \u2717 Helm \u6a21\u677f \u67e5\u770b\u5217\u8868 \u2713 \u2713 \u2713 \u2713 \u67e5\u770b\u8be6\u60c5 \u2713 \u2713 \u2713 \u2713 \u5b89\u88c5\u6a21\u677f \u2713 \u2713\uff08ns\u7ea7\u522b\u7684\u53ef\u4ee5\uff09 \u2717 \u2717 \u4e0b\u8f7d\u6a21\u677f \u2713 \u2713 \u2713\uff08\u548c\u67e5\u770b\u63a5\u53e3\u4e00\u81f4\uff09 \u2713 Helm \u4ed3\u5e93 \u67e5\u770b\u5217\u8868 \u2713 \u2713 \u2713 \u2713 \u521b\u5efa\u4ed3\u5e93 \u2713 \u2717 \u2717 \u2717 \u66f4\u65b0\u4ed3\u5e93 \u2713 \u2717 \u2717 \u2717 \u514b\u9686\u4ed3\u5e93 \u2713 \u2717 \u2717 \u2717 \u5237\u65b0\u4ed3\u5e93 \u2713 \u2717 \u2717 \u2717 \u4fee\u6539\u6807\u7b7e \u2713 \u2717 \u2717 \u2717 \u4fee\u6539\u6ce8\u89e3 \u2713 \u2717 \u2717 \u2717 \u5220\u9664 \u2713 \u2717 \u2717 \u2717 \u670d\u52a1 \u67e5\u770b\u5217\u8868 \u2713 \u2713 \u2713 \u2713 \u67e5\u770b/\u7ba1\u7406\u8be6\u60c5 \u2713 \u2713 \u2713 \u2713\uff08\u4ec5\u67e5\u770b\uff09 YAML \u521b\u5efa \u2713 \u2713 \u2713 \u2717 \u521b\u5efa \u2713 \u2713 \u2713 \u2717 \u66f4\u65b0 \u2713 \u2713 \u2713 \u2717 \u67e5\u770b\u4e8b\u4ef6 \u2713 \u2713 \u2713 \u2713 \u7f16\u8f91 YAML \u2713 \u2713 \u2713 \u2717 \u5220\u9664 \u2713 \u2713 \u2713 \u2717 \u8def\u7531 \u67e5\u770b\u5217\u8868 \u2713 \u2713 \u2713 \u2713 \u67e5\u770b/\u7ba1\u7406\u8be6\u60c5 \u2713 \u2713 \u2713 \u2713\uff08\u4ec5\u67e5\u770b\uff09 YAML \u521b\u5efa \u2713 \u2713 \u2713 \u2717 \u521b\u5efa \u2713 \u2713 \u2713 \u2717 \u66f4\u65b0 \u2713 \u2713 \u2713 \u2717 \u67e5\u770b\u4e8b\u4ef6 \u2713 \u2713 \u2713 \u2713 \u7f16\u8f91 YAML \u2713 \u2713 \u2713 \u2717 \u5220\u9664 \u2713 \u2713 \u2713 \u2717 \u7f51\u7edc\u7b56\u7565 \u67e5\u770b\u5217\u8868 \u2713 \u2713 \u2713 \u2713 \u67e5\u770b/\u7ba1\u7406\u8be6\u60c5 \u2713 \u2713 \u2713 \u2717 YAML \u521b\u5efa \u2713 \u2713 \u2713 \u2717 \u521b\u5efa \u2713 \u2713 \u2713 \u2717 \u5220\u9664 \u2713 \u2713 \u2713 \u2717 \u7f51\u7edc\u914d\u7f6e \u914d\u7f6e\u7f51\u7edc \u2713 \u2713 \u2713 \u2717 \u81ea\u5b9a\u4e49\u8d44\u6e90 \u67e5\u770b\u5217\u8868 \u2713 \u2717 \u2717 \u2717 \u67e5\u770b/\u7ba1\u7406\u8be6\u60c5 \u2713 \u2717 \u2717 \u2717 YAML \u521b\u5efa \u2713 \u2717 \u2717 \u2717 \u7f16\u8f91 YAML \u2713 \u2717 \u2717 \u2717 \u5220\u9664 \u2713 \u2717 \u2717 \u2717 PVC \u67e5\u770b\u5217\u8868 \u2713 \u2713 \u2713 \u2713 \u67e5\u770b/\u7ba1\u7406\u8be6\u60c5 \u2713 \u2713 \u2713 \u2713\uff08\u4ec5\u67e5\u770b\uff09 \u521b\u5efa \u2713 \u2713 \u2713 \u2717 \u9009\u62e9sc \u2713 \u2713 \u2713 \u2717 YAML \u521b\u5efa \u2713 \u2713 \u2713 \u2717 \u7f16\u8f91 YAML \u2713 \u2713 \u2713 \u2717 \u514b\u9686 \u2713 \u2713 \u2713 \u2717 \u5220\u9664 \u2713 \u2713 \u2713 \u2717 PV \u67e5\u770b\u5217\u8868 \u2713 \u2717 \u2717 \u2717 \u67e5\u770b/\u7ba1\u7406\u8be6\u60c5 \u2713 \u2717 \u2717 \u2717 YAML \u521b\u5efa \u2713 \u2717 \u2717 \u2717 \u521b\u5efa \u2713 \u2717 \u2717 \u2717 \u7f16\u8f91 YAML \u2713 \u2717 \u2717 \u2717 \u66f4\u65b0 \u2713 \u2717 \u2717 \u2717 \u514b\u9686 \u2713 \u2717 \u2717 \u2717 \u4fee\u6539\u6807\u7b7e \u2713 \u2717 \u2717 \u2717 \u4fee\u6539\u6ce8\u89e3 \u2713 \u2717 \u2717 \u2717 \u5220\u9664 \u2713 \u2717 \u2717 \u2717 SC \u67e5\u770b\u5217\u8868 \u2713 \u2717 \u2717 \u2717 YAML \u521b\u5efa \u2713 \u2717 \u2717 \u2717 \u521b\u5efa \u2713 \u2717 \u2717 \u2717 \u67e5\u770b YAML \u2713 \u2717 \u2717 \u2717 \u66f4\u65b0 \u2713 \u2717 \u2717 \u2717 \u6388\u6743\u547d\u540d\u7a7a\u95f4 \u2713 \u2717 \u2717 \u2717 \u89e3\u9664\u6388\u6743 \u2713 \u2717 \u2717 \u2717 \u5220\u9664 \u2713 \u2717 \u2717 \u2717 \u914d\u7f6e\u9879 \u67e5\u770b\u5217\u8868 \u2713 \u2713 \u2713 \u2713 \u67e5\u770b/\u7ba1\u7406\u8be6\u60c5 \u2713 \u2713 \u2713 \u2713\uff08\u4ec5\u67e5\u770b\uff09 YAML \u521b\u5efa \u2713 \u2713 \u2713 \u2717 \u521b\u5efa \u2713 \u2713 \u2713 \u2717 \u7f16\u8f91 YAML \u2713 \u2713 \u2713 \u2717 \u66f4\u65b0 \u2713 \u2713 \u2713 \u2717 \u5bfc\u51fa\u914d\u7f6e\u9879 \u2713 \u2713 \u2713 \u2717 \u5220\u9664 \u2713 \u2713 \u2713 \u2717 \u5bc6\u94a5 \u67e5\u770b\u5217\u8868 \u2713 \u2713 \u2713 \u2717 \u67e5\u770b/\u7ba1\u7406\u8be6\u60c5 \u2713 \u2713 \u2713 \u2717 YAML \u521b\u5efa \u2713 \u2713 \u2713 \u2717 \u521b\u5efa \u2713 \u2713 \u2713 \u2717 \u7f16\u8f91 YAML \u2713 \u2713 \u2713 \u2717 \u66f4\u65b0 \u2713 \u2713 \u2713 \u2717 \u5bfc\u51fa\u5bc6\u94a5 \u2713 \u2713 \u2713 \u2717 \u5220\u9664 \u2713 \u2713 \u2713 \u2717 \u547d\u540d\u7a7a\u95f4 \u67e5\u770b\u5217\u8868 \u2713 \u2713 \u2713 \u2713 \u67e5\u770b/\u7ba1\u7406\u8be6\u60c5 \u2713 \u2713 \u2713 \u2713\uff08\u4ec5\u67e5\u770b\uff09 YAML \u521b\u5efa \u2713 \u2717 \u2717 \u2717 \u521b\u5efa \u2713 \u2717 \u2717 \u2717 \u67e5\u770b YAML \u2713 \u2713 \u2713 \u2717 \u4fee\u6539\u6807\u7b7e \u2713 \u2713 \u2717 \u2717 \u89e3\u7ed1\u5de5\u4f5c\u7a7a\u95f4 \u2717 \u2717 \u2717 \u2717 \u7ed1\u5b9a\u5de5\u4f5c\u7a7a\u95f4 \u2717 \u2717 \u2717 \u2717 \u914d\u989d\u7ba1\u7406 \u2713 \u2717 \u2717 \u2717 \u5220\u9664 \u2713 \u2717 \u2717 \u2717 \u96c6\u7fa4\u64cd\u4f5c \u67e5\u770b\u5217\u8868 \u2713 \u2717 \u2717 \u2717 \u67e5\u770b YAML \u2713 \u2717 \u2717 \u2717 \u67e5\u770b\u65e5\u5fd7 \u2713 \u2717 \u2717 \u2717 \u5220\u9664 \u2713 \u2717 \u2717 \u2717 helm \u64cd\u4f5c \u8bbe\u7f6e\u4fdd\u7559\u6761\u6570 \u2713 \u2717 \u2717 \u2717 \u67e5\u770b YAML \u2713 \u2713 \u2717 \u2717 \u67e5\u770b\u65e5\u5fd7 \u2713 \u2713 \u2717 \u2717 \u5220\u9664 \u2713 \u2713 \u2717 \u2717 \u96c6\u7fa4\u5347\u7ea7 \u67e5\u770b\u8be6\u60c5 \u2713 \u2717 \u2717 \u2717 \u5347\u7ea7 \u2717 \u2717 \u2717 \u2717 \u96c6\u7fa4\u8bbe\u7f6e addon \u63d2\u4ef6\u914d\u7f6e \u2713 \u2717 \u2717 \u2717 \u9ad8\u7ea7\u914d\u7f6e \u2713 \u2717 \u2717 \u2717 \u547d\u540d\u7a7a\u95f4 \u67e5\u770b\u5217\u8868 \u2713 \u2713 \u2713 \u2713 \u521b\u5efa \u2713 \u2717 \u2717 \u2717 \u67e5\u770b/\u7ba1\u7406\u8be6\u60c5 \u2713 \u2713 \u2713 \u2713 \u67e5\u770b YAML \u2713 \u2713 \u2713 \u2717 \u4fee\u6539\u6807\u7b7e \u2713 \u2713 \u2717 \u2717 \u7ed1\u5b9a\u5de5\u4f5c\u7a7a\u95f4 \u2713 \u2717 \u2717 \u2717 \u914d\u989d\u7ba1\u7406 \u2713 \u2717 \u2717 \u2717 \u5220\u9664 \u2713 \u2717 \u2717 \u2717 \u5de5\u4f5c\u8d1f\u8f7d \u65e0\u72b6\u6001\u8d1f\u8f7d \u67e5\u770b\u5217\u8868 \u2713 \u2713 \u2713 \u2713 \u67e5\u770b/\u7ba1\u7406\u8be6\u60c5 \u2713 \u2713 \u2713 \u2713\uff08\u4ec5\u67e5\u770b\uff09 \u8fdb\u5165\u63a7\u5236\u53f0 \u2713 \u2713 \u2713 \u2717 \u67e5\u770b\u76d1\u63a7 \u2713 \u2713 \u2713 \u2713 \u67e5\u770b\u65e5\u5fd7 \u2713 \u2713 \u2713 \u2713 \u8d1f\u8f7d\u4f38\u7f29 \u2713 \u2713 \u2713 \u2717 \u7f16\u8f91 YAML \u2713 \u2713 \u2713 \u2717 \u66f4\u65b0 \u2713 \u2713 \u2713 \u2717 \u72b6\u6001-\u6682\u505c\u5347\u7ea7 \u2713 \u2713 \u2713 \u2717 \u72b6\u6001-\u505c\u6b62 \u2713 \u2713 \u2713 \u2717 \u72b6\u6001-\u91cd\u542f \u2713 \u2713 \u2713 \u2717 \u56de\u9000 \u2713 \u2713 \u2713 \u2717 \u4fee\u6539\u6807\u7b7e\u6ce8\u89e3 \u2713 \u2713 \u2713 \u2717 \u5220\u9664 \u2713 \u2713 \u2713 \u2717 \u6709\u72b6\u6001\u8d1f\u8f7d \u67e5\u770b\u5217\u8868 \u2713 \u2713 \u2713 \u2713 \u67e5\u770b/\u7ba1\u7406\u8be6\u60c5 \u2713 \u2713 \u2713 \u2713\uff08\u4ec5\u67e5\u770b\uff09 \u8fdb\u5165\u63a7\u5236\u53f0 \u2713 \u2713 \u2713 \u2717 \u67e5\u770b\u76d1\u63a7 \u2713 \u2713 \u2713 \u2713 \u67e5\u770b\u65e5\u5fd7 \u2713 \u2713 \u2713 \u2713 \u8d1f\u8f7d\u4f38\u7f29 \u2713 \u2713 \u2713 \u2717 \u7f16\u8f91 YAML \u2713 \u2713 \u2713 \u2717 \u66f4\u65b0 \u2713 \u2713 \u2713 \u2717 \u72b6\u6001-\u505c\u6b62 \u2713 \u2713 \u2713 \u2717 \u72b6\u6001-\u91cd\u542f \u2713 \u2713 \u2713 \u2717 \u5220\u9664 \u2713 \u2713 \u2713 \u2717 \u5b88\u62a4\u8fdb\u7a0b \u67e5\u770b\u5217\u8868 \u2713 \u2713 \u2713 \u2713 \u67e5\u770b/\u7ba1\u7406\u8be6\u60c5 \u2713 \u2713 \u2713 \u2713\uff08\u4ec5\u67e5\u770b\uff09 \u8fdb\u5165\u63a7\u5236\u53f0 \u2713 \u2713 \u2713 \u2717 \u67e5\u770b\u76d1\u63a7 \u2713 \u2713 \u2713 \u2713 \u67e5\u770b\u65e5\u5fd7 \u2713 \u2713 \u2713 \u2713 \u7f16\u8f91 YAML \u2713 \u2713 \u2713 \u2717 \u66f4\u65b0 \u2713 \u2713 \u2713 \u2717 \u72b6\u6001-\u91cd\u542f \u2713 \u2713 \u2713 \u2717 \u5220\u9664 \u2713 \u2713 \u2713 \u2717 \u4efb\u52a1 \u67e5\u770b\u5217\u8868 \u2713 \u2713 \u2713 \u2713 \u67e5\u770b/\u7ba1\u7406\u8be6\u60c5 \u2713 \u2713 \u2713 \u2713\uff08\u4ec5\u67e5\u770b\uff09 \u8fdb\u5165\u63a7\u5236\u53f0 \u2713 \u2713 \u2713 \u2717 \u67e5\u770b\u65e5\u5fd7 \u2713 \u2713 \u2713 \u2713 \u67e5\u770b YAML \u2713 \u2713 \u2713 \u2717 \u91cd\u542f \u2713 \u2713 \u2713 \u2717 \u67e5\u770b\u4e8b\u4ef6 \u2713 \u2713 \u2713 \u2713 \u5220\u9664 \u2713 \u2713 \u2713 \u2717 \u5b9a\u65f6\u4efb\u52a1 \u67e5\u770b\u5217\u8868 \u2713 \u2713 \u2713 \u2713 \u67e5\u770b/\u7ba1\u7406\u8be6\u60c5 \u2713 \u2713 \u2713 \u2713\uff08\u4ec5\u67e5\u770b\uff09 \u67e5\u770b\u4e8b\u4ef6 \u2713 \u2713 \u2713 \u2713 \u5220\u9664 \u2713 \u2713 \u2713 \u2717 \u5bb9\u5668\u7ec4 \u67e5\u770b\u5217\u8868 \u2713 \u2713 \u2713 \u2713 \u67e5\u770b/\u7ba1\u7406\u8be6\u60c5 \u2713 \u2713 \u2713 \u2713\uff08\u4ec5\u67e5\u770b\uff09 \u8fdb\u5165\u63a7\u5236\u53f0 \u2713 \u2713 \u2713 \u2717 \u67e5\u770b\u76d1\u63a7 \u2713 \u2713 \u2713 \u2713 \u67e5\u770b\u65e5\u5fd7 \u2713 \u2713 \u2713 \u2713 \u67e5\u770b YAML \u2713 \u2713 \u2713 \u2713 \u4e0a\u4f20\u6587\u4ef6 \u2713 \u2713 \u2713 \u2717 \u4e0b\u8f7d\u6587\u4ef6 \u2713 \u2713 \u2713 \u2717 \u67e5\u770b\u5bb9\u5668\u5217\u8868 \u2713 \u2713 \u2713 \u2713 \u67e5\u770b\u4e8b\u4ef6 \u2713 \u2713 \u2713 \u2713 \u5220\u9664 \u2713 \u2713 \u2713 \u2717 \u5907\u4efd\u6062\u590d \u5e94\u7528\u5907\u4efd \u67e5\u770b\u5217\u8868 \u2713 \u2717 \u2717 \u2717 \u67e5\u770b/\u7ba1\u7406\u8be6\u60c5 \u2713 \u2717 \u2717 \u2717 \u521b\u5efa\u5907\u4efd\u8ba1\u5212 \u2713 \u2717 \u2717 \u2717 \u67e5\u770b YAML \u2713 \u2717 \u2717 \u2717 \u66f4\u65b0\u8ba1\u5212 \u2713 \u2717 \u2717 \u2717 \u6682\u505c \u2713 \u2717 \u2717 \u2717 \u7acb\u5373\u6267\u884c \u2713 \u2717 \u2717 \u2717 \u5220\u9664 \u2713 \u2717 \u2717 \u2717 \u6062\u590d\u5907\u4efd \u67e5\u770b\u5217\u8868 \u2713 \u2717 \u2717 \u2717 \u67e5\u770b/\u7ba1\u7406\u8be6\u60c5 \u2713 \u2717 \u2717 \u2717 \u6062\u590d\u5907\u4efd \u2713 \u2717 \u2717 \u2717 \u5220\u9664 \u2713 \u2717 \u2717 \u2717 \u5907\u4efd\u70b9 \u67e5\u770b\u5217\u8868 \u2713 \u2717 \u2717 \u2717 \u5220\u9664 \u2713 \u2717 \u2717 \u2717 \u5bf9\u8c61\u5b58\u50a8 \u67e5\u770b\u5217\u8868 \u2713 \u2717 \u2717 \u2717 ETCD\u5907\u4efd \u67e5\u770b\u5907\u4efd\u7b56\u7565\u5217\u8868 \u2713 \u2717 \u2717 \u2717 \u521b\u5efa\u5907\u4efd\u7b56\u7565 \u2713 \u2717 \u2717 \u2717 \u67e5\u770b\u65e5\u5fd7 \u2713 \u2717 \u2717 \u2717 \u67e5\u770b YAML \u2713 \u2717 \u2717 \u2717 \u66f4\u65b0\u5907\u4efd\u7b56\u7565 \u2713 \u2717 \u2717 \u2717 \u505c\u6b62/\u542f\u52a8 \u2713 \u2717 \u2717 \u2717 \u7acb\u5373\u6267\u884c \u2713 \u2717 \u2717 \u2717 \u67e5\u770b/\u7ba1\u7406\u8be6\u60c5 \u2713 \u2717 \u2717 \u2717 \u5220\u9664\u5907\u4efd\u8bb0\u5f55 \u2713 \u2717 \u2717 \u2717 \u67e5\u770b\u5907\u4efd\u70b9\u5217\u8868 \u2713 \u2717 \u2717 \u2717 \u96c6\u7fa4\u5de1\u68c0 \u96c6\u7fa4\u5de1\u68c0 \u67e5\u770b\u5217\u8868 \u2713 \u2717 \u2717 \u2717 \u67e5\u770b/\u7ba1\u7406\u8be6\u60c5 \u2713 \u2717 \u2717 \u2717 \u96c6\u7fa4\u5de1\u68c0 \u2713 \u2717 \u2717 \u2717 \u8bbe\u7f6e \u2713 \u2717 \u2717 \u2717 \u6743\u9650\u7ba1\u7406 \u96c6\u7fa4\u6743\u9650 \u67e5\u770b\u5217\u8868 \u2713 \u2717 \u2717 \u2717 \u6388\u6743\u7528\u6237\u4e3a cluster admin \u2713 \u2717 \u2717 \u2717 \u5220\u9664 \u2713 \u2717 \u2717 \u2717 \u547d\u540d\u7a7a\u95f4\u6743\u9650 \u67e5\u770b\u5217\u8868 \u2713 \u2713 \u2717 \u2717 \u6388\u6743\u7528\u6237\u4e3a ns admin \u2713 \u2713 \u2717 \u2717 \u6388\u6743\u7528\u6237\u4e3a ns editor \u2713 \u2713 \u2717 \u2717 \u6388\u6743\u7528\u6237\u4e3a ns viewer \u2713 \u2713 \u2717 \u2717 \u7f16\u8f91\u6743\u9650 \u2713 \u2713 \u2717 \u2717 \u5220\u9664 \u2713 \u2713 \u2717 \u2717 \u5b89\u5168\u7ba1\u7406 \u5408\u89c4\u6027\u626b\u63cf \u67e5\u770b\u626b\u63cf\u62a5\u544a\u5217\u8868 \u2713 \u2717 \u2717 \u2717 \u67e5\u770b\u626b\u63cf\u62a5\u544a\u8be6\u60c5 \u2713 \u2717 \u2717 \u2717 \u4e0b\u8f7d\u626b\u63cf\u62a5\u544a \u2713 \u2717 \u2717 \u2717 \u5220\u9664\u626b\u63cf\u62a5\u544a \u2713 \u2717 \u2717 \u2717 \u67e5\u770b\u626b\u63cf\u7b56\u7565\u5217\u8868 \u2713 \u2717 \u2717 \u2717 \u521b\u5efa\u626b\u63cf\u7b56\u7565 \u2713 \u2717 \u2717 \u2717 \u5220\u9664\u626b\u63cf\u7b56\u7565 \u2713 \u2717 \u2717 \u2717 \u67e5\u770b\u626b\u63cf\u914d\u7f6e\u5217\u8868 \u2713 \u2717 \u2717 \u2717 \u67e5\u770b\u626b\u63cf\u914d\u7f6e\u8be6\u60c5 \u2713 \u2717 \u2717 \u2717 \u5220\u9664\u626b\u63cf\u914d\u7f6e \u2713 \u2717 \u2717 \u2717 \u6743\u9650\u626b\u63cf \u67e5\u770b\u626b\u63cf\u62a5\u544a\u5217\u8868 \u2713 \u2717 \u2717 \u2717 \u67e5\u770b\u626b\u63cf\u62a5\u544a\u8be6\u60c5 \u2713 \u2717 \u2717 \u2717 \u5220\u9664\u626b\u63cf\u62a5\u544a \u2713 \u2717 \u2717 \u2717 \u67e5\u770b\u626b\u63cf\u7b56\u7565\u5217\u8868 \u2713 \u2717 \u2717 \u2717 \u521b\u5efa\u626b\u63cf\u7b56\u7565 \u2713 \u2717 \u2717 \u2717 \u5220\u9664\u626b\u63cf\u7b56\u7565 \u2713 \u2717 \u2717 \u2717 \u6f0f\u6d1e\u626b\u63cf \u67e5\u770b\u626b\u63cf\u62a5\u544a\u5217\u8868 \u2713 \u2717 \u2717 \u2717 \u67e5\u770b\u626b\u63cf\u62a5\u544a\u8be6\u60c5 \u2713 \u2717 \u2717 \u2717 \u5220\u9664\u626b\u63cf\u62a5\u544a \u2713 \u2717 \u2717 \u2717 \u67e5\u770b\u626b\u63cf\u7b56\u7565\u5217\u8868 \u2713 \u2717 \u2717 \u2717 \u521b\u5efa\u626b\u63cf\u7b56\u7565 \u2713 \u2717 \u2717 \u2717 \u5220\u9664\u626b\u63cf\u7b56\u7565 \u2713 \u2717 \u2717 \u2717"},{"location":"admin/ghippo/personal-center/accesstoken.html","title":"\u8bbf\u95ee\u5bc6\u94a5","text":"\u8bbf\u95ee\u5bc6\u94a5\uff08Access Key\uff09\u53ef\u7528\u4e8e\u8bbf\u95ee\u5f00\u653e API \u548c\u6301\u7eed\u53d1\u5e03\uff0c\u7528\u6237\u53ef\u5728\u4e2a\u4eba\u4e2d\u5fc3\u53c2\u7167\u4ee5\u4e0b\u6b65\u9aa4\u83b7\u53d6\u5bc6\u94a5\u5e76\u8bbf\u95ee API\u3002
"},{"location":"admin/ghippo/personal-center/accesstoken.html#_2","title":"\u83b7\u53d6\u5bc6\u94a5","text":"\u767b\u5f55 AI \u7b97\u529b\u5e73\u53f0\uff0c\u5728\u53f3\u4e0a\u89d2\u7684\u4e0b\u62c9\u83dc\u5355\u4e2d\u627e\u5230 \u4e2a\u4eba\u4e2d\u5fc3 \uff0c\u53ef\u4ee5\u5728 \u8bbf\u95ee\u5bc6\u94a5 \u9875\u9762\u7ba1\u7406\u8d26\u53f7\u7684\u8bbf\u95ee\u5bc6\u94a5\u3002
Info
\u8bbf\u95ee\u5bc6\u94a5\u4fe1\u606f\u4ec5\u663e\u793a\u4e00\u6b21\u3002\u5982\u679c\u60a8\u5fd8\u8bb0\u4e86\u8bbf\u95ee\u5bc6\u94a5\u4fe1\u606f\uff0c\u60a8\u9700\u8981\u91cd\u65b0\u521b\u5efa\u65b0\u7684\u8bbf\u95ee\u5bc6\u94a5\u3002
"},{"location":"admin/ghippo/personal-center/accesstoken.html#api","title":"\u4f7f\u7528\u5bc6\u94a5\u8bbf\u95ee API","text":"\u5728\u8bbf\u95ee\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0openAPI \u65f6\uff0c\u5728\u8bf7\u6c42\u4e2d\u52a0\u4e0a\u8bf7\u6c42\u5934 Authorization:Bearer ${token}
\u4ee5\u6807\u8bc6\u8bbf\u95ee\u8005\u7684\u8eab\u4efd\uff0c \u5176\u4e2d ${token}
\u662f\u4e0a\u4e00\u6b65\u4e2d\u83b7\u53d6\u5230\u7684\u5bc6\u94a5\uff0c\u5177\u4f53\u63a5\u53e3\u4fe1\u606f\u53c2\u89c1 OpenAPI \u63a5\u53e3\u6587\u6863\u3002
\u8bf7\u6c42\u793a\u4f8b
curl -X GET -H 'Authorization:Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IkRKVjlBTHRBLXZ4MmtQUC1TQnVGS0dCSWc1cnBfdkxiQVVqM2U3RVByWnMiLCJ0eXAiOiJKV1QifQ.eyJleHAiOjE2NjE0MTU5NjksImlhdCI6MTY2MDgxMTE2OSwiaXNzIjoiZ2hpcHBvLmlvIiwic3ViIjoiZjdjOGIxZjUtMTc2MS00NjYwLTg2MWQtOWI3MmI0MzJmNGViIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiYWRtaW4iLCJncm91cHMiOltdfQ.RsUcrAYkQQ7C6BxMOrdD3qbBRUt0VVxynIGeq4wyIgye6R8Ma4cjxG5CbU1WyiHKpvIKJDJbeFQHro2euQyVde3ygA672ozkwLTnx3Tu-_mB1BubvWCBsDdUjIhCQfT39rk6EQozMjb-1X1sbLwzkfzKMls-oxkjagI_RFrYlTVPwT3Oaw-qOyulRSw7Dxd7jb0vINPq84vmlQIsI3UuTZSNO5BCgHpubcWwBss-Aon_DmYA-Et_-QtmPBA3k8E2hzDSzc7eqK0I68P25r9rwQ3DeKwD1dbRyndqWORRnz8TLEXSiCFXdZT2oiMrcJtO188Ph4eLGut1-4PzKhwgrQ' https://demo-dev.daocloud.io/apis/ghippo.io/v1alpha1/users?page=1&pageSize=10 -k\n
\u8bf7\u6c42\u7ed3\u679c
{\n \"items\": [\n {\n \"id\": \"a7cfd010-ebbe-4601-987f-d098d9ef766e\",\n \"name\": \"a\",\n \"email\": \"\",\n \"description\": \"\",\n \"firstname\": \"\",\n \"lastname\": \"\",\n \"source\": \"locale\",\n \"enabled\": true,\n \"createdAt\": \"1660632794800\",\n \"updatedAt\": \"0\",\n \"lastLoginAt\": \"\"\n }\n ],\n \"pagination\": {\n \"page\": 1,\n \"pageSize\": 10,\n \"total\": 1\n }\n}\n
"},{"location":"admin/ghippo/personal-center/language.html","title":"\u8bed\u8a00\u8bbe\u7f6e","text":"\u672c\u8282\u8bf4\u660e\u5982\u4f55\u8bbe\u7f6e\u754c\u9762\u8bed\u8a00\u3002\u76ee\u524d\u652f\u6301\u4e2d\u6587\u3001English \u4e24\u4e2a\u8bed\u8a00\u3002
\u8bed\u8a00\u8bbe\u7f6e\u662f\u5e73\u53f0\u63d0\u4f9b\u591a\u8bed\u8a00\u670d\u52a1\u7684\u5165\u53e3\uff0c\u5e73\u53f0\u9ed8\u8ba4\u663e\u793a\u4e3a\u4e2d\u6587\uff0c\u7528\u6237\u53ef\u6839\u636e\u9700\u8981\u9009\u62e9\u82f1\u8bed\u6216\u81ea\u52a8\u68c0\u6d4b\u6d4f\u89c8\u5668\u8bed\u8a00\u9996\u9009\u9879\u7684\u65b9\u5f0f\u6765\u5207\u6362\u5e73\u53f0\u8bed\u8a00\u3002 \u6bcf\u4e2a\u7528\u6237\u7684\u591a\u8bed\u8a00\u670d\u52a1\u662f\u76f8\u4e92\u72ec\u7acb\u7684\uff0c\u5207\u6362\u540e\u4e0d\u4f1a\u5f71\u54cd\u5176\u4ed6\u7528\u6237\u3002
\u5e73\u53f0\u63d0\u4f9b\u4e09\u79cd\u5207\u6362\u8bed\u8a00\u65b9\u5f0f\uff1a\u4e2d\u6587\u3001\u82f1\u8bed-English\u3001\u81ea\u52a8\u68c0\u6d4b\u60a8\u7684\u6d4f\u89c8\u5668\u8bed\u8a00\u9996\u9009\u9879\u3002
\u64cd\u4f5c\u6b65\u9aa4\u5982\u4e0b\u3002
\u4f7f\u7528\u60a8\u7684\u7528\u6237\u540d/\u5bc6\u7801\u767b\u5f55 AI \u7b97\u529b\u5e73\u53f0\u3002\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u5e95\u90e8\u7684 \u5168\u5c40\u7ba1\u7406 \u3002
\u70b9\u51fb\u53f3\u4e0a\u89d2\u7684\u7528\u6237\u540d\u4f4d\u7f6e\uff0c\u9009\u62e9 \u4e2a\u4eba\u4e2d\u5fc3 \u3002
\u70b9\u51fb \u8bed\u8a00\u8bbe\u7f6e \u9875\u7b7e\u3002
\u5207\u6362\u8bed\u8a00\u9009\u9879\u3002
\u529f\u80fd\u8bf4\u660e\uff1a\u7528\u4e8e\u586b\u5199\u90ae\u7bb1\u5730\u5740\u548c\u4fee\u6539\u767b\u5f55\u5bc6\u7801\u3002
\u5177\u4f53\u64cd\u4f5c\u6b65\u9aa4\u5982\u4e0b\uff1a
\u70b9\u51fb\u53f3\u4e0a\u89d2\u7684\u7528\u6237\u540d\u4f4d\u7f6e\uff0c\u9009\u62e9 \u4e2a\u4eba\u4e2d\u5fc3 \u3002
\u70b9\u51fb \u5b89\u5168\u8bbe\u7f6e \u9875\u7b7e\u3002\u586b\u5199\u60a8\u7684\u90ae\u7bb1\u5730\u5740\u6216\u4fee\u6539\u767b\u5f55\u5bc6\u7801\u3002
\u672c\u6587\u8bf4\u660e\u5982\u4f55\u914d\u7f6e SSH \u516c\u94a5\u3002
"},{"location":"admin/ghippo/personal-center/ssh-key.html#1-ssh","title":"\u6b65\u9aa4 1\uff1a\u67e5\u770b\u5df2\u5b58\u5728\u7684 SSH \u5bc6\u94a5","text":"\u5728\u751f\u6210\u65b0\u7684 SSH \u5bc6\u94a5\u524d\uff0c\u8bf7\u5148\u786e\u8ba4\u662f\u5426\u9700\u8981\u4f7f\u7528\u672c\u5730\u5df2\u751f\u6210\u7684 SSH \u5bc6\u94a5\uff0cSSH \u5bc6\u94a5\u5bf9\u4e00\u822c\u5b58\u653e\u5728\u672c\u5730\u7528\u6237\u7684\u6839\u76ee\u5f55\u4e0b\u3002 Linux\u3001Mac \u8bf7\u76f4\u63a5\u4f7f\u7528\u4ee5\u4e0b\u547d\u4ee4\u67e5\u770b\u5df2\u5b58\u5728\u7684\u516c\u94a5\uff0cWindows \u7528\u6237\u5728 WSL\uff08\u9700\u8981 Windows 10 \u6216\u4ee5\u4e0a\uff09\u6216 Git Bash \u4e0b\u4f7f\u7528\u4ee5\u4e0b\u547d\u4ee4\u67e5\u770b\u5df2\u751f\u6210\u7684\u516c\u94a5\u3002
ED25519 \u7b97\u6cd5\uff1a
cat ~/.ssh/id_ed25519.pub\n
RSA \u7b97\u6cd5\uff1a
cat ~/.ssh/id_rsa.pub\n
\u5982\u679c\u8fd4\u56de\u4e00\u957f\u4e32\u4ee5 ssh-ed25519 \u6216 ssh-rsa \u5f00\u5934\u7684\u5b57\u7b26\u4e32\uff0c\u8bf4\u660e\u5df2\u5b58\u5728\u672c\u5730\u516c\u94a5\uff0c \u60a8\u53ef\u4ee5\u8df3\u8fc7\u6b65\u9aa4 2 \u751f\u6210 SSH \u5bc6\u94a5\uff0c\u76f4\u63a5\u64cd\u4f5c\u6b65\u9aa4 3\u3002
"},{"location":"admin/ghippo/personal-center/ssh-key.html#2-ssh","title":"\u6b65\u9aa4 2\uff1a\u751f\u6210 SSH \u5bc6\u94a5","text":"\u82e5\u6b65\u9aa4 1 \u672a\u8fd4\u56de\u6307\u5b9a\u7684\u5185\u5bb9\u5b57\u7b26\u4e32\uff0c\u8868\u793a\u672c\u5730\u6682\u65e0\u53ef\u7528 SSH \u5bc6\u94a5\uff0c\u9700\u8981\u751f\u6210\u65b0\u7684 SSH \u5bc6\u94a5\uff0c\u8bf7\u6309\u5982\u4e0b\u6b65\u9aa4\u64cd\u4f5c\uff1a
\u8bbf\u95ee\u7ec8\u7aef\uff08Windows \u8bf7\u4f7f\u7528 WSL \u6216 Git Bash\uff09\uff0c \u8fd0\u884c ssh-keygen -t
\u3002
\u8f93\u5165\u5bc6\u94a5\u7b97\u6cd5\u7c7b\u578b\u548c\u53ef\u9009\u7684\u6ce8\u91ca\u3002
\u6ce8\u91ca\u4f1a\u51fa\u73b0\u5728 .pub \u6587\u4ef6\u4e2d\uff0c\u4e00\u822c\u53ef\u4f7f\u7528\u90ae\u7bb1\u4f5c\u4e3a\u6ce8\u91ca\u5185\u5bb9\u3002
\u57fa\u4e8e ED25519
\u7b97\u6cd5\uff0c\u751f\u6210\u5bc6\u94a5\u5bf9\u547d\u4ee4\u5982\u4e0b\uff1a
ssh-keygen -t ed25519 -C \"<\u6ce8\u91ca\u5185\u5bb9>\"\n
\u57fa\u4e8e RSA
\u7b97\u6cd5\uff0c\u751f\u6210\u5bc6\u94a5\u5bf9\u547d\u4ee4\u5982\u4e0b\uff1a
ssh-keygen -t rsa -C \"<\u6ce8\u91ca\u5185\u5bb9>\"\n
\u70b9\u51fb\u56de\u8f66\uff0c\u9009\u62e9 SSH \u5bc6\u94a5\u751f\u6210\u8def\u5f84\u3002
\u4ee5 ED25519 \u7b97\u6cd5\u4e3a\u4f8b\uff0c\u9ed8\u8ba4\u8def\u5f84\u5982\u4e0b\uff1a
Generating public/private ed25519 key pair.\nEnter file in which to save the key (/home/user/.ssh/id_ed25519):\n
\u5bc6\u94a5\u9ed8\u8ba4\u751f\u6210\u8def\u5f84\uff1a/home/user/.ssh/id_ed25519
\uff0c\u516c\u94a5\u4e0e\u4e4b\u5bf9\u5e94\u4e3a\uff1a/home/user/.ssh/id_ed25519.pub
\u3002
\u8bbe\u7f6e\u4e00\u4e2a\u5bc6\u94a5\u53e3\u4ee4\u3002
Enter passphrase (empty for no passphrase):\nEnter same passphrase again:\n
\u53e3\u4ee4\u9ed8\u8ba4\u4e3a\u7a7a\uff0c\u60a8\u53ef\u4ee5\u9009\u62e9\u4f7f\u7528\u53e3\u4ee4\u4fdd\u62a4\u79c1\u94a5\u6587\u4ef6\u3002 \u5982\u679c\u60a8\u4e0d\u60f3\u5728\u6bcf\u6b21\u4f7f\u7528 SSH \u534f\u8bae\u8bbf\u95ee\u4ed3\u5e93\u65f6\uff0c\u90fd\u8981\u8f93\u5165\u7528\u4e8e\u4fdd\u62a4\u79c1\u94a5\u6587\u4ef6\u7684\u53e3\u4ee4\uff0c\u53ef\u4ee5\u5728\u521b\u5efa\u5bc6\u94a5\u65f6\uff0c\u8f93\u5165\u7a7a\u53e3\u4ee4\u3002
\u70b9\u51fb\u56de\u8f66\uff0c\u5b8c\u6210\u5bc6\u94a5\u5bf9\u521b\u5efa\u3002
\u9664\u4e86\u5728\u547d\u4ee4\u884c\u6253\u5370\u51fa\u5df2\u751f\u6210\u7684\u516c\u94a5\u4fe1\u606f\u624b\u52a8\u590d\u5236\u5916\uff0c\u53ef\u4ee5\u4f7f\u7528\u547d\u4ee4\u62f7\u8d1d\u516c\u94a5\u5230\u7c98\u8d34\u677f\u4e0b\uff0c\u8bf7\u53c2\u8003\u64cd\u4f5c\u7cfb\u7edf\u4f7f\u7528\u4ee5\u4e0b\u547d\u4ee4\u8fdb\u884c\u62f7\u8d1d\u3002
Windows\uff08\u5728 WSL \u6216 Git Bash \u4e0b\uff09\uff1a
cat ~/.ssh/id_ed25519.pub | clip\n
Mac\uff1a
tr -d '\\n'< ~/.ssh/id_ed25519.pub | pbcopy\n
GNU/Linux (requires xclip):
xclip -sel clip < ~/.ssh/id_ed25519.pub\n
\u767b\u5f55\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0UI \u9875\u9762\uff0c\u5728\u9875\u9762\u53f3\u4e0a\u89d2\u9009\u62e9 \u4e2a\u4eba\u4e2d\u5fc3 -> SSH \u516c\u94a5 \u3002
\u6dfb\u52a0\u751f\u6210\u7684 SSH \u516c\u94a5\u4fe1\u606f\u3002
SSH \u516c\u94a5\u5185\u5bb9\u3002
\u516c\u94a5\u6807\u9898\uff1a\u652f\u6301\u81ea\u5b9a\u4e49\u516c\u94a5\u540d\u79f0\uff0c\u7528\u4e8e\u533a\u5206\u7ba1\u7406\u3002
\u8fc7\u671f\u65f6\u95f4\uff1a\u8bbe\u7f6e\u516c\u94a5\u8fc7\u671f\u65f6\u95f4\uff0c\u5230\u671f\u540e\u516c\u94a5\u5c06\u81ea\u52a8\u5931\u6548\uff0c\u4e0d\u53ef\u4f7f\u7528\uff1b\u5982\u679c\u4e0d\u8bbe\u7f6e\uff0c\u5219\u6c38\u4e45\u6709\u6548\u3002
\u5173\u4e8e\u5e73\u53f0 \u4e3b\u8981\u5448\u73b0\u5e73\u53f0\u5404\u4e2a\u5b50\u6a21\u5757\u5f53\u524d\u66f4\u65b0\u7684\u7248\u672c\uff0c\u58f0\u660e\u4e86\u5e73\u53f0\u4f7f\u7528\u7684\u5404\u4e2a\u5f00\u6e90\u8f6f\u4ef6\uff0c\u5e76\u4ee5\u52a8\u753b\u89c6\u9891\u7684\u65b9\u5f0f\u81f4\u8c22\u4e86\u5e73\u53f0\u7684\u6280\u672f\u56e2\u961f\u3002
\u67e5\u770b\u6b65\u9aa4\uff1a
\u4f7f\u7528\u5177\u6709 Admin \u89d2\u8272\u7684\u7528\u6237\u767b\u5f55 AI \u7b97\u529b\u5e73\u53f0\u3002\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u5e95\u90e8\u7684 \u5168\u5c40\u7ba1\u7406 \u3002
\u70b9\u51fb \u5e73\u53f0\u8bbe\u7f6e \uff0c\u9009\u62e9 \u5173\u4e8e\u5e73\u53f0 \uff0c\u67e5\u770b\u4ea7\u54c1\u7248\u672c\u3001\u5f00\u6e90\u8f6f\u4ef6\u58f0\u660e\u548c\u6280\u672f\u56e2\u961f\u3002
License \u58f0\u660e
\u6280\u672f\u56e2\u961f
\u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4e2d\uff0c\u53ef\u901a\u8fc7 \u5916\u89c2\u5b9a\u5236 \u66f4\u6362\u767b\u5f55\u754c\u9762\u3001\u9876\u90e8\u5bfc\u822a\u680f\u4ee5\u53ca\u5e95\u90e8\u7248\u6743\u548c\u5907\u6848\u4fe1\u606f\uff0c\u5e2e\u52a9\u7528\u6237\u66f4\u597d\u5730\u8fa8\u8bc6\u4ea7\u54c1\u3002
"},{"location":"admin/ghippo/platform-setting/appearance.html#_2","title":"\u5b9a\u5236\u8bf4\u660e","text":"\u4f7f\u7528\u5177\u6709 admin \u89d2\u8272\u7684\u7528\u6237\u767b\u5f55 AI \u7b97\u529b\u5e73\u53f0\u3002\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u5e95\u90e8\u7684 \u5168\u5c40\u7ba1\u7406 -> \u5e73\u53f0\u8bbe\u7f6e \u3002
\u9009\u62e9 \u5916\u89c2\u5b9a\u5236 \uff0c\u5728 \u767b\u5f55\u9875\u5b9a\u5236 \u9875\u7b7e\u4e2d\uff0c\u4fee\u6539\u767b\u5f55\u9875\u7684\u56fe\u6807\u548c\u6587\u5b57\u540e\uff0c\u70b9\u51fb \u4fdd\u5b58 \u3002
\u9000\u51fa\u767b\u5f55\uff0c\u5728\u767b\u5f55\u9875\u5237\u65b0\u540e\u53ef\u770b\u5230\u914d\u7f6e\u540e\u7684\u6548\u679c
\u70b9\u51fb \u9876\u90e8\u5bfc\u822a\u680f\u5b9a\u5236 \u9875\u7b7e\uff0c\u4fee\u6539\u5bfc\u822a\u680f\u7684\u56fe\u6807\u548c\u6587\u5b57\u540e\uff0c\u70b9\u51fb \u4fdd\u5b58 \u3002
\u70b9\u51fb \u9ad8\u7ea7\u5b9a\u5236 \uff0c\u53ef\u4ee5\u7528 CSS \u6837\u5f0f\u8bbe\u7f6e\u767b\u5f55\u9875\u3001\u5bfc\u822a\u680f\u3001\u5e95\u90e8\u7248\u6743\u53ca\u5907\u6848\u4fe1\u606f\u3002
\u9ad8\u7ea7\u5b9a\u5236\u80fd\u591f\u901a\u8fc7 CSS \u6837\u5f0f\u6765\u4fee\u6539\u6574\u4e2a\u5bb9\u5668\u5e73\u53f0\u7684\u989c\u8272\u3001\u5b57\u4f53\u95f4\u9694\u3001\u5b57\u53f7\u7b49\u3002 \u60a8\u9700\u8981\u719f\u6089 CSS \u8bed\u6cd5\u3002\u5220\u9664\u9ed1\u8272\u8f93\u5165\u6846\u7684\u5185\u5bb9\uff0c\u53ef\u6062\u590d\u5230\u9ed8\u8ba4\u72b6\u6001\uff0c\u5f53\u7136\u4e5f\u53ef\u4ee5\u70b9\u51fb \u4e00\u952e\u8fd8\u539f \u6309\u94ae\u3002
\u767b\u5f55\u9875\u5b9a\u5236\u7684 CSS \u6837\u4f8b\uff1a
.test {\n width: 12px;\n}\n\n#kc-login {\n /* color: red!important; */\n}\n
\u767b\u5f55\u540e\u9875\u9762\u5b9a\u5236\u7684 CSS \u6837\u4f8b\uff1a
.dao-icon.dao-iconfont.icon-service-global.dao-nav__head-icon {\n color: red!important;\n}\n.ghippo-header-logo {\n background-color: green!important;\n}\n.ghippo-header {\n background-color: rgb(128, 115, 0)!important;\n}\n.ghippo-header-nav-main {\n background-color: rgb(0, 19, 128)!important;\n}\n.ghippo-header-sub-nav-main .dao-popper-inner {\n background-color: rgb(231, 82, 13) !important;\n}\n
Footer\uff08\u9875\u9762\u5e95\u90e8\u7684\u7248\u6743\u3001\u5907\u6848\u7b49\u4fe1\u606f\uff09\u5b9a\u5236\u793a\u4f8b
<div class=\"footer-content\">\n <span class=\"footer-item\">Copyright \u00a9 \u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4fdd\u7559\u6240\u6709\u6743\u5229</span>\n <a class=\"footer-item\" href=\"https://beian.miit.gov.cn/\" target=\"_blank\" rel=\"noopener noreferrer\">\u6caa ICP \u5907 xxxxxx \u53f7 - 1</a>\n <a class=\"footer-item\" href=\"https://beian.miit.gov.cn/\" target=\"_blank\" rel=\"noopener noreferrer\">\u6caa ICP \u5907 xxxxxx \u53f7 - 2</a>\n</div>\n<div class=\"footer-content\">\n <img class=\"gongan-icon\" src=\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAASCAYAAABWzo5XAAAACXBIWXMAAAsTAAALEwEAmpwYAAAKTWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAHjanVN3WJP3Fj7f92UPVkLY8LGXbIEAIiOsCMgQWaIQkgBhhBASQMWFiApWFBURnEhVxILVCkidiOKgKLhnQYqIWotVXDjuH9yntX167+3t+9f7vOec5/zOec8PgBESJpHmomoAOVKFPDrYH49PSMTJvYACFUjgBCAQ5svCZwXFAADwA3l4fnSwP/wBr28AAgBw1S4kEsfh/4O6UCZXACCRAOAiEucLAZBSAMguVMgUAMgYALBTs2QKAJQAAGx5fEIiAKoNAOz0ST4FANipk9wXANiiHKkIAI0BAJkoRyQCQLsAYFWBUiwCwMIAoKxAIi4EwK4BgFm2MkcCgL0FAHaOWJAPQGAAgJlCLMwAIDgCAEMeE80DIEwDoDDSv+CpX3CFuEgBAMDLlc2XS9IzFLiV0Bp38vDg4iHiwmyxQmEXKRBmCeQinJebIxNI5wNMzgwAABr50cH+OD+Q5+bk4eZm52zv9MWi/mvwbyI+IfHf/ryMAgQAEE7P79pf5eXWA3DHAbB1v2upWwDaVgBo3/ldM9sJoFoK0Hr5i3k4/EAenqFQyDwdHAoLC+0lYqG9MOOLPv8z4W/gi372/EAe/tt68ABxmkCZrcCjg/1xYW52rlKO58sEQjFu9+cj/seFf/2OKdHiNLFcLBWK8ViJuFAiTcd5uVKRRCHJleIS6X8y8R+W/QmTdw0ArIZPwE62B7XLbMB+7gECiw5Y0nYAQH7zLYwaC5EAEGc0Mnn3AACTv/mPQCsBAM2XpOMAALzoGFyolBdMxggAAESggSqwQQcMwRSswA6cwR28wBcCYQZEQAwkwDwQQgbkgBwKoRiWQRlUwDrYBLWwAxqgEZrhELTBMTgN5+ASXIHrcBcGYBiewhi8hgkEQcgIE2EhOogRYo7YIs4IF5mOBCJhSDSSgKQg6YgUUSLFyHKkAqlCapFdSCPyLXIUOY1cQPqQ28ggMor8irxHMZSBslED1AJ1QLmoHxqKxqBz0XQ0D12AlqJr0Rq0Hj2AtqKn0UvodXQAfYqOY4DRMQ5mjNlhXIyHRWCJWBomxxZj5Vg1Vo81Yx1YN3YVG8CeYe8IJAKLgBPsCF6EEMJsgpCQR1hMWEOoJewjtBK6CFcJg4Qxwicik6hPtCV6EvnEeGI6sZBYRqwm7iEeIZ4lXicOE1+TSCQOyZLkTgohJZAySQtJa0jbSC2kU6Q+0hBpnEwm65Btyd7kCLKArCCXkbeQD5BPkvvJw+S3FDrFiOJMCaIkUqSUEko1ZT/lBKWfMkKZoKpRzame1AiqiDqfWkltoHZQL1OHqRM0dZolzZsWQ8ukLaPV0JppZ2n3aC/pdLoJ3YMeRZfQl9Jr6Afp5+mD9HcMDYYNg8dIYigZaxl7GacYtxkvmUymBdOXmchUMNcyG5lnmA+Yb1VYKvYqfBWRyhKVOpVWlX6V56pUVXNVP9V5qgtUq1UPq15WfaZGVbNQ46kJ1Bar1akdVbupNq7OUndSj1DPUV+jvl/9gvpjDbKGhUaghkijVGO3xhmNIRbGMmXxWELWclYD6yxrmE1iW7L57Ex2Bfsbdi97TFNDc6pmrGaRZp3mcc0BDsax4PA52ZxKziHODc57LQMtPy2x1mqtZq1+rTfaetq+2mLtcu0W7eva73VwnUCdLJ31Om0693UJuja6UbqFutt1z+o+02PreekJ9cr1Dund0Uf1bfSj9Rfq79bv0R83MDQINpAZbDE4Y/DMkGPoa5hpuNHwhOGoEctoupHEaKPRSaMnuCbuh2fjNXgXPmasbxxirDTeZdxrPGFiaTLbpMSkxeS+Kc2Ua5pmutG003TMzMgs3KzYrMnsjjnVnGueYb7ZvNv8jYWlRZzFSos2i8eW2pZ8ywWWTZb3rJhWPlZ5VvVW16xJ1lzrLOtt1ldsUBtXmwybOpvLtqitm63Edptt3xTiFI8p0in1U27aMez87ArsmuwG7Tn2YfYl9m32zx3MHBId1jt0O3xydHXMdmxwvOuk4TTDqcSpw+lXZxtnoXOd8zUXpkuQyxKXdpcXU22niqdun3rLleUa7rrStdP1o5u7m9yt2W3U3cw9xX2r+00umxvJXcM970H08PdY4nHM452nm6fC85DnL152Xlle+70eT7OcJp7WMG3I28Rb4L3Le2A6Pj1l+s7pAz7GPgKfep+Hvqa+It89viN+1n6Zfgf8nvs7+sv9j/i/4XnyFvFOBWABwQHlAb2BGoGzA2sDHwSZBKUHNQWNBbsGLww+FUIMCQ1ZH3KTb8AX8hv5YzPcZyya0RXKCJ0VWhv6MMwmTB7WEY6GzwjfEH5vpvlM6cy2CIjgR2yIuB9pGZkX+X0UKSoyqi7qUbRTdHF09yzWrORZ+2e9jvGPqYy5O9tqtnJ2Z6xqbFJsY+ybuIC4qriBeIf4RfGXEnQTJAntieTE2MQ9ieNzAudsmjOc5JpUlnRjruXcorkX5unOy553PFk1WZB8OIWYEpeyP+WDIEJQLxhP5aduTR0T8oSbhU9FvqKNolGxt7hKPJLmnVaV9jjdO31D+miGT0Z1xjMJT1IreZEZkrkj801WRNberM/ZcdktOZSclJyjUg1plrQr1zC3KLdPZisrkw3keeZtyhuTh8r35CP5c/PbFWyFTNGjtFKuUA4WTC+oK3hbGFt4uEi9SFrUM99m/ur5IwuCFny9kLBQuLCz2Lh4WfHgIr9FuxYji1MXdy4xXVK6ZHhp8NJ9y2jLspb9UOJYUlXyannc8o5Sg9KlpUMrglc0lamUycturvRauWMVYZVkVe9ql9VbVn8qF5VfrHCsqK74sEa45uJXTl/VfPV5bdra3kq3yu3rSOuk626s91m/r0q9akHV0IbwDa0b8Y3lG19tSt50oXpq9Y7NtM3KzQM1YTXtW8y2rNvyoTaj9nqdf13LVv2tq7e+2Sba1r/dd3vzDoMdFTve75TsvLUreFdrvUV99W7S7oLdjxpiG7q/5n7duEd3T8Wej3ulewf2Re/ranRvbNyvv7+yCW1SNo0eSDpw5ZuAb9qb7Zp3tXBaKg7CQeXBJ9+mfHvjUOihzsPcw83fmX+39QjrSHkr0jq/dawto22gPaG97+iMo50dXh1Hvrf/fu8x42N1xzWPV56gnSg98fnkgpPjp2Snnp1OPz3Umdx590z8mWtdUV29Z0PPnj8XdO5Mt1/3yfPe549d8Lxw9CL3Ytslt0utPa49R35w/eFIr1tv62X3y+1XPK509E3rO9Hv03/6asDVc9f41y5dn3m978bsG7duJt0cuCW69fh29u0XdwruTNxdeo94r/y+2v3qB/oP6n+0/rFlwG3g+GDAYM/DWQ/vDgmHnv6U/9OH4dJHzEfVI0YjjY+dHx8bDRq98mTOk+GnsqcTz8p+Vv9563Or59/94vtLz1j82PAL+YvPv655qfNy76uprzrHI8cfvM55PfGm/K3O233vuO+638e9H5ko/ED+UPPR+mPHp9BP9z7nfP78L/eE8/sl0p8zAAAAIGNIUk0AAHolAACAgwAA+f8AAIDpAAB1MAAA6mAAADqYAAAXb5JfxUYAAAQjSURBVHjaVNNZbFRlGIDh95w525zpdGa6TVtbykBbyiICxQY0AhYTJUCiiYqGqEEiJhKQmBg0ESPeeCGRENEYb4jhBr0gNQrRlCBiSgyLaSlSaKEs3Wemy+xnzuqFYdD/6rt6ku/N9wue55EcPwWArCgIgkx5ZRuYVxsnJ801Z05f3jY1MRnb/HxHV+uSph9RKq4mhkdwbZVgdQ2SHkPTwgj/h1QUWWi8/tfg/hM/XN/Y2zfaZnkSnuRDtLMsXhBOvrJtya/LlrcdMs1Qb1lVRQmSAEDAsU1kxpgamXp3y+azu1esreK9dyRqs9PIjkW6OsLx7lTV1ld/237s8HRV57MbnvO8CA+e9GCQFTk6Mza+4/0P+t9a9VSEI3uyTH/eR27aB2Ed31Q/Hx1sI6BHOPT13c5Frd0HW9p3HPUQEwAigJW9RDp+bstrOy981nVGLN/7RpHUV70YfXnEAtjxFPasxPDBQXatjzNTdOQXtg983H/51AFFy1KCIg2bNIdC+8270NwmUmelsXqSqHkDK5PDl8iCW0QcnEW+lqCjvcjQuMZ4YnQRTkotQUZu4GkjcfZNv19G011kXw4vayNYNvqCCvSVTciOgABgeuhBGwhgz5zbkI2ff7HUqJiNR2QktbbSYnBYYqbMT/ilKI4SIbT/GcRylbnvLmJ2X8N7tJ7rR8OE/BbliqEYea81WIotmOs02WFpc55Lf0f5/mSI3dsamOgxSX7ZjaALuBmB6M6FnB+S+POCwmOLk1QFFAqZyQWl1YrpiRZJLvDkygyC5NJ1XCax7xYNiTQVEYVIuUulayIcGeLkpw6WK7GuPY/fb2CkhleXIFFe8XPGaKBj9QxLW1Ik0bg8EuT2zRCJYZvZIYepe0EGbvi4bQUJVZhs2phADFYj+df0lBqJUnaekS4SUHXe3jrOnoE2PhSewHfRpfZGgcryIvfHdQruQlLo7Ns6QizqkJ31CIUlqwQJXuWUpDXj6qOsW32HT3YNImll9FwJsb4jyaLmWQ4fa6a+2sQw0ry8YZSiHcPxxXBtMfCv4XkUCrfliWs/fTE31rtTVfv9vsIorvQIniMhqXM4popVcJFVMHMpfMEaLPdxR1Tnna1b1vl6tGntpAjgCTNWONZyIFBR8Ydtr6EgrCI3VySfzZPLBDHyIq5gkpmzcOUmTGMF+bh7M9LYulfWzMmHBzk7Fpq9deWEYxjrtaCMXjWfstp6BCGNXZzBdYqYhogWqkMum4+oBVD0YnP63u/fFqbv1D+M7VSlBbmmK5uYaLYLYwslfwFVAyXQiOfcx3XyyGIM8DDn0lgWyGokHogu/0UJxpL/+f2e569s/CZQZ53OpzJr0+NXludUfb5jVdf7VUGXJUPIZast1S9PeII6jFDT5xMjFwO1S4c8zwTgnwEAxufYSzA67PMAAAAASUVORK5CYII=\" >\n <a class=\"footer-item\" href=\"http://www.beian.gov.cn/portal/registerSystemInfo\">\u6caa\u516c\u7f51\u5b89\u5907 12345678912345\u53f7</a>\n</div>\n<style>\n.footer-content {\n display: flex;\n flex-wrap: wrap;\n align-items: center;\n justify-content: center;\n}\n.footer-content + .footer-content {\n margin-top: 8px;\n}\n.login-pf .footer-item {\n color: white;\n}\n.footer-item {\n color: var(--dao-gray-010);\n text-decoration: none;\n}\n.footer-item + .footer-item {\n margin-left: 8px;\n}\n.gongan-icon {\n width: 18px;\n height: 18px;\n margin-right: 4px;\n}\n</style>\n
Note
\u5982\u679c\u60f3\u8981\u6062\u590d\u9ed8\u8ba4\u8bbe\u7f6e\uff0c\u53ef\u4ee5\u70b9\u51fb \u4e00\u952e\u8fd8\u539f \u3002\u8bf7\u6ce8\u610f\uff0c\u4e00\u952e\u8fd8\u539f\u540e\u5c06\u4e22\u5f03\u6240\u6709\u81ea\u5b9a\u4e49\u8bbe\u7f6e\u3002
"},{"location":"admin/ghippo/platform-setting/mail-server.html","title":"\u90ae\u4ef6\u670d\u52a1\u5668","text":"\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4f1a\u5728\u7528\u6237\u5fd8\u8bb0\u5bc6\u7801\u65f6\uff0c\u5411\u7528\u6237\u53d1\u9001\u7535\u5b50\u90ae\u4ef6\u4ee5\u9a8c\u8bc1\u7535\u5b50\u90ae\u4ef6\u5730\u5740\uff0c\u786e\u4fdd\u7528\u6237\u662f\u672c\u4eba\u64cd\u4f5c\u3002 \u8981\u4f7f\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u80fd\u591f\u53d1\u9001\u7535\u5b50\u90ae\u4ef6\uff0c\u9700\u8981\u5148\u63d0\u4f9b\u60a8\u7684\u90ae\u4ef6\u670d\u52a1\u5668\u5730\u5740\u3002
\u5177\u4f53\u64cd\u4f5c\u6b65\u9aa4\u5982\u4e0b\uff1a
\u4f7f\u7528\u5177\u6709 admin \u89d2\u8272\u7684\u7528\u6237\u767b\u5f55 AI \u7b97\u529b\u5e73\u53f0\u3002\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u5e95\u90e8\u7684 \u5168\u5c40\u7ba1\u7406 \u3002
\u70b9\u51fb \u5e73\u53f0\u8bbe\u7f6e \uff0c\u9009\u62e9 \u90ae\u4ef6\u670d\u52a1\u5668\u8bbe\u7f6e \u3002
\u586b\u5199\u4ee5\u4e0b\u5b57\u6bb5\u914d\u7f6e\u90ae\u4ef6\u670d\u52a1\u5668\uff1a
\u5b57\u6bb5 \u63cf\u8ff0 \u4e3e\u4f8b\u503c SMTP \u670d\u52a1\u5668\u5730\u5740 \u80fd\u591f\u63d0\u4f9b\u90ae\u4ef6\u670d\u52a1\u7684 SMTP \u670d\u52a1\u5668\u5730\u5740 smtp.163.com SMTP \u670d\u52a1\u5668\u7aef\u53e3 \u53d1\u9001\u90ae\u4ef6\u7684\u7aef\u53e3 25 \u7528\u6237\u540d SMTP \u7528\u6237\u7684\u540d\u79f0 test@163.com \u5bc6\u7801 SMTP \u8d26\u53f7\u7684\u5bc6\u7801 123456 \u53d1\u4ef6\u4eba\u90ae\u7bb1 \u53d1\u4ef6\u4eba\u7684\u90ae\u7bb1\u5730\u5740 test@163.com \u4f7f\u7528 SSL \u5b89\u5168\u8fde\u63a5 SSL \u53ef\u4ee5\u7528\u4e8e\u52a0\u5bc6\u90ae\u4ef6\uff0c\u4ece\u800c\u63d0\u9ad8\u901a\u8fc7\u90ae\u4ef6\u4f20\u8f93\u7684\u4fe1\u606f\u7684\u5b89\u5168\u6027\uff0c\u901a\u5e38\u9700\u4e3a\u90ae\u4ef6\u670d\u52a1\u5668\u914d\u7f6e\u8bc1\u4e66 \u4e0d\u5f00\u542f\u914d\u7f6e\u5b8c\u6210\u540e\u70b9\u51fb \u4fdd\u5b58 \uff0c\u70b9\u51fb \u6d4b\u8bd5\u90ae\u4ef6\u670d\u52a1\u5668 \u3002
\u5c4f\u5e55\u53f3\u4e0a\u89d2\u51fa\u73b0\u6210\u529f\u53d1\u9001\u90ae\u4ef6\u7684\u63d0\u793a\uff0c\u5219\u8868\u793a\u90ae\u4ef6\u670d\u52a1\u5668\u88ab\u6210\u529f\u8bbe\u7f6e\u3002
\u95ee\uff1a\u90ae\u4ef6\u670d\u52a1\u5668\u8bbe\u7f6e\u540e\u7528\u6237\u4ecd\u65e0\u6cd5\u627e\u56de\u5bc6\u7801\u662f\u4ec0\u4e48\u539f\u56e0\uff1f
\u7b54\uff1a\u7528\u6237\u53ef\u80fd\u672a\u8bbe\u7f6e\u90ae\u7bb1\u6216\u8005\u8bbe\u7f6e\u4e86\u9519\u8bef\u7684\u90ae\u7bb1\u5730\u5740\uff1b\u6b64\u65f6\u53ef\u4ee5\u8ba9 admin \u89d2\u8272\u7684\u7528\u6237\u5728 \u5168\u5c40\u7ba1\u7406 -> \u7528\u6237\u4e0e\u8bbf\u95ee\u63a7\u5236 \u4e2d\u901a\u8fc7\u7528\u6237\u540d\u627e\u5230\u8be5\u7528\u6237\uff0c\u5e76\u5728\u7528\u6237\u8be6\u60c5\u4e2d\u4e3a\u8be5\u7528\u6237\u8bbe\u7f6e\u65b0\u7684\u767b\u5f55\u5bc6\u7801\u3002
\u5982\u679c\u90ae\u4ef6\u670d\u52a1\u5668\u6ca1\u6709\u8fde\u901a\uff0c\u8bf7\u68c0\u67e5\u90ae\u4ef6\u670d\u52a1\u5668\u5730\u5740\u3001\u7528\u6237\u540d\u53ca\u5bc6\u7801\u662f\u5426\u6b63\u786e\u3002
"},{"location":"admin/ghippo/platform-setting/security.html","title":"\u5b89\u5168\u7b56\u7565","text":"\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u5728\u56fe\u5f62\u754c\u9762\u4e0a\u63d0\u4f9b\u4e86\u57fa\u4e8e\u5bc6\u7801\u548c\u8bbf\u95ee\u63a7\u5236\u7684\u5b89\u5168\u7b56\u7565\u3002
\u5bc6\u7801\u7b56\u7565
\u8bbf\u95ee\u63a7\u5236\u7b56\u7565
\u8fdb\u5165\u5168\u5c40\u7ba1\u7406\u540e\uff0c\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u5e73\u53f0\u8bbe\u7f6e -> \u5b89\u5168\u7b56\u7565 \uff0c\u5373\u53ef\u8bbe\u7f6e\u5bc6\u7801\u7b56\u7565\u548c\u8bbf\u95ee\u63a7\u5236\u7b56\u7565\u3002
"},{"location":"admin/ghippo/report-billing/index.html","title":"\u8fd0\u8425\u7ba1\u7406","text":"\u8fd0\u8425\u7ba1\u7406\u901a\u8fc7\u53ef\u89c6\u5316\u7684\u65b9\u5f0f\uff0c\u4e3a\u60a8\u5c55\u793a\u5e73\u53f0\u4e0a\u7edf\u8ba1\u65f6\u95f4\u8303\u56f4\u5185\u96c6\u7fa4\u3001\u8282\u70b9\u3001\u547d\u540d\u7a7a\u95f4\u3001\u5bb9\u5668\u7ec4\u3001\u5de5\u4f5c\u7a7a\u95f4\u7b49\u7ef4\u5ea6\u7684 CPU/\u5185\u5b58/\u5b58\u50a8/GPU \u7684\u4f7f\u7528\u603b\u91cf\u548c\u4f7f\u7528\u7387\u7b49\u4fe1\u606f\u3002 \u4ee5\u53ca\u901a\u8fc7\u4f7f\u7528\u91cf\u3001\u4f7f\u7528\u65f6\u95f4\u53ca\u5355\u4ef7\u7b49\u4fe1\u606f\uff0c\u81ea\u52a8\u8ba1\u7b97\u51fa\u7684\u5e73\u53f0\u6d88\u8d39\u4fe1\u606f\u3002\u8be5\u6a21\u5757\u9ed8\u8ba4\u5f00\u542f\u6240\u6709\u62a5\u8868\u7edf\u8ba1\uff0c\u540c\u65f6\u4e5f\u652f\u6301\u5e73\u53f0\u7ba1\u7406\u5458\u5bf9\u5355\u4e2a\u62a5\u8868\u8fdb\u884c\u624b\u52a8\u5f00\u542f\u6216\u5173\u95ed\uff0c \u5f00\u542f/\u5173\u95ed\u540e\u5c06\u5728\u6700\u957f 20 \u5206\u949f\u5185\uff0c\u5e73\u53f0\u5f00\u59cb/\u505c\u6b62\u91c7\u96c6\u62a5\u8868\u6570\u636e\uff0c\u5f80\u671f\u5df2\u91c7\u96c6\u5230\u7684\u6570\u636e\u8fd8\u5c06\u6b63\u5e38\u5c55\u793a\u3002 \u8fd0\u8425\u7ba1\u7406\u6570\u636e\u6700\u591a\u53ef\u5728\u5e73\u53f0\u4e0a\u4fdd\u7559 365 \u5929\uff0c\u8d85\u8fc7\u4fdd\u7559\u65f6\u95f4\u7684\u7edf\u8ba1\u6570\u636e\u5c06\u88ab\u81ea\u52a8\u5220\u9664\u3002\u60a8\u4e5f\u53ef\u4ee5\u901a\u8fc7 CSV \u6216 Excel \u65b9\u5f0f\u4e0b\u8f7d\u62a5\u8868\u540e\u8fdb\u884c\u8fdb\u4e00\u6b65\u7684\u7edf\u8ba1\u548c\u5206\u6790\u3002
\u62a5\u8868\u7ba1\u7406\u901a\u8fc7 CPU \u5229\u7528\u7387\u3001\u5185\u5b58\u5229\u7528\u7387\u3001\u5b58\u50a8\u5229\u7528\u7387\u3001GPU \u7b97\u529b\u5229\u7528\u7387\u3001GPU \u663e\u5b58\u5229\u7528\u7387 5 \u4e2a\u7ef4\u5ea6\uff0c\u5bf9\u96c6\u7fa4\u3001\u8282\u70b9\u3001\u5bb9\u5668\u7ec4\u3001\u5de5\u4f5c\u7a7a\u95f4\u3001\u547d\u540d\u7a7a\u95f4 5 \u79cd\u8d44\u6e90\u8fdb\u884c\u6570\u636e\u7edf\u8ba1\u3002\u540c\u65f6\u8054\u52a8\u5ba1\u8ba1\u548c\u544a\u8b66\u6a21\u5757\uff0c\u652f\u6301\u5bf9\u5ba1\u8ba1\u6570\u636e\u548c\u544a\u8b66\u6570\u636e\u8fdb\u884c\u7edf\u8ba1\u7ba1\u7406\u3002\u5171\u8ba1\u652f\u6301 7 \u79cd\u7c7b\u578b\u62a5\u8868\u3002
\u8ba1\u91cf\u8ba1\u8d39\u9488\u5bf9\u5e73\u53f0\u4e0a\u7684\u96c6\u7fa4\u3001\u8282\u70b9\u3001\u5bb9\u5668\u7ec4\u3001\u547d\u540d\u7a7a\u95f4\u548c\u5de5\u4f5c\u7a7a\u95f4 5 \u79cd\u8d44\u6e90\u8fdb\u884c\u8ba1\u8d39\u7edf\u8ba1\u3002 \u6839\u636e\u4e0d\u540c\u8d44\u6e90\u4e2d CPU\u3001\u5185\u5b58\u3001\u5b58\u50a8\u548c GPU \u7684\u4f7f\u7528\u91cf\uff0c\u4ee5\u53ca\u7528\u6237\u624b\u52a8\u914d\u7f6e\u7684\u4ef7\u683c\u548c\u8d27\u5e01\u5355\u4f4d\u81ea\u52a8\u8ba1\u7b97\u51fa\u6bcf\u79cd\u8d44\u6e90\u5728\u7edf\u8ba1\u65f6\u95f4\u7684\u6d88\u8d39\u60c5\u51b5\uff0c \u6839\u636e\u6240\u9009\u65f6\u95f4\u8de8\u5ea6\u4e0d\u540c\uff0c\u53ef\u5feb\u901f\u8ba1\u7b97\u51fa\u8be5\u8de8\u5ea6\u5185\u7684\u5b9e\u9645\u6d88\u8d39\u60c5\u51b5\uff0c\u5982\u6708\u5ea6\u3001\u5b63\u5ea6\u3001\u5e74\u5ea6\u7b49\u3002
"},{"location":"admin/ghippo/report-billing/billing.html","title":"\u8ba1\u91cf\u8ba1\u8d39","text":"\u8ba1\u91cf\u8ba1\u8d39\u5728\u62a5\u8868\u7684\u57fa\u7840\u4e0a\uff0c\u5bf9\u8d44\u6e90\u7684\u4f7f\u7528\u6570\u636e\u505a\u4e86\u8fdb\u4e00\u6b65\u7684\u8ba1\u8d39\u5904\u7406\u3002\u652f\u6301\u7528\u6237\u624b\u52a8\u8bbe\u7f6e CPU\u3001\u5185\u5b58\u3001\u5b58\u50a8\u3001GPU \u7684\u5355\u4ef7\u4ee5\u53ca\u8d27\u5e01\u5355\u4f4d\u7b49\uff0c\u8bbe\u7f6e\u540e\u7cfb\u7edf\u5c06\u81ea\u52a8\u7edf\u8ba1\u51fa\u96c6\u7fa4\u3001\u8282\u70b9\u3001\u5bb9\u5668\u7ec4\u3001\u547d\u540d\u7a7a\u95f4\u3001\u5de5\u4f5c\u7a7a\u95f4\u5728\u4e00\u6bb5\u65f6\u95f4\u5185\u7684\u82b1\u8d39\u60c5\u51b5\uff0c\u65f6\u95f4\u6bb5\u7528\u6237\u53ef\u81ea\u7531\u8c03\u6574\uff0c\u53ef\u6309\u7167\u5468\u3001\u6708\u3001\u5b63\u5ea6\u3001\u5e74\u7b5b\u9009\u8c03\u6574\u540e\u5bfc\u51fa Excel \u6216 Csv \u683c\u5f0f\u7684\u8ba1\u8d39\u62a5\u8868\u3002
"},{"location":"admin/ghippo/report-billing/billing.html#_2","title":"\u8ba1\u8d39\u89c4\u5219\u53ca\u751f\u6548\u65f6\u95f4","text":"\u76ee\u524d\u652f\u6301\u4ee5\u4e0b\u51e0\u79cd\u62a5\u8868\uff1a
\u4f7f\u7528\u5177\u6709 admin \u89d2\u8272\u7684\u7528\u6237\u767b\u5f55 AI \u7b97\u529b\u5e73\u53f0\u3002\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u5e95\u90e8\u7684 \u5168\u5c40\u7ba1\u7406 -> \u8fd0\u8425\u7ba1\u7406 \u3002
\u8fdb\u5165 \u8fd0\u8425\u7ba1\u7406 \u540e\u5207\u6362\u4e0d\u540c\u83dc\u5355\u53ef\u67e5\u770b\u96c6\u7fa4\u3001\u8282\u70b9\u3001\u5bb9\u5668\u7ec4\u7b49\u8ba1\u8d39\u62a5\u8868\u3002
\u62a5\u8868\u7ba1\u7406\u4ee5\u53ef\u89c6\u5316\u7684\u65b9\u5f0f\uff0c\u5c55\u793a\u4e86\u96c6\u7fa4\u3001\u8282\u70b9\u3001\u5bb9\u5668\u7ec4\uff08Pod\uff09\u3001\u5de5\u4f5c\u7a7a\u95f4\u3001\u547d\u540d\u7a7a\u95f4\u3001\u5ba1\u8ba1\u53ca\u544a\u8b66\u7ef4\u5ea6\u7684\u7edf\u8ba1\u6570\u636e\uff0c\u4e3a\u5e73\u53f0\u7684\u8ba1\u8d39\u53ca\u4f7f\u7528\u60c5\u51b5\u7684\u8c03\u4f18\u63d0\u4f9b\u4e86\u53ef\u9760\u7684\u57fa\u7840\u6570\u636e\u3002
"},{"location":"admin/ghippo/report-billing/report.html#_2","title":"\u529f\u80fd\u7279\u6027","text":"\u76ee\u524d\u652f\u6301\u4ee5\u4e0b\u51e0\u79cd\u62a5\u8868\uff1a
\u4f7f\u7528\u5177\u6709 Admin \u89d2\u8272\u7684\u7528\u6237\u767b\u5f55 AI \u7b97\u529b\u5e73\u53f0\u3002\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u5e95\u90e8\u7684 \u5168\u5c40\u7ba1\u7406 -> \u8fd0\u8425\u7ba1\u7406 \u3002
\u8fdb\u5165\u8fd0\u8425\u7ba1\u7406\u540e\u5207\u6362\u4e0d\u540c\u83dc\u5355\u53ef\u67e5\u770b\u96c6\u7fa4\u3001\u8282\u70b9\u3001\u5bb9\u5668\u7ec4\u7b49\u62a5\u8868\u3002
\u62a5\u9519\u63d0\u793a\u5982\u4e0b\u56fe\uff1a
\u53ef\u80fd\u539f\u56e0\uff1aRequestAuthentication CR \u7684 jwtsUri \u5730\u5740\u65e0\u6cd5\u8bbf\u95ee\uff0c \u5bfc\u81f4 istiod \u65e0\u6cd5\u4e0b\u53d1\u914d\u7f6e\u7ed9 istio-ingressgateway\uff08Istio 1.15 \u53ef\u4ee5\u89c4\u907f\u8fd9\u4e2a bug\uff1a https://github.com/istio/istio/pull/39341/\uff09
\u89e3\u51b3\u65b9\u6cd5\uff1a
\u5907\u4efd RequestAuthentication ghippo CR\u3002
kubectl get RequestAuthentication ghippo -n istio-system -o yaml > ghippo-ra.yaml \n
\u5220\u9664 RequestAuthentication ghippo CR\u3002
kubectl delete RequestAuthentication ghippo -n istio-system \n
\u91cd\u542f Istio\u3002
kubectl rollout restart deploy/istiod -n istio-system\nkubectl rollout restart deploy/istio-ingressgateway -n istio-system \n
\u91cd\u65b0 apply RequestAuthentication ghippo CR\u3002
kubectl apply -f ghippo-ra.yaml \n
Note
apply RequestAuthentication ghippo CR \u4e4b\u524d\uff0c\u8bf7\u786e\u4fdd ghippo-apiserver \u548c ghippo-keycloak \u5df2\u7ecf\u6b63\u5e38\u542f\u52a8\u3002
\u51fa\u73b0\u8fd9\u4e2a\u95ee\u9898\u539f\u56e0\u4e3a\uff1aghippo-keycloak \u8fde\u63a5\u7684 Mysql \u6570\u636e\u5e93\u51fa\u73b0\u6545\u969c, \u5bfc\u81f4 OIDC Public keys \u88ab\u91cd\u7f6e
\u5728\u5168\u5c40\u7ba1\u7406 0.11.1 \u53ca\u4ee5\u4e0a\u7248\u672c\uff0c\u60a8\u53ef\u4ee5\u53c2\u7167\u4ee5\u4e0b\u6b65\u9aa4\uff0c\u4f7f\u7528 helm \u66f4\u65b0\u5168\u5c40\u7ba1\u7406\u914d\u7f6e\u6587\u4ef6\u5373\u53ef\u6062\u590d\u6b63\u5e38\u3002
# \u66f4\u65b0 helm \u4ed3\u5e93\nhelm repo update ghippo\n\n# \u5907\u4efd ghippo \u53c2\u6570\nhelm get values ghippo -n ghippo-system -o yaml > ghippo-values-bak.yaml\n\n# \u83b7\u53d6\u5f53\u524d\u90e8\u7f72\u7684 ghippo \u7248\u672c\u53f7\nversion=$(helm get notes ghippo -n ghippo-system | grep \"Chart Version\" | awk -F ': ' '{ print $2 }')\n\n# \u6267\u884c\u66f4\u65b0\u64cd\u4f5c, \u4f7f\u914d\u7f6e\u6587\u4ef6\u751f\u6548\nhelm upgrade ghippo ghippo/ghippo \\\n-n ghippo-system \\\n-f ./ghippo-values-bak.yaml \\\n--version ${version}\n
"},{"location":"admin/ghippo/troubleshooting/ghippo03.html","title":"Keycloak \u65e0\u6cd5\u542f\u52a8","text":""},{"location":"admin/ghippo/troubleshooting/ghippo03.html#_1","title":"\u5e38\u89c1\u6545\u969c","text":""},{"location":"admin/ghippo/troubleshooting/ghippo03.html#_2","title":"\u6545\u969c\u8868\u73b0","text":"MySQL \u5df2\u5c31\u7eea\uff0c\u65e0\u62a5\u9519\u3002\u5728\u5b89\u88c5\u5168\u5c40\u7ba1\u7406\u540e keycloak \u65e0\u6cd5\u542f\u52a8\uff08> 10 \u6b21\uff09\u3002
"},{"location":"admin/ghippo/troubleshooting/ghippo03.html#_3","title":"\u68c0\u67e5\u9879","text":"keycloak \u65e0\u6cd5\u6b63\u5e38\u542f\u52a8\uff0ckeycloak pod \u8fd0\u884c\u72b6\u6001\u4e3a CrashLoopBackOff
\u5e76\u4e14 keycloak \u7684 log \u51fa\u73b0\u5982\u4e0b\u56fe\u6240\u793a\u7684\u4fe1\u606f
\u8fd0\u884c\u4e0b\u9762\u7684\u68c0\u67e5\u811a\u672c\uff0c\u67e5\u8be2\u5f53\u524d\u8282\u70b9 cpu \u7684 x86-64\u67b6\u6784\u7684\u7279\u5f81\u7ea7\u522b
cat <<\"EOF\" > detect-cpu.sh\n#!/bin/sh -eu\n\nflags=$(cat /proc/cpuinfo | grep flags | head -n 1 | cut -d: -f2)\n\nsupports_v2='awk \"/cx16/&&/lahf/&&/popcnt/&&/sse4_1/&&/sse4_2/&&/ssse3/ {found=1} END {exit !found}\"'\nsupports_v3='awk \"/avx/&&/avx2/&&/bmi1/&&/bmi2/&&/f16c/&&/fma/&&/abm/&&/movbe/&&/xsave/ {found=1} END {exit !found}\"'\nsupports_v4='awk \"/avx512f/&&/avx512bw/&&/avx512cd/&&/avx512dq/&&/avx512vl/ {found=1} END {exit !found}\"'\n\necho \"$flags\" | eval $supports_v2 || exit 2 && echo \"CPU supports x86-64-v2\"\necho \"$flags\" | eval $supports_v3 || exit 3 && echo \"CPU supports x86-64-v3\"\necho \"$flags\" | eval $supports_v4 || exit 4 && echo \"CPU supports x86-64-v4\"\nEOF\n\nchmod +x detect-cpu.sh\nsh detect-cpu.sh\n
\u6267\u884c\u4e0b\u9762\u547d\u4ee4\u67e5\u770b\u5f53\u524d cpu \u7684\u7279\u6027\uff0c\u5982\u679c\u8f93\u51fa\u4e2d\u5305\u542b sse4_2\uff0c\u5219\u8868\u793a\u4f60\u7684\u5904\u7406\u5668\u652f\u6301SSE 4.2\u3002
lscpu | grep sse4_2\n
"},{"location":"admin/ghippo/troubleshooting/ghippo03.html#_7","title":"\u89e3\u51b3\u65b9\u6cd5","text":"\u9700\u8981\u5347\u7ea7\u4f60\u7684\u4e91\u4e3b\u673a\u6216\u7269\u7406\u673a CPU \u4ee5\u652f\u6301 x86-64-v2 \u53ca\u4ee5\u4e0a\uff0c\u786e\u4fddx86 CPU \u6307\u4ee4\u96c6\u652f\u6301 sse4.2\uff0c\u5982\u4f55\u5347\u7ea7\u9700\u8981\u4f60\u54a8\u8be2\u4e91\u4e3b\u673a\u5e73\u53f0\u63d0\u4f9b\u5546\u6216\u7740\u7269\u7406\u673a\u63d0\u4f9b\u5546\u3002
\u8be6\u89c1\uff1ahttps://github.com/keycloak/keycloak/issues/17290
"},{"location":"admin/ghippo/troubleshooting/ghippo04.html","title":"\u5355\u72ec\u5347\u7ea7\u5168\u5c40\u7ba1\u7406\u65f6\u5347\u7ea7\u5931\u8d25","text":"\u82e5\u5347\u7ea7\u5931\u8d25\u65f6\u5305\u542b\u5982\u4e0b\u4fe1\u606f\uff0c\u53ef\u4ee5\u53c2\u8003\u79bb\u7ebf\u5347\u7ea7\u4e2d\u7684\u66f4\u65b0 ghippo crd \u6b65\u9aa4\u5b8c\u6210 crd \u5b89\u88c5
ensure CRDs are installed first\n
"},{"location":"admin/ghippo/workspace/folder-permission.html","title":"\u6587\u4ef6\u5939\u6743\u9650\u8bf4\u660e","text":"\u6587\u4ef6\u5939\u5177\u6709\u6743\u9650\u6620\u5c04\u80fd\u529b\uff0c\u80fd\u591f\u5c06\u7528\u6237/\u7528\u6237\u7ec4\u5728\u672c\u6587\u4ef6\u5939\u7684\u6743\u9650\u6620\u5c04\u5230\u5176\u4e0b\u7684\u5b50\u6587\u4ef6\u5939\u3001\u5de5\u4f5c\u7a7a\u95f4\u4ee5\u53ca\u8d44\u6e90\u4e0a\u3002
\u82e5\u7528\u6237/\u7528\u6237\u7ec4\u5728\u672c\u6587\u4ef6\u5939\u662f Folder Admin \u89d2\u8272\uff0c\u6620\u5c04\u5230\u5b50\u6587\u4ef6\u5939\u4ecd\u4e3a Folder Admin \u89d2\u8272\uff0c\u6620\u5c04\u5230\u5176\u4e0b\u7684\u5de5\u4f5c\u7a7a\u95f4\u5219\u4e3a Workspace Admin\uff1b \u82e5\u5728 \u5de5\u4f5c\u7a7a\u95f4\u4e0e\u5c42\u7ea7 -> \u8d44\u6e90\u7ec4 \u4e2d\u7ed1\u5b9a\u4e86 Namespace\uff0c\u5219\u6620\u5c04\u540e\u8be5\u7528\u6237/\u7528\u6237\u7ec4\u540c\u65f6\u8fd8\u662f Namespace Admin\u3002
Note
\u6587\u4ef6\u5939\u7684\u6743\u9650\u6620\u5c04\u80fd\u529b\u4e0d\u4f1a\u4f5c\u7528\u5230\u5171\u4eab\u8d44\u6e90\u4e0a\uff0c\u56e0\u4e3a\u5171\u4eab\u662f\u5c06\u96c6\u7fa4\u7684\u4f7f\u7528\u6743\u9650\u5171\u4eab\u7ed9\u591a\u4e2a\u5de5\u4f5c\u7a7a\u95f4\uff0c\u800c\u4e0d\u662f\u5c06\u7ba1\u7406\u6743\u9650\u53d7\u8ba9\u7ed9\u5de5\u4f5c\u7a7a\u95f4\uff0c\u56e0\u6b64\u4e0d\u4f1a\u5b9e\u73b0\u6743\u9650\u7ee7\u627f\u548c\u89d2\u8272\u6620\u5c04\u3002
"},{"location":"admin/ghippo/workspace/folder-permission.html#_2","title":"\u5e94\u7528\u573a\u666f","text":"\u6587\u4ef6\u5939\u5177\u6709\u5c42\u7ea7\u80fd\u529b\uff0c\u56e0\u6b64\u5c06\u6587\u4ef6\u5939\u5bf9\u5e94\u4e8e\u4f01\u4e1a\u4e2d\u7684\u90e8\u95e8/\u4f9b\u5e94\u5546/\u9879\u76ee\u7b49\u5c42\u7ea7\u65f6\uff0c
\u6587\u4ef6\u5939\u5177\u6709\u6743\u9650\u6620\u5c04\u80fd\u529b\uff0c\u80fd\u591f\u5c06\u7528\u6237/\u7528\u6237\u7ec4\u5728\u672c\u6587\u4ef6\u5939\u7684\u6743\u9650\u6620\u5c04\u5230\u5176\u4e0b\u7684\u5b50\u6587\u4ef6\u5939\u3001\u5de5\u4f5c\u7a7a\u95f4\u4ee5\u53ca\u8d44\u6e90\u4e0a\u3002
\u53c2\u7167\u4ee5\u4e0b\u6b65\u9aa4\u521b\u5efa\u4e00\u4e2a\u6587\u4ef6\u5939\u3002
\u4f7f\u7528 admin/folder admin \u89d2\u8272\u7684\u7528\u6237\u767b\u5f55 AI \u7b97\u529b\u5e73\u53f0\uff0c\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u5e95\u90e8\u7684 \u5168\u5c40\u7ba1\u7406 -> \u5de5\u4f5c\u7a7a\u95f4\u4e0e\u5c42\u7ea7 \u3002
\u70b9\u51fb\u53f3\u4e0a\u89d2\u7684 \u521b\u5efa\u6587\u4ef6\u5939 \u6309\u94ae\u3002
\u586b\u5199\u6587\u4ef6\u5939\u540d\u79f0\u3001\u4e0a\u4e00\u7ea7\u6587\u4ef6\u5939\u7b49\u4fe1\u606f\u540e\uff0c\u70b9\u51fb \u786e\u5b9a \uff0c\u5b8c\u6210\u521b\u5efa\u6587\u4ef6\u5939\u3002
Tip
\u521b\u5efa\u6210\u529f\u540e\u6587\u4ef6\u5939\u540d\u79f0\u5c06\u663e\u793a\u5728\u5de6\u4fa7\u7684\u6811\u72b6\u7ed3\u6784\u4e2d\uff0c\u4ee5\u4e0d\u540c\u7684\u56fe\u6807\u8868\u793a\u5de5\u4f5c\u7a7a\u95f4\u548c\u6587\u4ef6\u5939\u3002
Note
\u9009\u4e2d\u67d0\u4e00\u4e2a\u6587\u4ef6\u5939\u6216\u6587\u4ef6\u5939\uff0c\u70b9\u51fb\u53f3\u4fa7\u7684 \u2507 \u53ef\u4ee5\u8fdb\u884c\u7f16\u8f91\u6216\u5220\u9664\u3002
\u5f53\u8be5\u6587\u4ef6\u5939\u4e0b\u8d44\u6e90\u7ec4\u3001\u5171\u4eab\u8d44\u6e90\u4e2d\u5b58\u5728\u8d44\u6e90\u65f6\uff0c\u8be5\u6587\u4ef6\u5939\u65e0\u6cd5\u88ab\u5220\u9664\uff0c\u9700\u8981\u5c06\u6240\u6709\u8d44\u6e90\u89e3\u7ed1\u540e\u518d\u5220\u9664\u3002
\u5f53\u5fae\u670d\u52a1\u5f15\u64ce\u6a21\u5757\u5728\u8be5\u6587\u4ef6\u5939\u4e0b\u5b58\u5728\u63a5\u5165\u6ce8\u518c\u4e2d\u5fc3\u8d44\u6e90\u65f6\uff0c\u8be5\u6587\u4ef6\u5939\u65e0\u6cd5\u88ab\u5220\u9664\uff0c\u9700\u8981\u5c06\u6240\u6709\u63a5\u5165\u6ce8\u518c\u4e2d\u5fc3\u79fb\u9664\u540e\u518d\u5220\u9664\u6587\u4ef6\u5939\u3002
\u5171\u4eab\u8d44\u6e90\u5e76\u975e\u610f\u5473\u7740\u88ab\u5171\u4eab\u8005\u53ef\u4ee5\u65e0\u9650\u5236\u5730\u4f7f\u7528\u88ab\u5171\u4eab\u7684\u8d44\u6e90\u3002 Admin\u3001Kpanda Owner \u548c Workspace Admin \u53ef\u4ee5\u901a\u8fc7\u5171\u4eab\u8d44\u6e90\u4e2d\u7684 \u8d44\u6e90\u914d\u989d \u529f\u80fd\u9650\u5236\u67d0\u4e2a\u7528\u6237\u7684\u6700\u5927\u4f7f\u7528\u989d\u5ea6\u3002 \u82e5\u4e0d\u9650\u5236\uff0c\u5219\u8868\u793a\u53ef\u4ee5\u65e0\u9650\u5236\u4f7f\u7528\u3002
\u4e00\u4e2a\u8d44\u6e90\uff08\u96c6\u7fa4\uff09\u53ef\u4ee5\u88ab\u591a\u4e2a\u5de5\u4f5c\u7a7a\u95f4\u5171\u4eab\uff0c\u4e00\u4e2a\u5de5\u4f5c\u7a7a\u95f4\u4e5f\u53ef\u4ee5\u540c\u65f6\u4f7f\u7528\u591a\u4e2a\u5171\u4eab\u96c6\u7fa4\u4e2d\u7684\u8d44\u6e90\u3002
"},{"location":"admin/ghippo/workspace/quota.html#_1","title":"\u8d44\u6e90\u7ec4\u548c\u5171\u4eab\u8d44\u6e90","text":"\u5171\u4eab\u8d44\u6e90\u548c\u8d44\u6e90\u7ec4\u4e2d\u7684\u96c6\u7fa4\u8d44\u6e90\u5747\u6765\u81ea\u5bb9\u5668\u7ba1\u7406\uff0c\u4f46\u662f\u96c6\u7fa4\u7ed1\u5b9a\u548c\u5171\u4eab\u7ed9\u540c\u4e00\u4e2a\u5de5\u4f5c\u7a7a\u95f4\u5c06\u4f1a\u4ea7\u751f\u4e24\u79cd\u622a\u7136\u4e0d\u540c\u7684\u6548\u679c\u3002
\u7ed1\u5b9a\u8d44\u6e90
\u4f7f\u5de5\u4f5c\u7a7a\u95f4\u4e2d\u7684\u7528\u6237/\u7528\u6237\u7ec4\u5177\u6709\u8be5\u96c6\u7fa4\u7684\u5168\u90e8\u7ba1\u7406\u548c\u4f7f\u7528\u6743\u9650\uff0cWorkspace Admin \u5c06\u88ab\u6620\u5c04\u4e3a Cluster Admin\u3002 Workspace Admin \u80fd\u591f\u8fdb\u5165\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u7ba1\u7406\u8be5\u96c6\u7fa4\u3002
Note
\u5f53\u524d\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u6682\u65e0 Cluster Editor \u548c Cluster Viewer \u89d2\u8272\uff0c\u56e0\u6b64 Workspace Editor\u3001Workspace Viewer \u8fd8\u65e0\u6cd5\u6620\u5c04\u3002
\u65b0\u589e\u5171\u4eab\u8d44\u6e90
\u4f7f\u5de5\u4f5c\u7a7a\u95f4\u4e2d\u7684\u7528\u6237/\u7528\u6237\u7ec4\u5177\u6709\u8be5\u96c6\u7fa4\u8d44\u6e90\u7684\u4f7f\u7528\u6743\u9650\uff0c\u8fd9\u4e9b\u8d44\u6e90\u53ef\u4ee5\u5728\u521b\u5efa\u547d\u540d\u7a7a\u95f4\uff08Namespace\uff09\u65f6\u4f7f\u7528\u3002
\u4e0e\u8d44\u6e90\u7ec4\u4e0d\u540c\uff0c\u5c06\u96c6\u7fa4\u5171\u4eab\u5230\u5de5\u4f5c\u7a7a\u95f4\u65f6\uff0c\u7528\u6237\u5728\u5de5\u4f5c\u7a7a\u95f4\u7684\u89d2\u8272\u4e0d\u4f1a\u6620\u5c04\u5230\u8d44\u6e90\u4e0a\uff0c\u56e0\u6b64 Workspace Admin \u4e0d\u4f1a\u88ab\u6620\u5c04\u4e3a Cluster admin\u3002
\u672c\u8282\u5c55\u793a 3 \u4e2a\u4e0e\u8d44\u6e90\u914d\u989d\u6709\u5173\u7684\u573a\u666f\u3002
"},{"location":"admin/ghippo/workspace/quota.html#_2","title":"\u521b\u5efa\u547d\u540d\u7a7a\u95f4","text":"\u521b\u5efa\u547d\u540d\u7a7a\u95f4\u65f6\u4f1a\u6d89\u53ca\u5230\u8d44\u6e90\u914d\u989d\u3002
\u5728\u5de5\u4f5c\u7a7a\u95f4 ws01 \u65b0\u589e\u4e00\u4e2a\u5171\u4eab\u96c6\u7fa4\u3002
\u5728\u5e94\u7528\u5de5\u4f5c\u53f0\u9009\u62e9\u5de5\u4f5c\u7a7a\u95f4 ws01 \u548c\u5171\u4eab\u96c6\u7fa4\uff0c\u521b\u5efa\u547d\u540d\u7a7a\u95f4 ns01\u3002
\u524d\u63d0\uff1a\u5de5\u4f5c\u7a7a\u95f4 ws01 \u5df2\u65b0\u589e\u5171\u4eab\u96c6\u7fa4\uff0c\u64cd\u4f5c\u8005\u4e3a Workspace Admin + Kpanda Owner \u6216 Admin \u89d2\u8272\u3002
\u4ee5\u4e0b\u4e24\u79cd\u7ed1\u5b9a\u65b9\u5f0f\u7684\u6548\u679c\u76f8\u540c\u3002
\u5728\u5bb9\u5668\u7ba1\u7406\u4e2d\u5c06\u521b\u5efa\u7684\u547d\u540d\u7a7a\u95f4 ns01 \u7ed1\u5b9a\u5230 ws01
\u5728\u5168\u5c40\u7ba1\u7406\u4e2d\uff0c\u5c06\u547d\u540d\u7a7a\u95f4 ns01 \u7ed1\u5b9a\u5230 ws01
\u4ee5\u4e0b\u4e24\u79cd\u89e3\u7ed1\u65b9\u5f0f\u7684\u6548\u679c\u76f8\u540c\u3002
\u5728\u5bb9\u5668\u7ba1\u7406\u4e2d\u5c06\u547d\u540d\u7a7a\u95f4 ns01 \u4ece\u5de5\u4f5c\u7a7a\u95f4 ws01 \u89e3\u7ed1
\u5728\u5168\u5c40\u7ba1\u7406\u4e2d\u5c06\u547d\u540d\u7a7a\u95f4 ns01 \u4ece\u5de5\u4f5c\u7a7a\u95f4 ws01 \u89e3\u7ed1
\u8d44\u6e90\u7ec4\u4e0e\u5171\u4eab\u8d44\u6e90\u5747\u652f\u6301\u7ed1\u5b9a\u96c6\u7fa4\uff0c\u4f46\u4f7f\u7528\u4e0a\u5b58\u5728\u5f88\u5927\u533a\u522b\u3002
"},{"location":"admin/ghippo/workspace/res-gp-and-shared-res.html#_2","title":"\u4f7f\u7528\u573a\u666f\u533a\u522b","text":"\u8bf4\u660e\uff1a\u5728\u8be5\u573a\u666f\u4e2d\uff0c\u9700\u8981\u5e73\u53f0\u7ba1\u7406\u5458\u5bf9\u4e8c\u7ea7\u4f9b\u5e94\u5546\u8fdb\u884c\u8d44\u6e90\u9650\u5236\uff0c\u6682\u65f6\u8fd8\u4e0d\u652f\u6301\u4e00\u7ea7\u4f9b\u5e94\u5546\u9650\u5236\u4e8c\u7ea7\u4f9b\u5e94\u5546\u7684\u96c6\u7fa4\u989d\u5ea6\u3002
"},{"location":"admin/ghippo/workspace/res-gp-and-shared-res.html#_3","title":"\u96c6\u7fa4\u989d\u5ea6\u7684\u4f7f\u7528\u533a\u522b","text":"\u5728\u8d44\u6e90\u7ec4/\u5171\u4eab\u8d44\u6e90\u7ed1\u5b9a\u96c6\u7fa4\u540e\u90fd\u53ef\u4ee5\u524d\u5f80\u5e94\u7528\u5de5\u4f5c\u53f0\u521b\u5efa\u547d\u540d\u7a7a\u95f4\uff0c\u521b\u5efa\u540e\u547d\u540d\u7a7a\u95f4\u5c06\u81ea\u52a8\u7ed1\u5b9a\u5230\u5de5\u4f5c\u7a7a\u95f4\u3002
"},{"location":"admin/ghippo/workspace/workspace.html","title":"\u521b\u5efa/\u5220\u9664\u5de5\u4f5c\u7a7a\u95f4","text":"\u5de5\u4f5c\u7a7a\u95f4\u662f\u4e00\u79cd\u8d44\u6e90\u8303\u7574\uff0c\u4ee3\u8868\u4e00\u79cd\u8d44\u6e90\u5c42\u7ea7\u5173\u7cfb\u3002 \u5de5\u4f5c\u7a7a\u95f4\u53ef\u4ee5\u5305\u542b\u96c6\u7fa4\u3001\u547d\u540d\u7a7a\u95f4\u3001\u6ce8\u518c\u4e2d\u5fc3\u7b49\u8d44\u6e90\u3002 \u901a\u5e38\u4e00\u4e2a\u5de5\u4f5c\u7a7a\u95f4\u5bf9\u5e94\u4e00\u4e2a\u9879\u76ee\uff0c\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u5de5\u4f5c\u7a7a\u95f4\u5206\u914d\u4e0d\u540c\u7684\u8d44\u6e90\uff0c\u6307\u6d3e\u4e0d\u540c\u7684\u7528\u6237\u548c\u7528\u6237\u7ec4\u3002
\u53c2\u7167\u4ee5\u4e0b\u6b65\u9aa4\u521b\u5efa\u4e00\u4e2a\u5de5\u4f5c\u7a7a\u95f4\u3002
\u4f7f\u7528 admin/folder admin \u89d2\u8272\u7684\u7528\u6237\u767b\u5f55 AI \u7b97\u529b\u5e73\u53f0\uff0c\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u5e95\u90e8\u7684 \u5168\u5c40\u7ba1\u7406 -> \u5de5\u4f5c\u7a7a\u95f4\u4e0e\u5c42\u7ea7 \u3002
\u70b9\u51fb\u53f3\u4e0a\u89d2\u7684 \u521b\u5efa\u5de5\u4f5c\u7a7a\u95f4 \u6309\u94ae\u3002
\u586b\u5199\u5de5\u4f5c\u7a7a\u95f4\u540d\u79f0\u3001\u6240\u5c5e\u6587\u4ef6\u5939\u7b49\u4fe1\u606f\u540e\uff0c\u70b9\u51fb \u786e\u5b9a \uff0c\u5b8c\u6210\u521b\u5efa\u5de5\u4f5c\u7a7a\u95f4\u3002
Tip
\u521b\u5efa\u6210\u529f\u540e\u5de5\u4f5c\u7a7a\u95f4\u540d\u79f0\u5c06\u663e\u793a\u5728\u5de6\u4fa7\u7684\u6811\u72b6\u7ed3\u6784\u4e2d\uff0c\u4ee5\u4e0d\u540c\u7684\u56fe\u6807\u8868\u793a\u6587\u4ef6\u5939\u548c\u5de5\u4f5c\u7a7a\u95f4\u3002
Note
\u9009\u4e2d\u67d0\u4e00\u4e2a\u5de5\u4f5c\u7a7a\u95f4\u6216\u6587\u4ef6\u5939\uff0c\u70b9\u51fb\u53f3\u4fa7\u7684 ... \u53ef\u4ee5\u8fdb\u884c\u7f16\u8f91\u6216\u5220\u9664\u3002
\u5de5\u4f5c\u7a7a\u95f4\u4e0e\u5c42\u7ea7 \u662f\u4e00\u4e2a\u5177\u6709\u5c42\u7ea7\u7684\u8d44\u6e90\u9694\u79bb\u548c\u8d44\u6e90\u5206\u7ec4\u7279\u6027\uff0c\u4e3b\u8981\u89e3\u51b3\u8d44\u6e90\u7edf\u4e00\u6388\u6743\u3001\u8d44\u6e90\u5206\u7ec4\u4ee5\u53ca\u8d44\u6e90\u9650\u989d\u95ee\u9898\u3002
\u5de5\u4f5c\u7a7a\u95f4\u4e0e\u5c42\u7ea7 \u6709\u4e24\u4e2a\u6982\u5ff5\uff1a\u5de5\u4f5c\u7a7a\u95f4\u548c\u6587\u4ef6\u5939\u3002
"},{"location":"admin/ghippo/workspace/ws-folder.html#_2","title":"\u5de5\u4f5c\u7a7a\u95f4","text":"\u5de5\u4f5c\u7a7a\u95f4\u53ef\u901a\u8fc7 \u6388\u6743 \u3001 \u8d44\u6e90\u7ec4 \u548c \u5171\u4eab\u8d44\u6e90 \u6765\u7ba1\u7406\u8d44\u6e90\uff0c\u4f7f\u7528\u6237\uff08\u7528\u6237\u7ec4\uff09\u4e4b\u95f4\u80fd\u591f\u5171\u4eab\u5de5\u4f5c\u7a7a\u95f4\u4e2d\u7684\u8d44\u6e90\u3002
\u8d44\u6e90
\u8d44\u6e90\u5904\u4e8e\u8d44\u6e90\u7ba1\u7406\u6a21\u5757\u5c42\u7ea7\u7ed3\u6784\u7684\u6700\u4f4e\u5c42\u7ea7\uff0c\u8d44\u6e90\u5305\u62ec Cluster\u3001Namespace\u3001Pipeline\u3001\u7f51\u5173\u7b49\u3002 \u6240\u6709\u8fd9\u4e9b\u8d44\u6e90\u7684\u7236\u7ea7\u53ea\u80fd\u662f\u5de5\u4f5c\u7a7a\u95f4\uff0c\u800c\u5de5\u4f5c\u7a7a\u95f4\u4f5c\u4e3a\u8d44\u6e90\u5bb9\u5668\u662f\u4e00\u79cd\u8d44\u6e90\u5206\u7ec4\u5355\u4f4d\u3002
\u5de5\u4f5c\u7a7a\u95f4
\u5de5\u4f5c\u7a7a\u95f4\u901a\u5e38\u4ee3\u6307\u4e00\u4e2a\u9879\u76ee\u6216\u73af\u5883\uff0c\u6bcf\u4e2a\u5de5\u4f5c\u7a7a\u95f4\u7684\u8d44\u6e90\u76f8\u5bf9\u4e8e\u5176\u4ed6\u5de5\u4f5c\u7a7a\u95f4\u4e2d\u7684\u8d44\u6e90\u65f6\u903b\u8f91\u9694\u79bb\u7684\u3002 \u60a8\u53ef\u4ee5\u901a\u8fc7\u5de5\u4f5c\u7a7a\u95f4\u4e2d\u7684\u6388\u6743\uff0c\u6388\u4e88\u7528\u6237\uff08\u7528\u6237\u7ec4\uff09\u540c\u4e00\u7ec4\u8d44\u6e90\u7684\u4e0d\u540c\u8bbf\u95ee\u6743\u9650\u3002
\u4ece\u5c42\u6b21\u7ed3\u6784\u7684\u5e95\u5c42\u7b97\u8d77\uff0c\u5de5\u4f5c\u7a7a\u95f4\u4f4d\u4e8e\u7b2c\u4e00\u5c42\uff0c\u4e14\u5305\u542b\u8d44\u6e90\u3002 \u9664\u5171\u4eab\u8d44\u6e90\u5916\uff0c\u6240\u6709\u8d44\u6e90\u6709\u4e14\u4ec5\u6709\u4e00\u4e2a\u7236\u9879\u3002\u6240\u6709\u5de5\u4f5c\u7a7a\u95f4\u4e5f\u6709\u4e14\u4ec5\u6709\u4e00\u4e2a\u7236\u7ea7\u6587\u4ef6\u5939\u3002
\u8d44\u6e90\u901a\u8fc7\u5de5\u4f5c\u7a7a\u95f4\u8fdb\u884c\u5206\u7ec4\uff0c\u800c\u5de5\u4f5c\u7a7a\u95f4\u4e2d\u5b58\u5728\u4e24\u79cd\u5206\u7ec4\u6a21\u5f0f\uff0c\u5206\u522b\u662f \u8d44\u6e90\u7ec4 \u548c \u5171\u4eab\u8d44\u6e90 \u3002
\u8d44\u6e90\u7ec4
\u4e00\u4e2a\u8d44\u6e90\u53ea\u80fd\u52a0\u5165\u4e00\u4e2a\u8d44\u6e90\u7ec4\uff0c\u8d44\u6e90\u7ec4\u4e0e\u5de5\u4f5c\u7a7a\u95f4\u4e00\u4e00\u5bf9\u5e94\u3002 \u8d44\u6e90\u88ab\u52a0\u5165\u5230\u8d44\u6e90\u7ec4\u540e\uff0cWorkspace Admin \u5c06\u83b7\u5f97\u8d44\u6e90\u7684\u7ba1\u7406\u6743\u9650\uff0c\u76f8\u5f53\u4e8e\u8be5\u8d44\u6e90\u7684\u6240\u6709\u8005\u3002
\u5171\u4eab\u8d44\u6e90
\u800c\u5bf9\u4e8e\u5171\u4eab\u8d44\u6e90\u6765\u8bf4\uff0c\u591a\u4e2a\u5de5\u4f5c\u7a7a\u95f4\u53ef\u4ee5\u5171\u4eab\u540c\u4e00\u4e2a\u6216\u8005\u591a\u4e2a\u8d44\u6e90\u3002 \u8d44\u6e90\u7684\u6240\u6709\u8005\uff0c\u53ef\u4ee5\u9009\u62e9\u5c06\u81ea\u5df1\u62e5\u6709\u7684\u8d44\u6e90\u5171\u4eab\u7ed9\u5de5\u4f5c\u7a7a\u95f4\u4f7f\u7528\uff0c\u4e00\u822c\u5171\u4eab\u65f6\u8d44\u6e90\u6240\u6709\u8005\u4f1a\u9650\u5236\u88ab\u5171\u4eab\u5de5\u4f5c\u7a7a\u95f4\u80fd\u591f\u4f7f\u7528\u7684\u8d44\u6e90\u989d\u5ea6\u3002 \u8d44\u6e90\u88ab\u5171\u4eab\u540e\uff0cWorkspace Admin \u4ec5\u5177\u6709\u8d44\u6e90\u9650\u989d\u4e0b\u7684\u8d44\u6e90\u4f7f\u7528\u6743\u9650\uff0c\u65e0\u6cd5\u7ba1\u7406\u8d44\u6e90\u6216\u8005\u8c03\u6574\u5de5\u4f5c\u7a7a\u95f4\u80fd\u591f\u4f7f\u7528\u7684\u8d44\u6e90\u91cf\u3002
\u540c\u65f6\u5171\u4eab\u8d44\u6e90\u5bf9\u4e8e\u8d44\u6e90\u672c\u8eab\u4e5f\u5177\u6709\u4e00\u5b9a\u7684\u8981\u6c42\uff0c\u53ea\u6709 Cluster\uff08\u96c6\u7fa4\uff09\u8d44\u6e90\u53ef\u4ee5\u88ab\u5171\u4eab\u3002 Cluster Admin \u80fd\u591f\u5c06 Cluster \u8d44\u6e90\u5206\u4eab\u7ed9\u4e0d\u540c\u7684\u5de5\u4f5c\u7a7a\u95f4\u4f7f\u7528\uff0c\u5e76\u4e14\u9650\u5236\u5de5\u4f5c\u7a7a\u95f4\u5728\u6b64 Cluster \u4e0a\u7684\u4f7f\u7528\u989d\u5ea6\u3002
Workspace Admin \u5728\u8d44\u6e90\u9650\u989d\u5185\u80fd\u591f\u521b\u5efa\u591a\u4e2a Namespace\uff0c\u4f46\u662f Namespace \u7684\u8d44\u6e90\u989d\u5ea6\u603b\u548c\u4e0d\u80fd\u8d85\u8fc7 Cluster \u5728\u8be5\u5de5\u4f5c\u7a7a\u95f4\u7684\u8d44\u6e90\u9650\u989d\u3002 \u5bf9\u4e8e Kubernetes \u8d44\u6e90\uff0c\u5f53\u524d\u80fd\u591f\u5206\u4eab\u7684\u8d44\u6e90\u7c7b\u578b\u4ec5\u6709 Cluster\u3002
\u6587\u4ef6\u5939\u53ef\u7528\u4e8e\u6784\u5efa\u4f01\u4e1a\u4e1a\u52a1\u5c42\u7ea7\u5173\u7cfb\u3002
\u6587\u4ef6\u5939\u662f\u5728\u5de5\u4f5c\u7a7a\u95f4\u57fa\u7840\u4e4b\u4e0a\u7684\u8fdb\u4e00\u6b65\u5206\u7ec4\u673a\u5236\uff0c\u5177\u6709\u5c42\u7ea7\u7ed3\u6784\u3002 \u4e00\u4e2a\u6587\u4ef6\u5939\u53ef\u4ee5\u5305\u542b\u5de5\u4f5c\u7a7a\u95f4\u3001\u5176\u4ed6\u6587\u4ef6\u5939\u6216\u4e24\u8005\u7684\u7ec4\u5408\uff0c\u80fd\u591f\u5f62\u6210\u6811\u72b6\u7684\u7ec4\u7ec7\u5173\u7cfb\u3002
\u501f\u52a9\u6587\u4ef6\u5939\u60a8\u53ef\u4ee5\u6620\u5c04\u4f01\u4e1a\u4e1a\u52a1\u5c42\u7ea7\u5173\u7cfb\uff0c\u6309\u7167\u90e8\u95e8\u5bf9\u5de5\u4f5c\u7a7a\u95f4\u8fdb\u884c\u5206\u7ec4\u3002 \u6587\u4ef6\u5939\u4e0d\u76f4\u63a5\u4e0e\u8d44\u6e90\u6302\u94a9\uff0c\u800c\u662f\u901a\u8fc7\u5de5\u4f5c\u7a7a\u95f4\u95f4\u63a5\u5b9e\u73b0\u8d44\u6e90\u5206\u7ec4\u3002
\u6587\u4ef6\u5939\u6709\u4e14\u4ec5\u6709\u4e00\u4e2a\u7236\u7ea7\u6587\u4ef6\u5939\uff0c\u800c\u6839\u6587\u4ef6\u5939\u662f\u5c42\u6b21\u7ed3\u6784\u7684\u6700\u9ad8\u5c42\u7ea7\u3002 \u6839\u6587\u4ef6\u5939\u6ca1\u6709\u7236\u7ea7\uff0c\u6587\u4ef6\u5939\u548c\u5de5\u4f5c\u7a7a\u95f4\u5747\u6302\u9760\u5230\u6839\u6587\u4ef6\u5939\u4e0b\u3002
\u53e6\u5916\uff0c\u7528\u6237\uff08\u7528\u6237\u7ec4\uff09\u5728\u6587\u4ef6\u5939\u4e2d\u80fd\u591f\u901a\u8fc7\u5c42\u7ea7\u7ed3\u6784\u7ee7\u627f\u6765\u81ea\u7236\u9879\u7684\u6743\u9650\u3002 \u7528\u6237\u5728\u5c42\u6b21\u7ed3\u6784\u4e2d\u7684\u6743\u9650\u6765\u81ea\u5f53\u524d\u5c42\u7ea7\u7684\u6743\u9650\u4ee5\u53ca\u7ee7\u627f\u5176\u7236\u9879\u6743\u9650\u7684\u7ec4\u5408\u7ed3\u679c\uff0c\u6743\u9650\u4e4b\u95f4\u662f\u52a0\u5408\u5173\u7cfb\u4e0d\u5b58\u5728\u4e92\u65a5\u3002
"},{"location":"admin/ghippo/workspace/ws-permission.html","title":"\u5de5\u4f5c\u7a7a\u95f4\u6743\u9650\u8bf4\u660e","text":"\u5de5\u4f5c\u7a7a\u95f4\u5177\u6709\u6743\u9650\u6620\u5c04\u548c\u8d44\u6e90\u9694\u79bb\u80fd\u529b\uff0c\u80fd\u591f\u5c06\u7528\u6237/\u7528\u6237\u7ec4\u5728\u5de5\u4f5c\u7a7a\u95f4\u7684\u6743\u9650\u6620\u5c04\u5230\u5176\u4e0b\u7684\u8d44\u6e90\u4e0a\u3002 \u82e5\u7528\u6237/\u7528\u6237\u7ec4\u5728\u5de5\u4f5c\u7a7a\u95f4\u662f Workspace Admin \u89d2\u8272\uff0c\u540c\u65f6\u5de5\u4f5c\u7a7a\u95f4-\u8d44\u6e90\u7ec4\u4e2d\u7ed1\u5b9a\u4e86\u8d44\u6e90 Namespace\uff0c\u5219\u6620\u5c04\u540e\u8be5\u7528\u6237/\u7528\u6237\u7ec4\u5c06\u6210\u4e3a Namespace Admin\u3002
Note
\u5de5\u4f5c\u7a7a\u95f4\u7684\u6743\u9650\u6620\u5c04\u80fd\u529b\u4e0d\u4f1a\u4f5c\u7528\u5230\u5171\u4eab\u8d44\u6e90\u4e0a\uff0c\u56e0\u4e3a\u5171\u4eab\u662f\u5c06\u96c6\u7fa4\u7684\u4f7f\u7528\u6743\u9650\u5171\u4eab\u7ed9\u591a\u4e2a\u5de5\u4f5c\u7a7a\u95f4\uff0c\u800c\u4e0d\u662f\u5c06\u7ba1\u7406\u6743\u9650\u53d7\u8ba9\u7ed9\u5de5\u4f5c\u7a7a\u95f4\uff0c\u56e0\u6b64\u4e0d\u4f1a\u5b9e\u73b0\u6743\u9650\u7ee7\u627f\u548c\u89d2\u8272\u6620\u5c04\u3002
"},{"location":"admin/ghippo/workspace/ws-permission.html#_2","title":"\u5e94\u7528\u573a\u666f","text":"\u901a\u8fc7\u5c06\u8d44\u6e90\u7ed1\u5b9a\u5230\u4e0d\u540c\u7684\u5de5\u4f5c\u7a7a\u95f4\u80fd\u591f\u5b9e\u73b0\u8d44\u6e90\u9694\u79bb\u3002 \u56e0\u6b64\u501f\u52a9\u6743\u9650\u6620\u5c04\u3001\u8d44\u6e90\u9694\u79bb\u548c\u5171\u4eab\u8d44\u6e90\u80fd\u529b\u80fd\u591f\u5c06\u8d44\u6e90\u7075\u6d3b\u5206\u914d\u7ed9\u5404\u4e2a\u5de5\u4f5c\u7a7a\u95f4\uff08\u79df\u6237\uff09\u3002
\u901a\u5e38\u9002\u7528\u4e8e\u4ee5\u4e0b\u4e24\u4e2a\u573a\u666f\uff1a
\u96c6\u7fa4\u4e00\u5bf9\u4e00
\u666e\u901a\u96c6\u7fa4 \u90e8\u95e8/\u79df\u6237\uff08\u5de5\u4f5c\u7a7a\u95f4\uff09 \u7528\u9014 \u96c6\u7fa4 01 A \u7ba1\u7406\u548c\u4f7f\u7528 \u96c6\u7fa4 02 B \u7ba1\u7406\u548c\u4f7f\u7528\u96c6\u7fa4\u4e00\u5bf9\u591a
\u96c6\u7fa4 \u90e8\u95e8/\u79df\u6237\uff08\u5de5\u4f5c\u7a7a\u95f4\uff09 \u8d44\u6e90\u9650\u989d \u96c6\u7fa4 01 A 100 \u6838 CPU B 50 \u6838 CPU\u5047\u5982\u7528\u6237\u5c0f\u660e\uff08\u201c\u5c0f\u660e\u201d\u4ee3\u8868\u4efb\u4f55\u6709\u8d44\u6e90\u7ed1\u5b9a\u9700\u6c42\u7684\u7528\u6237\uff09\u5df2\u7ecf\u5177\u5907\u4e86 Workspace Admin \u89d2\u8272\u6216\u5df2\u901a\u8fc7\u81ea\u5b9a\u4e49\u89d2\u8272\u6388\u6743\uff0c \u540c\u65f6\u81ea\u5b9a\u4e49\u89d2\u8272\u4e2d\u5305\u542b\u5de5\u4f5c\u7a7a\u95f4\u7684\u201c\u8d44\u6e90\u7ed1\u5b9a\u201d\u6743\u9650\uff0c\u5e0c\u671b\u5c06\u67d0\u4e2a\u96c6\u7fa4\u6216\u8005\u67d0\u4e2a\u547d\u540d\u7a7a\u95f4\u7ed1\u5b9a\u5230\u5176\u6240\u5728\u7684\u5de5\u4f5c\u7a7a\u95f4\u4e2d\u3002
\u8981\u5c06\u96c6\u7fa4/\u547d\u540d\u7a7a\u95f4\u8d44\u6e90\u7ed1\u5b9a\u5230\u5de5\u4f5c\u7a7a\u95f4\uff0c\u4e0d\u4ec5\u9700\u8981\u8be5\u5de5\u4f5c\u7a7a\u95f4\u7684\u201c\u8d44\u6e90\u7ed1\u5b9a\u201d\u6743\u9650\uff0c\u8fd8\u9700\u8981 Cluster Admin \u7684\u8d44\u6e90\u6743\u9650\u3002
"},{"location":"admin/ghippo/workspace/wsbind-permission.html#_2","title":"\u7ed9\u5c0f\u660e\u6388\u6743","text":"\u4f7f\u7528\u5e73\u53f0 Admin \u89d2\u8272\uff0c \u5728 \u5de5\u4f5c\u7a7a\u95f4 -> \u6388\u6743 \u9875\u9762\u7ed9\u5c0f\u660e\u6388\u4e88 Workspace Admin \u89d2\u8272\u3002
\u7136\u540e\u5728 \u5bb9\u5668\u7ba1\u7406 -> \u6743\u9650\u7ba1\u7406 \u9875\u9762\uff0c\u901a\u8fc7 \u6dfb\u52a0\u6388\u6743 \u5c06\u5c0f\u660e\u6388\u6743\u4e3a Cluster Admin\u3002
\u4f7f\u7528\u5c0f\u660e\u7684\u8d26\u53f7\u767b\u5f55 AI \u7b97\u529b\u5e73\u53f0\uff0c\u5728 \u5bb9\u5668\u7ba1\u7406 -> \u96c6\u7fa4\u5217\u8868 \u9875\u9762\uff0c\u901a\u8fc7 \u7ed1\u5b9a\u5de5\u4f5c\u7a7a\u95f4 \u529f\u80fd\uff0c \u5c0f\u660e\u53ef\u4ee5\u5c06\u6307\u5b9a\u96c6\u7fa4\u7ed1\u5b9a\u5230\u81ea\u5df1\u7684\u5de5\u4f5c\u7a7a\u95f4\u4e2d\u3002
Note
\u5c0f\u660e\u80fd\u4e14\u53ea\u80fd\u5728\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u5c06\u96c6\u7fa4\u6216\u8005\u8be5\u96c6\u7fa4\u4e0b\u7684\u547d\u540d\u7a7a\u95f4\u7ed1\u5b9a\u5230\u67d0\u4e2a\u5de5\u4f5c\u7a7a\u95f4\uff0c\u65e0\u6cd5\u5728\u5168\u5c40\u7ba1\u7406\u6a21\u5757\u5b8c\u6210\u6b64\u64cd\u4f5c\u3002
\u7ed1\u5b9a\u547d\u540d\u7a7a\u95f4\u5230\u5de5\u4f5c\u7a7a\u95f4\u4e5f\u81f3\u5c11\u9700\u8981 Workspace Admin + Cluster Admin \u6743\u9650\u3002
"},{"location":"admin/host/createhost.html","title":"\u521b\u5efa\u548c\u542f\u52a8\u4e91\u4e3b\u673a","text":"\u7528\u6237\u5b8c\u6210\u6ce8\u518c\uff0c\u4e3a\u5176\u5206\u914d\u4e86\u5de5\u4f5c\u7a7a\u95f4\u3001\u547d\u540d\u7a7a\u95f4\u548c\u8d44\u6e90\u540e\uff0c\u5373\u53ef\u4ee5\u521b\u5efa\u5e76\u542f\u52a8\u4e91\u4e3b\u673a\u3002
"},{"location":"admin/host/createhost.html#_2","title":"\u524d\u7f6e\u6761\u4ef6","text":"\u70b9\u51fb \u521b\u5efa\u4e91\u4e3b\u673a -> \u901a\u8fc7\u6a21\u677f\u521b\u5efa
\u5b9a\u4e49\u7684\u4e91\u4e3b\u673a\u5404\u9879\u914d\u7f6e\u540e\u70b9\u51fb \u4e0b\u4e00\u6b65
\u57fa\u672c\u914d\u7f6e\u6a21\u677f\u914d\u7f6e\u5b58\u50a8\u4e0e\u7f51\u7edc\u914d\u7f6e root \u5bc6\u7801\u6216 ssh \u5bc6\u94a5\u540e\u70b9\u51fb \u786e\u5b9a
\u8fd4\u56de\u4e3b\u673a\u5217\u8868\uff0c\u7b49\u5f85\u72b6\u6001\u53d8\u4e3a \u8fd0\u884c\u4e2d \u4e4b\u540e\uff0c\u53ef\u4ee5\u901a\u8fc7\u53f3\u4fa7\u7684 \u2507 \u542f\u52a8\u4e3b\u673a\u3002
\u4e0b\u4e00\u6b65\uff1a\u4f7f\u7528\u4e91\u4e3b\u673a
"},{"location":"admin/host/usehost.html","title":"\u4f7f\u7528\u4e91\u4e3b\u673a","text":"\u521b\u5efa\u5e76\u542f\u52a8\u4e91\u4e3b\u673a\u4e4b\u540e\uff0c\u7528\u6237\u5c31\u53ef\u4ee5\u5f00\u59cb\u4f7f\u7528\u4e91\u4e3b\u673a\u3002
"},{"location":"admin/host/usehost.html#_2","title":"\u524d\u7f6e\u6761\u4ef6","text":"\u5bfc\u822a\u5230 \u5bb9\u5668\u7ba1\u7406 -> \u5bb9\u5668\u7f51\u7edc -> \u670d\u52a1 \uff0c\u70b9\u51fb\u670d\u52a1\u7684\u540d\u79f0\uff0c\u8fdb\u5165\u670d\u52a1\u8be6\u60c5\u9875\uff0c\u5728\u53f3\u4e0a\u89d2\u70b9\u51fb \u66f4\u65b0
\u66f4\u6539\u7aef\u53e3\u8303\u56f4\u4e3a 30900-30999\uff0c\u4f46\u4e0d\u80fd\u51b2\u7a81\u3002
\u4ee5\u7ec8\u7aef\u7528\u6237\u767b\u5f55 AI \u7b97\u529b\u5e73\u53f0\uff0c\u5bfc\u822a\u5230\u5bf9\u5e94\u7684\u670d\u52a1\uff0c\u67e5\u770b\u8bbf\u95ee\u7aef\u53e3\u3002
\u5728\u5916\u7f51\u4f7f\u7528 SSH \u5ba2\u6237\u7aef\u767b\u5f55\u4e91\u4e3b\u673a
\u81f3\u6b64\uff0c\u4f60\u53ef\u4ee5\u5728\u4e91\u4e3b\u673a\u4e0a\u6267\u884c\u5404\u9879\u64cd\u4f5c\u3002
\u4e0b\u4e00\u6b65\uff1a\u4e91\u8d44\u6e90\u5171\u4eab\uff1a\u914d\u989d\u7ba1\u7406
"},{"location":"admin/insight/alert-center/index.html","title":"\u544a\u8b66\u4e2d\u5fc3","text":"\u544a\u8b66\u4e2d\u5fc3\u662f AI \u7b97\u529b\u5e73\u53f0 \u63d0\u4f9b\u7684\u4e00\u4e2a\u91cd\u8981\u529f\u80fd\uff0c\u5b83\u8ba9\u7528\u6237\u53ef\u4ee5\u901a\u8fc7\u56fe\u5f62\u754c\u9762\u65b9\u4fbf\u5730\u6309\u7167\u96c6\u7fa4\u548c\u547d\u540d\u7a7a\u95f4\u67e5\u770b\u6240\u6709\u6d3b\u52a8\u548c\u5386\u53f2\u544a\u8b66\uff0c \u5e76\u6839\u636e\u544a\u8b66\u7ea7\u522b\uff08\u7d27\u6025\u3001\u8b66\u544a\u3001\u63d0\u793a\uff09\u6765\u641c\u7d22\u544a\u8b66\u3002
\u6240\u6709\u544a\u8b66\u90fd\u662f\u57fa\u4e8e\u9884\u8bbe\u7684\u544a\u8b66\u89c4\u5219\u8bbe\u5b9a\u7684\u9608\u503c\u6761\u4ef6\u89e6\u53d1\u7684\u3002\u5728 AI \u7b97\u529b\u5e73\u53f0\u4e2d\uff0c\u5185\u7f6e\u4e86\u4e00\u4e9b\u5168\u5c40\u544a\u8b66\u7b56\u7565\uff0c\u540c\u65f6\u60a8\u4e5f\u53ef\u4ee5\u968f\u65f6\u521b\u5efa\u3001\u5220\u9664\u544a\u8b66\u7b56\u7565\uff0c\u5bf9\u4ee5\u4e0b\u6307\u6807\u8fdb\u884c\u8bbe\u7f6e\uff1a
\u8fd8\u53ef\u4ee5\u4e3a\u544a\u8b66\u89c4\u5219\u6dfb\u52a0\u6807\u7b7e\u548c\u6ce8\u89e3\u3002\u544a\u8b66\u89c4\u5219\u5206\u4e3a\u6d3b\u8dc3\u548c\u8fc7\u671f\u89c4\u5219\uff0c\u652f\u6301\u542f\u7528/\u7981\u7528\u67d0\u4e9b\u89c4\u5219\u6765\u5b9e\u73b0\u544a\u8b66\u9759\u9ed8\u3002
\u5f53\u8fbe\u5230\u9608\u503c\u6761\u4ef6\u540e\uff0c\u53ef\u4ee5\u914d\u7f6e\u544a\u8b66\u901a\u77e5\u65b9\u5f0f\uff0c\u5305\u62ec\u90ae\u4ef6\u3001\u9489\u9489\u3001\u4f01\u4e1a\u5fae\u4fe1\u3001Webhook \u548c\u77ed\u4fe1\u901a\u77e5\u3002 \u6240\u6709\u901a\u77e5\u7684\u6d88\u606f\u6a21\u677f\u90fd\u53ef\u4ee5\u81ea\u5b9a\u4e49\uff0c\u540c\u65f6\u8fd8\u652f\u6301\u6309\u8bbe\u5b9a\u7684\u95f4\u9694\u65f6\u95f4\u53d1\u9001\u901a\u77e5\u3002
\u6b64\u5916\uff0c\u544a\u8b66\u4e2d\u5fc3\u8fd8\u652f\u6301\u901a\u8fc7\u963f\u91cc\u4e91\u3001\u817e\u8baf\u4e91\u7b49\u63d0\u4f9b\u7684\u77ed\u4fe1\u670d\u52a1\u5c06\u544a\u8b66\u6d88\u606f\u53d1\u9001\u7ed9\u6307\u5b9a\u7528\u6237\uff0c\u5b9e\u73b0\u591a\u79cd\u65b9\u5f0f\u7684\u544a\u8b66\u901a\u77e5\u3002
AI \u7b97\u529b\u5e73\u53f0 \u544a\u8b66\u4e2d\u5fc3\u662f\u4e00\u4e2a\u529f\u80fd\u5f3a\u5927\u7684\u544a\u8b66\u7ba1\u7406\u5e73\u53f0\uff0c\u53ef\u5e2e\u52a9\u7528\u6237\u53ca\u65f6\u53d1\u73b0\u548c\u89e3\u51b3\u96c6\u7fa4\u4e2d\u51fa\u73b0\u7684\u95ee\u9898\uff0c \u63d0\u9ad8\u4e1a\u52a1\u7a33\u5b9a\u6027\u548c\u53ef\u7528\u6027\uff0c\u4fbf\u4e8e\u96c6\u7fa4\u5de1\u68c0\u548c\u6545\u969c\u6392\u67e5\u3002
"},{"location":"admin/insight/alert-center/alert-policy.html","title":"\u544a\u8b66\u7b56\u7565","text":"\u544a\u8b66\u7b56\u7565\u662f\u5728\u53ef\u89c2\u6d4b\u6027\u7cfb\u7edf\u4e2d\u5b9a\u4e49\u7684\u4e00\u7ec4\u89c4\u5219\u548c\u6761\u4ef6\uff0c\u7528\u4e8e\u68c0\u6d4b\u548c\u89e6\u53d1\u8b66\u62a5\uff0c\u4ee5\u4fbf\u5728\u7cfb\u7edf\u51fa\u73b0\u5f02\u5e38\u6216\u8fbe\u5230\u9884\u5b9a\u7684\u9608\u503c\u65f6\u53ca\u65f6\u901a\u77e5\u76f8\u5173\u4eba\u5458\u6216\u7cfb\u7edf\u3002
\u6bcf\u6761\u544a\u8b66\u7b56\u7565\u662f\u4e00\u7ec4\u544a\u8b66\u89c4\u5219\u7684\u96c6\u5408\uff0c\u652f\u6301\u5bf9\u96c6\u7fa4\u3001\u8282\u70b9\u3001\u5de5\u4f5c\u8d1f\u8f7d\u7b49\u8d44\u6e90\u3001\u65e5\u5fd7\u3001\u4e8b\u4ef6\u8bbe\u7f6e\u544a\u8b66\u89c4\u5219\u3002\u5f53\u544a\u8b66\u5bf9\u8c61\u8fbe\u5230\u7b56\u7565\u4e0b\u4efb\u4e00\u89c4\u5219\u8bbe\u5b9a\u7684\u9608\u503c\uff0c\u5219\u4f1a\u81ea\u52a8\u89e6\u53d1\u544a\u8b66\u5e76\u53d1\u9001\u901a\u77e5\u3002
"},{"location":"admin/insight/alert-center/alert-policy.html#_2","title":"\u67e5\u770b\u544a\u8b66\u7b56\u7565","text":"\u5de6\u4fa7\u5bfc\u822a\u680f\u4e2d\uff0c\u9009\u62e9 \u544a\u8b66\u4e2d\u5fc3 -> \u544a\u8b66\u7b56\u7565\u3002
\u70b9\u51fb\u544a\u8b66\u7b56\u7565\u540d\u79f0\u53ef\u67e5\u770b\u7b56\u7565\u7684\u57fa\u672c\u4fe1\u606f\u3001\u89c4\u5219\u4ee5\u53ca\u901a\u77e5\u914d\u7f6e\u3002
\u586b\u5199\u57fa\u672c\u4fe1\u606f\uff0c\u9009\u62e9\u4e00\u4e2a\u6216\u591a\u4e2a\u96c6\u7fa4\u3001\u8282\u70b9\u6216\u5de5\u4f5c\u8d1f\u8f7d\u4e3a\u544a\u8b66\u5bf9\u8c61\u540e\u70b9\u51fb \u4e0b\u4e00\u6b65\u3002
Note
\u5168\u90e8\u96c6\u7fa4\u3001\u8282\u70b9\u6216\u5de5\u4f5c\u8d1f\u8f7d
\uff1a\u521b\u5efa\u7684\u544a\u8b66\u89c4\u5219\u5bf9\u6240\u6709\u5df2\u5b89\u88c5 insight-agent \u7684\u96c6\u7fa4\u751f\u6548\u3002\u5728\u521b\u5efa\u544a\u8b66\u7b56\u7565\u7684\u7b2c\u4e8c\u90e8\u4e2d\uff0c\u70b9\u51fb\u5217\u8868\u53f3\u4e0a\u89d2\u7684\u6dfb\u52a0\u89c4\u5219
\u3002
\u5728\u5f39\u7a97\u4e2d\u521b\u5efa\u544a\u8b66\u89c4\u5219\uff0c\u586b\u5199\u5404\u9879\u53c2\u6570\u540e\u70b9\u51fb \u786e\u5b9a\u3002
Info
\u7cfb\u7edf\u5b9a\u4e49\u4e86\u5185\u7f6e\u6807\u7b7e\uff0c\u82e5\u81ea\u5b9a\u4e49\u6807\u7b7e\u4e0e\u5185\u7f6e\u6807\u7b7e\u7684\u952e
\u503c\u76f8\u540c\uff0c\u5219\u81ea\u5b9a\u4e49\u6807\u7b7e\u4e0d\u751f\u6548\u3002 \u5185\u7f6e\u6807\u7b7e\u6709\uff1aseverity
\u3001rule_id
\uff0csource
\u3001cluster_name
\u3001group_id
\u3001 target_type
\u548c target
\u3002
\u5b8c\u6210\u57fa\u672c\u4fe1\u606f\u7684\u586b\u5199\u540e\uff0c\u70b9\u51fb \u6dfb\u52a0\u89c4\u5219\uff0c\u89c4\u5219\u7c7b\u578b\u9009\u62e9 \u65e5\u5fd7\u89c4\u5219\u3002
Note
\u4ec5\u5f53\u8d44\u6e90\u5bf9\u8c61\u9009\u62e9\u8282\u70b9\u6216\u5de5\u4f5c\u8d1f\u8f7d\u65f6\uff0c\u652f\u6301\u521b\u5efa\u65e5\u5fd7\u89c4\u5219\u3002
\u5b57\u6bb5\u8bf4\u660e\uff1a
\u5b8c\u6210\u57fa\u672c\u4fe1\u606f\u7684\u586b\u5199\u540e\uff0c\u70b9\u51fb \u6dfb\u52a0\u89c4\u5219\uff0c\u89c4\u5219\u7c7b\u578b\u9009\u62e9 \u4e8b\u4ef6\u89c4\u5219\u3002
Note
\u4ec5\u5f53\u8d44\u6e90\u5bf9\u8c61\u9009\u62e9\u5de5\u4f5c\u8d1f\u8f7d\u65f6\uff0c\u652f\u6301\u521b\u5efa\u4e8b\u4ef6\u89c4\u5219\u3002
\u5b57\u6bb5\u8bf4\u660e\uff1a
\u53ef\u70b9\u51fb \u6a21\u677f\u5bfc\u5165\uff0c\u9009\u62e9\u5e73\u53f0\u7ba1\u7406\u5458\u5df2\u521b\u5efa\u597d\u7684\u544a\u8b66\u6a21\u677f\u6279\u91cf\u5bfc\u5165\u544a\u8b66\u89c4\u5219\u3002
\u70b9\u51fb \u4e0b\u4e00\u6b65 \u540e\u914d\u7f6e\u901a\u77e5\u3002
\u914d\u7f6e\u5b8c\u6210\u540e\uff0c\u70b9\u51fb \u786e\u5b9a \u6309\u94ae\uff0c\u8fd4\u56de\u544a\u8b66\u7b56\u7565\u5217\u8868\u3002
Tip
\u65b0\u5efa\u7684\u544a\u8b66\u7b56\u7565\u4e3a \u672a\u89e6\u53d1 \u72b6\u6001\u3002\u4e00\u65e6\u6ee1\u8db3\u89c4\u5219\u4e2d\u7684\u9608\u503c\u6761\u4ef6\u548c\u6301\u7eed\u65f6\u95f4\u540e\uff0c\u5c06\u53d8\u4e3a \u89e6\u53d1\u4e2d \u72b6\u6001\u3002
Warning
\u5220\u9664\u540e\u7684\u544a\u8b66\u7b56\u7565\u5c06\u5b8c\u5168\u6d88\u5931\uff0c\u8bf7\u8c28\u614e\u64cd\u4f5c\u3002
"},{"location":"admin/insight/alert-center/alert-policy.html#yaml","title":"\u901a\u8fc7 YAML \u5bfc\u5165\u544a\u8b66\u7b56\u7565","text":"\u8fdb\u5165\u544a\u8b66\u7b56\u7565\u5217\u8868\uff0c\u70b9\u51fb YAML \u521b\u5efa\u3002
\u96c6\u7fa4\u3001\u547d\u540d\u7a7a\u95f4\u7684\u9009\u62e9\u662f\u4e3a\u4e86\u544a\u8b66\u7b56\u7565\u7684\u7ba1\u7406\u6743\u9650\u3002
\u5fc5\u586b\u8868\u8fbe\u5f0f expr\u3002
\u5bfc\u5165 YAML \u6587\u4ef6\u540e\uff0c\u70b9\u51fb \u9884\u89c8\uff0c\u53ef\u4ee5\u5bf9\u5bfc\u5165\u7684 YAML \u683c\u5f0f\u8fdb\u884c\u9a8c\u8bc1\uff0c\u5e76\u5feb\u901f\u786e\u8ba4\u5bfc\u5165\u7684\u544a\u8b66\u89c4\u5219\u3002
\u544a\u8b66\u6a21\u677f\u53ef\u652f\u6301\u5e73\u53f0\u7ba1\u7406\u5458\u521b\u5efa\u544a\u8b66\u6a21\u677f\u53ca\u89c4\u5219\uff0c\u4e1a\u52a1\u4fa7\u53ef\u4ee5\u76f4\u63a5\u4f7f\u7528\u544a\u8b66\u6a21\u677f\u521b\u5efa\u544a\u8b66\u7b56\u7565\u3002 \u8fd9\u4e2a\u529f\u80fd\u53ef\u4ee5\u51cf\u5c11\u4e1a\u52a1\u4eba\u5458\u5bf9\u544a\u8b66\u89c4\u5219\u7684\u7ba1\u7406\uff0c\u4e14\u53ef\u4ee5\u6839\u636e\u73af\u5883\u5b9e\u9645\u60c5\u51b5\u81ea\u884c\u4fee\u6539\u544a\u8b66\u9608\u503c\u3002
"},{"location":"admin/insight/alert-center/alert-template.html#_2","title":"\u521b\u5efa\u544a\u8b66\u6a21\u677f","text":"\u5de6\u4fa7\u5bfc\u822a\u680f\u4e2d\uff0c\u9009\u62e9\u00a0\u544a\u8b66\u4e2d\u5fc3\u00a0->\u00a0\u544a\u8b66\u7b56\u7565\uff0c\u5355\u51fb\u9876\u90e8\u7684 \u544a\u8b66\u6a21\u677f \u3002
\u70b9\u51fb \u521b\u5efa\u544a\u8b66\u6a21\u677f \uff0c\u8bbe\u7f6e\u544a\u8b66\u6a21\u677f\u7684\u540d\u79f0\u3001\u63cf\u8ff0\u7b49\u4fe1\u606f\u3002
\u53c2\u6570 \u8bf4\u660e \u6a21\u677f\u540d\u79f0 \u540d\u79f0\u53ea\u80fd\u5305\u542b\u5c0f\u5199\u5b57\u6bcd\u3001\u6570\u5b57\u548c\u8fde\u5b57\u7b26\uff08-\uff09\uff0c\u5fc5\u987b\u4ee5\u5c0f\u5199\u5b57\u6bcd\u6216\u6570\u5b57\u5f00\u5934\u548c\u7ed3\u5c3e\uff0c\u6700\u957f 63 \u4e2a\u5b57\u7b26\u3002 \u63cf\u8ff0 \u63cf\u8ff0\u53ef\u5305\u542b\u4efb\u610f\u5b57\u7b26\uff0c\u6700\u957f 256 \u4e2a\u5b57\u7b26\u3002 \u8d44\u6e90\u7c7b\u578b \u7528\u4e8e\u6307\u5b9a\u544a\u8b66\u6a21\u677f\u7684\u5339\u914d\u7c7b\u578b\u3002 \u544a\u8b66\u89c4\u5219 \u652f\u6301\u9884\u5b9a\u4e49\u591a\u4e2a\u544a\u8b66\u89c4\u5219\uff0c\u53ef\u6dfb\u52a0\u6a21\u677f\u89c4\u5219\u3001PromQL \u89c4\u5219\u3002\u70b9\u51fb \u786e\u5b9a \u5b8c\u6210\u521b\u5efa\u540e\u8fd4\u56de\u544a\u8b66\u6a21\u677f\u5217\u8868\uff0c\u70b9\u51fb\u6a21\u677f\u540d\u79f0\u540e\u53ef\u67e5\u770b\u6a21\u677f\u8be6\u60c5\u3002
\u70b9\u51fb\u76ee\u6807\u89c4\u5219\u540e\u7684 \u2507 \uff0c\u70b9\u51fb \u7f16\u8f91\uff0c\u8fdb\u5165\u6291\u5236\u89c4\u5219\u7684\u7f16\u8f91\u9875\u3002
"},{"location":"admin/insight/alert-center/alert-template.html#_4","title":"\u5220\u9664\u544a\u8b66\u6a21\u677f","text":"\u70b9\u51fb\u76ee\u6807\u6a21\u677f\u540e\u4fa7\u7684 \u2507 \uff0c\u70b9\u51fb \u5220\u9664\uff0c\u5728\u8f93\u5165\u6846\u4e2d\u8f93\u5165\u544a\u8b66\u6a21\u677f\u7684\u540d\u79f0\u5373\u53ef\u5220\u9664\u3002
"},{"location":"admin/insight/alert-center/inhibition.html","title":"\u544a\u8b66\u6291\u5236","text":"\u544a\u8b66\u6291\u5236\u4e3b\u8981\u662f\u5bf9\u4e8e\u67d0\u4e9b\u4e0d\u9700\u8981\u7acb\u5373\u5173\u6ce8\u7684\u544a\u8b66\u8fdb\u884c\u4e34\u65f6\u9690\u85cf\u6216\u8005\u964d\u4f4e\u5176\u4f18\u5148\u7ea7\u7684\u4e00\u79cd\u673a\u5236\u3002\u8fd9\u4e2a\u529f\u80fd\u7684\u76ee\u7684\u662f\u4e3a\u4e86\u51cf\u5c11\u4e0d\u5fc5\u8981\u7684\u544a\u8b66\u4fe1\u606f\u5bf9\u8fd0\u7ef4\u4eba\u5458\u7684\u5e72\u6270\uff0c\u4f7f\u4ed6\u4eec\u80fd\u591f\u96c6\u4e2d\u7cbe\u529b\u5904\u7406\u66f4\u91cd\u8981\u7684\u95ee\u9898\u3002
\u544a\u8b66\u6291\u5236\u901a\u8fc7\u5b9a\u4e49\u4e00\u7ec4\u89c4\u5219\u6765\u8bc6\u522b\u548c\u5ffd\u7565\u67d0\u4e9b\u544a\u8b66\uff0c\u5f53\u5b83\u4eec\u5728\u7279\u5b9a\u6761\u4ef6\u4e0b\u53d1\u751f\u65f6\u3002\u4e3b\u8981\u6709\u4ee5\u4e0b\u51e0\u79cd\u60c5\u51b5\uff1a
\u5de6\u4fa7\u5bfc\u822a\u680f\u4e2d\uff0c\u9009\u62e9\u00a0\u544a\u8b66\u4e2d\u5fc3\u00a0->\u00a0\u544a\u8b66\u964d\u566a\uff0c\u5355\u51fb\u9876\u90e8\u7684 \u544a\u8b66\u6291\u5236 \u3002
\u70b9\u51fb \u65b0\u5efa\u6291\u5236\u89c4\u5219 \uff0c\u8bbe\u7f6e\u6291\u5236\u89c4\u5219\u7684\u540d\u79f0\u3001\u89c4\u5219\u7b49\u3002
Note
\u901a\u8fc7\u89c4\u5219\u6807\u7b7e\u548c\u544a\u8b66\u6807\u7b7e\u5b9a\u4e49\u4e00\u7ec4\u89c4\u5219\u6765\u8bc6\u522b\u548c\u5ffd\u7565\u67d0\u4e9b\u544a\u8b66\uff0c\u8fbe\u5230\u907f\u514d\u540c\u4e00\u95ee\u9898\u53ef\u80fd\u4f1a\u89e6\u53d1\u591a\u4e2a\u76f8\u4f3c\u6216\u76f8\u5173\u7684\u544a\u8b66\u7684\u95ee\u9898\u3002
\u53c2\u6570\u65f6\u95f4 \u8bf4\u660e \u6291\u5236\u89c4\u5219\u540d\u79f0 \u6291\u5236\u89c4\u5219\u540d\u79f0\u53ea\u80fd\u5305\u542b\u5c0f\u5199\u5b57\u6bcd\u3001\u6570\u5b57\u548c\u8fde\u5b57\u7b26\uff08-\uff09\uff0c\u5fc5\u987b\u4ee5\u5c0f\u5199\u5b57\u6bcd\u6216\u6570\u5b57\u5f00\u5934\u548c\u7ed3\u5c3e\uff0c\u6700\u957f 63 \u4e2a\u5b57\u7b26\u3002 \u63cf\u8ff0 \u63cf\u8ff0\u53ef\u5305\u542b\u4efb\u610f\u5b57\u7b26\uff0c\u6700\u957f 256 \u4e2a\u5b57\u7b26\u3002 \u96c6\u7fa4 \u8be5\u6291\u5236\u89c4\u5219\u4f5c\u7528\u7684\u96c6\u7fa4\u3002 \u547d\u540d\u7a7a\u95f4 \u8be5\u6291\u5236\u89c4\u5219\u4f5c\u7528\u7684\u547d\u540d\u7a7a\u95f4\u3002 \u6839\u6e90\u544a\u8b66 \u901a\u8fc7\u586b\u5199\u7684\u6807\u7b7e\u6761\u4ef6\u5339\u914d\u544a\u8b66\uff0c\u4f1a\u5c06\u7b26\u5408\u6240\u6709\u6807\u7b7e\u6761\u4ef6\u7684\u544a\u8b66\u4e0e\u7b26\u5408\u6291\u5236\u6761\u4ef6\u7684\u8fdb\u884c\u5bf9\u6bd4\uff0c\u4e0d\u7b26\u5408\u6291\u5236\u6761\u4ef6\u7684\u544a\u8b66\u5c06\u7167\u5e38\u53d1\u9001\u6d88\u606f\u7ed9\u7528\u6237\u3002 \u53d6\u503c\u8303\u56f4\u8bf4\u660e\uff1a - \u544a\u8b66\u7ea7\u522b\uff1a\u6307\u6807\u6216\u4e8b\u4ef6\u544a\u8b66\u7684\u7ea7\u522b\uff0c\u53ef\u4ee5\u8bbe\u7f6e\u4e3a\uff1a\u7d27\u6025\u3001\u91cd\u8981\u3001\u63d0\u793a\u3002 - \u8d44\u6e90\u7c7b\u578b\uff1a\u544a\u8b66\u5bf9\u8c61\u6240\u5bf9\u5e94\u7684\u8d44\u6e90\u7c7b\u578b\uff0c\u53ef\u4ee5\u8bbe\u7f6e\u4e3a\uff1a\u96c6\u7fa4\u3001\u8282\u70b9\u3001\u65e0\u72b6\u6001\u8d1f\u8f7d\u3001\u6709\u72b6\u5bb9\u8d1f\u8f7d\u3001\u5b88\u62a4\u8fdb\u7a0b\u3001\u5bb9\u5668\u7ec4\u3002 - \u6807\u7b7e\uff1a\u544a\u8b66\u6807\u8bc6\u5c5e\u6027\uff0c\u7531\u6807\u7b7e\u540d\u548c\u6807\u7b7e\u503c\u6784\u6210\uff0c\u652f\u6301\u7528\u6237\u81ea\u5b9a\u4e49\u3002 \u6291\u5236\u544a\u8b66 \u7528\u4e8e\u6307\u5b9a\u76ee\u6807\u8b66\u62a5\uff08\u5c06\u88ab\u6291\u5236\u7684\u8b66\u62a5\uff09\u7684\u5339\u914d\u6761\u4ef6\uff0c\u7b26\u5408\u6240\u6709\u6807\u7b7e\u6761\u4ef6\u7684\u544a\u8b66\u5c06\u4e0d\u4f1a\u518d\u53d1\u9001\u6d88\u606f\u7ed9\u7528\u6237\u3002 \u5339\u914d\u6807\u7b7e \u7528\u4e8e\u6307\u5b9a\u5e94\u8be5\u6bd4\u8f83\u7684\u6807\u7b7e\u5217\u8868\uff0c\u4ee5\u786e\u5b9a\u6e90\u8b66\u62a5\u548c\u76ee\u6807\u8b66\u62a5\u662f\u5426\u5339\u914d\u3002\u53ea\u6709\u5728\u00a0equal\u00a0\u4e2d\u6307\u5b9a\u7684\u6807\u7b7e\u5728\u6e90\u548c\u76ee\u6807\u8b66\u62a5\u4e2d\u7684\u503c\u5b8c\u5168\u76f8\u540c\u7684\u60c5\u51b5\u4e0b\uff0c\u624d\u4f1a\u89e6\u53d1\u6291\u5236\u3002equal\u00a0\u5b57\u6bb5\u662f\u53ef\u9009\u7684\u3002\u5982\u679c\u7701\u7565\u00a0equal\u00a0\u5b57\u6bb5\uff0c\u5219\u4f1a\u5c06\u6240\u6709\u6807\u7b7e\u7528\u4e8e\u5339\u914d\u70b9\u51fb**\u786e\u5b9a**\u5b8c\u6210\u521b\u5efa\u540e\u8fd4\u56de\u544a\u8b66\u6291\u5236\u5217\u8868\uff0c\u70b9\u51fb\u544a\u8b66\u6291\u5236\u540d\u79f0\u540e\u53ef\u67e5\u770b\u6291\u5236\u89c4\u5219\u8be6\u60c5\u3002
\u70b9\u51fb\u76ee\u6807\u89c4\u5219\u540d\u79f0\uff0c\u67e5\u770b\u89c4\u5219\u8be6\u60c5\uff0c\u67e5\u770b\u5bf9\u5e94\u544a\u8b66\u89c4\u5219\u7684\u6807\u7b7e\u3002
Note
\u5728\u6dfb\u52a0\u89c4\u5219
\u65f6\u53ef\u6dfb\u52a0\u81ea\u5b9a\u4e49\u6807\u7b7e
\u3002
\u70b9\u51fb\u53f3\u4fa7\u5bfc\u822a\u680f\u9009\u62e9\u00a0\u544a\u8b66\u4e2d\u5fc3\u00a0->\u00a0\u544a\u8b66\u5217\u8868 \uff0c\u70b9\u51fb\u544a\u8b66\u6240\u5728\u884c\u67e5\u770b\u544a\u8b66\u8be6\u60c5\u3002
Note
\u544a\u8b66\u6807\u7b7e\u7528\u4e8e\u63cf\u8ff0\u544a\u8b66\u7684\u8be6\u7ec6\u4fe1\u606f\u548c\u5c5e\u6027\uff0c\u53ef\u4ee5\u7528\u6765\u521b\u5efa\u6291\u5236\u89c4\u5219\u3002
\u70b9\u51fb\u76ee\u6807\u89c4\u5219\u540e\u4fa7\u7684 \u2507 \uff0c\u70b9\u51fb \u7f16\u8f91\uff0c\u8fdb\u5165\u6291\u5236\u89c4\u5219\u7684\u7f16\u8f91\u9875\u3002
\u70b9\u51fb\u76ee\u6807\u89c4\u5219\u540e\u4fa7\u7684 \u2507 \uff0c\u70b9\u51fb \u5220\u9664\uff0c\u5728\u8f93\u5165\u6846\u4e2d\u8f93\u5165\u6291\u5236\u89c4\u5219\u7684\u540d\u79f0\u5373\u53ef\u5220\u9664\u3002
"},{"location":"admin/insight/alert-center/message.html","title":"\u901a\u77e5\u914d\u7f6e","text":"\u5728 \u901a\u77e5\u914d\u7f6e \u9875\u9762\uff0c\u53ef\u4ee5\u914d\u7f6e\u901a\u8fc7\u90ae\u4ef6\u3001\u4f01\u4e1a\u5fae\u4fe1\u3001\u9489\u9489\u3001Webhook \u548c\u77ed\u4fe1\u7b49\u65b9\u5f0f\u5411\u7528\u6237\u53d1\u9001\u6d88\u606f\u3002
"},{"location":"admin/insight/alert-center/message.html#_2","title":"\u90ae\u4ef6\u7ec4","text":"\u8fdb\u5165 \u53ef\u89c2\u6d4b\u6027 \u540e\uff0c\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u4e2d\u70b9\u51fb \u544a\u8b66\u4e2d\u5fc3 -> \u901a\u77e5\u914d\u7f6e\uff0c\u9ed8\u8ba4\u4f4d\u4e8e\u90ae\u4ef6\u901a\u77e5\u5bf9\u8c61\u3002
\u70b9\u51fb \u6dfb\u52a0\u90ae\u7bb1\u7ec4\uff0c\u6dfb\u52a0\u4e00\u4e2a\u6216\u591a\u4e2a\u90ae\u4ef6\u5730\u5740\u3002
\u914d\u7f6e\u5b8c\u6210\u540e\u81ea\u52a8\u8fd4\u56de\u901a\u77e5\u5217\u8868\uff0c\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507\uff0c\u53ef\u4ee5\u7f16\u8f91\u6216\u5220\u9664\u90ae\u7bb1\u7ec4\u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u4e2d\u70b9\u51fb \u544a\u8b66\u4e2d\u5fc3 -> \u901a\u77e5\u914d\u7f6e -> \u4f01\u4e1a\u5fae\u4fe1\u3002
\u6709\u5173\u4f01\u4e1a\u5fae\u4fe1\u7fa4\u673a\u5668\u4eba\u7684 URL\uff0c\u8bf7\u53c2\u9605\u4f01\u4e1a\u5fae\u4fe1\u5b98\u65b9\u6587\u6863\uff1a\u5982\u4f55\u4f7f\u7528\u7fa4\u673a\u5668\u4eba\u3002
\u70b9\u51fb \u6dfb\u52a0\u7fa4\u673a\u5668\u4eba\uff0c\u6dfb\u52a0\u4e00\u4e2a\u6216\u591a\u4e2a\u7fa4\u673a\u5668\u4eba\u3002
\u914d\u7f6e\u5b8c\u6210\u540e\u81ea\u52a8\u8fd4\u56de\u901a\u77e5\u5217\u8868\uff0c\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507\uff0c\u9009\u62e9 \u53d1\u9001\u6d4b\u8bd5\u4fe1\u606f\uff0c\u8fd8\u53ef\u4ee5\u7f16\u8f91\u6216\u5220\u9664\u7fa4\u673a\u5668\u4eba\u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u4e2d\u70b9\u51fb \u544a\u8b66\u4e2d\u5fc3 -> \u901a\u77e5\u914d\u7f6e -> \u9489\u9489\uff0c\u70b9\u51fb \u6dfb\u52a0\u7fa4\u673a\u5668\u4eba\uff0c\u6dfb\u52a0\u4e00\u4e2a\u6216\u591a\u4e2a\u7fa4\u673a\u5668\u4eba\u3002
\u6709\u5173\u9489\u9489\u7fa4\u673a\u5668\u4eba\u7684 URL\uff0c\u8bf7\u53c2\u9605\u9489\u9489\u5b98\u65b9\u6587\u6863\uff1a\u81ea\u5b9a\u4e49\u673a\u5668\u4eba\u63a5\u5165\u3002
Note
\u52a0\u7b7e\u7684\u65b9\u5f0f\u662f\u9489\u9489\u673a\u5668\u4eba\u4e0e\u5f00\u53d1\u8005\u53cc\u5411\u8fdb\u884c\u5b89\u5168\u8ba4\u8bc1\uff0c\u82e5\u5728\u521b\u5efa\u9489\u9489\u673a\u5668\u4eba\u65f6\u5f00\u542f\u4e86\u52a0\u7b7e\uff0c\u5219\u9700\u8981\u5728\u6b64\u5904\u8f93\u5165\u9489\u9489\u751f\u6210\u7684\u5bc6\u94a5\u3002 \u53ef\u53c2\u8003\u9489\u9489\u81ea\u5b9a\u4e49\u673a\u5668\u4eba\u5b89\u5168\u8bbe\u7f6e\u3002
\u914d\u7f6e\u5b8c\u6210\u540e\u81ea\u52a8\u8fd4\u56de\u901a\u77e5\u5217\u8868\uff0c\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507\uff0c\u9009\u62e9 \u53d1\u9001\u6d4b\u8bd5\u4fe1\u606f\uff0c\u8fd8\u53ef\u4ee5\u7f16\u8f91\u6216\u5220\u9664\u7fa4\u673a\u5668\u4eba\u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u4e2d\u70b9\u51fb \u544a\u8b66\u4e2d\u5fc3 -> \u901a\u77e5\u914d\u7f6e -> \u98de\u4e66\uff0c\u70b9\u51fb \u6dfb\u52a0\u7fa4\u673a\u5668\u4eba\uff0c\u6dfb\u52a0\u4e00\u4e2a\u6216\u591a\u4e2a\u7fa4\u673a\u5668\u4eba\u3002
Note
\u5f53\u98de\u4e66\u7684\u7fa4\u673a\u5668\u4eba\u5f00\u542f\u7b7e\u540d\u6821\u9a8c\u65f6\uff0c\u6dfb\u52a0\u98de\u4e66\u901a\u77e5\u65f6\u9700\u8981\u586b\u5199\u5bf9\u5e94\u7684\u7b7e\u540d\u5bc6\u94a5\u3002\u8bf7\u67e5\u9605 \u81ea\u5b9a\u4e49\u673a\u5668\u4eba\u4f7f\u7528\u6307\u5357\u3002
\u914d\u7f6e\u5b8c\u6210\u540e\u81ea\u52a8\u8fd4\u56de\u901a\u77e5\u5217\u8868\uff0c\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507\uff0c\u9009\u62e9 \u53d1\u9001\u6d4b\u8bd5\u4fe1\u606f\uff0c\u8fd8\u53ef\u4ee5\u7f16\u8f91\u6216\u5220\u9664\u7fa4\u673a\u5668\u4eba\u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u4e2d\u70b9\u51fb \u544a\u8b66\u4e2d\u5fc3 -> \u901a\u77e5\u914d\u7f6e -> Webhook\u3002
\u6709\u5173 Webhook URL \u53ca\u66f4\u591a\u914d\u7f6e\u65b9\u5f0f\uff0c\u8bf7\u53c2\u9605 webhook \u6587\u6863\u3002
\u70b9\u51fb \u65b0\u5efa Webhook\uff0c\u6dfb\u52a0\u4e00\u4e2a\u6216\u591a\u4e2a Webhook\u3002
HTTP Headers
\uff1a\u975e\u5fc5\u586b\uff0c\u8bbe\u7f6e\u8bf7\u6c42\u5934\u3002\u53ef\u4ee5\u6dfb\u52a0\u591a\u4e2a Headers\u3002
Note
\u6709\u5173 Webhook URL \u53ca\u66f4\u591a\u914d\u7f6e\u65b9\u5f0f\uff0c\u8bf7\u53c2\u9605 webhook \u6587\u6863\u3002
\u914d\u7f6e\u5b8c\u6210\u540e\u81ea\u52a8\u8fd4\u56de\u901a\u77e5\u5217\u8868\uff0c\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507\uff0c\u9009\u62e9 \u53d1\u9001\u6d4b\u8bd5\u4fe1\u606f\uff0c\u8fd8\u53ef\u4ee5\u7f16\u8f91\u6216\u5220\u9664 Webhook\u3002
Note
\u544a\u8b66\u6d88\u606f\u53d1\u9001\u81f3\u7528\u6237\u4e2a\u4eba\u7684\u7ad9\u5185\u4fe1
\uff0c\u70b9\u51fb\u9876\u90e8\u7684 \ud83d\udd14 \u7b26\u53f7\u53ef\u4ee5\u67e5\u770b\u901a\u77e5\u6d88\u606f\u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u4e2d\u70b9\u51fb \u544a\u8b66\u4e2d\u5fc3 -> \u901a\u77e5\u914d\u7f6e -> \u7ad9\u5185\u4fe1\uff0c\u70b9\u51fb\u521b\u5efa\u3002
\u914d\u7f6e\u5b8c\u6210\u540e\u81ea\u52a8\u8fd4\u56de \u7ad9\u5185\u4fe1\u901a\u77e5\u5217\u8868\uff0c\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507\uff0c\u9009\u62e9 \u53d1\u9001\u6d4b\u8bd5\u4fe1\u606f\u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u4e2d\u70b9\u51fb \u544a\u8b66\u4e2d\u5fc3 -> \u901a\u77e5\u914d\u7f6e -> \u77ed\u4fe1\uff0c\u70b9\u51fb \u6dfb\u52a0\u77ed\u4fe1\u7ec4\uff0c\u6dfb\u52a0\u4e00\u4e2a\u6216\u591a\u4e2a\u77ed\u4fe1\u7ec4\u3002
\u5728\u5f39\u7a97\u4e2d\u8f93\u5165\u540d\u79f0\u3001\u63a5\u6536\u77ed\u4fe1\u7684\u5bf9\u8c61\u3001\u624b\u673a\u53f7\u4ee5\u53ca\u901a\u77e5\u670d\u52a1\u5668\u3002
\u901a\u77e5\u670d\u52a1\u5668\u9700\u8981\u9884\u5148\u5728 \u901a\u77e5\u914d\u7f6e -> \u901a\u77e5\u670d\u52a1\u5668 \u4e2d\u6dfb\u52a0\u521b\u5efa\u3002\u76ee\u524d\u652f\u6301\u963f\u91cc\u4e91\u3001\u817e\u8baf\u4e91\u4e24\u79cd\u4e91\u670d\u52a1\u5668\uff0c\u5177\u4f53\u914d\u7f6e\u7684\u53c2\u6570\u8bf7\u53c2\u9605\u81ea\u5df1\u7684\u4e91\u670d\u52a1\u5668\u4fe1\u606f\u3002
\u77ed\u4fe1\u7ec4\u6dfb\u52a0\u6210\u529f\u540e\uff0c\u81ea\u52a8\u8fd4\u56de\u901a\u77e5\u5217\u8868\uff0c\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507\uff0c\u53ef\u4ee5\u7f16\u8f91\u6216\u5220\u9664\u77ed\u4fe1\u7ec4\u3002
\u53ef\u89c2\u6d4b\u6027\u63d0\u4f9b\u81ea\u5b9a\u4e49\u6d88\u606f\u6a21\u677f\u5185\u5bb9\u7684\u80fd\u529b\uff0c\u652f\u6301\u90ae\u4ef6\u3001\u4f01\u4e1a\u5fae\u4fe1\u3001\u9489\u9489\u3001Webhook\u3001\u98de\u4e66\u3001\u7ad9\u5185\u4fe1\u7b49\u4e0d\u540c\u7684\u901a\u77e5\u5bf9\u8c61\u5b9a\u4e49\u4e0d\u540c\u7684\u6d88\u606f\u901a\u77e5\u5185\u5bb9\u3002
"},{"location":"admin/insight/alert-center/msg-template.html#_2","title":"\u521b\u5efa\u6d88\u606f\u6a21\u677f","text":"\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u4e2d\uff0c\u9009\u62e9 \u544a\u8b66\u4e2d\u5fc3 -> \u6d88\u606f\u6a21\u677f\u3002
Insight \u9ed8\u8ba4\u5185\u7f6e\u4e2d\u82f1\u6587\u4e24\u4e2a\u6a21\u677f\uff0c\u4ee5\u4fbf\u7528\u6237\u4f7f\u7528\u3002
\u70b9\u51fb \u65b0\u5efa\u6d88\u606f\u6a21\u677f \u6309\u94ae\uff0c\u586b\u5199\u6a21\u677f\u5185\u5bb9\u3002
Info
\u53ef\u89c2\u6d4b\u6027\u9884\u7f6e\u4e86\u6d88\u606f\u6a21\u677f\u3002\u82e5\u9700\u8981\u5b9a\u4e49\u6a21\u677f\u7684\u5185\u5bb9\uff0c\u8bf7\u53c2\u8003\u914d\u7f6e\u901a\u77e5\u6a21\u677f\u3002
"},{"location":"admin/insight/alert-center/msg-template.html#_3","title":"\u6d88\u606f\u6a21\u677f\u8be6\u60c5","text":"\u70b9\u51fb\u67d0\u4e00\u6d88\u606f\u6a21\u677f\u7684\u540d\u79f0\uff0c\u53f3\u4fa7\u6ed1\u5757\u53ef\u67e5\u770b\u6d88\u606f\u6a21\u677f\u7684\u8be6\u60c5\u3002
\u53c2\u6570 \u53d8\u91cf \u63cf\u8ff0 \u89c4\u5219\u540d\u79f0 {{ .Labels.alertname }} \u89e6\u53d1\u544a\u8b66\u7684\u89c4\u5219\u540d\u79f0 \u7b56\u7565\u540d\u79f0 {{ .Labels.alertgroup }} \u89e6\u53d1\u544a\u8b66\u89c4\u5219\u6240\u5c5e\u7684\u544a\u8b66\u7b56\u7565\u540d\u79f0 \u544a\u8b66\u7ea7\u522b {{ .Labels.severity }} \u89e6\u53d1\u544a\u8b66\u7684\u7ea7\u522b \u96c6\u7fa4 {{ .Labels.cluster }} \u89e6\u53d1\u544a\u8b66\u7684\u8d44\u6e90\u6240\u5728\u7684\u96c6\u7fa4 \u547d\u540d\u7a7a\u95f4 {{ .Labels.namespace }} \u89e6\u53d1\u544a\u8b66\u7684\u8d44\u6e90\u6240\u5728\u7684\u547d\u540d\u7a7a\u95f4 \u8282\u70b9 {{ .Labels.node }} \u89e6\u53d1\u544a\u8b66\u7684\u8d44\u6e90\u6240\u5728\u7684\u8282\u70b9 \u8d44\u6e90\u7c7b\u578b {{ .Labels.target_type }} \u544a\u8b66\u5bf9\u8c61\u7684\u8d44\u6e90\u7c7b\u578b \u8d44\u6e90\u540d\u79f0 {{ .Labels.target }} \u89e6\u53d1\u544a\u8b66\u7684\u5bf9\u8c61\u540d\u79f0 \u89e6\u53d1\u503c {{ .Annotations.value }} \u89e6\u53d1\u544a\u8b66\u901a\u77e5\u65f6\u7684\u6307\u6807\u503c \u53d1\u751f\u65f6\u95f4 {{ .StartsAt }} \u544a\u8b66\u5f00\u59cb\u53d1\u751f\u7684\u65f6\u95f4 \u7ed3\u675f\u65f6\u95f4 {{ .EndsAT }} \u544a\u8b66\u7ed3\u675f\u7684\u65f6\u95f4 \u63cf\u8ff0 {{ .Annotations.description }} \u544a\u8b66\u7684\u8be6\u7ec6\u63cf\u8ff0 \u6807\u7b7e {{ for .labels}} {{end}} \u544a\u8b66\u7684\u6240\u6709\u6807\u7b7e\uff0c\u4f7f\u7528 for \u51fd\u6570\u904d\u5386 labels \u5217\u8868\uff0c\u83b7\u53d6\u544a\u8b66\u7684\u6240\u6709\u6807\u7b7e\u5185\u5bb9\u3002"},{"location":"admin/insight/alert-center/msg-template.html#_4","title":"\u7f16\u8f91\u6216\u5220\u9664\u6d88\u606f\u6a21\u677f","text":"\u5728\u5217\u8868\u53f3\u4fa7\u70b9\u51fb \u2507\uff0c\u5728\u5f39\u51fa\u83dc\u5355\u4e2d\u9009\u62e9 \u7f16\u8f91 \u6216 \u5220\u9664\uff0c\u53ef\u4ee5\u4fee\u6539\u6216\u5220\u9664\u6d88\u606f\u6a21\u677f\u3002
Warning
\u8bf7\u6ce8\u610f\uff0c\u5220\u9664\u6a21\u677f\u540e\u65e0\u6cd5\u6062\u590d\uff0c\u8bf7\u8c28\u614e\u64cd\u4f5c\u3002
"},{"location":"admin/insight/alert-center/silent.html","title":"\u544a\u8b66\u9759\u9ed8","text":"\u544a\u8b66\u9759\u9ed8\u662f\u6307\u5728\u7279\u5b9a\u7684\u65f6\u95f4\u8303\u56f4\u5185\uff0c\u6839\u636e\u5b9a\u4e49\u597d\u7684\u89c4\u5219\u5bf9\u7b26\u5408\u6761\u4ef6\u7684\u544a\u8b66\u4e0d\u518d\u53d1\u9001\u544a\u8b66\u901a\u77e5\u3002\u8be5\u529f\u80fd\u53ef\u4ee5\u5e2e\u52a9\u8fd0\u7ef4\u4eba\u5458\u907f\u514d\u5728\u67d0\u4e9b\u64cd\u4f5c\u6216\u4e8b\u4ef6\u671f\u95f4\u63a5\u6536\u5230\u8fc7\u591a\u7684\u566a\u58f0\u544a\u8b66\uff0c\u540c\u65f6\u4fbf\u4e8e\u66f4\u52a0\u7cbe\u786e\u5730\u5904\u7406\u771f\u6b63\u9700\u8981\u89e3\u51b3\u7684\u95ee\u9898\u3002
\u5728\u544a\u8b66\u9759\u9ed8\u9875\u9762\u4e0a\uff0c\u7528\u6237\u53ef\u4ee5\u770b\u5230\u4e24\u4e2a\u9875\u7b7e\uff1a\u6d3b\u8dc3\u89c4\u5219\u548c\u8fc7\u671f\u89c4\u5219\u3002 \u5176\u4e2d\uff0c\u6d3b\u8dc3\u89c4\u5219\u8868\u793a\u76ee\u524d\u6b63\u5728\u751f\u6548\u7684\u89c4\u5219\uff0c\u800c\u8fc7\u671f\u89c4\u5219\u5219\u662f\u4ee5\u524d\u5b9a\u4e49\u8fc7\u4f46\u5df2\u7ecf\u8fc7\u671f\uff08\u6216\u8005\u7528\u6237\u4e3b\u52a8\u5220\u9664\uff09\u7684\u89c4\u5219\u3002
"},{"location":"admin/insight/alert-center/silent.html#_2","title":"\u64cd\u4f5c\u6b65\u9aa4","text":"\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u4e2d\uff0c\u9009\u62e9 \u544a\u8b66\u4e2d\u5fc3 -> \u544a\u8b66\u9759\u9ed8 ,\u70b9\u51fb \u65b0\u5efa\u9759\u9ed8\u89c4\u5219 \u6309\u94ae\u3002
\u586b\u5199\u9759\u9ed8\u89c4\u5219\u7684\u5404\u9879\u53c2\u6570\uff0c\u5982\u96c6\u7fa4\u3001\u547d\u540d\u7a7a\u95f4\u3001\u6807\u7b7e\u3001\u65f6\u95f4\u7b49\uff0c\u4ee5\u5b9a\u4e49\u8fd9\u6761\u89c4\u5219\u7684\u4f5c\u7528\u8303\u56f4\u548c\u751f\u6548\u65f6\u95f4\u3002
\u8fd4\u56de\u89c4\u5219\u5217\u8868\uff0c\u5728\u5217\u8868\u53f3\u4fa7\u70b9\u51fb \u2507 \uff0c\u53ef\u4ee5\u7f16\u8f91\u6216\u5220\u9664\u9759\u9ed8\u89c4\u5219\u3002
\u901a\u8fc7\u544a\u8b66\u9759\u9ed8\u529f\u80fd\uff0c\u60a8\u53ef\u4ee5\u7075\u6d3b\u5730\u63a7\u5236\u54ea\u4e9b\u544a\u8b66\u9700\u8981\u88ab\u5ffd\u7565\uff0c\u5728\u4ec0\u4e48\u65f6\u95f4\u6bb5\u5185\u751f\u6548\uff0c\u4ece\u800c\u63d0\u9ad8\u8fd0\u7ef4\u6548\u7387\uff0c\u51cf\u5c11\u8bef\u62a5\u7684\u53ef\u80fd\u6027\u3002
"},{"location":"admin/insight/alert-center/sms-provider.html","title":"\u914d\u7f6e\u901a\u77e5\u670d\u52a1\u5668","text":"\u53ef\u89c2\u6d4b\u6027 Insight \u652f\u6301\u77ed\u4fe1\u901a\u77e5\uff0c\u76ee\u524d\u901a\u8fc7\u96c6\u6210\u963f\u91cc\u4e91\u3001\u817e\u8baf\u4e91\u7684\u77ed\u4fe1\u670d\u52a1\u53d1\u9001\u544a\u8b66\u6d88\u606f\u3002\u672c\u6587\u4ecb\u7ecd\u4e86\u5982\u4f55\u5728 insight \u4e2d\u914d\u7f6e\u77ed\u4fe1\u901a\u77e5\u7684\u670d\u52a1\u5668\u3002\u77ed\u4fe1\u7b7e\u540d\u4e2d\u652f\u6301\u7684\u53d8\u91cf\u4e3a\u6d88\u606f\u6a21\u677f\u4e2d\u7684\u9ed8\u8ba4\u53d8\u91cf\uff0c\u540c\u65f6\u7531\u4e8e\u77ed\u4fe1\u5b57\u6570\u6709\u9650\uff0c\u5efa\u8bae\u9009\u62e9\u8f83\u4e3a\u660e\u786e\u7684\u53d8\u91cf\u3002
\u5982\u4f55\u914d\u7f6e\u77ed\u4fe1\u63a5\u6536\u4eba\u53ef\u53c2\u8003\u6587\u6863\uff1a\u914d\u7f6e\u77ed\u4fe1\u901a\u77e5\u7ec4\u3002
"},{"location":"admin/insight/alert-center/sms-provider.html#_2","title":"\u64cd\u4f5c\u6b65\u9aa4","text":"\u8fdb\u5165 \u544a\u8b66\u4e2d\u5fc3 -> \u901a\u77e5\u914d\u7f6e -> \u901a\u77e5\u670d\u52a1\u5668 \u3002
\u70b9\u51fb \u6dfb\u52a0\u901a\u77e5\u670d\u52a1\u5668 \u3002
\u914d\u7f6e\u963f\u91cc\u4e91\u670d\u52a1\u5668\u3002
\u7533\u8bf7\u963f\u91cc\u4e91\u77ed\u4fe1\u670d\u52a1\uff0c\u8bf7\u53c2\u8003\u963f\u91cc\u4e91\u77ed\u4fe1\u670d\u52a1\u3002
\u5b57\u6bb5\u8bf4\u660e\uff1a
\u8bf7\u53c2\u8003\u963f\u91cc\u4e91\u53d8\u91cf\u89c4\u8303\u3002
Note
\u4e3e\u4f8b\uff1a\u5728\u963f\u91cc\u4e91\u5b9a\u4e49\u7684\u6a21\u677f\u5185\u5bb9\u4e3a\uff1a\\({severity}\uff1a\\) \u88ab\u89e6\u53d1\u3002\u53c2\u6570\u6a21\u677f\u4e2d\u7684\u914d\u7f6e\u53c2\u8003\u4e0a\u56fe\u3002} \u5728 ${startat
\u914d\u7f6e\u817e\u8baf\u4e91\u670d\u52a1\u5668\u3002
\u7533\u8bf7\u817e\u8baf\u4e91\u77ed\u4fe1\u670d\u52a1\uff0c\u8bf7\u53c2\u8003\u817e\u8baf\u4e91\u77ed\u4fe1\u3002
\u5b57\u6bb5\u8bf4\u660e\uff1a
Note
\u4e3e\u4f8b\uff1a\u5728\u817e\u8baf\u4e91\u5b9a\u4e49\u7684\u6a21\u677f\u5185\u5bb9\u4e3a\uff1a{1}\uff1a{2} \u5728 {3} \u88ab\u89e6\u53d1\u3002\u53c2\u6570\u6a21\u677f\u4e2d\u7684\u914d\u7f6e\u53c2\u8003\u4e0a\u56fe\u3002
\u5728\u96c6\u7fa4\u4e2d\u5b89\u88c5 insight-agent \u540e\uff0c insight-agent \u4e2d\u7684 Fluent Bit \u4f1a\u9ed8\u8ba4\u91c7\u96c6\u96c6\u7fa4\u4e2d\u7684\u65e5\u5fd7\uff0c\u5305\u62ec Kubernetes \u4e8b\u4ef6\u65e5\u5fd7\u3001\u8282\u70b9\u65e5\u5fd7\u3001\u5bb9\u5668\u65e5\u5fd7\u7b49\u3002 Fluent Bit \u5df2\u914d\u7f6e\u597d\u5404\u79cd\u65e5\u5fd7\u91c7\u96c6\u63d2\u4ef6\u3001\u76f8\u5173\u7684\u8fc7\u6ee4\u5668\u63d2\u4ef6\u53ca\u65e5\u5fd7\u8f93\u51fa\u63d2\u4ef6\u3002 \u8fd9\u4e9b\u63d2\u4ef6\u7684\u5de5\u4f5c\u72b6\u6001\u51b3\u5b9a\u4e86\u65e5\u5fd7\u91c7\u96c6\u662f\u5426\u6b63\u5e38\u3002 \u4e0b\u9762\u662f\u4e00\u4e2a\u9488\u5bf9 Fluent Bit \u7684\u4eea\u8868\u76d8\uff0c\u5b83\u7528\u6765\u76d1\u63a7\u5404\u4e2a\u96c6\u7fa4\u4e2d Fluent Bit \u7684\u5de5\u4f5c\u60c5\u51b5\u548c\u63d2\u4ef6\u7684\u91c7\u96c6\u3001\u5904\u7406\u3001\u5bfc\u51fa\u65e5\u5fd7\u7684\u60c5\u51b5\u3002
\u4f7f\u7528 AI \u7b97\u529b\u4e2d\u5fc3\u5e73\u53f0\uff0c\u8fdb\u5165 \u53ef\u89c2\u6d4b\u6027 \uff0c\u9009\u62e9\u5de6\u4fa7\u5bfc\u822a\u680f\u7684 \u4eea\u8868\u76d8 \u3002
\u70b9\u51fb\u4eea\u8868\u76d8\u6807\u9898 \u6982\u89c8 \u3002
\u5207\u6362\u5230 insight-system -> Fluent Bit \u4eea\u8868\u76d8\u3002
Fluent Bit \u4eea\u8868\u76d8\u4e0a\u65b9\u6709\u51e0\u4e2a\u9009\u9879\u6846\uff0c\u53ef\u4ee5\u9009\u62e9\u65e5\u5fd7\u91c7\u96c6\u63d2\u4ef6\u3001\u65e5\u5fd7\u8fc7\u6ee4\u63d2\u4ef6\u3001\u65e5\u5fd7\u8f93\u51fa\u63d2\u4ef6\u53ca\u6240\u5728\u96c6\u7fa4\u540d\u3002
\u6b64\u5904\u8bf4\u660e Fluent Bit \u7684\u51e0\u4e2a\u63d2\u4ef6\u3002
\u65e5\u5fd7\u91c7\u96c6\u63d2\u4ef6
input plugin \u63d2\u4ef6\u4ecb\u7ecd \u91c7\u96c6\u76ee\u5f55 tail.kube \u91c7\u96c6\u5bb9\u5668\u65e5\u5fd7 /var/log/containers/*.log tail.kubeevent \u91c7\u96c6 Kubernetes \u4e8b\u4ef6\u65e5\u5fd7 /var/log/containers/-kubernetes-event-exporter.log tail.syslog.dmesg \u91c7\u96c6\u4e3b\u673a dmesg \u65e5\u5fd7 /var/log/dmesg tail.syslog.messages \u91c7\u96c6\u4e3b\u673a\u5e38\u7528\u65e5\u5fd7 /var/log/secure, /var/log/messages, /var/log/syslog,/var/log/auth.log syslog.syslog.RSyslog \u91c7\u96c6 RSyslog \u65e5\u5fd7 systemd.syslog.systemd \u91c7\u96c6 Journald daemon \u65e5\u5fd7 tail.audit_log.k8s \u91c7\u96c6 Kubernetes \u5ba1\u8ba1\u65e5\u5fd7 /var/log//audit/.log tail.audit_log.ghippo \u91c7\u96c6\u5168\u5c40\u7ba1\u7406\u5ba1\u8ba1\u65e5\u5fd7 /var/log/containers/_ghippo-system_audit-log.log tail.skoala-gw \u91c7\u96c6\u5fae\u670d\u52a1\u7f51\u5173\u65e5\u5fd7 /var/log/containers/_skoala-gw.log\u65e5\u5fd7\u8fc7\u6ee4\u63d2\u4ef6
filter plugin \u63d2\u4ef6\u4ecb\u7ecd Lua.audit_log.k8s \u4f7f\u7528 lua \u8fc7\u6ee4\u7b26\u5408\u6761\u4ef6\u7684 Kubernetes \u5ba1\u8ba1\u65e5\u5fd7Note
\u8fc7\u6ee4\u5668\u63d2\u4ef6\u4e0d\u6b62 Lua.audit_log.k8s\uff0c\u8fd9\u91cc\u53ea\u4ecb\u7ecd\u4f1a\u4e22\u5f03\u65e5\u5fd7\u7684\u8fc7\u6ee4\u5668\u3002
\u65e5\u5fd7\u8f93\u51fa\u63d2\u4ef6
output plugin \u63d2\u4ef6\u4ecb\u7ecd es.kube.kubeevent.syslog \u628a Kubernetes \u5ba1\u8ba1\u65e5\u5fd7\u3001\u4e8b\u4ef6\u65e5\u5fd7\uff0csyslog \u65e5\u5fd7\u5199\u5165 ElasticSearch \u96c6\u7fa4 forward.audit_log \u628a Kubernetes \u5ba1\u8ba1\u65e5\u5fd7\u548c\u5168\u5c40\u7ba1\u7406\u7684\u5ba1\u8ba1\u65e5\u5fd7\u53d1\u9001\u5230 \u5168\u5c40\u7ba1\u7406"},{"location":"admin/insight/best-practice/debug-trace.html","title":"\u94fe\u8def\u91c7\u96c6\u6392\u969c\u6307\u5357","text":"\u5728\u5c1d\u8bd5\u6392\u67e5\u94fe\u8def\u6570\u636e\u91c7\u96c6\u7684\u95ee\u9898\u524d\uff0c\u9700\u5148\u7406\u89e3\u94fe\u8def\u6570\u636e\u7684\u4f20\u8f93\u8def\u5f84\uff0c\u4e0b\u9762\u662f\u94fe\u8def\u6570\u636e\u4f20\u8f93\u793a\u610f\u56fe\uff1a
graph TB\n\nsdk[Language proble / SDK] --> workload[Workload cluster otel collector]\n--> otel[Global cluster otel collector]\n--> jaeger[Global cluster jaeger collector]\n--> es[Elasticsearch cluster]\n\nclassDef plain fill:#ddd,stroke:#fff,stroke-width:1px,color:#000;\nclassDef k8s fill:#326ce5,stroke:#fff,stroke-width:1px,color:#fff;\nclassDef cluster fill:#fff,stroke:#bbb,stroke-width:1px,color:#326ce5;\n\nclass sdk,workload,otel,jaeger,es cluster
\u5982\u4e0a\u56fe\u6240\u793a\uff0c\u5728\u4efb\u4e00\u6b65\u9aa4\u4f20\u8f93\u5931\u8d25\u90fd\u4f1a\u5bfc\u81f4\u65e0\u6cd5\u67e5\u8be2\u51fa\u94fe\u8def\u6570\u636e\u3002\u5982\u679c\u60a8\u5728\u5b8c\u6210\u5e94\u7528\u94fe\u8def\u589e\u5f3a\u540e\u53d1\u73b0\u6ca1\u6709\u94fe\u8def\u6570\u636e\uff0c\u8bf7\u6267\u884c\u4ee5\u4e0b\u6b65\u9aa4\uff1a
\u4f7f\u7528 AI \u7b97\u529b\u4e2d\u5fc3\u5e73\u53f0\uff0c\u8fdb\u5165 \u53ef\u89c2\u6d4b\u6027 \uff0c\u9009\u62e9\u5de6\u4fa7\u5bfc\u822a\u680f\u7684 \u4eea\u8868\u76d8 \u3002
\u70b9\u51fb\u4eea\u8868\u76d8\u6807\u9898 \u6982\u89c8 \u3002
\u5207\u6362\u5230 insight-system -> insight tracing debug \u4eea\u8868\u76d8\u3002
\u53ef\u4ee5\u770b\u5230\u8be5\u4eea\u8868\u76d8\u7531\u4e09\u4e2a\u533a\u5757\u7ec4\u6210\uff0c\u5206\u522b\u8d1f\u8d23\u76d1\u63a7\u4e0d\u540c\u96c6\u7fa4\u3001\u4e0d\u540c\u7ec4\u4ef6\u4f20\u8f93\u94fe\u8def\u7684\u6570\u636e\u60c5\u51b5\u3002\u901a\u8fc7\u751f\u6210\u7684\u65f6\u5e8f\u56fe\u8868\uff0c\u68c0\u67e5\u94fe\u8def\u6570\u636e\u4f20\u8f93\u662f\u5426\u5b58\u5728\u95ee\u9898\u3002
workload opentelemetry collector
\u5c55\u793a\u4e0d\u540c\u5de5\u4f5c\u96c6\u7fa4\u7684 opentelemetry collector \u5728\u63a5\u53d7 language probe/SDK \u94fe\u8def\u6570\u636e\uff0c\u53d1\u9001\u805a\u5408\u94fe\u8def\u6570\u636e\u60c5\u51b5\u3002\u53ef\u4ee5\u901a\u8fc7\u5de6\u4e0a\u89d2\u7684 Cluster \u9009\u62e9\u6846\u9009\u62e9\u6240\u5728\u7684\u96c6\u7fa4\u3002
Note
\u6839\u636e\u8fd9\u56db\u5f20\u65f6\u5e8f\u56fe\uff0c\u53ef\u4ee5\u5224\u65ad\u51fa\u8be5\u96c6\u7fa4\u7684 opentelemetry collector \u662f\u5426\u6b63\u5e38\u8fd0\u884c\u3002
global opentelemetry collector
\u5c55\u793a \u5168\u5c40\u670d\u52a1\u96c6\u7fa4 \u7684 opentelemetry collector \u5728\u63a5\u6536 \u5de5\u4f5c\u96c6\u7fa4 \u4e2d otel collector \u94fe\u8def\u6570\u636e\u4ee5\u53ca\u53d1\u9001\u805a\u5408\u94fe\u8def\u6570\u636e\u7684\u60c5\u51b5\u3002
Note
\u5168\u5c40\u670d\u52a1\u96c6\u7fa4 \u7684 opentelemetry collector \u8fd8\u8d1f\u8d23\u53d1\u9001\u6240\u6709\u5de5\u4f5c\u96c6\u7fa4\u7684\u5168\u5c40\u7ba1\u7406\u6a21\u5757\u7684\u5ba1\u8ba1\u65e5\u5fd7\u4ee5\u53ca Kubernetes \u5ba1\u8ba1\u65e5\u5fd7\uff08\u9ed8\u8ba4\u4e0d\u91c7\u96c6\uff09\u5230\u5168\u5c40\u7ba1\u7406\u6a21\u5757\u7684 audit server \u7ec4\u4ef6\u3002
global jaeger collector
\u5c55\u793a \u5168\u5c40\u670d\u52a1\u96c6\u7fa4 \u7684 jaeger collector \u5728\u63a5\u6536 \u5168\u5c40\u670d\u52a1\u96c6\u7fa4 \u4e2d otel collector \u7684\u6570\u636e\uff0c\u5e76\u53d1\u9001\u94fe\u8def\u6570\u636e\u5230 ElasticSearch \u96c6\u7fa4\u7684\u60c5\u51b5\u3002
\u672c\u6587\u5c06\u4ee5 AI \u7b97\u529b\u4e2d\u5fc3\u4e2d\u4e3e\u4f8b\uff0c\u8bb2\u89e3\u5982\u4f55\u901a\u8fc7 Insight \u53d1\u73b0 AI \u7b97\u529b\u4e2d\u5fc3\u4e2d\u5f02\u5e38\u7684\u7ec4\u4ef6\u5e76\u5206\u6790\u51fa\u7ec4\u4ef6\u5f02\u5e38\u7684\u6839\u56e0\u3002
\u672c\u6587\u5047\u8bbe\u4f60\u5df2\u7ecf\u4e86\u89e3 Insight \u7684\u4ea7\u54c1\u529f\u80fd\u6216\u613f\u666f\u3002
"},{"location":"admin/insight/best-practice/find_root_cause.html#_1","title":"\u62d3\u6251\u56fe \u2014 \u4ece\u5b8f\u89c2\u5bdf\u89c9\u5f02\u5e38","text":"\u968f\u7740\u4f01\u4e1a\u5bf9\u5fae\u670d\u52a1\u67b6\u6784\u7684\u5b9e\u8df5\uff0c\u4f01\u4e1a\u4e2d\u7684\u670d\u52a1\u6570\u91cf\u53ef\u80fd\u4f1a\u9762\u4e34\u7740\u6570\u91cf\u591a\u3001\u8c03\u7528\u590d\u6742\u7684\u60c5\u51b5\uff0c\u5f00\u53d1\u6216\u8fd0\u7ef4\u4eba\u5458\u5f88\u96be\u7406\u6e05\u670d\u52a1\u4e4b\u95f4\u7684\u5173\u7cfb\uff0c \u56e0\u6b64\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86\u62d3\u6251\u56fe\u76d1\u63a7\u7684\u529f\u80fd\uff0c\u6211\u4eec\u53ef\u4ee5\u901a\u8fc7\u62d3\u6251\u56fe\u5bf9\u5f53\u524d\u7cfb\u7edf\u4e2d\u8fd0\u884c\u7684\u5fae\u670d\u52a1\u72b6\u51b5\u8fdb\u884c\u521d\u6b65\u8bca\u65ad\u3002
\u5982\u4e0b\u56fe\u6240\u793a\uff0c\u6211\u4eec\u901a\u8fc7\u62d3\u6251\u56fe\u53d1\u73b0\u5176\u4e2d Insight-Server \u8fd9\u4e2a\u8282\u70b9\u7684\u989c\u8272\u4e3a \u7ea2\u8272 \uff0c\u5e76\u5c06\u9f20\u6807\u79fb\u5230\u8be5\u8282\u70b9\u4e0a\uff0c \u53d1\u73b0\u8be5\u8282\u70b9\u7684\u9519\u8bef\u7387\u4e3a 2.11% \u3002\u56e0\u6b64\uff0c\u6211\u4eec\u5e0c\u671b\u67e5\u770b\u66f4\u591a\u7ec6\u8282\u53bb\u627e\u5230\u9020\u6210\u8be5\u670d\u52a1\u9519\u8bef\u7387\u4e0d\u4e3a 0 \u7684\u539f\u56e0:
\u5f53\u7136\uff0c\u6211\u4eec\u4e5f\u53ef\u4ee5\u70b9\u51fb\u6700\u9876\u90e8\u7684\u670d\u52a1\u540d\uff0c\u8fdb\u5165\u5230\u8be5\u670d\u52a1\u7684\u603b\u89c8\u754c\u9762\uff1a
"},{"location":"admin/insight/best-practice/find_root_cause.html#_2","title":"\u670d\u52a1\u603b\u89c8 \u2014 \u5177\u4f53\u5206\u6790\u7684\u5f00\u59cb","text":"\u5f53\u4f60\u9700\u8981\u6839\u636e\u670d\u52a1\u7684\u5165\u53e3\u548c\u51fa\u53e3\u6d41\u91cf\u5206\u522b\u5206\u6790\u7684\u65f6\u5019\uff0c\u4f60\u53ef\u4ee5\u5728\u53f3\u4e0a\u89d2\u8fdb\u884c\u7b5b\u9009\u5207\u6362\uff0c\u7b5b\u9009\u6570\u636e\u4e4b\u540e\uff0c\u6211\u4eec\u53d1\u73b0\u8be5\u670d\u52a1\u6709\u5f88\u591a \u64cd\u4f5c \u5bf9\u5e94\u7684\u9519\u8bef\u7387\u90fd\u4e0d\u4e3a 0. \u6b64\u65f6\uff0c\u6211\u4eec\u53ef\u4ee5\u901a\u8fc7\u70b9\u51fb \u67e5\u770b\u94fe\u8def \u5bf9\u8be5 \u64cd\u4f5c \u5728\u8fd9\u6bb5\u65f6\u95f4\u4ea7\u751f\u7684\u5e76\u8bb0\u5f55\u4e0b\u6765\u7684\u94fe\u8def\u8fdb\u884c\u5206\u6790\uff1a
"},{"location":"admin/insight/best-practice/find_root_cause.html#_3","title":"\u94fe\u8def\u8be6\u60c5 \u2014 \u627e\u5230\u9519\u8bef\u6839\u56e0\uff0c\u6d88\u706d\u5b83\u4eec","text":"\u5728\u94fe\u8def\u5217\u8868\u4e2d\uff0c\u6211\u4eec\u53ef\u4ee5\u901a\u8fc7\u754c\u9762\u76f4\u89c2\u5730\u53d1\u73b0\u94fe\u8def\u5217\u8868\u4e2d\u5b58\u5728\u7740 \u9519\u8bef \u7684\u94fe\u8def\uff08\u4e0a\u56fe\u4e2d\u7ea2\u6846\u5708\u8d77\u6765\u7684\uff09\uff0c\u6211\u4eec\u53ef\u4ee5\u70b9\u51fb\u9519\u8bef\u7684\u94fe\u8def\u67e5\u770b\u94fe\u8def\u8be6\u60c5\uff0c\u5982\u4e0b\u56fe\u6240\u793a\uff1a
\u5728\u94fe\u8def\u56fe\u4e2d\u6211\u4eec\u4e5f\u53ef\u4ee5\u4e00\u773c\u5c31\u53d1\u73b0\u94fe\u8def\u7684\u6700\u540e\u4e00\u6761\u6570\u636e\u662f\u5904\u4e8e \u9519\u8bef \u72b6\u6001\uff0c\u5c06\u5176\u53f3\u8fb9 Logs \u5c55\u5f00\uff0c\u6211\u4eec\u5b9a\u4f4d\u5230\u4e86\u9020\u6210\u8fd9\u6b21\u8bf7\u6c42\u9519\u8bef\u7684\u539f\u56e0\uff1a
\u6839\u636e\u4e0a\u9762\u7684\u5206\u6790\u65b9\u6cd5\uff0c\u6211\u4eec\u4e5f\u53ef\u4ee5\u5b9a\u4f4d\u5230\u5176\u4ed6 \u64cd\u4f5c \u9519\u8bef\u7684\u94fe\u8def\uff1a
"},{"location":"admin/insight/best-practice/find_root_cause.html#_4","title":"\u63a5\u4e0b\u6765 \u2014 \u4f60\u6765\u5206\u6790\uff01","text":""},{"location":"admin/insight/best-practice/grafana-use-db.html","title":"Insight Grafana \u6301\u4e45\u5316\u5230\u6570\u636e\u5e93","text":"Insight \u4f7f\u7528\u4e91\u539f\u751f\u7684 GrafanaOperator
+ CRD
\u7684\u65b9\u5f0f\u6765\u4f7f\u7528 Grafana\u3002\u6211\u4eec\u63a8\u8350\u4f7f\u7528 GrafanaDashboard(CRD) \u6765\u63cf\u8ff0\u4eea\u8868\u76d8\u7684 JSON \u6570\u636e\uff0c\u5373\u901a\u8fc7 GrafanaDashboard
\u6765\u589e\u52a0\u3001\u5220\u9664\u3001\u4fee\u6539\u4eea\u8868\u76d8\u3002
\u56e0\u4e3a Grafana \u9ed8\u8ba4\u4f7f\u7528 SQLite3 \u4f5c\u4e3a\u672c\u5730\u6570\u636e\u5e93\u6765\u5b58\u50a8\u914d\u7f6e\u4fe1\u606f\uff0c\u4f8b\u5982\u7528\u6237\u3001\u4eea\u8868\u76d8\u3001\u544a\u8b66\u7b49\u3002 \u5f53\u7528\u6237\u4ee5 \u7ba1\u7406\u5458\u8eab\u4efd\uff0c\u901a\u8fc7 UI \u521b\u5efa\u6216\u8005\u5bfc\u5165\u4eea\u8868\u76d8\u4e4b\u540e\uff0c\u6570\u636e\u5c06\u4e34\u65f6\u5b58\u50a8\u5728 SQLite3 \u4e2d\u3002 \u5f53 Grafana \u91cd\u542f\u4e4b\u540e\uff0c\u5c06\u91cd\u7f6e\u6240\u6709\u7684\u4eea\u8868\u76d8\u7684\u6570\u636e\uff0c\u5c06\u53ea\u5c55\u793a\u901a\u8fc7 GrafanaDashboard CR \u63cf\u8ff0\u7684\u4eea\u8868\u76d8\u6570\u636e\uff0c\u800c\u901a\u8fc7 UI \u521b\u5efa\uff0c\u5220\u9664\uff0c\u4fee\u6539\u4e5f\u90fd\u5c06\u88ab\u5168\u90e8\u91cd\u7f6e\u3002
Grafana \u652f\u6301\u4f7f\u7528\u5916\u90e8\u7684 MySQL\u3001PostgreSQL \u7b49\u6570\u636e\u5e93\u66ff\u4ee3\u5185\u7f6e\u7684 SQLite3 \u4f5c\u4e3a\u5185\u90e8\u5b58\u50a8\u3002\u672c\u6587\u63cf\u8ff0\u4e86\u5982\u679c\u7ed9 Insight \u63d0\u4f9b\u7684 Grafana \u914d\u7f6e\u5916\u7f6e\u7684\u6570\u636e\u5e93\u3002
"},{"location":"admin/insight/best-practice/grafana-use-db.html#_1","title":"\u4f7f\u7528\u5916\u90e8\u6570\u636e\u5e93","text":"\u7ed3\u5408 Grafana\uff08\u5f53\u524d\u955c\u50cf\u7248\u672c 9.3.14\uff09\u7684\u5b98\u65b9\u6587\u6863\u3002\u6839\u636e\u5982\u4e0b\u6b65\u9aa4\u914d\u7f6e\u4f7f\u7528\u5916\u90e8\u7684\u6570\u636e\u5e93\uff0c\u793a\u4f8b\u4ee5 MySQL \u4e3a\u4f8b\uff1a
\u521d\u59cb\u5316\u6570\u636e\u5e93
\u5728\u6570\u636e\u5e93\u4e2d\u521b\u5efa\u4e00\u4e2a\u65b0\u7684 database \u7ed9 Grafana \u4f7f\u7528\uff0c\u5efa\u8bae\u540d\u79f0\u4e3a grafana
\u914d\u7f6e Grafana \u4f7f\u7528 DB
\u5728 insight-system
\u4e0b\uff0c\u540d\u4e3a insight-grafana-operator-grafana \u7684 Grafana \u7684 CR \u91cc\u7684\u914d\u7f6e\uff1a
apiVersion: integreatly.org/v1alpha1\nkind: Grafana\nmetadata:\n name: insight-grafana-operator-grafana\n namespace: insight-system\nspec:\n baseImage: 10.64.40.50/docker.m.daocloud.io/grafana/grafana:9.3.14\n config:\n // \u5728 config \u7684\u5c3e\u90e8\u8ffd\u52a0\n+ database:\n+ type: mysql # \u652f\u6301 mysql, postgres\n+ host: \"10.6.216.101:30782\" # \u6570\u636e\u5e93\u7684 Endpoint\n+ name: \"grafana\" # \u63d0\u524d\u521b\u5efa\u7684 database\n+ user: \"grafana\"\n+ password: \"grafana_password\"\n
\u5982\u4e0b\u662f\u914d\u7f6e\u5b8c\u6210\u540e\u5728 Grafana \u7684\u914d\u7f6e\u6587\u4ef6 grafana-config \u91cc\u7684\u914d\u7f6e\u4fe1\u606f\u3002
[database]\n host = 10.6.216.101:30782\n name = grafana\n password = grafana_password\n type = mysql\n user = grafana\n
\u5728 insight.yaml \u6dfb\u52a0\u5982\u4e0b\u914d\u7f6e\uff1a
grafana-operator:\n grafana:\n config:\n database:\n type: mysql\n host: \"10.6.216.101:30782\"\n name: \"grafana\"\n user: \"grafana\"\n password: \"grafana_password\"\n
\u5347\u7ea7 insight server\uff0c\u5efa\u8bae\u901a\u8fc7 Helm \u5347\u7ea7\u3002
helm upgrade insight insight/insight \\\n -n insight-system \\\n -f ./insight.yaml \\\n --version ${version}\n
\u901a\u8fc7\u547d\u4ee4\u884c\u8fdb\u884c\u5347\u7ea7\u3002
\u83b7\u53d6 insight Helm \u4e2d\u539f\u6765\u7684\u914d\u7f6e\u3002
helm get values insight -n insight-system -o yaml > insight.yaml\n
\u6307\u5b9a\u539f\u6765\u914d\u7f6e\u6587\u4ef6\u5e76\u4fdd\u5b58 grafana \u6570\u636e\u5e93\u7684\u8fde\u63a5\u4fe1\u606f\u3002
helm upgrade --install \\\n --version ${version} \\\n insight insight/insight -n insight-system \\\n -f ./insight.yaml \\\n --set grafana-operator.grafana.config.database.type=mysql \\\n --set grafana-operator.grafana.config.database.host=10.6.216.101:30782 \\\n --set grafana-operator.grafana.config.database.name=grafana \\\n --set grafana-operator.grafana.config.database.user=grafana \\\n --set grafana-operator.grafana.config.database.password=grafana_password \n
\u7528\u6237\u662f\u5426\u4f1a\u8986\u76d6\u5185\u7f6e\u4eea\u8868\u76d8\uff0c\u5bfc\u81f4\u5347\u7ea7\u5931\u8d25\uff1f
\u56de\u590d\uff1a\u4f1a\u3002\u5f53\u7528\u6237\u7f16\u8f91\u4e86 Dashbaord A\uff08v1.1\uff09\uff0c\u4e14 Insight \u4e5f\u5347\u7ea7\u4e86 Dashboard A\uff08v2.0\uff09\uff0c \u5347\u7ea7\u4e4b\u540e\uff08\u5347\u7ea7\u955c\u50cf\uff09\uff1b\u7528\u6237\u770b\u5230\u5185\u5bb9\u8fd8\u662f v1.1\uff0c\u800c v2.0 \u662f\u4e0d\u4f1a\u66f4\u65b0\u5230\u73af\u5883\u91cc\u3002
\u5f53\u4f7f\u7528 MGR \u6a21\u5f0f MySQL \u65f6\u4f1a\u5b58\u5728\u95ee\u9898\uff0c\u5bfc\u81f4 grafana-deployment \u65e0\u6cd5\u6b63\u5e38\u542f\u52a8\u3002
\u539f\u56e0\uff1a\u8868 alert_rule_tag_v1 \u548c annotation_tag_v2 \u4e2d\u6ca1\u6709\u4e3b\u952e\uff0c\u800c mysql mgr \u5fc5\u987b\u6709\u4e3b\u952e
\u89e3\u51b3\u65b9\u6cd5\uff1a\u5411 alert_rule_tag_v1 \u548c annotation_tag_v2 \u4e34\u65f6\u8868\u6dfb\u52a0\u4e3b\u952e\uff1a
alter table alert_rule_tag_v1\n add constraint alert_rule_tag_v1_pk\n primary key (tag_id, alert_id);\n\nalter table annotation_tag_v2\n add constraint annotation_tag_v2_pk\n primary key (tag_id, annotation_id);\n
\u968f\u7740\u4e1a\u52a1\u53d1\u5c55\uff0c\u8d8a\u6765\u8d8a\u591a\u7684\u5e94\u7528\u4ea7\u751f\u7684\u65e5\u5fd7\u6570\u636e\u4f1a\u8d8a\u6765\u8d8a\u591a\uff0c\u4e3a\u4e86\u4fdd\u8bc1\u7cfb\u7edf\u80fd\u591f\u6b63\u5e38\u91c7\u96c6\u5e76\u5206\u6790\u5e9e\u6742\u7684\u65e5\u5fd7\u6570\u636e\u65f6\uff0c \u4e00\u822c\u505a\u6cd5\u662f\u5f15\u5165 Kafka \u7684\u6d41\u5f0f\u67b6\u6784\u6765\u89e3\u51b3\u5927\u91cf\u6570\u636e\u5f02\u6b65\u91c7\u96c6\u7684\u65b9\u6848\u3002\u91c7\u96c6\u5230\u7684\u65e5\u5fd7\u6570\u636e\u4f1a\u7ecf\u8fc7 Kafka \u6d41\u8f6c\uff0c \u7531\u76f8\u5e94\u7684\u6570\u636e\u6d88\u8d39\u7ec4\u4ef6\u5c06\u6570\u636e\u4ece Kafka \u6d88\u8d39\u5b58\u5165\u5230 Elasticsearch \u4e2d\uff0c\u5e76\u901a\u8fc7 Insight \u8fdb\u884c\u53ef\u89c6\u5316\u5c55\u793a\u4e0e\u5206\u6790\u3002
\u672c\u6587\u5c06\u4ecb\u7ecd\u4ee5\u4e0b\u4e24\u79cd\u65b9\u6848\uff1a
\u5f53\u6211\u4eec\u5728\u65e5\u5fd7\u7cfb\u7edf\u4e2d\u5f15\u5165 Kafka \u4e4b\u540e\uff0c\u6570\u636e\u6d41\u56fe\u5982\u4e0b\u56fe\u6240\u793a\uff1a
\u4e0a\u9762\u4e24\u79cd\u65b9\u6848\u4e2d\u6709\u5171\u901a\u7684\u5730\u65b9\uff0c\u4e0d\u540c\u4e4b\u5904\u5728\u4e8e\u6d88\u8d39 Kafka \u6570\u636e\u7684\u7ec4\u4ef6\uff0c\u540c\u65f6\uff0c\u4e3a\u4e86\u4e0d\u5f71\u54cd Insight \u6570\u636e\u5206\u6790\uff0c \u6211\u4eec\u9700\u8981\u5728\u6d88\u8d39 Kafka \u6570\u636e\u5e76\u5199\u5165\u5230 ES \u7684\u6570\u636e\u548c\u539f\u6765 Fluentbit \u76f4\u63a5\u5199\u5165 ES \u7684\u6570\u636e\u7684\u683c\u5f0f\u4e00\u81f4\u3002
\u9996\u5148\u6211\u4eec\u6765\u770b\u770b Fluentbit \u600e\u4e48\u5c06\u65e5\u5fd7\u5199\u5165 Kafka\uff1a
"},{"location":"admin/insight/best-practice/insight-kafka.html#fluentbit-output","title":"\u4fee\u6539 Fluentbit Output \u914d\u7f6e","text":"\u5f53 Kafka \u96c6\u7fa4\u51c6\u5907\u5c31\u7eea\u4e4b\u540e\uff0c\u6211\u4eec\u9700\u8981\u4fee\u6539 insight-system \u547d\u540d\u7a7a\u95f4\u4e0b ConfigMap \u7684\u5185\u5bb9\uff0c \u65b0\u589e\u4ee5\u4e0b\u4e09\u4e2a Kafka Output \u5e76\u6ce8\u91ca\u539f\u6765\u4e09\u4e2a Elasticsearch Output\uff1a
\u5047\u8bbe Kafka Brokers \u5730\u5740\u4e3a\uff1a insight-kafka.insight-system.svc.cluster.local:9092
[OUTPUT]\n Name kafka\n Match_Regex (?:kube|syslog)\\.(.*)\n Brokers insight-kafka.insight-system.svc.cluster.local:9092\n Topics insight-logs\n format json\n timestamp_key @timestamp\n rdkafka.batch.size 65536\n rdkafka.compression.level 6\n rdkafka.compression.type lz4\n rdkafka.linger.ms 0\n rdkafka.log.connection.close false\n rdkafka.message.max.bytes 2.097152e+06\n rdkafka.request.required.acks 1\n [OUTPUT]\n Name kafka\n Match_Regex (?:skoala-gw)\\.(.*)\n Brokers insight-kafka.insight-system.svc.cluster.local:9092\n Topics insight-gw-skoala\n format json\n timestamp_key @timestamp\n rdkafka.batch.size 65536\n rdkafka.compression.level 6\n rdkafka.compression.type lz4\n rdkafka.linger.ms 0\n rdkafka.log.connection.close false\n rdkafka.message.max.bytes 2.097152e+06\n rdkafka.request.required.acks 1\n [OUTPUT]\n Name kafka\n Match_Regex (?:kubeevent)\\.(.*)\n Brokers insight-kafka.insight-system.svc.cluster.local:9092\n Topics insight-event\n format json\n timestamp_key @timestamp\n rdkafka.batch.size 65536\n rdkafka.compression.level 6\n rdkafka.compression.type lz4\n rdkafka.linger.ms 0\n rdkafka.log.connection.close false\n rdkafka.message.max.bytes 2.097152e+06\n rdkafka.request.required.acks 1\n
\u63a5\u4e0b\u6765\u5c31\u662f\u6d88\u8d39 Kafka \u6570\u636e\u4e4b\u540e\u5199\u5230 ES \u7684\u7ec6\u5fae\u5dee\u522b\u3002 \u6b63\u5982\u672c\u6587\u5f00\u59cb\u7684\u63cf\u8ff0\uff0c\u672c\u6587\u5c06\u4ecb\u7ecd Logstash \u4e0e Vector \u4f5c\u4e3a\u6d88\u8d39 Kafka \u7684\u4e24\u79cd\u65b9\u5f0f\u3002
"},{"location":"admin/insight/best-practice/insight-kafka.html#kafka-elasticsearch_1","title":"\u6d88\u8d39 Kafka \u5e76\u5199\u5165 Elasticsearch","text":"\u5047\u8bbe Elasticsearch \u7684\u5730\u5740\u4e3a\uff1ahttps://mcamel-common-es-cluster-es-http.mcamel-system:9200
\u5982\u679c\u4f60\u5bf9 Logstash \u6280\u672f\u6808\u6bd4\u8f83\u719f\u6089\uff0c\u4f60\u53ef\u4ee5\u7ee7\u7eed\u4f7f\u7528\u8be5\u65b9\u5f0f\u3002
\u5f53\u4f60\u901a\u8fc7 Helm \u90e8\u7f72 Logstash \u7684\u65f6\u5019\uff0c \u5728 logstashPipeline \u4e2d\u589e\u52a0\u5982\u4e0b Pipeline \u5373\u53ef\uff1a
replicas: 3\nresources:\n requests:\n cpu: 100m\n memory: 1536Mi\n limits:\n cpu: 1000m\n memory: 1536Mi\nlogstashConfig:\n logstash.yml: |\n http.host: 0.0.0.0\n xpack.monitoring.enabled: false\nlogstashPipeline:\n insight-event.conf: |\n input {\n kafka {\n add_field => {\"kafka_topic\" => \"insight-event\"}\n topics => [\"insight-event\"] \n bootstrap_servers => \"172.30.120.189:32082\" # kafka\u7684ip \u548c\u7aef\u53e3\n enable_auto_commit => true\n consumer_threads => 1 # \u5bf9\u5e94 partition \u7684\u6570\u91cf\n decorate_events => true\n codec => \"plain\"\n }\n }\n\n filter {\n mutate { gsub => [ \"message\", \"@timestamp\", \"_@timestamp\"] }\n json {source => \"message\"}\n date {\n match => [ \"_@timestamp\", \"UNIX\" ]\n remove_field => \"_@timestamp\"\n remove_tag => \"_timestampparsefailure\"\n }\n mutate {\n remove_field => [\"event\", \"message\"]\n }\n }\n\n output {\n if [kafka_topic] == \"insight-event\" {\n elasticsearch {\n hosts => [\"https://172.30.120.201:32427\"] # elasticsearch \u5730\u5740\n user => 'elastic' # elasticsearch \u7528\u6237\u540d\n ssl => 'true'\n password => '0OWj4D54GTH3xK06f9Gg01Zk' # elasticsearch \u5bc6\u7801\n ssl_certificate_verification => 'false'\n action => \"create\"\n index => \"insight-es-k8s-event-logs-alias\"\n data_stream => \"false\"\n }\n }\n }\n insight-gw-skoala.conf: |\n input {\n kafka {\n add_field => {\"kafka_topic\" => \"insight-gw-skoala\"}\n topics => [\"insight-gw-skoala\"] \n bootstrap_servers => \"172.30.120.189:32082\"\n enable_auto_commit => true\n consumer_threads => 1\n decorate_events => true\n codec => \"plain\"\n }\n }\n\n filter {\n mutate { gsub => [ \"message\", \"@timestamp\", \"_@timestamp\"] }\n json {source => \"message\"}\n date {\n match => [ \"_@timestamp\", \"UNIX\" ]\n remove_field => \"_@timestamp\"\n remove_tag => \"_timestampparsefailure\"\n }\n mutate {\n remove_field => [\"event\", \"message\"]\n }\n }\n\n output {\n if [kafka_topic] == \"insight-gw-skoala\" {\n elasticsearch {\n hosts => [\"https://172.30.120.201:32427\"]\n user => 'elastic'\n ssl => 'true'\n password => '0OWj4D54GTH3xK06f9Gg01Zk'\n ssl_certificate_verification => 'false'\n action => \"create\"\n index => \"skoala-gw-alias\"\n data_stream => \"false\"\n }\n }\n }\n insight-logs.conf: |\n input {\n kafka {\n add_field => {\"kafka_topic\" => \"insight-logs\"}\n topics => [\"insight-logs\"] \n bootstrap_servers => \"172.30.120.189:32082\" \n enable_auto_commit => true\n consumer_threads => 1\n decorate_events => true\n codec => \"plain\"\n }\n }\n\n filter {\n mutate { gsub => [ \"message\", \"@timestamp\", \"_@timestamp\"] }\n json {source => \"message\"}\n date {\n match => [ \"_@timestamp\", \"UNIX\" ]\n remove_field => \"_@timestamp\"\n remove_tag => \"_timestampparsefailure\"\n }\n mutate {\n remove_field => [\"event\", \"message\"]\n }\n }\n\n output {\n if [kafka_topic] == \"insight-logs\" {\n elasticsearch {\n hosts => [\"https://172.30.120.201:32427\"]\n user => 'elastic'\n ssl => 'true'\n password => '0OWj4D54GTH3xK06f9Gg01Zk'\n ssl_certificate_verification => 'false'\n action => \"create\"\n index => \"insight-es-k8s-logs-alias\"\n data_stream => \"false\"\n }\n }\n }\n
"},{"location":"admin/insight/best-practice/insight-kafka.html#vector","title":"\u901a\u8fc7 Vector \u6d88\u8d39","text":"\u5982\u679c\u4f60\u5bf9 Vector \u6280\u672f\u6808\u6bd4\u8f83\u719f\u6089\uff0c\u4f60\u53ef\u4ee5\u7ee7\u7eed\u4f7f\u7528\u8be5\u65b9\u5f0f\u3002
\u5f53\u4f60\u901a\u8fc7 Helm \u90e8\u7f72 Vector \u7684\u65f6\u5019\uff0c\u5f15\u7528\u5982\u4e0b\u89c4\u5219\u7684 Configmap \u914d\u7f6e\u6587\u4ef6\u5373\u53ef\uff1a
metadata:\n name: vector\napiVersion: v1\ndata:\n aggregator.yaml: |\n api:\n enabled: true\n address: '0.0.0.0:8686'\n sources:\n insight_logs_kafka:\n type: kafka\n bootstrap_servers: 'insight-kafka.insight-system.svc.cluster.local:9092'\n group_id: consumer-group-insight\n topics:\n - insight-logs\n insight_event_kafka:\n type: kafka\n bootstrap_servers: 'insight-kafka.insight-system.svc.cluster.local:9092'\n group_id: consumer-group-insight\n topics:\n - insight-event\n insight_gw_skoala_kafka:\n type: kafka\n bootstrap_servers: 'insight-kafka.insight-system.svc.cluster.local:9092'\n group_id: consumer-group-insight\n topics:\n - insight-gw-skoala\n transforms:\n insight_logs_remap:\n type: remap\n inputs:\n - insight_logs_kafka\n source: |2\n . = parse_json!(string!(.message))\n .@timestamp = now()\n insight_event_kafka_remap:\n type: remap\n inputs:\n - insight_event_kafka\n - insight_gw_skoala_kafka\n source: |2\n . = parse_json!(string!(.message))\n .@timestamp = now()\n insight_gw_skoala_kafka_remap:\n type: remap\n inputs:\n - insight_gw_skoala_kafka\n source: |2\n . = parse_json!(string!(.message))\n .@timestamp = now()\n sinks:\n insight_es_logs:\n type: elasticsearch\n inputs:\n - insight_logs_remap\n api_version: auto\n auth:\n strategy: basic\n user: elastic\n password: 8QZJ656ax3TXZqQh205l3Ee0\n bulk:\n index: insight-es-k8s-logs-alias-1418\n endpoints:\n - 'https://mcamel-common-es-cluster-es-http.mcamel-system:9200'\n tls:\n verify_certificate: false\n verify_hostname: false\n insight_es_event:\n type: elasticsearch\n inputs:\n - insight_event_kafka_remap\n api_version: auto\n auth:\n strategy: basic\n user: elastic\n password: 8QZJ656ax3TXZqQh205l3Ee0\n bulk:\n index: insight-es-k8s-event-logs-alias-1418\n endpoints:\n - 'https://mcamel-common-es-cluster-es-http.mcamel-system:9200'\n tls:\n verify_certificate: false\n verify_hostname: false\n insight_es_gw_skoala:\n type: elasticsearch\n inputs:\n - insight_gw_skoala_kafka_remap\n api_version: auto\n auth:\n strategy: basic\n user: elastic\n password: 8QZJ656ax3TXZqQh205l3Ee0\n bulk:\n index: skoala-gw-alias-1418\n endpoints:\n - 'https://mcamel-common-es-cluster-es-http.mcamel-system:9200'\n tls:\n verify_certificate: false\n verify_hostname: false\n
"},{"location":"admin/insight/best-practice/insight-kafka.html#_1","title":"\u68c0\u67e5\u662f\u5426\u6b63\u5e38\u5de5\u4f5c","text":"\u4f60\u53ef\u4ee5\u901a\u8fc7\u67e5\u770b Insight \u65e5\u5fd7\u67e5\u8be2\u754c\u9762\u662f\u5426\u6709\u6700\u65b0\u7684\u6570\u636e\uff0c\u6216\u8005\u67e5\u770b\u539f\u672c Elasticsearch \u7684\u7d22\u5f15\u7684\u6570\u91cf\u6709\u6ca1\u6709\u589e\u957f\uff0c\u589e\u957f\u5373\u4ee3\u8868\u914d\u7f6e\u6210\u529f\u3002
"},{"location":"admin/insight/best-practice/insight-kafka.html#_2","title":"\u53c2\u8003","text":"DeepFlow \u662f\u4e00\u6b3e\u57fa\u4e8e eBPF \u7684\u53ef\u89c2\u6d4b\u6027\u4ea7\u54c1\u3002\u5b83\u7684\u793e\u533a\u7248\u5df2\u7ecf\u88ab\u96c6\u6210\u8fdb Insight \u4e2d\uff0c\u4ee5\u4e0b\u662f\u96c6\u6210\u65b9\u5f0f\u3002
"},{"location":"admin/insight/best-practice/integration_deepflow.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u5b89\u88c5 DeepFlow \u7ec4\u4ef6\u9700\u8981\u7528\u5230\u4e24\u4e2a Chart\uff1a
deepflow
\uff1a\u5305\u542b deepflow-app
\u3001deepflow-server
\u3001deepflow-clickhouse
\u3001deepflow-agent
\u7b49\u7ec4\u4ef6\u3002 \u4e00\u822c deepflow
\u4f1a\u90e8\u7f72\u5728\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4e2d\uff0c\u6240\u4ee5\u5b83\u4e5f\u4e00\u5e76\u5b89\u88c5\u4e86 deepflow-agent
deepflow-agent
\uff1a\u53ea\u5305\u542b\u4e86 deepflow-agent
\u7ec4\u4ef6\uff0c\u7528\u4e8e\u91c7\u96c6 eBPF \u6570\u636e\u5e76\u53d1\u9001\u7ed9 deepflow-server
DeepFlow \u9700\u8981\u5b89\u88c5\u5728\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4e2d\u3002
\u8fdb\u5165 kpanda-global-cluster \u96c6\u7fa4\uff0c\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u5185\u70b9\u51fb Helm \u5e94\u7528 -> Helm \u6a21\u677f \uff0c\u4ed3\u5e93\u9009\u62e9 community \uff0c\u641c\u7d22\u6846\u627e\u5230 deepflow
:
\u70b9\u51fb deepflow \u5361\u7247\u8fdb\u5165\u8be6\u60c5\u9875\uff1a
\u70b9\u51fb \u5b89\u88c5 \uff0c\u8fdb\u5165\u5b89\u88c5\u754c\u9762\uff1a
\u5927\u90e8\u5206 values \u90fd\u6709\u9ed8\u8ba4\u503c\u3002\u5176\u4e2d Clickhouse \u548c Mysql \u90fd\u9700\u8981\u7533\u8bf7\u5b58\u50a8\u5377\uff0c\u5b83\u4eec\u7684\u9ed8\u8ba4\u5927\u5c0f\u90fd\u662f 10Gi \uff0c \u53ef\u4ee5\u901a\u8fc7 persistence \u5173\u952e\u5b57\u641c\u7d22\u5230\u76f8\u5173\u914d\u7f6e\u5e76\u4fee\u6539\u3002
\u914d\u7f6e\u597d\u540e\u5c31\u53ef\u4ee5\u70b9\u51fb \u786e\u5b9a \uff0c\u6267\u884c\u5b89\u88c5\u4e86\u3002
\u5728\u5b89\u88c5 DeepFlow \u540e\uff0c\u8fd8\u9700\u8981\u5728 Insight \u4e2d\u5f00\u542f\u76f8\u5173\u7684\u529f\u80fd\u5f00\u5173\u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u5185\u70b9\u51fb \u914d\u7f6e\u4e0e\u5bc6\u94a5 -> \u914d\u7f6e\u9879 \uff0c \u901a\u8fc7\u641c\u7d22\u6846\u627e\u5230 insight-server-config \u5e76\u8fdb\u884c\u7f16\u8f91\uff1a
\u5728 YAML \u914d\u7f6e\u4e2d\u627e\u5230 eBPF Flow feature \u8fd9\u4e2a\u529f\u80fd\u5f00\u5173\u5e76\u5c06\u5b83\u5f00\u542f:
\u4fdd\u5b58\u66f4\u6539\uff0c\u91cd\u542f insight-server \u540e\uff0cInsight \u4e3b\u754c\u9762\u5c31\u4f1a\u51fa\u73b0 \u7f51\u7edc\u89c2\u6d4b :
DeepFlow Agent \u901a\u8fc7 deepflow-agent
Chart \u6765\u5b89\u88c5\u5728\u5b50\u96c6\u7fa4\u4e2d\uff0c\u7528\u4e8e\u91c7\u96c6\u5b50\u96c6\u7fa4\u7684 eBPF \u89c2\u6d4b\u6570\u636e\u5e76\u4e0a\u62a5\u5230\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4e2d\u3002 \u7c7b\u4f3c\u4e8e\u5b89\u88c5 deepflow
\uff0c\u901a\u8fc7 Helm \u5e94\u7528 -> Helm \u6a21\u677f \uff0c\u4ed3\u5e93\u9009\u62e9 community \uff0c \u901a\u8fc7\u641c\u7d22\u6846\u67e5\u8be2 deepflow-agent
\uff0c\u6309\u6d41\u7a0b\u8fdb\u5165\u5b89\u88c5\u754c\u9762\u3002
\u53c2\u6570\u8bf4\u660e\uff1a
daemonset
Asia/Shanghai
30035
\u914d\u7f6e\u597d\u540e\u70b9\u51fb \u786e\u5b9a \uff0c\u5b8c\u6210\u5b89\u88c5\u3002
"},{"location":"admin/insight/best-practice/integration_deepflow.html#_2","title":"\u4f7f\u7528","text":"\u5728\u6b63\u786e\u5b89\u88c5 DeepFlow \u540e\uff0c\u70b9\u51fb \u7f51\u7edc\u89c2\u6d4b \u5c31\u53ef\u4ee5\u8fdb\u5165 DeepFlow Grafana UI\u3002 \u5b83\u5185\u7f6e\u4e86\u5927\u91cf\u7684 Dashboard \u53ef\u4f9b\u67e5\u770b\u4e0e\u5e2e\u52a9\u5206\u6790\u95ee\u9898\uff0c \u70b9\u51fb DeepFlow Templates \uff0c\u53ef\u4ee5\u6d4f\u89c8\u6240\u6709\u53ef\u4ee5\u67e5\u770b\u7684 Dashboard\uff1a
"},{"location":"admin/insight/best-practice/sw-to-otel.html","title":"\u4f7f\u7528 OpenTelemetry \u96f6\u4ee3\u7801\u63a5\u6536 SkyWalking \u94fe\u8def\u6570\u636e","text":"\u53ef\u89c2\u6d4b\u6027 Insight \u901a\u8fc7 OpenTelemetry \u5c06\u5e94\u7528\u6570\u636e\u8fdb\u884c\u4e0a\u62a5\u3002\u82e5\u60a8\u7684\u5e94\u7528\u5df2\u4f7f\u7528 Skywalking \u6765\u91c7\u96c6\u94fe\u8def\uff0c \u53ef\u53c2\u8003\u672c\u6587\u8fdb\u884c\u96f6\u4ee3\u7801\u6539\u9020\u5c06\u94fe\u8def\u6570\u636e\u63a5\u5165 Insight\u3002
"},{"location":"admin/insight/best-practice/sw-to-otel.html#_1","title":"\u4ee3\u7801\u89e3\u8bfb","text":"\u4e3a\u4e86\u80fd\u517c\u5bb9\u4e0d\u540c\u7684\u5206\u5e03\u5f0f\u8ffd\u8e2a\u5b9e\u73b0\uff0cOpenTelemetry \u63d0\u4f9b\u4e86\u7ec4\u4ef6\u690d\u5165\u7684\u65b9\u5f0f\uff0c\u8ba9\u4e0d\u540c\u7684\u5382\u5546\u80fd\u591f\u7ecf\u7531 OpenTelemetry \u6807\u51c6\u5316\u6570\u636e\u5904\u7406\u540e\u8f93\u51fa\u5230\u4e0d\u540c\u7684\u540e\u7aef\u3002Jaeger \u4e0e Zipkin \u5728\u793e\u533a\u4e2d\u5b9e\u73b0\u4e86 JaegerReceiver\u3001ZipkinReceiver\u3002 \u6211\u4eec\u4e5f\u4e3a\u793e\u533a\u8d21\u732e\u4e86 SkyWalkingReceiver\uff0c\u5e76\u8fdb\u884c\u4e86\u6301\u7eed\u7684\u6253\u78e8\uff0c\u73b0\u5728\u5df2\u7ecf\u5177\u5907\u4e86\u5728\u751f\u4ea7\u73af\u5883\u4e2d\u4f7f\u7528\u7684\u6761\u4ef6\uff0c \u800c\u4e14\u65e0\u9700\u4fee\u6539\u4efb\u4f55\u4e00\u884c\u4e1a\u52a1\u4ee3\u7801\u3002
OpenTelemetry \u4e0e SkyWalking \u6709\u4e00\u4e9b\u5171\u540c\u70b9\uff1a\u90fd\u662f\u4f7f\u7528 Trace \u6765\u5b9a\u4e49\u4e00\u6b21\u8ffd\u8e2a\uff0c\u5e76\u4f7f\u7528 Span \u6765\u6807\u8bb0\u8ffd\u8e2a\u91cc\u7684\u6700\u5c0f\u7c92\u5ea6\u3002 \u4f46\u662f\u5728\u4e00\u4e9b\u7ec6\u8282\u548c\u5b9e\u73b0\u4e0a\u8fd8\u662f\u4f1a\u6709\u5dee\u522b\uff1a
- Skywalking OpenTelemetry \u6570\u636e\u7ed3\u6784 span -> Segment -> Trace Span -> Trace \u5c5e\u6027\u4fe1\u606f Tags Attributes \u5e94\u7528\u65f6\u95f4 Logs Events \u5f15\u7528\u5173\u7cfb References Links\u660e\u786e\u4e86\u8fd9\u4e9b\u5dee\u5f02\u540e\uff0c\u5c31\u53ef\u4ee5\u5f00\u59cb\u5b9e\u73b0\u5c06 SkyWalking Trace \u8f6c\u6362\u4e3a OpenTelemetry Trace\u3002\u4e3b\u8981\u5de5\u4f5c\u5305\u62ec\uff1a
\u5982\u4f55\u6784\u9020 OpenTelemetry \u7684 TraceId \u548c SpanId
\u5982\u4f55\u6784\u9020 OpenTelemetry \u7684 ParentSpanId
\u5982\u4f55\u5728 OpenTelemetry Span \u4e2d\u4fdd\u7559 SkyWalking \u7684\u539f\u59cb TraceId\u3001SegmentId\u3001SpanId
\u9996\u5148\uff0c\u6211\u4eec\u6765\u770b\u5982\u4f55\u6784\u9020 OpenTelemetry \u7684 TraceId \u548c SpanId\u3002SkyWalking \u548c OpenTelemetry \u90fd\u662f\u901a\u8fc7 TraceId \u4e32\u8054\u8d77\u5404\u4e2a\u5206\u5e03\u5f0f\u670d\u52a1\u8c03\u7528\uff0c\u5e76\u901a\u8fc7 SpanId \u6765\u6807\u8bb0\u6bcf\u4e00\u4e2a Span\uff0c\u4f46\u662f\u5b9e\u73b0\u89c4\u683c\u6709\u8f83\u5927\u5dee\u5f02\uff1a
Info
\u4ee3\u7801\u5b9e\u73b0\u89c1 GitHub\uff1a
\u5177\u4f53\u6765\u8bb2\uff0cSkyWalking TraceId \u548c SegmentId \u6240\u6709\u53ef\u80fd\u7684\u683c\u5f0f\u5982\u4e0b\uff1a
\u5176\u4e2d\uff0c\u5728 OpenTelemetry \u534f\u8bae\u91cc\uff0cSpan \u5728\u6240\u6709 Trace \u4e2d\u90fd\u662f\u552f\u4e00\u7684\uff0c\u800c\u5728 SkyWalking \u4e2d\uff0c Span \u4ec5\u5728\u6bcf\u4e2a Segment \u91cc\u662f\u552f\u4e00\u7684\uff0c\u8fd9\u8bf4\u660e\u8981\u901a\u8fc7 SegmentId \u4e0e SpanId \u7ed3\u5408\u624d\u80fd\u5728 SkyWalking \u4e2d\u5bf9 Span \u505a\u552f\u4e00\u6807\u8bc6\uff0c\u5e76\u8f6c\u6362\u4e3a OpenTelemetry \u7684 SpanId\u3002
Info
\u4ee3\u7801\u5b9e\u73b0\u89c1 GitHub\uff1a
\u63a5\u4e0b\u6765\uff0c\u6211\u4eec\u6765\u770b\u5982\u4f55\u6784\u9020 OpenTelemetry \u7684 ParentSpanId\u3002\u5728\u4e00\u4e2a Segment \u5185\u90e8\uff0c SkyWalking \u7684 ParentSpanId \u5b57\u6bb5\u53ef\u76f4\u63a5\u7528\u4e8e\u6784\u9020 OpenTelemetry \u7684 ParentSpanId \u5b57\u6bb5\u3002 \u4f46\u5f53\u4e00\u4e2a Trace \u8de8\u591a\u4e2a Segment \u65f6\uff0cSkyWalking \u662f\u901a\u8fc7 Reference \u4e2d\u7684 ParentTraceSegmentId \u548c ParentSpanId \u8868\u793a\u7684\u5173\u8054\u4fe1\u606f\uff0c\u4e8e\u662f\u6b64\u65f6\u9700\u8981\u901a\u8fc7 Reference \u4e2d\u7684\u4fe1\u606f\u6784\u5efa OpenTelemetry \u7684 ParentSpanId\u3002
\u4ee3\u7801\u5b9e\u73b0\u89c1 GitHub\uff1aSkywalking Receiver
\u6700\u540e\uff0c\u6211\u4eec\u6765\u770b\u5982\u4f55\u5728 OpenTelemetry Span \u4e2d\u4fdd\u7559 SkyWalking \u7684\u539f\u59cb TraceId\u3001SegmentId\u3001SpanId\u3002 \u6211\u4eec\u643a\u5e26\u8fd9\u4e9b\u539f\u59cb\u4fe1\u606f\u662f\u4e3a\u4e86\u80fd\u5c06\u5206\u5e03\u5f0f\u8ffd\u8e2a\u540e\u7aef\u5c55\u73b0\u7684 OpenTelemetry TraceId\u3001SpanId \u4e0e\u5e94\u7528\u7a0b\u5e8f\u65e5\u5fd7\u4e2d\u7684 SkyWalking TraceId\u3001SegmentId\u3001SpanId \u8fdb\u884c\u5173\u8054\uff0c\u6253\u901a\u8ffd\u8e2a\u548c\u65e5\u5fd7\u3002\u6211\u4eec\u9009\u62e9\u5c06 SkyWalking \u4e2d\u539f\u6709\u7684 TraceId\u3001SegmentId\u3001ParentSegmentId \u643a\u5e26\u5230 OpenTelemetry Attributes \u4e2d\u3002
Info
\u4ee3\u7801\u5b9e\u73b0\u89c1 GitHub\uff1a
\u7ecf\u8fc7\u4e0a\u8ff0\u4e00\u7cfb\u5217\u8f6c\u6362\u540e\uff0c\u6211\u4eec\u5c06 SkyWalking Segment Object \u5b8c\u6574\u7684\u8f6c\u6362\u4e3a\u4e86 OpenTelmetry Trace\uff0c\u5982\u4e0b\u56fe\uff1a
"},{"location":"admin/insight/best-practice/sw-to-otel.html#demo","title":"\u90e8\u7f72 Demo","text":"\u4e0b\u9762\u6211\u4eec\u4ee5\u4e00\u4e2a Demo \u6765\u5c55\u793a\u4f7f\u7528 OpenTelemetry \u6536\u96c6\u3001\u5c55\u793a SkyWalking \u8ffd\u8e2a\u6570\u636e\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002
\u9996\u5148\uff0c\u5728\u90e8\u7f72 OpenTelemetry Agent \u4e4b\u540e\uff0c\u5f00\u542f\u5982\u4e0b\u914d\u7f6e\uff0c\u5373\u53ef\u5728 OpenTelemetry \u4e2d\u62e5\u6709\u517c\u5bb9 SkyWalking \u534f\u8bae\u7684\u80fd\u529b\uff1a
# otel-agent config\nreceivers:\n # add the following config\n skywalking:\n protocols:\n grpc:\n endpoint: 0.0.0.0:11800 # \u63a5\u6536 SkyWalking Agent \u4e0a\u62a5\u7684 Trace \u6570\u636e\n http: \n endpoint: 0.0.0.0:12800 # \u63a5\u6536\u4ece\u524d\u7aef/ nginx \u7b49 HTTP \u534f\u8bae\u4e0a\u62a5\u7684 Trace \u6570\u636e\nservice: \n pipelines: \n traces: \n # add receiver __skywalking__ \n receivers: [skywalking]\n\n# otel-agent service yaml\nspec:\n ports: \n - name: sw-http\n port: 12800 \n protocol: TCP \n targetPort: 12800 \n - name: sw-grpc \n port: 11800 \n protocol: TCP \n targetPort: 11800\n
\u63a5\u4e0b\u6765\u9700\u8981\u5c06\u4e1a\u52a1\u5e94\u7528\u5bf9\u63a5\u7684 SkyWalking OAP Service\uff08\u5982 oap:11800\uff09\u4fee\u6539\u4e3a OpenTelemetry Agent Service\uff08\u5982 otel-agent:11800\uff09\uff0c \u5c31\u53ef\u4ee5\u5f00\u59cb\u4f7f\u7528 OpenTelemetry \u63a5\u6536 SkyWalking \u63a2\u9488\u7684\u8ffd\u8e2a\u6570\u636e\u4e86\u3002
\u6211\u4eec\u4ee5 SkyWalking-showcase Demo \u4e3a\u4f8b\u5c55\u793a\u6574\u4e2a\u6548\u679c\u3002\u5b83\u4f7f\u7528 SkyWalking Agent \u505a\u8ffd\u8e2a\uff0c\u901a\u8fc7 OpenTelemetry \u6807\u51c6\u5316\u5904\u7406\u540e\u4f7f\u7528 Jaeger \u6765\u5448\u73b0\u6700\u7ec8\u6548\u679c\uff1a
\u901a\u8fc7 SkyWalking Showcase \u7684\u67b6\u6784\u56fe\uff0c\u53ef\u77e5 SkyWalking \u7684\u6570\u636e\u7ecf\u8fc7 OpenTelemetry \u6807\u51c6\u5316\u540e\uff0c\u4f9d\u7136\u5b8c\u6574\u3002\u5728\u8fd9\u4e2a Trace \u91cc\uff0c \u8bf7\u6c42\u4ece app/homepage \u53d1\u8d77\uff0c\u4e4b\u540e\u5728 app \u540c\u65f6\u53d1\u8d77\u4e24\u4e2a\u8bf7\u6c42 /rcmd/\u4e0e/songs/top\uff0c\u5206\u53d1\u5230 recommandation/songs \u4e24\u4e2a\u670d\u52a1\u4e2d\uff0c \u5e76\u6700\u7ec8\u5230\u8fbe\u6570\u636e\u5e93\u8fdb\u884c\u67e5\u8be2\uff0c\u4ece\u800c\u5b8c\u6210\u6574\u4e2a\u8bf7\u6c42\u94fe\u8def\u3002
\u53e6\u5916\uff0c\u6211\u4eec\u4e5f\u53ef\u4ece Jaeger \u9875\u9762\u4e2d\u67e5\u770b\u5230\u539f\u59cb SkyWalking Id \u4fe1\u606f\uff0c\u4fbf\u4e8e\u4e0e\u5e94\u7528\u65e5\u5fd7\u5173\u8054\uff1a
"},{"location":"admin/insight/best-practice/tail-based-sampling.html","title":"\u94fe\u8def\u6570\u636e\u91c7\u6837\u4ecb\u7ecd\u4e0e\u914d\u7f6e","text":"\u4f7f\u7528\u5206\u5e03\u5f0f\u94fe\u8def\u8ddf\u8e2a\uff0c\u53ef\u4ee5\u5728\u5206\u5e03\u5f0f\u7cfb\u7edf\u4e2d\u89c2\u5bdf\u8bf7\u6c42\u5982\u4f55\u5728\u5404\u4e2a\u7cfb\u7edf\u4e2d\u6d41\u8f6c\u3002\u4e0d\u53ef\u5426\u8ba4\uff0c\u5b83\u975e\u5e38\u5b9e\u7528\uff0c\u4f8b\u5982\u4e86\u89e3\u60a8\u7684\u670d\u52a1\u8fde\u63a5\u548c\u8bca\u65ad\u5ef6\u8fdf\u95ee\u9898\uff0c\u4ee5\u53ca\u8bb8\u591a\u5176\u4ed6\u597d\u5904\u3002
\u4f46\u662f\uff0c\u5982\u679c\u60a8\u7684\u5927\u591a\u6570\u8bf7\u6c42\u90fd\u6210\u529f\u4e86\uff0c\u5e76\u4e14\u6ca1\u6709\u51fa\u73b0\u4e0d\u53ef\u63a5\u53d7\u7684\u5ef6\u8fdf\u6216\u9519\u8bef\uff0c\u90a3\u4e48\u60a8\u771f\u7684\u9700\u8981\u6240\u6709\u8fd9\u4e9b\u6570\u636e\u5417\uff1f\u6240\u4ee5\uff0c\u4f60\u5e76\u4e0d\u603b\u662f\u9700\u8981\u5927\u91cf\u6216\u8005\u5168\u91cf\u7684\u6570\u636e\u6765\u627e\u5230\u6b63\u786e\u7684\u89c1\u89e3\u3002\u60a8\u53ea\u9700\u8981\u901a\u8fc7\u6070\u5f53\u7684\u6570\u636e\u91c7\u6837\u5373\u53ef\u3002
\u91c7\u6837\u80cc\u540e\u7684\u60f3\u6cd5\u662f\u63a7\u5236\u53d1\u9001\u5230\u53ef\u89c2\u5bdf\u6027\u6536\u96c6\u5668\u7684\u94fe\u8def\uff0c\u4ece\u800c\u964d\u4f4e\u91c7\u96c6\u6210\u672c\u3002\u4e0d\u540c\u7684\u7ec4\u7ec7\u6709\u4e0d\u540c\u7684\u539f\u56e0\uff0c\u6bd4\u5982\u4e3a\u4ec0\u4e48\u8981\u62bd\u6837\uff0c\u4ee5\u53ca\u60f3\u8981\u62bd\u6837\u4ec0\u4e48\u6768\u7684\u6570\u636e\u3002\u6240\u4ee5\uff0c\u6211\u4eec\u9700\u8981\u81ea\u5b9a\u4e49\u91c7\u6837\u7b56\u7565\uff1a
\u5728\u8ba8\u8bba\u91c7\u6837\u65f6\u4f7f\u7528\u4e00\u81f4\u7684\u672f\u8bed\u662f\u5f88\u91cd\u8981\u7684\u3002Trace \u6216 Span \u88ab\u89c6\u4e3a \u91c7\u6837 \u6216 \u672a\u91c7\u6837\uff1a
\u5934\u90e8\u62bd\u6837\u662f\u4e00\u79cd\u7528\u4e8e\u5c3d\u65e9\u505a\u51fa\u62bd\u6837\u51b3\u5b9a\u7684\u91c7\u6837\u6280\u672f\u3002\u91c7\u6837\u6216\u5220\u9664 Trace/Span \u7684\u51b3\u5b9a\u4e0d\u662f\u901a\u8fc7\u68c0\u67e5\u6574\u4e2a Trace \u6765\u505a\u51fa\u7684\u3002
\u4f8b\u5982\uff0c\u6700\u5e38\u89c1\u7684\u5934\u90e8\u91c7\u6837\u5f62\u5f0f\u662f\u4e00\u81f4\u6982\u7387\u91c7\u6837\u3002\u5b83\u4e5f\u53ef\u4ee5\u79f0\u4e3a\u786e\u5b9a\u6027\u91c7\u6837\u3002\u5728\u8fd9\u79cd\u60c5\u51b5\u4e0b\uff0c\u5c06\u6839\u636e TraceID \u548c\u8981\u91c7\u6837\u7684\u6240\u9700 Trace \u767e\u5206\u6bd4\u505a\u51fa\u91c7\u6837\u51b3\u7b56\u3002\u8fd9\u53ef\u786e\u4fdd\u4ee5\u4e00\u81f4\u7684\u901f\u7387\uff08\u4f8b\u5982\u6240\u6709 Trace\u7684 5%\uff09\u5bf9\u6574\u4e2a Trace \u8fdb\u884c\u91c7\u6837\u5e76\u4e14\u4e0d\u9057\u6f0f Span\u3002
\u5934\u90e8\u91c7\u6837\u7684\u597d\u5904\u662f\uff1a - \u6613\u4e8e\u7406\u89e3 - \u6613\u4e8e\u914d\u7f6e - \u9ad8\u6548 - \u53ef\u4ee5\u5728\u8ddf\u8e2a\u6536\u96c6\u7ba1\u9053\u4e2d\u7684\u4efb\u4f55\u4f4d\u7f6e\u5b8c\u6210
\u5934\u90e8\u91c7\u6837\u7684\u4e3b\u8981\u7f3a\u70b9\u662f\u65e0\u6cd5\u6839\u636e\u6574\u4e2a Trace \u4e2d\u7684\u6570\u636e\u505a\u51fa\u91c7\u6837\u51b3\u7b56\u3002\u8fd9\u610f\u5473\u7740\u5934\u90e8\u62bd\u6837\u4f5c\u4e3a\u4e00\u79cd\u949d\u5668\u662f\u6709\u6548\u7684\uff0c\u4f46\u5bf9\u4e8e\u5fc5\u987b\u8003\u8651\u6574\u4e2a\u7cfb\u7edf\u4fe1\u606f\u7684\u62bd\u6837\u7b56\u7565\u6765\u8bf4\uff0c\u8fd9\u662f\u5b8c\u5168\u4e0d\u591f\u7684\u3002\u4f8b\u5982\uff0c\u65e0\u6cd5\u4f7f\u7528\u5934\u90e8\u91c7\u6837\u6765\u786e\u4fdd\u5bf9\u6240\u6709\u5177\u6709\u8bef\u5dee\u7684\u8ff9\u7ebf\u8fdb\u884c\u91c7\u6837\u3002\u4e3a\u6b64\uff0c\u60a8\u9700\u8981\u5c3e\u90e8\u91c7\u6837\u3002
"},{"location":"admin/insight/best-practice/tail-based-sampling.html#tail-sampling","title":"\u5c3e\u90e8\u91c7\u6837\uff08Tail Sampling\uff09\u2014\u2014 \u63a8\u8350\u65b9\u6848","text":"\u5c3e\u90e8\u91c7\u6837\u662f\u901a\u8fc7\u8003\u8651 Trace \u5185\u7684\u5168\u90e8\u6216\u5927\u90e8\u5206 Span \u6765\u51b3\u5b9a\u5bf9 Trace \u8fdb\u884c\u91c7\u6837\u3002\u5c3e\u90e8\u91c7\u6837\u5141\u8bb8\u60a8\u6839\u636e\u4ece Trace \u7684\u4e0d\u540c\u90e8\u5206\u4f7f\u7528\u7684\u7279\u5b9a\u6761\u4ef6\u5bf9 Trace \u8fdb\u884c\u91c7\u6837\uff0c\u800c\u5934\u90e8\u91c7\u6837\u5219\u4e0d\u5177\u6709\u6b64\u9009\u9879\u3002
\u5982\u4f55\u4f7f\u7528\u5c3e\u90e8\u91c7\u6837\u7684\u4e00\u4e9b\u793a\u4f8b\u5305\u62ec\uff1a
\u6b63\u5982\u4f60\u6240\u770b\u5230\u7684\uff0c\u5c3e\u90e8\u91c7\u6837\u6709\u7740\u66f4\u9ad8\u7a0b\u5ea6\u7684\u590d\u6742\u5ea6\u3002\u5bf9\u4e8e\u5fc5\u987b\u5bf9\u9065\u6d4b\u6570\u636e\u8fdb\u884c\u91c7\u6837\u7684\u5927\u578b\u7cfb\u7edf\uff0c\u51e0\u4e4e\u603b\u662f\u9700\u8981\u4f7f\u7528\u5c3e\u90e8\u91c7\u6837\u6765\u5e73\u8861\u6570\u636e\u91cf\u548c\u6570\u636e\u7684\u6709\u7528\u6027\u3002
\u5982\u4eca\uff0c\u5c3e\u90e8\u91c7\u6837\u6709\u4e09\u4e2a\u4e3b\u8981\u7f3a\u70b9\uff1a
\u6700\u540e\uff0c\u5bf9\u4e8e\u67d0\u4e9b\u7cfb\u7edf\uff0c\u5c3e\u90e8\u91c7\u6837\u53ef\u4ee5\u4e0e\u5934\u90e8\u91c7\u6837\u7ed3\u5408\u4f7f\u7528\u3002\u4f8b\u5982\uff0c\u4e00\u7ec4\u751f\u6210\u5927\u91cf Trace \u6570\u636e\u7684\u670d\u52a1\u53ef\u80fd\u9996\u5148\u4f7f\u7528\u5934\u90e8\u91c7\u6837\u4ec5\u5bf9\u4e00\u5c0f\u90e8\u5206\u8ddf\u8e2a\u8fdb\u884c\u91c7\u6837\uff0c\u7136\u540e\u5728\u9065\u6d4b\u7ba1\u9053\u4e2d\u7a0d\u540e\u4f7f\u7528\u5c3e\u90e8\u91c7\u6837\u5728\u5bfc\u51fa\u5230\u540e\u7aef\u4e4b\u524d\u505a\u51fa\u66f4\u590d\u6742\u7684\u91c7\u6837\u51b3\u7b56\u3002\u8fd9\u6837\u505a\u901a\u5e38\u662f\u4e3a\u4e86\u4fdd\u62a4\u9065\u6d4b\u7ba1\u9053\u514d\u4e8e\u8fc7\u8f7d\u3002
AI \u7b97\u529b\u4e2d\u5fc3 Insight \u76ee\u524d\u63a8\u8350\u4f7f\u7528\u5c3e\u90e8\u91c7\u6837\u5e76\u4f18\u5148\u652f\u6301\u5c3e\u90e8\u91c7\u6837\u3002
\u5c3e\u90e8\u91c7\u6837\u5904\u7406\u5668\u6839\u636e\u4e00\u7ec4\u5b9a\u4e49\u7684\u7b56\u7565\u5bf9\u94fe\u8def\u8fdb\u884c\u91c7\u6837\u3002\u4f46\u662f\uff0c\u94fe\u8def\u7684\u6240\u6709\u8de8\u5ea6\uff08Span\uff09\u5fc5\u987b\u7531\u540c\u4e00\u6536\u96c6\u5668\u5b9e\u4f8b\u63a5\u6536\uff0c\u4ee5\u505a\u51fa\u6709\u6548\u7684\u91c7\u6837\u51b3\u7b56\u3002
\u56e0\u6b64\uff0c\u9700\u8981\u5bf9 Insight \u7684 Global Opentelemetry Collector \u67b6\u6784\u8fdb\u884c\u8c03\u6574\u4ee5\u5b9e\u73b0\u5c3e\u90e8\u91c7\u6837\u7b56\u7565\u3002
"},{"location":"admin/insight/best-practice/tail-based-sampling.html#insight","title":"Insight \u5177\u4f53\u6539\u52a8","text":"\u5728\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4e2d\u7684 insight-opentelemetry-collector
\u524d\u9762\u5f15\u5165\u5177\u6709\u8d1f\u8f7d\u5747\u8861\u80fd\u529b\u7684 Opentelemetry Collector Gateway \u7ec4\u4ef6\uff0c\u4f7f\u5f97\u540c\u4e00\u7ec4 Trace \u80fd\u591f\u6839\u636e TraceID \u8def\u7531\u5230\u540c\u4e00\u4e2a Opentelemetry Collector \u5b9e\u4f8b\u3002
\u90e8\u7f72\u5177\u6709\u8d1f\u8f7d\u5747\u8861\u80fd\u529b\u7684 OTEL COL Gateway \u7ec4\u4ef6
\u5982\u679c\u60a8\u4f7f\u7528\u4e86 Insight 0.25.x \u7248\u672c\uff0c\u53ef\u4ee5\u901a\u8fc7\u5982\u4e0b Helm Upgrade \u53c2\u6570 --set opentelemetry-collector-gateway.enabled=true
\u5feb\u901f\u5f00\u542f\uff0c\u4ee5\u6b64\u8df3\u8fc7\u5982\u4e0b\u90e8\u7f72\u8fc7\u7a0b\u3002
\u53c2\u7167\u4ee5\u4e0b YAML \u914d\u7f6e\u6765\u90e8\u7f72\u3002
\u70b9\u51fb\u67e5\u770b\u90e8\u7f72\u914d\u7f6ekind: ClusterRole\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n name: insight-otel-collector-gateway\nrules:\n- apiGroups: [\"\"]\n resources: [\"endpoints\"]\n verbs: [\"get\", \"watch\", \"list\"]\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: insight-otel-collector-gateway\n namespace: insight-system\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n name: insight-otel-collector-gateway\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: insight-otel-collector-gateway\nsubjects:\n- kind: ServiceAccount\n name: insight-otel-collector-gateway\n namespace: insight-system\n---\nkind: ConfigMap\nmetadata:\n labels:\n app.kubernetes.io/component: opentelemetry-collector\n app.kubernetes.io/instance: insight-otel-collector-gateway\n app.kubernetes.io/name: insight-otel-collector-gateway\n name: insight-otel-collector-gateway-collector\n namespace: insight-system\napiVersion: v1\ndata:\n collector.yaml: |\n receivers:\n otlp:\n protocols:\n grpc:\n http:\n jaeger:\n protocols:\n grpc:\n processors:\n\n extensions:\n health_check:\n pprof:\n endpoint: :1888\n zpages:\n endpoint: :55679\n exporters:\n logging:\n loadbalancing:\n routing_key: \"traceID\"\n protocol:\n otlp:\n # all options from the OTLP exporter are supported\n # except the endpoint\n timeout: 1s\n tls:\n insecure: true\n resolver:\n k8s:\n service: insight-opentelemetry-collector\n ports:\n - 4317\n service:\n extensions: [pprof, zpages, health_check]\n pipelines:\n traces:\n receivers: [otlp, jaeger]\n exporters: [loadbalancing]\n---\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n labels:\n app.kubernetes.io/component: opentelemetry-collector\n app.kubernetes.io/instance: insight-otel-collector-gateway\n app.kubernetes.io/name: insight-otel-collector-gateway\n name: insight-otel-collector-gateway\n namespace: insight-system\nspec:\n replicas: 2\n selector:\n matchLabels:\n app.kubernetes.io/component: opentelemetry-collector\n app.kubernetes.io/instance: insight-otel-collector-gateway\n app.kubernetes.io/name: insight-otel-collector-gateway\n template:\n metadata:\n labels:\n app.kubernetes.io/component: opentelemetry-collector\n app.kubernetes.io/instance: insight-otel-collector-gateway\n app.kubernetes.io/name: insight-otel-collector-gateway\n spec:\n containers:\n - args:\n - --config=/conf/collector.yaml\n env:\n - name: POD_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.name\n image: ghcr.m.daocloud.io/openinsight-proj/opentelemetry-collector-contrib:5baef686672cfe5551e03b5c19d3072c432b6f33\n imagePullPolicy: IfNotPresent\n livenessProbe:\n failureThreshold: 3\n httpGet:\n path: /\n port: 13133\n scheme: HTTP\n periodSeconds: 10\n successThreshold: 1\n timeoutSeconds: 1\n name: otc-container\n resources:\n limits:\n cpu: '1'\n memory: 2Gi\n requests:\n cpu: 100m\n memory: 400Mi\n ports:\n - containerPort: 14250\n name: jaeger-grpc\n protocol: TCP\n - containerPort: 8888\n name: metrics\n protocol: TCP\n - containerPort: 4317\n name: otlp-grpc\n protocol: TCP\n - containerPort: 4318\n name: otlp-http\n protocol: TCP\n - containerPort: 55679\n name: zpages\n protocol: TCP\n\n volumeMounts:\n - mountPath: /conf\n name: otc-internal\n\n serviceAccount: insight-otel-collector-gateway\n serviceAccountName: insight-otel-collector-gateway\n volumes:\n - configMap:\n defaultMode: 420\n items:\n - key: collector.yaml\n path: collector.yaml\n name: insight-otel-collector-gateway-collector\n name: otc-internal\n---\nkind: Service\napiVersion: v1\nmetadata:\n name: insight-opentelemetry-collector-gateway\n namespace: insight-system\n labels:\n app.kubernetes.io/component: opentelemetry-collector\n app.kubernetes.io/instance: insight-otel-collector-gateway\n app.kubernetes.io/name: insight-otel-collector-gateway\nspec:\n ports:\n - name: fluentforward\n protocol: TCP\n port: 8006\n targetPort: 8006\n - name: jaeger-compact\n protocol: UDP\n port: 6831\n targetPort: 6831\n - name: jaeger-grpc\n protocol: TCP\n port: 14250\n targetPort: 14250\n - name: jaeger-thrift\n protocol: TCP\n port: 14268\n targetPort: 14268\n - name: metrics\n protocol: TCP\n port: 8888\n targetPort: 8888\n - name: otlp\n protocol: TCP\n appProtocol: grpc\n port: 4317\n targetPort: 4317\n - name: otlp-http\n protocol: TCP\n port: 4318\n targetPort: 4318\n - name: zipkin\n protocol: TCP\n port: 9411\n targetPort: 9411\n - name: zpages\n protocol: TCP\n port: 55679\n targetPort: 55679\n selector:\n app.kubernetes.io/component: opentelemetry-collector\n app.kubernetes.io/instance: insight-otel-collector-gateway\n app.kubernetes.io/name: insight-otel-collector-gateway\n
\u914d\u7f6e\u5c3e\u90e8\u91c7\u6837\u89c4\u5219
Note
\u9700\u8981\u5728\u539f\u672c insight-otel-collector-config configmap \u914d\u7f6e\u7ec4\u4e2d\u589e\u52a0\u5c3e\u90e8\u91c7\u6837\uff08tail_sampling processors\uff09\u7684\u89c4\u5219\u3002
\u5728 processor
\u4e2d\u589e\u52a0\u5982\u4e0b\u5185\u5bb9\uff0c\u5177\u4f53\u89c4\u5219\u53ef\u8c03\u6574\uff1b\u53c2\u8003 OTel \u5b98\u65b9\u793a\u4f8b\u3002
........\ntail_sampling:\n decision_wait: 10s # \u7b49\u5f85 10 \u79d2\uff0c\u8d85\u8fc7 10 \u79d2\u540e\u7684 traceid \u5c06\u4e0d\u518d\u5904\u7406\n num_traces: 1500000 # \u5185\u5b58\u4e2d\u4fdd\u5b58\u7684 trace \u6570\uff0c\u5047\u8bbe\u6bcf\u79d2 1000 \u6761 trace\uff0c\u6700\u5c0f\u4e0d\u4f4e\u4e8e 1000 * decision_wait * 2\uff1b\n # \u8bbe\u7f6e\u8fc7\u5927\u4f1a\u5360\u7528\u8fc7\u591a\u7684\u5185\u5b58\u8d44\u6e90\uff0c\u8fc7\u5c0f\u4f1a\u5bfc\u81f4\u90e8\u5206 trace \u88ab drop \u6389\n expected_new_traces_per_sec: 10\n policies: # \u4e0a\u62a5\u7b56\u7565\n [\n {\n name: latency-policy,\n type: latency, # \u8017\u65f6\u8d85\u8fc7 500ms \u4e0a\u62a5\n latency: {threshold_ms: 500}\n },\n {\n name: status_code-policy,\n type: status_code, # \u72b6\u6001\u7801\u4e3a ERROR \u7684\u4e0a\u62a5\n status_code: {status_codes: [ ERROR ]}\n }\n ]\n......\ntail_sampling: # \u7ec4\u5408\u91c7\u6837\n decision_wait: 10s # \u7b49\u5f85 10 \u79d2\uff0c\u8d85\u8fc7 10 \u79d2\u540e\u7684 traceid \u5c06\u4e0d\u518d\u5904\u7406\n num_traces: 1500000 # \u5185\u5b58\u4e2d\u4fdd\u5b58\u7684 trace \u6570\uff0c\u5047\u8bbe\u6bcf\u79d2 1000 \u6761 trace\uff0c\u6700\u5c0f\u4e0d\u4f4e\u4e8e 1000 * decision_wait * 2\uff1b\n # \u8bbe\u7f6e\u8fc7\u5927\u4f1a\u5360\u7528\u8fc7\u591a\u7684\u5185\u5b58\u8d44\u6e90\uff0c\u8fc7\u5c0f\u4f1a\u5bfc\u81f4\u90e8\u5206 trace \u88ab drop \u6389\n expected_new_traces_per_sec: 10\n policies: [\n {\n name: debug-worker-cluster-sample-policy,\n type: and,\n and:\n {\n and_sub_policy:\n [\n {\n name: service-name-policy,\n type: string_attribute,\n string_attribute:\n { key: k8s.cluster.id, values: [xxxxxxx] },\n },\n {\n name: trace-status-policy,\n type: status_code,\n status_code: { status_codes: [ERROR] },\n },\n {\n name: probabilistic-policy,\n type: probabilistic,\n probabilistic: { sampling_percentage: 1 },\n }\n ]\n }\n }\n ]\n
\u5728 insight-otel-collector-config
configmap \u4e2d\u7684 otel col pipeline \u4e2d\u6fc0\u6d3b\u8be5 processor
\uff1a
traces:\n exporters:\n - servicegraph\n - otlp/jaeger\n processors:\n - memory_limiter\n - tail_sampling # \ud83d\udc48\n - batch\n receivers:\n - otlp\n
\u91cd\u542f insight-opentelemetry-collector
\u7ec4\u4ef6\u3002
\u90e8\u7f72\u6216\u66f4\u65b0 Insight-agent\uff0c\u5c06\u94fe\u8def\u6570\u636e\u7684\u4e0a\u62a5\u5730\u5740\u4fee\u6539\u4e3a opentelemetry-collector-gateway
LB \u7684 4317
\u7aef\u53e3\u5730\u5740\u3002
....\n exporters:\n otlp/global:\n endpoint: insight-opentelemetry-collector-gateway.insight-system.svc.cluster.local:4317 # \ud83d\udc48 \u4fee\u6539\u4e3a gateway/lb \u5730\u5740\n
\u5728 AI \u7b97\u529b\u5e73\u53f0\u4e2d\u53ef\u89c2\u6d4b\u6027 Insight \u4f5c\u4e3a\u591a\u96c6\u7fa4\u89c2\u6d4b\u4ea7\u54c1\uff0c\u4e3a\u4e86\u5b9e\u73b0\u591a\u96c6\u7fa4\u89c2\u6d4b\u6570\u636e\u7684\u7edf\u4e00\u91c7\u96c6\uff0c\u9700\u8981\u7528\u6237\u5b89\u88c5 Helm \u5e94\u7528 insight-agent \uff08\u9ed8\u8ba4\u5b89\u88c5\u5728 insight-system \u547d\u540d\u7a7a\u95f4\uff09\u3002\u53c2\u9605\u5982\u4f55\u5b89\u88c5 insight-agent \u3002
"},{"location":"admin/insight/collection-manag/agent-status.html#_1","title":"\u72b6\u6001\u8bf4\u660e","text":"\u5728 \u53ef\u89c2\u6d4b\u6027 -> \u91c7\u96c6\u7ba1\u7406 \u90e8\u5206\u53ef\u67e5\u770b\u5404\u96c6\u7fa4\u5b89\u88c5 insight-agent \u7684\u60c5\u51b5\u3002
\u53ef\u901a\u8fc7\u4ee5\u4e0b\u65b9\u5f0f\u6392\u67e5\uff1a
\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\uff0c\u82e5\u72b6\u6001\u4e3a deployed \uff0c\u5219\u6267\u884c\u4e0b\u4e00\u6b65\u3002\u82e5\u4e3a failed \uff0c\u7531\u4e8e\u4f1a\u5f71\u54cd\u5e94\u7528\u7684\u5347\u7ea7\uff0c\u5efa\u8bae\u5728 \u5bb9\u5668\u7ba1\u7406 -> helm \u5e94\u7528 \u5378\u8f7d\u540e\u91cd\u65b0\u5b89\u88c5 :
helm list -n insight-system\n
\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u6216\u5728 \u53ef\u89c2\u6d4b\u6027 -> \u91c7\u96c6\u7ba1\u7406 \u4e2d\u67e5\u770b\u8be5\u96c6\u7fa4\u90e8\u7f72\u7684\u7ec4\u4ef6\u7684\u72b6\u6001\uff0c\u82e5\u5b58\u5728\u975e \u8fd0\u884c\u4e2d \u72b6\u6001\u7684\u5bb9\u5668\u7ec4\uff0c\u8bf7\u91cd\u542f\u5f02\u5e38\u7684\u5bb9\u5668\u7ec4\u3002
kubectl get pods -n insight-system\n
insight-agent \u4e2d\u6307\u6807\u91c7\u96c6\u7ec4\u4ef6 Prometheus \u7684\u8d44\u6e90\u6d88\u8017\u4e0e\u96c6\u7fa4\u4e2d\u8fd0\u884c\u7684\u5bb9\u5668\u7ec4\u6570\u91cf\u5b58\u5728\u6b63\u6bd4\u5173\u7cfb\uff0c \u8bf7\u6839\u636e\u96c6\u7fa4\u89c4\u6a21\u8c03\u6574 Prometheus \u7684\u8d44\u6e90\uff0c\u8bf7\u53c2\u8003\uff1aPrometheus \u8d44\u6e90\u89c4\u5212
\u7531\u4e8e\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4e2d\u6307\u6807\u5b58\u50a8\u7ec4\u4ef6 vmstorage \u7684\u5b58\u50a8\u5bb9\u91cf\u4e0e\u5404\u4e2a\u96c6\u7fa4\u5bb9\u5668\u7ec4\u6570\u91cf\u603b\u548c\u5b58\u5728\u6b63\u6bd4\u5173\u7cfb\u3002
\u91c7\u96c6\u7ba1\u7406 \u4e3b\u8981\u662f\u96c6\u4e2d\u7ba1\u7406\u3001\u5c55\u793a\u96c6\u7fa4\u5b89\u88c5\u91c7\u96c6\u63d2\u4ef6 insight-agent \u7684\u5165\u53e3\uff0c\u5e2e\u52a9\u7528\u6237\u5feb\u901f\u7684\u67e5\u770b\u96c6\u7fa4\u91c7\u96c6\u63d2\u4ef6\u7684\u5065\u5eb7\u72b6\u6001\uff0c\u5e76\u63d0\u4f9b\u4e86\u5feb\u6377\u5165\u53e3\u914d\u7f6e\u91c7\u96c6\u89c4\u5219\u3002
\u5177\u4f53\u64cd\u4f5c\u6b65\u9aa4\u5982\u4e0b\uff1a
\u70b9\u51fb\u5de6\u4e0a\u89d2\u7684\uff0c\u9009\u62e9 \u53ef\u89c2\u6d4b\u6027 \u3002
\u9009\u62e9\u5de6\u4fa7\u5bfc\u822a\u680f\u7684 \u91c7\u96c6\u7ba1\u7406 \uff0c\u67e5\u770b\u5168\u90e8\u96c6\u7fa4\u91c7\u96c6\u63d2\u4ef6\u7684\u72b6\u6001\u3002
\u96c6\u7fa4\u63a5\u5165 insight-agent \u4e14\u5904\u4e8e\u8fd0\u884c\u4e2d\u72b6\u6001\u65f6\uff0c\u70b9\u51fb\u67d0\u4e2a\u96c6\u7fa4\u540d\u79f0\u8fdb\u5165\u8be6\u60c5\u3002
\u5728 \u670d\u52a1\u76d1\u63a7 \u9875\u7b7e\u4e2d\uff0c\u70b9\u51fb\u5feb\u6377\u94fe\u63a5\u8df3\u8f6c\u5230 \u5bb9\u5668\u7ba1\u7406 -> \u81ea\u5b9a\u4e49\u8d44\u6e90 \u6dfb\u52a0\u670d\u52a1\u53d1\u73b0\u89c4\u5219\u3002
Prometheus \u4e3b\u8981\u901a\u8fc7 Pull \u7684\u65b9\u5f0f\u6765\u6293\u53d6\u76ee\u6807\u670d\u52a1\u66b4\u9732\u51fa\u6765\u7684\u76d1\u63a7\u63a5\u53e3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6e\u5bf9\u5e94\u7684\u6293\u53d6\u4efb\u52a1\u6765\u8bf7\u6c42\u76d1\u63a7\u6570\u636e\u5e76\u5199\u5165\u5230 Prometheus \u63d0\u4f9b\u7684\u5b58\u50a8\u4e2d\uff0c\u76ee\u524d Prometheus \u670d\u52a1\u63d0\u4f9b\u4e86\u5982\u4e0b\u51e0\u4e2a\u4efb\u52a1\u7684\u914d\u7f6e\uff1a
Note
[ ]
\u4e2d\u7684\u914d\u7f6e\u9879\u4e3a\u53ef\u9009\u3002
\u76f8\u5e94\u914d\u7f6e\u9879\u8bf4\u660e\u5982\u4e0b\uff1a
# \u6293\u53d6\u4efb\u52a1\u540d\u79f0\uff0c\u540c\u65f6\u4f1a\u5728\u5bf9\u5e94\u6293\u53d6\u7684\u6307\u6807\u4e2d\u52a0\u4e86\u4e00\u4e2a label(job=job_name)\njob_name: <job_name>\n\n# \u6293\u53d6\u4efb\u52a1\u65f6\u95f4\u95f4\u9694\n[ scrape_interval: <duration> | default = <global_config.scrape_interval> ]\n\n# \u6293\u53d6\u8bf7\u6c42\u8d85\u65f6\u65f6\u95f4\n[ scrape_timeout: <duration> | default = <global_config.scrape_timeout> ]\n\n# \u6293\u53d6\u4efb\u52a1\u8bf7\u6c42 URI \u8def\u5f84\n[ metrics_path: <path> | default = /metrics ]\n\n# \u89e3\u51b3\u5f53\u6293\u53d6\u7684 label \u4e0e\u540e\u7aef Prometheus \u6dfb\u52a0 label \u51b2\u7a81\u65f6\u7684\u5904\u7406\u3002\n# true: \u4fdd\u7559\u6293\u53d6\u5230\u7684 label\uff0c\u5ffd\u7565\u4e0e\u540e\u7aef Prometheus \u51b2\u7a81\u7684 label\uff1b\n# false: \u5bf9\u51b2\u7a81\u7684 label\uff0c\u628a\u6293\u53d6\u7684 label \u524d\u52a0\u4e0a exported_<original-label>\uff0c\u6dfb\u52a0\u540e\u7aef Prometheus \u589e\u52a0\u7684 label\uff1b\n[ honor_labels: <boolean> | default = false ]\n\n# \u662f\u5426\u4f7f\u7528\u6293\u53d6\u5230 target \u4e0a\u4ea7\u751f\u7684\u65f6\u95f4\u3002\n# true: \u5982\u679c target \u4e2d\u6709\u65f6\u95f4\uff0c\u4f7f\u7528 target \u4e0a\u7684\u65f6\u95f4\uff1b\n# false: \u76f4\u63a5\u5ffd\u7565 target \u4e0a\u7684\u65f6\u95f4\uff1b\n[ honor_timestamps: <boolean> | default = true ]\n\n# \u6293\u53d6\u534f\u8bae: http \u6216\u8005 https\n[ scheme: <scheme> | default = http ]\n\n# \u6293\u53d6\u8bf7\u6c42\u5bf9\u5e94 URL \u53c2\u6570\nparams:\n [ <string>: [<string>, ...] ]\n\n# \u901a\u8fc7 basic auth \u8bbe\u7f6e\u6293\u53d6\u8bf7\u6c42\u5934\u4e2d `Authorization` \u7684\u503c\uff0cpassword/password_file \u4e92\u65a5\uff0c\u4f18\u5148\u53d6 password_file \u91cc\u9762\u7684\u503c\u3002\nbasic_auth:\n [ username: <string> ]\n [ password: <secret> ]\n [ password_file: <string> ]\n\n# \u901a\u8fc7 bearer token \u8bbe\u7f6e\u6293\u53d6\u8bf7\u6c42\u5934\u4e2d `Authorization` bearer_token/bearer_token_file \u4e92\u65a5\uff0c\u4f18\u5148\u53d6 bearer_token \u91cc\u9762\u7684\u503c\u3002\n[ bearer_token: <secret> ]\n\n# \u901a\u8fc7 bearer token \u8bbe\u7f6e\u6293\u53d6\u8bf7\u6c42\u5934\u4e2d `Authorization` bearer_token/bearer_token_file \u4e92\u65a5\uff0c\u4f18\u5148\u53d6 bearer_token \u91cc\u9762\u7684\u503c\u3002\n[ bearer_token_file: <filename> ]\n\n# \u6293\u53d6\u8fde\u63a5\u662f\u5426\u901a\u8fc7 TLS \u5b89\u5168\u901a\u9053\uff0c\u914d\u7f6e\u5bf9\u5e94\u7684 TLS \u53c2\u6570\ntls_config:\n [ <tls_config> ]\n\n# \u901a\u8fc7\u4ee3\u7406\u670d\u52a1\u6765\u6293\u53d6 target \u4e0a\u7684\u6307\u6807\uff0c\u586b\u5199\u5bf9\u5e94\u7684\u4ee3\u7406\u670d\u52a1\u5730\u5740\u3002\n[ proxy_url: <string> ]\n\n# \u901a\u8fc7\u9759\u6001\u914d\u7f6e\u6765\u6307\u5b9a target\uff0c\u8be6\u89c1\u4e0b\u9762\u7684\u8bf4\u660e\u3002\nstatic_configs:\n [ - <static_config> ... ]\n\n# CVM \u670d\u52a1\u53d1\u73b0\u914d\u7f6e\uff0c\u8be6\u89c1\u4e0b\u9762\u7684\u8bf4\u660e\u3002\ncvm_sd_configs:\n [ - <cvm_sd_config> ... ]\n\n# \u5728\u6293\u53d6\u6570\u636e\u4e4b\u540e\uff0c\u628a target \u4e0a\u5bf9\u5e94\u7684 label \u901a\u8fc7 relabel \u7684\u673a\u5236\u8fdb\u884c\u6539\u5199\uff0c\u6309\u987a\u5e8f\u6267\u884c\u591a\u4e2a relabel \u89c4\u5219\u3002\n# relabel_config \u8be6\u89c1\u4e0b\u6587\u8bf4\u660e\u3002\nrelabel_configs:\n [ - <relabel_config> ... ]\n\n# \u6570\u636e\u6293\u53d6\u5b8c\u6210\u5199\u5165\u4e4b\u524d\uff0c\u901a\u8fc7 relabel \u673a\u5236\u8fdb\u884c\u6539\u5199 label \u5bf9\u5e94\u7684\u503c\uff0c\u6309\u987a\u5e8f\u6267\u884c\u591a\u4e2a relabel \u89c4\u5219\u3002\n# relabel_config \u8be6\u89c1\u4e0b\u6587\u8bf4\u660e\u3002\nmetric_relabel_configs:\n [ - <relabel_config> ... ]\n\n# \u4e00\u6b21\u6293\u53d6\u6570\u636e\u70b9\u9650\u5236\uff0c0\uff1a\u4e0d\u4f5c\u9650\u5236\uff0c\u9ed8\u8ba4\u4e3a 0\n[ sample_limit: <int> | default = 0 ]\n\n# \u4e00\u6b21\u6293\u53d6 Target \u9650\u5236\uff0c0\uff1a\u4e0d\u4f5c\u9650\u5236\uff0c\u9ed8\u8ba4\u4e3a 0\n[ target_limit: <int> | default = 0 ]\n
"},{"location":"admin/insight/collection-manag/metric-collect.html#pod-monitor","title":"Pod Monitor","text":"\u76f8\u5e94\u914d\u7f6e\u9879\u8bf4\u660e\u5982\u4e0b\uff1a
# Prometheus Operator CRD \u7248\u672c\napiVersion: monitoring.coreos.com/v1\n# \u5bf9\u5e94 K8S \u7684\u8d44\u6e90\u7c7b\u578b\uff0c\u8fd9\u91cc\u9762 Pod Monitor\nkind: PodMonitor\n# \u5bf9\u5e94 K8S \u7684 Metadata\uff0c\u8fd9\u91cc\u53ea\u7528\u5173\u5fc3 name\uff0c\u5982\u679c\u6ca1\u6709\u6307\u5b9a jobLabel\uff0c\u5bf9\u5e94\u6293\u53d6\u6307\u6807 label \u4e2d job \u7684\u503c\u4e3a <namespace>/<name>\nmetadata:\n name: redis-exporter # \u586b\u5199\u4e00\u4e2a\u552f\u4e00\u540d\u79f0\n namespace: cm-prometheus # namespace \u56fa\u5b9a\uff0c\u4e0d\u9700\u8981\u4fee\u6539\n# \u63cf\u8ff0\u6293\u53d6\u76ee\u6807 Pod \u7684\u9009\u53d6\u53ca\u6293\u53d6\u4efb\u52a1\u7684\u914d\u7f6e\n label:\n operator.insight.io/managed-by: insight # Insight \u7ba1\u7406\u7684\u6807\u7b7e\u6807\u8bc6\nspec:\n # \u586b\u5199\u5bf9\u5e94 Pod \u7684 label\uff0cpod monitor \u4f1a\u53d6\u5bf9\u5e94\u7684\u503c\u4f5c\u4e3a job label \u7684\u503c\u3002\n # \u5982\u679c\u67e5\u770b\u7684\u662f Pod Yaml\uff0c\u53d6 pod.metadata.labels \u4e2d\u7684\u503c\u3002\n # \u5982\u679c\u67e5\u770b\u7684\u662f Deployment/Daemonset/Statefulset\uff0c\u53d6 spec.template.metadata.labels\u3002\n [ jobLabel: string ]\n # \u628a\u5bf9\u5e94 Pod \u4e0a\u7684 Label \u6dfb\u52a0\u5230 Target \u7684 Label \u4e2d\n [ podTargetLabels: []string ]\n # \u4e00\u6b21\u6293\u53d6\u6570\u636e\u70b9\u9650\u5236\uff0c0\uff1a\u4e0d\u4f5c\u9650\u5236\uff0c\u9ed8\u8ba4\u4e3a 0\n [ sampleLimit: uint64 ]\n # \u4e00\u6b21\u6293\u53d6 Target \u9650\u5236\uff0c0\uff1a\u4e0d\u4f5c\u9650\u5236\uff0c\u9ed8\u8ba4\u4e3a 0\n [ targetLimit: uint64 ]\n # \u914d\u7f6e\u9700\u8981\u6293\u53d6\u66b4\u9732\u7684 Prometheus HTTP \u63a5\u53e3\uff0c\u53ef\u4ee5\u914d\u7f6e\u591a\u4e2a Endpoint\n podMetricsEndpoints:\n [ - <endpoint_config> ... ] # \u8be6\u89c1\u4e0b\u9762 endpoint \u8bf4\u660e\n # \u9009\u62e9\u8981\u76d1\u63a7 Pod \u6240\u5728\u7684 namespace\uff0c\u4e0d\u586b\u4e3a\u9009\u53d6\u6240\u6709 namespace\n [ namespaceSelector: ]\n # \u662f\u5426\u9009\u53d6\u6240\u6709 namespace\n [ any: bool ]\n # \u9700\u8981\u9009\u53d6 namespace \u5217\u8868\n [ matchNames: []string ]\n # \u586b\u5199\u8981\u76d1\u63a7 Pod \u7684 Label \u503c\uff0c\u4ee5\u5b9a\u4f4d\u76ee\u6807 Pod [K8S metav1.LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#labelselector-v1-meta)\n selector:\n [ matchExpressions: array ]\n [ example: - {key: tier, operator: In, values: [cache]} ]\n [ matchLabels: object ]\n [ example: k8s-app: redis-exporter ]\n
"},{"location":"admin/insight/collection-manag/metric-collect.html#1","title":"\u4e3e\u4f8b 1","text":"apiVersion: monitoring.coreos.com/v1\nkind: PodMonitor\nmetadata:\n name: redis-exporter # \u586b\u5199\u4e00\u4e2a\u552f\u4e00\u540d\u79f0\n namespace: cm-prometheus # namespace \u56fa\u5b9a\uff0c\u4e0d\u8981\u4fee\u6539\n label:\n operator.insight.io/managed-by: insight # Insight \u7ba1\u7406\u7684\u6807\u7b7e\u6807\u8bc6\uff0c\u5fc5\u586b\u3002\nspec:\n podMetricsEndpoints:\n - interval: 30s\n port: metric-port # \u586b\u5199 pod yaml \u4e2d Prometheus Exporter \u5bf9\u5e94\u7684 Port \u7684 Name\n path: /metrics # \u586b\u5199 Prometheus Exporter \u5bf9\u5e94\u7684 Path \u7684\u503c\uff0c\u4e0d\u586b\u9ed8\u8ba4 /metrics\n relabelings:\n - action: replace\n sourceLabels:\n - instance\n regex: (.*)\n targetLabel: instance\n replacement: \"crs-xxxxxx\" # \u8c03\u6574\u6210\u5bf9\u5e94\u7684 Redis \u5b9e\u4f8b ID\n - action: replace\n sourceLabels:\n - instance\n regex: (.*)\n targetLabel: ip\n replacement: \"1.x.x.x\" # \u8c03\u6574\u6210\u5bf9\u5e94\u7684 Redis \u5b9e\u4f8b IP\n namespaceSelector: # \u9009\u62e9\u8981\u76d1\u63a7 Pod \u6240\u5728\u7684 namespace\n matchNames:\n - redis-test\n selector: # \u586b\u5199\u8981\u76d1\u63a7 Pod \u7684 Label \u503c\uff0c\u4ee5\u5b9a\u4f4d\u76ee\u6807 pod\n matchLabels:\n k8s-app: redis-exporter\n
"},{"location":"admin/insight/collection-manag/metric-collect.html#2","title":"\u4e3e\u4f8b 2","text":"job_name: prometheus\nscrape_interval: 30s\nstatic_configs:\n- targets:\n - 127.0.0.1:9090\n
"},{"location":"admin/insight/collection-manag/metric-collect.html#service-monitor","title":"Service Monitor","text":"\u76f8\u5e94\u914d\u7f6e\u9879\u8bf4\u660e\u5982\u4e0b\uff1a
# Prometheus Operator CRD \u7248\u672c\napiVersion: monitoring.coreos.com/v1\n# \u5bf9\u5e94 K8S \u7684\u8d44\u6e90\u7c7b\u578b\uff0c\u8fd9\u91cc\u9762 Service Monitor\nkind: ServiceMonitor\n# \u5bf9\u5e94 K8S \u7684 Metadata\uff0c\u8fd9\u91cc\u53ea\u7528\u5173\u5fc3 name\uff0c\u5982\u679c\u6ca1\u6709\u6307\u5b9a jobLabel\uff0c\u5bf9\u5e94\u6293\u53d6\u6307\u6807 label \u4e2d job \u7684\u503c\u4e3a Service \u7684\u540d\u79f0\u3002\nmetadata:\n name: redis-exporter # \u586b\u5199\u4e00\u4e2a\u552f\u4e00\u540d\u79f0\n namespace: cm-prometheus # namespace \u56fa\u5b9a\uff0c\u4e0d\u9700\u8981\u4fee\u6539\n# \u63cf\u8ff0\u6293\u53d6\u76ee\u6807 Pod \u7684\u9009\u53d6\u53ca\u6293\u53d6\u4efb\u52a1\u7684\u914d\u7f6e\n label:\n operator.insight.io/managed-by: insight # Insight \u7ba1\u7406\u7684\u6807\u7b7e\u6807\u8bc6\uff0c\u5fc5\u586b\u3002\nspec:\n # \u586b\u5199\u5bf9\u5e94 Pod \u7684 label(metadata/labels)\uff0cservice monitor \u4f1a\u53d6\u5bf9\u5e94\u7684\u503c\u4f5c\u4e3a job label \u7684\u503c\n [ jobLabel: string ]\n # \u628a\u5bf9\u5e94 service \u4e0a\u7684 Label \u6dfb\u52a0\u5230 Target \u7684 Label \u4e2d\n [ targetLabels: []string ]\n # \u628a\u5bf9\u5e94 Pod \u4e0a\u7684 Label \u6dfb\u52a0\u5230 Target \u7684 Label \u4e2d\n [ podTargetLabels: []string ]\n # \u4e00\u6b21\u6293\u53d6\u6570\u636e\u70b9\u9650\u5236\uff0c0\uff1a\u4e0d\u4f5c\u9650\u5236\uff0c\u9ed8\u8ba4\u4e3a 0\n [ sampleLimit: uint64 ]\n # \u4e00\u6b21\u6293\u53d6 Target \u9650\u5236\uff0c0\uff1a\u4e0d\u4f5c\u9650\u5236\uff0c\u9ed8\u8ba4\u4e3a 0\n [ targetLimit: uint64 ]\n # \u914d\u7f6e\u9700\u8981\u6293\u53d6\u66b4\u9732\u7684 Prometheus HTTP \u63a5\u53e3\uff0c\u53ef\u4ee5\u914d\u7f6e\u591a\u4e2a Endpoint\n endpoints:\n [ - <endpoint_config> ... ] # \u8be6\u89c1\u4e0b\u9762 endpoint \u8bf4\u660e\n # \u9009\u62e9\u8981\u76d1\u63a7 Pod \u6240\u5728\u7684 namespace\uff0c\u4e0d\u586b\u4e3a\u9009\u53d6\u6240\u6709 namespace\n [ namespaceSelector: ]\n # \u662f\u5426\u9009\u53d6\u6240\u6709 namespace\n [ any: bool ]\n # \u9700\u8981\u9009\u53d6 namespace \u5217\u8868\n [ matchNames: []string ]\n # \u586b\u5199\u8981\u76d1\u63a7 Pod \u7684 Label \u503c\uff0c\u4ee5\u5b9a\u4f4d\u76ee\u6807 Pod [K8S metav1.LabelSelector](https://v1-17.docs.kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#labelselector-v1-meta)\n selector:\n [ matchExpressions: array ]\n [ example: - {key: tier, operator: In, values: [cache]} ]\n [ matchLabels: object ]\n [ example: k8s-app: redis-exporter ]\n
"},{"location":"admin/insight/collection-manag/metric-collect.html#_2","title":"\u4e3e\u4f8b","text":"apiVersion: monitoring.coreos.com/v1\nkind: ServiceMonitor\nmetadata:\n name: go-demo # \u586b\u5199\u4e00\u4e2a\u552f\u4e00\u540d\u79f0\n namespace: cm-prometheus # namespace \u56fa\u5b9a\uff0c\u4e0d\u8981\u4fee\u6539\n label:\n operator.insight.io/managed-by: insight # Insight \u7ba1\u7406\u7684\u6807\u7b7e\u6807\u8bc6\uff0c\u5fc5\u586b\u3002\nspec:\n endpoints:\n - interval: 30s\n # \u586b\u5199 service yaml \u4e2d Prometheus Exporter \u5bf9\u5e94\u7684 Port \u7684 Name\n port: 8080-8080-tcp\n # \u586b\u5199 Prometheus Exporter \u5bf9\u5e94\u7684 Path \u7684\u503c\uff0c\u4e0d\u586b\u9ed8\u8ba4 /metrics\n path: /metrics\n relabelings:\n # ** \u5fc5\u987b\u8981\u6709\u4e00\u4e2a label \u4e3a application\uff0c\u8fd9\u91cc\u5047\u8bbe k8s \u6709\u4e00\u4e2a label \u4e3a app\uff0c\n # \u6211\u4eec\u901a\u8fc7 relabel \u7684 replace \u52a8\u4f5c\u628a\u5b83\u66ff\u6362\u6210\u4e86 application\n - action: replace\n sourceLabels: [__meta_kubernetes_pod_label_app]\n targetLabel: application\n # \u9009\u62e9\u8981\u76d1\u63a7 service \u6240\u5728\u7684 namespace\n namespaceSelector:\n matchNames:\n - golang-demo\n # \u586b\u5199\u8981\u76d1\u63a7 service \u7684 Label \u503c\uff0c\u4ee5\u5b9a\u4f4d\u76ee\u6807 service\n selector:\n matchLabels:\n app: golang-app-demo\n
"},{"location":"admin/insight/collection-manag/metric-collect.html#endpoint_config","title":"endpoint_config","text":"\u76f8\u5e94\u914d\u7f6e\u9879\u8bf4\u660e\u5982\u4e0b\uff1a
# \u5bf9\u5e94 port \u7684\u540d\u79f0\uff0c\u8fd9\u91cc\u9700\u8981\u6ce8\u610f\u4e0d\u662f\u5bf9\u5e94\u7684\u7aef\u53e3\uff0c\u9ed8\u8ba4\uff1a80\uff0c\u5bf9\u5e94\u7684\u53d6\u503c\u5982\u4e0b\uff1a\n# ServiceMonitor: \u5bf9\u5e94 Service>spec/ports/name;\n# PodMonitor: \u8bf4\u660e\u5982\u4e0b\uff1a\n# \u5982\u679c\u67e5\u770b\u7684\u662f Pod Yaml\uff0c\u53d6 pod.spec.containers.ports.name \u4e2d\u7684\u503c\u3002\n# \u5982\u679c\u67e5\u770b\u7684\u662f Deployment/Daemonset/Statefulset\uff0c\u53d6\u503c spec.template.spec.containers.ports.name\n[ port: string | default = 80]\n# \u6293\u53d6\u4efb\u52a1\u8bf7\u6c42 URI \u8def\u5f84\n[ path: string | default = /metrics ]\n# \u6293\u53d6\u534f\u8bae: http \u6216\u8005 https\n[ scheme: string | default = http]\n# \u6293\u53d6\u8bf7\u6c42\u5bf9\u5e94 URL \u53c2\u6570\n[ params: map[string][]string]\n# \u6293\u53d6\u4efb\u52a1\u95f4\u9694\u7684\u65f6\u95f4\n[ interval: string | default = 30s ]\n# \u6293\u53d6\u4efb\u52a1\u8d85\u65f6\n[ scrapeTimeout: string | default = 30s]\n# \u6293\u53d6\u8fde\u63a5\u662f\u5426\u901a\u8fc7 TLS \u5b89\u5168\u901a\u9053\uff0c\u914d\u7f6e\u5bf9\u5e94\u7684 TLS \u53c2\u6570\n[ tlsConfig: TLSConfig ]\n# \u901a\u8fc7\u5bf9\u5e94\u7684\u6587\u4ef6\u8bfb\u53d6 bearer token \u5bf9\u5e94\u7684\u503c\uff0c\u653e\u5230\u6293\u53d6\u4efb\u52a1\u7684 header \u4e2d\n[ bearerTokenFile: string ]\n# \u901a\u8fc7\u5bf9\u5e94\u7684 K8S secret key \u8bfb\u53d6\u5bf9\u5e94\u7684 bearer token\uff0c\u6ce8\u610f secret namespace \u9700\u8981\u548c PodMonitor/ServiceMonitor \u76f8\u540c\n[ bearerTokenSecret: string ]\n# \u89e3\u51b3\u5f53\u6293\u53d6\u7684 label \u4e0e\u540e\u7aef Prometheus \u6dfb\u52a0 label \u51b2\u7a81\u65f6\u7684\u5904\u7406\u3002\n# true: \u4fdd\u7559\u6293\u53d6\u5230\u7684 label\uff0c\u5ffd\u7565\u4e0e\u540e\u7aef Prometheus \u51b2\u7a81\u7684 label\uff1b\n# false: \u5bf9\u51b2\u7a81\u7684 label\uff0c\u628a\u6293\u53d6\u7684 label \u524d\u52a0\u4e0a exported_<original-label>\uff0c\u6dfb\u52a0\u540e\u7aef Prometheus \u589e\u52a0\u7684 label\uff1b\n[ honorLabels: bool | default = false ]\n# \u662f\u5426\u4f7f\u7528\u6293\u53d6\u5230 target \u4e0a\u4ea7\u751f\u7684\u65f6\u95f4\u3002\n# true: \u5982\u679c target \u4e2d\u6709\u65f6\u95f4\uff0c\u4f7f\u7528 target \u4e0a\u7684\u65f6\u95f4\uff1b\n# false: \u76f4\u63a5\u5ffd\u7565 target \u4e0a\u7684\u65f6\u95f4\uff1b\n[ honorTimestamps: bool | default = true ]\n# basic auth \u7684\u8ba4\u8bc1\u4fe1\u606f\uff0cusername/password \u586b\u5199\u5bf9\u5e94 K8S secret key \u7684\u503c\uff0c\u6ce8\u610f secret namespace \u9700\u8981\u548c PodMonitor/ServiceMonitor \u76f8\u540c\u3002\n[ basicAuth: BasicAuth ]\n# \u901a\u8fc7\u4ee3\u7406\u670d\u52a1\u6765\u6293\u53d6 target \u4e0a\u7684\u6307\u6807\uff0c\u586b\u5199\u5bf9\u5e94\u7684\u4ee3\u7406\u670d\u52a1\u5730\u5740\n[ proxyUrl: string ]\n# \u5728\u6293\u53d6\u6570\u636e\u4e4b\u540e\uff0c\u628a target \u4e0a\u5bf9\u5e94\u7684 label \u901a\u8fc7 relabel \u7684\u673a\u5236\u8fdb\u884c\u6539\u5199\uff0c\u6309\u987a\u5e8f\u6267\u884c\u591a\u4e2a relabel \u89c4\u5219\u3002\n# relabel_config \u8be6\u89c1\u4e0b\u6587\u8bf4\u660e\nrelabelings:\n[ - <relabel_config> ...]\n# \u6570\u636e\u6293\u53d6\u5b8c\u6210\u5199\u5165\u4e4b\u524d\uff0c\u901a\u8fc7 relabel \u673a\u5236\u8fdb\u884c\u6539\u5199 label \u5bf9\u5e94\u7684\u503c\uff0c\u6309\u987a\u5e8f\u6267\u884c\u591a\u4e2a relabel \u89c4\u5219\u3002\n# relabel_config \u8be6\u89c1\u4e0b\u6587\u8bf4\u660e\nmetricRelabelings:\n[ - <relabel_config> ...]\n
"},{"location":"admin/insight/collection-manag/metric-collect.html#relabel_config","title":"relabel_config","text":"\u76f8\u5e94\u914d\u7f6e\u9879\u8bf4\u660e\u5982\u4e0b\uff1a
# \u4ece\u539f\u59cb labels \u4e2d\u53d6\u54ea\u4e9b label \u7684\u503c\u8fdb\u884c relabel\uff0c\u53d6\u51fa\u6765\u7684\u503c\u901a\u8fc7 separator \u4e2d\u7684\u5b9a\u4e49\u8fdb\u884c\u5b57\u7b26\u62fc\u63a5\u3002\n# \u5982\u679c\u662f PodMonitor/ServiceMonitor \u5bf9\u5e94\u7684\u914d\u7f6e\u9879\u4e3a sourceLabels\n[ source_labels: '[' <labelname> [, ...] ']' ]\n# \u5b9a\u4e49\u9700\u8981 relabel \u7684 label \u503c\u62fc\u63a5\u7684\u5b57\u7b26\uff0c\u9ed8\u8ba4\u4e3a ';'\n[ separator: <string> | default = ; ]\n\n# action \u4e3a replace/hashmod \u65f6\uff0c\u901a\u8fc7 target_label \u6765\u6307\u5b9a\u5bf9\u5e94 label name\u3002\n# \u5982\u679c\u662f PodMonitor/ServiceMonitor \u5bf9\u5e94\u7684\u914d\u7f6e\u9879\u4e3a targetLabel\n[ target_label: <labelname> ]\n\n# \u9700\u8981\u5bf9 source labels \u5bf9\u5e94\u503c\u8fdb\u884c\u6b63\u5219\u5339\u914d\u7684\u8868\u8fbe\u5f0f\n[ regex: <regex> | default = (.*) ]\n\n# action \u4e3a hashmod \u65f6\u7528\u5230\uff0c\u6839\u636e source label \u5bf9\u5e94\u503c md5 \u53d6\u6a21\u503c\n[ modulus: <int> ]\n\n# action \u4e3a replace \u7684\u65f6\u5019\uff0c\u901a\u8fc7 replacement \u6765\u5b9a\u4e49\u5f53 regex \u5339\u914d\u4e4b\u540e\u9700\u8981\u66ff\u6362\u7684\u8868\u8fbe\u5f0f\uff0c\u53ef\u4ee5\u7ed3\u5408 regex \u6b63\u89c4\u5219\u8868\u8fbe\u5f0f\u66ff\u6362\n[ replacement: <string> | default = $1 ]\n\n# \u57fa\u4e8e regex \u5339\u914d\u5230\u7684\u503c\u8fdb\u884c\u76f8\u5173\u7684\u64cd\u4f5c\uff0c\u5bf9\u5e94\u7684 action \u5982\u4e0b\uff0c\u9ed8\u8ba4\u4e3a replace\uff1a\n# replace: \u5982\u679c regex \u5339\u914d\u5230\uff0c\u901a\u8fc7 replacement \u4e2d\u5b9a\u4e49\u7684\u503c\u66ff\u6362\u76f8\u5e94\u7684\u503c\uff0c\u5e76\u901a\u8fc7 target_label \u8bbe\u503c\u5e76\u6dfb\u52a0\u76f8\u5e94\u7684 label\n# keep: \u5982\u679c regex \u6ca1\u6709\u5339\u914d\u5230\uff0c\u4e22\u5f03\n# drop: \u5982\u679c regex \u5339\u914d\u5230\uff0c\u4e22\u5f03\n# hashmod: \u901a\u8fc7 moduels \u6307\u5b9a\u7684\u503c\u628a source label \u5bf9\u5e94\u7684 md5 \u503c\u53d6\u6a21\n# \u5e76\u6dfb\u52a0\u4e00\u4e2a\u65b0\u7684 label\uff0clabel name \u901a\u8fc7 target_label \u6307\u5b9a\n# labelmap: \u5982\u679c regex \u5339\u914d\u5230\uff0c\u4f7f\u7528 replacement \u66ff\u6362\u5bf9\u5c31\u7684 label name\n# labeldrop: \u5982\u679c regex \u5339\u914d\u5230\uff0c\u5220\u9664\u5bf9\u5e94\u7684 label\n# labelkeep: \u5982\u679c regex \u6ca1\u6709\u5339\u914d\u5230\uff0c\u5220\u9664\u5bf9\u5e94\u7684 label\n[ action: <relabel_action> | default = replace ]\n
"},{"location":"admin/insight/collection-manag/probe-module.html","title":"\u81ea\u5b9a\u4e49\u63a2\u6d4b\u65b9\u5f0f","text":"Insight \u4f7f\u7528 Prometheus \u5b98\u65b9\u63d0\u4f9b\u7684 Blackbox Exporter \u4f5c\u4e3a\u9ed1\u76d2\u76d1\u63a7\u89e3\u51b3\u65b9\u6848\uff0c\u53ef\u4ee5\u901a\u8fc7 HTTP\u3001HTTPS\u3001DNS\u3001ICMP\u3001TCP \u548c gRPC \u65b9\u5f0f\u5bf9\u76ee\u6807\u5b9e\u4f8b\u8fdb\u884c\u68c0\u6d4b\u3002\u53ef\u7528\u4e8e\u4ee5\u4e0b\u4f7f\u7528\u573a\u666f\uff1a
\u5728\u672c\u6587\u4e2d\uff0c\u6211\u4eec\u5c06\u4ecb\u7ecd\u5982\u4f55\u5728\u5df2\u6709\u7684 Blackbox ConfigMap \u4e2d\u914d\u7f6e\u81ea\u5b9a\u4e49\u7684\u63a2\u6d4b\u65b9\u5f0f\u3002
Insight \u9ed8\u8ba4\u672a\u5f00\u542f ICMP \u63a2\u6d4b\u65b9\u5f0f\uff0c\u56e0\u4e3a ICMP \u9700\u8981\u66f4\u9ad8\u6743\u9650\uff0c\u56e0\u6b64\uff0c\u6211\u4eec\u5c06\u4ee5 ICMP \u548c HTTP \u63a2\u6d4b\u65b9\u5f0f\u4f5c\u4e3a\u793a\u4f8b\uff0c\u5c55\u793a\u5982\u4f55\u4fee\u6539 ConfigMap \u4ee5\u5b9e\u73b0\u81ea\u5b9a\u4e49\u7684 ICMP \u548c HTTP \u63a2\u6d4b\u3002
"},{"location":"admin/insight/collection-manag/probe-module.html#_2","title":"\u64cd\u4f5c\u6b65\u9aa4","text":"\u627e\u5230\u540d\u4e3a insight-agent-prometheus-blackbox-exporter \u7684\u914d\u7f6e\u9879\uff0c\u70b9\u51fb \u7f16\u8f91 YAML\uff1b
\u5728 modules \u4e0b\u6dfb\u52a0\u81ea\u5b9a\u4e49\u63a2\u6d4b\u65b9\u5f0f\uff1a
module:\n http_2xx:\n prober: http\n timeout: 5s\n http:\n valid_http_versions: [HTTP/1.1, HTTP/2]\n valid_status_codes: [] # Defaults to 2xx\n method: GET\n
module:\n ICMP: # ICMP \u63a2\u6d4b\u914d\u7f6e\u7684\u793a\u4f8b\n prober: icmp\n timeout: 5s\n icmp:\n preferred_ip_protocol: ip4\nicmp_example: # ICMP \u63a2\u6d4b\u914d\u7f6e\u7684\u793a\u4f8b 2\n prober: icmp\n timeout: 5s\n icmp:\n preferred_ip_protocol: \"ip4\"\n source_ip_address: \"127.0.0.1\"\n
\u7531\u4e8e ICMP \u9700\u8981\u66f4\u9ad8\u6743\u9650\uff0c\u56e0\u6b64\uff0c\u6211\u4eec\u8fd8\u9700\u8981\u63d0\u5347 Pod \u6743\u9650\uff0c\u5426\u5219\u4f1a\u51fa\u73b0 operation not permitted
\u7684\u9519\u8bef\u3002\u6709\u4ee5\u4e0b\u4e24\u79cd\u65b9\u5f0f\u63d0\u5347\u6743\u9650\uff1a \u65b9\u5f0f\u4e00\uff1a \u76f4\u63a5\u7f16\u8f91 BlackBox Exporter
\u90e8\u7f72\u6587\u4ef6\u5f00\u542f
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: insight-agent-prometheus-blackbox-exporter\n namespace: insight-system\nspec:\n template:\n spec:\n containers:\n - name: blackbox-exporter\n image: # ... (image, args, ports \u7b49\u4fdd\u6301\u4e0d\u53d8)\n imagePullPolicy: IfNotPresent\n securityContext:\n allowPrivilegeEscalation: false\n capabilities:\n add:\n - NET_RAW\n drop:\n - ALL\n readOnlyRootFilesystem: true\n runAsGroup: 0\n runAsNonRoot: false\n runAsUser: 0\n
\u65b9\u5f0f\u4e8c\uff1a \u901a\u8fc7 Helm Upgrade \u65b9\u5f0f\u63d0\u6743
prometheus-blackbox-exporter:\n enabled: true\n securityContext:\n runAsUser: 0\n runAsGroup: 0\n readOnlyRootFilesystem: true\n runAsNonRoot: false\n allowPrivilegeEscalation: false\n capabilities:\n add: [\"NET_RAW\"]\n
Info
\u66f4\u591a\u63a2\u6d4b\u65b9\u5f0f\u53ef\u53c2\u8003 blackbox_exporter Configuration\u3002
"},{"location":"admin/insight/collection-manag/probe-module.html#_3","title":"\u5176\u4ed6\u53c2\u8003","text":"\u4ee5\u4e0b YAML \u6587\u4ef6\u4e2d\u5305\u542b\u4e86 HTTP\u3001TCP\u3001SMTP\u3001ICMP\u3001DNS \u7b49\u591a\u79cd\u63a2\u6d4b\u65b9\u5f0f\uff0c\u53ef\u6839\u636e\u9700\u6c42\u81ea\u884c\u4fee\u6539 insight-agent-prometheus-blackbox-exporter
\u7684\u914d\u7f6e\u6587\u4ef6\u3002
kind: ConfigMap\napiVersion: v1\nmetadata:\n name: insight-agent-prometheus-blackbox-exporter\n namespace: insight-system\n labels:\n app.kubernetes.io/instance: insight-agent\n app.kubernetes.io/managed-by: Helm\n app.kubernetes.io/name: prometheus-blackbox-exporter\n app.kubernetes.io/version: v0.24.0\n helm.sh/chart: prometheus-blackbox-exporter-8.8.0\n annotations:\n meta.helm.sh/release-name: insight-agent\n meta.helm.sh/release-namespace: insight-system\ndata:\n blackbox.yaml: |\n modules:\n HTTP_GET:\n prober: http\n timeout: 5s\n http:\n method: GET\n valid_http_versions: [\"HTTP/1.1\", \"HTTP/2.0\"]\n follow_redirects: true\n preferred_ip_protocol: \"ip4\"\n HTTP_POST:\n prober: http\n timeout: 5s\n http:\n method: POST\n body_size_limit: 1MB\n TCP:\n prober: tcp\n timeout: 5s\n # \u9ed8\u8ba4\u672a\u5f00\u542f\uff1a\n # ICMP:\n # prober: icmp\n # timeout: 5s\n # icmp:\n # preferred_ip_protocol: ip4\n SSH:\n prober: tcp\n timeout: 5s\n tcp:\n query_response:\n - expect: \"^SSH-2.0-\"\n POP3S:\n prober: tcp\n tcp:\n query_response:\n - expect: \"^+OK\"\n tls: true\n tls_config:\n insecure_skip_verify: false\n http_2xx_example: # http \u63a2\u6d4b\u793a\u4f8b\n prober: http\n timeout: 5s # \u63a2\u6d4b\u7684\u8d85\u65f6\u65f6\u95f4\n http:\n valid_http_versions: [\"HTTP/1.1\", \"HTTP/2.0\"] # \u8fd4\u56de\u4fe1\u606f\u4e2d\u7684 Version\uff0c\u4e00\u822c\u9ed8\u8ba4\u5373\u53ef\n valid_status_codes: [] # Defaults to 2xx # \u6709\u6548\u7684\u8fd4\u56de\u7801\u8303\u56f4\uff0c\u5982\u679c\u8bf7\u6c42\u7684\u8fd4\u56de\u7801\u5728\u8be5\u8303\u56f4\u5185\uff0c\u89c6\u4e3a\u63a2\u6d4b\u6210\u529f\n method: GET # \u8bf7\u6c42\u65b9\u6cd5\n headers: # \u8bf7\u6c42\u7684\u5934\u90e8\n Host: vhost.example.com\n Accept-Language: en-US\n Origin: example.com\n no_follow_redirects: false # \u662f\u5426\u5141\u8bb8\u91cd\u5b9a\u5411\n fail_if_ssl: false \n fail_if_not_ssl: false\n fail_if_body_matches_regexp:\n - \"Could not connect to database\"\n fail_if_body_not_matches_regexp:\n - \"Download the latest version here\"\n fail_if_header_matches: # Verifies that no cookies are set\n - header: Set-Cookie\n allow_missing: true\n regexp: '.*'\n fail_if_header_not_matches:\n - header: Access-Control-Allow-Origin\n regexp: '(\\*|example\\.com)'\n tls_config: # \u9488\u5bf9 https \u8bf7\u6c42\u7684 tls \u7684\u914d\u7f6e\n insecure_skip_verify: false\n preferred_ip_protocol: \"ip4\" # defaults to \"ip6\" # \u9996\u9009\u7684 IP \u534f\u8bae\u7248\u672c\n ip_protocol_fallback: false # no fallback to \"ip6\" \n http_post_2xx: # \u5e26 Body \u7684 http \u63a2\u6d4b\u7684\u793a\u4f8b\n prober: http\n timeout: 5s\n http:\n method: POST # \u63a2\u6d4b\u7684\u8bf7\u6c42\u65b9\u6cd5\n headers:\n Content-Type: application/json\n body: '{\"username\":\"admin\",\"password\":\"123456\"}' # \u63a2\u6d4b\u65f6\u643a\u5e26\u7684 body\n http_basic_auth_example: # \u5e26\u7528\u6237\u540d\u5bc6\u7801\u7684\u63a2\u6d4b\u7684\u793a\u4f8b\n prober: http\n timeout: 5s\n http:\n method: POST\n headers:\n Host: \"login.example.com\"\n basic_auth: # \u63a2\u6d4b\u65f6\u8981\u52a0\u7684\u7528\u6237\u540d\u5bc6\u7801\n username: \"username\"\n password: \"mysecret\"\n http_custom_ca_example:\n prober: http\n http:\n method: GET\n tls_config: # \u6307\u5b9a\u63a2\u6d4b\u65f6\u4f7f\u7528\u7684\u6839\u8bc1\u4e66\n ca_file: \"/certs/my_cert.crt\"\n http_gzip:\n prober: http\n http:\n method: GET\n compression: gzip # \u63a2\u6d4b\u65f6\u4f7f\u7528\u7684\u538b\u7f29\u65b9\u6cd5\n http_gzip_with_accept_encoding:\n prober: http\n http:\n method: GET\n compression: gzip\n headers:\n Accept-Encoding: gzip\n tls_connect: # TCP \u63a2\u6d4b\u7684\u793a\u4f8b\n prober: tcp\n timeout: 5s\n tcp:\n tls: true # \u662f\u5426\u4f7f\u7528 TLS\n tcp_connect_example:\n prober: tcp\n timeout: 5s\n imap_starttls: # \u63a2\u6d4b IMAP \u90ae\u7bb1\u670d\u52a1\u5668\u7684\u914d\u7f6e\u793a\u4f8b\n prober: tcp\n timeout: 5s\n tcp:\n query_response:\n - expect: \"OK.*STARTTLS\"\n - send: \". STARTTLS\"\n - expect: \"OK\"\n - starttls: true\n - send: \". capability\"\n - expect: \"CAPABILITY IMAP4rev1\"\n smtp_starttls: # \u63a2\u6d4b SMTP \u90ae\u7bb1\u670d\u52a1\u5668\u7684\u914d\u7f6e\u793a\u4f8b\n prober: tcp\n timeout: 5s\n tcp:\n query_response:\n - expect: \"^220 ([^ ]+) ESMTP (.+)$\"\n - send: \"EHLO prober\\r\"\n - expect: \"^250-STARTTLS\"\n - send: \"STARTTLS\\r\"\n - expect: \"^220\"\n - starttls: true\n - send: \"EHLO prober\\r\"\n - expect: \"^250-AUTH\"\n - send: \"QUIT\\r\"\n irc_banner_example:\n prober: tcp\n timeout: 5s\n tcp:\n query_response:\n - send: \"NICK prober\"\n - send: \"USER prober prober prober :prober\"\n - expect: \"PING :([^ ]+)\"\n send: \"PONG ${1}\"\n - expect: \"^:[^ ]+ 001\"\n # icmp_example: # ICMP \u63a2\u6d4b\u914d\u7f6e\u7684\u793a\u4f8b\n # prober: icmp\n # timeout: 5s\n # icmp:\n # preferred_ip_protocol: \"ip4\"\n # source_ip_address: \"127.0.0.1\"\n dns_udp_example: # \u4f7f\u7528 UDP \u8fdb\u884c DNS \u67e5\u8be2\u7684\u793a\u4f8b\n prober: dns\n timeout: 5s\n dns:\n query_name: \"www.prometheus.io\" # \u8981\u89e3\u6790\u7684\u57df\u540d\n query_type: \"A\" # \u8be5\u57df\u540d\u5bf9\u5e94\u7684\u7c7b\u578b\n valid_rcodes:\n - NOERROR\n validate_answer_rrs:\n fail_if_matches_regexp:\n - \".*127.0.0.1\"\n fail_if_all_match_regexp:\n - \".*127.0.0.1\"\n fail_if_not_matches_regexp:\n - \"www.prometheus.io.\\t300\\tIN\\tA\\t127.0.0.1\"\n fail_if_none_matches_regexp:\n - \"127.0.0.1\"\n validate_authority_rrs:\n fail_if_matches_regexp:\n - \".*127.0.0.1\"\n validate_additional_rrs:\n fail_if_matches_regexp:\n - \".*127.0.0.1\"\n dns_soa:\n prober: dns\n dns:\n query_name: \"prometheus.io\"\n query_type: \"SOA\"\n dns_tcp_example: # \u4f7f\u7528 TCP \u8fdb\u884c DNS \u67e5\u8be2\u7684\u793a\u4f8b\n prober: dns\n dns:\n transport_protocol: \"tcp\" # defaults to \"udp\"\n preferred_ip_protocol: \"ip4\" # defaults to \"ip6\"\n query_name: \"www.prometheus.io\"\n
"},{"location":"admin/insight/collection-manag/service-monitor.html","title":"\u914d\u7f6e\u670d\u52a1\u53d1\u73b0\u89c4\u5219","text":"\u53ef\u89c2\u6d4b Insight \u652f\u6301\u901a\u8fc7 \u5bb9\u5668\u7ba1\u7406 \u521b\u5efa CRD ServiceMonitor \u7684\u65b9\u5f0f\u6765\u6ee1\u8db3\u60a8\u81ea\u5b9a\u4e49\u670d\u52a1\u53d1\u73b0\u7684\u91c7\u96c6\u9700\u6c42\u3002 \u7528\u6237\u53ef\u4ee5\u901a\u8fc7\u4f7f\u7528 ServiceMonitor \u81ea\u884c\u5b9a\u4e49 Pod \u53d1\u73b0\u7684 Namespace \u8303\u56f4\u4ee5\u53ca\u901a\u8fc7 matchLabel \u6765\u9009\u62e9\u76d1\u542c\u7684 Service\u3002
"},{"location":"admin/insight/collection-manag/service-monitor.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u96c6\u7fa4\u5df2\u5b89\u88c5 Helm \u5e94\u7528 insight-agent \u4e14\u5904\u4e8e \u8fd0\u884c\u4e2d \u72b6\u6001\u3002
"},{"location":"admin/insight/collection-manag/service-monitor.html#_3","title":"\u64cd\u4f5c\u6b65\u9aa4","text":"\u9009\u62e9\u5de6\u4fa7\u5bfc\u822a\u680f\u7684 \u91c7\u96c6\u7ba1\u7406 \uff0c\u67e5\u770b\u5168\u90e8\u96c6\u7fa4\u91c7\u96c6\u63d2\u4ef6\u7684\u72b6\u6001\u3002
\u70b9\u51fb\u5217\u8868\u4e2d\u7684\u67d0\u4e2a\u96c6\u7fa4\u540d\u79f0\u8fdb\u5165\u91c7\u96c6\u914d\u7f6e\u8be6\u60c5\u3002
\u70b9\u51fb\u94fe\u63a5\u8df3\u8f6c\u5230 \u5bb9\u5668\u7ba1\u7406 \u4e2d\u521b\u5efa Service Monitor\u3002
apiVersion: monitoring.coreos.com/v1\nkind: ServiceMonitor\nmetadata:\n name: micrometer-demo # (1)\n namespace: insight-system # (2)\n labels: \n operator.insight.io/managed-by: insight\nspec:\n endpoints: # (3)\n - honorLabels: true\n interval: 15s\n path: /actuator/prometheus\n port: http\n namespaceSelector: # (4)\n matchNames:\n - insight-system # (5)\n selector: # (6)\n matchLabels:\n micrometer-prometheus-discovery: \"true\"\n
\u8fd9\u662f\u670d\u52a1\u7aef\u70b9\uff0c\u4ee3\u8868 Prometheus \u6240\u9700\u7684\u91c7\u96c6 Metrics \u7684\u5730\u5740\u3002 endpoints \u4e3a\u4e00\u4e2a\u6570\u7ec4\uff0c \u540c\u65f6\u53ef\u4ee5\u521b\u5efa\u591a\u4e2a endpoints \u3002\u6bcf\u4e2a endpoints \u5305\u542b\u4e09\u4e2a\u5b57\u6bb5\uff0c\u6bcf\u4e2a\u5b57\u6bb5\u7684\u542b\u4e49\u5982\u4e0b\uff1a
\u8fd9\u662f\u9700\u8981\u53d1\u73b0\u7684 Service \u7684\u8303\u56f4\u3002 namespaceSelector \u5305\u542b\u4e24\u4e2a\u4e92\u65a5\u5b57\u6bb5\uff0c\u5b57\u6bb5\u7684\u542b\u4e49\u5982\u4e0b\uff1a
matchNames \uff1a\u6570\u7ec4\u503c\uff0c\u6307\u5b9a\u9700\u8981\u76d1\u542c\u7684 namespace \u7684\u8303\u56f4\u3002\u4f8b\u5982\uff0c\u53ea\u60f3\u76d1\u542c default \u548c insight-system \u4e24\u4e2a\u547d\u540d\u7a7a\u95f4\u4e2d\u7684 Service\uff0c\u90a3\u4e48 matchNames \u8bbe\u7f6e\u5982\u4e0b\uff1a
namespaceSelector:\n matchNames:\n - default\n - insight-system\n
\u6b64\u5904\u5339\u914d\u7684\u547d\u540d\u7a7a\u95f4\u4e3a\u9700\u8981\u66b4\u9732\u6307\u6807\u7684\u5e94\u7528\u6240\u5728\u7684\u547d\u540d\u7a7a\u95f4
\u2705\uff1a\u6d4b\u8bd5\u901a\u8fc7\uff1b \u274c\uff1a\u6d4b\u8bd5\u672a\u901a\u8fc7\uff1b\u7a7a\uff1a\u672a\u8fdb\u884c\u6d4b\u8bd5\uff1b
"},{"location":"admin/insight/compati-test/k8s-compatibility.html#insight-server-kubernetes","title":"Insight Server \u7684 Kubernetes \u517c\u5bb9\u6027\u6d4b\u8bd5","text":"\u573a\u666f \u6d4b\u8bd5\u65b9\u5f0f K8s 1.31 K8s 1.30 K8s 1.29 K8s 1.28 K8s 1.27 K8s 1.26 k8s 1.25.0 k8s 1.24 k8s 1.23 k8s 1.22 \u57fa\u7ebf\u573a\u666f E2E \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u6307\u6807\u67e5\u8be2 E2E \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u65e5\u5fd7\u67e5\u8be2 E2E \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u94fe\u8def\u67e5\u8be2 E2E \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u544a\u8b66\u4e2d\u5fc3 E2E \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u62d3\u6251\u67e5\u8be2 E2E \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705"},{"location":"admin/insight/compati-test/k8s-compatibility.html#insight-agent-kubernetes","title":"Insight Agent \u7684 Kubernetes \u517c\u5bb9\u6027\u6d4b\u8bd5","text":"\u573a\u666f \u6d4b\u8bd5\u65b9\u5f0f K8s 1.31 K8s 1.30 K8s 1.29 K8s 1.28 K8s 1.27 K8s 1.26 k8s 1.25 k8s 1.24 k8s 1.23 k8s 1.22 k8s 1.21 k8s 1.20 k8s 1.19 k8s 1.18 k8s 1.17 k8s 1.16 \u57fa\u7ebf\u573a\u666f E2E \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u274c \u274c \u274c \u6307\u6807\u67e5\u8be2 E2E \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u274c \u274c \u274c \u65e5\u5fd7\u67e5\u8be2 E2E \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u274c \u274c \u274c \u94fe\u8def\u67e5\u8be2 E2E \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u274c \u274c \u274c \u544a\u8b66\u4e2d\u5fc3 E2E \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u274c \u274c \u274c \u62d3\u6251\u67e5\u8be2 E2E \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u274c \u274c \u274cNote
Insight Agent \u7248\u672c\u517c\u5bb9\u5386\u53f2\uff1a
\u2705\uff1a\u6d4b\u8bd5\u901a\u8fc7\uff1b \u274c\uff1a\u6d4b\u8bd5\u672a\u901a\u8fc7\u3002
Note
\u8868\u683c\u4e2d\u7684\u6d4b\u8bd5\u529f\u80fd\u975e\u5168\u91cf\u3002
case \u6d4b\u8bd5\u65b9\u5f0f ocp4.10(k8s 1.23.0) \u5907\u6ce8 \u91c7\u96c6\u5e76\u67e5\u8be2 web \u5e94\u7528\u7684\u6307\u6807 \u624b\u5de5 \u2705 \u6dfb\u52a0\u81ea\u5b9a\u4e49\u6307\u6807\u91c7\u96c6 \u624b\u5de5 \u2705 \u67e5\u8be2\u5b9e\u65f6\u6307\u6807 \u624b\u5de5 \u2705 \u77ac\u65f6\u6307\u6807\u67e5\u8be2 \u624b\u5de5 \u2705 \u77ac\u65f6\u6307\u6807api\u5b57\u6bb5\u529f\u80fd\u9a8c\u8bc1 \u624b\u5de5 \u2705 \u67e5\u8be2\u4e00\u6bb5\u65f6\u95f4\u5185\u6307\u6807 \u624b\u5de5 \u2705 \u67e5\u8be2\u4e00\u6bb5\u65f6\u95f4\u5185\u6307\u6807 api \u5b57\u6bb5\u529f\u80fd\u9a8c\u8bc1 \u624b\u5de5 \u2705 \u6279\u91cf\u67e5\u8be2\u96c6\u7fa4CPU\u3001\u5185\u5b58\u4f7f\u7528\u7387\u3001\u96c6\u7fa4 CPU \u603b\u91cf\u3001\u96c6\u7fa4\u5185\u5b58\u4f7f\u7528\u91cf\uff0c\u96c6\u7fa4\u8282\u70b9\u603b\u6570 \u624b\u5de5 \u2705 \u6279\u91cf\u67e5\u8be2\u8282\u70b9CPU\u3001\u5185\u5b58\u4f7f\u7528\u7387\u3001\u8282\u70b9 CPU \u603b\u91cf\u3001\u8282\u70b9\u5185\u5b58\u4f7f\u7528\u91cf \u624b\u5de5 \u2705 \u6279\u91cf\u67e5\u8be2\u4e00\u6bb5\u65f6\u95f4\u5185\u7684\u96c6\u7fa4CPU\u3001\u5185\u5b58\u4f7f\u7528\u7387\u3001\u96c6\u7fa4 CPU \u603b\u91cf\u3001\u96c6\u7fa4\u5185\u5b58\u4f7f\u7528\u91cf\uff0c\u96c6\u7fa4\u8282\u70b9\u603b\u6570 \u624b\u5de5 \u2705 \u6279\u91cf\u67e5\u8be2\u67e5\u8be2\u4e00\u6bb5\u65f6\u95f4\u5185\u6307\u6807 api \u5b57\u6bb5\u529f\u80fd\u9a8c\u8bc1 \u624b\u5de5 \u2705 \u67e5\u8be2 Pod \u65e5\u5fd7 \u624b\u5de5 \u2705 \u67e5\u8be2 SVC \u65e5\u5fd7 \u624b\u5de5 \u2705 \u67e5\u8be2 statefulset \u65e5\u5fd7 \u624b\u5de5 \u2705 \u67e5\u8be2 Deployment \u65e5\u5fd7 \u624b\u5de5 \u2705 \u67e5\u8be2 NPD \u65e5\u5fd7 \u624b\u5de5 \u2705 \u65e5\u5fd7\u7b5b\u9009 \u624b\u5de5 \u2705 \u65e5\u5fd7\u6a21\u7cca\u67e5\u8be2-workloadSearch \u624b\u5de5 \u2705 \u65e5\u5fd7\u6a21\u7cca\u67e5\u8be2-podSearch \u624b\u5de5 \u2705 \u65e5\u5fd7\u6a21\u7cca\u67e5\u8be2-containerSearch \u624b\u5de5 \u2705 \u65e5\u5fd7\u7cbe\u786e\u67e5\u8be2-cluster \u624b\u5de5 \u2705 \u65e5\u5fd7\u7cbe\u786e\u67e5\u8be2-namespace \u624b\u5de5 \u2705 \u65e5\u5fd7\u67e5\u8be2 api \u5b57\u6bb5\u529f\u80fd\u9a8c\u8bc1 \u624b\u5de5 \u2705 \u544a\u8b66\u89c4\u5219-\u589e\u5220\u6539\u67e5 \u624b\u5de5 \u2705 \u544a\u8b66\u6a21\u677f-\u589e\u5220\u6539\u67e5 \u624b\u5de5 \u2705 \u901a\u77e5\u65b9\u5f0f-\u589e\u5220\u6539\u67e5 \u624b\u5de5 \u2705 \u94fe\u8def\u67e5\u8be2 \u624b\u5de5 \u2705 \u62d3\u6251\u67e5\u8be2 \u624b\u5de5 \u2705"},{"location":"admin/insight/compati-test/rancher-compatibility.html","title":"Rancher \u96c6\u7fa4\u517c\u5bb9\u6027\u6d4b\u8bd5","text":"\u2705\uff1a\u6d4b\u8bd5\u901a\u8fc7\uff1b \u274c\uff1a\u6d4b\u8bd5\u672a\u901a\u8fc7\u3002
Note
\u8868\u683c\u4e2d\u7684\u6d4b\u8bd5\u529f\u80fd\u975e\u5168\u91cf\u3002
case \u6d4b\u8bd5\u65b9\u5f0f Rancher rke2c1(k8s 1.24.11) \u5907\u6ce8 \u91c7\u96c6\u5e76\u67e5\u8be2 web \u5e94\u7528\u7684\u6307\u6807 \u624b\u5de5 \u2705 \u6dfb\u52a0\u81ea\u5b9a\u4e49\u6307\u6807\u91c7\u96c6 \u624b\u5de5 \u2705 \u67e5\u8be2\u5b9e\u65f6\u6307\u6807 \u624b\u5de5 \u2705 \u67e5\u8be2\u77ac\u65f6\u6307\u6807 \u624b\u5de5 \u2705 \u9a8c\u8bc1\u67e5\u8be2\u77ac\u65f6\u6307\u6807 API \u63a5\u53e3 \u624b\u5de5 \u2705 \u67e5\u8be2\u4e00\u6bb5\u65f6\u95f4\u5185\u6307\u6807 \u624b\u5de5 \u2705 \u9a8c\u8bc1\u67e5\u8be2\u4e00\u6bb5\u65f6\u95f4\u5185\u6307\u6807 API \u63a5\u53e3 \u624b\u5de5 \u2705 \u6279\u91cf\u67e5\u8be2\u96c6\u7fa4 CPU\u3001\u5185\u5b58\u4f7f\u7528\u7387\u3001\u96c6\u7fa4 CPU \u603b\u91cf\u3001\u96c6\u7fa4\u5185\u5b58\u4f7f\u7528\u91cf\uff0c\u96c6\u7fa4\u8282\u70b9\u603b\u6570 \u624b\u5de5 \u2705 \u6279\u91cf\u67e5\u8be2\u8282\u70b9 CPU\u3001\u5185\u5b58\u4f7f\u7528\u7387\u3001\u8282\u70b9 CPU \u603b\u91cf\u3001\u8282\u70b9\u5185\u5b58\u4f7f\u7528\u91cf \u624b\u5de5 \u2705 \u6279\u91cf\u67e5\u8be2\u4e00\u6bb5\u65f6\u95f4\u5185\u7684\u96c6\u7fa4 CPU\u3001\u5185\u5b58\u4f7f\u7528\u7387\u3001\u96c6\u7fa4 CPU \u603b\u91cf\u3001\u96c6\u7fa4\u5185\u5b58\u4f7f\u7528\u91cf\uff0c\u96c6\u7fa4\u8282\u70b9\u603b\u6570 \u624b\u5de5 \u2705 \u9a8c\u8bc1\u6279\u91cf\u67e5\u8be2\u4e00\u6bb5\u65f6\u95f4\u5185\u6307\u6807 API \u63a5\u53e3 \u624b\u5de5 \u2705 \u67e5\u8be2 Pod \u65e5\u5fd7 \u624b\u5de5 \u2705 \u67e5\u8be2 SVC \u65e5\u5fd7 \u624b\u5de5 \u2705 \u67e5\u8be2 statefulset \u65e5\u5fd7 \u624b\u5de5 \u2705 \u67e5\u8be2 Deployment \u65e5\u5fd7 \u624b\u5de5 \u2705 \u67e5\u8be2 NPD \u65e5\u5fd7 \u624b\u5de5 \u2705 \u7b5b\u9009\u65e5\u5fd7 \u624b\u5de5 \u2705 \u6a21\u7cca\u67e5\u8be2\u65e5\u5fd7-workloadSearch \u624b\u5de5 \u2705 \u6a21\u7cca\u67e5\u8be2\u65e5\u5fd7-podSearch \u624b\u5de5 \u2705 \u6a21\u7cca\u67e5\u8be2\u65e5\u5fd7-containerSearch \u624b\u5de5 \u2705 \u7cbe\u786e\u67e5\u8be2\u65e5\u5fd7-cluster \u624b\u5de5 \u2705 \u7cbe\u786e\u67e5\u8be2\u65e5\u5fd7-namespace \u624b\u5de5 \u2705 \u9a8c\u8bc1\u67e5\u8be2\u65e5\u5fd7 API \u63a5\u53e3 \u624b\u5de5 \u2705 \u544a\u8b66\u89c4\u5219 - \u589e\u5220\u6539\u67e5 \u624b\u5de5 \u2705 \u544a\u8b66\u6a21\u677f - \u589e\u5220\u6539\u67e5 \u624b\u5de5 \u2705 \u901a\u77e5\u65b9\u5f0f - \u589e\u5220\u6539\u67e5 \u624b\u5de5 \u2705 \u94fe\u8def\u67e5\u8be2 \u624b\u5de5 \u2705 \u62d3\u6251\u67e5\u8be2 \u624b\u5de5 \u2705"},{"location":"admin/insight/dashboard/dashboard.html","title":"\u4eea\u8868\u76d8","text":"Grafana \u662f\u4e00\u79cd\u5f00\u6e90\u7684\u6570\u636e\u53ef\u89c6\u5316\u548c\u76d1\u63a7\u5e73\u53f0\uff0c\u5b83\u63d0\u4f9b\u4e86\u4e30\u5bcc\u7684\u56fe\u8868\u548c\u9762\u677f\uff0c\u7528\u4e8e\u5b9e\u65f6\u76d1\u63a7\u3001\u5206\u6790\u548c\u53ef\u89c6\u5316\u5404\u79cd\u6570\u636e\u6e90\u7684\u6307\u6807\u548c\u65e5\u5fd7\u3002\u53ef\u89c2\u6d4b\u6027 Insight \u4f7f\u7528\u5f00\u6e90 Grafana \u63d0\u4f9b\u76d1\u63a7\u670d\u52a1\uff0c\u652f\u6301\u4ece\u96c6\u7fa4\u3001\u8282\u70b9\u3001\u547d\u540d\u7a7a\u95f4\u7b49\u591a\u7ef4\u5ea6\u67e5\u770b\u8d44\u6e90\u6d88\u8017\u60c5\u51b5\uff0c
\u5173\u4e8e\u5f00\u6e90 Grafana \u7684\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u89c1 Grafana \u5b98\u65b9\u6587\u6863\u3002
"},{"location":"admin/insight/dashboard/dashboard.html#_2","title":"\u64cd\u4f5c\u6b65\u9aa4","text":"\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u9009\u62e9 \u4eea\u8868\u76d8 \u3002
\u5728 Insight /\u6982\u89c8 \u4eea\u8868\u76d8\u4e2d\uff0c\u53ef\u67e5\u770b\u591a\u9009\u96c6\u7fa4\u7684\u8d44\u6e90\u4f7f\u7528\u60c5\u51b5\uff0c\u5e76\u4ee5\u547d\u540d\u7a7a\u95f4\u3001\u5bb9\u5668\u7ec4\u7b49\u591a\u4e2a\u7ef4\u5ea6\u5206\u6790\u4e86\u8d44\u6e90\u4f7f\u7528\u3001\u7f51\u7edc\u3001\u5b58\u50a8\u7b49\u60c5\u51b5\u3002
\u70b9\u51fb\u4eea\u8868\u76d8\u5de6\u4e0a\u4fa7\u7684\u4e0b\u62c9\u6846\u53ef\u5207\u6362\u96c6\u7fa4\u3002
\u70b9\u51fb\u4eea\u8868\u76d8\u53f3\u4e0b\u4fa7\u53ef\u5207\u6362\u67e5\u8be2\u7684\u65f6\u95f4\u8303\u56f4\u3002
Insight \u7cbe\u9009\u591a\u4e2a\u793e\u533a\u63a8\u8350\u4eea\u8868\u76d8\uff0c\u53ef\u4ece\u8282\u70b9\u3001\u547d\u540d\u7a7a\u95f4\u3001\u5de5\u4f5c\u8d1f\u8f7d\u7b49\u591a\u4e2a\u7ef4\u5ea6\u8fdb\u884c\u76d1\u63a7\u3002\u70b9\u51fb insight-system / Insight /\u6982\u89c8 \u533a\u57df\u5207\u6362\u4eea\u8868\u76d8\u3002
Note
\u8bbf\u95ee Grafana UI \u8bf7\u53c2\u8003\u4ee5\u7ba1\u7406\u5458\u8eab\u4efd\u767b\u5f55 Grafana\u3002
\u5bfc\u5165\u81ea\u5b9a\u4e49\u4eea\u8868\u76d8\u8bf7\u53c2\u8003\u5bfc\u5165\u81ea\u5b9a\u4e49\u4eea\u8868\u76d8\u3002
\u901a\u8fc7\u4f7f\u7528 Grafana CRD\uff0c\u53ef\u4ee5\u5c06\u4eea\u8868\u677f\u7684\u7ba1\u7406\u548c\u90e8\u7f72\u7eb3\u5165\u5230 Kubernetes \u7684\u751f\u547d\u5468\u671f\u7ba1\u7406\u4e2d\uff0c\u5b9e\u73b0\u4eea\u8868\u677f\u7684\u7248\u672c\u63a7\u5236\u3001\u81ea\u52a8\u5316\u90e8\u7f72\u548c\u96c6\u7fa4\u7ea7\u7684\u7ba1\u7406\u3002\u672c\u9875\u4ecb\u7ecd\u5982\u4f55\u901a\u8fc7 CRD \u548c UI \u754c\u9762\u5bfc\u5165\u81ea\u5b9a\u4e49\u7684\u4eea\u8868\u76d8\u3002
"},{"location":"admin/insight/dashboard/import-dashboard.html#_2","title":"\u64cd\u4f5c\u6b65\u9aa4","text":"\u767b\u5f55 AI \u7b97\u529b\u5e73\u53f0 \u5e73\u53f0\uff0c\u8fdb\u5165 \u5bb9\u5668\u7ba1\u7406 \uff0c\u5728\u96c6\u7fa4\u5217\u8868\u4e2d\u9009\u62e9 kpanda-global-cluster \u3002
\u9009\u62e9\u5de6\u4fa7\u5bfc\u822a\u680f\u7684 \u81ea\u5b9a\u4e49\u8d44\u6e90 \uff0c\u5728\u5217\u8868\u4e2d\u67e5\u627e grafanadashboards.integreatly.org \u6587\u4ef6\uff0c\u8fdb\u5165\u8be6\u60c5\u3002
\u70b9\u51fb Yaml \u521b\u5efa \uff0c\u4f7f\u7528\u4ee5\u4e0b\u6a21\u677f\uff0c\u5728 Json \u5b57\u6bb5\u4e2d\u66ff\u6362\u4eea\u8868\u76d8 JSON\u3002
apiVersion: integreatly.org/v1alpha1\nkind: GrafanaDashboard\nmetadata:\n labels:\n app: insight-grafana-operator\n operator.insight.io/managed-by: insight\n name: sample-dashboard\n namespace: insight-system\nspec:\n json: >\n {\n \"id\": null,\n \"title\": \"Simple Dashboard\",\n \"tags\": [],\n \"style\": \"dark\",\n \"timezone\": \"browser\",\n \"editable\": true,\n \"hideControls\": false,\n \"graphTooltip\": 1,\n \"panels\": [],\n \"time\": {\n \"from\": \"now-6h\",\n \"to\": \"now\"\n },\n \"timepicker\": {\n \"time_options\": [],\n \"refresh_intervals\": []\n },\n \"templating\": {\n \"list\": []\n },\n \"annotations\": {\n \"list\": []\n },\n \"refresh\": \"5s\",\n \"schemaVersion\": 17,\n \"version\": 0,\n \"links\": []\n }\n
\u70b9\u51fb \u786e\u8ba4 \u540e\uff0c\u7a0d\u7b49\u7247\u523b\u5373\u53ef\u5728 \u4eea\u8868\u76d8 \u4e2d\u67e5\u770b\u521a\u521a\u5bfc\u5165\u7684\u4eea\u8868\u76d8\u3002
Info
\u81ea\u5b9a\u4e49\u8bbe\u8ba1\u4eea\u8868\u76d8\uff0c\u8bf7\u53c2\u8003\u6dfb\u52a0\u4eea\u8868\u76d8\u9762\u677f\u3002
"},{"location":"admin/insight/dashboard/login-grafana.html","title":"\u8bbf\u95ee\u539f\u751f Grafana","text":"Insight \u501f\u52a9 Grafana \u63d0\u4f9b\u4e86\u4e30\u5bcc\u7684\u53ef\u89c6\u5316\u80fd\u529b\uff0c\u540c\u65f6\u4fdd\u7559\u4e86\u8bbf\u95ee\u539f\u751f Grafana \u7684\u5165\u53e3\u3002
"},{"location":"admin/insight/dashboard/login-grafana.html#_1","title":"\u64cd\u4f5c\u6b65\u9aa4","text":"\u767b\u5f55\u6d4f\u89c8\u5668\uff0c\u5728\u6d4f\u89c8\u5668\u4e2d\u8f93\u5165 Grafana \u5730\u5740\u3002
\u8bbf\u95ee\u5730\u5740\uff1a http://ip:\u8bbf\u95ee\u7aef\u53e3/ui/insight-grafana/login
\u4f8b\u5982\uff1a http://10.6.10.233:30209/ui/insight-grafana/login
\u70b9\u51fb\u53f3\u4e0b\u89d2\u7684\u767b\u5f55\uff0c\u4f7f\u7528\u9ed8\u8ba4\u7528\u6237\u540d\u3001\u5bc6\u7801\uff08admin/admin\uff09\u8fdb\u884c\u767b\u5f55\u3002
\u70b9\u51fb Log in \u5b8c\u6210\u767b\u5f55\u3002
\u6982\u7387 \u4ec5\u7edf\u8ba1\u5df2\u5b89\u88c5 insight-agent \u4e14\u5176\u8fd0\u884c\u72b6\u6001\u4e3a\u6b63\u5e38\u7684\u96c6\u7fa4\u6570\u636e\u3002\u53ef\u5728\u6982\u89c8\u4e2d\u591a\u96c6\u7fa4\u7684\u8d44\u6e90\u6982\u51b5\uff1a
\u5728\u5de6\u8fb9\u5bfc\u822a\u680f\u9009\u62e9 \u6982\u89c8 \u3002
"},{"location":"admin/insight/data-query/log.html","title":"\u65e5\u5fd7\u67e5\u8be2","text":"Insight \u9ed8\u8ba4\u91c7\u96c6\u8282\u70b9\u65e5\u5fd7\u3001\u5bb9\u5668\u65e5\u5fd7\u4ee5\u53ca kubernetes \u5ba1\u8ba1\u65e5\u5fd7\u3002\u5728\u65e5\u5fd7\u67e5\u8be2\u9875\u9762\u4e2d\uff0c\u53ef\u67e5\u8be2\u767b\u5f55\u8d26\u53f7\u6743\u9650\u5185\u7684\u6807\u51c6\u8f93\u51fa (stdout) \u65e5\u5fd7\uff0c\u5305\u62ec\u8282\u70b9\u65e5\u5fd7\u3001\u4ea7\u54c1\u65e5\u5fd7\u3001Kubenetes \u5ba1\u8ba1\u65e5\u5fd7\u7b49\uff0c\u5feb\u901f\u5728\u5927\u91cf\u65e5\u5fd7\u4e2d\u67e5\u8be2\u5230\u6240\u9700\u7684\u65e5\u5fd7\uff0c\u540c\u65f6\u7ed3\u5408\u65e5\u5fd7\u7684\u6765\u6e90\u4fe1\u606f\u548c\u4e0a\u4e0b\u6587\u539f\u59cb\u6570\u636e\u8f85\u52a9\u5b9a\u4f4d\u95ee\u9898\u3002
"},{"location":"admin/insight/data-query/log.html#_2","title":"\u64cd\u4f5c\u6b65\u9aa4","text":"\u5de6\u4fa7\u5bfc\u822a\u680f\u4e2d\uff0c\u9009\u62e9 \u65e5\u5fd7 \u3002
\u9876\u90e8 Tab \u9ed8\u8ba4\u8fdb\u5165 \u666e\u901a\u67e5\u8be2 \u3002
\u65e5\u5fd7\u7c7b\u578b\uff1a
\u652f\u6301\u5bf9\u5355\u4e2a\u5173\u952e\u5b57\u8fdb\u884c\u6a21\u7cca\u641c\u7d22\u3002
\u9876\u90e8\u5207\u6362 Tab \u9009\u62e9 Lucene \u8bed\u6cd5\u67e5\u8be2 \u3002
\u7b2c\u4e00\u6b21\u8fdb\u5165\u65f6\uff0c\u9ed8\u8ba4\u9009\u62e9\u767b\u5f55\u8d26\u53f7\u6743\u9650\u67e5\u8be2\u6709\u6743\u9650\u7684\u96c6\u7fa4\u6216\u547d\u540d\u7a7a\u95f4\u7684\u5bb9\u5668\u65e5\u5fd7\u3002
Lucene \u8bed\u6cd5\u8bf4\u660e\uff1a
\u70b9\u51fb\u65e5\u5fd7\u540e\u7684\u6309\u94ae\uff0c\u5728\u53f3\u4fa7\u5212\u51fa\u9762\u677f\u4e2d\u53ef\u67e5\u770b\u8be5\u6761\u65e5\u5fd7\u7684\u9ed8\u8ba4 100 \u6761\u4e0a\u4e0b\u6587\u3002\u53ef\u5207\u6362 \u663e\u793a\u884c\u6570 \u67e5\u770b\u66f4\u591a\u4e0a\u4e0b\u6587\u5185\u5bb9\u3002
"},{"location":"admin/insight/data-query/log.html#_5","title":"\u5bfc\u51fa\u65e5\u5fd7\u6570\u636e","text":"\u70b9\u51fb\u5217\u8868\u53f3\u4e0a\u4fa7\u7684\u4e0b\u8f7d\u6309\u94ae\u3002
\u6307\u6807\u67e5\u8be2\u652f\u6301\u67e5\u8be2\u5bb9\u5668\u5404\u8d44\u6e90\u7684\u6307\u6807\u6570\u636e\uff0c\u53ef\u67e5\u770b\u76d1\u63a7\u6307\u6807\u7684\u8d8b\u52bf\u53d8\u5316\u3002\u540c\u65f6\uff0c\u9ad8\u7ea7\u67e5\u8be2\u652f\u6301\u539f\u751f PromQL \u8bed\u53e5\u8fdb\u884c\u6307\u6807\u67e5\u8be2\u3002
"},{"location":"admin/insight/data-query/metric.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u70b9\u51fb\u4e00\u7ea7\u5bfc\u822a\u680f\u8fdb\u5165 \u53ef\u89c2\u6d4b\u6027 \u3002
\u5de6\u4fa7\u5bfc\u822a\u680f\u4e2d\uff0c\u9009\u62e9 \u6307\u6807 \u3002
\u9009\u62e9\u96c6\u7fa4\u3001\u7c7b\u578b\u3001\u8282\u70b9\u3001\u6307\u6807\u540d\u79f0\u67e5\u8be2\u6761\u4ef6\u540e\uff0c\u70b9\u51fb \u641c\u7d22 \uff0c\u5c4f\u5e55\u53f3\u4fa7\u5c06\u663e\u793a\u5bf9\u5e94\u6307\u6807\u56fe\u8868\u53ca\u6570\u636e\u8be6\u60c5\u3002
\u652f\u6301\u81ea\u5b9a\u4e49\u65f6\u95f4\u8303\u56f4\u3002\u53ef\u624b\u52a8\u70b9\u51fb \u5237\u65b0 \u56fe\u6807\u6216\u9009\u62e9\u9ed8\u8ba4\u65f6\u95f4\u95f4\u9694\u8fdb\u884c\u5237\u65b0\u3002
\u70b9\u51fb \u9ad8\u7ea7\u67e5\u8be2 \u9875\u7b7e\u901a\u8fc7\u539f\u751f\u7684 PromQL \u67e5\u8be2\u3002
Note
\u53c2\u9605 PromQL \u8bed\u6cd5\u3002
"},{"location":"admin/insight/faq/expand-once-es-full.html","title":"ElasticSearch \u6570\u636e\u585e\u6ee1\u5982\u4f55\u64cd\u4f5c\uff1f","text":"\u5f53 ElasticSearch \u5185\u5b58\u5360\u6ee1\u65f6\uff0c\u53ef\u4ee5\u9009\u62e9\u6269\u5bb9\u6216\u8005\u5220\u9664\u6570\u636e\u6765\u89e3\u51b3\uff1a
\u4f60\u53ef\u4ee5\u8fd0\u884c\u5982\u4e0b\u547d\u4ee4\u67e5\u770b ES \u8282\u70b9\u7684\u8d44\u6e90\u5360\u6bd4\u3002
kubectl get pod -n mcamel-system | grep common-es-cluster-masters-es | awk '{print $1}' | xargs -I {} kubectl exec {} -n mcamel-system -c elasticsearch -- df -h | grep /usr/share/elasticsearch/data\n
"},{"location":"admin/insight/faq/expand-once-es-full.html#_1","title":"\u6269\u5bb9","text":"\u5728\u4e3b\u673a\u8282\u70b9\u8fd8\u6709\u8d44\u6e90\u7684\u60c5\u51b5\u4e0b\uff0c \u6269\u5bb9 \u662f\u4e00\u79cd\u5e38\u89c1\u7684\u65b9\u6848\uff0c\u4e5f\u5c31\u662f\u63d0\u9ad8 PVC \u7684\u5bb9\u91cf\u3002
\u5148\u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\u83b7\u53d6 es-data-0 \u8282\u70b9\u7684 PVC \u914d\u7f6e\uff0c\u8bf7\u4ee5\u5b9e\u9645\u7684\u73af\u5883\u7684 PVC \u4e3a\u51c6\u3002
kubectl edit -n mcamel-system pvc elasticsearch-data-mcamel-common-es-cluster-masters-es-data-0\n
\u7136\u540e\u4fee\u6539\u4ee5\u4e0b storage
\u5b57\u6bb5\uff08\u9700\u8981\u4f7f\u7528\u7684\u5b58\u50a8\u7c7b SC \u53ef\u4ee5\u6269\u5bb9\uff09
spec:\n accessModes:\n - ReadWriteOnce\n resources:\n requests:\n storage: 35Gi # (1)!\n
\u5f53 ElasticSearch \u5185\u5b58\u5360\u6ee1\u65f6\uff0c\u4f60\u8fd8\u53ef\u4ee5\u5220\u9664 index \u6570\u636e\u91ca\u653e\u8d44\u6e90\u3002
\u4f60\u53ef\u4ee5\u53c2\u8003\u4ee5\u4e0b\u6b65\u9aa4\u8fdb\u5165 Kibana \u9875\u9762\uff0c\u624b\u52a8\u6267\u884c\u5220\u9664\u64cd\u4f5c\u3002
\u9996\u5148\u660e\u786e Kibana Pod \u662f\u5426\u5b58\u5728\u5e76\u4e14\u6b63\u5e38\u8fd0\u884c\uff1a
kubectl get po -n mcamel-system |grep mcamel-common-es-cluster-masters-kb\n
\u82e5\u4e0d\u5b58\u5728\uff0c\u5219\u624b\u52a8\u8bbe\u7f6e replica \u4e3a 1\uff0c\u5e76\u4e14\u7b49\u5f85\u670d\u52a1\u6b63\u5e38\u8fd0\u884c\uff1b\u82e5\u5b58\u5728\uff0c\u5219\u8df3\u8fc7\u8be5\u6b65\u9aa4
kubectl scale -n mcamel-system deployment mcamel-common-es-cluster-masters-kb --replicas 1\n
\u4fee\u6539 Kibana \u7684 Service \u4e3a NodePort \u66b4\u9732\u8bbf\u95ee\u65b9\u5f0f
kubectl patch svc -n mcamel-system mcamel-common-es-cluster-masters-kb-http -p '{\"spec\":{\"type\":\"NodePort\"}}'\n\n# \u4fee\u6539\u5b8c\u6210\u540e\u67e5\u770b NodePort\u3002\u6b64\u4f8b\u7684\u7aef\u53e3\u4e3a 30128\uff0c\u5219\u8bbf\u95ee\u65b9\u5f0f\u4e3a https://{\u96c6\u7fa4\u4e2d\u7684\u8282\u70b9IP}:30128\n[root@insight-master1 ~]# kubectl get svc -n mcamel-system |grep mcamel-common-es-cluster-masters-kb-http\nmcamel-common-es-cluster-masters-kb-http NodePort 10.233.51.174 <none> 5601:30128/TCP 108m\n
\u83b7\u53d6 ElasticSearch \u7684 Secret\uff0c\u7528\u4e8e\u767b\u5f55 Kibana\uff08\u7528\u6237\u540d\u4e3a elastic\uff09
kubectl get secrets -n mcamel-system mcamel-common-es-cluster-masters-es-elastic-user -o jsonpath=\"{.data.elastic}\" |base64 -d\n
\u8fdb\u5165 Kibana -> Stack Management -> Index Management \uff0c\u6253\u5f00 Include hidden indices \u9009\u9879\uff0c\u5373\u53ef\u89c1\u6240\u6709\u7684 index\u3002 \u6839\u636e index \u7684\u5e8f\u53f7\u5927\u5c0f\uff0c\u4fdd\u7559\u5e8f\u53f7\u5927\u7684 index\uff0c\u5220\u9664\u5e8f\u53f7\u5c0f\u7684 index\u3002
\u5bf9\u4e8e\u4efb\u610f\u4e00\u4e2a\u4e0d\u9700\u8981\u91c7\u96c6\u5bb9\u5668\u65e5\u5fd7\u7684 Pod, \u5728 Pod \u7684 annotation \u4e2d\u6dfb\u52a0 insight.opentelemetry.io/log-ignore: \"true\"
\u6765\u6307\u5b9a\u4e0d\u9700\u8981\u91c7\u96c6\u7684\u5bb9\u5668\u65e5\u5fd7\uff0c\u4f8b\u5982\uff1a
apiVersion: apps/v1\nkind: Pod\nmetadata:\n name: log-generator\nspec:\n selector:\n matchLabels:\n app.kubernetes.io/name: log-generator\n replicas: 1\n template:\n metadata:\n labels:\n app.kubernetes.io/name: log-generator\n annotations:\n insight.opentelemetry.io/log-ignore: \"true\"\n spec:\n containers:\n - name: nginx\n image: banzaicloud/log-generator:0.3.2\n
\u91cd\u542f Pod\uff0c\u7b49\u5f85 Pod \u6062\u590d\u8fd0\u884c\u72b6\u6001\u4e4b\u540e\uff0cFluenbit \u5c06\u4e0d\u518d\u91c7\u96c6\u8fd9\u4e2a Pod \u5185\u7684\u5bb9\u5668\u7684\u65e5\u5fd7\u3002
\u5728\u4e00\u4e2a\u5206\u5e03\u5f0f\u7cfb\u7edf\u4e2d\uff0c\u7531\u4e8e Clock Skew\uff08\u65f6\u949f\u504f\u659c\u8c03\u6574\uff09\u5f71\u54cd\uff0c \u4e0d\u540c\u4e3b\u673a\u95f4\u5b58\u5728\u65f6\u95f4\u6f02\u79fb\u73b0\u8c61\u3002\u901a\u4fd7\u6765\u8bf4\uff0c\u4e0d\u540c\u4e3b\u673a\u5728\u540c\u4e00\u65f6\u523b\u7684\u7cfb\u7edf\u65f6\u95f4\u662f\u6709\u5fae\u5c0f\u7684\u504f\u5dee\u7684\u3002
\u94fe\u8def\u8ffd\u8e2a\u7cfb\u7edf\u662f\u4e00\u4e2a\u5178\u578b\u7684\u5206\u5e03\u5f0f\u7cfb\u7edf\uff0c\u5b83\u5728\u6d89\u53ca\u65f6\u95f4\u6570\u636e\u91c7\u96c6\u4e0a\u4e5f\u53d7\u8fd9\u79cd\u73b0\u8c61\u5f71\u54cd\uff0c\u6bd4\u5982\u5728\u4e00\u6761\u94fe\u8def\u4e2d\u670d\u52a1\u7aef span \u7684\u5f00\u59cb\u65f6\u95f4\u65e9\u4e8e\u5ba2\u6237\u7aef span\uff0c \u8fd9\u79cd\u73b0\u8c61\u903b\u8f91\u4e0a\u662f\u4e0d\u5b58\u5728\u7684\uff0c\u4f46\u662f\u7531\u4e8e\u65f6\u949f\u504f\u79fb\u5f71\u54cd\uff0c\u94fe\u8def\u6570\u636e\u5728\u5404\u4e2a\u670d\u52a1\u4e2d\u88ab\u91c7\u96c6\u5230\u7684\u90a3\u4e00\u523b\u4e3b\u673a\u95f4\u7684\u7cfb\u7edf\u65f6\u5b58\u5728\u504f\u5dee\uff0c\u6700\u7ec8\u9020\u6210\u5982\u4e0b\u56fe\u6240\u793a\u7684\u73b0\u8c61\uff1a
\u4e0a\u56fe\u4e2d\u51fa\u73b0\u7684\u73b0\u8c61\u7406\u8bba\u4e0a\u65e0\u6cd5\u6d88\u9664\u3002\u4f46\u8be5\u73b0\u8c61\u8f83\u5c11\uff0c\u5373\u4f7f\u51fa\u73b0\u4e5f\u4e0d\u4f1a\u5f71\u54cd\u670d\u52a1\u95f4\u7684\u8c03\u7528\u5173\u7cfb\u3002
\u76ee\u524d Insight \u4f7f\u7528 Jaeger UI \u6765\u5c55\u793a\u94fe\u8def\u6570\u636e\uff0cUI \u5728\u9047\u5230\u8fd9\u79cd\u94fe\u8def\u65f6\u4f1a\u63d0\u9192\uff1a
\u76ee\u524d Jaeger \u7684\u793e\u533a\u6b63\u5728\u5c1d\u8bd5\u901a\u8fc7 UI \u5c42\u9762\u6765\u4f18\u5316\u8fd9\u4e2a\u95ee\u9898\u3002
\u66f4\u591a\u7684\u76f8\u5173\u8d44\u6599\uff0c\u8bf7\u53c2\u8003\uff1a
\u901a\u8fc7\u96c6\u7fa4\u76d1\u63a7\uff0c\u4f60\u53ef\u4ee5\u67e5\u770b\u96c6\u7fa4\u7684\u57fa\u672c\u4fe1\u606f\u3001\u8be5\u96c6\u7fa4\u4e2d\u7684\u8d44\u6e90\u6d88\u8017\u4ee5\u53ca\u4e00\u6bb5\u65f6\u95f4\u7684\u8d44\u6e90\u6d88\u8017\u53d8\u5316\u8d8b\u52bf\u7b49\u3002
"},{"location":"admin/insight/infra/cluster.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u96c6\u7fa4\u4e2d\u5df2\u5b89\u88c5 insight-agent \u4e14\u5e94\u7528\u5904\u4e8e \u8fd0\u884c\u4e2d \u72b6\u6001\u3002
"},{"location":"admin/insight/infra/cluster.html#_3","title":"\u64cd\u4f5c\u6b65\u9aa4","text":"\u8fdb\u5165 \u53ef\u89c2\u6d4b\u6027 \u4ea7\u54c1\u6a21\u5757\u3002
\u5728\u5de6\u8fb9\u5bfc\u822a\u680f\u9009\u62e9 \u57fa\u7840\u8bbe\u65bd -> \u96c6\u7fa4 \u3002\u5728\u8be5\u9875\u9762\u53ef\u67e5\u770b\u4ee5\u4e0b\u4fe1\u606f\uff1a
\u5207\u6362\u5230 \u8d44\u6e90\u6c34\u4f4d\u7ebf\u76d1\u63a7 \u9875\u7b7e\uff0c\u53ef\u67e5\u770b\u5f53\u524d\u96c6\u7fa4\u7684\u66f4\u591a\u76d1\u63a7\u6570\u636e\u3002
\u5bb9\u5668\u76d1\u63a7\u662f\u5bf9\u96c6\u7fa4\u7ba1\u7406\u4e2d\u5de5\u4f5c\u8d1f\u8f7d\u7684\u76d1\u63a7\uff0c\u5728\u5217\u8868\u4e2d\u53ef\u67e5\u770b\u5de5\u4f5c\u8d1f\u8f7d\u7684\u57fa\u672c\u4fe1\u606f\u548c\u72b6\u6001\u3002\u5728\u5de5\u4f5c\u8d1f\u8f7d\u8be6\u60c5\u9875\uff0c\u53ef\u67e5\u770b\u6b63\u5728\u544a\u8b66\u7684\u6570\u91cf\u4ee5\u53ca CPU\u3001\u5185\u5b58\u7b49\u8d44\u6e90\u6d88\u8017\u7684\u53d8\u5316\u8d8b\u52bf\u3002
"},{"location":"admin/insight/infra/container.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u96c6\u7fa4\u5df2\u5b89\u88c5 insight-agent\uff0c\u4e14\u6240\u6709\u7684\u5bb9\u5668\u7ec4\u5904\u4e8e \u8fd0\u884c\u4e2d \u72b6\u6001\u3002
\u8bf7\u6309\u7167\u4ee5\u4e0b\u6b65\u9aa4\u67e5\u770b\u670d\u52a1\u76d1\u63a7\u6307\u6807\uff1a
\u8fdb\u5165 \u53ef\u89c2\u6d4b\u6027 \u4ea7\u54c1\u6a21\u5757\u3002
\u5728\u5de6\u8fb9\u5bfc\u822a\u680f\u9009\u62e9 \u57fa\u7840\u8bbe\u65bd -> \u5de5\u4f5c\u8d1f\u8f7d \u3002
\u5207\u6362\u9876\u90e8 Tab\uff0c\u67e5\u770b\u4e0d\u540c\u7c7b\u578b\u5de5\u4f5c\u8d1f\u8f7d\u7684\u6570\u636e\u3002
\u70b9\u51fb\u76ee\u6807\u5de5\u4f5c\u8d1f\u8f7d\u540d\u79f0\u67e5\u770b\u8be6\u60c5\u3002
\u5207\u6362 Tab \u5230 \u5bb9\u5668\u7ec4\u5217\u8868 \uff0c\u53ef\u67e5\u770b\u5de5\u4f5c\u8d1f\u8f7d\u7684\u5404\u4e2a\u5bb9\u5668\u7ec4\u72b6\u6001\u3001\u6240\u5728\u8282\u70b9\u3001\u91cd\u542f\u6b21\u6570\u7b49\u4fe1\u606f\u3002
\u5207\u6362 Tab \u5230 JVM \u76d1\u63a7 \uff0c\u53ef\u67e5\u770b\u5404\u4e2a\u5bb9\u5668\u7ec4\u7684 JVM \u6307\u6807\u3002
Note
AI \u7b97\u529b\u5e73\u53f0 Insight \u652f\u6301\u6309\u96c6\u7fa4\u3001\u547d\u540d\u7a7a\u95f4\u67e5\u8be2\u4e8b\u4ef6\uff0c\u5e76\u63d0\u4f9b\u4e86\u4e8b\u4ef6\u72b6\u6001\u5206\u5e03\u56fe\uff0c\u5bf9\u91cd\u8981\u4e8b\u4ef6\u8fdb\u884c\u7edf\u8ba1\u3002
"},{"location":"admin/insight/infra/event.html#_2","title":"\u64cd\u4f5c\u6b65\u9aa4","text":"\u5de6\u4fa7\u5bfc\u822a\u680f\u4e2d\uff0c\u9009\u62e9 \u57fa\u7840\u8bbe\u7f6e > \u4e8b\u4ef6 \u3002
\u9ed8\u8ba4\u663e\u793a\u6700\u8fd1 12 \u5c0f\u65f6\u5185\u53d1\u751f\u7684\u4e8b\u4ef6\uff0c\u60a8\u53ef\u4ee5\u5728\u53f3\u4e0a\u89d2\u9009\u62e9\u4e0d\u540c\u7684\u65f6\u95f4\u8303\u56f4\u6765\u67e5\u770b\u8f83\u957f\u6216\u8f83\u77ed\u7684\u65f6\u95f4\u6bb5\u3002 \u60a8\u8fd8\u53ef\u4ee5\u81ea\u5b9a\u4e49\u91c7\u6837\u95f4\u9694\u4e3a 1 \u5206\u949f\u81f3 5 \u5c0f\u65f6\u3002
\u901a\u8fc7\u4e8b\u4ef6\u72b6\u6001\u5206\u5e03\u56fe\uff0c\u60a8\u53ef\u4ee5\u76f4\u89c2\u5730\u4e86\u89e3\u4e8b\u4ef6\u7684\u5bc6\u96c6\u7a0b\u5ea6\u548c\u5206\u6563\u60c5\u51b5\u3002 \u8fd9\u6709\u52a9\u4e8e\u5bf9\u540e\u7eed\u7684\u96c6\u7fa4\u8fd0\u7ef4\u8fdb\u884c\u8bc4\u4f30\uff0c\u5e76\u505a\u597d\u51c6\u5907\u548c\u5b89\u6392\u5de5\u4f5c\u3002 \u5982\u679c\u4e8b\u4ef6\u5bc6\u96c6\u53d1\u751f\u5728\u7279\u5b9a\u65f6\u6bb5\uff0c\u60a8\u53ef\u80fd\u9700\u8981\u8c03\u914d\u66f4\u591a\u7684\u8d44\u6e90\u6216\u91c7\u53d6\u76f8\u5e94\u63aa\u65bd\u6765\u786e\u4fdd\u96c6\u7fa4\u7a33\u5b9a\u6027\u548c\u9ad8\u53ef\u7528\u6027\u3002 \u800c\u5982\u679c\u4e8b\u4ef6\u8f83\u4e3a\u5206\u6563\uff0c\u5728\u6b64\u671f\u95f4\u60a8\u53ef\u4ee5\u5408\u7406\u5b89\u6392\u5176\u4ed6\u8fd0\u7ef4\u5de5\u4f5c\uff0c\u4f8b\u5982\u7cfb\u7edf\u4f18\u5316\u3001\u5347\u7ea7\u6216\u5904\u7406\u5176\u4ed6\u4efb\u52a1\u3002
\u901a\u8fc7\u7efc\u5408\u8003\u8651\u4e8b\u4ef6\u72b6\u6001\u5206\u5e03\u56fe\u548c\u65f6\u95f4\u8303\u56f4\uff0c\u60a8\u80fd\u66f4\u597d\u5730\u89c4\u5212\u548c\u7ba1\u7406\u96c6\u7fa4\u7684\u8fd0\u7ef4\u5de5\u4f5c\uff0c\u786e\u4fdd\u7cfb\u7edf\u7a33\u5b9a\u6027\u548c\u53ef\u9760\u6027\u3002
"},{"location":"admin/insight/infra/event.html#_4","title":"\u4e8b\u4ef6\u603b\u6570\u548c\u7edf\u8ba1","text":"\u901a\u8fc7\u91cd\u8981\u4e8b\u4ef6\u7edf\u8ba1\uff0c\u60a8\u53ef\u4ee5\u65b9\u4fbf\u5730\u4e86\u89e3\u955c\u50cf\u62c9\u53d6\u5931\u8d25\u6b21\u6570\u3001\u5065\u5eb7\u68c0\u67e5\u5931\u8d25\u6b21\u6570\u3001\u5bb9\u5668\u7ec4\uff08Pod\uff09\u8fd0\u884c\u5931\u8d25\u6b21\u6570\u3001 Pod \u8c03\u5ea6\u5931\u8d25\u6b21\u6570\u3001\u5bb9\u5668 OOM \u5185\u5b58\u8017\u5c3d\u6b21\u6570\u3001\u5b58\u50a8\u5377\u6302\u8f7d\u5931\u8d25\u6b21\u6570\u4ee5\u53ca\u6240\u6709\u4e8b\u4ef6\u7684\u603b\u6570\u3002\u8fd9\u4e9b\u4e8b\u4ef6\u901a\u5e38\u5206\u4e3a\u300cWarning\u300d\u548c\u300cNormal\u300d\u4e24\u7c7b\u3002
"},{"location":"admin/insight/infra/event.html#_5","title":"\u4e8b\u4ef6\u5217\u8868","text":"\u4e8b\u4ef6\u5217\u8868\u4ee5\u65f6\u95f4\u4e3a\u8f74\uff0c\u4ee5\u6d41\u6c34\u7684\u5f62\u5f0f\u5c55\u793a\u53d1\u751f\u7684\u4e8b\u4ef6\u3002\u60a8\u53ef\u4ee5\u6839\u636e\u300c\u6700\u8fd1\u53d1\u751f\u65f6\u95f4\u300d\u548c\u300c\u7ea7\u522b\u300d\u8fdb\u884c\u6392\u5e8f\u3002
\u70b9\u51fb\u53f3\u4fa7\u7684 \u2699\ufe0f \u56fe\u6807\uff0c\u60a8\u53ef\u4ee5\u6839\u636e\u81ea\u5df1\u7684\u559c\u597d\u548c\u9700\u6c42\u6765\u81ea\u5b9a\u4e49\u663e\u793a\u7684\u5217\u3002
\u5728\u9700\u8981\u7684\u65f6\u5019\uff0c\u60a8\u8fd8\u53ef\u4ee5\u70b9\u51fb\u5237\u65b0\u56fe\u6807\u6765\u66f4\u65b0\u5f53\u524d\u7684\u4e8b\u4ef6\u5217\u8868\u3002
"},{"location":"admin/insight/infra/event.html#_6","title":"\u5176\u4ed6\u64cd\u4f5c","text":"\u5728\u4e8b\u4ef6\u5217\u8868\u4e2d\u64cd\u4f5c\u5217\u7684\u56fe\u6807\uff0c\u53ef\u67e5\u770b\u67d0\u4e00\u4e8b\u4ef6\u7684\u5143\u6570\u636e\u4fe1\u606f\u3002
\u70b9\u51fb\u9876\u90e8\u9875\u7b7e\u7684 \u4e0a\u4e0b\u6587 \u53ef\u67e5\u770b\u8be5\u4e8b\u4ef6\u5bf9\u5e94\u8d44\u6e90\u7684\u5386\u53f2\u4e8b\u4ef6\u8bb0\u5f55\u3002
\u6709\u5173\u7cfb\u7edf\u81ea\u5e26\u7684 Event \u4e8b\u4ef6\u7684\u8be6\u7ec6\u542b\u4e49\uff0c\u8bf7\u53c2\u9605 Kubenetest API \u4e8b\u4ef6\u5217\u8868\u3002
"},{"location":"admin/insight/infra/namespace.html","title":"\u547d\u540d\u7a7a\u95f4\u76d1\u63a7","text":"\u4ee5\u547d\u540d\u7a7a\u95f4\u4e3a\u7ef4\u5ea6\uff0c\u5feb\u901f\u67e5\u8be2\u547d\u540d\u7a7a\u95f4\u5185\u7684\u8d44\u6e90\u6d88\u8017\u548c\u53d8\u5316\u8d8b\u52bf\u3002
"},{"location":"admin/insight/infra/namespace.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u96c6\u7fa4\u4e2d\u5df2\u5b89\u88c5 insight-agent \u4e14\u5e94\u7528\u5904\u4e8e \u8fd0\u884c\u4e2d \u72b6\u6001\u3002
"},{"location":"admin/insight/infra/namespace.html#_3","title":"\u64cd\u4f5c\u6b65\u9aa4","text":"\u8fdb\u5165 \u53ef\u89c2\u6d4b\u6027 \u4ea7\u54c1\u6a21\u5757\u3002
\u5728\u5de6\u8fb9\u5bfc\u822a\u680f\u9009\u62e9 \u57fa\u7840\u8bbe\u65bd > \u547d\u540d\u7a7a\u95f4 \u3002\u5728\u8be5\u9875\u9762\u53ef\u67e5\u770b\u4ee5\u4e0b\u4fe1\u606f\uff1a
\u901a\u8fc7\u8282\u70b9\u76d1\u63a7\uff0c\u4f60\u53ef\u4ee5\u6982\u89c8\u6240\u9009\u96c6\u7fa4\u4e0b\u8282\u70b9\u7684\u5f53\u524d\u5065\u5eb7\u72b6\u6001\u3001\u5bf9\u5e94\u5bb9\u5668\u7ec4\u7684\u5f02\u5e38\u6570\u91cf\uff1b \u5728\u5f53\u524d\u8282\u70b9\u8be6\u60c5\u9875\uff0c\u4f60\u53ef\u4ee5\u67e5\u770b\u6b63\u5728\u544a\u8b66\u7684\u6570\u91cf\u4ee5\u53ca CPU\u3001\u5185\u5b58\u3001\u78c1\u76d8\u7b49\u8d44\u6e90\u6d88\u8017\u7684\u53d8\u5316\u8d8b\u52bf\u56fe\u3002
"},{"location":"admin/insight/infra/node.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u96c6\u7fa4\u4e2d\u5df2\u5b89\u88c5 insight-agent \u4e14\u5e94\u7528\u5904\u4e8e \u8fd0\u884c\u4e2d \u72b6\u6001\u3002
"},{"location":"admin/insight/infra/node.html#_3","title":"\u64cd\u4f5c\u6b65\u9aa4","text":"\u8fdb\u5165 \u53ef\u89c2\u6d4b\u6027 \u4ea7\u54c1\u6a21\u5757\u3002
\u5728\u5de6\u8fb9\u5bfc\u822a\u680f\u9009\u62e9 \u57fa\u7840\u8bbe\u65bd -> \u8282\u70b9 \u3002\u5728\u8be5\u9875\u9762\u53ef\u67e5\u770b\u4ee5\u4e0b\u4fe1\u606f\uff1a
\u5207\u6362\u5230 \u8d44\u6e90\u6c34\u4f4d\u7ebf\u76d1\u63a7 \u9875\u7b7e\uff0c\u53ef\u67e5\u770b\u5f53\u524d\u8282\u70b9\u7684\u66f4\u591a\u76d1\u63a7\u6570\u636e\u3002
\u62e8\u6d4b\uff08Probe\uff09\u6307\u7684\u662f\u57fa\u4e8e\u9ed1\u76d2\u76d1\u63a7\uff0c\u5b9a\u671f\u901a\u8fc7 HTTP\u3001TCP \u7b49\u65b9\u5f0f\u5bf9\u76ee\u6807\u8fdb\u884c\u8fde\u901a\u6027\u6d4b\u8bd5\uff0c\u5feb\u901f\u53d1\u73b0\u6b63\u5728\u53d1\u751f\u7684\u6545\u969c\u3002
Insight \u57fa\u4e8e Prometheus Blackbox Exporter \u5de5\u5177\u901a\u8fc7 HTTP\u3001HTTPS\u3001DNS\u3001TCP \u548c ICMP \u7b49\u534f\u8bae\uff0c\u5bf9\u7f51\u7edc\u8fdb\u884c\u63a2\u6d4b\u5e76\u8fd4\u56de\u63a2\u6d4b\u7ed3\u679c\u4ee5\u4fbf\u4e86\u89e3\u7f51\u7edc\u72b6\u6001\u3002
"},{"location":"admin/insight/infra/probe.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u76ee\u6807\u96c6\u7fa4\u4e2d\u5df2\u6210\u529f\u90e8\u7f72 insight-agent\uff0c\u4e14\u5904\u4e8e \u8fd0\u884c\u4e2d \u72b6\u6001\u3002
"},{"location":"admin/insight/infra/probe.html#_3","title":"\u67e5\u770b\u62e8\u6d4b\u4efb\u52a1","text":"\u5728\u5de6\u8fb9\u5bfc\u822a\u680f\u9009\u62e9 \u57fa\u7840\u8bbe\u65bd -> \u62e8\u6d4b\u3002
\u586b\u5199\u57fa\u672c\u4fe1\u606f\u540e\u70b9\u51fb \u4e0b\u4e00\u6b65
\u914d\u7f6e\u63a2\u6d4b\u53c2\u6570\u3002
\u914d\u7f6e\u5b8c\u6210\u540e\uff0c\u70b9\u51fb \u786e\u5b9a \u5373\u53ef\u5b8c\u6210\u521b\u5efa\u3002
Warning
\u62e8\u6d4b\u4efb\u52a1\u521b\u5efa\u5b8c\u6210\u540e\uff0c\u9700\u8981\u5927\u6982 3 \u5206\u949f\u7684\u65f6\u95f4\u6765\u540c\u6b65\u914d\u7f6e\u3002\u5728\u6b64\u671f\u95f4\uff0c\u4e0d\u4f1a\u8fdb\u884c\u63a2\u6d4b\uff0c\u65e0\u6cd5\u67e5\u770b\u63a2\u6d4b\u7ed3\u679c\u3002
"},{"location":"admin/insight/infra/probe.html#_5","title":"\u7f16\u8f91\u62e8\u6d4b\u4efb\u52a1","text":"\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507 -> \u7f16\u8f91\uff0c\u5b8c\u6210\u7f16\u8f91\u540e\u70b9\u51fb \u786e\u5b9a\u3002
"},{"location":"admin/insight/infra/probe.html#_6","title":"\u67e5\u770b\u76d1\u63a7\u9762\u677f","text":"\u70b9\u51fb\u62e8\u6d4b\u540d\u79f0
\u67e5\u770b\u62e8\u6d4b\u4efb\u52a1\u4e2d\u6bcf\u4e2a\u76ee\u6807\u7684\u76d1\u63a7\u72b6\u6001\uff0c\u4ee5\u56fe\u8868\u65b9\u5f0f\u663e\u793a\u9488\u5bf9\u7f51\u7edc\u72b6\u51b5\u7684\u63a2\u6d4b\u7ed3\u679c\u3002
\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507 -> \u5220\u9664\uff0c\u786e\u8ba4\u65e0\u8bef\u540e\u70b9\u51fb \u786e\u5b9a\u3002
Caution
\u5220\u9664\u64cd\u4f5c\u4e0d\u53ef\u6062\u590d\uff0c\u8bf7\u8c28\u614e\u64cd\u4f5c\u3002
"},{"location":"admin/insight/quickstart/install/index.html","title":"\u5f00\u59cb\u89c2\u6d4b","text":"AI \u7b97\u529b\u4e2d\u5fc3 \u5e73\u53f0\u5b9e\u73b0\u4e86\u5bf9\u591a\u4e91\u591a\u96c6\u7fa4\u7684\u7eb3\u7ba1\uff0c\u5e76\u652f\u6301\u521b\u5efa\u96c6\u7fa4\u3002\u5728\u6b64\u57fa\u7840\u4e0a\uff0c\u53ef\u89c2\u6d4b\u6027 Insight \u4f5c\u4e3a\u591a\u96c6\u7fa4\u7edf\u4e00\u89c2\u6d4b\u65b9\u6848\uff0c\u901a\u8fc7\u90e8\u7f72 insight-agent \u63d2\u4ef6\u5b9e\u73b0\u5bf9\u591a\u96c6\u7fa4\u89c2\u6d4b\u6570\u636e\u7684\u91c7\u96c6\uff0c\u5e76\u652f\u6301\u901a\u8fc7 AI \u7b97\u529b\u4e2d\u5fc3 \u53ef\u89c2\u6d4b\u6027\u4ea7\u54c1\u5b9e\u73b0\u5bf9\u6307\u6807\u3001\u65e5\u5fd7\u3001\u94fe\u8def\u6570\u636e\u7684\u67e5\u8be2\u3002
insight-agent \u662f\u53ef\u89c2\u6d4b\u6027\u5b9e\u73b0\u5bf9\u591a\u96c6\u7fa4\u6570\u636e\u91c7\u96c6\u7684\u5de5\u5177\uff0c\u5b89\u88c5\u540e\u65e0\u9700\u4efb\u4f55\u4fee\u6539\uff0c\u5373\u53ef\u5b9e\u73b0\u5bf9\u6307\u6807\u3001\u65e5\u5fd7\u4ee5\u53ca\u94fe\u8def\u6570\u636e\u7684\u81ea\u52a8\u5316\u91c7\u96c6\u3002
\u901a\u8fc7 \u5bb9\u5668\u7ba1\u7406 \u521b\u5efa\u7684\u96c6\u7fa4\u9ed8\u8ba4\u4f1a\u5b89\u88c5 insight-agent\uff0c\u6545\u5728\u6b64\u4ec5\u9488\u5bf9\u63a5\u5165\u7684\u96c6\u7fa4\u5982\u4f55\u5f00\u542f\u89c2\u6d4b\u80fd\u529b\u63d0\u4f9b\u6307\u5bfc\u3002
\u53ef\u89c2\u6d4b\u6027 Insight \u4f5c\u4e3a\u591a\u96c6\u7fa4\u7684\u7edf\u4e00\u89c2\u6d4b\u5e73\u53f0\uff0c\u5176\u90e8\u5206\u7ec4\u4ef6\u7684\u8d44\u6e90\u6d88\u8017\u4e0e\u521b\u5efa\u96c6\u7fa4\u7684\u6570\u636e\u3001\u63a5\u5165\u96c6\u7fa4\u7684\u6570\u91cf\u606f\u606f\u76f8\u5173\uff0c\u5728\u5b89\u88c5 insight-agent \u65f6\uff0c\u9700\u8981\u6839\u636e\u96c6\u7fa4\u89c4\u6a21\u5bf9\u76f8\u5e94\u7ec4\u4ef6\u7684\u8d44\u6e90\u8fdb\u884c\u8c03\u6574\u3002
\u6839\u636e\u521b\u5efa\u96c6\u7fa4\u7684\u89c4\u6a21\u6216\u63a5\u5165\u96c6\u7fa4\u7684\u89c4\u6a21\uff0c\u8c03\u6574 insight-agent \u4e2d\u91c7\u96c6\u7ec4\u4ef6 Prometheus \u7684 CPU \u548c\u5185\u5b58\uff0c\u8bf7\u53c2\u8003: Prometheus \u8d44\u6e90\u89c4\u5212
\u7531\u4e8e\u591a\u96c6\u7fa4\u7684\u6307\u6807\u6570\u636e\u4f1a\u7edf\u4e00\u5b58\u50a8\uff0c\u5219\u9700\u8981 AI \u7b97\u529b\u4e2d\u5fc3 \u5e73\u53f0\u7ba1\u7406\u5458\u6839\u636e\u521b\u5efa\u96c6\u7fa4\u7684\u89c4\u6a21\u3001\u63a5\u5165\u96c6\u7fa4\u7684\u89c4\u6a21\u5bf9\u5e94\u8c03\u6574 vmstorage \u7684\u78c1\u76d8\uff0c\u8bf7\u53c2\u8003\uff1avmstorage \u78c1\u76d8\u5bb9\u91cf\u89c4\u5212\u3002
\u5982\u4f55\u8c03\u6574 vmstorage \u7684\u78c1\u76d8\uff0c\u8bf7\u53c2\u8003\uff1avmstorge \u78c1\u76d8\u6269\u5bb9\u3002
\u7531\u4e8e AI \u7b97\u529b\u4e2d\u5fc3 \u652f\u6301\u5bf9\u591a\u4e91\u591a\u96c6\u7fa4\u7684\u7eb3\u7ba1\uff0cinsight-agent \u76ee\u524d\u4e5f\u5b8c\u6210\u4e86\u90e8\u5206\u9a8c\u8bc1\uff0c\u7531\u4e8e\u76d1\u63a7\u7ec4\u4ef6\u51b2\u7a81\u95ee\u9898\u5bfc\u81f4\u5728 Openshift 4.x \u96c6\u7fa4\u4e2d\u5b89\u88c5 insight-agent \u4f1a\u51fa\u73b0\u95ee\u9898\uff0c\u82e5\u60a8\u9047\u5230\u540c\u6837\u95ee\u9898\uff0c\u8bf7\u53c2\u8003\u4ee5\u4e0b\u6587\u6863\uff1a
\u53ef\u89c2\u6d4b\u6027\u6a21\u5757\u4e3a\u4e86\u63d0\u9ad8\u5927\u89c4\u6a21\u73af\u5883\u4e0b\u7684\u6570\u636e\u5199\u5165\u80fd\u529b\uff0c\u652f\u6301\u5c06\u65e5\u5fd7\u5207\u6362\u4e3a \u5927\u65e5\u5fd7 \u6a21\u5f0f\u3001\u5c06\u94fe\u8def\u5207\u6362\u4e3a \u5927\u94fe\u8def \u6a21\u5f0f\u3002\u672c\u6587\u5c06\u4ecb\u7ecd\u4ee5\u4e0b\u51e0\u79cd\u5f00\u542f\u65b9\u5f0f\uff1a
\u672c\u8282\u8bf4\u660e\u666e\u901a\u65e5\u5fd7\u6a21\u5f0f\u548c\u5927\u65e5\u5fd7\u6a21\u5f0f\u7684\u533a\u522b\u3002
"},{"location":"admin/insight/quickstart/install/big-log-and-trace.html#_3","title":"\u65e5\u5fd7\u6a21\u5f0f","text":"\u7ec4\u4ef6\uff1aFluentbit + Elasticsearch
\u8be5\u6a21\u5f0f\u7b80\u79f0\u4e3a ES \u6a21\u5f0f\uff0c\u6570\u636e\u6d41\u56fe\u5982\u4e0b\u6240\u793a\uff1a
"},{"location":"admin/insight/quickstart/install/big-log-and-trace.html#_4","title":"\u5927\u65e5\u5fd7\u6a21\u5f0f","text":"\u7ec4\u4ef6\uff1aFluentbit + Kafka + Vector + Elasticsearch
\u8be5\u6a21\u5f0f\u7b80\u79f0\u4e3a Kafka \u6a21\u5f0f\uff0c\u6570\u636e\u6d41\u56fe\u5982\u4e0b\u6240\u793a\uff1a
"},{"location":"admin/insight/quickstart/install/big-log-and-trace.html#_5","title":"\u94fe\u8def","text":"\u672c\u8282\u8bf4\u660e\u666e\u901a\u94fe\u8def\u6a21\u5f0f\u548c\u5927\u94fe\u8def\u6a21\u5f0f\u7684\u533a\u522b\u3002
"},{"location":"admin/insight/quickstart/install/big-log-and-trace.html#_6","title":"\u94fe\u8def\u6a21\u5f0f","text":"\u7ec4\u4ef6\uff1aAgent opentelemetry-collector + Global opentelemetry-collector + Jaeger-collector + Elasticsearch
\u8be5\u6a21\u5f0f\u7b80\u79f0\u4e3a OTlp \u6a21\u5f0f\uff0c\u6570\u636e\u6d41\u56fe\u5982\u4e0b\u6240\u793a\uff1a
"},{"location":"admin/insight/quickstart/install/big-log-and-trace.html#_7","title":"\u5927\u94fe\u8def\u6a21\u5f0f","text":"\u7ec4\u4ef6\uff1aAgent opentelemetry-collector + Kafka + Global opentelemetry-collector + Jaeger-collector + Elasticsearch
\u8be5\u6a21\u5f0f\u7b80\u79f0\u4e3a Kafka \u6a21\u5f0f\uff0c\u6570\u636e\u6d41\u56fe\u5982\u4e0b\u6240\u793a\uff1a
"},{"location":"admin/insight/quickstart/install/big-log-and-trace.html#_8","title":"\u901a\u8fc7\u5b89\u88c5\u5668\u5f00\u542f","text":"\u901a\u8fc7\u5b89\u88c5\u5668\u90e8\u7f72/\u5347\u7ea7 AI \u7b97\u529b\u4e2d\u5fc3 \u65f6\u4f7f\u7528\u7684 manifest.yaml \u4e2d\u5b58\u5728 infrastructures.kafka \u5b57\u6bb5\uff0c \u5982\u679c\u60f3\u5f00\u542f\u53ef\u89c2\u6d4b\u7684\u5927\u65e5\u5fd7\u548c\u5927\u94fe\u8def\u6a21\u5f0f\uff0c\u5219\u9700\u8981\u542f\u7528 kafka\uff1a
manifest.yamlapiVersion: manifest.daocloud.io/v1alpha1\nkind: DCEManifest\n...\ninfrastructures:\n ...\n kafka:\n enable: true # \u9ed8\u8ba4\u4e3a false\n cpuLimit: 1\n memLimit: 2Gi\n pvcSize: 15Gi\n
"},{"location":"admin/insight/quickstart/install/big-log-and-trace.html#_9","title":"\u5f00\u542f","text":"\u5b89\u88c5\u65f6\u4f7f\u7528\u542f\u7528 kafka
\u7684 manifest.yaml\uff0c\u5219\u4f1a\u9ed8\u8ba4\u5b89\u88c5 kafka \u4e2d\u95f4\u4ef6\uff0c \u5e76\u5728\u5b89\u88c5 Insight \u65f6\u9ed8\u8ba4\u5f00\u542f\u5927\u65e5\u5fd7\u548c\u5927\u94fe\u8def\u6a21\u5f0f\u3002\u5b89\u88c5\u547d\u4ee4\u4e3a\uff1a
./dce5-installer cluster-create -c clusterConfig.yaml -m manifest.yaml\n
"},{"location":"admin/insight/quickstart/install/big-log-and-trace.html#_10","title":"\u5347\u7ea7","text":"\u5347\u7ea7\u540c\u6837\u662f\u4fee\u6539 kafka
\u5b57\u6bb5\u3002\u4f46\u9700\u8981\u6ce8\u610f\u7684\u662f\uff0c\u56e0\u4e3a\u8001\u73af\u5883\u5b89\u88c5\u65f6\u4f7f\u7528\u7684\u662f kafka: false
\uff0c \u6240\u4ee5\u73af\u5883\u4e2d\u65e0 kafka\u3002\u6b64\u65f6\u5347\u7ea7\u9700\u8981\u6307\u5b9a\u5347\u7ea7 middleware
\uff0c\u624d\u4f1a\u540c\u65f6\u5b89\u88c5 kafka \u4e2d\u95f4\u4ef6\u3002\u5347\u7ea7\u547d\u4ee4\u4e3a\uff1a
./dce5-installer cluster-create -c clusterConfig.yaml -m manifest.yaml -u gproduct,middleware\n
Note
\u5728\u5347\u7ea7\u5b8c\u6210\u540e\uff0c\u9700\u8981\u624b\u52a8\u91cd\u542f\u4ee5\u4e0b\u7ec4\u4ef6\uff1a
\u524d\u63d0\u6761\u4ef6\uff1a\u9700\u8981\u4fdd\u8bc1\u5b58\u5728 \u53ef\u7528\u7684 kafka \u4e14\u5730\u5740\u53ef\u6b63\u5e38\u8bbf\u95ee\u3002
\u6839\u636e\u4ee5\u4e0b\u547d\u4ee4\u83b7\u53d6\u8001\u7248\u672c insight \u548c insight-agent \u7684 values\uff08\u5efa\u8bae\u505a\u597d\u5907\u4efd\uff09\uff1a
helm get values insight -n insight-system -o yaml > insight.yaml\nhelm get values insight-agent -n insight-system -o yaml > insight-agent.yaml\n
"},{"location":"admin/insight/quickstart/install/big-log-and-trace.html#_11","title":"\u5f00\u542f\u5927\u65e5\u5fd7","text":"\u6709\u4ee5\u4e0b\u51e0\u79cd\u65b9\u5f0f\u5f00\u542f\u6216\u5347\u7ea7\u81f3\u5927\u65e5\u5fd7\u6a21\u5f0f\uff1a
\u5728helm upgrade
\u547d\u4ee4\u4e2d\u4f7f\u7528 --set\u4fee\u6539 YAML \u540e\u8fd0\u884c helm upgrade\u5bb9\u5668\u7ba1\u7406 UI \u5347\u7ea7 \u5148\u8fd0\u884c\u4ee5\u4e0b insight \u5347\u7ea7\u547d\u4ee4\uff0c\u6ce8\u610f kafka brokers \u5730\u5740\u9700\u6b63\u786e\uff1a
helm upgrade insight insight-release/insight \\\n -n insight-system \\\n -f ./insight.yaml \\\n --set global.kafka.brokers=\"10.6.216.111:30592\" \\\n --set global.kafka.enabled=true \\\n --set vector.enabled=true \\\n --version 0.30.1\n
\u7136\u540e\u8fd0\u884c\u4ee5\u4e0b insight-agent \u5347\u7ea7\u547d\u4ee4\uff0c\u6ce8\u610f kafka brokers \u5730\u5740\u9700\u6b63\u786e\uff1a
helm upgrade insight-agent insight-release/insight-agent \\\n -n insight-system \\\n -f ./insight-agent.yaml \\\n --set global.exporters.logging.kafka.brokers=\"10.6.216.111:30592\" \\\n --set global.exporters.logging.output=kafka \\\n --version 0.30.1\n
\u53c2\u7167\u4ee5\u4e0b\u6b65\u9aa4\u4fee\u6539 YAMl \u540e\u8fd0\u884c helm upgrade
\u547d\u4ee4\uff1a
\u4fee\u6539 insight.yaml
insight.yamlglobal:\n ...\n kafka:\n brokers: 10.6.216.111:30592\n enabled: true\n...\nvector:\n enabled: true\n
\u5347\u7ea7 insight \u7ec4\u4ef6\uff1a
helm upgrade insight insight-release/insight \\\n -n insight-system \\\n -f ./insight.yaml \\\n --version 0.30.1\n
\u4fee\u6539 insight-agent.yaml
insight-agent.yamlglobal:\n ...\n exporters:\n ...\n logging:\n ...\n kafka:\n brokers: 10.6.216.111:30592\n output: kafka\n
\u5347\u7ea7 insight-agent\uff1a
helm upgrade insight-agent insight-release/insight-agent \\\n -n insight-system \\\n -f ./insight-agent.yaml \\\n --version 0.30.1\n
\u5728\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u4e2d\uff0c\u627e\u5230\u5bf9\u5e94\u7684\u96c6\u7fa4\uff0c\u4ece\u5de6\u4fa7\u5bfc\u822a\u680f\u9009\u62e9 Helm \u5e94\u7528 \uff0c\u627e\u5230\u5e76\u66f4\u65b0 insight-agent\u3002
\u5728 Logging Settings \u4e2d\uff0c\u4e3a output \u9009\u62e9 kafka\uff0c\u5e76\u586b\u5199\u6b63\u786e\u7684 brokers \u5730\u5740\u3002
\u9700\u8981\u6ce8\u610f\u7684\u662f\uff0c\u5728\u5347\u7ea7\u5b8c\u6210\u540e\uff0c\u9700\u624b\u52a8\u91cd\u542f insight-agent-fluent-bit \u7ec4\u4ef6\u3002
"},{"location":"admin/insight/quickstart/install/big-log-and-trace.html#_12","title":"\u5f00\u542f\u5927\u94fe\u8def","text":"\u6709\u4ee5\u4e0b\u51e0\u79cd\u65b9\u5f0f\u5f00\u542f\u6216\u5347\u7ea7\u81f3\u5927\u94fe\u8def\u6a21\u5f0f\uff1a
\u5728helm upgrade
\u547d\u4ee4\u4e2d\u4f7f\u7528 --set\u4fee\u6539 YAML \u540e\u8fd0\u884c helm upgrade\u5bb9\u5668\u7ba1\u7406 UI \u5347\u7ea7 \u5148\u8fd0\u884c\u4ee5\u4e0b insight \u5347\u7ea7\u547d\u4ee4\uff0c\u6ce8\u610f kafka brokers \u5730\u5740\u9700\u6b63\u786e\uff1a
helm upgrade insight insight-release/insight \\\n -n insight-system \\\n -f ./insight.yaml \\\n --set global.kafka.brokers=\"10.6.216.111:30592\" \\\n --set global.kafka.enabled=true \\\n --set global.tracing.kafkaReceiver.enabled=true \\\n --version 0.30.1\n
\u7136\u540e\u8fd0\u884c\u4ee5\u4e0b insight-agent \u5347\u7ea7\u547d\u4ee4\uff0c\u6ce8\u610f kafka brokers \u5730\u5740\u9700\u6b63\u786e\uff1a
helm upgrade insight-agent insight-release/insight-agent \\\n -n insight-system \\\n -f ./insight-agent.yaml \\\n --set global.exporters.trace.kafka.brokers=\"10.6.216.111:30592\" \\\n --set global.exporters.trace.output=kafka \\\n --version 0.30.1\n
\u53c2\u7167\u4ee5\u4e0b\u6b65\u9aa4\u4fee\u6539 YAMl \u540e\u8fd0\u884c helm upgrade
\u547d\u4ee4\uff1a
\u4fee\u6539 insight.yaml
insight.yamlglobal:\n ...\n kafka:\n brokers: 10.6.216.111:30592\n enabled: true\n...\ntracing:\n ...\n kafkaReceiver:\n enabled: true\n
\u5347\u7ea7 insight \u7ec4\u4ef6\uff1a
helm upgrade insight insight-release/insight \\\n -n insight-system \\\n -f ./insight.yaml \\\n --version 0.30.1\n
\u4fee\u6539 insight-agent.yaml
insight-agent.yamlglobal:\n ...\n exporters:\n ...\n trace:\n ...\n kafka:\n brokers: 10.6.216.111:30592\n output: kafka\n
\u5347\u7ea7 insight-agent\uff1a
helm upgrade insight-agent insight-release/insight-agent \\\n -n insight-system \\\n -f ./insight-agent.yaml \\\n --version 0.30.1\n
\u5728\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u4e2d\uff0c\u627e\u5230\u5bf9\u5e94\u7684\u96c6\u7fa4\uff0c\u4ece\u5de6\u4fa7\u5bfc\u822a\u680f\u9009\u62e9 Helm \u5e94\u7528 \uff0c\u627e\u5230\u5e76\u66f4\u65b0 insight-agent\u3002
\u5728 Trace Settings \u4e2d\uff0c\u4e3a output \u9009\u62e9 kafka\uff0c\u5e76\u586b\u5199\u6b63\u786e\u7684 brokers \u5730\u5740\u3002
\u9700\u8981\u6ce8\u610f\u7684\u662f\uff0c\u5728\u5347\u7ea7\u5b8c\u6210\u540e\uff0c\u9700\u624b\u52a8 \u91cd\u542f insight-agent-opentelemetry-collector \u548c insight-opentelemetry-collector \u7ec4\u4ef6\u3002
"},{"location":"admin/insight/quickstart/install/component-scheduling.html","title":"\u81ea\u5b9a\u4e49 Insight \u7ec4\u4ef6\u8c03\u5ea6\u7b56\u7565","text":"\u5f53\u90e8\u7f72\u53ef\u89c2\u6d4b\u5e73\u53f0 Insight \u5230 Kubernetes \u73af\u5883\u65f6\uff0c\u6b63\u786e\u7684\u8d44\u6e90\u7ba1\u7406\u548c\u4f18\u5316\u81f3\u5173\u91cd\u8981\u3002 Insight \u5305\u542b\u591a\u4e2a\u6838\u5fc3\u7ec4\u4ef6\uff0c\u5982 Prometheus\u3001OpenTelemetry\u3001FluentBit\u3001Vector\u3001Elasticsearch \u7b49\uff0c \u8fd9\u4e9b\u7ec4\u4ef6\u5728\u8fd0\u884c\u8fc7\u7a0b\u4e2d\u53ef\u80fd\u56e0\u4e3a\u8d44\u6e90\u5360\u7528\u95ee\u9898\u5bf9\u96c6\u7fa4\u5185\u5176\u4ed6 Pod \u7684\u6027\u80fd\u4ea7\u751f\u8d1f\u9762\u5f71\u54cd\u3002 \u4e3a\u4e86\u6709\u6548\u5730\u7ba1\u7406\u8d44\u6e90\u5e76\u4f18\u5316\u96c6\u7fa4\u7684\u8fd0\u884c\uff0c\u8282\u70b9\u4eb2\u548c\u6027\u6210\u4e3a\u4e00\u9879\u91cd\u8981\u7684\u914d\u7f6e\u9009\u9879\u3002
\u672c\u6587\u5c06\u91cd\u70b9\u63a2\u8ba8\u5982\u4f55\u901a\u8fc7\u6c61\u70b9\u548c\u8282\u70b9\u4eb2\u548c\u6027\u7684\u914d\u7f6e\u7b56\u7565\uff0c\u4f7f\u5f97\u6bcf\u4e2a\u7ec4\u4ef6\u80fd\u591f\u5728\u9002\u5f53\u7684\u8282\u70b9\u4e0a\u8fd0\u884c\uff0c \u5e76\u907f\u514d\u8d44\u6e90\u7ade\u4e89\u6216\u4e89\u7528\uff0c\u4ece\u800c\u786e\u4fdd\u6574\u4e2a Kubernetes \u96c6\u7fa4\u7684\u7a33\u5b9a\u6027\u548c\u9ad8\u6548\u6027\u3002
"},{"location":"admin/insight/quickstart/install/component-scheduling.html#insight_1","title":"\u901a\u8fc7\u6c61\u70b9\u4e3a Insight \u914d\u7f6e\u4e13\u6709\u8282\u70b9","text":"\u7531\u4e8e Insight Agent \u5305\u542b\u4e86 DaemonSet \u7ec4\u4ef6\uff0c\u6240\u4ee5\u672c\u8282\u6240\u8ff0\u7684\u914d\u7f6e\u65b9\u5f0f\u662f\u8ba9\u9664\u4e86 Insight DameonSet \u4e4b\u5916\u7684\u5176\u4f59\u7ec4\u4ef6\u5747\u8fd0\u884c\u5728\u4e13\u6709\u8282\u70b9\u4e0a\u3002
\u8be5\u65b9\u5f0f\u662f\u901a\u8fc7\u4e3a\u4e13\u6709\u8282\u70b9\u6dfb\u52a0\u6c61\u70b9\uff08taint\uff09\uff0c\u5e76\u914d\u5408\u6c61\u70b9\u5bb9\u5fcd\u5ea6\uff08tolerations\uff09\u6765\u5b9e\u73b0\u7684\u3002 \u66f4\u591a\u7ec6\u8282\u53ef\u4ee5\u53c2\u8003 Kubernetes \u5b98\u65b9\u6587\u6863\u3002
\u53ef\u4ee5\u53c2\u8003\u5982\u4e0b\u547d\u4ee4\u4e3a\u8282\u70b9\u6dfb\u52a0\u53ca\u79fb\u9664\u6c61\u70b9\uff1a
# \u6dfb\u52a0\u6c61\u70b9\nkubectl taint nodes worker1 node.daocloud.io=insight-only:NoSchedule\n\n# \u79fb\u9664\u6c61\u70b9\nkubectl taint nodes worker1 node.daocloud.io:NoSchedule-\n
\u6709\u4ee5\u4e0b\u4e24\u79cd\u9014\u5f84\u8ba9 Insight \u7ec4\u4ef6\u8c03\u5ea6\u81f3\u4e13\u6709\u8282\u70b9\uff1a
"},{"location":"admin/insight/quickstart/install/component-scheduling.html#1","title":"1. \u4e3a\u6bcf\u4e2a\u7ec4\u4ef6\u6dfb\u52a0\u6c61\u70b9\u5bb9\u5fcd\u5ea6","text":"\u9488\u5bf9 insight-server
\u548c insight-agent
\u4e24\u4e2a Chart \u5206\u522b\u8fdb\u884c\u914d\u7f6e\uff1a
server:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n\nui:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n\nrunbook:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n\n# mysql:\nvictoria-metrics-k8s-stack:\n victoria-metrics-operator:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n vmcluster:\n spec:\n vmstorage:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n vmselect:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n vminsert:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n vmalert:\n spec:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n alertmanager:\n spec:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n\njaeger:\n collector:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n query:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n\nopentelemetry-collector-aggregator:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n\nopentelemetry-collector:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n\ngrafana-operator:\n operator:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n grafana:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\nkibana:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n\nelastic-alert:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n\nvector:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n
kube-prometheus-stack:\n prometheus:\n prometheusSpec:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n prometheus-node-exporter:\n tolerations:\n - effect: NoSchedule\n operator: Exists\n prometheusOperator:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n\nkube-state-metrics:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\nopentelemetry-operator:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\nopentelemetry-collector:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\ntailing-sidecar-operator:\n operator:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\nopentelemetry-kubernetes-collector:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\nprometheus-blackbox-exporter:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\netcd-exporter:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\" \n
"},{"location":"admin/insight/quickstart/install/component-scheduling.html#2","title":"2. \u901a\u8fc7\u547d\u540d\u7a7a\u95f4\u7ea7\u522b\u914d\u7f6e","text":"\u8ba9 insight-system
\u547d\u540d\u7a7a\u95f4\u7684 Pod \u90fd\u5bb9\u5fcd node.daocloud.io=insight-only
\u6c61\u70b9\u3002
\u8c03\u6574 apiserver
\u7684\u914d\u7f6e\u6587\u4ef6 /etc/kubernetes/manifests/kube-apiserver.yaml
\uff0c\u653e\u5f00 PodTolerationRestriction,PodNodeSelector
, \u53c2\u8003\u4e0b\u56fe\uff1a
\u7ed9 insight-system
\u547d\u540d\u7a7a\u95f4\u589e\u52a0\u6ce8\u89e3\uff1a
apiVersion: v1\nkind: Namespace\nmetadata:\n name: insight-system\n annotations:\n scheduler.alpha.kubernetes.io/defaultTolerations: '[{\"operator\": \"Equal\", \"effect\": \"NoSchedule\", \"key\": \"node.daocloud.io\", \"value\": \"insight-only\"}]'\n
\u91cd\u542f insight-system \u547d\u540d\u7a7a\u95f4\u4e0b\u9762\u7684\u7ec4\u4ef6\u5373\u53ef\u6b63\u5e38\u5bb9\u5fcd insight-system \u4e0b\u7684 Pod \u8c03\u5ea6\u3002
"},{"location":"admin/insight/quickstart/install/component-scheduling.html#label","title":"\u4e3a\u8282\u70b9\u6dfb\u52a0 Label \u548c\u8282\u70b9\u4eb2\u548c\u6027\u6765\u7ba1\u7406\u7ec4\u4ef6\u8c03\u5ea6","text":"Info
\u8282\u70b9\u4eb2\u548c\u6027\u6982\u5ff5\u4e0a\u7c7b\u4f3c\u4e8e nodeSelector
\uff0c\u5b83\u4f7f\u4f60\u53ef\u4ee5\u6839\u636e\u8282\u70b9\u4e0a\u7684 \u6807\u7b7e(label) \u6765\u7ea6\u675f Pod \u53ef\u4ee5\u8c03\u5ea6\u5230\u54ea\u4e9b\u8282\u70b9\u4e0a\u3002 \u8282\u70b9\u4eb2\u548c\u6027\u6709\u4e24\u79cd\uff1a
\u66f4\u8fc7\u7ec6\u8282\u8bf7\u53c2\u8003 kubernetes \u5b98\u65b9\u6587\u6863\u3002
\u4e3a\u4e86\u5b9e\u73b0\u4e0d\u540c\u7528\u6237\u5bf9 Insight \u7ec4\u4ef6\u8c03\u5ea6\u7684\u7075\u6d3b\u9700\u6c42\uff0cInsight \u5206\u522b\u63d0\u4f9b\u4e86\u8f83\u4e3a\u7ec6\u7c92\u5ea6\u7684 Label \u6765\u5b9e\u73b0\u4e0d\u540c\u7ec4\u4ef6\u7684\u8c03\u5ea6\u7b56\u7565\uff0c\u4ee5\u4e0b\u662f\u6807\u7b7e\u4e0e\u7ec4\u4ef6\u7684\u5173\u7cfb\u8bf4\u660e\uff1a
\u6807\u7b7e Key \u6807\u7b7e Value \u8bf4\u660enode.daocloud.io/insight-any
\u4efb\u610f\u503c\uff0c\u63a8\u8350\u7528 true
\u4ee3\u8868 Insight \u6240\u6709\u7ec4\u4ef6\u4f18\u5148\u8003\u8651\u5e26\u4e86\u8be5\u6807\u7b7e\u7684\u8282\u70b9 node.daocloud.io/insight-prometheus
\u4efb\u610f\u503c\uff0c\u63a8\u8350\u7528 true
\u7279\u6307 Prometheus \u7ec4\u4ef6 node.daocloud.io/insight-vmstorage
\u4efb\u610f\u503c\uff0c\u63a8\u8350\u7528 true
\u7279\u6307 VictoriaMetrics vmstorage \u7ec4\u4ef6 node.daocloud.io/insight-vector
\u4efb\u610f\u503c\uff0c\u63a8\u8350\u7528 true
\u7279\u6307 Vector \u7ec4\u4ef6 node.daocloud.io/insight-otel-col
\u4efb\u610f\u503c\uff0c\u63a8\u8350\u7528 true
\u7279\u6307 OpenTelemetry \u7ec4\u4ef6 \u53ef\u4ee5\u53c2\u8003\u5982\u4e0b\u547d\u4ee4\u4e3a\u8282\u70b9\u6dfb\u52a0\u53ca\u79fb\u9664\u6807\u7b7e\uff1a
# \u4e3a node8 \u6dfb\u52a0\u6807\u7b7e\uff0c\u5148\u5c06 insight-prometheus \u8c03\u5ea6\u5230 node8 \nkubectl label nodes node8 node.daocloud.io/insight-prometheus=true\n\n# \u79fb\u9664 node8 \u7684 node.daocloud.io/insight-prometheus \u6807\u7b7e\nkubectl label nodes node8 node.daocloud.io/insight-prometheus-\n
\u4ee5\u4e0b\u662f insight-prometheus \u7ec4\u4ef6\u5728\u90e8\u7f72\u65f6\u9ed8\u8ba4\u7684\u4eb2\u548c\u6027\u504f\u597d\uff1a
affinity:\n nodeAffinity:\n preferredDuringSchedulingIgnoredDuringExecution:\n - preference:\n matchExpressions:\n - key: node-role.kubernetes.io/control-plane\n operator: DoesNotExist\n weight: 1\n - preference:\n matchExpressions:\n - key: node.daocloud.io/insight-prometheus # (1)!\n operator: Exists\n weight: 2\n - preference:\n matchExpressions:\n - key: node.daocloud.io/insight-any\n operator: Exists\n weight: 3\n podAntiAffinity:\n preferredDuringSchedulingIgnoredDuringExecution:\n - weight: 1\n podAffinityTerm:\n topologyKey: kubernetes.io/hostname\n labelSelector:\n matchExpressions:\n - key: app.kubernetes.io/instance\n operator: In\n values:\n - insight-agent-kube-prometh-prometheus\n
\u53ef\u89c2\u6d4b\u6027\u662f\u591a\u96c6\u7fa4\u7edf\u4e00\u89c2\u6d4b\u7684\u4ea7\u54c1\uff0c\u4e3a\u5b9e\u73b0\u5bf9\u591a\u96c6\u7fa4\u89c2\u6d4b\u6570\u636e\u7684\u7edf\u4e00\u5b58\u50a8\u3001\u67e5\u8be2\uff0c \u5b50\u96c6\u7fa4\u9700\u8981\u5c06\u91c7\u96c6\u7684\u89c2\u6d4b\u6570\u636e\u4e0a\u62a5\u7ed9\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u8fdb\u884c\u7edf\u4e00\u5b58\u50a8\u3002 \u672c\u6587\u63d0\u4f9b\u4e86\u5728\u5b89\u88c5\u91c7\u96c6\u7ec4\u4ef6 insight-agent \u65f6\u5fc5\u586b\u7684\u5b58\u50a8\u7ec4\u4ef6\u7684\u5730\u5740\u3002
"},{"location":"admin/insight/quickstart/install/gethosturl.html#insight-agent","title":"\u5728\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u5b89\u88c5 insight-agent","text":"\u5982\u679c\u5728\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u5b89\u88c5 insight-agent\uff0c\u63a8\u8350\u901a\u8fc7\u57df\u540d\u6765\u8bbf\u95ee\u96c6\u7fa4\uff1a
export vminsert_host=\"vminsert-insight-victoria-metrics-k8s-stack.insight-system.svc.cluster.local\" # (1)!\nexport es_host=\"insight-es-master.insight-system.svc.cluster.local\" # (2)!\nexport otel_col_host=\"insight-opentelemetry-collector.insight-system.svc.cluster.local\" # (3)!\n
"},{"location":"admin/insight/quickstart/install/gethosturl.html#insight-agent_1","title":"\u5728\u5176\u4ed6\u96c6\u7fa4\u5b89\u88c5 insight-agent","text":""},{"location":"admin/insight/quickstart/install/gethosturl.html#insight-server","title":"\u901a\u8fc7 Insight Server \u63d0\u4f9b\u7684\u63a5\u53e3\u83b7\u53d6\u5730\u5740","text":"\u7ba1\u7406\u96c6\u7fa4\u4f7f\u7528\u9ed8\u8ba4\u7684 LoadBalancer \u65b9\u5f0f\u66b4\u9732
\u767b\u5f55\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u7684\u63a7\u5236\u53f0\uff0c\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a
export INSIGHT_SERVER_IP=$(kubectl get service insight-server -n insight-system --output=jsonpath={.spec.clusterIP})\ncurl --location --request POST 'http://'\"${INSIGHT_SERVER_IP}\"'/apis/insight.io/v1alpha1/agentinstallparam'\n
Note
\u8bf7\u66ff\u6362\u547d\u4ee4\u4e2d\u7684 ${INSIGHT_SERVER_IP}
\u53c2\u6570\u3002
\u83b7\u5f97\u5982\u4e0b\u8fd4\u56de\u503c\uff1a
{\n \"values\": {\n \"global\": {\n \"exporters\": {\n \"logging\": {\n \"host\": \"10.6.182.32\"\n },\n \"metric\": {\n \"host\": \"10.6.182.32\"\n },\n \"auditLog\": {\n \"host\": \"10.6.182.32\"\n },\n \"trace\": {\n \"host\": \"10.6.182.32\"\n }\n }\n },\n \"opentelemetry-operator\": {\n \"enabled\": true\n },\n \"opentelemetry-collector\": {\n \"enabled\": true\n }\n }\n}\n
global.exporters.logging.host
\u662f\u65e5\u5fd7\u670d\u52a1\u5730\u5740\uff0c\u4e0d\u9700\u8981\u518d\u8bbe\u7f6e\u5bf9\u5e94\u670d\u52a1\u7684\u7aef\u53e3\uff0c\u90fd\u4f1a\u4f7f\u7528\u76f8\u5e94\u9ed8\u8ba4\u503cglobal.exporters.metric.host
\u662f\u6307\u6807\u670d\u52a1\u5730\u5740global.exporters.trace.host
\u662f\u94fe\u8def\u670d\u52a1\u5730\u5740global.exporters.auditLog.host
\u662f\u5ba1\u8ba1\u65e5\u5fd7\u670d\u52a1\u5730\u5740\uff08\u548c\u94fe\u8def\u4f7f\u7528\u7684\u540c\u4e00\u4e2a\u670d\u52a1\u4e0d\u540c\u7aef\u53e3\uff09\u7ba1\u7406\u96c6\u7fa4\u7981\u7528 LoadBalancer
\u8c03\u7528\u63a5\u53e3\u65f6\u9700\u8981\u989d\u5916\u4f20\u9012\u96c6\u7fa4\u4e2d\u4efb\u610f\u5916\u90e8\u53ef\u8bbf\u95ee\u7684\u8282\u70b9 IP\uff0c\u4f1a\u4f7f\u7528\u8be5 IP \u62fc\u63a5\u51fa\u5bf9\u5e94\u670d\u52a1\u7684\u5b8c\u6574\u8bbf\u95ee\u5730\u5740\u3002
export INSIGHT_SERVER_IP=$(kubectl get service insight-server -n insight-system --output=jsonpath={.spec.clusterIP})\ncurl --location --request POST 'http://'\"${INSIGHT_SERVER_IP}\"'/apis/insight.io/v1alpha1/agentinstallparam' --data '{\"extra\": {\"EXPORTER_EXTERNAL_IP\": \"10.5.14.51\"}}'\n
\u5c06\u83b7\u5f97\u5982\u4e0b\u7684\u8fd4\u56de\u503c\uff1a
{\n \"values\": {\n \"global\": {\n \"exporters\": {\n \"logging\": {\n \"scheme\": \"https\",\n \"host\": \"10.5.14.51\",\n \"port\": 32007,\n \"user\": \"elastic\",\n \"password\": \"j8V1oVoM1184HvQ1F3C8Pom2\"\n },\n \"metric\": {\n \"host\": \"10.5.14.51\",\n \"port\": 30683\n },\n \"auditLog\": {\n \"host\": \"10.5.14.51\",\n \"port\": 30884\n },\n \"trace\": {\n \"host\": \"10.5.14.51\",\n \"port\": 30274\n }\n }\n },\n \"opentelemetry-operator\": {\n \"enabled\": true\n },\n \"opentelemetry-collector\": {\n \"enabled\": true\n }\n }\n}\n
global.exporters.logging.host
\u662f\u65e5\u5fd7\u670d\u52a1\u5730\u5740global.exporters.logging.port
\u662f\u65e5\u5fd7\u670d\u52a1\u66b4\u9732\u7684 NodePortglobal.exporters.metric.host
\u662f\u6307\u6807\u670d\u52a1\u5730\u5740global.exporters.metric.port
\u662f\u6307\u6807\u670d\u52a1\u66b4\u9732\u7684 NodePortglobal.exporters.trace.host
\u662f\u94fe\u8def\u670d\u52a1\u5730\u5740global.exporters.trace.port
\u662f\u94fe\u8def\u670d\u52a1\u66b4\u9732\u7684 NodePortglobal.exporters.auditLog.host
\u662f\u5ba1\u8ba1\u65e5\u5fd7\u670d\u52a1\u5730\u5740\uff08\u548c\u94fe\u8def\u4f7f\u7528\u7684\u540c\u4e00\u4e2a\u670d\u52a1\u4e0d\u540c\u7aef\u53e3\uff09global.exporters.auditLog.host
\u662f\u5ba1\u8ba1\u65e5\u5fd7\u670d\u52a1\u66b4\u9732\u7684 NodePort\u82e5\u96c6\u7fa4\u4e2d\u5f00\u542f LoadBalancer
\u4e14\u4e3a Insight \u8bbe\u7f6e\u4e86 VIP
\u65f6\uff0c\u60a8\u4e5f\u53ef\u4ee5\u624b\u52a8\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u83b7\u53d6 vminsert
\u4ee5\u53ca opentelemetry-collector
\u7684\u5730\u5740\u4fe1\u606f\uff1a
$ kubectl get service -n insight-system | grep lb\nlb-insight-opentelemetry-collector LoadBalancer 10.233.23.12 <pending> 4317:31286/TCP,8006:31351/TCP 24d\nlb-vminsert-insight-victoria-metrics-k8s-stack LoadBalancer 10.233.63.67 <pending> 8480:31629/TCP 24d\n
lb-vminsert-insight-victoria-metrics-k8s-stack
\u662f\u6307\u6807\u670d\u52a1\u7684\u5730\u5740lb-insight-opentelemetry-collector
\u662f\u94fe\u8def\u670d\u52a1\u7684\u5730\u5740\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u83b7\u53d6 elasticsearch
\u5730\u5740\u4fe1\u606f\uff1a
$ kubectl get service -n mcamel-system | grep es\nmcamel-common-es-cluster-masters-es-http NodePort 10.233.16.120 <none> 9200:30465/TCP 47d\n
mcamel-common-es-cluster-masters-es-http
\u662f\u65e5\u5fd7\u670d\u52a1\u7684\u5730\u5740
\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u7981\u7528 LB \u7279\u6027
\u5728\u8be5\u60c5\u51b5\u4e0b\uff0c\u9ed8\u8ba4\u4e0d\u4f1a\u521b\u5efa\u4e0a\u8ff0\u7684 LoadBalancer \u8d44\u6e90\uff0c\u5bf9\u5e94\u670d\u52a1\u540d\u4e3a\uff1a
\u4e0a\u9762\u4e24\u79cd\u60c5\u51b5\u83b7\u53d6\u5230\u5bf9\u5e94\u670d\u52a1\u7684\u5bf9\u5e94\u7aef\u53e3\u4fe1\u606f\u540e\uff0c\u8fdb\u884c\u5982\u4e0b\u8bbe\u7f6e\uff1a
--set global.exporters.logging.host= # (1)!\n--set global.exporters.logging.port= # (2)!\n--set global.exporters.metric.host= # (3)!\n--set global.exporters.metric.port= # (4)!\n--set global.exporters.trace.host= # (5)!\n--set global.exporters.trace.port= # (6)!\n--set global.exporters.auditLog.host= # (7)!\n
\u672c\u6587\u63cf\u8ff0\u4e86\u5728\u547d\u4ee4\u884c\u4e2d\u901a\u8fc7 Helm \u547d\u4ee4\u5b89\u88c5 Insight Agent \u793e\u533a\u7248\u7684\u64cd\u4f5c\u6b65\u9aa4\u3002
"},{"location":"admin/insight/quickstart/install/helm-installagent.html#insight-agent","title":"\u5b89\u88c5 Insight Agent","text":"\u4f7f\u7528\u4ee5\u4e0b\u547d\u4ee4\u6dfb\u52a0\u955c\u50cf\u4ed3\u5e93\u7684\u5730\u5740
helm repo add insight https://release.daocloud.io/chartrepo/insight\nhelm repo upgrade\nhelm search repo insight/insight-agent --versions\n
\u5b89\u88c5 Insight Agent \u9700\u8981\u786e\u4fdd\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4e2d\u7684 Insight Server \u6b63\u5e38\u8fd0\u884c\uff0c\u6267\u884c\u4ee5\u4e0b\u5b89\u88c5\u547d\u4ee4\u5b89\u88c5 Insight Agent \u793e\u533a\u7248\uff0c\u8be5\u914d\u7f6e\u4e0d\u542f\u7528 Tracing \u529f\u80fd\uff1a
helm upgrade --install --create-namespace --cleanup-on-fail \\\n --version ${version} \\ # \u8bf7\u6307\u5b9a\u90e8\u7f72\u7248\u672c\n insight-agent insight/insight-agent \\\n --set global.exporters.logging.elasticsearch.host=10.10.10.x \\ # \u8bf7\u66ff\u6362\u201c10.10.10.x\" \u4e3a\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u6216\u5916\u7f6e\u7684 Elasticsearch \u7684\u5730\u5740\n --set global.exporters.logging.elasticsearch.port=32517 \\ # \u8bf7\u66ff\u6362\u201c32517\" \u4e3a\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u6216\u5916\u7f6e\u7684 Elasticsearch \u66b4\u9732\u7684\u7aef\u53e3\n --set global.exporters.logging.elasticsearch.user=elastic \\ # \u8bf7\u66ff\u6362\u201celastic\" \u4e3a\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u6216\u5916\u7f6e\u7684 Elasticsearch \u7684\u7528\u6237\u540d\n --set global.exporters.logging.elasticsearch.password=dangerous \\ # \u8bf7\u66ff\u6362\u201cdangerous\" \u4e3a\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u6216\u5916\u7f6e\u7684 Elasticsearch \u7684\u5bc6\u7801\n --set global.exporters.metric.host=${vminsert_address} \\ # \u8bf7\u66ff\u6362\u201c10.10.10.x\" \u4e3a\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4e2d vminsert \u7684\u5730\u5740\n --set global.exporters.metric.port=${vminsert_port} \\ # \u8bf7\u66ff\u6362\u201c32517\" \u4e3a\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4e2d vminsert \u7684\u5730\u5740\n --set global.exporters.auditLog.host=${opentelemetry-collector address} \\ # \u8bf7\u66ff\u6362\u201c32517\" \u4e3a\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4e2d opentelemetry-collector \u7684\u7aef\u53e3\n --set global.exporters.auditLog.port=${otel_col_auditlog_port}\\ # \u8bf7\u66ff\u6362\u201c32517\" \u4e3a\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4e2d opentelemetry-collector \u5bb9\u5668\u7aef\u53e3\u4e3a 8006 \u7684 service \u5bf9\u5916\u8bbf\u95ee\u7684\u5730\u5740\n -n insight-system\n
Info
\u53ef\u53c2\u8003 \u5982\u4f55\u83b7\u53d6\u8fde\u63a5\u5730\u5740 \u83b7\u53d6\u5730\u5740\u4fe1\u606f\u3002
\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u786e\u8ba4\u5b89\u88c5\u72b6\u6001\uff1a
helm list -A\nkubectl get pods -n insight-system\n
\u5982\u679c Agent \u662f\u5b89\u88c5\u5728\u7ba1\u7406\u96c6\u7fa4\uff0c\u63a8\u8350\u901a\u8fc7\u57df\u540d\u6765\u8bbf\u95ee\u96c6\u7fa4\uff1a
export vminsert_host=\"vminsert-insight-victoria-metrics-k8s-stack.insight-system.svc.cluster.local\" # \u6307\u6807\nexport es_host=\"insight-es-master.insight-system.svc.cluster.local\" # \u65e5\u5fd7\nexport otel_col_host=\"insight-opentelemetry-collector.insight-system.svc.cluster.local\" # \u94fe\u8def\n
"},{"location":"admin/insight/quickstart/install/helm-installagent.html#insight-agent_2","title":"\u5728\u5de5\u4f5c\u96c6\u7fa4\u5b89\u88c5 Insight Agent","text":"\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4f7f\u7528\u9ed8\u8ba4\u7684 LoadBalancer\u767b\u5f55\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u7684\u63a7\u5236\u53f0\u64cd\u4f5c\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4f7f\u7528 Nodeport \u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4f7f\u7528\u9ed8\u8ba4\u7684 LoadBalancer \u65b9\u5f0f\u66b4\u9732\u670d\u52a1\u65f6\uff0c\u767b\u5f55\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u7684\u63a7\u5236\u53f0\uff0c\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a
export INSIGHT_SERVER_IP=$(kubectl get service insight-server -n insight-system --output=jsonpath={.spec.clusterIP})\ncurl --location --request POST 'http://'\"${INSIGHT_SERVER_IP}\"'/apis/insight.io/v1alpha1/agentinstallparam'\n
\u5c06\u83b7\u5f97\u5982\u4e0b\u7684\u8fd4\u56de\u503c\uff1a
{\"global\":{\"exporters\":{\"logging\":{\"output\":\"elasticsearch\",\"elasticsearch\":{\"host\":\"10.6.182.32\"},\"kafka\":{},\"host\":\"10.6.182.32\"},\"metric\":{\"host\":\"10.6.182.32\"},\"auditLog\": {\"host\":\"10.6.182.32\"}}},\"opentelemetry-operator\":{\"enabled\":true},\"opentelemetry-collector\":{\"enabled\":true}}\n
\u5176\u4e2d\uff1a
\u767b\u5f55\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u7684\u63a7\u5236\u53f0\uff0c\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a
kubectl get service -n insight-system | grep lb\nkubectl get service -n mcamel-system | grep es\n
\u5176\u4e2d\uff1a
\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4f7f\u7528 Nodeport \u65b9\u5f0f\u66b4\u9732\u670d\u52a1\u65f6\uff0c\u767b\u5f55\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u7684\u63a7\u5236\u53f0\uff0c\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a
kubectl get service -n insight-system\nkubectl get service -n mcamel-system\n
\u5176\u4e2d\uff1a
\u767b\u5f55\u76ee\u6807\u96c6\u7fa4\u7684\u63a7\u5236\u53f0\uff0c\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u5907\u4efd --set
\u53c2\u6570\u3002
helm get values insight-agent -n insight-system -o yaml > insight-agent.yaml\n
\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u66f4\u65b0\u4ed3\u5e93\u3002
helm repo upgrade\n
\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u8fdb\u884c\u5347\u7ea7\u3002
helm upgrade insight-agent insight/insight-agent \\\n-n insight-system \\\n-f ./insight-agent.yaml \\\n--version ${version} # \u6307\u5b9a\u5347\u7ea7\u7248\u672c\n
\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u786e\u8ba4\u5b89\u88c5\u72b6\u6001\uff1a
kubectl get pods -n insight-system\n
helm uninstall insight-agent -n insight-system --timeout 10m\n
"},{"location":"admin/insight/quickstart/install/install-agent.html","title":"\u5728\u7ebf\u5b89\u88c5 insight-agent","text":"insight-agent \u662f\u96c6\u7fa4\u89c2\u6d4b\u6570\u636e\u91c7\u96c6\u7684\u63d2\u4ef6\uff0c\u652f\u6301\u5bf9\u6307\u6807\u3001\u94fe\u8def\u3001\u65e5\u5fd7\u6570\u636e\u7684\u7edf\u4e00\u89c2\u6d4b\u3002\u672c\u6587\u63cf\u8ff0\u4e86\u5982\u4f55\u5728\u5728\u7ebf\u73af\u5883\u4e2d\u4e3a\u63a5\u5165\u96c6\u7fa4\u5b89\u88c5 insight-agent\u3002
"},{"location":"admin/insight/quickstart/install/install-agent.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u8fdb\u5165 \u5bb9\u5668\u7ba1\u7406 \u6a21\u5757\uff0c\u5728 \u96c6\u7fa4\u5217\u8868 \u4e2d\u627e\u5230\u8981\u5b89\u88c5 insight-agent \u7684\u96c6\u7fa4\u540d\u79f0\u3002
\u9009\u62e9 \u7acb\u5373\u5b89\u88c5 \u8df3\u8f6c\uff0c\u6216\u70b9\u51fb\u96c6\u7fa4\uff0c\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u5185\u70b9\u51fb Helm \u5e94\u7528 -> Helm \u6a21\u677f \uff0c\u641c\u7d22\u6846\u67e5\u8be2 insight-agent \uff0c\u70b9\u51fb\u8be5\u5361\u7247\u8fdb\u5165\u8be6\u60c5\u3002
\u67e5\u770b insight-agent \u7684\u5b89\u88c5\u9875\u9762\uff0c\u70b9\u51fb \u5b89\u88c5 \u8fdb\u5165\u4e0b\u4e00\u6b65\u3002
\u9009\u62e9\u5b89\u88c5\u7684\u7248\u672c\u5e76\u5728\u4e0b\u65b9\u8868\u5355\u5206\u522b\u586b\u5199\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4e2d\u5bf9\u5e94\u6570\u636e\u5b58\u50a8\u7ec4\u4ef6\u7684\u5730\u5740\uff0c\u786e\u8ba4\u586b\u5199\u7684\u4fe1\u606f\u65e0\u8bef\u540e\uff0c\u70b9\u51fb \u786e\u5b9a \u3002
\u7cfb\u7edf\u5c06\u81ea\u52a8\u8fd4\u56de\u00a0 Helm \u5e94\u7528 \u5217\u8868\uff0c\u5f53\u5e94\u7528 insight-agent \u7684\u72b6\u6001\u4ece\u00a0 \u672a\u5c31\u7eea \u53d8\u4e3a \u5df2\u90e8\u7f72 \uff0c\u4e14\u6240\u6709\u7684\u7ec4\u4ef6\u72b6\u6001\u4e3a \u8fd0\u884c\u4e2d \u65f6\uff0c\u5219\u5b89\u88c5\u6210\u529f\u3002\u7b49\u5f85\u4e00\u6bb5\u65f6\u95f4\u540e\uff0c\u53ef\u5728 \u53ef\u89c2\u6d4b\u6027 \u6a21\u5757\u67e5\u770b\u8be5\u96c6\u7fa4\u7684\u6570\u636e\u3002
Note
\u672c\u9875\u5217\u51fa\u4e00\u4e9b Insight Agent \u5b89\u88c5\u548c\u5378\u8f7d\u6709\u5173\u7684\u95ee\u9898\u53ca\u5176\u89e3\u51b3\u529e\u6cd5\u3002
"},{"location":"admin/insight/quickstart/install/knownissues.html#v0230","title":"v0.23.0","text":""},{"location":"admin/insight/quickstart/install/knownissues.html#insight-agent","title":"Insight Agent","text":""},{"location":"admin/insight/quickstart/install/knownissues.html#insight-agent_1","title":"Insight Agent \u5378\u8f7d\u5931\u8d25","text":"\u5f53\u4f60\u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\u5378\u8f7d Insight Agent \u65f6\u3002
helm uninstall insight-agent -n insight-system\n
otel-oprator
\u6240\u4f7f\u7528\u7684 tls secret
\u672a\u88ab\u5378\u8f7d\u6389\u3002
otel-operator
\u5b9a\u4e49\u7684\u201c\u91cd\u590d\u5229\u7528 tls secret\u201d\u7684\u903b\u8f91\u4e2d\uff0c\u4f1a\u53bb\u5224\u65ad otel-oprator
\u7684 MutationConfiguration
\u662f\u5426\u5b58\u5728\u5e76\u91cd\u590d\u5229\u7528 MutationConfiguration \u4e2d\u7ed1\u5b9a\u7684 CA cert\u3002\u4f46\u662f\u7531\u4e8e helm uninstall
\u5df2\u5378\u8f7d MutationConfiguration
\uff0c\u5bfc\u81f4\u51fa\u73b0\u7a7a\u503c\u3002
\u7efc\u4e0a\u8bf7\u624b\u52a8\u5220\u9664\u5bf9\u5e94\u7684 secret
\uff0c\u4ee5\u4e0b\u4e24\u79cd\u65b9\u5f0f\u4efb\u9009\u4e00\u79cd\u5373\u53ef\uff1a
\u901a\u8fc7\u547d\u4ee4\u884c\u5220\u9664\uff1a\u767b\u5f55\u76ee\u6807\u96c6\u7fa4\u7684\u63a7\u5236\u53f0\uff0c\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a
kubectl -n insight-system delete secret insight-agent-opentelemetry-operator-controller-manager-service-cert\n
\u901a\u8fc7 UI \u5220\u9664\uff1a\u767b\u5f55 AI \u7b97\u529b\u4e2d\u5fc3 \u5bb9\u5668\u7ba1\u7406\uff0c\u9009\u62e9\u76ee\u6807\u96c6\u7fa4\uff0c\u4ece\u5de6\u4fa7\u5bfc\u822a\u8fdb\u5165\u5bc6\u94a5
\uff0c\u8f93\u5165 insight-agent-opentelemetry-operator-controller-manager-service-cert
\uff0c\u9009\u62e9\u5220\u9664
\u3002
\u66f4\u65b0 insight-agent \u65e5\u5fd7\u914d\u7f6e\u4ece elasticsearch \u6539\u4e3a kafka \u6216\u8005\u4ece kafka \u6539\u4e3a elasticsearch\uff0c\u5b9e\u9645\u4e0a\u90fd\u672a\u751f\u6548\uff0c\u8fd8\u662f\u4f7f\u7528\u66f4\u65b0\u524d\u914d\u7f6e\u3002
\u89e3\u51b3\u65b9\u6848 \uff1a
\u624b\u52a8\u91cd\u542f\u96c6\u7fa4\u4e2d\u7684 fluentbit\u3002
"},{"location":"admin/insight/quickstart/install/knownissues.html#v0210","title":"v0.21.0","text":""},{"location":"admin/insight/quickstart/install/knownissues.html#insight-agent_4","title":"Insight Agent","text":""},{"location":"admin/insight/quickstart/install/knownissues.html#podmonitor-jvm","title":"PodMonitor \u91c7\u96c6\u591a\u4efd JVM \u6307\u6807\u6570\u636e","text":"\u8fd9\u4e2a\u7248\u672c\u7684 PodMonitor/insight-kubernetes-pod \u5b58\u5728\u7f3a\u9677\uff1a\u4f1a\u9519\u8bef\u5730\u521b\u5efa Job \u53bb\u91c7\u96c6\u6807\u8bb0\u4e86 insight.opentelemetry.io/metric-scrape=true
\u7684 Pod \u7684\u6240\u6709 container\uff1b\u800c\u5b9e\u9645\u4e0a\u53ea\u9700\u91c7\u96c6 insight.opentelemetry.io/metric-port
\u6240\u5bf9\u5e94 container \u7684\u7aef\u53e3\u3002
\u56e0\u4e3a PodMonitor \u58f0\u660e\u4e4b\u540e\uff0cPromethuesOperator \u4f1a\u9884\u8bbe\u7f6e\u4e00\u4e9b\u670d\u52a1\u53d1\u73b0\u914d\u7f6e\u3002 \u518d\u8003\u8651\u5230 CRD \u7684\u517c\u5bb9\u6027\u7684\u95ee\u9898\u3002\u56e0\u6b64\uff0c\u653e\u5f03\u901a\u8fc7 PodMonitor \u6765\u914d\u7f6e\u901a\u8fc7 annotation \u521b\u5efa\u91c7\u96c6\u4efb\u52a1\u7684\u673a\u5236\u3002
\u901a\u8fc7 Prometheus \u81ea\u5e26\u7684 additional scrape config \u673a\u5236\uff0c\u5c06\u670d\u52a1\u53d1\u73b0\u89c4\u5219\u914d\u7f6e\u5728 secret \u4e2d\uff0c\u5728\u5f15\u5165 Prometheus \u91cc\u3002
\u7efc\u4e0a\uff1a
\u65b0\u7684\u89c4\u5219\u91cc\u901a\u8fc7 action: keepequal \u6765\u6bd4\u8f83 source_labels \u548c target_label \u7684\u4e00\u81f4\u6027\uff0c \u6765\u5224\u65ad\u662f\u5426\u8981\u7ed9\u67d0\u4e2a container \u7684 port \u521b\u5efa\u91c7\u96c6\u4efb\u52a1\u3002\u9700\u8981\u6ce8\u610f\uff0c\u8fd9\u4e2a\u662f Prometheus 2.41.0\uff082022-12-20\uff09\u548c\u66f4\u9ad8\u7248\u672c\u624d\u5177\u5907\u7684\u529f\u80fd\u3002
+ - source_labels: [__meta_kubernetes_pod_annotation_insight_opentelemetry_io_metric_port]\n+ separator: ;\n+ target_label: __meta_kubernetes_pod_container_port_number\n+ action: keepequal\n
"},{"location":"admin/insight/quickstart/install/upgrade-note.html","title":"\u5347\u7ea7\u6ce8\u610f\u4e8b\u9879","text":"\u672c\u9875\u4ecb\u7ecd\u4e00\u4e9b\u5347\u7ea7 insight-server \u548c insight-agent \u7684\u6ce8\u610f\u4e8b\u9879\u3002
"},{"location":"admin/insight/quickstart/install/upgrade-note.html#insight-agent","title":"insight-agent","text":""},{"location":"admin/insight/quickstart/install/upgrade-note.html#v028x-v029x","title":"\u4ece v0.28.x\uff08\u6216\u66f4\u4f4e\u7248\u672c\uff09\u5347\u7ea7\u5230 v0.29.x","text":"\u7531\u4e8e v0.29.0 \u5347\u7ea7\u4e86 Opentelemetry \u793e\u533a\u7684 operator chart \u7248\u672c\uff0cvalues \u4e2d\u7684 featureGates \u7684\u652f\u6301\u7684\u503c\u6709\u6240\u53d8\u5316\uff0c\u56e0\u6b64\uff0c\u5728 upgrade \u4e4b\u524d\uff0c\u9700\u8981\u5c06 featureGates
\u7684\u503c\u8bbe\u7f6e\u4e3a\u7a7a, \u5373\uff1a
- --set opentelemetry-operator.manager.featureGates=\"+operator.autoinstrumentation.go,+operator.autoinstrumentation.multi-instrumentation,+operator.autoinstrumentation.nginx\" \\\n+ --set opentelemetry-operator.manager.featureGates=\"\"\n
"},{"location":"admin/insight/quickstart/install/upgrade-note.html#insight-server","title":"insight-server","text":""},{"location":"admin/insight/quickstart/install/upgrade-note.html#v026x-v027x","title":"\u4ece v0.26.x\uff08\u6216\u66f4\u4f4e\u7248\u672c\uff09\u5347\u7ea7\u5230 v0.27.x \u6216\u66f4\u9ad8\u7248\u672c","text":"\u5728 v0.27.x \u7248\u672c\u4e2d\u5c06 vector \u7ec4\u4ef6\u7684\u5f00\u5173\u5355\u72ec\u62bd\u51fa\u3002\u6545\u539f\u6709\u73af\u5883\u5f00\u542f\u4e86 vector\uff0c\u90a3\u5728\u5347\u7ea7 insight-server \u65f6\uff0c\u9700\u8981\u6307\u5b9a --set vector.enabled=true
\u3002
\u5728\u5347\u7ea7 Insight \u4e4b\u524d\uff0c\u60a8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u624b\u52a8\u5220\u9664 jaeger-collector \u548c jaeger-query \u90e8\u7f72\uff1a
kubectl -n insight-system delete deployment insight-jaeger-collector\nkubectl -n insight-system delete deployment insight-jaeger-query\n
"},{"location":"admin/insight/quickstart/install/upgrade-note.html#v017x-v018x","title":"\u4ece v0.17.x\uff08\u6216\u66f4\u4f4e\u7248\u672c\uff09\u5347\u7ea7\u5230 v0.18.x","text":"\u7531\u4e8e 0.18.x \u4e2d\u66f4\u65b0\u4e86 Jaeger \u76f8\u5173\u90e8\u7f72\u6587\u4ef6\uff0c\u56e0\u6b64\u9700\u8981\u5728\u5347\u7ea7 insight-server \u524d\u624b\u52a8\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff1a
kubectl -n insight-system delete deployment insight-jaeger-collector\nkubectl -n insight-system delete deployment insight-jaeger-query\n
\u7531\u4e8e 0.18.x \u4e2d\u6307\u6807\u540d\u4ea7\u751f\u4e86\u53d8\u52a8\uff0c\u56e0\u6b64\uff0c\u9700\u8981\u5728\u5347\u7ea7 insight-server \u4e4b\u540e\uff0cinsight-agent \u4e5f\u5e94\u8be5\u505a\u5347\u7ea7\u3002
\u6b64\u5916\uff0c\u8c03\u6574\u4e86\u5f00\u542f\u94fe\u8def\u6a21\u5757\u7684\u53c2\u6570\uff0c\u4ee5\u53ca ElasticSearch \u8fde\u63a5\u8c03\u6574\u3002\u5177\u4f53\u53c2\u8003\u4ee5\u4e0b\u53c2\u6570\uff1a
+ --set global.tracing.enable=true \\\n- --set jaeger.collector.enabled=true \\\n- --set jaeger.query.enabled=true \\\n+ --set global.elasticsearch.scheme=${your-external-elasticsearch-scheme} \\\n+ --set global.elasticsearch.host=${your-external-elasticsearch-host} \\\n+ --set global.elasticsearch.port=${your-external-elasticsearch-port} \\\n+ --set global.elasticsearch.user=${your-external-elasticsearch-username} \\\n+ --set global.elasticsearch.password=${your-external-elasticsearch-password} \\\n- --set jaeger.storage.elasticsearch.scheme=${your-external-elasticsearch-scheme} \\\n- --set jaeger.storage.elasticsearch.host=${your-external-elasticsearch-host} \\\n- --set jaeger.storage.elasticsearch.port=${your-external-elasticsearch-port} \\\n- --set jaeger.storage.elasticsearch.user=${your-external-elasticsearch-username} \\\n- --set jaeger.storage.elasticsearch.password=${your-external-elasticsearch-password} \\\n
"},{"location":"admin/insight/quickstart/install/upgrade-note.html#v015x-v016x","title":"\u4ece v0.15.x\uff08\u6216\u66f4\u4f4e\u7248\u672c\uff09\u5347\u7ea7\u5230 v0.16.x","text":"\u7531\u4e8e 0.16.x \u4e2d\u4f7f\u7528\u4e86 vmalertmanagers CRD \u7684\u65b0\u7279\u6027\u53c2\u6570 disableRouteContinueEnforce\uff0c \u56e0\u6b64\u9700\u8981\u5728\u5347\u7ea7 insight-server \u524d\u624b\u52a8\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u3002
kubectl apply --server-side -f https://raw.githubusercontent.com/VictoriaMetrics/operator/v0.33.0/config/crd/bases/operator.victoriametrics.com_vmalertmanagers.yaml --force-conflicts\n
Note
\u5982\u60a8\u662f\u79bb\u7ebf\u5b89\u88c5\uff0c\u53ef\u4ee5\u5728\u89e3\u538b Insight \u79bb\u7ebf\u5305\u540e\uff0c\u8bf7\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u66f4\u65b0 CRD\u3002
kubectl apply --server-side -f insight/dependency-crds --force-conflicts \n
"},{"location":"admin/insight/quickstart/install/upgrade-note.html#insight-agent_1","title":"insight-agent","text":""},{"location":"admin/insight/quickstart/install/upgrade-note.html#v023x-v024x","title":"\u4ece v0.23.x\uff08\u6216\u66f4\u4f4e\u7248\u672c\uff09\u5347\u7ea7\u5230 v0.24.x","text":"\u7531\u4e8e 0.24.x \u7248\u672c\u4e2d OTEL operator chart
\u4e2d\u65b0\u589e\u4e86 CRD\uff0c\u4f46\u7531\u4e8e Helm Upgrade \u65f6\u5e76\u4e0d\u4f1a\u66f4\u65b0 CRD\uff0c\u56e0\u6b64\uff0c\u9700\u8981\u624b\u52a8\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a
kubectl apply -f https://raw.githubusercontent.com/open-telemetry/opentelemetry-helm-charts/main/charts/opentelemetry-operator/crds/crd-opentelemetry.io_opampbridges.yaml\n
\u5982\u60a8\u662f\u79bb\u7ebf\u5b89\u88c5\uff0c\u53ef\u4ee5\u5728\u89e3\u538b insight-agent \u79bb\u7ebf\u5305\u540e\u53ef\u627e\u5230\u4e0a\u8ff0 CRD \u7684 yaml\uff0c\u89e3\u538b Insight-Agent Chart \u4e4b\u540e\u624b\u52a8\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a
kubectl apply -f charts/agent/crds/crd-opentelemetry.io_opampbridges.yaml\n
"},{"location":"admin/insight/quickstart/install/upgrade-note.html#v019x-v020x","title":"\u4ece v0.19.x\uff08\u6216\u66f4\u4f4e\u7248\u672c\uff09\u5347\u7ea7\u5230 v0.20.x","text":"\u7531\u4e8e 0.20.x \u4e2d\u589e\u52a0\u4e86 Kafka \u65e5\u5fd7\u5bfc\u51fa\u914d\u7f6e\uff0c\u65e5\u5fd7\u5bfc\u51fa\u914d\u7f6e\u505a\u4e86\u4e00\u4e9b\u8c03\u6574\u3002\u5347\u7ea7 insight-agent \u4e4b\u524d\u9700\u8981\u6ce8\u610f\u53c2\u6570\u53d8\u5316\uff0c \u5373\u539f\u6765 logging \u7684\u914d\u7f6e\u5df2\u7ecf\u79fb\u5230\u4e86\u914d\u7f6e\u4e2d logging.elasticsearch\uff1a
- --set global.exporters.logging.host \\\n- --set global.exporters.logging.port \\\n+ --set global.exporters.logging.elasticsearch.host \\\n+ --set global.exporters.logging.elasticsearch.port \\\n
"},{"location":"admin/insight/quickstart/install/upgrade-note.html#v017x-v018x_1","title":"\u4ece v0.17.x\uff08\u6216\u66f4\u4f4e\u7248\u672c\uff09\u5347\u7ea7\u5230 v0.18.x","text":"\u7531\u4e8e 0.18.x \u4e2d\u66f4\u65b0\u4e86 Jaeger \u76f8\u5173\u90e8\u7f72\u6587\u4ef6\uff0c\u56e0\u6b64\u9700\u8981\u5728\u5347\u7ea7 insight-agent \u524d\u9700\u8981\u6ce8\u610f\u53c2\u6570\u7684\u6539\u52a8\u3002
+ --set global.exporters.trace.enable=true \\\n- --set opentelemetry-collector.enabled=true \\\n- --set opentelemetry-operator.enabled=true \\\n
"},{"location":"admin/insight/quickstart/install/upgrade-note.html#v016x-v017x","title":"\u4ece v0.16.x\uff08\u6216\u66f4\u4f4e\u7248\u672c\uff09\u5347\u7ea7\u5230 v0.17.x","text":"\u5728 v0.17.x \u7248\u672c\u4e2d\u5c06 kube-prometheus-stack chart \u7248\u672c\u4ece 41.9.1 \u5347\u7ea7\u81f3 45.28.1, \u5176\u4e2d\u4f7f\u7528\u7684 CRD \u4e5f\u5b58\u5728\u4e00\u4e9b\u5b57\u6bb5\u7684\u5347\u7ea7\uff0c\u5982 servicemonitor \u7684 attachMetadata \u5b57\u6bb5\uff0c\u56e0\u6b64\u9700\u8981\u5728\u5347\u7ea7 insight-agent \u524d\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff1a
kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.65.1/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --force-conflicts\n
\u5982\u60a8\u662f\u79bb\u7ebf\u5b89\u88c5\uff0c\u53ef\u4ee5\u5728\u89e3\u538b insight-agent \u79bb\u7ebf\u5305\u540e\uff0c\u5728 insight-agent/dependency-crds \u4e2d\u627e\u5230\u4e0a\u8ff0 CRD \u7684 yaml\u3002
"},{"location":"admin/insight/quickstart/install/upgrade-note.html#v011x-v012x","title":"\u4ece v0.11.x\uff08\u6216\u66f4\u4f4e\u7248\u672c\uff09\u5347\u7ea7\u5230 v0.12.x","text":"\u5728 v0.12.x \u5c06 kube-prometheus-stack chart \u4ece 39.6.0 \u5347\u7ea7\u5230 41.9.1\uff0c\u5176\u4e2d\u5305\u62ec prometheus-operator \u5347\u7ea7\u5230 v0.60.1, prometheus-node-exporter chart \u5347\u7ea7\u5230 4.3.0 \u7b49\u3002 prometheus-node-exporter \u5347\u7ea7\u540e\u4f7f\u7528\u4e86 Kubernetes \u63a8\u8350 label\uff0c\u56e0\u6b64\u9700\u8981\u5728\u5347\u7ea7\u524d\u5220\u9664 node-exporter \u7684 DaemonSet\u3002 prometheus-operator \u66f4\u65b0\u4e86 CRD\uff0c\u56e0\u6b64\u9700\u8981\u5728\u5347\u7ea7 insight-agent \u524d\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff1a
kubectl delete daemonset insight-agent-prometheus-node-exporter -n insight-system\nkubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml --force-conflicts\nkubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml --force-conflicts\nkubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml --force-conflicts\nkubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml --force-conflicts\nkubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml --force-conflicts\nkubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml --force-conflicts\nkubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --force-conflicts\nkubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml --force-conflicts\n
Note
\u5982\u60a8\u662f\u79bb\u7ebf\u5b89\u88c5\uff0c\u53ef\u4ee5\u5728\u89e3\u538b insight-agent \u79bb\u7ebf\u5305\u540e\uff0c\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u66f4\u65b0 CRD\u3002
kubectl apply --server-side -f insight-agent/dependency-crds --force-conflicts\n
"},{"location":"admin/insight/quickstart/otel/operator.html","title":"\u901a\u8fc7 Operator \u5b9e\u73b0\u5e94\u7528\u7a0b\u5e8f\u65e0\u4fb5\u5165\u589e\u5f3a","text":"\u76ee\u524d\u53ea\u6709 Java\u3001NodeJs\u3001Python\u3001.Net\u3001Golang \u652f\u6301 Operator \u7684\u65b9\u5f0f\u65e0\u4fb5\u5165\u63a5\u5165\u3002
"},{"location":"admin/insight/quickstart/otel/operator.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u8bf7\u786e\u4fdd insight-agent \u5df2\u7ecf\u5c31\u7eea\u3002\u5982\u82e5\u6ca1\u6709\uff0c\u8bf7\u53c2\u8003\u5b89\u88c5 insight-agent \u91c7\u96c6\u6570\u636e\u5e76\u786e\u4fdd\u4ee5\u4e0b\u4e09\u9879\u5c31\u7eea\uff1a
Tip
\u4ece Insight v0.22.0 \u5f00\u59cb\uff0c\u4e0d\u518d\u9700\u8981\u624b\u52a8\u5b89\u88c5 Instrumentation CR\u3002
\u5728 insight-system
\u547d\u540d\u7a7a\u95f4\u4e0b\u5b89\u88c5\uff0c\u4e0d\u540c\u7248\u672c\u4e4b\u95f4\u6709\u4e00\u4e9b\u7ec6\u5c0f\u7684\u5dee\u522b\u3002
K8S_CLUSTER_UID=$(kubectl get namespace kube-system -o jsonpath='{.metadata.uid}')\nkubectl apply -f - <<EOF\napiVersion: opentelemetry.io/v1alpha1\nkind: Instrumentation\nmetadata:\n name: insight-opentelemetry-autoinstrumentation\n namespace: insight-system\nspec:\n # https://github.com/open-telemetry/opentelemetry-operator/blob/main/docs/api.md#instrumentationspecresource\n resource:\n addK8sUIDAttributes: true\n env:\n - name: OTEL_EXPORTER_OTLP_ENDPOINT\n value: http://insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317\n sampler:\n # Enum: always_on, always_off, traceidratio, parentbased_always_on, parentbased_always_off, parentbased_traceidratio, jaeger_remote, xray\n type: always_on\n java:\n image: ghcr.m.daocloud.io/openinsight-proj/autoinstrumentation-java:1.31.0\n env:\n - name: OTEL_JAVAAGENT_DEBUG\n value: \"false\"\n - name: OTEL_INSTRUMENTATION_JDBC_ENABLED\n value: \"true\"\n - name: SPLUNK_PROFILER_ENABLED\n value: \"false\"\n - name: OTEL_METRICS_EXPORTER\n value: \"prometheus\"\n - name: OTEL_METRICS_EXPORTER_PORT\n value: \"9464\"\n - name: OTEL_K8S_CLUSTER_UID\n value: $K8S_CLUSTER_UID\n nodejs:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-nodejs:0.41.1\n python:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-python:0.40b0\n dotnet:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-dotnet:1.0.0\n go:\n # Must set the default value manually for now.\n # See https://github.com/open-telemetry/opentelemetry-operator/issues/1756 for details.\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-go-instrumentation/autoinstrumentation-go:v0.2.2-alpha\nEOF\n
kubectl apply -f - <<EOF\napiVersion: opentelemetry.io/v1alpha1\nkind: Instrumentation\nmetadata:\n name: insight-opentelemetry-autoinstrumentation\n namespace: insight-system\nspec:\n # https://github.com/open-telemetry/opentelemetry-operator/blob/main/docs/api.md#instrumentationspecresource\n resource:\n addK8sUIDAttributes: true\n env:\n - name: OTEL_EXPORTER_OTLP_ENDPOINT\n value: http://insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317\n sampler:\n # Enum: always_on, always_off, traceidratio, parentbased_always_on, parentbased_always_off, parentbased_traceidratio, jaeger_remote, xray\n type: always_on\n java:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-java:1.29.0\n env:\n - name: OTEL_JAVAAGENT_DEBUG\n value: \"false\"\n - name: OTEL_INSTRUMENTATION_JDBC_ENABLED\n value: \"true\"\n - name: SPLUNK_PROFILER_ENABLED\n value: \"false\"\n - name: OTEL_METRICS_EXPORTER\n value: \"prometheus\"\n - name: OTEL_METRICS_EXPORTER_PORT\n value: \"9464\"\n nodejs:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-nodejs:0.41.1\n python:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-python:0.40b0\n dotnet:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-dotnet:1.0.0-rc.2\n go:\n # Must set the default value manually for now.\n # See https://github.com/open-telemetry/opentelemetry-operator/issues/1756 for details.\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-go-instrumentation/autoinstrumentation-go:v0.2.2-alpha\nEOF\n
kubectl apply -f - <<EOF\napiVersion: opentelemetry.io/v1alpha1\nkind: Instrumentation\nmetadata:\n name: insight-opentelemetry-autoinstrumentation\n namespace: insight-system\nspec:\n # https://github.com/open-telemetry/opentelemetry-operator/blob/main/docs/api.md#instrumentationspecresource\n resource:\n addK8sUIDAttributes: true\n env:\n - name: OTEL_EXPORTER_OTLP_ENDPOINT\n value: http://insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317\n sampler:\n # Enum: always_on, always_off, traceidratio, parentbased_always_on, parentbased_always_off, parentbased_traceidratio, jaeger_remote, xray\n type: always_on\n java:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-java:1.25.0\n env:\n - name: OTEL_JAVAAGENT_DEBUG\n value: \"false\"\n - name: OTEL_INSTRUMENTATION_JDBC_ENABLED\n value: \"true\"\n - name: SPLUNK_PROFILER_ENABLED\n value: \"false\"\n - name: OTEL_METRICS_EXPORTER\n value: \"prometheus\"\n - name: OTEL_METRICS_EXPORTER_PORT\n value: \"9464\"\n nodejs:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-nodejs:0.37.0\n python:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-python:0.38b0\n go:\n # Must set the default value manually for now.\n # See https://github.com/open-telemetry/opentelemetry-operator/issues/1756 for details.\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-go-instrumentation/autoinstrumentation-go:v0.2.1-alpha\nEOF\n
kubectl apply -f - <<EOF\napiVersion: opentelemetry.io/v1alpha1\nkind: Instrumentation\nmetadata:\n name: insight-opentelemetry-autoinstrumentation\n namespace: insight-system\nspec:\n # https://github.com/open-telemetry/opentelemetry-operator/blob/main/docs/api.md#instrumentationspecresource\n resource:\n addK8sUIDAttributes: true\n env:\n - name: OTEL_EXPORTER_OTLP_ENDPOINT\n value: http://insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317\n sampler:\n # Enum: always_on, always_off, traceidratio, parentbased_always_on, parentbased_always_off, parentbased_traceidratio, jaeger_remote, xray\n type: always_on\n java:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-java:1.23.0\n env:\n - name: OTEL_JAVAAGENT_DEBUG\n value: \"false\"\n - name: OTEL_INSTRUMENTATION_JDBC_ENABLED\n value: \"true\"\n - name: SPLUNK_PROFILER_ENABLED\n value: \"false\"\n - name: OTEL_METRICS_EXPORTER\n value: \"prometheus\"\n - name: OTEL_METRICS_EXPORTER_PORT\n value: \"9464\"\n nodejs:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-nodejs:0.34.0\n python:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-python:0.33b0\nEOF\n
kubectl apply -f - <<EOF\napiVersion: opentelemetry.io/v1alpha1\nkind: Instrumentation\nmetadata:\n name: insight-opentelemetry-autoinstrumentation\n namespace: insight-system\nspec:\n # https://github.com/open-telemetry/opentelemetry-operator/blob/main/docs/api.md#instrumentationspecresource\n resource:\n addK8sUIDAttributes: true\n env:\n - name: OTEL_EXPORTER_OTLP_ENDPOINT\n value: http://insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317\n sampler:\n # Enum: always_on, always_off, traceidratio, parentbased_always_on, parentbased_always_off, parentbased_traceidratio, jaeger_remote, xray\n type: always_on\n java:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-java:1.23.0\n env:\n - name: OTEL_JAVAAGENT_DEBUG\n value: \"false\"\n - name: OTEL_INSTRUMENTATION_JDBC_ENABLED\n value: \"true\"\n - name: SPLUNK_PROFILER_ENABLED\n value: \"false\"\n - name: OTEL_METRICS_EXPORTER\n value: \"prometheus\"\n - name: OTEL_METRICS_EXPORTER_PORT\n value: \"9464\"\n nodejs:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-nodejs:0.34.0\n python:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-python:0.33b0\nEOF\n
"},{"location":"admin/insight/quickstart/otel/operator.html#_2","title":"\u4e0e\u670d\u52a1\u7f51\u683c\u94fe\u8def\u4e32\u8054\u573a\u666f","text":"\u5982\u679c\u60a8\u5f00\u542f\u4e86\u670d\u52a1\u7f51\u683c\u7684\u94fe\u8def\u8ffd\u8e2a\u80fd\u529b\uff0c\u9700\u8981\u989d\u5916\u589e\u52a0\u4e00\u4e2a\u73af\u5883\u53d8\u91cf\u6ce8\u5165\u7684\u914d\u7f6e\uff1a
"},{"location":"admin/insight/quickstart/otel/operator.html#_3","title":"\u64cd\u4f5c\u6b65\u9aa4\u5982\u4e0b","text":"\u9009\u62e9 insight-system \u547d\u540d\u7a7a\u95f4\u540e\uff0c\u7f16\u8f91 insight-opentelemetry-autoinstrumentation \uff0c\u5728 spec:env: \u4e0b\u6dfb\u52a0\u4ee5\u4e0b\u5185\u5bb9\uff1a
- name: OTEL_SERVICE_NAME\n valueFrom:\n fieldRef:\n fieldPath: metadata.labels['app'] \n
\u5b8c\u6574\u7684\u547d\u4ee4\u5982\u4e0b\uff08For Insight v0.21.x\uff09\uff1a
K8S_CLUSTER_UID=$(kubectl get namespace kube-system -o jsonpath='{.metadata.uid}')\nkubectl apply -f - <<EOF\napiVersion: opentelemetry.io/v1alpha1\nkind: Instrumentation\nmetadata:\n name: insight-opentelemetry-autoinstrumentation\n namespace: insight-system\nspec:\n # https://github.com/open-telemetry/opentelemetry-operator/blob/main/docs/api.md#instrumentationspecresource\n resource:\n addK8sUIDAttributes: true\n env:\n - name: OTEL_EXPORTER_OTLP_ENDPOINT\n value: http://insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317\n - name: OTEL_SERVICE_NAME\n valueFrom:\n fieldRef:\n fieldPath: metadata.labels['app'] \n sampler:\n # Enum: always_on, always_off, traceidratio, parentbased_always_on, parentbased_always_off, parentbased_traceidratio, jaeger_remote, xray\n type: always_on\n java:\n image: ghcr.m.daocloud.io/openinsight-proj/autoinstrumentation-java:1.31.0\n env:\n - name: OTEL_JAVAAGENT_DEBUG\n value: \"false\"\n - name: OTEL_INSTRUMENTATION_JDBC_ENABLED\n value: \"true\"\n - name: SPLUNK_PROFILER_ENABLED\n value: \"false\"\n - name: OTEL_METRICS_EXPORTER\n value: \"prometheus\"\n - name: OTEL_METRICS_EXPORTER_PORT\n value: \"9464\"\n - name: OTEL_K8S_CLUSTER_UID\n value: $K8S_CLUSTER_UID\n nodejs:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-nodejs:0.41.1\n python:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-python:0.40b0\n dotnet:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-dotnet:1.0.0\n go:\n # Must set the default value manually for now.\n # See https://github.com/open-telemetry/opentelemetry-operator/issues/1756 for details.\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-go-instrumentation/autoinstrumentation-go:v0.2.2-alpha\nEOF\n
\u4ee5\u4e0a\u5c31\u7eea\u4e4b\u540e\uff0c\u60a8\u5c31\u53ef\u4ee5\u901a\u8fc7\u6ce8\u89e3\uff08Annotation\uff09\u65b9\u5f0f\u4e3a\u5e94\u7528\u7a0b\u5e8f\u63a5\u5165\u94fe\u8def\u8ffd\u8e2a\u4e86\uff0cOTel \u76ee\u524d\u652f\u6301\u901a\u8fc7\u6ce8\u89e3\u7684\u65b9\u5f0f\u63a5\u5165\u94fe\u8def\u3002 \u6839\u636e\u670d\u52a1\u8bed\u8a00\uff0c\u9700\u8981\u6dfb\u52a0\u4e0a\u4e0d\u540c\u7684 pod annotations\u3002\u6bcf\u4e2a\u670d\u52a1\u53ef\u6dfb\u52a0\u4e24\u7c7b\u6ce8\u89e3\u4e4b\u4e00\uff1a
\u53ea\u6ce8\u5165\u73af\u5883\u53d8\u91cf\u6ce8\u89e3
\u8fd9\u7c7b\u6ce8\u89e3\u53ea\u6709\u4e00\u4e2a\uff0c\u7528\u4e8e\u6dfb\u52a0 otel \u76f8\u5173\u7684\u73af\u5883\u53d8\u91cf\uff0c\u6bd4\u5982\u94fe\u8def\u4e0a\u62a5\u5730\u5740\u3001\u5bb9\u5668\u6240\u5728\u7684\u96c6\u7fa4 id\u3001\u547d\u540d\u7a7a\u95f4\u7b49\uff08\u8fd9\u4e2a\u6ce8\u89e3\u5728\u5e94\u7528\u4e0d\u652f\u6301\u81ea\u52a8\u63a2\u9488\u8bed\u8a00\u65f6\u5341\u5206\u6709\u7528\uff09
instrumentation.opentelemetry.io/inject-sdk: \"insight-system/insight-opentelemetry-autoinstrumentation\"\n
\u5176\u4e2d value \u88ab /
\u5206\u6210\u4e24\u90e8\u5206\uff0c\u7b2c\u4e00\u4e2a\u503c (insight-system) \u662f\u4e0a\u4e00\u6b65\u5b89\u88c5\u7684 CR \u7684\u547d\u540d\u7a7a\u95f4\uff0c \u7b2c\u4e8c\u4e2a\u503c (insight-opentelemetry-autoinstrumentation) \u662f\u8fd9\u4e2a CR \u7684\u540d\u5b57\u3002
\u81ea\u52a8\u63a2\u9488\u6ce8\u5165\u4ee5\u53ca\u73af\u5883\u53d8\u91cf\u6ce8\u5165\u6ce8\u89e3
\u8fd9\u7c7b\u6ce8\u89e3\u76ee\u524d\u6709 4 \u4e2a\uff0c\u5206\u522b\u5bf9\u5e94 4 \u79cd\u4e0d\u540c\u7684\u7f16\u7a0b\u8bed\u8a00\uff1ajava\u3001nodejs\u3001python\u3001dotnet\uff0c \u4f7f\u7528\u5b83\u540e\u5c31\u4f1a\u5bf9 spec.pod \u4e0b\u7684\u7b2c\u4e00\u4e2a\u5bb9\u5668\u6ce8\u5165\u81ea\u52a8\u63a2\u9488\u4ee5\u53ca otel \u9ed8\u8ba4\u73af\u5883\u53d8\u91cf\uff1a
Java \u5e94\u7528NodeJs \u5e94\u7528Python \u5e94\u7528Dotnet \u5e94\u7528Golang \u5e94\u7528instrumentation.opentelemetry.io/inject-java: \"insight-system/insight-opentelemetry-autoinstrumentation\"\n
instrumentation.opentelemetry.io/inject-nodejs: \"insight-system/insight-opentelemetry-autoinstrumentation\"\n
instrumentation.opentelemetry.io/inject-python: \"insight-system/insight-opentelemetry-autoinstrumentation\"\n
instrumentation.opentelemetry.io/inject-dotnet: \"insight-system/insight-opentelemetry-autoinstrumentation\"\n
\u7531\u4e8e Go \u81ea\u52a8\u68c0\u6d4b\u9700\u8981\u8bbe\u7f6e OTEL_GO_AUTO_TARGET_EXE\uff0c \u56e0\u6b64\u60a8\u5fc5\u987b\u901a\u8fc7\u6ce8\u89e3\u6216 Instrumentation \u8d44\u6e90\u63d0\u4f9b\u6709\u6548\u7684\u53ef\u6267\u884c\u8def\u5f84\u3002\u672a\u8bbe\u7f6e\u6b64\u503c\u4f1a\u5bfc\u81f4 Go \u81ea\u52a8\u68c0\u6d4b\u6ce8\u5165\u4e2d\u6b62\uff0c\u4ece\u800c\u5bfc\u81f4\u63a5\u5165\u94fe\u8def\u5931\u8d25\u3002
instrumentation.opentelemetry.io/inject-go: \"insight-system/insight-opentelemetry-autoinstrumentation\"\ninstrumentation.opentelemetry.io/otel-go-auto-target-exe: \"/path/to/container/executable\"\n
Go \u81ea\u52a8\u68c0\u6d4b\u4e5f\u9700\u8981\u63d0\u5347\u6743\u9650\u3002\u4ee5\u4e0b\u6743\u9650\u662f\u81ea\u52a8\u8bbe\u7f6e\u7684\u5e76\u4e14\u662f\u5fc5\u9700\u7684\u3002
securityContext:\n privileged: true\n runAsUser: 0\n
Tip
OpenTelemetry Operator \u5728\u6ce8\u5165\u63a2\u9488\u65f6\u4f1a\u81ea\u52a8\u6dfb\u52a0\u4e00\u4e9b OTel \u76f8\u5173\u73af\u5883\u53d8\u91cf\uff0c\u540c\u65f6\u4e5f\u652f\u6301\u8fd9\u4e9b\u73af\u5883\u53d8\u91cf\u7684\u8986\u76d6\u3002\u8fd9\u4e9b\u73af\u5883\u53d8\u91cf\u7684\u8986\u76d6\u4f18\u5148\u7ea7\uff1a
original container env vars -> language specific env vars -> common env vars -> instrument spec configs' vars\n
\u4f46\u662f\u9700\u8981\u907f\u514d\u624b\u52a8\u8986\u76d6 OTEL_RESOURCE_ATTRIBUTES_NODE_NAME\uff0c\u5b83\u5728 Operator \u5185\u90e8\u4f5c\u4e3a\u4e00\u4e2a Pod \u662f\u5426\u5df2\u7ecf\u6ce8\u5165\u63a2\u9488\u7684\u6807\u8bc6\uff0c\u5982\u679c\u624b\u52a8\u6dfb\u52a0\u4e86\uff0c\u63a2\u9488\u53ef\u80fd\u65e0\u6cd5\u6ce8\u5165\u3002
"},{"location":"admin/insight/quickstart/otel/operator.html#demo","title":"\u81ea\u52a8\u6ce8\u5165\u793a\u4f8b Demo","text":"\u6ce8\u610f\u8fd9\u4e2a annotations
\u662f\u52a0\u5728 spec.annotations \u4e0b\u7684\u3002
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: my-app\n labels:\n app: my-app\nspec:\n selector:\n matchLabels:\n app: my-app\n replicas: 1\n template:\n metadata:\n labels:\n app: my-app\n annotations:\n instrumentation.opentelemetry.io/inject-java: \"insight-system/insight-opentelemetry-autoinstrumentation\"\n spec:\n containers:\n - name: myapp\n image: jaegertracing/vertx-create-span:operator-e2e-tests\n ports:\n - containerPort: 8080\n protocol: TCP\n
\u6700\u7ec8\u751f\u6210\u7684 YAML \u5185\u5bb9\u5982\u4e0b\uff1a
apiVersion: v1\nkind: Pod\nmetadata:\n name: my-deployment-with-sidecar-565bd877dd-nqkk6\n generateName: my-deployment-with-sidecar-565bd877dd-\n namespace: default\n uid: aa89ca0d-620c-4d20-8bc1-37d67bad4ea4\n resourceVersion: '2668986'\n creationTimestamp: '2022-04-08T05:58:48Z'\n labels:\n app: my-pod-with-sidecar\n pod-template-hash: 565bd877dd\n annotations:\n cni.projectcalico.org/containerID: 234eae5e55ea53db2a4bc2c0384b9a1021ed3908f82a675e4a92a49a7e80dd61\n cni.projectcalico.org/podIP: 192.168.134.133/32\n cni.projectcalico.org/podIPs: 192.168.134.133/32\n instrumentation.opentelemetry.io/inject-java: \"insight-system/insight-opentelemetry-autoinstrumentation\"\nspec:\n volumes:\n - name: kube-api-access-sp2mz\n projected:\n sources:\n - serviceAccountToken:\n expirationSeconds: 3607\n path: token\n - configMap:\n name: kube-root-ca.crt\n items:\n - key: ca.crt\n path: ca.crt\n - downwardAPI:\n items:\n - path: namespace\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n defaultMode: 420\n - name: opentelemetry-auto-instrumentation\n emptyDir: {}\n initContainers:\n - name: opentelemetry-auto-instrumentation\n image: >-\n ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-java\n command:\n - cp\n - /javaagent.jar\n - /otel-auto-instrumentation/javaagent.jar\n resources: {}\n volumeMounts:\n - name: opentelemetry-auto-instrumentation\n mountPath: /otel-auto-instrumentation\n - name: kube-api-access-sp2mz\n readOnly: true\n mountPath: /var/run/secrets/kubernetes.io/serviceaccount\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: Always\n containers:\n - name: myapp\n image: ghcr.io/pavolloffay/spring-petclinic:latest\n env:\n - name: OTEL_JAVAAGENT_DEBUG\n value: 'true'\n - name: OTEL_INSTRUMENTATION_JDBC_ENABLED\n value: 'true'\n - name: SPLUNK_PROFILER_ENABLED\n value: 'false'\n - name: JAVA_TOOL_OPTIONS\n value: ' -javaagent:/otel-auto-instrumentation/javaagent.jar'\n - name: OTEL_TRACES_EXPORTER\n value: otlp\n - name: OTEL_EXPORTER_OTLP_ENDPOINT\n value: http://insight-agent-opentelemetry-collector.svc.cluster.local:4317\n - name: OTEL_EXPORTER_OTLP_TIMEOUT\n value: '20'\n - name: OTEL_TRACES_SAMPLER\n value: parentbased_traceidratio\n - name: OTEL_TRACES_SAMPLER_ARG\n value: '0.85'\n - name: SPLUNK_TRACE_RESPONSE_HEADER_ENABLED\n value: 'true'\n - name: OTEL_SERVICE_NAME\n value: my-deployment-with-sidecar\n - name: OTEL_RESOURCE_ATTRIBUTES_POD_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.name\n - name: OTEL_RESOURCE_ATTRIBUTES_POD_UID\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.uid\n - name: OTEL_RESOURCE_ATTRIBUTES_NODE_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: spec.nodeName\n - name: OTEL_RESOURCE_ATTRIBUTES\n value: >-\n k8s.container.name=myapp,k8s.deployment.name=my-deployment-with-sidecar,k8s.deployment.uid=8de6929d-dda0-436c-bca1-604e9ca7ea4e,k8s.namespace.name=default,k8s.node.name=$(OTEL_RESOURCE_ATTRIBUTES_NODE_NAME),k8s.pod.name=$(OTEL_RESOURCE_ATTRIBUTES_POD_NAME),k8s.pod.uid=$(OTEL_RESOURCE_ATTRIBUTES_POD_UID),k8s.replicaset.name=my-deployment-with-sidecar-565bd877dd,k8s.replicaset.uid=190d5f6e-ba7f-4794-b2e6-390b5879a6c4\n - name: OTEL_PROPAGATORS\n value: jaeger,b3\n resources: {}\n volumeMounts:\n - name: kube-api-access-sp2mz\n readOnly: true\n mountPath: /var/run/secrets/kubernetes.io/serviceaccount\n - name: opentelemetry-auto-instrumentation\n mountPath: /otel-auto-instrumentation\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: Always\n restartPolicy: Always\n terminationGracePeriodSeconds: 30\n dnsPolicy: ClusterFirst\n serviceAccountName: default\n serviceAccount: default\n nodeName: k8s-master3\n securityContext:\n runAsUser: 1000\n runAsGroup: 3000\n fsGroup: 2000\n schedulerName: default-scheduler\n tolerations:\n - key: node.kubernetes.io/not-ready\n operator: Exists\n effect: NoExecute\n tolerationSeconds: 300\n - key: node.kubernetes.io/unreachable\n operator: Exists\n effect: NoExecute\n tolerationSeconds: 300\n priority: 0\n enableServiceLinks: true\n preemptionPolicy: PreemptLowerPriority\n
"},{"location":"admin/insight/quickstart/otel/operator.html#_5","title":"\u94fe\u8def\u67e5\u8be2","text":"\u5982\u4f55\u67e5\u8be2\u5df2\u7ecf\u63a5\u5165\u7684\u670d\u52a1\uff0c\u53c2\u8003\u94fe\u8def\u67e5\u8be2\u3002
"},{"location":"admin/insight/quickstart/otel/otel.html","title":"\u4f7f\u7528 OTel \u8d4b\u4e88\u5e94\u7528\u53ef\u89c2\u6d4b\u6027","text":"\u589e\u5f3a\u662f\u4f7f\u5e94\u7528\u7a0b\u5e8f\u4ee3\u7801\u80fd\u591f\u751f\u6210\u9065\u6d4b\u6570\u636e\u7684\u8fc7\u7a0b\u3002\u5373\u4e00\u4e9b\u53ef\u4ee5\u5e2e\u52a9\u60a8\u76d1\u89c6\u6216\u6d4b\u91cf\u5e94\u7528\u7a0b\u5e8f\u7684\u6027\u80fd\u548c\u72b6\u6001\u7684\u4e1c\u897f\u3002
OpenTelemetry \u662f\u9886\u5148\u7684\u5f00\u6e90\u9879\u76ee\uff0c\u4e3a\u4e3b\u8981\u7f16\u7a0b\u8bed\u8a00\u548c\u6d41\u884c\u6846\u67b6\u63d0\u4f9b\u68c0\u6d4b\u5e93\u3002\u5b83\u662f\u4e91\u539f\u751f\u8ba1\u7b97\u57fa\u91d1\u4f1a\u4e0b\u7684\u4e00\u4e2a\u9879\u76ee\uff0c\u5f97\u5230\u4e86\u793e\u533a\u5e9e\u5927\u8d44\u6e90\u7684\u652f\u6301\u3002 \u5b83\u4e3a\u91c7\u96c6\u7684\u6570\u636e\u63d0\u4f9b\u6807\u51c6\u5316\u7684\u6570\u636e\u683c\u5f0f\uff0c\u65e0\u9700\u96c6\u6210\u7279\u5b9a\u7684\u4f9b\u5e94\u5546\u3002
Insight \u652f\u6301\u7528\u4e8e\u68c0\u6d4b\u5e94\u7528\u7a0b\u5e8f\u7684 OpenTelemetry \u6765\u589e\u5f3a\u60a8\u7684\u5e94\u7528\u7a0b\u5e8f\u3002
\u672c\u6307\u5357\u4ecb\u7ecd\u4e86\u4f7f\u7528 OpenTelemetry \u8fdb\u884c\u9065\u6d4b\u589e\u5f3a\u7684\u57fa\u672c\u6982\u5ff5\u3002 OpenTelemetry \u8fd8\u6709\u4e00\u4e2a\u7531\u5e93\u3001\u63d2\u4ef6\u3001\u96c6\u6210\u548c\u5176\u4ed6\u6709\u7528\u5de5\u5177\u7ec4\u6210\u7684\u751f\u6001\u7cfb\u7edf\u6765\u6269\u5c55\u5b83\u3002 \u60a8\u53ef\u4ee5\u5728 Otel Registry \u4e2d\u627e\u5230\u8fd9\u4e9b\u8d44\u6e90\u3002
\u60a8\u53ef\u4ee5\u4f7f\u7528\u4efb\u4f55\u5f00\u653e\u6807\u51c6\u5e93\u8fdb\u884c\u9065\u6d4b\u589e\u5f3a\uff0c\u5e76\u4f7f\u7528 Insight \u4f5c\u4e3a\u53ef\u89c2\u5bdf\u6027\u540e\u7aef\u6765\u6444\u53d6\u3001\u5206\u6790\u548c\u53ef\u89c6\u5316\u6570\u636e\u3002
\u4e3a\u4e86\u589e\u5f3a\u60a8\u7684\u4ee3\u7801\uff0c\u60a8\u53ef\u4ee5\u4f7f\u7528 OpenTelemetry \u4e3a\u7279\u5b9a\u8bed\u8a00\u63d0\u4f9b\u7684\u589e\u5f3a\u64cd\u4f5c\uff1a
Insight \u76ee\u524d\u63d0\u4f9b\u4e86\u4f7f\u7528 OpenTelemetry \u589e\u5f3a .Net NodeJS\u3001Java\u3001Python \u548c Golang \u5e94\u7528\u7a0b\u5e8f\u7684\u7b80\u5355\u65b9\u6cd5\u3002\u8bf7\u9075\u5faa\u4ee5\u4e0b\u6307\u5357\u3002
"},{"location":"admin/insight/quickstart/otel/otel.html#_1","title":"\u94fe\u8def\u589e\u5f3a","text":"\u6b64\u6587\u6863\u4e3b\u8981\u63cf\u8ff0\u5ba2\u6237\u5e94\u7528\u5982\u4f55\u81ea\u884c\u5c06\u94fe\u8def\u6570\u636e\u4e0a\u62a5\u7ed9 Insight\u3002\u4e3b\u8981\u5305\u542b\u5982\u4e0b\u4e24\u79cd\u573a\u666f\uff1a
\u5728\u6bcf\u4e2a\u5df2\u5b89\u88c5 Insight Agent \u7684\u96c6\u7fa4\u4e2d\u90fd\u6709 insight-agent-otel-col \u7ec4\u4ef6\u7528\u4e8e\u7edf\u4e00\u63a5\u6536\u8be5\u96c6\u7fa4\u7684\u94fe\u8def\u6570\u636e\u3002 \u56e0\u6b64\uff0c\u8be5\u7ec4\u4ef6\u4f5c\u4e3a\u7528\u6237\u63a5\u5165\u4fa7\u7684\u5165\u53e3\uff0c\u9700\u8981\u5148\u83b7\u53d6\u8be5\u5730\u5740\u3002\u53ef\u4ee5\u901a\u8fc7 AI \u7b97\u529b\u4e2d\u5fc3 \u754c\u9762\u83b7\u53d6\u8be5\u96c6\u7fa4 Opentelemtry Collector \u7684\u5730\u5740\uff0c \u6bd4\u5982 insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317 \uff1a
\u9664\u6b64\u4e4b\u5916\uff0c\u9488\u5bf9\u4e0d\u540c\u4e0a\u62a5\u65b9\u5f0f\uff0c\u6709\u4e00\u4e9b\u7ec6\u5fae\u5dee\u522b\uff1a
"},{"location":"admin/insight/quickstart/otel/send_tracing_to_insight.html#otel-agentsdk-insight-agent-opentelemtry-collector","title":"\u5ba2\u6237\u5e94\u7528\u901a\u8fc7 OTel Agent/SDK \u4e0a\u62a5\u94fe\u8def\u7ed9 Insight Agent Opentelemtry Collector","text":"\u4e3a\u4e86\u80fd\u591f\u5c06\u94fe\u8def\u6570\u636e\u6b63\u5e38\u4e0a\u62a5\u81f3 Insight \u5e76\u80fd\u591f\u5728 Insight \u6b63\u5e38\u5c55\u793a\uff0c\u9700\u8981\u5e76\u5efa\u8bae\u901a\u8fc7\u5982\u4e0b\u73af\u5883\u53d8\u91cf\u63d0\u4f9b OTLP \u6240\u9700\u7684\u5143\u6570\u636e (Resource Attribute)\uff0c\u6709\u4e24\u79cd\u65b9\u5f0f\u53ef\u5b9e\u73b0\uff1a
\u5728\u90e8\u7f72\u6587\u4ef6 YAML \u4e2d\u624b\u52a8\u6dfb\u52a0\uff0c\u4f8b\u5982\uff1a
...\n- name: OTEL_EXPORTER_OTLP_ENDPOINT\n value: \"http://insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317\"\n- name: \"OTEL_SERVICE_NAME\"\n value: my-java-app-name\n- name: \"OTEL_K8S_NAMESPACE\"\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n- name: OTEL_RESOURCE_ATTRIBUTES_NODE_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: spec.nodeName\n- name: OTEL_RESOURCE_ATTRIBUTES_POD_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.name\n- name: OTEL_RESOURCE_ATTRIBUTES\n value: \"k8s.namespace.name=$(OTEL_K8S_NAMESPACE),k8s.node.name=$(OTEL_RESOURCE_ATTRIBUTES_NODE_NAME),k8s.pod.name=$(OTEL_RESOURCE_ATTRIBUTES_POD_NAME)\"\n
\u5229\u7528 Insight Agent \u81ea\u52a8\u6ce8\u5165\u5982\u4e0a\u5143\u6570\u636e (Resource Attribute) \u80fd\u529b
\u786e\u4fdd Insight Agent \u6b63\u5e38\u5de5\u4f5c\u5e76 \u5b89\u88c5 Instrumentation CR \u4e4b\u540e\uff0c \u53ea\u9700\u8981\u4e3a Pod \u6dfb\u52a0\u5982\u4e0b Annotation \u5373\u53ef\uff1a
instrumentation.opentelemetry.io/inject-sdk: \"insight-system/insight-opentelemetry-autoinstrumentation\"\n
\u4e3e\u4f8b\uff1a
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: my-deployment-with-aotu-instrumentation\nspec:\n selector:\n matchLabels:\n app.kubernetes.io/name: my-deployment-with-aotu-instrumentation-kuberntes\n replicas: 1\n template:\n metadata:\n labels:\n app.kubernetes.io/name: my-deployment-with-aotu-instrumentation-kuberntes\n annotations:\n sidecar.opentelemetry.io/inject: \"false\"\n instrumentation.opentelemetry.io/inject-sdk: \"insight-system/insight-opentelemetry-autoinstrumentation\"\n
\u5728\u4fdd\u8bc1\u5e94\u7528\u6dfb\u52a0\u4e86\u5982\u4e0a\u5143\u6570\u636e\u4e4b\u540e\uff0c\u53ea\u9700\u5728\u5ba2\u6237 Opentelemtry Collector \u91cc\u9762\u65b0\u589e\u4e00\u4e2a OTLP Exporter \u5c06\u94fe\u8def\u6570\u636e\u8f6c\u53d1\u7ed9 Insight Agent Opentelemtry Collector \u5373\u53ef\uff0c\u5982\u4e0b Opentelemtry Collector \u914d\u7f6e\u6587\u4ef6\u6240\u793a\uff1a
...\nexporters:\n otlp/insight:\n endpoint: insight-opentelemetry-collector.insight-system.svc.cluster.local:4317\nservice:\n...\npipelines:\n...\ntraces:\n exporters:\n - otlp/insight\n
"},{"location":"admin/insight/quickstart/otel/send_tracing_to_insight.html#_1","title":"\u53c2\u8003","text":"Golang \u65e0\u4fb5\u5165\u5f0f\u63a5\u5165\u94fe\u8def\u8bf7\u53c2\u8003 \u901a\u8fc7 Operator \u5b9e\u73b0\u5e94\u7528\u7a0b\u5e8f\u65e0\u4fb5\u5165\u589e\u5f3a \u6587\u6863\uff0c\u901a\u8fc7\u6ce8\u89e3\u5b9e\u73b0\u81ea\u52a8\u63a5\u5165\u94fe\u8def\u3002
OpenTelemetry \u4e5f\u7b80\u79f0\u4e3a OTel\uff0c\u662f\u4e00\u4e2a\u5f00\u6e90\u7684\u53ef\u89c2\u6d4b\u6027\u6846\u67b6\uff0c\u53ef\u4ee5\u5e2e\u52a9\u5728 Go \u5e94\u7528\u7a0b\u5e8f\u4e2d\u751f\u6210\u548c\u6536\u96c6\u9065\u6d4b\u6570\u636e\uff1a\u94fe\u8def\u3001\u6307\u6807\u548c\u65e5\u5fd7\u3002
\u672c\u6587\u4e3b\u8981\u8bb2\u89e3\u5982\u4f55\u5728 Go \u5e94\u7528\u7a0b\u5e8f\u4e2d\u901a\u8fc7 OpenTelemetry Go SDK \u589e\u5f3a\u5e76\u63a5\u5165\u94fe\u8def\u76d1\u63a7\u3002
"},{"location":"admin/insight/quickstart/otel/golang/golang.html#otel-sdk-go_1","title":"\u4f7f\u7528 OTel SDK \u589e\u5f3a Go \u5e94\u7528","text":""},{"location":"admin/insight/quickstart/otel/golang/golang.html#_1","title":"\u5b89\u88c5\u76f8\u5173\u4f9d\u8d56","text":"\u5fc5\u987b\u5148\u5b89\u88c5\u4e0e OpenTelemetry exporter \u548c SDK \u76f8\u5173\u7684\u4f9d\u8d56\u9879\u3002\u5982\u679c\u60a8\u6b63\u5728\u4f7f\u7528\u5176\u4ed6\u8bf7\u6c42\u8def\u7531\u5668\uff0c\u8bf7\u53c2\u8003\u8bf7\u6c42\u8def\u7531\u3002 \u5207\u6362/\u8fdb\u5165\u5230\u5e94\u7528\u7a0b\u5e8f\u6e90\u6587\u4ef6\u5939\u540e\u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a
go get go.opentelemetry.io/otel@v1.19.0 \\\n go.opentelemetry.io/otel/trace@v1.19.0 \\\n go.opentelemetry.io/otel/sdk@v1.19.0 \\\n go.opentelemetry.io/contrib/instrumentation/github.com/gin-gonic/gin/otelgin@v0.46.1 \\\n go.opentelemetry.io/otel/exporters/otlp/otlptrace@v1.19.0 \\\n go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@v1.19.0\n
"},{"location":"admin/insight/quickstart/otel/golang/golang.html#otel-sdk","title":"\u4f7f\u7528 OTel SDK \u521b\u5efa\u521d\u59cb\u5316\u51fd\u6570","text":"\u4e3a\u4e86\u8ba9\u5e94\u7528\u7a0b\u5e8f\u80fd\u591f\u53d1\u9001\u6570\u636e\uff0c\u9700\u8981\u4e00\u4e2a\u51fd\u6570\u6765\u521d\u59cb\u5316 OpenTelemetry\u3002\u5728 main.go \u6587\u4ef6\u4e2d\u6dfb\u52a0\u4ee5\u4e0b\u4ee3\u7801\u7247\u6bb5:
import (\n \"context\"\n \"os\"\n \"time\"\n\n \"go.opentelemetry.io/otel\"\n \"go.opentelemetry.io/otel/exporters/otlp/otlptrace\"\n \"go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc\"\n \"go.opentelemetry.io/otel/propagation\"\n \"go.opentelemetry.io/otel/sdk/resource\"\n sdktrace \"go.opentelemetry.io/otel/sdk/trace\"\n semconv \"go.opentelemetry.io/otel/semconv/v1.7.0\"\n \"go.uber.org/zap\"\n \"google.golang.org/grpc\"\n)\n\nvar tracerExp *otlptrace.Exporter\n\nfunc retryInitTracer() func() {\n var shutdown func()\n go func() {\n for {\n // otel will reconnected and re-send spans when otel col recover. so, we don't need to re-init tracer exporter.\n if tracerExp == nil {\n shutdown = initTracer()\n } else {\n break\n }\n time.Sleep(time.Minute * 5)\n }\n }()\n return shutdown\n}\n\nfunc initTracer() func() {\n // temporarily set timeout to 10s\n ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)\n defer cancel()\n\n serviceName, ok := os.LookupEnv(\"OTEL_SERVICE_NAME\")\n if !ok {\n serviceName = \"server_name\"\n os.Setenv(\"OTEL_SERVICE_NAME\", serviceName)\n }\n otelAgentAddr, ok := os.LookupEnv(\"OTEL_EXPORTER_OTLP_ENDPOINT\")\n if !ok {\n otelAgentAddr = \"http://localhost:4317\"\n os.Setenv(\"OTEL_EXPORTER_OTLP_ENDPOINT\", otelAgentAddr)\n }\n zap.S().Infof(\"OTLP Trace connect to: %s with service name: %s\", otelAgentAddr, serviceName)\n\n traceExporter, err := otlptracegrpc.New(ctx, otlptracegrpc.WithInsecure(), otlptracegrpc.WithDialOption(grpc.WithBlock()))\n if err != nil {\n handleErr(err, \"OTLP Trace gRPC Creation\")\n return nil\n }\n\n tracerProvider := sdktrace.NewTracerProvider(\n sdktrace.WithBatcher(traceExporter),\n sdktrace.WithSampler(sdktrace.AlwaysSample()),\n sdktrace.WithResource(resource.NewWithAttributes(semconv.SchemaURL)))\n\n otel.SetTracerProvider(tracerProvider)\n otel.SetTextMapPropagator(propagation.NewCompositeTextMapPropagator(propagation.TraceContext{}, propagation.Baggage{}))\n\n tracerExp = traceExporter\n return func() {\n // Shutdown will flush any remaining spans and shut down the exporter.\n handleErr(tracerProvider.Shutdown(ctx), \"failed to shutdown TracerProvider\")\n }\n}\n\nfunc handleErr(err error, message string) {\n if err != nil {\n zap.S().Errorf(\"%s: %v\", message, err)\n }\n}\n
"},{"location":"admin/insight/quickstart/otel/golang/golang.html#maingo","title":"\u5728 main.go \u4e2d\u521d\u59cb\u5316\u8ddf\u8e2a\u5668","text":"\u4fee\u6539 main \u51fd\u6570\u4ee5\u5728 main.go \u4e2d\u521d\u59cb\u5316\u8ddf\u8e2a\u5668\u3002\u53e6\u5916\u5f53\u60a8\u7684\u670d\u52a1\u5173\u95ed\u65f6\uff0c\u5e94\u8be5\u8c03\u7528 TracerProvider.Shutdown() \u786e\u4fdd\u5bfc\u51fa\u6240\u6709 Span\u3002\u8be5\u670d\u52a1\u5c06\u8be5\u8c03\u7528\u4f5c\u4e3a\u4e3b\u51fd\u6570\u4e2d\u7684\u5ef6\u8fdf\u51fd\u6570\uff1a
func main() {\n // start otel tracing\n if shutdown := retryInitTracer(); shutdown != nil {\n defer shutdown()\n }\n ......\n}\n
"},{"location":"admin/insight/quickstart/otel/golang/golang.html#otel-gin","title":"\u4e3a\u5e94\u7528\u6dfb\u52a0 OTel Gin \u4e2d\u95f4\u4ef6","text":"\u901a\u8fc7\u5728 main.go \u4e2d\u6dfb\u52a0\u4ee5\u4e0b\u884c\u6765\u914d\u7f6e Gin \u4ee5\u4f7f\u7528\u4e2d\u95f4\u4ef6:
import (\n ....\n \"go.opentelemetry.io/contrib/instrumentation/github.com/gin-gonic/gin/otelgin\"\n)\n\nfunc main() {\n ......\n r := gin.Default()\n r.Use(otelgin.Middleware(\"my-app\"))\n ......\n}\n
"},{"location":"admin/insight/quickstart/otel/golang/golang.html#_2","title":"\u8fd0\u884c\u5e94\u7528\u7a0b\u5e8f","text":"\u672c\u5730\u8c03\u8bd5\u8fd0\u884c
\u6ce8\u610f: \u6b64\u6b65\u9aa4\u4ec5\u7528\u4e8e\u672c\u5730\u5f00\u53d1\u8c03\u8bd5\uff0c\u751f\u4ea7\u73af\u5883\u4e2d Operator \u4f1a\u81ea\u52a8\u5b8c\u6210\u4ee5\u4e0b\u73af\u5883\u53d8\u91cf\u7684\u6ce8\u5165\u3002
\u4ee5\u4e0a\u6b65\u9aa4\u5df2\u7ecf\u5b8c\u6210\u4e86\u521d\u59cb\u5316 SDK \u7684\u5de5\u4f5c\uff0c\u73b0\u5728\u5982\u679c\u9700\u8981\u5728\u672c\u5730\u5f00\u53d1\u8fdb\u884c\u8c03\u8bd5\uff0c\u9700\u8981\u63d0\u524d\u83b7\u53d6\u5230 insight-system \u547d\u540d\u7a7a\u95f4\u4e0b insight-agent-opentelemerty-collector \u7684\u5730\u5740\uff0c\u5047\u8bbe\u4e3a\uff1a insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317 \u3002
\u56e0\u6b64\uff0c\u53ef\u4ee5\u5728\u4f60\u672c\u5730\u542f\u52a8\u5e94\u7528\u7a0b\u5e8f\u7684\u65f6\u5019\u6dfb\u52a0\u5982\u4e0b\u73af\u5883\u53d8\u91cf\uff1a
OTEL_SERVICE_NAME=my-golang-app OTEL_EXPORTER_OTLP_ENDPOINT=http://insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317 go run main.go...\n
\u751f\u4ea7\u73af\u5883\u8fd0\u884c
\u8bf7\u53c2\u8003\u901a\u8fc7 Operator \u5b9e\u73b0\u5e94\u7528\u7a0b\u5e8f\u65e0\u4fb5\u5165\u589e\u5f3a \u4e2d \u53ea\u6ce8\u5165\u73af\u5883\u53d8\u91cf\u6ce8\u89e3 \u76f8\u5173\u4ecb\u7ecd\uff0c\u4e3a deployment yaml \u6dfb\u52a0\u6ce8\u89e3\uff1a
instrumentation.opentelemetry.io/inject-sdk: \"insight-system/insight-opentelemetry-autoinstrumentation\"\n
\u5982\u679c\u65e0\u6cd5\u4f7f\u7528\u6ce8\u89e3\u7684\u65b9\u5f0f\uff0c\u60a8\u53ef\u4ee5\u624b\u52a8\u5728 deployment yaml \u6dfb\u52a0\u5982\u4e0b\u73af\u5883\u53d8\u91cf\uff1a
\u00b7\u00b7\u00b7\u00b7\u00b7\u00b7\nenv:\n - name: OTEL_EXPORTER_OTLP_ENDPOINT\n value: 'http://insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317'\n - name: OTEL_SERVICE_NAME\n value: \"your depolyment name\" # (1)!\n - name: OTEL_K8S_NAMESPACE\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n - name: OTEL_RESOURCE_ATTRIBUTES_NODE_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: spec.nodeName\n - name: OTEL_RESOURCE_ATTRIBUTES_POD_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.name\n - name: OTEL_RESOURCE_ATTRIBUTES\n value: 'k8s.namespace.name=$(OTEL_K8S_NAMESPACE),k8s.node.name=$(OTEL_RESOURCE_ATTRIBUTES_NODE_NAME),k8s.pod.name=$(OTEL_RESOURCE_ATTRIBUTES_POD_NAME)'\n\u00b7\u00b7\u00b7\u00b7\u00b7\u00b7\n
# Add one line to your import() stanza depending upon your request router:\nmiddleware \"go.opentelemetry.io/contrib/instrumentation/github.com/gin-gonic/gin/otelgin\"\n
\u7136\u540e\u6ce8\u5165 OpenTelemetry \u4e2d\u95f4\u4ef6\uff1a
router.Use(middleware.Middleware(\"my-app\"))\n
"},{"location":"admin/insight/quickstart/otel/golang/golang.html#opentelemetry-gorillamux","title":"OpenTelemetry gorillamux \u589e\u5f3a","text":"# Add one line to your import() stanza depending upon your request router:\nmiddleware \"go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux\"\n
\u7136\u540e\u6ce8\u5165 OpenTelemetry \u4e2d\u95f4\u4ef6\uff1a
router.Use(middleware.Middleware(\"my-app\"))\n
"},{"location":"admin/insight/quickstart/otel/golang/golang.html#grpc","title":"gRPC \u589e\u5f3a","text":"\u540c\u6837\uff0cOpenTelemetry \u4e5f\u53ef\u4ee5\u5e2e\u52a9\u60a8\u81ea\u52a8\u68c0\u6d4b gRPC \u8bf7\u6c42\u3002\u8981\u68c0\u6d4b\u60a8\u62e5\u6709\u7684\u4efb\u4f55 gRPC \u670d\u52a1\u5668\uff0c\u8bf7\u5c06\u62e6\u622a\u5668\u6dfb\u52a0\u5230\u670d\u52a1\u5668\u7684\u5b9e\u4f8b\u5316\u4e2d\u3002
import (\n grpcotel \"go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc\"\n)\nfunc main() {\n [...]\n\n s := grpc.NewServer(\n grpc.UnaryInterceptor(grpcotel.UnaryServerInterceptor()),\n grpc.StreamInterceptor(grpcotel.StreamServerInterceptor()),\n )\n}\n
\u9700\u8981\u6ce8\u610f\u7684\u662f\uff0c\u5982\u679c\u4f60\u7684\u7a0b\u5e8f\u91cc\u9762\u4f7f\u7528\u5230\u4e86 Grpc Client \u8c03\u7528\u7b2c\u4e09\u65b9\u670d\u52a1\uff0c\u4f60\u8fd8\u9700\u8981\u5bf9 Grpc Client \u6dfb\u52a0\u62e6\u622a\u5668\uff1a
[...]\n\n conn, err := grpc.Dial(addr, grpc.WithTransportCredentials(insecure.NewCredentials()),\n grpc.WithUnaryInterceptor(otelgrpc.UnaryClientInterceptor()),\n grpc.WithStreamInterceptor(otelgrpc.StreamClientInterceptor()),\n )\n
"},{"location":"admin/insight/quickstart/otel/golang/golang.html#_4","title":"\u5982\u679c\u4e0d\u4f7f\u7528\u8bf7\u6c42\u8def\u7531","text":"import (\n \"go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp\"\n)\n
\u5728\u5c06 http.Handler \u4f20\u9012\u7ed9 ServeMux \u7684\u6bcf\u4e2a\u5730\u65b9\uff0c\u60a8\u90fd\u5c06\u5305\u88c5\u5904\u7406\u7a0b\u5e8f\u51fd\u6570\u3002\u4f8b\u5982\uff0c\u5c06\u8fdb\u884c\u4ee5\u4e0b\u66ff\u6362\uff1a
- mux.Handle(\"/path\", h)\n+ mux.Handle(\"/path\", otelhttp.NewHandler(h, \"description of path\"))\n---\n- mux.Handle(\"/path\", http.HandlerFunc(f))\n+ mux.Handle(\"/path\", otelhttp.NewHandler(http.HandlerFunc(f), \"description of path\"))\n
\u901a\u8fc7\u8fd9\u79cd\u65b9\u5f0f\uff0c\u60a8\u53ef\u4ee5\u786e\u4fdd\u4f7f\u7528 othttp \u5305\u88c5\u7684\u6bcf\u4e2a\u51fd\u6570\u90fd\u4f1a\u81ea\u52a8\u6536\u96c6\u5176\u5143\u6570\u636e\u5e76\u542f\u52a8\u76f8\u5e94\u7684\u8ddf\u8e2a\u3002
"},{"location":"admin/insight/quickstart/otel/golang/golang.html#_5","title":"\u6570\u636e\u5e93\u8bbf\u95ee\u589e\u5f3a","text":""},{"location":"admin/insight/quickstart/otel/golang/golang.html#golang-gorm","title":"Golang Gorm","text":"OpenTelemetry \u793e\u533a\u4e5f\u5f00\u53d1\u4e86\u6570\u636e\u5e93\u8bbf\u95ee\u5e93\u7684\u4e2d\u95f4\u4ef6\uff0c\u6bd4\u5982 Gorm:
import (\n \"github.com/uptrace/opentelemetry-go-extra/otelgorm\"\n \"gorm.io/driver/sqlite\"\n \"gorm.io/gorm\"\n)\n\ndb, err := gorm.Open(sqlite.Open(\"file::memory:?cache=shared\"), &gorm.Config{})\nif err != nil {\n panic(err)\n}\n\notelPlugin := otelgorm.NewPlugin(otelgorm.WithDBName(\"mydb\"), # \u7f3a\u5931\u4f1a\u5bfc\u81f4\u6570\u636e\u5e93\u76f8\u5173\u62d3\u6251\u5c55\u793a\u4e0d\u5b8c\u6574\n otelgorm.WithAttributes(semconv.ServerAddress(\"memory\"))) # \u7f3a\u5931\u4f1a\u5bfc\u81f4\u6570\u636e\u5e93\u76f8\u5173\u62d3\u6251\u5c55\u793a\u4e0d\u5b8c\u6574\nif err := db.Use(otelPlugin); err != nil {\n panic(err)\n}\n
"},{"location":"admin/insight/quickstart/otel/golang/golang.html#span","title":"\u81ea\u5b9a\u4e49 Span","text":"\u5f88\u591a\u65f6\u5019\uff0cOpenTelemetry \u63d0\u4f9b\u7684\u4e2d\u95f4\u4ef6\u4e0d\u80fd\u5e2e\u52a9\u6211\u4eec\u8bb0\u5f55\u66f4\u591a\u5185\u90e8\u8c03\u7528\u7684\u51fd\u6570\uff0c\u9700\u8981\u6211\u4eec\u81ea\u5b9a\u4e49 Span \u6765\u8bb0\u5f55
\u00b7\u00b7\u00b7\u00b7\u00b7\u00b7\n _, span := otel.Tracer(\"GetServiceDetail\").Start(ctx,\n \"spanMetricDao.GetServiceDetail\",\n trace.WithSpanKind(trace.SpanKindInternal))\n defer span.End()\n \u00b7\u00b7\u00b7\u00b7\u00b7\u00b7\n
"},{"location":"admin/insight/quickstart/otel/golang/golang.html#span_1","title":"\u5411 span \u6dfb\u52a0\u81ea\u5b9a\u4e49\u5c5e\u6027\u548c\u4e8b\u4ef6","text":"\u4e5f\u53ef\u4ee5\u5c06\u81ea\u5b9a\u4e49\u5c5e\u6027\u6216\u6807\u7b7e\u8bbe\u7f6e\u4e3a Span\u3002\u8981\u6dfb\u52a0\u81ea\u5b9a\u4e49\u5c5e\u6027\u548c\u4e8b\u4ef6\uff0c\u8bf7\u6309\u7167\u4ee5\u4e0b\u6b65\u9aa4\u64cd\u4f5c\uff1a
"},{"location":"admin/insight/quickstart/otel/golang/golang.html#_6","title":"\u5bfc\u5165\u8ddf\u8e2a\u548c\u5c5e\u6027\u5e93","text":"import (\n ...\n \"go.opentelemetry.io/otel/attribute\"\n \"go.opentelemetry.io/otel/trace\"\n)\n
"},{"location":"admin/insight/quickstart/otel/golang/golang.html#span_2","title":"\u4ece\u4e0a\u4e0b\u6587\u4e2d\u83b7\u53d6\u5f53\u524d Span","text":"span := trace.SpanFromContext(c.Request.Context())\n
"},{"location":"admin/insight/quickstart/otel/golang/golang.html#span_3","title":"\u5728\u5f53\u524d Span \u4e2d\u8bbe\u7f6e\u5c5e\u6027","text":"span.SetAttributes(attribute.String(\"controller\", \"books\"))\n
"},{"location":"admin/insight/quickstart/otel/golang/golang.html#span-event","title":"\u4e3a\u5f53\u524d Span \u6dfb\u52a0 Event","text":"\u6dfb\u52a0 span \u4e8b\u4ef6\u662f\u4f7f\u7528 span \u5bf9\u8c61\u4e0a\u7684 AddEvent \u5b8c\u6210\u7684\u3002
span.AddEvent(msg)\n
"},{"location":"admin/insight/quickstart/otel/golang/golang.html#_7","title":"\u8bb0\u5f55\u9519\u8bef\u548c\u5f02\u5e38","text":"import \"go.opentelemetry.io/otel/codes\"\n\n// \u83b7\u53d6\u5f53\u524d span\nspan := trace.SpanFromContext(ctx)\n\n// RecordError \u4f1a\u81ea\u52a8\u5c06\u4e00\u4e2a\u9519\u8bef\u8f6c\u6362\u6210 span even\nspan.RecordError(err)\n\n// \u6807\u8bb0\u8fd9\u4e2a span \u9519\u8bef\nspan.SetStatus(codes.Error, \"internal error\")\n
"},{"location":"admin/insight/quickstart/otel/golang/golang.html#_8","title":"\u53c2\u8003","text":"\u6709\u5173 Demo \u6f14\u793a\u8bf7\u53c2\u8003\uff1a - opentelemetry-demo/productcatalogservice - opentelemetry-collector-contrib/demo
"},{"location":"admin/insight/quickstart/otel/golang/meter.html","title":"\u4f7f\u7528 OTel SDK \u4e3a\u5e94\u7528\u7a0b\u5e8f\u66b4\u9732\u6307\u6807","text":"\u672c\u6587\u4ec5\u4f9b\u5e0c\u671b\u8bc4\u4f30\u6216\u63a2\u7d22\u6b63\u5728\u5f00\u53d1\u7684 OTLP \u6307\u6807\u7684\u7528\u6237\u53c2\u8003\u3002
OpenTelemetry \u9879\u76ee\u8981\u6c42\u4ee5\u5fc5\u987b\u5728 OpenTelemetry \u534f\u8bae (OTLP) \u4e2d\u53d1\u51fa\u6570\u636e\u7684\u8bed\u8a00\u63d0\u4f9b API \u548c SDK\u3002
"},{"location":"admin/insight/quickstart/otel/golang/meter.html#golang","title":"\u9488\u5bf9 Golang \u5e94\u7528\u7a0b\u5e8f","text":"Golang \u53ef\u4ee5\u901a\u8fc7 sdk \u66b4\u9732 runtime \u6307\u6807\uff0c\u5177\u4f53\u6765\u8bf4\uff0c\u5728\u5e94\u7528\u4e2d\u6dfb\u52a0\u4ee5\u4e0b\u65b9\u6cd5\u5f00\u542f metrics \u66b4\u9732\u5668\uff1a
"},{"location":"admin/insight/quickstart/otel/golang/meter.html#_1","title":"\u5b89\u88c5\u76f8\u5173\u4f9d\u8d56","text":"\u5207\u6362/\u8fdb\u5165\u5230\u5e94\u7528\u7a0b\u5e8f\u6e90\u6587\u4ef6\u5939\u540e\u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a
go get go.opentelemetry.io/otel \\\n go.opentelemetry.io/otel/attribute \\\n go.opentelemetry.io/otel/exporters/prometheus \\\n go.opentelemetry.io/otel/metric/global \\\n go.opentelemetry.io/otel/metric/instrument \\\n go.opentelemetry.io/otel/sdk/metric\n
"},{"location":"admin/insight/quickstart/otel/golang/meter.html#otel-sdk_1","title":"\u4f7f\u7528 OTel SDK \u521b\u5efa\u521d\u59cb\u5316\u51fd\u6570","text":"import (\n .....\n\n \"go.opentelemetry.io/otel/attribute\"\n otelPrometheus \"go.opentelemetry.io/otel/exporters/prometheus\"\n \"go.opentelemetry.io/otel/metric/global\"\n \"go.opentelemetry.io/otel/metric/instrument\"\n \"go.opentelemetry.io/otel/sdk/metric/aggregator/histogram\"\n controller \"go.opentelemetry.io/otel/sdk/metric/controller/basic\"\n \"go.opentelemetry.io/otel/sdk/metric/export/aggregation\"\n processor \"go.opentelemetry.io/otel/sdk/metric/processor/basic\"\n selector \"go.opentelemetry.io/otel/sdk/metric/selector/simple\"\n)\nfunc (s *insightServer) initMeter() *otelPrometheus.Exporter {\n s.meter = global.Meter(\"xxx\")\n\n config := otelPrometheus.Config{\n DefaultHistogramBoundaries: []float64{1, 2, 5, 10, 20, 50},\n Gatherer: prometheus.DefaultGatherer,\n Registry: prometheus.NewRegistry(),\n Registerer: prometheus.DefaultRegisterer,\n }\n\n c := controller.New(\n processor.NewFactory(\n selector.NewWithHistogramDistribution(\n histogram.WithExplicitBoundaries(config.DefaultHistogramBoundaries),\n ),\n aggregation.CumulativeTemporalitySelector(),\n processor.WithMemory(true),\n ),\n )\n\n exporter, err := otelPrometheus.New(config, c)\n if err != nil {\n zap.S().Panicf(\"failed to initialize prometheus exporter %v\", err)\n }\n\n global.SetMeterProvider(exporter.MeterProvider())\n\n http.HandleFunc(\"/metrics\", exporter.ServeHTTP)\n\n go func() {\n _ = http.ListenAndServe(fmt.Sprintf(\":%d\", 8888), nil)\n }()\n\n zap.S().Info(\"Prometheus server running on \", fmt.Sprintf(\":%d\", port))\n return exporter\n}\n
\u4ee5\u4e0a\u65b9\u6cd5\u4f1a\u4e3a\u60a8\u7684\u5e94\u7528\u66b4\u9732\u4e00\u4e2a\u6307\u6807\u63a5\u53e3: http://localhost:8888/metrics
\u968f\u540e\uff0c\u5728 main.go \u4e2d\u5bf9\u5176\u8fdb\u884c\u521d\u59cb\u5316\uff1a
func main() {\n\u00b7\u00b7\u00b7\u00b7\u00b7\u00b7\n tp := initMeter()\n\u00b7\u00b7\u00b7\u00b7\u00b7\u00b7\n}\n
\u6b64\u5916\uff0c\u5982\u679c\u60f3\u6dfb\u52a0\u81ea\u5b9a\u4e49\u6307\u6807\uff0c\u53ef\u4ee5\u53c2\u8003\uff1a
// exposeClusterMetric expose metric like \"insight_logging_count{} 1\"\nfunc (s *insightServer) exposeLoggingMetric(lserver *log.LogService) {\n s.meter = global.Meter(\"insight.io/basic\")\n\n var lock sync.Mutex\n logCounter, err := s.meter.AsyncFloat64().Counter(\"insight_log_total\")\n if err != nil {\n zap.S().Panicf(\"failed to initialize instrument: %v\", err)\n }\n\n _ = s.meter.RegisterCallback([]instrument.Asynchronous{logCounter}, func(ctx context.Context) {\n lock.Lock()\n defer lock.Unlock()\n count, err := lserver.Count(ctx)\n if err == nil || count != -1 {\n logCounter.Observe(ctx, float64(count))\n }\n })\n}\n
\u968f\u540e\uff0c\u5728 main.go \u8c03\u7528\u8be5\u65b9\u6cd5\uff1a
\u00b7\u00b7\u00b7\u00b7\u00b7\u00b7\ns.exposeLoggingMetric(lservice)\n\u00b7\u00b7\u00b7\u00b7\u00b7\u00b7\n
\u60a8\u53ef\u4ee5\u901a\u8fc7\u8bbf\u95ee http://localhost:8888/metrics \u6765\u68c0\u67e5\u60a8\u7684\u6307\u6807\u662f\u5426\u6b63\u5e38\u5de5\u4f5c\u3002
"},{"location":"admin/insight/quickstart/otel/golang/meter.html#java","title":"\u9488\u5bf9 Java \u5e94\u7528\u7a0b\u5e8f","text":"Java \u5728\u4f7f\u7528 otel agent \u5728\u5b8c\u6210\u94fe\u8def\u7684\u81ea\u52a8\u63a5\u5165\u7684\u57fa\u7840\u4e0a\uff0c\u901a\u8fc7\u6dfb\u52a0\u73af\u5883\u53d8\u91cf\uff1a
OTEL_METRICS_EXPORTER=prometheus\n
\u5c31\u53ef\u4ee5\u76f4\u63a5\u66b4\u9732 JVM \u76f8\u5173\u6307\u6807\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7\u8bbf\u95ee http://localhost:8888/metrics \u6765\u68c0\u67e5\u60a8\u7684\u6307\u6807\u662f\u5426\u6b63\u5e38\u5de5\u4f5c\u3002
\u968f\u540e\uff0c\u518d\u914d\u5408 prometheus serviceMonitor \u5373\u53ef\u5b8c\u6210\u6307\u6807\u7684\u63a5\u5165\u3002 \u5982\u679c\u60f3\u66b4\u9732\u81ea\u5b9a\u4e49\u6307\u6807\u8bf7\u53c2\u9605 opentelemetry-java-docs/prometheus\u3002
\u4e3b\u8981\u5206\u4ee5\u4e0b\u4e24\u6b65\uff1a
\u521b\u5efa meter provider\uff0c\u5e76\u6307\u5b9a prometheus \u4f5c\u4e3a exporter\u3002
/*\n* Copyright The OpenTelemetry Authors\n* SPDX-License-Identifier: Apache-2.0\n*/\n\npackage io.opentelemetry.example.prometheus;\n\nimport io.opentelemetry.api.metrics.MeterProvider;\nimport io.opentelemetry.exporter.prometheus.PrometheusHttpServer;\nimport io.opentelemetry.sdk.metrics.SdkMeterProvider;\nimport io.opentelemetry.sdk.metrics.export.MetricReader;\n\npublic final class ExampleConfiguration {\n\n /**\n * Initializes the Meter SDK and configures the prometheus collector with all default settings.\n *\n * @param prometheusPort the port to open up for scraping.\n * @return A MeterProvider for use in instrumentation.\n */\n static MeterProvider initializeOpenTelemetry(int prometheusPort) {\n MetricReader prometheusReader = PrometheusHttpServer.builder().setPort(prometheusPort).build();\n\n return SdkMeterProvider.builder().registerMetricReader(prometheusReader).build();\n }\n}\n
\u81ea\u5b9a\u4e49 meter \u5e76\u5f00\u542f http server
package io.opentelemetry.example.prometheus;\n\nimport io.opentelemetry.api.common.Attributes;\nimport io.opentelemetry.api.metrics.Meter;\nimport io.opentelemetry.api.metrics.MeterProvider;\nimport java.util.concurrent.ThreadLocalRandom;\n\n/**\n* Example of using the PrometheusHttpServer to convert OTel metrics to Prometheus format and expose\n* these to a Prometheus instance via a HttpServer exporter.\n*\n* <p>A Gauge is used to periodically measure how many incoming messages are awaiting processing.\n* The Gauge callback gets executed every collection interval.\n*/\npublic final class PrometheusExample {\n private long incomingMessageCount;\n\n public PrometheusExample(MeterProvider meterProvider) {\n Meter meter = meterProvider.get(\"PrometheusExample\");\n meter\n .gaugeBuilder(\"incoming.messages\")\n .setDescription(\"No of incoming messages awaiting processing\")\n .setUnit(\"message\")\n .buildWithCallback(result -> result.record(incomingMessageCount, Attributes.empty()));\n }\n\n void simulate() {\n for (int i = 500; i > 0; i--) {\n try {\n System.out.println(\n i + \" Iterations to go, current incomingMessageCount is: \" + incomingMessageCount);\n incomingMessageCount = ThreadLocalRandom.current().nextLong(100);\n Thread.sleep(1000);\n } catch (InterruptedException e) {\n // ignored here\n }\n }\n }\n\n public static void main(String[] args) {\n int prometheusPort = 8888;\n\n // it is important to initialize the OpenTelemetry SDK as early as possible in your process.\n MeterProvider meterProvider = ExampleConfiguration.initializeOpenTelemetry(prometheusPort);\n\n PrometheusExample prometheusExample = new PrometheusExample(meterProvider);\n\n prometheusExample.simulate();\n\n System.out.println(\"Exiting\");\n }\n}\n
\u968f\u540e\uff0c\u5f85 java \u5e94\u7528\u7a0b\u5e8f\u8fd0\u884c\u4e4b\u540e\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7\u8bbf\u95ee http://localhost:8888/metrics \u6765\u68c0\u67e5\u60a8\u7684\u6307\u6807\u662f\u5426\u6b63\u5e38\u5de5\u4f5c\u3002
"},{"location":"admin/insight/quickstart/otel/golang/meter.html#insight","title":"Insight \u91c7\u96c6\u6307\u6807","text":"\u6700\u540e\u91cd\u8981\u7684\u662f\uff0c\u60a8\u5df2\u7ecf\u5728\u5e94\u7528\u7a0b\u5e8f\u4e2d\u66b4\u9732\u51fa\u4e86\u6307\u6807\uff0c\u73b0\u5728\u9700\u8981 Insight \u6765\u91c7\u96c6\u6307\u6807\u3002
\u63a8\u8350\u7684\u6307\u6807\u66b4\u9732\u65b9\u5f0f\u662f\u901a\u8fc7 servicemonitor \u6216\u8005 podmonitor\u3002
"},{"location":"admin/insight/quickstart/otel/golang/meter.html#servicemonitorpodmonitor","title":"\u521b\u5efa servicemonitor/podmonitor","text":"\u6dfb\u52a0\u7684 servicemonitor/podmonitor \u9700\u8981\u6253\u4e0a label\uff1a\"operator.insight.io/managed-by\": \"insight\" \u624d\u4f1a\u88ab Operator \u8bc6\u522b\uff1a
apiVersion: monitoring.coreos.com/v1\nkind: ServiceMonitor\nmetadata:\n name: example-app\n labels:\n operator.insight.io/managed-by: insight\nspec:\n selector:\n matchLabels:\n app: example-app\n endpoints:\n - port: web\n namespaceSelector:\n any: true\n
"},{"location":"admin/insight/quickstart/otel/java/index.html","title":"\u5f00\u59cb\u76d1\u63a7 Java \u5e94\u7528","text":"Java \u5e94\u7528\u94fe\u8def\u63a5\u5165\u4e0e\u76d1\u63a7\u8bf7\u53c2\u8003 \u901a\u8fc7 Operator \u5b9e\u73b0\u5e94\u7528\u7a0b\u5e8f\u65e0\u4fb5\u5165\u589e\u5f3a \u6587\u6863\uff0c\u901a\u8fc7\u6ce8\u89e3\u5b9e\u73b0\u81ea\u52a8\u63a5\u5165\u94fe\u8def\u3002
Java \u5e94\u7528\u7684 JVM \u8fdb\u884c\u76d1\u63a7\uff1a\u5df2\u7ecf\u66b4\u9732 JVM \u6307\u6807\u548c\u4ecd\u672a\u66b4\u9732 JVM \u6307\u6807\u7684 Java \u5e94\u7528\u5982\u4f55\u4e0e\u53ef\u89c2\u6d4b\u6027 Insight \u5bf9\u63a5\u3002
\u5982\u679c\u60a8\u7684 Java \u5e94\u7528\u672a\u5f00\u59cb\u66b4\u9732 JVM \u6307\u6807\uff0c\u60a8\u53ef\u4ee5\u53c2\u8003\u5982\u4e0b\u6587\u6863\uff1a
\u5982\u679c\u60a8\u7684 Java \u5e94\u7528\u5df2\u7ecf\u66b4\u9732 JVM \u6307\u6807\uff0c\u60a8\u53ef\u4ee5\u53c2\u8003\u5982\u4e0b\u6587\u6863\uff1a
\u5c06 TraceId \u548c SpanId \u5199\u5165 Java \u5e94\u7528\u65e5\u5fd7, \u5b9e\u73b0\u94fe\u8def\u6570\u636e\u4e0e\u65e5\u5fd7\u6570\u636e\u5173\u8054
\u672c\u6587\u4ecb\u7ecd\u5982\u4f55\u4f7f\u7528 OpenTelemetry \u5c06 TraceId \u548c SpanId \u81ea\u52a8\u5199\u5165 Java \u5e94\u7528\u65e5\u5fd7\u3002 TraceId \u4e0e SpanId \u5199\u5165\u65e5\u5fd7\u540e\uff0c\u60a8\u53ef\u4ee5\u5c06\u5206\u5e03\u5f0f\u94fe\u8def\u6570\u636e\u4e0e\u65e5\u5fd7\u6570\u636e\u5173\u8054\u8d77\u6765\uff0c\u5b9e\u73b0\u66f4\u9ad8\u6548\u7684\u6545\u969c\u8bca\u65ad\u548c\u6027\u80fd\u5206\u6790\u3002
"},{"location":"admin/insight/quickstart/otel/java/mdc.html#_1","title":"\u652f\u6301\u7684\u65e5\u5fd7\u5e93","text":"\u66f4\u591a\u4fe1\u606f\uff0c\u8bf7\u53c2\u89c1 Logger MDC auto-instrumentation\u3002
\u65e5\u5fd7\u6846\u67b6 \u652f\u6301\u81ea\u52a8\u57cb\u70b9\u7684\u7248\u672c \u624b\u52a8\u57cb\u70b9\u9700\u8981\u5f15\u5165\u7684\u4f9d\u8d56 Log4j 1 1.2+ \u65e0 Log4j 2 2.7+ opentelemetry-log4j-context-data-2.17-autoconfigure Logback 1.0+ opentelemetry-logback-mdc-1.0"},{"location":"admin/insight/quickstart/otel/java/mdc.html#logbackspringboot","title":"\u4f7f\u7528 Logback\uff08SpringBoot \u9879\u76ee\uff09","text":"Spring Boot \u9879\u76ee\u5185\u7f6e\u4e86\u65e5\u5fd7\u6846\u67b6\uff0c\u5e76\u4e14\u9ed8\u8ba4\u4f7f\u7528 Logback \u4f5c\u4e3a\u5176\u65e5\u5fd7\u5b9e\u73b0\u3002\u5982\u679c\u60a8\u7684 Java \u9879\u76ee\u4e3a SpringBoot \u9879\u76ee\uff0c\u53ea\u9700\u5c11\u91cf\u914d\u7f6e\u5373\u53ef\u5c06 TraceId \u5199\u5165\u65e5\u5fd7\u3002
\u5728 application.properties
\u4e2d\u8bbe\u7f6e logging.pattern.level
\uff0c\u6dfb\u52a0 %mdc{trace_id}
\u4e0e %mdc{span_id}
\u5230\u65e5\u5fd7\u4e2d\u3002
logging.pattern.level=trace_id=%mdc{trace_id} span_id=%mdc{span_id} %5p ....\u7701\u7565...\n
\u4ee5\u4e0b\u4e3a\u65e5\u5fd7\u793a\u4f8b\uff1a
2024-06-26 10:56:31.200 trace_id=8f7ebd8a73f9a8f50e6a00a87a20952a span_id=1b08f18b8858bb9a INFO 53724 --- [nio-8081-exec-1] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring DispatcherServlet 'dispatcherServlet'\n2024-06-26 10:56:31.201 trace_id=8f7ebd8a73f9a8f50e6a00a87a20952a span_id=1b08f18b8858bb9a INFO 53724 --- [nio-8081-exec-1] o.s.web.servlet.DispatcherServlet : Initializing Servlet 'dispatcherServlet'\n2024-06-26 10:56:31.209 trace_id=8f7ebd8a73f9a8f50e6a00a87a20952a span_id=1b08f18b8858bb9a INFO 53724 --- [nio-8081-exec-1] o.s.web.servlet.DispatcherServlet : Completed initialization in 8 ms\n2024-06-26 10:56:31.296 trace_id=8f7ebd8a73f9a8f50e6a00a87a20952a span_id=5743699405074f4e INFO 53724 --- [nio-8081-exec-1] com.example.httpserver.ot.OTServer : hello world\n
"},{"location":"admin/insight/quickstart/otel/java/mdc.html#log4j2","title":"\u4f7f\u7528 Log4j2","text":"\u5728 pom.xml
\u4e2d\u6dfb\u52a0 OpenTelemetry Log4j2
\u4f9d\u8d56:
Tip
\u8bf7\u5c06 OPENTELEMETRY_VERSION
\u66ff\u6362\u4e3a\u6700\u65b0\u7248\u672c
<dependencies>\n <dependency>\n <groupId>io.opentelemetry.instrumentation</groupId>\n <artifactId>opentelemetry-log4j-context-data-2.17-autoconfigure</artifactId>\n <version>OPENTELEMETRY_VERSION</version>\n <scope>runtime</scope>\n </dependency>\n</dependencies>\n
\u4fee\u6539 log4j2.xml
\u914d\u7f6e\uff0c\u5728 pattern
\u4e2d\u6dfb\u52a0 %X{trace_id}
\u4e0e %X{span_id}
\uff0c\u53ef\u4ee5\u5c06 TraceId
\u4e0e SpanId
\u81ea\u52a8\u5199\u5165\u65e5\u5fd7:
<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<Configuration>\n <Appenders>\n <Console name=\"Console\" target=\"SYSTEM_OUT\">\n <PatternLayout\n pattern=\"%d{HH:mm:ss.SSS} [%t] %-5level %logger{36} trace_id=%X{trace_id} span_id=%X{span_id} trace_flags=%X{trace_flags} - %msg%n\"/>\n </Console>\n </Appenders>\n <Loggers>\n <Root>\n <AppenderRef ref=\"Console\" level=\"All\"/>\n </Root>\n </Loggers>\n</Configuration>\n
\u4f7f\u7528 Logback \u5728 pom.xml
\u4e2d\u6dfb\u52a0 OpenTelemetry Logback
\u4f9d\u8d56\u3002
Tip
\u8bf7\u5c06 OPENTELEMETRY_VERSION
\u66ff\u6362\u4e3a\u6700\u65b0\u7248\u672c
<dependencies>\n <dependency>\n <groupId>io.opentelemetry.instrumentation</groupId>\n <artifactId>opentelemetry-logback-mdc-1.0</artifactId>\n <version>OPENTELEMETRY_VERSION</version>\n </dependency>\n</dependencies>\n
\u4fee\u6539 log4j2.xml
\u914d\u7f6e\uff0c\u5728 pattern
\u4e2d\u6dfb\u52a0 %X{trace_id}
\u4e0e %X{span_id}
\uff0c\u53ef\u4ee5\u5c06 TraceId
\u4e0e SpanId
\u81ea\u52a8\u5199\u5165\u65e5\u5fd7:
<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<configuration>\n <appender name=\"CONSOLE\" class=\"ch.qos.logback.core.ConsoleAppender\">\n <encoder>\n <pattern>%d{HH:mm:ss.SSS} trace_id=%X{trace_id} span_id=%X{span_id} trace_flags=%X{trace_flags} %msg%n</pattern>\n </encoder>\n </appender>\n\n <!-- Just wrap your logging appender, for example ConsoleAppender, with OpenTelemetryAppender -->\n <appender name=\"OTEL\" class=\"io.opentelemetry.instrumentation.logback.mdc.v1_0.OpenTelemetryAppender\">\n <appender-ref ref=\"CONSOLE\"/>\n </appender>\n\n <!-- Use the wrapped \"OTEL\" appender instead of the original \"CONSOLE\" one -->\n <root level=\"INFO\">\n <appender-ref ref=\"OTEL\"/>\n </root>\n\n</configuration>\n
JMX-Exporter \u63d0\u4f9b\u4e86\u4e24\u79cd\u7528\u6cd5:
Note
\u5b98\u65b9\u4e0d\u63a8\u8350\u4f7f\u7528\u7b2c\u4e00\u79cd\u65b9\u5f0f\uff0c\u4e00\u65b9\u9762\u914d\u7f6e\u590d\u6742\uff0c\u53e6\u4e00\u65b9\u9762\u56e0\u4e3a\u5b83\u9700\u8981\u4e00\u4e2a\u5355\u72ec\u7684\u8fdb\u7a0b\uff0c\u800c\u8fd9\u4e2a\u8fdb\u7a0b\u672c\u8eab\u7684\u76d1\u63a7\u53c8\u6210\u4e86\u65b0\u7684\u95ee\u9898\uff0c \u6240\u4ee5\u672c\u6587\u91cd\u70b9\u56f4\u7ed5\u7b2c\u4e8c\u79cd\u7528\u6cd5\u8bb2\u5982\u4f55\u5728 Kubernetes \u73af\u5883\u4e0b\u4f7f\u7528 JMX Exporter \u66b4\u9732 JVM \u76d1\u63a7\u6307\u6807\u3002
\u8fd9\u91cc\u4f7f\u7528\u7b2c\u4e8c\u79cd\u7528\u6cd5\uff0c\u542f\u52a8 JVM \u65f6\u9700\u8981\u6307\u5b9a JMX Exporter \u7684 jar \u5305\u6587\u4ef6\u548c\u914d\u7f6e\u6587\u4ef6\u3002 jar \u5305\u662f\u4e8c\u8fdb\u5236\u6587\u4ef6\uff0c\u4e0d\u597d\u901a\u8fc7 configmap \u6302\u8f7d\uff0c\u914d\u7f6e\u6587\u4ef6\u6211\u4eec\u51e0\u4e4e\u4e0d\u9700\u8981\u4fee\u6539\uff0c \u6240\u4ee5\u5efa\u8bae\u662f\u76f4\u63a5\u5c06 JMX Exporter \u7684 jar \u5305\u548c\u914d\u7f6e\u6587\u4ef6\u90fd\u6253\u5305\u5230\u4e1a\u52a1\u5bb9\u5668\u955c\u50cf\u4e2d\u3002
\u5176\u4e2d\uff0c\u7b2c\u4e8c\u79cd\u65b9\u5f0f\u6211\u4eec\u53ef\u4ee5\u9009\u62e9\u5c06 JMX Exporter \u7684 jar \u6587\u4ef6\u653e\u5728\u4e1a\u52a1\u5e94\u7528\u955c\u50cf\u4e2d\uff0c \u4e5f\u53ef\u4ee5\u9009\u62e9\u5728\u90e8\u7f72\u7684\u65f6\u5019\u6302\u8f7d\u8fdb\u53bb\u3002\u8fd9\u91cc\u5206\u522b\u5bf9\u4e24\u79cd\u65b9\u5f0f\u505a\u4e00\u4e2a\u4ecb\u7ecd\uff1a
"},{"location":"admin/insight/quickstart/otel/java/jvm-monitor/jmx-exporter.html#jmx-exporter-jar","title":"\u65b9\u5f0f\u4e00\uff1a\u5c06 JMX Exporter JAR \u6587\u4ef6\u6784\u5efa\u81f3\u4e1a\u52a1\u955c\u50cf\u4e2d","text":"prometheus-jmx-config.yaml \u5185\u5bb9\u5982\u4e0b\uff1a
prometheus-jmx-config.yaml...\nssl: false\nlowercaseOutputName: false\nlowercaseOutputLabelNames: false\nrules:\n- pattern: \".*\"\n
Note
\u66f4\u591a\u914d\u7f6e\u9879\u8bf7\u53c2\u8003\u5e95\u90e8\u4ecb\u7ecd\u6216Prometheus \u5b98\u65b9\u6587\u6863\u3002
\u7136\u540e\u51c6\u5907 jar \u5305\u6587\u4ef6\uff0c\u53ef\u4ee5\u5728 jmx_exporter \u7684 Github \u9875\u9762\u627e\u5230\u6700\u65b0\u7684 jar \u5305\u4e0b\u8f7d\u5730\u5740\u5e76\u53c2\u8003\u5982\u4e0b Dockerfile:
FROM openjdk:11.0.15-jre\nWORKDIR /app/\nCOPY target/my-app.jar ./\nCOPY prometheus-jmx-config.yaml ./\nRUN set -ex; \\\n curl -L -O https://repo1.maven.org/maven2/io/prometheus/jmx/jmx_prometheus_javaagent/0.17.2/jmx_prometheus_javaagent-0.17.2.jar;\nENV JAVA_TOOL_OPTIONS=-javaagent:/app/jmx_prometheus_javaagent-0.17.2.jar=8088:/app/prometheus-jmx-config.yaml\nEXPOSE 8081 8999 8080 8888\nENTRYPOINT java $JAVA_OPTS -jar my-app.jar\n
\u6ce8\u610f\uff1a
\u6211\u4eec\u9700\u8981\u5148\u5c06 JMX exporter \u505a\u6210 Docker \u955c\u50cf, \u4ee5\u4e0b Dockerfile \u4ec5\u4f9b\u53c2\u8003\uff1a
FROM alpine/curl:3.14\nWORKDIR /app/\n# \u5c06\u524d\u9762\u521b\u5efa\u7684 config \u6587\u4ef6\u62f7\u8d1d\u81f3\u955c\u50cf\nCOPY prometheus-jmx-config.yaml ./\n# \u5728\u7ebf\u4e0b\u8f7d jmx prometheus javaagent jar\nRUN set -ex; \\\n curl -L -O https://repo1.maven.org/maven2/io/prometheus/jmx/jmx_prometheus_javaagent/0.17.2/jmx_prometheus_javaagent-0.17.2.jar;\n
\u6839\u636e\u4e0a\u9762 Dockerfile \u6784\u5efa\u955c\u50cf\uff1a docker build -t my-jmx-exporter .
\u5728 Java \u5e94\u7528\u90e8\u7f72 Yaml \u4e2d\u52a0\u5165\u5982\u4e0b init container\uff1a
\u70b9\u51fb\u5c55\u5f00 YAML \u6587\u4ef6apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: my-demo-app\n labels:\n app: my-demo-app\nspec:\n selector:\n matchLabels:\n app: my-demo-app\n template:\n metadata:\n labels:\n app: my-demo-app\n spec:\n imagePullSecrets:\n - name: registry-pull\n initContainers:\n - name: jmx-sidecar\n image: my-jmx-exporter\n command: [\"cp\", \"-r\", \"/app/jmx_prometheus_javaagent-0.17.2.jar\", \"/target/jmx_prometheus_javaagent-0.17.2.jar\"] \u278a\n volumeMounts:\n - name: sidecar\n mountPath: /target\n containers:\n - image: my-demo-app-image\n name: my-demo-app\n resources:\n requests:\n memory: \"1000Mi\"\n cpu: \"500m\"\n limits:\n memory: \"1000Mi\"\n cpu: \"500m\"\n ports:\n - containerPort: 18083\n env:\n - name: JAVA_TOOL_OPTIONS\n value: \"-javaagent:/app/jmx_prometheus_javaagent-0.17.2.jar=8088:/app/prometheus-jmx-config.yaml\" \u278b\n volumeMounts:\n - name: host-time\n mountPath: /etc/localtime\n readOnly: true\n - name: sidecar\n mountPath: /sidecar\n volumes:\n - name: host-time\n hostPath:\n path: /etc/localtime\n - name: sidecar #\u5171\u4eab agent \u6587\u4ef6\u5939\n emptyDir: {}\n restartPolicy: Always\n
\u7ecf\u8fc7\u5982\u4e0a\u7684\u6539\u9020\u4e4b\u540e\uff0c\u793a\u4f8b\u5e94\u7528 my-demo-app \u5177\u5907\u4e86\u66b4\u9732 JVM \u6307\u6807\u7684\u80fd\u529b\u3002 \u8fd0\u884c\u670d\u52a1\u4e4b\u540e\uff0c\u6211\u4eec\u53ef\u4ee5\u901a\u8fc7 http://lcoalhost:8088
\u8bbf\u95ee\u670d\u52a1\u66b4\u9732\u51fa\u6765\u7684 prometheus \u683c\u5f0f\u7684\u6307\u6807\u3002
\u63a5\u7740\uff0c\u60a8\u53ef\u4ee5\u53c2\u8003 \u5df2\u6709 JVM \u6307\u6807\u7684 Java \u5e94\u7528\u5bf9\u63a5\u53ef\u89c2\u6d4b\u6027\u3002
"},{"location":"admin/insight/quickstart/otel/java/jvm-monitor/legacy-jvm.html","title":"\u5df2\u6709 JVM \u6307\u6807\u7684 Java \u5e94\u7528\u5bf9\u63a5\u53ef\u89c2\u6d4b\u6027","text":"\u5982\u679c\u60a8\u7684 Java \u5e94\u7528\u901a\u8fc7\u5176\u4ed6\u65b9\u5f0f\uff08\u6bd4\u5982 Spring Boot Actuator\uff09\u66b4\u9732\u4e86 JVM \u7684\u76d1\u63a7\u6307\u6807\uff0c \u6211\u4eec\u9700\u8981\u8ba9\u76d1\u63a7\u6570\u636e\u88ab\u91c7\u96c6\u5230\u3002\u60a8\u53ef\u4ee5\u901a\u8fc7\u5728\u5de5\u4f5c\u8d1f\u8f7d\u4e2d\u6dfb\u52a0\u6ce8\u89e3\uff08Kubernetes Annotations\uff09\u7684\u65b9\u5f0f\u8ba9 Insight \u6765\u91c7\u96c6\u5df2\u6709\u7684 JVM \u6307\u6807\uff1a
annatation: \n insight.opentelemetry.io/metric-scrape: \"true\" # \u662f\u5426\u91c7\u96c6\n insight.opentelemetry.io/metric-path: \"/\" # \u91c7\u96c6\u6307\u6807\u7684\u8def\u5f84\n insight.opentelemetry.io/metric-port: \"9464\" # \u91c7\u96c6\u6307\u6807\u7684\u7aef\u53e3\n
\u4f8b\u5982\u4e3a my-deployment-app \u6dfb\u52a0\u6ce8\u89e3\uff1a
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: my-deployment-app\nspec:\n selector:\n matchLabels:\n app: my-deployment-app\n app.kubernetes.io/name: my-deployment-app\n replicas: 1\n template:\n metadata:\n labels:\n app: my-deployment-app\n app.kubernetes.io/name: my-deployment-app\n annotations:\n insight.opentelemetry.io/metric-scrape: \"true\" # \u662f\u5426\u91c7\u96c6\n insight.opentelemetry.io/metric-path: \"/\" # \u91c7\u96c6\u6307\u6807\u7684\u8def\u5f84\n insight.opentelemetry.io/metric-port: \"9464\" # \u91c7\u96c6\u6307\u6807\u7684\u7aef\u53e3\n
\u4ee5\u4e0b\u662f\u5b8c\u6574\u793a\u4f8b\uff1a
---\napiVersion: v1\nkind: Service\nmetadata:\n name: spring-boot-actuator-prometheus-metrics-demo\nspec:\n type: NodePort\n selector:\n #app: my-deployment-with-aotu-instrumentation-app\n app.kubernetes.io/name: spring-boot-actuator-prometheus-metrics-demo\n ports:\n - name: http\n port: 8080\n---\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: spring-boot-actuator-prometheus-metrics-demo\nspec:\n selector:\n matchLabels:\n #app: my-deployment-with-aotu-instrumentation-app\n app.kubernetes.io/name: spring-boot-actuator-prometheus-metrics-demo\n replicas: 1\n template:\n metadata:\n labels:\n app.kubernetes.io/name: spring-boot-actuator-prometheus-metrics-demo\n annotations:\n insight.opentelemetry.io/metric-scrape: \"true\" # \u662f\u5426\u91c7\u96c6\n insight.opentelemetry.io/metric-path: \"/actuator/prometheus\" # \u91c7\u96c6\u6307\u6807\u7684\u8def\u5f84\n insight.opentelemetry.io/metric-port: \"8080\" # \u91c7\u96c6\u6307\u6807\u7684\u7aef\u53e3\n spec:\n containers:\n - name: myapp\n image: docker.m.daocloud.io/wutang/spring-boot-actuator-prometheus-metrics-demo\n ports:\n - name: http\n containerPort: 8080\n resources:\n limits:\n cpu: 500m\n memory: 800Mi\n requests:\n cpu: 200m\n memory: 400Mi\n
\u4ee5\u4e0a\u793a\u4f8b\u4e2d\uff0cInsight \u4f1a\u901a\u8fc7 :8080//actuator/prometheus \u6293\u53d6\u901a\u8fc7 Spring Boot Actuator \u66b4\u9732\u51fa\u6765\u7684 Prometheus \u6307\u6807\u3002
"},{"location":"admin/insight/quickstart/otel/java/jvm-monitor/otel-java-agent.html","title":"\u4f7f\u7528 OpenTelemetry Java Agent \u66b4\u9732 JVM \u76d1\u63a7\u6307\u6807","text":"\u5728 Opentelemetry Agent v1.20.0 \u53ca\u4ee5\u4e0a\u7248\u672c\u4e2d\uff0cOpentelemetry Agent \u65b0\u589e\u4e86 JMX Metric Insight \u6a21\u5757\uff0c\u5982\u679c\u4f60\u7684\u5e94\u7528\u5df2\u7ecf\u96c6\u6210\u4e86 Opentelemetry Agent \u53bb\u91c7\u96c6\u5e94\u7528\u94fe\u8def\uff0c\u90a3\u4e48\u4f60\u4e0d\u518d\u9700\u8981\u53e6\u5916\u5f15\u5165\u5176\u4ed6 Agent \u53bb\u4e3a\u6211\u4eec\u7684\u5e94\u7528\u66b4\u9732 JMX \u6307\u6807\u3002Opentelemetry Agent \u4e5f\u662f\u901a\u8fc7\u68c0\u6d4b\u5e94\u7528\u7a0b\u5e8f\u4e2d\u672c\u5730\u53ef\u7528\u7684 MBean \u516c\u5f00\u7684\u6307\u6807\uff0c\u5bf9\u5176\u8fdb\u884c\u6536\u96c6\u5e76\u66b4\u9732\u6307\u6807\u3002
Opentelemetry Agent \u4e5f\u9488\u5bf9\u5e38\u89c1\u7684 Java Server \u6216\u6846\u67b6\u5185\u7f6e\u4e86\u4e00\u4e9b\u76d1\u63a7\u7684\u6837\u4f8b\uff0c\u8bf7\u53c2\u8003\u9884\u5b9a\u4e49\u7684\u6307\u6807\u3002
\u4f7f\u7528 OpenTelemetry Java Agent \u540c\u6837\u9700\u8981\u8003\u8651\u5982\u4f55\u5c06 JAR \u6302\u8f7d\u8fdb\u5bb9\u5668\uff0c\u9664\u4e86\u53ef\u4ee5\u53c2\u8003\u4e0a\u9762 JMX Exporter \u6302\u8f7d JAR \u6587\u4ef6\u7684\u65b9\u5f0f\u5916\uff0c\u6211\u4eec\u8fd8\u53ef\u4ee5\u501f\u52a9 Opentelemetry \u63d0\u4f9b\u7684 Operator \u7684\u80fd\u529b\u6765\u5b9e\u73b0\u81ea\u52a8\u4e3a\u6211\u4eec\u7684\u5e94\u7528\u5f00\u542f JVM \u6307\u6807\u66b4\u9732\uff1a
\u5982\u679c\u4f60\u7684\u5e94\u7528\u5df2\u7ecf\u96c6\u6210\u4e86 Opentelemetry Agent \u53bb\u91c7\u96c6\u5e94\u7528\u94fe\u8def\uff0c\u90a3\u4e48\u4f60\u4e0d\u518d\u9700\u8981\u53e6\u5916\u5f15\u5165\u5176\u4ed6 Agent \u53bb\u4e3a\u6211\u4eec\u7684\u5e94\u7528\u66b4\u9732 JMX \u6307\u6807\u3002Opentelemetry Agent \u901a\u8fc7\u68c0\u6d4b\u5e94\u7528\u7a0b\u5e8f\u4e2d\u672c\u5730\u53ef\u7528\u7684 MBean \u516c\u5f00\u7684\u6307\u6807\uff0c\u73b0\u5728\u53ef\u4ee5\u672c\u5730\u6536\u96c6\u5e76\u66b4\u9732\u6307\u6807\u63a5\u53e3\u3002
\u4f46\u662f\uff0c\u622a\u81f3\u76ee\u524d\u7248\u672c\uff0c\u4f60\u4ecd\u7136\u9700\u8981\u624b\u52a8\u4e3a\u5e94\u7528\u52a0\u4e0a\u76f8\u5e94\u6ce8\u89e3\u4e4b\u540e\uff0cJVM \u6570\u636e\u624d\u4f1a\u88ab Insight \u91c7\u96c6\u5230\uff0c\u5177\u4f53\u6ce8\u89e3\u5185\u5bb9\u8bf7\u53c2\u8003 \u5df2\u6709 JVM \u6307\u6807\u7684 Java \u5e94\u7528\u5bf9\u63a5\u53ef\u89c2\u6d4b\u6027\u3002
"},{"location":"admin/insight/quickstart/otel/java/jvm-monitor/otel-java-agent.html#java","title":"\u4e3a Java \u4e2d\u95f4\u4ef6\u66b4\u9732\u6307\u6807","text":"Opentelemetry Agent \u4e5f\u5185\u7f6e\u4e86\u4e00\u4e9b\u4e2d\u95f4\u4ef6\u76d1\u63a7\u7684\u6837\u4f8b\uff0c\u8bf7\u53c2\u8003 \u9884\u5b9a\u4e49\u6307\u6807\u3002
\u9ed8\u8ba4\u6ca1\u6709\u6307\u5b9a\u4efb\u4f55\u7c7b\u578b\uff0c\u9700\u8981\u901a\u8fc7 -Dotel.jmx.target.system JVM Options \u6307\u5b9a,\u6bd4\u5982 -Dotel.jmx.target.system=jetty,kafka-broker \u3002
"},{"location":"admin/insight/quickstart/otel/java/jvm-monitor/otel-java-agent.html#_1","title":"\u53c2\u8003","text":"Gaining JMX Metric Insights with the OpenTelemetry Java Agent
Otel jmx metrics
\u867d\u7136 OpenShift \u7cfb\u7edf\u81ea\u5e26\u4e86\u4e00\u5957\u76d1\u63a7\u7cfb\u7edf\uff0c\u56e0\u4e3a\u6570\u636e\u91c7\u96c6\u7ea6\u5b9a\u7684\u4e00\u4e9b\u89c4\u5219\uff0c\u6211\u4eec\u8fd8\u662f\u4f1a\u5b89\u88c5 Insight Agent\u3002
\u5176\u4e2d\uff0c\u5b89\u9664\u4e86\u57fa\u7840\u7684\u5b89\u88c5\u914d\u7f6e\u4e4b\u5916\uff0chelm install \u7684\u65f6\u5019\u8fd8\u9700\u8981\u589e\u52a0\u5982\u4e0b\u7684\u53c2\u6570\uff1a
## \u9488\u5bf9 fluentbit \u76f8\u5173\u7684\u53c2\u6570\uff1b\n--set fluent-bit.ocp.enabled=true \\\n--set fluent-bit.serviceAccount.create=false \\\n--set fluent-bit.securityContext.runAsUser=0 \\\n--set fluent-bit.securityContext.seLinuxOptions.type=spc_t \\\n--set fluent-bit.securityContext.readOnlyRootFilesystem=false \\\n--set fluent-bit.securityContext.allowPrivilegeEscalation=false \\\n\n## \u542f\u7528\u9002\u914d OpenShift4.x \u7684 Prometheus(CR)\n--set compatibility.openshift.prometheus.enabled=true \\\n\n## \u5173\u95ed\u9ad8\u7248\u672c\u7684 Prometheus \u5b9e\u4f8b\n--set kube-prometheus-stack.prometheus.enabled=false \\\n--set kube-prometheus-stack.kubeApiServer.enabled=false \\\n--set kube-prometheus-stack.kubelet.enabled=false \\\n--set kube-prometheus-stack.kubeControllerManager.enabled=false \\\n--set kube-prometheus-stack.coreDns.enabled=false \\\n--set kube-prometheus-stack.kubeDns.enabled=false \\\n--set kube-prometheus-stack.kubeEtcd.enabled=false \\\n--set kube-prometheus-stack.kubeEtcd.enabled=false \\\n--set kube-prometheus-stack.kubeScheduler.enabled=false \\\n--set kube-prometheus-stack.kubeStateMetrics.enabled=false \\\n--set kube-prometheus-stack.nodeExporter.enabled=false \\\n\n## \u9650\u5236 PrometheusOperator \u5904\u7406\u7684 namespace\uff0c\u907f\u514d\u4e0e OpenShift \u81ea\u5e26\u7684 PrometheusOperator \u76f8\u4e92\u7ade\u4e89\n--set kube-prometheus-stack.prometheusOperator.kubeletService.namespace=\"insight-system\" \\\n--set kube-prometheus-stack.prometheusOperator.prometheusInstanceNamespaces=\"insight-system\" \\\n--set kube-prometheus-stack.prometheusOperator.denyNamespaces[0]=\"openshift-monitoring\" \\\n--set kube-prometheus-stack.prometheusOperator.denyNamespaces[1]=\"openshift-user-workload-monitoring\" \\\n--set kube-prometheus-stack.prometheusOperator.denyNamespaces[2]=\"openshift-customer-monitoring\" \\\n--set kube-prometheus-stack.prometheusOperator.denyNamespaces[3]=\"openshift-route-monitor-operator\" \\\n
"},{"location":"admin/insight/quickstart/other/install-agent-on-ocp.html#openshift-prometheus","title":"\u901a\u8fc7 OpenShift \u81ea\u8eab\u673a\u5236\uff0c\u5c06\u7cfb\u7edf\u76d1\u63a7\u6570\u636e\u5199\u5165 Prometheus \u4e2d","text":"apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: cluster-monitoring-config\n namespace: openshift-monitoring\ndata:\n config.yaml: |\n prometheusK8s:\n remoteWrite:\n - queueConfig:\n batchSendDeadline: 60s\n maxBackoff: 5s\n minBackoff: 30ms\n minShards: 1\n capacity: 5000\n maxSamplesPerSend: 1000\n maxShards: 100\n remoteTimeout: 30s\n url: http://insight-agent-prometheus.insight-system.svc.cluster.local:9090/api/v1/write\n writeRelabelConfigs:\n - action: keep\n regex: etcd|kubelet|node-exporter|apiserver|kube-state-metrics\n sourceLabels:\n - job\n
"},{"location":"admin/insight/quickstart/res-plan/index.html","title":"\u90e8\u7f72\u5bb9\u91cf\u89c4\u5212","text":"\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u53ef\u89c2\u6d4b\u6027\u6a21\u5757\u4e3a\u4e86\u907f\u514d\u6d88\u8017\u8fc7\u591a\u8d44\u6e90\uff0c\u5df2\u7ecf\u8bbe\u7f6e\u4e86\u8d44\u6e90\u4e0a\u7ebf\uff08resource limit\uff09\uff0c\u53ef\u89c2\u6d4b\u7cfb\u7edf\u9700\u8981\u5904\u7406\u5927\u91cf\u7684\u6570\u636e\uff0c\u5982\u679c\u5bb9\u91cf\u89c4\u5212\u4e0d\u5408\u7406\uff0c\u53ef\u80fd\u4f1a\u5bfc\u81f4\u7cfb\u7edf\u8d1f\u8f7d\u8fc7\u9ad8\uff0c\u5f71\u54cd\u7a33\u5b9a\u6027\u548c\u53ef\u9760\u6027\u3002
"},{"location":"admin/insight/quickstart/res-plan/index.html#_2","title":"\u89c2\u6d4b\u7ec4\u4ef6\u7684\u8d44\u6e90\u89c4\u5212","text":"\u53ef\u89c2\u6d4b\u6027\u6a21\u5757\u5305\u542b Insight \u548c Insight Agent\u3002\u5176\u4e2d\uff0cInsight \u4e3b\u8981\u8d1f\u8d23\u89c2\u6d4b\u6570\u636e\u7684\u5b58\u50a8\uff0c\u5206\u6790\u4e0e\u5c55\u793a\u3002\u800c Insight Agent \u5305\u542b\u4e86\u6570\u636e\u91c7\u96c6\u3001\u6570\u636e\u5904\u7406\u3001\u6570\u636e\u4e0a\u4f20\u7b49\u529f\u80fd\u3002
"},{"location":"admin/insight/quickstart/res-plan/index.html#_3","title":"\u5b58\u50a8\u7ec4\u4ef6\u7684\u5bb9\u91cf\u89c4\u5212","text":"Insight \u7684\u5b58\u50a8\u7ec4\u4ef6\u4e3b\u8981\u5305\u62ec ElasticSearch \u548c VictoriaMetrics. \u5176\u4e2d\uff0cElasticSearch \u4e3b\u8981\u8d1f\u8d23\u5b58\u50a8\u548c\u67e5\u8be2\u65e5\u5fd7\u4e0e\u94fe\u8def\u6570\u636e\uff0cVictoriaMetrics \u4e3b\u8981\u8d1f\u8d23\u5b58\u50a8\u548c\u67e5\u8be2\u6307\u6807\u6570\u636e\u3002
Insight Agent \u7684\u91c7\u96c6\u5668\u4e2d\u5305\u542b Proemtheus\uff0c\u867d\u7136 Prometheus \u672c\u8eab\u662f\u4e00\u4e2a\u72ec\u7acb\u7684\u7ec4\u4ef6\uff0c\u4f46\u662f\u5728 Insight Agent \u4e2d\uff0cPrometheus \u4f1a\u88ab\u7528\u4e8e\u91c7\u96c6\u6570\u636e\uff0c\u56e0\u6b64\u9700\u8981\u5bf9 Prometheus \u7684\u8d44\u6e90\u8fdb\u884c\u89c4\u5212\u3002
\u672c\u6587\u63cf\u8ff0\u4e86 vmstorge \u78c1\u76d8\u6269\u5bb9\u7684\u65b9\u6cd5\uff0c vmstorge \u78c1\u76d8\u89c4\u8303\u8bf7\u53c2\u8003 vmstorage \u78c1\u76d8\u5bb9\u91cf\u89c4\u5212\u3002
"},{"location":"admin/insight/quickstart/res-plan/modify-vms-disk.html#_1","title":"\u64cd\u4f5c\u6b65\u9aa4","text":""},{"location":"admin/insight/quickstart/res-plan/modify-vms-disk.html#_2","title":"\u5f00\u542f\u5b58\u50a8\u6c60\u6269\u5bb9","text":"\u4ee5\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u7ba1\u7406\u5458\u6743\u9650\u767b\u5f55 AI \u7b97\u529b\u4e2d\u5fc3 \u5e73\u53f0\uff0c\u70b9\u51fb \u5bb9\u5668\u7ba1\u7406 -> \u96c6\u7fa4\u5217\u8868 \uff0c\u70b9\u51fb kpanda-global-cluster \u96c6\u7fa4\u3002
\u9009\u62e9\u5de6\u4fa7\u5bfc\u822a \u5bb9\u5668\u5b58\u50a8 -> \u6570\u636e\u5377\u58f0\u660e(PVC) \uff0c\u627e\u5230 vmstorage \u7ed1\u5b9a\u7684\u6570\u636e\u5377\u58f0\u660e\u3002
\u70b9\u51fb\u67d0\u4e2a vmstorage PVC\uff0c\u8fdb\u5165 vmstorage \u7684\u6570\u636e\u5377\u58f0\u660e\u8be6\u60c5\uff0c\u786e\u8ba4\u8be5 PVC \u7ed1\u5b9a\u7684\u5b58\u50a8\u6c60\u3002
\u9009\u62e9\u5de6\u4fa7\u5bfc\u822a \u5bb9\u5668\u5b58\u50a8 -> \u5b58\u50a8\u6c60(SC) \uff0c\u627e\u5230 local-path \uff0c\u70b9\u51fb\u76ee\u6807\u53f3\u4fa7\u7684 \u2507 \uff0c\u5728\u5f39\u51fa\u83dc\u5355\u4e2d\u9009\u62e9 \u7f16\u8f91 \u3002
\u5f00\u542f \u6269\u5bb9 \u540e\u70b9\u51fb \u786e\u5b9a \u3002
\u4ee5\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u7ba1\u7406\u5458\u6743\u9650\u767b\u5f55 AI \u7b97\u529b\u4e2d\u5fc3 \u5e73\u53f0\uff0c\u8fdb\u5165 kpanda-global-cluster \u96c6\u7fa4\u8be6\u60c5\u3002
\u9009\u62e9\u5de6\u4fa7\u5bfc\u822a \u81ea\u5b9a\u4e49\u8d44\u6e90 \uff0c\u627e\u5230 vmcluster \u7684\u81ea\u5b9a\u4e49\u8d44\u6e90\u3002
\u70b9\u51fb\u8be5 vmcluster \u81ea\u5b9a\u4e49\u8d44\u6e90\u8fdb\u5165\u8be6\u60c5\u9875\uff0c\u5207\u6362\u5230 insight-system \u547d\u540d\u7a7a\u95f4\u4e0b\uff0c\u4ece insight-victoria-metrics-k8s-stack \u53f3\u4fa7\u83dc\u5355\u9009\u62e9 \u7f16\u8f91 YAML \u3002
\u6839\u636e\u56fe\u4f8b\u4fee\u6539\u540e\u70b9\u51fb \u786e\u5b9a \u3002
\u518d\u6b21\u9009\u62e9\u5de6\u4fa7\u5bfc\u822a \u5bb9\u5668\u5b58\u50a8 -> \u6570\u636e\u5377\u58f0\u660e(PVC) \uff0c\u627e\u5230 vmstorage \u7ed1\u5b9a\u7684\u6570\u636e\u5377\u58f0\u660e\u786e\u8ba4\u4fee\u6539\u5df2\u751f\u6548\u3002\u5728\u67d0\u4e2a PVC \u8be6\u60c5\u9875\uff0c\u70b9\u51fb\u5173\u8054\u5b58\u50a8\u6e90 (PV)\u3002
\u6253\u5f00\u6570\u636e\u5377\u8be6\u60c5\u9875\uff0c\u70b9\u51fb\u53f3\u4e0a\u89d2 \u66f4\u65b0 \u6309\u94ae\u3002
\u4fee\u6539 \u5bb9\u91cf \u540e\u70b9\u51fb \u786e\u5b9a \uff0c\u7a0d\u7b49\u7247\u523b\u7b49\u5230\u6269\u5bb9\u6210\u529f\u3002
\u82e5\u5b58\u50a8\u5377\u6269\u5bb9\u5931\u8d25\uff0c\u53ef\u53c2\u8003\u4ee5\u4e0b\u65b9\u6cd5\u514b\u9686\u5b58\u50a8\u5377\u3002
\u4ee5\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u7ba1\u7406\u5458\u6743\u9650\u767b\u5f55 AI \u7b97\u529b\u4e2d\u5fc3 \u5e73\u53f0\uff0c\u8fdb\u5165 kpanda-global-cluster \u96c6\u7fa4\u8be6\u60c5\u3002
\u9009\u62e9\u5de6\u4fa7\u5bfc\u822a \u5de5\u4f5c\u8d1f\u8f7d -> \u6709\u72b6\u6001\u8d1f\u8f7d \uff0c\u627e\u5230 vmstorage \u7684\u6709\u72b6\u6001\u8d1f\u8f7d\uff0c\u70b9\u51fb\u76ee\u6807\u53f3\u4fa7\u7684 \u2507 \uff0c\u5728\u5f39\u51fa\u83dc\u5355\u4e2d\u9009\u62e9 \u72b6\u6001 -> \u505c\u6b62 -> \u786e\u5b9a \u3002
\u5728\u547d\u4ee4\u884c\u4e2d\u767b\u5f55 kpanda-global-cluster \u96c6\u7fa4\u7684 master \u8282\u70b9\u540e\uff0c\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u590d\u5236 vmstorage \u5bb9\u5668\u4e2d\u7684 vm-data \u76ee\u5f55\u5c06\u6307\u6807\u4fe1\u606f\u5b58\u50a8\u5728\u672c\u5730\uff1a
kubectl cp -n insight-system vmstorage-insight-victoria-metrics-k8s-stack-1:vm-data ./vm-data\n
\u767b\u5f55 AI \u7b97\u529b\u4e2d\u5fc3 \u5e73\u53f0\u8fdb\u5165 kpanda-global-cluster \u96c6\u7fa4\u8be6\u60c5\uff0c\u9009\u62e9\u5de6\u4fa7\u5bfc\u822a \u5bb9\u5668\u5b58\u50a8 -> \u6570\u636e\u5377(PV) \uff0c\u70b9\u51fb\u53f3\u4e0a\u89d2\u7684 \u514b\u9686 \uff0c\u5e76\u4fee\u6539\u6570\u636e\u5377\u7684\u5bb9\u91cf\u3002
\u5220\u9664\u4e4b\u524d vmstorage \u7684\u6570\u636e\u5377\u3002
\u7a0d\u7b49\u7247\u523b\uff0c\u5f85\u5b58\u50a8\u5377\u58f0\u660e\u8ddf\u514b\u9686\u7684\u6570\u636e\u5377\u7ed1\u5b9a\u540e\uff0c\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u5c06\u7b2c 3 \u6b65\u4e2d\u5bfc\u51fa\u7684\u6570\u636e\u5bfc\u5165\u5230\u5bf9\u5e94\u7684\u5bb9\u5668\u4e2d\uff0c\u7136\u540e\u5f00\u542f\u4e4b\u524d\u6682\u505c\u7684 vmstorage \u3002
kubectl cp -n insight-system ./vm-data vmstorage-insight-victoria-metrics-k8s-stack-1:vm-data\n
Prometheus \u5728\u5b9e\u9645\u4f7f\u7528\u8fc7\u7a0b\u4e2d\uff0c\u53d7\u5230\u96c6\u7fa4\u5bb9\u5668\u6570\u91cf\u4ee5\u53ca\u5f00\u542f Istio \u7684\u5f71\u54cd\uff0c\u4f1a\u5bfc\u81f4 Prometheus \u7684 CPU\u3001\u5185\u5b58\u7b49\u8d44\u6e90\u4f7f\u7528\u91cf\u8d85\u51fa\u8bbe\u5b9a\u7684\u8d44\u6e90\u3002
\u4e3a\u4e86\u4fdd\u8bc1\u4e0d\u540c\u89c4\u6a21\u96c6\u7fa4\u4e0b Prometheus \u7684\u6b63\u5e38\u8fd0\u884c\uff0c\u9700\u8981\u6839\u636e\u96c6\u7fa4\u7684\u5b9e\u9645\u89c4\u6a21\u5bf9 Prometheus \u8fdb\u884c\u8d44\u6e90\u8c03\u6574\u3002
"},{"location":"admin/insight/quickstart/res-plan/prometheus-res.html#_1","title":"\u53c2\u8003\u8d44\u6e90\u89c4\u5212","text":"\u5728\u672a\u5f00\u542f\u7f51\u683c\u60c5\u51b5\u4e0b\uff0c\u6d4b\u8bd5\u60c5\u51b5\u7edf\u8ba1\u51fa\u7cfb\u7edf Job \u6307\u6807\u91cf\u4e0e Pod \u7684\u5173\u7cfb\u4e3a Series \u6570\u91cf = 800 * Pod \u6570\u91cf
\u5728\u5f00\u542f\u670d\u52a1\u7f51\u683c\u65f6\uff0c\u5f00\u542f\u529f\u80fd\u540e Pod \u4ea7\u751f\u7684 Istio \u76f8\u5173\u6307\u6807\u6570\u91cf\u7ea7\u4e3a Series \u6570\u91cf = 768 * Pod \u6570\u91cf
"},{"location":"admin/insight/quickstart/res-plan/prometheus-res.html#_2","title":"\u5f53\u672a\u5f00\u542f\u670d\u52a1\u7f51\u683c\u65f6","text":"\u4ee5\u4e0b\u8d44\u6e90\u89c4\u5212\u4e3a \u672a\u5f00\u542f\u670d\u52a1\u7f51\u683c \u573a\u666f\u4e0b\uff0cPrometheus \u7684\u8d44\u6e90\u89c4\u5212\u63a8\u8350\uff1a
\u96c6\u7fa4\u89c4\u6a21(Pod \u6570) \u6307\u6807\u91cf(\u672a\u5f00\u542f\u670d\u52a1\u7f51\u683c) CPU(core) \u5185\u5b58(GB) 100 8w Request: 0.5Limit\uff1a1 Request\uff1a2GBLimit\uff1a4GB 200 16w Request\uff1a1Limit\uff1a1.5 Request\uff1a3GBLimit\uff1a6GB 300 24w Request\uff1a1Limit\uff1a2 Request\uff1a3GBLimit\uff1a6GB 400 32w Request\uff1a1Limit\uff1a2 Request\uff1a4GBLimit\uff1a8GB 500 40w Request\uff1a1.5Limit\uff1a3 Request\uff1a5GBLimit\uff1a10GB 800 64w Request\uff1a2Limit\uff1a4 Request\uff1a8GBLimit\uff1a16GB 1000 80w Request\uff1a2.5Limit\uff1a5 Request\uff1a9GBLimit\uff1a18GB 2000 160w Request\uff1a3.5Limit\uff1a7 Request\uff1a20GBLimit\uff1a40GB 3000 240w Request\uff1a4Limit\uff1a8 Request\uff1a33GBLimit\uff1a66GB"},{"location":"admin/insight/quickstart/res-plan/prometheus-res.html#_3","title":"\u5f53\u5f00\u542f\u670d\u52a1\u7f51\u683c\u529f\u80fd\u65f6","text":"\u4ee5\u4e0b\u8d44\u6e90\u89c4\u5212\u4e3a \u5f00\u542f\u670d\u52a1\u7f51\u683c \u573a\u666f\u4e0b\uff0cPrometheus \u7684\u8d44\u6e90\u89c4\u5212\u63a8\u8350\uff1a
\u96c6\u7fa4\u89c4\u6a21(Pod \u6570) \u6307\u6807\u91cf(\u5df2\u5f00\u542f\u670d\u52a1\u7f51\u683c) CPU(core) \u5185\u5b58(GB) 100 15w Request: 1Limit\uff1a2 Request\uff1a3GBLimit\uff1a6GB 200 31w Request\uff1a2Limit\uff1a3 Request\uff1a5GBLimit\uff1a10GB 300 46w Request\uff1a2Limit\uff1a4 Request\uff1a6GBLimit\uff1a12GB 400 62w Request\uff1a2Limit\uff1a4 Request\uff1a8GBLimit\uff1a16GB 500 78w Request\uff1a3Limit\uff1a6 Request\uff1a10GBLimit\uff1a20GB 800 125w Request\uff1a4Limit\uff1a8 Request\uff1a15GBLimit\uff1a30GB 1000 156w Request\uff1a5Limit\uff1a10 Request\uff1a18GBLimit\uff1a36GB 2000 312w Request\uff1a7Limit\uff1a14 Request\uff1a40GBLimit\uff1a80GB 3000 468w Request\uff1a8Limit\uff1a16 Request\uff1a65GBLimit\uff1a130GBNote
vmstorage \u662f\u8d1f\u8d23\u5b58\u50a8\u53ef\u89c2\u6d4b\u6027\u591a\u96c6\u7fa4\u6307\u6807\u3002 \u4e3a\u4fdd\u8bc1 vmstorage \u7684\u7a33\u5b9a\u6027\uff0c\u9700\u8981\u6839\u636e\u96c6\u7fa4\u6570\u91cf\u53ca\u96c6\u7fa4\u89c4\u6a21\u8c03\u6574 vmstorage \u7684\u78c1\u76d8\u5bb9\u91cf\u3002 \u66f4\u591a\u8d44\u6599\u8bf7\u53c2\u8003\uff1avmstorage \u4fdd\u7559\u671f\u4e0e\u78c1\u76d8\u7a7a\u95f4\u3002
"},{"location":"admin/insight/quickstart/res-plan/vms-res-plan.html#_1","title":"\u6d4b\u8bd5\u7ed3\u679c","text":"\u7ecf\u8fc7 14 \u5929\u5bf9\u4e0d\u540c\u89c4\u6a21\u7684\u96c6\u7fa4\u7684 vmstorage \u7684\u78c1\u76d8\u89c2\u6d4b\uff0c \u6211\u4eec\u53d1\u73b0 vmstorage \u7684\u78c1\u76d8\u7528\u91cf\u4e0e\u5176\u5b58\u50a8\u7684\u6307\u6807\u91cf\u548c\u5355\u4e2a\u6570\u636e\u70b9\u5360\u7528\u78c1\u76d8\u6b63\u76f8\u5173\u3002
\u78c1\u76d8\u7528\u91cf = \u77ac\u65f6\u6307\u6807\u91cf x 2 x \u5355\u4e2a\u6570\u636e\u70b9\u7684\u5360\u7528\u78c1\u76d8 x 60 x 24 x \u5b58\u50a8\u65f6\u95f4 (\u5929)
\u53c2\u6570\u8bf4\u660e\uff1a
Warning
\u8be5\u516c\u5f0f\u4e3a\u901a\u7528\u65b9\u6848\uff0c\u5efa\u8bae\u5728\u8ba1\u7b97\u7ed3\u679c\u4e0a\u9884\u7559\u5197\u4f59\u78c1\u76d8\u5bb9\u91cf\u4ee5\u4fdd\u8bc1 vmstorage \u7684\u6b63\u5e38\u8fd0\u884c\u3002
"},{"location":"admin/insight/quickstart/res-plan/vms-res-plan.html#_3","title":"\u53c2\u8003\u5bb9\u91cf","text":"\u8868\u683c\u4e2d\u6570\u636e\u662f\u6839\u636e\u9ed8\u8ba4\u5b58\u50a8\u65f6\u95f4\u4e3a\u4e00\u4e2a\u6708 (30 \u5929)\uff0c\u5355\u4e2a\u6570\u636e\u70b9 (datapoint) \u7684\u5360\u7528\u78c1\u76d8\u53d6 0.9 \u8ba1\u7b97\u6240\u5f97\u7ed3\u679c\u3002 \u591a\u96c6\u7fa4\u573a\u666f\u4e0b\uff0cPod \u6570\u91cf\u8868\u793a\u591a\u96c6\u7fa4 Pod \u6570\u91cf\u7684\u603b\u548c\u3002
"},{"location":"admin/insight/quickstart/res-plan/vms-res-plan.html#_4","title":"\u5f53\u672a\u5f00\u542f\u670d\u52a1\u7f51\u683c\u65f6","text":"\u96c6\u7fa4\u89c4\u6a21 (Pod \u6570) \u6307\u6807\u91cf \u78c1\u76d8\u5bb9\u91cf 100 8w 6 GiB 200 16w 12 GiB 300 24w 18 GiB 400 32w 24 GiB 500 40w 30 GiB 800 64w 48 GiB 1000 80w 60 GiB 2000 160w 120 GiB 3000 240w 180 GiB"},{"location":"admin/insight/quickstart/res-plan/vms-res-plan.html#_5","title":"\u5f53\u5f00\u542f\u670d\u52a1\u7f51\u683c\u65f6","text":"\u96c6\u7fa4\u89c4\u6a21 (Pod \u6570) \u6307\u6807\u91cf \u78c1\u76d8\u5bb9\u91cf 100 15w 12 GiB 200 31w 24 GiB 300 46w 36 GiB 400 62w 48 GiB 500 78w 60 GiB 800 125w 94 GiB 1000 156w 120 GiB 2000 312w 235 GiB 3000 468w 350 GiB"},{"location":"admin/insight/quickstart/res-plan/vms-res-plan.html#_6","title":"\u4e3e\u4f8b\u8bf4\u660e","text":"AI \u7b97\u529b\u4e2d\u5fc3 \u5e73\u53f0\u4e2d\u6709\u4e24\u4e2a\u96c6\u7fa4\uff0c\u5176\u4e2d\u5168\u5c40\u670d\u52a1\u96c6\u7fa4(\u5f00\u542f\u670d\u52a1\u7f51\u683c)\u4e2d\u8fd0\u884c 500 \u4e2a Pod\uff0c\u5de5\u4f5c\u96c6\u7fa4(\u672a\u5f00\u542f\u670d\u52a1\u7f51\u683c)\u8fd0\u884c\u4e86 1000 \u4e2a Pod\uff0c\u9884\u671f\u6307\u6807\u5b58 30 \u5929\u3002
\u5219\u5f53\u524d vmstorage \u78c1\u76d8\u7528\u91cf\u5e94\u8bbe\u7f6e\u4e3a (784000+80000)x2x0.9x60x24x31 = 124384896000 byte = 116 GiB
Note
\u96c6\u7fa4\u4e2d\u6307\u6807\u91cf\u4e0e Pod \u6570\u91cf\u7684\u5173\u7cfb\u53ef\u53c2\u8003Prometheus \u8d44\u6e90\u89c4\u5212\u3002
"},{"location":"admin/insight/reference/alertnotification.html","title":"\u544a\u8b66\u901a\u77e5\u6d41\u7a0b\u8bf4\u660e","text":"\u5728\u521b\u5efa\u544a\u8b66\u7b56\u7565\u65f6\uff0c\u53ef\u89c2\u6d4b\u6027 Insight \u652f\u6301\u4e3a\u540c\u7b56\u7565\u4e0b\u4e0d\u540c\u7ea7\u522b\u89e6\u53d1\u7684\u544a\u8b66\u914d\u7f6e\u4e0d\u540c\u7684\u901a\u77e5\u53d1\u9001\u95f4\u9694\uff0c\u4f46\u7531\u4e8e\u5728 Alertmanager \u539f\u751f\u914d\u7f6e\u4e2d\u5b58\u5728 group_interval \u548c repeat_interval \u4e24\u4e2a\u53c2\u6570\uff0c\u4f1a\u5bfc\u81f4\u544a\u8b66\u901a\u77e5\u7684\u5b9e\u9645\u53d1\u9001\u95f4\u9694\u5b58\u5728\u504f\u5dee\u3002
"},{"location":"admin/insight/reference/alertnotification.html#_2","title":"\u53c2\u6570\u914d\u7f6e","text":"\u5728 Alertmanager \u914d\u7f6e\u5982\u4e0b\uff1a
route: \n group_by: [\"rulename\"]\n group_wait: 30s\n group_interval: 5m\n repeat_interval: 1h\n
\u53c2\u6570\u8bf4\u660e\uff1a
group_wait \uff1a\u7528\u4e8e\u8bbe\u7f6e\u544a\u8b66\u901a\u77e5\u7684\u7b49\u5f85\u65f6\u95f4\u3002\u5f53 Alertmanager \u63a5\u6536\u5230\u4e00\u7ec4\u544a\u8b66\u65f6\uff0c\u5982\u679c\u5728 group_wait \u6307\u5b9a\u7684\u65f6\u95f4\u5185\u6ca1\u6709\u66f4\u591a\u7684\u544a\u8b66\uff0c\u5219 Alertmanager \u5c06\u7b49\u5f85\u4e00\u6bb5\u65f6\u95f4\u4ee5\u4fbf\u6536\u96c6\u5230\u66f4\u591a\u76f8\u540c\u6807\u7b7e\u548c\u5185\u5bb9\u7684\u544a\u8b66\uff0c\u5e76\u5c06\u6240\u6709\u7b26\u5408\u6761\u4ef6\u7684\u544a\u8b66\u6dfb\u52a0\u5230\u540c\u4e00\u901a\u77e5\u4e2d\u3002
group_interval \uff1a\u7528\u4e8e\u8bbe\u7f6e\u4e00\u7ec4\u544a\u8b66\u5728\u88ab\u5408\u5e76\u6210\u5355\u4e00\u901a\u77e5\u524d\u7b49\u5f85\u7684\u65f6\u95f4\u3002\u5982\u679c\u5728\u8fd9\u4e2a\u65f6\u95f4\u5185\u6ca1\u6709\u6536\u5230\u66f4\u591a\u7684\u6765\u81ea\u540c\u4e00\u7ec4\u7684\u544a\u8b66\uff0c\u5219 Alertmanager \u5c06\u53d1\u9001\u4e00\u4e2a\u5305\u542b\u6240\u6709\u5df2\u63a5\u6536\u544a\u8b66\u7684\u901a\u77e5\u3002
repeat_interval \uff1a\u7528\u4e8e\u8bbe\u7f6e\u544a\u8b66\u901a\u77e5\u7684\u91cd\u590d\u53d1\u9001\u95f4\u9694\u3002\u5f53 Alertmanager \u53d1\u9001\u544a\u8b66\u901a\u77e5\u5230\u63a5\u6536\u5668\u540e\uff0c\u5982\u679c\u5728 repeat_interval \u53c2\u6570\u6307\u5b9a\u7684\u65f6\u95f4\u5185\u6301\u7eed\u6536\u5230\u76f8\u540c\u6807\u7b7e\u548c\u5185\u5bb9\u7684\u544a\u8b66\uff0c\u5219 Alertmanager \u5c06\u91cd\u590d\u53d1\u9001\u544a\u8b66\u901a\u77e5\u3002
\u5f53\u540c\u65f6\u8bbe\u7f6e\u4e86 group_wait \u3001 group_interval \u548c repeat_interval \u53c2\u6570\u65f6\uff0cAlertmanager \u5c06\u6309\u7167\u4ee5\u4e0b\u65b9\u5f0f\u5904\u7406\u540c\u4e00 group \u4e0b\u7684\u544a\u8b66\u901a\u77e5\uff1a
\u5f53 Alertmanager \u63a5\u6536\u5230\u7b26\u5408\u6761\u4ef6\u7684\u544a\u8b66\u65f6\uff0c\u5b83\u5c06\u7b49\u5f85\u81f3\u5c11 group_wait \u53c2\u6570\u4e2d\u6307\u5b9a\u7684\u65f6\u95f4\u4ee5\u4fbf\u6536\u96c6\u66f4\u591a\u76f8\u540c\u6807\u7b7e\u548c\u5185\u5bb9\u7684\u544a\u8b66\uff0c\u5e76\u5c06\u6240\u6709\u7b26\u5408\u6761\u4ef6\u7684\u544a\u8b66\u6dfb\u52a0\u5230\u540c\u4e00\u901a\u77e5\u4e2d\u3002
\u5982\u679c\u5728 group_wait \u65f6\u95f4\u5185\u6ca1\u6709\u63a5\u6536\u5230\u66f4\u591a\u7684\u544a\u8b66\uff0c\u5219\u5728\u8be5\u65f6\u95f4\u4e4b\u540e\uff0cAlertmanager \u4f1a\u5c06\u6240\u6536\u5230\u7684\u6240\u6709\u6b64\u7c7b\u8b66\u62a5\u53d1\u9001\u5230\u63a5\u6536\u5668\u3002\u5982\u679c\u6709\u5176\u4ed6\u7b26\u5408\u6761\u4ef6\u7684\u544a\u8b66\u5728\u6b64\u671f\u95f4\u5185\u5230\u8fbe\uff0c\u5219 Alertmanager \u5c06\u7ee7\u7eed\u7b49\u5f85\uff0c\u76f4\u5230\u6536\u96c6\u5230\u6240\u6709\u544a\u8b66\u6216\u8d85\u65f6\u3002
\u5982\u679c\u5728 group_interval \u53c2\u6570\u4e2d\u6307\u5b9a\u7684\u65f6\u95f4\u5185\u63a5\u6536\u5230\u4e86\u66f4\u591a\u7684\u76f8\u540c\u6807\u7b7e\u548c\u5185\u5bb9\u7684\u544a\u8b66\uff0c\u5219\u8fd9\u4e9b\u65b0\u544a\u8b66\u4e5f\u5c06\u88ab\u6dfb\u52a0\u5230\u5148\u524d\u7684\u901a\u77e5\u4e2d\u5e76\u4e00\u8d77\u53d1\u9001\u3002\u5982\u679c\u5728 group_interval \u65f6\u95f4\u7ed3\u675f\u540e\u4ecd\u7136\u6709\u672a\u53d1\u9001\u7684\u544a\u8b66\uff0cAlertmanager \u5c06\u4f1a\u91cd\u65b0\u5f00\u59cb\u4e00\u4e2a\u65b0\u7684\u8ba1\u65f6\u5468\u671f\uff0c\u5e76\u7b49\u5f85\u66f4\u591a\u7684\u544a\u8b66\uff0c\u76f4\u5230\u518d\u6b21\u8fbe\u5230 group_interval \u65f6\u95f4\u6216\u6536\u5230\u65b0\u7684\u544a\u8b66\u3002
\u5982\u679c\u5728 repeat_interval \u53c2\u6570\u4e2d\u6307\u5b9a\u7684\u65f6\u95f4\u5185\u6301\u7eed\u6536\u5230\u76f8\u540c\u6807\u7b7e\u548c\u5185\u5bb9\u7684\u544a\u8b66\uff0c\u5219 Alertmanager \u5c06\u91cd\u590d\u53d1\u9001\u4e4b\u524d\u5df2\u7ecf\u53d1\u9001\u8fc7\u7684\u8b66\u62a5\u901a\u77e5\u3002\u5728\u91cd\u590d\u53d1\u9001\u8b66\u62a5\u901a\u77e5\u65f6\uff0cAlertmanager \u4e0d\u518d\u7b49\u5f85 group_wait \u6216 group_interval \uff0c\u800c\u662f\u6839\u636e repeat_interval \u6307\u5b9a\u7684\u65f6\u95f4\u95f4\u9694\u8fdb\u884c\u91cd\u590d\u901a\u77e5\u3002
\u5982\u679c\u5728 repeat_interval \u65f6\u95f4\u7ed3\u675f\u540e\u4ecd\u6709\u672a\u53d1\u9001\u7684\u544a\u8b66\uff0c\u5219 Alertmanager \u5c06\u91cd\u65b0\u5f00\u59cb\u4e00\u4e2a\u65b0\u7684\u8ba1\u65f6\u5468\u671f\uff0c\u5e76\u7ee7\u7eed\u7b49\u5f85\u76f8\u540c\u6807\u7b7e\u548c\u5185\u5bb9\u7684\u65b0\u544a\u8b66\u3002\u8fd9\u4e2a\u8fc7\u7a0b\u5c06\u4e00\u76f4\u6301\u7eed\u4e0b\u53bb\uff0c\u76f4\u5230\u6ca1\u6709\u65b0\u544a\u8b66\u4e3a\u6b62\u6216 Alertmanager \u88ab\u505c\u6b62\u3002
\u5728\u4e0b\u8ff0\u793a\u4f8b\u4e2d\uff0cAlertmanager \u5c06\u6240\u6709 CPU \u4f7f\u7528\u7387\u9ad8\u4e8e\u9608\u503c\u7684\u544a\u8b66\u5206\u914d\u5230\u4e00\u4e2a\u540d\u4e3a\u201ccritical_alerts\u201d\u7684\u7b56\u7565\u4e2d\u3002
groups:\n- name: critical_alerts\n rules:\n - alert: HighCPUUsage\n expr: node_cpu_seconds_total{mode=\"idle\"} < 50\n for: 5m\n labels:\n severity: critical\n annotations:\n summary: \"High CPU usage detected on instance {{ $labels.instance }}\"\n group_by: [rulename]\n group_wait: 30s\n group_interval: 5m\n repeat_interval: 1h\n
\u5728\u8fd9\u79cd\u60c5\u51b5\u4e0b\uff1a
\u5982\u679c\u5728 1 \u5c0f\u65f6\u5185\u6301\u7eed\u6536\u5230\u76f8\u540c\u6807\u7b7e\u548c\u5185\u5bb9\u7684\u544a\u8b66\uff0c\u5219 Alertmanager \u5c06\u91cd\u590d\u53d1\u9001\u4e4b\u524d\u5df2\u7ecf\u53d1\u9001\u8fc7\u7684\u8b66\u62a5\u901a\u77e5\u3002
Lucene \u662f Apache \u8f6f\u4ef6\u57fa\u91d1\u4f1a 4 jakarta \u9879\u76ee\u7ec4\u7684\u4e00\u4e2a\u5b50\u9879\u76ee\uff0c\u662f\u4e00\u4e2a\u5f00\u653e\u6e90\u4ee3\u7801\u7684\u5168\u6587\u68c0\u7d22\u5f15\u64ce\u5de5\u5177\u5305\u3002 Lucene \u7684\u76ee\u7684\u662f\u4e3a\u8f6f\u4ef6\u5f00\u53d1\u4eba\u5458\u63d0\u4f9b\u4e00\u4e2a\u7b80\u5355\u6613\u7528\u7684\u5de5\u5177\u5305\uff0c\u4ee5\u65b9\u4fbf\u7684\u5728\u76ee\u6807\u7cfb\u7edf\u4e2d\u5b9e\u73b0\u5168\u6587\u68c0\u7d22\u7684\u529f\u80fd\u3002
"},{"location":"admin/insight/reference/lucene.html#lucene_2","title":"Lucene \u8bed\u6cd5","text":"Lucene \u7684\u8bed\u6cd5\u641c\u7d22\u683c\u5f0f\u5141\u8bb8\u60a8\u4ee5\u7075\u6d3b\u7684\u65b9\u5f0f\u6784\u5efa\u641c\u7d22\u67e5\u8be2\uff0c\u4ee5\u6ee1\u8db3\u4e0d\u540c\u7684\u641c\u7d22\u9700\u6c42\u3002\u4ee5\u4e0b\u662f Lucene \u7684\u8bed\u6cd5\u641c\u7d22\u683c\u5f0f\u7684\u8be6\u7ec6\u8bf4\u660e\uff1a
"},{"location":"admin/insight/reference/lucene.html#_1","title":"\u5173\u952e\u5b57\u67e5\u8be2","text":"\u8981\u901a\u8fc7 Lucene \u8bed\u6cd5\u5b9e\u73b0\u591a\u4e2a\u5173\u952e\u5b57\u7684\u67e5\u8be2\uff0c\u60a8\u53ef\u4ee5\u4f7f\u7528\u5e03\u5c14\u903b\u8f91\u64cd\u4f5c\u7b26\u6765\u7ec4\u5408\u591a\u4e2a\u5173\u952e\u5b57\u3002Lucene \u652f\u6301\u4ee5\u4e0b\u51e0\u79cd\u64cd\u4f5c\u7b26\uff1a
AND \u64cd\u4f5c\u7b26
OR \u64cd\u4f5c\u7b26
NOT \u64cd\u4f5c\u7b26
\u5f15\u53f7
\u6307\u5b9a\u5b57\u6bb5
field1:keyword1 AND (field2:keyword2 OR field3:keyword3) NOT field4:keyword4\n
\u89e3\u91ca\u5982\u4e0b\uff1a
\u4e0d\u6307\u5b9a\u5b57\u6bb5
keyword1 AND (keyword2 OR keyword3) NOT keyword4\n
\u89e3\u91ca\u5982\u4e0b\uff1a
\u5728 Lucene \u4e2d\uff0c\u6a21\u7cca\u67e5\u8be2\u53ef\u4ee5\u901a\u8fc7\u6ce2\u6d6a\u53f7 ~ \u6765\u5b9e\u73b0\u8fd1\u4f3c\u5339\u914d\u3002\u60a8\u53ef\u4ee5\u6307\u5b9a\u4e00\u4e2a\u7f16\u8f91\u8ddd\u79bb\u6765\u9650\u5236\u5339\u914d\u7684\u76f8\u4f3c\u5ea6\u7a0b\u5ea6\u3002
term~\n
\u5728\u4e0a\u8ff0\u793a\u4f8b\u4e2d\uff0c term \u662f\u8981\u8fdb\u884c\u6a21\u7cca\u5339\u914d\u7684\u5173\u952e\u5b57\u3002
\u8bf7\u6ce8\u610f\u4ee5\u4e0b\u51e0\u70b9\uff1a
Lucene \u652f\u6301\u4ee5\u4e0b\u4e24\u79cd\u901a\u914d\u7b26\u67e5\u8be2\uff1a
*
\u901a\u914d\u7b26\uff1a *
\u7528\u4e8e\u5339\u914d\u96f6\u4e2a\u6216\u591a\u4e2a\u5b57\u7b26\u3002
\u4f8b\u5982\uff0c te*t \u00a0\u53ef\u4ee5\u5339\u914d \"test\"\u3001\"text\"\u3001\"tempest\" \u7b49\u3002
?
\u901a\u914d\u7b26\uff1a ?
\u7528\u4e8e\u5339\u914d\u5355\u4e2a\u5b57\u7b26\u3002
\u4f8b\u5982\uff0c te?t \u00a0\u53ef\u4ee5\u5339\u914d \"test\"\u3001\"text\" \u7b49\u3002
te?t\n
\u5728\u4e0a\u8ff0\u793a\u4f8b\u4e2d\uff0c te?t \u8868\u793a\u5339\u914d\u4ee5 \"te\" \u5f00\u5934\uff0c\u63a5\u7740\u662f\u4e00\u4e2a\u4efb\u610f\u5b57\u7b26\uff0c\u7136\u540e\u4ee5 \"t\" \u7ed3\u5c3e\u7684\u8bcd\u3002\u8fd9\u79cd\u67e5\u8be2\u53ef\u4ee5\u5339\u914d\u4f8b\u5982 \"test\"\u3001\"text\"\u3001\"tent\" \u7b49\u3002
\u9700\u8981\u6ce8\u610f\u7684\u662f\uff0c\u95ee\u53f7\u53ea\u80fd\u4ee3\u8868\u4e00\u4e2a\u5b57\u7b26\uff0c\u5982\u679c\u60f3\u8981\u5339\u914d\u591a\u4e2a\u5b57\u7b26\u6216\u8005\u662f\u53ef\u53d8\u957f\u5ea6\u7684\u5b57\u7b26\uff0c\u53ef\u4ee5\u4f7f\u7528\u661f\u53f7 *
\u8fdb\u884c\u591a\u5b57\u7b26\u901a\u914d\u7b26\u5339\u914d\u3002 \u53e6\u5916\uff0c\u95ee\u53f7\u4e0d\u4f1a\u5339\u914d\u7a7a\u5b57\u7b26\u4e32\u3002
\u603b\u7ed3\u4e00\u4e0b\uff0cLucene \u8bed\u6cd5\u4e2d\u7684\u95ee\u53f7 ?
\u7528\u4f5c\u5355\u5b57\u7b26\u901a\u914d\u7b26\uff0c\u8868\u793a\u5339\u914d\u4efb\u610f\u4e00\u4e2a\u5b57\u7b26\u3002\u901a\u8fc7\u5728\u641c\u7d22\u5173\u952e\u5b57\u4e2d\u4f7f\u7528\u95ee\u53f7\uff0c\u60a8\u53ef\u4ee5\u8fdb\u884c\u66f4\u7075\u6d3b\u548c\u5177\u4f53\u7684\u6a21\u5f0f\u5339\u914d\u3002
Lucene \u8bed\u6cd5\u652f\u6301\u8303\u56f4\u67e5\u8be2\uff0c\u60a8\u53ef\u4ee5\u4f7f\u7528\u65b9\u62ec\u53f7 [ ] \u6216\u82b1\u62ec\u53f7 { } \u6765\u8868\u793a\u8303\u56f4\u3002\u4ee5\u4e0b\u662f\u8303\u56f4\u67e5\u8be2\u7684\u793a\u4f8b\uff1a
\u5305\u542b\u8fb9\u754c\u7684\u8303\u56f4\u67e5\u8be2\uff1a
\u6392\u9664\u8fb9\u754c\u7684\u8303\u56f4\u67e5\u8be2\uff1a
\u7701\u7565\u8fb9\u754c\u7684\u8303\u56f4\u67e5\u8be2\uff1a
Note
\u8bf7\u6ce8\u610f\uff0c\u8303\u56f4\u67e5\u8be2\u53ea\u9002\u7528\u4e8e\u80fd\u591f\u8fdb\u884c\u6392\u5e8f\u7684\u5b57\u6bb5\u7c7b\u578b\uff0c\u5982\u6570\u5b57\u3001\u65e5\u671f\u7b49\u3002\u540c\u65f6\uff0c\u786e\u4fdd\u5728\u67e5\u8be2\u65f6\u5c06\u8fb9\u754c\u503c\u6b63\u786e\u5730\u6307\u5b9a\u4e3a\u5b57\u6bb5\u7684\u5b9e\u9645\u503c\u7c7b\u578b\u3002 \u5982\u679c\u60a8\u5e0c\u671b\u5728\u6574\u4e2a\u7d22\u5f15\u4e2d\u8fdb\u884c\u8303\u56f4\u67e5\u8be2\u800c\u4e0d\u6307\u5b9a\u7279\u5b9a\u5b57\u6bb5\uff0c\u53ef\u4ee5\u4f7f\u7528\u901a\u914d\u7b26\u67e5\u8be2 *
\u6765\u4ee3\u66ff\u5b57\u6bb5\u540d\u3002
\u6307\u5b9a\u5b57\u6bb5
timestamp:[2022-01-01 TO 2022-01-31]\n
\u8fd9\u5c06\u68c0\u7d22 timestamp \u5b57\u6bb5\u5728 2022 \u5e74 1 \u6708 1 \u65e5\u5230 2022 \u5e74 1 \u6708 31 \u65e5\u4e4b\u95f4\u7684\u6570\u636e\u3002
\u4e0d\u6307\u5b9a\u5b57\u6bb5
*:[value1 TO value2]\n
\u8fd9\u5c06\u5728\u6574\u4e2a\u7d22\u5f15\u4e2d\u641c\u7d22\u53d6\u503c\u8303\u56f4\u4ece value1 \u5230 value2 \u7684\u6587\u6863\u3002
\u5982\u679c\u4f60\u60f3\u8981\u7cbe\u786e\u5339\u914d\u67d0\u4e2a\u7279\u5b9a\u7684\u503c\uff0c\u53ef\u4ee5\u5728\u5173\u952e\u5b57\u540e\u52a0\u5165 .keyword
\u540e\u7f00\uff0c\u4f8b\u5982 kubernetes.container_name.keyword
\u3002
\u67e5\u8be2\u6307\u5b9a Pod \u4e2d\u6307\u5b9a\u5bb9\u5668\u7684\u65e5\u5fd7
kubernetes.pod_name.keyword:nginx-pod AND kubernetes.container_name.keyword:nginx\n
2. \u67e5\u8be2 Pod \u540d\u79f0\u4e2d\u5305\u542b nginx-pod
\u7684\u5bb9\u5668\u65e5\u5fd7 kubernetes.pod_name:nginx-pod\n
\u544a\u8b66\u901a\u77e5\u6a21\u677f\u91c7\u7528\u4e86 Go Template \u8bed\u6cd5\u6765\u6e32\u67d3\u6a21\u677f\u3002
\u6a21\u677f\u4f1a\u57fa\u4e8e\u4e0b\u9762\u7684\u6570\u636e\u8fdb\u884c\u6e32\u67d3\u3002
{\n \"status\": \"firing\",\n \"labels\": {\n \"alertgroup\": \"test-group\", // \u544a\u8b66\u7b56\u7565\u540d\u79f0\n \"alertname\": \"test-rule\", // \u544a\u8b66\u89c4\u5219\u540d\u79f0\n \"cluster\": \"35b54a48-b66c-467b-a8dc-503c40826330\",\n \"customlabel1\": \"v1\",\n \"customlabel2\": \"v2\",\n \"endpoint\": \"https\",\n \"group_id\": \"01gypg06fcdf7rmqc4ksv97646\",\n \"instance\": \"10.6.152.85:6443\",\n \"job\": \"apiserver\",\n \"namespace\": \"default\",\n \"prometheus\": \"insight-system/insight-agent-kube-prometh-prometheus\",\n \"prometheus_replica\": \"prometheus-insight-agent-kube-prometh-prometheus-0\",\n \"rule_id\": \"01gypg06fcyn2g9zyehbrvcdfn\",\n \"service\": \"kubernetes\",\n \"severity\": \"critical\",\n \"target\": \"35b54a48-b66c-467b-a8dc-503c40826330\",\n \"target_type\": \"cluster\"\n },\n \"annotations\": {\n \"customanno1\": \"v1\",\n \"customanno2\": \"v2\",\n \"description\": \"\u8fd9\u662f\u4e00\u6761\u6d4b\u8bd5\u89c4\u5219\uff0c10.6.152.85:6443 down\",\n \"value\": \"1\"\n },\n \"startsAt\": \"2023-04-20T07:53:54.637363473Z\",\n \"endsAt\": \"0001-01-01T00:00:00Z\",\n \"generatorURL\": \"http://vmalert-insight-victoria-metrics-k8s-stack-df987997b-npsl9:8080/vmalert/alert?group_id=16797738747470868115&alert_id=10071735367745833597\",\n \"fingerprint\": \"25c8d93d5bf58ac4\"\n}\n
"},{"location":"admin/insight/reference/notify-helper.html#_2","title":"\u4f7f\u7528\u8bf4\u660e","text":".
\u5b57\u7b26
\u5728\u5f53\u524d\u4f5c\u7528\u57df\u4e0b\u6e32\u67d3\u6307\u5b9a\u5bf9\u8c61\u3002
\u793a\u4f8b 1: \u53d6\u9876\u7ea7\u4f5c\u7528\u57df\u4e0b\u7684\u6240\u6709\u5185\u5bb9\uff0c\u5373\u793a\u4f8b\u4ee3\u7801\u4e2d\u4e0a\u4e0b\u6587\u6570\u636e\u7684\u5168\u90e8\u5185\u5bb9\u3002
{{ . }}\n
\u5224\u65ad\u8bed\u53e5 if / else
\u4f7f\u7528 if \u68c0\u67e5\u6570\u636e\uff0c\u5982\u679c\u4e0d\u6ee1\u8db3\u53ef\u4ee5\u6267\u884c else\u3002
{{if .Labels.namespace }}\u547d\u540d\u7a7a\u95f4\uff1a{{ .Labels.namespace }} \\n{{ end }}\n
\u5faa\u73af\u51fd\u6570 for
for \u51fd\u6570\u7528\u4e8e\u91cd\u590d\u6267\u884c\u4ee3\u7801\u5185\u5bb9\u3002
\u793a\u4f8b 1: \u904d\u5386 labels \u5217\u8868\uff0c\u83b7\u53d6\u544a\u8b66\u7684\u6240\u6709 label \u5185\u5bb9\u3002
{{ for .Labels}} \\n {{end}}\n
Insight \u7684\u201d\u901a\u77e5\u6a21\u677f\u201c\u548c\u201d\u77ed\u4fe1\u6a21\u677f\u201c\u652f\u6301 70 \u591a\u4e2a sprig \u51fd\u6570\uff0c\u4ee5\u53ca\u81ea\u7814\u7684\u51fd\u6570\u3002
"},{"location":"admin/insight/reference/notify-helper.html#sprig","title":"Sprig \u51fd\u6570","text":"Sprig \u5185\u7f6e\u4e86 70 \u591a\u79cd\u5e38\u89c1\u7684\u6a21\u677f\u51fd\u6570\u5e2e\u52a9\u6e32\u67d3\u6570\u636e\u3002\u4ee5\u4e0b\u5217\u4e3e\u5e38\u89c1\u51fd\u6570\uff1a
\u66f4\u591a\u7ec6\u8282\u53ef\u4ee5\u67e5\u770b\u5b98\u65b9\u6587\u6863\u3002
"},{"location":"admin/insight/reference/notify-helper.html#_3","title":"\u81ea\u7814\u51fd\u6570","text":""},{"location":"admin/insight/reference/notify-helper.html#toclustername","title":"toClusterName","text":"toClusterName \u51fd\u6570\u6839\u636e\u201c\u96c6\u7fa4\u552f\u4e00\u6807\u793a Id\u201d\u67e5\u8be2\u201c\u96c6\u7fa4\u540d\u201d\uff1b\u5982\u679c\u67e5\u8be2\u4e0d\u5230\u5bf9\u5e94\u7684\u96c6\u7fa4\uff0c\u5c06\u76f4\u63a5\u8fd4\u56de\u4f20\u5165\u7684\u96c6\u7fa4\u7684\u552f\u4e00\u6807\u793a\u3002
func toClusterName(id string) (string, error)\n
\u793a\u4f8b\uff1a
{{ toClusterName \"clusterId\" }}\n{{ \"clusterId\" | toClusterName }}\n
"},{"location":"admin/insight/reference/notify-helper.html#toclusterid","title":"toClusterId","text":"toClusterId \u51fd\u6570\u6839\u636e\u201c\u96c6\u7fa4\u540d\u201d\u67e5\u8be2\u201c\u96c6\u7fa4\u552f\u4e00\u6807\u793a Id\u201d\uff1b\u5982\u679c\u67e5\u8be2\u4e0d\u5230\u5bf9\u5e94\u7684\u96c6\u7fa4\uff0c\u5c06\u76f4\u63a5\u8fd4\u56de\u4f20\u5165\u7684\u96c6\u7fa4\u540d\u3002
func toClusterId(name string) (string, error)\n
\u793a\u4f8b\uff1a
{{ toClusterId \"clusterName\" }}\n{{ \"clusterName\" | toClusterId }}\n
"},{"location":"admin/insight/reference/notify-helper.html#todateinzone","title":"toDateInZone","text":"toDateInZone \u6839\u636e\u5b57\u7b26\u4e32\u65f6\u95f4\u8f6c\u6362\u6210\u6240\u9700\u7684\u65f6\u95f4\uff0c\u5e76\u8fdb\u884c\u683c\u5f0f\u5316\u3002
func toDateInZone(fmt string, date interface{}, zone string) string\n
\u793a\u4f8b 1\uff1a
{{ toDateInZone \"2006-01-02T15:04:05\" \"2022-08-15T05:59:08.064449533Z\" \"Asia/Shanghai\" }}\n
\u5c06\u83b7\u5f97\u8fd4\u56de\u503c 2022-08-15T13:59:08 \u3002\u6b64\u5916\uff0c\u4e5f\u53ef\u4ee5\u901a\u8fc7 sprig \u5185\u7f6e\u7684\u51fd\u6570\u8fbe\u5230 toDateInZone \u7684\u6548\u679c\uff1a
{{ dateInZone \"2006-01-02T15:04:05\" (toDate \"2006-01-02T15:04:05Z07:00\" .StartsAt) \"Asia/Shanghai\" }}\n
\u793a\u4f8b 2\uff1a
{{ toDateInZone \"2006-01-02T15:04:05\" .StartsAt \"Asia/Shanghai\" }}\n\n## \u9608\u503c\u6a21\u677f\u8bf4\u660e\n\nInsight \u5185\u7f6e Webhook \u544a\u8b66\u6a21\u677f\u5982\u4e0b\uff0c\u5176\u4ed6\u5982\u90ae\u4ef6\u3001\u4f01\u4e1a\u5fae\u4fe1\u7b49\u5185\u5bb9\u76f8\u540c\uff0c\u53ea\u662f\u5bf9\u6362\u884c\u8fdb\u884c\u76f8\u5e94\u8c03\u6574\u3002\n\n```text\n\u89c4\u5219\u540d\u79f0\uff1a{{ .Labels.alertname }} \\n\n\u7b56\u7565\u540d\u79f0\uff1a{{ .Labels.alertgroup }} \\n\n\u544a\u8b66\u7ea7\u522b\uff1a{{ .Labels.severity }} \\n\n\u96c6\u7fa4\uff1a{{ .Labels.cluster }} \\n\n{{if .Labels.namespace }}\u547d\u540d\u7a7a\u95f4\uff1a{{ .Labels.namespace }} \\n{{ end }}\n{{if .Labels.node }}\u8282\u70b9\uff1a{{ .Labels.node }} \\n{{ end }}\n\u8d44\u6e90\u7c7b\u578b\uff1a{{ .Labels.target_type }} \\n\n{{if .Labels.target }}\u8d44\u6e90\u540d\u79f0\uff1a{{ .Labels.target }} \\n{{ end }}\n\u89e6\u53d1\u503c\uff1a{{ .Annotations.value }} \\n\n\u53d1\u751f\u65f6\u95f4\uff1a{{ .StartsAt }} \\n\n{{if ne \"0001-01-01T00:00:00Z\" .EndsAt }}\u7ed3\u675f\u65f6\u95f4\uff1a{{ .EndsAt }} \\n{{ end }}\n\u63cf\u8ff0\uff1a{{ .Annotations.description }} \\n\n
"},{"location":"admin/insight/reference/notify-helper.html#_4","title":"\u90ae\u7bb1\u4e3b\u9898\u53c2\u6570","text":"\u7531\u4e8e Insight \u5728\u53d1\u9001\u544a\u8b66\u6d88\u606f\u65f6\uff0c\u4f1a\u5bf9\u540c\u4e00\u65f6\u95f4\u540c\u4e00\u6761\u89c4\u5219\u4ea7\u751f\u7684\u6d88\u606f\u8fdb\u884c\u5408\u5e76\u53d1\u9001\uff0c \u6240\u4ee5 email \u4e3b\u9898\u4e0d\u540c\u4e8e\u4e0a\u9762\u56db\u79cd\u6a21\u677f\uff0c\u53ea\u4f1a\u4f7f\u7528\u544a\u8b66\u6d88\u606f\u4e2d\u7684 commonLabels \u5185\u5bb9\u5bf9\u6a21\u677f\u8fdb\u884c\u6e32\u67d3\u3002\u9ed8\u8ba4\u6a21\u677f\u5982\u4e0b:
[{{ .status }}] [{{ .severity }}] \u544a\u8b66\uff1a{{ .alertname }}\n
\u5176\u4ed6\u53ef\u4f5c\u4e3a\u90ae\u7bb1\u4e3b\u9898\u7684\u5b57\u6bb5\u5982\u4e0b:
{{ .status }} \u544a\u8b66\u6d88\u606f\u7684\u89e6\u53d1\u72b6\u6001\n{{ .alertgroup }} \u544a\u8b66\u6240\u5c5e\u7684\u7b56\u7565\u540d\u79f0\n{{ .alertname }} \u544a\u8b66\u6240\u5c5e\u7684\u89c4\u5219\u540d\u79f0\n{{ .severity }} \u544a\u8b66\u7ea7\u522b\n{{ .target_type }} \u544a\u8b66\u8d44\u6e90\u7c7b\u578b\n{{ .target }} \u544a\u8b66\u8d44\u6e90\u5bf9\u8c61\n{{ .\u89c4\u5219\u5176\u4ed6\u81ea\u5b9a\u4e49 label key }}\n
"},{"location":"admin/insight/reference/tailing-sidecar.html","title":"\u901a\u8fc7 Sidecar \u91c7\u96c6\u5bb9\u5668\u65e5\u5fd7","text":"Tailing Sidecar \u662f\u4e00\u4e2a\u6d41\u5f0f Sidecar \u5bb9\u5668\uff0c \u662f Kubernetes \u96c6\u7fa4\u7ea7\u7684\u65e5\u5fd7\u4ee3\u7406\u3002Tailing Sidercar \u53ef\u4ee5\u5728\u5bb9\u5668\u65e0\u6cd5\u5199\u5165\u6807\u51c6\u8f93\u51fa\u6216\u6807\u51c6\u9519\u8bef\u6d41\u65f6\uff0c\u65e0\u9700\u66f4\u6539\uff0c\u5373\u53ef\u81ea\u52a8\u6536\u53d6\u548c\u6c47\u603b\u5bb9\u5668\u5185\u65e5\u5fd7\u6587\u4ef6\u3002
Insight \u652f\u6301\u901a\u8fc7 Sidercar \u6a21\u5f0f\u91c7\u96c6\u65e5\u5fd7\uff0c\u5373\u5728\u6bcf\u4e2a Pod \u4e2d\u8fd0\u884c\u4e00\u4e2a Sidecar \u5bb9\u5668\u5c06\u65e5\u5fd7\u6570\u636e\u8f93\u51fa\u5230\u6807\u51c6\u8f93\u51fa\u6d41\uff0c\u4ee5\u4fbf FluentBit \u6536\u96c6\u5bb9\u5668\u65e5\u5fd7\u3002
Insight Agent \u4e2d\u9ed8\u8ba4\u5b89\u88c5\u4e86 tailing-sidecar operator \u3002 \u82e5\u60a8\u60f3\u5f00\u542f\u91c7\u96c6\u5bb9\u5668\u5185\u6587\u4ef6\u65e5\u5fd7\uff0c\u8bf7\u901a\u8fc7\u7ed9 Pod \u6dfb\u52a0\u6ce8\u89e3\u8fdb\u884c\u6807\u8bb0\uff0c tailing-sidecar operator \u5c06\u81ea\u52a8\u6ce8\u5165 Tailing Sidecar \u5bb9\u5668\uff0c \u88ab\u6ce8\u5165\u7684 Sidecar \u5bb9\u5668\u8bfb\u53d6\u4e1a\u52a1\u5bb9\u5668\u5185\u7684\u6587\u4ef6\uff0c\u5e76\u8f93\u51fa\u5230\u6807\u51c6\u8f93\u51fa\u6d41\u3002
\u5177\u4f53\u64cd\u4f5c\u6b65\u9aa4\u5982\u4e0b\uff1a
\u4fee\u6539 Pod \u7684 YAML \u6587\u4ef6\uff0c\u5728 annotation \u5b57\u6bb5\u589e\u52a0\u5982\u4e0b\u53c2\u6570\uff1a
metadata:\n annotations:\n tailing-sidecar: <sidecar-name-0>:<volume-name-0>:<path-to-tail-0>;<sidecar-name-1>:<volume-name-1>:<path-to-tail-1>\n
\u5b57\u6bb5\u8bf4\u660e\uff1a
Note
\u6bcf\u4e2a Pod \u53ef\u8fd0\u884c\u591a\u4e2a Sidecar \u5bb9\u5668\uff0c\u53ef\u4ee5\u901a\u8fc7 ; \u9694\u79bb\uff0c\u5b9e\u73b0\u4e0d\u540c Sidecar \u5bb9\u5668\u91c7\u96c6\u591a\u4e2a\u6587\u4ef6\u5230\u591a\u4e2a\u5b58\u50a8\u5377\u3002
\u91cd\u542f Pod\uff0c\u5f85 Pod \u72b6\u6001\u53d8\u6210 \u8fd0\u884c\u4e2d \u540e\uff0c\u5219\u53ef\u901a\u8fc7 \u65e5\u5fd7\u67e5\u8be2 \u754c\u9762\uff0c\u67e5\u627e\u8be5 Pod \u7684\u5bb9\u5668\u5185\u65e5\u5fd7\u3002
\u672c\u6587\u4e2d\u7684\u6307\u6807\u662f\u57fa\u4e8e\u793e\u533a\u7684 kube-prometheus \u7684\u57fa\u7840\u4e4b\u4e0a\u6574\u7406\u800c\u6210\u3002 \u76ee\u524d\u6db5\u76d6\u4e86 Cluster\u3001Node\u3001Namespace\u3001Workload \u7b49\u591a\u4e2a\u5c42\u9762\u7684\u6307\u6807\u3002 \u672c\u6587\u679a\u4e3e\u4e86\u4e00\u4e9b\u5e38\u7528\u7684\u6307\u6807\u540d\u3001\u4e2d\u6587\u63cf\u8ff0\u548c\u5355\u4f4d\uff0c\u4ee5\u4fbf\u7d22\u5f15\u3002
"},{"location":"admin/insight/reference/used-metric-in-insight.html#cluster","title":"\u96c6\u7fa4\uff08Cluster\uff09","text":"\u6307\u6807\u540d \u4e2d\u6587\u63cf\u8ff0 \u5355\u4f4d cluster_cpu_utilization \u96c6\u7fa4 CPU \u4f7f\u7528\u7387 cluster_cpu_total \u96c6\u7fa4 CPU \u603b\u91cf Core cluster_cpu_usage \u96c6\u7fa4 CPU \u7528\u91cf Core cluster_cpu_requests_commitment \u96c6\u7fa4 CPU \u5206\u914d\u7387 cluster_memory_utilization \u96c6\u7fa4\u5185\u5b58\u4f7f\u7528\u7387 cluster_memory_usage \u96c6\u7fa4\u5185\u5b58\u4f7f\u7528\u91cf Byte cluster_memory_available \u96c6\u7fa4\u53ef\u7528\u5185\u5b58 Byte cluster_memory_requests_commitment \u96c6\u7fa4\u5185\u5b58\u5206\u914d\u7387 cluster_memory_total \u96c6\u7fa4\u5185\u5b58\u53ef\u7528\u91cf Byte cluster_net_utilization \u96c6\u7fa4\u7f51\u7edc\u6570\u636e\u4f20\u8f93\u901f\u7387 Byte/s cluster_net_bytes_transmitted \u96c6\u7fa4\u7f51\u7edc\u6570\u636e\u53d1\u9001 (\u4e0a\u884c) \u901f\u7387 Byte/s cluster_net_bytes_received \u96c6\u7fa4\u7f51\u7edc\u6570\u636e\u63a5\u53d7 (\u4e0b\u884c) \u901f\u7387 Byte/s cluster_disk_read_iops \u96c6\u7fa4\u78c1\u76d8\u6bcf\u79d2\u8bfb\u6b21\u6570 \u6b21/s cluster_disk_write_iops \u96c6\u7fa4\u78c1\u76d8\u6bcf\u79d2\u5199\u6b21\u6570 \u6b21/s cluster_disk_read_throughput \u96c6\u7fa4\u78c1\u76d8\u6bcf\u79d2\u8bfb\u53d6\u6570\u636e\u91cf Byte/s cluster_disk_write_throughput \u96c6\u7fa4\u78c1\u76d8\u6bcf\u79d2\u5199\u5165\u6570\u636e\u91cf Byte/s cluster_disk_size_capacity \u96c6\u7fa4\u78c1\u76d8\u603b\u5bb9\u91cf Byte cluster_disk_size_available \u96c6\u7fa4\u78c1\u76d8\u53ef\u7528\u5927\u5c0f Byte cluster_disk_size_usage \u96c6\u7fa4\u78c1\u76d8\u4f7f\u7528\u91cf Byte cluster_disk_size_utilization \u96c6\u7fa4\u78c1\u76d8\u4f7f\u7528\u7387 cluster_node_total \u96c6\u7fa4\u8282\u70b9\u603b\u6570 \u4e2a cluster_node_online \u96c6\u7fa4\u8282\u70b9\u603b\u6570 \u4e2a cluster_node_offline_count \u96c6\u7fa4\u5931\u8054\u7684\u8282\u70b9\u4e2a\u6570 \u4e2a cluster_pod_count \u96c6\u7fa4 Pod \u603b\u6570 \u4e2a cluster_pod_running_count \u96c6\u7fa4\u6b63\u5e38\u8fd0\u884c Pod \u4e2a\u6570 \u4e2a cluster_pod_abnormal_count \u96c6\u7fa4\u5f02\u5e38\u8fd0\u884c Pod \u4e2a\u6570 \u4e2a cluster_deployment_count \u96c6\u7fa4 Deployment \u603b\u6570 \u4e2a cluster_deployment_normal_count \u96c6\u7fa4\u6b63\u5e38\u7684 Deployment \u603b\u6570 \u4e2a cluster_deployment_abnormal_count \u96c6\u7fa4\u5f02\u5e38\u7684 Deployment \u603b\u6570 \u4e2a cluster_statefulset_count \u96c6\u7fa4 StatefulSet \u4e2a\u6570 \u4e2a cluster_statefulset_normal_count \u96c6\u7fa4\u6b63\u5e38\u8fd0\u884c StatefulSet \u4e2a\u6570 \u4e2a cluster_statefulset_abnormal_count \u96c6\u7fa4\u5f02\u5e38\u8fd0\u884c StatefulSet \u4e2a\u6570 \u4e2a cluster_daemonset_count \u96c6\u7fa4 DaemonSet \u4e2a\u6570 \u4e2a cluster_daemonset_normal_count \u96c6\u7fa4\u6b63\u5e38\u8fd0\u884c DaemonSet \u4e2a\u6570 \u4e2a cluster_daemonset_abnormal_count \u96c6\u7fa4\u5f02\u5e38\u8fd0\u884c DaemonSet \u4e2a\u6570 \u4e2a cluster_job_count \u96c6\u7fa4 Job \u603b\u6570 \u4e2a cluster_job_normal_count \u96c6\u7fa4\u6b63\u5e38\u8fd0\u884c Job \u4e2a\u6570 \u4e2a cluster_job_abnormal_count \u96c6\u7fa4\u5f02\u5e38\u8fd0\u884c Job \u4e2a\u6570 \u4e2aTip
\u4f7f\u7528\u7387\u4e00\u822c\u662f\uff080,1] \u533a\u95f4\u7684\u6570\u5b57\uff08\u4f8b\u5982\uff1a0.21\uff0c\u800c\u4e0d\u662f 21%\uff09
"},{"location":"admin/insight/reference/used-metric-in-insight.html#node","title":"\u8282\u70b9\uff08Node\uff09","text":"\u6307\u6807\u540d \u4e2d\u6587\u63cf\u8ff0 \u5355\u4f4d node_cpu_utilization \u8282\u70b9 CPU \u4f7f\u7528\u7387 node_cpu_total \u8282\u70b9 CPU \u603b\u91cf Core node_cpu_usage \u8282\u70b9 CPU \u7528\u91cf Core node_cpu_requests_commitment \u8282\u70b9 CPU \u5206\u914d\u7387 node_memory_utilization \u8282\u70b9\u5185\u5b58\u4f7f\u7528\u7387 node_memory_usage \u8282\u70b9\u5185\u5b58\u4f7f\u7528\u91cf Byte node_memory_requests_commitment \u8282\u70b9\u5185\u5b58\u5206\u914d\u7387 node_memory_available \u8282\u70b9\u53ef\u7528\u5185\u5b58 Byte node_memory_total \u8282\u70b9\u5185\u5b58\u53ef\u7528\u91cf Byte node_net_utilization \u8282\u70b9\u7f51\u7edc\u6570\u636e\u4f20\u8f93\u901f\u7387 Byte/s node_net_bytes_transmitted \u8282\u70b9\u7f51\u7edc\u6570\u636e\u53d1\u9001 (\u4e0a\u884c) \u901f\u7387 Byte/s node_net_bytes_received \u8282\u70b9\u7f51\u7edc\u6570\u636e\u63a5\u53d7 (\u4e0b\u884c) \u901f\u7387 Byte/s node_disk_read_iops \u8282\u70b9\u78c1\u76d8\u6bcf\u79d2\u8bfb\u6b21\u6570 \u6b21/s node_disk_write_iops \u8282\u70b9\u78c1\u76d8\u6bcf\u79d2\u5199\u6b21\u6570 \u6b21/s node_disk_read_throughput \u8282\u70b9\u78c1\u76d8\u6bcf\u79d2\u8bfb\u53d6\u6570\u636e\u91cf Byte/s node_disk_write_throughput \u8282\u70b9\u78c1\u76d8\u6bcf\u79d2\u5199\u5165\u6570\u636e\u91cf Byte/s node_disk_size_capacity \u8282\u70b9\u78c1\u76d8\u603b\u5bb9\u91cf Byte node_disk_size_available \u8282\u70b9\u78c1\u76d8\u53ef\u7528\u5927\u5c0f Byte node_disk_size_usage \u8282\u70b9\u78c1\u76d8\u4f7f\u7528\u91cf Byte node_disk_size_utilization \u8282\u70b9\u78c1\u76d8\u4f7f\u7528\u7387"},{"location":"admin/insight/reference/used-metric-in-insight.html#workload","title":"\u5de5\u4f5c\u8d1f\u8f7d\uff08Workload\uff09","text":"\u76ee\u524d\u652f\u6301\u7684\u5de5\u4f5c\u8d1f\u8f7d\u7c7b\u578b\u5305\u62ec\uff1aDeployment\u3001StatefulSet\u3001DaemonSet\u3001Job \u548c CronJob\u3002
\u6307\u6807\u540d \u4e2d\u6587\u63cf\u8ff0 \u5355\u4f4d workload_cpu_usage \u5de5\u4f5c\u8d1f\u8f7d CPU \u7528\u91cf Core workload_cpu_limits \u5de5\u4f5c\u8d1f\u8f7d CPU \u9650\u5236\u91cf Core workload_cpu_requests \u5de5\u4f5c\u8d1f\u8f7d CPU \u8bf7\u6c42\u91cf Core workload_cpu_utilization \u5de5\u4f5c\u8d1f\u8f7d CPU \u4f7f\u7528\u7387 workload_memory_usage \u5de5\u4f5c\u8d1f\u8f7d\u5185\u5b58\u4f7f\u7528\u91cf Byte workload_memory_limits \u5de5\u4f5c\u8d1f\u8f7d \u5185\u5b58 \u9650\u5236\u91cf Byte workload_memory_requests \u5de5\u4f5c\u8d1f\u8f7d \u5185\u5b58 \u8bf7\u6c42\u91cf Byte workload_memory_utilization \u5de5\u4f5c\u8d1f\u8f7d\u5185\u5b58\u4f7f\u7528\u7387 workload_memory_usage_cached \u5de5\u4f5c\u8d1f\u8f7d\u5185\u5b58\u4f7f\u7528\u91cf\uff08\u5305\u542b\u7f13\u5b58\uff09 Byte workload_net_bytes_transmitted \u5de5\u4f5c\u8d1f\u8f7d\u7f51\u7edc\u6570\u636e\u53d1\u9001\u901f\u7387 Byte/s workload_net_bytes_received \u5de5\u4f5c\u8d1f\u8f7d\u7f51\u7edc\u6570\u636e\u63a5\u53d7\u901f\u7387 Byte/s workload_disk_read_throughput \u5de5\u4f5c\u8d1f\u8f7d\u78c1\u76d8\u6bcf\u79d2\u8bfb\u53d6\u6570\u636e\u91cf Byte/s workload_disk_write_throughput \u5de5\u4f5c\u8d1f\u8f7d\u78c1\u76d8\u6bcf\u79d2\u5199\u5165\u6570\u636e\u91cf Byte/sworkload_cpu_usage{workload_type=\"deployment\", workload=\"prometheus\"}
\u7684\u65b9\u5f0f\u83b7\u53d6\u6307\u6807workload_pod_utilization
\u8ba1\u7b97\u89c4\u5219\uff1a workload_pod_usage / workload_pod_request
\u901a\u8fc7 pod_cpu_usage{workload_type=\"deployment\", workload=\"prometheus\"}
\u83b7\u53d6\u540d\u4e3a prometheus \u7684 Deployment \u6240\u62e5\u6709\u7684\u6240\u6709 Pod \u7684 CPU \u4f7f\u7528\u7387\u3002
\u53ef\u89c2\u6d4b\u6027\u4f1a\u9ed8\u8ba4\u6301\u4e45\u5316\u4fdd\u5b58\u6307\u6807\u3001\u65e5\u5fd7\u3001\u94fe\u8def\u7684\u6570\u636e\uff0c\u60a8\u53ef\u53c2\u9605\u672c\u6587\u4fee\u6539\u7cfb\u7edf\u914d\u7f6e\u3002\u8be5\u6587\u6863\u4ec5\u9002\u7528\u4e8e\u5185\u7f6e\u90e8\u7f72\u7684 Elasticsearch\uff0c\u82e5\u4f7f\u7528\u5916\u90e8 Elasticsearch \u53ef\u81ea\u884c\u8c03\u6574\u3002
"},{"location":"admin/insight/system-config/modify-config.html#_2","title":"\u5982\u4f55\u4fee\u6539\u6307\u6807\u6570\u636e\u4fdd\u7559\u671f\u9650","text":"\u5148 ssh \u767b\u5f55\u5230\u5bf9\u5e94\u7684\u8282\u70b9\uff0c\u53c2\u8003\u4ee5\u4e0b\u6b65\u9aa4\u4fee\u6539\u6307\u6807\u6570\u636e\u4fdd\u7559\u671f\u9650\u3002
\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a
kubectl edit vmcluster insight-victoria-metrics-k8s-stack -n insight-system\n
\u5728 Yaml \u6587\u4ef6\u4e2d\uff0c retentionPeriod \u7684\u9ed8\u8ba4\u503c\u4e3a 14 \uff0c\u5355\u4f4d\u4e3a \u5929 \u3002\u60a8\u53ef\u6839\u636e\u9700\u6c42\u4fee\u6539\u53c2\u6570\u3002
apiVersion: operator.victoriametrics.com/v1beta1\nkind: VMCluster\nmetadata:\n annotations:\n meta.helm.sh/release-name: insight\n meta.helm.sh/release-namespace: insight-system\n creationTimestamp: \"2022-08-25T04:31:02Z\"\n finalizers:\n - apps.victoriametrics.com/finalizer\n generation: 2\n labels:\n app.kubernetes.io/instance: insight\n app.kubernetes.io/managed-by: Helm\n app.kubernetes.io/name: victoria-metrics-k8s-stack\n app.kubernetes.io/version: 1.77.2\n helm.sh/chart: victoria-metrics-k8s-stack-0.9.3\n name: insight-victoria-metrics-k8s-stack\n namespace: insight-system\n resourceVersion: \"123007381\"\n uid: 55cee8d6-c651-404b-b2c9-50603b405b54\nspec:\n replicationFactor: 1\n retentionPeriod: \"14\"\n vminsert:\n extraArgs:\n maxLabelsPerTimeseries: \"45\"\n image:\n repository: docker.m.daocloud.io/victoriametrics/vminsert\n tag: v1.80.0-cluster\n replicaCount: 1\n
\u4fdd\u5b58\u4fee\u6539\u540e\uff0c\u8d1f\u8d23\u5b58\u50a8\u6307\u6807\u7684\u7ec4\u4ef6\u7684\u5bb9\u5668\u7ec4\u4f1a\u81ea\u52a8\u91cd\u542f\uff0c\u7a0d\u7b49\u7247\u523b\u5373\u53ef\u3002
\u5148 ssh \u767b\u5f55\u5230\u5bf9\u5e94\u7684\u8282\u70b9\uff0c\u53c2\u8003\u4ee5\u4e0b\u6b65\u9aa4\u4fee\u6539\u65e5\u5fd7\u6570\u636e\u4fdd\u7559\u671f\u9650\uff1a
"},{"location":"admin/insight/system-config/modify-config.html#json","title":"\u65b9\u6cd5\u4e00\uff1a\u4fee\u6539 Json \u6587\u4ef6","text":"\u4fee\u6539\u4ee5\u4e0b\u6587\u4ef6\u4e2d rollover \u5b57\u6bb5\u4e2d\u7684 max_age \u53c2\u6570\uff0c\u5e76\u8bbe\u7f6e\u4fdd\u7559\u671f\u9650\uff0c\u9ed8\u8ba4\u5b58\u50a8\u65f6\u957f\u4e3a 7d \u3002\u6ce8\u610f\u9700\u8981\u4fee\u6539\u7b2c\u4e00\u884c\u4e2d\u7684 Elastic \u7528\u6237\u540d\u548c\u5bc6\u7801\u3001IP \u5730\u5740\u548c\u7d22\u5f15\u3002
curl --insecure --location -u\"elastic:amyVt4o826e322TUVi13Ezw6\" -X PUT \"https://172.30.47.112:30468/_ilm/policy/insight-es-k8s-logs-policy?pretty\" -H 'Content-Type: application/json' -d'\n{\n \"policy\": {\n \"phases\": {\n \"hot\": {\n \"min_age\": \"0ms\",\n \"actions\": {\n \"set_priority\": {\n \"priority\": 100\n },\n \"rollover\": {\n \"max_age\": \"8d\",\n \"max_size\": \"10gb\"\n }\n }\n },\n \"warm\": {\n \"min_age\": \"10d\",\n \"actions\": {\n \"forcemerge\": {\n \"max_num_segments\": 1\n }\n }\n },\n \"delete\": {\n \"min_age\": \"30d\",\n \"actions\": {\n \"delete\": {}\n }\n }\n }\n }\n}'\n
\u4fee\u6539\u5b8c\u540e\uff0c\u6267\u884c\u4ee5\u4e0a\u547d\u4ee4\u3002\u5b83\u4f1a\u6253\u5370\u51fa\u5982\u4e0b\u6240\u793a\u5185\u5bb9\uff0c\u5219\u4fee\u6539\u6210\u529f\u3002
{\n\"acknowledged\" : true\n}\n
\u767b\u5f55 kibana \uff0c\u9009\u62e9\u5de6\u4fa7\u5bfc\u822a\u680f Stack Management \u3002
\u9009\u62e9\u5de6\u4fa7\u5bfc\u822a Index Lifecycle Polices \uff0c\u5e76\u627e\u5230\u7d22\u5f15 insight-es-k8s-logs-policy \uff0c\u70b9\u51fb\u8fdb\u5165\u8be6\u60c5\u3002
\u5c55\u5f00 Hot phase \u914d\u7f6e\u9762\u677f\uff0c\u4fee\u6539 Maximum age \u53c2\u6570\uff0c\u5e76\u8bbe\u7f6e\u4fdd\u7559\u671f\u9650\uff0c\u9ed8\u8ba4\u5b58\u50a8\u65f6\u957f\u4e3a 7d \u3002
\u4fee\u6539\u5b8c\u540e\uff0c\u70b9\u51fb\u9875\u9762\u5e95\u90e8\u7684 Save policy \u5373\u4fee\u6539\u6210\u529f\u3002
\u5148 ssh \u767b\u5f55\u5230\u5bf9\u5e94\u7684\u8282\u70b9\uff0c\u53c2\u8003\u4ee5\u4e0b\u6b65\u9aa4\u4fee\u6539\u94fe\u8def\u6570\u636e\u4fdd\u7559\u671f\u9650\uff1a
"},{"location":"admin/insight/system-config/modify-config.html#json_1","title":"\u65b9\u6cd5\u4e00\uff1a\u4fee\u6539 Json \u6587\u4ef6","text":"\u4fee\u6539\u4ee5\u4e0b\u6587\u4ef6\u4e2d rollover \u5b57\u6bb5\u4e2d\u7684 max_age \u53c2\u6570\uff0c\u5e76\u8bbe\u7f6e\u4fdd\u7559\u671f\u9650\uff0c\u9ed8\u8ba4\u5b58\u50a8\u65f6\u957f\u4e3a 7d \u3002\u6ce8\u610f\u9700\u8981\u4fee\u6539\u7b2c\u4e00\u884c\u4e2d\u7684 Elastic \u7528\u6237\u540d\u548c\u5bc6\u7801\u3001IP \u5730\u5740\u548c\u7d22\u5f15\u3002
curl --insecure --location -u\"elastic:amyVt4o826e322TUVi13Ezw6\" -X PUT \"https://172.30.47.112:30468/_ilm/policy/jaeger-ilm-policy?pretty\" -H 'Content-Type: application/json' -d'\n{\n \"policy\": {\n \"phases\": {\n \"hot\": {\n \"min_age\": \"0ms\",\n \"actions\": {\n \"set_priority\": {\n \"priority\": 100\n },\n \"rollover\": {\n \"max_age\": \"6d\",\n \"max_size\": \"10gb\"\n }\n }\n },\n \"warm\": {\n \"min_age\": \"10d\",\n \"actions\": {\n \"forcemerge\": {\n \"max_num_segments\": 1\n }\n }\n },\n \"delete\": {\n \"min_age\": \"30d\",\n \"actions\": {\n \"delete\": {}\n }\n }\n }\n }\n}'\n
\u4fee\u6539\u5b8c\u540e\uff0c\u5728\u63a7\u5236\u53f0\u6267\u884c\u4ee5\u4e0a\u547d\u4ee4\u3002\u5b83\u4f1a\u6253\u5370\u51fa\u5982\u4e0b\u6240\u793a\u5185\u5bb9\uff0c\u5219\u4fee\u6539\u6210\u529f\u3002
{\n\"acknowledged\" : true\n}\n
\u767b\u5f55 kibana \uff0c\u9009\u62e9\u5de6\u4fa7\u5bfc\u822a\u680f Stack Management \u3002
\u9009\u62e9\u5de6\u4fa7\u5bfc\u822a Index Lifecycle Polices \uff0c\u5e76\u627e\u5230\u7d22\u5f15 jaeger-ilm-policy \uff0c\u70b9\u51fb\u8fdb\u5165\u8be6\u60c5\u3002
\u5c55\u5f00 Hot phase \u914d\u7f6e\u9762\u677f\uff0c\u4fee\u6539 Maximum age \u53c2\u6570\uff0c\u5e76\u8bbe\u7f6e\u4fdd\u7559\u671f\u9650\uff0c\u9ed8\u8ba4\u5b58\u50a8\u65f6\u957f\u4e3a 7d \u3002
\u4fee\u6539\u5b8c\u540e\uff0c\u70b9\u51fb\u9875\u9762\u5e95\u90e8\u7684 Save policy \u5373\u4fee\u6539\u6210\u529f\u3002
\u5728\u7cfb\u7edf\u7ec4\u4ef6\u9875\u9762\u53ef\u5feb\u901f\u7684\u67e5\u770b\u53ef\u89c2\u6d4b\u6027\u6a21\u5757\u4e2d\u7cfb\u7edf\u7ec4\u4ef6\u7684\u8fd0\u884c\u72b6\u6001\uff0c\u5f53\u7cfb\u7528\u7ec4\u4ef6\u53d1\u751f\u6545\u969c\u65f6\uff0c\u4f1a\u5bfc\u81f4\u53ef\u89c2\u6d4b\u6a21\u5757\u4e2d\u7684\u90e8\u5206\u529f\u80fd\u4e0d\u53ef\u7528\u3002
\u5728\u5de6\u8fb9\u5bfc\u822a\u680f\u9009\u62e9 \u7cfb\u7edf\u7ba1\u7406 -> \u7cfb\u7edf\u7ec4\u4ef6 \u3002
Note
\u82e5\u4f7f\u7528\u5916\u90e8 Elasticsearch \u53ef\u80fd\u65e0\u6cd5\u83b7\u53d6\u90e8\u5206\u6570\u636e\u4ee5\u81f4\u4e8e Elasticsearch \u7684\u4fe1\u606f\u4e3a\u7a7a\u3002
"},{"location":"admin/insight/system-config/system-config.html","title":"\u7cfb\u7edf\u914d\u7f6e","text":"\u7cfb\u7edf\u914d\u7f6e \u5c55\u793a\u6307\u6807\u3001\u65e5\u5fd7\u3001\u94fe\u8def\u9ed8\u8ba4\u7684\u4fdd\u5b58\u65f6\u957f\u4ee5\u53ca\u9ed8\u8ba4\u7684 Apdex \u9608\u503c\u3002
\u70b9\u51fb\u53f3\u4fa7\u5bfc\u822a\u680f\uff0c\u9009\u62e9 \u7cfb\u7edf\u914d\u7f6e\u3002
\u4fee\u6539\u5386\u53f2\u544a\u8b66\u5b58\u50a8\u65f6\u957f\uff0c\u70b9\u51fb \u7f16\u8f91 \u8f93\u5165\u76ee\u6807\u65f6\u957f\u3002
\u5f53\u5b58\u50a8\u65f6\u957f\u8bbe\u7f6e\u4e3a \"0\" \u5c06\u4e0d\u6e05\u9664\u5386\u53f2\u544a\u8b66\u3002
\u4fee\u6539\u62d3\u6251\u56fe\u6e32\u67d3\u9ed8\u8ba4\u914d\u7f6e\uff0c\u70b9\u51fb \u7f16\u8f91 \u6839\u636e\u9700\u6c42\u5b9a\u4e49\u7cfb\u7edf\u4e2d\u62d3\u6251\u56fe\u9608\u503c\u3002
\u9608\u503c\u8bbe\u7f6e\u5fc5\u987b\u5927\u4e8e 0\uff0c\u524d\u9762\u586b\u5199\u7684\u9608\u503c\u5fc5\u987b\u5c0f\u4e8e\u540e\u9762\u586b\u5199\u7684\u3002\u4e14\u586b\u5199\u7684\u9608\u503c\u5fc5\u987b\u5728\u6700\u5927\u548c\u6700\u5c0f\u7684\u8303\u56f4\u4e4b\u95f4\u3002
Note
\u4fee\u6539\u5176\u4ed6\u914d\u7f6e\uff0c\u8bf7\u70b9\u51fb\u67e5\u770b\u5982\u4f55\u4fee\u6539\u7cfb\u7edf\u914d\u7f6e\uff1f
"},{"location":"admin/insight/trace/service.html","title":"\u670d\u52a1\u76d1\u63a7","text":"\u5728 \u53ef\u89c2\u6d4b\u6027 Insight \u4e2d\u670d\u52a1\u662f\u6307\u4f7f\u7528 Opentelemtry SDK \u63a5\u5165\u94fe\u8def\u6570\u636e\uff0c\u670d\u52a1\u76d1\u63a7\u80fd\u591f\u8f85\u52a9\u8fd0\u7ef4\u8fc7\u7a0b\u4e2d\u89c2\u5bdf\u5e94\u7528\u7a0b\u5e8f\u7684\u6027\u80fd\u548c\u72b6\u6001\u3002
\u5982\u4f55\u4f7f\u7528 OpenTelemetry \u8bf7\u53c2\u8003\u4f7f\u7528 OTel \u8d4b\u4e88\u5e94\u7528\u53ef\u89c2\u6d4b\u6027\u3002
"},{"location":"admin/insight/trace/service.html#_2","title":"\u540d\u8bcd\u89e3\u91ca","text":"\u670d\u52a1\u5217\u8868\u9875\u9762\u5c55\u793a\u4e86\u96c6\u7fa4\u4e2d\u6240\u6709\u5df2\u63a5\u5165\u94fe\u8def\u6570\u636e\u7684\u670d\u52a1\u7684\u541e\u5410\u7387\u3001\u9519\u8bef\u7387\u3001\u8bf7\u6c42\u5ef6\u65f6\u7b49\u5173\u952e\u6307\u6807\u3002 \u60a8\u53ef\u4ee5\u6839\u636e\u96c6\u7fa4\u3001\u547d\u540d\u7a7a\u95f4\u5bf9\u670d\u52a1\u8fdb\u884c\u8fc7\u6ee4\uff0c\u4e5f\u53ef\u4ee5\u6309\u7167\u541e\u5410\u7387\u3001\u9519\u8bef\u7387\u3001\u8bf7\u6c42\u5ef6\u65f6\u5bf9\u8be5\u5217\u8868\u8fdb\u884c\u6392\u5e8f\u3002\u5217\u8868\u4e2d\u7684\u6307\u6807\u6570\u636e\u9ed8\u8ba4\u65f6\u95f4\u4e3a 1 \u5c0f\u65f6\uff0c\u60a8\u53ef\u4ee5\u81ea\u5b9a\u4e49\u65f6\u95f4\u8303\u56f4\u3002
\u8bf7\u6309\u7167\u4ee5\u4e0b\u6b65\u9aa4\u67e5\u770b\u670d\u52a1\u76d1\u63a7\u6307\u6807\uff1a
\u8fdb\u5165 \u53ef\u89c2\u6d4b\u6027 \u4ea7\u54c1\u6a21\u5757\u3002
\u5728\u5de6\u8fb9\u5bfc\u822a\u680f\u9009\u62e9 \u94fe\u8def\u8ffd\u8e2a -> \u670d\u52a1 \u3002
Attention
\u70b9\u51fb\u670d\u52a1\u540d (\u4ee5 insight-server \u4e3a\u4f8b)\uff0c\u70b9\u51fb\u8fdb\u5165\u670d\u52a1\u8be6\u60c5\u9875\uff0c\u67e5\u770b\u670d\u52a1\u7684\u8be6\u7ec6\u6307\u6807\u548c\u8be5\u670d\u52a1\u7684\u64cd\u4f5c\u6307\u6807\u3002
\u70b9\u51fb Tab \u5207\u6362\u5230 \u64cd\u4f5c\u6307\u6807 \uff0c\u53ef\u67e5\u8be2\u591a\u9009\u670d\u52a1\u76f8\u540c\u64cd\u4f5c\u7684\u805a\u5408\u8d77\u6765\u7684\u6d41\u91cf\u6307\u6807\u3002
\u670d\u52a1\u62d3\u6251\u56fe\u662f\u5bf9\u670d\u52a1\u4e4b\u95f4\u8fde\u63a5\u3001\u901a\u4fe1\u548c\u4f9d\u8d56\u5173\u7cfb\u7684\u53ef\u89c6\u5316\u8868\u793a\u3002\u901a\u8fc7\u53ef\u89c6\u5316\u62d3\u6251\u4e86\u89e3\u670d\u52a1\u95f4\u7684\u8c03\u7528\u5173\u7cfb\uff0c \u67e5\u770b\u670d\u52a1\u5728\u6307\u5b9a\u65f6\u95f4\u5185\u7684\u8c03\u7528\u53ca\u5176\u6027\u80fd\u72b6\u51b5\u3002\u62d3\u6251\u56fe\u7684\u8282\u70b9\u4e4b\u95f4\u7684\u8054\u7cfb\u4ee3\u8868\u4e24\u4e2a\u670d\u52a1\u5728\u67e5\u8be2\u65f6\u95f4\u8303\u56f4\u5185\u670d\u52a1\u4e4b\u95f4\u7684\u5b58\u5728\u8c03\u7528\u5173\u7cfb\u3002
"},{"location":"admin/insight/trace/topology.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u5728\u62d3\u6251\u56fe\u4e2d\uff0c\u60a8\u53ef\u6309\u9700\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\uff1a
\u70b9\u51fb\u53f3\u4e0b\u89d2 \u56fe\u4f8b \uff0c\u53ef\u901a\u8fc7 \u4e34\u65f6\u914d\u7f6e \u4fee\u6539\u5f53\u524d\u7684\u62d3\u6251\u56fe\u5b9a\u4e49\u7684\u6e32\u67d3\u9608\u503c\uff0c\u8df3\u51fa\u6216\u5173\u95ed\u8be5\u9875\u9762\u5373\u4f1a\u4e22\u5931\u8be5\u914d\u7f6e\u3002
\u9608\u503c\u8bbe\u7f6e\u5fc5\u987b\u5927\u4e8e 0\uff0c\u524d\u9762\u586b\u5199\u7684\u9608\u503c\u5fc5\u987b\u5c0f\u4e8e\u540e\u9762\u586b\u5199\u7684\u3002\u4e14\u586b\u5199\u7684\u9608\u503c\u5fc5\u987b\u5728\u6700\u5927\u548c\u6700\u5c0f\u7684\u8303\u56f4\u4e4b\u95f4\u3002
\u5728\u670d\u52a1\u62d3\u6251\u4e2d\u4f1a\u5b58\u5728\u6e38\u79bb\u5728\u96c6\u7fa4\u4e4b\u5916\u7684\u8282\u70b9\uff0c\u8fd9\u4e9b\u6e38\u79bb\u5728\u5916\u7684\u8282\u70b9\u53ef\u5206\u6210\u4e09\u7c7b\uff1a
\u865a\u62df\u8282\u70b9
\u82e5\u670d\u52a1\u53d1\u8d77\u8bf7\u6c42\u5230\u6570\u636e\u5e93
\u6216\u6d88\u606f\u961f\u5217
\u65f6\uff0c\u62d3\u6251\u56fe\u4e2d\u4f1a\u9ed8\u8ba4\u5c55\u793a\u8fd9\u4e24\u7c7b\u8282\u70b9\u3002 \u800c\u865a\u62df\u670d\u52a1
\u8868\u793a\u96c6\u7fa4\u5185\u670d\u52a1\u8bf7\u6c42\u4e86\u96c6\u7fa4\u5916\u7684\u8282\u70b9\u6216\u8005\u672a\u63a5\u5165\u94fe\u8def\u7684\u670d\u52a1\uff0c\u62d3\u6251\u56fe\u4e2d\u9ed8\u8ba4\u4e0d\u4f1a\u5c55\u793a \u865a\u62df\u670d\u52a1
\u3002
\u5f53\u670d\u52a1\u8bf7\u6c42\u5230 MySQL\u3001PostgreSQL\u3001Oracle Database \u8fd9\u4e09\u79cd\u6570\u636e\u5e93\u65f6\uff0c\u5728\u62d3\u6251\u56fe\u4e2d\u53ef\u4ee5\u770b\u5230\u8bf7\u6c42\u7684\u8be6\u7ec6\u6570\u636e\u5e93\u7c7b\u578b\u3002
\u66f4\u65b0 insight-server chart \u7684 values\uff0c\u627e\u5230\u4e0b\u56fe\u6240\u793a\u53c2\u6570\uff0c\u5c06 false
\u6539\u4e3a true
\u3002
\u5728\u670d\u52a1\u62d3\u6251\u7684\u663e\u793a\u8bbe\u7f6e\u4e2d\u52fe\u9009 \u865a\u62df\u670d\u52a1 \u3002
\u5728\u94fe\u8def\u67e5\u8be2\u9875\u9762\uff0c\u60a8\u53ef\u4ee5\u8fc7 TraceID \u6216\u7cbe\u786e\u67e5\u8be2\u8c03\u7528\u94fe\u8def\u8be6\u7ec6\u60c5\u51b5\u6216\u7ed3\u5408\u591a\u79cd\u6761\u4ef6\u7b5b\u9009\u67e5\u8be2\u8c03\u7528\u94fe\u8def\u3002
"},{"location":"admin/insight/trace/trace.html#_2","title":"\u540d\u8bcd\u89e3\u91ca","text":"\u8bf7\u6309\u7167\u4ee5\u4e0b\u6b65\u9aa4\u67e5\u8be2\u94fe\u8def\uff1a
\u5728\u5de6\u8fb9\u5bfc\u822a\u680f\u9009\u62e9 \u94fe\u8def\u8ffd\u8e2a -> \u8c03\u7528\u94fe\u3002
Note
\u5217\u8868\u4e2d\u652f\u6301\u5bf9 Span \u6570\u3001\u5ef6\u65f6\u3001\u53d1\u751f\u65f6\u95f4\u8fdb\u884c\u6392\u5e8f\u3002
\u70b9\u51fb\u7b5b\u9009\u680f\u4e2d\u7684 TraceID \u641c\u7d22 \u5207\u6362\u4f7f\u7528 TraceID \u641c\u7d22\u94fe\u8def\u3002
\u4f7f\u7528 TraceID \u641c\u7d22\u8bf7\u8f93\u5165\u5b8c\u6574\u7684 TraceID\u3002
\u70b9\u51fb\u94fe\u8def\u5217\u8868\u4e2d\u7684\u67d0\u4e00\u94fe\u8def\u7684 TraceID\uff0c\u53ef\u67e5\u770b\u8be5\u94fe\u8def\u7684\u8be6\u60c5\u8c03\u7528\u60c5\u51b5\u3002
\u70b9\u51fb\u94fe\u8def\u6570\u636e\u53f3\u4fa7\u7684\u56fe\u6807\uff0c\u53ef\u67e5\u8be2\u8be5\u94fe\u8def\u7684\u5173\u8054\u65e5\u5fd7\u3002
\u70b9\u51fb \u67e5\u770b\u66f4\u591a \u540e\u53ef\u5e26\u6761\u4ef6\u8df3\u8f6c\u5230 \u65e5\u5fd7\u67e5\u8be2 \u7684\u9875\u9762\u3002
\u9ed8\u8ba4\u641c\u7d22\u5168\u90e8\u65e5\u5fd7\uff0c\u4f46\u53ef\u4e0b\u62c9\u6839\u636e\u94fe\u8def\u7684 TraceID \u6216\u94fe\u8def\u8c03\u7528\u8fc7\u7a0b\u4e2d\u76f8\u5173\u7684\u5bb9\u5668\u65e5\u5fd7\u8fdb\u884c\u8fc7\u6ee4\u3002
Note
\u7531\u4e8e\u94fe\u8def\u4f1a\u8de8\u96c6\u7fa4\u6216\u8de8\u547d\u540d\u7a7a\u95f4\uff0c\u82e5\u7528\u6237\u6743\u9650\u4e0d\u8db3\uff0c\u5219\u65e0\u6cd5\u67e5\u8be2\u8be5\u94fe\u8def\u7684\u5173\u8054\u65e5\u5fd7\u3002
\u5982\u679c\u8282\u70b9\u4e0d\u591f\u7528\u4e86\uff0c\u53ef\u4ee5\u6dfb\u52a0\u66f4\u591a\u8282\u70b9\u5230\u96c6\u7fa4\u4e2d\u3002
"},{"location":"admin/k8s/add-node.html#_2","title":"\u524d\u7f6e\u6761\u4ef6","text":"\u5bfc\u822a\u81f3 \u5bb9\u5668\u7ba1\u7406 -> \u96c6\u7fa4\u5217\u8868 \uff0c\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0
\u8fdb\u5165\u96c6\u7fa4\u6982\u89c8\u9875\uff0c\u70b9\u51fb \u8282\u70b9\u7ba1\u7406 \uff0c\u70b9\u51fb\u53f3\u4fa7\u7684 \u63a5\u5165\u8282\u70b9 \u6309\u94ae
\u6309\u7167\u5411\u5bfc\uff0c\u586b\u5199\u5404\u9879\u53c2\u6570\u540e\u70b9\u51fb \u786e\u5b9a
\u57fa\u672c\u4fe1\u606f\u53c2\u6570\u914d\u7f6e\u5728\u5f39\u7a97\u4e2d\u70b9\u51fb \u786e\u5b9a
\u8fd4\u56de\u8282\u70b9\u5217\u8868\uff0c\u65b0\u63a5\u5165\u7684\u8282\u70b9\u72b6\u6001\u4e3a \u63a5\u5165\u4e2d \uff0c\u7b49\u5f85\u51e0\u5206\u949f\u540e\u72b6\u6001\u53d8\u4e3a \u5065\u5eb7 \u5219\u8868\u793a\u63a5\u5165\u6210\u529f\u3002
Tip
\u5bf9\u4e8e\u521a\u63a5\u5165\u6210\u529f\u7684\u8282\u70b9\uff0c\u53ef\u80fd\u8fd8\u8981\u7b49 2-3 \u5206\u949f\u624d\u80fd\u8bc6\u522b\u51fa GPU\u3002
"},{"location":"admin/k8s/create-k8s.html","title":"\u521b\u5efa\u4e91\u4e0a Kubernetes \u96c6\u7fa4","text":"\u90e8\u7f72 Kubernetes \u96c6\u7fa4\u662f\u4e3a\u4e86\u652f\u6301\u9ad8\u6548\u7684 AI \u7b97\u529b\u8c03\u5ea6\u548c\u7ba1\u7406\uff0c\u5b9e\u73b0\u5f39\u6027\u4f38\u7f29\uff0c\u63d0\u4f9b\u9ad8\u53ef\u7528\u6027\uff0c\u4ece\u800c\u4f18\u5316\u6a21\u578b\u8bad\u7ec3\u548c\u63a8\u7406\u8fc7\u7a0b\u3002
"},{"location":"admin/k8s/create-k8s.html#_1","title":"\u524d\u7f6e\u6761\u4ef6","text":"\u521b\u5efa\u5e76\u542f\u52a8 3 \u53f0\u4e0d\u5e26 GPU \u7684\u4e91\u4e3b\u673a\u7528\u4f5c\u96c6\u7fa4\u7684 Master \u8282\u70b9
\u5bfc\u822a\u81f3 \u5bb9\u5668\u7ba1\u7406 -> \u96c6\u7fa4\u5217\u8868 \uff0c\u70b9\u51fb\u53f3\u4fa7\u7684 \u521b\u5efa\u96c6\u7fa4 \u6309\u94ae
\u6309\u7167\u5411\u5bfc\uff0c\u914d\u7f6e\u96c6\u7fa4\u7684\u5404\u9879\u53c2\u6570
\u57fa\u672c\u4fe1\u606f\u8282\u70b9\u914d\u7f6e\u7f51\u7edc\u914d\u7f6eAddon \u914d\u7f6e\u9ad8\u7ea7\u914d\u7f6e\u914d\u7f6e\u5b8c\u8282\u70b9\u4fe1\u606f\u540e\uff0c\u70b9\u51fb \u5f00\u59cb\u68c0\u67e5 \uff0c
\u6bcf\u4e2a\u8282\u70b9\u9ed8\u8ba4\u53ef\u8fd0\u884c 110 \u4e2a Pod\uff08\u5bb9\u5668\u7ec4\uff09\uff0c\u5982\u679c\u8282\u70b9\u914d\u7f6e\u6bd4\u8f83\u9ad8\uff0c\u53ef\u4ee5\u8c03\u6574\u5230 200 \u6216 300 \u4e2a Pod\u3002
\u7b49\u5f85\u96c6\u7fa4\u521b\u5efa\u5b8c\u6210\u3002
\u5728\u96c6\u7fa4\u5217\u8868\u4e2d\uff0c\u627e\u5230\u521a\u521b\u5efa\u7684\u96c6\u7fa4\uff0c\u70b9\u51fb\u96c6\u7fa4\u540d\u79f0\uff0c\u5bfc\u822a\u5230 Helm \u5e94\u7528 -> Helm \u6a21\u677f \uff0c\u5728\u641c\u7d22\u6846\u5185\u641c\u7d22 metax-gpu-extensions\uff0c\u70b9\u51fb\u5361\u7247
\u70b9\u51fb\u53f3\u4fa7\u7684 \u5b89\u88c5 \u6309\u94ae\uff0c\u5f00\u59cb\u5b89\u88c5 GPU \u63d2\u4ef6
\u5e94\u7528\u8bbe\u7f6eKubernetes \u7f16\u6392\u786e\u8ba4\u8f93\u5165\u540d\u79f0\uff0c\u9009\u62e9\u547d\u540d\u7a7a\u95f4\uff0c\u5728 YAMl \u4e2d\u4fee\u6539\u955c\u50cf\u5730\u5740\uff1a
\u81ea\u52a8\u8fd4\u56de Helm \u5e94\u7528\u5217\u8868\uff0c\u7b49\u5f85 metax-gpu-extensions \u72b6\u6001\u53d8\u4e3a \u5df2\u90e8\u7f72
\u5230\u6b64\u96c6\u7fa4\u521b\u5efa\u6210\u529f\uff0c\u53ef\u4ee5\u53bb\u67e5\u770b\u96c6\u7fa4\u6240\u5305\u542b\u7684\u8282\u70b9\u3002\u4f60\u53ef\u4ee5\u53bb\u521b\u5efa AI \u5de5\u4f5c\u8d1f\u8f7d\u5e76\u4f7f\u7528 GPU \u4e86\u3002
\u4e0b\u4e00\u6b65\uff1a\u521b\u5efa AI \u5de5\u4f5c\u8d1f\u8f7d
"},{"location":"admin/k8s/remove-node.html","title":"\u79fb\u9664 GPU \u5de5\u4f5c\u8282\u70b9","text":"GPU \u8d44\u6e90\u7684\u6210\u672c\u76f8\u5bf9\u8f83\u9ad8\uff0c\u5982\u679c\u6682\u65f6\u7528\u4e0d\u5230 GPU\uff0c\u53ef\u4ee5\u5c06\u5e26 GPU \u7684\u5de5\u4f5c\u8282\u70b9\u79fb\u9664\u3002 \u4ee5\u4e0b\u6b65\u9aa4\u4e5f\u540c\u6837\u9002\u7528\u4e8e\u79fb\u9664\u666e\u901a\u5de5\u4f5c\u8282\u70b9\u3002
"},{"location":"admin/k8s/remove-node.html#_1","title":"\u524d\u7f6e\u6761\u4ef6","text":"\u5bfc\u822a\u81f3 \u5bb9\u5668\u7ba1\u7406 -> \u96c6\u7fa4\u5217\u8868 \uff0c\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0
\u8fdb\u5165\u96c6\u7fa4\u6982\u89c8\u9875\uff0c\u70b9\u51fb \u8282\u70b9\u7ba1\u7406 \uff0c\u627e\u5230\u8981\u79fb\u9664\u7684\u8282\u70b9\uff0c\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507 \uff0c\u5728\u5f39\u51fa\u83dc\u5355\u4e2d\u9009\u62e9 \u79fb\u9664\u8282\u70b9
\u5728\u5f39\u6846\u4e2d\u8f93\u5165\u8282\u70b9\u540d\u79f0\uff0c\u786e\u8ba4\u65e0\u8bef\u540e\u70b9\u51fb \u5220\u9664
\u81ea\u52a8\u8fd4\u56de\u8282\u70b9\u5217\u8868\uff0c\u72b6\u6001\u4e3a \u79fb\u9664\u4e2d \uff0c\u51e0\u5206\u949f\u540e\u5237\u65b0\u9875\u9762\uff0c\u8282\u70b9\u4e0d\u5728\u4e86\uff0c\u8bf4\u660e\u8282\u70b9\u88ab\u6210\u529f\u79fb\u9664
\u4ece UI \u5217\u8868\u79fb\u9664\u8282\u70b9\u540e\uff0c\u901a\u8fc7 SSH \u767b\u5f55\u5230\u5df2\u79fb\u9664\u7684\u8282\u70b9\u4e3b\u673a\uff0c\u6267\u884c\u5173\u673a\u547d\u4ee4\u3002
Tip
\u5728 UI \u4e0a\u79fb\u9664\u8282\u70b9\u5e76\u5c06\u5176\u5173\u673a\u540e\uff0c\u8282\u70b9\u4e0a\u7684\u6570\u636e\u5e76\u672a\u88ab\u7acb\u5373\u5220\u9664\uff0c\u8282\u70b9\u6570\u636e\u4f1a\u88ab\u4fdd\u7559\u4e00\u6bb5\u65f6\u95f4\u3002
"},{"location":"admin/kpanda/backup/index.html","title":"\u5907\u4efd\u6062\u590d","text":"\u5907\u4efd\u6062\u590d\u5206\u4e3a\u5907\u4efd\u548c\u6062\u590d\u4e24\u65b9\u9762\uff0c\u5b9e\u9645\u5e94\u7528\u65f6\u9700\u8981\u5148\u5907\u4efd\u7cfb\u7edf\u5728\u67d0\u4e00\u65f6\u70b9\u7684\u6570\u636e\uff0c\u7136\u540e\u5b89\u5168\u5b58\u50a8\u5730\u5907\u4efd\u6570\u636e\u3002\u540e\u7eed\u5982\u679c\u51fa\u73b0\u6570\u636e\u635f\u574f\u3001\u4e22\u5931\u3001\u8bef\u5220\u7b49\u4e8b\u6545\uff0c\u5c31\u53ef\u4ee5\u57fa\u4e8e\u4e4b\u524d\u7684\u6570\u636e\u5907\u4efd\u5feb\u901f\u8fd8\u539f\u7cfb\u7edf\uff0c\u7f29\u77ed\u6545\u969c\u65f6\u95f4\uff0c\u51cf\u5c11\u635f\u5931\u3002
\u56e0\u6b64\uff0c\u5907\u4efd\u6062\u590d\u975e\u5e38\u91cd\u8981\uff0c\u53ef\u4ee5\u89c6\u4e4b\u4e3a\u7ef4\u62a4\u7cfb\u7edf\u7a33\u5b9a\u548c\u6570\u636e\u5b89\u5168\u7684\u6700\u540e\u4e00\u9053\u4fdd\u9669\u3002
\u5907\u4efd\u901a\u5e38\u5206\u4e3a\u5168\u91cf\u5907\u4efd\u3001\u589e\u91cf\u5907\u4efd\u3001\u5dee\u5f02\u5907\u4efd\u4e09\u79cd\u3002\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u76ee\u524d\u652f\u6301\u5168\u91cf\u5907\u4efd\u548c\u589e\u91cf\u5907\u4efd\u3002
\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u63d0\u4f9b\u7684\u5907\u4efd\u6062\u590d\u53ef\u4ee5\u5206\u4e3a \u5e94\u7528\u5907\u4efd \u548c ETCD \u5907\u4efd \u4e24\u79cd\uff0c\u652f\u6301\u624b\u52a8\u5907\u4efd\uff0c\u6216\u57fa\u4e8e CronJob \u5b9a\u65f6\u81ea\u52a8\u5907\u4efd\u3002
\u5e94\u7528\u5907\u4efd
\u5e94\u7528\u5907\u4efd\u6307\uff0c\u5907\u4efd\u96c6\u7fa4\u4e2d\u7684\u67d0\u4e2a\u5de5\u4f5c\u8d1f\u8f7d\u7684\u6570\u636e\uff0c\u7136\u540e\u5c06\u8be5\u5de5\u4f5c\u8d1f\u8f7d\u7684\u6570\u636e\u6062\u590d\u5230\u672c\u96c6\u7fa4\u6216\u8005\u5176\u4ed6\u96c6\u7fa4\u3002\u652f\u6301\u5907\u4efd\u6574\u4e2a\u547d\u540d\u7a7a\u95f4\u4e0b\u7684\u6240\u6709\u8d44\u6e90\uff0c\u4e5f\u652f\u6301\u901a\u8fc7\u6807\u7b7e\u9009\u62e9\u5668\u8fc7\u6ee4\uff0c\u4ec5\u5907\u4efd\u5e26\u6709\u7279\u5b9a\u6807\u7b7e\u7684\u8d44\u6e90\u3002
\u5e94\u7528\u5907\u4efd\u652f\u6301\u8de8\u96c6\u7fa4\u5907\u4efd\u6709\u72b6\u6001\u5e94\u7528\uff0c\u5177\u4f53\u6b65\u9aa4\u53ef\u53c2\u8003MySQL \u5e94\u7528\u53ca\u6570\u636e\u7684\u8de8\u96c6\u7fa4\u5907\u4efd\u6062\u590d\u3002
ETCD \u5907\u4efd
etcd \u662f Kubernetes \u7684\u6570\u636e\u5b58\u50a8\u7ec4\u4ef6\uff0cKubernetes \u5c06\u81ea\u8eab\u7684\u7ec4\u4ef6\u6570\u636e\u548c\u5176\u4e2d\u7684\u5e94\u7528\u6570\u636e\u90fd\u5b58\u50a8\u5728 etcd \u4e2d\u3002\u56e0\u6b64\uff0c\u5907\u4efd etcd \u5c31\u76f8\u5f53\u4e8e\u5907\u4efd\u6574\u4e2a\u96c6\u7fa4\u7684\u6570\u636e\uff0c\u53ef\u4ee5\u5728\u6545\u969c\u65f6\u5feb\u901f\u5c06\u96c6\u7fa4\u6062\u590d\u5230\u4e4b\u524d\u67d0\u4e00\u65f6\u70b9\u7684\u72b6\u6001\u3002
\u9700\u8981\u6ce8\u610f\u7684\u662f\uff0c\u76ee\u524d\u4ec5\u652f\u6301\u5c06 etcd \u5907\u4efd\u6570\u636e\u6062\u590d\u5230\u540c\u4e00\u96c6\u7fa4\uff08\u539f\u96c6\u7fa4\uff09\u3002
\u672c\u6587\u4ecb\u7ecd\u5982\u4f55\u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4e2d\u4e3a\u5e94\u7528\u505a\u5907\u4efd\uff0c\u672c\u6559\u7a0b\u4e2d\u4f7f\u7528\u7684\u6f14\u793a\u5e94\u7528\u540d\u4e3a dao-2048 \uff0c\u5c5e\u4e8e\u65e0\u72b6\u6001\u5de5\u4f5c\u8d1f\u8f7d\u3002
"},{"location":"admin/kpanda/backup/deployment.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u5728\u5bf9\u65e0\u72b6\u6001\u5de5\u4f5c\u8d1f\u8f7d\u8fdb\u884c\u5907\u4efd\u524d\uff0c\u9700\u8981\u6ee1\u8db3\u4ee5\u4e0b\u524d\u63d0\u6761\u4ef6\uff1a
\u5728\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u4e2d\u63a5\u5165 Kubernetes \u96c6\u7fa4\u6216\u8005\u521b\u5efa Kubernetes \u96c6\u7fa4\uff0c\u4e14\u80fd\u591f\u8bbf\u95ee\u96c6\u7fa4\u7684 UI \u754c\u9762\u3002
\u521b\u5efa\u4e00\u4e2a\u547d\u540d\u7a7a\u95f4\u548c\u7528\u6237\u3002
\u5f53\u524d\u64cd\u4f5c\u7528\u6237\u5e94\u5177\u6709 NS Editor \u6216\u66f4\u9ad8\u6743\u9650\uff0c\u8be6\u60c5\u53ef\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u6388\u6743\u3002
\u5b89\u88c5 velero \u7ec4\u4ef6\uff0c\u4e14 velero \u7ec4\u4ef6\u8fd0\u884c\u6b63\u5e38\u3002
\u521b\u5efa\u4e00\u4e2a\u65e0\u72b6\u6001\u5de5\u4f5c\u8d1f\u8f7d\uff08\u672c\u6559\u7a0b\u4e2d\u7684\u8d1f\u8f7d\u540d\u4e3a dao-2048 \uff09\uff0c\u5e76\u4e3a\u65e0\u72b6\u6001\u5de5\u4f5c\u8d1f\u8f7d\u6253\u4e0a app: dao-2048 \u7684\u6807\u7b7e\u3002
\u53c2\u8003\u4ee5\u4e0b\u6b65\u9aa4\uff0c\u5907\u4efd\u65e0\u72b6\u6001\u5de5\u4f5c\u8d1f\u8f7d dao-2048 \u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\uff0c \u70b9\u51fb \u5bb9\u5668\u7ba1\u7406 -> \u5907\u4efd\u6062\u590d \u3002
\u8fdb\u5165 \u5e94\u7528\u5907\u4efd \u5217\u8868\u9875\u9762\uff0c\u4ece\u96c6\u7fa4\u4e0b\u62c9\u5217\u8868\u4e2d\u9009\u62e9\u5df2\u5b89\u88c5\u4e86 velero \u548c dao-2048 \u7684\u96c6\u7fa4\u3002 \u70b9\u51fb\u53f3\u4fa7\u7684 \u521b\u5efa\u5907\u4efd\u8ba1\u5212 \u6309\u94ae\u3002
\u53c2\u8003\u4e0b\u65b9\u8bf4\u660e\u586b\u5199\u5907\u4efd\u914d\u7f6e\u3002
\u53c2\u8003\u4e0b\u65b9\u8bf4\u660e\u8bbe\u7f6e\u5907\u4efd\u6267\u884c\u9891\u7387\uff0c\u7136\u540e\u70b9\u51fb \u4e0b\u4e00\u6b65 \u3002
*
\u81ea\u5b9a\u4e49 Cron \u8868\u8fbe\u5f0f\uff0c\u8f93\u5165\u8868\u8fbe\u5f0f\u540e\u4e0b\u65b9\u4f1a\u63d0\u793a\u5f53\u524d\u8868\u8fbe\u5f0f\u7684\u542b\u4e49\u3002\u6709\u5173\u8be6\u7ec6\u7684\u8868\u8fbe\u5f0f\u8bed\u6cd5\u89c4\u5219\uff0c\u53ef\u53c2\u8003 Cron \u65f6\u95f4\u8868\u8bed\u6cd5\u3002\u70b9\u51fb \u786e\u5b9a \uff0c\u9875\u9762\u4f1a\u81ea\u52a8\u8fd4\u56de\u5e94\u7528\u5907\u4efd\u8ba1\u5212\u5217\u8868\u3002\u60a8\u53ef\u4ee5\u627e\u5230\u65b0\u5efa\u7684 dao-2048 \u5907\u4efd\u8ba1\u5212\uff0c\u5728\u53f3\u4fa7\u70b9\u51fb \u2507 \uff0c\u9009\u62e9 \u7acb\u5373\u6267\u884c \u5f00\u59cb\u5907\u4efd\u3002
\u6b64\u65f6\u96c6\u7fa4\u7684 \u4e0a\u4e00\u6b21\u6267\u884c\u72b6\u6001 \u5c06\u8f6c\u53d8\u4e3a \u5907\u4efd\u4e2d \u3002\u7b49\u5f85\u5907\u4efd\u5b8c\u6210\u540e\u53ef\u4ee5\u70b9\u51fb\u5907\u4efd\u8ba1\u5212\u7684\u540d\u79f0\uff0c\u67e5\u770b\u5907\u4efd\u8ba1\u5212\u8be6\u60c5\u3002
Note
\u5982\u679c Job \u7c7b\u578b\u7684\u5de5\u4f5c\u8d1f\u8f7d\u72b6\u6001\u4e3a \u6267\u884c\u5b8c\u6210 \uff0c\u5219\u4e0d\u652f\u6301\u5907\u4efd\u3002
"},{"location":"admin/kpanda/backup/etcd-backup.html","title":"etcd \u5907\u4efd","text":"etcd \u5907\u4efd\u662f\u4ee5\u96c6\u7fa4\u6570\u636e\u4e3a\u6838\u5fc3\u7684\u5907\u4efd\u3002\u5728\u786c\u4ef6\u8bbe\u5907\u635f\u574f\uff0c\u5f00\u53d1\u6d4b\u8bd5\u914d\u7f6e\u9519\u8bef\u7b49\u573a\u666f\u4e2d\uff0c\u53ef\u4ee5\u901a\u8fc7 etcd \u5907\u4efd\u6062\u590d\u96c6\u7fa4\u6570\u636e\u3002
\u672c\u6587\u4ecb\u7ecd\u5982\u4f55\u4e3a\u96c6\u7fa4\u5236\u4f5c etcd \u5907\u4efd\u3002
"},{"location":"admin/kpanda/backup/etcd-backup.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u63a5\u5165\u6216\u8005\u521b\u5efa Kubernetes \u96c6\u7fa4\uff0c\u4e14\u80fd\u591f\u8bbf\u95ee\u96c6\u7fa4\u7684 UI \u754c\u9762\u3002
\u521b\u5efa\u547d\u540d\u7a7a\u95f4\u548c\u7528\u6237\uff0c\u5e76\u4e3a\u7528\u6237\u6388\u4e88 NS Admin \u6216\u66f4\u9ad8\u6743\u9650\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u6388\u6743\u3002
\u51c6\u5907\u4e00\u4e2a MinIO \u5b9e\u4f8b\u3002
\u53c2\u7167\u4ee5\u4e0b\u6b65\u9aa4\u521b\u5efa etcd \u5907\u4efd\u3002
\u8fdb\u5165 \u5bb9\u5668\u7ba1\u7406 -> \u5907\u4efd\u6062\u590d -> etcd \u5907\u4efd \uff0c\u70b9\u51fb \u5907\u4efd\u7b56\u7565 \u9875\u7b7e\uff0c\u7136\u540e\u5728\u53f3\u4fa7\u70b9\u51fb \u521b\u5efa\u5907\u4efd\u7b56\u7565 \u3002
\u53c2\u8003\u4ee5\u4e0b\u8bf4\u660e\u586b\u5199 \u57fa\u672c\u4fe1\u606f \u3002\u586b\u5199\u5b8c\u6bd5\u540e\u70b9\u51fb \u4e0b\u4e00\u6b65 \uff0c\u7cfb\u7edf\u5c06\u81ea\u52a8\u6821\u9a8c etcd \u7684\u8054\u901a\u6027\uff0c\u6821\u9a8c\u901a\u8fc7\u4e4b\u540e\u53ef\u4ee5\u8fdb\u884c\u4e0b\u4e00\u6b65\u3002
etcd \u5730\u5740\uff1a\u683c\u5f0f\u4e3a https://${\u8282\u70b9IP}:${\u7aef\u53e3\u53f7}
\u5728 kube-system \u547d\u540d\u7a7a\u95f4\u4e0b\u67e5\u627e etcd Pod
kubectl get po -n kube-system | grep etcd\n
\u83b7\u53d6 etcd Pod \u7684 listen-client-urls \u4e2d\u7684\u7aef\u53e3\u53f7
kubectl get po -n kube-system ${etcd_pod_name} -oyaml | grep listen-client-urls # (1)!\n
\u9884\u671f\u8f93\u51fa\u7ed3\u679c\u5982\u4e0b\uff0c\u8282\u70b9 IP \u540e\u7684\u6570\u5b57\u5373\u4e3a\u7aef\u53e3\u53f7:
- --listen-client-urls=https://127.0.0.1:2379,https://10.6.229.191:2379\n
CA \u8bc1\u4e66\uff1a\u53ef\u901a\u8fc7\u5982\u4e0b\u547d\u4ee4\u67e5\u770b\u8bc1\u4e66\uff0c\u7136\u540e\u5c06\u8bc1\u4e66\u5185\u5bb9\u590d\u5236\u7c98\u8d34\u5230\u5bf9\u5e94\u4f4d\u7f6e\uff1a
cat /etc/kubernetes/ssl/etcd/ca.crt\n
Cert \u8bc1\u4e66\uff1a\u53ef\u901a\u8fc7\u5982\u4e0b\u547d\u4ee4\u67e5\u770b\u8bc1\u4e66\uff0c\u7136\u540e\u5c06\u8bc1\u4e66\u5185\u5bb9\u590d\u5236\u7c98\u8d34\u5230\u5bf9\u5e94\u4f4d\u7f6e\uff1a
cat /etc/kubernetes/ssl/apiserver-etcd-client.crt\n
Key\uff1a\u53ef\u901a\u8fc7\u5982\u4e0b\u547d\u4ee4\u67e5\u770b\u8bc1\u4e66\uff0c\u7136\u540e\u5c06\u8bc1\u4e66\u5185\u5bb9\u590d\u5236\u7c98\u8d34\u5230\u5bf9\u5e94\u4f4d\u7f6e\uff1a
cat /etc/kubernetes/ssl/apiserver-etcd-client.key\n
Note
\u70b9\u51fb\u8f93\u5165\u6846\u4e0b\u65b9\u7684 \u5982\u4f55\u83b7\u53d6 \u53ef\u4ee5\u5728 UI \u9875\u9762\u67e5\u770b\u83b7\u53d6\u5bf9\u5e94\u4fe1\u606f\u7684\u65b9\u5f0f\u3002
\u53c2\u8003\u4ee5\u4e0b\u4fe1\u606f\u586b\u5199 \u5907\u4efd\u7b56\u7565 \u3002
\u5907\u4efd\u65b9\u5f0f\uff1a\u9009\u62e9\u624b\u52a8\u5907\u4efd\u6216\u5b9a\u65f6\u5907\u4efd
\u5907\u4efd\u94fe\u957f\u5ea6\uff1a\u6700\u591a\u4fdd\u7559\u591a\u5c11\u6761\u5907\u4efd\u6570\u636e\u3002\u9ed8\u8ba4\u4e3a 30 \u6761\u3002
\u53c2\u8003\u4ee5\u4e0b\u4fe1\u606f\u586b\u5199 \u5b58\u50a8\u4f4d\u7f6e \u3002
\u70b9\u51fb \u786e\u5b9a \u540e\u9875\u9762\u81ea\u52a8\u8df3\u8f6c\u5230\u5907\u4efd\u7b56\u7565\u5217\u8868\uff0c\u53ef\u4ee5\u67e5\u770b\u76ee\u524d\u521b\u5efa\u597d\u7684\u6240\u6709\u7b56\u7565\u3002
\u70b9\u51fb \u65e5\u5fd7 \u53ef\u4ee5\u67e5\u770b\u65e5\u5fd7\u5185\u5bb9\uff0c\u9ed8\u8ba4\u5c55\u793a 100 \u884c\u3002\u82e5\u60f3\u67e5\u770b\u66f4\u591a\u65e5\u5fd7\u4fe1\u606f\u6216\u8005\u4e0b\u8f7d\u65e5\u5fd7\uff0c\u53ef\u5728\u65e5\u5fd7\u4e0a\u65b9\u6839\u636e\u63d0\u793a\u524d\u5f80\u53ef\u89c2\u6d4b\u6027\u6a21\u5757\u3002
"},{"location":"admin/kpanda/backup/etcd-backup.html#_3","title":"\u67e5\u770b\u5907\u4efd\u7b56\u7565\u8be6\u60c5","text":"\u8fdb\u5165 \u5bb9\u5668\u7ba1\u7406 -> \u5907\u4efd\u6062\u590d -> etcd \u5907\u4efd \uff0c\u70b9\u51fb \u5907\u4efd\u7b56\u7565 \u9875\u7b7e\uff0c\u63a5\u7740\u70b9\u51fb\u7b56\u7565\u540d\u79f0\u53ef\u4ee5\u67e5\u770b\u7b56\u7565\u8be6\u60c5\u3002
"},{"location":"admin/kpanda/backup/etcd-backup.html#_4","title":"\u67e5\u770b\u5907\u4efd\u70b9","text":"\u9009\u62e9\u76ee\u6807\u96c6\u7fa4\u540e\uff0c\u53ef\u4ee5\u67e5\u770b\u8be5\u96c6\u7fa4\u4e0b\u6240\u6709\u5907\u4efd\u4fe1\u606f\u3002
\u6bcf\u6267\u884c\u4e00\u6b21\u5907\u4efd\uff0c\u5bf9\u5e94\u751f\u6210\u4e00\u4e2a\u5907\u4efd\u70b9\uff0c\u53ef\u901a\u8fc7\u6210\u529f\u72b6\u6001\u7684\u5907\u4efd\u70b9\u5feb\u901f\u6062\u590d\u5e94\u7528\u3002
velero \u662f\u4e00\u4e2a\u5907\u4efd\u548c\u6062\u590d Kubernetes \u96c6\u7fa4\u8d44\u6e90\u7684\u5f00\u6e90\u5de5\u5177\u3002\u5b83\u53ef\u4ee5\u5c06 Kubernetes \u96c6\u7fa4\u4e2d\u7684\u8d44\u6e90\u5907\u4efd\u5230\u4e91\u5b58\u50a8\u670d\u52a1\u3001\u672c\u5730\u5b58\u50a8\u6216\u5176\u4ed6\u4f4d\u7f6e\uff0c\u5e76\u4e14\u53ef\u4ee5\u5728\u9700\u8981\u65f6\u5c06\u8fd9\u4e9b\u8d44\u6e90\u6062\u590d\u5230\u540c\u4e00\u6216\u4e0d\u540c\u7684\u96c6\u7fa4\u4e2d\u3002
\u672c\u8282\u4ecb\u7ecd\u5982\u4f55\u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4e2d\u4f7f\u7528 Helm \u5e94\u7528 \u90e8\u7f72 velero \u63d2\u4ef6\u3002
"},{"location":"admin/kpanda/backup/install-velero.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u5b89\u88c5 velero \u63d2\u4ef6\u524d\uff0c\u9700\u8981\u6ee1\u8db3\u4ee5\u4e0b\u524d\u63d0\u6761\u4ef6\uff1a
\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u5df2\u63a5\u5165 Kubernetes \u96c6\u7fa4\u6216\u8005\u5df2\u521b\u5efa Kubernetes \u96c6\u7fa4\uff0c\u4e14\u80fd\u591f\u8bbf\u95ee\u96c6\u7fa4\u7684 UI \u754c\u9762\u3002
\u521b\u5efa velero \u547d\u540d\u7a7a\u95f4\u3002
\u5f53\u524d\u64cd\u4f5c\u7528\u6237\u5e94\u5177\u6709 NS Editor \u6216\u66f4\u9ad8\u6743\u9650\uff0c\u8be6\u60c5\u53ef\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u6388\u6743\u3002
\u8bf7\u6267\u884c\u5982\u4e0b\u6b65\u9aa4\u4e3a\u96c6\u7fa4\u5b89\u88c5 velero \u63d2\u4ef6\u3002
\u5728\u96c6\u7fa4\u5217\u8868\u9875\u9762\u627e\u5230\u9700\u8981\u5b89\u88c5 velero \u63d2\u4ef6\u7684\u76ee\u6807\u96c6\u7fa4\uff0c\u70b9\u51fb\u96c6\u7fa4\u540d\u79f0\uff0c\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u4f9d\u6b21\u70b9\u51fb Helm \u5e94\u7528 -> Helm \u6a21\u677f \uff0c\u5728\u641c\u7d22\u680f\u8f93\u5165 velero \u8fdb\u884c\u641c\u7d22\u3002
\u9605\u8bfb velero \u63d2\u4ef6\u76f8\u5173\u4ecb\u7ecd\uff0c\u9009\u62e9\u7248\u672c\u540e\u70b9\u51fb \u5b89\u88c5 \u6309\u94ae\u3002\u672c\u6587\u5c06\u4ee5 4.0.2 \u7248\u672c\u4e3a\u4f8b\u8fdb\u884c\u5b89\u88c5\uff0c\u63a8\u8350\u5b89\u88c5 4.0.2 \u6216\u66f4\u9ad8\u7248\u672c\u3002
\u586b\u5199\u548c\u914d\u7f6e\u53c2\u6570\u540e\u70b9\u51fb \u4e0b\u4e00\u6b65
\u57fa\u672c\u53c2\u6570\u53c2\u6570\u914d\u7f6eNote
\u5f00\u542f \u5c31\u7eea\u7b49\u5f85 \u548c/\u6216 \u5931\u8d25\u5220\u9664 \u540e\uff0c\u5e94\u7528\u9700\u8981\u7ecf\u8fc7\u8f83\u957f\u65f6\u95f4\u624d\u4f1a\u88ab\u6807\u8bb0\u4e3a \u8fd0\u884c\u4e2d \u72b6\u6001\u3002
S3 Credentials\uff1a
SecretContents.aws_secret_access_key = \uff1a\u914d\u7f6e\u8bbf\u95ee\u5bf9\u8c61\u5b58\u50a8\u7684\u5bc6\u7801\uff0c\u66ff\u6362 \u4e3a\u771f\u5b9e\u53c2\u6570\u3002
config \"SecretContents \u6837\u4f8b\" [default] aws_access_key_id = minio aws_secret_access_key = minio123
Velero Configuration\uff1a
Note
\u8bf7\u786e\u4fdd s3 \u5b58\u50a8\u670d\u52a1\u65f6\u95f4\u8ddf\u5907\u4efd\u8fd8\u539f\u96c6\u7fa4\u65f6\u95f4\u5dee\u572810\u5206\u949f\u4ee5\u5185\uff0c\u6700\u597d\u662f\u65f6\u95f4\u4fdd\u6301\u540c\u6b65\uff0c\u5426\u5219\u5c06\u65e0\u6cd5\u6267\u884c\u5907\u4efd\u64cd\u4f5c\u3002
migration plugin configuration\uff1a\u542f\u7528\u4e4b\u540e\uff0c\u5c06\u5728\u4e0b\u4e00\u6b65\u7684 YAML \u4ee3\u7801\u6bb5\u4e2d\u65b0\u589e\uff1a
...\ninitContainers:\n - image: 'release.daocloud.io/kcoral/velero-plugin-for-migration:v0.3.0'\n imagePullPolicy: IfNotPresent\n name: velero-plugin-for-migration\n volumeMounts:\n - mountPath: /target\n name: plugins\n - image: 'docker.m.daocloud.io/velero/velero-plugin-for-csi:v0.7.0'\n imagePullPolicy: IfNotPresent\n name: velero-plugin-for-csi\n volumeMounts:\n - mountPath: /target\n name: plugins\n - image: 'docker.m.daocloud.io/velero/velero-plugin-for-aws:v1.9.0'\n imagePullPolicy: IfNotPresent\n name: velero-plugin-for-aws\n volumeMounts:\n - mountPath: /target\n name: plugins\n...\n
\u786e\u8ba4 YAML \u65e0\u8bef\u540e\u70b9\u51fb \u786e\u5b9a \uff0c\u5b8c\u6210 velero \u63d2\u4ef6\u7684\u5b89\u88c5\u3002 \u4e4b\u540e\u7cfb\u7edf\u5c06\u81ea\u52a8\u8df3\u8f6c\u81f3 Helm \u5e94\u7528 \u5217\u8868\u9875\u9762\uff0c\u7a0d\u7b49\u51e0\u5206\u949f\u540e\uff0c\u4e3a\u9875\u9762\u6267\u884c\u5237\u65b0\u64cd\u4f5c\uff0c\u5373\u53ef\u770b\u5230\u521a\u521a\u5b89\u88c5\u7684\u5e94\u7528\u3002
\u672c\u6587\u5c06\u4ee5\u4e00\u4e2a\u5355\u63a7\u5236\u8282\u70b9\u7684\u5de5\u4f5c\u96c6\u7fa4\u4e3a\u4f8b\uff0c\u4ecb\u7ecd\u5982\u4f55\u624b\u52a8\u4e3a\u5de5\u4f5c\u96c6\u7fa4\u7684\u63a7\u5236\u8282\u70b9\u8fdb\u884c\u6269\u5bb9\uff0c\u4ee5\u5b9e\u73b0\u81ea\u5efa\u5de5\u4f5c\u96c6\u7fa4\u7684\u9ad8\u53ef\u7528\u3002
Note
Note
\u88ab\u7eb3\u7ba1\u96c6\u7fa4\uff1a\u5728\u754c\u9762\u521b\u5efa\u96c6\u7fa4\u65f6\u6307\u5b9a\u7684\u7528\u6765\u7ba1\u7406\u5f53\u524d\u96c6\u7fa4\uff0c\u5e76\u4e3a\u5f53\u524d\u96c6\u7fa4\u63d0\u4f9b kubernetes \u7248\u672c\u5347\u7ea7\u3001\u8282\u70b9\u6269\u7f29\u5bb9\u3001\u5378\u8f7d\u3001\u64cd\u4f5c\u8bb0\u5f55\u7b49\u80fd\u529b\u7684\u96c6\u7fa4\u3002
"},{"location":"admin/kpanda/best-practice/add-master-node.html#_3","title":"\u4fee\u6539\u4e3b\u673a\u6e05\u5355\u6587\u4ef6","text":"\u767b\u5f55\u5230\u5bb9\u5668\u7ba1\u7406\u5e73\u53f0\uff0c\u8fdb\u5165\u9700\u8981\u8fdb\u884c\u63a7\u5236\u8282\u70b9\u6269\u5bb9\u7684\u96c6\u7fa4\u6982\u89c8\u9875\u9762\uff0c\u5728 \u57fa\u672c\u4fe1\u606f \u5904\uff0c\u627e\u5230\u5f53\u524d\u96c6\u7fa4\u7684 \u88ab\u7eb3\u7ba1\u96c6\u7fa4 \uff0c \u70b9\u51fb\u88ab\u7eb3\u7ba1\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u8fdb\u5165\u88ab\u7eb3\u7ba1\u96c6\u7fa4\u7684\u6982\u89c8\u754c\u9762\u3002
\u5728\u88ab\u7eb3\u7ba1\u96c6\u7fa4\u7684\u6982\u89c8\u754c\u9762\uff0c\u70b9\u51fb \u63a7\u5236\u53f0\uff0c\u6253\u5f00\u4e91\u7ec8\u7aef\u63a7\u5236\u53f0\uff0c\u5e76\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u627e\u5230\u5f85\u6269\u5bb9\u5de5\u4f5c\u96c6\u7fa4\u7684\u4e3b\u673a\u6e05\u5355\u6587\u4ef6\u3002
kubectl get cm -n kubean-system ${ClusterName}-hosts-conf -oyaml\n
${ClusterName}
\uff1a\u4e3a\u5f85\u6269\u5bb9\u5de5\u4f5c\u96c6\u7fa4\u7684\u540d\u79f0\u3002
\u53c2\u8003\u4e0b\u65b9\u793a\u4f8b\u4fee\u6539\u4e3b\u673a\u6e05\u5355\u6587\u4ef6\uff0c\u65b0\u589e\u63a7\u5236\u8282\u70b9\u4fe1\u606f\u3002
\u4fee\u6539\u524d\u4fee\u6539\u540eapiVersion: v1\nkind: ConfigMap\nmetadata:\n name: tanghai-dev-hosts-conf\n namespace: kubean-system\ndata:\n hosts.yml: |\n all:\n hosts:\n node1:\n ip: 10.6.175.10 \n access_ip: 10.6.175.10\n ansible_host: 10.6.175.10 \n ansible_connection: ssh\n ansible_user: root\n ansible_password: password01\n children:\n kube_control_plane:\n hosts:\n node1:\n kube_node:\n hosts:\n node1:\n etcd:\n hosts:\n node1:\n k8s_cluster:\n children:\n kube_control_plane:\n kube_node:\n calico_rr:\n hosts: {}\n......\n
apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: tanghai-dev-hosts-conf\n namespace: kubean-system\ndata:\n hosts.yml: |\n all:\n hosts:\n node1: # \u539f\u96c6\u7fa4\u4e2d\u5df2\u5b58\u5728\u7684\u4e3b\u8282\u70b9\n ip: 10.6.175.10\n access_ip: 10.6.175.10 \n ansible_host: 10.6.175.10\n ansible_connection: ssh\n ansible_user: root\n ansible_password: password01\n node2: # \u96c6\u7fa4\u6269\u5bb9\u5f85\u65b0\u589e\u7684\u63a7\u5236\u8282\u70b9\n ip: 10.6.175.20\n access_ip: 10.6.175.20\n ansible_host: 10.6.175.20\n ansible_connection: ssh\n ansible_user: root\n ansible_password: password01\n node3: # \u96c6\u7fa4\u6269\u5bb9\u5f85\u65b0\u589e\u7684\u63a7\u5236\u8282\u70b9\n ip: 10.6.175.30 \n access_ip: 10.6.175.30\n ansible_host: 10.6.175.30 \n ansible_connection: ssh\n ansible_user: root\n ansible_password: password01\n children:\n kube_control_plane:\n hosts: # \u96c6\u7fa4\u4e2d\u7684\u63a7\u5236\u8282\u70b9\u7ec4\n node1:\n node2: # \u65b0\u589e\u63a7\u5236\u8282\u70b9 node2 \u5185\u5bb9 \n node3: # \u65b0\u589e\u63a7\u5236\u8282\u70b9 node3 \u5185\u5bb9 \n kube_node:\n hosts: # \u96c6\u7fa4\u4e2d\u7684\u5de5\u4f5c\u8282\u70b9\u7ec4\n node1:\n node2: # \u65b0\u589e\u63a7\u5236\u8282\u70b9 node2 \u5185\u5bb9 \n node3: # \u65b0\u589e\u63a7\u5236\u8282\u70b9 node3 \u5185\u5bb9 \n etcd:\n hosts: # \u96c6\u7fa4\u4e2d\u7684 ETCD \u8282\u70b9\u7ec4\n node1:\n node2: # \u65b0\u589e\u63a7\u5236\u8282\u70b9 node2 \u5185\u5bb9 \n node3: # \u65b0\u589e\u63a7\u5236\u8282\u70b9 node3 \u5185\u5bb9 \n k8s_cluster:\n children:\n kube_control_plane:\n kube_node:\n calico_rr:\n hosts: {}\n
\u4f7f\u7528\u57fa\u4e8e\u4e0b\u9762\u7684 ClusterOperation.yml \u6a21\u677f\uff0c\u65b0\u589e\u4e00\u4e2a\u96c6\u7fa4\u63a7\u5236\u8282\u70b9\u6269\u5bb9\u4efb\u52a1 scale-master-node-ops.yaml \u3002
ClusterOperation.ymlapiVersion: kubean.io/v1alpha1\nkind: ClusterOperation\nmetadata:\n name: cluster1-online-install-ops\nspec:\n cluster: ${cluster-name} # (1)!\n image: ghcr.m.daocloud.io/kubean-io/spray-job:v0.18.0 # (2)!\n actionType: playbook\n action: cluster.yml # (3)!\n extraArgs: --limit=etcd,kube_control_plane -e ignore_assert_errors=yes\n preHook:\n - actionType: playbook\n action: ping.yml\n - actionType: playbook\n action: disable-firewalld.yml\n - actionType: playbook\n action: enable-repo.yml # (4)!\n extraArgs: | # \u5982\u679c\u662f\u79bb\u7ebf\u73af\u5883\uff0c\u9700\u8981\u6dfb\u52a0 enable-repo.yml\uff0c\u5e76\u4e14 extraArgs \u53c2\u6570\u586b\u5199\u76f8\u5173 OS \u7684\u6b63\u786e repo_list\n -e \"{repo_list: ['http://172.30.41.0:9000/kubean/centos/\\$releasever/os/\\$basearch','http://172.30.41.0:9000/kubean/centos-iso/\\$releasever/os/\\$basearch']}\"\n postHook:\n - actionType: playbook\n action: upgrade-cluster.yml\n extraArgs: --limit=etcd,kube_control_plane -e ignore_assert_errors=yes\n - actionType: playbook\n action: kubeconfig.yml\n - actionType: playbook\n action: cluster-info.yml\n
-e etcd_retries=10
\u4ee5\u589e\u5927 etcd node join \u91cd\u8bd5\u6b21\u6570\u7136\u540e\u521b\u5efa\u5e76\u90e8\u7f72 scale-master-node-ops.yaml\u3002
vi scale-master-node-ops.yaml\nkubectl apply -f scale-master-node-ops.yaml -n kubean-system\n
\u6267\u884c\u5b8c\u4e0a\u8ff0\u6b65\u9aa4\uff0c\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u9a8c\u8bc1\uff1a
kubectl get node\n
"},{"location":"admin/kpanda/best-practice/add-worker-node-on-global.html","title":"\u4e3a\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u7684\u5de5\u4f5c\u8282\u70b9\u6269\u5bb9","text":"\u672c\u6587\u5c06\u4ecb\u7ecd\u79bb\u7ebf\u6a21\u5f0f\u4e0b\uff0c\u5982\u4f55\u624b\u52a8\u4e3a\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u7684\u5de5\u4f5c\u8282\u70b9\u8fdb\u884c\u6269\u5bb9\u3002 \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e0d\u5efa\u8bae\u5728\u90e8\u7f72 AI \u7b97\u529b\u4e2d\u5fc3\u540e\u5bf9\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u8fdb\u884c\u6269\u5bb9\uff0c\u8bf7\u5728\u90e8\u7f72 AI \u7b97\u529b\u4e2d\u5fc3\u524d\u505a\u597d\u8d44\u6e90\u89c4\u5212\u3002
Note
\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u7684\u63a7\u5236\u8282\u70b9\u4e0d\u652f\u6301\u6269\u5bb9\u3002
"},{"location":"admin/kpanda/best-practice/add-worker-node-on-global.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u767b\u5f55\u706b\u79cd\u8282\u70b9\uff1a
ssh root@\u706b\u79cd\u8282\u70b9 IP \u5730\u5740\n
\u5728\u706b\u79cd\u8282\u70b9\u4e0a\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u83b7\u53d6 kind \u96c6\u7fa4\u7684 CONTAINER ID
\uff1a
[root@localhost ~]# podman ps\n\n# \u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a\nCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES\n220d662b1b6a docker.m.daocloud.io/kindest/node:v1.26.2 2 weeks ago Up 2 weeks 0.0.0.0:443->30443/tcp, 0.0.0.0:8081->30081/tcp, 0.0.0.0:9000-9001->32000-32001/tcp, 0.0.0.0:36674->6443/tcp my-cluster-installer-control-plane\n
\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u8fdb\u5165 kind \u96c6\u7fa4\u5bb9\u5668\u5185\uff1a
podman exec -it {CONTAINER ID} bash\n
{CONTAINER ID}
\u66ff\u6362\u4e3a\u60a8\u771f\u5b9e\u7684\u5bb9\u5668 ID
\u5728 kind \u96c6\u7fa4\u5bb9\u5668\u5185\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u83b7\u53d6 kind \u96c6\u7fa4\u7684 kubeconfig \u914d\u7f6e\u4fe1\u606f\uff1a
kubectl config view --minify --flatten --raw\n
\u5f85\u63a7\u5236\u53f0\u8f93\u51fa\u540e\uff0c\u590d\u5236 kind \u96c6\u7fa4\u7684 kubeconfig \u914d\u7f6e\u4fe1\u606f\uff0c\u4e3a\u4e0b\u4e00\u6b65\u505a\u51c6\u5907\u3002
"},{"location":"admin/kpanda/best-practice/add-worker-node-on-global.html#kind-clusterkubeanio","title":"\u5728\u706b\u79cd\u8282\u70b9\u4e0a kind \u96c6\u7fa4\u5185\u521b\u5efacluster.kubean.io
\u8d44\u6e90","text":"\u4f7f\u7528 podman exec -it {CONTAINER ID} bash
\u547d\u4ee4\u8fdb\u5165 kind \u96c6\u7fa4\u5bb9\u5668\u5185\u3002
\u5728 kind \u96c6\u7fa4\u5bb9\u5668\u5185\uff0c\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u83b7\u53d6 kind \u96c6\u7fa4\u540d\u79f0 \uff1a
kubectl get clusters\n
\u590d\u5236\u5e76\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5728 kind \u96c6\u7fa4\u5185\u6267\u884c\uff0c\u4ee5\u521b\u5efa cluster.kubean.io
\u8d44\u6e90\uff1a
kubectl apply -f - <<EOF\napiVersion: kubean.io/v1alpha1\nkind: Cluster\nmetadata:\n labels:\n clusterName: kpanda-global-cluster\n name: kpanda-global-cluster\nspec:\n hostsConfRef:\n name: my-cluster-hosts-conf\n namespace: kubean-system\n kubeconfRef:\n name: my-cluster-kubeconf\n namespace: kubean-system\n varsConfRef:\n name: my-cluster-vars-conf\n namespace: kubean-system\nEOF\n
Note
spec.hostsConfRef.name
\u3001spec.kubeconfRef.name
\u3001spec.varsConfRef.name
\u4e2d\u96c6\u7fa4\u540d\u79f0\u9ed8\u8ba4\u4e3a my-cluster
\uff0c \u9700\u66ff\u6362\u6210\u4e0a\u4e00\u6b65\u9aa4\u4e2d\u83b7\u53d6\u7684 kind \u96c6\u7fa4\u540d\u79f0 \u3002
\u5728 kind \u96c6\u7fa4\u5185\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u68c0\u9a8c cluster.kubean.io` \u8d44\u6e90\u662f\u5426\u6b63\u5e38\u521b\u5efa\uff1a
kubectl get clusters\n
\u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a
NAME AGE\nkpanda-global-cluster 3s\nmy-cluster 16d\n
\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u767b\u5f55\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u7684\u5176\u4e2d\u4e00\u4e2a\u63a7\u5236\u8282\u70b9\uff1a
ssh root@\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u63a7\u5236\u8282\u70b9 IP \u5730\u5740\n
\u5728\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u63a7\u5236\u8282\u70b9\u4e0a\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5c06\u63a7\u5236\u8282\u70b9\u7684 containerd \u914d\u7f6e\u6587\u4ef6 config.toml \u590d\u5236\u5230\u706b\u79cd\u8282\u70b9\u4e0a\uff1a
scp /etc/containerd/config.toml root@{\u706b\u79cd\u8282\u70b9 IP}:/root\n
\u5728\u706b\u79cd\u8282\u70b9\u4e0a\uff0c\u4ece\u63a7\u5236\u8282\u70b9\u62f7\u8d1d\u8fc7\u6765\u7684 containerd \u914d\u7f6e\u6587\u4ef6 config.toml \u4e2d\u9009\u53d6 \u975e\u5b89\u5168\u955c\u50cf registry \u7684\u90e8\u5206 \u52a0\u5165\u5230 kind \u96c6\u7fa4\u5185 config.toml
\u975e\u5b89\u5168\u955c\u50cfregistry \u90e8\u5206\u793a\u4f8b\u5982\u4e0b\uff1a
[plugins.\"io.containerd.grpc.v1.cri\".registry]\n [plugins.\"io.containerd.grpc.v1.cri\".registry.mirrors]\n [plugins.\"io.containerd.grpc.v1.cri\".registry.mirrors.\"10.6.202.20\"]\n endpoint = [\"https://10.6.202.20\"]\n [plugins.\"io.containerd.grpc.v1.cri\".registry.configs.\"10.6.202.20\".tls]\n insecure_skip_verify = true\n
Note
\u7531\u4e8e kind \u96c6\u7fa4\u5185\u4e0d\u80fd\u76f4\u63a5\u4fee\u6539 config.toml \u6587\u4ef6\uff0c\u6545\u53ef\u4ee5\u5148\u590d\u5236\u4e00\u4efd\u6587\u4ef6\u51fa\u6765\u4fee\u6539\uff0c\u518d\u62f7\u8d1d\u5230 kind \u96c6\u7fa4\uff0c\u6b65\u9aa4\u5982\u4e0b\uff1a
\u5728\u706b\u79cd\u8282\u70b9\u4e0a\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\uff0c\u5c06\u6587\u4ef6\u62f7\u8d1d\u51fa\u6765
podman cp {CONTAINER ID}:/etc/containerd/config.toml ./config.toml.kind\n
\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u7f16\u8f91 config.toml \u6587\u4ef6
vim ./config.toml.kind\n
\u5c06\u4fee\u6539\u597d\u7684\u6587\u4ef6\u518d\u590d\u5236\u5230 kind \u96c6\u7fa4\uff0c\u6267\u884c\u5982\u4e0b\u547d\u4ee4
podman cp ./config.toml.kind {CONTAINER ID}:/etc/containerd/config.toml\n
{CONTAINER ID} \u66ff\u6362\u4e3a\u60a8\u771f\u5b9e\u7684\u5bb9\u5668 ID
\u5728 kind \u96c6\u7fa4\u5185\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u91cd\u542f containerd \u670d\u52a1
systemctl restart containerd\n
\u767b\u5f55 AI \u7b97\u529b\u4e2d\u5fc3\uff0c\u8fdb\u5165\u5bb9\u5668\u7ba1\u7406\uff0c\u5728\u96c6\u7fa4\u5217\u8868\u9875\u53f3\u4fa7\u70b9\u51fb \u63a5\u5165\u96c6\u7fa4 \u6309\u94ae\uff0c\u8fdb\u5165\u63a5\u5165\u96c6\u7fa4\u9875\u9762\u3002
\u5728\u63a5\u5165\u914d\u7f6e\u5904\uff0c\u586b\u5165\u5e76\u7f16\u8f91\u521a\u521a\u590d\u5236\u7684 kind \u96c6\u7fa4\u7684 kubeconfig \u914d\u7f6e\u3002
apiVersion: v1\nclusters:\n- cluster:\n insecure-skip-tls-verify: true # (1)!\n certificate-authority-data: LS0TLSCFDFWEFEWFEWFGGEWGFWFEWGWEGFEWGEWGSDGFSDSD\n server: https://my-cluster-installer-control-plane:6443 # (2)!\nname: my-cluster-installer\ncontexts:\n- context:\n cluster: my-cluster-installer\n user: kubernetes-admin\nname: kubernetes-admin@my-cluster-installer\ncurrent-context: kubernetes-admin@my-cluster-installer\nkind: Config\npreferences: {}\nusers:\n
\u70b9\u51fb \u786e\u8ba4 \u6309\u94ae\uff0c\u5b8c\u6210 kind \u96c6\u7fa4\u7684\u63a5\u5165\u3002
\u767b\u5f55 AI \u7b97\u529b\u4e2d\u5fc3\uff0c\u8fdb\u5165\u5bb9\u5668\u7ba1\u7406\uff0c\u627e\u5230 kapnda-glabal-cluster \u96c6\u7fa4\uff0c\u5728\u53f3\u4fa7\u64cd\u4f5c\u5217\u8868\u627e\u5230 \u57fa\u7840\u914d\u7f6e \u83dc\u5355\u9879\u5e76\u8fdb\u5165\u57fa\u7840\u914d\u7f6e\u754c\u9762\u3002
\u5728\u57fa\u7840\u914d\u7f6e\u9875\u9762\uff0c\u4e3a\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u6dfb\u52a0\u7684\u6807\u7b7e kpanda.io/managed-by=my-cluster
\uff1a
Note
\u6807\u7b7e kpanda.io/managed-by=my-cluster
\u4e2d\u7684 vaule \u503c\u4e3a\u63a5\u5165\u96c6\u7fa4\u65f6\u6307\u5b9a\u7684\u96c6\u7fa4\u540d\u79f0\uff0c\u9ed8\u8ba4\u4e3a my-cluster
\uff0c\u5177\u4f53\u4f9d\u636e\u60a8\u7684\u5b9e\u9645\u60c5\u51b5\u3002
\u8fdb\u5165\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u8282\u70b9\u5217\u8868\u9875\uff0c\u70b9\u51fb\u53f3\u4fa7\u7684 \u63a5\u5165\u8282\u70b9 \u6309\u94ae\u3002
\u586b\u5165\u5f85\u63a5\u5165\u8282\u70b9\u7684 IP \u548c\u8ba4\u8bc1\u4fe1\u606f\u540e\u70b9\u51fb \u5f00\u59cb\u68c0\u67e5 \uff0c\u901a\u8fc7\u8282\u70b9\u68c0\u67e5\u540e\u70b9\u51fb \u4e0b\u4e00\u6b65 \u3002
\u5728 \u81ea\u5b9a\u4e49\u53c2\u6570 \u5904\u6dfb\u52a0\u5982\u4e0b\u81ea\u5b9a\u4e49\u53c2\u6570\uff1a
download_run_once: false\ndownload_container: false\ndownload_force_cache: false\ndownload_localhost: false\n
\u70b9\u51fb \u786e\u5b9a \u7b49\u5f85\u8282\u70b9\u6dfb\u52a0\u5b8c\u6210\u3002
\u672c\u6b21\u6f14\u793a\u5c06\u57fa\u4e8e AI \u7b97\u529b\u4e2d\u5fc3\u7684\u5e94\u7528\u5907\u4efd\u529f\u80fd\uff0c\u5b9e\u73b0\u4e00\u4e2a\u6709\u72b6\u6001\u5e94\u7528\u7684\u8de8\u96c6\u7fa4\u5907\u4efd\u8fc1\u79fb\u3002
Note
\u5f53\u524d\u64cd\u4f5c\u8005\u5e94\u5177\u6709 AI \u7b97\u529b\u4e2d\u5fc3\u5e73\u53f0\u7ba1\u7406\u5458\u7684\u6743\u9650\u3002
"},{"location":"admin/kpanda/best-practice/backup-mysql-on-nfs.html#_1","title":"\u51c6\u5907\u6f14\u793a\u73af\u5883","text":""},{"location":"admin/kpanda/best-practice/backup-mysql-on-nfs.html#_2","title":"\u51c6\u5907\u4e24\u4e2a\u96c6\u7fa4","text":"main-cluster \u4f5c\u4e3a\u5907\u4efd\u6570\u636e\u7684\u6e90\u96c6\u7fa4\uff0c recovery-cluster \u96c6\u7fa4\u4f5c\u4e3a\u9700\u8981\u6062\u590d\u6570\u636e\u7684\u76ee\u6807\u96c6\u7fa4\u3002
\u96c6\u7fa4 IP \u8282\u70b9 main-cluster 10.6.175.100 1 \u8282\u70b9 recovery-cluster 10.6.175.110 1 \u8282\u70b9"},{"location":"admin/kpanda/best-practice/backup-mysql-on-nfs.html#minio","title":"\u642d\u5efa MinIO \u914d\u7f6e","text":"MinIO \u670d\u52a1\u5668\u8bbf\u95ee\u5730\u5740 \u5b58\u50a8\u6876 \u7528\u6237\u540d \u5bc6\u7801 http://10.7.209.110:9000 mysql-demo root dangerous"},{"location":"admin/kpanda/best-practice/backup-mysql-on-nfs.html#nfs","title":"\u5728\u4e24\u4e2a\u96c6\u7fa4\u90e8\u7f72 NFS \u5b58\u50a8\u670d\u52a1","text":"Note
\u9700\u8981\u5728 \u6e90\u96c6\u7fa4\u548c\u76ee\u6807\u96c6\u7fa4 \u4e0a\u7684\u6240\u6709\u8282\u70b9\u4e0a\u90e8\u7f72 NFS \u5b58\u50a8\u670d\u52a1\u3002
\u5728\u4e24\u4e2a\u96c6\u7fa4\u4e2d\u7684\u6240\u6709\u8282\u70b9\u5b89\u88c5 NFS \u6240\u9700\u7684\u4f9d\u8d56\u3002
yum install nfs-utils iscsi-initiator-utils nfs-utils iscsi-initiator-utils nfs-utils iscsi-initiator-utils -y\n
\u9884\u671f\u8f93\u51fa\u4e3a\uff1a
[root@g-master1 ~]# kubectl apply -f nfs.yaml\nclusterrole.rbac.authorization.k8s.io/nfs-provisioner-runner created\nclusterrolebinding.rbac.authorization.k8s.io/run-nfs-provisioner created\nrole.rbac.authorization.k8s.io/leader-locking-nfs-provisioner created\nrolebinding.rbac.authorization.k8s.io/leader-locking-nfs-provisioner created\nserviceaccount/nfs-provisioner created\nservice/nfs-provisioner created\ndeployment.apps/nfs-provisioner created\nstorageclass.storage.k8s.io/nfs created\n
\u4e3a MySQL \u5e94\u7528\u51c6\u5907 NFS \u5b58\u50a8\u670d\u52a1\u3002
\u767b\u5f55 main-cluster \u96c6\u7fa4\u548c recovery-cluster \u96c6\u7fa4\u7684\u4efb\u4e00\u63a7\u5236\u8282\u70b9\uff0c\u4f7f\u7528 vi nfs.yaml \u547d\u4ee4\u5728\u8282\u70b9\u4e0a\u521b\u5efa\u4e00\u4e2a \u540d\u4e3a nfs.yaml \u7684\u6587\u4ef6\uff0c\u5c06\u4e0b\u9762\u7684 YAML \u5185\u5bb9\u590d\u5236\u5230 nfs.yaml \u6587\u4ef6\u3002
\u70b9\u51fb\u67e5\u770b\u5b8c\u6574\u7684 nfs.yaml nfs.yaml
kind: ClusterRole\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\nname: nfs-provisioner-runner\nnamespace: nfs-system\nrules:\n- apiGroups: [\"\"]\n resources: [\"persistentvolumes\"]\n verbs: [\"get\", \"list\", \"watch\", \"create\", \"delete\"]\n- apiGroups: [\"\"]\n resources: [\"persistentvolumeclaims\"]\n verbs: [\"get\", \"list\", \"watch\", \"update\"]\n- apiGroups: [\"storage.k8s.io\"]\n resources: [\"storageclasses\"]\n verbs: [\"get\", \"list\", \"watch\"]\n- apiGroups: [\"\"]\n resources: [\"events\"]\n verbs: [\"create\", \"update\", \"patch\"]\n- apiGroups: [\"\"]\n resources: [\"services\", \"endpoints\"]\n verbs: [\"get\"]\n- apiGroups: [\"extensions\"]\n resources: [\"podsecuritypolicies\"]\n resourceNames: [\"nfs-provisioner\"]\n verbs: [\"use\"]\n---\nkind: ClusterRoleBinding\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\nname: run-nfs-provisioner\nsubjects:\n- kind: ServiceAccount\n name: nfs-provisioner\n # replace with namespace where provisioner is deployed\n namespace: default\nroleRef:\nkind: ClusterRole\nname: nfs-provisioner-runner\napiGroup: rbac.authorization.k8s.io\n---\nkind: Role\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\nname: leader-locking-nfs-provisioner\nrules:\n- apiGroups: [\"\"]\n resources: [\"endpoints\"]\n verbs: [\"get\", \"list\", \"watch\", \"create\", \"update\", \"patch\"]\n---\nkind: RoleBinding\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\nname: leader-locking-nfs-provisioner\nsubjects:\n- kind: ServiceAccount\n name: nfs-provisioner\n # replace with namespace where provisioner is deployed\n namespace: default\nroleRef:\nkind: Role\nname: leader-locking-nfs-provisioner\napiGroup: rbac.authorization.k8s.io\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\nname: nfs-provisioner\n---\nkind: Service\napiVersion: v1\nmetadata:\nname: nfs-provisioner\nlabels:\n app: nfs-provisioner\nspec:\nports:\n - name: nfs\n port: 2049\n - name: nfs-udp\n port: 2049\n protocol: UDP\n - name: nlockmgr\n port: 32803\n - name: nlockmgr-udp\n port: 32803\n protocol: UDP\n - name: mountd\n port: 20048\n - name: mountd-udp\n port: 20048\n protocol: UDP\n - name: rquotad\n port: 875\n - name: rquotad-udp\n port: 875\n protocol: UDP\n - name: rpcbind\n port: 111\n - name: rpcbind-udp\n port: 111\n protocol: UDP\n - name: statd\n port: 662\n - name: statd-udp\n port: 662\n protocol: UDP\nselector:\n app: nfs-provisioner\n---\nkind: Deployment\napiVersion: apps/v1\nmetadata:\nname: nfs-provisioner\nspec:\nselector:\n matchLabels:\n app: nfs-provisioner\nreplicas: 1\nstrategy:\n type: Recreate\ntemplate:\n metadata:\n labels:\n app: nfs-provisioner\n spec:\n serviceAccount: nfs-provisioner\n containers:\n - name: nfs-provisioner\n resources:\n limits:\n cpu: \"1\"\n memory: \"4294967296\"\n image: release.daocloud.io/velero/nfs-provisioner:v3.0.0\n ports:\n - name: nfs\n containerPort: 2049\n - name: nfs-udp\n containerPort: 2049\n protocol: UDP\n - name: nlockmgr\n containerPort: 32803\n - name: nlockmgr-udp\n containerPort: 32803\n protocol: UDP\n - name: mountd\n containerPort: 20048\n - name: mountd-udp\n containerPort: 20048\n protocol: UDP\n - name: rquotad\n containerPort: 875\n - name: rquotad-udp\n containerPort: 875\n protocol: UDP\n - name: rpcbind\n containerPort: 111\n - name: rpcbind-udp\n containerPort: 111\n protocol: UDP\n - name: statd\n containerPort: 662\n - name: statd-udp\n containerPort: 662\n protocol: UDP\n securityContext:\n capabilities:\n add:\n - DAC_READ_SEARCH\n - SYS_RESOURCE\n args:\n - \"-provisioner=example.com/nfs\"\n env:\n - name: POD_IP\n valueFrom:\n fieldRef:\n fieldPath: status.podIP\n - name: SERVICE_NAME\n value: nfs-provisioner\n - name: POD_NAMESPACE\n valueFrom:\n fieldRef:\n fieldPath: metadata.namespace\n imagePullPolicy: \"IfNotPresent\"\n volumeMounts:\n - name: export-volume\n mountPath: /export\n volumes:\n - name: export-volume\n hostPath:\n path: /data\n---\nkind: StorageClass\napiVersion: storage.k8s.io/v1\nmetadata:\nname: nfs\nprovisioner: example.com/nfs\nmountOptions:\n- vers=4.1\n
\u5728\u4e24\u4e2a\u96c6\u7fa4\u7684\u63a7\u5236\u8282\u70b9\u4e0a\u6267\u884c nfs.yaml \u6587\u4ef6\u3002
kubectl apply -f nfs.yaml\n
\u67e5\u770b NFS Pod \u72b6\u6001\uff0c\u7b49\u5f85\u5176\u72b6\u6001\u53d8\u4e3a running \uff08\u5927\u7ea6\u9700\u8981 2 \u5206\u949f\uff09\u3002
kubectl get pod -n nfs-system -owide\n
\u9884\u671f\u8f93\u51fa\u4e3a\uff1a
[root@g-master1 ~]# kubectl get pod -owide\nNAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES\nnfs-provisioner-7dfb9bcc45-74ws2 1/1 Running 0 4m45s 10.6.175.100 g-master1 <none> <none>\n
\u4e3a MySQL \u5e94\u7528\u51c6\u5907\u57fa\u4e8e NFS \u5b58\u50a8\u7684 PVC\uff0c\u7528\u6765\u5b58\u50a8 MySQL \u670d\u52a1\u5185\u7684\u6570\u636e\u3002
\u4f7f\u7528 vi pvc.yaml \u547d\u4ee4\u5728\u8282\u70b9\u4e0a\u521b\u5efa\u540d\u4e3a pvc.yaml \u7684\u6587\u4ef6\uff0c\u5c06\u4e0b\u9762\u7684 YAML \u5185\u5bb9\u590d\u5236\u5230 pvc.yaml \u6587\u4ef6\u5185\u3002
pvc.yaml
apiVersion: v1\nkind: PersistentVolumeClaim\nmetadata:\n name: mydata\n namespace: default\nspec:\n accessModes:\n - ReadWriteOnce\n resources:\n requests:\n storage: \"1Gi\"\n storageClassName: nfs\n volumeMode: Filesystem\n
\u5728\u8282\u70b9\u4e0a\u4f7f\u7528 kubectl \u5de5\u5177\u6267\u884c pvc.yaml \u6587\u4ef6\u3002
kubectl apply -f pvc.yaml\n
\u9884\u671f\u8f93\u51fa\u4e3a\uff1a
[root@g-master1 ~]# kubectl apply -f pvc.yaml\npersistentvolumeclaim/mydata created\n
\u90e8\u7f72 MySQL \u5e94\u7528\u3002
\u4f7f\u7528 vi mysql.yaml \u547d\u4ee4\u5728\u8282\u70b9\u4e0a\u521b\u5efa\u540d\u4e3a mysql.yaml \u7684\u6587\u4ef6\uff0c\u5c06\u4e0b\u9762\u7684 YAML \u5185\u5bb9\u590d\u5236\u5230 mysql.yaml \u6587\u4ef6\u3002
\u70b9\u51fb\u67e5\u770b\u5b8c\u6574\u7684 mysql.yaml nfs.yaml
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n labels:\n app: mysql-deploy\n name: mysql-deploy\n namespace: default\nspec:\n progressDeadlineSeconds: 600\n replicas: 1\n revisionHistoryLimit: 10\n selector:\n matchLabels:\n app: mysql-deploy\n strategy:\n rollingUpdate:\n maxSurge: 25%\n maxUnavailable: 25%\n type: RollingUpdate\n template:\n metadata:\n creationTimestamp: null\n labels:\n app: mysql-deploy\n name: mysql-deploy\n spec:\n containers:\n - args:\n - --ignore-db-dir=lost+found\n env:\n - name: MYSQL_ROOT_PASSWORD\n value: dangerous\n image: release.daocloud.io/velero/mysql:5\n imagePullPolicy: IfNotPresent\n name: mysql-deploy\n ports:\n - containerPort: 3306\n protocol: TCP\n resources:\n limits:\n cpu: \"1\"\n memory: \"4294967296\"\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n volumeMounts:\n - mountPath: /var/lib/mysql\n name: data\n dnsPolicy: ClusterFirst\n restartPolicy: Always\n schedulerName: default-scheduler\n securityContext:\n fsGroup: 999\n terminationGracePeriodSeconds: 30\n volumes:\n - name: data\n persistentVolumeClaim:\n claimName: mydata\n
\u5728\u8282\u70b9\u4e0a\u4f7f\u7528 kubectl \u5de5\u5177\u6267\u884c mysql.yaml \u6587\u4ef6\u3002
kubectl apply -f mysql.yaml\n
\u9884\u671f\u8f93\u51fa\u4e3a\uff1a
[root@g-master1 ~]# kubectl apply -f mysql.yaml\ndeployment.apps/mysql-deploy created\n
\u67e5\u770b MySQL Pod \u72b6\u6001\u3002
\u6267\u884c kubectl get pod | grep mysql \u67e5\u770b MySQL Pod \u72b6\u6001\uff0c\u7b49\u5f85\u5176\u72b6\u6001\u53d8\u4e3a running \uff08\u5927\u7ea6\u9700\u8981 2 \u5206\u949f\uff09\u3002
\u9884\u671f\u8f93\u51fa\u4e3a\uff1a
[root@g-master1 ~]# kubectl get pod |grep mysql\nmysql-deploy-5d6f94cb5c-gkrks 1/1 Running 0 2m53s\n
Note
\u5411 MySQL \u5e94\u7528\u5199\u5165\u6570\u636e\u3002
\u4e3a\u4e86\u4fbf\u4e8e\u540e\u671f\u9a8c\u8bc1\u8fc1\u79fb\u6570\u636e\u662f\u5426\u6210\u529f\uff0c\u53ef\u4ee5\u4f7f\u7528\u811a\u672c\u5411 MySQL \u5e94\u7528\u4e2d\u5199\u5165\u6d4b\u8bd5\u6570\u636e\u3002
\u4f7f\u7528 vi insert.sh \u547d\u4ee4\u5728\u8282\u70b9\u4e0a\u521b\u5efa\u540d\u4e3a insert.sh \u7684\u811a\u672c\uff0c\u5c06\u4e0b\u9762\u7684 YAML \u5185\u5bb9\u590d\u5236\u5230\u8be5\u811a\u672c\u3002
insert.sh#!/bin/bash\n\nfunction rand(){\n min=$1\n max=$(($2-$min+1))\n num=$(date +%s%N)\n echo $(($num%$max+$min))\n}\n\nfunction insert(){\n user=$(date +%s%N | md5sum | cut -c 1-9)\n age=$(rand 1 100)\n\n sql=\"INSERT INTO test.users(user_name, age)VALUES('${user}', ${age});\"\n echo -e ${sql}\n\n kubectl exec deploy/mysql-deploy -- mysql -uroot -pdangerous -e \"${sql}\"\n\n}\n\nkubectl exec deploy/mysql-deploy -- mysql -uroot -pdangerous -e \"CREATE DATABASE IF NOT EXISTS test;\"\nkubectl exec deploy/mysql-deploy -- mysql -uroot -pdangerous -e \"CREATE TABLE IF NOT EXISTS test.users(user_name VARCHAR(10) NOT NULL,age INT UNSIGNED)ENGINE=InnoDB DEFAULT CHARSET=utf8;\"\n\nwhile true;do\n insert\n sleep 1\ndone\n
\u4e3a insert.sh \u811a\u672c\u6dfb\u52a0\u6743\u9650\u5e76\u8fd0\u884c\u8be5\u811a\u672c\u3002
[root@g-master1 ~]# chmod +x insert.sh\n[root@g-master1 ~]# ./insert.sh\n
\u9884\u671f\u8f93\u51fa\u4e3a\uff1a
mysql: [Warning] Using a password on the command line interface can be insecure.\nmysql: [Warning] Using a password on the command line interface can be insecure.\nINSERT INTO test.users(user_name, age)VALUES('dc09195ba', 10);\nmysql: [Warning] Using a password on the command line interface can be insecure.\nINSERT INTO test.users(user_name, age)VALUES('80ab6aa28', 70);\nmysql: [Warning] Using a password on the command line interface can be insecure.\nINSERT INTO test.users(user_name, age)VALUES('f488e3d46', 23);\nmysql: [Warning] Using a password on the command line interface can be insecure.\nINSERT INTO test.users(user_name, age)VALUES('e6098695c', 93);\nmysql: [Warning] Using a password on the command line interface can be insecure.\nINSERT INTO test.users(user_name, age)VALUES('eda563e7d', 63);\nmysql: [Warning] Using a password on the command line interface can be insecure.\nINSERT INTO test.users(user_name, age)VALUES('a4d1b8d68', 17);\nmysql: [Warning] Using a password on the command line interface can be insecure.\n
\u5728\u952e\u76d8\u4e0a\u540c\u65f6\u6309\u4e0b control \u548c c \u6682\u505c\u811a\u672c\u7684\u6267\u884c\u3002
\u524d\u5f80 MySQL Pod \u67e5\u770b MySQL \u4e2d\u5199\u5165\u7684\u6570\u636e\u3002
kubectl exec deploy/mysql-deploy -- mysql -uroot -pdangerous -e \"SELECT * FROM test.users;\"\n
\u9884\u671f\u8f93\u51fa\u4e3a\uff1a
mysql: [Warning] Using a password on the command line interface can be insecure.\nuser_name age\ndc09195ba 10\n80ab6aa28 70\nf488e3d46 23\ne6098695c 93\neda563e7d 63\na4d1b8d68 17\nea47546d9 86\na34311f2e 47\n740cefe17 33\nede85ea28 65\nb6d0d6a0e 46\nf0eb38e50 44\nc9d2f28f5 72\n8ddaafc6f 31\n3ae078d0e 23\n6e041631e 96\n
Note
\u9700\u8981\u5728 \u6e90\u96c6\u7fa4\u548c\u76ee\u6807\u96c6\u7fa4 \u4e0a\u5747\u5b89\u88c5 velero \u63d2\u4ef6\u3002
\u53c2\u8003\u5b89\u88c5 velero \u63d2\u4ef6\u6587\u6863\u548c\u4e0b\u65b9\u7684 MinIO \u914d\u7f6e\uff0c\u5728 main-cluster \u96c6\u7fa4\u548c recovery-cluster \u96c6\u7fa4\u4e0a\u5b89\u88c5 velero \u63d2\u4ef6\u3002
minio \u670d\u52a1\u5668\u8bbf\u95ee\u5730\u5740 \u5b58\u50a8\u6876 \u7528\u6237\u540d \u5bc6\u7801http://10.7.209.110:9000
mysql-demo root dangerous Note
\u5b89\u88c5\u63d2\u4ef6\u65f6\u9700\u8981\u5c06 S3url \u66ff\u6362\u4e3a\u6b64\u6b21\u6f14\u793a\u51c6\u5907\u7684 MinIO \u670d\u52a1\u5668\u8bbf\u95ee\u5730\u5740\uff0c\u5b58\u50a8\u6876\u66ff\u6362\u4e3a MinIO \u4e2d\u771f\u5b9e\u5b58\u5728\u7684\u5b58\u50a8\u6876\u3002
"},{"location":"admin/kpanda/best-practice/backup-mysql-on-nfs.html#mysql_2","title":"\u5907\u4efd MySQL \u5e94\u7528\u53ca\u6570\u636e","text":"\u5728\u5907\u4efd\u524d\u6211\u4eec\u9700\u8981\u5148\u4fdd\u8bc1\u6570\u636e\u5e93\u4e0d\u80fd\u6709\u65b0\u6570\u636e\u8fdb\u6765\uff0c\u6240\u4ee5\u8981\u8bbe\u7f6e\u4e3a\u53ea\u8bfb\u6a21\u5f0f\uff1a
mysql> set global read_only=1; #1\u662f\u53ea\u8bfb\uff0c0\u662f\u8bfb\u5199\nmysql> show global variables like \"%read_only%\"; #\u67e5\u8be2\u72b6\u6001\n
\u4e3a MySQL \u5e94\u7528\u53ca PVC \u6570\u636e\u6dfb\u52a0\u72ec\u6709\u7684\u6807\u7b7e\uff1a backup=mysql \uff0c\u4fbf\u4e8e\u5907\u4efd\u65f6\u9009\u62e9\u8d44\u6e90\u3002
kubectl label deploy mysql-deploy backup=mysql # \u4e3a __mysql-deploy__ \u8d1f\u8f7d\u6dfb\u52a0\u6807\u7b7e\nkubectl label pod mysql-deploy-5d6f94cb5c-gkrks backup=mysql # \u4e3a mysql pod \u6dfb\u52a0\u6807\u7b7e\nkubectl label pvc mydata backup=mysql # \u4e3a mysql \u7684 pvc \u6dfb\u52a0\u6807\u7b7e\n
\u53c2\u8003\u5e94\u7528\u5907\u4efd\u4e2d\u4ecb\u7ecd\u7684\u6b65\u9aa4\uff0c\u4ee5\u53ca\u4e0b\u65b9\u7684\u53c2\u6570\u521b\u5efa\u5e94\u7528\u5907\u4efd\u3002
\u521b\u5efa\u597d\u5907\u4efd\u8ba1\u5212\u4e4b\u540e\u9875\u9762\u4f1a\u81ea\u52a8\u8fd4\u56de\u5907\u4efd\u8ba1\u5212\u5217\u8868\uff0c\u627e\u5230\u65b0\u5efa\u7684\u5907\u4efd\u8ba1\u5212 backup-mysq \uff0c\u70b9\u51fb\u66f4\u591a\u64cd\u4f5c\u6309\u94ae ... \uff0c\u9009\u62e9 \u7acb\u5373\u6267\u884c \u6267\u884c\u65b0\u5efa\u7684\u5907\u4efd\u8ba1\u5212\u3002
\u7b49\u5f85\u5907\u4efd\u8ba1\u5212\u6267\u884c\u5b8c\u6210\u540e\uff0c\u5373\u53ef\u6267\u884c\u540e\u7eed\u64cd\u4f5c\u3002
\u767b\u5f55 AI \u7b97\u529b\u4e2d\u5fc3\u5e73\u53f0\uff0c\u5728\u5de6\u4fa7\u5bfc\u822a\u9009\u62e9 \u5bb9\u5668\u7ba1\u7406 -> \u5907\u4efd\u6062\u590d -> \u5e94\u7528\u5907\u4efd \u3002
\u5728\u5de6\u4fa7\u529f\u80fd\u680f\u9009\u62e9 \u6062\u590d \uff0c\u7136\u540e\u5728\u53f3\u4fa7\u70b9\u51fb \u6062\u590d\u5907\u4efd \u3002
\u67e5\u770b\u4ee5\u4e0b\u8bf4\u660e\u586b\u5199\u53c2\u6570\uff1a
\u5237\u65b0\u5907\u4efd\u8ba1\u5212\u5217\u8868\uff0c\u7b49\u5f85\u5907\u4efd\u8ba1\u5212\u6267\u884c\u5b8c\u6210\u3002
\u767b\u5f55 recovery-cluster \u96c6\u7fa4\u7684\u63a7\u5236\u8282\u70b9\uff0c\u67e5\u770b mysql-deploy \u8d1f\u8f7d\u662f\u5426\u5df2\u7ecf\u6210\u529f\u5907\u4efd\u5230\u5f53\u524d\u96c6\u7fa4\u3002
kubectl get pod\n
\u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a
NAME READY STATUS RESTARTS AGE\nmysql-deploy-5798f5d4b8-62k6c 1/1 Running 0 24h\n
\u68c0\u67e5 MySQL \u6570\u636e\u8868\u4e2d\u7684\u6570\u636e\u662f\u5426\u6062\u590d\u6210\u529f\u3002
kubectl exec deploy/mysql-deploy -- mysql -uroot -pdangerous -e \"SELECT * FROM test.users;\"\n
\u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a
mysql: [Warning] Using a password on the command line interface can be insecure.\nuser_name age\ndc09195ba 10\n80ab6aa28 70\nf488e3d46 23\ne6098695c 93\neda563e7d 63\na4d1b8d68 17\nea47546d9 86\na34311f2e 47\n740cefe17 33\nede85ea28 65\nb6d0d6a0e 46\nf0eb38e50 44\nc9d2f28f5 72\n8ddaafc6f 31\n3ae078d0e 23\n6e041631e 96\n
Success
\u53ef\u4ee5\u770b\u5230\uff0cPod \u4e2d\u7684\u6570\u636e\u548c main-cluster \u96c6\u7fa4\u4e2d Pod \u91cc\u9762\u7684\u6570\u636e\u4e00\u81f4\u3002\u8fd9\u8bf4\u660e\u5df2\u7ecf\u6210\u529f\u5730\u5c06 main-cluster \u4e2d\u7684 MySQL \u5e94\u7528\u53ca\u5176\u6570\u636e\u8de8\u96c6\u7fa4\u6062\u590d\u5230\u4e86 recovery-cluster \u96c6\u7fa4\u3002
\u672c\u6587\u4ecb\u7ecd\u5982\u4f55\u5728\u5df2\u6709\u7684 CentOS \u7ba1\u7406\u5e73\u53f0\u4e0a\u521b\u5efa RedHat 9.2 \u5de5\u4f5c\u96c6\u7fa4\u3002
Note
\u672c\u6587\u4ec5\u9488\u5bf9\u79bb\u7ebf\u6a21\u5f0f\u4e0b\uff0c\u4f7f\u7528 AI \u7b97\u529b\u4e2d\u5fc3\u5e73\u53f0\u521b\u5efa\u5de5\u4f5c\u96c6\u7fa4\uff0c\u7ba1\u7406\u5e73\u53f0\u548c\u5f85\u5efa\u5de5\u4f5c\u96c6\u7fa4\u7684\u67b6\u6784\u5747\u4e3a AMD\u3002 \u521b\u5efa\u96c6\u7fa4\u65f6\u4e0d\u652f\u6301\u5f02\u6784\uff08AMD \u548c ARM \u6df7\u5408\uff09\u90e8\u7f72\uff0c\u60a8\u53ef\u4ee5\u5728\u96c6\u7fa4\u521b\u5efa\u5b8c\u6210\u540e\uff0c\u901a\u8fc7\u63a5\u5165\u5f02\u6784\u8282\u70b9\u7684\u65b9\u5f0f\u8fdb\u884c\u96c6\u7fa4\u6df7\u5408\u90e8\u7f72\u7ba1\u7406\u3002
"},{"location":"admin/kpanda/best-practice/create-redhat9.2-on-centos-platform.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u5df2\u7ecf\u90e8\u7f72\u597d\u4e00\u4e2a AI \u7b97\u529b\u4e2d\u5fc3\u5168\u6a21\u5f0f\uff0c\u5e76\u4e14\u706b\u79cd\u8282\u70b9\u8fd8\u5b58\u6d3b\u3002
"},{"location":"admin/kpanda/best-practice/create-redhat9.2-on-centos-platform.html#redhat","title":"\u4e0b\u8f7d\u5e76\u5bfc\u5165 RedHat \u76f8\u5173\u79bb\u7ebf\u5305","text":"\u8bf7\u786e\u4fdd\u5df2\u7ecf\u767b\u5f55\u5230\u706b\u79cd\u8282\u70b9\uff01\u5e76\u4e14\u4e4b\u524d\u90e8\u7f72 AI \u7b97\u529b\u4e2d\u5fc3\u65f6\u4f7f\u7528\u7684 clusterConfig.yaml
\u6587\u4ef6\u8fd8\u5728\u3002
\u4e0b\u8f7d\u6240\u9700\u7684 RedHat OS package \u5305\u548c ISO \u79bb\u7ebf\u5305\uff1a
\u8d44\u6e90\u540d \u8bf4\u660e \u4e0b\u8f7d\u5730\u5740 os-pkgs-redhat9-v0.9.3.tar.gz RedHat9.2 OS-package \u5305 https://github.com/kubean-io/kubean/releases/download/v0.9.3/os-pkgs-redhat9-v0.9.3.tar.gz ISO \u79bb\u7ebf\u5305 ISO \u5305\u5bfc\u5165\u706b\u79cd\u8282\u70b9\u811a\u672c \u524d\u5f80 RedHat \u5b98\u65b9\u5730\u5740\u767b\u5f55\u4e0b\u8f7d import-iso ISO \u5bfc\u5165\u706b\u79cd\u8282\u70b9\u811a\u672c https://github.com/kubean-io/kubean/releases/download/v0.9.3/import_iso.sh"},{"location":"admin/kpanda/best-practice/create-redhat9.2-on-centos-platform.html#os-pckage-minio","title":"\u5bfc\u5165 os pckage \u79bb\u7ebf\u5305\u81f3\u706b\u79cd\u8282\u70b9\u7684 minio","text":"\u89e3\u538b RedHat os pckage \u79bb\u7ebf\u5305
\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u89e3\u538b\u4e0b\u8f7d\u7684 os pckage \u79bb\u7ebf\u5305\u3002\u6b64\u5904\u6211\u4eec\u4e0b\u8f7d\u7684 RedHat os pckage \u79bb\u7ebf\u5305\u3002
tar -xvf os-pkgs-redhat9-v0.9.3.tar.gz \n
os package \u89e3\u538b\u540e\u7684\u6587\u4ef6\u5185\u5bb9\u5982\u4e0b\uff1a
os-pkgs\n \u251c\u2500\u2500 import_ospkgs.sh # \u8be5\u811a\u672c\u7528\u4e8e\u5bfc\u5165 os packages \u5230 MinIO \u6587\u4ef6\u670d\u52a1\n \u251c\u2500\u2500 os-pkgs-amd64.tar.gz # amd64 \u67b6\u6784\u7684 os packages \u5305\n \u251c\u2500\u2500 os-pkgs-arm64.tar.gz # arm64 \u67b6\u6784\u7684 os packages \u5305\n \u2514\u2500\u2500 os-pkgs.sha256sum.txt # os packages \u5305\u7684 sha256sum \u6548\u9a8c\u6587\u4ef6\n
\u5bfc\u5165 OS Package \u81f3\u706b\u79cd\u8282\u70b9\u7684 MinIO
\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5c06 os packages \u5305\u5230 MinIO \u6587\u4ef6\u670d\u52a1\u4e2d\uff1a
MINIO_USER=rootuser MINIO_PASS=rootpass123 ./import_ospkgs.sh http://127.0.0.1:9000 os-pkgs-redhat9-v0.9.3.tar.gz\n
Note
\u4e0a\u8ff0\u547d\u4ee4\u4ec5\u4ec5\u9002\u7528\u4e8e\u706b\u79cd\u8282\u70b9\u5185\u7f6e\u7684 MinIO \u670d\u52a1\uff0c\u5982\u679c\u4f7f\u7528\u5916\u90e8 MinIO \u8bf7\u5c06 http://127.0.0.1:9000
\u66ff\u6362\u4e3a\u5916\u90e8 MinIO \u7684\u8bbf\u95ee\u5730\u5740\u3002 \u201crootuser\u201d \u548c \u201crootpass123\u201d \u662f\u706b\u79cd\u8282\u70b9\u5185\u7f6e\u7684 MinIO \u670d\u52a1\u7684\u9ed8\u8ba4\u8d26\u6237\u548c\u5bc6\u7801\u3002\u201cos-pkgs-redhat9-v0.9.3.tar.gz\u201c \u4e3a\u6240\u4e0b\u8f7d\u7684 os package \u79bb\u7ebf\u5305\u7684\u540d\u79f0\u3002
\u6267\u884c\u5982\u4e0b\u547d\u4ee4, \u5c06 ISO \u5305\u5230 MinIO \u6587\u4ef6\u670d\u52a1\u4e2d:
MINIO_USER=rootuser MINIO_PASS=rootpass123 ./import_iso.sh http://127.0.0.1:9000 rhel-9.2-x86_64-dvd.iso\n
Note
\u4e0a\u8ff0\u547d\u4ee4\u4ec5\u4ec5\u9002\u7528\u4e8e\u706b\u79cd\u8282\u70b9\u5185\u7f6e\u7684 MinIO \u670d\u52a1\uff0c\u5982\u679c\u4f7f\u7528\u5916\u90e8 MinIO \u8bf7\u5c06 http://127.0.0.1:9000
\u66ff\u6362\u4e3a\u5916\u90e8 MinIO \u7684\u8bbf\u95ee\u5730\u5740\u3002 \u201crootuser\u201d \u548c \u201crootpass123\u201d \u662f\u706b\u79cd\u8282\u70b9\u5185\u7f6e\u7684 MinIO \u670d\u52a1\u7684\u9ed8\u8ba4\u8d26\u6237\u548c\u5bc6\u7801\u3002 \u201crhel-9.2-x86_64-dvd.iso\u201c \u4e3a\u6240\u4e0b\u8f7d\u7684 ISO \u79bb\u7ebf\u5305\u3002
\u53c2\u8003\u6587\u6863\u521b\u5efa\u5de5\u4f5c\u96c6\u7fa4\uff0c\u521b\u5efa RedHat 9.2 \u96c6\u7fa4\u3002
"},{"location":"admin/kpanda/best-practice/create-ubuntu-on-centos-platform.html","title":"\u5728 CentOS \u7ba1\u7406\u5e73\u53f0\u4e0a\u521b\u5efa Ubuntu \u5de5\u4f5c\u96c6\u7fa4","text":"\u672c\u6587\u4ecb\u7ecd\u5982\u4f55\u5728\u5df2\u6709\u7684 CentOS \u7ba1\u7406\u5e73\u53f0\u4e0a\u521b\u5efa Ubuntu \u5de5\u4f5c\u96c6\u7fa4\u3002
Note
\u672c\u6587\u4ec5\u9488\u5bf9\u79bb\u7ebf\u6a21\u5f0f\u4e0b\uff0c\u4f7f\u7528 AI \u7b97\u529b\u4e2d\u5fc3\u5e73\u53f0\u521b\u5efa\u5de5\u4f5c\u96c6\u7fa4\uff0c\u7ba1\u7406\u5e73\u53f0\u548c\u5f85\u5efa\u5de5\u4f5c\u96c6\u7fa4\u7684\u67b6\u6784\u5747\u4e3a AMD\u3002 \u521b\u5efa\u96c6\u7fa4\u65f6\u4e0d\u652f\u6301\u5f02\u6784\uff08AMD \u548c ARM \u6df7\u5408\uff09\u90e8\u7f72\uff0c\u60a8\u53ef\u4ee5\u5728\u96c6\u7fa4\u521b\u5efa\u5b8c\u6210\u540e\uff0c\u901a\u8fc7\u63a5\u5165\u5f02\u6784\u8282\u70b9\u7684\u65b9\u5f0f\u8fdb\u884c\u96c6\u7fa4\u6df7\u5408\u90e8\u7f72\u7ba1\u7406\u3002
"},{"location":"admin/kpanda/best-practice/create-ubuntu-on-centos-platform.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u8bf7\u786e\u4fdd\u5df2\u7ecf\u767b\u5f55\u5230\u706b\u79cd\u8282\u70b9\uff01\u5e76\u4e14\u4e4b\u524d\u90e8\u7f72 AI \u7b97\u529b\u4e2d\u5fc3\u65f6\u4f7f\u7528\u7684 clusterConfig.yaml \u6587\u4ef6\u8fd8\u5728\u3002
"},{"location":"admin/kpanda/best-practice/create-ubuntu-on-centos-platform.html#ubuntu_1","title":"\u4e0b\u8f7d Ubuntu \u76f8\u5173\u79bb\u7ebf\u5305","text":"\u4e0b\u8f7d\u6240\u9700\u7684 Ubuntu OS package \u5305\u548c ISO \u79bb\u7ebf\u5305\uff1a
\u8d44\u6e90\u540d \u8bf4\u660e \u4e0b\u8f7d\u5730\u5740 os-pkgs-ubuntu2204-v0.18.2.tar.gz Ubuntu1804 OS-package \u5305 https://github.com/kubean-io/kubean/releases/download/v0.18.2/os-pkgs-ubuntu2204-v0.18.2.tar.gz ISO \u79bb\u7ebf\u5305 ISO \u5305 http://mirrors.melbourne.co.uk/ubuntu-releases/"},{"location":"admin/kpanda/best-practice/create-ubuntu-on-centos-platform.html#ui","title":"\u524d\u5f80 UI \u754c\u9762\u521b\u5efa\u96c6\u7fa4","text":"\u53c2\u8003\u6587\u6863\u521b\u5efa\u5de5\u4f5c\u96c6\u7fa4\uff0c\u521b\u5efa Ubuntu \u96c6\u7fa4\u3002
"},{"location":"admin/kpanda/best-practice/etcd-backup.html","title":"ETCD \u5907\u4efd\u8fd8\u539f","text":"\u4f7f\u7528 ETCD \u5907\u4efd\u529f\u80fd\u521b\u5efa\u5907\u4efd\u7b56\u7565\uff0c\u53ef\u4ee5\u5c06\u6307\u5b9a\u96c6\u7fa4\u7684 etcd \u6570\u636e\u5b9a\u65f6\u5907\u4efd\u5230 S3 \u5b58\u50a8\u4e2d\u3002\u672c\u6587\u4e3b\u8981\u4ecb\u7ecd\u5982\u4f55\u5c06\u5df2\u7ecf\u5907\u4efd\u7684\u6570\u636e\u8fd8\u539f\u5230\u5f53\u524d\u96c6\u7fa4\u4e2d\u3002
Note
\u4e0b\u9762\u901a\u8fc7\u5177\u4f53\u7684\u6848\u4f8b\u6765\u8bf4\u660e\u5907\u4efd\u8fd8\u539f\u7684\u6574\u4e2a\u8fc7\u7a0b\u3002
"},{"location":"admin/kpanda/best-practice/etcd-backup.html#_1","title":"\u73af\u5883\u4fe1\u606f","text":"\u9996\u5148\u4ecb\u7ecd\u8fd8\u539f\u7684\u76ee\u6807\u96c6\u7fa4\u548c S3 \u5b58\u50a8\u7684\u57fa\u672c\u4fe1\u606f\u3002\u8fd9\u91cc\u4ee5 MinIo \u4f5c\u4e3a S3 \u5b58\u50a8\uff0c\u6574\u4e2a\u96c6\u7fa4\u6709 3 \u4e2a\u63a7\u5236\u9762\uff083 \u4e2a etcd \u526f\u672c\uff09\u3002
IP \u4e3b\u673a \u89d2\u8272 \u5907\u6ce8 10.6.212.10 host01 k8s-master01 k8s \u8282\u70b9 1 10.6.212.11 host02 k8s-master02 k8s \u8282\u70b9 2 10.6.212.12 host03 k8s-master03 k8s \u8282\u70b9 3 10.6.212.13 host04 minio minio \u670d\u52a1"},{"location":"admin/kpanda/best-practice/etcd-backup.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":""},{"location":"admin/kpanda/best-practice/etcd-backup.html#etcdbrctl","title":"\u5b89\u88c5 etcdbrctl \u5de5\u5177","text":"\u4e3a\u4e86\u5b9e\u73b0 ETCD \u6570\u636e\u5907\u4efd\u8fd8\u539f\uff0c\u9700\u8981\u5728\u4e0a\u8ff0\u4efb\u610f\u4e00\u4e2a Kubernetes \u8282\u70b9\u4e0a\u5b89\u88c5 etcdbrctl \u5f00\u6e90\u5de5\u5177\u3002 \u6b64\u5de5\u5177\u6682\u65f6\u6ca1\u6709\u4e8c\u8fdb\u5236\u6587\u4ef6\uff0c\u9700\u8981\u81ea\u884c\u7f16\u8bd1\u3002\u7f16\u8bd1\u65b9\u5f0f\u8bf7\u53c2\u8003 Gardener / etcd-backup-restore \u672c\u5730\u5f00\u53d1\u6587\u6863\u3002
\u5b89\u88c5\u5b8c\u6210\u540e\u7528\u5982\u4e0b\u547d\u4ee4\u68c0\u67e5\u5de5\u5177\u662f\u5426\u53ef\u7528\uff1a
etcdbrctl -v\n
\u9884\u671f\u8f93\u51fa\u5982\u4e0b:
INFO[0000] etcd-backup-restore Version: v0.23.0-dev\nINFO[0000] Git SHA: b980beec\nINFO[0000] Go Version: go1.19.3\nINFO[0000] Go OS/Arch: linux/amd64\n
"},{"location":"admin/kpanda/best-practice/etcd-backup.html#_3","title":"\u68c0\u67e5\u5907\u4efd\u6570\u636e","text":"\u8fd8\u539f\u4e4b\u524d\u9700\u8981\u68c0\u67e5\u4e0b\u5217\u4e8b\u9879\uff1a
Note
AI \u7b97\u529b\u4e2d\u5fc3\u7684\u5907\u4efd\u662f\u5168\u91cf\u6570\u636e\u5907\u4efd\uff0c\u8fd8\u539f\u65f6\u5c06\u8fd8\u539f\u6700\u540e\u4e00\u6b21\u5907\u4efd\u7684\u5168\u91cf\u6570\u636e\u3002
"},{"location":"admin/kpanda/best-practice/etcd-backup.html#_4","title":"\u5173\u95ed\u96c6\u7fa4","text":"\u5728\u5907\u4efd\u4e4b\u524d\uff0c\u5fc5\u987b\u8981\u5148\u5173\u95ed\u96c6\u7fa4\u3002\u9ed8\u8ba4\u96c6\u7fa4 etcd \u548c kube-apiserver \u90fd\u662f\u4ee5\u9759\u6001 Pod \u7684\u5f62\u5f0f\u542f\u52a8\u7684\u3002 \u8fd9\u91cc\u7684\u5173\u95ed\u96c6\u7fa4\u662f\u6307\u5c06\u9759\u6001 Pod manifest \u6587\u4ef6\u79fb\u52a8\u5230 /etc/kubernetes/manifest \u76ee\u5f55\u5916\uff0c\u96c6\u7fa4\u5c31\u4f1a\u79fb\u9664\u5bf9\u5e94 Pod\uff0c\u8fbe\u5230\u5173\u95ed\u670d\u52a1\u7684\u4f5c\u7528\u3002
\u9996\u5148\u5220\u9664\u4e4b\u524d\u7684\u5907\u4efd\u6570\u636e\uff0c\u79fb\u9664\u6570\u636e\u5e76\u975e\u5c06\u73b0\u6709 etcd \u6570\u636e\u5220\u9664\uff0c\u800c\u662f\u6307\u4fee\u6539 etcd \u6570\u636e\u76ee\u5f55\u7684\u540d\u79f0\u3002 \u7b49\u5907\u4efd\u8fd8\u539f\u6210\u529f\u4e4b\u540e\u518d\u5220\u9664\u6b64\u76ee\u5f55\u3002\u8fd9\u6837\u505a\u7684\u76ee\u7684\u662f\uff0c\u5982\u679c etcd \u5907\u4efd\u8fd8\u539f\u5931\u8d25\uff0c\u8fd8\u53ef\u4ee5\u5c1d\u8bd5\u8fd8\u539f\u5f53\u524d\u96c6\u7fa4\u3002\u6b64\u6b65\u9aa4\u6bcf\u4e2a\u8282\u70b9\u5747\u9700\u6267\u884c\u3002
rm -rf /var/lib/etcd_bak\n
\u7136\u540e\u9700\u8981\u5173\u95ed kube-apiserver \u7684\u670d\u52a1\uff0c\u786e\u4fdd etcd \u7684\u6570\u636e\u6ca1\u6709\u65b0\u53d8\u5316\u3002\u6b64\u6b65\u9aa4\u6bcf\u4e2a\u8282\u70b9\u5747\u9700\u6267\u884c\u3002
mv /etc/kubernetes/manifests/kube-apiserver.yaml /tmp/kube-apiserver.yaml\n
\u540c\u65f6\u8fd8\u9700\u8981\u5173\u95ed etcd \u7684\u670d\u52a1\u3002\u6b64\u6b65\u9aa4\u6bcf\u4e2a\u8282\u70b9\u5747\u9700\u6267\u884c\u3002
mv /etc/kubernetes/manifests/etcd.yaml /tmp/etcd.yaml\n
\u786e\u4fdd\u6240\u6709\u63a7\u5236\u5e73\u9762\u7684 kube-apiserver \u548c etcd \u670d\u52a1\u90fd\u5df2\u7ecf\u5173\u95ed\u3002
\u5173\u95ed\u6240\u6709\u7684\u8282\u70b9\u540e\uff0c\u4f7f\u7528\u5982\u4e0b\u547d\u4ee4\u68c0\u67e5 etcd \u96c6\u7fa4\u72b6\u6001\u3002\u6b64\u547d\u4ee4\u5728\u4efb\u610f\u4e00\u4e2a\u8282\u70b9\u6267\u884c\u5373\u53ef\u3002
endpoints \u7684\u503c\u9700\u8981\u66ff\u6362\u4e3a\u5b9e\u9645\u8282\u70b9\u540d\u79f0
etcdctl endpoint status --endpoints=controller-node-1:2379,controller-node-2:2379,controller-node-3:2379 -w table \\\n --cacert=\"/etc/kubernetes/ssl/etcd/ca.crt\" \\\n --cert=\"/etc/kubernetes/ssl/apiserver-etcd-client.crt\" \\\n --key=\"/etc/kubernetes/ssl/apiserver-etcd-client.key\"\n
\u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff0c\u8868\u793a\u6240\u6709\u7684 etcd \u8282\u70b9\u90fd\u88ab\u9500\u6bc1\uff1a
{\"level\":\"warn\",\"ts\":\"2023-03-29T17:51:50.817+0800\",\"logger\":\"etcd-client\",\"caller\":\"v3@v3.5.6/retry_interceptor.go:62\",\"msg\":\"retrying of unary invoker failed\",\"target\":\"etcd-endpoints://0xc0001ba000/controller-node-1:2379\",\"attempt\":0,\"error\":\"rpc error: code = DeadlineExceeded desc = latest balancer error: last connection error: connection error: desc = \\\"transport: Error while dialing dial tcp 10.5.14.31:2379: connect: connection refused\\\"\"}\nFailed to get the status of endpoint controller-node-1:2379 (context deadline exceeded)\n{\"level\":\"warn\",\"ts\":\"2023-03-29T17:51:55.818+0800\",\"logger\":\"etcd-client\",\"caller\":\"v3@v3.5.6/retry_interceptor.go:62\",\"msg\":\"retrying of unary invoker failed\",\"target\":\"etcd-endpoints://0xc0001ba000/controller-node-2:2379\",\"attempt\":0,\"error\":\"rpc error: code = DeadlineExceeded desc = latest balancer error: last connection error: connection error: desc = \\\"transport: Error while dialing dial tcp 10.5.14.32:2379: connect: connection refused\\\"\"}\nFailed to get the status of endpoint controller-node-2:2379 (context deadline exceeded)\n{\"level\":\"warn\",\"ts\":\"2023-03-29T17:52:00.820+0800\",\"logger\":\"etcd-client\",\"caller\":\"v3@v3.5.6/retry_interceptor.go:62\",\"msg\":\"retrying of unary invoker failed\",\"target\":\"etcd-endpoints://0xc0001ba000/controller-node-1:2379\",\"attempt\":0,\"error\":\"rpc error: code = DeadlineExceeded desc = latest balancer error: last connection error: connection error: desc = \\\"transport: Error while dialing dial tcp 10.5.14.33:2379: connect: connection refused\\\"\"}\nFailed to get the status of endpoint controller-node-3:2379 (context deadline exceeded)\n+----------+----+---------+---------+-----------+------------+-----------+------------+--------------------+--------+\n| ENDPOINT | ID | VERSION | DB SIZE | IS LEADER | IS LEARNER | RAFT TERM | RAFT INDEX | RAFT APPLIED INDEX | ERRORS |\n+----------+----+---------+---------+-----------+------------+-----------+------------+--------------------+--------+\n+----------+----+---------+---------+-----------+------------+-----------+------------+--------------------+--------+\n
\u53ea\u9700\u8981\u8fd8\u539f\u4e00\u4e2a\u8282\u70b9\u7684\u6570\u636e\uff0c\u5176\u4ed6\u8282\u70b9\u7684 etcd \u6570\u636e\u5c31\u4f1a\u81ea\u52a8\u8fdb\u884c\u540c\u6b65\u3002
\u8bbe\u7f6e\u73af\u5883\u53d8\u91cf
\u4f7f\u7528 etcdbrctl \u8fd8\u539f\u6570\u636e\u4e4b\u524d\uff0c\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u5c06\u8fde\u63a5 S3 \u7684\u8ba4\u8bc1\u4fe1\u606f\u8bbe\u7f6e\u4e3a\u73af\u5883\u53d8\u91cf\uff1a
export ECS_ENDPOINT=http://10.6.212.13:9000 # (1)!\nexport ECS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE # (2)!\nexport ECS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY # (3)!\n
\u6267\u884c\u8fd8\u539f\u64cd\u4f5c
\u6267\u884c etcdbrctl \u547d\u4ee4\u884c\u5de5\u5177\u6267\u884c\u8fd8\u539f\uff0c\u8fd9\u662f\u6700\u5173\u952e\u7684\u4e00\u6b65\u3002
etcdbrctl restore --data-dir /var/lib/etcd/ --store-container=\"etcd-backup\" \\ \n --storage-provider=ECS \\\n --initial-cluster=controller-node1=https://10.6.212.10:2380 \\\n --initial-advertise-peer-urls=https://10.6.212.10:2380 \n
\u53c2\u6570\u8bf4\u660e\u5982\u4e0b\uff1a
\u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a
INFO[0000] Finding latest set of snapshot to recover from...\nINFO[0000] Restoring from base snapshot: Full-00000000-00111147-1679991074 actor=restorer\nINFO[0001] successfully fetched data of base snapshot in 1.241380207 seconds actor=restorer\n{\"level\":\"info\",\"ts\":1680011221.2511616,\"caller\":\"mvcc/kvstore.go:380\",\"msg\":\"restored last compact revision\",\"meta-bucket-name\":\"meta\",\"meta-bucket-name-key\":\"finishedCompactRev\",\"restored-compact-revision\":110327}\n{\"level\":\"info\",\"ts\":1680011221.3045986,\"caller\":\"membership/cluster.go:392\",\"msg\":\"added member\",\"cluster-id\":\"66638454b9dd7b8a\",\"local-member-id\":\"0\",\"added-peer-id\":\"123c2503a378fc46\",\"added-peer-peer-urls\":[\"https://10.6.212.10:2380\"]}\nINFO[0001] Starting embedded etcd server... actor=restorer\n....\n\n{\"level\":\"info\",\"ts\":\"2023-03-28T13:47:02.922Z\",\"caller\":\"embed/etcd.go:565\",\"msg\":\"stopped serving peer traffic\",\"address\":\"127.0.0.1:37161\"}\n{\"level\":\"info\",\"ts\":\"2023-03-28T13:47:02.922Z\",\"caller\":\"embed/etcd.go:367\",\"msg\":\"closed etcd server\",\"name\":\"default\",\"data-dir\":\"/var/lib/etcd\",\"advertise-peer-urls\":[\"http://localhost:0\"],\"advertise-client-urls\":[\"http://localhost:0\"]}\nINFO[0003] Successfully restored the etcd data directory.\n
\u53ef\u4ee5\u67e5\u770b etcd \u7684 YAML \u6587\u4ef6\u8fdb\u884c\u5bf9\u7167\uff0c\u4ee5\u514d\u914d\u7f6e\u9519\u8bef
cat /tmp/etcd.yaml | grep initial-\n- --experimental-initial-corrupt-check=true\n- --initial-advertise-peer-urls=https://10.6.212.10:2380\n- --initial-cluster=controller-node-1=https://10.6.212.10:2380\n
\u4ee5\u4e0b\u547d\u4ee4\u5728\u8282\u70b9 01 \u4e0a\u6267\u884c\uff0c\u4e3a\u4e86\u6062\u590d\u8282\u70b9 01 \u7684 etcd \u670d\u52a1\u3002
\u9996\u5148\u5c06 etcd \u9759\u6001 Pod \u7684 manifest \u6587\u4ef6\u79fb\u52a8\u5230 /etc/kubernetes/manifests \u76ee\u5f55\u4e0b\uff0ckubelet \u5c06\u4f1a\u91cd\u542f etcd\uff1a
mv /tmp/etcd.yaml /etc/kubernetes/manifests/etcd.yaml\n
\u7136\u540e\u7b49\u5f85 etcd \u670d\u52a1\u542f\u52a8\u5b8c\u6210\u4ee5\u540e\uff0c\u68c0\u67e5 etcd \u7684\u72b6\u6001\uff0cetcd \u76f8\u5173\u8bc1\u4e66\u9ed8\u8ba4\u76ee\u5f55\uff1a /etc/kubernetes/ssl \u3002\u5982\u679c\u96c6\u7fa4\u8bc1\u4e66\u5b58\u653e\u5728\u5176\u4ed6\u4f4d\u7f6e\uff0c\u8bf7\u6307\u5b9a\u5bf9\u5e94\u8def\u5f84\u3002
\u68c0\u67e5 etcd \u96c6\u7fa4\u5217\u8868:
etcdctl member list -w table \\\n--cacert=\"/etc/kubernetes/ssl/etcd/ca.crt\" \\\n--cert=\"/etc/kubernetes/ssl/apiserver-etcd-client.crt\" \\\n--key=\"/etc/kubernetes/ssl/apiserver-etcd-client.key\" \n
\u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a
+------------------+---------+-------------------+--------------------------+--------------------------+------------+\n| ID | STATUS | NAME | PEER ADDRS | CLIENT ADDRS | IS LEARNER |\n+------------------+---------+-------------------+--------------------------+--------------------------+------------+\n| 123c2503a378fc46 | started | controller-node-1 | https://10.6.212.10:2380 | https://10.6.212.10:2379 | false |\n+------------------+---------+-------------------+--------------------------+--------------------------+------------+\n
\u67e5\u770b controller-node-1 \u72b6\u6001:
etcdctl endpoint status --endpoints=controller-node-1:2379 -w table \\\n--cacert=\"/etc/kubernetes/ssl/etcd/ca.crt\" \\\n--cert=\"/etc/kubernetes/ssl/apiserver-etcd-client.crt\" \\\n--key=\"/etc/kubernetes/ssl/apiserver-etcd-client.key\"\n
\u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a
+------------------------+------------------+---------+---------+-----------+------------+-----------+------------+--------------------+--------+\n| ENDPOINT | ID | VERSION | DB SIZE | IS LEADER | IS LEARNER | RAFT TERM | RAFT INDEX | RAFT APPLIED INDEX | ERRORS |\n+------------------------+------------------+---------+---------+-----------+------------+-----------+------------+--------------------+--------+\n| controller-node-1:2379 | 123c2503a378fc46 | 3.5.6 | 15 MB | true | false | 3 | 1200 | 1199 | |\n+------------------------+------------------+---------+---------+-----------+------------+-----------+------------+--------------------+--------+\n
\u6062\u590d\u5176\u4ed6\u8282\u70b9\u6570\u636e
\u4e0a\u8ff0\u6b65\u9aa4\u5df2\u7ecf\u8fd8\u539f\u4e86\u8282\u70b9 01 \u7684\u6570\u636e\uff0c\u82e5\u60f3\u8981\u8fd8\u539f\u5176\u4ed6\u8282\u70b9\u6570\u636e\uff0c\u53ea\u9700\u8981\u5c06 etcd \u7684 Pod \u542f\u52a8\u8d77\u6765\uff0c\u8ba9 etcd \u81ea\u5df1\u5b8c\u6210\u6570\u636e\u540c\u6b65\u3002
\u5728\u8282\u70b9 02 \u548c\u8282\u70b9 03 \u90fd\u6267\u884c\u76f8\u540c\u7684\u64cd\u4f5c\uff1a
mv /tmp/etcd.yaml /etc/kubernetes/manifests/etcd.yaml\n
etcd member \u96c6\u7fa4\u4e4b\u95f4\u7684\u6570\u636e\u540c\u6b65\u9700\u8981\u4e00\u5b9a\u7684\u65f6\u95f4\uff0c\u53ef\u4ee5\u67e5\u770b etcd \u96c6\u7fa4\u72b6\u6001\uff0c\u786e\u4fdd\u6240\u6709 etcd \u96c6\u7fa4\u6b63\u5e38\uff1a
\u68c0\u67e5 etcd \u96c6\u7fa4\u72b6\u6001\u662f\u5426\u6b63\u5e38:
etcdctl member list -w table \\\n--cacert=\"/etc/kubernetes/ssl/etcd/ca.crt\" \\\n--cert=\"/etc/kubernetes/ssl/apiserver-etcd-client.crt\" \\\n--key=\"/etc/kubernetes/ssl/apiserver-etcd-client.key\"\n
\u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a
+------------------+---------+-------------------+-------------------------+-------------------------+------------+\n| ID | STATUS | NAME | PEER ADDRS | CLIENT ADDRS | IS LEARNER |\n+------------------+---------+-------------------+-------------------------+-------------------------+------------+\n| 6ea47110c5a87c03 | started | controller-node-1 | https://10.5.14.31:2380 | https://10.5.14.31:2379 | false |\n| e222e199f1e318c4 | started | controller-node-2 | https://10.5.14.32:2380 | https://10.5.14.32:2379 | false |\n| f64eeda321aabe2d | started | controller-node-3 | https://10.5.14.33:2380 | https://10.5.14.33:2379 | false |\n+------------------+---------+-------------------+-------------------------+-------------------------+------------+\n
\u68c0\u67e5 3 \u4e2a member \u8282\u70b9\u662f\u5426\u6b63\u5e38:
etcdctl endpoint status --endpoints=controller-node-1:2379,controller-node-2:2379,controller-node-3:2379 -w table \\\n--cacert=\"/etc/kubernetes/ssl/etcd/ca.crt\" \\\n--cert=\"/etc/kubernetes/ssl/apiserver-etcd-client.crt\" \\\n--key=\"/etc/kubernetes/ssl/apiserver-etcd-client.key\"\n
\u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a
+------------------------+------------------+---------+---------+-----------+------------+-----------+------------+--------------------+--------+\n| ENDPOINT | ID | VERSION | DB SIZE | IS LEADER | IS LEARNER | RAFT TERM | RAFT INDEX | RAFT APPLIED INDEX | ERRORS |\n+------------------------+------------------+---------+---------+-----------+------------+-----------+------------+--------------------+--------+\n| controller-node-1:2379 | 6ea47110c5a87c03 | 3.5.6 | 88 MB | true | false | 6 | 199008 | 199008 | |\n| controller-node-2:2379 | e222e199f1e318c4 | 3.5.6 | 88 MB | false | false | 6 | 199114 | 199114 | |\n| controller-node-3:2379 | f64eeda321aabe2d | 3.5.6 | 88 MB | false | false | 6 | 199316 | 199316 | |\n+------------------------+------------------+---------+---------+-----------+------------+-----------+------------+--------------------+--------+\n
\u7b49\u6240\u6709\u8282\u70b9\u7684 etcd \u6570\u636e\u540c\u6b65\u5b8c\u6210\u540e\uff0c\u5219\u53ef\u4ee5\u5c06 kube-apiserver \u8fdb\u884c\u91cd\u65b0\u542f\u52a8\uff0c\u5c06\u6574\u4e2a\u96c6\u7fa4\u6062\u590d\u5230\u53ef\u8bbf\u95ee\u72b6\u6001\uff1a
\u91cd\u65b0\u542f\u52a8 node1 \u7684 kube-apiserver \u670d\u52a1
mv /tmp/kube-apiserver.yaml /etc/kubernetes/manifests/kube-apiserver.yaml\n
\u91cd\u65b0\u542f\u52a8 node2 \u7684 kube-apiserver \u670d\u52a1
mv /tmp/kube-apiserver.yaml /etc/kubernetes/manifests/kube-apiserver.yaml\n
\u91cd\u65b0\u542f\u52a8 node3 \u7684 kube-apiserver \u670d\u52a1
mv /tmp/kube-apiserver.yaml /etc/kubernetes/manifests/kube-apiserver.yaml\n
\u7b49\u5f85 kubelet \u5c06 kube-apiserver \u542f\u52a8\u540e\uff0c\u68c0\u67e5\u8fd8\u539f\u7684 k8s \u6570\u636e\u662f\u5426\u6b63\u5e38\uff1a
kubectl get nodes\n
\u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a
NAME STATUS ROLES AGE VERSION\ncontroller-node-1 Ready <none> 3h30m v1.25.4\ncontroller-node-3 Ready control-plane 3h29m v1.25.4\ncontroller-node-3 Ready control-plane 3h28m v1.25.4\n
\u5728 AI \u7b97\u529b\u4e2d\u5fc3\u4e2d\uff0c\u4f7f\u7528 CIS Benchmark (CIS) \u626b\u63cf\u4f7f\u7528\u754c\u9762\u521b\u5efa\u7684\u5de5\u4f5c\u96c6\u7fa4\uff0c\u6709\u4e00\u4e9b\u626b\u63cf\u9879\u5e76\u6ca1\u6709\u901a\u8fc7\u626b\u63cf\u3002 \u672c\u6587\u5c06\u57fa\u4e8e\u4e0d\u540c\u7684 CIS Benchmark \u7248\u672c\u8fdb\u884c\u52a0\u56fa\u8bf4\u660e\u3002
"},{"location":"admin/kpanda/best-practice/hardening-cluster.html#cis-benchmark-127","title":"CIS Benchmark 1.27","text":"\u626b\u63cf\u73af\u5883\u8bf4\u660e\uff1a
[FAIL] 1.2.5 Ensure that the --kubelet-certificate-authority argument is set as appropriate (Automated)
\u539f\u56e0\uff1a CIS \u8981\u6c42 kube-apiserver \u5fc5\u987b\u6307\u5b9a kubelet \u7684 CA \u8bc1\u4e66\u8def\u5f84\uff1a
[FAIL] 1.3.7 Ensure that the --bind-address argument is set to 127.0.0.1 (Automated)
\u539f\u56e0\uff1a CIS \u8981\u6c42 kube-controller-manager \u7684 --bing-address=127.0.0.1
[FAIL] 1.4.1 Ensure that the --profiling argument is set to false (Automated)
\u539f\u56e0\uff1a CIS \u8981\u6c42 kube-scheduler \u8bbe\u7f6e --profiling=false
[FAIL] 1.4.2 Ensure that the --bind-address argument is set to 127.0.0.1 (Automated)
\u539f\u56e0\uff1a CIS \u8981\u6c42 \u8bbe\u7f6e kube-scheduler \u7684 --bind-address=127.0.0.1
kubespray \u5b98\u65b9\u4e3a\u4e86\u89e3\u51b3\u8fd9\u4e9b\u5b89\u5168\u626b\u63cf\u95ee\u9898\uff0c\u5728 v2.22 \u4e2d\u6dfb\u52a0\u9ed8\u8ba4\u503c\u89e3\u51b3\u4e86\u4e00\u90e8\u5206\u95ee\u9898\uff0c \u66f4\u591a\u7ec6\u8282\u8bf7\u53c2\u8003 kubespray \u52a0\u56fa\u6587\u6863\u3002
\u901a\u8fc7\u4fee\u6539 kubean var-config \u914d\u7f6e\u6587\u4ef6\u6765\u6dfb\u52a0\u53c2\u6570\uff1a
kubernetes_audit: true\nkube_controller_manager_bind_address: 127.0.0.1\nkube_scheduler_bind_address: 127.0.0.1\nkube_kubeadm_scheduler_extra_args:\n profiling: false\nkubelet_rotate_server_certificates: true\n
\u5728 AI \u7b97\u529b\u4e2d\u5fc3\u4e2d\uff0c\u4e5f\u63d0\u4f9b\u4e86\u901a\u8fc7 UI \u6765\u914d\u7f6e\u9ad8\u7ea7\u53c2\u6570\u7684\u529f\u80fd\uff0c\u5728\u521b\u5efa\u96c6\u7fa4\u6700\u540e\u4e00\u6b65\u6dfb\u52a0\u81ea\u5b9a\u4e49\u53c2\u6570\uff1a
\u8bbe\u7f6e\u81ea\u5b9a\u4e49\u53c2\u6570\u540e\uff0c\u5728 kubean \u7684 var-config \u7684 configmap \u4e2d\u6dfb\u52a0\u4e86\u5982\u4e0b\u53c2\u6570\uff1a
\u5b89\u88c5\u96c6\u7fa4\u540e\u8fdb\u884c\u626b\u63cf\uff1a
\u626b\u63cf\u540e\u6240\u6709\u7684\u626b\u63cf\u9879\u90fd\u901a\u8fc7\u4e86\u626b\u63cf\uff08WARN \u548c INFO \u8ba1\u7b97\u4e3a PASS\uff09\uff0c \u7531\u4e8e CIS Benchmark \u4f1a\u4e0d\u65ad\u66f4\u65b0\uff0c\u6b64\u6587\u6863\u7684\u5185\u5bb9\u53ea\u9002\u7528\u4e8e CIS Benchmark 1.27\u3002
"},{"location":"admin/kpanda/best-practice/k3s-lcm.html","title":"\u8fb9\u7f18\u96c6\u7fa4\u90e8\u7f72\u548c\u7ba1\u7406\u5b9e\u8df5","text":"\u5bf9\u4e8e\u8d44\u6e90\u53d7\u9650\u7684\u8fb9\u7f18\u6216\u7269\u8054\u7f51\u573a\u666f\uff0cKubernetes \u65e0\u6cd5\u5f88\u597d\u7684\u6ee1\u8db3\u8d44\u6e90\u8981\u6c42\uff0c\u4e3a\u6b64\u9700\u8981\u4e00\u4e2a\u8f7b\u91cf\u5316 Kubernetes \u65b9\u6848\uff0c \u65e2\u80fd\u5b9e\u73b0\u5bb9\u5668\u7ba1\u7406\u548c\u7f16\u6392\u80fd\u529b\uff0c\u53c8\u80fd\u7ed9\u4e1a\u52a1\u5e94\u7528\u9884\u7559\u66f4\u591a\u8d44\u6e90\u7a7a\u95f4\u3002\u672c\u6587\u4ecb\u7ecd\u8fb9\u7f18\u96c6\u7fa4 k3s \u7684\u90e8\u7f72\u548c\u5168\u751f\u547d\u5468\u671f\u7ba1\u7406\u5b9e\u8df5\u3002
"},{"location":"admin/kpanda/best-practice/k3s-lcm.html#_2","title":"\u8282\u70b9\u89c4\u5212","text":"\u67b6\u6784
\u64cd\u4f5c\u7cfb\u7edf
CPU/\u5185\u5b58
\u5355\u8282\u70b9 K3s \u96c6\u7fa4
\u6700\u5c0f CPU \u63a8\u8350 CPU \u6700\u5c0f\u5185\u5b58 \u63a8\u8350\u5185\u5b58 K3s cluster 1 core 2 cores 1.5 GB 2 GB\u591a\u8282\u70b9 K3s \u96c6\u7fa4
\u6700\u5c0f CPU \u63a8\u8350 CPU \u6700\u5c0f\u5185\u5b58 \u63a8\u8350\u5185\u5b58 K3s server 1 core 2 cores 1 GB 1.5 GB K3s agent 1 core 2 cores 512 MB 1 GB\u8282\u70b9\u5165\u7ad9\u89c4\u5219
\u8282\u70b9\u89d2\u8272
\u767b\u5f55\u7528\u6237\u9700\u5177\u5907 root \u6743\u9650
server node agent node \u63cf\u8ff0 1 0 \u4e00\u53f0 server \u8282\u70b9 1 2 \u4e00\u53f0 server \u8282\u70b9\u3001\u4e24\u53f0 agent \u8282\u70b9 3 0 \u4e09\u53f0 server \u8282\u70b9\u4fdd\u5b58\u5b89\u88c5\u811a\u672c\u5230\u5b89\u88c5\u8282\u70b9\uff08\u4efb\u610f\u53ef\u4ee5\u8bbf\u95ee\u5230\u96c6\u7fa4\u8282\u70b9\u7684\u8282\u70b9\uff09
$ cat > k3slcm <<'EOF'\n#!/bin/bash\nset -e\n\nairgap_image=${K3S_AIRGAP_IMAGE:-}\nk3s_bin=${K3S_BINARY:-}\ninstall_script=${K3S_INSTALL_SCRIPT:-}\n\nservers=${K3S_SERVERS:-}\nagents=${K3S_AGENTS:-}\nssh_user=${SSH_USER:-root}\nssh_password=${SSH_PASSWORD:-}\nssh_privatekey_path=${SSH_PRIVATEKEY_PATH:-}\nextra_server_args=${EXTRA_SERVER_ARGS:-}\nextra_agent_args=${EXTRA_AGENT_ARGS:-}\nfirst_server=$(cut -d, -f1 <<<\"$servers,\")\nother_servers=$(cut -d, -f2- <<<\"$servers,\")\n\ninstall_script_env=\"INSTALL_K3S_SKIP_SELINUX_RPM=true INSTALL_K3S_SELINUX_WARN=true \"\n[ -n \"$K3S_VERSION\" ] && install_script_env+=\"INSTALL_K3S_VERSION=$K3S_VERSION \"\n\nssh_opts=\"-q -o StrictHostkeyChecking=no -o UserKnownHostsFile=/dev/null -o ControlPath=/tmp/ssh_mux_%h_%p_%r -o ControlMaster=auto -o ControlPersist=10m\"\n\nif [ -n \"$ssh_privatekey_path\" ]; then\n ssh_opts+=\" -i $ssh_privatekey_path\"\nelif [ -n \"$ssh_password\" ]; then\n askpass=$(mktemp)\n echo \"echo -n $ssh_password\" > $askpass\n chmod 0755 $askpass\n export SSH_ASKPASS=$askpass SSH_ASKPASS_REQUIRE=force\nelse\n echo \"SSH_PASSWORD or SSH_PRIVATEKEY_PATH must be provided\" && exit 1\nfi\n\nlog_info() { echo -e \"\\033[36m* $*\\033[0m\"; }\nclean() { rm -f $askpass; }\ntrap clean EXIT\n\nIFS=',' read -ra all_nodes <<< \"$servers,$agents\"\nif [ -n \"$k3s_bin\" ]; then\n for node in ${all_nodes[@]}; do\n chmod +x \"$k3s_bin\" \"$install_script\"\n ssh $ssh_opts \"$ssh_user@$node\" \"mkdir -p /usr/local/bin /var/lib/rancher/k3s/agent/images\"\n log_info \"Copying $airgap_image to $node\"\n scp -O $ssh_opts \"$airgap_image\" \"$ssh_user@$node:/var/lib/rancher/k3s/agent/images\"\n log_info \"Copying $k3s_bin to $node\"\n scp -O $ssh_opts \"$k3s_bin\" \"$ssh_user@$node:/usr/local/bin/k3s\"\n log_info \"Copying $install_script to $node\"\n scp -O $ssh_opts \"$install_script\" \"$ssh_user@$node:/usr/local/bin/k3s-install.sh\"\n done\n install_script_env+=\"INSTALL_K3S_SKIP_DOWNLOAD=true \"\nelse\n for node in ${all_nodes[@]}; do\n log_info \"Downloading install script for $node\"\n ssh $ssh_opts \"$ssh_user@$node\" \"curl -sSLo /usr/local/bin/k3s-install.sh https://get.k3s.io/ && chmod +x /usr/local/bin/k3s-install.sh\"\n done\nfi\n\nrestart_k3s() {\n local node=$1\n previous_k3s_version=$(ssh $ssh_opts \"$ssh_user@$first_server\" \"kubectl get no -o wide | awk '\\$6==\\\"$node\\\" {print \\$5}'\")\n [ -n \"$previous_k3s_version\" -a \"$previous_k3s_version\" != \"$K3S_VERSION\" -a -n \"$k3s_bin\" ] && return 0 || return 1\n}\n\ntoken=mynodetoken\ninstall_script_env+=${K3S_INSTALL_SCRIPT_ENV:-}\nif [ -z \"$other_servers\" ]; then\n log_info \"Installing on server node [$first_server]\"\n ssh $ssh_opts \"$ssh_user@$first_server\" \"env $install_script_env /usr/local/bin/k3s-install.sh server --token $token $extra_server_args\"\n ! restart_k3s \"$first_server\" || ssh $ssh_opts \"$ssh_user@$first_server\" \"systemctl restart k3s.service\"\nelse\n log_info \"Installing on first server node [$first_server]\"\n ssh $ssh_opts \"$ssh_user@$first_server\" \"env $install_script_env /usr/local/bin/k3s-install.sh server --cluster-init --token $token $extra_server_args\"\n ! restart_k3s \"$first_server\" || ssh $ssh_opts \"$ssh_user@$first_server\" \"systemctl restart k3s.service\"\n IFS=',' read -ra other_server_nodes <<< \"$other_servers\"\n for node in ${other_server_nodes[@]}; do\n log_info \"Installing on other server node [$node]\"\n ssh $ssh_opts \"$ssh_user@$node\" \"env $install_script_env /usr/local/bin/k3s-install.sh server --server https://$first_server:6443 --token $token $extra_server_args\"\n ! restart_k3s \"$node\" || ssh $ssh_opts \"$ssh_user@$node\" \"systemctl restart k3s.service\"\n done\nfi\n\nif [ -n \"$agents\" ]; then\n IFS=',' read -ra agent_nodes <<< \"$agents\"\n for node in ${agent_nodes[@]}; do\n log_info \"Installing on agent node [$node]\"\n ssh $ssh_opts \"$ssh_user@$node\" \"env $install_script_env K3S_TOKEN=$token K3S_URL=https://$first_server:6443 /usr/local/bin/k3s-install.sh agent --token $token $extra_agent_args\"\n ! restart_k3s \"$node\" || ssh $ssh_opts \"$ssh_user@$node\" \"systemctl restart k3s-agent.service\"\n done\nfi\nEOF\n
\uff08\u53ef\u9009\uff09\u79bb\u7ebf\u73af\u5883\u4e0b\uff0c\u5728\u4e00\u53f0\u53ef\u8054\u7f51\u8282\u70b9\u4e0b\u8f7d K3s \u76f8\u5173\u79bb\u7ebf\u8d44\u6e90\uff0c\u5e76\u62f7\u8d1d\u5230\u5b89\u88c5\u8282\u70b9
## [\u8054\u7f51\u8282\u70b9\u6267\u884c]\n\n# \u8bbe\u7f6e K3s \u7248\u672c\u4e3a v1.30.2+k3s1\n$ export k3s_version=v1.30.2+k3s1\n\n# \u79bb\u7ebf\u955c\u50cf\u5305\n# arm64\u94fe\u63a5\u4e3a https://github.com/k3s-io/k3s/releases/download/$k3s_version/k3s-airgap-images-arm64.tar.zst\n$ curl -LO https://github.com/k3s-io/k3s/releases/download/$k3s_version/k3s-airgap-images-amd64.tar.zst\n\n# k3s \u4e8c\u8fdb\u5236\u6587\u4ef6\n# arm64\u94fe\u63a5\u4e3a https://github.com/k3s-io/k3s/releases/download/$k3s_version/k3s-arm64\n$ curl -LO https://github.com/k3s-io/k3s/releases/download/$k3s_version/k3s\n\n# \u5b89\u88c5\u90e8\u7f72\u811a\u672c\n$ curl -Lo k3s-install.sh https://get.k3s.io/\n\n## \u4e0a\u8ff0\u8d44\u6e90\u62f7\u8d1d\u5230\u5b89\u88c5\u8282\u70b9\u6587\u4ef6\u7cfb\u7edf\u4e0a\n\n## [\u5b89\u88c5\u8282\u70b9\u6267\u884c]\n$ export K3S_AIRGAP_IMAGE=<\u8d44\u6e90\u5b58\u653e\u76ee\u5f55>/k3s-airgap-images-amd64.tar.zst \n$ export K3S_BINARY=<\u8d44\u6e90\u5b58\u653e\u76ee\u5f55>/k3s \n$ export K3S_INSTALL_SCRIPT=<\u8d44\u6e90\u5b58\u653e\u76ee\u5f55>/k3s-install.sh\n
\u5173\u95ed\u9632\u706b\u5899\u548c swap\uff08\u82e5\u9632\u706b\u5899\u65e0\u6cd5\u5173\u95ed\uff0c\u53ef\u653e\u884c\u4e0a\u8ff0\u5165\u7ad9\u7aef\u53e3\uff09
# Ubuntu \u5173\u95ed\u9632\u706b\u5899\u65b9\u6cd5\n$ sudo ufw disable\n# RHEL / CentOS / Fedora / SUSE \u5173\u95ed\u9632\u706b\u5899\u65b9\u6cd5\n$ systemctl disable firewalld --now\n$ sudo swapoff -a\n$ sudo sed -i '/swap/s/^/#/' /etc/fstab\n
\u4e0b\u6587\u6d4b\u8bd5\u73af\u5883\u4fe1\u606f\u4e3a Ubuntu 22.04 LTS, amd64\uff0c\u79bb\u7ebf\u5b89\u88c5
\u5728\u5b89\u88c5\u8282\u70b9\u6839\u636e\u90e8\u7f72\u89c4\u5212\u8bbe\u7f6e\u8282\u70b9\u4fe1\u606f\uff0c\u5e76\u5bfc\u51fa\u73af\u5883\u53d8\u91cf\uff0c\u591a\u4e2a\u8282\u70b9\u4ee5\u534a\u89d2\u9017\u53f7 ,
\u5206\u9694
export K3S_SERVERS=172.30.41.5 $ export SSH_USER=root\n# \u82e5\u4f7f\u7528 public key \u65b9\u5f0f\u767b\u5f55\uff0c\u786e\u4fdd\u5df2\u5c06\u516c\u94a5\u6dfb\u52a0\u5230\u5404\u8282\u70b9\u7684 ~/.ssh/authorized_keys\n\nexport SSH_PRIVATEKEY_PATH=<\u79c1\u94a5\u8def\u5f84>\nexport SSH_PASSWORD=<SSH\u5bc6\u7801>\n
export K3S_SERVERS=172.30.41.5\nexport K3S_AGENTS=172.30.41.6,172.30.41.7\nexport SSH_USER=root\n\n# \u82e5\u4f7f\u7528 public key \u65b9\u5f0f\u767b\u5f55\uff0c\u786e\u4fdd\u5df2\u5c06\u516c\u94a5\u6dfb\u52a0\u5230\u5404\u8282\u70b9\u7684 ~/.ssh/authorized_keys\nexport SSH_PRIVATEKEY_PATH=<\u79c1\u94a5\u8def\u5f84>\nexport SSH_PASSWORD=<SSH\u5bc6\u7801>\n
export K3S_SERVERS=172.30.41.5,172.30.41.6,172.30.41.7\nexport SSH_USER=root\n\n# \u82e5\u4f7f\u7528 public key \u65b9\u5f0f\u767b\u5f55\uff0c\u786e\u4fdd\u5df2\u5c06\u516c\u94a5\u6dfb\u52a0\u5230\u5404\u8282\u70b9\u7684 ~/.ssh/authorized_keys\nexport SSH_PRIVATEKEY_PATH=<\u79c1\u94a5\u8def\u5f84>\nexport SSH_PASSWORD=<SSH\u5bc6\u7801>\n
\u6267\u884c\u90e8\u7f72\u64cd\u4f5c
\u4ee5 3 server / 0 agent \u6a21\u5f0f\u4e3a\u4f8b\uff0c\u6bcf\u53f0\u673a\u5668\u5fc5\u987b\u6709\u4e00\u4e2a\u552f\u4e00\u7684\u4e3b\u673a\u540d
# \u82e5\u6709\u66f4\u591a K3s \u5b89\u88c5\u811a\u672c\u73af\u5883\u53d8\u91cf\u8bbe\u7f6e\u9700\u6c42\uff0c\u8bf7\u8bbe\u7f6e K3S_INSTALL_SCRIPT_ENV\uff0c\u5176\u503c\u53c2\u8003 https://docs.k3s.io/reference/env-variables\n# \u82e5\u9700\u5bf9 server \u6216 agent \u8282\u70b9\u4f5c\u51fa\u989d\u5916\u914d\u7f6e\uff0c\u8bf7\u8bbe\u7f6e EXTRA_SERVER_ARGS \u6216 EXTRA_AGENT_ARGS\uff0c\u5176\u503c\u53c2\u8003 https://docs.k3s.io/cli/server https://docs.k3s.io/cli/agent\n$ bash k3slcm\n* Copying ./v1.30.2/k3s-airgap-images-amd64.tar.zst to 172.30.41.5\n* Copying ./v1.30.2/k3s to 172.30.41.5\n* Copying ./v1.30.2/k3s-install.sh to 172.30.41.5\n* Copying ./v1.30.2/k3s-airgap-images-amd64.tar.zst to 172.30.41.6\n* Copying ./v1.30.2/k3s to 172.30.41.6\n* Copying ./v1.30.2/k3s-install.sh to 172.30.41.6\n* Copying ./v1.30.2/k3s-airgap-images-amd64.tar.zst to 172.30.41.7\n* Copying ./v1.30.2/k3s to 172.30.41.7\n* Copying ./v1.30.2/k3s-install.sh to 172.30.41.7\n* Installing on first server node [172.30.41.5]\n[INFO] Skipping k3s download and verify\n[INFO] Skipping installation of SELinux RPM\n[INFO] Creating /usr/local/bin/kubectl symlink to k3s\n[INFO] Creating /usr/local/bin/crictl symlink to k3s\n[INFO] Creating /usr/local/bin/ctr symlink to k3s\n[INFO] Creating killall script /usr/local/bin/k3s-killall.sh\n[INFO] Creating uninstall script /usr/local/bin/k3s-uninstall.sh\n[INFO] env: Creating environment file /etc/systemd/system/k3s.service.env\n[INFO] systemd: Creating service file /etc/systemd/system/k3s.service\n[INFO] systemd: Enabling k3s unit\nCreated symlink /etc/systemd/system/multi-user.target.wants/k3s.service \u2192 /etc/systemd/system/k3s.service.\n[INFO] systemd: Starting k3s\n* Installing on other server node [172.30.41.6]\n......\n
\u68c0\u67e5\u96c6\u7fa4\u72b6\u6001
$ kubectl get no -owide\nNAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME\nserver1 Ready control-plane,etcd,master 3m51s v1.30.2+k3s1 172.30.41.5 <none> Ubuntu 22.04.3 LTS 5.15.0-78-generic containerd://1.7.17-k3s1\nserver2 Ready control-plane,etcd,master 3m18s v1.30.2+k3s1 172.30.41.6 <none> Ubuntu 22.04.3 LTS 5.15.0-78-generic containerd://1.7.17-k3s1\nserver3 Ready control-plane,etcd,master 3m7s v1.30.2+k3s1 172.30.41.7 <none> Ubuntu 22.04.3 LTS 5.15.0-78-generic containerd://1.7.17-k3s1\n\n$ kubectl get pod --all-namespaces -owide\nNAMESPACE NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES\nkube-system coredns-576bfc4dc7-z4x2s 1/1 Running 0 8m31s 10.42.0.3 server1 <none> <none>\nkube-system helm-install-traefik-98kh5 0/1 Completed 1 8m31s 10.42.0.4 server1 <none> <none>\nkube-system helm-install-traefik-crd-9xtfd 0/1 Completed 0 8m31s 10.42.0.5 server1 <none> <none>\nkube-system local-path-provisioner-86f46b7bf7-qt995 1/1 Running 0 8m31s 10.42.0.6 server1 <none> <none>\nkube-system metrics-server-557ff575fb-kptsh 1/1 Running 0 8m31s 10.42.0.2 server1 <none> <none>\nkube-system svclb-traefik-f95cc81c-mgcjh 2/2 Running 0 6m28s 10.42.1.3 server2 <none> <none>\nkube-system svclb-traefik-f95cc81c-xtb8f 2/2 Running 0 6m28s 10.42.2.2 server3 <none> <none>\nkube-system svclb-traefik-f95cc81c-zcsxl 2/2 Running 0 6m28s 10.42.0.7 server1 <none> <none>\nkube-system traefik-5fb479b77-6pbh5 1/1 Running 0 6m28s 10.42.1.2 server2 <none> <none>\n
v1.30.3+k3s1
\u7248\u672c\uff0c\u6309\u7167 \u524d\u7f6e\u51c6\u5907
\u6b65\u9aa4 2 \u91cd\u65b0\u4e0b\u8f7d\u79bb\u7ebf\u8d44\u6e90\u5e76\u62f7\u8d1d\u5230\u5b89\u88c5\u8282\u70b9\uff0c\u540c\u65f6\u5728\u5b89\u88c5\u8282\u70b9\u5bfc\u51fa\u79bb\u7ebf\u8d44\u6e90\u8def\u5f84\u73af\u5883\u53d8\u91cf\u3002\uff08\u82e5\u4e3a\u8054\u7f51\u5347\u7ea7\uff0c\u5219\u8df3\u8fc7\u6b64\u64cd\u4f5c\uff09\u6267\u884c\u5347\u7ea7\u64cd\u4f5c
$ export K3S_VERSION=v1.30.3+k3s1\n$ bash k3slcm\n* Copying ./v1.30.3/k3s-airgap-images-amd64.tar.zst to 172.30.41.5\n* Copying ./v1.30.3/k3s to 172.30.41.5\n* Copying ./v1.30.3/k3s-install.sh to 172.30.41.5\n* Copying ./v1.30.3/k3s-airgap-images-amd64.tar.zst to 172.30.41.6\n* Copying ./v1.30.3/k3s to 172.30.41.6\n* Copying ./v1.30.3/k3s-install.sh to 172.30.41.6\n* Copying ./v1.30.3/k3s-airgap-images-amd64.tar.zst to 172.30.41.7\n* Copying ./v1.30.3/k3s to 172.30.41.7\n* Copying ./v1.30.3/k3s-install.sh to 172.30.41.7\n* Installing on first server node [172.30.41.5]\n[INFO] Skipping k3s download and verify\n[INFO] Skipping installation of SELinux RPM\n[INFO] Skipping /usr/local/bin/kubectl symlink to k3s, already exists\n[INFO] Skipping /usr/local/bin/crictl symlink to k3s, already exists\n[INFO] Skipping /usr/local/bin/ctr symlink to k3s, already exists\n[INFO] Creating killall script /usr/local/bin/k3s-killall.sh\n[INFO] Creating uninstall script /usr/local/bin/k3s-uninstall.sh\n[INFO] env: Creating environment file /etc/systemd/system/k3s.service.env\n[INFO] systemd: Creating service file /etc/systemd/system/k3s.service\n[INFO] systemd: Enabling k3s unit\nCreated symlink /etc/systemd/system/multi-user.target.wants/k3s.service \u2192 /etc/systemd/system/k3s.service.\n[INFO] No change detected so skipping service start\n* Installing on other server node [172.30.41.6]\n......\n
\u68c0\u67e5\u96c6\u7fa4\u72b6\u6001
$ kubectl get node -owide\nNAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME\nserver1 Ready control-plane,etcd,master 18m v1.30.3+k3s1 172.30.41.5 <none> Ubuntu 22.04.3 LTS 5.15.0-78-generic containerd://1.7.17-k3s1\nserver2 Ready control-plane,etcd,master 17m v1.30.3+k3s1 172.30.41.6 <none> Ubuntu 22.04.3 LTS 5.15.0-78-generic containerd://1.7.17-k3s1\nserver3 Ready control-plane,etcd,master 17m v1.30.3+k3s1 172.30.41.7 <none> Ubuntu 22.04.3 LTS 5.15.0-78-generic containerd://1.7.17-k3s1\n\n$ kubectl get po --all-namespaces -owide\nNAMESPACE NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES\nkube-system coredns-576bfc4dc7-z4x2s 1/1 Running 0 18m 10.42.0.3 server1 <none> <none>\nkube-system helm-install-traefik-98kh5 0/1 Completed 1 18m <none> server1 <none> <none>\nkube-system helm-install-traefik-crd-9xtfd 0/1 Completed 0 18m <none> server1 <none> <none>\nkube-system local-path-provisioner-6795b5f9d8-t4rvm 1/1 Running 0 2m49s 10.42.2.3 server3 <none> <none>\nkube-system metrics-server-557ff575fb-kptsh 1/1 Running 0 18m 10.42.0.2 server1 <none> <none>\nkube-system svclb-traefik-f95cc81c-mgcjh 2/2 Running 0 16m 10.42.1.3 server2 <none> <none>\nkube-system svclb-traefik-f95cc81c-xtb8f 2/2 Running 0 16m 10.42.2.2 server3 <none> <none>\nkube-system svclb-traefik-f95cc81c-zcsxl 2/2 Running 0 16m 10.42.0.7 server1 <none> <none>\nkube-system traefik-5fb479b77-6pbh5 1/1 Running 0 16m 10.42.1.2 server2 <none> <none>\n
\u5982\u6dfb\u52a0\u65b0\u7684 agent \u8282\u70b9\uff1a
export K3S_AGENTS=172.30.41.8\n
\u6dfb\u52a0\u65b0\u7684 server \u8282\u70b9\u5982\u4e0b\uff1a
< export K3S_SERVERS=172.30.41.5,172.30.41.6,172.30.41.7\n---\n> export K3S_SERVERS=172.30.41.5,172.30.41.6,172.30.41.7,172.30.41.8,172.30.41.9\n
\u6267\u884c\u6269\u5bb9\u64cd\u4f5c\uff08\u4ee5\u6dfb\u52a0 agent \u8282\u70b9\u4e3a\u4f8b\uff09
$ bash k3slcm\n* Copying ./v1.30.3/k3s-airgap-images-amd64.tar.zst to 172.30.41.5\n* Copying ./v1.30.3/k3s to 172.30.41.5\n* Copying ./v1.30.3/k3s-install.sh to 172.30.41.5\n* Copying ./v1.30.3/k3s-airgap-images-amd64.tar.zst to 172.30.41.6\n* Copying ./v1.30.3/k3s to 172.30.41.6\n* Copying ./v1.30.3/k3s-install.sh to 172.30.41.6\n* Copying ./v1.30.3/k3s-airgap-images-amd64.tar.zst to 172.30.41.7\n* Copying ./v1.30.3/k3s to 172.30.41.7\n* Copying ./v1.30.3/k3s-install.sh to 172.30.41.7\n* Copying ./v1.30.3/k3s-airgap-images-amd64.tar.zst to 172.30.41.8\n* Copying ./v1.30.3/k3s to 172.30.41.8\n* Copying ./v1.30.3/k3s-install.sh to 172.30.41.8\n* Installing on first server node [172.30.41.5]\n[INFO] Skipping k3s download and verify\n[INFO] Skipping installation of SELinux RPM\n[INFO] Skipping /usr/local/bin/kubectl symlink to k3s, already exists\n[INFO] Skipping /usr/local/bin/crictl symlink to k3s, already exists\n[INFO] Skipping /usr/local/bin/ctr symlink to k3s, already exists\n[INFO] Creating killall script /usr/local/bin/k3s-killall.sh\n[INFO] Creating uninstall script /usr/local/bin/k3s-uninstall.sh\n[INFO] env: Creating environment file /etc/systemd/system/k3s.service.env\n[INFO] systemd: Creating service file /etc/systemd/system/k3s.service\n[INFO] systemd: Enabling k3s unit\nCreated symlink /etc/systemd/system/multi-user.target.wants/k3s.service \u2192 /etc/systemd/system/k3s.service.\n[INFO] No change detected so skipping service start\n......\n* Installing on agent node [172.30.41.8]\n[INFO] Skipping k3s download and verify\n[INFO] Skipping installation of SELinux RPM\n[INFO] Creating /usr/local/bin/kubectl symlink to k3s\n[INFO] Creating /usr/local/bin/crictl symlink to k3s\n[INFO] Creating /usr/local/bin/ctr symlink to k3s\n[INFO] Creating killall script /usr/local/bin/k3s-killall.sh\n[INFO] Creating uninstall script /usr/local/bin/k3s-agent-uninstall.sh\n[INFO] env: Creating environment file /etc/systemd/system/k3s-agent.service.env\n[INFO] systemd: Creating service file /etc/systemd/system/k3s-agent.service\n[INFO] systemd: Enabling k3s-agent unit\nCreated symlink /etc/systemd/system/multi-user.target.wants/k3s-agent.service \u2192 /etc/systemd/system/k3s-agent.service.\n[INFO] systemd: Starting k3s-agent\n
\u68c0\u67e5\u96c6\u7fa4\u72b6\u6001
$ kubectl get node -owide\nNAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME\nagent1 Ready <none> 57s v1.30.3+k3s1 172.30.41.8 <none> Ubuntu 22.04.3 LTS 5.15.0-78-generic containerd://1.7.17-k3s1\nserver1 Ready control-plane,etcd,master 12m v1.30.3+k3s1 172.30.41.5 <none> Ubuntu 22.04.3 LTS 5.15.0-78-generic containerd://1.7.17-k3s1\nserver2 Ready control-plane,etcd,master 11m v1.30.3+k3s1 172.30.41.6 <none> Ubuntu 22.04.3 LTS 5.15.0-78-generic containerd://1.7.17-k3s1\nserver3 Ready control-plane,etcd,master 11m v1.30.3+k3s1 172.30.41.7 <none> Ubuntu 22.04.3 LTS 5.15.0-78-generic containerd://1.7.17-k3s1\n
k3s-uninstall.sh
\u6216 k3s-agent-uninstall.sh
\u5728\u4efb\u610f server \u8282\u70b9\u4e0a\u6267\u884c\uff1a
kubectl delete node <\u8282\u70b9\u540d\u79f0>\n
k3s-uninstall.sh
k3s-agent-uninstall.sh
\u4e3a\u4e86\u6ee1\u8db3\u5ba2\u6237\u5bf9\u4f4e\u7248\u672c\u7684 K8s \u96c6\u7fa4\u7684\u642d\u5efa\uff0cKubean \u63d0\u4f9b\u4e86\u5411\u4e0b\u517c\u5bb9\u5e76\u521b\u5efa\u4f4e\u7248\u672c\u7684 K8s \u96c6\u7fa4\u80fd\u529b\uff0c\u7b80\u79f0\u5411\u4e0b\u517c\u5bb9\u7248\u672c\u7684\u80fd\u529b\u3002
\u76ee\u524d\u652f\u6301\u81ea\u5efa\u5de5\u4f5c\u96c6\u7fa4\u7248\u672c\u8303\u56f4\u5728 v1.26-v1.28
\uff0c\u53ef\u4ee5\u53c2\u9605 AI \u7b97\u529b\u4e2d\u5fc3\u96c6\u7fa4\u7248\u672c\u652f\u6301\u4f53\u7cfb\u3002
\u672c\u6587\u5c06\u6f14\u793a\u5982\u4f55\u90e8\u7f72\u4f4e\u7248\u672c\u7684 K8s \u96c6\u7fa4\u3002
Note
\u672c\u6587\u6f14\u793a\u7684\u8282\u70b9\u73af\u5883\u4e3a\uff1a
\u51c6\u5907\u4e00\u4e2a Kubean \u6240\u5728\u7684\u7ba1\u7406\u96c6\u7fa4\uff0c\u5e76\u4e14\u5f53\u524d\u73af\u5883\u5df2\u7ecf\u90e8\u7f72\u652f\u6301 podman
\u3001skopeo
\u3001minio client
\u547d\u4ee4\u3002 \u5982\u679c\u4e0d\u652f\u6301\uff0c\u53ef\u901a\u8fc7\u811a\u672c\u8fdb\u884c\u5b89\u88c5\u4f9d\u8d56\u7ec4\u4ef6\u3002
\u524d\u5f80 kubean \u67e5\u770b\u53d1\u5e03\u7684\u5236\u54c1\uff0c \u5e76\u6839\u636e\u5b9e\u9645\u60c5\u51b5\u9009\u62e9\u5177\u4f53\u7684\u5236\u54c1\u7248\u672c\u3002\u76ee\u524d\u652f\u6301\u7684\u5236\u54c1\u7248\u672c\u53ca\u5bf9\u5e94\u7684\u96c6\u7fa4\u7248\u672c\u8303\u56f4\u5982\u4e0b\uff1a
\u5236\u54c1\u5305\u7248\u672c \u652f\u6301\u96c6\u7fa4\u8303\u56f4 AI \u7b97\u529b\u4e2d\u5fc3\u652f\u6301\u60c5\u51b5 release-2.21 v1.23.0 ~ v1.25.6 \u5b89\u88c5\u5668 v0.14.0+ \u5df2\u652f\u6301 release-2.22 v1.24.0 ~ v1.26.13 \u5b89\u88c5\u5668 v0.15.0+ \u5df2\u652f\u6301 release-2.23 v1.25.0 ~ v1.27.10 \u5b89\u88c5\u5668 v0.16.0+ \u5df2\u652f\u6301 release-2.24 v1.26.0 ~ v1.29.1 \u5b89\u88c5\u5668 v0.17.0+ \u5df2\u652f\u6301 release-2.25 v1.27.0 ~ v1.29.5 \u5b89\u88c5\u5668 v0.20.0+ \u5df2\u652f\u6301Tip
\u5728\u9009\u62e9\u5236\u54c1\u7248\u672c\u65f6\uff0c\u4e0d\u4ec5\u9700\u8981\u53c2\u8003\u96c6\u7fa4\u7248\u672c\u8303\u56f4\uff0c\u8fd8\u9700\u5224\u65ad\u8be5\u5236\u54c1 manifest \u8d44\u6e90\u4e2d\u76f8\u5e94\u7ec4\u4ef6(\u5982 calico\u3001containerd)\u7248\u672c\u8303\u56f4\u662f\u5426\u8986\u76d6\u5f53\u524d\u96c6\u7fa4\u8be5\u7ec4\u4ef6\u7248\u672c\uff01
\u672c\u6587\u6f14\u793a\u79bb\u7ebf\u90e8\u7f72 K8s \u96c6\u7fa4\u5230 1.23.0 \u7248\u672c\u53ca\u79bb\u7ebf\u5347\u7ea7 K8s \u96c6\u7fa4\u4ece 1.23.0 \u7248\u672c\u5230 1.24.0 \u7248\u672c\uff0c\u6240\u4ee5\u9009\u62e9 release-2.21
\u7684\u5236\u54c1\u3002
\u5c06 spray-job \u955c\u50cf\u5bfc\u5165\u5230\u79bb\u7ebf\u73af\u5883\u7684 Registry\uff08\u955c\u50cf\u4ed3\u5e93\uff09\u4e2d\u3002
# \u5047\u8bbe\u706b\u79cd\u96c6\u7fa4\u4e2d\u7684 registry \u5730\u5740\u4e3a 172.30.41.200\nREGISTRY_ADDR=\"172.30.41.200\"\n\n# \u955c\u50cf spray-job \u8fd9\u91cc\u53ef\u4ee5\u91c7\u7528\u52a0\u901f\u5668\u5730\u5740\uff0c\u955c\u50cf\u5730\u5740\u6839\u636e\u9009\u62e9\u5236\u54c1\u7248\u672c\u6765\u51b3\u5b9a\nSPRAY_IMG_ADDR=\"ghcr.m.daocloud.io/kubean-io/spray-job:2.21-d6f688f\"\n\n# skopeo \u53c2\u6570\nSKOPEO_PARAMS=\" --insecure-policy -a --dest-tls-verify=false --retry-times=3 \"\n\n# \u5728\u7ebf\u73af\u5883\uff1a\u5bfc\u51fa release-2.21 \u7248\u672c\u7684 spray-job \u955c\u50cf\uff0c\u5e76\u5c06\u5176\u8f6c\u79fb\u5230\u79bb\u7ebf\u73af\u5883\nskopeo copy docker://${SPRAY_IMG_ADDR} docker-archive:spray-job-2.21.tar\n\n# \u79bb\u7ebf\u73af\u5883\uff1a\u5bfc\u5165 release-2.21 \u7248\u672c\u7684 spray-job \u955c\u50cf\u5230\u706b\u79cd registry\nskopeo copy ${SKOPEO_PARAMS} docker-archive:spray-job-2.21.tar docker://${REGISTRY_ADDR}/${SPRAY_IMG_ADDR/.m.daocloud/}\n
"},{"location":"admin/kpanda/best-practice/kubean-low-version.html#k8s","title":"\u5236\u4f5c\u4f4e\u7248\u672c K8s \u79bb\u7ebf\u8d44\u6e90","text":"\u51c6\u5907 manifest.yml \u6587\u4ef6\u3002
cat > \"manifest.yml\" <<EOF\nimage_arch:\n - \"amd64\" ## \"arm64\"\nkube_version: ## \u6839\u636e\u5b9e\u9645\u573a\u666f\u586b\u5199\u96c6\u7fa4\u7248\u672c\n - \"v1.23.0\"\n - \"v1.24.0\"\nEOF\n
\u5236\u4f5c\u79bb\u7ebf\u589e\u91cf\u5305\u3002
# \u521b\u5efa data \u76ee\u5f55\nmkdir data\n# \u5236\u4f5c\u79bb\u7ebf\u5305\uff0c\nAIRGAP_IMG_ADDR=\"ghcr.m.daocloud.io/kubean-io/airgap-patch:2.21-d6f688f\" # (1)!\npodman run --rm -v $(pwd)/manifest.yml:/manifest.yml -v $(pwd)/data:/data -e ZONE=CN -e MODE=FULL ${AIRGAP_IMG_ADDR}\n
\u5bfc\u5165\u5bf9\u5e94 k8s \u7248\u672c\u7684\u79bb\u7ebf\u955c\u50cf\u4e0e\u4e8c\u8fdb\u5236\u5305
# \u5c06\u4e0a\u4e00\u6b65 data \u76ee\u5f55\u4e2d\u7684\u4e8c\u8fdb\u5236\u5bfc\u5165\u4e8c\u8fdb\u5236\u5305\u81f3\u706b\u79cd\u8282\u70b9\u7684 MinIO \u4e2d\ncd ./data/amd64/files/\nMINIO_ADDR=\"http://127.0.0.1:9000\" # (1)!\nMINIO_USER=rootuser MINIO_PASS=rootpass123 ./import_files.sh ${MINIO_ADDR}\n\n# \u5c06\u4e0a\u4e00\u6b65 data \u76ee\u5f55\u4e2d\u7684\u955c\u50cf\u5bfc\u5165\u4e8c\u8fdb\u5236\u5305\u81f3\u706b\u79cd\u8282\u70b9\u7684\u955c\u50cf\u4ed3\u5e93\u4e2d\ncd ./data/amd64/images/\nREGISTRY_ADDR=\"127.0.0.1\" ./import_images.sh # (2)!\n
\u5c06 manifest
\u3001localartifactset.cr.yaml
\u81ea\u5b9a\u4e49\u8d44\u6e90\u90e8\u7f72\u5230 Kubean \u6240\u5728\u7684\u7ba1\u7406\u96c6\u7fa4\u6216\u8005\u5168\u5c40\u670d\u52a1\u96c6\u7fa4 \u5f53\u4e2d\uff0c\u672c\u4f8b\u4f7f\u7528\u7684\u662f\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u3002
# \u90e8\u7f72 data \u6587\u4ef6\u76ee\u5f55\u4e0b\u7684 localArtifactSet \u8d44\u6e90\ncd ./data\nkubectl apply -f localartifactset.cr.yaml\n\n# \u4e0b\u8f7d release-2.21 \u7248\u672c\u7684 manifest \u8d44\u6e90\nwget https://raw.githubusercontent.com/kubean-io/kubean-manifest/main/manifests/manifest-2.21-d6f688f.yml\n\n# \u90e8\u7f72 release-2.21 \u5bf9\u5e94\u7684 manifest \u8d44\u6e90\nkubectl apply -f manifest-2.21-d6f688f.yml\n
\u524d\u5f80 \u5bb9\u5668\u7ba1\u7406 \uff0c\u5728 \u96c6\u7fa4\u5217\u8868 \u9875\u9762\u4e2d\uff0c\u70b9\u51fb \u521b\u5efa\u96c6\u7fa4 \u6309\u94ae\u3002
\u88ab\u7eb3\u7ba1
\u53c2\u6570\u9009\u62e9 manifest
\u3001localartifactset.cr.yaml
\u81ea\u5b9a\u4e49\u8d44\u6e90\u90e8\u7f72\u7684\u96c6\u7fa4\uff0c\u672c\u4f8b\u4f7f\u7528\u7684\u662f\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u3002
\u5176\u4f59\u53c2\u6570\u53c2\u8003\u521b\u5efa\u96c6\u7fa4\u3002
\u9009\u62e9\u65b0\u521b\u5efa\u7684\u96c6\u7fa4\uff0c\u8fdb\u53bb\u8be6\u60c5\u754c\u9762\u3002
\u7136\u540e\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u96c6\u7fa4\u8fd0\u7ef4 -> \u96c6\u7fa4\u5347\u7ea7 \uff0c\u5728\u9875\u9762\u53f3\u4e0a\u89d2\u70b9\u51fb \u7248\u672c\u5347\u7ea7
\u9009\u62e9\u53ef\u7528\u7684\u96c6\u7fa4\u8fdb\u884c\u5347\u7ea7\u3002
Docker \u5728 17.07.0-ce \u7248\u672c\u4e2d\u5f15\u5165 overlay2.zize\uff0c\u672c\u6587\u4ecb\u7ecd\u5982\u4f55\u4f7f\u7528 overlay2.zize \u6765\u9650\u5236 docker \u5355\u5bb9\u5668\u53ef\u5360\u7528\u7684\u78c1\u76d8\u7a7a\u95f4\u3002
"},{"location":"admin/kpanda/best-practice/limit-disk-usage-docker.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u5728\u914d\u7f6e docker overlay2.size \u4e4b\u524d\uff0c\u9700\u8981\u8c03\u6574\u64cd\u4f5c\u7cfb\u7edf\u4e2d\u6587\u4ef6\u7cfb\u7edf\u7c7b\u578b\u4e3a xfs \u5e76\u4f7f\u7528 pquota \u65b9\u5f0f\u8fdb\u884c\u8bbe\u5907\u6302\u8f7d\u3002
\u683c\u5f0f\u5316\u8bbe\u5907\u4e3a XFS \u6587\u4ef6\u7cfb\u7edf\uff0c\u53ef\u4ee5\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a
mkfs.xfs -f /dev/xxx\n
Note
pquota \u9650\u5236\u7684\u662f\u9879\u76ee\uff08project\uff09\u78c1\u76d8\u914d\u989d\u3002
"},{"location":"admin/kpanda/best-practice/limit-disk-usage-docker.html#_2","title":"\u8bbe\u7f6e\u5355\u5bb9\u5668\u78c1\u76d8\u53ef\u5360\u7528\u7a7a\u95f4","text":"\u6ee1\u8db3\u4ee5\u4e0a\u6761\u4ef6\u540e\uff0c\u7528\u6237\u53ef\u4ee5\u901a\u8fc7\u8bbe\u7f6e docker overlay2.size \u6765\u9650\u5236\u5355\u5bb9\u5668\u78c1\u76d8\u5360\u7528\u7a7a\u95f4\u5927\u5c0f\u3002\u547d\u4ee4\u884c\u793a\u4f8b\u5982\u4e0b\uff1a
sudo dockerd -s overlay2 --storage-opt overlay2.size=1G\n
"},{"location":"admin/kpanda/best-practice/limit-disk-usage-docker.html#_3","title":"\u573a\u666f\u6f14\u7ec3","text":"\u63a5\u4e0b\u6765\u4ee5\u4e00\u4e2a\u5b9e\u9645\u7684\u4f8b\u5b50\u6765\u6f14\u7ec3\u4e00\u4e0b\u9650\u5236 docker \u5355\u5bb9\u5668\u53ef\u5360\u7528\u7684\u78c1\u76d8\u7a7a\u95f4\u6574\u4f53\u5b9e\u73b0\u6d41\u7a0b\u3002
"},{"location":"admin/kpanda/best-practice/limit-disk-usage-docker.html#_4","title":"\u76ee\u6807","text":"\u90e8\u7f72\u4e00\u4e2a Kubernetes \u96c6\u7fa4\uff0c\u5e76\u9650\u5236 docker \u5355\u5bb9\u5668\u53ef\u5360\u7528\u7684\u78c1\u76d8\u7a7a\u95f4\u5927\u5c0f\u4e3a1G\uff0c\u8d85\u51fa1G\u5c06\u65e0\u6cd5\u4f7f\u7528\u3002
"},{"location":"admin/kpanda/best-practice/limit-disk-usage-docker.html#_5","title":"\u64cd\u4f5c\u6d41\u7a0b","text":"\u767b\u5f55\u76ee\u6807\u8282\u70b9\uff0c\u67e5\u770b fstab \u6587\u4ef6\uff0c\u83b7\u53d6\u5f53\u524d\u8bbe\u5907\u7684\u6302\u8f7d\u60c5\u51b5\u3002
$ cat /etc/fstab\n\n# /etc/fstab\n# Created by anaconda on Thu Mar 19 11:32:59 2020\n#\n# Accessible filesystems, by reference, are maintained under '/dev/disk'\n# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info\n#\n/dev/mapper/centos-root / xfs defaults 0 0\nUUID=3ed01f0e-67a1-4083-943a-343b7fed1708 /boot xfs defaults 0 0\n/dev/mapper/centos-swap swap swap defaults 0 0\n
\u4ee5\u56fe\u793a\u8282\u70b9\u8bbe\u5907\u4e3a\u4f8b\uff0c\u53ef\u4ee5\u770b\u5230 XFS \u683c\u5f0f\u8bbe\u5907 /dev/mapper/centos-root \u4ee5\u9ed8\u8ba4\u65b9\u5f0f defauls \u6302\u8f7d\u5230 / \u6839\u76ee\u5f55.
\u914d\u7f6e xfs \u6587\u4ef6\u7cfb\u7edf\u4f7f\u7528 pquota \u65b9\u5f0f\u6302\u8f7d\u3002
\u4fee\u6539 fstab \u6587\u4ef6\uff0c\u5c06\u6302\u8f7d\u65b9\u5f0f\u4ece defaults \u66f4\u65b0\u4e3a rw,pquota\uff1b
# \u4fee\u6539 fstab \u914d\u7f6e\n$ vi /etc/fstab\n- /dev/mapper/centos-root / xfs defaults 0 0\n+ /dev/mapper/centos-root / xfs rw,pquota 0 0\n\n# \u9a8c\u8bc1\u914d\u7f6e\u662f\u5426\u6709\u8bef\n$ mount -a\n
\u67e5\u770b pquota \u662f\u5426\u751f\u6548
xfs_quota -x -c print\n
Note
\u5982\u679c pquota \u672a\u751f\u6548\uff0c\u8bf7\u68c0\u67e5\u64cd\u4f5c\u7cfb\u7edf\u662f\u5426\u5f00\u542f pquota \u9009\u9879\uff0c\u5982\u679c\u672a\u5f00\u542f\uff0c\u9700\u8981\u5728\u7cfb\u7edf\u5f15\u5bfc\u914d\u7f6e /etc/grub2.cfg \u4e2d\u6dfb\u52a0 rootflags=pquota
\u53c2\u6570\uff0c\u914d\u7f6e\u5b8c\u6210\u540e\uff0c\u9700\u8981 reboot \u91cd\u542f\u64cd\u4f5c\u7cfb\u7edf\u3002
\u521b\u5efa\u96c6\u7fa4 -> \u9ad8\u7ea7\u914d\u7f6e -> \u81ea\u5b9a\u4e49\u53c2\u6570 \u4e2d\u6dfb\u52a0 docker_storage_options \u53c2\u6570\uff0c\u8bbe\u7f6e\u5355\u5bb9\u5668\u78c1\u76d8\u53ef\u5360\u7528\u7a7a\u95f4\u3002
Note
\u4e5f\u53ef\u4ee5\u57fa\u4e8e kubean manifest \u64cd\u4f5c\uff0c\u5728 vars conf \u91cc\u6dfb\u52a0 docker_storage_options
\u53c2\u6570\u3002
apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: sample-vars-conf\n namespace: kubean-system\ndata:\n group_vars.yml: |\n unsafe_show_logs: true\n container_manager: docker\n+ docker_storage_options: -s overlay2 --storage-opt overlay2.size=1G # \u65b0\u589e docker_storage_options \u53c2\u6570\n kube_network_plugin: calico\n kube_network_plugin_multus: false\n kube_proxy_mode: iptables\n etcd_deployment_type: kubeadm\n override_system_hostname: true\n ...\n
\u67e5\u770b dockerd \u670d\u52a1\u8fd0\u884c\u914d\u7f6e\uff0c\u68c0\u67e5\u78c1\u76d8\u9650\u5236\u662f\u5426\u8bbe\u7f6e\u6210\u529f\u3002
\u4ee5\u4e0a\uff0c\u5b8c\u6210\u9650\u5236 docker \u5355\u5bb9\u5668\u53ef\u5360\u7528\u7684\u78c1\u76d8\u7a7a\u95f4\u6574\u4f53\u5b9e\u73b0\u6d41\u7a0b\u3002
"},{"location":"admin/kpanda/best-practice/multi-arch.html","title":"\u4e3a\u5de5\u4f5c\u96c6\u7fa4\u6dfb\u52a0\u5f02\u6784\u8282\u70b9","text":"\u672c\u6587\u4ecb\u7ecd\u5982\u4f55\u4e3a AMD \u67b6\u6784\uff0c\u64cd\u4f5c\u7cfb\u7edf\u4e3a CentOS 7.9 \u7684\u5de5\u4f5c\u96c6\u7fa4\u6dfb\u52a0 ARM \u67b6\u6784\uff0c\u64cd\u4f5c\u7cfb\u7edf\u4e3a Kylin v10 sp2 \u7684\u5de5\u4f5c\u8282\u70b9
Note
\u672c\u6587\u4ec5\u9488\u5bf9\u79bb\u7ebf\u6a21\u5f0f\u4e0b\uff0c\u4f7f\u7528 AI \u7b97\u529b\u4e2d\u5fc3\u5e73\u53f0\u6240\u521b\u5efa\u7684\u5de5\u4f5c\u96c6\u7fa4\u8fdb\u884c\u5f02\u6784\u8282\u70b9\u7684\u6dfb\u52a0\uff0c\u4e0d\u5305\u62ec\u63a5\u5165\u7684\u96c6\u7fa4\u3002
"},{"location":"admin/kpanda/best-practice/multi-arch.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u4ee5 ARM \u67b6\u6784\u3001\u64cd\u4f5c\u7cfb\u7edf Kylin v10 sp2 \u4e3a\u4f8b\u3002
\u8bf7\u786e\u4fdd\u5df2\u7ecf\u767b\u5f55\u5230\u706b\u79cd\u8282\u70b9\uff01\u5e76\u4e14\u4e4b\u524d\u90e8\u7f72 AI \u7b97\u529b\u4e2d\u5fc3\u65f6\u4f7f\u7528\u7684 clusterConfig.yaml \u6587\u4ef6\u8fd8\u5728\u3002
"},{"location":"admin/kpanda/best-practice/multi-arch.html#_5","title":"\u79bb\u7ebf\u955c\u50cf\u5305","text":"Note
\u8bf7\u786e\u4fdd\u5728\u5bb9\u5668\u7ba1\u7406 v0.31 \u53ca\u4ee5\u4e0a\u7248\u672c\u4f7f\u7528\u8be5\u80fd\u529b\uff0c\u5bf9\u5e94\u5b89\u88c5\u5668 v0.21.0 \u53ca\u4ee5\u4e0a\u7248\u672c
CPU \u67b6\u6784 \u7248\u672c \u4e0b\u8f7d\u5730\u5740 AMD64 v0.21.0 https://qiniu-download-public.daocloud.io/DaoCloud_Enterprise/dce5/offline-v0.21.0-amd64.tar ARM64 v0.21.0 https://qiniu-download-public.daocloud.io/DaoCloud_Enterprise/dce5/offline-v0.21.0-arm64.tar\u4e0b\u8f7d\u5b8c\u6bd5\u540e\u89e3\u538b\u79bb\u7ebf\u5305\u3002\u6b64\u5904\u6211\u4eec\u4e0b\u8f7d arm64 \u67b6\u6784\u7684\u79bb\u7ebf\u5305\uff1a
tar -xvf offline-v0.21.0-arm64.tar\n
"},{"location":"admin/kpanda/best-practice/multi-arch.html#iso-kylin-v10-sp2","title":"ISO \u79bb\u7ebf\u5305\uff08Kylin v10 sp2\uff09","text":"CPU \u67b6\u6784 \u64cd\u4f5c\u7cfb\u7edf\u7248\u672c \u4e0b\u8f7d\u5730\u5740 ARM64 Kylin Linux Advanced Server release V10 (Sword) SP2 \u7533\u8bf7\u5730\u5740\uff1ahttps://www.kylinos.cn/support/trial.html Note
\u9e92\u9e9f\u64cd\u4f5c\u7cfb\u7edf\u9700\u8981\u63d0\u4f9b\u4e2a\u4eba\u4fe1\u606f\u624d\u80fd\u4e0b\u8f7d\u4f7f\u7528\uff0c\u4e0b\u8f7d\u65f6\u8bf7\u9009\u62e9 V10 (Sword) SP2\u3002
"},{"location":"admin/kpanda/best-practice/multi-arch.html#ospackage-kylin-v10-sp2","title":"osPackage \u79bb\u7ebf\u5305 \uff08Kylin v10 sp2\uff09","text":"\u5176\u4e2d Kubean \u63d0\u4f9b\u4e86\u4e0d\u540c\u64cd\u4f5c\u7cfb\u7edf\u7684osPackage \u79bb\u7ebf\u5305\uff0c\u53ef\u4ee5\u524d\u5f80 https://github.com/kubean-io/kubean/releases \u67e5\u770b\u3002
\u64cd\u4f5c\u7cfb\u7edf\u7248\u672c \u4e0b\u8f7d\u5730\u5740 Kylin Linux Advanced Server release V10 (Sword) SP2 https://github.com/kubean-io/kubean/releases/download/v0.18.5/os-pkgs-kylin-v10sp2-v0.18.5.tar.gzNote
osPackage \u79bb\u7ebf\u5305\u7684\u5177\u4f53\u5bf9\u5e94\u7248\u672c\u8bf7\u67e5\u770b\u79bb\u7ebf\u955c\u50cf\u5305\u4e2d offline/sample/clusterConfig.yaml \u4e2d\u5bf9\u5e94\u7684 kubean \u7248\u672c
"},{"location":"admin/kpanda/best-practice/multi-arch.html#_6","title":"\u5bfc\u5165\u79bb\u7ebf\u5305\u81f3\u706b\u79cd\u8282\u70b9","text":"\u6267\u884c import-artifact \u547d\u4ee4\uff1a
./offline/dce5-installer import-artifact -c clusterConfig.yaml \\\n --offline-path=/root/offline \\\n --iso-path=/root/Kylin-Server-10-SP2-aarch64-Release-Build09-20210524.iso \\\n --os-pkgs-path=/root/os-pkgs-kylin-v10sp2-v0.18.5.tar.gz\n
Note
\u53c2\u6570\u8bf4\u660e\uff1a
\u5bfc\u5165\u547d\u4ee4\u6267\u884c\u6210\u529f\u540e\uff0c\u4f1a\u5c06\u79bb\u7ebf\u5305\u4e0a\u4f20\u5230\u706b\u79cd\u8282\u70b9\u7684 Minio \u4e2d\u3002
"},{"location":"admin/kpanda/best-practice/multi-arch.html#_7","title":"\u6dfb\u52a0\u5f02\u6784\u5de5\u4f5c\u8282\u70b9","text":"\u8bf7\u786e\u4fdd\u5df2\u7ecf\u767b\u5f55\u5230 AI \u7b97\u529b\u4e2d\u5fc3\u7ba1\u7406\u96c6\u7fa4\u7684\u7ba1\u7406\u8282\u70b9\u4e0a\u3002
"},{"location":"admin/kpanda/best-practice/multi-arch.html#_8","title":"\u4fee\u6539\u4e3b\u673a\u6e05\u5355\u6587\u4ef6","text":"\u4e3b\u673a\u6e05\u5355\u6587\u4ef6\u793a\u4f8b\uff1a
\u65b0\u589e\u8282\u70b9\u524d\u65b0\u589e\u8282\u70b9\u540eapiVersion: v1\nkind: ConfigMap\nmetadata:\n name: ${cluster-name}-hosts-conf\n namespace: kubean-system\ndata:\n hosts.yml: |\n all:\n children:\n etcd:\n hosts:\n centos-master:\n k8s_cluster:\n children:\n kube_control_plane:\n kube_node:\n kube_control_plane:\n hosts:\n centos-master:\n kube_node:\n hosts:\n centos-master:\n hosts:\n centos-master:\n ip: 10.5.10.183\n access_ip: 10.5.10.183\n ansible_host: 10.5.10.183\n ansible_connection: ssh\n ansible_user: root\n ansible_ssh_pass: ******\n ansible_password: ******\n ansible_become_password: ******\n
apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: ${cluster-name}-hosts-conf\n namespace: kubean-system\ndata:\n hosts.yml: |\n all:\n hosts:\n centos-master:\n ip: 10.5.10.183\n access_ip: 10.5.10.183\n ansible_host: 10.5.10.183\n ansible_connection: ssh\n ansible_user: root\n ansible_ssh_pass: ******\n ansible_password: ******\n ansible_become_password: ******\n # \u6dfb\u52a0\u5f02\u6784\u8282\u70b9\u4fe1\u606f\n kylin-worker:\n ip: 10.5.10.181\n access_ip: 10.5.10.181\n ansible_host: 10.5.10.181\n ansible_connection: ssh\n ansible_user: root\n ansible_ssh_pass: ******\n ansible_password: ******\n ansible_become_password: ******\n children:\n kube_control_plane:\n hosts:\n - centos-master\n kube_node:\n hosts:\n - centos-master\n - kylin-worker # \u6dfb\u52a0\u65b0\u589e\u7684\u5f02\u6784\u8282\u70b9\u540d\u79f0\n etcd:\n hosts:\n - centos-master\n k8s_cluster:\n children:\n - kube_control_plane\n - kube_node\n
\u6309\u7167\u4e0a\u8ff0\u7684\u914d\u7f6e\u6ce8\u91ca\uff0c\u6dfb\u52a0\u65b0\u589e\u7684\u5de5\u4f5c\u8282\u70b9\u4fe1\u606f\u3002
kubectl edit cm ${cluster-name}-hosts-conf -n kubean-system\n
cluster-name \u4e3a\u5de5\u4f5c\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u901a\u8fc7\u5bb9\u5668\u7ba1\u7406\u521b\u5efa\u96c6\u7fa4\u65f6\u4f1a\u9ed8\u8ba4\u751f\u6210\u3002
"},{"location":"admin/kpanda/best-practice/multi-arch.html#clusteroperationyml","title":"\u901a\u8fc7 ClusterOperation.yml \u65b0\u589e\u6269\u5bb9\u4efb\u52a1","text":"\u793a\u4f8b\uff1a
ClusterOperation.ymlapiVersion: kubean.io/v1alpha1\nkind: ClusterOperation\nmetadata:\n name: add-worker-node\nspec:\n cluster: ${cluster-name} # \u6307\u5b9a cluster name\n image: 10.5.14.30/ghcr.m.daocloud.io/kubean-io/spray-job:v0.18.5\n actionType: playbook\n action: scale.yml\n extraArgs: --limit=kylin-worker\n preHook:\n - actionType: playbook\n action: ping.yml\n - actionType: playbook\n action: disable-firewalld.yml\n - actionType: playbook\n action: enable-repo.yml\n extraArgs: |\n -e \"{repo_list: [\"http://10.5.14.30:9000/kubean/kylin-iso/\\$releasever/sp2/os/\\$basearch\",\"http://10.5.14.30:9000/kubean/kylin/\\$releasever/sp2/os/\\$basearch\"]}\" --limit=kylin-worker\n postHook:\n - actionType: playbook\n action: cluster-info.yml\n
Note
\u6309\u7167\u4e0a\u8ff0\u7684\u914d\u7f6e\uff0c\u521b\u5efa\u5e76\u90e8\u7f72 join-node-ops.yaml\uff1a
vi join-node-ops.yaml\nkubectl apply -f join-node-ops.yaml -n kubean-system\n
"},{"location":"admin/kpanda/best-practice/multi-arch.html#_9","title":"\u68c0\u67e5\u4efb\u52a1\u6267\u884c\u72b6\u6001","text":"kubectl -n kubean-system get pod | grep add-worker-node\n
\u4e86\u89e3\u7f29\u5bb9\u4efb\u52a1\u6267\u884c\u8fdb\u5ea6\uff0c\u53ef\u67e5\u770b\u8be5 Pod \u65e5\u5fd7\u3002
"},{"location":"admin/kpanda/best-practice/multi-arch.html#_10","title":"\u524d\u5f80\u754c\u9762\u9a8c\u8bc1","text":"\u524d\u5f80 \u5bb9\u5668\u7ba1\u7406 -> \u96c6\u7fa4 -> \u8282\u70b9\u7ba1\u7406
\u70b9\u51fb\u65b0\u589e\u7684\u8282\u70b9\uff0c\u67e5\u770b\u8be6\u60c5
\u672c\u6587\u5c06\u4ee5\u4e00\u4e2a\u9ad8\u53ef\u7528\u4e09\u63a7\u5236\u8282\u70b9\u7684\u5de5\u4f5c\u96c6\u7fa4\u4e3a\u4f8b\u3002 \u5f53\u5de5\u4f5c\u96c6\u7fa4\u7684\u9996\u4e2a\u63a7\u5236\u8282\u70b9\u6545\u969c\u6216\u5f02\u5e38\u65f6\uff0c\u5982\u4f55\u66ff\u6362\u6216\u91cd\u65b0\u63a5\u5165\u9996\u4e2a\u63a7\u5236\u8282\u70b9\u3002
\u672c\u6587\u7684\u9ad8\u53ef\u7528\u96c6\u7fa4\u6709 3 \u4e2a Master \u8282\u70b9\uff1a
\u5047\u8bbe node1 \u5b95\u673a\uff0c\u63a5\u4e0b\u6765\u4ecb\u7ecd\u5982\u4f55\u5c06\u5b95\u673a\u540e\u6062\u590d\u7684 node1 \u91cd\u65b0\u63a5\u5165\u5de5\u4f5c\u96c6\u7fa4\u3002
"},{"location":"admin/kpanda/best-practice/replace-first-master-node.html#_2","title":"\u51c6\u5907\u5de5\u4f5c","text":"\u5728\u6267\u884c\u66ff\u6362\u64cd\u4f5c\u4e4b\u524d\uff0c\u5148\u83b7\u53d6\u96c6\u7fa4\u8d44\u6e90\u57fa\u672c\u4fe1\u606f\uff0c\u4fee\u6539\u76f8\u5173\u914d\u7f6e\u65f6\u4f1a\u7528\u5230\u3002
Note
\u4ee5\u4e0b\u83b7\u53d6\u96c6\u7fa4\u8d44\u6e90\u4fe1\u606f\u7684\u547d\u4ee4\u5747\u5728\u7ba1\u7406\u96c6\u7fa4\u4e2d\u6267\u884c\u3002
\u83b7\u53d6\u96c6\u7fa4\u540d\u79f0
\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u627e\u5230\u96c6\u7fa4\u5bf9\u5e94\u7684 clusters.kubean.io
\u8d44\u6e90\uff1a
# \u6bd4\u5982 clusters.kubean.io \u7684\u8d44\u6e90\u540d\u79f0\u4e3a cluster-mini-1\n# \u5219\u83b7\u53d6\u96c6\u7fa4\u7684\u540d\u79f0\nCLUSTER_NAME=$(kubectl get clusters.kubean.io cluster-mini-1 -o=jsonpath=\"{.metadata.name}{'\\n'}\")\n
\u83b7\u53d6\u96c6\u7fa4\u7684\u4e3b\u673a\u6e05\u5355 configmap
kubectl get clusters.kubean.io cluster-mini-1 -o=jsonpath=\"{.spec.hostsConfRef}{'\\n'}\"\n{\"name\":\"mini-1-hosts-conf\",\"namespace\":\"kubean-system\"}\n
\u83b7\u53d6\u96c6\u7fa4\u7684\u914d\u7f6e\u53c2\u6570 configmap
kubectl get clusters.kubean.io cluster-mini-1 -o=jsonpath=\"{.spec.varsConfRef}{'\\n'}\"\n{\"name\":\"mini-1-vars-conf\",\"namespace\":\"kubean-system\"}\n
\u8c03\u6574\u63a7\u5236\u5e73\u9762\u8282\u70b9\u987a\u5e8f
\u91cd\u7f6e node1 \u8282\u70b9\u4f7f\u5176\u6062\u590d\u5230\u5b89\u88c5\u96c6\u7fa4\u4e4b\u524d\u7684\u72b6\u6001\uff08\u6216\u4f7f\u7528\u65b0\u7684\u8282\u70b9\uff09\uff0c\u4fdd\u6301 node1 \u8282\u70b9\u7684\u7f51\u7edc\u8fde\u901a\u6027\u3002
\u8c03\u6574\u4e3b\u673a\u6e05\u5355\u4e2d node1 \u8282\u70b9\u5728 kube_control_plane \u3001kube_node\u3001etcd \u4e2d\u7684\u987a\u5e8f \uff08node1/node2/node3 -> node2/node3/node1\uff09\uff1a
function change_control_plane_order() {\n cat << EOF | kubectl apply -f -\n---\napiVersion: v1\nkind: ConfigMap\nmetadata:\n name: mini-1-hosts-conf\n namespace: kubean-system\ndata:\n hosts.yml: |\n all:\n hosts:\n node1:\n ip: \"172.30.41.161\"\n access_ip: \"172.30.41.161\"\n ansible_host: \"172.30.41.161\"\n ansible_connection: ssh\n ansible_user: root\n ansible_password: dangerous\n node2:\n ip: \"172.30.41.162\"\n access_ip: \"172.30.41.162\"\n ansible_host: \"172.30.41.162\"\n ansible_connection: ssh\n ansible_user: root\n ansible_password: dangerous\n node3:\n ip: \"172.30.41.163\"\n access_ip: \"172.30.41.163\"\n ansible_host: \"172.30.41.163\"\n ansible_connection: ssh\n ansible_user: root\n ansible_password: dangerous\n children:\n kube_control_plane:\n hosts:\n node2:\n node3:\n node1:\n kube_node:\n hosts:\n node2:\n node3:\n node1:\n etcd:\n hosts:\n node2:\n node3:\n node1:\n k8s_cluster:\n children:\n kube_control_plane:\n kube_node:\n calico_rr:\n hosts: {}\nEOF\n}\n\nchange_control_plane_order\n
\u79fb\u9664\u5f02\u5e38\u72b6\u6001\u7684\u9996\u4e2a master \u8282\u70b9
\u8c03\u6574\u4e3b\u673a\u6e05\u5355\u7684\u8282\u70b9\u987a\u5e8f\u540e\uff0c\u79fb\u9664 K8s \u63a7\u5236\u5e73\u9762\u5f02\u5e38\u72b6\u6001\u7684 node1\u3002
Note
\u5982\u679c node1 \u79bb\u7ebf\u6216\u6545\u969c\uff0c\u5219 extraArgs \u987b\u6dfb\u52a0\u4ee5\u4e0b\u914d\u7f6e\u9879\uff0cnode1 \u5728\u7ebf\u65f6\u4e0d\u9700\u8981\u6dfb\u52a0\u3002
reset_nodes=false # \u8df3\u8fc7\u91cd\u7f6e\u8282\u70b9\u64cd\u4f5c\nallow_ungraceful_removal=true # \u5141\u8bb8\u975e\u4f18\u96c5\u7684\u79fb\u9664\u64cd\u4f5c\n
# \u955c\u50cf spray-job \u8fd9\u91cc\u53ef\u4ee5\u91c7\u7528\u52a0\u901f\u5668\u5730\u5740\n\nSPRAY_IMG_ADDR=\"ghcr.m.daocloud.io/kubean-io/spray-job\"\nSPRAY_RLS_2_22_TAG=\"2.22-336b323\"\nKUBE_VERSION=\"v1.24.14\"\nCLUSTER_NAME=\"cluster-mini-1\"\nREMOVE_NODE_NAME=\"node1\"\n\ncat << EOF | kubectl apply -f -\n---\napiVersion: kubean.io/v1alpha1\nkind: ClusterOperation\nmetadata:\n name: cluster-mini-1-remove-node-ops\nspec:\n cluster: ${CLUSTER_NAME}\n image: ${SPRAY_IMG_ADDR}:${SPRAY_RLS_2_22_TAG}\n actionType: playbook\n action: remove-node.yml\n extraArgs: -e node=${REMOVE_NODE_NAME} -e reset_nodes=false -e allow_ungraceful_removal=true -e kube_version=${KUBE_VERSION}\n postHook:\n - actionType: playbook\n action: cluster-info.yml\nEOF\n
\u624b\u52a8\u4fee\u6539\u96c6\u7fa4\u914d\u7f6e\uff0c\u7f16\u8f91\u66f4\u65b0 cluster-info
# \u7f16\u8f91 cluster-info\nkubectl -n kube-public edit cm cluster-info\n\n# 1. \u82e5 ca.crt \u8bc1\u4e66\u66f4\u65b0\uff0c\u5219\u9700\u8981\u66f4\u65b0 certificate-authority-data \u5b57\u6bb5\u7684\u5185\u5bb9\n# \u67e5\u770b ca \u8bc1\u4e66\u7684 base64 \u7f16\u7801\uff1a\ncat /etc/kubernetes/ssl/ca.crt | base64 | tr -d '\\n'\n\n# 2. \u9700\u6539 server \u5b57\u6bb5\u7684 IP \u5730\u5740\u4e3a\u65b0 first master IP, \u672c\u6587\u6863\u573a\u666f\u5c06\u4f7f\u7528 node2 \u7684 IP \u5730\u5740 172.30.41.162\n
\u624b\u52a8\u4fee\u6539\u96c6\u7fa4\u914d\u7f6e\uff0c\u7f16\u8f91\u66f4\u65b0 kubeadm-config
# \u7f16\u8f91 kubeadm-config\nkubectl -n kube-system edit cm kubeadm-config\n\n# \u4fee\u6539 controlPlaneEndpoint \u4e3a\u65b0 first master IP, \u672c\u6587\u6863\u573a\u666f\u5c06\u4f7f\u7528 node2 \u7684 IP \u5730\u5740 172.30.41.162\n
\u91cd\u65b0\u6269\u5bb9 master \u8282\u70b9\u5e76\u66f4\u65b0\u96c6\u7fa4
Note
--limit
\u9650\u5236\u66f4\u65b0\u64cd\u4f5c\u4ec5\u4f5c\u7528\u4e8e etcd \u548c kube_control_plane \u8282\u70b9\u7ec4\u3002cat << EOF | kubectl apply -f -\n---\napiVersion: kubean.io/v1alpha1\nkind: ClusterOperation\nmetadata:\n name: cluster-mini-1-update-cluster-ops\nspec:\n cluster: ${CLUSTER_NAME}\n image: ${SPRAY_IMG_ADDR}:${SPRAY_RLS_2_22_TAG}\n actionType: playbook\n action: cluster.yml\n extraArgs: --limit=etcd,kube_control_plane -e kube_version=${KUBE_VERSION}\n preHook:\n - actionType: playbook\n action: enable-repo.yml # \u79bb\u7ebf\u73af\u5883\u4e0b\u9700\u8981\u6dfb\u52a0\u6b64 yaml\uff0c\u5e76\u4e14\u8bbe\u7f6e\u6b63\u786e\u7684 repo-list(\u5b89\u88c5\u64cd\u4f5c\u7cfb\u7edf\u8f6f\u4ef6\u5305)\uff0c\u4ee5\u4e0b\u53c2\u6570\u503c\u4ec5\u4f9b\u53c2\u8003\n extraArgs: |\n -e \"{repo_list: ['http://172.30.41.0:9000/kubean/centos/\\$releasever/os/\\$basearch','http://172.30.41.0:9000/kubean/centos-iso/\\$releasever/os/\\$basearch']}\"\n postHook:\n - actionType: playbook\n action: cluster-info.yml\nEOF\n
\u81f3\u6b64\uff0c\u5b8c\u6210\u4e86\u9996\u4e2a Master \u8282\u70b9\u7684\u66ff\u6362\u3002
"},{"location":"admin/kpanda/best-practice/update-offline-cluster.html","title":"\u5de5\u4f5c\u96c6\u7fa4\u79bb\u7ebf\u90e8\u7f72/\u5347\u7ea7\u6307\u5357","text":"Note
\u672c\u6587\u4ec5\u9488\u5bf9\u79bb\u7ebf\u6a21\u5f0f\u4e0b\uff0c\u4f7f\u7528 AI \u7b97\u529b\u4e2d\u5fc3\u5e73\u53f0\u6240\u521b\u5efa\u7684\u5de5\u4f5c\u96c6\u7fa4\u7684 kubernetes \u7684\u7248\u672c\u8fdb\u884c\u90e8\u7f72\u6216\u5347\u7ea7\uff0c \u4e0d\u5305\u62ec\u5176\u5b83 kubeneters \u7ec4\u4ef6\u7684\u90e8\u7f72\u6216\u5347\u7ea7\u3002
\u672c\u6587\u9002\u7528\u4ee5\u4e0b\u79bb\u7ebf\u573a\u666f\uff1a
\u6574\u4f53\u7684\u601d\u8def\u4e3a\uff1a
Note
\u76ee\u524d\u652f\u6301\u6784\u5efa\u7684\u79bb\u7ebf kubernetes \u7248\u672c\uff0c\u8bf7\u53c2\u8003 kubean \u652f\u6301\u7684 kubernetes \u7248\u672c\u5217\u8868\u3002
"},{"location":"admin/kpanda/best-practice/update-offline-cluster.html#_2","title":"\u5728\u8054\u7f51\u8282\u70b9\u6784\u5efa\u79bb\u7ebf\u5305","text":"\u7531\u4e8e\u79bb\u7ebf\u73af\u5883\u65e0\u6cd5\u8054\u7f51\uff0c\u7528\u6237\u9700\u8981\u4e8b\u5148\u51c6\u5907\u4e00\u53f0\u80fd\u591f \u8054\u7f51\u7684\u8282\u70b9 \u6765\u8fdb\u884c\u589e\u91cf\u79bb\u7ebf\u5305\u7684\u6784\u5efa\uff0c\u5e76\u4e14\u5728\u8fd9\u4e2a\u8282\u70b9\u4e0a\u542f\u52a8 Docker \u6216\u8005 podman \u670d\u52a1\u3002
\u68c0\u67e5\u8054\u7f51\u8282\u70b9\u7684 Docker \u670d\u52a1\u8fd0\u884c\u72b6\u6001
ps aux|grep docker\n
\u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a
root 12341 0.5 0.2 654372 26736 ? Ssl 23:45 0:00 /usr/bin/docked\nroot 12351 0.2 0.1 625080 13740 ? Ssl 23:45 0:00 docker-containerd --config /var/run/docker/containerd/containerd.toml\nroot 13024 0.0 0.0 112824 980 pts/0 S+ 23:45 0:00 grep --color=auto docker\n
\u5728\u8054\u7f51\u8282\u70b9\u7684 /root \u76ee\u5f55\u4e0b\u521b\u5efa\u4e00\u4e2a\u540d\u4e3a manifest.yaml \u7684\u6587\u4ef6\uff0c\u547d\u4ee4\u5982\u4e0b\uff1a
vi manifest.yaml\n
manifest.yaml \u5185\u5bb9\u5982\u4e0b\uff1a
manifest.yamlimage_arch:\n- \"amd64\"\nkube_version: # \u586b\u5199\u5f85\u5347\u7ea7\u7684\u96c6\u7fa4\u7248\u672c\n- \"v1.28.0\"\n
\u5728 /root \u76ee\u5f55\u4e0b\u65b0\u5efa\u4e00\u4e2a\u540d\u4e3a /data \u7684\u6587\u4ef6\u5939\u6765\u5b58\u50a8\u589e\u91cf\u79bb\u7ebf\u5305\u3002
mkdir data\n
\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u4f7f\u7528 kubean airgap-patch
\u955c\u50cf\u751f\u6210\u79bb\u7ebf\u5305\u3002 airgap-patch
\u955c\u50cf tag \u4e0e Kubean \u7248\u672c\u4e00\u81f4\uff0c\u9700\u786e\u4fdd Kubean \u7248\u672c\u8986\u76d6\u9700\u8981\u5347\u7ea7\u7684 Kubernetes \u7248\u672c\u3002
# \u5047\u8bbe kubean \u7248\u672c\u4e3a v0.13.9\ndocker run --rm -v $(pwd)/manifest.yml:/manifest.yml -v $(pwd)/data:/data ghcr.m.daocloud.io/kubean-io/airgap-patch:v0.13.9\n
\u7b49\u5f85 Docker \u670d\u52a1\u8fd0\u884c\u5b8c\u6210\u540e\uff0c\u68c0\u67e5 /data \u6587\u4ef6\u5939\u4e0b\u7684\u6587\u4ef6\uff0c\u6587\u4ef6\u76ee\u5f55\u5982\u4e0b\uff1a
data\n\u251c\u2500\u2500 amd64\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 files\n\u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 import_files.sh\n\u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u2514\u2500\u2500 offline-files.tar.gz\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 images\n\u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 import_images.sh\n\u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u2514\u2500\u2500 offline-images.tar.gz\n\u2502\u00a0\u00a0 \u2514\u2500\u2500 os-pkgs\n\u2502\u00a0\u00a0 \u2514\u2500\u2500 import_ospkgs.sh\n\u2514\u2500\u2500 localartifactset.cr.yaml\n
\u5c06\u8054\u7f51\u8282\u70b9\u7684 /data \u6587\u4ef6\u62f7\u8d1d\u81f3\u706b\u79cd\u8282\u70b9\u7684 /root \u76ee\u5f55\u4e0b\uff0c\u5728 \u8054\u7f51\u8282\u70b9 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff1a
scp -r data root@x.x.x.x:/root\n
x.x.x.x
\u4e3a\u706b\u79cd\u8282\u70b9 IP \u5730\u5740
\u5728\u706b\u79cd\u8282\u70b9\u4e0a\u5c06 /data \u6587\u4ef6\u5185\u7684\u955c\u50cf\u6587\u4ef6\u62f7\u8d1d\u81f3\u706b\u79cd\u8282\u70b9\u5185\u7f6e\u7684 docker resgitry \u4ed3\u5e93\u3002\u767b\u5f55\u706b\u79cd\u8282\u70b9\u540e\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff1a
\u8fdb\u5165\u955c\u50cf\u6587\u4ef6\u6240\u5728\u7684\u76ee\u5f55
cd data/amd64/images\n
\u6267\u884c import_images.sh \u811a\u672c\u5c06\u955c\u50cf\u5bfc\u5165\u706b\u79cd\u8282\u70b9\u5185\u7f6e\u7684 Docker Resgitry \u4ed3\u5e93\u3002
REGISTRY_ADDR=\"127.0.0.1\" ./import_images.sh\n
Note
\u4e0a\u8ff0\u547d\u4ee4\u4ec5\u4ec5\u9002\u7528\u4e8e\u706b\u79cd\u8282\u70b9\u5185\u7f6e\u7684 Docker Resgitry \u4ed3\u5e93\uff0c\u5982\u679c\u4f7f\u7528\u5916\u90e8\u4ed3\u5e93\u8bf7\u4f7f\u7528\u5982\u4e0b\u547d\u4ee4\uff1a
REGISTRY_SCHEME=https REGISTRY_ADDR=${registry_address} REGISTRY_USER=${username} REGISTRY_PASS=${password} ./import_images.sh\n
\u5728\u706b\u79cd\u8282\u70b9\u4e0a\u5c06 /data \u6587\u4ef6\u5185\u7684\u4e8c\u8fdb\u5236\u6587\u4ef6\u62f7\u8d1d\u81f3\u706b\u79cd\u8282\u70b9\u5185\u7f6e\u7684 Minio \u670d\u52a1\u4e0a\u3002
\u8fdb\u5165\u4e8c\u8fdb\u5236\u6587\u4ef6\u6240\u5728\u7684\u76ee\u5f55
cd data/amd64/files/\n
\u6267\u884c import_files.sh \u811a\u672c\u5c06\u4e8c\u8fdb\u5236\u6587\u4ef6\u5bfc\u5165\u706b\u79cd\u8282\u70b9\u5185\u7f6e\u7684 Minio \u670d\u52a1\u4e0a\u3002
MINIO_USER=rootuser MINIO_PASS=rootpass123 ./import_files.sh http://127.0.0.1:9000\n
Note
\u4e0a\u8ff0\u547d\u4ee4\u4ec5\u4ec5\u9002\u7528\u4e8e\u706b\u79cd\u8282\u70b9\u5185\u7f6e\u7684 Minio \u670d\u52a1\uff0c\u5982\u679c\u4f7f\u7528\u5916\u90e8 Minio \u8bf7\u5c06 http://127.0.0.1:9000
\u66ff\u6362\u4e3a\u5916\u90e8 Minio \u7684\u8bbf\u95ee\u5730\u5740\u3002 \u201crootuser\u201d \u548c \u201crootpass123\u201d\u662f\u706b\u79cd\u8282\u70b9\u5185\u7f6e\u7684 Minio \u670d\u52a1\u7684\u9ed8\u8ba4\u8d26\u6237\u548c\u5bc6\u7801\u3002
\u706b\u79cd\u8282\u70b9\u4e0a\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5c06 localartifactset
\u8d44\u6e90\u90e8\u7f72\u5230\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\uff1a
kubectl apply -f data/kubeanofflineversion.cr.patch.yaml\n
"},{"location":"admin/kpanda/best-practice/update-offline-cluster.html#_4","title":"\u4e0b\u4e00\u6b65","text":"\u767b\u5f55 AI \u7b97\u529b\u4e2d\u5fc3\u7684 UI \u7ba1\u7406\u754c\u9762\uff0c\u60a8\u53ef\u4ee5\u7ee7\u7eed\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\uff1a
\u53c2\u7167\u521b\u5efa\u96c6\u7fa4\u7684\u6587\u6863\u8fdb\u884c\u5de5\u4f5c\u96c6\u7fa4\u521b\u5efa\uff0c\u6b64\u65f6\u53ef\u4ee5\u9009\u62e9 Kubernetes \u589e\u91cf\u7248\u672c\u3002
\u53c2\u7167\u5347\u7ea7\u96c6\u7fa4\u7684\u6587\u6863\u5bf9\u81ea\u5efa\u7684\u5de5\u4f5c\u96c6\u7fa4\u8fdb\u884c\u5347\u7ea7\u3002
\u672c\u6587\u4ecb\u7ecd\u79bb\u7ebf\u6a21\u5f0f\u4e0b\u5982\u4f55\u5728 \u672a\u58f0\u660e\u652f\u6301\u7684 OS \u4e0a\u521b\u5efa\u5de5\u4f5c\u96c6\u7fa4\u3002
\u79bb\u7ebf\u6a21\u5f0f\u4e0b\u5728\u672a\u58f0\u660e\u652f\u6301\u7684 OS \u4e0a\u521b\u5efa\u5de5\u4f5c\u96c6\u7fa4\uff0c\u4e3b\u8981\u7684\u6d41\u7a0b\u5982\u4e0b\u56fe\uff1a
\u63a5\u4e0b\u6765\uff0c\u672c\u6587\u5c06\u4ee5 openAnolis \u64cd\u4f5c\u7cfb\u7edf\u4e3a\u4f8b\uff0c\u4ecb\u7ecd\u5982\u4f55\u5728\u975e\u4e3b\u6d41\u64cd\u4f5c\u7cfb\u7edf\u4e0a\u521b\u5efa\u96c6\u7fa4\u3002
"},{"location":"admin/kpanda/best-practice/use-otherlinux-create-custer.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u627e\u5230\u4e00\u4e2a\u548c\u5f85\u5efa\u96c6\u7fa4\u8282\u70b9\u67b6\u6784\u548c OS \u5747\u4e00\u81f4\u7684\u5728\u7ebf\u73af\u5883\uff0c\u672c\u6587\u4ee5 AnolisOS 8.8 GA \u4e3a\u4f8b\u3002\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u751f\u6210\u79bb\u7ebf os-pkgs \u5305\u3002
# \u4e0b\u8f7d\u76f8\u5173\u811a\u672c\u5e76\u6784\u5efa os packages \u5305\ncurl -Lo ./pkgs.yml https://raw.githubusercontent.com/kubean-io/kubean/main/build/os-packages/others/pkgs.yml\ncurl -Lo ./other_os_pkgs.sh https://raw.githubusercontent.com/kubean-io/kubean/main/build/os-packages/others/other_os_pkgs.sh && chmod +x other_os_pkgs.sh\n./other_os_pkgs.sh build # \u6784\u5efa\u79bb\u7ebf\u5305\n
\u6267\u884c\u5b8c\u4e0a\u8ff0\u547d\u4ee4\u540e\uff0c\u9884\u671f\u5c06\u5728\u5f53\u524d\u8def\u5f84\u4e0b\u751f\u6210\u4e00\u4e2a\u540d\u4e3a os-pkgs-anolis-8.8.tar.gz \u7684\u538b\u7f29\u5305\u3002\u5f53\u524d\u8def\u5f84\u4e0b\u6587\u4ef6\u76ee\u5f55\u5927\u6982\u5982\u4e0b\uff1a
.\n \u251c\u2500\u2500 other_os_pkgs.sh\n \u251c\u2500\u2500 pkgs.yml\n \u2514\u2500\u2500 os-pkgs-anolis-8.8.tar.gz\n
"},{"location":"admin/kpanda/best-practice/use-otherlinux-create-custer.html#_4","title":"\u79bb\u7ebf\u8282\u70b9\u5b89\u88c5\u79bb\u7ebf\u5305","text":"\u5c06\u5728\u7ebf\u8282\u70b9\u4e2d\u751f\u6210\u7684 other_os_pkgs.sh \u3001 pkgs.yml \u3001 os-pkgs-anolis-8.8.tar.gz \u4e09\u4e2a\u6587\u4ef6\u62f7\u8d1d\u81f3\u79bb\u7ebf\u73af\u5883\u4e2d\u7684\u5f85\u5efa\u96c6\u7fa4\u7684**\u6240\u6709**\u8282\u70b9\u4e0a\u3002
\u767b\u5f55\u79bb\u7ebf\u73af\u5883\u4e2d\uff0c\u4efb\u4e00\u5f85\u5efa\u96c6\u7fa4\u7684\u5176\u4e2d\u4e00\u4e2a\u8282\u70b9\u4e0a\uff0c\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u4e3a\u8282\u70b9\u5b89\u88c5 os-pkg \u5305\u3002
# \u914d\u7f6e\u73af\u5883\u53d8\u91cf\nexport PKGS_YML_PATH=/root/workspace/os-pkgs/pkgs.yml # \u5f53\u524d\u79bb\u7ebf\u8282\u70b9 pkgs.yml \u6587\u4ef6\u7684\u8def\u5f84\nexport PKGS_TAR_PATH=/root/workspace/os-pkgs/os-pkgs-anolis-8.8.tar.gz # \u5f53\u524d\u79bb\u7ebf\u8282\u70b9 os-pkgs-anolis-8.8.tar.gz \u7684\u8def\u5f84\nexport SSH_USER=root # \u5f53\u524d\u79bb\u7ebf\u8282\u70b9\u7684\u7528\u6237\u540d\nexport SSH_PASS=dangerous # \u5f53\u524d\u79bb\u7ebf\u8282\u70b9\u7684\u5bc6\u7801\nexport HOST_IPS='172.30.41.168' # \u5f53\u524d\u79bb\u7ebf\u8282\u70b9\u7684 IP\n./other_os_pkgs.sh install #\u5b89\u88c5\u79bb\u7ebf\u5305\n
\u6267\u884c\u5b8c\u6210\u4e0a\u8ff0\u547d\u4ee4\u540e\uff0c\u7b49\u5f85\u754c\u9762\u63d0\u793a\uff1a All packages for node (X.X.X.X) have been installed \u5373\u8868\u793a\u5b89\u88c5\u5b8c\u6210\u3002
"},{"location":"admin/kpanda/best-practice/use-otherlinux-create-custer.html#_5","title":"\u4e0b\u4e00\u6b65","text":"\u53c2\u8003\u6587\u6863\u521b\u5efa\u5de5\u4f5c\u96c6\u7fa4\uff0c\u5728 UI \u754c\u9762\u4e0a\u521b\u5efa openAnolis \u96c6\u7fa4\u3002
"},{"location":"admin/kpanda/best-practice/co-located/index.html","title":"\u5728\u79bb\u7ebf\u6df7\u90e8","text":"\u4f01\u4e1a\u4e2d\u4e00\u822c\u5b58\u5728\u4e24\u79cd\u7c7b\u578b\u7684\u5de5\u4f5c\u8d1f\u8f7d\uff1a\u5728\u7ebf\u670d\u52a1\uff08latency-sensitive service\uff09\u548c\u79bb\u7ebf\u4efb\u52a1\uff08batch job\uff09\u3002 \u5728\u7ebf\u670d\u52a1\u5982\u641c\u7d22/\u652f\u4ed8/\u63a8\u8350\u7b49\uff0c\u5177\u6709\u5904\u7406\u4f18\u5148\u7ea7\u9ad8\u3001\u65f6\u5ef6\u654f\u611f\u6027\u9ad8\u3001\u9519\u8bef\u5bb9\u5fcd\u5ea6\u4f4e\u4ee5\u53ca\u767d\u5929\u8d1f\u8f7d\u9ad8\u665a\u4e0a\u8d1f\u8f7d\u4f4e\u7b49\u7279\u70b9\u3002 \u800c\u79bb\u7ebf\u4efb\u52a1\u5982 AI \u8bad\u7ec3/\u5927\u6570\u636e\u5904\u7406\u7b49\uff0c\u5177\u6709\u5904\u7406\u4f18\u5148\u7ea7\u4f4e\u3001\u65f6\u5ef6\u654f\u611f\u6027\u4f4e\u3001\u9519\u8bef\u5bb9\u5fcd\u5ea6\u9ad8\u4ee5\u53ca\u8fd0\u884c\u65f6\u8d1f\u8f7d\u4e00\u76f4\u8f83\u9ad8\u7b49\u7279\u70b9\u3002 \u7531\u4e8e\u5728\u7ebf\u670d\u52a1\u4e0e\u79bb\u7ebf\u4efb\u52a1\u8fd9\u4e24\u7c7b\u5de5\u4f5c\u8d1f\u8f7d\u5929\u7136\u5b58\u5728\u4e92\u8865\u6027\uff0c\u5c06\u5728/\u79bb\u7ebf\u4e1a\u52a1\u6df7\u5408\u90e8\u7f72\u662f\u63d0\u9ad8\u670d\u52a1\u5668\u8d44\u6e90\u5229\u7528\u7387\u7684\u6709\u6548\u9014\u5f84\u3002
\u53ef\u4ee5\u5c06\u79bb\u7ebf\u4e1a\u52a1\u6df7\u90e8\u5230\u5728\u7ebf\u4e1a\u52a1\u7684\u670d\u52a1\u5668\u4e0a\uff0c\u8ba9\u79bb\u7ebf\u4e1a\u52a1\u80fd\u591f\u5145\u5206\u5229\u7528\u5728\u7ebf\u4e1a\u52a1\u670d\u52a1\u5668\u7684\u7a7a\u95f2\u8d44\u6e90\uff0c\u63d0\u9ad8\u5728\u7ebf\u4e1a\u52a1\u670d\u52a1\u5668\u8d44\u6e90\u5229\u7528\u7387\uff0c\u5b9e\u73b0\u964d\u672c\u589e\u6548\u3002
\u5f53\u4e1a\u52a1\u4e2d\u4e34\u65f6\u9700\u8981\u5927\u91cf\u7684\u8d44\u6e90\uff0c\u8fd9\u4e2a\u65f6\u5019\u53ef\u4ee5\u5c06\u5728\u7ebf\u4e1a\u52a1\u5f39\u6027\u6df7\u90e8\u5230\u79bb\u7ebf\u4e1a\u52a1\u7684\u670d\u52a1\u5668\u4e0a\uff0c\u4f18\u5148\u4fdd\u8bc1\u5728\u7ebf\u4e1a\u52a1\u7684\u8d44\u6e90\u9700\u6c42\uff0c\u4e34\u65f6\u9700\u6c42\u7ed3\u675f\u540e\u518d\u628a\u8d44\u6e90\u5f52\u8fd8\u7ed9\u79bb\u7ebf\u4e1a\u52a1\u3002
\u5f53\u524d\u4f7f\u7528\u5f00\u6e90\u9879\u76ee Koordinator \u4f5c\u4e3a\u5728\u79bb\u7ebf\u6df7\u90e8\u7684\u89e3\u51b3\u65b9\u6848\u3002
Koordinator \u662f\u4e00\u4e2a\u57fa\u4e8e QoS \u7684 Kubernetes \u6df7\u5408\u5de5\u4f5c\u8d1f\u8f7d\u8c03\u5ea6\u7cfb\u7edf\u3002 \u5b83\u65e8\u5728\u63d0\u9ad8\u5bf9\u5ef6\u8fdf\u654f\u611f\u7684\u5de5\u4f5c\u8d1f\u8f7d\u548c\u6279\u5904\u7406\u4f5c\u4e1a\u7684\u8fd0\u884c\u65f6\u6548\u7387\u548c\u53ef\u9760\u6027\uff0c\u7b80\u5316\u4e0e\u8d44\u6e90\u76f8\u5173\u7684\u914d\u7f6e\u8c03\u6574\u7684\u590d\u6742\u6027\uff0c\u5e76\u589e\u52a0 Pod \u90e8\u7f72\u5bc6\u5ea6\u4ee5\u63d0\u9ad8\u8d44\u6e90\u5229\u7528\u7387\u3002
"},{"location":"admin/kpanda/best-practice/co-located/index.html#koordinator-qos","title":"Koordinator QoS","text":"Koordinator \u8c03\u5ea6\u7cfb\u7edf\u652f\u6301\u7684 QoS \u6709\u4e94\u79cd\u7c7b\u578b:
QoS \u7279\u70b9 \u8bf4\u660e SYSTEM \u7cfb\u7edf\u8fdb\u7a0b\uff0c\u8d44\u6e90\u53d7\u9650 \u5bf9\u4e8e DaemonSets \u7b49\u7cfb\u7edf\u670d\u52a1\uff0c\u867d\u7136\u9700\u8981\u4fdd\u8bc1\u7cfb\u7edf\u670d\u52a1\u7684\u5ef6\u8fdf\uff0c\u4f46\u4e5f\u9700\u8981\u9650\u5236\u8282\u70b9\u4e0a\u8fd9\u4e9b\u7cfb\u7edf\u670d\u52a1\u5bb9\u5668\u7684\u8d44\u6e90\u4f7f\u7528\uff0c\u4ee5\u786e\u4fdd\u5176\u4e0d\u5360\u7528\u8fc7\u591a\u7684\u8d44\u6e90 LSE(Latency Sensitive Exclusive) \u4fdd\u7559\u8d44\u6e90\u5e76\u7ec4\u7ec7\u540c QoS \u7684 Pod \u5171\u4eab\u8d44\u6e90 \u5f88\u5c11\u4f7f\u7528\uff0c\u5e38\u89c1\u4e8e\u4e2d\u95f4\u4ef6\u7c7b\u5e94\u7528\uff0c\u4e00\u822c\u5728\u72ec\u7acb\u7684\u8d44\u6e90\u6c60\u4e2d\u4f7f\u7528 LSR(Latency Sensitive Reserved) \u9884\u7559\u8d44\u6e90\u4ee5\u83b7\u5f97\u66f4\u597d\u7684\u786e\u5b9a\u6027 \u7c7b\u4f3c\u4e8e\u793e\u533a\u7684 Guaranteed\uff0cCPU \u6838\u88ab\u7ed1\u5b9a LS(Latency Sensitive) \u5171\u4eab\u8d44\u6e90\uff0c\u5bf9\u7a81\u53d1\u6d41\u91cf\u6709\u66f4\u597d\u7684\u5f39\u6027 \u5fae\u670d\u52a1\u5de5\u4f5c\u8d1f\u8f7d\u7684\u5178\u578bQoS\u7ea7\u522b\uff0c\u5b9e\u73b0\u66f4\u597d\u7684\u8d44\u6e90\u5f39\u6027\u548c\u66f4\u7075\u6d3b\u7684\u8d44\u6e90\u8c03\u6574\u80fd\u529b BE(Best Effort) \u5171\u4eab\u4e0d\u5305\u62ec LSE \u7684\u8d44\u6e90\uff0c\u8d44\u6e90\u8fd0\u884c\u8d28\u91cf\u6709\u9650\uff0c\u751a\u81f3\u5728\u6781\u7aef\u60c5\u51b5\u4e0b\u88ab\u6740\u6b7b \u6279\u91cf\u4f5c\u4e1a\u7684\u5178\u578b QoS \u6c34\u5e73\uff0c\u5728\u4e00\u5b9a\u65f6\u671f\u5185\u7a33\u5b9a\u7684\u8ba1\u7b97\u541e\u5410\u91cf\uff0c\u4f4e\u6210\u672c\u8d44\u6e90"},{"location":"admin/kpanda/best-practice/co-located/index.html#koordinator-qos-cpu","title":"Koordinator QoS CPU \u7f16\u6392\u539f\u5219","text":"\u4ee5\u4e0b\u793a\u4f8b\u4e2d\u521b\u5efa4\u4e2a\u526f\u672c\u6570\u4e3a1\u7684 deployment, \u8bbe\u7f6e QoS \u7c7b\u522b\u4e3a LSE, LSR, LS, BE, \u5f85 pod \u521b\u5efa\u5b8c\u6210\u540e\uff0c\u89c2\u5bdf\u5404 pod \u7684 CPU \u5206\u914d\u60c5\u51b5\u3002
\u521b\u5efa\u540d\u79f0\u4e3a nginx-lse \u7684 deployment\uff0cQoS \u7c7b\u522b\u4e3a LSE, yaml \u6587\u4ef6\u5982\u4e0b\u3002
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: nginx-lse\n labels:\n app: nginx-lse\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: nginx-lse\n template:\n metadata:\n name: nginx-lse\n labels:\n app: nginx-lse\n koordinator.sh/qosClass: LSE # \u8bbe\u7f6e QoS \u7c7b\u522b\u4e3a LSE\n # \u8c03\u5ea6\u5668\u5c06\u5728\u7269\u7406\u5185\u6838\u4e4b\u95f4\u5747\u5300\u7684\u5206\u914d\u903b\u8f91 CPU\n annotations:\n scheduling.koordinator.sh/resource-spec: '{\"preferredCPUBindPolicy\": \"SpreadByPCPUs\"}'\n spec:\n schedulerName: koord-scheduler # \u4f7f\u7528 koord-scheduler \u8c03\u5ea6\u5668\n containers:\n - name: nginx\n image: release.daocloud.io/kpanda/nginx:1.25.3-alpine\n resources:\n limits:\n cpu: '2'\n requests:\n cpu: '2'\n priorityClassName: koord-prod\n
\u521b\u5efa\u540d\u79f0\u4e3a nginx-lsr \u7684 deployment\uff0cQoS \u7c7b\u522b\u4e3a LSR, yaml \u6587\u4ef6\u5982\u4e0b\u3002
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: nginx-lsr\n labels:\n app: nginx-lsr\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: nginx-lsr\n template:\n metadata:\n name: nginx-lsr\n labels:\n app: nginx-lsr\n koordinator.sh/qosClass: LSR # \u8bbe\u7f6e QoS \u7c7b\u522b\u4e3a LSR\n # \u8c03\u5ea6\u5668\u5c06\u5728\u7269\u7406\u5185\u6838\u4e4b\u95f4\u5747\u5300\u7684\u5206\u914d\u903b\u8f91 CPU\n annotations:\n scheduling.koordinator.sh/resource-spec: '{\"preferredCPUBindPolicy\": \"SpreadByPCPUs\"}'\n spec:\n schedulerName: koord-scheduler # \u4f7f\u7528 koord-scheduler \u8c03\u5ea6\u5668\n containers:\n - name: nginx\n image: release.daocloud.io/kpanda/nginx:1.25.3-alpine\n resources:\n limits:\n cpu: '2'\n requests:\n cpu: '2'\n priorityClassName: koord-prod\n
\u521b\u5efa\u540d\u79f0\u4e3a nginx-ls \u7684 deployment\uff0cQoS \u7c7b\u522b\u4e3a LS, yaml \u6587\u4ef6\u5982\u4e0b\u3002
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: nginx-ls\n labels:\n app: nginx-ls\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: nginx-ls\n template:\n metadata:\n name: nginx-ls\n labels:\n app: nginx-ls\n koordinator.sh/qosClass: LS # \u8bbe\u7f6e QoS \u7c7b\u522b\u4e3a LS\n # \u8c03\u5ea6\u5668\u5c06\u5728\u7269\u7406\u5185\u6838\u4e4b\u95f4\u5747\u5300\u7684\u5206\u914d\u903b\u8f91 CPU\n annotations:\n scheduling.koordinator.sh/resource-spec: '{\"preferredCPUBindPolicy\": \"SpreadByPCPUs\"}'\n spec:\n schedulerName: koord-scheduler \n containers:\n - name: nginx\n image: release.daocloud.io/kpanda/nginx:1.25.3-alpine\n resources:\n limits:\n cpu: '2'\n requests:\n cpu: '2'\n priorityClassName: koord-prod\n
\u521b\u5efa\u540d\u79f0\u4e3a nginx-be \u7684 deployment\uff0cQoS \u7c7b\u522b\u4e3a BE, yaml \u6587\u4ef6\u5982\u4e0b\u3002
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: nginx-be\n labels:\n app: nginx-be\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: nginx-be\n template:\n metadata:\n name: nginx-be\n labels:\n app: nginx-be\n koordinator.sh/qosClass: BE # \u8bbe\u7f6e QoS \u7c7b\u522b\u4e3a BE\n # \u8c03\u5ea6\u5668\u5c06\u5728\u7269\u7406\u5185\u6838\u4e4b\u95f4\u5747\u5300\u7684\u5206\u914d\u903b\u8f91 CPU\n annotations:\n scheduling.koordinator.sh/resource-spec: '{\"preferredCPUBindPolicy\": \"SpreadByPCPUs\"}'\n spec:\n schedulerName: koord-scheduler # \u4f7f\u7528 koord-scheduler \u8c03\u5ea6\u5668\n containers:\n - name: nginx\n image: release.daocloud.io/kpanda/nginx:1.25.3-alpine\n resources:\n limits:\n kubernetes.io/batch-cpu: 2k\n requests:\n kubernetes.io/batch-cpu: 2k\n priorityClassName: koord-batch\n
\u67e5\u770b pod \u72b6\u6001\uff0c\u5f53 pod \u5904\u4e8e running \u540e\uff0c\u67e5\u770b\u5404 pod \u7684 CPU \u5206\u914d\u60c5\u51b5\u3002
[root@controller-node-1 ~]# kubectl get pod\nNAME READY STATUS RESTARTS AGE\nnginx-be-577c946b89-js2qn 1/1 Running 0 4h41m\nnginx-ls-54746c8cf8-rh4b7 1/1 Running 0 4h51m\nnginx-lse-56c9cd77f5-cdqbd 1/1 Running 0 4h41m\nnginx-lsr-c7fdb97d8-b58h8 1/1 Running 0 4h51m\n
\u672c\u793a\u4f8b\u4e2d\u4f7f\u7528 get_cpuset.sh \u811a\u672c\u67e5\u770b Pod \u7684 cpuset \u4fe1\u606f\uff0c\u811a\u672c\u5185\u5bb9\u5982\u4e0b\u3002
#!/bin/bash\n\n# \u83b7\u53d6Pod\u7684\u540d\u79f0\u548c\u547d\u540d\u7a7a\u95f4\u4f5c\u4e3a\u8f93\u5165\u53c2\u6570\nPOD_NAME=$1\nNAMESPACE=${2-default}\n\n# \u786e\u4fdd\u63d0\u4f9b\u4e86Pod\u540d\u79f0\u548c\u547d\u540d\u7a7a\u95f4\nif [ -z \"$POD_NAME\" ] || [ -z \"$NAMESPACE\" ]; then\n echo \"Usage: $0 <pod_name> <namespace>\"\n exit 1\nfi\n\n# \u4f7f\u7528kubectl\u83b7\u53d6Pod\u7684UID\u548cQoS\u7c7b\u522b\nPOD_INFO=$(kubectl get pod \"$POD_NAME\" -n \"$NAMESPACE\" -o jsonpath=\"{.metadata.uid} {.status.qosClass} {.status.containerStatuses[0].containerID}\")\nread -r POD_UID POD_QOS CONTAINER_ID <<< \"$POD_INFO\"\n\n# \u68c0\u67e5UID\u548cQoS\u7c7b\u522b\u662f\u5426\u6210\u529f\u83b7\u53d6\nif [ -z \"$POD_UID\" ] || [ -z \"$POD_QOS\" ]; then\n echo \"Failed to get UID or QoS Class for Pod $POD_NAME in namespace $NAMESPACE.\"\n exit 1\nfi\n\nPOD_UID=\"${POD_UID//-/_}\"\nCONTAINER_ID=\"${CONTAINER_ID//containerd:\\/\\//cri-containerd-}\".scope\n\n# \u6839\u636eQoS\u7c7b\u522b\u6784\u5efacgroup\u8def\u5f84\ncase \"$POD_QOS\" in\n Guaranteed)\n QOS_PATH=\"kubepods-pod.slice/$POD_UID.slice\"\n ;;\n Burstable)\n QOS_PATH=\"kubepods-burstable.slice/kubepods-burstable-pod$POD_UID.slice\"\n ;;\n BestEffort)\n QOS_PATH=\"kubepods-besteffort.slice/kubepods-besteffort-pod$POD_UID.slice\"\n ;;\n *)\n echo \"Unknown QoS Class: $POD_QOS\"\n exit 1\n ;;\nesac\n\nCPUGROUP_PATH=\"/sys/fs/cgroup/kubepods.slice/$QOS_PATH\"\n\n# \u68c0\u67e5\u8def\u5f84\u662f\u5426\u5b58\u5728\nif [ ! -d \"$CPUGROUP_PATH\" ]; then\n echo \"CPUs cgroup path for Pod $POD_NAME does not exist: $CPUGROUP_PATH\"\n exit 1\nfi\n\n# \u8bfb\u53d6\u5e76\u6253\u5370cpuset\u503c\nCPUSET=$(cat \"$CPUGROUP_PATH/$CONTAINER_ID/cpuset.cpus\")\necho \"CPU set for Pod $POD_NAME ($POD_QOS QoS): $CPUSET\"\n
\u67e5\u770b\u5404 Pod \u7684 cpuset \u5206\u914d\u60c5\u51b5\u3002
QoS \u7c7b\u578b\u4e3a LSE \u7684 Pod, \u72ec\u5360 0-1 \u6838\uff0c\u4e0d\u4e0e\u5176\u4ed6\u7c7b\u578b\u7684 Pod \u5171\u4eab CPU\u3002
[root@controller-node-1 ~]# ./get_cpuset.sh nginx-lse-56c9cd77f5-cdqbd\nCPU set for Pod nginx-lse-56c9cd77f5-cdqbd (Burstable QoS): 0-1\n
QoS \u7c7b\u578b\u4e3a LSR \u7684 Pod, \u7ed1\u5b9a CPU 2-3 \u6838\uff0c\u53ef\u4e0e BE \u7c7b\u578b\u7684 Pod \u5171\u4eab\u3002
[root@controller-node-1 ~]# ./get_cpuset.sh nginx-lsr-c7fdb97d8-b58h8\nCPU set for Pod nginx-lsr-c7fdb97d8-b58h8 (Burstable QoS): 2-3\n
QoS \u7c7b\u578b\u4e3a LS \u7684 Pod, \u4f7f\u7528 CPU 4-15 \u6838\uff0c\u7ed1\u5b9a\u4e86\u4e0e LSE/LSR Pod \u72ec\u5360\u4e4b\u5916\u7684\u5171\u4eab CPU \u6c60\u3002
[root@controller-node-1 ~]# ./get_cpuset.sh nginx-ls-54746c8cf8-rh4b7\nCPU set for Pod nginx-ls-54746c8cf8-rh4b7 (Burstable QoS): 4-15\n
QoS \u7c7b\u578b\u4e3a BE \u7684 pod, \u53ef\u4f7f\u7528 LSE Pod \u72ec\u5360\u4e4b\u5916\u7684 CPU\u3002
[root@controller-node-1 ~]# ./get_cpuset.sh nginx-be-577c946b89-js2qn\nCPU set for Pod nginx-be-577c946b89-js2qn (BestEffort QoS): 2,4-12\n
Koordinator \u662f\u4e00\u4e2a\u57fa\u4e8e QoS \u7684 Kubernetes \u6df7\u5408\u5de5\u4f5c\u8d1f\u8f7d\u8c03\u5ea6\u7cfb\u7edf\u3002\u5b83\u65e8\u5728\u63d0\u9ad8\u5bf9\u5ef6\u8fdf\u654f\u611f\u7684\u5de5\u4f5c\u8d1f\u8f7d\u548c\u6279\u5904\u7406\u4f5c\u4e1a\u7684\u8fd0\u884c\u65f6\u6548\u7387\u548c\u53ef\u9760\u6027\uff0c \u7b80\u5316\u4e0e\u8d44\u6e90\u76f8\u5173\u7684\u914d\u7f6e\u8c03\u6574\u7684\u590d\u6742\u6027\uff0c\u5e76\u589e\u52a0 Pod \u90e8\u7f72\u5bc6\u5ea6\u4ee5\u63d0\u9ad8\u8d44\u6e90\u5229\u7528\u7387\u3002
AI \u7b97\u529b\u4e2d\u5fc3\u9884\u7f6e\u4e86 Koordinator v1.5.0 \u79bb\u7ebf\u5305\u3002
\u672c\u6587\u4ecb\u7ecd\u5982\u4f55\u79bb\u7ebf\u90e8\u7f72 Koordinator\u3002
"},{"location":"admin/kpanda/best-practice/co-located/install.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u53c2\u8003\u5982\u4e0b\u6b65\u9aa4\u4e3a\u96c6\u7fa4\u5b89\u88c5 Koordinator \u63d2\u4ef6\u3002
\u767b\u5f55\u5e73\u53f0\uff0c\u8fdb\u5165 \u5bb9\u5668\u7ba1\u7406 -> \u5f85\u5b89\u88c5 Koordinator \u7684\u96c6\u7fa4 -> \u8fdb\u5165\u96c6\u7fa4\u8be6\u60c5\u3002
\u5728 Helm \u6a21\u677f \u9875\u9762\uff0c\u9009\u62e9 \u5168\u90e8\u4ed3\u5e93 \uff0c\u641c\u7d22 koordinator \u3002
\u9009\u62e9 koordinator \uff0c\u70b9\u51fb \u5b89\u88c5 \u3002
\u8fdb\u5165 koordinator \u5b89\u88c5\u9875\u9762\uff0c\u70b9\u51fb \u786e\u5b9a\uff0c\u4f7f\u7528\u9ed8\u8ba4\u914d\u7f6e\u5b89\u88c5 koordinator\u3002
\u67e5\u770b koordinator-system \u547d\u540d\u7a7a\u95f4\u4e0b\u7684 Pod \u662f\u5426\u6b63\u5e38\u8fd0\u884c
\u76ee\u524d\uff0c\u8bb8\u591a\u4e1a\u52a1\u5b58\u5728\u5cf0\u503c\u548c\u4f4e\u8c37\u7684\u73b0\u8c61\u3002\u4e3a\u4e86\u786e\u4fdd\u670d\u52a1\u7684\u6027\u80fd\u548c\u7a33\u5b9a\u6027\uff0c\u5728\u90e8\u7f72\u670d\u52a1\u65f6\uff0c\u901a\u5e38\u4f1a\u6839\u636e\u5cf0\u503c\u9700\u6c42\u6765\u7533\u8bf7\u8d44\u6e90\u3002 \u7136\u800c\uff0c\u5cf0\u503c\u671f\u53ef\u80fd\u975e\u5e38\u77ed\u6682\uff0c\u5bfc\u81f4\u5728\u975e\u5cf0\u503c\u671f\u65f6\u8d44\u6e90\u88ab\u6d6a\u8d39\u3002 \u96c6\u7fa4\u8d44\u6e90\u8d85\u5356 \u5c31\u662f\u5c06\u8fd9\u4e9b\u7533\u8bf7\u4e86\u800c\u672a\u4f7f\u7528\u7684\u8d44\u6e90\uff08\u5373\u7533\u8bf7\u91cf\u4e0e\u4f7f\u7528\u91cf\u7684\u5dee\u503c\uff09\u5229\u7528\u8d77\u6765\uff0c\u4ece\u800c\u63d0\u5347\u96c6\u7fa4\u8d44\u6e90\u5229\u7528\u7387\uff0c\u51cf\u5c11\u8d44\u6e90\u6d6a\u8d39\u3002
\u672c\u6587\u4e3b\u8981\u4ecb\u7ecd\u5982\u4f55\u4f7f\u7528\u96c6\u7fa4\u52a8\u6001\u8d44\u6e90\u8d85\u5356\u529f\u80fd\u3002
"},{"location":"admin/kpanda/clusterops/cluster-oversold.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u4e0a\u7684 \u96c6\u7fa4\u5217\u8868 \uff0c\u7136\u540e\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u9875\u9762
\u5728\u96c6\u7fa4\u8be6\u60c5\u9875\u9762\uff0c\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u7684 \u96c6\u7fa4\u8fd0\u7ef4 -> \u96c6\u7fa4\u8bbe\u7f6e \uff0c\u7136\u540e\u9009\u62e9 \u9ad8\u7ea7\u914d\u7f6e \u9875\u7b7e
\u6253\u5f00\u96c6\u7fa4\u8d85\u5356\uff0c\u8bbe\u7f6e\u8d85\u5356\u6bd4
Note
\u9700\u8981\u5728\u96c6\u7fa4\u4e0b\u5bf9\u5e94\u7684 namespace \u6253\u4e0a\u5982\u4e0b\u6807\u7b7e\uff0c\u96c6\u7fa4\u8d85\u5356\u7b56\u7565\u624d\u80fd\u751f\u6548\u3002
clusterresourceoverrides.admission.autoscaling.openshift.io/enabled: \"true\"\n
\u8bbe\u7f6e\u597d\u96c6\u7fa4\u52a8\u6001\u8d44\u6e90\u8d85\u5356\u6bd4\u540e\uff0c\u4f1a\u5728\u5de5\u4f5c\u8d1f\u8f7d\u8fd0\u884c\u65f6\u751f\u6548\u3002\u4e0b\u6587\u4ee5 niginx \u4e3a\u4f8b\uff0c\u9a8c\u8bc1\u4f7f\u7528\u8d44\u6e90\u8d85\u5356\u80fd\u529b\u3002
\u521b\u5efa\u5de5\u4f5c\u8d1f\u8f7d nginx \u5e76\u8bbe\u7f6e\u5bf9\u5e94\u7684\u8d44\u6e90\u9650\u5236\u503c\uff0c\u521b\u5efa\u6d41\u7a0b\u53c2\u8003\u521b\u5efa\u65e0\u72b6\u6001\u8d1f\u8f7d\uff08Deployment\uff09
\u67e5\u770b\u5de5\u4f5c\u8d1f\u8f7d\u7684 Pod \u8d44\u6e90\u7533\u8bf7\u503c\u4e0e\u9650\u5236\u503c\u7684\u6bd4\u503c\u662f\u5426\u7b26\u5408\u8d85\u552e\u6bd4
\u96c6\u7fa4\u8bbe\u7f6e\u7528\u4e8e\u4e3a\u60a8\u7684\u96c6\u7fa4\u81ea\u5b9a\u4e49\u9ad8\u7ea7\u7279\u6027\u8bbe\u7f6e\uff0c\u5305\u62ec\u662f\u5426\u542f\u7528 GPU\u3001Helm \u4ed3\u5e93\u5237\u65b0\u5468\u671f\u3001Helm \u64cd\u4f5c\u8bb0\u5f55\u4fdd\u7559\u7b49\u3002
\u542f\u7528 GPU\uff1a\u9700\u8981\u9884\u5148\u5728\u96c6\u7fa4\u4e0a\u5b89\u88c5 GPU \u5361\u53ca\u5bf9\u5e94\u9a71\u52a8\u63d2\u4ef6\u3002
\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u6700\u8fd1\u64cd\u4f5c -> \u96c6\u7fa4\u8bbe\u7f6e -> Addon \u63d2\u4ef6 \u3002
Helm \u64cd\u4f5c\u57fa\u7840\u955c\u50cf\u3001\u4ed3\u5e93\u5237\u65b0\u5468\u671f\u3001\u64cd\u4f5c\u8bb0\u5f55\u4fdd\u7559\u6761\u6570\u3001\u662f\u5426\u5f00\u542f\u96c6\u7fa4\u5220\u9664\u4fdd\u62a4\uff08\u5f00\u542f\u540e\u96c6\u7fa4\u5c06\u4e0d\u80fd\u76f4\u63a5\u5378\u8f7d\uff09
\u5728\u8be5\u9875\u9762\u53ef\u4ee5\u67e5\u770b\u6700\u8fd1\u7684\u96c6\u7fa4\u64cd\u4f5c\u8bb0\u5f55\u548c Helm \u64cd\u4f5c\u8bb0\u5f55\uff0c\u4ee5\u53ca\u5404\u9879\u64cd\u4f5c\u7684 YAML \u6587\u4ef6\u548c\u65e5\u5fd7\uff0c\u4e5f\u53ef\u4ee5\u5220\u9664\u67d0\u4e00\u6761\u8bb0\u5f55\u3002
\u8bbe\u7f6e Helm \u64cd\u4f5c\u7684\u4fdd\u7559\u6761\u6570\uff1a
\u7cfb\u7edf\u9ed8\u8ba4\u4fdd\u7559\u6700\u8fd1 100 \u6761 Helm \u64cd\u4f5c\u8bb0\u5f55\u3002\u82e5\u4fdd\u7559\u6761\u6570\u592a\u591a\uff0c\u53ef\u80fd\u4f1a\u9020\u6210\u6570\u636e\u5197\u4f59\uff0c\u4fdd\u7559\u6761\u6570\u592a\u5c11\u53ef\u80fd\u4f1a\u9020\u6210\u60a8\u6240\u9700\u8981\u7684\u5173\u952e\u64cd\u4f5c\u8bb0\u5f55\u7684\u7f3a\u5931\u3002\u9700\u8981\u6839\u636e\u5b9e\u9645\u60c5\u51b5\u8bbe\u7f6e\u5408\u7406\u7684\u4fdd\u7559\u6570\u91cf\u3002\u5177\u4f53\u6b65\u9aa4\u5982\u4e0b\uff1a
\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u6700\u8fd1\u64cd\u4f5c -> Helm \u64cd\u4f5c -> \u8bbe\u7f6e\u4fdd\u7559\u6761\u6570 \u3002
\u8bbe\u7f6e\u9700\u8981\u4fdd\u7559\u591a\u5c11\u6761 Helm \u64cd\u4f5c\u8bb0\u5f55\uff0c\u5e76\u70b9\u51fb \u786e\u5b9a \u3002
\u4f7f\u7528\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u5bb9\u5668\u7ba1\u7406\u5e73\u53f0\u63a5\u5165\u6216\u521b\u5efa\u7684\u96c6\u7fa4\uff0c\u4e0d\u4ec5\u53ef\u4ee5\u901a\u8fc7 UI \u754c\u9762\u76f4\u63a5\u8bbf\u95ee\uff0c\u4e5f\u53ef\u4ee5\u901a\u8fc7\u5176\u4ed6\u4e24\u79cd\u65b9\u5f0f\u8fdb\u884c\u8bbf\u95ee\u63a7\u5236\uff1a
Note
\u8bbf\u95ee\u96c6\u7fa4\u65f6\uff0c\u7528\u6237\u5e94\u5177\u6709 Cluster Admin \u6743\u9650\u6216\u66f4\u9ad8\u6743\u9650\u3002
"},{"location":"admin/kpanda/clusters/access-cluster.html#cloudshell","title":"\u901a\u8fc7 CloudShell \u8bbf\u95ee","text":"\u5728 \u96c6\u7fa4\u5217\u8868 \u9875\u9009\u62e9\u9700\u8981\u901a\u8fc7 CloudShell \u8bbf\u95ee\u7684\u96c6\u7fa4\uff0c\u70b9\u51fb\u53f3\u4fa7\u7684 \u2507 \u64cd\u4f5c\u56fe\u6807\u5e76\u5728\u4e0b\u62c9\u5217\u8868\u4e2d\u70b9\u51fb \u63a7\u5236\u53f0 \u3002
\u5728 CloudShell \u63a7\u5236\u53f0\u6267\u884c kubectl get node \u547d\u4ee4\uff0c\u9a8c\u8bc1 CloudShell \u4e0e\u96c6\u7fa4\u7684\u8fde\u901a\u6027\u3002\u5982\u56fe\uff0c\u63a7\u5236\u53f0\u5c06\u8fd4\u56de\u96c6\u7fa4\u4e0b\u7684\u8282\u70b9\u4fe1\u606f\u3002
\u73b0\u5728\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7 CloudShell \u6765\u8bbf\u95ee\u5e76\u7ba1\u7406\u8be5\u96c6\u7fa4\u4e86\u3002
"},{"location":"admin/kpanda/clusters/access-cluster.html#kubectl","title":"\u901a\u8fc7 kubectl \u8bbf\u95ee","text":"\u901a\u8fc7\u672c\u5730\u8282\u70b9\u8bbf\u95ee\u5e76\u7ba1\u7406\u4e91\u7aef\u96c6\u7fa4\u65f6\uff0c\u9700\u8981\u6ee1\u8db3\u4ee5\u4e0b\u6761\u4ef6\uff1a
\u6ee1\u8db3\u4e0a\u8ff0\u6761\u4ef6\u540e\uff0c\u6309\u7167\u4e0b\u65b9\u6b65\u9aa4\u4ece\u672c\u5730\u8bbf\u95ee\u4e91\u7aef\u96c6\u7fa4\uff1a
\u5728 \u96c6\u7fa4\u5217\u8868 \u9875\u9009\u62e9\u9700\u8981\u4e0b\u8f7d\u8bc1\u4e66\u7684\u96c6\u7fa4\uff0c\u70b9\u51fb\u53f3\u4fa7\u7684 \u2507 \uff0c\u5e76\u5728\u5f39\u51fa\u83dc\u5355\u4e2d\u70b9\u51fb \u8bc1\u4e66\u83b7\u53d6 \u3002
\u9009\u62e9\u8bc1\u4e66\u6709\u6548\u671f\u5e76\u70b9\u51fb \u4e0b\u8f7d\u8bc1\u4e66 \u3002
\u6253\u5f00\u4e0b\u8f7d\u597d\u7684\u96c6\u7fa4\u8bc1\u4e66\uff0c\u5c06\u8bc1\u4e66\u5185\u5bb9\u590d\u5236\u81f3\u672c\u5730\u8282\u70b9\u7684 config \u6587\u4ef6\u3002
kubectl \u5de5\u5177\u9ed8\u8ba4\u4f1a\u4ece\u672c\u5730\u8282\u70b9\u7684 $HOME/.kube \u76ee\u5f55\u4e0b\u67e5\u627e\u540d\u4e3a config \u7684\u6587\u4ef6\u3002\u8be5\u6587\u4ef6\u5b58\u50a8\u4e86\u76f8\u5173\u96c6\u7fa4\u7684\u8bbf\u95ee\u51ed\u8bc1\uff0ckubectl \u53ef\u4ee5\u51ed\u8be5\u914d\u7f6e\u6587\u4ef6\u8fde\u63a5\u81f3\u96c6\u7fa4\u3002
\u5728\u672c\u5730\u8282\u70b9\u4e0a\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u9a8c\u8bc1\u96c6\u7fa4\u7684\u8fde\u901a\u6027\uff1a
kubectl get pod -n default\n
\u9884\u671f\u7684\u8f93\u51fa\u7c7b\u4f3c\u4e8e:
NAME READY STATUS RESTARTS AGE\ndao-2048-2048-58c7f7fc5-mq7h4 1/1 Running 0 30h\n
\u73b0\u5728\u60a8\u53ef\u4ee5\u5728\u672c\u5730\u901a\u8fc7 kubectl \u8bbf\u95ee\u5e76\u7ba1\u7406\u8be5\u96c6\u7fa4\u4e86\u3002
"},{"location":"admin/kpanda/clusters/cluster-role.html","title":"\u96c6\u7fa4\u89d2\u8272","text":"\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u57fa\u4e8e\u96c6\u7fa4\u7684\u4e0d\u540c\u529f\u80fd\u5b9a\u4f4d\u5bf9\u96c6\u7fa4\u8fdb\u884c\u4e86\u89d2\u8272\u5206\u7c7b\uff0c\u5e2e\u52a9\u7528\u6237\u66f4\u597d\u5730\u7ba1\u7406 IT \u57fa\u7840\u8bbe\u65bd\u3002
"},{"location":"admin/kpanda/clusters/cluster-role.html#_2","title":"\u5168\u5c40\u670d\u52a1\u96c6\u7fa4","text":"\u6b64\u96c6\u7fa4\u7528\u4e8e\u8fd0\u884c\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u7ec4\u4ef6\uff0c\u4f8b\u5982\u5bb9\u5668\u7ba1\u7406\u3001\u5168\u5c40\u7ba1\u7406\u3001\u53ef\u89c2\u6d4b\u6027\u3001\u955c\u50cf\u4ed3\u5e93\u7b49\u3002 \u4e00\u822c\u4e0d\u627f\u8f7d\u4e1a\u52a1\u8d1f\u8f7d\u3002
\u652f\u6301\u7684\u529f\u80fd \u63cf\u8ff0 K8s \u7248\u672c 1.22+ \u64cd\u4f5c\u7cfb\u7edf RedHat 7.6 x86/ARM, RedHat 7.9 x86, RedHat 8.4 x86/ARM, RedHat 8.6 x86\uff1bUbuntu 18.04 x86, Ubuntu 20.04 x86\uff1bCentOS 7.6 x86/AMD, CentOS 7.9 x86/AMD \u96c6\u7fa4\u5168\u751f\u547d\u5468\u671f\u7ba1\u7406 \u652f\u6301 K8s \u8d44\u6e90\u7ba1\u7406 \u652f\u6301 \u4e91\u539f\u751f\u5b58\u50a8 \u652f\u6301 \u4e91\u539f\u751f\u7f51\u7edc Calico\u3001Cillium\u3001Multus \u548c\u5176\u5b83 CNI \u7b56\u7565\u7ba1\u7406 \u652f\u6301\u7f51\u7edc\u7b56\u7565\u3001\u914d\u989d\u7b56\u7565\u3001\u8d44\u6e90\u9650\u5236\u3001\u707e\u5907\u7b56\u7565\u3001\u5b89\u5168\u7b56\u7565"},{"location":"admin/kpanda/clusters/cluster-role.html#_3","title":"\u7ba1\u7406\u96c6\u7fa4","text":"\u6b64\u96c6\u7fa4\u7528\u4e8e\u7ba1\u7406\u5de5\u4f5c\u96c6\u7fa4\uff0c\u4e00\u822c\u4e0d\u627f\u8f7d\u4e1a\u52a1\u8d1f\u8f7d\u3002
\u652f\u6301\u7684\u529f\u80fd \u63cf\u8ff0 K8s \u7248\u672c 1.22+ \u64cd\u4f5c\u7cfb\u7edf RedHat 7.6 x86/ARM, RedHat 7.9 x86, RedHat 8.4 x86/ARM, RedHat 8.6 x86\uff1bUbuntu 18.04 x86, Ubuntu 20.04 x86\uff1bCentOS 7.6 x86/AMD, CentOS 7.9 x86/AMD \u96c6\u7fa4\u5168\u751f\u547d\u5468\u671f\u7ba1\u7406 \u652f\u6301 K8s \u8d44\u6e90\u7ba1\u7406 \u652f\u6301 \u4e91\u539f\u751f\u5b58\u50a8 \u652f\u6301 \u4e91\u539f\u751f\u7f51\u7edc Calico\u3001Cillium\u3001Multus \u548c\u5176\u5b83 CNI \u7b56\u7565\u7ba1\u7406 \u652f\u6301\u7f51\u7edc\u7b56\u7565\u3001\u914d\u989d\u7b56\u7565\u3001\u8d44\u6e90\u9650\u5236\u3001\u707e\u5907\u7b56\u7565\u3001\u5b89\u5168\u7b56\u7565"},{"location":"admin/kpanda/clusters/cluster-role.html#_4","title":"\u5de5\u4f5c\u96c6\u7fa4","text":"\u8fd9\u662f\u4f7f\u7528\u5bb9\u5668\u7ba1\u7406\u521b\u5efa\u7684\u96c6\u7fa4\uff0c\u4e3b\u8981\u7528\u4e8e\u627f\u8f7d\u4e1a\u52a1\u8d1f\u8f7d\u3002\u8be5\u96c6\u7fa4\u7531\u7ba1\u7406\u96c6\u7fa4\u8fdb\u884c\u7ba1\u7406\u3002
\u652f\u6301\u7684\u529f\u80fd \u63cf\u8ff0 K8s \u7248\u672c \u652f\u6301 K8s 1.22 \u53ca\u4ee5\u4e0a\u7248\u672c \u64cd\u4f5c\u7cfb\u7edf RedHat 7.6 x86/ARM, RedHat 7.9 x86, RedHat 8.4 x86/ARM, RedHat 8.6 x86\uff1bUbuntu 18.04 x86, Ubuntu 20.04 x86\uff1bCentOS 7.6 x86/AMD, CentOS 7.9 x86/AMD \u96c6\u7fa4\u5168\u751f\u547d\u5468\u671f\u7ba1\u7406 \u652f\u6301 K8s \u8d44\u6e90\u7ba1\u7406 \u652f\u6301 \u4e91\u539f\u751f\u5b58\u50a8 \u652f\u6301 \u4e91\u539f\u751f\u7f51\u7edc Calico\u3001Cillium\u3001Multus \u548c\u5176\u5b83 CNI \u7b56\u7565\u7ba1\u7406 \u652f\u6301\u7f51\u7edc\u7b56\u7565\u3001\u914d\u989d\u7b56\u7565\u3001\u8d44\u6e90\u9650\u5236\u3001\u707e\u5907\u7b56\u7565\u3001\u5b89\u5168\u7b56\u7565"},{"location":"admin/kpanda/clusters/cluster-role.html#_5","title":"\u63a5\u5165\u96c6\u7fa4","text":"\u6b64\u96c6\u7fa4\u7528\u4e8e\u63a5\u5165\u5df2\u6709\u7684\u6807\u51c6 K8s \u96c6\u7fa4\uff0c\u5305\u62ec\u4f46\u4e0d\u9650\u4e8e\u672c\u5730\u6570\u636e\u4e2d\u5fc3\u81ea\u5efa\u96c6\u7fa4\u3001\u516c\u6709\u4e91\u5382\u5546\u63d0\u4f9b\u7684\u96c6\u7fa4\u3001\u79c1\u6709\u4e91\u5382\u5546\u63d0\u4f9b\u7684\u96c6\u7fa4\u3001\u8fb9\u7f18\u96c6\u7fa4\u3001\u4fe1\u521b\u96c6\u7fa4\u3001\u5f02\u6784\u96c6\u7fa4\u3002\u4e3b\u8981\u7528\u4e8e\u627f\u62c5\u4e1a\u52a1\u8d1f\u8f7d\u3002
\u652f\u6301\u7684\u529f\u80fd \u63cf\u8ff0 K8s \u7248\u672c 1.18+ \u652f\u6301\u53cb\u5546 Vmware Tanzu\u3001Amazon EKS\u3001Redhat Openshift\u3001SUSE Rancher\u3001\u963f\u91cc ACK\u3001\u534e\u4e3a CCE\u3001\u817e\u8baf TKE\u3001\u6807\u51c6 K8s \u96c6\u7fa4\u3001\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0 \u96c6\u7fa4\u5168\u751f\u547d\u5468\u671f\u7ba1\u7406 \u4e0d\u652f\u6301 K8s \u8d44\u6e90\u7ba1\u7406 \u652f\u6301 \u4e91\u539f\u751f\u5b58\u50a8 \u652f\u6301 \u4e91\u539f\u751f\u7f51\u7edc \u4f9d\u8d56\u4e8e\u63a5\u5165\u96c6\u7fa4\u53d1\u884c\u7248\u7f51\u7edc\u6a21\u5f0f \u7b56\u7565\u7ba1\u7406 \u652f\u6301\u7f51\u7edc\u7b56\u7565\u3001\u914d\u989d\u7b56\u7565\u3001\u8d44\u6e90\u9650\u5236\u3001\u707e\u5907\u7b56\u7565\u3001\u5b89\u5168\u7b56\u7565Note
\u4e00\u4e2a\u96c6\u7fa4\u53ef\u4ee5\u6709\u591a\u4e2a\u96c6\u7fa4\u89d2\u8272\uff0c\u4f8b\u5982\u4e00\u4e2a\u96c6\u7fa4\u65e2\u53ef\u4ee5\u662f\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\uff0c\u4e5f\u53ef\u4ee5\u662f\u7ba1\u7406\u96c6\u7fa4\u6216\u5de5\u4f5c\u96c6\u7fa4\u3002
"},{"location":"admin/kpanda/clusters/cluster-scheduler-plugin.html","title":"\u5982\u4f55\u5728\u96c6\u7fa4\u4e2d\u90e8\u7f72\u7b2c\u4e8c\u8c03\u5ea6\u5668 scheduler-plugins","text":"\u672c\u6587\u4ecb\u7ecd\u5982\u4f55\u5728\u96c6\u7fa4\u4e2d\u90e8\u7f72\u7b2c\u4e8c\u4e2a\u8c03\u5ea6\u5668 scheduler-plugins\u3002
"},{"location":"admin/kpanda/clusters/cluster-scheduler-plugin.html#scheduler-plugins_1","title":"\u4e3a\u4ec0\u4e48\u9700\u8981 scheduler-plugins\uff1f","text":"\u901a\u8fc7\u5e73\u53f0\u521b\u5efa\u7684\u96c6\u7fa4\u4e2d\u4f1a\u5b89\u88c5 K8s \u539f\u751f\u7684\u8c03\u5ea6\u5668\uff0c\u4f46\u662f\u539f\u751f\u7684\u8c03\u5ea6\u5668\u5b58\u5728\u5f88\u591a\u7684\u5c40\u9650\u6027\uff1a
\u672c\u6587\u4ee5\u4f7f\u7528 vgpu \u8c03\u5ea6\u5668\u7684\u540c\u65f6\uff0c\u60f3\u7ed3\u5408 scheduler-plugins \u7684 coscheduling \u63d2\u4ef6\u80fd\u529b\u7684\u573a\u666f\u4e3a\u793a\u4f8b\uff0c\u4ecb\u7ecd\u5982\u4f55\u5b89\u88c5\u5e76\u4f7f\u7528 scheduler-plugins\u3002
"},{"location":"admin/kpanda/clusters/cluster-scheduler-plugin.html#scheduler-plugins_2","title":"\u5b89\u88c5 scheduler-plugins","text":""},{"location":"admin/kpanda/clusters/cluster-scheduler-plugin.html#_1","title":"\u524d\u7f6e\u6761\u4ef6","text":"\u5728 \u521b\u5efa\u96c6\u7fa4 -> \u9ad8\u7ea7\u914d\u7f6e -> \u81ea\u5b9a\u4e49\u53c2\u6570 \u4e2d\u6dfb\u52a0 scheduler-plugins \u53c2\u6570
scheduler_plugins_enabled:true\nscheduler_plugins_plugin_config:\n - name: Coscheduling\n args:\n permitWaitingTimeSeconds: 10 # default is 60\n
\u53c2\u6570\u8bf4\u660e\uff1a
scheduler_plugins_enabled
\u8bbe\u7f6e\u4e3a true \u65f6\uff0c\u5f00\u542f scheduler-plugins \u63d2\u4ef6\u80fd\u529b\u3002scheduler_plugins_enabled_plugins
\u6216 scheduler_plugins_disabled_plugins
\u9009\u9879\u6765\u542f\u7528\u6216\u7981\u7528\u67d0\u4e9b\u63d2\u4ef6\u3002 \u53c2\u9605 K8s \u5b98\u65b9\u63d2\u4ef6\u540d\u79f0\u3002\u96c6\u7fa4\u521b\u5efa\u6210\u529f\u540e\u7cfb\u7edf\u4f1a\u81ea\u52a8\u5b89\u88c5 scheduler-plugins \u548c controller \u7ec4\u4ef6\u8d1f\u8f7d\uff0c\u53ef\u4ee5\u5728\u5bf9\u5e94\u96c6\u7fa4\u7684\u65e0\u72b6\u6001\u8d1f\u8f7d\u4e2d\u67e5\u770b\u8d1f\u8f7d\u72b6\u6001\u3002
\u4ee5\u4e0b\u4ee5\u4f7f\u7528 vgpu \u8c03\u5ea6\u5668\u7684\u540c\u65f6\uff0c\u60f3\u7ed3\u5408 scheduler-plugins \u7684 coscheduling \u63d2\u4ef6\u80fd\u529b\u573a\u666f\u4e3a\u793a\u4f8b\uff0c\u4ecb\u7ecd\u5982\u4f55\u4f7f\u7528 scheduler-plugins\u3002
\u5728 Helm \u6a21\u677f\u4e2d\u5b89\u88c5 vgpu\uff0c\u8bbe\u7f6e values.yaml \u53c2\u6570\u3002
schedulerName: scheduler-plugins-scheduler
\uff0c\u8fd9\u662f kubean \u9ed8\u8ba4\u5b89\u88c5\u7684 scheduler-plugins \u7684 scheduler \u540d\u79f0\uff0c\u76ee\u524d\u4e0d\u80fd\u4fee\u6539\u3002scheduler.kubeScheduler.enabled: false
\uff0c\u4e0d\u5b89\u88c5 kube-scheduler\uff0c\u5c06 vgpu-scheduler \u4f5c\u4e3a\u5355\u72ec\u7684 extender\u3002\u5728 scheduler-plugins \u4e0a\u6269\u5c55 vgpu-scheduler\u3002
[root@master01 charts]# kubectl get cm -n scheduler-plugins scheduler-config -ojsonpath=\"{.data.scheduler-config\\.yaml}\"\n
apiVersion: kubescheduler.config.k8s.io/v1\nkind: KubeSchedulerConfiguration\nleaderElection:\n leaderElect: false\nprofiles:\n # Compose all plugins in one profile\n - schedulerName: scheduler-plugins-scheduler\n plugins:\n multiPoint:\n enabled:\n - name: Coscheduling\n - name: CapacityScheduling\n - name: NodeResourceTopologyMatch\n - name: NodeResourcesAllocatable\n disabled:\n - name: PrioritySort\npluginConfig:\n - args:\n permitWaitingTimeSeconds: 10\n name: Coscheduling\n
\u4fee\u6539 scheduler-plugins \u7684 scheduler-config \u7684 configmap \u53c2\u6570\uff0c\u5982\u4e0b\uff1a
[root@master01 charts]# kubectl get cm -n scheduler-plugins scheduler-config -ojsonpath=\"{.data.scheduler-config\\.yaml}\"\n
apiVersion: kubescheduler.config.k8s.io/v1\nkind: KubeSchedulerConfiguration\nleaderElection:\n leaderElect: false\nprofiles:\n # Compose all plugins in one profile\n - schedulerName: scheduler-plugins-scheduler\n plugins:\n multiPoint:\n enabled:\n - name: Coscheduling\n - name: CapacityScheduling\n - name: NodeResourceTopologyMatch\n - name: NodeResourcesAllocatable\n disabled:\n - name: PrioritySort\npluginConfig:\n - args:\n permitWaitingTimeSeconds: 10\n name: Coscheduling\nextenders:\n - urlPrefix: \"${urlPrefix}\"\n filterVerb: filter\n bindVerb: bind\n nodeCacheCapable: true\n ignorable: true\n httpTimeout: 30s\n weight: 1\n enableHTTPS: true\n tlsConfig:\n insecure: true\n managedResources:\n - name: nvidia.com/vgpu\n ignoredByScheduler: true\n - name: nvidia.com/gpumem\n ignoredByScheduler: true\n - name: nvidia.com/gpucores\n ignoredByScheduler: true\n - name: nvidia.com/gpumem-percentage\n ignoredByScheduler: true\n - name: nvidia.com/priority\n ignoredByScheduler: true\n - name: cambricon.com/mlunum\n ignoredByScheduler: true\n
\u5b89\u88c5\u5b8c vgpu-scheduler \u540e\uff0c\u7cfb\u7edf\u4f1a\u81ea\u52a8\u521b\u5efa svc\uff0curlPrefix \u6307\u5b9a svc \u7684 URL\u3002
Note
svc \u6307 pod \u670d\u52a1\u8d1f\u8f7d\uff0c\u60a8\u53ef\u4ee5\u5230\u5b89\u88c5\u4e86 nvidia-vgpu \u63d2\u4ef6\u7684\u547d\u540d\u7a7a\u95f4\u4e0b\u901a\u8fc7\u4ee5\u4e0b\u547d\u4ee4\u62ff\u5230 443 \u7aef\u53e3\u5bf9\u5e94\u7684\u5916\u90e8\u8bbf\u95ee\u4fe1\u606f\u3002
kubectl get svc -n ${namespace} \n
urlprifix \u683c\u5f0f\u4e3a https://${ip \u5730\u5740}:${\u7aef\u53e3}
\u5c06 scheduler-plugins \u7684 scheduler Pod \u91cd\u542f\uff0c\u52a0\u8f7d\u65b0\u7684\u914d\u7f6e\u6587\u4ef6\u3002
Note
\u5728\u521b\u5efa vgpu \u5e94\u7528\u65f6\u4e0d\u9700\u8981\u6307\u5b9a\u8c03\u5ea6\u5668\u540d\u79f0\uff0cvgpu-scheduler \u7684 Webhook \u4f1a\u81ea\u52a8\u5c06 Scheduler \u7684\u540d\u79f0\u4fee\u6539\u4e3a scheduler-plugins-scheduler\uff0c\u4e0d\u7528\u624b\u52a8\u6307\u5b9a\u3002
\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u652f\u6301\u7eb3\u7ba1\u4e24\u79cd\u7c7b\u578b\u7684\u96c6\u7fa4\uff1a\u63a5\u5165\u96c6\u7fa4\u548c\u81ea\u5efa\u96c6\u7fa4\u3002 \u5173\u4e8e\u96c6\u7fa4\u7eb3\u7ba1\u7c7b\u578b\u7684\u66f4\u591a\u4fe1\u606f\uff0c\u8bf7\u53c2\u89c1\u96c6\u7fa4\u89d2\u8272\u3002
\u8fd9\u4e24\u79cd\u96c6\u7fa4\u7684\u72b6\u6001\u5982\u4e0b\u6240\u8ff0\u3002
"},{"location":"admin/kpanda/clusters/cluster-status.html#_2","title":"\u63a5\u5165\u96c6\u7fa4","text":"\u72b6\u6001 \u63cf\u8ff0 \u63a5\u5165\u4e2d\uff08Joining\uff09 \u96c6\u7fa4\u6b63\u5728\u63a5\u5165 \u89e3\u9664\u63a5\u5165\u4e2d\uff08Removing\uff09 \u96c6\u7fa4\u6b63\u5728\u89e3\u9664\u63a5\u5165 \u8fd0\u884c\u4e2d\uff08Running\uff09 \u96c6\u7fa4\u6b63\u5e38\u8fd0\u884c \u672a\u77e5\uff08Unknown\uff09 \u96c6\u7fa4\u5df2\u5931\u8054\uff0c\u7cfb\u7edf\u5c55\u793a\u6570\u636e\u4e3a\u5931\u8054\u524d\u7f13\u5b58\u6570\u636e\uff0c\u4e0d\u4ee3\u8868\u771f\u5b9e\u6570\u636e\uff0c\u540c\u65f6\u5931\u8054\u72b6\u6001\u4e0b\u6267\u884c\u7684\u4efb\u4f55\u64cd\u4f5c\u90fd\u5c06\u4e0d\u751f\u6548\uff0c\u8bf7\u68c0\u67e5\u96c6\u7fa4\u7f51\u7edc\u8fde\u901a\u6027\u6216\u4e3b\u673a\u72b6\u6001\u3002"},{"location":"admin/kpanda/clusters/cluster-status.html#_3","title":"\u81ea\u5efa\u96c6\u7fa4","text":"\u72b6\u6001 \u63cf\u8ff0 \u521b\u5efa\u4e2d\uff08Creating\uff09 \u96c6\u7fa4\u6b63\u5728\u521b\u5efa \u66f4\u65b0\u4e2d\uff08Updating\uff09 \u66f4\u65b0\u96c6\u7fa4 Kubernetes \u7248\u672c \u5220\u9664\u4e2d\uff08Deleting\uff09 \u96c6\u7fa4\u6b63\u5728\u5220\u9664 \u8fd0\u884c\u4e2d\uff08Running\uff09 \u96c6\u7fa4\u6b63\u5e38\u8fd0\u884c \u672a\u77e5\uff08Unknown\uff09 \u96c6\u7fa4\u5df2\u5931\u8054\uff0c\u7cfb\u7edf\u5c55\u793a\u6570\u636e\u4e3a\u5931\u8054\u524d\u7f13\u5b58\u6570\u636e\uff0c\u4e0d\u4ee3\u8868\u771f\u5b9e\u6570\u636e\uff0c\u540c\u65f6\u5931\u8054\u72b6\u6001\u4e0b\u6267\u884c\u7684\u4efb\u4f55\u64cd\u4f5c\u90fd\u5c06\u4e0d\u751f\u6548\uff0c\u8bf7\u68c0\u67e5\u96c6\u7fa4\u7f51\u7edc\u8fde\u901a\u6027\u6216\u4e3b\u673a\u72b6\u6001\u3002 \u521b\u5efa\u5931\u8d25\uff08Failed\uff09 \u96c6\u7fa4\u521b\u5efa\u5931\u8d25\uff0c\u8bf7\u67e5\u770b\u65e5\u5fd7\u4ee5\u83b7\u53d6\u8be6\u7ec6\u5931\u8d25\u539f\u56e0"},{"location":"admin/kpanda/clusters/cluster-version.html","title":"\u96c6\u7fa4\u7248\u672c\u652f\u6301\u8303\u56f4","text":"\u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4e2d\uff0c\u63a5\u5165\u578b\u96c6\u7fa4\u548c\u81ea\u5efa\u96c6\u7fa4\u91c7\u53d6\u4e0d\u540c\u7684\u7248\u672c\u652f\u6301\u673a\u5236\u3002
\u672c\u6587\u4e3b\u8981\u4ecb\u7ecd\u81ea\u5efa\u96c6\u7fa4\u7684\u7248\u672c\u652f\u6301\u673a\u5236\u3002
Kubernetes \u793e\u533a\u652f\u6301 3 \u4e2a\u7248\u672c\u8303\u56f4\uff0c\u5982 1.26\u30011.27\u30011.28\u3002\u5f53\u793e\u533a\u65b0\u7248\u672c\u53d1\u5e03\u4e4b\u540e\uff0c\u652f\u6301\u7684\u7248\u672c\u8303\u56f4\u5c06\u4f1a\u8fdb\u884c\u9012\u589e\u3002 \u5982\u793e\u533a\u6700\u65b0\u7684 1.29 \u7248\u672c\u5df2\u7ecf\u53d1\u5e03\uff0c\u6b64\u65f6\u793e\u533a\u652f\u6301\u7684\u7248\u672c\u8303\u56f4\u662f 1.27\u30011.28\u30011.29\u3002
\u4f8b\u5982\uff0c\u793e\u533a\u652f\u6301\u7684\u7248\u672c\u8303\u56f4\u662f 1.25\u30011.26\u30011.27\uff0c\u5219\u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4e2d\u4f7f\u7528\u754c\u9762\u521b\u5efa\u5de5\u4f5c\u96c6\u7fa4\u7684\u7248\u672c\u8303\u56f4\u662f 1.24\u30011.25\u30011.26\uff0c\u5e76\u4e14\u4f1a\u4e3a\u7528\u6237\u63a8\u8350\u4e00\u4e2a\u7a33\u5b9a\u7684\u7248\u672c\uff0c\u5982 1.24.7\u3002
\u9664\u6b64\u4e4b\u5916\uff0c\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4e2d\u4f7f\u7528\u754c\u9762\u521b\u5efa\u5de5\u4f5c\u96c6\u7fa4\u7684\u7248\u672c\u8303\u56f4\u4e0e\u793e\u533a\u4fdd\u6301\u9ad8\u5ea6\u540c\u6b65\uff0c\u5f53\u793e\u533a\u7248\u672c\u8fdb\u884c\u9012\u589e\u540e\uff0c\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4e2d\u4f7f\u7528\u754c\u9762\u521b\u5efa\u5de5\u4f5c\u96c6\u7fa4\u7684\u7248\u672c\u8303\u56f4\u4e5f\u4f1a\u540c\u6b65\u9012\u589e\u4e00\u4e2a\u7248\u672c\u3002
"},{"location":"admin/kpanda/clusters/cluster-version.html#kubernetes","title":"Kubernetes \u7248\u672c\u652f\u6301\u8303\u56f4","text":"Kubernetes \u793e\u533a\u7248\u672c\u8303\u56f4 \u81ea\u5efa\u5de5\u4f5c\u96c6\u7fa4\u7248\u672c\u8303\u56f4 \u81ea\u5efa\u5de5\u4f5c\u96c6\u7fa4\u63a8\u8350\u7248\u672c \u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u5b89\u88c5\u5668 \u53d1\u5e03\u65f6\u95f4\u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u4e2d\uff0c\u96c6\u7fa4\u89d2\u8272\u5206\u56db\u7c7b\uff1a\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u3001\u7ba1\u7406\u96c6\u7fa4\u3001\u5de5\u4f5c\u96c6\u7fa4\u3001\u63a5\u5165\u96c6\u7fa4\u3002 \u5176\u4e2d\uff0c\u63a5\u5165\u96c6\u7fa4\u53ea\u80fd\u4ece\u7b2c\u4e09\u65b9\u5382\u5546\u63a5\u5165\uff0c\u53c2\u89c1\u63a5\u5165\u96c6\u7fa4\u3002
\u672c\u9875\u4ecb\u7ecd\u5982\u4f55\u521b\u5efa\u5de5\u4f5c\u96c6\u7fa4\uff0c\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u65b0\u5efa\u5de5\u4f5c\u96c6\u7fa4\u7684\u5de5\u4f5c\u8282\u70b9 OS \u7c7b\u578b\u548c CPU \u67b6\u6784\u9700\u8981\u4e0e\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4fdd\u6301\u4e00\u81f4\u3002 \u5982\u9700\u4f7f\u7528\u533a\u522b\u4e8e\u5168\u5c40\u670d\u52a1\u96c6\u7fa4 OS \u6216\u67b6\u6784\u7684\u8282\u70b9\u521b\u5efa\u96c6\u7fa4\uff0c\u53c2\u9605\u5728 centos \u7ba1\u7406\u5e73\u53f0\u4e0a\u521b\u5efa ubuntu \u5de5\u4f5c\u96c6\u7fa4\u8fdb\u884c\u521b\u5efa\u3002
\u63a8\u8350\u4f7f\u7528 \u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u652f\u6301\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002 \u5982\u60a8\u672c\u5730\u8282\u70b9\u4e0d\u5728\u4e0a\u8ff0\u652f\u6301\u8303\u56f4\uff0c\u53ef\u53c2\u8003\u5728\u975e\u4e3b\u6d41\u64cd\u4f5c\u7cfb\u7edf\u4e0a\u521b\u5efa\u96c6\u7fa4\u8fdb\u884c\u521b\u5efa\u3002
"},{"location":"admin/kpanda/clusters/create-cluster.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u521b\u5efa\u96c6\u7fa4\u4e4b\u524d\u9700\u8981\u6ee1\u8db3\u4e00\u5b9a\u7684\u524d\u63d0\u6761\u4ef6\uff1a
v1.28.0-v1.30.2
\u3002\u5982\u9700\u521b\u5efa\u4f4e\u7248\u672c\u7684\u96c6\u7fa4\uff0c\u8bf7\u53c2\u8003\u96c6\u7fa4\u7248\u672c\u652f\u6301\u8303\u56f4\u3001\u90e8\u7f72\u4e0e\u5347\u7ea7 Kubean \u5411\u4e0b\u517c\u5bb9\u7248\u672c\u3002\u5728 \u96c6\u7fa4\u5217\u8868 \u9875\u9762\u4e2d\uff0c\u70b9\u51fb \u521b\u5efa\u96c6\u7fa4 \u6309\u94ae\u3002
\u53c2\u8003\u4e0b\u5217\u8981\u6c42\u586b\u5199\u96c6\u7fa4\u57fa\u672c\u4fe1\u606f\uff0c\u5e76\u70b9\u51fb \u4e0b\u4e00\u6b65 \u3002
\u586b\u5199\u8282\u70b9\u914d\u7f6e\u4fe1\u606f\uff0c\u5e76\u70b9\u51fb \u4e0b\u4e00\u6b65 \u3002
\u9ad8\u53ef\u7528\uff1a\u5f00\u542f\u540e\u9700\u8981\u63d0\u4f9b\u81f3\u5c11 3 \u4e2a\u63a7\u5236\u5668\u8282\u70b9\u3002\u5173\u95ed\u540e\uff0c\u53ea\u63d0\u4f9b 1 \u4e2a\u63a7\u5236\u5668\u8282\u70b9\u5373\u53ef\u3002
\u751f\u4ea7\u73af\u5883\u4e2d\u5efa\u8bae\u4f7f\u7528\u9ad8\u53ef\u7528\u6a21\u5f0f\u3002
\u8ba4\u8bc1\u65b9\u5f0f\uff1a\u9009\u62e9\u901a\u8fc7\u7528\u6237\u540d/\u5bc6\u7801\u8fd8\u662f\u516c\u79c1\u94a5\u8bbf\u95ee\u8282\u70b9\u3002
\u5982\u679c\u4f7f\u7528\u516c\u79c1\u94a5\u65b9\u5f0f\u8bbf\u95ee\u8282\u70b9\uff0c\u9700\u8981\u9884\u5148\u914d\u7f6e\u8282\u70b9\u7684 SSH \u5bc6\u94a5\u3002\u53c2\u9605\u4f7f\u7528 SSH \u5bc6\u94a5\u8ba4\u8bc1\u8282\u70b9\u3002
\u4f7f\u7528\u7edf\u4e00\u7684\u5bc6\u7801\uff1a\u5f00\u542f\u540e\u96c6\u7fa4\u4e2d\u6240\u6709\u8282\u70b9\u7684\u8bbf\u95ee\u5bc6\u7801\u90fd\u76f8\u540c\uff0c\u9700\u8981\u5728\u4e0b\u65b9\u8f93\u5165\u8bbf\u95ee\u6240\u6709\u8282\u70b9\u7684\u7edf\u4e00\u5bc6\u7801\u3002\u5982\u679c\u5173\u95ed\uff0c\u5219\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u8282\u70b9\u8bbe\u7f6e\u5355\u72ec\u7684\u7528\u6237\u540d\u548c\u5bc6\u7801\u3002
\u8282\u70b9\u4fe1\u606f\uff1a\u586b\u5199\u8282\u70b9\u540d\u79f0\u548c IP \u5730\u5740\u3002
\u5728\u9875\u9762\u5e95\u90e8\u70b9\u51fb\u8282\u70b9\u68c0\u67e5\u3002\u5982\u679c\u68c0\u67e5\u901a\u8fc7\u5219\u7ee7\u7eed\u4e0b\u4e00\u6b65\u64cd\u4f5c\u3002\u5982\u679c\u68c0\u67e5\u672a\u901a\u8fc7\uff0c\u5219\u66f4\u65b0 \u8282\u70b9\u4fe1\u606f \u5e76\u518d\u6b21\u6267\u884c\u68c0\u67e5\u3002
\u586b\u5199\u7f51\u7edc\u914d\u7f6e\u4fe1\u606f\uff0c\u5e76\u70b9\u51fb \u4e0b\u4e00\u6b65 \u3002
\u7f51\u7edc\u63d2\u4ef6\uff1a\u8d1f\u8d23\u4e3a\u96c6\u7fa4\u5185\u7684 Pod \u63d0\u4f9b\u7f51\u7edc\u670d\u52a1\uff0c\u521b\u5efa\u96c6\u7fa4\u540e\u4e0d\u53ef\u66f4\u6539\u7f51\u7edc\u63d2\u4ef6\u3002\u652f\u6301 cilium \u548c calico\u3002\u9009\u62e9 none \u8868\u793a\u6682\u4e0d\u5b89\u88c5\u7f51\u7edc\u63d2\u4ef6\u3002
\u5bb9\u5668\u7f51\u6bb5\uff1a\u96c6\u7fa4\u4e0b\u5bb9\u5668\u4f7f\u7528\u7684\u7f51\u6bb5\uff0c\u51b3\u5b9a\u96c6\u7fa4\u4e0b\u5bb9\u5668\u7684\u6570\u91cf\u4e0a\u9650\u3002\u521b\u5efa\u540e\u4e0d\u53ef\u4fee\u6539\u3002
\u586b\u5199\u63d2\u4ef6\u914d\u7f6e\u4fe1\u606f\uff0c\u5e76\u70b9\u51fb \u4e0b\u4e00\u6b65 \u3002
\u586b\u5199\u9ad8\u7ea7\u914d\u7f6e\u4fe1\u606f\uff0c\u5e76\u70b9\u51fb \u786e\u5b9a \u3002
Success
Note
\u901a\u8fc7\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u5bb9\u5668\u7ba1\u7406\u5e73\u53f0 \u521b\u5efa\u7684\u96c6\u7fa4 \u652f\u6301 \u5378\u8f7d\u96c6\u7fa4 \u6216 \u89e3\u9664\u63a5\u5165 \u64cd\u4f5c\uff0c\u4ece\u5176\u4ed6\u73af\u5883\u76f4\u63a5 \u63a5\u5165\u7684\u96c6\u7fa4 \u4ec5\u652f\u6301 \u89e3\u9664\u63a5\u5165 \u64cd\u4f5c\u3002
Info
\u5982\u679c\u60f3\u5f7b\u5e95\u5220\u9664\u4e00\u4e2a\u63a5\u5165\u7684\u96c6\u7fa4\uff0c\u9700\u8981\u524d\u5f80\u521b\u5efa\u8be5\u96c6\u7fa4\u7684\u539f\u59cb\u5e73\u53f0\u64cd\u4f5c\u3002\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4e0d\u652f\u6301\u5220\u9664\u63a5\u5165\u7684\u96c6\u7fa4\u3002
\u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4e2d\uff0c \u5378\u8f7d\u96c6\u7fa4 \u548c \u89e3\u9664\u63a5\u5165 \u7684\u533a\u522b\u5728\u4e8e\uff1a
Note
\u5728 \u96c6\u7fa4\u5217\u8868 \u9875\u627e\u5230\u9700\u8981\u5378\u8f7d\u96c6\u7fa4\uff0c\u70b9\u51fb\u53f3\u4fa7\u7684 \u2507 \u5e76\u5728\u4e0b\u62c9\u5217\u8868\u4e2d\u70b9\u51fb \u5378\u8f7d\u96c6\u7fa4 \u3002
\u8f93\u5165\u96c6\u7fa4\u540d\u79f0\u8fdb\u884c\u786e\u8ba4\uff0c\u7136\u540e\u70b9\u51fb \u5220\u9664 \u3002
\u5982\u679c\u63d0\u793a\u96c6\u7fa4\u4e2d\u8fd8\u6709\u4e00\u4e9b\u6b8b\u7559\u7684\u8d44\u6e90\uff0c\u5219\u9700\u8981\u6309\u63d0\u793a\u5220\u9664\u76f8\u5173\u8d44\u6e90\u540e\u624d\u80fd\u6267\u884c\u5378\u8f7d\u64cd\u4f5c\u3002
\u8fd4\u56de \u96c6\u7fa4\u5217\u8868 \u9875\u53ef\u4ee5\u770b\u5230\u8be5\u96c6\u7fa4\u7684\u72b6\u6001\u5df2\u7ecf\u53d8\u6210 \u5220\u9664\u4e2d \u3002\u5378\u8f7d\u96c6\u7fa4\u53ef\u80fd\u9700\u8981\u4e00\u6bb5\u65f6\u95f4\uff0c\u8bf7\u60a8\u8010\u5fc3\u7b49\u5019\u3002
Note
\u5728 \u96c6\u7fa4\u5217\u8868 \u9875\u627e\u5230\u9700\u8981\u5378\u8f7d\u96c6\u7fa4\uff0c\u70b9\u51fb\u53f3\u4fa7\u7684 \u2507 \u5e76\u5728\u4e0b\u62c9\u5217\u8868\u4e2d\u70b9\u51fb \u89e3\u9664\u63a5\u5165 \u3002
\u8f93\u5165\u96c6\u7fa4\u540d\u79f0\u8fdb\u884c\u786e\u8ba4\uff0c\u7136\u540e\u70b9\u51fb \u89e3\u9664\u63a5\u5165 \u3002
\u5982\u679c\u63d0\u793a\u96c6\u7fa4\u4e2d\u8fd8\u6709\u4e00\u4e9b\u6b8b\u7559\u7684\u8d44\u6e90\uff0c\u5219\u9700\u8981\u6309\u63d0\u793a\u5220\u9664\u76f8\u5173\u8d44\u6e90\u540e\u624d\u80fd\u89e3\u9664\u63a5\u5165\u3002
\u96c6\u7fa4\u88ab\u79fb\u9664\u540e\uff0c\u96c6\u7fa4\u4e2d\u539f\u6709\u7684\u7ba1\u7406\u5e73\u53f0\u6570\u636e\u4e0d\u4f1a\u88ab\u81ea\u52a8\u6e05\u9664\uff0c\u5982\u9700\u5c06\u96c6\u7fa4\u63a5\u5165\u81f3\u65b0\u7ba1\u7406\u5e73\u53f0\u5219\u9700\u8981\u624b\u52a8\u6267\u884c\u5982\u4e0b\u64cd\u4f5c\uff1a
\u5220\u9664 kpanda-system\u3001insight-system \u547d\u540d\u7a7a\u95f4
kubectl delete ns kpanda-system insight-system\n
"},{"location":"admin/kpanda/clusters/integrate-cluster.html","title":"\u63a5\u5165\u96c6\u7fa4","text":"\u901a\u8fc7\u63a5\u5165\u96c6\u7fa4\u64cd\u4f5c\uff0c\u80fd\u591f\u5bf9\u4f17\u591a\u4e91\u670d\u52a1\u5e73\u53f0\u96c6\u7fa4\u548c\u672c\u5730\u79c1\u6709\u7269\u7406\u96c6\u7fa4\u8fdb\u884c\u7edf\u4e00\u7eb3\u7ba1\uff0c\u5f62\u6210\u7edf\u4e00\u6cbb\u7406\u5e73\u53f0\uff0c\u6709\u6548\u907f\u514d\u4e86\u88ab\u5382\u5546\u9501\u5b9a\u98ce\u9669\uff0c\u52a9\u529b\u4f01\u4e1a\u4e1a\u52a1\u5b89\u5168\u4e0a\u4e91\u3002
\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u652f\u6301\u63a5\u5165\u591a\u79cd\u4e3b\u6d41\u7684\u5bb9\u5668\u96c6\u7fa4\uff0c\u4f8b\u5982 Redhat Openshift, SUSE Rancher, VMware Tanzu, Amazon EKS, Aliyun ACK, Huawei CCE, Tencent TKE, \u6807\u51c6 Kubernetes \u96c6\u7fa4\u3002
"},{"location":"admin/kpanda/clusters/integrate-cluster.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u8fdb\u5165 \u96c6\u7fa4\u5217\u8868 \u9875\u9762\uff0c\u70b9\u51fb\u53f3\u4e0a\u89d2\u7684 \u63a5\u5165\u96c6\u7fa4 \u6309\u94ae\u3002
\u586b\u5199\u57fa\u672c\u4fe1\u606f\u3002
\u586b\u5199\u76ee\u6807\u96c6\u7fa4\u7684 KubeConfig\uff0c\u70b9\u51fb \u9a8c\u8bc1 Config \uff0c\u9a8c\u8bc1\u901a\u8fc7\u540e\u624d\u80fd\u6210\u529f\u63a5\u5165\u96c6\u7fa4\u3002
\u5982\u679c\u4e0d\u77e5\u9053\u5982\u4f55\u83b7\u53d6\u96c6\u7fa4\u7684 KubeConfig \u6587\u4ef6\uff0c\u53ef\u4ee5\u5728\u8f93\u5165\u6846\u53f3\u4e0a\u89d2\u70b9\u51fb \u5982\u4f55\u83b7\u53d6 kubeConfig \u67e5\u770b\u5bf9\u5e94\u6b65\u9aa4\u3002
\u786e\u8ba4\u6240\u6709\u53c2\u6570\u586b\u5199\u6b63\u786e\uff0c\u5728\u9875\u9762\u53f3\u4e0b\u89d2\u70b9\u51fb \u786e\u5b9a \u3002
Note
\u672c\u6587\u4ecb\u7ecd\u5982\u4f55\u63a5\u5165 rancher \u96c6\u7fa4\u3002
"},{"location":"admin/kpanda/clusters/integrate-rancher-cluster.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u4f7f\u7528\u5177\u6709\u7ba1\u7406\u5458\u6743\u9650\u7684\u89d2\u8272\u8fdb\u5165 rancher \u96c6\u7fa4\uff0c\u5e76\u4f7f\u7528\u7ec8\u7aef\u65b0\u5efa\u4e00\u4e2a\u540d\u4e3a sa.yaml \u7684\u6587\u4ef6\u3002
vi sa.yaml\n
\u7136\u540e\u6309\u4e0b i \u952e\u8fdb\u5165\u63d2\u5165\u6a21\u5f0f\uff0c\u8f93\u5165\u4ee5\u4e0b\u5185\u5bb9\uff1a
sa.yamlapiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n name: rancher-rke\nrules:\n - apiGroups:\n - '*'\n resources:\n - '*'\n verbs:\n - '*'\n - nonResourceURLs:\n - '*'\n verbs:\n - '*'\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n name: rancher-rke\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: rancher-rke\n subjects:\n - kind: ServiceAccount\n name: rancher-rke\n namespace: kube-system\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: rancher-rke\n namespace: kube-system\n
\u6309\u4e0b esc \u952e\u9000\u51fa\u63d2\u5165\u6a21\u5f0f\uff0c\u7136\u540e\u8f93\u5165 __ :wq__ \u4fdd\u5b58\u5e76\u9000\u51fa\u3002
\u5728\u5f53\u524d\u8def\u5f84\u4e0b\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u65b0\u5efa\u540d\u4e3a rancher-rke \u7684 ServiceAccount\uff08\u4ee5\u4e0b\u7b80\u79f0\u4e3a SA \uff09\uff1a
kubectl apply -f sa.yaml\n
\u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a
clusterrole.rbac.authorization.k8s.io/rancher-rke created\nclusterrolebinding.rbac.authorization.k8s.io/rancher-rke created\nserviceaccount/rancher-rke created\n
\u521b\u5efa\u540d\u4e3a rancher-rke-secret \u7684\u5bc6\u94a5\uff0c\u5e76\u5c06\u5bc6\u94a5\u548c rancher-rke SA \u7ed1\u5b9a\u3002
kubectl apply -f - <<EOF\napiVersion: v1\nkind: Secret\nmetadata:\n name: rancher-rke-secret\n namespace: kube-system\n annotations:\n kubernetes.io/service-account.name: rancher-rke\n type: kubernetes.io/service-account-token\nEOF\n
\u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a
secret/rancher-rke-secret created\n
Note
\u5982\u679c\u60a8\u7684\u96c6\u7fa4\u7248\u672c\u4f4e\u4e8e 1.24\uff0c\u8bf7\u5ffd\u7565\u6b64\u6b65\u9aa4\uff0c\u76f4\u63a5\u524d\u5f80\u4e0b\u4e00\u6b65\u3002
\u67e5\u627e rancher-rke SA \u7684\u5bc6\u94a5\uff1a
kubectl -n kube-system get secret | grep rancher-rke | awk '{print $1}'\n
\u9884\u671f\u8f93\u51fa\uff1a
rancher-rke-secret\n
\u67e5\u770b\u5bc6\u94a5 rancher-rke-secret \u7684\u8be6\u60c5\uff1a
kubectl -n kube-system describe secret rancher-rke-secret\n
\u9884\u671f\u8f93\u51fa\uff1a
Name: rancher-rke-secret\nNamespace: kube-system\nLabels: <none>\nAnnotations: kubernetes.io/service-account.name: rancher-rke\n kubernetes.io/service-account.uid: d83df5d9-bd7d-488d-a046-b740618a0174\n\nType: kubernetes.io/service-account-token\n\nData\n====\nca.crt: 570 bytes\nnamespace: 11 bytes\ntoken: eyJhbGciOiJSUzI1NiIsImtpZCI6IjUtNE9nUWZLRzVpbEJORkZaNmtCQXhqVzRsZHU4MHhHcDBfb0VCaUo0V1kifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJyYW5jaGVyLXJrZS1zZWNyZXQiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoicmFuY2hlci1ya2UiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJkODNkZjVkOS1iZDdkLTQ4OGQtYTA0Ni1iNzQwNjE4YTAxNzQiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06cmFuY2hlci1ya2UifQ.VNsMtPEFOdDDeGt_8VHblcMRvjOwPXMM-79o9UooHx6q-VkHOcIOp3FOT2hnEdNnIsyODZVKCpEdCgyozX-3y5x2cZSZpocnkMcBbQm-qfTyUcUhAY7N5gcYUtHUhvRAsNWJcsDCn6d96gT_qo-ddo_cT8Ri39Lc123FDYOnYG-YGFKSgRQVy7Vyv34HIajZCCjZzy7i--eE_7o4DXeTjNqAFMFstUxxHBOXI3Rdn1zKQKqh5Jhg4ES7X-edSviSUfJUX-QV_LlAw5DuAyGPH7bDH4QaQ5k-p6cIctmpWZE-9wRDlKA4LYRblKE7MJcI6OmM4ldlMM0Jc8N-gCtl4w\n
\u5728\u4efb\u610f\u4e00\u53f0\u5b89\u88c5\u4e86 kubelet \u7684\u672c\u5730\u8282\u70b9\u6267\u884c\u5982\u4e0b\u64cd\u4f5c\uff1a
\u914d\u7f6e kubelet token\uff1a
kubectl config set-credentials rancher-rke --token=`rancher-rke-secret` \u91cc\u9762\u7684 token \u4fe1\u606f\n
\u4f8b\u5982\uff1a
kubectl config set-credentials eks-admin --token=eyJhbGciOiJSUzI1NiIsImtpZCI6IjUtNE9nUWZLRzVpbEJORkZaNmtCQXhqVzRsZHU4MHhHcDBfb0VCaUo0V1kifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJyYW5jaGVyLXJrZS1zZWNyZXQiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoicmFuY2hlci1ya2UiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJkODNkZjVkOS1iZDdkLTQ4OGQtYTA0Ni1iNzQwNjE4YTAxNzQiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06cmFuY2hlci1ya2UifQ.VNsMtPEFOdDDeGt_8VHblcMRvjOwPXMM-79o9UooHx6q-VkHOcIOp3FOT2hnEdNnIsyODZVKCpEdCgyozX-3y5x2cZSZpocnkMcBbQm-qfTyUcUhAY7N5gcYUtHUhvRAsNWJcsDCn6d96gT_qo-ddo_cT8Ri39Lc123FDYOnYG-YGFKSgRQVy7Vyv34HIajZCCjZzy7i--eE_7o4DXeTjNqAFMFstUxxHBOXI3Rdn1zKQKqh5Jhg4ES7X-edSviSUfJUX-QV_LlAw5DuAyGPH7bDH4QaQ5k-p6cIctmpWZE-9wRDlKA4LYRblKE7MJcI6OmM4ldlMM0Jc8N-gCtl4w\n
\u914d\u7f6e kubelet APIServer \u4fe1\u606f\uff1a
kubectl config set-cluster {\u96c6\u7fa4\u540d} --insecure-skip-tls-verify=true --server={APIServer}\n
https://10.X.X.X:6443
\u4f8b\u5982\uff1a
kubectl config set-cluster rancher-rke --insecure-skip-tls-verify=true --server=https://10.X.X.X:6443\n
\u914d\u7f6e kubelet \u4e0a\u4e0b\u6587\u4fe1\u606f\uff1a
kubectl config set-context {\u4e0a\u4e0b\u6587\u540d\u79f0} --cluster={\u96c6\u7fa4\u540d} --user={SA \u7528\u6237\u540d}\n
\u4f8b\u5982\uff1a
kubectl config set-context rancher-rke-context --cluster=rancher-rke --user=rancher-rke\n
\u5728 kubelet \u4e2d\u6307\u5b9a\u6211\u4eec\u521a\u521a\u65b0\u5efa\u7684\u4e0a\u4e0b\u6587 rancher-rke-context \uff1a
kubectl config use-context rancher-rke-context\n
\u83b7\u53d6\u4e0a\u4e0b\u6587 rancher-rke-context \u4e2d\u7684 kubeconfig \u4fe1\u606f\u3002
kubectl config view --minify --flatten --raw\n
\u9884\u671f\u8f93\u51fa\uff1a
apiVersion: v1\n clusters:\n - cluster:\n insecure-skip-tls-verify: true\n server: https://77C321BCF072682C70C8665ED4BFA10D.gr7.ap-southeast-1.eks.amazonaws.com\n name: joincluster\n contexts:\n - context:\n cluster: joincluster\n user: eks-admin\n name: ekscontext\n current-context: ekscontext\n kind: Config\n preferences: {}\n users:\n - name: eks-admin\n user:\n token: eyJhbGciOiJSUzI1NiIsImtpZCI6ImcxTjJwNkktWm5IbmRJU1RFRExvdWY1TGFWVUtGQ3VIejFtNlFQcUNFalEifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2V\n
\u4f7f\u7528\u521a\u521a\u83b7\u53d6\u7684 kubeconfig \u6587\u4ef6\uff0c\u53c2\u8003\u63a5\u5165\u96c6\u7fa4\u6587\u6863\uff0c\u5c06 rancher \u96c6\u7fa4\u63a5\u5165\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u3002
"},{"location":"admin/kpanda/clusters/k8s-cert.html","title":"Kubernetes \u96c6\u7fa4\u8bc1\u4e66\u66f4\u65b0","text":"\u4e3a\u4fdd\u8bc1 Kubernetes \u5404\u7ec4\u4ef6\u4e4b\u95f4\u7684\u901a\u4fe1\u5b89\u5168\uff0c\u7ec4\u4ef6\u4e4b\u95f4\u7684\u8c03\u7528\u4f1a\u8fdb\u884c TLS \u8eab\u4efd\u9a8c\u8bc1\uff0c\u6267\u884c\u9a8c\u8bc1\u64cd\u4f5c\u9700\u8981\u914d\u7f6e\u96c6\u7fa4 PKI \u8bc1\u4e66\u3002
\u96c6\u7fa4\u8bc1\u4e66\u6709\u6548\u671f\u4e3a1\u5e74\uff0c\u4e3a\u907f\u514d\u8bc1\u4e66\u8fc7\u671f\u5bfc\u81f4\u4e1a\u52a1\u65e0\u6cd5\u4f7f\u7528\uff0c\u8bf7\u53ca\u65f6\u66f4\u65b0\u8bc1\u4e66\u3002
\u672c\u6587\u4ecb\u7ecd\u5982\u4f55\u624b\u52a8\u8fdb\u884c\u8bc1\u4e66\u66f4\u65b0\u3002
"},{"location":"admin/kpanda/clusters/k8s-cert.html#_1","title":"\u68c0\u67e5\u8bc1\u4e66\u662f\u5426\u8fc7\u671f","text":"\u60a8\u53ef\u4ee5\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u67e5\u770b\u8bc1\u4e66\u662f\u5426\u8fc7\u671f\uff1a
kubeadm certs check-expiration\n
\u8f93\u51fa\u7c7b\u4f3c\u4e8e\u4ee5\u4e0b\u5185\u5bb9\uff1a
CERTIFICATE EXPIRES RESIDUAL TIME CERTIFICATE AUTHORITY EXTERNALLY MANAGED\nadmin.conf Dec 14, 2024 07:26 UTC 204d no \napiserver Dec 14, 2024 07:26 UTC 204d ca no \napiserver-etcd-client Dec 14, 2024 07:26 UTC 204d etcd-ca no \napiserver-kubelet-client Dec 14, 2024 07:26 UTC 204d ca no \ncontroller-manager.conf Dec 14, 2024 07:26 UTC 204d no \netcd-healthcheck-client Dec 14, 2024 07:26 UTC 204d etcd-ca no \netcd-peer Dec 14, 2024 07:26 UTC 204d etcd-ca no \netcd-server Dec 14, 2024 07:26 UTC 204d etcd-ca no \nfront-proxy-client Dec 14, 2024 07:26 UTC 204d front-proxy-ca no \nscheduler.conf Dec 14, 2024 07:26 UTC 204d no \n\nCERTIFICATE AUTHORITY EXPIRES RESIDUAL TIME EXTERNALLY MANAGED\nca Dec 12, 2033 07:26 UTC 9y no \netcd-ca Dec 12, 2033 07:26 UTC 9y no \nfront-proxy-ca Dec 12, 2033 07:26 UTC 9y no \n
"},{"location":"admin/kpanda/clusters/k8s-cert.html#_2","title":"\u624b\u52a8\u66f4\u65b0\u8bc1\u4e66","text":"\u60a8\u53ef\u4ee5\u901a\u8fc7\u4ee5\u4e0b\u547d\u4ee4\u624b\u52a8\u66f4\u65b0\u8bc1\u4e66\uff0c\u53ea\u9700\u5e26\u4e0a\u5408\u9002\u7684\u547d\u4ee4\u884c\u9009\u9879\u3002\u66f4\u65b0\u8bc1\u4e66\u524d\u8bf7\u5148\u5907\u4efd\u5f53\u524d\u8bc1\u4e66\u3002
\u66f4\u65b0\u6307\u5b9a\u8bc1\u4e66\uff1a
kubeadm certs renew\n
\u66f4\u65b0\u5168\u90e8\u8bc1\u4e66\uff1a
kubeadm certs renew all\n
\u66f4\u65b0\u540e\u7684\u8bc1\u4e66\u53ef\u4ee5\u5728 /etc/kubernetes/pki
\u76ee\u5f55\u4e0b\u67e5\u770b\uff0c\u6709\u6548\u671f\u5ef6\u7eed 1 \u5e74\u3002 \u4ee5\u4e0b\u5bf9\u5e94\u7684\u51e0\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e5f\u4f1a\u540c\u6b65\u66f4\u65b0\uff1a
Note
/etc/kubernetes/pki
\u4e2d\u7684\u5bc6\u94a5\u6267\u884c\u66f4\u65b0\u3002\u6267\u884c\u66f4\u65b0\u64cd\u4f5c\u4e4b\u540e\uff0c\u4f60\u9700\u8981\u91cd\u542f\u63a7\u5236\u9762 Pod\u3002\u56e0\u4e3a\u52a8\u6001\u8bc1\u4e66\u91cd\u8f7d\u76ee\u524d\u8fd8\u4e0d\u88ab\u6240\u6709\u7ec4\u4ef6\u548c\u8bc1\u4e66\u652f\u6301\uff0c\u6240\u6709\u8fd9\u9879\u64cd\u4f5c\u662f\u5fc5\u987b\u7684\u3002
\u9759\u6001 Pod \u662f\u88ab\u672c\u5730 kubelet \u800c\u4e0d\u662f API \u670d\u52a1\u5668\u7ba1\u7406\uff0c\u6240\u4ee5 kubectl \u4e0d\u80fd\u7528\u6765\u5220\u9664\u6216\u91cd\u542f\u4ed6\u4eec\u3002
\u8981\u91cd\u542f\u9759\u6001 Pod\uff0c\u4f60\u53ef\u4ee5\u4e34\u65f6\u5c06\u6e05\u5355\u6587\u4ef6\u4ece /etc/kubernetes/manifests/
\u79fb\u9664\u5e76\u7b49\u5f85 20 \u79d2\u3002 \u53c2\u8003 KubeletConfiguration \u7ed3\u6784\u4e2d\u7684 fileCheckFrequency \u503c\u3002
\u5982\u679c Pod \u4e0d\u5728\u6e05\u5355\u76ee\u5f55\u91cc\uff0ckubelet \u5c06\u4f1a\u7ec8\u6b62\u5b83\u3002 \u5728\u53e6\u4e00\u4e2a fileCheckFrequency \u5468\u671f\u4e4b\u540e\u4f60\u53ef\u4ee5\u5c06\u6587\u4ef6\u79fb\u56de\u53bb\uff0ckubelet \u53ef\u4ee5\u5b8c\u6210 Pod \u7684\u91cd\u5efa\uff0c\u800c\u7ec4\u4ef6\u7684\u8bc1\u4e66\u66f4\u65b0\u64cd\u4f5c\u4e5f\u5f97\u4ee5\u5b8c\u6210\u3002
mv ./manifests/* ./temp/\nmv ./temp/* ./manifests/\n
Note
\u5982\u679c\u5bb9\u5668\u670d\u52a1\u4f7f\u7528\u7684\u662f Docker\uff0c\u4e3a\u4e86\u8ba9\u8bc1\u4e66\u751f\u6548\uff0c\u53ef\u4ee5\u4f7f\u7528\u4ee5\u4e0b\u547d\u4ee4\u5bf9\u6d89\u53ca\u5230\u8bc1\u4e66\u4f7f\u7528\u7684\u51e0\u4e2a\u670d\u52a1\u8fdb\u884c\u91cd\u542f\uff1a
docker ps | grep -E 'k8s_kube-apiserver|k8s_kube-controller-manager|k8s_kube-scheduler|k8s_etcd_etcd' | awk -F ' ' '{print $1}' | xargs docker restart\n
"},{"location":"admin/kpanda/clusters/k8s-cert.html#kubeconfig","title":"\u66f4\u65b0 KubeConfig","text":"\u6784\u5efa\u96c6\u7fa4\u65f6\u901a\u5e38\u4f1a\u5c06 admin.conf \u8bc1\u4e66\u590d\u5236\u5230 $HOME/.kube/config \u4e2d\uff0c\u4e3a\u4e86\u5728\u66f4\u65b0 admin.conf \u540e\u66f4\u65b0 $HOME/.kube/config \u7684\u5185\u5bb9\uff0c \u5fc5\u987b\u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config\nsudo chown $(id -u):$(id -g) $HOME/.kube/config\n
"},{"location":"admin/kpanda/clusters/k8s-cert.html#kubelet","title":"\u4e3a kubelet \u914d\u7f6e\u8bc1\u4e66\u8f6e\u6362","text":"\u5b8c\u6210\u4ee5\u4e0a\u64cd\u4f5c\u540e\uff0c\u57fa\u672c\u5b8c\u6210\u4e86\u96c6\u7fa4\u6240\u6709\u8bc1\u4e66\u7684\u66f4\u65b0\uff0c\u4f46\u4e0d\u5305\u62ec kubelet\u3002
\u56e0\u4e3a kubernetes \u5305\u542b\u7279\u6027 kubelet \u8bc1\u4e66\u8f6e\u6362\uff0c \u5728\u5f53\u524d\u8bc1\u4e66\u5373\u5c06\u8fc7\u671f\u65f6\uff0c \u5c06\u81ea\u52a8\u751f\u6210\u65b0\u7684\u79d8\u94a5\uff0c\u5e76\u4ece Kubernetes API \u7533\u8bf7\u65b0\u7684\u8bc1\u4e66\u3002 \u4e00\u65e6\u65b0\u7684\u8bc1\u4e66\u53ef\u7528\uff0c\u5b83\u5c06\u88ab\u7528\u4e8e\u4e0e Kubernetes API \u95f4\u7684\u8fde\u63a5\u8ba4\u8bc1\u3002
Note
\u6b64\u7279\u6027\u9002\u7528\u4e8e Kubernetes 1.8.0 \u6216\u66f4\u9ad8\u7684\u7248\u672c\u3002
\u542f\u7528\u5ba2\u6237\u7aef\u8bc1\u4e66\u8f6e\u6362\uff0c\u914d\u7f6e\u53c2\u6570\u5982\u4e0b\uff1a
kubelet \u8fdb\u7a0b\u63a5\u6536 --rotate-certificates \u53c2\u6570\uff0c\u8be5\u53c2\u6570\u51b3\u5b9a kubelet \u5728\u5f53\u524d\u4f7f\u7528\u7684 \u8bc1\u4e66\u5373\u5c06\u5230\u671f\u65f6\uff0c\u662f\u5426\u4f1a\u81ea\u52a8\u7533\u8bf7\u65b0\u7684\u8bc1\u4e66\u3002
kube-controller-manager \u8fdb\u7a0b\u63a5\u6536 --cluster-signing-duration \u53c2\u6570 \uff08\u5728 1.19 \u7248\u672c\u4e4b\u524d\u4e3a --experimental-cluster-signing-duration\uff09\uff0c\u7528\u6765\u63a7\u5236\u7b7e\u53d1\u8bc1\u4e66\u7684\u6709\u6548\u671f\u9650\u3002
\u66f4\u591a\u8be6\u60c5\u53c2\u8003\u4e3a kubelet \u914d\u7f6e\u8bc1\u4e66\u8f6e\u6362\u3002
"},{"location":"admin/kpanda/clusters/k8s-cert.html#_4","title":"\u81ea\u52a8\u66f4\u65b0\u8bc1\u4e66","text":"\u4e3a\u4e86\u66f4\u9ad8\u6548\u4fbf\u6377\u5904\u7406\u5df2\u8fc7\u671f\u6216\u8005\u5373\u5c06\u8fc7\u671f\u7684 kubernetes \u96c6\u7fa4\u8bc1\u4e66\uff0c\u53ef\u53c2\u8003 k8s \u7248\u672c\u96c6\u7fa4\u8bc1\u4e66\u66f4\u65b0\u3002
"},{"location":"admin/kpanda/clusters/runtime.html","title":"\u5982\u4f55\u9009\u62e9\u5bb9\u5668\u8fd0\u884c\u65f6","text":"\u5bb9\u5668\u8fd0\u884c\u65f6\u662f kubernetes \u4e2d\u5bf9\u5bb9\u5668\u548c\u5bb9\u5668\u955c\u50cf\u751f\u547d\u5468\u671f\u8fdb\u884c\u7ba1\u7406\u7684\u91cd\u8981\u7ec4\u4ef6\u3002 kubernetes \u5728 1.19 \u7248\u672c\u4e2d\u5c06 containerd \u8bbe\u4e3a\u9ed8\u8ba4\u7684\u5bb9\u5668\u8fd0\u884c\u65f6\uff0c\u5e76\u5728 1.24 \u7248\u672c\u4e2d\u79fb\u9664\u4e86 Dockershim \u7ec4\u4ef6\u7684\u652f\u6301\u3002
\u56e0\u6b64\u76f8\u8f83\u4e8e Docker \u8fd0\u884c\u65f6\uff0c\u6211\u4eec\u66f4\u52a0 \u63a8\u8350\u60a8\u4f7f\u7528\u8f7b\u91cf\u7684 containerd \u4f5c\u4e3a\u60a8\u7684\u5bb9\u5668\u8fd0\u884c\u65f6\uff0c\u56e0\u4e3a\u8fd9\u5df2\u7ecf\u6210\u4e3a\u5f53\u524d\u4e3b\u6d41\u7684\u8fd0\u884c\u65f6\u9009\u62e9\u3002
\u9664\u6b64\u4e4b\u5916\uff0c\u4e00\u4e9b\u64cd\u4f5c\u7cfb\u7edf\u53d1\u884c\u5382\u5546\u5bf9 Docker \u8fd0\u884c\u65f6\u7684\u517c\u5bb9\u4e5f\u4e0d\u591f\u53cb\u597d\uff0c\u4e0d\u540c\u64cd\u4f5c\u7cfb\u7edf\u5bf9\u8fd0\u884c\u65f6\u7684\u652f\u6301\u5982\u4e0b\u8868\uff1a
"},{"location":"admin/kpanda/clusters/runtime.html#_2","title":"\u4e0d\u540c\u64cd\u4f5c\u7cfb\u7edf\u548c\u63a8\u8350\u7684\u8fd0\u884c\u65f6\u7248\u672c\u5bf9\u5e94\u5173\u7cfb","text":"\u64cd\u4f5c\u7cfb\u7edf \u63a8\u8350\u7684 containerd \u7248\u672c \u63a8\u8350\u7684 Docker \u7248\u672c CentOS 1.7.5 20.10 RedHatOS 1.7.5 20.10 KylinOS 1.7.5 19.03\uff08\u4ec5 ARM \u67b6\u6784\u652f\u6301 \uff0c\u5728 x86 \u67b6\u6784\u4e0b\u4e0d\u652f\u6301\u4f7f\u7528 Docker \u4f5c\u4e3a\u8fd0\u884c\u65f6\uff09\u66f4\u591a\u652f\u6301\u7684\u8fd0\u884c\u65f6\u7248\u672c\u4fe1\u606f\uff0c\u8bf7\u53c2\u8003 RedHatOS \u652f\u6301\u7684\u8fd0\u884c\u65f6\u7248\u672c \u548c KylinOS \u652f\u6301\u7684\u8fd0\u884c\u65f6\u7248\u672c
Note
\u5728\u79bb\u7ebf\u5b89\u88c5\u6a21\u5f0f\u4e0b\uff0c\u9700\u8981\u63d0\u524d\u51c6\u5907\u76f8\u5173\u64cd\u4f5c\u7cfb\u7edf\u7684\u8fd0\u884c\u65f6\u79bb\u7ebf\u5305\u3002
"},{"location":"admin/kpanda/clusters/upgrade-cluster.html","title":"\u96c6\u7fa4\u5347\u7ea7","text":"Kubernetes \u793e\u533a\u6bcf\u4e2a\u5b63\u5ea6\u90fd\u4f1a\u53d1\u5e03\u4e00\u6b21\u5c0f\u7248\u672c\uff0c\u6bcf\u4e2a\u7248\u672c\u7684\u7ef4\u62a4\u5468\u671f\u5927\u6982\u53ea\u6709 9 \u4e2a\u6708\u3002 \u7248\u672c\u505c\u6b62\u7ef4\u62a4\u540e\u5c31\u4e0d\u4f1a\u518d\u66f4\u65b0\u4e00\u4e9b\u91cd\u5927\u6f0f\u6d1e\u6216\u5b89\u5168\u6f0f\u6d1e\u3002\u624b\u52a8\u5347\u7ea7\u96c6\u7fa4\u64cd\u4f5c\u8f83\u4e3a\u7e41\u7410\uff0c\u7ed9\u7ba1\u7406\u4eba\u5458\u5e26\u6765\u4e86\u6781\u5927\u7684\u5de5\u4f5c\u8d1f\u62c5\u3002
\u672c\u8282\u5c06\u4ecb\u7ecd\u5982\u4f55\u5728\u901a\u8fc7 Web UI \u754c\u9762\u4e00\u952e\u5f0f\u5728\u7ebf\u5347\u7ea7\u5de5\u4f5c\u96c6\u7fa4 Kubernetes \u7248\u672c\uff0c \u5982\u9700\u79bb\u7ebf\u5347\u7ea7\u5de5\u4f5c\u96c6\u7fa4\u7684 kubernetes \u7248\u672c\uff0c\u8bf7\u53c2\u9605\u5de5\u4f5c\u96c6\u7fa4\u79bb\u7ebf\u5347\u7ea7\u6307\u5357\u8fdb\u884c\u5347\u7ea7\u3002
Danger
\u7248\u672c\u5347\u7ea7\u540e\u5c06\u65e0\u6cd5\u56de\u9000\u5230\u4e4b\u524d\u7684\u7248\u672c\uff0c\u8bf7\u8c28\u614e\u64cd\u4f5c\u3002
Note
\u5728\u96c6\u7fa4\u5217\u8868\u4e2d\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\u3002
\u7136\u540e\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u96c6\u7fa4\u8fd0\u7ef4 -> \u96c6\u7fa4\u5347\u7ea7 \uff0c\u5728\u9875\u9762\u53f3\u4e0a\u89d2\u70b9\u51fb \u7248\u672c\u5347\u7ea7 \u3002
\u9009\u62e9\u53ef\u5347\u7ea7\u7684\u7248\u672c\uff0c\u8f93\u5165\u96c6\u7fa4\u540d\u79f0\u8fdb\u884c\u786e\u8ba4\u3002
Note
\u5982\u679c\u60a8\u662f\u60f3\u901a\u8fc7\u5347\u7ea7\u65b9\u5f0f\u6765\u4fee\u6539\u96c6\u7fa4\u53c2\u6570\uff0c\u8bf7\u53c2\u8003\u4ee5\u4e0b\u6b65\u9aa4\uff1a
\u627e\u5230\u96c6\u7fa4\u5bf9\u5e94\u7684 ConfigMap\uff0c\u60a8\u53ef\u4ee5\u767b\u5f55\u63a7\u5236\u8282\u70b9\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u627e\u5230 varsConfRef \u4e2d\u7684 ConfigMap \u540d\u79f0\u3002
kubectl get cluster.kubean.io <clustername> -o yaml\n
\u6839\u636e\u9700\u8981\uff0c\u4fee\u6539 ConfigMap \u4e2d\u7684\u53c2\u6570\u4fe1\u606f\u3002
\u5728\u6b64\u5904\u9009\u62e9\u76f8\u540c\u7248\u672c\u8fdb\u884c\u5347\u7ea7\u64cd\u4f5c\uff0c\u5347\u7ea7\u5b8c\u6210\u5373\u53ef\u6210\u529f\u66f4\u65b0\u5bf9\u5e94\u7684\u96c6\u7fa4\u53c2\u6570\u3002
\u70b9\u51fb \u786e\u5b9a \u540e\uff0c\u53ef\u4ee5\u770b\u5230\u96c6\u7fa4\u7684\u5347\u7ea7\u8fdb\u5ea6\u3002
\u96c6\u7fa4\u5347\u7ea7\u9884\u8ba1\u9700\u8981 30 \u5206\u949f\uff0c\u53ef\u4ee5\u70b9\u51fb \u5b9e\u65f6\u65e5\u5fd7 \u6309\u94ae\u67e5\u770b\u96c6\u7fa4\u5347\u7ea7\u7684\u8be6\u7ec6\u65e5\u5fd7\u3002
configmap/secret \u70ed\u52a0\u8f7d\u662f\u6307\u5c06 configmap/secret \u4f5c\u4e3a\u6570\u636e\u5377\u6302\u8f7d\u5728\u5bb9\u5668\u4e2d\u6302\u8f7d\u65f6\uff0c\u5f53\u914d\u7f6e\u53d1\u751f\u6539\u53d8\u65f6\uff0c\u5bb9\u5668\u5c06\u81ea\u52a8\u8bfb\u53d6 configmap/secret \u66f4\u65b0\u540e\u7684\u914d\u7f6e\uff0c\u800c\u65e0\u9700\u91cd\u542f Pod\u3002
"},{"location":"admin/kpanda/configmaps-secrets/configmap-hot-loading.html#_1","title":"\u64cd\u4f5c\u6b65\u9aa4","text":"\u53c2\u8003\u521b\u5efa\u5de5\u4f5c\u8d1f\u8f7d - \u5bb9\u5668\u914d\u7f6e\uff0c\u914d\u7f6e\u5bb9\u5668\u6570\u636e\u5b58\u50a8\uff0c\u9009\u62e9 Configmap \u3001 Configmap Key \u3001 Secret \u3001 Secret Key \u4f5c\u4e3a\u6570\u636e\u5377\u6302\u8f7d\u81f3\u5bb9\u5668\u3002
Note
\u4f7f\u7528\u5b50\u8def\u5f84\uff08SubPath\uff09\u65b9\u5f0f\u6302\u8f7d\u7684\u914d\u7f6e\u6587\u4ef6\u4e0d\u652f\u6301\u70ed\u52a0\u8f7d\u3002
\u8fdb\u5165\u3010\u914d\u7f6e\u4e0e\u5bc6\u94a5\u3011\u9875\u9762\uff0c\u8fdb\u5165\u914d\u7f6e\u9879\u8be6\u60c5\u9875\u9762\uff0c\u5728\u3010\u5173\u8054\u8d44\u6e90\u3011\u4e2d\u627e\u5230\u5bf9\u5e94\u7684 container \u8d44\u6e90\uff0c\u70b9\u51fb \u7acb\u5373\u52a0\u8f7d \u6309\u94ae\uff0c\u8fdb\u5165\u914d\u7f6e\u70ed\u52a0\u8f7d\u9875\u9762\u3002
Note
\u5982\u679c\u60a8\u7684\u5e94\u7528\u652f\u6301\u81ea\u52a8\u8bfb\u53d6 configmap/secret \u66f4\u65b0\u540e\u7684\u914d\u7f6e\uff0c\u5219\u65e0\u9700\u624b\u52a8\u6267\u884c\u70ed\u52a0\u8f7d\u64cd\u4f5c\u3002
\u5728\u70ed\u52a0\u8f7d\u914d\u7f6e\u5f39\u7a97\u4e2d\uff0c\u8f93\u5165\u8fdb\u5165\u5bb9\u5668\u5185\u7684 \u6267\u884c\u547d\u4ee4 \u5e76\u70b9\u51fb \u786e\u5b9a \u6309\u94ae\uff0c\u4ee5\u91cd\u8f7d\u914d\u7f6e\u3002\u4f8b\u5982\uff0c\u5728 nginx \u5bb9\u5668\u4e2d\uff0c\u4ee5 root \u7528\u6237\u6743\u9650\uff0c\u6267\u884c nginx -s reload \u547d\u4ee4\u6765\u91cd\u8f7d\u914d\u7f6e\u3002
\u5728\u754c\u9762\u5f39\u51fa\u7684 web \u7ec8\u7aef\u4e2d\u67e5\u770b\u5e94\u7528\u91cd\u8f7d\u60c5\u51b5\u3002
\u914d\u7f6e\u9879\uff08ConfigMap\uff09\u4ee5\u952e\u503c\u5bf9\u7684\u5f62\u5f0f\u5b58\u50a8\u975e\u673a\u5bc6\u6027\u6570\u636e\uff0c\u5b9e\u73b0\u914d\u7f6e\u6570\u636e\u548c\u5e94\u7528\u4ee3\u7801\u76f8\u4e92\u89e3\u8026\u7684\u6548\u679c\u3002\u914d\u7f6e\u9879\u53ef\u7528\u4f5c\u5bb9\u5668\u7684\u73af\u5883\u53d8\u91cf\u3001\u547d\u4ee4\u884c\u53c2\u6570\u6216\u8005\u5b58\u50a8\u5377\u4e2d\u7684\u914d\u7f6e\u6587\u4ef6\u3002
Note
\u5728\u914d\u7f6e\u9879\u4e2d\u4fdd\u5b58\u7684\u6570\u636e\u4e0d\u53ef\u8d85\u8fc7 1 MiB\u3002\u5982\u679c\u9700\u8981\u5b58\u50a8\u4f53\u79ef\u66f4\u5927\u7684\u6570\u636e\uff0c\u5efa\u8bae\u6302\u8f7d\u5b58\u50a8\u5377\u6216\u8005\u4f7f\u7528\u72ec\u7acb\u7684\u6570\u636e\u5e93\u6216\u8005\u6587\u4ef6\u670d\u52a1\u3002
\u914d\u7f6e\u9879\u4e0d\u63d0\u4f9b\u4fdd\u5bc6\u6216\u8005\u52a0\u5bc6\u529f\u80fd\u3002\u5982\u679c\u8981\u5b58\u50a8\u52a0\u5bc6\u6570\u636e\uff0c\u5efa\u8bae\u4f7f\u7528\u5bc6\u94a5\uff0c\u6216\u8005\u5176\u4ed6\u7b2c\u4e09\u65b9\u5de5\u5177\u6765\u4fdd\u8bc1\u6570\u636e\u7684\u79c1\u5bc6\u6027\u3002
\u652f\u6301\u4e24\u79cd\u521b\u5efa\u65b9\u5f0f\uff1a
\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u5df2\u63a5\u5165 Kubernetes \u96c6\u7fa4\u6216\u8005\u5df2\u521b\u5efa Kubernetes \u96c6\u7fa4\uff0c\u4e14\u80fd\u591f\u8bbf\u95ee\u96c6\u7fa4\u7684 UI \u754c\u9762
\u5df2\u5b8c\u6210\u4e00\u4e2a\u547d\u540d\u7a7a\u95f4\u7684\u521b\u5efa\u3001\u7528\u6237\u7684\u521b\u5efa\uff0c\u5e76\u5c06\u7528\u6237\u6388\u6743\u4e3a NS Editor \u89d2\u8272 \uff0c\u8be6\u60c5\u53ef\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u6388\u6743\u3002
\u5728 \u96c6\u7fa4\u5217\u8868 \u9875\u9762\u70b9\u51fb\u67d0\u4e2a\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\uff0c\u70b9\u51fb \u914d\u7f6e\u4e0e\u5bc6\u94a5 -> \u914d\u7f6e\u9879 \uff0c\u70b9\u51fb\u53f3\u4e0a\u89d2 \u521b\u5efa\u914d\u7f6e\u9879 \u6309\u94ae\u3002
\u5728 \u521b\u5efa\u914d\u7f6e\u9879 \u9875\u9762\u4e2d\u586b\u5199\u914d\u7f6e\u4fe1\u606f\uff0c\u70b9\u51fb \u786e\u5b9a \u3002
Note
\u70b9\u51fb \u4e0a\u4f20\u6587\u4ef6 \u53ef\u4ee5\u4ece\u672c\u5730\u5bfc\u5165\u5df2\u6709\u7684\u6587\u4ef6\uff0c\u5feb\u901f\u521b\u5efa\u914d\u7f6e\u9879\u3002
\u521b\u5efa\u5b8c\u6210\u540e\u5728\u914d\u7f6e\u9879\u53f3\u4fa7\u70b9\u51fb\u66f4\u591a\u53ef\u4ee5\uff0c\u53ef\u4ee5\u7f16\u8f91 YAML\u3001\u66f4\u65b0\u3001\u5bfc\u51fa\u3001\u5220\u9664\u7b49\u64cd\u4f5c\u3002
\u5728 \u96c6\u7fa4\u5217\u8868 \u9875\u9762\u70b9\u51fb\u67d0\u4e2a\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\uff0c\u70b9\u51fb \u914d\u7f6e\u4e0e\u5bc6\u94a5 -> \u914d\u7f6e\u9879 \uff0c\u70b9\u51fb\u53f3\u4e0a\u89d2 YAML \u521b\u5efa \u6309\u94ae\u3002
\u586b\u5199\u6216\u7c98\u8d34\u4e8b\u5148\u51c6\u5907\u597d\u7684\u914d\u7f6e\u6587\u4ef6\uff0c\u7136\u540e\u5728\u5f39\u6846\u53f3\u4e0b\u89d2\u70b9\u51fb \u786e\u5b9a \u3002
Note
\u521b\u5efa\u5b8c\u6210\u540e\u5728\u914d\u7f6e\u9879\u53f3\u4fa7\u70b9\u51fb\u66f4\u591a\u53ef\u4ee5\uff0c\u53ef\u4ee5\u7f16\u8f91 YAML\u3001\u66f4\u65b0\u3001\u5bfc\u51fa\u3001\u5220\u9664\u7b49\u64cd\u4f5c\u3002
```yaml\nkind: ConfigMap\napiVersion: v1\nmetadata:\n name: kube-root-ca.crt\n namespace: default\n annotations:\ndata:\n version: '1.0'\n```\n
\u4e0b\u4e00\u6b65\uff1a\u4f7f\u7528\u914d\u7f6e\u9879
"},{"location":"admin/kpanda/configmaps-secrets/create-secret.html","title":"\u521b\u5efa\u5bc6\u94a5","text":"\u5bc6\u94a5\u662f\u4e00\u79cd\u7528\u4e8e\u5b58\u50a8\u548c\u7ba1\u7406\u5bc6\u7801\u3001OAuth \u4ee4\u724c\u3001SSH\u3001TLS \u51ed\u636e\u7b49\u654f\u611f\u4fe1\u606f\u7684\u8d44\u6e90\u5bf9\u8c61\u3002\u4f7f\u7528\u5bc6\u94a5\u610f\u5473\u7740\u60a8\u4e0d\u9700\u8981\u5728\u5e94\u7528\u7a0b\u5e8f\u4ee3\u7801\u4e2d\u5305\u542b\u654f\u611f\u7684\u673a\u5bc6\u6570\u636e\u3002
\u5bc6\u94a5\u4f7f\u7528\u573a\u666f\uff1a
\u652f\u6301\u4e24\u79cd\u521b\u5efa\u65b9\u5f0f\uff1a
\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u5df2\u63a5\u5165 Kubernetes \u96c6\u7fa4\u6216\u8005\u5df2\u521b\u5efa Kubernetes \u96c6\u7fa4\uff0c\u4e14\u80fd\u591f\u8bbf\u95ee\u96c6\u7fa4\u7684 UI \u754c\u9762
\u5df2\u5b8c\u6210\u4e00\u4e2a\u547d\u540d\u7a7a\u95f4\u7684\u521b\u5efa\u3001\u7528\u6237\u7684\u521b\u5efa\uff0c\u5e76\u5c06\u7528\u6237\u6388\u6743\u4e3a NS Editor \uff0c\u8be6\u60c5\u53ef\u53c2\u8003\u96c6\u7fa4\u548c\u547d\u540d\u7a7a\u95f4\u6388\u6743\u3002
\u5728 \u96c6\u7fa4\u5217\u8868 \u9875\u9762\u70b9\u51fb\u67d0\u4e2a\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\uff0c\u70b9\u51fb \u914d\u7f6e\u4e0e\u5bc6\u94a5 -> \u5bc6\u94a5 \uff0c\u70b9\u51fb\u53f3\u4e0a\u89d2 \u521b\u5efa\u5bc6\u94a5 \u6309\u94ae\u3002
\u5728 \u521b\u5efa\u5bc6\u94a5 \u9875\u9762\u4e2d\u586b\u5199\u914d\u7f6e\u4fe1\u606f\uff0c\u70b9\u51fb \u786e\u5b9a \u3002
\u586b\u5199\u914d\u7f6e\u65f6\u9700\u8981\u6ce8\u610f\uff1a
\u5728 \u96c6\u7fa4\u5217\u8868 \u9875\u9762\u70b9\u51fb\u67d0\u4e2a\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\uff0c\u70b9\u51fb \u914d\u7f6e\u4e0e\u5bc6\u94a5 -> \u5bc6\u94a5 \uff0c\u70b9\u51fb\u53f3\u4e0a\u89d2 YAML \u521b\u5efa \u6309\u94ae\u3002
\u5728 YAML \u521b\u5efa \u9875\u9762\u4e2d\u586b\u5199 YAML \u914d\u7f6e\uff0c\u70b9\u51fb \u786e\u5b9a \u3002
\u652f\u6301\u4ece\u672c\u5730\u5bfc\u5165 YAML \u6587\u4ef6\u6216\u5c06\u586b\u5199\u597d\u7684\u6587\u4ef6\u4e0b\u8f7d\u4fdd\u5b58\u5230\u672c\u5730\u3002
```yaml\napiVersion: v1\nkind: Secret\nmetadata:\n name: secretdemo\ntype: Opaque\ndata:\n username: ******\n password: ******\n```\n
\u4e0b\u4e00\u6b65\uff1a\u4f7f\u7528\u5bc6\u94a5
"},{"location":"admin/kpanda/configmaps-secrets/use-configmap.html","title":"\u4f7f\u7528\u914d\u7f6e\u9879","text":"\u914d\u7f6e\u9879\uff08ConfigMap\uff09\u662f Kubernetes \u7684\u4e00\u79cd API \u5bf9\u8c61\uff0c\u7528\u6765\u5c06\u975e\u673a\u5bc6\u6027\u7684\u6570\u636e\u4fdd\u5b58\u5230\u952e\u503c\u5bf9\u4e2d\uff0c\u53ef\u4ee5\u5b58\u50a8\u5176\u4ed6\u5bf9\u8c61\u6240\u9700\u8981\u4f7f\u7528\u7684\u914d\u7f6e\u3002 \u4f7f\u7528\u65f6\uff0c \u5bb9\u5668\u53ef\u4ee5\u5c06\u5176\u7528\u4f5c\u73af\u5883\u53d8\u91cf\u3001\u547d\u4ee4\u884c\u53c2\u6570\u6216\u8005\u5b58\u50a8\u5377\u4e2d\u7684\u914d\u7f6e\u6587\u4ef6\u3002\u901a\u8fc7\u4f7f\u7528\u914d\u7f6e\u9879\uff0c\u80fd\u591f\u5c06\u914d\u7f6e\u6570\u636e\u548c\u5e94\u7528\u7a0b\u5e8f\u4ee3\u7801\u5206\u5f00\uff0c\u4e3a\u5e94\u7528\u914d\u7f6e\u7684\u4fee\u6539\u63d0\u4f9b\u66f4\u52a0\u7075\u6d3b\u7684\u9014\u5f84\u3002
Note
\u914d\u7f6e\u9879\u5e76\u4e0d\u63d0\u4f9b\u4fdd\u5bc6\u6216\u8005\u52a0\u5bc6\u529f\u80fd\u3002\u5982\u679c\u8981\u5b58\u50a8\u7684\u6570\u636e\u662f\u673a\u5bc6\u7684\uff0c\u8bf7\u4f7f\u7528\u5bc6\u94a5\uff0c\u6216\u8005\u4f7f\u7528\u5176\u4ed6\u7b2c\u4e09\u65b9\u5de5\u5177\u6765\u4fdd\u8bc1\u6570\u636e\u7684\u79c1\u5bc6\u6027\uff0c\u800c\u4e0d\u662f\u7528\u914d\u7f6e\u9879\u3002 \u6b64\u5916\u5728\u5bb9\u5668\u91cc\u4f7f\u7528\u914d\u7f6e\u9879\u65f6\uff0c\u5bb9\u5668\u548c\u914d\u7f6e\u9879\u5fc5\u987b\u5904\u4e8e\u540c\u4e00\u96c6\u7fa4\u7684\u547d\u540d\u7a7a\u95f4\u4e2d\u3002
"},{"location":"admin/kpanda/configmaps-secrets/use-configmap.html#_2","title":"\u4f7f\u7528\u573a\u666f","text":"\u60a8\u53ef\u4ee5\u5728 Pod \u4e2d\u4f7f\u7528\u914d\u7f6e\u9879\uff0c\u6709\u591a\u79cd\u4f7f\u7528\u573a\u666f\uff0c\u4e3b\u8981\u5305\u62ec\uff1a
\u4f7f\u7528\u914d\u7f6e\u9879\u8bbe\u7f6e\u5bb9\u5668\u7684\u73af\u5883\u53d8\u91cf
\u4f7f\u7528\u914d\u7f6e\u9879\u8bbe\u7f6e\u5bb9\u5668\u7684\u547d\u4ee4\u884c\u53c2\u6570
\u4f7f\u7528\u914d\u7f6e\u9879\u4f5c\u4e3a\u5bb9\u5668\u7684\u6570\u636e\u5377
\u60a8\u53ef\u4ee5\u901a\u8fc7\u56fe\u5f62\u5316\u754c\u9762\u6216\u8005\u7ec8\u7aef\u547d\u4ee4\u884c\u6765\u4f7f\u7528\u914d\u7f6e\u9879\u4f5c\u4e3a\u5bb9\u5668\u7684\u73af\u5883\u53d8\u91cf\u3002
Note
\u914d\u7f6e\u9879\u5bfc\u5165\u662f\u5c06\u914d\u7f6e\u9879\u4f5c\u4e3a\u73af\u5883\u53d8\u91cf\u7684\u503c\uff1b\u914d\u7f6e\u9879\u952e\u503c\u5bfc\u5165\u662f\u5c06\u914d\u7f6e\u9879\u4e2d\u67d0\u4e00\u53c2\u6570\u4f5c\u4e3a\u73af\u5883\u53d8\u91cf\u7684\u503c\u3002
"},{"location":"admin/kpanda/configmaps-secrets/use-configmap.html#_4","title":"\u56fe\u5f62\u5316\u754c\u9762\u64cd\u4f5c","text":"\u901a\u8fc7\u955c\u50cf\u521b\u5efa\u5de5\u4f5c\u8d1f\u8f7d\u65f6\uff0c\u53ef\u4ee5\u5728 \u73af\u5883\u53d8\u91cf \u754c\u9762\u901a\u8fc7\u9009\u62e9 \u914d\u7f6e\u9879\u5bfc\u5165 \u6216 \u914d\u7f6e\u9879\u952e\u503c\u5bfc\u5165 \u4e3a\u5bb9\u5668\u8bbe\u7f6e\u73af\u5883\u53d8\u91cf\u3002
\u8fdb\u5165\u955c\u50cf\u521b\u5efa\u5de5\u4f5c\u8d1f\u8f7d\u9875\u9762\u4e2d\uff0c\u5728 \u5bb9\u5668\u914d\u7f6e \u8fd9\u4e00\u6b65\u4e2d\uff0c\u9009\u62e9 \u73af\u5883\u53d8\u91cf \u914d\u7f6e\uff0c\u70b9\u51fb \u6dfb\u52a0\u73af\u5883\u53d8\u91cf \u6309\u94ae\u3002
\u5728\u73af\u5883\u53d8\u91cf\u7c7b\u578b\u5904\u9009\u62e9 \u914d\u7f6e\u9879\u5bfc\u5165 \u6216 \u914d\u7f6e\u9879\u952e\u503c\u5bfc\u5165 \u3002
\u5f53\u73af\u5883\u53d8\u91cf\u7c7b\u578b\u9009\u62e9\u4e3a \u914d\u7f6e\u9879\u5bfc\u5165 \u65f6\uff0c\u4f9d\u6b21\u8f93\u5165 \u53d8\u91cf\u540d \u3001 \u524d\u7f00 \u540d\u79f0\u3001 \u914d\u7f6e\u9879 \u7684\u540d\u79f0\u3002
\u5f53\u73af\u5883\u53d8\u91cf\u7c7b\u578b\u9009\u62e9\u4e3a \u914d\u7f6e\u9879\u952e\u503c\u5bfc\u5165 \u65f6\uff0c\u4f9d\u6b21\u8f93\u5165 \u53d8\u91cf\u540d \u3001 \u914d\u7f6e\u9879 \u540d\u79f0\u3001 \u952e \u7684\u540d\u79f0\u3002
\u60a8\u53ef\u4ee5\u5728\u521b\u5efa\u5de5\u4f5c\u8d1f\u8f7d\u65f6\u5c06\u914d\u7f6e\u9879\u8bbe\u7f6e\u4e3a\u73af\u5883\u53d8\u91cf\uff0c\u4f7f\u7528 valueFrom \u53c2\u6570\u5f15\u7528 ConfigMap \u4e2d\u7684 Key/Value\u3002
apiVersion: v1\nkind: Pod\nmetadata:\n name: configmap-pod-1\nspec:\n containers:\n - name: test-container\n image: busybox\n command: [ \"/bin/sh\", \"-c\", \"env\" ]\n env:\n - name: SPECIAL_LEVEL_KEY\n valueFrom: # (1)!\n configMapKeyRef:\n name: kpanda-configmap # (2)!\n key: SPECIAL_LEVEL # (3)!\n restartPolicy: Never\n
\u60a8\u53ef\u4ee5\u4f7f\u7528\u914d\u7f6e\u9879\u8bbe\u7f6e\u5bb9\u5668\u4e2d\u7684\u547d\u4ee4\u6216\u8005\u53c2\u6570\u503c\uff0c\u4f7f\u7528\u73af\u5883\u53d8\u91cf\u66ff\u6362\u8bed\u6cd5 $(VAR_NAME) \u6765\u8fdb\u884c\u3002\u5982\u4e0b\u6240\u793a\u3002
apiVersion: v1\nkind: Pod\nmetadata:\n name: configmap-pod-3\nspec:\n containers:\n - name: test-container\n image: busybox\n command: [ \"/bin/sh\", \"-c\", \"echo $(SPECIAL_LEVEL_KEY) $(SPECIAL_TYPE_KEY)\" ]\n env:\n - name: SPECIAL_LEVEL_KEY\n valueFrom:\n configMapKeyRef:\n name: kpanda-configmap\n key: SPECIAL_LEVEL\n - name: SPECIAL_TYPE_KEY\n valueFrom:\n configMapKeyRef:\n name: kpanda-configmap\n key: SPECIAL_TYPE\n restartPolicy: Never\n
\u8fd9\u4e2a Pod \u8fd0\u884c\u540e\uff0c\u8f93\u51fa\u5982\u4e0b\u5185\u5bb9\u3002
Hello Kpanda\n
"},{"location":"admin/kpanda/configmaps-secrets/use-configmap.html#_7","title":"\u7528\u4f5c\u5bb9\u5668\u6570\u636e\u5377","text":"\u60a8\u53ef\u4ee5\u901a\u8fc7\u56fe\u5f62\u5316\u754c\u9762\u6216\u8005\u7ec8\u7aef\u547d\u4ee4\u884c\u6765\u4f7f\u7528\u914d\u7f6e\u9879\u4f5c\u4e3a\u5bb9\u5668\u7684\u73af\u5883\u53d8\u91cf\u3002
"},{"location":"admin/kpanda/configmaps-secrets/use-configmap.html#_8","title":"\u56fe\u5f62\u5316\u64cd\u4f5c","text":"\u5728\u901a\u8fc7\u955c\u50cf\u521b\u5efa\u5de5\u4f5c\u8d1f\u8f7d\u65f6\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7\u5728 \u6570\u636e\u5b58\u50a8 \u754c\u9762\u9009\u62e9\u5b58\u50a8\u7c7b\u578b\u4e3a \u914d\u7f6e\u9879 \uff0c\u5c06\u914d\u7f6e\u9879\u4f5c\u4e3a\u5bb9\u5668\u7684\u6570\u636e\u5377\u3002
\u8fdb\u5165\u955c\u50cf\u521b\u5efa\u5de5\u4f5c\u8d1f\u8f7d\u9875\u9762\u4e2d\uff0c\u5728 \u5bb9\u5668\u914d\u7f6e \u8fd9\u4e00\u6b65\u4e2d\uff0c\u9009\u62e9 \u6570\u636e\u5b58\u50a8 \u914d\u7f6e\uff0c\u5728 \u8282\u70b9\u8def\u5f84\u6620\u5c04 \u5217\u8868\u70b9\u51fb \u6dfb\u52a0 \u6309\u94ae\u3002
\u5728\u5b58\u50a8\u7c7b\u578b\u5904\u9009\u62e9 \u914d\u7f6e\u9879 \uff0c\u5e76\u4f9d\u6b21\u8f93\u5165 \u5bb9\u5668\u8def\u5f84 \u3001 \u5b50\u8def\u5f84 \u7b49\u4fe1\u606f\u3002
\u8981\u5728\u4e00\u4e2a Pod \u7684\u5b58\u50a8\u5377\u4e2d\u4f7f\u7528 ConfigMap\u3002
\u4e0b\u9762\u662f\u4e00\u4e2a\u5c06 ConfigMap \u4ee5\u5377\u7684\u5f62\u5f0f\u8fdb\u884c\u6302\u8f7d\u7684 Pod \u793a\u4f8b\uff1a
apiVersion: v1\nkind: Pod\nmetadata:\n name: mypod\nspec:\n containers:\n - name: mypod\n image: redis\n volumeMounts:\n - name: foo\n mountPath: \"/etc/foo\"\n readOnly: true\n volumes:\n - name: foo\n configMap:\n name: myconfigmap\n
\u5982\u679c Pod \u4e2d\u6709\u591a\u4e2a\u5bb9\u5668\uff0c\u5219\u6bcf\u4e2a\u5bb9\u5668\u90fd\u9700\u8981\u81ea\u5df1\u7684 volumeMounts \u5757\uff0c\u4f46\u9488\u5bf9\u6bcf\u4e2a ConfigMap\uff0c\u60a8\u53ea\u9700\u8981\u8bbe\u7f6e\u4e00\u4e2a spec.volumes \u5757\u3002
Note
\u5c06\u914d\u7f6e\u9879\u4f5c\u4e3a\u5bb9\u5668\u6302\u8f7d\u7684\u6570\u636e\u5377\u65f6\uff0c\u914d\u7f6e\u9879\u53ea\u80fd\u4f5c\u4e3a\u53ea\u8bfb\u6587\u4ef6\u8fdb\u884c\u8bfb\u53d6\u3002
"},{"location":"admin/kpanda/configmaps-secrets/use-secret.html","title":"\u4f7f\u7528\u5bc6\u94a5","text":"\u5bc6\u94a5\u662f\u4e00\u79cd\u7528\u4e8e\u5b58\u50a8\u548c\u7ba1\u7406\u5bc6\u7801\u3001OAuth \u4ee4\u724c\u3001SSH\u3001TLS \u51ed\u636e\u7b49\u654f\u611f\u4fe1\u606f\u7684\u8d44\u6e90\u5bf9\u8c61\u3002\u4f7f\u7528\u5bc6\u94a5\u610f\u5473\u7740\u60a8\u4e0d\u9700\u8981\u5728\u5e94\u7528\u7a0b\u5e8f\u4ee3\u7801\u4e2d\u5305\u542b\u654f\u611f\u7684\u673a\u5bc6\u6570\u636e\u3002
"},{"location":"admin/kpanda/configmaps-secrets/use-secret.html#_2","title":"\u4f7f\u7528\u573a\u666f","text":"\u60a8\u53ef\u4ee5\u5728 Pod \u4e2d\u4f7f\u7528\u5bc6\u94a5\uff0c\u6709\u591a\u79cd\u4f7f\u7528\u573a\u666f\uff0c\u4e3b\u8981\u5305\u62ec\uff1a
\u60a8\u53ef\u4ee5\u901a\u8fc7\u56fe\u5f62\u5316\u754c\u9762\u6216\u8005\u7ec8\u7aef\u547d\u4ee4\u884c\u6765\u4f7f\u7528\u5bc6\u94a5\u4f5c\u4e3a\u5bb9\u5668\u7684\u73af\u5883\u53d8\u91cf\u3002
Note
\u5bc6\u94a5\u5bfc\u5165\u662f\u5c06\u5bc6\u94a5\u4f5c\u4e3a\u73af\u5883\u53d8\u91cf\u7684\u503c\uff1b\u5bc6\u94a5\u952e\u503c\u5bfc\u5165\u662f\u5c06\u5bc6\u94a5\u4e2d\u67d0\u4e00\u53c2\u6570\u4f5c\u4e3a\u73af\u5883\u53d8\u91cf\u7684\u503c\u3002
"},{"location":"admin/kpanda/configmaps-secrets/use-secret.html#_4","title":"\u56fe\u5f62\u754c\u9762\u64cd\u4f5c","text":"\u5728\u901a\u8fc7\u955c\u50cf\u521b\u5efa\u5de5\u4f5c\u8d1f\u8f7d\u65f6\uff0c\u60a8\u53ef\u4ee5\u5728 \u73af\u5883\u53d8\u91cf \u754c\u9762\u901a\u8fc7\u9009\u62e9 \u5bc6\u94a5\u5bfc\u5165 \u6216 \u5bc6\u94a5\u952e\u503c\u5bfc\u5165 \u4e3a\u5bb9\u5668\u8bbe\u7f6e\u73af\u5883\u53d8\u91cf\u3002
\u8fdb\u5165\u955c\u50cf\u521b\u5efa\u5de5\u4f5c\u8d1f\u8f7d\u9875\u9762\u3002
\u5728 \u5bb9\u5668\u914d\u7f6e \u9009\u62e9 \u73af\u5883\u53d8\u91cf \u914d\u7f6e\uff0c\u70b9\u51fb \u6dfb\u52a0\u73af\u5883\u53d8\u91cf \u6309\u94ae\u3002
\u5728\u73af\u5883\u53d8\u91cf\u7c7b\u578b\u5904\u9009\u62e9 \u5bc6\u94a5\u5bfc\u5165 \u6216 \u5bc6\u94a5\u952e\u503c\u5bfc\u5165 \u3002
\u5f53\u73af\u5883\u53d8\u91cf\u7c7b\u578b\u9009\u62e9\u4e3a \u5bc6\u94a5\u5bfc\u5165 \u65f6\uff0c\u4f9d\u6b21\u8f93\u5165 \u53d8\u91cf\u540d \u3001 \u524d\u7f00 \u3001 \u5bc6\u94a5 \u7684\u540d\u79f0\u3002
\u5f53\u73af\u5883\u53d8\u91cf\u7c7b\u578b\u9009\u62e9\u4e3a \u5bc6\u94a5\u952e\u503c\u5bfc\u5165 \u65f6\uff0c\u4f9d\u6b21\u8f93\u5165 \u53d8\u91cf\u540d \u3001 \u5bc6\u94a5 \u3001 \u952e \u7684\u540d\u79f0\u3002
\u5982\u4e0b\u4f8b\u6240\u793a\uff0c\u60a8\u53ef\u4ee5\u5728\u521b\u5efa\u5de5\u4f5c\u8d1f\u8f7d\u65f6\u5c06\u5bc6\u94a5\u8bbe\u7f6e\u4e3a\u73af\u5883\u53d8\u91cf\uff0c\u4f7f\u7528 valueFrom \u53c2\u6570\u5f15\u7528 Secret \u4e2d\u7684 Key/Value\u3002
apiVersion: v1\nkind: Pod\nmetadata:\n name: secret-env-pod\nspec:\n containers:\n - name: mycontainer\n image: redis\n env:\n - name: SECRET_USERNAME\n valueFrom:\n secretKeyRef:\n name: mysecret\n key: username\n optional: false # (1)!\n - name: SECRET_PASSWORD\n valueFrom:\n secretKeyRef:\n name: mysecret\n key: password\n optional: false # (2)!\n
\u5728\u901a\u8fc7\u955c\u50cf\u521b\u5efa\u5de5\u4f5c\u8d1f\u8f7d\u65f6\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7\u5728 \u6570\u636e\u5b58\u50a8 \u754c\u9762\u9009\u62e9\u5b58\u50a8\u7c7b\u578b\u4e3a \u5bc6\u94a5 \uff0c\u5c06\u5bc6\u94a5\u4f5c\u4e3a\u5bb9\u5668\u7684\u6570\u636e\u5377\u3002
\u8fdb\u5165\u955c\u50cf\u521b\u5efa\u5de5\u4f5c\u8d1f\u8f7d\u9875\u9762\u3002
\u5728 \u5bb9\u5668\u914d\u7f6e \u9009\u62e9 \u6570\u636e\u5b58\u50a8 \u914d\u7f6e\uff0c\u5728 \u8282\u70b9\u8def\u5f84\u6620\u5c04 \u5217\u8868\u70b9\u51fb \u6dfb\u52a0 \u6309\u94ae\u3002
\u5728\u5b58\u50a8\u7c7b\u578b\u5904\u9009\u62e9 \u5bc6\u94a5 \uff0c\u5e76\u4f9d\u6b21\u8f93\u5165 \u5bb9\u5668\u8def\u5f84 \u3001 \u5b50\u8def\u5f84 \u7b49\u4fe1\u606f\u3002
\u4e0b\u9762\u662f\u4e00\u4e2a\u901a\u8fc7\u6570\u636e\u5377\u6765\u6302\u8f7d\u540d\u4e3a mysecret \u7684 Secret \u7684 Pod \u793a\u4f8b\uff1a
apiVersion: v1\nkind: Pod\nmetadata:\n name: mypod\nspec:\n containers:\n - name: mypod\n image: redis\n volumeMounts:\n - name: foo\n mountPath: \"/etc/foo\"\n readOnly: true\n volumes:\n - name: foo\n secret:\n secretName: mysecret\n optional: false # (1)!\n
\u5982\u679c Pod \u4e2d\u5305\u542b\u591a\u4e2a\u5bb9\u5668\uff0c\u5219\u6bcf\u4e2a\u5bb9\u5668\u9700\u8981\u81ea\u5df1\u7684 volumeMounts \u5757\uff0c\u4e0d\u8fc7\u9488\u5bf9\u6bcf\u4e2a Secret \u800c\u8a00\uff0c\u53ea\u9700\u8981\u4e00\u4efd .spec.volumes
\u8bbe\u7f6e\u3002
\u60a8\u53ef\u4ee5\u901a\u8fc7\u56fe\u5f62\u5316\u754c\u9762\u6216\u8005\u7ec8\u7aef\u547d\u4ee4\u884c\u6765\u4f7f\u7528\u5bc6\u94a5\u4f5c\u4e3a\u955c\u50cf\u4ed3\u5e93\u8eab\u4efd\u8ba4\u8bc1\u51ed\u8bc1\u3002
"},{"location":"admin/kpanda/configmaps-secrets/use-secret.html#_8","title":"\u56fe\u5f62\u5316\u64cd\u4f5c","text":"\u5728\u901a\u8fc7\u955c\u50cf\u521b\u5efa\u5de5\u4f5c\u8d1f\u8f7d\u65f6\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7\u5728 \u6570\u636e\u5b58\u50a8 \u754c\u9762\u9009\u62e9\u5b58\u50a8\u7c7b\u578b\u4e3a \u5bc6\u94a5 \uff0c\u5c06\u5bc6\u94a5\u4f5c\u4e3a\u5bb9\u5668\u7684\u6570\u636e\u5377\u3002
\u8fdb\u5165\u955c\u50cf\u521b\u5efa\u5de5\u4f5c\u8d1f\u8f7d\u9875\u9762\u3002
\u5728\u7b2c\u4e8c\u6b65 \u5bb9\u5668\u914d\u7f6e \u65f6\u9009\u62e9 \u57fa\u672c\u4fe1\u606f \u914d\u7f6e\uff0c\u70b9\u51fb \u9009\u62e9\u955c\u50cf \u6309\u94ae\u3002
\u5728\u5f39\u6846\u7684 \u955c\u50cf\u4ed3\u5e93 \u4e0b\u62c9\u9009\u62e9\u79c1\u6709\u955c\u50cf\u4ed3\u5e93\u540d\u79f0\u3002\u5173\u4e8e\u79c1\u6709\u955c\u50cf\u5bc6\u94a5\u521b\u5efa\u8bf7\u67e5\u770b\u521b\u5efa\u5bc6\u94a5\u4e86\u89e3\u8be6\u60c5\u3002
\u8f93\u5165\u79c1\u6709\u4ed3\u5e93\u5185\u7684\u955c\u50cf\u540d\u79f0\uff0c\u70b9\u51fb \u786e\u5b9a \uff0c\u5b8c\u6210\u955c\u50cf\u9009\u62e9\u3002
Note
\u521b\u5efa\u5bc6\u94a5\u65f6\uff0c\u9700\u8981\u786e\u4fdd\u8f93\u5165\u6b63\u786e\u7684\u955c\u50cf\u4ed3\u5e93\u5730\u5740\u3001\u7528\u6237\u540d\u79f0\u3001\u5bc6\u7801\u5e76\u9009\u62e9\u6b63\u786e\u7684\u955c\u50cf\u540d\u79f0\uff0c\u5426\u5219\u5c06\u65e0\u6cd5\u83b7\u53d6\u955c\u50cf\u4ed3\u5e93\u4e2d\u7684\u955c\u50cf\u3002
"},{"location":"admin/kpanda/custom-resources/create.html","title":"\u521b\u5efa\u81ea\u5b9a\u4e49\u8d44\u6e90 (CRD)","text":"\u5728 Kubernetes \u4e2d\u4e00\u5207\u5bf9\u8c61\u90fd\u88ab\u62bd\u8c61\u4e3a\u8d44\u6e90\uff0c\u5982 Pod\u3001Deployment\u3001Service\u3001Volume \u7b49\u662f Kubernetes \u63d0\u4f9b\u7684\u9ed8\u8ba4\u8d44\u6e90\uff0c \u8fd9\u4e3a\u6211\u4eec\u7684\u65e5\u5e38\u8fd0\u7ef4\u548c\u7ba1\u7406\u5de5\u4f5c\u63d0\u4f9b\u4e86\u91cd\u8981\u652f\u6491\uff0c\u4f46\u662f\u5728\u4e00\u4e9b\u7279\u6b8a\u7684\u573a\u666f\u4e2d\uff0c\u73b0\u6709\u7684\u9884\u7f6e\u8d44\u6e90\u5e76\u4e0d\u80fd\u6ee1\u8db3\u4e1a\u52a1\u7684\u9700\u8981\uff0c \u56e0\u6b64\u6211\u4eec\u5e0c\u671b\u53bb\u6269\u5c55 Kubernetes API \u7684\u80fd\u529b\uff0c\u81ea\u5b9a\u4e49\u8d44\u6e90\uff08CustomResourceDefinition, CRD\uff09\u6b63\u662f\u57fa\u4e8e\u8fd9\u6837\u7684\u9700\u6c42\u5e94\u8fd0\u800c\u751f\u3002
\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u652f\u6301\u5bf9\u81ea\u5b9a\u4e49\u8d44\u6e90\u7684\u754c\u9762\u5316\u7ba1\u7406\uff0c\u4e3b\u8981\u529f\u80fd\u5982\u4e0b\uff1a
\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u5df2\u63a5\u5165 Kubernetes \u96c6\u7fa4\u6216\u8005\u5df2\u521b\u5efa Kubernetes\uff0c\u4e14\u80fd\u591f\u8bbf\u95ee\u96c6\u7fa4\u7684 UI \u754c\u9762
\u5df2\u5b8c\u6210\u4e00\u4e2a\u547d\u540d\u7a7a\u95f4\u7684\u521b\u5efa\u3001\u7528\u6237\u7684\u521b\u5efa\uff0c\u5e76\u5c06\u7528\u6237\u6388\u6743\u4e3a Cluster Admin \u89d2\u8272 \uff0c\u8be6\u60c5\u53ef\u53c2\u8003\u96c6\u7fa4\u548c\u547d\u540d\u7a7a\u95f4\u6388\u6743
\u70b9\u51fb\u4e00\u4e2a\u96c6\u7fa4\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\uff0c\u70b9\u51fb \u81ea\u5b9a\u4e49\u8d44\u6e90 \uff0c\u70b9\u51fb\u53f3\u4e0a\u89d2 YAML \u521b\u5efa \u6309\u94ae\u3002
\u5728 YAML \u521b\u5efa \u9875\u9762\u4e2d\uff0c\u586b\u5199 YAML \u8bed\u53e5\u540e\uff0c\u70b9\u51fb \u786e\u5b9a \u3002
\u8fd4\u56de\u81ea\u5b9a\u4e49\u8d44\u6e90\u5217\u8868\u9875\uff0c\u5373\u53ef\u67e5\u770b\u521a\u521a\u521b\u5efa\u7684\u540d\u4e3a crontabs.stable.example.com
\u7684\u81ea\u5b9a\u4e49\u8d44\u6e90\u3002
\u81ea\u5b9a\u4e49\u8d44\u6e90\u793a\u4f8b\uff1a
CRD exampleapiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: crontabs.stable.example.com\nspec:\n group: stable.example.com\n versions:\n - name: v1\n served: true\n storage: true\n schema:\n openAPIV3Schema:\n type: object\n properties:\n spec:\n type: object\n properties:\n cronSpec:\n type: string\n image:\n type: string\n replicas:\n type: integer\n scope: Namespaced\n names:\n plural: crontabs\n singular: crontab\n kind: CronTab\n shortNames:\n - ct\n
"},{"location":"admin/kpanda/custom-resources/create.html#yaml_1","title":"\u901a\u8fc7 YAML \u521b\u5efa\u81ea\u5b9a\u4e49\u8d44\u6e90\u793a\u4f8b","text":"\u70b9\u51fb\u4e00\u4e2a\u96c6\u7fa4\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\uff0c\u70b9\u51fb \u81ea\u5b9a\u4e49\u8d44\u6e90 \uff0c\u8fdb\u5165\u81ea\u5b9a\u4e49\u8d44\u6e90\u5217\u8868\u9875\u9762\u3002
\u70b9\u51fb\u540d\u4e3a crontabs.stable.example.com
\u7684\u81ea\u5b9a\u4e49\u8d44\u6e90\uff0c\u8fdb\u5165\u8be6\u60c5\uff0c\u70b9\u51fb\u53f3\u4e0a\u89d2 YAML \u521b\u5efa \u6309\u94ae\u3002
\u5728 YAML \u521b\u5efa \u9875\u9762\u4e2d\uff0c\u586b\u5199 YAML \u8bed\u53e5\u540e\uff0c\u70b9\u51fb \u786e\u5b9a \u3002
\u8fd4\u56de crontabs.stable.example.com
\u7684\u8be6\u60c5\u9875\u9762\uff0c\u5373\u53ef\u67e5\u770b\u521a\u521a\u521b\u5efa\u7684\u540d\u4e3a my-new-cron-object \u7684\u81ea\u5b9a\u4e49\u8d44\u6e90\u3002
CR \u793a\u4f8b\uff1a
CR exampleapiVersion: \"stable.example.com/v1\"\nkind: CronTab\nmetadata:\n name: my-new-cron-object\nspec:\n cronSpec: \"* * * * */5\"\n image: my-awesome-cron-image\n
"},{"location":"admin/kpanda/gpu/index.html","title":"GPU \u7ba1\u7406\u6982\u8ff0","text":"\u672c\u6587\u4ecb\u7ecd \u7b97\u4e30 AI \u7b97\u529b\u5bb9\u5668\u7ba1\u7406\u5e73\u53f0\u5bf9 GPU\u4e3a\u4ee3\u8868\u7684\u5f02\u6784\u8d44\u6e90\u7edf\u4e00\u8fd0\u7ef4\u7ba1\u7406\u80fd\u529b\u3002
"},{"location":"admin/kpanda/gpu/index.html#_1","title":"\u80cc\u666f","text":"\u968f\u7740 AI \u5e94\u7528\u3001\u5927\u6a21\u578b\u3001\u4eba\u5de5\u667a\u80fd\u3001\u81ea\u52a8\u9a7e\u9a76\u7b49\u65b0\u5174\u6280\u672f\u7684\u5feb\u901f\u53d1\u5c55\uff0c\u4f01\u4e1a\u9762\u4e34\u7740\u8d8a\u6765\u8d8a\u591a\u7684\u8ba1\u7b97\u5bc6\u96c6\u578b\u4efb\u52a1\u548c\u6570\u636e\u5904\u7406\u9700\u6c42\u3002 \u4ee5 CPU \u4e3a\u4ee3\u8868\u7684\u4f20\u7edf\u8ba1\u7b97\u67b6\u6784\u5df2\u65e0\u6cd5\u6ee1\u8db3\u4f01\u4e1a\u65e5\u76ca\u589e\u957f\u7684\u8ba1\u7b97\u9700\u6c42\u3002\u6b64\u65f6\uff0c\u4ee5 GPU \u4e3a\u4ee3\u8868\u7684\u5f02\u6784\u8ba1\u7b97\u56e0\u5728\u5904\u7406\u5927\u89c4\u6a21\u6570\u636e\u3001\u8fdb\u884c\u590d\u6742\u8ba1\u7b97\u548c\u5b9e\u65f6\u56fe\u5f62\u6e32\u67d3\u65b9\u9762\u5177\u6709\u72ec\u7279\u7684\u4f18\u52bf\u88ab\u5e7f\u6cdb\u5e94\u7528\u3002
\u4e0e\u6b64\u540c\u65f6\uff0c\u7531\u4e8e\u7f3a\u4e4f\u5f02\u6784\u8d44\u6e90\u8c03\u5ea6\u7ba1\u7406\u7b49\u65b9\u9762\u7684\u7ecf\u9a8c\u548c\u4e13\u4e1a\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u5bfc\u81f4\u4e86 GPU \u8bbe\u5907\u7684\u8d44\u6e90\u5229\u7528\u7387\u6781\u4f4e\uff0c\u7ed9\u4f01\u4e1a\u5e26\u6765\u4e86\u9ad8\u6602\u7684 AI \u751f\u4ea7\u6210\u672c\u3002 \u5982\u4f55\u964d\u672c\u589e\u6548\uff0c\u63d0\u9ad8 GPU \u7b49\u5f02\u6784\u8d44\u6e90\u7684\u5229\u7528\u6548\u7387\uff0c\u6210\u4e3a\u4e86\u5f53\u524d\u4f17\u591a\u4f01\u4e1a\u4e9f\u9700\u8de8\u8d8a\u7684\u4e00\u9053\u96be\u9898\u3002
"},{"location":"admin/kpanda/gpu/index.html#gpu_1","title":"GPU \u80fd\u529b\u4ecb\u7ecd","text":"\u7b97\u4e30 AI \u7b97\u529b\u5bb9\u5668\u7ba1\u7406\u5e73\u53f0\u652f\u6301\u5bf9 GPU\u3001NPU \u7b49\u5f02\u6784\u8d44\u6e90\u8fdb\u884c\u7edf\u4e00\u8c03\u5ea6\u548c\u8fd0\u7ef4\u7ba1\u7406\uff0c\u5145\u5206\u91ca\u653e GPU \u8d44\u6e90\u7b97\u529b\uff0c\u52a0\u901f\u4f01\u4e1a AI \u7b49\u65b0\u5174\u5e94\u7528\u53d1\u5c55\u3002GPU \u7ba1\u7406\u80fd\u529b\u5982\u4e0b\uff1a
\u540c\u666e\u901a\u8ba1\u7b97\u673a\u786c\u4ef6\u4e00\u6837\uff0cNVIDIA GPU \u5361\u4f5c\u4e3a\u7269\u7406\u786c\u4ef6\uff0c\u5fc5\u987b\u5b89\u88c5 NVIDIA GPU \u9a71\u52a8\u540e\u624d\u80fd\u4f7f\u7528\u3002 \u4e3a\u4e86\u964d\u4f4e\u7528\u6237\u5728 kuberneets \u4e0a\u4f7f\u7528 GPU \u7684\u6210\u672c\uff0cNVIDIA \u5b98\u65b9\u63d0\u4f9b\u4e86 NVIDIA GPU Operator \u7ec4\u4ef6\u6765\u7ba1\u7406\u4f7f\u7528 NVIDIA GPU \u6240\u4f9d\u8d56\u7684\u5404\u79cd\u7ec4\u4ef6\u3002 \u8fd9\u4e9b\u7ec4\u4ef6\u5305\u62ec NVIDIA \u9a71\u52a8\u7a0b\u5e8f\uff08\u7528\u4e8e\u542f\u7528 CUDA\uff09\u3001NVIDIA \u5bb9\u5668\u8fd0\u884c\u65f6\u3001GPU \u8282\u70b9\u6807\u8bb0\u3001\u57fa\u4e8e DCGM \u7684\u76d1\u63a7\u7b49\u3002 \u7406\u8bba\u4e0a\u6765\u8bf4\u7528\u6237\u53ea\u9700\u8981\u5c06 GPU \u5361\u63d2\u5728\u5df2\u7ecf\u88ab kubernetes \u6240\u7eb3\u7ba1\u7684\u8ba1\u7b97\u8bbe\u5907\u4e0a\uff0c\u7136\u540e\u901a\u8fc7 GPU Operator \u5c31\u80fd\u4f7f\u7528 NVIDIA GPU \u7684\u6240\u6709\u80fd\u529b\u4e86\u3002 \u4e86\u89e3\u66f4\u591a NVIDIA GPU Operator \u76f8\u5173\u4fe1\u606f\uff0c\u8bf7\u53c2\u8003 NVIDIA \u5b98\u65b9\u6587\u6863\u3002 \u5982\u4f55\u90e8\u7f72\u8bf7\u53c2\u8003 GPU Operator \u79bb\u7ebf\u5b89\u88c5
NVIDIA GPU Operator \u67b6\u6784\u56fe\uff1a
"},{"location":"admin/kpanda/gpu/FAQ.html","title":"GPU \u76f8\u5173 FAQ","text":""},{"location":"admin/kpanda/gpu/FAQ.html#pod-nvidia-smi-gpu","title":"Pod \u5185 nvidia-smi \u770b\u4e0d\u5230 GPU \u8fdb\u7a0b","text":"Q: \u5728\u4f7f\u7528 GPU \u7684 Pod \u5185\u6267\u884c nvidia-smi
\u547d\u4ee4\u770b\u4e0d\u5230\u4f7f\u7528 GPU \u7684\u8fdb\u7a0b\u4fe1\u606f\uff0c\u5305\u62ec\u6574\u5361\u6a21\u5f0f\u3001vGPU \u6a21\u5f0f\u7b49\u3002
A: \u56e0\u4e3a\u6709 PID namespace
\u9694\u79bb\uff0c\u5bfc\u81f4\u5728 Pod \u5185\u67e5\u770b\u4e0d\u5230 GPU \u8fdb\u7a0b\uff0c\u5982\u679c\u8981\u67e5\u770b GPU \u8fdb\u7a0b\u6709\u5982\u4e0b\u51e0\u79cd\u65b9\u6cd5\uff1a
hostPID: true
\uff0c\u4f7f\u5176\u53ef\u4ee5\u67e5\u770b\u5230\u5bbf\u4e3b\u673a\u4e0a\u7684 PIDnvidia-smi
\u547d\u4ee4\u67e5\u770b\u8fdb\u7a0bchroot /run/nvidia/driver nvidia-smi
\u547d\u4ee4\u67e5\u770b\u8fdb\u7a0b\u672c\u8282\u4ecb\u7ecd\u5982\u4f55\u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4f7f\u7528\u5929\u6570\u667a\u82af\u865a\u62df GPU\u3002
"},{"location":"admin/kpanda/gpu/Iluvatar_usage.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u786e\u8ba4\u96c6\u7fa4\u662f\u5426\u5df2\u68c0\u6d4b GPU \u5361\u3002\u70b9\u51fb\u5bf9\u5e94 \u96c6\u7fa4 -> \u96c6\u7fa4\u8bbe\u7f6e -> Addon \u63d2\u4ef6 \uff0c\u67e5\u770b\u662f\u5426\u5df2\u81ea\u52a8\u542f\u7528\u5e76\u81ea\u52a8\u68c0\u6d4b\u5bf9\u5e94 GPU \u7c7b\u578b\u3002 \u76ee\u524d\u96c6\u7fa4\u4f1a\u81ea\u52a8\u542f\u7528 GPU \uff0c\u5e76\u4e14\u8bbe\u7f6e GPU \u7c7b\u578b\u4e3a Iluvatar \u3002
\u90e8\u7f72\u5de5\u4f5c\u8d1f\u8f7d\u3002\u70b9\u51fb\u5bf9\u5e94 \u96c6\u7fa4 -> \u5de5\u4f5c\u8d1f\u8f7d \uff0c\u901a\u8fc7\u955c\u50cf\u65b9\u5f0f\u90e8\u7f72\u5de5\u4f5c\u8d1f\u8f7d\uff0c\u9009\u62e9\u7c7b\u578b\uff08Iluvatar\uff09\u4e4b\u540e\uff0c\u9700\u8981\u914d\u7f6e App \u4f7f\u7528\u7684 GPU \u8d44\u6e90\uff1a
\u5982\u679c\u4e0a\u8ff0\u503c\u914d\u7f6e\u7684\u6709\u95ee\u9898\u5219\u4f1a\u51fa\u73b0\u8c03\u5ea6\u5931\u8d25\uff0c\u8d44\u6e90\u5206\u914d\u4e0d\u4e86\u7684\u60c5\u51b5\u3002
\u521b\u5efa\u5de5\u4f5c\u8d1f\u8f7d\u7533\u8bf7 GPU \u8d44\u6e90\uff0c\u5728\u8d44\u6e90\u7533\u8bf7\u548c\u9650\u5236\u914d\u7f6e\u4e2d\u589e\u52a0iluvatar.ai/vcuda-core: 1
\u3001iluvatar.ai/vcuda-memory: 200
\u53c2\u6570\uff0c\u914d\u7f6e App \u4f7f\u7528\u7269\u7406\u5361\u7684\u8d44\u6e90\u3002
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: full-iluvatar-gpu-demo\n namespace: default\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: full-iluvatar-gpu-demo\n template:\n metadata:\n labels:\n app: full-iluvatar-gpu-demo\n spec:\n containers:\n - image: nginx:perl\n name: container-0\n resources:\n limits:\n cpu: 250m\n iluvatar.ai/vcuda-core: '1'\n iluvatar.ai/vcuda-memory: '200'\n memory: 512Mi\n requests:\n cpu: 250m\n memory: 512Mi\n imagePullSecrets:\n - name: default-secret\n
"},{"location":"admin/kpanda/gpu/dynamic-regulation.html","title":"GPU \u8d44\u6e90\u52a8\u6001\u8c03\u8282","text":"\u63d0\u4f9b GPU \u8d44\u6e90\u52a8\u6001\u8c03\u6574\u529f\u80fd\uff0c\u5141\u8bb8\u60a8\u5728\u65e0\u9700\u91cd\u65b0\u52a0\u8f7d\u3001\u91cd\u7f6e\u6216\u91cd\u542f\u6574\u4e2a\u8fd0\u884c\u73af\u5883\u7684\u60c5\u51b5\u4e0b\uff0c\u5bf9\u5df2\u7ecf\u5206\u914d\u7684 vGPU \u8d44\u6e90\u8fdb\u884c\u5b9e\u65f6\u3001\u52a8\u6001\u7684\u8c03\u6574\u3002 \u8fd9\u4e00\u529f\u80fd\u65e8\u5728\u6700\u5927\u7a0b\u5ea6\u5730\u51cf\u5c11\u5bf9\u4e1a\u52a1\u8fd0\u884c\u7684\u5f71\u54cd\uff0c\u786e\u4fdd\u60a8\u7684\u4e1a\u52a1\u80fd\u591f\u6301\u7eed\u7a33\u5b9a\u5730\u8fd0\u884c\uff0c\u540c\u65f6\u6839\u636e\u5b9e\u9645\u9700\u6c42\u7075\u6d3b\u8c03\u6574 GPU \u8d44\u6e90\u3002
"},{"location":"admin/kpanda/gpu/dynamic-regulation.html#_1","title":"\u4f7f\u7528\u573a\u666f","text":"\u4ee5\u4e0b\u662f\u4e00\u4e2a\u5177\u4f53\u7684\u64cd\u4f5c\u793a\u4f8b\uff0c\u5c55\u793a\u5982\u4f55\u5728\u4e0d\u91cd\u542f vGPU Pod \u7684\u60c5\u51b5\u4e0b\u52a8\u6001\u8c03\u6574 vGPU \u7684\u7b97\u529b\u548c\u663e\u5b58\u8d44\u6e90\uff1a
"},{"location":"admin/kpanda/gpu/dynamic-regulation.html#vgpu-pod","title":"\u521b\u5efa\u4e00\u4e2a vGPU Pod","text":"\u9996\u5148\uff0c\u6211\u4eec\u4f7f\u7528\u4ee5\u4e0b YAML \u521b\u5efa\u4e00\u4e2a vGPU Pod\uff0c\u5176\u7b97\u529b\u521d\u59cb\u4e0d\u9650\u5236\uff0c\u663e\u5b58\u9650\u5236\u4e3a 200Mb\u3002
kind: Deployment\napiVersion: apps/v1\nmetadata:\n name: gpu-burn-test\n namespace: default\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: gpu-burn-test\n template:\n metadata:\n creationTimestamp: null\n labels:\n app: gpu-burn-test\n spec:\n containers:\n - name: container-1\n image: docker.io/chrstnhntschl/gpu_burn:latest\n command:\n - sleep\n - '100000'\n resources:\n limits:\n cpu: 1m\n memory: 1Gi\n nvidia.com/gpucores: '0'\n nvidia.com/gpumem: '200'\n nvidia.com/vgpu: '1'\n
\u8c03\u6574\u524d\u67e5\u770b Pod
\u4e2d\u7684\u8d44\u6e90 GPU
\u5206\u914d\u8d44\u6e90\uff1a
\u5982\u679c\u9700\u8981\u4fee\u6539\u7b97\u529b\u4e3a 10%\uff0c\u53ef\u4ee5\u6309\u7167\u4ee5\u4e0b\u6b65\u9aa4\u64cd\u4f5c\uff1a
\u8fdb\u5165\u5bb9\u5668\uff1a
kubectl exec -it <pod-name> -- /bin/bash\n
\u6267\u884c\uff1a
export CUDA_DEVICE_SM_LIMIT=10\n
\u5728\u5f53\u524d\u7ec8\u7aef\u76f4\u63a5\u8fd0\u884c\uff1a
./gpu_burn 60\n
\u7a0b\u5e8f\u5373\u53ef\u751f\u6548\u3002\u6ce8\u610f\uff0c\u4e0d\u80fd\u9000\u51fa\u5f53\u524d Bash \u7ec8\u7aef\u3002
\u5982\u679c\u9700\u8981\u4fee\u6539\u663e\u5b58\u4e3a 300 MB\uff0c\u53ef\u4ee5\u6309\u7167\u4ee5\u4e0b\u6b65\u9aa4\u64cd\u4f5c\uff1a
\u8fdb\u5165\u5bb9\u5668\uff1a
kubectl exec -it <pod-name> -- /bin/bash\n
\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u6765\u8bbe\u7f6e\u663e\u5b58\u9650\u5236\uff1a
export CUDA_DEVICE_MEMORY_LIMIT_0=300m\nexport CUDA_DEVICE_MEMORY_SHARED_CACHE=/usr/local/vgpu/d.cache\n
Note
\u6bcf\u6b21\u4fee\u6539\u663e\u5b58\u5927\u5c0f\u65f6\uff0cd.cache
\u8fd9\u4e2a\u6587\u4ef6\u540d\u5b57\u90fd\u9700\u8981\u4fee\u6539\uff0c\u6bd4\u5982\u6539\u4e3a a.cache
\u30011.cache
\u7b49\uff0c\u4ee5\u907f\u514d\u7f13\u5b58\u51b2\u7a81\u3002
\u5728\u5f53\u524d\u7ec8\u7aef\u76f4\u63a5\u8fd0\u884c\uff1a
./gpu_burn 60\n
\u7a0b\u5e8f\u5373\u53ef\u751f\u6548\u3002\u540c\u6837\u5730\uff0c\u4e0d\u80fd\u9000\u51fa\u5f53\u524d Bash \u7ec8\u7aef\u3002
\u8c03\u6574\u540e\u67e5\u770b Pod
\u4e2d\u7684\u8d44\u6e90 GPU
\u5206\u914d\u8d44\u6e90\uff1a
\u901a\u8fc7\u4e0a\u8ff0\u6b65\u9aa4\uff0c\u60a8\u53ef\u4ee5\u5728\u4e0d\u91cd\u542f vGPU Pod \u7684\u60c5\u51b5\u4e0b\u52a8\u6001\u5730\u8c03\u6574\u5176\u7b97\u529b\u548c\u663e\u5b58\u8d44\u6e90\uff0c\u4ece\u800c\u66f4\u7075\u6d3b\u5730\u6ee1\u8db3\u4e1a\u52a1\u9700\u6c42\u5e76\u4f18\u5316\u8d44\u6e90\u5229\u7528\u3002
"},{"location":"admin/kpanda/gpu/gpu_matrix.html","title":"GPU \u652f\u6301\u77e9\u9635","text":"\u672c\u9875\u8bf4\u660e\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u652f\u6301\u7684 GPU \u53ca\u64cd\u4f5c\u7cfb\u7edf\u6240\u5bf9\u5e94\u7684\u77e9\u9635\u3002
"},{"location":"admin/kpanda/gpu/gpu_matrix.html#nvidia-gpu","title":"NVIDIA GPU","text":"GPU \u5382\u5546\u53ca\u7c7b\u578b \u652f\u6301 GPU \u578b\u53f7 \u9002\u914d\u7684\u64cd\u4f5c\u7cfb\u7edf\uff08\u5728\u7ebf\uff09 \u63a8\u8350\u5185\u6838 \u63a8\u8350\u7684\u64cd\u4f5c\u7cfb\u7edf\u53ca\u5185\u6838 \u5b89\u88c5\u6587\u6863 NVIDIA GPU\uff08\u6574\u5361/vGPU\uff09 NVIDIA Fermi (2.1) \u67b6\u6784 CentOS 7 Kernel 3.10.0-123 ~ 3.10.0-1160\u5185\u6838\u53c2\u8003\u6587\u6863\u5efa\u8bae\u4f7f\u7528\u64cd\u4f5c\u7cfb\u7edf\u5bf9\u5e94 Kernel \u7248\u672c \u64cd\u4f5c\u7cfb\u7edf\uff1aCentOS 7.9\uff1b\u5185\u6838\u7248\u672c\uff1a 3.10.0-1160 GPU Operator \u79bb\u7ebf\u5b89\u88c5 NVIDIA GeForce 400 \u7cfb\u5217 CentOS 8 Kernel 4.18.0-80 ~ 4.18.0-348 NVIDIA Quadro 4000 \u7cfb\u5217 Ubuntu 20.04 Kernel 5.4 NVIDIA Tesla 20 \u7cfb\u5217 Ubuntu 22.04 Kernel 5.19 NVIDIA Ampere \u67b6\u6784\u7cfb\u5217(A100;A800;H100) RHEL 7 Kernel 3.10.0-123 ~ 3.10.0-1160 RHEL 8 Kernel 4.18.0-80 ~ 4.18.0-348 NVIDIA MIG NVIDIA Ampere \u67b6\u6784\u7cfb\u5217\uff08A100\u3001A800\u3001H100\uff09 CentOS 7 Kernel 3.10.0-123 ~ 3.10.0-1160 \u64cd\u4f5c\u7cfb\u7edf\uff1aCentOS 7.9\uff1b\u5185\u6838\u7248\u672c\uff1a3.10.0-1160 GPU Operator \u79bb\u7ebf\u5b89\u88c5 CentOS 8 Kernel 4.18.0-80 ~ 4.18.0-348 Ubuntu 20.04 Kernel 5.4 Ubuntu 22.04 Kernel 5.19 RHEL 7 Kernel 3.10.0-123 ~ 3.10.0-1160 RHEL 8 Kernel 4.18.0-80 ~ 4.18.0-348"},{"location":"admin/kpanda/gpu/gpu_matrix.html#ascendnpu","title":"\u6607\u817e\uff08Ascend\uff09NPU","text":"GPU \u5382\u5546\u53ca\u7c7b\u578b \u652f\u6301 NPU \u578b\u53f7 \u9002\u914d\u7684\u64cd\u4f5c\u7cfb\u7edf\uff08\u5728\u7ebf\uff09 \u63a8\u8350\u5185\u6838 \u63a8\u8350\u7684\u64cd\u4f5c\u7cfb\u7edf\u53ca\u5185\u6838 \u5b89\u88c5\u6587\u6863 \u6607\u817e\uff08Ascend 310\uff09 Ascend 310 Ubuntu 20.04 \u8be6\u60c5\u53c2\u8003\uff1a\u5185\u6838\u7248\u672c\u8981\u6c42 \u64cd\u4f5c\u7cfb\u7edf\uff1aCentOS 7.9\uff1b\u5185\u6838\u7248\u672c\uff1a3.10.0-1160 300 \u548c 310P \u9a71\u52a8\u6587\u6863 Ascend 310P\uff1b CentOS 7.6 CentOS 8.2 KylinV10SP1 \u64cd\u4f5c\u7cfb\u7edf openEuler \u64cd\u4f5c\u7cfb\u7edf \u6607\u817e\uff08Ascend 910\uff09 Ascend 910B Ubuntu 20.04 \u8be6\u60c5\u53c2\u8003\u5185\u6838\u7248\u672c\u8981\u6c42 \u64cd\u4f5c\u7cfb\u7edf\uff1aCentOS 7.9\uff1b\u5185\u6838\u7248\u672c\uff1a3.10.0-1160 910 \u9a71\u52a8\u6587\u6863 CentOS 7.6 CentOS 8.2 KylinV10SP1 \u64cd\u4f5c\u7cfb\u7edf openEuler \u64cd\u4f5c\u7cfb\u7edf"},{"location":"admin/kpanda/gpu/gpu_matrix.html#iluvatargpu","title":"\u5929\u6570\u667a\u82af\uff08Iluvatar\uff09GPU","text":"GPU \u5382\u5546\u53ca\u7c7b\u578b \u652f\u6301\u7684 GPU \u578b\u53f7 \u9002\u914d\u7684\u64cd\u4f5c\u7cfb\u7edf\uff08\u5728\u7ebf\uff09 \u63a8\u8350\u5185\u6838 \u63a8\u8350\u7684\u64cd\u4f5c\u7cfb\u7edf\u53ca\u5185\u6838 \u5b89\u88c5\u6587\u6863 \u5929\u6570\u667a\u82af(Iluvatar vGPU) BI100 CentOS 7 Kernel 3.10.0-957.el7.x86_64 ~ 3.10.0-1160.42.2.el7.x86_64 \u64cd\u4f5c\u7cfb\u7edf\uff1aCentOS 7.9\uff1b\u5185\u6838\u7248\u672c\uff1a 3.10.0-1160 \u8865\u5145\u4e2d MR100\uff1b CentOS 8 Kernel 4.18.0-80.el8.x86_64 ~ 4.18.0-305.19.1.el8_4.x86_64 Ubuntu 20.04 Kernel 4.15.0-20-generic ~ 4.15.0-160-generic Kernel 5.4.0-26-generic ~ 5.4.0-89-generic Kernel 5.8.0-23-generic ~ 5.8.0-63-generic Ubuntu 21.04 Kernel 4.15.0-20-generic ~ 4.15.0-160-generic Kernel 5.4.0-26-generic ~ 5.4.0-89-generic Kernel 5.8.0-23-generic ~ 5.8.0-63-generic openEuler 22.03 LTS Kernel \u7248\u672c\u5927\u4e8e\u7b49\u4e8e 5.1 \u4e14\u5c0f\u4e8e\u7b49\u4e8e 5.10"},{"location":"admin/kpanda/gpu/gpu_matrix.html#metaxgpu","title":"\u6c90\u66e6\uff08Metax\uff09GPU","text":"GPU \u5382\u5546\u53ca\u7c7b\u578b \u652f\u6301\u7684 GPU \u578b\u53f7 \u9002\u914d\u7684\u64cd\u4f5c\u7cfb\u7edf\uff08\u5728\u7ebf\uff09 \u63a8\u8350\u5185\u6838 \u63a8\u8350\u7684\u64cd\u4f5c\u7cfb\u7edf\u53ca\u5185\u6838 \u5b89\u88c5\u6587\u6863 \u6c90\u66e6Metax\uff08\u6574\u5361/vGPU\uff09 \u66e6\u4e91 C500 \u6c90\u66e6 GPU \u5b89\u88c5\u4f7f\u7528"},{"location":"admin/kpanda/gpu/gpu_scheduler_config.html","title":"GPU \u8c03\u5ea6\u914d\u7f6e\uff08Binpack \u548c Spread \uff09","text":"\u672c\u6587\u4ecb\u7ecd\u4f7f\u7528 NVIDIA vGPU \u65f6\uff0c\u5982\u4f55\u901a\u8fc7 Binpack \u548c Spread \u7684 GPU \u8c03\u5ea6\u914d\u7f6e\u51cf\u5c11 GPU \u8d44\u6e90\u788e\u7247\u3001\u9632\u6b62\u5355\u70b9\u6545\u969c\u7b49\uff0c\u5b9e\u73b0 vGPU \u7684\u9ad8\u7ea7\u8c03\u5ea6\u3002 \u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u63d0\u4f9b\u4e86\u96c6\u7fa4\u548c\u5de5\u4f5c\u8d1f\u8f7d\u4e24\u79cd\u7ef4\u5ea6\u7684 Binpack \u548c Spread \u8c03\u5ea6\u7b56\u7565\uff0c\u5206\u522b\u6ee1\u8db3\u4e0d\u540c\u573a\u666f\u4e0b\u7684\u4f7f\u7528\u9700\u6c42\u3002
"},{"location":"admin/kpanda/gpu/gpu_scheduler_config.html#_1","title":"\u524d\u7f6e\u6761\u4ef6","text":"\u57fa\u4e8e GPU \u5361\u7ef4\u5ea6\u8c03\u5ea6\u7b56\u7565
\u57fa\u4e8e\u8282\u70b9\u7ef4\u5ea6\u7684\u8c03\u5ea6\u7b56\u7565
Note
\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u5de5\u4f5c\u8d1f\u8f7d\u4f1a\u9075\u5faa\u96c6\u7fa4\u7ea7\u522b\u7684 Binpack \u548c Spread \u8c03\u5ea6\u914d\u7f6e\u3002 \u82e5\u5de5\u4f5c\u8d1f\u8f7d\u5355\u72ec\u8bbe\u7f6e\u4e86\u4e0e\u96c6\u7fa4\u4e0d\u4e00\u81f4\u7684 Binpack \u548c Spread \u8c03\u5ea6\u7b56\u7565\uff0c\u5219\u8be5\u5de5\u4f5c\u8d1f\u8f7d\u4f18\u5148\u9075\u5faa\u5176\u672c\u8eab\u7684\u8c03\u5ea6\u7b56\u7565\u3002
\u5728 \u96c6\u7fa4\u5217\u8868 \u9875\u9009\u62e9\u9700\u8981\u8c03\u6574 Binpack \u548c Spread \u8c03\u5ea6\u7b56\u7565\u7684\u96c6\u7fa4\uff0c\u70b9\u51fb\u53f3\u4fa7\u7684 \u2507 \u64cd\u4f5c\u56fe\u6807\u5e76\u5728\u4e0b\u62c9\u5217\u8868\u4e2d\u70b9\u51fb GPU \u8c03\u5ea6\u914d\u7f6e \u3002
\u6839\u636e\u4e1a\u52a1\u573a\u666f\u8c03\u6574 GPU \u8c03\u5ea6\u914d\u7f6e\uff0c\u5e76\u70b9\u51fb \u786e\u5b9a \u540e\u4fdd\u5b58\u3002
Note
\u5f53\u5de5\u4f5c\u8d1f\u8f7d\u7ef4\u5ea6\u7684 Binpack \u548c Spread \u8c03\u5ea6\u7b56\u7565\u4e0e\u96c6\u7fa4\u7ea7\u522b\u7684\u914d\u7f6e\u51b2\u7a81\u65f6\uff0c\u4f18\u5148\u9075\u5faa\u5de5\u4f5c\u8d1f\u8f7d\u7ef4\u5ea6\u7684\u914d\u7f6e\u3002
\u53c2\u8003\u4ee5\u4e0b\u6b65\u9aa4\uff0c\u4f7f\u7528\u955c\u50cf\u521b\u5efa\u4e00\u4e2a\u65e0\u72b6\u6001\u8d1f\u8f7d\uff0c\u5e76\u5728\u5de5\u4f5c\u8d1f\u8f7d\u4e2d\u914d\u7f6e Binpack \u548c Spread \u8c03\u5ea6\u7b56\u7565 \u3002
\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u4e0a\u7684 \u96c6\u7fa4\u5217\u8868 \uff0c\u7136\u540e\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u9875\u9762\u3002
\u5728\u96c6\u7fa4\u8be6\u60c5\u9875\u9762\uff0c\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u7684 \u5de5\u4f5c\u8d1f\u8f7d -> \u65e0\u72b6\u6001\u8d1f\u8f7d \uff0c\u7136\u540e\u70b9\u51fb\u9875\u9762\u53f3\u4e0a\u89d2\u7684 \u955c\u50cf\u521b\u5efa \u6309\u94ae\u3002
\u4f9d\u6b21\u586b\u5199\u57fa\u672c\u4fe1\u606f\u3001\u5bb9\u5668\u914d\u7f6e\uff0c\u5e76\u5728 \u5bb9\u5668\u914d\u7f6e \u4e2d\u542f\u7528 GPU \u914d\u7f6e\uff0c\u9009\u62e9 GPU \u7c7b\u578b\u4e3a NVIDIA vGPU\uff0c \u70b9\u51fb \u9ad8\u7ea7\u8bbe\u7f6e \uff0c\u542f\u7528 Binpack / Spread \u8c03\u5ea6\u7b56\u7565\uff0c\u6839\u636e\u4e1a\u52a1\u573a\u666f\u8c03\u6574 GPU \u8c03\u5ea6\u914d\u7f6e\u3002\u914d\u7f6e\u5b8c\u6210\u540e\u70b9\u51fb \u4e0b\u4e00\u6b65 \uff0c \u8fdb\u5165 \u670d\u52a1\u914d\u7f6e\u3001\u9ad8\u7ea7\u914d\u7f6e\u540e\uff0c\u5728\u9875\u9762\u53f3\u4e0b\u89d2\u70b9\u51fb \u786e\u5b9a \u5b8c\u6210\u521b\u5efa\u3002
\u672c\u8282\u4ecb\u7ecd\u5982\u4f55\u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4f7f\u7528 vGPU \u80fd\u529b\u3002
"},{"location":"admin/kpanda/gpu/vgpu_quota.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u5f53\u524d\u96c6\u7fa4\u5df2\u901a\u8fc7 Operator \u6216\u624b\u52a8\u65b9\u5f0f\u90e8\u7f72\u5bf9\u5e94\u7c7b\u578b GPU \u9a71\u52a8\uff08NVIDIA GPU\u3001NVIDIA MIG\u3001\u5929\u6570\u3001\u6607\u817e\uff09
"},{"location":"admin/kpanda/gpu/vgpu_quota.html#_2","title":"\u64cd\u4f5c\u6b65\u9aa4","text":"\u8fdb\u5165 Namespaces \u4e2d\uff0c\u70b9\u51fb \u914d\u989d\u7ba1\u7406 \u53ef\u4ee5\u914d\u7f6e\u5f53\u524d Namespace \u53ef\u4ee5\u4f7f\u7528\u7684 GPU \u8d44\u6e90\u3002
\u5f53\u524d\u547d\u540d\u7a7a\u95f4\u914d\u989d\u7ba1\u7406\u8986\u76d6\u7684\u5361\u7c7b\u578b\u4e3a\uff1aNVIDIA vGPU\u3001NVIDIA MIG\u3001\u5929\u6570\u3001\u6607\u817e\u3002
NVIDIA vGPU \u914d\u989d\u7ba1\u7406 \uff1a\u914d\u7f6e\u5177\u4f53\u53ef\u4ee5\u4f7f\u7528\u7684\u914d\u989d\uff0c\u4f1a\u521b\u5efa ResourcesQuota CR\uff1a
\u672c\u7ae0\u8282\u63d0\u4f9b\u6607\u817e NPU \u9a71\u52a8\u3001Device Plugin\u3001NPU-Exporter \u7b49\u7ec4\u4ef6\u7684\u5b89\u88c5\u6307\u5bfc\u3002
"},{"location":"admin/kpanda/gpu/ascend/ascend_driver_install.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u4f7f\u7528 NPU \u8d44\u6e90\u4e4b\u524d\uff0c\u9700\u8981\u5b8c\u6210\u56fa\u4ef6\u5b89\u88c5\u3001NPU \u9a71\u52a8\u5b89\u88c5\u3001 Docker Runtime \u5b89\u88c5\u3001\u7528\u6237\u521b\u5efa\u3001\u65e5\u5fd7\u76ee\u5f55\u521b\u5efa\u4ee5\u53ca NPU Device Plugin \u5b89\u88c5\uff0c\u8be6\u60c5\u53c2\u8003\u5982\u4e0b\u6b65\u9aa4\u3002
"},{"location":"admin/kpanda/gpu/ascend/ascend_driver_install.html#_3","title":"\u5b89\u88c5\u56fa\u4ef6","text":"\u4e0b\u8f7d Ascend Docker Runtime
\u793e\u533a\u7248\u4e0b\u8f7d\u5730\u5740\uff1ahttps://www.hiascend.com/zh/software/mindx-dl/community
wget -c https://mindx.obs.cn-south-1.myhuaweicloud.com/OpenSource/MindX/MindX%205.0.RC2/MindX%20DL%205.0.RC2/Ascend-docker-runtime_5.0.RC2_linux-x86_64.run\n
\u5b89\u88c5\u5230\u6307\u5b9a\u8def\u5f84\u4e0b\uff0c\u4f9d\u6b21\u6267\u884c\u4ee5\u4e0b\u4e24\u6761\u547d\u4ee4\uff0c\u53c2\u6570\u4e3a\u6307\u5b9a\u7684\u5b89\u88c5\u8def\u5f84:
chmod u+x Ascend-docker-runtime_5.0.RC2_linux-x86_64.run \n./Ascend-docker-runtime_{version}_linux-{arch}.run --install --install-path=<path>\n
\u4fee\u6539 containerd \u914d\u7f6e\u6587\u4ef6
containerd \u65e0\u9ed8\u8ba4\u914d\u7f6e\u6587\u4ef6\u65f6\uff0c\u4f9d\u6b21\u6267\u884c\u4ee5\u4e0b3\u6761\u547d\u4ee4\uff0c\u521b\u5efa\u914d\u7f6e\u6587\u4ef6\uff1a
mkdir /etc/containerd \ncontainerd config default > /etc/containerd/config.toml \nvim /etc/containerd/config.toml\n
containerd \u6709\u914d\u7f6e\u6587\u4ef6\u65f6\uff1a
vim /etc/containerd/config.toml\n
\u6839\u636e\u5b9e\u9645\u60c5\u51b5\u4fee\u6539 runtime \u7684\u5b89\u88c5\u8def\u5f84\uff0c\u4e3b\u8981\u4fee\u6539 runtime \u5b57\u6bb5\uff1a
... \n[plugins.\"io.containerd.monitor.v1.cgroups\"]\n no_prometheus = false \n[plugins.\"io.containerd.runtime.v1.linux\"]\n shim = \"containerd-shim\"\n runtime = \"/usr/local/Ascend/Ascend-Docker-Runtime/ascend-docker-runtime\"\n runtime_root = \"\"\n no_shim = false\n shim_debug = false\n [plugins.\"io.containerd.runtime.v2.task\"]\n platforms = [\"linux/amd64\"]\n...\n
\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\uff0c\u91cd\u542f containerd\uff1a
systemctl restart containerd\n
\u5728\u5bf9\u5e94\u7ec4\u4ef6\u5b89\u88c5\u7684\u8282\u70b9\u4e0a\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u521b\u5efa\u7528\u6237\u3002
# Ubuntu \u64cd\u4f5c\u7cfb\u7edf\nuseradd -d /home/hwMindX -u 9000 -m -s /usr/sbin/nologin hwMindX\nusermod -a -G HwHiAiUser hwMindX\n# Centos \u64cd\u4f5c\u7cfb\u7edf\nuseradd -d /home/hwMindX -u 9000 -m -s /sbin/nologin hwMindX\nusermod -a -G HwHiAiUser hwMindX\n
"},{"location":"admin/kpanda/gpu/ascend/ascend_driver_install.html#_5","title":"\u65e5\u5fd7\u76ee\u5f55\u521b\u5efa","text":"\u5728\u5bf9\u5e94\u8282\u70b9\u521b\u5efa\u7ec4\u4ef6\u65e5\u5fd7\u7236\u76ee\u5f55\u548c\u5404\u7ec4\u4ef6\u7684\u65e5\u5fd7\u76ee\u5f55\uff0c\u5e76\u8bbe\u7f6e\u76ee\u5f55\u5bf9\u5e94\u5c5e\u4e3b\u548c\u6743\u9650\u3002\u6267\u884c\u4e0b\u8ff0\u547d\u4ee4\uff0c\u521b\u5efa\u7ec4\u4ef6\u65e5\u5fd7\u7236\u76ee\u5f55\u3002
mkdir -m 755 /var/log/mindx-dl\nchown root:root /var/log/mindx-dl\n
\u6267\u884c\u4e0b\u8ff0\u547d\u4ee4\uff0c\u521b\u5efa Device Plugin \u7ec4\u4ef6\u65e5\u5fd7\u76ee\u5f55\u3002
mkdir -m 750 /var/log/mindx-dl/devicePlugin\nchown root:root /var/log/mindx-dl/devicePlugin\n
Note
\u8bf7\u5206\u522b\u4e3a\u6240\u9700\u7ec4\u4ef6\u521b\u5efa\u5bf9\u5e94\u7684\u65e5\u5fd7\u76ee\u5f55\uff0c\u5f53\u524d\u6848\u4f8b\u4e2d\u53ea\u9700\u8981 Device Plugin \u7ec4\u4ef6\u3002 \u5982\u679c\u6709\u5176\u4ed6\u7ec4\u4ef6\u9700\u6c42\u8bf7\u53c2\u8003\u5b98\u65b9\u6587\u6863
"},{"location":"admin/kpanda/gpu/ascend/ascend_driver_install.html#label","title":"\u521b\u5efa\u8282\u70b9 Label","text":"\u53c2\u8003\u4e0b\u8ff0\u547d\u4ee4\u5728\u5bf9\u5e94\u8282\u70b9\u4e0a\u521b\u5efa Label\uff1a
# \u5728\u5b89\u88c5\u4e86\u9a71\u52a8\u7684\u8ba1\u7b97\u8282\u70b9\u521b\u5efa\u6b64\u6807\u7b7e\nkubectl label node {nodename} huawei.com.ascend/Driver=installed\nkubectl label node {nodename} node-role.kubernetes.io/worker=worker\nkubectl label node {nodename} workerselector=dls-worker-node\nkubectl label node {nodename} host-arch=huawei-arm //\u6216\u8005host-arch=huawei-x86 \uff0c\u6839\u636e\u5b9e\u9645\u60c5\u51b5\u9009\u62e9\nkubectl label node {nodename} accelerator=huawei-Ascend910 //\u6839\u636e\u5b9e\u9645\u60c5\u51b5\u8fdb\u884c\u9009\u62e9\n# \u5728\u63a7\u5236\u8282\u70b9\u521b\u5efa\u6b64\u6807\u7b7e\nkubectl label node {nodename} masterselector=dls-master-node\n
"},{"location":"admin/kpanda/gpu/ascend/ascend_driver_install.html#device-plugin-npuexporter","title":"\u5b89\u88c5 Device Plugin \u548c NpuExporter","text":"\u529f\u80fd\u6a21\u5757\u8def\u5f84\uff1a \u5bb9\u5668\u7ba1\u7406 -> \u96c6\u7fa4\u7ba1\u7406 \uff0c\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u4ece\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb Helm \u5e94\u7528 -> Helm \u6a21\u677f -> \u641c\u7d22 ascend-mindxdl \u3002
\u5b89\u88c5\u6210\u529f\u540e\uff0c\u5bf9\u5e94\u547d\u540d\u7a7a\u95f4\u4e0b\u4f1a\u51fa\u73b0\u4e24\u4e2a\u7ec4\u4ef6\uff0c\u5982\u4e0b\u56fe\uff1a
\u540c\u65f6\u8282\u70b9\u4fe1\u606f\u4e0a\u4e5f\u4f1a\u51fa\u73b0\u5bf9\u5e94 NPU \u7684\u4fe1\u606f\uff1a
\u4e00\u5207\u5c31\u7eea\u540e\uff0c\u6211\u4eec\u901a\u8fc7\u9875\u9762\u521b\u5efa\u5de5\u4f5c\u8d1f\u8f7d\u65f6\uff0c\u5c31\u80fd\u591f\u9009\u62e9\u5230\u5bf9\u5e94\u7684 NPU \u8bbe\u5907\uff0c\u5982\u4e0b\u56fe\uff1a
Note
\u6709\u5173\u8be6\u7ec6\u4f7f\u7528\u6b65\u9aa4\uff0c\u8bf7\u53c2\u7167\u5e94\u7528\u4f7f\u7528\u6607\u817e\uff08Ascend\uff09NPU\u3002
"},{"location":"admin/kpanda/gpu/ascend/ascend_usage.html","title":"\u5e94\u7528\u4f7f\u7528\u6607\u817e\uff08Ascend\uff09NPU","text":"\u672c\u8282\u4ecb\u7ecd\u5982\u4f55\u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4f7f\u7528\u6607\u817e GPU\u3002
"},{"location":"admin/kpanda/gpu/ascend/ascend_usage.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u8bf7\u53c2\u8003\u6607\u817e NPU \u7ec4\u4ef6\u5b89\u88c5\u6587\u6863\u5b89\u88c5\u57fa\u7840\u73af\u5883\u3002
"},{"location":"admin/kpanda/gpu/ascend/ascend_usage.html#_2","title":"\u5feb\u901f\u4f7f\u7528","text":"\u672c\u6587\u4f7f\u7528\u6607\u817e\u793a\u4f8b\u5e93\u4e2d\u7684 AscentCL \u56fe\u7247\u5206\u7c7b\u5e94\u7528\u793a\u4f8b\u3002
\u4e0b\u8f7d\u6607\u817e\u4ee3\u7801\u5e93
\u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\u4e0b\u8f7d\u6607\u817e Demo \u793a\u4f8b\u4ee3\u7801\u5e93\uff0c\u5e76\u4e14\u8bf7\u8bb0\u4f4f\u4ee3\u7801\u5b58\u653e\u7684\u4f4d\u7f6e\uff0c\u540e\u7eed\u9700\u8981\u4f7f\u7528\u3002
git clone https://gitee.com/ascend/samples.git\n
\u51c6\u5907\u57fa\u7840\u955c\u50cf
\u6b64\u4f8b\u4f7f\u7528 Ascent-pytorch \u57fa\u7840\u955c\u50cf\uff0c\u53ef\u8bbf\u95ee\u6607\u817e\u955c\u50cf\u4ed3\u5e93\u83b7\u53d6\u3002
\u51c6\u5907 YAML
ascend-demo.yamlapiVersion: batch/v1\nkind: Job\nmetadata:\n name: resnetinfer1-1-1usoc\nspec:\n template:\n spec:\n containers:\n - image: ascendhub.huawei.com/public-ascendhub/ascend-pytorch:23.0.RC2-ubuntu18.04 # Inference image name\n imagePullPolicy: IfNotPresent\n name: resnet50infer\n securityContext:\n runAsUser: 0\n command:\n - \"/bin/bash\"\n - \"-c\"\n - |\n source /usr/local/Ascend/ascend-toolkit/set_env.sh &&\n TEMP_DIR=/root/samples_copy_$(date '+%Y%m%d_%H%M%S_%N') &&\n cp -r /root/samples \"$TEMP_DIR\" &&\n cd \"$TEMP_DIR\"/inference/modelInference/sampleResnetQuickStart/python/model &&\n wget https://obs-9be7.obs.cn-east-2.myhuaweicloud.com/003_Atc_Models/resnet50/resnet50.onnx &&\n atc --model=resnet50.onnx --framework=5 --output=resnet50 --input_shape=\"actual_input_1:1,3,224,224\" --soc_version=Ascend910 &&\n cd ../data &&\n wget https://obs-9be7.obs.cn-east-2.myhuaweicloud.com/models/aclsample/dog1_1024_683.jpg &&\n cd ../scripts &&\n bash sample_run.sh\n resources:\n requests:\n huawei.com/Ascend910: 1 # Number of the Ascend 910 Processors\n limits:\n huawei.com/Ascend910: 1 # The value should be the same as that of requests\n volumeMounts:\n - name: hiai-driver\n mountPath: /usr/local/Ascend/driver\n readOnly: true\n - name: slog\n mountPath: /var/log/npu/conf/slog/slog.conf\n - name: localtime # The container time must be the same as the host time\n mountPath: /etc/localtime\n - name: dmp\n mountPath: /var/dmp_daemon\n - name: slogd\n mountPath: /var/slogd\n - name: hbasic\n mountPath: /etc/hdcBasic.cfg\n - name: sys-version\n mountPath: /etc/sys_version.conf\n - name: aicpu\n mountPath: /usr/lib64/aicpu_kernels\n - name: tfso\n mountPath: /usr/lib64/libtensorflow.so\n - name: sample-path\n mountPath: /root/samples\n volumes:\n - name: hiai-driver\n hostPath:\n path: /usr/local/Ascend/driver\n - name: slog\n hostPath:\n path: /var/log/npu/conf/slog/slog.conf\n - name: localtime\n hostPath:\n path: /etc/localtime\n - name: dmp\n hostPath:\n path: /var/dmp_daemon\n - name: slogd\n hostPath:\n path: /var/slogd\n - name: hbasic\n hostPath:\n path: /etc/hdcBasic.cfg\n - name: sys-version\n hostPath:\n path: /etc/sys_version.conf\n - name: aicpu\n hostPath:\n path: /usr/lib64/aicpu_kernels\n - name: tfso\n hostPath:\n path: /usr/lib64/libtensorflow.so\n - name: sample-path\n hostPath:\n path: /root/samples\n restartPolicy: OnFailure\n
\u4ee5\u4e0a YAML \u4e2d\u6709\u4e00\u4e9b\u5b57\u6bb5\u9700\u8981\u6839\u636e\u5b9e\u9645\u60c5\u51b5\u8fdb\u884c\u4fee\u6539\uff1a
\u90e8\u7f72 Job \u5e76\u67e5\u770b\u7ed3\u679c
\u4f7f\u7528\u5982\u4e0b\u547d\u4ee4\u521b\u5efa Job\uff1a
kubectl apply -f ascend-demo.yaml\n
\u67e5\u770b Pod \u8fd0\u884c\u72b6\u6001\uff1a
Pod \u6210\u529f\u8fd0\u884c\u540e\uff0c\u67e5\u770b\u65e5\u5fd7\u7ed3\u679c\u3002\u5728\u5c4f\u5e55\u4e0a\u7684\u5173\u952e\u63d0\u793a\u4fe1\u606f\u793a\u4f8b\u5982\u4e0b\u56fe\uff0c\u63d0\u793a\u4fe1\u606f\u4e2d\u7684 Label \u8868\u793a\u7c7b\u522b\u6807\u8bc6\uff0c Conf \u8868\u793a\u8be5\u5206\u7c7b\u7684\u6700\u5927\u7f6e\u4fe1\u5ea6\uff0cClass \u8868\u793a\u6240\u5c5e\u7c7b\u522b\u3002\u8fd9\u4e9b\u503c\u53ef\u80fd\u4f1a\u6839\u636e\u7248\u672c\u3001\u73af\u5883\u6709\u6240\u4e0d\u540c\uff0c\u8bf7\u4ee5\u5b9e\u9645\u60c5\u51b5\u4e3a\u51c6\uff1a
\u7ed3\u679c\u56fe\u7247\u5c55\u793a\uff1a
\u786e\u8ba4\u96c6\u7fa4\u662f\u5426\u5df2\u68c0\u6d4b GPU \u5361\u3002\u70b9\u51fb\u5bf9\u5e94 \u96c6\u7fa4 -> \u96c6\u7fa4\u8bbe\u7f6e -> Addon \u63d2\u4ef6 \uff0c\u67e5\u770b\u662f\u5426\u5df2\u81ea\u52a8\u542f\u7528\u5e76\u81ea\u52a8\u68c0\u6d4b\u5bf9\u5e94 GPU \u7c7b\u578b\u3002 \u76ee\u524d\u96c6\u7fa4\u4f1a\u81ea\u52a8\u542f\u7528 GPU \uff0c\u5e76\u4e14\u8bbe\u7f6e GPU \u7c7b\u578b\u4e3a Ascend \u3002
\u90e8\u7f72\u5de5\u4f5c\u8d1f\u8f7d\uff0c\u70b9\u51fb\u5bf9\u5e94 \u96c6\u7fa4 -> \u5de5\u4f5c\u8d1f\u8f7d \uff0c\u901a\u8fc7\u955c\u50cf\u65b9\u5f0f\u90e8\u7f72\u5de5\u4f5c\u8d1f\u8f7d\uff0c\u9009\u62e9\u7c7b\u578b\uff08Ascend\uff09\u4e4b\u540e\uff0c\u9700\u8981\u914d\u7f6e\u5e94\u7528\u4f7f\u7528\u7684\u7269\u7406\u5361\u6570\u91cf\uff1a
\u7269\u7406\u5361\u6570\u91cf\uff08huawei.com/Ascend910\uff09 \uff1a\u8868\u793a\u5f53\u524d Pod \u9700\u8981\u6302\u8f7d\u51e0\u5f20\u7269\u7406\u5361\uff0c\u8f93\u5165\u503c\u5fc5\u987b\u4e3a\u6574\u6570\u4e14**\u5c0f\u4e8e\u7b49\u4e8e**\u5bbf\u4e3b\u673a\u4e0a\u7684\u5361\u6570\u91cf\u3002
\u5982\u679c\u4e0a\u8ff0\u503c\u914d\u7f6e\u7684\u6709\u95ee\u9898\u5219\u4f1a\u51fa\u73b0\u8c03\u5ea6\u5931\u8d25\uff0c\u8d44\u6e90\u5206\u914d\u4e0d\u4e86\u7684\u60c5\u51b5\u3002
\u6607\u817e\u865a\u62df\u5316\u5206\u4e3a\u52a8\u6001\u865a\u62df\u5316\u548c\u9759\u6001\u865a\u62df\u5316\uff0c\u672c\u6587\u4ecb\u7ecd\u5982\u4f55\u5f00\u542f\u5e76\u4f7f\u7528\u6607\u817e\u9759\u6001\u865a\u62df\u5316\u80fd\u529b\u3002
"},{"location":"admin/kpanda/gpu/ascend/vnpu.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u652f\u6301\u7684 NPU \u5361\u578b\u53f7\uff1a
\u66f4\u591a\u7ec6\u8282\u53c2\u9605\u5b98\u65b9\u865a\u62df\u5316\u786c\u4ef6\u8bf4\u660e\u3002
\u8bf7\u53c2\u8003\u6607\u817e NPU \u7ec4\u4ef6\u5b89\u88c5\u6587\u6863\u5b89\u88c5\u57fa\u7840\u73af\u5883\u3002
"},{"location":"admin/kpanda/gpu/ascend/vnpu.html#_3","title":"\u5f00\u542f\u865a\u62df\u5316\u80fd\u529b","text":"\u5f00\u542f\u865a\u62df\u5316\u80fd\u529b\u9700\u8981\u624b\u52a8\u4fee\u6539\u00a0ascend-device-plugin-daemonset \u7ec4\u4ef6\u7684\u542f\u52a8\u53c2\u6570\uff0c\u53c2\u8003\u4e0b\u8ff0\u547d\u4ee4\uff1a
- device-plugin -useAscendDocker=true -volcanoType=false -presetVirtualDevice=true\n- logFile=/var/log/mindx-dl/devicePlugin/devicePlugin.log -logLevel=0\n
"},{"location":"admin/kpanda/gpu/ascend/vnpu.html#vnpu","title":"\u5207\u5206 VNPU \u5b9e\u4f8b","text":"\u9759\u6001\u865a\u62df\u5316\u9700\u8981\u624b\u52a8\u5bf9 VNPU \u5b9e\u4f8b\u7684\u5207\u5206\uff0c\u8bf7\u53c2\u8003\u4e0b\u8ff0\u547d\u4ee4\uff1a
npu-smi set -t create-vnpu -i 13 -c 0 -f vir02\n
i
\u6307\u7684\u662f card idc
\u6307\u7684\u662f chip idvir02
\u6307\u7684\u662f\u5207\u5206\u89c4\u683c\u6a21\u677f\u5173\u4e8e card id \u548c chip id\uff0c\u53ef\u4ee5\u901a\u8fc7 npu-smi info \u67e5\u8be2\uff0c\u5207\u5206\u89c4\u683c\u53ef\u901a\u8fc7 ascend \u5b98\u65b9\u6a21\u677f\u8fdb\u884c\u67e5\u8be2\u3002
\u5207\u5206\u5b9e\u4f8b\u8fc7\u540e\u53ef\u901a\u8fc7\u4e0b\u8ff0\u547d\u4ee4\u67e5\u8be2\u5207\u5206\u7ed3\u679c\uff1a
npu-smi info -t info-vnpu -i 13 -c 0\n
\u67e5\u8be2\u7ed3\u679c\u5982\u4e0b\uff1a
"},{"location":"admin/kpanda/gpu/ascend/vnpu.html#ascend-device-plugin-daemonset","title":"\u91cd\u542f\u00a0ascend-device-plugin-daemonset","text":"\u5207\u5206\u5b9e\u4f8b\u540e\u624b\u52a8\u91cd\u542f device-plugin pod\uff0c\u7136\u540e\u4f7f\u7528 kubectl describe
\u547d\u4ee4\u67e5\u770b\u5df2\u6ce8\u518c node \u7684\u8d44\u6e90\uff1a
kubectl describe node {{nodename}}\n
"},{"location":"admin/kpanda/gpu/ascend/vnpu.html#_4","title":"\u5982\u4f55\u4f7f\u7528\u8bbe\u5907","text":"\u5728\u521b\u5efa\u5e94\u7528\u65f6\uff0c\u6307\u5b9a\u8d44\u6e90 key\uff0c\u53c2\u8003\u4e0b\u8ff0 YAML\uff1a
......\nresources:\n requests:\n huawei.com/Ascend310P-2c: 1\n limits:\n huawei.com/Ascend310P-2c: 1\n......\n
"},{"location":"admin/kpanda/gpu/metax/usemetax.html","title":"\u6c90\u66e6 GPU \u7ec4\u4ef6\u5b89\u88c5\u4e0e\u4f7f\u7528","text":"\u672c\u7ae0\u8282\u63d0\u4f9b\u6c90\u66e6 gpu-extensions\u3001gpu-operator \u7b49\u7ec4\u4ef6\u7684\u5b89\u88c5\u6307\u5bfc\u548c\u6c90\u66e6 GPU \u6574\u5361\u548c vGPU \u4e24\u79cd\u6a21\u5f0f\u7684\u4f7f\u7528\u65b9\u6cd5\u3002
"},{"location":"admin/kpanda/gpu/metax/usemetax.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"Metax \u63d0\u4f9b\u4e86\u4e24\u4e2a helm-chart \u5305\uff0c\u4e00\u4e2a\u662f metax-extensions\uff0c\u4e00\u4e2a\u662f gpu-operator\uff0c\u6839\u636e\u4f7f\u7528\u573a\u666f\u53ef\u9009\u62e9\u5b89\u88c5\u4e0d\u540c\u7684\u7ec4\u4ef6\u3002
\u4ece /home/metax/metax-docs/k8s/metax-gpu-k8s-package.0.7.10.tar.gz
\u6587\u4ef6\u4e2d\u89e3\u538b\u51fa
\u67e5\u770b\u7cfb\u7edf\u662f\u5426\u5b89\u88c5\u9a71\u52a8
$ lsmod | grep metax \nmetax 1605632 0 \nttm 86016 3 drm_vram_helper,metax,drm_ttm_helper \ndrm 618496 7 drm_kms_helper,drm_vram_helper,ast,metax,drm_ttm_helper,ttm\n
\u5b89\u88c5\u9a71\u52a8
\u63a8\u9001\u955c\u50cf
tar -xf metax-gpu-k8s-package.0.7.10.tar.gz\n./metax-k8s-images.0.7.10.run push {registry}/metax\n
\u63a8\u9001 Helm Chart
helm plugin install https://github.com/chartmuseum/helm-push\nhelm repo add --username rootuser --password rootpass123 metax http://172.16.16.5:8081\nhelm cm-push metax-operator-0.7.10.tgz metax\nhelm cm-push metax-gpu-extensions-0.7.10.tgz metax\n
\u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4e0a\u5b89\u88c5 metax-gpu-extensions
\u90e8\u7f72\u6210\u529f\u4e4b\u540e\uff0c\u53ef\u4ee5\u5728\u8282\u70b9\u4e0a\u67e5\u770b\u5230\u8d44\u6e90\u3002
\u4fee\u6539\u6210\u529f\u4e4b\u540e\u5c31\u53ef\u4ee5\u5728\u8282\u70b9\u4e0a\u770b\u5230\u5e26\u6709 Metax GPU
\u7684\u6807\u7b7e
\u5b89\u88c5 gpu-opeartor
\u65f6\u7684\u5df2\u77e5\u95ee\u9898\uff1a
metax-operator
\u3001gpu-label
\u3001gpu-device
\u3001container-runtime
\u8fd9\u51e0\u4e2a\u7ec4\u4ef6\u955c\u50cf\u8981\u5e26\u6709 amd64
\u540e\u7f00\u3002
metax-maca
\u7ec4\u4ef6\u7684\u955c\u50cf\u4e0d\u5728 metax-k8s-images.0.7.13.run
\u5305\u91cc\u9762\uff0c\u9700\u8981\u5355\u72ec\u4e0b\u8f7d maca-mxc500-2.23.0.23-ubuntu20.04-x86_64.tar.xz
\u8fd9\u7c7b\u955c\u50cf\uff0cload
\u4e4b\u540e\u91cd\u65b0\u4fee\u6539 metax-maca
\u7ec4\u4ef6\u7684\u955c\u50cf\u3002
metax-driver
\u7ec4\u4ef6\u7684\u955c\u50cf\u9700\u8981\u4ece https://pub-docstore.metax-tech.com:7001
\u8fd9\u4e2a\u7f51\u7ad9\u4e0b\u8f7d k8s-driver-image.2.23.0.25.run
\u6587\u4ef6\uff0c\u7136\u540e\u6267\u884c k8s-driver-image.2.23.0.25.run push {registry}/metax
\u547d\u4ee4\u628a\u955c\u50cf\u63a8\u9001\u5230\u955c\u50cf\u4ed3\u5e93\u3002\u63a8\u9001\u4e4b\u540e\u4fee\u6539 metax-driver
\u7ec4\u4ef6\u7684\u955c\u50cf\u5730\u5740\u3002
\u5b89\u88c5\u540e\u53ef\u5728\u5de5\u4f5c\u8d1f\u8f7d\u4e2d\u4f7f\u7528\u6c90\u66e6 GPU\u3002\u6ce8\u610f\u542f\u7528 GPU \u540e\uff0c\u9700\u9009\u62e9GPU\u7c7b\u578b\u4e3a Metax GPU
\u8fdb\u5165\u5bb9\u5668\uff0c\u6267\u884c mx-smi \u53ef\u67e5\u770b GPU \u7684\u4f7f\u7528\u60c5\u51b5.
"},{"location":"admin/kpanda/gpu/mlu/use-mlu.html","title":"\u4f7f\u7528\u5bd2\u6b66\u7eaa GPU","text":"\u672c\u6587\u4ecb\u7ecd\u5982\u4f55\u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4e2d\u4f7f\u7528\u5bd2\u6b66\u7eaa GPU\u3002
"},{"location":"admin/kpanda/gpu/mlu/use-mlu.html#_1","title":"\u524d\u7f6e\u6761\u4ef6","text":"\u5728\u5b89\u88c5 DevicePlugin \u65f6\u8bf7\u5173\u95ed --enable-device-type \u53c2\u6570\uff0c\u5426\u5219\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u5c06\u65e0\u6cd5\u6b63\u786e\u8bc6\u522b\u5bd2\u6b66\u7eaa GPU\u3002
"},{"location":"admin/kpanda/gpu/mlu/use-mlu.html#gpu_1","title":"\u5bd2\u6b66\u7eaa GPU \u6a21\u5f0f\u4ecb\u7ecd","text":"\u5bd2\u6b66\u7eaa GPU \u6709\u4ee5\u4e0b\u51e0\u79cd\u6a21\u5f0f\uff1a
\u8fd9\u91cc\u4ee5 Dynamic smlu \u6a21\u5f0f\u4e3a\u4f8b\uff1a
\u5728\u6b63\u786e\u5b89\u88c5 DevicePlugin \u7b49\u7ec4\u4ef6\u540e\uff0c\u70b9\u51fb\u5bf9\u5e94 \u96c6\u7fa4 -> \u96c6\u7fa4\u8fd0\u7ef4-> \u96c6\u7fa4\u8bbe\u7f6e -> Addon \u63d2\u4ef6 \uff0c\u67e5\u770b\u662f\u5426\u5df2\u81ea\u52a8\u542f\u7528\u5e76\u81ea\u52a8\u68c0\u6d4b\u5bf9\u5e94 GPU \u7c7b\u578b\u3002
\u70b9\u51fb\u8282\u70b9\u7ba1\u7406\u9875\u9762\uff0c\u67e5\u770b\u8282\u70b9\u662f\u5426\u5df2\u7ecf\u6b63\u786e\u8bc6\u522b\u5230\u5bf9\u5e94\u7684GPU\u7c7b\u578b\u3002
\u90e8\u7f72\u5de5\u4f5c\u8d1f\u8f7d\u3002\u70b9\u51fb\u5bf9\u5e94 \u96c6\u7fa4 -> \u5de5\u4f5c\u8d1f\u8f7d \uff0c\u901a\u8fc7\u955c\u50cf\u65b9\u5f0f\u90e8\u7f72\u5de5\u4f5c\u8d1f\u8f7d\uff0c\u9009\u62e9\u7c7b\u578b\uff08MLU VGPU\uff09\u4e4b\u540e\uff0c\u9700\u8981\u914d\u7f6e App \u4f7f\u7528\u7684 GPU \u8d44\u6e90\uff1a
\u53c2\u8003 YAML \u6587\u4ef6\u5982\u4e0b\uff1a
apiVersion: v1 \nkind: Pod \nmetadata: \n name: pod1 \nspec: \n restartPolicy: OnFailure \n containers: \n - image: ubuntu:16.04 \n name: pod1-ctr \n command: [\"sleep\"] \n args: [\"100000\"] \n resources: \n limits: \n cambricon.com/mlu: \"1\" # use this when device type is not enabled, else delete this line. \n #cambricon.com/mlu: \"1\" #uncomment to use when device type is enabled \n #cambricon.com/mlu.share: \"1\" #uncomment to use device with env-share mode \n #cambricon.com/mlu.mim-2m.8gb: \"1\" #uncomment to use device with mim mode \n #cambricon.com/mlu.smlu.vcore: \"100\" #uncomment to use device with mim mode \n #cambricon.com/mlu.smlu.vmemory: \"1024\" #uncomment to use device with mim mode\n
"},{"location":"admin/kpanda/gpu/nvidia/index.html","title":"NVIDIA GPU \u5361\u4f7f\u7528\u6a21\u5f0f","text":"NVIDIA \u4f5c\u4e3a\u4e1a\u5185\u77e5\u540d\u7684\u56fe\u5f62\u8ba1\u7b97\u4f9b\u5e94\u5546\uff0c\u4e3a\u7b97\u529b\u7684\u63d0\u5347\u63d0\u4f9b\u4e86\u8bf8\u591a\u8f6f\u786c\u4ef6\u89e3\u51b3\u65b9\u6848\uff0c\u5176\u4e2d NVIDIA \u5728 GPU \u7684\u4f7f\u7528\u65b9\u5f0f\u4e0a\u63d0\u4f9b\u4e86\u5982\u4e0b\u4e09\u79cd\u89e3\u51b3\u65b9\u6848\uff1a
"},{"location":"admin/kpanda/gpu/nvidia/index.html#full-gpu","title":"\u6574\u5361\uff08Full GPU\uff09","text":"\u6574\u5361\u662f\u6307\u5c06\u6574\u4e2a NVIDIA GPU \u5206\u914d\u7ed9\u5355\u4e2a\u7528\u6237\u6216\u5e94\u7528\u7a0b\u5e8f\u3002\u5728\u8fd9\u79cd\u914d\u7f6e\u4e0b\uff0c\u5e94\u7528\u53ef\u4ee5\u5b8c\u5168\u5360\u7528 GPU \u7684\u6240\u6709\u8d44\u6e90\uff0c \u5e76\u83b7\u5f97\u6700\u5927\u7684\u8ba1\u7b97\u6027\u80fd\u3002\u6574\u5361\u9002\u7528\u4e8e\u9700\u8981\u5927\u91cf\u8ba1\u7b97\u8d44\u6e90\u548c\u5185\u5b58\u7684\u5de5\u4f5c\u8d1f\u8f7d\uff0c\u5982\u6df1\u5ea6\u5b66\u4e60\u8bad\u7ec3\u3001\u79d1\u5b66\u8ba1\u7b97\u7b49\u3002
"},{"location":"admin/kpanda/gpu/nvidia/index.html#vgpuvirtual-gpu","title":"vGPU\uff08Virtual GPU\uff09","text":"vGPU \u662f\u4e00\u79cd\u865a\u62df\u5316\u6280\u672f\uff0c\u5141\u8bb8\u5c06\u4e00\u4e2a\u7269\u7406 GPU \u5212\u5206\u4e3a\u591a\u4e2a\u865a\u62df GPU\uff0c\u6bcf\u4e2a\u865a\u62df GPU \u5206\u914d\u7ed9\u4e0d\u540c\u7684\u4e91\u4e3b\u673a\u6216\u7528\u6237\u3002 vGPU \u4f7f\u591a\u4e2a\u7528\u6237\u53ef\u4ee5\u5171\u4eab\u540c\u4e00\u53f0\u7269\u7406 GPU\uff0c\u5e76\u5728\u5404\u81ea\u7684\u865a\u62df\u73af\u5883\u4e2d\u72ec\u7acb\u4f7f\u7528 GPU \u8d44\u6e90\u3002 \u6bcf\u4e2a\u865a\u62df GPU \u53ef\u4ee5\u83b7\u5f97\u4e00\u5b9a\u7684\u8ba1\u7b97\u80fd\u529b\u548c\u663e\u5b58\u5bb9\u91cf\u3002vGPU \u9002\u7528\u4e8e\u865a\u62df\u5316\u73af\u5883\u548c\u4e91\u8ba1\u7b97\u573a\u666f\uff0c\u53ef\u4ee5\u63d0\u4f9b\u66f4\u9ad8\u7684\u8d44\u6e90\u5229\u7528\u7387\u548c\u7075\u6d3b\u6027\u3002
"},{"location":"admin/kpanda/gpu/nvidia/index.html#migmulti-instance-gpu","title":"MIG\uff08Multi-Instance GPU\uff09","text":"MIG \u662f NVIDIA Ampere \u67b6\u6784\u5f15\u5165\u7684\u4e00\u9879\u529f\u80fd\uff0c\u5b83\u5141\u8bb8\u5c06\u4e00\u4e2a\u7269\u7406 GPU \u5212\u5206\u4e3a\u591a\u4e2a\u7269\u7406 GPU \u5b9e\u4f8b\uff0c\u6bcf\u4e2a\u5b9e\u4f8b\u53ef\u4ee5\u72ec\u7acb\u5206\u914d\u7ed9\u4e0d\u540c\u7684\u7528\u6237\u6216\u5de5\u4f5c\u8d1f\u8f7d\u3002 \u6bcf\u4e2a MIG \u5b9e\u4f8b\u5177\u6709\u81ea\u5df1\u7684\u8ba1\u7b97\u8d44\u6e90\u3001\u663e\u5b58\u548c PCIe \u5e26\u5bbd\uff0c\u5c31\u50cf\u4e00\u4e2a\u72ec\u7acb\u7684\u865a\u62df GPU\u3002 MIG \u63d0\u4f9b\u4e86\u66f4\u7ec6\u7c92\u5ea6\u7684 GPU \u8d44\u6e90\u5206\u914d\u548c\u7ba1\u7406\uff0c\u53ef\u4ee5\u6839\u636e\u9700\u6c42\u52a8\u6001\u8c03\u6574\u5b9e\u4f8b\u7684\u6570\u91cf\u548c\u5927\u5c0f\u3002 MIG \u9002\u7528\u4e8e\u591a\u79df\u6237\u73af\u5883\u3001\u5bb9\u5668\u5316\u5e94\u7528\u7a0b\u5e8f\u548c\u6279\u5904\u7406\u4f5c\u4e1a\u7b49\u573a\u666f\u3002
\u65e0\u8bba\u662f\u5728\u865a\u62df\u5316\u73af\u5883\u4e2d\u4f7f\u7528 vGPU\uff0c\u8fd8\u662f\u5728\u7269\u7406 GPU \u4e0a\u4f7f\u7528 MIG\uff0cNVIDIA \u4e3a\u7528\u6237\u63d0\u4f9b\u4e86\u66f4\u591a\u7684\u9009\u62e9\u548c\u4f18\u5316 GPU \u8d44\u6e90\u7684\u65b9\u5f0f\u3002 \u7b97\u4e30 AI \u7b97\u529b\u5bb9\u5668\u7ba1\u7406\u5e73\u53f0\u5168\u9762\u517c\u5bb9\u4e86\u4e0a\u8ff0 NVIDIA \u7684\u80fd\u529b\u7279\u6027\uff0c\u7528\u6237\u53ea\u9700\u901a\u8fc7\u7b80\u5355\u7684\u754c\u9762\u64cd\u4f5c\uff0c\u5c31\u80fd\u591f\u83b7\u5f97\u5168\u90e8 NVIDIA GPU \u7684\u8ba1\u7b97\u80fd\u529b\uff0c\u4ece\u800c\u63d0\u9ad8\u8d44\u6e90\u5229\u7528\u7387\u5e76\u964d\u4f4e\u6210\u672c\u3002
\u5f00\u542f\u914d\u7f6e\u8be6\u60c5\u53c2\u8003 GPU Operator \u79bb\u7ebf\u5b89\u88c5\u3002
"},{"location":"admin/kpanda/gpu/nvidia/index.html#_1","title":"\u5982\u4f55\u4f7f\u7528","text":"\u60a8\u53ef\u4ee5\u53c2\u8003\u4ee5\u4e0b\u94fe\u63a5\uff0c\u5feb\u901f\u4f7f\u7528\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u5173\u4e8e NVIDIA GPU \u5361\u7684\u7ba1\u7406\u80fd\u529b\u3002
\u672c\u8282\u4ecb\u7ecd\u5982\u4f55\u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u5c06\u6574\u4e2a NVIDIA GPU \u5361\u5206\u914d\u7ed9\u5355\u4e2a\u5e94\u7528\u3002
"},{"location":"admin/kpanda/gpu/nvidia/full_gpu_userguide.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u786e\u8ba4\u96c6\u7fa4\u662f\u5426\u5df2\u68c0\u6d4b GPU \u5361\u3002\u70b9\u51fb\u5bf9\u5e94 \u96c6\u7fa4 -> \u96c6\u7fa4\u8bbe\u7f6e -> Addon \u63d2\u4ef6 \uff0c\u67e5\u770b\u662f\u5426\u5df2\u81ea\u52a8\u542f\u7528\u5e76\u81ea\u52a8\u68c0\u6d4b\u5bf9\u5e94 GPU \u7c7b\u578b\u3002 \u76ee\u524d\u96c6\u7fa4\u4f1a\u81ea\u52a8\u542f\u7528 GPU \uff0c\u5e76\u4e14\u8bbe\u7f6e GPU \u7c7b\u578b\u4e3a Nvidia GPU \u3002
\u90e8\u7f72\u5de5\u4f5c\u8d1f\u8f7d\uff0c\u70b9\u51fb\u5bf9\u5e94 \u96c6\u7fa4 -> \u5de5\u4f5c\u8d1f\u8f7d \uff0c\u901a\u8fc7\u955c\u50cf\u65b9\u5f0f\u90e8\u7f72\u5de5\u4f5c\u8d1f\u8f7d\uff0c\u9009\u62e9\u7c7b\u578b\uff08Nvidia GPU\uff09\u4e4b\u540e\uff0c\u9700\u8981\u914d\u7f6e\u5e94\u7528\u4f7f\u7528\u7684\u7269\u7406\u5361\u6570\u91cf\uff1a
\u7269\u7406\u5361\u6570\u91cf\uff08nvidia.com/gpu\uff09 \uff1a\u8868\u793a\u5f53\u524d Pod \u9700\u8981\u6302\u8f7d\u51e0\u5f20\u7269\u7406\u5361\uff0c\u8f93\u5165\u503c\u5fc5\u987b\u4e3a\u6574\u6570\u4e14 \u5c0f\u4e8e\u7b49\u4e8e \u5bbf\u4e3b\u673a\u4e0a\u7684\u5361\u6570\u91cf\u3002
\u5982\u679c\u4e0a\u8ff0\u503c\u914d\u7f6e\u7684\u6709\u95ee\u9898\u5219\u4f1a\u51fa\u73b0\u8c03\u5ea6\u5931\u8d25\uff0c\u8d44\u6e90\u5206\u914d\u4e0d\u4e86\u7684\u60c5\u51b5\u3002
\u521b\u5efa\u5de5\u4f5c\u8d1f\u8f7d\u7533\u8bf7 GPU \u8d44\u6e90\uff0c\u5728\u8d44\u6e90\u7533\u8bf7\u548c\u9650\u5236\u914d\u7f6e\u4e2d\u589e\u52a0 nvidia.com/gpu: 1 \u53c2\u6570\u914d\u7f6e\u5e94\u7528\u4f7f\u7528\u7269\u7406\u5361\u7684\u6570\u91cf\u3002
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: full-gpu-demo\n namespace: default\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: full-gpu-demo\n template:\n metadata:\n labels:\n app: full-gpu-demo\n spec:\n containers:\n - image: chrstnhntschl/gpu_burn\n name: container-0\n resources:\n requests:\n cpu: 250m\n memory: 512Mi\n nvidia.com/gpu: 1 # \u7533\u8bf7 GPU \u7684\u6570\u91cf\n limits:\n cpu: 250m\n memory: 512Mi\n nvidia.com/gpu: 1 # GPU \u6570\u91cf\u7684\u4f7f\u7528\u4e0a\u9650\n imagePullSecrets:\n - name: default-secret\n
Note
\u4f7f\u7528 nvidia.com/gpu \u53c2\u6570\u6307\u5b9a GPU \u6570\u91cf\u65f6\uff0crequests \u548c limits \u503c\u9700\u8981\u4fdd\u6301\u4e00\u81f4\u3002
"},{"location":"admin/kpanda/gpu/nvidia/install_nvidia_driver_of_operator.html","title":"GPU Operator \u79bb\u7ebf\u5b89\u88c5","text":"\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u9884\u7f6e\u4e86 Ubuntu22.04\u3001Ubuntu20.04\u3001CentOS 7.9 \u8fd9\u4e09\u4e2a\u64cd\u4f5c\u7cfb\u7edf\u7684 Driver \u955c\u50cf\uff0c\u9a71\u52a8\u7248\u672c\u662f 535.104.12\uff1b \u5e76\u4e14\u5185\u7f6e\u4e86\u5404\u64cd\u4f5c\u7cfb\u7edf\u6240\u9700\u7684 Toolkit \u955c\u50cf\uff0c\u7528\u6237\u4e0d\u518d\u9700\u8981\u624b\u52a8\u79bb\u7ebf Toolkit \u955c\u50cf\u3002
\u672c\u6587\u4f7f\u7528 AMD \u67b6\u6784\u7684 CentOS 7.9\uff083.10.0-1160\uff09\u8fdb\u884c\u6f14\u793a\u3002\u5982\u9700\u4f7f\u7528 Red Hat 8.4 \u90e8\u7f72\uff0c \u8bf7\u53c2\u8003\u5411\u706b\u79cd\u8282\u70b9\u4ed3\u5e93\u4e0a\u4f20 Red Hat GPU Opreator \u79bb\u7ebf\u955c\u50cf\u548c\u6784\u5efa Red Hat 8.4 \u79bb\u7ebf yum \u6e90\u3002
"},{"location":"admin/kpanda/gpu/nvidia/install_nvidia_driver_of_operator.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u53c2\u8003\u5982\u4e0b\u6b65\u9aa4\u4e3a\u96c6\u7fa4\u5b89\u88c5 gpu-operator \u63d2\u4ef6\u3002
\u767b\u5f55\u5e73\u53f0\uff0c\u8fdb\u5165 \u5bb9\u5668\u7ba1\u7406 -> \u5f85\u5b89\u88c5 gpu-operator \u7684\u96c6\u7fa4 -> \u8fdb\u5165\u96c6\u7fa4\u8be6\u60c5\u3002
\u5728 Helm \u6a21\u677f \u9875\u9762\uff0c\u9009\u62e9 \u5168\u90e8\u4ed3\u5e93 \uff0c\u641c\u7d22 gpu-operator \u3002
\u9009\u62e9 gpu-operator \uff0c\u70b9\u51fb \u5b89\u88c5 \u3002
\u53c2\u8003\u4e0b\u6587\u53c2\u6570\u914d\u7f6e\uff0c\u914d\u7f6e gpu-operator \u5b89\u88c5\u53c2\u6570\uff0c\u5b8c\u6210 gpu-operator \u7684\u5b89\u88c5\u3002
Ubuntu 22.04
\u3001Ubuntu20.04
\u3001Centos7.9
\u3001other
\u56db\u4e2a\u9009\u9879\uff0c\u8bf7\u6b63\u786e\u7684\u9009\u62e9\u64cd\u4f5c\u7cfb\u7edf\u3002Driver.version \uff1aGPU \u9a71\u52a8\u955c\u50cf\u7684\u7248\u672c\uff0c\u79bb\u7ebf\u90e8\u7f72\u8bf7\u4f7f\u7528\u9ed8\u8ba4\u53c2\u6570\uff0c\u4ec5\u5728\u7ebf\u5b89\u88c5\u65f6\u9700\u914d\u7f6e\u3002\u4e0d\u540c\u7c7b\u578b\u64cd\u4f5c\u7cfb\u7edf\u7684 Driver \u955c\u50cf\u7684\u7248\u672c\u5b58\u5728\u5982\u4e0b\u5dee\u5f02\uff0c \u8be6\u60c5\u53ef\u53c2\u8003\uff1aNvidia GPU Driver \u7248\u672c\u3002 \u5982\u4e0b\u4e0d\u540c\u64cd\u4f5c\u7cfb\u7edf\u7684 Driver Version
\u793a\u4f8b\uff1a
Note
\u4f7f\u7528\u5185\u7f6e\u7684\u64cd\u4f5c\u7cfb\u7edf\u7248\u672c\u65e0\u9700\u4fee\u6539\u955c\u50cf\u7248\u672c\uff0c\u5176\u4ed6\u64cd\u4f5c\u7cfb\u7edf\u7248\u672c\u8bf7\u53c2\u8003\u5411\u706b\u79cd\u8282\u70b9\u4ed3\u5e93\u4e0a\u4f20\u955c\u50cf\u3002 \u6ce8\u610f\u7248\u672c\u53f7\u540e\u65e0\u9700\u586b\u5199 Ubuntu\u3001CentOS\u3001Red Hat \u7b49\u64cd\u4f5c\u7cfb\u7edf\u540d\u79f0\uff0c\u82e5\u5b98\u65b9\u955c\u50cf\u542b\u6709\u64cd\u4f5c\u7cfb\u7edf\u540e\u7f00\uff0c\u8bf7\u624b\u52a8\u79fb\u9664\u3002
525.105.17
535-5.15.0-1043-nvidia
525.147.05
Driver.RepoConfig.ConfigMapName \uff1a\u7528\u6765\u8bb0\u5f55 GPU Operator \u7684\u79bb\u7ebf yum \u6e90\u914d\u7f6e\u6587\u4ef6\u540d\u79f0\uff0c \u5f53\u4f7f\u7528\u9884\u7f6e\u7684\u79bb\u7ebf\u5305\u65f6\uff0c\u5404\u7c7b\u578b\u7684\u64cd\u4f5c\u7cfb\u7edf\u8bf7\u53c2\u8003\u5982\u4e0b\u7684\u6587\u6863\u3002
Toolkit.enable \uff1a\u9ed8\u8ba4\u5f00\u542f\uff0c\u8be5\u7ec4\u4ef6\u8ba9 conatainerd/docker \u652f\u6301\u8fd0\u884c\u9700\u8981 GPU \u7684\u5bb9\u5668\u3002
"},{"location":"admin/kpanda/gpu/nvidia/install_nvidia_driver_of_operator.html#mig","title":"MIG \u914d\u7f6e\u53c2\u6570","text":"\u8be6\u7ec6\u914d\u7f6e\u65b9\u5f0f\u8bf7\u53c2\u8003\u5f00\u542f MIG \u529f\u80fd
MigManager.Config.name \uff1aMIG \u7684\u5207\u5206\u914d\u7f6e\u6587\u4ef6\u540d\uff0c\u7528\u4e8e\u5b9a\u4e49 MIG \u7684\uff08GI, CI\uff09\u5207\u5206\u7b56\u7565\u3002 \u9ed8\u8ba4\u4e3a default-mig-parted-config \u3002\u81ea\u5b9a\u4e49\u53c2\u6570\u53c2\u8003\u5f00\u542f MIG \u529f\u80fd\u3002
"},{"location":"admin/kpanda/gpu/nvidia/install_nvidia_driver_of_operator.html#_6","title":"\u4e0b\u4e00\u6b65\u64cd\u4f5c","text":"\u5b8c\u6210\u4e0a\u8ff0\u76f8\u5173\u53c2\u6570\u914d\u7f6e\u548c\u521b\u5efa\u540e\uff1a
\u5982\u679c\u4f7f\u7528 \u6574\u5361\u6a21\u5f0f\uff0c\u5e94\u7528\u521b\u5efa\u65f6\u53ef\u4f7f\u7528 GPU \u8d44\u6e90
\u5982\u679c\u4f7f\u7528 vGPU \u6a21\u5f0f \uff0c\u5b8c\u6210\u4e0a\u8ff0\u76f8\u5173\u53c2\u6570\u914d\u7f6e\u548c\u521b\u5efa\u540e\uff0c\u4e0b\u4e00\u6b65\u8bf7\u5b8c\u6210 vGPU Addon \u5b89\u88c5
\u5982\u679c\u4f7f\u7528 MIG \u6a21\u5f0f\uff0c\u5e76\u4e14\u9700\u8981\u7ed9\u4e2a\u522b GPU \u8282\u70b9\u6309\u7167\u67d0\u79cd\u5207\u5206\u89c4\u683c\u8fdb\u884c\u4f7f\u7528\uff0c \u5426\u5219\u6309\u7167 MigManager.Config
\u4e2d\u7684 default \u503c\u8fdb\u884c\u5207\u5206\u3002
single \u6a21\u5f0f\u8bf7\u7ed9\u5bf9\u5e94\u8282\u70b9\u6253\u4e0a\u5982\u4e0b Label\uff1a
kubectl label nodes {node} nvidia.com/mig.config=\"all-1g.10gb\" --overwrite\n
mixed \u6a21\u5f0f\u8bf7\u7ed9\u5bf9\u5e94\u8282\u70b9\u6253\u4e0a\u5982\u4e0b Label\uff1a
kubectl label nodes {node} nvidia.com/mig.config=\"custom-config\" --overwrite\n
\u200b \u5207\u5206\u540e\uff0c\u5e94\u7528\u53ef\u4f7f\u7528 MIG GPU \u8d44\u6e90\u3002
"},{"location":"admin/kpanda/gpu/nvidia/push_image_to_repo.html","title":"\u5411\u706b\u79cd\u8282\u70b9\u4ed3\u5e93\u4e0a\u4f20 Red Hat GPU Opreator \u79bb\u7ebf\u955c\u50cf","text":"\u672c\u6587\u4ee5 Red Hat 8.4 \u7684 nvcr.io/nvidia/driver:525.105.17-rhel8.4
\u79bb\u7ebf\u9a71\u52a8\u955c\u50cf\u4e3a\u4f8b\uff0c\u4ecb\u7ecd\u5982\u4f55\u5411\u706b\u79cd\u8282\u70b9\u4ed3\u5e93\u4e0a\u4f20\u79bb\u7ebf\u955c\u50cf\u3002
\u4ee5\u4e0b\u64cd\u4f5c\u5728\u8054\u7f51\u8282\u70b9\u4e0a\u8fdb\u884c\u3002
\u5728\u8054\u7f51\u673a\u5668\u4e0a\u62c9\u53d6 nvcr.io/nvidia/driver:525.105.17-rhel8.4
\u79bb\u7ebf\u9a71\u52a8\u955c\u50cf\uff1a
docker pull nvcr.io/nvidia/driver:525.105.17-rhel8.4\n
\u955c\u50cf\u62c9\u53d6\u5b8c\u6210\u540e\uff0c\u6253\u5305\u955c\u50cf\u4e3a nvidia-driver.tar
\u538b\u7f29\u5305\uff1a
docker save nvcr.io/nvidia/driver:525.105.17-rhel8.4 > nvidia-driver.tar\n
\u62f7\u8d1d nvidia-driver.tar
\u955c\u50cf\u538b\u7f29\u5305\u5230\u706b\u79cd\u8282\u70b9\uff1a
scp nvidia-driver.tar user@ip:/root\n
\u4f8b\u5982\uff1a
scp nvidia-driver.tar root@10.6.175.10:/root\n
\u4ee5\u4e0b\u64cd\u4f5c\u5728\u706b\u79cd\u8282\u70b9\u4e0a\u8fdb\u884c\u3002
\u767b\u5f55\u706b\u79cd\u8282\u70b9\uff0c\u5c06\u8054\u7f51\u8282\u70b9\u62f7\u8d1d\u7684\u955c\u50cf\u538b\u7f29\u5305 nvidia-driver.tar
\u5bfc\u5165\u672c\u5730\uff1a
docker load -i nvidia-driver.tar\n
\u67e5\u770b\u521a\u521a\u5bfc\u5165\u7684\u955c\u50cf\uff1a
docker images -a |grep nvidia\n
\u9884\u671f\u8f93\u51fa\uff1a
nvcr.io/nvidia/driver e3ed7dee73e9 1 days ago 1.02GB\n
\u91cd\u65b0\u6807\u8bb0\u955c\u50cf\uff0c\u4f7f\u5176\u4e0e\u8fdc\u7a0b Registry \u4ed3\u5e93\u4e2d\u7684\u76ee\u6807\u4ed3\u5e93\u5bf9\u5e94\uff1a
docker tag <image-name> <registry-url>/<repository-name>:<tag>\n
<image-name>
\u662f\u4e0a\u4e00\u6b65 nvidia \u955c\u50cf\u7684\u540d\u79f0\uff0c<registry-url>
\u662f\u706b\u79cd\u8282\u70b9\u4e0a Registry \u670d\u52a1\u7684\u5730\u5740\uff0c<repository-name>
\u662f\u60a8\u8981\u63a8\u9001\u5230\u7684\u4ed3\u5e93\u540d\u79f0\uff0c<tag>
\u662f\u60a8\u4e3a\u955c\u50cf\u6307\u5b9a\u7684\u6807\u7b7e\u3002\u4f8b\u5982\uff1a
registry\uff1adocker tag nvcr.io/nvidia/driver 10.6.10.5/nvcr.io/nvidia/driver:525.105.17-rhel8.4\n
\u5c06\u955c\u50cf\u63a8\u9001\u5230\u706b\u79cd\u8282\u70b9\u955c\u50cf\u4ed3\u5e93\uff1a
docker push {ip}/nvcr.io/nvidia/driver:525.105.17-rhel8.4\n
\u53c2\u8003\u6784\u5efa Red Hat 8.4 \u79bb\u7ebf yum \u6e90\u548c GPU Operator \u79bb\u7ebf\u5b89\u88c5\u6765\u4e3a\u96c6\u7fa4\u90e8\u7f72 GPU Operator\u3002
"},{"location":"admin/kpanda/gpu/nvidia/rhel9.2_offline_install_driver.html","title":"RHEL 9.2 \u79bb\u7ebf\u5b89\u88c5 gpu-operator \u9a71\u52a8","text":"\u524d\u63d0\u6761\u4ef6\uff1a\u5df2\u5b89\u88c5 gpu-operator v23.9.0+2 \u53ca\u66f4\u9ad8\u7248\u672c
RHEL 9.2 \u9a71\u52a8\u955c\u50cf\u4e0d\u80fd\u76f4\u63a5\u5b89\u88c5\uff0c\u5b98\u65b9\u7684\u9a71\u52a8\u811a\u672c\u5b58\u5728\u4e00\u70b9\u95ee\u9898\uff0c\u5728\u5b98\u65b9\u4fee\u590d\u4e4b\u524d\uff0c\u63d0\u4f9b\u5982\u4e0b\u7684\u6b65\u9aa4\u6765\u5b9e\u73b0\u79bb\u7ebf\u5b89\u88c5\u9a71\u52a8\u3002
"},{"location":"admin/kpanda/gpu/nvidia/rhel9.2_offline_install_driver.html#nouveau","title":"\u7981\u7528nouveau\u9a71\u52a8","text":"\u5728 RHEL 9.2 \u4e2d\u5b58\u5728 nouveau
\u975e\u5b98\u65b9\u7684 Nvidia
\u9a71\u52a8\uff0c\u56e0\u6b64\u9700\u8981\u5148\u7981\u7528\u3002
# \u521b\u5efa\u4e00\u4e2a\u65b0\u7684\u6587\u4ef6\nsudo vi /etc/modprobe.d/blacklist-nouveau.conf\n# \u6dfb\u52a0\u4ee5\u4e0b\u4e24\u884c\u5185\u5bb9:\nblacklist nouveau\noptions nouveau modeset=0\n# \u7981\u7528Nouveau\nsudo dracut --force\n# \u91cd\u542fvm\nsudo reboot\n# \u68c0\u67e5\u662f\u5426\u5df2\u7ecf\u6210\u529f\u7981\u7528\nlsmod | grep nouveau\n
"},{"location":"admin/kpanda/gpu/nvidia/rhel9.2_offline_install_driver.html#_1","title":"\u81ea\u5b9a\u4e49\u9a71\u52a8\u955c\u50cf","text":"\u5148\u5728\u672c\u5730\u521b\u5efa nvidia-driver
\u6587\u4ef6\uff1a
#! /bin/bash -x\n# Copyright (c) 2018-2020, NVIDIA CORPORATION. All rights reserved.\n\nset -eu\n\nRUN_DIR=/run/nvidia\nPID_FILE=${RUN_DIR}/${0##*/}.pid\nDRIVER_VERSION=${DRIVER_VERSION:?\"Missing DRIVER_VERSION env\"}\nKERNEL_UPDATE_HOOK=/run/kernel/postinst.d/update-nvidia-driver\nNUM_VGPU_DEVICES=0\nNVIDIA_MODULE_PARAMS=()\nNVIDIA_UVM_MODULE_PARAMS=()\nNVIDIA_MODESET_MODULE_PARAMS=()\nNVIDIA_PEERMEM_MODULE_PARAMS=()\nTARGETARCH=${TARGETARCH:?\"Missing TARGETARCH env\"}\nUSE_HOST_MOFED=\"${USE_HOST_MOFED:-false}\"\nDNF_RELEASEVER=${DNF_RELEASEVER:-\"\"}\nRHEL_VERSION=${RHEL_VERSION:-\"\"}\nRHEL_MAJOR_VERSION=9\n\nOPEN_KERNEL_MODULES_ENABLED=${OPEN_KERNEL_MODULES_ENABLED:-false}\n[[ \"${OPEN_KERNEL_MODULES_ENABLED}\" == \"true\" ]] && KERNEL_TYPE=kernel-open || KERNEL_TYPE=kernel\n\nDRIVER_ARCH=${TARGETARCH/amd64/x86_64} && DRIVER_ARCH=${DRIVER_ARCH/arm64/aarch64}\necho \"DRIVER_ARCH is $DRIVER_ARCH\"\n\nSCRIPT_DIR=$( cd -- \"$( dirname -- \"${BASH_SOURCE[0]}\" )\" &> /dev/null && pwd )\nsource $SCRIPT_DIR/common.sh\n\n_update_package_cache() {\n if [ \"${PACKAGE_TAG:-}\" != \"builtin\" ]; then\n echo \"Updating the package cache...\"\n if ! yum -q makecache; then\n echo \"FATAL: failed to reach RHEL package repositories. \"\\\n \"Ensure that the cluster can access the proper networks.\"\n exit 1\n fi\n fi\n}\n\n_cleanup_package_cache() {\n if [ \"${PACKAGE_TAG:-}\" != \"builtin\" ]; then\n echo \"Cleaning up the package cache...\"\n rm -rf /var/cache/yum/*\n fi\n}\n\n_get_rhel_version_from_kernel() {\n local rhel_version_underscore rhel_version_arr\n rhel_version_underscore=$(echo \"${KERNEL_VERSION}\" | sed 's/.*el\\([0-9]\\+_[0-9]\\+\\).*/\\1/g')\n # For e.g. :- from the kernel version 4.18.0-513.9.1.el8_9, we expect to extract the string \"8_9\"\n if [[ ! ${rhel_version_underscore} =~ ^[0-9]+_[0-9]+$ ]]; then\n echo \"Unable to resolve RHEL version from kernel version\" >&2\n return 1\n fi\n IFS='_' read -r -a rhel_version_arr <<< \"$rhel_version_underscore\"\n if [[ ${#rhel_version_arr[@]} -ne 2 ]]; then\n echo \"Unable to resolve RHEL version from kernel version\" >&2\n return 1\n fi\n RHEL_VERSION=\"${rhel_version_arr[0]}.${rhel_version_arr[1]}\"\n echo \"RHEL VERSION successfully resolved from kernel: ${RHEL_VERSION}\"\n return 0\n}\n\n_resolve_rhel_version() {\n _get_rhel_version_from_kernel || RHEL_VERSION=\"${RHEL_MAJOR_VERSION}\"\n # set dnf release version as rhel version by default\n if [[ -z \"${DNF_RELEASEVER}\" ]]; then\n DNF_RELEASEVER=\"${RHEL_VERSION}\"\n fi\n return 0\n}\n\n# Resolve the kernel version to the form major.minor.patch-revision.\n_resolve_kernel_version() {\n echo \"Resolving Linux kernel version...\"\n local version=$(yum -q list available --showduplicates kernel-headers |\n awk -v arch=$(uname -m) 'NR>1 {print $2\".\"arch}' | tac | grep -E -m1 \"^${KERNEL_VERSION/latest/.*}\")\n\n if [ -z \"${version}\" ]; then\n echo \"Could not resolve Linux kernel version\" >&2\n return 1\n fi\n KERNEL_VERSION=\"${version}\"\n echo \"Proceeding with Linux kernel version ${KERNEL_VERSION}\"\n return 0\n}\n\n# Install the kernel modules header/builtin/order files and generate the kernel version string.\n_install_prerequisites() (\n local tmp_dir=$(mktemp -d)\n\n trap \"rm -rf ${tmp_dir}\" EXIT\n cd ${tmp_dir}\n\n echo \"Installing elfutils...\"\n if ! dnf install -q -y elfutils-libelf.$DRIVER_ARCH; then\n echo \"FATAL: failed to install elfutils packages. RHEL entitlement may be improperly deployed.\"\n exit 1\n fi\n if ! dnf install -q -y elfutils-libelf-devel.$DRIVER_ARCH; then\n echo \"FATAL: failed to install elfutils packages. RHEL entitlement may be improperly deployed.\"\n exit 1\n fi \n\n rm -rf /lib/modules/${KERNEL_VERSION}\n mkdir -p /lib/modules/${KERNEL_VERSION}/proc\n\n echo \"Enabling RHOCP and EUS RPM repos...\"\n if [ -n \"${OPENSHIFT_VERSION:-}\" ]; then\n dnf config-manager --set-enabled rhocp-${OPENSHIFT_VERSION}-for-rhel-9-$DRIVER_ARCH-rpms || true\n if ! dnf makecache --releasever=${DNF_RELEASEVER}; then\n dnf config-manager --set-disabled rhocp-${OPENSHIFT_VERSION}-for-rhel-9-$DRIVER_ARCH-rpms || true\n fi\n fi\n\n dnf config-manager --set-enabled rhel-9-for-$DRIVER_ARCH-baseos-eus-rpms || true\n if ! dnf makecache --releasever=${DNF_RELEASEVER}; then\n dnf config-manager --set-disabled rhel-9-for-$DRIVER_ARCH-baseos-eus-rpms || true\n fi\n\n # try with EUS disabled, if it does not work, then try just major version\n if ! dnf makecache --releasever=${DNF_RELEASEVER}; then\n # If pointing to DNF_RELEASEVER does not work, we point to the RHEL_MAJOR_VERSION as a last resort\n if ! dnf makecache --releasever=${RHEL_MAJOR_VERSION}; then\n echo \"FATAL: failed to update the dnf metadata cache after multiple attempts with releasevers ${DNF_RELEASEVER}, ${RHEL_MAJOR_VERSION}\"\n exit 1\n else\n DNF_RELEASEVER=${RHEL_MAJOR_VERSION}\n fi\n fi\n\n echo \"Installing Linux kernel headers...\"\n dnf -q -y --releasever=${DNF_RELEASEVER} install kernel-headers-${KERNEL_VERSION} kernel-devel-${KERNEL_VERSION} --allowerasing > /dev/null\n ln -s /usr/src/kernels/${KERNEL_VERSION} /lib/modules/${KERNEL_VERSION}/build\n\n echo \"Installing Linux kernel module files...\"\n dnf -q -y --releasever=${DNF_RELEASEVER} install kernel-core-${KERNEL_VERSION} > /dev/null\n\n # Prevent depmod from giving a WARNING about missing files\n touch /lib/modules/${KERNEL_VERSION}/modules.order\n touch /lib/modules/${KERNEL_VERSION}/modules.builtin\n\n depmod ${KERNEL_VERSION}\n\n echo \"Generating Linux kernel version string...\"\n if [ \"$TARGETARCH\" = \"arm64\" ]; then\n gunzip -c /lib/modules/${KERNEL_VERSION}/vmlinuz | strings | grep -E '^Linux version' | sed 's/^\\(.*\\)\\s\\+(.*)$/\\1/' > version\n else\n extract-vmlinux /lib/modules/${KERNEL_VERSION}/vmlinuz | strings | grep -E '^Linux version' | sed 's/^\\(.*\\)\\s\\+(.*)$/\\1/' > version\n fi\n if [ -z \"$(<version)\" ]; then\n echo \"Could not locate Linux kernel version string\" >&2\n return 1\n fi\n mv version /lib/modules/${KERNEL_VERSION}/proc\n\n # Parse gcc version\n # gcc_version is expected to match x.y.z\n # current_gcc is expected to match 'gcc-x.y.z-rel.el8.x86_64\n local gcc_version=$(cat /lib/modules/${KERNEL_VERSION}/proc/version | grep -Eo \"gcc \\(GCC\\) ([0-9\\.]+)\" | grep -Eo \"([0-9\\.]+)\")\n local current_gcc=$(rpm -qa gcc)\n echo \"kernel requires gcc version: 'gcc-${gcc_version}', current gcc version is '${current_gcc}'\"\n\n if ! [[ \"${current_gcc}\" =~ \"gcc-${gcc_version}\"-.* ]]; then\n dnf install -q -y --releasever=${DNF_RELEASEVER} \"gcc-${gcc_version}\"\n fi\n)\n\n# Cleanup the prerequisites installed above.\n_remove_prerequisites() {\n true\n if [ \"${PACKAGE_TAG:-}\" != \"builtin\" ]; then\n dnf -q -y remove kernel-headers-${KERNEL_VERSION} kernel-devel-${KERNEL_VERSION} > /dev/null\n # TODO remove module files not matching an existing driver package.\n fi\n}\n\n# Check if the kernel version requires a new precompiled driver packages.\n_kernel_requires_package() {\n local proc_mount_arg=\"\"\n\n echo \"Checking NVIDIA driver packages...\"\n\n [[ ! -d /usr/src/nvidia-${DRIVER_VERSION}/${KERNEL_TYPE} ]] && return 0\n cd /usr/src/nvidia-${DRIVER_VERSION}/${KERNEL_TYPE}\n\n proc_mount_arg=\"--proc-mount-point /lib/modules/${KERNEL_VERSION}/proc\"\n for pkg_name in $(ls -d -1 precompiled/** 2> /dev/null); do\n is_match=$(../mkprecompiled --match ${pkg_name} ${proc_mount_arg})\n if [ \"${is_match}\" == \"kernel interface matches.\" ]; then\n echo \"Found NVIDIA driver package ${pkg_name##*/}\"\n return 1\n fi\n done\n return 0\n}\n\n# Compile the kernel modules, optionally sign them, and generate a precompiled package for use by the nvidia-installer.\n_create_driver_package() (\n local pkg_name=\"nvidia-modules-${KERNEL_VERSION%%-*}${PACKAGE_TAG:+-${PACKAGE_TAG}}\"\n local nvidia_sign_args=\"\"\n local nvidia_modeset_sign_args=\"\"\n local nvidia_uvm_sign_args=\"\"\n\n trap \"make -s -j ${MAX_THREADS} SYSSRC=/lib/modules/${KERNEL_VERSION}/build clean > /dev/null\" EXIT\n\n echo \"Compiling NVIDIA driver kernel modules...\"\n cd /usr/src/nvidia-${DRIVER_VERSION}/${KERNEL_TYPE}\n\n if _gpu_direct_rdma_enabled; then\n ln -s /run/mellanox/drivers/usr/src/ofa_kernel /usr/src/\n # if arch directory exists(MOFED >=5.5) then create a symlink as expected by GPU driver installer\n # This is required as currently GPU driver installer doesn't expect headers in x86_64 folder, but only in either default or kernel-version folder.\n # ls -ltr /usr/src/ofa_kernel/\n # lrwxrwxrwx 1 root root 36 Dec 8 20:10 default -> /etc/alternatives/ofa_kernel_headers\n # drwxr-xr-x 4 root root 4096 Dec 8 20:14 x86_64\n # lrwxrwxrwx 1 root root 44 Dec 9 19:05 5.4.0-90-generic -> /usr/src/ofa_kernel/x86_64/5.4.0-90-generic/\n if [[ -d \"/run/mellanox/drivers/usr/src/ofa_kernel/$(uname -m)/$(uname -r)\" ]]; then\n if [[ ! -e \"/usr/src/ofa_kernel/$(uname -r)\" ]]; then\n ln -s \"/run/mellanox/drivers/usr/src/ofa_kernel/$(uname -m)/$(uname -r)\" /usr/src/ofa_kernel/\n fi\n fi\n fi\n\n make -s -j ${MAX_THREADS} SYSSRC=/lib/modules/${KERNEL_VERSION}/build nv-linux.o nv-modeset-linux.o > /dev/null\n\n echo \"Relinking NVIDIA driver kernel modules...\"\n rm -f nvidia.ko nvidia-modeset.ko\n ld -d -r -o nvidia.ko ./nv-linux.o ./nvidia/nv-kernel.o_binary\n ld -d -r -o nvidia-modeset.ko ./nv-modeset-linux.o ./nvidia-modeset/nv-modeset-kernel.o_binary\n\n if [ -n \"${PRIVATE_KEY}\" ]; then\n echo \"Signing NVIDIA driver kernel modules...\"\n donkey get ${PRIVATE_KEY} sh -c \"PATH=${PATH}:/usr/src/linux-headers-${KERNEL_VERSION}/scripts && \\\n sign-file sha512 \\$DONKEY_FILE pubkey.x509 nvidia.ko nvidia.ko.sign && \\\n sign-file sha512 \\$DONKEY_FILE pubkey.x509 nvidia-modeset.ko nvidia-modeset.ko.sign && \\\n sign-file sha512 \\$DONKEY_FILE pubkey.x509 nvidia-uvm.ko\"\n nvidia_sign_args=\"--linked-module nvidia.ko --signed-module nvidia.ko.sign\"\n nvidia_modeset_sign_args=\"--linked-module nvidia-modeset.ko --signed-module nvidia-modeset.ko.sign\"\n nvidia_uvm_sign_args=\"--signed\"\n fi\n\n echo \"Building NVIDIA driver package ${pkg_name}...\"\n ../mkprecompiled --pack ${pkg_name} --description ${KERNEL_VERSION} \\\n --proc-mount-point /lib/modules/${KERNEL_VERSION}/proc \\\n --driver-version ${DRIVER_VERSION} \\\n --kernel-interface nv-linux.o \\\n --linked-module-name nvidia.ko \\\n --core-object-name nvidia/nv-kernel.o_binary \\\n ${nvidia_sign_args} \\\n --target-directory . \\\n --kernel-interface nv-modeset-linux.o \\\n --linked-module-name nvidia-modeset.ko \\\n --core-object-name nvidia-modeset/nv-modeset-kernel.o_binary \\\n ${nvidia_modeset_sign_args} \\\n --target-directory . \\\n --kernel-module nvidia-uvm.ko \\\n ${nvidia_uvm_sign_args} \\\n --target-directory .\n mkdir -p precompiled\n mv ${pkg_name} precompiled\n)\n\n_assert_nvswitch_system() {\n [ -d /proc/driver/nvidia-nvswitch ] || return 1\n entries=$(ls -1 /proc/driver/nvidia-nvswitch/devices/*)\n if [ -z \"${entries}\" ]; then\n return 1\n fi\n return 0\n}\n\n# For each kernel module configuration file mounted into the container,\n# parse the file contents and extract the custom module parameters that\n# are to be passed as input to 'modprobe'.\n#\n# Assumptions:\n# - Configuration files are named <module-name>.conf (i.e. nvidia.conf, nvidia-uvm.conf).\n# - Configuration files are mounted inside the container at /drivers.\n# - Each line in the file contains at least one parameter, where parameters on the same line\n# are space delimited. It is up to the user to properly format the file to ensure\n# the correct set of parameters are passed to 'modprobe'.\n_get_module_params() {\n local base_path=\"/drivers\"\n # nvidia\n if [ -f \"${base_path}/nvidia.conf\" ]; then\n while IFS=\"\" read -r param || [ -n \"$param\" ]; do\n NVIDIA_MODULE_PARAMS+=(\"$param\")\n done <\"${base_path}/nvidia.conf\"\n echo \"Module parameters provided for nvidia: ${NVIDIA_MODULE_PARAMS[@]}\"\n fi\n # nvidia-uvm\n if [ -f \"${base_path}/nvidia-uvm.conf\" ]; then\n while IFS=\"\" read -r param || [ -n \"$param\" ]; do\n NVIDIA_UVM_MODULE_PARAMS+=(\"$param\")\n done <\"${base_path}/nvidia-uvm.conf\"\n echo \"Module parameters provided for nvidia-uvm: ${NVIDIA_UVM_MODULE_PARAMS[@]}\"\n fi\n # nvidia-modeset\n if [ -f \"${base_path}/nvidia-modeset.conf\" ]; then\n while IFS=\"\" read -r param || [ -n \"$param\" ]; do\n NVIDIA_MODESET_MODULE_PARAMS+=(\"$param\")\n done <\"${base_path}/nvidia-modeset.conf\"\n echo \"Module parameters provided for nvidia-modeset: ${NVIDIA_MODESET_MODULE_PARAMS[@]}\"\n fi\n # nvidia-peermem\n if [ -f \"${base_path}/nvidia-peermem.conf\" ]; then\n while IFS=\"\" read -r param || [ -n \"$param\" ]; do\n NVIDIA_PEERMEM_MODULE_PARAMS+=(\"$param\")\n done <\"${base_path}/nvidia-peermem.conf\"\n echo \"Module parameters provided for nvidia-peermem: ${NVIDIA_PEERMEM_MODULE_PARAMS[@]}\"\n fi\n}\n\n# Load the kernel modules and start persistenced.\n_load_driver() {\n echo \"Parsing kernel module parameters...\"\n _get_module_params\n\n local nv_fw_search_path=\"$RUN_DIR/driver/lib/firmware\"\n local set_fw_path=\"true\"\n local fw_path_config_file=\"/sys/module/firmware_class/parameters/path\"\n for param in \"${NVIDIA_MODULE_PARAMS[@]}\"; do\n if [[ \"$param\" == \"NVreg_EnableGpuFirmware=0\" ]]; then\n set_fw_path=\"false\"\n fi\n done\n\n if [[ \"$set_fw_path\" == \"true\" ]]; then\n echo \"Configuring the following firmware search path in '$fw_path_config_file': $nv_fw_search_path\"\n if [[ ! -z $(grep '[^[:space:]]' $fw_path_config_file) ]]; then\n echo \"WARNING: A search path is already configured in $fw_path_config_file\"\n echo \" Retaining the current configuration\"\n else\n echo -n \"$nv_fw_search_path\" > $fw_path_config_file || echo \"WARNING: Failed to configure the firmware search path\"\n fi\n fi\n\n echo \"Loading ipmi and i2c_core kernel modules...\"\n modprobe -a i2c_core ipmi_msghandler ipmi_devintf\n\n echo \"Loading NVIDIA driver kernel modules...\"\n set -o xtrace +o nounset\n modprobe nvidia \"${NVIDIA_MODULE_PARAMS[@]}\"\n modprobe nvidia-uvm \"${NVIDIA_UVM_MODULE_PARAMS[@]}\"\n modprobe nvidia-modeset \"${NVIDIA_MODESET_MODULE_PARAMS[@]}\"\n set +o xtrace -o nounset\n\n if _gpu_direct_rdma_enabled; then\n echo \"Loading NVIDIA Peer Memory kernel module...\"\n set -o xtrace +o nounset\n modprobe -a nvidia-peermem \"${NVIDIA_PEERMEM_MODULE_PARAMS[@]}\"\n set +o xtrace -o nounset\n fi\n\n echo \"Starting NVIDIA persistence daemon...\"\n nvidia-persistenced --persistence-mode\n\n if [ \"${DRIVER_TYPE}\" = \"vgpu\" ]; then\n echo \"Copying gridd.conf...\"\n cp /drivers/gridd.conf /etc/nvidia/gridd.conf\n if [ \"${VGPU_LICENSE_SERVER_TYPE}\" = \"NLS\" ]; then\n echo \"Copying ClientConfigToken...\"\n mkdir -p /etc/nvidia/ClientConfigToken/\n cp /drivers/ClientConfigToken/* /etc/nvidia/ClientConfigToken/\n fi\n\n echo \"Starting nvidia-gridd..\"\n LD_LIBRARY_PATH=/usr/lib64/nvidia/gridd nvidia-gridd\n\n # Start virtual topology daemon\n _start_vgpu_topology_daemon\n fi\n\n if _assert_nvswitch_system; then\n echo \"Starting NVIDIA fabric manager daemon...\"\n nv-fabricmanager -c /usr/share/nvidia/nvswitch/fabricmanager.cfg\n fi\n}\n\n# Stop persistenced and unload the kernel modules if they are currently loaded.\n_unload_driver() {\n local rmmod_args=()\n local nvidia_deps=0\n local nvidia_refs=0\n local nvidia_uvm_refs=0\n local nvidia_modeset_refs=0\n local nvidia_peermem_refs=0\n\n echo \"Stopping NVIDIA persistence daemon...\"\n if [ -f /var/run/nvidia-persistenced/nvidia-persistenced.pid ]; then\n local pid=$(< /var/run/nvidia-persistenced/nvidia-persistenced.pid)\n\n kill -SIGTERM \"${pid}\"\n for i in $(seq 1 50); do\n kill -0 \"${pid}\" 2> /dev/null || break\n sleep 0.1\n done\n if [ $i -eq 50 ]; then\n echo \"Could not stop NVIDIA persistence daemon\" >&2\n return 1\n fi\n fi\n\n if [ -f /var/run/nvidia-gridd/nvidia-gridd.pid ]; then\n echo \"Stopping NVIDIA grid daemon...\"\n local pid=$(< /var/run/nvidia-gridd/nvidia-gridd.pid)\n\n kill -SIGTERM \"${pid}\"\n for i in $(seq 1 10); do\n kill -0 \"${pid}\" 2> /dev/null || break\n sleep 0.1\n done\n if [ $i -eq 10 ]; then\n echo \"Could not stop NVIDIA Grid daemon\" >&2\n return 1\n fi\n fi\n\n if [ -f /var/run/nvidia-fabricmanager/nv-fabricmanager.pid ]; then\n echo \"Stopping NVIDIA fabric manager daemon...\"\n local pid=$(< /var/run/nvidia-fabricmanager/nv-fabricmanager.pid)\n\n kill -SIGTERM \"${pid}\"\n for i in $(seq 1 50); do\n kill -0 \"${pid}\" 2> /dev/null || break\n sleep 0.1\n done\n if [ $i -eq 50 ]; then\n echo \"Could not stop NVIDIA fabric manager daemon\" >&2\n return 1\n fi\n fi\n\n echo \"Unloading NVIDIA driver kernel modules...\"\n if [ -f /sys/module/nvidia_modeset/refcnt ]; then\n nvidia_modeset_refs=$(< /sys/module/nvidia_modeset/refcnt)\n rmmod_args+=(\"nvidia-modeset\")\n ((++nvidia_deps))\n fi\n if [ -f /sys/module/nvidia_uvm/refcnt ]; then\n nvidia_uvm_refs=$(< /sys/module/nvidia_uvm/refcnt)\n rmmod_args+=(\"nvidia-uvm\")\n ((++nvidia_deps))\n fi\n if [ -f /sys/module/nvidia/refcnt ]; then\n nvidia_refs=$(< /sys/module/nvidia/refcnt)\n rmmod_args+=(\"nvidia\")\n fi\n if [ -f /sys/module/nvidia_peermem/refcnt ]; then\n nvidia_peermem_refs=$(< /sys/module/nvidia_peermem/refcnt)\n rmmod_args+=(\"nvidia-peermem\")\n ((++nvidia_deps))\n fi\n if [ ${nvidia_refs} -gt ${nvidia_deps} ] || [ ${nvidia_uvm_refs} -gt 0 ] || [ ${nvidia_modeset_refs} -gt 0 ] || [ ${nvidia_peermem_refs} -gt 0 ]; then\n echo \"Could not unload NVIDIA driver kernel modules, driver is in use\" >&2\n return 1\n fi\n\n if [ ${#rmmod_args[@]} -gt 0 ]; then\n rmmod ${rmmod_args[@]}\n fi\n return 0\n}\n\n# Link and install the kernel modules from a precompiled package using the nvidia-installer.\n_install_driver() {\n local install_args=()\n\n echo \"Installing NVIDIA driver kernel modules...\"\n cd /usr/src/nvidia-${DRIVER_VERSION}\n rm -rf /lib/modules/${KERNEL_VERSION}/video\n\n if [ \"${ACCEPT_LICENSE}\" = \"yes\" ]; then\n install_args+=(\"--accept-license\")\n fi\n IGNORE_CC_MISMATCH=1 nvidia-installer --kernel-module-only --no-drm --ui=none --no-nouveau-check -m=${KERNEL_TYPE} ${install_args[@]+\"${install_args[@]}\"}\n # May need to add no-cc-check for Rhel, otherwise it complains about cc missing in path\n # /proc/version and lib/modules/KERNEL_VERSION/proc are different, by default installer looks at /proc/ so, added the proc-mount-point\n # TODO: remove the -a flag. its not needed. in the new driver version, license-acceptance is implicit\n #nvidia-installer --kernel-module-only --no-drm --ui=none --no-nouveau-check --no-cc-version-check --proc-mount-point /lib/modules/${KERNEL_VERSION}/proc ${install_args[@]+\"${install_args[@]}\"}\n}\n\n# Mount the driver rootfs into the run directory with the exception of sysfs.\n_mount_rootfs() {\n echo \"Mounting NVIDIA driver rootfs...\"\n mount --make-runbindable /sys\n mount --make-private /sys\n mkdir -p ${RUN_DIR}/driver\n mount --rbind / ${RUN_DIR}/driver\n\n echo \"Check SELinux status\"\n if [ -e /sys/fs/selinux ]; then\n echo \"SELinux is enabled\"\n echo \"Change device files security context for selinux compatibility\"\n chcon -R -t container_file_t ${RUN_DIR}/driver/dev\n else\n echo \"SELinux is disabled, skipping...\"\n fi\n}\n\n# Unmount the driver rootfs from the run directory.\n_unmount_rootfs() {\n echo \"Unmounting NVIDIA driver rootfs...\"\n if findmnt -r -o TARGET | grep \"${RUN_DIR}/driver\" > /dev/null; then\n umount -l -R ${RUN_DIR}/driver\n fi\n}\n\n# Write a kernel postinst.d script to automatically precompile packages on kernel update (similar to DKMS).\n_write_kernel_update_hook() {\n if [ ! -d ${KERNEL_UPDATE_HOOK%/*} ]; then\n return\n fi\n\n echo \"Writing kernel update hook...\"\n cat > ${KERNEL_UPDATE_HOOK} <<'EOF'\n#!/bin/bash\n\nset -eu\ntrap 'echo \"ERROR: Failed to update the NVIDIA driver\" >&2; exit 0' ERR\n\nNVIDIA_DRIVER_PID=$(< /run/nvidia/nvidia-driver.pid)\n\nexport \"$(grep -z DRIVER_VERSION /proc/${NVIDIA_DRIVER_PID}/environ)\"\nnsenter -t \"${NVIDIA_DRIVER_PID}\" -m -- nvidia-driver update --kernel \"$1\"\nEOF\n chmod +x ${KERNEL_UPDATE_HOOK}\n}\n\n_shutdown() {\n if _unload_driver; then\n _unmount_rootfs\n rm -f ${PID_FILE} ${KERNEL_UPDATE_HOOK}\n return 0\n fi\n return 1\n}\n\n_find_vgpu_driver_version() {\n local count=\"\"\n local version=\"\"\n local drivers_path=\"/drivers\"\n\n if [ \"${DISABLE_VGPU_VERSION_CHECK}\" = \"true\" ]; then\n echo \"vgpu version compatibility check is disabled\"\n return 0\n fi\n # check if vgpu devices are present\n count=$(vgpu-util count)\n if [ $? -ne 0 ]; then\n echo \"cannot find vgpu devices on host, pleae check /var/log/vgpu-util.log for more details...\"\n return 0\n fi\n NUM_VGPU_DEVICES=$(echo \"$count\" | awk -F= '{print $2}')\n if [ $NUM_VGPU_DEVICES -eq 0 ]; then\n # no vgpu devices found, treat as passthrough\n return 0\n fi\n echo \"found $NUM_VGPU_DEVICES vgpu devices on host\"\n\n # find compatible guest driver using driver catalog\n if [ -d \"/mnt/shared-nvidia-driver-toolkit/drivers\" ]; then\n drivers_path=\"/mnt/shared-nvidia-driver-toolkit/drivers\"\n fi\n version=$(vgpu-util match -i \"${drivers_path}\" -c \"${drivers_path}/vgpuDriverCatalog.yaml\")\n if [ $? -ne 0 ]; then\n echo \"cannot find match for compatible vgpu driver from available list, please check /var/log/vgpu-util.log for more details...\"\n return 1\n fi\n DRIVER_VERSION=$(echo \"$version\" | awk -F= '{print $2}')\n echo \"vgpu driver version selected: ${DRIVER_VERSION}\"\n return 0\n}\n\n_start_vgpu_topology_daemon() {\n type nvidia-topologyd > /dev/null 2>&1 || return 0\n echo \"Starting nvidia-topologyd..\"\n nvidia-topologyd\n}\n\n_prepare() {\n if [ \"${DRIVER_TYPE}\" = \"vgpu\" ]; then\n _find_vgpu_driver_version || exit 1\n fi\n\n # Install the userspace components and copy the kernel module sources.\n sh NVIDIA-Linux-$DRIVER_ARCH-$DRIVER_VERSION.run -x && \\\n cd NVIDIA-Linux-$DRIVER_ARCH-$DRIVER_VERSION && \\\n sh /tmp/install.sh nvinstall && \\\n mkdir -p /usr/src/nvidia-$DRIVER_VERSION && \\\n mv LICENSE mkprecompiled ${KERNEL_TYPE} /usr/src/nvidia-$DRIVER_VERSION && \\\n sed '9,${/^\\(kernel\\|LICENSE\\)/!d}' .manifest > /usr/src/nvidia-$DRIVER_VERSION/.manifest\n\n echo -e \"\\n========== NVIDIA Software Installer ==========\\n\"\n echo -e \"Starting installation of NVIDIA driver version ${DRIVER_VERSION} for Linux kernel version ${KERNEL_VERSION}\\n\"\n}\n\n_prepare_exclusive() {\n _prepare\n\n exec 3> ${PID_FILE}\n if ! flock -n 3; then\n echo \"An instance of the NVIDIA driver is already running, aborting\"\n exit 1\n fi\n echo $$ >&3\n\n trap \"echo 'Caught signal'; exit 1\" HUP INT QUIT PIPE TERM\n trap \"_shutdown\" EXIT\n\n _unload_driver || exit 1\n _unmount_rootfs\n}\n\n_build() {\n # Install dependencies\n if _kernel_requires_package; then\n _update_package_cache\n _install_prerequisites\n _create_driver_package\n #_remove_prerequisites\n _cleanup_package_cache\n fi\n\n # Build the driver\n _install_driver\n}\n\n_load() {\n _load_driver\n _mount_rootfs\n _write_kernel_update_hook\n\n echo \"Done, now waiting for signal\"\n sleep infinity &\n trap \"echo 'Caught signal'; _shutdown && { kill $!; exit 0; }\" HUP INT QUIT PIPE TERM\n trap - EXIT\n while true; do wait $! || continue; done\n exit 0\n}\n\ninit() {\n _prepare_exclusive\n\n _build\n\n _load\n}\n\nbuild() {\n _prepare\n\n _build\n}\n\nload() {\n _prepare_exclusive\n\n _load\n}\n\nupdate() {\n exec 3>&2\n if exec 2> /dev/null 4< ${PID_FILE}; then\n if ! flock -n 4 && read pid <&4 && kill -0 \"${pid}\"; then\n exec > >(tee -a \"/proc/${pid}/fd/1\")\n exec 2> >(tee -a \"/proc/${pid}/fd/2\" >&3)\n else\n exec 2>&3\n fi\n exec 4>&-\n fi\n exec 3>&-\n\n # vgpu driver version is chosen dynamically during runtime, so pre-compile modules for\n # only non-vgpu driver types\n if [ \"${DRIVER_TYPE}\" != \"vgpu\" ]; then\n # Install the userspace components and copy the kernel module sources.\n if [ ! -e /usr/src/nvidia-${DRIVER_VERSION}/mkprecompiled ]; then\n sh NVIDIA-Linux-$DRIVER_ARCH-$DRIVER_VERSION.run -x && \\\n cd NVIDIA-Linux-$DRIVER_ARCH-$DRIVER_VERSION && \\\n sh /tmp/install.sh nvinstall && \\\n mkdir -p /usr/src/nvidia-$DRIVER_VERSION && \\\n mv LICENSE mkprecompiled ${KERNEL_TYPE} /usr/src/nvidia-$DRIVER_VERSION && \\\n sed '9,${/^\\(kernel\\|LICENSE\\)/!d}' .manifest > /usr/src/nvidia-$DRIVER_VERSION/.manifest\n fi\n fi\n\n echo -e \"\\n========== NVIDIA Software Updater ==========\\n\"\n echo -e \"Starting update of NVIDIA driver version ${DRIVER_VERSION} for Linux kernel version ${KERNEL_VERSION}\\n\"\n\n trap \"echo 'Caught signal'; exit 1\" HUP INT QUIT PIPE TERM\n\n _update_package_cache\n _resolve_kernel_version || exit 1\n _install_prerequisites\n if _kernel_requires_package; then\n _create_driver_package\n fi\n _remove_prerequisites\n _cleanup_package_cache\n\n echo \"Done\"\n exit 0\n}\n\n# Wait for MOFED drivers to be loaded and load nvidia-peermem whenever it gets unloaded during MOFED driver updates\nreload_nvidia_peermem() {\n if [ \"$USE_HOST_MOFED\" = \"true\" ]; then\n until lsmod | grep mlx5_core > /dev/null 2>&1 && [ -f /run/nvidia/validations/.driver-ctr-ready ];\n do\n echo \"waiting for mellanox ofed and nvidia drivers to be installed\"\n sleep 10\n done\n else\n # use driver readiness flag created by MOFED container\n until [ -f /run/mellanox/drivers/.driver-ready ] && [ -f /run/nvidia/validations/.driver-ctr-ready ];\n do\n echo \"waiting for mellanox ofed and nvidia drivers to be installed\"\n sleep 10\n done\n fi\n # get any parameters provided for nvidia-peermem\n _get_module_params && set +o nounset\n if chroot /run/nvidia/driver modprobe nvidia-peermem \"${NVIDIA_PEERMEM_MODULE_PARAMS[@]}\"; then\n if [ -f /sys/module/nvidia_peermem/refcnt ]; then\n echo \"successfully loaded nvidia-peermem module, now waiting for signal\"\n sleep inf\n trap \"echo 'Caught signal'; exit 1\" HUP INT QUIT PIPE TERM\n fi\n fi\n echo \"failed to load nvidia-peermem module\"\n exit 1\n}\n\n# probe by gpu-operator for liveness/startup checks for nvidia-peermem module to be loaded when MOFED drivers are ready\nprobe_nvidia_peermem() {\n if lsmod | grep mlx5_core > /dev/null 2>&1; then\n if [ ! -f /sys/module/nvidia_peermem/refcnt ]; then\n echo \"nvidia-peermem module is not loaded\"\n return 1\n fi\n else\n echo \"MOFED drivers are not ready, skipping probe to avoid container restarts...\"\n fi\n return 0\n}\n\nusage() {\n cat >&2 <<EOF\nUsage: $0 COMMAND [ARG...]\n\nCommands:\n init [-a | --accept-license] [-m | --max-threads MAX_THREADS]\n build [-a | --accept-license] [-m | --max-threads MAX_THREADS]\n load\n update [-k | --kernel VERSION] [-s | --sign KEYID] [-t | --tag TAG] [-m | --max-threads MAX_THREADS]\nEOF\n exit 1\n}\n\nif [ $# -eq 0 ]; then\n usage\nfi\ncommand=$1; shift\ncase \"${command}\" in\n init) options=$(getopt -l accept-license,max-threads: -o am: -- \"$@\") ;;\n build) options=$(getopt -l accept-license,tag:,max-threads: -o a:t:m: -- \"$@\") ;;\n load) options=\"\" ;;\n update) options=$(getopt -l kernel:,sign:,tag:,max-threads: -o k:s:t:m: -- \"$@\") ;;\n reload_nvidia_peermem) options=\"\" ;;\n probe_nvidia_peermem) options=\"\" ;;\n *) usage ;;\nesac\nif [ $? -ne 0 ]; then\n usage\nfi\neval set -- \"${options}\"\n\nACCEPT_LICENSE=\"\"\nMAX_THREADS=\"\"\nKERNEL_VERSION=$(uname -r)\nPRIVATE_KEY=\"\"\nPACKAGE_TAG=\"\"\n\nfor opt in ${options}; do\n case \"$opt\" in\n -a | --accept-license) ACCEPT_LICENSE=\"yes\"; shift 1 ;;\n -k | --kernel) KERNEL_VERSION=$2; shift 2 ;;\n -m | --max-threads) MAX_THREADS=$2; shift 2 ;;\n -s | --sign) PRIVATE_KEY=$2; shift 2 ;;\n -t | --tag) PACKAGE_TAG=$2; shift 2 ;;\n --) shift; break ;;\n esac\ndone\nif [ $# -ne 0 ]; then\n usage\nfi\n\n_resolve_rhel_version || exit 1\n\n$command\n
\u4f7f\u7528\u5b98\u65b9\u7684\u955c\u50cf\u6765\u4e8c\u6b21\u6784\u5efa\u81ea\u5b9a\u4e49\u955c\u50cf\uff0c\u5982\u4e0b\u662f\u4e00\u4e2a Dockerfile
\u6587\u4ef6\u7684\u5185\u5bb9\uff1a
FROM nvcr.io/nvidia/driver:535.183.06-rhel9.2\nCOPY nvidia-driver /usr/local/bin\nRUN chmod +x /usr/local/bin/nvidia-driver\nCMD [\"/bin/bash\", \"-c\"]\n
\u6784\u5efa\u547d\u4ee4\u5e76\u63a8\u9001\u5230\u706b\u79cd\u96c6\u7fa4\uff1a
docker build -t {\u706b\u79cdregistry}/nvcr.m.daocloud.io/nvidia/driver:535.183.06-01-rhel9.2 -f Dockerfile .\ndocker push {\u706b\u79cdregistry}/nvcr.m.daocloud.io/nvidia/driver:535.183.06-01-rhel9.2\n
"},{"location":"admin/kpanda/gpu/nvidia/rhel9.2_offline_install_driver.html#_2","title":"\u5b89\u88c5\u9a71\u52a8","text":"driver.version=535.183.06-01
\u524d\u63d0\u6761\u4ef6\uff1a\u5df2\u5b89\u88c5 gpu-operator v23.9.0+2 \u53ca\u66f4\u9ad8\u7248\u672c
"},{"location":"admin/kpanda/gpu/nvidia/ubuntu22.04_offline_install_driver.html#_1","title":"\u51c6\u5907\u79bb\u7ebf\u955c\u50cf","text":"\u67e5\u770b\u5185\u6838\u7248\u672c
$ uname -r\n5.15.0-78-generic\n
\u67e5\u770b\u5185\u6838\u5bf9\u5e94\u7684 GPU Driver \u955c\u50cf\u7248\u672c\uff0c https://catalog.ngc.nvidia.com/orgs/nvidia/containers/driver/tags
\u3002 \u4f7f\u7528\u5185\u6838\u67e5\u8be2\u955c\u50cf\u7248\u672c\uff0c\u901a\u8fc7 ctr export
\u4fdd\u5b58\u955c\u50cf\u3002
ctr i pull nvcr.io/nvidia/driver:535-5.15.0-78-generic-ubuntu22.04\nctr i export --all-platforms driver.tar.gz nvcr.io/nvidia/driver:535-5.15.0-78-generic-ubuntu22.04 \n
\u628a\u955c\u50cf\u5bfc\u5165\u5230\u706b\u79cd\u96c6\u7fa4\u7684\u955c\u50cf\u4ed3\u5e93\u4e2d
ctr i import driver.tar.gz\nctr i tag nvcr.io/nvidia/driver:535-5.15.0-78-generic-ubuntu22.04 {\u706b\u79cdregistry}/nvcr.m.daocloud.io/nvidia/driver:535-5.15.0-78-generic-ubuntu22.04\nctr i push {\u706b\u79cdregistry}/nvcr.m.daocloud.io/nvidia/driver:535-5.15.0-78-generic-ubuntu22.04 --skip-verify=true\n
driver.usePrecompiled=true
,\u5e76\u8bbe\u7f6e driver.version=535
\uff0c\u8fd9\u91cc\u8981\u6ce8\u610f\uff0c\u5199\u7684\u662f 535\uff0c\u4e0d\u662f 535.104.12\u3002\uff08\u975e\u9884\u7f16\u8bd1\u6a21\u5f0f\u8df3\u8fc7\u6b64\u6b65\uff0c\u76f4\u63a5\u5b89\u88c5\u5373\u53ef\uff09\u5f53\u5de5\u4f5c\u8282\u70b9\u7684\u5185\u6838\u7248\u672c\u4e0e\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u7684\u63a7\u5236\u8282\u70b9\u5185\u6838\u7248\u672c\u6216 OS \u7c7b\u578b\u4e0d\u4e00\u81f4\u65f6\uff0c\u9700\u8981\u7528\u6237\u624b\u52a8\u6784\u5efa\u79bb\u7ebf yum \u6e90\u3002
\u672c\u6587\u4ecb\u7ecd\u5982\u4f55\u6784\u5efa\u79bb\u7ebf yum \u6e90\uff0c \u5e76\u5728\u5b89\u88c5 Gpu Operator \u65f6\uff0c\u901a\u8fc7 RepoConfig.ConfigMapName
\u53c2\u6570\u6765\u4f7f\u7528\u3002
\u672c\u6587\u4ee5\u5185\u6838\u7248\u672c\u4e3a 3.10.0-1160.95.1.el7.x86_64
\u7684 CentOS 7.9 \u8282\u70b9\u4e3a\u4f8b\uff0c\u4ecb\u7ecd\u5982\u4f55\u6784\u5efa GPU operator \u79bb\u7ebf\u5305\u7684 yum \u6e90\u3002
\u5206\u522b\u5728\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u7684\u63a7\u5236\u8282\u70b9\u548c\u5f85\u90e8\u7f72 GPU Operator \u7684\u8282\u70b9\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u82e5\u4e24\u4e2a\u8282\u70b9\u7684 OS \u548c\u5185\u6838\u7248\u672c\u4e00\u81f4\u5219\u65e0\u9700\u6784\u5efa yum \u6e90\uff0c \u53ef\u53c2\u8003\u79bb\u7ebf\u5b89\u88c5 GPU Operator \u6587\u6863\u76f4\u63a5\u5b89\u88c5\uff1b\u82e5\u4e24\u4e2a\u8282\u70b9\u7684 OS \u6216\u5185\u6838\u7248\u672c\u4e0d\u4e00\u81f4\uff0c\u8bf7\u6267\u884c\u4e0b\u4e00\u6b65\u3002
\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u67e5\u770b\u96c6\u7fa4\u4e0b\u5f85\u90e8\u7f72 GPU Operator \u8282\u70b9\u7684\u53d1\u884c\u7248\u540d\u79f0\u548c\u7248\u672c\u53f7\u3002
cat /etc/redhat-release\n
\u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a
CentOS Linux release 7.9 (Core)\n
\u8f93\u51fa\u7ed3\u679c\u4e3a\u5f53\u524d\u8282\u70b9\u5185\u6838\u7248\u672c CentOS 7.9
\u3002
\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u67e5\u770b\u96c6\u7fa4\u4e0b\u5f85\u90e8\u7f72 GPU Operator \u8282\u70b9\u7684\u5185\u6838\u7248\u672c\u3002
uname -a\n
\u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a
Linux localhost.localdomain 3.10.0-1160.95.1.el7.x86_64 #1 SMP Mon Oct 19 16:18:59 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux\n
\u8f93\u51fa\u7ed3\u679c\u4e3a\u5f53\u524d\u8282\u70b9\u5185\u6838\u7248\u672c 3.10.0-1160.el7.x86_64
\u3002
\u5728\u4e00\u4e2a\u80fd\u591f\u8bbf\u95ee\u4e92\u8054\u7f51\u548c\u6587\u4ef6\u670d\u52a1\u5668\u7684\u8282\u70b9\u4e0a\u8fdb\u884c\u64cd\u4f5c\u3002
\u5728\u4e00\u4e2a\u80fd\u591f\u8bbf\u95ee\u4e92\u8054\u7f51\u548c\u6587\u4ef6\u670d\u52a1\u5668\u7684\u8282\u70b9\u4e0a\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u65b0\u5efa\u4e00\u4e2a\u540d\u4e3a yum.sh \u7684\u811a\u672c\u6587\u4ef6\u3002
vi yum.sh\n
\u7136\u540e\u6309\u4e0b i \u952e\u8fdb\u5165\u63d2\u5165\u6a21\u5f0f\uff0c\u8f93\u5165\u4ee5\u4e0b\u5185\u5bb9\uff1a
export TARGET_KERNEL_VERSION=$1\n\ncat >> run.sh << \\EOF\n#! /bin/bash\necho \"start install kernel repo\"\necho ${KERNEL_VERSION}\nmkdir centos-base\n\nif [ \"$OS\" -eq 7 ]; then\n yum install --downloadonly --downloaddir=./centos-base perl\n yum install --downloadonly --downloaddir=./centos-base elfutils-libelf.x86_64\n yum install --downloadonly --downloaddir=./redhat-base elfutils-libelf-devel.x86_64\n yum install --downloadonly --downloaddir=./centos-base kernel-headers-${KERNEL_VERSION}.el7.x86_64\n yum install --downloadonly --downloaddir=./centos-base kernel-devel-${KERNEL_VERSION}.el7.x86_64\n yum install --downloadonly --downloaddir=./centos-base kernel-${KERNEL_VERSION}.el7.x86_64\n yum install -y --downloadonly --downloaddir=./centos-base groff-base\nelif [ \"$OS\" -eq 8 ]; then\n yum install --downloadonly --downloaddir=./centos-base perl\n yum install --downloadonly --downloaddir=./centos-base elfutils-libelf.x86_64\n yum install --downloadonly --downloaddir=./redhat-base elfutils-libelf-devel.x86_64\n yum install --downloadonly --downloaddir=./centos-base kernel-headers-${KERNEL_VERSION}.el8.x86_64\n yum install --downloadonly --downloaddir=./centos-base kernel-devel-${KERNEL_VERSION}.el8.x86_64\n yum install --downloadonly --downloaddir=./centos-base kernel-${KERNEL_VERSION}.el8.x86_64\n yum install -y --downloadonly --downloaddir=./centos-base groff-base\nelse\n echo \"Error os version\"\nfi\n\ncreaterepo centos-base/\nls -lh centos-base/\ntar -zcf centos-base.tar.gz centos-base/\necho \"end install kernel repo\"\nEOF\n\ncat >> Dockerfile << EOF\nFROM centos:7\nENV KERNEL_VERSION=\"\"\nENV OS=7\nRUN yum install -y createrepo\nCOPY run.sh .\nENTRYPOINT [\"/bin/bash\",\"run.sh\"]\nEOF\n\ndocker build -t test:v1 -f Dockerfile .\ndocker run -e KERNEL_VERSION=$TARGET_KERNEL_VERSION --name centos7.9 test:v1\ndocker cp centos7.9:/centos-base.tar.gz .\ntar -xzf centos-base.tar.gz\n
\u6309\u4e0b esc \u952e\u9000\u51fa\u63d2\u5165\u6a21\u5f0f\uff0c\u7136\u540e\u8f93\u5165 __ :wq__ \u4fdd\u5b58\u5e76\u9000\u51fa\u3002
\u8fd0\u884c yum.sh \u6587\u4ef6\uff1a
bash -x yum.sh TARGET_KERNEL_VERSION\n
TARGET_KERNEL_VERSION
\u53c2\u6570\u7528\u4e8e\u6307\u5b9a\u96c6\u7fa4\u8282\u70b9\u7684\u5185\u6838\u7248\u672c\uff0c\u6ce8\u610f\uff1a\u53d1\u884c\u7248\u6807\u8bc6\u7b26\uff08\u5982 __ .el7.x86_64 __ \uff09\u65e0\u9700\u8f93\u5165\u3002 \u4f8b\u5982\uff1a
bash -x yum.sh 3.10.0-1160.95.1\n
\u81f3\u6b64\uff0c\u60a8\u5df2\u7ecf\u751f\u6210\u4e86\u5185\u6838\u4e3a 3.10.0-1160.95.1.el7.x86_64 \u7684\u79bb\u7ebf\u7684 yum \u6e90\uff1a centos-base \u3002
"},{"location":"admin/kpanda/gpu/nvidia/upgrade_yum_source_centos7_9.html#yum_1","title":"\u4e0a\u4f20\u79bb\u7ebf yum \u6e90\u5230\u6587\u4ef6\u670d\u52a1\u5668","text":"\u5728\u4e00\u4e2a\u80fd\u591f\u8bbf\u95ee\u4e92\u8054\u7f51\u548c\u6587\u4ef6\u670d\u52a1\u5668\u7684\u8282\u70b9\u4e0a\u8fdb\u884c\u64cd\u4f5c\u3002\u4e3b\u8981\u7528\u4e8e\u5c06\u4e0a\u4e00\u6b65\u4e2d\u751f\u6210\u7684 yum \u6e90\u4e0a\u4f20\u5230\u53ef\u4ee5\u88ab\u5f85\u90e8\u7f72 GPU Operator \u7684\u96c6\u7fa4\u8fdb\u884c\u8bbf\u95ee\u7684\u6587\u4ef6\u670d\u52a1\u5668\u4e2d\u3002 \u6587\u4ef6\u670d\u52a1\u5668\u53ef\u4ee5\u4e3a Nginx \u3001 Minio \u6216\u5176\u5b83\u652f\u6301 Http \u534f\u8bae\u7684\u6587\u4ef6\u670d\u52a1\u5668\u3002
\u672c\u64cd\u4f5c\u793a\u4f8b\u91c7\u7528\u7684\u662f\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u706b\u79cd\u8282\u70b9\u5185\u7f6e\u7684 Minio \u4f5c\u4e3a\u6587\u4ef6\u670d\u52a1\u5668\uff0cMinio \u76f8\u5173\u4fe1\u606f\u5982\u4e0b\uff1a
http://10.5.14.200:9000\uff08\u4e00\u822c\u4e3a{\u706b\u79cd\u8282\u70b9 IP} + {9000 \u7aef\u53e3}\uff09
\u767b\u5f55\u5bc6\u7801\uff1arootpass123
\u5728\u8282\u70b9\u5f53\u524d\u8def\u5f84\u4e0b\uff0c\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u5c06\u8282\u70b9\u672c\u5730 mc \u547d\u4ee4\u884c\u5de5\u5177\u548c minio \u670d\u52a1\u5668\u5efa\u7acb\u94fe\u63a5\u3002
mc config host add minio http://10.5.14.200:9000 rootuser rootpass123\n
\u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a
Added `minio` successfully.\n
mc \u547d\u4ee4\u884c\u5de5\u5177\u662f Minio \u6587\u4ef6\u670d\u52a1\u5668\u63d0\u4f9b\u7684\u5ba2\u6237\u7aef\u547d\u4ee4\u884c\u5de5\u5177\uff0c\u8be6\u60c5\u8bf7\u53c2\u8003\uff1a MinIO Client\u3002
\u5728\u8282\u70b9\u5f53\u524d\u8def\u5f84\u4e0b\uff0c\u65b0\u5efa\u4e00\u4e2a\u540d\u4e3a centos-base \u7684\u5b58\u50a8\u6876\uff08bucket\uff09\u3002
mc mb -p minio/centos-base\n
\u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a
Bucket created successfully __minio/centos-base__ .\n
\u5c06\u5b58\u50a8\u6876 centos-base \u7684\u8bbf\u95ee\u7b56\u7565\u8bbe\u7f6e\u4e3a\u5141\u8bb8\u516c\u5f00\u4e0b\u8f7d\u3002\u4ee5\u4fbf\u5728\u540e\u671f\u5b89\u88c5 GPU-operator \u65f6\u80fd\u591f\u88ab\u8bbf\u95ee\u3002
mc anonymous set download minio/centos-base\n
\u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a
Access permission for `minio/centos-base` is set to `download` \n
\u5728\u8282\u70b9\u5f53\u524d\u8def\u5f84\u4e0b\uff0c\u5c06\u6b65\u9aa4\u4e8c\u751f\u6210\u7684\u79bb\u7ebf yum \u6e90\u6587\u4ef6 centos-base \u590d\u5236\u5230 minio \u670d\u52a1\u5668\u7684 minio/centos-base \u5b58\u50a8\u6876\u4e2d\u3002
mc cp centos-base minio/centos-base --recursive\n
\u5728\u5f85\u90e8\u7f72 GPU Operator \u96c6\u7fa4\u7684\u63a7\u5236\u8282\u70b9\u4e0a\u8fdb\u884c\u64cd\u4f5c\u3002
\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u521b\u5efa\u540d\u4e3a CentOS-Base.repo \u7684\u6587\u4ef6\uff0c\u7528\u6765\u6307\u5b9a yum \u6e90\u5b58\u50a8\u7684\u914d\u7f6e\u4fe1\u606f\u3002
# \u6587\u4ef6\u540d\u79f0\u5fc5\u987b\u4e3a CentOS-Base.repo\uff0c\u5426\u5219\u5b89\u88c5 gpu-operator \u65f6\u65e0\u6cd5\u88ab\u8bc6\u522b\ncat > CentOS-Base.repo << EOF\n[extension-0]\nbaseurl = http://10.5.14.200:9000/centos-base/centos-base #\u6b65\u9aa4\u4e09\u4e2d\uff0c\u653e\u7f6e yum \u6e90\u7684\u6587\u4ef6\u670d\u52a1\u5668\u5730\u5740\ngpgcheck = 0\nname = kubean extension 0\n\n[extension-1]\nbaseurl = http://10.5.14.200:9000/centos-base/centos-base #\u6b65\u9aa4\u4e09\u4e2d\uff0c\u653e\u7f6e yum \u6e90\u7684\u6587\u4ef6\u670d\u52a1\u5668\u5730\u5740\ngpgcheck = 0\nname = kubean extension 1\nEOF\n
\u57fa\u4e8e\u521b\u5efa\u7684 CentOS-Base.repo \u6587\u4ef6\uff0c\u5728 gpu-operator \u547d\u540d\u7a7a\u95f4\u4e0b\uff0c\u521b\u5efa\u540d\u4e3a local-repo-config \u7684\u914d\u7f6e\u6587\u4ef6\uff1a
kubectl create configmap local-repo-config -n gpu-operator --from-file=CentOS-Base.repo=/etc/yum.repos.d/extension.repo\n
\u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a
configmap/local-repo-config created\n
local-repo-config \u914d\u7f6e\u6587\u4ef6\u7528\u4e8e\u5728\u5b89\u88c5 gpu-operator \u65f6\uff0c\u63d0\u4f9b RepoConfig.ConfigMapName
\u53c2\u6570\u7684\u503c\uff0c\u914d\u7f6e\u6587\u4ef6\u540d\u79f0\u7528\u6237\u53ef\u81ea\u5b9a\u4e49\u3002
\u67e5\u770b local-repo-config \u7684\u914d\u7f6e\u6587\u4ef6\u7684\u5185\u5bb9\uff1a
kubectl get configmap local-repo-config -n gpu-operator -oyaml\n
\u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a
apiVersion: v1\ndata:\nCentOS-Base.repo: \"[extension-0]\\nbaseurl = http://10.6.232.5:32618/centos-base#\u6b65\u9aa4\u4e8c\u4e2d\uff0c\u653e\u7f6e yum \u6e90\u7684\u6587\u4ef6\u670d\u52a1\u5668\u8def\u5f84\\ngpgcheck = 0\\nname = kubean extension 0\\n \\n[extension-1]\\nbaseurl\n = http://10.6.232.5:32618/centos-base #\u6b65\u9aa4\u4e8c\u4e2d\uff0c\u653e\u7f6e yum \u6e90\u7684\u6587\u4ef6\u670d\u52a1\u5668\u8def\u5f84\\ngpgcheck = 0\\nname\n = kubean extension 1\\n\"\nkind: ConfigMap\nmetadata:\ncreationTimestamp: \"2023-10-18T01:59:02Z\"\nname: local-repo-config\nnamespace: gpu-operator\nresourceVersion: \"59445080\"\nuid: c5f0ebab-046f-442c-b932-f9003e014387\n
\u81f3\u6b64\uff0c\u60a8\u5df2\u6210\u529f\u4e3a\u5f85\u90e8\u7f72 GPU Operator \u7684\u96c6\u7fa4\u521b\u5efa\u4e86\u79bb\u7ebf yum \u6e90\u914d\u7f6e\u6587\u4ef6\u3002 \u901a\u8fc7\u5728\u79bb\u7ebf\u5b89\u88c5 GPU Operator \u65f6\u901a\u8fc7 RepoConfig.ConfigMapName
\u53c2\u6570\u6765\u4f7f\u7528\u3002
\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u9884\u7f6e\u4e86 CentOS 7.9\uff0c\u5185\u6838\u4e3a 3.10.0-1160 \u7684 GPU operator \u79bb\u7ebf\u5305\u3002\u5176\u5b83 OS \u7c7b\u578b\u7684\u8282\u70b9\u6216\u5185\u6838\u9700\u8981\u7528\u6237\u624b\u52a8\u6784\u5efa\u79bb\u7ebf yum \u6e90\u3002
\u672c\u6587\u4ecb\u7ecd\u5982\u4f55\u57fa\u4e8e\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4efb\u610f\u8282\u70b9\u6784\u5efa Red Hat 8.4 \u79bb\u7ebf yum \u6e90\u5305\uff0c\u5e76\u5728\u5b89\u88c5 Gpu Operator \u65f6\uff0c\u901a\u8fc7 RepoConfig.ConfigMapName
\u53c2\u6570\u6765\u4f7f\u7528\u3002
\u672c\u6587\u4ee5 Red Hat 8.4 4.18.0-305.el8.x86_64 \u8282\u70b9\u4e3a\u4f8b\uff0c\u4ecb\u7ecd\u5982\u4f55\u57fa\u4e8e\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4efb\u610f\u8282\u70b9\u6784\u5efa Red Hat 8.4 \u79bb\u7ebf yum \u6e90\u5305\uff0c \u5e76\u5728\u5b89\u88c5 Gpu Operator \u65f6\uff0c\u901a\u8fc7 RepoConfig.ConfigMapName
\u53c2\u6570\u6765\u4f7f\u7528\u3002
\u4ee5\u4e0b\u64cd\u4f5c\u5728\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u7684 master \u8282\u70b9\u4e0a\u6267\u884c\u3002
\u4f7f\u7528 ssh \u6216\u5176\u5b83\u65b9\u5f0f\u8fdb\u5165\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u5185\u4efb\u4e00\u8282\u70b9\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff1a
cat /etc/yum.repos.d/extension.repo #\u67e5\u770b extension.repo \u4e2d\u7684\u5185\u5bb9\n
\u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a
[extension-0]\nbaseurl = http://10.5.14.200:9000/kubean/redhat/$releasever/os/$basearch\ngpgcheck = 0\nname = kubean extension 0\n\n[extension-1]\nbaseurl = http://10.5.14.200:9000/kubean/redhat-iso/$releasever/os/$basearch/AppStream\ngpgcheck = 0\nname = kubean extension 1\n\n[extension-2]\nbaseurl = http://10.5.14.200:9000/kubean/redhat-iso/$releasever/os/$basearch/BaseOS\ngpgcheck = 0\nname = kubean extension 2\n
\u5728 root \u8def\u5f84\u4e0b\u65b0\u5efa\u4e00\u4e2a\u540d\u4e3a redhat-base-repo \u7684\u6587\u4ef6\u5939
mkdir redhat-base-repo\n
\u4e0b\u8f7d yum \u6e90\u4e2d\u7684 rpm \u5305\u5230\u672c\u5730\uff1a
yum install yum-utils\n
\u4e0b\u8f7d extension-1 \u4e2d\u7684 rpm \u5305\uff1a
reposync -p redhat-base-repo -n --repoid=extension-1\n
\u4e0b\u8f7d extension-2 \u4e2d\u7684 rpm \u5305\uff1a
reposync -p redhat-base-repo -n --repoid=extension-2\n
\u4ee5\u4e0b\u64cd\u4f5c\u5728\u8054\u7f51\u8282\u70b9\u6267\u884c\u64cd\u4f5c\uff0c\u5728\u64cd\u4f5c\u524d\uff0c\u60a8\u9700\u8981\u4fdd\u8bc1\u8054\u7f51\u8282\u70b9\u548c\u5168\u5c40\u670d\u52a1\u96c6\u7fa4 master \u8282\u70b9\u95f4\u7684\u7f51\u7edc\u8054\u901a\u6027\u3002
\u5728\u8054\u7f51\u8282\u70b9\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u4e0b\u8f7d elfutils-libelf-devel-0.187-4.el8.x86_64.rpm \u5305\uff1a
wget https://rpmfind.net/linux/centos/8-stream/BaseOS/x86_64/os/Packages/elfutils-libelf-devel-0.187-4.el8.x86_64.rpm\n
\u5728\u5f53\u524d\u76ee\u5f55\u4e0b\u5c06 elfutils-libelf-devel-0.187-4.el8.x86_64.rpm \u5305\u4f20\u8f93\u81f3\u6b65\u9aa4\u4e00\u4e2d\u7684\u8282\u70b9\u4e0a\uff1a
scp elfutils-libelf-devel-0.187-4.el8.x86_64.rpm user@ip:~/redhat-base-repo/extension-2/Packages/\n
\u4f8b\u5982\uff1a
scp elfutils-libelf-devel-0.187-4.el8.x86_64.rpm root@10.6.175.10:~/redhat-base-repo/extension-2/Packages/\n
\u4ee5\u4e0b\u64cd\u4f5c\u5728\u6b65\u9aa4\u4e00\u4e2d\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u7684 master \u8282\u70b9\u4e0a\u6267\u884c\u3002
\u8fdb\u5165 yum repo \u76ee\u5f55\uff1a
cd ~/redhat-base-repo/extension-1/Packages\ncd ~/redhat-base-repo/extension-2/Packages\n
\u751f\u6210\u76ee\u5f55 repo \u7d22\u5f15\uff1a
yum install createrepo -y # \u82e5\u5df2\u5b89\u88c5 createrepo \u53ef\u7701\u7565\u6b64\u6b65\u9aa4\ncreaterepo_c ./\n
\u81f3\u6b64\uff0c\u60a8\u5df2\u7ecf\u751f\u6210\u4e86\u5185\u6838\u4e3a 4.18.0-305.el8.x86_64
\u7684\u79bb\u7ebf\u7684 yum \u6e90\uff1a redhat-base-repo \u3002
\u672c\u64cd\u4f5c\u793a\u4f8b\u91c7\u7528\u7684\u662f\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u706b\u79cd\u8282\u70b9\u5185\u7f6e\u7684 Minio \u4f5c\u4e3a\u6587\u4ef6\u670d\u52a1\u5668\uff0c\u7528\u6237\u53ef\u57fa\u4e8e\u81ea\u8eab\u60c5\u51b5\u9009\u62e9\u6587\u4ef6\u670d\u52a1\u5668\u3002Minio \u76f8\u5173\u4fe1\u606f\u5982\u4e0b\uff1a
http://10.5.14.200:9000\uff08\u4e00\u822c\u4e3a{\u706b\u79cd\u8282\u70b9 IP} + {9000 \u7aef\u53e3}\uff09
\u767b\u5f55\u5bc6\u7801\uff1arootpass123
\u5728\u8282\u70b9\u5f53\u524d\u8def\u5f84\u4e0b\uff0c\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u5c06\u8282\u70b9\u672c\u5730 mc \u547d\u4ee4\u884c\u5de5\u5177\u548c minio \u670d\u52a1\u5668\u5efa\u7acb\u94fe\u63a5\u3002
mc config host add minio \u6587\u4ef6\u670d\u52a1\u5668\u8bbf\u95ee\u5730\u5740 \u7528\u6237\u540d \u5bc6\u7801\n
\u4f8b\u5982\uff1a
mc config host add minio http://10.5.14.200:9000 rootuser rootpass123\n
\u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a
Added `minio` successfully.\n
mc \u547d\u4ee4\u884c\u5de5\u5177\u662f Minio \u6587\u4ef6\u670d\u52a1\u5668\u63d0\u4f9b\u7684\u5ba2\u6237\u7aef\u547d\u4ee4\u884c\u5de5\u5177\uff0c\u8be6\u60c5\u8bf7\u53c2\u8003\uff1a MinIO Client\u3002
\u5728\u8282\u70b9\u5f53\u524d\u8def\u5f84\u4e0b\uff0c\u65b0\u5efa\u4e00\u4e2a\u540d\u4e3a redhat-base \u7684\u5b58\u50a8\u6876(bucket)\u3002
mc mb -p minio/redhat-base\n
\u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a
Bucket created successfully `minio/redhat-base`.\n
\u5c06\u5b58\u50a8\u6876 redhat-base \u7684\u8bbf\u95ee\u7b56\u7565\u8bbe\u7f6e\u4e3a\u5141\u8bb8\u516c\u5f00\u4e0b\u8f7d\u3002\u4ee5\u4fbf\u5728\u540e\u671f\u5b89\u88c5 GPU-operator \u65f6\u80fd\u591f\u88ab\u8bbf\u95ee\u3002
mc anonymous set download minio/redhat-base\n
\u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a
Access permission for `minio/redhat-base` is set to `download` \n
\u5728\u8282\u70b9\u5f53\u524d\u8def\u5f84\u4e0b\uff0c\u5c06\u6b65\u9aa4\u4e8c\u751f\u6210\u7684\u79bb\u7ebf yum \u6e90\u6587\u4ef6 redhat-base-repo \u590d\u5236\u5230 minio \u670d\u52a1\u5668\u7684 minio/redhat-base \u5b58\u50a8\u6876\u4e2d\u3002
mc cp redhat-base-repo minio/redhat-base --recursive\n
\u672c\u6b65\u9aa4\u5728\u5f85\u90e8\u7f72 GPU Operator \u96c6\u7fa4\u7684\u63a7\u5236\u8282\u70b9\u4e0a\u8fdb\u884c\u64cd\u4f5c\u3002
\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u521b\u5efa\u540d\u4e3a redhat.repo \u7684\u6587\u4ef6\uff0c\u7528\u6765\u6307\u5b9a yum \u6e90\u5b58\u50a8\u7684\u914d\u7f6e\u4fe1\u606f\u3002
# \u6587\u4ef6\u540d\u79f0\u5fc5\u987b\u4e3a redhat.repo\uff0c\u5426\u5219\u5b89\u88c5 gpu-operator \u65f6\u65e0\u6cd5\u88ab\u8bc6\u522b\ncat > redhat.repo << EOF\n[extension-0]\nbaseurl = http://10.5.14.200:9000/redhat-base/redhat-base-repo/Packages #\u6b65\u9aa4\u4e00\u4e2d\uff0c\u653e\u7f6e yum \u6e90\u7684\u6587\u4ef6\u670d\u52a1\u5668\u5730\u5740\ngpgcheck = 0\nname = kubean extension 0\n\n[extension-1]\nbaseurl = http://10.5.14.200:9000/redhat-base/redhat-base-repo/Packages #\u6b65\u9aa4\u4e00\u4e2d\uff0c\u653e\u7f6e yum \u6e90\u7684\u6587\u4ef6\u670d\u52a1\u5668\u5730\u5740\ngpgcheck = 0\nname = kubean extension 1\nEOF\n
\u57fa\u4e8e\u521b\u5efa\u7684 redhat.repo \u6587\u4ef6\uff0c\u5728 gpu-operator \u547d\u540d\u7a7a\u95f4\u4e0b\uff0c\u521b\u5efa\u540d\u4e3a local-repo-config \u7684\u914d\u7f6e\u6587\u4ef6\uff1a
kubectl create configmap local-repo-config -n gpu-operator --from-file=./redhat.repo \n
\u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a
configmap/local-repo-config created\n
local-repo-config \u914d\u7f6e\u6587\u4ef6\u7528\u4e8e\u5728\u5b89\u88c5 gpu-operator \u65f6\uff0c\u63d0\u4f9b RepoConfig.ConfigMapName
\u53c2\u6570\u7684\u503c\uff0c\u914d\u7f6e\u6587\u4ef6\u540d\u79f0\u7528\u6237\u53ef\u81ea\u5b9a\u4e49\u3002
\u67e5\u770b local-repo-config \u7684\u914d\u7f6e\u6587\u4ef6\u7684\u5185\u5bb9\uff1a
kubectl get configmap local-repo-config -n gpu-operator -oyaml\n
\u81f3\u6b64\uff0c\u60a8\u5df2\u6210\u529f\u4e3a\u5f85\u90e8\u7f72 GPU Operator \u7684\u96c6\u7fa4\u521b\u5efa\u4e86\u79bb\u7ebf yum \u6e90\u914d\u7f6e\u6587\u4ef6\u3002 \u901a\u8fc7\u5728\u79bb\u7ebf\u5b89\u88c5 GPU Operator \u65f6\u901a\u8fc7 RepoConfig.ConfigMapName
\u53c2\u6570\u6765\u4f7f\u7528\u3002
\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u9884\u7f6e\u4e86 CentOS 7.9\uff0c\u5185\u6838\u4e3a 3.10.0-1160 \u7684 GPU Operator \u79bb\u7ebf\u5305\u3002\u5176\u5b83 OS \u7c7b\u578b\u7684\u8282\u70b9\u6216\u5185\u6838\u9700\u8981\u7528\u6237\u624b\u52a8\u6784\u5efa\u79bb\u7ebf yum \u6e90\u3002
\u672c\u6587\u4ecb\u7ecd\u5982\u4f55\u57fa\u4e8e\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4efb\u610f\u8282\u70b9\u6784\u5efa Red Hat 7.9 \u79bb\u7ebf yum \u6e90\u5305\uff0c\u5e76\u5728\u5b89\u88c5 Gpu Operator \u65f6\u4f7f\u7528 RepoConfig.ConfigMapName
\u53c2\u6570\u3002
\u4e0b\u8f7d rhel7.9 ISO
\u4e0b\u8f7d\u4e0e Kubean \u7248\u672c\u5bf9\u5e94\u7684\u7684 rhel7.9 ospackage
\u5728 \u5bb9\u5668\u7ba1\u7406 \u7684\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4e2d\u627e\u5230 Helm \u5e94\u7528 \uff0c\u641c\u7d22 kubean\uff0c\u53ef\u67e5\u770b kubean \u7684\u7248\u672c\u53f7\u3002
\u5728 kubean\u7684\u4ee3\u7801\u4ed3\u5e93 \u4e2d\u4e0b\u8f7d\u8be5\u7248\u672c\u7684 rhel7.9 ospackage\u3002
\u901a\u8fc7\u5b89\u88c5\u5668\u5bfc\u5165\u79bb\u7ebf\u8d44\u6e90
\u70b9\u51fb\u67e5\u770b\u4e0b\u8f7d\u5730\u5740\u3002
"},{"location":"admin/kpanda/gpu/nvidia/yum_source_redhat7_9.html#3-red-hat-gpu-opreator","title":"3. \u5411\u706b\u79cd\u8282\u70b9\u4ed3\u5e93\u4e0a\u4f20 Red Hat GPU Opreator \u79bb\u7ebf\u955c\u50cf","text":"\u53c2\u8003\u5411\u706b\u79cd\u8282\u70b9\u4ed3\u5e93\u4e0a\u4f20 Red Hat GPU Opreator \u79bb\u7ebf\u955c\u50cf\u3002
Note
\u6b64\u53c2\u8003\u4ee5 rhel8.4 \u4e3a\u4f8b\uff0c\u8bf7\u6ce8\u610f\u4fee\u6539\u6210 rhel7.9\u3002
"},{"location":"admin/kpanda/gpu/nvidia/yum_source_redhat7_9.html#4-yum","title":"4. \u5728\u96c6\u7fa4\u521b\u5efa\u914d\u7f6e\u9879\u7528\u6765\u4fdd\u5b58 Yum \u6e90\u4fe1\u606f","text":"\u5728\u5f85\u90e8\u7f72 GPU Operator \u96c6\u7fa4\u7684\u63a7\u5236\u8282\u70b9\u4e0a\u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\u3002
\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u521b\u5efa\u540d\u4e3a CentOS-Base.repo \u7684\u6587\u4ef6\uff0c\u7528\u6765\u6307\u5b9a yum \u6e90\u5b58\u50a8\u7684\u914d\u7f6e\u4fe1\u606f\u3002
# \u6587\u4ef6\u540d\u79f0\u5fc5\u987b\u4e3a CentOS-Base.repo\uff0c\u5426\u5219\u5b89\u88c5 gpu-operator \u65f6\u65e0\u6cd5\u88ab\u8bc6\u522b\ncat > CentOS-Base.repo << EOF\n[extension-0]\nbaseurl = http://10.5.14.200:9000/centos-base/centos-base # \u706b\u79cd\u8282\u70b9\u7684\u7684\u6587\u4ef6\u670d\u52a1\u5668\u5730\u5740\uff0c\u4e00\u822c\u4e3a{\u706b\u79cd\u8282\u70b9 IP} + {9000 \u7aef\u53e3}\ngpgcheck = 0\nname = kubean extension 0\n\n[extension-1]\nbaseurl = http://10.5.14.200:9000/centos-base/centos-base # \u706b\u79cd\u8282\u70b9\u7684\u7684\u6587\u4ef6\u670d\u52a1\u5668\u5730\u5740\uff0c\u4e00\u822c\u4e3a{\u706b\u79cd\u8282\u70b9 IP} + {9000 \u7aef\u53e3}\ngpgcheck = 0\nname = kubean extension 1\nEOF\n
\u57fa\u4e8e\u521b\u5efa\u7684 CentOS-Base.repo \u6587\u4ef6\uff0c\u5728 gpu-operator \u547d\u540d\u7a7a\u95f4\u4e0b\uff0c\u521b\u5efa\u540d\u4e3a local-repo-config \u7684\u914d\u7f6e\u6587\u4ef6\uff1a
kubectl create configmap local-repo-config -n gpu-operator --from-file=CentOS-Base.repo=/etc/yum.repos.d/extension.repo\n
\u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a
configmap/local-repo-config created\n
local-repo-config \u914d\u7f6e\u6587\u4ef6\u7528\u4e8e\u5728\u5b89\u88c5 gpu-operator \u65f6\uff0c\u63d0\u4f9b RepoConfig.ConfigMapName
\u53c2\u6570\u7684\u503c\uff0c\u914d\u7f6e\u6587\u4ef6\u540d\u79f0\u7528\u6237\u53ef\u81ea\u5b9a\u4e49\u3002
\u67e5\u770b local-repo-config \u7684\u914d\u7f6e\u6587\u4ef6\u7684\u5185\u5bb9\uff1a
kubectl get configmap local-repo-config -n gpu-operator -oyaml\n
\u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a
local-repo-config.yamlapiVersion: v1\ndata:\n CentOS-Base.repo: \"[extension-0]\\nbaseurl = http://10.6.232.5:32618/centos-base # \u6b65\u9aa4 2 \u4e2d\uff0c\u653e\u7f6e yum \u6e90\u7684\u6587\u4ef6\u670d\u52a1\u5668\u8def\u5f84 \\ngpgcheck = 0\\nname = kubean extension 0\\n \\n[extension-1]\\nbaseurl\n = http://10.6.232.5:32618/centos-base # \u6b65\u9aa4 2 \u4e2d\uff0c\u653e\u7f6e yum \u6e90\u7684\u6587\u4ef6\u670d\u52a1\u5668\u8def\u5f84 \\ngpgcheck = 0\\nname\n = kubean extension 1\\n\"\nkind: ConfigMap\nmetadata:\n creationTimestamp: \"2023-10-18T01:59:02Z\"\n name: local-repo-config\n namespace: gpu-operator\n resourceVersion: \"59445080\"\n uid: c5f0ebab-046f-442c-b932-f9003e014387\n
\u81f3\u6b64\uff0c\u60a8\u5df2\u6210\u529f\u4e3a\u5f85\u90e8\u7f72 GPU Operator \u7684\u96c6\u7fa4\u521b\u5efa\u4e86\u79bb\u7ebf yum \u6e90\u914d\u7f6e\u6587\u4ef6\u3002 \u5176\u4e2d\u5728\u79bb\u7ebf\u5b89\u88c5 GPU Operator \u65f6\u4f7f\u7528\u4e86 RepoConfig.ConfigMapName
\u53c2\u6570\u3002
\u672c\u6587\u4ecb\u7ecd\u5982\u4f55\u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u8bbe\u7f6e GPU \u76f8\u5173\u7684\u544a\u8b66\u89c4\u5219\u3002
"},{"location":"admin/kpanda/gpu/nvidia/gpu-monitoring-alarm/gpu-alarm.html#_1","title":"\u524d\u7f6e\u6761\u4ef6","text":"\u672c\u8282\u4ecb\u7ecd GPU \u544a\u8b66\u5e38\u7528\u7684\u6307\u6807\uff0c\u5206\u4e3a\u4e24\u4e2a\u90e8\u5206\uff1a
\u8fd9\u91cc\u4f1a\u4ecb\u7ecd\u5982\u4f55\u8bbe\u7f6e GPU \u544a\u8b66\u89c4\u5219\uff0c\u4f7f\u7528 GPU \u5361\u5229\u7528\u7387\u6307\u6807\u4f5c\u4e3a\u6848\u4f8b\uff0c\u8bf7\u7528\u6237\u6839\u636e\u5b9e\u9645\u7684\u4e1a\u52a1\u573a\u666f\u9009\u62e9\u6307\u6807\u4ee5\u53ca\u7f16\u5199 promql\u3002
\u76ee\u6807\uff1a\u5f53GPU\u5361\u5229\u7528\u7387\u5728\u4e94\u79d2\u949f\u5185\u4e00\u76f4\u4fdd\u6301 80% \u7684\u5229\u7528\u7387\u65f6\u53d1\u51fa\u544a\u8b66
\u5728\u53ef\u89c2\u6d4b\u9875\u9762\uff0c\u70b9\u51fb \u544a\u8b66 -> \u544a\u8b66\u7b56\u7565 -> \u521b\u5efa\u544a\u8b66\u7b56\u7565
\u586b\u5199\u57fa\u672c\u4fe1\u606f
\u6dfb\u52a0\u89c4\u5219
\u9009\u62e9\u901a\u77e5\u65b9\u5f0f
\u8bbe\u7f6e\u5b8c\u6210\u540e\uff0c\u5f53\u4e00\u4e2a GPU \u5728 5s \u5185\u4e00\u76f4\u4fdd\u6301 80% \u7684\u5229\u7528\u7387\uff0c\u4f1a\u6536\u5230\u5982\u4e0b\u7684\u544a\u8b66\u4fe1\u606f\u3002
\u672c\u9875\u5217\u51fa\u4e00\u4e9b\u5e38\u7528\u7684 GPU \u76d1\u63a7\u6307\u6807\u3002
"},{"location":"admin/kpanda/gpu/nvidia/gpu-monitoring-alarm/gpu-metrics.html#_1","title":"\u96c6\u7fa4\u7ef4\u5ea6","text":"\u6307\u6807\u540d\u79f0 \u63cf\u8ff0 GPU \u5361\u6570 \u96c6\u7fa4\u4e0b\u6240\u6709\u7684 GPU \u5361\u6570\u91cf GPU \u5e73\u5747\u4f7f\u7528\u7387 \u96c6\u7fa4\u4e0b\u6240\u6709 GPU \u5361\u7684\u5e73\u5747\u7b97\u529b\u4f7f\u7528\u7387 GPU \u5e73\u5747\u663e\u5b58\u4f7f\u7528\u7387 \u96c6\u7fa4\u4e0b\u6240\u6709 GPU \u5361\u7684\u5e73\u5747\u663e\u5b58\u4f7f\u7528\u7387 GPU \u5361\u529f\u7387 \u96c6\u7fa4\u4e0b\u6240\u6709 GPU \u5361\u7684\u529f\u7387 GPU \u5361\u6e29\u5ea6 \u96c6\u7fa4\u4e0b\u6240\u6709 GPU \u5361\u7684\u6e29\u5ea6 GPU \u7b97\u529b\u4f7f\u7528\u7387\u7ec6\u8282 24 \u5c0f\u65f6\u5185\uff0c\u96c6\u7fa4\u4e0b\u6240\u6709 GPU \u5361\u7684\u4f7f\u7528\u7387\u7ec6\u8282\uff08\u5305\u542b max\u3001avg\u3001current\uff09 GPU \u663e\u5b58\u4f7f\u7528\u91cf\u7ec6\u8282 24 \u5c0f\u65f6\u5185\uff0c\u96c6\u7fa4\u4e0b\u6240\u6709 GPU \u5361\u7684\u663e\u5b58\u4f7f\u7528\u91cf\u7ec6\u8282\uff08\u5305\u542b min\u3001max\u3001avg\u3001current\uff09 GPU \u663e\u5b58\u5e26\u5bbd\u4f7f\u7528\u7387 \u8868\u793a\u5185\u5b58\u5e26\u5bbd\u5229\u7528\u7387\u3002\u4ee5 Nvidia GPU V100 \u4e3a\u4f8b\uff0c\u5176\u6700\u5927\u5185\u5b58\u5e26\u5bbd\u4e3a 900 GB/sec\uff0c\u5982\u679c\u5f53\u524d\u7684\u5185\u5b58\u5e26\u5bbd\u4e3a 450 GB/sec\uff0c\u5219\u5185\u5b58\u5e26\u5bbd\u5229\u7528\u7387\u4e3a 50%"},{"location":"admin/kpanda/gpu/nvidia/gpu-monitoring-alarm/gpu-metrics.html#_2","title":"\u8282\u70b9\u7ef4\u5ea6","text":"\u6307\u6807\u540d\u79f0 \u63cf\u8ff0 GPU \u6a21\u5f0f \u8282\u70b9\u4e0a GPU \u5361\u7684\u4f7f\u7528\u6a21\u5f0f\uff0c\u5305\u542b\u6574\u5361\u6a21\u5f0f\u3001MIG \u6a21\u5f0f\u3001vGPU \u6a21\u5f0f GPU \u7269\u7406\u5361\u6570 \u8282\u70b9\u4e0a\u6240\u6709\u7684 GPU \u5361\u6570\u91cf GPU \u865a\u62df\u5361\u6570 \u8282\u70b9\u4e0a\u5df2\u7ecf\u88ab\u521b\u5efa\u51fa\u6765\u7684 vGPU \u8bbe\u5907\u6570\u91cf GPU MIG \u5b9e\u4f8b\u6570 \u8282\u70b9\u4e0a\u5df2\u7ecf\u88ab\u521b\u5efa\u51fa\u6765\u7684 MIG \u5b9e\u4f8b\u6570 GPU \u663e\u5b58\u5206\u914d\u7387 \u8282\u70b9\u4e0a\u6240\u6709 GPU \u5361\u7684\u663e\u5b58\u5206\u914d\u7387 GPU \u7b97\u529b\u5e73\u5747\u4f7f\u7528\u7387 \u8282\u70b9\u4e0a\u6240\u6709 GPU \u5361\u7684\u7b97\u529b\u5e73\u5747\u4f7f\u7528\u7387 GPU \u663e\u5b58\u5e73\u5747\u4f7f\u7528\u7387 \u8282\u70b9\u4e0a\u6240\u6709 GPU \u5361\u7684\u5e73\u5747\u663e\u5b58\u4f7f\u7528\u7387 GPU \u9a71\u52a8\u7248\u672c \u8282\u70b9\u4e0a GPU \u5361\u9a71\u52a8\u7684\u7248\u672c\u4fe1\u606f GPU \u7b97\u529b\u4f7f\u7528\u7387\u7ec6\u8282 24 \u5c0f\u65f6\u5185\uff0c\u8282\u70b9\u4e0a\u6bcf\u5f20 GPU \u5361\u7684\u7b97\u529b\u4f7f\u7528\u7387\u7ec6\u8282\uff08\u5305\u542b max\u3001avg\u3001current\uff09 GPU \u663e\u5b58\u4f7f\u7528\u91cf 24 \u5c0f\u65f6\u5185\uff0c\u8282\u70b9\u4e0a\u6bcf\u5f20 GPU \u5361\u7684\u663e\u5b58\u4f7f\u7528\u91cf\u7ec6\u8282\uff08\u5305\u542b min\u3001max\u3001avg\u3001current\uff09\u6839\u636e XID \u72b6\u6001\u6392\u67e5 GPU \u76f8\u5173\u95ee\u9898
XID \u6d88\u606f\u662f NVIDIA \u9a71\u52a8\u7a0b\u5e8f\u5411\u64cd\u4f5c\u7cfb\u7edf\u7684\u5185\u6838\u65e5\u5fd7\u6216\u4e8b\u4ef6\u65e5\u5fd7\u6253\u5370\u7684\u9519\u8bef\u62a5\u544a\u3002XID \u6d88\u606f\u7528\u4e8e\u6807\u8bc6 GPU \u9519\u8bef\u4e8b\u4ef6\uff0c \u63d0\u4f9b GPU \u786c\u4ef6\u3001NVIDIA \u8f6f\u4ef6\u6216\u5e94\u7528\u4e2d\u7684\u9519\u8bef\u7c7b\u578b\u3001\u9519\u8bef\u4f4d\u7f6e\u3001\u9519\u8bef\u4ee3\u7801\u7b49\u4fe1\u606f\u3002 \u5982\u68c0\u67e5\u9879 GPU \u8282\u70b9\u4e0a\u7684 XID \u5f02\u5e38\u4e3a\u7a7a\uff0c\u8868\u660e\u65e0 XID \u6d88\u606f\uff1b\u5982\u6709\uff0c\u60a8\u53ef\u6309\u7167\u4e0b\u8868\u81ea\u52a9\u6392\u67e5\u5e76\u89e3\u51b3\u95ee\u9898\uff0c \u6216\u67e5\u770b\u66f4\u591a XID \u6d88\u606f\u3002
XID \u6d88\u606f \u8bf4\u660e 13 Graphics Engine Exception. \u901a\u5e38\u662f\u6570\u7ec4\u8d8a\u754c\u3001\u6307\u4ee4\u9519\u8bef\uff0c\u5c0f\u6982\u7387\u662f\u786c\u4ef6\u95ee\u9898\u3002 31 GPU memory page fault. \u901a\u5e38\u662f\u5e94\u7528\u7a0b\u5e8f\u7684\u975e\u6cd5\u5730\u5740\u8bbf\u95ee\uff0c\u6781\u5c0f\u6982\u7387\u662f\u9a71\u52a8\u6216\u8005\u786c\u4ef6\u95ee\u9898\u3002 32 Invalid or corrupted push buffer stream. \u4e8b\u4ef6\u7531 PCIE \u603b\u7ebf\u4e0a\u7ba1\u7406 NVIDIA \u9a71\u52a8\u548c GPU \u4e4b\u95f4\u901a\u4fe1\u7684 DMA \u63a7\u5236\u5668\u4e0a\u62a5\uff0c\u901a\u5e38\u662f PCI \u8d28\u91cf\u95ee\u9898\u5bfc\u81f4\uff0c\u800c\u975e\u60a8\u7684\u7a0b\u5e8f\u4ea7\u751f\u3002 38 Driver firmware error. \u901a\u5e38\u662f\u9a71\u52a8\u56fa\u4ef6\u9519\u8bef\u800c\u975e\u786c\u4ef6\u95ee\u9898\u3002 43 GPU stopped processing. \u901a\u5e38\u662f\u60a8\u5e94\u7528\u81ea\u8eab\u9519\u8bef\uff0c\u800c\u975e\u786c\u4ef6\u95ee\u9898\u3002 45 Preemptive cleanup, due to previous errors -- Most likely to see when running multiple cuda applications and hitting a DBE. \u901a\u5e38\u662f\u60a8\u624b\u52a8\u9000\u51fa\u6216\u8005\u5176\u4ed6\u6545\u969c\uff08\u786c\u4ef6\u3001\u8d44\u6e90\u9650\u5236\u7b49\uff09\u5bfc\u81f4\u7684 GPU \u5e94\u7528\u9000\u51fa\uff0cXID 45 \u53ea\u63d0\u4f9b\u4e00\u4e2a\u7ed3\u679c\uff0c\u5177\u4f53\u539f\u56e0\u901a\u5e38\u9700\u8981\u8fdb\u4e00\u6b65\u5206\u6790\u65e5\u5fd7\u3002 48 Double Bit ECC Error (DBE). \u5f53 GPU \u53d1\u751f\u4e0d\u53ef\u7ea0\u6b63\u7684\u9519\u8bef\u65f6\uff0c\u4f1a\u4e0a\u62a5\u6b64\u4e8b\u4ef6\uff0c\u8be5\u9519\u8bef\u4e5f\u4f1a\u540c\u65f6\u53cd\u9988\u7ed9\u60a8\u7684\u5e94\u7528\u7a0b\u5e8f\u3002\u901a\u5e38\u9700\u8981\u91cd\u7f6e GPU \u6216\u91cd\u542f\u8282\u70b9\u6765\u6e05\u9664\u8fd9\u4e2a\u9519\u8bef\u3002 61 Internal micro-controller breakpoint/warning. GPU \u5185\u90e8\u5f15\u64ce\u505c\u6b62\u5de5\u4f5c\uff0c\u60a8\u7684\u4e1a\u52a1\u5df2\u7ecf\u53d7\u5230\u5f71\u54cd\u3002 62 Internal micro-controller halt. \u4e0e XID 61 \u7684\u89e6\u53d1\u573a\u666f\u7c7b\u4f3c\u3002 63 ECC page retirement or row remapping recording event. \u5f53\u5e94\u7528\u7a0b\u5e8f\u906d\u9047\u5230 GPU \u663e\u5b58\u786c\u4ef6\u9519\u8bef\u65f6\uff0cNVIDIA \u81ea\u7ea0\u9519\u673a\u5236\u4f1a\u5c06\u9519\u8bef\u7684\u5185\u5b58\u533a\u57df retire \u6216\u8005 remap\uff0cretirement \u548c remapped \u4fe1\u606f\u9700\u8bb0\u5f55\u5230 infoROM \u4e2d\u624d\u80fd\u6c38\u4e45\u751f\u6548\u3002Volt \u67b6\u6784\uff1a\u6210\u529f\u8bb0\u5f55 ECC page retirement \u4e8b\u4ef6\u5230 infoROM\u3002Ampere \u67b6\u6784\uff1a\u6210\u529f\u8bb0\u5f55 row remapping \u4e8b\u4ef6\u5230 infoROM\u3002 64 ECC page retirement or row remapper recording failure. \u4e0e XID 63 \u7684\u89e6\u53d1\u573a\u666f\u7c7b\u4f3c\u3002\u4f46 XID 63 \u4ee3\u8868 retirement \u548c remapped \u4fe1\u606f\u6210\u529f\u8bb0\u5f55\u5230\u4e86 infoROM\uff0cXID 64 \u4ee3\u8868\u8be5\u8bb0\u5f55\u64cd\u4f5c\u5931\u8d25\u3002 68 NVDEC0 Exception. \u901a\u5e38\u662f\u786c\u4ef6\u6216\u9a71\u52a8\u95ee\u9898\u3002 74 NVLINK Error. NVLink \u786c\u4ef6\u9519\u8bef\u4ea7\u751f\u7684 XID\uff0c\u8868\u660e GPU \u5df2\u7ecf\u51fa\u73b0\u4e25\u91cd\u786c\u4ef6\u6545\u969c\uff0c\u9700\u8981\u4e0b\u7ebf\u7ef4\u4fee\u3002 79 GPU has fallen off the bus. GPU \u786c\u4ef6\u68c0\u6d4b\u5230\u6389\u5361\uff0c\u603b\u7ebf\u4e0a\u65e0\u6cd5\u68c0\u6d4b\u8be5 GPU\uff0c\u8868\u660e\u8be5 GPU \u5df2\u7ecf\u51fa\u73b0\u4e25\u91cd\u786c\u4ef6\u6545\u969c\uff0c\u9700\u8981\u4e0b\u7ebf\u7ef4\u4fee\u3002 92 High single-bit ECC error rate. \u786c\u4ef6\u6216\u9a71\u52a8\u6545\u969c\u3002 94 Contained ECC error. \u5f53\u5e94\u7528\u7a0b\u5e8f\u906d\u9047\u5230 GPU \u4e0d\u53ef\u7ea0\u6b63\u7684\u663e\u5b58 ECC \u9519\u8bef\u65f6\uff0cNVIDIA \u9519\u8bef\u6291\u5236\u673a\u5236\u4f1a\u5c1d\u8bd5\u5c06\u9519\u8bef\u6291\u5236\u5728\u53d1\u751f\u786c\u4ef6\u6545\u969c\u7684\u5e94\u7528\u7a0b\u5e8f\uff0c\u907f\u514d\u8be5\u9519\u8bef\u5f71\u54cd GPU \u8282\u70b9\u4e0a\u8fd0\u884c\u7684\u5176\u4ed6\u5e94\u7528\u7a0b\u5e8f\u3002\u5f53\u6291\u5236\u673a\u5236\u6210\u529f\u6291\u5236\u9519\u8bef\u65f6\uff0c\u4f1a\u4ea7\u751f\u8be5\u4e8b\u4ef6\uff0c\u4ec5\u51fa\u73b0\u4e0d\u53ef\u7ea0\u6b63 ECC \u9519\u8bef\u7684\u5e94\u7528\u7a0b\u5e8f\u53d7\u5230\u5f71\u54cd\u3002 95 Uncontained ECC error. \u4e0e XID 94 \u7684\u89e6\u53d1\u573a\u666f\u7c7b\u4f3c\u3002\u4f46 XID 94 \u4ee3\u8868\u6291\u5236\u6210\u529f\uff0c\u800c XID 95 \u4ee3\u8868\u6291\u5236\u5931\u8d25\uff0c\u8868\u660e\u8fd0\u884c\u5728\u8be5 GPU \u4e0a\u7684\u6240\u6709\u5e94\u7528\u7a0b\u5e8f\u90fd\u5df2\u53d7\u5230\u5f71\u54cd\u3002"},{"location":"admin/kpanda/gpu/nvidia/gpu-monitoring-alarm/gpu-metrics.html#pod","title":"Pod \u7ef4\u5ea6","text":"\u5206\u7c7b \u6307\u6807\u540d\u79f0 \u63cf\u8ff0 \u5e94\u7528\u6982\u89c8 GPU \u5361 - \u7b97\u529b & \u663e\u5b58 Pod GPU \u7b97\u529b\u4f7f\u7528\u7387 \u5f53\u524d Pod \u6240\u4f7f\u7528\u5230\u7684 GPU \u5361\u7684\u7b97\u529b\u4f7f\u7528\u7387 Pod GPU \u663e\u5b58\u4f7f\u7528\u7387 \u5f53\u524d Pod \u6240\u4f7f\u7528\u5230\u7684 GPU \u5361\u7684\u663e\u5b58\u4f7f\u7528\u7387 Pod \u663e\u5b58\u4f7f\u7528\u91cf \u5f53\u524d Pod \u6240\u4f7f\u7528\u5230\u7684 GPU \u5361\u7684\u663e\u5b58\u4f7f\u7528\u91cf \u663e\u5b58\u5206\u914d\u91cf \u5f53\u524d Pod \u6240\u4f7f\u7528\u5230\u7684 GPU \u5361\u7684\u663e\u5b58\u5206\u914d\u91cf Pod GPU \u663e\u5b58\u590d\u5236\u4f7f\u7528\u7387 \u5f53\u524d Pod \u6240\u4f7f\u7528\u5230\u7684 GPU \u5361\u7684\u663e\u5b58\u663e\u5b58\u590d\u5236\u6bd4\u7387 GPU \u5361 - \u5f15\u64ce\u6982\u89c8 GPU \u56fe\u5f62\u5f15\u64ce\u6d3b\u52a8\u767e\u5206\u6bd4 \u8868\u793a\u5728\u4e00\u4e2a\u76d1\u63a7\u5468\u671f\u5185\uff0cGraphics \u6216 Compute \u5f15\u64ce\u5904\u4e8e Active \u7684\u65f6\u95f4\u5360\u603b\u7684\u65f6\u95f4\u7684\u6bd4\u4f8b GPU \u5185\u5b58\u5e26\u5bbd\u5229\u7528\u7387 \u8868\u793a\u5185\u5b58\u5e26\u5bbd\u5229\u7528\u7387\uff08Memory BW Utilization\uff09\u5c06\u6570\u636e\u53d1\u9001\u5230\u8bbe\u5907\u5185\u5b58\u6216\u4ece\u8bbe\u5907\u5185\u5b58\u63a5\u6536\u6570\u636e\u7684\u5468\u671f\u5206\u6570\u3002\u8be5\u503c\u8868\u793a\u65f6\u95f4\u95f4\u9694\u5185\u7684\u5e73\u5747\u503c\uff0c\u800c\u4e0d\u662f\u77ac\u65f6\u503c\u3002\u8f83\u9ad8\u7684\u503c\u8868\u793a\u8bbe\u5907\u5185\u5b58\u7684\u5229\u7528\u7387\u8f83\u9ad8\u3002\u8be5\u503c\u4e3a 1\uff08100%\uff09\u8868\u793a\u5728\u6574\u4e2a\u65f6\u95f4\u95f4\u9694\u5185\u7684\u6bcf\u4e2a\u5468\u671f\u6267\u884c\u4e00\u6761 DRAM \u6307\u4ee4\uff08\u5b9e\u9645\u4e0a\uff0c\u5cf0\u503c\u7ea6\u4e3a 0.8 (80%) \u662f\u53ef\u5b9e\u73b0\u7684\u6700\u5927\u503c\uff09\u3002\u5047\u8bbe\u8be5\u503c\u4e3a 0.2\uff0820%\uff09\uff0c\u8868\u793a 20% \u7684\u5468\u671f\u5728\u65f6\u95f4\u95f4\u9694\u5185\u8bfb\u53d6\u6216\u5199\u5165\u8bbe\u5907\u5185\u5b58\u3002 Tensor \u6838\u5fc3\u5f15\u64ce\u4f7f\u7528\u7387 \u8868\u793a\u5728\u4e00\u4e2a\u76d1\u63a7\u5468\u671f\u5185\uff0cTensor Core \u7ba1\u9053\uff08Pipe\uff09\u5904\u4e8e Active \u65f6\u95f4\u5360\u603b\u65f6\u95f4\u7684\u6bd4\u4f8b FP16 \u5f15\u64ce\u4f7f\u7528\u7387 \u8868\u793a\u5728\u4e00\u4e2a\u76d1\u63a7\u5468\u671f\u5185\uff0cFP16 \u7ba1\u9053\u5904\u4e8e Active \u7684\u65f6\u95f4\u5360\u603b\u7684\u65f6\u95f4\u7684\u6bd4\u4f8b FP32 \u5f15\u64ce\u4f7f\u7528\u7387 \u8868\u793a\u5728\u4e00\u4e2a\u76d1\u63a7\u5468\u671f\u5185\uff0cFP32 \u7ba1\u9053\u5904\u4e8e Active \u7684\u65f6\u95f4\u5360\u603b\u7684\u65f6\u95f4\u7684\u6bd4\u4f8b FP64 \u5f15\u64ce\u4f7f\u7528\u7387 \u8868\u793a\u5728\u4e00\u4e2a\u76d1\u63a7\u5468\u671f\u5185\uff0cFP64 \u7ba1\u9053\u5904\u4e8e Active \u7684\u65f6\u95f4\u5360\u603b\u7684\u65f6\u95f4\u7684\u6bd4\u4f8b GPU \u89e3\u7801\u4f7f\u7528\u7387 GPU \u5361\u89e3\u7801\u5f15\u64ce\u6bd4\u7387 GPU \u7f16\u7801\u4f7f\u7528\u7387 GPU \u5361\u7f16\u7801\u5f15\u64ce\u6bd4\u7387 GPU \u5361 - \u6e29\u5ea6 & \u529f\u8017 GPU \u5361\u6e29\u5ea6 \u96c6\u7fa4\u4e0b\u6240\u6709 GPU \u5361\u7684\u6e29\u5ea6 GPU \u5361\u529f\u7387 \u96c6\u7fa4\u4e0b\u6240\u6709 GPU \u5361\u7684\u529f\u7387 GPU \u5361 - \u603b\u8017\u80fd GPU \u5361\u603b\u5171\u6d88\u8017\u7684\u80fd\u91cf GPU \u5361 - Clock GPU \u5361\u5185\u5b58\u9891\u7387 \u5185\u5b58\u9891\u7387 GPU \u5361\u5e94\u7528SM \u65f6\u949f\u9891\u7387 \u5e94\u7528\u7684 SM \u65f6\u949f\u9891\u7387 GPU \u5361\u5e94\u7528\u5185\u5b58\u9891\u7387 \u5e94\u7528\u5185\u5b58\u9891\u7387 GPU \u5361\u89c6\u9891\u5f15\u64ce\u9891\u7387 \u89c6\u9891\u5f15\u64ce\u9891\u7387 GPU \u5361\u964d\u9891\u539f\u56e0 \u964d\u9891\u539f\u56e0 GPU \u5361 - \u5176\u4ed6\u7ec6\u8282 \u56fe\u5f62\u5f15\u64ce\u6d3b\u52a8 \u56fe\u5f62\u6216\u8ba1\u7b97\u5f15\u64ce\u7684\u4efb\u4f55\u90e8\u5206\u5904\u4e8e\u6d3b\u52a8\u72b6\u6001\u7684\u65f6\u95f4\u6bd4\u4f8b\u3002\u5982\u679c\u56fe\u5f62/\u8ba1\u7b97\u4e0a\u4e0b\u6587\u5df2\u7ed1\u5b9a\u4e14\u56fe\u5f62/\u8ba1\u7b97\u7ba1\u9053\u7e41\u5fd9\uff0c\u5219\u56fe\u5f62\u5f15\u64ce\u5904\u4e8e\u6d3b\u52a8\u72b6\u6001\u3002\u8be5\u503c\u8868\u793a\u65f6\u95f4\u95f4\u9694\u5185\u7684\u5e73\u5747\u503c\uff0c\u800c\u4e0d\u662f\u77ac\u65f6\u503c\u3002 SM\u6d3b\u52a8 \u591a\u5904\u7406\u5668\u4e0a\u81f3\u5c11\u4e00\u4e2a Warp \u5904\u4e8e\u6d3b\u52a8\u72b6\u6001\u7684\u65f6\u95f4\u6bd4\u4f8b\uff0c\u6240\u6709\u591a\u5904\u7406\u5668\u7684\u5e73\u5747\u503c\u3002\u8bf7\u6ce8\u610f\uff0c\u201c\u6d3b\u52a8\u201d\u5e76\u4e0d\u4e00\u5b9a\u610f\u5473\u7740 Warp \u6b63\u5728\u79ef\u6781\u8ba1\u7b97\u3002\u4f8b\u5982\uff0c\u7b49\u5f85\u5185\u5b58\u8bf7\u6c42\u7684 Warp \u88ab\u89c6\u4e3a\u6d3b\u52a8\u72b6\u6001\u3002\u8be5\u503c\u8868\u793a\u65f6\u95f4\u95f4\u9694\u5185\u7684\u5e73\u5747\u503c\uff0c\u800c\u4e0d\u662f\u77ac\u65f6\u503c\u30020.8 \u6216\u66f4\u5927\u7684\u503c\u662f\u6709\u6548\u4f7f\u7528 GPU \u7684\u5fc5\u8981\u6761\u4ef6\uff0c\u4f46\u8fd8\u4e0d\u591f\u3002\u5c0f\u4e8e 0.5 \u7684\u503c\u53ef\u80fd\u8868\u793a GPU \u4f7f\u7528\u6548\u7387\u4f4e\u4e0b\u3002\u7ed9\u51fa\u4e00\u4e2a\u7b80\u5316\u7684 GPU \u67b6\u6784\u89c6\u56fe\uff0c\u5982\u679c GPU \u6709 N \u4e2a SM\uff0c\u5219\u4f7f\u7528 N \u4e2a\u5757\u5e76\u5728\u6574\u4e2a\u65f6\u95f4\u95f4\u9694\u5185\u8fd0\u884c\u7684\u5185\u6838\u5c06\u5bf9\u5e94\u4e8e\u6d3b\u52a8 1\uff08100%\uff09\u3002\u4f7f\u7528 N/5 \u4e2a\u5757\u5e76\u5728\u6574\u4e2a\u65f6\u95f4\u95f4\u9694\u5185\u8fd0\u884c\u7684\u5185\u6838\u5c06\u5bf9\u5e94\u4e8e\u6d3b\u52a8 0.2\uff0820%\uff09\u3002\u4f7f\u7528 N \u4e2a\u5757\u5e76\u8fd0\u884c\u4e94\u5206\u4e4b\u4e00\u65f6\u95f4\u95f4\u9694\u7684\u5185\u6838\uff0c\u5982\u679c SM \u5904\u4e8e\u7a7a\u95f2\u72b6\u6001\uff0c\u5219\u6d3b\u52a8\u4e5f\u5c06\u4e3a 0.2\uff0820%\uff09\u3002\u8be5\u503c\u4e0e\u6bcf\u4e2a\u5757\u7684\u7ebf\u7a0b\u6570\u65e0\u5173\uff08\u53c2\u89c1DCGM_FI_PROF_SM_OCCUPANCY\uff09\u3002 SM \u5165\u4f4f\u7387 \u591a\u5904\u7406\u5668\u4e0a\u9a7b\u7559 Warp \u7684\u6bd4\u4f8b\uff0c\u76f8\u5bf9\u4e8e\u591a\u5904\u7406\u5668\u4e0a\u652f\u6301\u7684\u6700\u5927\u5e76\u53d1 Warp \u6570\u3002\u8be5\u503c\u8868\u793a\u65f6\u95f4\u95f4\u9694\u5185\u7684\u5e73\u5747\u503c\uff0c\u800c\u4e0d\u662f\u77ac\u65f6\u503c\u3002\u5360\u7528\u7387\u8d8a\u9ad8\u5e76\u4e0d\u4e00\u5b9a\u8868\u793a GPU \u4f7f\u7528\u7387\u8d8a\u9ad8\u3002\u5bf9\u4e8e GPU \u5185\u5b58\u5e26\u5bbd\u53d7\u9650\u7684\u5de5\u4f5c\u8d1f\u8f7d\uff08\u53c2\u89c1DCGM_FI_PROF_DRAM_ACTIVE\uff09\uff0c\u5360\u7528\u7387\u8d8a\u9ad8\u8868\u660e GPU \u4f7f\u7528\u7387\u8d8a\u9ad8\u3002\u4f46\u662f\uff0c\u5982\u679c\u5de5\u4f5c\u8d1f\u8f7d\u662f\u8ba1\u7b97\u53d7\u9650\u7684\uff08\u5373\u4e0d\u53d7 GPU \u5185\u5b58\u5e26\u5bbd\u6216\u5ef6\u8fdf\u9650\u5236\uff09\uff0c\u5219\u5360\u7528\u7387\u8d8a\u9ad8\u5e76\u4e0d\u4e00\u5b9a\u4e0e GPU \u4f7f\u7528\u7387\u8d8a\u9ad8\u76f8\u5173\u3002\u8ba1\u7b97\u5360\u7528\u7387\u5e76\u4e0d\u7b80\u5355\uff0c\u5b83\u53d6\u51b3\u4e8e GPU \u5c5e\u6027\u3001\u6bcf\u4e2a\u5757\u7684\u7ebf\u7a0b\u6570\u3001\u6bcf\u4e2a\u7ebf\u7a0b\u7684\u5bc4\u5b58\u5668\u4ee5\u53ca\u6bcf\u4e2a\u5757\u7684\u5171\u4eab\u5185\u5b58\u7b49\u56e0\u7d20\u3002\u4f7f\u7528CUDA \u5360\u7528\u7387\u8ba1\u7b97\u5668 \u63a2\u7d22\u5404\u79cd\u5360\u7528\u7387\u573a\u666f\u3002 \u5f20\u91cf\u6d3b\u52a8 \u5f20\u91cf (HMMA / IMMA) \u7ba1\u9053\u5904\u4e8e\u6d3b\u52a8\u72b6\u6001\u7684\u5468\u671f\u5206\u6570\u3002\u8be5\u503c\u8868\u793a\u65f6\u95f4\u95f4\u9694\u5185\u7684\u5e73\u5747\u503c\uff0c\u800c\u4e0d\u662f\u77ac\u65f6\u503c\u3002\u503c\u8d8a\u9ad8\uff0c\u5f20\u91cf\u6838\u5fc3\u7684\u5229\u7528\u7387\u8d8a\u9ad8\u3002\u6d3b\u52a8 1 (100%) \u76f8\u5f53\u4e8e\u5728\u6574\u4e2a\u65f6\u95f4\u95f4\u9694\u5185\u6bcf\u9694\u4e00\u4e2a\u5468\u671f\u53d1\u51fa\u4e00\u4e2a\u5f20\u91cf\u6307\u4ee4\u3002\u6d3b\u52a8 0.2 (20%) \u53ef\u80fd\u8868\u793a 20% \u7684 SM \u5728\u6574\u4e2a\u65f6\u95f4\u6bb5\u5185\u7684\u5229\u7528\u7387\u4e3a 100%\uff0c100% \u7684 SM \u5728\u6574\u4e2a\u65f6\u95f4\u6bb5\u5185\u7684\u5229\u7528\u7387\u4e3a 20%\uff0c100% \u7684 SM \u5728 20% \u7684\u65f6\u95f4\u6bb5\u5185\u7684\u5229\u7528\u7387\u4e3a 100%\uff0c\u6216\u8005\u4ecb\u4e8e\u4e24\u8005\u4e4b\u95f4\u7684\u4efb\u4f55\u7ec4\u5408\uff08\u8bf7\u53c2\u9605DCGM_FI_PROF_SM_ACTIVE\u4ee5\u5e2e\u52a9\u6d88\u9664\u8fd9\u4e9b\u53ef\u80fd\u6027\u7684\u6b67\u4e49\uff09\u3002 FP64 \u5f15\u64ce\u6d3b\u52a8 FP64\uff08\u53cc\u7cbe\u5ea6\uff09\u7ba1\u9053\u5904\u4e8e\u6d3b\u52a8\u72b6\u6001\u7684\u5468\u671f\u5206\u6570\u3002\u8be5\u503c\u8868\u793a\u65f6\u95f4\u95f4\u9694\u5185\u7684\u5e73\u5747\u503c\uff0c\u800c\u4e0d\u662f\u77ac\u65f6\u503c\u3002\u503c\u8d8a\u9ad8\uff0cFP64 \u6838\u5fc3\u7684\u5229\u7528\u7387\u8d8a\u9ad8\u3002\u6d3b\u52a8\u91cf 1\uff08100%\uff09\u76f8\u5f53\u4e8e\u6574\u4e2a\u65f6\u95f4\u95f4\u9694\u5185 Volta \u4e0a\u6bcf\u56db\u4e2a\u5468\u671f\u7684\u6bcf\u4e2a SM\u4e0a\u6267\u884c\u4e00\u6761 FP64 \u6307\u4ee4 \u3002\u6d3b\u52a8\u91cf 0.2\uff0820%\uff09\u53ef\u80fd\u8868\u793a 20% \u7684 SM \u5728\u6574\u4e2a\u65f6\u95f4\u6bb5\u5185\u5229\u7528\u7387\u4e3a 100%\uff0c100% \u7684 SM \u5728\u6574\u4e2a\u65f6\u95f4\u6bb5\u5185\u5229\u7528\u7387\u4e3a 20%\uff0c100% \u7684 SM \u5728 20% \u7684\u65f6\u95f4\u6bb5\u5185\u5229\u7528\u7387\u4e3a 100%\uff0c\u6216\u8005\u4ecb\u4e8e\u4e24\u8005\u4e4b\u95f4\u7684\u4efb\u4f55\u7ec4\u5408\uff08\u8bf7\u53c2\u9605 DCGM_FI_PROF_SM_ACTIVE \u4ee5\u5e2e\u52a9\u6d88\u9664\u8fd9\u4e9b\u53ef\u80fd\u6027\u7684\u6b67\u4e49\uff09\u3002 FP32 \u5f15\u64ce\u6d3b\u52a8 FMA\uff08FP32\uff08\u5355\u7cbe\u5ea6\uff09\u548c\u6574\u6570\uff09\u7ba1\u9053\u5904\u4e8e\u6d3b\u52a8\u72b6\u6001\u7684\u5468\u671f\u5206\u6570\u3002\u8be5\u503c\u8868\u793a\u65f6\u95f4\u95f4\u9694\u5185\u7684\u5e73\u5747\u503c\uff0c\u800c\u4e0d\u662f\u77ac\u65f6\u503c\u3002\u503c\u8d8a\u9ad8\uff0cFP32 \u6838\u5fc3\u7684\u5229\u7528\u7387\u8d8a\u9ad8\u3002\u6d3b\u52a8\u91cf 1\uff08100%\uff09\u76f8\u5f53\u4e8e\u6574\u4e2a\u65f6\u95f4\u95f4\u9694\u5185\u6bcf\u9694\u4e00\u4e2a\u5468\u671f\u6267\u884c\u4e00\u6b21 FP32 \u6307\u4ee4\u3002\u6d3b\u52a8\u91cf 0.2\uff0820%\uff09\u53ef\u80fd\u8868\u793a 20% \u7684 SM \u5728\u6574\u4e2a\u65f6\u95f4\u6bb5\u5185\u5229\u7528\u7387\u4e3a 100%\uff0c100% \u7684 SM \u5728\u6574\u4e2a\u65f6\u95f4\u6bb5\u5185\u5229\u7528\u7387\u4e3a 20%\uff0c100% \u7684 SM \u5728 20% \u7684\u65f6\u95f4\u6bb5\u5185\u5229\u7528\u7387\u4e3a 100%\uff0c\u6216\u8005\u4e24\u8005\u4e4b\u95f4\u7684\u4efb\u4f55\u7ec4\u5408\uff08\u8bf7\u53c2\u9605DCGM_FI_PROF_SM_ACTIVE\u4ee5\u5e2e\u52a9\u6d88\u9664\u8fd9\u4e9b\u53ef\u80fd\u6027\u7684\u6b67\u4e49\uff09\u3002 FP16 \u5f15\u64ce\u6d3b\u52a8 FP16\uff08\u534a\u7cbe\u5ea6\uff09\u7ba1\u9053\u5904\u4e8e\u6d3b\u52a8\u72b6\u6001\u7684\u5468\u671f\u5206\u6570\u3002\u8be5\u503c\u8868\u793a\u65f6\u95f4\u95f4\u9694\u5185\u7684\u5e73\u5747\u503c\uff0c\u800c\u4e0d\u662f\u77ac\u65f6\u503c\u3002\u503c\u8d8a\u9ad8\uff0cFP16 \u6838\u5fc3\u7684\u5229\u7528\u7387\u8d8a\u9ad8\u3002\u6d3b\u52a8\u91cf 1\uff08100%\uff09\u76f8\u5f53\u4e8e\u6574\u4e2a\u65f6\u95f4\u95f4\u9694\u5185\u6bcf\u9694\u4e00\u4e2a\u5468\u671f\u6267\u884c\u4e00\u6b21 FP16 \u6307\u4ee4\u3002\u6d3b\u52a8\u91cf 0.2\uff0820%\uff09\u53ef\u80fd\u8868\u793a 20% \u7684 SM \u5728\u6574\u4e2a\u65f6\u95f4\u6bb5\u5185\u5229\u7528\u7387\u4e3a 100%\uff0c100% \u7684 SM \u5728\u6574\u4e2a\u65f6\u95f4\u6bb5\u5185\u5229\u7528\u7387\u4e3a 20%\uff0c100% \u7684 SM \u5728 20% \u7684\u65f6\u95f4\u6bb5\u5185\u5229\u7528\u7387\u4e3a 100%\uff0c\u6216\u8005\u4ecb\u4e8e\u4e24\u8005\u4e4b\u95f4\u7684\u4efb\u4f55\u7ec4\u5408\uff08\u8bf7\u53c2\u9605DCGM_FI_PROF_SM_ACTIVE\u4ee5\u5e2e\u52a9\u6d88\u9664\u8fd9\u4e9b\u53ef\u80fd\u6027\u7684\u6b67\u4e49\uff09\u3002 \u5185\u5b58\u5e26\u5bbd\u5229\u7528\u7387 \u5411\u8bbe\u5907\u5185\u5b58\u53d1\u9001\u6570\u636e\u6216\u4ece\u8bbe\u5907\u5185\u5b58\u63a5\u6536\u6570\u636e\u7684\u5468\u671f\u6bd4\u4f8b\u3002\u8be5\u503c\u8868\u793a\u65f6\u95f4\u95f4\u9694\u5185\u7684\u5e73\u5747\u503c\uff0c\u800c\u4e0d\u662f\u77ac\u65f6\u503c\u3002\u503c\u8d8a\u9ad8\uff0c\u8bbe\u5907\u5185\u5b58\u7684\u5229\u7528\u7387\u8d8a\u9ad8\u3002\u6d3b\u52a8\u7387\u4e3a 1 (100%) \u76f8\u5f53\u4e8e\u6574\u4e2a\u65f6\u95f4\u95f4\u9694\u5185\u6bcf\u4e2a\u5468\u671f\u6267\u884c\u4e00\u6761 DRAM \u6307\u4ee4\uff08\u5b9e\u9645\u4e0a\uff0c\u5cf0\u503c\u7ea6\u4e3a 0.8 (80%) \u662f\u53ef\u5b9e\u73b0\u7684\u6700\u5927\u503c\uff09\u3002\u6d3b\u52a8\u7387\u4e3a 0.2 (20%) \u8868\u793a\u5728\u65f6\u95f4\u95f4\u9694\u5185\u6709 20% \u7684\u5468\u671f\u6b63\u5728\u8bfb\u53d6\u6216\u5199\u5165\u8bbe\u5907\u5185\u5b58\u3002 NVLink \u5e26\u5bbd \u901a\u8fc7 NVLink \u4f20\u8f93/\u63a5\u6536\u7684\u6570\u636e\u901f\u7387\uff08\u4e0d\u5305\u62ec\u534f\u8bae\u6807\u5934\uff09\uff0c\u4ee5\u6bcf\u79d2\u5b57\u8282\u6570\u4e3a\u5355\u4f4d\u3002\u8be5\u503c\u8868\u793a\u4e00\u6bb5\u65f6\u95f4\u5185\u7684\u5e73\u5747\u503c\uff0c\u800c\u4e0d\u662f\u77ac\u65f6\u503c\u3002\u901f\u7387\u662f\u4e00\u6bb5\u65f6\u95f4\u5185\u7684\u5e73\u5747\u503c\u3002\u4f8b\u5982\uff0c\u5982\u679c 1 \u79d2\u5185\u4f20\u8f93\u4e86 1 GB \u7684\u6570\u636e\uff0c\u5219\u65e0\u8bba\u6570\u636e\u662f\u4ee5\u6052\u5b9a\u901f\u7387\u8fd8\u662f\u7a81\u53d1\u901f\u7387\u4f20\u8f93\uff0c\u901f\u7387\u90fd\u662f 1 GB/s\u3002\u7406\u8bba\u4e0a\uff0c\u6bcf\u4e2a\u94fe\u8def\u6bcf\u4e2a\u65b9\u5411\u7684\u6700\u5927 NVLink Gen2 \u5e26\u5bbd\u4e3a 25 GB/s\u3002 PCIe \u5e26\u5bbd \u901a\u8fc7 PCIe \u603b\u7ebf\u4f20\u8f93/\u63a5\u6536\u7684\u6570\u636e\u901f\u7387\uff0c\u5305\u62ec\u534f\u8bae\u6807\u5934\u548c\u6570\u636e\u6709\u6548\u8d1f\u8f7d\uff0c\u4ee5\u5b57\u8282/\u79d2\u4e3a\u5355\u4f4d\u3002\u8be5\u503c\u8868\u793a\u4e00\u6bb5\u65f6\u95f4\u5185\u7684\u5e73\u5747\u503c\uff0c\u800c\u4e0d\u662f\u77ac\u65f6\u503c\u3002\u8be5\u901f\u7387\u662f\u4e00\u6bb5\u65f6\u95f4\u5185\u7684\u5e73\u5747\u503c\u3002\u4f8b\u5982\uff0c\u5982\u679c 1 \u79d2\u5185\u4f20\u8f93\u4e86 1 GB \u7684\u6570\u636e\uff0c\u5219\u65e0\u8bba\u6570\u636e\u662f\u4ee5\u6052\u5b9a\u901f\u7387\u8fd8\u662f\u7a81\u53d1\u901f\u7387\u4f20\u8f93\uff0c\u901f\u7387\u90fd\u662f 1 GB/s\u3002\u7406\u8bba\u4e0a\u6700\u5927 PCIe Gen3 \u5e26\u5bbd\u4e3a\u6bcf\u901a\u9053 985 MB/s\u3002 PCIe \u4f20\u8f93\u901f\u7387 \u8282\u70b9 GPU \u5361\u901a\u8fc7 PCIe \u603b\u7ebf\u4f20\u8f93\u7684\u6570\u636e\u901f\u7387 PCIe \u63a5\u6536\u901f\u7387 \u8282\u70b9 GPU \u5361\u901a\u8fc7 PCIe \u603b\u7ebf\u63a5\u6536\u7684\u6570\u636e\u901f\u7387"},{"location":"admin/kpanda/gpu/nvidia/mig/index.html","title":"NVIDIA \u591a\u5b9e\u4f8b GPU(MIG) \u6982\u8ff0","text":""},{"location":"admin/kpanda/gpu/nvidia/mig/index.html#mig","title":"MIG \u573a\u666f","text":"\u591a\u79df\u6237\u4e91\u73af\u5883
MIG \u5141\u8bb8\u4e91\u670d\u52a1\u63d0\u4f9b\u5546\u5c06\u4e00\u5757\u7269\u7406 GPU \u5212\u5206\u4e3a\u591a\u4e2a\u72ec\u7acb\u7684 GPU \u5b9e\u4f8b\uff0c\u6bcf\u4e2a\u5b9e\u4f8b\u53ef\u4ee5\u72ec\u7acb\u5206\u914d\u7ed9\u4e0d\u540c\u7684\u79df\u6237\u3002\u8fd9\u6837\u53ef\u4ee5\u5b9e\u73b0\u8d44\u6e90\u7684\u9694\u79bb\u548c\u72ec\u7acb\u6027\uff0c\u6ee1\u8db3\u591a\u4e2a\u79df\u6237\u5bf9 GPU \u8ba1\u7b97\u80fd\u529b\u7684\u9700\u6c42\u3002
\u5bb9\u5668\u5316\u5e94\u7528\u7a0b\u5e8f
MIG \u53ef\u4ee5\u5728\u5bb9\u5668\u5316\u73af\u5883\u4e2d\u5b9e\u73b0\u66f4\u7ec6\u7c92\u5ea6\u7684 GPU \u8d44\u6e90\u7ba1\u7406\u3002\u901a\u8fc7\u5c06\u7269\u7406 GPU \u5212\u5206\u4e3a\u591a\u4e2a MIG \u5b9e\u4f8b\uff0c\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u5bb9\u5668\u5206\u914d\u72ec\u7acb\u7684 GPU \u8ba1\u7b97\u8d44\u6e90\uff0c\u63d0\u4f9b\u66f4\u597d\u7684\u6027\u80fd\u9694\u79bb\u548c\u8d44\u6e90\u5229\u7528\u3002
\u6279\u5904\u7406\u4f5c\u4e1a
\u5bf9\u4e8e\u9700\u8981\u5927\u89c4\u6a21\u5e76\u884c\u8ba1\u7b97\u7684\u6279\u5904\u7406\u4f5c\u4e1a\uff0cMIG \u53ef\u4ee5\u63d0\u4f9b\u66f4\u9ad8\u7684\u8ba1\u7b97\u6027\u80fd\u548c\u66f4\u5927\u7684\u663e\u5b58\u5bb9\u91cf\u3002\u6bcf\u4e2a MIG \u5b9e\u4f8b\u53ef\u4ee5\u5229\u7528\u7269\u7406 GPU \u7684\u4e00\u90e8\u5206\u8ba1\u7b97\u8d44\u6e90\uff0c\u4ece\u800c\u52a0\u901f\u5927\u89c4\u6a21\u8ba1\u7b97\u4efb\u52a1\u7684\u5904\u7406\u3002
AI/\u673a\u5668\u5b66\u4e60\u8bad\u7ec3
MIG \u53ef\u4ee5\u5728\u8bad\u7ec3\u5927\u89c4\u6a21\u6df1\u5ea6\u5b66\u4e60\u6a21\u578b\u65f6\u63d0\u4f9b\u66f4\u5927\u7684\u8ba1\u7b97\u80fd\u529b\u548c\u663e\u5b58\u5bb9\u91cf\u3002\u5c06\u7269\u7406 GPU \u5212\u5206\u4e3a\u591a\u4e2a MIG \u5b9e\u4f8b\uff0c\u6bcf\u4e2a\u5b9e\u4f8b\u53ef\u4ee5\u72ec\u7acb\u8fdb\u884c\u6a21\u578b\u8bad\u7ec3\uff0c\u63d0\u9ad8\u8bad\u7ec3\u6548\u7387\u548c\u541e\u5410\u91cf\u3002
\u603b\u4f53\u800c\u8a00\uff0cNVIDIA MIG \u9002\u7528\u4e8e\u9700\u8981\u66f4\u7ec6\u7c92\u5ea6\u7684GPU\u8d44\u6e90\u5206\u914d\u548c\u7ba1\u7406\u7684\u573a\u666f\uff0c\u53ef\u4ee5\u5b9e\u73b0\u8d44\u6e90\u7684\u9694\u79bb\u3001\u63d0\u9ad8\u6027\u80fd\u5229\u7528\u7387\uff0c\u5e76\u4e14\u6ee1\u8db3\u591a\u4e2a\u7528\u6237\u6216\u5e94\u7528\u7a0b\u5e8f\u5bf9 GPU \u8ba1\u7b97\u80fd\u529b\u7684\u9700\u6c42\u3002
"},{"location":"admin/kpanda/gpu/nvidia/mig/index.html#mig_1","title":"MIG \u6982\u8ff0","text":"NVIDIA \u591a\u5b9e\u4f8b GPU\uff08Multi-Instance GPU\uff0c\u7b80\u79f0 MIG\uff09\u662f NVIDIA \u5728 H100\uff0cA100\uff0cA30 \u7cfb\u5217 GPU \u5361\u4e0a\u63a8\u51fa\u7684\u4e00\u9879\u65b0\u7279\u6027\uff0c \u65e8\u5728\u5c06\u4e00\u5757\u7269\u7406 GPU \u5206\u5272\u4e3a\u591a\u4e2a GPU \u5b9e\u4f8b\uff0c\u4ee5\u63d0\u4f9b\u66f4\u7ec6\u7c92\u5ea6\u7684\u8d44\u6e90\u5171\u4eab\u548c\u9694\u79bb\u3002MIG \u6700\u591a\u53ef\u5c06\u4e00\u5757 GPU \u5212\u5206\u6210\u4e03\u4e2a GPU \u5b9e\u4f8b\uff0c \u4f7f\u5f97\u4e00\u4e2a \u7269\u7406 GPU \u5361\u53ef\u4e3a\u591a\u4e2a\u7528\u6237\u63d0\u4f9b\u5355\u72ec\u7684 GPU \u8d44\u6e90\uff0c\u4ee5\u5b9e\u73b0\u6700\u4f73 GPU \u5229\u7528\u7387\u3002
\u8fd9\u4e2a\u529f\u80fd\u4f7f\u5f97\u591a\u4e2a\u5e94\u7528\u7a0b\u5e8f\u6216\u7528\u6237\u53ef\u4ee5\u540c\u65f6\u5171\u4eabGPU\u8d44\u6e90\uff0c\u63d0\u9ad8\u4e86\u8ba1\u7b97\u8d44\u6e90\u7684\u5229\u7528\u7387\uff0c\u5e76\u589e\u52a0\u4e86\u7cfb\u7edf\u7684\u53ef\u6269\u5c55\u6027\u3002
\u901a\u8fc7 MIG\uff0c\u6bcf\u4e2a GPU \u5b9e\u4f8b\u7684\u5904\u7406\u5668\u5728\u6574\u4e2a\u5185\u5b58\u7cfb\u7edf\u4e2d\u5177\u6709\u72ec\u7acb\u4e14\u9694\u79bb\u7684\u8def\u5f84\u2014\u2014\u82af\u7247\u4e0a\u7684\u4ea4\u53c9\u5f00\u5173\u7aef\u53e3\u3001L2 \u9ad8\u901f\u7f13\u5b58\u7ec4\u3001\u5185\u5b58\u63a7\u5236\u5668\u548c DRAM \u5730\u5740\u603b\u7ebf\u90fd\u552f\u4e00\u5206\u914d\u7ed9\u5355\u4e2a\u5b9e\u4f8b\u3002
\u8fd9\u786e\u4fdd\u4e86\u5355\u4e2a\u7528\u6237\u7684\u5de5\u4f5c\u8d1f\u8f7d\u80fd\u591f\u4ee5\u53ef\u9884\u6d4b\u7684\u541e\u5410\u91cf\u548c\u5ef6\u8fdf\u8fd0\u884c\uff0c\u5e76\u5177\u6709\u76f8\u540c\u7684\u4e8c\u7ea7\u7f13\u5b58\u5206\u914d\u548c DRAM \u5e26\u5bbd\u3002 MIG \u53ef\u4ee5\u5212\u5206\u53ef\u7528\u7684 GPU \u8ba1\u7b97\u8d44\u6e90\uff08\u5305\u62ec\u6d41\u591a\u5904\u7406\u5668\u6216 SM \u548c GPU \u5f15\u64ce\uff0c\u5982\u590d\u5236\u5f15\u64ce\u6216\u89e3\u7801\u5668\uff09\u8fdb\u884c\u5206\u533a\uff0c \u4ee5\u4fbf\u4e3a\u4e0d\u540c\u7684\u5ba2\u6237\u7aef\uff08\u5982\u4e91\u4e3b\u673a\u3001\u5bb9\u5668\u6216\u8fdb\u7a0b\uff09\u63d0\u4f9b\u5b9a\u4e49\u7684\u670d\u52a1\u8d28\u91cf\uff08QoS\uff09\u548c\u6545\u969c\u9694\u79bb\uff09\u3002 MIG \u4f7f\u591a\u4e2a GPU \u5b9e\u4f8b\u80fd\u591f\u5728\u5355\u4e2a\u7269\u7406 GPU \u4e0a\u5e76\u884c\u8fd0\u884c\u3002
MIG \u5141\u8bb8\u591a\u4e2a vGPU\uff08\u4ee5\u53ca\u4e91\u4e3b\u673a\uff09\u5728\u5355\u4e2a GPU \u5b9e\u4f8b\u4e0a\u5e76\u884c\u8fd0\u884c\uff0c\u540c\u65f6\u4fdd\u7559 vGPU \u63d0\u4f9b\u7684\u9694\u79bb\u4fdd\u8bc1\u3002 \u6709\u5173\u4f7f\u7528 vGPU \u548c MIG \u8fdb\u884c GPU \u5206\u533a\u7684\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 NVIDIA Multi-Instance GPU and NVIDIA Virtual Compute Server\u3002
"},{"location":"admin/kpanda/gpu/nvidia/mig/index.html#mig_2","title":"MIG \u67b6\u6784","text":"\u5982\u4e0b\u662f\u4e00\u4e2a MIG \u7684\u6982\u8ff0\u56fe\uff0c\u53ef\u4ee5\u770b\u51fa MIG \u5c06\u4e00\u5f20\u7269\u7406 GPU \u5361\u865a\u62df\u5316\u6210\u4e86 7 \u4e2a GPU \u5b9e\u4f8b\uff0c\u8fd9\u4e9b GPU \u5b9e\u4f8b\u80fd\u591f\u53ef\u4ee5\u88ab\u591a\u4e2a User \u4f7f\u7528\u3002
"},{"location":"admin/kpanda/gpu/nvidia/mig/index.html#_1","title":"\u91cd\u8981\u6982\u5ff5","text":"\u672c\u8282\u4ecb\u7ecd\u5982\u4f55\u5728 GPU \u4e0a\u521b\u5efa\u5404\u79cd\u5206\u533a\u3002\u5c06\u4f7f\u7528 A100-40GB \u4f5c\u4e3a\u793a\u4f8b\u6f14\u793a\u5982\u4f55\u5bf9\u5355\u4e2a GPU \u7269\u7406\u5361\u4e0a\u8fdb\u884c\u5206\u533a\u3002
GPU \u7684\u5206\u533a\u662f\u4f7f\u7528\u5185\u5b58\u5207\u7247\u8fdb\u884c\u7684\uff0c\u56e0\u6b64\u53ef\u4ee5\u8ba4\u4e3a A100-40GB GPU \u5177\u6709 8x5GB \u5185\u5b58\u5207\u7247\u548c 7 \u4e2a GPU SM \u5207\u7247\uff0c\u5982\u4e0b\u56fe\u6240\u793a\uff0c\u5c55\u793a\u4e86 A100 \u4e0a\u53ef\u7528\u7684\u5185\u5b58\u5207\u7247\u3002
\u5982\u4e0a\u6240\u8ff0\uff0c\u521b\u5efa GPU \u5b9e\u4f8b \uff08GI\uff09 \u9700\u8981\u5c06\u4e00\u5b9a\u6570\u91cf\u7684\u5185\u5b58\u5207\u7247\u4e0e\u4e00\u5b9a\u6570\u91cf\u7684\u8ba1\u7b97\u5207\u7247\u76f8\u7ed3\u5408\u3002 \u5728\u4e0b\u56fe\u4e2d\uff0c\u4e00\u4e2a 5GB \u5185\u5b58\u5207\u7247\u4e0e 1 \u4e2a\u8ba1\u7b97\u5207\u7247\u76f8\u7ed3\u5408\uff0c\u4ee5\u521b\u5efa 1g.5gb GI \u914d\u7f6e\u6587\u4ef6\uff1a
\u540c\u6837\uff0c4x5GB \u5185\u5b58\u5207\u7247\u53ef\u4ee5\u4e0e 4x1 \u8ba1\u7b97\u5207\u7247\u7ed3\u5408\u4f7f\u7528\u4ee5\u521b\u5efa 4g.20gb \u7684 GI \u914d\u7f6e\u6587\u4ef6\uff1a
"},{"location":"admin/kpanda/gpu/nvidia/mig/index.html#ci","title":"\u8ba1\u7b97\u5b9e\u4f8b\uff08CI\uff09","text":"GPU \u5b9e\u4f8b\u7684\u8ba1\u7b97\u5207\u7247(GI)\u53ef\u4ee5\u8fdb\u4e00\u6b65\u7ec6\u5206\u4e3a\u591a\u4e2a\u8ba1\u7b97\u5b9e\u4f8b\uff08CI\uff09\uff0c\u5176\u4e2d CI \u5171\u4eab\u7236 GI \u7684\u5f15\u64ce\u548c\u5185\u5b58\uff0c \u4f46\u6bcf\u4e2a CI \u90fd\u6709\u4e13\u7528\u7684 SM \u8d44\u6e90\u3002\u4f7f\u7528\u4e0a\u9762\u7684\u76f8\u540c 4g.20gb \u793a\u4f8b\uff0c\u53ef\u4ee5\u521b\u5efa\u4e00\u4e2a CI \u4ee5\u4ec5\u4f7f\u7528\u7b2c\u4e00\u4e2a\u8ba1\u7b97\u5207\u7247\u7684 1c.4g.20gb \u8ba1\u7b97\u914d\u7f6e\uff0c\u5982\u4e0b\u56fe\u84dd\u8272\u90e8\u5206\u6240\u793a\uff1a
\u5728\u8fd9\u79cd\u60c5\u51b5\u4e0b\uff0c\u53ef\u4ee5\u901a\u8fc7\u9009\u62e9\u4efb\u4f55\u8ba1\u7b97\u5207\u7247\u6765\u521b\u5efa 4 \u4e2a\u4e0d\u540c\u7684 CI\u3002\u8fd8\u53ef\u4ee5\u5c06\u4e24\u4e2a\u8ba1\u7b97\u5207\u7247\u7ec4\u5408\u5728\u4e00\u8d77\u4ee5\u521b\u5efa 2c.4g.20gb \u7684\u8ba1\u7b97\u914d\u7f6e\uff09\uff1a
\u9664\u6b64\u4e4b\u5916\uff0c\u8fd8\u53ef\u4ee5\u7ec4\u5408 3 \u4e2a\u8ba1\u7b97\u5207\u7247\u4ee5\u521b\u5efa\u8ba1\u7b97\u914d\u7f6e\u6587\u4ef6\uff0c\u6216\u8005\u53ef\u4ee5\u7ec4\u5408\u6240\u6709 4 \u4e2a\u8ba1\u7b97\u5207\u7247\u4ee5\u521b\u5efa 3c.4g.20gb \u3001 4c.4g.20gb \u8ba1\u7b97\u914d\u7f6e\u6587\u4ef6\u3002 \u5408\u5e76\u6240\u6709 4 \u4e2a\u8ba1\u7b97\u5207\u7247\u65f6\uff0c\u914d\u7f6e\u6587\u4ef6\u7b80\u79f0\u4e3a 4g.20gb \u3002
"},{"location":"admin/kpanda/gpu/nvidia/mig/create_mig.html","title":"\u5f00\u542f MIG \u529f\u80fd","text":"\u672c\u7ae0\u8282\u4ecb\u7ecd\u5982\u4f55\u5f00\u542f NVIDIA MIG \u529f\u80fd\u65b9\u5f0f\uff0cNVIDIA \u5f53\u524d\u63d0\u4f9b\u4e24\u79cd\u5728 Kubernetes \u8282\u70b9\u4e0a\u516c\u5f00 MIG \u8bbe\u5907\u7684\u7b56\u7565\uff1a
\u8be6\u60c5\u53c2\u8003 NVIDIA GPU \u5361\u4f7f\u7528\u6a21\u5f0f\u3002
"},{"location":"admin/kpanda/gpu/nvidia/mig/create_mig.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u5b89\u88c5 Operator \u65f6\u9700\u8981\u5bf9\u5e94\u8bbe\u7f6e MigManager Config \u53c2\u6570\uff0c \u9ed8\u8ba4\u4e3a default-mig-parted-config \uff0c\u540c\u65f6\u4e5f\u53ef\u4ee5\u81ea\u5b9a\u4e49\u5207\u5206\u7b56\u7565\u914d\u7f6e\u6587\u4ef6\uff1a
"},{"location":"admin/kpanda/gpu/nvidia/mig/create_mig.html#_3","title":"\u81ea\u5b9a\u4e49\u5207\u5206\u7b56\u7565","text":" ## \u81ea\u5b9a\u4e49\u5207\u5206 GI \u5b9e\u4f8b\u914d\u7f6e\n all-disabled:\n - devices: all\n mig-enabled: false\n all-enabled:\n - devices: all\n mig-enabled: true\n mig-devices: {}\n all-1g.10gb:\n - devices: all\n mig-enabled: true\n mig-devices:\n 1g.5gb: 7\n all-1g.10gb.me:\n - devices: all\n mig-enabled: true\n mig-devices:\n 1g.10gb+me: 1\n all-1g.20gb:\n - devices: all\n mig-enabled: true\n mig-devices:\n 1g.20gb: 4\n all-2g.20gb:\n - devices: all\n mig-enabled: true\n mig-devices:\n 2g.20gb: 3\n all-3g.40gb:\n - devices: all\n mig-enabled: true\n mig-devices:\n 3g.40gb: 2\n all-4g.40gb:\n - devices: all\n mig-enabled: true\n mig-devices:\n 4g.40gb: 1\n all-7g.80gb:\n - devices: all\n mig-enabled: true\n mig-devices:\n 7g.80gb: 1\n all-balanced:\n - device-filter: [\"0x233110DE\", \"0x232210DE\", \"0x20B210DE\", \"0x20B510DE\", \"0x20F310DE\", \"0x20F510DE\"]\n devices: all\n mig-enabled: true\n mig-devices:\n 1g.10gb: 2\n 2g.20gb: 1\n 3g.40gb: 1\n # \u8bbe\u7f6e\u540e\u4f1a\u6309\u7167\u8bbe\u7f6e\u89c4\u683c\u5207\u5206 CI \u5b9e\u4f8b\n custom-config:\n - devices: all\n mig-enabled: true\n mig-devices:\n 3g.40gb: 2\n
\u5728\u4e0a\u8ff0\u7684 YAML \u4e2d\u8bbe\u7f6e custom-config \uff0c\u8bbe\u7f6e\u540e\u4f1a\u6309\u7167\u89c4\u683c\u5207\u5206 CI \u5b9e\u4f8b\u3002
custom-config:\n - devices: all\n mig-enabled: true\n mig-devices:\n 1c.3g.40gb: 6\n
\u8bbe\u7f6e\u5b8c\u6210\u540e\uff0c\u5728\u786e\u8ba4\u90e8\u7f72\u5e94\u7528\u65f6\u5373\u53ef\u4f7f\u7528 GPU MIG \u8d44\u6e90\u3002
"},{"location":"admin/kpanda/gpu/nvidia/mig/create_mig.html#gpu","title":"\u5207\u6362\u8282\u70b9 GPU \u6a21\u5f0f","text":"Note
\u5207\u6362 GPU \u6a21\u5f0f\u6216\u8005\u4fee\u6539\u5207\u5206\u89c4\u683c\u540e\u9700\u8981\u91cd\u542f nvidia-mig-manager\u3002
\u5f53\u6211\u4eec\u6210\u529f\u5b89\u88c5 gpu-operator \u4e4b\u540e\uff0c\u8282\u70b9\u9ed8\u8ba4\u662f\u6574\u5361\u6a21\u5f0f\uff0c\u5728\u8282\u70b9\u7ba1\u7406\u9875\u9762\u4f1a\u6709\u6807\u8bc6\uff0c\u5982\u4e0b\u56fe\u6240\u793a\uff1a
\u70b9\u51fb\u8282\u70b9\u5217\u8868\u53f3\u4fa7\u7684 \u2507 \uff0c\u9009\u62e9 GPU \u6a21\u5f0f\u5207\u6362 \uff0c\u7136\u540e\u9009\u62e9\u5bf9\u5e94\u7684 MIG \u6a21\u5f0f\u4ee5\u53ca\u5207\u5206\u7684\u7b56\u7565\uff0c\u8fd9\u91cc\u4ee5 MIXED \u6a21\u5f0f\u4e3a\u4f8b\uff1a
\u8fd9\u91cc\u4e00\u5171\u6709\u4e24\u4e2a\u914d\u7f6e\uff1a
\u70b9\u51fb \u786e\u5b9a \u6309\u94ae\u540e\uff0c\u7b49\u5f85\u7ea6\u4e00\u5206\u949f\u5de6\u53f3\u5237\u65b0\u9875\u9762\uff0cMIG \u6a21\u5f0f\u5207\u6362\u6210\uff1a
"},{"location":"admin/kpanda/gpu/nvidia/mig/mig_command.html","title":"MIG \u76f8\u5173\u547d\u4ee4","text":"GI \u76f8\u5173\u547d\u540d\uff1a
\u5b50\u547d\u4ee4 \u8bf4\u660e nvidia-smi mig -lgi \u67e5\u770b\u521b\u5efa GI \u5b9e\u4f8b\u5217\u8868 nvidia-smi mig -dgi -gi \u5220\u9664\u6307\u5b9a\u7684 GI \u5b9e\u4f8b nvidia-smi mig -lgip \u67e5\u770b GI \u7684 profile nvidia-smi mig -cgi \u901a\u8fc7\u6307\u5b9a profile \u7684 ID \u521b\u5efa GICI \u76f8\u5173\u547d\u4ee4\uff1a
\u5b50\u547d\u4ee4 \u8bf4\u660e nvidia-smi mig -lcip { -gi {gi Instance ID}} \u67e5\u770b CI \u7684 profile \uff0c\u6307\u5b9a -gi \u53ef\u4ee5\u67e5\u770b\u7279\u5b9a GI \u5b9e\u4f8b\u53ef\u4ee5\u521b\u5efa\u7684 CI nvidia-smi mig -lci \u67e5\u770b\u521b\u5efa\u7684 CI \u5b9e\u4f8b\u5217\u8868 nvidia-smi mig -cci {profile id} -gi {gi instance id} \u6307\u5b9a\u7684 GI \u521b\u5efa CI \u5b9e\u4f8b nvidia-smi mig -dci -ci \u5220\u9664\u6307\u5b9a CI \u5b9e\u4f8bGI+CI \u76f8\u5173\u547d\u4ee4\uff1a
\u5b50\u547d\u4ee4 \u8bf4\u660e nvidia-smi mig -i 0 -cgi {gi profile id} -C {ci profile id} \u76f4\u63a5\u521b\u5efa GI + CI \u5b9e\u4f8b"},{"location":"admin/kpanda/gpu/nvidia/mig/mig_usage.html","title":"\u4f7f\u7528 MIG GPU \u8d44\u6e90","text":"\u672c\u8282\u4ecb\u7ecd\u5e94\u7528\u5982\u4f55\u4f7f\u7528 MIG GPU \u8d44\u6e90\u3002
"},{"location":"admin/kpanda/gpu/nvidia/mig/mig_usage.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u786e\u8ba4\u96c6\u7fa4\u662f\u5426\u5df2\u8bc6\u522b GPU \u5361\u7c7b\u578b
\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 -> \u8282\u70b9\u7ba1\u7406 \uff0c\u67e5\u770b\u662f\u5426\u5df2\u6b63\u786e\u8bc6\u522b\u4e3a MIG \u6a21\u5f0f\u3002
\u901a\u8fc7\u955c\u50cf\u90e8\u7f72\u5e94\u7528\uff0c\u53ef\u9009\u62e9\u5e76\u4f7f\u7528 NVIDIA MIG \u8d44\u6e90\u3002
MIG Single \u6a21\u5f0f\u793a\u4f8b\uff08\u4e0e\u6574\u5361\u4f7f\u7528\u65b9\u5f0f\u76f8\u540c\uff09\uff1a
Note
MIG single \u7b56\u7565\u5141\u8bb8\u7528\u6237\u4ee5\u4e0e GPU \u6574\u5361\u76f8\u540c\u7684\u65b9\u5f0f\uff08nvidia.com/gpu
\uff09\u8bf7\u6c42\u548c\u4f7f\u7528GPU\u8d44\u6e90\uff0c\u4e0d\u540c\u7684\u662f\u8fd9\u4e9b\u8d44\u6e90\u53ef\u4ee5\u662f GPU \u7684\u4e00\u90e8\u5206\uff08MIG\u8bbe\u5907\uff09\uff0c\u800c\u4e0d\u662f\u6574\u4e2aGPU\u3002\u4e86\u89e3\u66f4\u591a GPU MIG \u6a21\u5f0f\u8bbe\u8ba1
MIG Mixed \u6a21\u5f0f\u793a\u4f8b\uff1a
MIG Single \u6a21\u5f0f\uff1a
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: mig-demo\n namespace: default\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: mig-demo\n template:\n metadata:\n creationTimestamp: null\n labels:\n app: mig-demo\n spec:\n containers:\n - name: mig-demo1\n image: chrstnhntschl/gpu_burn\n resources:\n limits:\n nvidia.com/gpu: 2 # (1)!\n imagePullPolicy: Always\n restartPolicy: Always\n
MIG Mixed \u6a21\u5f0f\uff1a
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: mig-demo\n namespace: default\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: mig-demo\n template:\n metadata:\n creationTimestamp: null\n labels:\n app: mig-demo\n spec:\n containers:\n - name: mig-demo1\n image: chrstnhntschl/gpu_burn\n resources:\n limits:\n nvidia.com/mig-4g.20gb: 1 # (1)!\n imagePullPolicy: Always\n restartPolicy: Always\n
\u8fdb\u5165\u5bb9\u5668\u540e\u53ef\u4ee5\u67e5\u770b\u53ea\u4f7f\u7528\u4e86\u4e00\u4e2a MIG \u8bbe\u5907\u3002
"},{"location":"admin/kpanda/gpu/nvidia/vgpu/hami.html","title":"\u6784\u5efa vGPU \u663e\u5b58\u8d85\u914d\u955c\u50cf","text":"Hami \u9879\u76ee\u4e2d vGPU \u663e\u5b58\u8d85\u914d\u7684\u529f\u80fd\u5df2\u7ecf\u4e0d\u5b58\u5728\uff0c\u76ee\u524d\u4f7f\u7528\u6709\u663e\u5b58\u8d85\u914d\u7684 libvgpu.so
\u6587\u4ef6\u91cd\u65b0\u6784\u5efa\u3002
FROM docker.m.daocloud.io/projecthami/hami:v2.3.11\nCOPY libvgpu.so /k8s-vgpu/lib/nvidia/\n
\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u6784\u5efa\u955c\u50cf\uff1a
docker build -t release.daocloud.io/projecthami/hami:v2.3.11 -f Dockerfile .\n
\u7136\u540e\u628a\u955c\u50cf push \u5230 release.daocloud.io
\u4e2d\u3002
\u5982\u9700\u5c06\u4e00\u5f20 NVIDIA \u865a\u62df\u5316\u6210\u591a\u4e2a\u865a\u62df GPU\uff0c\u5e76\u5c06\u5176\u5206\u914d\u7ed9\u4e0d\u540c\u7684\u4e91\u4e3b\u673a\u6216\u7528\u6237\uff0c\u60a8\u53ef\u4ee5\u4f7f\u7528 NVIDIA \u7684 vGPU \u80fd\u529b\u3002 \u672c\u8282\u4ecb\u7ecd\u5982\u4f55\u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4e2d\u5b89\u88c5 vGPU \u63d2\u4ef6\uff0c\u8fd9\u662f\u4f7f\u7528 NVIDIA vGPU \u80fd\u529b\u7684\u524d\u63d0\u3002
"},{"location":"admin/kpanda/gpu/nvidia/vgpu/vgpu_addon.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u529f\u80fd\u6a21\u5757\u8def\u5f84\uff1a \u5bb9\u5668\u7ba1\u7406 -> \u96c6\u7fa4\u7ba1\u7406 \uff0c\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u4ece\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb Helm \u5e94\u7528 -> Helm \u6a21\u677f -> \u641c\u7d22 nvidia-vgpu \u3002
\u5728\u5b89\u88c5 vGPU \u7684\u8fc7\u7a0b\u4e2d\u63d0\u4f9b\u4e86\u51e0\u4e2a\u57fa\u672c\u4fee\u6539\u7684\u53c2\u6570\uff0c\u5982\u679c\u9700\u8981\u4fee\u6539\u9ad8\u7ea7\u53c2\u6570\u70b9\u51fb YAML \u5217\u8fdb\u884c\u4fee\u6539\uff1a
deviceCoreScaling \uff1aNVIDIA \u88c5\u7f6e\u7b97\u529b\u4f7f\u7528\u6bd4\u4f8b\uff0c\u9884\u8bbe\u503c\u662f 1\u3002\u53ef\u4ee5\u5927\u4e8e 1\uff08\u542f\u7528\u865a\u62df\u7b97\u529b\uff0c\u5b9e\u9a8c\u529f\u80fd\uff09\u3002\u5982\u679c\u6211\u4eec\u914d\u7f6e devicePlugin.deviceCoreScaling \u53c2\u6570\u4e3a S\uff0c\u5728\u90e8\u7f72\u4e86\u6211\u4eec\u88c5\u7f6e\u63d2\u4ef6\u7684 Kubernetes \u96c6\u7fa4\u4e2d\uff0c\u8fd9\u5f20 GPU \u5206\u51fa\u7684 vGPU \u5c06\u603b\u5171\u5305\u542b S * 100% \u7b97\u529b\u3002
deviceMemoryScaling \uff1aNVIDIA \u88c5\u7f6e\u663e\u5b58\u4f7f\u7528\u6bd4\u4f8b\uff0c\u9884\u8bbe\u503c\u662f 1\u3002\u53ef\u4ee5\u5927\u4e8e 1\uff08\u542f\u7528\u865a\u62df\u663e\u5b58\uff0c\u5b9e\u9a8c\u529f\u80fd\uff09\u3002 \u5bf9\u4e8e\u6709 M \u663e\u5b58\u5927\u5c0f\u7684 NVIDIA GPU\uff0c\u5982\u679c\u6211\u4eec\u914d\u7f6e devicePlugin.deviceMemoryScaling \u53c2\u6570\u4e3a S\uff0c \u5728\u90e8\u7f72\u4e86\u6211\u4eec\u88c5\u7f6e\u63d2\u4ef6\u7684 Kubernetes \u96c6\u7fa4\u4e2d\uff0c\u8fd9\u5f20 GPU \u5206\u51fa\u7684 vGPU \u5c06\u603b\u5171\u5305\u542b S * M \u663e\u5b58\u3002
deviceSplitCount \uff1a\u6574\u6570\u7c7b\u578b\uff0c\u9884\u8bbe\u503c\u662f 10\u3002GPU \u7684\u5206\u5272\u6570\uff0c\u6bcf\u4e00\u5f20 GPU \u90fd\u4e0d\u80fd\u5206\u914d\u8d85\u8fc7\u5176\u914d\u7f6e\u6570\u76ee\u7684\u4efb\u52a1\u3002 \u82e5\u5176\u914d\u7f6e\u4e3a N \u7684\u8bdd\uff0c\u6bcf\u4e2a GPU \u4e0a\u6700\u591a\u53ef\u4ee5\u540c\u65f6\u5b58\u5728 N \u4e2a\u4efb\u52a1\u3002
Resources \uff1a\u5c31\u662f\u5bf9\u5e94 vgpu-device-plugin \u548c vgpu-schedule pod \u7684\u8d44\u6e90\u4f7f\u7528\u91cf\u3002
ServiceMonitor \uff1a\u9ed8\u8ba4\u4e0d\u5f00\u542f\uff0c\u5f00\u542f\u540e\u53ef\u524d\u5f80\u53ef\u89c2\u6d4b\u6027\u6a21\u5757\u67e5\u770b vGPU \u76f8\u5173\u76d1\u63a7\u3002\u5982\u9700\u5f00\u542f\uff0c\u8bf7\u786e\u4fdd insight-agent \u5df2\u5b89\u88c5\u5e76\u5904\u4e8e\u8fd0\u884c\u72b6\u6001\uff0c\u5426\u5219\u5c06\u5bfc\u81f4 NVIDIA vGPU Addon \u5b89\u88c5\u5931\u8d25\u3002
\u5b89\u88c5\u6210\u529f\u4e4b\u540e\u4f1a\u5728\u6307\u5b9a Namespace \u4e0b\u51fa\u73b0\u5982\u4e0b\u4e24\u4e2a\u7c7b\u578b\u7684 Pod\uff0c\u5373\u8868\u793a NVIDIA vGPU \u63d2\u4ef6\u5df2\u5b89\u88c5\u6210\u529f\uff1a
\u5b89\u88c5\u6210\u529f\u540e\uff0c\u90e8\u7f72\u5e94\u7528\u53ef\u4f7f\u7528 vGPU \u8d44\u6e90\u3002
Note
NVIDIA vGPU Addon \u4e0d\u652f\u6301\u4ece\u8001\u7248\u672c v2.0.0 \u76f4\u63a5\u5347\u7ea7\u4e3a\u6700\u65b0\u7248 v2.0.0+1\uff1b \u5982\u9700\u5347\u7ea7\uff0c\u8bf7\u5378\u8f7d\u8001\u7248\u672c\u540e\u91cd\u65b0\u5b89\u88c5\u3002
"},{"location":"admin/kpanda/gpu/nvidia/vgpu/vgpu_user.html","title":"\u5e94\u7528\u4f7f\u7528 Nvidia vGPU","text":"\u672c\u8282\u4ecb\u7ecd\u5982\u4f55\u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4f7f\u7528 vGPU \u80fd\u529b\u3002
"},{"location":"admin/kpanda/gpu/nvidia/vgpu/vgpu_user.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u786e\u8ba4\u96c6\u7fa4\u662f\u5426\u5df2\u68c0\u6d4b GPU \u5361\u3002\u70b9\u51fb\u5bf9\u5e94 \u96c6\u7fa4 -> \u96c6\u7fa4\u8bbe\u7f6e -> Addon \u63d2\u4ef6 \uff0c\u67e5\u770b\u662f\u5426\u5df2\u81ea\u52a8\u542f\u7528\u5e76\u81ea\u52a8\u68c0\u6d4b\u5bf9\u5e94 GPU \u7c7b\u578b\u3002 \u76ee\u524d\u96c6\u7fa4\u4f1a\u81ea\u52a8\u542f\u7528 GPU \uff0c\u5e76\u4e14\u8bbe\u7f6e GPU \u7c7b\u578b\u4e3a Nvidia vGPU \u3002
\u90e8\u7f72\u5de5\u4f5c\u8d1f\u8f7d\uff0c\u70b9\u51fb\u5bf9\u5e94 \u96c6\u7fa4 -> \u5de5\u4f5c\u8d1f\u8f7d \uff0c\u901a\u8fc7\u955c\u50cf\u65b9\u5f0f\u90e8\u7f72\u5de5\u4f5c\u8d1f\u8f7d\uff0c\u9009\u62e9\u7c7b\u578b\uff08Nvidia vGPU\uff09\u4e4b\u540e\uff0c\u4f1a\u81ea\u52a8\u51fa\u73b0\u5982\u4e0b\u51e0\u4e2a\u53c2\u6570\u9700\u8981\u586b\u5199\uff1a
\u5982\u679c\u4e0a\u8ff0\u503c\u914d\u7f6e\u7684\u6709\u95ee\u9898\u5219\u4f1a\u51fa\u73b0\u8c03\u5ea6\u5931\u8d25\uff0c\u8d44\u6e90\u5206\u914d\u4e0d\u4e86\u7684\u60c5\u51b5\u3002
\u53c2\u8003\u5982\u4e0b\u5de5\u4f5c\u8d1f\u8f7d\u914d\u7f6e\uff0c\u5728\u8d44\u6e90\u7533\u8bf7\u548c\u9650\u5236\u914d\u7f6e\u4e2d\u589e\u52a0 nvidia.com/vgpu: '1' \u53c2\u6570\u6765\u914d\u7f6e\u5e94\u7528\u4f7f\u7528\u7269\u7406\u5361\u7684\u6570\u91cf\u3002
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: full-vgpu-demo\n namespace: default\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: full-vgpu-demo\n template:\n metadata:\n creationTimestamp: null\n labels:\n app: full-vgpu-demo\n spec:\n containers:\n - name: full-vgpu-demo1\n image: chrstnhntschl/gpu_burn\n resources:\n limits:\n nvidia.com/gpucores: '20' # \u7533\u8bf7\u6bcf\u5f20\u5361\u5360\u7528 20% \u7684 GPU \u7b97\u529b\n nvidia.com/gpumem: '200' # \u7533\u8bf7\u6bcf\u5f20\u5361\u5360\u7528 200MB \u7684\u663e\u5b58\n nvidia.com/vgpu: '1' # \u7533\u8bf7GPU\u7684\u6570\u91cf\n imagePullPolicy: Always\n restartPolicy: Always\n
"},{"location":"admin/kpanda/gpu/volcano/drf.html","title":"DRF\uff08Dominant Resource Fairness\uff09 \u8c03\u5ea6\u7b56\u7565","text":"DRF \u8c03\u5ea6\u7b56\u7565\u8ba4\u4e3a\u5360\u7528\u8d44\u6e90\u8f83\u5c11\u7684\u4efb\u52a1\u5177\u6709\u66f4\u9ad8\u7684\u4f18\u5148\u7ea7\u3002\u8fd9\u6837\u80fd\u591f\u6ee1\u8db3\u66f4\u591a\u7684\u4f5c\u4e1a\uff0c\u4e0d\u4f1a\u56e0\u4e3a\u4e00\u4e2a\u80d6\u4e1a\u52a1\uff0c \u997f\u6b7b\u5927\u6279\u5c0f\u4e1a\u52a1\u3002DRF \u8c03\u5ea6\u7b97\u6cd5\u80fd\u591f\u786e\u4fdd\u5728\u591a\u79cd\u7c7b\u578b\u8d44\u6e90\u5171\u5b58\u7684\u73af\u5883\u4e0b\uff0c\u5c3d\u53ef\u80fd\u6ee1\u8db3\u5206\u914d\u7684\u516c\u5e73\u539f\u5219\u3002
"},{"location":"admin/kpanda/gpu/volcano/drf.html#_1","title":"\u4f7f\u7528\u65b9\u5f0f","text":"DRF \u8c03\u5ea6\u7b56\u7565\u9ed8\u8ba4\u5df2\u542f\u7528\uff0c\u65e0\u9700\u4efb\u4f55\u914d\u7f6e\u3002
kubectl -n volcano-system view configmaps volcano-scheduler-configmap\n
"},{"location":"admin/kpanda/gpu/volcano/drf.html#_2","title":"\u4f7f\u7528\u6848\u4f8b","text":"\u5728 AI \u8bad\u7ec3\uff0c\u6216\u5927\u6570\u636e\u8ba1\u7b97\u4e2d\uff0c\u901a\u8fc7\u6709\u9650\u8fd0\u884c\u4f7f\u7528\u8d44\u6e90\u5c11\u7684\u4efb\u52a1\uff0c\u8fd9\u6837\u53ef\u4ee5\u8ba9\u96c6\u7fa4\u8d44\u6e90\u4f7f\u7528\u7387\u66f4\u9ad8\uff0c\u800c\u4e14\u8fd8\u80fd\u907f\u514d\u5c0f\u4efb\u52a1\u88ab\u997f\u6b7b\u3002 \u5982\u4e0b\u521b\u5efa\u4e24\u4e2a Job\uff0c\u4e00\u4e2a\u662f\u5c0f\u8d44\u6e90\u9700\u6c42\uff0c\u4e00\u4e2a\u662f\u5927\u8d44\u6e90\u9700\u6c42\uff0c\u53ef\u4ee5\u770b\u51fa\u6765\u5c0f\u8d44\u6e90\u9700\u6c42\u7684 Job \u4f18\u5148\u8fd0\u884c\u8d77\u6765\u3002
cat <<EOF | kubectl apply -f - \napiVersion: batch.volcano.sh/v1alpha1 \nkind: Job \nmetadata: \n name: small-resource \nspec: \n schedulerName: volcano \n minAvailable: 4 \n priorityClassName: small-resource \n tasks: \n - replicas: 4 \n name: \"test\" \n template: \n spec: \n containers: \n - image: alpine \n command: [\"/bin/sh\", \"-c\", \"sleep 1000\"] \n imagePullPolicy: IfNotPresent \n name: running \n resources: \n requests: \n cpu: \"1\" \n restartPolicy: OnFailure \n--- \napiVersion: batch.volcano.sh/v1alpha1 \nkind: Job \nmetadata: \n name: large-resource \nspec: \n schedulerName: volcano \n minAvailable: 4 \n priorityClassName: large-resource \n tasks: \n - replicas: 4 \n name: \"test\" \n template: \n spec: \n containers: \n - image: alpine \n command: [\"/bin/sh\", \"-c\", \"sleep 1000\"] \n imagePullPolicy: IfNotPresent \n name: running \n resources: \n requests: \n cpu: \"2\" \n restartPolicy: OnFailure \nEOF\n
"},{"location":"admin/kpanda/gpu/volcano/numa.html","title":"NUMA \u4eb2\u548c\u6027\u8c03\u5ea6","text":"NUMA \u8282\u70b9\u662f Non-Uniform Memory Access\uff08\u975e\u7edf\u4e00\u5185\u5b58\u8bbf\u95ee\uff09\u67b6\u6784\u4e2d\u7684\u4e00\u4e2a\u57fa\u672c\u7ec4\u6210\u5355\u5143\uff0c\u4e00\u4e2a Node \u8282\u70b9\u662f\u591a\u4e2a NUMA \u8282\u70b9\u7684\u96c6\u5408\uff0c \u5728\u591a\u4e2a NUMA \u8282\u70b9\u4e4b\u95f4\u8fdb\u884c\u5185\u5b58\u8bbf\u95ee\u65f6\u4f1a\u4ea7\u751f\u5ef6\u8fdf\uff0c\u5f00\u53d1\u8005\u53ef\u4ee5\u901a\u8fc7\u4f18\u5316\u4efb\u52a1\u8c03\u5ea6\u548c\u5185\u5b58\u5206\u914d\u7b56\u7565\uff0c\u6765\u63d0\u9ad8\u5185\u5b58\u8bbf\u95ee\u6548\u7387\u548c\u6574\u4f53\u6027\u80fd\u3002
"},{"location":"admin/kpanda/gpu/volcano/numa.html#_1","title":"\u4f7f\u7528\u573a\u666f","text":"Numa \u4eb2\u548c\u6027\u8c03\u5ea6\u7684\u5e38\u89c1\u573a\u666f\u662f\u90a3\u4e9b\u5bf9 CPU \u53c2\u6570\u654f\u611f/\u8c03\u5ea6\u5ef6\u8fdf\u654f\u611f\u7684\u8ba1\u7b97\u5bc6\u96c6\u578b\u4f5c\u4e1a\u3002\u5982\u79d1\u5b66\u8ba1\u7b97\u3001\u89c6\u9891\u89e3\u7801\u3001\u52a8\u6f2b\u52a8\u753b\u6e32\u67d3\u3001\u5927\u6570\u636e\u79bb\u7ebf\u5904\u7406\u7b49\u5177\u4f53\u573a\u666f\u3002
"},{"location":"admin/kpanda/gpu/volcano/numa.html#_2","title":"\u8c03\u5ea6\u7b56\u7565","text":"Pod \u8c03\u5ea6\u65f6\u53ef\u4ee5\u91c7\u7528\u7684 NUMA \u653e\u7f6e\u7b56\u7565\uff0c\u5177\u4f53\u7b56\u7565\u5bf9\u5e94\u7684\u8c03\u5ea6\u884c\u4e3a\u8bf7\u53c2\u89c1 Pod \u8c03\u5ea6\u884c\u4e3a\u8bf4\u660e\u3002
\u5f53Pod\u8bbe\u7f6e\u4e86\u62d3\u6251\u7b56\u7565\u65f6\uff0cVolcano \u4f1a\u6839\u636e Pod \u8bbe\u7f6e\u7684\u62d3\u6251\u7b56\u7565\u9884\u6d4b\u5339\u914d\u7684\u8282\u70b9\u5217\u8868\u3002 \u8c03\u5ea6\u8fc7\u7a0b\u5982\u4e0b\uff1a
\u6839\u636e Pod \u8bbe\u7f6e\u7684 Volcano \u62d3\u6251\u7b56\u7565\uff0c\u7b5b\u9009\u5177\u6709\u76f8\u540c\u7b56\u7565\u7684\u8282\u70b9\u3002
\u5728\u8bbe\u7f6e\u4e86\u76f8\u540c\u7b56\u7565\u7684\u8282\u70b9\u4e2d\uff0c\u7b5b\u9009 CPU \u62d3\u6251\u6ee1\u8db3\u8be5\u7b56\u7565\u8981\u6c42\u7684\u8282\u70b9\u8fdb\u884c\u8c03\u5ea6\u3002
\u5728 Job \u4e2d\u914d\u7f6e policies
task: \n - replicas: 1 \n name: \"test-1\" \n topologyPolicy: single-numa-node \n - replicas: 1 \n name: \"test-2\" \n topologyPolicy: best-effort \n
\u4fee\u6539 kubelet \u7684\u8c03\u5ea6\u7b56\u7565\uff0c\u8bbe\u7f6e --topology-manager-policy
\u53c2\u6570\uff0c\u652f\u6301\u7684\u7b56\u7565\u6709\u56db\u79cd\uff1a
none
\uff08\u9ed8\u8ba4\uff09best-effort
restricted
single-numa-node
\u793a\u4f8b\u4e00\uff1a\u5728\u65e0\u72b6\u6001\u5de5\u4f5c\u8d1f\u8f7d\u4e2d\u914d\u7f6e NUMA \u4eb2\u548c\u6027\u3002
kind: Deployment \napiVersion: apps/v1 \nmetadata: \n name: numa-tset \nspec: \n replicas: 1 \n selector: \n matchLabels: \n app: numa-tset \n template: \n metadata: \n labels: \n app: numa-tset \n annotations: \n volcano.sh/numa-topology-policy: single-numa-node # set the topology policy \n spec: \n containers: \n - name: container-1 \n image: nginx:alpine \n resources: \n requests: \n cpu: 2 # \u5fc5\u987b\u4e3a\u6574\u6570\uff0c\u4e14\u9700\u8981\u4e0elimits\u4e2d\u4e00\u81f4 \n memory: 2048Mi \n limits: \n cpu: 2 # \u5fc5\u987b\u4e3a\u6574\u6570\uff0c\u4e14\u9700\u8981\u4e0erequests\u4e2d\u4e00\u81f4 \n memory: 2048Mi \n imagePullSecrets: \n - name: default-secret\n
\u793a\u4f8b\u4e8c\uff1a\u521b\u5efa\u4e00\u4e2a Volcano Job\uff0c\u5e76\u4f7f\u7528 NUMA \u4eb2\u548c\u6027\u3002
apiVersion: batch.volcano.sh/v1alpha1 \nkind: Job \nmetadata: \n name: vj-test \nspec: \n schedulerName: volcano \n minAvailable: 1 \n tasks: \n - replicas: 1 \n name: \"test\" \n topologyPolicy: best-effort # set the topology policy for task \n template: \n spec: \n containers: \n - image: alpine \n command: [\"/bin/sh\", \"-c\", \"sleep 1000\"] \n imagePullPolicy: IfNotPresent \n name: running \n resources: \n limits: \n cpu: 20 \n memory: \"100Mi\" \n restartPolicy: OnFailure\n
\u5047\u8bbe NUMA \u8282\u70b9\u60c5\u51b5\u5982\u4e0b\uff1a
\u5de5\u4f5c\u8282\u70b9 \u8282\u70b9\u7b56\u7565\u62d3\u6251\u7ba1\u7406\u5668\u7b56\u7565 NUMA \u8282\u70b9 0 \u4e0a\u7684\u53ef\u5206\u914d CPU NUMA \u8282\u70b9 1 \u4e0a\u7684\u53ef\u5206\u914d CPU node-1 single-numa-node 16U 16U node-2 best-effort 16U 16U node-3 best-effort 20U 20U\u60a8\u53ef\u4ee5\u901a\u8fc7 lscpu \u547d\u4ee4\u67e5\u770b\u5f53\u524d\u8282\u70b9\u7684 CPU \u6982\u51b5\uff1a
lscpu \n... \nCPU(s): 32 \nNUMA node(s): 2 \nNUMA node0 CPU(s): 0-15 \nNUMA node1 CPU(s): 16-31\n
"},{"location":"admin/kpanda/gpu/volcano/numa.html#cpu_1","title":"\u67e5\u770b\u5f53\u524d\u8282\u70b9\u7684 CPU \u5206\u914d","text":"\u7136\u540e\u67e5\u770b NUMA \u8282\u70b9\u4f7f\u7528\u60c5\u51b5\uff1a
# \u67e5\u770b\u5f53\u524d\u8282\u70b9\u7684 CPU \u5206\u914d\ncat /var/lib/kubelet/cpu_manager_state\n{\"policyName\":\"static\",\"defaultCpuSet\":\"0,10-15,25-31\",\"entries\":{\"777870b5-c64f-42f5-9296-688b9dc212ba\":{\"container-1\":\"16-24\"},\"fb15e10a-b6a5-4aaa-8fcd-76c1aa64e6fd\":{\"container-1\":\"1-9\"}},\"checksum\":318470969}\n
\u4ee5\u4e0a\u793a\u4f8b\u4e2d\u8868\u793a\uff0c\u8282\u70b9\u4e0a\u8fd0\u884c\u4e86\u4e24\u4e2a\u5bb9\u5668\uff0c\u4e00\u4e2a\u5360\u7528\u4e86 NUMA node0 \u76841-9 \u6838\uff0c\u53e6\u4e00\u4e2a\u5360\u7528\u4e86 NUMA node1 \u7684 16-24 \u6838\u3002
"},{"location":"admin/kpanda/gpu/volcano/volcano-gang-scheduler.html","title":"\u4f7f\u7528 Volcano \u7684 Gang Scheduler","text":"Gang \u8c03\u5ea6\u7b56\u7565\u662f volcano-scheduler \u7684\u6838\u5fc3\u8c03\u5ea6\u7b97\u6cd5\u4e4b\u4e00\uff0c\u5b83\u6ee1\u8db3\u4e86\u8c03\u5ea6\u8fc7\u7a0b\u4e2d\u7684 \u201cAll or nothing\u201d \u7684\u8c03\u5ea6\u9700\u6c42\uff0c \u907f\u514d Pod \u7684\u4efb\u610f\u8c03\u5ea6\u5bfc\u81f4\u96c6\u7fa4\u8d44\u6e90\u7684\u6d6a\u8d39\u3002\u5177\u4f53\u7b97\u6cd5\u662f\uff0c\u89c2\u5bdf Job \u4e0b\u7684 Pod \u5df2\u8c03\u5ea6\u6570\u91cf\u662f\u5426\u6ee1\u8db3\u4e86\u6700\u5c0f\u8fd0\u884c\u6570\u91cf\uff0c \u5f53 Job \u7684\u6700\u5c0f\u8fd0\u884c\u6570\u91cf\u5f97\u5230\u6ee1\u8db3\u65f6\uff0c\u4e3a Job \u4e0b\u7684\u6240\u6709 Pod \u6267\u884c\u8c03\u5ea6\u52a8\u4f5c\uff0c\u5426\u5219\uff0c\u4e0d\u6267\u884c\u3002
"},{"location":"admin/kpanda/gpu/volcano/volcano-gang-scheduler.html#_1","title":"\u4f7f\u7528\u573a\u666f","text":"\u57fa\u4e8e\u5bb9\u5668\u7ec4\u6982\u5ff5\u7684 Gang \u8c03\u5ea6\u7b97\u6cd5\u5341\u5206\u9002\u5408\u9700\u8981\u591a\u8fdb\u7a0b\u534f\u4f5c\u7684\u573a\u666f\u3002AI \u573a\u666f\u5f80\u5f80\u5305\u542b\u590d\u6742\u7684\u6d41\u7a0b\uff0c Data Ingestion\u3001Data Analysts\u3001Data Splitting\u3001Trainer\u3001Serving\u3001Logging \u7b49\uff0c \u9700\u8981\u4e00\u7ec4\u5bb9\u5668\u8fdb\u884c\u534f\u540c\u5de5\u4f5c\uff0c\u5c31\u5f88\u9002\u5408\u57fa\u4e8e\u5bb9\u5668\u7ec4\u7684 Gang \u8c03\u5ea6\u7b56\u7565\u3002 MPI \u8ba1\u7b97\u6846\u67b6\u4e0b\u7684\u591a\u7ebf\u7a0b\u5e76\u884c\u8ba1\u7b97\u901a\u4fe1\u573a\u666f\uff0c\u7531\u4e8e\u9700\u8981\u4e3b\u4ece\u8fdb\u7a0b\u534f\u540c\u5de5\u4f5c\uff0c\u4e5f\u975e\u5e38\u9002\u5408\u4f7f\u7528 Gang \u8c03\u5ea6\u7b56\u7565\u3002 \u5bb9\u5668\u7ec4\u4e0b\u7684\u5bb9\u5668\u9ad8\u5ea6\u76f8\u5173\u4e5f\u53ef\u80fd\u5b58\u5728\u8d44\u6e90\u4e89\u62a2\uff0c\u6574\u4f53\u8c03\u5ea6\u5206\u914d\uff0c\u80fd\u591f\u6709\u6548\u89e3\u51b3\u6b7b\u9501\u3002
\u5728\u96c6\u7fa4\u8d44\u6e90\u4e0d\u8db3\u7684\u573a\u666f\u4e0b\uff0cGang \u7684\u8c03\u5ea6\u7b56\u7565\u5bf9\u4e8e\u96c6\u7fa4\u8d44\u6e90\u7684\u5229\u7528\u7387\u7684\u63d0\u5347\u662f\u975e\u5e38\u660e\u663e\u7684\u3002 \u6bd4\u5982\u96c6\u7fa4\u73b0\u5728\u53ea\u80fd\u5bb9\u7eb3 2 \u4e2a Pod\uff0c\u73b0\u5728\u8981\u6c42\u6700\u5c0f\u8c03\u5ea6\u7684 Pod \u6570\u4e3a 3\u3002 \u90a3\u73b0\u5728\u8fd9\u4e2a Job \u7684\u6240\u6709\u7684 Pod \u90fd\u4f1a pending\uff0c\u76f4\u5230\u96c6\u7fa4\u80fd\u591f\u5bb9\u7eb3 3 \u4e2a Pod\uff0cPod \u624d\u4f1a\u88ab\u8c03\u5ea6\u3002 \u6709\u6548\u9632\u6b62\u8c03\u5ea6\u90e8\u5206 Pod\uff0c\u4e0d\u6ee1\u8db3\u8981\u6c42\u53c8\u5360\u7528\u4e86\u8d44\u6e90\uff0c\u4f7f\u5176\u4ed6 Job \u65e0\u6cd5\u8fd0\u884c\u7684\u60c5\u51b5\u3002
"},{"location":"admin/kpanda/gpu/volcano/volcano-gang-scheduler.html#_2","title":"\u6982\u5ff5\u8bf4\u660e","text":"Gang Scheduler \u662f Volcano \u7684\u6838\u5fc3\u7684\u8c03\u5ea6\u63d2\u4ef6\uff0c\u5b89\u88c5 Volcano \u540e\u9ed8\u8ba4\u5c31\u5f00\u542f\u4e86\u3002 \u5728\u521b\u5efa\u5de5\u4f5c\u8d1f\u8f7d\u65f6\u53ea\u9700\u8981\u6307\u5b9a\u8c03\u5ea6\u5668\u7684\u540d\u79f0\u4e3a Volcano \u5373\u53ef\u3002
Volcano \u662f\u4ee5 PodGroup \u4e3a\u5355\u4f4d\u8fdb\u884c\u8c03\u5ea6\u7684\uff0c\u5728\u521b\u5efa\u5de5\u4f5c\u8d1f\u8f7d\u65f6\uff0c\u5e76\u4e0d\u9700\u8981\u624b\u52a8\u521b\u5efa PodGroup \u8d44\u6e90\uff0c Volcano \u4f1a\u6839\u636e\u5de5\u4f5c\u8d1f\u8f7d\u7684\u4fe1\u606f\u81ea\u52a8\u521b\u5efa\u3002\u4e0b\u9762\u662f\u4e00\u4e2a PodGroup \u7684\u793a\u4f8b\uff1a
apiVersion: scheduling.volcano.sh/v1beta1\nkind: PodGroup\nmetadata:\n name: test\n namespace: default\nspec:\n minMember: 1 # (1)!\n minResources: # (2)!\n cpu: \"3\"\n memory: \"2048Mi\"\n priorityClassName: high-prority # (3)!\n queue: default # (4)!\n
\u5728 MPI \u8ba1\u7b97\u6846\u67b6\u4e0b\u7684\u591a\u7ebf\u7a0b\u5e76\u884c\u8ba1\u7b97\u901a\u4fe1\u573a\u666f\u4e2d\uff0c\u6211\u4eec\u8981\u786e\u4fdd\u6240\u6709\u7684 Pod \u90fd\u80fd\u8c03\u5ea6\u6210\u529f\u624d\u80fd\u4fdd\u8bc1\u4efb\u52a1\u6b63\u5e38\u5b8c\u6210\u3002 \u8bbe\u7f6e minAvailable \u4e3a 4\uff0c\u8868\u793a\u8981\u6c42 1 \u4e2a mpimaster \u548c 3 \u4e2a mpiworker \u80fd\u8fd0\u884c\u3002
apiVersion: batch.volcano.sh/v1alpha1\nkind: Job\nmetadata:\n name: lm-mpi-job\n labels:\n \"volcano.sh/job-type\": \"MPI\"\nspec:\n minAvailable: 4\n schedulerName: volcano\n plugins:\n ssh: []\n svc: []\n policies:\n - event: PodEvicted\n action: RestartJob\n tasks:\n - replicas: 1\n name: mpimaster\n policies:\n - event: TaskCompleted\n action: CompleteJob\n template:\n spec:\n containers:\n - command:\n - /bin/sh\n - -c\n - |\n MPI_HOST=`cat /etc/volcano/mpiworker.host | tr \"\\n\" \",\"`;\n mkdir -p /var/run/sshd; /usr/sbin/sshd;\n mpiexec --allow-run-as-root --host ${MPI_HOST} -np 3 mpi_hello_world;\n image: docker.m.daocloud.io/volcanosh/example-mpi:0.0.1\n name: mpimaster\n ports:\n - containerPort: 22\n name: mpijob-port\n workingDir: /home\n resources:\n requests:\n cpu: \"500m\"\n limits:\n cpu: \"500m\"\n restartPolicy: OnFailure\n imagePullSecrets:\n - name: default-secret\n - replicas: 3\n name: mpiworker\n template:\n spec:\n containers:\n - command:\n - /bin/sh\n - -c\n - |\n mkdir -p /var/run/sshd; /usr/sbin/sshd -D;\n image: docker.m.daocloud.io/volcanosh/example-mpi:0.0.1\n name: mpiworker\n ports:\n - containerPort: 22\n name: mpijob-port\n workingDir: /home\n resources:\n requests:\n cpu: \"1000m\"\n limits:\n cpu: \"1000m\"\n restartPolicy: OnFailure\n imagePullSecrets:\n - name: default-secret\n
\u751f\u6210 PodGroup \u7684\u8d44\u6e90\uff1a
apiVersion: scheduling.volcano.sh/v1beta1\nkind: PodGroup\nmetadata:\n annotations:\n creationTimestamp: \"2024-05-28T09:18:50Z\"\n generation: 5\n labels:\n volcano.sh/job-type: MPI\n name: lm-mpi-job-9c571015-37c7-4a1a-9604-eaa2248613f2\n namespace: default\n ownerReferences:\n - apiVersion: batch.volcano.sh/v1alpha1\n blockOwnerDeletion: true\n controller: true\n kind: Job\n name: lm-mpi-job\n uid: 9c571015-37c7-4a1a-9604-eaa2248613f2\n resourceVersion: \"25173454\"\n uid: 7b04632e-7cff-4884-8e9a-035b7649d33b\nspec:\n minMember: 4\n minResources:\n count/pods: \"4\"\n cpu: 3500m\n limits.cpu: 3500m\n pods: \"4\"\n requests.cpu: 3500m\n minTaskMember:\n mpimaster: 1\n mpiworker: 3\n queue: default\nstatus:\n conditions:\n - lastTransitionTime: \"2024-05-28T09:19:01Z\"\n message: '3/4 tasks in gang unschedulable: pod group is not ready, 1 Succeeded,\n 3 Releasing, 4 minAvailable'\n reason: NotEnoughResources\n status: \"True\"\n transitionID: f875efa5-0358-4363-9300-06cebc0e7466\n type: Unschedulable\n - lastTransitionTime: \"2024-05-28T09:18:53Z\"\n reason: tasks in gang are ready to be scheduled\n status: \"True\"\n transitionID: 5a7708c8-7d42-4c33-9d97-0581f7c06dab\n type: Scheduled\n phase: Pending\n succeeded: 1\n
\u4ece PodGroup \u53ef\u4ee5\u770b\u51fa\uff0c\u901a\u8fc7 ownerReferences \u5173\u8054\u5230\u5de5\u4f5c\u8d1f\u8f7d\uff0c\u5e76\u8bbe\u7f6e\u6700\u5c0f\u8fd0\u884c\u7684 Pod \u6570\u4e3a 4\u3002
"},{"location":"admin/kpanda/gpu/volcano/volcano_binpack.html","title":"\u4f7f\u7528 Volcano Binpack \u8c03\u5ea6\u7b56\u7565","text":"Binpack \u8c03\u5ea6\u7b97\u6cd5\u7684\u76ee\u6807\u662f\u5c3d\u91cf\u628a\u5df2\u88ab\u5360\u7528\u7684\u8282\u70b9\u586b\u6ee1\uff08\u5c3d\u91cf\u4e0d\u5f80\u7a7a\u767d\u8282\u70b9\u5206\u914d\uff09\u3002\u5177\u4f53\u5b9e\u73b0\u4e0a\uff0cBinpack \u8c03\u5ea6\u7b97\u6cd5\u4f1a\u7ed9\u6295\u9012\u7684\u8282\u70b9\u6253\u5206\uff0c \u5206\u6570\u8d8a\u9ad8\u8868\u793a\u8282\u70b9\u7684\u8d44\u6e90\u5229\u7528\u7387\u8d8a\u9ad8\u3002\u901a\u8fc7\u5c3d\u53ef\u80fd\u586b\u6ee1\u8282\u70b9\uff0c\u5c06\u5e94\u7528\u8d1f\u8f7d\u9760\u62e2\u5728\u90e8\u5206\u8282\u70b9\uff0c\u8fd9\u79cd\u8c03\u5ea6\u7b97\u6cd5\u80fd\u591f\u5c3d\u53ef\u80fd\u51cf\u5c0f\u8282\u70b9\u5185\u7684\u788e\u7247\uff0c \u5728\u7a7a\u95f2\u7684\u673a\u5668\u4e0a\u4e3a\u7533\u8bf7\u4e86\u66f4\u5927\u8d44\u6e90\u8bf7\u6c42\u7684 Pod \u9884\u7559\u8db3\u591f\u7684\u8d44\u6e90\u7a7a\u95f4\uff0c\u4f7f\u96c6\u7fa4\u4e0b\u7a7a\u95f2\u8d44\u6e90\u5f97\u5230\u6700\u5927\u5316\u7684\u5229\u7528\u3002
"},{"location":"admin/kpanda/gpu/volcano/volcano_binpack.html#_1","title":"\u524d\u7f6e\u6761\u4ef6","text":"\u9884\u5148\u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4e0a\u5b89\u88c5 Volcano \u7ec4\u4ef6\u3002
"},{"location":"admin/kpanda/gpu/volcano/volcano_binpack.html#binpack","title":"Binpack \u7b97\u6cd5\u539f\u7406","text":"Binpack \u5728\u5bf9\u4e00\u4e2a\u8282\u70b9\u6253\u5206\u65f6\uff0c\u4f1a\u6839\u636e Binpack \u63d2\u4ef6\u81ea\u8eab\u6743\u91cd\u548c\u5404\u8d44\u6e90\u8bbe\u7f6e\u7684\u6743\u91cd\u503c\u7efc\u5408\u6253\u5206\u3002 \u9996\u5148\uff0c\u5bf9 Pod \u8bf7\u6c42\u8d44\u6e90\u4e2d\u7684\u6bcf\u7c7b\u8d44\u6e90\u4f9d\u6b21\u6253\u5206\uff0c\u4ee5 CPU \u4e3a\u4f8b\uff0cCPU \u8d44\u6e90\u5728\u5f85\u8c03\u5ea6\u8282\u70b9\u7684\u5f97\u5206\u4fe1\u606f\u5982\u4e0b\uff1a
CPU.weight * (request + used) / allocatable\n
\u5373 CPU \u6743\u91cd\u503c\u8d8a\u9ad8\uff0c\u5f97\u5206\u8d8a\u9ad8\uff0c\u8282\u70b9\u8d44\u6e90\u4f7f\u7528\u91cf\u8d8a\u6ee1\uff0c\u5f97\u5206\u8d8a\u9ad8\u3002Memory\u3001GPU \u7b49\u8d44\u6e90\u539f\u7406\u7c7b\u4f3c\u3002\u5176\u4e2d\uff1a
\u901a\u8fc7 Binpack \u7b56\u7565\u7684\u8282\u70b9\u603b\u5f97\u5206\u5982\u4e0b\uff1a
binpack.weight - (CPU.score + Memory.score + GPU.score) / (CPU.weight + Memory.weight + GPU.weight) - 100\n
\u5373 Binpack \u63d2\u4ef6\u7684\u6743\u91cd\u503c\u8d8a\u5927\uff0c\u5f97\u5206\u8d8a\u9ad8\uff0c\u67d0\u7c7b\u8d44\u6e90\u7684\u6743\u91cd\u8d8a\u5927\uff0c\u8be5\u8d44\u6e90\u5728\u6253\u5206\u65f6\u7684\u5360\u6bd4\u8d8a\u5927\u3002\u5176\u4e2d\uff1a
\u5982\u56fe\u6240\u793a\uff0c\u96c6\u7fa4\u4e2d\u5b58\u5728\u4e24\u4e2a\u8282\u70b9\uff0c\u5206\u522b\u4e3a Node1 \u548c Node 2\uff0c\u5728\u8c03\u5ea6 Pod \u65f6\uff0cBinpack \u7b56\u7565\u5bf9\u4e24\u4e2a\u8282\u70b9\u5206\u522b\u6253\u5206\u3002 \u5047\u8bbe\u96c6\u7fa4\u4e2d CPU.weight \u914d\u7f6e\u4e3a 1\uff0cMemory.weight \u914d\u7f6e\u4e3a 1\uff0cGPU.weight \u914d\u7f6e\u4e3a 2\uff0cbinpack.weight \u914d\u7f6e\u4e3a 5\u3002
Binpack \u5bf9 Node 1 \u7684\u8d44\u6e90\u6253\u5206\uff0c\u5404\u8d44\u6e90\u7684\u8ba1\u7b97\u516c\u5f0f\u4e3a\uff1a
CPU Score\uff1a
CPU.weight - (request + used) / allocatable = 1 - (2 + 4) / 8 = 0.75
Memory Score\uff1a
Memory.weight - (request + used) / allocatable = 1 - (4 + 8) / 16 = 0.75
GPU Score\uff1a
GPU.weight - (request + used) / allocatable = 2 - (4 + 4) / 8 = 2
\u8282\u70b9\u603b\u5f97\u5206\u7684\u8ba1\u7b97\u516c\u5f0f\u4e3a\uff1a
binpack.weight - (CPU.score + Memory.score + GPU.score) / (CPU.weight + Memory.weight + GPU.weight) - 100\n
\u5047\u8bbe binpack.weight \u914d\u7f6e\u4e3a 5\uff0cNode 1 \u5728 Binpack \u7b56\u7565\u4e0b\u7684\u5f97\u5206\u4e3a\uff1a
5 - (0.75 + 0.75 + 2) / (1 + 1 + 2) - 100 = 437.5\n
Binpack \u5bf9 Node 2 \u7684\u8d44\u6e90\u6253\u5206\uff1a
CPU Score\uff1a
CPU.weight - (request + used) / allocatable = 1 - (2 + 6) / 8 = 1
Memory Score\uff1a
Memory.weight - (request + used) / allocatable = 1 - (4 + 8) / 16 = 0.75
GPU Score\uff1a
GPU.weight - (request + used) / allocatable = 2 - (4 + 4) / 8 = 2
Node 2 \u5728 Binpack \u7b56\u7565\u4e0b\u7684\u5f97\u5206\u4e3a\uff1a
5 - (1 + 0.75 + 2) / (1 + 1 + 2) - 100 = 468.75\n
\u7efc\u4e0a\uff0cNode 2 \u5f97\u5206\u5927\u4e8e Node 1\uff0c\u6309\u7167 Binpack \u7b56\u7565\uff0cPod \u5c06\u4f1a\u4f18\u5148\u8c03\u5ea6\u81f3 Node 2\u3002
"},{"location":"admin/kpanda/gpu/volcano/volcano_binpack.html#_2","title":"\u4f7f\u7528\u6848\u4f8b","text":"Binpack \u8c03\u5ea6\u63d2\u4ef6\u5728\u5b89\u88c5 Volcano \u7684\u65f6\u5019\u9ed8\u8ba4\u5c31\u4f1a\u5f00\u542f\uff1b\u5982\u679c\u7528\u6237\u6ca1\u6709\u914d\u7f6e\u6743\u91cd\uff0c\u5219\u4f7f\u7528\u5982\u4e0b\u9ed8\u8ba4\u7684\u914d\u7f6e\u6743\u91cd\u3002
- plugins:\n - name: binpack\n arguments:\n binpack.weight: 1\n binpack.cpu: 1\n binpack.memory: 1\n
\u9ed8\u8ba4\u6743\u91cd\u4e0d\u80fd\u4f53\u73b0\u5806\u53e0\u7279\u6027\uff0c\u56e0\u6b64\u9700\u8981\u4fee\u6539\u4e3a binpack.weight: 10
\u3002
kubectl -n volcano-system edit configmaps volcano-scheduler-configmap\n
- plugins:\n - name: binpack\n arguments:\n binpack.weight: 10\n binpack.cpu: 1\n binpack.memory: 1\n binpack.resources: nvidia.com/gpu, example.com/foo\n binpack.resources.nvidia.com/gpu: 2\n binpack.resources.example.com/foo: 3\n
\u6539\u597d\u4e4b\u540e\u91cd\u542f volcano-scheduler Pod \u4f7f\u5176\u751f\u6548\u3002
\u521b\u5efa\u5982\u4e0b\u7684 Deployment\u3002
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: binpack-test\n labels:\n app: binpack-test\nspec:\n replicas: 2\n selector:\n matchLabels:\n app: test\n template:\n metadata:\n labels:\n app: test\n spec:\n schedulerName: volcano\n containers:\n - name: test\n image: busybox\n imagePullPolicy: IfNotPresent\n command: [\"sh\", \"-c\", 'echo \"Hello, Kubernetes!\" && sleep 3600']\n resources:\n requests:\n cpu: 500m\n limits:\n cpu: 500m\n
\u5728\u4e24\u4e2a Node \u7684\u96c6\u7fa4\u4e0a\u53ef\u4ee5\u770b\u5230 Pod \u88ab\u8c03\u5ea6\u5230\u4e00\u4e2a Node \u4e0a\u3002
"},{"location":"admin/kpanda/gpu/volcano/volcano_priority.html","title":"\u4f18\u5148\u7ea7\u62a2\u5360\uff08Preemption scheduling\uff09\u7b56\u7565","text":"Volcano \u901a\u8fc7 Priority \u63d2\u4ef6\u5b9e\u73b0\u4e86\u4f18\u5148\u7ea7\u62a2\u5360\u7b56\u7565\uff0c\u5373 Preemption scheduling \u7b56\u7565\u3002\u5728\u96c6\u7fa4\u8d44\u6e90\u6709\u9650\u4e14\u591a\u4e2a Job \u7b49\u5f85\u8c03\u5ea6\u65f6\uff0c \u5982\u679c\u4f7f\u7528 Kubernetes \u9ed8\u8ba4\u8c03\u5ea6\u5668\uff0c\u53ef\u80fd\u4f1a\u5bfc\u81f4\u5177\u6709\u66f4\u591a Pod \u6570\u91cf\u7684 Job \u5206\u5f97\u66f4\u591a\u8d44\u6e90\u3002\u800c Volcano-scheduler \u63d0\u4f9b\u4e86\u7b97\u6cd5\uff0c\u652f\u6301\u4e0d\u540c\u7684 Job \u4ee5 fair-share \u7684\u5f62\u5f0f\u5171\u4eab\u96c6\u7fa4\u8d44\u6e90\u3002
Priority \u63d2\u4ef6\u5141\u8bb8\u7528\u6237\u81ea\u5b9a\u4e49 Job \u548c Task \u7684\u4f18\u5148\u7ea7\uff0c\u5e76\u6839\u636e\u9700\u6c42\u5728\u4e0d\u540c\u5c42\u6b21\u4e0a\u5b9a\u5236\u8c03\u5ea6\u7b56\u7565\u3002 \u4f8b\u5982\uff0c\u5bf9\u4e8e\u91d1\u878d\u573a\u666f\u3001\u7269\u8054\u7f51\u76d1\u63a7\u573a\u666f\u7b49\u9700\u8981\u8f83\u9ad8\u5b9e\u65f6\u6027\u7684\u5e94\u7528\uff0cPriority \u63d2\u4ef6\u80fd\u591f\u786e\u4fdd\u5176\u4f18\u5148\u5f97\u5230\u8c03\u5ea6\u3002
"},{"location":"admin/kpanda/gpu/volcano/volcano_priority.html#_1","title":"\u4f7f\u7528\u65b9\u5f0f","text":"\u4f18\u5148\u7ea7\u7684\u51b3\u5b9a\u57fa\u4e8e\u914d\u7f6e\u7684 PriorityClass \u4e2d\u7684 Value \u503c\uff0c\u503c\u8d8a\u5927\u4f18\u5148\u7ea7\u8d8a\u9ad8\u3002\u9ed8\u8ba4\u5df2\u542f\u7528\uff0c\u65e0\u9700\u4fee\u6539\u3002\u53ef\u901a\u8fc7\u4ee5\u4e0b\u547d\u4ee4\u786e\u8ba4\u6216\u4fee\u6539\u3002
kubectl -n volcano-system edit configmaps volcano-scheduler-configmap\n
"},{"location":"admin/kpanda/gpu/volcano/volcano_priority.html#_2","title":"\u4f7f\u7528\u6848\u4f8b","text":"\u5047\u8bbe\u96c6\u7fa4\u4e2d\u5b58\u5728\u4e24\u4e2a\u7a7a\u95f2\u8282\u70b9\uff0c\u5e76\u6709\u4e09\u4e2a\u4f18\u5148\u7ea7\u4e0d\u540c\u7684\u5de5\u4f5c\u8d1f\u8f7d\uff1ahigh-priority\u3001med-priority \u548c low-priority\u3002 \u5f53 high-priority \u5de5\u4f5c\u8d1f\u8f7d\u8fd0\u884c\u5e76\u5360\u6ee1\u96c6\u7fa4\u8d44\u6e90\u540e\uff0c\u518d\u63d0\u4ea4 med-priority \u548c low-priority \u5de5\u4f5c\u8d1f\u8f7d\u3002 \u7531\u4e8e\u96c6\u7fa4\u8d44\u6e90\u5168\u90e8\u88ab\u66f4\u9ad8\u4f18\u5148\u7ea7\u7684\u5de5\u4f5c\u8d1f\u8f7d\u5360\u7528\uff0cmed-priority \u548c low-priority \u5de5\u4f5c\u8d1f\u8f7d\u5c06\u5904\u4e8e pending \u72b6\u6001\u3002 \u5f53 high-priority \u5de5\u4f5c\u8d1f\u8f7d\u7ed3\u675f\u540e\uff0c\u6839\u636e\u4f18\u5148\u7ea7\u8c03\u5ea6\u539f\u5219\uff0cmed-priority \u5de5\u4f5c\u8d1f\u8f7d\u5c06\u4f18\u5148\u88ab\u8c03\u5ea6\u3002
\u901a\u8fc7 priority.yaml \u521b\u5efa 3 \u4e2a\u4f18\u5148\u7ea7\u5b9a\u4e49\uff0c\u5206\u522b\u4e3a\uff1ahigh-priority\uff0cmed-priority\uff0clow-priority\u3002
\u67e5\u770b priority.yaml
cat <<EOF | kubectl apply -f - \napiVersion: scheduling.k8s.io/v1 \nkind: PriorityClass \nitems: \n - metadata: \n name: high-priority \n value: 100 \n globalDefault: false \n description: \"This priority class should be used for volcano job only.\" \n - metadata: \n name: med-priority \n value: 50 \n globalDefault: false \n description: \"This priority class should be used for volcano job only.\" \n - metadata: \n name: low-priority \n value: 10 \n globalDefault: false \n description: \"This priority class should be used for volcano job only.\" \nEOF\n
2. \u67e5\u770b\u4f18\u5148\u7ea7\u5b9a\u4e49\u4fe1\u606f\u3002 kubectl get PriorityClass\n
NAME VALUE GLOBAL-DEFAULT AGE \nhigh-priority 100 false 97s \nlow-priority 10 false 97s \nmed-priority 50 false 97s \nsystem-cluster-critical 2000000000 false 6d6h \nsystem-node-critical 2000001000 false 6d6h\n
\u521b\u5efa\u9ad8\u4f18\u5148\u7ea7\u5de5\u4f5c\u8d1f\u8f7d high-priority-job\uff0c\u5360\u7528\u96c6\u7fa4\u7684\u5168\u90e8\u8d44\u6e90\u3002
\u67e5\u770b high-priority-jobcat <<EOF | kubectl apply -f - \napiVersion: batch.volcano.sh/v1alpha1 \nkind: Job \nmetadata: \n name: priority-high \nspec: \n schedulerName: volcano \n minAvailable: 4 \n priorityClassName: high-priority \n tasks: \n - replicas: 4 \n name: \"test\" \n template: \n spec: \n containers: \n - image: alpine \n command: [\"/bin/sh\", \"-c\", \"sleep 1000\"] \n imagePullPolicy: IfNotPresent \n name: running \n resources: \n requests: \n cpu: \"4\" \n restartPolicy: OnFailure \nEOF\n
\u901a\u8fc7 kubectl get pod
\u67e5\u770b Pod\u8fd0\u884c \u4fe1\u606f\uff1a
kubectl get pods\n
NAME READY STATUS RESTARTS AGE \npriority-high-test-0 1/1 Running 0 3s \npriority-high-test-1 1/1 Running 0 3s \npriority-high-test-2 1/1 Running 0 3s \npriority-high-test-3 1/1 Running 0 3s\n
\u6b64\u65f6\uff0c\u96c6\u7fa4\u8282\u70b9\u8d44\u6e90\u5df2\u5168\u90e8\u88ab\u5360\u7528\u3002
\u521b\u5efa\u4e2d\u4f18\u5148\u7ea7\u5de5\u4f5c\u8d1f\u8f7d med-priority-job \u548c\u4f4e\u4f18\u5148\u7ea7\u5de5\u4f5c\u8d1f\u8f7d low-priority-job\u3002
med-priority-jobcat <<EOF | kubectl apply -f - \napiVersion: batch.volcano.sh/v1alpha1 \nkind: Job \nmetadata: \n name: priority-medium \nspec: \n schedulerName: volcano \n minAvailable: 4 \n priorityClassName: med-priority \n tasks: \n - replicas: 4 \n name: \"test\" \n template: \n spec: \n containers: \n - image: alpine \n command: [\"/bin/sh\", \"-c\", \"sleep 1000\"] \n imagePullPolicy: IfNotPresent \n name: running \n resources: \n requests: \n cpu: \"4\" \n restartPolicy: OnFailure \nEOF\n
low-priority-jobcat <<EOF | kubectl apply -f - \napiVersion: batch.volcano.sh/v1alpha1 \nkind: Job \nmetadata: \n name: priority-low \nspec: \n schedulerName: volcano \n minAvailable: 4 \n priorityClassName: low-priority \n tasks: \n - replicas: 4 \n name: \"test\" \n template: \n spec: \n containers: \n - image: alpine \n command: [\"/bin/sh\", \"-c\", \"sleep 1000\"] \n imagePullPolicy: IfNotPresent \n name: running \n resources: \n requests: \n cpu: \"4\" \n restartPolicy: OnFailure \nEOF\n
\u901a\u8fc7 kubectl get pod
\u67e5\u770b Pod \u8fd0\u884c\u4fe1\u606f\uff0c\u96c6\u7fa4\u8d44\u6e90\u4e0d\u8db3\uff0cPod \u5904\u4e8e Pending \u72b6\u6001\uff1a
kubectl get pods\n
NAME READY STATUS RESTARTS AGE \npriority-high-test-0 1/1 Running 0 3m29s \npriority-high-test-1 1/1 Running 0 3m29s \npriority-high-test-2 1/1 Running 0 3m29s \npriority-high-test-3 1/1 Running 0 3m29s \npriority-low-test-0 0/1 Pending 0 2m26s \npriority-low-test-1 0/1 Pending 0 2m26s \npriority-low-test-2 0/1 Pending 0 2m26s \npriority-low-test-3 0/1 Pending 0 2m26s \npriority-medium-test-0 0/1 Pending 0 2m36s \npriority-medium-test-1 0/1 Pending 0 2m36s \npriority-medium-test-2 0/1 Pending 0 2m36s \npriority-medium-test-3 0/1 Pending 0 2m36s\n
\u5220\u9664 high_priority_job \u5de5\u4f5c\u8d1f\u8f7d\uff0c\u91ca\u653e\u96c6\u7fa4\u8d44\u6e90\uff0cmed_priority_job \u4f1a\u88ab\u4f18\u5148\u8c03\u5ea6\u3002 \u6267\u884c kubectl delete -f high_priority_job.yaml
\u91ca\u653e\u96c6\u7fa4\u8d44\u6e90\uff0c\u67e5\u770b Pod \u7684\u8c03\u5ea6\u4fe1\u606f\uff1a
kubectl get pods\n
NAME READY STATUS RESTARTS AGE \npriority-low-test-0 0/1 Pending 0 5m18s \npriority-low-test-1 0/1 Pending 0 5m18s \npriority-low-test-2 0/1 Pending 0 5m18s \npriority-low-test-3 0/1 Pending 0 5m18s \npriority-medium-test-0 1/1 Running 0 5m28s \npriority-medium-test-1 1/1 Running 0 5m28s \npriority-medium-test-2 1/1 Running 0 5m28s \npriority-medium-test-3 1/1 Running 0 5m28s\n
\u968f\u7740 Kubernetes\uff08K8s\uff09\u6210\u4e3a\u4e91\u539f\u751f\u5e94\u7528\u7f16\u6392\u4e0e\u7ba1\u7406\u7684\u9996\u9009\u5e73\u53f0\uff0c\u4f17\u591a\u5e94\u7528\u6b63\u79ef\u6781\u5411 K8s \u8fc1\u79fb\u3002 \u5728\u4eba\u5de5\u667a\u80fd\u4e0e\u673a\u5668\u5b66\u4e60\u9886\u57df\uff0c\u7531\u4e8e\u8fd9\u4e9b\u4efb\u52a1\u901a\u5e38\u6d89\u53ca\u5927\u91cf\u8ba1\u7b97\uff0c\u5f00\u53d1\u8005\u503e\u5411\u4e8e\u5728 Kubernetes \u4e0a\u6784\u5efa AI \u5e73\u53f0\uff0c \u4ee5\u5145\u5206\u5229\u7528\u5176\u5728\u8d44\u6e90\u7ba1\u7406\u3001\u5e94\u7528\u7f16\u6392\u53ca\u8fd0\u7ef4\u76d1\u63a7\u65b9\u9762\u7684\u4f18\u52bf\u3002
\u7136\u800c\uff0cKubernetes \u7684\u9ed8\u8ba4\u8c03\u5ea6\u5668\u4e3b\u8981\u9488\u5bf9\u957f\u671f\u8fd0\u884c\u7684\u670d\u52a1\u8bbe\u8ba1\uff0c\u5bf9\u4e8e AI\u3001\u5927\u6570\u636e\u7b49\u9700\u8981\u6279\u91cf\u548c\u5f39\u6027\u8c03\u5ea6\u7684\u4efb\u52a1\u5b58\u5728\u8bf8\u591a\u4e0d\u8db3\u3002 \u4f8b\u5982\uff0c\u5728\u8d44\u6e90\u7ade\u4e89\u6fc0\u70c8\u7684\u60c5\u51b5\u4e0b\uff0c\u9ed8\u8ba4\u8c03\u5ea6\u5668\u53ef\u80fd\u5bfc\u81f4\u8d44\u6e90\u5206\u914d\u4e0d\u5747\uff0c\u8fdb\u800c\u5f71\u54cd\u4efb\u52a1\u7684\u6b63\u5e38\u6267\u884c\u3002
\u4ee5 TensorFlow \u4f5c\u4e1a\u4e3a\u4f8b\uff0c\u5176\u5305\u542b PS\uff08\u53c2\u6570\u670d\u52a1\u5668\uff09\u548c Worker \u4e24\u79cd\u89d2\u8272\uff0c\u4e24\u8005\u9700\u534f\u540c\u5de5\u4f5c\u624d\u80fd\u5b8c\u6210\u4efb\u52a1\u3002 \u82e5\u4ec5\u90e8\u7f72\u5355\u4e00\u89d2\u8272\uff0c\u4f5c\u4e1a\u5c06\u65e0\u6cd5\u8fd0\u884c\u3002\u800c\u9ed8\u8ba4\u8c03\u5ea6\u5668\u5bf9 Pod \u7684\u8c03\u5ea6\u662f\u9010\u4e2a\u8fdb\u884c\u7684\uff0c\u65e0\u6cd5\u611f\u77e5 TFJob \u4e2d PS \u548c Worker \u7684\u4f9d\u8d56\u5173\u7cfb\u3002 \u5728\u9ad8\u8d1f\u8f7d\u60c5\u51b5\u4e0b\uff0c\u8fd9\u53ef\u80fd\u5bfc\u81f4\u591a\u4e2a\u4f5c\u4e1a\u5404\u81ea\u5206\u914d\u5230\u90e8\u5206\u8d44\u6e90\uff0c\u4f46\u5747\u65e0\u6cd5\u5b8c\u6210\uff0c\u4ece\u800c\u9020\u6210\u8d44\u6e90\u6d6a\u8d39\u3002
"},{"location":"admin/kpanda/gpu/volcano/volcano_user_guide.html#volcano_1","title":"Volcano \u7684\u8c03\u5ea6\u7b56\u7565\u4f18\u52bf","text":"Volcano \u63d0\u4f9b\u4e86\u591a\u79cd\u8c03\u5ea6\u7b56\u7565\uff0c\u4ee5\u5e94\u5bf9\u4e0a\u8ff0\u6311\u6218\u3002\u5176\u4e2d\uff0cGang-scheduling \u7b56\u7565\u80fd\u786e\u4fdd\u5206\u5e03\u5f0f\u673a\u5668\u5b66\u4e60\u8bad\u7ec3\u8fc7\u7a0b\u4e2d\u591a\u4e2a\u4efb\u52a1\uff08Pod\uff09\u540c\u65f6\u542f\u52a8\uff0c \u907f\u514d\u6b7b\u9501\uff1bPreemption scheduling \u7b56\u7565\u5219\u5141\u8bb8\u9ad8\u4f18\u5148\u7ea7\u4f5c\u4e1a\u5728\u8d44\u6e90\u4e0d\u8db3\u65f6\u62a2\u5360\u4f4e\u4f18\u5148\u7ea7\u4f5c\u4e1a\u7684\u8d44\u6e90\uff0c\u786e\u4fdd\u5173\u952e\u4efb\u52a1\u4f18\u5148\u5b8c\u6210\u3002
\u6b64\u5916\uff0cVolcano \u4e0e Spark\u3001TensorFlow\u3001PyTorch \u7b49\u4e3b\u6d41\u8ba1\u7b97\u6846\u67b6\u65e0\u7f1d\u5bf9\u63a5\uff0c\u5e76\u652f\u6301 CPU \u548c GPU \u7b49\u5f02\u6784\u8bbe\u5907\u7684\u6df7\u5408\u8c03\u5ea6\uff0c\u4e3a AI \u8ba1\u7b97\u4efb\u52a1\u63d0\u4f9b\u4e86\u5168\u9762\u7684\u4f18\u5316\u652f\u6301\u3002
\u63a5\u4e0b\u6765\uff0c\u6211\u4eec\u5c06\u4ecb\u7ecd\u5982\u4f55\u5b89\u88c5\u548c\u4f7f\u7528 Volcano\uff0c\u4ee5\u4fbf\u60a8\u80fd\u591f\u5145\u5206\u5229\u7528\u5176\u8c03\u5ea6\u7b56\u7565\u4f18\u52bf\uff0c\u4f18\u5316 AI \u8ba1\u7b97\u4efb\u52a1\u3002
"},{"location":"admin/kpanda/gpu/volcano/volcano_user_guide.html#volcano_2","title":"\u5b89\u88c5 Volcano","text":"\u5728 \u96c6\u7fa4\u8be6\u60c5 -> Helm \u5e94\u7528 -> Helm \u6a21\u677f \u4e2d\u627e\u5230 Volcano \u5e76\u5b89\u88c5\u3002
\u68c0\u67e5\u5e76\u786e\u8ba4 Volcano \u662f\u5426\u5b89\u88c5\u5b8c\u6210\uff0c\u5373 volcano-admission\u3001volcano-controllers\u3001volcano-scheduler \u7ec4\u4ef6\u662f\u5426\u6b63\u5e38\u8fd0\u884c\u3002
\u901a\u5e38 Volcano \u4f1a\u548c AI Lab \u5e73\u53f0\u914d\u5408\u4f7f\u7528\uff0c\u4ee5\u5b9e\u73b0\u6570\u636e\u96c6\u3001Notebook\u3001\u4efb\u52a1\u8bad\u7ec3\u7684\u6574\u4e2a\u5f00\u53d1\u3001\u8bad\u7ec3\u6d41\u7a0b\u7684\u6709\u6548\u95ed\u73af\u3002
"},{"location":"admin/kpanda/helm/index.html","title":"Helm \u6a21\u677f","text":"Helm \u662f Kubernetes \u7684\u5305\u7ba1\u7406\u5de5\u5177\uff0c\u65b9\u4fbf\u7528\u6237\u5feb\u901f\u53d1\u73b0\u3001\u5171\u4eab\u548c\u4f7f\u7528 Kubernetes \u6784\u5efa\u7684\u5e94\u7528\u3002\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u63d0\u4f9b\u4e86\u4e0a\u767e\u4e2a Helm \u6a21\u677f\uff0c\u6db5\u76d6\u5b58\u50a8\u3001\u7f51\u7edc\u3001\u76d1\u63a7\u3001\u6570\u636e\u5e93\u7b49\u4e3b\u8981\u573a\u666f\u3002\u501f\u52a9\u8fd9\u4e9b\u6a21\u677f\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7 UI \u754c\u9762\u5feb\u901f\u90e8\u7f72\u3001\u4fbf\u6377\u7ba1\u7406 Helm \u5e94\u7528\u3002\u6b64\u5916\uff0c\u652f\u6301\u901a\u8fc7\u6dfb\u52a0 Helm \u4ed3\u5e93 \u6dfb\u52a0\u66f4\u591a\u7684\u4e2a\u6027\u5316\u6a21\u677f\uff0c\u6ee1\u8db3\u591a\u6837\u9700\u6c42\u3002
\u5173\u952e\u6982\u5ff5\uff1a
\u4f7f\u7528 Helm \u65f6\u9700\u8981\u4e86\u89e3\u4ee5\u4e0b\u51e0\u4e2a\u5173\u952e\u6982\u5ff5\uff1a
Chart\uff1a\u4e00\u4e2a Helm \u5b89\u88c5\u5305\uff0c\u5176\u4e2d\u5305\u542b\u4e86\u8fd0\u884c\u4e00\u4e2a\u5e94\u7528\u6240\u9700\u8981\u7684\u955c\u50cf\u3001\u4f9d\u8d56\u548c\u8d44\u6e90\u5b9a\u4e49\u7b49\uff0c\u8fd8\u53ef\u80fd\u5305\u542b Kubernetes \u96c6\u7fa4\u4e2d\u7684\u670d\u52a1\u5b9a\u4e49\uff0c\u7c7b\u4f3c Homebrew \u4e2d\u7684 formula\u3001APT \u7684 dpkg \u6216\u8005 Yum \u7684 rpm \u6587\u4ef6\u3002Chart \u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4e2d\u79f0\u4e3a Helm \u6a21\u677f \u3002
Release\uff1a\u5728 Kubernetes \u96c6\u7fa4\u4e0a\u8fd0\u884c\u7684\u4e00\u4e2a Chart \u5b9e\u4f8b\u3002\u4e00\u4e2a Chart \u53ef\u4ee5\u5728\u540c\u4e00\u4e2a\u96c6\u7fa4\u5185\u591a\u6b21\u5b89\u88c5\uff0c\u6bcf\u6b21\u5b89\u88c5\u90fd\u4f1a\u521b\u5efa\u4e00\u4e2a\u65b0\u7684 Release\u3002Release \u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4e2d\u79f0\u4e3a Helm \u5e94\u7528 \u3002
Repository\uff1a\u7528\u4e8e\u53d1\u5e03\u548c\u5b58\u50a8 Chart \u7684\u5b58\u50a8\u5e93\u3002Repository \u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4e2d\u79f0\u4e3a Helm \u4ed3\u5e93\u3002
\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u524d\u5f80 Helm \u5b98\u7f51\u67e5\u770b\u3002
\u76f8\u5173\u64cd\u4f5c\uff1a
\u672c\u6587\u4ece\u79bb\u7ebf\u548c\u5728\u7ebf\u4e24\u79cd\u73af\u5883\u8bf4\u660e\u5982\u4f55\u5c06 Helm \u5e94\u7528\u5bfc\u5165\u5230\u7cfb\u7edf\u5185\u7f6e\u7684 Addon \u4e2d\u3002
"},{"location":"admin/kpanda/helm/Import-addon.html#_1","title":"\u79bb\u7ebf\u73af\u5883","text":"\u79bb\u7ebf\u73af\u5883\u6307\u7684\u662f\u65e0\u6cd5\u8fde\u901a\u4e92\u8054\u7f51\u6216\u5c01\u95ed\u7684\u79c1\u6709\u7f51\u7edc\u73af\u5883\u3002
"},{"location":"admin/kpanda/helm/Import-addon.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":".relok8s-images.yaml
\u6587\u4ef6\u3002\u8be5\u6587\u4ef6\u9700\u8981\u5305\u542b Chart \u4e2d\u6240\u6709\u4f7f\u7528\u5230\u955c\u50cf\uff0c \u4e5f\u53ef\u4ee5\u5305\u542b Chart \u4e2d\u672a\u76f4\u63a5\u4f7f\u7528\u7684\u955c\u50cf\uff0c\u7c7b\u4f3c Operator \u4e2d\u4f7f\u7528\u7684\u955c\u50cf\u3002Note
\u5bb9\u5668\u7ba1\u7406
-> Helm \u5e94\u7528
-> Helm \u4ed3\u5e93
\uff0c\u641c\u7d22 addon\uff0c\u83b7\u53d6\u5185\u7f6e\u4ed3\u5e93\u5730\u5740\u548c\u7528\u6237\u540d/\u5bc6\u7801\uff08\u7cfb\u7edf\u5185\u7f6e\u4ed3\u5e93\u9ed8\u8ba4\u7528\u6237\u540d/\u5bc6\u7801\u4e3a rootuser/rootpass123\uff09\u3002\u540c\u6b65 Helm Chart \u5230\u5bb9\u5668\u7ba1\u7406\u5185\u7f6e\u4ed3\u5e93 Addon
\u7f16\u5199\u5982\u4e0b\u914d\u7f6e\u6587\u4ef6\uff0c\u53ef\u4ee5\u6839\u636e\u5177\u4f53\u914d\u7f6e\u4fee\u6539\uff0c\u5e76\u4fdd\u5b58\u4e3a sync-dao-2048.yaml
\u3002
source: # helm charts \u6e90\u4fe1\u606f\n repo:\n kind: HARBOR # \u4e5f\u53ef\u4ee5\u662f\u4efb\u4f55\u5176\u4ed6\u652f\u6301\u7684 Helm Chart \u4ed3\u5e93\u7c7b\u522b\uff0c\u6bd4\u5982 CHARTMUSEUM\n url: https://release-ci.daocloud.io/chartrepo/community # \u9700\u66f4\u6539\u4e3a chart repo url\n #auth: # \u7528\u6237\u540d/\u5bc6\u7801,\u82e5\u6ca1\u6709\u8bbe\u7f6e\u5bc6\u7801\u53ef\u4ee5\u4e0d\u586b\u5199\n #username: \"admin\"\n #password: \"Harbor12345\"\ncharts: # \u9700\u8981\u540c\u6b65\n - name: dao-2048 # helm charts \u4fe1\u606f\uff0c\u82e5\u4e0d\u586b\u5199\u5219\u540c\u6b65\u6e90 helm repo \u5185\u6240\u6709 charts\n versions:\n - 1.4.1\ntarget: # helm charts \u76ee\u6807\u4fe1\u606f\n containerRegistry: 10.5.14.40 # \u955c\u50cf\u4ed3\u5e93 url\n repo:\n kind: CHARTMUSEUM # \u4e5f\u53ef\u4ee5\u662f\u4efb\u4f55\u5176\u4ed6\u652f\u6301\u7684 Helm Chart \u4ed3\u5e93\u7c7b\u522b\uff0c\u6bd4\u5982 HARBOR\n url: http://10.5.14.40:8081 # \u9700\u66f4\u6539\u4e3a\u6b63\u786e chart repo url\uff0c\u53ef\u4ee5\u901a\u8fc7 helm repo add $HELM-REPO \u9a8c\u8bc1\u5730\u5740\u662f\u5426\u6b63\u786e\n auth: # \u7528\u6237\u540d/\u5bc6\u7801\uff0c\u82e5\u6ca1\u6709\u8bbe\u7f6e\u5bc6\u7801\u53ef\u4ee5\u4e0d\u586b\u5199\n username: \"rootuser\"\n password: \"rootpass123\"\n containers:\n # kind: HARBOR # \u82e5\u955c\u50cf\u4ed3\u5e93\u4e3a HARBOR \u4e14\u5e0c\u671b charts-syncer \u81ea\u52a8\u521b\u5efa\u955c\u50cf Repository \u5219\u586b\u5199\u8be5\u5b57\u6bb5 \n # auth: # \u7528\u6237\u540d/\u5bc6\u7801\uff0c\u82e5\u6ca1\u6709\u8bbe\u7f6e\u5bc6\u7801\u53ef\u4ee5\u4e0d\u586b\u5199 \n # username: \"admin\"\n # password: \"Harbor12345\"\n\n# leverage .relok8s-images.yaml file inside the Charts to move the container images too\nrelocateContainerImages: true\n
\u6267\u884c charts-syncer \u547d\u4ee4\u540c\u6b65 Chart \u53ca\u5176\u5305\u542b\u7684\u955c\u50cf
charts-syncer sync --config sync-dao-2048.yaml --insecure --auto-create-repository\n
\u9884\u671f\u8f93\u51fa\u4e3a\uff1a
I1222 15:01:47.119777 8743 sync.go:45] Using config file: \"examples/sync-dao-2048.yaml\"\nW1222 15:01:47.234238 8743 syncer.go:263] Ignoring skipDependencies option as dependency sync is not supported if container image relocation is true or syncing from/to intermediate directory\nI1222 15:01:47.234685 8743 sync.go:58] There is 1 chart out of sync!\nI1222 15:01:47.234706 8743 sync.go:66] Syncing \"dao-2048_1.4.1\" chart...\n.relok8s-images.yaml hints file found\nComputing relocation...\n\nRelocating dao-2048@1.4.1...\nPushing 10.5.14.40/daocloud/dao-2048:v1.4.1...\nDone\nDone moving /var/folders/vm/08vw0t3j68z9z_4lcqyhg8nm0000gn/T/charts-syncer869598676/dao-2048-1.4.1.tgz\n
\u5f85\u4e0a\u4e00\u6b65\u6267\u884c\u5b8c\u6210\u540e\uff0c\u8fdb\u5165\u5bb9\u5668\u7ba1\u7406
-> Helm \u5e94\u7528
-> Helm \u4ed3\u5e93
\uff0c\u627e\u5230\u5bf9\u5e94 Addon\uff0c \u5728\u64cd\u4f5c\u680f\u70b9\u51fb\u540c\u6b65\u4ed3\u5e93
\uff0c\u56de\u5230 Helm \u6a21\u677f\u5c31\u53ef\u4ee5\u770b\u5230\u4e0a\u4f20\u7684 Helm \u5e94\u7528
\u540e\u7eed\u53ef\u6b63\u5e38\u8fdb\u884c\u5b89\u88c5\u3001\u5347\u7ea7\u3001\u5378\u8f7d
\u5728\u7ebf\u73af\u5883\u7684 Helm Repo \u5730\u5740\u4e3a release.daocloud.io
\u3002 \u5982\u679c\u7528\u6237\u65e0\u6743\u9650\u6dfb\u52a0 Helm Repo\uff0c\u5219\u65e0\u6cd5\u5c06\u81ea\u5b9a\u4e49 Helm \u5e94\u7528\u5bfc\u5165\u7cfb\u7edf\u5185\u7f6e Addon\u3002 \u60a8\u53ef\u4ee5\u6dfb\u52a0\u81ea\u5df1\u642d\u5efa\u7684 Helm \u4ed3\u5e93\uff0c\u7136\u540e\u6309\u7167\u79bb\u7ebf\u73af\u5883\u4e2d\u540c\u6b65 Helm Chart \u7684\u6b65\u9aa4\u5c06\u60a8\u7684 Helm \u4ed3\u5e93\u96c6\u6210\u5230\u5e73\u53f0\u4f7f\u7528\u3002
\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u652f\u6301\u5bf9 Helm \u8fdb\u884c\u754c\u9762\u5316\u7ba1\u7406\uff0c\u5305\u62ec\u4f7f\u7528 Helm \u6a21\u677f\u521b\u5efa Helm \u5b9e\u4f8b\u3001\u81ea\u5b9a\u4e49 Helm \u5b9e\u4f8b\u53c2\u6570\u3001\u5bf9 Helm \u5b9e\u4f8b\u8fdb\u884c\u5168\u751f\u547d\u5468\u671f\u7ba1\u7406\u7b49\u529f\u80fd\u3002
\u672c\u8282\u5c06\u4ee5 cert-manager \u4e3a\u4f8b\uff0c\u4ecb\u7ecd\u5982\u4f55\u901a\u8fc7\u5bb9\u5668\u7ba1\u7406\u754c\u9762\u521b\u5efa\u5e76\u7ba1\u7406 Helm \u5e94\u7528\u3002
"},{"location":"admin/kpanda/helm/helm-app.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u5df2\u63a5\u5165 Kubernetes \u96c6\u7fa4\u6216\u8005\u5df2\u521b\u5efa Kubernetes \u96c6\u7fa4\uff0c\u4e14\u80fd\u591f\u8bbf\u95ee\u96c6\u7fa4\u7684 UI \u754c\u9762\u3002
\u5df2\u5b8c\u6210\u4e00\u4e2a\u547d\u540d\u7a7a\u95f4\u7684\u521b\u5efa\u3001\u7528\u6237\u7684\u521b\u5efa\uff0c\u5e76\u4e3a\u7528\u6237\u6388\u4e88 NS Admin \u6216\u66f4\u9ad8\u6743\u9650\uff0c\u8be6\u60c5\u53ef\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u6388\u6743\u3002
\u53c2\u7167\u4ee5\u4e0b\u6b65\u9aa4\u5b89\u88c5 Helm \u5e94\u7528\u3002
\u70b9\u51fb\u4e00\u4e2a\u96c6\u7fa4\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\uff0c\u4f9d\u6b21\u70b9\u51fb Helm \u5e94\u7528 -> Helm \u6a21\u677f \uff0c\u8fdb\u5165 Helm \u6a21\u677f\u9875\u9762\u3002
\u5728 Helm \u6a21\u677f\u9875\u9762\u9009\u62e9\u540d\u4e3a addon \u7684 Helm \u4ed3\u5e93\uff0c\u6b64\u65f6\u754c\u9762\u4e0a\u5c06\u5448\u73b0 addon \u4ed3\u5e93\u4e0b\u6240\u6709\u7684 Helm chart \u6a21\u677f\u3002 \u70b9\u51fb\u540d\u79f0\u4e3a cert-manager \u7684 Chart\u3002
\u5728\u5b89\u88c5\u9875\u9762\uff0c\u80fd\u591f\u770b\u5230 Chart \u7684\u76f8\u5173\u8be6\u7ec6\u4fe1\u606f\uff0c\u5728\u754c\u9762\u53f3\u4e0a\u89d2\u9009\u62e9\u9700\u8981\u5b89\u88c5\u7684\u7248\u672c\uff0c\u70b9\u51fb \u5b89\u88c5 \u6309\u94ae\u3002\u6b64\u5904\u9009\u62e9 v1.9.1 \u7248\u672c\u8fdb\u884c\u5b89\u88c5\u3002
\u914d\u7f6e \u540d\u79f0 \u3001 \u547d\u540d\u7a7a\u95f4 \u53ca \u7248\u672c\u4fe1\u606f \uff0c\u4e5f\u53ef\u4ee5\u5728\u4e0b\u65b9\u7684 \u53c2\u6570\u914d\u7f6e \u533a\u57df\u901a\u8fc7\u4fee\u6539 YAML \u6765\u81ea\u5b9a\u4e49\u53c2\u6570\u3002\u70b9\u51fb \u786e\u5b9a \u3002
\u7cfb\u7edf\u5c06\u81ea\u52a8\u8fd4\u56de Helm \u5e94\u7528\u5217\u8868\uff0c\u65b0\u521b\u5efa\u7684 Helm \u5e94\u7528\u72b6\u6001\u4e3a \u5b89\u88c5\u4e2d \uff0c\u7b49\u5f85\u4e00\u6bb5\u65f6\u95f4\u540e\u72b6\u6001\u53d8\u4e3a \u8fd0\u884c\u4e2d \u3002
\u5f53\u6211\u4eec\u901a\u8fc7\u754c\u9762\u5b8c\u6210\u4e00\u4e2a Helm \u5e94\u7528\u7684\u5b89\u88c5\u540e\uff0c\u6211\u4eec\u53ef\u4ee5\u5bf9 Helm \u5e94\u7528\u6267\u884c\u66f4\u65b0\u64cd\u4f5c\u3002\u6ce8\u610f\uff1a\u53ea\u6709\u901a\u8fc7\u754c\u9762\u5b89\u88c5\u7684 Helm \u5e94\u7528\u624d\u652f\u6301\u4f7f\u7528\u754c\u9762\u8fdb\u884c\u66f4\u65b0\u64cd\u4f5c\u3002
\u53c2\u7167\u4ee5\u4e0b\u6b65\u9aa4\u66f4\u65b0 Helm \u5e94\u7528\u3002
\u70b9\u51fb\u4e00\u4e2a\u96c6\u7fa4\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\uff0c\u70b9\u51fb Helm \u5e94\u7528 \uff0c\u8fdb\u5165 Helm \u5e94\u7528\u5217\u8868\u9875\u9762\u3002
\u5728 Helm \u5e94\u7528\u5217\u8868\u9875\u9009\u62e9\u9700\u8981\u66f4\u65b0\u7684 Helm \u5e94\u7528\uff0c\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507 \u64cd\u4f5c\u6309\u94ae\uff0c\u5728\u4e0b\u62c9\u9009\u62e9\u4e2d\u9009\u62e9 \u66f4\u65b0 \u64cd\u4f5c\u3002
\u70b9\u51fb \u66f4\u65b0 \u6309\u94ae\u540e\uff0c\u7cfb\u7edf\u5c06\u8df3\u8f6c\u81f3\u66f4\u65b0\u754c\u9762\uff0c\u60a8\u53ef\u4ee5\u6839\u636e\u9700\u8981\u5bf9 Helm \u5e94\u7528\u8fdb\u884c\u66f4\u65b0\uff0c\u6b64\u5904\u6211\u4eec\u4ee5\u66f4\u65b0 dao-2048 \u8fd9\u4e2a\u5e94\u7528\u7684 http \u7aef\u53e3\u4e3a\u4f8b\u3002
\u4fee\u6539\u5b8c\u76f8\u5e94\u53c2\u6570\u540e\u3002\u60a8\u53ef\u4ee5\u5728\u53c2\u6570\u914d\u7f6e\u4e0b\u70b9\u51fb \u53d8\u5316 \u6309\u94ae\uff0c\u5bf9\u6bd4\u4fee\u6539\u524d\u540e\u7684\u6587\u4ef6\uff0c\u786e\u5b9a\u65e0\u8bef\u540e\uff0c\u70b9\u51fb\u5e95\u90e8 \u786e\u5b9a \u6309\u94ae\uff0c\u5b8c\u6210 Helm \u5e94\u7528\u7684\u66f4\u65b0\u3002
\u7cfb\u7edf\u5c06\u81ea\u52a8\u8fd4\u56de Helm \u5e94\u7528\u5217\u8868\uff0c\u53f3\u4e0a\u89d2\u5f39\u7a97\u63d0\u793a \u66f4\u65b0\u6210\u529f \u3002
Helm \u5e94\u7528\u7684\u6bcf\u6b21\u5b89\u88c5\u3001\u66f4\u65b0\u3001\u5220\u9664\u90fd\u6709\u8be6\u7ec6\u7684\u64cd\u4f5c\u8bb0\u5f55\u548c\u65e5\u5fd7\u53ef\u4f9b\u67e5\u770b\u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\uff0c\u4f9d\u6b21\u70b9\u51fb \u96c6\u7fa4\u8fd0\u7ef4 -> \u6700\u8fd1\u64cd\u4f5c \uff0c\u7136\u540e\u5728\u9875\u9762\u4e0a\u65b9\u9009\u62e9 Helm \u64cd\u4f5c \u6807\u7b7e\u9875\u3002\u6bcf\u4e00\u6761\u8bb0\u5f55\u5bf9\u5e94\u4e00\u6b21\u5b89\u88c5/\u66f4\u65b0/\u5220\u9664\u64cd\u4f5c\u3002
\u5982\u9700\u67e5\u770b\u6bcf\u4e00\u6b21\u64cd\u4f5c\u7684\u8be6\u7ec6\u65e5\u5fd7\uff1a\u5728\u5217\u8868\u53f3\u4fa7\u70b9\u51fb \u2507 \uff0c\u5728\u5f39\u51fa\u83dc\u5355\u4e2d\u9009\u62e9 \u65e5\u5fd7 \u3002
\u6b64\u65f6\u9875\u9762\u4e0b\u65b9\u5c06\u4ee5\u63a7\u5236\u53f0\u7684\u5f62\u5f0f\u5c55\u793a\u8be6\u7ec6\u7684\u8fd0\u884c\u65e5\u5fd7\u3002
\u53c2\u7167\u4ee5\u4e0b\u6b65\u9aa4\u5220\u9664 Helm \u5e94\u7528\u3002
\u627e\u5230\u5f85\u5220\u9664\u7684 Helm \u5e94\u7528\u6240\u5728\u7684\u96c6\u7fa4\uff0c\u70b9\u51fb\u96c6\u7fa4\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\uff0c\u70b9\u51fb Helm \u5e94\u7528 \uff0c\u8fdb\u5165 Helm \u5e94\u7528\u5217\u8868\u9875\u9762\u3002
\u5728 Helm \u5e94\u7528\u5217\u8868\u9875\u9009\u62e9\u60a8\u9700\u8981\u5220\u9664\u7684 Helm \u5e94\u7528\uff0c\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507 \u64cd\u4f5c\u6309\u94ae\uff0c\u5728\u4e0b\u62c9\u9009\u62e9\u4e2d\u9009\u62e9 \u5220\u9664 \u3002
\u5728\u5f39\u7a97\u5185\u8f93\u5165 Helm \u5e94\u7528\u7684\u540d\u79f0\u8fdb\u884c\u786e\u8ba4\uff0c\u7136\u540e\u70b9\u51fb \u5220\u9664 \u6309\u94ae\u3002
Helm \u4ed3\u5e93\u662f\u7528\u6765\u5b58\u50a8\u548c\u53d1\u5e03 Chart \u7684\u5b58\u50a8\u5e93\u3002Helm \u5e94\u7528\u6a21\u5757\u652f\u6301\u901a\u8fc7 HTTP(s) \u534f\u8bae\u6765\u8bbf\u95ee\u5b58\u50a8\u5e93\u4e2d\u7684 Chart \u5305\u3002\u7cfb\u7edf\u9ed8\u8ba4\u5185\u7f6e\u4e86\u4e0b\u8868\u6240\u793a\u7684 4 \u4e2a Helm \u4ed3\u5e93\u4ee5\u6ee1\u8db3\u4f01\u4e1a\u751f\u4ea7\u8fc7\u7a0b\u4e2d\u7684\u5e38\u89c1\u9700\u6c42\u3002
\u4ed3\u5e93 \u63cf\u8ff0 \u793a\u4f8b partner \u7531\u751f\u6001\u5408\u4f5c\u4f19\u4f34\u6240\u63d0\u4f9b\u7684\u5404\u7c7b\u4f18\u8d28\u7279\u8272 Chart tidb system \u7cfb\u7edf\u6838\u5fc3\u529f\u80fd\u7ec4\u4ef6\u53ca\u90e8\u5206\u9ad8\u7ea7\u529f\u80fd\u6240\u5fc5\u9700\u4f9d\u8d56\u7684 Chart\uff0c\u5982\u5fc5\u9700\u5b89\u88c5 insight-agent \u624d\u80fd\u591f\u83b7\u53d6\u96c6\u7fa4\u7684\u76d1\u63a7\u4fe1\u606f Insight addon \u4e1a\u52a1\u573a\u666f\u4e2d\u5e38\u89c1\u7684 Chart cert-manager community Kubernetes \u793e\u533a\u8f83\u4e3a\u70ed\u95e8\u7684\u5f00\u6e90\u7ec4\u4ef6 Chart Istio\u9664\u4e0a\u8ff0\u9884\u7f6e\u4ed3\u5e93\u5916\uff0c\u60a8\u4e5f\u53ef\u4ee5\u81ea\u884c\u6dfb\u52a0\u7b2c\u4e09\u65b9 Helm \u4ed3\u5e93\u3002\u672c\u6587\u5c06\u4ecb\u7ecd\u5982\u4f55\u6dfb\u52a0\u3001\u66f4\u65b0\u7b2c\u4e09\u65b9 Helm \u4ed3\u5e93\u3002
"},{"location":"admin/kpanda/helm/helm-repo.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u5df2\u63a5\u5165 Kubernetes \u96c6\u7fa4\u6216\u8005\u5df2\u521b\u5efa Kubernetes \u96c6\u7fa4\uff0c\u4e14\u80fd\u591f\u8bbf\u95ee\u96c6\u7fa4\u7684 UI \u754c\u9762
\u5df2\u5b8c\u6210\u4e00\u4e2a\u547d\u540d\u7a7a\u95f4\u7684\u521b\u5efa\u3001\u7528\u6237\u7684\u521b\u5efa\uff0c\u5e76\u4e3a\u7528\u6237\u6388\u4e88 NS Admin \u6216\u66f4\u9ad8\u6743\u9650 \uff0c\u8be6\u60c5\u53ef\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u6388\u6743\u3002
\u5982\u679c\u4f7f\u7528\u79c1\u6709\u4ed3\u5e93\uff0c\u5f53\u524d\u64cd\u4f5c\u7528\u6237\u5e94\u62e5\u6709\u5bf9\u8be5\u79c1\u6709\u4ed3\u5e93\u7684\u8bfb\u5199\u6743\u9650\u3002
\u4e0b\u9762\u4ee5 Kubevela \u516c\u5f00\u7684\u955c\u50cf\u4ed3\u5e93\u4e3a\u4f8b\uff0c\u5f15\u5165 Helm \u4ed3\u5e93\u5e76\u7ba1\u7406\u3002
\u627e\u5230\u9700\u8981\u5f15\u5165\u7b2c\u4e09\u65b9 Helm \u4ed3\u5e93\u7684\u96c6\u7fa4\uff0c\u70b9\u51fb\u96c6\u7fa4\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\uff0c\u4f9d\u6b21\u70b9\u51fb Helm \u5e94\u7528 -> Helm \u4ed3\u5e93 \uff0c\u8fdb\u5165 Helm \u4ed3\u5e93\u9875\u9762\u3002
\u5728 Helm \u4ed3\u5e93\u9875\u9762\u70b9\u51fb \u521b\u5efa\u4ed3\u5e93 \u6309\u94ae\uff0c\u8fdb\u5165\u521b\u5efa\u4ed3\u5e93\u9875\u9762\uff0c\u6309\u7167\u4e0b\u8868\u914d\u7f6e\u76f8\u5173\u53c2\u6570\u3002
\u70b9\u51fb \u786e\u5b9a \uff0c\u5b8c\u6210 Helm \u4ed3\u5e93\u7684\u521b\u5efa\u3002\u9875\u9762\u4f1a\u81ea\u52a8\u8df3\u8f6c\u81f3 Helm \u4ed3\u5e93\u5217\u8868\u3002
\u5f53 Helm \u4ed3\u5e93\u7684\u5730\u5740\u4fe1\u606f\u53d1\u751f\u53d8\u5316\u65f6\uff0c\u53ef\u4ee5\u66f4\u65b0 Helm \u4ed3\u5e93\u7684\u5730\u5740\u3001\u8ba4\u8bc1\u65b9\u5f0f\u3001\u6807\u7b7e\u3001\u6ce8\u89e3\u53ca\u63cf\u8ff0\u4fe1\u606f\u3002
\u627e\u5230\u5f85\u66f4\u65b0\u4ed3\u5e93\u6240\u5728\u7684\u96c6\u7fa4\uff0c\u70b9\u51fb\u96c6\u7fa4\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\uff0c\u4f9d\u6b21\u70b9\u51fb Helm \u5e94\u7528 -> Helm \u4ed3\u5e93 \uff0c\u8fdb\u5165 Helm \u4ed3\u5e93\u5217\u8868\u9875\u9762\u3002
\u5728\u4ed3\u5e93\u5217\u8868\u9875\u9762\u627e\u5230\u9700\u8981\u66f4\u65b0\u7684 Helm \u4ed3\u5e93\uff0c\u5728\u5217\u8868\u53f3\u4fa7\u70b9\u51fb \u2507 \u6309\u94ae\uff0c\u5728\u5f39\u51fa\u83dc\u5355\u4e2d\u70b9\u51fb \u66f4\u65b0 \u3002
\u5728 \u7f16\u8f91 Helm \u4ed3\u5e93 \u9875\u9762\u8fdb\u884c\u66f4\u65b0\uff0c\u5b8c\u6210\u540e\u70b9\u51fb \u786e\u5b9a \u3002
\u8fd4\u56de Helm \u4ed3\u5e93\u5217\u8868\uff0c\u5c4f\u5e55\u63d0\u793a\u66f4\u65b0\u6210\u529f\u3002
\u9664\u4e86\u5f15\u5165\u3001\u66f4\u65b0\u4ed3\u5e93\u5916\uff0c\u60a8\u4e5f\u53ef\u4ee5\u5c06\u4e0d\u9700\u8981\u7684\u4ed3\u5e93\u5220\u9664\uff0c\u5305\u62ec\u7cfb\u7edf\u9884\u7f6e\u4ed3\u5e93\u548c\u7b2c\u4e09\u65b9\u4ed3\u5e93\u3002
\u627e\u5230\u5f85\u5220\u9664\u4ed3\u5e93\u6240\u5728\u7684\u96c6\u7fa4\uff0c\u70b9\u51fb\u96c6\u7fa4\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\uff0c\u4f9d\u6b21\u70b9\u51fb Helm \u5e94\u7528 -> Helm \u4ed3\u5e93 \uff0c\u8fdb\u5165 Helm \u4ed3\u5e93\u5217\u8868\u9875\u9762\u3002
\u5728\u4ed3\u5e93\u5217\u8868\u9875\u9762\u627e\u5230\u9700\u8981\u66f4\u65b0\u7684 Helm \u4ed3\u5e93\uff0c\u5728\u5217\u8868\u53f3\u4fa7\u70b9\u51fb \u2507 \u6309\u94ae\uff0c\u5728\u5f39\u51fa\u83dc\u5355\u4e2d\u70b9\u51fb \u5220\u9664 \u3002
\u8f93\u5165\u4ed3\u5e93\u540d\u79f0\u8fdb\u884c\u786e\u8ba4\uff0c\u70b9\u51fb \u5220\u9664 \u3002
\u8fd4\u56de Helm \u4ed3\u5e93\u5217\u8868\uff0c\u5c4f\u5e55\u63d0\u793a\u5220\u9664\u6210\u529f\u3002
\u901a\u5e38\u5728\u591a\u67b6\u6784\u96c6\u7fa4\u4e2d\uff0c\u4e5f\u4f1a\u4f7f\u7528\u591a\u67b6\u6784\u7684 Helm \u5305\u6765\u90e8\u7f72\u5e94\u7528\uff0c\u4ee5\u89e3\u51b3\u67b6\u6784\u5dee\u5f02\u5e26\u6765\u7684\u90e8\u7f72\u95ee\u9898\u3002 \u672c\u6587\u5c06\u4ecb\u7ecd\u5982\u4f55\u5c06\u5355\u67b6\u6784 Helm \u5e94\u7528\u878d\u5408\u4e3a\u591a\u67b6\u6784\uff0c\u4ee5\u53ca\u591a\u67b6\u6784\u4e0e\u591a\u67b6\u6784 Helm \u5e94\u7528\u7684\u76f8\u4e92\u878d\u5408\u3002
"},{"location":"admin/kpanda/helm/multi-archi-helm.html#_1","title":"\u5bfc\u5165","text":""},{"location":"admin/kpanda/helm/multi-archi-helm.html#_2","title":"\u5355\u67b6\u6784\u5bfc\u5165","text":"\u51c6\u5907\u597d\u5f85\u5bfc\u5165\u7684\u79bb\u7ebf\u5305 addon-offline-full-package-${version}-${arch}.tar.gz
\u3002 \u628a\u8def\u5f84\u586b\u5199\u81f3 clusterConfig.yml \u914d\u7f6e\u6587\u4ef6\uff0c\u4f8b\u5982\uff1a
addonPackage:\n path: \"/home/addon-offline-full-package-v0.9.0-amd64.tar.gz\"\n
\u7136\u540e\u6267\u884c\u5bfc\u5165\u547d\u4ee4\uff1a
~/dce5-installer cluster-create -c /home/dce5/sample/clusterConfig.yaml -m /home/dce5/sample/manifest.yaml -d -j13\n
"},{"location":"admin/kpanda/helm/multi-archi-helm.html#_3","title":"\u591a\u67b6\u6784\u878d\u5408","text":"\u51c6\u5907\u597d\u5f85\u878d\u5408\u7684\u79bb\u7ebf\u5305 addon-offline-full-package-${version}-${arch}.tar.gz
\u3002
\u4ee5 addon-offline-full-package-v0.9.0-arm64.tar.gz \u4e3a\u4f8b\uff0c\u6267\u884c\u5bfc\u5165\u547d\u4ee4\uff1a
~/dce5-installer import-addon -c /home/dce5/sample/clusterConfig.yaml --addon-path=/home/addon-offline-full-package-v0.9.0-arm64.tar.gz\n
"},{"location":"admin/kpanda/helm/multi-archi-helm.html#_4","title":"\u5347\u7ea7","text":""},{"location":"admin/kpanda/helm/multi-archi-helm.html#_5","title":"\u5355\u67b6\u6784\u5347\u7ea7","text":"\u51c6\u5907\u597d\u5f85\u5bfc\u5165\u7684\u79bb\u7ebf\u5305 addon-offline-full-package-${version}-${arch}.tar.gz
\u3002
\u628a\u8def\u5f84\u586b\u5199\u81f3 clusterConfig.yml \u914d\u7f6e\u6587\u4ef6\uff0c\u4f8b\u5982\uff1a
addonPackage:\n path: \"/home/addon-offline-full-package-v0.11.0-amd64.tar.gz\"\n
\u7136\u540e\u6267\u884c\u5bfc\u5165\u547d\u4ee4\uff1a
~/dce5-installer cluster-create -c /home/dce5/sample/clusterConfig.yaml -m /home/dce5/sample/manifest.yaml -d -j13\n
"},{"location":"admin/kpanda/helm/multi-archi-helm.html#_6","title":"\u591a\u67b6\u6784\u878d\u5408","text":"\u51c6\u5907\u597d\u5f85\u878d\u5408\u7684\u79bb\u7ebf\u5305 addon-offline-full-package-${version}-${arch}.tar.gz
\u3002
\u4ee5 addon-offline-full-package-v0.11.0-arm64.tar.gz \u4e3a\u4f8b\uff0c\u6267\u884c\u5bfc\u5165\u547d\u4ee4\uff1a
~/dce5-installer import-addon -c /home/dce5/sample/clusterConfig.yaml --addon-path=/home/addon-offline-full-package-v0.11.0-arm64.tar.gz\n
"},{"location":"admin/kpanda/helm/multi-archi-helm.html#_7","title":"\u6ce8\u610f\u4e8b\u9879","text":""},{"location":"admin/kpanda/helm/multi-archi-helm.html#_8","title":"\u78c1\u76d8\u7a7a\u95f4","text":"\u79bb\u7ebf\u5305\u6bd4\u8f83\u5927\uff0c\u4e14\u8fc7\u7a0b\u4e2d\u9700\u8981\u89e3\u538b\u548c load \u955c\u50cf\uff0c\u9700\u8981\u9884\u7559\u5145\u8db3\u7684\u7a7a\u95f4\uff0c\u5426\u5219\u53ef\u80fd\u5728\u8fc7\u7a0b\u4e2d\u62a5 \u201cno space left\u201d \u800c\u4e2d\u65ad\u3002
"},{"location":"admin/kpanda/helm/multi-archi-helm.html#_9","title":"\u5931\u8d25\u540e\u91cd\u8bd5","text":"\u5982\u679c\u5728\u591a\u67b6\u6784\u878d\u5408\u6b65\u9aa4\u6267\u884c\u5931\u8d25\uff0c\u91cd\u8bd5\u524d\u9700\u8981\u6e05\u7406\u4e00\u4e0b\u6b8b\u7559\uff1a
rm -rf addon-offline-target-package\n
"},{"location":"admin/kpanda/helm/multi-archi-helm.html#_10","title":"\u955c\u50cf\u7a7a\u95f4","text":"\u5982\u679c\u878d\u5408\u7684\u79bb\u7ebf\u5305\u4e2d\u5305\u542b\u4e86\u4e0e\u5bfc\u5165\u7684\u79bb\u7ebf\u5305\u4e0d\u4e00\u81f4\u7684\u955c\u50cf\u7a7a\u95f4\uff0c\u53ef\u80fd\u4f1a\u5728\u878d\u5408\u8fc7\u7a0b\u4e2d\u56e0\u4e3a\u955c\u50cf\u7a7a\u95f4\u4e0d\u5b58\u5728\u800c\u62a5\u9519\uff1a
\u89e3\u51b3\u529e\u6cd5\uff1a\u53ea\u9700\u8981\u5728\u878d\u5408\u4e4b\u524d\u521b\u5efa\u597d\u8be5\u955c\u50cf\u7a7a\u95f4\u5373\u53ef\uff0c\u4f8b\u5982\u4e0a\u56fe\u62a5\u9519\u53ef\u901a\u8fc7\u521b\u5efa\u955c\u50cf\u7a7a\u95f4 localhost \u63d0\u524d\u907f\u514d\u3002
"},{"location":"admin/kpanda/helm/multi-archi-helm.html#_11","title":"\u67b6\u6784\u51b2\u7a81","text":"\u5347\u7ea7\u81f3\u4f4e\u4e8e 0.12.0 \u7248\u672c\u7684 addon \u65f6\uff0c\u7531\u4e8e\u76ee\u6807\u79bb\u7ebf\u5305\u91cc\u7684 charts-syncer \u6ca1\u6709\u68c0\u67e5\u955c\u50cf\u5b58\u5728\u5219\u4e0d\u63a8\u9001\u529f\u80fd\uff0c\u56e0\u6b64\u4f1a\u5728\u5347\u7ea7\u7684\u8fc7\u7a0b\u4e2d\u4f1a\u91cd\u65b0\u628a\u591a\u67b6\u6784\u51b2\u6210\u5355\u67b6\u6784\u3002 \u4f8b\u5982\uff1a\u5728 v0.10 \u7248\u672c\u5c06 addon \u5b9e\u73b0\u4e3a\u591a\u67b6\u6784\uff0c\u6b64\u65f6\u82e5\u5347\u7ea7\u4e3a v0.11 \u7248\u672c\uff0c\u5219\u591a\u67b6\u6784 addon \u4f1a\u88ab\u8986\u76d6\u4e3a\u5355\u67b6\u6784\uff1b\u82e5\u5347\u7ea7\u4e3a 0.12.0 \u53ca\u4ee5\u4e0a\u7248\u672c\u5219\u4ecd\u80fd\u591f\u4fdd\u6301\u591a\u67b6\u6784\u3002
"},{"location":"admin/kpanda/helm/upload-helm.html","title":"\u4e0a\u4f20 Helm \u6a21\u677f","text":"\u672c\u6587\u4ecb\u7ecd\u5982\u4f55\u4e0a\u4f20 Helm \u6a21\u677f\uff0c\u64cd\u4f5c\u6b65\u9aa4\u89c1\u4e0b\u6587\u3002
\u5f15\u5165 Helm \u4ed3\u5e93\uff0c\u64cd\u4f5c\u6b65\u9aa4\u53c2\u8003\u5f15\u5165\u7b2c\u4e09\u65b9 Helm \u4ed3\u5e93\u3002
\u4e0a\u4f20 Helm Chart \u5230 Helm \u4ed3\u5e93\u3002
\u5ba2\u6237\u7aef\u4e0a\u4f20\u9875\u9762\u4e0a\u4f20Note
\u6b64\u65b9\u5f0f\u9002\u7528\u4e8e Harbor\u3001ChartMuseum\u3001JFrog \u7c7b\u578b\u4ed3\u5e93\u3002
\u767b\u5f55\u4e00\u4e2a\u53ef\u4ee5\u8bbf\u95ee\u5230 Helm \u4ed3\u5e93\u7684\u8282\u70b9\uff0c\u5c06 Helm \u4e8c\u8fdb\u5236\u6587\u4ef6\u4e0a\u4f20\u5230\u8282\u70b9\uff0c\u5e76\u5b89\u88c5 cm-push \u63d2\u4ef6\uff08\u9700\u8981\u8fde\u901a\u5916\u7f51\u5e76\u63d0\u524d\u5b89\u88c5 Git\uff09\u3002
\u5b89\u88c5\u63d2\u4ef6\u6d41\u7a0b\u53c2\u8003\u5b89\u88c5 cm-push \u63d2\u4ef6\u3002
\u63a8\u9001 Helm Chart \u5230 Helm \u4ed3\u5e93\uff0c\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff1b
helm cm-push ${charts-dir} ${HELM_REPO_URL} --username ${username} --password ${password}\n
\u5b57\u6bb5\u8bf4\u660e\uff1a
charts-dir
\uff1aHelm Chart \u7684\u76ee\u5f55\uff0c\u6216\u8005\u662f\u6253\u5305\u597d\u7684 Chart\uff08\u5373 .tgz \u6587\u4ef6\uff09\u3002HELM_REPO_URL
\uff1aHelm \u4ed3\u5e93\u7684 URL\u3002username
/password
\uff1a\u6709\u63a8\u9001\u6743\u9650\u7684 Helm \u4ed3\u5e93\u7528\u6237\u540d\u548c\u5bc6\u7801\u3002--insecure
Note
\u6b64\u65b9\u5f0f\u4ec5\u9002\u7528\u4e8e Harbor \u7c7b\u578b\u4ed3\u5e93\u3002
\u767b\u5f55\u7f51\u9875 Harbor \u4ed3\u5e93\uff0c\u8bf7\u786e\u4fdd\u767b\u5f55\u7528\u6237\u6709\u63a8\u9001\u6743\u9650\uff1b
\u8fdb\u5165\u5230\u5bf9\u5e94\u9879\u76ee\uff0c\u9009\u62e9 Helm Charts \u9875\u7b7e\uff0c\u70b9\u51fb\u9875\u9762 \u4e0a\u4f20 \u6309\u94ae\uff0c\u5b8c\u6210 Helm Chart \u4e0a\u4f20\u3002
\u540c\u6b65\u8fdc\u7aef\u4ed3\u5e93\u6570\u636e
\u624b\u52a8\u540c\u6b65\u81ea\u52a8\u540c\u6b65\u9ed8\u8ba4\u96c6\u7fa4\u672a\u5f00\u542f Helm \u4ed3\u5e93\u81ea\u52a8\u5237\u65b0 \uff0c\u9700\u8981\u6267\u884c\u624b\u52a8\u540c\u6b65\u64cd\u4f5c\uff0c\u5927\u81f4\u6b65\u9aa4\u4e3a\uff1a
\u8fdb\u5165 Helm \u5e94\u7528 -> Helm \u4ed3\u5e93 \uff0c\u70b9\u51fb\u4ed3\u5e93\u5217\u8868\u53f3\u4fa7\u7684 \u2507 \u6309\u94ae\uff0c\u9009\u62e9 \u540c\u6b65\u4ed3\u5e93 \uff0c\u5b8c\u6210\u4ed3\u5e93\u6570\u636e\u540c\u6b65\u3002
\u5982\u9700\u5f00\u542f Helm \u4ed3\u5e93\u81ea\u52a8\u540c\u6b65\u529f\u80fd\uff0c\u53ef\u8fdb\u5165 \u96c6\u7fa4\u8fd0\u7ef4 -> \u96c6\u7fa4\u8bbe\u7f6e -> \u9ad8\u7ea7\u914d\u7f6e \uff0c\u5f00\u542f Helm \u4ed3\u5e93\u81ea\u52a8\u5237\u65b0\u5f00\u5173\u3002
\u96c6\u7fa4\u5de1\u68c0\u53ef\u4ee5\u901a\u8fc7\u81ea\u52a8\u6216\u624b\u52a8\u65b9\u5f0f\uff0c\u5b9a\u671f\u6216\u968f\u65f6\u68c0\u67e5\u96c6\u7fa4\u7684\u6574\u4f53\u5065\u5eb7\u72b6\u6001\uff0c\u8ba9\u7ba1\u7406\u5458\u83b7\u5f97\u4fdd\u969c\u96c6\u7fa4\u5b89\u5168\u7684\u4e3b\u52a8\u6743\u3002 \u57fa\u4e8e\u5408\u7406\u7684\u5de1\u68c0\u8ba1\u5212\uff0c\u8fd9\u79cd\u4e3b\u52a8\u81ea\u53d1\u7684\u96c6\u7fa4\u68c0\u67e5\u53ef\u4ee5\u8ba9\u7ba1\u7406\u5458\u968f\u65f6\u638c\u63e1\u96c6\u7fa4\u72b6\u6001\uff0c\u6446\u8131\u4e4b\u524d\u51fa\u73b0\u6545\u969c\u65f6\u53ea\u80fd\u88ab\u52a8\u6392\u67e5\u95ee\u9898\u7684\u56f0\u5883\uff0c\u505a\u5230\u4e8b\u5148\u76d1\u63a7\u3001\u63d0\u524d\u9632\u8303\u3002
\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u63d0\u4f9b\u7684\u96c6\u7fa4\u5de1\u68c0\u529f\u80fd\uff0c\u652f\u6301\u4ece\u96c6\u7fa4\u3001\u8282\u70b9\u3001\u5bb9\u5668\u7ec4\uff08Pod\uff09\u4e09\u4e2a\u7ef4\u5ea6\u8fdb\u884c\u81ea\u5b9a\u4e49\u5de1\u68c0\u9879\uff0c\u5de1\u68c0\u7ed3\u675f\u540e\u4f1a\u81ea\u52a8\u751f\u6210\u53ef\u89c6\u5316\u7684\u5de1\u68c0\u62a5\u544a\u3002
\u5982\u9700\u4e86\u89e3\u6216\u6267\u884c\u5b89\u5168\u65b9\u9762\u7684\u5de1\u68c0\uff0c\u53ef\u53c2\u8003\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u652f\u6301\u7684\u5b89\u5168\u626b\u63cf\u7c7b\u578b\u3002
"},{"location":"admin/kpanda/inspect/config.html","title":"\u521b\u5efa\u5de1\u68c0\u914d\u7f6e","text":"\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u63d0\u4f9b\u96c6\u7fa4\u5de1\u68c0\u529f\u80fd\uff0c\u652f\u6301\u4ece\u96c6\u7fa4\u7ef4\u5ea6\u3001\u8282\u70b9\u7ef4\u5ea6\u3001\u5bb9\u5668\u7ec4\u7ef4\u5ea6\u8fdb\u884c\u5de1\u68c0\u3002
\u4e0b\u9762\u4ecb\u7ecd\u5982\u4f55\u521b\u5efa\u5de1\u68c0\u914d\u7f6e\u3002
"},{"location":"admin/kpanda/inspect/config.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u96c6\u7fa4\u5de1\u68c0 \u3002
\u5728\u9875\u9762\u53f3\u4fa7\u70b9\u51fb \u5de1\u68c0\u914d\u7f6e \u3002
\u53c2\u8003\u4ee5\u4e0b\u8bf4\u660e\u586b\u5199\u5de1\u68c0\u914d\u7f6e\uff0c\u7136\u540e\u5728\u9875\u9762\u5e95\u90e8\u70b9\u51fb \u786e\u5b9a \u5373\u53ef\u3002
\u53c2\u6570\u914d\u7f6e\uff1a\u53c2\u6570\u914d\u7f6e\u5206\u4e3a\u96c6\u7fa4\u7ef4\u5ea6\u3001\u8282\u70b9\u7ef4\u5ea6\u3001\u5bb9\u5668\u7ec4\u7ef4\u5ea6\u4e09\u90e8\u5206\uff0c\u53ef\u4ee5\u6839\u636e\u573a\u666f\u9700\u6c42\u542f\u7528\u6216\u7981\u7528\u67d0\u4e9b\u5de1\u68c0\u9879\u3002
\u5de1\u68c0\u914d\u7f6e\u521b\u5efa\u5b8c\u6210\u540e\uff0c\u4f1a\u81ea\u52a8\u663e\u793a\u5728\u5de1\u68c0\u914d\u7f6e\u5217\u8868\u4e2d\u3002\u5728\u914d\u7f6e\u53f3\u4fa7\u70b9\u51fb\u66f4\u591a\u64cd\u4f5c\u6309\u94ae\u53ef\u4ee5\u7acb\u5373\u6267\u884c\u5de1\u68c0\u3001\u4fee\u6539\u5de1\u68c0\u914d\u7f6e\u3001\u5220\u9664\u5de1\u68c0\u914d\u7f6e\u548c\u5de1\u68c0\u8bb0\u5f55\u3002
\u70b9\u51fb \u5220\u9664 \u53ef\u4ee5\u5220\u9664\u8be5\u5de1\u68c0\u914d\u7f6e\u548c\u5386\u53f2\u7684\u5de1\u68c0\u8bb0\u5f55
Note
\u5de1\u68c0\u914d\u7f6e\u521b\u5efa\u5b8c\u6210\u540e\uff0c\u5982\u679c\u542f\u7528\u4e86 \u5b9a\u65f6\u5de1\u68c0 \u914d\u7f6e\uff0c\u5219\u4f1a\u5728\u6307\u5b9a\u65f6\u95f4\u81ea\u52a8\u6267\u884c\u5de1\u68c0\u3002\u5982\u672a\u542f\u7528 \u5b9a\u65f6\u5de1\u68c0 \u914d\u7f6e\uff0c\u5219\u9700\u8981\u624b\u52a8\u89e6\u53d1\u5de1\u68c0\u3002
\u6b64\u9875\u4ecb\u7ecd\u5982\u4f55\u624b\u52a8\u6267\u884c\u96c6\u7fa4\u5de1\u68c0\u3002
"},{"location":"admin/kpanda/inspect/inspect.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u6267\u884c\u5de1\u68c0\u65f6\uff0c\u652f\u6301\u52fe\u9009\u591a\u4e2a\u96c6\u7fa4\u8fdb\u884c\u6279\u91cf\u5de1\u68c0\uff0c\u6216\u8005\u4ec5\u5bf9\u67d0\u4e00\u4e2a\u96c6\u7fa4\u8fdb\u884c\u5355\u72ec\u5de1\u68c0\u3002
\u6279\u91cf\u5de1\u68c0\u5355\u72ec\u5de1\u68c0\u5728\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u7684\u4e00\u7ea7\u5bfc\u822a\u680f\u70b9\u51fb \u96c6\u7fa4\u5de1\u68c0 \uff0c\u7136\u540e\u5728\u9875\u9762\u53f3\u4fa7\u70b9\u51fb \u5de1\u68c0 \u3002
\u52fe\u9009\u9700\u8981\u5de1\u68c0\u7684\u96c6\u7fa4\uff0c\u7136\u540e\u5728\u9875\u9762\u5e95\u90e8\u70b9\u51fb \u786e\u5b9a \u5373\u53ef\u3002
\u5982\u672a\u8bbe\u7f6e\u96c6\u7fa4\u5de1\u68c0\u914d\u7f6e\uff0c\u5c06\u4f7f\u7528\u7cfb\u7edf\u9ed8\u8ba4\u914d\u7f6e\u3002
\u5728\u5bf9\u5e94\u5de1\u68c0\u914d\u7f6e\u7684\u53f3\u4fa7\u70b9\u51fb \u2507 \u66f4\u591a\u64cd\u4f5c\u6309\u94ae\uff0c\u7136\u540e\u5728\u5f39\u51fa\u7684\u83dc\u5355\u4e2d\u9009\u62e9 \u5de1\u68c0 \u5373\u53ef\u3002
\u5de1\u68c0\u6267\u884c\u5b8c\u6210\u540e\uff0c\u53ef\u4ee5\u67e5\u770b\u5de1\u68c0\u8bb0\u5f55\u548c\u8be6\u7ec6\u7684\u5de1\u68c0\u62a5\u544a\u3002
"},{"location":"admin/kpanda/inspect/report.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u8fdb\u5165\u96c6\u7fa4\u5de1\u68c0\u9875\u9762\uff0c\u70b9\u51fb\u76ee\u6807\u5de1\u68c0\u96c6\u7fa4\u7684\u540d\u79f0\u3002
\u70b9\u51fb\u60f3\u8981\u67e5\u770b\u7684\u5de1\u68c0\u8bb0\u5f55\u540d\u79f0\u3002
\u67e5\u770b\u5de1\u68c0\u7684\u8be6\u7ec6\u4fe1\u606f\uff0c\u6839\u636e\u5de1\u68c0\u914d\u7f6e\u53ef\u80fd\u5305\u62ec\u96c6\u7fa4\u8d44\u6e90\u6982\u89c8\u3001\u7cfb\u7edf\u7ec4\u4ef6\u7684\u8fd0\u884c\u60c5\u51b5\u7b49\u3002
\u5728\u9875\u9762\u53f3\u4e0a\u89d2\u53ef\u4ee5\u4e0b\u8f7d\u5de1\u68c0\u62a5\u544a\u6216\u5220\u9664\u8be5\u9879\u5de1\u68c0\u62a5\u544a\u3002
\u547d\u540d\u7a7a\u95f4\u662f Kubernetes \u4e2d\u7528\u6765\u8fdb\u884c\u8d44\u6e90\u9694\u79bb\u7684\u4e00\u79cd\u62bd\u8c61\u3002\u4e00\u4e2a\u96c6\u7fa4\u4e0b\u53ef\u4ee5\u5305\u542b\u591a\u4e2a\u4e0d\u91cd\u540d\u7684\u547d\u540d\u7a7a\u95f4\uff0c\u6bcf\u4e2a\u547d\u540d\u7a7a\u95f4\u4e2d\u7684\u8d44\u6e90\u76f8\u4e92\u9694\u79bb\u3002\u6709\u5173\u547d\u540d\u7a7a\u95f4\u7684\u8be6\u7ec6\u4ecb\u7ecd\uff0c\u53ef\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u3002
\u672c\u6587\u5c06\u4ecb\u7ecd\u547d\u540d\u7a7a\u95f4\u7684\u76f8\u5173\u64cd\u4f5c\u3002
"},{"location":"admin/kpanda/namespaces/createns.html#_2","title":"\u521b\u5efa\u547d\u540d\u7a7a\u95f4","text":"\u652f\u6301\u901a\u8fc7\u8868\u5355\u8f7b\u677e\u521b\u5efa\u547d\u540d\u7a7a\u95f4\uff0c\u4e5f\u652f\u6301\u901a\u8fc7\u7f16\u5199\u6216\u5bfc\u5165 YAML \u6587\u4ef6\u5feb\u901f\u521b\u5efa\u547d\u540d\u7a7a\u95f4\u3002
Note
\u5728 \u96c6\u7fa4\u5217\u8868 \u9875\u9762\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u547d\u540d\u7a7a\u95f4 \uff0c\u7136\u540e\u70b9\u51fb\u9875\u9762\u53f3\u4fa7\u7684 \u521b\u5efa \u6309\u94ae\u3002
\u586b\u5199\u547d\u540d\u7a7a\u95f4\u7684\u540d\u79f0\uff0c\u914d\u7f6e\u5de5\u4f5c\u7a7a\u95f4\u548c\u6807\u7b7e\uff08\u53ef\u9009\u8bbe\u7f6e\uff09\uff0c\u7136\u540e\u70b9\u51fb \u786e\u5b9a \u3002
Info
\u547d\u540d\u7a7a\u95f4\u7ed1\u5b9a\u5de5\u4f5c\u7a7a\u95f4\u4e4b\u540e\uff0c\u8be5\u547d\u540d\u7a7a\u95f4\u7684\u8d44\u6e90\u5c31\u4f1a\u5171\u4eab\u7ed9\u6240\u7ed1\u5b9a\u7684\u5de5\u4f5c\u7a7a\u95f4\u3002\u6709\u5173\u5de5\u4f5c\u7a7a\u95f4\u7684\u8be6\u7ec6\u8bf4\u660e\uff0c\u53ef\u53c2\u8003\u5de5\u4f5c\u7a7a\u95f4\u4e0e\u5c42\u7ea7\u3002
\u547d\u540d\u7a7a\u95f4\u521b\u5efa\u5b8c\u6210\u540e\uff0c\u4ecd\u7136\u53ef\u4ee5\u7ed1\u5b9a/\u89e3\u7ed1\u5de5\u4f5c\u7a7a\u95f4\u3002
\u70b9\u51fb \u786e\u5b9a \uff0c\u5b8c\u6210\u547d\u540d\u7a7a\u95f4\u7684\u521b\u5efa\u3002\u5728\u547d\u540d\u7a7a\u95f4\u5217\u8868\u53f3\u4fa7\uff0c\u70b9\u51fb \u2507 \uff0c\u53ef\u4ee5\u4ece\u5f39\u51fa\u83dc\u5355\u4e2d\u9009\u62e9\u67e5\u770b YAML\u3001\u4fee\u6539\u6807\u7b7e\u3001\u7ed1\u5b9a/\u89e3\u7ed1\u5de5\u4f5c\u7a7a\u95f4\u3001\u914d\u989d\u7ba1\u7406\u3001\u5220\u9664\u7b49\u66f4\u591a\u64cd\u4f5c\u3002
\u5728 \u96c6\u7fa4\u5217\u8868 \u9875\u9762\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u547d\u540d\u7a7a\u95f4 \uff0c\u7136\u540e\u70b9\u51fb\u9875\u9762\u53f3\u4fa7\u7684 YAML \u521b\u5efa \u6309\u94ae\u3002
\u8f93\u5165\u6216\u7c98\u8d34\u4e8b\u5148\u51c6\u5907\u597d\u7684 YAML \u5185\u5bb9\uff0c\u6216\u8005\u4ece\u672c\u5730\u76f4\u63a5\u5bfc\u5165\u5df2\u6709\u7684 YAML \u6587\u4ef6\u3002
\u8f93\u5165 YAML \u5185\u5bb9\u540e\uff0c\u70b9\u51fb \u4e0b\u8f7d \u53ef\u4ee5\u5c06\u8be5 YAML \u6587\u4ef6\u4fdd\u5b58\u5230\u672c\u5730\u3002
\u6700\u540e\u5728\u5f39\u6846\u53f3\u4e0b\u89d2\u70b9\u51fb \u786e\u5b9a \u5373\u53ef\u3002
\u547d\u540d\u7a7a\u95f4\u72ec\u4eab\u8282\u70b9\u6307\u5728 kubernetes \u96c6\u7fa4\u4e2d\uff0c\u901a\u8fc7\u6c61\u70b9\u548c\u6c61\u70b9\u5bb9\u5fcd\u7684\u65b9\u5f0f\u5b9e\u73b0\u7279\u5b9a\u547d\u540d\u7a7a\u95f4\u5bf9\u4e00\u4e2a\u6216\u591a\u4e2a\u8282\u70b9 CPU\u3001\u5185\u5b58\u7b49\u8d44\u6e90\u7684\u72ec\u4eab\u3002\u4e3a\u7279\u5b9a\u547d\u540d\u7a7a\u95f4\u914d\u7f6e\u72ec\u4eab\u8282\u70b9\u540e\uff0c\u5176\u5b83\u975e\u6b64\u547d\u540d\u7a7a\u95f4\u7684\u5e94\u7528\u548c\u670d\u52a1\u5747\u4e0d\u80fd\u8fd0\u884c\u5728\u88ab\u72ec\u4eab\u7684\u8282\u70b9\u4e0a\u3002\u4f7f\u7528\u72ec\u4eab\u8282\u70b9\u53ef\u4ee5\u8ba9\u91cd\u8981\u5e94\u7528\u72ec\u4eab\u4e00\u90e8\u5206\u8ba1\u7b97\u8d44\u6e90\uff0c\u4ece\u800c\u548c\u5176\u4ed6\u5e94\u7528\u5b9e\u73b0\u7269\u7406\u9694\u79bb\u3002
Note
\u5728\u8282\u70b9\u88ab\u8bbe\u7f6e\u4e3a\u72ec\u4eab\u8282\u70b9\u524d\u5df2\u7ecf\u8fd0\u884c\u5728\u6b64\u8282\u70b9\u4e0a\u7684\u5e94\u7528\u548c\u670d\u52a1\u5c06\u4e0d\u4f1a\u53d7\u5f71\u54cd\uff0c\u4f9d\u7136\u4f1a\u6b63\u5e38\u8fd0\u884c\u5728\u8be5\u8282\u70b9\u4e0a\uff0c\u4ec5\u5f53\u8fd9\u4e9b Pod \u88ab\u5220\u9664\u6216\u91cd\u5efa\u65f6\uff0c\u624d\u4f1a\u8c03\u5ea6\u5230\u5176\u5b83\u975e\u72ec\u4eab\u8282\u70b9\u4e0a\u3002
"},{"location":"admin/kpanda/namespaces/exclusive.html#_2","title":"\u51c6\u5907\u5de5\u4f5c","text":"\u68c0\u67e5\u5f53\u524d\u96c6\u7fa4\u7684 kube-apiserver \u662f\u5426\u542f\u7528\u4e86 PodNodeSelector \u548c PodTolerationRestriction \u51c6\u5165\u63a7\u5236\u5668\u3002
\u4f7f\u7528\u547d\u540d\u7a7a\u95f4\u72ec\u4eab\u8282\u70b9\u529f\u80fd\u9700\u8981\u7528\u6237\u542f\u7528 kube-apiserver \u4e0a\u7684 PodNodeSelector \u548c PodTolerationRestriction \u4e24\u4e2a\u7279\u6027\u51c6\u5165\u63a7\u5236\u5668\uff08Admission Controllers\uff09\uff0c\u5173\u4e8e\u51c6\u5165\u63a7\u5236\u5668\u66f4\u591a\u8bf4\u660e\u8bf7\u53c2\u9605 kubernetes Admission Controllers Reference\u3002
\u60a8\u53ef\u4ee5\u524d\u5f80\u5f53\u524d\u96c6\u7fa4\u4e0b\u4efb\u610f\u4e00\u4e2a Master \u8282\u70b9\u4e0a\u68c0\u67e5 kube-apiserver.yaml \u6587\u4ef6\u5185\u662f\u5426\u542f\u7528\u4e86\u8fd9\u4e24\u4e2a\u7279\u6027\uff0c\u4e5f\u53ef\u4ee5\u5728 Master \u8282\u70b9\u4e0a\u6267\u884c\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u5feb\u901f\u68c0\u67e5\uff1a
```bash\n[root@g-master1 ~]# cat /etc/kubernetes/manifests/kube-apiserver.yaml | grep enable-admission-plugins\n\n# \u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a\n- --enable-admission-plugins=NodeRestriction,PodNodeSelector,PodTolerationRestriction\n```\n
"},{"location":"admin/kpanda/namespaces/exclusive.html#_3","title":"\u5728\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4e0a\u542f\u7528\u547d\u540d\u7a7a\u95f4\u72ec\u4eab\u8282\u70b9","text":"\u7531\u4e8e\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4e0a\u8fd0\u884c\u7740 kpanda\u3001ghippo\u3001insight \u7b49\u5e73\u53f0\u57fa\u7840\u7ec4\u4ef6\uff0c\u5728 Global \u542f\u7528\u547d\u540d\u7a7a\u95f4\u72ec\u4eab\u8282\u70b9\u5c06\u53ef\u80fd\u5bfc\u81f4\u5f53\u7cfb\u7edf\u7ec4\u4ef6\u91cd\u542f\u540e\uff0c\u7cfb\u7edf\u7ec4\u4ef6\u65e0\u6cd5\u8c03\u5ea6\u5230\u88ab\u72ec\u4eab\u7684\u8282\u70b9\u4e0a\uff0c\u5f71\u54cd\u7cfb\u7edf\u7684\u6574\u4f53\u9ad8\u53ef\u7528\u80fd\u529b\u3002\u56e0\u6b64\uff0c\u901a\u5e38\u60c5\u51b5\u4e0b\uff0c\u6211\u4eec\u4e0d\u63a8\u8350\u7528\u6237\u5728\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4e0a\u542f\u7528\u547d\u540d\u7a7a\u95f4\u72ec\u4eab\u8282\u70b9\u7279\u6027\u3002
\u5982\u679c\u60a8\u786e\u5b9e\u9700\u8981\u5728\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4e0a\u542f\u7528\u547d\u540d\u7a7a\u95f4\u72ec\u4eab\u8282\u70b9\uff0c\u8bf7\u53c2\u8003\u4ee5\u4e0b\u6b65\u9aa4\u8fdb\u884c\u5f00\u542f\uff1a
\u4e3a\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u7684 kube-apiserver \u542f\u7528\u4e86 PodNodeSelector \u548c PodTolerationRestriction \u51c6\u5165\u63a7\u5236\u5668
Note
\u5982\u679c\u96c6\u7fa4\u5df2\u542f\u7528\u4e86\u4e0a\u8ff0\u7684\u4e24\u4e2a\u51c6\u5165\u63a7\u5236\u5668\uff0c\u8bf7\u8df3\u8fc7\u6b64\u6b65\uff0c\u76f4\u63a5\u524d\u5f80\u914d\u7f6e\u7cfb\u7edf\u7ec4\u4ef6\u5bb9\u5fcd\u3002
\u524d\u5f80\u5f53\u524d\u96c6\u7fa4\u4e0b\u4efb\u610f\u4e00\u4e2a Master \u8282\u70b9\u4e0a\u4fee\u6539 kube-apiserver.yaml \u914d\u7f6e\u6587\u4ef6\uff0c\u4e5f\u53ef\u4ee5\u5728 Master \u8282\u70b9\u4e0a\u6267\u884c\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u914d\u7f6e\uff1a
[root@g-master1 ~]# vi /etc/kubernetes/manifests/kube-apiserver.yaml\n\n# \u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a\napiVersion: v1\nkind: Pod\nmetadata:\n ......\nspec:\ncontainers:\n- command:\n - kube-apiserver\n ......\n - --default-not-ready-toleration-seconds=300\n - --default-unreachable-toleration-seconds=300\n - --enable-admission-plugins=NodeRestriction #\u542f\u7528\u7684\u51c6\u5165\u63a7\u5236\u5668\u5217\u8868\n - --enable-aggregator-routing=False\n - --enable-bootstrap-token-auth=true\n - --endpoint-reconciler-type=lease\n - --etcd-cafile=/etc/kubernetes/ssl/etcd/ca.crt\n ......\n
\u627e\u5230 --enable-admission-plugins \u53c2\u6570\uff0c\u52a0\u5165\uff08\u4ee5\u82f1\u6587\u9017\u53f7\u5206\u9694\u7684\uff09 PodNodeSelector \u548c PodTolerationRestriction \u51c6\u5165\u63a7\u5236\u5668\u3002\u53c2\u8003\u5982\u4e0b\uff1a
# \u52a0\u5165 __ ,PodNodeSelector,PodTolerationRestriction__ \n- --enable-admission-plugins=NodeRestriction,PodNodeSelector,PodTolerationRestriction \n
\u4e3a\u5e73\u53f0\u7ec4\u4ef6\u6240\u5728\u7684\u547d\u540d\u7a7a\u95f4\u6dfb\u52a0\u5bb9\u5fcd\u6ce8\u89e3
\u5b8c\u6210\u51c6\u5165\u63a7\u5236\u5668\u7684\u5f00\u542f\u540e\uff0c\u60a8\u9700\u8981\u4e3a\u5e73\u53f0\u7ec4\u4ef6\u6240\u5728\u7684\u547d\u540d\u7a7a\u95f4\u6dfb\u52a0\u5bb9\u5fcd\u6ce8\u89e3\uff0c\u4ee5\u4fdd\u8bc1\u5e73\u53f0\u7ec4\u4ef6\u7684\u9ad8\u53ef\u7528\u3002
\u76ee\u524d\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u7684\u7cfb\u7edf\u7ec4\u4ef6\u547d\u540d\u7a7a\u95f4\u5982\u4e0b\u8868\uff1a
\u547d\u540d\u7a7a\u95f4 \u6240\u5305\u542b\u7684\u7cfb\u7edf\u7ec4\u4ef6 kpanda-system kpanda hwameiStor-system hwameiStor istio-system istio metallb-system metallb cert-manager-system cert-manager contour-system contour kubean-system kubean ghippo-system ghippo kcoral-system kcoral kcollie-system kcollie insight-system insight\u3001insight-agent: ipavo-system ipavo kairship-system kairship karmada-system karmada amamba-system amamba\u3001jenkins skoala-system skoala mspider-system mspider mcamel-system mcamel-rabbitmq\u3001mcamel-elasticsearch\u3001mcamel-mysql\u3001mcamel-redis\u3001mcamel-kafka\u3001mcamel-minio\u3001mcamel-postgresql spidernet-system spidernet kangaroo-system kangaroo gmagpie-system gmagpie dowl-system dowl\u68c0\u67e5\u5f53\u524d\u96c6\u7fa4\u4e2d\u6240\u6709\u547d\u540d\u7a7a\u95f4\u662f\u5426\u5b58\u5728\u4e0a\u8ff0\u7684\u547d\u540d\u7a7a\u95f4\uff0c\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5206\u522b\u4e3a\u6bcf\u4e2a\u547d\u540d\u7a7a\u95f4\u6dfb\u52a0\u6ce8\u89e3\uff1a scheduler.alpha.kubernetes.io/defaultTolerations: '[{\"operator\": \"Exists\", \"effect\": \"NoSchedule\", \"key\": \"ExclusiveNamespace\"}]'
\u3002
kubectl annotate ns <namespace-name> scheduler.alpha.kubernetes.io/defaultTolerations: '[{\"operator\": \"Exists\", \"effect\": \n\"NoSchedule\", \"key\": \"ExclusiveNamespace\"}]'\n
\u8bf7\u786e\u4fdd\u5c06 <namespace-name>
\u66ff\u6362\u4e3a\u8981\u6dfb\u52a0\u6ce8\u89e3\u7684\u5e73\u53f0\u547d\u540d\u7a7a\u95f4\u540d\u79f0\u3002 \u4f7f\u7528\u754c\u9762\u4e3a\u547d\u540d\u7a7a\u95f4\u8bbe\u7f6e\u72ec\u4eab\u8282\u70b9
\u5f53\u60a8\u786e\u8ba4\u96c6\u7fa4 API \u670d\u52a1\u5668\u4e0a\u7684 PodNodeSelector \u548c PodTolerationRestriction \u4e24\u4e2a\u7279\u6027\u51c6\u5165\u63a7\u5236\u5668\u5df2\u7ecf\u5f00\u542f\u540e\uff0c\u8bf7\u53c2\u8003\u5982\u4e0b\u6b65\u9aa4\u4f7f\u7528\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u7684 UI \u7ba1\u7406\u754c\u9762\u4e3a\u547d\u540d\u7a7a\u95f4\u8bbe\u7f6e\u72ec\u4eab\u8282\u70b9\u4e86\u3002
\u5728\u96c6\u7fa4\u5217\u8868\u9875\u9762\u70b9\u51fb\u96c6\u7fa4\u540d\u79f0\uff0c\u7136\u540e\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u547d\u540d\u7a7a\u95f4 \u3002
\u70b9\u51fb\u547d\u540d\u7a7a\u95f4\u540d\u79f0\uff0c\u7136\u540e\u70b9\u51fb \u72ec\u4eab\u8282\u70b9 \u9875\u7b7e\uff0c\u5728\u4e0b\u65b9\u53f3\u4fa7\u70b9\u51fb \u6dfb\u52a0\u8282\u70b9 \u3002
\u5728\u9875\u9762\u5de6\u4fa7\u9009\u62e9\u8ba9\u8be5\u547d\u540d\u7a7a\u95f4\u72ec\u4eab\u54ea\u4e9b\u8282\u70b9\uff0c\u5728\u53f3\u4fa7\u53ef\u4ee5\u6e05\u7a7a\u6216\u5220\u9664\u67d0\u4e2a\u5df2\u9009\u8282\u70b9\uff0c\u6700\u540e\u5728\u5e95\u90e8\u70b9\u51fb \u786e\u5b9a \u3002
\u53ef\u4ee5\u5728\u5217\u8868\u4e2d\u67e5\u770b\u6b64\u547d\u540d\u7a7a\u95f4\u7684\u5df2\u6709\u7684\u72ec\u4eab\u8282\u70b9\uff0c\u5728\u8282\u70b9\u53f3\u4fa7\u53ef\u4ee5\u9009\u62e9 \u53d6\u6d88\u72ec\u4eab \u3002
\u53d6\u6d88\u72ec\u4eab\u4e4b\u540e\uff0c\u5176\u4ed6\u547d\u540d\u7a7a\u95f4\u4e0b\u7684 Pod \u4e5f\u53ef\u4ee5\u88ab\u8c03\u5ea6\u5230\u8be5\u8282\u70b9\u4e0a\u3002
\u5728 \u975e\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4e0a\u542f\u7528\u547d\u540d\u7a7a\u95f4\u72ec\u4eab\u8282\u70b9\uff0c\u8bf7\u53c2\u8003\u4ee5\u4e0b\u6b65\u9aa4\u8fdb\u884c\u5f00\u542f\uff1a
\u4e3a\u5f53\u524d\u96c6\u7fa4\u7684 kube-apiserver \u542f\u7528\u4e86 PodNodeSelector \u548c PodTolerationRestriction \u51c6\u5165\u63a7\u5236\u5668
Note
\u5982\u679c\u96c6\u7fa4\u5df2\u542f\u7528\u4e86\u4e0a\u8ff0\u7684\u4e24\u4e2a\u51c6\u5165\u63a7\u5236\u5668\uff0c\u8bf7\u8df3\u8fc7\u6b64\u6b65\uff0c\u76f4\u63a5\u524d\u5f80\u754c\u9762\u4e3a\u547d\u540d\u7a7a\u95f4\u8bbe\u7f6e\u72ec\u4eab\u8282\u70b9
\u524d\u5f80\u5f53\u524d\u96c6\u7fa4\u4e0b\u4efb\u610f\u4e00\u4e2a Master \u8282\u70b9\u4e0a\u4fee\u6539 kube-apiserver.yaml \u914d\u7f6e\u6587\u4ef6\uff0c\u4e5f\u53ef\u4ee5\u5728 Master \u8282\u70b9\u4e0a\u6267\u884c\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u914d\u7f6e\uff1a
[root@g-master1 ~]# vi /etc/kubernetes/manifests/kube-apiserver.yaml\n\n# \u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a\napiVersion: v1\nkind: Pod\nmetadata:\n ......\nspec:\ncontainers:\n- command:\n - kube-apiserver\n ......\n - --default-not-ready-toleration-seconds=300\n - --default-unreachable-toleration-seconds=300\n - --enable-admission-plugins=NodeRestriction #\u542f\u7528\u7684\u51c6\u5165\u63a7\u5236\u5668\u5217\u8868\n - --enable-aggregator-routing=False\n - --enable-bootstrap-token-auth=true\n - --endpoint-reconciler-type=lease\n - --etcd-cafile=/etc/kubernetes/ssl/etcd/ca.crt\n ......\n
\u627e\u5230 --enable-admission-plugins \u53c2\u6570\uff0c\u52a0\u5165\uff08\u4ee5\u82f1\u6587\u9017\u53f7\u5206\u9694\u7684\uff09 PodNodeSelector \u548c PodTolerationRestriction \u51c6\u5165\u63a7\u5236\u5668\u3002\u53c2\u8003\u5982\u4e0b\uff1a
# \u52a0\u5165 __ ,PodNodeSelector,PodTolerationRestriction__ \n- --enable-admission-plugins=NodeRestriction,PodNodeSelector,PodTolerationRestriction \n
\u4f7f\u7528\u754c\u9762\u4e3a\u547d\u540d\u7a7a\u95f4\u8bbe\u7f6e\u72ec\u4eab\u8282\u70b9
\u5f53\u60a8\u786e\u8ba4\u96c6\u7fa4 API \u670d\u52a1\u5668\u4e0a\u7684 PodNodeSelector \u548c PodTolerationRestriction \u4e24\u4e2a\u7279\u6027\u51c6\u5165\u63a7\u5236\u5668\u5df2\u7ecf\u5f00\u542f\u540e\uff0c\u8bf7\u53c2\u8003\u5982\u4e0b\u6b65\u9aa4\u4f7f\u7528\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u7684 UI \u7ba1\u7406\u754c\u9762\u4e3a\u547d\u540d\u7a7a\u95f4\u8bbe\u7f6e\u72ec\u4eab\u8282\u70b9\u4e86\u3002
\u5728\u96c6\u7fa4\u5217\u8868\u9875\u9762\u70b9\u51fb\u96c6\u7fa4\u540d\u79f0\uff0c\u7136\u540e\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u547d\u540d\u7a7a\u95f4 \u3002
\u70b9\u51fb\u547d\u540d\u7a7a\u95f4\u540d\u79f0\uff0c\u7136\u540e\u70b9\u51fb \u72ec\u4eab\u8282\u70b9 \u9875\u7b7e\uff0c\u5728\u4e0b\u65b9\u53f3\u4fa7\u70b9\u51fb \u6dfb\u52a0\u8282\u70b9 \u3002
\u5728\u9875\u9762\u5de6\u4fa7\u9009\u62e9\u8ba9\u8be5\u547d\u540d\u7a7a\u95f4\u72ec\u4eab\u54ea\u4e9b\u8282\u70b9\uff0c\u5728\u53f3\u4fa7\u53ef\u4ee5\u6e05\u7a7a\u6216\u5220\u9664\u67d0\u4e2a\u5df2\u9009\u8282\u70b9\uff0c\u6700\u540e\u5728\u5e95\u90e8\u70b9\u51fb \u786e\u5b9a \u3002
\u53ef\u4ee5\u5728\u5217\u8868\u4e2d\u67e5\u770b\u6b64\u547d\u540d\u7a7a\u95f4\u7684\u5df2\u6709\u7684\u72ec\u4eab\u8282\u70b9\uff0c\u5728\u8282\u70b9\u53f3\u4fa7\u53ef\u4ee5\u9009\u62e9 \u53d6\u6d88\u72ec\u4eab \u3002
\u53d6\u6d88\u72ec\u4eab\u4e4b\u540e\uff0c\u5176\u4ed6\u547d\u540d\u7a7a\u95f4\u4e0b\u7684 Pod \u4e5f\u53ef\u4ee5\u88ab\u8c03\u5ea6\u5230\u8be5\u8282\u70b9\u4e0a\u3002
\u4e3a\u9700\u8981\u9ad8\u53ef\u7528\u7684\u7ec4\u4ef6\u6240\u5728\u7684\u547d\u540d\u7a7a\u95f4\u6dfb\u52a0\u5bb9\u5fcd\u6ce8\u89e3\uff08\u53ef\u9009\uff09
\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u9700\u8981\u9ad8\u53ef\u7528\u7684\u7ec4\u4ef6\u6240\u5728\u7684\u547d\u540d\u7a7a\u95f4\u6dfb\u52a0\u6ce8\u89e3\uff1ascheduler.alpha.kubernetes.io/defaultTolerations: '[{\"operator\": \"Exists\", \"effect\": \"NoSchedule\", \"key\": \"ExclusiveNamespace\"}]'
\u3002
kubectl annotate ns <namespace-name> scheduler.alpha.kubernetes.io/defaultTolerations: '[{\"operator\": \"Exists\", \"effect\": \n\"NoSchedule\", \"key\": \"ExclusiveNamespace\"}]'\n
\u8bf7\u786e\u4fdd\u5c06 <namespace-name>
\u66ff\u6362\u4e3a\u8981\u6dfb\u52a0\u6ce8\u89e3\u7684\u5e73\u53f0\u547d\u540d\u7a7a\u95f4\u540d\u79f0\u3002
\u5bb9\u5668\u7ec4\u5b89\u5168\u7b56\u7565\u6307\u5728 kubernetes \u96c6\u7fa4\u4e2d\uff0c\u901a\u8fc7\u4e3a\u6307\u5b9a\u547d\u540d\u7a7a\u95f4\u914d\u7f6e\u4e0d\u540c\u7684\u7b49\u7ea7\u548c\u6a21\u5f0f\uff0c\u5b9e\u73b0\u5728\u5b89\u5168\u7684\u5404\u4e2a\u65b9\u9762\u63a7\u5236 Pod \u7684\u884c\u4e3a\uff0c\u53ea\u6709\u6ee1\u8db3\u4e00\u5b9a\u7684\u6761\u4ef6\u7684 Pod \u624d\u4f1a\u88ab\u7cfb\u7edf\u63a5\u53d7\u3002\u5b83\u8bbe\u7f6e\u4e09\u4e2a\u7b49\u7ea7\u548c\u4e09\u79cd\u6a21\u5f0f\uff0c\u7528\u6237\u53ef\u4ee5\u6839\u636e\u81ea\u5df1\u7684\u9700\u6c42\u9009\u62e9\u66f4\u52a0\u5408\u9002\u7684\u65b9\u6848\u6765\u8bbe\u7f6e\u9650\u5236\u7b56\u7565\u3002
Note
\u4e00\u6761\u5b89\u5168\u6a21\u5f0f\u4ec5\u80fd\u914d\u7f6e\u4e00\u6761\u5b89\u5168\u7b56\u7565\u3002\u540c\u65f6\u8bf7\u8c28\u614e\u4e3a\u547d\u540d\u7a7a\u95f4\u914d\u7f6e enforce \u7684\u5b89\u5168\u6a21\u5f0f\uff0c\u8fdd\u53cd\u540e\u5c06\u4f1a\u5bfc\u81f4 Pod \u65e0\u6cd5\u521b\u5efa\u3002
\u672c\u8282\u5c06\u4ecb\u7ecd\u5982\u4f55\u901a\u8fc7\u5bb9\u5668\u7ba1\u7406\u754c\u9762\u4e3a\u547d\u540d\u7a7a\u95f4\u914d\u7f6e\u5bb9\u5668\u7ec4\u5b89\u5168\u7b56\u7565\u3002
"},{"location":"admin/kpanda/namespaces/podsecurity.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u5df2\u63a5\u5165 Kubernetes \u96c6\u7fa4\u6216\u8005\u5df2\u521b\u5efa Kubernetes \u96c6\u7fa4\uff0c\u96c6\u7fa4\u7684\u7248\u672c\u9700\u8981\u5728 v1.22 \u4ee5\u4e0a\uff0c\u4e14\u80fd\u591f\u8bbf\u95ee\u96c6\u7fa4\u7684 UI \u754c\u9762\u3002
\u5df2\u5b8c\u6210\u4e00\u4e2a\u547d\u540d\u7a7a\u95f4\u7684\u521b\u5efa\u3001\u7528\u6237\u7684\u521b\u5efa\uff0c\u5e76\u4e3a\u7528\u6237\u6388\u4e88 NS Admin \u6216\u66f4\u9ad8\u6743\u9650\uff0c\u8be6\u60c5\u53ef\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u6388\u6743\u3002
\u9009\u62e9\u9700\u8981\u914d\u7f6e\u5bb9\u5668\u7ec4\u5b89\u5168\u7b56\u7565\u7684\u547d\u540d\u7a7a\u95f4\uff0c\u8fdb\u5165\u8be6\u60c5\u9875\u3002\u5728 \u5bb9\u5668\u7ec4\u5b89\u5168\u7b56\u7565 \u9875\u9762\u70b9\u51fb \u914d\u7f6e\u7b56\u7565 \uff0c\u8fdb\u5165\u914d\u7f6e\u9875\u3002
\u5728\u914d\u7f6e\u9875\u70b9\u51fb \u6dfb\u52a0\u7b56\u7565 \uff0c\u5219\u4f1a\u51fa\u73b0\u4e00\u6761\u7b56\u7565\uff0c\u5305\u62ec\u5b89\u5168\u7ea7\u522b\u548c\u5b89\u5168\u6a21\u5f0f\uff0c\u4ee5\u4e0b\u662f\u5bf9\u5b89\u5168\u7ea7\u522b\u548c\u5b89\u5168\u7b56\u7565\u7684\u8be6\u7ec6\u4ecb\u7ecd\u3002
\u5b89\u5168\u7ea7\u522b \u63cf\u8ff0 Privileged \u4e0d\u53d7\u9650\u5236\u7684\u7b56\u7565\uff0c\u63d0\u4f9b\u6700\u5927\u53ef\u80fd\u8303\u56f4\u7684\u6743\u9650\u8bb8\u53ef\u3002\u6b64\u7b56\u7565\u5141\u8bb8\u5df2\u77e5\u7684\u7279\u6743\u63d0\u5347\u3002 Baseline \u9650\u5236\u6027\u6700\u5f31\u7684\u7b56\u7565\uff0c\u7981\u6b62\u5df2\u77e5\u7684\u7b56\u7565\u63d0\u5347\u3002\u5141\u8bb8\u4f7f\u7528\u9ed8\u8ba4\u7684\uff08\u89c4\u5b9a\u6700\u5c11\uff09Pod \u914d\u7f6e\u3002 Restricted \u9650\u5236\u6027\u975e\u5e38\u5f3a\u7684\u7b56\u7565\uff0c\u9075\u5faa\u5f53\u524d\u7684\u4fdd\u62a4 Pod \u7684\u6700\u4f73\u5b9e\u8df5\u3002 \u5b89\u5168\u6a21\u5f0f \u63cf\u8ff0 Audit \u8fdd\u53cd\u6307\u5b9a\u7b56\u7565\u4f1a\u5728\u5ba1\u8ba1\u65e5\u5fd7\u4e2d\u6dfb\u52a0\u65b0\u7684\u5ba1\u8ba1\u4e8b\u4ef6\uff0cPod \u53ef\u4ee5\u88ab\u521b\u5efa\u3002 Warn \u8fdd\u53cd\u6307\u5b9a\u7b56\u7565\u4f1a\u8fd4\u56de\u7528\u6237\u53ef\u89c1\u7684\u544a\u8b66\u4fe1\u606f\uff0cPod \u53ef\u4ee5\u88ab\u521b\u5efa\u3002 Enforce \u8fdd\u53cd\u6307\u5b9a\u7b56\u7565\u4f1a\u5bfc\u81f4 Pod \u65e0\u6cd5\u521b\u5efa\u3002\u4e0d\u540c\u7684\u5b89\u5168\u7ea7\u522b\u5bf9\u5e94\u4e0d\u540c\u7684\u68c0\u67e5\u9879\uff0c\u82e5\u60a8\u4e0d\u77e5\u9053\u8be5\u5982\u4f55\u4e3a\u60a8\u7684\u547d\u540d\u7a7a\u95f4\u914d\u7f6e\uff0c\u53ef\u4ee5\u70b9\u51fb\u9875\u9762\u53f3\u4e0a\u89d2\u7684 \u7b56\u7565\u914d\u7f6e\u9879\u8bf4\u660e \u67e5\u770b\u8be6\u7ec6\u4fe1\u606f\u3002
\u70b9\u51fb\u786e\u5b9a\uff0c\u82e5\u521b\u5efa\u6210\u529f\uff0c\u5219\u9875\u9762\u4e0a\u5c06\u51fa\u73b0\u60a8\u914d\u7f6e\u7684\u5b89\u5168\u7b56\u7565\u3002
\u70b9\u51fb \u2507 \u8fd8\u53ef\u4ee5\u7f16\u8f91\u6216\u8005\u5220\u9664\u60a8\u914d\u7f6e\u7684\u5b89\u5168\u7b56\u7565\u3002
\u5728 Kubernetes \u96c6\u7fa4\u4e2d\uff0cIngress \u516c\u5f00\u4ece\u96c6\u7fa4\u5916\u90e8\u5230\u96c6\u7fa4\u5185\u670d\u52a1\u7684 HTTP \u548c HTTPS \u8def\u7531\u3002 \u6d41\u91cf\u8def\u7531\u7531 Ingress \u8d44\u6e90\u4e0a\u5b9a\u4e49\u7684\u89c4\u5219\u63a7\u5236\u3002\u4e0b\u9762\u662f\u4e00\u4e2a\u5c06\u6240\u6709\u6d41\u91cf\u90fd\u53d1\u9001\u5230\u540c\u4e00 Service \u7684\u7b80\u5355 Ingress \u793a\u4f8b\uff1a
Ingress \u662f\u5bf9\u96c6\u7fa4\u4e2d\u670d\u52a1\u7684\u5916\u90e8\u8bbf\u95ee\u8fdb\u884c\u7ba1\u7406\u7684 API \u5bf9\u8c61\uff0c\u5178\u578b\u7684\u8bbf\u95ee\u65b9\u5f0f\u662f HTTP\u3002Ingress \u53ef\u4ee5\u63d0\u4f9b\u8d1f\u8f7d\u5747\u8861\u3001SSL \u7ec8\u7ed3\u548c\u57fa\u4e8e\u540d\u79f0\u7684\u865a\u62df\u6258\u7ba1\u3002
"},{"location":"admin/kpanda/network/create-ingress.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u4ee5 NS Editor \u7528\u6237\u6210\u529f\u767b\u5f55\u540e\uff0c\u70b9\u51fb\u5de6\u4e0a\u89d2\u7684 \u96c6\u7fa4\u5217\u8868 \u8fdb\u5165 \u96c6\u7fa4\u5217\u8868 \u9875\u9762\u3002\u5728\u96c6\u7fa4\u5217\u8868\u4e2d\uff0c\u70b9\u51fb\u4e00\u4e2a\u96c6\u7fa4\u540d\u79f0\u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u4e2d\uff0c\u70b9\u51fb \u5bb9\u5668\u7f51\u7edc -> \u8def\u7531 \u8fdb\u5165\u670d\u52a1\u5217\u8868\uff0c\u70b9\u51fb\u53f3\u4e0a\u89d2 \u521b\u5efa\u8def\u7531 \u6309\u94ae\u3002
Note
\u4e5f\u53ef\u4ee5\u901a\u8fc7 YAML \u521b\u5efa \u4e00\u4e2a\u8def\u7531\u3002
\u6253\u5f00 \u521b\u5efa\u8def\u7531 \u9875\u9762\uff0c\u8fdb\u884c\u914d\u7f6e\u3002\u53ef\u9009\u62e9\u4e24\u79cd\u534f\u8bae\u7c7b\u578b\uff0c\u53c2\u8003\u4ee5\u4e0b\u4e24\u4e2a\u53c2\u6570\u8868\u8fdb\u884c\u914d\u7f6e\u3002
\u8f93\u5165\u5982\u4e0b\u53c2\u6570\uff1a
nginx.ingress.kubernetes.io/upstream-hash-by: \"$binary_remote_addr\"
nginx.ingress.kubernetes.io/affinity: \"cookie\"\u3002nginx.ingress.kubernetes.io/affinity-mode: persistent
nginx.ingress.kubernetes.io/upstream-hash-by: \"$http_x_forwarded_for\"
\u8f93\u5165\u5982\u4e0b\u53c2\u6570\uff1a
Note
\u6ce8\u610f\uff1a\u4e0e HTTP \u534f\u8bae \u8bbe\u7f6e\u8def\u7531\u89c4\u5219 \u4e0d\u540c\uff0c\u589e\u52a0\u5bc6\u94a5\u9009\u62e9\u8bc1\u4e66\uff0c\u5176\u4ed6\u57fa\u672c\u4e00\u81f4\u3002
\u914d\u7f6e\u5b8c\u6240\u6709\u53c2\u6570\u540e\uff0c\u70b9\u51fb \u786e\u5b9a \u6309\u94ae\uff0c\u81ea\u52a8\u8fd4\u56de\u8def\u7531\u5217\u8868\u3002\u5728\u5217\u8868\u53f3\u4fa7\uff0c\u70b9\u51fb \u2507 \uff0c\u53ef\u4ee5\u4fee\u6539\u6216\u5220\u9664\u6240\u9009\u8def\u7531\u3002
"},{"location":"admin/kpanda/network/create-services.html","title":"\u521b\u5efa\u670d\u52a1\uff08Service\uff09","text":"\u5728 Kubernetes \u96c6\u7fa4\u4e2d\uff0c\u6bcf\u4e2a Pod \u90fd\u6709\u4e00\u4e2a\u5185\u90e8\u72ec\u7acb\u7684 IP \u5730\u5740\uff0c\u4f46\u662f\u5de5\u4f5c\u8d1f\u8f7d\u4e2d\u7684 Pod \u53ef\u80fd\u4f1a\u88ab\u968f\u65f6\u521b\u5efa\u548c\u5220\u9664\uff0c\u76f4\u63a5\u4f7f\u7528 Pod IP \u5730\u5740\u5e76\u4e0d\u80fd\u5bf9\u5916\u63d0\u4f9b\u670d\u52a1\u3002
\u8fd9\u5c31\u9700\u8981\u521b\u5efa\u670d\u52a1\uff0c\u901a\u8fc7\u670d\u52a1\u60a8\u4f1a\u83b7\u5f97\u4e00\u4e2a\u56fa\u5b9a\u7684 IP \u5730\u5740\uff0c\u4ece\u800c\u5b9e\u73b0\u5de5\u4f5c\u8d1f\u8f7d\u524d\u7aef\u548c\u540e\u7aef\u7684\u89e3\u8026\uff0c\u8ba9\u5916\u90e8\u7528\u6237\u80fd\u591f\u8bbf\u95ee\u670d\u52a1\u3002\u540c\u65f6\uff0c\u670d\u52a1\u8fd8\u63d0\u4f9b\u4e86\u8d1f\u8f7d\u5747\u8861\uff08LoadBalancer\uff09\u529f\u80fd\uff0c\u4f7f\u7528\u6237\u80fd\u4ece\u516c\u7f51\u8bbf\u95ee\u5230\u5de5\u4f5c\u8d1f\u8f7d\u3002
"},{"location":"admin/kpanda/network/create-services.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u5df2\u63a5\u5165 Kubernetes \u96c6\u7fa4\u6216\u8005\u5df2\u521b\u5efa Kubernetes\uff0c\u4e14\u80fd\u591f\u8bbf\u95ee\u96c6\u7fa4\u7684 UI \u754c\u9762\u3002
\u5df2\u5b8c\u6210\u4e00\u4e2a\u547d\u540d\u7a7a\u95f4\u7684\u521b\u5efa\u3001\u7528\u6237\u7684\u521b\u5efa\uff0c\u5e76\u5c06\u7528\u6237\u6388\u6743\u4e3a NS Editor \u89d2\u8272 \uff0c\u8be6\u60c5\u53ef\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u6388\u6743\u3002
\u5355\u4e2a\u5b9e\u4f8b\u4e2d\u6709\u591a\u4e2a\u5bb9\u5668\u65f6\uff0c\u8bf7\u786e\u4fdd\u5bb9\u5668\u4f7f\u7528\u7684\u7aef\u53e3\u4e0d\u51b2\u7a81\uff0c\u5426\u5219\u90e8\u7f72\u4f1a\u5931\u6548\u3002
\u4ee5 NS Editor \u7528\u6237\u6210\u529f\u767b\u5f55\u540e\uff0c\u70b9\u51fb\u5de6\u4e0a\u89d2\u7684 \u96c6\u7fa4\u5217\u8868 \u8fdb\u5165 \u96c6\u7fa4\u5217\u8868 \u9875\u9762\u3002\u5728\u96c6\u7fa4\u5217\u8868\u4e2d\uff0c\u70b9\u51fb\u4e00\u4e2a\u96c6\u7fa4\u540d\u79f0\u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u4e2d\uff0c\u70b9\u51fb \u5bb9\u5668\u7f51\u7edc -> \u670d\u52a1 \u8fdb\u5165\u670d\u52a1\u5217\u8868\uff0c\u70b9\u51fb\u53f3\u4e0a\u89d2 \u521b\u5efa\u670d\u52a1 \u6309\u94ae\u3002
Tip
\u4e5f\u53ef\u4ee5\u901a\u8fc7 YAML \u521b\u5efa \u4e00\u4e2a\u670d\u52a1\u3002
\u6253\u5f00 \u521b\u5efa\u670d\u52a1 \u9875\u9762\uff0c\u9009\u62e9\u4e00\u79cd\u8bbf\u95ee\u7c7b\u578b\uff0c\u53c2\u8003\u4ee5\u4e0b\u51e0\u4e2a\u53c2\u6570\u8868\u8fdb\u884c\u914d\u7f6e\u3002
\u70b9\u9009 \u96c6\u7fa4\u5185\u8bbf\u95ee\uff08ClusterIP\uff09 \uff0c\u8fd9\u662f\u6307\u901a\u8fc7\u96c6\u7fa4\u7684\u5185\u90e8 IP \u66b4\u9732\u670d\u52a1\uff0c\u9009\u62e9\u6b64\u9879\u7684\u670d\u52a1\u53ea\u80fd\u5728\u96c6\u7fa4\u5185\u90e8\u8bbf\u95ee\u3002\u8fd9\u662f\u9ed8\u8ba4\u7684\u670d\u52a1\u7c7b\u578b\u3002\u53c2\u8003\u4e0b\u8868\u914d\u7f6e\u53c2\u6570\u3002
\u53c2\u6570 \u8bf4\u660e \u4e3e\u4f8b\u503c \u8bbf\u95ee\u7c7b\u578b \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u6307\u5b9a Pod \u670d\u52a1\u53d1\u73b0\u7684\u65b9\u5f0f\uff0c\u8fd9\u91cc\u9009\u62e9\u96c6\u7fa4\u5185\u8bbf\u95ee\uff08ClusterIP\uff09\u3002 ClusterIP \u670d\u52a1\u540d\u79f0 \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u8f93\u5165\u65b0\u5efa\u670d\u52a1\u7684\u540d\u79f0\u3002\u3010\u6ce8\u610f\u3011\u8bf7\u8f93\u5165 4 \u5230 63 \u4e2a\u5b57\u7b26\u7684\u5b57\u7b26\u4e32\uff0c\u53ef\u4ee5\u5305\u542b\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u3001\u6570\u5b57\u548c\u4e2d\u5212\u7ebf\uff08-\uff09\uff0c\u5e76\u4ee5\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u5f00\u5934\uff0c\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u6216\u6570\u5b57\u7ed3\u5c3e\u3002 Svc-01 \u547d\u540d\u7a7a\u95f4 \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u9009\u62e9\u65b0\u5efa\u670d\u52a1\u6240\u5728\u7684\u547d\u540d\u7a7a\u95f4\u3002\u5173\u4e8e\u547d\u540d\u7a7a\u95f4\u66f4\u591a\u4fe1\u606f\u8bf7\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u6982\u8ff0\u3002\u3010\u6ce8\u610f\u3011\u8bf7\u8f93\u5165 4 \u5230 63 \u4e2a\u5b57\u7b26\u7684\u5b57\u7b26\u4e32\uff0c\u53ef\u4ee5\u5305\u542b\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u3001\u6570\u5b57\u548c\u4e2d\u5212\u7ebf\uff08-\uff09\uff0c\u5e76\u4ee5\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u5f00\u5934\uff0c\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u6216\u6570\u5b57\u7ed3\u5c3e\u3002 default \u6807\u7b7e\u9009\u62e9\u5668 \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u6dfb\u52a0\u6807\u7b7e\uff0cService \u6839\u636e\u6807\u7b7e\u9009\u62e9 Pod\uff0c\u586b\u5199\u540e\u70b9\u51fb\u201c\u6dfb\u52a0\u201d\u3002\u4e5f\u53ef\u4ee5\u5f15\u7528\u5df2\u6709\u5de5\u4f5c\u8d1f\u8f7d\u7684\u6807\u7b7e\uff0c\u70b9\u51fb \u5f15\u7528\u8d1f\u8f7d\u6807\u7b7e \uff0c\u5728\u5f39\u51fa\u7684\u7a97\u53e3\u4e2d\u9009\u62e9\u8d1f\u8f7d\uff0c\u7cfb\u7edf\u4f1a\u9ed8\u8ba4\u5c06\u6240\u9009\u7684\u8d1f\u8f7d\u6807\u7b7e\u4f5c\u4e3a\u9009\u62e9\u5668\u3002 app:job01 \u7aef\u53e3\u914d\u7f6e \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u4e3a\u670d\u52a1\u6dfb\u52a0\u534f\u8bae\u7aef\u53e3\uff0c\u9700\u8981\u5148\u9009\u62e9\u7aef\u53e3\u534f\u8bae\u7c7b\u578b\uff0c\u76ee\u524d\u652f\u6301 TCP\u3001UDP \u4e24\u79cd\u4f20\u8f93\u534f\u8bae\u3002\u7aef\u53e3\u540d\u79f0\uff1a\u8f93\u5165\u81ea\u5b9a\u4e49\u7684\u7aef\u53e3\u7684\u540d\u79f0\u3002\u670d\u52a1\u7aef\u53e3\uff08port\uff09\uff1aPod \u5bf9\u5916\u63d0\u4f9b\u670d\u52a1\u7684\u8bbf\u95ee\u7aef\u53e3\u3002\u5bb9\u5668\u7aef\u53e3\uff08targetport\uff09\uff1a\u5de5\u4f5c\u8d1f\u8f7d\u5b9e\u9645\u76d1\u542c\u7684\u5bb9\u5668\u7aef\u53e3\uff0c\u7528\u6765\u5bf9\u96c6\u7fa4\u5185\u66b4\u9732\u670d\u52a1\u3002 \u4f1a\u8bdd\u4fdd\u6301 \u3010\u7c7b\u578b\u3011\u9009\u586b\u3010\u542b\u4e49\u3011\u5f00\u542f\u540e\uff0c\u76f8\u540c\u5ba2\u6237\u7aef\u7684\u8bf7\u6c42\u5c06\u8f6c\u53d1\u81f3\u540c\u4e00 Pod \u5f00\u542f \u4f1a\u8bdd\u4fdd\u6301\u6700\u5927\u65f6\u957f \u3010\u7c7b\u578b\u3011\u9009\u586b\u3010\u542b\u4e49\u3011\u5f00\u542f\u4f1a\u8bdd\u4fdd\u6301\u540e\uff0c\u4fdd\u6301\u7684\u6700\u5927\u65f6\u957f\uff0c\u9ed8\u8ba4\u4e3a 30 \u79d2 30 \u79d2 \u6ce8\u89e3 \u3010\u7c7b\u578b\u3011\u9009\u586b\u3010\u542b\u4e49\u3011\u4e3a\u670d\u52a1\u6dfb\u52a0\u6ce8\u89e3"},{"location":"admin/kpanda/network/create-services.html#nodeport","title":"\u521b\u5efa NodePort \u670d\u52a1","text":"\u70b9\u9009 \u8282\u70b9\u8bbf\u95ee\uff08NodePort\uff09 \uff0c\u8fd9\u662f\u6307\u901a\u8fc7\u6bcf\u4e2a\u8282\u70b9\u4e0a\u7684 IP \u548c\u9759\u6001\u7aef\u53e3\uff08 NodePort \uff09\u66b4\u9732\u670d\u52a1\u3002 NodePort \u670d\u52a1\u4f1a\u8def\u7531\u5230\u81ea\u52a8\u521b\u5efa\u7684 ClusterIP \u670d\u52a1\u3002\u901a\u8fc7\u8bf7\u6c42 <\u8282\u70b9 IP>:<\u8282\u70b9\u7aef\u53e3> \uff0c\u60a8\u53ef\u4ee5\u4ece\u96c6\u7fa4\u7684\u5916\u90e8\u8bbf\u95ee\u4e00\u4e2a NodePort \u670d\u52a1\u3002\u53c2\u8003\u4e0b\u8868\u914d\u7f6e\u53c2\u6570\u3002
\u53c2\u6570 \u8bf4\u660e \u4e3e\u4f8b\u503c \u8bbf\u95ee\u7c7b\u578b \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u6307\u5b9a Pod \u670d\u52a1\u53d1\u73b0\u7684\u65b9\u5f0f\uff0c\u8fd9\u91cc\u9009\u62e9\u8282\u70b9\u8bbf\u95ee\uff08NodePort\uff09\u3002 NodePort \u670d\u52a1\u540d\u79f0 \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u8f93\u5165\u65b0\u5efa\u670d\u52a1\u7684\u540d\u79f0\u3002\u3010\u6ce8\u610f\u3011\u8bf7\u8f93\u5165 4 \u5230 63 \u4e2a\u5b57\u7b26\u7684\u5b57\u7b26\u4e32\uff0c\u53ef\u4ee5\u5305\u542b\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u3001\u6570\u5b57\u548c\u4e2d\u5212\u7ebf\uff08-\uff09\uff0c\u5e76\u4ee5\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u5f00\u5934\uff0c\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u6216\u6570\u5b57\u7ed3\u5c3e\u3002 Svc-01 \u547d\u540d\u7a7a\u95f4 \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u9009\u62e9\u65b0\u5efa\u670d\u52a1\u6240\u5728\u7684\u547d\u540d\u7a7a\u95f4\u3002\u5173\u4e8e\u547d\u540d\u7a7a\u95f4\u66f4\u591a\u4fe1\u606f\u8bf7\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u6982\u8ff0\u3002\u3010\u6ce8\u610f\u3011\u8bf7\u8f93\u5165 4 \u5230 63 \u4e2a\u5b57\u7b26\u7684\u5b57\u7b26\u4e32\uff0c\u53ef\u4ee5\u5305\u542b\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u3001\u6570\u5b57\u548c\u4e2d\u5212\u7ebf\uff08-\uff09\uff0c\u5e76\u4ee5\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u5f00\u5934\uff0c\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u6216\u6570\u5b57\u7ed3\u5c3e\u3002 default \u6807\u7b7e\u9009\u62e9\u5668 \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u6dfb\u52a0\u6807\u7b7e\uff0cService \u6839\u636e\u6807\u7b7e\u9009\u62e9 Pod\uff0c\u586b\u5199\u540e\u70b9\u51fb\u201c\u6dfb\u52a0\u201d\u3002\u4e5f\u53ef\u4ee5\u5f15\u7528\u5df2\u6709\u5de5\u4f5c\u8d1f\u8f7d\u7684\u6807\u7b7e\uff0c\u70b9\u51fb \u5f15\u7528\u8d1f\u8f7d\u6807\u7b7e \uff0c\u5728\u5f39\u51fa\u7684\u7a97\u53e3\u4e2d\u9009\u62e9\u8d1f\u8f7d\uff0c\u7cfb\u7edf\u4f1a\u9ed8\u8ba4\u5c06\u6240\u9009\u7684\u8d1f\u8f7d\u6807\u7b7e\u4f5c\u4e3a\u9009\u62e9\u5668\u3002 \u7aef\u53e3\u914d\u7f6e \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u4e3a\u670d\u52a1\u6dfb\u52a0\u534f\u8bae\u7aef\u53e3\uff0c\u9700\u8981\u5148\u9009\u62e9\u7aef\u53e3\u534f\u8bae\u7c7b\u578b\uff0c\u76ee\u524d\u652f\u6301 TCP\u3001UDP \u4e24\u79cd\u4f20\u8f93\u534f\u8bae\u3002\u7aef\u53e3\u540d\u79f0\uff1a\u8f93\u5165\u81ea\u5b9a\u4e49\u7684\u7aef\u53e3\u7684\u540d\u79f0\u3002\u670d\u52a1\u7aef\u53e3\uff08port\uff09\uff1aPod \u5bf9\u5916\u63d0\u4f9b\u670d\u52a1\u7684\u8bbf\u95ee\u7aef\u53e3\u3002\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u65b9\u4fbf\u8d77\u89c1\uff0c\u670d\u52a1\u7aef\u53e3\u88ab\u8bbe\u7f6e\u4e3a\u4e0e\u5bb9\u5668\u7aef\u53e3\u5b57\u6bb5\u76f8\u540c\u7684\u503c\u3002\u5bb9\u5668\u7aef\u53e3\uff08targetport\uff09\uff1a\u5de5\u4f5c\u8d1f\u8f7d\u5b9e\u9645\u76d1\u542c\u7684\u5bb9\u5668\u7aef\u53e3\u3002\u8282\u70b9\u7aef\u53e3\uff08nodeport\uff09\uff1a\u8282\u70b9\u7684\u7aef\u53e3\uff0c\u63a5\u6536\u6765\u81ea ClusterIP \u4f20\u8f93\u7684\u6d41\u91cf\u3002\u7528\u6765\u505a\u5916\u90e8\u6d41\u91cf\u8bbf\u95ee\u7684\u5165\u53e3\u3002 \u4f1a\u8bdd\u4fdd\u6301 \u3010\u7c7b\u578b\u3011\u9009\u586b\u3010\u542b\u4e49\u3011\u5f00\u542f\u540e\uff0c\u76f8\u540c\u5ba2\u6237\u7aef\u7684\u8bf7\u6c42\u5c06\u8f6c\u53d1\u81f3\u540c\u4e00 Pod\u5f00\u542f\u540e Service \u7684.spec.sessionAffinity
\u4e3a ClientIP \uff0c\u8be6\u60c5\u8bf7\u53c2\u8003\uff1aService \u7684\u4f1a\u8bdd\u4eb2\u548c\u6027 \u5f00\u542f \u4f1a\u8bdd\u4fdd\u6301\u6700\u5927\u65f6\u957f \u3010\u7c7b\u578b\u3011\u9009\u586b\u3010\u542b\u4e49\u3011\u5f00\u542f\u4f1a\u8bdd\u4fdd\u6301\u540e\uff0c\u4fdd\u6301\u7684\u6700\u5927\u65f6\u957f\uff0c\u9ed8\u8ba4\u8d85\u65f6\u65f6\u957f\u4e3a 30 \u79d2.spec.sessionAffinityConfig.clientIP.timeoutSeconds \u9ed8\u8ba4\u8bbe\u7f6e\u4e3a 30 \u79d2 30 \u79d2 \u6ce8\u89e3 \u3010\u7c7b\u578b\u3011\u9009\u586b\u3010\u542b\u4e49\u3011\u4e3a\u670d\u52a1\u6dfb\u52a0\u6ce8\u89e3"},{"location":"admin/kpanda/network/create-services.html#loadbalancer","title":"\u521b\u5efa LoadBalancer \u670d\u52a1","text":"\u70b9\u9009 \u8d1f\u8f7d\u5747\u8861\uff08LoadBalancer\uff09 \uff0c\u8fd9\u662f\u6307\u4f7f\u7528\u4e91\u63d0\u4f9b\u5546\u7684\u8d1f\u8f7d\u5747\u8861\u5668\u5411\u5916\u90e8\u66b4\u9732\u670d\u52a1\u3002 \u5916\u90e8\u8d1f\u8f7d\u5747\u8861\u5668\u53ef\u4ee5\u5c06\u6d41\u91cf\u8def\u7531\u5230\u81ea\u52a8\u521b\u5efa\u7684 NodePort \u670d\u52a1\u548c ClusterIP \u670d\u52a1\u4e0a\u3002\u53c2\u8003\u4e0b\u8868\u914d\u7f6e\u53c2\u6570\u3002
\u53c2\u6570 \u8bf4\u660e \u4e3e\u4f8b\u503c \u8bbf\u95ee\u7c7b\u578b \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u6307\u5b9a Pod \u670d\u52a1\u53d1\u73b0\u7684\u65b9\u5f0f\uff0c\u8fd9\u91cc\u9009\u62e9\u8d1f\u8f7d\u5747\u8861\uff08LoadBalancer\uff09\u3002 LoadBalancer \u670d\u52a1\u540d\u79f0 \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u8f93\u5165\u65b0\u5efa\u670d\u52a1\u7684\u540d\u79f0\u3002\u3010\u6ce8\u610f\u3011\u8bf7\u8f93\u5165 4 \u5230 63 \u4e2a\u5b57\u7b26\u7684\u5b57\u7b26\u4e32\uff0c\u53ef\u4ee5\u5305\u542b\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u3001\u6570\u5b57\u548c\u4e2d\u5212\u7ebf\uff08-\uff09\uff0c\u5e76\u4ee5\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u5f00\u5934\uff0c\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u6216\u6570\u5b57\u7ed3\u5c3e\u3002 Svc-01 \u547d\u540d\u7a7a\u95f4 \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u9009\u62e9\u65b0\u5efa\u670d\u52a1\u6240\u5728\u7684\u547d\u540d\u7a7a\u95f4\u3002\u5173\u4e8e\u547d\u540d\u7a7a\u95f4\u66f4\u591a\u4fe1\u606f\u8bf7\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u6982\u8ff0\u3002\u3010\u6ce8\u610f\u3011\u8bf7\u8f93\u5165 4 \u5230 63 \u4e2a\u5b57\u7b26\u7684\u5b57\u7b26\u4e32\uff0c\u53ef\u4ee5\u5305\u542b\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u3001\u6570\u5b57\u548c\u4e2d\u5212\u7ebf\uff08-\uff09\uff0c\u5e76\u4ee5\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u5f00\u5934\uff0c\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u6216\u6570\u5b57\u7ed3\u5c3e\u3002 default \u5916\u90e8\u6d41\u91cf\u7b56\u7565 \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u8bbe\u7f6e\u5916\u90e8\u6d41\u91cf\u7b56\u7565\u3002Cluster\uff1a\u6d41\u91cf\u53ef\u4ee5\u8f6c\u53d1\u5230\u96c6\u7fa4\u4e2d\u6240\u6709\u8282\u70b9\u4e0a\u7684 Pod\u3002Local\uff1a\u6d41\u91cf\u53ea\u53d1\u7ed9\u672c\u8282\u70b9\u4e0a\u7684 Pod\u3002\u3010\u6ce8\u610f\u3011\u8bf7\u8f93\u5165 4 \u5230 63 \u4e2a\u5b57\u7b26\u7684\u5b57\u7b26\u4e32\uff0c\u53ef\u4ee5\u5305\u542b\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u3001\u6570\u5b57\u548c\u4e2d\u5212\u7ebf\uff08-\uff09\uff0c\u5e76\u4ee5\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u5f00\u5934\uff0c\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u6216\u6570\u5b57\u7ed3\u5c3e\u3002 \u6807\u7b7e\u9009\u62e9\u5668 \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u6dfb\u52a0\u6807\u7b7e\uff0cService \u6839\u636e\u6807\u7b7e\u9009\u62e9 Pod\uff0c\u586b\u5199\u540e\u70b9\u51fb\u201c\u6dfb\u52a0\u201d\u3002\u4e5f\u53ef\u4ee5\u5f15\u7528\u5df2\u6709\u5de5\u4f5c\u8d1f\u8f7d\u7684\u6807\u7b7e\uff0c\u70b9\u51fb \u5f15\u7528\u8d1f\u8f7d\u6807\u7b7e \uff0c\u5728\u5f39\u51fa\u7684\u7a97\u53e3\u4e2d\u9009\u62e9\u8d1f\u8f7d\uff0c\u7cfb\u7edf\u4f1a\u9ed8\u8ba4\u5c06\u6240\u9009\u7684\u8d1f\u8f7d\u6807\u7b7e\u4f5c\u4e3a\u9009\u62e9\u5668\u3002 \u8d1f\u8f7d\u5747\u8861\u7c7b\u578b \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u4f7f\u7528\u7684\u8d1f\u8f7d\u5747\u8861\u7c7b\u578b\uff0c\u5f53\u524d\u652f\u6301 MetalLB \u548c\u5176\u4ed6\u3002 MetalLB IP \u6c60 \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u9009\u62e9\u7684 \u8d1f\u8f7d\u5747\u8861\u7c7b\u578b\u4e3a MetalLB \u65f6\uff0cLoadBalancer Service\u9ed8\u8ba4\u4f1a\u4ece\u8fd9\u4e2a\u6c60\u4e2d\u5206\u914d IP \u5730\u5740, \u5e76\u4e14\u901a\u8fc7 APR \u5ba3\u544a\u8fd9\u4e2a\u6c60\u4e2d\u7684\u6240\u6709 IP \u5730\u5740 \u8d1f\u8f7d\u5747\u8861\u5730\u5740 \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u30111.\u5982\u4f7f\u7528\u7684\u662f\u516c\u6709\u4e91 CloudProvider\uff0c\u6b64\u5904\u586b\u5199\u7684\u4e3a\u4e91\u5382\u5546\u63d0\u4f9b\u7684\u8d1f\u8f7d\u5747\u8861\u5730\u5740\uff1b2.\u5982\u679c\u4e0a\u8ff0\u8d1f\u8f7d\u5747\u8861\u7c7b\u578b\u9009\u62e9\u4e3a MetalLB \uff0c\u9ed8\u8ba4\u4ece\u4e0a\u8ff0 IP \u6c60\u4e2d\u83b7\u53d6 IP \uff0c\u5982\u679c\u4e0d\u586b\u5219\u81ea\u52a8\u83b7\u53d6\u3002 \u7aef\u53e3\u914d\u7f6e \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u4e3a\u670d\u52a1\u6dfb\u52a0\u534f\u8bae\u7aef\u53e3\uff0c\u9700\u8981\u5148\u9009\u62e9\u7aef\u53e3\u534f\u8bae\u7c7b\u578b\uff0c\u76ee\u524d\u652f\u6301 TCP\u3001UDP \u4e24\u79cd\u4f20\u8f93\u534f\u8bae\u3002\u7aef\u53e3\u540d\u79f0\uff1a\u8f93\u5165\u81ea\u5b9a\u4e49\u7684\u7aef\u53e3\u7684\u540d\u79f0\u3002\u670d\u52a1\u7aef\u53e3\uff08port\uff09\uff1aPod \u5bf9\u5916\u63d0\u4f9b\u670d\u52a1\u7684\u8bbf\u95ee\u7aef\u53e3\u3002\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u65b9\u4fbf\u8d77\u89c1\uff0c\u670d\u52a1\u7aef\u53e3\u88ab\u8bbe\u7f6e\u4e3a\u4e0e\u5bb9\u5668\u7aef\u53e3\u5b57\u6bb5\u76f8\u540c\u7684\u503c\u3002\u5bb9\u5668\u7aef\u53e3\uff08targetport\uff09\uff1a\u5de5\u4f5c\u8d1f\u8f7d\u5b9e\u9645\u76d1\u542c\u7684\u5bb9\u5668\u7aef\u53e3\u3002\u8282\u70b9\u7aef\u53e3\uff08nodeport\uff09\uff1a\u8282\u70b9\u7684\u7aef\u53e3\uff0c\u63a5\u6536\u6765\u81ea ClusterIP \u4f20\u8f93\u7684\u6d41\u91cf\u3002\u7528\u6765\u505a\u5916\u90e8\u6d41\u91cf\u8bbf\u95ee\u7684\u5165\u53e3\u3002 \u6ce8\u89e3 \u3010\u7c7b\u578b\u3011\u9009\u586b\u3010\u542b\u4e49\u3011\u4e3a\u670d\u52a1\u6dfb\u52a0\u6ce8\u89e3"},{"location":"admin/kpanda/network/create-services.html#externalname","title":"\u521b\u5efa ExternalName \u670d\u52a1","text":"\u70b9\u9009 \u5916\u90e8\u670d\u52a1\uff08ExternalName\uff09 \uff0c\u8fd9\u662f\u6307\u901a\u8fc7\u5c06\u670d\u52a1\u6620\u5c04\u5230\u5916\u90e8\u57df\u540d\u6765\u66b4\u9732\u670d\u52a1\u3002\u9009\u62e9\u6b64\u9879\u7684\u670d\u52a1\u4e0d\u4f1a\u521b\u5efa\u5178\u578b\u7684 ClusterIP \u6216 NodePort\uff0c\u800c\u662f\u901a\u8fc7 DNS \u540d\u79f0\u89e3\u6790\u5c06\u8bf7\u6c42\u91cd\u5b9a\u5411\u5230\u5916\u90e8\u7684\u670d\u52a1\u5730\u5740\u3002\u53c2\u8003\u4e0b\u8868\u914d\u7f6e\u53c2\u6570\u3002
\u53c2\u6570 \u8bf4\u660e \u4e3e\u4f8b\u503c \u8bbf\u95ee\u7c7b\u578b \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u6307\u5b9a Pod \u670d\u52a1\u53d1\u73b0\u7684\u65b9\u5f0f\uff0c\u8fd9\u91cc\u9009\u62e9\u5916\u90e8\u670d\u52a1\uff08ExternalName\uff09\u3002 ExternalName \u670d\u52a1\u540d\u79f0 \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u8f93\u5165\u65b0\u5efa\u670d\u52a1\u7684\u540d\u79f0\u3002\u3010\u6ce8\u610f\u3011\u8bf7\u8f93\u5165 4 \u5230 63 \u4e2a\u5b57\u7b26\u7684\u5b57\u7b26\u4e32\uff0c\u53ef\u4ee5\u5305\u542b\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u3001\u6570\u5b57\u548c\u4e2d\u5212\u7ebf\uff08-\uff09\uff0c\u5e76\u4ee5\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u5f00\u5934\uff0c\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u6216\u6570\u5b57\u7ed3\u5c3e\u3002 Svc-01 \u547d\u540d\u7a7a\u95f4 \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u9009\u62e9\u65b0\u5efa\u670d\u52a1\u6240\u5728\u7684\u547d\u540d\u7a7a\u95f4\u3002\u5173\u4e8e\u547d\u540d\u7a7a\u95f4\u66f4\u591a\u4fe1\u606f\u8bf7\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u6982\u8ff0\u3002\u3010\u6ce8\u610f\u3011\u8bf7\u8f93\u5165 4 \u5230 63 \u4e2a\u5b57\u7b26\u7684\u5b57\u7b26\u4e32\uff0c\u53ef\u4ee5\u5305\u542b\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u3001\u6570\u5b57\u548c\u4e2d\u5212\u7ebf\uff08-\uff09\uff0c\u5e76\u4ee5\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u5f00\u5934\uff0c\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u6216\u6570\u5b57\u7ed3\u5c3e\u3002 default \u57df\u540d \u3010\u7c7b\u578b\u3011\u5fc5\u586b"},{"location":"admin/kpanda/network/create-services.html#_3","title":"\u5b8c\u6210\u670d\u52a1\u521b\u5efa","text":"\u914d\u7f6e\u5b8c\u6240\u6709\u53c2\u6570\u540e\uff0c\u70b9\u51fb \u786e\u5b9a \u6309\u94ae\uff0c\u81ea\u52a8\u8fd4\u56de\u670d\u52a1\u5217\u8868\u3002\u5728\u5217\u8868\u53f3\u4fa7\uff0c\u70b9\u51fb \u2507 \uff0c\u53ef\u4ee5\u4fee\u6539\u6216\u5220\u9664\u6240\u9009\u670d\u52a1\u3002
"},{"location":"admin/kpanda/network/network-policy.html","title":"\u7f51\u7edc\u7b56\u7565","text":"\u7f51\u7edc\u7b56\u7565\uff08NetworkPolicy\uff09\u53ef\u4ee5\u5728 IP \u5730\u5740\u6216\u7aef\u53e3\u5c42\u9762\uff08OSI \u7b2c 3 \u5c42\u6216\u7b2c 4 \u5c42\uff09\u63a7\u5236\u7f51\u7edc\u6d41\u91cf\u3002\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u76ee\u524d\u652f\u6301\u521b\u5efa\u57fa\u4e8e Pod \u6216\u547d\u540d\u7a7a\u95f4\u7684\u7f51\u7edc\u7b56\u7565\uff0c\u652f\u6301\u901a\u8fc7\u6807\u7b7e\u9009\u62e9\u5668\u6765\u8bbe\u5b9a\u54ea\u4e9b\u6d41\u91cf\u53ef\u4ee5\u8fdb\u5165\u6216\u79bb\u5f00\u5e26\u6709\u7279\u5b9a\u6807\u7b7e\u7684 Pod\u3002
\u6709\u5173\u7f51\u7edc\u7b56\u7565\u7684\u66f4\u591a\u8be6\u60c5\uff0c\u53ef\u53c2\u8003 Kubernetes \u5b98\u65b9\u6587\u6863\u7f51\u7edc\u7b56\u7565\u3002
"},{"location":"admin/kpanda/network/network-policy.html#_2","title":"\u521b\u5efa\u7f51\u7edc\u7b56\u7565","text":"\u76ee\u524d\u652f\u6301\u901a\u8fc7 YAML \u548c\u8868\u5355\u4e24\u79cd\u65b9\u5f0f\u521b\u5efa\u7f51\u7edc\u7b56\u7565\uff0c\u8fd9\u4e24\u79cd\u65b9\u5f0f\u5404\u6709\u4f18\u52a3\uff0c\u53ef\u4ee5\u6ee1\u8db3\u4e0d\u540c\u7528\u6237\u7684\u4f7f\u7528\u9700\u6c42\u3002
\u901a\u8fc7 YAML \u521b\u5efa\u6b65\u9aa4\u66f4\u5c11\u3001\u66f4\u9ad8\u6548\uff0c\u4f46\u95e8\u69db\u8981\u6c42\u8f83\u9ad8\uff0c\u9700\u8981\u719f\u6089\u7f51\u7edc\u7b56\u7565\u7684 YAML \u6587\u4ef6\u914d\u7f6e\u3002
\u901a\u8fc7\u8868\u5355\u521b\u5efa\u66f4\u76f4\u89c2\u66f4\u7b80\u5355\uff0c\u6839\u636e\u63d0\u793a\u586b\u5199\u5bf9\u5e94\u7684\u503c\u5373\u53ef\uff0c\u4f46\u6b65\u9aa4\u66f4\u52a0\u7e41\u7410\u3002
"},{"location":"admin/kpanda/network/network-policy.html#yaml","title":"YAML \u521b\u5efa","text":"\u5728\u96c6\u7fa4\u5217\u8868\u4e2d\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u7136\u540e\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u5bb9\u5668\u7f51\u7edc -> \u7f51\u7edc\u7b56\u7565 -> YAML \u521b\u5efa \u3002
\u5728\u5f39\u6846\u4e2d\u8f93\u5165\u6216\u7c98\u8d34\u4e8b\u5148\u51c6\u5907\u597d\u7684 YAML \u6587\u4ef6\uff0c\u7136\u540e\u5728\u5f39\u6846\u5e95\u90e8\u70b9\u51fb \u786e\u5b9a \u3002
\u5728\u96c6\u7fa4\u5217\u8868\u4e2d\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u7136\u540e\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u5bb9\u5668\u7f51\u7edc -> \u7f51\u7edc\u7b56\u7565 -> \u521b\u5efa\u7b56\u7565 \u3002
\u586b\u5199\u57fa\u672c\u4fe1\u606f\u3002
\u540d\u79f0\u548c\u547d\u540d\u7a7a\u95f4\u5728\u521b\u5efa\u4e4b\u540e\u4e0d\u53ef\u66f4\u6539\u3002
\u586b\u5199\u7b56\u7565\u914d\u7f6e\u3002
\u7b56\u7565\u914d\u7f6e\u5206\u4e3a\u5165\u6d41\u91cf\u7b56\u7565\u548c\u51fa\u6d41\u91cf\u7b56\u7565\u3002\u5982\u679c\u6e90 Pod \u60f3\u8981\u6210\u529f\u8fde\u63a5\u5230\u76ee\u6807 Pod\uff0c\u6e90 Pod \u7684\u51fa\u6d41\u91cf\u7b56\u7565\u548c\u76ee\u6807 Pod \u7684\u5165\u6d41\u91cf\u7b56\u7565\u90fd\u9700\u8981\u5141\u8bb8\u8fde\u63a5\u3002\u5982\u679c\u4efb\u4f55\u4e00\u65b9\u4e0d\u5141\u8bb8\u8fde\u63a5\uff0c\u90fd\u4f1a\u5bfc\u81f4\u8fde\u63a5\u5931\u8d25\u3002
\u5165\u6d41\u91cf\u7b56\u7565\uff1a\u70b9\u51fb \u2795 \u5f00\u59cb\u914d\u7f6e\u7b56\u7565\uff0c\u652f\u6301\u914d\u7f6e\u591a\u6761\u7b56\u7565\u3002\u591a\u6761\u7f51\u7edc\u7b56\u7565\u7684\u6548\u679c\u76f8\u4e92\u53e0\u52a0\uff0c\u53ea\u6709\u540c\u65f6\u6ee1\u8db3\u6240\u6709\u7f51\u7edc\u7b56\u7565\uff0c\u624d\u80fd\u6210\u529f\u5efa\u7acb\u8fde\u63a5\u3002
\u51fa\u6d41\u91cf\u7b56\u7565
\u5728\u96c6\u7fa4\u5217\u8868\u4e2d\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u7136\u540e\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u5bb9\u5668\u7f51\u7edc -> \u7f51\u7edc\u7b56\u7565 \uff0c\u70b9\u51fb\u7f51\u7edc\u7b56\u7565\u7684\u540d\u79f0\u3002
\u67e5\u770b\u8be5\u7b56\u7565\u7684\u57fa\u672c\u914d\u7f6e\u3001\u5173\u8054\u5b9e\u4f8b\u4fe1\u606f\u3001\u5165\u6d41\u91cf\u7b56\u7565\u3001\u51fa\u6d41\u91cf\u7b56\u7565\u3002
Info
\u5728\u5173\u8054\u5b9e\u4f8b\u9875\u7b7e\u4e0b\uff0c\u652f\u6301\u67e5\u770b\u5b9e\u4f8b\u76d1\u63a7\u3001\u65e5\u5fd7\u3001\u5bb9\u5668\u5217\u8868\u3001YAML \u6587\u4ef6\u3001\u4e8b\u4ef6\u7b49\u3002
"},{"location":"admin/kpanda/network/network-policy.html#_5","title":"\u66f4\u65b0\u7f51\u7edc\u7b56\u7565","text":"\u6709\u4e24\u79cd\u9014\u5f84\u53ef\u4ee5\u66f4\u65b0\u7f51\u7edc\u7b56\u7565\u3002\u652f\u6301\u901a\u8fc7\u8868\u5355\u6216 YAML \u6587\u4ef6\u66f4\u65b0\u7f51\u7edc\u7b56\u7565\u3002
\u5728\u7f51\u7edc\u7b56\u7565\u5217\u8868\u9875\u9762\uff0c\u627e\u5230\u9700\u8981\u66f4\u65b0\u7684\u7b56\u7565\uff0c\u5728\u53f3\u4fa7\u7684\u64cd\u4f5c\u680f\u4e0b\u9009\u62e9 \u66f4\u65b0 \u5373\u53ef\u901a\u8fc7\u8868\u5355\u66f4\u65b0\uff0c\u9009\u62e9 \u7f16\u8f91 YAML \u5373\u53ef\u901a\u8fc7 YAML \u66f4\u65b0\u3002
\u70b9\u51fb\u7f51\u7edc\u7b56\u7565\u7684\u540d\u79f0\uff0c\u8fdb\u5165\u7f51\u7edc\u7b56\u7565\u7684\u8be6\u60c5\u9875\u9762\u540e\uff0c\u5728\u9875\u9762\u53f3\u4e0a\u89d2\u9009\u62e9 \u66f4\u65b0 \u5373\u53ef\u901a\u8fc7\u8868\u5355\u66f4\u65b0\uff0c\u9009\u62e9 \u7f16\u8f91 YAML \u5373\u53ef\u901a\u8fc7 YAML \u66f4\u65b0\u3002
\u6709\u4e24\u79cd\u9014\u5f84\u53ef\u4ee5\u5220\u9664\u7f51\u7edc\u7b56\u7565\u3002\u652f\u6301\u901a\u8fc7\u8868\u5355\u6216 YAML \u6587\u4ef6\u66f4\u65b0\u7f51\u7edc\u7b56\u7565\u3002
\u5728\u7f51\u7edc\u7b56\u7565\u5217\u8868\u9875\u9762\uff0c\u627e\u5230\u9700\u8981\u66f4\u65b0\u7684\u7b56\u7565\uff0c\u5728\u53f3\u4fa7\u7684\u64cd\u4f5c\u680f\u4e0b\u9009\u62e9 \u66f4\u65b0 \u5373\u53ef\u901a\u8fc7\u8868\u5355\u66f4\u65b0\uff0c\u9009\u62e9 \u7f16\u8f91 YAML \u5373\u53ef\u901a\u8fc7 YAML \u5220\u9664\u3002
\u70b9\u51fb\u7f51\u7edc\u7b56\u7565\u7684\u540d\u79f0\uff0c\u8fdb\u5165\u7f51\u7edc\u7b56\u7565\u7684\u8be6\u60c5\u9875\u9762\u540e\uff0c\u5728\u9875\u9762\u53f3\u4e0a\u89d2\u9009\u62e9 \u66f4\u65b0 \u5373\u53ef\u901a\u8fc7\u8868\u5355\u66f4\u65b0\uff0c\u9009\u62e9 \u7f16\u8f91 YAML \u5373\u53ef\u901a\u8fc7 YAML \u5220\u9664\u3002
\u968f\u7740\u4e1a\u52a1\u5e94\u7528\u4e0d\u65ad\u589e\u957f\uff0c\u96c6\u7fa4\u8d44\u6e90\u65e5\u8d8b\u7d27\u5f20\uff0c\u8fd9\u65f6\u53ef\u4ee5\u57fa\u4e8e kubean \u5bf9\u96c6\u7fa4\u8282\u70b9\u8fdb\u884c\u6269\u5bb9\u3002\u6269\u5bb9\u540e\uff0c\u5e94\u7528\u53ef\u4ee5\u8fd0\u884c\u5728\u65b0\u589e\u7684\u8282\u70b9\u4e0a\uff0c\u7f13\u89e3\u8d44\u6e90\u538b\u529b\u3002
\u53ea\u6709\u901a\u8fc7\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u521b\u5efa\u7684\u96c6\u7fa4\u624d\u652f\u6301\u8282\u70b9\u6269\u7f29\u5bb9\uff0c\u4ece\u5916\u90e8\u63a5\u5165\u7684\u96c6\u7fa4\u4e0d\u652f\u6301\u6b64\u64cd\u4f5c\u3002\u672c\u6587\u4e3b\u8981\u4ecb\u7ecd\u540c\u79cd\u67b6\u6784\u4e0b\u5de5\u4f5c\u96c6\u7fa4\u7684 \u5de5\u4f5c\u8282\u70b9 \u6269\u5bb9\u3002
\u5728 \u96c6\u7fa4\u5217\u8868 \u9875\u9762\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\u3002
\u82e5 \u96c6\u7fa4\u89d2\u8272 \u4e2d\u5e26\u6709 \u63a5\u5165\u96c6\u7fa4 \u7684\u6807\u7b7e\uff0c\u5219\u8bf4\u660e\u8be5\u96c6\u7fa4\u4e0d\u652f\u6301\u8282\u70b9\u6269\u7f29\u5bb9\u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u8282\u70b9\u7ba1\u7406 \uff0c\u7136\u540e\u5728\u9875\u9762\u53f3\u4e0a\u89d2\u70b9\u51fb \u63a5\u5165\u8282\u70b9 \u3002
\u8f93\u5165\u4e3b\u673a\u540d\u79f0\u548c\u8282\u70b9 IP \u5e76\u70b9\u51fb \u786e\u5b9a \u3002
\u70b9\u51fb \u2795 \u6dfb\u52a0\u5de5\u4f5c\u8282\u70b9 \u53ef\u4ee5\u7ee7\u7eed\u63a5\u5165\u66f4\u591a\u8282\u70b9\u3002
Note
\u63a5\u5165\u8282\u70b9\u5927\u7ea6\u9700\u8981 20 \u5206\u949f\uff0c\u8bf7\u60a8\u8010\u5fc3\u7b49\u5f85\u3002
"},{"location":"admin/kpanda/nodes/add-node.html#_2","title":"\u53c2\u8003\u6587\u6863","text":"\u5f53\u4e1a\u52a1\u9ad8\u5cf0\u671f\u7ed3\u675f\u4e4b\u540e\uff0c\u4e3a\u4e86\u8282\u7701\u8d44\u6e90\u6210\u672c\uff0c\u53ef\u4ee5\u7f29\u5c0f\u96c6\u7fa4\u89c4\u6a21\uff0c\u5378\u8f7d\u5197\u4f59\u7684\u8282\u70b9\uff0c\u5373\u8282\u70b9\u7f29\u5bb9\u3002\u8282\u70b9\u5378\u8f7d\u540e\uff0c\u5e94\u7528\u65e0\u6cd5\u7ee7\u7eed\u8fd0\u884c\u5728\u8be5\u8282\u70b9\u4e0a\u3002
"},{"location":"admin/kpanda/nodes/delete-node.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u96c6\u7fa4\u8282\u70b9\u7f29\u5bb9\u65f6\uff0c\u53ea\u80fd\u9010\u4e2a\u8fdb\u884c\u5378\u8f7d\uff0c\u65e0\u6cd5\u6279\u91cf\u5378\u8f7d\u3002
\u5982\u9700\u5378\u8f7d\u96c6\u7fa4\u63a7\u5236\u5668\u8282\u70b9\uff0c\u9700\u8981\u786e\u4fdd\u6700\u7ec8\u63a7\u5236\u5668\u8282\u70b9\u6570\u4e3a \u5947\u6570\u3002
\u96c6\u7fa4\u8282\u70b9\u7f29\u5bb9\u65f6\u4e0d\u53ef\u4e0b\u7ebf \u7b2c\u4e00\u4e2a\u63a7\u5236\u5668 \u8282\u70b9\u3002\u5982\u679c\u5fc5\u987b\u6267\u884c\u6b64\u64cd\u4f5c\uff0c\u8bf7\u8054\u7cfb\u552e\u540e\u5de5\u7a0b\u5e08\u3002
\u5728 \u96c6\u7fa4\u5217\u8868 \u9875\u9762\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\u3002
\u82e5 \u96c6\u7fa4\u89d2\u8272 \u4e2d\u5e26\u6709 \u63a5\u5165\u96c6\u7fa4 \u7684\u6807\u7b7e\uff0c\u5219\u8bf4\u660e\u8be5\u96c6\u7fa4\u4e0d\u652f\u6301\u8282\u70b9\u6269\u7f29\u5bb9\u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u8282\u70b9\u7ba1\u7406 \uff0c\u627e\u5230\u9700\u8981\u5378\u8f7d\u7684\u8282\u70b9\uff0c\u70b9\u51fb \u2507 \u9009\u62e9 \u79fb\u9664\u8282\u70b9 \u3002
\u8f93\u5165\u8282\u70b9\u540d\u79f0\uff0c\u5e76\u70b9\u51fb \u5220\u9664 \u8fdb\u884c\u786e\u8ba4\u3002
\u6807\u7b7e\uff08Labels\uff09\u662f\u4e3a Pod\u3001\u8282\u70b9\u3001\u96c6\u7fa4\u7b49 Kubernetes \u5bf9\u8c61\u6dfb\u52a0\u7684\u6807\u8bc6\u6027\u952e\u503c\u5bf9\uff0c\u53ef\u7ed3\u5408\u6807\u7b7e\u9009\u62e9\u5668\u67e5\u627e\u5e76\u7b5b\u9009\u6ee1\u8db3\u67d0\u4e9b\u6761\u4ef6\u7684 Kubernetes \u5bf9\u8c61\u3002\u6bcf\u4e2a\u952e\u5bf9\u4e8e\u7ed9\u5b9a\u5bf9\u8c61\u5fc5\u987b\u662f\u552f\u4e00\u7684\u3002
\u6ce8\u89e3\uff08Annotations\uff09\u548c\u6807\u7b7e\u4e00\u6837\uff0c\u4e5f\u662f\u952e/\u503c\u5bf9\uff0c\u4f46\u4e0d\u5177\u5907\u6807\u8bc6\u6216\u7b5b\u9009\u529f\u80fd\u3002 \u4f7f\u7528\u6ce8\u89e3\u53ef\u4ee5\u4e3a\u8282\u70b9\u6dfb\u52a0\u4efb\u610f\u7684\u5143\u6570\u636e\u3002 \u6ce8\u89e3\u7684\u952e\u901a\u5e38\u4f7f\u7528\u7684\u683c\u5f0f\u4e3a \u524d\u7f00\uff08\u53ef\u9009\uff09/\u540d\u79f0\uff08\u5fc5\u586b\uff09 \uff0c\u4f8b\u5982 nfd.node.kubernetes.io/extended-resources \u3002 \u5982\u679c\u7701\u7565\u524d\u7f00\uff0c\u8868\u793a\u8be5\u6ce8\u89e3\u952e\u662f\u7528\u6237\u79c1\u6709\u7684\u3002
\u6709\u5173\u6807\u7b7e\u548c\u6ce8\u89e3\u7684\u66f4\u591a\u4fe1\u606f\uff0c\u53ef\u53c2\u8003 Kubernetes \u7684\u5b98\u65b9\u6587\u6863\u6807\u7b7e\u548c\u9009\u62e9\u7b97\u7b26\u6216\u6ce8\u89e3\u3002
\u6dfb\u52a0/\u5220\u9664\u6807\u7b7e\u4e0e\u6ce8\u89e3\u7684\u6b65\u9aa4\u5982\u4e0b\uff1a
\u5728 \u96c6\u7fa4\u5217\u8868 \u9875\u9762\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u8282\u70b9\u7ba1\u7406 \uff0c\u5728\u8282\u70b9\u53f3\u4fa7\u70b9\u51fb \u2507 \u64cd\u4f5c\u56fe\u6807\uff0c\u70b9\u51fb \u4fee\u6539\u6807\u7b7e \u6216 \u4fee\u6539\u6ce8\u89e3 \u3002
\u70b9\u51fb \u2795 \u6dfb\u52a0 \u53ef\u4ee5\u6dfb\u52a0\u6807\u7b7e\u6216\u6ce8\u89e3\uff0c\u70b9\u51fb X \u53ef\u4ee5\u5220\u9664\u6807\u7b7e\u6216\u6ce8\u89e3\uff0c\u6700\u540e\u70b9\u51fb \u786e\u5b9a \u3002
\u5982\u679c\u60a8\u9009\u62e9\u4f7f\u7528 SSH \u5bc6\u94a5\u4f5c\u4e3a\u5f85\u521b\u5efa\u96c6\u7fa4\u7684\u8282\u70b9\u8ba4\u8bc1\u65b9\u5f0f\uff0c\u60a8\u9700\u8981\u6309\u7167\u5982\u4e0b\u8bf4\u660e\u914d\u7f6e\u516c\u79c1\u94a5\u3002
\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5728 \u5f85\u5efa\u96c6\u7fa4\u7684\u7ba1\u7406\u96c6\u7fa4\u4e2d\u7684\u4efb\u610f\u8282\u70b9 \u4e0a\u751f\u6210\u516c\u79c1\u94a5\u3002
cd /root/.ssh\nssh-keygen -t rsa\n
\u6267\u884c ls \u547d\u4ee4\u67e5\u770b\u7ba1\u7406\u96c6\u7fa4\u4e0a\u7684\u5bc6\u94a5\u662f\u5426\u521b\u5efa\u6210\u529f\uff0c\u6b63\u786e\u53cd\u9988\u5982\u4e0b\uff1a
ls\nid_rsa id_rsa.pub known_hosts\n
\u5176\u4e2d\u540d\u4e3a id_rsa \u7684\u6587\u4ef6\u662f\u79c1\u94a5\uff0c\u540d\u4e3a id_rsa.pub \u7684\u6587\u4ef6\u662f\u516c\u94a5\u3002
\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5206\u522b\u5c06\u516c\u94a5\u6587\u4ef6 id_rsa.pub \u52a0\u8f7d\u5230\u5f85\u521b\u5efa\u96c6\u7fa4\u7684\u6240\u6709\u8282\u70b9\u4e0a\u3002
ssh-copy-id -i /root/.ssh/id_rsa.pub root@10.0.0.0\n
\u5c06\u4e0a\u9762\u547d\u4ee4\u4e2d\u7684 root@10.0.0.0 \u7528\u6237\u8d26\u53f7\u548c\u8282\u70b9 IP \u66ff\u6362\u4e3a\u5f85\u521b\u5efa\u96c6\u7fa4\u7684\u8282\u70b9\u7528\u6237\u540d\u548c IP\u3002** \u9700\u8981\u5728\u5f85\u521b\u5efa\u96c6\u7fa4\u7684\u6bcf\u53f0\u8282\u70b9\u90fd\u6267\u884c\u76f8\u540c\u7684\u64cd\u4f5c **\u3002
\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u67e5\u770b\u6b65\u9aa4 1 \u6240\u521b\u5efa\u7684\u79c1\u94a5\u6587\u4ef6 id_rsa \u3002
cat /root/.ssh/id_rsa\n
\u8f93\u51fa\u5982\u4e0b\u5185\u5bb9\uff1a
-----BEGIN RSA PRIVATE KEY-----\nMIIEpQIBAAKCAQEA3UvyKINzY5BFuemQ+uJ6q+GqgfvnWwNC8HzZhpcMSjJy26MM\nUtBEBJxy8fMi57XcjYxPibXW/wnd+32ICCycqCwByUmuXeCC1cjlCQDqjcAvXae7\nY54IXGF7wm2IsMNwf0kjFEXjuS48FLDA0mGRaN3BG+Up5geXcHckg3K5LD8kXFFx\ndEmSIjdyw55NaUitmEdHzN7cIdfi6Z56jcV8dcFBgWKUx+ebiyPmZBkXToz6GnMF\nrswzzZCl+G6Jb2xTGy7g7ozb4BoZd1IpSD5EhDanRrESVE0C5YuJ5zUAC0CvVd1l\nv67AK8Ko6MXToHp01/bcsvlM6cqgwUFXZKVeOwIDAQABAoIBAQCO36GQlo3BEjxy\nM2HvGJmqrx+unDxafliRe4nVY2AD515Qf4xNSzke4QM1QoyenMOwf446krQkJPK0\nk+9nl6Xszby5gGCbK4BNFk8I6RaGPjZWeRx6zGUJf8avWJiPxx6yjz2esSC9RiR0\nF0nmiiefVMyAfgv2/5++dK2WUFNNRKLgSRRpP5bRaD5wMzzxtSSXrUon6217HO8p\n3RoWsI51MbVzhdVgpHUNABcoa0rpr9svT6XLKZxY8mxpKFYjM0Wv2JIDABg3kBvh\nQbJ7kStCO3naZjKMU9UuSqVJs06cflGYw7Or8/tABR3LErNQKPjkhAQqt0DXw7Iw\n3tKdTAJBAoGBAP687U7JAOqQkcphek2E/A/sbO/d37ix7Z3vNOy065STrA+ZWMZn\npZ6Ui1B/oJpoZssnfvIoz9sn559X0j67TljFALFd2ZGS0Fqh9KVCqDvfk+Vst1dq\n+3r/yZdTOyswoccxkJiC/GDwZGK0amJWqvob39JCZhDAKIGLbGMmjdAHAoGBAN5k\nm1WGnni1nZ+3dryIwgB6z1hWcnLTamzSET6KhSuo946ET0IRG9xtlheCx6dqICbr\nVk1Y4NtRZjK/p/YGx59rDWf7E3I8ZMgR7mjieOcUZ4lUlA4l7ZIlW/2WZHW+nUXO\nTi20fqJ8qSp4BUvOvuth1pz2GLUHe2/Fxjf7HIstAoGBAPHpPr9r+TfIlPsJeRj2\n6lzA3G8qWFRQfGRYjv0fjv0pA+RIb1rzgP/I90g5+63G6Z+R4WdcxI/OJJNY1iuG\nuw9n/pFxm7U4JC990BPE6nj5iLz+clpNGYckNDBF9VG9vFSrSDLdaYkxoVNvG/xJ\na9Na90H4lm7f3VewrPy310KvAoGAZr+mwNoEh5Kpc6xo8Gxi7aPP/mlaUVD6X7Ki\ngvmu02AqmC7rC4QqEiqTaONkaSXwGusqIWxJ3yp5hELmUBYLzszAEeV/s4zRp1oZ\ng133LBRSTbHFAdBmNdqK6Nu+KGRb92980UMOKvZbliKDl+W6cbfvVu+gtKrzTc3b\naevb4TUCgYEAnJAxyVYDP1nJf7bjBSHXQu1E/DMwbtrqw7dylRJ8cAzI7IxfSCez\n7BYWq41PqVd9/zrb3Pbh2phiVzKe783igAIMqummcjo/kZyCwFsYBzK77max1jF5\naPQsLbRS2aDz8kIH6jHPZ/R+15EROmdtLmA7vIJZGerWWQR0dUU+XXA=\n
\u5c06\u79c1\u94a5\u5185\u5bb9\u590d\u5236\u540e\u586b\u81f3\u754c\u9762\u5bc6\u94a5\u8f93\u5165\u6846\u3002
\u5728\u521b\u5efa\u96c6\u7fa4\u6216\u4e3a\u5df2\u6709\u96c6\u7fa4\u6dfb\u52a0\u8282\u70b9\u65f6\uff0c\u8bf7\u53c2\u9605\u4e0b\u8868\uff0c\u68c0\u67e5\u8282\u70b9\u914d\u7f6e\uff0c\u4ee5\u907f\u514d\u56e0\u8282\u70b9\u914d\u7f6e\u9519\u8bef\u5bfc\u81f4\u96c6\u7fa4\u521b\u5efa\u6216\u6269\u5bb9\u5931\u8d25\u3002
\u68c0\u67e5\u9879 \u63cf\u8ff0 \u64cd\u4f5c\u7cfb\u7edf \u53c2\u8003\u652f\u6301\u7684\u67b6\u6784\u53ca\u64cd\u4f5c\u7cfb\u7edf SELinux \u5173\u95ed \u9632\u706b\u5899 \u5173\u95ed \u67b6\u6784\u4e00\u81f4\u6027 \u8282\u70b9\u95f4 CPU \u67b6\u6784\u4e00\u81f4\uff08\u5982\u5747\u4e3a ARM \u6216 x86\uff09 \u4e3b\u673a\u65f6\u95f4 \u6240\u6709\u4e3b\u673a\u95f4\u540c\u6b65\u8bef\u5dee\u5c0f\u4e8e 10 \u79d2\u3002 \u7f51\u7edc\u8054\u901a\u6027 \u8282\u70b9\u53ca\u5176 SSH \u7aef\u53e3\u80fd\u591f\u6b63\u5e38\u88ab\u5e73\u53f0\u8bbf\u95ee\u3002 CPU \u53ef\u7528 CPU \u8d44\u6e90\u5927\u4e8e 4 Core \u5185\u5b58 \u53ef\u7528\u5185\u5b58\u8d44\u6e90\u5927\u4e8e 8 GB"},{"location":"admin/kpanda/nodes/node-check.html#_2","title":"\u652f\u6301\u7684\u67b6\u6784\u53ca\u64cd\u4f5c\u7cfb\u7edf","text":"\u67b6\u6784 \u64cd\u4f5c\u7cfb\u7edf \u5907\u6ce8 ARM Kylin Linux Advanced Server release V10 (Sword) SP2 \u63a8\u8350 ARM UOS Linux ARM openEuler x86 CentOS 7.x \u63a8\u8350 x86 Redhat 7.x \u63a8\u8350 x86 Redhat 8.x \u63a8\u8350 x86 Flatcar Container Linux by Kinvolk x86 Debian Bullseye, Buster, Jessie, Stretch x86 Ubuntu 16.04, 18.04, 20.04, 22.04 x86 Fedora 35, 36 x86 Fedora CoreOS x86 openSUSE Leap 15.x/Tumbleweed x86 Oracle Linux 7, 8, 9 x86 Alma Linux 8, 9 x86 Rocky Linux 8, 9 x86 Amazon Linux 2 x86 Kylin Linux Advanced Server release V10 (Sword) - SP2 \u6d77\u5149 x86 UOS Linux x86 openEuler"},{"location":"admin/kpanda/nodes/node-details.html","title":"\u8282\u70b9\u8be6\u60c5","text":"\u63a5\u5165\u6216\u521b\u5efa\u96c6\u7fa4\u4e4b\u540e\uff0c\u53ef\u4ee5\u67e5\u770b\u96c6\u7fa4\u4e2d\u5404\u4e2a\u8282\u70b9\u7684\u4fe1\u606f\uff0c\u5305\u62ec\u8282\u70b9\u72b6\u6001\u3001\u6807\u7b7e\u3001\u8d44\u6e90\u7528\u91cf\u3001Pod\u3001\u76d1\u63a7\u4fe1\u606f\u7b49\u3002
\u5728 \u96c6\u7fa4\u5217\u8868 \u9875\u9762\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u8282\u70b9\u7ba1\u7406 \uff0c\u53ef\u4ee5\u67e5\u770b\u8282\u70b9\u72b6\u6001\u3001\u89d2\u8272\u3001\u6807\u7b7e\u3001CPU/\u5185\u5b58\u4f7f\u7528\u60c5\u51b5\u3001IP \u5730\u5740\u3001\u521b\u5efa\u65f6\u95f4\u3002
\u70b9\u51fb\u8282\u70b9\u540d\u79f0\uff0c\u53ef\u4ee5\u8fdb\u5165\u8282\u70b9\u8be6\u60c5\u9875\u9762\u67e5\u770b\u66f4\u591a\u4fe1\u606f\uff0c\u5305\u62ec\u6982\u89c8\u4fe1\u606f\u3001\u5bb9\u5668\u7ec4\u4fe1\u606f\u3001\u6807\u7b7e\u6ce8\u89e3\u4fe1\u606f\u3001\u4e8b\u4ef6\u5217\u8868\u3001\u72b6\u6001\u7b49\u3002
\u6b64\u5916\uff0c\u8fd8\u53ef\u4ee5\u67e5\u770b\u8282\u70b9\u7684 YAML \u6587\u4ef6\u3001\u76d1\u63a7\u4fe1\u606f\u3001\u6807\u7b7e\u548c\u6ce8\u89e3\u7b49\u3002
\u652f\u6301\u5c06\u8282\u70b9\u6682\u505c\u8c03\u5ea6\u6216\u6062\u590d\u8c03\u5ea6\u3002\u6682\u505c\u8c03\u5ea6\u6307\uff0c\u505c\u6b62\u5c06 Pod \u8c03\u5ea6\u5230\u8be5\u8282\u70b9\u3002\u6062\u590d\u8c03\u5ea6\u6307\uff0c\u53ef\u4ee5\u5c06 Pod \u8c03\u5ea6\u5230\u8be5\u8282\u70b9\u3002
\u5728 \u96c6\u7fa4\u5217\u8868 \u9875\u9762\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u8282\u70b9\u7ba1\u7406 \uff0c\u5728\u8282\u70b9\u53f3\u4fa7\u70b9\u51fb \u2507 \u64cd\u4f5c\u56fe\u6807\uff0c\u70b9\u51fb \u6682\u505c\u8c03\u5ea6 \u6309\u94ae\u5373\u53ef\u6682\u505c\u8c03\u5ea6\u8be5\u8282\u70b9\u3002
\u5728\u8282\u70b9\u53f3\u4fa7\u70b9\u51fb \u2507 \u64cd\u4f5c\u56fe\u6807\uff0c\u70b9\u51fb \u6062\u590d\u8c03\u5ea6 \u6309\u94ae\u5373\u53ef\u6062\u590d\u8c03\u5ea6\u8be5\u8282\u70b9\u3002
\u8282\u70b9\u8c03\u5ea6\u72b6\u6001\u53ef\u80fd\u56e0\u7f51\u7edc\u60c5\u51b5\u6709\u6240\u5ef6\u8fdf\uff0c\u70b9\u51fb\u641c\u7d22\u6846\u53f3\u4fa7\u7684\u5237\u65b0\u56fe\u6807\u53ef\u4ee5\u5237\u65b0\u8282\u70b9\u8c03\u5ea6\u72b6\u6001\u3002
"},{"location":"admin/kpanda/nodes/taints.html","title":"\u8282\u70b9\u6c61\u70b9\u7ba1\u7406","text":"\u6c61\u70b9 (Taint) \u80fd\u591f\u4f7f\u8282\u70b9\u6392\u65a5\u67d0\u4e00\u7c7b Pod\uff0c\u907f\u514d Pod \u88ab\u8c03\u5ea6\u5230\u8be5\u8282\u70b9\u4e0a\u3002 \u6bcf\u4e2a\u8282\u70b9\u4e0a\u53ef\u4ee5\u5e94\u7528\u4e00\u4e2a\u6216\u591a\u4e2a\u6c61\u70b9\uff0c\u4e0d\u80fd\u5bb9\u5fcd\u8fd9\u4e9b\u6c61\u70b9\u7684 Pod \u5219\u4e0d\u4f1a\u88ab\u8c03\u5ea6\u8be5\u8282\u70b9\u4e0a\u3002
"},{"location":"admin/kpanda/nodes/taints.html#_2","title":"\u6ce8\u610f\u4e8b\u9879","text":"\u5728 \u96c6\u7fa4\u5217\u8868 \u9875\u627e\u5230\u76ee\u6807\u96c6\u7fa4\uff0c\u70b9\u51fb\u96c6\u7fa4\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u6982\u89c8 \u9875\u9762\u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\uff0c\u70b9\u51fb \u8282\u70b9\u7ba1\u7406 \uff0c\u627e\u5230\u9700\u8981\u4fee\u6539\u6c61\u70b9\u7684\u8282\u70b9\uff0c\u70b9\u51fb\u53f3\u4fa7\u7684 \u2507 \u64cd\u4f5c\u56fe\u6807\u5e76\u70b9\u51fb \u4fee\u6539\u6c61\u70b9 \u6309\u94ae\u3002
\u5728\u5f39\u6846\u5185\u8f93\u5165\u6c61\u70b9\u7684\u952e\u503c\u4fe1\u606f\uff0c\u9009\u62e9\u6c61\u70b9\u6548\u679c\uff0c\u70b9\u51fb \u786e\u5b9a \u3002
\u70b9\u51fb \u2795 \u6dfb\u52a0 \u53ef\u4ee5\u4e3a\u8282\u70b9\u6dfb\u52a0\u591a\u4e2a\u6c61\u70b9\uff0c\u70b9\u51fb\u6c61\u70b9\u6548\u679c\u53f3\u4fa7\u7684 X \u53ef\u4ee5\u5220\u9664\u6c61\u70b9\u3002
\u76ee\u524d\u652f\u6301\u4e09\u79cd\u6c61\u70b9\u6548\u679c\uff1a
NoSchedule
\uff1a\u65b0\u7684 Pod \u4e0d\u4f1a\u88ab\u8c03\u5ea6\u5230\u5e26\u6709\u6b64\u6c61\u70b9\u7684\u8282\u70b9\u4e0a\uff0c\u9664\u975e\u65b0\u7684 Pod \u5177\u6709\u76f8\u5339\u914d\u7684\u5bb9\u5fcd\u5ea6\u3002\u5f53\u524d\u6b63\u5728\u8282\u70b9\u4e0a\u8fd0\u884c\u7684 Pod \u4e0d\u4f1a \u88ab\u9a71\u9010\u3002NoExecute
\uff1a\u8fd9\u4f1a\u5f71\u54cd\u5df2\u5728\u8282\u70b9\u4e0a\u8fd0\u884c\u7684 Pod\uff1atolerationSeconds
\uff0c\u5219 Pod \u8fd8\u4f1a\u4e00\u76f4\u5728\u8fd9\u4e2a\u8282\u70b9\u4e0a\u8fd0\u884c\u3002tolerationSeconds
\uff0c\u5219 Pod \u8fd8\u80fd\u5728\u8fd9\u4e2a\u8282\u70b9\u4e0a\u7ee7\u7eed\u8fd0\u884c\u6307\u5b9a\u7684\u65f6\u957f\u3002\u8fd9\u6bb5\u65f6\u95f4\u8fc7\u53bb\u540e\uff0c\u518d\u4ece\u8282\u70b9\u4e0a\u9a71\u9664\u8fd9\u4e9b Pod\u3002PreferNoSchedule
\uff1a\u8fd9\u662f\u201c\u8f6f\u6027\u201d\u7684 NoSchedule
\u3002\u63a7\u5236\u5e73\u9762\u5c06**\u5c1d\u8bd5**\u907f\u514d\u5c06\u4e0d\u5bb9\u5fcd\u6b64\u6c61\u70b9\u7684 Pod \u8c03\u5ea6\u5230\u8282\u70b9\u4e0a\uff0c\u4f46\u4e0d\u80fd\u4fdd\u8bc1\u5b8c\u5168\u907f\u514d\u3002\u6240\u4ee5\u8981\u5c3d\u91cf\u907f\u514d\u4f7f\u7528\u6b64\u6c61\u70b9\u3002\u6709\u5173\u6c61\u70b9\u7684\u66f4\u591a\u8be6\u60c5\uff0c\u8bf7\u53c2\u9605 Kubernetes \u5b98\u65b9\u6587\u6863\uff1a\u6c61\u70b9\u548c\u5bb9\u5fcd\u5ea6\u3002
"},{"location":"admin/kpanda/olm/import-miniooperator.html","title":"\u5bfc\u5165\u79bb\u7ebf MinIo Operator","text":"\u672c\u6587\u5c06\u4ecb\u7ecd\u5728\u79bb\u7ebf\u73af\u5883\u4e0b\u5982\u4f55\u5bfc\u5165 MinIo Operator\u3002
"},{"location":"admin/kpanda/olm/import-miniooperator.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u5728\u6267\u884c\u73af\u5883\u4e2d\u8bbe\u7f6e\u73af\u5883\u53d8\u91cf\u5e76\u5728\u540e\u7eed\u6b65\u9aa4\u4f7f\u7528\uff0c\u6267\u884c\u547d\u4ee4\uff1a
export OPM_IMG=10.5.14.200/quay.m.daocloud.io/operator-framework/opm:v1.29.0 \nexport BUNDLE_IMG=10.5.14.200/quay.m.daocloud.io/operatorhubio/minio-operator:v5.0.3 \n
\u5982\u4f55\u83b7\u53d6\u4e0a\u8ff0\u955c\u50cf\u5730\u5740\uff1a
\u524d\u5f80 \u5bb9\u5668\u7ba1\u7406 -> \u9009\u62e9\u5f53\u524d\u96c6\u7fa4 -> helm \u5e94\u7528 -> \u67e5\u770b olm \u7ec4\u4ef6 -> \u63d2\u4ef6\u8bbe\u7f6e \uff0c\u627e\u5230\u540e\u7eed\u6b65\u9aa4\u6240\u9700 opm\uff0cminio\uff0cminio bundle\uff0cminio operator \u7684\u955c\u50cf\u3002
\u4ee5\u4e0a\u8bc9\u622a\u56fe\u4e3a\u4f8b\uff0c\u5219\u56db\u4e2a\u955c\u50cf\u5730\u5740\u5982\u4e0b\n\n# opm \u955c\u50cf \n10.5.14.200/quay.m.daocloud.io/operator-framework/opm:v1.29.0\n\n# minio \u955c\u50cf\n10.5.14.200/quay.m.daocloud.io/minio/minio:RELEASE.2023-03-24T21-41-23Z\n\n# minio bundle \u955c\u50cf\n10.5.14.200/quay.m.daocloud.io/operatorhubio/minio-operator:v5.0.3\n\n# minio operator \u955c\u50cf \n10.5.14.200/quay.m.daocloud.io/minio/operator:v5.0.3\n
\u6267\u884c opm \u547d\u4ee4\u83b7\u53d6\u79bb\u7ebf bundle \u955c\u50cf\u5305\u542b\u7684 operator\u3002
# \u521b\u5efa operator \u5b58\u653e\u76ee\u5f55\n$ mkdir minio-operator && cd minio-operator \n\n# \u83b7\u53d6 operator yaml \n$ docker run --user root -v $PWD/minio-operator:/minio-operator ${OPM_IMG} alpha bundle unpack --skip-tls-verify -v -d ${BUNDLE_IMG} -o ./minio-operator\n\n# \u9884\u671f\u7ed3\u679c\n.\n\u2514\u2500\u2500 minio-operator\n \u251c\u2500\u2500 manifests\n \u2502\u00a0\u00a0 \u251c\u2500\u2500 console-env_v1_configmap.yaml\n \u2502\u00a0\u00a0 \u251c\u2500\u2500 console-sa-secret_v1_secret.yaml\n \u2502\u00a0\u00a0 \u251c\u2500\u2500 console_v1_service.yaml\n \u2502\u00a0\u00a0 \u251c\u2500\u2500 minio-operator.clusterserviceversion.yaml\n \u2502\u00a0\u00a0 \u251c\u2500\u2500 minio.min.io_tenants.yaml\n \u2502\u00a0\u00a0 \u251c\u2500\u2500 operator_v1_service.yaml\n \u2502\u00a0\u00a0 \u251c\u2500\u2500 sts.min.io_policybindings.yaml\n \u2502\u00a0\u00a0 \u2514\u2500\u2500 sts_v1_service.yaml\n \u2514\u2500\u2500 metadata\n \u2514\u2500\u2500 annotations.yaml\n\n3 directories, 9 files\n
\u66ff\u6362\u00a0 minio-operator/manifests/minio-operator.clusterserviceversion.yaml\u00a0 \u6587\u4ef6\u4e2d\u7684\u6240\u6709\u955c\u50cf\u5730\u5740\u4e3a\u79bb\u7ebf\u955c\u50cf\u4ed3\u5e93\u5730\u5740\u955c\u50cf\u3002
\u66ff\u6362\u524d\uff1a
\u66ff\u6362\u540e\uff1a
\u751f\u6210\u6784\u5efa bundle \u955c\u50cf\u7684 Dockerfile
$ docker run --user root -v $PWD:/minio-operator -w /minio-operator ${OPM_IMG} alpha bundle generate --channels stable,beta -d /minio-operator/minio-operator/manifests -e stable -p minio-operator \u00a0\n\n# \u9884\u671f\u7ed3\u679c\n.\n\u251c\u2500\u2500 bundle.Dockerfile\n\u2514\u2500\u2500 minio-operator\n \u251c\u2500\u2500 manifests\n \u2502\u00a0\u00a0 \u251c\u2500\u2500 console-env_v1_configmap.yaml\n \u2502\u00a0\u00a0 \u251c\u2500\u2500 console-sa-secret_v1_secret.yaml\n \u2502\u00a0\u00a0 \u251c\u2500\u2500 console_v1_service.yaml\n \u2502\u00a0\u00a0 \u251c\u2500\u2500 minio-operator.clusterserviceversion.yaml\n \u2502\u00a0\u00a0 \u251c\u2500\u2500 minio.min.io_tenants.yaml\n \u2502\u00a0\u00a0 \u251c\u2500\u2500 operator_v1_service.yaml\n \u2502\u00a0\u00a0 \u251c\u2500\u2500 sts.min.io_policybindings.yaml\n \u2502\u00a0\u00a0 \u2514\u2500\u2500 sts_v1_service.yaml\n \u2514\u2500\u2500 metadata\n \u2514\u2500\u2500 annotations.yaml\n\n3 directories, 10 files\n
\u6267\u884c\u6784\u5efa\u547d\u4ee4\uff0c\u6784\u5efa bundle \u955c\u50cf\u4e14\u63a8\u9001\u5230\u79bb\u7ebf registry\u3002
# \u8bbe\u7f6e\u65b0\u7684 bundle image \nexport OFFLINE_BUNDLE_IMG=10.5.14.200/quay.m.daocloud.io/operatorhubio/minio-operator:v5.0.3-offline \n\n$ docker build . -f bundle.Dockerfile -t ${OFFLINE_BUNDLE_IMG} \u00a0\n\n$ docker push ${OFFLINE_BUNDLE_IMG}\n
\u751f\u6210\u6784\u5efa catalog \u955c\u50cf\u7684 Dockerfile\u3002
$ docker run --user root -v $PWD:/minio-operator -w /minio-operator ${OPM_IMG} index add --bundles ${OFFLINE_BUNDLE_IMG} --generate --binary-image ${OPM_IMG} --skip-tls-verify\n\n# \u9884\u671f\u7ed3\u679c\n.\n\u251c\u2500\u2500 bundle.Dockerfile\n\u251c\u2500\u2500 database\n\u2502\u00a0\u00a0 \u2514\u2500\u2500 index.db\n\u251c\u2500\u2500 index.Dockerfile\n\u2514\u2500\u2500 minio-operator\n \u251c\u2500\u2500 manifests\n \u2502\u00a0\u00a0 \u251c\u2500\u2500 console-env_v1_configmap.yaml\n \u2502\u00a0\u00a0 \u251c\u2500\u2500 console-sa-secret_v1_secret.yaml\n \u2502\u00a0\u00a0 \u251c\u2500\u2500 console_v1_service.yaml\n \u2502\u00a0\u00a0 \u251c\u2500\u2500 minio.min.io_tenants.yaml\n \u2502\u00a0\u00a0 \u251c\u2500\u2500 minio-operator.clusterserviceversion.yaml\n \u2502\u00a0\u00a0 \u251c\u2500\u2500 operator_v1_service.yaml\n \u2502\u00a0\u00a0 \u251c\u2500\u2500 sts.min.io_policybindings.yaml\n \u2502\u00a0\u00a0 \u2514\u2500\u2500 sts_v1_service.yaml\n \u2514\u2500\u2500 metadata\n \u2514\u2500\u2500 annotations.yaml\n\n4 directories, 12 files\n
\u6784\u5efa catalog \u955c\u50cf
# \u8bbe\u7f6e\u65b0\u7684 catalog image \nexport OFFLINE_CATALOG_IMG=10.5.14.200/release.daocloud.io/operator-framework/system-operator-index:v0.1.0-offline\n\n$ docker build . -f index.Dockerfile -t ${OFFLINE_CATALOG_IMG} \n\n$ docker push ${OFFLINE_CATALOG_IMG}\n
\u524d\u5f80\u5bb9\u5668\u7ba1\u7406\uff0c\u66f4\u65b0 helm \u5e94\u7528 olm \u7684\u5185\u7f6e catsrc \u955c\u50cf\uff08\u586b\u5199\u6784\u5efa catalog \u955c\u50cf\u6307\u5b9a\u7684 ${catalog-image} \u5373\u53ef\uff09
\u66f4\u65b0\u6210\u529f\u540e\uff0cOperator Hub \u4e2d\u4f1a\u51fa\u73b0 minio-operator \u7ec4\u4ef6
\u5bb9\u5668\u7ba1\u7406\u57fa\u4e8e\u5168\u5c40\u6743\u9650\u7ba1\u7406\u53ca\u5168\u5c40\u7528\u6237/\u7528\u6237\u7ec4\u7ba1\u7406\u5b9e\u73b0\u6388\u6743\uff0c\u5982\u9700\u4e3a\u7528\u6237\u6388\u4e88\u5bb9\u5668\u7ba1\u7406\u7684\u6700\u9ad8\u6743\u9650\uff08\u53ef\u4ee5\u521b\u5efa\u3001\u7ba1\u7406\u3001\u5220\u9664\u6240\u6709\u96c6\u7fa4\uff09\uff0c\u8bf7\u53c2\u89c1\u4ec0\u4e48\u662f\u7528\u6237\u4e0e\u8bbf\u95ee\u63a7\u5236\u3002
"},{"location":"admin/kpanda/permissions/cluster-ns-auth.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u7ed9\u7528\u6237/\u7528\u6237\u7ec4\u6388\u6743\u4e4b\u524d\uff0c\u8bf7\u5b8c\u6210\u5982\u4e0b\u51c6\u5907\uff1a
\u5df2\u5728\u5168\u5c40\u7ba1\u7406\u4e2d\u521b\u5efa\u4e86\u5f85\u6388\u6743\u7684\u7528\u6237/\u7528\u6237\u7ec4\uff0c\u8bf7\u53c2\u8003\u7528\u6237\u3002
\u4ec5 Kpanda Owner \u53ca\u5f53\u524d\u96c6\u7fa4\u7684 Cluster Admin \u5177\u5907\u96c6\u7fa4\u6388\u6743\u80fd\u529b\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u6743\u9650\u8bf4\u660e\u3002
\u4ec5 Kpanda Owner\u3001\u5f53\u524d\u96c6\u7fa4\u7684 Cluster Admin\uff0c\u5f53\u524d\u547d\u540d\u7a7a\u95f4\u7684 NS Admin \u5177\u5907\u547d\u540d\u7a7a\u95f4\u6388\u6743\u80fd\u529b\u3002
\u7528\u6237\u767b\u5f55\u5e73\u53f0\u540e\uff0c\u70b9\u51fb\u5de6\u4fa7\u83dc\u5355\u680f \u5bb9\u5668\u7ba1\u7406 \u4e0b\u7684 \u6743\u9650\u7ba1\u7406 \uff0c\u9ed8\u8ba4\u4f4d\u4e8e \u96c6\u7fa4\u6743\u9650 \u9875\u7b7e\u3002
\u70b9\u51fb \u6dfb\u52a0\u6388\u6743 \u6309\u94ae\u3002
\u5728 \u6dfb\u52a0\u96c6\u7fa4\u6743\u9650 \u9875\u9762\u4e2d\uff0c\u9009\u62e9\u76ee\u6807\u96c6\u7fa4\u3001\u5f85\u6388\u6743\u7684\u7528\u6237/\u7528\u6237\u7ec4\u540e\uff0c\u70b9\u51fb \u786e\u5b9a \u3002
\u76ee\u524d\u4ec5\u652f\u6301\u7684\u96c6\u7fa4\u89d2\u8272\u4e3a Cluster Admin \uff0c\u8be6\u60c5\u6743\u9650\u53ef\u53c2\u8003\u6743\u9650\u8bf4\u660e\u3002\u5982\u9700\u8981\u7ed9\u591a\u4e2a\u7528\u6237/\u7528\u6237\u7ec4\u540c\u65f6\u8fdb\u884c\u6388\u6743\uff0c \u53ef\u70b9\u51fb \u6dfb\u52a0\u7528\u6237\u6743\u9650 \u8fdb\u884c\u591a\u6b21\u6dfb\u52a0\u3002
\u8fd4\u56de\u96c6\u7fa4\u6743\u9650\u7ba1\u7406\u9875\u9762\uff0c\u5c4f\u5e55\u51fa\u73b0\u6d88\u606f\uff1a \u6dfb\u52a0\u96c6\u7fa4\u6743\u9650\u6210\u529f \u3002
\u7528\u6237\u767b\u5f55\u5e73\u53f0\u540e\uff0c\u70b9\u51fb\u5de6\u4fa7\u83dc\u5355\u680f \u5bb9\u5668\u7ba1\u7406 \u4e0b\u7684 \u6743\u9650\u7ba1\u7406 \uff0c\u70b9\u51fb \u547d\u540d\u7a7a\u95f4\u6743\u9650 \u9875\u7b7e\u3002
\u70b9\u51fb \u6dfb\u52a0\u6388\u6743 \u6309\u94ae\u3002\u5728 \u6dfb\u52a0\u547d\u540d\u7a7a\u95f4\u6743\u9650 \u9875\u9762\u4e2d\uff0c\u9009\u62e9\u76ee\u6807\u96c6\u7fa4\u3001\u76ee\u6807\u547d\u540d\u7a7a\u95f4\uff0c\u4ee5\u53ca\u5f85\u6388\u6743\u7684\u7528\u6237/\u7528\u6237\u7ec4\u540e\uff0c\u70b9\u51fb \u786e\u5b9a \u3002
\u76ee\u524d\u652f\u6301\u7684\u547d\u540d\u7a7a\u95f4\u89d2\u8272\u4e3a NS Admin\u3001NS Editor\u3001NS Viewer\uff0c\u8be6\u60c5\u6743\u9650\u53ef\u53c2\u8003\u6743\u9650\u8bf4\u660e\u3002\u5982\u9700\u7ed9\u591a\u4e2a\u7528\u6237/\u7528\u6237\u7ec4\u540c\u65f6\u8fdb\u884c\u6388\u6743\uff0c\u53ef\u70b9\u51fb \u6dfb\u52a0\u7528\u6237\u6743\u9650 \u8fdb\u884c\u591a\u6b21\u6dfb\u52a0\u3002\u70b9\u51fb \u786e\u5b9a \u5b8c\u6210\u6743\u9650\u6388\u6743\u3002
\u8fd4\u56de\u547d\u540d\u7a7a\u95f4\u6743\u9650\u7ba1\u7406\u9875\u9762\uff0c\u5c4f\u5e55\u51fa\u73b0\u6d88\u606f\uff1a \u6dfb\u52a0\u96c6\u7fa4\u6743\u9650\u6210\u529f \u3002
Tip
\u540e\u7eed\u5982\u9700\u5220\u9664\u6216\u7f16\u8f91\u6743\u9650\uff0c\u53ef\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507 \uff0c\u9009\u62e9 \u7f16\u8f91 \u6216 \u5220\u9664 \u3002
\u8fc7\u53bb Kpanda \u5185\u7f6e\u89d2\u8272\u7684\u6743\u9650\u70b9\uff08rbac rules\uff09\u90fd\u662f\u63d0\u524d\u9884\u5b9a\u4e49\u597d\u7684\u4e14\u7528\u6237\u65e0\u6cd5\u4fee\u6539\uff0c\u56e0\u4e3a\u4ee5\u524d\u4fee\u6539\u5185\u7f6e\u89d2\u8272\u7684\u6743\u9650\u70b9\u4e4b\u540e\u4e5f\u4f1a\u88ab Kpanda \u63a7\u5236\u5668\u8fd8\u539f\u6210\u9884\u5b9a\u4e49\u7684\u6743\u9650\u70b9\u3002 \u4e3a\u4e86\u652f\u6301\u66f4\u52a0\u7075\u6d3b\u7684\u6743\u9650\u914d\u7f6e\uff0c\u6ee1\u8db3\u5bf9\u7cfb\u7edf\u89d2\u8272\u7684\u81ea\u5b9a\u4e49\u9700\u6c42\uff0c\u76ee\u524d Kpanda \u652f\u6301\u4e3a\u5185\u7f6e\u7cfb\u7edf\u89d2\u8272\uff08cluster admin\u3001ns admin\u3001ns editor\u3001ns viewer\uff09\u4fee\u6539\u6743\u9650\u70b9\u3002 \u4ee5\u4e0b\u793a\u4f8b\u6f14\u793a\u5982\u4f55\u65b0\u589e ns-viewer \u6743\u9650\u70b9\uff0c\u5c1d\u8bd5\u589e\u52a0\u53ef\u4ee5\u5220\u9664 Deployment \u7684\u6743\u9650\u3002\u5176\u4ed6\u6743\u9650\u70b9\u64cd\u4f5c\u7c7b\u4f3c\u3002
"},{"location":"admin/kpanda/permissions/custom-kpanda-role.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"Note
\u53ea\u652f\u6301\u4f7f\u7528\u56fa\u5b9a Label \u7684 ClusterRole \u8ffd\u52a0\u6743\u9650\uff0c\u4e0d\u652f\u6301\u66ff\u6362\u6216\u8005\u5220\u9664\u6743\u9650\uff0c\u4e5f\u4e0d\u80fd\u4f7f\u7528 role \u8ffd\u52a0\u6743\u9650\uff0c\u5185\u7f6e\u89d2\u8272\u8ddf\u7528\u6237\u521b\u5efa\u7684 ClusterRole Label \u5bf9\u5e94\u5173\u7cfb\u5982\u4e0b
cluster-admin: rbac.kpanda.io/role-template-cluster-admin: \"true\"\ncluster-edit: rbac.kpanda.io/role-template-cluster-edit: \"true\"\ncluster-view: rbac.kpanda.io/role-template-cluster-view: \"true\"\nns-admin: rbac.kpanda.io/role-template-ns-admin: \"true\"\nns-edit: rbac.kpanda.io/role-template-ns-edit: \"true\"\nns-view: rbac.kpanda.io/role-template-ns-view: \"true\"\n
\u4f7f\u7528 admin \u6216\u8005 cluster admin \u6743\u9650\u7684\u7528\u6237\u521b\u5efa\u65e0\u72b6\u6001\u8d1f\u8f7d
\u6388\u6743 ns-viewer\uff0c\u7528\u6237\u6709\u8be5 namespace ns-view \u6743\u9650
\u5207\u6362\u767b\u5f55\u7528\u6237\u4e3a ns-viewer\uff0c\u6253\u5f00\u63a7\u5236\u53f0\u83b7\u53d6 ns-viewer \u7528\u6237\u5bf9\u5e94\u7684 token\uff0c\u4f7f\u7528 curl \u8bf7\u6c42\u5220\u9664\u4e0a\u8ff0\u7684 deployment nginx\uff0c\u53d1\u73b0\u65e0\u5220\u9664\u6743\u9650
[root@master-01 ~]# curl -k -X DELETE 'https://${URL}/apis/kpanda.io/v1alpha1/clusters/cluster-member/namespaces/default/deployments/nginx' -H 'authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJOU044MG9BclBRMzUwZ2VVU2ZyNy1xMEREVWY4MmEtZmJqR05uRE1sd1lFIn0.eyJleHAiOjE3MTU3NjY1NzksImlhdCI6MTcxNTY4MDE3OSwiYXV0aF90aW1lIjoxNzE1NjgwMTc3LCJqdGkiOiIxZjI3MzJlNC1jYjFhLTQ4OTktYjBiZC1iN2IxZWY1MzAxNDEiLCJpc3MiOiJodHRwczovLzEwLjYuMjAxLjIwMTozMDE0Ny9hdXRoL3JlYWxtcy9naGlwcG8iLCJhdWQiOiJfX2ludGVybmFsLWdoaXBwbyIsInN1YiI6ImMxZmMxM2ViLTAwZGUtNDFiYS05ZTllLWE5OGU2OGM0MmVmMCIsInR5cCI6IklEIiwiYXpwIjoiX19pbnRlcm5hbC1naGlwcG8iLCJzZXNzaW9uX3N0YXRlIjoiMGJjZWRjZTctMTliYS00NmU1LTkwYmUtOTliMWY2MWEyNzI0IiwiYXRfaGFzaCI6IlJhTHoyQjlKQ2FNc1RrbGVMR3V6blEiLCJhY3IiOiIwIiwic2lkIjoiMGJjZWRjZTctMTliYS00NmU1LTkwYmUtOTliMWY2MWEyNzI0IiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJncm91cHMiOltdLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJucy12aWV3ZXIiLCJsb2NhbGUiOiIifQ.As2ipMjfvzvgONAGlc9RnqOd3zMwAj82VXlcqcR74ZK9tAq3Q4ruQ1a6WuIfqiq8Kq4F77ljwwzYUuunfBli2zhU2II8zyxVhLoCEBu4pBVBd_oJyUycXuNa6HfQGnl36E1M7-_QG8b-_T51wFxxVb5b7SEDE1AvIf54NAlAr-rhDmGRdOK1c9CohQcS00ab52MD3IPiFFZ8_Iljnii-RpXKZoTjdcULJVn_uZNk_SzSUK-7MVWmPBK15m6sNktOMSf0pCObKWRqHd15JSe-2aA2PKBo1jBH3tHbOgZyMPdsLI0QdmEnKB5FiiOeMpwn_oHnT6IjT-BZlB18VkW8rA'\n{\"code\":7,\"message\":\"[RBAC] delete resources(deployments: nginx) is forbidden for user(ns-viewer) in cluster(cluster-member)\",\"details\":[]}[root@master-01 ~]#\n[root@master-01 ~]#\n
\u5728\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4e0a\u521b\u5efa\u5982\u4e0b ClusterRole\uff1a
apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n name: append-ns-view # (1)!\n labels:\n rbac.kpanda.io/role-template-ns-view: \"true\" # (2)!\nrules:\n - apiGroups: [ \"apps\" ]\n resources: [ \"deployments\" ]\n verbs: [ \"delete\" ]\n
\u7b49\u5f85 Kpanda \u63a7\u5236\u5668\u6dfb\u52a0\u7528\u6237\u521b\u5efa\u6743\u9650\u5230\u5185\u7f6e\u89d2\u8272 ns-viewer \u4e2d\uff0c\u53ef\u67e5\u770b\u5bf9\u5e94\u5185\u7f6e\u89d2\u8272\u5982\u662f\u5426\u6709\u4e0a\u4e00\u6b65\u65b0\u589e\u7684\u6743\u9650\u70b9
[root@master-01 ~]# kubectl get clusterrole role-template-ns-view -oyaml|grep deployments -C 10|tail -n 6\n
- apiGroups:\n - apps\n resources:\n - deployments\n verbs:\n - delete\n
\u518d\u6b21\u4f7f\u7528 curl \u8bf7\u6c42\u5220\u9664\u4e0a\u8ff0\u7684 deployment nginx\uff0c\u8fd9\u6b21\u6210\u529f\u5220\u9664\u4e86\u3002\u4e5f\u5c31\u662f\u8bf4\uff0cns-viewer \u6210\u529f\u65b0\u589e\u4e86\u5220\u9664 Deployment \u7684\u6743\u9650\u3002
[root@master-01 ~]# curl -k -X DELETE 'https://${URL}/apis/kpanda.io/v1alpha1/clusters/cluster-member/namespaces/default/deployments/nginx' -H 'authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJOU044MG9BclBRMzUwZ2VVU2ZyNy1xMEREVWY4MmEtZmJqR05uRE1sd1lFIn0.eyJleHAiOjE3MTU3NjY1NzksImlhdCI6MTcxNTY4MDE3OSwiYXV0aF90aW1lIjoxNzE1NjgwMTc3LCJqdGkiOiIxZjI3MzJlNC1jYjFhLTQ4OTktYjBiZC1iN2IxZWY1MzAxNDEiLCJpc3MiOiJodHRwczovLzEwLjYuMjAxLjIwMTozMDE0Ny9hdXRoL3JlYWxtcy9naGlwcG8iLCJhdWQiOiJfX2ludGVybmFsLWdoaXBwbyIsInN1YiI6ImMxZmMxM2ViLTAwZGUtNDFiYS05ZTllLWE5OGU2OGM0MmVmMCIsInR5cCI6IklEIiwiYXpwIjoiX19pbnRlcm5hbC1naGlwcG8iLCJzZXNzaW9uX3N0YXRlIjoiMGJjZWRjZTctMTliYS00NmU1LTkwYmUtOTliMWY2MWEyNzI0IiwiYXRfaGFzaCI6IlJhTHoyQjlKQ2FNc1RrbGVMR3V6blEiLCJhY3IiOiIwIiwic2lkIjoiMGJjZWRjZTctMTliYS00NmU1LTkwYmUtOTliMWY2MWEyNzI0IiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJncm91cHMiOltdLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJucy12aWV3ZXIiLCJsb2NhbGUiOiIifQ.As2ipMjfvzvgONAGlc9RnqOd3zMwAj82VXlcqcR74ZK9tAq3Q4ruQ1a6WuIfqiq8Kq4F77ljwwzYUuunfBli2zhU2II8zyxVhLoCEBu4pBVBd_oJyUycXuNa6HfQGnl36E1M7-_QG8b-_T51wFxxVb5b7SEDE1AvIf54NAlAr-rhDmGRdOK1c9CohQcS00ab52MD3IPiFFZ8_Iljnii-RpXKZoTjdcULJVn_uZNk_SzSUK-7MVWmPBK15m6sNktOMSf0pCObKWRqHd15JSe-2aA2PKBo1jBH3tHbOgZyMPdsLI0QdmEnKB5FiiOeMpwn_oHnT6IjT-BZlB18VkW8rA'\n
\u5bb9\u5668\u7ba1\u7406\u6743\u9650\u57fa\u4e8e\u5168\u5c40\u6743\u9650\u7ba1\u7406\u4ee5\u53ca Kubernetes RBAC \u6743\u9650\u7ba1\u7406\u6253\u9020\u7684\u591a\u7ef4\u5ea6\u6743\u9650\u7ba1\u7406\u4f53\u7cfb\u3002 \u652f\u6301\u96c6\u7fa4\u7ea7\u3001\u547d\u540d\u7a7a\u95f4\u7ea7\u7684\u6743\u9650\u63a7\u5236\uff0c\u5e2e\u52a9\u7528\u6237\u4fbf\u6377\u7075\u6d3b\u5730\u5bf9\u79df\u6237\u4e0b\u7684 IAM \u7528\u6237\u3001\u7528\u6237\u7ec4\uff08\u7528\u6237\u7684\u96c6\u5408\uff09\u8bbe\u5b9a\u4e0d\u540c\u7684\u64cd\u4f5c\u6743\u9650\u3002
"},{"location":"admin/kpanda/permissions/permission-brief.html#_2","title":"\u96c6\u7fa4\u6743\u9650","text":"\u96c6\u7fa4\u6743\u9650\u57fa\u4e8e Kubernetes RBAC \u7684 ClusterRolebinding \u6388\u6743\uff0c\u96c6\u7fa4\u6743\u9650\u8bbe\u7f6e\u53ef\u8ba9\u7528\u6237/\u7528\u6237\u7ec4\u5177\u5907\u96c6\u7fa4\u76f8\u5173\u6743\u9650\u3002 \u76ee\u524d\u7684\u9ed8\u8ba4\u96c6\u7fa4\u89d2\u8272\u4e3a Cluster Admin \uff08\u4e0d\u5177\u5907\u96c6\u7fa4\u7684\u521b\u5efa\u3001\u5220\u9664\u6743\u9650\uff09\u3002
"},{"location":"admin/kpanda/permissions/permission-brief.html#cluster-admin","title":"Cluster Admin","text":"Cluster Admin \u5177\u6709\u4ee5\u4e0b\u6743\u9650\uff1a
\u53ef\u7ba1\u7406\u3001\u7f16\u8f91\u3001\u67e5\u770b\u5bf9\u5e94\u96c6\u7fa4
\u7ba1\u7406\u3001\u7f16\u8f91\u3001\u67e5\u770b \u547d\u540d\u7a7a\u95f4\u4e0b\u7684\u6240\u6709\u5de5\u4f5c\u8d1f\u8f7d\u53ca\u96c6\u7fa4\u5185\u6240\u6709\u8d44\u6e90
\u53ef\u6388\u6743\u7528\u6237\u4e3a\u96c6\u7fa4\u5185\u89d2\u8272 (Cluster Admin\u3001NS Admin\u3001NS Editor\u3001NS Viewer)
\u8be5\u96c6\u7fa4\u89d2\u8272\u7684 YAML \u793a\u4f8b\u5982\u4e0b\uff1a
apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n annotations:\n kpanda.io/creator: system\n creationTimestamp: \"2022-06-16T09:42:49Z\"\n labels:\n iam.kpanda.io/role-template: \"true\"\n name: role-template-cluster-admin\n resourceVersion: \"15168\"\n uid: f8f86d42-d5ef-47aa-b284-097615795076\nrules:\n- apiGroups:\n - '*'\n resources:\n - '*'\n verbs:\n - '*'\n- nonResourceURLs:\n - '*'\n verbs:\n - '*'\n
"},{"location":"admin/kpanda/permissions/permission-brief.html#_3","title":"\u547d\u540d\u7a7a\u95f4\u6743\u9650","text":"\u547d\u540d\u7a7a\u95f4\u6743\u9650\u662f\u57fa\u4e8e Kubernetes RBAC \u80fd\u529b\u7684\u6388\u6743\uff0c\u53ef\u4ee5\u5b9e\u73b0\u4e0d\u540c\u7684\u7528\u6237/\u7528\u6237\u7ec4\u5bf9\u547d\u540d\u7a7a\u95f4\u4e0b\u7684\u8d44\u6e90\u5177\u6709\u4e0d\u540c\u7684\u64cd\u4f5c\u6743\u9650(\u5305\u62ec Kubernetes API \u6743\u9650)\uff0c\u8be6\u60c5\u53ef\u53c2\u8003\uff1aKubernetes RBAC\u3002\u76ee\u524d\u5bb9\u5668\u7ba1\u7406\u7684\u9ed8\u8ba4\u89d2\u8272\u4e3a\uff1aNS Admin\u3001NS Editor\u3001NS Viewer\u3002
"},{"location":"admin/kpanda/permissions/permission-brief.html#ns-admin","title":"NS Admin","text":"NS Admin \u5177\u6709\u4ee5\u4e0b\u6743\u9650\uff1a
\u8be5\u96c6\u7fa4\u89d2\u8272\u7684 YAML \u793a\u4f8b\u5982\u4e0b\uff1a
apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n annotations:\n kpanda.io/creator: system\n creationTimestamp: \"2022-06-16T09:42:49Z\"\n labels:\n iam.kpanda.io/role-template: \"true\"\n name: role-template-ns-admin\n resourceVersion: \"15173\"\n uid: 69f64c7e-70e7-4c7c-a3e0-053f507f2bc3\nrules:\n- apiGroups:\n - '*'\n resources:\n - '*'\n verbs:\n - '*'\n- nonResourceURLs:\n - '*'\n verbs:\n - '*' \n
"},{"location":"admin/kpanda/permissions/permission-brief.html#ns-editor","title":"NS Editor","text":"NS Editor \u5177\u6709\u4ee5\u4e0b\u6743\u9650\uff1a
apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n annotations:\n kpanda.io/creator: system\n creationTimestamp: \"2022-06-16T09:42:50Z\"\n labels:\n iam.kpanda.io/role-template: \"true\"\n name: role-template-ns-edit\n resourceVersion: \"15175\"\n uid: ca9e690e-96c0-4978-8915-6e4c00c748fe\nrules:\n- apiGroups:\n - \"\"\n resources:\n - configmaps\n - endpoints\n - persistentvolumeclaims\n - persistentvolumeclaims/status\n - pods\n - replicationcontrollers\n - replicationcontrollers/scale\n - serviceaccounts\n - services\n - services/status\n verbs:\n - '*'\n- apiGroups:\n - \"\"\n resources:\n - bindings\n - events\n - limitranges\n - namespaces/status\n - pods/log\n - pods/status\n - replicationcontrollers/status\n - resourcequotas\n - resourcequotas/status\n verbs:\n - '*'\n- apiGroups:\n - \"\"\n resources:\n - namespaces\n verbs:\n - '*'\n- apiGroups:\n - apps\n resources:\n - controllerrevisions\n - daemonsets\n - daemonsets/status\n - deployments\n - deployments/scale\n - deployments/status\n - replicasets\n - replicasets/scale\n - replicasets/status\n - statefulsets\n - statefulsets/scale\n - statefulsets/status\n verbs:\n - '*'\n- apiGroups:\n - autoscaling\n resources:\n - horizontalpodautoscalers\n - horizontalpodautoscalers/status\n verbs:\n - '*'\n- apiGroups:\n - batch\n resources:\n - cronjobs\n - cronjobs/status\n - jobs\n - jobs/status\n verbs:\n - '*'\n- apiGroups:\n - extensions\n resources:\n - daemonsets\n - daemonsets/status\n - deployments\n - deployments/scale\n - deployments/status\n - ingresses\n - ingresses/status\n - networkpolicies\n - replicasets\n - replicasets/scale\n - replicasets/status\n - replicationcontrollers/scale\n verbs:\n - '*'\n- apiGroups:\n - policy\n resources:\n - poddisruptionbudgets\n - poddisruptionbudgets/status\n verbs:\n - '*'\n- apiGroups:\n - networking.k8s.io\n resources:\n - ingresses\n - ingresses/status\n - networkpolicies\n verbs:\n - '*' \n
"},{"location":"admin/kpanda/permissions/permission-brief.html#ns-viewer","title":"NS Viewer","text":"NS Viewer \u5177\u6709\u4ee5\u4e0b\u6743\u9650\uff1a
apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n annotations:\n kpanda.io/creator: system\n creationTimestamp: \"2022-06-16T09:42:50Z\"\n labels:\n iam.kpanda.io/role-template: \"true\"\n name: role-template-ns-view\n resourceVersion: \"15183\"\n uid: 853888fd-6ee8-42ac-b91e-63923918baf8\nrules:\n- apiGroups:\n - \"\"\n resources:\n - configmaps\n - endpoints\n - persistentvolumeclaims\n - persistentvolumeclaims/status\n - pods\n - replicationcontrollers\n - replicationcontrollers/scale\n - serviceaccounts\n - services\n - services/status\n verbs:\n - get\n - list\n - watch\n- apiGroups:\n - \"\"\n resources:\n - bindings\n - events\n - limitranges\n - namespaces/status\n - pods/log\n - pods/status\n - replicationcontrollers/status\n - resourcequotas\n - resourcequotas/status\n verbs:\n - get\n - list\n - watch\n- apiGroups:\n - \"\"\n resources:\n - namespaces\n verbs:\n - get\n - list\n - watch\n- apiGroups:\n - apps\n resources:\n - controllerrevisions\n - daemonsets\n - daemonsets/status\n - deployments\n - deployments/scale\n - deployments/status\n - replicasets\n - replicasets/scale\n - replicasets/status\n - statefulsets\n - statefulsets/scale\n - statefulsets/status\n verbs:\n - get\n - list\n - watch\n- apiGroups:\n - autoscaling\n resources:\n - horizontalpodautoscalers\n - horizontalpodautoscalers/status\n verbs:\n - get\n - list\n - watch\n- apiGroups:\n - batch\n resources:\n - cronjobs\n - cronjobs/status\n - jobs\n - jobs/status\n verbs:\n - get\n - list\n - watch\n- apiGroups:\n - extensions\n resources:\n - daemonsets\n - daemonsets/status\n - deployments\n - deployments/scale\n - deployments/status\n - ingresses\n - ingresses/status\n - networkpolicies\n - replicasets\n - replicasets/scale\n - replicasets/status\n - replicationcontrollers/scale\n verbs:\n - get\n - list\n - watch\n- apiGroups:\n - policy\n resources:\n - poddisruptionbudgets\n - poddisruptionbudgets/status\n verbs:\n - get\n - list\n - watch\n- apiGroups:\n - networking.k8s.io\n resources:\n - ingresses\n - ingresses/status\n - networkpolicies\n verbs:\n - get\n - list\n - watch \n
"},{"location":"admin/kpanda/permissions/permission-brief.html#faq","title":"\u6743\u9650 FAQ","text":"\u5168\u5c40\u6743\u9650\u548c\u5bb9\u5668\u7ba1\u7406\u6743\u9650\u7ba1\u7406\u7684\u5173\u7cfb\uff1f
\u7b54\uff1a\u5168\u5c40\u6743\u9650\u4ec5\u6388\u6743\u4e3a\u7c97\u7c92\u5ea6\u6743\u9650\uff0c\u53ef\u7ba1\u7406\u6240\u6709\u96c6\u7fa4\u7684\u521b\u5efa\u3001\u7f16\u8f91\u3001\u5220\u9664\uff1b\u800c\u5bf9\u4e8e\u7ec6\u7c92\u5ea6\u7684\u6743\u9650\uff0c\u5982\u5355\u4e2a\u96c6\u7fa4\u7684\u7ba1\u7406\u6743\u9650\uff0c\u5355\u4e2a\u547d\u540d\u7a7a\u95f4\u7684\u7ba1\u7406\u3001\u7f16\u8f91\u3001\u5220\u9664\u6743\u9650\uff0c\u9700\u8981\u57fa\u4e8e Kubernetes RBAC \u7684\u5bb9\u5668\u7ba1\u7406\u6743\u9650\u8fdb\u884c\u5b9e\u73b0\u3002 \u4e00\u822c\u6743\u9650\u7684\u7528\u6237\u4ec5\u9700\u8981\u5728\u5bb9\u5668\u7ba1\u7406\u4e2d\u8fdb\u884c\u6388\u6743\u5373\u53ef\u3002
\u76ee\u524d\u4ec5\u652f\u6301\u56db\u4e2a\u9ed8\u8ba4\u89d2\u8272\uff0c\u540e\u53f0\u81ea\u5b9a\u4e49\u89d2\u8272\u7684 RoleBinding \u4ee5\u53ca ClusterRoleBinding \uff08Kubernetes \u7ec6\u7c92\u5ea6\u7684 RBAC\uff09\u662f\u5426\u4e5f\u80fd\u751f\u6548\uff1f
\u7b54\uff1a\u76ee\u524d\u81ea\u5b9a\u4e49\u6743\u9650\u6682\u65f6\u65e0\u6cd5\u901a\u8fc7\u56fe\u5f62\u754c\u9762\u8fdb\u884c\u7ba1\u7406\uff0c\u4f46\u662f\u901a\u8fc7 kubectl \u521b\u5efa\u7684\u6743\u9650\u89c4\u5219\u540c\u6837\u80fd\u751f\u6548\u3002
\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u652f\u6301 Pod \u8d44\u6e90\u57fa\u4e8e\u6307\u6807\u8fdb\u884c\u5f39\u6027\u4f38\u7f29\uff08Horizontal Pod Autoscaling, HPA\uff09\u3002 \u7528\u6237\u53ef\u4ee5\u901a\u8fc7\u8bbe\u7f6e CPU \u5229\u7528\u7387\u3001\u5185\u5b58\u7528\u91cf\u53ca\u81ea\u5b9a\u4e49\u6307\u6807\u6307\u6807\u6765\u52a8\u6001\u8c03\u6574 Pod \u8d44\u6e90\u7684\u526f\u672c\u6570\u91cf\u3002 \u4f8b\u5982\uff0c\u4e3a\u5de5\u4f5c\u8d1f\u8f7d\u8bbe\u7f6e\u57fa\u4e8e CPU \u5229\u7528\u7387\u6307\u6807\u5f39\u6027\u4f38\u7f29\u7b56\u7565\u540e\uff0c\u5f53 Pod \u7684 CPU \u5229\u7528\u7387\u8d85\u8fc7/\u4f4e\u4e8e\u60a8\u8bbe\u7f6e\u7684\u6307\u6807\u9600\u503c\uff0c\u5de5\u4f5c\u8d1f\u8f7d\u63a7\u5236\u5668\u5c06\u4f1a\u81ea\u52a8\u589e\u52a0/\u8f83\u5c11 Pod \u526f\u672c\u6570\u3002
\u672c\u6587\u5c06\u4ecb\u7ecd\u5982\u4f55\u4e3a\u5de5\u4f5c\u8d1f\u8f7d\u914d\u7f6e\u57fa\u4e8e\u5185\u7f6e\u6307\u6807\u7684\u5f39\u6027\u4f38\u7f29\u3002
Note
\u7cfb\u7edf\u5185\u7f6e\u4e86 CPU \u548c\u5185\u5b58\u4e24\u79cd\u5f39\u6027\u4f38\u7f29\u6307\u6807\u4ee5\u6ee1\u8db3\u7528\u6237\u7684\u57fa\u7840\u4e1a\u52a1\u4f7f\u7528\u573a\u666f\u3002
"},{"location":"admin/kpanda/scale/create-hpa.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u5728\u4e3a\u5de5\u4f5c\u8d1f\u8f7d\u914d\u7f6e\u5185\u7f6e\u6307\u6807\u5f39\u6027\u4f38\u7f29\u7b56\u7565\u4e4b\u524d\uff0c\u9700\u8981\u6ee1\u8db3\u4ee5\u4e0b\u524d\u63d0\u6761\u4ef6\uff1a
\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u5df2\u63a5\u5165 Kubernetes \u96c6\u7fa4\u6216\u8005\u5df2\u521b\u5efa Kubernetes \u96c6\u7fa4\uff0c\u4e14\u80fd\u591f\u8bbf\u95ee\u96c6\u7fa4\u7684 UI \u754c\u9762\u3002
\u5df2\u5b8c\u6210\u4e00\u4e2a\u547d\u540d\u7a7a\u95f4\u7684\u521b\u5efa\u3001\u65e0\u72b6\u6001\u5de5\u4f5c\u8d1f\u8f7d\u7684\u521b\u5efa\u6216\u6709\u72b6\u6001\u5de5\u4f5c\u8d1f\u8f7d\u7684\u521b\u5efa\u3002
\u5f53\u524d\u64cd\u4f5c\u7528\u6237\u5e94\u5177\u6709 NS Editor \u6216\u66f4\u9ad8\u6743\u9650\uff0c\u8be6\u60c5\u53ef\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u6388\u6743\u3002
\u5df2\u5b8c\u6210 metrics-server \u63d2\u4ef6\u5b89\u88c5 \u3002
\u53c2\u8003\u4ee5\u4e0b\u6b65\u9aa4\uff0c\u4e3a\u5de5\u4f5c\u8d1f\u8f7d\u914d\u7f6e\u5185\u7f6e\u6307\u6807\u5f39\u6027\u4f38\u7f29\u7b56\u7565\u3002
\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u4e0a\u7684 \u96c6\u7fa4\u5217\u8868 \u8fdb\u5165\u96c6\u7fa4\u5217\u8868\u9875\u9762\u3002\u70b9\u51fb\u4e00\u4e2a\u96c6\u7fa4\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u9875\u9762\u3002
\u5728\u96c6\u7fa4\u8be6\u60c5\u9875\u9762\uff0c\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u7684 \u5de5\u4f5c\u8d1f\u8f7d \u8fdb\u5165\u5de5\u4f5c\u8d1f\u8f7d\u5217\u8868\u540e\uff0c\u70b9\u51fb\u4e00\u4e2a\u8d1f\u8f7d\u540d\u79f0\uff0c\u8fdb\u5165 \u5de5\u4f5c\u8d1f\u8f7d\u8be6\u60c5 \u9875\u9762\u3002
\u70b9\u51fb \u5f39\u6027\u4f38\u7f29 \u9875\u7b7e\uff0c\u67e5\u770b\u5f53\u524d\u96c6\u7fa4\u7684\u5f39\u6027\u4f38\u7f29\u914d\u7f6e\u60c5\u51b5\u3002
\u786e\u8ba4\u96c6\u7fa4\u5df2\u5b89\u88c5\u4e86 metrics-server \u63d2\u4ef6\uff0c\u4e14\u63d2\u4ef6\u8fd0\u884c\u72b6\u6001\u4e3a\u6b63\u5e38\u540e\uff0c\u5373\u53ef\u70b9\u51fb \u65b0\u5efa\u4f38\u7f29 \u6309\u94ae\u3002
\u521b\u5efa\u81ea\u5b9a\u4e49\u6307\u6807\u5f39\u6027\u4f38\u7f29\u7b56\u7565\u53c2\u6570\u3002
\u5b8c\u6210\u53c2\u6570\u914d\u7f6e\u540e\uff0c\u70b9\u51fb \u786e\u5b9a \u6309\u94ae\uff0c\u81ea\u52a8\u8fd4\u56de\u5f39\u6027\u4f38\u7f29\u8be6\u60c5\u9875\u9762\u3002\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507 \uff0c\u53ef\u4ee5\u6267\u884c\u7f16\u8f91\u3001\u5220\u9664\u64cd\u4f5c\uff0c\u8fd8\u53ef\u4ee5\u67e5\u770b\u76f8\u5173\u4e8b\u4ef6\u3002
\u5bb9\u5668\u5782\u76f4\u6269\u7f29\u5bb9\u7b56\u7565\uff08Vertical Pod Autoscaler, VPA\uff09\u901a\u8fc7\u76d1\u63a7 Pod \u5728\u4e00\u6bb5\u65f6\u95f4\u5185\u7684\u8d44\u6e90\u7533\u8bf7\u548c\u7528\u91cf\uff0c \u8ba1\u7b97\u51fa\u5bf9\u8be5 Pod \u800c\u8a00\u6700\u9002\u5408\u7684 CPU \u548c\u5185\u5b58\u8bf7\u6c42\u503c\u3002\u4f7f\u7528 VPA \u53ef\u4ee5\u66f4\u52a0\u5408\u7406\u5730\u4e3a\u96c6\u7fa4\u4e0b\u6bcf\u4e2a Pod \u5206\u914d\u8d44\u6e90\uff0c\u63d0\u9ad8\u96c6\u7fa4\u7684\u6574\u4f53\u8d44\u6e90\u5229\u7528\u7387\uff0c\u907f\u514d\u96c6\u7fa4\u8d44\u6e90\u6d6a\u8d39\u3002
\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u652f\u6301\u901a\u8fc7\u5bb9\u5668\u5782\u76f4\u6269\u7f29\u5bb9\u7b56\u7565\uff08Vertical Pod Autoscaler, VPA\uff09\uff0c\u57fa\u4e8e\u6b64\u529f\u80fd\u53ef\u4ee5\u6839\u636e\u5bb9\u5668\u8d44\u6e90\u7684\u4f7f\u7528\u60c5\u51b5\u52a8\u6001\u8c03\u6574 Pod \u8bf7\u6c42\u503c\u3002 \u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u652f\u6301\u901a\u8fc7\u624b\u52a8\u548c\u81ea\u52a8\u4e24\u79cd\u65b9\u5f0f\u6765\u4fee\u6539\u8d44\u6e90\u8bf7\u6c42\u503c\uff0c\u60a8\u53ef\u4ee5\u6839\u636e\u5b9e\u9645\u9700\u8981\u8fdb\u884c\u914d\u7f6e\u3002
\u672c\u6587\u5c06\u4ecb\u7ecd\u5982\u4f55\u4e3a\u5de5\u4f5c\u8d1f\u8f7d\u914d\u7f6e Pod \u5782\u76f4\u4f38\u7f29\u3002
Warning
\u4f7f\u7528 VPA \u4fee\u6539 Pod \u8d44\u6e90\u8bf7\u6c42\u4f1a\u89e6\u53d1 Pod \u91cd\u542f\u3002\u7531\u4e8e Kubernetes \u672c\u8eab\u7684\u9650\u5236\uff0c Pod \u91cd\u542f\u540e\u53ef\u80fd\u4f1a\u88ab\u8c03\u5ea6\u5230\u5176\u5b83\u8282\u70b9\u4e0a\u3002
"},{"location":"admin/kpanda/scale/create-vpa.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u4e3a\u5de5\u4f5c\u8d1f\u8f7d\u914d\u7f6e\u5782\u76f4\u4f38\u7f29\u7b56\u7565\u4e4b\u524d\uff0c\u9700\u8981\u6ee1\u8db3\u4ee5\u4e0b\u524d\u63d0\u6761\u4ef6\uff1a
\u5728\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u4e2d\u63a5\u5165 Kubernetes \u96c6\u7fa4\u6216\u8005\u521b\u5efa Kubernetes \u96c6\u7fa4\uff0c\u4e14\u80fd\u591f\u8bbf\u95ee\u96c6\u7fa4\u7684 UI \u754c\u9762\u3002
\u521b\u5efa\u4e00\u4e2a\u547d\u540d\u7a7a\u95f4\u3001\u7528\u6237\u3001\u65e0\u72b6\u6001\u5de5\u4f5c\u8d1f\u8f7d\u6216\u6709\u72b6\u6001\u5de5\u4f5c\u8d1f\u8f7d\u3002
\u5f53\u524d\u64cd\u4f5c\u7528\u6237\u5e94\u5177\u6709 NS Editor \u6216\u66f4\u9ad8\u6743\u9650\uff0c\u8be6\u60c5\u53ef\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u6388\u6743\u3002
\u5f53\u524d\u96c6\u7fa4\u5df2\u7ecf\u5b89\u88c5 metrics-server \u548c VPA \u63d2\u4ef6\u3002
\u53c2\u8003\u4ee5\u4e0b\u6b65\u9aa4\uff0c\u4e3a\u5de5\u4f5c\u8d1f\u8f7d\u914d\u7f6e\u5185\u7f6e\u6307\u6807\u5f39\u6027\u4f38\u7f29\u7b56\u7565\u3002
\u5728 \u96c6\u7fa4\u5217\u8868 \u4e2d\u627e\u5230\u76ee\u524d\u96c6\u7fa4\uff0c\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u5de5\u4f5c\u8d1f\u8f7d \uff0c\u627e\u5230\u9700\u8981\u521b\u5efa VPA \u7684\u8d1f\u8f7d\uff0c\u70b9\u51fb\u8be5\u8d1f\u8f7d\u7684\u540d\u79f0\u3002
3. \u70b9\u51fb \u5f39\u6027\u4f38\u7f29 \u9875\u7b7e\uff0c\u67e5\u770b\u5f53\u524d\u96c6\u7fa4\u7684\u5f39\u6027\u4f38\u7f29\u914d\u7f6e\uff0c\u786e\u8ba4\u5df2\u7ecf\u5b89\u88c5\u4e86\u76f8\u5173\u63d2\u4ef6\u5e76\u4e14\u63d2\u4ef6\u662f\u5426\u8fd0\u884c\u6b63\u5e38\u3002
\u70b9\u51fb \u65b0\u5efa\u4f38\u7f29 \u6309\u94ae\uff0c\u5e76\u914d\u7f6e VPA \u5782\u76f4\u4f38\u7f29\u7b56\u7565\u53c2\u6570\u3002
\u5b8c\u6210\u53c2\u6570\u914d\u7f6e\u540e\uff0c\u70b9\u51fb \u786e\u5b9a \u6309\u94ae\uff0c\u81ea\u52a8\u8fd4\u56de\u5f39\u6027\u4f38\u7f29\u8be6\u60c5\u9875\u9762\u3002\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507 \uff0c\u53ef\u4ee5\u6267\u884c\u7f16\u8f91\u3001\u5220\u9664\u64cd\u4f5c\u3002
Note
\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c--min-replicas \u7684\u503c\u4e3a 2\u3002\u8868\u793a\u5f53\u526f\u672c\u6570\u5927\u4e8e 1 \u65f6\uff0cVPA \u624d\u4f1a\u751f\u6548\uff0c \u53ef\u4ee5\u901a\u8fc7\u4fee\u6539 updater \u7684 --min-replicas \u53c2\u6570\u503c\u6765\u6539\u53d8\u8fd9\u4e00\u9ed8\u8ba4\u884c\u4e3a\u3002
spec: \n containers: \n - name: updater \n args: \n - \"--min-replicas=2\"\n
"},{"location":"admin/kpanda/scale/custom-hpa.html","title":"\u57fa\u4e8e\u81ea\u5b9a\u4e49\u6307\u6807\u521b\u5efa HPA","text":"\u5f53\u7cfb\u7edf\u5185\u7f6e\u7684 CPU \u548c\u5185\u5b58\u4e24\u79cd\u6307\u6807\u4e0d\u80fd\u6ee1\u8db3\u60a8\u4e1a\u52a1\u7684\u5b9e\u9645\u9700\u6c42\u65f6\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7\u914d\u7f6e ServiceMonitoring \u6765\u6dfb\u52a0\u81ea\u5b9a\u4e49\u6307\u6807\uff0c \u5e76\u57fa\u4e8e\u81ea\u5b9a\u4e49\u6307\u6807\u5b9e\u73b0\u5f39\u6027\u4f38\u7f29\u3002\u672c\u6587\u5c06\u4ecb\u7ecd\u5982\u4f55\u4e3a\u5de5\u4f5c\u8d1f\u8f7d\u914d\u7f6e\u57fa\u4e8e\u81ea\u5b9a\u4e49\u6307\u6807\u8fdb\u884c\u5f39\u6027\u4f38\u7f29\u3002
Note
\u5728\u4e3a\u5de5\u4f5c\u8d1f\u8f7d\u914d\u7f6e\u81ea\u5b9a\u4e49\u6307\u6807\u5f39\u6027\u4f38\u7f29\u7b56\u7565\u4e4b\u524d\uff0c\u9700\u8981\u6ee1\u8db3\u4ee5\u4e0b\u524d\u63d0\u6761\u4ef6\uff1a
\u53c2\u8003\u4ee5\u4e0b\u6b65\u9aa4\uff0c\u4e3a\u5de5\u4f5c\u8d1f\u8f7d\u914d\u7f6e\u6307\u6807\u5f39\u6027\u4f38\u7f29\u7b56\u7565\u3002
\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u4e0a\u7684 \u96c6\u7fa4\u5217\u8868 \u8fdb\u5165\u96c6\u7fa4\u5217\u8868\u9875\u9762\u3002\u70b9\u51fb\u4e00\u4e2a\u96c6\u7fa4\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u9875\u9762\u3002
\u5728\u96c6\u7fa4\u8be6\u60c5\u9875\u9762\uff0c\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u7684 \u5de5\u4f5c\u8d1f\u8f7d \u8fdb\u5165\u5de5\u4f5c\u8d1f\u8f7d\u5217\u8868\u540e\uff0c\u70b9\u51fb\u4e00\u4e2a\u8d1f\u8f7d\u540d\u79f0\uff0c\u8fdb\u5165 \u5de5\u4f5c\u8d1f\u8f7d\u8be6\u60c5 \u9875\u9762\u3002
\u70b9\u51fb \u5f39\u6027\u4f38\u7f29 \u9875\u7b7e\uff0c\u67e5\u770b\u5f53\u524d\u96c6\u7fa4\u7684\u5f39\u6027\u4f38\u7f29\u914d\u7f6e\u60c5\u51b5\u3002
\u786e\u8ba4\u96c6\u7fa4\u5df2\u5b89\u88c5\u4e86 metrics-server \u3001Insight\u3001Prometheus-adapter \u63d2\u4ef6\u4e14\u63d2\u4ef6\u8fd0\u884c\u72b6\u6001\u4e3a\u6b63\u5e38\u540e\uff0c\u5373\u53ef\u70b9\u51fb \u65b0\u5efa\u4f38\u7f29 \u6309\u94ae\u3002
Note
\u5982\u679c\u76f8\u5173\u63d2\u4ef6\u672a\u5b89\u88c5\u6216\u63d2\u4ef6\u5904\u4e8e\u5f02\u5e38\u72b6\u6001\uff0c\u60a8\u5728\u9875\u9762\u4e0a\u5c06\u65e0\u6cd5\u770b\u89c1\u521b\u5efa\u81ea\u5b9a\u4e49\u6307\u6807\u5f39\u6027\u4f38\u7f29\u5165\u53e3\u3002
\u521b\u5efa\u81ea\u5b9a\u4e49\u6307\u6807\u5f39\u6027\u4f38\u7f29\u7b56\u7565\u53c2\u6570\u3002
\u672c\u6848\u4f8b\u4ee5 Golang \u4e1a\u52a1\u7a0b\u5e8f\u4e3a\u4f8b\uff0c\u8be5\u793a\u4f8b\u7a0b\u5e8f\u66b4\u9732\u4e86 httpserver_requests_total
\u6307\u6807\uff0c\u5e76\u8bb0\u5f55 HTTP \u7684\u8bf7\u6c42\uff0c\u901a\u8fc7\u8be5\u6307\u6807\u53ef\u4ee5\u8ba1\u7b97\u51fa\u4e1a\u52a1\u7a0b\u5e8f\u7684 QPS \u503c\u3002
\u4f7f\u7528 Deployment \u90e8\u7f72\u4e1a\u52a1\u7a0b\u5e8f\uff1a
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: httpserver\n namespace: httpserver\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: httpserver\n template:\n metadata:\n labels:\n app: httpserver\n spec:\n containers:\n - name: httpserver\n image: registry.imroc.cc/test/httpserver:custom-metrics\n imagePullPolicy: Always\n---\n\napiVersion: v1\nkind: Service\nmetadata:\n name: httpserver\n namespace: httpserver\n labels:\n app: httpserver\n annotations:\n prometheus.io/scrape: \"true\"\n prometheus.io/path: \"/metrics\"\n prometheus.io/port: \"http\"\nspec:\n type: ClusterIP\n ports:\n - port: 80\n protocol: TCP\n name: http\n selector:\n app: httpserver\n
"},{"location":"admin/kpanda/scale/custom-hpa.html#prometheus","title":"Prometheus \u91c7\u96c6\u4e1a\u52a1\u76d1\u63a7","text":"\u82e5\u5df2\u5b89\u88c5 insight-agent\uff0c\u53ef\u4ee5\u901a\u8fc7\u521b\u5efa ServiceMonitor \u7684 CRD \u5bf9\u8c61\u914d\u7f6e Prometheus\u3002
\u64cd\u4f5c\u6b65\u9aa4\uff1a\u5728 \u96c6\u7fa4\u8be6\u60c5 -> \u81ea\u5b9a\u4e49\u8d44\u6e90 \u641c\u7d22\u201cservicemonitors.monitoring.coreos.com\"\uff0c\u70b9\u51fb\u540d\u79f0\u8fdb\u5165\u8be6\u60c5\u3002 \u901a\u8fc7\u521b\u5efa YAML\uff0c\u5728\u547d\u540d\u7a7a\u95f4 httpserver \u4e0b\u521b\u5efa\u5982\u4e0b\u793a\u4f8b\u7684 CRD\uff1a
apiVersion: monitoring.coreos.com/v1\nkind: ServiceMonitor\nmetadata:\n name: httpserver\n namespace: httpserver\n labels:\n operator.insight.io/managed-by: insight\nspec:\n endpoints:\n - port: http\n interval: 5s\n namespaceSelector:\n matchNames:\n - httpserver\n selector:\n matchLabels:\n app: httpserver\n
Note
\u82e5\u901a\u8fc7 insight \u5b89\u88c5 Prometheus\uff0c\u5219 serviceMonitor \u4e0a\u5fc5\u987b\u6253\u4e0a operator.insight.io/managed-by: insight
\u8fd9\u4e2a label\uff0c\u901a\u8fc7\u5176\u4ed6\u65b9\u5f0f\u5b89\u88c5\u5219\u65e0\u9700\u6b64 label\u3002
\u64cd\u4f5c\u6b65\u9aa4\uff1a\u5728 \u96c6\u7fa4\u8be6\u60c5 -> Helm \u5e94\u7528 \u641c\u7d22 \u201cprometheus-adapter\"\uff0c\u901a\u8fc7\u64cd\u4f5c\u680f\u8fdb\u5165\u66f4\u65b0\u9875\u9762\uff0c\u5728 YAML \u4e2d\u914d\u7f6e\u81ea\u5b9a\u4e49\u6307\u6807\uff0c\u793a\u4f8b\u5982\u4e0b\uff1a
rules:\n custom:\n - metricsQuery: sum(rate(<<.Series>>{<<.LabelMatchers>>}[1m])) by (<<.GroupBy>>)\n name:\n as: httpserver_requests_qps\n matches: httpserver_requests_total\n resources:\n template: <<.Resource>>\n seriesQuery: httpserver_requests_total\n
"},{"location":"admin/kpanda/scale/custom-hpa.html#_5","title":"\u521b\u5efa\u81ea\u5b9a\u4e49\u6307\u6807\u5f39\u6027\u4f38\u7f29\u7b56\u7565\u53c2\u6570","text":"\u6309\u7167\u4e0a\u8ff0\u6b65\u9aa4\u5728 Deployment \u4e2d\u627e\u5230\u5e94\u7528\u7a0b\u5e8f httpserver \u5e76\u901a\u8fc7\u81ea\u5b9a\u4e49\u6307\u6807\u521b\u5efa\u5f39\u6027\u4f38\u7f29\u3002
"},{"location":"admin/kpanda/scale/hpa-cronhpa-compatibility-rules.html","title":"HPA \u548c CronHPA \u517c\u5bb9\u89c4\u5219","text":"HPA \u5168\u79f0\u4e3a HorizontalPodAutoscaler\uff0c\u5373 Pod \u6c34\u5e73\u81ea\u52a8\u4f38\u7f29\u3002
CronHPA \u5168\u79f0\u4e3a Cron HorizontalPodAutoscaler\uff0c\u5373 Pod \u5b9a\u65f6\u7684\u6c34\u5e73\u81ea\u52a8\u4f38\u7f29\u3002
"},{"location":"admin/kpanda/scale/hpa-cronhpa-compatibility-rules.html#cronhpa-hpa","title":"CronHPA \u548c HPA \u517c\u5bb9\u51b2\u7a81","text":"\u5b9a\u65f6\u4f38\u7f29 CronHPA \u901a\u8fc7\u8bbe\u7f6e\u5b9a\u65f6\u7684\u65b9\u5f0f\u89e6\u53d1\u5bb9\u5668\u7684\u6c34\u5e73\u526f\u672c\u4f38\u7f29\u3002\u4e3a\u4e86\u9632\u6b62\u7a81\u53d1\u7684\u6d41\u91cf\u51b2\u51fb\u7b49\u72b6\u51b5\uff0c \u60a8\u53ef\u80fd\u5df2\u7ecf\u914d\u7f6e HPA \u4fdd\u969c\u5e94\u7528\u7684\u6b63\u5e38\u8fd0\u884c\u3002\u5982\u679c\u540c\u65f6\u68c0\u6d4b\u5230\u4e86 HPA \u548c CronHPA \u7684\u5b58\u5728\uff0c \u7531\u4e8e CronHPA \u548c HPA \u76f8\u4e92\u72ec\u7acb\u65e0\u6cd5\u611f\u77e5\uff0c\u5c31\u4f1a\u51fa\u73b0\u4e24\u4e2a\u63a7\u5236\u5668\u5404\u81ea\u5de5\u4f5c\uff0c\u540e\u6267\u884c\u7684\u64cd\u4f5c\u4f1a\u8986\u76d6\u5148\u6267\u884c\u7684\u64cd\u4f5c\u3002
\u5bf9\u6bd4 CronHPA \u548c HPA \u7684\u5b9a\u4e49\u6a21\u677f\uff0c\u53ef\u4ee5\u89c2\u5bdf\u5230\u4ee5\u4e0b\u51e0\u70b9\uff1a
Note
\u5982\u679c\u540c\u65f6\u8bbe\u7f6e CronHPA \u548c HPA\uff0c\u4f1a\u51fa\u73b0 CronHPA \u548c HPA \u540c\u65f6\u64cd\u4f5c\u4e00\u4e2a scaleTargetRef \u7684\u573a\u666f\u3002
"},{"location":"admin/kpanda/scale/hpa-cronhpa-compatibility-rules.html#cronhpa-hpa_1","title":"CronHPA \u548c HPA \u517c\u5bb9\u65b9\u6848","text":"\u4ece\u4e0a\u6587\u53ef\u77e5\uff0cCronHPA \u548c HPA \u540c\u65f6\u4f7f\u7528\u4f1a\u5bfc\u81f4\u540e\u6267\u884c\u7684\u64cd\u4f5c\u8986\u76d6\u5148\u6267\u884c\u64cd\u4f5c\u7684\u672c\u8d28\u539f\u56e0\u662f\u4e24\u4e2a\u63a7\u5236\u5668\u65e0\u6cd5\u76f8\u4e92\u611f\u77e5\uff0c \u90a3\u4e48\u53ea\u9700\u8981\u8ba9 CronHPA \u611f\u77e5 HPA \u7684\u5f53\u524d\u72b6\u6001\u5c31\u80fd\u89e3\u51b3\u51b2\u7a81\u95ee\u9898\u3002
\u7cfb\u7edf\u4f1a\u5c06 HPA \u4f5c\u4e3a\u5b9a\u65f6\u4f38\u7f29 CronHPA \u7684\u6269\u7f29\u5bb9\u5bf9\u8c61\uff0c\u4ece\u800c\u5b9e\u73b0\u5bf9\u8be5 HPA \u5b9a\u4e49\u7684 Deployment \u5bf9\u8c61\u7684\u5b9a\u65f6\u6269\u7f29\u5bb9\u3002
HPA \u7684\u5b9a\u4e49\u5c06 Deployment \u914d\u7f6e\u5728 scaleTargetRef \u5b57\u6bb5\u4e0b\uff0c\u7136\u540e Deployment \u901a\u8fc7\u81ea\u8eab\u5b9a\u4e49\u67e5\u627e ReplicaSet\uff0c\u6700\u540e\u901a\u8fc7 ReplicaSet \u8c03\u6574\u771f\u5b9e\u7684\u526f\u672c\u6570\u76ee\u3002
\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u5c06 CronHPA \u4e2d\u7684 scaleTargetRef \u8bbe\u7f6e\u4e3a HPA \u5bf9\u8c61\uff0c\u7136\u540e\u901a\u8fc7 HPA \u5bf9\u8c61\u6765\u5bfb\u627e\u771f\u5b9e\u7684 scaleTargetRef\uff0c\u4ece\u800c\u8ba9 CronHPA \u611f\u77e5 HPA \u7684\u5f53\u524d\u72b6\u6001\u3002
CronHPA \u4f1a\u901a\u8fc7\u8c03\u6574 HPA \u7684\u65b9\u5f0f\u611f\u77e5 HPA\u3002CronHPA \u901a\u8fc7\u8bc6\u522b\u8981\u8fbe\u5230\u7684\u526f\u672c\u6570\u4e0e\u5f53\u524d\u526f\u672c\u6570\u4e24\u8005\u95f4\u7684\u8f83\u5927\u503c\uff0c \u5224\u65ad\u662f\u5426\u9700\u8981\u6269\u7f29\u5bb9\u53ca\u4fee\u6539 HPA \u7684\u4e0a\u9650\uff1bCronHPA \u901a\u8fc7\u8bc6\u522b CronHPA \u8981\u8fbe\u5230\u7684\u526f\u672c\u6570\u4e0e HPA \u7684\u914d\u7f6e\u95f4\u7684\u8f83\u5c0f\u503c\uff0c\u5224\u65ad\u662f\u5426\u9700\u8981\u4fee\u6539 HPA \u7684\u4e0b\u9650\u3002
"},{"location":"admin/kpanda/scale/install-cronhpa.html","title":"\u5b89\u88c5 kubernetes-cronhpa-controller \u63d2\u4ef6","text":"\u5bb9\u5668\u526f\u672c\u5b9a\u65f6\u6c34\u5e73\u6269\u7f29\u5bb9\u7b56\u7565\uff08CronHPA\uff09\u80fd\u591f\u4e3a\u5468\u671f\u6027\u9ad8\u5e76\u53d1\u5e94\u7528\u63d0\u4f9b\u7a33\u5b9a\u7684\u8ba1\u7b97\u8d44\u6e90\u4fdd\u969c\uff0c kubernetes-cronhpa-controller \u5219\u662f\u5b9e\u73b0 CronHPA \u7684\u5173\u952e\u7ec4\u4ef6\u3002
\u672c\u8282\u4ecb\u7ecd\u5982\u4f55\u5b89\u88c5 kubernetes-cronhpa-controller \u63d2\u4ef6\u3002
Note
\u4e3a\u4e86\u4f7f\u7528 CornHPA\uff0c\u4e0d\u4ec5\u9700\u8981\u5b89\u88c5 kubernetes-cronhpa-controller \u63d2\u4ef6\uff0c\u8fd8\u8981\u5b89\u88c5 metrics-server \u63d2\u4ef6\u3002
"},{"location":"admin/kpanda/scale/install-cronhpa.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u5b89\u88c5 kubernetes-cronhpa-controller \u63d2\u4ef6\u4e4b\u524d\uff0c\u9700\u8981\u6ee1\u8db3\u4ee5\u4e0b\u524d\u63d0\u6761\u4ef6\uff1a
\u5728\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u4e2d\u63a5\u5165 Kubernetes \u96c6\u7fa4\u6216\u8005\u521b\u5efa Kubernetes \u96c6\u7fa4\uff0c\u4e14\u80fd\u591f\u8bbf\u95ee\u96c6\u7fa4\u7684 UI \u754c\u9762\u3002
\u521b\u5efa\u4e00\u4e2a\u547d\u540d\u7a7a\u95f4\u3002
\u5f53\u524d\u64cd\u4f5c\u7528\u6237\u5e94\u5177\u6709 NS Editor \u6216\u66f4\u9ad8\u6743\u9650\uff0c\u8be6\u60c5\u53ef\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u6388\u6743\u3002
\u53c2\u8003\u5982\u4e0b\u6b65\u9aa4\u4e3a\u96c6\u7fa4\u5b89\u88c5 kubernetes-cronhpa-controller \u63d2\u4ef6\u3002
\u5728 \u96c6\u7fa4\u5217\u8868 \u9875\u9762\u627e\u5230\u9700\u8981\u5b89\u88c5\u6b64\u63d2\u4ef6\u7684\u76ee\u6807\u96c6\u7fa4\uff0c\u70b9\u51fb\u8be5\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u7136\u540e\u5728\u5de6\u4fa7\u70b9\u51fb \u5de5\u4f5c\u8d1f\u8f7d -> \u65e0\u72b6\u6001\u5de5\u4f5c\u8d1f\u8f7d \uff0c\u70b9\u51fb\u76ee\u6807\u5de5\u4f5c\u8d1f\u8f7d\u7684\u540d\u79f0\u3002
\u5728\u5de5\u4f5c\u8d1f\u8f7d\u8be6\u60c5\u9875\u9762\uff0c\u70b9\u51fb \u5f39\u6027\u4f38\u7f29 \u9875\u7b7e\uff0c\u5728 CronHPA \u53f3\u4fa7\u70b9\u51fb \u5b89\u88c5 \u3002
\u9605\u8bfb\u8be5\u63d2\u4ef6\u7684\u76f8\u5173\u4ecb\u7ecd\uff0c\u9009\u62e9\u7248\u672c\u540e\u70b9\u51fb \u5b89\u88c5 \u6309\u94ae\u3002\u63a8\u8350\u5b89\u88c5 1.3.0 \u6216\u66f4\u9ad8\u7248\u672c\u3002
\u53c2\u8003\u4ee5\u4e0b\u8bf4\u660e\u914d\u7f6e\u53c2\u6570\u3002
Note
\u5f00\u542f \u5c31\u7eea\u7b49\u5f85 \u548c/\u6216 \u5931\u8d25\u5220\u9664 \u540e\uff0c\u5e94\u7528\u9700\u8981\u8f83\u957f\u65f6\u95f4\u624d\u4f1a\u88ab\u6807\u8bb0\u4e3a\u201c\u8fd0\u884c\u4e2d\u201d\u72b6\u6001\u3002
\u5728\u9875\u9762\u53f3\u4e0b\u89d2\u70b9\u51fb \u786e\u5b9a \uff0c\u7cfb\u7edf\u5c06\u81ea\u52a8\u8df3\u8f6c\u81f3 Helm \u5e94\u7528 \u5217\u8868\u9875\u9762\u3002\u7a0d\u7b49\u51e0\u5206\u949f\u540e\u5237\u65b0\u9875\u9762\u4f5c\uff0c\u5373\u53ef\u770b\u5230\u521a\u521a\u5b89\u88c5\u7684\u5e94\u7528\u3002
Warning
\u5982\u9700\u5220\u9664 kubernetes-cronhpa-controller \u63d2\u4ef6\uff0c\u5e94\u5728 Helm \u5e94\u7528 \u5217\u8868\u9875\u9762\u624d\u80fd\u5c06\u5176\u5f7b\u5e95\u5220\u9664\u3002
\u5982\u679c\u5728\u5de5\u4f5c\u8d1f\u8f7d\u7684 \u5f39\u6027\u4f38\u7f29 \u9875\u7b7e\u4e0b\u5220\u9664\u63d2\u4ef6\uff0c\u8fd9\u53ea\u662f\u5220\u9664\u4e86\u8be5\u63d2\u4ef6\u7684\u5de5\u4f5c\u8d1f\u8f7d\u526f\u672c\uff0c\u63d2\u4ef6\u672c\u8eab\u4ecd\u672a\u5220\u9664\uff0c\u540e\u7eed\u91cd\u65b0\u5b89\u88c5\u8be5\u63d2\u4ef6\u65f6\u4e5f\u4f1a\u63d0\u793a\u9519\u8bef\u3002
\u56de\u5230\u5de5\u4f5c\u8d1f\u8f7d\u8be6\u60c5\u9875\u9762\u4e0b\u7684 \u5f39\u6027\u4f38\u7f29 \u9875\u7b7e\uff0c\u53ef\u4ee5\u770b\u5230\u754c\u9762\u663e\u793a \u63d2\u4ef6\u5df2\u5b89\u88c5 \u3002\u73b0\u5728\u53ef\u4ee5\u5f00\u59cb\u521b\u5efa CronHPA \u7b56\u7565\u4e86\u3002
metrics-server \u662f Kubernetes \u5185\u7f6e\u7684\u8d44\u6e90\u4f7f\u7528\u6307\u6807\u91c7\u96c6\u7ec4\u4ef6\u3002 \u60a8\u53ef\u4ee5\u901a\u8fc7\u914d\u7f6e\u5f39\u6027\u4f38\u7f29\uff08HPA\uff09\u7b56\u7565\u6765\u5b9e\u73b0\u5de5\u4f5c\u8d1f\u8f7d\u8d44\u6e90\u81ea\u52a8\u6c34\u5e73\u4f38\u7f29 Pod \u526f\u672c\u3002
\u672c\u8282\u4ecb\u7ecd\u5982\u4f55\u5b89\u88c5 metrics-server \u3002
"},{"location":"admin/kpanda/scale/install-metrics-server.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u5b89\u88c5 metrics-server \u63d2\u4ef6\u524d\uff0c\u9700\u8981\u6ee1\u8db3\u4ee5\u4e0b\u524d\u63d0\u6761\u4ef6\uff1a
\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u5df2\u63a5\u5165 Kubernetes \u96c6\u7fa4\u6216\u8005\u5df2\u521b\u5efa Kubernetes \u96c6\u7fa4\uff0c\u4e14\u80fd\u591f\u8bbf\u95ee\u96c6\u7fa4\u7684 UI \u754c\u9762\u3002
\u5df2\u5b8c\u6210\u4e00\u4e2a\u547d\u540d\u7a7a\u95f4\u7684\u521b\u5efa\u3002
\u5f53\u524d\u64cd\u4f5c\u7528\u6237\u5e94\u5177\u6709 NS Editor \u6216\u66f4\u9ad8\u6743\u9650\uff0c\u8be6\u60c5\u53ef\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u6388\u6743\u3002
\u8bf7\u6267\u884c\u5982\u4e0b\u6b65\u9aa4\u4e3a\u96c6\u7fa4\u5b89\u88c5 metrics-server \u63d2\u4ef6\u3002
\u5728\u5de5\u4f5c\u8d1f\u8f7d\u8be6\u60c5\u4e0b\u7684\u5f39\u6027\u4f38\u7f29\u9875\u9762\uff0c\u70b9\u51fb \u53bb\u5b89\u88c5 \uff0c\u8fdb\u5165 metrics-server \u63d2\u4ef6\u5b89\u88c5\u754c\u9762\u3002
\u9605\u8bfb metrics-server \u63d2\u4ef6\u76f8\u5173\u4ecb\u7ecd\uff0c\u9009\u62e9\u7248\u672c\u540e\u70b9\u51fb \u5b89\u88c5 \u6309\u94ae\u3002\u672c\u6587\u5c06\u4ee5 3.8.2 \u7248\u672c\u4e3a\u4f8b\u8fdb\u884c\u5b89\u88c5\uff0c\u63a8\u8350\u60a8\u5b89\u88c5 3.8.2 \u53ca\u66f4\u9ad8\u7248\u672c\u3002
\u5728\u5b89\u88c5\u914d\u7f6e\u754c\u9762\u914d\u7f6e\u57fa\u672c\u53c2\u6570\u3002
Note
\u5f00\u542f \u5c31\u7eea\u7b49\u5f85 \u548c/\u6216 \u5931\u8d25\u5220\u9664 \u540e\uff0c\u5e94\u7528\u9700\u8981\u7ecf\u8fc7\u8f83\u957f\u65f6\u95f4\u624d\u4f1a\u88ab\u6807\u8bb0\u4e3a \u8fd0\u884c\u4e2d \u72b6\u6001\u3002
\u9ad8\u7ea7\u53c2\u6570\u914d\u7f6e
\u5982\u679c\u96c6\u7fa4\u7f51\u7edc\u65e0\u6cd5\u8bbf\u95ee k8s.gcr.io
\u4ed3\u5e93\uff0c\u8bf7\u5c1d\u8bd5\u4fee\u6539 repositort
\u53c2\u6570\u4e3a repository: k8s.m.daocloud.io/metrics-server/metrics-server
\u5b89\u88c5 metrics-server \u63d2\u4ef6\u8fd8\u9700\u63d0\u4f9b SSL \u8bc1\u4e66\u3002\u5982\u9700\u7ed5\u8fc7\u8bc1\u4e66\u6821\u9a8c\uff0c\u9700\u8981\u5728 defaultArgs:
\u5904\u6dfb\u52a0 - --kubelet-insecure-tls
\u53c2\u6570\u3002
image:\n repository: k8s.m.daocloud.io/metrics-server/metrics-server # \u5c06\u4ed3\u5e93\u6e90\u5730\u5740\u4fee\u6539\u4e3a k8s.m.daocloud.io\n tag: ''\n pullPolicy: IfNotPresent\nimagePullSecrets: []\nnameOverride: ''\nfullnameOverride: ''\nserviceAccount:\n create: true\n annotations: {}\n name: ''\nrbac:\n create: true\n pspEnabled: false\napiService:\n create: true\npodLabels: {}\npodAnnotations: {}\npodSecurityContext: {}\nsecurityContext:\n allowPrivilegeEscalation: false\n readOnlyRootFilesystem: true\n runAsNonRoot: true\n runAsUser: 1000\npriorityClassName: system-cluster-critical\ncontainerPort: 4443\nhostNetwork:\n enabled: false\nreplicas: 1\nupdateStrategy: {}\npodDisruptionBudget:\n enabled: false\n minAvailable: null\n maxUnavailable: null\ndefaultArgs:\n - '--cert-dir=/tmp'\n - '--kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname'\n - '--kubelet-use-node-status-port'\n - '--metric-resolution=15s'\n - --kubelet-insecure-tls # \u7ed5\u8fc7\u8bc1\u4e66\u6821\u9a8c\nargs: []\nlivenessProbe:\n httpGet:\n path: /livez\n port: https\n scheme: HTTPS\n initialDelaySeconds: 0\n periodSeconds: 10\n failureThreshold: 3\nreadinessProbe:\n httpGet:\n path: /readyz\n port: https\n scheme: HTTPS\n initialDelaySeconds: 20\n periodSeconds: 10\n failureThreshold: 3\nservice:\n type: ClusterIP\n port: 443\n annotations: {}\n labels: {}\nmetrics:\n enabled: false\nserviceMonitor:\n enabled: false\n additionalLabels: {}\n interval: 1m\n scrapeTimeout: 10s\nresources: {}\nextraVolumeMounts: []\nextraVolumes: []\nnodeSelector: {}\ntolerations: []\naffinity: {}\n
\u70b9\u51fb \u786e\u5b9a \u6309\u94ae\uff0c\u5b8c\u6210 metrics-server \u63d2\u4ef6\u7684\u5b89\u88c5\uff0c\u4e4b\u540e\u7cfb\u7edf\u5c06\u81ea\u52a8\u8df3\u8f6c\u81f3 Helm \u5e94\u7528 \u5217\u8868\u9875\u9762\uff0c \u7a0d\u7b49\u51e0\u5206\u949f\u540e\uff0c\u4e3a\u9875\u9762\u6267\u884c\u5237\u65b0\u64cd\u4f5c\uff0c\u5373\u53ef\u770b\u5230\u521a\u521a\u5b89\u88c5\u7684\u5e94\u7528\u3002
Note
\u5220\u9664 metrics-server \u63d2\u4ef6\u65f6\uff0c\u5728 Helm \u5e94\u7528 \u5217\u8868\u9875\u9762\u624d\u80fd\u5f7b\u5e95\u5220\u9664\u8be5\u63d2\u4ef6\u3002\u5982\u679c\u4ec5\u5728\u5de5\u4f5c\u8d1f\u8f7d\u9875\u9762\u5220\u9664 metrics-server \uff0c \u8fd9\u53ea\u662f\u5220\u9664\u4e86\u8be5\u5e94\u7528\u7684\u5de5\u4f5c\u8d1f\u8f7d\u526f\u672c\uff0c\u5e94\u7528\u672c\u8eab\u4ecd\u672a\u5220\u9664\uff0c\u540e\u7eed\u91cd\u65b0\u5b89\u88c5\u8be5\u63d2\u4ef6\u65f6\u4e5f\u4f1a\u63d0\u793a\u9519\u8bef\u3002
"},{"location":"admin/kpanda/scale/install-vpa.html","title":"\u5b89\u88c5 vpa \u63d2\u4ef6","text":"\u5bb9\u5668\u5782\u76f4\u6269\u7f29\u5bb9\u7b56\u7565\uff08Vertical Pod Autoscaler, VPA\uff09\u80fd\u591f\u8ba9\u96c6\u7fa4\u7684\u8d44\u6e90\u914d\u7f6e\u66f4\u52a0\u5408\u7406\uff0c\u907f\u514d\u96c6\u7fa4\u8d44\u6e90\u6d6a\u8d39\u3002 vpa \u5219\u662f\u5b9e\u73b0\u5bb9\u5668\u5782\u76f4\u6269\u7f29\u5bb9\u7684\u5173\u952e\u7ec4\u4ef6\u3002
\u672c\u8282\u4ecb\u7ecd\u5982\u4f55\u5b89\u88c5 vpa \u63d2\u4ef6\u3002
\u4e3a\u4e86\u4f7f\u7528 VPA \u7b56\u7565\uff0c\u4e0d\u4ec5\u9700\u8981\u5b89\u88c5 __vpa__ \u63d2\u4ef6\uff0c\u8fd8\u8981[\u5b89\u88c5 __metrics-server__ \u63d2\u4ef6](install-metrics-server.md)\u3002\n
"},{"location":"admin/kpanda/scale/install-vpa.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u5b89\u88c5 vpa \u63d2\u4ef6\u4e4b\u524d\uff0c\u9700\u8981\u6ee1\u8db3\u4ee5\u4e0b\u524d\u63d0\u6761\u4ef6\uff1a
\u5728\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u4e2d\u63a5\u5165 Kubernetes \u96c6\u7fa4\u6216\u8005\u521b\u5efa Kubernetes \u96c6\u7fa4\uff0c\u4e14\u80fd\u591f\u8bbf\u95ee\u96c6\u7fa4\u7684 UI \u754c\u9762\u3002
\u521b\u5efa\u4e00\u4e2a\u547d\u540d\u7a7a\u95f4\u3002
\u5f53\u524d\u64cd\u4f5c\u7528\u6237\u5e94\u5177\u6709 NS Editor \u6216\u66f4\u9ad8\u6743\u9650\uff0c\u8be6\u60c5\u53ef\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u6388\u6743\u3002
\u53c2\u8003\u5982\u4e0b\u6b65\u9aa4\u4e3a\u96c6\u7fa4\u5b89\u88c5 vpa \u63d2\u4ef6\u3002
\u5728 \u96c6\u7fa4\u5217\u8868 \u9875\u9762\u627e\u5230\u9700\u8981\u5b89\u88c5\u6b64\u63d2\u4ef6\u7684\u76ee\u6807\u96c6\u7fa4\uff0c\u70b9\u51fb\u8be5\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u7136\u540e\u5728\u5de6\u4fa7\u70b9\u51fb \u5de5\u4f5c\u8d1f\u8f7d -> \u65e0\u72b6\u6001\u5de5\u4f5c\u8d1f\u8f7d \uff0c\u70b9\u51fb\u76ee\u6807\u5de5\u4f5c\u8d1f\u8f7d\u7684\u540d\u79f0\u3002
\u5728\u5de5\u4f5c\u8d1f\u8f7d\u8be6\u60c5\u9875\u9762\uff0c\u70b9\u51fb \u5f39\u6027\u4f38\u7f29 \u9875\u7b7e\uff0c\u5728 VPA \u53f3\u4fa7\u70b9\u51fb \u5b89\u88c5 \u3002
3. \u9605\u8bfb\u8be5\u63d2\u4ef6\u7684\u76f8\u5173\u4ecb\u7ecd\uff0c\u9009\u62e9\u7248\u672c\u540e\u70b9\u51fb \u5b89\u88c5 \u6309\u94ae\u3002\u63a8\u8350\u5b89\u88c5 1.5.0 \u6216\u66f4\u9ad8\u7248\u672c\u3002
4. \u67e5\u770b\u4ee5\u4e0b\u8bf4\u660e\u914d\u7f6e\u53c2\u6570\u3002
- \u540d\u79f0\uff1a\u8f93\u5165\u63d2\u4ef6\u540d\u79f0\uff0c\u8bf7\u6ce8\u610f\u540d\u79f0\u6700\u957f 63 \u4e2a\u5b57\u7b26\uff0c\u53ea\u80fd\u5305\u542b\u5c0f\u5199\u5b57\u6bcd\u3001\u6570\u5b57\u53ca\u5206\u9694\u7b26\uff08\u201c-\u201d\uff09\uff0c\u4e14\u5fc5\u987b\u4ee5\u5c0f\u5199\u5b57\u6bcd\u6216\u6570\u5b57\u5f00\u5934\u53ca\u7ed3\u5c3e\uff0c\u4f8b\u5982 kubernetes-cronhpa-controller\u3002 - \u547d\u540d\u7a7a\u95f4\uff1a\u9009\u62e9\u5c06\u63d2\u4ef6\u5b89\u88c5\u5728\u54ea\u4e2a\u547d\u540d\u7a7a\u95f4\uff0c\u6b64\u5904\u4ee5 default \u4e3a\u4f8b\u3002 - \u7248\u672c\uff1a\u63d2\u4ef6\u7684\u7248\u672c\uff0c\u6b64\u5904\u4ee5 4.5.0 \u7248\u672c\u4e3a\u4f8b\u3002 - \u5c31\u7eea\u7b49\u5f85\uff1a\u542f\u7528\u540e\uff0c\u5c06\u7b49\u5f85\u5e94\u7528\u4e0b\u7684\u6240\u6709\u5173\u8054\u8d44\u6e90\u90fd\u5904\u4e8e\u5c31\u7eea\u72b6\u6001\uff0c\u624d\u4f1a\u6807\u8bb0\u5e94\u7528\u5b89\u88c5\u6210\u529f\u3002 - \u5931\u8d25\u5220\u9664\uff1a\u5982\u679c\u63d2\u4ef6\u5b89\u88c5\u5931\u8d25\uff0c\u5219\u5220\u9664\u5df2\u7ecf\u5b89\u88c5\u7684\u5173\u8054\u8d44\u6e90\u3002\u5f00\u542f\u540e\uff0c\u5c06\u9ed8\u8ba4\u540c\u6b65\u5f00\u542f \u5c31\u7eea\u7b49\u5f85 \u3002 - \u8be6\u60c5\u65e5\u5fd7\uff1a\u5f00\u542f\u540e\uff0c\u5c06\u8bb0\u5f55\u5b89\u88c5\u8fc7\u7a0b\u7684\u8be6\u7ec6\u65e5\u5fd7\u3002
Note
\u5f00\u542f \u5c31\u7eea\u7b49\u5f85 \u548c/\u6216 \u5931\u8d25\u5220\u9664 \u540e\uff0c\u5e94\u7528\u9700\u8981\u7ecf\u8fc7\u8f83\u957f\u65f6\u95f4\u624d\u4f1a\u88ab\u6807\u8bb0\u4e3a\u201c\u8fd0\u884c\u4e2d\u201d\u72b6\u6001\u3002
\u5728\u9875\u9762\u53f3\u4e0b\u89d2\u70b9\u51fb \u786e\u5b9a \uff0c\u7cfb\u7edf\u5c06\u81ea\u52a8\u8df3\u8f6c\u81f3 Helm \u5e94\u7528 \u5217\u8868\u9875\u9762\u3002\u7a0d\u7b49\u51e0\u5206\u949f\u540e\u5237\u65b0\u9875\u9762\u4f5c\uff0c\u5373\u53ef\u770b\u5230\u521a\u521a\u5b89\u88c5\u7684\u5e94\u7528\u3002
Warning
\u5982\u9700\u5220\u9664 vpa \u63d2\u4ef6\uff0c\u5e94\u5728 Helm \u5e94\u7528 \u5217\u8868\u9875\u9762\u624d\u80fd\u5c06\u5176\u5f7b\u5e95\u5220\u9664\u3002
\u5982\u679c\u5728\u5de5\u4f5c\u8d1f\u8f7d\u7684 \u5f39\u6027\u4f38\u7f29 \u9875\u7b7e\u4e0b\u5220\u9664\u63d2\u4ef6\uff0c\u8fd9\u53ea\u662f\u5220\u9664\u4e86\u8be5\u63d2\u4ef6\u7684\u5de5\u4f5c\u8d1f\u8f7d\u526f\u672c\uff0c\u63d2\u4ef6\u672c\u8eab\u4ecd\u672a\u5220\u9664\uff0c\u540e\u7eed\u91cd\u65b0\u5b89\u88c5\u8be5\u63d2\u4ef6\u65f6\u4e5f\u4f1a\u63d0\u793a\u9519\u8bef\u3002
\u56de\u5230\u5de5\u4f5c\u8d1f\u8f7d\u8be6\u60c5\u9875\u9762\u4e0b\u7684 \u5f39\u6027\u4f38\u7f29 \u9875\u7b7e\uff0c\u53ef\u4ee5\u770b\u5230\u754c\u9762\u663e\u793a \u63d2\u4ef6\u5df2\u5b89\u88c5 \u3002\u73b0\u5728\u53ef\u4ee5\u5f00\u59cb\u521b\u5efa VPA \u7b56\u7565\u4e86\u3002
Knative \u662f\u4e00\u4e2a\u9762\u5411\u65e0\u670d\u52a1\u5668\u90e8\u7f72\u7684\u8de8\u5e73\u53f0\u89e3\u51b3\u65b9\u6848\u3002
\u767b\u5f55\u96c6\u7fa4\uff0c\u70b9\u51fb\u4fa7\u8fb9\u680f Helm \u5e94\u7528 -> Helm \u6a21\u677f \uff0c\u5728\u53f3\u4fa7\u4e0a\u65b9\u641c\u7d22\u6846\u8f93\u5165 knative \uff0c\u7136\u540e\u6309\u56de\u8f66\u952e\u641c\u7d22\u3002
\u70b9\u51fb\u641c\u7d22\u51fa\u7684 knative-operator \uff0c\u8fdb\u5165\u5b89\u88c5\u914d\u7f6e\u754c\u9762\u3002\u4f60\u53ef\u4ee5\u5728\u8be5\u754c\u9762\u67e5\u770b\u53ef\u7528\u7248\u672c\u4ee5\u53ca Helm values \u7684 Parameters \u53ef\u9009\u9879\u3002
\u70b9\u51fb\u5b89\u88c5\u6309\u94ae\u540e\uff0c\u8fdb\u5165\u5b89\u88c5\u914d\u7f6e\u754c\u9762\u3002
\u8f93\u5165\u540d\u79f0\uff0c\u5b89\u88c5\u79df\u6237\uff0c\u5efa\u8bae\u52fe\u9009 \u5c31\u7eea\u7b49\u5f85 \u548c \u8be6\u7ec6\u65e5\u5fd7 \u3002
\u5728\u4e0b\u65b9\u8bbe\u7f6e\uff0c\u53ef\u4ee5\u52fe\u9009 Serving \uff0c\u5e76\u8f93\u5165 Knative Serving \u7ec4\u4ef6\u7684\u5b89\u88c5\u79df\u6237\uff0c\u4f1a\u5728\u5b89\u88c5\u540e\u90e8\u7f72 Knative Serving \u7ec4\u4ef6\uff0c\u8be5\u7ec4\u4ef6\u7531 Knative Operator \u7ba1\u7406\u3002
Knative \u63d0\u4f9b\u4e86\u4e00\u79cd\u66f4\u9ad8\u5c42\u6b21\u7684\u62bd\u8c61\uff0c\u7b80\u5316\u5e76\u52a0\u901f\u4e86\u5728 Kubernetes \u4e0a\u6784\u5efa\u3001\u90e8\u7f72\u548c\u7ba1\u7406\u5e94\u7528\u7684\u8fc7\u7a0b\u3002\u5b83\u4f7f\u5f97\u5f00\u53d1\u4eba\u5458\u80fd\u591f\u66f4\u4e13\u6ce8\u4e8e\u4e1a\u52a1\u903b\u8f91\u7684\u5b9e\u73b0\uff0c\u800c\u5c06\u5927\u90e8\u5206\u57fa\u7840\u8bbe\u65bd\u548c\u8fd0\u7ef4\u5de5\u4f5c\u4ea4\u7ed9 Knative \u53bb\u5904\u7406\uff0c\u4ece\u800c\u663e\u8457\u63d0\u9ad8\u751f\u4ea7\u529b\u3002
"},{"location":"admin/kpanda/scale/knative/knative.html#_1","title":"\u7ec4\u4ef6","text":"knative-operator \u8fd0\u884c\u7ec4\u4ef6\u5982\u4e0b\u3002
knative-operator knative-operator-58f7d7db5c-7f6r5 1/1 Running 0 6m55s\nknative-operator operator-webhook-667dc67bc-qvrv4 1/1 Running 0 6m55s\n
knative-serving \u7ec4\u4ef6\u5982\u4e0b\u3002
knative-serving 3scale-kourier-gateway-d69fbfbd-bd8d8 1/1 Running 0 7m13s\nknative-serving activator-7c6fddd698-wdlng 1/1 Running 0 7m3s\nknative-serving autoscaler-8f4b876bb-kd25p 1/1 Running 0 7m17s\nknative-serving autoscaler-hpa-5f7f74679c-vkc7p 1/1 Running 0 7m15s\nknative-serving controller-789c896c46-tfvsv 1/1 Running 0 7m17s\nknative-serving net-kourier-controller-7db578c889-7gd5l 1/1 Running 0 7m14s\nknative-serving webhook-5c88b94c5-78x7m 1/1 Running 0 7m1s\nknative-serving storage-version-migration-serving-serving-1.12.2-t7zvd 0/1 Completed 0 7m15s\n
\u7ec4\u4ef6 \u4f5c\u7528 Activator \u5bf9\u8bf7\u6c42\u6392\u961f\uff08\u5982\u679c\u4e00\u4e2a Knative Service \u5df2\u7ecf\u7f29\u51cf\u5230\u96f6\uff09\u3002\u8c03\u7528 autoscaler\uff0c\u5c06\u7f29\u51cf\u5230 0 \u7684\u670d\u52a1\u6062\u590d\u5e76\u8f6c\u53d1\u6392\u961f\u7684\u8bf7\u6c42\u3002Activator \u8fd8\u53ef\u4ee5\u5145\u5f53\u8bf7\u6c42\u7f13\u51b2\u5668\uff0c\u5904\u7406\u7a81\u53d1\u6d41\u91cf\u3002 Autoscaler Autoscaler \u8d1f\u8d23\u6839\u636e\u914d\u7f6e\u3001\u6307\u6807\u548c\u8fdb\u5165\u7684\u8bf7\u6c42\u6765\u7f29\u653e Knative \u670d\u52a1\u3002 Controller \u7ba1\u7406 Knative CR \u7684\u72b6\u6001\u3002\u5b83\u4f1a\u76d1\u89c6\u591a\u4e2a\u5bf9\u8c61\uff0c\u7ba1\u7406\u4f9d\u8d56\u8d44\u6e90\u7684\u751f\u547d\u5468\u671f\uff0c\u5e76\u66f4\u65b0\u8d44\u6e90\u72b6\u6001\u3002 Queue-Proxy Sidecar \u5bb9\u5668\uff0c\u6bcf\u4e2a Knative Service \u90fd\u4f1a\u6ce8\u5165\u4e00\u4e2a\u3002\u8d1f\u8d23\u6536\u96c6\u6d41\u91cf\u6570\u636e\u5e76\u62a5\u544a\u7ed9 Autoscaler\uff0cAutoscaler \u6839\u636e\u8fd9\u4e9b\u6570\u636e\u548c\u9884\u8bbe\u7684\u89c4\u5219\u6765\u53d1\u8d77\u6269\u5bb9\u6216\u7f29\u5bb9\u8bf7\u6c42\u3002 Webhooks Knative Serving \u6709\u51e0\u4e2a Webhooks \u8d1f\u8d23\u9a8c\u8bc1\u548c\u53d8\u66f4 Knative \u8d44\u6e90\u3002"},{"location":"admin/kpanda/scale/knative/knative.html#ingress","title":"Ingress \u6d41\u91cf\u5165\u53e3\u65b9\u6848","text":"\u65b9\u6848 \u9002\u7528\u573a\u666f Istio \u5982\u679c\u5df2\u7ecf\u7528\u4e86 Istio\uff0c\u53ef\u4ee5\u9009\u62e9 Istio \u4f5c\u4e3a\u6d41\u91cf\u5165\u53e3\u65b9\u6848\u3002 Contour \u5982\u679c\u96c6\u7fa4\u4e2d\u5df2\u7ecf\u542f\u7528\u4e86 Contour\uff0c\u53ef\u4ee5\u9009\u62e9 Contour \u4f5c\u4e3a\u6d41\u91cf\u5165\u53e3\u65b9\u6848\u3002 Kourier \u5982\u679c\u5728\u6ca1\u6709\u4e0a\u8ff0 2 \u79cd Ingress \u7ec4\u4ef6\u65f6\uff0c\u53ef\u4ee5\u4f7f\u7528 Knative \u57fa\u4e8e Envoy \u5b9e\u73b0\u7684 Kourier Ingress \u4f5c\u4e3a\u6d41\u91cf\u5165\u53e3\u3002"},{"location":"admin/kpanda/scale/knative/knative.html#autoscaler","title":"Autoscaler \u65b9\u6848\u5bf9\u6bd4","text":"Autoscaler \u7c7b\u578b \u662f\u5426\u4e3a Knative Serving \u6838\u5fc3\u90e8\u5206 \u9ed8\u8ba4\u542f\u7528 Scale to Zero \u652f\u6301 \u57fa\u4e8e CPU \u7684 Autoscaling \u652f\u6301 Knative Pod Autoscaler (KPA) \u662f \u662f \u662f \u5426 Horizontal Pod Autoscaler (HPA) \u5426 \u9700\u5b89\u88c5 Knative Serving \u540e\u542f\u7528 \u5426 \u662f"},{"location":"admin/kpanda/scale/knative/knative.html#crd","title":"CRD","text":"\u8d44\u6e90\u7c7b\u578b API \u540d\u79f0 \u63cf\u8ff0 Services service.serving.knative.dev \u81ea\u52a8\u7ba1\u7406 Workload \u7684\u6574\u4e2a\u751f\u547d\u5468\u671f\uff0c\u63a7\u5236\u5176\u4ed6\u5bf9\u8c61\u7684\u521b\u5efa\uff0c\u786e\u4fdd\u5e94\u7528\u5177\u6709 Routes\u3001Configurations \u4ee5\u53ca\u6bcf\u6b21\u66f4\u65b0\u65f6\u7684\u65b0 revision\u3002 Routes route.serving.knative.dev \u5c06\u7f51\u7edc\u7aef\u70b9\u6620\u5c04\u5230\u4e00\u4e2a\u6216\u591a\u4e2a\u4fee\u8ba2\u7248\u672c\uff0c\u652f\u6301\u6d41\u91cf\u5206\u914d\u548c\u7248\u672c\u8def\u7531\u3002 Configurations configuration.serving.knative.dev \u7ef4\u62a4\u90e8\u7f72\u7684\u671f\u671b\u72b6\u6001\uff0c\u63d0\u4f9b\u4ee3\u7801\u548c\u914d\u7f6e\u4e4b\u95f4\u7684\u5206\u79bb\uff0c\u9075\u5faa Twelve-Factor \u5e94\u7528\u7a0b\u5e8f\u65b9\u6cd5\u8bba\uff0c\u4fee\u6539\u914d\u7f6e\u4f1a\u521b\u5efa\u65b0\u7684 revision\u3002 Revisions revision.serving.knative.dev \u6bcf\u6b21\u5bf9\u5de5\u4f5c\u8d1f\u8f7d\u4fee\u6539\u7684\u65f6\u95f4\u70b9\u5feb\u7167\uff0c\u662f\u4e0d\u53ef\u53d8\u5bf9\u8c61\uff0c\u53ef\u6839\u636e\u6d41\u91cf\u81ea\u52a8\u6269\u5bb9\u548c\u7f29\u5bb9\u3002"},{"location":"admin/kpanda/scale/knative/playground.html","title":"Knative \u4f7f\u7528\u5b9e\u8df5","text":"\u5728\u672c\u8282\u4e2d\uff0c\u6211\u4eec\u5c06\u901a\u8fc7\u51e0\u4e2a\u5b9e\u8df5\u6765\u6df1\u5165\u4e86\u89e3\u5b66\u4e60 Knative\u3002
"},{"location":"admin/kpanda/scale/knative/playground.html#case-1-hello-world","title":"case 1 - Hello World","text":"apiVersion: serving.knative.dev/v1\nkind: Service\nmetadata:\n name: hello\nspec:\n template:\n spec:\n containers:\n - image: m.daocloud.io/ghcr.io/knative/helloworld-go:latest\n ports:\n - containerPort: 8080\n env:\n - name: TARGET\n value: \"World\"\n
\u53ef\u4ee5\u4f7f\u7528 kubectl \u5df2\u90e8\u7f72\u7684\u5e94\u7528\u7684\u72b6\u6001\uff0c\u8fd9\u4e2a\u5e94\u7528\u7531 knative \u81ea\u52a8\u914d\u7f6e\u4e86 ingress \u548c\u4f38\u7f29\u5668\u3002
~ kubectl get service.serving.knative.dev/hello\nNAME URL LATESTCREATED LATESTREADY READY REASON\nhello http://hello.knative-serving.knative.loulan.me hello-00001 hello-00001 True\n
\u90e8\u7f72\u51fa\u7684 Pod YAML \u5982\u4e0b\uff0c\u7531 2 \u4e2a Pod \u7ec4\u6210\uff1auser-container \u548c queue-proxy\u3002
apiVersion: v1\nkind: Pod\nmetadata:\n name: hello-00003-deployment-5fcb8ccbf-7qjfk\nspec:\n containers:\n - name: user-container\n - name: queue-proxy\n
\u8bf7\u6c42\u6d41\uff1a
case3 \u6d41\u91cf\u518d\u53d8\u5c0f\u65f6\uff0c\u6d41\u91cf\u4f4e\u4e8e current_demand + target-burst-capacity > (pods * concurrency-target) \u65f6\u5c06\u518d\u6b21\u8def\u7531\u5230 activator
\u5f85\u5904\u7406\u7684\u8bf7\u6c42\u603b\u6570 + \u80fd\u63a5\u53d7\u7684\u8d85\u8fc7\u76ee\u6807\u5e76\u53d1\u6570\u7684\u8bf7\u6c42\u6570\u91cf > \u6bcf\u4e2a Pod \u7684\u76ee\u6807\u5e76\u53d1\u6570 * Pod \u6570\u91cf
\u6211\u4eec\u9996\u5148\u5728\u96c6\u7fa4\u5e94\u7528\u4e0b\u9762 YAML \u5b9a\u4e49\u3002
apiVersion: serving.knative.dev/v1\nkind: Service\nmetadata:\n name: hello\nspec:\n template:\n metadata:\n annotations:\n autoscaling.knative.dev/target: \"1\"\n autoscaling.knative.dev/class: \"kpa.autoscaling.knative.dev\"\n spec:\n containers:\n - image: m.daocloud.io/ghcr.io/knative/helloworld-go:latest\n ports:\n - containerPort: 8080\n env:\n - name: TARGET\n value: \"World\"\n
\u6267\u884c\u4e0b\u9762\u547d\u4ee4\u6d4b\u8bd5\uff0c\u5e76\u53ef\u4ee5\u901a\u8fc7 kubectl get pods -A -w
\u6765\u89c2\u5bdf\u6269\u5bb9\u7684 Pod\u3002
wrk -t2 -c4 -d6s http://hello.knative-serving.knative.daocloud.io/\n
"},{"location":"admin/kpanda/scale/knative/playground.html#case-3-","title":"case 3 - \u57fa\u4e8e\u5e76\u53d1\u5f39\u6027\u4f38\u7f29\uff0c\u8fbe\u5230\u7279\u5b9a\u6bd4\u4f8b\u63d0\u524d\u6269\u5bb9","text":"\u6211\u4eec\u53ef\u4ee5\u5f88\u8f7b\u677e\u7684\u5b9e\u73b0\uff0c\u4f8b\u5982\u9650\u5236\u6bcf\u4e2a\u5bb9\u5668\u5e76\u53d1\u4e3a 10\uff0c\u53ef\u4ee5\u901a\u8fc7 autoscaling.knative.dev/target-utilization-percentage: 70
\u6765\u5b9e\u73b0\uff0c\u8fbe\u5230 70% \u5c31\u5f00\u59cb\u6269\u5bb9 Pod\u3002
apiVersion: serving.knative.dev/v1\nkind: Service\nmetadata:\n name: hello\nspec:\n template:\n metadata:\n annotations:\n autoscaling.knative.dev/target: \"10\"\n autoscaling.knative.dev/class: \"kpa.autoscaling.knative.dev\"\n \u00a0 \u00a0 \u00a0 \u00a0autoscaling.knative.dev/target-utilization-percentage: \"70\" \n \u00a0 \u00a0 \u00a0 \u00a0autoscaling.knative.dev/metric: \"concurrency\"\n \u00a0 \u00a0 spec:\n containers:\n - image: m.daocloud.io/ghcr.io/knative/helloworld-go:latest\n ports:\n - containerPort: 8080\n env:\n - name: TARGET\n value: \"World\"\n
"},{"location":"admin/kpanda/scale/knative/playground.html#case-4-","title":"case 4 - \u7070\u5ea6\u53d1\u5e03/\u6d41\u91cf\u767e\u5206\u6bd4","text":"\u6211\u4eec\u53ef\u4ee5\u901a\u8fc7 spec.traffic
\u5b9e\u73b0\u5230\u6bcf\u4e2a\u7248\u672c\u6d41\u91cf\u7684\u63a7\u5236\u3002
apiVersion: serving.knative.dev/v1\nkind: Service\nmetadata:\n name: hello\nspec:\n template:\n metadata:\n annotations:\n autoscaling.knative.dev/target: \"1\" \n autoscaling.knative.dev/class: \"kpa.autoscaling.knative.dev\" \n spec:\n containers:\n - image: m.daocloud.io/ghcr.io/knative/helloworld-go:latest\n ports:\n - containerPort: 8080\n env:\n - name: TARGET\n value: \"World\"\n traffic:\n - latestRevision: true\n percent: 50\n - latestRevision: false\n percent: 50\n revisionName: hello-00001\n
"},{"location":"admin/kpanda/scale/knative/scene.html","title":"\u4f7f\u7528\u573a\u666f","text":""},{"location":"admin/kpanda/scale/knative/scene.html#_2","title":"\u9002\u5408\u7684\u573a\u666f","text":"Tip
\u77ed\u8fde\u63a5\u9ad8\u5e76\u53d1\u4e1a\u52a1\u4ee5\u53ca\u9700\u8981\u5f39\u6027\u4f38\u7f29\u7684\u4e1a\u52a1\uff0c\u63a8\u8350\u4f7f\u7528 HPA \u548c VPA \u80fd\u529b\u3002
"},{"location":"admin/kpanda/scale/knative/scene.html#_3","title":"\u4e0d\u9002\u5408\u7684\u573a\u666f","text":"\u5728Kubernetes\uff08\u7b80\u79f0K8s\uff09\u73af\u5883\u4e2d\uff0c\u5b89\u5168\u626b\u63cf\u662f\u786e\u4fdd\u96c6\u7fa4\u5b89\u5168\u6027\u7684\u5173\u952e\u63aa\u65bd\u4e4b\u4e00\u3002\u5176\u4e2d\uff0c\u5408\u89c4\u6027\u626b\u63cf\uff08\u57fa\u4e8eCIS Benchmark\uff09\u3001\u6743\u9650\u626b\u63cf\uff08\u57fa\u4e8ekube-audit\u5ba1\u8ba1\u529f\u80fd\uff09\u3001\u6f0f\u6d1e\u626b\u63cf\uff08\u57fa\u4e8e kube-hunter\uff09\u662f\u4e09\u79cd\u5e38\u89c1\u4e14\u91cd\u8981\u7684\u5b89\u5168\u626b\u63cf\u624b\u6bb5\uff1a
\u5408\u89c4\u6027\u626b\u63cf\uff1a\u57fa\u4e8e CIS Benchmark \u5bf9\u96c6\u7fa4\u8282\u70b9\u8fdb\u884c\u5b89\u5168\u626b\u63cf\u3002CIS Benchmark \u662f\u4e00\u5957\u5168\u7403\u516c\u8ba4\u7684\u6700\u4f73\u5b9e\u8df5\u6807\u51c6\uff0c\u4e3a Kubernetes \u96c6\u7fa4\u63d0\u4f9b\u4e86\u8be6\u7ec6\u7684\u5b89\u5168\u914d\u7f6e\u6307\u5357\u548c\u81ea\u52a8\u5316\u68c0\u67e5\u5de5\u5177\uff08\u5982Kube-Bench\uff09\uff0c\u5e2e\u52a9\u7ec4\u7ec7\u786e\u4fdd\u5176K8s\u96c6\u7fa4\u7b26\u5408\u5b89\u5168\u57fa\u7ebf\u8981\u6c42\uff0c\u4fdd\u62a4\u7cfb\u7edf\u548c\u6570\u636e\u514d\u53d7\u5a01\u80c1\u3002
\u6743\u9650\u626b\u63cf\uff1a\u57fa\u4e8ekube-audit\u5ba1\u8ba1\u529f\u80fd\u3002\u6743\u9650\u626b\u63cf\u4e3b\u8981\u89e3\u51b3\u96c6\u7fa4\u8bbf\u95ee\u63a7\u5236\u548c\u64cd\u4f5c\u900f\u660e\u5ea6\u7684\u95ee\u9898\u3002\u901a\u8fc7\u5ba1\u8ba1\u65e5\u5fd7\uff0c\u96c6\u7fa4\u7ba1\u7406\u5458\u80fd\u591f\u8ffd\u6eaf\u96c6\u7fa4\u8d44\u6e90\u7684\u8bbf\u95ee\u5386\u53f2\uff0c\u8bc6\u522b\u5f02\u5e38\u884c\u4e3a\uff0c\u5982\u672a\u7ecf\u6388\u6743\u7684\u8bbf\u95ee\u3001\u654f\u611f\u6570\u636e\u7684\u6cc4\u9732\u3001\u6709\u5b89\u5168\u6f0f\u6d1e\u7684\u64cd\u4f5c\u8bb0\u5f55\u7b49\u3002\u8fd9\u5bf9\u4e8e\u6545\u969c\u6392\u67e5\u3001\u5b89\u5168\u4e8b\u4ef6\u54cd\u5e94\u4ee5\u53ca\u6ee1\u8db3\u5408\u89c4\u6027\u8981\u6c42\u81f3\u5173\u91cd\u8981\u3002\u6b64\u5916\uff0c\u6743\u9650\u626b\u63cf\u8fd8\u53ef\u4ee5\u5e2e\u52a9\u7ec4\u7ec7\u53d1\u73b0\u6f5c\u5728\u7684\u6743\u9650\u6ee5\u7528\u95ee\u9898\uff0c\u53ca\u65f6\u91c7\u53d6\u63aa\u65bd\u9632\u6b62\u5b89\u5168\u4e8b\u4ef6\u7684\u53d1\u751f\u3002
\u6f0f\u6d1e\u626b\u63cf\uff1a\u57fa\u4e8e kube-hunter\uff0c\u4e3b\u8981\u89e3\u51b3 Kubernetes \u96c6\u7fa4\u4e2d\u5b58\u5728\u7684\u5df2\u77e5\u6f0f\u6d1e\u548c\u914d\u7f6e\u9519\u8bef\u95ee\u9898\u3002kube-hunter \u901a\u8fc7\u6a21\u62df\u653b\u51fb\u884c\u4e3a\uff0c\u80fd\u591f\u8bc6\u522b\u96c6\u7fa4\u4e2d\u53ef\u88ab\u6076\u610f\u5229\u7528\u7684\u6f0f\u6d1e\uff0c\u5982\u672a\u6388\u6743\u8bbf\u95ee\u3001\u66b4\u9732\u7684\u670d\u52a1\u548cAPI\u7aef\u70b9\u3001\u914d\u7f6e\u9519\u8bef\u7684\u89d2\u8272\u548c\u7ed1\u5b9a\u7b56\u7565\u7b49\u3002\u7279\u522b\u5730\uff0ckube-hunter\u80fd\u591f\u8bc6\u522b\u5e76\u62a5\u544a CVE \u6f0f\u6d1e\uff0c\u8fd9\u4e9b\u6f0f\u6d1e\u5982\u679c\u88ab\u6076\u610f\u5229\u7528\uff0c\u53ef\u80fd\u5bfc\u81f4\u6570\u636e\u6cc4\u9732\u3001\u670d\u52a1\u4e2d\u65ad\u7b49\u4e25\u91cd\u540e\u679c\u3002CVE \u6f0f\u6d1e\u662f\u7531\u56fd\u9645\u77e5\u540d\u7684\u5b89\u5168\u7ec4\u7ec7\u5982MITRE\u6240\u5b9a\u4e49\u548c\u7ef4\u62a4\u7684\uff0cCVE\u6570\u636e\u5e93\u4e3a\u8f6f\u4ef6\u548c\u56fa\u4ef6\u4e2d\u7684\u5df2\u77e5\u6f0f\u6d1e\u63d0\u4f9b\u4e86\u552f\u4e00\u6807\u8bc6\u7b26\uff0c\u6210\u4e3a\u5168\u7403\u5b89\u5168\u793e\u533a\u5171\u540c\u9075\u5faa\u7684\u6807\u51c6\u3002kube-hunter \u901a\u8fc7\u5229\u7528 CVE \u6570\u636e\u5e93\u4e2d\u7684\u4fe1\u606f\uff0c\u80fd\u591f\u5e2e\u52a9\u7528\u6237\u5feb\u901f\u8bc6\u522b\u5e76\u54cd\u5e94Kubernetes\u96c6\u7fa4\u4e2d\u7684\u5b89\u5168\u5a01\u80c1\u3002
\u5408\u89c4\u6027\u626b\u63cf\u7684\u5bf9\u8c61\u662f\u96c6\u7fa4\u8282\u70b9\u3002\u626b\u63cf\u7ed3\u679c\u4e2d\u4f1a\u5217\u51fa\u626b\u63cf\u9879\u4ee5\u53ca\u626b\u63cf\u7ed3\u679c\uff0c\u5e76\u9488\u5bf9\u672a\u901a\u8fc7\u7684\u626b\u63cf\u9879\u7ed9\u51fa\u4fee\u590d\u5efa\u8bae\u3002\u6709\u5173\u626b\u63cf\u65f6\u7528\u5230\u7684\u5177\u4f53\u5b89\u5168\u89c4\u5219\uff0c\u53ef\u53c2\u8003 CIS Kubernetes Benchmark
\u68c0\u67e5\u4e0d\u540c\u7c7b\u578b\u7684\u8282\u70b9\u65f6\uff0c\u626b\u63cf\u7684\u4fa7\u91cd\u70b9\u6709\u6240\u4e0d\u540c\u3002
\u626b\u63cf\u63a7\u5236\u5e73\u9762\u8282\u70b9\uff08Controller\uff09
\u626b\u63cf\u5de5\u4f5c\u8282\u70b9\uff08Worker\uff09
Tip
\u4f7f\u7528\u5408\u89c4\u6027\u626b\u63cf\u65f6\uff0c\u9700\u8981\u5148\u521b\u5efa\u626b\u63cf\u914d\u7f6e\uff0c\u7136\u540e\u57fa\u4e8e\u8be5\u914d\u7f6e\u521b\u5efa\u626b\u63cf\u7b56\u7565\u3002\u6267\u884c\u626b\u63cf\u7b56\u7565\u4e4b\u540e\uff0c\u53ef\u4ee5\u67e5\u770b\u626b\u63cf\u62a5\u544a\u3002
"},{"location":"admin/kpanda/security/index.html#_3","title":"\u6743\u9650\u626b\u63cf","text":"\u6743\u9650\u626b\u63cf\u4fa7\u91cd\u4e8e\u6743\u9650\u95ee\u9898\u5f15\u53d1\u7684\u5b89\u5168\u6f0f\u6d1e\u3002\u6743\u9650\u626b\u63cf\u53ef\u4ee5\u5e2e\u52a9\u7528\u6237\u8bc6\u522b Kubernetes \u96c6\u7fa4\u4e2d\u7684\u5b89\u5168\u5a01\u80c1\uff0c\u6807\u8bc6\u54ea\u4e9b\u8d44\u6e90\u9700\u8981\u8fdb\u884c\u8fdb\u4e00\u6b65\u7684\u5ba1\u67e5\u548c\u4fdd\u62a4\u63aa\u65bd\u3002\u901a\u8fc7\u6267\u884c\u8fd9\u4e9b\u68c0\u67e5\u9879\uff0c\u7528\u6237\u53ef\u4ee5\u66f4\u6e05\u695a\u3001\u66f4\u5168\u9762\u5730\u4e86\u89e3\u81ea\u5df1\u7684 Kubernetes \u73af\u5883\uff0c\u786e\u4fdd\u96c6\u7fa4\u73af\u5883\u7b26\u5408 Kubernetes \u7684\u6700\u4f73\u5b9e\u8df5\u548c\u5b89\u5168\u6807\u51c6\u3002
\u5177\u4f53\u800c\u8a00\uff0c\u6743\u9650\u626b\u63cf\u652f\u6301\u4ee5\u4e0b\u64cd\u4f5c\uff1a
\u626b\u63cf\u96c6\u7fa4\u4e2d\u7684\u6240\u6709\u8282\u70b9\u7684\u5065\u5eb7\u72b6\u6001\u3002
\u626b\u63cf\u96c6\u7fa4\u7ec4\u4ef6\u7684\u8fd0\u884c\u72b6\u51b5\uff0c\u5982 kube-apiserver \u3001 kube-controller-manager \u3001 kube-scheduler \u7b49\u3002
\u626b\u63cf\u5b89\u5168\u914d\u7f6e\uff1a\u68c0\u67e5 Kubernetes \u7684\u5b89\u5168\u914d\u7f6e
\u63d0\u4f9b\u8b66\u544a\u548c\u5efa\u8bae\uff1a\u5efa\u8bae\u96c6\u7fa4\u7ba1\u7406\u5458\u6267\u884c\u7684\u5b89\u5168\u6700\u4f73\u5b9e\u8df5\uff0c\u4f8b\u5982\u5b9a\u671f\u8f6e\u6362\u8bc1\u4e66\u3001\u4f7f\u7528\u5f3a\u5bc6\u7801\u3001\u9650\u5236\u7f51\u7edc\u8bbf\u95ee\u7b49\u3002
Tip
\u4f7f\u7528\u5408\u89c4\u6027\u626b\u63cf\u65f6\uff0c\u9700\u8981\u5148\u521b\u5efa\u626b\u63cf\u7b56\u7565\u3002\u6267\u884c\u626b\u63cf\u7b56\u7565\u4e4b\u540e\uff0c\u53ef\u4ee5\u67e5\u770b\u626b\u63cf\u62a5\u544a\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u5b89\u5168\u626b\u63cf\u3002
"},{"location":"admin/kpanda/security/index.html#_4","title":"\u6f0f\u6d1e\u626b\u63cf","text":"\u6f0f\u6d1e\u626b\u63cf\u4fa7\u91cd\u4e8e\u626b\u63cf\u6f5c\u5728\u7684\u6076\u610f\u653b\u51fb\u548c\u5b89\u5168\u6f0f\u6d1e\uff0c\u4f8b\u5982\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u3001SQL \u6ce8\u5165\u3001XSS \u653b\u51fb\u7b49\uff0c\u4ee5\u53ca\u4e00\u4e9b\u9488\u5bf9 Kubernetes \u7279\u5b9a\u7684\u653b\u51fb\u3002\u6700\u7ec8\u7684\u626b\u63cf\u62a5\u544a\u4f1a\u5217\u51fa\u96c6\u7fa4\u4e2d\u5b58\u5728\u7684\u5b89\u5168\u6f0f\u6d1e\uff0c\u5e76\u63d0\u51fa\u4fee\u590d\u5efa\u8bae\u3002
Tip
\u4f7f\u7528\u5408\u89c4\u6027\u626b\u63cf\u65f6\uff0c\u9700\u8981\u5148\u521b\u5efa\u626b\u63cf\u7b56\u7565\u3002\u6267\u884c\u626b\u63cf\u7b56\u7565\u4e4b\u540e\uff0c\u53ef\u4ee5\u67e5\u770b\u626b\u63cf\u62a5\u544a\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u6f0f\u6d1e\u626b\u63cf\u3002
"},{"location":"admin/kpanda/security/audit.html","title":"\u6743\u9650\u626b\u63cf","text":"\u4e3a\u4e86\u4f7f\u7528\u6743\u9650\u626b\u63cf\u529f\u80fd\uff0c\u9700\u8981\u5148\u521b\u5efa\u626b\u63cf\u7b56\u7565\uff0c\u6267\u884c\u8be5\u7b56\u7565\u4e4b\u540e\u4f1a\u81ea\u52a8\u751f\u6210\u626b\u63cf\u62a5\u544a\u4ee5\u4f9b\u67e5\u770b\u3002
"},{"location":"admin/kpanda/security/audit.html#_2","title":"\u521b\u5efa\u626b\u63cf\u7b56\u7565","text":"\u5728\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u7684\u9996\u9875\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u5b89\u5168\u7ba1\u7406 \u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u6743\u9650\u626b\u63cf \uff0c\u70b9\u51fb \u626b\u63cf\u7b56\u7565 \u9875\u7b7e\uff0c\u5728\u53f3\u4fa7\u70b9\u51fb \u521b\u5efa\u626b\u63cf\u7b56\u7565 \u3002
\u53c2\u8003\u4e0b\u5217\u8bf4\u660e\u586b\u5199\u914d\u7f6e\uff0c\u6700\u540e\u70b9\u51fb \u786e\u5b9a \u5373\u53ef\u3002
\u626b\u63cf\u7c7b\u578b\uff1a
\u626b\u63cf\u62a5\u544a\u4fdd\u7559\u6570\u91cf\uff1a\u8bbe\u7f6e\u6700\u591a\u4fdd\u7559\u591a\u5c11\u626b\u63cf\u62a5\u544a\u3002\u8d85\u8fc7\u6307\u5b9a\u7684\u4fdd\u7559\u6570\u91cf\u65f6\uff0c\u4ece\u6700\u65e9\u7684\u62a5\u544a\u5f00\u59cb\u5220\u9664\u3002
\u521b\u5efa\u626b\u63cf\u7b56\u7565\u4e4b\u540e\uff0c\u53ef\u4ee5\u6839\u636e\u9700\u8981\u66f4\u65b0\u6216\u5220\u9664\u626b\u63cf\u7b56\u7565\u3002
\u5728 \u626b\u63cf\u7b56\u7565 \u9875\u7b7e\u4e0b\uff0c\u70b9\u51fb\u914d\u7f6e\u53f3\u4fa7\u7684 \u2507 \u64cd\u4f5c\u6309\u94ae\uff1a
\u5bf9\u4e8e\u5468\u671f\u6027\u7684\u626b\u63cf\u7b56\u7565\uff1a
\u5bf9\u4e8e\u4e00\u6b21\u6027\u7684\u626b\u63cf\u7b56\u7565\uff1a\u4ec5\u652f\u6301 \u5220\u9664 \u64cd\u4f5c\u3002
\u5728 \u5b89\u5168\u7ba1\u7406 -> \u6743\u9650\u626b\u63cf -> \u626b\u63cf\u62a5\u544a \u9875\u7b7e\u4e0b\uff0c\u70b9\u51fb\u62a5\u544a\u540d\u79f0
\u5728\u62a5\u544a\u53f3\u4fa7\u70b9\u51fb \u5220\u9664 \u53ef\u4ee5\u624b\u52a8\u5220\u9664\u62a5\u544a\u3002
\u67e5\u770b\u626b\u63cf\u62a5\u544a\u5185\u5bb9\uff0c\u5305\u62ec\uff1a
\u68c0\u67e5\u8be6\u60c5\uff0c\u4f8b\u5982\u88ab\u68c0\u67e5\u7684\u8d44\u6e90\u3001\u8d44\u6e90\u7c7b\u578b\u3001\u626b\u63cf\u7ed3\u679c\u3001\u9519\u8bef\u7c7b\u578b\u3001\u9519\u8bef\u8be6\u60c5
\u4e3a\u4e86\u4f7f\u7528\u6f0f\u6d1e\u626b\u63cf\u529f\u80fd\uff0c\u9700\u8981\u5148\u521b\u5efa\u626b\u63cf\u7b56\u7565\uff0c\u6267\u884c\u8be5\u7b56\u7565\u4e4b\u540e\u4f1a\u81ea\u52a8\u751f\u6210\u626b\u63cf\u62a5\u544a\u4ee5\u4f9b\u67e5\u770b\u3002
"},{"location":"admin/kpanda/security/hunter.html#_2","title":"\u521b\u5efa\u626b\u63cf\u7b56\u7565","text":"\u5728\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u7684\u9996\u9875\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u5b89\u5168\u7ba1\u7406 \u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u6f0f\u6d1e\u626b\u63cf \uff0c\u70b9\u51fb \u626b\u63cf\u7b56\u7565 \u9875\u7b7e\uff0c\u5728\u53f3\u4fa7\u70b9\u51fb \u521b\u5efa\u626b\u63cf\u7b56\u7565 \u3002
\u53c2\u8003\u4e0b\u5217\u8bf4\u660e\u586b\u5199\u914d\u7f6e\uff0c\u6700\u540e\u70b9\u51fb \u786e\u5b9a \u5373\u53ef\u3002
\u626b\u63cf\u7c7b\u578b\uff1a
\u626b\u63cf\u62a5\u544a\u4fdd\u7559\u6570\u91cf\uff1a\u8bbe\u7f6e\u6700\u591a\u4fdd\u7559\u591a\u5c11\u626b\u63cf\u62a5\u544a\u3002\u8d85\u8fc7\u6307\u5b9a\u7684\u4fdd\u7559\u6570\u91cf\u65f6\uff0c\u4ece\u6700\u65e9\u7684\u62a5\u544a\u5f00\u59cb\u5220\u9664\u3002
\u521b\u5efa\u626b\u63cf\u7b56\u7565\u4e4b\u540e\uff0c\u53ef\u4ee5\u6839\u636e\u9700\u8981\u66f4\u65b0\u6216\u5220\u9664\u626b\u63cf\u7b56\u7565\u3002
\u5728 \u626b\u63cf\u7b56\u7565 \u9875\u7b7e\u4e0b\uff0c\u70b9\u51fb\u914d\u7f6e\u53f3\u4fa7\u7684 \u2507 \u64cd\u4f5c\u6309\u94ae\uff1a
\u5bf9\u4e8e\u5468\u671f\u6027\u7684\u626b\u63cf\u7b56\u7565\uff1a
\u5bf9\u4e8e\u4e00\u6b21\u6027\u7684\u626b\u63cf\u7b56\u7565\uff1a\u4ec5\u652f\u6301 \u5220\u9664 \u64cd\u4f5c\u3002
\u5728 \u5b89\u5168\u7ba1\u7406 -> \u6743\u9650\u626b\u63cf -> \u626b\u63cf\u62a5\u544a \u9875\u7b7e\u4e0b\uff0c\u70b9\u51fb\u62a5\u544a\u540d\u79f0
\u5728\u62a5\u544a\u53f3\u4fa7\u70b9\u51fb \u5220\u9664 \u53ef\u4ee5\u624b\u52a8\u5220\u9664\u62a5\u544a\u3002
\u67e5\u770b\u626b\u63cf\u62a5\u544a\u5185\u5bb9\uff0c\u5305\u62ec\uff1a
\u68c0\u67e5\u8be6\u60c5\uff0c\u4f8b\u5982\u6f0f\u6d1e ID\u3001\u6f0f\u6d1e\u7c7b\u578b\u3001\u6f0f\u6d1e\u540d\u79f0\u3001\u6f0f\u6d1e\u63cf\u8ff0\u7b49
\u4f7f\u7528\u5408\u89c4\u6027\u626b\u63cf\u7684\u7b2c\u4e00\u6b65\uff0c\u5c31\u662f\u5148\u521b\u5efa\u626b\u63cf\u914d\u7f6e\u3002\u57fa\u4e8e\u626b\u63cf\u914d\u7f6e\u518d\u521b\u5efa\u626b\u63cf\u7b56\u7565\u3001\u6267\u884c\u626b\u63cf\u7b56\u7565\uff0c\u6700\u540e\u67e5\u770b\u626b\u63cf\u7ed3\u679c\u3002
"},{"location":"admin/kpanda/security/cis/config.html#_2","title":"\u521b\u5efa\u626b\u63cf\u914d\u7f6e","text":"\u521b\u5efa\u626b\u63cf\u914d\u7f6e\u7684\u6b65\u9aa4\u5982\u4e0b\uff1a
\u5728\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u7684\u9996\u9875\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u5b89\u5168\u7ba1\u7406 \u3002
\u9ed8\u8ba4\u8fdb\u5165 \u5408\u89c4\u6027\u626b\u63cf \u9875\u9762\uff0c\u70b9\u51fb \u626b\u63cf\u914d\u7f6e \u9875\u7b7e\uff0c\u7136\u540e\u5728\u53f3\u4e0a\u89d2\u70b9\u51fb \u521b\u5efa\u626b\u63cf\u914d\u7f6e \u3002
\u586b\u5199\u914d\u7f6e\u540d\u79f0\u3001\u9009\u62e9\u914d\u7f6e\u6a21\u677f\u3001\u6309\u9700\u52fe\u9009\u626b\u63cf\u9879\uff0c\u6700\u540e\u70b9\u51fb \u786e\u5b9a \u3002
\u626b\u63cf\u6a21\u677f\uff1a\u76ee\u524d\u63d0\u4f9b\u4e86\u4e24\u4e2a\u6a21\u677f\u3002 kubeadm \u6a21\u677f\u9002\u7528\u4e8e\u4e00\u822c\u60c5\u51b5\u4e0b\u7684 Kubernetes \u96c6\u7fa4\u3002 \u6211\u4eec\u5728 kubeadm \u6a21\u677f\u57fa\u7840\u4e0a\uff0c\u7ed3\u5408\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u7684\u5e73\u53f0\u8bbe\u8ba1\u5ffd\u7565\u4e86\u4e0d\u9002\u7528\u4e8e\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u7684\u626b\u63cf\u9879\u3002
\u5728\u626b\u63cf\u914d\u7f6e\u9875\u7b7e\u4e0b\uff0c\u70b9\u51fb\u626b\u63cf\u914d\u7f6e\u7684\u540d\u79f0\uff0c\u53ef\u4ee5\u67e5\u770b\u8be5\u914d\u7f6e\u7684\u7c7b\u578b\u3001\u626b\u63cf\u9879\u6570\u91cf\u3001\u521b\u5efa\u65f6\u95f4\u3001\u914d\u7f6e\u6a21\u677f\uff0c\u4ee5\u53ca\u8be5\u914d\u7f6e\u542f\u7528\u7684\u5177\u4f53\u626b\u63cf\u9879\u3002
"},{"location":"admin/kpanda/security/cis/config.html#_4","title":"\u66f4\u65b0/\u5220\u9664\u626b\u63cf\u914d\u7f6e","text":"\u626b\u63cf\u914d\u7f6e\u521b\u5efa\u6210\u529f\u4e4b\u540e\uff0c\u53ef\u4ee5\u6839\u636e\u9700\u6c42\u66f4\u65b0\u914d\u7f6e\u6216\u5220\u9664\u8be5\u914d\u7f6e\u3002
\u5728\u626b\u63cf\u914d\u7f6e\u9875\u7b7e\u4e0b\uff0c\u70b9\u51fb\u914d\u7f6e\u53f3\u4fa7\u7684 \u2507 \u64cd\u4f5c\u6309\u94ae\uff1a
\u9009\u62e9 \u5220\u9664 \u53ef\u4ee5\u5220\u9664\u8be5\u914d\u7f6e\u3002
\u521b\u5efa\u626b\u63cf\u914d\u7f6e\u4e4b\u540e\uff0c\u53ef\u4ee5\u57fa\u4e8e\u914d\u7f6e\u521b\u5efa\u626b\u63cf\u7b56\u7565\u3002
\u5728 \u5b89\u5168\u7ba1\u7406 -> \u5408\u89c4\u6027\u626b\u63cf \u9875\u9762\u7684 \u626b\u63cf\u7b56\u7565 \u9875\u7b7e\u4e0b\uff0c\u5728\u53f3\u4fa7\u70b9\u51fb\u521b\u5efa\u626b\u63cf\u7b56\u7565\u3002
\u53c2\u8003\u4e0b\u5217\u8bf4\u660e\u586b\u5199\u914d\u7f6e\u540e\uff0c\u70b9\u51fb \u786e\u5b9a \u3002
\u626b\u63cf\u7c7b\u578b\uff1a
\u626b\u63cf\u62a5\u544a\u4fdd\u7559\u6570\u91cf\uff1a\u8bbe\u7f6e\u6700\u591a\u4fdd\u7559\u591a\u5c11\u626b\u63cf\u62a5\u544a\u3002\u8d85\u8fc7\u6307\u5b9a\u7684\u4fdd\u7559\u6570\u91cf\u65f6\uff0c\u4ece\u6700\u65e9\u7684\u62a5\u544a\u5f00\u59cb\u5220\u9664\u3002
\u521b\u5efa\u626b\u63cf\u7b56\u7565\u4e4b\u540e\uff0c\u53ef\u4ee5\u6839\u636e\u9700\u8981\u66f4\u65b0\u6216\u5220\u9664\u626b\u63cf\u7b56\u7565\u3002
\u5728 \u626b\u63cf\u7b56\u7565 \u9875\u7b7e\u4e0b\uff0c\u70b9\u51fb\u914d\u7f6e\u53f3\u4fa7\u7684 \u2507 \u64cd\u4f5c\u6309\u94ae\uff1a
\u5bf9\u4e8e\u5468\u671f\u6027\u7684\u626b\u63cf\u7b56\u7565\uff1a
\u5bf9\u4e8e\u4e00\u6b21\u6027\u7684\u626b\u63cf\u7b56\u7565\uff1a\u4ec5\u652f\u6301 \u5220\u9664 \u64cd\u4f5c\u3002
hide\uff1a - toc
"},{"location":"admin/kpanda/security/cis/report.html#_1","title":"\u626b\u63cf\u62a5\u544a","text":"\u6267\u884c\u626b\u63cf\u7b56\u7565\u4e4b\u540e\u4f1a\u81ea\u52a8\u751f\u6210\u626b\u63cf\u62a5\u544a\u3002\u60a8\u53ef\u4ee5\u5728\u7ebf\u67e5\u770b\u626b\u63cf\u62a5\u544a\u6216\u5c06\u5176\u4e0b\u8f7d\u5230\u672c\u5730\u67e5\u770b\u3002
\u4e0b\u8f7d\u67e5\u770b\u626b\u63cf\u62a5\u544a
\u5b89\u5168\u7ba1\u7406 -> \u5408\u89c4\u6027\u626b\u63cf \u9875\u9762\u7684 \u626b\u63cf\u62a5\u544a \u9875\u7b7e\u70b9\u51fb\u62a5\u544a\u53f3\u4fa7\u7684 \u2507 \u64cd\u4f5c\u6309\u94ae\u9009\u62e9 \u4e0b\u8f7d \u3002
\u5728\u7ebf\u67e5\u770b\u626b\u63cf\u62a5\u544a
\u70b9\u51fb\u67d0\u4e2a\u62a5\u544a\u7684\u540d\u79f0\uff0c\u60a8\u53ef\u4ee5\u5728\u7ebf\u67e5\u770b CIS \u5408\u89c4\u6027\u626b\u63cf\u7684\u62a5\u544a\u5185\u5bb9\u3002\u5177\u4f53\u5305\u62ec\uff1a
\u6570\u636e\u5377\uff08PersistentVolume\uff0cPV\uff09\u662f\u96c6\u7fa4\u4e2d\u7684\u4e00\u5757\u5b58\u50a8\uff0c\u53ef\u7531\u7ba1\u7406\u5458\u4e8b\u5148\u5236\u5907\uff0c\u6216\u4f7f\u7528\u5b58\u50a8\u7c7b\uff08Storage Class\uff09\u6765\u52a8\u6001\u5236\u5907\u3002PV \u662f\u96c6\u7fa4\u8d44\u6e90\uff0c\u4f46\u62e5\u6709\u72ec\u7acb\u7684\u751f\u547d\u5468\u671f\uff0c\u4e0d\u4f1a\u968f\u7740 Pod \u8fdb\u7a0b\u7ed3\u675f\u800c\u88ab\u5220\u9664\u3002\u5c06 PV \u6302\u8f7d\u5230\u5de5\u4f5c\u8d1f\u8f7d\u53ef\u4ee5\u5b9e\u73b0\u5de5\u4f5c\u8d1f\u8f7d\u7684\u6570\u636e\u6301\u4e45\u5316\u3002PV \u4e2d\u4fdd\u5b58\u4e86\u53ef\u88ab Pod \u4e2d\u5bb9\u5668\u8bbf\u95ee\u7684\u6570\u636e\u76ee\u5f55\u3002
"},{"location":"admin/kpanda/storage/pv.html#_1","title":"\u521b\u5efa\u6570\u636e\u5377","text":"\u76ee\u524d\u652f\u6301\u901a\u8fc7 YAML \u548c\u8868\u5355\u4e24\u79cd\u65b9\u5f0f\u521b\u5efa\u6570\u636e\u5377\uff0c\u8fd9\u4e24\u79cd\u65b9\u5f0f\u5404\u6709\u4f18\u52a3\uff0c\u53ef\u4ee5\u6ee1\u8db3\u4e0d\u540c\u7528\u6237\u7684\u4f7f\u7528\u9700\u6c42\u3002
\u901a\u8fc7 YAML \u521b\u5efa\u6b65\u9aa4\u66f4\u5c11\u3001\u66f4\u9ad8\u6548\uff0c\u4f46\u95e8\u69db\u8981\u6c42\u8f83\u9ad8\uff0c\u9700\u8981\u719f\u6089\u6570\u636e\u5377\u7684 YAML \u6587\u4ef6\u914d\u7f6e\u3002
\u901a\u8fc7\u8868\u5355\u521b\u5efa\u66f4\u76f4\u89c2\u66f4\u7b80\u5355\uff0c\u6839\u636e\u63d0\u793a\u586b\u5199\u5bf9\u5e94\u7684\u503c\u5373\u53ef\uff0c\u4f46\u6b65\u9aa4\u66f4\u52a0\u7e41\u7410\u3002
\u5728\u96c6\u7fa4\u5217\u8868\u4e2d\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u7136\u540e\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u5bb9\u5668\u5b58\u50a8 -> \u6570\u636e\u5377(PV) -> YAML \u521b\u5efa \u3002
\u5728\u5f39\u6846\u4e2d\u8f93\u5165\u6216\u7c98\u8d34\u4e8b\u5148\u51c6\u5907\u597d\u7684 YAML \u6587\u4ef6\uff0c\u7136\u540e\u5728\u5f39\u6846\u5e95\u90e8\u70b9\u51fb \u786e\u5b9a \u3002
\u652f\u6301\u4ece\u672c\u5730\u5bfc\u5165 YAML \u6587\u4ef6\u6216\u5c06\u586b\u5199\u597d\u7684\u6587\u4ef6\u4e0b\u8f7d\u4fdd\u5b58\u5230\u672c\u5730\u3002
\u5728\u96c6\u7fa4\u5217\u8868\u4e2d\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u7136\u540e\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u5bb9\u5668\u5b58\u50a8 -> \u6570\u636e\u5377(PV) -> \u521b\u5efa\u6570\u636e\u5377(PV) \u3002
\u586b\u5199\u57fa\u672c\u4fe1\u606f\u3002
\u6570\u636e\u5377\u7c7b\u578b\uff1a\u6709\u5173\u5377\u7c7b\u578b\u7684\u8be6\u7ec6\u4ecb\u7ecd\uff0c\u53ef\u53c2\u8003 Kubernetes \u5b98\u65b9\u6587\u6863\u5377\u3002
Local\uff1a\u5c06 Node \u8282\u70b9\u7684\u672c\u5730\u5b58\u50a8\u5305\u88c5\u6210 PVC \u63a5\u53e3\uff0c\u5bb9\u5668\u76f4\u63a5\u4f7f\u7528 PVC \u800c\u65e0\u9700\u5173\u6ce8\u5e95\u5c42\u7684\u5b58\u50a8\u7c7b\u578b\u3002Local \u5377\u4e0d\u652f\u6301\u52a8\u6001\u914d\u7f6e\u6570\u636e\u5377\uff0c\u4f46\u652f\u6301\u914d\u7f6e\u8282\u70b9\u4eb2\u548c\u6027\uff0c\u53ef\u4ee5\u9650\u5236\u80fd\u4ece\u54ea\u4e9b\u8282\u70b9\u4e0a\u8bbf\u95ee\u8be5\u6570\u636e\u5377\u3002
HostPath\uff1a\u4f7f\u7528 Node \u8282\u70b9\u7684\u6587\u4ef6\u7cfb\u7edf\u4e0a\u7684\u6587\u4ef6\u6216\u76ee\u5f55\u4f5c\u4e3a\u6570\u636e\u5377\uff0c\u4e0d\u652f\u6301\u57fa\u4e8e\u8282\u70b9\u4eb2\u548c\u6027\u7684 Pod \u8c03\u5ea6\u3002
\u6302\u8f7d\u8def\u5f84\uff1a\u5c06\u6570\u636e\u5377\u6302\u8f7d\u5230\u5bb9\u5668\u4e2d\u7684\u67d0\u4e2a\u5177\u4f53\u76ee\u5f55\u4e0b\u3002
\u8bbf\u95ee\u6a21\u5f0f\uff1a
\u56de\u6536\u7b56\u7565\uff1a
\u5377\u6a21\u5f0f\uff1a
\u8282\u70b9\u4eb2\u548c\u6027\uff1a
\u5728\u96c6\u7fa4\u5217\u8868\u4e2d\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u7136\u540e\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u5bb9\u5668\u5b58\u50a8 -> \u6570\u636e\u5377(PV) \u3002
\u8be5\u9875\u9762\u53ef\u4ee5\u67e5\u770b\u5f53\u524d\u96c6\u7fa4\u4e2d\u7684\u6240\u6709\u6570\u636e\u5377\uff0c\u4ee5\u53ca\u5404\u4e2a\u6570\u636e\u5377\u7684\u72b6\u6001\u3001\u5bb9\u91cf\u3001\u547d\u540d\u7a7a\u95f4\u7b49\u4fe1\u606f\u3002
\u652f\u6301\u6309\u7167\u6570\u636e\u5377\u7684\u540d\u79f0\u3001\u72b6\u6001\u3001\u547d\u540d\u7a7a\u95f4\u3001\u521b\u5efa\u65f6\u95f4\u8fdb\u884c\u987a\u5e8f\u6216\u9006\u5e8f\u6392\u5e8f\u3002
\u70b9\u51fb\u6570\u636e\u5377\u7684\u540d\u79f0\uff0c\u53ef\u4ee5\u67e5\u770b\u8be5\u6570\u636e\u5377\u7684\u57fa\u672c\u914d\u7f6e\u3001\u5b58\u50a8\u6c60\u4fe1\u606f\u3001\u6807\u7b7e\u3001\u6ce8\u89e3\u7b49\u4fe1\u606f\u3002
\u901a\u8fc7\u514b\u9686\u6570\u636e\u5377\uff0c\u53ef\u4ee5\u57fa\u4e8e\u88ab\u514b\u9686\u6570\u636e\u5377\u7684\u914d\u7f6e\uff0c\u91cd\u65b0\u521b\u5efa\u4e00\u4e2a\u65b0\u7684\u6570\u636e\u5377\u3002
\u8fdb\u5165\u514b\u9686\u9875\u9762
\u5728\u6570\u636e\u5377\u5217\u8868\u9875\u9762\uff0c\u627e\u5230\u9700\u8981\u514b\u9686\u7684\u6570\u636e\u5377\uff0c\u5728\u53f3\u4fa7\u7684\u64cd\u4f5c\u680f\u4e0b\u9009\u62e9 \u514b\u9686 \u3002
\u4e5f\u53ef\u4ee5\u70b9\u51fb\u6570\u636e\u5377\u7684\u540d\u79f0\uff0c\u5728\u8be6\u60c5\u9875\u9762\u7684\u53f3\u4e0a\u89d2\u70b9\u51fb\u64cd\u4f5c\u6309\u94ae\u9009\u62e9 \u514b\u9686 \u3002
\u76f4\u63a5\u4f7f\u7528\u539f\u914d\u7f6e\uff0c\u6216\u8005\u6309\u9700\u8fdb\u884c\u4fee\u6539\uff0c\u7136\u540e\u5728\u9875\u9762\u5e95\u90e8\u70b9\u51fb \u786e\u5b9a \u3002
\u6709\u4e24\u79cd\u9014\u5f84\u53ef\u4ee5\u66f4\u65b0\u6570\u636e\u5377\u3002\u652f\u6301\u901a\u8fc7\u8868\u5355\u6216 YAML \u6587\u4ef6\u66f4\u65b0\u6570\u636e\u5377\u3002
Note
\u4ec5\u652f\u6301\u66f4\u65b0\u6570\u636e\u5377\u7684\u522b\u540d\u3001\u5bb9\u91cf\u3001\u8bbf\u95ee\u6a21\u5f0f\u3001\u56de\u6536\u7b56\u7565\u3001\u6807\u7b7e\u548c\u6ce8\u89e3\u3002
\u5728\u6570\u636e\u5377\u5217\u8868\u9875\u9762\uff0c\u627e\u5230\u9700\u8981\u66f4\u65b0\u7684\u6570\u636e\u5377\uff0c\u5728\u53f3\u4fa7\u7684\u64cd\u4f5c\u680f\u4e0b\u9009\u62e9 \u66f4\u65b0 \u5373\u53ef\u901a\u8fc7\u8868\u5355\u66f4\u65b0\uff0c\u9009\u62e9 \u7f16\u8f91 YAML \u5373\u53ef\u901a\u8fc7 YAML \u66f4\u65b0\u3002
\u70b9\u51fb\u6570\u636e\u5377\u7684\u540d\u79f0\uff0c\u8fdb\u5165\u6570\u636e\u5377\u7684\u8be6\u60c5\u9875\u9762\u540e\uff0c\u5728\u9875\u9762\u53f3\u4e0a\u89d2\u9009\u62e9 \u66f4\u65b0 \u5373\u53ef\u901a\u8fc7\u8868\u5355\u66f4\u65b0\uff0c\u9009\u62e9 \u7f16\u8f91 YAML \u5373\u53ef\u901a\u8fc7 YAML \u66f4\u65b0\u3002
\u5728\u6570\u636e\u5377\u5217\u8868\u9875\u9762\uff0c\u627e\u5230\u9700\u8981\u5220\u9664\u7684\u6570\u636e\uff0c\u5728\u53f3\u4fa7\u7684\u64cd\u4f5c\u680f\u4e0b\u9009\u62e9 \u5220\u9664 \u3002
\u4e5f\u53ef\u4ee5\u70b9\u51fb\u6570\u636e\u5377\u7684\u540d\u79f0\uff0c\u5728\u8be6\u60c5\u9875\u9762\u7684\u53f3\u4e0a\u89d2\u70b9\u51fb\u64cd\u4f5c\u6309\u94ae\u9009\u62e9 \u5220\u9664 \u3002
"},{"location":"admin/kpanda/storage/pvc.html","title":"\u6570\u636e\u5377\u58f0\u660e(PVC)","text":"\u6301\u4e45\u5377\u58f0\u660e\uff08PersistentVolumeClaim\uff0cPVC\uff09\u8868\u8fbe\u7684\u662f\u7528\u6237\u5bf9\u5b58\u50a8\u7684\u8bf7\u6c42\u3002PVC \u6d88\u8017 PV \u8d44\u6e90\uff0c\u7533\u9886\u4f7f\u7528\u7279\u5b9a\u5927\u5c0f\u3001\u7279\u5b9a\u8bbf\u95ee\u6a21\u5f0f\u7684\u6570\u636e\u5377\uff0c\u4f8b\u5982\u8981\u6c42 PV \u5377\u4ee5 ReadWriteOnce\u3001ReadOnlyMany \u6216 ReadWriteMany \u7b49\u6a21\u5f0f\u6765\u6302\u8f7d\u3002
"},{"location":"admin/kpanda/storage/pvc.html#_1","title":"\u521b\u5efa\u6570\u636e\u5377\u58f0\u660e","text":"\u76ee\u524d\u652f\u6301\u901a\u8fc7 YAML \u548c\u8868\u5355\u4e24\u79cd\u65b9\u5f0f\u521b\u5efa\u6570\u636e\u5377\u58f0\u660e\uff0c\u8fd9\u4e24\u79cd\u65b9\u5f0f\u5404\u6709\u4f18\u52a3\uff0c\u53ef\u4ee5\u6ee1\u8db3\u4e0d\u540c\u7528\u6237\u7684\u4f7f\u7528\u9700\u6c42\u3002
\u901a\u8fc7 YAML \u521b\u5efa\u6b65\u9aa4\u66f4\u5c11\u3001\u66f4\u9ad8\u6548\uff0c\u4f46\u95e8\u69db\u8981\u6c42\u8f83\u9ad8\uff0c\u9700\u8981\u719f\u6089\u6570\u636e\u5377\u58f0\u660e\u7684 YAML \u6587\u4ef6\u914d\u7f6e\u3002
\u901a\u8fc7\u8868\u5355\u521b\u5efa\u66f4\u76f4\u89c2\u66f4\u7b80\u5355\uff0c\u6839\u636e\u63d0\u793a\u586b\u5199\u5bf9\u5e94\u7684\u503c\u5373\u53ef\uff0c\u4f46\u6b65\u9aa4\u66f4\u52a0\u7e41\u7410\u3002
\u5728\u96c6\u7fa4\u5217\u8868\u4e2d\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u7136\u540e\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u5bb9\u5668\u5b58\u50a8 -> \u6570\u636e\u5377\u58f0\u660e (PVC) -> YAML \u521b\u5efa \u3002
\u5728\u5f39\u6846\u4e2d\u8f93\u5165\u6216\u7c98\u8d34\u4e8b\u5148\u51c6\u5907\u597d\u7684 YAML \u6587\u4ef6\uff0c\u7136\u540e\u5728\u5f39\u6846\u5e95\u90e8\u70b9\u51fb \u786e\u5b9a \u3002
\u652f\u6301\u4ece\u672c\u5730\u5bfc\u5165 YAML \u6587\u4ef6\u6216\u5c06\u586b\u5199\u597d\u7684\u6587\u4ef6\u4e0b\u8f7d\u4fdd\u5b58\u5230\u672c\u5730\u3002
\u5728\u96c6\u7fa4\u5217\u8868\u4e2d\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u7136\u540e\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u5bb9\u5668\u5b58\u50a8 -> \u6570\u636e\u5377\u58f0\u660e (PVC) -> \u521b\u5efa\u6570\u636e\u5377\u58f0\u660e (PVC) \u3002
\u586b\u5199\u57fa\u672c\u4fe1\u606f\u3002
\u521b\u5efa\u65b9\u5f0f\uff1a\u5728\u5df2\u6709\u7684\u5b58\u50a8\u6c60\u6216\u8005\u6570\u636e\u5377\u4e2d\u52a8\u6001\u521b\u5efa\u65b0\u7684\u6570\u636e\u5377\u58f0\u660e\uff0c\u6216\u8005\u57fa\u4e8e\u6570\u636e\u5377\u58f0\u660e\u7684\u5feb\u7167\u521b\u5efa\u65b0\u7684\u6570\u636e\u5377\u58f0\u660e\u3002
\u57fa\u4e8e\u5feb\u7167\u521b\u5efa\u65f6\u65e0\u6cd5\u4fee\u6539\u6570\u636e\u5377\u58f0\u660e\u7684\u5bb9\u91cf\uff0c\u53ef\u4ee5\u5728\u521b\u5efa\u5b8c\u6210\u540e\u518d\u8fdb\u884c\u4fee\u6539\u3002
\u9009\u62e9\u521b\u5efa\u65b9\u5f0f\u4e4b\u540e\uff0c\u5728\u4e0b\u62c9\u5217\u8868\u4e2d\u9009\u62e9\u60f3\u8981\u4f7f\u7528\u7684\u5b58\u50a8\u6c60/\u6570\u636e\u5377/\u5feb\u7167\u3002
\u8bbf\u95ee\u6a21\u5f0f\uff1a
ReadWriteOnce\uff0c\u6570\u636e\u5377\u58f0\u660e\u53ef\u4ee5\u88ab\u4e00\u4e2a\u8282\u70b9\u4ee5\u8bfb\u5199\u65b9\u5f0f\u6302\u8f7d\u3002
ReadWriteOncePod\uff0c\u6570\u636e\u5377\u58f0\u660e\u53ef\u4ee5\u88ab\u5355\u4e2a Pod \u4ee5\u8bfb\u5199\u65b9\u5f0f\u6302\u8f7d\u3002
\u5728\u96c6\u7fa4\u5217\u8868\u4e2d\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u7136\u540e\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u5bb9\u5668\u5b58\u50a8 -> \u6570\u636e\u5377\u58f0\u660e(PVC) \u3002
\u8be5\u9875\u9762\u53ef\u4ee5\u67e5\u770b\u5f53\u524d\u96c6\u7fa4\u4e2d\u7684\u6240\u6709\u6570\u636e\u5377\u58f0\u660e\uff0c\u4ee5\u53ca\u5404\u4e2a\u6570\u636e\u5377\u58f0\u660e\u7684\u72b6\u6001\u3001\u5bb9\u91cf\u3001\u547d\u540d\u7a7a\u95f4\u7b49\u4fe1\u606f\u3002
\u652f\u6301\u6309\u7167\u6570\u636e\u5377\u58f0\u660e\u7684\u540d\u79f0\u3001\u72b6\u6001\u3001\u547d\u540d\u7a7a\u95f4\u3001\u521b\u5efa\u65f6\u95f4\u8fdb\u884c\u987a\u5e8f\u6216\u9006\u5e8f\u6392\u5e8f\u3002
\u70b9\u51fb\u6570\u636e\u5377\u58f0\u660e\u7684\u540d\u79f0\uff0c\u53ef\u4ee5\u67e5\u770b\u8be5\u6570\u636e\u5377\u58f0\u660e\u7684\u57fa\u672c\u914d\u7f6e\u3001\u5b58\u50a8\u6c60\u4fe1\u606f\u3001\u6807\u7b7e\u3001\u6ce8\u89e3\u7b49\u4fe1\u606f\u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u5bb9\u5668\u5b58\u50a8 -> \u6570\u636e\u5377\u58f0\u660e(PVC) \uff0c\u627e\u5230\u60f3\u8981\u8c03\u6574\u5bb9\u91cf\u7684\u6570\u636e\u5377\u58f0\u660e\u3002
\u70b9\u51fb\u6570\u636e\u5377\u58f0\u660e\u7684\u540d\u79f0\uff0c\u7136\u540e\u5728\u9875\u9762\u53f3\u4e0a\u89d2\u70b9\u51fb\u64cd\u4f5c\u6309\u94ae\u9009\u62e9 \u6269\u5bb9 \u3002
\u8f93\u5165\u76ee\u6807\u5bb9\u91cf\uff0c\u7136\u540e\u70b9\u51fb \u786e\u5b9a \u3002
\u901a\u8fc7\u514b\u9686\u6570\u636e\u5377\u58f0\u660e\uff0c\u53ef\u4ee5\u57fa\u4e8e\u88ab\u514b\u9686\u6570\u636e\u5377\u58f0\u660e\u7684\u914d\u7f6e\uff0c\u91cd\u65b0\u521b\u5efa\u4e00\u4e2a\u65b0\u7684\u6570\u636e\u5377\u58f0\u660e\u3002
\u8fdb\u5165\u514b\u9686\u9875\u9762
\u5728\u6570\u636e\u5377\u58f0\u660e\u5217\u8868\u9875\u9762\uff0c\u627e\u5230\u9700\u8981\u514b\u9686\u7684\u6570\u636e\u5377\u58f0\u660e\uff0c\u5728\u53f3\u4fa7\u7684\u64cd\u4f5c\u680f\u4e0b\u9009\u62e9 \u514b\u9686 \u3002
\u4e5f\u53ef\u4ee5\u70b9\u51fb\u6570\u636e\u5377\u58f0\u660e\u7684\u540d\u79f0\uff0c\u5728\u8be6\u60c5\u9875\u9762\u7684\u53f3\u4e0a\u89d2\u70b9\u51fb\u64cd\u4f5c\u6309\u94ae\u9009\u62e9 \u514b\u9686 \u3002
\u76f4\u63a5\u4f7f\u7528\u539f\u914d\u7f6e\uff0c\u6216\u8005\u6309\u9700\u8fdb\u884c\u4fee\u6539\uff0c\u7136\u540e\u5728\u9875\u9762\u5e95\u90e8\u70b9\u51fb \u786e\u5b9a \u3002
\u6709\u4e24\u79cd\u9014\u5f84\u53ef\u4ee5\u66f4\u65b0\u6570\u636e\u5377\u58f0\u660e\u3002\u652f\u6301\u901a\u8fc7\u8868\u5355\u6216 YAML \u6587\u4ef6\u66f4\u65b0\u6570\u636e\u5377\u58f0\u660e\u3002
Note
\u4ec5\u652f\u6301\u66f4\u65b0\u6570\u636e\u5377\u58f0\u660e\u7684\u522b\u540d\u3001\u6807\u7b7e\u548c\u6ce8\u89e3\u3002
\u5728\u6570\u636e\u5377\u5217\u8868\u9875\u9762\uff0c\u627e\u5230\u9700\u8981\u66f4\u65b0\u7684\u6570\u636e\u5377\u58f0\u660e\uff0c\u5728\u53f3\u4fa7\u7684\u64cd\u4f5c\u680f\u4e0b\u9009\u62e9 \u66f4\u65b0 \u5373\u53ef\u901a\u8fc7\u8868\u5355\u66f4\u65b0\uff0c\u9009\u62e9 \u7f16\u8f91 YAML \u5373\u53ef\u901a\u8fc7 YAML \u66f4\u65b0\u3002
\u70b9\u51fb\u6570\u636e\u5377\u58f0\u660e\u7684\u540d\u79f0\uff0c\u8fdb\u5165\u6570\u636e\u5377\u58f0\u660e\u7684\u8be6\u60c5\u9875\u9762\u540e\uff0c\u5728\u9875\u9762\u53f3\u4e0a\u89d2\u9009\u62e9 \u66f4\u65b0 \u5373\u53ef\u901a\u8fc7\u8868\u5355\u66f4\u65b0\uff0c\u9009\u62e9 \u7f16\u8f91 YAML \u5373\u53ef\u901a\u8fc7 YAML \u66f4\u65b0\u3002
\u5728\u6570\u636e\u5377\u58f0\u660e\u5217\u8868\u9875\u9762\uff0c\u627e\u5230\u9700\u8981\u5220\u9664\u7684\u6570\u636e\uff0c\u5728\u53f3\u4fa7\u7684\u64cd\u4f5c\u680f\u4e0b\u9009\u62e9 \u5220\u9664 \u3002
\u4e5f\u53ef\u4ee5\u70b9\u51fb\u6570\u636e\u5377\u58f0\u660e\u7684\u540d\u79f0\uff0c\u5728\u8be6\u60c5\u9875\u9762\u7684\u53f3\u4e0a\u89d2\u70b9\u51fb\u64cd\u4f5c\u6309\u94ae\u9009\u62e9 \u5220\u9664 \u3002
"},{"location":"admin/kpanda/storage/pvc.html#_8","title":"\u5e38\u89c1\u95ee\u9898","text":"\u5982\u679c\u5217\u8868\u4e2d\u6ca1\u6709\u53ef\u9009\u7684\u5b58\u50a8\u6c60\u6216\u6570\u636e\u5377\uff0c\u53ef\u4ee5\u521b\u5efa\u5b58\u50a8\u6c60\u6216\u521b\u5efa\u6570\u636e\u5377\u3002
\u5982\u679c\u5217\u8868\u4e2d\u6ca1\u6709\u53ef\u9009\u7684\u5feb\u7167\uff0c\u53ef\u4ee5\u8fdb\u5165\u6570\u636e\u5377\u58f0\u660e\u7684\u8be6\u60c5\u9875\uff0c\u5728\u53f3\u4e0a\u89d2\u5236\u4f5c\u5feb\u7167\u3002
\u5982\u679c\u6570\u636e\u5377\u58f0\u660e\u6240\u4f7f\u7528\u7684\u5b58\u50a8\u6c60 (SC) \u6ca1\u6709\u542f\u7528\u5feb\u7167\uff0c\u5219\u65e0\u6cd5\u5236\u4f5c\u5feb\u7167\uff0c\u9875\u9762\u4e0d\u4f1a\u663e\u793a\u201c\u5236\u4f5c\u5feb\u7167\u201d\u9009\u9879\u3002
\u5982\u679c\u6570\u636e\u5377\u58f0\u660e\u6240\u4f7f\u7528\u7684\u5b58\u50a8\u6c60 (SC) \u6ca1\u6709\u5f00\u542f\u6269\u5bb9\u529f\u80fd\uff0c\u5219\u8be5\u6570\u636e\u5377\u4e0d\u652f\u6301\u6269\u5bb9\uff0c\u9875\u9762\u4e0d\u4f1a\u663e\u793a\u6269\u5bb9\u9009\u9879\u3002
\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u652f\u6301\u5c06\u4e00\u4e2a\u5b58\u50a8\u6c60\u5171\u4eab\u7ed9\u591a\u4e2a\u547d\u540d\u7a7a\u95f4\u4f7f\u7528\uff0c\u4ee5\u4fbf\u63d0\u9ad8\u8d44\u6e90\u5229\u7528\u6548\u7387\u3002
\u5728\u5b58\u50a8\u6c60\u5217\u8868\u4e2d\u627e\u5230\u9700\u8981\u5171\u4eab\u7684\u5b58\u50a8\u6c60\uff0c\u5728\u53f3\u4fa7\u64cd\u4f5c\u680f\u4e0b\u70b9\u51fb \u6388\u6743\u547d\u540d\u7a7a\u95f4 \u3002
\u70b9\u51fb \u81ea\u5b9a\u4e49\u547d\u540d\u7a7a\u95f4 \u53ef\u4ee5\u9010\u4e00\u9009\u62e9\u9700\u8981\u5c06\u6b64\u5b58\u50a8\u6c60\u5171\u4eab\u5230\u54ea\u4e9b\u547d\u540d\u7a7a\u95f4\u3002
\u5728\u5217\u8868\u53f3\u4fa7\u7684\u64cd\u4f5c\u680f\u4e0b\u65b9\u70b9\u51fb \u79fb\u9664\u6388\u6743 \uff0c\u53ef\u4ee5\u89e3\u9664\u6388\u6743\uff0c\u505c\u6b62\u5c06\u6b64\u5b58\u50a8\u6c60\u5171\u4eab\u5230\u8be5\u547d\u540d\u7a7a\u95f4\u3002
\u5b58\u50a8\u6c60\u6307\u5c06\u8bb8\u591a\u7269\u7406\u78c1\u76d8\u7ec4\u6210\u4e00\u4e2a\u5927\u578b\u5b58\u50a8\u8d44\u6e90\u6c60\uff0c\u672c\u5e73\u53f0\u652f\u6301\u63a5\u5165\u5404\u7c7b\u5b58\u50a8\u5382\u5546\u540e\u521b\u5efa\u5757\u5b58\u50a8\u6c60\u3001\u672c\u5730\u5b58\u50a8\u6c60\u3001\u81ea\u5b9a\u4e49\u5b58\u50a8\u6c60\uff0c\u7136\u540e\u4e3a\u5de5\u4f5c\u8d1f\u8f7d\u52a8\u6001\u914d\u7f6e\u6570\u636e\u5377\u3002
"},{"location":"admin/kpanda/storage/sc.html#sc_1","title":"\u521b\u5efa\u5b58\u50a8\u6c60(SC)","text":"\u76ee\u524d\u652f\u6301\u901a\u8fc7 YAML \u548c\u8868\u5355\u4e24\u79cd\u65b9\u5f0f\u521b\u5efa\u5b58\u50a8\u6c60\uff0c\u8fd9\u4e24\u79cd\u65b9\u5f0f\u5404\u6709\u4f18\u52a3\uff0c\u53ef\u4ee5\u6ee1\u8db3\u4e0d\u540c\u7528\u6237\u7684\u4f7f\u7528\u9700\u6c42\u3002
\u901a\u8fc7 YAML \u521b\u5efa\u6b65\u9aa4\u66f4\u5c11\u3001\u66f4\u9ad8\u6548\uff0c\u4f46\u95e8\u69db\u8981\u6c42\u8f83\u9ad8\uff0c\u9700\u8981\u719f\u6089\u5b58\u50a8\u6c60\u7684 YAML \u6587\u4ef6\u914d\u7f6e\u3002
\u901a\u8fc7\u8868\u5355\u521b\u5efa\u66f4\u76f4\u89c2\u66f4\u7b80\u5355\uff0c\u6839\u636e\u63d0\u793a\u586b\u5199\u5bf9\u5e94\u7684\u503c\u5373\u53ef\uff0c\u4f46\u6b65\u9aa4\u66f4\u52a0\u7e41\u7410\u3002
\u5728\u96c6\u7fa4\u5217\u8868\u4e2d\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u7136\u540e\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u5bb9\u5668\u5b58\u50a8 -> \u5b58\u50a8\u6c60(SC) -> YAML \u521b\u5efa \u3002
\u5728\u5f39\u6846\u4e2d\u8f93\u5165\u6216\u7c98\u8d34\u4e8b\u5148\u51c6\u5907\u597d\u7684 YAML \u6587\u4ef6\uff0c\u7136\u540e\u5728\u5f39\u6846\u5e95\u90e8\u70b9\u51fb \u786e\u5b9a \u3002
\u652f\u6301\u4ece\u672c\u5730\u5bfc\u5165 YAML \u6587\u4ef6\u6216\u5c06\u586b\u5199\u597d\u7684\u6587\u4ef6\u4e0b\u8f7d\u4fdd\u5b58\u5230\u672c\u5730\u3002
\u5728\u96c6\u7fa4\u5217\u8868\u4e2d\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u7136\u540e\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u5bb9\u5668\u5b58\u50a8 -> \u5b58\u50a8\u6c60(SC) -> \u521b\u5efa\u5b58\u50a8\u6c60(SC) \u3002
\u586b\u5199\u57fa\u672c\u4fe1\u606f\uff0c\u7136\u540e\u5728\u5e95\u90e8\u70b9\u51fb \u786e\u5b9a \u3002
\u81ea\u5b9a\u4e49\u5b58\u50a8\u7cfb\u7edf
CSI \u5b58\u50a8\u9a71\u52a8\uff1a\u57fa\u4e8e\u6807\u51c6 Kubernetes \u7684\u5bb9\u5668\u5b58\u50a8\u63a5\u53e3\u63d2\u4ef6\uff0c\u9700\u9075\u5b88\u5b58\u50a8\u5382\u5546\u89c4\u5b9a\u7684\u683c\u5f0f\uff0c\u4f8b\u5982 rancher.io/local-path \u3002
HwameiStor \u5b58\u50a8\u7cfb\u7edf
lvm.hwameistor.io
\u3002hdd.hwameistor.io
Note
\u76ee\u524d HwameiStor xfs\u3001ext4 \u4e24\u79cd\u6587\u4ef6\u7cfb\u7edf\uff0c\u5176\u4e2d\u9ed8\u8ba4\u4f7f\u7528\u7684\u662f xfs \u6587\u4ef6\u7cfb\u7edf\uff0c\u5982\u679c\u60f3\u8981\u66ff\u6362\u4e3a ext4\uff0c\u53ef\u4ee5\u5728\u81ea\u5b9a\u4e49\u53c2\u6570\u6dfb\u52a0 csi.storage.k8s.io/fstype: ext4
\u5728\u5b58\u50a8\u6c60\u5217\u8868\u9875\u9762\uff0c\u627e\u5230\u9700\u8981\u66f4\u65b0\u7684\u5b58\u50a8\u6c60\uff0c\u5728\u53f3\u4fa7\u7684\u64cd\u4f5c\u680f\u4e0b\u9009\u62e9 \u7f16\u8f91 \u5373\u53ef\u901a\u8fc7\u66f4\u65b0\u5b58\u50a8\u6c60\u3002
Info
\u9009\u62e9 \u67e5\u770b YAML \u53ef\u4ee5\u67e5\u770b\u8be5\u5b58\u50a8\u6c60\u7684 YAML \u6587\u4ef6\uff0c\u4f46\u4e0d\u652f\u6301\u7f16\u8f91\u3002
"},{"location":"admin/kpanda/storage/sc.html#sc_3","title":"\u5220\u9664\u5b58\u50a8\u6c60(SC)","text":"\u5728\u5b58\u50a8\u6c60\u5217\u8868\u9875\u9762\uff0c\u627e\u5230\u9700\u8981\u5220\u9664\u7684\u5b58\u50a8\u6c60\uff0c\u5728\u53f3\u4fa7\u7684\u64cd\u4f5c\u680f\u4e0b\u9009\u62e9 \u5220\u9664 \u3002
"},{"location":"admin/kpanda/workloads/create-cronjob.html","title":"\u521b\u5efa\u5b9a\u65f6\u4efb\u52a1\uff08CronJob\uff09","text":"\u672c\u6587\u4ecb\u7ecd\u5982\u4f55\u901a\u8fc7\u955c\u50cf\u548c YAML \u6587\u4ef6\u4e24\u79cd\u65b9\u5f0f\u521b\u5efa\u5b9a\u65f6\u4efb\u52a1\uff08CronJob\uff09\u3002
\u5b9a\u65f6\u4efb\u52a1\uff08CronJob\uff09\u9002\u7528\u4e8e\u4e8e\u6267\u884c\u5468\u671f\u6027\u7684\u64cd\u4f5c\uff0c\u4f8b\u5982\u5907\u4efd\u3001\u62a5\u544a\u751f\u6210\u7b49\u3002\u8fd9\u4e9b\u4efb\u52a1\u53ef\u4ee5\u914d\u7f6e\u4e3a\u5468\u671f\u6027\u91cd\u590d\u7684\uff08\u4f8b\u5982\uff1a\u6bcf\u5929/\u6bcf\u5468/\u6bcf\u6708\u4e00\u6b21\uff09\uff0c\u53ef\u4ee5\u5b9a\u4e49\u4efb\u52a1\u5f00\u59cb\u6267\u884c\u7684\u65f6\u95f4\u95f4\u9694\u3002
"},{"location":"admin/kpanda/workloads/create-cronjob.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u521b\u5efa\u5b9a\u65f6\u4efb\u52a1\uff08CronJob\uff09\u4e4b\u524d\uff0c\u9700\u8981\u6ee1\u8db3\u4ee5\u4e0b\u524d\u63d0\u6761\u4ef6\uff1a
\u5728\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u4e2d\u63a5\u5165 Kubernetes \u96c6\u7fa4\u6216\u8005\u521b\u5efa Kubernetes \u96c6\u7fa4\uff0c\u4e14\u80fd\u591f\u8bbf\u95ee\u96c6\u7fa4\u7684 UI \u754c\u9762\u3002
\u521b\u5efa\u4e00\u4e2a\u547d\u540d\u7a7a\u95f4\u548c\u7528\u6237\u3002
\u5f53\u524d\u64cd\u4f5c\u7528\u6237\u5e94\u5177\u6709 NS Editor \u6216\u66f4\u9ad8\u6743\u9650\uff0c\u8be6\u60c5\u53ef\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u6388\u6743\u3002
\u5355\u4e2a\u5b9e\u4f8b\u4e2d\u6709\u591a\u4e2a\u5bb9\u5668\u65f6\uff0c\u8bf7\u786e\u4fdd\u5bb9\u5668\u4f7f\u7528\u7684\u7aef\u53e3\u4e0d\u51b2\u7a81\uff0c\u5426\u5219\u90e8\u7f72\u4f1a\u5931\u6548\u3002
\u53c2\u8003\u4ee5\u4e0b\u6b65\u9aa4\uff0c\u4f7f\u7528\u955c\u50cf\u521b\u5efa\u4e00\u4e2a\u5b9a\u65f6\u4efb\u52a1\u3002
\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u4e0a\u7684 \u96c6\u7fa4\u5217\u8868 \uff0c\u7136\u540e\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u9875\u9762\u3002
\u5728\u96c6\u7fa4\u8be6\u60c5\u9875\u9762\uff0c\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u7684 \u5de5\u4f5c\u8d1f\u8f7d -> \u5b9a\u65f6\u4efb\u52a1 \uff0c\u7136\u540e\u70b9\u51fb\u9875\u9762\u53f3\u4e0a\u89d2\u7684 \u955c\u50cf\u521b\u5efa \u6309\u94ae\u3002
\u4f9d\u6b21\u586b\u5199\u57fa\u672c\u4fe1\u606f\u3001\u5bb9\u5668\u914d\u7f6e\u3001\u5b9a\u65f6\u4efb\u52a1\u914d\u7f6e\u3001\u9ad8\u7ea7\u914d\u7f6e\u540e\uff0c\u5728\u9875\u9762\u53f3\u4e0b\u89d2\u70b9\u51fb \u786e\u5b9a \u5b8c\u6210\u521b\u5efa\u3002
\u7cfb\u7edf\u5c06\u81ea\u52a8\u8fd4\u56de \u5b9a\u65f6\u4efb\u52a1 \u5217\u8868\u3002\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507 \uff0c\u53ef\u4ee5\u5bf9\u5b9a\u65f6\u4efb\u52a1\u6267\u884c\u6267\u884c\u66f4\u65b0\u3001\u5220\u9664\u3001\u91cd\u542f\u7b49\u64cd\u4f5c\u3002
\u5728 \u521b\u5efa\u5b9a\u65f6\u4efb\u52a1 \u9875\u9762\u4e2d\uff0c\u6839\u636e\u4e0b\u8868\u8f93\u5165\u4fe1\u606f\u540e\uff0c\u70b9\u51fb \u4e0b\u4e00\u6b65 \u3002
\u5bb9\u5668\u914d\u7f6e\u5206\u4e3a\u57fa\u672c\u4fe1\u606f\u3001\u751f\u547d\u5468\u671f\u3001\u5065\u5eb7\u68c0\u67e5\u3001\u73af\u5883\u53d8\u91cf\u3001\u6570\u636e\u5b58\u50a8\u3001\u5b89\u5168\u8bbe\u7f6e\u516d\u90e8\u5206\uff0c\u70b9\u51fb\u4e0b\u65b9\u7684\u76f8\u5e94\u9875\u7b7e\u53ef\u67e5\u770b\u5404\u90e8\u5206\u7684\u914d\u7f6e\u8981\u6c42\u3002
\u5bb9\u5668\u914d\u7f6e\u4ec5\u9488\u5bf9\u5355\u4e2a\u5bb9\u5668\u8fdb\u884c\u914d\u7f6e\uff0c\u5982\u9700\u5728\u4e00\u4e2a\u5bb9\u5668\u7ec4\u4e2d\u6dfb\u52a0\u591a\u4e2a\u5bb9\u5668\uff0c\u53ef\u70b9\u51fb\u53f3\u4fa7\u7684 + \u6dfb\u52a0\u591a\u4e2a\u5bb9\u5668\u3002
\u57fa\u672c\u4fe1\u606f\uff08\u5fc5\u586b\uff09\u751f\u547d\u5468\u671f\uff08\u9009\u586b\uff09\u5065\u5eb7\u68c0\u67e5\uff08\u9009\u586b\uff09\u73af\u5883\u53d8\u91cf\uff08\u9009\u586b\uff09\u6570\u636e\u5b58\u50a8\uff08\u9009\u586b\uff09\u5b89\u5168\u8bbe\u7f6e\uff08\u9009\u586b\uff09\u5728\u914d\u7f6e\u5bb9\u5668\u76f8\u5173\u53c2\u6570\u65f6\uff0c\u5fc5\u987b\u6b63\u786e\u586b\u5199\u5bb9\u5668\u7684\u540d\u79f0\u3001\u955c\u50cf\u53c2\u6570\uff0c\u5426\u5219\u5c06\u65e0\u6cd5\u8fdb\u5165\u4e0b\u4e00\u6b65\u3002\u53c2\u8003\u4ee5\u4e0b\u8981\u6c42\u586b\u5199\u914d\u7f6e\u540e\uff0c\u70b9\u51fb \u786e\u8ba4 \u3002
\u5de5\u4f5c\u5bb9\u5668
\u3002\u6709\u5173\u521d\u59cb\u5316\u5bb9\u5668\uff0c\u53c2\u89c1 k8s \u5b98\u65b9\u6587\u6863\u3002\u8bbe\u7f6e GPU \u4e4b\u524d\uff0c\u9700\u8981\u7ba1\u7406\u5458\u9884\u5148\u5728\u96c6\u7fa4\u4e0a\u5b89\u88c5 GPU Operator \u548c nvidia-vgpu\uff08\u4ec5 vGPU \u6a21\u5f0f\u9700\u8981\u5b89\u88c5\uff09\uff0c\u5e76\u5728\u96c6\u7fa4\u8bbe\u7f6e\u4e2d\u5f00\u542f GPU \u7279\u6027\u3002
\u8bbe\u7f6e\u5bb9\u5668\u542f\u52a8\u65f6\u3001\u542f\u52a8\u540e\u3001\u505c\u6b62\u524d\u9700\u8981\u6267\u884c\u7684\u547d\u4ee4\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u5bb9\u5668\u751f\u547d\u5468\u671f\u914d\u7f6e\u3002
\u7528\u4e8e\u5224\u65ad\u5bb9\u5668\u548c\u5e94\u7528\u7684\u5065\u5eb7\u72b6\u6001\uff0c\u6709\u52a9\u4e8e\u63d0\u9ad8\u5e94\u7528\u7684\u53ef\u7528\u6027\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u5bb9\u5668\u5065\u5eb7\u68c0\u67e5\u914d\u7f6e\u3002
\u914d\u7f6e Pod \u5185\u7684\u5bb9\u5668\u53c2\u6570\uff0c\u4e3a Pod \u6dfb\u52a0\u73af\u5883\u53d8\u91cf\u6216\u4f20\u9012\u914d\u7f6e\u7b49\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u5bb9\u5668\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002
\u914d\u7f6e\u5bb9\u5668\u6302\u8f7d\u6570\u636e\u5377\u548c\u6570\u636e\u6301\u4e45\u5316\u7684\u8bbe\u7f6e\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u5bb9\u5668\u6570\u636e\u5b58\u50a8\u914d\u7f6e\u3002
\u901a\u8fc7 Linux \u5185\u7f6e\u7684\u8d26\u53f7\u6743\u9650\u9694\u79bb\u673a\u5236\u6765\u5bf9\u5bb9\u5668\u8fdb\u884c\u5b89\u5168\u9694\u79bb\u3002\u60a8\u53ef\u4ee5\u901a\u8fc7\u4f7f\u7528\u4e0d\u540c\u6743\u9650\u7684\u8d26\u53f7 UID\uff08\u6570\u5b57\u8eab\u4efd\u6807\u8bb0\uff09\u6765\u9650\u5236\u5bb9\u5668\u7684\u6743\u9650\u3002\u4f8b\u5982\uff0c\u8f93\u5165 0 \u8868\u793a\u4f7f\u7528 root \u8d26\u53f7\u7684\u6743\u9650\u3002
"},{"location":"admin/kpanda/workloads/create-cronjob.html#_5","title":"\u5b9a\u65f6\u4efb\u52a1\u914d\u7f6e","text":"\u5e76\u53d1\u7b56\u7565\uff1a\u662f\u5426\u5141\u8bb8\u591a\u4e2a Job \u4efb\u52a1\u5e76\u884c\u6267\u884c\u3002
\u4e0a\u8ff0\u89c4\u5219\u4ec5\u9002\u7528\u4e8e\u540c\u4e00\u4e2a CronJob \u521b\u5efa\u7684\u591a\u4e2a\u4efb\u52a1\u3002\u591a\u4e2a CronJob \u521b\u5efa\u7684\u591a\u4e2a\u4efb\u52a1\u603b\u662f\u5141\u8bb8\u5e76\u53d1\u6267\u884c\u3002
\u5b9a\u65f6\u89c4\u5219\uff1a\u57fa\u4e8e\u5206\u949f\u3001\u5c0f\u65f6\u3001\u5929\u3001\u5468\u3001\u6708\u8bbe\u7f6e\u4efb\u52a1\u6267\u884c\u7684\u65f6\u95f4\u5468\u671f\u3002\u652f\u6301\u7528\u6570\u5b57\u548c *
\u81ea\u5b9a\u4e49 Cron \u8868\u8fbe\u5f0f\uff0c\u8f93\u5165\u8868\u8fbe\u5f0f\u540e\u4e0b\u65b9\u4f1a\u63d0\u793a\u5f53\u524d\u8868\u8fbe\u5f0f\u7684\u542b\u4e49\u3002\u6709\u5173\u8be6\u7ec6\u7684\u8868\u8fbe\u5f0f\u8bed\u6cd5\u89c4\u5219\uff0c\u53ef\u53c2\u8003 Cron \u65f6\u95f4\u8868\u8bed\u6cd5\u3002
\u4e3a\u6709\u72b6\u6001\u8d1f\u8f7d\u914d\u7f6e\u670d\u52a1\uff08Service\uff09\uff0c\u4f7f\u6709\u72b6\u6001\u8d1f\u8f7d\u80fd\u591f\u88ab\u5916\u90e8\u8bbf\u95ee\u3002
\u70b9\u51fb \u521b\u5efa\u670d\u52a1 \u6309\u94ae\u3002
\u53c2\u8003\u521b\u5efa\u670d\u52a1\uff0c\u914d\u7f6e\u670d\u52a1\u53c2\u6570\u3002
\u70b9\u51fb \u786e\u5b9a \uff0c\u70b9\u51fb \u4e0b\u4e00\u6b65 \u3002
\u5b9a\u65f6\u4efb\u52a1\u7684\u9ad8\u7ea7\u914d\u7f6e\u4e3b\u8981\u6d89\u53ca\u6807\u7b7e\u4e0e\u6ce8\u89e3\u3002
\u53ef\u4ee5\u70b9\u51fb \u6dfb\u52a0 \u6309\u94ae\u4e3a\u5de5\u4f5c\u8d1f\u8f7d\u5b9e\u4f8b Pod \u6dfb\u52a0\u6807\u7b7e\u548c\u6ce8\u89e3\u3002
"},{"location":"admin/kpanda/workloads/create-cronjob.html#yaml","title":"YAML \u521b\u5efa","text":"\u9664\u4e86\u901a\u8fc7\u955c\u50cf\u65b9\u5f0f\u5916\uff0c\u8fd8\u53ef\u4ee5\u901a\u8fc7 YAML \u6587\u4ef6\u66f4\u5feb\u901f\u5730\u521b\u5efa\u521b\u5efa\u5b9a\u65f6\u4efb\u52a1\u3002
\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u4e0a\u7684 \u96c6\u7fa4\u5217\u8868 \uff0c\u7136\u540e\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u9875\u9762\u3002
\u5728\u96c6\u7fa4\u8be6\u60c5\u9875\u9762\uff0c\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u7684 \u5de5\u4f5c\u8d1f\u8f7d -> \u5b9a\u65f6\u4efb\u52a1 \uff0c\u7136\u540e\u70b9\u51fb\u9875\u9762\u53f3\u4e0a\u89d2\u7684 YAML \u521b\u5efa \u6309\u94ae\u3002
\u8f93\u5165\u6216\u7c98\u8d34\u4e8b\u5148\u51c6\u5907\u597d\u7684 YAML \u6587\u4ef6\uff0c\u70b9\u51fb \u786e\u5b9a \u5373\u53ef\u5b8c\u6210\u521b\u5efa\u3002
apiVersion: batch/v1\nkind: CronJob\nmetadata:\n creationTimestamp: '2022-12-26T09:45:47Z'\n generation: 1\n name: demo\n namespace: default\n resourceVersion: '92726617'\n uid: d030d8d7-a405-4dcd-b09a-176942ef36c9\nspec:\n concurrencyPolicy: Allow\n failedJobsHistoryLimit: 1\n jobTemplate:\n metadata:\n creationTimestamp: null\n spec:\n activeDeadlineSeconds: 360\n backoffLimit: 6\n template:\n metadata:\n creationTimestamp: null\n spec:\n containers:\n - image: nginx\n imagePullPolicy: IfNotPresent\n lifecycle: {}\n name: container-3\n resources:\n limits:\n cpu: 250m\n memory: 512Mi\n requests:\n cpu: 250m\n memory: 512Mi\n securityContext:\n privileged: false\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n dnsPolicy: ClusterFirst\n restartPolicy: Never\n schedulerName: default-scheduler\n securityContext: {}\n terminationGracePeriodSeconds: 30\n schedule: 0 0 13 * 5\n successfulJobsHistoryLimit: 3\n suspend: false\nstatus: {}\n
"},{"location":"admin/kpanda/workloads/create-daemonset.html","title":"\u521b\u5efa\u5b88\u62a4\u8fdb\u7a0b(DaemonSet)","text":"\u672c\u6587\u4ecb\u7ecd\u5982\u4f55\u901a\u8fc7\u955c\u50cf\u548c YAML \u6587\u4ef6\u4e24\u79cd\u65b9\u5f0f\u521b\u5efa\u5b88\u62a4\u8fdb\u7a0b\uff08DaemonSet\uff09\u3002
\u5b88\u62a4\u8fdb\u7a0b\uff08DaemonSet\uff09\u901a\u8fc7\u8282\u70b9\u4eb2\u548c\u6027\u4e0e\u6c61\u70b9\u529f\u80fd\u786e\u4fdd\u5728\u5168\u90e8\u6216\u90e8\u5206\u8282\u70b9\u4e0a\u8fd0\u884c\u4e00\u4e2a Pod \u7684\u526f\u672c\u3002\u5bf9\u4e8e\u65b0\u52a0\u5165\u96c6\u7fa4\u7684\u8282\u70b9\uff0cDaemonSet \u81ea\u52a8\u5728\u65b0\u8282\u70b9\u4e0a\u90e8\u7f72\u76f8\u5e94\u7684 Pod\uff0c\u5e76\u8ddf\u8e2a Pod \u7684\u8fd0\u884c\u72b6\u6001\u3002\u5f53\u8282\u70b9\u88ab\u79fb\u9664\u65f6\uff0cDaemonSet \u5219\u5220\u9664\u5176\u521b\u5efa\u7684\u6240\u6709 Pod\u3002
\u5b88\u62a4\u8fdb\u7a0b\u7684\u5e38\u89c1\u7528\u4f8b\u5305\u62ec\uff1a
\u5728\u6bcf\u4e2a\u8282\u70b9\u4e0a\u8fd0\u884c\u96c6\u7fa4\u5b88\u62a4\u8fdb\u7a0b\u3002
\u5728\u6bcf\u4e2a\u8282\u70b9\u4e0a\u8fd0\u884c\u65e5\u5fd7\u6536\u96c6\u5b88\u62a4\u8fdb\u7a0b\u3002
\u5728\u6bcf\u4e2a\u8282\u70b9\u4e0a\u8fd0\u884c\u76d1\u63a7\u5b88\u62a4\u8fdb\u7a0b\u3002
\u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5728\u6bcf\u4e2a\u8282\u70b9\u4e0a\u4e3a\u6bcf\u79cd\u7c7b\u578b\u7684\u5b88\u62a4\u8fdb\u7a0b\u90fd\u542f\u52a8\u4e00\u4e2a DaemonSet\u3002\u5982\u9700\u66f4\u7cbe\u7ec6\u3001\u66f4\u9ad8\u7ea7\u5730\u7ba1\u7406\u5b88\u62a4\u8fdb\u7a0b\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u540c\u4e00\u79cd\u5b88\u62a4\u8fdb\u7a0b\u90e8\u7f72\u591a\u4e2a DaemonSet\u3002\u6bcf\u4e2a DaemonSet \u5177\u6709\u4e0d\u540c\u7684\u6807\u5fd7\uff0c\u5e76\u4e14\u5bf9\u4e0d\u540c\u786c\u4ef6\u7c7b\u578b\u5177\u6709\u4e0d\u540c\u7684\u5185\u5b58\u3001CPU \u8981\u6c42\u3002
"},{"location":"admin/kpanda/workloads/create-daemonset.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u521b\u5efa DaemonSet \u4e4b\u524d\uff0c\u9700\u8981\u6ee1\u8db3\u4ee5\u4e0b\u524d\u63d0\u6761\u4ef6\uff1a
\u5728\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u4e2d\u63a5\u5165 Kubernetes \u96c6\u7fa4\u6216\u8005\u521b\u5efa Kubernetes \u96c6\u7fa4\uff0c\u4e14\u80fd\u591f\u8bbf\u95ee\u96c6\u7fa4\u7684 UI \u754c\u9762\u3002
\u521b\u5efa\u4e00\u4e2a\u547d\u540d\u7a7a\u95f4\u548c\u7528\u6237\u3002
\u5f53\u524d\u64cd\u4f5c\u7528\u6237\u5e94\u5177\u6709 NS Editor \u6216\u66f4\u9ad8\u6743\u9650\uff0c\u8be6\u60c5\u53ef\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u6388\u6743\u3002
\u5355\u4e2a\u5b9e\u4f8b\u4e2d\u6709\u591a\u4e2a\u5bb9\u5668\u65f6\uff0c\u8bf7\u786e\u4fdd\u5bb9\u5668\u4f7f\u7528\u7684\u7aef\u53e3\u4e0d\u51b2\u7a81\uff0c\u5426\u5219\u90e8\u7f72\u4f1a\u5931\u6548\u3002
\u53c2\u8003\u4ee5\u4e0b\u6b65\u9aa4\uff0c\u4f7f\u7528\u955c\u50cf\u521b\u5efa\u4e00\u4e2a\u5b88\u62a4\u8fdb\u7a0b\u3002
\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u4e0a\u7684 \u96c6\u7fa4\u5217\u8868 \uff0c\u7136\u540e\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u9875\u9762\u3002
\u5728\u96c6\u7fa4\u8be6\u60c5\u9875\u9762\uff0c\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u7684 \u5de5\u4f5c\u8d1f\u8f7d -> \u5b88\u62a4\u8fdb\u7a0b \uff0c\u7136\u540e\u70b9\u51fb\u9875\u9762\u53f3\u4e0a\u89d2\u7684 \u955c\u50cf\u521b\u5efa \u6309\u94ae\u3002
\u4f9d\u6b21\u586b\u5199\u57fa\u672c\u4fe1\u606f\u3001\u5bb9\u5668\u914d\u7f6e\u3001\u670d\u52a1\u914d\u7f6e\u3001\u9ad8\u7ea7\u914d\u7f6e\u540e\uff0c\u5728\u9875\u9762\u53f3\u4e0b\u89d2\u70b9\u51fb \u786e\u5b9a \u5b8c\u6210\u521b\u5efa\u3002
\u7cfb\u7edf\u5c06\u81ea\u52a8\u8fd4\u56de \u5b88\u62a4\u8fdb\u7a0b \u5217\u8868\u3002\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507 \uff0c\u53ef\u4ee5\u5bf9\u5b88\u62a4\u8fdb\u7a0b\u6267\u884c\u6267\u884c\u66f4\u65b0\u3001\u5220\u9664\u3001\u91cd\u542f\u7b49\u64cd\u4f5c\u3002
\u5728 \u521b\u5efa\u5b88\u62a4\u8fdb\u7a0b \u9875\u9762\u4e2d\uff0c\u6839\u636e\u4e0b\u8868\u8f93\u5165\u4fe1\u606f\u540e\uff0c\u70b9\u51fb \u4e0b\u4e00\u6b65 \u3002
\u5bb9\u5668\u914d\u7f6e\u5206\u4e3a\u57fa\u672c\u4fe1\u606f\u3001\u751f\u547d\u5468\u671f\u3001\u5065\u5eb7\u68c0\u67e5\u3001\u73af\u5883\u53d8\u91cf\u3001\u6570\u636e\u5b58\u50a8\u3001\u5b89\u5168\u8bbe\u7f6e\u516d\u90e8\u5206\uff0c\u70b9\u51fb\u4e0b\u65b9\u7684\u76f8\u5e94\u9875\u7b7e\u53ef\u67e5\u770b\u5404\u90e8\u5206\u7684\u914d\u7f6e\u8981\u6c42\u3002
\u5bb9\u5668\u914d\u7f6e\u4ec5\u9488\u5bf9\u5355\u4e2a\u5bb9\u5668\u8fdb\u884c\u914d\u7f6e\uff0c\u5982\u9700\u5728\u4e00\u4e2a\u5bb9\u5668\u7ec4\u4e2d\u6dfb\u52a0\u591a\u4e2a\u5bb9\u5668\uff0c\u53ef\u70b9\u51fb\u53f3\u4fa7\u7684 + \u6dfb\u52a0\u591a\u4e2a\u5bb9\u5668\u3002
\u57fa\u672c\u4fe1\u606f\uff08\u5fc5\u586b\uff09\u751f\u547d\u5468\u671f\uff08\u9009\u586b\uff09\u5065\u5eb7\u68c0\u67e5\uff08\u9009\u586b\uff09\u73af\u5883\u53d8\u91cf\uff08\u9009\u586b\uff09\u6570\u636e\u5b58\u50a8\uff08\u9009\u586b\uff09\u5b89\u5168\u8bbe\u7f6e\uff08\u9009\u586b\uff09\u5728\u914d\u7f6e\u5bb9\u5668\u76f8\u5173\u53c2\u6570\u65f6\uff0c\u5fc5\u987b\u6b63\u786e\u586b\u5199\u5bb9\u5668\u7684\u540d\u79f0\u3001\u955c\u50cf\u53c2\u6570\uff0c\u5426\u5219\u5c06\u65e0\u6cd5\u8fdb\u5165\u4e0b\u4e00\u6b65\u3002\u53c2\u8003\u4ee5\u4e0b\u8981\u6c42\u586b\u5199\u914d\u7f6e\u540e\uff0c\u70b9\u51fb \u786e\u8ba4 \u3002
\u5de5\u4f5c\u5bb9\u5668
\u3002\u6709\u5173\u521d\u59cb\u5316\u5bb9\u5668\uff0c\u53c2\u89c1 k8s \u5b98\u65b9\u6587\u6863\u3002\u8bbe\u7f6e GPU \u4e4b\u524d\uff0c\u9700\u8981\u7ba1\u7406\u5458\u9884\u5148\u5728\u96c6\u7fa4\u4e0a\u5b89\u88c5 GPU Operator \u548c nvidia-vgpu\uff08\u4ec5 vGPU \u6a21\u5f0f\u9700\u8981\u5b89\u88c5\uff09\uff0c\u5e76\u5728\u96c6\u7fa4\u8bbe\u7f6e\u4e2d\u5f00\u542f GPU \u7279\u6027\u3002
\u8bbe\u7f6e\u5bb9\u5668\u542f\u52a8\u65f6\u3001\u542f\u52a8\u540e\u3001\u505c\u6b62\u524d\u9700\u8981\u6267\u884c\u7684\u547d\u4ee4\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u5bb9\u5668\u751f\u547d\u5468\u671f\u914d\u7f6e\u3002
\u7528\u4e8e\u5224\u65ad\u5bb9\u5668\u548c\u5e94\u7528\u7684\u5065\u5eb7\u72b6\u6001\uff0c\u6709\u52a9\u4e8e\u63d0\u9ad8\u5e94\u7528\u7684\u53ef\u7528\u6027\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u5bb9\u5668\u5065\u5eb7\u68c0\u67e5\u914d\u7f6e\u3002
\u914d\u7f6e Pod \u5185\u7684\u5bb9\u5668\u53c2\u6570\uff0c\u4e3a Pod \u6dfb\u52a0\u73af\u5883\u53d8\u91cf\u6216\u4f20\u9012\u914d\u7f6e\u7b49\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u5bb9\u5668\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002
\u914d\u7f6e\u5bb9\u5668\u6302\u8f7d\u6570\u636e\u5377\u548c\u6570\u636e\u6301\u4e45\u5316\u7684\u8bbe\u7f6e\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u5bb9\u5668\u6570\u636e\u5b58\u50a8\u914d\u7f6e\u3002
\u901a\u8fc7 Linux \u5185\u7f6e\u7684\u8d26\u53f7\u6743\u9650\u9694\u79bb\u673a\u5236\u6765\u5bf9\u5bb9\u5668\u8fdb\u884c\u5b89\u5168\u9694\u79bb\u3002\u60a8\u53ef\u4ee5\u901a\u8fc7\u4f7f\u7528\u4e0d\u540c\u6743\u9650\u7684\u8d26\u53f7 UID\uff08\u6570\u5b57\u8eab\u4efd\u6807\u8bb0\uff09\u6765\u9650\u5236\u5bb9\u5668\u7684\u6743\u9650\u3002\u4f8b\u5982\uff0c\u8f93\u5165 0 \u8868\u793a\u4f7f\u7528 root \u8d26\u53f7\u7684\u6743\u9650\u3002
"},{"location":"admin/kpanda/workloads/create-daemonset.html#_5","title":"\u670d\u52a1\u914d\u7f6e","text":"\u4e3a\u5b88\u62a4\u8fdb\u7a0b\u521b\u5efa\u670d\u52a1\uff08Service\uff09\uff0c\u4f7f\u5b88\u62a4\u8fdb\u7a0b\u80fd\u591f\u88ab\u5916\u90e8\u8bbf\u95ee\u3002
\u70b9\u51fb \u521b\u5efa\u670d\u52a1 \u6309\u94ae\u3002
\u914d\u7f6e\u670d\u52a1\u53c2\u6570\uff0c\u8be6\u60c5\u8bf7\u53c2\u8003\u521b\u5efa\u670d\u52a1\u3002
\u70b9\u51fb \u786e\u5b9a \uff0c\u70b9\u51fb \u4e0b\u4e00\u6b65 \u3002
\u9ad8\u7ea7\u914d\u7f6e\u5305\u62ec\u8d1f\u8f7d\u7684\u7f51\u7edc\u914d\u7f6e\u3001\u5347\u7ea7\u7b56\u7565\u3001\u8c03\u5ea6\u7b56\u7565\u3001\u6807\u7b7e\u4e0e\u6ce8\u89e3\u56db\u90e8\u5206\uff0c\u53ef\u70b9\u51fb\u4e0b\u65b9\u7684\u9875\u7b7e\u67e5\u770b\u5404\u90e8\u5206\u7684\u914d\u7f6e\u8981\u6c42\u3002
\u7f51\u7edc\u914d\u7f6e\u5347\u7ea7\u7b56\u7565\u8c03\u5ea6\u7b56\u7565\u6807\u7b7e\u4e0e\u6ce8\u89e3\u5e94\u7528\u5728\u67d0\u4e9b\u573a\u666f\u4e0b\u4f1a\u51fa\u73b0\u5197\u4f59\u7684 DNS \u67e5\u8be2\u3002Kubernetes \u4e3a\u5e94\u7528\u63d0\u4f9b\u4e86\u4e0e DNS \u76f8\u5173\u7684\u914d\u7f6e\u9009\u9879\uff0c\u80fd\u591f\u5728\u67d0\u4e9b\u573a\u666f\u4e0b\u6709\u6548\u5730\u51cf\u5c11\u5197\u4f59\u7684 DNS \u67e5\u8be2\uff0c\u63d0\u5347\u4e1a\u52a1\u5e76\u53d1\u91cf\u3002
DNS \u7b56\u7565
\u57df\u540d\u670d\u52a1\u5668\uff1a\u586b\u5199\u57df\u540d\u670d\u52a1\u5668\u7684\u5730\u5740\uff0c\u4f8b\u5982 10.6.175.20 \u3002
\u5177\u4f53\u8be6\u60c5\u8bf7\u53c2\u8003\u8c03\u5ea6\u7b56\u7565\u3002
\u53ef\u4ee5\u70b9\u51fb \u6dfb\u52a0 \u6309\u94ae\u4e3a\u5de5\u4f5c\u8d1f\u8f7d\u548c\u5bb9\u5668\u7ec4\u6dfb\u52a0\u6807\u7b7e\u548c\u6ce8\u89e3\u3002
"},{"location":"admin/kpanda/workloads/create-daemonset.html#yaml","title":"YAML \u521b\u5efa","text":"\u9664\u4e86\u901a\u8fc7\u955c\u50cf\u65b9\u5f0f\u5916\uff0c\u8fd8\u53ef\u4ee5\u901a\u8fc7 YAML \u6587\u4ef6\u66f4\u5feb\u901f\u5730\u521b\u5efa\u521b\u5efa\u5b88\u62a4\u8fdb\u7a0b\u3002
\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u4e0a\u7684 \u96c6\u7fa4\u5217\u8868 \uff0c\u7136\u540e\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u9875\u9762\u3002
\u5728\u96c6\u7fa4\u8be6\u60c5\u9875\u9762\uff0c\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u7684 \u5de5\u4f5c\u8d1f\u8f7d -> \u5b88\u62a4\u8fdb\u7a0b \uff0c\u7136\u540e\u70b9\u51fb\u9875\u9762\u53f3\u4e0a\u89d2\u7684 YAML \u521b\u5efa \u6309\u94ae\u3002
\u8f93\u5165\u6216\u7c98\u8d34\u4e8b\u5148\u51c6\u5907\u597d\u7684 YAML \u6587\u4ef6\uff0c\u70b9\u51fb \u786e\u5b9a \u5373\u53ef\u5b8c\u6210\u521b\u5efa\u3002
kind: DaemonSet\napiVersion: apps/v1\nmetadata:\n name: hwameistor-local-disk-manager\n namespace: hwameistor\n uid: ccbdc098-7de3-4a8a-96dd-d1cee159c92b\n resourceVersion: '90999552'\n generation: 1\n creationTimestamp: '2022-12-15T09:03:44Z'\n labels:\n app.kubernetes.io/managed-by: Helm\n annotations:\n deprecated.daemonset.template.generation: '1'\n meta.helm.sh/release-name: hwameistor\n meta.helm.sh/release-namespace: hwameistor\nspec:\n selector:\n matchLabels:\n app: hwameistor-local-disk-manager\n template:\n metadata:\n creationTimestamp: null\n labels:\n app: hwameistor-local-disk-manager\n spec:\n volumes:\n - name: udev\n hostPath:\n path: /run/udev\n type: Directory\n - name: procmount\n hostPath:\n path: /proc\n type: Directory\n - name: devmount\n hostPath:\n path: /dev\n type: Directory\n - name: socket-dir\n hostPath:\n path: /var/lib/kubelet/plugins/disk.hwameistor.io\n type: DirectoryOrCreate\n - name: registration-dir\n hostPath:\n path: /var/lib/kubelet/plugins_registry/\n type: Directory\n - name: plugin-dir\n hostPath:\n path: /var/lib/kubelet/plugins\n type: DirectoryOrCreate\n - name: pods-mount-dir\n hostPath:\n path: /var/lib/kubelet/pods\n type: DirectoryOrCreate\n containers:\n - name: registrar\n image: k8s-gcr.m.daocloud.io/sig-storage/csi-node-driver-registrar:v2.5.0\n args:\n - '--v=5'\n - '--csi-address=/csi/csi.sock'\n - >-\n --kubelet-registration-path=/var/lib/kubelet/plugins/disk.hwameistor.io/csi.sock\n env:\n - name: KUBE_NODE_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: spec.nodeName\n resources: {}\n volumeMounts:\n - name: socket-dir\n mountPath: /csi\n - name: registration-dir\n mountPath: /registration\n lifecycle:\n preStop:\n exec:\n command:\n - /bin/sh\n - '-c'\n - >-\n rm -rf /registration/disk.hwameistor.io \n /registration/disk.hwameistor.io-reg.sock\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: IfNotPresent\n - name: manager\n image: ghcr.m.daocloud.io/hwameistor/local-disk-manager:v0.6.1\n command:\n - /local-disk-manager\n args:\n - '--endpoint=$(CSI_ENDPOINT)'\n - '--nodeid=$(NODENAME)'\n - '--csi-enable=true'\n env:\n - name: CSI_ENDPOINT\n value: unix://var/lib/kubelet/plugins/disk.hwameistor.io/csi.sock\n - name: NAMESPACE\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n - name: WATCH_NAMESPACE\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n - name: POD_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.name\n - name: NODENAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: spec.nodeName\n - name: OPERATOR_NAME\n value: local-disk-manager\n resources: {}\n volumeMounts:\n - name: udev\n mountPath: /run/udev\n - name: procmount\n readOnly: true\n mountPath: /host/proc\n - name: devmount\n mountPath: /dev\n - name: registration-dir\n mountPath: /var/lib/kubelet/plugins_registry\n - name: plugin-dir\n mountPath: /var/lib/kubelet/plugins\n mountPropagation: Bidirectional\n - name: pods-mount-dir\n mountPath: /var/lib/kubelet/pods\n mountPropagation: Bidirectional\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: IfNotPresent\n securityContext:\n privileged: true\n restartPolicy: Always\n terminationGracePeriodSeconds: 30\n dnsPolicy: ClusterFirst\n serviceAccountName: hwameistor-admin\n serviceAccount: hwameistor-admin\n hostNetwork: true\n hostPID: true\n securityContext: {}\n schedulerName: default-scheduler\n tolerations:\n - key: CriticalAddonsOnly\n operator: Exists\n - key: node.kubernetes.io/not-ready\n operator: Exists\n effect: NoSchedule\n - key: node-role.kubernetes.io/master\n operator: Exists\n effect: NoSchedule\n - key: node-role.kubernetes.io/control-plane\n operator: Exists\n effect: NoSchedule\n - key: node.cloudprovider.kubernetes.io/uninitialized\n operator: Exists\n effect: NoSchedule\n updateStrategy:\n type: RollingUpdate\n rollingUpdate:\n maxUnavailable: 1\n maxSurge: 0\n revisionHistoryLimit: 10\nstatus:\n currentNumberScheduled: 4\n numberMisscheduled: 0\n desiredNumberScheduled: 4\n numberReady: 4\n observedGeneration: 1\n updatedNumberScheduled: 4\n numberAvailable: 4\n
"},{"location":"admin/kpanda/workloads/create-deployment.html","title":"\u521b\u5efa\u65e0\u72b6\u6001\u8d1f\u8f7d\uff08Deployment\uff09","text":"\u672c\u6587\u4ecb\u7ecd\u5982\u4f55\u901a\u8fc7\u955c\u50cf\u548c YAML \u6587\u4ef6\u4e24\u79cd\u65b9\u5f0f\u521b\u5efa\u65e0\u72b6\u6001\u8d1f\u8f7d\u3002
\u65e0\u72b6\u6001\u8d1f\u8f7d\uff08Deployment\uff09\u662f Kubernetes \u4e2d\u7684\u4e00\u79cd\u5e38\u89c1\u8d44\u6e90\uff0c\u4e3b\u8981\u4e3a Pod \u548c ReplicaSet \u63d0\u4f9b\u58f0\u660e\u5f0f\u66f4\u65b0\uff0c\u652f\u6301\u5f39\u6027\u4f38\u7f29\u3001\u6eda\u52a8\u5347\u7ea7\u3001\u7248\u672c\u56de\u9000\u7b49\u529f\u80fd\u3002\u5728 Deployment \u4e2d\u58f0\u660e\u671f\u671b\u7684 Pod \u72b6\u6001\uff0cDeployment Controller \u4f1a\u901a\u8fc7 ReplicaSet \u4fee\u6539\u5f53\u524d\u72b6\u6001\uff0c\u4f7f\u5176\u8fbe\u5230\u9884\u5148\u58f0\u660e\u7684\u671f\u671b\u72b6\u6001\u3002Deployment \u662f\u65e0\u72b6\u6001\u7684\uff0c\u4e0d\u652f\u6301\u6570\u636e\u6301\u4e45\u5316\uff0c\u9002\u7528\u4e8e\u90e8\u7f72\u65e0\u72b6\u6001\u7684\u3001\u4e0d\u9700\u8981\u4fdd\u5b58\u6570\u636e\u3001\u968f\u65f6\u53ef\u4ee5\u91cd\u542f\u56de\u6eda\u7684\u5e94\u7528\u3002
\u901a\u8fc7\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u7684\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\uff0c\u53ef\u4ee5\u57fa\u4e8e\u76f8\u5e94\u7684\u89d2\u8272\u6743\u9650\u8f7b\u677e\u7ba1\u7406\u591a\u4e91\u591a\u96c6\u7fa4\u4e0a\u7684\u5de5\u4f5c\u8d1f\u8f7d\uff0c\u5305\u62ec\u5bf9\u65e0\u72b6\u6001\u8d1f\u8f7d\u7684\u521b\u5efa\u3001\u66f4\u65b0\u3001\u5220\u9664\u3001\u5f39\u6027\u6269\u7f29\u3001\u91cd\u542f\u3001\u7248\u672c\u56de\u9000\u7b49\u5168\u751f\u547d\u5468\u671f\u7ba1\u7406\u3002
"},{"location":"admin/kpanda/workloads/create-deployment.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u5728\u4f7f\u7528\u955c\u50cf\u521b\u5efa\u65e0\u72b6\u6001\u8d1f\u8f7d\u4e4b\u524d\uff0c\u9700\u8981\u6ee1\u8db3\u4ee5\u4e0b\u524d\u63d0\u6761\u4ef6\uff1a
\u5728\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u4e2d\u63a5\u5165 Kubernetes \u96c6\u7fa4\u6216\u8005\u521b\u5efa Kubernetes \u96c6\u7fa4\uff0c\u4e14\u80fd\u591f\u8bbf\u95ee\u96c6\u7fa4\u7684 UI \u754c\u9762\u3002
\u521b\u5efa\u4e00\u4e2a\u547d\u540d\u7a7a\u95f4\u548c\u7528\u6237\u3002
\u5f53\u524d\u64cd\u4f5c\u7528\u6237\u5e94\u5177\u6709 NS Editor \u6216\u66f4\u9ad8\u6743\u9650\uff0c\u8be6\u60c5\u53ef\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u6388\u6743\u3002
\u5355\u4e2a\u5b9e\u4f8b\u4e2d\u6709\u591a\u4e2a\u5bb9\u5668\u65f6\uff0c\u8bf7\u786e\u4fdd\u5bb9\u5668\u4f7f\u7528\u7684\u7aef\u53e3\u4e0d\u51b2\u7a81\uff0c\u5426\u5219\u90e8\u7f72\u4f1a\u5931\u6548\u3002
\u53c2\u8003\u4ee5\u4e0b\u6b65\u9aa4\uff0c\u4f7f\u7528\u955c\u50cf\u521b\u5efa\u4e00\u4e2a\u65e0\u72b6\u6001\u8d1f\u8f7d\u3002
\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u4e0a\u7684 \u96c6\u7fa4\u5217\u8868 \uff0c\u7136\u540e\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u9875\u9762\u3002
\u5728\u96c6\u7fa4\u8be6\u60c5\u9875\u9762\uff0c\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u7684 \u5de5\u4f5c\u8d1f\u8f7d -> \u65e0\u72b6\u6001\u8d1f\u8f7d \uff0c\u7136\u540e\u70b9\u51fb\u9875\u9762\u53f3\u4e0a\u89d2\u7684 \u955c\u50cf\u521b\u5efa \u6309\u94ae\u3002
\u4f9d\u6b21\u586b\u5199\u57fa\u672c\u4fe1\u606f\u3001\u5bb9\u5668\u914d\u7f6e\u3001\u670d\u52a1\u914d\u7f6e\u3001\u9ad8\u7ea7\u914d\u7f6e\u540e\uff0c\u5728\u9875\u9762\u53f3\u4e0b\u89d2\u70b9\u51fb \u786e\u5b9a \u5b8c\u6210\u521b\u5efa\u3002
\u7cfb\u7edf\u5c06\u81ea\u52a8\u8fd4\u56de \u65e0\u72b6\u6001\u8d1f\u8f7d \u5217\u8868\u3002\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507 \uff0c\u53ef\u4ee5\u5bf9\u8d1f\u8f7d\u6267\u884c\u6267\u884c\u66f4\u65b0\u3001\u5220\u9664\u3001\u5f39\u6027\u6269\u7f29\u3001\u91cd\u542f\u3001\u7248\u672c\u56de\u9000\u7b49\u64cd\u4f5c\u3002\u5982\u679c\u8d1f\u8f7d\u72b6\u6001\u51fa\u73b0\u5f02\u5e38\uff0c\u8bf7\u67e5\u770b\u5177\u4f53\u5f02\u5e38\u4fe1\u606f\uff0c\u53ef\u53c2\u8003\u5de5\u4f5c\u8d1f\u8f7d\u72b6\u6001\u3002
\u63cf\u8ff0\uff1a\u8f93\u5165\u8d1f\u8f7d\u7684\u63cf\u8ff0\u4fe1\u606f\uff0c\u5185\u5bb9\u81ea\u5b9a\u4e49\u3002\u5b57\u7b26\u6570\u4e0d\u8d85\u8fc7 512\u3002
\u5bb9\u5668\u914d\u7f6e\u5206\u4e3a\u57fa\u672c\u4fe1\u606f\u3001\u751f\u547d\u5468\u671f\u3001\u5065\u5eb7\u68c0\u67e5\u3001\u73af\u5883\u53d8\u91cf\u3001\u6570\u636e\u5b58\u50a8\u3001\u5b89\u5168\u8bbe\u7f6e\u516d\u90e8\u5206\uff0c\u70b9\u51fb\u4e0b\u65b9\u7684\u76f8\u5e94\u9875\u7b7e\u53ef\u67e5\u770b\u5404\u90e8\u5206\u7684\u914d\u7f6e\u8981\u6c42\u3002
\u5bb9\u5668\u914d\u7f6e\u4ec5\u9488\u5bf9\u5355\u4e2a\u5bb9\u5668\u8fdb\u884c\u914d\u7f6e\uff0c\u5982\u9700\u5728\u4e00\u4e2a\u5bb9\u5668\u7ec4\u4e2d\u6dfb\u52a0\u591a\u4e2a\u5bb9\u5668\uff0c\u53ef\u70b9\u51fb\u53f3\u4fa7\u7684 + \u6dfb\u52a0\u591a\u4e2a\u5bb9\u5668\u3002
\u57fa\u672c\u4fe1\u606f\uff08\u5fc5\u586b\uff09\u751f\u547d\u5468\u671f\uff08\u9009\u586b\uff09\u5065\u5eb7\u68c0\u67e5\uff08\u9009\u586b\uff09\u73af\u5883\u53d8\u91cf\uff08\u9009\u586b\uff09\u6570\u636e\u5b58\u50a8\uff08\u9009\u586b\uff09\u5b89\u5168\u8bbe\u7f6e\uff08\u9009\u586b\uff09\u5728\u914d\u7f6e\u5bb9\u5668\u76f8\u5173\u53c2\u6570\u65f6\uff0c\u5fc5\u987b\u6b63\u786e\u586b\u5199\u5bb9\u5668\u7684\u540d\u79f0\u3001\u955c\u50cf\u53c2\u6570\uff0c\u5426\u5219\u5c06\u65e0\u6cd5\u8fdb\u5165\u4e0b\u4e00\u6b65\u3002\u53c2\u8003\u4ee5\u4e0b\u8981\u6c42\u586b\u5199\u914d\u7f6e\u540e\uff0c\u70b9\u51fb \u786e\u8ba4 \u3002
\u5de5\u4f5c\u5bb9\u5668
\u3002\u6709\u5173\u521d\u59cb\u5316\u5bb9\u5668\uff0c\u53c2\u89c1 k8s \u5b98\u65b9\u6587\u6863\u3002\u8bbe\u7f6e GPU \u4e4b\u524d\uff0c\u9700\u8981\u7ba1\u7406\u5458\u9884\u5148\u5728\u96c6\u7fa4\u4e0a\u5b89\u88c5 GPU Operator \u548c nvidia-vgpu\uff08\u4ec5 vGPU \u6a21\u5f0f\u9700\u8981\u5b89\u88c5\uff09\uff0c\u5e76\u5728\u96c6\u7fa4\u8bbe\u7f6e\u4e2d\u5f00\u542f GPU \u7279\u6027\u3002
\u8bbe\u7f6e\u5bb9\u5668\u542f\u52a8\u65f6\u3001\u542f\u52a8\u540e\u3001\u505c\u6b62\u524d\u9700\u8981\u6267\u884c\u7684\u547d\u4ee4\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u5bb9\u5668\u751f\u547d\u5468\u671f\u914d\u7f6e\u3002
\u7528\u4e8e\u5224\u65ad\u5bb9\u5668\u548c\u5e94\u7528\u7684\u5065\u5eb7\u72b6\u6001\uff0c\u6709\u52a9\u4e8e\u63d0\u9ad8\u5e94\u7528\u7684\u53ef\u7528\u6027\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u5bb9\u5668\u5065\u5eb7\u68c0\u67e5\u914d\u7f6e\u3002
\u914d\u7f6e Pod \u5185\u7684\u5bb9\u5668\u53c2\u6570\uff0c\u4e3a Pod \u6dfb\u52a0\u73af\u5883\u53d8\u91cf\u6216\u4f20\u9012\u914d\u7f6e\u7b49\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u5bb9\u5668\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002
\u914d\u7f6e\u5bb9\u5668\u6302\u8f7d\u6570\u636e\u5377\u548c\u6570\u636e\u6301\u4e45\u5316\u7684\u8bbe\u7f6e\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u5bb9\u5668\u6570\u636e\u5b58\u50a8\u914d\u7f6e\u3002
\u901a\u8fc7 Linux \u5185\u7f6e\u7684\u8d26\u53f7\u6743\u9650\u9694\u79bb\u673a\u5236\u6765\u5bf9\u5bb9\u5668\u8fdb\u884c\u5b89\u5168\u9694\u79bb\u3002\u60a8\u53ef\u4ee5\u901a\u8fc7\u4f7f\u7528\u4e0d\u540c\u6743\u9650\u7684\u8d26\u53f7 UID\uff08\u6570\u5b57\u8eab\u4efd\u6807\u8bb0\uff09\u6765\u9650\u5236\u5bb9\u5668\u7684\u6743\u9650\u3002\u4f8b\u5982\uff0c\u8f93\u5165 0 \u8868\u793a\u4f7f\u7528 root \u8d26\u53f7\u7684\u6743\u9650\u3002
"},{"location":"admin/kpanda/workloads/create-deployment.html#_5","title":"\u670d\u52a1\u914d\u7f6e","text":"\u4e3a\u65e0\u72b6\u6001\u8d1f\u8f7d\u914d\u7f6e\u670d\u52a1\uff08Service\uff09\uff0c\u4f7f\u65e0\u72b6\u6001\u8d1f\u8f7d\u80fd\u591f\u88ab\u5916\u90e8\u8bbf\u95ee\u3002
\u70b9\u51fb \u521b\u5efa\u670d\u52a1 \u6309\u94ae\u3002
\u53c2\u8003\u521b\u5efa\u670d\u52a1\uff0c\u914d\u7f6e\u670d\u52a1\u53c2\u6570\u3002
\u70b9\u51fb \u786e\u5b9a \uff0c\u70b9\u51fb \u4e0b\u4e00\u6b65 \u3002
\u9ad8\u7ea7\u914d\u7f6e\u5305\u62ec\u8d1f\u8f7d\u7684\u7f51\u7edc\u914d\u7f6e\u3001\u5347\u7ea7\u7b56\u7565\u3001\u8c03\u5ea6\u7b56\u7565\u3001\u6807\u7b7e\u4e0e\u6ce8\u89e3\u56db\u90e8\u5206\uff0c\u53ef\u70b9\u51fb\u4e0b\u65b9\u7684\u9875\u7b7e\u67e5\u770b\u5404\u90e8\u5206\u7684\u914d\u7f6e\u8981\u6c42\u3002
\u7f51\u7edc\u914d\u7f6e\u5347\u7ea7\u7b56\u7565\u8c03\u5ea6\u7b56\u7565\u6807\u7b7e\u4e0e\u6ce8\u89e3\u5982\u5728\u96c6\u7fa4\u4e2d\u90e8\u7f72\u4e86 SpiderPool \u548c Multus \u7ec4\u4ef6\uff0c\u5219\u53ef\u4ee5\u5728\u7f51\u7edc\u914d\u7f6e\u4e2d\u914d\u7f6e\u5bb9\u5668\u7f51\u5361\u3002
DNS \u914d\u7f6e\uff1a\u5e94\u7528\u5728\u67d0\u4e9b\u573a\u666f\u4e0b\u4f1a\u51fa\u73b0\u5197\u4f59\u7684 DNS \u67e5\u8be2\u3002Kubernetes \u4e3a\u5e94\u7528\u63d0\u4f9b\u4e86\u4e0e DNS \u76f8\u5173\u7684\u914d\u7f6e\u9009\u9879\uff0c\u80fd\u591f\u5728\u67d0\u4e9b\u573a\u666f\u4e0b\u6709\u6548\u5730\u51cf\u5c11\u5197\u4f59\u7684 DNS \u67e5\u8be2\uff0c\u63d0\u5347\u4e1a\u52a1\u5e76\u53d1\u91cf\u3002
DNS \u7b56\u7565
\u57df\u540d\u670d\u52a1\u5668\uff1a\u586b\u5199\u57df\u540d\u670d\u52a1\u5668\u7684\u5730\u5740\uff0c\u4f8b\u5982 10.6.175.20 \u3002
\u4e3b\u673a\u522b\u540d\uff1a\u4e3a\u4e3b\u673a\u8bbe\u7f6e\u7684\u522b\u540d\u3002
\u7f29\u5bb9\u65f6\u95f4\u7a97\uff1a\u8d1f\u8f7d\u505c\u6b62\u524d\u547d\u4ee4\u7684\u6267\u884c\u65f6\u95f4\u7a97\uff080-9,999\u79d2\uff09\uff0c\u9ed8\u8ba4 30 \u79d2\u3002
\u5177\u4f53\u8be6\u60c5\u8bf7\u53c2\u8003\u8c03\u5ea6\u7b56\u7565\u3002
\u53ef\u4ee5\u70b9\u51fb \u6dfb\u52a0 \u6309\u94ae\u4e3a\u5de5\u4f5c\u8d1f\u8f7d\u548c\u5bb9\u5668\u7ec4\u6dfb\u52a0\u6807\u7b7e\u548c\u6ce8\u89e3\u3002
"},{"location":"admin/kpanda/workloads/create-deployment.html#yaml","title":"YAML \u521b\u5efa","text":"\u9664\u4e86\u901a\u8fc7\u955c\u50cf\u65b9\u5f0f\u5916\uff0c\u8fd8\u53ef\u4ee5\u901a\u8fc7 YAML \u6587\u4ef6\u66f4\u5feb\u901f\u5730\u521b\u5efa\u521b\u5efa\u65e0\u72b6\u6001\u8d1f\u8f7d\u3002
\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u4e0a\u7684 \u96c6\u7fa4\u5217\u8868 \uff0c\u7136\u540e\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u9875\u9762\u3002
\u5728\u96c6\u7fa4\u8be6\u60c5\u9875\u9762\uff0c\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u7684 \u5de5\u4f5c\u8d1f\u8f7d -> \u65e0\u72b6\u6001\u8d1f\u8f7d \uff0c\u7136\u540e\u70b9\u51fb\u9875\u9762\u53f3\u4e0a\u89d2\u7684 YAML \u521b\u5efa \u6309\u94ae\u3002
\u8f93\u5165\u6216\u7c98\u8d34\u4e8b\u5148\u51c6\u5907\u597d\u7684 YAML \u6587\u4ef6\uff0c\u70b9\u51fb \u786e\u5b9a \u5373\u53ef\u5b8c\u6210\u521b\u5efa\u3002
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: nginx-deployment\nspec:\n selector:\n matchLabels:\n app: nginx\n replicas: 2 # \u544a\u77e5 Deployment \u8fd0\u884c 2 \u4e2a\u4e0e\u8be5\u6a21\u677f\u5339\u914d\u7684 Pod\n template:\n metadata:\n labels:\n app: nginx\n spec:\n containers:\n - name: nginx\n image: nginx:1.14.2\n ports:\n - containerPort: 80\n
"},{"location":"admin/kpanda/workloads/create-job.html","title":"\u521b\u5efa\u4efb\u52a1\uff08Job\uff09","text":"\u672c\u6587\u4ecb\u7ecd\u5982\u4f55\u901a\u8fc7\u955c\u50cf\u548c YAML \u6587\u4ef6\u4e24\u79cd\u65b9\u5f0f\u521b\u5efa\u4efb\u52a1\uff08Job\uff09\u3002
\u4efb\u52a1\uff08Job\uff09\u9002\u7528\u4e8e\u6267\u884c\u4e00\u6b21\u6027\u4efb\u52a1\u3002Job \u4f1a\u521b\u5efa\u4e00\u4e2a\u6216\u591a\u4e2a Pod\uff0cJob \u4f1a\u4e00\u76f4\u91cd\u65b0\u5c1d\u8bd5\u6267\u884c Pod\uff0c\u76f4\u5230\u6210\u529f\u7ec8\u6b62\u7684 Pod \u8fbe\u5230\u4e00\u5b9a\u6570\u91cf\u3002\u6210\u529f\u7ec8\u6b62\u7684 Pod \u8fbe\u5230\u6307\u5b9a\u7684\u6570\u91cf\u540e\uff0cJob \u4e5f\u968f\u4e4b\u7ed3\u675f\u3002\u5220\u9664 Job \u65f6\u4f1a\u4e00\u540c\u6e05\u9664\u8be5 Job \u521b\u5efa\u7684\u6240\u6709 Pod\u3002\u6682\u505c Job \u65f6\u5220\u9664\u8be5 Job \u4e2d\u7684\u6240\u6709\u6d3b\u8dc3 Pod\uff0c\u76f4\u5230 Job \u88ab\u7ee7\u7eed\u6267\u884c\u3002\u6709\u5173\u4efb\u52a1\uff08Job\uff09\u7684\u66f4\u591a\u4ecb\u7ecd\uff0c\u53ef\u53c2\u8003Job\u3002
"},{"location":"admin/kpanda/workloads/create-job.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u5728\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u4e2d\u63a5\u5165 Kubernetes \u96c6\u7fa4\u6216\u8005\u521b\u5efa Kubernetes \u96c6\u7fa4\uff0c\u4e14\u80fd\u591f\u8bbf\u95ee\u96c6\u7fa4\u7684 UI \u754c\u9762\u3002
\u521b\u5efa\u4e00\u4e2a\u547d\u540d\u7a7a\u95f4\u548c\u7528\u6237\u3002
\u5f53\u524d\u64cd\u4f5c\u7528\u6237\u5e94\u5177\u6709 NS Editor \u6216\u66f4\u9ad8\u6743\u9650\uff0c\u8be6\u60c5\u53ef\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u6388\u6743\u3002
\u5355\u4e2a\u5b9e\u4f8b\u4e2d\u6709\u591a\u4e2a\u5bb9\u5668\u65f6\uff0c\u8bf7\u786e\u4fdd\u5bb9\u5668\u4f7f\u7528\u7684\u7aef\u53e3\u4e0d\u51b2\u7a81\uff0c\u5426\u5219\u90e8\u7f72\u4f1a\u5931\u6548\u3002
\u53c2\u8003\u4ee5\u4e0b\u6b65\u9aa4\uff0c\u4f7f\u7528\u955c\u50cf\u521b\u5efa\u4e00\u4e2a\u4efb\u52a1\u3002
\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u4e0a\u7684 \u96c6\u7fa4\u5217\u8868 \uff0c\u7136\u540e\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u9875\u9762\u3002
\u5728\u96c6\u7fa4\u8be6\u60c5\u9875\u9762\uff0c\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u7684 \u5de5\u4f5c\u8d1f\u8f7d -> \u4efb\u52a1 \uff0c\u7136\u540e\u70b9\u51fb\u9875\u9762\u53f3\u4e0a\u89d2\u7684 \u955c\u50cf\u521b\u5efa \u6309\u94ae\u3002
\u4f9d\u6b21\u586b\u5199\u57fa\u672c\u4fe1\u606f\u3001\u5bb9\u5668\u914d\u7f6e\u3001\u670d\u52a1\u914d\u7f6e\u3001\u9ad8\u7ea7\u914d\u7f6e\u540e\uff0c\u5728\u9875\u9762\u53f3\u4e0b\u89d2\u70b9\u51fb \u786e\u5b9a \u5b8c\u6210\u521b\u5efa\u3002
\u7cfb\u7edf\u5c06\u81ea\u52a8\u8fd4\u56de \u4efb\u52a1 \u5217\u8868\u3002\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507 \uff0c\u53ef\u4ee5\u5bf9\u4efb\u52a1\u6267\u884c\u6267\u884c\u66f4\u65b0\u3001\u5220\u9664\u3001\u91cd\u542f\u7b49\u64cd\u4f5c\u3002
\u5728 \u521b\u5efa\u4efb\u52a1 \u9875\u9762\u4e2d\uff0c\u6839\u636e\u4e0b\u8868\u8f93\u5165\u57fa\u672c\u4fe1\u606f\u540e\uff0c\u70b9\u51fb \u4e0b\u4e00\u6b65 \u3002
\u5bb9\u5668\u914d\u7f6e\u5206\u4e3a\u57fa\u672c\u4fe1\u606f\u3001\u751f\u547d\u5468\u671f\u3001\u5065\u5eb7\u68c0\u67e5\u3001\u73af\u5883\u53d8\u91cf\u3001\u6570\u636e\u5b58\u50a8\u3001\u5b89\u5168\u8bbe\u7f6e\u516d\u90e8\u5206\uff0c\u70b9\u51fb\u4e0b\u65b9\u7684\u76f8\u5e94\u9875\u7b7e\u53ef\u67e5\u770b\u5404\u90e8\u5206\u7684\u914d\u7f6e\u8981\u6c42\u3002
\u5bb9\u5668\u914d\u7f6e\u4ec5\u9488\u5bf9\u5355\u4e2a\u5bb9\u5668\u8fdb\u884c\u914d\u7f6e\uff0c\u5982\u9700\u5728\u4e00\u4e2a\u5bb9\u5668\u7ec4\u4e2d\u6dfb\u52a0\u591a\u4e2a\u5bb9\u5668\uff0c\u53ef\u70b9\u51fb\u53f3\u4fa7\u7684 + \u6dfb\u52a0\u591a\u4e2a\u5bb9\u5668\u3002
\u57fa\u672c\u4fe1\u606f\uff08\u5fc5\u586b\uff09\u751f\u547d\u5468\u671f\uff08\u9009\u586b\uff09\u5065\u5eb7\u68c0\u67e5\uff08\u9009\u586b\uff09\u73af\u5883\u53d8\u91cf\uff08\u9009\u586b\uff09\u6570\u636e\u5b58\u50a8\uff08\u9009\u586b\uff09\u5b89\u5168\u8bbe\u7f6e\uff08\u9009\u586b\uff09\u5728\u914d\u7f6e\u5bb9\u5668\u76f8\u5173\u53c2\u6570\u65f6\uff0c\u5fc5\u987b\u6b63\u786e\u586b\u5199\u5bb9\u5668\u7684\u540d\u79f0\u3001\u955c\u50cf\u53c2\u6570\uff0c\u5426\u5219\u5c06\u65e0\u6cd5\u8fdb\u5165\u4e0b\u4e00\u6b65\u3002\u53c2\u8003\u4ee5\u4e0b\u8981\u6c42\u586b\u5199\u914d\u7f6e\u540e\uff0c\u70b9\u51fb \u786e\u8ba4 \u3002
\u5de5\u4f5c\u5bb9\u5668
\u3002\u6709\u5173\u521d\u59cb\u5316\u5bb9\u5668\uff0c\u53c2\u89c1 k8s \u5b98\u65b9\u6587\u6863\u3002\u8bbe\u7f6e GPU \u4e4b\u524d\uff0c\u9700\u8981\u7ba1\u7406\u5458\u9884\u5148\u5728\u96c6\u7fa4\u4e0a\u5b89\u88c5 GPU Operator \u548c nvidia-vgpu\uff08\u4ec5 vGPU \u6a21\u5f0f\u9700\u8981\u5b89\u88c5\uff09\uff0c\u5e76\u5728\u96c6\u7fa4\u8bbe\u7f6e\u4e2d\u5f00\u542f GPU \u7279\u6027\u3002
\u8bbe\u7f6e\u5bb9\u5668\u542f\u52a8\u65f6\u3001\u542f\u52a8\u540e\u3001\u505c\u6b62\u524d\u9700\u8981\u6267\u884c\u7684\u547d\u4ee4\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u5bb9\u5668\u751f\u547d\u5468\u671f\u914d\u7f6e\u3002
\u7528\u4e8e\u5224\u65ad\u5bb9\u5668\u548c\u5e94\u7528\u7684\u5065\u5eb7\u72b6\u6001\uff0c\u6709\u52a9\u4e8e\u63d0\u9ad8\u5e94\u7528\u7684\u53ef\u7528\u6027\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u5bb9\u5668\u5065\u5eb7\u68c0\u67e5\u914d\u7f6e\u3002
\u914d\u7f6e Pod \u5185\u7684\u5bb9\u5668\u53c2\u6570\uff0c\u4e3a Pod \u6dfb\u52a0\u73af\u5883\u53d8\u91cf\u6216\u4f20\u9012\u914d\u7f6e\u7b49\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u5bb9\u5668\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002
\u914d\u7f6e\u5bb9\u5668\u6302\u8f7d\u6570\u636e\u5377\u548c\u6570\u636e\u6301\u4e45\u5316\u7684\u8bbe\u7f6e\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u5bb9\u5668\u6570\u636e\u5b58\u50a8\u914d\u7f6e\u3002
\u901a\u8fc7 Linux \u5185\u7f6e\u7684\u8d26\u53f7\u6743\u9650\u9694\u79bb\u673a\u5236\u6765\u5bf9\u5bb9\u5668\u8fdb\u884c\u5b89\u5168\u9694\u79bb\u3002\u60a8\u53ef\u4ee5\u901a\u8fc7\u4f7f\u7528\u4e0d\u540c\u6743\u9650\u7684\u8d26\u53f7 UID\uff08\u6570\u5b57\u8eab\u4efd\u6807\u8bb0\uff09\u6765\u9650\u5236\u5bb9\u5668\u7684\u6743\u9650\u3002\u4f8b\u5982\uff0c\u8f93\u5165 0 \u8868\u793a\u4f7f\u7528 root \u8d26\u53f7\u7684\u6743\u9650\u3002
"},{"location":"admin/kpanda/workloads/create-job.html#_5","title":"\u9ad8\u7ea7\u914d\u7f6e","text":"\u9ad8\u7ea7\u914d\u7f6e\u5305\u62ec\u4efb\u52a1\u8bbe\u7f6e\u3001\u6807\u7b7e\u4e0e\u6ce8\u89e3\u4e24\u90e8\u5206\u3002
\u4efb\u52a1\u8bbe\u7f6e\u6807\u7b7e\u4e0e\u6ce8\u89e3\u53ef\u4ee5\u70b9\u51fb \u6dfb\u52a0 \u6309\u94ae\u4e3a\u5de5\u4f5c\u8d1f\u8f7d\u5b9e\u4f8b Pod \u6dfb\u52a0\u6807\u7b7e\u548c\u6ce8\u89e3\u3002
"},{"location":"admin/kpanda/workloads/create-job.html#yaml","title":"YAML \u521b\u5efa","text":"\u9664\u4e86\u901a\u8fc7\u955c\u50cf\u65b9\u5f0f\u5916\uff0c\u8fd8\u53ef\u4ee5\u901a\u8fc7 YAML \u6587\u4ef6\u66f4\u5feb\u901f\u5730\u521b\u5efa\u521b\u5efa\u4efb\u52a1\u3002
\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u4e0a\u7684 \u96c6\u7fa4\u5217\u8868 \uff0c\u7136\u540e\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u9875\u9762\u3002
\u5728\u96c6\u7fa4\u8be6\u60c5\u9875\u9762\uff0c\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u7684 \u5de5\u4f5c\u8d1f\u8f7d -> \u4efb\u52a1 \uff0c\u7136\u540e\u70b9\u51fb\u9875\u9762\u53f3\u4e0a\u89d2\u7684 YAML \u521b\u5efa \u6309\u94ae\u3002
\u8f93\u5165\u6216\u7c98\u8d34\u4e8b\u5148\u51c6\u5907\u597d\u7684 YAML \u6587\u4ef6\uff0c\u70b9\u51fb \u786e\u5b9a \u5373\u53ef\u5b8c\u6210\u521b\u5efa\u3002
kind: Job\napiVersion: batch/v1\nmetadata:\n name: demo\n namespace: default\n uid: a9708239-0358-4aa1-87d3-a092c080836e\n resourceVersion: '92751876'\n generation: 1\n creationTimestamp: '2022-12-26T10:52:22Z'\n labels:\n app: demo\n controller-uid: a9708239-0358-4aa1-87d3-a092c080836e\n job-name: demo\n annotations:\n revisions: >-\n {\"1\":{\"status\":\"running\",\"uid\":\"a9708239-0358-4aa1-87d3-a092c080836e\",\"start-time\":\"2022-12-26T10:52:22Z\",\"completion-time\":\"0001-01-01T00:00:00Z\"}}\nspec:\n parallelism: 1\n backoffLimit: 6\n selector:\n matchLabels:\n controller-uid: a9708239-0358-4aa1-87d3-a092c080836e\n template:\n metadata:\n creationTimestamp: null\n labels:\n app: demo\n controller-uid: a9708239-0358-4aa1-87d3-a092c080836e\n job-name: demo\n spec:\n containers:\n - name: container-4\n image: nginx\n resources:\n limits:\n cpu: 250m\n memory: 512Mi\n requests:\n cpu: 250m\n memory: 512Mi\n lifecycle: {}\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: IfNotPresent\n securityContext:\n privileged: false\n restartPolicy: Never\n terminationGracePeriodSeconds: 30\n dnsPolicy: ClusterFirst\n securityContext: {}\n schedulerName: default-scheduler\n completionMode: NonIndexed\n suspend: false\nstatus:\n startTime: '2022-12-26T10:52:22Z'\n active: 1\n
"},{"location":"admin/kpanda/workloads/create-statefulset.html","title":"\u521b\u5efa\u6709\u72b6\u6001\u8d1f\u8f7d\uff08StatefulSet\uff09","text":"\u672c\u6587\u4ecb\u7ecd\u5982\u4f55\u901a\u8fc7\u955c\u50cf\u548c YAML \u6587\u4ef6\u4e24\u79cd\u65b9\u5f0f\u521b\u5efa\u6709\u72b6\u6001\u8d1f\u8f7d\uff08StatefulSet\uff09\u3002
\u6709\u72b6\u6001\u8d1f\u8f7d\uff08StatefulSet\uff09\u662f Kubernetes \u4e2d\u7684\u4e00\u79cd\u5e38\u89c1\u8d44\u6e90\uff0c\u548c\u65e0\u72b6\u6001\u8d1f\u8f7d\uff08Deployment\uff09\u7c7b\u4f3c\uff0c\u4e3b\u8981\u7528\u4e8e\u7ba1\u7406 Pod \u96c6\u5408\u7684\u90e8\u7f72\u548c\u4f38\u7f29\u3002\u4e8c\u8005\u7684\u4e3b\u8981\u533a\u522b\u5728\u4e8e\uff0cDeployment \u662f\u65e0\u72b6\u6001\u7684\uff0c\u4e0d\u4fdd\u5b58\u6570\u636e\uff0c\u800c StatefulSet \u662f\u6709\u72b6\u6001\u7684\uff0c\u4e3b\u8981\u7528\u4e8e\u7ba1\u7406\u6709\u72b6\u6001\u5e94\u7528\u3002\u6b64\u5916\uff0cStatefulSet \u4e2d\u7684 Pod \u5177\u6709\u6c38\u4e45\u4e0d\u53d8\u7684 ID\uff0c\u4fbf\u4e8e\u5728\u5339\u914d\u5b58\u50a8\u5377\u65f6\u8bc6\u522b\u5bf9\u5e94\u7684 Pod\u3002
\u901a\u8fc7\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u7684\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\uff0c\u53ef\u4ee5\u57fa\u4e8e\u76f8\u5e94\u7684\u89d2\u8272\u6743\u9650\u8f7b\u677e\u7ba1\u7406\u591a\u4e91\u591a\u96c6\u7fa4\u4e0a\u7684\u5de5\u4f5c\u8d1f\u8f7d\uff0c\u5305\u62ec\u5bf9\u6709\u72b6\u6001\u5de5\u4f5c\u8d1f\u8f7d\u7684\u521b\u5efa\u3001\u66f4\u65b0\u3001\u5220\u9664\u3001\u5f39\u6027\u6269\u7f29\u3001\u91cd\u542f\u3001\u7248\u672c\u56de\u9000\u7b49\u5168\u751f\u547d\u5468\u671f\u7ba1\u7406\u3002
"},{"location":"admin/kpanda/workloads/create-statefulset.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u5728\u4f7f\u7528\u955c\u50cf\u521b\u5efa\u6709\u72b6\u6001\u8d1f\u8f7d\u4e4b\u524d\uff0c\u9700\u8981\u6ee1\u8db3\u4ee5\u4e0b\u524d\u63d0\u6761\u4ef6\uff1a
\u5728\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u4e2d\u63a5\u5165 Kubernetes \u96c6\u7fa4\u6216\u8005\u521b\u5efa Kubernetes \u96c6\u7fa4\uff0c\u4e14\u80fd\u591f\u8bbf\u95ee\u96c6\u7fa4\u7684 UI \u754c\u9762\u3002
\u521b\u5efa\u4e00\u4e2a\u547d\u540d\u7a7a\u95f4\u548c\u7528\u6237\u3002
\u5f53\u524d\u64cd\u4f5c\u7528\u6237\u5e94\u5177\u6709 NS Editor \u6216\u66f4\u9ad8\u6743\u9650\uff0c\u8be6\u60c5\u53ef\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u6388\u6743\u3002
\u5355\u4e2a\u5b9e\u4f8b\u4e2d\u6709\u591a\u4e2a\u5bb9\u5668\u65f6\uff0c\u8bf7\u786e\u4fdd\u5bb9\u5668\u4f7f\u7528\u7684\u7aef\u53e3\u4e0d\u51b2\u7a81\uff0c\u5426\u5219\u90e8\u7f72\u4f1a\u5931\u6548\u3002
\u53c2\u8003\u4ee5\u4e0b\u6b65\u9aa4\uff0c\u4f7f\u7528\u955c\u50cf\u521b\u5efa\u4e00\u4e2a\u6709\u72b6\u6001\u8d1f\u8f7d\u3002
\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u4e0a\u7684 \u96c6\u7fa4\u5217\u8868 \uff0c\u7136\u540e\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u3002
\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u7684 \u5de5\u4f5c\u8d1f\u8f7d -> \u6709\u72b6\u6001\u8d1f\u8f7d \uff0c\u7136\u540e\u70b9\u51fb\u53f3\u4e0a\u89d2 \u955c\u50cf\u521b\u5efa \u6309\u94ae\u3002
\u4f9d\u6b21\u586b\u5199\u57fa\u672c\u4fe1\u606f\u3001\u5bb9\u5668\u914d\u7f6e\u3001\u670d\u52a1\u914d\u7f6e\u3001\u9ad8\u7ea7\u914d\u7f6e\u540e\uff0c\u5728\u9875\u9762\u53f3\u4e0b\u89d2\u70b9\u51fb \u786e\u5b9a \u5b8c\u6210\u521b\u5efa\u3002
\u7cfb\u7edf\u5c06\u81ea\u52a8\u8fd4\u56de \u6709\u72b6\u6001\u5de5\u4f5c\u8d1f\u8f7d \u5217\u8868\uff0c\u7b49\u5f85\u5de5\u4f5c\u8d1f\u8f7d\u72b6\u6001\u53d8\u4e3a \u8fd0\u884c\u4e2d \u3002\u5982\u679c\u5de5\u4f5c\u8d1f\u8f7d\u72b6\u6001\u51fa\u73b0\u5f02\u5e38\uff0c\u8bf7\u67e5\u770b\u5177\u4f53\u5f02\u5e38\u4fe1\u606f\uff0c\u53ef\u53c2\u8003\u5de5\u4f5c\u8d1f\u8f7d\u72b6\u6001\u3002
\u70b9\u51fb\u65b0\u5efa\u5de5\u4f5c\u8d1f\u8f7d\u5217\u53f3\u4fa7\u7684 \u2507 \uff0c\u53ef\u4ee5\u5bf9\u5de5\u4f5c\u8d1f\u8f7d\u6267\u884c\u6267\u884c\u66f4\u65b0\u3001\u5220\u9664\u3001\u5f39\u6027\u6269\u7f29\u3001\u91cd\u542f\u3001\u7248\u672c\u56de\u9000\u7b49\u64cd\u4f5c\u3002
\u63cf\u8ff0\uff1a\u8f93\u5165\u8d1f\u8f7d\u7684\u63cf\u8ff0\u4fe1\u606f\uff0c\u5185\u5bb9\u81ea\u5b9a\u4e49\u3002\u5b57\u7b26\u6570\u4e0d\u8d85\u8fc7 512\u3002
\u5bb9\u5668\u914d\u7f6e\u5206\u4e3a\u57fa\u672c\u4fe1\u606f\u3001\u751f\u547d\u5468\u671f\u3001\u5065\u5eb7\u68c0\u67e5\u3001\u73af\u5883\u53d8\u91cf\u3001\u6570\u636e\u5b58\u50a8\u3001\u5b89\u5168\u8bbe\u7f6e\u516d\u90e8\u5206\uff0c\u70b9\u51fb\u4e0b\u65b9\u7684\u76f8\u5e94\u9875\u7b7e\u53ef\u67e5\u770b\u5404\u90e8\u5206\u7684\u914d\u7f6e\u8981\u6c42\u3002
\u5bb9\u5668\u914d\u7f6e\u4ec5\u9488\u5bf9\u5355\u4e2a\u5bb9\u5668\u8fdb\u884c\u914d\u7f6e\uff0c\u5982\u9700\u5728\u4e00\u4e2a\u5bb9\u5668\u7ec4\u4e2d\u6dfb\u52a0\u591a\u4e2a\u5bb9\u5668\uff0c\u53ef\u70b9\u51fb\u53f3\u4fa7\u7684 + \u6dfb\u52a0\u591a\u4e2a\u5bb9\u5668\u3002
\u57fa\u672c\u4fe1\u606f\uff08\u5fc5\u586b\uff09\u751f\u547d\u5468\u671f\uff08\u9009\u586b\uff09\u5065\u5eb7\u68c0\u67e5\uff08\u9009\u586b\uff09\u73af\u5883\u53d8\u91cf\uff08\u9009\u586b\uff09\u6570\u636e\u5b58\u50a8\uff08\u9009\u586b\uff09\u5b89\u5168\u8bbe\u7f6e\uff08\u9009\u586b\uff09\u5728\u914d\u7f6e\u5bb9\u5668\u76f8\u5173\u53c2\u6570\u65f6\uff0c\u5fc5\u987b\u6b63\u786e\u586b\u5199\u5bb9\u5668\u7684\u540d\u79f0\u3001\u955c\u50cf\u53c2\u6570\uff0c\u5426\u5219\u5c06\u65e0\u6cd5\u8fdb\u5165\u4e0b\u4e00\u6b65\u3002\u53c2\u8003\u4ee5\u4e0b\u8981\u6c42\u586b\u5199\u914d\u7f6e\u540e\uff0c\u70b9\u51fb \u786e\u8ba4 \u3002
\u5de5\u4f5c\u5bb9\u5668
\u3002\u6709\u5173\u521d\u59cb\u5316\u5bb9\u5668\uff0c\u53c2\u89c1 k8s \u5b98\u65b9\u6587\u6863\u3002\u8bbe\u7f6e GPU \u4e4b\u524d\uff0c\u9700\u8981\u7ba1\u7406\u5458\u9884\u5148\u5728\u96c6\u7fa4\u4e0a\u5b89\u88c5 GPU Operator \u548c nvidia-vgpu\uff08\u4ec5 vGPU \u6a21\u5f0f\u9700\u8981\u5b89\u88c5\uff09\uff0c\u5e76\u5728\u96c6\u7fa4\u8bbe\u7f6e\u4e2d\u5f00\u542f GPU \u7279\u6027\u3002
\u8bbe\u7f6e\u5bb9\u5668\u542f\u52a8\u65f6\u3001\u542f\u52a8\u540e\u3001\u505c\u6b62\u524d\u9700\u8981\u6267\u884c\u7684\u547d\u4ee4\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u5bb9\u5668\u751f\u547d\u5468\u671f\u914d\u7f6e\u3002
\u7528\u4e8e\u5224\u65ad\u5bb9\u5668\u548c\u5e94\u7528\u7684\u5065\u5eb7\u72b6\u6001\u3002\u6709\u52a9\u4e8e\u63d0\u9ad8\u5e94\u7528\u7684\u53ef\u7528\u6027\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u5bb9\u5668\u5065\u5eb7\u68c0\u67e5\u914d\u7f6e\u3002
\u914d\u7f6e Pod \u5185\u7684\u5bb9\u5668\u53c2\u6570\uff0c\u4e3a Pod \u6dfb\u52a0\u73af\u5883\u53d8\u91cf\u6216\u4f20\u9012\u914d\u7f6e\u7b49\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u5bb9\u5668\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002
\u914d\u7f6e\u5bb9\u5668\u6302\u8f7d\u6570\u636e\u5377\u548c\u6570\u636e\u6301\u4e45\u5316\u7684\u8bbe\u7f6e\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u5bb9\u5668\u6570\u636e\u5b58\u50a8\u914d\u7f6e\u3002
\u901a\u8fc7 Linux \u5185\u7f6e\u7684\u8d26\u53f7\u6743\u9650\u9694\u79bb\u673a\u5236\u6765\u5bf9\u5bb9\u5668\u8fdb\u884c\u5b89\u5168\u9694\u79bb\u3002\u60a8\u53ef\u4ee5\u901a\u8fc7\u4f7f\u7528\u4e0d\u540c\u6743\u9650\u7684\u8d26\u53f7 UID\uff08\u6570\u5b57\u8eab\u4efd\u6807\u8bb0\uff09\u6765\u9650\u5236\u5bb9\u5668\u7684\u6743\u9650\u3002\u4f8b\u5982\uff0c\u8f93\u5165 0 \u8868\u793a\u4f7f\u7528 root \u8d26\u53f7\u7684\u6743\u9650\u3002
"},{"location":"admin/kpanda/workloads/create-statefulset.html#_5","title":"\u670d\u52a1\u914d\u7f6e","text":"\u4e3a\u6709\u72b6\u6001\u8d1f\u8f7d\u914d\u7f6e\u670d\u52a1\uff08Service\uff09\uff0c\u4f7f\u6709\u72b6\u6001\u8d1f\u8f7d\u80fd\u591f\u88ab\u5916\u90e8\u8bbf\u95ee\u3002
\u70b9\u51fb \u521b\u5efa\u670d\u52a1 \u6309\u94ae\u3002
\u53c2\u8003\u521b\u5efa\u670d\u52a1\uff0c\u914d\u7f6e\u670d\u52a1\u53c2\u6570\u3002
\u70b9\u51fb \u786e\u5b9a \uff0c\u70b9\u51fb \u4e0b\u4e00\u6b65 \u3002
\u9ad8\u7ea7\u914d\u7f6e\u5305\u62ec\u8d1f\u8f7d\u7684\u7f51\u7edc\u914d\u7f6e\u3001\u5347\u7ea7\u7b56\u7565\u3001\u8c03\u5ea6\u7b56\u7565\u3001\u6807\u7b7e\u4e0e\u6ce8\u89e3\u56db\u90e8\u5206\uff0c\u53ef\u70b9\u51fb\u4e0b\u65b9\u7684\u9875\u7b7e\u67e5\u770b\u5404\u90e8\u5206\u7684\u914d\u7f6e\u8981\u6c42\u3002
\u7f51\u7edc\u914d\u7f6e\u5347\u7ea7\u7b56\u7565\u5bb9\u5668\u7ba1\u7406\u7b56\u7565\u8c03\u5ea6\u7b56\u7565\u6807\u7b7e\u4e0e\u6ce8\u89e3\u5982\u5728\u96c6\u7fa4\u4e2d\u90e8\u7f72\u4e86 SpiderPool \u548c Multus \u7ec4\u4ef6\uff0c\u5219\u53ef\u4ee5\u5728\u7f51\u7edc\u914d\u7f6e\u4e2d\u914d\u7f6e\u5bb9\u5668\u7f51\u5361\u3002
DNS \u914d\u7f6e\uff1a\u5e94\u7528\u5728\u67d0\u4e9b\u573a\u666f\u4e0b\u4f1a\u51fa\u73b0\u5197\u4f59\u7684 DNS \u67e5\u8be2\u3002Kubernetes \u4e3a\u5e94\u7528\u63d0\u4f9b\u4e86\u4e0e DNS \u76f8\u5173\u7684\u914d\u7f6e\u9009\u9879\uff0c\u80fd\u591f\u5728\u67d0\u4e9b\u573a\u666f\u4e0b\u6709\u6548\u5730\u51cf\u5c11\u5197\u4f59\u7684 DNS \u67e5\u8be2\uff0c\u63d0\u5347\u4e1a\u52a1\u5e76\u53d1\u91cf\u3002
DNS \u7b56\u7565
\u57df\u540d\u670d\u52a1\u5668\uff1a\u586b\u5199\u57df\u540d\u670d\u52a1\u5668\u7684\u5730\u5740\uff0c\u4f8b\u5982 10.6.175.20 \u3002
\u4e3b\u673a\u522b\u540d\uff1a\u4e3a\u4e3b\u673a\u8bbe\u7f6e\u7684\u522b\u540d\u3002
\u7f29\u5bb9\u65f6\u95f4\u7a97\uff1a\u8d1f\u8f7d\u505c\u6b62\u524d\u547d\u4ee4\u7684\u6267\u884c\u65f6\u95f4\u7a97\uff080-9,999\u79d2\uff09\uff0c\u9ed8\u8ba4 30 \u79d2\u3002
Kubernetes v1.7 \u53ca\u5176\u4e4b\u540e\u7684\u7248\u672c\u53ef\u4ee5\u901a\u8fc7 .spec.podManagementPolicy \u8bbe\u7f6e Pod \u7684\u7ba1\u7406\u7b56\u7565\uff0c\u652f\u6301\u4ee5\u4e0b\u4e24\u79cd\u65b9\u5f0f\uff1a
\u6309\u5e8f\u7b56\u7565\uff08OrderedReady\uff09 \uff1a\u9ed8\u8ba4\u7684 Pod \u7ba1\u7406\u7b56\u7565\uff0c\u8868\u793a\u6309\u987a\u5e8f\u90e8\u7f72 Pod\uff0c\u53ea\u6709\u524d\u4e00\u4e2a Pod \u90e8\u7f72 \u6210\u529f\u5b8c\u6210\u540e\uff0c\u6709\u72b6\u6001\u8d1f\u8f7d\u624d\u4f1a\u5f00\u59cb\u90e8\u7f72\u4e0b\u4e00\u4e2a Pod\u3002\u5220\u9664 Pod \u65f6\u5219\u91c7\u7528\u9006\u5e8f\uff0c\u6700\u540e\u521b\u5efa\u7684\u6700\u5148\u88ab\u5220\u9664\u3002
\u5e76\u884c\u7b56\u7565\uff08Parallel\uff09 \uff1a\u5e76\u884c\u521b\u5efa\u6216\u5220\u9664\u5bb9\u5668\uff0c\u548c Deployment \u7c7b\u578b\u7684 Pod \u4e00\u6837\u3002StatefulSet \u63a7\u5236\u5668\u5e76\u884c\u5730\u542f\u52a8\u6216\u7ec8\u6b62\u6240\u6709\u7684\u5bb9\u5668\u3002\u542f\u52a8\u6216\u8005\u7ec8\u6b62\u5176\u4ed6 Pod \u524d\uff0c\u65e0\u9700\u7b49\u5f85 Pod \u8fdb\u5165 Running \u548c ready \u6216\u8005\u5b8c\u5168\u505c\u6b62\u72b6\u6001\u3002 \u8fd9\u4e2a\u9009\u9879\u53ea\u4f1a\u5f71\u54cd\u6269\u7f29\u64cd\u4f5c\u7684\u884c\u4e3a\uff0c\u4e0d\u5f71\u54cd\u66f4\u65b0\u65f6\u7684\u987a\u5e8f\u3002
\u5177\u4f53\u8be6\u60c5\u8bf7\u53c2\u8003\u8c03\u5ea6\u7b56\u7565\u3002
![\u8c03\u5ea6\u7b56\u7565](../../../images/deploy15_1.png)\n
\u53ef\u4ee5\u70b9\u51fb \u6dfb\u52a0 \u6309\u94ae\u4e3a\u5de5\u4f5c\u8d1f\u8f7d\u548c\u5bb9\u5668\u7ec4\u6dfb\u52a0\u6807\u7b7e\u548c\u6ce8\u89e3\u3002
"},{"location":"admin/kpanda/workloads/create-statefulset.html#yaml","title":"YAML \u521b\u5efa","text":"\u9664\u4e86\u901a\u8fc7\u955c\u50cf\u65b9\u5f0f\u5916\uff0c\u8fd8\u53ef\u4ee5\u901a\u8fc7 YAML \u6587\u4ef6\u66f4\u5feb\u901f\u5730\u521b\u5efa\u521b\u5efa\u6709\u72b6\u6001\u8d1f\u8f7d\u3002
\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u4e0a\u7684 \u96c6\u7fa4\u5217\u8868 \uff0c\u7136\u540e\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u9875\u9762\u3002
\u5728\u96c6\u7fa4\u8be6\u60c5\u9875\u9762\uff0c\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u7684 \u5de5\u4f5c\u8d1f\u8f7d -> \u6709\u72b6\u6001\u8d1f\u8f7d \uff0c\u7136\u540e\u70b9\u51fb\u9875\u9762\u53f3\u4e0a\u89d2\u7684 YAML \u521b\u5efa \u6309\u94ae\u3002
\u8f93\u5165\u6216\u7c98\u8d34\u4e8b\u5148\u51c6\u5907\u597d\u7684 YAML \u6587\u4ef6\uff0c\u70b9\u51fb \u786e\u5b9a \u5373\u53ef\u5b8c\u6210\u521b\u5efa\u3002
kind: StatefulSet\napiVersion: apps/v1\nmetadata:\n name: test-mysql-123-mysql\n namespace: default\n uid: d3f45527-a0ab-4b22-9013-5842a06f4e0e\n resourceVersion: '20504385'\n generation: 1\n creationTimestamp: '2022-09-22T09:34:10Z'\n ownerReferences:\n - apiVersion: mysql.presslabs.org/v1alpha1\n kind: MysqlCluster\n name: test-mysql-123\n uid: 5e877cc3-5167-49da-904e-820940cf1a6d\n controller: true\n blockOwnerDeletion: true\nspec:\n replicas: 1\n selector:\n matchLabels:\n app.kubernetes.io/managed-by: mysql.presslabs.org\n app.kubernetes.io/name: mysql\n mysql.presslabs.org/cluster: test-mysql-123\n template:\n metadata:\n creationTimestamp: null\n labels:\n app.kubernetes.io/component: database\n app.kubernetes.io/instance: test-mysql-123\n app.kubernetes.io/managed-by: mysql.presslabs.org\n app.kubernetes.io/name: mysql\n app.kubernetes.io/version: 5.7.31\n mysql.presslabs.org/cluster: test-mysql-123\n annotations:\n config_rev: '13941099'\n prometheus.io/port: '9125'\n prometheus.io/scrape: 'true'\n secret_rev: '13941101'\n spec:\n volumes:\n - name: conf\n emptyDir: {}\n - name: init-scripts\n emptyDir: {}\n - name: config-map\n configMap:\n name: test-mysql-123-mysql\n defaultMode: 420\n - name: data\n persistentVolumeClaim:\n claimName: data\n initContainers:\n - name: init\n image: docker.m.daocloud.io/bitpoke/mysql-operator-sidecar-5.7:v0.6.1\n args:\n - clone-and-init\n envFrom:\n - secretRef:\n name: test-mysql-123-mysql-operated\n env:\n - name: MY_NAMESPACE\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n - name: MY_POD_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.name\n - name: MY_POD_IP\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: status.podIP\n - name: MY_SERVICE_NAME\n value: mysql\n - name: MY_CLUSTER_NAME\n value: test-mysql-123\n - name: MY_FQDN\n value: $(MY_POD_NAME).$(MY_SERVICE_NAME).$(MY_NAMESPACE)\n - name: MY_MYSQL_VERSION\n value: 5.7.31\n - name: BACKUP_USER\n valueFrom:\n secretKeyRef:\n name: test-mysql-123-mysql-operated\n key: BACKUP_USER\n optional: true\n - name: BACKUP_PASSWORD\n valueFrom:\n secretKeyRef:\n name: test-mysql-123-mysql-operated\n key: BACKUP_PASSWORD\n optional: true\n resources: {}\n volumeMounts:\n - name: conf\n mountPath: /etc/mysql\n - name: config-map\n mountPath: /mnt/conf\n - name: data\n mountPath: /var/lib/mysql\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: IfNotPresent\n containers:\n - name: mysql\n image: docker.m.daocloud.io/mysql:5.7.31\n ports:\n - name: mysql\n containerPort: 3306\n protocol: TCP\n env:\n - name: MY_NAMESPACE\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n - name: MY_POD_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.name\n - name: MY_POD_IP\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: status.podIP\n - name: MY_SERVICE_NAME\n value: mysql\n - name: MY_CLUSTER_NAME\n value: test-mysql-123\n - name: MY_FQDN\n value: $(MY_POD_NAME).$(MY_SERVICE_NAME).$(MY_NAMESPACE)\n - name: MY_MYSQL_VERSION\n value: 5.7.31\n - name: ORCH_CLUSTER_ALIAS\n value: test-mysql-123.default\n - name: ORCH_HTTP_API\n value: http://mysql-operator.mcamel-system/api\n - name: MYSQL_ROOT_PASSWORD\n valueFrom:\n secretKeyRef:\n name: test-mysql-123-secret\n key: ROOT_PASSWORD\n optional: false\n - name: MYSQL_USER\n valueFrom:\n secretKeyRef:\n name: test-mysql-123-secret\n key: USER\n optional: true\n - name: MYSQL_PASSWORD\n valueFrom:\n secretKeyRef:\n name: test-mysql-123-secret\n key: PASSWORD\n optional: true\n - name: MYSQL_DATABASE\n valueFrom:\n secretKeyRef:\n name: test-mysql-123-secret\n key: DATABASE\n optional: true\n resources:\n limits:\n cpu: '1'\n memory: 1Gi\n requests:\n cpu: 100m\n memory: 512Mi\n volumeMounts:\n - name: conf\n mountPath: /etc/mysql\n - name: data\n mountPath: /var/lib/mysql\n livenessProbe:\n exec:\n command:\n - mysqladmin\n - '--defaults-file=/etc/mysql/client.conf'\n - ping\n initialDelaySeconds: 60\n timeoutSeconds: 5\n periodSeconds: 5\n successThreshold: 1\n failureThreshold: 3\n readinessProbe:\n exec:\n command:\n - /bin/sh\n - '-c'\n - >-\n test $(mysql --defaults-file=/etc/mysql/client.conf -NB -e\n 'SELECT COUNT(*) FROM sys_operator.status WHERE\n name=\"configured\" AND value=\"1\"') -eq 1\n initialDelaySeconds: 5\n timeoutSeconds: 5\n periodSeconds: 2\n successThreshold: 1\n failureThreshold: 3\n lifecycle:\n preStop:\n exec:\n command:\n - bash\n - /etc/mysql/pre-shutdown-ha.sh\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: IfNotPresent\n - name: sidecar\n image: docker.m.daocloud.io/bitpoke/mysql-operator-sidecar-5.7:v0.6.1\n args:\n - config-and-serve\n ports:\n - name: sidecar-http\n containerPort: 8080\n protocol: TCP\n envFrom:\n - secretRef:\n name: test-mysql-123-mysql-operated\n env:\n - name: MY_NAMESPACE\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n - name: MY_POD_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.name\n - name: MY_POD_IP\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: status.podIP\n - name: MY_SERVICE_NAME\n value: mysql\n - name: MY_CLUSTER_NAME\n value: test-mysql-123\n - name: MY_FQDN\n value: $(MY_POD_NAME).$(MY_SERVICE_NAME).$(MY_NAMESPACE)\n - name: MY_MYSQL_VERSION\n value: 5.7.31\n - name: XTRABACKUP_TARGET_DIR\n value: /tmp/xtrabackup_backupfiles/\n resources:\n limits:\n cpu: '1'\n memory: 1Gi\n requests:\n cpu: 10m\n memory: 64Mi\n volumeMounts:\n - name: conf\n mountPath: /etc/mysql\n - name: data\n mountPath: /var/lib/mysql\n readinessProbe:\n httpGet:\n path: /health\n port: 8080\n scheme: HTTP\n initialDelaySeconds: 30\n timeoutSeconds: 5\n periodSeconds: 5\n successThreshold: 1\n failureThreshold: 3\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: IfNotPresent\n - name: metrics-exporter\n image: prom/mysqld-exporter:v0.13.0\n args:\n - '--web.listen-address=0.0.0.0:9125'\n - '--web.telemetry-path=/metrics'\n - '--collect.heartbeat'\n - '--collect.heartbeat.database=sys_operator'\n ports:\n - name: prometheus\n containerPort: 9125\n protocol: TCP\n env:\n - name: MY_NAMESPACE\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n - name: MY_POD_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.name\n - name: MY_POD_IP\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: status.podIP\n - name: MY_SERVICE_NAME\n value: mysql\n - name: MY_CLUSTER_NAME\n value: test-mysql-123\n - name: MY_FQDN\n value: $(MY_POD_NAME).$(MY_SERVICE_NAME).$(MY_NAMESPACE)\n - name: MY_MYSQL_VERSION\n value: 5.7.31\n - name: USER\n valueFrom:\n secretKeyRef:\n name: test-mysql-123-mysql-operated\n key: METRICS_EXPORTER_USER\n optional: false\n - name: PASSWORD\n valueFrom:\n secretKeyRef:\n name: test-mysql-123-mysql-operated\n key: METRICS_EXPORTER_PASSWORD\n optional: false\n - name: DATA_SOURCE_NAME\n value: $(USER):$(PASSWORD)@(127.0.0.1:3306)/\n resources:\n limits:\n cpu: 100m\n memory: 128Mi\n requests:\n cpu: 10m\n memory: 32Mi\n livenessProbe:\n httpGet:\n path: /metrics\n port: 9125\n scheme: HTTP\n initialDelaySeconds: 30\n timeoutSeconds: 30\n periodSeconds: 30\n successThreshold: 1\n failureThreshold: 3\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: IfNotPresent\n - name: pt-heartbeat\n image: docker.m.daocloud.io/bitpoke/mysql-operator-sidecar-5.7:v0.6.1\n args:\n - pt-heartbeat\n - '--update'\n - '--replace'\n - '--check-read-only'\n - '--create-table'\n - '--database'\n - sys_operator\n - '--table'\n - heartbeat\n - '--utc'\n - '--defaults-file'\n - /etc/mysql/heartbeat.conf\n - '--fail-successive-errors=20'\n env:\n - name: MY_NAMESPACE\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n - name: MY_POD_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.name\n - name: MY_POD_IP\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: status.podIP\n - name: MY_SERVICE_NAME\n value: mysql\n - name: MY_CLUSTER_NAME\n value: test-mysql-123\n - name: MY_FQDN\n value: $(MY_POD_NAME).$(MY_SERVICE_NAME).$(MY_NAMESPACE)\n - name: MY_MYSQL_VERSION\n value: 5.7.31\n resources:\n limits:\n cpu: 100m\n memory: 64Mi\n requests:\n cpu: 10m\n memory: 32Mi\n volumeMounts:\n - name: conf\n mountPath: /etc/mysql\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: IfNotPresent\n restartPolicy: Always\n terminationGracePeriodSeconds: 30\n dnsPolicy: ClusterFirst\n securityContext:\n runAsUser: 999\n fsGroup: 999\n affinity:\n podAntiAffinity:\n preferredDuringSchedulingIgnoredDuringExecution:\n - weight: 100\n podAffinityTerm:\n labelSelector:\n matchLabels:\n app.kubernetes.io/component: database\n app.kubernetes.io/instance: test-mysql-123\n app.kubernetes.io/managed-by: mysql.presslabs.org\n app.kubernetes.io/name: mysql\n app.kubernetes.io/version: 5.7.31\n mysql.presslabs.org/cluster: test-mysql-123\n topologyKey: kubernetes.io/hostname\n schedulerName: default-scheduler\n volumeClaimTemplates:\n - kind: PersistentVolumeClaim\n apiVersion: v1\n metadata:\n name: data\n creationTimestamp: null\n ownerReferences:\n - apiVersion: mysql.presslabs.org/v1alpha1\n kind: MysqlCluster\n name: test-mysql-123\n uid: 5e877cc3-5167-49da-904e-820940cf1a6d\n controller: true\n spec:\n accessModes:\n - ReadWriteOnce\n resources:\n limits:\n storage: 1Gi\n requests:\n storage: 1Gi\n storageClassName: local-path\n volumeMode: Filesystem\n status:\n phase: Pending\n serviceName: mysql\n podManagementPolicy: OrderedReady\n updateStrategy:\n type: RollingUpdate\n rollingUpdate:\n partition: 0\n revisionHistoryLimit: 10\nstatus:\n observedGeneration: 1\n replicas: 1\n readyReplicas: 1\n currentReplicas: 1\n updatedReplicas: 1\n currentRevision: test-mysql-123-mysql-6b8f5577c7\n updateRevision: test-mysql-123-mysql-6b8f5577c7\n collisionCount: 0\n availableReplicas: 1\n
"},{"location":"admin/kpanda/workloads/pod-config/env-variables.html","title":"\u914d\u7f6e\u73af\u5883\u53d8\u91cf","text":"\u73af\u5883\u53d8\u91cf\u662f\u6307\u5bb9\u5668\u8fd0\u884c\u73af\u5883\u4e2d\u8bbe\u5b9a\u7684\u4e00\u4e2a\u53d8\u91cf\uff0c\u7528\u4e8e\u7ed9 Pod \u6dfb\u52a0\u73af\u5883\u6807\u5fd7\u6216\u4f20\u9012\u914d\u7f6e\u7b49\uff0c\u652f\u6301\u901a\u8fc7\u952e\u503c\u5bf9\u7684\u5f62\u5f0f\u4e3a Pod \u914d\u7f6e\u73af\u5883\u53d8\u91cf\u3002
\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u5bb9\u5668\u7ba1\u7406\u5728\u539f\u751f Kubernetes \u7684\u57fa\u7840\u4e0a\u589e\u52a0\u4e86\u56fe\u5f62\u5316\u754c\u9762\u4e3a Pod \u914d\u7f6e\u73af\u5883\u53d8\u91cf\uff0c\u652f\u6301\u4ee5\u4e0b\u51e0\u79cd\u914d\u7f6e\u65b9\u5f0f\uff1a
\u5bb9\u5668\u5065\u5eb7\u68c0\u67e5\u6839\u636e\u7528\u6237\u9700\u6c42\uff0c\u68c0\u67e5\u5bb9\u5668\u7684\u5065\u5eb7\u72b6\u51b5\u3002\u914d\u7f6e\u540e\uff0c\u5bb9\u5668\u5185\u7684\u5e94\u7528\u7a0b\u5e8f\u5165\u5982\u679c\u5f02\u5e38\uff0c\u5bb9\u5668\u4f1a\u81ea\u52a8\u8fdb\u884c\u91cd\u542f\u6062\u590d\u3002Kubernetes \u63d0\u4f9b\u4e86\u5b58\u6d3b\uff08Liveness\uff09\u68c0\u67e5\u3001\u5c31\u7eea\uff08Readiness\uff09\u68c0\u67e5\u548c\u542f\u52a8\uff08Startup\uff09\u68c0\u67e5\u3002
\u5b58\u6d3b\u68c0\u67e5\uff08LivenessProbe\uff09 \u53ef\u63a2\u6d4b\u5230\u5e94\u7528\u6b7b\u9501\uff08\u5e94\u7528\u7a0b\u5e8f\u5728\u8fd0\u884c\uff0c\u4f46\u662f\u65e0\u6cd5\u7ee7\u7eed\u6267\u884c\u540e\u9762\u7684\u6b65\u9aa4\uff09\u60c5\u51b5\u3002 \u91cd\u542f\u8fd9\u79cd\u72b6\u6001\u4e0b\u7684\u5bb9\u5668\u6709\u52a9\u4e8e\u63d0\u9ad8\u5e94\u7528\u7684\u53ef\u7528\u6027\uff0c\u5373\u4f7f\u5176\u4e2d\u5b58\u5728\u7f3a\u9677\u3002
\u5c31\u7eea\u68c0\u67e5\uff08ReadinessProbe\uff09 \u53ef\u63a2\u77e5\u5bb9\u5668\u4f55\u65f6\u51c6\u5907\u597d\u63a5\u53d7\u8bf7\u6c42\u6d41\u91cf\uff0c\u5f53\u4e00\u4e2a Pod \u5185\u7684\u6240\u6709\u5bb9\u5668\u90fd\u5c31\u7eea\u65f6\uff0c\u624d\u80fd\u8ba4\u4e3a\u8be5 Pod \u5c31\u7eea\u3002 \u8fd9\u79cd\u4fe1\u53f7\u7684\u4e00\u4e2a\u7528\u9014\u5c31\u662f\u63a7\u5236\u54ea\u4e2a Pod \u4f5c\u4e3a Service \u7684\u540e\u7aef\u3002 \u82e5 Pod \u5c1a\u672a\u5c31\u7eea\uff0c\u4f1a\u88ab\u4ece Service \u7684\u8d1f\u8f7d\u5747\u8861\u5668\u4e2d\u5254\u9664\u3002
\u542f\u52a8\u68c0\u67e5\uff08StartupProbe\uff09 \u53ef\u4ee5\u4e86\u89e3\u5e94\u7528\u5bb9\u5668\u4f55\u65f6\u542f\u52a8\uff0c\u914d\u7f6e\u540e\uff0c\u53ef\u63a7\u5236\u5bb9\u5668\u5728\u542f\u52a8\u6210\u529f\u540e\u518d\u8fdb\u884c\u5b58\u6d3b\u6027\u548c\u5c31\u7eea\u6001\u68c0\u67e5\uff0c \u786e\u4fdd\u8fd9\u4e9b\u5b58\u6d3b\u3001\u5c31\u7eea\u63a2\u6d4b\u5668\u4e0d\u4f1a\u5f71\u54cd\u5e94\u7528\u7684\u542f\u52a8\u3002 \u542f\u52a8\u63a2\u6d4b\u53ef\u4ee5\u7528\u4e8e\u5bf9\u6162\u542f\u52a8\u5bb9\u5668\u8fdb\u884c\u5b58\u6d3b\u6027\u68c0\u6d4b\uff0c\u907f\u514d\u5b83\u4eec\u5728\u542f\u52a8\u8fd0\u884c\u4e4b\u524d\u5c31\u88ab\u6740\u6389\u3002
\u5b58\u6d3b\u68c0\u67e5\uff08LivenessProbe\uff09\u7684\u914d\u7f6e\u548c\u5c31\u7eea\u68c0\u67e5\uff08ReadinessProbe\uff09\u7684\u914d\u7f6e\u53c2\u6570\u76f8\u4f3c\uff0c \u552f\u4e00\u533a\u522b\u662f\u8981\u4f7f\u7528 readinessProbe \u5b57\u6bb5\uff0c\u800c\u4e0d\u662f livenessProbe \u5b57\u6bb5\u3002
HTTP GET \u53c2\u6570\u8bf4\u660e\uff1a
\u53c2\u6570 \u53c2\u6570\u8bf4\u660e \u8def\u5f84\uff08 Path\uff09 \u8bbf\u95ee\u7684\u8bf7\u6c42\u8def\u5f84\u3002\u5982\uff1a \u793a\u4f8b\u4e2d\u7684 /healthz \u8def\u5f84 \u7aef\u53e3(Port) \u670d\u52a1\u76d1\u542c\u7aef\u53e3\u3002 \u5982\uff1a \u793a\u4f8b\u4e2d\u7684 8080 \u7aef\u53e3 \u534f\u8bae \u8bbf\u95ee\u534f\u8bae\uff0cHttp \u6216\u8005Https \u5ef6\u8fdf\u65f6\u95f4\uff08initialDelaySeconds\uff09 \u5ef6\u8fdf\u68c0\u67e5\u65f6\u95f4\uff0c\u5355\u4f4d\u4e3a\u79d2\uff0c\u6b64\u8bbe\u7f6e\u4e0e\u4e1a\u52a1\u7a0b\u5e8f\u6b63\u5e38\u542f\u52a8\u65f6\u95f4\u76f8\u5173\u3002\u4f8b\u5982\uff0c\u8bbe\u7f6e\u4e3a30\uff0c\u8868\u660e\u5bb9\u5668\u542f\u52a8\u540e30\u79d2\u624d\u5f00\u59cb\u5065\u5eb7\u68c0\u67e5\uff0c\u8be5\u65f6\u95f4\u662f\u9884\u7559\u7ed9\u4e1a\u52a1\u7a0b\u5e8f\u542f\u52a8\u7684\u65f6\u95f4\u3002 \u8d85\u65f6\u65f6\u95f4\uff08timeoutSeconds\uff09 \u8d85\u65f6\u65f6\u95f4\uff0c\u5355\u4f4d\u4e3a\u79d2\u3002\u4f8b\u5982\uff0c\u8bbe\u7f6e\u4e3a10\uff0c\u8868\u660e\u6267\u884c\u5065\u5eb7\u68c0\u67e5\u7684\u8d85\u65f6\u7b49\u5f85\u65f6\u95f4\u4e3a10\u79d2\uff0c\u5982\u679c\u8d85\u8fc7\u8fd9\u4e2a\u65f6\u95f4\uff0c\u672c\u6b21\u5065\u5eb7\u68c0\u67e5\u5c31\u88ab\u89c6\u4e3a\u5931\u8d25\u3002\u82e5\u8bbe\u7f6e\u4e3a0\u6216\u4e0d\u8bbe\u7f6e\uff0c\u9ed8\u8ba4\u8d85\u65f6\u7b49\u5f85\u65f6\u95f4\u4e3a1\u79d2\u3002 \u8d85\u65f6\u65f6\u95f4\uff08timeoutSeconds\uff09 \u8d85\u65f6\u65f6\u95f4\uff0c\u5355\u4f4d\u4e3a\u79d2\u3002\u4f8b\u5982\uff0c\u8bbe\u7f6e\u4e3a10\uff0c\u8868\u660e\u6267\u884c\u5065\u5eb7\u68c0\u67e5\u7684\u8d85\u65f6\u7b49\u5f85\u65f6\u95f4\u4e3a10\u79d2\uff0c\u5982\u679c\u8d85\u8fc7\u8fd9\u4e2a\u65f6\u95f4\uff0c\u672c\u6b21\u5065\u5eb7\u68c0\u67e5\u5c31\u88ab\u89c6\u4e3a\u5931\u8d25\u3002\u82e5\u8bbe\u7f6e\u4e3a0\u6216\u4e0d\u8bbe\u7f6e\uff0c\u9ed8\u8ba4\u8d85\u65f6\u7b49\u5f85\u65f6\u95f4\u4e3a1\u79d2\u3002 \u6210\u529f\u9608\u503c\uff08successThreshold\uff09 \u63a2\u6d4b\u5931\u8d25\u540e\uff0c\u88ab\u89c6\u4e3a\u6210\u529f\u7684\u6700\u5c0f\u8fde\u7eed\u6210\u529f\u6570\u3002\u9ed8\u8ba4\u503c\u662f 1\uff0c\u6700\u5c0f\u503c\u662f 1\u3002\u5b58\u6d3b\u548c\u542f\u52a8\u63a2\u6d4b\u7684\u8fd9\u4e2a\u503c\u5fc5\u987b\u662f 1\u3002 \u6700\u5927\u5931\u8d25\u6b21\u6570\uff08failureThreshold\uff09 \u5f53\u63a2\u6d4b\u5931\u8d25\u65f6\u91cd\u8bd5\u7684\u6b21\u6570\u3002\u5b58\u6d3b\u63a2\u6d4b\u60c5\u51b5\u4e0b\u7684\u653e\u5f03\u5c31\u610f\u5473\u7740\u91cd\u65b0\u542f\u52a8\u5bb9\u5668\u3002\u5c31\u7eea\u63a2\u6d4b\u60c5\u51b5\u4e0b\u7684\u653e\u5f03 Pod \u4f1a\u88ab\u6253\u4e0a\u672a\u5c31\u7eea\u7684\u6807\u7b7e\u3002\u9ed8\u8ba4\u503c\u662f 3\u3002\u6700\u5c0f\u503c\u662f 1\u3002"},{"location":"admin/kpanda/workloads/pod-config/health-check.html#http-get","title":"\u4f7f\u7528 HTTP GET \u8bf7\u6c42\u68c0\u67e5","text":"YAML \u793a\u4f8b\uff1a
apiVersion: v1\nkind: Pod\nmetadata:\n labels:\n test: liveness\n name: liveness-http\nspec:\n containers:\n - name: liveness\n image: k8s.gcr.io/liveness\n args:\n - /server\n livenessProbe:\n httpGet:\n path: /healthz # \u8bbf\u95ee\u7684\u8bf7\u6c42\u8def\u5f84\n port: 8080 # \u670d\u52a1\u76d1\u542c\u7aef\u53e3\n httpHeaders:\n - name: Custom-Header\n value: Awesome\n initialDelaySeconds: 3 # kubelet \u5728\u6267\u884c\u7b2c\u4e00\u6b21\u63a2\u6d4b\u524d\u5e94\u8be5\u7b49\u5f85 3 \u79d2\n periodSeconds: 3 # kubelet \u6bcf\u9694 3 \u79d2\u6267\u884c\u4e00\u6b21\u5b58\u6d3b\u63a2\u6d4b\n
\u6309\u7167\u8bbe\u5b9a\u7684\u89c4\u5219\uff0ckubelet \u5411\u5bb9\u5668\u5185\u8fd0\u884c\u7684\u670d\u52a1\uff08\u670d\u52a1\u5728\u76d1\u542c 8080 \u7aef\u53e3\uff09\u53d1\u9001\u4e00\u4e2a HTTP GET \u8bf7\u6c42\u6765\u6267\u884c\u63a2\u6d4b\u3002\u5982\u679c\u670d\u52a1\u5668\u4e0a /healthz \u8def\u5f84\u4e0b\u7684\u5904\u7406\u7a0b\u5e8f\u8fd4\u56de\u6210\u529f\u4ee3\u7801\uff0c\u5219 kubelet \u8ba4\u4e3a\u5bb9\u5668\u662f\u5065\u5eb7\u5b58\u6d3b\u7684\u3002 \u5982\u679c\u5904\u7406\u7a0b\u5e8f\u8fd4\u56de\u5931\u8d25\u4ee3\u7801\uff0c\u5219 kubelet \u4f1a\u6740\u6b7b\u8fd9\u4e2a\u5bb9\u5668\u5e76\u5c06\u5176\u91cd\u542f\u3002\u8fd4\u56de\u5927\u4e8e\u6216\u7b49\u4e8e 200 \u5e76\u4e14\u5c0f\u4e8e 400 \u7684\u4efb\u4f55\u4ee3\u7801\u90fd\u6807\u793a\u6210\u529f\uff0c\u5176\u5b83\u8fd4\u56de\u4ee3\u7801\u90fd\u6807\u793a\u5931\u8d25\u3002 \u5bb9\u5668\u5b58\u6d3b\u671f\u95f4\u7684\u6700\u5f00\u59cb 10 \u79d2\u4e2d\uff0c /healthz \u5904\u7406\u7a0b\u5e8f\u8fd4\u56de 200 \u7684\u72b6\u6001\u7801\u3002 \u4e4b\u540e\u5904\u7406\u7a0b\u5e8f\u8fd4\u56de 500 \u7684\u72b6\u6001\u7801\u3002
"},{"location":"admin/kpanda/workloads/pod-config/health-check.html#tcp","title":"\u4f7f\u7528 TCP \u7aef\u53e3\u68c0\u67e5","text":"TCP \u7aef\u53e3\u53c2\u6570\u8bf4\u660e\uff1a
\u53c2\u6570 \u53c2\u6570\u8bf4\u660e \u7aef\u53e3(Port) \u670d\u52a1\u76d1\u542c\u7aef\u53e3\u3002 \u5982\uff1a \u793a\u4f8b\u4e2d\u7684 8080 \u7aef\u53e3 \u5ef6\u8fdf\u65f6\u95f4\uff08initialDelaySeconds\uff09 \u5ef6\u8fdf\u68c0\u67e5\u65f6\u95f4\uff0c\u5355\u4f4d\u4e3a\u79d2\uff0c\u6b64\u8bbe\u7f6e\u4e0e\u4e1a\u52a1\u7a0b\u5e8f\u6b63\u5e38\u542f\u52a8\u65f6\u95f4\u76f8\u5173\u3002\u4f8b\u5982\uff0c\u8bbe\u7f6e\u4e3a30\uff0c\u8868\u660e\u5bb9\u5668\u542f\u52a8\u540e30\u79d2\u624d\u5f00\u59cb\u5065\u5eb7\u68c0\u67e5\uff0c\u8be5\u65f6\u95f4\u662f\u9884\u7559\u7ed9\u4e1a\u52a1\u7a0b\u5e8f\u542f\u52a8\u7684\u65f6\u95f4\u3002 \u8d85\u65f6\u65f6\u95f4\uff08timeoutSeconds\uff09 \u8d85\u65f6\u65f6\u95f4\uff0c\u5355\u4f4d\u4e3a\u79d2\u3002\u4f8b\u5982\uff0c\u8bbe\u7f6e\u4e3a10\uff0c\u8868\u660e\u6267\u884c\u5065\u5eb7\u68c0\u67e5\u7684\u8d85\u65f6\u7b49\u5f85\u65f6\u95f4\u4e3a10\u79d2\uff0c\u5982\u679c\u8d85\u8fc7\u8fd9\u4e2a\u65f6\u95f4\uff0c\u672c\u6b21\u5065\u5eb7\u68c0\u67e5\u5c31\u88ab\u89c6\u4e3a\u5931\u8d25\u3002\u82e5\u8bbe\u7f6e\u4e3a0\u6216\u4e0d\u8bbe\u7f6e\uff0c\u9ed8\u8ba4\u8d85\u65f6\u7b49\u5f85\u65f6\u95f4\u4e3a1\u79d2\u3002\u5bf9\u4e8e\u63d0\u4f9bTCP\u901a\u4fe1\u670d\u52a1\u7684\u5bb9\u5668\uff0c\u57fa\u4e8e\u6b64\u914d\u7f6e\uff0c\u6309\u7167\u8bbe\u5b9a\u89c4\u5219\u96c6\u7fa4\u5bf9\u8be5\u5bb9\u5668\u5efa\u7acbTCP\u8fde\u63a5\uff0c\u5982\u679c\u8fde\u63a5\u6210\u529f\uff0c\u5219\u8bc1\u660e\u63a2\u6d4b\u6210\u529f\uff0c\u5426\u5219\u63a2\u6d4b\u5931\u8d25\u3002\u9009\u62e9TCP\u7aef\u53e3\u63a2\u6d4b\u65b9\u5f0f\uff0c\u5fc5\u987b\u6307\u5b9a\u5bb9\u5668\u76d1\u542c\u7684\u7aef\u53e3\u3002
YAML \u793a\u4f8b\uff1a
apiVersion: v1\nkind: Pod\nmetadata:\n name: goproxy\n labels:\n app: goproxy\nspec:\n containers:\n - name: goproxy\n image: k8s.gcr.io/goproxy:0.1\n ports:\n - containerPort: 8080\n readinessProbe:\n tcpSocket:\n port: 8080\n initialDelaySeconds: 5\n periodSeconds: 10\n livenessProbe:\n tcpSocket:\n port: 8080\n initialDelaySeconds: 15\n periodSeconds: 20\n
\u6b64\u793a\u4f8b\u540c\u65f6\u4f7f\u7528\u5c31\u7eea\u548c\u5b58\u6d3b\u63a2\u9488\u3002kubelet \u5728\u5bb9\u5668\u542f\u52a8 5 \u79d2\u540e\u53d1\u9001\u7b2c\u4e00\u4e2a\u5c31\u7eea\u63a2\u6d4b\u3002 \u5c1d\u8bd5\u8fde\u63a5 goproxy \u5bb9\u5668\u7684 8080 \u7aef\u53e3\uff0c \u5982\u679c\u63a2\u6d4b\u6210\u529f\uff0c\u8fd9\u4e2a Pod \u4f1a\u88ab\u6807\u8bb0\u4e3a\u5c31\u7eea\u72b6\u6001\uff0ckubelet \u5c06\u7ee7\u7eed\u6bcf\u9694 10 \u79d2\u8fd0\u884c\u4e00\u6b21\u68c0\u6d4b\u3002
\u9664\u4e86\u5c31\u7eea\u63a2\u6d4b\uff0c\u8fd9\u4e2a\u914d\u7f6e\u5305\u62ec\u4e86\u4e00\u4e2a\u5b58\u6d3b\u63a2\u6d4b\u3002 kubelet \u4f1a\u5728\u5bb9\u5668\u542f\u52a8 15 \u79d2\u540e\u8fdb\u884c\u7b2c\u4e00\u6b21\u5b58\u6d3b\u63a2\u6d4b\u3002 \u5c31\u7eea\u63a2\u6d4b\u4f1a\u5c1d\u8bd5\u8fde\u63a5 goproxy \u5bb9\u5668\u7684 8080 \u7aef\u53e3\u3002 \u5982\u679c\u5b58\u6d3b\u63a2\u6d4b\u5931\u8d25\uff0c\u5bb9\u5668\u4f1a\u88ab\u91cd\u65b0\u542f\u52a8\u3002
"},{"location":"admin/kpanda/workloads/pod-config/health-check.html#_3","title":"\u6267\u884c\u547d\u4ee4\u68c0\u67e5","text":"YAML \u793a\u4f8b:
apiVersion: v1\nkind: Pod\nmetadata:\n labels:\n test: liveness\n name: liveness-exec\nspec:\n containers:\n - name: liveness\n image: k8s.gcr.io/busybox\n args:\n - /bin/sh\n - -c\n - touch /tmp/healthy; sleep 30; rm -f /tmp/healthy; sleep 600\n livenessProbe:\n exec:\n command:\n - cat\n - /tmp/healthy\n initialDelaySeconds: 5 # kubelet \u5728\u6267\u884c\u7b2c\u4e00\u6b21\u63a2\u6d4b\u524d\u7b49\u5f85 5 \u79d2\n periodSeconds: 5 #kubelet \u6bcf 5 \u79d2\u6267\u884c\u4e00\u6b21\u5b58\u6d3b\u63a2\u6d4b\n
periodSeconds \u5b57\u6bb5\u6307\u5b9a\u4e86 kubelet \u6bcf 5 \u79d2\u6267\u884c\u4e00\u6b21\u5b58\u6d3b\u63a2\u6d4b\uff0c initialDelaySeconds \u5b57\u6bb5\u6307\u5b9a kubelet \u5728\u6267\u884c\u7b2c\u4e00\u6b21\u63a2\u6d4b\u524d\u7b49\u5f85 5 \u79d2\u3002\u6309\u7167\u8bbe\u5b9a\u89c4\u5219\uff0c\u96c6\u7fa4\u5468\u671f\u6027\u7684\u901a\u8fc7 kubelet \u5728\u5bb9\u5668\u5185\u6267\u884c\u547d\u4ee4 cat /tmp/healthy \u6765\u8fdb\u884c\u63a2\u6d4b\u3002 \u5982\u679c\u547d\u4ee4\u6267\u884c\u6210\u529f\u5e76\u4e14\u8fd4\u56de\u503c\u4e3a 0\uff0ckubelet \u5c31\u4f1a\u8ba4\u4e3a\u8fd9\u4e2a\u5bb9\u5668\u662f\u5065\u5eb7\u5b58\u6d3b\u7684\u3002 \u5982\u679c\u8fd9\u4e2a\u547d\u4ee4\u8fd4\u56de\u975e 0 \u503c\uff0ckubelet \u4f1a\u6740\u6b7b\u8fd9\u4e2a\u5bb9\u5668\u5e76\u91cd\u65b0\u542f\u52a8\u5b83\u3002
"},{"location":"admin/kpanda/workloads/pod-config/health-check.html#_4","title":"\u4f7f\u7528\u542f\u52a8\u524d\u68c0\u67e5\u4fdd\u62a4\u6162\u542f\u52a8\u5bb9\u5668","text":"\u6709\u4e9b\u5e94\u7528\u5728\u542f\u52a8\u65f6\u9700\u8981\u8f83\u957f\u7684\u521d\u59cb\u5316\u65f6\u95f4\uff0c\u9700\u8981\u4f7f\u7528\u76f8\u540c\u7684\u547d\u4ee4\u6765\u8bbe\u7f6e\u542f\u52a8\u63a2\u6d4b\uff0c\u9488\u5bf9 HTTP \u6216 TCP \u68c0\u6d4b\uff0c\u53ef\u4ee5\u901a\u8fc7\u5c06 failureThreshold * periodSeconds \u53c2\u6570\u8bbe\u7f6e\u4e3a\u8db3\u591f\u957f\u7684\u65f6\u95f4\u6765\u5e94\u5bf9\u542f\u52a8\u9700\u8981\u8f83\u957f\u65f6\u95f4\u7684\u573a\u666f\u3002
YAML \u793a\u4f8b\uff1a
ports:\n- name: liveness-port\n containerPort: 8080\n hostPort: 8080\n\nlivenessProbe:\n httpGet:\n path: /healthz\n port: liveness-port\n failureThreshold: 1\n periodSeconds: 10\n\nstartupProbe:\n httpGet:\n path: /healthz\n port: liveness-port\n failureThreshold: 30\n periodSeconds: 10\n
\u5982\u4e0a\u8bbe\u7f6e\uff0c\u5e94\u7528\u5c06\u6709\u6700\u591a 5 \u5206\u949f\uff0830 * 10 = 300s\uff09\u7684\u65f6\u95f4\u6765\u5b8c\u6210\u542f\u52a8\u8fc7\u7a0b\uff0c \u4e00\u65e6\u542f\u52a8\u63a2\u6d4b\u6210\u529f\uff0c\u5b58\u6d3b\u63a2\u6d4b\u4efb\u52a1\u5c31\u4f1a\u63a5\u7ba1\u5bf9\u5bb9\u5668\u7684\u63a2\u6d4b\uff0c\u5bf9\u5bb9\u5668\u6b7b\u9501\u4f5c\u51fa\u5feb\u901f\u54cd\u5e94\u3002 \u5982\u679c\u542f\u52a8\u63a2\u6d4b\u4e00\u76f4\u6ca1\u6709\u6210\u529f\uff0c\u5bb9\u5668\u4f1a\u5728 300 \u79d2\u540e\u88ab\u6740\u6b7b\uff0c\u5e76\u4e14\u6839\u636e restartPolicy \u6765 \u6267\u884c\u8fdb\u4e00\u6b65\u5904\u7f6e\u3002
"},{"location":"admin/kpanda/workloads/pod-config/job-parameters.html","title":"\u4efb\u52a1\u53c2\u6570\u8bf4\u660e","text":"\u6839\u636e .spec.completions \u548c .spec.Parallelism \u7684\u8bbe\u7f6e\uff0c\u53ef\u4ee5\u5c06\u4efb\u52a1\uff08Job\uff09\u5212\u5206\u4e3a\u4ee5\u4e0b\u51e0\u79cd\u7c7b\u578b:
Job \u7c7b\u578b \u8bf4\u660e \u975e\u5e76\u884c Job \u521b\u5efa\u4e00\u4e2a Pod \u76f4\u81f3\u5176 Job \u6210\u529f\u7ed3\u675f \u5177\u6709\u786e\u5b9a\u5b8c\u6210\u8ba1\u6570\u7684\u5e76\u884c Job \u5f53\u6210\u529f\u7684 Pod \u4e2a\u6570\u8fbe\u5230 .spec.completions \u65f6\uff0cJob \u88ab\u89c6\u4e3a\u5b8c\u6210 \u5e76\u884c Job \u521b\u5efa\u4e00\u4e2a\u6216\u591a\u4e2a Pod \u76f4\u81f3\u6709\u4e00\u4e2a\u6210\u529f\u7ed3\u675f\u53c2\u6570\u8bf4\u660e
RestartPolicy \u521b\u5efa\u4e00\u4e2a Pod \u76f4\u81f3\u5176\u6210\u529f\u7ed3\u675f .spec.completions \u8868\u793a Job \u7ed3\u675f\u9700\u8981\u6210\u529f\u8fd0\u884c\u7684 Pod \u4e2a\u6570\uff0c\u9ed8\u8ba4\u4e3a 1 .spec.parallelism \u8868\u793a\u5e76\u884c\u8fd0\u884c\u7684 Pod \u7684\u4e2a\u6570\uff0c\u9ed8\u8ba4\u4e3a 1 spec.backoffLimit \u8868\u793a\u5931\u8d25 Pod \u7684\u91cd\u8bd5\u6700\u5927\u6b21\u6570\uff0c\u8d85\u8fc7\u8fd9\u4e2a\u6b21\u6570\u4e0d\u4f1a\u7ee7\u7eed\u91cd\u8bd5\u3002 .spec.activeDeadlineSeconds \u8868\u793a Pod \u8fd0\u884c\u65f6\u95f4\uff0c\u4e00\u65e6\u8fbe\u5230\u8fd9\u4e2a\u65f6\u95f4\uff0cJob \u5373\u5176\u6240\u6709\u7684 Pod \u90fd\u4f1a\u505c\u6b62\u3002\u4e14activeDeadlineSeconds \u4f18\u5148\u7ea7\u9ad8\u4e8e backoffLimit\uff0c\u5373\u5230\u8fbe activeDeadlineSeconds \u7684 Job \u4f1a\u5ffd\u7565backoffLimit \u7684\u8bbe\u7f6e\u3002\u4ee5\u4e0b\u662f\u4e00\u4e2a Job \u914d\u7f6e\u793a\u4f8b\uff0c\u4fdd\u5b58\u5728 myjob.yaml \u4e2d\uff0c\u5176\u8ba1\u7b97 \u03c0 \u5230 2000 \u4f4d\u5e76\u6253\u5370\u8f93\u51fa\u3002
apiVersion: batch/v1\nkind: Job #\u5f53\u524d\u8d44\u6e90\u7684\u7c7b\u578b\nmetadata:\n name: myjob\nspec:\n completions: 50 # Job\u7ed3\u675f\u9700\u8981\u8fd0\u884c50\u4e2aPod\uff0c\u8fd9\u4e2a\u793a\u4f8b\u4e2d\u5c31\u662f\u6253\u5370\u03c0 50\u6b21\n parallelism: 5 # \u5e76\u884c5\u4e2aPod\n backoffLimit: 5 # \u6700\u591a\u91cd\u8bd55\u6b21\n template:\n spec:\n containers:\n - name: pi\n image: perl\n command: [\"perl\", \"-Mbignum=bpi\", \"-wle\", \"print bpi(2000)\"]\n restartPolicy: Never #\u91cd\u542f\u7b56\u7565\n
\u76f8\u5173\u547d\u4ee4
kubectl apply -f myjob.yaml #\u542f\u52a8 job\nkubectl get job #\u67e5\u770b\u8fd9\u4e2ajob\nkubectl logs myjob-1122dswzs \u67e5\u770bJob Pod \u7684\u65e5\u5fd7\n
"},{"location":"admin/kpanda/workloads/pod-config/lifecycle.html","title":"\u914d\u7f6e\u5bb9\u5668\u751f\u547d\u5468\u671f","text":"Pod \u9075\u5faa\u4e00\u4e2a\u9884\u5b9a\u4e49\u7684\u751f\u547d\u5468\u671f\uff0c\u8d77\u59cb\u4e8e Pending \u9636\u6bb5\uff0c\u5982\u679c Pod \u5185\u81f3\u5c11\u6709\u4e00\u4e2a\u5bb9\u5668\u6b63\u5e38\u542f\u52a8\uff0c\u5219\u8fdb\u5165 Running \u72b6\u6001\u3002\u5982\u679c Pod \u4e2d\u6709\u5bb9\u5668\u4ee5\u5931\u8d25\u72b6\u6001\u7ed3\u675f\uff0c\u5219\u72b6\u6001\u53d8\u4e3a Failed \u3002\u4ee5\u4e0b phase \u5b57\u6bb5\u503c\u8868\u660e\u4e86\u4e00\u4e2a Pod \u5904\u4e8e\u751f\u547d\u5468\u671f\u7684\u54ea\u4e2a\u9636\u6bb5\u3002
\u503c \u63cf\u8ff0 Pending \uff08\u60ac\u51b3\uff09 Pod \u5df2\u88ab\u7cfb\u7edf\u63a5\u53d7\uff0c\u4f46\u6709\u4e00\u4e2a\u6216\u8005\u591a\u4e2a\u5bb9\u5668\u5c1a\u672a\u521b\u5efa\u4ea6\u672a\u8fd0\u884c\u3002\u8fd9\u4e2a\u9636\u6bb5\u5305\u62ec\u7b49\u5f85 Pod \u88ab\u8c03\u5ea6\u7684\u65f6\u95f4\u548c\u901a\u8fc7\u7f51\u7edc\u4e0b\u8f7d\u955c\u50cf\u7684\u65f6\u95f4\u3002 Running \uff08\u8fd0\u884c\u4e2d\uff09 Pod \u5df2\u7ecf\u7ed1\u5b9a\u5230\u4e86\u67d0\u4e2a\u8282\u70b9\uff0cPod \u4e2d\u7684\u6240\u6709\u5bb9\u5668\u90fd\u5df2\u88ab\u521b\u5efa\u3002\u81f3\u5c11\u6709\u4e00\u4e2a\u5bb9\u5668\u4ecd\u5728\u8fd0\u884c\uff0c\u6216\u8005\u6b63\u5904\u4e8e\u542f\u52a8\u6216\u91cd\u542f\u72b6\u6001\u3002 Succeeded \uff08\u6210\u529f\uff09 Pod \u4e2d\u7684\u6240\u6709\u5bb9\u5668\u90fd\u5df2\u6210\u529f\u7ec8\u6b62\uff0c\u5e76\u4e14\u4e0d\u4f1a\u518d\u91cd\u542f\u3002 Failed \uff08\u5931\u8d25\uff09 Pod \u4e2d\u7684\u6240\u6709\u5bb9\u5668\u90fd\u5df2\u7ec8\u6b62\uff0c\u5e76\u4e14\u81f3\u5c11\u6709\u4e00\u4e2a\u5bb9\u5668\u662f\u56e0\u4e3a\u5931\u8d25\u800c\u7ec8\u6b62\u3002\u4e5f\u5c31\u662f\u8bf4\uff0c\u5bb9\u5668\u4ee5\u975e 0 \u72b6\u6001\u9000\u51fa\u6216\u8005\u88ab\u7cfb\u7edf\u7ec8\u6b62\u3002 Unknown \uff08\u672a\u77e5\uff09 \u56e0\u4e3a\u67d0\u4e9b\u539f\u56e0\u65e0\u6cd5\u53d6\u5f97 Pod \u7684\u72b6\u6001\uff0c\u8fd9\u79cd\u60c5\u51b5\u901a\u5e38\u662f\u56e0\u4e3a\u4e0e Pod \u6240\u5728\u4e3b\u673a\u901a\u4fe1\u5931\u8d25\u6240\u81f4\u3002\u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u5bb9\u5668\u7ba1\u7406\u4e2d\u521b\u5efa\u4e00\u4e2a\u5de5\u4f5c\u8d1f\u8f7d\u65f6\uff0c\u901a\u5e38\u4f7f\u7528\u955c\u50cf\u6765\u6307\u5b9a\u5bb9\u5668\u4e2d\u7684\u8fd0\u884c\u73af\u5883\u3002\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u5728\u6784\u5efa\u955c\u50cf\u65f6\uff0c\u53ef\u4ee5\u901a\u8fc7 Entrypoint \u548c CMD \u4e24\u4e2a\u5b57\u6bb5\u6765\u5b9a\u4e49\u5bb9\u5668\u8fd0\u884c\u65f6\u6267\u884c\u7684\u547d\u4ee4\u548c\u53c2\u6570\u3002\u5982\u679c\u9700\u8981\u66f4\u6539\u5bb9\u5668\u955c\u50cf\u542f\u52a8\u524d\u3001\u542f\u52a8\u540e\u3001\u505c\u6b62\u524d\u7684\u547d\u4ee4\u548c\u53c2\u6570\uff0c\u53ef\u4ee5\u901a\u8fc7\u8bbe\u7f6e\u5bb9\u5668\u7684\u751f\u547d\u5468\u671f\u4e8b\u4ef6\u547d\u4ee4\u548c\u53c2\u6570\uff0c\u6765\u8986\u76d6\u955c\u50cf\u4e2d\u9ed8\u8ba4\u7684\u547d\u4ee4\u548c\u53c2\u6570\u3002
"},{"location":"admin/kpanda/workloads/pod-config/lifecycle.html#_2","title":"\u751f\u547d\u5468\u671f\u914d\u7f6e","text":"\u6839\u636e\u4e1a\u52a1\u9700\u8981\u5bf9\u5bb9\u5668\u7684\u542f\u52a8\u547d\u4ee4\u3001\u542f\u52a8\u540e\u547d\u4ee4\u3001\u505c\u6b62\u524d\u547d\u4ee4\u8fdb\u884c\u914d\u7f6e\u3002
\u53c2\u6570 \u8bf4\u660e \u4e3e\u4f8b\u503c \u542f\u52a8\u547d\u4ee4 \u3010\u7c7b\u578b\u3011\u9009\u586b\u3010\u542b\u4e49\u3011\u5bb9\u5668\u5c06\u6309\u7167\u542f\u52a8\u547d\u4ee4\u8fdb\u884c\u542f\u52a8\u3002 \u542f\u52a8\u540e\u547d\u4ee4 \u3010\u7c7b\u578b\u3011\u9009\u586b\u3010\u542b\u4e49\u3011\u5bb9\u5668\u542f\u52a8\u540e\u51fa\u53d1\u7684\u547d\u4ee4 \u505c\u6b62\u524d\u547d\u4ee4 \u3010\u7c7b\u578b\u3011\u9009\u586b\u3010\u542b\u4e49\u3011\u5bb9\u5668\u5728\u6536\u5230\u505c\u6b62\u547d\u4ee4\u540e\u6267\u884c\u7684\u547d\u4ee4\u3002\u786e\u4fdd\u5347\u7ea7\u6216\u5b9e\u4f8b\u5220\u9664\u65f6\u53ef\u63d0\u524d\u5c06\u5b9e\u4f8b\u4e2d\u8fd0\u884c\u7684\u4e1a\u52a1\u6392\u6c34\u3002 --"},{"location":"admin/kpanda/workloads/pod-config/lifecycle.html#_3","title":"\u542f\u52a8\u547d\u4ee4","text":"\u6839\u636e\u4e0b\u8868\u5bf9\u542f\u52a8\u547d\u4ee4\u8fdb\u884c\u914d\u7f6e\u3002
\u53c2\u6570 \u8bf4\u660e \u4e3e\u4f8b\u503c \u8fd0\u884c\u547d\u4ee4 \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u8f93\u5165\u53ef\u6267\u884c\u7684\u547d\u4ee4\uff0c\u591a\u4e2a\u547d\u4ee4\u4e4b\u95f4\u7528\u7a7a\u683c\u8fdb\u884c\u5206\u5272\uff0c\u5982\u547d\u4ee4\u672c\u8eab\u5e26\u7a7a\u683c\uff0c\u5219\u9700\u8981\u52a0\uff08\u201c\u201d\uff09\u3002\u3010\u542b\u4e49\u3011\u591a\u547d\u4ee4\u65f6\uff0c\u8fd0\u884c\u547d\u4ee4\u5efa\u8bae\u7528/bin/sh\u6216\u5176\u4ed6\u7684shell\uff0c\u5176\u4ed6\u5168\u90e8\u547d\u4ee4\u4f5c\u4e3a\u53c2\u6570\u6765\u4f20\u5165\u3002 /run/server \u8fd0\u884c\u53c2\u6570 \u3010\u7c7b\u578b\u3011\u9009\u586b\u3010\u542b\u4e49\u3011\u8f93\u5165\u63a7\u5236\u5bb9\u5668\u8fd0\u884c\u547d\u4ee4\u53c2\u6570\u3002 port=8080"},{"location":"admin/kpanda/workloads/pod-config/lifecycle.html#_4","title":"\u542f\u52a8\u540e\u547d\u4ee4","text":"\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u63d0\u4f9b\u547d\u4ee4\u884c\u811a\u672c\u548c HTTP \u8bf7\u6c42\u4e24\u79cd\u5904\u7406\u7c7b\u578b\u5bf9\u542f\u52a8\u540e\u547d\u4ee4\u8fdb\u884c\u914d\u7f6e\u3002\u60a8\u53ef\u4ee5\u6839\u636e\u4e0b\u8868\u9009\u62e9\u9002\u5408\u60a8\u7684\u914d\u7f6e\u65b9\u5f0f\u3002
\u547d\u4ee4\u884c\u811a\u672c\u914d\u7f6e
\u53c2\u6570 \u8bf4\u660e \u4e3e\u4f8b\u503c \u8fd0\u884c\u547d\u4ee4 \u3010\u7c7b\u578b\u3011\u9009\u586b\u3010\u542b\u4e49\u3011\u8f93\u5165\u53ef\u6267\u884c\u7684\u547d\u4ee4\uff0c\u591a\u4e2a\u547d\u4ee4\u4e4b\u95f4\u7528\u7a7a\u683c\u8fdb\u884c\u5206\u5272\uff0c\u5982\u547d\u4ee4\u672c\u8eab\u5e26\u7a7a\u683c\uff0c\u5219\u9700\u8981\u52a0\uff08\u201c\u201d\uff09\u3002\u3010\u542b\u4e49\u3011\u591a\u547d\u4ee4\u65f6\uff0c\u8fd0\u884c\u547d\u4ee4\u5efa\u8bae\u7528/bin/sh\u6216\u5176\u4ed6\u7684shell\uff0c\u5176\u4ed6\u5168\u90e8\u547d\u4ee4\u4f5c\u4e3a\u53c2\u6570\u6765\u4f20\u5165\u3002 /run/server \u8fd0\u884c\u53c2\u6570 \u3010\u7c7b\u578b\u3011\u9009\u586b\u3010\u542b\u4e49\u3011\u8f93\u5165\u63a7\u5236\u5bb9\u5668\u8fd0\u884c\u547d\u4ee4\u53c2\u6570\u3002 port=8080"},{"location":"admin/kpanda/workloads/pod-config/lifecycle.html#_5","title":"\u505c\u6b62\u524d\u547d\u4ee4","text":"\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u63d0\u4f9b\u547d\u4ee4\u884c\u811a\u672c\u548c HTTP \u8bf7\u6c42\u4e24\u79cd\u5904\u7406\u7c7b\u578b\u5bf9\u505c\u6b62\u524d\u547d\u4ee4\u8fdb\u884c\u914d\u7f6e\u3002\u60a8\u53ef\u4ee5\u6839\u636e\u4e0b\u8868\u9009\u62e9\u9002\u5408\u60a8\u7684\u914d\u7f6e\u65b9\u5f0f\u3002
HTTP \u8bf7\u6c42\u914d\u7f6e
\u53c2\u6570 \u8bf4\u660e \u4e3e\u4f8b\u503c URL \u8def\u5f84 \u3010\u7c7b\u578b\u3011\u9009\u586b\u3010\u542b\u4e49\u3011\u8bf7\u6c42\u7684URL\u8def\u5f84\u3002\u3010\u542b\u4e49\u3011\u591a\u547d\u4ee4\u65f6\uff0c\u8fd0\u884c\u547d\u4ee4\u5efa\u8bae\u7528/bin/sh\u6216\u5176\u4ed6\u7684shell\uff0c\u5176\u4ed6\u5168\u90e8\u547d\u4ee4\u4f5c\u4e3a\u53c2\u6570\u6765\u4f20\u5165\u3002 /run/server \u7aef\u53e3 \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u8bf7\u6c42\u7684\u7aef\u53e3\u3002 port=8080 \u8282\u70b9\u5730\u5740 \u3010\u7c7b\u578b\u3011\u9009\u586b\u3010\u542b\u4e49\u3011\u8bf7\u6c42\u7684 IP \u5730\u5740\uff0c\u9ed8\u8ba4\u662f\u5bb9\u5668\u6240\u5728\u7684\u8282\u70b9 IP\u3002 --"},{"location":"admin/kpanda/workloads/pod-config/scheduling-policy.html","title":"\u8c03\u5ea6\u7b56\u7565","text":"\u5728 Kubernetes \u96c6\u7fa4\u4e2d\uff0c\u8282\u70b9\u4e5f\u6709\u6807\u7b7e\u3002\u60a8\u53ef\u4ee5\u624b\u52a8\u6dfb\u52a0\u6807\u7b7e\u3002 Kubernetes \u4e5f\u4f1a\u4e3a\u96c6\u7fa4\u4e2d\u6240\u6709\u8282\u70b9\u6dfb\u52a0\u4e00\u4e9b\u6807\u51c6\u7684\u6807\u7b7e\u3002\u53c2\u89c1\u5e38\u7528\u7684\u6807\u7b7e\u3001\u6ce8\u89e3\u548c\u6c61\u70b9\u4ee5\u4e86\u89e3\u5e38\u89c1\u7684\u8282\u70b9\u6807\u7b7e\u3002\u901a\u8fc7\u4e3a\u8282\u70b9\u6dfb\u52a0\u6807\u7b7e\uff0c\u60a8\u53ef\u4ee5\u8ba9 Pod \u8c03\u5ea6\u5230\u7279\u5b9a\u8282\u70b9\u6216\u8282\u70b9\u7ec4\u4e0a\u3002\u60a8\u53ef\u4ee5\u4f7f\u7528\u8fd9\u4e2a\u529f\u80fd\u6765\u786e\u4fdd\u7279\u5b9a\u7684 Pod \u53ea\u80fd\u8fd0\u884c\u5728\u5177\u6709\u4e00\u5b9a\u9694\u79bb\u6027\uff0c\u5b89\u5168\u6027\u6216\u76d1\u7ba1\u5c5e\u6027\u7684\u8282\u70b9\u4e0a\u3002
nodeSelector \u662f\u8282\u70b9\u9009\u62e9\u7ea6\u675f\u7684\u6700\u7b80\u5355\u63a8\u8350\u5f62\u5f0f\u3002\u60a8\u53ef\u4ee5\u5c06 nodeSelector \u5b57\u6bb5\u6dfb\u52a0\u5230 Pod \u7684\u89c4\u7ea6\u4e2d\u8bbe\u7f6e\u60a8\u5e0c\u671b\u76ee\u6807\u8282\u70b9\u6240\u5177\u6709\u7684\u8282\u70b9\u6807\u7b7e\u3002Kubernetes \u53ea\u4f1a\u5c06 Pod \u8c03\u5ea6\u5230\u62e5\u6709\u6307\u5b9a\u6bcf\u4e2a\u6807\u7b7e\u7684\u8282\u70b9\u4e0a\u3002 nodeSelector \u63d0\u4f9b\u4e86\u4e00\u79cd\u6700\u7b80\u5355\u7684\u65b9\u6cd5\u6765\u5c06 Pod \u7ea6\u675f\u5230\u5177\u6709\u7279\u5b9a\u6807\u7b7e\u7684\u8282\u70b9\u4e0a\u3002\u4eb2\u548c\u6027\u548c\u53cd\u4eb2\u548c\u6027\u6269\u5c55\u4e86\u60a8\u53ef\u4ee5\u5b9a\u4e49\u7684\u7ea6\u675f\u7c7b\u578b\u3002\u4f7f\u7528\u4eb2\u548c\u6027\u4e0e\u53cd\u4eb2\u548c\u6027\u7684\u4e00\u4e9b\u597d\u5904\u6709\uff1a
\u4eb2\u548c\u6027\u3001\u53cd\u4eb2\u548c\u6027\u8bed\u8a00\u7684\u8868\u8fbe\u80fd\u529b\u66f4\u5f3a\u3002 nodeSelector \u53ea\u80fd\u9009\u62e9\u62e5\u6709\u6240\u6709\u6307\u5b9a\u6807\u7b7e\u7684\u8282\u70b9\u3002\u4eb2\u548c\u6027\u3001\u53cd\u4eb2\u548c\u6027\u4e3a\u60a8\u63d0\u4f9b\u5bf9\u9009\u62e9\u903b\u8f91\u7684\u66f4\u5f3a\u63a7\u5236\u80fd\u529b\u3002
\u60a8\u53ef\u4ee5\u6807\u660e\u67d0\u89c4\u5219\u662f\u201c\u8f6f\u9700\u6c42\u201d\u6216\u8005\u201c\u504f\u597d\u201d\uff0c\u8fd9\u6837\u8c03\u5ea6\u5668\u5728\u65e0\u6cd5\u627e\u5230\u5339\u914d\u8282\u70b9\u65f6\uff0c\u4f1a\u5ffd\u7565\u4eb2\u548c\u6027/\u53cd\u4eb2\u548c\u6027\u89c4\u5219\uff0c\u786e\u4fdd Pod \u8c03\u5ea6\u6210\u529f\u3002
\u60a8\u53ef\u4ee5\u4f7f\u7528\u8282\u70b9\u4e0a\uff08\u6216\u5176\u4ed6\u62d3\u6251\u57df\u4e2d\uff09\u8fd0\u884c\u7684\u5176\u4ed6 Pod \u7684\u6807\u7b7e\u6765\u5b9e\u65bd\u8c03\u5ea6\u7ea6\u675f\uff0c\u800c\u4e0d\u662f\u53ea\u80fd\u4f7f\u7528\u8282\u70b9\u672c\u8eab\u7684\u6807\u7b7e\u3002\u8fd9\u4e2a\u80fd\u529b\u8ba9\u60a8\u80fd\u591f\u5b9a\u4e49\u89c4\u5219\u5141\u8bb8\u54ea\u4e9b Pod \u53ef\u4ee5\u88ab\u653e\u7f6e\u5728\u4e00\u8d77\u3002
\u60a8\u53ef\u4ee5\u901a\u8fc7\u8bbe\u7f6e\u4eb2\u548c\uff08affinity\uff09\u4e0e\u53cd\u4eb2\u548c\uff08anti-affinity\uff09\u6765\u9009\u62e9 Pod \u8981\u90e8\u7f72\u7684\u8282\u70b9\u3002
"},{"location":"admin/kpanda/workloads/pod-config/scheduling-policy.html#_2","title":"\u5bb9\u5fcd\u65f6\u95f4","text":"\u5f53\u5de5\u4f5c\u8d1f\u8f7d\u5b9e\u4f8b\u6240\u5728\u7684\u8282\u70b9\u4e0d\u53ef\u7528\u65f6\uff0c\u7cfb\u7edf\u5c06\u5b9e\u4f8b\u91cd\u65b0\u8c03\u5ea6\u5230\u5176\u5b83\u53ef\u7528\u8282\u70b9\u7684\u65f6\u95f4\u7a97\u3002\u9ed8\u8ba4\u4e3a 300 \u79d2\u3002
"},{"location":"admin/kpanda/workloads/pod-config/scheduling-policy.html#nodeaffinity","title":"\u8282\u70b9\u4eb2\u548c\u6027\uff08nodeAffinity\uff09","text":"\u8282\u70b9\u4eb2\u548c\u6027\u6982\u5ff5\u4e0a\u7c7b\u4f3c\u4e8e nodeSelector \uff0c \u5b83\u4f7f\u60a8\u53ef\u4ee5\u6839\u636e\u8282\u70b9\u4e0a\u7684\u6807\u7b7e\u6765\u7ea6\u675f Pod \u53ef\u4ee5\u8c03\u5ea6\u5230\u54ea\u4e9b\u8282\u70b9\u4e0a\u3002 \u8282\u70b9\u4eb2\u548c\u6027\u6709\u4e24\u79cd\uff1a
\u5fc5\u987b\u6ee1\u8db3\uff1a\uff08 requiredDuringSchedulingIgnoredDuringExecution \uff09 \u8c03\u5ea6\u5668\u53ea\u6709\u5728\u89c4\u5219\u88ab\u6ee1\u8db3\u7684\u65f6\u5019\u624d\u80fd\u6267\u884c\u8c03\u5ea6\u3002\u6b64\u529f\u80fd\u7c7b\u4f3c\u4e8e nodeSelector \uff0c \u4f46\u5176\u8bed\u6cd5\u8868\u8fbe\u80fd\u529b\u66f4\u5f3a\u3002\u60a8\u53ef\u4ee5\u5b9a\u4e49\u591a\u6761\u786c\u7ea6\u675f\u89c4\u5219\uff0c\u4f46\u53ea\u9700\u6ee1\u8db3\u5176\u4e2d\u4e00\u6761\u3002
\u5c3d\u91cf\u6ee1\u8db3\uff1a\uff08 preferredDuringSchedulingIgnoredDuringExecution \uff09 \u8c03\u5ea6\u5668\u4f1a\u5c1d\u8bd5\u5bfb\u627e\u6ee1\u8db3\u5bf9\u5e94\u89c4\u5219\u7684\u8282\u70b9\u3002\u5982\u679c\u627e\u4e0d\u5230\u5339\u914d\u7684\u8282\u70b9\uff0c\u8c03\u5ea6\u5668\u4ecd\u7136\u4f1a\u8c03\u5ea6\u8be5 Pod\u3002\u60a8\u8fd8\u53ef\u4e3a\u8f6f\u7ea6\u675f\u89c4\u5219\u8bbe\u5b9a\u6743\u91cd\uff0c\u5177\u4f53\u8c03\u5ea6\u65f6\uff0c\u82e5\u5b58\u5728\u591a\u4e2a\u7b26\u5408\u6761\u4ef6\u7684\u8282\u70b9\uff0c\u6743\u91cd\u6700\u5927\u7684\u8282\u70b9\u4f1a\u88ab\u4f18\u5148\u8c03\u5ea6\u3002\u540c\u65f6\u60a8\u8fd8\u53ef\u4ee5\u5b9a\u4e49\u591a\u6761\u786c\u7ea6\u675f\u89c4\u5219\uff0c\u4f46\u53ea\u9700\u6ee1\u8db3\u5176\u4e2d\u4e00\u6761\u3002
\u5bf9\u5e94\u8282\u70b9\u7684\u6807\u7b7e\uff0c\u53ef\u4ee5\u4f7f\u7528\u9ed8\u8ba4\u7684\u6807\u7b7e\u4e5f\u53ef\u4ee5\u7528\u6237\u81ea\u5b9a\u4e49\u6807\u7b7e\u3002
"},{"location":"admin/kpanda/workloads/pod-config/scheduling-policy.html#_4","title":"\u64cd\u4f5c\u7b26","text":"\u4ec5\u652f\u6301\u5728\u201c\u5c3d\u91cf\u6ee1\u8db3\u201d\u7b56\u7565\u4e2d\u6dfb\u52a0\uff0c\u53ef\u4ee5\u7406\u89e3\u4e3a\u8c03\u5ea6\u7684\u4f18\u5148\u7ea7\uff0c\u6743\u91cd\u5927\u7684\u4f1a\u88ab\u4f18\u5148\u8c03\u5ea6\u3002\u53d6\u503c\u8303\u56f4\u662f 1 \u5230 100\u3002
"},{"location":"admin/kpanda/workloads/pod-config/scheduling-policy.html#_6","title":"\u5de5\u4f5c\u8d1f\u8f7d\u4eb2\u548c\u6027","text":"\u4e0e\u8282\u70b9\u4eb2\u548c\u6027\u7c7b\u4f3c\uff0c\u5de5\u4f5c\u8d1f\u8f7d\u7684\u4eb2\u548c\u6027\u4e5f\u6709\u4e24\u79cd\u7c7b\u578b\uff1a
\u5de5\u4f5c\u8d1f\u8f7d\u7684\u4eb2\u548c\u6027\u4e3b\u8981\u7528\u6765\u51b3\u5b9a\u5de5\u4f5c\u8d1f\u8f7d\u7684 Pod \u53ef\u4ee5\u548c\u54ea\u4e9b Pod\u90e8 \u7f72\u5728\u540c\u4e00\u62d3\u6251\u57df\u3002\u4f8b\u5982\uff0c\u5bf9\u4e8e\u76f8\u4e92\u901a\u4fe1\u7684\u670d\u52a1\uff0c\u53ef\u901a\u8fc7\u5e94\u7528\u4eb2\u548c\u6027\u8c03\u5ea6\uff0c\u5c06\u5176\u90e8\u7f72\u5230\u540c\u4e00\u62d3\u6251\u57df\uff08\u5982\u540c\u4e00\u53ef\u7528\u533a\uff09\u4e2d\uff0c\u51cf\u5c11\u5b83\u4eec\u4e4b\u95f4\u7684\u7f51\u7edc\u5ef6\u8fdf\u3002
"},{"location":"admin/kpanda/workloads/pod-config/scheduling-policy.html#_7","title":"\u6807\u7b7e\u540d","text":"\u5bf9\u5e94\u8282\u70b9\u7684\u6807\u7b7e\uff0c\u53ef\u4ee5\u4f7f\u7528\u9ed8\u8ba4\u7684\u6807\u7b7e\u4e5f\u53ef\u4ee5\u7528\u6237\u81ea\u5b9a\u4e49\u6807\u7b7e\u3002
"},{"location":"admin/kpanda/workloads/pod-config/scheduling-policy.html#_8","title":"\u547d\u540d\u7a7a\u95f4","text":"\u6307\u5b9a\u8c03\u5ea6\u7b56\u7565\u751f\u6548\u7684\u547d\u540d\u7a7a\u95f4\u3002
"},{"location":"admin/kpanda/workloads/pod-config/scheduling-policy.html#_9","title":"\u64cd\u4f5c\u7b26","text":"\u6307\u5b9a\u8c03\u5ea6\u65f6\u7684\u5f71\u54cd\u8303\u56f4\u3002\u4f8b\u5982\uff0c\u5982\u679c\u6307\u5b9a\u4e3a kubernetes.io/Clustername \u8868\u793a\u4ee5 Node \u8282\u70b9\u4e3a\u533a\u5206\u8303\u56f4\u3002
"},{"location":"admin/kpanda/workloads/pod-config/scheduling-policy.html#_11","title":"\u5de5\u4f5c\u8d1f\u8f7d\u53cd\u4eb2\u548c\u6027","text":"\u4e0e\u8282\u70b9\u4eb2\u548c\u6027\u7c7b\u4f3c\uff0c\u5de5\u4f5c\u8d1f\u8f7d\u7684\u53cd\u4eb2\u548c\u6027\u4e5f\u6709\u4e24\u79cd\u7c7b\u578b\uff1a
\u5de5\u4f5c\u8d1f\u8f7d\u7684\u53cd\u4eb2\u548c\u6027\u4e3b\u8981\u7528\u6765\u51b3\u5b9a\u5de5\u4f5c\u8d1f\u8f7d\u7684 Pod \u4e0d\u53ef\u4ee5\u548c\u54ea\u4e9b Pod \u90e8\u7f72\u5728\u540c\u4e00\u62d3\u6251\u57df\u3002\u4f8b\u5982\uff0c\u5c06\u4e00\u4e2a\u8d1f\u8f7d\u7684\u76f8\u540c Pod \u5206\u6563\u90e8\u7f72\u5230\u4e0d\u540c\u7684\u62d3\u6251\u57df\uff08\u4f8b\u5982\u4e0d\u540c\u4e3b\u673a\uff09\u4e2d\uff0c\u63d0\u9ad8\u8d1f\u8f7d\u672c\u8eab\u7684\u7a33\u5b9a\u6027\u3002
"},{"location":"admin/kpanda/workloads/pod-config/scheduling-policy.html#_12","title":"\u6807\u7b7e\u540d","text":"\u5bf9\u5e94\u8282\u70b9\u7684\u6807\u7b7e\uff0c\u53ef\u4ee5\u4f7f\u7528\u9ed8\u8ba4\u7684\u6807\u7b7e\u4e5f\u53ef\u4ee5\u7528\u6237\u81ea\u5b9a\u4e49\u6807\u7b7e\u3002
"},{"location":"admin/kpanda/workloads/pod-config/scheduling-policy.html#_13","title":"\u547d\u540d\u7a7a\u95f4","text":"\u6307\u5b9a\u8c03\u5ea6\u7b56\u7565\u751f\u6548\u7684\u547d\u540d\u7a7a\u95f4\u3002
"},{"location":"admin/kpanda/workloads/pod-config/scheduling-policy.html#_14","title":"\u64cd\u4f5c\u7b26","text":"\u6307\u5b9a\u8c03\u5ea6\u65f6\u7684\u5f71\u54cd\u8303\u56f4\u3002\u4f8b\u5982\uff0c\u5982\u679c\u6307\u5b9a\u4e3a kubernetes.io/Clustername \u8868\u793a\u4ee5 Node \u8282\u70b9\u4e3a\u533a\u5206\u8303\u56f4\u3002
"},{"location":"admin/kpanda/workloads/pod-config/workload-status.html","title":"\u5de5\u4f5c\u8d1f\u8f7d\u72b6\u6001","text":"\u5de5\u4f5c\u8d1f\u8f7d\u662f\u8fd0\u884c\u5728 Kubernetes \u4e0a\u7684\u4e00\u4e2a\u5e94\u7528\u7a0b\u5e8f\uff0c\u5728 Kubernetes \u4e2d\uff0c\u65e0\u8bba\u60a8\u7684\u5e94\u7528\u7a0b\u5e8f\u662f\u7531\u5355\u4e2a\u540c\u4e00\u7ec4\u4ef6\u6216\u662f\u7531\u591a\u4e2a\u4e0d\u540c\u7684\u7ec4\u4ef6\u6784\u6210\uff0c\u90fd\u53ef\u4ee5\u4f7f\u7528\u4e00\u7ec4 Pod \u6765\u8fd0\u884c\u5b83\u3002Kubernetes \u63d0\u4f9b\u4e86\u4e94\u79cd\u5185\u7f6e\u7684\u5de5\u4f5c\u8d1f\u8f7d\u8d44\u6e90\u6765\u7ba1\u7406 Pod\uff1a
\u60a8\u4e5f\u53ef\u4ee5\u901a\u8fc7\u8bbe\u7f6e\u81ea\u5b9a\u4e49\u8d44\u6e90 CRD \u6765\u5b9e\u73b0\u5bf9\u5de5\u4f5c\u8d1f\u8f7d\u8d44\u6e90\u7684\u6269\u5c55\u3002\u5728\u7b2c\u4e94\u4ee3\u5bb9\u5668\u7ba1\u7406\u4e2d\uff0c\u652f\u6301\u5bf9\u5de5\u4f5c\u8d1f\u8f7d\u8fdb\u884c\u521b\u5efa\u3001\u66f4\u65b0\u3001\u6269\u5bb9\u3001\u76d1\u63a7\u3001\u65e5\u5fd7\u3001\u5220\u9664\u3001\u7248\u672c\u7ba1\u7406\u7b49\u5168\u751f\u547d\u5468\u671f\u7ba1\u7406\u3002
"},{"location":"admin/kpanda/workloads/pod-config/workload-status.html#pod","title":"Pod \u72b6\u6001","text":"Pod \u662f Kuberneters \u4e2d\u521b\u5efa\u548c\u7ba1\u7406\u7684\u3001\u6700\u5c0f\u7684\u8ba1\u7b97\u5355\u5143\uff0c\u5373\u4e00\u7ec4\u5bb9\u5668\u7684\u96c6\u5408\u3002\u8fd9\u4e9b\u5bb9\u5668\u5171\u4eab\u5b58\u50a8\u3001\u7f51\u7edc\u4ee5\u53ca\u7ba1\u7406\u63a7\u5236\u5bb9\u5668\u8fd0\u884c\u65b9\u5f0f\u7684\u7b56\u7565\u3002 Pod \u901a\u5e38\u4e0d\u7531\u7528\u6237\u76f4\u63a5\u521b\u5efa\uff0c\u800c\u662f\u901a\u8fc7\u5de5\u4f5c\u8d1f\u8f7d\u8d44\u6e90\u6765\u521b\u5efa\u3002 Pod \u9075\u5faa\u4e00\u4e2a\u9884\u5b9a\u4e49\u7684\u751f\u547d\u5468\u671f\uff0c\u8d77\u59cb\u4e8e Pending \u9636\u6bb5\uff0c\u5982\u679c\u81f3\u5c11\u5176\u4e2d\u6709\u4e00\u4e2a\u4e3b\u8981\u5bb9\u5668\u6b63\u5e38\u542f\u52a8\uff0c\u5219\u8fdb\u5165 Running \uff0c\u4e4b\u540e\u53d6\u51b3\u4e8e Pod \u4e2d\u662f\u5426\u6709\u5bb9\u5668\u4ee5\u5931\u8d25\u72b6\u6001\u7ed3\u675f\u800c\u8fdb\u5165 Succeeded \u6216\u8005 Failed \u9636\u6bb5\u3002
"},{"location":"admin/kpanda/workloads/pod-config/workload-status.html#_2","title":"\u5de5\u4f5c\u8d1f\u8f7d\u72b6\u6001","text":"\u7b2c\u4e94\u4ee3\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u4f9d\u636e Pod \u7684\u72b6\u6001\u3001\u526f\u672c\u6570\u7b49\u56e0\u7d20\uff0c\u8bbe\u8ba1\u4e86\u4e00\u79cd\u5185\u7f6e\u7684\u5de5\u4f5c\u8d1f\u8f7d\u751f\u547d\u5468\u671f\u7684\u72b6\u6001\u96c6\uff0c\u4ee5\u8ba9\u7528\u6237\u80fd\u591f\u66f4\u52a0\u771f\u5b9e\u7684\u611f\u77e5\u5de5\u4f5c\u8d1f\u8f7d\u8fd0\u884c\u60c5\u51b5\u3002 \u7531\u4e8e\u4e0d\u540c\u7684\u5de5\u4f5c\u8d1f\u8f7d\u7c7b\u578b\uff08\u6bd4\u5982\u65e0\u72b6\u6001\u5de5\u4f5c\u8d1f\u8f7d\u548c\u4efb\u52a1\uff09\u5bf9 Pod \u7684\u7ba1\u7406\u673a\u5236\u4e0d\u4e00\u81f4\uff0c\u56e0\u6b64\uff0c\u4e0d\u540c\u7684\u5de5\u4f5c\u8d1f\u8f7d\u5728\u8fd0\u884c\u8fc7\u7a0b\u4e2d\u4f1a\u5448\u73b0\u4e0d\u540c\u7684\u751f\u547d\u5468\u671f\u72b6\u6001\uff0c\u5177\u4f53\u5982\u4e0b\u8868\uff1a
"},{"location":"admin/kpanda/workloads/pod-config/workload-status.html#_3","title":"\u65e0\u72b6\u6001\u8d1f\u8f7d\u3001\u6709\u72b6\u6001\u8d1f\u8f7d\u3001\u5b88\u62a4\u8fdb\u7a0b\u72b6\u6001","text":"\u72b6\u6001 \u63cf\u8ff0 \u7b49\u5f85\u4e2d 1. \u5de5\u4f5c\u8d1f\u8f7d\u521b\u5efa\u6b63\u5728\u8fdb\u884c\u4e2d\uff0c\u5de5\u4f5c\u8d1f\u8f7d\u5904\u4e8e\u6b64\u72b6\u6001\u30022. \u89e6\u53d1\u5347\u7ea7\u6216\u8005\u56de\u6eda\u52a8\u4f5c\u540e\uff0c\u5de5\u4f5c\u8d1f\u8f7d\u5904\u4e8e\u6b64\u72b6\u6001\u30023. \u89e6\u53d1\u6682\u505c/\u6269\u7f29\u5bb9\u7b49\u64cd\u4f5c\uff0c\u5de5\u4f5c\u8d1f\u8f7d\u5904\u5728\u6b64\u72b6\u6001\u3002 \u8fd0\u884c\u4e2d \u8d1f\u8f7d\u4e0b\u7684\u6240\u6709\u5b9e\u4f8b\u90fd\u5728\u8fd0\u884c\u4e2d\u4e14\u526f\u672c\u6570\u4e0e\u7528\u6237\u9884\u5b9a\u4e49\u7684\u6570\u91cf\u4e00\u81f4\u65f6\u5904\u4e8e\u6b64\u72b6\u6001\u3002 \u5220\u9664\u4e2d \u6267\u884c\u5220\u9664\u64cd\u4f5c\u65f6\uff0c\u8d1f\u8f7d\u5904\u4e8e\u6b64\u72b6\u6001\uff0c\u76f4\u5230\u5220\u9664\u5b8c\u6210\u3002 \u5f02\u5e38 \u56e0\u4e3a\u67d0\u4e9b\u539f\u56e0\u65e0\u6cd5\u53d6\u5f97\u5de5\u4f5c\u8d1f\u8f7d\u7684\u72b6\u6001\u3002\u8fd9\u79cd\u60c5\u51b5\u901a\u5e38\u662f\u56e0\u4e3a\u4e0e Pod \u6240\u5728\u4e3b\u673a\u901a\u4fe1\u5931\u8d25\u3002 \u672a\u5c31\u7eea \u5bb9\u5668\u5904\u4e8e\u5f02\u5e38\uff0cpending \u72b6\u6001\u65f6\uff0c\u56e0\u672a\u77e5\u9519\u8bef\u5bfc\u81f4\u8d1f\u8f7d\u65e0\u6cd5\u542f\u52a8\u65f6\u663e\u793a\u6b64\u72b6\u6001"},{"location":"admin/kpanda/workloads/pod-config/workload-status.html#_4","title":"\u4efb\u52a1\u72b6\u6001","text":"\u72b6\u6001 \u63cf\u8ff0 \u7b49\u5f85\u4e2d \u4efb\u52a1\u521b\u5efa\u6b63\u5728\u8fdb\u884c\u4e2d\uff0c\u5de5\u4f5c\u8d1f\u8f7d\u5904\u4e8e\u6b64\u72b6\u6001\u3002 \u6267\u884c\u4e2d \u4efb\u52a1\u6b63\u5728\u6267\u884c\u4e2d\uff0c\u5de5\u4f5c\u8d1f\u8f7d\u5904\u4e8e\u6b64\u72b6\u6001\u3002 \u6267\u884c\u5b8c\u6210 \u4efb\u52a1\u6267\u884c\u5b8c\u6210\uff0c\u5de5\u4f5c\u8d1f\u8f7d\u5904\u4e8e\u6b64\u72b6\u6001\u3002 \u5220\u9664\u4e2d \u89e6\u53d1\u5220\u9664\u64cd\u4f5c\uff0c\u5de5\u4f5c\u8d1f\u8f7d\u5904\u5728\u6b64\u72b6\u6001\u3002 \u5f02\u5e38 \u56e0\u4e3a\u67d0\u4e9b\u539f\u56e0\u65e0\u6cd5\u53d6\u5f97 Pod \u7684\u72b6\u6001\u3002\u8fd9\u79cd\u60c5\u51b5\u901a\u5e38\u662f\u56e0\u4e3a\u4e0e Pod \u6240\u5728\u4e3b\u673a\u901a\u4fe1\u5931\u8d25\u3002"},{"location":"admin/kpanda/workloads/pod-config/workload-status.html#_5","title":"\u5b9a\u65f6\u4efb\u52a1\u72b6\u6001","text":"\u72b6\u6001 \u63cf\u8ff0 \u7b49\u5f85\u4e2d \u5b9a\u65f6\u4efb\u52a1\u521b\u5efa\u6b63\u5728\u8fdb\u884c\u4e2d\uff0c\u5b9a\u65f6\u4efb\u52a1\u5904\u4e8e\u6b64\u72b6\u6001\u3002 \u5df2\u542f\u52a8 \u521b\u5efa\u5b9a\u65f6\u4efb\u52a1\u6210\u529f\u540e\uff0c\u6b63\u5e38\u8fd0\u884c\u6216\u5c06\u5df2\u6682\u505c\u7684\u4efb\u52a1\u542f\u52a8\u65f6\u5b9a\u65f6\u4efb\u52a1\u5904\u4e8e\u6b64\u72b6\u6001\u3002 \u5df2\u505c\u6b62 \u6267\u884c\u505c\u6b62\u4efb\u52a1\u64cd\u4f5c\u65f6\uff0c\u5b9a\u65f6\u4efb\u52a1\u5904\u4e8e\u6b64\u72b6\u6001\u3002 \u5220\u9664\u4e2d \u89e6\u53d1\u5220\u9664\u64cd\u4f5c\uff0c\u5b9a\u65f6\u4efb\u52a1\u5904\u5728\u6b64\u72b6\u6001\u3002\u5f53\u5de5\u4f5c\u8d1f\u8f7d\u5904\u4e8e\u5f02\u5e38\u6216\u672a\u5c31\u7eea\u72b6\u6001\u65f6\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7\u5c06\u9f20\u6807\u79fb\u52a8\u5230\u8d1f\u8f7d\u7684\u72b6\u6001\u503c\u4e0a\uff0c\u7cfb\u7edf\u5c06\u901a\u8fc7\u63d0\u793a\u6846\u5c55\u793a\u66f4\u52a0\u8be6\u7ec6\u7684\u9519\u8bef\u4fe1\u606f\u3002\u60a8\u4e5f\u53ef\u4ee5\u901a\u8fc7\u67e5\u770b\u65e5\u5fd7\u6216\u4e8b\u4ef6\u6765\u83b7\u53d6\u5de5\u4f5c\u8d1f\u8f7d\u7684\u76f8\u5173\u8fd0\u884c\u4fe1\u606f\u3002
"},{"location":"admin/register/index.html","title":"\u7528\u6237\u6ce8\u518c","text":"\u65b0\u7528\u6237\u9996\u6b21\u4f7f\u7528 AI \u7b97\u529b\u5e73\u53f0\u9700\u8981\u8fdb\u884c\u6ce8\u518c\u3002
"},{"location":"admin/register/index.html#_2","title":"\u524d\u7f6e\u6761\u4ef6","text":"\u6253\u5f00 AI \u7b97\u529b\u5e73\u53f0\u9996\u9875 https://ai.isuanova.com/\uff0c\u70b9\u51fb \u6ce8\u518c
\u952e\u5165\u7528\u6237\u540d\u3001\u5bc6\u7801\u3001\u90ae\u7bb1\u540e\u70b9\u51fb \u6ce8\u518c
\u7cfb\u7edf\u63d0\u793a\u53d1\u9001\u4e86\u4e00\u5c01\u90ae\u4ef6\u5230\u60a8\u7684\u90ae\u7bb1\u3002
\u767b\u5f55\u81ea\u5df1\u7684\u90ae\u7bb1\uff0c\u627e\u5230\u90ae\u4ef6\uff0c\u70b9\u51fb\u94fe\u63a5\u3002
\u606d\u559c\uff0c\u60a8\u6210\u529f\u8fdb\u5165\u4e86 AI \u7b97\u529b\u5e73\u53f0\uff0c\u73b0\u5728\u53ef\u4ee5\u5f00\u59cb\u60a8\u7684 AI \u4e4b\u65c5\u4e86\u3002
\u4e0b\u4e00\u6b65\uff1a\u4e3a\u7528\u6237\u7ed1\u5b9a\u5de5\u4f5c\u7a7a\u95f4
"},{"location":"admin/register/bindws.html","title":"\u4e3a\u7528\u6237\u7ed1\u5b9a\u5de5\u4f5c\u7a7a\u95f4","text":"\u7528\u6237\u6210\u529f\u6ce8\u518c\u4e4b\u540e\uff0c\u9700\u8981\u4e3a\u5176\u7ed1\u5b9a\u4e00\u4e2a\u5de5\u4f5c\u7a7a\u95f4\u3002
"},{"location":"admin/register/bindws.html#_2","title":"\u524d\u7f6e\u6761\u4ef6","text":"\u5bfc\u822a\u5207\u6362\u81f3 \u5168\u5c40\u7ba1\u7406 -> \u5de5\u4f5c\u7a7a\u95f4\u4e0e\u5c42\u7ea7 \uff0c\u70b9\u51fb \u521b\u5efa\u5de5\u4f5c\u7a7a\u95f4
\u8f93\u5165\u540d\u79f0\uff0c\u9009\u62e9\u6587\u4ef6\u5939\u540e\u70b9\u51fb \u786e\u5b9a \uff0c\u521b\u5efa\u4e00\u4e2a\u5de5\u4f5c\u7a7a\u95f4
\u7ed9\u5de5\u4f5c\u7a7a\u95f4\u7ed1\u5b9a\u8d44\u6e90
\u53ef\u4ee5\u5728\u8fd9\u4e2a\u754c\u9762\u4e0a\u70b9\u51fb \u521b\u5efa\u96c6\u7fa4-\u547d\u540d\u7a7a\u95f4 \u6765\u521b\u5efa\u4e00\u4e2a\u547d\u540d\u7a7a\u95f4\u3002
\u6dfb\u52a0\u6388\u6743\uff1a\u5c06\u7528\u6237\u5206\u914d\u81f3\u5de5\u4f5c\u7a7a\u95f4
\u7528\u6237\u767b\u5f55 AI \u7b97\u529b\u5e73\u53f0\uff0c\u67e5\u770b\u662f\u5426\u5177\u6709\u5de5\u4f5c\u7a7a\u95f4\u53ca\u547d\u540d\u7a7a\u95f4\u7684\u6743\u9650\u3002 \u7ba1\u7406\u5458\u53ef\u4ee5\u901a\u8fc7\u53f3\u4fa7\u7684 \u2507 \u6267\u884c\u66f4\u591a\u64cd\u4f5c\u3002
\u4e0b\u4e00\u6b65\uff1a\u4e3a\u5de5\u4f5c\u7a7a\u95f4\u5206\u914d\u8d44\u6e90
"},{"location":"admin/register/wsres.html","title":"\u4e3a\u5de5\u4f5c\u7a7a\u95f4\u5206\u914d\u8d44\u6e90","text":"\u5c06\u7528\u6237\u7ed1\u5b9a\u5230\u5de5\u4f5c\u7a7a\u95f4\u540e\uff0c\u9700\u8981\u7ed9\u5de5\u4f5c\u7a7a\u95f4\u5206\u914d\u5408\u9002\u7684\u8d44\u6e90\u3002
"},{"location":"admin/register/wsres.html#_2","title":"\u524d\u7f6e\u6761\u4ef6","text":"\u5bfc\u822a\u5230 \u5168\u5c40\u7ba1\u7406 -> \u5de5\u4f5c\u7a7a\u95f4\u4e0e\u5c42\u7ea7\uff0c\u627e\u5230\u8981\u6dfb\u52a0\u8d44\u6e90\u7684\u5de5\u4f5c\u7a7a\u95f4\uff0c\u70b9\u51fb \u65b0\u589e\u5171\u4eab\u8d44\u6e90
\u9009\u62e9\u96c6\u7fa4\uff0c\u8bbe\u7f6e\u5408\u9002\u7684\u8d44\u6e90\u914d\u989d\u540e\uff0c\u70b9\u51fb \u786e\u5b9a
\u8fd4\u56de\u5171\u4eab\u8d44\u6e90\u9875\uff0c\u4e3a\u5de5\u4f5c\u7a7a\u95f4\u6210\u529f\u5206\u914d\u4e86\u8d44\u6e90\uff0c\u7ba1\u7406\u5458\u53ef\u4ee5\u901a\u8fc7\u53f3\u4fa7\u7684 \u2507 \u968f\u65f6\u4fee\u6539\u3002
\u4e0b\u4e00\u6b65\uff1a\u521b\u5efa\u4e91\u4e3b\u673a
"},{"location":"admin/security/index.html","title":"\u4e91\u539f\u751f\u5b89\u5168","text":"\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u9488\u5bf9\u5bb9\u5668\u3001Pod\u3001\u955c\u50cf\u3001\u8fd0\u884c\u65f6\u3001\u5fae\u670d\u52a1\u63d0\u4f9b\u4e86\u5168\u9762\u81ea\u52a8\u5316\u7684\u5b89\u5168\u5b9e\u73b0\u3002 \u4e0b\u8868\u5217\u51fa\u4e86\u4e00\u4e9b\u5df2\u5b9e\u73b0\u6216\u6b63\u5728\u5b9e\u73b0\u4e2d\u7684\u5b89\u5168\u7279\u6027\u3002
\u5b89\u5168\u7279\u6027 \u7ec6\u76ee \u63cf\u8ff0 \u955c\u50cf\u5b89\u5168 \u53ef\u4fe1\u955c\u50cf\u5206\u53d1 \u4e3a\u5b9e\u73b0\u955c\u50cf\u7684\u5b89\u5168\u4f20\u8f93\uff0c\u9700\u5177\u5907\u5bc6\u94a5\u5bf9\u548c\u7b7e\u540d\u4fe1\u606f\uff0c\u4fdd\u8bc1\u4f20\u8f93\u5b89\u5168\u3002\u5728\u4f20\u8f93\u955c\u50cf\u65f6\u5177\u5907\u9009\u62e9\u5bc6\u94a5\u8fdb\u884c\u955c\u50cf\u7b7e\u540d\u80fd\u529b\u3002 \u8fd0\u884c\u65f6\u5b89\u5168 \u4e8b\u4ef6\u5173\u8054\u5206\u6790 \u652f\u6301\u5bf9\u8fd0\u884c\u65f6\u68c0\u6d4b\u51fa\u7684\u5b89\u5168\u4e8b\u4ef6\u505a\u5173\u8054\u4e0e\u98ce\u9669\u5206\u6790\uff0c\u589e\u52a0\u653b\u51fb\u6eaf\u6e90\u80fd\u529b\uff0c\u6536\u655b\u544a\u8b66\uff0c\u964d\u4f4e\u65e0\u6548\u544a\u8b66\uff0c\u63d0\u9ad8\u4e8b\u4ef6\u54cd\u5e94\u6548\u7387\u3002 - \u5bb9\u5668\u8bf1\u9975\u4ed3\u5e93 \u5177\u5907\u5bb9\u5668\u8bf1\u9975\u4ed3\u5e93\uff0c\u5e38\u89c1\u8bf1\u9975\u5305\u62ec\u4f46\u4e0d\u9650\u4e8e\uff1a\u672a\u6388\u6743\u8bbf\u95ee\u6f0f\u6d1e\u3001\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u3001\u672c\u5730\u6587\u4ef6\u8bfb\u53d6\u6f0f\u6d1e\u3001\u8fdc\u7a0b\u547d\u4ee4\u6267\u884c RCE \u6f0f\u6d1e\u7b49\u5bb9\u5668\u8bf1\u9975\u3002 - \u5bb9\u5668\u8bf1\u9975\u90e8\u7f72 \u652f\u6301\u81ea\u5b9a\u4e49\u65b0\u589e\u8bf1\u9975\u5bb9\u5668\uff0c\u53ef\u4ee5\u81ea\u5b9a\u4e49\u670d\u52a1\u540d\u79f0\u3001\u670d\u52a1\u4f4d\u7f6e\u7b49\u3002 - \u5bb9\u5668\u8bf1\u9975\u544a\u8b66 \u652f\u6301\u5bf9\u5bb9\u5668\u8bf1\u9975\u4e2d\u53ef\u7591\u884c\u4e3a\u8fdb\u884c\u544a\u8b66\u3002 - \u504f\u79fb\u68c0\u6d4b \u5728\u626b\u63cf\u955c\u50cf\u540c\u65f6\uff0c\u5b66\u4e60\u955c\u50cf\u4e2d\u5168\u90e8\u4e8c\u8fdb\u5236\u6587\u4ef6\u4fe1\u606f\uff0c\u5e76\u5f62\u6210\u201c\u767d\u540d\u5355\u201d\uff0c\u5bb9\u5668\u4e0a\u7ebf\u540e\u4ec5\u5141\u8bb8\u201c\u767d\u540d\u5355\u201d\u4e2d\u4e8c\u8fdb\u5236\u6587\u4ef6\u8fd0\u884c\uff0c\u786e\u4fdd\u5bb9\u5668\u5185\u4e0d\u80fd\u8fd0\u884c\u4e0d\u6388\u4fe1\uff08\u5982\u975e\u6cd5\u4e0b\u8f7d\uff09\u7684\u53ef\u6267\u884c\u6587\u4ef6\u3002 \u5fae\u9694\u79bb \u9694\u79bb\u7b56\u7565\u667a\u80fd\u63a8\u8350 \u652f\u6301\u8bb0\u5f55\u8d44\u6e90\u5386\u53f2\u8bbf\u95ee\u6d41\u91cf\uff0c\u5e76\u5728\u5bf9\u8d44\u6e90\u8fdb\u884c\u9694\u79bb\u7b56\u7565\u914d\u7f6e\u65f6\u80fd\u591f\u667a\u80fd\u4f9d\u636e\u5386\u53f2\u8bbf\u95ee\u6d41\u91cf\u8fdb\u884c\u7b56\u7565\u63a8\u8350\u3002 - \u79df\u6237\u9694\u79bb \u652f\u6301\u5bf9 Kubernetes \u96c6\u7fa4\u5185\u79df\u6237\u8fdb\u884c\u9694\u79bb\u63a7\u5236\uff0c\u5177\u5907\u5bf9\u4e0d\u540c\u7684\u79df\u6237\u8bbe\u7f6e\u4e0d\u540c\u7684\u7f51\u7edc\u5b89\u5168\u7ec4\u7684\u80fd\u529b\uff0c\u652f\u6301\u79df\u6237\u7ea7\u522b\u7684\u5b89\u5168\u7b56\u7565\u8bbe\u7f6e\u529f\u80fd\uff0c\u901a\u8fc7\u4e0d\u540c\u5b89\u5168\u7ec4\u548c\u8bbe\u7f6e\u7684\u5b89\u5168\u7b56\u7565\u5b9e\u73b0\u79df\u6237\u95f4\u7f51\u7edc\u7684\u8bbf\u95ee\u4e0e\u9694\u79bb\u3002 \u5fae\u670d\u52a1\u5b89\u5168 \u670d\u52a1\u53ca API \u5b89\u5168\u626b\u63cf \u5bf9\u96c6\u7fa4\u5185\u7684\u670d\u52a1\u53ca API \u652f\u6301\u81ea\u52a8\u626b\u63cf\u3001\u624b\u52a8\u626b\u63cf\u53ca\u5468\u671f\u6027\u626b\u63cf\u7684\u5b89\u5168\u626b\u63cf\u65b9\u5f0f\uff0c\u652f\u6301\u5168\u90e8\u7684\u4f20\u7edf web \u626b\u63cf\u9879\u76ee\u5305\u62ec XSS \u6f0f\u6d1e\u3001SQL \u6ce8\u5165\u3001\u547d\u4ee4/\u4ee3\u7801\u6ce8\u5165\u3001\u76ee\u5f55\u679a\u4e3e\u3001\u8def\u5f84\u7a7f\u8d8a\u3001XML \u5b9e\u4f53\u6ce8\u5165\u3001poc\u3001\u6587\u4ef6\u4e0a\u4f20\u3001\u5f31\u53e3\u4ee4\u3001jsonp\u3001ssrf\u3001\u4efb\u610f\u8df3\u8f6c\u3001CRLF \u6ce8\u5165\u7b49\u98ce\u9669\uff0c\u4ee5\u53ca\u5bb9\u5668\u73af\u5883\u7279\u6709\u7684\u9879\uff0c\u9488\u5bf9\u53d1\u73b0\u7684\u6f0f\u6d1e\u652f\u6301\u6f0f\u6d1e\u7c7b\u578b\u5c55\u793a\u3001url \u5c55\u793a\u3001\u53c2\u6570\u5c55\u793a\u3001\u5371\u9669\u7ea7\u522b\u5c55\u793a\u3001\u6d4b\u8bd5\u65b9\u6cd5\u5c55\u793a\u7b49\u3002"},{"location":"admin/security/falco-exporter.html","title":"Falco-exporter","text":"Falco-exporter \u662f\u4e00\u4e2a Falco \u8f93\u51fa\u4e8b\u4ef6\u7684 Prometheus Metrics \u5bfc\u51fa\u5668\u3002
Falco-exporter \u4f1a\u90e8\u7f72\u4e3a Kubernetes \u96c6\u7fa4\u4e0a\u7684\u5b88\u62a4\u8fdb\u7a0b\u96c6\u3002\u5982\u679c\u96c6\u7fa4\u4e2d\u5df2\u5b89\u88c5\u5e76\u8fd0\u884c Prometheus\uff0cPrometheus \u5c06\u81ea\u52a8\u53d1\u73b0 Falco-exporter \u63d0\u4f9b\u7684\u6307\u6807\u3002
"},{"location":"admin/security/falco-exporter.html#falco-exporter_1","title":"\u5b89\u88c5 Falco-exporter","text":"\u672c\u9875\u4ecb\u7ecd\u5982\u4f55\u5b89\u88c5 Falco-exporter \u7ec4\u4ef6\u3002
Note
\u5728\u5b89\u88c5\u4f7f\u7528 Falco-exporter \u4e4b\u524d\uff0c\u9700\u8981\u5b89\u88c5\u5e76\u8fd0\u884c Falco\uff0c\u5e76\u542f\u7528 gRPC \u8f93\u51fa\uff08\u9ed8\u8ba4\u901a\u8fc7 Unix \u5957\u63a5\u5b57\u542f\u7528\uff09\u3002 \u5173\u4e8e\u542f\u7528 gRPC \u8f93\u51fa\u7684\u66f4\u591a\u4fe1\u606f\uff0c\u53ef\u53c2\u9605\u5728 Falco Helm Chart \u4e2d\u542f\u7528 gRPC \u8f93\u51fa\u3002
\u8bf7\u786e\u8ba4\u60a8\u7684\u96c6\u7fa4\u5df2\u6210\u529f\u63a5\u5165\u5bb9\u5668\u7ba1\u7406
\u5e73\u53f0\uff0c\u7136\u540e\u6267\u884c\u4ee5\u4e0b\u6b65\u9aa4\u5b89\u88c5 Falco-exporter\u3002
\u4ece\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb\u5bb9\u5668\u7ba1\u7406
\u2014>\u96c6\u7fa4\u5217\u8868
\uff0c\u7136\u540e\u627e\u5230\u51c6\u5907\u5b89\u88c5 Falco-exporter \u7684\u96c6\u7fa4\u540d\u79f0\u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u4e2d\u9009\u62e9 Helm \u5e94\u7528
-> Helm \u6a21\u677f
\uff0c\u627e\u5230\u5e76\u70b9\u51fb falco-exporter
\u3002
\u5728\u7248\u672c\u9009\u62e9
\u4e2d\u9009\u62e9\u5e0c\u671b\u5b89\u88c5\u7684\u7248\u672c\uff0c\u70b9\u51fb\u5b89\u88c5
\u3002
\u5728\u5b89\u88c5\u754c\u9762\uff0c\u586b\u5199\u6240\u9700\u7684\u5b89\u88c5\u53c2\u6570\u3002
\u5728\u5982\u4e0a\u754c\u9762\u4e2d\uff0c\u586b\u5199\u5e94\u7528\u540d\u79f0
\u3001\u547d\u540d\u7a7a\u95f4
\u3001\u7248\u672c
\u7b49\u3002
\u5728\u5982\u4e0a\u754c\u9762\u4e2d\uff0c\u586b\u5199\u4ee5\u4e0b\u53c2\u6570:
Falco Prometheus Exporter
-> Image Settings
-> Registry
\uff1a\u8bbe\u7f6e falco-exporter \u955c\u50cf\u7684\u4ed3\u5e93\u5730\u5740\uff0c\u5df2\u7ecf\u9ed8\u8ba4\u586b\u5199\u53ef\u7528\u7684\u5728\u7ebf\u4ed3\u5e93\u3002\u5982\u679c\u662f\u79c1\u6709\u5316\u73af\u5883\uff0c\u53ef\u4fee\u6539\u4e3a\u79c1\u6709\u4ed3\u5e93\u5730\u5740\u3002Falco Prometheus Exporter
-> Prometheus ServiceMonitor Settings
-> Repository
\uff1a\u8bbe\u7f6e falco-exporter \u955c\u50cf\u540d\u3002Falco Prometheus Exporter
-> Prometheus ServiceMonitor Settings
-> Install ServiceMonitor
\uff1a\u5b89\u88c5 Prometheus Operator \u670d\u52a1\u76d1\u89c6\u5668\uff0c\u9ed8\u8ba4\u5f00\u542f\u3002Falco Prometheus Exporter
-> Prometheus ServiceMonitor Settings
-> Scrape Interval
\uff1a\u7528\u6237\u81ea\u5b9a\u4e49\u7684\u95f4\u9694\uff1b\u5982\u679c\u672a\u6307\u5b9a\uff0c\u5219\u4f7f\u7528 Prometheus \u9ed8\u8ba4\u95f4\u9694\u3002Falco Prometheus Exporter
-> Prometheus ServiceMonitor Settings
-> Scrape Timeout
\uff1a\u7528\u6237\u81ea\u5b9a\u4e49\u7684\u6293\u53d6\u8d85\u65f6\u65f6\u95f4\uff1b\u5982\u679c\u672a\u6307\u5b9a\uff0c\u5219\u4f7f\u7528 Prometheus \u9ed8\u8ba4\u7684\u6293\u53d6\u8d85\u65f6\u65f6\u95f4\u3002\u5728\u5982\u4e0a\u754c\u9762\u4e2d\uff0c\u586b\u5199\u4ee5\u4e0b\u53c2\u6570:
Falco Prometheus Exporter
-> Prometheus prometheusRules
-> Install prometheusRules
\uff1a\u521b\u5efa PrometheusRules\uff0c\u5bf9\u4f18\u5148\u4e8b\u4ef6\u53d1\u51fa\u8b66\u62a5\uff0c\u9ed8\u8ba4\u5f00\u542f\u3002Falco Prometheus Exporter
-> Prometheus prometheusRules
-> Alerts settings
\uff1a\u8b66\u62a5\u8bbe\u7f6e\uff0c\u4e3a\u4e0d\u540c\u7ea7\u522b\u7684\u65e5\u5fd7\u4e8b\u4ef6\u8bbe\u7f6e\u8b66\u62a5\u662f\u5426\u542f\u7528\u3001\u8b66\u62a5\u7684\u95f4\u9694\u65f6\u95f4\u3001\u8b66\u62a5\u7684\u9608\u503c\u3002\u70b9\u51fb\u53f3\u4e0b\u89d2\u786e\u5b9a
\u6309\u94ae\u5373\u53ef\u5b8c\u6210\u5b89\u88c5\u3002
\u8bf7\u786e\u8ba4\u60a8\u7684\u96c6\u7fa4\u5df2\u6210\u529f\u63a5\u5165\u5bb9\u5668\u7ba1\u7406
\u5e73\u53f0\uff0c\u7136\u540e\u6267\u884c\u4ee5\u4e0b\u6b65\u9aa4\u5b89\u88c5 Falco\u3002
\u4ece\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb\u5bb9\u5668\u7ba1\u7406
\u2014>\u96c6\u7fa4\u5217\u8868
\uff0c\u7136\u540e\u627e\u5230\u51c6\u5907\u5b89\u88c5 Falco \u7684\u96c6\u7fa4\u540d\u79f0\u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u4e2d\u9009\u62e9 Helm \u5e94\u7528
-> Helm \u6a21\u677f
\uff0c\u627e\u5230\u5e76\u70b9\u51fb Falco
\u3002
\u5728\u7248\u672c\u9009\u62e9
\u4e2d\u9009\u62e9\u5e0c\u671b\u5b89\u88c5\u7684\u7248\u672c\uff0c\u70b9\u51fb\u5b89\u88c5
\u3002
\u5728\u5b89\u88c5\u754c\u9762\uff0c\u586b\u5199\u6240\u9700\u7684\u5b89\u88c5\u53c2\u6570\u3002
\u5728\u5982\u4e0a\u754c\u9762\u4e2d\uff0c\u586b\u5199\u5e94\u7528\u540d\u79f0
\u3001\u547d\u540d\u7a7a\u95f4
\u3001\u7248\u672c
\u7b49\u3002
\u5728\u5982\u4e0a\u754c\u9762\u4e2d\uff0c\u586b\u5199\u4ee5\u4e0b\u53c2\u6570\uff1a
Falco
-> Image Settings
-> Registry
\uff1a\u8bbe\u7f6e Falco \u955c\u50cf\u7684\u4ed3\u5e93\u5730\u5740\uff0c\u5df2\u7ecf\u9ed8\u8ba4\u586b\u5199\u53ef\u7528\u7684\u5728\u7ebf\u4ed3\u5e93\u3002\u5982\u679c\u662f\u79c1\u6709\u5316\u73af\u5883\uff0c\u53ef\u4fee\u6539\u4e3a\u79c1\u6709\u4ed3\u5e93\u5730\u5740\u3002
Falco
-> Image Settings
-> Repository
\uff1a\u8bbe\u7f6e Falco \u955c\u50cf\u540d\u3002
Falco
-> Falco Driver
-> Image Settings
-> Registry
\uff1a\u8bbe\u7f6e Falco Driver \u955c\u50cf\u7684\u4ed3\u5e93\u5730\u5740\uff0c\u5df2\u7ecf\u9ed8\u8ba4\u586b\u5199\u53ef\u7528\u7684\u5728\u7ebf\u4ed3\u5e93\u3002\u5982\u679c\u662f\u79c1\u6709\u5316\u73af\u5883\uff0c\u53ef\u4fee\u6539\u4e3a\u79c1\u6709\u4ed3\u5e93\u5730\u5740\u3002
Falco
-> Falco Driver
-> Image Settings
-> Repository
\uff1a\u8bbe\u7f6e Falco Driver \u955c\u50cf\u540d\u3002
Falco
-> Falco Driver
-> Image Settings
-> Driver Kind
\uff1a\u8bbe\u7f6e Driver Kind\uff0c\u63d0\u4f9b\u4ee5\u4e0b\u4e24\u79cd\u9009\u62e9\uff1a
ebpf\uff1a\u4f7f\u7528 ebpf \u6765\u68c0\u6d4b\u4e8b\u4ef6\uff0c\u8fd9\u9700\u8981 Linux \u5185\u6838\u652f\u6301 ebpf\uff0c\u5e76\u542f\u7528 CONFIG_BPF_JIT \u548c sysctl net.core.bpf_jit_enable=1\u3002
module\uff1a\u4f7f\u7528\u5185\u6838\u6a21\u5757\u68c0\u6d4b\uff0c\u652f\u6301\u6709\u9650\u7684\u64cd\u4f5c\u7cfb\u7edf\u7248\u672c\uff0c\u53c2\u8003 module \u652f\u6301\u7cfb\u7edf\u7248\u672c\u3002
Falco
-> Falco Driver
-> Image Settings
-> Log Level
\uff1a\u8981\u5305\u542b\u5728\u65e5\u5fd7\u4e2d\u7684\u6700\u5c0f\u65e5\u5fd7\u7ea7\u522b\u3002
\u53ef\u9009\u62e9\u503c\u4e3a\uff1aemergency
, alert
, critical
, error
, warning
, notice
, info
, debug
\u3002
Falco
-> Falco Driver
-> Image Settings
-> Registry
\uff1a\u8bbe\u7f6e Falco Driver \u955c\u50cf\u7684\u4ed3\u5e93\u5730\u5740\uff0c\u5df2\u7ecf\u9ed8\u8ba4\u586b\u5199\u53ef\u7528\u7684\u5728\u7ebf\u4ed3\u5e93\u3002\u5982\u679c\u662f\u79c1\u6709\u5316\u73af\u5883\uff0c\u53ef\u4fee\u6539\u4e3a\u79c1\u6709\u4ed3\u5e93\u5730\u5740\u3002
Falco
-> Falco Driver
-> Image Settings
-> Repository
\uff1a\u8bbe\u7f6e Falco Driver \u955c\u50cf\u540d\u3002
Falco
-> Falco Driver
-> Image Settings
-> Driver Kind
\uff1a\u8bbe\u7f6e Driver Kind\uff0c\u63d0\u4f9b\u4ee5\u4e0b\u4e24\u79cd\u9009\u62e9\uff1a
Falco
-> Falco Driver
-> Image Settings
-> Log Level
\uff1a\u8981\u5305\u542b\u5728\u65e5\u5fd7\u4e2d\u7684\u6700\u5c0f\u65e5\u5fd7\u7ea7\u522b\u3002
\u53ef\u9009\u62e9\u503c\u4e3a\uff1aemergency
\u3001alert
\u3001critical
\u3001error
\u3001warning
\u3001notice
\u3001info
\u3001debug
\u3002
\u70b9\u51fb\u53f3\u4e0b\u89d2\u786e\u5b9a
\u6309\u94ae\u5373\u53ef\u5b8c\u6210\u5b89\u88c5\u3002
Falco \u662f\u4e00\u4e2a\u4e91\u539f\u751f\u8fd0\u884c\u65f6\u5b89\u5168
\u5de5\u5177\uff0c\u65e8\u5728\u68c0\u6d4b\u5e94\u7528\u7a0b\u5e8f\u4e2d\u7684\u5f02\u5e38\u6d3b\u52a8\uff0c\u53ef\u7528\u4e8e\u76d1\u63a7 Kubernetes \u5e94\u7528\u7a0b\u5e8f\u548c\u5185\u90e8\u7ec4\u4ef6\u7684\u8fd0\u884c\u65f6\u5b89\u5168\u6027\u3002\u4ec5\u9700\u4e3a Falco \u64b0\u5199\u4e00\u5957\u89c4\u5219\uff0c\u5373\u53ef\u6301\u7eed\u76d1\u6d4b\u5e76\u76d1\u63a7\u5bb9\u5668\u3001\u5e94\u7528\u3001\u4e3b\u673a\u53ca\u7f51\u7edc\u7684\u5f02\u5e38\u6d3b\u52a8\u3002
Falco \u53ef\u5bf9\u4efb\u4f55\u6d89\u53ca Linux \u7cfb\u7edf\u8c03\u7528\u7684\u884c\u4e3a\u8fdb\u884c\u68c0\u6d4b\u548c\u62a5\u8b66\u3002Falco \u7684\u8b66\u62a5\u53ef\u4ee5\u901a\u8fc7\u4f7f\u7528\u7279\u5b9a\u7684\u7cfb\u7edf\u8c03\u7528\u3001\u53c2\u6570\u4ee5\u53ca\u8c03\u7528\u8fdb\u7a0b\u7684\u5c5e\u6027\u6765\u89e6\u53d1\u3002\u4f8b\u5982\uff0cFalco \u53ef\u4ee5\u8f7b\u677e\u68c0\u6d4b\u5230\u5305\u62ec\u4f46\u4e0d\u9650\u4e8e\u4ee5\u4e0b\u4e8b\u4ef6\uff1a
\u5173\u4e8e Falco \u9644\u5e26\u7684\u66f4\u591a\u9ed8\u8ba4\u89c4\u5219\uff0c\u8bf7\u53c2\u8003 Rules \u6587\u6863\u3002
"},{"location":"admin/security/falco.html#falco_2","title":"\u4ec0\u4e48\u662f Falco \u89c4\u5219\uff1f","text":"Falco \u89c4\u5219\u5b9a\u4e49 Falco \u5e94\u76d1\u89c6\u7684\u884c\u4e3a\u53ca\u4e8b\u4ef6\uff1b\u53ef\u4ee5\u5728 Falco \u89c4\u5219\u6587\u4ef6\u6216\u901a\u7528\u914d\u7f6e\u6587\u4ef6\u64b0\u5199\u89c4\u5219\u3002\u6709\u5173\u7f16\u5199\u3001\u7ba1\u7406\u548c\u90e8\u7f72\u89c4\u5219\u7684\u66f4\u591a\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 Falco Rules\u3002
"},{"location":"admin/security/falco.html#falco_3","title":"\u4ec0\u4e48\u662f Falco \u8b66\u62a5\uff1f","text":"\u8b66\u62a5\u662f\u53ef\u914d\u7f6e\u7684\u4e0b\u6e38\u64cd\u4f5c\uff0c\u53ef\u4ee5\u50cf\u8bb0\u5f55\u65e5\u5fd7\u4e00\u6837\u7b80\u5355\uff0c\u4e5f\u53ef\u4ee5\u50cf STDOUT \u5411\u5ba2\u6237\u7aef\u4f20\u9012 gRPC \u8c03\u7528\u4e00\u6837\u590d\u6742\u3002\u6709\u5173\u914d\u7f6e\u3001\u7406\u89e3\u548c\u5f00\u53d1\u8b66\u62a5\u7684\u66f4\u591a\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605Falco \u8b66\u62a5\u3002Falco \u53ef\u4ee5\u5c06\u8b66\u62a5\u53d1\u9001\u81f3\uff1a
Falco \u7531\u4ee5\u4e0b\u51e0\u4e2a\u4e3b\u8981\u7ec4\u4ef6\u7ec4\u6210\uff1a
\u7528\u6237\u7a7a\u95f4\u7a0b\u5e8f\uff1aCLI \u5de5\u5177\uff0c\u53ef\u7528\u4e8e\u4e0e Falco \u4ea4\u4e92\u3002\u7528\u6237\u7a7a\u95f4\u7a0b\u5e8f\u5904\u7406\u4fe1\u53f7\uff0c\u89e3\u6790\u6765\u81ea Falco \u9a71\u52a8\u7684\u4fe1\u606f\uff0c\u5e76\u53d1\u9001\u8b66\u62a5\u3002
\u914d\u7f6e\uff1a\u5b9a\u4e49 Falco \u7684\u8fd0\u884c\u65b9\u5f0f\u3001\u8981\u65ad\u8a00\u7684\u89c4\u5219\u4ee5\u53ca\u5982\u4f55\u6267\u884c\u8b66\u62a5\u3002\u6709\u5173\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u914d\u7f6e\u3002
Driver\uff1a\u4e00\u6b3e\u9075\u5faa Falco \u9a71\u52a8\u89c4\u8303\u5e76\u53d1\u9001\u7cfb\u7edf\u8c03\u7528\u4fe1\u606f\u6d41\u7684\u8f6f\u4ef6\u3002\u5982\u679c\u4e0d\u5b89\u88c5\u9a71\u52a8\u7a0b\u5e8f\uff0c\u5c06\u65e0\u6cd5\u8fd0\u884c Falco\u3002\u76ee\u524d\uff0cFalco \u652f\u6301\u4ee5\u4e0b\u9a71\u52a8\u7a0b\u5e8f\uff1a
\u7528\u6237\u7a7a\u95f4\u68c0\u6d4b
\u6709\u5173\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 Falco \u9a71\u52a8\u7a0b\u5e8f\u3002
\u63d2\u4ef6\uff1a\u53ef\u7528\u4e8e\u6269\u5c55 falco libraries/falco \u53ef\u6267\u884c\u6587\u4ef6\u7684\u529f\u80fd\uff0c\u6269\u5c55\u65b9\u5f0f\u662f\u901a\u8fc7\u6dfb\u52a0\u65b0\u7684\u4e8b\u4ef6\u6e90\u548c\u4ece\u4e8b\u4ef6\u4e2d\u63d0\u53d6\u4fe1\u606f\u7684\u65b0\u5b57\u6bb5\u3002 \u6709\u5173\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u63d2\u4ef6\u3002
Notebook \u901a\u5e38\u6307\u7684\u662f Jupyter Notebook \u6216\u7c7b\u4f3c\u7684\u4ea4\u4e92\u5f0f\u8ba1\u7b97\u73af\u5883\u3002 \u8fd9\u662f\u4e00\u79cd\u975e\u5e38\u6d41\u884c\u7684\u5de5\u5177\uff0c\u5e7f\u6cdb\u7528\u4e8e\u6570\u636e\u79d1\u5b66\u3001\u673a\u5668\u5b66\u4e60\u548c\u6df1\u5ea6\u5b66\u4e60\u7b49\u9886\u57df\u3002 \u672c\u9875\u8bf4\u660e\u5982\u4f55\u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4e2d\u4f7f\u7528 Notebook\u3002
"},{"location":"admin/share/notebook.html#_1","title":"\u524d\u7f6e\u6761\u4ef6","text":"\u5bfc\u822a\u81f3 AI Lab -> \u8fd0\u7ef4\u7ba1\u7406 -> \u961f\u5217\u7ba1\u7406 \uff0c\u70b9\u51fb\u53f3\u4fa7\u7684 \u521b\u5efa \u6309\u94ae
\u952e\u5165\u540d\u79f0\uff0c\u9009\u62e9\u96c6\u7fa4\u3001\u5de5\u4f5c\u7a7a\u95f4\u548c\u914d\u989d\u540e\uff0c\u70b9\u51fb \u786e\u5b9a
\u4ee5 \u7528\u6237\u8eab\u4efd \u767b\u5f55 AI \u7b97\u529b\u5e73\u53f0\uff0c\u5bfc\u822a\u81f3 AI Lab -> Notebook \uff0c\u70b9\u51fb\u53f3\u4fa7\u7684 \u521b\u5efa \u6309\u94ae
\u914d\u7f6e\u5404\u9879\u53c2\u6570\u540e\u70b9\u51fb \u786e\u5b9a
\u57fa\u672c\u4fe1\u606f\u8d44\u6e90\u914d\u7f6e\u9ad8\u7ea7\u914d\u7f6e\u952e\u5165\u540d\u79f0\uff0c\u9009\u62e9\u96c6\u7fa4\u3001\u547d\u540d\u7a7a\u95f4\uff0c\u9009\u62e9\u521a\u521b\u5efa\u7684\u961f\u5217\uff0c\u70b9\u51fb \u4e00\u952e\u521d\u59cb\u5316
\u9009\u62e9 Notebook \u7c7b\u578b\uff0c\u914d\u7f6e\u5185\u5b58\u3001CPU\uff0c\u5f00\u542f GPU\uff0c\u521b\u5efa\u548c\u914d\u7f6e PVC\uff1a
\u5f00\u542f SSH \u5916\u7f51\u8bbf\u95ee\uff1a
\u81ea\u52a8\u8df3\u8f6c\u5230 Notebook \u5b9e\u4f8b\u5217\u8868\uff0c\u70b9\u51fb\u5b9e\u4f8b\u540d\u79f0
\u8fdb\u5165 Notebook \u5b9e\u4f8b\u8be6\u60c5\u9875\uff0c\u70b9\u51fb\u53f3\u4e0a\u89d2\u7684 \u6253\u5f00 \u6309\u94ae
\u8fdb\u5165\u4e86 Notebook \u5f00\u53d1\u73af\u5883\uff0c\u6bd4\u5982\u5728 /home/jovyan
\u76ee\u5f55\u6302\u8f7d\u4e86\u6301\u4e45\u5377\uff0c\u53ef\u4ee5\u901a\u8fc7 git \u514b\u9686\u4ee3\u7801\uff0c\u901a\u8fc7 SSH \u8fde\u63a5\u540e\u4e0a\u4f20\u6570\u636e\u7b49\u3002
\u5728\u81ea\u5df1\u7684\u7535\u8111\u4e0a\u751f\u6210 SSH \u5bc6\u94a5\u5bf9
\u5728\u81ea\u5df1\u7535\u8111\u4e0a\u6253\u5f00\u547d\u4ee4\u884c\uff0c\u6bd4\u5982\u5728 Windows \u4e0a\u6253\u5f00 git bash\uff0c\u8f93\u5165 ssh-keygen.exe -t rsa
\uff0c\u7136\u540e\u4e00\u8def\u56de\u8f66\u3002
\u901a\u8fc7 cat ~/.ssh/id_rsa.pub
\u7b49\u547d\u4ee4\u67e5\u770b\u5e76\u590d\u5236\u516c\u94a5
\u4ee5\u7528\u6237\u8eab\u4efd\u767b\u5f55 AI \u7b97\u529b\u5e73\u53f0\uff0c\u5728\u53f3\u4e0a\u89d2\u70b9\u51fb \u4e2a\u4eba\u4e2d\u5fc3 -> SSH \u516c\u94a5 -> \u5bfc\u5165 SSH \u516c\u94a5
\u8fdb\u5165 Notebook \u5b9e\u4f8b\u7684\u8be6\u60c5\u9875\uff0c\u590d\u5236 SSH \u7684\u94fe\u63a5
\u5728\u5ba2\u6237\u7aef\u4f7f\u7528 SSH \u8bbf\u95ee Notebook \u5b9e\u4f8b
\u4e0b\u4e00\u6b65\uff1a\u521b\u5efa\u8bad\u7ec3\u4efb\u52a1
"},{"location":"admin/share/quota.html","title":"\u914d\u989d\u7ba1\u7406","text":"\u7528\u6237\u88ab\u7ed1\u5b9a\u5230\u5de5\u4f5c\u7a7a\u95f4\u540e\uff0c\u5373\u53ef\u4e3a\u5de5\u4f5c\u7a7a\u95f4\u5206\u914d\u8d44\u6e90\uff0c\u7ba1\u7406\u8d44\u6e90\u914d\u989d\u3002
"},{"location":"admin/share/quota.html#_2","title":"\u524d\u7f6e\u6761\u4ef6","text":"\u4e3a\u5de5\u4f5c\u7a7a\u95f4\u5206\u914d\u8d44\u6e90\u914d\u989d
\u7ba1\u7406\u547d\u540d\u7a7a\u95f4 test-ns-1
\u7684\u8d44\u6e90\u914d\u989d\uff0c\u5176\u6570\u503c\u4e0d\u80fd\u8d85\u8fc7\u5de5\u4f5c\u7a7a\u95f4\u7684\u914d\u989d\u3002
\u4ee5 \u7528\u6237\u8eab\u4efd \u767b\u5f55 AI \u7b97\u529b\u5e73\u53f0\uff0c\u67e5\u770b\u5176\u662f\u5426\u88ab\u5206\u914d\u4e86 test-ns-1
\u547d\u540d\u7a7a\u95f4\u3002
\u4e0b\u4e00\u6b65\uff1a\u521b\u5efa AI \u8d1f\u8f7d\u4f7f\u7528 GPU \u8d44\u6e90
"},{"location":"admin/share/workload.html","title":"\u521b\u5efa AI \u8d1f\u8f7d\u4f7f\u7528 GPU \u8d44\u6e90","text":"\u7ba1\u7406\u5458\u4e3a\u5de5\u4f5c\u7a7a\u95f4\u5206\u914d\u8d44\u6e90\u914d\u989d\u540e\uff0c\u7528\u6237\u5c31\u53ef\u4ee5\u521b\u5efa AI \u5de5\u4f5c\u8d1f\u8f7d\u6765\u4f7f\u7528 GPU \u7b97\u529b\u8d44\u6e90\u3002
"},{"location":"admin/share/workload.html#_1","title":"\u524d\u7f6e\u6761\u4ef6","text":"\u5bfc\u822a\u81f3 \u5bb9\u5668\u7ba1\u7406 \uff0c\u9009\u62e9\u4e00\u4e2a\u547d\u540d\u7a7a\u95f4\uff0c\u70b9\u51fb \u5de5\u4f5c\u8d1f\u8f7d -> \u65e0\u72b6\u6001\u8d1f\u8f7d \uff0c \u70b9\u51fb\u53f3\u4fa7\u7684 \u955c\u50cf\u521b\u5efa \u6309\u94ae
\u914d\u7f6e\u5404\u9879\u53c2\u6570\u540e\u70b9\u51fb \u786e\u5b9a
\u57fa\u672c\u4fe1\u606f\u5bb9\u5668\u914d\u7f6e\u5176\u4ed6\u9009\u62e9\u81ea\u5df1\u7684\u547d\u540d\u7a7a\u95f4\u3002
\u8bbe\u7f6e\u955c\u50cf\uff0c\u914d\u7f6e CPU\u3001\u5185\u5b58\u3001GPU \u7b49\u8d44\u6e90\uff0c\u8bbe\u7f6e\u542f\u52a8\u547d\u4ee4\u3002
\u670d\u52a1\u914d\u7f6e\u548c\u9ad8\u7ea7\u914d\u7f6e\u53ef\u4ee5\u4f7f\u7528\u9ed8\u8ba4\u914d\u7f6e\u3002
\u81ea\u52a8\u8fd4\u56de\u65e0\u72b6\u6001\u8d1f\u8f7d\u5217\u8868\uff0c\u70b9\u51fb\u8d1f\u8f7d\u540d\u79f0
\u8fdb\u5165\u8be6\u60c5\u9875\uff0c\u53ef\u4ee5\u770b\u5230 GPU \u914d\u989d
\u4f60\u8fd8\u53ef\u4ee5\u8fdb\u5165\u63a7\u5236\u53f0\uff0c\u8fd0\u884c mx-smi
\u547d\u4ee4\u67e5\u770b GPU \u8d44\u6e90
\u4e0b\u4e00\u6b65\uff1a\u4f7f\u7528 Notebook
"},{"location":"admin/virtnest/best-practice/import-ubuntu.html","title":"\u5982\u4f55\u4ece VMWare \u5bfc\u5165\u4f20\u7edf Linux \u4e91\u4e3b\u673a\u5230\u4e91\u539f\u751f\u4e91\u4e3b\u673a\u5e73\u53f0","text":"\u672c\u6587\u5c06\u8be6\u7ec6\u4ecb\u7ecd\u5982\u4f55\u901a\u8fc7\u547d\u4ee4\u884c\u5c06\u5916\u90e8\u5e73\u53f0 VMware \u4e0a\u7684 Linux \u4e91\u4e3b\u673a\u5bfc\u5165\u5230 AI \u7b97\u529b\u4e2d\u5fc3\u7684\u4e91\u4e3b\u673a\u4e2d\u3002
Info
\u672c\u6587\u6863\u5916\u90e8\u865a\u62df\u5e73\u53f0\u662f VMware vSphere Client\uff0c\u540e\u7eed\u7b80\u5199\u4e3a vSphere\u3002 \u6280\u672f\u4e0a\u662f\u4f9d\u9760 kubevirt cdi \u6765\u5b9e\u73b0\u7684\u3002\u64cd\u4f5c\u524d\uff0cvSphere \u4e0a\u88ab\u5bfc\u5165\u7684\u4e91\u4e3b\u673a\u9700\u8981\u5173\u673a\u3002 \u4ee5 Ubuntu \u64cd\u4f5c\u7cfb\u7edf\u7684\u4e91\u4e3b\u673a\u4e3a\u4f8b\u3002
"},{"location":"admin/virtnest/best-practice/import-ubuntu.html#vsphere","title":"\u83b7\u53d6 vSphere \u7684\u4e91\u4e3b\u673a\u57fa\u7840\u4fe1\u606f","text":"vSphere URL\uff1a\u76ee\u6807\u5e73\u53f0\u7684 URL \u5730\u5740\u4fe1\u606f
vSphere SSL \u8bc1\u4e66\u6307\u7eb9 thumbprint\uff1a\u9700\u8981\u901a\u8fc7 openssl \u83b7\u53d6
openssl s_client -connect 10.64.56.11:443 </dev/null | openssl x509 -in /dev/stdin -fingerprint -sha1 -noout\n
\u8f93\u51fa\u7c7b\u4f3c\u4e8e\uff1a
Can't use SSL_get_servername\ndepth=0 CN = vcsa.daocloud.io\nverify error:num=20:unable to get local issuer certificate\nverify return:1\ndepth=0 CN = vcsa.daocloud.io\nverify error:num=21:unable to verify the first certificate\nverify return:1\ndepth=0 CN = vcsa.daocloud.io\nverify return:1\nDONE\nsha1 Fingerprint=C3:9D:D7:55:6A:43:11:2B:DE:BA:27:EA:3B:C2:13:AF:E4:12:62:4D # \u6240\u9700\u503c\n
vSphere \u8d26\u53f7\uff1a\u83b7\u53d6 vSphere \u7684\u8d26\u53f7\u4fe1\u606f\uff0c\u6ce8\u610f\u6743\u9650\u95ee\u9898
vSphere \u5bc6\u7801\uff1a\u83b7\u53d6 vSphere \u7684\u5bc6\u7801\u4fe1\u606f
\u9700\u8981\u5bfc\u5165\u4e91\u4e3b\u673a\u7684 UUID\uff08\u9700\u8981\u5728 vSphere \u7684 web \u9875\u9762\u83b7\u53d6\uff09
\u8fdb\u5165 Vsphere \u9875\u9762\u4e2d\uff0c\u8fdb\u5165\u88ab\u5bfc\u5165\u4e91\u4e3b\u673a\u7684\u8be6\u60c5\u9875\u9762\uff0c\u70b9\u51fb \u7f16\u8f91\u914d\u7f6e \uff0c\u6b64\u65f6\u6253\u5f00\u6d4f\u89c8\u5668\u7684\u5f00\u53d1\u8005\u63a7\u5236\u53f0\uff0c \u70b9\u51fb \u7f51\u7edc \u2014> \u6807\u5934 \u627e\u5230\u5982\u4e0b\u56fe\u6240\u793a\u7684 URL\u3002
\u70b9\u51fb \u54cd\u5e94 \uff0c\u5b9a\u4f4d\u5230 vmConfigContext \u2014> config \uff0c\u6700\u7ec8\u627e\u5230\u76ee\u6807\u503c uuid \u3002
\u9700\u8981\u5bfc\u5165\u4e91\u4e3b\u673a\u7684 vmdk \u6587\u4ef6 path
\u9700\u8981\u6839\u636e\u7f51\u7edc\u6a21\u5f0f\u7684\u4e0d\u540c\u914d\u7f6e\u4e0d\u540c\u7684\u4fe1\u606f\uff0c\u82e5\u6709\u56fa\u5b9a IP \u7684\u9700\u6c42\uff0c\u9700\u8981\u9009\u62e9 Bridge \u7f51\u7edc\u6a21\u5f0f
\u521b\u5efa\u5b50\u7f51\u53ca IP \u6c60\uff0c\u53c2\u8003\u521b\u5efa\u5b50\u7f51\u548c IP \u6c60
apiVersion: spiderpool.spidernet.io/v2beta1\nkind: SpiderIPPool\nmetadata:\n name: test2\nspec:\n ips:\n - 10.20.3.90\n subnet: 10.20.0.0/16\n gateway: 10.20.0.1\n\n---\napiVersion: spiderpool.spidernet.io/v2beta1\nkind: SpiderIPPool\nmetadata:\n name: test3\nspec:\n ips:\n - 10.20.240.1\n subnet: 10.20.0.0/16\n gateway: 10.20.0.1\n\n---\napiVersion: spiderpool.spidernet.io/v2beta1\nkind: SpiderMultusConfig\nmetadata:\n name: test1\n namespace: kube-system\nspec:\n cniType: ovs\n coordinator:\n detectGateway: false\n detectIPConflict: false\n mode: auto\n tunePodRoutes: true\n disableIPAM: false\n enableCoordinator: true\n ovs:\n bridge: br-1\n ippools:\n ipv4:\n - test1\n - test2\n
apiVersion: v1\nkind: Secret\nmetadata:\n name: vsphere # \u53ef\u66f4\u6539\n labels:\n app: containerized-data-importer # \u8bf7\u52ff\u66f4\u6539\ntype: Opaque\ndata:\n accessKeyId: \"username-base64\"\n secretKey: \"password-base64\"\n
"},{"location":"admin/virtnest/best-practice/import-ubuntu.html#kubevirt-vm-yaml-vm","title":"\u7f16\u5199 kubevirt vm yaml \u521b\u5efa vm","text":"Tip
\u82e5\u6709\u56fa\u5b9aIP\u9700\u6c42\uff0c\u5219\u8be5 yaml \u4e0e\u4f7f\u7528\u9ed8\u8ba4\u7f51\u7edc\u7684 yaml \u6709\u4e00\u4e9b\u533a\u522b\uff0c\u5df2\u6807\u6ce8\u3002
apiVersion: kubevirt.io/v1\nkind: VirtualMachine\nmetadata:\n annotations:\n kubevirt.io/latest-observed-api-version: v1\n kubevirt.io/storage-observed-api-version: v1\n virtnest.io/alias-name: \"\"\n virtnest.io/image-secret: \"\"\n creationTimestamp: \"2024-05-23T06:46:28Z\"\n finalizers:\n - kubevirt.io/virtualMachineControllerFinalize\n generation: 1\n labels:\n virtnest.io/os-family: Ubuntu\n virtnest.io/os-version: \"22.04\"\n name: export-ubuntu\n namespace: default\nspec:\n dataVolumeTemplates:\n - metadata:\n creationTimestamp: null\n name: export-ubuntu-rootdisk\n namespace: default\n spec:\n pvc:\n accessModes:\n - ReadWriteOnce\n resources:\n requests:\n storage: 10Gi\n storageClassName: local-path\n source:\n vddk:\n backingFile: \"[A05-09-ShangPu-Local-DataStore] virtnest-export-ubuntu/virtnest-export-ubuntu.vmdk\" \n url: \"https://10.64.56.21\" \n uuid: \"421d6135-4edb-df80-ee54-8c5b10cc4e78\" \n thumbprint: \"D7:C4:22:E3:6F:69:DA:72:50:81:12:FA:42:18:3F:29:5C:7F:41:CA\" \n secretRef: \"vsphere\"\n initImageURL: \"release.daocloud.io/virtnest/vddk:v8\"\n runStrategy: Manual\n template:\n metadata:\n annotations:\n ipam.spidernet.io/ippools: '[{\"cleangateway\":false,\"ipv4\":[\"test2\"]}]' // \u8fd9\u91cc\u6dfb\u52a0 spiderpool \u7f51\u7edc\n creationTimestamp: null\n spec:\n architecture: amd64\n domain:\n devices:\n disks:\n - bootOrder: 1\n disk:\n bus: virtio\n name: rootdisk\n interfaces: // \u4fee\u6539\u8fd9\u91cc\u7684\u7f51\u7edc\u914d\u7f6e\n - bridge: {}\n name: ovs-bridge0\n machine:\n type: q35\n resources:\n requests:\n memory: 4Gi\n networks: // \u4fee\u6539\u8fd9\u91cc\u7684\u7f51\u7edc\u914d\u7f6e\n - multus:\n default: true\n networkName: kube-system/test1\n name: ovs-bridge0\n volumes:\n - dataVolume:\n name: export-ubuntu-rootdisk\n name: rootdisk\n
"},{"location":"admin/virtnest/best-practice/import-ubuntu.html#vnc","title":"\u8fdb\u5165 VNC \u68c0\u67e5\u662f\u5426\u6210\u529f\u8fd0\u884c","text":"\u4fee\u6539\u4e91\u4e3b\u673a\u7684\u7f51\u7edc\u914d\u7f6e
\u67e5\u770b\u5f53\u524d\u7f51\u7edc
\u5728\u5b9e\u9645\u5bfc\u5165\u5b8c\u6210\u65f6\uff0c\u5982\u4e0b\u56fe\u6240\u793a\u7684\u914d\u7f6e\u5df2\u7ecf\u5b8c\u6210\u3002\u7136\u800c\uff0c\u9700\u8981\u6ce8\u610f\u7684\u662f\uff0cenp1s0\u63a5\u53e3\u5e76\u6ca1\u6709\u5305\u542binet\u5b57\u6bb5\uff0c\u56e0\u6b64\u65e0\u6cd5\u8fde\u63a5\u5230\u5916\u90e8\u7f51\u7edc\u3002
\u914d\u7f6e netplan
\u5728\u4e0a\u56fe\u6240\u793a\u7684\u914d\u7f6e\u4e2d\uff0c\u5c06 ethernets \u4e2d\u7684\u5bf9\u8c61\u66f4\u6539\u4e3a enp1s0\uff0c\u5e76\u4f7f\u7528 DHCP \u83b7\u5f97 IP \u5730\u5740\u3002
\u5c06 netplan \u914d\u7f6e\u5e94\u7528\u5230\u7cfb\u7edf\u7f51\u7edc\u914d\u7f6e\u4e2d
sudo netplan apply\n
\u5bf9\u5916\u90e8\u7f51\u7edc\u8fdb\u884c ping \u6d4b\u8bd5
\u901a\u8fc7 SSH \u5728\u8282\u70b9\u4e0a\u8bbf\u95ee\u4e91\u4e3b\u673a\u3002
\u672c\u6587\u5c06\u8be6\u7ec6\u4ecb\u7ecd\u5982\u4f55\u901a\u8fc7\u547d\u4ee4\u884c\u5c06\u5916\u90e8\u5e73\u53f0 VMware \u4e0a\u7684\u4e91\u4e3b\u673a\u5bfc\u5165\u5230 AI \u7b97\u529b\u4e2d\u5fc3\u7684\u4e91\u4e3b\u673a\u4e2d\u3002
Info
\u672c\u6587\u6863\u5916\u90e8\u865a\u62df\u5e73\u53f0\u662f VMware vSphere Client\uff0c\u540e\u7eed\u7b80\u5199\u4e3a vSphere\u3002 \u6280\u672f\u4e0a\u662f\u4f9d\u9760 kubevirt cdi \u6765\u5b9e\u73b0\u7684\u3002\u64cd\u4f5c\u524d\uff0cvSphere \u4e0a\u88ab\u5bfc\u5165\u7684\u4e91\u4e3b\u673a\u9700\u8981\u5173\u673a\u3002 \u4ee5 Windows \u64cd\u4f5c\u7cfb\u7edf\u7684\u4e91\u4e3b\u673a\u4e3a\u4f8b\u3002
"},{"location":"admin/virtnest/best-practice/import-windows.html#_1","title":"\u73af\u5883\u51c6\u5907","text":"\u5bfc\u5165\u524d\uff0c\u9700\u8981\u53c2\u8003\u7f51\u7edc\u914d\u7f6e\u51c6\u5907\u73af\u5883\u3002
"},{"location":"admin/virtnest/best-practice/import-windows.html#windows","title":"\u83b7\u53d6 Windows \u4e91\u4e3b\u673a\u7684\u4fe1\u606f","text":"\u4e0e\u5bfc\u5165 Linux \u64cd\u4f5c\u7cfb\u7edf\u7684\u4e91\u4e3b\u673a\u7c7b\u4f3c\uff0c\u53ef\u53c2\u8003\u5982\u4f55\u4ece VMWare \u5bfc\u5165\u4f20\u7edf Linuxs \u4e91\u4e3b\u673a\u5230\u4e91\u539f\u751f\u4e91\u4e3b\u673a\u5e73\u53f0\u83b7\u53d6\u4ee5\u4e0b\u4fe1\u606f\uff1a
\u5c06\u5916\u90e8\u5e73\u53f0\u7684\u4e91\u4e3b\u673a\u5bfc\u5165\u5230 AI \u7b97\u529b\u4e2d\u5fc3\u7684\u865a\u62df\u5316\u5e73\u53f0\u4e2d\u65f6\uff0c\u9700\u8981\u6839\u636e\u4e91\u4e3b\u673a\u7684\u542f\u52a8\u7c7b\u578b\uff08BIOS \u6216 UEFI\uff09\u8fdb\u884c\u76f8\u5e94\u7684\u914d\u7f6e\uff0c\u4ee5\u786e\u4fdd\u4e91\u4e3b\u673a\u80fd\u591f\u6b63\u786e\u542f\u52a8\u548c\u8fd0\u884c\u3002
\u53ef\u4ee5\u901a\u8fc7\"\u7cfb\u7edf\u4fe1\u606f\"\u68c0\u67e5 Windows \u662f BIOS \u8fd8\u662f UEFI \u5f15\u5bfc\u3002\u5982\u679c\u662f UEFI \u5219\u9700\u8981\u5728 YAML \u6587\u4ef6\u4e2d\u6dfb\u52a0\u76f8\u5173\u4fe1\u606f\u3002
"},{"location":"admin/virtnest/best-practice/import-windows.html#_2","title":"\u5bfc\u5165\u8fc7\u7a0b","text":"\u51c6\u5907 window.yaml
\u6587\u4ef6\uff0c\u6ce8\u610f\u4ee5\u4e0b\u914d\u7f6e\u9879
apiVersion: kubevirt.io/v1\nkind: VirtualMachine\nmetadata:\n labels:\n virtnest.io/os-family: windows\n virtnest.io/os-version: \"server2019\"\n name: export-window-21\n namespace: default\nspec:\n dataVolumeTemplates:\n - metadata:\n name: export-window-21-rootdisk\n spec:\n pvc:\n accessModes:\n - ReadWriteOnce\n resources:\n requests:\n storage: 22Gi\n storageClassName: local-path\n source:\n vddk:\n backingFile: \"[A05-09-ShangPu-Local-DataStore] virtnest-export-window/virtnest-export-window.vmdk\"\n url: \"https://10.64.56.21\"\n uuid: \"421d40f2-21a2-cfeb-d5c9-e7f8abfc2faa\"\n thumbprint: \"D7:C4:22:E3:6F:69:DA:72:50:81:12:FA:42:18:3F:29:5C:7F:41:CA\"\n secretRef: \"vsphere21\"\n initImageURL: \"release.daocloud.io/virtnest/vddk:v8\"\n - metadata:\n name: export-window-21-datadisk\n spec:\n pvc:\n accessModes:\n - ReadWriteOnce\n resources:\n requests:\n storage: 1Gi\n storageClassName: local-path\n source:\n vddk:\n backingFile: \"[A05-09-ShangPu-Local-DataStore] virtnest-export-window/virtnest-export-window_1.vmdk\"\n url: \"https://10.64.56.21\"\n uuid: \"421d40f2-21a2-cfeb-d5c9-e7f8abfc2faa\"\n thumbprint: \"D7:C4:22:E3:6F:69:DA:72:50:81:12:FA:42:18:3F:29:5C:7F:41:CA\"\n secretRef: \"vsphere21\"\n initImageURL: \"release.daocloud.io/virtnest/vddk:v8\"\n # <1>. \u5f15\u5bfc virtio \u9a71\u52a8\u7684 pvc\n # \u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\n - metadata:\n name: virtio-disk\n spec:\n pvc:\n accessModes:\n - ReadWriteOnce\n resources:\n requests:\n storage: 10Mi\n storageClassName: local-path\n source:\n blank: {}\n # \u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\n running: true\n template:\n metadata:\n annotations:\n ipam.spidernet.io/ippools: '[{\"cleangateway\":false,\"ipv4\":[\"test86\"]}]'\n spec:\n dnsConfig:\n nameservers:\n - 223.5.5.5\n domain:\n cpu:\n cores: 2\n memory:\n guest: 4Gi\n devices:\n disks:\n - bootOrder: 1\n disk:\n bus: sata # <2> \u78c1\u76d8\u603b\u7ebf\u7c7b\u578b\uff0c\u6839\u636e\u5f15\u5bfc\u7c7b\u578b\u8bbe\u7f6e\u4e3a sata \u6216 virtio\n name: rootdisk\n - bootOrder: 2\n disk:\n bus: sata # <2> \u78c1\u76d8\u603b\u7ebf\u7c7b\u578b\uff0c\u6839\u636e\u5f15\u5bfc\u7c7b\u578b\u8bbe\u7f6e\u4e3a sata \u6216 virtio\n name: datadisk\n # <1>. \u5f15\u5bfc virtio \u9a71\u52a8\u7684 disk\n # \u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\n - bootOrder: 3\n disk:\n bus: virtio\n name: virtdisk\n - bootOrder: 4\n cdrom:\n bus: sata\n name: virtiocontainerdisk\n # \u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\n interfaces:\n - bridge: {}\n name: ovs-bridge0\n # <3> \u5728\u4e0a\u6587\u201c\u67e5\u770b window \u5f15\u5bfc\u662f BIOS \u8fd8\u662f UEFI\u201d\n # \u5982\u679c\u4f7f\u7528\u4e86 UEFI \u9700\u8981\u6dfb\u52a0\u7684\u4fe1\u606f\n # \u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\n features:\n smm:\n enabled: true\n firmware:\n bootloader:\n efi:\n secureBoot: false\n # \u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\n machine:\n type: q35\n resources:\n requests:\n memory: 4Gi\n networks:\n - multus:\n default: true\n networkName: kube-system/test1\n name: ovs-bridge0\n volumes:\n - dataVolume:\n name: export-window-21-rootdisk\n name: rootdisk\n - dataVolume:\n name: export-window-21-datadisk\n name: datadisk \n # <1> \u5f15\u5bfc virtio \u9a71\u52a8\u7684 volumes\n # \u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\n - dataVolume:\n name: virtio-disk\n name: virtdisk\n - containerDisk:\n image: release-ci.daocloud.io/virtnest/kubevirt/virtio-win:v4.12.12-5\n name: virtiocontainerdisk\n # \u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\n
"},{"location":"admin/virtnest/best-practice/import-windows.html#vnc-virtio","title":"\u901a\u8fc7 VNC \u5b89\u88c5 VirtIO \u9a71\u52a8","text":"# \u5220\u9664 \u6807\u53f7 <1> \u76f8\u5173\u5b57\u6bb5\uff0c\u4fee\u6539\u6807\u53f7 <2> \u5b57\u6bb5\uff1asata \u6539\u6210 virtio\napiVersion: kubevirt.io/v1\nkind: VirtualMachine\nmetadata:\n labels:\n virtnest.io/os-family: windows\n virtnest.io/os-version: \"server2019\"\n name: export-window-21\n namespace: default\nspec:\n dataVolumeTemplates:\n - metadata:\n name: export-window-21-rootdisk\n spec:\n pvc:\n accessModes:\n - ReadWriteOnce\n resources:\n requests:\n storage: 22Gi\n storageClassName: local-path\n source:\n vddk:\n backingFile: \"[A05-09-ShangPu-Local-DataStore] virtnest-export-window/virtnest-export-window.vmdk\"\n url: \"https://10.64.56.21\"\n uuid: \"421d40f2-21a2-cfeb-d5c9-e7f8abfc2faa\"\n thumbprint: \"D7:C4:22:E3:6F:69:DA:72:50:81:12:FA:42:18:3F:29:5C:7F:41:CA\"\n secretRef: \"vsphere21\"\n initImageURL: \"release.daocloud.io/virtnest/vddk:v8\"\n - metadata:\n name: export-window-21-datadisk\n spec:\n pvc:\n accessModes:\n - ReadWriteOnce\n resources:\n requests:\n storage: 1Gi\n storageClassName: local-path\n source:\n vddk:\n backingFile: \"[A05-09-ShangPu-Local-DataStore] virtnest-export-window/virtnest-export-window_1.vmdk\"\n url: \"https://10.64.56.21\"\n uuid: \"421d40f2-21a2-cfeb-d5c9-e7f8abfc2faa\"\n thumbprint: \"D7:C4:22:E3:6F:69:DA:72:50:81:12:FA:42:18:3F:29:5C:7F:41:CA\"\n secretRef: \"vsphere21\"\n initImageURL: \"release.daocloud.io/virtnest/vddk:v8\"\n running: true\n template:\n metadata:\n annotations:\n ipam.spidernet.io/ippools: '[{\"cleangateway\":false,\"ipv4\":[\"test86\"]}]'\n spec:\n dnsConfig:\n nameservers:\n - 223.5.5.5\n domain:\n cpu:\n cores: 2\n memory:\n guest: 4Gi\n devices:\n disks:\n - bootOrder: 1\n disk:\n bus: virtio # <2>\n name: rootdisk\n - bootOrder: 2\n disk:\n bus: virtio # <2>\n name: datadisk\n interfaces:\n - bridge: {}\n name: ovs-bridge0\n # <3> \u5728\u4e0a\u6587\u201c\u67e5\u770b window \u5f15\u5bfc\u662f BIOS \u8fd8\u662f UEFI\u201d\n # \u5982\u679c\u4f7f\u7528\u4e86 UEFI \u9700\u8981\u6dfb\u52a0\u7684\u4fe1\u606f\n # \u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\n features:\n smm:\n enabled: true\n firmware:\n bootloader:\n efi:\n secureBoot: false\n # \u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\n machine:\n type: q35\n resources:\n requests:\n memory: 4Gi\n networks:\n - multus:\n default: true\n networkName: kube-system/test1\n name: ovs-bridge0\n volumes:\n - dataVolume:\n name: export-window-21-rootdisk\n name: rootdisk\n - dataVolume:\n name: export-window-21-datadisk\n name: datadisk\n
"},{"location":"admin/virtnest/best-practice/import-windows.html#rdp","title":"RDP \u8bbf\u95ee\u548c\u9a8c\u8bc1","text":"\u4f7f\u7528 RDP \u5ba2\u6237\u7aef\u8fde\u63a5\u5230\u4e91\u4e3b\u673a\u3002\u8f93\u5165\u9ed8\u8ba4\u8d26\u53f7 admin
\u548c\u5bc6\u7801 dangerous!123
\u8fdb\u884c\u767b\u5f55\u3002
\u9a8c\u8bc1\u7f51\u7edc\u8bbf\u95ee\u548c\u6570\u636e\u76d8\u6570\u636e
\u672c\u6587\u5c06\u4ecb\u7ecd\u5982\u4f55\u901a\u8fc7\u547d\u4ee4\u884c\u521b\u5efa Windows \u4e91\u4e3b\u673a\u3002
"},{"location":"admin/virtnest/best-practice/vm-windows.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u200b\u521b\u5efa Windows \u4e91\u4e3b\u673a\u9700\u8981\u5bfc\u5165 ISO \u955c\u50cf\u7684\u4e3b\u8981\u539f\u56e0\u662f\u4e3a\u4e86\u5b89\u88c5 Windows \u64cd\u4f5c\u7cfb\u7edf\u3002 \u4e0e Linux \u64cd\u4f5c\u7cfb\u7edf\u4e0d\u540c\uff0cWindows \u64cd\u4f5c\u7cfb\u7edf\u5b89\u88c5\u8fc7\u7a0b\u901a\u5e38\u9700\u8981\u4ece\u5b89\u88c5\u5149\u76d8\u6216 ISO \u955c\u50cf\u6587\u4ef6\u4e2d\u5f15\u5bfc\u3002 \u56e0\u6b64\uff0c\u5728\u521b\u5efa Windows \u4e91\u4e3b\u673a\u65f6\uff0c\u9700\u8981\u5148\u5bfc\u5165 Windows \u64cd\u4f5c\u7cfb\u7edf\u7684\u5b89\u88c5 ISO \u955c\u50cf\u6587\u4ef6\uff0c\u4ee5\u4fbf\u4e91\u4e3b\u673a\u80fd\u591f\u6b63\u5e38\u5b89\u88c5\u3002
\u4ee5\u4e0b\u4ecb\u7ecd\u4e24\u4e2a\u5bfc\u5165 ISO \u955c\u50cf\u7684\u529e\u6cd5\uff1a
\uff08\u63a8\u8350\uff09\u5236\u4f5c Docker \u955c\u50cf\uff0c\u5efa\u8bae\u53c2\u8003 \u6784\u5efa\u955c\u50cf
\uff08\u4e0d\u63a8\u8350\uff09\u4f7f\u7528 virtctl \u5c06\u955c\u50cf\u5bfc\u5165\u5230 PVC \u4e2d
\u53ef\u53c2\u8003\u5982\u4e0b\u547d\u4ee4
virtctl image-upload -n <\u547d\u540d\u7a7a\u95f4> pvc <PVC \u540d\u79f0> \\ \n --image-path=<IOS \u6587\u4ef6\u8def\u5f84> \\ \n --access-mode=ReadWriteOnce \\ \n --size=6G \\ --uploadproxy-url=<https://cdi-uploadproxy ClusterIP \u548c\u7aef\u53e3> \\ \n --force-bind \\ \n --insecure \\ \n --wait-secs=240 \\ \n --storage-class=<SC>\n
\u4f8b\u5982\uff1a
virtctl image-upload -n <\u547d\u540d\u7a7a\u95f4> pvc <PVC \u540d\u79f0> \\ \n --image-path=<IOS \u6587\u4ef6\u8def\u5f84> \\ \n --access-mode=ReadWriteOnce \\ \n --size=6G \\ --uploadproxy-url=<https://cdi-uploadproxy ClusterIP \u548c\u7aef\u53e3> \\ \n --force-bind \\ \n --insecure \\ \n --wait-secs=240 \\ \n --storage-class=<SC>\n
\u4f7f\u7528 yaml \u521b\u5efa Windows \u4e91\u4e3b\u673a\uff0c\u66f4\u52a0\u7075\u6d3b\u5e76\u4e14\u66f4\u6613\u7f16\u5199\u559d\u7ef4\u62a4\u3002\u4ee5\u4e0b\u4ecb\u7ecd\u4e09\u79cd\u53c2\u8003\u7684 yaml\uff1a
\u63a8\u8350\u4f7f\u7528 Virtio \u9a71\u52a8 + Docker \u955c\u50cf\u7684\u65b9\u5f0f
apiVersion: kubevirt.io/v1\nkind: VirtualMachine\nmetadata:\n annotations:\n kubevirt.io/latest-observed-api-version: v1\n kubevirt.io/storage-observed-api-version: v1\n labels:\n virtnest.io/os-family: Windows\n virtnest.io/os-version: '10'\n name: windows10-virtio\n namespace: default\nspec:\n dataVolumeTemplates:\n - metadata:\n name: win10-system-virtio\n namespace: default\n spec:\n pvc:\n accessModes:\n - ReadWriteOnce\n resources:\n requests:\n storage: 32Gi\n storageClassName: local-path\n source:\n blank: {}\n running: true\n template:\n metadata:\n labels:\n app: windows10-virtio\n version: v1\n kubevirt.io/domain: windows10-virtio\n spec:\n architecture: amd64\n domain:\n cpu:\n cores: 8\n sockets: 1\n threads: 1\n devices:\n disks:\n - bootOrder: 1\n disk:\n bus: virtio # \u4f7f\u7528 virtio\n name: win10-system-virtio\n - bootOrder: 2\n cdrom:\n bus: sata # \u5bf9\u4e8e ISO \u955c\u50cf\uff0c\u4f7f\u7528 sata\n name: iso-win10\n - bootOrder: 3\n cdrom:\n bus: sata # \u5bf9\u4e8e containerdisk\uff0c\u4f7f\u7528 sata\n name: virtiocontainerdisk\n interfaces:\n - name: default\n masquerade: {}\n machine:\n type: q35\n resources:\n requests:\n memory: 8G\n networks:\n - name: default\n pod: {}\n volumes:\n - name: iso-win10\n persistentVolumeClaim:\n claimName: iso-win10\n - name: win10-system-virtio\n persistentVolumeClaim:\n claimName: win10-system-virtio\n - containerDisk:\n image: kubevirt/virtio-container-disk\n name: virtiocontainerdisk\n
\uff08\u4e0d\u63a8\u8350\uff09\u4f7f\u7528 Virtio \u9a71\u52a8\u548c virtctl \u5de5\u5177\u7684\u7ec4\u5408\u65b9\u5f0f\uff0c\u5c06\u955c\u50cf\u5bfc\u5165\u5230 Persistent Volume Claim\uff08PVC\uff09\u4e2d\u3002
apiVersion: kubevirt.io/v1\nkind: VirtualMachine\nmetadata:\n annotations:\n kubevirt.io/latest-observed-api-version: v1\n kubevirt.io/storage-observed-api-version: v1\n labels:\n virtnest.io/os-family: Windows\n virtnest.io/os-version: '10'\n name: windows10-virtio\n namespace: default\nspec:\n dataVolumeTemplates:\n - metadata:\n name: win10-system-virtio\n namespace: default\n spec:\n pvc:\n accessModes:\n - ReadWriteOnce\n resources:\n requests:\n storage: 32Gi\n storageClassName: local-path\n source:\n blank: {}\n running: true\n template:\n metadata:\n labels:\n app: windows10-virtio\n version: v1\n kubevirt.io/domain: windows10-virtio\n spec:\n architecture: amd64\n domain:\n cpu:\n cores: 8\n sockets: 1\n threads: 1\n devices:\n disks:\n - bootOrder: 1\n # \u8bf7\u4f7f\u7528 virtio\n disk:\n bus: virtio\n name: win10-system-virtio\n # ISO \u955c\u50cf\u8bf7\u4f7f\u7528 sata\n - bootOrder: 2\n cdrom:\n bus: sata\n name: iso-win10\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 # containerdisk \u8bf7\u4f7f\u7528 sata\n - bootOrder: 3\n cdrom:\n bus: sata\n name: virtiocontainerdisk\n interfaces:\n - name: default\n masquerade: {}\n machine:\n type: q35\n resources:\n requests:\n memory: 8G\n networks:\n - name: default\n pod: {}\n volumes:\n - name: iso-win10\n persistentVolumeClaim:\n claimName: iso-win10\n - name: win10-system-virtio\n persistentVolumeClaim:\n claimName: win10-system-virtio\n - containerDisk:\n image: kubevirt/virtio-container-disk\n name: virtiocontainerdisk\n
\uff08\u4e0d\u63a8\u8350\uff09\u4e0d\u4f7f\u7528 Virtio \u9a71\u52a8\u7684\u60c5\u51b5\u4e0b\uff0c\u4f7f\u7528 virtctl \u5de5\u5177\u5c06\u955c\u50cf\u5bfc\u5165\u5230 Persistent Volume Claim\uff08PVC\uff09\u4e2d\u3002\u4e91\u4e3b\u673a\u53ef\u80fd\u4f7f\u7528\u5176\u4ed6\u7c7b\u578b\u7684\u9a71\u52a8\u6216\u9ed8\u8ba4\u9a71\u52a8\u6765\u64cd\u4f5c\u78c1\u76d8\u548c\u7f51\u7edc\u8bbe\u5907\u3002
apiVersion: kubevirt.io/v1\nkind: VirtualMachine\nmetadata:\n annotations:\n kubevirt.io/latest-observed-api-version: v1\n kubevirt.io/storage-observed-api-version: v1\n labels:\n virtnest.io/os-family: Windows\n virtnest.io/os-version: '10'\n name: windows10\n namespace: default\nspec:\n dataVolumeTemplates:\n # \u521b\u5efa\u7cfb\u7edf\u76d8\uff0c\u4f60\u521b\u5efa\u591a\u4e2a PVC\uff08\u78c1\u76d8\uff09\n - metadata:\n name: win10-system\n namespace: default\n spec:\n pvc:\n accessModes:\n - ReadWriteOnce\n resources:\n requests:\n storage: 32Gi\n storageClassName: local-path\n source:\n blank: {}\n running: true\n template:\n metadata:\n labels:\n app: windows10\n version: v1\n kubevirt.io/domain: windows10\n spec:\n architecture: amd64\n domain:\n cpu:\n cores: 8\n sockets: 1\n threads: 1\n devices:\n disks:\n - bootOrder: 1\n # \u65e0 virtio \u9a71\u52a8\uff0c\u8bf7\u4f7f\u7528 sata\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0cdrom:\n bus: sata\n name: win10-system\n # ISO \u955c\u50cf\uff0c\u8bf7\u4f7f\u7528 sata\n - bootOrder: 2\n cdrom:\n bus: sata\n name: iso-win10\n interfaces:\n - name: default\n masquerade: {}\n machine:\n type: q35\n resources:\n requests:\n memory: 8G\n networks:\n - name: default\n pod: {}\n volumes:\n - name: iso-win10\n persistentVolumeClaim:\n claimName: iso-win10\n - name: win10-system\n persistentVolumeClaim:\n claimName: win10-system\n
Windows \u7248\u672c\u7684\u4e91\u4e3b\u673a\u5927\u591a\u6570\u60c5\u51b5\u662f\u9700\u8981\u8fdc\u7a0b\u684c\u9762\u63a7\u5236\u8bbf\u95ee\u7684\uff0c\u5efa\u8bae\u4f7f\u7528 Microsoft \u8fdc\u7a0b\u684c\u9762\u63a7\u5236\u60a8\u7684\u4e91\u4e3b\u673a\u3002
Note
Windows \u4e91\u4e3b\u673a\u6dfb\u52a0\u6570\u636e\u76d8\u7684\u65b9\u5f0f\u548c Linux \u4e91\u4e3b\u673a\u4e00\u81f4\u3002\u4f60\u53ef\u4ee5\u53c2\u8003\u4e0b\u9762\u7684 YAML \u793a\u4f8b\uff1a
apiVersion: kubevirt.io/v1\n kind: VirtualMachine\n <...>\n spec:\n dataVolumeTemplates:\n # \u6dfb\u52a0\u4e00\u5757\u6570\u636e\u76d8\n - metadata:\n name: win10-disk\n namespace: default\n spec:\n pvc:\n accessModes:\n - ReadWriteOnce\n resources:\n requests:\n storage: 16Gi\n storageClassName: hwameistor-storage-lvm-hdd\n source:\n blank: {}\n template:\n spec:\n domain:\n devices:\n disks:\n - bootOrder: 1\n disk:\n bus: virtio\n name: win10-system\n # \u6dfb\u52a0\u4e00\u5757\u6570\u636e\u76d8\n - bootOrder: 2\n disk:\n bus: virtio\n name: win10-disk\n <....>\n volumes:\n <....>\n # \u6dfb\u52a0\u4e00\u5757\u6570\u636e\u76d8\n - name: win10-disk\n persistentVolumeClaim:\n claimName: win10-disk\n
"},{"location":"admin/virtnest/best-practice/vm-windows.html#_4","title":"\u5feb\u7167\u3001\u514b\u9686\u3001\u5b9e\u65f6\u8fc1\u79fb","text":"\u8fd9\u4e9b\u80fd\u529b\u548c Linux \u4e91\u4e3b\u673a\u4e00\u81f4\uff0c\u53ef\u76f4\u63a5\u53c2\u8003\u914d\u7f6e Linux \u4e91\u4e3b\u673a\u7684\u65b9\u5f0f\u3002
"},{"location":"admin/virtnest/best-practice/vm-windows.html#windows_1","title":"\u8bbf\u95ee Windows \u4e91\u4e3b\u673a","text":"\u521b\u5efa\u6210\u529f\u540e\uff0c\u8fdb\u5165\u4e91\u4e3b\u673a\u5217\u8868\u9875\u9762\uff0c\u53d1\u73b0\u4e91\u4e3b\u673a\u6b63\u5e38\u8fd0\u884c\u3002
\u70b9\u51fb\u63a7\u5236\u53f0\u8bbf\u95ee\uff08VNC\uff09\uff0c\u53ef\u4ee5\u6b63\u5e38\u8bbf\u95ee\u3002
\u672c\u6587\u5c06\u4ecb\u7ecd\u5982\u4f55\u5728\u521b\u5efa\u4e91\u4e3b\u673a\u65f6\uff0c\u914d\u7f6e GPU \u7684\u524d\u63d0\u6761\u4ef6\u3002
\u914d\u7f6e\u4e91\u4e3b\u673a\u7684 GPU \u7684\u91cd\u70b9\u662f\u5bf9 GPU Operator \u8fdb\u884c\u914d\u7f6e\uff0c\u4ee5\u4fbf\u5728\u5de5\u4f5c\u8282\u70b9\u4e0a\u90e8\u7f72\u4e0d\u540c\u7684\u8f6f\u4ef6\u7ec4\u4ef6\uff0c \u5177\u4f53\u53d6\u51b3\u4e8e\u8fd9\u4e9b\u8282\u70b9\u4e0a\u914d\u7f6e\u8fd0\u884c\u7684 GPU \u5de5\u4f5c\u8d1f\u8f7d\u3002\u4ee5\u4e0b\u4e09\u4e2a\u8282\u70b9\u4e3a\u4f8b\uff1a
\u5de5\u4f5c\u8282\u70b9\u53ef\u4ee5\u8fd0\u884c GPU \u52a0\u901f\u5bb9\u5668\uff0c\u4e5f\u53ef\u4ee5\u8fd0\u884c\u5177\u6709 GPU \u76f4\u901a\u7684 GPU \u52a0\u901f VM\uff0c\u6216\u8005\u5177\u6709 vGPU \u7684 GPU \u52a0\u901f VM\uff0c\u4f46\u4e0d\u80fd\u8fd0\u884c\u5176\u4e2d\u4efb\u4f55\u4e00\u4e2a\u7684\u7ec4\u5408\u3002
\u4e3a\u4e86\u542f\u7528GPU\u76f4\u901a\u529f\u80fd\uff0c\u96c6\u7fa4\u8282\u70b9\u9700\u8981\u5f00\u542fIOMMU\u3002\u8bf7\u53c2\u8003\u5982\u4f55\u5f00\u542f IOMMU\u3002 \u5982\u679c\u60a8\u7684\u96c6\u7fa4\u662f\u5728\u4e91\u4e3b\u673a\u4e0a\u8fd0\u884c\uff0c\u8bf7\u54a8\u8be2\u60a8\u7684\u4e91\u4e3b\u673a\u5e73\u53f0\u63d0\u4f9b\u5546\u3002
"},{"location":"admin/virtnest/gpu/vm-gpu.html#_2","title":"\u6807\u8bb0\u96c6\u7fa4\u8282\u70b9","text":"\u8fdb\u5165 \u5bb9\u5668\u7ba1\u7406 \uff0c\u9009\u53d6\u60a8\u7684\u5de5\u4f5c\u96c6\u7fa4\uff0c\u70b9\u51fb \u8282\u70b9\u7ba1\u7406 \u7684\u64cd\u4f5c\u680f \u4fee\u6539\u6807\u7b7e \uff0c\u4e3a\u8282\u70b9\u6dfb\u52a0\u6807\u7b7e\uff0c\u6bcf\u4e2a\u8282\u70b9\u53ea\u80fd\u6709\u4e00\u79cd\u6807\u7b7e\u3002
\u60a8\u53ef\u4ee5\u4e3a\u6807\u7b7e\u5206\u914d\u4ee5\u4e0b\u503c\uff1acontainer\u3001vm-passthrough \u548c vm-vgpu\u3002
"},{"location":"admin/virtnest/gpu/vm-gpu.html#nvidia-operator","title":"\u5b89\u88c5 Nvidia Operator","text":"\u8fdb\u5165 \u5bb9\u5668\u7ba1\u7406 \uff0c\u9009\u53d6\u60a8\u7684\u5de5\u4f5c\u96c6\u7fa4\uff0c\u70b9\u51fb Helm \u5e94\u7528 -> Helm \u6a21\u677f \uff0c\u9009\u62e9\u5e76\u5b89\u88c5 gpu-operator\u3002 \u9700\u8981\u4fee\u6539\u4e00\u4e9b yaml \u4e2d\u7684\u76f8\u5173\u5b57\u6bb5\u3002
gpu-operator.sandboxWorkloads.enabled=true\ngpu-operator.vfioManager.enabled=true\ngpu-operator.sandboxDevicePlugin.enabled=true\ngpu-operator.sandboxDevicePlugin.version=v1.2.4 # (1)!\ngpu-operator.toolkit.version=v1.14.3-ubuntu20.04\n
\u7b49\u5f85\u5b89\u88c5\u6210\u529f\uff0c\u5982\u4e0b\u56fe\u6240\u793a\uff1a
\u5b89\u88c5 virtnest-agent\uff0c\u53c2\u8003\u5b89\u88c5 virtnest-agent\u3002
\u5c06 vGPU \u548c GPU \u76f4\u901a\u52a0\u5165 Virtnest Kubevirt CR\uff0c\u4ee5\u4e0b\u793a\u4f8b\u662f\u6dfb\u52a0 vGPU \u548c GPU \u76f4\u901a\u540e\u7684 \u90e8\u5206\u5173\u952e yaml\uff1a
spec:\n configuration:\n developerConfiguration:\n featureGates:\n - GPU\n - DisableMDEVConfiguration\n permittedHostDevices: # (1)!\n mediatedDevices: # (2)!\n - mdevNameSelector: GRID P4-1Q\n resourceName: nvidia.com /GRID_P4-1Q\n pciHostDevices: # (3)!\n - externalResourceProvider: true\n pciVendorSelector: 10DE:1BB3\n resourceName: nvidia.com /GP104GL_TESLA_P4\n
\u5728 kubevirt CR yaml \u4e2d\uff0cpermittedHostDevices
\u7528\u4e8e\u5bfc\u5165 VM \u8bbe\u5907\uff0cvGPU \u9700\u5728\u5176\u4e2d\u6dfb\u52a0 mediatedDevices\uff0c\u5177\u4f53\u7ed3\u6784\u5982\u4e0b\uff1a
mediatedDevices: \n- mdevNameSelector: GRID P4-1Q # (1)!\n resourceName: nvidia.com/GRID_P4-1Q # (2)!\n
GPU \u76f4\u901a\u9700\u8981\u5728 permittedHostDevices
\u4e0b\u6dfb\u52a0 pciHostDevices\uff0c\u5177\u4f53\u7ed3\u6784\u5982\u4e0b\uff1a
pciHostDevices: \n- externalResourceProvider: true # (1)!\n pciVendorSelector: 10DE:1BB3 # (2)!\n resourceName: nvidia.com/GP104GL_TESLA_P4 # (3)!\n
\u83b7\u53d6 vGPU \u4fe1\u606f\u793a\u4f8b\uff08\u4ec5\u9002\u7528\u4e8e vGPU\uff09\uff1a\u5728\u6807\u8bb0\u4e3a nvidia.com/gpu.workload.config=vm-gpu
\u7684\u8282\u70b9\uff08\u4f8b\u5982 work-node-2
\uff09\u4e0a\u67e5\u770b\u8282\u70b9\u4fe1\u606f\uff0c Capacity \u4e2d\u7684 nvidia.com/GRID_P4-1Q: 8
\u8868\u793a\u53ef\u7528 vGPU\uff1a
kubectl describe node work-node-2\n
Capacity:\n cpu: 64\n devices.kubevirt.io/kvm: 1k\n devices.kubevirt.io/tun: 1k\n devices.kubevirt.io/vhost-net: 1k\n ephemeral-storage: 102626232Ki\n hugepages-1Gi: 0\n hugepages-2Mi: 0\n memory: 264010840Ki\n nvidia.com/GRID_P4-1Q : 8\n pods: 110\nAllocatable:\n cpu: 64\n devices.kubevirt.io/kvm: 1k\n devices.kubevirt.io/tun: 1k\n devices.kubevirt.io/vhost-net: 1k\n ephemeral-storage: 94580335255\n hugepages-1Gi: 0\n hugepages-2Mi: 0\n memory: 263908440Ki\n nvidia.com/GRID_P4-1Q: 8\n pods: 110\n
\u90a3\u4e48 mdevNameSelector \u5e94\u8be5\u662f \u201cGRID P4-1Q\u201d\uff0cresourceName \u5e94\u8be5\u662f \u201cGRID_P4-1Q\u201d
\u83b7\u53d6 GPU \u76f4\u901a\u4fe1\u606f\uff1a\u5728\u6807\u8bb0 nvidia.com/gpu.workload.config=vm-passthrough
\u7684 node \u4e0a\uff08\u672c\u6587\u6863\u793a\u4f8b node \u4e3a work-node-1\uff09\uff0c \u67e5\u770b node \u4fe1\u606f\uff0cCapacity \u4e2d nvidia.com/GP104GL_TESLA_P4: 2
\u5c31\u662f\u53ef\u7528 vGPU\uff1a
kubectl describe node work-node-1\n
Capacity:\n cpu: 64\n devices.kubevirt.io/kvm: 1k\n devices.kubevirt.io/tun: 1k\n devices.kubevirt.io/vhost-net: 1k\n ephemeral-storage: 102626232Ki\n hugepages-1Gi: 0\n hugepages-2Mi: 0\n memory: 264010840Ki\n nvidia.com/GP104GL_TESLA_P4: 2\n pods: 110\nAllocatable:\n cpu: 64\n devices.kubevirt.io/kvm: 1k\n devices.kubevirt.io/tun: 1k\n devices.kubevirt.io/vhost-net: 1k\n ephemeral-storage: 94580335255\n hugepages-1Gi: 0\n hugepages-2Mi: 0\n memory: 263908440Ki\n nvidia.com/GP104GL_TESLA_P4: 2\n pods: 110\n
\u90a3\u4e48 resourceName \u5e94\u8be5\u662f \u201cGRID_P4-1Q\u201d, \u5982\u4f55\u83b7\u53d6 pciVendorSelector \u5462\uff1f\u901a\u8fc7 ssh \u767b\u5f55\u5230 work-node-1 \u76ee\u6807\u8282\u70b9\uff0c \u901a\u8fc7 lspci -nnk -d 10de:
\u547d\u4ee4\u83b7\u53d6 Nvidia GPU PCI \u4fe1\u606f\uff0c\u5982\u4e0b\u6240\u793a\uff1a\u7ea2\u6846\u6240\u793a\u5373\u662f pciVendorSelector \u4fe1\u606f\u3002
\u7f16\u8f91 kubevirt CR \u63d0\u793a\uff1a\u5982\u679c\u540c\u4e00\u578b\u53f7 GPU \u6709\u591a\u4e2a\uff0c\u53ea\u9700\u5728 CR \u4e2d\u5199\u5165\u4e00\u4e2a\u5373\u53ef\uff0c\u65e0\u9700\u5217\u51fa\u6bcf\u4e2a GPU\u3002
kubectl -n virtnest-system edit kubevirt kubevirt\n
spec:\n configuration:\n developerConfiguration:\n featureGates:\n - GPU\n - DisableMDEVConfiguration\n permittedHostDevices: # (1)!\n mediatedDevices: # (2)!\n - mdevNameSelector: GRID P4-1Q\n resourceName: nvidia.com/GRID_P4-1Q\n pciHostDevices: # (3)!\n - externalResourceProvider: true\n pciVendorSelector: 10DE:1BB3\n resourceName: nvidia.com/GP104GL_TESLA_P4 \n
\u4e0e\u666e\u901a\u4e91\u4e3b\u673a\u552f\u4e00\u7684\u533a\u522b\u662f\u5728 devices \u4e2d\u6dfb\u52a0 GPU \u76f8\u5173\u4fe1\u606f\u3002
\u70b9\u51fb\u67e5\u770b\u5b8c\u6574 YAMLapiVersion: kubevirt.io/v1\nkind: VirtualMachine\nmetadata:\n name: testvm-gpu1\n namespace: default\nspec:\n dataVolumeTemplates:\n - metadata:\n creationTimestamp: null\n name: systemdisk-testvm-gpu1\n namespace: default\n spec:\n pvc:\n accessModes:\n - ReadWriteOnce\n resources:\n requests:\n storage: 10Gi\n storageClassName: www\n source:\n registry:\n url: docker://release-ci.daocloud.io/virtnest/system-images/debian-12-x86_64:v1\nrunStrategy: Manual\ntemplate:\n metadata:\n creationTimestamp: null\n spec:\n domain:\n cpu:\n cores: 1\n sockets: 1\n threads: 1\n devices:\n disks:\n - bootOrder: 1\n disk:\n bus: virtio\n name: systemdisk-testvm-gpu1\n - disk:\n bus: virtio\n name: cloudinitdisk\n gpus:\n - deviceName: nvidia.com/GP104GL_TESLA_P4\n name: gpu-0-0\n - deviceName: nvidia.com/GP104GL_TESLA_P4\n name: gpu-0-1\n interfaces:\n - masquerade: {}\n name: default\n machine:\n type: q35\n resources:\n requests:\n memory: 2Gi\n networks:\n - name: default\n pod: {}\n volumes:\n - dataVolume:\n name: systemdisk-testvm-gpu1\n name: systemdisk-testvm-gpu1\n - cloudInitNoCloud:\n userDataBase64: I2Nsb3VkLWNvbmZpZwpzc2hfcHdhdXRoOiB0cnVlCmRpc2FibGVfcm9vdDogZmFsc2UKY2hwYXNzd2Q6IHsibGlzdCI6ICJyb290OmRhbmdlcm91cyIsIGV4cGlyZTogRmFsc2V9CgoKcnVuY21kOgogIC0gc2VkIC1pICIvI1w/UGVybWl0Um9vdExvZ2luL3MvXi4qJC9QZXJtaXRSb290TG9naW4geWVzL2ciIC9ldGMvc3NoL3NzaGRfY29uZmlnCiAgLSBzeXN0ZW1jdGwgcmVzdGFydCBzc2guc2VydmljZQ==\n name: cloudinitdisk\n
"},{"location":"admin/virtnest/gpu/vm-vgpu.html","title":"\u4e91\u4e3b\u673a\u914d\u7f6e GPU\uff08vGPU\uff09","text":"\u672c\u6587\u5c06\u4ecb\u7ecd\u5982\u4f55\u5728\u521b\u5efa\u4e91\u4e3b\u673a\u65f6\uff0c\u914d\u7f6e GPU \u7684\u524d\u63d0\u6761\u4ef6\u3002
\u914d\u7f6e\u4e91\u4e3b\u673a\u7684 GPU \u7684\u91cd\u70b9\u662f\u5bf9 GPU Operator \u8fdb\u884c\u914d\u7f6e\uff0c\u4ee5\u4fbf\u5728\u5de5\u4f5c\u8282\u70b9\u4e0a\u90e8\u7f72\u4e0d\u540c\u7684\u8f6f\u4ef6\u7ec4\u4ef6\uff0c \u5177\u4f53\u53d6\u51b3\u4e8e\u8fd9\u4e9b\u8282\u70b9\u4e0a\u914d\u7f6e\u8fd0\u884c\u7684 GPU \u5de5\u4f5c\u8d1f\u8f7d\u3002\u4ee5\u4e0b\u4e09\u4e2a\u8282\u70b9\u4e3a\u4f8b\uff1a
\u5de5\u4f5c\u8282\u70b9\u53ef\u4ee5\u8fd0\u884c GPU \u52a0\u901f\u5bb9\u5668\uff0c\u4e5f\u53ef\u4ee5\u8fd0\u884c\u5177\u6709 GPU \u76f4\u901a\u7684 GPU \u52a0\u901f VM\uff0c\u6216\u8005\u5177\u6709 vGPU \u7684 GPU \u52a0\u901f VM\uff0c\u4f46\u4e0d\u80fd\u8fd0\u884c\u5176\u4e2d\u4efb\u4f55\u4e00\u4e2a\u7684\u7ec4\u5408\u3002
\u4e3a\u4e86\u542f\u7528GPU\u76f4\u901a\u529f\u80fd\uff0c\u96c6\u7fa4\u8282\u70b9\u9700\u8981\u5f00\u542fIOMMU\u3002\u8bf7\u53c2\u8003\u5982\u4f55\u5f00\u542fIOMMU\u3002 \u5982\u679c\u60a8\u7684\u96c6\u7fa4\u662f\u5728\u4e91\u4e3b\u673a\u4e0a\u8fd0\u884c\uff0c\u8bf7\u54a8\u8be2\u60a8\u7684\u4e91\u4e3b\u673a\u5e73\u53f0\u63d0\u4f9b\u5546\u3002
"},{"location":"admin/virtnest/gpu/vm-vgpu.html#vgpu-manager","title":"\u6784\u5efa vGPU Manager \u955c\u50cf","text":"\u6ce8\u610f\uff1a\u4ec5\u5f53\u4f7f\u7528 NVIDIA vGPU \u65f6\u624d\u9700\u8981\u6784\u5efa vGPU Manager \u955c\u50cf\u3002\u5982\u679c\u60a8\u8ba1\u5212\u4ec5\u4f7f\u7528 GPU \u76f4\u901a\uff0c\u8bf7\u8df3\u8fc7\u6b64\u90e8\u5206\u3002
\u4ee5\u4e0b\u662f\u6784\u5efa vGPU Manager \u955c\u50cf\u5e76\u5c06\u5176\u63a8\u9001\u5230\u955c\u50cf\u4ed3\u5e93\u4e2d\u7684\u6b65\u9aa4\uff1a
\u4ece NVIDIA Licensing Portal \u4e0b\u8f7d vGPU \u8f6f\u4ef6\u3002
NVIDIA-Linux-x86_64-<version>-vgpu-kvm.run
\uff09\u3002\u6253\u5f00\u7ec8\u7aef\u514b\u9686 container-images/driver \u4ed3\u5e93
git clone https://gitlab.com/nvidia/container-images/driver cd driver\n
\u5207\u6362\u5230\u60a8\u7684\u64cd\u4f5c\u7cfb\u7edf\u5bf9\u5e94 vgpu-manager \u76ee\u5f55
cd vgpu-manager/<your-os>\n
\u5c06\u6b65\u9aa4 1 \u4e2d\u63d0\u53d6\u7684 .run \u6587\u4ef6 copy \u5230\u5f53\u524d\u76ee\u5f55
cp <local-driver-download-directory>/*-vgpu-kvm.run ./\n
\u8bbe\u7f6e\u73af\u5883\u53d8\u91cf
export PRIVATE_REGISTRY=my/private/registry VERSION=510.73.06 OS_TAG=ubuntu22.04 CUDA_VERSION=12.2.0\n
\u6784\u5efa NVIDIA vGPU Manager Image
docker build \\\n --build-arg DRIVER_VERSION=${VERSION} \\\n --build-arg CUDA_VERSION=${CUDA_VERSION} \\\n -t ${PRIVATE_REGISTRY}/vgpu-manager:${VERSION}-${OS_TAG} .\n
\u5c06 NVIDIA vGPU Manager \u6620\u50cf\u63a8\u9001\u5230\u60a8\u7684\u955c\u50cf\u4ed3\u5e93
docker push ${PRIVATE_REGISTRY}/vgpu-manager:${VERSION}-${OS_TAG}\n
\u8fdb\u5165 \u5bb9\u5668\u7ba1\u7406 \uff0c\u9009\u53d6\u60a8\u7684\u5de5\u4f5c\u96c6\u7fa4\uff0c\u7136\u540e\u70b9\u51fb \u8282\u70b9\u7ba1\u7406 , \u8fdb\u5165\u5217\u8868\u9875\u9762\u3002\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507 \uff0c\u9009\u62e9 \u4fee\u6539\u6807\u7b7e \uff0c\u4e3a\u8282\u70b9\u6dfb\u52a0\u6807\u7b7e\uff0c\u6bcf\u4e2a\u8282\u70b9\u53ea\u80fd\u6709\u4e00\u79cd\u6807\u7b7e\u3002
\u60a8\u53ef\u4ee5\u4e3a\u6807\u7b7e\u5206\u914d\u4ee5\u4e0b\u503c\uff1acontainer\u3001vm-passthrough \u548c vm-vgpu\u3002
"},{"location":"admin/virtnest/gpu/vm-vgpu.html#nvidia-operator","title":"\u5b89\u88c5 Nvidia Operator","text":"\u8fdb\u5165 \u5bb9\u5668\u7ba1\u7406 \uff0c\u9009\u53d6\u60a8\u7684\u5de5\u4f5c\u96c6\u7fa4\uff0c\u70b9\u51fb Helm \u5e94\u7528 -> Helm \u6a21\u677f \uff0c\u9009\u62e9\u5e76\u5b89\u88c5 gpu-operator\u3002\u9700\u8981\u4fee\u6539\u4e00\u4e9b yaml \u4e2d\u7684\u76f8\u5173\u5b57\u6bb5\u3002
gpu-operator.sandboxWorkloads.enabled=true\ngpu-operator.vgpuManager.enabled=true\ngpu-operator.vgpuManager.repository=<your-register-url> # (1)!\ngpu-operator.vgpuManager.image=vgpu-manager\ngpu-operator.vgpuManager.version=<your-vgpu-manager-version> # (2)!\ngpu-operator.vgpuDeviceManager.enabled=true\n
\u7b49\u5f85\u5b89\u88c5\u6210\u529f\uff0c\u5982\u4e0b\u56fe\u6240\u793a\uff1a
\u5b89\u88c5 virtnest-agent\uff0c\u53c2\u8003\u5b89\u88c5 virtnest-agent\u3002
\u5c06 vGPU \u548c GPU \u76f4\u901a\u52a0\u5165 Virtnest Kubevirt CR\uff0c\u4ee5\u4e0b\u793a\u4f8b\u662f\u6dfb\u52a0 vGPU \u548c GPU \u76f4\u901a\u540e\u7684 \u90e8\u5206\u5173\u952e yaml\uff1a
spec:\n configuration:\n developerConfiguration:\n featureGates:\n - GPU\n - DisableMDEVConfiguration\n permittedHostDevices: # (1)!\n mediatedDevices: # (2)!\n - mdevNameSelector: GRID P4-1Q\n resourceName: nvidia.com /GRID_P4-1Q\n pciHostDevices: # (3)!\n - externalResourceProvider: true\n pciVendorSelector: 10DE:1BB3\n resourceName: nvidia.com /GP104GL_TESLA_P4\n
\u5728 kubevirt CR yaml \u4e2d\uff0cpermittedHostDevices
\u7528\u4e8e\u5bfc\u5165 VM \u8bbe\u5907\uff0cvGPU \u9700\u5728\u5176\u4e2d\u6dfb\u52a0 mediatedDevices\uff0c\u5177\u4f53\u7ed3\u6784\u5982\u4e0b\uff1a
mediatedDevices: \n- mdevNameSelector: GRID P4-1Q # (1)!\n resourceName: nvidia.com/GRID_P4-1Q # (2)!\n
GPU \u76f4\u901a\u9700\u8981\u5728 permittedHostDevices
\u4e0b\u6dfb\u52a0 pciHostDevices\uff0c\u5177\u4f53\u7ed3\u6784\u5982\u4e0b\uff1a
pciHostDevices: \n- externalResourceProvider: true # (1)!\n pciVendorSelector: 10DE:1BB3 # (2)!\n resourceName: nvidia.com/GP104GL_TESLA_P4 # (3)!\n
\u83b7\u53d6 vGPU \u4fe1\u606f\u793a\u4f8b\uff08\u4ec5\u9002\u7528\u4e8e vGPU\uff09\uff1a\u5728\u6807\u8bb0\u4e3a nvidia.com/gpu.workload.config=vm-gpu
\u7684\u8282\u70b9\uff08\u4f8b\u5982 work-node-2\uff09\u4e0a\u67e5\u770b\u8282\u70b9\u4fe1\u606f\uff0c Capacity \u4e2d\u7684 nvidia.com/GRID_P4-1Q: 8
\u8868\u793a\u53ef\u7528 vGPU\uff1a
kubectl describe node work-node-2\n
Capacity:\n cpu: 64\n devices.kubevirt.io/kvm: 1k\n devices.kubevirt.io/tun: 1k\n devices.kubevirt.io/vhost-net: 1k\n ephemeral-storage: 102626232Ki\n hugepages-1Gi: 0\n hugepages-2Mi: 0\n memory: 264010840Ki\n nvidia.com/GRID_P4-1Q : 8\n pods: 110\nAllocatable:\n cpu: 64\n devices.kubevirt.io/kvm: 1k\n devices.kubevirt.io/tun: 1k\n devices.kubevirt.io/vhost-net: 1k\n ephemeral-storage: 94580335255\n hugepages-1Gi: 0\n hugepages-2Mi: 0\n memory: 263908440Ki\n nvidia.com/GRID_P4-1Q: 8\n pods: 110\n
\u90a3\u4e48 mdevNameSelector \u5e94\u8be5\u662f \u201cGRID P4-1Q\u201d\uff0cresourceName \u5e94\u8be5\u662f \u201cGRID_P4-1Q\u201d
\u83b7\u53d6 GPU \u76f4\u901a\u4fe1\u606f\uff1a\u5728\u6807\u8bb0 nvidia.com/gpu.workload.config=vm-passthrough
\u7684 node \u4e0a\uff08\u672c\u6587\u6863\u793a\u4f8b node \u4e3a work-node-1\uff09\uff0c \u67e5\u770b node \u4fe1\u606f\uff0cCapacity \u4e2d nvidia.com/GP104GL_TESLA_P4: 2
\u5c31\u662f\u53ef\u7528 vGPU\uff1a
kubectl describe node work-node-1\n
Capacity:\n cpu: 64\n devices.kubevirt.io/kvm: 1k\n devices.kubevirt.io/tun: 1k\n devices.kubevirt.io/vhost-net: 1k\n ephemeral-storage: 102626232Ki\n hugepages-1Gi: 0\n hugepages-2Mi: 0\n memory: 264010840Ki\n nvidia.com/GP104GL_TESLA_P4: 2\n pods: 110\nAllocatable:\n cpu: 64\n devices.kubevirt.io/kvm: 1k\n devices.kubevirt.io/tun: 1k\n devices.kubevirt.io/vhost-net: 1k\n ephemeral-storage: 94580335255\n hugepages-1Gi: 0\n hugepages-2Mi: 0\n memory: 263908440Ki\n nvidia.com/GP104GL_TESLA_P4: 2\n pods: 110\n
\u90a3\u4e48 resourceName \u5e94\u8be5\u662f \u201cGRID_P4-1Q\u201d, \u5982\u4f55\u83b7\u53d6 pciVendorSelector \u5462\uff1f\u901a\u8fc7 ssh \u767b\u5f55\u5230 work-node-1 \u76ee\u6807\u8282\u70b9\uff0c \u901a\u8fc7 lspci -nnk -d 10de:
\u547d\u4ee4\u83b7\u53d6 Nvidia GPU PCI \u4fe1\u606f\uff0c\u5982\u4e0b\u6240\u793a\uff1a\u7ea2\u6846\u6240\u793a\u5373\u662f pciVendorSelector \u4fe1\u606f\u3002
\u7f16\u8f91 kubevirt CR \u63d0\u793a\uff1a\u5982\u679c\u540c\u4e00\u578b\u53f7 GPU \u6709\u591a\u4e2a\uff0c\u53ea\u9700\u5728 CR \u4e2d\u5199\u5165\u4e00\u4e2a\u5373\u53ef\uff0c\u65e0\u9700\u5217\u51fa\u6bcf\u4e2a GPU\u3002
kubectl -n virtnest-system edit kubevirt kubevirt\n
spec:\n configuration:\n developerConfiguration:\n featureGates:\n - GPU\n - DisableMDEVConfiguration\n permittedHostDevices: # (1)!\n mediatedDevices: # (2)!\n - mdevNameSelector: GRID P4-1Q\n resourceName: nvidia.com/GRID_P4-1Q\n pciHostDevices: # (3)!\n - externalResourceProvider: true\n pciVendorSelector: 10DE:1BB3\n resourceName: nvidia.com/GP104GL_TESLA_P4 \n
\u4e0e\u666e\u901a\u4e91\u4e3b\u673a\u552f\u4e00\u7684\u533a\u522b\u662f\u5728 devices \u4e2d\u6dfb\u52a0 gpu \u76f8\u5173\u4fe1\u606f\u3002
\u70b9\u51fb\u67e5\u770b\u5b8c\u6574 YAMLapiVersion: kubevirt.io/v1\nkind: VirtualMachine\nmetadata:\n name: testvm-gpu1\n namespace: default\nspec:\n dataVolumeTemplates:\n - metadata:\n creationTimestamp: null\n name: systemdisk-testvm-gpu1\n namespace: default\n spec:\n pvc:\n accessModes:\n - ReadWriteOnce\n resources:\n requests:\n storage: 10Gi\n storageClassName: www\n source:\n registry:\n url: docker://release-ci.daocloud.io/virtnest/system-images/debian-12-x86_64:v1\nrunStrategy: Manual\ntemplate:\n metadata:\n creationTimestamp: null\n spec:\n domain:\n cpu:\n cores: 1\n sockets: 1\n threads: 1\n devices:\n disks:\n - bootOrder: 1\n disk:\n bus: virtio\n name: systemdisk-testvm-gpu1\n - disk:\n bus: virtio\n name: cloudinitdisk\n gpus:\n - deviceName: nvidia.com/GP104GL_TESLA_P4\n name: gpu-0-0\n - deviceName: nvidia.com/GP104GL_TESLA_P4\n name: gpu-0-1\n interfaces:\n - masquerade: {}\n name: default\n machine:\n type: q35\n resources:\n requests:\n memory: 2Gi\n networks:\n - name: default\n pod: {}\n volumes:\n - dataVolume:\n name: systemdisk-testvm-gpu1\n name: systemdisk-testvm-gpu1\n - cloudInitNoCloud:\n userDataBase64: I2Nsb3VkLWNvbmZpZwpzc2hfcHdhdXRoOiB0cnVlCmRpc2FibGVfcm9vdDogZmFsc2UKY2hwYXNzd2Q6IHsibGlzdCI6ICJyb290OmRhbmdlcm91cyIsIGV4cGlyZTogRmFsc2V9CgoKcnVuY21kOgogIC0gc2VkIC1pICIvI1w/UGVybWl0Um9vdExvZ2luL3MvXi4qJC9QZXJtaXRSb290TG9naW4geWVzL2ciIC9ldGMvc3NoL3NzaGRfY29uZmlnCiAgLSBzeXN0ZW1jdGwgcmVzdGFydCBzc2guc2VydmljZQ==\n name: cloudinitdisk\n
"},{"location":"admin/virtnest/install/index.html","title":"\u5b89\u88c5\u4e91\u4e3b\u673a\u6a21\u5757","text":"\u672c\u9875\u8bf4\u660e\u5982\u4f55\u5b89\u88c5\u4e91\u4e3b\u673a\u6a21\u5757\u3002
Info
\u4e0b\u8ff0\u547d\u4ee4\u6216\u811a\u672c\u5185\u51fa\u73b0\u7684 virtnest \u5b57\u6837\u662f\u4e91\u4e3b\u673a\u6a21\u5757\u7684\u5185\u90e8\u5f00\u53d1\u4ee3\u53f7\u3002
"},{"location":"admin/virtnest/install/index.html#virtnest-helm","title":"\u914d\u7f6e virtnest helm \u4ed3\u5e93","text":"helm-charts \u4ed3\u5e93\u5730\u5740\uff1ahttps://release.daocloud.io/harbor/projects/10/helm-charts/virtnest/versions
helm repo add virtnest-release https://release.daocloud.io/chartrepo/virtnest\nhelm repo update virtnest-release\n
\u5982\u679c\u60a8\u60f3\u4f53\u9a8c\u6700\u65b0\u5f00\u53d1\u7248\u7684 virtnest\uff0c\u90a3\u4e48\u8bf7\u6dfb\u52a0\u5982\u4e0b\u4ed3\u5e93\u5730\u5740\uff08\u5f00\u53d1\u7248\u672c\u7684 virtnest \u6781\u5176\u4e0d\u7a33\u5b9a\uff09
helm repo add virtnest-release-ci https://release-ci.daocloud.io/chartrepo/virtnest\nhelm repo update virtnest-release-ci\n
"},{"location":"admin/virtnest/install/index.html#virtnest","title":"\u9009\u62e9\u60a8\u60f3\u5b89\u88c5\u7684 virtnest \u7248\u672c","text":"\u5efa\u8bae\u5b89\u88c5\u6700\u65b0\u7248\u672c\u3002
[root@master ~]# helm search repo virtnest-release/virtnest --versions\nNAME CHART VERSION APP VERSION DESCRIPTION\nvirtnest-release/virtnest 0.6.0 v0.6.0 A Helm chart for virtnest\n
"},{"location":"admin/virtnest/install/index.html#namespace","title":"\u521b\u5efa namespace","text":"kubectl create namespace virtnest-system\n
"},{"location":"admin/virtnest/install/index.html#_2","title":"\u6267\u884c\u5b89\u88c5\u6b65\u9aa4","text":"helm install virtnest virtnest-release/virtnest -n virtnest-system --version 0.6.0\n
"},{"location":"admin/virtnest/install/index.html#_3","title":"\u5347\u7ea7","text":""},{"location":"admin/virtnest/install/index.html#virtnest-helm_1","title":"\u66f4\u65b0 virtnest helm \u4ed3\u5e93","text":"helm repo update virtnest-release\n
"},{"location":"admin/virtnest/install/index.html#-set","title":"\u5907\u4efd --set \u53c2\u6570","text":"\u5728\u5347\u7ea7 virtnest \u7248\u672c\u4e4b\u524d\uff0c\u6211\u4eec\u5efa\u8bae\u60a8\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5907\u4efd\u4e0a\u4e00\u4e2a\u7248\u672c\u7684 --set \u53c2\u6570
helm get values virtnest -n virtnest-system -o yaml > bak.yaml\n
"},{"location":"admin/virtnest/install/index.html#helm-upgrade","title":"\u6267\u884c helm upgrade","text":"helm upgrade virtnest virtnest-release/virtnest \\\n -n virtnest-system \\\n -f ./bak.yaml \\\n --version 0.6.0\n
"},{"location":"admin/virtnest/install/index.html#_4","title":"\u5378\u8f7d","text":"helm delete virtnest -n virtnest-system\n
"},{"location":"admin/virtnest/install/install-dependency.html","title":"\u5b89\u88c5\u4f9d\u8d56\u548c\u524d\u63d0\u6761\u4ef6","text":"\u672c\u9875\u8bf4\u660e\u5b89\u88c5\u4e91\u4e3b\u673a\u6a21\u5757\u7684\u4f9d\u8d56\u548c\u524d\u63d0\u6761\u4ef6\u3002
Info
\u4e0b\u8ff0\u547d\u4ee4\u6216\u811a\u672c\u5185\u51fa\u73b0\u7684 virtnest \u5b57\u6837\u662f\u5168\u5c40\u7ba1\u7406\u6a21\u5757\u7684\u5185\u90e8\u5f00\u53d1\u4ee3\u53f7\u3002
"},{"location":"admin/virtnest/install/install-dependency.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":""},{"location":"admin/virtnest/install/install-dependency.html#411","title":"\u64cd\u4f5c\u7cfb\u7edf\u5185\u6838\u7248\u672c\u9700\u8981\u5728 4.11 \u4ee5\u4e0a","text":"\u76ee\u6807\u96c6\u7fa4\u6240\u6709\u8282\u70b9\u7684\u64cd\u4f5c\u7cfb\u7edf\u5185\u6838\u7248\u672c\u9700\u8981\u5927\u4e8e 4.11\uff08\u8be6\u89c1 kubevirt issue\uff09\u3002 \u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\u67e5\u770b\u5185\u6838\u7248\u672c\uff1a
uname -a\n
\u793a\u4f8b\u8f93\u51fa\uff1a
Linux master 6.5.3-1.el7.elrepo.x86_64 #1 SMP PREEMPT_DYNAMIC Wed Sep 13 11:46:28 EDT 2023 x86_64 x86_64 x86_64 GNU/Linux\n
"},{"location":"admin/virtnest/install/install-dependency.html#cpu-x86-64-v2","title":"CPU \u9700\u652f\u6301 x86-64-v2 \u53ca\u4ee5\u4e0a\u7684\u6307\u4ee4\u96c6","text":"\u4f7f\u7528\u4ee5\u4e0b\u811a\u672c\u68c0\u67e5\u5f53\u524d\u8282\u70b9\u7684 CPU \u662f\u5426\u652f\u6301\uff1a
Note
\u82e5\u51fa\u73b0\u4e0e\u8f93\u51fa\u4fe1\u606f\u65e0\u5173\u7684\u62a5\u9519\uff08\u5982\u4e0b\u6240\u793a\uff09\uff0c\u53ef\u65e0\u9700\u5173\u6ce8\uff0c\u4e0d\u5f71\u54cd\u6700\u7ec8\u7ed3\u679c\u3002
\u793a\u4f8b$ sh detect-cpu.sh\ndetect-cpu.sh: line 3: fpu: command not found\n
cat <<EOF > detect-cpu.sh\n#!/bin/sh -eu\n\nflags=$(cat /proc/cpuinfo | grep flags | head -n 1 | cut -d: -f2)\n\nsupports_v2='awk \"/cx16/&&/lahf/&&/popcnt/&&/sse4_1/&&/sse4_2/&&/ssse3/ {found=1} END {exit !found}\"'\nsupports_v3='awk \"/avx/&&/avx2/&&/bmi1/&&/bmi2/&&/f16c/&&/fma/&&/abm/&&/movbe/&&/xsave/ {found=1} END {exit !found}\"'\nsupports_v4='awk \"/avx512f/&&/avx512bw/&&/avx512cd/&&/avx512dq/&&/avx512vl/ {found=1} END {exit !found}\"'\n\necho \"$flags\" | eval $supports_v2 || exit 2 && echo \"CPU supports x86-64-v2\"\necho \"$flags\" | eval $supports_v3 || exit 3 && echo \"CPU supports x86-64-v3\"\necho \"$flags\" | eval $supports_v4 || exit 4 && echo \"CPU supports x86-64-v4\"\nEOF\nchmod +x detect-cpu.sh\nsh detect-cpu.sh\n
"},{"location":"admin/virtnest/install/install-dependency.html#_3","title":"\u6240\u6709\u8282\u70b9\u5fc5\u987b\u542f\u7528\u786c\u4ef6\u865a\u62df\u5316\uff08\u5d4c\u5957\u865a\u62df\u5316\uff09","text":"\u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\u68c0\u67e5\uff1a
virt-host-validate qemu\n
# \u6210\u529f\u7684\u60c5\u51b5\nQEMU: Checking for hardware virtualization : PASS\nQEMU: Checking if device /dev/kvm exists : PASS\nQEMU: Checking if device /dev/kvm is accessible : PASS\nQEMU: Checking if device /dev/vhost-net exists : PASS\nQEMU: Checking if device /dev/net/tun exists : PASS\nQEMU: Checking for cgroup 'cpu' controller support : PASS\nQEMU: Checking for cgroup 'cpuacct' controller support : PASS\nQEMU: Checking for cgroup 'cpuset' controller support : PASS\nQEMU: Checking for cgroup 'memory' controller support : PASS\nQEMU: Checking for cgroup 'devices' controller support : PASS\nQEMU: Checking for cgroup 'blkio' controller support : PASS\nQEMU: Checking for device assignment IOMMU support : PASS\nQEMU: Checking if IOMMU is enabled by kernel : PASS\nQEMU: Checking for secure guest support : WARN (Unknown if this platform has Secure Guest support)\n\n# \u5931\u8d25\u7684\u60c5\u51b5\nQEMU: Checking for hardware virtualization : FAIL (Only emulated CPUs are available, performance will be significantly limited)\nQEMU: Checking if device /dev/vhost-net exists : PASS\nQEMU: Checking if device /dev/net/tun exists : PASS\nQEMU: Checking for cgroup 'memory' controller support : PASS\nQEMU: Checking for cgroup 'memory' controller mount-point : PASS\nQEMU: Checking for cgroup 'cpu' controller support : PASS\nQEMU: Checking for cgroup 'cpu' controller mount-point : PASS\nQEMU: Checking for cgroup 'cpuacct' controller support : PASS\nQEMU: Checking for cgroup 'cpuacct' controller mount-point : PASS\nQEMU: Checking for cgroup 'cpuset' controller support : PASS\nQEMU: Checking for cgroup 'cpuset' controller mount-point : PASS\nQEMU: Checking for cgroup 'devices' controller support : PASS\nQEMU: Checking for cgroup 'devices' controller mount-point : PASS\nQEMU: Checking for cgroup 'blkio' controller support : PASS\nQEMU: Checking for cgroup 'blkio' controller mount-point : PASS\nWARN (Unknown if this platform has IOMMU support)\n
\u5b89\u88c5 virt-host-validate\uff1a
\u5728 CentOS \u4e0a\u5b89\u88c5\u5728 Ubuntu \u4e0a\u5b89\u88c5yum install -y qemu-kvm libvirt virt-install bridge-utils\n
apt install qemu-kvm libvirt-daemon-system libvirt-clients bridge-utils\n
\u786c\u4ef6\u865a\u62df\u5316\u542f\u7528\u65b9\u6cd5\uff1a
\u4e0d\u540c\u5e73\u53f0\u542f\u7528\u786c\u4ef6\u865a\u62df\u5316\u7684\u65b9\u6cd5\u4e5f\u4e0d\u4e00\u6837\uff0c\u4ee5 vsphere \u4e3a\u4f8b\uff0c \u65b9\u6cd5\u8bf7\u53c2\u7167 vmware \u5b98\u7f51\u6587\u6863\u3002
\u5982\u679c\u96c6\u7fa4\u4f7f\u7528 Docker Engine \u4f5c\u4e3a\u5bb9\u5668\u8fd0\u884c\u65f6\uff0c\u5219 Docker Engine \u7248\u672c\u9700\u8981\u5927\u4e8e 20.10.10
"},{"location":"admin/virtnest/install/install-dependency.html#iommu","title":"\u5efa\u8bae\u5f00\u542f IOMMU","text":"\u4e3a\u4e86\u540e\u7eed\u529f\u80fd\u505a\u51c6\u5907\uff0c\u5efa\u8bae\u5f00\u542f IOMMU\u3002
"},{"location":"admin/virtnest/install/offline-install.html","title":"\u79bb\u7ebf\u5347\u7ea7","text":"\u672c\u9875\u8bf4\u660e\u60a8\u5728\u4e0b\u8f7d\u4e91\u4e3b\u673a\u6a21\u5757\u7684\u79bb\u7ebf\u5305\u540e\uff0c\u5e94\u8be5\u5982\u4f55\u5b89\u88c5\u6216\u5347\u7ea7\u3002
Info
\u4e0b\u8ff0\u547d\u4ee4\u6216\u811a\u672c\u5185\u51fa\u73b0\u7684 virtnest \u5b57\u6837\u662f\u4e91\u4e3b\u673a\u6a21\u5757\u7684\u5185\u90e8\u5f00\u53d1\u4ee3\u53f7\u3002
"},{"location":"admin/virtnest/install/offline-install.html#_2","title":"\u4ece\u5b89\u88c5\u5305\u4e2d\u52a0\u8f7d\u955c\u50cf","text":"\u60a8\u53ef\u4ee5\u6839\u636e\u4e0b\u9762\u4e24\u79cd\u65b9\u5f0f\u4e4b\u4e00\u52a0\u8f7d\u955c\u50cf\uff0c\u5f53\u73af\u5883\u4e2d\u5b58\u5728\u955c\u50cf\u4ed3\u5e93\u65f6\uff0c\u5efa\u8bae\u9009\u62e9chart-syncer\u540c\u6b65\u955c\u50cf\u5230\u955c\u50cf\u4ed3\u5e93\uff0c\u8be5\u65b9\u6cd5\u66f4\u52a0\u9ad8\u6548\u4fbf\u6377\u3002
"},{"location":"admin/virtnest/install/offline-install.html#chart-syncer","title":"chart-syncer \u540c\u6b65\u955c\u50cf\u5230\u955c\u50cf\u4ed3\u5e93","text":"\u521b\u5efa load-image.yaml
Note
\u8be5 YAML \u6587\u4ef6\u4e2d\u7684\u5404\u9879\u53c2\u6570\u5747\u4e3a\u5fc5\u586b\u9879\u3002\u60a8\u9700\u8981\u4e00\u4e2a\u79c1\u6709\u7684\u955c\u50cf\u4ed3\u5e93\uff0c\u5e76\u4fee\u6539\u76f8\u5173\u914d\u7f6e\u3002
\u5df2\u5b89\u88c5 chart repo\u672a\u5b89\u88c5 chart repo\u82e5\u5f53\u524d\u73af\u5883\u5df2\u5b89\u88c5 chart repo\uff0cchart-syncer \u4e5f\u652f\u6301\u5c06 chart \u5bfc\u51fa\u4e3a tgz \u6587\u4ef6\u3002
load-image.yamlsource:\n intermediateBundlesPath: virtnest-offline # \u5230\u6267\u884c charts-syncer \u547d\u4ee4\u7684\u76f8\u5bf9\u8def\u5f84\uff0c\u800c\u4e0d\u662f\u6b64 YAML \u6587\u4ef6\u548c\u79bb\u7ebf\u5305\u4e4b\u95f4\u7684\u76f8\u5bf9\u8def\u5f84\ntarget:\n containerRegistry: 10.16.10.111 # \u9700\u66f4\u6539\u4e3a\u4f60\u7684\u955c\u50cf\u4ed3\u5e93 url\n containerRepository: release.daocloud.io/virtnest # \u9700\u66f4\u6539\u4e3a\u4f60\u7684\u955c\u50cf\u4ed3\u5e93\n repo:\n kind: HARBOR # \u4e5f\u53ef\u4ee5\u662f\u4efb\u4f55\u5176\u4ed6\u652f\u6301\u7684 Helm Chart \u4ed3\u5e93\u7c7b\u522b\n url: http://10.16.10.111/chartrepo/release.daocloud.io # \u9700\u66f4\u6539\u4e3a chart repo url\n auth:\n username: \"admin\" # \u4f60\u7684\u955c\u50cf\u4ed3\u5e93\u7528\u6237\u540d\n password: \"Harbor12345\" # \u4f60\u7684\u955c\u50cf\u4ed3\u5e93\u5bc6\u7801\n containers:\n auth:\n username: \"admin\" # \u4f60\u7684\u955c\u50cf\u4ed3\u5e93\u7528\u6237\u540d\n password: \"Harbor12345\" # \u4f60\u7684\u955c\u50cf\u4ed3\u5e93\u5bc6\u7801\n
\u82e5\u5f53\u524d\u73af\u5883\u672a\u5b89\u88c5 chart repo\uff0cchart-syncer \u4e5f\u652f\u6301\u5c06 chart \u5bfc\u51fa\u4e3a tgz \u6587\u4ef6\uff0c\u5e76\u5b58\u653e\u5728\u6307\u5b9a\u8def\u5f84\u3002
load-image.yamlsource:\n intermediateBundlesPath: virtnest-offline # \u5230\u6267\u884c charts-syncer \u547d\u4ee4\u7684\u76f8\u5bf9\u8def\u5f84\uff0c\u800c\u4e0d\u662f\u6b64 YAML \u6587\u4ef6\u548c\u79bb\u7ebf\u5305\u4e4b\u95f4\u7684\u76f8\u5bf9\u8def\u5f84\ntarget:\n containerRegistry: 10.16.10.111 # \u9700\u66f4\u6539\u4e3a\u4f60\u7684\u955c\u50cf\u4ed3\u5e93 url\n containerRepository: release.daocloud.io/virtnest # \u9700\u66f4\u6539\u4e3a\u4f60\u7684\u955c\u50cf\u4ed3\u5e93\n repo:\n kind: LOCAL\n path: ./local-repo # chart \u672c\u5730\u8def\u5f84\n containers:\n auth:\n username: \"admin\" # \u4f60\u7684\u955c\u50cf\u4ed3\u5e93\u7528\u6237\u540d\n password: \"Harbor12345\" # \u4f60\u7684\u955c\u50cf\u4ed3\u5e93\u5bc6\u7801\n
\u6267\u884c\u540c\u6b65\u955c\u50cf\u547d\u4ee4\u3002
charts-syncer sync --config load-image.yaml\n
\u89e3\u538b\u5e76\u52a0\u8f7d\u955c\u50cf\u6587\u4ef6\u3002
\u89e3\u538b tar \u538b\u7f29\u5305\u3002
tar xvf virtnest.bundle.tar\n
\u89e3\u538b\u6210\u529f\u540e\u4f1a\u5f97\u5230 3 \u4e2a\u6587\u4ef6\uff1a
\u4ece\u672c\u5730\u52a0\u8f7d\u955c\u50cf\u5230 Docker \u6216 containerd\u3002
Dockercontainerddocker load -i images.tar\n
ctr -n k8s.io image import images.tar\n
Note
\u6bcf\u4e2a node \u90fd\u9700\u8981\u505a Docker \u6216 containerd \u52a0\u8f7d\u955c\u50cf\u64cd\u4f5c\uff0c \u52a0\u8f7d\u5b8c\u6210\u540e\u9700\u8981 tag \u955c\u50cf\uff0c\u4fdd\u6301 Registry\u3001Repository \u4e0e\u5b89\u88c5\u65f6\u4e00\u81f4\u3002
"},{"location":"admin/virtnest/install/offline-install.html#_3","title":"\u5347\u7ea7","text":"\u6709\u4e24\u79cd\u5347\u7ea7\u65b9\u5f0f\u3002\u60a8\u53ef\u4ee5\u6839\u636e\u524d\u7f6e\u64cd\u4f5c\uff0c\u9009\u62e9\u5bf9\u5e94\u7684\u5347\u7ea7\u65b9\u6848\uff1a
\u901a\u8fc7 helm repo \u5347\u7ea7\u901a\u8fc7 chart \u5305\u5347\u7ea7\u68c0\u67e5\u4e91\u4e3b\u673a helm \u4ed3\u5e93\u662f\u5426\u5b58\u5728\u3002
helm repo list | grep virtnest\n
\u82e5\u8fd4\u56de\u7ed3\u679c\u4e3a\u7a7a\u6216\u5982\u4e0b\u63d0\u793a\uff0c\u5219\u8fdb\u884c\u4e0b\u4e00\u6b65\uff1b\u53cd\u4e4b\u5219\u8df3\u8fc7\u4e0b\u4e00\u6b65\u3002
Error: no repositories to show\n
\u6dfb\u52a0\u4e91\u4e3b\u673a\u7684 helm \u4ed3\u5e93\u3002
helm repo add virtnest http://{harbor url}/chartrepo/{project}\n
\u66f4\u65b0\u4e91\u4e3b\u673a\u7684 helm \u4ed3\u5e93\u3002
helm repo update virtnest # (1)\n
\u9009\u62e9\u60a8\u60f3\u5b89\u88c5\u7684\u4e91\u4e3b\u673a\u7248\u672c\uff08\u5efa\u8bae\u5b89\u88c5\u6700\u65b0\u7248\u672c\uff09\u3002
helm search repo virtnest/virtnest --versions\n
[root@master ~]# helm search repo virtnest/virtnest --versions\nNAME CHART VERSION APP VERSION DESCRIPTION\nvirtnest/virtnest 0.2.0 v0.2.0 A Helm chart for virtnest\n...\n
\u5907\u4efd --set
\u53c2\u6570\u3002
\u5728\u5347\u7ea7\u4e91\u4e3b\u673a\u7248\u672c\u4e4b\u524d\uff0c\u5efa\u8bae\u60a8\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5907\u4efd\u8001\u7248\u672c\u7684 --set
\u53c2\u6570\u3002
helm get values virtnest -n virtnest-system -o yaml > bak.yaml\n
\u66f4\u65b0 virtnest crds
helm pull virtnest/virtnest --version 0.2.0 && tar -zxf virtnest-0.2.0.tgz\nkubectl apply -f virtnest/crds\n
\u6267\u884c helm upgrade
\u3002
\u5347\u7ea7\u524d\u5efa\u8bae\u60a8\u8986\u76d6 bak.yaml \u4e2d\u7684 global.imageRegistry
\u5b57\u6bb5\u4e3a\u5f53\u524d\u4f7f\u7528\u7684\u955c\u50cf\u4ed3\u5e93\u5730\u5740\u3002
export imageRegistry={\u4f60\u7684\u955c\u50cf\u4ed3\u5e93}\n
helm upgrade virtnest virtnest/virtnest \\\n -n virtnest-system \\\n -f ./bak.yaml \\\n --set global.imageRegistry=$imageRegistry \\\n --version 0.2.0\n
\u5907\u4efd --set
\u53c2\u6570\u3002
\u5728\u5347\u7ea7\u4e91\u4e3b\u673a\u7248\u672c\u4e4b\u524d\uff0c\u5efa\u8bae\u60a8\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5907\u4efd\u8001\u7248\u672c\u7684 --set
\u53c2\u6570\u3002
helm get values virtnest -n virtnest-system -o yaml > bak.yaml\n
\u66f4\u65b0 virtnest crds
kubectl apply -f ./crds\n
\u6267\u884c helm upgrade
\u3002
\u5347\u7ea7\u524d\u5efa\u8bae\u60a8\u8986\u76d6 bak.yaml \u4e2d\u7684 global.imageRegistry
\u4e3a\u5f53\u524d\u4f7f\u7528\u7684\u955c\u50cf\u4ed3\u5e93\u5730\u5740\u3002
export imageRegistry={\u4f60\u7684\u955c\u50cf\u4ed3\u5e93}\n
helm upgrade virtnest . \\\n -n virtnest-system \\\n -f ./bak.yaml \\\n --set global.imageRegistry=$imageRegistry\n
\u672c\u6587\u5c06\u4ecb\u7ecd\u5982\u4f55\u5728\u6307\u5b9a\u96c6\u7fa4\u5185\u5b89\u88c5 virtnest-agent\u3002
"},{"location":"admin/virtnest/install/virtnest-agent.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u5b89\u88c5 virtnest-agent \u4e4b\u524d\uff0c\u9700\u8981\u6ee1\u8db3\u4ee5\u4e0b\u524d\u63d0\u6761\u4ef6\uff1a
\u521d\u59cb\u96c6\u7fa4\u9700\u8981\u5728 Helm \u4e2d\u5b89\u88c5 virtnest-agent \u7ec4\u4ef6\u540e\u65b9\u53ef\u4f7f\u7528\u4e91\u4e3b\u673a\u7684\u76f8\u5173\u80fd\u529b\u3002
\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u4e0a\u7684 \u5bb9\u5668\u7ba1\u7406 \uff0c\u7136\u540e\u70b9\u51fb \u4e91\u4e3b\u673a \uff0c\u82e5\u672a\u5b89\u88c5 virtnest-agent \u7ec4\u4ef6\uff0c\u5219\u65e0\u6cd5\u6b63\u5e38\u4f7f\u7528\u4e91\u4e3b\u673a\u80fd\u529b\u3002\u5c06\u63d0\u9192\u7528\u6237\u5728\u6240\u9700\u96c6\u7fa4\u5185\u8fdb\u884c\u5b89\u88c5\u3002
\u9009\u62e9\u6240\u9700\u96c6\u7fa4\uff0c\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u7684 Helm \u5e94\u7528 \uff0c\u7136\u540e\u70b9\u51fb Helm \u6a21\u677f \uff0c\u67e5\u770b\u6a21\u677f\u5217\u8868\u3002
\u641c\u7d22 virtnest-agent \u7ec4\u4ef6\uff0c\u8fdb\u5165\u7ec4\u4ef6\u8be6\u60c5\uff0c\u9009\u62e9\u5408\u9002\u7248\u672c\uff0c\u70b9\u51fb \u5b89\u88c5 \u6309\u94ae\uff0c\u8fdb\u884c\u5b89\u88c5\u3002
\u8fdb\u5165\u5b89\u88c5\u8868\u5355\u9875\u9762\uff0c\u586b\u5199\u57fa\u672c\u4fe1\u606f\u540e\uff0c\u70b9\u51fb \u786e\u5b9a \uff0c\u5b89\u88c5\u5b8c\u6210\u3002
\u91cd\u65b0\u70b9\u51fb \u4e91\u4e3b\u673a \u5bfc\u822a\u680f\uff0c\u6210\u529f\u51fa\u73b0\u4e91\u4e3b\u673a\u5217\u8868\uff0c\u53ef\u4ee5\u6b63\u5e38\u4f7f\u7528\u4e91\u4e3b\u673a\u80fd\u529b\u3002
\u672c\u6587\u5c06\u4ecb\u7ecd\u5982\u4f55\u901a\u8fc7\u955c\u50cf\u548c YAML \u6587\u4ef6\u4e24\u79cd\u65b9\u5f0f\u521b\u5efa\u4e91\u4e3b\u673a\u3002
\u4e91\u4e3b\u673a\u57fa\u4e8e KubeVirt \u6280\u672f\u5c06\u4e91\u4e3b\u673a\u4f5c\u4e3a\u4e91\u539f\u751f\u5e94\u7528\u8fdb\u884c\u7ba1\u7406\uff0c\u4e0e\u5bb9\u5668\u65e0\u7f1d\u5730\u8854\u63a5\u5728\u4e00\u8d77\uff0c \u4f7f\u7528\u6237\u80fd\u591f\u8f7b\u677e\u5730\u90e8\u7f72\u4e91\u4e3b\u673a\u5e94\u7528\uff0c\u4eab\u53d7\u4e0e\u5bb9\u5668\u5e94\u7528\u4e00\u81f4\u7684\u4e1d\u6ed1\u4f53\u9a8c\u3002
"},{"location":"admin/virtnest/quickstart/index.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u521b\u5efa\u4e91\u4e3b\u673a\u4e4b\u524d\uff0c\u9700\u8981\u6ee1\u8db3\u4ee5\u4e0b\u524d\u63d0\u6761\u4ef6\uff1a
\u53c2\u8003\u4ee5\u4e0b\u6b65\u9aa4\uff0c\u4f7f\u7528\u955c\u50cf\u521b\u5efa\u4e00\u4e2a\u4e91\u4e3b\u673a\u3002
\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u4e0a\u7684 \u5bb9\u5668\u7ba1\u7406 \uff0c\u7136\u540e\u70b9\u51fb \u4e91\u4e3b\u673a \uff0c\u8fdb\u5165 \u4e91\u4e3b\u673a \u9875\u9762\u3002
\u5728\u4e91\u4e3b\u673a\u5217\u8868\u9875\u9762\uff0c\u70b9\u51fb \u521b\u5efa\u4e91\u4e3b\u673a -> \u9009\u62e9 \u901a\u8fc7\u955c\u50cf\u521b\u5efa \u3002
\u8fdb\u5165\u955c\u50cf\u521b\u5efa\u9875\u9762\uff0c\u4f9d\u6b21\u586b\u5199\u57fa\u672c\u4fe1\u606f\u3001\u955c\u50cf\u914d\u7f6e\u3001\u5b58\u50a8\u4e0e\u7f51\u7edc\u3001\u767b\u5f55\u8bbe\u7f6e\u540e\uff0c\u5728\u9875\u9762\u53f3\u4e0b\u89d2\u70b9\u51fb \u786e\u5b9a \u5b8c\u6210\u521b\u5efa\u3002
\u7cfb\u7edf\u5c06\u81ea\u52a8\u8fd4\u56de\u4e91\u4e3b\u673a\u5217\u8868\u3002\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507 \uff0c\u53ef\u4ee5\u5bf9\u4e91\u4e3b\u673a\u6267\u884c\u5173\u673a/\u5f00\u542f\u3001\u91cd\u542f\u3001\u514b\u9686\u3001\u66f4\u65b0\u3001\u521b\u5efa\u5feb\u7167\u3001\u63a7\u5236\u53f0\u8bbf\u95ee\uff08VNC\uff09\u3001\u5220\u9664\u7b49\u64cd\u4f5c\u3002 \u514b\u9686\u548c\u5feb\u7167\u80fd\u529b\u4f9d\u8d56\u4e8e\u5b58\u50a8\u6c60\u7684\u9009\u62e9\u3002
\u5728 \u521b\u5efa\u4e91\u4e3b\u673a \u9875\u9762\u4e2d\uff0c\u6839\u636e\u4e0b\u8868\u8f93\u5165\u4fe1\u606f\u540e\uff0c\u70b9\u51fb \u4e0b\u4e00\u6b65 \u3002
\u6839\u636e\u4e0b\u8868\u586b\u5199\u955c\u50cf\u76f8\u5173\u4fe1\u606f\u540e\uff0c\u70b9\u51fb \u4e0b\u4e00\u6b65
\u955c\u50cf\u6765\u6e90\uff1a\u652f\u6301\u4e09\u79cd\u7c7b\u578b\u7684\u6765\u6e90\u3002
\u4ee5\u4e0b\u662f\u5e73\u53f0\u5185\u7f6e\u7684\u955c\u50cf\u4fe1\u606f\uff0c\u5305\u62ec\u64cd\u4f5c\u7cfb\u7edf\u548c\u7248\u672c\u3001\u955c\u50cf\u5730\u5740\u3002\u540c\u65f6\u4e5f\u652f\u6301\u81ea\u5b9a\u4e49\u4e91\u4e3b\u673a\u955c\u50cf\u3002
\u64cd\u4f5c\u7cfb\u7edf \u5bf9\u5e94\u7248\u672c \u955c\u50cf\u5730\u5740 CentOS CentOS 7.9 release-ci.daocloud.io/virtnest/system-images/centos-7.9-x86_64:v1 Ubuntu Ubuntu 22.04 release-ci.daocloud.io/virtnest/system-images/ubuntu-22.04-x86_64:v1 Debian Debian 12 release-ci.daocloud.io/virtnest/system-images/debian-12-x86_64:v1\u955c\u50cf\u5bc6\u94a5\uff1a\u4ec5\u652f\u6301\u9ed8\u8ba4\uff08Opaque\uff09\u7c7b\u578b\u5bc6\u94a5\uff0c\u5177\u4f53\u683c\u5f0f\u8bf7\u53c2\u8003\u521b\u5efa\u5bc6\u94a5\u3002
\u5e73\u53f0\u5185\u7f6e\u955c\u50cf\u5b58\u50a8\u5728\u70b9\u706b\u96c6\u7fa4\u4e2d\uff0c\u800c\u70b9\u706b\u96c6\u7fa4\u7684\u955c\u50cf\u4ed3\u5e93\u672a\u52a0\u5bc6\uff0c\u56e0\u6b64\u5f53\u9009\u62e9\u5185\u7f6e\u955c\u50cf\u65f6\uff0c\u65e0\u9700\u9009\u62e9\u5bc6\u94a5\u3002
Note
CPU \u548c\u5185\u5b58\u7684\u70ed\u52a0\u8f7d\u914d\u7f6e\u8981\u6c42\uff1avirtnest \u7684\u7248\u672c\u4e0d\u4f4e\u4e8e v0.10.0\uff0c\u5e76\u4e14 virtnest-agent \u7248\u672c\u4e0d\u4f4e\u4e8e v0.7.0\uff1b\u652f\u6301\u5b9e\u65f6\u8fc1\u79fb\uff08\u786e\u4fdd PVC \u8bbf\u95ee\u6a21\u5f0f\u4e3a ReadWriteMany\uff09\u3002
\u8d44\u6e90\u914d\u7f6e\uff1aCPU \u5efa\u8bae\u4f7f\u7528\u6574\u6570\uff0c\u82e5\u586b\u5199\u5c0f\u6570\u5219\u4f1a\u5411\u4e0a\u53d6\u6574\u3002\u652f\u6301 CPU\u3001\u5185\u5b58\u7684\u70ed\u52a0\u8f7d\u3002
GPU \u914d\u7f6e\uff1a\u542f\u7528 GPU \u529f\u80fd\u9700\u8981\u9700\u8981\u6ee1\u8db3\u524d\u63d0\u6761\u4ef6\uff0c\u5177\u4f53\u53ef\u53c2\u8003 \u4e91\u4e3b\u673a\u914d\u7f6e GPU\uff08Nvidia)\u3002 \u4e91\u4e3b\u673a\u652f\u6301 Nvidia\u2014GPU \u548c Nvidia\u2014vGPU \u4e24\u79cd\u7c7b\u578b\uff0c\u9009\u62e9\u6240\u9700\u7c7b\u578b\u540e\uff0c\u9700\u8981\u9009\u62e9\u5bf9\u5e94\u7684 GPU \u578b\u53f7\u548c\u5361\u7684\u6570\u91cf\u3002
\u5b58\u50a8\uff1a
\u5b58\u50a8\u548c\u4e91\u4e3b\u673a\u7684\u529f\u80fd\u606f\u606f\u76f8\u5173\uff0c\u4e3b\u8981\u662f\u901a\u8fc7\u4f7f\u7528 Kubernetes \u7684\u6301\u4e45\u5377\u548c\u5b58\u50a8\u7c7b\uff0c\u63d0\u4f9b\u4e86\u7075\u6d3b\u4e14\u53ef\u6269\u5c55\u7684\u4e91\u4e3b\u673a\u5b58\u50a8\u80fd\u529b\u3002\u6bd4\u5982\u4e91\u4e3b\u673a\u955c\u50cf\u5b58\u50a8\u5728 pvc \u91cc\uff0c\u652f\u6301\u548c\u5176\u4ed6\u6570\u636e\u4e00\u8d77\u514b\u9686\u3001\u5feb\u7167\u7b49\u3002
\u7cfb\u7edf\u76d8\uff1a\u7cfb\u7edf\u9ed8\u8ba4\u521b\u5efa\u4e00\u4e2a VirtIO \u7c7b\u578b\u7684 rootfs \u7cfb\u7edf\u76d8\uff0c\u7528\u4e8e\u5b58\u653e\u64cd\u4f5c\u7cfb\u7edf\u548c\u6570\u636e\u3002
\u6570\u636e\u76d8\uff1a\u6570\u636e\u76d8\u662f\u4e91\u4e3b\u673a\u4e2d\u7528\u4e8e\u5b58\u50a8\u7528\u6237\u6570\u636e\u3001\u5e94\u7528\u7a0b\u5e8f\u6570\u636e\u6216\u5176\u4ed6\u975e\u64cd\u4f5c\u7cfb\u7edf\u76f8\u5173\u6587\u4ef6\u7684\u5b58\u50a8\u8bbe\u5907\u3002\u4e0e\u7cfb\u7edf\u76d8\u76f8\u6bd4\uff0c\u6570\u636e\u76d8\u662f\u975e\u5fc5\u9009\u7684\uff0c\u53ef\u4ee5\u6839\u636e\u9700\u8981\u52a8\u6001\u6dfb\u52a0\u6216\u79fb\u9664\u3002\u6570\u636e\u76d8\u7684\u5bb9\u91cf\u4e5f\u53ef\u4ee5\u6839\u636e\u9700\u6c42\u8fdb\u884c\u7075\u6d3b\u914d\u7f6e\u3002
\u9ed8\u8ba4\u4f7f\u7528\u5757\u5b58\u50a8\u3002\u5982\u679c\u9700\u8981\u4f7f\u7528\u514b\u9686\u548c\u5feb\u7167\u529f\u80fd\uff0c\u8bf7\u786e\u4fdd\u60a8\u7684\u5b58\u50a8\u6c60\u5df2\u7ecf\u521b\u5efa\u4e86\u5bf9\u5e94\u7684 VolumeSnapshotClass\uff0c \u53ef\u4ee5\u53c2\u8003\u4ee5\u4e0b\u793a\u4f8b\u3002\u5982\u679c\u9700\u8981\u4f7f\u7528\u5b9e\u65f6\u8fc1\u79fb\u529f\u80fd\uff0c\u8bf7\u786e\u4fdd\u60a8\u7684\u5b58\u50a8\u652f\u6301\u5e76\u9009\u62e9\u4e86 ReadWriteMany \u7684\u8bbf\u95ee\u6a21\u5f0f \u3002
\u5927\u591a\u6570\u60c5\u51b5\u4e0b\uff0c\u5b58\u50a8\u5728\u5b89\u88c5\u8fc7\u7a0b\u4e2d\u4e0d\u4f1a\u81ea\u52a8\u521b\u5efa\u8fd9\u6837\u7684 VolumeSnapshotClass\uff0c\u56e0\u6b64\u60a8\u9700\u8981\u624b\u52a8\u521b\u5efa VolumeSnapshotClass\u3002 \u4ee5\u4e0b\u662f\u4e00\u4e2a HwameiStor \u521b\u5efa VolumeSnapshotClass \u7684\u793a\u4f8b\uff1a
kind: VolumeSnapshotClass\napiVersion: snapshot.storage.k8s.io/v1\nmetadata:\n name: hwameistor-storage-lvm-snapshot\n annotations:\n snapshot.storage.kubernetes.io/is-default-class: \"true\"\nparameters:\n snapsize: \"1073741824\"\ndriver: lvm.hwameistor.io\ndeletionPolicy: Delete\n
\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u68c0\u67e5 VolumeSnapshotClass \u662f\u5426\u521b\u5efa\u6210\u529f\u3002
kubectl get VolumeSnapshotClass\n
\u67e5\u770b\u5df2\u521b\u5efa\u7684 Snapshotclass\uff0c\u5e76\u4e14\u786e\u8ba4 provisioner \u5c5e\u6027\u540c\u5b58\u50a8\u6c60\u4e2d\u7684 Driver \u5c5e\u6027\u4e00\u81f4\u3002
\u7f51\u7edc\uff1a
\u7f51\u7edc\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u8868\u683c\u4fe1\u606f\u6309\u9700\u7ec4\u5408\u3002
\u7f51\u7edc\u6a21\u5f0f CNI \u662f\u5426\u5b89\u88c5 Spiderpool \u7f51\u5361\u6a21\u5f0f \u56fa\u5b9a IP \u5b9e\u65f6\u8fc1\u79fb Masquerade\uff08NAT\uff09 Calico \u274c \u5355\u7f51\u5361 \u274c \u2705 Cilium \u274c \u5355\u7f51\u5361 \u274c \u2705 Flannel \u274c \u5355\u7f51\u5361 \u274c \u2705 Bridge\uff08\u6865\u63a5\uff09 OVS \u2705 \u591a\u7f51\u5361 \u2705 \u2705\u7f51\u7edc\u6a21\u5f0f\u5206\u4e3a Masquerade\uff08NAT\uff09\u548c Bridge\uff08\u6865\u63a5\uff09\uff0cBridge\uff08\u6865\u63a5\uff09\u6a21\u5f0f\u9700\u8981\u5b89\u88c5\u4e86 Spiderpool \u7ec4\u4ef6\u540e\u65b9\u53ef\u4f7f\u7528\u3002
\u6dfb\u52a0\u7f51\u5361
\u9664\u4e86\u901a\u8fc7\u955c\u50cf\u65b9\u5f0f\u5916\uff0c\u8fd8\u53ef\u4ee5\u901a\u8fc7 YAML \u6587\u4ef6\u66f4\u5feb\u901f\u5730\u521b\u5efa\u521b\u5efa\u4e91\u4e3b\u673a\u3002
\u8fdb\u5165\u4e91\u4e3b\u673a\u5217\u8868\u9875\uff0c\u70b9\u51fb \u901a\u8fc7 YAML \u521b\u5efa \u6309\u94ae\u3002
\u70b9\u51fb\u67e5\u770b\u521b\u5efa\u4e91\u4e3b\u673a\u7684 YAML \u793a\u4f8bapiVersion: kubevirt.io/v1\nkind: VirtualMachine\nmetadata:\n name: demo\n namespace: default\nspec:\n dataVolumeTemplates:\n - metadata:\n name: systemdisk-demo\n namespace: default\n spec:\n pvc:\n accessModes:\n - ReadWriteOnce\n resources:\n requests:\n storage: 10Gi\n storageClassName: hwameistor-storage-lvm-hdd\n source:\n registry:\n url: >-\n docker://release-ci.daocloud.io/virtnest/system-images/ubuntu-22.04-x86_64:v1\n runStrategy: Always\n template:\n spec:\n architecture: amd64\n domain:\n cpu:\n cores: 1\n sockets: 1\n threads: 1\n devices:\n disks:\n - bootOrder: 1\n disk:\n bus: virtio\n name: systemdisk-demo\n - disk:\n bus: virtio\n name: cloudinitdisk\n interfaces:\n - masquerade: {}\n name: default\n machine:\n type: q35\n resources:\n requests:\n memory: 2Gi\n networks:\n - name: default\n pod: {}\n volumes:\n - dataVolume:\n name: systemdisk-demo\n name: systemdisk-demo\n - cloudInitNoCloud:\n userDataBase64: >-\n I2Nsb3VkLWNvbmZpZwpzc2hfcHdhdXRoOiB0cnVlCmRpc2FibGVfcm9vdDogZmFsc2UKY2hwYXNzd2Q6IHsibGlzdCI6ICJyb290OjEyMzQ1NiIsIGV4cGlyZTogRmFsc2V9CgoKcnVuY21kOgogIC0gc2VkIC1pICIvI1w/UGVybWl0Um9vdExvZ2luL3MvXi4qJC9QZXJtaXRSb290TG9naW4geWVzL2ciIC9ldGMvc3NoL3NzaGRfY29uZmlnCiAgLSBzeXN0ZW1jdGwgcmVzdGFydCBzc2guc2VydmljZQ==\n name: cloudinitdisk\n
"},{"location":"admin/virtnest/quickstart/access.html","title":"\u8fde\u63a5\u4e91\u4e3b\u673a","text":"\u672c\u6587\u5c06\u4ecb\u7ecd\u4e24\u79cd\u8fde\u63a5\u4e91\u4e3b\u673a\u7684\u65b9\u5f0f\uff0c\u5206\u522b\u4e3a \u63a7\u5236\u53f0\u8bbf\u95ee\uff08VNC\uff09\u548c\u7ec8\u7aef\u65b9\u5f0f\u3002
"},{"location":"admin/virtnest/quickstart/access.html#_2","title":"\u7ec8\u7aef","text":"\u901a\u8fc7\u7ec8\u7aef\u8bbf\u95ee\u4e91\u4e3b\u673a\u7684\u65b9\u5f0f\u66f4\u52a0\u7075\u6d3b\u548c\u8f7b\u91cf\uff0c\u4f46\u662f\u65e0\u6cd5\u76f4\u63a5\u5c55\u793a\u56fe\u5f62\u754c\u9762\uff0c\u4ea4\u4e92\u6027\u8f83\u5dee\uff0c\u4e14\u65e0\u6cd5\u591a\u7ec8\u7aef\u540c\u65f6\u5728\u7ebf\u3002
\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u4e0a\u7684 \u5bb9\u5668\u7ba1\u7406 \uff0c\u7136\u540e\u70b9\u51fb \u4e91\u4e3b\u673a \uff0c\u8fdb\u5165\u5217\u8868\u9875\u9762\uff0c\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507 \uff0c\u652f\u6301\u901a\u8fc7\u7ec8\u7aef\u65b9\u5f0f\u8bbf\u95ee\u4e91\u4e3b\u673a\u3002
"},{"location":"admin/virtnest/quickstart/access.html#vnc","title":"\u63a7\u5236\u53f0\u8bbf\u95ee\uff08VNC\uff09","text":"\u901a\u8fc7 VNC \u8bbf\u95ee\u4e91\u4e3b\u673a\u7684\u65b9\u5f0f\u53ef\u4ee5\u5b9e\u73b0\u5bf9\u8fdc\u7a0b\u8ba1\u7b97\u673a\u7684\u5b8c\u6574\u56fe\u5f62\u754c\u9762\u7684\u8bbf\u95ee\u548c\u63a7\u5236\uff0c\u80fd\u591f\u76f4\u89c2\u5730\u64cd\u4f5c\u8fdc\u7a0b\u8bbe\u5907\uff0c\u4ea4\u4e92\u6027\u66f4\u52a0\u597d\uff0c\u4f46\u662f\u6027\u80fd\u4f1a\u53d7\u5230\u4e00\u5b9a\u5f71\u54cd\uff0c\u4e14\u65e0\u6cd5\u591a\u7ec8\u7aef\u540c\u65f6\u5728\u7ebf\u3002
Windows \u7cfb\u7edf\u9009\u62e9 VNC\u3002
\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u4e0a\u7684 \u5bb9\u5668\u7ba1\u7406 \uff0c\u7136\u540e\u70b9\u51fb \u4e91\u4e3b\u673a \uff0c\u8fdb\u5165\u5217\u8868\u9875\u9762\uff0c\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507 \uff0c\u652f\u6301\u901a\u8fc7\u63a7\u5236\u53f0\u8bbf\u95ee\uff08VNC\uff09\u7684\u65b9\u5f0f\u8bbf\u95ee\u4e91\u4e3b\u673a\u3002
"},{"location":"admin/virtnest/quickstart/detail.html","title":"\u4e91\u4e3b\u673a\u8be6\u60c5","text":"\u6210\u529f\u521b\u5efa\u4e91\u4e3b\u673a\u540e\uff0c\u53ef\u8fdb\u5165\u4e91\u4e3b\u673a\u8be6\u60c5\u9875\u9762\uff0c\u652f\u6301\u67e5\u770b\u57fa\u672c\u4fe1\u606f\u3001\u914d\u7f6e\u4fe1\u606f\u3001GPU \u4fe1\u606f\u3001\u6982\u89c8\u3001\u5b58\u50a8\u3001\u7f51\u7edc\u3001\u5feb\u7167\u3001\u4e8b\u4ef6\u7b49\u3002
\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u4e0a\u7684 \u5bb9\u5668\u7ba1\u7406 \uff0c\u7136\u540e\u70b9\u51fb \u96c6\u7fa4\u5217\u8868 \uff0c\u8fdb\u5165\u4e91\u4e3b\u673a\u6240\u5728\u96c6\u7fa4\u8be6\u60c5\uff0c\u70b9\u51fb\u4e91\u4e3b\u673a\u540d\u79f0\u67e5\u770b\u4e91\u4e3b\u673a\u8be6\u60c5\u3002
"},{"location":"admin/virtnest/quickstart/detail.html#_2","title":"\u57fa\u672c\u4fe1\u606f","text":"\u4e91\u4e3b\u673a\u57fa\u672c\u4fe1\u606f\u5305\u542b\u72b6\u6001\u3001\u522b\u540d\u3001\u96c6\u7fa4\u3001\u547d\u540d\u7a7a\u95f4\u3001IP\u3001\u6807\u7b7e\u3001\u8282\u70b9\u3001\u7528\u6237\u540d\u3001\u5bc6\u7801\u3001\u521b\u5efa\u65f6\u95f4\u7b49\u3002\u5176\u4e2d\uff0c
\u4e91\u4e3b\u673a\u914d\u7f6e\u4fe1\u606f\u5305\u62ec\uff1a
GPU \u914d\u7f6e\u4fe1\u606f\u5305\u542b GPU \u7c7b\u578b\u3001GPU \u578b\u53f7\u4ee5\u53ca\u5361\u6570\u91cf\u3002
"},{"location":"admin/virtnest/quickstart/detail.html#_3","title":"\u5176\u4ed6\u4fe1\u606f","text":"\u6982\u89c8\u50a8\u5b58\u7f51\u7edc\u5feb\u7167\u4e8b\u4ef6\u5217\u8868\u4e91\u4e3b\u673a\u6982\u89c8\u9875\u53ef\u67e5\u770b\u4e91\u4e3b\u673a\u7684\u76d1\u63a7\u5185\u5bb9\u3002\u8bf7\u6ce8\u610f\uff0c\u82e5\u672a\u5b89\u88c5 insight-agent \u7ec4\u4ef6\uff0c\u5219\u65e0\u6cd5\u83b7\u53d6\u76d1\u63a7\u4fe1\u606f\u3002
\u5c55\u793a\u4e91\u4e3b\u673a\u6240\u7528\u7684\u5b58\u50a8\uff0c\u5305\u62ec\u7cfb\u7edf\u76d8\u548c\u6570\u636e\u76d8\u7684\u4fe1\u606f\u3002
\u5c55\u793a\u4e91\u4e3b\u673a\u7684\u7f51\u7edc\u914d\u7f6e\uff0c\u5305\u62ec Multus CR\u3001\u7f51\u5361\u540d\u79f0\u3001IP \u5730\u5740\u7b49\u4fe1\u606f\u3002
\u82e5\u5df2\u7ecf\u521b\u5efa\u5feb\u7167\uff0c\u672c\u9875\u5c06\u5c55\u793a\u4e91\u4e3b\u673a\u7684\u5feb\u7167\u4fe1\u606f\uff0c\u652f\u6301\u901a\u8fc7\u5feb\u7167\u6062\u590d\u4e91\u4e3b\u673a\u3002
\u4e8b\u4ef6\u5217\u8868\u5305\u542b\u4e91\u4e3b\u673a\u7684\u751f\u547d\u5468\u671f\u4e2d\u53d1\u751f\u7684\u5404\u79cd\u72b6\u6001\u53d8\u5316\u3001\u64cd\u4f5c\u8bb0\u5f55\u548c\u7cfb\u7edf\u6d88\u606f\u7b49\u3002
"},{"location":"admin/virtnest/quickstart/nodeport.html","title":"\u901a\u8fc7 NodePort \u8bbf\u95ee\u4e91\u4e3b\u673a","text":"\u672c\u6587\u5c06\u4ecb\u7ecd\u5982\u4f55\u901a\u8fc7 NodePort \u8bbf\u95ee\u4e91\u4e3b\u673a\u3002
"},{"location":"admin/virtnest/quickstart/nodeport.html#_1","title":"\u73b0\u6709\u8bbf\u95ee\u65b9\u5f0f\u7684\u7f3a\u9677","text":"\u4e91\u4e3b\u673a\u652f\u6301\u901a\u8fc7 VNC \u6216\u8005 console \u8bbf\u95ee\uff0c\u4f46\u8fd9\u4e24\u79cd\u8bbf\u95ee\u65b9\u5f0f\u90fd\u6709\u4e00\u4e2a\u5f0a\u7aef\uff0c\u65e0\u6cd5\u591a\u7ec8\u7aef\u540c\u65f6\u5728\u7ebf\u3002
\u901a\u8fc7 NodePort \u5f62\u5f0f\u7684 Service\uff0c\u53ef\u4ee5\u5e2e\u52a9\u89e3\u51b3\u8fd9\u4e2a\u95ee\u9898\u3002
\u901a\u8fc7\u5bb9\u5668\u7ba1\u7406\u9875\u9762
vm.kubevirt.io/name: you-vm-name
\u521b\u5efa\u6210\u529f\u540e\uff0c\u5c31\u53ef\u4ee5\u901a\u8fc7 ssh username@nodeip -p port
\u6765\u8bbf\u95ee\u4e91\u4e3b\u673a
\u7f16\u5199 YAML \u6587\u4ef6\uff0c\u793a\u4f8b\u5982\u4e0b\uff1a
apiVersion: v1\nkind: Service\n metadata:\n name: test-ssh\nspec:\n ports:\n - name: tcp-ssh\n nodePort: 32090\n protocol: TCP\n // 22 \u7aef\u53e3\uff0c\u4e0d\u8981\u66f4\u6539\n port: 22 \n targetPort: 22\n selector:\n // \u4e91\u4e3b\u673a\u7684 name\n\u00a0 \u00a0vm.kubevirt.io/name: test-image-s3\n type: NodePort\n
\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4
kubectl apply -f you-svc.yaml\n
\u521b\u5efa\u6210\u529f\u540e\uff0c\u5c31\u53ef\u4ee5\u901a\u8fc7 ssh username@nodeip -p 32090
\u6765\u8bbf\u95ee\u4e91\u4e3b\u673a
\u672c\u6587\u5c06\u4ecb\u7ecd\u5982\u4f55\u901a\u8fc7\u8868\u5355\u548c YAML \u6587\u4ef6\u4e24\u79cd\u65b9\u5f0f\u66f4\u65b0\u4e91\u4e3b\u673a\u3002
"},{"location":"admin/virtnest/quickstart/update.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u5f00\u673a\u72b6\u6001\u4e0b\u66f4\u65b0\u4e91\u4e3b\u673a CPU\u3001\u5185\u5b58\u3001\u6570\u636e\u76d8\u4e4b\u524d\uff0c\u9700\u8981\u6ee1\u8db3\u4ee5\u4e0b\u524d\u63d0\u6761\u4ef6\uff1a
\u5728\u4e91\u4e3b\u673a\u5217\u8868\u9875\u9762\uff0c\u70b9\u51fb \u66f4\u65b0 \u8fdb\u5165\u4e91\u4e3b\u673a\u66f4\u65b0\u9875\u9762\u3002
\u57fa\u672c\u4fe1\u606f\u955c\u50cf\u914d\u7f6e\u5b58\u50a8\u4e0e\u7f51\u7edc\u767b\u5f55\u8bbe\u7f6e\u57fa\u672c\u4fe1\u606f\u9875\u9762\u4e2d\uff0c \u522b\u540d \u4e0e \u6807\u7b7e\u6ce8\u89e3 \u652f\u6301\u66f4\u65b0\uff0c\u5176\u4ed6\u4fe1\u606f\u65e0\u6cd5\u66f4\u6539\u3002\u5b8c\u6210\u66f4\u65b0\u540e\u70b9\u51fb \u4e0b\u4e00\u6b65 \u8fdb\u5165\u955c\u50cf\u914d\u7f6e\u7684\u754c\u9762\u3002
\u5728\u955c\u50cf\u914d\u7f6e\u9875\u9762\u4e2d\uff0c\u955c\u50cf\u6765\u6e90\u3001\u64cd\u4f5c\u7cfb\u7edf\u3001\u7248\u672c\u7b49\u53c2\u6570\u4e00\u65e6\u9009\u62e9\u540e\u65e0\u6cd5\u66f4\u6539\uff0c\u5141\u8bb8\u7528\u6237\u66f4\u65b0 GPU \u914d\u7f6e \uff0c \u5305\u62ec\u542f\u7528\u6216\u7981\u7528 GPU \u652f\u6301\uff0c\u9009\u62e9 GPU \u7684\u7c7b\u578b\uff0c\u6307\u5b9a\u6240\u9700\u7684\u578b\u53f7\uff0c\u4ee5\u53ca\u914d\u7f6e GPU \u5361\u7684\u6570\u91cf\uff0c\u66f4\u65b0\u540e\u9700\u8981\u91cd\u542f\u624d\u80fd\u751f\u6548\u3002 \u5b8c\u6210\u66f4\u65b0\u540e\u70b9\u51fb \u4e0b\u4e00\u6b65 \u8fdb\u5165\u5b58\u50a8\u4e0e\u7f51\u7edc\u7684\u754c\u9762\u3002
\u5728\u5b58\u50a8\u4e0e\u7f51\u7edc\u9875\u9762\u4e2d\uff0c\u7cfb\u7edf\u76d8\u7684\u5b58\u50a8\u6c60\u548c PVC \u8bbf\u95ee\u6a21\u5f0f\u4e00\u65e6\u9009\u62e9\u540e\u65e0\u6cd5\u66f4\u6539\uff0c\u652f\u6301\u589e\u52a0\u78c1\u76d8\u5bb9\u91cf\uff0c\u4e0d\u53ef\u51cf\u5c11\u3002 \u6b64\u5916\uff0c\u7528\u6237\u53ef\u4ee5\u81ea\u7531\u6dfb\u52a0\u6216\u8005\u79fb\u9664\u6570\u636e\u76d8\u3002\u4e0d\u652f\u6301\u66f4\u65b0\u7f51\u7edc\u914d\u7f6e\u3002\u5b8c\u6210\u66f4\u65b0\u540e\u70b9\u51fb \u4e0b\u4e00\u6b65 \u8fdb\u5165\u767b\u5f55\u8bbe\u7f6e\u7684\u754c\u9762\u3002
Note
\u5efa\u8bae\u5728\u4fee\u6539\u5b58\u50a8\u5bb9\u91cf\u6216\u589e\u52a0\u6570\u636e\u76d8\u540e\u91cd\u542f\u4e91\u4e3b\u673a\uff0c\u4ee5\u786e\u4fdd\u914d\u7f6e\u751f\u6548\u3002
\u5728\u767b\u5f55\u8bbe\u7f6e\u9875\u9762\u4e2d\uff0c\u7528\u6237\u540d\u3001\u5bc6\u7801\u4ee5\u53ca SSH \u5bc6\u94a5\u914d\u7f6e\u4e00\u65e6\u8bbe\u7f6e\uff0c\u4e0d\u5141\u8bb8\u66f4\u6539\u3002\u786e\u8ba4\u60a8\u7684\u767b\u5f55\u4fe1\u606f\u65e0\u8bef\u540e\uff0c\u70b9\u51fb\u786e\u5b9a\u6309\u94ae\u4ee5\u5b8c\u6210\u66f4\u65b0\u6d41\u7a0b\u3002
"},{"location":"admin/virtnest/quickstart/update.html#yaml","title":"\u7f16\u8f91 YAML","text":"\u9664\u4e86\u901a\u8fc7\u8868\u5355\u65b9\u5f0f\u66f4\u65b0\u4e91\u4e3b\u673a\u5916\uff0c\u8fd8\u53ef\u4ee5\u901a\u8fc7 YAML \u6587\u4ef6\u66f4\u5feb\u901f\u5730\u66f4\u65b0\u4e91\u4e3b\u673a\u3002
\u8fdb\u5165\u4e91\u4e3b\u673a\u5217\u8868\u9875\uff0c\u70b9\u51fb \u7f16\u8f91 YAML \u6309\u94ae\u3002
"},{"location":"admin/virtnest/template/index.html","title":"\u901a\u8fc7\u6a21\u677f\u521b\u5efa\u4e91\u4e3b\u673a","text":"\u672c\u6587\u5c06\u4ecb\u7ecd\u5982\u4f55\u901a\u8fc7\u6a21\u677f\u521b\u5efa\u4e91\u4e3b\u673a\u3002
\u901a\u8fc7\u5185\u7f6e\u6a21\u677f\u548c\u81ea\u5b9a\u4e49\u6a21\u677f\uff0c\u7528\u6237\u53ef\u4ee5\u8f7b\u677e\u521b\u5efa\u65b0\u7684\u4e91\u4e3b\u673a\u3002\u6b64\u5916\uff0c\u6211\u4eec\u8fd8\u63d0\u4f9b\u5c06\u73b0\u6709\u4e91\u4e3b\u673a\u8f6c\u6362\u4e3a\u4e91\u4e3b\u673a\u6a21\u677f\u7684\u529f\u80fd\uff0c\u8ba9\u7528\u6237\u80fd\u591f\u66f4\u52a0\u7075\u6d3b\u5730\u7ba1\u7406\u548c\u4f7f\u7528\u8d44\u6e90\u3002
"},{"location":"admin/virtnest/template/index.html#_2","title":"\u6a21\u677f\u521b\u5efa","text":"\u53c2\u8003\u4ee5\u4e0b\u6b65\u9aa4\uff0c\u4f7f\u7528\u6a21\u677f\u521b\u5efa\u4e00\u4e2a\u4e91\u4e3b\u673a\u3002
\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u4e0a\u7684 \u5bb9\u5668\u7ba1\u7406 \uff0c\u7136\u540e\u70b9\u51fb \u4e91\u4e3b\u673a \uff0c\u8fdb\u5165 \u4e91\u4e3b\u673a\u7ba1\u7406 \u9875\u9762\u3002\u5728\u4e91\u4e3b\u673a\u5217\u8868\u9875\u9762\uff0c\u70b9\u51fb\u521b\u5efa\u4e91\u4e3b\u673a-\u9009\u62e9\u6a21\u677f\u521b\u5efa\u4e91\u4e3b\u673a\u3002
\u8fdb\u5165\u955c\u50cf\u521b\u5efa\u9875\u9762\uff0c\u4f9d\u6b21\u586b\u5199\u57fa\u672c\u4fe1\u606f\u3001\u6a21\u677f\u914d\u7f6e\u3001\u5b58\u50a8\u4e0e\u7f51\u7edc\u3001\u767b\u5f55\u8bbe\u7f6e\u540e\uff0c\u5728\u9875\u9762\u53f3\u4e0b\u89d2\u70b9\u51fb \u786e\u5b9a \u5b8c\u6210\u521b\u5efa\u3002
\u7cfb\u7edf\u5c06\u81ea\u52a8\u8fd4\u56de\u4e91\u4e3b\u673a\u5217\u8868\u3002\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507 \uff0c\u53ef\u4ee5\u5bf9\u4e91\u4e3b\u673a\u6267\u884c\u5173\u673a/\u5f00\u542f\u3001\u91cd\u542f\u3001\u514b\u9686\u3001\u66f4\u65b0\u3001\u521b\u5efa\u5feb\u7167\u3001\u914d\u7f6e\u8f6c\u6362\u4e3a\u6a21\u677f\u3001\u63a7\u5236\u53f0\u8bbf\u95ee\uff08VNC\uff09\u3001\u5220\u9664\u7b49\u64cd\u4f5c\u3002 \u514b\u9686\u548c\u5feb\u7167\u80fd\u529b\u4f9d\u8d56\u4e8e\u5b58\u50a8\u6c60\u7684\u9009\u62e9\u3002
\u5728\u521b\u5efa\u4e91\u4e3b\u673a\u9875\u9762\u4e2d\uff0c\u6839\u636e\u4e0b\u8868\u8f93\u5165\u4fe1\u606f\u540e\uff0c\u70b9\u51fb \u4e0b\u4e00\u6b65 \u3002
\u51fa\u73b0\u6a21\u677f\u5217\u8868\uff0c\u6309\u9700\u9009\u62e9\u5185\u7f6e\u6a21\u677f/\u81ea\u5b9a\u4e49\u6a21\u677f\u3002
\u9009\u62e9\u5185\u7f6e\u6a21\u677f\uff1a\u5e73\u53f0\u5185\u7f6e\u4e862\u4e2a\u6807\u51c6\u6a21\u677f\uff0c\u4e0d\u5141\u8bb8\u7f16\u8f91\u548c\u5220\u9664\u3002\u9009\u62e9\u5185\u7f6e\u6a21\u677f\u540e\uff0c\u955c\u50cf\u6765\u6e90\u3001\u64cd\u4f5c\u7cfb\u7edf\u3001\u955c\u50cf\u5730\u5740\u7b49\u5c06\u4f7f\u7528\u6a21\u677f\u5185\u7684\u4fe1\u606f\uff0c\u65e0\u6cd5\u4fee\u6539\uff1b\u8d44\u6e90\u914d\u989d\u4e5f\u5c06\u4f7f\u7528\u6a21\u677f\u5185\u7684\u4fe1\u606f\uff0c\u5141\u8bb8\u4fee\u6539\u3002
\u9009\u62e9\u81ea\u5b9a\u4e49\u6a21\u677f\uff1a\u7531\u4e91\u4e3b\u673a\u914d\u7f6e\u8f6c\u5316\u800c\u6765\u7684\u6a21\u677f\uff0c\u652f\u6301\u7f16\u8f91\u548c\u5220\u9664\u3002\u4f7f\u7528\u81ea\u5b9a\u4e49\u6a21\u677f\u5219\u6839\u636e\u5177\u4f53\u60c5\u51b5\u652f\u6301\u4fee\u6539\u955c\u50cf\u6765\u6e90\u7b49\u4fe1\u606f\u3002
\u5b58\u50a8\uff1a\u7cfb\u7edf\u9ed8\u8ba4\u521b\u5efa\u4e00\u4e2a VirtIO \u7c7b\u578b\u7684 rootfs \u7cfb\u7edf\u76d8\uff0c\u7528\u4e8e\u5b58\u653e\u64cd\u4f5c\u7cfb\u7edf\u548c\u6570\u636e\u3002 \u9ed8\u8ba4\u4f7f\u7528\u5757\u5b58\u50a8\u3002\u5982\u679c\u9700\u8981\u4f7f\u7528\u514b\u9686\u548c\u5feb\u7167\u529f\u80fd\uff0c\u8bf7\u786e\u4fdd\u60a8\u7684\u5b58\u50a8\u6c60\u652f\u6301 VolumeSnapshots \u529f\u80fd\uff0c \u5e76\u5728\u5b58\u50a8\u6c60\uff08SC\uff09\u4e2d\u8fdb\u884c\u521b\u5efa\u3002\u8bf7\u6ce8\u610f\uff0c\u5b58\u50a8\u6c60\uff08SC\uff09\u8fd8\u6709\u5176\u4ed6\u4e00\u4e9b\u5148\u51b3\u6761\u4ef6\u9700\u8981\u6ee1\u8db3\u3002
\u5148\u51b3\u6761\u4ef6\uff1a
\u652f\u6301\u6dfb\u52a0\u4e00\u5757\u7cfb\u7edf\u76d8\u548c\u591a\u5757\u6570\u636e\u76d8\u3002
\u7f51\u7edc\uff1a\u82e5\u60a8\u4e0d\u505a\u4efb\u4f55\u914d\u7f6e\uff0c\u7cfb\u7edf\u5c06\u9ed8\u8ba4\u521b\u5efa\u4e00\u4e2a VirtIO \u7c7b\u578b\u7684\u7f51\u7edc\u3002
\u672c\u6587\u5c06\u4ecb\u7ecd\u5185\u7f6e\u4e91\u4e3b\u673a\u6a21\u677f\u548c\u81ea\u5b9a\u4e49\u4e91\u4e3b\u673a\u6a21\u677f\u3002
\u901a\u8fc7\u5185\u7f6e\u6a21\u677f\u548c\u81ea\u5b9a\u4e49\u6a21\u677f\uff0c\u7528\u6237\u53ef\u4ee5\u8f7b\u677e\u521b\u5efa\u65b0\u7684\u4e91\u4e3b\u673a\u3002\u6b64\u5916\uff0c\u6211\u4eec\u8fd8\u63d0\u4f9b\u5c06\u73b0\u6709\u4e91\u4e3b\u673a\u8f6c\u6362\u4e3a\u4e91\u4e3b\u673a\u6a21\u677f\u7684\u529f\u80fd\uff0c\u8ba9\u7528\u6237\u80fd\u591f\u66f4\u52a0\u7075\u6d3b\u5730\u7ba1\u7406\u548c\u4f7f\u7528\u8d44\u6e90\u3002
"},{"location":"admin/virtnest/template/tep.html#_2","title":"\u4e91\u4e3b\u673a\u6a21\u677f","text":"\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u4e0a\u7684 \u5bb9\u5668\u7ba1\u7406 \uff0c\u7136\u540e\u70b9\u51fb \u4e91\u4e3b\u673a\u6a21\u677f \uff0c\u8fdb\u5165 \u4e91\u4e3b\u673a\u6a21\u677f \u9875\u9762\uff0c\u82e5\u8be5\u6a21\u677f\u662f\u7531\u914d\u7f6e\u4e86 GPU \u7684\u4e91\u4e3b\u673a\u8f6c\u6362\u800c\u6765\uff0c\u6a21\u677f\u4e5f\u4f1a\u5e26\u6709 GPU \u7684\u4fe1\u606f\uff0c\u5c06\u5728\u6a21\u677f\u5217\u8868\u4e2d\u5c55\u793a\u3002
\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507 \uff0c\u53ef\u4ee5\u5bf9\u5185\u7f6e\u6a21\u677f\u6267\u884c\u521b\u5efa\u4e91\u4e3b\u673a\u548c\u67e5\u770b YAML \u64cd\u4f5c\uff1b\u5bf9\u81ea\u5b9a\u4e49\u6a21\u677f\u652f\u6301\u521b\u5efa\u4e91\u4e3b\u673a\u3001\u7f16\u8f91 YAML \u548c\u5220\u9664\u64cd\u4f5c\u3002
\u5e73\u53f0\u5185\u5185\u7f6e\u4e24\u79cd\u6a21\u677f\uff0c\u5206\u522b\u662f CentOS \u548c Ubuntu\u3002
\u81ea\u5b9a\u4e49\u6a21\u677f\u662f\u7531\u4e91\u4e3b\u673a\u914d\u7f6e\u8f6c\u5316\u800c\u6765\u7684\u6a21\u677f\u3002\u4ee5\u4e0b\u4ecb\u7ecd\u5982\u4f55\u4ece\u4e91\u4e3b\u673a\u914d\u7f6e\u8f6c\u6362\u4e3a\u6a21\u677f\u3002
\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u4e0a\u7684 \u5bb9\u5668\u7ba1\u7406 \uff0c\u7136\u540e\u70b9\u51fb \u4e91\u4e3b\u673a \uff0c\u8fdb\u5165\u5217\u8868\u9875\u9762\uff0c\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507 \u652f\u6301\u5c06\u914d\u7f6e\u8f6c\u6362\u4e3a\u6a21\u677f\u3002\u53ea\u6709\u8fd0\u884c\u4e2d/\u5173\u95ed\u72b6\u6001\u4e0b\u7684\u4e91\u4e3b\u673a\u652f\u6301\u8f6c\u5316\u3002
\u586b\u5199\u65b0\u6a21\u677f\u7684\u540d\u79f0\uff0c\u63d0\u793a\u539f\u59cb\u4e91\u4e3b\u673a\u5c06\u4f1a\u4fdd\u7559\u5e76\u4e14\u53ef\u7528\u3002\u8f6c\u6362\u6210\u529f\u540e\uff0c\u5c06\u4f1a\u5728\u6a21\u677f\u5217\u8868\u65b0\u589e\u4e00\u6761\u6570\u636e\u3002
\u6210\u529f\u521b\u5efa\u51fa\u6765\u4e00\u4e2a\u6a21\u677f\u540e\uff0c\u70b9\u51fb\u6a21\u677f\u540d\u79f0\uff0c\u53ef\u4ee5\u67e5\u770b\u4e91\u4e3b\u673a\u8be6\u60c5\uff0c\u5305\u62ec\u57fa\u672c\u4fe1\u606f\u3001GPU \u4fe1\u606f\u3001\u5b58\u50a8\u3001\u7f51\u7edc\u7b49\u3002\u5982\u679c\u9700\u8981\u5feb\u901f\u57fa\u4e8e\u8be5\u6a21\u677f\u90e8\u7f72\u65b0\u7684\u4e91\u4e3b\u673a\uff0c\u53ea\u9700\u70b9\u51fb\u9875\u9762\u53f3\u4e0a\u89d2\u7684 \u521b\u5efa\u4e91\u4e3b\u673a \u6309\u94ae\u5373\u53ef\u4fbf\u6377\u64cd\u4f5c\u3002
"},{"location":"admin/virtnest/vm/auto-migrate.html","title":"\u4e91\u4e3b\u673a\u81ea\u52a8\u6f02\u79fb","text":"\u672c\u6587\u5c06\u4ecb\u7ecd\u5f53\u96c6\u7fa4\u5185\u67d0\u4e2a\u8282\u70b9\u56e0\u4e3a\u65ad\u7535\u6216\u7f51\u7edc\u6545\u969c\uff0c\u5bfc\u81f4\u8be5\u8282\u70b9\u4e0a\u7684\u4e91\u4e3b\u673a\u65e0\u6cd5\u8bbf\u95ee\u65f6\uff0c \u5982\u4f55\u5c06\u6b63\u5728\u8fd0\u884c\u7684\u4e91\u4e3b\u673a\u65e0\u7f1d\u8fc1\u79fb\u5230\u5176\u4ed6\u7684\u8282\u70b9\u4e0a\uff0c\u540c\u65f6\u4fdd\u8bc1\u4e1a\u52a1\u7684\u8fde\u7eed\u6027\u548c\u6570\u636e\u7684\u5b89\u5168\u6027\u3002
\u4e0e\u5b9e\u65f6\u8fc1\u79fb\u76f8\u6bd4\uff0c\u81ea\u52a8\u6f02\u79fb\u4e0d\u9700\u8981\u60a8\u5728\u754c\u9762\u4e2d\u4e3b\u52a8\u64cd\u4f5c\uff0c\u800c\u662f\u7cfb\u7edf\u81ea\u52a8\u89e6\u53d1\u8fc1\u79fb\u8fc7\u7a0b\u3002
"},{"location":"admin/virtnest/vm/auto-migrate.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u5b9e\u73b0\u81ea\u52a8\u6f02\u79fb\u4e4b\u524d\uff0c\u9700\u8981\u6ee1\u8db3\u4ee5\u4e0b\u524d\u63d0\u6761\u4ef6\uff1a
\u68c0\u67e5\u4e91\u4e3b\u673a launcher pod \u72b6\u6001\uff1a
kubectl get pod\n
\u67e5\u770b launcher pod \u662f\u5426\u5904\u4e8e Terminating \u72b6\u6001\u3002
\u5f3a\u5236\u5220\u9664 launcher pod\uff1a
\u5982\u679c launcher pod \u72b6\u6001\u4e3a Terminating\uff0c\u53ef\u4ee5\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u8fdb\u884c\u5f3a\u5236\u5220\u9664\uff1a
kubectl delete <launcher pod> --force\n
\u66ff\u6362 <launcher pod>
\u4e3a\u4f60\u7684 launcher pod \u540d\u79f0\u3002
\u7b49\u5f85\u91cd\u65b0\u521b\u5efa\u5e76\u68c0\u67e5\u72b6\u6001\uff1a
\u5220\u9664\u540e\uff0c\u7cfb\u7edf\u5c06\u81ea\u52a8\u91cd\u65b0\u521b\u5efa launcher pod\u3002 \u7b49\u5f85\u5176\u72b6\u6001\u53d8\u4e3a running\uff0c\u7136\u540e\u5237\u65b0\u4e91\u4e3b\u673a\u5217\u8868\uff0c\u89c2\u5bdf\u4e91\u4e3b\u673a\u662f\u5426\u6210\u529f\u8fc1\u79fb\u5230\u65b0\u8282\u70b9\u3002
\u5982\u679c\u4f7f\u7528 rook-ceph \u4f5c\u4e3a\u5b58\u50a8\uff0c\u9700\u8981\u914d\u7f6e\u4e3a ReadWriteOnce \u6a21\u5f0f\uff1a
\u5f3a\u5236\u5220\u9664 pod \u540e\uff0c\u9700\u8981\u7b49\u5f85\u5927\u7ea6\u516d\u5206\u949f\u4ee5\u8ba9 launcher pod \u542f\u52a8\uff0c\u6216\u8005\u53ef\u4ee5\u901a\u8fc7\u4ee5\u4e0b\u547d\u4ee4\u7acb\u5373\u542f\u52a8 pod\uff1a
kubectl get pv | grep <vm name>\nkubectl get VolumeAttachment | grep <pv name>\n
\u66ff\u6362 <vm name>
\u548c <pv name>
\u4e3a\u4f60\u7684\u4e91\u4e3b\u673a\u540d\u79f0\u548c\u6301\u4e45\u5377\u540d\u79f0\u3002
\u7136\u540e\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u5220\u9664\u5bf9\u5e94\u7684 VolumeAttachment\uff1a
kubectl delete VolumeAttachment <vm>\n
\u66ff\u6362 <vm>
\u4e3a\u4f60\u7684\u4e91\u4e3b\u673a\u540d\u79f0\u3002
\u672c\u6587\u5c06\u4ecb\u7ecd\u5982\u4f55\u514b\u9686\u4e00\u53f0\u65b0\u7684\u4e91\u4e3b\u673a\u3002
\u7528\u6237\u53ef\u4ee5\u514b\u9686\u4e00\u53f0\u65b0\u7684\u4e91\u4e3b\u673a\uff0c\u514b\u9686\u540e\u7684\u4e91\u4e3b\u673a\u5c06\u5177\u6709\u4e0e\u539f\u59cb\u4e91\u4e3b\u673a\u76f8\u540c\u7684\u64cd\u4f5c\u7cfb\u7edf\u548c\u7cfb\u7edf\u914d\u7f6e\uff0c\u80fd\u591f\u5b9e\u73b0\u5feb\u901f\u90e8\u7f72\u548c\u6269\u5c55\uff0c\u5feb\u901f\u521b\u5efa\u76f8\u4f3c\u914d\u7f6e\u7684\u65b0\u4e91\u4e3b\u673a\uff0c\u800c\u65e0\u9700\u4ece\u5934\u5f00\u59cb\u5b89\u88c5\u3002
"},{"location":"admin/virtnest/vm/clone.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u4f7f\u7528\u514b\u9686\u529f\u80fd\u4e4b\u524d\uff0c\u9700\u8981\u6ee1\u8db3\u4ee5\u4e0b\u524d\u63d0\u6761\u4ef6\uff08\u548c\u5feb\u7167\u529f\u80fd\u7684\u524d\u63d0\u6761\u4ef6\u4e00\u81f4\uff09\uff1a
\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u4e0a\u7684 \u5bb9\u5668\u7ba1\u7406 \uff0c\u7136\u540e\u70b9\u51fb \u4e91\u4e3b\u673a \uff0c\u8fdb\u5165\u5217\u8868\u9875\u9762\uff0c\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507 \uff0c\u53ef\u4ee5\u5bf9\u975e\u9519\u8bef\u72b6\u6001\u4e0b\u7684\u4e91\u4e3b\u673a\u6267\u884c\u5feb\u7167\u64cd\u4f5c\u3002
\u5f39\u51fa\u5f39\u6846\uff0c\u9700\u8981\u586b\u5199\u514b\u9686\u65b0\u7684\u4e91\u4e3b\u673a\u7684\u540d\u79f0\u548c\u63cf\u8ff0\uff0c\u514b\u9686\u64cd\u4f5c\u53ef\u80fd\u9700\u8981\u4e00\u4e9b\u65f6\u95f4\uff0c\u5177\u4f53\u53d6\u51b3\u4e8e\u4e91\u4e3b\u673a\u7684\u5927\u5c0f\u548c\u5b58\u50a8\u6027\u80fd\u3002
\u514b\u9686\u6210\u529f\u540e\u53ef\u4ee5\u5728\u4e91\u4e3b\u673a\u5217\u8868\u5185\u67e5\u770b\u5230\u65b0\u7684\u4e91\u4e3b\u673a\uff0c\u65b0\u521b\u5efa\u51fa\u6765\u7684\u4e91\u4e3b\u673a\u5904\u4e8e\u5173\u673a\u72b6\u6001\uff0c\u82e5\u9700\u8981\u5f00\u673a\u9700\u8981\u624b\u52a8\u64cd\u4f5c\u3002
\u514b\u9686\u524d\u5efa\u8bae\u5bf9\u539f\u6709\u4e91\u4e3b\u673a\u8fdb\u884c\u5feb\u7167\uff0c\u5982\u679c\u514b\u9686\u8fc7\u7a0b\u4e2d\u9047\u5230\u95ee\u9898\uff0c\u8bf7\u68c0\u67e5\u5148\u51b3\u6761\u4ef6\u662f\u5426\u6ee1\u8db3\uff0c\u5e76\u5c1d\u8bd5\u91cd\u65b0\u6267\u884c\u514b\u9686\u64cd\u4f5c\u3002
\u5f53\u521b\u5efa\u4e91\u4e3b\u673a\u4f7f\u7528\u5bf9\u8c61\u5b58\u50a8\uff08S3\uff09\u4f5c\u4e3a\u955c\u50cf\u6765\u6e90\u65f6\uff0c\u6709\u65f6\u5019\u9700\u8981\u586b\u5199\u5bc6\u94a5\u6765\u83b7\u53d6\u901a\u8fc7 S3 \u7684\u9a8c\u8bc1\u3002\u4ee5\u4e0b\u5c06\u4ecb\u7ecd\u5982\u4f55\u521b\u5efa\u7b26\u5408\u4e91\u4e3b\u673a\u8981\u6c42\u7684\u5bc6\u94a5\u3002
\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u4e0a\u7684 \u5bb9\u5668\u7ba1\u7406 \uff0c\u7136\u540e\u70b9\u51fb \u96c6\u7fa4\u5217\u8868 \uff0c\u8fdb\u5165\u4e91\u4e3b\u673a\u6240\u5728\u96c6\u7fa4\u8be6\u60c5\uff0c\u70b9\u51fb \u914d\u7f6e\u4e0e\u5bc6\u94a5 \uff0c\u9009\u62e9 \u5bc6\u94a5 \uff0c\u70b9\u51fb \u521b\u5efa\u5bc6\u94a5 \u3002
\u8fdb\u5165\u521b\u5efa\u9875\u9762\uff0c\u586b\u5199\u5bc6\u94a5\u540d\u79f0\uff0c\u9009\u62e9\u548c\u4e91\u4e3b\u673a\u76f8\u540c\u7684\u547d\u540d\u7a7a\u95f4\uff0c\u6ce8\u610f\u9700\u8981\u9009\u62e9 \u9ed8\u8ba4\uff08Opaque\uff09 \u7c7b\u578b\u3002\u5bc6\u94a5\u6570\u636e\u9700\u8981\u9075\u5faa\u4ee5\u4e0b\u539f\u5219
\u521b\u5efa\u6210\u529f\u540e\u53ef\u4ee5\u5728\u521b\u5efa\u4e91\u4e3b\u673a\u65f6\u4f7f\u7528\u6240\u9700\u5bc6\u94a5\uff0c\u6700\u540e\u901a\u8fc7\u9a8c\u8bc1\u3002
\u672c\u529f\u80fd\u6682\u672a\u505a UI \u754c\u9762\u80fd\u529b\uff0c\u8bf7\u53c2\u8003\u6587\u6863\u7684\u64cd\u4f5c\u6b65\u9aa4\u6267\u884c\u3002
"},{"location":"admin/virtnest/vm/cross-cluster-migrate.html#_2","title":"\u4f7f\u7528\u573a\u666f","text":"\u5b9e\u73b0\u4e91\u4e3b\u673a\u8de8\u96c6\u7fa4\u8fc1\u79fb\u4e4b\u524d\uff0c\u9700\u8981\u6ee1\u8db3\u4ee5\u4e0b\u524d\u63d0\u6761\u4ef6\uff1a
\u6fc0\u6d3b VMExport Feature Gate\uff0c\u5728\u539f\u6709\u96c6\u7fa4\u5185\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c \u53ef\u53c2\u8003How to activate a feature gate
kubectl edit kubevirt kubevirt -n virtnest-system\n
\u8fd9\u6761\u547d\u4ee4\u5c06\u4fee\u6539 featureGates
\uff0c\u589e\u52a0 VMExport
\u3002
apiVersion: kubevirt.io/v1\nkind: KubeVirt\nmetadata:\n name: kubevirt\n namespace: virtnest-system\nspec:\n configuration:\n developerConfiguration:\n featureGates:\n - DataVolumes\n - LiveMigration\n - VMExport\n
"},{"location":"admin/virtnest/vm/cross-cluster-migrate.html#ingress","title":"\u914d\u7f6e\u539f\u6709\u96c6\u7fa4\u7684 Ingress","text":"\u4ee5 Nginx Ingress \u4e3a\u4f8b\uff0c\u914d\u7f6e Ingress \u4ee5\u6307\u5411 virt-exportproxy
Service\uff1a
apiVersion: networking.k8s.io/v1\nkind: Ingress\nmetadata:\n name: ingress-vm-export\n namespace: virtnest-system\nspec:\n tls:\n - hosts:\n - upgrade-test.com\n secretName: nginx-tls\n rules:\n - host: upgrade-test.com\n http:\n paths:\n - path: /\n pathType: Prefix\n backend:\n service:\n name: virt-exportproxy\n port:\n number: 8443\n ingressClassName: nginx\n
"},{"location":"admin/virtnest/vm/cross-cluster-migrate.html#_4","title":"\u8fc1\u79fb\u6b65\u9aa4","text":"\u521b\u5efa VirtualMachineExport CR
\u5982\u679c \u4e91\u4e3b\u673a\u5173\u673a\u72b6\u6001 \u4e0b\u8fdb\u884c\u8fc1\u79fb\uff08\u51b7\u8fc1\u79fb\uff09\uff1a
apiVersion: v1\nkind: Secret\nmetadata:\n name: example-token # \u5bfc\u51fa\u4e91\u4e3b\u673a\u6240\u7528 token\n namespace: default # \u4e91\u4e3b\u673a\u6240\u5728\u547d\u540d\u7a7a\u95f4\nstringData:\n token: 1234567890ab # \u5bfc\u51fa\u4f7f\u7528\u7684 token,\u53ef\u4fee\u6539\n\n---\napiVersion: export.kubevirt.io/v1alpha1\nkind: VirtualMachineExport\nmetadata:\n name: example-export # \u5bfc\u51fa\u540d\u79f0, \u53ef\u81ea\u884c\u4fee\u6539\n namespace: default # \u4e91\u4e3b\u673a\u6240\u5728\u547d\u540d\u7a7a\u95f4\nspec:\n tokenSecretRef: example-token # \u548c\u4e0a\u9762\u521b\u5efa\u7684token\u540d\u79f0\u4fdd\u6301\u4e00\u81f4\n source:\n apiGroup: \"kubevirt.io\"\n kind: VirtualMachine\n name: testvm # \u4e91\u4e3b\u673a\u540d\u79f0\n
\u5982\u679c\u8981\u5728 \u4e91\u4e3b\u673a\u4e0d\u5173\u673a \u7684\u72b6\u6001\u4e0b\uff0c\u4f7f\u7528\u4e91\u4e3b\u673a\u5feb\u7167\u8fdb\u884c\u8fc1\u79fb\uff08\u70ed\u8fc1\u79fb\uff09\uff1a
apiVersion: v1\nkind: Secret\nmetadata:\n name: example-token # \u5bfc\u51fa\u4e91\u4e3b\u673a\u6240\u7528 token\n namespace: default # \u4e91\u4e3b\u673a\u6240\u5728\u547d\u540d\u7a7a\u95f4\nstringData:\n token: 1234567890ab # \u5bfc\u51fa\u4f7f\u7528\u7684 token ,\u53ef\u4fee\u6539\n\n---\napiVersion: export.kubevirt.io/v1alpha1\nkind: VirtualMachineExport\nmetadata:\n name: export-snapshot # \u5bfc\u51fa\u540d\u79f0, \u53ef\u81ea\u884c\u4fee\u6539\n namespace: default # \u4e91\u4e3b\u673a\u6240\u5728\u547d\u540d\u7a7a\u95f4\nspec:\n tokenSecretRef: export-token # \u548c\u4e0a\u9762\u521b\u5efa\u7684token\u540d\u79f0\u4fdd\u6301\u4e00\u81f4\n source:\n apiGroup: \"snapshot.kubevirt.io\"\n kind: VirtualMachineSnapshot\n name: export-snap-202407191524 # \u5bf9\u5e94\u7684\u4e91\u4e3b\u673a\u5feb\u7167\u540d\u79f0\n
\u68c0\u67e5 VirtualMachineExport \u662f\u5426\u51c6\u5907\u5c31\u7eea\uff1a
# \u8fd9\u91cc\u7684 example-export \u9700\u8981\u66ff\u6362\u4e3a\u521b\u5efa\u7684 VirtualMachineExport \u540d\u79f0\nkubectl get VirtualMachineExport example-export -n default\n\nNAME SOURCEKIND SOURCENAME PHASE\nexample-export VirtualMachine testvm Ready\n
\u5f53 VirtualMachineExport \u51c6\u5907\u5c31\u7eea\u540e\uff0c\u5bfc\u51fa\u4e91\u4e3b\u673a YAML\u3002
\u5982\u679c\u5df2\u5b89\u88c5 virtctl \uff0c\u4f7f\u7528\u4ee5\u4e0b\u547d\u4ee4\u5bfc\u51fa\u4e91\u4e3b\u673a\u7684 YAML\uff1a
# \u81ea\u884c\u5c06 example-export\u66ff\u6362\u4e3a\u521b\u5efa\u7684 VirtualMachineExport \u540d\u79f0\n# \u81ea\u884c\u901a\u8fc7 -n \u6307\u5b9a\u547d\u540d\u7a7a\u95f4\nvirtctl vmexport download example-export --manifest --include-secret --output=manifest.yaml\n
\u5982\u679c\u6ca1\u6709\u5b89\u88c5 virtctl \uff0c\u4f7f\u7528\u4ee5\u4e0b\u547d\u4ee4\u5bfc\u51fa\u4e91\u4e3b\u673a YAML\uff1a
# \u81ea\u884c\u66ff\u6362 example-export \u66ff\u6362\u4e3a\u521b\u5efa\u7684 VirtualMachineExport \u540d\u79f0 \u548c\u547d\u540d\u7a7a\u95f4\nmanifesturl=$(kubectl get VirtualMachineExport example-export -n default -o=jsonpath='{.status.links.internal.manifests[0].url}')\nsecreturl=$(kubectl get VirtualMachineExport example-export -n default -o=jsonpath='{.status.links.internal.manifests[1].url}')\n# \u81ea\u884c\u66ff\u6362 secert \u540d\u79f0\u548c\u547d\u540d\u7a7a\u95f4\ntoken=$(kubectl get secret example-token -n default -o=jsonpath='{.data.token}' | base64 -d)\n\ncurl -H \"Accept: application/yaml\" -H \"x-kubevirt-export-token: $token\" --insecure $secreturl > manifest.yaml\ncurl -H \"Accept: application/yaml\" -H \"x-kubevirt-export-token: $token\" --insecure $manifesturl >> manifest.yaml\n
\u5bfc\u5165\u4e91\u4e3b\u673a
\u5c06\u5bfc\u51fa\u7684 manifest.yaml
\u590d\u5236\u5230\u76ee\u6807\u8fc1\u79fb\u96c6\u7fa4\u5e76\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\uff08\u5982\u679c\u547d\u540d\u7a7a\u95f4\u4e0d\u5b58\u5728\u5219\u9700\u8981\u63d0\u524d\u521b\u5efa\uff09\uff1a
kubectl apply -f manifest.yaml\n
\u521b\u5efa\u6210\u529f\u540e\uff0c\u91cd\u542f\u4e91\u4e3b\u673a\uff0c\u4e91\u4e3b\u673a\u6210\u529f\u8fd0\u884c\u540e\uff0c\u5728\u539f\u6709\u96c6\u7fa4\u5185\u5220\u9664\u539f\u4e91\u4e3b\u673a\uff08\u4e91\u4e3b\u673a\u672a\u542f\u52a8\u6210\u529f\u65f6\uff0c\u8bf7\u52ff\u5220\u9664\u539f\u4e91\u4e3b\u673a\uff09\u3002 \u5f53\u914d\u7f6e\u4e91\u4e3b\u673a\u7684\u5b58\u6d3b\uff08Liveness\uff09\u548c\u5c31\u7eea\uff08Readiness\uff09\u63a2\u9488\u65f6\uff0c\u4e0e Kubernetes \u7684\u914d\u7f6e\u8fc7\u7a0b\u76f8\u4f3c\u3002\u672c\u6587\u5c06\u4ecb\u7ecd\u5982\u4f55\u901a\u8fc7 YAML \u4e3a\u4e91\u4e3b\u673a\u914d\u7f6e\u5065\u5eb7\u68c0\u67e5\u53c2\u6570\u3002
\u4f46\u662f\u9700\u8981\u6ce8\u610f\uff1a\u9700\u8981\u5728\u4e91\u4e3b\u673a\u521b\u5efa\u6210\u529f\u5e76\u4e14\u5904\u4e8e\u5173\u673a\u72b6\u6001\u4e0b\uff0c\u4fee\u6539 YAML \u8fdb\u884c\u914d\u7f6e\u3002
"},{"location":"admin/virtnest/vm/health-check.html#http-liveness-probe","title":"\u914d\u7f6e HTTP Liveness Probe","text":"\u4fee\u6539 cloudInitNoCloud \u4ee5\u542f\u52a8\u4e00\u4e2a HTTP \u670d\u52a1\u5668\u3002
\u70b9\u51fb\u67e5\u770b YAML \u793a\u4f8b\u914d\u7f6eapiVersion: kubevirt.io/v1\nkind: VirtualMachine\nmetadata:\n annotations:\n kubevirt.io/latest-observed-api-version: v1\n kubevirt.io/storage-observed-api-version: v1\n virtnest.io/alias-name: ''\n virtnest.io/image-secret: ''\n virtnest.io/image-source: docker\n virtnest.io/os-image: release-ci.daocloud.io/virtnest/system-images/ubuntu-22.04-x86_64:v1\n creationTimestamp: '2024-10-15T02:39:45Z'\n finalizers:\n - kubevirt.io/virtualMachineControllerFinalize\n generation: 1\n labels:\n virtnest.io/os-family: Ubuntu\n virtnest.io/os-version: '22.04'\n name: test-probe\n namespace: amamba-team\n resourceVersion: '254032135'\n uid: 6d92779d-7415-4721-8c7b-a2dde163d758\nspec:\n dataVolumeTemplates:\n - metadata:\n creationTimestamp: null\n name: test-probe-rootdisk\n namespace: amamba-team\n spec:\n pvc:\n accessModes:\n - ReadWriteOnce\n resources:\n requests:\n storage: 10Gi\n storageClassName: hwameistor-storage-lvm-hdd\n source:\n registry:\n url: >-\n docker://release-ci.daocloud.io/virtnest/system-images/ubuntu-22.04-x86_64:v1\n runStrategy: Halted\n template:\n metadata:\n creationTimestamp: null\n spec:\n architecture: amd64\n domain:\n cpu:\n cores: 1\n sockets: 1\n threads: 1\n devices:\n disks:\n - bootOrder: 1\n disk:\n bus: virtio\n name: rootdisk\n - disk:\n bus: virtio\n name: cloudinitdisk\n interfaces:\n - masquerade: {}\n name: default\n machine:\n type: q35\n memory:\n guest: 2Gi\n resources:\n requests:\n memory: 2Gi\n networks:\n - name: default\n pod: {}\n livenessProbe:\n initialDelaySeconds: 120\n periodSeconds: 20\n httpGet:\n port: 1500\n timeoutSeconds: 10\n volumes:\n - dataVolume:\n name: test-probe-rootdisk\n name: rootdisk\n - cloudInitNoCloud:\n userData: |\n #cloud-config\n ssh_pwauth: true\n disable_root: false\n chpasswd: {\"list\": \"root:dangerous\", expire: False}\n runcmd:\n - sed -i \"/#\\?PermitRootLogin/s/^.*$/PermitRootLogin yes/g\" /etc/ssh/sshd_config\n - systemctl restart ssh.service\n - dhclient -r && dhclient\n - apt-get update && apt-get install -y ncat\n - [\"systemd-run\", \"--unit=httpserver\", \"ncat\", \"-klp\", \"1500\", \"-e\", '/usr/bin/echo -e HTTP/1.1 200 OK\\nContent-Length: 12\\n\\nHello World!']\n name: cloudinitdisk\n
\u6839\u636e\u64cd\u4f5c\u7cfb\u7edf\uff08\u5982 Ubuntu/Debian \u6216 CentOS\uff09\uff0cuserData \u7684\u914d\u7f6e\u53ef\u80fd\u6709\u6240\u4e0d\u540c\u3002\u4e3b\u8981\u533a\u522b\uff1a
\u5305\u7ba1\u7406\u5668\uff1a
Ubuntu/Debian \u4f7f\u7528 apt-get \u4f5c\u4e3a\u5305\u7ba1\u7406\u5668\u3002 CentOS \u4f7f\u7528 yum \u4f5c\u4e3a\u5305\u7ba1\u7406\u5668\u3002
SSH \u670d\u52a1\u91cd\u542f\u547d\u4ee4\uff1a
Ubuntu/Debian \u4f7f\u7528 systemctl restart ssh.service\u3002 CentOS \u4f7f\u7528 systemctl restart sshd.service\uff08\u6ce8\u610f CentOS 7 \u53ca\u4e4b\u524d\u7248\u672c\u4f7f\u7528 service sshd restart\uff09\u3002
\u5b89\u88c5\u7684\u8f6f\u4ef6\u5305\uff1a
Ubuntu/Debian \u5b89\u88c5 ncat\u3002 CentOS \u5b89\u88c5 nmap-ncat\uff08\u56e0\u4e3a ncat \u5728 CentOS \u7684\u9ed8\u8ba4\u4ed3\u5e93\u4e2d\u53ef\u80fd\u4e0d\u53ef\u7528\uff09\u3002
\u5728 spec.template.spec \u4e2d\u914d\u7f6e livenessProbe.tcpSocket\u3002
\u70b9\u51fb\u67e5\u770b YAML \u793a\u4f8b\u914d\u7f6eapiVersion: kubevirt.io/v1\nkind: VirtualMachine\nmetadata:\n annotations:\n kubevirt.io/latest-observed-api-version: v1\n kubevirt.io/storage-observed-api-version: v1\n virtnest.io/alias-name: ''\n virtnest.io/image-secret: ''\n virtnest.io/image-source: docker\n virtnest.io/os-image: release-ci.daocloud.io/virtnest/system-images/ubuntu-22.04-x86_64:v1\n creationTimestamp: '2024-10-15T02:39:45Z'\n finalizers:\n - kubevirt.io/virtualMachineControllerFinalize\n generation: 1\n labels:\n virtnest.io/os-family: Ubuntu\n virtnest.io/os-version: '22.04'\n name: test-probe\n namespace: amamba-team\n resourceVersion: '254032135'\n uid: 6d92779d-7415-4721-8c7b-a2dde163d758\nspec:\n dataVolumeTemplates:\n - metadata:\n creationTimestamp: null\n name: test-probe-rootdisk\n namespace: amamba-team\n spec:\n pvc:\n accessModes:\n - ReadWriteOnce\n resources:\n requests:\n storage: 10Gi\n storageClassName: hwameistor-storage-lvm-hdd\n source:\n registry:\n url: >-\n docker://release-ci.daocloud.io/virtnest/system-images/ubuntu-22.04-x86_64:v1\n runStrategy: Halted\n template:\n metadata:\n creationTimestamp: null\n spec:\n architecture: amd64\n domain:\n cpu:\n cores: 1\n sockets: 1\n threads: 1\n devices:\n disks:\n - bootOrder: 1\n disk:\n bus: virtio\n name: rootdisk\n - disk:\n bus: virtio\n name: cloudinitdisk\n interfaces:\n - masquerade: {}\n name: default\n machine:\n type: q35\n memory:\n guest: 2Gi\n resources:\n requests:\n memory: 2Gi\n networks:\n - name: default\n pod: {}\n livenessProbe:\n initialDelaySeconds: 120\n periodSeconds: 20\n tcpSocket:\n port: 1500\n timeoutSeconds: 10\n volumes:\n - dataVolume:\n name: test-probe-rootdisk\n name: rootdisk\n - cloudInitNoCloud:\n userData: |\n #cloud-config\n ssh_pwauth: true\n disable_root: false\n chpasswd: {\"list\": \"root:dangerous\", expire: False}\n runcmd:\n - sed -i \"/#\\?PermitRootLogin/s/^.*$/PermitRootLogin yes/g\" /etc/ssh/sshd_config\n - systemctl restart ssh.service\n - dhclient -r && dhclient\n - apt-get update && apt-get install -y ncat\n - [\"systemd-run\", \"--unit=httpserver\", \"ncat\", \"-klp\", \"1500\", \"-e\", '/usr/bin/echo -e HTTP/1.1 200 OK\\nContent-Length: 12\\n\\nHello World!']\n name: cloudinitdisk\n
"},{"location":"admin/virtnest/vm/health-check.html#readiness-probes","title":"\u914d\u7f6e Readiness Probes","text":"\u5728 spec.template.spec \u4e2d\u914d\u7f6e readiness\u3002
\u70b9\u51fb\u67e5\u770b YAML \u793a\u4f8b\u914d\u7f6eapiVersion: kubevirt.io/v1\nkind: VirtualMachine\nmetadata:\n annotations:\n kubevirt.io/latest-observed-api-version: v1\n kubevirt.io/storage-observed-api-version: v1\n virtnest.io/alias-name: ''\n virtnest.io/image-secret: ''\n virtnest.io/image-source: docker\n virtnest.io/os-image: release-ci.daocloud.io/virtnest/system-images/ubuntu-22.04-x86_64:v1\n creationTimestamp: '2024-10-15T02:39:45Z'\n finalizers:\n - kubevirt.io/virtualMachineControllerFinalize\n generation: 1\n labels:\n virtnest.io/os-family: Ubuntu\n virtnest.io/os-version: '22.04'\n name: test-probe\n namespace: amamba-team\n resourceVersion: '254032135'\n uid: 6d92779d-7415-4721-8c7b-a2dde163d758\nspec:\n dataVolumeTemplates:\n - metadata:\n creationTimestamp: null\n name: test-probe-rootdisk\n namespace: amamba-team\n spec:\n pvc:\n accessModes:\n - ReadWriteOnce\n resources:\n requests:\n storage: 10Gi\n storageClassName: hwameistor-storage-lvm-hdd\n source:\n registry:\n url: >-\n docker://release-ci.daocloud.io/virtnest/system-images/ubuntu-22.04-x86_64:v1\n runStrategy: Halted\n template:\n metadata:\n creationTimestamp: null\n spec:\n architecture: amd64\n domain:\n cpu:\n cores: 1\n sockets: 1\n threads: 1\n devices:\n disks:\n - bootOrder: 1\n disk:\n bus: virtio\n name: rootdisk\n - disk:\n bus: virtio\n name: cloudinitdisk\n interfaces:\n - masquerade: {}\n name: default\n machine:\n type: q35\n memory:\n guest: 2Gi\n resources:\n requests:\n memory: 2Gi\n networks:\n - name: default\n pod: {}\n readiness:\n initialDelaySeconds: 120\n periodSeconds: 20\n httpGet:\n port: 1500\n timeoutSeconds: 10\n volumes:\n - dataVolume:\n name: test-probe-rootdisk\n name: rootdisk\n - cloudInitNoCloud:\n userData: |\n #cloud-config\n ssh_pwauth: true\n disable_root: false\n chpasswd: {\"list\": \"root:dangerous\", expire: False}\n runcmd:\n - sed -i \"/#\\?PermitRootLogin/s/^.*$/PermitRootLogin yes/g\" /etc/ssh/sshd_config\n - systemctl restart ssh.service\n - dhclient -r && dhclient\n - apt-get update && apt-get install -y ncat\n - [\"systemd-run\", \"--unit=httpserver\", \"ncat\", \"-klp\", \"1500\", \"-e\", '/usr/bin/echo -e HTTP/1.1 200 OK\\nContent-Length: 12\\n\\nHello World!']\n name: cloudinitdisk\n
"},{"location":"admin/virtnest/vm/live-migration.html","title":"\u5b9e\u65f6\u8fc1\u79fb","text":"\u672c\u6587\u5c06\u4ecb\u7ecd\u5982\u4f55\u5c06\u4e91\u4e3b\u673a\u4ece\u4e00\u4e2a\u8282\u70b9\u79fb\u52a8\u5230\u53e6\u4e00\u4e2a\u8282\u70b9\u3002
\u5f53\u8282\u70b9\u7ef4\u62a4\u6216\u8005\u5347\u7ea7\u65f6\uff0c\u7528\u6237\u53ef\u4ee5\u5c06\u6b63\u5728\u8fd0\u884c\u7684\u4e91\u4e3b\u673a\u65e0\u7f1d\u8fc1\u79fb\u5230\u5176\u4ed6\u7684\u8282\u70b9\u4e0a\uff0c\u540c\u65f6\u53ef\u4ee5\u4fdd\u8bc1\u4e1a\u52a1\u7684\u8fde\u7eed\u6027\u548c\u6570\u636e\u7684\u5b89\u5168\u6027\u3002
"},{"location":"admin/virtnest/vm/live-migration.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u4f7f\u7528\u5b9e\u65f6\u8fc1\u79fb\u4e4b\u524d\uff0c\u9700\u8981\u6ee1\u8db3\u4ee5\u4e0b\u524d\u63d0\u6761\u4ef6\uff1a
\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u4e0a\u7684 \u5bb9\u5668\u7ba1\u7406 \uff0c\u7136\u540e\u70b9\u51fb \u4e91\u4e3b\u673a \uff0c\u8fdb\u5165\u5217\u8868\u9875\u9762\uff0c\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507 \uff0c\u53ef\u4ee5\u5bf9\u8fd0\u884c\u72b6\u6001\u4e0b\u7684\u4e91\u4e3b\u673a\u8fdb\u884c\u8fc1\u79fb\u52a8\u4f5c\u3002\u76ee\u524d\u4e91\u4e3b\u673a\u6240\u5728\u8282\u70b9\u4e3a controller-node-3 \u3002
\u5f39\u51fa\u5f39\u6846\uff0c\u63d0\u793a\u5728\u5b9e\u65f6\u8fc1\u79fb\u671f\u95f4\uff0c\u6b63\u5728\u8fd0\u884c\u7684\u4e91\u4e3b\u673a\u5b9e\u4f8b\u4f1a\u79fb\u52a8\u5230\u53e6\u4e00\u4e2a\u8282\u70b9\uff0c\u53ef\u4ee5\u9009\u62e9\u6307\u5b9a\u8282\u70b9\u8fc1\u79fb\uff0c\u4e5f\u53ef\u4ee5\u968f\u673a\u8fc1\u79fb\uff0c\u8bf7\u786e\u4fdd\u5176\u4ed6\u8282\u70b9\u8d44\u6e90\u5145\u8db3\u3002
\u8fc1\u79fb\u9700\u8981\u4e00\u6bb5\u65f6\u95f4\uff0c\u8bf7\u8010\u5fc3\u7b49\u5f85\uff0c\u6210\u529f\u540e\u53ef\u4ee5\u5728\u4e91\u4e3b\u673a\u5217\u8868\u5185\u67e5\u770b\u8282\u70b9\u4fe1\u606f\uff0c\u6b64\u65f6\u8282\u70b9\u8fc1\u79fb\u5230 controller-node-1 \u3002
\u672c\u6587\u5c06\u4ecb\u7ecd\u5728\u5173\u673a\u72b6\u6001\u4e0b\u5982\u4f55\u5c06\u4e91\u4e3b\u673a\u5728\u540c\u4e00\u96c6\u7fa4\u5185\u4ece\u4e00\u4e2a\u8282\u70b9\u79fb\u52a8\u5230\u53e6\u4e00\u4e2a\u8282\u70b9\u3002
\u51b7\u8fc1\u79fb\u7684\u4e3b\u8981\u7279\u70b9\u662f\uff0c\u4e91\u4e3b\u673a\u5728\u8fc1\u79fb\u8fc7\u7a0b\u4e2d\u4f1a\u5904\u4e8e\u79bb\u7ebf\u72b6\u6001\uff0c\u8fd9\u53ef\u80fd\u4f1a\u5bf9\u4e1a\u52a1\u8fde\u7eed\u6027\u4ea7\u751f\u5f71\u54cd\u3002\u56e0\u6b64\uff0c \u5728\u5b9e\u65bd\u51b7\u8fc1\u79fb\u65f6\u9700\u8981\u4ed4\u7ec6\u89c4\u5212\u8fc1\u79fb\u65f6\u95f4\u7a97\u53e3\uff0c\u5e76\u8003\u8651\u4e1a\u52a1\u9700\u6c42\u548c\u7cfb\u7edf\u53ef\u7528\u6027\u3002\u901a\u5e38\uff0c\u51b7\u8fc1\u79fb\u9002\u7528\u4e8e\u5bf9\u505c\u673a\u65f6\u95f4\u8981\u6c42\u4e0d\u662f\u975e\u5e38\u4e25\u683c\u7684\u573a\u666f\u3002
"},{"location":"admin/virtnest/vm/migratiom.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u4f7f\u7528\u51b7\u8fc1\u79fb\u4e4b\u524d\uff0c\u9700\u8981\u6ee1\u8db3\u4ee5\u4e0b\u524d\u63d0\u6761\u4ef6\uff1a
\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u4e0a\u7684 \u5bb9\u5668\u7ba1\u7406 \uff0c\u7136\u540e\u70b9\u51fb \u4e91\u4e3b\u673a \uff0c\u8fdb\u5165\u5217\u8868\u9875\u9762\uff0c\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507 \uff0c \u53ef\u4ee5\u5bf9\u5173\u673a\u72b6\u6001\u4e0b\u7684\u4e91\u4e3b\u673a\u8fdb\u884c\u8fc1\u79fb\u52a8\u4f5c\u3002\u4e91\u4e3b\u673a\u5728\u5173\u673a\u72b6\u6001\u4e0b\u65f6\u65e0\u6cd5\u67e5\u770b\u6240\u5728\u8282\u70b9\uff0c\u9700\u8981\u63d0\u524d\u89c4\u5212\u6216\u8005\u5f00\u673a\u67e5\u8be2\u3002
Note
\u5982\u679c\u60a8\u5728\u539f\u59cb\u8282\u70b9\u7684\u5b58\u50a8\u6c60\u4e2d\u4f7f\u7528\u4e86 local-path\uff0c\u8de8\u8282\u70b9\u8fc1\u79fb\u65f6\u53ef\u80fd\u51fa\u73b0\u95ee\u9898\uff0c\u8bf7\u8c28\u614e\u9009\u62e9\u3002
\u70b9\u51fb\u8fc1\u79fb\u540e\uff0c\u63d0\u793a\u5728\u8fc1\u79fb\u671f\u95f4\uff0c\u53ef\u4ee5\u9009\u62e9\u6307\u5b9a\u8282\u70b9\u8fc1\u79fb\uff0c\u4e5f\u53ef\u4ee5\u968f\u673a\u8fc1\u79fb\uff0c\u82e5\u9700\u8981\u4fee\u6539\u5b58\u50a8\u6c60\uff0c \u9700\u8981\u786e\u4fdd\u76ee\u6807\u8282\u70b9\u5185\u6709\u53ef\u7528\u5b58\u50a8\u6c60\u3002\u540c\u65f6\u9700\u8981\u76ee\u6807\u8282\u70b9\u8d44\u6e90\u5145\u8db3\uff0c\u8fc1\u79fb\u8fc7\u7a0b\u8017\u8d39\u65f6\u95f4\u8f83\u957f\uff0c\u8bf7\u8010\u5fc3\u7b49\u5f85\u3002
\u8fc1\u79fb\u9700\u8981\u4e00\u6bb5\u65f6\u95f4\uff0c\u8bf7\u8010\u5fc3\u7b49\u5f85\uff0c\u6210\u529f\u540e\u9700\u8981\u91cd\u542f\u67e5\u770b\u662f\u5426\u8fc1\u79fb\u6210\u529f\u3002\u672c\u793a\u4f8b\u5df2\u7ecf\u5f00\u673a\u67e5\u770b\u8fc1\u79fb\u6548\u679c\u3002
\u4e91\u4e3b\u673a\u57fa\u4e8e Kubevirt \u5f00\u6e90\u7684 Grafana Dashboard\uff0c\u4e3a\u4e86\u6bcf\u4e00\u4e2a\u4e91\u4e3b\u673a\u751f\u6210\u4e86\u76d1\u63a7\u770b\u677f
\u4e91\u4e3b\u673a\u7684\u76d1\u63a7\u4fe1\u606f\u53ef\u4ee5\u66f4\u597d\u7684\u4e86\u89e3\u4e91\u4e3b\u673a\u7684\u8d44\u6e90\u6d88\u8017\u60c5\u51b5\uff0c\u6bd4\u5982 CPU\u3001\u5185\u5b58\u3001\u5b58\u50a8\u548c\u7f51\u7edc\u7b49\u8d44\u6e90\u7684\u4f7f\u7528\u60c5\u51b5\uff0c \u4ece\u800c\u8fdb\u884c\u8d44\u6e90\u7684\u4f18\u5316\u548c\u89c4\u5212\uff0c\u63d0\u5347\u6574\u4f53\u7684\u8d44\u6e90\u5229\u7528\u6548\u7387\u3002
"},{"location":"admin/virtnest/vm/monitor.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u67e5\u770b\u4e91\u4e3b\u673a\u76d1\u63a7\u7684\u76f8\u5173\u4fe1\u606f\u4e4b\u524d\uff0c\u9700\u8981\u6ee1\u8db3\u4ee5\u4e0b\u524d\u63d0\u6761\u4ef6\uff1a
\u8fdb\u5165\u4e91\u4e3b\u673a\u7684\u8be6\u7ec6\u4fe1\u606f\u5e76\u70b9\u51fb \u6982\u89c8 \uff0c\u5373\u53ef\u67e5\u770b\u4e91\u4e3b\u673a\u7684\u76d1\u63a7\u5185\u5bb9\u3002\u8bf7\u6ce8\u610f\uff0c\u82e5\u672a\u5b89\u88c5 Insight-agent \u7ec4\u4ef6\uff0c\u5219\u65e0\u6cd5\u83b7\u53d6\u76d1\u63a7\u4fe1\u606f\u3002\u4ee5\u4e0b\u662f\u8be6\u7ec6\u4fe1\u606f\uff1a
CPU \u603b\u91cf\u3001CPU \u4f7f\u7528\u91cf\u3001\u5185\u5b58\u603b\u91cf\u3001\u5185\u5b58\u4f7f\u7528\u91cf\u3002
CPU \u4f7f\u7528\u7387\uff1a\u6307\u5f53\u524d\u4e91\u4e3b\u673a\u6b63\u5728\u4f7f\u7528\u7684 CPU \u8d44\u6e90\u7684\u767e\u5206\u6bd4\uff1b
\u5185\u5b58\u4f7f\u7528\u7387\uff1a\u6307\u5f53\u524d\u4e91\u4e3b\u673a\u6b63\u5728\u4f7f\u7528\u7684\u5185\u5b58\u8d44\u6e90\u5360\u603b\u53ef\u7528\u5185\u5b58\u7684\u767e\u5206\u6bd4\u3002
\u7f51\u7edc\u6d41\u91cf\uff1a\u6307\u4e91\u4e3b\u673a\u5728\u7279\u5b9a\u65f6\u95f4\u6bb5\u5185\u53d1\u9001\u548c\u63a5\u6536\u7684\u7f51\u7edc\u6570\u636e\u91cf\uff1b
\u7f51\u7edc\u4e22\u5305\u7387\uff1a\u6307\u5728\u6570\u636e\u4f20\u8f93\u8fc7\u7a0b\u4e2d\u4e22\u5931\u7684\u6570\u636e\u5305\u5360\u603b\u53d1\u9001\u6570\u636e\u5305\u6570\u91cf\u7684\u6bd4\u4f8b\u3002
\u7f51\u7edc\u9519\u8bef\u7387\uff1a\u6307\u5728\u7f51\u7edc\u4f20\u8f93\u8fc7\u7a0b\u4e2d\u53d1\u751f\u7684\u9519\u8bef\u7684\u6bd4\u7387\uff1b
\u78c1\u76d8\u541e\u5410\uff1a\u6307\u4e91\u4e3b\u673a\u7cfb\u7edf\u5728\u4e00\u5b9a\u65f6\u95f4\u5185\u8bfb\u53d6\u548c\u5199\u5165\u78c1\u76d8\u7684\u901f\u5ea6\u548c\u80fd\u529b\u3002
IOPS\uff1a\u6307\u7684\u662f\u5728\u4e00\u79d2\u949f\u5185\u4e91\u4e3b\u673a\u7cfb\u7edf\u8fdb\u884c\u7684\u8f93\u5165/\u8f93\u51fa\u64cd\u4f5c\u7684\u6b21\u6570\u3002\u78c1\u76d8\u5ef6\u8fdf\uff1a\u6307\u4e91\u4e3b\u673a\u7cfb\u7edf\u5728\u8fdb\u884c\u78c1\u76d8\u8bfb\u5199\u64cd\u4f5c\u65f6\u6240\u7ecf\u5386\u7684\u65f6\u95f4\u5ef6\u8fdf\u3002
\u672c\u6587\u5c06\u4ecb\u7ecd\u5982\u4f55\u4e3a\u4e91\u4e3b\u673a\u5b9a\u65f6\u521b\u5efa\u5feb\u7167\u3002
\u7528\u6237\u53ef\u4ee5\u4e3a\u4e91\u4e3b\u673a\u5b9a\u65f6\u521b\u5efa\u5feb\u7167\uff0c\u80fd\u591f\u4e3a\u6570\u636e\u63d0\u4f9b\u6301\u7eed\u7684\u4fdd\u62a4\uff0c\u786e\u4fdd\u5728\u53d1\u751f\u6570\u636e\u4e22\u5931\u3001\u635f\u574f\u6216\u5220\u9664\u7684\u60c5\u51b5\u4e0b\u53ef\u4ee5\u8fdb\u884c\u6709\u6548\u7684\u6570\u636e\u6062\u590d\u3002
"},{"location":"admin/virtnest/vm/scheduled-snapshot.html#_2","title":"\u5b9a\u65f6\u5feb\u7167\u6b65\u9aa4","text":"\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u4e0a\u7684 \u5bb9\u5668\u7ba1\u7406 -> \u96c6\u7fa4\u5217\u8868 \uff0c\u5728\u5217\u8868\u9875\u9762\uff0c\u9009\u62e9\u76ee\u6807\u4e91\u4e3b\u673a\u6240\u5728\u7684\u96c6\u7fa4\u3002 \u8fdb\u5165\u96c6\u7fa4\u540e\uff0c\u70b9\u51fb \u5de5\u4f5c\u8d1f\u8f7d -> \u5b9a\u65f6\u4efb\u52a1 \uff0c\u9009\u62e9 YAML \u521b\u5efa \u5b9a\u65f6\u4efb\u52a1\uff0c\u53c2\u8003\u4ee5\u4e0b YAML \u793a\u4f8b\u53ef\u4e3a\u6307\u5b9a\u4e91\u4e3b\u673a\u5b9a\u65f6\u521b\u5efa\u5feb\u7167\u3002
\u70b9\u51fb\u67e5\u770b\u521b\u5efa\u5b9a\u65f6\u4efb\u52a1\u7684 YAML \u793a\u4f8bapiVersion: batch/v1\nkind: CronJob\nmetadata:\n name: xxxxx-xxxxx-cronjob # \u5b9a\u65f6\u4efb\u52a1\u540d\u79f0, \u53ef\u81ea\u5b9a\u4e49\n namespace: virtnest-system # \u8bf7\u52ff\u4fee\u6539\u6b64namespace\nspec:\n schedule: \"5 * * * *\" # \u6309\u9700\u4fee\u6539\u5b9a\u65f6\u4efb\u52a1\u6267\u884c\u95f4\u9694\n concurrencyPolicy: Allow\n suspend: false\n successfulJobsHistoryLimit: 10\n failedJobsHistoryLimit: 3\n startingDeadlineSeconds: 60\n jobTemplate:\n spec:\n template:\n metadata:\n labels:\n virtnest.io/vm: xxxx # \u4fee\u6539\u4e3a\u9700\u8981\u5feb\u7167\u7684\u4e91\u4e3b\u673a\u540d\u79f0\n virtnest.io/namespace: xxxx # \u4fee\u6539\u4e3a\u4e91\u4e3b\u673a\u6240\u5728\u7684\u547d\u540d\u7a7a\u95f4\n spec:\n serviceAccountName: kubevirt-operator\n containers:\n - name: snapshot-job\n image: release.daocloud.io/virtnest/tools:v0.1.5 # \u79bb\u7ebf\u73af\u5883\u4e0b,\u4ed3\u5e93\u5730\u5740\u4fee\u6539\u4e3a\u5bf9\u5e94\u706b\u79cd\u96c6\u7fa4\u4ed3\u5e93\u5730\u5740\n imagePullPolicy: IfNotPresent\n env:\n - name: NS\n valueFrom:\n fieldRef:\n fieldPath: metadata.labels['virtnest.io/namespace']\n - name: VM\n valueFrom:\n fieldRef:\n fieldPath: metadata.labels['virtnest.io/vm']\n command:\n - /bin/sh\n - -c\n - |\n export SUFFIX=$(date +\"%Y%m%d-%H%M%S\")\n cat <<EOF | kubectl apply -f -\n apiVersion: snapshot.kubevirt.io/v1alpha1\n kind: VirtualMachineSnapshot\n metadata:\n name: $(VM)-snapshot-$SUFFIX\n namespace: $(NS)\n spec:\n source:\n apiGroup: kubevirt.io\n kind: VirtualMachine\n name: $(VM)\n EOF\n restartPolicy: OnFailure\n
\u521b\u5efa\u5b9a\u65f6\u4efb\u52a1\u5e76\u6210\u529f\u8fd0\u884c\u540e\uff0c\u53ef\u70b9\u51fb \u4e91\u4e3b\u673a \u5728\u5217\u8868\u9875\u9762\u9009\u62e9\u76ee\u6807\u4e91\u4e3b\u673a\uff0c\u8fdb\u5165\u8be6\u60c5\u540e\u53ef\u67e5\u770b\u5feb\u7167\u5217\u8868\u3002
\u672c\u6587\u5c06\u4ecb\u7ecd\u5982\u4f55\u4e3a\u4e91\u4e3b\u673a\u521b\u5efa\u5feb\u7167\uff0c\u5e76\u4ece\u5feb\u7167\u4e2d\u6062\u590d\u7684\u3002
\u7528\u6237\u53ef\u4ee5\u4e3a\u4e91\u4e3b\u673a\u521b\u5efa\u5feb\u7167\uff0c\u4fdd\u5b58\u4e91\u4e3b\u673a\u5f53\u4e0b\u7684\u72b6\u6001\uff0c\u4e00\u4e2a\u5feb\u7167\u53ef\u4ee5\u652f\u6301\u591a\u6b21\u6062\u590d\uff0c\u6bcf\u6b21\u6062\u590d\u65f6\uff0c \u4e91\u4e3b\u673a\u5c06\u88ab\u8fd8\u539f\u5230\u5feb\u7167\u521b\u5efa\u65f6\u7684\u72b6\u6001\u3002\u901a\u5e38\u53ef\u4ee5\u7528\u4e8e\u5907\u4efd\u3001\u6062\u590d\u3001\u56de\u6eda\u7b49\u573a\u666f\u3002
"},{"location":"admin/virtnest/vm/snapshot.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u4f7f\u7528\u5feb\u7167\u529f\u80fd\u4e4b\u524d\uff0c\u9700\u8981\u6ee1\u8db3\u4ee5\u4e0b\u524d\u63d0\u6761\u4ef6\uff1a
\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u4e0a\u7684 \u5bb9\u5668\u7ba1\u7406 \uff0c\u7136\u540e\u70b9\u51fb \u4e91\u4e3b\u673a \uff0c\u8fdb\u5165\u5217\u8868\u9875\u9762\uff0c\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507 \uff0c\u53ef\u4ee5\u5bf9\u975e\u9519\u8bef\u72b6\u6001\u4e0b\u7684\u4e91\u4e3b\u673a\u6267\u884c\u5feb\u7167\u64cd\u4f5c\u3002
\u5f39\u51fa\u5f39\u6846\uff0c\u9700\u8981\u586b\u5199\u5feb\u7167\u7684\u540d\u79f0\u548c\u63cf\u8ff0\uff0c\u521b\u5efa\u5feb\u7167\u5927\u6982\u9700\u8981\u51e0\u5206\u949f\u7684\u65f6\u95f4\uff0c\u5728\u6b64\u671f\u95f4\u65e0\u6cd5\u5bf9\u4e91\u4e3b\u673a\u505a\u4efb\u4f55\u64cd\u4f5c\u3002
\u521b\u5efa\u6210\u529f\u540e\u53ef\u4ee5\u5728\u4e91\u4e3b\u673a\u8be6\u60c5\u5185\u67e5\u770b\u5feb\u7167\u4fe1\u606f\uff0c\u652f\u6301\u7f16\u8f91\u63cf\u8ff0\u3001\u4ece\u5feb\u7167\u4e2d\u6062\u590d\u3001\u5220\u9664\u7b49\u64cd\u4f5c\u3002
\u70b9\u51fb \u4ece\u5feb\u7167\u6062\u590d \uff0c\u9700\u8981\u586b\u5199\u4e91\u4e3b\u673a\u6062\u590d\u8bb0\u5f55\u7684\u540d\u79f0\uff0c\u540c\u65f6\u6062\u590d\u64cd\u4f5c\u53ef\u80fd\u9700\u8981\u4e00\u4e9b\u65f6\u95f4\u6765\u5b8c\u6210\uff0c\u5177\u4f53\u53d6\u51b3\u4e8e\u5feb\u7167\u7684\u5927\u5c0f\u548c\u5176\u4ed6\u56e0\u7d20\u3002\u6062\u590d\u6210\u529f\u540e\uff0c\u4e91\u4e3b\u673a\u5c06\u56de\u5230\u5feb\u7167\u521b\u5efa\u65f6\u7684\u72b6\u6001\u3002
\u4e00\u6bb5\u65f6\u95f4\u540e\uff0c\u4e0b\u62c9\u5feb\u7167\u4fe1\u606f\uff0c\u53ef\u4ee5\u67e5\u770b\u5f53\u524d\u5feb\u7167\u7684\u6240\u6709\u6062\u590d\u8bb0\u5f55\uff0c\u5e76\u4e14\u652f\u6301\u5c55\u793a\u5b9a\u4f4d\u6062\u590d\u7684\u4f4d\u7f6e\u3002
\u672c\u6587\u5c06\u4ecb\u7ecd\u5982\u4f55\u5728\u521b\u5efa\u4e91\u4e3b\u673a\u65f6\uff0c\u914d\u7f6e\u7f51\u7edc\u4fe1\u606f\u3002
\u5728\u4e91\u4e3b\u673a\u4e2d\uff0c\u7f51\u7edc\u7ba1\u7406\u662f\u4e00\u4e2a\u5173\u952e\u7684\u90e8\u5206\uff0c\u5b83\u4f7f\u5f97\u6211\u4eec\u80fd\u591f\u5728 Kubernetes \u73af\u5883\u4e2d\u7ba1\u7406\u548c\u914d\u7f6e\u4e91\u4e3b\u673a\u7684\u7f51\u7edc\u8fde\u63a5\uff0c\u53ef\u4ee5\u6839\u636e\u4e0d\u540c\u7684\u9700\u6c42\u548c\u573a\u666f\u6765\u8fdb\u884c\u914d\u7f6e\uff0c\u5b9e\u73b0\u66f4\u7075\u6d3b\u548c\u591a\u6837\u5316\u7684\u7f51\u7edc\u67b6\u6784\u3002
\u5728\u4f7f\u7528\u4e91\u4e3b\u673a\u7f51\u7edc\u529f\u80fd\u4e4b\u524d\uff0c\u9700\u8981\u6839\u636e\u7f51\u7edc\u6a21\u5f0f\u7684\u4e0d\u540c\u914d\u7f6e\u4e0d\u540c\u7684\u4fe1\u606f\uff1a
\u9009\u62e9 Bridge \u7f51\u7edc\u6a21\u5f0f\u65f6\u9700\u8981\u63d0\u524d\u914d\u7f6e\u4e00\u4e9b\u4fe1\u606f\uff1a
\u914d\u7f6e\u4e91\u4e3b\u673a\u7684\u7f51\u7edc\u914d\u7f6e\uff0c\u53ef\u4ee5\u6839\u636e\u8868\u683c\u4fe1\u606f\u6309\u9700\u7ec4\u5408\u3002
\u7f51\u7edc\u6a21\u5f0f CNI \u662f\u5426\u5b89\u88c5 Spiderpool \u7f51\u5361\u6a21\u5f0f \u56fa\u5b9a IP \u5b9e\u65f6\u8fc1\u79fb Masquerade\uff08NAT\uff09 Calico \u274c \u5355\u7f51\u5361 \u274c \u2705 Cilium \u274c \u5355\u7f51\u5361 \u274c \u2705 Flannel \u274c \u5355\u7f51\u5361 \u274c \u2705 Bridge\uff08\u6865\u63a5\uff09 OVS \u2705 \u591a\u7f51\u5361 \u2705 \u2705\u7f51\u7edc\u6a21\u5f0f\uff1a\u5206\u4e3a Masquerade\uff08NAT\uff09\u3001Bridge\uff08\u6865\u63a5\uff09\u4e24\u79cd\uff0cBridge\uff08\u6865\u63a5\uff09\u6a21\u5f0f\u9700\u8981\u5b89\u88c5\u4e86 spiderpool \u7ec4\u4ef6\u540e\u65b9\u53ef\u4f7f\u7528\u3002
\u9ed8\u8ba4\u9009\u62e9 Masquerade\uff08NAT\uff09\u7684\u7f51\u7edc\u6a21\u5f0f\uff0c\u4f7f\u7528 eth0 \u9ed8\u8ba4\u7f51\u5361\u3002
\u82e5\u96c6\u7fa4\u5185\u5b89\u88c5\u4e86 spiderpool \u7ec4\u4ef6\uff0c\u5219\u652f\u6301\u9009\u62e9 Bridge\uff08\u6865\u63a5\uff09\u6a21\u5f0f\uff0c\u652f\u6301\u591a\u7f51\u5361\u5f62\u5f0f\u3002
\u9009\u62e9 Bridge \u6a21\u5f0f\u65f6\uff0c\u9700\u8981\u6709\u4e00\u4e9b\u524d\u63d0\u6761\u4ef6
\u6dfb\u52a0\u7f51\u5361
Bridge\uff08\u6865\u63a5\uff09\u6a21\u5f0f\u4e0b\u652f\u6301\u624b\u52a8\u6dfb\u52a0\u7f51\u5361\u3002\u70b9\u51fb \u6dfb\u52a0\u7f51\u5361 \uff0c\u8fdb\u884c\u7f51\u5361 IP \u6c60\u7684\u914d\u7f6e\u3002\u9009\u62e9\u548c\u7f51\u7edc\u6a21\u5f0f\u5339\u914d\u7684 Multus CR\uff0c\u82e5\u6ca1\u6709\u5219\u9700\u8981\u81ea\u884c\u521b\u5efa\u3002
\u82e5\u6253\u5f00 \u4f7f\u7528\u9ed8\u8ba4 IP \u6c60 \u5f00\u5173\uff0c\u5219\u4f7f\u7528 multus CR \u914d\u7f6e\u4e2d\u7684\u9ed8\u8ba4 IP \u6c60\u3002\u82e5\u5173\u95ed\u5f00\u5173\uff0c\u5219\u624b\u52a8\u9009\u62e9 IP \u6c60\u3002
\u672c\u6587\u5c06\u4ecb\u7ecd\u5982\u4f55\u5728\u521b\u5efa\u4e91\u4e3b\u673a\u65f6\uff0c\u914d\u7f6e\u5b58\u50a8\u4fe1\u606f\u3002
\u5b58\u50a8\u548c\u4e91\u4e3b\u673a\u7684\u529f\u80fd\u606f\u606f\u76f8\u5173\uff0c\u4e3b\u8981\u662f\u901a\u8fc7\u4f7f\u7528 Kubernetes \u7684\u6301\u4e45\u5377\u548c\u5b58\u50a8\u7c7b\uff0c\u63d0\u4f9b\u4e86\u7075\u6d3b\u4e14\u53ef\u6269\u5c55\u7684\u4e91\u4e3b\u673a\u5b58\u50a8\u80fd\u529b\u3002 \u6bd4\u5982\u4e91\u4e3b\u673a\u955c\u50cf\u5b58\u50a8\u5728 PVC \u91cc\uff0c\u652f\u6301\u548c\u5176\u4ed6\u6570\u636e\u4e00\u8d77\u514b\u9686\u3001\u5feb\u7167\u7b49
"},{"location":"admin/virtnest/vm/vm-sc.html#_2","title":"\u90e8\u7f72\u4e0d\u540c\u7684\u5b58\u50a8","text":"\u5728\u4f7f\u7528\u4e91\u4e3b\u673a\u5b58\u50a8\u529f\u80fd\u4e4b\u524d\uff0c\u9700\u8981\u6839\u636e\u9700\u8981\u90e8\u7f72\u4e0d\u540c\u7684\u5b58\u50a8\uff1a
kubectl apply -f
\u521b\u5efa\u4ee5\u4e0b YAML\uff1a---\napiVersion: v1\nkind: Namespace\nmetadata:\n name: local-path-storage\n\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: local-path-provisioner-service-account\n namespace: local-path-storage\n\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n name: local-path-provisioner-role\nrules:\n- apiGroups: [\"\"]\n resources: [\"nodes\", \"persistentvolumeclaims\", \"configmaps\"]\n verbs: [\"get\", \"list\", \"watch\"]\n- apiGroups: [\"\"]\n resources: [\"endpoints\", \"persistentvolumes\", \"pods\"]\n verbs: [\"*\"]\n- apiGroups: [\"\"]\n resources: [\"events\"]\n verbs: [\"create\", \"patch\"]\n- apiGroups: [\"storage.k8s.io\"]\n resources: [\"storageclasses\"]\n verbs: [\"get\", \"list\", \"watch\"]\n\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n name: local-path-provisioner-bind\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: local-path-provisioner-role\nsubjects:\n- kind: ServiceAccount\n name: local-path-provisioner-service-account\n namespace: local-path-storage\n\n---\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: local-path-provisioner\n namespace: local-path-storage\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: local-path-provisioner\n template:\n metadata:\n labels:\n app: local-path-provisioner\n spec:\n serviceAccountName: local-path-provisioner-service-account\n containers:\n - name: local-path-provisioner\n image: rancher/local-path-provisioner:v0.0.22\n imagePullPolicy: IfNotPresent\n command:\n - local-path-provisioner\n - --debug\n - start\n - --config\n - /etc/config/config.json\n volumeMounts:\n - name: config-volume\n mountPath: /etc/config/\n env:\n - name: POD_NAMESPACE\n valueFrom:\n fieldRef:\n fieldPath: metadata.namespace\n volumes:\n - name: config-volume\n configMap:\n name: local-path-config\n\n---\napiVersion: storage.k8s.io/v1\nkind: StorageClass\nmetadata:\n name: local-path\nprovisioner: rancher.io/local-path\nvolumeBindingMode: WaitForFirstConsumer\nreclaimPolicy: Delete\n\n---\nkind: ConfigMap\napiVersion: v1\nmetadata:\n name: local-path-config\n namespace: local-path-storage\ndata:\n config.json: |-\n {\n \"nodePathMap\": [\n {\n \"node\": \"DEFAULT_PATH_FOR_NON_LISTED_NODES\",\n \"paths\": [\"/opt/local-path-provisioner\"]\n }\n ]\n }\n setup: |-\n #!/bin/sh\n set -eu\n mkdir -m 0777 -p \"$VOL_DIR\"\n teardown: |-\n #!/bin/sh\n set -eu\n rm -rf \"$VOL_DIR\"\n helperPod.yaml: |-\n apiVersion: v1\n kind: Pod\n metadata:\n name: helper-pod\n spec:\n containers:\n - name: helper-pod\n image: busybox\n imagePullPolicy: IfNotPresent\n
"},{"location":"admin/virtnest/vm/vm-sc.html#_3","title":"\u4e91\u4e3b\u673a\u5b58\u50a8","text":"\u7cfb\u7edf\u76d8\uff1a\u7cfb\u7edf\u9ed8\u8ba4\u521b\u5efa\u4e00\u4e2a VirtIO \u7c7b\u578b\u7684 rootfs \u7cfb\u7edf\u76d8\uff0c\u7528\u4e8e\u5b58\u653e\u64cd\u4f5c\u7cfb\u7edf\u548c\u6570\u636e\u3002
\u6570\u636e\u76d8\uff1a\u6570\u636e\u76d8\u662f\u4e91\u4e3b\u673a\u4e2d\u7528\u4e8e\u5b58\u50a8\u7528\u6237\u6570\u636e\u3001\u5e94\u7528\u7a0b\u5e8f\u6570\u636e\u6216\u5176\u4ed6\u975e\u64cd\u4f5c\u7cfb\u7edf\u76f8\u5173\u6587\u4ef6\u7684\u5b58\u50a8\u8bbe\u5907\u3002\u4e0e\u7cfb\u7edf\u76d8\u76f8\u6bd4\uff0c\u6570\u636e\u76d8\u662f\u975e\u5fc5\u9009\u7684\uff0c\u53ef\u4ee5\u6839\u636e\u9700\u8981\u52a8\u6001\u6dfb\u52a0\u6216\u79fb\u9664\u3002\u6570\u636e\u76d8\u7684\u5bb9\u91cf\u4e5f\u53ef\u4ee5\u6839\u636e\u9700\u6c42\u8fdb\u884c\u7075\u6d3b\u914d\u7f6e\u3002
\u9ed8\u8ba4\u4f7f\u7528\u5757\u5b58\u50a8\u3002\u5982\u679c\u9700\u8981\u4f7f\u7528\u514b\u9686\u548c\u5feb\u7167\u529f\u80fd\uff0c\u8bf7\u786e\u4fdd\u60a8\u7684\u5b58\u50a8\u6c60\u5df2\u7ecf\u521b\u5efa\u4e86\u5bf9\u5e94\u7684 VolumeSnapshotClass\uff0c \u53ef\u4ee5\u53c2\u8003\u4ee5\u4e0b\u793a\u4f8b\u3002\u5982\u679c\u9700\u8981\u4f7f\u7528\u5b9e\u65f6\u8fc1\u79fb\u529f\u80fd\uff0c\u8bf7\u786e\u4fdd\u60a8\u7684\u5b58\u50a8\u652f\u6301\u5e76\u9009\u62e9\u4e86 ReadWriteMany \u7684\u8bbf\u95ee\u6a21\u5f0f \u3002
\u5927\u591a\u6570\u60c5\u51b5\u4e0b\uff0c\u5b58\u50a8\u5728\u5b89\u88c5\u8fc7\u7a0b\u4e2d\u4e0d\u4f1a\u81ea\u52a8\u521b\u5efa\u8fd9\u6837\u7684 VolumeSnapshotClass\uff0c\u56e0\u6b64\u60a8\u9700\u8981\u624b\u52a8\u521b\u5efa VolumeSnapshotClass\u3002 \u4ee5\u4e0b\u662f\u4e00\u4e2a HwameiStor \u521b\u5efa VolumeSnapshotClass \u7684\u793a\u4f8b\uff1a
kind: VolumeSnapshotClass\napiVersion: snapshot.storage.k8s.io/v1\nmetadata:\n name: hwameistor-storage-lvm-snapshot\n annotations:\n snapshot.storage.kubernetes.io/is-default-class: \"true\"\nparameters:\n snapsize: \"1073741824\"\ndriver: lvm.hwameistor.io\ndeletionPolicy: Delete\n
\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u68c0\u67e5 VolumeSnapshotClass \u662f\u5426\u521b\u5efa\u6210\u529f\u3002
kubectl get VolumeSnapshotClass\n
\u67e5\u770b\u5df2\u521b\u5efa\u7684 Snapshotclass\uff0c\u5e76\u4e14\u786e\u8ba4 Provisioner \u5c5e\u6027\u540c\u5b58\u50a8\u6c60\u4e2d\u7684 Driver \u5c5e\u6027\u4e00\u81f4\u3002
\u672c\u6587\u5c06\u4ecb\u7ecd\u5982\u4f55\u6784\u5efa\u9700\u8981\u7684\u4e91\u4e3b\u673a\u955c\u50cf\u3002
\u4e91\u4e3b\u673a\u955c\u50cf\u5176\u5b9e\u5c31\u662f\u526f\u672c\u6587\u4ef6\uff0c\u662f\u5b89\u88c5\u6709\u64cd\u4f5c\u7cfb\u7edf\u7684\u4e00\u4e2a\u78c1\u76d8\u5206\u533a\u3002\u5e38\u89c1\u7684\u955c\u50cf\u6587\u4ef6\u683c\u5f0f\u5305\u62ec raw\u3001qcow2\u3001vmdk\u7b49\u3002
"},{"location":"admin/virtnest/vm-image/index.html#_2","title":"\u6784\u5efa\u955c\u50cf","text":"\u4e0b\u9762\u662f\u6784\u5efa\u4e91\u4e3b\u673a\u955c\u50cf\u7684\u4e00\u4e9b\u8be6\u7ec6\u6b65\u9aa4\uff1a
\u4e0b\u8f7d\u7cfb\u7edf\u955c\u50cf
\u5728\u6784\u5efa\u4e91\u4e3b\u673a\u955c\u50cf\u4e4b\u524d\uff0c\u60a8\u9700\u8981\u4e0b\u8f7d\u6240\u9700\u7684\u7cfb\u7edf\u955c\u50cf\u3002\u6211\u4eec\u63a8\u8350\u4f7f\u7528 qcow2\u3001raw \u6216 vmdk \u683c\u5f0f\u7684\u955c\u50cf\u3002\u53ef\u4ee5\u8bbf\u95ee\u4ee5\u4e0b\u94fe\u63a5\u83b7\u53d6 CentOS \u548c Fedora \u7684\u955c\u50cf\uff1a
\u6784\u5efa Docker \u955c\u50cf\u5e76\u63a8\u9001\u5230\u5bb9\u5668\u955c\u50cf\u4ed3\u5e93
\u5728\u6b64\u6b65\u9aa4\u4e2d\uff0c\u6211\u4eec\u5c06\u4f7f\u7528 Docker \u6784\u5efa\u4e00\u4e2a\u955c\u50cf\uff0c\u5e76\u5c06\u5176\u63a8\u9001\u5230\u5bb9\u5668\u955c\u50cf\u4ed3\u5e93\uff0c\u4ee5\u4fbf\u5728\u9700\u8981\u65f6\u80fd\u591f\u65b9\u4fbf\u5730\u90e8\u7f72\u548c\u4f7f\u7528\u3002
\u521b\u5efa Dockerfile \u6587\u4ef6
FROM scratch\nADD --chown=107:107 CentOS-7-x86_64-GenericCloud.qcow2 /disk/\n
\u5411\u57fa\u4e8e\u7a7a\u767d\u955c\u50cf\u6784\u5efa\u7684\u955c\u50cf\u4e2d\u6dfb\u52a0\u540d\u4e3a CentOS-7-x86_64-GenericCloud.qcow2
\u7684\u6587\u4ef6\uff0c\u5e76\u5c06\u5176\u653e\u7f6e\u5728\u955c\u50cf\u4e2d\u7684 /disk/ \u76ee\u5f55\u4e0b\u3002\u901a\u8fc7\u8fd9\u4e2a\u64cd\u4f5c\uff0c\u955c\u50cf\u5c31\u5305\u542b\u4e86\u8fd9\u4e2a\u6587\u4ef6\uff0c\u53ef\u4ee5\u5728\u521b\u5efa\u4e91\u4e3b\u673a\u65f6\u4f7f\u7528\u5b83\u6765\u63d0\u4f9b CentOS 7 x86_64 \u7684\u64cd\u4f5c\u7cfb\u7edf\u73af\u5883\u3002
\u6784\u5efa\u955c\u50cf
docker build -t release-ci.daocloud.io/ghippo/kubevirt-demo/centos7:v1 .\n
\u4e0a\u8ff0\u547d\u4ee4\u5c06\u4f7f\u7528 Dockerfile \u4e2d\u7684\u6307\u4ee4\u6784\u5efa\u4e00\u4e2a\u540d\u4e3a release-ci.daocloud.io/ghippo/kubevirt-demo/centos7:v1
\u7684\u955c\u50cf\u3002\u60a8\u53ef\u4ee5\u6839\u636e\u9879\u76ee\u9700\u6c42\u4fee\u6539\u955c\u50cf\u540d\u79f0\u3002
\u63a8\u9001\u955c\u50cf\u81f3\u5bb9\u5668\u955c\u50cf\u4ed3\u5e93
\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u5c06\u6784\u5efa\u597d\u7684\u955c\u50cf\u63a8\u9001\u5230\u540d\u4e3a release-ci.daocloud.io
\u7684\u955c\u50cf\u4ed3\u5e93\uff0c\u60a8\u8fd8\u53ef\u4ee5\u6839\u636e\u9700\u8981\u4fee\u6539\u955c\u50cf\u4ed3\u5e93\u7684\u540d\u79f0\u548c\u5730\u5740\u3002
docker push release-ci.daocloud.io/ghippo/kubevirt-demo/centos7:v1\n
\u4ee5\u4e0a\u662f\u6784\u5efa\u4e91\u4e3b\u673a\u955c\u50cf\u7684\u8be6\u7ec6\u6b65\u9aa4\u548c\u8bf4\u660e\u3002\u901a\u8fc7\u6309\u7167\u8fd9\u4e9b\u6b65\u9aa4\u64cd\u4f5c\uff0c\u60a8\u5c06\u80fd\u591f\u6210\u529f\u6784\u5efa\u5e76\u63a8\u9001\u7528\u4e8e\u4e91\u4e3b\u673a\u7684\u955c\u50cf\uff0c\u4ee5\u6ee1\u8db3\u60a8\u7684\u4f7f\u7528\u9700\u6c42\u3002
"},{"location":"end-user/index.html","title":"\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0 - \u7ec8\u7aef\u7528\u6237","text":"\u8fd9\u662f\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u9762\u5411\u7ec8\u7aef\u7528\u6237\u7684\u4f7f\u7528\u6587\u6863\u3002
\u7528\u6237\u6ce8\u518c
\u7528\u6237\u6ce8\u518c\u662f\u4f7f\u7528 AI \u7b97\u529b\u5e73\u53f0\u7684\u7b2c\u4e00\u6b65\u3002
\u4e91\u4e3b\u673a
\u4e91\u4e3b\u673a\u662f\u90e8\u7f72\u5728\u4e91\u7aef\u7684\u865a\u62df\u673a\u3002
\u5bb9\u5668\u7ba1\u7406
\u5bb9\u5668\u7ba1\u7406\u662f AI \u7b97\u529b\u4e2d\u5fc3\u7684\u6838\u5fc3\u6a21\u5757\u3002
\u7b97\u6cd5\u5f00\u53d1
\u7ba1\u7406\u6570\u636e\u96c6\uff0c\u6267\u884c AI \u8bad\u7ec3\u548c\u63a8\u7406\u4efb\u52a1\u3002
\u53ef\u89c2\u6d4b\u6027
\u901a\u8fc7\u4eea\u8868\u76d8\u76d1\u63a7\u96c6\u7fa4\u3001\u8282\u70b9\u3001\u5de5\u4f5c\u8d1f\u8f7d\u72b6\u51b5\u3002
\u4e2a\u4eba\u4e2d\u5fc3
\u5728\u4e2a\u4eba\u4e2d\u5fc3\u8bbe\u7f6e\u5bc6\u7801\u3001\u5bc6\u94a5\u548c\u8bed\u8a00\u3002
\u672c\u6587\u63d0\u4f9b\u4e86\u7b80\u5355\u7684\u64cd\u4f5c\u624b\u518c\u4ee5\u4fbf\u7528\u6237\u4f7f\u7528 AI Lab \u8fdb\u884c\u6570\u636e\u96c6\u3001Notebook\u3001\u4efb\u52a1\u8bad\u7ec3\u7684\u6574\u4e2a\u5f00\u53d1\u3001\u8bad\u7ec3\u6d41\u7a0b\u3002
"},{"location":"end-user/baize/quick-start.html#_2","title":"\u51c6\u5907\u6570\u636e\u96c6","text":"\u70b9\u51fb \u6570\u636e\u7ba1\u7406 -> \u6570\u636e\u96c6 \uff0c\u9009\u62e9 \u521b\u5efa \u6309\u94ae\uff0c\u5206\u522b\u521b\u5efa\u4ee5\u4e0b\u4e09\u4e2a\u6570\u636e\u96c6\u3002
"},{"location":"end-user/baize/quick-start.html#_3","title":"\u6570\u636e\u96c6\uff1a\u8bad\u7ec3\u4ee3\u7801","text":"tensorflow/tf-fashion-mnist-sample
Note
\u76ee\u524d\u4ec5\u652f\u6301\u8bfb\u5199\u6a21\u5f0f\u4e3a ReadWriteMany
\u7684 StorageClass
\uff0c\u8bf7\u4f7f\u7528 NFS \u6216\u8005\u63a8\u8350\u7684 JuiceFS\u3002
\u672c\u6b21\u8bad\u7ec3\u4f7f\u7528\u7684\u6570\u636e\u4e3a https://github.com/zalandoresearch/fashion-mnist.git\uff0c \u8fd9\u662f Fashion-MNIST \u6570\u636e\u96c6\u3002
\u5982\u679c\u662f\u4e2d\u56fd\u5883\u5185\u7684\u7528\u6237\uff0c\u53ef\u4ee5\u4f7f\u7528 Gitee \u52a0\u901f\uff1ahttps://gitee.com/samzong_lu/fashion-mnist.git
Note
\u5982\u679c\u672a\u521b\u5efa\u8bad\u7ec3\u6570\u636e\u7684\u6570\u636e\u96c6\uff0c\u901a\u8fc7\u8bad\u7ec3\u811a\u672c\u4e5f\u4f1a\u81ea\u52a8\u4e0b\u8f7d\uff1b\u63d0\u524d\u51c6\u5907\u8bad\u7ec3\u6570\u636e\u53ef\u4ee5\u63d0\u9ad8\u8bad\u7ec3\u901f\u5ea6\u3002
"},{"location":"end-user/baize/quick-start.html#_5","title":"\u6570\u636e\u96c6\uff1a\u7a7a\u6570\u636e\u96c6","text":"AI Lab \u652f\u6301\u5c06 PVC
\u4f5c\u4e3a\u6570\u636e\u96c6\u7684\u6570\u636e\u6e90\u7c7b\u578b\uff0c\u6240\u4ee5\u521b\u5efa\u4e00\u4e2a\u7a7a PVC \u7ed1\u5b9a\u5230\u6570\u636e\u96c6\u540e\uff0c\u53ef\u5c06\u7a7a\u6570\u636e\u96c6\u4f5c\u4e3a\u5b58\u653e\u540e\u7eed\u8bad\u7ec3\u4efb\u52a1\u7684\u8f93\u51fa\u6570\u636e\u96c6\uff0c\u5b58\u653e\u6a21\u578b\u548c\u65e5\u5fd7\u3002
\u811a\u672c\u5728\u8fd0\u884c\u65f6\uff0c\u9700\u8981\u4f9d\u8d56 Tensorflow
\u7684 Python \u5e93\uff0c\u53ef\u4ee5\u4f7f\u7528 AI Lab \u7684\u73af\u5883\u4f9d\u8d56\u7ba1\u7406\u529f\u80fd\uff0c\u63d0\u524d\u5c06\u9700\u8981\u7684 Python \u5e93\u4e0b\u8f7d\u548c\u51c6\u5907\u5b8c\u6210\uff0c\u65e0\u9700\u4f9d\u8d56\u955c\u50cf\u6784\u5efa
\u53c2\u8003\u73af\u5883\u4f9d\u8d56 \u7684\u64cd\u4f5c\u65b9\u5f0f\uff0c\u6dfb\u52a0\u4e00\u4e2a CONDA
\u73af\u5883.
name: tensorflow\nchannels:\n - defaults\n - conda-forge\ndependencies:\n - python=3.12\n - tensorflow\nprefix: /opt/conda/envs/tensorflow\n
Note
\u7b49\u5f85\u73af\u5883\u9884\u70ed\u6210\u529f\u540e\uff0c\u53ea\u9700\u8981\u5c06\u6b64\u73af\u5883\u6302\u8f7d\u5230 Notebook\u3001\u8bad\u7ec3\u4efb\u52a1\u4e2d\uff0c\u4f7f\u7528 AI Lab \u63d0\u4f9b\u7684\u57fa\u7840\u955c\u50cf\u5c31\u53ef\u4ee5
"},{"location":"end-user/baize/quick-start.html#notebook","title":"\u4f7f\u7528 Notebook \u8c03\u8bd5\u811a\u672c","text":"\u51c6\u5907\u5f00\u53d1\u73af\u5883\uff0c\u70b9\u51fb\u5bfc\u822a\u680f\u7684 Notebooks \uff0c\u70b9\u51fb \u521b\u5efa \u3002
\u5c06\u51c6\u5907\u597d\u7684\u4e09\u4e2a\u6570\u636e\u96c6\u8fdb\u884c\u5173\u8054\uff0c\u6302\u8f7d\u8def\u5f84\u8bf7\u53c2\u7167\u4e0b\u56fe\u586b\u5199\uff0c\u6ce8\u610f\u5c06\u9700\u8981\u4f7f\u7528\u7684\u7a7a\u6570\u636e\u96c6\u5728 \u8f93\u51fa\u6570\u636e\u96c6\u4f4d\u7f6e\u914d\u7f6e
\u9009\u62e9\u5e76\u7ed1\u5b9a\u73af\u5883\u4f9d\u8d56\u5305
\u7b49\u5f85 Notebook \u521b\u5efa\u6210\u529f\uff0c\u70b9\u51fb\u5217\u8868\u4e2d\u7684\u8bbf\u95ee\u5730\u5740\uff0c\u8fdb\u5165 Notebook\u3002\u5e76\u5728 Notebook \u7684\u7ec8\u7aef\u4e2d\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u8fdb\u884c\u4efb\u52a1\u8bad\u7ec3\u3002
Note
\u811a\u672c\u4f7f\u7528 Tensorflow\uff0c\u5982\u679c\u5fd8\u8bb0\u5173\u8054\u4f9d\u8d56\u5e93\uff0c\u4e5f\u53ef\u4ee5\u4e34\u65f6\u7528 pip install tensorflow
\u5b89\u88c5\u3002
python /home/jovyan/code/tensorflow/tf-fashion-mnist-sample/train.py\n
Tensorflow
\u5355\u673a\u4efb\u52a1\u5728\u4efb\u52a1\u8d44\u6e90\u914d\u7f6e\u4e2d\uff0c\u6b63\u786e\u914d\u7f6e\u4efb\u52a1\u8d44\u6e90\u540e\uff0c\u70b9\u51fb \u4e0b\u4e00\u6b65
tensorflow
\u7684 Python \u5e93bash
\u5373\u53ef\u542f\u7528\u547d\u4ee4\uff1a
python /home/jovyan/code/tensorflow/tf-fashion-mnist-sample/train.py\n
\u5728\u9ad8\u7ea7\u914d\u7f6e\u4e2d\uff0c\u542f\u7528 \u4efb\u52a1\u5206\u6790\uff08Tensorboard\uff09 \uff0c\u70b9\u51fb \u786e\u5b9a \u3002
Note
\u65e5\u5fd7\u6240\u5728\u4f4d\u7f6e\u4e3a\u8f93\u51fa\u6570\u636e\u96c6\u7684 /home/jovyan/model/train/logs/
\u8fd4\u56de\u8bad\u7ec3\u4efb\u52a1\u5217\u8868\uff0c\u7b49\u5230\u72b6\u6001\u53d8\u4e3a \u6210\u529f \u3002\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507 \uff0c\u53ef\u4ee5\u67e5\u770b\u8be6\u60c5\u3001\u514b\u9686\u4efb\u52a1\u3001\u66f4\u65b0\u4f18\u5148\u7ea7\u3001\u67e5\u770b\u65e5\u5fd7\u548c\u5220\u9664\u7b49\u64cd\u4f5c\u3002
\u6210\u529f\u521b\u5efa\u4efb\u52a1\u540e\uff0c\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u4efb\u52a1\u5206\u6790 \uff0c\u53ef\u4ee5\u67e5\u770b\u4efb\u52a1\u72b6\u6001\u5e76\u5bf9\u4efb\u52a1\u8bad\u7ec3\u8fdb\u884c\u8c03\u4f18\u3002
AI Lab \u63d0\u4f9b\u6a21\u578b\u5f00\u53d1\u3001\u8bad\u7ec3\u4ee5\u53ca\u63a8\u7406\u8fc7\u7a0b\u6240\u6709\u9700\u8981\u7684\u6570\u636e\u96c6\u7ba1\u7406\u529f\u80fd\u3002\u76ee\u524d\u652f\u6301\u5c06\u591a\u79cd\u6570\u636e\u6e90\u7edf\u4e00\u63a5\u5165\u80fd\u529b\u3002
\u901a\u8fc7\u7b80\u5355\u914d\u7f6e\u5373\u53ef\u5c06\u6570\u636e\u6e90\u63a5\u5165\u5230 AI Lab \u4e2d\uff0c\u5b9e\u73b0\u6570\u636e\u7684\u7edf\u4e00\u7eb3\u7ba1\u3001\u9884\u70ed\u3001\u6570\u636e\u96c6\u7ba1\u7406\u7b49\u529f\u80fd\u3002
"},{"location":"end-user/baize/dataset/create-use-delete.html#_2","title":"\u521b\u5efa\u6570\u636e\u96c6","text":"\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u4e2d\u70b9\u51fb \u6570\u636e\u7ba1\u7406 -> \u6570\u636e\u96c6\u5217\u8868 \uff0c\u70b9\u51fb\u53f3\u4fa7\u7684 \u521b\u5efa \u6309\u94ae\u3002
\u9009\u62e9\u6570\u636e\u96c6\u5f52\u5c5e\u7684\u5de5\u4f5c\u96c6\u7fa4\u3001\u547d\u540d\u7a7a\u95f4 \u4e0b\u4e00\u6b65 \u3002
\u914d\u7f6e\u76ee\u6807\u6570\u636e\u7684\u6570\u636e\u6e90\u7c7b\u578b\uff0c\u7136\u540e\u70b9\u51fb \u786e\u5b9a \u3002
\u76ee\u524d\u652f\u6301\u8fd9\u51e0\u79cd\u6570\u636e\u6e90\uff1a
\u6570\u636e\u96c6\u521b\u5efa\u6210\u529f\u5c06\u8fd4\u56de\u6570\u636e\u96c6\u5217\u8868\u3002\u4f60\u53ef\u4ee5\u901a\u8fc7\u53f3\u4fa7\u7684 \u2507 \u6267\u884c\u66f4\u591a\u64cd\u4f5c\u3002
Info
\u7cfb\u7edf\u81ea\u52a8\u4f1a\u5728\u6570\u636e\u96c6\u521b\u5efa\u6210\u529f\u540e\uff0c\u7acb\u5373\u8fdb\u884c\u4e00\u6b21\u6027\u7684\u6570\u636e\u9884\u52a0\u8f7d\uff1b\u5728\u9884\u52a0\u8f7d\u5b8c\u6210\u4e4b\u524d\uff0c\u6570\u636e\u96c6\u4e0d\u53ef\u4ee5\u4f7f\u7528\u3002
"},{"location":"end-user/baize/dataset/create-use-delete.html#_3","title":"\u6570\u636e\u96c6\u4f7f\u7528","text":"\u6570\u636e\u96c6\u521b\u5efa\u6210\u529f\u540e\uff0c\u53ef\u4ee5\u5728\u6a21\u578b\u8bad\u7ec3\u3001\u63a8\u7406\u7b49\u4efb\u52a1\u4e2d\u4f7f\u7528\u3002
"},{"location":"end-user/baize/dataset/create-use-delete.html#notebook","title":"\u5728 Notebook \u4e2d\u4f7f\u7528","text":"\u5728\u521b\u5efa Notebook \u4e2d\uff0c\u53ef\u4ee5\u76f4\u63a5\u4f7f\u7528\u6570\u636e\u96c6\uff1b\u4f7f\u7528\u65b9\u5f0f\u5982\u4e0b\uff1a
\u5982\u679c\u53d1\u73b0\u6570\u636e\u96c6\u5197\u4f59\u3001\u8fc7\u671f\u6216\u56e0\u5176\u4ed6\u7f18\u6545\u4e0d\u518d\u9700\u8981\uff0c\u53ef\u4ee5\u4ece\u6570\u636e\u96c6\u5217\u8868\u4e2d\u5220\u9664\u3002
\u5728\u6570\u636e\u96c6\u5217\u8868\u53f3\u4fa7\u70b9\u51fb \u2507 \uff0c\u5728\u5f39\u51fa\u83dc\u5355\u4e2d\u9009\u62e9 \u5220\u9664 \u3002
\u5728\u5f39\u7a97\u4e2d\u786e\u8ba4\u8981\u5220\u9664\u7684\u6570\u636e\u96c6\uff0c\u8f93\u5165\u6570\u636e\u96c6\u540d\u79f0\u540e\u70b9\u51fb \u5220\u9664 \u3002
\u5c4f\u5e55\u63d0\u793a\u5220\u9664\u6210\u529f\uff0c\u8be5\u6570\u636e\u96c6\u4ece\u5217\u8868\u4e2d\u6d88\u5931\u3002
Caution
\u6570\u636e\u96c6\u4e00\u65e6\u5220\u9664\u5c06\u4e0d\u53ef\u6062\u590d\uff0c\u8bf7\u8c28\u614e\u64cd\u4f5c\u3002
"},{"location":"end-user/baize/dataset/environments.html","title":"\u7ba1\u7406\u73af\u5883","text":"\u672c\u6587\u8bf4\u660e\u5982\u4f55\u5728 AI Lab \u4e2d\u7ba1\u7406\u4f60\u7684\u73af\u5883\u4f9d\u8d56\u5e93\uff0c\u4ee5\u4e0b\u662f\u5177\u4f53\u64cd\u4f5c\u6b65\u9aa4\u548c\u6ce8\u610f\u4e8b\u9879\u3002
\u4f20\u7edf\u65b9\u5f0f\uff0c\u4e00\u822c\u4f1a\u5c06 Python \u73af\u5883\u4f9d\u8d56\u5728\u955c\u50cf\u4e2d\u6784\u5efa\uff0c\u955c\u50cf\u5e26\u6709 Python \u7248\u672c\u548c\u4f9d\u8d56\u5305\u7684\u955c\u50cf\uff0c\u7ef4\u62a4\u6210\u672c\u8f83\u9ad8\u4e14\u66f4\u65b0\u4e0d\u65b9\u4fbf\uff0c\u5f80\u5f80\u9700\u8981\u91cd\u65b0\u6784\u5efa\u955c\u50cf\u3002
\u800c\u5728 AI Lab \u4e2d\uff0c\u7528\u6237\u53ef\u4ee5\u901a\u8fc7 \u73af\u5883\u7ba1\u7406 \u6a21\u5757\u6765\u7ba1\u7406\u7eaf\u7cb9\u7684\u73af\u5883\u4f9d\u8d56\uff0c\u5c06\u8fd9\u90e8\u5206\u4ece\u955c\u50cf\u4e2d\u89e3\u8026\uff0c\u5e26\u6765\u7684\u4f18\u52bf\u6709\uff1a
\u4ee5\u4e0b\u4e3a\u73af\u5883\u7ba1\u7406\u7684\u4e3b\u8981\u7ec4\u6210\u90e8\u5206\uff1a
\u5728 \u73af\u5883\u7ba1\u7406 \u754c\u9762\uff0c\u70b9\u51fb\u53f3\u4e0a\u89d2\u7684 \u521b\u5efa \u6309\u94ae\uff0c\u8fdb\u5165\u521b\u5efa\u73af\u5883\u7684\u6d41\u7a0b\u3002
\u5b57\u6bb5 \u63cf\u8ff0 \u4e3e\u4f8b\u503c \u540d\u79f0 \u8f93\u5165\u73af\u5883\u7684\u540d\u79f0\uff0c\u957f\u5ea6\u4e3a 2-63 \u4e2a\u5b57\u7b26\uff0c\u5fc5\u987b\u4ee5\u5c0f\u5199\u5b57\u6bcd\u3001\u6570\u5b57\u5f00\u5934\u548c\u7ed3\u5c3e\u3002 my-environment \u90e8\u7f72\u4f4d\u7f6e \u96c6\u7fa4 \uff1a\u9009\u62e9\u9700\u8981\u90e8\u7f72\u7684\u96c6\u7fa4gpu-cluster
\u547d\u540d\u7a7a\u95f4 \uff1a\u9009\u62e9\u547d\u540d\u7a7a\u95f4 default
\u5907\u6ce8 \u586b\u5199\u5907\u6ce8\u4fe1\u606f\u3002 \u8fd9\u662f\u4e00\u4e2a\u6d4b\u8bd5\u73af\u5883 \u6807\u7b7e \u4e3a\u73af\u5883\u6dfb\u52a0\u6807\u7b7e\u3002 env:test \u6ce8\u89e3 \u4e3a\u73af\u5883\u6dfb\u52a0\u6ce8\u89e3\u3002\u586b\u5199\u5b8c\u6210\u540e\uff0c\u70b9\u51fb \u4e0b\u4e00\u6b65 \u8fdb\u5165\u73af\u5883\u914d\u7f6e\u3002 \u6ce8\u89e3\u793a\u4f8b"},{"location":"end-user/baize/dataset/environments.html#_4","title":"\u914d\u7f6e\u73af\u5883","text":"\u5728\u73af\u5883\u914d\u7f6e\u6b65\u9aa4\u4e2d\uff0c\u7528\u6237\u9700\u8981\u914d\u7f6e Python \u7248\u672c\u548c\u4f9d\u8d56\u5305\u7ba1\u7406\u5de5\u5177\u3002
\u5b57\u6bb5 \u63cf\u8ff0 \u4e3e\u4f8b\u503c Python \u7248\u672c \u9009\u62e9\u6240\u9700\u7684 Python \u7248\u672c 3.12.3 \u5305\u7ba1\u7406\u5668 \u9009\u62e9\u5305\u7ba1\u7406\u5de5\u5177\uff0c\u53ef\u9009PIP
\u6216 CONDA
PIP Environment Data \u5982\u679c\u9009\u62e9 PIP
\uff1a\u5728\u4e0b\u65b9\u7f16\u8f91\u5668\u4e2d\u8f93\u5165 requirements.txt
\u683c\u5f0f\u7684\u4f9d\u8d56\u5305\u5217\u8868\u3002 numpy==1.21.0 \u5982\u679c\u9009\u62e9 CONDA
\uff1a\u5728\u4e0b\u65b9\u7f16\u8f91\u5668\u4e2d\u8f93\u5165 environment.yaml
\u683c\u5f0f\u7684\u4f9d\u8d56\u5305\u5217\u8868\u3002 \u5176\u4ed6\u9009\u9879 pip \u989d\u5916\u7d22\u5f15\u5730\u5740 \uff1a\u914d\u7f6e pip \u989d\u5916\u7684\u7d22\u5f15\u5730\u5740\uff1b\u9002\u7528\u4e8e\u4f01\u4e1a\u5185\u90e8\u6709\u81ea\u5df1\u7684\u79c1\u6709\u4ed3\u5e93\u6216\u8005 PIP \u52a0\u901f\u7ad9\u70b9\u3002 https://pypi.example.com
GPU \u914d\u7f6e \uff1a\u542f\u7528\u6216\u7981\u7528 GPU \u914d\u7f6e\uff1b\u90e8\u5206\u6d89\u53ca\u5230 GPU \u7684\u4f9d\u8d56\u5305\u9700\u8981\u5728\u9884\u52a0\u8f7d\u65f6\u914d\u7f6e GPU \u8d44\u6e90\u3002 \u542f\u7528 \u5173\u8054\u5b58\u50a8 \uff1a\u9009\u62e9\u5173\u8054\u7684\u5b58\u50a8\u914d\u7f6e\uff1b\u73af\u5883\u4f9d\u8d56\u5305\u4f1a\u5b58\u50a8\u5728\u5173\u8054\u5b58\u50a8\u4e2d\u3002\u6ce8\u610f\uff1a\u9700\u8981\u4f7f\u7528\u652f\u6301 ReadWriteMany
\u7684\u5b58\u50a8\u3002 my-storage-config \u914d\u7f6e\u5b8c\u6210\u540e\uff0c\u70b9\u51fb \u521b\u5efa \u6309\u94ae\uff0c\u7cfb\u7edf\u4f1a\u81ea\u52a8\u521b\u5efa\u5e76\u914d\u7f6e\u65b0\u7684 Python \u73af\u5883\u3002
"},{"location":"end-user/baize/dataset/environments.html#_5","title":"\u6545\u969c\u6392\u9664","text":"\u5982\u679c\u73af\u5883\u521b\u5efa\u5931\u8d25\uff1a
\u5982\u679c\u4f9d\u8d56\u9884\u70ed\u5931\u8d25\uff1a
requirements.txt
\u6216 environment.yaml
\u6587\u4ef6\u683c\u5f0f\u662f\u5426\u6b63\u786e\u3002 \u4ee5\u4e0a\u5373\u4e3a\u5728 AI Lab \u4e2d\u7ba1\u7406 Python \u4f9d\u8d56\u5e93\u7684\u57fa\u672c\u64cd\u4f5c\u6b65\u9aa4\u548c\u6ce8\u610f\u4e8b\u9879\u3002
"},{"location":"end-user/baize/inference/models.html","title":"\u4e86\u89e3\u6a21\u578b\u652f\u6301\u60c5\u51b5","text":"\u968f\u7740 AI Lab \u7684\u5feb\u901f\u8fed\u4ee3\uff0c\u6211\u4eec\u5df2\u7ecf\u652f\u6301\u4e86\u591a\u79cd\u6a21\u578b\u7684\u63a8\u7406\u670d\u52a1\uff0c\u60a8\u53ef\u4ee5\u5728\u8fd9\u91cc\u770b\u5230\u6240\u652f\u6301\u7684\u6a21\u578b\u4fe1\u606f\u3002
LLama
\u3001Qwen
\u3001ChatGLM
\u7b49\u3002\u60a8\u53ef\u4ee5\u5728 AI Lab \u4e2d\u4f7f\u7528\u7ecf\u8fc7\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u9a8c\u8bc1\u8fc7\u7684 GPU \u7c7b\u578b\uff1b \u66f4\u591a\u7ec6\u8282\u53c2\u9605 GPU \u652f\u6301\u77e9\u9635\u3002
"},{"location":"end-user/baize/inference/models.html#triton-inference-server","title":"Triton Inference Server","text":"\u901a\u8fc7 Triton Inference Server \u53ef\u4ee5\u5f88\u597d\u7684\u652f\u6301\u4f20\u7edf\u7684\u6df1\u5ea6\u5b66\u4e60\u6a21\u578b\uff0c\u6211\u4eec\u76ee\u524d\u652f\u6301\u4e3b\u6d41\u7684\u63a8\u7406\u540e\u7aef\u670d\u52a1\uff1a
Backend \u652f\u6301\u6a21\u578b\u683c\u5f0f \u4ecb\u7ecd pytorch TorchScript\u3001PyTorch 2.0 \u683c\u5f0f\u7684\u6a21\u578b triton-inference-server/pytorch_backend tensorflow TensorFlow 2.x triton-inference-server/tensorflow_backend vLLM(Deprecated) \u4e0e vLLM \u4e00\u81f4 \u652f\u6301\u7684\u6a21\u578b\u548c vLLM support Model \u4e00\u81f4Danger
\u4f7f\u7528 Triton \u7684 Backend vLLM \u7684\u65b9\u5f0f\u5df2\u88ab\u5f03\u7528\uff0c\u63a8\u8350\u4f7f\u7528\u6700\u65b0\u652f\u6301 vLLM \u6765\u90e8\u7f72\u60a8\u7684\u5927\u8bed\u8a00\u6a21\u578b\u3002
"},{"location":"end-user/baize/inference/models.html#vllm","title":"vLLM","text":"\u901a\u8fc7 vLLM \u6211\u4eec\u53ef\u4ee5\u5f88\u5feb\u7684\u4f7f\u7528\u5927\u8bed\u8a00\u6a21\u578b\uff0c\u60a8\u53ef\u4ee5\u5728\u8fd9\u91cc\u770b\u5230\u6211\u4eec\u652f\u6301\u7684\u6a21\u578b\u5217\u8868\uff0c\u8fd9\u901a\u5e38\u548c vLLM Support Models
\u4fdd\u6301\u4e00\u81f4\u3002
\u76ee\u524d\uff0cAI Lab \u8fd8\u652f\u6301\u5728\u4f7f\u7528 vLLM \u4f5c\u4e3a\u63a8\u7406\u5de5\u5177\u65f6\u7684\u4e00\u4e9b\u65b0\u7279\u6027\uff1a
Lora Adapter
\u6765\u4f18\u5316\u6a21\u578b\u63a8\u7406\u670d\u52a1OpenAI
\u7684 OpenAPI
\u63a5\u53e3\uff0c\u65b9\u4fbf\u7528\u6237\u5207\u6362\u5230\u672c\u5730\u63a8\u7406\u670d\u52a1\u65f6\uff0c\u53ef\u4ee5\u4f4e\u6210\u672c\u7684\u5feb\u901f\u5207\u6362AI Lab \u76ee\u524d\u63d0\u4f9b\u4ee5 Triton\u3001vLLM \u4f5c\u4e3a\u63a8\u7406\u6846\u67b6\uff0c\u7528\u6237\u53ea\u9700\u7b80\u5355\u914d\u7f6e\u5373\u53ef\u5feb\u901f\u542f\u52a8\u4e00\u4e2a\u9ad8\u6027\u80fd\u7684\u63a8\u7406\u670d\u52a1\u3002
Danger
\u4f7f\u7528 Triton \u7684 Backend vLLM \u7684\u65b9\u5f0f\u5df2\u88ab\u5f03\u7528\uff0c\u63a8\u8350\u4f7f\u7528\u6700\u65b0\u652f\u6301 vLLM \u6765\u90e8\u7f72\u60a8\u7684\u5927\u8bed\u8a00\u6a21\u578b\u3002
"},{"location":"end-user/baize/inference/triton-inference.html#triton_1","title":"Triton\u4ecb\u7ecd","text":"Triton \u662f\u7531 NVIDIA \u5f00\u53d1\u7684\u4e00\u4e2a\u5f00\u6e90\u63a8\u7406\u670d\u52a1\u5668\uff0c\u65e8\u5728\u7b80\u5316\u673a\u5668\u5b66\u4e60\u6a21\u578b\u7684\u90e8\u7f72\u548c\u63a8\u7406\u670d\u52a1\u3002\u5b83\u652f\u6301\u591a\u79cd\u6df1\u5ea6\u5b66\u4e60\u6846\u67b6\uff0c\u5305\u62ec TensorFlow\u3001PyTorch \u7b49\uff0c\u4f7f\u5f97\u7528\u6237\u80fd\u591f\u8f7b\u677e\u7ba1\u7406\u548c\u90e8\u7f72\u4e0d\u540c\u7c7b\u578b\u7684\u6a21\u578b\u3002
"},{"location":"end-user/baize/inference/triton-inference.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u51c6\u5907\u6a21\u578b\u6570\u636e\uff1a\u5728\u6570\u636e\u96c6\u7ba1\u7406\u4e2d\u7eb3\u7ba1\u6a21\u578b\u4ee3\u7801\uff0c\u5e76\u4fdd\u8bc1\u6570\u636e\u6210\u529f\u9884\u52a0\u8f7d\uff0c\u4e0b\u9762\u4ee5 mnist \u624b\u5199\u6570\u5b57\u8bc6\u522b\u7684 PyTorch \u6a21\u578b\u4e3a\u4f8b\u3002
Note
\u5f85\u63a8\u7406\u7684\u6a21\u578b\u5728\u6570\u636e\u96c6\u4e2d\u9700\u8981\u9075\u4ee5\u4e0b\u76ee\u5f55\u683c\u5f0f\uff1a
<model-repository-name>\n \u2514\u2500\u2500 <model-name>\n \u2514\u2500\u2500 <version>\n \u2514\u2500\u2500 <model-definition-file>\n
\u672c\u4f8b\u4e2d\u7684\u76ee\u5f55\u683c\u5f0f\u4e3a\uff1a
model-repo\n \u2514\u2500\u2500 mnist-cnn\n \u2514\u2500\u2500 1\n \u2514\u2500\u2500 model.pt\n
"},{"location":"end-user/baize/inference/triton-inference.html#_2","title":"\u521b\u5efa\u63a8\u7406\u670d\u52a1","text":"\u76ee\u524d\u5df2\u7ecf\u652f\u6301\u8868\u5355\u521b\u5efa\uff0c\u53ef\u4ee5\u754c\u9762\u5b57\u6bb5\u63d0\u793a\uff0c\u8fdb\u884c\u670d\u52a1\u521b\u5efa\u3002
"},{"location":"end-user/baize/inference/triton-inference.html#_3","title":"\u914d\u7f6e\u6a21\u578b\u8def\u5f84","text":"\u6a21\u578b\u8def\u5f84 model-repo/mnist-cnn/1/model.pt
\u9700\u8981\u548c\u6570\u636e\u96c6\u4e2d\u7684\u6a21\u578b\u76ee\u5f55\u683c\u5f0f\u4e00\u81f4\u3002
Note
\u8f93\u5165\u548c\u8f93\u51fa\u53c2\u6570\u7684\u7b2c\u4e00\u4e2a\u7ef4\u5ea6\u9ed8\u8ba4\u4e3a batchsize
\u7684\u5927\u5c0f\uff0c\u8bbe\u7f6e\u4e3a -1
\u53ef\u4ee5\u6839\u636e\u8f93\u5165\u7684\u63a8\u7406\u6570\u636e\u81ea\u52a8\u8ba1\u7b97 batchsize\u3002\u53c2\u6570\u5176\u4f59\u7ef4\u5ea6\u548c\u6570\u636e\u7c7b\u578b\u9700\u8981\u4e0e\u6a21\u578b\u8f93\u5165\u5339\u914d\u3002
\u53ef\u4ee5\u5bfc\u5165 \u73af\u5883\u7ba1\u7406 \u4e2d\u521b\u5efa\u7684\u73af\u5883\u4f5c\u4e3a\u63a8\u7406\u65f6\u7684\u8fd0\u884c\u73af\u5883\u3002
"},{"location":"end-user/baize/inference/triton-inference.html#_7","title":"\u9ad8\u7ea7\u914d\u7f6e","text":""},{"location":"end-user/baize/inference/triton-inference.html#_8","title":"\u914d\u7f6e\u8ba4\u8bc1\u7b56\u7565","text":"\u652f\u6301 API key
\u7684\u8bf7\u6c42\u65b9\u5f0f\u8ba4\u8bc1\uff0c\u7528\u6237\u53ef\u4ee5\u81ea\u5b9a\u4e49\u589e\u52a0\u8ba4\u8bc1\u53c2\u6570\u3002
\u652f\u6301 \u6839\u636e GPU \u8d44\u6e90\u7b49\u8282\u70b9\u914d\u7f6e\u5b9e\u73b0\u81ea\u52a8\u5316\u7684\u4eb2\u548c\u6027\u8c03\u5ea6\uff0c\u540c\u65f6\u4e5f\u65b9\u4fbf\u7528\u6237\u81ea\u5b9a\u4e49\u8c03\u5ea6\u7b56\u7565\u3002
"},{"location":"end-user/baize/inference/triton-inference.html#_10","title":"\u8bbf\u95ee","text":""},{"location":"end-user/baize/inference/triton-inference.html#api","title":"API \u8bbf\u95ee","text":"\u53d1\u9001 HTTP POST \u8bf7\u6c42\uff1a\u4f7f\u7528\u5de5\u5177\u5982 curl
\u6216 HTTP \u5ba2\u6237\u7aef\u5e93\uff08\u5982 Python \u7684 requests
\u5e93\uff09\u5411 Triton Server \u53d1\u9001 POST \u8bf7\u6c42\u3002
\u8bbe\u7f6e HTTP \u5934\uff1a\u6839\u636e\u7528\u6237\u914d\u7f6e\u9879\u81ea\u52a8\u751f\u6210\u7684\u914d\u7f6e\uff0c\u5305\u542b\u6a21\u578b\u8f93\u5165\u548c\u8f93\u51fa\u7684\u5143\u6570\u636e\u3002
\u6784\u5efa\u8bf7\u6c42\u4f53\uff1a\u8bf7\u6c42\u4f53\u901a\u5e38\u5305\u542b\u8981\u8fdb\u884c\u63a8\u7406\u7684\u8f93\u5165\u6570\u636e\uff0c\u4ee5\u53ca\u6a21\u578b\u7279\u5b9a\u7684\u5143\u6570\u636e\u3002
curl -X POST \"http://<ip>:<port>/v2/models/<inference-name>/infer\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"inputs\": [\n {\n \"name\": \"model_input\", \n \"shape\": [1, 1, 32, 32], \n \"datatype\": \"FP32\", \n \"data\": [\n [0.1234, 0.5678, 0.9101, ... ] \n ]\n }\n ]\n }'\n
<ip>
\u662f Triton Inference Server \u8fd0\u884c\u7684\u4e3b\u673a\u5730\u5740\u3002<port>
\u662f Triton Inference Server \u8fd0\u884c\u7684\u4e3b\u673a\u7aef\u53e3\u53f7\u3002<inference-name>
\u662f\u6240\u521b\u5efa\u7684\u63a8\u7406\u670d\u52a1\u7684\u540d\u79f0\u3002\"name\"
\u8981\u4e0e\u6a21\u578b\u914d\u7f6e\u4e2d\u7684\u8f93\u5165\u53c2\u6570\u7684 name
\u4e00\u81f4\u3002\"shape\"
\u8981\u4e0e\u6a21\u578b\u914d\u7f6e\u4e2d\u7684\u8f93\u5165\u53c2\u6570\u7684 dims
\u4e00\u81f4\u3002\"datatype\"
\u8981\u4e0e\u6a21\u578b\u914d\u7f6e\u4e2d\u7684\u8f93\u5165\u53c2\u6570\u7684 Data Type
\u4e00\u81f4\u3002\"data\"
\u66ff\u6362\u4e3a\u5b9e\u9645\u7684\u63a8\u7406\u6570\u636e\u3002\u8bf7\u6ce8\u610f\uff0c\u4e0a\u8ff0\u793a\u4f8b\u4ee3\u7801\u9700\u8981\u6839\u636e\u4f60\u7684\u5177\u4f53\u6a21\u578b\u548c\u73af\u5883\u8fdb\u884c\u8c03\u6574\uff0c\u8f93\u5165\u6570\u636e\u7684\u683c\u5f0f\u548c\u5185\u5bb9\u4e5f\u9700\u8981\u7b26\u5408\u6a21\u578b\u7684\u8981\u6c42\u3002
"},{"location":"end-user/baize/inference/vllm-inference.html","title":"\u521b\u5efa vLLM \u63a8\u7406\u670d\u52a1","text":"AI Lab \u652f\u6301\u4ee5 vLLM \u4f5c\u4e3a\u63a8\u7406\u670d\u52a1\uff0c\u63d0\u4f9b\u5168\u90e8 vLLM \u7684\u80fd\u529b\uff0c\u540c\u65f6\u63d0\u4f9b\u4e86\u5b8c\u5168\u9002\u914d OpenAI \u63a5\u53e3\u5b9a\u4e49\u3002
"},{"location":"end-user/baize/inference/vllm-inference.html#vllm_1","title":"vLLM \u4ecb\u7ecd","text":"vLLM \u662f\u4e00\u4e2a\u5feb\u901f\u4e14\u6613\u4e8e\u4f7f\u7528\u7684\u7528\u4e8e\u63a8\u7406\u548c\u670d\u52a1\u7684\u5e93\uff0cvLLM \u65e8\u5728\u6781\u5927\u5730\u63d0\u5347\u5b9e\u65f6\u573a\u666f\u4e0b\u7684\u8bed\u8a00\u6a21\u578b\u670d\u52a1\u7684\u541e\u5410\u4e0e\u5185\u5b58\u4f7f\u7528\u6548\u7387\u3002vLLM \u5728\u901f\u5ea6\u3001\u7075\u6d3b\u6027\u65b9\u9762\u5177\u6709\u4ee5\u4e0b\u90e8\u5206\u7279\u70b9\uff1a
\u51c6\u5907\u6a21\u578b\u6570\u636e\uff1a\u5728\u6570\u636e\u96c6\u7ba1\u7406\u4e2d\u7eb3\u7ba1\u6a21\u578b\u4ee3\u7801\uff0c\u5e76\u4fdd\u8bc1\u6570\u636e\u6210\u529f\u9884\u52a0\u8f7d\u3002
"},{"location":"end-user/baize/inference/vllm-inference.html#_2","title":"\u521b\u5efa\u63a8\u7406\u670d\u52a1","text":"\u9009\u62e9 vLLM
\u63a8\u7406\u6846\u67b6\uff0c\u5e76\u5728\u9009\u62e9\u6a21\u578b\u6a21\u5757\u9009\u62e9\u63d0\u524d\u521b\u5efa\u597d\u7684\u6a21\u578b\u6570\u636e\u96c6 hdd-models
\u5e76\u586b\u5199\u6570\u636e\u96c6\u4e2d\u6a21\u578b\u6240\u5728\u7684\u8def\u5f84
\u4fe1\u606f\u3002
\u672c\u6587\u63a8\u7406\u670d\u52a1\u7684\u521b\u5efa\u4f7f\u7528 ChatGLM3 \u6a21\u578b\u3002
\u914d\u7f6e\u63a8\u7406\u670d\u52a1\u7684\u8d44\u6e90\uff0c\u5e76\u8c03\u6574\u63a8\u7406\u670d\u52a1\u8fd0\u884c\u7684\u53c2\u6570\u3002
\u53c2\u6570\u540d \u63cf\u8ff0 GPU \u8d44\u6e90 \u6839\u636e\u6a21\u578b\u89c4\u6a21\u4ee5\u53ca\u96c6\u7fa4\u8d44\u6e90\u53ef\u4ee5\u4e3a\u63a8\u7406\u914d\u7f6e GPU \u8d44\u6e90\u3002 \u5141\u8bb8\u8fdc\u7a0b\u4ee3\u7801 \u63a7\u5236 vLLM \u662f\u5426\u4fe1\u4efb\u5e76\u6267\u884c\u6765\u81ea\u8fdc\u7a0b\u6e90\u7684\u4ee3\u7801 LoRA LoRA \u662f\u4e00\u79cd\u9488\u5bf9\u6df1\u5ea6\u5b66\u4e60\u6a21\u578b\u7684\u53c2\u6570\u9ad8\u6548\u8c03\u6574\u6280\u672f\u3002\u5b83\u901a\u8fc7\u5c06\u539f\u59cb\u6a21\u578b\u53c2\u6570\u77e9\u9635\u5206\u89e3\u4e3a\u4f4e\u79e9\u77e9\u9635\uff0c\u4ece\u800c\u51cf\u5c11\u53c2\u6570\u6570\u91cf\u548c\u8ba1\u7b97\u590d\u6742\u5ea6\u3002 1.--lora-modules
\uff1a\u7528\u6765\u6307\u5b9a\u7279\u5b9a\u6a21\u5757\u6216\u5c42\u8fdb\u884c\u4f4e\u79e9\u8fd1\u4f3c 2. max_loras_rank
\uff1a\u7528\u6765\u6307\u5b9a LoRA \u6a21\u578b\u4e2d\u6bcf\u4e2a\u9002\u914d\u5c42\u7684\u6700\u5927\u79e9\uff0c\u5bf9\u4e8e\u7b80\u5355\u7684\u4efb\u52a1\uff0c\u53ef\u4ee5\u9009\u62e9\u8f83\u5c0f\u7684\u79e9\u503c\uff0c\u800c\u5bf9\u4e8e\u590d\u6742\u4efb\u52a1\uff0c\u53ef\u80fd\u9700\u8981\u8f83\u5927\u7684\u79e9\u503c\u6765\u4fdd\u8bc1\u6a21\u578b\u6027\u80fd\u3002 3. max_loras
\uff1a\u8868\u793a\u6a21\u578b\u4e2d\u53ef\u4ee5\u5305\u542b\u7684 LoRA \u5c42\u7684\u6700\u5927\u6570\u91cf\uff0c\u6839\u636e\u6a21\u578b\u5927\u5c0f\u3001\u63a8\u7406\u590d\u6742\u5ea6\u7b49\u56e0\u7d20\u81ea\u5b9a 4. max_cpu_loras
\uff1a\u7528\u4e8e\u6307\u5b9a\u5728 CPU \u73af\u5883\u4e2d\u53ef\u4ee5\u5904\u7406\u7684 LoRA \u5c42\u7684\u6700\u5927\u6570\u3002 \u5173\u8054\u73af\u5883 \u901a\u8fc7\u9009\u62e9\u73af\u5883\u9884\u5b9a\u4e49\u63a8\u7406\u65f6\u6240\u9700\u7684\u73af\u5883\u4f9d\u8d56\u3002 Info
\u652f\u6301\u914d\u7f6e LoRA \u53c2\u6570\u7684\u6a21\u578b\u53ef\u53c2\u8003 vLLM \u652f\u6301\u7684\u6a21\u578b\u3002
\u5728 \u9ad8\u7ea7\u914d\u7f6e \u4e2d\uff0c\u652f\u6301\u6839\u636e GPU \u8d44\u6e90\u7b49\u8282\u70b9\u914d\u7f6e\u5b9e\u73b0\u81ea\u52a8\u5316\u7684\u4eb2\u548c\u6027\u8c03\u5ea6\uff0c\u540c\u65f6\u4e5f\u65b9\u4fbf\u7528\u6237\u81ea\u5b9a\u4e49\u8c03\u5ea6\u7b56\u7565\u3002
\u63a8\u7406\u670d\u52a1\u521b\u5efa\u5b8c\u6210\u4e4b\u540e\uff0c\u70b9\u51fb\u63a8\u7406\u670d\u52a1\u540d\u79f0\u8fdb\u5165\u8be6\u60c5\uff0c\u67e5\u770b API \u8c03\u7528\u65b9\u6cd5\u3002\u901a\u8fc7\u4f7f\u7528 Curl\u3001Python\u3001Nodejs \u7b49\u65b9\u5f0f\u9a8c\u8bc1\u6267\u884c\u7ed3\u679c\u3002
\u62f7\u8d1d\u8be6\u60c5\u4e2d\u7684 curl
\u547d\u4ee4\uff0c\u5e76\u5728\u7ec8\u7aef\u4e2d\u6267\u884c\u547d\u4ee4\u53d1\u9001\u4e00\u6761\u6a21\u578b\u63a8\u7406\u8bf7\u6c42\uff0c\u9884\u671f\u8f93\u51fa\uff1a
\u4efb\u52a1\u7ba1\u7406\u662f\u6307\u901a\u8fc7\u4f5c\u4e1a\u8c03\u5ea6\u548c\u7ba1\u63a7\u7ec4\u4ef6\u6765\u521b\u5efa\u548c\u7ba1\u7406\u4efb\u52a1\u751f\u547d\u5468\u671f\u7684\u529f\u80fd\u3002
AI Lab \u91c7\u7528 Kubernetes \u7684 Job \u673a\u5236\u6765\u8c03\u5ea6\u5404\u9879 AI \u63a8\u7406\u3001\u8bad\u7ec3\u4efb\u52a1\u3002
"},{"location":"end-user/baize/jobs/create.html#_1","title":"\u901a\u7528\u6b65\u9aa4","text":"\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u4e2d\u70b9\u51fb \u4efb\u52a1\u4e2d\u5fc3 -> \u8bad\u7ec3\u4efb\u52a1 \uff0c\u70b9\u51fb\u53f3\u4fa7\u7684 \u521b\u5efa \u6309\u94ae\u3002
\u7cfb\u7edf\u4f1a\u9884\u5148\u586b\u5145\u57fa\u7840\u914d\u7f6e\u6570\u636e\uff0c\u5305\u62ec\u8981\u90e8\u7f72\u7684\u96c6\u7fa4\u3001\u547d\u540d\u7a7a\u95f4\u3001\u4efb\u52a1\u7c7b\u578b\u3001\u961f\u5217\u3001\u4f18\u5148\u7ea7\u7b49\u3002 \u8c03\u6574\u8fd9\u4e9b\u53c2\u6570\u540e\u70b9\u51fb \u4e0b\u4e00\u6b65 \u3002
\u914d\u7f6e\u955c\u50cf\u5730\u5740\u3001\u8fd0\u884c\u53c2\u6570\u4ee5\u53ca\u5173\u8054\u7684\u6570\u636e\u96c6\u3001\u73af\u5883\u548c\u8d44\u6e90\u540e\uff0c\u70b9\u51fb \u4e0b\u4e00\u6b65 \u3002
\u6309\u9700\u6dfb\u52a0\u6807\u7b7e\u3001\u6ce8\u89e3\u3001\u73af\u5883\u53d8\u91cf\u7b49\u4efb\u52a1\u53c2\u6570\uff0c\u9009\u62e9\u8c03\u5ea6\u7b56\u7565\u540e\u70b9\u51fb \u786e\u5b9a \u3002
\u4efb\u52a1\u521b\u5efa\u6210\u529f\u540e\uff0c\u4f1a\u6709\u51e0\u79cd\u8fd0\u884c\u72b6\u6001\uff1a
\u5982\u679c\u53d1\u73b0\u4efb\u52a1\u5197\u4f59\u3001\u8fc7\u671f\u6216\u56e0\u5176\u4ed6\u7f18\u6545\u4e0d\u518d\u9700\u8981\uff0c\u53ef\u4ee5\u4ece\u8bad\u7ec3\u4efb\u52a1\u5217\u8868\u4e2d\u5220\u9664\u3002
\u5728\u8bad\u7ec3\u4efb\u52a1\u5217\u8868\u53f3\u4fa7\u70b9\u51fb \u2507 \uff0c\u5728\u5f39\u51fa\u83dc\u5355\u4e2d\u9009\u62e9 \u5220\u9664 \u3002
\u5728\u5f39\u7a97\u4e2d\u786e\u8ba4\u8981\u5220\u9664\u7684\u4efb\u52a1\uff0c\u8f93\u5165\u4efb\u52a1\u540d\u79f0\u540e\u70b9\u51fb \u5220\u9664 \u3002
\u5c4f\u5e55\u63d0\u793a\u5220\u9664\u6210\u529f\uff0c\u8be5\u4efb\u52a1\u4ece\u5217\u8868\u4e2d\u6d88\u5931\u3002
Caution
\u4efb\u52a1\u4e00\u65e6\u5220\u9664\u5c06\u4e0d\u53ef\u6062\u590d\uff0c\u8bf7\u8c28\u614e\u64cd\u4f5c\u3002
"},{"location":"end-user/baize/jobs/mpi.html","title":"MPI \u4efb\u52a1","text":"MPI\uff08Message Passing Interface\uff09\u662f\u4e00\u79cd\u7528\u4e8e\u5e76\u884c\u8ba1\u7b97\u7684\u901a\u4fe1\u534f\u8bae\uff0c\u5b83\u5141\u8bb8\u591a\u4e2a\u8ba1\u7b97\u8282\u70b9\u4e4b\u95f4\u8fdb\u884c\u6d88\u606f\u4f20\u9012\u548c\u534f\u4f5c\u3002 MPI \u4efb\u52a1\u662f\u4f7f\u7528 MPI \u534f\u8bae\u8fdb\u884c\u5e76\u884c\u8ba1\u7b97\u7684\u4efb\u52a1\uff0c\u9002\u7528\u4e8e\u9700\u8981\u5927\u89c4\u6a21\u5e76\u884c\u5904\u7406\u7684\u5e94\u7528\u573a\u666f\uff0c\u4f8b\u5982\u5206\u5e03\u5f0f\u8bad\u7ec3\u3001\u79d1\u5b66\u8ba1\u7b97\u7b49\u3002
\u5728 AI Lab \u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86 MPI \u4efb\u52a1\u7684\u652f\u6301\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7\u754c\u9762\u5316\u64cd\u4f5c\uff0c\u5feb\u901f\u521b\u5efa MPI \u4efb\u52a1\uff0c\u8fdb\u884c\u9ad8\u6027\u80fd\u7684\u5e76\u884c\u8ba1\u7b97\u3002 \u672c\u6559\u7a0b\u5c06\u6307\u5bfc\u60a8\u5982\u4f55\u5728 AI Lab \u4e2d\u521b\u5efa\u548c\u8fd0\u884c\u4e00\u4e2a MPI \u4efb\u52a1\u3002
"},{"location":"end-user/baize/jobs/mpi.html#_1","title":"\u4efb\u52a1\u914d\u7f6e\u4ecb\u7ecd","text":"MPI
\uff0c\u7528\u4e8e\u8fd0\u884c\u5e76\u884c\u8ba1\u7b97\u4efb\u52a1\u3002\u5728\u8fd9\u91cc\u6211\u4eec\u4f7f\u7528 baize-notebook
\u57fa\u7840\u955c\u50cf\u548c \u5173\u8054\u73af\u5883 \u7684\u65b9\u5f0f\u6765\u4f5c\u4e3a\u4efb\u52a1\u7684\u57fa\u7840\u8fd0\u884c\u73af\u5883\u3002 \u786e\u4fdd\u8fd0\u884c\u73af\u5883\u4e2d\u5305\u542b MPI \u53ca\u76f8\u5173\u5e93\uff0c\u5982 OpenMPI\u3001mpi4py
\u7b49\u3002
\u6ce8\u610f \uff1a\u4e86\u89e3\u5982\u4f55\u521b\u5efa\u73af\u5883\uff0c\u8bf7\u53c2\u8003\u73af\u5883\u5217\u8868\u3002
"},{"location":"end-user/baize/jobs/mpi.html#mpi_1","title":"\u521b\u5efa MPI \u4efb\u52a1","text":""},{"location":"end-user/baize/jobs/mpi.html#mpi_2","title":"MPI \u4efb\u52a1\u521b\u5efa\u6b65\u9aa4","text":"MPI
\uff0c\u7136\u540e\u70b9\u51fb \u4e0b\u4e00\u6b65\u3002mpirun
\uff0c\u8fd9\u662f\u8fd0\u884c MPI \u7a0b\u5e8f\u7684\u547d\u4ee4\u3002\u793a\u4f8b\uff1a\u8fd0\u884c TensorFlow Benchmarks
\u5728\u672c\u793a\u4f8b\u4e2d\uff0c\u6211\u4eec\u5c06\u8fd0\u884c\u4e00\u4e2a TensorFlow \u7684\u57fa\u51c6\u6d4b\u8bd5\u7a0b\u5e8f\uff0c\u4f7f\u7528 Horovod \u8fdb\u884c\u5206\u5e03\u5f0f\u8bad\u7ec3\u3002 \u9996\u5148\uff0c\u786e\u4fdd\u60a8\u4f7f\u7528\u7684\u955c\u50cf\u4e2d\u5305\u542b\u6240\u9700\u7684\u4f9d\u8d56\u9879\uff0c\u4f8b\u5982 TensorFlow\u3001Horovod\u3001Open MPI \u7b49\u3002
\u955c\u50cf\u9009\u62e9 \uff1a\u4f7f\u7528\u5305\u542b TensorFlow \u548c MPI \u7684\u955c\u50cf\uff0c\u4f8b\u5982 mai.daocloud.io/docker.io/mpioperator/tensorflow-benchmarks:latest
\u3002
\u547d\u4ee4\u53c2\u6570 \uff1a
mpirun --allow-run-as-root -np 2 -bind-to none -map-by slot \\\n -x NCCL_DEBUG=INFO -x LD_LIBRARY_PATH -x PATH \\\n -mca pml ob1 -mca btl ^openib \\\n python scripts/tf_cnn_benchmarks/tf_cnn_benchmarks.py \\\n --model=resnet101 --batch_size=64 --variable_update=horovod\n
\u8bf4\u660e \uff1a
mpirun
\uff1aMPI \u7684\u542f\u52a8\u547d\u4ee4\u3002--allow-run-as-root
\uff1a\u5141\u8bb8\u4ee5 root \u7528\u6237\u8fd0\u884c\uff08\u5728\u5bb9\u5668\u4e2d\u901a\u5e38\u662f root \u7528\u6237\uff09\u3002-np 2
\uff1a\u6307\u5b9a\u8fd0\u884c\u7684\u8fdb\u7a0b\u6570\u4e3a 2\u3002-bind-to none
\uff0c-map-by slot
\uff1aMPI \u8fdb\u7a0b\u7ed1\u5b9a\u548c\u6620\u5c04\u7684\u914d\u7f6e\u3002-x NCCL_DEBUG=INFO
\uff1a\u8bbe\u7f6e NCCL\uff08NVIDIA Collective Communication Library\uff09\u7684\u8c03\u8bd5\u4fe1\u606f\u7ea7\u522b\u3002-x LD_LIBRARY_PATH
\uff0c-x PATH
\uff1a\u5728 MPI \u73af\u5883\u4e2d\u4f20\u9012\u5fc5\u8981\u7684\u73af\u5883\u53d8\u91cf\u3002-mca pml ob1 -mca btl ^openib
\uff1aMPI \u7684\u914d\u7f6e\u53c2\u6570\uff0c\u6307\u5b9a\u4f20\u8f93\u5c42\u548c\u6d88\u606f\u5c42\u534f\u8bae\u3002python scripts/tf_cnn_benchmarks/tf_cnn_benchmarks.py
\uff1a\u8fd0\u884c TensorFlow \u57fa\u51c6\u6d4b\u8bd5\u811a\u672c\u3002--model=resnet101
\uff0c--batch_size=64
\uff0c--variable_update=horovod
\uff1aTensorFlow \u811a\u672c\u7684\u53c2\u6570\uff0c\u6307\u5b9a\u6a21\u578b\u3001\u6279\u91cf\u5927\u5c0f\u548c\u4f7f\u7528 Horovod \u8fdb\u884c\u53c2\u6570\u66f4\u65b0\u3002\u5728\u4efb\u52a1\u914d\u7f6e\u4e2d\uff0c\u9700\u8981\u4e3a\u6bcf\u4e2a\u8282\u70b9\uff08Launcher \u548c Worker\uff09\u5206\u914d\u9002\u5f53\u7684\u8d44\u6e90\uff0c\u4f8b\u5982 CPU\u3001\u5185\u5b58\u548c GPU\u3002
\u8d44\u6e90\u793a\u4f8b \uff1a
Launcher\uff08\u542f\u52a8\u5668\uff09 \uff1a
Worker\uff08\u5de5\u4f5c\u8282\u70b9\uff09 \uff1a
\u4ee5\u4e0b\u662f\u5b8c\u6574\u7684 MPIJob \u914d\u7f6e\u793a\u4f8b\uff0c\u4f9b\u60a8\u53c2\u8003\u3002
apiVersion: kubeflow.org/v1\nkind: MPIJob\nmetadata:\n name: tensorflow-benchmarks\nspec:\n slotsPerWorker: 1\n runPolicy:\n cleanPodPolicy: Running\n mpiReplicaSpecs:\n Launcher:\n replicas: 1\n template:\n spec:\n containers:\n - name: tensorflow-benchmarks\n image: mai.daocloud.io/docker.io/mpioperator/tensorflow-benchmarks:latest\n command:\n - mpirun\n - --allow-run-as-root\n - -np\n - \"2\"\n - -bind-to\n - none\n - -map-by\n - slot\n - -x\n - NCCL_DEBUG=INFO\n - -x\n - LD_LIBRARY_PATH\n - -x\n - PATH\n - -mca\n - pml\n - ob1\n - -mca\n - btl\n - ^openib\n - python\n - scripts/tf_cnn_benchmarks/tf_cnn_benchmarks.py\n - --model=resnet101\n - --batch_size=64\n - --variable_update=horovod\n resources:\n limits:\n cpu: \"2\"\n memory: 4Gi\n requests:\n cpu: \"2\"\n memory: 4Gi\n Worker:\n replicas: 2\n template:\n spec:\n containers:\n - name: tensorflow-benchmarks\n image: mai.daocloud.io/docker.io/mpioperator/tensorflow-benchmarks:latest\n resources:\n limits:\n cpu: \"2\"\n memory: 4Gi\n nvidia.com/gpumem: 1k\n nvidia.com/vgpu: \"1\"\n requests:\n cpu: \"2\"\n memory: 4Gi\n
\u914d\u7f6e\u89e3\u6790 \uff1a
apiVersion
\u548c kind
\uff1a\u8868\u793a\u8d44\u6e90\u7684 API \u7248\u672c\u548c\u7c7b\u578b\uff0cMPIJob
\u662f Kubeflow \u5b9a\u4e49\u7684\u81ea\u5b9a\u4e49\u8d44\u6e90\uff0c\u7528\u4e8e\u521b\u5efa MPI \u7c7b\u578b\u7684\u4efb\u52a1\u3002metadata
\uff1a\u5143\u6570\u636e\uff0c\u5305\u542b\u4efb\u52a1\u7684\u540d\u79f0\u7b49\u4fe1\u606f\u3002spec
\uff1a\u4efb\u52a1\u7684\u8be6\u7ec6\u914d\u7f6e\u3002slotsPerWorker
\uff1a\u6bcf\u4e2a Worker \u8282\u70b9\u7684\u69fd\u4f4d\u6570\u91cf\uff0c\u901a\u5e38\u8bbe\u7f6e\u4e3a 1\u3002runPolicy
\uff1a\u8fd0\u884c\u7b56\u7565\uff0c\u4f8b\u5982\u4efb\u52a1\u5b8c\u6210\u540e\u662f\u5426\u6e05\u7406 Pod\u3002mpiReplicaSpecs
\uff1aMPI \u4efb\u52a1\u7684\u526f\u672c\u914d\u7f6e\u3002Launcher
\uff1a\u542f\u52a8\u5668\uff0c\u8d1f\u8d23\u542f\u52a8 MPI \u4efb\u52a1\u3002replicas
\uff1a\u526f\u672c\u6570\uff0c\u901a\u5e38\u4e3a 1\u3002template
\uff1aPod \u6a21\u677f\uff0c\u5b9a\u4e49\u5bb9\u5668\u8fd0\u884c\u7684\u955c\u50cf\u3001\u547d\u4ee4\u3001\u8d44\u6e90\u7b49\u3002Worker
\uff1a\u5de5\u4f5c\u8282\u70b9\uff0c\u5b9e\u9645\u6267\u884c\u4efb\u52a1\u7684\u8ba1\u7b97\u8282\u70b9\u3002replicas
\uff1a\u526f\u672c\u6570\uff0c\u6839\u636e\u5e76\u884c\u9700\u6c42\u8bbe\u7f6e\uff0c\u8fd9\u91cc\u8bbe\u7f6e\u4e3a 2\u3002template
\uff1aPod \u6a21\u677f\uff0c\u540c\u6837\u5b9a\u4e49\u5bb9\u5668\u7684\u8fd0\u884c\u73af\u5883\u548c\u8d44\u6e90\u3002\u5728\u521b\u5efa MPI \u4efb\u52a1\u65f6\uff0c\u9700\u8981\u6839\u636e mpiReplicaSpecs
\u4e2d\u914d\u7f6e\u7684\u526f\u672c\u6570\uff0c\u6b63\u786e\u8bbe\u7f6e \u4efb\u52a1\u526f\u672c\u6570\u3002
Launcher
\u526f\u672c\u6570 + Worker
\u526f\u672c\u6570\u672c\u793a\u4f8b\u4e2d\uff1a
Launcher
\u526f\u672c\u6570\uff1a1Worker
\u526f\u672c\u6570\uff1a2\u56e0\u6b64\uff0c\u5728\u4efb\u52a1\u914d\u7f6e\u4e2d\uff0c\u60a8\u9700\u8981\u5c06 \u4efb\u52a1\u526f\u672c\u6570 \u8bbe\u7f6e\u4e3a 3\u3002
"},{"location":"end-user/baize/jobs/mpi.html#_6","title":"\u63d0\u4ea4\u4efb\u52a1","text":"\u914d\u7f6e\u5b8c\u6210\u540e\uff0c\u70b9\u51fb \u63d0\u4ea4 \u6309\u94ae\uff0c\u5f00\u59cb\u8fd0\u884c MPI \u4efb\u52a1\u3002
"},{"location":"end-user/baize/jobs/mpi.html#_7","title":"\u67e5\u770b\u8fd0\u884c\u7ed3\u679c","text":"\u4efb\u52a1\u63d0\u4ea4\u6210\u529f\u540e\uff0c\u60a8\u53ef\u4ee5\u8fdb\u5165 \u4efb\u52a1\u8be6\u60c5 \u9875\u9762\uff0c\u67e5\u770b\u8d44\u6e90\u7684\u4f7f\u7528\u60c5\u51b5\u548c\u4efb\u52a1\u7684\u8fd0\u884c\u72b6\u6001\u3002 \u4ece\u53f3\u4e0a\u89d2\u8fdb\u5165 \u5de5\u4f5c\u8d1f\u8f7d\u8be6\u60c5\uff0c\u53ef\u4ee5\u67e5\u770b\u8fd0\u884c\u8fc7\u7a0b\u4e2d\u6bcf\u4e2a\u8282\u70b9\u7684\u65e5\u5fd7\u8f93\u51fa\u3002
\u793a\u4f8b\u8f93\u51fa\uff1a
TensorFlow: 1.13\nModel: resnet101\nMode: training\nBatch size: 64\n...\n\nTotal images/sec: 125.67\n
\u8fd9\u8868\u793a MPI \u4efb\u52a1\u6210\u529f\u8fd0\u884c\uff0cTensorFlow \u57fa\u51c6\u6d4b\u8bd5\u7a0b\u5e8f\u5b8c\u6210\u4e86\u5206\u5e03\u5f0f\u8bad\u7ec3\u3002
"},{"location":"end-user/baize/jobs/mpi.html#_8","title":"\u5c0f\u7ed3","text":"\u901a\u8fc7\u672c\u6559\u7a0b\uff0c\u60a8\u5b66\u4e60\u4e86\u5982\u4f55\u5728 AI Lab \u5e73\u53f0\u4e0a\u521b\u5efa\u548c\u8fd0\u884c\u4e00\u4e2a MPI \u4efb\u52a1\u3002\u6211\u4eec\u8be6\u7ec6\u4ecb\u7ecd\u4e86 MPIJob \u7684\u914d\u7f6e\u65b9\u5f0f\uff0c \u4ee5\u53ca\u5982\u4f55\u5728\u4efb\u52a1\u4e2d\u6307\u5b9a\u8fd0\u884c\u7684\u547d\u4ee4\u548c\u8d44\u6e90\u9700\u6c42\u3002\u5e0c\u671b\u672c\u6559\u7a0b\u5bf9\u60a8\u6709\u6240\u5e2e\u52a9\uff0c\u5982\u6709\u4efb\u4f55\u95ee\u9898\uff0c\u8bf7\u53c2\u8003\u5e73\u53f0\u63d0\u4f9b\u7684\u5176\u4ed6\u6587\u6863\u6216\u8054\u7cfb\u6280\u672f\u652f\u6301\u3002
\u9644\u5f55 \uff1a
mpi4py
\u3001Horovod \u7b49\uff09\uff0c\u8bf7\u5728\u4efb\u52a1\u4e2d\u6dfb\u52a0\u5b89\u88c5\u547d\u4ee4\uff0c\u6216\u8005\u4f7f\u7528\u9884\u88c5\u4e86\u76f8\u5173\u4f9d\u8d56\u7684\u955c\u50cf\u3002Warning
\u7531\u4e8e Apache MXNet \u9879\u76ee\u5df2\u5b58\u6863\uff0c\u56e0\u6b64 Kubeflow MXJob \u5c06\u5728\u672a\u6765\u7684 Training Operator 1.9 \u7248\u672c\u4e2d\u5f03\u7528\u548c\u5220\u9664\u3002
Apache MXNet \u662f\u4e00\u4e2a\u9ad8\u6027\u80fd\u7684\u6df1\u5ea6\u5b66\u4e60\u6846\u67b6\uff0c\u652f\u6301\u591a\u79cd\u7f16\u7a0b\u8bed\u8a00\u3002MXNet \u4efb\u52a1\u53ef\u4ee5\u4f7f\u7528\u591a\u79cd\u65b9\u5f0f\u8fdb\u884c\u8bad\u7ec3\uff0c\u5305\u62ec\u5355\u673a\u6a21\u5f0f\u548c\u5206\u5e03\u5f0f\u6a21\u5f0f\u3002\u5728 AI Lab \u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86\u5bf9 MXNet \u4efb\u52a1\u7684\u652f\u6301\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7\u754c\u9762\u5316\u64cd\u4f5c\uff0c\u5feb\u901f\u521b\u5efa MXNet \u4efb\u52a1\uff0c\u8fdb\u884c\u6a21\u578b\u8bad\u7ec3\u3002
\u672c\u6559\u7a0b\u5c06\u6307\u5bfc\u60a8\u5982\u4f55\u5728 AI Lab \u5e73\u53f0\u4e0a\u521b\u5efa\u548c\u8fd0\u884c MXNet \u7684\u5355\u673a\u548c\u5206\u5e03\u5f0f\u4efb\u52a1\u3002
"},{"location":"end-user/baize/jobs/mxnet.html#_1","title":"\u4efb\u52a1\u914d\u7f6e\u4ecb\u7ecd","text":"MXNet
\uff0c\u652f\u6301\u5355\u673a\u548c\u5206\u5e03\u5f0f\u4e24\u79cd\u6a21\u5f0f\u3002\u6211\u4eec\u4f7f\u7528 release-ci.daocloud.io/baize/kubeflow/mxnet-gpu:latest
\u955c\u50cf\u4f5c\u4e3a\u4efb\u52a1\u7684\u57fa\u7840\u8fd0\u884c\u73af\u5883\u3002\u8be5\u955c\u50cf\u9884\u88c5\u4e86 MXNet \u53ca\u5176\u76f8\u5173\u4f9d\u8d56\uff0c\u652f\u6301 GPU \u52a0\u901f\u3002
\u6ce8\u610f\uff1a\u4e86\u89e3\u5982\u4f55\u521b\u5efa\u548c\u7ba1\u7406\u73af\u5883\uff0c\u8bf7\u53c2\u8003 \u73af\u5883\u5217\u8868\u3002
"},{"location":"end-user/baize/jobs/mxnet.html#mxnet_1","title":"\u521b\u5efa MXNet \u4efb\u52a1","text":""},{"location":"end-user/baize/jobs/mxnet.html#mxnet_2","title":"MXNet \u5355\u673a\u4efb\u52a1","text":""},{"location":"end-user/baize/jobs/mxnet.html#_3","title":"\u521b\u5efa\u6b65\u9aa4","text":"MXNet
\uff0c\u7136\u540e\u70b9\u51fb \u4e0b\u4e00\u6b65\u3002python3
\u547d\u4ee4\u53c2\u6570\uff1a
/mxnet/mxnet/example/gluon/mnist/mnist.py --epochs 10 --cuda\n
\u8bf4\u660e\uff1a
/mxnet/mxnet/example/gluon/mnist/mnist.py
\uff1aMXNet \u63d0\u4f9b\u7684 MNIST \u624b\u5199\u6570\u5b57\u8bc6\u522b\u793a\u4f8b\u811a\u672c\u3002--epochs 10
\uff1a\u8bbe\u7f6e\u8bad\u7ec3\u8f6e\u6570\u4e3a 10\u3002--cuda
\uff1a\u4f7f\u7528 CUDA \u8fdb\u884c GPU \u52a0\u901f\u3002\u4ee5\u4e0b\u662f\u5355\u673a MXJob \u7684 YAML \u914d\u7f6e\uff1a
apiVersion: \"kubeflow.org/v1\"\nkind: \"MXJob\"\nmetadata:\n name: \"mxnet-single-job\"\nspec:\n jobMode: MXTrain\n mxReplicaSpecs:\n Worker:\n replicas: 1\n restartPolicy: Never\n template:\n spec:\n containers:\n - name: mxnet\n image: release-ci.daocloud.io/baize/kubeflow/mxnet-gpu:latest\n command: [\"python3\"]\n args:\n [\n \"/mxnet/mxnet/example/gluon/mnist/mnist.py\",\n \"--epochs\",\n \"10\",\n \"--cuda\",\n ]\n ports:\n - containerPort: 9991\n name: mxjob-port\n resources:\n limits:\n cpu: \"2\"\n memory: 4Gi\n nvidia.com/gpu: 1\n requests:\n cpu: \"2\"\n memory: 4Gi\n nvidia.com/gpu: 1\n
\u914d\u7f6e\u89e3\u6790\uff1a
apiVersion
\u548c kind
\uff1a\u6307\u5b9a\u8d44\u6e90\u7684 API \u7248\u672c\u548c\u7c7b\u578b\uff0c\u8fd9\u91cc\u662f MXJob
\u3002metadata
\uff1a\u5143\u6570\u636e\uff0c\u5305\u62ec\u4efb\u52a1\u540d\u79f0\u7b49\u4fe1\u606f\u3002spec
\uff1a\u4efb\u52a1\u7684\u8be6\u7ec6\u914d\u7f6e\u3002jobMode
\uff1a\u8bbe\u7f6e\u4e3a MXTrain
\uff0c\u8868\u793a\u8bad\u7ec3\u4efb\u52a1\u3002mxReplicaSpecs
\uff1aMXNet \u4efb\u52a1\u7684\u526f\u672c\u914d\u7f6e\u3002Worker
\uff1a\u6307\u5b9a\u5de5\u4f5c\u8282\u70b9\u7684\u914d\u7f6e\u3002replicas
\uff1a\u526f\u672c\u6570\uff0c\u8fd9\u91cc\u4e3a 1\u3002restartPolicy
\uff1a\u91cd\u542f\u7b56\u7565\uff0c\u8bbe\u4e3a Never
\uff0c\u8868\u793a\u4efb\u52a1\u5931\u8d25\u65f6\u4e0d\u91cd\u542f\u3002template
\uff1aPod \u6a21\u677f\uff0c\u5b9a\u4e49\u5bb9\u5668\u7684\u8fd0\u884c\u73af\u5883\u548c\u8d44\u6e90\u3002containers
\uff1a\u5bb9\u5668\u5217\u8868\u3002name
\uff1a\u5bb9\u5668\u540d\u79f0\u3002image
\uff1a\u4f7f\u7528\u7684\u955c\u50cf\u3002command
\u548c args
\uff1a\u542f\u52a8\u547d\u4ee4\u548c\u53c2\u6570\u3002ports
\uff1a\u5bb9\u5668\u7aef\u53e3\u914d\u7f6e\u3002resources
\uff1a\u8d44\u6e90\u8bf7\u6c42\u548c\u9650\u5236\u3002\u914d\u7f6e\u5b8c\u6210\u540e\uff0c\u70b9\u51fb \u63d0\u4ea4 \u6309\u94ae\uff0c\u5f00\u59cb\u8fd0\u884c MXNet \u5355\u673a\u4efb\u52a1\u3002
"},{"location":"end-user/baize/jobs/mxnet.html#_7","title":"\u67e5\u770b\u8fd0\u884c\u7ed3\u679c","text":"\u4efb\u52a1\u63d0\u4ea4\u6210\u529f\u540e\uff0c\u60a8\u53ef\u4ee5\u8fdb\u5165 \u4efb\u52a1\u8be6\u60c5 \u9875\u9762\uff0c\u67e5\u770b\u8d44\u6e90\u7684\u4f7f\u7528\u60c5\u51b5\u548c\u4efb\u52a1\u7684\u8fd0\u884c\u72b6\u6001\u3002\u4ece\u53f3\u4e0a\u89d2\u8fdb\u5165 \u5de5\u4f5c\u8d1f\u8f7d\u8be6\u60c5\uff0c\u53ef\u4ee5\u67e5\u770b\u8fd0\u884c\u8fc7\u7a0b\u4e2d\u7684\u65e5\u5fd7\u8f93\u51fa\u3002
\u793a\u4f8b\u8f93\u51fa\uff1a
Epoch 1: accuracy=0.95\nEpoch 2: accuracy=0.97\n...\nEpoch 10: accuracy=0.98\nTraining completed.\n
\u8fd9\u8868\u793a MXNet \u5355\u673a\u4efb\u52a1\u6210\u529f\u8fd0\u884c\uff0c\u6a21\u578b\u8bad\u7ec3\u5b8c\u6210\u3002
"},{"location":"end-user/baize/jobs/mxnet.html#mxnet_3","title":"MXNet \u5206\u5e03\u5f0f\u4efb\u52a1","text":"\u5728\u5206\u5e03\u5f0f\u6a21\u5f0f\u4e0b\uff0cMXNet \u4efb\u52a1\u53ef\u4ee5\u4f7f\u7528\u591a\u53f0\u8ba1\u7b97\u8282\u70b9\u5171\u540c\u5b8c\u6210\u8bad\u7ec3\uff0c\u63d0\u9ad8\u8bad\u7ec3\u6548\u7387\u3002
"},{"location":"end-user/baize/jobs/mxnet.html#_8","title":"\u521b\u5efa\u6b65\u9aa4","text":"MXNet
\uff0c\u7136\u540e\u70b9\u51fb \u4e0b\u4e00\u6b65\u3002python3
\u547d\u4ee4\u53c2\u6570\uff1a
/mxnet/mxnet/example/image-classification/train_mnist.py --num-epochs 10 --num-layers 2 --kv-store dist_device_sync --gpus 0\n
\u8bf4\u660e\uff1a
/mxnet/mxnet/example/image-classification/train_mnist.py
\uff1aMXNet \u63d0\u4f9b\u7684\u56fe\u50cf\u5206\u7c7b\u793a\u4f8b\u811a\u672c\u3002--num-epochs 10
\uff1a\u8bad\u7ec3\u8f6e\u6570\u4e3a 10\u3002--num-layers 2
\uff1a\u6a21\u578b\u7684\u5c42\u6570\u4e3a 2\u3002--kv-store dist_device_sync
\uff1a\u4f7f\u7528\u5206\u5e03\u5f0f\u8bbe\u5907\u540c\u6b65\u6a21\u5f0f\u3002--gpus 0
\uff1a\u4f7f\u7528 GPU \u8fdb\u884c\u52a0\u901f\u3002\u4ee5\u4e0b\u662f\u5206\u5e03\u5f0f MXJob \u7684 YAML \u914d\u7f6e\uff1a
apiVersion: \"kubeflow.org/v1\"\nkind: \"MXJob\"\nmetadata:\n name: \"mxnet-job\"\nspec:\n jobMode: MXTrain\n mxReplicaSpecs:\n Scheduler:\n replicas: 1\n restartPolicy: Never\n template:\n spec:\n containers:\n - name: mxnet\n image: release-ci.daocloud.io/baize/kubeflow/mxnet-gpu:latest\n ports:\n - containerPort: 9991\n name: mxjob-port\n resources:\n limits:\n cpu: \"2\"\n memory: 4Gi\n nvidia.com/gpu: 1\n requests:\n cpu: \"2\"\n memory: 4Gi\n Server:\n replicas: 1\n restartPolicy: Never\n template:\n spec:\n containers:\n - name: mxnet\n image: release-ci.daocloud.io/baize/kubeflow/mxnet-gpu:latest\n ports:\n - containerPort: 9991\n name: mxjob-port\n resources:\n limits:\n cpu: \"2\"\n memory: 4Gi\n nvidia.com/gpu: 1\n requests:\n cpu: \"2\"\n memory: 4Gi\n Worker:\n replicas: 1\n restartPolicy: Never\n template:\n spec:\n containers:\n - name: mxnet\n image: release-ci.daocloud.io/baize/kubeflow/mxnet-gpu:latest\n command: [\"python3\"]\n args:\n [\n \"/mxnet/mxnet/example/image-classification/train_mnist.py\",\n \"--num-epochs\",\n \"10\",\n \"--num-layers\",\n \"2\",\n \"--kv-store\",\n \"dist_device_sync\",\n \"--gpus\",\n \"0\",\n ]\n ports:\n - containerPort: 9991\n name: mxjob-port\n resources:\n limits:\n cpu: \"2\"\n memory: 4Gi\n nvidia.com/gpu: 1\n requests:\n cpu: \"2\"\n memory: 4Gi\n
\u914d\u7f6e\u89e3\u6790\uff1a
\u5728\u521b\u5efa MXNet \u5206\u5e03\u5f0f\u4efb\u52a1\u65f6\uff0c\u9700\u8981\u6839\u636e mxReplicaSpecs
\u4e2d\u914d\u7f6e\u7684\u526f\u672c\u6570\uff0c\u6b63\u786e\u8bbe\u7f6e \u4efb\u52a1\u526f\u672c\u6570\u3002
\u56e0\u6b64\uff0c\u5728\u4efb\u52a1\u914d\u7f6e\u4e2d\uff0c\u9700\u8981\u5c06 \u4efb\u52a1\u526f\u672c\u6570 \u8bbe\u7f6e\u4e3a 3\u3002
"},{"location":"end-user/baize/jobs/mxnet.html#_12","title":"\u63d0\u4ea4\u4efb\u52a1","text":"\u914d\u7f6e\u5b8c\u6210\u540e\uff0c\u70b9\u51fb \u63d0\u4ea4 \u6309\u94ae\uff0c\u5f00\u59cb\u8fd0\u884c MXNet \u5206\u5e03\u5f0f\u4efb\u52a1\u3002
"},{"location":"end-user/baize/jobs/mxnet.html#_13","title":"\u67e5\u770b\u8fd0\u884c\u7ed3\u679c","text":"\u8fdb\u5165 \u4efb\u52a1\u8be6\u60c5 \u9875\u9762\uff0c\u67e5\u770b\u4efb\u52a1\u7684\u8fd0\u884c\u72b6\u6001\u548c\u8d44\u6e90\u4f7f\u7528\u60c5\u51b5\u3002\u60a8\u53ef\u4ee5\u67e5\u770b\u6bcf\u4e2a\u89d2\u8272\uff08Scheduler\u3001Server\u3001Worker\uff09\u7684\u65e5\u5fd7\u8f93\u51fa\u3002
\u793a\u4f8b\u8f93\u51fa\uff1a
INFO:root:Epoch[0] Batch [50] Speed: 1000 samples/sec accuracy=0.85\nINFO:root:Epoch[0] Batch [100] Speed: 1200 samples/sec accuracy=0.87\n...\nINFO:root:Epoch[9] Batch [100] Speed: 1300 samples/sec accuracy=0.98\nTraining completed.\n
\u8fd9\u8868\u793a MXNet \u5206\u5e03\u5f0f\u4efb\u52a1\u6210\u529f\u8fd0\u884c\uff0c\u6a21\u578b\u8bad\u7ec3\u5b8c\u6210\u3002
"},{"location":"end-user/baize/jobs/mxnet.html#_14","title":"\u5c0f\u7ed3","text":"\u901a\u8fc7\u672c\u6559\u7a0b\uff0c\u60a8\u5b66\u4e60\u4e86\u5982\u4f55\u5728 AI Lab \u5e73\u53f0\u4e0a\u521b\u5efa\u548c\u8fd0\u884c MXNet \u7684\u5355\u673a\u548c\u5206\u5e03\u5f0f\u4efb\u52a1\u3002\u6211\u4eec\u8be6\u7ec6\u4ecb\u7ecd\u4e86 MXJob \u7684\u914d\u7f6e\u65b9\u5f0f\uff0c\u4ee5\u53ca\u5982\u4f55\u5728\u4efb\u52a1\u4e2d\u6307\u5b9a\u8fd0\u884c\u7684\u547d\u4ee4\u548c\u8d44\u6e90\u9700\u6c42\u3002\u5e0c\u671b\u672c\u6559\u7a0b\u5bf9\u60a8\u6709\u6240\u5e2e\u52a9\uff0c\u5982\u6709\u4efb\u4f55\u95ee\u9898\uff0c\u8bf7\u53c2\u8003\u5e73\u53f0\u63d0\u4f9b\u7684\u5176\u4ed6\u6587\u6863\u6216\u8054\u7cfb\u6280\u672f\u652f\u6301\u3002
"},{"location":"end-user/baize/jobs/mxnet.html#_15","title":"\u9644\u5f55","text":"\u6ce8\u610f\u4e8b\u9879\uff1a
\u53c2\u8003\u6587\u6863\uff1a
PaddlePaddle\uff08\u98de\u6868\uff09\u662f\u767e\u5ea6\u5f00\u6e90\u7684\u6df1\u5ea6\u5b66\u4e60\u5e73\u53f0\uff0c\u652f\u6301\u4e30\u5bcc\u7684\u795e\u7ecf\u7f51\u7edc\u6a21\u578b\u548c\u5206\u5e03\u5f0f\u8bad\u7ec3\u65b9\u5f0f\u3002PaddlePaddle \u4efb\u52a1\u53ef\u4ee5\u901a\u8fc7\u5355\u673a\u6216\u5206\u5e03\u5f0f\u6a21\u5f0f\u8fdb\u884c\u8bad\u7ec3\u3002\u5728 AI Lab \u5e73\u53f0\u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86\u5bf9 PaddlePaddle \u4efb\u52a1\u7684\u652f\u6301\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7\u754c\u9762\u5316\u64cd\u4f5c\uff0c\u5feb\u901f\u521b\u5efa PaddlePaddle \u4efb\u52a1\uff0c\u8fdb\u884c\u6a21\u578b\u8bad\u7ec3\u3002
\u672c\u6559\u7a0b\u5c06\u6307\u5bfc\u60a8\u5982\u4f55\u5728 AI Lab \u5e73\u53f0\u4e0a\u521b\u5efa\u548c\u8fd0\u884c PaddlePaddle \u7684\u5355\u673a\u548c\u5206\u5e03\u5f0f\u4efb\u52a1\u3002
"},{"location":"end-user/baize/jobs/paddle.html#_1","title":"\u4efb\u52a1\u914d\u7f6e\u4ecb\u7ecd","text":"PaddlePaddle
\uff0c\u652f\u6301\u5355\u673a\u548c\u5206\u5e03\u5f0f\u4e24\u79cd\u6a21\u5f0f\u3002\u6211\u4eec\u4f7f\u7528 registry.baidubce.com/paddlepaddle/paddle:2.4.0rc0-cpu
\u955c\u50cf\u4f5c\u4e3a\u4efb\u52a1\u7684\u57fa\u7840\u8fd0\u884c\u73af\u5883\u3002\u8be5\u955c\u50cf\u9884\u88c5\u4e86 PaddlePaddle \u6846\u67b6\uff0c\u9002\u7528\u4e8e CPU \u8ba1\u7b97\u3002\u5982\u679c\u9700\u8981\u4f7f\u7528 GPU\uff0c\u8bf7\u9009\u62e9\u5bf9\u5e94\u7684 GPU \u7248\u672c\u955c\u50cf\u3002
\u6ce8\u610f\uff1a\u4e86\u89e3\u5982\u4f55\u521b\u5efa\u548c\u7ba1\u7406\u73af\u5883\uff0c\u8bf7\u53c2\u8003 \u73af\u5883\u5217\u8868\u3002
"},{"location":"end-user/baize/jobs/paddle.html#paddlepaddle_1","title":"\u521b\u5efa PaddlePaddle \u4efb\u52a1","text":""},{"location":"end-user/baize/jobs/paddle.html#paddlepaddle_2","title":"PaddlePaddle \u5355\u673a\u8bad\u7ec3\u4efb\u52a1","text":""},{"location":"end-user/baize/jobs/paddle.html#_3","title":"\u521b\u5efa\u6b65\u9aa4","text":"PaddlePaddle
\uff0c\u7136\u540e\u70b9\u51fb \u4e0b\u4e00\u6b65\u3002python
\u547d\u4ee4\u53c2\u6570\uff1a
-m paddle.distributed.launch run_check\n
\u8bf4\u660e\uff1a
-m paddle.distributed.launch
\uff1a\u4f7f\u7528 PaddlePaddle \u63d0\u4f9b\u7684\u5206\u5e03\u5f0f\u542f\u52a8\u6a21\u5757\uff0c\u5373\u4f7f\u5728\u5355\u673a\u6a21\u5f0f\u4e0b\u4e5f\u53ef\u4ee5\u4f7f\u7528\uff0c\u65b9\u4fbf\u5c06\u6765\u8fc1\u79fb\u5230\u5206\u5e03\u5f0f\u3002run_check
\uff1aPaddlePaddle \u63d0\u4f9b\u7684\u6d4b\u8bd5\u811a\u672c\uff0c\u7528\u4e8e\u68c0\u67e5\u5206\u5e03\u5f0f\u73af\u5883\u662f\u5426\u6b63\u5e38\u3002\u4ee5\u4e0b\u662f\u5355\u673a PaddleJob \u7684 YAML \u914d\u7f6e\uff1a
apiVersion: kubeflow.org/v1\nkind: PaddleJob\nmetadata:\n name: paddle-simple-cpu\n namespace: kubeflow\nspec:\n paddleReplicaSpecs:\n Worker:\n replicas: 1\n restartPolicy: OnFailure\n template:\n spec:\n containers:\n - name: paddle\n image: registry.baidubce.com/paddlepaddle/paddle:2.4.0rc0-cpu\n command:\n [\n 'python',\n '-m',\n 'paddle.distributed.launch',\n 'run_check',\n ]\n
\u914d\u7f6e\u89e3\u6790\uff1a
apiVersion
\u548c kind
\uff1a\u6307\u5b9a\u8d44\u6e90\u7684 API \u7248\u672c\u548c\u7c7b\u578b\uff0c\u8fd9\u91cc\u662f PaddleJob
\u3002metadata
\uff1a\u5143\u6570\u636e\uff0c\u5305\u62ec\u4efb\u52a1\u540d\u79f0\u548c\u547d\u540d\u7a7a\u95f4\u3002spec
\uff1a\u4efb\u52a1\u7684\u8be6\u7ec6\u914d\u7f6e\u3002paddleReplicaSpecs
\uff1aPaddlePaddle \u4efb\u52a1\u7684\u526f\u672c\u914d\u7f6e\u3002Worker
\uff1a\u6307\u5b9a\u5de5\u4f5c\u8282\u70b9\u7684\u914d\u7f6e\u3002replicas
\uff1a\u526f\u672c\u6570\uff0c\u8fd9\u91cc\u4e3a 1\uff0c\u8868\u793a\u5355\u673a\u8bad\u7ec3\u3002restartPolicy
\uff1a\u91cd\u542f\u7b56\u7565\uff0c\u8bbe\u4e3a OnFailure
\uff0c\u8868\u793a\u4efb\u52a1\u5931\u8d25\u65f6\u81ea\u52a8\u91cd\u542f\u3002template
\uff1aPod \u6a21\u677f\uff0c\u5b9a\u4e49\u5bb9\u5668\u7684\u8fd0\u884c\u73af\u5883\u548c\u8d44\u6e90\u3002containers
\uff1a\u5bb9\u5668\u5217\u8868\u3002name
\uff1a\u5bb9\u5668\u540d\u79f0\u3002image
\uff1a\u4f7f\u7528\u7684\u955c\u50cf\u3002command
\uff1a\u542f\u52a8\u547d\u4ee4\u548c\u53c2\u6570\u3002\u914d\u7f6e\u5b8c\u6210\u540e\uff0c\u70b9\u51fb \u63d0\u4ea4 \u6309\u94ae\uff0c\u5f00\u59cb\u8fd0\u884c PaddlePaddle \u5355\u673a\u4efb\u52a1\u3002
"},{"location":"end-user/baize/jobs/paddle.html#_7","title":"\u67e5\u770b\u8fd0\u884c\u7ed3\u679c","text":"\u4efb\u52a1\u63d0\u4ea4\u6210\u529f\u540e\uff0c\u60a8\u53ef\u4ee5\u8fdb\u5165 \u4efb\u52a1\u8be6\u60c5 \u9875\u9762\uff0c\u67e5\u770b\u8d44\u6e90\u7684\u4f7f\u7528\u60c5\u51b5\u548c\u4efb\u52a1\u7684\u8fd0\u884c\u72b6\u6001\u3002\u4ece\u53f3\u4e0a\u89d2\u8fdb\u5165 \u5de5\u4f5c\u8d1f\u8f7d\u8be6\u60c5\uff0c\u53ef\u4ee5\u67e5\u770b\u8fd0\u884c\u8fc7\u7a0b\u4e2d\u7684\u65e5\u5fd7\u8f93\u51fa\u3002
\u793a\u4f8b\u8f93\u51fa\uff1a
run check success, PaddlePaddle is installed correctly on this node :)\n
\u8fd9\u8868\u793a PaddlePaddle \u5355\u673a\u4efb\u52a1\u6210\u529f\u8fd0\u884c\uff0c\u73af\u5883\u914d\u7f6e\u6b63\u5e38\u3002
"},{"location":"end-user/baize/jobs/paddle.html#paddlepaddle_3","title":"PaddlePaddle \u5206\u5e03\u5f0f\u8bad\u7ec3\u4efb\u52a1","text":"\u5728\u5206\u5e03\u5f0f\u6a21\u5f0f\u4e0b\uff0cPaddlePaddle \u4efb\u52a1\u53ef\u4ee5\u4f7f\u7528\u591a\u53f0\u8ba1\u7b97\u8282\u70b9\u5171\u540c\u5b8c\u6210\u8bad\u7ec3\uff0c\u63d0\u9ad8\u8bad\u7ec3\u6548\u7387\u3002
"},{"location":"end-user/baize/jobs/paddle.html#_8","title":"\u521b\u5efa\u6b65\u9aa4","text":"PaddlePaddle
\uff0c\u7136\u540e\u70b9\u51fb \u4e0b\u4e00\u6b65\u3002python
\u547d\u4ee4\u53c2\u6570\uff1a
-m paddle.distributed.launch train.py --epochs=10\n
\u8bf4\u660e\uff1a
-m paddle.distributed.launch
\uff1a\u4f7f\u7528 PaddlePaddle \u63d0\u4f9b\u7684\u5206\u5e03\u5f0f\u542f\u52a8\u6a21\u5757\u3002train.py
\uff1a\u60a8\u7684\u8bad\u7ec3\u811a\u672c\uff0c\u9700\u8981\u653e\u5728\u955c\u50cf\u4e2d\u6216\u6302\u8f7d\u5230\u5bb9\u5668\u5185\u3002--epochs=10
\uff1a\u8bad\u7ec3\u7684\u8f6e\u6570\uff0c\u8fd9\u91cc\u8bbe\u7f6e\u4e3a 10\u3002Worker
\u526f\u672c\u6570\u8bbe\u7f6e\uff0c\u8fd9\u91cc\u4e3a 2\u3002\u4ee5\u4e0b\u662f\u5206\u5e03\u5f0f PaddleJob \u7684 YAML \u914d\u7f6e\uff1a
apiVersion: kubeflow.org/v1\nkind: PaddleJob\nmetadata:\n name: paddle-distributed-job\n namespace: kubeflow\nspec:\n paddleReplicaSpecs:\n Worker:\n replicas: 2\n restartPolicy: OnFailure\n template:\n spec:\n containers:\n - name: paddle\n image: registry.baidubce.com/paddlepaddle/paddle:2.4.0rc0-cpu\n command:\n [\n 'python',\n '-m',\n 'paddle.distributed.launch',\n 'train.py',\n ]\n args:\n - '--epochs=10'\n
\u914d\u7f6e\u89e3\u6790\uff1a
Worker
\uff1areplicas
\uff1a\u526f\u672c\u6570\uff0c\u8bbe\u7f6e\u4e3a 2\uff0c\u8868\u793a\u4f7f\u7528 2 \u4e2a\u5de5\u4f5c\u8282\u70b9\u8fdb\u884c\u5206\u5e03\u5f0f\u8bad\u7ec3\u3002\u5728\u521b\u5efa PaddlePaddle \u5206\u5e03\u5f0f\u4efb\u52a1\u65f6\uff0c\u9700\u8981\u6839\u636e paddleReplicaSpecs
\u4e2d\u914d\u7f6e\u7684\u526f\u672c\u6570\uff0c\u6b63\u786e\u8bbe\u7f6e \u4efb\u52a1\u526f\u672c\u6570\u3002
Worker
\u526f\u672c\u6570Worker
\u526f\u672c\u6570\uff1a2\u56e0\u6b64\uff0c\u5728\u4efb\u52a1\u914d\u7f6e\u4e2d\uff0c\u9700\u8981\u5c06 \u4efb\u52a1\u526f\u672c\u6570 \u8bbe\u7f6e\u4e3a 2\u3002
"},{"location":"end-user/baize/jobs/paddle.html#_12","title":"\u63d0\u4ea4\u4efb\u52a1","text":"\u914d\u7f6e\u5b8c\u6210\u540e\uff0c\u70b9\u51fb \u63d0\u4ea4 \u6309\u94ae\uff0c\u5f00\u59cb\u8fd0\u884c PaddlePaddle \u5206\u5e03\u5f0f\u4efb\u52a1\u3002
"},{"location":"end-user/baize/jobs/paddle.html#_13","title":"\u67e5\u770b\u8fd0\u884c\u7ed3\u679c","text":"\u8fdb\u5165 \u4efb\u52a1\u8be6\u60c5 \u9875\u9762\uff0c\u67e5\u770b\u4efb\u52a1\u7684\u8fd0\u884c\u72b6\u6001\u548c\u8d44\u6e90\u4f7f\u7528\u60c5\u51b5\u3002\u60a8\u53ef\u4ee5\u67e5\u770b\u6bcf\u4e2a\u5de5\u4f5c\u8282\u70b9\u7684\u65e5\u5fd7\u8f93\u51fa\uff0c\u786e\u8ba4\u5206\u5e03\u5f0f\u8bad\u7ec3\u662f\u5426\u6b63\u5e38\u8fd0\u884c\u3002
\u793a\u4f8b\u8f93\u51fa\uff1a
Worker 0: Epoch 1, Batch 100, Loss 0.5\nWorker 1: Epoch 1, Batch 100, Loss 0.6\n...\nTraining completed.\n
\u8fd9\u8868\u793a PaddlePaddle \u5206\u5e03\u5f0f\u4efb\u52a1\u6210\u529f\u8fd0\u884c\uff0c\u6a21\u578b\u8bad\u7ec3\u5b8c\u6210\u3002
"},{"location":"end-user/baize/jobs/paddle.html#_14","title":"\u5c0f\u7ed3","text":"\u901a\u8fc7\u672c\u6559\u7a0b\uff0c\u60a8\u5b66\u4e60\u4e86\u5982\u4f55\u5728 AI Lab \u5e73\u53f0\u4e0a\u521b\u5efa\u548c\u8fd0\u884c PaddlePaddle \u7684\u5355\u673a\u548c\u5206\u5e03\u5f0f\u4efb\u52a1\u3002\u6211\u4eec\u8be6\u7ec6\u4ecb\u7ecd\u4e86 PaddleJob \u7684\u914d\u7f6e\u65b9\u5f0f\uff0c\u4ee5\u53ca\u5982\u4f55\u5728\u4efb\u52a1\u4e2d\u6307\u5b9a\u8fd0\u884c\u7684\u547d\u4ee4\u548c\u8d44\u6e90\u9700\u6c42\u3002\u5e0c\u671b\u672c\u6559\u7a0b\u5bf9\u60a8\u6709\u6240\u5e2e\u52a9\uff0c\u5982\u6709\u4efb\u4f55\u95ee\u9898\uff0c\u8bf7\u53c2\u8003\u5e73\u53f0\u63d0\u4f9b\u7684\u5176\u4ed6\u6587\u6863\u6216\u8054\u7cfb\u6280\u672f\u652f\u6301\u3002
"},{"location":"end-user/baize/jobs/paddle.html#_15","title":"\u9644\u5f55","text":"\u6ce8\u610f\u4e8b\u9879\uff1a
train.py
\uff08\u6216\u5176\u4ed6\u8bad\u7ec3\u811a\u672c\uff09\u5728\u5bb9\u5668\u5185\u5b58\u5728\u3002\u60a8\u53ef\u4ee5\u901a\u8fc7\u81ea\u5b9a\u4e49\u955c\u50cf\u3001\u6302\u8f7d\u6301\u4e45\u5316\u5b58\u50a8\u7b49\u65b9\u5f0f\u5c06\u811a\u672c\u653e\u5165\u5bb9\u5668\u3002paddle:2.4.0rc0-gpu
\u7b49\u3002command
\u548c args
\u6765\u4f20\u9012\u4e0d\u540c\u7684\u8bad\u7ec3\u53c2\u6570\u3002\u53c2\u8003\u6587\u6863\uff1a
Pytorch \u662f\u4e00\u4e2a\u5f00\u6e90\u7684\u6df1\u5ea6\u5b66\u4e60\u6846\u67b6\uff0c\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u7075\u6d3b\u7684\u8bad\u7ec3\u548c\u90e8\u7f72\u73af\u5883\u3002 Pytorch \u4efb\u52a1\u662f\u4e00\u4e2a\u4f7f\u7528 Pytorch \u6846\u67b6\u7684\u4efb\u52a1\u3002
\u5728 AI Lab \u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86 Pytorch \u4efb\u52a1\u652f\u6301\u548c\u9002\u914d\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7\u754c\u9762\u5316\u64cd\u4f5c\uff0c \u5feb\u901f\u521b\u5efa Pytorch \u4efb\u52a1\uff0c\u8fdb\u884c\u6a21\u578b\u8bad\u7ec3\u3002
"},{"location":"end-user/baize/jobs/pytorch.html#_1","title":"\u4efb\u52a1\u914d\u7f6e\u4ecb\u7ecd","text":"Pytorch \u5355\u673a
\u548c Pytorch \u5206\u5e03\u5f0f
\u4e24\u79cd\u6a21\u5f0f\u3002\u5728\u8fd9\u91cc\u6211\u4eec\u4f7f\u7528 baize-notebook
\u57fa\u7840\u955c\u50cf \u548c \u5173\u8054\u73af\u5883
\u7684\u65b9\u5f0f\u6765\u4f5c\u4e3a\u4efb\u52a1\u57fa\u7840\u8fd0\u884c\u73af\u5883\u3002
\u4e86\u89e3\u5982\u4f55\u521b\u5efa\u73af\u5883\uff0c\u8bf7\u53c2\u8003\u73af\u5883\u5217\u8868\u3002
"},{"location":"end-user/baize/jobs/pytorch.html#_3","title":"\u521b\u5efa\u4efb\u52a1","text":""},{"location":"end-user/baize/jobs/pytorch.html#pytorch_1","title":"Pytorch \u5355\u673a\u4efb\u52a1","text":"Pytorch \u5355\u673a
\uff0c\u70b9\u51fb \u4e0b\u4e00\u6b65 \u3002bash
import torch\nimport torch.nn as nn\nimport torch.optim as optim\n\n# \u5b9a\u4e49\u4e00\u4e2a\u7b80\u5355\u7684\u795e\u7ecf\u7f51\u7edc\nclass SimpleNet(nn.Module):\n def __init__(self):\n super(SimpleNet, self).__init__()\n self.fc = nn.Linear(10, 1)\n\n def forward(self, x):\n return self.fc(x)\n\n# \u521b\u5efa\u6a21\u578b\u3001\u635f\u5931\u51fd\u6570\u548c\u4f18\u5316\u5668\nmodel = SimpleNet()\ncriterion = nn.MSELoss()\noptimizer = optim.SGD(model.parameters(), lr=0.01)\n\n# \u751f\u6210\u4e00\u4e9b\u968f\u673a\u6570\u636e\nx = torch.randn(100, 10)\ny = torch.randn(100, 1)\n\n# \u8bad\u7ec3\u6a21\u578b\nfor epoch in range(100):\n # \u524d\u5411\u4f20\u64ad\n outputs = model(x)\n loss = criterion(outputs, y)\n\n # \u53cd\u5411\u4f20\u64ad\u548c\u4f18\u5316\n optimizer.zero_grad()\n loss.backward()\n optimizer.step()\n\n if (epoch + 1) % 10 == 0:\n print(f'Epoch [{epoch+1}/100], Loss: {loss.item():.4f}')\n\nprint('Training finished.')\n
"},{"location":"end-user/baize/jobs/pytorch.html#_5","title":"\u8fd0\u884c\u7ed3\u679c","text":"\u4efb\u52a1\u63d0\u4ea4\u6210\u529f\uff0c\u6211\u4eec\u53ef\u4ee5\u8fdb\u5165\u4efb\u52a1\u8be6\u60c5\u67e5\u770b\u5230\u8d44\u6e90\u7684\u4f7f\u7528\u60c5\u51b5\uff0c\u4ece\u53f3\u4e0a\u89d2\u53bb\u5f80 \u5de5\u4f5c\u8d1f\u8f7d\u8be6\u60c5 \uff0c\u53ef\u4ee5\u67e5\u770b\u8bad\u7ec3\u8fc7\u7a0b\u4e2d\u7684\u65e5\u5fd7\u8f93\u51fa
[HAMI-core Warn(1:140244541377408:utils.c:183)]: get default cuda from (null)\n[HAMI-core Msg(1:140244541377408:libvgpu.c:855)]: Initialized\nEpoch [10/100], Loss: 1.1248\nEpoch [20/100], Loss: 1.0486\nEpoch [30/100], Loss: 0.9969\nEpoch [40/100], Loss: 0.9611\nEpoch [50/100], Loss: 0.9360\nEpoch [60/100], Loss: 0.9182\nEpoch [70/100], Loss: 0.9053\nEpoch [80/100], Loss: 0.8960\nEpoch [90/100], Loss: 0.8891\nEpoch [100/100], Loss: 0.8841\nTraining finished.\n[HAMI-core Msg(1:140244541377408:multiprocess_memory_limit.c:468)]: Calling exit handler 1\n
"},{"location":"end-user/baize/jobs/pytorch.html#pytorch_2","title":"Pytorch \u5206\u5e03\u5f0f\u4efb\u52a1","text":"Pytorch \u5206\u5e03\u5f0f
\uff0c\u70b9\u51fb \u4e0b\u4e00\u6b65 \u3002bash
import os\nimport torch\nimport torch.distributed as dist\nimport torch.nn as nn\nimport torch.optim as optim\nfrom torch.nn.parallel import DistributedDataParallel as DDP\n\nclass SimpleModel(nn.Module):\n def __init__(self):\n super(SimpleModel, self).__init__()\n self.fc = nn.Linear(10, 1)\n\n def forward(self, x):\n return self.fc(x)\n\ndef train():\n # \u6253\u5370\u73af\u5883\u4fe1\u606f\n print(f'PyTorch version: {torch.__version__}')\n print(f'CUDA available: {torch.cuda.is_available()}')\n if torch.cuda.is_available():\n print(f'CUDA version: {torch.version.cuda}')\n print(f'CUDA device count: {torch.cuda.device_count()}')\n\n rank = int(os.environ.get('RANK', '0'))\n world_size = int(os.environ.get('WORLD_SIZE', '1'))\n\n print(f'Rank: {rank}, World Size: {world_size}')\n\n # \u521d\u59cb\u5316\u5206\u5e03\u5f0f\u73af\u5883\n try:\n if world_size > 1:\n dist.init_process_group('nccl')\n print('Distributed process group initialized successfully')\n else:\n print('Running in non-distributed mode')\n except Exception as e:\n print(f'Error initializing process group: {e}')\n return\n\n # \u8bbe\u7f6e\u8bbe\u5907\n try:\n if torch.cuda.is_available():\n device = torch.device(f'cuda:{rank % torch.cuda.device_count()}')\n print(f'Using CUDA device: {device}')\n else:\n device = torch.device('cpu')\n print('CUDA not available, using CPU')\n except Exception as e:\n print(f'Error setting device: {e}')\n device = torch.device('cpu')\n print('Falling back to CPU')\n\n try:\n model = SimpleModel().to(device)\n print('Model moved to device successfully')\n except Exception as e:\n print(f'Error moving model to device: {e}')\n return\n\n try:\n if world_size > 1:\n ddp_model = DDP(model, device_ids=[rank % torch.cuda.device_count()] if torch.cuda.is_available() else None)\n print('DDP model created successfully')\n else:\n ddp_model = model\n print('Using non-distributed model')\n except Exception as e:\n print(f'Error creating DDP model: {e}')\n return\n\n loss_fn = nn.MSELoss()\n optimizer = optim.SGD(ddp_model.parameters(), lr=0.001)\n\n # \u751f\u6210\u4e00\u4e9b\u968f\u673a\u6570\u636e\n try:\n data = torch.randn(100, 10, device=device)\n labels = torch.randn(100, 1, device=device)\n print('Data generated and moved to device successfully')\n except Exception as e:\n print(f'Error generating or moving data to device: {e}')\n return\n\n for epoch in range(10):\n try:\n ddp_model.train()\n outputs = ddp_model(data)\n loss = loss_fn(outputs, labels)\n optimizer.zero_grad()\n loss.backward()\n optimizer.step()\n\n if rank == 0:\n print(f'Epoch {epoch}, Loss: {loss.item():.4f}')\n except Exception as e:\n print(f'Error during training epoch {epoch}: {e}')\n break\n\n if world_size > 1:\n dist.destroy_process_group()\n\nif __name__ == '__main__':\n train()\n
"},{"location":"end-user/baize/jobs/pytorch.html#_7","title":"\u4efb\u52a1\u526f\u672c\u6570","text":"\u6ce8\u610f Pytorch \u5206\u5e03\u5f0f
\u8bad\u7ec3\u4efb\u52a1\u4f1a\u521b\u5efa\u4e00\u7ec4 Master
\u548c Worker
\u7684\u8bad\u7ec3 Pod\uff0c Master
\u8d1f\u8d23\u534f\u8c03\u8bad\u7ec3\u4efb\u52a1\uff0cWorker
\u8d1f\u8d23\u5b9e\u9645\u7684\u8bad\u7ec3\u5de5\u4f5c\u3002
Note
\u672c\u6b21\u6f14\u793a\u4e2d\uff1aMaster
\u526f\u672c\u6570\u4e3a 1\uff0cWorker
\u526f\u672c\u6570\u4e3a 2\uff1b \u6240\u4ee5\u6211\u4eec\u9700\u8981\u5728 \u4efb\u52a1\u914d\u7f6e \u4e2d\u8bbe\u7f6e\u526f\u672c\u6570\u4e3a 3\uff0c\u5373 Master
\u526f\u672c\u6570 + Worker
\u526f\u672c\u6570\u3002 Pytorch \u4f1a\u81ea\u52a8\u8c03\u8c10 Master
\u548c Worker
\u7684\u89d2\u8272\u3002
\u540c\u6837\uff0c\u6211\u4eec\u53ef\u4ee5\u8fdb\u5165\u4efb\u52a1\u8be6\u60c5\uff0c\u67e5\u770b\u8d44\u6e90\u7684\u4f7f\u7528\u60c5\u51b5\uff0c\u4ee5\u53ca\u6bcf\u4e2a Pod \u7684\u65e5\u5fd7\u8f93\u51fa\u3002
"},{"location":"end-user/baize/jobs/tensorboard.html","title":"\u4efb\u52a1\u5206\u6790\u4ecb\u7ecd","text":"\u5728 AI Lab \u6a21\u5757\u4e2d\uff0c\u63d0\u4f9b\u4e86\u6a21\u578b\u5f00\u53d1\u8fc7\u7a0b\u91cd\u8981\u7684\u53ef\u89c6\u5316\u5206\u6790\u5de5\u5177\uff0c\u7528\u4e8e\u5c55\u793a\u673a\u5668\u5b66\u4e60\u6a21\u578b\u7684\u8bad\u7ec3\u8fc7\u7a0b\u548c\u7ed3\u679c\u3002 \u672c\u6587\u5c06\u4ecb\u7ecd \u4efb\u52a1\u5206\u6790\uff08Tensorboard\uff09\u7684\u57fa\u672c\u6982\u5ff5\u3001\u5728 AI Lab \u7cfb\u7edf\u4e2d\u7684\u4f7f\u7528\u65b9\u6cd5\uff0c\u4ee5\u53ca\u5982\u4f55\u914d\u7f6e\u6570\u636e\u96c6\u7684\u65e5\u5fd7\u5185\u5bb9\u3002
Note
Tensorboard \u662f TensorFlow \u63d0\u4f9b\u7684\u4e00\u4e2a\u53ef\u89c6\u5316\u5de5\u5177\uff0c\u7528\u4e8e\u5c55\u793a\u673a\u5668\u5b66\u4e60\u6a21\u578b\u7684\u8bad\u7ec3\u8fc7\u7a0b\u548c\u7ed3\u679c\u3002 \u5b83\u53ef\u4ee5\u5e2e\u52a9\u5f00\u53d1\u8005\u66f4\u76f4\u89c2\u5730\u7406\u89e3\u6a21\u578b\u7684\u8bad\u7ec3\u52a8\u6001\uff0c\u5206\u6790\u6a21\u578b\u6027\u80fd\uff0c\u8c03\u8bd5\u6a21\u578b\u95ee\u9898\u7b49\u3002
Tensorboard \u5728\u6a21\u578b\u5f00\u53d1\u8fc7\u7a0b\u4e2d\u7684\u4f5c\u7528\u53ca\u4f18\u52bf\uff1a
\u5728 AI Lab \u7cfb\u7edf\u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86\u4fbf\u6377\u7684\u65b9\u5f0f\u6765\u521b\u5efa\u548c\u7ba1\u7406 Tensorboard\u3002\u4ee5\u4e0b\u662f\u5177\u4f53\u6b65\u9aa4\uff1a
"},{"location":"end-user/baize/jobs/tensorboard.html#notebook-tensorboard","title":"\u5728\u521b\u5efa\u65f6 Notebook \u542f\u7528 Tensorboard","text":"\u542f\u7528 Tensorboard\uff1a\u5728\u521b\u5efa Notebook \u7684\u9875\u9762\u4e2d\uff0c\u542f\u7528 Tensorboard \u9009\u9879\uff0c\u5e76\u6307\u5b9a\u6570\u636e\u96c6\u548c\u65e5\u5fd7\u8def\u5f84\u3002
\u4efb\u52a1\u5b8c\u6210\u540e\u67e5\u770b Tensorboard\uff1a\u4efb\u52a1\u5b8c\u6210\u540e\uff0c\u53ef\u4ee5\u5728\u4efb\u52a1\u8be6\u60c5\u9875\u9762\u4e2d\u67e5\u770b Tensorboard \u7684\u94fe\u63a5\uff0c\u70b9\u51fb\u94fe\u63a5\u5373\u53ef\u67e5\u770b\u8bad\u7ec3\u8fc7\u7a0b\u7684\u53ef\u89c6\u5316\u7ed3\u679c\u3002
\u5728 Notebook \u4e2d\uff0c\u53ef\u4ee5\u901a\u8fc7\u4ee3\u7801\u76f4\u63a5\u542f\u52a8 Tensorboard\u3002\u4ee5\u4e0b\u662f\u4e00\u4e2a\u793a\u4f8b\u4ee3\u7801\uff1a
# \u5bfc\u5165\u5fc5\u8981\u7684\u5e93\nimport tensorflow as tf\nimport datetime\n\n# \u5b9a\u4e49\u65e5\u5fd7\u76ee\u5f55\nlog_dir = \"logs/fit/\" + datetime.datetime.now().strftime(\"%Y%m%d-%H%M%S\")\n\n# \u521b\u5efa Tensorboard \u56de\u8c03\ntensorboard_callback = tf.keras.callbacks.TensorBoard(log_dir=log_dir, histogram_freq=1)\n\n# \u6784\u5efa\u5e76\u7f16\u8bd1\u6a21\u578b\nmodel = tf.keras.models.Sequential([\n tf.keras.layers.Flatten(input_shape=(28, 28)),\n tf.keras.layers.Dense(512, activation='relu'),\n tf.keras.layers.Dropout(0.2),\n tf.keras.layers.Dense(10, activation='softmax')\n])\n\nmodel.compile(optimizer='adam',\n loss='sparse_categorical_crossentropy',\n metrics=['accuracy'])\n\n# \u8bad\u7ec3\u6a21\u578b\u5e76\u542f\u7528 Tensorboard \u56de\u8c03\nmodel.fit(x_train, y_train, epochs=5, validation_data=(x_test, y_test), callbacks=[tensorboard_callback])\n
"},{"location":"end-user/baize/jobs/tensorboard.html#_2","title":"\u5982\u4f55\u914d\u7f6e\u6570\u636e\u96c6\u7684\u65e5\u5fd7\u5185\u5bb9","text":"\u5728\u4f7f\u7528 Tensorboard \u65f6\uff0c\u53ef\u4ee5\u8bb0\u5f55\u548c\u914d\u7f6e\u4e0d\u540c\u7684\u6570\u636e\u96c6\u548c\u65e5\u5fd7\u5185\u5bb9\u3002\u4ee5\u4e0b\u662f\u4e00\u4e9b\u5e38\u89c1\u7684\u914d\u7f6e\u65b9\u5f0f\uff1a
"},{"location":"end-user/baize/jobs/tensorboard.html#_3","title":"\u914d\u7f6e\u8bad\u7ec3\u548c\u9a8c\u8bc1\u6570\u636e\u96c6\u7684\u65e5\u5fd7","text":"\u5728\u8bad\u7ec3\u6a21\u578b\u65f6\uff0c\u53ef\u4ee5\u901a\u8fc7 TensorFlow \u7684 tf.summary
API \u6765\u8bb0\u5f55\u8bad\u7ec3\u548c\u9a8c\u8bc1\u6570\u636e\u96c6\u7684\u65e5\u5fd7\u3002\u4ee5\u4e0b\u662f\u4e00\u4e2a\u793a\u4f8b\u4ee3\u7801\uff1a
# \u5bfc\u5165\u5fc5\u8981\u7684\u5e93\nimport tensorflow as tf\n\n# \u521b\u5efa\u65e5\u5fd7\u76ee\u5f55\ntrain_log_dir = 'logs/gradient_tape/train'\nval_log_dir = 'logs/gradient_tape/val'\ntrain_summary_writer = tf.summary.create_file_writer(train_log_dir)\nval_summary_writer = tf.summary.create_file_writer(val_log_dir)\n\n# \u8bad\u7ec3\u6a21\u578b\u5e76\u8bb0\u5f55\u65e5\u5fd7\nfor epoch in range(EPOCHS):\n for (x_train, y_train) in train_dataset:\n # \u8bad\u7ec3\u6b65\u9aa4\n train_step(x_train, y_train)\n with train_summary_writer.as_default():\n tf.summary.scalar('loss', train_loss.result(), step=epoch)\n tf.summary.scalar('accuracy', train_accuracy.result(), step=epoch)\n\n for (x_val, y_val) in val_dataset:\n # \u9a8c\u8bc1\u6b65\u9aa4\n val_step(x_val, y_val)\n with val_summary_writer.as_default():\n tf.summary.scalar('loss', val_loss.result(), step=epoch)\n tf.summary.scalar('accuracy', val_accuracy.result(), step=epoch)\n
"},{"location":"end-user/baize/jobs/tensorboard.html#_4","title":"\u914d\u7f6e\u81ea\u5b9a\u4e49\u65e5\u5fd7","text":"\u9664\u4e86\u8bad\u7ec3\u548c\u9a8c\u8bc1\u6570\u636e\u96c6\u7684\u65e5\u5fd7\u5916\uff0c\u8fd8\u53ef\u4ee5\u8bb0\u5f55\u5176\u4ed6\u81ea\u5b9a\u4e49\u7684\u65e5\u5fd7\u5185\u5bb9\uff0c\u4f8b\u5982\u5b66\u4e60\u7387\u3001\u68af\u5ea6\u5206\u5e03\u7b49\u3002\u4ee5\u4e0b\u662f\u4e00\u4e2a\u793a\u4f8b\u4ee3\u7801\uff1a
# \u8bb0\u5f55\u81ea\u5b9a\u4e49\u65e5\u5fd7\nwith train_summary_writer.as_default():\n tf.summary.scalar('learning_rate', learning_rate, step=epoch)\n tf.summary.histogram('gradients', gradients, step=epoch)\n
"},{"location":"end-user/baize/jobs/tensorboard.html#tensorboard_2","title":"Tensorboard \u7ba1\u7406","text":"\u5728 AI Lab \u4e2d\uff0c\u901a\u8fc7\u5404\u79cd\u65b9\u5f0f\u521b\u5efa\u51fa\u6765\u7684 Tensorboard \u4f1a\u7edf\u4e00\u5c55\u793a\u5728\u4efb\u52a1\u5206\u6790\u7684\u9875\u9762\u4e2d\uff0c\u65b9\u4fbf\u7528\u6237\u67e5\u770b\u548c\u7ba1\u7406\u3002
\u7528\u6237\u53ef\u4ee5\u5728\u4efb\u52a1\u5206\u6790\u9875\u9762\u4e2d\u67e5\u770b Tensorboard \u7684\u94fe\u63a5\u3001\u72b6\u6001\u3001\u521b\u5efa\u65f6\u95f4\u7b49\u4fe1\u606f\uff0c\u5e76\u901a\u8fc7\u94fe\u63a5\u76f4\u63a5\u8bbf\u95ee Tensorboard \u7684\u53ef\u89c6\u5316\u7ed3\u679c\u3002
"},{"location":"end-user/baize/jobs/tensorflow.html","title":"Tensorflow \u4efb\u52a1","text":"Tensorflow \u662f\u9664\u4e86 Pytorch \u53e6\u5916\u4e00\u4e2a\u975e\u5e38\u6d3b\u8dc3\u7684\u5f00\u6e90\u7684\u6df1\u5ea6\u5b66\u4e60\u6846\u67b6\uff0c\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u7075\u6d3b\u7684\u8bad\u7ec3\u548c\u90e8\u7f72\u73af\u5883\u3002
\u5728 AI Lab \u4e2d\uff0c\u6211\u4eec\u540c\u6837\u63d0\u4f9b\u4e86 Tensorflow \u6846\u67b6\u7684\u652f\u6301\u548c\u9002\u914d\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7\u754c\u9762\u5316\u64cd\u4f5c\uff0c\u5feb\u901f\u521b\u5efa Tensorflow \u4efb\u52a1\uff0c\u8fdb\u884c\u6a21\u578b\u8bad\u7ec3\u3002
"},{"location":"end-user/baize/jobs/tensorflow.html#_1","title":"\u4efb\u52a1\u914d\u7f6e\u4ecb\u7ecd","text":"Tensorflow \u5355\u673a
\u548c Tensorflow \u5206\u5e03\u5f0f
\u4e24\u79cd\u6a21\u5f0f\u3002\u5728\u8fd9\u91cc\u6211\u4eec\u4f7f\u7528 baize-notebook
\u57fa\u7840\u955c\u50cf \u548c \u5173\u8054\u73af\u5883
\u7684\u65b9\u5f0f\u6765\u4f5c\u4e3a\u4efb\u52a1\u57fa\u7840\u8fd0\u884c\u73af\u5883\u3002
\u4e86\u89e3\u5982\u4f55\u521b\u5efa\u73af\u5883\uff0c\u8bf7\u53c2\u8003\u73af\u5883\u5217\u8868\u3002
"},{"location":"end-user/baize/jobs/tensorflow.html#_3","title":"\u521b\u5efa\u4efb\u52a1","text":""},{"location":"end-user/baize/jobs/tensorflow.html#tfjob","title":"\u793a\u4f8b TFJob \u5355\u673a\u4efb\u52a1","text":"Tensorflow \u5355\u673a
\uff0c\u70b9\u51fb \u4e0b\u4e00\u6b65 \u3002\u4f7f\u7528 AI Lab -> \u6570\u636e\u96c6\u5217\u8868 \uff0c\u521b\u5efa\u4e00\u4e2a\u6570\u636e\u96c6\uff0c\u5e76\u5c06\u8fdc\u7aef Github \u7684\u4ee3\u7801\u62c9\u53d6\u5230\u6570\u636e\u96c6\u4e2d\uff0c \u8fd9\u6837\u5728\u521b\u5efa\u4efb\u52a1\u65f6\uff0c\u53ef\u4ee5\u76f4\u63a5\u9009\u62e9\u6570\u636e\u96c6\uff0c\u5c06\u4ee3\u7801\u6302\u8f7d\u5230\u4efb\u52a1\u4e2d\u3002
\u6f14\u793a\u4ee3\u7801\u4ed3\u5e93\u5730\u5740\uff1ahttps://github.com/d-run/training-sample-code/
"},{"location":"end-user/baize/jobs/tensorflow.html#_5","title":"\u8fd0\u884c\u53c2\u6570","text":"bash
python /code/tensorflow/tf-single.py
\"\"\"\n pip install tensorflow numpy\n\"\"\"\n\nimport tensorflow as tf\nimport numpy as np\n\n# \u521b\u5efa\u4e00\u4e9b\u968f\u673a\u6570\u636e\nx = np.random.rand(100, 1)\ny = 2 * x + 1 + np.random.rand(100, 1) * 0.1\n\n# \u521b\u5efa\u4e00\u4e2a\u7b80\u5355\u7684\u6a21\u578b\nmodel = tf.keras.Sequential([\n tf.keras.layers.Dense(1, input_shape=(1,))\n])\n\n# \u7f16\u8bd1\u6a21\u578b\nmodel.compile(optimizer='adam', loss='mse')\n\n# \u8bad\u7ec3\u6a21\u578b\uff0c\u5c06 epochs \u6539\u4e3a 10\nhistory = model.fit(x, y, epochs=10, verbose=1)\n\n# \u6253\u5370\u6700\u7ec8\u635f\u5931\nprint('Final loss: {' + str(history.history['loss'][-1]) +'}')\n\n# \u4f7f\u7528\u6a21\u578b\u8fdb\u884c\u9884\u6d4b\ntest_x = np.array([[0.5]])\nprediction = model.predict(test_x)\nprint(f'Prediction for x=0.5: {prediction[0][0]}')\n
"},{"location":"end-user/baize/jobs/tensorflow.html#_6","title":"\u8fd0\u884c\u7ed3\u679c","text":"\u4efb\u52a1\u63d0\u4ea4\u6210\u529f\u540e\uff0c\u53ef\u4ee5\u8fdb\u5165\u4efb\u52a1\u8be6\u60c5\u67e5\u770b\u5230\u8d44\u6e90\u7684\u4f7f\u7528\u60c5\u51b5\uff0c\u4ece\u53f3\u4e0a\u89d2\u53bb\u5f80 \u5de5\u4f5c\u8d1f\u8f7d\u8be6\u60c5 \uff0c\u53ef\u4ee5\u67e5\u770b\u8bad\u7ec3\u8fc7\u7a0b\u4e2d\u7684\u65e5\u5fd7\u8f93\u51fa\u3002
"},{"location":"end-user/baize/jobs/tensorflow.html#tfjob_1","title":"TFJob \u5206\u5e03\u5f0f\u4efb\u52a1","text":"Tensorflow \u5206\u5e03\u5f0f
\uff0c\u70b9\u51fb \u4e0b\u4e00\u6b65 \u3002\u672c\u6b21\u5305\u542b\u4e86\u4e09\u79cd\u89d2\u8272\uff1aChief
\u3001Worker
\u548c Parameter Server (PS)
\u3002
\u4e3a\u4e0d\u540c\u7684\u89d2\u8272\u5206\u914d\u4e86\u4e0d\u540c\u7684\u8d44\u6e90\u3002Chief
\u548c Worker
\u4f7f\u7528 GPU\uff0c\u800c PS
\u4f7f\u7528 CPU \u548c\u8f83\u5927\u7684\u5185\u5b58\u3002
bash
python /code/tensorflow/tensorflow-distributed.py
import os\nimport json\nimport tensorflow as tf\n\nclass SimpleModel(tf.keras.Model):\n def __init__(self):\n super(SimpleModel, self).__init__()\n self.fc = tf.keras.layers.Dense(1, input_shape=(10,))\n\n def call(self, x):\n return self.fc(x)\n\ndef train():\n # \u6253\u5370\u73af\u5883\u4fe1\u606f\n print(f\"TensorFlow version: {tf.__version__}\")\n print(f\"GPU available: {tf.test.is_gpu_available()}\")\n if tf.test.is_gpu_available():\n print(f\"GPU device count: {len(tf.config.list_physical_devices('GPU'))}\")\n\n # \u83b7\u53d6\u5206\u5e03\u5f0f\u8bad\u7ec3\u4fe1\u606f\n tf_config = json.loads(os.environ.get('TF_CONFIG') or '{}')\n task_type = tf_config.get('task', {}).get('type')\n task_id = tf_config.get('task', {}).get('index')\n\n print(f\"Task type: {task_type}, Task ID: {task_id}\")\n\n # \u8bbe\u7f6e\u5206\u5e03\u5f0f\u7b56\u7565\n strategy = tf.distribute.experimental.MultiWorkerMirroredStrategy()\n\n with strategy.scope():\n model = SimpleModel()\n loss_fn = tf.keras.losses.MeanSquaredError()\n optimizer = tf.keras.optimizers.SGD(learning_rate=0.001)\n\n # \u751f\u6210\u4e00\u4e9b\u968f\u673a\u6570\u636e\n data = tf.random.normal((100, 10))\n labels = tf.random.normal((100, 1))\n\n @tf.function\n def train_step(inputs, labels):\n with tf.GradientTape() as tape:\n predictions = model(inputs)\n loss = loss_fn(labels, predictions)\n gradients = tape.gradient(loss, model.trainable_variables)\n optimizer.apply_gradients(zip(gradients, model.trainable_variables))\n return loss\n\n for epoch in range(10):\n loss = train_step(data, labels)\n if task_type == 'chief':\n print(f'Epoch {epoch}, Loss: {loss.numpy():.4f}')\n\nif __name__ == '__main__':\n train()\n
"},{"location":"end-user/baize/jobs/tensorflow.html#_9","title":"\u8fd0\u884c\u7ed3\u679c","text":"\u540c\u6837\uff0c\u6211\u4eec\u53ef\u4ee5\u8fdb\u5165\u4efb\u52a1\u8be6\u60c5\uff0c\u67e5\u770b\u8d44\u6e90\u7684\u4f7f\u7528\u60c5\u51b5\uff0c\u4ee5\u53ca\u6bcf\u4e2a Pod \u7684\u65e5\u5fd7\u8f93\u51fa\u3002
"},{"location":"end-user/baize/jobs/view.html","title":"\u67e5\u770b\u4efb\u52a1\uff08Job\uff09\u5de5\u4f5c\u8d1f\u8f7d","text":"\u4efb\u52a1\u521b\u5efa\u597d\u540e\uff0c\u90fd\u4f1a\u663e\u793a\u5728\u8bad\u7ec3\u4efb\u52a1\u5217\u8868\u4e2d\u3002
\u5728\u8bad\u7ec3\u8bad\u7ec3\u4efb\u52a1\u5217\u8868\u4e2d\uff0c\u70b9\u51fb\u67d0\u4e2a\u4efb\u52a1\u53f3\u4fa7\u7684 \u2507 -> \u4efb\u52a1\u8d1f\u8f7d\u8be6\u60c5 \u3002
\u51fa\u73b0\u4e00\u4e2a\u5f39\u7a97\u9009\u62e9\u8981\u67e5\u770b\u54ea\u4e2a Pod \u540e\uff0c\u70b9\u51fb \u8fdb\u5165 \u3002
\u8df3\u8f6c\u5230\u5bb9\u5668\u7ba1\u7406\u754c\u9762\uff0c\u53ef\u4ee5\u67e5\u770b\u5bb9\u5668\u7684\u5de5\u4f5c\u72b6\u6001\u3001\u6807\u7b7e\u4e0e\u6ce8\u89e3\u4ee5\u53ca\u53d1\u751f\u7684\u4e8b\u4ef6\u3002
\u4f60\u8fd8\u53ef\u4ee5\u67e5\u770b\u5f53\u524d Pod \u6700\u8fd1\u4e00\u6bb5\u65f6\u95f4\u7684\u8be6\u7ec6\u65e5\u5fd7\u3002 \u6b64\u5904\u9ed8\u8ba4\u5c55\u793a 100 \u884c\u65e5\u5fd7\uff0c\u5982\u679c\u8981\u67e5\u770b\u66f4\u8be6\u7ec6\u7684\u65e5\u5fd7\u6d3b\u4e0b\u8f7d\u65e5\u5fd7\uff0c\u8bf7\u70b9\u51fb\u9876\u90e8\u7684\u84dd\u8272 \u53ef\u89c2\u6d4b\u6027 \u6587\u5b57\u3002
\u5f53\u7136\u4f60\u8fd8\u53ef\u4ee5\u901a\u8fc7\u53f3\u4e0a\u89d2\u7684 ... \uff0c\u67e5\u770b\u5f53\u524d Pod \u7684 YAML\u3001\u4e0a\u4f20\u548c\u4e0b\u8f7d\u6587\u4ef6\u3002 \u4ee5\u4e0b\u662f\u4e00\u4e2a Pod \u7684 YAML \u793a\u4f8b\u3002
kind: Pod\napiVersion: v1\nmetadata:\n name: neko-tensorboard-job-test-202404181843-skxivllb-worker-0\n namespace: default\n uid: ddedb6ff-c278-47eb-ae1e-0de9b7c62f8c\n resourceVersion: '41092552'\n creationTimestamp: '2024-04-18T10:43:36Z'\n labels:\n training.kubeflow.org/job-name: neko-tensorboard-job-test-202404181843-skxivllb\n training.kubeflow.org/operator-name: pytorchjob-controller\n training.kubeflow.org/replica-index: '0'\n training.kubeflow.org/replica-type: worker\n annotations:\n cni.projectcalico.org/containerID: 0cfbb9af257d5e69027c603c6cb2d3890a17c4ae1a145748d5aef73a10d7fbe1\n cni.projectcalico.org/podIP: ''\n cni.projectcalico.org/podIPs: ''\n hami.io/bind-phase: success\n hami.io/bind-time: '1713437016'\n hami.io/vgpu-devices-allocated: GPU-29d5fa0d-935b-2966-aff8-483a174d61d1,NVIDIA,1024,20:;\n hami.io/vgpu-devices-to-allocate: ;\n hami.io/vgpu-node: worker-a800-1\n hami.io/vgpu-time: '1713437016'\n k8s.v1.cni.cncf.io/network-status: |-\n [{\n \"name\": \"kube-system/calico\",\n \"ips\": [\n \"10.233.97.184\"\n ],\n \"default\": true,\n \"dns\": {}\n }]\n k8s.v1.cni.cncf.io/networks-status: |-\n [{\n \"name\": \"kube-system/calico\",\n \"ips\": [\n \"10.233.97.184\"\n ],\n \"default\": true,\n \"dns\": {}\n }]\n ownerReferences:\n - apiVersion: kubeflow.org/v1\n kind: PyTorchJob\n name: neko-tensorboard-job-test-202404181843-skxivllb\n uid: e5a8b05d-1f03-4717-8e1c-4ec928014b7b\n controller: true\n blockOwnerDeletion: true\nspec:\n volumes:\n - name: 0-dataset-pytorch-examples\n persistentVolumeClaim:\n claimName: pytorch-examples\n - name: kube-api-access-wh9rh\n projected:\n sources:\n - serviceAccountToken:\n expirationSeconds: 3607\n path: token\n - configMap:\n name: kube-root-ca.crt\n items:\n - key: ca.crt\n path: ca.crt\n - downwardAPI:\n items:\n - path: namespace\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n defaultMode: 420\n containers:\n - name: pytorch\n image: m.daocloud.io/docker.io/pytorch/pytorch\n command:\n - bash\n args:\n - '-c'\n - >-\n ls -la /root && which pip && pip install pytorch_lightning tensorboard\n && python /root/Git/pytorch/examples/mnist/main.py\n ports:\n - name: pytorchjob-port\n containerPort: 23456\n protocol: TCP\n env:\n - name: PYTHONUNBUFFERED\n value: '1'\n - name: PET_NNODES\n value: '1'\n resources:\n limits:\n cpu: '4'\n memory: 8Gi\n nvidia.com/gpucores: '20'\n nvidia.com/gpumem: '1024'\n nvidia.com/vgpu: '1'\n requests:\n cpu: '4'\n memory: 8Gi\n nvidia.com/gpucores: '20'\n nvidia.com/gpumem: '1024'\n nvidia.com/vgpu: '1'\n volumeMounts:\n - name: 0-dataset-pytorch-examples\n mountPath: /root/Git/pytorch/examples\n - name: kube-api-access-wh9rh\n readOnly: true\n mountPath: /var/run/secrets/kubernetes.io/serviceaccount\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: Always\n restartPolicy: Never\n terminationGracePeriodSeconds: 30\n dnsPolicy: ClusterFirst\n serviceAccountName: default\n serviceAccount: default\n nodeName: worker-a800-1\n securityContext: {}\n affinity: {}\n schedulerName: hami-scheduler\n tolerations:\n - key: node.kubernetes.io/not-ready\n operator: Exists\n effect: NoExecute\n tolerationSeconds: 300\n - key: node.kubernetes.io/unreachable\n operator: Exists\n effect: NoExecute\n tolerationSeconds: 300\n priorityClassName: baize-high-priority\n priority: 100000\n enableServiceLinks: true\n preemptionPolicy: PreemptLowerPriority\nstatus:\n phase: Succeeded\n conditions:\n - type: Initialized\n status: 'True'\n lastProbeTime: null\n lastTransitionTime: '2024-04-18T10:43:36Z'\n reason: PodCompleted\n - type: Ready\n status: 'False'\n lastProbeTime: null\n lastTransitionTime: '2024-04-18T10:46:34Z'\n reason: PodCompleted\n - type: ContainersReady\n status: 'False'\n lastProbeTime: null\n lastTransitionTime: '2024-04-18T10:46:34Z'\n reason: PodCompleted\n - type: PodScheduled\n status: 'True'\n lastProbeTime: null\n lastTransitionTime: '2024-04-18T10:43:36Z'\n hostIP: 10.20.100.211\n podIP: 10.233.97.184\n podIPs:\n - ip: 10.233.97.184\n startTime: '2024-04-18T10:43:36Z'\n containerStatuses:\n - name: pytorch\n state:\n terminated:\n exitCode: 0\n reason: Completed\n startedAt: '2024-04-18T10:43:39Z'\n finishedAt: '2024-04-18T10:46:34Z'\n containerID: >-\n containerd://09010214bcf3315e81d38fba50de3943c9d2b48f50a6cc2e83f8ef0e5c6eeec1\n lastState: {}\n ready: false\n restartCount: 0\n image: m.daocloud.io/docker.io/pytorch/pytorch:latest\n imageID: >-\n m.daocloud.io/docker.io/pytorch/pytorch@sha256:11691e035a3651d25a87116b4f6adc113a27a29d8f5a6a583f8569e0ee5ff897\n containerID: >-\n containerd://09010214bcf3315e81d38fba50de3943c9d2b48f50a6cc2e83f8ef0e5c6eeec1\n started: false\n qosClass: Guaranteed\n
"},{"location":"end-user/ghippo/personal-center/accesstoken.html","title":"\u8bbf\u95ee\u5bc6\u94a5","text":"\u8bbf\u95ee\u5bc6\u94a5\uff08Access Key\uff09\u53ef\u7528\u4e8e\u8bbf\u95ee\u5f00\u653e API \u548c\u6301\u7eed\u53d1\u5e03\uff0c\u7528\u6237\u53ef\u5728\u4e2a\u4eba\u4e2d\u5fc3\u53c2\u7167\u4ee5\u4e0b\u6b65\u9aa4\u83b7\u53d6\u5bc6\u94a5\u5e76\u8bbf\u95ee API\u3002
"},{"location":"end-user/ghippo/personal-center/accesstoken.html#_2","title":"\u83b7\u53d6\u5bc6\u94a5","text":"\u767b\u5f55 AI \u7b97\u529b\u5e73\u53f0\uff0c\u5728\u53f3\u4e0a\u89d2\u7684\u4e0b\u62c9\u83dc\u5355\u4e2d\u627e\u5230 \u4e2a\u4eba\u4e2d\u5fc3 \uff0c\u53ef\u4ee5\u5728 \u8bbf\u95ee\u5bc6\u94a5 \u9875\u9762\u7ba1\u7406\u8d26\u53f7\u7684\u8bbf\u95ee\u5bc6\u94a5\u3002
Info
\u8bbf\u95ee\u5bc6\u94a5\u4fe1\u606f\u4ec5\u663e\u793a\u4e00\u6b21\u3002\u5982\u679c\u60a8\u5fd8\u8bb0\u4e86\u8bbf\u95ee\u5bc6\u94a5\u4fe1\u606f\uff0c\u60a8\u9700\u8981\u91cd\u65b0\u521b\u5efa\u65b0\u7684\u8bbf\u95ee\u5bc6\u94a5\u3002
"},{"location":"end-user/ghippo/personal-center/accesstoken.html#api","title":"\u4f7f\u7528\u5bc6\u94a5\u8bbf\u95ee API","text":"\u5728\u8bbf\u95ee\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0openAPI \u65f6\uff0c\u5728\u8bf7\u6c42\u4e2d\u52a0\u4e0a\u8bf7\u6c42\u5934 Authorization:Bearer ${token}
\u4ee5\u6807\u8bc6\u8bbf\u95ee\u8005\u7684\u8eab\u4efd\uff0c \u5176\u4e2d ${token}
\u662f\u4e0a\u4e00\u6b65\u4e2d\u83b7\u53d6\u5230\u7684\u5bc6\u94a5\uff0c\u5177\u4f53\u63a5\u53e3\u4fe1\u606f\u53c2\u89c1 OpenAPI \u63a5\u53e3\u6587\u6863\u3002
\u8bf7\u6c42\u793a\u4f8b
curl -X GET -H 'Authorization:Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IkRKVjlBTHRBLXZ4MmtQUC1TQnVGS0dCSWc1cnBfdkxiQVVqM2U3RVByWnMiLCJ0eXAiOiJKV1QifQ.eyJleHAiOjE2NjE0MTU5NjksImlhdCI6MTY2MDgxMTE2OSwiaXNzIjoiZ2hpcHBvLmlvIiwic3ViIjoiZjdjOGIxZjUtMTc2MS00NjYwLTg2MWQtOWI3MmI0MzJmNGViIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiYWRtaW4iLCJncm91cHMiOltdfQ.RsUcrAYkQQ7C6BxMOrdD3qbBRUt0VVxynIGeq4wyIgye6R8Ma4cjxG5CbU1WyiHKpvIKJDJbeFQHro2euQyVde3ygA672ozkwLTnx3Tu-_mB1BubvWCBsDdUjIhCQfT39rk6EQozMjb-1X1sbLwzkfzKMls-oxkjagI_RFrYlTVPwT3Oaw-qOyulRSw7Dxd7jb0vINPq84vmlQIsI3UuTZSNO5BCgHpubcWwBss-Aon_DmYA-Et_-QtmPBA3k8E2hzDSzc7eqK0I68P25r9rwQ3DeKwD1dbRyndqWORRnz8TLEXSiCFXdZT2oiMrcJtO188Ph4eLGut1-4PzKhwgrQ' https://demo-dev.daocloud.io/apis/ghippo.io/v1alpha1/users?page=1&pageSize=10 -k\n
\u8bf7\u6c42\u7ed3\u679c
{\n \"items\": [\n {\n \"id\": \"a7cfd010-ebbe-4601-987f-d098d9ef766e\",\n \"name\": \"a\",\n \"email\": \"\",\n \"description\": \"\",\n \"firstname\": \"\",\n \"lastname\": \"\",\n \"source\": \"locale\",\n \"enabled\": true,\n \"createdAt\": \"1660632794800\",\n \"updatedAt\": \"0\",\n \"lastLoginAt\": \"\"\n }\n ],\n \"pagination\": {\n \"page\": 1,\n \"pageSize\": 10,\n \"total\": 1\n }\n}\n
"},{"location":"end-user/ghippo/personal-center/language.html","title":"\u8bed\u8a00\u8bbe\u7f6e","text":"\u672c\u8282\u8bf4\u660e\u5982\u4f55\u8bbe\u7f6e\u754c\u9762\u8bed\u8a00\u3002\u76ee\u524d\u652f\u6301\u4e2d\u6587\u3001English \u4e24\u4e2a\u8bed\u8a00\u3002
\u8bed\u8a00\u8bbe\u7f6e\u662f\u5e73\u53f0\u63d0\u4f9b\u591a\u8bed\u8a00\u670d\u52a1\u7684\u5165\u53e3\uff0c\u5e73\u53f0\u9ed8\u8ba4\u663e\u793a\u4e3a\u4e2d\u6587\uff0c\u7528\u6237\u53ef\u6839\u636e\u9700\u8981\u9009\u62e9\u82f1\u8bed\u6216\u81ea\u52a8\u68c0\u6d4b\u6d4f\u89c8\u5668\u8bed\u8a00\u9996\u9009\u9879\u7684\u65b9\u5f0f\u6765\u5207\u6362\u5e73\u53f0\u8bed\u8a00\u3002 \u6bcf\u4e2a\u7528\u6237\u7684\u591a\u8bed\u8a00\u670d\u52a1\u662f\u76f8\u4e92\u72ec\u7acb\u7684\uff0c\u5207\u6362\u540e\u4e0d\u4f1a\u5f71\u54cd\u5176\u4ed6\u7528\u6237\u3002
\u5e73\u53f0\u63d0\u4f9b\u4e09\u79cd\u5207\u6362\u8bed\u8a00\u65b9\u5f0f\uff1a\u4e2d\u6587\u3001\u82f1\u8bed-English\u3001\u81ea\u52a8\u68c0\u6d4b\u60a8\u7684\u6d4f\u89c8\u5668\u8bed\u8a00\u9996\u9009\u9879\u3002
\u64cd\u4f5c\u6b65\u9aa4\u5982\u4e0b\u3002
\u4f7f\u7528\u60a8\u7684\u7528\u6237\u540d/\u5bc6\u7801\u767b\u5f55 AI \u7b97\u529b\u5e73\u53f0\u3002\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u5e95\u90e8\u7684 \u5168\u5c40\u7ba1\u7406 \u3002
\u70b9\u51fb\u53f3\u4e0a\u89d2\u7684\u7528\u6237\u540d\u4f4d\u7f6e\uff0c\u9009\u62e9 \u4e2a\u4eba\u4e2d\u5fc3 \u3002
\u70b9\u51fb \u8bed\u8a00\u8bbe\u7f6e \u9875\u7b7e\u3002
\u5207\u6362\u8bed\u8a00\u9009\u9879\u3002
\u529f\u80fd\u8bf4\u660e\uff1a\u7528\u4e8e\u586b\u5199\u90ae\u7bb1\u5730\u5740\u548c\u4fee\u6539\u767b\u5f55\u5bc6\u7801\u3002
\u5177\u4f53\u64cd\u4f5c\u6b65\u9aa4\u5982\u4e0b\uff1a
\u70b9\u51fb\u53f3\u4e0a\u89d2\u7684\u7528\u6237\u540d\u4f4d\u7f6e\uff0c\u9009\u62e9 \u4e2a\u4eba\u4e2d\u5fc3 \u3002
\u70b9\u51fb \u5b89\u5168\u8bbe\u7f6e \u9875\u7b7e\u3002\u586b\u5199\u60a8\u7684\u90ae\u7bb1\u5730\u5740\u6216\u4fee\u6539\u767b\u5f55\u5bc6\u7801\u3002
\u672c\u6587\u8bf4\u660e\u5982\u4f55\u914d\u7f6e SSH \u516c\u94a5\u3002
"},{"location":"end-user/ghippo/personal-center/ssh-key.html#1-ssh","title":"\u6b65\u9aa4 1\uff1a\u67e5\u770b\u5df2\u5b58\u5728\u7684 SSH \u5bc6\u94a5","text":"\u5728\u751f\u6210\u65b0\u7684 SSH \u5bc6\u94a5\u524d\uff0c\u8bf7\u5148\u786e\u8ba4\u662f\u5426\u9700\u8981\u4f7f\u7528\u672c\u5730\u5df2\u751f\u6210\u7684 SSH \u5bc6\u94a5\uff0cSSH \u5bc6\u94a5\u5bf9\u4e00\u822c\u5b58\u653e\u5728\u672c\u5730\u7528\u6237\u7684\u6839\u76ee\u5f55\u4e0b\u3002 Linux\u3001Mac \u8bf7\u76f4\u63a5\u4f7f\u7528\u4ee5\u4e0b\u547d\u4ee4\u67e5\u770b\u5df2\u5b58\u5728\u7684\u516c\u94a5\uff0cWindows \u7528\u6237\u5728 WSL\uff08\u9700\u8981 Windows 10 \u6216\u4ee5\u4e0a\uff09\u6216 Git Bash \u4e0b\u4f7f\u7528\u4ee5\u4e0b\u547d\u4ee4\u67e5\u770b\u5df2\u751f\u6210\u7684\u516c\u94a5\u3002
ED25519 \u7b97\u6cd5\uff1a
cat ~/.ssh/id_ed25519.pub\n
RSA \u7b97\u6cd5\uff1a
cat ~/.ssh/id_rsa.pub\n
\u5982\u679c\u8fd4\u56de\u4e00\u957f\u4e32\u4ee5 ssh-ed25519 \u6216 ssh-rsa \u5f00\u5934\u7684\u5b57\u7b26\u4e32\uff0c\u8bf4\u660e\u5df2\u5b58\u5728\u672c\u5730\u516c\u94a5\uff0c \u60a8\u53ef\u4ee5\u8df3\u8fc7\u6b65\u9aa4 2 \u751f\u6210 SSH \u5bc6\u94a5\uff0c\u76f4\u63a5\u64cd\u4f5c\u6b65\u9aa4 3\u3002
"},{"location":"end-user/ghippo/personal-center/ssh-key.html#2-ssh","title":"\u6b65\u9aa4 2\uff1a\u751f\u6210 SSH \u5bc6\u94a5","text":"\u82e5\u6b65\u9aa4 1 \u672a\u8fd4\u56de\u6307\u5b9a\u7684\u5185\u5bb9\u5b57\u7b26\u4e32\uff0c\u8868\u793a\u672c\u5730\u6682\u65e0\u53ef\u7528 SSH \u5bc6\u94a5\uff0c\u9700\u8981\u751f\u6210\u65b0\u7684 SSH \u5bc6\u94a5\uff0c\u8bf7\u6309\u5982\u4e0b\u6b65\u9aa4\u64cd\u4f5c\uff1a
\u8bbf\u95ee\u7ec8\u7aef\uff08Windows \u8bf7\u4f7f\u7528 WSL \u6216 Git Bash\uff09\uff0c \u8fd0\u884c ssh-keygen -t
\u3002
\u8f93\u5165\u5bc6\u94a5\u7b97\u6cd5\u7c7b\u578b\u548c\u53ef\u9009\u7684\u6ce8\u91ca\u3002
\u6ce8\u91ca\u4f1a\u51fa\u73b0\u5728 .pub \u6587\u4ef6\u4e2d\uff0c\u4e00\u822c\u53ef\u4f7f\u7528\u90ae\u7bb1\u4f5c\u4e3a\u6ce8\u91ca\u5185\u5bb9\u3002
\u57fa\u4e8e ED25519
\u7b97\u6cd5\uff0c\u751f\u6210\u5bc6\u94a5\u5bf9\u547d\u4ee4\u5982\u4e0b\uff1a
ssh-keygen -t ed25519 -C \"<\u6ce8\u91ca\u5185\u5bb9>\"\n
\u57fa\u4e8e RSA
\u7b97\u6cd5\uff0c\u751f\u6210\u5bc6\u94a5\u5bf9\u547d\u4ee4\u5982\u4e0b\uff1a
ssh-keygen -t rsa -C \"<\u6ce8\u91ca\u5185\u5bb9>\"\n
\u70b9\u51fb\u56de\u8f66\uff0c\u9009\u62e9 SSH \u5bc6\u94a5\u751f\u6210\u8def\u5f84\u3002
\u4ee5 ED25519 \u7b97\u6cd5\u4e3a\u4f8b\uff0c\u9ed8\u8ba4\u8def\u5f84\u5982\u4e0b\uff1a
Generating public/private ed25519 key pair.\nEnter file in which to save the key (/home/user/.ssh/id_ed25519):\n
\u5bc6\u94a5\u9ed8\u8ba4\u751f\u6210\u8def\u5f84\uff1a/home/user/.ssh/id_ed25519
\uff0c\u516c\u94a5\u4e0e\u4e4b\u5bf9\u5e94\u4e3a\uff1a/home/user/.ssh/id_ed25519.pub
\u3002
\u8bbe\u7f6e\u4e00\u4e2a\u5bc6\u94a5\u53e3\u4ee4\u3002
Enter passphrase (empty for no passphrase):\nEnter same passphrase again:\n
\u53e3\u4ee4\u9ed8\u8ba4\u4e3a\u7a7a\uff0c\u60a8\u53ef\u4ee5\u9009\u62e9\u4f7f\u7528\u53e3\u4ee4\u4fdd\u62a4\u79c1\u94a5\u6587\u4ef6\u3002 \u5982\u679c\u60a8\u4e0d\u60f3\u5728\u6bcf\u6b21\u4f7f\u7528 SSH \u534f\u8bae\u8bbf\u95ee\u4ed3\u5e93\u65f6\uff0c\u90fd\u8981\u8f93\u5165\u7528\u4e8e\u4fdd\u62a4\u79c1\u94a5\u6587\u4ef6\u7684\u53e3\u4ee4\uff0c\u53ef\u4ee5\u5728\u521b\u5efa\u5bc6\u94a5\u65f6\uff0c\u8f93\u5165\u7a7a\u53e3\u4ee4\u3002
\u70b9\u51fb\u56de\u8f66\uff0c\u5b8c\u6210\u5bc6\u94a5\u5bf9\u521b\u5efa\u3002
\u9664\u4e86\u5728\u547d\u4ee4\u884c\u6253\u5370\u51fa\u5df2\u751f\u6210\u7684\u516c\u94a5\u4fe1\u606f\u624b\u52a8\u590d\u5236\u5916\uff0c\u53ef\u4ee5\u4f7f\u7528\u547d\u4ee4\u62f7\u8d1d\u516c\u94a5\u5230\u7c98\u8d34\u677f\u4e0b\uff0c\u8bf7\u53c2\u8003\u64cd\u4f5c\u7cfb\u7edf\u4f7f\u7528\u4ee5\u4e0b\u547d\u4ee4\u8fdb\u884c\u62f7\u8d1d\u3002
Windows\uff08\u5728 WSL \u6216 Git Bash \u4e0b\uff09\uff1a
cat ~/.ssh/id_ed25519.pub | clip\n
Mac\uff1a
tr -d '\\n'< ~/.ssh/id_ed25519.pub | pbcopy\n
GNU/Linux (requires xclip):
xclip -sel clip < ~/.ssh/id_ed25519.pub\n
\u767b\u5f55\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0UI \u9875\u9762\uff0c\u5728\u9875\u9762\u53f3\u4e0a\u89d2\u9009\u62e9 \u4e2a\u4eba\u4e2d\u5fc3 -> SSH \u516c\u94a5 \u3002
\u6dfb\u52a0\u751f\u6210\u7684 SSH \u516c\u94a5\u4fe1\u606f\u3002
SSH \u516c\u94a5\u5185\u5bb9\u3002
\u516c\u94a5\u6807\u9898\uff1a\u652f\u6301\u81ea\u5b9a\u4e49\u516c\u94a5\u540d\u79f0\uff0c\u7528\u4e8e\u533a\u5206\u7ba1\u7406\u3002
\u8fc7\u671f\u65f6\u95f4\uff1a\u8bbe\u7f6e\u516c\u94a5\u8fc7\u671f\u65f6\u95f4\uff0c\u5230\u671f\u540e\u516c\u94a5\u5c06\u81ea\u52a8\u5931\u6548\uff0c\u4e0d\u53ef\u4f7f\u7528\uff1b\u5982\u679c\u4e0d\u8bbe\u7f6e\uff0c\u5219\u6c38\u4e45\u6709\u6548\u3002
\u6587\u4ef6\u5939\u5177\u6709\u6743\u9650\u6620\u5c04\u80fd\u529b\uff0c\u80fd\u591f\u5c06\u7528\u6237/\u7528\u6237\u7ec4\u5728\u672c\u6587\u4ef6\u5939\u7684\u6743\u9650\u6620\u5c04\u5230\u5176\u4e0b\u7684\u5b50\u6587\u4ef6\u5939\u3001\u5de5\u4f5c\u7a7a\u95f4\u4ee5\u53ca\u8d44\u6e90\u4e0a\u3002
\u82e5\u7528\u6237/\u7528\u6237\u7ec4\u5728\u672c\u6587\u4ef6\u5939\u662f Folder Admin \u89d2\u8272\uff0c\u6620\u5c04\u5230\u5b50\u6587\u4ef6\u5939\u4ecd\u4e3a Folder Admin \u89d2\u8272\uff0c\u6620\u5c04\u5230\u5176\u4e0b\u7684\u5de5\u4f5c\u7a7a\u95f4\u5219\u4e3a Workspace Admin\uff1b \u82e5\u5728 \u5de5\u4f5c\u7a7a\u95f4\u4e0e\u5c42\u7ea7 -> \u8d44\u6e90\u7ec4 \u4e2d\u7ed1\u5b9a\u4e86 Namespace\uff0c\u5219\u6620\u5c04\u540e\u8be5\u7528\u6237/\u7528\u6237\u7ec4\u540c\u65f6\u8fd8\u662f Namespace Admin\u3002
Note
\u6587\u4ef6\u5939\u7684\u6743\u9650\u6620\u5c04\u80fd\u529b\u4e0d\u4f1a\u4f5c\u7528\u5230\u5171\u4eab\u8d44\u6e90\u4e0a\uff0c\u56e0\u4e3a\u5171\u4eab\u662f\u5c06\u96c6\u7fa4\u7684\u4f7f\u7528\u6743\u9650\u5171\u4eab\u7ed9\u591a\u4e2a\u5de5\u4f5c\u7a7a\u95f4\uff0c\u800c\u4e0d\u662f\u5c06\u7ba1\u7406\u6743\u9650\u53d7\u8ba9\u7ed9\u5de5\u4f5c\u7a7a\u95f4\uff0c\u56e0\u6b64\u4e0d\u4f1a\u5b9e\u73b0\u6743\u9650\u7ee7\u627f\u548c\u89d2\u8272\u6620\u5c04\u3002
"},{"location":"end-user/ghippo/workspace/folder-permission.html#_2","title":"\u5e94\u7528\u573a\u666f","text":"\u6587\u4ef6\u5939\u5177\u6709\u5c42\u7ea7\u80fd\u529b\uff0c\u56e0\u6b64\u5c06\u6587\u4ef6\u5939\u5bf9\u5e94\u4e8e\u4f01\u4e1a\u4e2d\u7684\u90e8\u95e8/\u4f9b\u5e94\u5546/\u9879\u76ee\u7b49\u5c42\u7ea7\u65f6\uff0c
\u6587\u4ef6\u5939\u5177\u6709\u6743\u9650\u6620\u5c04\u80fd\u529b\uff0c\u80fd\u591f\u5c06\u7528\u6237/\u7528\u6237\u7ec4\u5728\u672c\u6587\u4ef6\u5939\u7684\u6743\u9650\u6620\u5c04\u5230\u5176\u4e0b\u7684\u5b50\u6587\u4ef6\u5939\u3001\u5de5\u4f5c\u7a7a\u95f4\u4ee5\u53ca\u8d44\u6e90\u4e0a\u3002
\u53c2\u7167\u4ee5\u4e0b\u6b65\u9aa4\u521b\u5efa\u4e00\u4e2a\u6587\u4ef6\u5939\u3002
\u4f7f\u7528 admin/folder admin \u89d2\u8272\u7684\u7528\u6237\u767b\u5f55 AI \u7b97\u529b\u5e73\u53f0\uff0c\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u5e95\u90e8\u7684 \u5168\u5c40\u7ba1\u7406 -> \u5de5\u4f5c\u7a7a\u95f4\u4e0e\u5c42\u7ea7 \u3002
\u70b9\u51fb\u53f3\u4e0a\u89d2\u7684 \u521b\u5efa\u6587\u4ef6\u5939 \u6309\u94ae\u3002
\u586b\u5199\u6587\u4ef6\u5939\u540d\u79f0\u3001\u4e0a\u4e00\u7ea7\u6587\u4ef6\u5939\u7b49\u4fe1\u606f\u540e\uff0c\u70b9\u51fb \u786e\u5b9a \uff0c\u5b8c\u6210\u521b\u5efa\u6587\u4ef6\u5939\u3002
Tip
\u521b\u5efa\u6210\u529f\u540e\u6587\u4ef6\u5939\u540d\u79f0\u5c06\u663e\u793a\u5728\u5de6\u4fa7\u7684\u6811\u72b6\u7ed3\u6784\u4e2d\uff0c\u4ee5\u4e0d\u540c\u7684\u56fe\u6807\u8868\u793a\u5de5\u4f5c\u7a7a\u95f4\u548c\u6587\u4ef6\u5939\u3002
Note
\u9009\u4e2d\u67d0\u4e00\u4e2a\u6587\u4ef6\u5939\u6216\u6587\u4ef6\u5939\uff0c\u70b9\u51fb\u53f3\u4fa7\u7684 \u2507 \u53ef\u4ee5\u8fdb\u884c\u7f16\u8f91\u6216\u5220\u9664\u3002
\u5f53\u8be5\u6587\u4ef6\u5939\u4e0b\u8d44\u6e90\u7ec4\u3001\u5171\u4eab\u8d44\u6e90\u4e2d\u5b58\u5728\u8d44\u6e90\u65f6\uff0c\u8be5\u6587\u4ef6\u5939\u65e0\u6cd5\u88ab\u5220\u9664\uff0c\u9700\u8981\u5c06\u6240\u6709\u8d44\u6e90\u89e3\u7ed1\u540e\u518d\u5220\u9664\u3002
\u5f53\u5fae\u670d\u52a1\u5f15\u64ce\u6a21\u5757\u5728\u8be5\u6587\u4ef6\u5939\u4e0b\u5b58\u5728\u63a5\u5165\u6ce8\u518c\u4e2d\u5fc3\u8d44\u6e90\u65f6\uff0c\u8be5\u6587\u4ef6\u5939\u65e0\u6cd5\u88ab\u5220\u9664\uff0c\u9700\u8981\u5c06\u6240\u6709\u63a5\u5165\u6ce8\u518c\u4e2d\u5fc3\u79fb\u9664\u540e\u518d\u5220\u9664\u6587\u4ef6\u5939\u3002
\u5171\u4eab\u8d44\u6e90\u5e76\u975e\u610f\u5473\u7740\u88ab\u5171\u4eab\u8005\u53ef\u4ee5\u65e0\u9650\u5236\u5730\u4f7f\u7528\u88ab\u5171\u4eab\u7684\u8d44\u6e90\u3002 Admin\u3001Kpanda Owner \u548c Workspace Admin \u53ef\u4ee5\u901a\u8fc7\u5171\u4eab\u8d44\u6e90\u4e2d\u7684 \u8d44\u6e90\u914d\u989d \u529f\u80fd\u9650\u5236\u67d0\u4e2a\u7528\u6237\u7684\u6700\u5927\u4f7f\u7528\u989d\u5ea6\u3002 \u82e5\u4e0d\u9650\u5236\uff0c\u5219\u8868\u793a\u53ef\u4ee5\u65e0\u9650\u5236\u4f7f\u7528\u3002
\u4e00\u4e2a\u8d44\u6e90\uff08\u96c6\u7fa4\uff09\u53ef\u4ee5\u88ab\u591a\u4e2a\u5de5\u4f5c\u7a7a\u95f4\u5171\u4eab\uff0c\u4e00\u4e2a\u5de5\u4f5c\u7a7a\u95f4\u4e5f\u53ef\u4ee5\u540c\u65f6\u4f7f\u7528\u591a\u4e2a\u5171\u4eab\u96c6\u7fa4\u4e2d\u7684\u8d44\u6e90\u3002
"},{"location":"end-user/ghippo/workspace/quota.html#_1","title":"\u8d44\u6e90\u7ec4\u548c\u5171\u4eab\u8d44\u6e90","text":"\u5171\u4eab\u8d44\u6e90\u548c\u8d44\u6e90\u7ec4\u4e2d\u7684\u96c6\u7fa4\u8d44\u6e90\u5747\u6765\u81ea\u5bb9\u5668\u7ba1\u7406\uff0c\u4f46\u662f\u96c6\u7fa4\u7ed1\u5b9a\u548c\u5171\u4eab\u7ed9\u540c\u4e00\u4e2a\u5de5\u4f5c\u7a7a\u95f4\u5c06\u4f1a\u4ea7\u751f\u4e24\u79cd\u622a\u7136\u4e0d\u540c\u7684\u6548\u679c\u3002
\u7ed1\u5b9a\u8d44\u6e90
\u4f7f\u5de5\u4f5c\u7a7a\u95f4\u4e2d\u7684\u7528\u6237/\u7528\u6237\u7ec4\u5177\u6709\u8be5\u96c6\u7fa4\u7684\u5168\u90e8\u7ba1\u7406\u548c\u4f7f\u7528\u6743\u9650\uff0cWorkspace Admin \u5c06\u88ab\u6620\u5c04\u4e3a Cluster Admin\u3002 Workspace Admin \u80fd\u591f\u8fdb\u5165\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u7ba1\u7406\u8be5\u96c6\u7fa4\u3002
Note
\u5f53\u524d\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u6682\u65e0 Cluster Editor \u548c Cluster Viewer \u89d2\u8272\uff0c\u56e0\u6b64 Workspace Editor\u3001Workspace Viewer \u8fd8\u65e0\u6cd5\u6620\u5c04\u3002
\u65b0\u589e\u5171\u4eab\u8d44\u6e90
\u4f7f\u5de5\u4f5c\u7a7a\u95f4\u4e2d\u7684\u7528\u6237/\u7528\u6237\u7ec4\u5177\u6709\u8be5\u96c6\u7fa4\u8d44\u6e90\u7684\u4f7f\u7528\u6743\u9650\uff0c\u8fd9\u4e9b\u8d44\u6e90\u53ef\u4ee5\u5728\u521b\u5efa\u547d\u540d\u7a7a\u95f4\uff08Namespace\uff09\u65f6\u4f7f\u7528\u3002
\u4e0e\u8d44\u6e90\u7ec4\u4e0d\u540c\uff0c\u5c06\u96c6\u7fa4\u5171\u4eab\u5230\u5de5\u4f5c\u7a7a\u95f4\u65f6\uff0c\u7528\u6237\u5728\u5de5\u4f5c\u7a7a\u95f4\u7684\u89d2\u8272\u4e0d\u4f1a\u6620\u5c04\u5230\u8d44\u6e90\u4e0a\uff0c\u56e0\u6b64 Workspace Admin \u4e0d\u4f1a\u88ab\u6620\u5c04\u4e3a Cluster admin\u3002
\u672c\u8282\u5c55\u793a 3 \u4e2a\u4e0e\u8d44\u6e90\u914d\u989d\u6709\u5173\u7684\u573a\u666f\u3002
"},{"location":"end-user/ghippo/workspace/quota.html#_2","title":"\u521b\u5efa\u547d\u540d\u7a7a\u95f4","text":"\u521b\u5efa\u547d\u540d\u7a7a\u95f4\u65f6\u4f1a\u6d89\u53ca\u5230\u8d44\u6e90\u914d\u989d\u3002
\u5728\u5de5\u4f5c\u7a7a\u95f4 ws01 \u65b0\u589e\u4e00\u4e2a\u5171\u4eab\u96c6\u7fa4\u3002
\u5728\u5e94\u7528\u5de5\u4f5c\u53f0\u9009\u62e9\u5de5\u4f5c\u7a7a\u95f4 ws01 \u548c\u5171\u4eab\u96c6\u7fa4\uff0c\u521b\u5efa\u547d\u540d\u7a7a\u95f4 ns01\u3002
\u524d\u63d0\uff1a\u5de5\u4f5c\u7a7a\u95f4 ws01 \u5df2\u65b0\u589e\u5171\u4eab\u96c6\u7fa4\uff0c\u64cd\u4f5c\u8005\u4e3a Workspace Admin + Kpanda Owner \u6216 Admin \u89d2\u8272\u3002
\u4ee5\u4e0b\u4e24\u79cd\u7ed1\u5b9a\u65b9\u5f0f\u7684\u6548\u679c\u76f8\u540c\u3002
\u5728\u5bb9\u5668\u7ba1\u7406\u4e2d\u5c06\u521b\u5efa\u7684\u547d\u540d\u7a7a\u95f4 ns01 \u7ed1\u5b9a\u5230 ws01
\u5728\u5168\u5c40\u7ba1\u7406\u4e2d\uff0c\u5c06\u547d\u540d\u7a7a\u95f4 ns01 \u7ed1\u5b9a\u5230 ws01
\u4ee5\u4e0b\u4e24\u79cd\u89e3\u7ed1\u65b9\u5f0f\u7684\u6548\u679c\u76f8\u540c\u3002
\u5728\u5bb9\u5668\u7ba1\u7406\u4e2d\u5c06\u547d\u540d\u7a7a\u95f4 ns01 \u4ece\u5de5\u4f5c\u7a7a\u95f4 ws01 \u89e3\u7ed1
\u5728\u5168\u5c40\u7ba1\u7406\u4e2d\u5c06\u547d\u540d\u7a7a\u95f4 ns01 \u4ece\u5de5\u4f5c\u7a7a\u95f4 ws01 \u89e3\u7ed1
\u8d44\u6e90\u7ec4\u4e0e\u5171\u4eab\u8d44\u6e90\u5747\u652f\u6301\u7ed1\u5b9a\u96c6\u7fa4\uff0c\u4f46\u4f7f\u7528\u4e0a\u5b58\u5728\u5f88\u5927\u533a\u522b\u3002
"},{"location":"end-user/ghippo/workspace/res-gp-and-shared-res.html#_2","title":"\u4f7f\u7528\u573a\u666f\u533a\u522b","text":"\u8bf4\u660e\uff1a\u5728\u8be5\u573a\u666f\u4e2d\uff0c\u9700\u8981\u5e73\u53f0\u7ba1\u7406\u5458\u5bf9\u4e8c\u7ea7\u4f9b\u5e94\u5546\u8fdb\u884c\u8d44\u6e90\u9650\u5236\uff0c\u6682\u65f6\u8fd8\u4e0d\u652f\u6301\u4e00\u7ea7\u4f9b\u5e94\u5546\u9650\u5236\u4e8c\u7ea7\u4f9b\u5e94\u5546\u7684\u96c6\u7fa4\u989d\u5ea6\u3002
"},{"location":"end-user/ghippo/workspace/res-gp-and-shared-res.html#_3","title":"\u96c6\u7fa4\u989d\u5ea6\u7684\u4f7f\u7528\u533a\u522b","text":"\u5728\u8d44\u6e90\u7ec4/\u5171\u4eab\u8d44\u6e90\u7ed1\u5b9a\u96c6\u7fa4\u540e\u90fd\u53ef\u4ee5\u524d\u5f80\u5e94\u7528\u5de5\u4f5c\u53f0\u521b\u5efa\u547d\u540d\u7a7a\u95f4\uff0c\u521b\u5efa\u540e\u547d\u540d\u7a7a\u95f4\u5c06\u81ea\u52a8\u7ed1\u5b9a\u5230\u5de5\u4f5c\u7a7a\u95f4\u3002
"},{"location":"end-user/ghippo/workspace/workspace.html","title":"\u521b\u5efa/\u5220\u9664\u5de5\u4f5c\u7a7a\u95f4","text":"\u5de5\u4f5c\u7a7a\u95f4\u662f\u4e00\u79cd\u8d44\u6e90\u8303\u7574\uff0c\u4ee3\u8868\u4e00\u79cd\u8d44\u6e90\u5c42\u7ea7\u5173\u7cfb\u3002 \u5de5\u4f5c\u7a7a\u95f4\u53ef\u4ee5\u5305\u542b\u96c6\u7fa4\u3001\u547d\u540d\u7a7a\u95f4\u3001\u6ce8\u518c\u4e2d\u5fc3\u7b49\u8d44\u6e90\u3002 \u901a\u5e38\u4e00\u4e2a\u5de5\u4f5c\u7a7a\u95f4\u5bf9\u5e94\u4e00\u4e2a\u9879\u76ee\uff0c\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u5de5\u4f5c\u7a7a\u95f4\u5206\u914d\u4e0d\u540c\u7684\u8d44\u6e90\uff0c\u6307\u6d3e\u4e0d\u540c\u7684\u7528\u6237\u548c\u7528\u6237\u7ec4\u3002
\u53c2\u7167\u4ee5\u4e0b\u6b65\u9aa4\u521b\u5efa\u4e00\u4e2a\u5de5\u4f5c\u7a7a\u95f4\u3002
\u4f7f\u7528 admin/folder admin \u89d2\u8272\u7684\u7528\u6237\u767b\u5f55 AI \u7b97\u529b\u5e73\u53f0\uff0c\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u5e95\u90e8\u7684 \u5168\u5c40\u7ba1\u7406 -> \u5de5\u4f5c\u7a7a\u95f4\u4e0e\u5c42\u7ea7 \u3002
\u70b9\u51fb\u53f3\u4e0a\u89d2\u7684 \u521b\u5efa\u5de5\u4f5c\u7a7a\u95f4 \u6309\u94ae\u3002
\u586b\u5199\u5de5\u4f5c\u7a7a\u95f4\u540d\u79f0\u3001\u6240\u5c5e\u6587\u4ef6\u5939\u7b49\u4fe1\u606f\u540e\uff0c\u70b9\u51fb \u786e\u5b9a \uff0c\u5b8c\u6210\u521b\u5efa\u5de5\u4f5c\u7a7a\u95f4\u3002
Tip
\u521b\u5efa\u6210\u529f\u540e\u5de5\u4f5c\u7a7a\u95f4\u540d\u79f0\u5c06\u663e\u793a\u5728\u5de6\u4fa7\u7684\u6811\u72b6\u7ed3\u6784\u4e2d\uff0c\u4ee5\u4e0d\u540c\u7684\u56fe\u6807\u8868\u793a\u6587\u4ef6\u5939\u548c\u5de5\u4f5c\u7a7a\u95f4\u3002
Note
\u9009\u4e2d\u67d0\u4e00\u4e2a\u5de5\u4f5c\u7a7a\u95f4\u6216\u6587\u4ef6\u5939\uff0c\u70b9\u51fb\u53f3\u4fa7\u7684 ... \u53ef\u4ee5\u8fdb\u884c\u7f16\u8f91\u6216\u5220\u9664\u3002
\u5de5\u4f5c\u7a7a\u95f4\u4e0e\u5c42\u7ea7 \u662f\u4e00\u4e2a\u5177\u6709\u5c42\u7ea7\u7684\u8d44\u6e90\u9694\u79bb\u548c\u8d44\u6e90\u5206\u7ec4\u7279\u6027\uff0c\u4e3b\u8981\u89e3\u51b3\u8d44\u6e90\u7edf\u4e00\u6388\u6743\u3001\u8d44\u6e90\u5206\u7ec4\u4ee5\u53ca\u8d44\u6e90\u9650\u989d\u95ee\u9898\u3002
\u5de5\u4f5c\u7a7a\u95f4\u4e0e\u5c42\u7ea7 \u6709\u4e24\u4e2a\u6982\u5ff5\uff1a\u5de5\u4f5c\u7a7a\u95f4\u548c\u6587\u4ef6\u5939\u3002
"},{"location":"end-user/ghippo/workspace/ws-folder.html#_2","title":"\u5de5\u4f5c\u7a7a\u95f4","text":"\u5de5\u4f5c\u7a7a\u95f4\u53ef\u901a\u8fc7 \u6388\u6743 \u3001 \u8d44\u6e90\u7ec4 \u548c \u5171\u4eab\u8d44\u6e90 \u6765\u7ba1\u7406\u8d44\u6e90\uff0c\u4f7f\u7528\u6237\uff08\u7528\u6237\u7ec4\uff09\u4e4b\u95f4\u80fd\u591f\u5171\u4eab\u5de5\u4f5c\u7a7a\u95f4\u4e2d\u7684\u8d44\u6e90\u3002
\u8d44\u6e90
\u8d44\u6e90\u5904\u4e8e\u8d44\u6e90\u7ba1\u7406\u6a21\u5757\u5c42\u7ea7\u7ed3\u6784\u7684\u6700\u4f4e\u5c42\u7ea7\uff0c\u8d44\u6e90\u5305\u62ec Cluster\u3001Namespace\u3001Pipeline\u3001\u7f51\u5173\u7b49\u3002 \u6240\u6709\u8fd9\u4e9b\u8d44\u6e90\u7684\u7236\u7ea7\u53ea\u80fd\u662f\u5de5\u4f5c\u7a7a\u95f4\uff0c\u800c\u5de5\u4f5c\u7a7a\u95f4\u4f5c\u4e3a\u8d44\u6e90\u5bb9\u5668\u662f\u4e00\u79cd\u8d44\u6e90\u5206\u7ec4\u5355\u4f4d\u3002
\u5de5\u4f5c\u7a7a\u95f4
\u5de5\u4f5c\u7a7a\u95f4\u901a\u5e38\u4ee3\u6307\u4e00\u4e2a\u9879\u76ee\u6216\u73af\u5883\uff0c\u6bcf\u4e2a\u5de5\u4f5c\u7a7a\u95f4\u7684\u8d44\u6e90\u76f8\u5bf9\u4e8e\u5176\u4ed6\u5de5\u4f5c\u7a7a\u95f4\u4e2d\u7684\u8d44\u6e90\u65f6\u903b\u8f91\u9694\u79bb\u7684\u3002 \u60a8\u53ef\u4ee5\u901a\u8fc7\u5de5\u4f5c\u7a7a\u95f4\u4e2d\u7684\u6388\u6743\uff0c\u6388\u4e88\u7528\u6237\uff08\u7528\u6237\u7ec4\uff09\u540c\u4e00\u7ec4\u8d44\u6e90\u7684\u4e0d\u540c\u8bbf\u95ee\u6743\u9650\u3002
\u4ece\u5c42\u6b21\u7ed3\u6784\u7684\u5e95\u5c42\u7b97\u8d77\uff0c\u5de5\u4f5c\u7a7a\u95f4\u4f4d\u4e8e\u7b2c\u4e00\u5c42\uff0c\u4e14\u5305\u542b\u8d44\u6e90\u3002 \u9664\u5171\u4eab\u8d44\u6e90\u5916\uff0c\u6240\u6709\u8d44\u6e90\u6709\u4e14\u4ec5\u6709\u4e00\u4e2a\u7236\u9879\u3002\u6240\u6709\u5de5\u4f5c\u7a7a\u95f4\u4e5f\u6709\u4e14\u4ec5\u6709\u4e00\u4e2a\u7236\u7ea7\u6587\u4ef6\u5939\u3002
\u8d44\u6e90\u901a\u8fc7\u5de5\u4f5c\u7a7a\u95f4\u8fdb\u884c\u5206\u7ec4\uff0c\u800c\u5de5\u4f5c\u7a7a\u95f4\u4e2d\u5b58\u5728\u4e24\u79cd\u5206\u7ec4\u6a21\u5f0f\uff0c\u5206\u522b\u662f \u8d44\u6e90\u7ec4 \u548c \u5171\u4eab\u8d44\u6e90 \u3002
\u8d44\u6e90\u7ec4
\u4e00\u4e2a\u8d44\u6e90\u53ea\u80fd\u52a0\u5165\u4e00\u4e2a\u8d44\u6e90\u7ec4\uff0c\u8d44\u6e90\u7ec4\u4e0e\u5de5\u4f5c\u7a7a\u95f4\u4e00\u4e00\u5bf9\u5e94\u3002 \u8d44\u6e90\u88ab\u52a0\u5165\u5230\u8d44\u6e90\u7ec4\u540e\uff0cWorkspace Admin \u5c06\u83b7\u5f97\u8d44\u6e90\u7684\u7ba1\u7406\u6743\u9650\uff0c\u76f8\u5f53\u4e8e\u8be5\u8d44\u6e90\u7684\u6240\u6709\u8005\u3002
\u5171\u4eab\u8d44\u6e90
\u800c\u5bf9\u4e8e\u5171\u4eab\u8d44\u6e90\u6765\u8bf4\uff0c\u591a\u4e2a\u5de5\u4f5c\u7a7a\u95f4\u53ef\u4ee5\u5171\u4eab\u540c\u4e00\u4e2a\u6216\u8005\u591a\u4e2a\u8d44\u6e90\u3002 \u8d44\u6e90\u7684\u6240\u6709\u8005\uff0c\u53ef\u4ee5\u9009\u62e9\u5c06\u81ea\u5df1\u62e5\u6709\u7684\u8d44\u6e90\u5171\u4eab\u7ed9\u5de5\u4f5c\u7a7a\u95f4\u4f7f\u7528\uff0c\u4e00\u822c\u5171\u4eab\u65f6\u8d44\u6e90\u6240\u6709\u8005\u4f1a\u9650\u5236\u88ab\u5171\u4eab\u5de5\u4f5c\u7a7a\u95f4\u80fd\u591f\u4f7f\u7528\u7684\u8d44\u6e90\u989d\u5ea6\u3002 \u8d44\u6e90\u88ab\u5171\u4eab\u540e\uff0cWorkspace Admin \u4ec5\u5177\u6709\u8d44\u6e90\u9650\u989d\u4e0b\u7684\u8d44\u6e90\u4f7f\u7528\u6743\u9650\uff0c\u65e0\u6cd5\u7ba1\u7406\u8d44\u6e90\u6216\u8005\u8c03\u6574\u5de5\u4f5c\u7a7a\u95f4\u80fd\u591f\u4f7f\u7528\u7684\u8d44\u6e90\u91cf\u3002
\u540c\u65f6\u5171\u4eab\u8d44\u6e90\u5bf9\u4e8e\u8d44\u6e90\u672c\u8eab\u4e5f\u5177\u6709\u4e00\u5b9a\u7684\u8981\u6c42\uff0c\u53ea\u6709 Cluster\uff08\u96c6\u7fa4\uff09\u8d44\u6e90\u53ef\u4ee5\u88ab\u5171\u4eab\u3002 Cluster Admin \u80fd\u591f\u5c06 Cluster \u8d44\u6e90\u5206\u4eab\u7ed9\u4e0d\u540c\u7684\u5de5\u4f5c\u7a7a\u95f4\u4f7f\u7528\uff0c\u5e76\u4e14\u9650\u5236\u5de5\u4f5c\u7a7a\u95f4\u5728\u6b64 Cluster \u4e0a\u7684\u4f7f\u7528\u989d\u5ea6\u3002
Workspace Admin \u5728\u8d44\u6e90\u9650\u989d\u5185\u80fd\u591f\u521b\u5efa\u591a\u4e2a Namespace\uff0c\u4f46\u662f Namespace \u7684\u8d44\u6e90\u989d\u5ea6\u603b\u548c\u4e0d\u80fd\u8d85\u8fc7 Cluster \u5728\u8be5\u5de5\u4f5c\u7a7a\u95f4\u7684\u8d44\u6e90\u9650\u989d\u3002 \u5bf9\u4e8e Kubernetes \u8d44\u6e90\uff0c\u5f53\u524d\u80fd\u591f\u5206\u4eab\u7684\u8d44\u6e90\u7c7b\u578b\u4ec5\u6709 Cluster\u3002
\u6587\u4ef6\u5939\u53ef\u7528\u4e8e\u6784\u5efa\u4f01\u4e1a\u4e1a\u52a1\u5c42\u7ea7\u5173\u7cfb\u3002
\u6587\u4ef6\u5939\u662f\u5728\u5de5\u4f5c\u7a7a\u95f4\u57fa\u7840\u4e4b\u4e0a\u7684\u8fdb\u4e00\u6b65\u5206\u7ec4\u673a\u5236\uff0c\u5177\u6709\u5c42\u7ea7\u7ed3\u6784\u3002 \u4e00\u4e2a\u6587\u4ef6\u5939\u53ef\u4ee5\u5305\u542b\u5de5\u4f5c\u7a7a\u95f4\u3001\u5176\u4ed6\u6587\u4ef6\u5939\u6216\u4e24\u8005\u7684\u7ec4\u5408\uff0c\u80fd\u591f\u5f62\u6210\u6811\u72b6\u7684\u7ec4\u7ec7\u5173\u7cfb\u3002
\u501f\u52a9\u6587\u4ef6\u5939\u60a8\u53ef\u4ee5\u6620\u5c04\u4f01\u4e1a\u4e1a\u52a1\u5c42\u7ea7\u5173\u7cfb\uff0c\u6309\u7167\u90e8\u95e8\u5bf9\u5de5\u4f5c\u7a7a\u95f4\u8fdb\u884c\u5206\u7ec4\u3002 \u6587\u4ef6\u5939\u4e0d\u76f4\u63a5\u4e0e\u8d44\u6e90\u6302\u94a9\uff0c\u800c\u662f\u901a\u8fc7\u5de5\u4f5c\u7a7a\u95f4\u95f4\u63a5\u5b9e\u73b0\u8d44\u6e90\u5206\u7ec4\u3002
\u6587\u4ef6\u5939\u6709\u4e14\u4ec5\u6709\u4e00\u4e2a\u7236\u7ea7\u6587\u4ef6\u5939\uff0c\u800c\u6839\u6587\u4ef6\u5939\u662f\u5c42\u6b21\u7ed3\u6784\u7684\u6700\u9ad8\u5c42\u7ea7\u3002 \u6839\u6587\u4ef6\u5939\u6ca1\u6709\u7236\u7ea7\uff0c\u6587\u4ef6\u5939\u548c\u5de5\u4f5c\u7a7a\u95f4\u5747\u6302\u9760\u5230\u6839\u6587\u4ef6\u5939\u4e0b\u3002
\u53e6\u5916\uff0c\u7528\u6237\uff08\u7528\u6237\u7ec4\uff09\u5728\u6587\u4ef6\u5939\u4e2d\u80fd\u591f\u901a\u8fc7\u5c42\u7ea7\u7ed3\u6784\u7ee7\u627f\u6765\u81ea\u7236\u9879\u7684\u6743\u9650\u3002 \u7528\u6237\u5728\u5c42\u6b21\u7ed3\u6784\u4e2d\u7684\u6743\u9650\u6765\u81ea\u5f53\u524d\u5c42\u7ea7\u7684\u6743\u9650\u4ee5\u53ca\u7ee7\u627f\u5176\u7236\u9879\u6743\u9650\u7684\u7ec4\u5408\u7ed3\u679c\uff0c\u6743\u9650\u4e4b\u95f4\u662f\u52a0\u5408\u5173\u7cfb\u4e0d\u5b58\u5728\u4e92\u65a5\u3002
"},{"location":"end-user/ghippo/workspace/ws-permission.html","title":"\u5de5\u4f5c\u7a7a\u95f4\u6743\u9650\u8bf4\u660e","text":"\u5de5\u4f5c\u7a7a\u95f4\u5177\u6709\u6743\u9650\u6620\u5c04\u548c\u8d44\u6e90\u9694\u79bb\u80fd\u529b\uff0c\u80fd\u591f\u5c06\u7528\u6237/\u7528\u6237\u7ec4\u5728\u5de5\u4f5c\u7a7a\u95f4\u7684\u6743\u9650\u6620\u5c04\u5230\u5176\u4e0b\u7684\u8d44\u6e90\u4e0a\u3002 \u82e5\u7528\u6237/\u7528\u6237\u7ec4\u5728\u5de5\u4f5c\u7a7a\u95f4\u662f Workspace Admin \u89d2\u8272\uff0c\u540c\u65f6\u5de5\u4f5c\u7a7a\u95f4-\u8d44\u6e90\u7ec4\u4e2d\u7ed1\u5b9a\u4e86\u8d44\u6e90 Namespace\uff0c\u5219\u6620\u5c04\u540e\u8be5\u7528\u6237/\u7528\u6237\u7ec4\u5c06\u6210\u4e3a Namespace Admin\u3002
Note
\u5de5\u4f5c\u7a7a\u95f4\u7684\u6743\u9650\u6620\u5c04\u80fd\u529b\u4e0d\u4f1a\u4f5c\u7528\u5230\u5171\u4eab\u8d44\u6e90\u4e0a\uff0c\u56e0\u4e3a\u5171\u4eab\u662f\u5c06\u96c6\u7fa4\u7684\u4f7f\u7528\u6743\u9650\u5171\u4eab\u7ed9\u591a\u4e2a\u5de5\u4f5c\u7a7a\u95f4\uff0c\u800c\u4e0d\u662f\u5c06\u7ba1\u7406\u6743\u9650\u53d7\u8ba9\u7ed9\u5de5\u4f5c\u7a7a\u95f4\uff0c\u56e0\u6b64\u4e0d\u4f1a\u5b9e\u73b0\u6743\u9650\u7ee7\u627f\u548c\u89d2\u8272\u6620\u5c04\u3002
"},{"location":"end-user/ghippo/workspace/ws-permission.html#_2","title":"\u5e94\u7528\u573a\u666f","text":"\u901a\u8fc7\u5c06\u8d44\u6e90\u7ed1\u5b9a\u5230\u4e0d\u540c\u7684\u5de5\u4f5c\u7a7a\u95f4\u80fd\u591f\u5b9e\u73b0\u8d44\u6e90\u9694\u79bb\u3002 \u56e0\u6b64\u501f\u52a9\u6743\u9650\u6620\u5c04\u3001\u8d44\u6e90\u9694\u79bb\u548c\u5171\u4eab\u8d44\u6e90\u80fd\u529b\u80fd\u591f\u5c06\u8d44\u6e90\u7075\u6d3b\u5206\u914d\u7ed9\u5404\u4e2a\u5de5\u4f5c\u7a7a\u95f4\uff08\u79df\u6237\uff09\u3002
\u901a\u5e38\u9002\u7528\u4e8e\u4ee5\u4e0b\u4e24\u4e2a\u573a\u666f\uff1a
\u96c6\u7fa4\u4e00\u5bf9\u4e00
\u666e\u901a\u96c6\u7fa4 \u90e8\u95e8/\u79df\u6237\uff08\u5de5\u4f5c\u7a7a\u95f4\uff09 \u7528\u9014 \u96c6\u7fa4 01 A \u7ba1\u7406\u548c\u4f7f\u7528 \u96c6\u7fa4 02 B \u7ba1\u7406\u548c\u4f7f\u7528\u96c6\u7fa4\u4e00\u5bf9\u591a
\u96c6\u7fa4 \u90e8\u95e8/\u79df\u6237\uff08\u5de5\u4f5c\u7a7a\u95f4\uff09 \u8d44\u6e90\u9650\u989d \u96c6\u7fa4 01 A 100 \u6838 CPU B 50 \u6838 CPU\u6388\u6743\u7528\u6237\u53ef\u524d\u5f80\u5e94\u7528\u5de5\u4f5c\u53f0\u3001\u5fae\u670d\u52a1\u5f15\u64ce\u3001\u4e2d\u95f4\u4ef6\u3001\u591a\u4e91\u7f16\u6392\u3001\u670d\u52a1\u7f51\u683c\u7b49\u6a21\u5757\u4f7f\u7528\u5de5\u4f5c\u7a7a\u95f4\u4e2d\u7684\u8d44\u6e90\u3002 \u6709\u5173 Workspace Admin\u3001Workspace Editor\u3001Workspace Viewer \u89d2\u8272\u5728\u5404\u4ea7\u54c1\u6a21\u5757\u7684\u64cd\u4f5c\u8303\u56f4\uff0c\u8bf7\u67e5\u9605\u5404\u6a21\u5757\u7684\u6743\u9650\u8bf4\u660e\uff1a
\u21a9
\u5047\u5982\u7528\u6237\u5c0f\u660e\uff08\u201c\u5c0f\u660e\u201d\u4ee3\u8868\u4efb\u4f55\u6709\u8d44\u6e90\u7ed1\u5b9a\u9700\u6c42\u7684\u7528\u6237\uff09\u5df2\u7ecf\u5177\u5907\u4e86 Workspace Admin \u89d2\u8272\u6216\u5df2\u901a\u8fc7\u81ea\u5b9a\u4e49\u89d2\u8272\u6388\u6743\uff0c \u540c\u65f6\u81ea\u5b9a\u4e49\u89d2\u8272\u4e2d\u5305\u542b\u5de5\u4f5c\u7a7a\u95f4\u7684\u201c\u8d44\u6e90\u7ed1\u5b9a\u201d\u6743\u9650\uff0c\u5e0c\u671b\u5c06\u67d0\u4e2a\u96c6\u7fa4\u6216\u8005\u67d0\u4e2a\u547d\u540d\u7a7a\u95f4\u7ed1\u5b9a\u5230\u5176\u6240\u5728\u7684\u5de5\u4f5c\u7a7a\u95f4\u4e2d\u3002
\u8981\u5c06\u96c6\u7fa4/\u547d\u540d\u7a7a\u95f4\u8d44\u6e90\u7ed1\u5b9a\u5230\u5de5\u4f5c\u7a7a\u95f4\uff0c\u4e0d\u4ec5\u9700\u8981\u8be5\u5de5\u4f5c\u7a7a\u95f4\u7684\u201c\u8d44\u6e90\u7ed1\u5b9a\u201d\u6743\u9650\uff0c\u8fd8\u9700\u8981 Cluster Admin \u7684\u8d44\u6e90\u6743\u9650\u3002
"},{"location":"end-user/ghippo/workspace/wsbind-permission.html#_2","title":"\u7ed9\u5c0f\u660e\u6388\u6743","text":"\u4f7f\u7528\u5e73\u53f0 Admin \u89d2\u8272\uff0c \u5728 \u5de5\u4f5c\u7a7a\u95f4 -> \u6388\u6743 \u9875\u9762\u7ed9\u5c0f\u660e\u6388\u4e88 Workspace Admin \u89d2\u8272\u3002
\u7136\u540e\u5728 \u5bb9\u5668\u7ba1\u7406 -> \u6743\u9650\u7ba1\u7406 \u9875\u9762\uff0c\u901a\u8fc7 \u6dfb\u52a0\u6388\u6743 \u5c06\u5c0f\u660e\u6388\u6743\u4e3a Cluster Admin\u3002
\u4f7f\u7528\u5c0f\u660e\u7684\u8d26\u53f7\u767b\u5f55 AI \u7b97\u529b\u5e73\u53f0\uff0c\u5728 \u5bb9\u5668\u7ba1\u7406 -> \u96c6\u7fa4\u5217\u8868 \u9875\u9762\uff0c\u901a\u8fc7 \u7ed1\u5b9a\u5de5\u4f5c\u7a7a\u95f4 \u529f\u80fd\uff0c \u5c0f\u660e\u53ef\u4ee5\u5c06\u6307\u5b9a\u96c6\u7fa4\u7ed1\u5b9a\u5230\u81ea\u5df1\u7684\u5de5\u4f5c\u7a7a\u95f4\u4e2d\u3002
Note
\u5c0f\u660e\u80fd\u4e14\u53ea\u80fd\u5728\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u5c06\u96c6\u7fa4\u6216\u8005\u8be5\u96c6\u7fa4\u4e0b\u7684\u547d\u540d\u7a7a\u95f4\u7ed1\u5b9a\u5230\u67d0\u4e2a\u5de5\u4f5c\u7a7a\u95f4\uff0c\u65e0\u6cd5\u5728\u5168\u5c40\u7ba1\u7406\u6a21\u5757\u5b8c\u6210\u6b64\u64cd\u4f5c\u3002
\u7ed1\u5b9a\u547d\u540d\u7a7a\u95f4\u5230\u5de5\u4f5c\u7a7a\u95f4\u4e5f\u81f3\u5c11\u9700\u8981 Workspace Admin + Cluster Admin \u6743\u9650\u3002
"},{"location":"end-user/host/createhost.html","title":"\u521b\u5efa\u548c\u542f\u52a8\u4e91\u4e3b\u673a","text":"\u7528\u6237\u5b8c\u6210\u6ce8\u518c\uff0c\u4e3a\u5176\u5206\u914d\u4e86\u5de5\u4f5c\u7a7a\u95f4\u3001\u547d\u540d\u7a7a\u95f4\u548c\u8d44\u6e90\u540e\uff0c\u5373\u53ef\u4ee5\u521b\u5efa\u5e76\u542f\u52a8\u4e91\u4e3b\u673a\u3002
"},{"location":"end-user/host/createhost.html#_2","title":"\u524d\u7f6e\u6761\u4ef6","text":"\u70b9\u51fb \u521b\u5efa\u4e91\u4e3b\u673a -> \u901a\u8fc7\u6a21\u677f\u521b\u5efa
\u5b9a\u4e49\u7684\u4e91\u4e3b\u673a\u5404\u9879\u914d\u7f6e\u540e\u70b9\u51fb \u4e0b\u4e00\u6b65
\u57fa\u672c\u914d\u7f6e\u6a21\u677f\u914d\u7f6e\u5b58\u50a8\u4e0e\u7f51\u7edc\u914d\u7f6e root \u5bc6\u7801\u6216 ssh \u5bc6\u94a5\u540e\u70b9\u51fb \u786e\u5b9a
\u8fd4\u56de\u4e3b\u673a\u5217\u8868\uff0c\u7b49\u5f85\u72b6\u6001\u53d8\u4e3a \u8fd0\u884c\u4e2d \u4e4b\u540e\uff0c\u53ef\u4ee5\u901a\u8fc7\u53f3\u4fa7\u7684 \u2507 \u542f\u52a8\u4e3b\u673a\u3002
\u4e0b\u4e00\u6b65\uff1a\u4f7f\u7528\u4e91\u4e3b\u673a
"},{"location":"end-user/host/usehost.html","title":"\u4f7f\u7528\u4e91\u4e3b\u673a","text":"\u521b\u5efa\u5e76\u542f\u52a8\u4e91\u4e3b\u673a\u4e4b\u540e\uff0c\u7528\u6237\u5c31\u53ef\u4ee5\u5f00\u59cb\u4f7f\u7528\u4e91\u4e3b\u673a\u3002
"},{"location":"end-user/host/usehost.html#_2","title":"\u524d\u7f6e\u6761\u4ef6","text":"\u5bfc\u822a\u5230 \u5bb9\u5668\u7ba1\u7406 -> \u5bb9\u5668\u7f51\u7edc -> \u670d\u52a1 \uff0c\u70b9\u51fb\u670d\u52a1\u7684\u540d\u79f0\uff0c\u8fdb\u5165\u670d\u52a1\u8be6\u60c5\u9875\uff0c\u5728\u53f3\u4e0a\u89d2\u70b9\u51fb \u66f4\u65b0
\u66f4\u6539\u7aef\u53e3\u8303\u56f4\u4e3a 30900-30999\uff0c\u4f46\u4e0d\u80fd\u51b2\u7a81\u3002
\u4ee5\u7ec8\u7aef\u7528\u6237\u767b\u5f55 AI \u7b97\u529b\u5e73\u53f0\uff0c\u5bfc\u822a\u5230\u5bf9\u5e94\u7684\u670d\u52a1\uff0c\u67e5\u770b\u8bbf\u95ee\u7aef\u53e3\u3002
\u5728\u5916\u7f51\u4f7f\u7528 SSH \u5ba2\u6237\u7aef\u767b\u5f55\u4e91\u4e3b\u673a
\u81f3\u6b64\uff0c\u4f60\u53ef\u4ee5\u5728\u4e91\u4e3b\u673a\u4e0a\u6267\u884c\u5404\u9879\u64cd\u4f5c\u3002
\u4e0b\u4e00\u6b65\uff1a\u4f7f\u7528 Notebook
"},{"location":"end-user/insight/alert-center/index.html","title":"\u544a\u8b66\u4e2d\u5fc3","text":"\u544a\u8b66\u4e2d\u5fc3\u662f AI \u7b97\u529b\u5e73\u53f0 \u63d0\u4f9b\u7684\u4e00\u4e2a\u91cd\u8981\u529f\u80fd\uff0c\u5b83\u8ba9\u7528\u6237\u53ef\u4ee5\u901a\u8fc7\u56fe\u5f62\u754c\u9762\u65b9\u4fbf\u5730\u6309\u7167\u96c6\u7fa4\u548c\u547d\u540d\u7a7a\u95f4\u67e5\u770b\u6240\u6709\u6d3b\u52a8\u548c\u5386\u53f2\u544a\u8b66\uff0c \u5e76\u6839\u636e\u544a\u8b66\u7ea7\u522b\uff08\u7d27\u6025\u3001\u8b66\u544a\u3001\u63d0\u793a\uff09\u6765\u641c\u7d22\u544a\u8b66\u3002
\u6240\u6709\u544a\u8b66\u90fd\u662f\u57fa\u4e8e\u9884\u8bbe\u7684\u544a\u8b66\u89c4\u5219\u8bbe\u5b9a\u7684\u9608\u503c\u6761\u4ef6\u89e6\u53d1\u7684\u3002\u5728 AI \u7b97\u529b\u5e73\u53f0\u4e2d\uff0c\u5185\u7f6e\u4e86\u4e00\u4e9b\u5168\u5c40\u544a\u8b66\u7b56\u7565\uff0c\u540c\u65f6\u60a8\u4e5f\u53ef\u4ee5\u968f\u65f6\u521b\u5efa\u3001\u5220\u9664\u544a\u8b66\u7b56\u7565\uff0c\u5bf9\u4ee5\u4e0b\u6307\u6807\u8fdb\u884c\u8bbe\u7f6e\uff1a
\u8fd8\u53ef\u4ee5\u4e3a\u544a\u8b66\u89c4\u5219\u6dfb\u52a0\u6807\u7b7e\u548c\u6ce8\u89e3\u3002\u544a\u8b66\u89c4\u5219\u5206\u4e3a\u6d3b\u8dc3\u548c\u8fc7\u671f\u89c4\u5219\uff0c\u652f\u6301\u542f\u7528/\u7981\u7528\u67d0\u4e9b\u89c4\u5219\u6765\u5b9e\u73b0\u544a\u8b66\u9759\u9ed8\u3002
\u5f53\u8fbe\u5230\u9608\u503c\u6761\u4ef6\u540e\uff0c\u53ef\u4ee5\u914d\u7f6e\u544a\u8b66\u901a\u77e5\u65b9\u5f0f\uff0c\u5305\u62ec\u90ae\u4ef6\u3001\u9489\u9489\u3001\u4f01\u4e1a\u5fae\u4fe1\u3001Webhook \u548c\u77ed\u4fe1\u901a\u77e5\u3002 \u6240\u6709\u901a\u77e5\u7684\u6d88\u606f\u6a21\u677f\u90fd\u53ef\u4ee5\u81ea\u5b9a\u4e49\uff0c\u540c\u65f6\u8fd8\u652f\u6301\u6309\u8bbe\u5b9a\u7684\u95f4\u9694\u65f6\u95f4\u53d1\u9001\u901a\u77e5\u3002
\u6b64\u5916\uff0c\u544a\u8b66\u4e2d\u5fc3\u8fd8\u652f\u6301\u901a\u8fc7\u963f\u91cc\u4e91\u3001\u817e\u8baf\u4e91\u7b49\u63d0\u4f9b\u7684\u77ed\u4fe1\u670d\u52a1\u5c06\u544a\u8b66\u6d88\u606f\u53d1\u9001\u7ed9\u6307\u5b9a\u7528\u6237\uff0c\u5b9e\u73b0\u591a\u79cd\u65b9\u5f0f\u7684\u544a\u8b66\u901a\u77e5\u3002
AI \u7b97\u529b\u5e73\u53f0 \u544a\u8b66\u4e2d\u5fc3\u662f\u4e00\u4e2a\u529f\u80fd\u5f3a\u5927\u7684\u544a\u8b66\u7ba1\u7406\u5e73\u53f0\uff0c\u53ef\u5e2e\u52a9\u7528\u6237\u53ca\u65f6\u53d1\u73b0\u548c\u89e3\u51b3\u96c6\u7fa4\u4e2d\u51fa\u73b0\u7684\u95ee\u9898\uff0c \u63d0\u9ad8\u4e1a\u52a1\u7a33\u5b9a\u6027\u548c\u53ef\u7528\u6027\uff0c\u4fbf\u4e8e\u96c6\u7fa4\u5de1\u68c0\u548c\u6545\u969c\u6392\u67e5\u3002
"},{"location":"end-user/insight/alert-center/alert-policy.html","title":"\u544a\u8b66\u7b56\u7565","text":"\u544a\u8b66\u7b56\u7565\u662f\u5728\u53ef\u89c2\u6d4b\u6027\u7cfb\u7edf\u4e2d\u5b9a\u4e49\u7684\u4e00\u7ec4\u89c4\u5219\u548c\u6761\u4ef6\uff0c\u7528\u4e8e\u68c0\u6d4b\u548c\u89e6\u53d1\u8b66\u62a5\uff0c\u4ee5\u4fbf\u5728\u7cfb\u7edf\u51fa\u73b0\u5f02\u5e38\u6216\u8fbe\u5230\u9884\u5b9a\u7684\u9608\u503c\u65f6\u53ca\u65f6\u901a\u77e5\u76f8\u5173\u4eba\u5458\u6216\u7cfb\u7edf\u3002
\u6bcf\u6761\u544a\u8b66\u7b56\u7565\u662f\u4e00\u7ec4\u544a\u8b66\u89c4\u5219\u7684\u96c6\u5408\uff0c\u652f\u6301\u5bf9\u96c6\u7fa4\u3001\u8282\u70b9\u3001\u5de5\u4f5c\u8d1f\u8f7d\u7b49\u8d44\u6e90\u3001\u65e5\u5fd7\u3001\u4e8b\u4ef6\u8bbe\u7f6e\u544a\u8b66\u89c4\u5219\u3002\u5f53\u544a\u8b66\u5bf9\u8c61\u8fbe\u5230\u7b56\u7565\u4e0b\u4efb\u4e00\u89c4\u5219\u8bbe\u5b9a\u7684\u9608\u503c\uff0c\u5219\u4f1a\u81ea\u52a8\u89e6\u53d1\u544a\u8b66\u5e76\u53d1\u9001\u901a\u77e5\u3002
"},{"location":"end-user/insight/alert-center/alert-policy.html#_2","title":"\u67e5\u770b\u544a\u8b66\u7b56\u7565","text":"\u5de6\u4fa7\u5bfc\u822a\u680f\u4e2d\uff0c\u9009\u62e9 \u544a\u8b66\u4e2d\u5fc3 -> \u544a\u8b66\u7b56\u7565\u3002
\u70b9\u51fb\u544a\u8b66\u7b56\u7565\u540d\u79f0\u53ef\u67e5\u770b\u7b56\u7565\u7684\u57fa\u672c\u4fe1\u606f\u3001\u89c4\u5219\u4ee5\u53ca\u901a\u77e5\u914d\u7f6e\u3002
\u586b\u5199\u57fa\u672c\u4fe1\u606f\uff0c\u9009\u62e9\u4e00\u4e2a\u6216\u591a\u4e2a\u96c6\u7fa4\u3001\u8282\u70b9\u6216\u5de5\u4f5c\u8d1f\u8f7d\u4e3a\u544a\u8b66\u5bf9\u8c61\u540e\u70b9\u51fb \u4e0b\u4e00\u6b65\u3002
Note
\u5168\u90e8\u96c6\u7fa4\u3001\u8282\u70b9\u6216\u5de5\u4f5c\u8d1f\u8f7d
\uff1a\u521b\u5efa\u7684\u544a\u8b66\u89c4\u5219\u5bf9\u6240\u6709\u5df2\u5b89\u88c5 insight-agent \u7684\u96c6\u7fa4\u751f\u6548\u3002\u5728\u521b\u5efa\u544a\u8b66\u7b56\u7565\u7684\u7b2c\u4e8c\u90e8\u4e2d\uff0c\u70b9\u51fb\u5217\u8868\u53f3\u4e0a\u89d2\u7684\u6dfb\u52a0\u89c4\u5219
\u3002
\u5728\u5f39\u7a97\u4e2d\u521b\u5efa\u544a\u8b66\u89c4\u5219\uff0c\u586b\u5199\u5404\u9879\u53c2\u6570\u540e\u70b9\u51fb \u786e\u5b9a\u3002
Info
\u7cfb\u7edf\u5b9a\u4e49\u4e86\u5185\u7f6e\u6807\u7b7e\uff0c\u82e5\u81ea\u5b9a\u4e49\u6807\u7b7e\u4e0e\u5185\u7f6e\u6807\u7b7e\u7684\u952e
\u503c\u76f8\u540c\uff0c\u5219\u81ea\u5b9a\u4e49\u6807\u7b7e\u4e0d\u751f\u6548\u3002 \u5185\u7f6e\u6807\u7b7e\u6709\uff1aseverity
\u3001rule_id
\uff0csource
\u3001cluster_name
\u3001group_id
\u3001 target_type
\u548c target
\u3002
\u5b8c\u6210\u57fa\u672c\u4fe1\u606f\u7684\u586b\u5199\u540e\uff0c\u70b9\u51fb \u6dfb\u52a0\u89c4\u5219\uff0c\u89c4\u5219\u7c7b\u578b\u9009\u62e9 \u65e5\u5fd7\u89c4\u5219\u3002
Note
\u4ec5\u5f53\u8d44\u6e90\u5bf9\u8c61\u9009\u62e9\u8282\u70b9\u6216\u5de5\u4f5c\u8d1f\u8f7d\u65f6\uff0c\u652f\u6301\u521b\u5efa\u65e5\u5fd7\u89c4\u5219\u3002
\u5b57\u6bb5\u8bf4\u660e\uff1a
\u5b8c\u6210\u57fa\u672c\u4fe1\u606f\u7684\u586b\u5199\u540e\uff0c\u70b9\u51fb \u6dfb\u52a0\u89c4\u5219\uff0c\u89c4\u5219\u7c7b\u578b\u9009\u62e9 \u4e8b\u4ef6\u89c4\u5219\u3002
Note
\u4ec5\u5f53\u8d44\u6e90\u5bf9\u8c61\u9009\u62e9\u5de5\u4f5c\u8d1f\u8f7d\u65f6\uff0c\u652f\u6301\u521b\u5efa\u4e8b\u4ef6\u89c4\u5219\u3002
\u5b57\u6bb5\u8bf4\u660e\uff1a
\u53ef\u70b9\u51fb \u6a21\u677f\u5bfc\u5165\uff0c\u9009\u62e9\u5e73\u53f0\u7ba1\u7406\u5458\u5df2\u521b\u5efa\u597d\u7684\u544a\u8b66\u6a21\u677f\u6279\u91cf\u5bfc\u5165\u544a\u8b66\u89c4\u5219\u3002
\u70b9\u51fb \u4e0b\u4e00\u6b65 \u540e\u914d\u7f6e\u901a\u77e5\u3002
\u914d\u7f6e\u5b8c\u6210\u540e\uff0c\u70b9\u51fb \u786e\u5b9a \u6309\u94ae\uff0c\u8fd4\u56de\u544a\u8b66\u7b56\u7565\u5217\u8868\u3002
Tip
\u65b0\u5efa\u7684\u544a\u8b66\u7b56\u7565\u4e3a \u672a\u89e6\u53d1 \u72b6\u6001\u3002\u4e00\u65e6\u6ee1\u8db3\u89c4\u5219\u4e2d\u7684\u9608\u503c\u6761\u4ef6\u548c\u6301\u7eed\u65f6\u95f4\u540e\uff0c\u5c06\u53d8\u4e3a \u89e6\u53d1\u4e2d \u72b6\u6001\u3002
Warning
\u5220\u9664\u540e\u7684\u544a\u8b66\u7b56\u7565\u5c06\u5b8c\u5168\u6d88\u5931\uff0c\u8bf7\u8c28\u614e\u64cd\u4f5c\u3002
"},{"location":"end-user/insight/alert-center/alert-policy.html#yaml","title":"\u901a\u8fc7 YAML \u5bfc\u5165\u544a\u8b66\u7b56\u7565","text":"\u8fdb\u5165\u544a\u8b66\u7b56\u7565\u5217\u8868\uff0c\u70b9\u51fb YAML \u521b\u5efa\u3002
\u96c6\u7fa4\u3001\u547d\u540d\u7a7a\u95f4\u7684\u9009\u62e9\u662f\u4e3a\u4e86\u544a\u8b66\u7b56\u7565\u7684\u7ba1\u7406\u6743\u9650\u3002
\u5fc5\u586b\u8868\u8fbe\u5f0f expr\u3002
\u5bfc\u5165 YAML \u6587\u4ef6\u540e\uff0c\u70b9\u51fb \u9884\u89c8\uff0c\u53ef\u4ee5\u5bf9\u5bfc\u5165\u7684 YAML \u683c\u5f0f\u8fdb\u884c\u9a8c\u8bc1\uff0c\u5e76\u5feb\u901f\u786e\u8ba4\u5bfc\u5165\u7684\u544a\u8b66\u89c4\u5219\u3002
\u544a\u8b66\u6a21\u677f\u53ef\u652f\u6301\u5e73\u53f0\u7ba1\u7406\u5458\u521b\u5efa\u544a\u8b66\u6a21\u677f\u53ca\u89c4\u5219\uff0c\u4e1a\u52a1\u4fa7\u53ef\u4ee5\u76f4\u63a5\u4f7f\u7528\u544a\u8b66\u6a21\u677f\u521b\u5efa\u544a\u8b66\u7b56\u7565\u3002 \u8fd9\u4e2a\u529f\u80fd\u53ef\u4ee5\u51cf\u5c11\u4e1a\u52a1\u4eba\u5458\u5bf9\u544a\u8b66\u89c4\u5219\u7684\u7ba1\u7406\uff0c\u4e14\u53ef\u4ee5\u6839\u636e\u73af\u5883\u5b9e\u9645\u60c5\u51b5\u81ea\u884c\u4fee\u6539\u544a\u8b66\u9608\u503c\u3002
"},{"location":"end-user/insight/alert-center/alert-template.html#_2","title":"\u521b\u5efa\u544a\u8b66\u6a21\u677f","text":"\u5de6\u4fa7\u5bfc\u822a\u680f\u4e2d\uff0c\u9009\u62e9\u00a0\u544a\u8b66\u4e2d\u5fc3\u00a0->\u00a0\u544a\u8b66\u7b56\u7565\uff0c\u5355\u51fb\u9876\u90e8\u7684 \u544a\u8b66\u6a21\u677f \u3002
\u70b9\u51fb \u521b\u5efa\u544a\u8b66\u6a21\u677f \uff0c\u8bbe\u7f6e\u544a\u8b66\u6a21\u677f\u7684\u540d\u79f0\u3001\u63cf\u8ff0\u7b49\u4fe1\u606f\u3002
\u53c2\u6570 \u8bf4\u660e \u6a21\u677f\u540d\u79f0 \u540d\u79f0\u53ea\u80fd\u5305\u542b\u5c0f\u5199\u5b57\u6bcd\u3001\u6570\u5b57\u548c\u8fde\u5b57\u7b26\uff08-\uff09\uff0c\u5fc5\u987b\u4ee5\u5c0f\u5199\u5b57\u6bcd\u6216\u6570\u5b57\u5f00\u5934\u548c\u7ed3\u5c3e\uff0c\u6700\u957f 63 \u4e2a\u5b57\u7b26\u3002 \u63cf\u8ff0 \u63cf\u8ff0\u53ef\u5305\u542b\u4efb\u610f\u5b57\u7b26\uff0c\u6700\u957f 256 \u4e2a\u5b57\u7b26\u3002 \u8d44\u6e90\u7c7b\u578b \u7528\u4e8e\u6307\u5b9a\u544a\u8b66\u6a21\u677f\u7684\u5339\u914d\u7c7b\u578b\u3002 \u544a\u8b66\u89c4\u5219 \u652f\u6301\u9884\u5b9a\u4e49\u591a\u4e2a\u544a\u8b66\u89c4\u5219\uff0c\u53ef\u6dfb\u52a0\u6a21\u677f\u89c4\u5219\u3001PromQL \u89c4\u5219\u3002\u70b9\u51fb \u786e\u5b9a \u5b8c\u6210\u521b\u5efa\u540e\u8fd4\u56de\u544a\u8b66\u6a21\u677f\u5217\u8868\uff0c\u70b9\u51fb\u6a21\u677f\u540d\u79f0\u540e\u53ef\u67e5\u770b\u6a21\u677f\u8be6\u60c5\u3002
\u70b9\u51fb\u76ee\u6807\u89c4\u5219\u540e\u7684 \u2507 \uff0c\u70b9\u51fb \u7f16\u8f91\uff0c\u8fdb\u5165\u6291\u5236\u89c4\u5219\u7684\u7f16\u8f91\u9875\u3002
"},{"location":"end-user/insight/alert-center/alert-template.html#_4","title":"\u5220\u9664\u544a\u8b66\u6a21\u677f","text":"\u70b9\u51fb\u76ee\u6807\u6a21\u677f\u540e\u4fa7\u7684 \u2507 \uff0c\u70b9\u51fb \u5220\u9664\uff0c\u5728\u8f93\u5165\u6846\u4e2d\u8f93\u5165\u544a\u8b66\u6a21\u677f\u7684\u540d\u79f0\u5373\u53ef\u5220\u9664\u3002
"},{"location":"end-user/insight/alert-center/inhibition.html","title":"\u544a\u8b66\u6291\u5236","text":"\u544a\u8b66\u6291\u5236\u4e3b\u8981\u662f\u5bf9\u4e8e\u67d0\u4e9b\u4e0d\u9700\u8981\u7acb\u5373\u5173\u6ce8\u7684\u544a\u8b66\u8fdb\u884c\u4e34\u65f6\u9690\u85cf\u6216\u8005\u964d\u4f4e\u5176\u4f18\u5148\u7ea7\u7684\u4e00\u79cd\u673a\u5236\u3002\u8fd9\u4e2a\u529f\u80fd\u7684\u76ee\u7684\u662f\u4e3a\u4e86\u51cf\u5c11\u4e0d\u5fc5\u8981\u7684\u544a\u8b66\u4fe1\u606f\u5bf9\u8fd0\u7ef4\u4eba\u5458\u7684\u5e72\u6270\uff0c\u4f7f\u4ed6\u4eec\u80fd\u591f\u96c6\u4e2d\u7cbe\u529b\u5904\u7406\u66f4\u91cd\u8981\u7684\u95ee\u9898\u3002
\u544a\u8b66\u6291\u5236\u901a\u8fc7\u5b9a\u4e49\u4e00\u7ec4\u89c4\u5219\u6765\u8bc6\u522b\u548c\u5ffd\u7565\u67d0\u4e9b\u544a\u8b66\uff0c\u5f53\u5b83\u4eec\u5728\u7279\u5b9a\u6761\u4ef6\u4e0b\u53d1\u751f\u65f6\u3002\u4e3b\u8981\u6709\u4ee5\u4e0b\u51e0\u79cd\u60c5\u51b5\uff1a
\u5de6\u4fa7\u5bfc\u822a\u680f\u4e2d\uff0c\u9009\u62e9\u00a0\u544a\u8b66\u4e2d\u5fc3\u00a0->\u00a0\u544a\u8b66\u964d\u566a\uff0c\u5355\u51fb\u9876\u90e8\u7684 \u544a\u8b66\u6291\u5236 \u3002
\u70b9\u51fb \u65b0\u5efa\u6291\u5236\u89c4\u5219 \uff0c\u8bbe\u7f6e\u6291\u5236\u89c4\u5219\u7684\u540d\u79f0\u3001\u89c4\u5219\u7b49\u3002
Note
\u901a\u8fc7\u89c4\u5219\u6807\u7b7e\u548c\u544a\u8b66\u6807\u7b7e\u5b9a\u4e49\u4e00\u7ec4\u89c4\u5219\u6765\u8bc6\u522b\u548c\u5ffd\u7565\u67d0\u4e9b\u544a\u8b66\uff0c\u8fbe\u5230\u907f\u514d\u540c\u4e00\u95ee\u9898\u53ef\u80fd\u4f1a\u89e6\u53d1\u591a\u4e2a\u76f8\u4f3c\u6216\u76f8\u5173\u7684\u544a\u8b66\u7684\u95ee\u9898\u3002
\u53c2\u6570\u65f6\u95f4 \u8bf4\u660e \u6291\u5236\u89c4\u5219\u540d\u79f0 \u6291\u5236\u89c4\u5219\u540d\u79f0\u53ea\u80fd\u5305\u542b\u5c0f\u5199\u5b57\u6bcd\u3001\u6570\u5b57\u548c\u8fde\u5b57\u7b26\uff08-\uff09\uff0c\u5fc5\u987b\u4ee5\u5c0f\u5199\u5b57\u6bcd\u6216\u6570\u5b57\u5f00\u5934\u548c\u7ed3\u5c3e\uff0c\u6700\u957f 63 \u4e2a\u5b57\u7b26\u3002 \u63cf\u8ff0 \u63cf\u8ff0\u53ef\u5305\u542b\u4efb\u610f\u5b57\u7b26\uff0c\u6700\u957f 256 \u4e2a\u5b57\u7b26\u3002 \u96c6\u7fa4 \u8be5\u6291\u5236\u89c4\u5219\u4f5c\u7528\u7684\u96c6\u7fa4\u3002 \u547d\u540d\u7a7a\u95f4 \u8be5\u6291\u5236\u89c4\u5219\u4f5c\u7528\u7684\u547d\u540d\u7a7a\u95f4\u3002 \u6839\u6e90\u544a\u8b66 \u901a\u8fc7\u586b\u5199\u7684\u6807\u7b7e\u6761\u4ef6\u5339\u914d\u544a\u8b66\uff0c\u4f1a\u5c06\u7b26\u5408\u6240\u6709\u6807\u7b7e\u6761\u4ef6\u7684\u544a\u8b66\u4e0e\u7b26\u5408\u6291\u5236\u6761\u4ef6\u7684\u8fdb\u884c\u5bf9\u6bd4\uff0c\u4e0d\u7b26\u5408\u6291\u5236\u6761\u4ef6\u7684\u544a\u8b66\u5c06\u7167\u5e38\u53d1\u9001\u6d88\u606f\u7ed9\u7528\u6237\u3002 \u53d6\u503c\u8303\u56f4\u8bf4\u660e\uff1a - \u544a\u8b66\u7ea7\u522b\uff1a\u6307\u6807\u6216\u4e8b\u4ef6\u544a\u8b66\u7684\u7ea7\u522b\uff0c\u53ef\u4ee5\u8bbe\u7f6e\u4e3a\uff1a\u7d27\u6025\u3001\u91cd\u8981\u3001\u63d0\u793a\u3002 - \u8d44\u6e90\u7c7b\u578b\uff1a\u544a\u8b66\u5bf9\u8c61\u6240\u5bf9\u5e94\u7684\u8d44\u6e90\u7c7b\u578b\uff0c\u53ef\u4ee5\u8bbe\u7f6e\u4e3a\uff1a\u96c6\u7fa4\u3001\u8282\u70b9\u3001\u65e0\u72b6\u6001\u8d1f\u8f7d\u3001\u6709\u72b6\u5bb9\u8d1f\u8f7d\u3001\u5b88\u62a4\u8fdb\u7a0b\u3001\u5bb9\u5668\u7ec4\u3002 - \u6807\u7b7e\uff1a\u544a\u8b66\u6807\u8bc6\u5c5e\u6027\uff0c\u7531\u6807\u7b7e\u540d\u548c\u6807\u7b7e\u503c\u6784\u6210\uff0c\u652f\u6301\u7528\u6237\u81ea\u5b9a\u4e49\u3002 \u6291\u5236\u544a\u8b66 \u7528\u4e8e\u6307\u5b9a\u76ee\u6807\u8b66\u62a5\uff08\u5c06\u88ab\u6291\u5236\u7684\u8b66\u62a5\uff09\u7684\u5339\u914d\u6761\u4ef6\uff0c\u7b26\u5408\u6240\u6709\u6807\u7b7e\u6761\u4ef6\u7684\u544a\u8b66\u5c06\u4e0d\u4f1a\u518d\u53d1\u9001\u6d88\u606f\u7ed9\u7528\u6237\u3002 \u5339\u914d\u6807\u7b7e \u7528\u4e8e\u6307\u5b9a\u5e94\u8be5\u6bd4\u8f83\u7684\u6807\u7b7e\u5217\u8868\uff0c\u4ee5\u786e\u5b9a\u6e90\u8b66\u62a5\u548c\u76ee\u6807\u8b66\u62a5\u662f\u5426\u5339\u914d\u3002\u53ea\u6709\u5728\u00a0equal\u00a0\u4e2d\u6307\u5b9a\u7684\u6807\u7b7e\u5728\u6e90\u548c\u76ee\u6807\u8b66\u62a5\u4e2d\u7684\u503c\u5b8c\u5168\u76f8\u540c\u7684\u60c5\u51b5\u4e0b\uff0c\u624d\u4f1a\u89e6\u53d1\u6291\u5236\u3002equal\u00a0\u5b57\u6bb5\u662f\u53ef\u9009\u7684\u3002\u5982\u679c\u7701\u7565\u00a0equal\u00a0\u5b57\u6bb5\uff0c\u5219\u4f1a\u5c06\u6240\u6709\u6807\u7b7e\u7528\u4e8e\u5339\u914d\u70b9\u51fb**\u786e\u5b9a**\u5b8c\u6210\u521b\u5efa\u540e\u8fd4\u56de\u544a\u8b66\u6291\u5236\u5217\u8868\uff0c\u70b9\u51fb\u544a\u8b66\u6291\u5236\u540d\u79f0\u540e\u53ef\u67e5\u770b\u6291\u5236\u89c4\u5219\u8be6\u60c5\u3002
\u70b9\u51fb\u76ee\u6807\u89c4\u5219\u540d\u79f0\uff0c\u67e5\u770b\u89c4\u5219\u8be6\u60c5\uff0c\u67e5\u770b\u5bf9\u5e94\u544a\u8b66\u89c4\u5219\u7684\u6807\u7b7e\u3002
Note
\u5728\u6dfb\u52a0\u89c4\u5219
\u65f6\u53ef\u6dfb\u52a0\u81ea\u5b9a\u4e49\u6807\u7b7e
\u3002
\u70b9\u51fb\u53f3\u4fa7\u5bfc\u822a\u680f\u9009\u62e9\u00a0\u544a\u8b66\u4e2d\u5fc3\u00a0->\u00a0\u544a\u8b66\u5217\u8868 \uff0c\u70b9\u51fb\u544a\u8b66\u6240\u5728\u884c\u67e5\u770b\u544a\u8b66\u8be6\u60c5\u3002
Note
\u544a\u8b66\u6807\u7b7e\u7528\u4e8e\u63cf\u8ff0\u544a\u8b66\u7684\u8be6\u7ec6\u4fe1\u606f\u548c\u5c5e\u6027\uff0c\u53ef\u4ee5\u7528\u6765\u521b\u5efa\u6291\u5236\u89c4\u5219\u3002
\u70b9\u51fb\u76ee\u6807\u89c4\u5219\u540e\u4fa7\u7684 \u2507 \uff0c\u70b9\u51fb \u7f16\u8f91\uff0c\u8fdb\u5165\u6291\u5236\u89c4\u5219\u7684\u7f16\u8f91\u9875\u3002
\u70b9\u51fb\u76ee\u6807\u89c4\u5219\u540e\u4fa7\u7684 \u2507 \uff0c\u70b9\u51fb \u5220\u9664\uff0c\u5728\u8f93\u5165\u6846\u4e2d\u8f93\u5165\u6291\u5236\u89c4\u5219\u7684\u540d\u79f0\u5373\u53ef\u5220\u9664\u3002
"},{"location":"end-user/insight/alert-center/message.html","title":"\u901a\u77e5\u914d\u7f6e","text":"\u5728 \u901a\u77e5\u914d\u7f6e \u9875\u9762\uff0c\u53ef\u4ee5\u914d\u7f6e\u901a\u8fc7\u90ae\u4ef6\u3001\u4f01\u4e1a\u5fae\u4fe1\u3001\u9489\u9489\u3001Webhook \u548c\u77ed\u4fe1\u7b49\u65b9\u5f0f\u5411\u7528\u6237\u53d1\u9001\u6d88\u606f\u3002
"},{"location":"end-user/insight/alert-center/message.html#_2","title":"\u90ae\u4ef6\u7ec4","text":"\u8fdb\u5165 \u53ef\u89c2\u6d4b\u6027 \u540e\uff0c\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u4e2d\u70b9\u51fb \u544a\u8b66\u4e2d\u5fc3 -> \u901a\u77e5\u914d\u7f6e\uff0c\u9ed8\u8ba4\u4f4d\u4e8e\u90ae\u4ef6\u901a\u77e5\u5bf9\u8c61\u3002
\u70b9\u51fb \u6dfb\u52a0\u90ae\u7bb1\u7ec4\uff0c\u6dfb\u52a0\u4e00\u4e2a\u6216\u591a\u4e2a\u90ae\u4ef6\u5730\u5740\u3002
\u914d\u7f6e\u5b8c\u6210\u540e\u81ea\u52a8\u8fd4\u56de\u901a\u77e5\u5217\u8868\uff0c\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507\uff0c\u53ef\u4ee5\u7f16\u8f91\u6216\u5220\u9664\u90ae\u7bb1\u7ec4\u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u4e2d\u70b9\u51fb \u544a\u8b66\u4e2d\u5fc3 -> \u901a\u77e5\u914d\u7f6e -> \u4f01\u4e1a\u5fae\u4fe1\u3002
\u6709\u5173\u4f01\u4e1a\u5fae\u4fe1\u7fa4\u673a\u5668\u4eba\u7684 URL\uff0c\u8bf7\u53c2\u9605\u4f01\u4e1a\u5fae\u4fe1\u5b98\u65b9\u6587\u6863\uff1a\u5982\u4f55\u4f7f\u7528\u7fa4\u673a\u5668\u4eba\u3002
\u70b9\u51fb \u6dfb\u52a0\u7fa4\u673a\u5668\u4eba\uff0c\u6dfb\u52a0\u4e00\u4e2a\u6216\u591a\u4e2a\u7fa4\u673a\u5668\u4eba\u3002
\u914d\u7f6e\u5b8c\u6210\u540e\u81ea\u52a8\u8fd4\u56de\u901a\u77e5\u5217\u8868\uff0c\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507\uff0c\u9009\u62e9 \u53d1\u9001\u6d4b\u8bd5\u4fe1\u606f\uff0c\u8fd8\u53ef\u4ee5\u7f16\u8f91\u6216\u5220\u9664\u7fa4\u673a\u5668\u4eba\u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u4e2d\u70b9\u51fb \u544a\u8b66\u4e2d\u5fc3 -> \u901a\u77e5\u914d\u7f6e -> \u9489\u9489\uff0c\u70b9\u51fb \u6dfb\u52a0\u7fa4\u673a\u5668\u4eba\uff0c\u6dfb\u52a0\u4e00\u4e2a\u6216\u591a\u4e2a\u7fa4\u673a\u5668\u4eba\u3002
\u6709\u5173\u9489\u9489\u7fa4\u673a\u5668\u4eba\u7684 URL\uff0c\u8bf7\u53c2\u9605\u9489\u9489\u5b98\u65b9\u6587\u6863\uff1a\u81ea\u5b9a\u4e49\u673a\u5668\u4eba\u63a5\u5165\u3002
Note
\u52a0\u7b7e\u7684\u65b9\u5f0f\u662f\u9489\u9489\u673a\u5668\u4eba\u4e0e\u5f00\u53d1\u8005\u53cc\u5411\u8fdb\u884c\u5b89\u5168\u8ba4\u8bc1\uff0c\u82e5\u5728\u521b\u5efa\u9489\u9489\u673a\u5668\u4eba\u65f6\u5f00\u542f\u4e86\u52a0\u7b7e\uff0c\u5219\u9700\u8981\u5728\u6b64\u5904\u8f93\u5165\u9489\u9489\u751f\u6210\u7684\u5bc6\u94a5\u3002 \u53ef\u53c2\u8003\u9489\u9489\u81ea\u5b9a\u4e49\u673a\u5668\u4eba\u5b89\u5168\u8bbe\u7f6e\u3002
\u914d\u7f6e\u5b8c\u6210\u540e\u81ea\u52a8\u8fd4\u56de\u901a\u77e5\u5217\u8868\uff0c\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507\uff0c\u9009\u62e9 \u53d1\u9001\u6d4b\u8bd5\u4fe1\u606f\uff0c\u8fd8\u53ef\u4ee5\u7f16\u8f91\u6216\u5220\u9664\u7fa4\u673a\u5668\u4eba\u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u4e2d\u70b9\u51fb \u544a\u8b66\u4e2d\u5fc3 -> \u901a\u77e5\u914d\u7f6e -> \u98de\u4e66\uff0c\u70b9\u51fb \u6dfb\u52a0\u7fa4\u673a\u5668\u4eba\uff0c\u6dfb\u52a0\u4e00\u4e2a\u6216\u591a\u4e2a\u7fa4\u673a\u5668\u4eba\u3002
Note
\u5f53\u98de\u4e66\u7684\u7fa4\u673a\u5668\u4eba\u5f00\u542f\u7b7e\u540d\u6821\u9a8c\u65f6\uff0c\u6dfb\u52a0\u98de\u4e66\u901a\u77e5\u65f6\u9700\u8981\u586b\u5199\u5bf9\u5e94\u7684\u7b7e\u540d\u5bc6\u94a5\u3002\u8bf7\u67e5\u9605 \u81ea\u5b9a\u4e49\u673a\u5668\u4eba\u4f7f\u7528\u6307\u5357\u3002
\u914d\u7f6e\u5b8c\u6210\u540e\u81ea\u52a8\u8fd4\u56de\u901a\u77e5\u5217\u8868\uff0c\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507\uff0c\u9009\u62e9 \u53d1\u9001\u6d4b\u8bd5\u4fe1\u606f\uff0c\u8fd8\u53ef\u4ee5\u7f16\u8f91\u6216\u5220\u9664\u7fa4\u673a\u5668\u4eba\u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u4e2d\u70b9\u51fb \u544a\u8b66\u4e2d\u5fc3 -> \u901a\u77e5\u914d\u7f6e -> Webhook\u3002
\u6709\u5173 Webhook URL \u53ca\u66f4\u591a\u914d\u7f6e\u65b9\u5f0f\uff0c\u8bf7\u53c2\u9605 webhook \u6587\u6863\u3002
\u70b9\u51fb \u65b0\u5efa Webhook\uff0c\u6dfb\u52a0\u4e00\u4e2a\u6216\u591a\u4e2a Webhook\u3002
HTTP Headers
\uff1a\u975e\u5fc5\u586b\uff0c\u8bbe\u7f6e\u8bf7\u6c42\u5934\u3002\u53ef\u4ee5\u6dfb\u52a0\u591a\u4e2a Headers\u3002
Note
\u6709\u5173 Webhook URL \u53ca\u66f4\u591a\u914d\u7f6e\u65b9\u5f0f\uff0c\u8bf7\u53c2\u9605 webhook \u6587\u6863\u3002
\u914d\u7f6e\u5b8c\u6210\u540e\u81ea\u52a8\u8fd4\u56de\u901a\u77e5\u5217\u8868\uff0c\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507\uff0c\u9009\u62e9 \u53d1\u9001\u6d4b\u8bd5\u4fe1\u606f\uff0c\u8fd8\u53ef\u4ee5\u7f16\u8f91\u6216\u5220\u9664 Webhook\u3002
Note
\u544a\u8b66\u6d88\u606f\u53d1\u9001\u81f3\u7528\u6237\u4e2a\u4eba\u7684\u7ad9\u5185\u4fe1
\uff0c\u70b9\u51fb\u9876\u90e8\u7684 \ud83d\udd14 \u7b26\u53f7\u53ef\u4ee5\u67e5\u770b\u901a\u77e5\u6d88\u606f\u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u4e2d\u70b9\u51fb \u544a\u8b66\u4e2d\u5fc3 -> \u901a\u77e5\u914d\u7f6e -> \u7ad9\u5185\u4fe1\uff0c\u70b9\u51fb\u521b\u5efa\u3002
\u914d\u7f6e\u5b8c\u6210\u540e\u81ea\u52a8\u8fd4\u56de \u7ad9\u5185\u4fe1\u901a\u77e5\u5217\u8868\uff0c\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507\uff0c\u9009\u62e9 \u53d1\u9001\u6d4b\u8bd5\u4fe1\u606f\u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u4e2d\u70b9\u51fb \u544a\u8b66\u4e2d\u5fc3 -> \u901a\u77e5\u914d\u7f6e -> \u77ed\u4fe1\uff0c\u70b9\u51fb \u6dfb\u52a0\u77ed\u4fe1\u7ec4\uff0c\u6dfb\u52a0\u4e00\u4e2a\u6216\u591a\u4e2a\u77ed\u4fe1\u7ec4\u3002
\u5728\u5f39\u7a97\u4e2d\u8f93\u5165\u540d\u79f0\u3001\u63a5\u6536\u77ed\u4fe1\u7684\u5bf9\u8c61\u3001\u624b\u673a\u53f7\u4ee5\u53ca\u901a\u77e5\u670d\u52a1\u5668\u3002
\u901a\u77e5\u670d\u52a1\u5668\u9700\u8981\u9884\u5148\u5728 \u901a\u77e5\u914d\u7f6e -> \u901a\u77e5\u670d\u52a1\u5668 \u4e2d\u6dfb\u52a0\u521b\u5efa\u3002\u76ee\u524d\u652f\u6301\u963f\u91cc\u4e91\u3001\u817e\u8baf\u4e91\u4e24\u79cd\u4e91\u670d\u52a1\u5668\uff0c\u5177\u4f53\u914d\u7f6e\u7684\u53c2\u6570\u8bf7\u53c2\u9605\u81ea\u5df1\u7684\u4e91\u670d\u52a1\u5668\u4fe1\u606f\u3002
\u77ed\u4fe1\u7ec4\u6dfb\u52a0\u6210\u529f\u540e\uff0c\u81ea\u52a8\u8fd4\u56de\u901a\u77e5\u5217\u8868\uff0c\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507\uff0c\u53ef\u4ee5\u7f16\u8f91\u6216\u5220\u9664\u77ed\u4fe1\u7ec4\u3002
\u53ef\u89c2\u6d4b\u6027\u63d0\u4f9b\u81ea\u5b9a\u4e49\u6d88\u606f\u6a21\u677f\u5185\u5bb9\u7684\u80fd\u529b\uff0c\u652f\u6301\u90ae\u4ef6\u3001\u4f01\u4e1a\u5fae\u4fe1\u3001\u9489\u9489\u3001Webhook\u3001\u98de\u4e66\u3001\u7ad9\u5185\u4fe1\u7b49\u4e0d\u540c\u7684\u901a\u77e5\u5bf9\u8c61\u5b9a\u4e49\u4e0d\u540c\u7684\u6d88\u606f\u901a\u77e5\u5185\u5bb9\u3002
"},{"location":"end-user/insight/alert-center/msg-template.html#_2","title":"\u521b\u5efa\u6d88\u606f\u6a21\u677f","text":"\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u4e2d\uff0c\u9009\u62e9 \u544a\u8b66\u4e2d\u5fc3 -> \u6d88\u606f\u6a21\u677f\u3002
Insight \u9ed8\u8ba4\u5185\u7f6e\u4e2d\u82f1\u6587\u4e24\u4e2a\u6a21\u677f\uff0c\u4ee5\u4fbf\u7528\u6237\u4f7f\u7528\u3002
\u70b9\u51fb \u65b0\u5efa\u6d88\u606f\u6a21\u677f \u6309\u94ae\uff0c\u586b\u5199\u6a21\u677f\u5185\u5bb9\u3002
Info
\u53ef\u89c2\u6d4b\u6027\u9884\u7f6e\u4e86\u6d88\u606f\u6a21\u677f\u3002\u82e5\u9700\u8981\u5b9a\u4e49\u6a21\u677f\u7684\u5185\u5bb9\uff0c\u8bf7\u53c2\u8003\u914d\u7f6e\u901a\u77e5\u6a21\u677f\u3002
"},{"location":"end-user/insight/alert-center/msg-template.html#_3","title":"\u6d88\u606f\u6a21\u677f\u8be6\u60c5","text":"\u70b9\u51fb\u67d0\u4e00\u6d88\u606f\u6a21\u677f\u7684\u540d\u79f0\uff0c\u53f3\u4fa7\u6ed1\u5757\u53ef\u67e5\u770b\u6d88\u606f\u6a21\u677f\u7684\u8be6\u60c5\u3002
\u53c2\u6570 \u53d8\u91cf \u63cf\u8ff0 \u89c4\u5219\u540d\u79f0 {{ .Labels.alertname }} \u89e6\u53d1\u544a\u8b66\u7684\u89c4\u5219\u540d\u79f0 \u7b56\u7565\u540d\u79f0 {{ .Labels.alertgroup }} \u89e6\u53d1\u544a\u8b66\u89c4\u5219\u6240\u5c5e\u7684\u544a\u8b66\u7b56\u7565\u540d\u79f0 \u544a\u8b66\u7ea7\u522b {{ .Labels.severity }} \u89e6\u53d1\u544a\u8b66\u7684\u7ea7\u522b \u96c6\u7fa4 {{ .Labels.cluster }} \u89e6\u53d1\u544a\u8b66\u7684\u8d44\u6e90\u6240\u5728\u7684\u96c6\u7fa4 \u547d\u540d\u7a7a\u95f4 {{ .Labels.namespace }} \u89e6\u53d1\u544a\u8b66\u7684\u8d44\u6e90\u6240\u5728\u7684\u547d\u540d\u7a7a\u95f4 \u8282\u70b9 {{ .Labels.node }} \u89e6\u53d1\u544a\u8b66\u7684\u8d44\u6e90\u6240\u5728\u7684\u8282\u70b9 \u8d44\u6e90\u7c7b\u578b {{ .Labels.target_type }} \u544a\u8b66\u5bf9\u8c61\u7684\u8d44\u6e90\u7c7b\u578b \u8d44\u6e90\u540d\u79f0 {{ .Labels.target }} \u89e6\u53d1\u544a\u8b66\u7684\u5bf9\u8c61\u540d\u79f0 \u89e6\u53d1\u503c {{ .Annotations.value }} \u89e6\u53d1\u544a\u8b66\u901a\u77e5\u65f6\u7684\u6307\u6807\u503c \u53d1\u751f\u65f6\u95f4 {{ .StartsAt }} \u544a\u8b66\u5f00\u59cb\u53d1\u751f\u7684\u65f6\u95f4 \u7ed3\u675f\u65f6\u95f4 {{ .EndsAT }} \u544a\u8b66\u7ed3\u675f\u7684\u65f6\u95f4 \u63cf\u8ff0 {{ .Annotations.description }} \u544a\u8b66\u7684\u8be6\u7ec6\u63cf\u8ff0 \u6807\u7b7e {{ for .labels}} {{end}} \u544a\u8b66\u7684\u6240\u6709\u6807\u7b7e\uff0c\u4f7f\u7528 for \u51fd\u6570\u904d\u5386 labels \u5217\u8868\uff0c\u83b7\u53d6\u544a\u8b66\u7684\u6240\u6709\u6807\u7b7e\u5185\u5bb9\u3002"},{"location":"end-user/insight/alert-center/msg-template.html#_4","title":"\u7f16\u8f91\u6216\u5220\u9664\u6d88\u606f\u6a21\u677f","text":"\u5728\u5217\u8868\u53f3\u4fa7\u70b9\u51fb \u2507\uff0c\u5728\u5f39\u51fa\u83dc\u5355\u4e2d\u9009\u62e9 \u7f16\u8f91 \u6216 \u5220\u9664\uff0c\u53ef\u4ee5\u4fee\u6539\u6216\u5220\u9664\u6d88\u606f\u6a21\u677f\u3002
Warning
\u8bf7\u6ce8\u610f\uff0c\u5220\u9664\u6a21\u677f\u540e\u65e0\u6cd5\u6062\u590d\uff0c\u8bf7\u8c28\u614e\u64cd\u4f5c\u3002
"},{"location":"end-user/insight/alert-center/silent.html","title":"\u544a\u8b66\u9759\u9ed8","text":"\u544a\u8b66\u9759\u9ed8\u662f\u6307\u5728\u7279\u5b9a\u7684\u65f6\u95f4\u8303\u56f4\u5185\uff0c\u6839\u636e\u5b9a\u4e49\u597d\u7684\u89c4\u5219\u5bf9\u7b26\u5408\u6761\u4ef6\u7684\u544a\u8b66\u4e0d\u518d\u53d1\u9001\u544a\u8b66\u901a\u77e5\u3002\u8be5\u529f\u80fd\u53ef\u4ee5\u5e2e\u52a9\u8fd0\u7ef4\u4eba\u5458\u907f\u514d\u5728\u67d0\u4e9b\u64cd\u4f5c\u6216\u4e8b\u4ef6\u671f\u95f4\u63a5\u6536\u5230\u8fc7\u591a\u7684\u566a\u58f0\u544a\u8b66\uff0c\u540c\u65f6\u4fbf\u4e8e\u66f4\u52a0\u7cbe\u786e\u5730\u5904\u7406\u771f\u6b63\u9700\u8981\u89e3\u51b3\u7684\u95ee\u9898\u3002
\u5728\u544a\u8b66\u9759\u9ed8\u9875\u9762\u4e0a\uff0c\u7528\u6237\u53ef\u4ee5\u770b\u5230\u4e24\u4e2a\u9875\u7b7e\uff1a\u6d3b\u8dc3\u89c4\u5219\u548c\u8fc7\u671f\u89c4\u5219\u3002 \u5176\u4e2d\uff0c\u6d3b\u8dc3\u89c4\u5219\u8868\u793a\u76ee\u524d\u6b63\u5728\u751f\u6548\u7684\u89c4\u5219\uff0c\u800c\u8fc7\u671f\u89c4\u5219\u5219\u662f\u4ee5\u524d\u5b9a\u4e49\u8fc7\u4f46\u5df2\u7ecf\u8fc7\u671f\uff08\u6216\u8005\u7528\u6237\u4e3b\u52a8\u5220\u9664\uff09\u7684\u89c4\u5219\u3002
"},{"location":"end-user/insight/alert-center/silent.html#_2","title":"\u64cd\u4f5c\u6b65\u9aa4","text":"\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u4e2d\uff0c\u9009\u62e9 \u544a\u8b66\u4e2d\u5fc3 -> \u544a\u8b66\u9759\u9ed8 ,\u70b9\u51fb \u65b0\u5efa\u9759\u9ed8\u89c4\u5219 \u6309\u94ae\u3002
\u586b\u5199\u9759\u9ed8\u89c4\u5219\u7684\u5404\u9879\u53c2\u6570\uff0c\u5982\u96c6\u7fa4\u3001\u547d\u540d\u7a7a\u95f4\u3001\u6807\u7b7e\u3001\u65f6\u95f4\u7b49\uff0c\u4ee5\u5b9a\u4e49\u8fd9\u6761\u89c4\u5219\u7684\u4f5c\u7528\u8303\u56f4\u548c\u751f\u6548\u65f6\u95f4\u3002
\u8fd4\u56de\u89c4\u5219\u5217\u8868\uff0c\u5728\u5217\u8868\u53f3\u4fa7\u70b9\u51fb \u2507 \uff0c\u53ef\u4ee5\u7f16\u8f91\u6216\u5220\u9664\u9759\u9ed8\u89c4\u5219\u3002
\u901a\u8fc7\u544a\u8b66\u9759\u9ed8\u529f\u80fd\uff0c\u60a8\u53ef\u4ee5\u7075\u6d3b\u5730\u63a7\u5236\u54ea\u4e9b\u544a\u8b66\u9700\u8981\u88ab\u5ffd\u7565\uff0c\u5728\u4ec0\u4e48\u65f6\u95f4\u6bb5\u5185\u751f\u6548\uff0c\u4ece\u800c\u63d0\u9ad8\u8fd0\u7ef4\u6548\u7387\uff0c\u51cf\u5c11\u8bef\u62a5\u7684\u53ef\u80fd\u6027\u3002
"},{"location":"end-user/insight/alert-center/sms-provider.html","title":"\u914d\u7f6e\u901a\u77e5\u670d\u52a1\u5668","text":"\u53ef\u89c2\u6d4b\u6027 Insight \u652f\u6301\u77ed\u4fe1\u901a\u77e5\uff0c\u76ee\u524d\u901a\u8fc7\u96c6\u6210\u963f\u91cc\u4e91\u3001\u817e\u8baf\u4e91\u7684\u77ed\u4fe1\u670d\u52a1\u53d1\u9001\u544a\u8b66\u6d88\u606f\u3002\u672c\u6587\u4ecb\u7ecd\u4e86\u5982\u4f55\u5728 insight \u4e2d\u914d\u7f6e\u77ed\u4fe1\u901a\u77e5\u7684\u670d\u52a1\u5668\u3002\u77ed\u4fe1\u7b7e\u540d\u4e2d\u652f\u6301\u7684\u53d8\u91cf\u4e3a\u6d88\u606f\u6a21\u677f\u4e2d\u7684\u9ed8\u8ba4\u53d8\u91cf\uff0c\u540c\u65f6\u7531\u4e8e\u77ed\u4fe1\u5b57\u6570\u6709\u9650\uff0c\u5efa\u8bae\u9009\u62e9\u8f83\u4e3a\u660e\u786e\u7684\u53d8\u91cf\u3002
\u5982\u4f55\u914d\u7f6e\u77ed\u4fe1\u63a5\u6536\u4eba\u53ef\u53c2\u8003\u6587\u6863\uff1a\u914d\u7f6e\u77ed\u4fe1\u901a\u77e5\u7ec4\u3002
"},{"location":"end-user/insight/alert-center/sms-provider.html#_2","title":"\u64cd\u4f5c\u6b65\u9aa4","text":"\u8fdb\u5165 \u544a\u8b66\u4e2d\u5fc3 -> \u901a\u77e5\u914d\u7f6e -> \u901a\u77e5\u670d\u52a1\u5668 \u3002
\u70b9\u51fb \u6dfb\u52a0\u901a\u77e5\u670d\u52a1\u5668 \u3002
\u914d\u7f6e\u963f\u91cc\u4e91\u670d\u52a1\u5668\u3002
\u7533\u8bf7\u963f\u91cc\u4e91\u77ed\u4fe1\u670d\u52a1\uff0c\u8bf7\u53c2\u8003\u963f\u91cc\u4e91\u77ed\u4fe1\u670d\u52a1\u3002
\u5b57\u6bb5\u8bf4\u660e\uff1a
\u8bf7\u53c2\u8003\u963f\u91cc\u4e91\u53d8\u91cf\u89c4\u8303\u3002
Note
\u4e3e\u4f8b\uff1a\u5728\u963f\u91cc\u4e91\u5b9a\u4e49\u7684\u6a21\u677f\u5185\u5bb9\u4e3a\uff1a\\({severity}\uff1a\\) \u88ab\u89e6\u53d1\u3002\u53c2\u6570\u6a21\u677f\u4e2d\u7684\u914d\u7f6e\u53c2\u8003\u4e0a\u56fe\u3002} \u5728 ${startat
\u914d\u7f6e\u817e\u8baf\u4e91\u670d\u52a1\u5668\u3002
\u7533\u8bf7\u817e\u8baf\u4e91\u77ed\u4fe1\u670d\u52a1\uff0c\u8bf7\u53c2\u8003\u817e\u8baf\u4e91\u77ed\u4fe1\u3002
\u5b57\u6bb5\u8bf4\u660e\uff1a
Note
\u4e3e\u4f8b\uff1a\u5728\u817e\u8baf\u4e91\u5b9a\u4e49\u7684\u6a21\u677f\u5185\u5bb9\u4e3a\uff1a{1}\uff1a{2} \u5728 {3} \u88ab\u89e6\u53d1\u3002\u53c2\u6570\u6a21\u677f\u4e2d\u7684\u914d\u7f6e\u53c2\u8003\u4e0a\u56fe\u3002
\u5728 AI \u7b97\u529b\u5e73\u53f0\u4e2d\u53ef\u89c2\u6d4b\u6027 Insight \u4f5c\u4e3a\u591a\u96c6\u7fa4\u89c2\u6d4b\u4ea7\u54c1\uff0c\u4e3a\u4e86\u5b9e\u73b0\u591a\u96c6\u7fa4\u89c2\u6d4b\u6570\u636e\u7684\u7edf\u4e00\u91c7\u96c6\uff0c\u9700\u8981\u7528\u6237\u5b89\u88c5 Helm \u5e94\u7528 insight-agent \uff08\u9ed8\u8ba4\u5b89\u88c5\u5728 insight-system \u547d\u540d\u7a7a\u95f4\uff09\u3002\u53c2\u9605\u5982\u4f55\u5b89\u88c5 insight-agent \u3002
"},{"location":"end-user/insight/collection-manag/agent-status.html#_1","title":"\u72b6\u6001\u8bf4\u660e","text":"\u5728 \u53ef\u89c2\u6d4b\u6027 -> \u91c7\u96c6\u7ba1\u7406 \u90e8\u5206\u53ef\u67e5\u770b\u5404\u96c6\u7fa4\u5b89\u88c5 insight-agent \u7684\u60c5\u51b5\u3002
\u53ef\u901a\u8fc7\u4ee5\u4e0b\u65b9\u5f0f\u6392\u67e5\uff1a
\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\uff0c\u82e5\u72b6\u6001\u4e3a deployed \uff0c\u5219\u6267\u884c\u4e0b\u4e00\u6b65\u3002\u82e5\u4e3a failed \uff0c\u7531\u4e8e\u4f1a\u5f71\u54cd\u5e94\u7528\u7684\u5347\u7ea7\uff0c\u5efa\u8bae\u5728 \u5bb9\u5668\u7ba1\u7406 -> helm \u5e94\u7528 \u5378\u8f7d\u540e\u91cd\u65b0\u5b89\u88c5 :
helm list -n insight-system\n
\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u6216\u5728 \u53ef\u89c2\u6d4b\u6027 -> \u91c7\u96c6\u7ba1\u7406 \u4e2d\u67e5\u770b\u8be5\u96c6\u7fa4\u90e8\u7f72\u7684\u7ec4\u4ef6\u7684\u72b6\u6001\uff0c\u82e5\u5b58\u5728\u975e \u8fd0\u884c\u4e2d \u72b6\u6001\u7684\u5bb9\u5668\u7ec4\uff0c\u8bf7\u91cd\u542f\u5f02\u5e38\u7684\u5bb9\u5668\u7ec4\u3002
kubectl get pods -n insight-system\n
insight-agent \u4e2d\u6307\u6807\u91c7\u96c6\u7ec4\u4ef6 Prometheus \u7684\u8d44\u6e90\u6d88\u8017\u4e0e\u96c6\u7fa4\u4e2d\u8fd0\u884c\u7684\u5bb9\u5668\u7ec4\u6570\u91cf\u5b58\u5728\u6b63\u6bd4\u5173\u7cfb\uff0c \u8bf7\u6839\u636e\u96c6\u7fa4\u89c4\u6a21\u8c03\u6574 Prometheus \u7684\u8d44\u6e90\uff0c\u8bf7\u53c2\u8003\uff1aPrometheus \u8d44\u6e90\u89c4\u5212
\u7531\u4e8e\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4e2d\u6307\u6807\u5b58\u50a8\u7ec4\u4ef6 vmstorage \u7684\u5b58\u50a8\u5bb9\u91cf\u4e0e\u5404\u4e2a\u96c6\u7fa4\u5bb9\u5668\u7ec4\u6570\u91cf\u603b\u548c\u5b58\u5728\u6b63\u6bd4\u5173\u7cfb\u3002
\u91c7\u96c6\u7ba1\u7406 \u4e3b\u8981\u662f\u96c6\u4e2d\u7ba1\u7406\u3001\u5c55\u793a\u96c6\u7fa4\u5b89\u88c5\u91c7\u96c6\u63d2\u4ef6 insight-agent \u7684\u5165\u53e3\uff0c\u5e2e\u52a9\u7528\u6237\u5feb\u901f\u7684\u67e5\u770b\u96c6\u7fa4\u91c7\u96c6\u63d2\u4ef6\u7684\u5065\u5eb7\u72b6\u6001\uff0c\u5e76\u63d0\u4f9b\u4e86\u5feb\u6377\u5165\u53e3\u914d\u7f6e\u91c7\u96c6\u89c4\u5219\u3002
\u5177\u4f53\u64cd\u4f5c\u6b65\u9aa4\u5982\u4e0b\uff1a
\u70b9\u51fb\u5de6\u4e0a\u89d2\u7684\uff0c\u9009\u62e9 \u53ef\u89c2\u6d4b\u6027 \u3002
\u9009\u62e9\u5de6\u4fa7\u5bfc\u822a\u680f\u7684 \u91c7\u96c6\u7ba1\u7406 \uff0c\u67e5\u770b\u5168\u90e8\u96c6\u7fa4\u91c7\u96c6\u63d2\u4ef6\u7684\u72b6\u6001\u3002
\u96c6\u7fa4\u63a5\u5165 insight-agent \u4e14\u5904\u4e8e\u8fd0\u884c\u4e2d\u72b6\u6001\u65f6\uff0c\u70b9\u51fb\u67d0\u4e2a\u96c6\u7fa4\u540d\u79f0\u8fdb\u5165\u8be6\u60c5\u3002
\u5728 \u670d\u52a1\u76d1\u63a7 \u9875\u7b7e\u4e2d\uff0c\u70b9\u51fb\u5feb\u6377\u94fe\u63a5\u8df3\u8f6c\u5230 \u5bb9\u5668\u7ba1\u7406 -> \u81ea\u5b9a\u4e49\u8d44\u6e90 \u6dfb\u52a0\u670d\u52a1\u53d1\u73b0\u89c4\u5219\u3002
Prometheus \u4e3b\u8981\u901a\u8fc7 Pull \u7684\u65b9\u5f0f\u6765\u6293\u53d6\u76ee\u6807\u670d\u52a1\u66b4\u9732\u51fa\u6765\u7684\u76d1\u63a7\u63a5\u53e3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6e\u5bf9\u5e94\u7684\u6293\u53d6\u4efb\u52a1\u6765\u8bf7\u6c42\u76d1\u63a7\u6570\u636e\u5e76\u5199\u5165\u5230 Prometheus \u63d0\u4f9b\u7684\u5b58\u50a8\u4e2d\uff0c\u76ee\u524d Prometheus \u670d\u52a1\u63d0\u4f9b\u4e86\u5982\u4e0b\u51e0\u4e2a\u4efb\u52a1\u7684\u914d\u7f6e\uff1a
Note
[ ]
\u4e2d\u7684\u914d\u7f6e\u9879\u4e3a\u53ef\u9009\u3002
\u76f8\u5e94\u914d\u7f6e\u9879\u8bf4\u660e\u5982\u4e0b\uff1a
# \u6293\u53d6\u4efb\u52a1\u540d\u79f0\uff0c\u540c\u65f6\u4f1a\u5728\u5bf9\u5e94\u6293\u53d6\u7684\u6307\u6807\u4e2d\u52a0\u4e86\u4e00\u4e2a label(job=job_name)\njob_name: <job_name>\n\n# \u6293\u53d6\u4efb\u52a1\u65f6\u95f4\u95f4\u9694\n[ scrape_interval: <duration> | default = <global_config.scrape_interval> ]\n\n# \u6293\u53d6\u8bf7\u6c42\u8d85\u65f6\u65f6\u95f4\n[ scrape_timeout: <duration> | default = <global_config.scrape_timeout> ]\n\n# \u6293\u53d6\u4efb\u52a1\u8bf7\u6c42 URI \u8def\u5f84\n[ metrics_path: <path> | default = /metrics ]\n\n# \u89e3\u51b3\u5f53\u6293\u53d6\u7684 label \u4e0e\u540e\u7aef Prometheus \u6dfb\u52a0 label \u51b2\u7a81\u65f6\u7684\u5904\u7406\u3002\n# true: \u4fdd\u7559\u6293\u53d6\u5230\u7684 label\uff0c\u5ffd\u7565\u4e0e\u540e\u7aef Prometheus \u51b2\u7a81\u7684 label\uff1b\n# false: \u5bf9\u51b2\u7a81\u7684 label\uff0c\u628a\u6293\u53d6\u7684 label \u524d\u52a0\u4e0a exported_<original-label>\uff0c\u6dfb\u52a0\u540e\u7aef Prometheus \u589e\u52a0\u7684 label\uff1b\n[ honor_labels: <boolean> | default = false ]\n\n# \u662f\u5426\u4f7f\u7528\u6293\u53d6\u5230 target \u4e0a\u4ea7\u751f\u7684\u65f6\u95f4\u3002\n# true: \u5982\u679c target \u4e2d\u6709\u65f6\u95f4\uff0c\u4f7f\u7528 target \u4e0a\u7684\u65f6\u95f4\uff1b\n# false: \u76f4\u63a5\u5ffd\u7565 target \u4e0a\u7684\u65f6\u95f4\uff1b\n[ honor_timestamps: <boolean> | default = true ]\n\n# \u6293\u53d6\u534f\u8bae: http \u6216\u8005 https\n[ scheme: <scheme> | default = http ]\n\n# \u6293\u53d6\u8bf7\u6c42\u5bf9\u5e94 URL \u53c2\u6570\nparams:\n [ <string>: [<string>, ...] ]\n\n# \u901a\u8fc7 basic auth \u8bbe\u7f6e\u6293\u53d6\u8bf7\u6c42\u5934\u4e2d `Authorization` \u7684\u503c\uff0cpassword/password_file \u4e92\u65a5\uff0c\u4f18\u5148\u53d6 password_file \u91cc\u9762\u7684\u503c\u3002\nbasic_auth:\n [ username: <string> ]\n [ password: <secret> ]\n [ password_file: <string> ]\n\n# \u901a\u8fc7 bearer token \u8bbe\u7f6e\u6293\u53d6\u8bf7\u6c42\u5934\u4e2d `Authorization` bearer_token/bearer_token_file \u4e92\u65a5\uff0c\u4f18\u5148\u53d6 bearer_token \u91cc\u9762\u7684\u503c\u3002\n[ bearer_token: <secret> ]\n\n# \u901a\u8fc7 bearer token \u8bbe\u7f6e\u6293\u53d6\u8bf7\u6c42\u5934\u4e2d `Authorization` bearer_token/bearer_token_file \u4e92\u65a5\uff0c\u4f18\u5148\u53d6 bearer_token \u91cc\u9762\u7684\u503c\u3002\n[ bearer_token_file: <filename> ]\n\n# \u6293\u53d6\u8fde\u63a5\u662f\u5426\u901a\u8fc7 TLS \u5b89\u5168\u901a\u9053\uff0c\u914d\u7f6e\u5bf9\u5e94\u7684 TLS \u53c2\u6570\ntls_config:\n [ <tls_config> ]\n\n# \u901a\u8fc7\u4ee3\u7406\u670d\u52a1\u6765\u6293\u53d6 target \u4e0a\u7684\u6307\u6807\uff0c\u586b\u5199\u5bf9\u5e94\u7684\u4ee3\u7406\u670d\u52a1\u5730\u5740\u3002\n[ proxy_url: <string> ]\n\n# \u901a\u8fc7\u9759\u6001\u914d\u7f6e\u6765\u6307\u5b9a target\uff0c\u8be6\u89c1\u4e0b\u9762\u7684\u8bf4\u660e\u3002\nstatic_configs:\n [ - <static_config> ... ]\n\n# CVM \u670d\u52a1\u53d1\u73b0\u914d\u7f6e\uff0c\u8be6\u89c1\u4e0b\u9762\u7684\u8bf4\u660e\u3002\ncvm_sd_configs:\n [ - <cvm_sd_config> ... ]\n\n# \u5728\u6293\u53d6\u6570\u636e\u4e4b\u540e\uff0c\u628a target \u4e0a\u5bf9\u5e94\u7684 label \u901a\u8fc7 relabel \u7684\u673a\u5236\u8fdb\u884c\u6539\u5199\uff0c\u6309\u987a\u5e8f\u6267\u884c\u591a\u4e2a relabel \u89c4\u5219\u3002\n# relabel_config \u8be6\u89c1\u4e0b\u6587\u8bf4\u660e\u3002\nrelabel_configs:\n [ - <relabel_config> ... ]\n\n# \u6570\u636e\u6293\u53d6\u5b8c\u6210\u5199\u5165\u4e4b\u524d\uff0c\u901a\u8fc7 relabel \u673a\u5236\u8fdb\u884c\u6539\u5199 label \u5bf9\u5e94\u7684\u503c\uff0c\u6309\u987a\u5e8f\u6267\u884c\u591a\u4e2a relabel \u89c4\u5219\u3002\n# relabel_config \u8be6\u89c1\u4e0b\u6587\u8bf4\u660e\u3002\nmetric_relabel_configs:\n [ - <relabel_config> ... ]\n\n# \u4e00\u6b21\u6293\u53d6\u6570\u636e\u70b9\u9650\u5236\uff0c0\uff1a\u4e0d\u4f5c\u9650\u5236\uff0c\u9ed8\u8ba4\u4e3a 0\n[ sample_limit: <int> | default = 0 ]\n\n# \u4e00\u6b21\u6293\u53d6 Target \u9650\u5236\uff0c0\uff1a\u4e0d\u4f5c\u9650\u5236\uff0c\u9ed8\u8ba4\u4e3a 0\n[ target_limit: <int> | default = 0 ]\n
"},{"location":"end-user/insight/collection-manag/metric-collect.html#pod-monitor","title":"Pod Monitor","text":"\u76f8\u5e94\u914d\u7f6e\u9879\u8bf4\u660e\u5982\u4e0b\uff1a
# Prometheus Operator CRD \u7248\u672c\napiVersion: monitoring.coreos.com/v1\n# \u5bf9\u5e94 K8S \u7684\u8d44\u6e90\u7c7b\u578b\uff0c\u8fd9\u91cc\u9762 Pod Monitor\nkind: PodMonitor\n# \u5bf9\u5e94 K8S \u7684 Metadata\uff0c\u8fd9\u91cc\u53ea\u7528\u5173\u5fc3 name\uff0c\u5982\u679c\u6ca1\u6709\u6307\u5b9a jobLabel\uff0c\u5bf9\u5e94\u6293\u53d6\u6307\u6807 label \u4e2d job \u7684\u503c\u4e3a <namespace>/<name>\nmetadata:\n name: redis-exporter # \u586b\u5199\u4e00\u4e2a\u552f\u4e00\u540d\u79f0\n namespace: cm-prometheus # namespace \u56fa\u5b9a\uff0c\u4e0d\u9700\u8981\u4fee\u6539\n# \u63cf\u8ff0\u6293\u53d6\u76ee\u6807 Pod \u7684\u9009\u53d6\u53ca\u6293\u53d6\u4efb\u52a1\u7684\u914d\u7f6e\n label:\n operator.insight.io/managed-by: insight # Insight \u7ba1\u7406\u7684\u6807\u7b7e\u6807\u8bc6\nspec:\n # \u586b\u5199\u5bf9\u5e94 Pod \u7684 label\uff0cpod monitor \u4f1a\u53d6\u5bf9\u5e94\u7684\u503c\u4f5c\u4e3a job label \u7684\u503c\u3002\n # \u5982\u679c\u67e5\u770b\u7684\u662f Pod Yaml\uff0c\u53d6 pod.metadata.labels \u4e2d\u7684\u503c\u3002\n # \u5982\u679c\u67e5\u770b\u7684\u662f Deployment/Daemonset/Statefulset\uff0c\u53d6 spec.template.metadata.labels\u3002\n [ jobLabel: string ]\n # \u628a\u5bf9\u5e94 Pod \u4e0a\u7684 Label \u6dfb\u52a0\u5230 Target \u7684 Label \u4e2d\n [ podTargetLabels: []string ]\n # \u4e00\u6b21\u6293\u53d6\u6570\u636e\u70b9\u9650\u5236\uff0c0\uff1a\u4e0d\u4f5c\u9650\u5236\uff0c\u9ed8\u8ba4\u4e3a 0\n [ sampleLimit: uint64 ]\n # \u4e00\u6b21\u6293\u53d6 Target \u9650\u5236\uff0c0\uff1a\u4e0d\u4f5c\u9650\u5236\uff0c\u9ed8\u8ba4\u4e3a 0\n [ targetLimit: uint64 ]\n # \u914d\u7f6e\u9700\u8981\u6293\u53d6\u66b4\u9732\u7684 Prometheus HTTP \u63a5\u53e3\uff0c\u53ef\u4ee5\u914d\u7f6e\u591a\u4e2a Endpoint\n podMetricsEndpoints:\n [ - <endpoint_config> ... ] # \u8be6\u89c1\u4e0b\u9762 endpoint \u8bf4\u660e\n # \u9009\u62e9\u8981\u76d1\u63a7 Pod \u6240\u5728\u7684 namespace\uff0c\u4e0d\u586b\u4e3a\u9009\u53d6\u6240\u6709 namespace\n [ namespaceSelector: ]\n # \u662f\u5426\u9009\u53d6\u6240\u6709 namespace\n [ any: bool ]\n # \u9700\u8981\u9009\u53d6 namespace \u5217\u8868\n [ matchNames: []string ]\n # \u586b\u5199\u8981\u76d1\u63a7 Pod \u7684 Label \u503c\uff0c\u4ee5\u5b9a\u4f4d\u76ee\u6807 Pod [K8S metav1.LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#labelselector-v1-meta)\n selector:\n [ matchExpressions: array ]\n [ example: - {key: tier, operator: In, values: [cache]} ]\n [ matchLabels: object ]\n [ example: k8s-app: redis-exporter ]\n
"},{"location":"end-user/insight/collection-manag/metric-collect.html#1","title":"\u4e3e\u4f8b 1","text":"apiVersion: monitoring.coreos.com/v1\nkind: PodMonitor\nmetadata:\n name: redis-exporter # \u586b\u5199\u4e00\u4e2a\u552f\u4e00\u540d\u79f0\n namespace: cm-prometheus # namespace \u56fa\u5b9a\uff0c\u4e0d\u8981\u4fee\u6539\n label:\n operator.insight.io/managed-by: insight # Insight \u7ba1\u7406\u7684\u6807\u7b7e\u6807\u8bc6\uff0c\u5fc5\u586b\u3002\nspec:\n podMetricsEndpoints:\n - interval: 30s\n port: metric-port # \u586b\u5199 pod yaml \u4e2d Prometheus Exporter \u5bf9\u5e94\u7684 Port \u7684 Name\n path: /metrics # \u586b\u5199 Prometheus Exporter \u5bf9\u5e94\u7684 Path \u7684\u503c\uff0c\u4e0d\u586b\u9ed8\u8ba4 /metrics\n relabelings:\n - action: replace\n sourceLabels:\n - instance\n regex: (.*)\n targetLabel: instance\n replacement: \"crs-xxxxxx\" # \u8c03\u6574\u6210\u5bf9\u5e94\u7684 Redis \u5b9e\u4f8b ID\n - action: replace\n sourceLabels:\n - instance\n regex: (.*)\n targetLabel: ip\n replacement: \"1.x.x.x\" # \u8c03\u6574\u6210\u5bf9\u5e94\u7684 Redis \u5b9e\u4f8b IP\n namespaceSelector: # \u9009\u62e9\u8981\u76d1\u63a7 Pod \u6240\u5728\u7684 namespace\n matchNames:\n - redis-test\n selector: # \u586b\u5199\u8981\u76d1\u63a7 Pod \u7684 Label \u503c\uff0c\u4ee5\u5b9a\u4f4d\u76ee\u6807 pod\n matchLabels:\n k8s-app: redis-exporter\n
"},{"location":"end-user/insight/collection-manag/metric-collect.html#2","title":"\u4e3e\u4f8b 2","text":"job_name: prometheus\nscrape_interval: 30s\nstatic_configs:\n- targets:\n - 127.0.0.1:9090\n
"},{"location":"end-user/insight/collection-manag/metric-collect.html#service-monitor","title":"Service Monitor","text":"\u76f8\u5e94\u914d\u7f6e\u9879\u8bf4\u660e\u5982\u4e0b\uff1a
# Prometheus Operator CRD \u7248\u672c\napiVersion: monitoring.coreos.com/v1\n# \u5bf9\u5e94 K8S \u7684\u8d44\u6e90\u7c7b\u578b\uff0c\u8fd9\u91cc\u9762 Service Monitor\nkind: ServiceMonitor\n# \u5bf9\u5e94 K8S \u7684 Metadata\uff0c\u8fd9\u91cc\u53ea\u7528\u5173\u5fc3 name\uff0c\u5982\u679c\u6ca1\u6709\u6307\u5b9a jobLabel\uff0c\u5bf9\u5e94\u6293\u53d6\u6307\u6807 label \u4e2d job \u7684\u503c\u4e3a Service \u7684\u540d\u79f0\u3002\nmetadata:\n name: redis-exporter # \u586b\u5199\u4e00\u4e2a\u552f\u4e00\u540d\u79f0\n namespace: cm-prometheus # namespace \u56fa\u5b9a\uff0c\u4e0d\u9700\u8981\u4fee\u6539\n# \u63cf\u8ff0\u6293\u53d6\u76ee\u6807 Pod \u7684\u9009\u53d6\u53ca\u6293\u53d6\u4efb\u52a1\u7684\u914d\u7f6e\n label:\n operator.insight.io/managed-by: insight # Insight \u7ba1\u7406\u7684\u6807\u7b7e\u6807\u8bc6\uff0c\u5fc5\u586b\u3002\nspec:\n # \u586b\u5199\u5bf9\u5e94 Pod \u7684 label(metadata/labels)\uff0cservice monitor \u4f1a\u53d6\u5bf9\u5e94\u7684\u503c\u4f5c\u4e3a job label \u7684\u503c\n [ jobLabel: string ]\n # \u628a\u5bf9\u5e94 service \u4e0a\u7684 Label \u6dfb\u52a0\u5230 Target \u7684 Label \u4e2d\n [ targetLabels: []string ]\n # \u628a\u5bf9\u5e94 Pod \u4e0a\u7684 Label \u6dfb\u52a0\u5230 Target \u7684 Label \u4e2d\n [ podTargetLabels: []string ]\n # \u4e00\u6b21\u6293\u53d6\u6570\u636e\u70b9\u9650\u5236\uff0c0\uff1a\u4e0d\u4f5c\u9650\u5236\uff0c\u9ed8\u8ba4\u4e3a 0\n [ sampleLimit: uint64 ]\n # \u4e00\u6b21\u6293\u53d6 Target \u9650\u5236\uff0c0\uff1a\u4e0d\u4f5c\u9650\u5236\uff0c\u9ed8\u8ba4\u4e3a 0\n [ targetLimit: uint64 ]\n # \u914d\u7f6e\u9700\u8981\u6293\u53d6\u66b4\u9732\u7684 Prometheus HTTP \u63a5\u53e3\uff0c\u53ef\u4ee5\u914d\u7f6e\u591a\u4e2a Endpoint\n endpoints:\n [ - <endpoint_config> ... ] # \u8be6\u89c1\u4e0b\u9762 endpoint \u8bf4\u660e\n # \u9009\u62e9\u8981\u76d1\u63a7 Pod \u6240\u5728\u7684 namespace\uff0c\u4e0d\u586b\u4e3a\u9009\u53d6\u6240\u6709 namespace\n [ namespaceSelector: ]\n # \u662f\u5426\u9009\u53d6\u6240\u6709 namespace\n [ any: bool ]\n # \u9700\u8981\u9009\u53d6 namespace \u5217\u8868\n [ matchNames: []string ]\n # \u586b\u5199\u8981\u76d1\u63a7 Pod \u7684 Label \u503c\uff0c\u4ee5\u5b9a\u4f4d\u76ee\u6807 Pod [K8S metav1.LabelSelector](https://v1-17.docs.kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#labelselector-v1-meta)\n selector:\n [ matchExpressions: array ]\n [ example: - {key: tier, operator: In, values: [cache]} ]\n [ matchLabels: object ]\n [ example: k8s-app: redis-exporter ]\n
"},{"location":"end-user/insight/collection-manag/metric-collect.html#_2","title":"\u4e3e\u4f8b","text":"apiVersion: monitoring.coreos.com/v1\nkind: ServiceMonitor\nmetadata:\n name: go-demo # \u586b\u5199\u4e00\u4e2a\u552f\u4e00\u540d\u79f0\n namespace: cm-prometheus # namespace \u56fa\u5b9a\uff0c\u4e0d\u8981\u4fee\u6539\n label:\n operator.insight.io/managed-by: insight # Insight \u7ba1\u7406\u7684\u6807\u7b7e\u6807\u8bc6\uff0c\u5fc5\u586b\u3002\nspec:\n endpoints:\n - interval: 30s\n # \u586b\u5199 service yaml \u4e2d Prometheus Exporter \u5bf9\u5e94\u7684 Port \u7684 Name\n port: 8080-8080-tcp\n # \u586b\u5199 Prometheus Exporter \u5bf9\u5e94\u7684 Path \u7684\u503c\uff0c\u4e0d\u586b\u9ed8\u8ba4 /metrics\n path: /metrics\n relabelings:\n # ** \u5fc5\u987b\u8981\u6709\u4e00\u4e2a label \u4e3a application\uff0c\u8fd9\u91cc\u5047\u8bbe k8s \u6709\u4e00\u4e2a label \u4e3a app\uff0c\n # \u6211\u4eec\u901a\u8fc7 relabel \u7684 replace \u52a8\u4f5c\u628a\u5b83\u66ff\u6362\u6210\u4e86 application\n - action: replace\n sourceLabels: [__meta_kubernetes_pod_label_app]\n targetLabel: application\n # \u9009\u62e9\u8981\u76d1\u63a7 service \u6240\u5728\u7684 namespace\n namespaceSelector:\n matchNames:\n - golang-demo\n # \u586b\u5199\u8981\u76d1\u63a7 service \u7684 Label \u503c\uff0c\u4ee5\u5b9a\u4f4d\u76ee\u6807 service\n selector:\n matchLabels:\n app: golang-app-demo\n
"},{"location":"end-user/insight/collection-manag/metric-collect.html#endpoint_config","title":"endpoint_config","text":"\u76f8\u5e94\u914d\u7f6e\u9879\u8bf4\u660e\u5982\u4e0b\uff1a
# \u5bf9\u5e94 port \u7684\u540d\u79f0\uff0c\u8fd9\u91cc\u9700\u8981\u6ce8\u610f\u4e0d\u662f\u5bf9\u5e94\u7684\u7aef\u53e3\uff0c\u9ed8\u8ba4\uff1a80\uff0c\u5bf9\u5e94\u7684\u53d6\u503c\u5982\u4e0b\uff1a\n# ServiceMonitor: \u5bf9\u5e94 Service>spec/ports/name;\n# PodMonitor: \u8bf4\u660e\u5982\u4e0b\uff1a\n# \u5982\u679c\u67e5\u770b\u7684\u662f Pod Yaml\uff0c\u53d6 pod.spec.containers.ports.name \u4e2d\u7684\u503c\u3002\n# \u5982\u679c\u67e5\u770b\u7684\u662f Deployment/Daemonset/Statefulset\uff0c\u53d6\u503c spec.template.spec.containers.ports.name\n[ port: string | default = 80]\n# \u6293\u53d6\u4efb\u52a1\u8bf7\u6c42 URI \u8def\u5f84\n[ path: string | default = /metrics ]\n# \u6293\u53d6\u534f\u8bae: http \u6216\u8005 https\n[ scheme: string | default = http]\n# \u6293\u53d6\u8bf7\u6c42\u5bf9\u5e94 URL \u53c2\u6570\n[ params: map[string][]string]\n# \u6293\u53d6\u4efb\u52a1\u95f4\u9694\u7684\u65f6\u95f4\n[ interval: string | default = 30s ]\n# \u6293\u53d6\u4efb\u52a1\u8d85\u65f6\n[ scrapeTimeout: string | default = 30s]\n# \u6293\u53d6\u8fde\u63a5\u662f\u5426\u901a\u8fc7 TLS \u5b89\u5168\u901a\u9053\uff0c\u914d\u7f6e\u5bf9\u5e94\u7684 TLS \u53c2\u6570\n[ tlsConfig: TLSConfig ]\n# \u901a\u8fc7\u5bf9\u5e94\u7684\u6587\u4ef6\u8bfb\u53d6 bearer token \u5bf9\u5e94\u7684\u503c\uff0c\u653e\u5230\u6293\u53d6\u4efb\u52a1\u7684 header \u4e2d\n[ bearerTokenFile: string ]\n# \u901a\u8fc7\u5bf9\u5e94\u7684 K8S secret key \u8bfb\u53d6\u5bf9\u5e94\u7684 bearer token\uff0c\u6ce8\u610f secret namespace \u9700\u8981\u548c PodMonitor/ServiceMonitor \u76f8\u540c\n[ bearerTokenSecret: string ]\n# \u89e3\u51b3\u5f53\u6293\u53d6\u7684 label \u4e0e\u540e\u7aef Prometheus \u6dfb\u52a0 label \u51b2\u7a81\u65f6\u7684\u5904\u7406\u3002\n# true: \u4fdd\u7559\u6293\u53d6\u5230\u7684 label\uff0c\u5ffd\u7565\u4e0e\u540e\u7aef Prometheus \u51b2\u7a81\u7684 label\uff1b\n# false: \u5bf9\u51b2\u7a81\u7684 label\uff0c\u628a\u6293\u53d6\u7684 label \u524d\u52a0\u4e0a exported_<original-label>\uff0c\u6dfb\u52a0\u540e\u7aef Prometheus \u589e\u52a0\u7684 label\uff1b\n[ honorLabels: bool | default = false ]\n# \u662f\u5426\u4f7f\u7528\u6293\u53d6\u5230 target \u4e0a\u4ea7\u751f\u7684\u65f6\u95f4\u3002\n# true: \u5982\u679c target \u4e2d\u6709\u65f6\u95f4\uff0c\u4f7f\u7528 target \u4e0a\u7684\u65f6\u95f4\uff1b\n# false: \u76f4\u63a5\u5ffd\u7565 target \u4e0a\u7684\u65f6\u95f4\uff1b\n[ honorTimestamps: bool | default = true ]\n# basic auth \u7684\u8ba4\u8bc1\u4fe1\u606f\uff0cusername/password \u586b\u5199\u5bf9\u5e94 K8S secret key \u7684\u503c\uff0c\u6ce8\u610f secret namespace \u9700\u8981\u548c PodMonitor/ServiceMonitor \u76f8\u540c\u3002\n[ basicAuth: BasicAuth ]\n# \u901a\u8fc7\u4ee3\u7406\u670d\u52a1\u6765\u6293\u53d6 target \u4e0a\u7684\u6307\u6807\uff0c\u586b\u5199\u5bf9\u5e94\u7684\u4ee3\u7406\u670d\u52a1\u5730\u5740\n[ proxyUrl: string ]\n# \u5728\u6293\u53d6\u6570\u636e\u4e4b\u540e\uff0c\u628a target \u4e0a\u5bf9\u5e94\u7684 label \u901a\u8fc7 relabel \u7684\u673a\u5236\u8fdb\u884c\u6539\u5199\uff0c\u6309\u987a\u5e8f\u6267\u884c\u591a\u4e2a relabel \u89c4\u5219\u3002\n# relabel_config \u8be6\u89c1\u4e0b\u6587\u8bf4\u660e\nrelabelings:\n[ - <relabel_config> ...]\n# \u6570\u636e\u6293\u53d6\u5b8c\u6210\u5199\u5165\u4e4b\u524d\uff0c\u901a\u8fc7 relabel \u673a\u5236\u8fdb\u884c\u6539\u5199 label \u5bf9\u5e94\u7684\u503c\uff0c\u6309\u987a\u5e8f\u6267\u884c\u591a\u4e2a relabel \u89c4\u5219\u3002\n# relabel_config \u8be6\u89c1\u4e0b\u6587\u8bf4\u660e\nmetricRelabelings:\n[ - <relabel_config> ...]\n
"},{"location":"end-user/insight/collection-manag/metric-collect.html#relabel_config","title":"relabel_config","text":"\u76f8\u5e94\u914d\u7f6e\u9879\u8bf4\u660e\u5982\u4e0b\uff1a
# \u4ece\u539f\u59cb labels \u4e2d\u53d6\u54ea\u4e9b label \u7684\u503c\u8fdb\u884c relabel\uff0c\u53d6\u51fa\u6765\u7684\u503c\u901a\u8fc7 separator \u4e2d\u7684\u5b9a\u4e49\u8fdb\u884c\u5b57\u7b26\u62fc\u63a5\u3002\n# \u5982\u679c\u662f PodMonitor/ServiceMonitor \u5bf9\u5e94\u7684\u914d\u7f6e\u9879\u4e3a sourceLabels\n[ source_labels: '[' <labelname> [, ...] ']' ]\n# \u5b9a\u4e49\u9700\u8981 relabel \u7684 label \u503c\u62fc\u63a5\u7684\u5b57\u7b26\uff0c\u9ed8\u8ba4\u4e3a ';'\n[ separator: <string> | default = ; ]\n\n# action \u4e3a replace/hashmod \u65f6\uff0c\u901a\u8fc7 target_label \u6765\u6307\u5b9a\u5bf9\u5e94 label name\u3002\n# \u5982\u679c\u662f PodMonitor/ServiceMonitor \u5bf9\u5e94\u7684\u914d\u7f6e\u9879\u4e3a targetLabel\n[ target_label: <labelname> ]\n\n# \u9700\u8981\u5bf9 source labels \u5bf9\u5e94\u503c\u8fdb\u884c\u6b63\u5219\u5339\u914d\u7684\u8868\u8fbe\u5f0f\n[ regex: <regex> | default = (.*) ]\n\n# action \u4e3a hashmod \u65f6\u7528\u5230\uff0c\u6839\u636e source label \u5bf9\u5e94\u503c md5 \u53d6\u6a21\u503c\n[ modulus: <int> ]\n\n# action \u4e3a replace \u7684\u65f6\u5019\uff0c\u901a\u8fc7 replacement \u6765\u5b9a\u4e49\u5f53 regex \u5339\u914d\u4e4b\u540e\u9700\u8981\u66ff\u6362\u7684\u8868\u8fbe\u5f0f\uff0c\u53ef\u4ee5\u7ed3\u5408 regex \u6b63\u89c4\u5219\u8868\u8fbe\u5f0f\u66ff\u6362\n[ replacement: <string> | default = $1 ]\n\n# \u57fa\u4e8e regex \u5339\u914d\u5230\u7684\u503c\u8fdb\u884c\u76f8\u5173\u7684\u64cd\u4f5c\uff0c\u5bf9\u5e94\u7684 action \u5982\u4e0b\uff0c\u9ed8\u8ba4\u4e3a replace\uff1a\n# replace: \u5982\u679c regex \u5339\u914d\u5230\uff0c\u901a\u8fc7 replacement \u4e2d\u5b9a\u4e49\u7684\u503c\u66ff\u6362\u76f8\u5e94\u7684\u503c\uff0c\u5e76\u901a\u8fc7 target_label \u8bbe\u503c\u5e76\u6dfb\u52a0\u76f8\u5e94\u7684 label\n# keep: \u5982\u679c regex \u6ca1\u6709\u5339\u914d\u5230\uff0c\u4e22\u5f03\n# drop: \u5982\u679c regex \u5339\u914d\u5230\uff0c\u4e22\u5f03\n# hashmod: \u901a\u8fc7 moduels \u6307\u5b9a\u7684\u503c\u628a source label \u5bf9\u5e94\u7684 md5 \u503c\u53d6\u6a21\n# \u5e76\u6dfb\u52a0\u4e00\u4e2a\u65b0\u7684 label\uff0clabel name \u901a\u8fc7 target_label \u6307\u5b9a\n# labelmap: \u5982\u679c regex \u5339\u914d\u5230\uff0c\u4f7f\u7528 replacement \u66ff\u6362\u5bf9\u5c31\u7684 label name\n# labeldrop: \u5982\u679c regex \u5339\u914d\u5230\uff0c\u5220\u9664\u5bf9\u5e94\u7684 label\n# labelkeep: \u5982\u679c regex \u6ca1\u6709\u5339\u914d\u5230\uff0c\u5220\u9664\u5bf9\u5e94\u7684 label\n[ action: <relabel_action> | default = replace ]\n
"},{"location":"end-user/insight/collection-manag/probe-module.html","title":"\u81ea\u5b9a\u4e49\u63a2\u6d4b\u65b9\u5f0f","text":"Insight \u4f7f\u7528 Prometheus \u5b98\u65b9\u63d0\u4f9b\u7684 Blackbox Exporter \u4f5c\u4e3a\u9ed1\u76d2\u76d1\u63a7\u89e3\u51b3\u65b9\u6848\uff0c\u53ef\u4ee5\u901a\u8fc7 HTTP\u3001HTTPS\u3001DNS\u3001ICMP\u3001TCP \u548c gRPC \u65b9\u5f0f\u5bf9\u76ee\u6807\u5b9e\u4f8b\u8fdb\u884c\u68c0\u6d4b\u3002\u53ef\u7528\u4e8e\u4ee5\u4e0b\u4f7f\u7528\u573a\u666f\uff1a
\u5728\u672c\u6587\u4e2d\uff0c\u6211\u4eec\u5c06\u4ecb\u7ecd\u5982\u4f55\u5728\u5df2\u6709\u7684 Blackbox ConfigMap \u4e2d\u914d\u7f6e\u81ea\u5b9a\u4e49\u7684\u63a2\u6d4b\u65b9\u5f0f\u3002
Insight \u9ed8\u8ba4\u672a\u5f00\u542f ICMP \u63a2\u6d4b\u65b9\u5f0f\uff0c\u56e0\u4e3a ICMP \u9700\u8981\u66f4\u9ad8\u6743\u9650\uff0c\u56e0\u6b64\uff0c\u6211\u4eec\u5c06\u4ee5 ICMP \u548c HTTP \u63a2\u6d4b\u65b9\u5f0f\u4f5c\u4e3a\u793a\u4f8b\uff0c\u5c55\u793a\u5982\u4f55\u4fee\u6539 ConfigMap \u4ee5\u5b9e\u73b0\u81ea\u5b9a\u4e49\u7684 ICMP \u548c HTTP \u63a2\u6d4b\u3002
"},{"location":"end-user/insight/collection-manag/probe-module.html#_2","title":"\u64cd\u4f5c\u6b65\u9aa4","text":"\u627e\u5230\u540d\u4e3a insight-agent-prometheus-blackbox-exporter \u7684\u914d\u7f6e\u9879\uff0c\u70b9\u51fb \u7f16\u8f91 YAML\uff1b
\u5728 modules \u4e0b\u6dfb\u52a0\u81ea\u5b9a\u4e49\u63a2\u6d4b\u65b9\u5f0f\uff1a
module:\n http_2xx:\n prober: http\n timeout: 5s\n http:\n valid_http_versions: [HTTP/1.1, HTTP/2]\n valid_status_codes: [] # Defaults to 2xx\n method: GET\n
module:\n ICMP: # ICMP \u63a2\u6d4b\u914d\u7f6e\u7684\u793a\u4f8b\n prober: icmp\n timeout: 5s\n icmp:\n preferred_ip_protocol: ip4\nicmp_example: # ICMP \u63a2\u6d4b\u914d\u7f6e\u7684\u793a\u4f8b 2\n prober: icmp\n timeout: 5s\n icmp:\n preferred_ip_protocol: \"ip4\"\n source_ip_address: \"127.0.0.1\"\n
\u7531\u4e8e ICMP \u9700\u8981\u66f4\u9ad8\u6743\u9650\uff0c\u56e0\u6b64\uff0c\u6211\u4eec\u8fd8\u9700\u8981\u63d0\u5347 Pod \u6743\u9650\uff0c\u5426\u5219\u4f1a\u51fa\u73b0 operation not permitted
\u7684\u9519\u8bef\u3002\u6709\u4ee5\u4e0b\u4e24\u79cd\u65b9\u5f0f\u63d0\u5347\u6743\u9650\uff1a \u65b9\u5f0f\u4e00\uff1a \u76f4\u63a5\u7f16\u8f91 BlackBox Exporter
\u90e8\u7f72\u6587\u4ef6\u5f00\u542f
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: insight-agent-prometheus-blackbox-exporter\n namespace: insight-system\nspec:\n template:\n spec:\n containers:\n - name: blackbox-exporter\n image: # ... (image, args, ports \u7b49\u4fdd\u6301\u4e0d\u53d8)\n imagePullPolicy: IfNotPresent\n securityContext:\n allowPrivilegeEscalation: false\n capabilities:\n add:\n - NET_RAW\n drop:\n - ALL\n readOnlyRootFilesystem: true\n runAsGroup: 0\n runAsNonRoot: false\n runAsUser: 0\n
\u65b9\u5f0f\u4e8c\uff1a \u901a\u8fc7 Helm Upgrade \u65b9\u5f0f\u63d0\u6743
prometheus-blackbox-exporter:\n enabled: true\n securityContext:\n runAsUser: 0\n runAsGroup: 0\n readOnlyRootFilesystem: true\n runAsNonRoot: false\n allowPrivilegeEscalation: false\n capabilities:\n add: [\"NET_RAW\"]\n
Info
\u66f4\u591a\u63a2\u6d4b\u65b9\u5f0f\u53ef\u53c2\u8003 blackbox_exporter Configuration\u3002
"},{"location":"end-user/insight/collection-manag/probe-module.html#_3","title":"\u5176\u4ed6\u53c2\u8003","text":"\u4ee5\u4e0b YAML \u6587\u4ef6\u4e2d\u5305\u542b\u4e86 HTTP\u3001TCP\u3001SMTP\u3001ICMP\u3001DNS \u7b49\u591a\u79cd\u63a2\u6d4b\u65b9\u5f0f\uff0c\u53ef\u6839\u636e\u9700\u6c42\u81ea\u884c\u4fee\u6539 insight-agent-prometheus-blackbox-exporter
\u7684\u914d\u7f6e\u6587\u4ef6\u3002
kind: ConfigMap\napiVersion: v1\nmetadata:\n name: insight-agent-prometheus-blackbox-exporter\n namespace: insight-system\n labels:\n app.kubernetes.io/instance: insight-agent\n app.kubernetes.io/managed-by: Helm\n app.kubernetes.io/name: prometheus-blackbox-exporter\n app.kubernetes.io/version: v0.24.0\n helm.sh/chart: prometheus-blackbox-exporter-8.8.0\n annotations:\n meta.helm.sh/release-name: insight-agent\n meta.helm.sh/release-namespace: insight-system\ndata:\n blackbox.yaml: |\n modules:\n HTTP_GET:\n prober: http\n timeout: 5s\n http:\n method: GET\n valid_http_versions: [\"HTTP/1.1\", \"HTTP/2.0\"]\n follow_redirects: true\n preferred_ip_protocol: \"ip4\"\n HTTP_POST:\n prober: http\n timeout: 5s\n http:\n method: POST\n body_size_limit: 1MB\n TCP:\n prober: tcp\n timeout: 5s\n # \u9ed8\u8ba4\u672a\u5f00\u542f\uff1a\n # ICMP:\n # prober: icmp\n # timeout: 5s\n # icmp:\n # preferred_ip_protocol: ip4\n SSH:\n prober: tcp\n timeout: 5s\n tcp:\n query_response:\n - expect: \"^SSH-2.0-\"\n POP3S:\n prober: tcp\n tcp:\n query_response:\n - expect: \"^+OK\"\n tls: true\n tls_config:\n insecure_skip_verify: false\n http_2xx_example: # http \u63a2\u6d4b\u793a\u4f8b\n prober: http\n timeout: 5s # \u63a2\u6d4b\u7684\u8d85\u65f6\u65f6\u95f4\n http:\n valid_http_versions: [\"HTTP/1.1\", \"HTTP/2.0\"] # \u8fd4\u56de\u4fe1\u606f\u4e2d\u7684 Version\uff0c\u4e00\u822c\u9ed8\u8ba4\u5373\u53ef\n valid_status_codes: [] # Defaults to 2xx # \u6709\u6548\u7684\u8fd4\u56de\u7801\u8303\u56f4\uff0c\u5982\u679c\u8bf7\u6c42\u7684\u8fd4\u56de\u7801\u5728\u8be5\u8303\u56f4\u5185\uff0c\u89c6\u4e3a\u63a2\u6d4b\u6210\u529f\n method: GET # \u8bf7\u6c42\u65b9\u6cd5\n headers: # \u8bf7\u6c42\u7684\u5934\u90e8\n Host: vhost.example.com\n Accept-Language: en-US\n Origin: example.com\n no_follow_redirects: false # \u662f\u5426\u5141\u8bb8\u91cd\u5b9a\u5411\n fail_if_ssl: false \n fail_if_not_ssl: false\n fail_if_body_matches_regexp:\n - \"Could not connect to database\"\n fail_if_body_not_matches_regexp:\n - \"Download the latest version here\"\n fail_if_header_matches: # Verifies that no cookies are set\n - header: Set-Cookie\n allow_missing: true\n regexp: '.*'\n fail_if_header_not_matches:\n - header: Access-Control-Allow-Origin\n regexp: '(\\*|example\\.com)'\n tls_config: # \u9488\u5bf9 https \u8bf7\u6c42\u7684 tls \u7684\u914d\u7f6e\n insecure_skip_verify: false\n preferred_ip_protocol: \"ip4\" # defaults to \"ip6\" # \u9996\u9009\u7684 IP \u534f\u8bae\u7248\u672c\n ip_protocol_fallback: false # no fallback to \"ip6\" \n http_post_2xx: # \u5e26 Body \u7684 http \u63a2\u6d4b\u7684\u793a\u4f8b\n prober: http\n timeout: 5s\n http:\n method: POST # \u63a2\u6d4b\u7684\u8bf7\u6c42\u65b9\u6cd5\n headers:\n Content-Type: application/json\n body: '{\"username\":\"admin\",\"password\":\"123456\"}' # \u63a2\u6d4b\u65f6\u643a\u5e26\u7684 body\n http_basic_auth_example: # \u5e26\u7528\u6237\u540d\u5bc6\u7801\u7684\u63a2\u6d4b\u7684\u793a\u4f8b\n prober: http\n timeout: 5s\n http:\n method: POST\n headers:\n Host: \"login.example.com\"\n basic_auth: # \u63a2\u6d4b\u65f6\u8981\u52a0\u7684\u7528\u6237\u540d\u5bc6\u7801\n username: \"username\"\n password: \"mysecret\"\n http_custom_ca_example:\n prober: http\n http:\n method: GET\n tls_config: # \u6307\u5b9a\u63a2\u6d4b\u65f6\u4f7f\u7528\u7684\u6839\u8bc1\u4e66\n ca_file: \"/certs/my_cert.crt\"\n http_gzip:\n prober: http\n http:\n method: GET\n compression: gzip # \u63a2\u6d4b\u65f6\u4f7f\u7528\u7684\u538b\u7f29\u65b9\u6cd5\n http_gzip_with_accept_encoding:\n prober: http\n http:\n method: GET\n compression: gzip\n headers:\n Accept-Encoding: gzip\n tls_connect: # TCP \u63a2\u6d4b\u7684\u793a\u4f8b\n prober: tcp\n timeout: 5s\n tcp:\n tls: true # \u662f\u5426\u4f7f\u7528 TLS\n tcp_connect_example:\n prober: tcp\n timeout: 5s\n imap_starttls: # \u63a2\u6d4b IMAP \u90ae\u7bb1\u670d\u52a1\u5668\u7684\u914d\u7f6e\u793a\u4f8b\n prober: tcp\n timeout: 5s\n tcp:\n query_response:\n - expect: \"OK.*STARTTLS\"\n - send: \". STARTTLS\"\n - expect: \"OK\"\n - starttls: true\n - send: \". capability\"\n - expect: \"CAPABILITY IMAP4rev1\"\n smtp_starttls: # \u63a2\u6d4b SMTP \u90ae\u7bb1\u670d\u52a1\u5668\u7684\u914d\u7f6e\u793a\u4f8b\n prober: tcp\n timeout: 5s\n tcp:\n query_response:\n - expect: \"^220 ([^ ]+) ESMTP (.+)$\"\n - send: \"EHLO prober\\r\"\n - expect: \"^250-STARTTLS\"\n - send: \"STARTTLS\\r\"\n - expect: \"^220\"\n - starttls: true\n - send: \"EHLO prober\\r\"\n - expect: \"^250-AUTH\"\n - send: \"QUIT\\r\"\n irc_banner_example:\n prober: tcp\n timeout: 5s\n tcp:\n query_response:\n - send: \"NICK prober\"\n - send: \"USER prober prober prober :prober\"\n - expect: \"PING :([^ ]+)\"\n send: \"PONG ${1}\"\n - expect: \"^:[^ ]+ 001\"\n # icmp_example: # ICMP \u63a2\u6d4b\u914d\u7f6e\u7684\u793a\u4f8b\n # prober: icmp\n # timeout: 5s\n # icmp:\n # preferred_ip_protocol: \"ip4\"\n # source_ip_address: \"127.0.0.1\"\n dns_udp_example: # \u4f7f\u7528 UDP \u8fdb\u884c DNS \u67e5\u8be2\u7684\u793a\u4f8b\n prober: dns\n timeout: 5s\n dns:\n query_name: \"www.prometheus.io\" # \u8981\u89e3\u6790\u7684\u57df\u540d\n query_type: \"A\" # \u8be5\u57df\u540d\u5bf9\u5e94\u7684\u7c7b\u578b\n valid_rcodes:\n - NOERROR\n validate_answer_rrs:\n fail_if_matches_regexp:\n - \".*127.0.0.1\"\n fail_if_all_match_regexp:\n - \".*127.0.0.1\"\n fail_if_not_matches_regexp:\n - \"www.prometheus.io.\\t300\\tIN\\tA\\t127.0.0.1\"\n fail_if_none_matches_regexp:\n - \"127.0.0.1\"\n validate_authority_rrs:\n fail_if_matches_regexp:\n - \".*127.0.0.1\"\n validate_additional_rrs:\n fail_if_matches_regexp:\n - \".*127.0.0.1\"\n dns_soa:\n prober: dns\n dns:\n query_name: \"prometheus.io\"\n query_type: \"SOA\"\n dns_tcp_example: # \u4f7f\u7528 TCP \u8fdb\u884c DNS \u67e5\u8be2\u7684\u793a\u4f8b\n prober: dns\n dns:\n transport_protocol: \"tcp\" # defaults to \"udp\"\n preferred_ip_protocol: \"ip4\" # defaults to \"ip6\"\n query_name: \"www.prometheus.io\"\n
"},{"location":"end-user/insight/collection-manag/service-monitor.html","title":"\u914d\u7f6e\u670d\u52a1\u53d1\u73b0\u89c4\u5219","text":"\u53ef\u89c2\u6d4b Insight \u652f\u6301\u901a\u8fc7 \u5bb9\u5668\u7ba1\u7406 \u521b\u5efa CRD ServiceMonitor \u7684\u65b9\u5f0f\u6765\u6ee1\u8db3\u60a8\u81ea\u5b9a\u4e49\u670d\u52a1\u53d1\u73b0\u7684\u91c7\u96c6\u9700\u6c42\u3002 \u7528\u6237\u53ef\u4ee5\u901a\u8fc7\u4f7f\u7528 ServiceMonitor \u81ea\u884c\u5b9a\u4e49 Pod \u53d1\u73b0\u7684 Namespace \u8303\u56f4\u4ee5\u53ca\u901a\u8fc7 matchLabel \u6765\u9009\u62e9\u76d1\u542c\u7684 Service\u3002
"},{"location":"end-user/insight/collection-manag/service-monitor.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u96c6\u7fa4\u5df2\u5b89\u88c5 Helm \u5e94\u7528 insight-agent \u4e14\u5904\u4e8e \u8fd0\u884c\u4e2d \u72b6\u6001\u3002
"},{"location":"end-user/insight/collection-manag/service-monitor.html#_3","title":"\u64cd\u4f5c\u6b65\u9aa4","text":"\u9009\u62e9\u5de6\u4fa7\u5bfc\u822a\u680f\u7684 \u91c7\u96c6\u7ba1\u7406 \uff0c\u67e5\u770b\u5168\u90e8\u96c6\u7fa4\u91c7\u96c6\u63d2\u4ef6\u7684\u72b6\u6001\u3002
\u70b9\u51fb\u5217\u8868\u4e2d\u7684\u67d0\u4e2a\u96c6\u7fa4\u540d\u79f0\u8fdb\u5165\u91c7\u96c6\u914d\u7f6e\u8be6\u60c5\u3002
\u70b9\u51fb\u94fe\u63a5\u8df3\u8f6c\u5230 \u5bb9\u5668\u7ba1\u7406 \u4e2d\u521b\u5efa Service Monitor\u3002
apiVersion: monitoring.coreos.com/v1\nkind: ServiceMonitor\nmetadata:\n name: micrometer-demo # (1)\n namespace: insight-system # (2)\n labels: \n operator.insight.io/managed-by: insight\nspec:\n endpoints: # (3)\n - honorLabels: true\n interval: 15s\n path: /actuator/prometheus\n port: http\n namespaceSelector: # (4)\n matchNames:\n - insight-system # (5)\n selector: # (6)\n matchLabels:\n micrometer-prometheus-discovery: \"true\"\n
\u8fd9\u662f\u670d\u52a1\u7aef\u70b9\uff0c\u4ee3\u8868 Prometheus \u6240\u9700\u7684\u91c7\u96c6 Metrics \u7684\u5730\u5740\u3002 endpoints \u4e3a\u4e00\u4e2a\u6570\u7ec4\uff0c \u540c\u65f6\u53ef\u4ee5\u521b\u5efa\u591a\u4e2a endpoints \u3002\u6bcf\u4e2a endpoints \u5305\u542b\u4e09\u4e2a\u5b57\u6bb5\uff0c\u6bcf\u4e2a\u5b57\u6bb5\u7684\u542b\u4e49\u5982\u4e0b\uff1a
\u8fd9\u662f\u9700\u8981\u53d1\u73b0\u7684 Service \u7684\u8303\u56f4\u3002 namespaceSelector \u5305\u542b\u4e24\u4e2a\u4e92\u65a5\u5b57\u6bb5\uff0c\u5b57\u6bb5\u7684\u542b\u4e49\u5982\u4e0b\uff1a
matchNames \uff1a\u6570\u7ec4\u503c\uff0c\u6307\u5b9a\u9700\u8981\u76d1\u542c\u7684 namespace \u7684\u8303\u56f4\u3002\u4f8b\u5982\uff0c\u53ea\u60f3\u76d1\u542c default \u548c insight-system \u4e24\u4e2a\u547d\u540d\u7a7a\u95f4\u4e2d\u7684 Service\uff0c\u90a3\u4e48 matchNames \u8bbe\u7f6e\u5982\u4e0b\uff1a
namespaceSelector:\n matchNames:\n - default\n - insight-system\n
\u6b64\u5904\u5339\u914d\u7684\u547d\u540d\u7a7a\u95f4\u4e3a\u9700\u8981\u66b4\u9732\u6307\u6807\u7684\u5e94\u7528\u6240\u5728\u7684\u547d\u540d\u7a7a\u95f4
Grafana \u662f\u4e00\u79cd\u5f00\u6e90\u7684\u6570\u636e\u53ef\u89c6\u5316\u548c\u76d1\u63a7\u5e73\u53f0\uff0c\u5b83\u63d0\u4f9b\u4e86\u4e30\u5bcc\u7684\u56fe\u8868\u548c\u9762\u677f\uff0c\u7528\u4e8e\u5b9e\u65f6\u76d1\u63a7\u3001\u5206\u6790\u548c\u53ef\u89c6\u5316\u5404\u79cd\u6570\u636e\u6e90\u7684\u6307\u6807\u548c\u65e5\u5fd7\u3002\u53ef\u89c2\u6d4b\u6027 Insight \u4f7f\u7528\u5f00\u6e90 Grafana \u63d0\u4f9b\u76d1\u63a7\u670d\u52a1\uff0c\u652f\u6301\u4ece\u96c6\u7fa4\u3001\u8282\u70b9\u3001\u547d\u540d\u7a7a\u95f4\u7b49\u591a\u7ef4\u5ea6\u67e5\u770b\u8d44\u6e90\u6d88\u8017\u60c5\u51b5\uff0c
\u5173\u4e8e\u5f00\u6e90 Grafana \u7684\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u89c1 Grafana \u5b98\u65b9\u6587\u6863\u3002
"},{"location":"end-user/insight/dashboard/dashboard.html#_2","title":"\u64cd\u4f5c\u6b65\u9aa4","text":"\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u9009\u62e9 \u4eea\u8868\u76d8 \u3002
\u5728 Insight /\u6982\u89c8 \u4eea\u8868\u76d8\u4e2d\uff0c\u53ef\u67e5\u770b\u591a\u9009\u96c6\u7fa4\u7684\u8d44\u6e90\u4f7f\u7528\u60c5\u51b5\uff0c\u5e76\u4ee5\u547d\u540d\u7a7a\u95f4\u3001\u5bb9\u5668\u7ec4\u7b49\u591a\u4e2a\u7ef4\u5ea6\u5206\u6790\u4e86\u8d44\u6e90\u4f7f\u7528\u3001\u7f51\u7edc\u3001\u5b58\u50a8\u7b49\u60c5\u51b5\u3002
\u70b9\u51fb\u4eea\u8868\u76d8\u5de6\u4e0a\u4fa7\u7684\u4e0b\u62c9\u6846\u53ef\u5207\u6362\u96c6\u7fa4\u3002
\u70b9\u51fb\u4eea\u8868\u76d8\u53f3\u4e0b\u4fa7\u53ef\u5207\u6362\u67e5\u8be2\u7684\u65f6\u95f4\u8303\u56f4\u3002
Insight \u7cbe\u9009\u591a\u4e2a\u793e\u533a\u63a8\u8350\u4eea\u8868\u76d8\uff0c\u53ef\u4ece\u8282\u70b9\u3001\u547d\u540d\u7a7a\u95f4\u3001\u5de5\u4f5c\u8d1f\u8f7d\u7b49\u591a\u4e2a\u7ef4\u5ea6\u8fdb\u884c\u76d1\u63a7\u3002\u70b9\u51fb insight-system / Insight /\u6982\u89c8 \u533a\u57df\u5207\u6362\u4eea\u8868\u76d8\u3002
Note
\u8bbf\u95ee Grafana UI \u8bf7\u53c2\u8003\u4ee5\u7ba1\u7406\u5458\u8eab\u4efd\u767b\u5f55 Grafana\u3002
\u5bfc\u5165\u81ea\u5b9a\u4e49\u4eea\u8868\u76d8\u8bf7\u53c2\u8003\u5bfc\u5165\u81ea\u5b9a\u4e49\u4eea\u8868\u76d8\u3002
\u901a\u8fc7\u4f7f\u7528 Grafana CRD\uff0c\u53ef\u4ee5\u5c06\u4eea\u8868\u677f\u7684\u7ba1\u7406\u548c\u90e8\u7f72\u7eb3\u5165\u5230 Kubernetes \u7684\u751f\u547d\u5468\u671f\u7ba1\u7406\u4e2d\uff0c\u5b9e\u73b0\u4eea\u8868\u677f\u7684\u7248\u672c\u63a7\u5236\u3001\u81ea\u52a8\u5316\u90e8\u7f72\u548c\u96c6\u7fa4\u7ea7\u7684\u7ba1\u7406\u3002\u672c\u9875\u4ecb\u7ecd\u5982\u4f55\u901a\u8fc7 CRD \u548c UI \u754c\u9762\u5bfc\u5165\u81ea\u5b9a\u4e49\u7684\u4eea\u8868\u76d8\u3002
"},{"location":"end-user/insight/dashboard/import-dashboard.html#_2","title":"\u64cd\u4f5c\u6b65\u9aa4","text":"\u767b\u5f55 AI \u7b97\u529b\u5e73\u53f0 \u5e73\u53f0\uff0c\u8fdb\u5165 \u5bb9\u5668\u7ba1\u7406 \uff0c\u5728\u96c6\u7fa4\u5217\u8868\u4e2d\u9009\u62e9 kpanda-global-cluster \u3002
\u9009\u62e9\u5de6\u4fa7\u5bfc\u822a\u680f\u7684 \u81ea\u5b9a\u4e49\u8d44\u6e90 \uff0c\u5728\u5217\u8868\u4e2d\u67e5\u627e grafanadashboards.integreatly.org \u6587\u4ef6\uff0c\u8fdb\u5165\u8be6\u60c5\u3002
\u70b9\u51fb Yaml \u521b\u5efa \uff0c\u4f7f\u7528\u4ee5\u4e0b\u6a21\u677f\uff0c\u5728 Json \u5b57\u6bb5\u4e2d\u66ff\u6362\u4eea\u8868\u76d8 JSON\u3002
apiVersion: integreatly.org/v1alpha1\nkind: GrafanaDashboard\nmetadata:\n labels:\n app: insight-grafana-operator\n operator.insight.io/managed-by: insight\n name: sample-dashboard\n namespace: insight-system\nspec:\n json: >\n {\n \"id\": null,\n \"title\": \"Simple Dashboard\",\n \"tags\": [],\n \"style\": \"dark\",\n \"timezone\": \"browser\",\n \"editable\": true,\n \"hideControls\": false,\n \"graphTooltip\": 1,\n \"panels\": [],\n \"time\": {\n \"from\": \"now-6h\",\n \"to\": \"now\"\n },\n \"timepicker\": {\n \"time_options\": [],\n \"refresh_intervals\": []\n },\n \"templating\": {\n \"list\": []\n },\n \"annotations\": {\n \"list\": []\n },\n \"refresh\": \"5s\",\n \"schemaVersion\": 17,\n \"version\": 0,\n \"links\": []\n }\n
\u70b9\u51fb \u786e\u8ba4 \u540e\uff0c\u7a0d\u7b49\u7247\u523b\u5373\u53ef\u5728 \u4eea\u8868\u76d8 \u4e2d\u67e5\u770b\u521a\u521a\u5bfc\u5165\u7684\u4eea\u8868\u76d8\u3002
Info
\u81ea\u5b9a\u4e49\u8bbe\u8ba1\u4eea\u8868\u76d8\uff0c\u8bf7\u53c2\u8003\u6dfb\u52a0\u4eea\u8868\u76d8\u9762\u677f\u3002
"},{"location":"end-user/insight/dashboard/login-grafana.html","title":"\u8bbf\u95ee\u539f\u751f Grafana","text":"Insight \u501f\u52a9 Grafana \u63d0\u4f9b\u4e86\u4e30\u5bcc\u7684\u53ef\u89c6\u5316\u80fd\u529b\uff0c\u540c\u65f6\u4fdd\u7559\u4e86\u8bbf\u95ee\u539f\u751f Grafana \u7684\u5165\u53e3\u3002
"},{"location":"end-user/insight/dashboard/login-grafana.html#_1","title":"\u64cd\u4f5c\u6b65\u9aa4","text":"\u767b\u5f55\u6d4f\u89c8\u5668\uff0c\u5728\u6d4f\u89c8\u5668\u4e2d\u8f93\u5165 Grafana \u5730\u5740\u3002
\u8bbf\u95ee\u5730\u5740\uff1a http://ip:\u8bbf\u95ee\u7aef\u53e3/ui/insight-grafana/login
\u4f8b\u5982\uff1a http://10.6.10.233:30209/ui/insight-grafana/login
\u70b9\u51fb\u53f3\u4e0b\u89d2\u7684\u767b\u5f55\uff0c\u4f7f\u7528\u9ed8\u8ba4\u7528\u6237\u540d\u3001\u5bc6\u7801\uff08admin/admin\uff09\u8fdb\u884c\u767b\u5f55\u3002
\u70b9\u51fb Log in \u5b8c\u6210\u767b\u5f55\u3002
\u6982\u7387 \u4ec5\u7edf\u8ba1\u5df2\u5b89\u88c5 insight-agent \u4e14\u5176\u8fd0\u884c\u72b6\u6001\u4e3a\u6b63\u5e38\u7684\u96c6\u7fa4\u6570\u636e\u3002\u53ef\u5728\u6982\u89c8\u4e2d\u591a\u96c6\u7fa4\u7684\u8d44\u6e90\u6982\u51b5\uff1a
\u5728\u5de6\u8fb9\u5bfc\u822a\u680f\u9009\u62e9 \u6982\u89c8 \u3002
"},{"location":"end-user/insight/data-query/log.html","title":"\u65e5\u5fd7\u67e5\u8be2","text":"Insight \u9ed8\u8ba4\u91c7\u96c6\u8282\u70b9\u65e5\u5fd7\u3001\u5bb9\u5668\u65e5\u5fd7\u4ee5\u53ca kubernetes \u5ba1\u8ba1\u65e5\u5fd7\u3002\u5728\u65e5\u5fd7\u67e5\u8be2\u9875\u9762\u4e2d\uff0c\u53ef\u67e5\u8be2\u767b\u5f55\u8d26\u53f7\u6743\u9650\u5185\u7684\u6807\u51c6\u8f93\u51fa (stdout) \u65e5\u5fd7\uff0c\u5305\u62ec\u8282\u70b9\u65e5\u5fd7\u3001\u4ea7\u54c1\u65e5\u5fd7\u3001Kubenetes \u5ba1\u8ba1\u65e5\u5fd7\u7b49\uff0c\u5feb\u901f\u5728\u5927\u91cf\u65e5\u5fd7\u4e2d\u67e5\u8be2\u5230\u6240\u9700\u7684\u65e5\u5fd7\uff0c\u540c\u65f6\u7ed3\u5408\u65e5\u5fd7\u7684\u6765\u6e90\u4fe1\u606f\u548c\u4e0a\u4e0b\u6587\u539f\u59cb\u6570\u636e\u8f85\u52a9\u5b9a\u4f4d\u95ee\u9898\u3002
"},{"location":"end-user/insight/data-query/log.html#_2","title":"\u64cd\u4f5c\u6b65\u9aa4","text":"\u5de6\u4fa7\u5bfc\u822a\u680f\u4e2d\uff0c\u9009\u62e9 \u65e5\u5fd7
\u9876\u90e8 Tab \u9ed8\u8ba4\u8fdb\u5165 \u666e\u901a\u67e5\u8be2
\u65e5\u5fd7\u7c7b\u578b\uff1a
\u652f\u6301\u5bf9\u5355\u4e2a\u5173\u952e\u5b57\u8fdb\u884c\u6a21\u7cca\u641c\u7d22\u3002
\u9876\u90e8\u5207\u6362 Tab \u9009\u62e9 Lucene \u8bed\u6cd5\u67e5\u8be2
\u7b2c\u4e00\u6b21\u8fdb\u5165\u65f6\uff0c\u9ed8\u8ba4\u9009\u62e9\u767b\u5f55\u8d26\u53f7\u6743\u9650\u67e5\u8be2\u6709\u6743\u9650\u7684\u96c6\u7fa4\u6216\u547d\u540d\u7a7a\u95f4\u7684\u5bb9\u5668\u65e5\u5fd7\u3002
Lucene \u8bed\u6cd5\u8bf4\u660e\uff1a
\u70b9\u51fb\u65e5\u5fd7\u540e\u7684\u6309\u94ae\uff0c\u5728\u53f3\u4fa7\u5212\u51fa\u9762\u677f\u4e2d\u53ef\u67e5\u770b\u8be5\u6761\u65e5\u5fd7\u7684\u9ed8\u8ba4 100 \u6761\u4e0a\u4e0b\u6587\u3002\u53ef\u5207\u6362 \u663e\u793a\u884c\u6570 \u67e5\u770b\u66f4\u591a\u4e0a\u4e0b\u6587\u5185\u5bb9\u3002
"},{"location":"end-user/insight/data-query/log.html#_5","title":"\u5bfc\u51fa\u65e5\u5fd7\u6570\u636e","text":"\u70b9\u51fb\u5217\u8868\u53f3\u4e0a\u4fa7\u7684\u4e0b\u8f7d\u6309\u94ae\u3002
\u6307\u6807\u67e5\u8be2\u652f\u6301\u67e5\u8be2\u5bb9\u5668\u5404\u8d44\u6e90\u7684\u6307\u6807\u6570\u636e\uff0c\u53ef\u67e5\u770b\u76d1\u63a7\u6307\u6807\u7684\u8d8b\u52bf\u53d8\u5316\u3002\u540c\u65f6\uff0c\u9ad8\u7ea7\u67e5\u8be2\u652f\u6301\u539f\u751f PromQL \u8bed\u53e5\u8fdb\u884c\u6307\u6807\u67e5\u8be2\u3002
"},{"location":"end-user/insight/data-query/metric.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u70b9\u51fb\u4e00\u7ea7\u5bfc\u822a\u680f\u8fdb\u5165 \u53ef\u89c2\u6d4b\u6027 \u3002
\u5de6\u4fa7\u5bfc\u822a\u680f\u4e2d\uff0c\u9009\u62e9 \u6307\u6807 \u3002
\u9009\u62e9\u96c6\u7fa4\u3001\u7c7b\u578b\u3001\u8282\u70b9\u3001\u6307\u6807\u540d\u79f0\u67e5\u8be2\u6761\u4ef6\u540e\uff0c\u70b9\u51fb \u641c\u7d22 \uff0c\u5c4f\u5e55\u53f3\u4fa7\u5c06\u663e\u793a\u5bf9\u5e94\u6307\u6807\u56fe\u8868\u53ca\u6570\u636e\u8be6\u60c5\u3002
\u652f\u6301\u81ea\u5b9a\u4e49\u65f6\u95f4\u8303\u56f4\u3002\u53ef\u624b\u52a8\u70b9\u51fb \u5237\u65b0 \u56fe\u6807\u6216\u9009\u62e9\u9ed8\u8ba4\u65f6\u95f4\u95f4\u9694\u8fdb\u884c\u5237\u65b0\u3002
\u70b9\u51fb \u9ad8\u7ea7\u67e5\u8be2 \u9875\u7b7e\u901a\u8fc7\u539f\u751f\u7684 PromQL \u67e5\u8be2\u3002
Note
\u53c2\u9605 PromQL \u8bed\u6cd5\u3002
"},{"location":"end-user/insight/infra/cluster.html","title":"\u96c6\u7fa4\u76d1\u63a7","text":"\u901a\u8fc7\u96c6\u7fa4\u76d1\u63a7\uff0c\u4f60\u53ef\u4ee5\u67e5\u770b\u96c6\u7fa4\u7684\u57fa\u672c\u4fe1\u606f\u3001\u8be5\u96c6\u7fa4\u4e2d\u7684\u8d44\u6e90\u6d88\u8017\u4ee5\u53ca\u4e00\u6bb5\u65f6\u95f4\u7684\u8d44\u6e90\u6d88\u8017\u53d8\u5316\u8d8b\u52bf\u7b49\u3002
"},{"location":"end-user/insight/infra/cluster.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u96c6\u7fa4\u4e2d\u5df2\u5b89\u88c5 insight-agent \u4e14\u5e94\u7528\u5904\u4e8e \u8fd0\u884c\u4e2d \u72b6\u6001\u3002
"},{"location":"end-user/insight/infra/cluster.html#_3","title":"\u64cd\u4f5c\u6b65\u9aa4","text":"\u8fdb\u5165 \u53ef\u89c2\u6d4b\u6027 \u4ea7\u54c1\u6a21\u5757\u3002
\u5728\u5de6\u8fb9\u5bfc\u822a\u680f\u9009\u62e9 \u57fa\u7840\u8bbe\u65bd -> \u96c6\u7fa4 \u3002\u5728\u8be5\u9875\u9762\u53ef\u67e5\u770b\u4ee5\u4e0b\u4fe1\u606f\uff1a
\u5207\u6362\u5230 \u8d44\u6e90\u6c34\u4f4d\u7ebf\u76d1\u63a7 \u9875\u7b7e\uff0c\u53ef\u67e5\u770b\u5f53\u524d\u96c6\u7fa4\u7684\u66f4\u591a\u76d1\u63a7\u6570\u636e\u3002
\u5bb9\u5668\u76d1\u63a7\u662f\u5bf9\u96c6\u7fa4\u7ba1\u7406\u4e2d\u5de5\u4f5c\u8d1f\u8f7d\u7684\u76d1\u63a7\uff0c\u5728\u5217\u8868\u4e2d\u53ef\u67e5\u770b\u5de5\u4f5c\u8d1f\u8f7d\u7684\u57fa\u672c\u4fe1\u606f\u548c\u72b6\u6001\u3002\u5728\u5de5\u4f5c\u8d1f\u8f7d\u8be6\u60c5\u9875\uff0c\u53ef\u67e5\u770b\u6b63\u5728\u544a\u8b66\u7684\u6570\u91cf\u4ee5\u53ca CPU\u3001\u5185\u5b58\u7b49\u8d44\u6e90\u6d88\u8017\u7684\u53d8\u5316\u8d8b\u52bf\u3002
"},{"location":"end-user/insight/infra/container.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u96c6\u7fa4\u5df2\u5b89\u88c5 insight-agent\uff0c\u4e14\u6240\u6709\u7684\u5bb9\u5668\u7ec4\u5904\u4e8e \u8fd0\u884c\u4e2d \u72b6\u6001\u3002
\u8bf7\u6309\u7167\u4ee5\u4e0b\u6b65\u9aa4\u67e5\u770b\u670d\u52a1\u76d1\u63a7\u6307\u6807\uff1a
\u8fdb\u5165 \u53ef\u89c2\u6d4b\u6027 \u4ea7\u54c1\u6a21\u5757\u3002
\u5728\u5de6\u8fb9\u5bfc\u822a\u680f\u9009\u62e9 \u57fa\u7840\u8bbe\u65bd -> \u5de5\u4f5c\u8d1f\u8f7d \u3002
\u5207\u6362\u9876\u90e8 Tab\uff0c\u67e5\u770b\u4e0d\u540c\u7c7b\u578b\u5de5\u4f5c\u8d1f\u8f7d\u7684\u6570\u636e\u3002
\u70b9\u51fb\u76ee\u6807\u5de5\u4f5c\u8d1f\u8f7d\u540d\u79f0\u67e5\u770b\u8be6\u60c5\u3002
\u5207\u6362 Tab \u5230 \u5bb9\u5668\u7ec4\u5217\u8868 \uff0c\u53ef\u67e5\u770b\u5de5\u4f5c\u8d1f\u8f7d\u7684\u5404\u4e2a\u5bb9\u5668\u7ec4\u72b6\u6001\u3001\u6240\u5728\u8282\u70b9\u3001\u91cd\u542f\u6b21\u6570\u7b49\u4fe1\u606f\u3002
\u5207\u6362 Tab \u5230 JVM \u76d1\u63a7 \uff0c\u53ef\u67e5\u770b\u5404\u4e2a\u5bb9\u5668\u7ec4\u7684 JVM \u6307\u6807\u3002
Note
AI \u7b97\u529b\u5e73\u53f0 Insight \u652f\u6301\u6309\u96c6\u7fa4\u3001\u547d\u540d\u7a7a\u95f4\u67e5\u8be2\u4e8b\u4ef6\uff0c\u5e76\u63d0\u4f9b\u4e86\u4e8b\u4ef6\u72b6\u6001\u5206\u5e03\u56fe\uff0c\u5bf9\u91cd\u8981\u4e8b\u4ef6\u8fdb\u884c\u7edf\u8ba1\u3002
"},{"location":"end-user/insight/infra/event.html#_2","title":"\u64cd\u4f5c\u6b65\u9aa4","text":"\u5de6\u4fa7\u5bfc\u822a\u680f\u4e2d\uff0c\u9009\u62e9 \u57fa\u7840\u8bbe\u7f6e > \u4e8b\u4ef6 \u3002
\u9ed8\u8ba4\u663e\u793a\u6700\u8fd1 12 \u5c0f\u65f6\u5185\u53d1\u751f\u7684\u4e8b\u4ef6\uff0c\u60a8\u53ef\u4ee5\u5728\u53f3\u4e0a\u89d2\u9009\u62e9\u4e0d\u540c\u7684\u65f6\u95f4\u8303\u56f4\u6765\u67e5\u770b\u8f83\u957f\u6216\u8f83\u77ed\u7684\u65f6\u95f4\u6bb5\u3002 \u60a8\u8fd8\u53ef\u4ee5\u81ea\u5b9a\u4e49\u91c7\u6837\u95f4\u9694\u4e3a 1 \u5206\u949f\u81f3 5 \u5c0f\u65f6\u3002
\u901a\u8fc7\u4e8b\u4ef6\u72b6\u6001\u5206\u5e03\u56fe\uff0c\u60a8\u53ef\u4ee5\u76f4\u89c2\u5730\u4e86\u89e3\u4e8b\u4ef6\u7684\u5bc6\u96c6\u7a0b\u5ea6\u548c\u5206\u6563\u60c5\u51b5\u3002 \u8fd9\u6709\u52a9\u4e8e\u5bf9\u540e\u7eed\u7684\u96c6\u7fa4\u8fd0\u7ef4\u8fdb\u884c\u8bc4\u4f30\uff0c\u5e76\u505a\u597d\u51c6\u5907\u548c\u5b89\u6392\u5de5\u4f5c\u3002 \u5982\u679c\u4e8b\u4ef6\u5bc6\u96c6\u53d1\u751f\u5728\u7279\u5b9a\u65f6\u6bb5\uff0c\u60a8\u53ef\u80fd\u9700\u8981\u8c03\u914d\u66f4\u591a\u7684\u8d44\u6e90\u6216\u91c7\u53d6\u76f8\u5e94\u63aa\u65bd\u6765\u786e\u4fdd\u96c6\u7fa4\u7a33\u5b9a\u6027\u548c\u9ad8\u53ef\u7528\u6027\u3002 \u800c\u5982\u679c\u4e8b\u4ef6\u8f83\u4e3a\u5206\u6563\uff0c\u5728\u6b64\u671f\u95f4\u60a8\u53ef\u4ee5\u5408\u7406\u5b89\u6392\u5176\u4ed6\u8fd0\u7ef4\u5de5\u4f5c\uff0c\u4f8b\u5982\u7cfb\u7edf\u4f18\u5316\u3001\u5347\u7ea7\u6216\u5904\u7406\u5176\u4ed6\u4efb\u52a1\u3002
\u901a\u8fc7\u7efc\u5408\u8003\u8651\u4e8b\u4ef6\u72b6\u6001\u5206\u5e03\u56fe\u548c\u65f6\u95f4\u8303\u56f4\uff0c\u60a8\u80fd\u66f4\u597d\u5730\u89c4\u5212\u548c\u7ba1\u7406\u96c6\u7fa4\u7684\u8fd0\u7ef4\u5de5\u4f5c\uff0c\u786e\u4fdd\u7cfb\u7edf\u7a33\u5b9a\u6027\u548c\u53ef\u9760\u6027\u3002
"},{"location":"end-user/insight/infra/event.html#_4","title":"\u4e8b\u4ef6\u603b\u6570\u548c\u7edf\u8ba1","text":"\u901a\u8fc7\u91cd\u8981\u4e8b\u4ef6\u7edf\u8ba1\uff0c\u60a8\u53ef\u4ee5\u65b9\u4fbf\u5730\u4e86\u89e3\u955c\u50cf\u62c9\u53d6\u5931\u8d25\u6b21\u6570\u3001\u5065\u5eb7\u68c0\u67e5\u5931\u8d25\u6b21\u6570\u3001\u5bb9\u5668\u7ec4\uff08Pod\uff09\u8fd0\u884c\u5931\u8d25\u6b21\u6570\u3001 Pod \u8c03\u5ea6\u5931\u8d25\u6b21\u6570\u3001\u5bb9\u5668 OOM \u5185\u5b58\u8017\u5c3d\u6b21\u6570\u3001\u5b58\u50a8\u5377\u6302\u8f7d\u5931\u8d25\u6b21\u6570\u4ee5\u53ca\u6240\u6709\u4e8b\u4ef6\u7684\u603b\u6570\u3002\u8fd9\u4e9b\u4e8b\u4ef6\u901a\u5e38\u5206\u4e3a\u300cWarning\u300d\u548c\u300cNormal\u300d\u4e24\u7c7b\u3002
"},{"location":"end-user/insight/infra/event.html#_5","title":"\u4e8b\u4ef6\u5217\u8868","text":"\u4e8b\u4ef6\u5217\u8868\u4ee5\u65f6\u95f4\u4e3a\u8f74\uff0c\u4ee5\u6d41\u6c34\u7684\u5f62\u5f0f\u5c55\u793a\u53d1\u751f\u7684\u4e8b\u4ef6\u3002\u60a8\u53ef\u4ee5\u6839\u636e\u300c\u6700\u8fd1\u53d1\u751f\u65f6\u95f4\u300d\u548c\u300c\u7ea7\u522b\u300d\u8fdb\u884c\u6392\u5e8f\u3002
\u70b9\u51fb\u53f3\u4fa7\u7684 \u2699\ufe0f \u56fe\u6807\uff0c\u60a8\u53ef\u4ee5\u6839\u636e\u81ea\u5df1\u7684\u559c\u597d\u548c\u9700\u6c42\u6765\u81ea\u5b9a\u4e49\u663e\u793a\u7684\u5217\u3002
\u5728\u9700\u8981\u7684\u65f6\u5019\uff0c\u60a8\u8fd8\u53ef\u4ee5\u70b9\u51fb\u5237\u65b0\u56fe\u6807\u6765\u66f4\u65b0\u5f53\u524d\u7684\u4e8b\u4ef6\u5217\u8868\u3002
"},{"location":"end-user/insight/infra/event.html#_6","title":"\u5176\u4ed6\u64cd\u4f5c","text":"\u5728\u4e8b\u4ef6\u5217\u8868\u4e2d\u64cd\u4f5c\u5217\u7684\u56fe\u6807\uff0c\u53ef\u67e5\u770b\u67d0\u4e00\u4e8b\u4ef6\u7684\u5143\u6570\u636e\u4fe1\u606f\u3002
\u70b9\u51fb\u9876\u90e8\u9875\u7b7e\u7684 \u4e0a\u4e0b\u6587 \u53ef\u67e5\u770b\u8be5\u4e8b\u4ef6\u5bf9\u5e94\u8d44\u6e90\u7684\u5386\u53f2\u4e8b\u4ef6\u8bb0\u5f55\u3002
\u6709\u5173\u7cfb\u7edf\u81ea\u5e26\u7684 Event \u4e8b\u4ef6\u7684\u8be6\u7ec6\u542b\u4e49\uff0c\u8bf7\u53c2\u9605 Kubenetest API \u4e8b\u4ef6\u5217\u8868\u3002
"},{"location":"end-user/insight/infra/namespace.html","title":"\u547d\u540d\u7a7a\u95f4\u76d1\u63a7","text":"\u4ee5\u547d\u540d\u7a7a\u95f4\u4e3a\u7ef4\u5ea6\uff0c\u5feb\u901f\u67e5\u8be2\u547d\u540d\u7a7a\u95f4\u5185\u7684\u8d44\u6e90\u6d88\u8017\u548c\u53d8\u5316\u8d8b\u52bf\u3002
"},{"location":"end-user/insight/infra/namespace.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u96c6\u7fa4\u4e2d\u5df2\u5b89\u88c5 insight-agent \u4e14\u5e94\u7528\u5904\u4e8e \u8fd0\u884c\u4e2d \u72b6\u6001\u3002
"},{"location":"end-user/insight/infra/namespace.html#_3","title":"\u64cd\u4f5c\u6b65\u9aa4","text":"\u8fdb\u5165 \u53ef\u89c2\u6d4b\u6027 \u4ea7\u54c1\u6a21\u5757\u3002
\u5728\u5de6\u8fb9\u5bfc\u822a\u680f\u9009\u62e9 \u57fa\u7840\u8bbe\u65bd > \u547d\u540d\u7a7a\u95f4 \u3002\u5728\u8be5\u9875\u9762\u53ef\u67e5\u770b\u4ee5\u4e0b\u4fe1\u606f\uff1a
\u901a\u8fc7\u8282\u70b9\u76d1\u63a7\uff0c\u4f60\u53ef\u4ee5\u6982\u89c8\u6240\u9009\u96c6\u7fa4\u4e0b\u8282\u70b9\u7684\u5f53\u524d\u5065\u5eb7\u72b6\u6001\u3001\u5bf9\u5e94\u5bb9\u5668\u7ec4\u7684\u5f02\u5e38\u6570\u91cf\uff1b \u5728\u5f53\u524d\u8282\u70b9\u8be6\u60c5\u9875\uff0c\u4f60\u53ef\u4ee5\u67e5\u770b\u6b63\u5728\u544a\u8b66\u7684\u6570\u91cf\u4ee5\u53ca CPU\u3001\u5185\u5b58\u3001\u78c1\u76d8\u7b49\u8d44\u6e90\u6d88\u8017\u7684\u53d8\u5316\u8d8b\u52bf\u56fe\u3002
"},{"location":"end-user/insight/infra/node.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u96c6\u7fa4\u4e2d\u5df2\u5b89\u88c5 insight-agent \u4e14\u5e94\u7528\u5904\u4e8e \u8fd0\u884c\u4e2d \u72b6\u6001\u3002
"},{"location":"end-user/insight/infra/node.html#_3","title":"\u64cd\u4f5c\u6b65\u9aa4","text":"\u8fdb\u5165 \u53ef\u89c2\u6d4b\u6027 \u4ea7\u54c1\u6a21\u5757\u3002
\u5728\u5de6\u8fb9\u5bfc\u822a\u680f\u9009\u62e9 \u57fa\u7840\u8bbe\u65bd -> \u8282\u70b9 \u3002\u5728\u8be5\u9875\u9762\u53ef\u67e5\u770b\u4ee5\u4e0b\u4fe1\u606f\uff1a
\u5207\u6362\u5230 \u8d44\u6e90\u6c34\u4f4d\u7ebf\u76d1\u63a7 \u9875\u7b7e\uff0c\u53ef\u67e5\u770b\u5f53\u524d\u8282\u70b9\u7684\u66f4\u591a\u76d1\u63a7\u6570\u636e\u3002
\u62e8\u6d4b\uff08Probe\uff09\u6307\u7684\u662f\u57fa\u4e8e\u9ed1\u76d2\u76d1\u63a7\uff0c\u5b9a\u671f\u901a\u8fc7 HTTP\u3001TCP \u7b49\u65b9\u5f0f\u5bf9\u76ee\u6807\u8fdb\u884c\u8fde\u901a\u6027\u6d4b\u8bd5\uff0c\u5feb\u901f\u53d1\u73b0\u6b63\u5728\u53d1\u751f\u7684\u6545\u969c\u3002
Insight \u57fa\u4e8e Prometheus Blackbox Exporter \u5de5\u5177\u901a\u8fc7 HTTP\u3001HTTPS\u3001DNS\u3001TCP \u548c ICMP \u7b49\u534f\u8bae\uff0c\u5bf9\u7f51\u7edc\u8fdb\u884c\u63a2\u6d4b\u5e76\u8fd4\u56de\u63a2\u6d4b\u7ed3\u679c\u4ee5\u4fbf\u4e86\u89e3\u7f51\u7edc\u72b6\u6001\u3002
"},{"location":"end-user/insight/infra/probe.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u76ee\u6807\u96c6\u7fa4\u4e2d\u5df2\u6210\u529f\u90e8\u7f72 insight-agent\uff0c\u4e14\u5904\u4e8e \u8fd0\u884c\u4e2d \u72b6\u6001\u3002
"},{"location":"end-user/insight/infra/probe.html#_3","title":"\u67e5\u770b\u62e8\u6d4b\u4efb\u52a1","text":"\u5728\u5de6\u8fb9\u5bfc\u822a\u680f\u9009\u62e9 \u57fa\u7840\u8bbe\u65bd -> \u62e8\u6d4b\u3002
\u586b\u5199\u57fa\u672c\u4fe1\u606f\u540e\u70b9\u51fb \u4e0b\u4e00\u6b65
\u914d\u7f6e\u63a2\u6d4b\u53c2\u6570\u3002
\u914d\u7f6e\u5b8c\u6210\u540e\uff0c\u70b9\u51fb \u786e\u5b9a \u5373\u53ef\u5b8c\u6210\u521b\u5efa\u3002
Warning
\u62e8\u6d4b\u4efb\u52a1\u521b\u5efa\u5b8c\u6210\u540e\uff0c\u9700\u8981\u5927\u6982 3 \u5206\u949f\u7684\u65f6\u95f4\u6765\u540c\u6b65\u914d\u7f6e\u3002\u5728\u6b64\u671f\u95f4\uff0c\u4e0d\u4f1a\u8fdb\u884c\u63a2\u6d4b\uff0c\u65e0\u6cd5\u67e5\u770b\u63a2\u6d4b\u7ed3\u679c\u3002
"},{"location":"end-user/insight/infra/probe.html#_5","title":"\u7f16\u8f91\u62e8\u6d4b\u4efb\u52a1","text":"\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507 -> \u7f16\u8f91\uff0c\u5b8c\u6210\u7f16\u8f91\u540e\u70b9\u51fb \u786e\u5b9a\u3002
"},{"location":"end-user/insight/infra/probe.html#_6","title":"\u67e5\u770b\u76d1\u63a7\u9762\u677f","text":"\u70b9\u51fb\u62e8\u6d4b\u540d\u79f0
\u67e5\u770b\u62e8\u6d4b\u4efb\u52a1\u4e2d\u6bcf\u4e2a\u76ee\u6807\u7684\u76d1\u63a7\u72b6\u6001\uff0c\u4ee5\u56fe\u8868\u65b9\u5f0f\u663e\u793a\u9488\u5bf9\u7f51\u7edc\u72b6\u51b5\u7684\u63a2\u6d4b\u7ed3\u679c\u3002
\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507 -> \u5220\u9664\uff0c\u786e\u8ba4\u65e0\u8bef\u540e\u70b9\u51fb \u786e\u5b9a\u3002
Caution
\u5220\u9664\u64cd\u4f5c\u4e0d\u53ef\u6062\u590d\uff0c\u8bf7\u8c28\u614e\u64cd\u4f5c\u3002
"},{"location":"end-user/insight/quickstart/install/index.html","title":"\u5f00\u59cb\u89c2\u6d4b","text":"AI \u7b97\u529b\u4e2d\u5fc3 \u5e73\u53f0\u5b9e\u73b0\u4e86\u5bf9\u591a\u4e91\u591a\u96c6\u7fa4\u7684\u7eb3\u7ba1\uff0c\u5e76\u652f\u6301\u521b\u5efa\u96c6\u7fa4\u3002\u5728\u6b64\u57fa\u7840\u4e0a\uff0c\u53ef\u89c2\u6d4b\u6027 Insight \u4f5c\u4e3a\u591a\u96c6\u7fa4\u7edf\u4e00\u89c2\u6d4b\u65b9\u6848\uff0c\u901a\u8fc7\u90e8\u7f72 insight-agent \u63d2\u4ef6\u5b9e\u73b0\u5bf9\u591a\u96c6\u7fa4\u89c2\u6d4b\u6570\u636e\u7684\u91c7\u96c6\uff0c\u5e76\u652f\u6301\u901a\u8fc7 AI \u7b97\u529b\u4e2d\u5fc3 \u53ef\u89c2\u6d4b\u6027\u4ea7\u54c1\u5b9e\u73b0\u5bf9\u6307\u6807\u3001\u65e5\u5fd7\u3001\u94fe\u8def\u6570\u636e\u7684\u67e5\u8be2\u3002
insight-agent \u662f\u53ef\u89c2\u6d4b\u6027\u5b9e\u73b0\u5bf9\u591a\u96c6\u7fa4\u6570\u636e\u91c7\u96c6\u7684\u5de5\u5177\uff0c\u5b89\u88c5\u540e\u65e0\u9700\u4efb\u4f55\u4fee\u6539\uff0c\u5373\u53ef\u5b9e\u73b0\u5bf9\u6307\u6807\u3001\u65e5\u5fd7\u4ee5\u53ca\u94fe\u8def\u6570\u636e\u7684\u81ea\u52a8\u5316\u91c7\u96c6\u3002
\u901a\u8fc7 \u5bb9\u5668\u7ba1\u7406 \u521b\u5efa\u7684\u96c6\u7fa4\u9ed8\u8ba4\u4f1a\u5b89\u88c5 insight-agent\uff0c\u6545\u5728\u6b64\u4ec5\u9488\u5bf9\u63a5\u5165\u7684\u96c6\u7fa4\u5982\u4f55\u5f00\u542f\u89c2\u6d4b\u80fd\u529b\u63d0\u4f9b\u6307\u5bfc\u3002
\u53ef\u89c2\u6d4b\u6027 Insight \u4f5c\u4e3a\u591a\u96c6\u7fa4\u7684\u7edf\u4e00\u89c2\u6d4b\u5e73\u53f0\uff0c\u5176\u90e8\u5206\u7ec4\u4ef6\u7684\u8d44\u6e90\u6d88\u8017\u4e0e\u521b\u5efa\u96c6\u7fa4\u7684\u6570\u636e\u3001\u63a5\u5165\u96c6\u7fa4\u7684\u6570\u91cf\u606f\u606f\u76f8\u5173\uff0c\u5728\u5b89\u88c5 insight-agent \u65f6\uff0c\u9700\u8981\u6839\u636e\u96c6\u7fa4\u89c4\u6a21\u5bf9\u76f8\u5e94\u7ec4\u4ef6\u7684\u8d44\u6e90\u8fdb\u884c\u8c03\u6574\u3002
\u6839\u636e\u521b\u5efa\u96c6\u7fa4\u7684\u89c4\u6a21\u6216\u63a5\u5165\u96c6\u7fa4\u7684\u89c4\u6a21\uff0c\u8c03\u6574 insight-agent \u4e2d\u91c7\u96c6\u7ec4\u4ef6 Prometheus \u7684 CPU \u548c\u5185\u5b58\uff0c\u8bf7\u53c2\u8003: Prometheus \u8d44\u6e90\u89c4\u5212
\u7531\u4e8e\u591a\u96c6\u7fa4\u7684\u6307\u6807\u6570\u636e\u4f1a\u7edf\u4e00\u5b58\u50a8\uff0c\u5219\u9700\u8981 AI \u7b97\u529b\u4e2d\u5fc3 \u5e73\u53f0\u7ba1\u7406\u5458\u6839\u636e\u521b\u5efa\u96c6\u7fa4\u7684\u89c4\u6a21\u3001\u63a5\u5165\u96c6\u7fa4\u7684\u89c4\u6a21\u5bf9\u5e94\u8c03\u6574 vmstorage \u7684\u78c1\u76d8\uff0c\u8bf7\u53c2\u8003\uff1avmstorage \u78c1\u76d8\u5bb9\u91cf\u89c4\u5212\u3002
\u5982\u4f55\u8c03\u6574 vmstorage \u7684\u78c1\u76d8\uff0c\u8bf7\u53c2\u8003\uff1avmstorge \u78c1\u76d8\u6269\u5bb9\u3002
\u7531\u4e8e AI \u7b97\u529b\u4e2d\u5fc3 \u652f\u6301\u5bf9\u591a\u4e91\u591a\u96c6\u7fa4\u7684\u7eb3\u7ba1\uff0cinsight-agent \u76ee\u524d\u4e5f\u5b8c\u6210\u4e86\u90e8\u5206\u9a8c\u8bc1\uff0c\u7531\u4e8e\u76d1\u63a7\u7ec4\u4ef6\u51b2\u7a81\u95ee\u9898\u5bfc\u81f4\u5728 AI \u7b97\u529b\u4e2d\u5fc34.0 \u96c6\u7fa4\u548c Openshift 4.x \u96c6\u7fa4\u4e2d\u5b89\u88c5 insight-agent \u4f1a\u51fa\u73b0\u95ee\u9898\uff0c\u82e5\u60a8\u9047\u5230\u540c\u6837\u95ee\u9898\uff0c\u8bf7\u53c2\u8003\u4ee5\u4e0b\u6587\u6863\uff1a
\u53ef\u89c2\u6d4b\u6027\u6a21\u5757\u4e3a\u4e86\u63d0\u9ad8\u5927\u89c4\u6a21\u73af\u5883\u4e0b\u7684\u6570\u636e\u5199\u5165\u80fd\u529b\uff0c\u652f\u6301\u5c06\u65e5\u5fd7\u5207\u6362\u4e3a \u5927\u65e5\u5fd7 \u6a21\u5f0f\u3001\u5c06\u94fe\u8def\u5207\u6362\u4e3a \u5927\u94fe\u8def \u6a21\u5f0f\u3002\u672c\u6587\u5c06\u4ecb\u7ecd\u4ee5\u4e0b\u51e0\u79cd\u5f00\u542f\u65b9\u5f0f\uff1a
\u672c\u8282\u8bf4\u660e\u666e\u901a\u65e5\u5fd7\u6a21\u5f0f\u548c\u5927\u65e5\u5fd7\u6a21\u5f0f\u7684\u533a\u522b\u3002
"},{"location":"end-user/insight/quickstart/install/big-log-and-trace.html#_3","title":"\u65e5\u5fd7\u6a21\u5f0f","text":"\u7ec4\u4ef6\uff1aFluentbit + Elasticsearch
\u8be5\u6a21\u5f0f\u7b80\u79f0\u4e3a ES \u6a21\u5f0f\uff0c\u6570\u636e\u6d41\u56fe\u5982\u4e0b\u6240\u793a\uff1a
"},{"location":"end-user/insight/quickstart/install/big-log-and-trace.html#_4","title":"\u5927\u65e5\u5fd7\u6a21\u5f0f","text":"\u7ec4\u4ef6\uff1aFluentbit + Kafka + Vector + Elasticsearch
\u8be5\u6a21\u5f0f\u7b80\u79f0\u4e3a Kafka \u6a21\u5f0f\uff0c\u6570\u636e\u6d41\u56fe\u5982\u4e0b\u6240\u793a\uff1a
"},{"location":"end-user/insight/quickstart/install/big-log-and-trace.html#_5","title":"\u94fe\u8def","text":"\u672c\u8282\u8bf4\u660e\u666e\u901a\u94fe\u8def\u6a21\u5f0f\u548c\u5927\u94fe\u8def\u6a21\u5f0f\u7684\u533a\u522b\u3002
"},{"location":"end-user/insight/quickstart/install/big-log-and-trace.html#_6","title":"\u94fe\u8def\u6a21\u5f0f","text":"\u7ec4\u4ef6\uff1aAgent opentelemetry-collector + Global opentelemetry-collector + Jaeger-collector + Elasticsearch
\u8be5\u6a21\u5f0f\u7b80\u79f0\u4e3a OTlp \u6a21\u5f0f\uff0c\u6570\u636e\u6d41\u56fe\u5982\u4e0b\u6240\u793a\uff1a
"},{"location":"end-user/insight/quickstart/install/big-log-and-trace.html#_7","title":"\u5927\u94fe\u8def\u6a21\u5f0f","text":"\u7ec4\u4ef6\uff1aAgent opentelemetry-collector + Kafka + Global opentelemetry-collector + Jaeger-collector + Elasticsearch
\u8be5\u6a21\u5f0f\u7b80\u79f0\u4e3a Kafka \u6a21\u5f0f\uff0c\u6570\u636e\u6d41\u56fe\u5982\u4e0b\u6240\u793a\uff1a
"},{"location":"end-user/insight/quickstart/install/big-log-and-trace.html#_8","title":"\u901a\u8fc7\u5b89\u88c5\u5668\u5f00\u542f","text":"\u901a\u8fc7\u5b89\u88c5\u5668\u90e8\u7f72/\u5347\u7ea7 AI \u7b97\u529b\u4e2d\u5fc3 \u65f6\u4f7f\u7528\u7684 manifest.yaml \u4e2d\u5b58\u5728 infrastructures.kafka \u5b57\u6bb5\uff0c \u5982\u679c\u60f3\u5f00\u542f\u53ef\u89c2\u6d4b\u7684\u5927\u65e5\u5fd7\u548c\u5927\u94fe\u8def\u6a21\u5f0f\uff0c\u5219\u9700\u8981\u542f\u7528 kafka\uff1a
manifest.yamlapiVersion: manifest.daocloud.io/v1alpha1\nkind: DCEManifest\n...\ninfrastructures:\n ...\n kafka:\n enable: true # \u9ed8\u8ba4\u4e3a false\n cpuLimit: 1\n memLimit: 2Gi\n pvcSize: 15Gi\n
"},{"location":"end-user/insight/quickstart/install/big-log-and-trace.html#_9","title":"\u5f00\u542f","text":"\u5b89\u88c5\u65f6\u4f7f\u7528\u542f\u7528 kafka
\u7684 manifest.yaml\uff0c\u5219\u4f1a\u9ed8\u8ba4\u5b89\u88c5 kafka \u4e2d\u95f4\u4ef6\uff0c \u5e76\u5728\u5b89\u88c5 Insight \u65f6\u9ed8\u8ba4\u5f00\u542f\u5927\u65e5\u5fd7\u548c\u5927\u94fe\u8def\u6a21\u5f0f\u3002\u5b89\u88c5\u547d\u4ee4\u4e3a\uff1a
./dce5-installer cluster-create -c clusterConfig.yaml -m manifest.yaml\n
"},{"location":"end-user/insight/quickstart/install/big-log-and-trace.html#_10","title":"\u5347\u7ea7","text":"\u5347\u7ea7\u540c\u6837\u662f\u4fee\u6539 kafka
\u5b57\u6bb5\u3002\u4f46\u9700\u8981\u6ce8\u610f\u7684\u662f\uff0c\u56e0\u4e3a\u8001\u73af\u5883\u5b89\u88c5\u65f6\u4f7f\u7528\u7684\u662f kafka: false
\uff0c \u6240\u4ee5\u73af\u5883\u4e2d\u65e0 kafka\u3002\u6b64\u65f6\u5347\u7ea7\u9700\u8981\u6307\u5b9a\u5347\u7ea7 middleware
\uff0c\u624d\u4f1a\u540c\u65f6\u5b89\u88c5 kafka \u4e2d\u95f4\u4ef6\u3002\u5347\u7ea7\u547d\u4ee4\u4e3a\uff1a
./dce5-installer cluster-create -c clusterConfig.yaml -m manifest.yaml -u gproduct,middleware\n
Note
\u5728\u5347\u7ea7\u5b8c\u6210\u540e\uff0c\u9700\u8981\u624b\u52a8\u91cd\u542f\u4ee5\u4e0b\u7ec4\u4ef6\uff1a
\u524d\u63d0\u6761\u4ef6\uff1a\u9700\u8981\u4fdd\u8bc1\u5b58\u5728 \u53ef\u7528\u7684 kafka \u4e14\u5730\u5740\u53ef\u6b63\u5e38\u8bbf\u95ee\u3002
\u6839\u636e\u4ee5\u4e0b\u547d\u4ee4\u83b7\u53d6\u8001\u7248\u672c insight \u548c insight-agent \u7684 values\uff08\u5efa\u8bae\u505a\u597d\u5907\u4efd\uff09\uff1a
helm get values insight -n insight-system -o yaml > insight.yaml\nhelm get values insight-agent -n insight-system -o yaml > insight-agent.yaml\n
"},{"location":"end-user/insight/quickstart/install/big-log-and-trace.html#_11","title":"\u5f00\u542f\u5927\u65e5\u5fd7","text":"\u6709\u4ee5\u4e0b\u51e0\u79cd\u65b9\u5f0f\u5f00\u542f\u6216\u5347\u7ea7\u81f3\u5927\u65e5\u5fd7\u6a21\u5f0f\uff1a
\u5728helm upgrade
\u547d\u4ee4\u4e2d\u4f7f\u7528 --set\u4fee\u6539 YAML \u540e\u8fd0\u884c helm upgrade\u5bb9\u5668\u7ba1\u7406 UI \u5347\u7ea7 \u5148\u8fd0\u884c\u4ee5\u4e0b insight \u5347\u7ea7\u547d\u4ee4\uff0c\u6ce8\u610f kafka brokers \u5730\u5740\u9700\u6b63\u786e\uff1a
helm upgrade insight insight-release/insight \\\n -n insight-system \\\n -f ./insight.yaml \\\n --set global.kafka.brokers=\"10.6.216.111:30592\" \\\n --set global.kafka.enabled=true \\\n --set vector.enabled=true \\\n --version 0.30.1\n
\u7136\u540e\u8fd0\u884c\u4ee5\u4e0b insight-agent \u5347\u7ea7\u547d\u4ee4\uff0c\u6ce8\u610f kafka brokers \u5730\u5740\u9700\u6b63\u786e\uff1a
helm upgrade insight-agent insight-release/insight-agent \\\n -n insight-system \\\n -f ./insight-agent.yaml \\\n --set global.exporters.logging.kafka.brokers=\"10.6.216.111:30592\" \\\n --set global.exporters.logging.output=kafka \\\n --version 0.30.1\n
\u53c2\u7167\u4ee5\u4e0b\u6b65\u9aa4\u4fee\u6539 YAMl \u540e\u8fd0\u884c helm upgrade
\u547d\u4ee4\uff1a
\u4fee\u6539 insight.yaml
insight.yamlglobal:\n ...\n kafka:\n brokers: 10.6.216.111:30592\n enabled: true\n...\nvector:\n enabled: true\n
\u5347\u7ea7 insight \u7ec4\u4ef6\uff1a
helm upgrade insight insight-release/insight \\\n -n insight-system \\\n -f ./insight.yaml \\\n --version 0.30.1\n
\u4fee\u6539 insight-agent.yaml
insight-agent.yamlglobal:\n ...\n exporters:\n ...\n logging:\n ...\n kafka:\n brokers: 10.6.216.111:30592\n output: kafka\n
\u5347\u7ea7 insight-agent\uff1a
helm upgrade insight-agent insight-release/insight-agent \\\n -n insight-system \\\n -f ./insight-agent.yaml \\\n --version 0.30.1\n
\u5728\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u4e2d\uff0c\u627e\u5230\u5bf9\u5e94\u7684\u96c6\u7fa4\uff0c\u4ece\u5de6\u4fa7\u5bfc\u822a\u680f\u9009\u62e9 Helm \u5e94\u7528 \uff0c\u627e\u5230\u5e76\u66f4\u65b0 insight-agent\u3002
\u5728 Logging Settings \u4e2d\uff0c\u4e3a output \u9009\u62e9 kafka\uff0c\u5e76\u586b\u5199\u6b63\u786e\u7684 brokers \u5730\u5740\u3002
\u9700\u8981\u6ce8\u610f\u7684\u662f\uff0c\u5728\u5347\u7ea7\u5b8c\u6210\u540e\uff0c\u9700\u624b\u52a8\u91cd\u542f insight-agent-fluent-bit \u7ec4\u4ef6\u3002
"},{"location":"end-user/insight/quickstart/install/big-log-and-trace.html#_12","title":"\u5f00\u542f\u5927\u94fe\u8def","text":"\u6709\u4ee5\u4e0b\u51e0\u79cd\u65b9\u5f0f\u5f00\u542f\u6216\u5347\u7ea7\u81f3\u5927\u94fe\u8def\u6a21\u5f0f\uff1a
\u5728helm upgrade
\u547d\u4ee4\u4e2d\u4f7f\u7528 --set\u4fee\u6539 YAML \u540e\u8fd0\u884c helm upgrade\u5bb9\u5668\u7ba1\u7406 UI \u5347\u7ea7 \u5148\u8fd0\u884c\u4ee5\u4e0b insight \u5347\u7ea7\u547d\u4ee4\uff0c\u6ce8\u610f kafka brokers \u5730\u5740\u9700\u6b63\u786e\uff1a
helm upgrade insight insight-release/insight \\\n -n insight-system \\\n -f ./insight.yaml \\\n --set global.kafka.brokers=\"10.6.216.111:30592\" \\\n --set global.kafka.enabled=true \\\n --set global.tracing.kafkaReceiver.enabled=true \\\n --version 0.30.1\n
\u7136\u540e\u8fd0\u884c\u4ee5\u4e0b insight-agent \u5347\u7ea7\u547d\u4ee4\uff0c\u6ce8\u610f kafka brokers \u5730\u5740\u9700\u6b63\u786e\uff1a
helm upgrade insight-agent insight-release/insight-agent \\\n -n insight-system \\\n -f ./insight-agent.yaml \\\n --set global.exporters.trace.kafka.brokers=\"10.6.216.111:30592\" \\\n --set global.exporters.trace.output=kafka \\\n --version 0.30.1\n
\u53c2\u7167\u4ee5\u4e0b\u6b65\u9aa4\u4fee\u6539 YAMl \u540e\u8fd0\u884c helm upgrade
\u547d\u4ee4\uff1a
\u4fee\u6539 insight.yaml
insight.yamlglobal:\n ...\n kafka:\n brokers: 10.6.216.111:30592\n enabled: true\n...\ntracing:\n ...\n kafkaReceiver:\n enabled: true\n
\u5347\u7ea7 insight \u7ec4\u4ef6\uff1a
helm upgrade insight insight-release/insight \\\n -n insight-system \\\n -f ./insight.yaml \\\n --version 0.30.1\n
\u4fee\u6539 insight-agent.yaml
insight-agent.yamlglobal:\n ...\n exporters:\n ...\n trace:\n ...\n kafka:\n brokers: 10.6.216.111:30592\n output: kafka\n
\u5347\u7ea7 insight-agent\uff1a
helm upgrade insight-agent insight-release/insight-agent \\\n -n insight-system \\\n -f ./insight-agent.yaml \\\n --version 0.30.1\n
\u5728\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u4e2d\uff0c\u627e\u5230\u5bf9\u5e94\u7684\u96c6\u7fa4\uff0c\u4ece\u5de6\u4fa7\u5bfc\u822a\u680f\u9009\u62e9 Helm \u5e94\u7528 \uff0c\u627e\u5230\u5e76\u66f4\u65b0 insight-agent\u3002
\u5728 Trace Settings \u4e2d\uff0c\u4e3a output \u9009\u62e9 kafka\uff0c\u5e76\u586b\u5199\u6b63\u786e\u7684 brokers \u5730\u5740\u3002
\u9700\u8981\u6ce8\u610f\u7684\u662f\uff0c\u5728\u5347\u7ea7\u5b8c\u6210\u540e\uff0c\u9700\u624b\u52a8 \u91cd\u542f insight-agent-opentelemetry-collector \u548c insight-opentelemetry-collector \u7ec4\u4ef6\u3002
"},{"location":"end-user/insight/quickstart/install/component-scheduling.html","title":"\u81ea\u5b9a\u4e49 Insight \u7ec4\u4ef6\u8c03\u5ea6\u7b56\u7565","text":"\u5f53\u90e8\u7f72\u53ef\u89c2\u6d4b\u5e73\u53f0 Insight \u5230 Kubernetes \u73af\u5883\u65f6\uff0c\u6b63\u786e\u7684\u8d44\u6e90\u7ba1\u7406\u548c\u4f18\u5316\u81f3\u5173\u91cd\u8981\u3002 Insight \u5305\u542b\u591a\u4e2a\u6838\u5fc3\u7ec4\u4ef6\uff0c\u5982 Prometheus\u3001OpenTelemetry\u3001FluentBit\u3001Vector\u3001Elasticsearch \u7b49\uff0c \u8fd9\u4e9b\u7ec4\u4ef6\u5728\u8fd0\u884c\u8fc7\u7a0b\u4e2d\u53ef\u80fd\u56e0\u4e3a\u8d44\u6e90\u5360\u7528\u95ee\u9898\u5bf9\u96c6\u7fa4\u5185\u5176\u4ed6 Pod \u7684\u6027\u80fd\u4ea7\u751f\u8d1f\u9762\u5f71\u54cd\u3002 \u4e3a\u4e86\u6709\u6548\u5730\u7ba1\u7406\u8d44\u6e90\u5e76\u4f18\u5316\u96c6\u7fa4\u7684\u8fd0\u884c\uff0c\u8282\u70b9\u4eb2\u548c\u6027\u6210\u4e3a\u4e00\u9879\u91cd\u8981\u7684\u914d\u7f6e\u9009\u9879\u3002
\u672c\u6587\u5c06\u91cd\u70b9\u63a2\u8ba8\u5982\u4f55\u901a\u8fc7\u6c61\u70b9\u548c\u8282\u70b9\u4eb2\u548c\u6027\u7684\u914d\u7f6e\u7b56\u7565\uff0c\u4f7f\u5f97\u6bcf\u4e2a\u7ec4\u4ef6\u80fd\u591f\u5728\u9002\u5f53\u7684\u8282\u70b9\u4e0a\u8fd0\u884c\uff0c \u5e76\u907f\u514d\u8d44\u6e90\u7ade\u4e89\u6216\u4e89\u7528\uff0c\u4ece\u800c\u786e\u4fdd\u6574\u4e2a Kubernetes \u96c6\u7fa4\u7684\u7a33\u5b9a\u6027\u548c\u9ad8\u6548\u6027\u3002
"},{"location":"end-user/insight/quickstart/install/component-scheduling.html#insight_1","title":"\u901a\u8fc7\u6c61\u70b9\u4e3a Insight \u914d\u7f6e\u4e13\u6709\u8282\u70b9","text":"\u7531\u4e8e Insight Agent \u5305\u542b\u4e86 DaemonSet \u7ec4\u4ef6\uff0c\u6240\u4ee5\u672c\u8282\u6240\u8ff0\u7684\u914d\u7f6e\u65b9\u5f0f\u662f\u8ba9\u9664\u4e86 Insight DameonSet \u4e4b\u5916\u7684\u5176\u4f59\u7ec4\u4ef6\u5747\u8fd0\u884c\u5728\u4e13\u6709\u8282\u70b9\u4e0a\u3002
\u8be5\u65b9\u5f0f\u662f\u901a\u8fc7\u4e3a\u4e13\u6709\u8282\u70b9\u6dfb\u52a0\u6c61\u70b9\uff08taint\uff09\uff0c\u5e76\u914d\u5408\u6c61\u70b9\u5bb9\u5fcd\u5ea6\uff08tolerations\uff09\u6765\u5b9e\u73b0\u7684\u3002 \u66f4\u591a\u7ec6\u8282\u53ef\u4ee5\u53c2\u8003 Kubernetes \u5b98\u65b9\u6587\u6863\u3002
\u53ef\u4ee5\u53c2\u8003\u5982\u4e0b\u547d\u4ee4\u4e3a\u8282\u70b9\u6dfb\u52a0\u53ca\u79fb\u9664\u6c61\u70b9\uff1a
# \u6dfb\u52a0\u6c61\u70b9\nkubectl taint nodes worker1 node.daocloud.io=insight-only:NoSchedule\n\n# \u79fb\u9664\u6c61\u70b9\nkubectl taint nodes worker1 node.daocloud.io:NoSchedule-\n
\u6709\u4ee5\u4e0b\u4e24\u79cd\u9014\u5f84\u8ba9 Insight \u7ec4\u4ef6\u8c03\u5ea6\u81f3\u4e13\u6709\u8282\u70b9\uff1a
"},{"location":"end-user/insight/quickstart/install/component-scheduling.html#1","title":"1. \u4e3a\u6bcf\u4e2a\u7ec4\u4ef6\u6dfb\u52a0\u6c61\u70b9\u5bb9\u5fcd\u5ea6","text":"\u9488\u5bf9 insight-server
\u548c insight-agent
\u4e24\u4e2a Chart \u5206\u522b\u8fdb\u884c\u914d\u7f6e\uff1a
server:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n\nui:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n\nrunbook:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n\n# mysql:\nvictoria-metrics-k8s-stack:\n victoria-metrics-operator:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n vmcluster:\n spec:\n vmstorage:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n vmselect:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n vminsert:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n vmalert:\n spec:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n alertmanager:\n spec:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n\njaeger:\n collector:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n query:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n\nopentelemetry-collector-aggregator:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n\nopentelemetry-collector:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n\ngrafana-operator:\n operator:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n grafana:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\nkibana:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n\nelastic-alert:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n\nvector:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n
kube-prometheus-stack:\n prometheus:\n prometheusSpec:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n prometheus-node-exporter:\n tolerations:\n - effect: NoSchedule\n operator: Exists\n prometheusOperator:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n\nkube-state-metrics:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\nopentelemetry-operator:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\nopentelemetry-collector:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\ntailing-sidecar-operator:\n operator:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\nopentelemetry-kubernetes-collector:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\nprometheus-blackbox-exporter:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\netcd-exporter:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\" \n
"},{"location":"end-user/insight/quickstart/install/component-scheduling.html#2","title":"2. \u901a\u8fc7\u547d\u540d\u7a7a\u95f4\u7ea7\u522b\u914d\u7f6e","text":"\u8ba9 insight-system
\u547d\u540d\u7a7a\u95f4\u7684 Pod \u90fd\u5bb9\u5fcd node.daocloud.io=insight-only
\u6c61\u70b9\u3002
\u8c03\u6574 apiserver
\u7684\u914d\u7f6e\u6587\u4ef6 /etc/kubernetes/manifests/kube-apiserver.yaml
\uff0c\u653e\u5f00 PodTolerationRestriction,PodNodeSelector
, \u53c2\u8003\u4e0b\u56fe\uff1a
\u7ed9 insight-system
\u547d\u540d\u7a7a\u95f4\u589e\u52a0\u6ce8\u89e3\uff1a
apiVersion: v1\nkind: Namespace\nmetadata:\n name: insight-system\n annotations:\n scheduler.alpha.kubernetes.io/defaultTolerations: '[{\"operator\": \"Equal\", \"effect\": \"NoSchedule\", \"key\": \"node.daocloud.io\", \"value\": \"insight-only\"}]'\n
\u91cd\u542f insight-system \u547d\u540d\u7a7a\u95f4\u4e0b\u9762\u7684\u7ec4\u4ef6\u5373\u53ef\u6b63\u5e38\u5bb9\u5fcd insight-system \u4e0b\u7684 Pod \u8c03\u5ea6\u3002
"},{"location":"end-user/insight/quickstart/install/component-scheduling.html#label","title":"\u4e3a\u8282\u70b9\u6dfb\u52a0 Label \u548c\u8282\u70b9\u4eb2\u548c\u6027\u6765\u7ba1\u7406\u7ec4\u4ef6\u8c03\u5ea6","text":"Info
\u8282\u70b9\u4eb2\u548c\u6027\u6982\u5ff5\u4e0a\u7c7b\u4f3c\u4e8e nodeSelector
\uff0c\u5b83\u4f7f\u4f60\u53ef\u4ee5\u6839\u636e\u8282\u70b9\u4e0a\u7684 \u6807\u7b7e(label) \u6765\u7ea6\u675f Pod \u53ef\u4ee5\u8c03\u5ea6\u5230\u54ea\u4e9b\u8282\u70b9\u4e0a\u3002 \u8282\u70b9\u4eb2\u548c\u6027\u6709\u4e24\u79cd\uff1a
\u66f4\u8fc7\u7ec6\u8282\u8bf7\u53c2\u8003 kubernetes \u5b98\u65b9\u6587\u6863\u3002
\u4e3a\u4e86\u5b9e\u73b0\u4e0d\u540c\u7528\u6237\u5bf9 Insight \u7ec4\u4ef6\u8c03\u5ea6\u7684\u7075\u6d3b\u9700\u6c42\uff0cInsight \u5206\u522b\u63d0\u4f9b\u4e86\u8f83\u4e3a\u7ec6\u7c92\u5ea6\u7684 Label \u6765\u5b9e\u73b0\u4e0d\u540c\u7ec4\u4ef6\u7684\u8c03\u5ea6\u7b56\u7565\uff0c\u4ee5\u4e0b\u662f\u6807\u7b7e\u4e0e\u7ec4\u4ef6\u7684\u5173\u7cfb\u8bf4\u660e\uff1a
\u6807\u7b7e Key \u6807\u7b7e Value \u8bf4\u660enode.daocloud.io/insight-any
\u4efb\u610f\u503c\uff0c\u63a8\u8350\u7528 true
\u4ee3\u8868 Insight \u6240\u6709\u7ec4\u4ef6\u4f18\u5148\u8003\u8651\u5e26\u4e86\u8be5\u6807\u7b7e\u7684\u8282\u70b9 node.daocloud.io/insight-prometheus
\u4efb\u610f\u503c\uff0c\u63a8\u8350\u7528 true
\u7279\u6307 Prometheus \u7ec4\u4ef6 node.daocloud.io/insight-vmstorage
\u4efb\u610f\u503c\uff0c\u63a8\u8350\u7528 true
\u7279\u6307 VictoriaMetrics vmstorage \u7ec4\u4ef6 node.daocloud.io/insight-vector
\u4efb\u610f\u503c\uff0c\u63a8\u8350\u7528 true
\u7279\u6307 Vector \u7ec4\u4ef6 node.daocloud.io/insight-otel-col
\u4efb\u610f\u503c\uff0c\u63a8\u8350\u7528 true
\u7279\u6307 OpenTelemetry \u7ec4\u4ef6 \u53ef\u4ee5\u53c2\u8003\u5982\u4e0b\u547d\u4ee4\u4e3a\u8282\u70b9\u6dfb\u52a0\u53ca\u79fb\u9664\u6807\u7b7e\uff1a
# \u4e3a node8 \u6dfb\u52a0\u6807\u7b7e\uff0c\u5148\u5c06 insight-prometheus \u8c03\u5ea6\u5230 node8 \nkubectl label nodes node8 node.daocloud.io/insight-prometheus=true\n\n# \u79fb\u9664 node8 \u7684 node.daocloud.io/insight-prometheus \u6807\u7b7e\nkubectl label nodes node8 node.daocloud.io/insight-prometheus-\n
\u4ee5\u4e0b\u662f insight-prometheus \u7ec4\u4ef6\u5728\u90e8\u7f72\u65f6\u9ed8\u8ba4\u7684\u4eb2\u548c\u6027\u504f\u597d\uff1a
affinity:\n nodeAffinity:\n preferredDuringSchedulingIgnoredDuringExecution:\n - preference:\n matchExpressions:\n - key: node-role.kubernetes.io/control-plane\n operator: DoesNotExist\n weight: 1\n - preference:\n matchExpressions:\n - key: node.daocloud.io/insight-prometheus # (1)!\n operator: Exists\n weight: 2\n - preference:\n matchExpressions:\n - key: node.daocloud.io/insight-any\n operator: Exists\n weight: 3\n podAntiAffinity:\n preferredDuringSchedulingIgnoredDuringExecution:\n - weight: 1\n podAffinityTerm:\n topologyKey: kubernetes.io/hostname\n labelSelector:\n matchExpressions:\n - key: app.kubernetes.io/instance\n operator: In\n values:\n - insight-agent-kube-prometh-prometheus\n
\u53ef\u89c2\u6d4b\u6027\u662f\u591a\u96c6\u7fa4\u7edf\u4e00\u89c2\u6d4b\u7684\u4ea7\u54c1\uff0c\u4e3a\u5b9e\u73b0\u5bf9\u591a\u96c6\u7fa4\u89c2\u6d4b\u6570\u636e\u7684\u7edf\u4e00\u5b58\u50a8\u3001\u67e5\u8be2\uff0c \u5b50\u96c6\u7fa4\u9700\u8981\u5c06\u91c7\u96c6\u7684\u89c2\u6d4b\u6570\u636e\u4e0a\u62a5\u7ed9\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u8fdb\u884c\u7edf\u4e00\u5b58\u50a8\u3002 \u672c\u6587\u63d0\u4f9b\u4e86\u5728\u5b89\u88c5\u91c7\u96c6\u7ec4\u4ef6 insight-agent \u65f6\u5fc5\u586b\u7684\u5b58\u50a8\u7ec4\u4ef6\u7684\u5730\u5740\u3002
"},{"location":"end-user/insight/quickstart/install/gethosturl.html#insight-agent","title":"\u5728\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u5b89\u88c5 insight-agent","text":"\u5982\u679c\u5728\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u5b89\u88c5 insight-agent\uff0c\u63a8\u8350\u901a\u8fc7\u57df\u540d\u6765\u8bbf\u95ee\u96c6\u7fa4\uff1a
export vminsert_host=\"vminsert-insight-victoria-metrics-k8s-stack.insight-system.svc.cluster.local\" # (1)!\nexport es_host=\"insight-es-master.insight-system.svc.cluster.local\" # (2)!\nexport otel_col_host=\"insight-opentelemetry-collector.insight-system.svc.cluster.local\" # (3)!\n
"},{"location":"end-user/insight/quickstart/install/gethosturl.html#insight-agent_1","title":"\u5728\u5176\u4ed6\u96c6\u7fa4\u5b89\u88c5 insight-agent","text":""},{"location":"end-user/insight/quickstart/install/gethosturl.html#insight-server","title":"\u901a\u8fc7 Insight Server \u63d0\u4f9b\u7684\u63a5\u53e3\u83b7\u53d6\u5730\u5740","text":"\u7ba1\u7406\u96c6\u7fa4\u4f7f\u7528\u9ed8\u8ba4\u7684 LoadBalancer \u65b9\u5f0f\u66b4\u9732
\u767b\u5f55\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u7684\u63a7\u5236\u53f0\uff0c\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a
export INSIGHT_SERVER_IP=$(kubectl get service insight-server -n insight-system --output=jsonpath={.spec.clusterIP})\ncurl --location --request POST 'http://'\"${INSIGHT_SERVER_IP}\"'/apis/insight.io/v1alpha1/agentinstallparam'\n
Note
\u8bf7\u66ff\u6362\u547d\u4ee4\u4e2d\u7684 ${INSIGHT_SERVER_IP}
\u53c2\u6570\u3002
\u83b7\u5f97\u5982\u4e0b\u8fd4\u56de\u503c\uff1a
{\n \"values\": {\n \"global\": {\n \"exporters\": {\n \"logging\": {\n \"host\": \"10.6.182.32\"\n },\n \"metric\": {\n \"host\": \"10.6.182.32\"\n },\n \"auditLog\": {\n \"host\": \"10.6.182.32\"\n },\n \"trace\": {\n \"host\": \"10.6.182.32\"\n }\n }\n },\n \"opentelemetry-operator\": {\n \"enabled\": true\n },\n \"opentelemetry-collector\": {\n \"enabled\": true\n }\n }\n}\n
global.exporters.logging.host
\u662f\u65e5\u5fd7\u670d\u52a1\u5730\u5740\uff0c\u4e0d\u9700\u8981\u518d\u8bbe\u7f6e\u5bf9\u5e94\u670d\u52a1\u7684\u7aef\u53e3\uff0c\u90fd\u4f1a\u4f7f\u7528\u76f8\u5e94\u9ed8\u8ba4\u503cglobal.exporters.metric.host
\u662f\u6307\u6807\u670d\u52a1\u5730\u5740global.exporters.trace.host
\u662f\u94fe\u8def\u670d\u52a1\u5730\u5740global.exporters.auditLog.host
\u662f\u5ba1\u8ba1\u65e5\u5fd7\u670d\u52a1\u5730\u5740\uff08\u548c\u94fe\u8def\u4f7f\u7528\u7684\u540c\u4e00\u4e2a\u670d\u52a1\u4e0d\u540c\u7aef\u53e3\uff09\u7ba1\u7406\u96c6\u7fa4\u7981\u7528 LoadBalancer
\u8c03\u7528\u63a5\u53e3\u65f6\u9700\u8981\u989d\u5916\u4f20\u9012\u96c6\u7fa4\u4e2d\u4efb\u610f\u5916\u90e8\u53ef\u8bbf\u95ee\u7684\u8282\u70b9 IP\uff0c\u4f1a\u4f7f\u7528\u8be5 IP \u62fc\u63a5\u51fa\u5bf9\u5e94\u670d\u52a1\u7684\u5b8c\u6574\u8bbf\u95ee\u5730\u5740\u3002
export INSIGHT_SERVER_IP=$(kubectl get service insight-server -n insight-system --output=jsonpath={.spec.clusterIP})\ncurl --location --request POST 'http://'\"${INSIGHT_SERVER_IP}\"'/apis/insight.io/v1alpha1/agentinstallparam' --data '{\"extra\": {\"EXPORTER_EXTERNAL_IP\": \"10.5.14.51\"}}'\n
\u5c06\u83b7\u5f97\u5982\u4e0b\u7684\u8fd4\u56de\u503c\uff1a
{\n \"values\": {\n \"global\": {\n \"exporters\": {\n \"logging\": {\n \"scheme\": \"https\",\n \"host\": \"10.5.14.51\",\n \"port\": 32007,\n \"user\": \"elastic\",\n \"password\": \"j8V1oVoM1184HvQ1F3C8Pom2\"\n },\n \"metric\": {\n \"host\": \"10.5.14.51\",\n \"port\": 30683\n },\n \"auditLog\": {\n \"host\": \"10.5.14.51\",\n \"port\": 30884\n },\n \"trace\": {\n \"host\": \"10.5.14.51\",\n \"port\": 30274\n }\n }\n },\n \"opentelemetry-operator\": {\n \"enabled\": true\n },\n \"opentelemetry-collector\": {\n \"enabled\": true\n }\n }\n}\n
global.exporters.logging.host
\u662f\u65e5\u5fd7\u670d\u52a1\u5730\u5740global.exporters.logging.port
\u662f\u65e5\u5fd7\u670d\u52a1\u66b4\u9732\u7684 NodePortglobal.exporters.metric.host
\u662f\u6307\u6807\u670d\u52a1\u5730\u5740global.exporters.metric.port
\u662f\u6307\u6807\u670d\u52a1\u66b4\u9732\u7684 NodePortglobal.exporters.trace.host
\u662f\u94fe\u8def\u670d\u52a1\u5730\u5740global.exporters.trace.port
\u662f\u94fe\u8def\u670d\u52a1\u66b4\u9732\u7684 NodePortglobal.exporters.auditLog.host
\u662f\u5ba1\u8ba1\u65e5\u5fd7\u670d\u52a1\u5730\u5740\uff08\u548c\u94fe\u8def\u4f7f\u7528\u7684\u540c\u4e00\u4e2a\u670d\u52a1\u4e0d\u540c\u7aef\u53e3\uff09global.exporters.auditLog.host
\u662f\u5ba1\u8ba1\u65e5\u5fd7\u670d\u52a1\u66b4\u9732\u7684 NodePort\u82e5\u96c6\u7fa4\u4e2d\u5f00\u542f LoadBalancer
\u4e14\u4e3a Insight \u8bbe\u7f6e\u4e86 VIP
\u65f6\uff0c\u60a8\u4e5f\u53ef\u4ee5\u624b\u52a8\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u83b7\u53d6 vminsert
\u4ee5\u53ca opentelemetry-collector
\u7684\u5730\u5740\u4fe1\u606f\uff1a
$ kubectl get service -n insight-system | grep lb\nlb-insight-opentelemetry-collector LoadBalancer 10.233.23.12 <pending> 4317:31286/TCP,8006:31351/TCP 24d\nlb-vminsert-insight-victoria-metrics-k8s-stack LoadBalancer 10.233.63.67 <pending> 8480:31629/TCP 24d\n
lb-vminsert-insight-victoria-metrics-k8s-stack
\u662f\u6307\u6807\u670d\u52a1\u7684\u5730\u5740lb-insight-opentelemetry-collector
\u662f\u94fe\u8def\u670d\u52a1\u7684\u5730\u5740\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u83b7\u53d6 elasticsearch
\u5730\u5740\u4fe1\u606f\uff1a
$ kubectl get service -n mcamel-system | grep es\nmcamel-common-es-cluster-masters-es-http NodePort 10.233.16.120 <none> 9200:30465/TCP 47d\n
mcamel-common-es-cluster-masters-es-http
\u662f\u65e5\u5fd7\u670d\u52a1\u7684\u5730\u5740
\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u7981\u7528 LB \u7279\u6027
\u5728\u8be5\u60c5\u51b5\u4e0b\uff0c\u9ed8\u8ba4\u4e0d\u4f1a\u521b\u5efa\u4e0a\u8ff0\u7684 LoadBalancer \u8d44\u6e90\uff0c\u5bf9\u5e94\u670d\u52a1\u540d\u4e3a\uff1a
\u4e0a\u9762\u4e24\u79cd\u60c5\u51b5\u83b7\u53d6\u5230\u5bf9\u5e94\u670d\u52a1\u7684\u5bf9\u5e94\u7aef\u53e3\u4fe1\u606f\u540e\uff0c\u8fdb\u884c\u5982\u4e0b\u8bbe\u7f6e\uff1a
--set global.exporters.logging.host= # (1)!\n--set global.exporters.logging.port= # (2)!\n--set global.exporters.metric.host= # (3)!\n--set global.exporters.metric.port= # (4)!\n--set global.exporters.trace.host= # (5)!\n--set global.exporters.trace.port= # (6)!\n--set global.exporters.auditLog.host= # (7)!\n
\u672c\u6587\u63cf\u8ff0\u4e86\u5728\u547d\u4ee4\u884c\u4e2d\u901a\u8fc7 Helm \u547d\u4ee4\u5b89\u88c5 Insight Agent \u793e\u533a\u7248\u7684\u64cd\u4f5c\u6b65\u9aa4\u3002
"},{"location":"end-user/insight/quickstart/install/helm-installagent.html#insight-agent","title":"\u5b89\u88c5 Insight Agent","text":"\u4f7f\u7528\u4ee5\u4e0b\u547d\u4ee4\u6dfb\u52a0\u955c\u50cf\u4ed3\u5e93\u7684\u5730\u5740
helm repo add insight https://release.daocloud.io/chartrepo/insight\nhelm repo upgrade\nhelm search repo insight/insight-agent --versions\n
\u5b89\u88c5 Insight Agent \u9700\u8981\u786e\u4fdd\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4e2d\u7684 Insight Server \u6b63\u5e38\u8fd0\u884c\uff0c\u6267\u884c\u4ee5\u4e0b\u5b89\u88c5\u547d\u4ee4\u5b89\u88c5 Insight Agent \u793e\u533a\u7248\uff0c\u8be5\u914d\u7f6e\u4e0d\u542f\u7528 Tracing \u529f\u80fd\uff1a
helm upgrade --install --create-namespace --cleanup-on-fail \\\n --version ${version} \\ # \u8bf7\u6307\u5b9a\u90e8\u7f72\u7248\u672c\n insight-agent insight/insight-agent \\\n --set global.exporters.logging.elasticsearch.host=10.10.10.x \\ # \u8bf7\u66ff\u6362\u201c10.10.10.x\" \u4e3a\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u6216\u5916\u7f6e\u7684 Elasticsearch \u7684\u5730\u5740\n --set global.exporters.logging.elasticsearch.port=32517 \\ # \u8bf7\u66ff\u6362\u201c32517\" \u4e3a\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u6216\u5916\u7f6e\u7684 Elasticsearch \u66b4\u9732\u7684\u7aef\u53e3\n --set global.exporters.logging.elasticsearch.user=elastic \\ # \u8bf7\u66ff\u6362\u201celastic\" \u4e3a\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u6216\u5916\u7f6e\u7684 Elasticsearch \u7684\u7528\u6237\u540d\n --set global.exporters.logging.elasticsearch.password=dangerous \\ # \u8bf7\u66ff\u6362\u201cdangerous\" \u4e3a\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u6216\u5916\u7f6e\u7684 Elasticsearch \u7684\u5bc6\u7801\n --set global.exporters.metric.host=${vminsert_address} \\ # \u8bf7\u66ff\u6362\u201c10.10.10.x\" \u4e3a\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4e2d vminsert \u7684\u5730\u5740\n --set global.exporters.metric.port=${vminsert_port} \\ # \u8bf7\u66ff\u6362\u201c32517\" \u4e3a\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4e2d vminsert \u7684\u5730\u5740\n --set global.exporters.auditLog.host=${opentelemetry-collector address} \\ # \u8bf7\u66ff\u6362\u201c32517\" \u4e3a\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4e2d opentelemetry-collector \u7684\u7aef\u53e3\n --set global.exporters.auditLog.port=${otel_col_auditlog_port}\\ # \u8bf7\u66ff\u6362\u201c32517\" \u4e3a\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4e2d opentelemetry-collector \u5bb9\u5668\u7aef\u53e3\u4e3a 8006 \u7684 service \u5bf9\u5916\u8bbf\u95ee\u7684\u5730\u5740\n -n insight-system\n
Info
\u53ef\u53c2\u8003 \u5982\u4f55\u83b7\u53d6\u8fde\u63a5\u5730\u5740 \u83b7\u53d6\u5730\u5740\u4fe1\u606f\u3002
\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u786e\u8ba4\u5b89\u88c5\u72b6\u6001\uff1a
helm list -A\nkubectl get pods -n insight-system\n
\u5982\u679c Agent \u662f\u5b89\u88c5\u5728\u7ba1\u7406\u96c6\u7fa4\uff0c\u63a8\u8350\u901a\u8fc7\u57df\u540d\u6765\u8bbf\u95ee\u96c6\u7fa4\uff1a
export vminsert_host=\"vminsert-insight-victoria-metrics-k8s-stack.insight-system.svc.cluster.local\" # \u6307\u6807\nexport es_host=\"insight-es-master.insight-system.svc.cluster.local\" # \u65e5\u5fd7\nexport otel_col_host=\"insight-opentelemetry-collector.insight-system.svc.cluster.local\" # \u94fe\u8def\n
"},{"location":"end-user/insight/quickstart/install/helm-installagent.html#insight-agent_2","title":"\u5728\u5de5\u4f5c\u96c6\u7fa4\u5b89\u88c5 Insight Agent","text":"\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4f7f\u7528\u9ed8\u8ba4\u7684 LoadBalancer\u767b\u5f55\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u7684\u63a7\u5236\u53f0\u64cd\u4f5c\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4f7f\u7528 Nodeport \u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4f7f\u7528\u9ed8\u8ba4\u7684 LoadBalancer \u65b9\u5f0f\u66b4\u9732\u670d\u52a1\u65f6\uff0c\u767b\u5f55\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u7684\u63a7\u5236\u53f0\uff0c\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a
export INSIGHT_SERVER_IP=$(kubectl get service insight-server -n insight-system --output=jsonpath={.spec.clusterIP})\ncurl --location --request POST 'http://'\"${INSIGHT_SERVER_IP}\"'/apis/insight.io/v1alpha1/agentinstallparam'\n
\u5c06\u83b7\u5f97\u5982\u4e0b\u7684\u8fd4\u56de\u503c\uff1a
{\"global\":{\"exporters\":{\"logging\":{\"output\":\"elasticsearch\",\"elasticsearch\":{\"host\":\"10.6.182.32\"},\"kafka\":{},\"host\":\"10.6.182.32\"},\"metric\":{\"host\":\"10.6.182.32\"},\"auditLog\": {\"host\":\"10.6.182.32\"}}},\"opentelemetry-operator\":{\"enabled\":true},\"opentelemetry-collector\":{\"enabled\":true}}\n
\u5176\u4e2d\uff1a
\u767b\u5f55\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u7684\u63a7\u5236\u53f0\uff0c\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a
kubectl get service -n insight-system | grep lb\nkubectl get service -n mcamel-system | grep es\n
\u5176\u4e2d\uff1a
\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4f7f\u7528 Nodeport \u65b9\u5f0f\u66b4\u9732\u670d\u52a1\u65f6\uff0c\u767b\u5f55\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u7684\u63a7\u5236\u53f0\uff0c\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a
kubectl get service -n insight-system\nkubectl get service -n mcamel-system\n
\u5176\u4e2d\uff1a
\u767b\u5f55\u76ee\u6807\u96c6\u7fa4\u7684\u63a7\u5236\u53f0\uff0c\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u5907\u4efd --set
\u53c2\u6570\u3002
helm get values insight-agent -n insight-system -o yaml > insight-agent.yaml\n
\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u66f4\u65b0\u4ed3\u5e93\u3002
helm repo upgrade\n
\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u8fdb\u884c\u5347\u7ea7\u3002
helm upgrade insight-agent insight/insight-agent \\\n-n insight-system \\\n-f ./insight-agent.yaml \\\n--version ${version} # \u6307\u5b9a\u5347\u7ea7\u7248\u672c\n
\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u786e\u8ba4\u5b89\u88c5\u72b6\u6001\uff1a
kubectl get pods -n insight-system\n
helm uninstall insight-agent -n insight-system --timeout 10m\n
"},{"location":"end-user/insight/quickstart/install/install-agent.html","title":"\u5728\u7ebf\u5b89\u88c5 insight-agent","text":"insight-agent \u662f\u96c6\u7fa4\u89c2\u6d4b\u6570\u636e\u91c7\u96c6\u7684\u63d2\u4ef6\uff0c\u652f\u6301\u5bf9\u6307\u6807\u3001\u94fe\u8def\u3001\u65e5\u5fd7\u6570\u636e\u7684\u7edf\u4e00\u89c2\u6d4b\u3002\u672c\u6587\u63cf\u8ff0\u4e86\u5982\u4f55\u5728\u5728\u7ebf\u73af\u5883\u4e2d\u4e3a\u63a5\u5165\u96c6\u7fa4\u5b89\u88c5 insight-agent\u3002
"},{"location":"end-user/insight/quickstart/install/install-agent.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u8fdb\u5165 \u5bb9\u5668\u7ba1\u7406 \u6a21\u5757\uff0c\u5728 \u96c6\u7fa4\u5217\u8868 \u4e2d\u627e\u5230\u8981\u5b89\u88c5 insight-agent \u7684\u96c6\u7fa4\u540d\u79f0\u3002
\u9009\u62e9 \u7acb\u5373\u5b89\u88c5 \u8df3\u8f6c\uff0c\u6216\u70b9\u51fb\u96c6\u7fa4\uff0c\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u5185\u70b9\u51fb Helm \u5e94\u7528 -> Helm \u6a21\u677f \uff0c\u641c\u7d22\u6846\u67e5\u8be2 insight-agent \uff0c\u70b9\u51fb\u8be5\u5361\u7247\u8fdb\u5165\u8be6\u60c5\u3002
\u67e5\u770b insight-agent \u7684\u5b89\u88c5\u9875\u9762\uff0c\u70b9\u51fb \u5b89\u88c5 \u8fdb\u5165\u4e0b\u4e00\u6b65\u3002
\u9009\u62e9\u5b89\u88c5\u7684\u7248\u672c\u5e76\u5728\u4e0b\u65b9\u8868\u5355\u5206\u522b\u586b\u5199\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4e2d\u5bf9\u5e94\u6570\u636e\u5b58\u50a8\u7ec4\u4ef6\u7684\u5730\u5740\uff0c\u786e\u8ba4\u586b\u5199\u7684\u4fe1\u606f\u65e0\u8bef\u540e\uff0c\u70b9\u51fb \u786e\u5b9a \u3002
\u7cfb\u7edf\u5c06\u81ea\u52a8\u8fd4\u56de\u00a0 Helm \u5e94\u7528 \u5217\u8868\uff0c\u5f53\u5e94\u7528 insight-agent \u7684\u72b6\u6001\u4ece\u00a0 \u672a\u5c31\u7eea \u53d8\u4e3a \u5df2\u90e8\u7f72 \uff0c\u4e14\u6240\u6709\u7684\u7ec4\u4ef6\u72b6\u6001\u4e3a \u8fd0\u884c\u4e2d \u65f6\uff0c\u5219\u5b89\u88c5\u6210\u529f\u3002\u7b49\u5f85\u4e00\u6bb5\u65f6\u95f4\u540e\uff0c\u53ef\u5728 \u53ef\u89c2\u6d4b\u6027 \u6a21\u5757\u67e5\u770b\u8be5\u96c6\u7fa4\u7684\u6570\u636e\u3002
Note
\u672c\u9875\u5217\u51fa\u4e00\u4e9b Insight Agent \u5b89\u88c5\u548c\u5378\u8f7d\u6709\u5173\u7684\u95ee\u9898\u53ca\u5176\u89e3\u51b3\u529e\u6cd5\u3002
"},{"location":"end-user/insight/quickstart/install/knownissues.html#v0230","title":"v0.23.0","text":""},{"location":"end-user/insight/quickstart/install/knownissues.html#insight-agent","title":"Insight Agent","text":""},{"location":"end-user/insight/quickstart/install/knownissues.html#insight-agent_1","title":"Insight Agent \u5378\u8f7d\u5931\u8d25","text":"\u5f53\u4f60\u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\u5378\u8f7d Insight Agent \u65f6\u3002
helm uninstall insight-agent -n insight-system\n
otel-oprator
\u6240\u4f7f\u7528\u7684 tls secret
\u672a\u88ab\u5378\u8f7d\u6389\u3002
otel-operator
\u5b9a\u4e49\u7684\u201c\u91cd\u590d\u5229\u7528 tls secret\u201d\u7684\u903b\u8f91\u4e2d\uff0c\u4f1a\u53bb\u5224\u65ad otel-oprator
\u7684 MutationConfiguration
\u662f\u5426\u5b58\u5728\u5e76\u91cd\u590d\u5229\u7528 MutationConfiguration \u4e2d\u7ed1\u5b9a\u7684 CA cert\u3002\u4f46\u662f\u7531\u4e8e helm uninstall
\u5df2\u5378\u8f7d MutationConfiguration
\uff0c\u5bfc\u81f4\u51fa\u73b0\u7a7a\u503c\u3002
\u7efc\u4e0a\u8bf7\u624b\u52a8\u5220\u9664\u5bf9\u5e94\u7684 secret
\uff0c\u4ee5\u4e0b\u4e24\u79cd\u65b9\u5f0f\u4efb\u9009\u4e00\u79cd\u5373\u53ef\uff1a
\u901a\u8fc7\u547d\u4ee4\u884c\u5220\u9664\uff1a\u767b\u5f55\u76ee\u6807\u96c6\u7fa4\u7684\u63a7\u5236\u53f0\uff0c\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a
kubectl -n insight-system delete secret insight-agent-opentelemetry-operator-controller-manager-service-cert\n
\u901a\u8fc7 UI \u5220\u9664\uff1a\u767b\u5f55 AI \u7b97\u529b\u4e2d\u5fc3 \u5bb9\u5668\u7ba1\u7406\uff0c\u9009\u62e9\u76ee\u6807\u96c6\u7fa4\uff0c\u4ece\u5de6\u4fa7\u5bfc\u822a\u8fdb\u5165\u5bc6\u94a5
\uff0c\u8f93\u5165 insight-agent-opentelemetry-operator-controller-manager-service-cert
\uff0c\u9009\u62e9\u5220\u9664
\u3002
\u66f4\u65b0 insight-agent \u65e5\u5fd7\u914d\u7f6e\u4ece elasticsearch \u6539\u4e3a kafka \u6216\u8005\u4ece kafka \u6539\u4e3a elasticsearch\uff0c\u5b9e\u9645\u4e0a\u90fd\u672a\u751f\u6548\uff0c\u8fd8\u662f\u4f7f\u7528\u66f4\u65b0\u524d\u914d\u7f6e\u3002
\u89e3\u51b3\u65b9\u6848 \uff1a
\u624b\u52a8\u91cd\u542f\u96c6\u7fa4\u4e2d\u7684 fluentbit\u3002
"},{"location":"end-user/insight/quickstart/install/knownissues.html#v0210","title":"v0.21.0","text":""},{"location":"end-user/insight/quickstart/install/knownissues.html#insight-agent_4","title":"Insight Agent","text":""},{"location":"end-user/insight/quickstart/install/knownissues.html#podmonitor-jvm","title":"PodMonitor \u91c7\u96c6\u591a\u4efd JVM \u6307\u6807\u6570\u636e","text":"\u8fd9\u4e2a\u7248\u672c\u7684 PodMonitor/insight-kubernetes-pod \u5b58\u5728\u7f3a\u9677\uff1a\u4f1a\u9519\u8bef\u5730\u521b\u5efa Job \u53bb\u91c7\u96c6\u6807\u8bb0\u4e86 insight.opentelemetry.io/metric-scrape=true
\u7684 Pod \u7684\u6240\u6709 container\uff1b\u800c\u5b9e\u9645\u4e0a\u53ea\u9700\u91c7\u96c6 insight.opentelemetry.io/metric-port
\u6240\u5bf9\u5e94 container \u7684\u7aef\u53e3\u3002
\u56e0\u4e3a PodMonitor \u58f0\u660e\u4e4b\u540e\uff0cPromethuesOperator \u4f1a\u9884\u8bbe\u7f6e\u4e00\u4e9b\u670d\u52a1\u53d1\u73b0\u914d\u7f6e\u3002 \u518d\u8003\u8651\u5230 CRD \u7684\u517c\u5bb9\u6027\u7684\u95ee\u9898\u3002\u56e0\u6b64\uff0c\u653e\u5f03\u901a\u8fc7 PodMonitor \u6765\u914d\u7f6e\u901a\u8fc7 annotation \u521b\u5efa\u91c7\u96c6\u4efb\u52a1\u7684\u673a\u5236\u3002
\u901a\u8fc7 Prometheus \u81ea\u5e26\u7684 additional scrape config \u673a\u5236\uff0c\u5c06\u670d\u52a1\u53d1\u73b0\u89c4\u5219\u914d\u7f6e\u5728 secret \u4e2d\uff0c\u5728\u5f15\u5165 Prometheus \u91cc\u3002
\u7efc\u4e0a\uff1a
\u65b0\u7684\u89c4\u5219\u91cc\u901a\u8fc7 action: keepequal \u6765\u6bd4\u8f83 source_labels \u548c target_label \u7684\u4e00\u81f4\u6027\uff0c \u6765\u5224\u65ad\u662f\u5426\u8981\u7ed9\u67d0\u4e2a container \u7684 port \u521b\u5efa\u91c7\u96c6\u4efb\u52a1\u3002\u9700\u8981\u6ce8\u610f\uff0c\u8fd9\u4e2a\u662f Prometheus 2.41.0\uff082022-12-20\uff09\u548c\u66f4\u9ad8\u7248\u672c\u624d\u5177\u5907\u7684\u529f\u80fd\u3002
+ - source_labels: [__meta_kubernetes_pod_annotation_insight_opentelemetry_io_metric_port]\n+ separator: ;\n+ target_label: __meta_kubernetes_pod_container_port_number\n+ action: keepequal\n
"},{"location":"end-user/insight/quickstart/install/upgrade-note.html","title":"\u5347\u7ea7\u6ce8\u610f\u4e8b\u9879","text":"\u672c\u9875\u4ecb\u7ecd\u4e00\u4e9b\u5347\u7ea7 insight-server \u548c insight-agent \u7684\u6ce8\u610f\u4e8b\u9879\u3002
"},{"location":"end-user/insight/quickstart/install/upgrade-note.html#insight-agent","title":"insight-agent","text":""},{"location":"end-user/insight/quickstart/install/upgrade-note.html#v028x-v029x","title":"\u4ece v0.28.x\uff08\u6216\u66f4\u4f4e\u7248\u672c\uff09\u5347\u7ea7\u5230 v0.29.x","text":"\u7531\u4e8e v0.29.0 \u5347\u7ea7\u4e86 Opentelemetry \u793e\u533a\u7684 operator chart \u7248\u672c\uff0cvalues \u4e2d\u7684 featureGates \u7684\u652f\u6301\u7684\u503c\u6709\u6240\u53d8\u5316\uff0c\u56e0\u6b64\uff0c\u5728 upgrade \u4e4b\u524d\uff0c\u9700\u8981\u5c06 featureGates
\u7684\u503c\u8bbe\u7f6e\u4e3a\u7a7a, \u5373\uff1a
- --set opentelemetry-operator.manager.featureGates=\"+operator.autoinstrumentation.go,+operator.autoinstrumentation.multi-instrumentation,+operator.autoinstrumentation.nginx\" \\\n+ --set opentelemetry-operator.manager.featureGates=\"\"\n
"},{"location":"end-user/insight/quickstart/install/upgrade-note.html#insight-server","title":"insight-server","text":""},{"location":"end-user/insight/quickstart/install/upgrade-note.html#v026x-v027x","title":"\u4ece v0.26.x\uff08\u6216\u66f4\u4f4e\u7248\u672c\uff09\u5347\u7ea7\u5230 v0.27.x \u6216\u66f4\u9ad8\u7248\u672c","text":"\u5728 v0.27.x \u7248\u672c\u4e2d\u5c06 vector \u7ec4\u4ef6\u7684\u5f00\u5173\u5355\u72ec\u62bd\u51fa\u3002\u6545\u539f\u6709\u73af\u5883\u5f00\u542f\u4e86 vector\uff0c\u90a3\u5728\u5347\u7ea7 insight-server \u65f6\uff0c\u9700\u8981\u6307\u5b9a --set vector.enabled=true
\u3002
\u5728\u5347\u7ea7 Insight \u4e4b\u524d\uff0c\u60a8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u624b\u52a8\u5220\u9664 jaeger-collector \u548c jaeger-query \u90e8\u7f72\uff1a
kubectl -n insight-system delete deployment insight-jaeger-collector\nkubectl -n insight-system delete deployment insight-jaeger-query\n
"},{"location":"end-user/insight/quickstart/install/upgrade-note.html#v017x-v018x","title":"\u4ece v0.17.x\uff08\u6216\u66f4\u4f4e\u7248\u672c\uff09\u5347\u7ea7\u5230 v0.18.x","text":"\u7531\u4e8e 0.18.x \u4e2d\u66f4\u65b0\u4e86 Jaeger \u76f8\u5173\u90e8\u7f72\u6587\u4ef6\uff0c\u56e0\u6b64\u9700\u8981\u5728\u5347\u7ea7 insight-server \u524d\u624b\u52a8\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff1a
kubectl -n insight-system delete deployment insight-jaeger-collector\nkubectl -n insight-system delete deployment insight-jaeger-query\n
\u7531\u4e8e 0.18.x \u4e2d\u6307\u6807\u540d\u4ea7\u751f\u4e86\u53d8\u52a8\uff0c\u56e0\u6b64\uff0c\u9700\u8981\u5728\u5347\u7ea7 insight-server \u4e4b\u540e\uff0cinsight-agent \u4e5f\u5e94\u8be5\u505a\u5347\u7ea7\u3002
\u6b64\u5916\uff0c\u8c03\u6574\u4e86\u5f00\u542f\u94fe\u8def\u6a21\u5757\u7684\u53c2\u6570\uff0c\u4ee5\u53ca ElasticSearch \u8fde\u63a5\u8c03\u6574\u3002\u5177\u4f53\u53c2\u8003\u4ee5\u4e0b\u53c2\u6570\uff1a
+ --set global.tracing.enable=true \\\n- --set jaeger.collector.enabled=true \\\n- --set jaeger.query.enabled=true \\\n+ --set global.elasticsearch.scheme=${your-external-elasticsearch-scheme} \\\n+ --set global.elasticsearch.host=${your-external-elasticsearch-host} \\\n+ --set global.elasticsearch.port=${your-external-elasticsearch-port} \\\n+ --set global.elasticsearch.user=${your-external-elasticsearch-username} \\\n+ --set global.elasticsearch.password=${your-external-elasticsearch-password} \\\n- --set jaeger.storage.elasticsearch.scheme=${your-external-elasticsearch-scheme} \\\n- --set jaeger.storage.elasticsearch.host=${your-external-elasticsearch-host} \\\n- --set jaeger.storage.elasticsearch.port=${your-external-elasticsearch-port} \\\n- --set jaeger.storage.elasticsearch.user=${your-external-elasticsearch-username} \\\n- --set jaeger.storage.elasticsearch.password=${your-external-elasticsearch-password} \\\n
"},{"location":"end-user/insight/quickstart/install/upgrade-note.html#v015x-v016x","title":"\u4ece v0.15.x\uff08\u6216\u66f4\u4f4e\u7248\u672c\uff09\u5347\u7ea7\u5230 v0.16.x","text":"\u7531\u4e8e 0.16.x \u4e2d\u4f7f\u7528\u4e86 vmalertmanagers CRD \u7684\u65b0\u7279\u6027\u53c2\u6570 disableRouteContinueEnforce\uff0c \u56e0\u6b64\u9700\u8981\u5728\u5347\u7ea7 insight-server \u524d\u624b\u52a8\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u3002
kubectl apply --server-side -f https://raw.githubusercontent.com/VictoriaMetrics/operator/v0.33.0/config/crd/bases/operator.victoriametrics.com_vmalertmanagers.yaml --force-conflicts\n
Note
\u5982\u60a8\u662f\u79bb\u7ebf\u5b89\u88c5\uff0c\u53ef\u4ee5\u5728\u89e3\u538b Insight \u79bb\u7ebf\u5305\u540e\uff0c\u8bf7\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u66f4\u65b0 CRD\u3002
kubectl apply --server-side -f insight/dependency-crds --force-conflicts \n
"},{"location":"end-user/insight/quickstart/install/upgrade-note.html#insight-agent_1","title":"insight-agent","text":""},{"location":"end-user/insight/quickstart/install/upgrade-note.html#v023x-v024x","title":"\u4ece v0.23.x\uff08\u6216\u66f4\u4f4e\u7248\u672c\uff09\u5347\u7ea7\u5230 v0.24.x","text":"\u7531\u4e8e 0.24.x \u7248\u672c\u4e2d OTEL operator chart
\u4e2d\u65b0\u589e\u4e86 CRD\uff0c\u4f46\u7531\u4e8e Helm Upgrade \u65f6\u5e76\u4e0d\u4f1a\u66f4\u65b0 CRD\uff0c\u56e0\u6b64\uff0c\u9700\u8981\u624b\u52a8\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a
kubectl apply -f https://raw.githubusercontent.com/open-telemetry/opentelemetry-helm-charts/main/charts/opentelemetry-operator/crds/crd-opentelemetry.io_opampbridges.yaml\n
\u5982\u60a8\u662f\u79bb\u7ebf\u5b89\u88c5\uff0c\u53ef\u4ee5\u5728\u89e3\u538b insight-agent \u79bb\u7ebf\u5305\u540e\u53ef\u627e\u5230\u4e0a\u8ff0 CRD \u7684 yaml\uff0c\u89e3\u538b Insight-Agent Chart \u4e4b\u540e\u624b\u52a8\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a
kubectl apply -f charts/agent/crds/crd-opentelemetry.io_opampbridges.yaml\n
"},{"location":"end-user/insight/quickstart/install/upgrade-note.html#v019x-v020x","title":"\u4ece v0.19.x\uff08\u6216\u66f4\u4f4e\u7248\u672c\uff09\u5347\u7ea7\u5230 v0.20.x","text":"\u7531\u4e8e 0.20.x \u4e2d\u589e\u52a0\u4e86 Kafka \u65e5\u5fd7\u5bfc\u51fa\u914d\u7f6e\uff0c\u65e5\u5fd7\u5bfc\u51fa\u914d\u7f6e\u505a\u4e86\u4e00\u4e9b\u8c03\u6574\u3002\u5347\u7ea7 insight-agent \u4e4b\u524d\u9700\u8981\u6ce8\u610f\u53c2\u6570\u53d8\u5316\uff0c \u5373\u539f\u6765 logging \u7684\u914d\u7f6e\u5df2\u7ecf\u79fb\u5230\u4e86\u914d\u7f6e\u4e2d logging.elasticsearch\uff1a
- --set global.exporters.logging.host \\\n- --set global.exporters.logging.port \\\n+ --set global.exporters.logging.elasticsearch.host \\\n+ --set global.exporters.logging.elasticsearch.port \\\n
"},{"location":"end-user/insight/quickstart/install/upgrade-note.html#v017x-v018x_1","title":"\u4ece v0.17.x\uff08\u6216\u66f4\u4f4e\u7248\u672c\uff09\u5347\u7ea7\u5230 v0.18.x","text":"\u7531\u4e8e 0.18.x \u4e2d\u66f4\u65b0\u4e86 Jaeger \u76f8\u5173\u90e8\u7f72\u6587\u4ef6\uff0c\u56e0\u6b64\u9700\u8981\u5728\u5347\u7ea7 insight-agent \u524d\u9700\u8981\u6ce8\u610f\u53c2\u6570\u7684\u6539\u52a8\u3002
+ --set global.exporters.trace.enable=true \\\n- --set opentelemetry-collector.enabled=true \\\n- --set opentelemetry-operator.enabled=true \\\n
"},{"location":"end-user/insight/quickstart/install/upgrade-note.html#v016x-v017x","title":"\u4ece v0.16.x\uff08\u6216\u66f4\u4f4e\u7248\u672c\uff09\u5347\u7ea7\u5230 v0.17.x","text":"\u5728 v0.17.x \u7248\u672c\u4e2d\u5c06 kube-prometheus-stack chart \u7248\u672c\u4ece 41.9.1 \u5347\u7ea7\u81f3 45.28.1, \u5176\u4e2d\u4f7f\u7528\u7684 CRD \u4e5f\u5b58\u5728\u4e00\u4e9b\u5b57\u6bb5\u7684\u5347\u7ea7\uff0c\u5982 servicemonitor \u7684 attachMetadata \u5b57\u6bb5\uff0c\u56e0\u6b64\u9700\u8981\u5728\u5347\u7ea7 insight-agent \u524d\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff1a
kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.65.1/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --force-conflicts\n
\u5982\u60a8\u662f\u79bb\u7ebf\u5b89\u88c5\uff0c\u53ef\u4ee5\u5728\u89e3\u538b insight-agent \u79bb\u7ebf\u5305\u540e\uff0c\u5728 insight-agent/dependency-crds \u4e2d\u627e\u5230\u4e0a\u8ff0 CRD \u7684 yaml\u3002
"},{"location":"end-user/insight/quickstart/install/upgrade-note.html#v011x-v012x","title":"\u4ece v0.11.x\uff08\u6216\u66f4\u4f4e\u7248\u672c\uff09\u5347\u7ea7\u5230 v0.12.x","text":"\u5728 v0.12.x \u5c06 kube-prometheus-stack chart \u4ece 39.6.0 \u5347\u7ea7\u5230 41.9.1\uff0c\u5176\u4e2d\u5305\u62ec prometheus-operator \u5347\u7ea7\u5230 v0.60.1, prometheus-node-exporter chart \u5347\u7ea7\u5230 4.3.0 \u7b49\u3002 prometheus-node-exporter \u5347\u7ea7\u540e\u4f7f\u7528\u4e86 Kubernetes \u63a8\u8350 label\uff0c\u56e0\u6b64\u9700\u8981\u5728\u5347\u7ea7\u524d\u5220\u9664 node-exporter \u7684 DaemonSet\u3002 prometheus-operator \u66f4\u65b0\u4e86 CRD\uff0c\u56e0\u6b64\u9700\u8981\u5728\u5347\u7ea7 insight-agent \u524d\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff1a
kubectl delete daemonset insight-agent-prometheus-node-exporter -n insight-system\nkubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml --force-conflicts\nkubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml --force-conflicts\nkubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml --force-conflicts\nkubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml --force-conflicts\nkubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml --force-conflicts\nkubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml --force-conflicts\nkubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --force-conflicts\nkubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml --force-conflicts\n
Note
\u5982\u60a8\u662f\u79bb\u7ebf\u5b89\u88c5\uff0c\u53ef\u4ee5\u5728\u89e3\u538b insight-agent \u79bb\u7ebf\u5305\u540e\uff0c\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u66f4\u65b0 CRD\u3002
kubectl apply --server-side -f insight-agent/dependency-crds --force-conflicts\n
"},{"location":"end-user/insight/quickstart/otel/operator.html","title":"\u901a\u8fc7 Operator \u5b9e\u73b0\u5e94\u7528\u7a0b\u5e8f\u65e0\u4fb5\u5165\u589e\u5f3a","text":"\u76ee\u524d\u53ea\u6709 Java\u3001NodeJs\u3001Python\u3001.Net\u3001Golang \u652f\u6301 Operator \u7684\u65b9\u5f0f\u65e0\u4fb5\u5165\u63a5\u5165\u3002
"},{"location":"end-user/insight/quickstart/otel/operator.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u8bf7\u786e\u4fdd insight-agent \u5df2\u7ecf\u5c31\u7eea\u3002\u5982\u82e5\u6ca1\u6709\uff0c\u8bf7\u53c2\u8003\u5b89\u88c5 insight-agent \u91c7\u96c6\u6570\u636e\u5e76\u786e\u4fdd\u4ee5\u4e0b\u4e09\u9879\u5c31\u7eea\uff1a
Tip
\u4ece Insight v0.22.0 \u5f00\u59cb\uff0c\u4e0d\u518d\u9700\u8981\u624b\u52a8\u5b89\u88c5 Instrumentation CR\u3002
\u5728 insight-system
\u547d\u540d\u7a7a\u95f4\u4e0b\u5b89\u88c5\uff0c\u4e0d\u540c\u7248\u672c\u4e4b\u95f4\u6709\u4e00\u4e9b\u7ec6\u5c0f\u7684\u5dee\u522b\u3002
K8S_CLUSTER_UID=$(kubectl get namespace kube-system -o jsonpath='{.metadata.uid}')\nkubectl apply -f - <<EOF\napiVersion: opentelemetry.io/v1alpha1\nkind: Instrumentation\nmetadata:\n name: insight-opentelemetry-autoinstrumentation\n namespace: insight-system\nspec:\n # https://github.com/open-telemetry/opentelemetry-operator/blob/main/docs/api.md#instrumentationspecresource\n resource:\n addK8sUIDAttributes: true\n env:\n - name: OTEL_EXPORTER_OTLP_ENDPOINT\n value: http://insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317\n sampler:\n # Enum: always_on, always_off, traceidratio, parentbased_always_on, parentbased_always_off, parentbased_traceidratio, jaeger_remote, xray\n type: always_on\n java:\n image: ghcr.m.daocloud.io/openinsight-proj/autoinstrumentation-java:1.31.0\n env:\n - name: OTEL_JAVAAGENT_DEBUG\n value: \"false\"\n - name: OTEL_INSTRUMENTATION_JDBC_ENABLED\n value: \"true\"\n - name: SPLUNK_PROFILER_ENABLED\n value: \"false\"\n - name: OTEL_METRICS_EXPORTER\n value: \"prometheus\"\n - name: OTEL_METRICS_EXPORTER_PORT\n value: \"9464\"\n - name: OTEL_K8S_CLUSTER_UID\n value: $K8S_CLUSTER_UID\n nodejs:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-nodejs:0.41.1\n python:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-python:0.40b0\n dotnet:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-dotnet:1.0.0\n go:\n # Must set the default value manually for now.\n # See https://github.com/open-telemetry/opentelemetry-operator/issues/1756 for details.\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-go-instrumentation/autoinstrumentation-go:v0.2.2-alpha\nEOF\n
kubectl apply -f - <<EOF\napiVersion: opentelemetry.io/v1alpha1\nkind: Instrumentation\nmetadata:\n name: insight-opentelemetry-autoinstrumentation\n namespace: insight-system\nspec:\n # https://github.com/open-telemetry/opentelemetry-operator/blob/main/docs/api.md#instrumentationspecresource\n resource:\n addK8sUIDAttributes: true\n env:\n - name: OTEL_EXPORTER_OTLP_ENDPOINT\n value: http://insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317\n sampler:\n # Enum: always_on, always_off, traceidratio, parentbased_always_on, parentbased_always_off, parentbased_traceidratio, jaeger_remote, xray\n type: always_on\n java:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-java:1.29.0\n env:\n - name: OTEL_JAVAAGENT_DEBUG\n value: \"false\"\n - name: OTEL_INSTRUMENTATION_JDBC_ENABLED\n value: \"true\"\n - name: SPLUNK_PROFILER_ENABLED\n value: \"false\"\n - name: OTEL_METRICS_EXPORTER\n value: \"prometheus\"\n - name: OTEL_METRICS_EXPORTER_PORT\n value: \"9464\"\n nodejs:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-nodejs:0.41.1\n python:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-python:0.40b0\n dotnet:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-dotnet:1.0.0-rc.2\n go:\n # Must set the default value manually for now.\n # See https://github.com/open-telemetry/opentelemetry-operator/issues/1756 for details.\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-go-instrumentation/autoinstrumentation-go:v0.2.2-alpha\nEOF\n
kubectl apply -f - <<EOF\napiVersion: opentelemetry.io/v1alpha1\nkind: Instrumentation\nmetadata:\n name: insight-opentelemetry-autoinstrumentation\n namespace: insight-system\nspec:\n # https://github.com/open-telemetry/opentelemetry-operator/blob/main/docs/api.md#instrumentationspecresource\n resource:\n addK8sUIDAttributes: true\n env:\n - name: OTEL_EXPORTER_OTLP_ENDPOINT\n value: http://insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317\n sampler:\n # Enum: always_on, always_off, traceidratio, parentbased_always_on, parentbased_always_off, parentbased_traceidratio, jaeger_remote, xray\n type: always_on\n java:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-java:1.25.0\n env:\n - name: OTEL_JAVAAGENT_DEBUG\n value: \"false\"\n - name: OTEL_INSTRUMENTATION_JDBC_ENABLED\n value: \"true\"\n - name: SPLUNK_PROFILER_ENABLED\n value: \"false\"\n - name: OTEL_METRICS_EXPORTER\n value: \"prometheus\"\n - name: OTEL_METRICS_EXPORTER_PORT\n value: \"9464\"\n nodejs:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-nodejs:0.37.0\n python:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-python:0.38b0\n go:\n # Must set the default value manually for now.\n # See https://github.com/open-telemetry/opentelemetry-operator/issues/1756 for details.\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-go-instrumentation/autoinstrumentation-go:v0.2.1-alpha\nEOF\n
kubectl apply -f - <<EOF\napiVersion: opentelemetry.io/v1alpha1\nkind: Instrumentation\nmetadata:\n name: insight-opentelemetry-autoinstrumentation\n namespace: insight-system\nspec:\n # https://github.com/open-telemetry/opentelemetry-operator/blob/main/docs/api.md#instrumentationspecresource\n resource:\n addK8sUIDAttributes: true\n env:\n - name: OTEL_EXPORTER_OTLP_ENDPOINT\n value: http://insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317\n sampler:\n # Enum: always_on, always_off, traceidratio, parentbased_always_on, parentbased_always_off, parentbased_traceidratio, jaeger_remote, xray\n type: always_on\n java:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-java:1.23.0\n env:\n - name: OTEL_JAVAAGENT_DEBUG\n value: \"false\"\n - name: OTEL_INSTRUMENTATION_JDBC_ENABLED\n value: \"true\"\n - name: SPLUNK_PROFILER_ENABLED\n value: \"false\"\n - name: OTEL_METRICS_EXPORTER\n value: \"prometheus\"\n - name: OTEL_METRICS_EXPORTER_PORT\n value: \"9464\"\n nodejs:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-nodejs:0.34.0\n python:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-python:0.33b0\nEOF\n
kubectl apply -f - <<EOF\napiVersion: opentelemetry.io/v1alpha1\nkind: Instrumentation\nmetadata:\n name: insight-opentelemetry-autoinstrumentation\n namespace: insight-system\nspec:\n # https://github.com/open-telemetry/opentelemetry-operator/blob/main/docs/api.md#instrumentationspecresource\n resource:\n addK8sUIDAttributes: true\n env:\n - name: OTEL_EXPORTER_OTLP_ENDPOINT\n value: http://insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317\n sampler:\n # Enum: always_on, always_off, traceidratio, parentbased_always_on, parentbased_always_off, parentbased_traceidratio, jaeger_remote, xray\n type: always_on\n java:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-java:1.23.0\n env:\n - name: OTEL_JAVAAGENT_DEBUG\n value: \"false\"\n - name: OTEL_INSTRUMENTATION_JDBC_ENABLED\n value: \"true\"\n - name: SPLUNK_PROFILER_ENABLED\n value: \"false\"\n - name: OTEL_METRICS_EXPORTER\n value: \"prometheus\"\n - name: OTEL_METRICS_EXPORTER_PORT\n value: \"9464\"\n nodejs:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-nodejs:0.34.0\n python:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-python:0.33b0\nEOF\n
"},{"location":"end-user/insight/quickstart/otel/operator.html#_2","title":"\u4e0e\u670d\u52a1\u7f51\u683c\u94fe\u8def\u4e32\u8054\u573a\u666f","text":"\u5982\u679c\u60a8\u5f00\u542f\u4e86\u670d\u52a1\u7f51\u683c\u7684\u94fe\u8def\u8ffd\u8e2a\u80fd\u529b\uff0c\u9700\u8981\u989d\u5916\u589e\u52a0\u4e00\u4e2a\u73af\u5883\u53d8\u91cf\u6ce8\u5165\u7684\u914d\u7f6e\uff1a
"},{"location":"end-user/insight/quickstart/otel/operator.html#_3","title":"\u64cd\u4f5c\u6b65\u9aa4\u5982\u4e0b","text":"\u9009\u62e9 insight-system \u547d\u540d\u7a7a\u95f4\u540e\uff0c\u7f16\u8f91 insight-opentelemetry-autoinstrumentation \uff0c\u5728 spec:env: \u4e0b\u6dfb\u52a0\u4ee5\u4e0b\u5185\u5bb9\uff1a
- name: OTEL_SERVICE_NAME\n valueFrom:\n fieldRef:\n fieldPath: metadata.labels['app'] \n
\u5b8c\u6574\u7684\u547d\u4ee4\u5982\u4e0b\uff08For Insight v0.21.x\uff09\uff1a
K8S_CLUSTER_UID=$(kubectl get namespace kube-system -o jsonpath='{.metadata.uid}')\nkubectl apply -f - <<EOF\napiVersion: opentelemetry.io/v1alpha1\nkind: Instrumentation\nmetadata:\n name: insight-opentelemetry-autoinstrumentation\n namespace: insight-system\nspec:\n # https://github.com/open-telemetry/opentelemetry-operator/blob/main/docs/api.md#instrumentationspecresource\n resource:\n addK8sUIDAttributes: true\n env:\n - name: OTEL_EXPORTER_OTLP_ENDPOINT\n value: http://insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317\n - name: OTEL_SERVICE_NAME\n valueFrom:\n fieldRef:\n fieldPath: metadata.labels['app'] \n sampler:\n # Enum: always_on, always_off, traceidratio, parentbased_always_on, parentbased_always_off, parentbased_traceidratio, jaeger_remote, xray\n type: always_on\n java:\n image: ghcr.m.daocloud.io/openinsight-proj/autoinstrumentation-java:1.31.0\n env:\n - name: OTEL_JAVAAGENT_DEBUG\n value: \"false\"\n - name: OTEL_INSTRUMENTATION_JDBC_ENABLED\n value: \"true\"\n - name: SPLUNK_PROFILER_ENABLED\n value: \"false\"\n - name: OTEL_METRICS_EXPORTER\n value: \"prometheus\"\n - name: OTEL_METRICS_EXPORTER_PORT\n value: \"9464\"\n - name: OTEL_K8S_CLUSTER_UID\n value: $K8S_CLUSTER_UID\n nodejs:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-nodejs:0.41.1\n python:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-python:0.40b0\n dotnet:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-dotnet:1.0.0\n go:\n # Must set the default value manually for now.\n # See https://github.com/open-telemetry/opentelemetry-operator/issues/1756 for details.\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-go-instrumentation/autoinstrumentation-go:v0.2.2-alpha\nEOF\n
\u4ee5\u4e0a\u5c31\u7eea\u4e4b\u540e\uff0c\u60a8\u5c31\u53ef\u4ee5\u901a\u8fc7\u6ce8\u89e3\uff08Annotation\uff09\u65b9\u5f0f\u4e3a\u5e94\u7528\u7a0b\u5e8f\u63a5\u5165\u94fe\u8def\u8ffd\u8e2a\u4e86\uff0cOTel \u76ee\u524d\u652f\u6301\u901a\u8fc7\u6ce8\u89e3\u7684\u65b9\u5f0f\u63a5\u5165\u94fe\u8def\u3002 \u6839\u636e\u670d\u52a1\u8bed\u8a00\uff0c\u9700\u8981\u6dfb\u52a0\u4e0a\u4e0d\u540c\u7684 pod annotations\u3002\u6bcf\u4e2a\u670d\u52a1\u53ef\u6dfb\u52a0\u4e24\u7c7b\u6ce8\u89e3\u4e4b\u4e00\uff1a
\u53ea\u6ce8\u5165\u73af\u5883\u53d8\u91cf\u6ce8\u89e3
\u8fd9\u7c7b\u6ce8\u89e3\u53ea\u6709\u4e00\u4e2a\uff0c\u7528\u4e8e\u6dfb\u52a0 otel \u76f8\u5173\u7684\u73af\u5883\u53d8\u91cf\uff0c\u6bd4\u5982\u94fe\u8def\u4e0a\u62a5\u5730\u5740\u3001\u5bb9\u5668\u6240\u5728\u7684\u96c6\u7fa4 id\u3001\u547d\u540d\u7a7a\u95f4\u7b49\uff08\u8fd9\u4e2a\u6ce8\u89e3\u5728\u5e94\u7528\u4e0d\u652f\u6301\u81ea\u52a8\u63a2\u9488\u8bed\u8a00\u65f6\u5341\u5206\u6709\u7528\uff09
instrumentation.opentelemetry.io/inject-sdk: \"insight-system/insight-opentelemetry-autoinstrumentation\"\n
\u5176\u4e2d value \u88ab /
\u5206\u6210\u4e24\u90e8\u5206\uff0c\u7b2c\u4e00\u4e2a\u503c (insight-system) \u662f\u4e0a\u4e00\u6b65\u5b89\u88c5\u7684 CR \u7684\u547d\u540d\u7a7a\u95f4\uff0c \u7b2c\u4e8c\u4e2a\u503c (insight-opentelemetry-autoinstrumentation) \u662f\u8fd9\u4e2a CR \u7684\u540d\u5b57\u3002
\u81ea\u52a8\u63a2\u9488\u6ce8\u5165\u4ee5\u53ca\u73af\u5883\u53d8\u91cf\u6ce8\u5165\u6ce8\u89e3
\u8fd9\u7c7b\u6ce8\u89e3\u76ee\u524d\u6709 4 \u4e2a\uff0c\u5206\u522b\u5bf9\u5e94 4 \u79cd\u4e0d\u540c\u7684\u7f16\u7a0b\u8bed\u8a00\uff1ajava\u3001nodejs\u3001python\u3001dotnet\uff0c \u4f7f\u7528\u5b83\u540e\u5c31\u4f1a\u5bf9 spec.pod \u4e0b\u7684\u7b2c\u4e00\u4e2a\u5bb9\u5668\u6ce8\u5165\u81ea\u52a8\u63a2\u9488\u4ee5\u53ca otel \u9ed8\u8ba4\u73af\u5883\u53d8\u91cf\uff1a
Java \u5e94\u7528NodeJs \u5e94\u7528Python \u5e94\u7528Dotnet \u5e94\u7528Golang \u5e94\u7528instrumentation.opentelemetry.io/inject-java: \"insight-system/insight-opentelemetry-autoinstrumentation\"\n
instrumentation.opentelemetry.io/inject-nodejs: \"insight-system/insight-opentelemetry-autoinstrumentation\"\n
instrumentation.opentelemetry.io/inject-python: \"insight-system/insight-opentelemetry-autoinstrumentation\"\n
instrumentation.opentelemetry.io/inject-dotnet: \"insight-system/insight-opentelemetry-autoinstrumentation\"\n
\u7531\u4e8e Go \u81ea\u52a8\u68c0\u6d4b\u9700\u8981\u8bbe\u7f6e OTEL_GO_AUTO_TARGET_EXE\uff0c \u56e0\u6b64\u60a8\u5fc5\u987b\u901a\u8fc7\u6ce8\u89e3\u6216 Instrumentation \u8d44\u6e90\u63d0\u4f9b\u6709\u6548\u7684\u53ef\u6267\u884c\u8def\u5f84\u3002\u672a\u8bbe\u7f6e\u6b64\u503c\u4f1a\u5bfc\u81f4 Go \u81ea\u52a8\u68c0\u6d4b\u6ce8\u5165\u4e2d\u6b62\uff0c\u4ece\u800c\u5bfc\u81f4\u63a5\u5165\u94fe\u8def\u5931\u8d25\u3002
instrumentation.opentelemetry.io/inject-go: \"insight-system/insight-opentelemetry-autoinstrumentation\"\ninstrumentation.opentelemetry.io/otel-go-auto-target-exe: \"/path/to/container/executable\"\n
Go \u81ea\u52a8\u68c0\u6d4b\u4e5f\u9700\u8981\u63d0\u5347\u6743\u9650\u3002\u4ee5\u4e0b\u6743\u9650\u662f\u81ea\u52a8\u8bbe\u7f6e\u7684\u5e76\u4e14\u662f\u5fc5\u9700\u7684\u3002
securityContext:\n privileged: true\n runAsUser: 0\n
Tip
OpenTelemetry Operator \u5728\u6ce8\u5165\u63a2\u9488\u65f6\u4f1a\u81ea\u52a8\u6dfb\u52a0\u4e00\u4e9b OTel \u76f8\u5173\u73af\u5883\u53d8\u91cf\uff0c\u540c\u65f6\u4e5f\u652f\u6301\u8fd9\u4e9b\u73af\u5883\u53d8\u91cf\u7684\u8986\u76d6\u3002\u8fd9\u4e9b\u73af\u5883\u53d8\u91cf\u7684\u8986\u76d6\u4f18\u5148\u7ea7\uff1a
original container env vars -> language specific env vars -> common env vars -> instrument spec configs' vars\n
\u4f46\u662f\u9700\u8981\u907f\u514d\u624b\u52a8\u8986\u76d6 OTEL_RESOURCE_ATTRIBUTES_NODE_NAME\uff0c\u5b83\u5728 Operator \u5185\u90e8\u4f5c\u4e3a\u4e00\u4e2a Pod \u662f\u5426\u5df2\u7ecf\u6ce8\u5165\u63a2\u9488\u7684\u6807\u8bc6\uff0c\u5982\u679c\u624b\u52a8\u6dfb\u52a0\u4e86\uff0c\u63a2\u9488\u53ef\u80fd\u65e0\u6cd5\u6ce8\u5165\u3002
"},{"location":"end-user/insight/quickstart/otel/operator.html#demo","title":"\u81ea\u52a8\u6ce8\u5165\u793a\u4f8b Demo","text":"\u6ce8\u610f\u8fd9\u4e2a annotations
\u662f\u52a0\u5728 spec.annotations \u4e0b\u7684\u3002
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: my-app\n labels:\n app: my-app\nspec:\n selector:\n matchLabels:\n app: my-app\n replicas: 1\n template:\n metadata:\n labels:\n app: my-app\n annotations:\n instrumentation.opentelemetry.io/inject-java: \"insight-system/insight-opentelemetry-autoinstrumentation\"\n spec:\n containers:\n - name: myapp\n image: jaegertracing/vertx-create-span:operator-e2e-tests\n ports:\n - containerPort: 8080\n protocol: TCP\n
\u6700\u7ec8\u751f\u6210\u7684 YAML \u5185\u5bb9\u5982\u4e0b\uff1a
apiVersion: v1\nkind: Pod\nmetadata:\n name: my-deployment-with-sidecar-565bd877dd-nqkk6\n generateName: my-deployment-with-sidecar-565bd877dd-\n namespace: default\n uid: aa89ca0d-620c-4d20-8bc1-37d67bad4ea4\n resourceVersion: '2668986'\n creationTimestamp: '2022-04-08T05:58:48Z'\n labels:\n app: my-pod-with-sidecar\n pod-template-hash: 565bd877dd\n annotations:\n cni.projectcalico.org/containerID: 234eae5e55ea53db2a4bc2c0384b9a1021ed3908f82a675e4a92a49a7e80dd61\n cni.projectcalico.org/podIP: 192.168.134.133/32\n cni.projectcalico.org/podIPs: 192.168.134.133/32\n instrumentation.opentelemetry.io/inject-java: \"insight-system/insight-opentelemetry-autoinstrumentation\"\nspec:\n volumes:\n - name: kube-api-access-sp2mz\n projected:\n sources:\n - serviceAccountToken:\n expirationSeconds: 3607\n path: token\n - configMap:\n name: kube-root-ca.crt\n items:\n - key: ca.crt\n path: ca.crt\n - downwardAPI:\n items:\n - path: namespace\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n defaultMode: 420\n - name: opentelemetry-auto-instrumentation\n emptyDir: {}\n initContainers:\n - name: opentelemetry-auto-instrumentation\n image: >-\n ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-java\n command:\n - cp\n - /javaagent.jar\n - /otel-auto-instrumentation/javaagent.jar\n resources: {}\n volumeMounts:\n - name: opentelemetry-auto-instrumentation\n mountPath: /otel-auto-instrumentation\n - name: kube-api-access-sp2mz\n readOnly: true\n mountPath: /var/run/secrets/kubernetes.io/serviceaccount\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: Always\n containers:\n - name: myapp\n image: ghcr.io/pavolloffay/spring-petclinic:latest\n env:\n - name: OTEL_JAVAAGENT_DEBUG\n value: 'true'\n - name: OTEL_INSTRUMENTATION_JDBC_ENABLED\n value: 'true'\n - name: SPLUNK_PROFILER_ENABLED\n value: 'false'\n - name: JAVA_TOOL_OPTIONS\n value: ' -javaagent:/otel-auto-instrumentation/javaagent.jar'\n - name: OTEL_TRACES_EXPORTER\n value: otlp\n - name: OTEL_EXPORTER_OTLP_ENDPOINT\n value: http://insight-agent-opentelemetry-collector.svc.cluster.local:4317\n - name: OTEL_EXPORTER_OTLP_TIMEOUT\n value: '20'\n - name: OTEL_TRACES_SAMPLER\n value: parentbased_traceidratio\n - name: OTEL_TRACES_SAMPLER_ARG\n value: '0.85'\n - name: SPLUNK_TRACE_RESPONSE_HEADER_ENABLED\n value: 'true'\n - name: OTEL_SERVICE_NAME\n value: my-deployment-with-sidecar\n - name: OTEL_RESOURCE_ATTRIBUTES_POD_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.name\n - name: OTEL_RESOURCE_ATTRIBUTES_POD_UID\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.uid\n - name: OTEL_RESOURCE_ATTRIBUTES_NODE_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: spec.nodeName\n - name: OTEL_RESOURCE_ATTRIBUTES\n value: >-\n k8s.container.name=myapp,k8s.deployment.name=my-deployment-with-sidecar,k8s.deployment.uid=8de6929d-dda0-436c-bca1-604e9ca7ea4e,k8s.namespace.name=default,k8s.node.name=$(OTEL_RESOURCE_ATTRIBUTES_NODE_NAME),k8s.pod.name=$(OTEL_RESOURCE_ATTRIBUTES_POD_NAME),k8s.pod.uid=$(OTEL_RESOURCE_ATTRIBUTES_POD_UID),k8s.replicaset.name=my-deployment-with-sidecar-565bd877dd,k8s.replicaset.uid=190d5f6e-ba7f-4794-b2e6-390b5879a6c4\n - name: OTEL_PROPAGATORS\n value: jaeger,b3\n resources: {}\n volumeMounts:\n - name: kube-api-access-sp2mz\n readOnly: true\n mountPath: /var/run/secrets/kubernetes.io/serviceaccount\n - name: opentelemetry-auto-instrumentation\n mountPath: /otel-auto-instrumentation\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: Always\n restartPolicy: Always\n terminationGracePeriodSeconds: 30\n dnsPolicy: ClusterFirst\n serviceAccountName: default\n serviceAccount: default\n nodeName: k8s-master3\n securityContext:\n runAsUser: 1000\n runAsGroup: 3000\n fsGroup: 2000\n schedulerName: default-scheduler\n tolerations:\n - key: node.kubernetes.io/not-ready\n operator: Exists\n effect: NoExecute\n tolerationSeconds: 300\n - key: node.kubernetes.io/unreachable\n operator: Exists\n effect: NoExecute\n tolerationSeconds: 300\n priority: 0\n enableServiceLinks: true\n preemptionPolicy: PreemptLowerPriority\n
"},{"location":"end-user/insight/quickstart/otel/operator.html#_5","title":"\u94fe\u8def\u67e5\u8be2","text":"\u5982\u4f55\u67e5\u8be2\u5df2\u7ecf\u63a5\u5165\u7684\u670d\u52a1\uff0c\u53c2\u8003\u94fe\u8def\u67e5\u8be2\u3002
"},{"location":"end-user/insight/quickstart/otel/otel.html","title":"\u4f7f\u7528 OTel \u8d4b\u4e88\u5e94\u7528\u53ef\u89c2\u6d4b\u6027","text":"\u589e\u5f3a\u662f\u4f7f\u5e94\u7528\u7a0b\u5e8f\u4ee3\u7801\u80fd\u591f\u751f\u6210\u9065\u6d4b\u6570\u636e\u7684\u8fc7\u7a0b\u3002\u5373\u4e00\u4e9b\u53ef\u4ee5\u5e2e\u52a9\u60a8\u76d1\u89c6\u6216\u6d4b\u91cf\u5e94\u7528\u7a0b\u5e8f\u7684\u6027\u80fd\u548c\u72b6\u6001\u7684\u4e1c\u897f\u3002
OpenTelemetry \u662f\u9886\u5148\u7684\u5f00\u6e90\u9879\u76ee\uff0c\u4e3a\u4e3b\u8981\u7f16\u7a0b\u8bed\u8a00\u548c\u6d41\u884c\u6846\u67b6\u63d0\u4f9b\u68c0\u6d4b\u5e93\u3002\u5b83\u662f\u4e91\u539f\u751f\u8ba1\u7b97\u57fa\u91d1\u4f1a\u4e0b\u7684\u4e00\u4e2a\u9879\u76ee\uff0c\u5f97\u5230\u4e86\u793e\u533a\u5e9e\u5927\u8d44\u6e90\u7684\u652f\u6301\u3002 \u5b83\u4e3a\u91c7\u96c6\u7684\u6570\u636e\u63d0\u4f9b\u6807\u51c6\u5316\u7684\u6570\u636e\u683c\u5f0f\uff0c\u65e0\u9700\u96c6\u6210\u7279\u5b9a\u7684\u4f9b\u5e94\u5546\u3002
Insight \u652f\u6301\u7528\u4e8e\u68c0\u6d4b\u5e94\u7528\u7a0b\u5e8f\u7684 OpenTelemetry \u6765\u589e\u5f3a\u60a8\u7684\u5e94\u7528\u7a0b\u5e8f\u3002
\u672c\u6307\u5357\u4ecb\u7ecd\u4e86\u4f7f\u7528 OpenTelemetry \u8fdb\u884c\u9065\u6d4b\u589e\u5f3a\u7684\u57fa\u672c\u6982\u5ff5\u3002 OpenTelemetry \u8fd8\u6709\u4e00\u4e2a\u7531\u5e93\u3001\u63d2\u4ef6\u3001\u96c6\u6210\u548c\u5176\u4ed6\u6709\u7528\u5de5\u5177\u7ec4\u6210\u7684\u751f\u6001\u7cfb\u7edf\u6765\u6269\u5c55\u5b83\u3002 \u60a8\u53ef\u4ee5\u5728 Otel Registry \u4e2d\u627e\u5230\u8fd9\u4e9b\u8d44\u6e90\u3002
\u60a8\u53ef\u4ee5\u4f7f\u7528\u4efb\u4f55\u5f00\u653e\u6807\u51c6\u5e93\u8fdb\u884c\u9065\u6d4b\u589e\u5f3a\uff0c\u5e76\u4f7f\u7528 Insight \u4f5c\u4e3a\u53ef\u89c2\u5bdf\u6027\u540e\u7aef\u6765\u6444\u53d6\u3001\u5206\u6790\u548c\u53ef\u89c6\u5316\u6570\u636e\u3002
\u4e3a\u4e86\u589e\u5f3a\u60a8\u7684\u4ee3\u7801\uff0c\u60a8\u53ef\u4ee5\u4f7f\u7528 OpenTelemetry \u4e3a\u7279\u5b9a\u8bed\u8a00\u63d0\u4f9b\u7684\u589e\u5f3a\u64cd\u4f5c\uff1a
Insight \u76ee\u524d\u63d0\u4f9b\u4e86\u4f7f\u7528 OpenTelemetry \u589e\u5f3a .Net NodeJS\u3001Java\u3001Python \u548c Golang \u5e94\u7528\u7a0b\u5e8f\u7684\u7b80\u5355\u65b9\u6cd5\u3002\u8bf7\u9075\u5faa\u4ee5\u4e0b\u6307\u5357\u3002
"},{"location":"end-user/insight/quickstart/otel/otel.html#_1","title":"\u94fe\u8def\u589e\u5f3a","text":"\u6b64\u6587\u6863\u4e3b\u8981\u63cf\u8ff0\u5ba2\u6237\u5e94\u7528\u5982\u4f55\u81ea\u884c\u5c06\u94fe\u8def\u6570\u636e\u4e0a\u62a5\u7ed9 Insight\u3002\u4e3b\u8981\u5305\u542b\u5982\u4e0b\u4e24\u79cd\u573a\u666f\uff1a
\u5728\u6bcf\u4e2a\u5df2\u5b89\u88c5 Insight Agent \u7684\u96c6\u7fa4\u4e2d\u90fd\u6709 insight-agent-otel-col \u7ec4\u4ef6\u7528\u4e8e\u7edf\u4e00\u63a5\u6536\u8be5\u96c6\u7fa4\u7684\u94fe\u8def\u6570\u636e\u3002 \u56e0\u6b64\uff0c\u8be5\u7ec4\u4ef6\u4f5c\u4e3a\u7528\u6237\u63a5\u5165\u4fa7\u7684\u5165\u53e3\uff0c\u9700\u8981\u5148\u83b7\u53d6\u8be5\u5730\u5740\u3002\u53ef\u4ee5\u901a\u8fc7 AI \u7b97\u529b\u4e2d\u5fc3 \u754c\u9762\u83b7\u53d6\u8be5\u96c6\u7fa4 Opentelemtry Collector \u7684\u5730\u5740\uff0c \u6bd4\u5982 insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317 \uff1a
\u9664\u6b64\u4e4b\u5916\uff0c\u9488\u5bf9\u4e0d\u540c\u4e0a\u62a5\u65b9\u5f0f\uff0c\u6709\u4e00\u4e9b\u7ec6\u5fae\u5dee\u522b\uff1a
"},{"location":"end-user/insight/quickstart/otel/send_tracing_to_insight.html#otel-agentsdk-insight-agent-opentelemtry-collector","title":"\u5ba2\u6237\u5e94\u7528\u901a\u8fc7 OTel Agent/SDK \u4e0a\u62a5\u94fe\u8def\u7ed9 Insight Agent Opentelemtry Collector","text":"\u4e3a\u4e86\u80fd\u591f\u5c06\u94fe\u8def\u6570\u636e\u6b63\u5e38\u4e0a\u62a5\u81f3 Insight \u5e76\u80fd\u591f\u5728 Insight \u6b63\u5e38\u5c55\u793a\uff0c\u9700\u8981\u5e76\u5efa\u8bae\u901a\u8fc7\u5982\u4e0b\u73af\u5883\u53d8\u91cf\u63d0\u4f9b OTLP \u6240\u9700\u7684\u5143\u6570\u636e (Resource Attribute)\uff0c\u6709\u4e24\u79cd\u65b9\u5f0f\u53ef\u5b9e\u73b0\uff1a
\u5728\u90e8\u7f72\u6587\u4ef6 YAML \u4e2d\u624b\u52a8\u6dfb\u52a0\uff0c\u4f8b\u5982\uff1a
...\n- name: OTEL_EXPORTER_OTLP_ENDPOINT\n value: \"http://insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317\"\n- name: \"OTEL_SERVICE_NAME\"\n value: my-java-app-name\n- name: \"OTEL_K8S_NAMESPACE\"\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n- name: OTEL_RESOURCE_ATTRIBUTES_NODE_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: spec.nodeName\n- name: OTEL_RESOURCE_ATTRIBUTES_POD_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.name\n- name: OTEL_RESOURCE_ATTRIBUTES\n value: \"k8s.namespace.name=$(OTEL_K8S_NAMESPACE),k8s.node.name=$(OTEL_RESOURCE_ATTRIBUTES_NODE_NAME),k8s.pod.name=$(OTEL_RESOURCE_ATTRIBUTES_POD_NAME)\"\n
\u5229\u7528 Insight Agent \u81ea\u52a8\u6ce8\u5165\u5982\u4e0a\u5143\u6570\u636e (Resource Attribute) \u80fd\u529b
\u786e\u4fdd Insight Agent \u6b63\u5e38\u5de5\u4f5c\u5e76 \u5b89\u88c5 Instrumentation CR \u4e4b\u540e\uff0c \u53ea\u9700\u8981\u4e3a Pod \u6dfb\u52a0\u5982\u4e0b Annotation \u5373\u53ef\uff1a
instrumentation.opentelemetry.io/inject-sdk: \"insight-system/insight-opentelemetry-autoinstrumentation\"\n
\u4e3e\u4f8b\uff1a
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: my-deployment-with-aotu-instrumentation\nspec:\n selector:\n matchLabels:\n app.kubernetes.io/name: my-deployment-with-aotu-instrumentation-kuberntes\n replicas: 1\n template:\n metadata:\n labels:\n app.kubernetes.io/name: my-deployment-with-aotu-instrumentation-kuberntes\n annotations:\n sidecar.opentelemetry.io/inject: \"false\"\n instrumentation.opentelemetry.io/inject-sdk: \"insight-system/insight-opentelemetry-autoinstrumentation\"\n
\u5728\u4fdd\u8bc1\u5e94\u7528\u6dfb\u52a0\u4e86\u5982\u4e0a\u5143\u6570\u636e\u4e4b\u540e\uff0c\u53ea\u9700\u5728\u5ba2\u6237 Opentelemtry Collector \u91cc\u9762\u65b0\u589e\u4e00\u4e2a OTLP Exporter \u5c06\u94fe\u8def\u6570\u636e\u8f6c\u53d1\u7ed9 Insight Agent Opentelemtry Collector \u5373\u53ef\uff0c\u5982\u4e0b Opentelemtry Collector \u914d\u7f6e\u6587\u4ef6\u6240\u793a\uff1a
...\nexporters:\n otlp/insight:\n endpoint: insight-opentelemetry-collector.insight-system.svc.cluster.local:4317\nservice:\n...\npipelines:\n...\ntraces:\n exporters:\n - otlp/insight\n
"},{"location":"end-user/insight/quickstart/otel/send_tracing_to_insight.html#_1","title":"\u53c2\u8003","text":"Golang \u65e0\u4fb5\u5165\u5f0f\u63a5\u5165\u94fe\u8def\u8bf7\u53c2\u8003 \u901a\u8fc7 Operator \u5b9e\u73b0\u5e94\u7528\u7a0b\u5e8f\u65e0\u4fb5\u5165\u589e\u5f3a \u6587\u6863\uff0c\u901a\u8fc7\u6ce8\u89e3\u5b9e\u73b0\u81ea\u52a8\u63a5\u5165\u94fe\u8def\u3002
OpenTelemetry \u4e5f\u7b80\u79f0\u4e3a OTel\uff0c\u662f\u4e00\u4e2a\u5f00\u6e90\u7684\u53ef\u89c2\u6d4b\u6027\u6846\u67b6\uff0c\u53ef\u4ee5\u5e2e\u52a9\u5728 Go \u5e94\u7528\u7a0b\u5e8f\u4e2d\u751f\u6210\u548c\u6536\u96c6\u9065\u6d4b\u6570\u636e\uff1a\u94fe\u8def\u3001\u6307\u6807\u548c\u65e5\u5fd7\u3002
\u672c\u6587\u4e3b\u8981\u8bb2\u89e3\u5982\u4f55\u5728 Go \u5e94\u7528\u7a0b\u5e8f\u4e2d\u901a\u8fc7 OpenTelemetry Go SDK \u589e\u5f3a\u5e76\u63a5\u5165\u94fe\u8def\u76d1\u63a7\u3002
"},{"location":"end-user/insight/quickstart/otel/golang/golang.html#otel-sdk-go_1","title":"\u4f7f\u7528 OTel SDK \u589e\u5f3a Go \u5e94\u7528","text":""},{"location":"end-user/insight/quickstart/otel/golang/golang.html#_1","title":"\u5b89\u88c5\u76f8\u5173\u4f9d\u8d56","text":"\u5fc5\u987b\u5148\u5b89\u88c5\u4e0e OpenTelemetry exporter \u548c SDK \u76f8\u5173\u7684\u4f9d\u8d56\u9879\u3002\u5982\u679c\u60a8\u6b63\u5728\u4f7f\u7528\u5176\u4ed6\u8bf7\u6c42\u8def\u7531\u5668\uff0c\u8bf7\u53c2\u8003\u8bf7\u6c42\u8def\u7531\u3002 \u5207\u6362/\u8fdb\u5165\u5230\u5e94\u7528\u7a0b\u5e8f\u6e90\u6587\u4ef6\u5939\u540e\u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a
go get go.opentelemetry.io/otel@v1.19.0 \\\n go.opentelemetry.io/otel/trace@v1.19.0 \\\n go.opentelemetry.io/otel/sdk@v1.19.0 \\\n go.opentelemetry.io/contrib/instrumentation/github.com/gin-gonic/gin/otelgin@v0.46.1 \\\n go.opentelemetry.io/otel/exporters/otlp/otlptrace@v1.19.0 \\\n go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@v1.19.0\n
"},{"location":"end-user/insight/quickstart/otel/golang/golang.html#otel-sdk","title":"\u4f7f\u7528 OTel SDK \u521b\u5efa\u521d\u59cb\u5316\u51fd\u6570","text":"\u4e3a\u4e86\u8ba9\u5e94\u7528\u7a0b\u5e8f\u80fd\u591f\u53d1\u9001\u6570\u636e\uff0c\u9700\u8981\u4e00\u4e2a\u51fd\u6570\u6765\u521d\u59cb\u5316 OpenTelemetry\u3002\u5728 main.go \u6587\u4ef6\u4e2d\u6dfb\u52a0\u4ee5\u4e0b\u4ee3\u7801\u7247\u6bb5:
import (\n \"context\"\n \"os\"\n \"time\"\n\n \"go.opentelemetry.io/otel\"\n \"go.opentelemetry.io/otel/exporters/otlp/otlptrace\"\n \"go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc\"\n \"go.opentelemetry.io/otel/propagation\"\n \"go.opentelemetry.io/otel/sdk/resource\"\n sdktrace \"go.opentelemetry.io/otel/sdk/trace\"\n semconv \"go.opentelemetry.io/otel/semconv/v1.7.0\"\n \"go.uber.org/zap\"\n \"google.golang.org/grpc\"\n)\n\nvar tracerExp *otlptrace.Exporter\n\nfunc retryInitTracer() func() {\n var shutdown func()\n go func() {\n for {\n // otel will reconnected and re-send spans when otel col recover. so, we don't need to re-init tracer exporter.\n if tracerExp == nil {\n shutdown = initTracer()\n } else {\n break\n }\n time.Sleep(time.Minute * 5)\n }\n }()\n return shutdown\n}\n\nfunc initTracer() func() {\n // temporarily set timeout to 10s\n ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)\n defer cancel()\n\n serviceName, ok := os.LookupEnv(\"OTEL_SERVICE_NAME\")\n if !ok {\n serviceName = \"server_name\"\n os.Setenv(\"OTEL_SERVICE_NAME\", serviceName)\n }\n otelAgentAddr, ok := os.LookupEnv(\"OTEL_EXPORTER_OTLP_ENDPOINT\")\n if !ok {\n otelAgentAddr = \"http://localhost:4317\"\n os.Setenv(\"OTEL_EXPORTER_OTLP_ENDPOINT\", otelAgentAddr)\n }\n zap.S().Infof(\"OTLP Trace connect to: %s with service name: %s\", otelAgentAddr, serviceName)\n\n traceExporter, err := otlptracegrpc.New(ctx, otlptracegrpc.WithInsecure(), otlptracegrpc.WithDialOption(grpc.WithBlock()))\n if err != nil {\n handleErr(err, \"OTLP Trace gRPC Creation\")\n return nil\n }\n\n tracerProvider := sdktrace.NewTracerProvider(\n sdktrace.WithBatcher(traceExporter),\n sdktrace.WithSampler(sdktrace.AlwaysSample()),\n sdktrace.WithResource(resource.NewWithAttributes(semconv.SchemaURL)))\n\n otel.SetTracerProvider(tracerProvider)\n otel.SetTextMapPropagator(propagation.NewCompositeTextMapPropagator(propagation.TraceContext{}, propagation.Baggage{}))\n\n tracerExp = traceExporter\n return func() {\n // Shutdown will flush any remaining spans and shut down the exporter.\n handleErr(tracerProvider.Shutdown(ctx), \"failed to shutdown TracerProvider\")\n }\n}\n\nfunc handleErr(err error, message string) {\n if err != nil {\n zap.S().Errorf(\"%s: %v\", message, err)\n }\n}\n
"},{"location":"end-user/insight/quickstart/otel/golang/golang.html#maingo","title":"\u5728 main.go \u4e2d\u521d\u59cb\u5316\u8ddf\u8e2a\u5668","text":"\u4fee\u6539 main \u51fd\u6570\u4ee5\u5728 main.go \u4e2d\u521d\u59cb\u5316\u8ddf\u8e2a\u5668\u3002\u53e6\u5916\u5f53\u60a8\u7684\u670d\u52a1\u5173\u95ed\u65f6\uff0c\u5e94\u8be5\u8c03\u7528 TracerProvider.Shutdown() \u786e\u4fdd\u5bfc\u51fa\u6240\u6709 Span\u3002\u8be5\u670d\u52a1\u5c06\u8be5\u8c03\u7528\u4f5c\u4e3a\u4e3b\u51fd\u6570\u4e2d\u7684\u5ef6\u8fdf\u51fd\u6570\uff1a
func main() {\n // start otel tracing\n if shutdown := retryInitTracer(); shutdown != nil {\n defer shutdown()\n }\n ......\n}\n
"},{"location":"end-user/insight/quickstart/otel/golang/golang.html#otel-gin","title":"\u4e3a\u5e94\u7528\u6dfb\u52a0 OTel Gin \u4e2d\u95f4\u4ef6","text":"\u901a\u8fc7\u5728 main.go \u4e2d\u6dfb\u52a0\u4ee5\u4e0b\u884c\u6765\u914d\u7f6e Gin \u4ee5\u4f7f\u7528\u4e2d\u95f4\u4ef6:
import (\n ....\n \"go.opentelemetry.io/contrib/instrumentation/github.com/gin-gonic/gin/otelgin\"\n)\n\nfunc main() {\n ......\n r := gin.Default()\n r.Use(otelgin.Middleware(\"my-app\"))\n ......\n}\n
"},{"location":"end-user/insight/quickstart/otel/golang/golang.html#_2","title":"\u8fd0\u884c\u5e94\u7528\u7a0b\u5e8f","text":"\u672c\u5730\u8c03\u8bd5\u8fd0\u884c
\u6ce8\u610f: \u6b64\u6b65\u9aa4\u4ec5\u7528\u4e8e\u672c\u5730\u5f00\u53d1\u8c03\u8bd5\uff0c\u751f\u4ea7\u73af\u5883\u4e2d Operator \u4f1a\u81ea\u52a8\u5b8c\u6210\u4ee5\u4e0b\u73af\u5883\u53d8\u91cf\u7684\u6ce8\u5165\u3002
\u4ee5\u4e0a\u6b65\u9aa4\u5df2\u7ecf\u5b8c\u6210\u4e86\u521d\u59cb\u5316 SDK \u7684\u5de5\u4f5c\uff0c\u73b0\u5728\u5982\u679c\u9700\u8981\u5728\u672c\u5730\u5f00\u53d1\u8fdb\u884c\u8c03\u8bd5\uff0c\u9700\u8981\u63d0\u524d\u83b7\u53d6\u5230 insight-system \u547d\u540d\u7a7a\u95f4\u4e0b insight-agent-opentelemerty-collector \u7684\u5730\u5740\uff0c\u5047\u8bbe\u4e3a\uff1a insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317 \u3002
\u56e0\u6b64\uff0c\u53ef\u4ee5\u5728\u4f60\u672c\u5730\u542f\u52a8\u5e94\u7528\u7a0b\u5e8f\u7684\u65f6\u5019\u6dfb\u52a0\u5982\u4e0b\u73af\u5883\u53d8\u91cf\uff1a
OTEL_SERVICE_NAME=my-golang-app OTEL_EXPORTER_OTLP_ENDPOINT=http://insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317 go run main.go...\n
\u751f\u4ea7\u73af\u5883\u8fd0\u884c
\u8bf7\u53c2\u8003\u901a\u8fc7 Operator \u5b9e\u73b0\u5e94\u7528\u7a0b\u5e8f\u65e0\u4fb5\u5165\u589e\u5f3a \u4e2d \u53ea\u6ce8\u5165\u73af\u5883\u53d8\u91cf\u6ce8\u89e3 \u76f8\u5173\u4ecb\u7ecd\uff0c\u4e3a deployment yaml \u6dfb\u52a0\u6ce8\u89e3\uff1a
instrumentation.opentelemetry.io/inject-sdk: \"insight-system/insight-opentelemetry-autoinstrumentation\"\n
\u5982\u679c\u65e0\u6cd5\u4f7f\u7528\u6ce8\u89e3\u7684\u65b9\u5f0f\uff0c\u60a8\u53ef\u4ee5\u624b\u52a8\u5728 deployment yaml \u6dfb\u52a0\u5982\u4e0b\u73af\u5883\u53d8\u91cf\uff1a
\u00b7\u00b7\u00b7\u00b7\u00b7\u00b7\nenv:\n - name: OTEL_EXPORTER_OTLP_ENDPOINT\n value: 'http://insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317'\n - name: OTEL_SERVICE_NAME\n value: \"your depolyment name\" # (1)!\n - name: OTEL_K8S_NAMESPACE\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n - name: OTEL_RESOURCE_ATTRIBUTES_NODE_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: spec.nodeName\n - name: OTEL_RESOURCE_ATTRIBUTES_POD_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.name\n - name: OTEL_RESOURCE_ATTRIBUTES\n value: 'k8s.namespace.name=$(OTEL_K8S_NAMESPACE),k8s.node.name=$(OTEL_RESOURCE_ATTRIBUTES_NODE_NAME),k8s.pod.name=$(OTEL_RESOURCE_ATTRIBUTES_POD_NAME)'\n\u00b7\u00b7\u00b7\u00b7\u00b7\u00b7\n
# Add one line to your import() stanza depending upon your request router:\nmiddleware \"go.opentelemetry.io/contrib/instrumentation/github.com/gin-gonic/gin/otelgin\"\n
\u7136\u540e\u6ce8\u5165 OpenTelemetry \u4e2d\u95f4\u4ef6\uff1a
router.Use(middleware.Middleware(\"my-app\"))\n
"},{"location":"end-user/insight/quickstart/otel/golang/golang.html#opentelemetry-gorillamux","title":"OpenTelemetry gorillamux \u589e\u5f3a","text":"# Add one line to your import() stanza depending upon your request router:\nmiddleware \"go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux\"\n
\u7136\u540e\u6ce8\u5165 OpenTelemetry \u4e2d\u95f4\u4ef6\uff1a
router.Use(middleware.Middleware(\"my-app\"))\n
"},{"location":"end-user/insight/quickstart/otel/golang/golang.html#grpc","title":"gRPC \u589e\u5f3a","text":"\u540c\u6837\uff0cOpenTelemetry \u4e5f\u53ef\u4ee5\u5e2e\u52a9\u60a8\u81ea\u52a8\u68c0\u6d4b gRPC \u8bf7\u6c42\u3002\u8981\u68c0\u6d4b\u60a8\u62e5\u6709\u7684\u4efb\u4f55 gRPC \u670d\u52a1\u5668\uff0c\u8bf7\u5c06\u62e6\u622a\u5668\u6dfb\u52a0\u5230\u670d\u52a1\u5668\u7684\u5b9e\u4f8b\u5316\u4e2d\u3002
import (\n grpcotel \"go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc\"\n)\nfunc main() {\n [...]\n\n s := grpc.NewServer(\n grpc.UnaryInterceptor(grpcotel.UnaryServerInterceptor()),\n grpc.StreamInterceptor(grpcotel.StreamServerInterceptor()),\n )\n}\n
\u9700\u8981\u6ce8\u610f\u7684\u662f\uff0c\u5982\u679c\u4f60\u7684\u7a0b\u5e8f\u91cc\u9762\u4f7f\u7528\u5230\u4e86 Grpc Client \u8c03\u7528\u7b2c\u4e09\u65b9\u670d\u52a1\uff0c\u4f60\u8fd8\u9700\u8981\u5bf9 Grpc Client \u6dfb\u52a0\u62e6\u622a\u5668\uff1a
[...]\n\n conn, err := grpc.Dial(addr, grpc.WithTransportCredentials(insecure.NewCredentials()),\n grpc.WithUnaryInterceptor(otelgrpc.UnaryClientInterceptor()),\n grpc.WithStreamInterceptor(otelgrpc.StreamClientInterceptor()),\n )\n
"},{"location":"end-user/insight/quickstart/otel/golang/golang.html#_4","title":"\u5982\u679c\u4e0d\u4f7f\u7528\u8bf7\u6c42\u8def\u7531","text":"import (\n \"go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp\"\n)\n
\u5728\u5c06 http.Handler \u4f20\u9012\u7ed9 ServeMux \u7684\u6bcf\u4e2a\u5730\u65b9\uff0c\u60a8\u90fd\u5c06\u5305\u88c5\u5904\u7406\u7a0b\u5e8f\u51fd\u6570\u3002\u4f8b\u5982\uff0c\u5c06\u8fdb\u884c\u4ee5\u4e0b\u66ff\u6362\uff1a
- mux.Handle(\"/path\", h)\n+ mux.Handle(\"/path\", otelhttp.NewHandler(h, \"description of path\"))\n---\n- mux.Handle(\"/path\", http.HandlerFunc(f))\n+ mux.Handle(\"/path\", otelhttp.NewHandler(http.HandlerFunc(f), \"description of path\"))\n
\u901a\u8fc7\u8fd9\u79cd\u65b9\u5f0f\uff0c\u60a8\u53ef\u4ee5\u786e\u4fdd\u4f7f\u7528 othttp \u5305\u88c5\u7684\u6bcf\u4e2a\u51fd\u6570\u90fd\u4f1a\u81ea\u52a8\u6536\u96c6\u5176\u5143\u6570\u636e\u5e76\u542f\u52a8\u76f8\u5e94\u7684\u8ddf\u8e2a\u3002
"},{"location":"end-user/insight/quickstart/otel/golang/golang.html#_5","title":"\u6570\u636e\u5e93\u8bbf\u95ee\u589e\u5f3a","text":""},{"location":"end-user/insight/quickstart/otel/golang/golang.html#golang-gorm","title":"Golang Gorm","text":"OpenTelemetry \u793e\u533a\u4e5f\u5f00\u53d1\u4e86\u6570\u636e\u5e93\u8bbf\u95ee\u5e93\u7684\u4e2d\u95f4\u4ef6\uff0c\u6bd4\u5982 Gorm:
import (\n \"github.com/uptrace/opentelemetry-go-extra/otelgorm\"\n \"gorm.io/driver/sqlite\"\n \"gorm.io/gorm\"\n)\n\ndb, err := gorm.Open(sqlite.Open(\"file::memory:?cache=shared\"), &gorm.Config{})\nif err != nil {\n panic(err)\n}\n\notelPlugin := otelgorm.NewPlugin(otelgorm.WithDBName(\"mydb\"), # \u7f3a\u5931\u4f1a\u5bfc\u81f4\u6570\u636e\u5e93\u76f8\u5173\u62d3\u6251\u5c55\u793a\u4e0d\u5b8c\u6574\n otelgorm.WithAttributes(semconv.ServerAddress(\"memory\"))) # \u7f3a\u5931\u4f1a\u5bfc\u81f4\u6570\u636e\u5e93\u76f8\u5173\u62d3\u6251\u5c55\u793a\u4e0d\u5b8c\u6574\nif err := db.Use(otelPlugin); err != nil {\n panic(err)\n}\n
"},{"location":"end-user/insight/quickstart/otel/golang/golang.html#span","title":"\u81ea\u5b9a\u4e49 Span","text":"\u5f88\u591a\u65f6\u5019\uff0cOpenTelemetry \u63d0\u4f9b\u7684\u4e2d\u95f4\u4ef6\u4e0d\u80fd\u5e2e\u52a9\u6211\u4eec\u8bb0\u5f55\u66f4\u591a\u5185\u90e8\u8c03\u7528\u7684\u51fd\u6570\uff0c\u9700\u8981\u6211\u4eec\u81ea\u5b9a\u4e49 Span \u6765\u8bb0\u5f55
\u00b7\u00b7\u00b7\u00b7\u00b7\u00b7\n _, span := otel.Tracer(\"GetServiceDetail\").Start(ctx,\n \"spanMetricDao.GetServiceDetail\",\n trace.WithSpanKind(trace.SpanKindInternal))\n defer span.End()\n \u00b7\u00b7\u00b7\u00b7\u00b7\u00b7\n
"},{"location":"end-user/insight/quickstart/otel/golang/golang.html#span_1","title":"\u5411 span \u6dfb\u52a0\u81ea\u5b9a\u4e49\u5c5e\u6027\u548c\u4e8b\u4ef6","text":"\u4e5f\u53ef\u4ee5\u5c06\u81ea\u5b9a\u4e49\u5c5e\u6027\u6216\u6807\u7b7e\u8bbe\u7f6e\u4e3a Span\u3002\u8981\u6dfb\u52a0\u81ea\u5b9a\u4e49\u5c5e\u6027\u548c\u4e8b\u4ef6\uff0c\u8bf7\u6309\u7167\u4ee5\u4e0b\u6b65\u9aa4\u64cd\u4f5c\uff1a
"},{"location":"end-user/insight/quickstart/otel/golang/golang.html#_6","title":"\u5bfc\u5165\u8ddf\u8e2a\u548c\u5c5e\u6027\u5e93","text":"import (\n ...\n \"go.opentelemetry.io/otel/attribute\"\n \"go.opentelemetry.io/otel/trace\"\n)\n
"},{"location":"end-user/insight/quickstart/otel/golang/golang.html#span_2","title":"\u4ece\u4e0a\u4e0b\u6587\u4e2d\u83b7\u53d6\u5f53\u524d Span","text":"span := trace.SpanFromContext(c.Request.Context())\n
"},{"location":"end-user/insight/quickstart/otel/golang/golang.html#span_3","title":"\u5728\u5f53\u524d Span \u4e2d\u8bbe\u7f6e\u5c5e\u6027","text":"span.SetAttributes(attribute.String(\"controller\", \"books\"))\n
"},{"location":"end-user/insight/quickstart/otel/golang/golang.html#span-event","title":"\u4e3a\u5f53\u524d Span \u6dfb\u52a0 Event","text":"\u6dfb\u52a0 span \u4e8b\u4ef6\u662f\u4f7f\u7528 span \u5bf9\u8c61\u4e0a\u7684 AddEvent \u5b8c\u6210\u7684\u3002
span.AddEvent(msg)\n
"},{"location":"end-user/insight/quickstart/otel/golang/golang.html#_7","title":"\u8bb0\u5f55\u9519\u8bef\u548c\u5f02\u5e38","text":"import \"go.opentelemetry.io/otel/codes\"\n\n// \u83b7\u53d6\u5f53\u524d span\nspan := trace.SpanFromContext(ctx)\n\n// RecordError \u4f1a\u81ea\u52a8\u5c06\u4e00\u4e2a\u9519\u8bef\u8f6c\u6362\u6210 span even\nspan.RecordError(err)\n\n// \u6807\u8bb0\u8fd9\u4e2a span \u9519\u8bef\nspan.SetStatus(codes.Error, \"internal error\")\n
"},{"location":"end-user/insight/quickstart/otel/golang/golang.html#_8","title":"\u53c2\u8003","text":"\u6709\u5173 Demo \u6f14\u793a\u8bf7\u53c2\u8003\uff1a - opentelemetry-demo/productcatalogservice - opentelemetry-collector-contrib/demo
"},{"location":"end-user/insight/quickstart/otel/golang/meter.html","title":"\u4f7f\u7528 OTel SDK \u4e3a\u5e94\u7528\u7a0b\u5e8f\u66b4\u9732\u6307\u6807","text":"\u672c\u6587\u4ec5\u4f9b\u5e0c\u671b\u8bc4\u4f30\u6216\u63a2\u7d22\u6b63\u5728\u5f00\u53d1\u7684 OTLP \u6307\u6807\u7684\u7528\u6237\u53c2\u8003\u3002
OpenTelemetry \u9879\u76ee\u8981\u6c42\u4ee5\u5fc5\u987b\u5728 OpenTelemetry \u534f\u8bae (OTLP) \u4e2d\u53d1\u51fa\u6570\u636e\u7684\u8bed\u8a00\u63d0\u4f9b API \u548c SDK\u3002
"},{"location":"end-user/insight/quickstart/otel/golang/meter.html#golang","title":"\u9488\u5bf9 Golang \u5e94\u7528\u7a0b\u5e8f","text":"Golang \u53ef\u4ee5\u901a\u8fc7 sdk \u66b4\u9732 runtime \u6307\u6807\uff0c\u5177\u4f53\u6765\u8bf4\uff0c\u5728\u5e94\u7528\u4e2d\u6dfb\u52a0\u4ee5\u4e0b\u65b9\u6cd5\u5f00\u542f metrics \u66b4\u9732\u5668\uff1a
"},{"location":"end-user/insight/quickstart/otel/golang/meter.html#_1","title":"\u5b89\u88c5\u76f8\u5173\u4f9d\u8d56","text":"\u5207\u6362/\u8fdb\u5165\u5230\u5e94\u7528\u7a0b\u5e8f\u6e90\u6587\u4ef6\u5939\u540e\u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a
go get go.opentelemetry.io/otel \\\n go.opentelemetry.io/otel/attribute \\\n go.opentelemetry.io/otel/exporters/prometheus \\\n go.opentelemetry.io/otel/metric/global \\\n go.opentelemetry.io/otel/metric/instrument \\\n go.opentelemetry.io/otel/sdk/metric\n
"},{"location":"end-user/insight/quickstart/otel/golang/meter.html#otel-sdk_1","title":"\u4f7f\u7528 OTel SDK \u521b\u5efa\u521d\u59cb\u5316\u51fd\u6570","text":"import (\n .....\n\n \"go.opentelemetry.io/otel/attribute\"\n otelPrometheus \"go.opentelemetry.io/otel/exporters/prometheus\"\n \"go.opentelemetry.io/otel/metric/global\"\n \"go.opentelemetry.io/otel/metric/instrument\"\n \"go.opentelemetry.io/otel/sdk/metric/aggregator/histogram\"\n controller \"go.opentelemetry.io/otel/sdk/metric/controller/basic\"\n \"go.opentelemetry.io/otel/sdk/metric/export/aggregation\"\n processor \"go.opentelemetry.io/otel/sdk/metric/processor/basic\"\n selector \"go.opentelemetry.io/otel/sdk/metric/selector/simple\"\n)\nfunc (s *insightServer) initMeter() *otelPrometheus.Exporter {\n s.meter = global.Meter(\"xxx\")\n\n config := otelPrometheus.Config{\n DefaultHistogramBoundaries: []float64{1, 2, 5, 10, 20, 50},\n Gatherer: prometheus.DefaultGatherer,\n Registry: prometheus.NewRegistry(),\n Registerer: prometheus.DefaultRegisterer,\n }\n\n c := controller.New(\n processor.NewFactory(\n selector.NewWithHistogramDistribution(\n histogram.WithExplicitBoundaries(config.DefaultHistogramBoundaries),\n ),\n aggregation.CumulativeTemporalitySelector(),\n processor.WithMemory(true),\n ),\n )\n\n exporter, err := otelPrometheus.New(config, c)\n if err != nil {\n zap.S().Panicf(\"failed to initialize prometheus exporter %v\", err)\n }\n\n global.SetMeterProvider(exporter.MeterProvider())\n\n http.HandleFunc(\"/metrics\", exporter.ServeHTTP)\n\n go func() {\n _ = http.ListenAndServe(fmt.Sprintf(\":%d\", 8888), nil)\n }()\n\n zap.S().Info(\"Prometheus server running on \", fmt.Sprintf(\":%d\", port))\n return exporter\n}\n
\u4ee5\u4e0a\u65b9\u6cd5\u4f1a\u4e3a\u60a8\u7684\u5e94\u7528\u66b4\u9732\u4e00\u4e2a\u6307\u6807\u63a5\u53e3: http://localhost:8888/metrics
\u968f\u540e\uff0c\u5728 main.go \u4e2d\u5bf9\u5176\u8fdb\u884c\u521d\u59cb\u5316\uff1a
func main() {\n\u00b7\u00b7\u00b7\u00b7\u00b7\u00b7\n tp := initMeter()\n\u00b7\u00b7\u00b7\u00b7\u00b7\u00b7\n}\n
\u6b64\u5916\uff0c\u5982\u679c\u60f3\u6dfb\u52a0\u81ea\u5b9a\u4e49\u6307\u6807\uff0c\u53ef\u4ee5\u53c2\u8003\uff1a
// exposeClusterMetric expose metric like \"insight_logging_count{} 1\"\nfunc (s *insightServer) exposeLoggingMetric(lserver *log.LogService) {\n s.meter = global.Meter(\"insight.io/basic\")\n\n var lock sync.Mutex\n logCounter, err := s.meter.AsyncFloat64().Counter(\"insight_log_total\")\n if err != nil {\n zap.S().Panicf(\"failed to initialize instrument: %v\", err)\n }\n\n _ = s.meter.RegisterCallback([]instrument.Asynchronous{logCounter}, func(ctx context.Context) {\n lock.Lock()\n defer lock.Unlock()\n count, err := lserver.Count(ctx)\n if err == nil || count != -1 {\n logCounter.Observe(ctx, float64(count))\n }\n })\n}\n
\u968f\u540e\uff0c\u5728 main.go \u8c03\u7528\u8be5\u65b9\u6cd5\uff1a
\u00b7\u00b7\u00b7\u00b7\u00b7\u00b7\ns.exposeLoggingMetric(lservice)\n\u00b7\u00b7\u00b7\u00b7\u00b7\u00b7\n
\u60a8\u53ef\u4ee5\u901a\u8fc7\u8bbf\u95ee http://localhost:8888/metrics \u6765\u68c0\u67e5\u60a8\u7684\u6307\u6807\u662f\u5426\u6b63\u5e38\u5de5\u4f5c\u3002
"},{"location":"end-user/insight/quickstart/otel/golang/meter.html#java","title":"\u9488\u5bf9 Java \u5e94\u7528\u7a0b\u5e8f","text":"Java \u5728\u4f7f\u7528 otel agent \u5728\u5b8c\u6210\u94fe\u8def\u7684\u81ea\u52a8\u63a5\u5165\u7684\u57fa\u7840\u4e0a\uff0c\u901a\u8fc7\u6dfb\u52a0\u73af\u5883\u53d8\u91cf\uff1a
OTEL_METRICS_EXPORTER=prometheus\n
\u5c31\u53ef\u4ee5\u76f4\u63a5\u66b4\u9732 JVM \u76f8\u5173\u6307\u6807\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7\u8bbf\u95ee http://localhost:8888/metrics \u6765\u68c0\u67e5\u60a8\u7684\u6307\u6807\u662f\u5426\u6b63\u5e38\u5de5\u4f5c\u3002
\u968f\u540e\uff0c\u518d\u914d\u5408 prometheus serviceMonitor \u5373\u53ef\u5b8c\u6210\u6307\u6807\u7684\u63a5\u5165\u3002 \u5982\u679c\u60f3\u66b4\u9732\u81ea\u5b9a\u4e49\u6307\u6807\u8bf7\u53c2\u9605 opentelemetry-java-docs/prometheus\u3002
\u4e3b\u8981\u5206\u4ee5\u4e0b\u4e24\u6b65\uff1a
\u521b\u5efa meter provider\uff0c\u5e76\u6307\u5b9a prometheus \u4f5c\u4e3a exporter\u3002
/*\n* Copyright The OpenTelemetry Authors\n* SPDX-License-Identifier: Apache-2.0\n*/\n\npackage io.opentelemetry.example.prometheus;\n\nimport io.opentelemetry.api.metrics.MeterProvider;\nimport io.opentelemetry.exporter.prometheus.PrometheusHttpServer;\nimport io.opentelemetry.sdk.metrics.SdkMeterProvider;\nimport io.opentelemetry.sdk.metrics.export.MetricReader;\n\npublic final class ExampleConfiguration {\n\n /**\n * Initializes the Meter SDK and configures the prometheus collector with all default settings.\n *\n * @param prometheusPort the port to open up for scraping.\n * @return A MeterProvider for use in instrumentation.\n */\n static MeterProvider initializeOpenTelemetry(int prometheusPort) {\n MetricReader prometheusReader = PrometheusHttpServer.builder().setPort(prometheusPort).build();\n\n return SdkMeterProvider.builder().registerMetricReader(prometheusReader).build();\n }\n}\n
\u81ea\u5b9a\u4e49 meter \u5e76\u5f00\u542f http server
package io.opentelemetry.example.prometheus;\n\nimport io.opentelemetry.api.common.Attributes;\nimport io.opentelemetry.api.metrics.Meter;\nimport io.opentelemetry.api.metrics.MeterProvider;\nimport java.util.concurrent.ThreadLocalRandom;\n\n/**\n* Example of using the PrometheusHttpServer to convert OTel metrics to Prometheus format and expose\n* these to a Prometheus instance via a HttpServer exporter.\n*\n* <p>A Gauge is used to periodically measure how many incoming messages are awaiting processing.\n* The Gauge callback gets executed every collection interval.\n*/\npublic final class PrometheusExample {\n private long incomingMessageCount;\n\n public PrometheusExample(MeterProvider meterProvider) {\n Meter meter = meterProvider.get(\"PrometheusExample\");\n meter\n .gaugeBuilder(\"incoming.messages\")\n .setDescription(\"No of incoming messages awaiting processing\")\n .setUnit(\"message\")\n .buildWithCallback(result -> result.record(incomingMessageCount, Attributes.empty()));\n }\n\n void simulate() {\n for (int i = 500; i > 0; i--) {\n try {\n System.out.println(\n i + \" Iterations to go, current incomingMessageCount is: \" + incomingMessageCount);\n incomingMessageCount = ThreadLocalRandom.current().nextLong(100);\n Thread.sleep(1000);\n } catch (InterruptedException e) {\n // ignored here\n }\n }\n }\n\n public static void main(String[] args) {\n int prometheusPort = 8888;\n\n // it is important to initialize the OpenTelemetry SDK as early as possible in your process.\n MeterProvider meterProvider = ExampleConfiguration.initializeOpenTelemetry(prometheusPort);\n\n PrometheusExample prometheusExample = new PrometheusExample(meterProvider);\n\n prometheusExample.simulate();\n\n System.out.println(\"Exiting\");\n }\n}\n
\u968f\u540e\uff0c\u5f85 java \u5e94\u7528\u7a0b\u5e8f\u8fd0\u884c\u4e4b\u540e\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7\u8bbf\u95ee http://localhost:8888/metrics \u6765\u68c0\u67e5\u60a8\u7684\u6307\u6807\u662f\u5426\u6b63\u5e38\u5de5\u4f5c\u3002
"},{"location":"end-user/insight/quickstart/otel/golang/meter.html#insight","title":"Insight \u91c7\u96c6\u6307\u6807","text":"\u6700\u540e\u91cd\u8981\u7684\u662f\uff0c\u60a8\u5df2\u7ecf\u5728\u5e94\u7528\u7a0b\u5e8f\u4e2d\u66b4\u9732\u51fa\u4e86\u6307\u6807\uff0c\u73b0\u5728\u9700\u8981 Insight \u6765\u91c7\u96c6\u6307\u6807\u3002
\u63a8\u8350\u7684\u6307\u6807\u66b4\u9732\u65b9\u5f0f\u662f\u901a\u8fc7 servicemonitor \u6216\u8005 podmonitor\u3002
"},{"location":"end-user/insight/quickstart/otel/golang/meter.html#servicemonitorpodmonitor","title":"\u521b\u5efa servicemonitor/podmonitor","text":"\u6dfb\u52a0\u7684 servicemonitor/podmonitor \u9700\u8981\u6253\u4e0a label\uff1a\"operator.insight.io/managed-by\": \"insight\" \u624d\u4f1a\u88ab Operator \u8bc6\u522b\uff1a
apiVersion: monitoring.coreos.com/v1\nkind: ServiceMonitor\nmetadata:\n name: example-app\n labels:\n operator.insight.io/managed-by: insight\nspec:\n selector:\n matchLabels:\n app: example-app\n endpoints:\n - port: web\n namespaceSelector:\n any: true\n
"},{"location":"end-user/insight/quickstart/otel/java/index.html","title":"\u5f00\u59cb\u76d1\u63a7 Java \u5e94\u7528","text":"Java \u5e94\u7528\u94fe\u8def\u63a5\u5165\u4e0e\u76d1\u63a7\u8bf7\u53c2\u8003\u901a\u8fc7 Operator \u5b9e\u73b0\u5e94\u7528\u7a0b\u5e8f\u65e0\u4fb5\u5165\u589e\u5f3a \u6587\u6863\uff0c\u901a\u8fc7\u6ce8\u89e3\u5b9e\u73b0\u81ea\u52a8\u63a5\u5165\u94fe\u8def\u3002
Java \u5e94\u7528\u7684 JVM \u8fdb\u884c\u76d1\u63a7\uff1a\u5df2\u7ecf\u66b4\u9732 JVM \u6307\u6807\u548c\u4ecd\u672a\u66b4\u9732 JVM \u6307\u6807\u7684 Java \u5e94\u7528\u5982\u4f55\u4e0e\u53ef\u89c2\u6d4b\u6027 Insight \u5bf9\u63a5\u3002
\u5982\u679c\u60a8\u7684 Java \u5e94\u7528\u672a\u5f00\u59cb\u66b4\u9732 JVM \u6307\u6807\uff0c\u60a8\u53ef\u4ee5\u53c2\u8003\u5982\u4e0b\u6587\u6863\uff1a
\u5982\u679c\u60a8\u7684 Java \u5e94\u7528\u5df2\u7ecf\u66b4\u9732 JVM \u6307\u6807\uff0c\u60a8\u53ef\u4ee5\u53c2\u8003\u5982\u4e0b\u6587\u6863\uff1a
\u5c06 TraceId \u548c SpanId \u5199\u5165 Java \u5e94\u7528\u65e5\u5fd7, \u5b9e\u73b0\u94fe\u8def\u6570\u636e\u4e0e\u65e5\u5fd7\u6570\u636e\u5173\u8054
\u672c\u6587\u4ecb\u7ecd\u5982\u4f55\u4f7f\u7528 OpenTelemetry \u5c06 TraceId \u548c SpanId \u81ea\u52a8\u5199\u5165 Java \u5e94\u7528\u65e5\u5fd7\u3002 TraceId \u4e0e SpanId \u5199\u5165\u65e5\u5fd7\u540e\uff0c\u60a8\u53ef\u4ee5\u5c06\u5206\u5e03\u5f0f\u94fe\u8def\u6570\u636e\u4e0e\u65e5\u5fd7\u6570\u636e\u5173\u8054\u8d77\u6765\uff0c\u5b9e\u73b0\u66f4\u9ad8\u6548\u7684\u6545\u969c\u8bca\u65ad\u548c\u6027\u80fd\u5206\u6790\u3002
"},{"location":"end-user/insight/quickstart/otel/java/mdc.html#_1","title":"\u652f\u6301\u7684\u65e5\u5fd7\u5e93","text":"\u66f4\u591a\u4fe1\u606f\uff0c\u8bf7\u53c2\u89c1 Logger MDC auto-instrumentation\u3002
\u65e5\u5fd7\u6846\u67b6 \u652f\u6301\u81ea\u52a8\u57cb\u70b9\u7684\u7248\u672c \u624b\u52a8\u57cb\u70b9\u9700\u8981\u5f15\u5165\u7684\u4f9d\u8d56 Log4j 1 1.2+ \u65e0 Log4j 2 2.7+ opentelemetry-log4j-context-data-2.17-autoconfigure Logback 1.0+ opentelemetry-logback-mdc-1.0"},{"location":"end-user/insight/quickstart/otel/java/mdc.html#logbackspringboot","title":"\u4f7f\u7528 Logback\uff08SpringBoot \u9879\u76ee\uff09","text":"Spring Boot \u9879\u76ee\u5185\u7f6e\u4e86\u65e5\u5fd7\u6846\u67b6\uff0c\u5e76\u4e14\u9ed8\u8ba4\u4f7f\u7528 Logback \u4f5c\u4e3a\u5176\u65e5\u5fd7\u5b9e\u73b0\u3002\u5982\u679c\u60a8\u7684 Java \u9879\u76ee\u4e3a SpringBoot \u9879\u76ee\uff0c\u53ea\u9700\u5c11\u91cf\u914d\u7f6e\u5373\u53ef\u5c06 TraceId \u5199\u5165\u65e5\u5fd7\u3002
\u5728 application.properties
\u4e2d\u8bbe\u7f6e logging.pattern.level
\uff0c\u6dfb\u52a0 %mdc{trace_id}
\u4e0e %mdc{span_id}
\u5230\u65e5\u5fd7\u4e2d\u3002
logging.pattern.level=trace_id=%mdc{trace_id} span_id=%mdc{span_id} %5p ....\u7701\u7565...\n
\u4ee5\u4e0b\u4e3a\u65e5\u5fd7\u793a\u4f8b\uff1a
2024-06-26 10:56:31.200 trace_id=8f7ebd8a73f9a8f50e6a00a87a20952a span_id=1b08f18b8858bb9a INFO 53724 --- [nio-8081-exec-1] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring DispatcherServlet 'dispatcherServlet'\n2024-06-26 10:56:31.201 trace_id=8f7ebd8a73f9a8f50e6a00a87a20952a span_id=1b08f18b8858bb9a INFO 53724 --- [nio-8081-exec-1] o.s.web.servlet.DispatcherServlet : Initializing Servlet 'dispatcherServlet'\n2024-06-26 10:56:31.209 trace_id=8f7ebd8a73f9a8f50e6a00a87a20952a span_id=1b08f18b8858bb9a INFO 53724 --- [nio-8081-exec-1] o.s.web.servlet.DispatcherServlet : Completed initialization in 8 ms\n2024-06-26 10:56:31.296 trace_id=8f7ebd8a73f9a8f50e6a00a87a20952a span_id=5743699405074f4e INFO 53724 --- [nio-8081-exec-1] com.example.httpserver.ot.OTServer : hello world\n
"},{"location":"end-user/insight/quickstart/otel/java/mdc.html#log4j2","title":"\u4f7f\u7528 Log4j2","text":"\u5728 pom.xml
\u4e2d\u6dfb\u52a0 OpenTelemetry Log4j2
\u4f9d\u8d56:
Tip
\u8bf7\u5c06 OPENTELEMETRY_VERSION
\u66ff\u6362\u4e3a\u6700\u65b0\u7248\u672c
<dependencies>\n <dependency>\n <groupId>io.opentelemetry.instrumentation</groupId>\n <artifactId>opentelemetry-log4j-context-data-2.17-autoconfigure</artifactId>\n <version>OPENTELEMETRY_VERSION</version>\n <scope>runtime</scope>\n </dependency>\n</dependencies>\n
\u4fee\u6539 log4j2.xml
\u914d\u7f6e\uff0c\u5728 pattern
\u4e2d\u6dfb\u52a0 %X{trace_id}
\u4e0e %X{span_id}
\uff0c\u53ef\u4ee5\u5c06 TraceId
\u4e0e SpanId
\u81ea\u52a8\u5199\u5165\u65e5\u5fd7:
<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<Configuration>\n <Appenders>\n <Console name=\"Console\" target=\"SYSTEM_OUT\">\n <PatternLayout\n pattern=\"%d{HH:mm:ss.SSS} [%t] %-5level %logger{36} trace_id=%X{trace_id} span_id=%X{span_id} trace_flags=%X{trace_flags} - %msg%n\"/>\n </Console>\n </Appenders>\n <Loggers>\n <Root>\n <AppenderRef ref=\"Console\" level=\"All\"/>\n </Root>\n </Loggers>\n</Configuration>\n
\u4f7f\u7528 Logback \u5728 pom.xml
\u4e2d\u6dfb\u52a0 OpenTelemetry Logback
\u4f9d\u8d56\u3002
Tip
\u8bf7\u5c06 OPENTELEMETRY_VERSION
\u66ff\u6362\u4e3a\u6700\u65b0\u7248\u672c
<dependencies>\n <dependency>\n <groupId>io.opentelemetry.instrumentation</groupId>\n <artifactId>opentelemetry-logback-mdc-1.0</artifactId>\n <version>OPENTELEMETRY_VERSION</version>\n </dependency>\n</dependencies>\n
\u4fee\u6539 log4j2.xml
\u914d\u7f6e\uff0c\u5728 pattern
\u4e2d\u6dfb\u52a0 %X{trace_id}
\u4e0e %X{span_id}
\uff0c\u53ef\u4ee5\u5c06 TraceId
\u4e0e SpanId
\u81ea\u52a8\u5199\u5165\u65e5\u5fd7:
<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<configuration>\n <appender name=\"CONSOLE\" class=\"ch.qos.logback.core.ConsoleAppender\">\n <encoder>\n <pattern>%d{HH:mm:ss.SSS} trace_id=%X{trace_id} span_id=%X{span_id} trace_flags=%X{trace_flags} %msg%n</pattern>\n </encoder>\n </appender>\n\n <!-- Just wrap your logging appender, for example ConsoleAppender, with OpenTelemetryAppender -->\n <appender name=\"OTEL\" class=\"io.opentelemetry.instrumentation.logback.mdc.v1_0.OpenTelemetryAppender\">\n <appender-ref ref=\"CONSOLE\"/>\n </appender>\n\n <!-- Use the wrapped \"OTEL\" appender instead of the original \"CONSOLE\" one -->\n <root level=\"INFO\">\n <appender-ref ref=\"OTEL\"/>\n </root>\n\n</configuration>\n
JMX-Exporter \u63d0\u4f9b\u4e86\u4e24\u79cd\u7528\u6cd5:
Note
\u5b98\u65b9\u4e0d\u63a8\u8350\u4f7f\u7528\u7b2c\u4e00\u79cd\u65b9\u5f0f\uff0c\u4e00\u65b9\u9762\u914d\u7f6e\u590d\u6742\uff0c\u53e6\u4e00\u65b9\u9762\u56e0\u4e3a\u5b83\u9700\u8981\u4e00\u4e2a\u5355\u72ec\u7684\u8fdb\u7a0b\uff0c\u800c\u8fd9\u4e2a\u8fdb\u7a0b\u672c\u8eab\u7684\u76d1\u63a7\u53c8\u6210\u4e86\u65b0\u7684\u95ee\u9898\uff0c \u6240\u4ee5\u672c\u6587\u91cd\u70b9\u56f4\u7ed5\u7b2c\u4e8c\u79cd\u7528\u6cd5\u8bb2\u5982\u4f55\u5728 Kubernetes \u73af\u5883\u4e0b\u4f7f\u7528 JMX Exporter \u66b4\u9732 JVM \u76d1\u63a7\u6307\u6807\u3002
\u8fd9\u91cc\u4f7f\u7528\u7b2c\u4e8c\u79cd\u7528\u6cd5\uff0c\u542f\u52a8 JVM \u65f6\u9700\u8981\u6307\u5b9a JMX Exporter \u7684 jar \u5305\u6587\u4ef6\u548c\u914d\u7f6e\u6587\u4ef6\u3002 jar \u5305\u662f\u4e8c\u8fdb\u5236\u6587\u4ef6\uff0c\u4e0d\u597d\u901a\u8fc7 configmap \u6302\u8f7d\uff0c\u914d\u7f6e\u6587\u4ef6\u6211\u4eec\u51e0\u4e4e\u4e0d\u9700\u8981\u4fee\u6539\uff0c \u6240\u4ee5\u5efa\u8bae\u662f\u76f4\u63a5\u5c06 JMX Exporter \u7684 jar \u5305\u548c\u914d\u7f6e\u6587\u4ef6\u90fd\u6253\u5305\u5230\u4e1a\u52a1\u5bb9\u5668\u955c\u50cf\u4e2d\u3002
\u5176\u4e2d\uff0c\u7b2c\u4e8c\u79cd\u65b9\u5f0f\u6211\u4eec\u53ef\u4ee5\u9009\u62e9\u5c06 JMX Exporter \u7684 jar \u6587\u4ef6\u653e\u5728\u4e1a\u52a1\u5e94\u7528\u955c\u50cf\u4e2d\uff0c \u4e5f\u53ef\u4ee5\u9009\u62e9\u5728\u90e8\u7f72\u7684\u65f6\u5019\u6302\u8f7d\u8fdb\u53bb\u3002\u8fd9\u91cc\u5206\u522b\u5bf9\u4e24\u79cd\u65b9\u5f0f\u505a\u4e00\u4e2a\u4ecb\u7ecd\uff1a
"},{"location":"end-user/insight/quickstart/otel/java/jvm-monitor/jmx-exporter.html#jmx-exporter-jar","title":"\u65b9\u5f0f\u4e00\uff1a\u5c06 JMX Exporter JAR \u6587\u4ef6\u6784\u5efa\u81f3\u4e1a\u52a1\u955c\u50cf\u4e2d","text":"prometheus-jmx-config.yaml \u5185\u5bb9\u5982\u4e0b\uff1a
prometheus-jmx-config.yaml...\nssl: false\nlowercaseOutputName: false\nlowercaseOutputLabelNames: false\nrules:\n- pattern: \".*\"\n
Note
\u66f4\u591a\u914d\u7f6e\u9879\u8bf7\u53c2\u8003\u5e95\u90e8\u4ecb\u7ecd\u6216Prometheus \u5b98\u65b9\u6587\u6863\u3002
\u7136\u540e\u51c6\u5907 jar \u5305\u6587\u4ef6\uff0c\u53ef\u4ee5\u5728 jmx_exporter \u7684 Github \u9875\u9762\u627e\u5230\u6700\u65b0\u7684 jar \u5305\u4e0b\u8f7d\u5730\u5740\u5e76\u53c2\u8003\u5982\u4e0b Dockerfile:
FROM openjdk:11.0.15-jre\nWORKDIR /app/\nCOPY target/my-app.jar ./\nCOPY prometheus-jmx-config.yaml ./\nRUN set -ex; \\\n curl -L -O https://repo1.maven.org/maven2/io/prometheus/jmx/jmx_prometheus_javaagent/0.17.2/jmx_prometheus_javaagent-0.17.2.jar;\nENV JAVA_TOOL_OPTIONS=-javaagent:/app/jmx_prometheus_javaagent-0.17.2.jar=8088:/app/prometheus-jmx-config.yaml\nEXPOSE 8081 8999 8080 8888\nENTRYPOINT java $JAVA_OPTS -jar my-app.jar\n
\u6ce8\u610f\uff1a
\u6211\u4eec\u9700\u8981\u5148\u5c06 JMX exporter \u505a\u6210 Docker \u955c\u50cf, \u4ee5\u4e0b Dockerfile \u4ec5\u4f9b\u53c2\u8003\uff1a
FROM alpine/curl:3.14\nWORKDIR /app/\n# \u5c06\u524d\u9762\u521b\u5efa\u7684 config \u6587\u4ef6\u62f7\u8d1d\u81f3\u955c\u50cf\nCOPY prometheus-jmx-config.yaml ./\n# \u5728\u7ebf\u4e0b\u8f7d jmx prometheus javaagent jar\nRUN set -ex; \\\n curl -L -O https://repo1.maven.org/maven2/io/prometheus/jmx/jmx_prometheus_javaagent/0.17.2/jmx_prometheus_javaagent-0.17.2.jar;\n
\u6839\u636e\u4e0a\u9762 Dockerfile \u6784\u5efa\u955c\u50cf\uff1a docker build -t my-jmx-exporter .
\u5728 Java \u5e94\u7528\u90e8\u7f72 Yaml \u4e2d\u52a0\u5165\u5982\u4e0b init container\uff1a
\u70b9\u51fb\u5c55\u5f00 YAML \u6587\u4ef6apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: my-demo-app\n labels:\n app: my-demo-app\nspec:\n selector:\n matchLabels:\n app: my-demo-app\n template:\n metadata:\n labels:\n app: my-demo-app\n spec:\n imagePullSecrets:\n - name: registry-pull\n initContainers:\n - name: jmx-sidecar\n image: my-jmx-exporter\n command: [\"cp\", \"-r\", \"/app/jmx_prometheus_javaagent-0.17.2.jar\", \"/target/jmx_prometheus_javaagent-0.17.2.jar\"] \u278a\n volumeMounts:\n - name: sidecar\n mountPath: /target\n containers:\n - image: my-demo-app-image\n name: my-demo-app\n resources:\n requests:\n memory: \"1000Mi\"\n cpu: \"500m\"\n limits:\n memory: \"1000Mi\"\n cpu: \"500m\"\n ports:\n - containerPort: 18083\n env:\n - name: JAVA_TOOL_OPTIONS\n value: \"-javaagent:/app/jmx_prometheus_javaagent-0.17.2.jar=8088:/app/prometheus-jmx-config.yaml\" \u278b\n volumeMounts:\n - name: host-time\n mountPath: /etc/localtime\n readOnly: true\n - name: sidecar\n mountPath: /sidecar\n volumes:\n - name: host-time\n hostPath:\n path: /etc/localtime\n - name: sidecar #\u5171\u4eab agent \u6587\u4ef6\u5939\n emptyDir: {}\n restartPolicy: Always\n
\u7ecf\u8fc7\u5982\u4e0a\u7684\u6539\u9020\u4e4b\u540e\uff0c\u793a\u4f8b\u5e94\u7528 my-demo-app \u5177\u5907\u4e86\u66b4\u9732 JVM \u6307\u6807\u7684\u80fd\u529b\u3002 \u8fd0\u884c\u670d\u52a1\u4e4b\u540e\uff0c\u6211\u4eec\u53ef\u4ee5\u901a\u8fc7 http://lcoalhost:8088
\u8bbf\u95ee\u670d\u52a1\u66b4\u9732\u51fa\u6765\u7684 prometheus \u683c\u5f0f\u7684\u6307\u6807\u3002
\u63a5\u7740\uff0c\u60a8\u53ef\u4ee5\u53c2\u8003 \u5df2\u6709 JVM \u6307\u6807\u7684 Java \u5e94\u7528\u5bf9\u63a5\u53ef\u89c2\u6d4b\u6027\u3002
"},{"location":"end-user/insight/quickstart/otel/java/jvm-monitor/legacy-jvm.html","title":"\u5df2\u6709 JVM \u6307\u6807\u7684 Java \u5e94\u7528\u5bf9\u63a5\u53ef\u89c2\u6d4b\u6027","text":"\u5982\u679c\u60a8\u7684 Java \u5e94\u7528\u901a\u8fc7\u5176\u4ed6\u65b9\u5f0f\uff08\u6bd4\u5982 Spring Boot Actuator\uff09\u66b4\u9732\u4e86 JVM \u7684\u76d1\u63a7\u6307\u6807\uff0c \u6211\u4eec\u9700\u8981\u8ba9\u76d1\u63a7\u6570\u636e\u88ab\u91c7\u96c6\u5230\u3002\u60a8\u53ef\u4ee5\u901a\u8fc7\u5728\u5de5\u4f5c\u8d1f\u8f7d\u4e2d\u6dfb\u52a0\u6ce8\u89e3\uff08Kubernetes Annotations\uff09\u7684\u65b9\u5f0f\u8ba9 Insight \u6765\u91c7\u96c6\u5df2\u6709\u7684 JVM \u6307\u6807\uff1a
annatation: \n insight.opentelemetry.io/metric-scrape: \"true\" # \u662f\u5426\u91c7\u96c6\n insight.opentelemetry.io/metric-path: \"/\" # \u91c7\u96c6\u6307\u6807\u7684\u8def\u5f84\n insight.opentelemetry.io/metric-port: \"9464\" # \u91c7\u96c6\u6307\u6807\u7684\u7aef\u53e3\n
\u4f8b\u5982\u4e3a my-deployment-app \u6dfb\u52a0\u6ce8\u89e3\uff1a
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: my-deployment-app\nspec:\n selector:\n matchLabels:\n app: my-deployment-app\n app.kubernetes.io/name: my-deployment-app\n replicas: 1\n template:\n metadata:\n labels:\n app: my-deployment-app\n app.kubernetes.io/name: my-deployment-app\n annotations:\n insight.opentelemetry.io/metric-scrape: \"true\" # \u662f\u5426\u91c7\u96c6\n insight.opentelemetry.io/metric-path: \"/\" # \u91c7\u96c6\u6307\u6807\u7684\u8def\u5f84\n insight.opentelemetry.io/metric-port: \"9464\" # \u91c7\u96c6\u6307\u6807\u7684\u7aef\u53e3\n
\u4ee5\u4e0b\u662f\u5b8c\u6574\u793a\u4f8b\uff1a
---\napiVersion: v1\nkind: Service\nmetadata:\n name: spring-boot-actuator-prometheus-metrics-demo\nspec:\n type: NodePort\n selector:\n #app: my-deployment-with-aotu-instrumentation-app\n app.kubernetes.io/name: spring-boot-actuator-prometheus-metrics-demo\n ports:\n - name: http\n port: 8080\n---\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: spring-boot-actuator-prometheus-metrics-demo\nspec:\n selector:\n matchLabels:\n #app: my-deployment-with-aotu-instrumentation-app\n app.kubernetes.io/name: spring-boot-actuator-prometheus-metrics-demo\n replicas: 1\n template:\n metadata:\n labels:\n app.kubernetes.io/name: spring-boot-actuator-prometheus-metrics-demo\n annotations:\n insight.opentelemetry.io/metric-scrape: \"true\" # \u662f\u5426\u91c7\u96c6\n insight.opentelemetry.io/metric-path: \"/actuator/prometheus\" # \u91c7\u96c6\u6307\u6807\u7684\u8def\u5f84\n insight.opentelemetry.io/metric-port: \"8080\" # \u91c7\u96c6\u6307\u6807\u7684\u7aef\u53e3\n spec:\n containers:\n - name: myapp\n image: docker.m.daocloud.io/wutang/spring-boot-actuator-prometheus-metrics-demo\n ports:\n - name: http\n containerPort: 8080\n resources:\n limits:\n cpu: 500m\n memory: 800Mi\n requests:\n cpu: 200m\n memory: 400Mi\n
\u4ee5\u4e0a\u793a\u4f8b\u4e2d\uff0cInsight \u4f1a\u901a\u8fc7 :8080//actuator/prometheus \u6293\u53d6\u901a\u8fc7 Spring Boot Actuator \u66b4\u9732\u51fa\u6765\u7684 Prometheus \u6307\u6807\u3002
"},{"location":"end-user/insight/quickstart/otel/java/jvm-monitor/otel-java-agent.html","title":"\u4f7f\u7528 OpenTelemetry Java Agent \u66b4\u9732 JVM \u76d1\u63a7\u6307\u6807","text":"\u5728 Opentelemetry Agent v1.20.0 \u53ca\u4ee5\u4e0a\u7248\u672c\u4e2d\uff0cOpentelemetry Agent \u65b0\u589e\u4e86 JMX Metric Insight \u6a21\u5757\uff0c\u5982\u679c\u4f60\u7684\u5e94\u7528\u5df2\u7ecf\u96c6\u6210\u4e86 Opentelemetry Agent \u53bb\u91c7\u96c6\u5e94\u7528\u94fe\u8def\uff0c\u90a3\u4e48\u4f60\u4e0d\u518d\u9700\u8981\u53e6\u5916\u5f15\u5165\u5176\u4ed6 Agent \u53bb\u4e3a\u6211\u4eec\u7684\u5e94\u7528\u66b4\u9732 JMX \u6307\u6807\u3002Opentelemetry Agent \u4e5f\u662f\u901a\u8fc7\u68c0\u6d4b\u5e94\u7528\u7a0b\u5e8f\u4e2d\u672c\u5730\u53ef\u7528\u7684 MBean \u516c\u5f00\u7684\u6307\u6807\uff0c\u5bf9\u5176\u8fdb\u884c\u6536\u96c6\u5e76\u66b4\u9732\u6307\u6807\u3002
Opentelemetry Agent \u4e5f\u9488\u5bf9\u5e38\u89c1\u7684 Java Server \u6216\u6846\u67b6\u5185\u7f6e\u4e86\u4e00\u4e9b\u76d1\u63a7\u7684\u6837\u4f8b\uff0c\u8bf7\u53c2\u8003\u9884\u5b9a\u4e49\u7684\u6307\u6807\u3002
\u4f7f\u7528 OpenTelemetry Java Agent \u540c\u6837\u9700\u8981\u8003\u8651\u5982\u4f55\u5c06 JAR \u6302\u8f7d\u8fdb\u5bb9\u5668\uff0c\u9664\u4e86\u53ef\u4ee5\u53c2\u8003\u4e0a\u9762 JMX Exporter \u6302\u8f7d JAR \u6587\u4ef6\u7684\u65b9\u5f0f\u5916\uff0c\u6211\u4eec\u8fd8\u53ef\u4ee5\u501f\u52a9 Opentelemetry \u63d0\u4f9b\u7684 Operator \u7684\u80fd\u529b\u6765\u5b9e\u73b0\u81ea\u52a8\u4e3a\u6211\u4eec\u7684\u5e94\u7528\u5f00\u542f JVM \u6307\u6807\u66b4\u9732\uff1a
\u5982\u679c\u4f60\u7684\u5e94\u7528\u5df2\u7ecf\u96c6\u6210\u4e86 Opentelemetry Agent \u53bb\u91c7\u96c6\u5e94\u7528\u94fe\u8def\uff0c\u90a3\u4e48\u4f60\u4e0d\u518d\u9700\u8981\u53e6\u5916\u5f15\u5165\u5176\u4ed6 Agent \u53bb\u4e3a\u6211\u4eec\u7684\u5e94\u7528\u66b4\u9732 JMX \u6307\u6807\u3002Opentelemetry Agent \u901a\u8fc7\u68c0\u6d4b\u5e94\u7528\u7a0b\u5e8f\u4e2d\u672c\u5730\u53ef\u7528\u7684 MBean \u516c\u5f00\u7684\u6307\u6807\uff0c\u73b0\u5728\u53ef\u4ee5\u672c\u5730\u6536\u96c6\u5e76\u66b4\u9732\u6307\u6807\u63a5\u53e3\u3002
\u4f46\u662f\uff0c\u622a\u81f3\u76ee\u524d\u7248\u672c\uff0c\u4f60\u4ecd\u7136\u9700\u8981\u624b\u52a8\u4e3a\u5e94\u7528\u52a0\u4e0a\u76f8\u5e94\u6ce8\u89e3\u4e4b\u540e\uff0cJVM \u6570\u636e\u624d\u4f1a\u88ab Insight \u91c7\u96c6\u5230\uff0c\u5177\u4f53\u6ce8\u89e3\u5185\u5bb9\u8bf7\u53c2\u8003 \u5df2\u6709 JVM \u6307\u6807\u7684 Java \u5e94\u7528\u5bf9\u63a5\u53ef\u89c2\u6d4b\u6027\u3002
"},{"location":"end-user/insight/quickstart/otel/java/jvm-monitor/otel-java-agent.html#java","title":"\u4e3a Java \u4e2d\u95f4\u4ef6\u66b4\u9732\u6307\u6807","text":"Opentelemetry Agent \u4e5f\u5185\u7f6e\u4e86\u4e00\u4e9b\u4e2d\u95f4\u4ef6\u76d1\u63a7\u7684\u6837\u4f8b\uff0c\u8bf7\u53c2\u8003 \u9884\u5b9a\u4e49\u6307\u6807\u3002
\u9ed8\u8ba4\u6ca1\u6709\u6307\u5b9a\u4efb\u4f55\u7c7b\u578b\uff0c\u9700\u8981\u901a\u8fc7 -Dotel.jmx.target.system JVM Options \u6307\u5b9a,\u6bd4\u5982 -Dotel.jmx.target.system=jetty,kafka-broker \u3002
"},{"location":"end-user/insight/quickstart/otel/java/jvm-monitor/otel-java-agent.html#_1","title":"\u53c2\u8003","text":"Gaining JMX Metric Insights with the OpenTelemetry Java Agent
Otel jmx metrics
\u867d\u7136 OpenShift \u7cfb\u7edf\u81ea\u5e26\u4e86\u4e00\u5957\u76d1\u63a7\u7cfb\u7edf\uff0c\u56e0\u4e3a\u6570\u636e\u91c7\u96c6\u7ea6\u5b9a\u7684\u4e00\u4e9b\u89c4\u5219\uff0c\u6211\u4eec\u8fd8\u662f\u4f1a\u5b89\u88c5 Insight Agent\u3002
\u5176\u4e2d\uff0c\u5b89\u9664\u4e86\u57fa\u7840\u7684\u5b89\u88c5\u914d\u7f6e\u4e4b\u5916\uff0chelm install \u7684\u65f6\u5019\u8fd8\u9700\u8981\u589e\u52a0\u5982\u4e0b\u7684\u53c2\u6570\uff1a
## \u9488\u5bf9 fluentbit \u76f8\u5173\u7684\u53c2\u6570\uff1b\n--set fluent-bit.ocp.enabled=true \\\n--set fluent-bit.serviceAccount.create=false \\\n--set fluent-bit.securityContext.runAsUser=0 \\\n--set fluent-bit.securityContext.seLinuxOptions.type=spc_t \\\n--set fluent-bit.securityContext.readOnlyRootFilesystem=false \\\n--set fluent-bit.securityContext.allowPrivilegeEscalation=false \\\n\n## \u542f\u7528\u9002\u914d OpenShift4.x \u7684 Prometheus(CR)\n--set compatibility.openshift.prometheus.enabled=true \\\n\n## \u5173\u95ed\u9ad8\u7248\u672c\u7684 Prometheus \u5b9e\u4f8b\n--set kube-prometheus-stack.prometheus.enabled=false \\\n--set kube-prometheus-stack.kubeApiServer.enabled=false \\\n--set kube-prometheus-stack.kubelet.enabled=false \\\n--set kube-prometheus-stack.kubeControllerManager.enabled=false \\\n--set kube-prometheus-stack.coreDns.enabled=false \\\n--set kube-prometheus-stack.kubeDns.enabled=false \\\n--set kube-prometheus-stack.kubeEtcd.enabled=false \\\n--set kube-prometheus-stack.kubeEtcd.enabled=false \\\n--set kube-prometheus-stack.kubeScheduler.enabled=false \\\n--set kube-prometheus-stack.kubeStateMetrics.enabled=false \\\n--set kube-prometheus-stack.nodeExporter.enabled=false \\\n\n## \u9650\u5236 PrometheusOperator \u5904\u7406\u7684 namespace\uff0c\u907f\u514d\u4e0e OpenShift \u81ea\u5e26\u7684 PrometheusOperator \u76f8\u4e92\u7ade\u4e89\n--set kube-prometheus-stack.prometheusOperator.kubeletService.namespace=\"insight-system\" \\\n--set kube-prometheus-stack.prometheusOperator.prometheusInstanceNamespaces=\"insight-system\" \\\n--set kube-prometheus-stack.prometheusOperator.denyNamespaces[0]=\"openshift-monitoring\" \\\n--set kube-prometheus-stack.prometheusOperator.denyNamespaces[1]=\"openshift-user-workload-monitoring\" \\\n--set kube-prometheus-stack.prometheusOperator.denyNamespaces[2]=\"openshift-customer-monitoring\" \\\n--set kube-prometheus-stack.prometheusOperator.denyNamespaces[3]=\"openshift-route-monitor-operator\" \\\n
"},{"location":"end-user/insight/quickstart/other/install-agent-on-ocp.html#openshift-prometheus","title":"\u901a\u8fc7 OpenShift \u81ea\u8eab\u673a\u5236\uff0c\u5c06\u7cfb\u7edf\u76d1\u63a7\u6570\u636e\u5199\u5165 Prometheus \u4e2d","text":"apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: cluster-monitoring-config\n namespace: openshift-monitoring\ndata:\n config.yaml: |\n prometheusK8s:\n remoteWrite:\n - queueConfig:\n batchSendDeadline: 60s\n maxBackoff: 5s\n minBackoff: 30ms\n minShards: 1\n capacity: 5000\n maxSamplesPerSend: 1000\n maxShards: 100\n remoteTimeout: 30s\n url: http://insight-agent-prometheus.insight-system.svc.cluster.local:9090/api/v1/write\n writeRelabelConfigs:\n - action: keep\n regex: etcd|kubelet|node-exporter|apiserver|kube-state-metrics\n sourceLabels:\n - job\n
"},{"location":"end-user/insight/quickstart/res-plan/index.html","title":"\u90e8\u7f72\u5bb9\u91cf\u89c4\u5212","text":"\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u53ef\u89c2\u6d4b\u6027\u6a21\u5757\u4e3a\u4e86\u907f\u514d\u6d88\u8017\u8fc7\u591a\u8d44\u6e90\uff0c\u5df2\u7ecf\u8bbe\u7f6e\u4e86\u8d44\u6e90\u4e0a\u7ebf\uff08resource limit\uff09\uff0c\u53ef\u89c2\u6d4b\u7cfb\u7edf\u9700\u8981\u5904\u7406\u5927\u91cf\u7684\u6570\u636e\uff0c\u5982\u679c\u5bb9\u91cf\u89c4\u5212\u4e0d\u5408\u7406\uff0c\u53ef\u80fd\u4f1a\u5bfc\u81f4\u7cfb\u7edf\u8d1f\u8f7d\u8fc7\u9ad8\uff0c\u5f71\u54cd\u7a33\u5b9a\u6027\u548c\u53ef\u9760\u6027\u3002
"},{"location":"end-user/insight/quickstart/res-plan/index.html#_2","title":"\u89c2\u6d4b\u7ec4\u4ef6\u7684\u8d44\u6e90\u89c4\u5212","text":"\u53ef\u89c2\u6d4b\u6027\u6a21\u5757\u5305\u542b Insight \u548c Insight Agent\u3002\u5176\u4e2d\uff0cInsight \u4e3b\u8981\u8d1f\u8d23\u89c2\u6d4b\u6570\u636e\u7684\u5b58\u50a8\uff0c\u5206\u6790\u4e0e\u5c55\u793a\u3002\u800c Insight Agent \u5305\u542b\u4e86\u6570\u636e\u91c7\u96c6\u3001\u6570\u636e\u5904\u7406\u3001\u6570\u636e\u4e0a\u4f20\u7b49\u529f\u80fd\u3002
"},{"location":"end-user/insight/quickstart/res-plan/index.html#_3","title":"\u5b58\u50a8\u7ec4\u4ef6\u7684\u5bb9\u91cf\u89c4\u5212","text":"Insight \u7684\u5b58\u50a8\u7ec4\u4ef6\u4e3b\u8981\u5305\u62ec ElasticSearch \u548c VictoriaMetrics. \u5176\u4e2d\uff0cElasticSearch \u4e3b\u8981\u8d1f\u8d23\u5b58\u50a8\u548c\u67e5\u8be2\u65e5\u5fd7\u4e0e\u94fe\u8def\u6570\u636e\uff0cVictoriaMetrics \u4e3b\u8981\u8d1f\u8d23\u5b58\u50a8\u548c\u67e5\u8be2\u6307\u6807\u6570\u636e\u3002
Insight Agent \u7684\u91c7\u96c6\u5668\u4e2d\u5305\u542b Proemtheus\uff0c\u867d\u7136 Prometheus \u672c\u8eab\u662f\u4e00\u4e2a\u72ec\u7acb\u7684\u7ec4\u4ef6\uff0c\u4f46\u662f\u5728 Insight Agent \u4e2d\uff0cPrometheus \u4f1a\u88ab\u7528\u4e8e\u91c7\u96c6\u6570\u636e\uff0c\u56e0\u6b64\u9700\u8981\u5bf9 Prometheus \u7684\u8d44\u6e90\u8fdb\u884c\u89c4\u5212\u3002
\u672c\u6587\u63cf\u8ff0\u4e86 vmstorge \u78c1\u76d8\u6269\u5bb9\u7684\u65b9\u6cd5\uff0c vmstorge \u78c1\u76d8\u89c4\u8303\u8bf7\u53c2\u8003 vmstorage \u78c1\u76d8\u5bb9\u91cf\u89c4\u5212\u3002
"},{"location":"end-user/insight/quickstart/res-plan/modify-vms-disk.html#_1","title":"\u64cd\u4f5c\u6b65\u9aa4","text":""},{"location":"end-user/insight/quickstart/res-plan/modify-vms-disk.html#_2","title":"\u5f00\u542f\u5b58\u50a8\u6c60\u6269\u5bb9","text":"\u4ee5\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u7ba1\u7406\u5458\u6743\u9650\u767b\u5f55 AI \u7b97\u529b\u4e2d\u5fc3 \u5e73\u53f0\uff0c\u70b9\u51fb \u5bb9\u5668\u7ba1\u7406 -> \u96c6\u7fa4\u5217\u8868 \uff0c\u70b9\u51fb kpanda-global-cluster \u96c6\u7fa4\u3002
\u9009\u62e9\u5de6\u4fa7\u5bfc\u822a \u5bb9\u5668\u5b58\u50a8 -> \u6570\u636e\u5377\u58f0\u660e(PVC) \uff0c\u627e\u5230 vmstorage \u7ed1\u5b9a\u7684\u6570\u636e\u5377\u58f0\u660e\u3002
\u70b9\u51fb\u67d0\u4e2a vmstorage PVC\uff0c\u8fdb\u5165 vmstorage \u7684\u6570\u636e\u5377\u58f0\u660e\u8be6\u60c5\uff0c\u786e\u8ba4\u8be5 PVC \u7ed1\u5b9a\u7684\u5b58\u50a8\u6c60\u3002
\u9009\u62e9\u5de6\u4fa7\u5bfc\u822a \u5bb9\u5668\u5b58\u50a8 -> \u5b58\u50a8\u6c60(SC) \uff0c\u627e\u5230 local-path \uff0c\u70b9\u51fb\u76ee\u6807\u53f3\u4fa7\u7684 \u2507 \uff0c\u5728\u5f39\u51fa\u83dc\u5355\u4e2d\u9009\u62e9 \u7f16\u8f91 \u3002
\u5f00\u542f \u6269\u5bb9 \u540e\u70b9\u51fb \u786e\u5b9a \u3002
\u4ee5\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u7ba1\u7406\u5458\u6743\u9650\u767b\u5f55 AI \u7b97\u529b\u4e2d\u5fc3 \u5e73\u53f0\uff0c\u8fdb\u5165 kpanda-global-cluster \u96c6\u7fa4\u8be6\u60c5\u3002
\u9009\u62e9\u5de6\u4fa7\u5bfc\u822a \u81ea\u5b9a\u4e49\u8d44\u6e90 \uff0c\u627e\u5230 vmcluster \u7684\u81ea\u5b9a\u4e49\u8d44\u6e90\u3002
\u70b9\u51fb\u8be5 vmcluster \u81ea\u5b9a\u4e49\u8d44\u6e90\u8fdb\u5165\u8be6\u60c5\u9875\uff0c\u5207\u6362\u5230 insight-system \u547d\u540d\u7a7a\u95f4\u4e0b\uff0c\u4ece insight-victoria-metrics-k8s-stack \u53f3\u4fa7\u83dc\u5355\u9009\u62e9 \u7f16\u8f91 YAML \u3002
\u6839\u636e\u56fe\u4f8b\u4fee\u6539\u540e\u70b9\u51fb \u786e\u5b9a \u3002
\u518d\u6b21\u9009\u62e9\u5de6\u4fa7\u5bfc\u822a \u5bb9\u5668\u5b58\u50a8 -> \u6570\u636e\u5377\u58f0\u660e(PVC) \uff0c\u627e\u5230 vmstorage \u7ed1\u5b9a\u7684\u6570\u636e\u5377\u58f0\u660e\u786e\u8ba4\u4fee\u6539\u5df2\u751f\u6548\u3002\u5728\u67d0\u4e2a PVC \u8be6\u60c5\u9875\uff0c\u70b9\u51fb\u5173\u8054\u5b58\u50a8\u6e90 (PV)\u3002
\u6253\u5f00\u6570\u636e\u5377\u8be6\u60c5\u9875\uff0c\u70b9\u51fb\u53f3\u4e0a\u89d2 \u66f4\u65b0 \u6309\u94ae\u3002
\u4fee\u6539 \u5bb9\u91cf \u540e\u70b9\u51fb \u786e\u5b9a \uff0c\u7a0d\u7b49\u7247\u523b\u7b49\u5230\u6269\u5bb9\u6210\u529f\u3002
\u82e5\u5b58\u50a8\u5377\u6269\u5bb9\u5931\u8d25\uff0c\u53ef\u53c2\u8003\u4ee5\u4e0b\u65b9\u6cd5\u514b\u9686\u5b58\u50a8\u5377\u3002
\u4ee5\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u7ba1\u7406\u5458\u6743\u9650\u767b\u5f55 AI \u7b97\u529b\u4e2d\u5fc3 \u5e73\u53f0\uff0c\u8fdb\u5165 kpanda-global-cluster \u96c6\u7fa4\u8be6\u60c5\u3002
\u9009\u62e9\u5de6\u4fa7\u5bfc\u822a \u5de5\u4f5c\u8d1f\u8f7d -> \u6709\u72b6\u6001\u8d1f\u8f7d \uff0c\u627e\u5230 vmstorage \u7684\u6709\u72b6\u6001\u8d1f\u8f7d\uff0c\u70b9\u51fb\u76ee\u6807\u53f3\u4fa7\u7684 \u2507 \uff0c\u5728\u5f39\u51fa\u83dc\u5355\u4e2d\u9009\u62e9 \u72b6\u6001 -> \u505c\u6b62 -> \u786e\u5b9a \u3002
\u5728\u547d\u4ee4\u884c\u4e2d\u767b\u5f55 kpanda-global-cluster \u96c6\u7fa4\u7684 master \u8282\u70b9\u540e\uff0c\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u590d\u5236 vmstorage \u5bb9\u5668\u4e2d\u7684 vm-data \u76ee\u5f55\u5c06\u6307\u6807\u4fe1\u606f\u5b58\u50a8\u5728\u672c\u5730\uff1a
kubectl cp -n insight-system vmstorage-insight-victoria-metrics-k8s-stack-1:vm-data ./vm-data\n
\u767b\u5f55 AI \u7b97\u529b\u4e2d\u5fc3 \u5e73\u53f0\u8fdb\u5165 kpanda-global-cluster \u96c6\u7fa4\u8be6\u60c5\uff0c\u9009\u62e9\u5de6\u4fa7\u5bfc\u822a \u5bb9\u5668\u5b58\u50a8 -> \u6570\u636e\u5377(PV) \uff0c\u70b9\u51fb\u53f3\u4e0a\u89d2\u7684 \u514b\u9686 \uff0c\u5e76\u4fee\u6539\u6570\u636e\u5377\u7684\u5bb9\u91cf\u3002
\u5220\u9664\u4e4b\u524d vmstorage \u7684\u6570\u636e\u5377\u3002
\u7a0d\u7b49\u7247\u523b\uff0c\u5f85\u5b58\u50a8\u5377\u58f0\u660e\u8ddf\u514b\u9686\u7684\u6570\u636e\u5377\u7ed1\u5b9a\u540e\uff0c\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u5c06\u7b2c 3 \u6b65\u4e2d\u5bfc\u51fa\u7684\u6570\u636e\u5bfc\u5165\u5230\u5bf9\u5e94\u7684\u5bb9\u5668\u4e2d\uff0c\u7136\u540e\u5f00\u542f\u4e4b\u524d\u6682\u505c\u7684 vmstorage \u3002
kubectl cp -n insight-system ./vm-data vmstorage-insight-victoria-metrics-k8s-stack-1:vm-data\n
Prometheus \u5728\u5b9e\u9645\u4f7f\u7528\u8fc7\u7a0b\u4e2d\uff0c\u53d7\u5230\u96c6\u7fa4\u5bb9\u5668\u6570\u91cf\u4ee5\u53ca\u5f00\u542f Istio \u7684\u5f71\u54cd\uff0c\u4f1a\u5bfc\u81f4 Prometheus \u7684 CPU\u3001\u5185\u5b58\u7b49\u8d44\u6e90\u4f7f\u7528\u91cf\u8d85\u51fa\u8bbe\u5b9a\u7684\u8d44\u6e90\u3002
\u4e3a\u4e86\u4fdd\u8bc1\u4e0d\u540c\u89c4\u6a21\u96c6\u7fa4\u4e0b Prometheus \u7684\u6b63\u5e38\u8fd0\u884c\uff0c\u9700\u8981\u6839\u636e\u96c6\u7fa4\u7684\u5b9e\u9645\u89c4\u6a21\u5bf9 Prometheus \u8fdb\u884c\u8d44\u6e90\u8c03\u6574\u3002
"},{"location":"end-user/insight/quickstart/res-plan/prometheus-res.html#_1","title":"\u53c2\u8003\u8d44\u6e90\u89c4\u5212","text":"\u5728\u672a\u5f00\u542f\u7f51\u683c\u60c5\u51b5\u4e0b\uff0c\u6d4b\u8bd5\u60c5\u51b5\u7edf\u8ba1\u51fa\u7cfb\u7edf Job \u6307\u6807\u91cf\u4e0e Pod \u7684\u5173\u7cfb\u4e3a Series \u6570\u91cf = 800 * Pod \u6570\u91cf
\u5728\u5f00\u542f\u670d\u52a1\u7f51\u683c\u65f6\uff0c\u5f00\u542f\u529f\u80fd\u540e Pod \u4ea7\u751f\u7684 Istio \u76f8\u5173\u6307\u6807\u6570\u91cf\u7ea7\u4e3a Series \u6570\u91cf = 768 * Pod \u6570\u91cf
"},{"location":"end-user/insight/quickstart/res-plan/prometheus-res.html#_2","title":"\u5f53\u672a\u5f00\u542f\u670d\u52a1\u7f51\u683c\u65f6","text":"\u4ee5\u4e0b\u8d44\u6e90\u89c4\u5212\u4e3a \u672a\u5f00\u542f\u670d\u52a1\u7f51\u683c \u573a\u666f\u4e0b\uff0cPrometheus \u7684\u8d44\u6e90\u89c4\u5212\u63a8\u8350\uff1a
\u96c6\u7fa4\u89c4\u6a21(Pod \u6570) \u6307\u6807\u91cf(\u672a\u5f00\u542f\u670d\u52a1\u7f51\u683c) CPU(core) \u5185\u5b58(GB) 100 8w Request: 0.5Limit\uff1a1 Request\uff1a2GBLimit\uff1a4GB 200 16w Request\uff1a1Limit\uff1a1.5 Request\uff1a3GBLimit\uff1a6GB 300 24w Request\uff1a1Limit\uff1a2 Request\uff1a3GBLimit\uff1a6GB 400 32w Request\uff1a1Limit\uff1a2 Request\uff1a4GBLimit\uff1a8GB 500 40w Request\uff1a1.5Limit\uff1a3 Request\uff1a5GBLimit\uff1a10GB 800 64w Request\uff1a2Limit\uff1a4 Request\uff1a8GBLimit\uff1a16GB 1000 80w Request\uff1a2.5Limit\uff1a5 Request\uff1a9GBLimit\uff1a18GB 2000 160w Request\uff1a3.5Limit\uff1a7 Request\uff1a20GBLimit\uff1a40GB 3000 240w Request\uff1a4Limit\uff1a8 Request\uff1a33GBLimit\uff1a66GB"},{"location":"end-user/insight/quickstart/res-plan/prometheus-res.html#_3","title":"\u5f53\u5f00\u542f\u670d\u52a1\u7f51\u683c\u529f\u80fd\u65f6","text":"\u4ee5\u4e0b\u8d44\u6e90\u89c4\u5212\u4e3a \u5f00\u542f\u670d\u52a1\u7f51\u683c \u573a\u666f\u4e0b\uff0cPrometheus \u7684\u8d44\u6e90\u89c4\u5212\u63a8\u8350\uff1a
\u96c6\u7fa4\u89c4\u6a21(Pod \u6570) \u6307\u6807\u91cf(\u5df2\u5f00\u542f\u670d\u52a1\u7f51\u683c) CPU(core) \u5185\u5b58(GB) 100 15w Request: 1Limit\uff1a2 Request\uff1a3GBLimit\uff1a6GB 200 31w Request\uff1a2Limit\uff1a3 Request\uff1a5GBLimit\uff1a10GB 300 46w Request\uff1a2Limit\uff1a4 Request\uff1a6GBLimit\uff1a12GB 400 62w Request\uff1a2Limit\uff1a4 Request\uff1a8GBLimit\uff1a16GB 500 78w Request\uff1a3Limit\uff1a6 Request\uff1a10GBLimit\uff1a20GB 800 125w Request\uff1a4Limit\uff1a8 Request\uff1a15GBLimit\uff1a30GB 1000 156w Request\uff1a5Limit\uff1a10 Request\uff1a18GBLimit\uff1a36GB 2000 312w Request\uff1a7Limit\uff1a14 Request\uff1a40GBLimit\uff1a80GB 3000 468w Request\uff1a8Limit\uff1a16 Request\uff1a65GBLimit\uff1a130GBNote
vmstorage \u662f\u8d1f\u8d23\u5b58\u50a8\u53ef\u89c2\u6d4b\u6027\u591a\u96c6\u7fa4\u6307\u6807\u3002 \u4e3a\u4fdd\u8bc1 vmstorage \u7684\u7a33\u5b9a\u6027\uff0c\u9700\u8981\u6839\u636e\u96c6\u7fa4\u6570\u91cf\u53ca\u96c6\u7fa4\u89c4\u6a21\u8c03\u6574 vmstorage \u7684\u78c1\u76d8\u5bb9\u91cf\u3002 \u66f4\u591a\u8d44\u6599\u8bf7\u53c2\u8003 vmstorage \u4fdd\u7559\u671f\u4e0e\u78c1\u76d8\u7a7a\u95f4\u3002
"},{"location":"end-user/insight/quickstart/res-plan/vms-res-plan.html#_1","title":"\u6d4b\u8bd5\u7ed3\u679c","text":"\u7ecf\u8fc7 14 \u5929\u5bf9\u4e0d\u540c\u89c4\u6a21\u7684\u96c6\u7fa4\u7684 vmstorage \u7684\u78c1\u76d8\u89c2\u6d4b\uff0c \u6211\u4eec\u53d1\u73b0 vmstorage \u7684\u78c1\u76d8\u7528\u91cf\u4e0e\u5176\u5b58\u50a8\u7684\u6307\u6807\u91cf\u548c\u5355\u4e2a\u6570\u636e\u70b9\u5360\u7528\u78c1\u76d8\u6b63\u76f8\u5173\u3002
\u78c1\u76d8\u7528\u91cf = \u77ac\u65f6\u6307\u6807\u91cf x 2 x \u5355\u4e2a\u6570\u636e\u70b9\u7684\u5360\u7528\u78c1\u76d8 x 60 x 24 x \u5b58\u50a8\u65f6\u95f4 (\u5929)
\u53c2\u6570\u8bf4\u660e\uff1a
Warning
\u8be5\u516c\u5f0f\u4e3a\u901a\u7528\u65b9\u6848\uff0c\u5efa\u8bae\u5728\u8ba1\u7b97\u7ed3\u679c\u4e0a\u9884\u7559\u5197\u4f59\u78c1\u76d8\u5bb9\u91cf\u4ee5\u4fdd\u8bc1 vmstorage \u7684\u6b63\u5e38\u8fd0\u884c\u3002
"},{"location":"end-user/insight/quickstart/res-plan/vms-res-plan.html#_3","title":"\u53c2\u8003\u5bb9\u91cf","text":"\u8868\u683c\u4e2d\u6570\u636e\u662f\u6839\u636e\u9ed8\u8ba4\u5b58\u50a8\u65f6\u95f4\u4e3a\u4e00\u4e2a\u6708 (30 \u5929)\uff0c\u5355\u4e2a\u6570\u636e\u70b9 (datapoint) \u7684\u5360\u7528\u78c1\u76d8\u53d6 0.9 \u8ba1\u7b97\u6240\u5f97\u7ed3\u679c\u3002 \u591a\u96c6\u7fa4\u573a\u666f\u4e0b\uff0cPod \u6570\u91cf\u8868\u793a\u591a\u96c6\u7fa4 Pod \u6570\u91cf\u7684\u603b\u548c\u3002
"},{"location":"end-user/insight/quickstart/res-plan/vms-res-plan.html#_4","title":"\u5f53\u672a\u5f00\u542f\u670d\u52a1\u7f51\u683c\u65f6","text":"\u96c6\u7fa4\u89c4\u6a21 (Pod \u6570) \u6307\u6807\u91cf \u78c1\u76d8\u5bb9\u91cf 100 8w 6 GiB 200 16w 12 GiB 300 24w 18 GiB 400 32w 24 GiB 500 40w 30 GiB 800 64w 48 GiB 1000 80w 60 GiB 2000 160w 120 GiB 3000 240w 180 GiB"},{"location":"end-user/insight/quickstart/res-plan/vms-res-plan.html#_5","title":"\u5f53\u5f00\u542f\u670d\u52a1\u7f51\u683c\u65f6","text":"\u96c6\u7fa4\u89c4\u6a21 (Pod \u6570) \u6307\u6807\u91cf \u78c1\u76d8\u5bb9\u91cf 100 15w 12 GiB 200 31w 24 GiB 300 46w 36 GiB 400 62w 48 GiB 500 78w 60 GiB 800 125w 94 GiB 1000 156w 120 GiB 2000 312w 235 GiB 3000 468w 350 GiB"},{"location":"end-user/insight/quickstart/res-plan/vms-res-plan.html#_6","title":"\u4e3e\u4f8b\u8bf4\u660e","text":"AI \u7b97\u529b\u4e2d\u5fc3 \u5e73\u53f0\u4e2d\u6709\u4e24\u4e2a\u96c6\u7fa4\uff0c\u5176\u4e2d\u5168\u5c40\u670d\u52a1\u96c6\u7fa4(\u5f00\u542f\u670d\u52a1\u7f51\u683c)\u4e2d\u8fd0\u884c 500 \u4e2a Pod\uff0c\u5de5\u4f5c\u96c6\u7fa4(\u672a\u5f00\u542f\u670d\u52a1\u7f51\u683c)\u8fd0\u884c\u4e86 1000 \u4e2a Pod\uff0c\u9884\u671f\u6307\u6807\u5b58 30 \u5929\u3002
\u5219\u5f53\u524d vmstorage \u78c1\u76d8\u7528\u91cf\u5e94\u8bbe\u7f6e\u4e3a (784000+80000)x2x0.9x60x24x31 = 124384896000 byte = 116 GiB
Note
\u96c6\u7fa4\u4e2d\u6307\u6807\u91cf\u4e0e Pod \u6570\u91cf\u7684\u5173\u7cfb\u53ef\u53c2\u8003 Prometheus \u8d44\u6e90\u89c4\u5212\u3002
"},{"location":"end-user/insight/system-config/modify-config.html","title":"\u4fee\u6539\u7cfb\u7edf\u914d\u7f6e","text":"\u53ef\u89c2\u6d4b\u6027\u4f1a\u9ed8\u8ba4\u6301\u4e45\u5316\u4fdd\u5b58\u6307\u6807\u3001\u65e5\u5fd7\u3001\u94fe\u8def\u7684\u6570\u636e\uff0c\u60a8\u53ef\u53c2\u9605\u672c\u6587\u4fee\u6539\u7cfb\u7edf\u914d\u7f6e\u3002\u8be5\u6587\u6863\u4ec5\u9002\u7528\u4e8e\u5185\u7f6e\u90e8\u7f72\u7684 Elasticsearch\uff0c\u82e5\u4f7f\u7528\u5916\u90e8 Elasticsearch \u53ef\u81ea\u884c\u8c03\u6574\u3002
"},{"location":"end-user/insight/system-config/modify-config.html#_2","title":"\u5982\u4f55\u4fee\u6539\u6307\u6807\u6570\u636e\u4fdd\u7559\u671f\u9650","text":"\u5148 ssh \u767b\u5f55\u5230\u5bf9\u5e94\u7684\u8282\u70b9\uff0c\u53c2\u8003\u4ee5\u4e0b\u6b65\u9aa4\u4fee\u6539\u6307\u6807\u6570\u636e\u4fdd\u7559\u671f\u9650\u3002
\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a
kubectl edit vmcluster insight-victoria-metrics-k8s-stack -n insight-system\n
\u5728 Yaml \u6587\u4ef6\u4e2d\uff0c retentionPeriod \u7684\u9ed8\u8ba4\u503c\u4e3a 14 \uff0c\u5355\u4f4d\u4e3a \u5929 \u3002\u60a8\u53ef\u6839\u636e\u9700\u6c42\u4fee\u6539\u53c2\u6570\u3002
apiVersion: operator.victoriametrics.com/v1beta1\nkind: VMCluster\nmetadata:\n annotations:\n meta.helm.sh/release-name: insight\n meta.helm.sh/release-namespace: insight-system\n creationTimestamp: \"2022-08-25T04:31:02Z\"\n finalizers:\n - apps.victoriametrics.com/finalizer\n generation: 2\n labels:\n app.kubernetes.io/instance: insight\n app.kubernetes.io/managed-by: Helm\n app.kubernetes.io/name: victoria-metrics-k8s-stack\n app.kubernetes.io/version: 1.77.2\n helm.sh/chart: victoria-metrics-k8s-stack-0.9.3\n name: insight-victoria-metrics-k8s-stack\n namespace: insight-system\n resourceVersion: \"123007381\"\n uid: 55cee8d6-c651-404b-b2c9-50603b405b54\nspec:\n replicationFactor: 1\n retentionPeriod: \"14\"\n vminsert:\n extraArgs:\n maxLabelsPerTimeseries: \"45\"\n image:\n repository: docker.m.daocloud.io/victoriametrics/vminsert\n tag: v1.80.0-cluster\n replicaCount: 1\n
\u4fdd\u5b58\u4fee\u6539\u540e\uff0c\u8d1f\u8d23\u5b58\u50a8\u6307\u6807\u7684\u7ec4\u4ef6\u7684\u5bb9\u5668\u7ec4\u4f1a\u81ea\u52a8\u91cd\u542f\uff0c\u7a0d\u7b49\u7247\u523b\u5373\u53ef\u3002
\u5148 ssh \u767b\u5f55\u5230\u5bf9\u5e94\u7684\u8282\u70b9\uff0c\u53c2\u8003\u4ee5\u4e0b\u6b65\u9aa4\u4fee\u6539\u65e5\u5fd7\u6570\u636e\u4fdd\u7559\u671f\u9650\uff1a
"},{"location":"end-user/insight/system-config/modify-config.html#json","title":"\u65b9\u6cd5\u4e00\uff1a\u4fee\u6539 Json \u6587\u4ef6","text":"\u4fee\u6539\u4ee5\u4e0b\u6587\u4ef6\u4e2d rollover \u5b57\u6bb5\u4e2d\u7684 max_age \u53c2\u6570\uff0c\u5e76\u8bbe\u7f6e\u4fdd\u7559\u671f\u9650\uff0c\u9ed8\u8ba4\u5b58\u50a8\u65f6\u957f\u4e3a 7d \u3002\u6ce8\u610f\u9700\u8981\u4fee\u6539\u7b2c\u4e00\u884c\u4e2d\u7684 Elastic \u7528\u6237\u540d\u548c\u5bc6\u7801\u3001IP \u5730\u5740\u548c\u7d22\u5f15\u3002
curl --insecure --location -u\"elastic:amyVt4o826e322TUVi13Ezw6\" -X PUT \"https://172.30.47.112:30468/_ilm/policy/insight-es-k8s-logs-policy?pretty\" -H 'Content-Type: application/json' -d'\n{\n \"policy\": {\n \"phases\": {\n \"hot\": {\n \"min_age\": \"0ms\",\n \"actions\": {\n \"set_priority\": {\n \"priority\": 100\n },\n \"rollover\": {\n \"max_age\": \"8d\",\n \"max_size\": \"10gb\"\n }\n }\n },\n \"warm\": {\n \"min_age\": \"10d\",\n \"actions\": {\n \"forcemerge\": {\n \"max_num_segments\": 1\n }\n }\n },\n \"delete\": {\n \"min_age\": \"30d\",\n \"actions\": {\n \"delete\": {}\n }\n }\n }\n }\n}'\n
\u4fee\u6539\u5b8c\u540e\uff0c\u6267\u884c\u4ee5\u4e0a\u547d\u4ee4\u3002\u5b83\u4f1a\u6253\u5370\u51fa\u5982\u4e0b\u6240\u793a\u5185\u5bb9\uff0c\u5219\u4fee\u6539\u6210\u529f\u3002
{\n\"acknowledged\" : true\n}\n
\u767b\u5f55 kibana \uff0c\u9009\u62e9\u5de6\u4fa7\u5bfc\u822a\u680f Stack Management \u3002
\u9009\u62e9\u5de6\u4fa7\u5bfc\u822a Index Lifecycle Polices \uff0c\u5e76\u627e\u5230\u7d22\u5f15 insight-es-k8s-logs-policy \uff0c\u70b9\u51fb\u8fdb\u5165\u8be6\u60c5\u3002
\u5c55\u5f00 Hot phase \u914d\u7f6e\u9762\u677f\uff0c\u4fee\u6539 Maximum age \u53c2\u6570\uff0c\u5e76\u8bbe\u7f6e\u4fdd\u7559\u671f\u9650\uff0c\u9ed8\u8ba4\u5b58\u50a8\u65f6\u957f\u4e3a 7d \u3002
\u4fee\u6539\u5b8c\u540e\uff0c\u70b9\u51fb\u9875\u9762\u5e95\u90e8\u7684 Save policy \u5373\u4fee\u6539\u6210\u529f\u3002
\u5148 ssh \u767b\u5f55\u5230\u5bf9\u5e94\u7684\u8282\u70b9\uff0c\u53c2\u8003\u4ee5\u4e0b\u6b65\u9aa4\u4fee\u6539\u94fe\u8def\u6570\u636e\u4fdd\u7559\u671f\u9650\uff1a
"},{"location":"end-user/insight/system-config/modify-config.html#json_1","title":"\u65b9\u6cd5\u4e00\uff1a\u4fee\u6539 Json \u6587\u4ef6","text":"\u4fee\u6539\u4ee5\u4e0b\u6587\u4ef6\u4e2d rollover \u5b57\u6bb5\u4e2d\u7684 max_age \u53c2\u6570\uff0c\u5e76\u8bbe\u7f6e\u4fdd\u7559\u671f\u9650\uff0c\u9ed8\u8ba4\u5b58\u50a8\u65f6\u957f\u4e3a 7d \u3002\u6ce8\u610f\u9700\u8981\u4fee\u6539\u7b2c\u4e00\u884c\u4e2d\u7684 Elastic \u7528\u6237\u540d\u548c\u5bc6\u7801\u3001IP \u5730\u5740\u548c\u7d22\u5f15\u3002
curl --insecure --location -u\"elastic:amyVt4o826e322TUVi13Ezw6\" -X PUT \"https://172.30.47.112:30468/_ilm/policy/jaeger-ilm-policy?pretty\" -H 'Content-Type: application/json' -d'\n{\n \"policy\": {\n \"phases\": {\n \"hot\": {\n \"min_age\": \"0ms\",\n \"actions\": {\n \"set_priority\": {\n \"priority\": 100\n },\n \"rollover\": {\n \"max_age\": \"6d\",\n \"max_size\": \"10gb\"\n }\n }\n },\n \"warm\": {\n \"min_age\": \"10d\",\n \"actions\": {\n \"forcemerge\": {\n \"max_num_segments\": 1\n }\n }\n },\n \"delete\": {\n \"min_age\": \"30d\",\n \"actions\": {\n \"delete\": {}\n }\n }\n }\n }\n}'\n
\u4fee\u6539\u5b8c\u540e\uff0c\u5728\u63a7\u5236\u53f0\u6267\u884c\u4ee5\u4e0a\u547d\u4ee4\u3002\u5b83\u4f1a\u6253\u5370\u51fa\u5982\u4e0b\u6240\u793a\u5185\u5bb9\uff0c\u5219\u4fee\u6539\u6210\u529f\u3002
{\n\"acknowledged\" : true\n}\n
\u767b\u5f55 kibana \uff0c\u9009\u62e9\u5de6\u4fa7\u5bfc\u822a\u680f Stack Management \u3002
\u9009\u62e9\u5de6\u4fa7\u5bfc\u822a Index Lifecycle Polices \uff0c\u5e76\u627e\u5230\u7d22\u5f15 jaeger-ilm-policy \uff0c\u70b9\u51fb\u8fdb\u5165\u8be6\u60c5\u3002
\u5c55\u5f00 Hot phase \u914d\u7f6e\u9762\u677f\uff0c\u4fee\u6539 Maximum age \u53c2\u6570\uff0c\u5e76\u8bbe\u7f6e\u4fdd\u7559\u671f\u9650\uff0c\u9ed8\u8ba4\u5b58\u50a8\u65f6\u957f\u4e3a 7d \u3002
\u4fee\u6539\u5b8c\u540e\uff0c\u70b9\u51fb\u9875\u9762\u5e95\u90e8\u7684 Save policy \u5373\u4fee\u6539\u6210\u529f\u3002
\u5728\u7cfb\u7edf\u7ec4\u4ef6\u9875\u9762\u53ef\u5feb\u901f\u7684\u67e5\u770b\u53ef\u89c2\u6d4b\u6027\u6a21\u5757\u4e2d\u7cfb\u7edf\u7ec4\u4ef6\u7684\u8fd0\u884c\u72b6\u6001\uff0c\u5f53\u7cfb\u7528\u7ec4\u4ef6\u53d1\u751f\u6545\u969c\u65f6\uff0c\u4f1a\u5bfc\u81f4\u53ef\u89c2\u6d4b\u6a21\u5757\u4e2d\u7684\u90e8\u5206\u529f\u80fd\u4e0d\u53ef\u7528\u3002
\u5728\u5de6\u8fb9\u5bfc\u822a\u680f\u9009\u62e9 \u7cfb\u7edf\u7ba1\u7406 -> \u7cfb\u7edf\u7ec4\u4ef6 \u3002
Note
\u82e5\u4f7f\u7528\u5916\u90e8 Elasticsearch \u53ef\u80fd\u65e0\u6cd5\u83b7\u53d6\u90e8\u5206\u6570\u636e\u4ee5\u81f4\u4e8e Elasticsearch \u7684\u4fe1\u606f\u4e3a\u7a7a\u3002
"},{"location":"end-user/insight/system-config/system-config.html","title":"\u7cfb\u7edf\u914d\u7f6e","text":"\u7cfb\u7edf\u914d\u7f6e \u5c55\u793a\u6307\u6807\u3001\u65e5\u5fd7\u3001\u94fe\u8def\u9ed8\u8ba4\u7684\u4fdd\u5b58\u65f6\u957f\u4ee5\u53ca\u9ed8\u8ba4\u7684 Apdex \u9608\u503c\u3002
\u70b9\u51fb\u53f3\u4fa7\u5bfc\u822a\u680f\uff0c\u9009\u62e9 \u7cfb\u7edf\u914d\u7f6e\u3002
\u4fee\u6539\u5386\u53f2\u544a\u8b66\u5b58\u50a8\u65f6\u957f\uff0c\u70b9\u51fb \u7f16\u8f91 \u8f93\u5165\u76ee\u6807\u65f6\u957f\u3002
\u5f53\u5b58\u50a8\u65f6\u957f\u8bbe\u7f6e\u4e3a \"0\" \u5c06\u4e0d\u6e05\u9664\u5386\u53f2\u544a\u8b66\u3002
\u4fee\u6539\u62d3\u6251\u56fe\u6e32\u67d3\u9ed8\u8ba4\u914d\u7f6e\uff0c\u70b9\u51fb \u7f16\u8f91 \u6839\u636e\u9700\u6c42\u5b9a\u4e49\u7cfb\u7edf\u4e2d\u62d3\u6251\u56fe\u9608\u503c\u3002
\u9608\u503c\u8bbe\u7f6e\u5fc5\u987b\u5927\u4e8e 0\uff0c\u524d\u9762\u586b\u5199\u7684\u9608\u503c\u5fc5\u987b\u5c0f\u4e8e\u540e\u9762\u586b\u5199\u7684\u3002\u4e14\u586b\u5199\u7684\u9608\u503c\u5fc5\u987b\u5728\u6700\u5927\u548c\u6700\u5c0f\u7684\u8303\u56f4\u4e4b\u95f4\u3002
Note
\u4fee\u6539\u5176\u4ed6\u914d\u7f6e\uff0c\u8bf7\u70b9\u51fb\u67e5\u770b\u5982\u4f55\u4fee\u6539\u7cfb\u7edf\u914d\u7f6e\uff1f
"},{"location":"end-user/insight/trace/service.html","title":"\u670d\u52a1\u76d1\u63a7","text":"\u5728 \u53ef\u89c2\u6d4b\u6027 Insight \u4e2d\u670d\u52a1\u662f\u6307\u4f7f\u7528 Opentelemtry SDK \u63a5\u5165\u94fe\u8def\u6570\u636e\uff0c\u670d\u52a1\u76d1\u63a7\u80fd\u591f\u8f85\u52a9\u8fd0\u7ef4\u8fc7\u7a0b\u4e2d\u89c2\u5bdf\u5e94\u7528\u7a0b\u5e8f\u7684\u6027\u80fd\u548c\u72b6\u6001\u3002
\u5982\u4f55\u4f7f\u7528 OpenTelemetry \u8bf7\u53c2\u8003\u4f7f\u7528 OTel \u8d4b\u4e88\u5e94\u7528\u53ef\u89c2\u6d4b\u6027\u3002
"},{"location":"end-user/insight/trace/service.html#_2","title":"\u540d\u8bcd\u89e3\u91ca","text":"\u670d\u52a1\u5217\u8868\u9875\u9762\u5c55\u793a\u4e86\u96c6\u7fa4\u4e2d\u6240\u6709\u5df2\u63a5\u5165\u94fe\u8def\u6570\u636e\u7684\u670d\u52a1\u7684\u541e\u5410\u7387\u3001\u9519\u8bef\u7387\u3001\u8bf7\u6c42\u5ef6\u65f6\u7b49\u5173\u952e\u6307\u6807\u3002 \u60a8\u53ef\u4ee5\u6839\u636e\u96c6\u7fa4\u3001\u547d\u540d\u7a7a\u95f4\u5bf9\u670d\u52a1\u8fdb\u884c\u8fc7\u6ee4\uff0c\u4e5f\u53ef\u4ee5\u6309\u7167\u541e\u5410\u7387\u3001\u9519\u8bef\u7387\u3001\u8bf7\u6c42\u5ef6\u65f6\u5bf9\u8be5\u5217\u8868\u8fdb\u884c\u6392\u5e8f\u3002\u5217\u8868\u4e2d\u7684\u6307\u6807\u6570\u636e\u9ed8\u8ba4\u65f6\u95f4\u4e3a 1 \u5c0f\u65f6\uff0c\u60a8\u53ef\u4ee5\u81ea\u5b9a\u4e49\u65f6\u95f4\u8303\u56f4\u3002
\u8bf7\u6309\u7167\u4ee5\u4e0b\u6b65\u9aa4\u67e5\u770b\u670d\u52a1\u76d1\u63a7\u6307\u6807\uff1a
\u8fdb\u5165 \u53ef\u89c2\u6d4b\u6027 \u4ea7\u54c1\u6a21\u5757\u3002
\u5728\u5de6\u8fb9\u5bfc\u822a\u680f\u9009\u62e9 \u94fe\u8def\u8ffd\u8e2a -> \u670d\u52a1 \u3002
Attention
\u70b9\u51fb\u670d\u52a1\u540d (\u4ee5 insight-server \u4e3a\u4f8b)\uff0c\u70b9\u51fb\u8fdb\u5165\u670d\u52a1\u8be6\u60c5\u9875\uff0c\u67e5\u770b\u670d\u52a1\u7684\u8be6\u7ec6\u6307\u6807\u548c\u8be5\u670d\u52a1\u7684\u64cd\u4f5c\u6307\u6807\u3002
\u70b9\u51fb Tab \u5207\u6362\u5230 \u64cd\u4f5c\u6307\u6807 \uff0c\u53ef\u67e5\u8be2\u591a\u9009\u670d\u52a1\u76f8\u540c\u64cd\u4f5c\u7684\u805a\u5408\u8d77\u6765\u7684\u6d41\u91cf\u6307\u6807\u3002
\u670d\u52a1\u62d3\u6251\u56fe\u662f\u5bf9\u670d\u52a1\u4e4b\u95f4\u8fde\u63a5\u3001\u901a\u4fe1\u548c\u4f9d\u8d56\u5173\u7cfb\u7684\u53ef\u89c6\u5316\u8868\u793a\u3002\u901a\u8fc7\u53ef\u89c6\u5316\u62d3\u6251\u4e86\u89e3\u670d\u52a1\u95f4\u7684\u8c03\u7528\u5173\u7cfb\uff0c \u67e5\u770b\u670d\u52a1\u5728\u6307\u5b9a\u65f6\u95f4\u5185\u7684\u8c03\u7528\u53ca\u5176\u6027\u80fd\u72b6\u51b5\u3002\u62d3\u6251\u56fe\u7684\u8282\u70b9\u4e4b\u95f4\u7684\u8054\u7cfb\u4ee3\u8868\u4e24\u4e2a\u670d\u52a1\u5728\u67e5\u8be2\u65f6\u95f4\u8303\u56f4\u5185\u670d\u52a1\u4e4b\u95f4\u7684\u5b58\u5728\u8c03\u7528\u5173\u7cfb\u3002
"},{"location":"end-user/insight/trace/topology.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u5728\u62d3\u6251\u56fe\u4e2d\uff0c\u60a8\u53ef\u6309\u9700\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\uff1a
\u70b9\u51fb\u53f3\u4e0b\u89d2 \u56fe\u4f8b \uff0c\u53ef\u901a\u8fc7 \u4e34\u65f6\u914d\u7f6e \u4fee\u6539\u5f53\u524d\u7684\u62d3\u6251\u56fe\u5b9a\u4e49\u7684\u6e32\u67d3\u9608\u503c\uff0c\u8df3\u51fa\u6216\u5173\u95ed\u8be5\u9875\u9762\u5373\u4f1a\u4e22\u5931\u8be5\u914d\u7f6e\u3002
\u9608\u503c\u8bbe\u7f6e\u5fc5\u987b\u5927\u4e8e 0\uff0c\u524d\u9762\u586b\u5199\u7684\u9608\u503c\u5fc5\u987b\u5c0f\u4e8e\u540e\u9762\u586b\u5199\u7684\u3002\u4e14\u586b\u5199\u7684\u9608\u503c\u5fc5\u987b\u5728\u6700\u5927\u548c\u6700\u5c0f\u7684\u8303\u56f4\u4e4b\u95f4\u3002
\u5728\u670d\u52a1\u62d3\u6251\u4e2d\u4f1a\u5b58\u5728\u6e38\u79bb\u5728\u96c6\u7fa4\u4e4b\u5916\u7684\u8282\u70b9\uff0c\u8fd9\u4e9b\u6e38\u79bb\u5728\u5916\u7684\u8282\u70b9\u53ef\u5206\u6210\u4e09\u7c7b\uff1a
\u865a\u62df\u8282\u70b9
\u82e5\u670d\u52a1\u53d1\u8d77\u8bf7\u6c42\u5230\u6570\u636e\u5e93
\u6216\u6d88\u606f\u961f\u5217
\u65f6\uff0c\u62d3\u6251\u56fe\u4e2d\u4f1a\u9ed8\u8ba4\u5c55\u793a\u8fd9\u4e24\u7c7b\u8282\u70b9\u3002 \u800c\u865a\u62df\u670d\u52a1
\u8868\u793a\u96c6\u7fa4\u5185\u670d\u52a1\u8bf7\u6c42\u4e86\u96c6\u7fa4\u5916\u7684\u8282\u70b9\u6216\u8005\u672a\u63a5\u5165\u94fe\u8def\u7684\u670d\u52a1\uff0c\u62d3\u6251\u56fe\u4e2d\u9ed8\u8ba4\u4e0d\u4f1a\u5c55\u793a \u865a\u62df\u670d\u52a1
\u3002
\u5f53\u670d\u52a1\u8bf7\u6c42\u5230 MySQL\u3001PostgreSQL\u3001Oracle Database \u8fd9\u4e09\u79cd\u6570\u636e\u5e93\u65f6\uff0c\u5728\u62d3\u6251\u56fe\u4e2d\u53ef\u4ee5\u770b\u5230\u8bf7\u6c42\u7684\u8be6\u7ec6\u6570\u636e\u5e93\u7c7b\u578b\u3002
\u66f4\u65b0 insight-server chart \u7684 values\uff0c\u627e\u5230\u4e0b\u56fe\u6240\u793a\u53c2\u6570\uff0c\u5c06 false
\u6539\u4e3a true
\u3002
\u5728\u670d\u52a1\u62d3\u6251\u7684\u663e\u793a\u8bbe\u7f6e\u4e2d\u52fe\u9009 \u865a\u62df\u670d\u52a1 \u3002
\u5728\u94fe\u8def\u67e5\u8be2\u9875\u9762\uff0c\u60a8\u53ef\u4ee5\u8fc7 TraceID \u6216\u7cbe\u786e\u67e5\u8be2\u8c03\u7528\u94fe\u8def\u8be6\u7ec6\u60c5\u51b5\u6216\u7ed3\u5408\u591a\u79cd\u6761\u4ef6\u7b5b\u9009\u67e5\u8be2\u8c03\u7528\u94fe\u8def\u3002
"},{"location":"end-user/insight/trace/trace.html#_2","title":"\u540d\u8bcd\u89e3\u91ca","text":"\u8bf7\u6309\u7167\u4ee5\u4e0b\u6b65\u9aa4\u67e5\u8be2\u94fe\u8def\uff1a
\u5728\u5de6\u8fb9\u5bfc\u822a\u680f\u9009\u62e9 \u94fe\u8def\u8ffd\u8e2a -> \u8c03\u7528\u94fe\u3002
Note
\u5217\u8868\u4e2d\u652f\u6301\u5bf9 Span \u6570\u3001\u5ef6\u65f6\u3001\u53d1\u751f\u65f6\u95f4\u8fdb\u884c\u6392\u5e8f\u3002
\u70b9\u51fb\u7b5b\u9009\u680f\u4e2d\u7684 TraceID \u641c\u7d22 \u5207\u6362\u4f7f\u7528 TraceID \u641c\u7d22\u94fe\u8def\u3002
\u4f7f\u7528 TraceID \u641c\u7d22\u8bf7\u8f93\u5165\u5b8c\u6574\u7684 TraceID\u3002
\u70b9\u51fb\u94fe\u8def\u5217\u8868\u4e2d\u7684\u67d0\u4e00\u94fe\u8def\u7684 TraceID\uff0c\u53ef\u67e5\u770b\u8be5\u94fe\u8def\u7684\u8be6\u60c5\u8c03\u7528\u60c5\u51b5\u3002
\u70b9\u51fb\u94fe\u8def\u6570\u636e\u53f3\u4fa7\u7684\u56fe\u6807\uff0c\u53ef\u67e5\u8be2\u8be5\u94fe\u8def\u7684\u5173\u8054\u65e5\u5fd7\u3002
\u70b9\u51fb \u67e5\u770b\u66f4\u591a \u540e\u53ef\u5e26\u6761\u4ef6\u8df3\u8f6c\u5230 \u65e5\u5fd7\u67e5\u8be2 \u7684\u9875\u9762\u3002
\u9ed8\u8ba4\u641c\u7d22\u5168\u90e8\u65e5\u5fd7\uff0c\u4f46\u53ef\u4e0b\u62c9\u6839\u636e\u94fe\u8def\u7684 TraceID \u6216\u94fe\u8def\u8c03\u7528\u8fc7\u7a0b\u4e2d\u76f8\u5173\u7684\u5bb9\u5668\u65e5\u5fd7\u8fdb\u884c\u8fc7\u6ee4\u3002
Note
\u7531\u4e8e\u94fe\u8def\u4f1a\u8de8\u96c6\u7fa4\u6216\u8de8\u547d\u540d\u7a7a\u95f4\uff0c\u82e5\u7528\u6237\u6743\u9650\u4e0d\u8db3\uff0c\u5219\u65e0\u6cd5\u67e5\u8be2\u8be5\u94fe\u8def\u7684\u5173\u8054\u65e5\u5fd7\u3002
\u5982\u679c\u8282\u70b9\u4e0d\u591f\u7528\u4e86\uff0c\u53ef\u4ee5\u6dfb\u52a0\u66f4\u591a\u8282\u70b9\u5230\u96c6\u7fa4\u4e2d\u3002
"},{"location":"end-user/k8s/add-node.html#_2","title":"\u524d\u7f6e\u6761\u4ef6","text":"\u5bfc\u822a\u81f3 \u5bb9\u5668\u7ba1\u7406 -> \u96c6\u7fa4\u5217\u8868 \uff0c\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0
\u8fdb\u5165\u96c6\u7fa4\u6982\u89c8\u9875\uff0c\u70b9\u51fb \u8282\u70b9\u7ba1\u7406 \uff0c\u70b9\u51fb\u53f3\u4fa7\u7684 \u63a5\u5165\u8282\u70b9 \u6309\u94ae
\u6309\u7167\u5411\u5bfc\uff0c\u586b\u5199\u5404\u9879\u53c2\u6570\u540e\u70b9\u51fb \u786e\u5b9a
\u57fa\u672c\u4fe1\u606f\u53c2\u6570\u914d\u7f6e\u5728\u5f39\u7a97\u4e2d\u70b9\u51fb \u786e\u5b9a
\u8fd4\u56de\u8282\u70b9\u5217\u8868\uff0c\u65b0\u63a5\u5165\u7684\u8282\u70b9\u72b6\u6001\u4e3a \u63a5\u5165\u4e2d \uff0c\u7b49\u5f85\u51e0\u5206\u949f\u540e\u72b6\u6001\u53d8\u4e3a \u5065\u5eb7 \u5219\u8868\u793a\u63a5\u5165\u6210\u529f\u3002
Tip
\u5bf9\u4e8e\u521a\u63a5\u5165\u6210\u529f\u7684\u8282\u70b9\uff0c\u53ef\u80fd\u8fd8\u8981\u7b49 2-3 \u5206\u949f\u624d\u80fd\u8bc6\u522b\u51fa GPU\u3002
"},{"location":"end-user/k8s/create-k8s.html","title":"\u521b\u5efa\u4e91\u4e0a Kubernetes \u96c6\u7fa4","text":"\u90e8\u7f72 Kubernetes \u96c6\u7fa4\u662f\u4e3a\u4e86\u652f\u6301\u9ad8\u6548\u7684 AI \u7b97\u529b\u8c03\u5ea6\u548c\u7ba1\u7406\uff0c\u5b9e\u73b0\u5f39\u6027\u4f38\u7f29\uff0c\u63d0\u4f9b\u9ad8\u53ef\u7528\u6027\uff0c\u4ece\u800c\u4f18\u5316\u6a21\u578b\u8bad\u7ec3\u548c\u63a8\u7406\u8fc7\u7a0b\u3002
"},{"location":"end-user/k8s/create-k8s.html#_1","title":"\u524d\u7f6e\u6761\u4ef6","text":"\u521b\u5efa\u5e76\u542f\u52a8 3 \u53f0\u4e0d\u5e26 GPU \u7684\u4e91\u4e3b\u673a\u7528\u4f5c\u96c6\u7fa4\u7684 Master \u8282\u70b9
\u5bfc\u822a\u81f3 \u5bb9\u5668\u7ba1\u7406 -> \u96c6\u7fa4\u5217\u8868 \uff0c\u70b9\u51fb\u53f3\u4fa7\u7684 \u521b\u5efa\u96c6\u7fa4 \u6309\u94ae
\u6309\u7167\u5411\u5bfc\uff0c\u914d\u7f6e\u96c6\u7fa4\u7684\u5404\u9879\u53c2\u6570
\u57fa\u672c\u4fe1\u606f\u8282\u70b9\u914d\u7f6e\u7f51\u7edc\u914d\u7f6eAddon \u914d\u7f6e\u9ad8\u7ea7\u914d\u7f6e\u914d\u7f6e\u5b8c\u8282\u70b9\u4fe1\u606f\u540e\uff0c\u70b9\u51fb \u5f00\u59cb\u68c0\u67e5 \uff0c
\u6bcf\u4e2a\u8282\u70b9\u9ed8\u8ba4\u53ef\u8fd0\u884c 110 \u4e2a Pod\uff08\u5bb9\u5668\u7ec4\uff09\uff0c\u5982\u679c\u8282\u70b9\u914d\u7f6e\u6bd4\u8f83\u9ad8\uff0c\u53ef\u4ee5\u8c03\u6574\u5230 200 \u6216 300 \u4e2a Pod\u3002
\u7b49\u5f85\u96c6\u7fa4\u521b\u5efa\u5b8c\u6210\u3002
\u5728\u96c6\u7fa4\u5217\u8868\u4e2d\uff0c\u627e\u5230\u521a\u521b\u5efa\u7684\u96c6\u7fa4\uff0c\u70b9\u51fb\u96c6\u7fa4\u540d\u79f0\uff0c\u5bfc\u822a\u5230 Helm \u5e94\u7528 -> Helm \u6a21\u677f \uff0c\u5728\u641c\u7d22\u6846\u5185\u641c\u7d22 metax-gpu-extensions\uff0c\u70b9\u51fb\u5361\u7247
\u70b9\u51fb\u53f3\u4fa7\u7684 \u5b89\u88c5 \u6309\u94ae\uff0c\u5f00\u59cb\u5b89\u88c5 GPU \u63d2\u4ef6
\u5e94\u7528\u8bbe\u7f6eKubernetes \u7f16\u6392\u786e\u8ba4\u8f93\u5165\u540d\u79f0\uff0c\u9009\u62e9\u547d\u540d\u7a7a\u95f4\uff0c\u5728 YAMl \u4e2d\u4fee\u6539\u955c\u50cf\u5730\u5740\uff1a
\u81ea\u52a8\u8fd4\u56de Helm \u5e94\u7528\u5217\u8868\uff0c\u7b49\u5f85 metax-gpu-extensions \u72b6\u6001\u53d8\u4e3a \u5df2\u90e8\u7f72
\u5230\u6b64\u96c6\u7fa4\u521b\u5efa\u6210\u529f\uff0c\u53ef\u4ee5\u53bb\u67e5\u770b\u96c6\u7fa4\u6240\u5305\u542b\u7684\u8282\u70b9\u3002\u4f60\u53ef\u4ee5\u53bb\u521b\u5efa AI \u5de5\u4f5c\u8d1f\u8f7d\u5e76\u4f7f\u7528 GPU \u4e86\u3002
\u4e0b\u4e00\u6b65\uff1a\u521b\u5efa AI \u5de5\u4f5c\u8d1f\u8f7d
"},{"location":"end-user/k8s/remove-node.html","title":"\u79fb\u9664 GPU \u5de5\u4f5c\u8282\u70b9","text":"GPU \u8d44\u6e90\u7684\u6210\u672c\u76f8\u5bf9\u8f83\u9ad8\uff0c\u5982\u679c\u6682\u65f6\u7528\u4e0d\u5230 GPU\uff0c\u53ef\u4ee5\u5c06\u5e26 GPU \u7684\u5de5\u4f5c\u8282\u70b9\u79fb\u9664\u3002 \u4ee5\u4e0b\u6b65\u9aa4\u4e5f\u540c\u6837\u9002\u7528\u4e8e\u79fb\u9664\u666e\u901a\u5de5\u4f5c\u8282\u70b9\u3002
"},{"location":"end-user/k8s/remove-node.html#_1","title":"\u524d\u7f6e\u6761\u4ef6","text":"\u5bfc\u822a\u81f3 \u5bb9\u5668\u7ba1\u7406 -> \u96c6\u7fa4\u5217\u8868 \uff0c\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0
\u8fdb\u5165\u96c6\u7fa4\u6982\u89c8\u9875\uff0c\u70b9\u51fb \u8282\u70b9\u7ba1\u7406 \uff0c\u627e\u5230\u8981\u79fb\u9664\u7684\u8282\u70b9\uff0c\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507 \uff0c\u5728\u5f39\u51fa\u83dc\u5355\u4e2d\u9009\u62e9 \u79fb\u9664\u8282\u70b9
\u5728\u5f39\u6846\u4e2d\u8f93\u5165\u8282\u70b9\u540d\u79f0\uff0c\u786e\u8ba4\u65e0\u8bef\u540e\u70b9\u51fb \u5220\u9664
\u81ea\u52a8\u8fd4\u56de\u8282\u70b9\u5217\u8868\uff0c\u72b6\u6001\u4e3a \u79fb\u9664\u4e2d \uff0c\u51e0\u5206\u949f\u540e\u5237\u65b0\u9875\u9762\uff0c\u8282\u70b9\u4e0d\u5728\u4e86\uff0c\u8bf4\u660e\u8282\u70b9\u88ab\u6210\u529f\u79fb\u9664
\u4ece UI \u5217\u8868\u79fb\u9664\u8282\u70b9\u540e\uff0c\u901a\u8fc7 SSH \u767b\u5f55\u5230\u5df2\u79fb\u9664\u7684\u8282\u70b9\u4e3b\u673a\uff0c\u6267\u884c\u5173\u673a\u547d\u4ee4\u3002
Tip
\u5728 UI \u4e0a\u79fb\u9664\u8282\u70b9\u5e76\u5c06\u5176\u5173\u673a\u540e\uff0c\u8282\u70b9\u4e0a\u7684\u6570\u636e\u5e76\u672a\u88ab\u7acb\u5373\u5220\u9664\uff0c\u8282\u70b9\u6570\u636e\u4f1a\u88ab\u4fdd\u7559\u4e00\u6bb5\u65f6\u95f4\u3002
"},{"location":"end-user/kpanda/backup/index.html","title":"\u5907\u4efd\u6062\u590d","text":"\u5907\u4efd\u6062\u590d\u5206\u4e3a\u5907\u4efd\u548c\u6062\u590d\u4e24\u65b9\u9762\uff0c\u5b9e\u9645\u5e94\u7528\u65f6\u9700\u8981\u5148\u5907\u4efd\u7cfb\u7edf\u5728\u67d0\u4e00\u65f6\u70b9\u7684\u6570\u636e\uff0c\u7136\u540e\u5b89\u5168\u5b58\u50a8\u5730\u5907\u4efd\u6570\u636e\u3002\u540e\u7eed\u5982\u679c\u51fa\u73b0\u6570\u636e\u635f\u574f\u3001\u4e22\u5931\u3001\u8bef\u5220\u7b49\u4e8b\u6545\uff0c\u5c31\u53ef\u4ee5\u57fa\u4e8e\u4e4b\u524d\u7684\u6570\u636e\u5907\u4efd\u5feb\u901f\u8fd8\u539f\u7cfb\u7edf\uff0c\u7f29\u77ed\u6545\u969c\u65f6\u95f4\uff0c\u51cf\u5c11\u635f\u5931\u3002
\u56e0\u6b64\uff0c\u5907\u4efd\u6062\u590d\u975e\u5e38\u91cd\u8981\uff0c\u53ef\u4ee5\u89c6\u4e4b\u4e3a\u7ef4\u62a4\u7cfb\u7edf\u7a33\u5b9a\u548c\u6570\u636e\u5b89\u5168\u7684\u6700\u540e\u4e00\u9053\u4fdd\u9669\u3002
\u5907\u4efd\u901a\u5e38\u5206\u4e3a\u5168\u91cf\u5907\u4efd\u3001\u589e\u91cf\u5907\u4efd\u3001\u5dee\u5f02\u5907\u4efd\u4e09\u79cd\u3002\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u76ee\u524d\u652f\u6301\u5168\u91cf\u5907\u4efd\u548c\u589e\u91cf\u5907\u4efd\u3002
\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u63d0\u4f9b\u7684\u5907\u4efd\u6062\u590d\u53ef\u4ee5\u5206\u4e3a \u5e94\u7528\u5907\u4efd \u548c ETCD \u5907\u4efd \u4e24\u79cd\uff0c\u652f\u6301\u624b\u52a8\u5907\u4efd\uff0c\u6216\u57fa\u4e8e CronJob \u5b9a\u65f6\u81ea\u52a8\u5907\u4efd\u3002
\u5e94\u7528\u5907\u4efd
\u5e94\u7528\u5907\u4efd\u6307\uff0c\u5907\u4efd\u96c6\u7fa4\u4e2d\u7684\u67d0\u4e2a\u5de5\u4f5c\u8d1f\u8f7d\u7684\u6570\u636e\uff0c\u7136\u540e\u5c06\u8be5\u5de5\u4f5c\u8d1f\u8f7d\u7684\u6570\u636e\u6062\u590d\u5230\u672c\u96c6\u7fa4\u6216\u8005\u5176\u4ed6\u96c6\u7fa4\u3002\u652f\u6301\u5907\u4efd\u6574\u4e2a\u547d\u540d\u7a7a\u95f4\u4e0b\u7684\u6240\u6709\u8d44\u6e90\uff0c\u4e5f\u652f\u6301\u901a\u8fc7\u6807\u7b7e\u9009\u62e9\u5668\u8fc7\u6ee4\uff0c\u4ec5\u5907\u4efd\u5e26\u6709\u7279\u5b9a\u6807\u7b7e\u7684\u8d44\u6e90\u3002
\u5e94\u7528\u5907\u4efd\u652f\u6301\u8de8\u96c6\u7fa4\u5907\u4efd\u6709\u72b6\u6001\u5e94\u7528\uff0c\u5177\u4f53\u6b65\u9aa4\u53ef\u53c2\u8003MySQL \u5e94\u7528\u53ca\u6570\u636e\u7684\u8de8\u96c6\u7fa4\u5907\u4efd\u6062\u590d\u3002
ETCD \u5907\u4efd
etcd \u662f Kubernetes \u7684\u6570\u636e\u5b58\u50a8\u7ec4\u4ef6\uff0cKubernetes \u5c06\u81ea\u8eab\u7684\u7ec4\u4ef6\u6570\u636e\u548c\u5176\u4e2d\u7684\u5e94\u7528\u6570\u636e\u90fd\u5b58\u50a8\u5728 etcd \u4e2d\u3002\u56e0\u6b64\uff0c\u5907\u4efd etcd \u5c31\u76f8\u5f53\u4e8e\u5907\u4efd\u6574\u4e2a\u96c6\u7fa4\u7684\u6570\u636e\uff0c\u53ef\u4ee5\u5728\u6545\u969c\u65f6\u5feb\u901f\u5c06\u96c6\u7fa4\u6062\u590d\u5230\u4e4b\u524d\u67d0\u4e00\u65f6\u70b9\u7684\u72b6\u6001\u3002
\u9700\u8981\u6ce8\u610f\u7684\u662f\uff0c\u76ee\u524d\u4ec5\u652f\u6301\u5c06 etcd \u5907\u4efd\u6570\u636e\u6062\u590d\u5230\u540c\u4e00\u96c6\u7fa4\uff08\u539f\u96c6\u7fa4\uff09\u3002
\u672c\u6587\u4ecb\u7ecd\u5982\u4f55\u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4e2d\u4e3a\u5e94\u7528\u505a\u5907\u4efd\uff0c\u672c\u6559\u7a0b\u4e2d\u4f7f\u7528\u7684\u6f14\u793a\u5e94\u7528\u540d\u4e3a dao-2048 \uff0c\u5c5e\u4e8e\u65e0\u72b6\u6001\u5de5\u4f5c\u8d1f\u8f7d\u3002
"},{"location":"end-user/kpanda/backup/deployment.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u5728\u5bf9\u65e0\u72b6\u6001\u5de5\u4f5c\u8d1f\u8f7d\u8fdb\u884c\u5907\u4efd\u524d\uff0c\u9700\u8981\u6ee1\u8db3\u4ee5\u4e0b\u524d\u63d0\u6761\u4ef6\uff1a
\u5728\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u4e2d\u63a5\u5165 Kubernetes \u96c6\u7fa4\u6216\u8005\u7ba1\u7406\u5458\u5df2\u4e3a\u7528\u6237\u521b\u5efa\u4e86\u96c6\u7fa4\uff0c\u4e14\u80fd\u591f\u8bbf\u95ee\u96c6\u7fa4\u7684 UI \u754c\u9762\u3002
\u521b\u5efa\u4e00\u4e2a\u547d\u540d\u7a7a\u95f4\u548c\u7528\u6237\u3002
\u5f53\u524d\u64cd\u4f5c\u7528\u6237\u5e94\u5177\u6709 NS Editor \u6216\u66f4\u9ad8\u6743\u9650\uff0c\u8be6\u60c5\u53ef\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u6388\u6743\u3002
\u5b89\u88c5 velero \u7ec4\u4ef6\uff0c\u4e14 velero \u7ec4\u4ef6\u8fd0\u884c\u6b63\u5e38\u3002
\u521b\u5efa\u4e00\u4e2a\u65e0\u72b6\u6001\u5de5\u4f5c\u8d1f\u8f7d\uff08\u672c\u6559\u7a0b\u4e2d\u7684\u8d1f\u8f7d\u540d\u4e3a dao-2048 \uff09\uff0c\u5e76\u4e3a\u65e0\u72b6\u6001\u5de5\u4f5c\u8d1f\u8f7d\u6253\u4e0a app: dao-2048 \u7684\u6807\u7b7e\u3002
\u53c2\u8003\u4ee5\u4e0b\u6b65\u9aa4\uff0c\u5907\u4efd\u65e0\u72b6\u6001\u5de5\u4f5c\u8d1f\u8f7d dao-2048 \u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\uff0c \u70b9\u51fb \u5bb9\u5668\u7ba1\u7406 -> \u5907\u4efd\u6062\u590d \u3002
\u8fdb\u5165 \u5e94\u7528\u5907\u4efd \u5217\u8868\u9875\u9762\uff0c\u4ece\u96c6\u7fa4\u4e0b\u62c9\u5217\u8868\u4e2d\u9009\u62e9\u5df2\u5b89\u88c5\u4e86 velero \u548c dao-2048 \u7684\u96c6\u7fa4\u3002 \u70b9\u51fb\u53f3\u4fa7\u7684 \u521b\u5efa\u5907\u4efd\u8ba1\u5212 \u6309\u94ae\u3002
\u53c2\u8003\u4e0b\u65b9\u8bf4\u660e\u586b\u5199\u5907\u4efd\u914d\u7f6e\u3002
\u53c2\u8003\u4e0b\u65b9\u8bf4\u660e\u8bbe\u7f6e\u5907\u4efd\u6267\u884c\u9891\u7387\uff0c\u7136\u540e\u70b9\u51fb \u4e0b\u4e00\u6b65 \u3002
*
\u81ea\u5b9a\u4e49 Cron \u8868\u8fbe\u5f0f\uff0c\u8f93\u5165\u8868\u8fbe\u5f0f\u540e\u4e0b\u65b9\u4f1a\u63d0\u793a\u5f53\u524d\u8868\u8fbe\u5f0f\u7684\u542b\u4e49 \u3002\u6709\u5173\u8be6\u7ec6\u7684\u8868\u8fbe\u5f0f\u8bed\u6cd5\u89c4\u5219\uff0c\u53ef\u53c2\u8003 Cron \u65f6\u95f4\u8868\u8bed\u6cd5\u3002\u70b9\u51fb \u786e\u5b9a \uff0c\u9875\u9762\u4f1a\u81ea\u52a8\u8fd4\u56de\u5e94\u7528\u5907\u4efd\u8ba1\u5212\u5217\u8868\u3002\u60a8\u53ef\u4ee5\u627e\u5230\u65b0\u5efa\u7684 dao-2048 \u5907\u4efd\u8ba1\u5212\uff0c\u5728\u53f3\u4fa7\u70b9\u51fb \u2507 \uff0c\u9009\u62e9 \u7acb\u5373\u6267\u884c \u5f00\u59cb\u5907\u4efd\u3002
\u6b64\u65f6\u96c6\u7fa4\u7684 \u4e0a\u4e00\u6b21\u6267\u884c\u72b6\u6001 \u5c06\u8f6c\u53d8\u4e3a \u5907\u4efd\u4e2d \u3002\u7b49\u5f85\u5907\u4efd\u5b8c\u6210\u540e\u53ef\u4ee5\u70b9\u51fb\u5907\u4efd\u8ba1\u5212\u7684\u540d\u79f0\uff0c\u67e5\u770b\u5907\u4efd\u8ba1\u5212\u8be6\u60c5\u3002
Note
\u5982\u679c Job \u7c7b\u578b\u7684\u5de5\u4f5c\u8d1f\u8f7d\u72b6\u6001\u4e3a \u6267\u884c\u5b8c\u6210 \uff0c\u5219\u4e0d\u652f\u6301\u5907\u4efd\u3002
"},{"location":"end-user/kpanda/backup/etcd-backup.html","title":"etcd \u5907\u4efd","text":"etcd \u5907\u4efd\u662f\u4ee5\u96c6\u7fa4\u6570\u636e\u4e3a\u6838\u5fc3\u7684\u5907\u4efd\u3002\u5728\u786c\u4ef6\u8bbe\u5907\u635f\u574f\uff0c\u5f00\u53d1\u6d4b\u8bd5\u914d\u7f6e\u9519\u8bef\u7b49\u573a\u666f\u4e2d\uff0c\u53ef\u4ee5\u901a\u8fc7 etcd \u5907\u4efd\u6062\u590d\u96c6\u7fa4\u6570\u636e\u3002
\u672c\u6587\u4ecb\u7ecd\u5982\u4f55\u4e3a\u96c6\u7fa4\u5236\u4f5c etcd \u5907\u4efd\u3002
"},{"location":"end-user/kpanda/backup/etcd-backup.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u63a5\u5165\u6216\u8005\u7ba1\u7406\u5458\u5df2\u4e3a\u7528\u6237\u521b\u5efa\u4e86\u96c6\u7fa4\uff0c\u4e14\u80fd\u591f\u8bbf\u95ee\u96c6\u7fa4\u7684 UI \u754c\u9762\u3002
\u521b\u5efa\u547d\u540d\u7a7a\u95f4\u548c\u7528\u6237\uff0c\u5e76\u4e3a\u7528\u6237\u6388\u4e88 NS Admin \u6216\u66f4\u9ad8\u6743\u9650\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u6388\u6743\u3002
\u51c6\u5907\u4e00\u4e2a MinIO \u5b9e\u4f8b\u3002
\u53c2\u7167\u4ee5\u4e0b\u6b65\u9aa4\u521b\u5efa etcd \u5907\u4efd\u3002
\u8fdb\u5165 \u5bb9\u5668\u7ba1\u7406 -> \u5907\u4efd\u6062\u590d -> etcd \u5907\u4efd \uff0c\u70b9\u51fb \u5907\u4efd\u7b56\u7565 \u9875\u7b7e\uff0c\u7136\u540e\u5728\u53f3\u4fa7\u70b9\u51fb \u521b\u5efa\u5907\u4efd\u7b56\u7565 \u3002
\u53c2\u8003\u4ee5\u4e0b\u8bf4\u660e\u586b\u5199 \u57fa\u672c\u4fe1\u606f \u3002\u586b\u5199\u5b8c\u6bd5\u540e\u70b9\u51fb \u4e0b\u4e00\u6b65 \uff0c\u7cfb\u7edf\u5c06\u81ea\u52a8\u6821\u9a8c etcd \u7684\u8054\u901a\u6027\uff0c\u6821\u9a8c\u901a\u8fc7\u4e4b\u540e\u53ef\u4ee5\u8fdb\u884c\u4e0b\u4e00\u6b65\u3002
etcd \u5730\u5740\uff1a\u683c\u5f0f\u4e3a https://${\u8282\u70b9IP}:${\u7aef\u53e3\u53f7}
\u5728 kube-system \u547d\u540d\u7a7a\u95f4\u4e0b\u67e5\u627e etcd Pod
kubectl get po -n kube-system | grep etcd\n
\u83b7\u53d6 etcd Pod \u7684 listen-client-urls \u4e2d\u7684\u7aef\u53e3\u53f7
kubectl get po -n kube-system ${etcd_pod_name} -oyaml | grep listen-client-urls # (1)!\n
\u9884\u671f\u8f93\u51fa\u7ed3\u679c\u5982\u4e0b\uff0c\u8282\u70b9 IP \u540e\u7684\u6570\u5b57\u5373\u4e3a\u7aef\u53e3\u53f7:
- --listen-client-urls=https://127.0.0.1:2379,https://10.6.229.191:2379\n
CA \u8bc1\u4e66\uff1a\u53ef\u901a\u8fc7\u5982\u4e0b\u547d\u4ee4\u67e5\u770b\u8bc1\u4e66\uff0c\u7136\u540e\u5c06\u8bc1\u4e66\u5185\u5bb9\u590d\u5236\u7c98\u8d34\u5230\u5bf9\u5e94\u4f4d\u7f6e\uff1a
cat /etc/kubernetes/ssl/etcd/ca.crt\n
Cert \u8bc1\u4e66\uff1a\u53ef\u901a\u8fc7\u5982\u4e0b\u547d\u4ee4\u67e5\u770b\u8bc1\u4e66\uff0c\u7136\u540e\u5c06\u8bc1\u4e66\u5185\u5bb9\u590d\u5236\u7c98\u8d34\u5230\u5bf9\u5e94\u4f4d\u7f6e\uff1a
cat /etc/kubernetes/ssl/apiserver-etcd-client.crt\n
Key\uff1a\u53ef\u901a\u8fc7\u5982\u4e0b\u547d\u4ee4\u67e5\u770b\u8bc1\u4e66\uff0c\u7136\u540e\u5c06\u8bc1\u4e66\u5185\u5bb9\u590d\u5236\u7c98\u8d34\u5230\u5bf9\u5e94\u4f4d\u7f6e\uff1a
cat /etc/kubernetes/ssl/apiserver-etcd-client.key\n
Note
\u70b9\u51fb\u8f93\u5165\u6846\u4e0b\u65b9\u7684 \u5982\u4f55\u83b7\u53d6 \u53ef\u4ee5\u5728 UI \u9875\u9762\u67e5\u770b\u83b7\u53d6\u5bf9\u5e94\u4fe1\u606f\u7684\u65b9\u5f0f\u3002
\u53c2\u8003\u4ee5\u4e0b\u4fe1\u606f\u586b\u5199 \u5907\u4efd\u7b56\u7565 \u3002
\u5907\u4efd\u65b9\u5f0f\uff1a\u9009\u62e9\u624b\u52a8\u5907\u4efd\u6216\u5b9a\u65f6\u5907\u4efd
\u5907\u4efd\u94fe\u957f\u5ea6\uff1a\u6700\u591a\u4fdd\u7559\u591a\u5c11\u6761\u5907\u4efd\u6570\u636e\u3002\u9ed8\u8ba4\u4e3a 30 \u6761\u3002
\u53c2\u8003\u4ee5\u4e0b\u4fe1\u606f\u586b\u5199 \u5b58\u50a8\u4f4d\u7f6e \u3002
\u70b9\u51fb \u786e\u5b9a \u540e\u9875\u9762\u81ea\u52a8\u8df3\u8f6c\u5230\u5907\u4efd\u7b56\u7565\u5217\u8868\uff0c\u53ef\u4ee5\u67e5\u770b\u76ee\u524d\u521b\u5efa\u597d\u7684\u6240\u6709\u7b56\u7565\u3002
\u70b9\u51fb \u65e5\u5fd7 \u53ef\u4ee5\u67e5\u770b\u65e5\u5fd7\u5185\u5bb9\uff0c\u9ed8\u8ba4\u5c55\u793a 100 \u884c\u3002\u82e5\u60f3\u67e5\u770b\u66f4\u591a\u65e5\u5fd7\u4fe1\u606f\u6216\u8005\u4e0b\u8f7d\u65e5\u5fd7\uff0c\u53ef\u5728\u65e5\u5fd7\u4e0a\u65b9\u6839\u636e\u63d0\u793a\u524d\u5f80\u53ef\u89c2\u6d4b\u6027\u6a21\u5757\u3002
"},{"location":"end-user/kpanda/backup/etcd-backup.html#_3","title":"\u67e5\u770b\u5907\u4efd\u7b56\u7565\u8be6\u60c5","text":"\u8fdb\u5165 \u5bb9\u5668\u7ba1\u7406 -> \u5907\u4efd\u6062\u590d -> etcd \u5907\u4efd \uff0c\u70b9\u51fb \u5907\u4efd\u7b56\u7565 \u9875\u7b7e\uff0c\u63a5\u7740\u70b9\u51fb\u7b56\u7565\u540d\u79f0\u53ef\u4ee5\u67e5\u770b\u7b56\u7565\u8be6\u60c5\u3002
"},{"location":"end-user/kpanda/backup/etcd-backup.html#_4","title":"\u67e5\u770b\u5907\u4efd\u70b9","text":"\u9009\u62e9\u76ee\u6807\u96c6\u7fa4\u540e\uff0c\u53ef\u4ee5\u67e5\u770b\u8be5\u96c6\u7fa4\u4e0b\u6240\u6709\u5907\u4efd\u4fe1\u606f\u3002
\u6bcf\u6267\u884c\u4e00\u6b21\u5907\u4efd\uff0c\u5bf9\u5e94\u751f\u6210\u4e00\u4e2a\u5907\u4efd\u70b9\uff0c\u53ef\u901a\u8fc7\u6210\u529f\u72b6\u6001\u7684\u5907\u4efd\u70b9\u5feb\u901f\u6062\u590d\u5e94\u7528\u3002
velero \u662f\u4e00\u4e2a\u5907\u4efd\u548c\u6062\u590d Kubernetes \u96c6\u7fa4\u8d44\u6e90\u7684\u5f00\u6e90\u5de5\u5177\u3002\u5b83\u53ef\u4ee5\u5c06 Kubernetes \u96c6\u7fa4\u4e2d\u7684\u8d44\u6e90\u5907\u4efd\u5230\u4e91\u5b58\u50a8\u670d\u52a1\u3001\u672c\u5730\u5b58\u50a8\u6216\u5176\u4ed6\u4f4d\u7f6e\uff0c\u5e76\u4e14\u53ef\u4ee5\u5728\u9700\u8981\u65f6\u5c06\u8fd9\u4e9b\u8d44\u6e90\u6062\u590d\u5230\u540c\u4e00\u6216\u4e0d\u540c\u7684\u96c6\u7fa4\u4e2d\u3002
\u672c\u8282\u4ecb\u7ecd\u5982\u4f55\u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4e2d\u4f7f\u7528 Helm \u5e94\u7528 \u90e8\u7f72 velero \u63d2\u4ef6\u3002
"},{"location":"end-user/kpanda/backup/install-velero.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u5b89\u88c5 velero \u63d2\u4ef6\u524d\uff0c\u9700\u8981\u6ee1\u8db3\u4ee5\u4e0b\u524d\u63d0\u6761\u4ef6\uff1a
\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u5df2\u63a5\u5165 Kubernetes \u96c6\u7fa4\u6216\u8005\u5df2\u521b\u5efa Kubernetes \u96c6\u7fa4\uff0c\u4e14\u80fd\u591f\u8bbf\u95ee\u96c6\u7fa4\u7684 UI \u754c\u9762\u3002
\u521b\u5efa velero \u547d\u540d\u7a7a\u95f4\u3002
\u5f53\u524d\u64cd\u4f5c\u7528\u6237\u5e94\u5177\u6709 NS Editor \u6216\u66f4\u9ad8\u6743\u9650\uff0c\u8be6\u60c5\u53ef\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u6388\u6743\u3002
\u8bf7\u6267\u884c\u5982\u4e0b\u6b65\u9aa4\u4e3a\u96c6\u7fa4\u5b89\u88c5 velero \u63d2\u4ef6\u3002
\u5728\u96c6\u7fa4\u5217\u8868\u9875\u9762\u627e\u5230\u9700\u8981\u5b89\u88c5 velero \u63d2\u4ef6\u7684\u76ee\u6807\u96c6\u7fa4\uff0c\u70b9\u51fb\u96c6\u7fa4\u540d\u79f0\uff0c\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u4f9d\u6b21\u70b9\u51fb Helm \u5e94\u7528 -> Helm \u6a21\u677f \uff0c\u5728\u641c\u7d22\u680f\u8f93\u5165 velero \u8fdb\u884c\u641c\u7d22\u3002
\u9605\u8bfb velero \u63d2\u4ef6\u76f8\u5173\u4ecb\u7ecd\uff0c\u9009\u62e9\u7248\u672c\u540e\u70b9\u51fb \u5b89\u88c5 \u6309\u94ae\u3002\u672c\u6587\u5c06\u4ee5 4.0.2 \u7248\u672c\u4e3a\u4f8b\u8fdb\u884c\u5b89\u88c5\uff0c\u63a8\u8350\u5b89\u88c5 4.0.2 \u6216\u66f4\u9ad8\u7248\u672c\u3002
\u586b\u5199\u548c\u914d\u7f6e\u53c2\u6570\u540e\u70b9\u51fb \u4e0b\u4e00\u6b65
\u57fa\u672c\u53c2\u6570\u53c2\u6570\u914d\u7f6eNote
\u5f00\u542f \u5c31\u7eea\u7b49\u5f85 \u548c/\u6216 \u5931\u8d25\u5220\u9664 \u540e\uff0c\u5e94\u7528\u9700\u8981\u7ecf\u8fc7\u8f83\u957f\u65f6\u95f4\u624d\u4f1a\u88ab\u6807\u8bb0\u4e3a \u8fd0\u884c\u4e2d \u72b6\u6001\u3002
S3 Credentials\uff1a
SecretContents.aws_secret_access_key = \uff1a\u914d\u7f6e\u8bbf\u95ee\u5bf9\u8c61\u5b58\u50a8\u7684\u5bc6\u7801\uff0c\u66ff\u6362 \u4e3a\u771f\u5b9e\u53c2\u6570\u3002
config \"SecretContents \u6837\u4f8b\" [default] aws_access_key_id = minio aws_secret_access_key = minio123
Velero Configuration\uff1a
Note
\u8bf7\u786e\u4fdd s3 \u5b58\u50a8\u670d\u52a1\u65f6\u95f4\u8ddf\u5907\u4efd\u8fd8\u539f\u96c6\u7fa4\u65f6\u95f4\u5dee\u572810\u5206\u949f\u4ee5\u5185\uff0c\u6700\u597d\u662f\u65f6\u95f4\u4fdd\u6301\u540c\u6b65\uff0c\u5426\u5219\u5c06\u65e0\u6cd5\u6267\u884c\u5907\u4efd\u64cd\u4f5c\u3002
migration plugin configuration\uff1a\u542f\u7528\u4e4b\u540e\uff0c\u5c06\u5728\u4e0b\u4e00\u6b65\u7684 YAML \u4ee3\u7801\u6bb5\u4e2d\u65b0\u589e\uff1a
...\ninitContainers:\n - image: 'release.daocloud.io/kcoral/velero-plugin-for-migration:v0.3.0'\n imagePullPolicy: IfNotPresent\n name: velero-plugin-for-migration\n volumeMounts:\n - mountPath: /target\n name: plugins\n - image: 'docker.m.daocloud.io/velero/velero-plugin-for-csi:v0.7.0'\n imagePullPolicy: IfNotPresent\n name: velero-plugin-for-csi\n volumeMounts:\n - mountPath: /target\n name: plugins\n - image: 'docker.m.daocloud.io/velero/velero-plugin-for-aws:v1.9.0'\n imagePullPolicy: IfNotPresent\n name: velero-plugin-for-aws\n volumeMounts:\n - mountPath: /target\n name: plugins\n...\n
\u786e\u8ba4 YAML \u65e0\u8bef\u540e\u70b9\u51fb \u786e\u5b9a \uff0c\u5b8c\u6210 velero \u63d2\u4ef6\u7684\u5b89\u88c5\u3002 \u4e4b\u540e\u7cfb\u7edf\u5c06\u81ea\u52a8\u8df3\u8f6c\u81f3 Helm \u5e94\u7528 \u5217\u8868\u9875\u9762\uff0c\u7a0d\u7b49\u51e0\u5206\u949f\u540e\uff0c\u4e3a\u9875\u9762\u6267\u884c\u5237\u65b0\u64cd\u4f5c\uff0c\u5373\u53ef\u770b\u5230\u521a\u521a\u5b89\u88c5\u7684\u5e94\u7528\u3002
\u76ee\u524d\uff0c\u8bb8\u591a\u4e1a\u52a1\u5b58\u5728\u5cf0\u503c\u548c\u4f4e\u8c37\u7684\u73b0\u8c61\u3002\u4e3a\u4e86\u786e\u4fdd\u670d\u52a1\u7684\u6027\u80fd\u548c\u7a33\u5b9a\u6027\uff0c\u5728\u90e8\u7f72\u670d\u52a1\u65f6\uff0c\u901a\u5e38\u4f1a\u6839\u636e\u5cf0\u503c\u9700\u6c42\u6765\u7533\u8bf7\u8d44\u6e90\u3002 \u7136\u800c\uff0c\u5cf0\u503c\u671f\u53ef\u80fd\u975e\u5e38\u77ed\u6682\uff0c\u5bfc\u81f4\u5728\u975e\u5cf0\u503c\u671f\u65f6\u8d44\u6e90\u88ab\u6d6a\u8d39\u3002 \u96c6\u7fa4\u8d44\u6e90\u8d85\u5356 \u5c31\u662f\u5c06\u8fd9\u4e9b\u7533\u8bf7\u4e86\u800c\u672a\u4f7f\u7528\u7684\u8d44\u6e90\uff08\u5373\u7533\u8bf7\u91cf\u4e0e\u4f7f\u7528\u91cf\u7684\u5dee\u503c\uff09\u5229\u7528\u8d77\u6765\uff0c\u4ece\u800c\u63d0\u5347\u96c6\u7fa4\u8d44\u6e90\u5229\u7528\u7387\uff0c\u51cf\u5c11\u8d44\u6e90\u6d6a\u8d39\u3002
\u672c\u6587\u4e3b\u8981\u4ecb\u7ecd\u5982\u4f55\u4f7f\u7528\u96c6\u7fa4\u52a8\u6001\u8d44\u6e90\u8d85\u5356\u529f\u80fd\u3002
"},{"location":"end-user/kpanda/clusterops/cluster-oversold.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u4e0a\u7684 \u96c6\u7fa4\u5217\u8868 \uff0c\u7136\u540e\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u9875\u9762
\u5728\u96c6\u7fa4\u8be6\u60c5\u9875\u9762\uff0c\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u7684 \u96c6\u7fa4\u8fd0\u7ef4 -> \u96c6\u7fa4\u8bbe\u7f6e \uff0c\u7136\u540e\u9009\u62e9 \u9ad8\u7ea7\u914d\u7f6e \u9875\u7b7e
\u6253\u5f00\u96c6\u7fa4\u8d85\u5356\uff0c\u8bbe\u7f6e\u8d85\u5356\u6bd4
Note
\u9700\u8981\u5728\u96c6\u7fa4\u4e0b\u5bf9\u5e94\u7684 namespace \u6253\u4e0a\u5982\u4e0b\u6807\u7b7e\uff0c\u96c6\u7fa4\u8d85\u5356\u7b56\u7565\u624d\u80fd\u751f\u6548\u3002
clusterresourceoverrides.admission.autoscaling.openshift.io/enabled: \"true\"\n
\u8bbe\u7f6e\u597d\u96c6\u7fa4\u52a8\u6001\u8d44\u6e90\u8d85\u5356\u6bd4\u540e\uff0c\u4f1a\u5728\u5de5\u4f5c\u8d1f\u8f7d\u8fd0\u884c\u65f6\u751f\u6548\u3002\u4e0b\u6587\u4ee5 niginx \u4e3a\u4f8b\uff0c\u9a8c\u8bc1\u4f7f\u7528\u8d44\u6e90\u8d85\u5356\u80fd\u529b\u3002
\u521b\u5efa\u5de5\u4f5c\u8d1f\u8f7d nginx \u5e76\u8bbe\u7f6e\u5bf9\u5e94\u7684\u8d44\u6e90\u9650\u5236\u503c\uff0c\u521b\u5efa\u6d41\u7a0b\u53c2\u8003\u521b\u5efa\u65e0\u72b6\u6001\u8d1f\u8f7d\uff08Deployment\uff09
\u67e5\u770b\u5de5\u4f5c\u8d1f\u8f7d\u7684 Pod \u8d44\u6e90\u7533\u8bf7\u503c\u4e0e\u9650\u5236\u503c\u7684\u6bd4\u503c\u662f\u5426\u7b26\u5408\u8d85\u552e\u6bd4
\u96c6\u7fa4\u8bbe\u7f6e\u7528\u4e8e\u4e3a\u60a8\u7684\u96c6\u7fa4\u81ea\u5b9a\u4e49\u9ad8\u7ea7\u7279\u6027\u8bbe\u7f6e\uff0c\u5305\u62ec\u662f\u5426\u542f\u7528 GPU\u3001Helm \u4ed3\u5e93\u5237\u65b0\u5468\u671f\u3001Helm \u64cd\u4f5c\u8bb0\u5f55\u4fdd\u7559\u7b49\u3002
\u542f\u7528 GPU\uff1a\u9700\u8981\u9884\u5148\u5728\u96c6\u7fa4\u4e0a\u5b89\u88c5 GPU \u5361\u53ca\u5bf9\u5e94\u9a71\u52a8\u63d2\u4ef6\u3002
\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u6700\u8fd1\u64cd\u4f5c -> \u96c6\u7fa4\u8bbe\u7f6e -> Addon \u63d2\u4ef6 \u3002
Helm \u64cd\u4f5c\u57fa\u7840\u955c\u50cf\u3001\u4ed3\u5e93\u5237\u65b0\u5468\u671f\u3001\u64cd\u4f5c\u8bb0\u5f55\u4fdd\u7559\u6761\u6570\u3001\u662f\u5426\u5f00\u542f\u96c6\u7fa4\u5220\u9664\u4fdd\u62a4\uff08\u5f00\u542f\u540e\u96c6\u7fa4\u5c06\u4e0d\u80fd\u76f4\u63a5\u5378\u8f7d\uff09
\u5728\u8be5\u9875\u9762\u53ef\u4ee5\u67e5\u770b\u6700\u8fd1\u7684\u96c6\u7fa4\u64cd\u4f5c\u8bb0\u5f55\u548c Helm \u64cd\u4f5c\u8bb0\u5f55\uff0c\u4ee5\u53ca\u5404\u9879\u64cd\u4f5c\u7684 YAML \u6587\u4ef6\u548c\u65e5\u5fd7\uff0c\u4e5f\u53ef\u4ee5\u5220\u9664\u67d0\u4e00\u6761\u8bb0\u5f55\u3002
\u8bbe\u7f6e Helm \u64cd\u4f5c\u7684\u4fdd\u7559\u6761\u6570\uff1a
\u7cfb\u7edf\u9ed8\u8ba4\u4fdd\u7559\u6700\u8fd1 100 \u6761 Helm \u64cd\u4f5c\u8bb0\u5f55\u3002\u82e5\u4fdd\u7559\u6761\u6570\u592a\u591a\uff0c\u53ef\u80fd\u4f1a\u9020\u6210\u6570\u636e\u5197\u4f59\uff0c\u4fdd\u7559\u6761\u6570\u592a\u5c11\u53ef\u80fd\u4f1a\u9020\u6210\u60a8\u6240\u9700\u8981\u7684\u5173\u952e\u64cd\u4f5c\u8bb0\u5f55\u7684\u7f3a\u5931\u3002\u9700\u8981\u6839\u636e\u5b9e\u9645\u60c5\u51b5\u8bbe\u7f6e\u5408\u7406\u7684\u4fdd\u7559\u6570\u91cf\u3002\u5177\u4f53\u6b65\u9aa4\u5982\u4e0b\uff1a
\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u6700\u8fd1\u64cd\u4f5c -> Helm \u64cd\u4f5c -> \u8bbe\u7f6e\u4fdd\u7559\u6761\u6570 \u3002
\u8bbe\u7f6e\u9700\u8981\u4fdd\u7559\u591a\u5c11\u6761 Helm \u64cd\u4f5c\u8bb0\u5f55\uff0c\u5e76\u70b9\u51fb \u786e\u5b9a \u3002
\u4f7f\u7528\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u5bb9\u5668\u7ba1\u7406\u5e73\u53f0\u63a5\u5165\u6216\u521b\u5efa\u7684\u96c6\u7fa4\uff0c\u4e0d\u4ec5\u53ef\u4ee5\u901a\u8fc7 UI \u754c\u9762\u76f4\u63a5\u8bbf\u95ee\uff0c\u4e5f\u53ef\u4ee5\u901a\u8fc7\u5176\u4ed6\u4e24\u79cd\u65b9\u5f0f\u8fdb\u884c\u8bbf\u95ee\u63a7\u5236\uff1a
Note
\u8bbf\u95ee\u96c6\u7fa4\u65f6\uff0c\u7528\u6237\u5e94\u5177\u6709 Cluster Admin \u6743\u9650\u6216\u66f4\u9ad8\u6743\u9650\u3002
"},{"location":"end-user/kpanda/clusters/access-cluster.html#cloudshell","title":"\u901a\u8fc7 CloudShell \u8bbf\u95ee","text":"\u5728 \u96c6\u7fa4\u5217\u8868 \u9875\u9009\u62e9\u9700\u8981\u901a\u8fc7 CloudShell \u8bbf\u95ee\u7684\u96c6\u7fa4\uff0c\u70b9\u51fb\u53f3\u4fa7\u7684 \u2507 \u64cd\u4f5c\u56fe\u6807\u5e76\u5728\u4e0b\u62c9\u5217\u8868\u4e2d\u70b9\u51fb \u63a7\u5236\u53f0 \u3002
\u5728 CloudShell \u63a7\u5236\u53f0\u6267\u884c kubectl get node \u547d\u4ee4\uff0c\u9a8c\u8bc1 CloudShell \u4e0e\u96c6\u7fa4\u7684\u8fde\u901a\u6027\u3002\u5982\u56fe\uff0c\u63a7\u5236\u53f0\u5c06\u8fd4\u56de\u96c6\u7fa4\u4e0b\u7684\u8282\u70b9\u4fe1\u606f\u3002
\u73b0\u5728\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7 CloudShell \u6765\u8bbf\u95ee\u5e76\u7ba1\u7406\u8be5\u96c6\u7fa4\u4e86\u3002
"},{"location":"end-user/kpanda/clusters/access-cluster.html#kubectl","title":"\u901a\u8fc7 kubectl \u8bbf\u95ee","text":"\u901a\u8fc7\u672c\u5730\u8282\u70b9\u8bbf\u95ee\u5e76\u7ba1\u7406\u4e91\u7aef\u96c6\u7fa4\u65f6\uff0c\u9700\u8981\u6ee1\u8db3\u4ee5\u4e0b\u6761\u4ef6\uff1a
\u6ee1\u8db3\u4e0a\u8ff0\u6761\u4ef6\u540e\uff0c\u6309\u7167\u4e0b\u65b9\u6b65\u9aa4\u4ece\u672c\u5730\u8bbf\u95ee\u4e91\u7aef\u96c6\u7fa4\uff1a
\u5728 \u96c6\u7fa4\u5217\u8868 \u9875\u9009\u62e9\u9700\u8981\u4e0b\u8f7d\u8bc1\u4e66\u7684\u96c6\u7fa4\uff0c\u70b9\u51fb\u53f3\u4fa7\u7684 \u2507 \uff0c\u5e76\u5728\u5f39\u51fa\u83dc\u5355\u4e2d\u70b9\u51fb \u8bc1\u4e66\u83b7\u53d6 \u3002
\u9009\u62e9\u8bc1\u4e66\u6709\u6548\u671f\u5e76\u70b9\u51fb \u4e0b\u8f7d\u8bc1\u4e66 \u3002
\u6253\u5f00\u4e0b\u8f7d\u597d\u7684\u96c6\u7fa4\u8bc1\u4e66\uff0c\u5c06\u8bc1\u4e66\u5185\u5bb9\u590d\u5236\u81f3\u672c\u5730\u8282\u70b9\u7684 config \u6587\u4ef6\u3002
kubectl \u5de5\u5177\u9ed8\u8ba4\u4f1a\u4ece\u672c\u5730\u8282\u70b9\u7684 $HOME/.kube \u76ee\u5f55\u4e0b\u67e5\u627e\u540d\u4e3a config \u7684\u6587\u4ef6\u3002\u8be5\u6587\u4ef6\u5b58\u50a8\u4e86\u76f8\u5173\u96c6\u7fa4\u7684\u8bbf\u95ee\u51ed\u8bc1\uff0ckubectl \u53ef\u4ee5\u51ed\u8be5\u914d\u7f6e\u6587\u4ef6\u8fde\u63a5\u81f3\u96c6\u7fa4\u3002
\u5728\u672c\u5730\u8282\u70b9\u4e0a\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u9a8c\u8bc1\u96c6\u7fa4\u7684\u8fde\u901a\u6027\uff1a
kubectl get pod -n default\n
\u9884\u671f\u7684\u8f93\u51fa\u7c7b\u4f3c\u4e8e:
NAME READY STATUS RESTARTS AGE\ndao-2048-2048-58c7f7fc5-mq7h4 1/1 Running 0 30h\n
\u73b0\u5728\u60a8\u53ef\u4ee5\u5728\u672c\u5730\u901a\u8fc7 kubectl \u8bbf\u95ee\u5e76\u7ba1\u7406\u8be5\u96c6\u7fa4\u4e86\u3002
"},{"location":"end-user/kpanda/clusters/cluster-role.html","title":"\u96c6\u7fa4\u89d2\u8272","text":"\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u57fa\u4e8e\u96c6\u7fa4\u7684\u4e0d\u540c\u529f\u80fd\u5b9a\u4f4d\u5bf9\u96c6\u7fa4\u8fdb\u884c\u4e86\u89d2\u8272\u5206\u7c7b\uff0c\u5e2e\u52a9\u7528\u6237\u66f4\u597d\u5730\u7ba1\u7406 IT \u57fa\u7840\u8bbe\u65bd\u3002
"},{"location":"end-user/kpanda/clusters/cluster-role.html#_2","title":"\u5168\u5c40\u670d\u52a1\u96c6\u7fa4","text":"\u6b64\u96c6\u7fa4\u7528\u4e8e\u8fd0\u884c\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u7ec4\u4ef6\uff0c\u4f8b\u5982\u5bb9\u5668\u7ba1\u7406\u3001\u5168\u5c40\u7ba1\u7406\u3001\u53ef\u89c2\u6d4b\u6027\u3001\u955c\u50cf\u4ed3\u5e93\u7b49\u3002 \u4e00\u822c\u4e0d\u627f\u8f7d\u4e1a\u52a1\u8d1f\u8f7d\u3002
\u652f\u6301\u7684\u529f\u80fd \u63cf\u8ff0 K8s \u7248\u672c 1.22+ \u64cd\u4f5c\u7cfb\u7edf RedHat 7.6 x86/ARM, RedHat 7.9 x86, RedHat 8.4 x86/ARM, RedHat 8.6 x86\uff1bUbuntu 18.04 x86, Ubuntu 20.04 x86\uff1bCentOS 7.6 x86/AMD, CentOS 7.9 x86/AMD \u96c6\u7fa4\u5168\u751f\u547d\u5468\u671f\u7ba1\u7406 \u652f\u6301 K8s \u8d44\u6e90\u7ba1\u7406 \u652f\u6301 \u4e91\u539f\u751f\u5b58\u50a8 \u652f\u6301 \u4e91\u539f\u751f\u7f51\u7edc Calico\u3001Cillium\u3001Multus \u548c\u5176\u5b83 CNI \u7b56\u7565\u7ba1\u7406 \u652f\u6301\u7f51\u7edc\u7b56\u7565\u3001\u914d\u989d\u7b56\u7565\u3001\u8d44\u6e90\u9650\u5236\u3001\u707e\u5907\u7b56\u7565\u3001\u5b89\u5168\u7b56\u7565"},{"location":"end-user/kpanda/clusters/cluster-role.html#_3","title":"\u7ba1\u7406\u96c6\u7fa4","text":"\u6b64\u96c6\u7fa4\u7528\u4e8e\u7ba1\u7406\u5de5\u4f5c\u96c6\u7fa4\uff0c\u4e00\u822c\u4e0d\u627f\u8f7d\u4e1a\u52a1\u8d1f\u8f7d\u3002
\u8fd9\u662f\u4f7f\u7528\u5bb9\u5668\u7ba1\u7406\u521b\u5efa\u7684\u96c6\u7fa4\uff0c\u4e3b\u8981\u7528\u4e8e\u627f\u8f7d\u4e1a\u52a1\u8d1f\u8f7d\u3002\u8be5\u96c6\u7fa4\u7531\u7ba1\u7406\u96c6\u7fa4\u8fdb\u884c\u7ba1\u7406\u3002
\u652f\u6301\u7684\u529f\u80fd \u63cf\u8ff0 K8s \u7248\u672c \u652f\u6301 K8s 1.22 \u53ca\u4ee5\u4e0a\u7248\u672c \u64cd\u4f5c\u7cfb\u7edf RedHat 7.6 x86/ARM, RedHat 7.9 x86, RedHat 8.4 x86/ARM, RedHat 8.6 x86\uff1bUbuntu 18.04 x86, Ubuntu 20.04 x86\uff1bCentOS 7.6 x86/AMD, CentOS 7.9 x86/AMD \u96c6\u7fa4\u5168\u751f\u547d\u5468\u671f\u7ba1\u7406 \u652f\u6301 K8s \u8d44\u6e90\u7ba1\u7406 \u652f\u6301 \u4e91\u539f\u751f\u5b58\u50a8 \u652f\u6301 \u4e91\u539f\u751f\u7f51\u7edc Calico\u3001Cillium\u3001Multus \u548c\u5176\u5b83 CNI \u7b56\u7565\u7ba1\u7406 \u652f\u6301\u7f51\u7edc\u7b56\u7565\u3001\u914d\u989d\u7b56\u7565\u3001\u8d44\u6e90\u9650\u5236\u3001\u707e\u5907\u7b56\u7565\u3001\u5b89\u5168\u7b56\u7565"},{"location":"end-user/kpanda/clusters/cluster-role.html#_5","title":"\u63a5\u5165\u96c6\u7fa4","text":"\u6b64\u96c6\u7fa4\u7528\u4e8e\u63a5\u5165\u5df2\u6709\u7684\u6807\u51c6 K8s \u96c6\u7fa4\uff0c\u5305\u62ec\u4f46\u4e0d\u9650\u4e8e\u672c\u5730\u6570\u636e\u4e2d\u5fc3\u81ea\u5efa\u96c6\u7fa4\u3001\u516c\u6709\u4e91\u5382\u5546\u63d0\u4f9b\u7684\u96c6\u7fa4\u3001\u79c1\u6709\u4e91\u5382\u5546\u63d0\u4f9b\u7684\u96c6\u7fa4\u3001\u8fb9\u7f18\u96c6\u7fa4\u3001\u4fe1\u521b\u96c6\u7fa4\u3001\u5f02\u6784\u96c6\u7fa4\u3002\u4e3b\u8981\u7528\u4e8e\u627f\u62c5\u4e1a\u52a1\u8d1f\u8f7d\u3002
\u652f\u6301\u7684\u529f\u80fd \u63cf\u8ff0 K8s \u7248\u672c 1.18+ \u652f\u6301\u53cb\u5546 Vmware Tanzu\u3001Amazon EKS\u3001Redhat Openshift\u3001SUSE Rancher\u3001\u963f\u91cc ACK\u3001\u534e\u4e3a CCE\u3001\u817e\u8baf TKE\u3001\u6807\u51c6 K8s \u96c6\u7fa4\u3001\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0 \u96c6\u7fa4\u5168\u751f\u547d\u5468\u671f\u7ba1\u7406 \u4e0d\u652f\u6301 K8s \u8d44\u6e90\u7ba1\u7406 \u652f\u6301 \u4e91\u539f\u751f\u5b58\u50a8 \u652f\u6301 \u4e91\u539f\u751f\u7f51\u7edc \u4f9d\u8d56\u4e8e\u63a5\u5165\u96c6\u7fa4\u53d1\u884c\u7248\u7f51\u7edc\u6a21\u5f0f \u7b56\u7565\u7ba1\u7406 \u652f\u6301\u7f51\u7edc\u7b56\u7565\u3001\u914d\u989d\u7b56\u7565\u3001\u8d44\u6e90\u9650\u5236\u3001\u707e\u5907\u7b56\u7565\u3001\u5b89\u5168\u7b56\u7565Note
\u4e00\u4e2a\u96c6\u7fa4\u53ef\u4ee5\u6709\u591a\u4e2a\u96c6\u7fa4\u89d2\u8272\uff0c\u4f8b\u5982\u4e00\u4e2a\u96c6\u7fa4\u65e2\u53ef\u4ee5\u662f\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\uff0c\u4e5f\u53ef\u4ee5\u662f\u7ba1\u7406\u96c6\u7fa4\u6216\u5de5\u4f5c\u96c6\u7fa4\u3002
"},{"location":"end-user/kpanda/clusters/cluster-scheduler-plugin.html","title":"\u5982\u4f55\u5728\u96c6\u7fa4\u4e2d\u90e8\u7f72\u7b2c\u4e8c\u8c03\u5ea6\u5668 scheduler-plugins","text":"\u672c\u6587\u4ecb\u7ecd\u5982\u4f55\u5728\u96c6\u7fa4\u4e2d\u90e8\u7f72\u7b2c\u4e8c\u4e2a\u8c03\u5ea6\u5668 scheduler-plugins\u3002
"},{"location":"end-user/kpanda/clusters/cluster-scheduler-plugin.html#scheduler-plugins_1","title":"\u4e3a\u4ec0\u4e48\u9700\u8981 scheduler-plugins\uff1f","text":"\u901a\u8fc7\u5e73\u53f0\u521b\u5efa\u7684\u96c6\u7fa4\u4e2d\u4f1a\u5b89\u88c5 K8s \u539f\u751f\u7684\u8c03\u5ea6\u5668\uff0c\u4f46\u662f\u539f\u751f\u7684\u8c03\u5ea6\u5668\u5b58\u5728\u5f88\u591a\u7684\u5c40\u9650\u6027\uff1a
\u672c\u6587\u4ee5\u4f7f\u7528 vgpu \u8c03\u5ea6\u5668\u7684\u540c\u65f6\uff0c\u60f3\u7ed3\u5408 scheduler-plugins \u7684 coscheduling \u63d2\u4ef6\u80fd\u529b\u7684\u573a\u666f\u4e3a\u793a\u4f8b\uff0c\u4ecb\u7ecd\u5982\u4f55\u5b89\u88c5\u5e76\u4f7f\u7528 scheduler-plugins\u3002
"},{"location":"end-user/kpanda/clusters/cluster-scheduler-plugin.html#scheduler-plugins_2","title":"\u5b89\u88c5 scheduler-plugins","text":""},{"location":"end-user/kpanda/clusters/cluster-scheduler-plugin.html#_1","title":"\u524d\u7f6e\u6761\u4ef6","text":"\u5728 \u521b\u5efa\u96c6\u7fa4 -> \u9ad8\u7ea7\u914d\u7f6e -> \u81ea\u5b9a\u4e49\u53c2\u6570 \u4e2d\u6dfb\u52a0 scheduler-plugins \u53c2\u6570
scheduler_plugins_enabled:true\nscheduler_plugins_plugin_config:\n - name: Coscheduling\n args:\n permitWaitingTimeSeconds: 10 # default is 60\n
\u53c2\u6570\u8bf4\u660e\uff1a
scheduler_plugins_enabled
\u8bbe\u7f6e\u4e3a true \u65f6\uff0c\u5f00\u542f scheduler-plugins \u63d2\u4ef6\u80fd\u529b\u3002scheduler_plugins_enabled_plugins
\u6216 scheduler_plugins_disabled_plugins
\u9009\u9879\u6765\u542f\u7528\u6216\u7981\u7528\u67d0\u4e9b\u63d2\u4ef6\u3002 \u53c2\u9605 K8s \u5b98\u65b9\u63d2\u4ef6\u540d\u79f0\u3002\u96c6\u7fa4\u521b\u5efa\u6210\u529f\u540e\u7cfb\u7edf\u4f1a\u81ea\u52a8\u5b89\u88c5 scheduler-plugins \u548c controller \u7ec4\u4ef6\u8d1f\u8f7d\uff0c\u53ef\u4ee5\u5728\u5bf9\u5e94\u96c6\u7fa4\u7684\u65e0\u72b6\u6001\u8d1f\u8f7d\u4e2d\u67e5\u770b\u8d1f\u8f7d\u72b6\u6001\u3002
\u4ee5\u4e0b\u4ee5\u4f7f\u7528 vgpu \u8c03\u5ea6\u5668\u7684\u540c\u65f6\uff0c\u60f3\u7ed3\u5408 scheduler-plugins \u7684 coscheduling \u63d2\u4ef6\u80fd\u529b\u573a\u666f\u4e3a\u793a\u4f8b\uff0c\u4ecb\u7ecd\u5982\u4f55\u4f7f\u7528 scheduler-plugins\u3002
\u5728 Helm \u6a21\u677f\u4e2d\u5b89\u88c5 vgpu\uff0c\u8bbe\u7f6e values.yaml \u53c2\u6570\u3002
schedulerName: scheduler-plugins-scheduler
\uff0c\u8fd9\u662f kubean \u9ed8\u8ba4\u5b89\u88c5\u7684 scheduler-plugins \u7684 scheduler \u540d\u79f0\uff0c\u76ee\u524d\u4e0d\u80fd\u4fee\u6539\u3002scheduler.kubeScheduler.enabled: false
\uff0c\u4e0d\u5b89\u88c5 kube-scheduler\uff0c\u5c06 vgpu-scheduler \u4f5c\u4e3a\u5355\u72ec\u7684 extender\u3002\u5728 scheduler-plugins \u4e0a\u6269\u5c55 vgpu-scheduler\u3002
[root@master01 charts]# kubectl get cm -n scheduler-plugins scheduler-config -ojsonpath=\"{.data.scheduler-config\\.yaml}\"\n
apiVersion: kubescheduler.config.k8s.io/v1\nkind: KubeSchedulerConfiguration\nleaderElection:\n leaderElect: false\nprofiles:\n # Compose all plugins in one profile\n - schedulerName: scheduler-plugins-scheduler\n plugins:\n multiPoint:\n enabled:\n - name: Coscheduling\n - name: CapacityScheduling\n - name: NodeResourceTopologyMatch\n - name: NodeResourcesAllocatable\n disabled:\n - name: PrioritySort\npluginConfig:\n - args:\n permitWaitingTimeSeconds: 10\n name: Coscheduling\n
\u4fee\u6539 scheduler-plugins \u7684 scheduler-config \u7684 configmap \u53c2\u6570\uff0c\u5982\u4e0b\uff1a
[root@master01 charts]# kubectl get cm -n scheduler-plugins scheduler-config -ojsonpath=\"{.data.scheduler-config\\.yaml}\"\n
apiVersion: kubescheduler.config.k8s.io/v1\nkind: KubeSchedulerConfiguration\nleaderElection:\n leaderElect: false\nprofiles:\n # Compose all plugins in one profile\n - schedulerName: scheduler-plugins-scheduler\n plugins:\n multiPoint:\n enabled:\n - name: Coscheduling\n - name: CapacityScheduling\n - name: NodeResourceTopologyMatch\n - name: NodeResourcesAllocatable\n disabled:\n - name: PrioritySort\npluginConfig:\n - args:\n permitWaitingTimeSeconds: 10\n name: Coscheduling\nextenders:\n - urlPrefix: \"${urlPrefix}\"\n filterVerb: filter\n bindVerb: bind\n nodeCacheCapable: true\n ignorable: true\n httpTimeout: 30s\n weight: 1\n enableHTTPS: true\n tlsConfig:\n insecure: true\n managedResources:\n - name: nvidia.com/vgpu\n ignoredByScheduler: true\n - name: nvidia.com/gpumem\n ignoredByScheduler: true\n - name: nvidia.com/gpucores\n ignoredByScheduler: true\n - name: nvidia.com/gpumem-percentage\n ignoredByScheduler: true\n - name: nvidia.com/priority\n ignoredByScheduler: true\n - name: cambricon.com/mlunum\n ignoredByScheduler: true\n
\u5b89\u88c5\u5b8c vgpu-scheduler \u540e\uff0c\u7cfb\u7edf\u4f1a\u81ea\u52a8\u521b\u5efa svc\uff0curlPrefix \u6307\u5b9a svc \u7684 URL\u3002
Note
svc \u6307 pod \u670d\u52a1\u8d1f\u8f7d\uff0c\u60a8\u53ef\u4ee5\u5230\u5b89\u88c5\u4e86 nvidia-vgpu \u63d2\u4ef6\u7684\u547d\u540d\u7a7a\u95f4\u4e0b\u901a\u8fc7\u4ee5\u4e0b\u547d\u4ee4\u62ff\u5230 443 \u7aef\u53e3\u5bf9\u5e94\u7684\u5916\u90e8\u8bbf\u95ee\u4fe1\u606f\u3002
kubectl get svc -n ${namespace} \n
urlprifix \u683c\u5f0f\u4e3a https://${ip \u5730\u5740}:${\u7aef\u53e3}
\u5c06 scheduler-plugins \u7684 scheduler Pod \u91cd\u542f\uff0c\u52a0\u8f7d\u65b0\u7684\u914d\u7f6e\u6587\u4ef6\u3002
Note
\u5728\u521b\u5efa vgpu \u5e94\u7528\u65f6\u4e0d\u9700\u8981\u6307\u5b9a\u8c03\u5ea6\u5668\u540d\u79f0\uff0cvgpu-scheduler \u7684 Webhook \u4f1a\u81ea\u52a8\u5c06 Scheduler \u7684\u540d\u79f0\u4fee\u6539\u4e3a scheduler-plugins-scheduler\uff0c\u4e0d\u7528\u624b\u52a8\u6307\u5b9a\u3002
\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u652f\u6301\u7eb3\u7ba1\u4e24\u79cd\u7c7b\u578b\u7684\u96c6\u7fa4\uff1a\u63a5\u5165\u96c6\u7fa4\u548c\u81ea\u5efa\u96c6\u7fa4\u3002 \u5173\u4e8e\u96c6\u7fa4\u7eb3\u7ba1\u7c7b\u578b\u7684\u66f4\u591a\u4fe1\u606f\uff0c\u8bf7\u53c2\u89c1\u96c6\u7fa4\u89d2\u8272\u3002
\u8fd9\u4e24\u79cd\u96c6\u7fa4\u7684\u72b6\u6001\u5982\u4e0b\u6240\u8ff0\u3002
"},{"location":"end-user/kpanda/clusters/cluster-status.html#_2","title":"\u63a5\u5165\u96c6\u7fa4","text":"\u72b6\u6001 \u63cf\u8ff0 \u63a5\u5165\u4e2d\uff08Joining\uff09 \u96c6\u7fa4\u6b63\u5728\u63a5\u5165 \u89e3\u9664\u63a5\u5165\u4e2d\uff08Removing\uff09 \u96c6\u7fa4\u6b63\u5728\u89e3\u9664\u63a5\u5165 \u8fd0\u884c\u4e2d\uff08Running\uff09 \u96c6\u7fa4\u6b63\u5e38\u8fd0\u884c \u672a\u77e5\uff08Unknown\uff09 \u96c6\u7fa4\u5df2\u5931\u8054\uff0c\u7cfb\u7edf\u5c55\u793a\u6570\u636e\u4e3a\u5931\u8054\u524d\u7f13\u5b58\u6570\u636e\uff0c\u4e0d\u4ee3\u8868\u771f\u5b9e\u6570\u636e\uff0c\u540c\u65f6\u5931\u8054\u72b6\u6001\u4e0b\u6267\u884c\u7684\u4efb\u4f55\u64cd\u4f5c\u90fd\u5c06\u4e0d\u751f\u6548\uff0c\u8bf7\u68c0\u67e5\u96c6\u7fa4\u7f51\u7edc\u8fde\u901a\u6027\u6216\u4e3b\u673a\u72b6\u6001\u3002"},{"location":"end-user/kpanda/clusters/cluster-status.html#_3","title":"\u81ea\u5efa\u96c6\u7fa4","text":"\u72b6\u6001 \u63cf\u8ff0 \u521b\u5efa\u4e2d\uff08Creating\uff09 \u96c6\u7fa4\u6b63\u5728\u521b\u5efa \u66f4\u65b0\u4e2d\uff08Updating\uff09 \u66f4\u65b0\u96c6\u7fa4 Kubernetes \u7248\u672c \u5220\u9664\u4e2d\uff08Deleting\uff09 \u96c6\u7fa4\u6b63\u5728\u5220\u9664 \u8fd0\u884c\u4e2d\uff08Running\uff09 \u96c6\u7fa4\u6b63\u5e38\u8fd0\u884c \u672a\u77e5\uff08Unknown\uff09 \u96c6\u7fa4\u5df2\u5931\u8054\uff0c\u7cfb\u7edf\u5c55\u793a\u6570\u636e\u4e3a\u5931\u8054\u524d\u7f13\u5b58\u6570\u636e\uff0c\u4e0d\u4ee3\u8868\u771f\u5b9e\u6570\u636e\uff0c\u540c\u65f6\u5931\u8054\u72b6\u6001\u4e0b\u6267\u884c\u7684\u4efb\u4f55\u64cd\u4f5c\u90fd\u5c06\u4e0d\u751f\u6548\uff0c\u8bf7\u68c0\u67e5\u96c6\u7fa4\u7f51\u7edc\u8fde\u901a\u6027\u6216\u4e3b\u673a\u72b6\u6001\u3002 \u521b\u5efa\u5931\u8d25\uff08Failed\uff09 \u96c6\u7fa4\u521b\u5efa\u5931\u8d25\uff0c\u8bf7\u67e5\u770b\u65e5\u5fd7\u4ee5\u83b7\u53d6\u8be6\u7ec6\u5931\u8d25\u539f\u56e0"},{"location":"end-user/kpanda/clusters/cluster-version.html","title":"\u96c6\u7fa4\u7248\u672c\u652f\u6301\u8303\u56f4","text":"\u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4e2d\uff0c\u63a5\u5165\u578b\u96c6\u7fa4\u548c\u81ea\u5efa\u96c6\u7fa4\u91c7\u53d6\u4e0d\u540c\u7684\u7248\u672c\u652f\u6301\u673a\u5236\u3002
\u672c\u6587\u4e3b\u8981\u4ecb\u7ecd\u81ea\u5efa\u96c6\u7fa4\u7684\u7248\u672c\u652f\u6301\u673a\u5236\u3002
Kubernetes \u793e\u533a\u652f\u6301 3 \u4e2a\u7248\u672c\u8303\u56f4\uff0c\u5982 1.26\u30011.27\u30011.28\u3002\u5f53\u793e\u533a\u65b0\u7248\u672c\u53d1\u5e03\u4e4b\u540e\uff0c\u652f\u6301\u7684\u7248\u672c\u8303\u56f4\u5c06\u4f1a\u8fdb\u884c\u9012\u589e\u3002 \u5982\u793e\u533a\u6700\u65b0\u7684 1.29 \u7248\u672c\u5df2\u7ecf\u53d1\u5e03\uff0c\u6b64\u65f6\u793e\u533a\u652f\u6301\u7684\u7248\u672c\u8303\u56f4\u662f 1.27\u30011.28\u30011.29\u3002
\u4f8b\u5982\uff0c\u793e\u533a\u652f\u6301\u7684\u7248\u672c\u8303\u56f4\u662f 1.25\u30011.26\u30011.27\uff0c\u5219\u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4e2d\u4f7f\u7528\u754c\u9762\u521b\u5efa\u5de5\u4f5c\u96c6\u7fa4\u7684\u7248\u672c\u8303\u56f4\u662f 1.24\u30011.25\u30011.26\uff0c\u5e76\u4e14\u4f1a\u4e3a\u7528\u6237\u63a8\u8350\u4e00\u4e2a\u7a33\u5b9a\u7684\u7248\u672c\uff0c\u5982 1.24.7\u3002
\u9664\u6b64\u4e4b\u5916\uff0c\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4e2d\u4f7f\u7528\u754c\u9762\u521b\u5efa\u5de5\u4f5c\u96c6\u7fa4\u7684\u7248\u672c\u8303\u56f4\u4e0e\u793e\u533a\u4fdd\u6301\u9ad8\u5ea6\u540c\u6b65\uff0c\u5f53\u793e\u533a\u7248\u672c\u8fdb\u884c\u9012\u589e\u540e\uff0c\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4e2d\u4f7f\u7528\u754c\u9762\u521b\u5efa\u5de5\u4f5c\u96c6\u7fa4\u7684\u7248\u672c\u8303\u56f4\u4e5f\u4f1a\u540c\u6b65\u9012\u589e\u4e00\u4e2a\u7248\u672c\u3002
"},{"location":"end-user/kpanda/clusters/cluster-version.html#kubernetes","title":"Kubernetes \u7248\u672c\u652f\u6301\u8303\u56f4","text":"Kubernetes \u793e\u533a\u7248\u672c\u8303\u56f4 \u81ea\u5efa\u5de5\u4f5c\u96c6\u7fa4\u7248\u672c\u8303\u56f4 \u81ea\u5efa\u5de5\u4f5c\u96c6\u7fa4\u63a8\u8350\u7248\u672c \u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u5b89\u88c5\u5668 \u53d1\u5e03\u65f6\u95f4\u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u4e2d\uff0c\u96c6\u7fa4\u89d2\u8272\u5206\u56db\u7c7b\uff1a\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u3001\u7ba1\u7406\u96c6\u7fa4\u3001\u5de5\u4f5c\u96c6\u7fa4\u3001\u63a5\u5165\u96c6\u7fa4\u3002 \u5176\u4e2d\uff0c\u63a5\u5165\u96c6\u7fa4\u53ea\u80fd\u4ece\u7b2c\u4e09\u65b9\u5382\u5546\u63a5\u5165\uff0c\u53c2\u89c1\u63a5\u5165\u96c6\u7fa4\u3002
\u672c\u9875\u4ecb\u7ecd\u5982\u4f55\u521b\u5efa\u5de5\u4f5c\u96c6\u7fa4\uff0c\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u65b0\u5efa\u5de5\u4f5c\u96c6\u7fa4\u7684\u5de5\u4f5c\u8282\u70b9 OS \u7c7b\u578b\u548c CPU \u67b6\u6784\u9700\u8981\u4e0e\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4fdd\u6301\u4e00\u81f4\u3002 \u63a8\u8350\u4f7f\u7528\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u652f\u6301\u7684\u64cd\u4f5c\u7cfb\u7edf\u6765\u521b\u5efa\u96c6\u7fa4\u3002
"},{"location":"end-user/kpanda/clusters/create-cluster.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u521b\u5efa\u96c6\u7fa4\u4e4b\u524d\u9700\u8981\u6ee1\u8db3\u4e00\u5b9a\u7684\u524d\u63d0\u6761\u4ef6\uff1a
v1.28.0-v1.30.2
\u3002\u5982\u9700\u521b\u5efa\u4f4e\u7248\u672c\u7684\u96c6\u7fa4\uff0c\u8bf7\u53c2\u8003\u96c6\u7fa4\u7248\u672c\u652f\u6301\u8303\u56f4\u3002\u5728 \u96c6\u7fa4\u5217\u8868 \u9875\u9762\u4e2d\uff0c\u70b9\u51fb \u521b\u5efa\u96c6\u7fa4 \u6309\u94ae\u3002
\u53c2\u8003\u4e0b\u5217\u8981\u6c42\u586b\u5199\u96c6\u7fa4\u57fa\u672c\u4fe1\u606f\uff0c\u5e76\u70b9\u51fb \u4e0b\u4e00\u6b65 \u3002
\u586b\u5199\u8282\u70b9\u914d\u7f6e\u4fe1\u606f\uff0c\u5e76\u70b9\u51fb \u4e0b\u4e00\u6b65 \u3002
\u9ad8\u53ef\u7528\uff1a\u5f00\u542f\u540e\u9700\u8981\u63d0\u4f9b\u81f3\u5c11 3 \u4e2a\u63a7\u5236\u5668\u8282\u70b9\u3002\u5173\u95ed\u540e\uff0c\u53ea\u63d0\u4f9b 1 \u4e2a\u63a7\u5236\u5668\u8282\u70b9\u5373\u53ef\u3002
\u751f\u4ea7\u73af\u5883\u4e2d\u5efa\u8bae\u4f7f\u7528\u9ad8\u53ef\u7528\u6a21\u5f0f\u3002
\u8ba4\u8bc1\u65b9\u5f0f\uff1a\u9009\u62e9\u901a\u8fc7\u7528\u6237\u540d/\u5bc6\u7801\u8fd8\u662f\u516c\u79c1\u94a5\u8bbf\u95ee\u8282\u70b9\u3002
\u5982\u679c\u4f7f\u7528\u516c\u79c1\u94a5\u65b9\u5f0f\u8bbf\u95ee\u8282\u70b9\uff0c\u9700\u8981\u9884\u5148\u914d\u7f6e\u8282\u70b9\u7684 SSH \u5bc6\u94a5\u3002\u53c2\u9605\u4f7f\u7528 SSH \u5bc6\u94a5\u8ba4\u8bc1\u8282\u70b9\u3002
\u4f7f\u7528\u7edf\u4e00\u7684\u5bc6\u7801\uff1a\u5f00\u542f\u540e\u96c6\u7fa4\u4e2d\u6240\u6709\u8282\u70b9\u7684\u8bbf\u95ee\u5bc6\u7801\u90fd\u76f8\u540c\uff0c\u9700\u8981\u5728\u4e0b\u65b9\u8f93\u5165\u8bbf\u95ee\u6240\u6709\u8282\u70b9\u7684\u7edf\u4e00\u5bc6\u7801\u3002\u5982\u679c\u5173\u95ed\uff0c\u5219\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u8282\u70b9\u8bbe\u7f6e\u5355\u72ec\u7684\u7528\u6237\u540d\u548c\u5bc6\u7801\u3002
\u8282\u70b9\u4fe1\u606f\uff1a\u586b\u5199\u8282\u70b9\u540d\u79f0\u548c IP \u5730\u5740\u3002
\u5728\u9875\u9762\u5e95\u90e8\u70b9\u51fb\u8282\u70b9\u68c0\u67e5\u3002\u5982\u679c\u68c0\u67e5\u901a\u8fc7\u5219\u7ee7\u7eed\u4e0b\u4e00\u6b65\u64cd\u4f5c\u3002\u5982\u679c\u68c0\u67e5\u672a\u901a\u8fc7\uff0c\u5219\u66f4\u65b0 \u8282\u70b9\u4fe1\u606f \u5e76\u518d\u6b21\u6267\u884c\u68c0\u67e5\u3002
\u586b\u5199\u7f51\u7edc\u914d\u7f6e\u4fe1\u606f\uff0c\u5e76\u70b9\u51fb \u4e0b\u4e00\u6b65 \u3002
\u7f51\u7edc\u63d2\u4ef6\uff1a\u8d1f\u8d23\u4e3a\u96c6\u7fa4\u5185\u7684 Pod \u63d0\u4f9b\u7f51\u7edc\u670d\u52a1\uff0c\u521b\u5efa\u96c6\u7fa4\u540e\u4e0d\u53ef\u66f4\u6539\u7f51\u7edc\u63d2\u4ef6\u3002\u652f\u6301 cilium \u548c calico\u3002\u9009\u62e9 none \u8868\u793a\u6682\u4e0d\u5b89\u88c5\u7f51\u7edc\u63d2\u4ef6\u3002
\u5bb9\u5668\u7f51\u6bb5\uff1a\u96c6\u7fa4\u4e0b\u5bb9\u5668\u4f7f\u7528\u7684\u7f51\u6bb5\uff0c\u51b3\u5b9a\u96c6\u7fa4\u4e0b\u5bb9\u5668\u7684\u6570\u91cf\u4e0a\u9650\u3002\u521b\u5efa\u540e\u4e0d\u53ef\u4fee\u6539\u3002
\u586b\u5199\u63d2\u4ef6\u914d\u7f6e\u4fe1\u606f\uff0c\u5e76\u70b9\u51fb \u4e0b\u4e00\u6b65 \u3002
\u586b\u5199\u9ad8\u7ea7\u914d\u7f6e\u4fe1\u606f\uff0c\u5e76\u70b9\u51fb \u786e\u5b9a \u3002
Success
Note
\u901a\u8fc7\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u5bb9\u5668\u7ba1\u7406\u5e73\u53f0 \u521b\u5efa\u7684\u96c6\u7fa4 \u652f\u6301 \u5378\u8f7d\u96c6\u7fa4 \u6216 \u89e3\u9664\u63a5\u5165 \u64cd\u4f5c\uff0c\u4ece\u5176\u4ed6\u73af\u5883\u76f4\u63a5 \u63a5\u5165\u7684\u96c6\u7fa4 \u4ec5\u652f\u6301 \u89e3\u9664\u63a5\u5165 \u64cd\u4f5c\u3002
Info
\u5982\u679c\u60f3\u5f7b\u5e95\u5220\u9664\u4e00\u4e2a\u63a5\u5165\u7684\u96c6\u7fa4\uff0c\u9700\u8981\u524d\u5f80\u521b\u5efa\u8be5\u96c6\u7fa4\u7684\u539f\u59cb\u5e73\u53f0\u64cd\u4f5c\u3002\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4e0d\u652f\u6301\u5220\u9664\u63a5\u5165\u7684\u96c6\u7fa4\u3002
\u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4e2d\uff0c \u5378\u8f7d\u96c6\u7fa4 \u548c \u89e3\u9664\u63a5\u5165 \u7684\u533a\u522b\u5728\u4e8e\uff1a
Note
\u5728 \u96c6\u7fa4\u5217\u8868 \u9875\u627e\u5230\u9700\u8981\u5378\u8f7d\u96c6\u7fa4\uff0c\u70b9\u51fb\u53f3\u4fa7\u7684 \u2507 \u5e76\u5728\u4e0b\u62c9\u5217\u8868\u4e2d\u70b9\u51fb \u5378\u8f7d\u96c6\u7fa4 \u3002
\u8f93\u5165\u96c6\u7fa4\u540d\u79f0\u8fdb\u884c\u786e\u8ba4\uff0c\u7136\u540e\u70b9\u51fb \u5220\u9664 \u3002
\u5982\u679c\u63d0\u793a\u96c6\u7fa4\u4e2d\u8fd8\u6709\u4e00\u4e9b\u6b8b\u7559\u7684\u8d44\u6e90\uff0c\u5219\u9700\u8981\u6309\u63d0\u793a\u5220\u9664\u76f8\u5173\u8d44\u6e90\u540e\u624d\u80fd\u6267\u884c\u5378\u8f7d\u64cd\u4f5c\u3002
\u8fd4\u56de \u96c6\u7fa4\u5217\u8868 \u9875\u53ef\u4ee5\u770b\u5230\u8be5\u96c6\u7fa4\u7684\u72b6\u6001\u5df2\u7ecf\u53d8\u6210 \u5220\u9664\u4e2d \u3002\u5378\u8f7d\u96c6\u7fa4\u53ef\u80fd\u9700\u8981\u4e00\u6bb5\u65f6\u95f4\uff0c\u8bf7\u60a8\u8010\u5fc3\u7b49\u5019\u3002
Note
\u5728 \u96c6\u7fa4\u5217\u8868 \u9875\u627e\u5230\u9700\u8981\u5378\u8f7d\u96c6\u7fa4\uff0c\u70b9\u51fb\u53f3\u4fa7\u7684 \u2507 \u5e76\u5728\u4e0b\u62c9\u5217\u8868\u4e2d\u70b9\u51fb \u89e3\u9664\u63a5\u5165 \u3002
\u8f93\u5165\u96c6\u7fa4\u540d\u79f0\u8fdb\u884c\u786e\u8ba4\uff0c\u7136\u540e\u70b9\u51fb \u89e3\u9664\u63a5\u5165 \u3002
\u5982\u679c\u63d0\u793a\u96c6\u7fa4\u4e2d\u8fd8\u6709\u4e00\u4e9b\u6b8b\u7559\u7684\u8d44\u6e90\uff0c\u5219\u9700\u8981\u6309\u63d0\u793a\u5220\u9664\u76f8\u5173\u8d44\u6e90\u540e\u624d\u80fd\u89e3\u9664\u63a5\u5165\u3002
\u96c6\u7fa4\u88ab\u79fb\u9664\u540e\uff0c\u96c6\u7fa4\u4e2d\u539f\u6709\u7684\u7ba1\u7406\u5e73\u53f0\u6570\u636e\u4e0d\u4f1a\u88ab\u81ea\u52a8\u6e05\u9664\uff0c\u5982\u9700\u5c06\u96c6\u7fa4\u63a5\u5165\u81f3\u65b0\u7ba1\u7406\u5e73\u53f0\u5219\u9700\u8981\u624b\u52a8\u6267\u884c\u5982\u4e0b\u64cd\u4f5c\uff1a
\u5220\u9664 kpanda-system\u3001insight-system \u547d\u540d\u7a7a\u95f4
kubectl delete ns kpanda-system insight-system\n
"},{"location":"end-user/kpanda/clusters/integrate-cluster.html","title":"\u63a5\u5165\u96c6\u7fa4","text":"\u901a\u8fc7\u63a5\u5165\u96c6\u7fa4\u64cd\u4f5c\uff0c\u80fd\u591f\u5bf9\u4f17\u591a\u4e91\u670d\u52a1\u5e73\u53f0\u96c6\u7fa4\u548c\u672c\u5730\u79c1\u6709\u7269\u7406\u96c6\u7fa4\u8fdb\u884c\u7edf\u4e00\u7eb3\u7ba1\uff0c\u5f62\u6210\u7edf\u4e00\u6cbb\u7406\u5e73\u53f0\uff0c\u6709\u6548\u907f\u514d\u4e86\u88ab\u5382\u5546\u9501\u5b9a\u98ce\u9669\uff0c\u52a9\u529b\u4f01\u4e1a\u4e1a\u52a1\u5b89\u5168\u4e0a\u4e91\u3002
\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u652f\u6301\u63a5\u5165\u591a\u79cd\u4e3b\u6d41\u7684\u5bb9\u5668\u96c6\u7fa4\uff0c\u4f8b\u5982 Redhat Openshift, SUSE Rancher, VMware Tanzu, Amazon EKS, Aliyun ACK, Huawei CCE, Tencent TKE, \u6807\u51c6 Kubernetes \u96c6\u7fa4\u3002
"},{"location":"end-user/kpanda/clusters/integrate-cluster.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u8fdb\u5165 \u96c6\u7fa4\u5217\u8868 \u9875\u9762\uff0c\u70b9\u51fb\u53f3\u4e0a\u89d2\u7684 \u63a5\u5165\u96c6\u7fa4 \u6309\u94ae\u3002
\u586b\u5199\u57fa\u672c\u4fe1\u606f\u3002
\u586b\u5199\u76ee\u6807\u96c6\u7fa4\u7684 KubeConfig\uff0c\u70b9\u51fb \u9a8c\u8bc1 Config \uff0c\u9a8c\u8bc1\u901a\u8fc7\u540e\u624d\u80fd\u6210\u529f\u63a5\u5165\u96c6\u7fa4\u3002
\u5982\u679c\u4e0d\u77e5\u9053\u5982\u4f55\u83b7\u53d6\u96c6\u7fa4\u7684 KubeConfig \u6587\u4ef6\uff0c\u53ef\u4ee5\u5728\u8f93\u5165\u6846\u53f3\u4e0a\u89d2\u70b9\u51fb \u5982\u4f55\u83b7\u53d6 kubeConfig \u67e5\u770b\u5bf9\u5e94\u6b65\u9aa4\u3002
\u786e\u8ba4\u6240\u6709\u53c2\u6570\u586b\u5199\u6b63\u786e\uff0c\u5728\u9875\u9762\u53f3\u4e0b\u89d2\u70b9\u51fb \u786e\u5b9a \u3002
Note
\u672c\u6587\u4ecb\u7ecd\u5982\u4f55\u63a5\u5165 rancher \u96c6\u7fa4\u3002
"},{"location":"end-user/kpanda/clusters/integrate-rancher-cluster.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u4f7f\u7528\u5177\u6709\u7ba1\u7406\u5458\u6743\u9650\u7684\u89d2\u8272\u8fdb\u5165 rancher \u96c6\u7fa4\uff0c\u5e76\u4f7f\u7528\u7ec8\u7aef\u65b0\u5efa\u4e00\u4e2a\u540d\u4e3a sa.yaml \u7684\u6587\u4ef6\u3002
vi sa.yaml\n
\u7136\u540e\u6309\u4e0b i \u952e\u8fdb\u5165\u63d2\u5165\u6a21\u5f0f\uff0c\u8f93\u5165\u4ee5\u4e0b\u5185\u5bb9\uff1a
sa.yamlapiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n name: rancher-rke\nrules:\n - apiGroups:\n - '*'\n resources:\n - '*'\n verbs:\n - '*'\n - nonResourceURLs:\n - '*'\n verbs:\n - '*'\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n name: rancher-rke\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: rancher-rke\n subjects:\n - kind: ServiceAccount\n name: rancher-rke\n namespace: kube-system\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: rancher-rke\n namespace: kube-system\n
\u6309\u4e0b esc \u952e\u9000\u51fa\u63d2\u5165\u6a21\u5f0f\uff0c\u7136\u540e\u8f93\u5165 __ :wq__ \u4fdd\u5b58\u5e76\u9000\u51fa\u3002
\u5728\u5f53\u524d\u8def\u5f84\u4e0b\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u65b0\u5efa\u540d\u4e3a rancher-rke \u7684 ServiceAccount\uff08\u4ee5\u4e0b\u7b80\u79f0\u4e3a SA \uff09\uff1a
kubectl apply -f sa.yaml\n
\u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a
clusterrole.rbac.authorization.k8s.io/rancher-rke created\nclusterrolebinding.rbac.authorization.k8s.io/rancher-rke created\nserviceaccount/rancher-rke created\n
\u521b\u5efa\u540d\u4e3a rancher-rke-secret \u7684\u5bc6\u94a5\uff0c\u5e76\u5c06\u5bc6\u94a5\u548c rancher-rke SA \u7ed1\u5b9a\u3002
kubectl apply -f - <<EOF\napiVersion: v1\nkind: Secret\nmetadata:\n name: rancher-rke-secret\n namespace: kube-system\n annotations:\n kubernetes.io/service-account.name: rancher-rke\n type: kubernetes.io/service-account-token\nEOF\n
\u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a
secret/rancher-rke-secret created\n
Note
\u5982\u679c\u60a8\u7684\u96c6\u7fa4\u7248\u672c\u4f4e\u4e8e 1.24\uff0c\u8bf7\u5ffd\u7565\u6b64\u6b65\u9aa4\uff0c\u76f4\u63a5\u524d\u5f80\u4e0b\u4e00\u6b65\u3002
\u67e5\u627e rancher-rke SA \u7684\u5bc6\u94a5\uff1a
kubectl -n kube-system get secret | grep rancher-rke | awk '{print $1}'\n
\u9884\u671f\u8f93\u51fa\uff1a
rancher-rke-secret\n
\u67e5\u770b\u5bc6\u94a5 rancher-rke-secret \u7684\u8be6\u60c5\uff1a
kubectl -n kube-system describe secret rancher-rke-secret\n
\u9884\u671f\u8f93\u51fa\uff1a
Name: rancher-rke-secret\nNamespace: kube-system\nLabels: <none>\nAnnotations: kubernetes.io/service-account.name: rancher-rke\n kubernetes.io/service-account.uid: d83df5d9-bd7d-488d-a046-b740618a0174\n\nType: kubernetes.io/service-account-token\n\nData\n====\nca.crt: 570 bytes\nnamespace: 11 bytes\ntoken: eyJhbGciOiJSUzI1NiIsImtpZCI6IjUtNE9nUWZLRzVpbEJORkZaNmtCQXhqVzRsZHU4MHhHcDBfb0VCaUo0V1kifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJyYW5jaGVyLXJrZS1zZWNyZXQiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoicmFuY2hlci1ya2UiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJkODNkZjVkOS1iZDdkLTQ4OGQtYTA0Ni1iNzQwNjE4YTAxNzQiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06cmFuY2hlci1ya2UifQ.VNsMtPEFOdDDeGt_8VHblcMRvjOwPXMM-79o9UooHx6q-VkHOcIOp3FOT2hnEdNnIsyODZVKCpEdCgyozX-3y5x2cZSZpocnkMcBbQm-qfTyUcUhAY7N5gcYUtHUhvRAsNWJcsDCn6d96gT_qo-ddo_cT8Ri39Lc123FDYOnYG-YGFKSgRQVy7Vyv34HIajZCCjZzy7i--eE_7o4DXeTjNqAFMFstUxxHBOXI3Rdn1zKQKqh5Jhg4ES7X-edSviSUfJUX-QV_LlAw5DuAyGPH7bDH4QaQ5k-p6cIctmpWZE-9wRDlKA4LYRblKE7MJcI6OmM4ldlMM0Jc8N-gCtl4w\n
\u5728\u4efb\u610f\u4e00\u53f0\u5b89\u88c5\u4e86 kubelet \u7684\u672c\u5730\u8282\u70b9\u6267\u884c\u5982\u4e0b\u64cd\u4f5c\uff1a
\u914d\u7f6e kubelet token\uff1a
kubectl config set-credentials rancher-rke --token=`rancher-rke-secret` \u91cc\u9762\u7684 token \u4fe1\u606f\n
\u4f8b\u5982\uff1a
kubectl config set-credentials eks-admin --token=eyJhbGciOiJSUzI1NiIsImtpZCI6IjUtNE9nUWZLRzVpbEJORkZaNmtCQXhqVzRsZHU4MHhHcDBfb0VCaUo0V1kifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJyYW5jaGVyLXJrZS1zZWNyZXQiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoicmFuY2hlci1ya2UiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJkODNkZjVkOS1iZDdkLTQ4OGQtYTA0Ni1iNzQwNjE4YTAxNzQiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06cmFuY2hlci1ya2UifQ.VNsMtPEFOdDDeGt_8VHblcMRvjOwPXMM-79o9UooHx6q-VkHOcIOp3FOT2hnEdNnIsyODZVKCpEdCgyozX-3y5x2cZSZpocnkMcBbQm-qfTyUcUhAY7N5gcYUtHUhvRAsNWJcsDCn6d96gT_qo-ddo_cT8Ri39Lc123FDYOnYG-YGFKSgRQVy7Vyv34HIajZCCjZzy7i--eE_7o4DXeTjNqAFMFstUxxHBOXI3Rdn1zKQKqh5Jhg4ES7X-edSviSUfJUX-QV_LlAw5DuAyGPH7bDH4QaQ5k-p6cIctmpWZE-9wRDlKA4LYRblKE7MJcI6OmM4ldlMM0Jc8N-gCtl4w\n
\u914d\u7f6e kubelet APIServer \u4fe1\u606f\uff1a
kubectl config set-cluster {\u96c6\u7fa4\u540d} --insecure-skip-tls-verify=true --server={APIServer}\n
https://10.X.X.X:6443
\u4f8b\u5982\uff1a
kubectl config set-cluster rancher-rke --insecure-skip-tls-verify=true --server=https://10.X.X.X:6443\n
\u914d\u7f6e kubelet \u4e0a\u4e0b\u6587\u4fe1\u606f\uff1a
kubectl config set-context {\u4e0a\u4e0b\u6587\u540d\u79f0} --cluster={\u96c6\u7fa4\u540d} --user={SA \u7528\u6237\u540d}\n
\u4f8b\u5982\uff1a
kubectl config set-context rancher-rke-context --cluster=rancher-rke --user=rancher-rke\n
\u5728 kubelet \u4e2d\u6307\u5b9a\u6211\u4eec\u521a\u521a\u65b0\u5efa\u7684\u4e0a\u4e0b\u6587 rancher-rke-context \uff1a
kubectl config use-context rancher-rke-context\n
\u83b7\u53d6\u4e0a\u4e0b\u6587 rancher-rke-context \u4e2d\u7684 kubeconfig \u4fe1\u606f\u3002
kubectl config view --minify --flatten --raw\n
\u9884\u671f\u8f93\u51fa\uff1a
apiVersion: v1\n clusters:\n - cluster:\n insecure-skip-tls-verify: true\n server: https://77C321BCF072682C70C8665ED4BFA10D.gr7.ap-southeast-1.eks.amazonaws.com\n name: joincluster\n contexts:\n - context:\n cluster: joincluster\n user: eks-admin\n name: ekscontext\n current-context: ekscontext\n kind: Config\n preferences: {}\n users:\n - name: eks-admin\n user:\n token: eyJhbGciOiJSUzI1NiIsImtpZCI6ImcxTjJwNkktWm5IbmRJU1RFRExvdWY1TGFWVUtGQ3VIejFtNlFQcUNFalEifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2V\n
\u4f7f\u7528\u521a\u521a\u83b7\u53d6\u7684 kubeconfig \u6587\u4ef6\uff0c\u53c2\u8003\u63a5\u5165\u96c6\u7fa4\u6587\u6863\uff0c\u5c06 rancher \u96c6\u7fa4\u63a5\u5165\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u3002
"},{"location":"end-user/kpanda/clusters/k8s-cert.html","title":"Kubernetes \u96c6\u7fa4\u8bc1\u4e66\u66f4\u65b0","text":"\u4e3a\u4fdd\u8bc1 Kubernetes \u5404\u7ec4\u4ef6\u4e4b\u95f4\u7684\u901a\u4fe1\u5b89\u5168\uff0c\u7ec4\u4ef6\u4e4b\u95f4\u7684\u8c03\u7528\u4f1a\u8fdb\u884c TLS \u8eab\u4efd\u9a8c\u8bc1\uff0c\u6267\u884c\u9a8c\u8bc1\u64cd\u4f5c\u9700\u8981\u914d\u7f6e\u96c6\u7fa4 PKI \u8bc1\u4e66\u3002
\u96c6\u7fa4\u8bc1\u4e66\u6709\u6548\u671f\u4e3a1\u5e74\uff0c\u4e3a\u907f\u514d\u8bc1\u4e66\u8fc7\u671f\u5bfc\u81f4\u4e1a\u52a1\u65e0\u6cd5\u4f7f\u7528\uff0c\u8bf7\u53ca\u65f6\u66f4\u65b0\u8bc1\u4e66\u3002
\u672c\u6587\u4ecb\u7ecd\u5982\u4f55\u624b\u52a8\u8fdb\u884c\u8bc1\u4e66\u66f4\u65b0\u3002
"},{"location":"end-user/kpanda/clusters/k8s-cert.html#_1","title":"\u68c0\u67e5\u8bc1\u4e66\u662f\u5426\u8fc7\u671f","text":"\u60a8\u53ef\u4ee5\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u67e5\u770b\u8bc1\u4e66\u662f\u5426\u8fc7\u671f\uff1a
kubeadm certs check-expiration\n
\u8f93\u51fa\u7c7b\u4f3c\u4e8e\u4ee5\u4e0b\u5185\u5bb9\uff1a
CERTIFICATE EXPIRES RESIDUAL TIME CERTIFICATE AUTHORITY EXTERNALLY MANAGED\nadmin.conf Dec 14, 2024 07:26 UTC 204d no \napiserver Dec 14, 2024 07:26 UTC 204d ca no \napiserver-etcd-client Dec 14, 2024 07:26 UTC 204d etcd-ca no \napiserver-kubelet-client Dec 14, 2024 07:26 UTC 204d ca no \ncontroller-manager.conf Dec 14, 2024 07:26 UTC 204d no \netcd-healthcheck-client Dec 14, 2024 07:26 UTC 204d etcd-ca no \netcd-peer Dec 14, 2024 07:26 UTC 204d etcd-ca no \netcd-server Dec 14, 2024 07:26 UTC 204d etcd-ca no \nfront-proxy-client Dec 14, 2024 07:26 UTC 204d front-proxy-ca no \nscheduler.conf Dec 14, 2024 07:26 UTC 204d no \n\nCERTIFICATE AUTHORITY EXPIRES RESIDUAL TIME EXTERNALLY MANAGED\nca Dec 12, 2033 07:26 UTC 9y no \netcd-ca Dec 12, 2033 07:26 UTC 9y no \nfront-proxy-ca Dec 12, 2033 07:26 UTC 9y no \n
"},{"location":"end-user/kpanda/clusters/k8s-cert.html#_2","title":"\u624b\u52a8\u66f4\u65b0\u8bc1\u4e66","text":"\u60a8\u53ef\u4ee5\u901a\u8fc7\u4ee5\u4e0b\u547d\u4ee4\u624b\u52a8\u66f4\u65b0\u8bc1\u4e66\uff0c\u53ea\u9700\u5e26\u4e0a\u5408\u9002\u7684\u547d\u4ee4\u884c\u9009\u9879\u3002\u66f4\u65b0\u8bc1\u4e66\u524d\u8bf7\u5148\u5907\u4efd\u5f53\u524d\u8bc1\u4e66\u3002
\u66f4\u65b0\u6307\u5b9a\u8bc1\u4e66\uff1a
kubeadm certs renew\n
\u66f4\u65b0\u5168\u90e8\u8bc1\u4e66\uff1a
kubeadm certs renew all\n
\u66f4\u65b0\u540e\u7684\u8bc1\u4e66\u53ef\u4ee5\u5728 /etc/kubernetes/pki
\u76ee\u5f55\u4e0b\u67e5\u770b\uff0c\u6709\u6548\u671f\u5ef6\u7eed 1 \u5e74\u3002 \u4ee5\u4e0b\u5bf9\u5e94\u7684\u51e0\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e5f\u4f1a\u540c\u6b65\u66f4\u65b0\uff1a
Note
/etc/kubernetes/pki
\u4e2d\u7684\u5bc6\u94a5\u6267\u884c\u66f4\u65b0\u3002\u6267\u884c\u66f4\u65b0\u64cd\u4f5c\u4e4b\u540e\uff0c\u4f60\u9700\u8981\u91cd\u542f\u63a7\u5236\u9762 Pod\u3002\u56e0\u4e3a\u52a8\u6001\u8bc1\u4e66\u91cd\u8f7d\u76ee\u524d\u8fd8\u4e0d\u88ab\u6240\u6709\u7ec4\u4ef6\u548c\u8bc1\u4e66\u652f\u6301\uff0c\u6240\u6709\u8fd9\u9879\u64cd\u4f5c\u662f\u5fc5\u987b\u7684\u3002
\u9759\u6001 Pod \u662f\u88ab\u672c\u5730 kubelet \u800c\u4e0d\u662f API \u670d\u52a1\u5668\u7ba1\u7406\uff0c\u6240\u4ee5 kubectl \u4e0d\u80fd\u7528\u6765\u5220\u9664\u6216\u91cd\u542f\u4ed6\u4eec\u3002
\u8981\u91cd\u542f\u9759\u6001 Pod\uff0c\u4f60\u53ef\u4ee5\u4e34\u65f6\u5c06\u6e05\u5355\u6587\u4ef6\u4ece /etc/kubernetes/manifests/
\u79fb\u9664\u5e76\u7b49\u5f85 20 \u79d2\u3002 \u53c2\u8003 KubeletConfiguration \u7ed3\u6784\u4e2d\u7684 fileCheckFrequency \u503c\u3002
\u5982\u679c Pod \u4e0d\u5728\u6e05\u5355\u76ee\u5f55\u91cc\uff0ckubelet \u5c06\u4f1a\u7ec8\u6b62\u5b83\u3002 \u5728\u53e6\u4e00\u4e2a fileCheckFrequency \u5468\u671f\u4e4b\u540e\u4f60\u53ef\u4ee5\u5c06\u6587\u4ef6\u79fb\u56de\u53bb\uff0ckubelet \u53ef\u4ee5\u5b8c\u6210 Pod \u7684\u91cd\u5efa\uff0c\u800c\u7ec4\u4ef6\u7684\u8bc1\u4e66\u66f4\u65b0\u64cd\u4f5c\u4e5f\u5f97\u4ee5\u5b8c\u6210\u3002
mv ./manifests/* ./temp/\nmv ./temp/* ./manifests/\n
Note
\u5982\u679c\u5bb9\u5668\u670d\u52a1\u4f7f\u7528\u7684\u662f Docker\uff0c\u4e3a\u4e86\u8ba9\u8bc1\u4e66\u751f\u6548\uff0c\u53ef\u4ee5\u4f7f\u7528\u4ee5\u4e0b\u547d\u4ee4\u5bf9\u6d89\u53ca\u5230\u8bc1\u4e66\u4f7f\u7528\u7684\u51e0\u4e2a\u670d\u52a1\u8fdb\u884c\u91cd\u542f\uff1a
docker ps | grep -E 'k8s_kube-apiserver|k8s_kube-controller-manager|k8s_kube-scheduler|k8s_etcd_etcd' | awk -F ' ' '{print $1}' | xargs docker restart\n
"},{"location":"end-user/kpanda/clusters/k8s-cert.html#kubeconfig","title":"\u66f4\u65b0 KubeConfig","text":"\u6784\u5efa\u96c6\u7fa4\u65f6\u901a\u5e38\u4f1a\u5c06 admin.conf \u8bc1\u4e66\u590d\u5236\u5230 $HOME/.kube/config \u4e2d\uff0c\u4e3a\u4e86\u5728\u66f4\u65b0 admin.conf \u540e\u66f4\u65b0 $HOME/.kube/config \u7684\u5185\u5bb9\uff0c \u5fc5\u987b\u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config\nsudo chown $(id -u):$(id -g) $HOME/.kube/config\n
"},{"location":"end-user/kpanda/clusters/k8s-cert.html#kubelet","title":"\u4e3a kubelet \u914d\u7f6e\u8bc1\u4e66\u8f6e\u6362","text":"\u5b8c\u6210\u4ee5\u4e0a\u64cd\u4f5c\u540e\uff0c\u57fa\u672c\u5b8c\u6210\u4e86\u96c6\u7fa4\u6240\u6709\u8bc1\u4e66\u7684\u66f4\u65b0\uff0c\u4f46\u4e0d\u5305\u62ec kubelet\u3002
\u56e0\u4e3a kubernetes \u5305\u542b\u7279\u6027 kubelet \u8bc1\u4e66\u8f6e\u6362\uff0c \u5728\u5f53\u524d\u8bc1\u4e66\u5373\u5c06\u8fc7\u671f\u65f6\uff0c \u5c06\u81ea\u52a8\u751f\u6210\u65b0\u7684\u79d8\u94a5\uff0c\u5e76\u4ece Kubernetes API \u7533\u8bf7\u65b0\u7684\u8bc1\u4e66\u3002 \u4e00\u65e6\u65b0\u7684\u8bc1\u4e66\u53ef\u7528\uff0c\u5b83\u5c06\u88ab\u7528\u4e8e\u4e0e Kubernetes API \u95f4\u7684\u8fde\u63a5\u8ba4\u8bc1\u3002
Note
\u6b64\u7279\u6027\u9002\u7528\u4e8e Kubernetes 1.8.0 \u6216\u66f4\u9ad8\u7684\u7248\u672c\u3002
\u542f\u7528\u5ba2\u6237\u7aef\u8bc1\u4e66\u8f6e\u6362\uff0c\u914d\u7f6e\u53c2\u6570\u5982\u4e0b\uff1a
kubelet \u8fdb\u7a0b\u63a5\u6536 --rotate-certificates \u53c2\u6570\uff0c\u8be5\u53c2\u6570\u51b3\u5b9a kubelet \u5728\u5f53\u524d\u4f7f\u7528\u7684 \u8bc1\u4e66\u5373\u5c06\u5230\u671f\u65f6\uff0c\u662f\u5426\u4f1a\u81ea\u52a8\u7533\u8bf7\u65b0\u7684\u8bc1\u4e66\u3002
kube-controller-manager \u8fdb\u7a0b\u63a5\u6536 --cluster-signing-duration \u53c2\u6570 \uff08\u5728 1.19 \u7248\u672c\u4e4b\u524d\u4e3a --experimental-cluster-signing-duration\uff09\uff0c\u7528\u6765\u63a7\u5236\u7b7e\u53d1\u8bc1\u4e66\u7684\u6709\u6548\u671f\u9650\u3002
\u66f4\u591a\u8be6\u60c5\u53c2\u8003\u4e3a kubelet \u914d\u7f6e\u8bc1\u4e66\u8f6e\u6362\u3002
"},{"location":"end-user/kpanda/clusters/k8s-cert.html#_4","title":"\u81ea\u52a8\u66f4\u65b0\u8bc1\u4e66","text":"\u4e3a\u4e86\u66f4\u9ad8\u6548\u4fbf\u6377\u5904\u7406\u5df2\u8fc7\u671f\u6216\u8005\u5373\u5c06\u8fc7\u671f\u7684 kubernetes \u96c6\u7fa4\u8bc1\u4e66\uff0c\u53ef\u53c2\u8003 k8s \u7248\u672c\u96c6\u7fa4\u8bc1\u4e66\u66f4\u65b0\u3002
"},{"location":"end-user/kpanda/clusters/runtime.html","title":"\u5982\u4f55\u9009\u62e9\u5bb9\u5668\u8fd0\u884c\u65f6","text":"\u5bb9\u5668\u8fd0\u884c\u65f6\u662f kubernetes \u4e2d\u5bf9\u5bb9\u5668\u548c\u5bb9\u5668\u955c\u50cf\u751f\u547d\u5468\u671f\u8fdb\u884c\u7ba1\u7406\u7684\u91cd\u8981\u7ec4\u4ef6\u3002 kubernetes \u5728 1.19 \u7248\u672c\u4e2d\u5c06 containerd \u8bbe\u4e3a\u9ed8\u8ba4\u7684\u5bb9\u5668\u8fd0\u884c\u65f6\uff0c\u5e76\u5728 1.24 \u7248\u672c\u4e2d\u79fb\u9664\u4e86 Dockershim \u7ec4\u4ef6\u7684\u652f\u6301\u3002
\u56e0\u6b64\u76f8\u8f83\u4e8e Docker \u8fd0\u884c\u65f6\uff0c\u6211\u4eec\u66f4\u52a0 \u63a8\u8350\u60a8\u4f7f\u7528\u8f7b\u91cf\u7684 containerd \u4f5c\u4e3a\u60a8\u7684\u5bb9\u5668\u8fd0\u884c\u65f6\uff0c\u56e0\u4e3a\u8fd9\u5df2\u7ecf\u6210\u4e3a\u5f53\u524d\u4e3b\u6d41\u7684\u8fd0\u884c\u65f6\u9009\u62e9\u3002
\u9664\u6b64\u4e4b\u5916\uff0c\u4e00\u4e9b\u64cd\u4f5c\u7cfb\u7edf\u53d1\u884c\u5382\u5546\u5bf9 Docker \u8fd0\u884c\u65f6\u7684\u517c\u5bb9\u4e5f\u4e0d\u591f\u53cb\u597d\uff0c\u4e0d\u540c\u64cd\u4f5c\u7cfb\u7edf\u5bf9\u8fd0\u884c\u65f6\u7684\u652f\u6301\u5982\u4e0b\u8868\uff1a
"},{"location":"end-user/kpanda/clusters/runtime.html#_2","title":"\u4e0d\u540c\u64cd\u4f5c\u7cfb\u7edf\u548c\u63a8\u8350\u7684\u8fd0\u884c\u65f6\u7248\u672c\u5bf9\u5e94\u5173\u7cfb","text":"\u64cd\u4f5c\u7cfb\u7edf \u63a8\u8350\u7684 containerd \u7248\u672c \u63a8\u8350\u7684 Docker \u7248\u672c CentOS 1.7.5 20.10 RedHatOS 1.7.5 20.10 KylinOS 1.7.5 19.03\uff08\u4ec5 ARM \u67b6\u6784\u652f\u6301 \uff0c\u5728 x86 \u67b6\u6784\u4e0b\u4e0d\u652f\u6301\u4f7f\u7528 Docker \u4f5c\u4e3a\u8fd0\u884c\u65f6\uff09\u66f4\u591a\u652f\u6301\u7684\u8fd0\u884c\u65f6\u7248\u672c\u4fe1\u606f\uff0c\u8bf7\u53c2\u8003 RedHatOS \u652f\u6301\u7684\u8fd0\u884c\u65f6\u7248\u672c \u548c KylinOS \u652f\u6301\u7684\u8fd0\u884c\u65f6\u7248\u672c
Note
\u5728\u79bb\u7ebf\u5b89\u88c5\u6a21\u5f0f\u4e0b\uff0c\u9700\u8981\u63d0\u524d\u51c6\u5907\u76f8\u5173\u64cd\u4f5c\u7cfb\u7edf\u7684\u8fd0\u884c\u65f6\u79bb\u7ebf\u5305\u3002
"},{"location":"end-user/kpanda/clusters/upgrade-cluster.html","title":"\u96c6\u7fa4\u5347\u7ea7","text":"Kubernetes \u793e\u533a\u6bcf\u4e2a\u5b63\u5ea6\u90fd\u4f1a\u53d1\u5e03\u4e00\u6b21\u5c0f\u7248\u672c\uff0c\u6bcf\u4e2a\u7248\u672c\u7684\u7ef4\u62a4\u5468\u671f\u5927\u6982\u53ea\u6709 9 \u4e2a\u6708\u3002 \u7248\u672c\u505c\u6b62\u7ef4\u62a4\u540e\u5c31\u4e0d\u4f1a\u518d\u66f4\u65b0\u4e00\u4e9b\u91cd\u5927\u6f0f\u6d1e\u6216\u5b89\u5168\u6f0f\u6d1e\u3002\u624b\u52a8\u5347\u7ea7\u96c6\u7fa4\u64cd\u4f5c\u8f83\u4e3a\u7e41\u7410\uff0c\u7ed9\u7ba1\u7406\u4eba\u5458\u5e26\u6765\u4e86\u6781\u5927\u7684\u5de5\u4f5c\u8d1f\u62c5\u3002
\u672c\u8282\u5c06\u4ecb\u7ecd\u5982\u4f55\u5728\u901a\u8fc7 Web UI \u754c\u9762\u4e00\u952e\u5f0f\u5728\u7ebf\u5347\u7ea7\u5de5\u4f5c\u96c6\u7fa4 Kubernetes \u7248\u672c\uff0c \u5982\u9700\u79bb\u7ebf\u5347\u7ea7\u5de5\u4f5c\u96c6\u7fa4\u7684 kubernetes \u7248\u672c\uff0c\u8bf7\u53c2\u9605\u5de5\u4f5c\u96c6\u7fa4\u79bb\u7ebf\u5347\u7ea7\u6307\u5357\u8fdb\u884c\u5347\u7ea7\u3002
Danger
\u7248\u672c\u5347\u7ea7\u540e\u5c06\u65e0\u6cd5\u56de\u9000\u5230\u4e4b\u524d\u7684\u7248\u672c\uff0c\u8bf7\u8c28\u614e\u64cd\u4f5c\u3002
Note
\u5728\u96c6\u7fa4\u5217\u8868\u4e2d\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\u3002
\u7136\u540e\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u96c6\u7fa4\u8fd0\u7ef4 -> \u96c6\u7fa4\u5347\u7ea7 \uff0c\u5728\u9875\u9762\u53f3\u4e0a\u89d2\u70b9\u51fb \u7248\u672c\u5347\u7ea7 \u3002
\u9009\u62e9\u53ef\u5347\u7ea7\u7684\u7248\u672c\uff0c\u8f93\u5165\u96c6\u7fa4\u540d\u79f0\u8fdb\u884c\u786e\u8ba4\u3002
Note
\u5982\u679c\u60a8\u662f\u60f3\u901a\u8fc7\u5347\u7ea7\u65b9\u5f0f\u6765\u4fee\u6539\u96c6\u7fa4\u53c2\u6570\uff0c\u8bf7\u53c2\u8003\u4ee5\u4e0b\u6b65\u9aa4\uff1a
\u627e\u5230\u96c6\u7fa4\u5bf9\u5e94\u7684 ConfigMap\uff0c\u60a8\u53ef\u4ee5\u767b\u5f55\u63a7\u5236\u8282\u70b9\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u627e\u5230 varsConfRef \u4e2d\u7684 ConfigMap \u540d\u79f0\u3002
kubectl get cluster.kubean.io <clustername> -o yaml\n
\u6839\u636e\u9700\u8981\uff0c\u4fee\u6539 ConfigMap \u4e2d\u7684\u53c2\u6570\u4fe1\u606f\u3002
\u5728\u6b64\u5904\u9009\u62e9\u76f8\u540c\u7248\u672c\u8fdb\u884c\u5347\u7ea7\u64cd\u4f5c\uff0c\u5347\u7ea7\u5b8c\u6210\u5373\u53ef\u6210\u529f\u66f4\u65b0\u5bf9\u5e94\u7684\u96c6\u7fa4\u53c2\u6570\u3002
\u70b9\u51fb \u786e\u5b9a \u540e\uff0c\u53ef\u4ee5\u770b\u5230\u96c6\u7fa4\u7684\u5347\u7ea7\u8fdb\u5ea6\u3002
\u96c6\u7fa4\u5347\u7ea7\u9884\u8ba1\u9700\u8981 30 \u5206\u949f\uff0c\u53ef\u4ee5\u70b9\u51fb \u5b9e\u65f6\u65e5\u5fd7 \u6309\u94ae\u67e5\u770b\u96c6\u7fa4\u5347\u7ea7\u7684\u8be6\u7ec6\u65e5\u5fd7\u3002
configmap/secret \u70ed\u52a0\u8f7d\u662f\u6307\u5c06 configmap/secret \u4f5c\u4e3a\u6570\u636e\u5377\u6302\u8f7d\u5728\u5bb9\u5668\u4e2d\u6302\u8f7d\u65f6\uff0c\u5f53\u914d\u7f6e\u53d1\u751f\u6539\u53d8\u65f6\uff0c\u5bb9\u5668\u5c06\u81ea\u52a8\u8bfb\u53d6 configmap/secret \u66f4\u65b0\u540e\u7684\u914d\u7f6e\uff0c\u800c\u65e0\u9700\u91cd\u542f Pod\u3002
"},{"location":"end-user/kpanda/configmaps-secrets/configmap-hot-loading.html#_1","title":"\u64cd\u4f5c\u6b65\u9aa4","text":"\u53c2\u8003\u521b\u5efa\u5de5\u4f5c\u8d1f\u8f7d - \u5bb9\u5668\u914d\u7f6e\uff0c\u914d\u7f6e\u5bb9\u5668\u6570\u636e\u5b58\u50a8\uff0c\u9009\u62e9 Configmap \u3001 Configmap Key \u3001 Secret \u3001 Secret Key \u4f5c\u4e3a\u6570\u636e\u5377\u6302\u8f7d\u81f3\u5bb9\u5668\u3002
Note
\u4f7f\u7528\u5b50\u8def\u5f84\uff08SubPath\uff09\u65b9\u5f0f\u6302\u8f7d\u7684\u914d\u7f6e\u6587\u4ef6\u4e0d\u652f\u6301\u70ed\u52a0\u8f7d\u3002
\u8fdb\u5165\u3010\u914d\u7f6e\u4e0e\u5bc6\u94a5\u3011\u9875\u9762\uff0c\u8fdb\u5165\u914d\u7f6e\u9879\u8be6\u60c5\u9875\u9762\uff0c\u5728\u3010\u5173\u8054\u8d44\u6e90\u3011\u4e2d\u627e\u5230\u5bf9\u5e94\u7684 container \u8d44\u6e90\uff0c\u70b9\u51fb \u7acb\u5373\u52a0\u8f7d \u6309\u94ae\uff0c\u8fdb\u5165\u914d\u7f6e\u70ed\u52a0\u8f7d\u9875\u9762\u3002
Note
\u5982\u679c\u60a8\u7684\u5e94\u7528\u652f\u6301\u81ea\u52a8\u8bfb\u53d6 configmap/secret \u66f4\u65b0\u540e\u7684\u914d\u7f6e\uff0c\u5219\u65e0\u9700\u624b\u52a8\u6267\u884c\u70ed\u52a0\u8f7d\u64cd\u4f5c\u3002
\u5728\u70ed\u52a0\u8f7d\u914d\u7f6e\u5f39\u7a97\u4e2d\uff0c\u8f93\u5165\u8fdb\u5165\u5bb9\u5668\u5185\u7684 \u6267\u884c\u547d\u4ee4 \u5e76\u70b9\u51fb \u786e\u5b9a \u6309\u94ae\uff0c\u4ee5\u91cd\u8f7d\u914d\u7f6e\u3002\u4f8b\u5982\uff0c\u5728 nginx \u5bb9\u5668\u4e2d\uff0c\u4ee5 root \u7528\u6237\u6743\u9650\uff0c\u6267\u884c nginx -s reload \u547d\u4ee4\u6765\u91cd\u8f7d\u914d\u7f6e\u3002
\u5728\u754c\u9762\u5f39\u51fa\u7684 web \u7ec8\u7aef\u4e2d\u67e5\u770b\u5e94\u7528\u91cd\u8f7d\u60c5\u51b5\u3002
\u914d\u7f6e\u9879\uff08ConfigMap\uff09\u4ee5\u952e\u503c\u5bf9\u7684\u5f62\u5f0f\u5b58\u50a8\u975e\u673a\u5bc6\u6027\u6570\u636e\uff0c\u5b9e\u73b0\u914d\u7f6e\u6570\u636e\u548c\u5e94\u7528\u4ee3\u7801\u76f8\u4e92\u89e3\u8026\u7684\u6548\u679c\u3002\u914d\u7f6e\u9879\u53ef\u7528\u4f5c\u5bb9\u5668\u7684\u73af\u5883\u53d8\u91cf\u3001\u547d\u4ee4\u884c\u53c2\u6570\u6216\u8005\u5b58\u50a8\u5377\u4e2d\u7684\u914d\u7f6e\u6587\u4ef6\u3002
Note
\u5728\u914d\u7f6e\u9879\u4e2d\u4fdd\u5b58\u7684\u6570\u636e\u4e0d\u53ef\u8d85\u8fc7 1 MiB\u3002\u5982\u679c\u9700\u8981\u5b58\u50a8\u4f53\u79ef\u66f4\u5927\u7684\u6570\u636e\uff0c\u5efa\u8bae\u6302\u8f7d\u5b58\u50a8\u5377\u6216\u8005\u4f7f\u7528\u72ec\u7acb\u7684\u6570\u636e\u5e93\u6216\u8005\u6587\u4ef6\u670d\u52a1\u3002
\u914d\u7f6e\u9879\u4e0d\u63d0\u4f9b\u4fdd\u5bc6\u6216\u8005\u52a0\u5bc6\u529f\u80fd\u3002\u5982\u679c\u8981\u5b58\u50a8\u52a0\u5bc6\u6570\u636e\uff0c\u5efa\u8bae\u4f7f\u7528\u5bc6\u94a5\uff0c\u6216\u8005\u5176\u4ed6\u7b2c\u4e09\u65b9\u5de5\u5177\u6765\u4fdd\u8bc1\u6570\u636e\u7684\u79c1\u5bc6\u6027\u3002
\u652f\u6301\u4e24\u79cd\u521b\u5efa\u65b9\u5f0f\uff1a
\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u5df2\u63a5\u5165 Kubernetes \u96c6\u7fa4\u6216\u8005\u5df2\u521b\u5efa Kubernetes \u96c6\u7fa4\uff0c\u4e14\u80fd\u591f\u8bbf\u95ee\u96c6\u7fa4\u7684 UI \u754c\u9762
\u5df2\u5b8c\u6210\u4e00\u4e2a\u547d\u540d\u7a7a\u95f4\u7684\u521b\u5efa\u3001\u7528\u6237\u7684\u521b\u5efa\uff0c\u5e76\u5c06\u7528\u6237\u6388\u6743\u4e3a NS Editor \u89d2\u8272 \uff0c\u8be6\u60c5\u53ef\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u6388\u6743\u3002
\u5728 \u96c6\u7fa4\u5217\u8868 \u9875\u9762\u70b9\u51fb\u67d0\u4e2a\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\uff0c\u70b9\u51fb \u914d\u7f6e\u4e0e\u5bc6\u94a5 -> \u914d\u7f6e\u9879 \uff0c\u70b9\u51fb\u53f3\u4e0a\u89d2 \u521b\u5efa\u914d\u7f6e\u9879 \u6309\u94ae\u3002
\u5728 \u521b\u5efa\u914d\u7f6e\u9879 \u9875\u9762\u4e2d\u586b\u5199\u914d\u7f6e\u4fe1\u606f\uff0c\u70b9\u51fb \u786e\u5b9a \u3002
Note
\u70b9\u51fb \u4e0a\u4f20\u6587\u4ef6 \u53ef\u4ee5\u4ece\u672c\u5730\u5bfc\u5165\u5df2\u6709\u7684\u6587\u4ef6\uff0c\u5feb\u901f\u521b\u5efa\u914d\u7f6e\u9879\u3002
\u521b\u5efa\u5b8c\u6210\u540e\u5728\u914d\u7f6e\u9879\u53f3\u4fa7\u70b9\u51fb\u66f4\u591a\u53ef\u4ee5\uff0c\u53ef\u4ee5\u7f16\u8f91 YAML\u3001\u66f4\u65b0\u3001\u5bfc\u51fa\u3001\u5220\u9664\u7b49\u64cd\u4f5c\u3002
\u5728 \u96c6\u7fa4\u5217\u8868 \u9875\u9762\u70b9\u51fb\u67d0\u4e2a\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\uff0c\u70b9\u51fb \u914d\u7f6e\u4e0e\u5bc6\u94a5 -> \u914d\u7f6e\u9879 \uff0c\u70b9\u51fb\u53f3\u4e0a\u89d2 YAML \u521b\u5efa \u6309\u94ae\u3002
\u586b\u5199\u6216\u7c98\u8d34\u4e8b\u5148\u51c6\u5907\u597d\u7684\u914d\u7f6e\u6587\u4ef6\uff0c\u7136\u540e\u5728\u5f39\u6846\u53f3\u4e0b\u89d2\u70b9\u51fb \u786e\u5b9a \u3002
Note
\u521b\u5efa\u5b8c\u6210\u540e\u5728\u914d\u7f6e\u9879\u53f3\u4fa7\u70b9\u51fb\u66f4\u591a\u53ef\u4ee5\uff0c\u53ef\u4ee5\u7f16\u8f91 YAML\u3001\u66f4\u65b0\u3001\u5bfc\u51fa\u3001\u5220\u9664\u7b49\u64cd\u4f5c\u3002
```yaml\nkind: ConfigMap\napiVersion: v1\nmetadata:\n name: kube-root-ca.crt\n namespace: default\n annotations:\ndata:\n version: '1.0'\n```\n
\u4e0b\u4e00\u6b65\uff1a\u4f7f\u7528\u914d\u7f6e\u9879
"},{"location":"end-user/kpanda/configmaps-secrets/create-secret.html","title":"\u521b\u5efa\u5bc6\u94a5","text":"\u5bc6\u94a5\u662f\u4e00\u79cd\u7528\u4e8e\u5b58\u50a8\u548c\u7ba1\u7406\u5bc6\u7801\u3001OAuth \u4ee4\u724c\u3001SSH\u3001TLS \u51ed\u636e\u7b49\u654f\u611f\u4fe1\u606f\u7684\u8d44\u6e90\u5bf9\u8c61\u3002\u4f7f\u7528\u5bc6\u94a5\u610f\u5473\u7740\u60a8\u4e0d\u9700\u8981\u5728\u5e94\u7528\u7a0b\u5e8f\u4ee3\u7801\u4e2d\u5305\u542b\u654f\u611f\u7684\u673a\u5bc6\u6570\u636e\u3002
\u5bc6\u94a5\u4f7f\u7528\u573a\u666f\uff1a
\u652f\u6301\u4e24\u79cd\u521b\u5efa\u65b9\u5f0f\uff1a
\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u5df2\u63a5\u5165 Kubernetes \u96c6\u7fa4\u6216\u8005\u5df2\u521b\u5efa Kubernetes \u96c6\u7fa4\uff0c\u4e14\u80fd\u591f\u8bbf\u95ee\u96c6\u7fa4\u7684 UI \u754c\u9762
\u5df2\u5b8c\u6210\u4e00\u4e2a\u547d\u540d\u7a7a\u95f4\u7684\u521b\u5efa\u3001\u7528\u6237\u7684\u521b\u5efa\uff0c\u5e76\u5c06\u7528\u6237\u6388\u6743\u4e3a NS Editor \uff0c\u8be6\u60c5\u53ef\u53c2\u8003\u96c6\u7fa4\u548c\u547d\u540d\u7a7a\u95f4\u6388\u6743\u3002
\u5728 \u96c6\u7fa4\u5217\u8868 \u9875\u9762\u70b9\u51fb\u67d0\u4e2a\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\uff0c\u70b9\u51fb \u914d\u7f6e\u4e0e\u5bc6\u94a5 -> \u5bc6\u94a5 \uff0c\u70b9\u51fb\u53f3\u4e0a\u89d2 \u521b\u5efa\u5bc6\u94a5 \u6309\u94ae\u3002
\u5728 \u521b\u5efa\u5bc6\u94a5 \u9875\u9762\u4e2d\u586b\u5199\u914d\u7f6e\u4fe1\u606f\uff0c\u70b9\u51fb \u786e\u5b9a \u3002
\u586b\u5199\u914d\u7f6e\u65f6\u9700\u8981\u6ce8\u610f\uff1a
\u5728 \u96c6\u7fa4\u5217\u8868 \u9875\u9762\u70b9\u51fb\u67d0\u4e2a\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\uff0c\u70b9\u51fb \u914d\u7f6e\u4e0e\u5bc6\u94a5 -> \u5bc6\u94a5 \uff0c\u70b9\u51fb\u53f3\u4e0a\u89d2 YAML \u521b\u5efa \u6309\u94ae\u3002
\u5728 YAML \u521b\u5efa \u9875\u9762\u4e2d\u586b\u5199 YAML \u914d\u7f6e\uff0c\u70b9\u51fb \u786e\u5b9a \u3002
\u652f\u6301\u4ece\u672c\u5730\u5bfc\u5165 YAML \u6587\u4ef6\u6216\u5c06\u586b\u5199\u597d\u7684\u6587\u4ef6\u4e0b\u8f7d\u4fdd\u5b58\u5230\u672c\u5730\u3002
```yaml\napiVersion: v1\nkind: Secret\nmetadata:\n name: secretdemo\ntype: Opaque\ndata:\n username: ******\n password: ******\n```\n
\u4e0b\u4e00\u6b65\uff1a\u4f7f\u7528\u5bc6\u94a5
"},{"location":"end-user/kpanda/configmaps-secrets/use-configmap.html","title":"\u4f7f\u7528\u914d\u7f6e\u9879","text":"\u914d\u7f6e\u9879\uff08ConfigMap\uff09\u662f Kubernetes \u7684\u4e00\u79cd API \u5bf9\u8c61\uff0c\u7528\u6765\u5c06\u975e\u673a\u5bc6\u6027\u7684\u6570\u636e\u4fdd\u5b58\u5230\u952e\u503c\u5bf9\u4e2d\uff0c\u53ef\u4ee5\u5b58\u50a8\u5176\u4ed6\u5bf9\u8c61\u6240\u9700\u8981\u4f7f\u7528\u7684\u914d\u7f6e\u3002 \u4f7f\u7528\u65f6\uff0c \u5bb9\u5668\u53ef\u4ee5\u5c06\u5176\u7528\u4f5c\u73af\u5883\u53d8\u91cf\u3001\u547d\u4ee4\u884c\u53c2\u6570\u6216\u8005\u5b58\u50a8\u5377\u4e2d\u7684\u914d\u7f6e\u6587\u4ef6\u3002\u901a\u8fc7\u4f7f\u7528\u914d\u7f6e\u9879\uff0c\u80fd\u591f\u5c06\u914d\u7f6e\u6570\u636e\u548c\u5e94\u7528\u7a0b\u5e8f\u4ee3\u7801\u5206\u5f00\uff0c\u4e3a\u5e94\u7528\u914d\u7f6e\u7684\u4fee\u6539\u63d0\u4f9b\u66f4\u52a0\u7075\u6d3b\u7684\u9014\u5f84\u3002
Note
\u914d\u7f6e\u9879\u5e76\u4e0d\u63d0\u4f9b\u4fdd\u5bc6\u6216\u8005\u52a0\u5bc6\u529f\u80fd\u3002\u5982\u679c\u8981\u5b58\u50a8\u7684\u6570\u636e\u662f\u673a\u5bc6\u7684\uff0c\u8bf7\u4f7f\u7528\u5bc6\u94a5\uff0c\u6216\u8005\u4f7f\u7528\u5176\u4ed6\u7b2c\u4e09\u65b9\u5de5\u5177\u6765\u4fdd\u8bc1\u6570\u636e\u7684\u79c1\u5bc6\u6027\uff0c\u800c\u4e0d\u662f\u7528\u914d\u7f6e\u9879\u3002 \u6b64\u5916\u5728\u5bb9\u5668\u91cc\u4f7f\u7528\u914d\u7f6e\u9879\u65f6\uff0c\u5bb9\u5668\u548c\u914d\u7f6e\u9879\u5fc5\u987b\u5904\u4e8e\u540c\u4e00\u96c6\u7fa4\u7684\u547d\u540d\u7a7a\u95f4\u4e2d\u3002
"},{"location":"end-user/kpanda/configmaps-secrets/use-configmap.html#_2","title":"\u4f7f\u7528\u573a\u666f","text":"\u60a8\u53ef\u4ee5\u5728 Pod \u4e2d\u4f7f\u7528\u914d\u7f6e\u9879\uff0c\u6709\u591a\u79cd\u4f7f\u7528\u573a\u666f\uff0c\u4e3b\u8981\u5305\u62ec\uff1a
\u4f7f\u7528\u914d\u7f6e\u9879\u8bbe\u7f6e\u5bb9\u5668\u7684\u73af\u5883\u53d8\u91cf
\u4f7f\u7528\u914d\u7f6e\u9879\u8bbe\u7f6e\u5bb9\u5668\u7684\u547d\u4ee4\u884c\u53c2\u6570
\u4f7f\u7528\u914d\u7f6e\u9879\u4f5c\u4e3a\u5bb9\u5668\u7684\u6570\u636e\u5377
\u60a8\u53ef\u4ee5\u901a\u8fc7\u56fe\u5f62\u5316\u754c\u9762\u6216\u8005\u7ec8\u7aef\u547d\u4ee4\u884c\u6765\u4f7f\u7528\u914d\u7f6e\u9879\u4f5c\u4e3a\u5bb9\u5668\u7684\u73af\u5883\u53d8\u91cf\u3002
Note
\u914d\u7f6e\u9879\u5bfc\u5165\u662f\u5c06\u914d\u7f6e\u9879\u4f5c\u4e3a\u73af\u5883\u53d8\u91cf\u7684\u503c\uff1b\u914d\u7f6e\u9879\u952e\u503c\u5bfc\u5165\u662f\u5c06\u914d\u7f6e\u9879\u4e2d\u67d0\u4e00\u53c2\u6570\u4f5c\u4e3a\u73af\u5883\u53d8\u91cf\u7684\u503c\u3002
"},{"location":"end-user/kpanda/configmaps-secrets/use-configmap.html#_4","title":"\u56fe\u5f62\u5316\u754c\u9762\u64cd\u4f5c","text":"\u901a\u8fc7\u955c\u50cf\u521b\u5efa\u5de5\u4f5c\u8d1f\u8f7d\u65f6\uff0c\u53ef\u4ee5\u5728 \u73af\u5883\u53d8\u91cf \u754c\u9762\u901a\u8fc7\u9009\u62e9 \u914d\u7f6e\u9879\u5bfc\u5165 \u6216 \u914d\u7f6e\u9879\u952e\u503c\u5bfc\u5165 \u4e3a\u5bb9\u5668\u8bbe\u7f6e\u73af\u5883\u53d8\u91cf\u3002
\u8fdb\u5165\u955c\u50cf\u521b\u5efa\u5de5\u4f5c\u8d1f\u8f7d\u9875\u9762\u4e2d\uff0c\u5728 \u5bb9\u5668\u914d\u7f6e \u8fd9\u4e00\u6b65\u4e2d\uff0c\u9009\u62e9 \u73af\u5883\u53d8\u91cf \u914d\u7f6e\uff0c\u70b9\u51fb \u6dfb\u52a0\u73af\u5883\u53d8\u91cf \u6309\u94ae\u3002
\u5728\u73af\u5883\u53d8\u91cf\u7c7b\u578b\u5904\u9009\u62e9 \u914d\u7f6e\u9879\u5bfc\u5165 \u6216 \u914d\u7f6e\u9879\u952e\u503c\u5bfc\u5165 \u3002
\u5f53\u73af\u5883\u53d8\u91cf\u7c7b\u578b\u9009\u62e9\u4e3a \u914d\u7f6e\u9879\u5bfc\u5165 \u65f6\uff0c\u4f9d\u6b21\u8f93\u5165 \u53d8\u91cf\u540d \u3001 \u524d\u7f00 \u540d\u79f0\u3001 \u914d\u7f6e\u9879 \u7684\u540d\u79f0\u3002
\u5f53\u73af\u5883\u53d8\u91cf\u7c7b\u578b\u9009\u62e9\u4e3a \u914d\u7f6e\u9879\u952e\u503c\u5bfc\u5165 \u65f6\uff0c\u4f9d\u6b21\u8f93\u5165 \u53d8\u91cf\u540d \u3001 \u914d\u7f6e\u9879 \u540d\u79f0\u3001 \u952e \u7684\u540d\u79f0\u3002
\u60a8\u53ef\u4ee5\u5728\u521b\u5efa\u5de5\u4f5c\u8d1f\u8f7d\u65f6\u5c06\u914d\u7f6e\u9879\u8bbe\u7f6e\u4e3a\u73af\u5883\u53d8\u91cf\uff0c\u4f7f\u7528 valueFrom \u53c2\u6570\u5f15\u7528 ConfigMap \u4e2d\u7684 Key/Value\u3002
apiVersion: v1\nkind: Pod\nmetadata:\n name: configmap-pod-1\nspec:\n containers:\n - name: test-container\n image: busybox\n command: [ \"/bin/sh\", \"-c\", \"env\" ]\n env:\n - name: SPECIAL_LEVEL_KEY\n valueFrom: # (1)!\n configMapKeyRef:\n name: kpanda-configmap # (2)!\n key: SPECIAL_LEVEL # (3)!\n restartPolicy: Never\n
\u60a8\u53ef\u4ee5\u4f7f\u7528\u914d\u7f6e\u9879\u8bbe\u7f6e\u5bb9\u5668\u4e2d\u7684\u547d\u4ee4\u6216\u8005\u53c2\u6570\u503c\uff0c\u4f7f\u7528\u73af\u5883\u53d8\u91cf\u66ff\u6362\u8bed\u6cd5 $(VAR_NAME) \u6765\u8fdb\u884c\u3002\u5982\u4e0b\u6240\u793a\u3002
apiVersion: v1\nkind: Pod\nmetadata:\n name: configmap-pod-3\nspec:\n containers:\n - name: test-container\n image: busybox\n command: [ \"/bin/sh\", \"-c\", \"echo $(SPECIAL_LEVEL_KEY) $(SPECIAL_TYPE_KEY)\" ]\n env:\n - name: SPECIAL_LEVEL_KEY\n valueFrom:\n configMapKeyRef:\n name: kpanda-configmap\n key: SPECIAL_LEVEL\n - name: SPECIAL_TYPE_KEY\n valueFrom:\n configMapKeyRef:\n name: kpanda-configmap\n key: SPECIAL_TYPE\n restartPolicy: Never\n
\u8fd9\u4e2a Pod \u8fd0\u884c\u540e\uff0c\u8f93\u51fa\u5982\u4e0b\u5185\u5bb9\u3002
Hello Kpanda\n
"},{"location":"end-user/kpanda/configmaps-secrets/use-configmap.html#_7","title":"\u7528\u4f5c\u5bb9\u5668\u6570\u636e\u5377","text":"\u60a8\u53ef\u4ee5\u901a\u8fc7\u56fe\u5f62\u5316\u754c\u9762\u6216\u8005\u7ec8\u7aef\u547d\u4ee4\u884c\u6765\u4f7f\u7528\u914d\u7f6e\u9879\u4f5c\u4e3a\u5bb9\u5668\u7684\u73af\u5883\u53d8\u91cf\u3002
"},{"location":"end-user/kpanda/configmaps-secrets/use-configmap.html#_8","title":"\u56fe\u5f62\u5316\u64cd\u4f5c","text":"\u5728\u901a\u8fc7\u955c\u50cf\u521b\u5efa\u5de5\u4f5c\u8d1f\u8f7d\u65f6\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7\u5728 \u6570\u636e\u5b58\u50a8 \u754c\u9762\u9009\u62e9\u5b58\u50a8\u7c7b\u578b\u4e3a \u914d\u7f6e\u9879 \uff0c\u5c06\u914d\u7f6e\u9879\u4f5c\u4e3a\u5bb9\u5668\u7684\u6570\u636e\u5377\u3002
\u8fdb\u5165\u955c\u50cf\u521b\u5efa\u5de5\u4f5c\u8d1f\u8f7d\u9875\u9762\u4e2d\uff0c\u5728 \u5bb9\u5668\u914d\u7f6e \u8fd9\u4e00\u6b65\u4e2d\uff0c\u9009\u62e9 \u6570\u636e\u5b58\u50a8 \u914d\u7f6e\uff0c\u5728 \u8282\u70b9\u8def\u5f84\u6620\u5c04 \u5217\u8868\u70b9\u51fb \u6dfb\u52a0 \u6309\u94ae\u3002
\u5728\u5b58\u50a8\u7c7b\u578b\u5904\u9009\u62e9 \u914d\u7f6e\u9879 \uff0c\u5e76\u4f9d\u6b21\u8f93\u5165 \u5bb9\u5668\u8def\u5f84 \u3001 \u5b50\u8def\u5f84 \u7b49\u4fe1\u606f\u3002
\u8981\u5728\u4e00\u4e2a Pod \u7684\u5b58\u50a8\u5377\u4e2d\u4f7f\u7528 ConfigMap\u3002
\u4e0b\u9762\u662f\u4e00\u4e2a\u5c06 ConfigMap \u4ee5\u5377\u7684\u5f62\u5f0f\u8fdb\u884c\u6302\u8f7d\u7684 Pod \u793a\u4f8b\uff1a
apiVersion: v1\nkind: Pod\nmetadata:\n name: mypod\nspec:\n containers:\n - name: mypod\n image: redis\n volumeMounts:\n - name: foo\n mountPath: \"/etc/foo\"\n readOnly: true\n volumes:\n - name: foo\n configMap:\n name: myconfigmap\n
\u5982\u679c Pod \u4e2d\u6709\u591a\u4e2a\u5bb9\u5668\uff0c\u5219\u6bcf\u4e2a\u5bb9\u5668\u90fd\u9700\u8981\u81ea\u5df1\u7684 volumeMounts \u5757\uff0c\u4f46\u9488\u5bf9\u6bcf\u4e2a ConfigMap\uff0c\u60a8\u53ea\u9700\u8981\u8bbe\u7f6e\u4e00\u4e2a spec.volumes \u5757\u3002
Note
\u5c06\u914d\u7f6e\u9879\u4f5c\u4e3a\u5bb9\u5668\u6302\u8f7d\u7684\u6570\u636e\u5377\u65f6\uff0c\u914d\u7f6e\u9879\u53ea\u80fd\u4f5c\u4e3a\u53ea\u8bfb\u6587\u4ef6\u8fdb\u884c\u8bfb\u53d6\u3002
"},{"location":"end-user/kpanda/configmaps-secrets/use-secret.html","title":"\u4f7f\u7528\u5bc6\u94a5","text":"\u5bc6\u94a5\u662f\u4e00\u79cd\u7528\u4e8e\u5b58\u50a8\u548c\u7ba1\u7406\u5bc6\u7801\u3001OAuth \u4ee4\u724c\u3001SSH\u3001TLS \u51ed\u636e\u7b49\u654f\u611f\u4fe1\u606f\u7684\u8d44\u6e90\u5bf9\u8c61\u3002\u4f7f\u7528\u5bc6\u94a5\u610f\u5473\u7740\u60a8\u4e0d\u9700\u8981\u5728\u5e94\u7528\u7a0b\u5e8f\u4ee3\u7801\u4e2d\u5305\u542b\u654f\u611f\u7684\u673a\u5bc6\u6570\u636e\u3002
"},{"location":"end-user/kpanda/configmaps-secrets/use-secret.html#_2","title":"\u4f7f\u7528\u573a\u666f","text":"\u60a8\u53ef\u4ee5\u5728 Pod \u4e2d\u4f7f\u7528\u5bc6\u94a5\uff0c\u6709\u591a\u79cd\u4f7f\u7528\u573a\u666f\uff0c\u4e3b\u8981\u5305\u62ec\uff1a
\u60a8\u53ef\u4ee5\u901a\u8fc7\u56fe\u5f62\u5316\u754c\u9762\u6216\u8005\u7ec8\u7aef\u547d\u4ee4\u884c\u6765\u4f7f\u7528\u5bc6\u94a5\u4f5c\u4e3a\u5bb9\u5668\u7684\u73af\u5883\u53d8\u91cf\u3002
Note
\u5bc6\u94a5\u5bfc\u5165\u662f\u5c06\u5bc6\u94a5\u4f5c\u4e3a\u73af\u5883\u53d8\u91cf\u7684\u503c\uff1b\u5bc6\u94a5\u952e\u503c\u5bfc\u5165\u662f\u5c06\u5bc6\u94a5\u4e2d\u67d0\u4e00\u53c2\u6570\u4f5c\u4e3a\u73af\u5883\u53d8\u91cf\u7684\u503c\u3002
"},{"location":"end-user/kpanda/configmaps-secrets/use-secret.html#_4","title":"\u56fe\u5f62\u754c\u9762\u64cd\u4f5c","text":"\u5728\u901a\u8fc7\u955c\u50cf\u521b\u5efa\u5de5\u4f5c\u8d1f\u8f7d\u65f6\uff0c\u60a8\u53ef\u4ee5\u5728 \u73af\u5883\u53d8\u91cf \u754c\u9762\u901a\u8fc7\u9009\u62e9 \u5bc6\u94a5\u5bfc\u5165 \u6216 \u5bc6\u94a5\u952e\u503c\u5bfc\u5165 \u4e3a\u5bb9\u5668\u8bbe\u7f6e\u73af\u5883\u53d8\u91cf\u3002
\u8fdb\u5165\u955c\u50cf\u521b\u5efa\u5de5\u4f5c\u8d1f\u8f7d\u9875\u9762\u3002
\u5728 \u5bb9\u5668\u914d\u7f6e \u9009\u62e9 \u73af\u5883\u53d8\u91cf \u914d\u7f6e\uff0c\u70b9\u51fb \u6dfb\u52a0\u73af\u5883\u53d8\u91cf \u6309\u94ae\u3002
\u5728\u73af\u5883\u53d8\u91cf\u7c7b\u578b\u5904\u9009\u62e9 \u5bc6\u94a5\u5bfc\u5165 \u6216 \u5bc6\u94a5\u952e\u503c\u5bfc\u5165 \u3002
\u5f53\u73af\u5883\u53d8\u91cf\u7c7b\u578b\u9009\u62e9\u4e3a \u5bc6\u94a5\u5bfc\u5165 \u65f6\uff0c\u4f9d\u6b21\u8f93\u5165 \u53d8\u91cf\u540d \u3001 \u524d\u7f00 \u3001 \u5bc6\u94a5 \u7684\u540d\u79f0\u3002
\u5f53\u73af\u5883\u53d8\u91cf\u7c7b\u578b\u9009\u62e9\u4e3a \u5bc6\u94a5\u952e\u503c\u5bfc\u5165 \u65f6\uff0c\u4f9d\u6b21\u8f93\u5165 \u53d8\u91cf\u540d \u3001 \u5bc6\u94a5 \u3001 \u952e \u7684\u540d\u79f0\u3002
\u5982\u4e0b\u4f8b\u6240\u793a\uff0c\u60a8\u53ef\u4ee5\u5728\u521b\u5efa\u5de5\u4f5c\u8d1f\u8f7d\u65f6\u5c06\u5bc6\u94a5\u8bbe\u7f6e\u4e3a\u73af\u5883\u53d8\u91cf\uff0c\u4f7f\u7528 valueFrom \u53c2\u6570\u5f15\u7528 Secret \u4e2d\u7684 Key/Value\u3002
apiVersion: v1\nkind: Pod\nmetadata:\n name: secret-env-pod\nspec:\n containers:\n - name: mycontainer\n image: redis\n env:\n - name: SECRET_USERNAME\n valueFrom:\n secretKeyRef:\n name: mysecret\n key: username\n optional: false # (1)!\n - name: SECRET_PASSWORD\n valueFrom:\n secretKeyRef:\n name: mysecret\n key: password\n optional: false # (2)!\n
\u5728\u901a\u8fc7\u955c\u50cf\u521b\u5efa\u5de5\u4f5c\u8d1f\u8f7d\u65f6\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7\u5728 \u6570\u636e\u5b58\u50a8 \u754c\u9762\u9009\u62e9\u5b58\u50a8\u7c7b\u578b\u4e3a \u5bc6\u94a5 \uff0c\u5c06\u5bc6\u94a5\u4f5c\u4e3a\u5bb9\u5668\u7684\u6570\u636e\u5377\u3002
\u8fdb\u5165\u955c\u50cf\u521b\u5efa\u5de5\u4f5c\u8d1f\u8f7d\u9875\u9762\u3002
\u5728 \u5bb9\u5668\u914d\u7f6e \u9009\u62e9 \u6570\u636e\u5b58\u50a8 \u914d\u7f6e\uff0c\u5728 \u8282\u70b9\u8def\u5f84\u6620\u5c04 \u5217\u8868\u70b9\u51fb \u6dfb\u52a0 \u6309\u94ae\u3002
\u5728\u5b58\u50a8\u7c7b\u578b\u5904\u9009\u62e9 \u5bc6\u94a5 \uff0c\u5e76\u4f9d\u6b21\u8f93\u5165 \u5bb9\u5668\u8def\u5f84 \u3001 \u5b50\u8def\u5f84 \u7b49\u4fe1\u606f\u3002
\u4e0b\u9762\u662f\u4e00\u4e2a\u901a\u8fc7\u6570\u636e\u5377\u6765\u6302\u8f7d\u540d\u4e3a mysecret \u7684 Secret \u7684 Pod \u793a\u4f8b\uff1a
apiVersion: v1\nkind: Pod\nmetadata:\n name: mypod\nspec:\n containers:\n - name: mypod\n image: redis\n volumeMounts:\n - name: foo\n mountPath: \"/etc/foo\"\n readOnly: true\n volumes:\n - name: foo\n secret:\n secretName: mysecret\n optional: false # (1)!\n
\u5982\u679c Pod \u4e2d\u5305\u542b\u591a\u4e2a\u5bb9\u5668\uff0c\u5219\u6bcf\u4e2a\u5bb9\u5668\u9700\u8981\u81ea\u5df1\u7684 volumeMounts \u5757\uff0c\u4e0d\u8fc7\u9488\u5bf9\u6bcf\u4e2a Secret \u800c\u8a00\uff0c\u53ea\u9700\u8981\u4e00\u4efd .spec.volumes
\u8bbe\u7f6e\u3002
\u60a8\u53ef\u4ee5\u901a\u8fc7\u56fe\u5f62\u5316\u754c\u9762\u6216\u8005\u7ec8\u7aef\u547d\u4ee4\u884c\u6765\u4f7f\u7528\u5bc6\u94a5\u4f5c\u4e3a\u955c\u50cf\u4ed3\u5e93\u8eab\u4efd\u8ba4\u8bc1\u51ed\u8bc1\u3002
"},{"location":"end-user/kpanda/configmaps-secrets/use-secret.html#_8","title":"\u56fe\u5f62\u5316\u64cd\u4f5c","text":"\u5728\u901a\u8fc7\u955c\u50cf\u521b\u5efa\u5de5\u4f5c\u8d1f\u8f7d\u65f6\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7\u5728 \u6570\u636e\u5b58\u50a8 \u754c\u9762\u9009\u62e9\u5b58\u50a8\u7c7b\u578b\u4e3a \u5bc6\u94a5 \uff0c\u5c06\u5bc6\u94a5\u4f5c\u4e3a\u5bb9\u5668\u7684\u6570\u636e\u5377\u3002
\u8fdb\u5165\u955c\u50cf\u521b\u5efa\u5de5\u4f5c\u8d1f\u8f7d\u9875\u9762\u3002
\u5728\u7b2c\u4e8c\u6b65 \u5bb9\u5668\u914d\u7f6e \u65f6\u9009\u62e9 \u57fa\u672c\u4fe1\u606f \u914d\u7f6e\uff0c\u70b9\u51fb \u9009\u62e9\u955c\u50cf \u6309\u94ae\u3002
\u5728\u5f39\u6846\u7684 \u955c\u50cf\u4ed3\u5e93 \u4e0b\u62c9\u9009\u62e9\u79c1\u6709\u955c\u50cf\u4ed3\u5e93\u540d\u79f0\u3002\u5173\u4e8e\u79c1\u6709\u955c\u50cf\u5bc6\u94a5\u521b\u5efa\u8bf7\u67e5\u770b\u521b\u5efa\u5bc6\u94a5\u4e86\u89e3\u8be6\u60c5\u3002
\u8f93\u5165\u79c1\u6709\u4ed3\u5e93\u5185\u7684\u955c\u50cf\u540d\u79f0\uff0c\u70b9\u51fb \u786e\u5b9a \uff0c\u5b8c\u6210\u955c\u50cf\u9009\u62e9\u3002
Note
\u521b\u5efa\u5bc6\u94a5\u65f6\uff0c\u9700\u8981\u786e\u4fdd\u8f93\u5165\u6b63\u786e\u7684\u955c\u50cf\u4ed3\u5e93\u5730\u5740\u3001\u7528\u6237\u540d\u79f0\u3001\u5bc6\u7801\u5e76\u9009\u62e9\u6b63\u786e\u7684\u955c\u50cf\u540d\u79f0\uff0c\u5426\u5219\u5c06\u65e0\u6cd5\u83b7\u53d6\u955c\u50cf\u4ed3\u5e93\u4e2d\u7684\u955c\u50cf\u3002
"},{"location":"end-user/kpanda/custom-resources/create.html","title":"\u521b\u5efa\u81ea\u5b9a\u4e49\u8d44\u6e90 (CRD)","text":"\u5728 Kubernetes \u4e2d\u4e00\u5207\u5bf9\u8c61\u90fd\u88ab\u62bd\u8c61\u4e3a\u8d44\u6e90\uff0c\u5982 Pod\u3001Deployment\u3001Service\u3001Volume \u7b49\u662f Kubernetes \u63d0\u4f9b\u7684\u9ed8\u8ba4\u8d44\u6e90\uff0c \u8fd9\u4e3a\u6211\u4eec\u7684\u65e5\u5e38\u8fd0\u7ef4\u548c\u7ba1\u7406\u5de5\u4f5c\u63d0\u4f9b\u4e86\u91cd\u8981\u652f\u6491\uff0c\u4f46\u662f\u5728\u4e00\u4e9b\u7279\u6b8a\u7684\u573a\u666f\u4e2d\uff0c\u73b0\u6709\u7684\u9884\u7f6e\u8d44\u6e90\u5e76\u4e0d\u80fd\u6ee1\u8db3\u4e1a\u52a1\u7684\u9700\u8981\uff0c \u56e0\u6b64\u6211\u4eec\u5e0c\u671b\u53bb\u6269\u5c55 Kubernetes API \u7684\u80fd\u529b\uff0c\u81ea\u5b9a\u4e49\u8d44\u6e90\uff08CustomResourceDefinition, CRD\uff09\u6b63\u662f\u57fa\u4e8e\u8fd9\u6837\u7684\u9700\u6c42\u5e94\u8fd0\u800c\u751f\u3002
\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u652f\u6301\u5bf9\u81ea\u5b9a\u4e49\u8d44\u6e90\u7684\u754c\u9762\u5316\u7ba1\u7406\uff0c\u4e3b\u8981\u529f\u80fd\u5982\u4e0b\uff1a
\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u5df2\u63a5\u5165 Kubernetes \u96c6\u7fa4\u6216\u8005\u5df2\u521b\u5efa Kubernetes\uff0c\u4e14\u80fd\u591f\u8bbf\u95ee\u96c6\u7fa4\u7684 UI \u754c\u9762
\u5df2\u5b8c\u6210\u4e00\u4e2a\u547d\u540d\u7a7a\u95f4\u7684\u521b\u5efa\u3001\u7528\u6237\u7684\u521b\u5efa\uff0c\u5e76\u5c06\u7528\u6237\u6388\u6743\u4e3a Cluster Admin \u89d2\u8272 \uff0c\u8be6\u60c5\u53ef\u53c2\u8003\u96c6\u7fa4\u548c\u547d\u540d\u7a7a\u95f4\u6388\u6743
\u70b9\u51fb\u4e00\u4e2a\u96c6\u7fa4\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\uff0c\u70b9\u51fb \u81ea\u5b9a\u4e49\u8d44\u6e90 \uff0c\u70b9\u51fb\u53f3\u4e0a\u89d2 YAML \u521b\u5efa \u6309\u94ae\u3002
\u5728 YAML \u521b\u5efa \u9875\u9762\u4e2d\uff0c\u586b\u5199 YAML \u8bed\u53e5\u540e\uff0c\u70b9\u51fb \u786e\u5b9a \u3002
\u8fd4\u56de\u81ea\u5b9a\u4e49\u8d44\u6e90\u5217\u8868\u9875\uff0c\u5373\u53ef\u67e5\u770b\u521a\u521a\u521b\u5efa\u7684\u540d\u4e3a crontabs.stable.example.com
\u7684\u81ea\u5b9a\u4e49\u8d44\u6e90\u3002
\u81ea\u5b9a\u4e49\u8d44\u6e90\u793a\u4f8b\uff1a
CRD exampleapiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: crontabs.stable.example.com\nspec:\n group: stable.example.com\n versions:\n - name: v1\n served: true\n storage: true\n schema:\n openAPIV3Schema:\n type: object\n properties:\n spec:\n type: object\n properties:\n cronSpec:\n type: string\n image:\n type: string\n replicas:\n type: integer\n scope: Namespaced\n names:\n plural: crontabs\n singular: crontab\n kind: CronTab\n shortNames:\n - ct\n
"},{"location":"end-user/kpanda/custom-resources/create.html#yaml_1","title":"\u901a\u8fc7 YAML \u521b\u5efa\u81ea\u5b9a\u4e49\u8d44\u6e90\u793a\u4f8b","text":"\u70b9\u51fb\u4e00\u4e2a\u96c6\u7fa4\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\uff0c\u70b9\u51fb \u81ea\u5b9a\u4e49\u8d44\u6e90 \uff0c\u8fdb\u5165\u81ea\u5b9a\u4e49\u8d44\u6e90\u5217\u8868\u9875\u9762\u3002
\u70b9\u51fb\u540d\u4e3a crontabs.stable.example.com
\u7684\u81ea\u5b9a\u4e49\u8d44\u6e90\uff0c\u8fdb\u5165\u8be6\u60c5\uff0c\u70b9\u51fb\u53f3\u4e0a\u89d2 YAML \u521b\u5efa \u6309\u94ae\u3002
\u5728 YAML \u521b\u5efa \u9875\u9762\u4e2d\uff0c\u586b\u5199 YAML \u8bed\u53e5\u540e\uff0c\u70b9\u51fb \u786e\u5b9a \u3002
\u8fd4\u56de crontabs.stable.example.com
\u7684\u8be6\u60c5\u9875\u9762\uff0c\u5373\u53ef\u67e5\u770b\u521a\u521a\u521b\u5efa\u7684\u540d\u4e3a my-new-cron-object \u7684\u81ea\u5b9a\u4e49\u8d44\u6e90\u3002
CR \u793a\u4f8b\uff1a
CR exampleapiVersion: \"stable.example.com/v1\"\nkind: CronTab\nmetadata:\n name: my-new-cron-object\nspec:\n cronSpec: \"* * * * */5\"\n image: my-awesome-cron-image\n
"},{"location":"end-user/kpanda/gpu/index.html","title":"GPU \u7ba1\u7406\u6982\u8ff0","text":"\u672c\u6587\u4ecb\u7ecd \u7b97\u4e30 AI \u7b97\u529b\u5bb9\u5668\u7ba1\u7406\u5e73\u53f0\u5bf9 GPU\u4e3a\u4ee3\u8868\u7684\u5f02\u6784\u8d44\u6e90\u7edf\u4e00\u8fd0\u7ef4\u7ba1\u7406\u80fd\u529b\u3002
"},{"location":"end-user/kpanda/gpu/index.html#_1","title":"\u80cc\u666f","text":"\u968f\u7740 AI \u5e94\u7528\u3001\u5927\u6a21\u578b\u3001\u4eba\u5de5\u667a\u80fd\u3001\u81ea\u52a8\u9a7e\u9a76\u7b49\u65b0\u5174\u6280\u672f\u7684\u5feb\u901f\u53d1\u5c55\uff0c\u4f01\u4e1a\u9762\u4e34\u7740\u8d8a\u6765\u8d8a\u591a\u7684\u8ba1\u7b97\u5bc6\u96c6\u578b\u4efb\u52a1\u548c\u6570\u636e\u5904\u7406\u9700\u6c42\u3002 \u4ee5 CPU \u4e3a\u4ee3\u8868\u7684\u4f20\u7edf\u8ba1\u7b97\u67b6\u6784\u5df2\u65e0\u6cd5\u6ee1\u8db3\u4f01\u4e1a\u65e5\u76ca\u589e\u957f\u7684\u8ba1\u7b97\u9700\u6c42\u3002\u6b64\u65f6\uff0c\u4ee5 GPU \u4e3a\u4ee3\u8868\u7684\u5f02\u6784\u8ba1\u7b97\u56e0\u5728\u5904\u7406\u5927\u89c4\u6a21\u6570\u636e\u3001\u8fdb\u884c\u590d\u6742\u8ba1\u7b97\u548c\u5b9e\u65f6\u56fe\u5f62\u6e32\u67d3\u65b9\u9762\u5177\u6709\u72ec\u7279\u7684\u4f18\u52bf\u88ab\u5e7f\u6cdb\u5e94\u7528\u3002
\u4e0e\u6b64\u540c\u65f6\uff0c\u7531\u4e8e\u7f3a\u4e4f\u5f02\u6784\u8d44\u6e90\u8c03\u5ea6\u7ba1\u7406\u7b49\u65b9\u9762\u7684\u7ecf\u9a8c\u548c\u4e13\u4e1a\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u5bfc\u81f4\u4e86 GPU \u8bbe\u5907\u7684\u8d44\u6e90\u5229\u7528\u7387\u6781\u4f4e\uff0c\u7ed9\u4f01\u4e1a\u5e26\u6765\u4e86\u9ad8\u6602\u7684 AI \u751f\u4ea7\u6210\u672c\u3002 \u5982\u4f55\u964d\u672c\u589e\u6548\uff0c\u63d0\u9ad8 GPU \u7b49\u5f02\u6784\u8d44\u6e90\u7684\u5229\u7528\u6548\u7387\uff0c\u6210\u4e3a\u4e86\u5f53\u524d\u4f17\u591a\u4f01\u4e1a\u4e9f\u9700\u8de8\u8d8a\u7684\u4e00\u9053\u96be\u9898\u3002
"},{"location":"end-user/kpanda/gpu/index.html#gpu_1","title":"GPU \u80fd\u529b\u4ecb\u7ecd","text":"\u7b97\u4e30 AI \u7b97\u529b\u5bb9\u5668\u7ba1\u7406\u5e73\u53f0\u652f\u6301\u5bf9 GPU\u3001NPU \u7b49\u5f02\u6784\u8d44\u6e90\u8fdb\u884c\u7edf\u4e00\u8c03\u5ea6\u548c\u8fd0\u7ef4\u7ba1\u7406\uff0c\u5145\u5206\u91ca\u653e GPU \u8d44\u6e90\u7b97\u529b\uff0c\u52a0\u901f\u4f01\u4e1a AI \u7b49\u65b0\u5174\u5e94\u7528\u53d1\u5c55\u3002GPU \u7ba1\u7406\u80fd\u529b\u5982\u4e0b\uff1a
\u540c\u666e\u901a\u8ba1\u7b97\u673a\u786c\u4ef6\u4e00\u6837\uff0cNVIDIA GPU \u5361\u4f5c\u4e3a\u7269\u7406\u786c\u4ef6\uff0c\u5fc5\u987b\u5b89\u88c5 NVIDIA GPU \u9a71\u52a8\u540e\u624d\u80fd\u4f7f\u7528\u3002 \u4e3a\u4e86\u964d\u4f4e\u7528\u6237\u5728 kuberneets \u4e0a\u4f7f\u7528 GPU \u7684\u6210\u672c\uff0cNVIDIA \u5b98\u65b9\u63d0\u4f9b\u4e86 NVIDIA GPU Operator \u7ec4\u4ef6\u6765\u7ba1\u7406\u4f7f\u7528 NVIDIA GPU \u6240\u4f9d\u8d56\u7684\u5404\u79cd\u7ec4\u4ef6\u3002 \u8fd9\u4e9b\u7ec4\u4ef6\u5305\u62ec NVIDIA \u9a71\u52a8\u7a0b\u5e8f\uff08\u7528\u4e8e\u542f\u7528 CUDA\uff09\u3001NVIDIA \u5bb9\u5668\u8fd0\u884c\u65f6\u3001GPU \u8282\u70b9\u6807\u8bb0\u3001\u57fa\u4e8e DCGM \u7684\u76d1\u63a7\u7b49\u3002 \u7406\u8bba\u4e0a\u6765\u8bf4\u7528\u6237\u53ea\u9700\u8981\u5c06 GPU \u5361\u63d2\u5728\u5df2\u7ecf\u88ab kubernetes \u6240\u7eb3\u7ba1\u7684\u8ba1\u7b97\u8bbe\u5907\u4e0a\uff0c\u7136\u540e\u901a\u8fc7 GPU Operator \u5c31\u80fd\u4f7f\u7528 NVIDIA GPU \u7684\u6240\u6709\u80fd\u529b\u4e86\u3002 \u4e86\u89e3\u66f4\u591a NVIDIA GPU Operator \u76f8\u5173\u4fe1\u606f\uff0c\u8bf7\u53c2\u8003 NVIDIA \u5b98\u65b9\u6587\u6863\u3002 \u5982\u4f55\u90e8\u7f72\u8bf7\u53c2\u8003 GPU Operator \u79bb\u7ebf\u5b89\u88c5
NVIDIA GPU Operator \u67b6\u6784\u56fe\uff1a
"},{"location":"end-user/kpanda/gpu/FAQ.html","title":"GPU \u76f8\u5173 FAQ","text":""},{"location":"end-user/kpanda/gpu/FAQ.html#pod-nvidia-smi-gpu","title":"Pod \u5185 nvidia-smi \u770b\u4e0d\u5230 GPU \u8fdb\u7a0b","text":"Q: \u5728\u4f7f\u7528 GPU \u7684 Pod \u5185\u6267\u884c nvidia-smi
\u547d\u4ee4\u770b\u4e0d\u5230\u4f7f\u7528 GPU \u7684\u8fdb\u7a0b\u4fe1\u606f\uff0c\u5305\u62ec\u6574\u5361\u6a21\u5f0f\u3001vGPU \u6a21\u5f0f\u7b49\u3002
A: \u56e0\u4e3a\u6709 PID namespace
\u9694\u79bb\uff0c\u5bfc\u81f4\u5728 Pod \u5185\u67e5\u770b\u4e0d\u5230 GPU \u8fdb\u7a0b\uff0c\u5982\u679c\u8981\u67e5\u770b GPU \u8fdb\u7a0b\u6709\u5982\u4e0b\u51e0\u79cd\u65b9\u6cd5\uff1a
hostPID: true
\uff0c\u4f7f\u5176\u53ef\u4ee5\u67e5\u770b\u5230\u5bbf\u4e3b\u673a\u4e0a\u7684 PIDnvidia-smi
\u547d\u4ee4\u67e5\u770b\u8fdb\u7a0bchroot /run/nvidia/driver nvidia-smi
\u547d\u4ee4\u67e5\u770b\u8fdb\u7a0b\u672c\u8282\u4ecb\u7ecd\u5982\u4f55\u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4f7f\u7528\u5929\u6570\u667a\u82af\u865a\u62df GPU\u3002
"},{"location":"end-user/kpanda/gpu/Iluvatar_usage.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u786e\u8ba4\u96c6\u7fa4\u662f\u5426\u5df2\u68c0\u6d4b GPU \u5361\u3002\u70b9\u51fb\u5bf9\u5e94 \u96c6\u7fa4 -> \u96c6\u7fa4\u8bbe\u7f6e -> Addon \u63d2\u4ef6 \uff0c\u67e5\u770b\u662f\u5426\u5df2\u81ea\u52a8\u542f\u7528\u5e76\u81ea\u52a8\u68c0\u6d4b\u5bf9\u5e94 GPU \u7c7b\u578b\u3002 \u76ee\u524d\u96c6\u7fa4\u4f1a\u81ea\u52a8\u542f\u7528 GPU \uff0c\u5e76\u4e14\u8bbe\u7f6e GPU \u7c7b\u578b\u4e3a Iluvatar \u3002
\u90e8\u7f72\u5de5\u4f5c\u8d1f\u8f7d\u3002\u70b9\u51fb\u5bf9\u5e94 \u96c6\u7fa4 -> \u5de5\u4f5c\u8d1f\u8f7d \uff0c\u901a\u8fc7\u955c\u50cf\u65b9\u5f0f\u90e8\u7f72\u5de5\u4f5c\u8d1f\u8f7d\uff0c\u9009\u62e9\u7c7b\u578b\uff08Iluvatar\uff09\u4e4b\u540e\uff0c\u9700\u8981\u914d\u7f6e App \u4f7f\u7528\u7684 GPU \u8d44\u6e90\uff1a
\u5982\u679c\u4e0a\u8ff0\u503c\u914d\u7f6e\u7684\u6709\u95ee\u9898\u5219\u4f1a\u51fa\u73b0\u8c03\u5ea6\u5931\u8d25\uff0c\u8d44\u6e90\u5206\u914d\u4e0d\u4e86\u7684\u60c5\u51b5\u3002
\u521b\u5efa\u5de5\u4f5c\u8d1f\u8f7d\u7533\u8bf7 GPU \u8d44\u6e90\uff0c\u5728\u8d44\u6e90\u7533\u8bf7\u548c\u9650\u5236\u914d\u7f6e\u4e2d\u589e\u52a0iluvatar.ai/vcuda-core: 1
\u3001iluvatar.ai/vcuda-memory: 200
\u53c2\u6570\uff0c\u914d\u7f6e App \u4f7f\u7528\u7269\u7406\u5361\u7684\u8d44\u6e90\u3002
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: full-iluvatar-gpu-demo\n namespace: default\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: full-iluvatar-gpu-demo\n template:\n metadata:\n labels:\n app: full-iluvatar-gpu-demo\n spec:\n containers:\n - image: nginx:perl\n name: container-0\n resources:\n limits:\n cpu: 250m\n iluvatar.ai/vcuda-core: '1'\n iluvatar.ai/vcuda-memory: '200'\n memory: 512Mi\n requests:\n cpu: 250m\n memory: 512Mi\n imagePullSecrets:\n - name: default-secret\n
"},{"location":"end-user/kpanda/gpu/dynamic-regulation.html","title":"GPU \u8d44\u6e90\u52a8\u6001\u8c03\u8282","text":"\u63d0\u4f9b GPU \u8d44\u6e90\u52a8\u6001\u8c03\u6574\u529f\u80fd\uff0c\u5141\u8bb8\u60a8\u5728\u65e0\u9700\u91cd\u65b0\u52a0\u8f7d\u3001\u91cd\u7f6e\u6216\u91cd\u542f\u6574\u4e2a\u8fd0\u884c\u73af\u5883\u7684\u60c5\u51b5\u4e0b\uff0c\u5bf9\u5df2\u7ecf\u5206\u914d\u7684 vGPU \u8d44\u6e90\u8fdb\u884c\u5b9e\u65f6\u3001\u52a8\u6001\u7684\u8c03\u6574\u3002 \u8fd9\u4e00\u529f\u80fd\u65e8\u5728\u6700\u5927\u7a0b\u5ea6\u5730\u51cf\u5c11\u5bf9\u4e1a\u52a1\u8fd0\u884c\u7684\u5f71\u54cd\uff0c\u786e\u4fdd\u60a8\u7684\u4e1a\u52a1\u80fd\u591f\u6301\u7eed\u7a33\u5b9a\u5730\u8fd0\u884c\uff0c\u540c\u65f6\u6839\u636e\u5b9e\u9645\u9700\u6c42\u7075\u6d3b\u8c03\u6574 GPU \u8d44\u6e90\u3002
"},{"location":"end-user/kpanda/gpu/dynamic-regulation.html#_1","title":"\u4f7f\u7528\u573a\u666f","text":"\u4ee5\u4e0b\u662f\u4e00\u4e2a\u5177\u4f53\u7684\u64cd\u4f5c\u793a\u4f8b\uff0c\u5c55\u793a\u5982\u4f55\u5728\u4e0d\u91cd\u542f vGPU Pod \u7684\u60c5\u51b5\u4e0b\u52a8\u6001\u8c03\u6574 vGPU \u7684\u7b97\u529b\u548c\u663e\u5b58\u8d44\u6e90\uff1a
"},{"location":"end-user/kpanda/gpu/dynamic-regulation.html#vgpu-pod","title":"\u521b\u5efa\u4e00\u4e2a vGPU Pod","text":"\u9996\u5148\uff0c\u6211\u4eec\u4f7f\u7528\u4ee5\u4e0b YAML \u521b\u5efa\u4e00\u4e2a vGPU Pod\uff0c\u5176\u7b97\u529b\u521d\u59cb\u4e0d\u9650\u5236\uff0c\u663e\u5b58\u9650\u5236\u4e3a 200Mb\u3002
kind: Deployment\napiVersion: apps/v1\nmetadata:\n name: gpu-burn-test\n namespace: default\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: gpu-burn-test\n template:\n metadata:\n creationTimestamp: null\n labels:\n app: gpu-burn-test\n spec:\n containers:\n - name: container-1\n image: docker.io/chrstnhntschl/gpu_burn:latest\n command:\n - sleep\n - '100000'\n resources:\n limits:\n cpu: 1m\n memory: 1Gi\n nvidia.com/gpucores: '0'\n nvidia.com/gpumem: '200'\n nvidia.com/vgpu: '1'\n
\u8c03\u6574\u524d\u67e5\u770b Pod
\u4e2d\u7684\u8d44\u6e90 GPU
\u5206\u914d\u8d44\u6e90\uff1a
\u5982\u679c\u9700\u8981\u4fee\u6539\u7b97\u529b\u4e3a 10%\uff0c\u53ef\u4ee5\u6309\u7167\u4ee5\u4e0b\u6b65\u9aa4\u64cd\u4f5c\uff1a
\u8fdb\u5165\u5bb9\u5668\uff1a
kubectl exec -it <pod-name> -- /bin/bash\n
\u6267\u884c\uff1a
export CUDA_DEVICE_SM_LIMIT=10\n
\u5728\u5f53\u524d\u7ec8\u7aef\u76f4\u63a5\u8fd0\u884c\uff1a
./gpu_burn 60\n
\u7a0b\u5e8f\u5373\u53ef\u751f\u6548\u3002\u6ce8\u610f\uff0c\u4e0d\u80fd\u9000\u51fa\u5f53\u524d Bash \u7ec8\u7aef\u3002
\u5982\u679c\u9700\u8981\u4fee\u6539\u663e\u5b58\u4e3a 300 MB\uff0c\u53ef\u4ee5\u6309\u7167\u4ee5\u4e0b\u6b65\u9aa4\u64cd\u4f5c\uff1a
\u8fdb\u5165\u5bb9\u5668\uff1a
kubectl exec -it <pod-name> -- /bin/bash\n
\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u6765\u8bbe\u7f6e\u663e\u5b58\u9650\u5236\uff1a
export CUDA_DEVICE_MEMORY_LIMIT_0=300m\nexport CUDA_DEVICE_MEMORY_SHARED_CACHE=/usr/local/vgpu/d.cache\n
Note
\u6bcf\u6b21\u4fee\u6539\u663e\u5b58\u5927\u5c0f\u65f6\uff0cd.cache
\u8fd9\u4e2a\u6587\u4ef6\u540d\u5b57\u90fd\u9700\u8981\u4fee\u6539\uff0c\u6bd4\u5982\u6539\u4e3a a.cache
\u30011.cache
\u7b49\uff0c\u4ee5\u907f\u514d\u7f13\u5b58\u51b2\u7a81\u3002
\u5728\u5f53\u524d\u7ec8\u7aef\u76f4\u63a5\u8fd0\u884c\uff1a
./gpu_burn 60\n
\u7a0b\u5e8f\u5373\u53ef\u751f\u6548\u3002\u540c\u6837\u5730\uff0c\u4e0d\u80fd\u9000\u51fa\u5f53\u524d Bash \u7ec8\u7aef\u3002
\u8c03\u6574\u540e\u67e5\u770b Pod
\u4e2d\u7684\u8d44\u6e90 GPU
\u5206\u914d\u8d44\u6e90\uff1a
\u901a\u8fc7\u4e0a\u8ff0\u6b65\u9aa4\uff0c\u60a8\u53ef\u4ee5\u5728\u4e0d\u91cd\u542f vGPU Pod \u7684\u60c5\u51b5\u4e0b\u52a8\u6001\u5730\u8c03\u6574\u5176\u7b97\u529b\u548c\u663e\u5b58\u8d44\u6e90\uff0c\u4ece\u800c\u66f4\u7075\u6d3b\u5730\u6ee1\u8db3\u4e1a\u52a1\u9700\u6c42\u5e76\u4f18\u5316\u8d44\u6e90\u5229\u7528\u3002
"},{"location":"end-user/kpanda/gpu/gpu_matrix.html","title":"GPU \u652f\u6301\u77e9\u9635","text":"\u672c\u9875\u8bf4\u660e\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u652f\u6301\u7684 GPU \u53ca\u64cd\u4f5c\u7cfb\u7edf\u6240\u5bf9\u5e94\u7684\u77e9\u9635\u3002
"},{"location":"end-user/kpanda/gpu/gpu_matrix.html#nvidia-gpu","title":"NVIDIA GPU","text":"GPU \u5382\u5546\u53ca\u7c7b\u578b \u652f\u6301 GPU \u578b\u53f7 \u9002\u914d\u7684\u64cd\u4f5c\u7cfb\u7edf\uff08\u5728\u7ebf\uff09 \u63a8\u8350\u5185\u6838 \u63a8\u8350\u7684\u64cd\u4f5c\u7cfb\u7edf\u53ca\u5185\u6838 \u5b89\u88c5\u6587\u6863 NVIDIA GPU\uff08\u6574\u5361/vGPU\uff09 NVIDIA Fermi (2.1) \u67b6\u6784 CentOS 7 Kernel 3.10.0-123 ~ 3.10.0-1160\u5185\u6838\u53c2\u8003\u6587\u6863\u5efa\u8bae\u4f7f\u7528\u64cd\u4f5c\u7cfb\u7edf\u5bf9\u5e94 Kernel \u7248\u672c \u64cd\u4f5c\u7cfb\u7edf\uff1aCentOS 7.9\uff1b\u5185\u6838\u7248\u672c\uff1a 3.10.0-1160 GPU Operator \u79bb\u7ebf\u5b89\u88c5 NVIDIA GeForce 400 \u7cfb\u5217 CentOS 8 Kernel 4.18.0-80 ~ 4.18.0-348 NVIDIA Quadro 4000 \u7cfb\u5217 Ubuntu 20.04 Kernel 5.4 NVIDIA Tesla 20 \u7cfb\u5217 Ubuntu 22.04 Kernel 5.19 NVIDIA Ampere \u67b6\u6784\u7cfb\u5217(A100;A800;H100) RHEL 7 Kernel 3.10.0-123 ~ 3.10.0-1160 RHEL 8 Kernel 4.18.0-80 ~ 4.18.0-348 NVIDIA MIG NVIDIA Ampere \u67b6\u6784\u7cfb\u5217\uff08A100\u3001A800\u3001H100\uff09 CentOS 7 Kernel 3.10.0-123 ~ 3.10.0-1160 \u64cd\u4f5c\u7cfb\u7edf\uff1aCentOS 7.9\uff1b\u5185\u6838\u7248\u672c\uff1a3.10.0-1160 GPU Operator \u79bb\u7ebf\u5b89\u88c5 CentOS 8 Kernel 4.18.0-80 ~ 4.18.0-348 Ubuntu 20.04 Kernel 5.4 Ubuntu 22.04 Kernel 5.19 RHEL 7 Kernel 3.10.0-123 ~ 3.10.0-1160 RHEL 8 Kernel 4.18.0-80 ~ 4.18.0-348"},{"location":"end-user/kpanda/gpu/gpu_matrix.html#ascendnpu","title":"\u6607\u817e\uff08Ascend\uff09NPU","text":"GPU \u5382\u5546\u53ca\u7c7b\u578b \u652f\u6301 NPU \u578b\u53f7 \u9002\u914d\u7684\u64cd\u4f5c\u7cfb\u7edf\uff08\u5728\u7ebf\uff09 \u63a8\u8350\u5185\u6838 \u63a8\u8350\u7684\u64cd\u4f5c\u7cfb\u7edf\u53ca\u5185\u6838 \u5b89\u88c5\u6587\u6863 \u6607\u817e\uff08Ascend 310\uff09 Ascend 310 Ubuntu 20.04 \u8be6\u60c5\u53c2\u8003\uff1a\u5185\u6838\u7248\u672c\u8981\u6c42 \u64cd\u4f5c\u7cfb\u7edf\uff1aCentOS 7.9\uff1b\u5185\u6838\u7248\u672c\uff1a3.10.0-1160 300 \u548c 310P \u9a71\u52a8\u6587\u6863 Ascend 310P\uff1b CentOS 7.6 CentOS 8.2 KylinV10SP1 \u64cd\u4f5c\u7cfb\u7edf openEuler \u64cd\u4f5c\u7cfb\u7edf \u6607\u817e\uff08Ascend 910\uff09 Ascend 910B Ubuntu 20.04 \u8be6\u60c5\u53c2\u8003\u5185\u6838\u7248\u672c\u8981\u6c42 \u64cd\u4f5c\u7cfb\u7edf\uff1aCentOS 7.9\uff1b\u5185\u6838\u7248\u672c\uff1a3.10.0-1160 910 \u9a71\u52a8\u6587\u6863 CentOS 7.6 CentOS 8.2 KylinV10SP1 \u64cd\u4f5c\u7cfb\u7edf openEuler \u64cd\u4f5c\u7cfb\u7edf"},{"location":"end-user/kpanda/gpu/gpu_matrix.html#iluvatargpu","title":"\u5929\u6570\u667a\u82af\uff08Iluvatar\uff09GPU","text":"GPU \u5382\u5546\u53ca\u7c7b\u578b \u652f\u6301\u7684 GPU \u578b\u53f7 \u9002\u914d\u7684\u64cd\u4f5c\u7cfb\u7edf\uff08\u5728\u7ebf\uff09 \u63a8\u8350\u5185\u6838 \u63a8\u8350\u7684\u64cd\u4f5c\u7cfb\u7edf\u53ca\u5185\u6838 \u5b89\u88c5\u6587\u6863 \u5929\u6570\u667a\u82af(Iluvatar vGPU) BI100 CentOS 7 Kernel 3.10.0-957.el7.x86_64 ~ 3.10.0-1160.42.2.el7.x86_64 \u64cd\u4f5c\u7cfb\u7edf\uff1aCentOS 7.9\uff1b\u5185\u6838\u7248\u672c\uff1a 3.10.0-1160 \u8865\u5145\u4e2d MR100\uff1b CentOS 8 Kernel 4.18.0-80.el8.x86_64 ~ 4.18.0-305.19.1.el8_4.x86_64 Ubuntu 20.04 Kernel 4.15.0-20-generic ~ 4.15.0-160-generic Kernel 5.4.0-26-generic ~ 5.4.0-89-generic Kernel 5.8.0-23-generic ~ 5.8.0-63-generic Ubuntu 21.04 Kernel 4.15.0-20-generic ~ 4.15.0-160-generic Kernel 5.4.0-26-generic ~ 5.4.0-89-generic Kernel 5.8.0-23-generic ~ 5.8.0-63-generic openEuler 22.03 LTS Kernel \u7248\u672c\u5927\u4e8e\u7b49\u4e8e 5.1 \u4e14\u5c0f\u4e8e\u7b49\u4e8e 5.10"},{"location":"end-user/kpanda/gpu/gpu_matrix.html#metaxgpu","title":"\u6c90\u66e6\uff08Metax\uff09GPU","text":"GPU \u5382\u5546\u53ca\u7c7b\u578b \u652f\u6301\u7684 GPU \u578b\u53f7 \u9002\u914d\u7684\u64cd\u4f5c\u7cfb\u7edf\uff08\u5728\u7ebf\uff09 \u63a8\u8350\u5185\u6838 \u63a8\u8350\u7684\u64cd\u4f5c\u7cfb\u7edf\u53ca\u5185\u6838 \u5b89\u88c5\u6587\u6863 \u6c90\u66e6Metax\uff08\u6574\u5361/vGPU\uff09 \u66e6\u4e91 C500 \u6c90\u66e6 GPU \u5b89\u88c5\u4f7f\u7528"},{"location":"end-user/kpanda/gpu/gpu_scheduler_config.html","title":"GPU \u8c03\u5ea6\u914d\u7f6e\uff08Binpack \u548c Spread \uff09","text":"\u672c\u6587\u4ecb\u7ecd\u4f7f\u7528 NVIDIA vGPU \u65f6\uff0c\u5982\u4f55\u901a\u8fc7 Binpack \u548c Spread \u7684 GPU \u8c03\u5ea6\u914d\u7f6e\u51cf\u5c11 GPU \u8d44\u6e90\u788e\u7247\u3001\u9632\u6b62\u5355\u70b9\u6545\u969c\u7b49\uff0c\u5b9e\u73b0 vGPU \u7684\u9ad8\u7ea7\u8c03\u5ea6\u3002 \u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u63d0\u4f9b\u4e86\u96c6\u7fa4\u548c\u5de5\u4f5c\u8d1f\u8f7d\u4e24\u79cd\u7ef4\u5ea6\u7684 Binpack \u548c Spread \u8c03\u5ea6\u7b56\u7565\uff0c\u5206\u522b\u6ee1\u8db3\u4e0d\u540c\u573a\u666f\u4e0b\u7684\u4f7f\u7528\u9700\u6c42\u3002
"},{"location":"end-user/kpanda/gpu/gpu_scheduler_config.html#_1","title":"\u524d\u7f6e\u6761\u4ef6","text":"\u57fa\u4e8e GPU \u5361\u7ef4\u5ea6\u8c03\u5ea6\u7b56\u7565
\u57fa\u4e8e\u8282\u70b9\u7ef4\u5ea6\u7684\u8c03\u5ea6\u7b56\u7565
Note
\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u5de5\u4f5c\u8d1f\u8f7d\u4f1a\u9075\u5faa\u96c6\u7fa4\u7ea7\u522b\u7684 Binpack \u548c Spread \u8c03\u5ea6\u914d\u7f6e\u3002 \u82e5\u5de5\u4f5c\u8d1f\u8f7d\u5355\u72ec\u8bbe\u7f6e\u4e86\u4e0e\u96c6\u7fa4\u4e0d\u4e00\u81f4\u7684 Binpack \u548c Spread \u8c03\u5ea6\u7b56\u7565\uff0c\u5219\u8be5\u5de5\u4f5c\u8d1f\u8f7d\u4f18\u5148\u9075\u5faa\u5176\u672c\u8eab\u7684\u8c03\u5ea6\u7b56\u7565\u3002
\u5728 \u96c6\u7fa4\u5217\u8868 \u9875\u9009\u62e9\u9700\u8981\u8c03\u6574 Binpack \u548c Spread \u8c03\u5ea6\u7b56\u7565\u7684\u96c6\u7fa4\uff0c\u70b9\u51fb\u53f3\u4fa7\u7684 \u2507 \u64cd\u4f5c\u56fe\u6807\u5e76\u5728\u4e0b\u62c9\u5217\u8868\u4e2d\u70b9\u51fb GPU \u8c03\u5ea6\u914d\u7f6e \u3002
\u6839\u636e\u4e1a\u52a1\u573a\u666f\u8c03\u6574 GPU \u8c03\u5ea6\u914d\u7f6e\uff0c\u5e76\u70b9\u51fb \u786e\u5b9a \u540e\u4fdd\u5b58\u3002
Note
\u5f53\u5de5\u4f5c\u8d1f\u8f7d\u7ef4\u5ea6\u7684 Binpack \u548c Spread \u8c03\u5ea6\u7b56\u7565\u4e0e\u96c6\u7fa4\u7ea7\u522b\u7684\u914d\u7f6e\u51b2\u7a81\u65f6\uff0c\u4f18\u5148\u9075\u5faa\u5de5\u4f5c\u8d1f\u8f7d\u7ef4\u5ea6\u7684\u914d\u7f6e\u3002
\u53c2\u8003\u4ee5\u4e0b\u6b65\u9aa4\uff0c\u4f7f\u7528\u955c\u50cf\u521b\u5efa\u4e00\u4e2a\u65e0\u72b6\u6001\u8d1f\u8f7d\uff0c\u5e76\u5728\u5de5\u4f5c\u8d1f\u8f7d\u4e2d\u914d\u7f6e Binpack \u548c Spread \u8c03\u5ea6\u7b56\u7565 \u3002
\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u4e0a\u7684 \u96c6\u7fa4\u5217\u8868 \uff0c\u7136\u540e\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u9875\u9762\u3002
\u5728\u96c6\u7fa4\u8be6\u60c5\u9875\u9762\uff0c\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u7684 \u5de5\u4f5c\u8d1f\u8f7d -> \u65e0\u72b6\u6001\u8d1f\u8f7d \uff0c\u7136\u540e\u70b9\u51fb\u9875\u9762\u53f3\u4e0a\u89d2\u7684 \u955c\u50cf\u521b\u5efa \u6309\u94ae\u3002
\u4f9d\u6b21\u586b\u5199\u57fa\u672c\u4fe1\u606f\u3001\u5bb9\u5668\u914d\u7f6e\uff0c\u5e76\u5728 \u5bb9\u5668\u914d\u7f6e \u4e2d\u542f\u7528 GPU \u914d\u7f6e\uff0c\u9009\u62e9 GPU \u7c7b\u578b\u4e3a NVIDIA vGPU\uff0c \u70b9\u51fb \u9ad8\u7ea7\u8bbe\u7f6e \uff0c\u542f\u7528 Binpack / Spread \u8c03\u5ea6\u7b56\u7565\uff0c\u6839\u636e\u4e1a\u52a1\u573a\u666f\u8c03\u6574 GPU \u8c03\u5ea6\u914d\u7f6e\u3002\u914d\u7f6e\u5b8c\u6210\u540e\u70b9\u51fb \u4e0b\u4e00\u6b65 \uff0c \u8fdb\u5165 \u670d\u52a1\u914d\u7f6e\u3001\u9ad8\u7ea7\u914d\u7f6e\u540e\uff0c\u5728\u9875\u9762\u53f3\u4e0b\u89d2\u70b9\u51fb \u786e\u5b9a \u5b8c\u6210\u521b\u5efa\u3002
\u672c\u8282\u4ecb\u7ecd\u5982\u4f55\u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4f7f\u7528 vGPU \u80fd\u529b\u3002
"},{"location":"end-user/kpanda/gpu/vgpu_quota.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u5f53\u524d\u96c6\u7fa4\u5df2\u901a\u8fc7 Operator \u6216\u624b\u52a8\u65b9\u5f0f\u90e8\u7f72\u5bf9\u5e94\u7c7b\u578b GPU \u9a71\u52a8\uff08NVIDIA GPU\u3001NVIDIA MIG\u3001\u5929\u6570\u3001\u6607\u817e\uff09
"},{"location":"end-user/kpanda/gpu/vgpu_quota.html#_2","title":"\u64cd\u4f5c\u6b65\u9aa4","text":"\u8fdb\u5165 Namespaces \u4e2d\uff0c\u70b9\u51fb \u914d\u989d\u7ba1\u7406 \u53ef\u4ee5\u914d\u7f6e\u5f53\u524d Namespace \u53ef\u4ee5\u4f7f\u7528\u7684 GPU \u8d44\u6e90\u3002
\u5f53\u524d\u547d\u540d\u7a7a\u95f4\u914d\u989d\u7ba1\u7406\u8986\u76d6\u7684\u5361\u7c7b\u578b\u4e3a\uff1aNVIDIA vGPU\u3001NVIDIA MIG\u3001\u5929\u6570\u3001\u6607\u817e\u3002
NVIDIA vGPU \u914d\u989d\u7ba1\u7406 \uff1a\u914d\u7f6e\u5177\u4f53\u53ef\u4ee5\u4f7f\u7528\u7684\u914d\u989d\uff0c\u4f1a\u521b\u5efa ResourcesQuota CR\uff1a
\u672c\u7ae0\u8282\u63d0\u4f9b\u6607\u817e NPU \u9a71\u52a8\u3001Device Plugin\u3001NPU-Exporter \u7b49\u7ec4\u4ef6\u7684\u5b89\u88c5\u6307\u5bfc\u3002
"},{"location":"end-user/kpanda/gpu/ascend/ascend_driver_install.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u4f7f\u7528 NPU \u8d44\u6e90\u4e4b\u524d\uff0c\u9700\u8981\u5b8c\u6210\u56fa\u4ef6\u5b89\u88c5\u3001NPU \u9a71\u52a8\u5b89\u88c5\u3001 Docker Runtime \u5b89\u88c5\u3001\u7528\u6237\u521b\u5efa\u3001\u65e5\u5fd7\u76ee\u5f55\u521b\u5efa\u4ee5\u53ca NPU Device Plugin \u5b89\u88c5\uff0c\u8be6\u60c5\u53c2\u8003\u5982\u4e0b\u6b65\u9aa4\u3002
"},{"location":"end-user/kpanda/gpu/ascend/ascend_driver_install.html#_3","title":"\u5b89\u88c5\u56fa\u4ef6","text":"\u4e0b\u8f7d Ascend Docker Runtime
\u793e\u533a\u7248\u4e0b\u8f7d\u5730\u5740\uff1ahttps://www.hiascend.com/zh/software/mindx-dl/community
wget -c https://mindx.obs.cn-south-1.myhuaweicloud.com/OpenSource/MindX/MindX%205.0.RC2/MindX%20DL%205.0.RC2/Ascend-docker-runtime_5.0.RC2_linux-x86_64.run\n
\u5b89\u88c5\u5230\u6307\u5b9a\u8def\u5f84\u4e0b\uff0c\u4f9d\u6b21\u6267\u884c\u4ee5\u4e0b\u4e24\u6761\u547d\u4ee4\uff0c\u53c2\u6570\u4e3a\u6307\u5b9a\u7684\u5b89\u88c5\u8def\u5f84:
chmod u+x Ascend-docker-runtime_5.0.RC2_linux-x86_64.run \n./Ascend-docker-runtime_{version}_linux-{arch}.run --install --install-path=<path>\n
\u4fee\u6539 containerd \u914d\u7f6e\u6587\u4ef6
containerd \u65e0\u9ed8\u8ba4\u914d\u7f6e\u6587\u4ef6\u65f6\uff0c\u4f9d\u6b21\u6267\u884c\u4ee5\u4e0b3\u6761\u547d\u4ee4\uff0c\u521b\u5efa\u914d\u7f6e\u6587\u4ef6\uff1a
mkdir /etc/containerd \ncontainerd config default > /etc/containerd/config.toml \nvim /etc/containerd/config.toml\n
containerd \u6709\u914d\u7f6e\u6587\u4ef6\u65f6\uff1a
vim /etc/containerd/config.toml\n
\u6839\u636e\u5b9e\u9645\u60c5\u51b5\u4fee\u6539 runtime \u7684\u5b89\u88c5\u8def\u5f84\uff0c\u4e3b\u8981\u4fee\u6539 runtime \u5b57\u6bb5\uff1a
... \n[plugins.\"io.containerd.monitor.v1.cgroups\"]\n no_prometheus = false \n[plugins.\"io.containerd.runtime.v1.linux\"]\n shim = \"containerd-shim\"\n runtime = \"/usr/local/Ascend/Ascend-Docker-Runtime/ascend-docker-runtime\"\n runtime_root = \"\"\n no_shim = false\n shim_debug = false\n [plugins.\"io.containerd.runtime.v2.task\"]\n platforms = [\"linux/amd64\"]\n...\n
\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\uff0c\u91cd\u542f containerd\uff1a
systemctl restart containerd\n
\u5728\u5bf9\u5e94\u7ec4\u4ef6\u5b89\u88c5\u7684\u8282\u70b9\u4e0a\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u521b\u5efa\u7528\u6237\u3002
# Ubuntu \u64cd\u4f5c\u7cfb\u7edf\nuseradd -d /home/hwMindX -u 9000 -m -s /usr/sbin/nologin hwMindX\nusermod -a -G HwHiAiUser hwMindX\n# Centos \u64cd\u4f5c\u7cfb\u7edf\nuseradd -d /home/hwMindX -u 9000 -m -s /sbin/nologin hwMindX\nusermod -a -G HwHiAiUser hwMindX\n
"},{"location":"end-user/kpanda/gpu/ascend/ascend_driver_install.html#_5","title":"\u65e5\u5fd7\u76ee\u5f55\u521b\u5efa","text":"\u5728\u5bf9\u5e94\u8282\u70b9\u521b\u5efa\u7ec4\u4ef6\u65e5\u5fd7\u7236\u76ee\u5f55\u548c\u5404\u7ec4\u4ef6\u7684\u65e5\u5fd7\u76ee\u5f55\uff0c\u5e76\u8bbe\u7f6e\u76ee\u5f55\u5bf9\u5e94\u5c5e\u4e3b\u548c\u6743\u9650\u3002\u6267\u884c\u4e0b\u8ff0\u547d\u4ee4\uff0c\u521b\u5efa\u7ec4\u4ef6\u65e5\u5fd7\u7236\u76ee\u5f55\u3002
mkdir -m 755 /var/log/mindx-dl\nchown root:root /var/log/mindx-dl\n
\u6267\u884c\u4e0b\u8ff0\u547d\u4ee4\uff0c\u521b\u5efa Device Plugin \u7ec4\u4ef6\u65e5\u5fd7\u76ee\u5f55\u3002
mkdir -m 750 /var/log/mindx-dl/devicePlugin\nchown root:root /var/log/mindx-dl/devicePlugin\n
Note
\u8bf7\u5206\u522b\u4e3a\u6240\u9700\u7ec4\u4ef6\u521b\u5efa\u5bf9\u5e94\u7684\u65e5\u5fd7\u76ee\u5f55\uff0c\u5f53\u524d\u6848\u4f8b\u4e2d\u53ea\u9700\u8981 Device Plugin \u7ec4\u4ef6\u3002 \u5982\u679c\u6709\u5176\u4ed6\u7ec4\u4ef6\u9700\u6c42\u8bf7\u53c2\u8003\u5b98\u65b9\u6587\u6863
"},{"location":"end-user/kpanda/gpu/ascend/ascend_driver_install.html#label","title":"\u521b\u5efa\u8282\u70b9 Label","text":"\u53c2\u8003\u4e0b\u8ff0\u547d\u4ee4\u5728\u5bf9\u5e94\u8282\u70b9\u4e0a\u521b\u5efa Label\uff1a
# \u5728\u5b89\u88c5\u4e86\u9a71\u52a8\u7684\u8ba1\u7b97\u8282\u70b9\u521b\u5efa\u6b64\u6807\u7b7e\nkubectl label node {nodename} huawei.com.ascend/Driver=installed\nkubectl label node {nodename} node-role.kubernetes.io/worker=worker\nkubectl label node {nodename} workerselector=dls-worker-node\nkubectl label node {nodename} host-arch=huawei-arm //\u6216\u8005host-arch=huawei-x86 \uff0c\u6839\u636e\u5b9e\u9645\u60c5\u51b5\u9009\u62e9\nkubectl label node {nodename} accelerator=huawei-Ascend910 //\u6839\u636e\u5b9e\u9645\u60c5\u51b5\u8fdb\u884c\u9009\u62e9\n# \u5728\u63a7\u5236\u8282\u70b9\u521b\u5efa\u6b64\u6807\u7b7e\nkubectl label node {nodename} masterselector=dls-master-node\n
"},{"location":"end-user/kpanda/gpu/ascend/ascend_driver_install.html#device-plugin-npuexporter","title":"\u5b89\u88c5 Device Plugin \u548c NpuExporter","text":"\u529f\u80fd\u6a21\u5757\u8def\u5f84\uff1a \u5bb9\u5668\u7ba1\u7406 -> \u96c6\u7fa4\u7ba1\u7406 \uff0c\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u4ece\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb Helm \u5e94\u7528 -> Helm \u6a21\u677f -> \u641c\u7d22 ascend-mindxdl \u3002
\u5b89\u88c5\u6210\u529f\u540e\uff0c\u5bf9\u5e94\u547d\u540d\u7a7a\u95f4\u4e0b\u4f1a\u51fa\u73b0\u4e24\u4e2a\u7ec4\u4ef6\uff0c\u5982\u4e0b\u56fe\uff1a
\u540c\u65f6\u8282\u70b9\u4fe1\u606f\u4e0a\u4e5f\u4f1a\u51fa\u73b0\u5bf9\u5e94 NPU \u7684\u4fe1\u606f\uff1a
\u4e00\u5207\u5c31\u7eea\u540e\uff0c\u6211\u4eec\u901a\u8fc7\u9875\u9762\u521b\u5efa\u5de5\u4f5c\u8d1f\u8f7d\u65f6\uff0c\u5c31\u80fd\u591f\u9009\u62e9\u5230\u5bf9\u5e94\u7684 NPU \u8bbe\u5907\uff0c\u5982\u4e0b\u56fe\uff1a
Note
\u6709\u5173\u8be6\u7ec6\u4f7f\u7528\u6b65\u9aa4\uff0c\u8bf7\u53c2\u7167\u5e94\u7528\u4f7f\u7528\u6607\u817e\uff08Ascend\uff09NPU\u3002
"},{"location":"end-user/kpanda/gpu/ascend/ascend_usage.html","title":"\u5e94\u7528\u4f7f\u7528\u6607\u817e\uff08Ascend\uff09NPU","text":"\u672c\u8282\u4ecb\u7ecd\u5982\u4f55\u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4f7f\u7528\u6607\u817e GPU\u3002
"},{"location":"end-user/kpanda/gpu/ascend/ascend_usage.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u8bf7\u53c2\u8003\u6607\u817e NPU \u7ec4\u4ef6\u5b89\u88c5\u6587\u6863\u5b89\u88c5\u57fa\u7840\u73af\u5883\u3002
"},{"location":"end-user/kpanda/gpu/ascend/ascend_usage.html#_2","title":"\u5feb\u901f\u4f7f\u7528","text":"\u672c\u6587\u4f7f\u7528\u6607\u817e\u793a\u4f8b\u5e93\u4e2d\u7684 AscentCL \u56fe\u7247\u5206\u7c7b\u5e94\u7528\u793a\u4f8b\u3002
\u4e0b\u8f7d\u6607\u817e\u4ee3\u7801\u5e93
\u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\u4e0b\u8f7d\u6607\u817e Demo \u793a\u4f8b\u4ee3\u7801\u5e93\uff0c\u5e76\u4e14\u8bf7\u8bb0\u4f4f\u4ee3\u7801\u5b58\u653e\u7684\u4f4d\u7f6e\uff0c\u540e\u7eed\u9700\u8981\u4f7f\u7528\u3002
git clone https://gitee.com/ascend/samples.git\n
\u51c6\u5907\u57fa\u7840\u955c\u50cf
\u6b64\u4f8b\u4f7f\u7528 Ascent-pytorch \u57fa\u7840\u955c\u50cf\uff0c\u53ef\u8bbf\u95ee\u6607\u817e\u955c\u50cf\u4ed3\u5e93\u83b7\u53d6\u3002
\u51c6\u5907 YAML
ascend-demo.yamlapiVersion: batch/v1\nkind: Job\nmetadata:\n name: resnetinfer1-1-1usoc\nspec:\n template:\n spec:\n containers:\n - image: ascendhub.huawei.com/public-ascendhub/ascend-pytorch:23.0.RC2-ubuntu18.04 # Inference image name\n imagePullPolicy: IfNotPresent\n name: resnet50infer\n securityContext:\n runAsUser: 0\n command:\n - \"/bin/bash\"\n - \"-c\"\n - |\n source /usr/local/Ascend/ascend-toolkit/set_env.sh &&\n TEMP_DIR=/root/samples_copy_$(date '+%Y%m%d_%H%M%S_%N') &&\n cp -r /root/samples \"$TEMP_DIR\" &&\n cd \"$TEMP_DIR\"/inference/modelInference/sampleResnetQuickStart/python/model &&\n wget https://obs-9be7.obs.cn-east-2.myhuaweicloud.com/003_Atc_Models/resnet50/resnet50.onnx &&\n atc --model=resnet50.onnx --framework=5 --output=resnet50 --input_shape=\"actual_input_1:1,3,224,224\" --soc_version=Ascend910 &&\n cd ../data &&\n wget https://obs-9be7.obs.cn-east-2.myhuaweicloud.com/models/aclsample/dog1_1024_683.jpg &&\n cd ../scripts &&\n bash sample_run.sh\n resources:\n requests:\n huawei.com/Ascend910: 1 # Number of the Ascend 910 Processors\n limits:\n huawei.com/Ascend910: 1 # The value should be the same as that of requests\n volumeMounts:\n - name: hiai-driver\n mountPath: /usr/local/Ascend/driver\n readOnly: true\n - name: slog\n mountPath: /var/log/npu/conf/slog/slog.conf\n - name: localtime # The container time must be the same as the host time\n mountPath: /etc/localtime\n - name: dmp\n mountPath: /var/dmp_daemon\n - name: slogd\n mountPath: /var/slogd\n - name: hbasic\n mountPath: /etc/hdcBasic.cfg\n - name: sys-version\n mountPath: /etc/sys_version.conf\n - name: aicpu\n mountPath: /usr/lib64/aicpu_kernels\n - name: tfso\n mountPath: /usr/lib64/libtensorflow.so\n - name: sample-path\n mountPath: /root/samples\n volumes:\n - name: hiai-driver\n hostPath:\n path: /usr/local/Ascend/driver\n - name: slog\n hostPath:\n path: /var/log/npu/conf/slog/slog.conf\n - name: localtime\n hostPath:\n path: /etc/localtime\n - name: dmp\n hostPath:\n path: /var/dmp_daemon\n - name: slogd\n hostPath:\n path: /var/slogd\n - name: hbasic\n hostPath:\n path: /etc/hdcBasic.cfg\n - name: sys-version\n hostPath:\n path: /etc/sys_version.conf\n - name: aicpu\n hostPath:\n path: /usr/lib64/aicpu_kernels\n - name: tfso\n hostPath:\n path: /usr/lib64/libtensorflow.so\n - name: sample-path\n hostPath:\n path: /root/samples\n restartPolicy: OnFailure\n
\u4ee5\u4e0a YAML \u4e2d\u6709\u4e00\u4e9b\u5b57\u6bb5\u9700\u8981\u6839\u636e\u5b9e\u9645\u60c5\u51b5\u8fdb\u884c\u4fee\u6539\uff1a
\u90e8\u7f72 Job \u5e76\u67e5\u770b\u7ed3\u679c
\u4f7f\u7528\u5982\u4e0b\u547d\u4ee4\u521b\u5efa Job\uff1a
kubectl apply -f ascend-demo.yaml\n
\u67e5\u770b Pod \u8fd0\u884c\u72b6\u6001\uff1a
Pod \u6210\u529f\u8fd0\u884c\u540e\uff0c\u67e5\u770b\u65e5\u5fd7\u7ed3\u679c\u3002\u5728\u5c4f\u5e55\u4e0a\u7684\u5173\u952e\u63d0\u793a\u4fe1\u606f\u793a\u4f8b\u5982\u4e0b\u56fe\uff0c\u63d0\u793a\u4fe1\u606f\u4e2d\u7684 Label \u8868\u793a\u7c7b\u522b\u6807\u8bc6\uff0c Conf \u8868\u793a\u8be5\u5206\u7c7b\u7684\u6700\u5927\u7f6e\u4fe1\u5ea6\uff0cClass \u8868\u793a\u6240\u5c5e\u7c7b\u522b\u3002\u8fd9\u4e9b\u503c\u53ef\u80fd\u4f1a\u6839\u636e\u7248\u672c\u3001\u73af\u5883\u6709\u6240\u4e0d\u540c\uff0c\u8bf7\u4ee5\u5b9e\u9645\u60c5\u51b5\u4e3a\u51c6\uff1a
\u7ed3\u679c\u56fe\u7247\u5c55\u793a\uff1a
\u786e\u8ba4\u96c6\u7fa4\u662f\u5426\u5df2\u68c0\u6d4b GPU \u5361\u3002\u70b9\u51fb\u5bf9\u5e94 \u96c6\u7fa4 -> \u96c6\u7fa4\u8bbe\u7f6e -> Addon \u63d2\u4ef6 \uff0c\u67e5\u770b\u662f\u5426\u5df2\u81ea\u52a8\u542f\u7528\u5e76\u81ea\u52a8\u68c0\u6d4b\u5bf9\u5e94 GPU \u7c7b\u578b\u3002 \u76ee\u524d\u96c6\u7fa4\u4f1a\u81ea\u52a8\u542f\u7528 GPU \uff0c\u5e76\u4e14\u8bbe\u7f6e GPU \u7c7b\u578b\u4e3a Ascend \u3002
\u90e8\u7f72\u5de5\u4f5c\u8d1f\u8f7d\uff0c\u70b9\u51fb\u5bf9\u5e94 \u96c6\u7fa4 -> \u5de5\u4f5c\u8d1f\u8f7d \uff0c\u901a\u8fc7\u955c\u50cf\u65b9\u5f0f\u90e8\u7f72\u5de5\u4f5c\u8d1f\u8f7d\uff0c\u9009\u62e9\u7c7b\u578b\uff08Ascend\uff09\u4e4b\u540e\uff0c\u9700\u8981\u914d\u7f6e\u5e94\u7528\u4f7f\u7528\u7684\u7269\u7406\u5361\u6570\u91cf\uff1a
\u7269\u7406\u5361\u6570\u91cf\uff08huawei.com/Ascend910\uff09 \uff1a\u8868\u793a\u5f53\u524d Pod \u9700\u8981\u6302\u8f7d\u51e0\u5f20\u7269\u7406\u5361\uff0c\u8f93\u5165\u503c\u5fc5\u987b\u4e3a\u6574\u6570\u4e14**\u5c0f\u4e8e\u7b49\u4e8e**\u5bbf\u4e3b\u673a\u4e0a\u7684\u5361\u6570\u91cf\u3002
\u5982\u679c\u4e0a\u8ff0\u503c\u914d\u7f6e\u7684\u6709\u95ee\u9898\u5219\u4f1a\u51fa\u73b0\u8c03\u5ea6\u5931\u8d25\uff0c\u8d44\u6e90\u5206\u914d\u4e0d\u4e86\u7684\u60c5\u51b5\u3002
\u6607\u817e\u865a\u62df\u5316\u5206\u4e3a\u52a8\u6001\u865a\u62df\u5316\u548c\u9759\u6001\u865a\u62df\u5316\uff0c\u672c\u6587\u4ecb\u7ecd\u5982\u4f55\u5f00\u542f\u5e76\u4f7f\u7528\u6607\u817e\u9759\u6001\u865a\u62df\u5316\u80fd\u529b\u3002
"},{"location":"end-user/kpanda/gpu/ascend/vnpu.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u652f\u6301\u7684 NPU \u5361\u578b\u53f7\uff1a
\u66f4\u591a\u7ec6\u8282\u53c2\u9605\u5b98\u65b9\u865a\u62df\u5316\u786c\u4ef6\u8bf4\u660e\u3002
\u8bf7\u53c2\u8003\u6607\u817e NPU \u7ec4\u4ef6\u5b89\u88c5\u6587\u6863\u5b89\u88c5\u57fa\u7840\u73af\u5883\u3002
"},{"location":"end-user/kpanda/gpu/ascend/vnpu.html#_3","title":"\u5f00\u542f\u865a\u62df\u5316\u80fd\u529b","text":"\u5f00\u542f\u865a\u62df\u5316\u80fd\u529b\u9700\u8981\u624b\u52a8\u4fee\u6539\u00a0ascend-device-plugin-daemonset \u7ec4\u4ef6\u7684\u542f\u52a8\u53c2\u6570\uff0c\u53c2\u8003\u4e0b\u8ff0\u547d\u4ee4\uff1a
- device-plugin -useAscendDocker=true -volcanoType=false -presetVirtualDevice=true\n- logFile=/var/log/mindx-dl/devicePlugin/devicePlugin.log -logLevel=0\n
"},{"location":"end-user/kpanda/gpu/ascend/vnpu.html#vnpu","title":"\u5207\u5206 VNPU \u5b9e\u4f8b","text":"\u9759\u6001\u865a\u62df\u5316\u9700\u8981\u624b\u52a8\u5bf9 VNPU \u5b9e\u4f8b\u7684\u5207\u5206\uff0c\u8bf7\u53c2\u8003\u4e0b\u8ff0\u547d\u4ee4\uff1a
npu-smi set -t create-vnpu -i 13 -c 0 -f vir02\n
i
\u6307\u7684\u662f card idc
\u6307\u7684\u662f chip idvir02
\u6307\u7684\u662f\u5207\u5206\u89c4\u683c\u6a21\u677f\u5173\u4e8e card id \u548c chip id\uff0c\u53ef\u4ee5\u901a\u8fc7 npu-smi info \u67e5\u8be2\uff0c\u5207\u5206\u89c4\u683c\u53ef\u901a\u8fc7 ascend \u5b98\u65b9\u6a21\u677f\u8fdb\u884c\u67e5\u8be2\u3002
\u5207\u5206\u5b9e\u4f8b\u8fc7\u540e\u53ef\u901a\u8fc7\u4e0b\u8ff0\u547d\u4ee4\u67e5\u8be2\u5207\u5206\u7ed3\u679c\uff1a
npu-smi info -t info-vnpu -i 13 -c 0\n
\u67e5\u8be2\u7ed3\u679c\u5982\u4e0b\uff1a
"},{"location":"end-user/kpanda/gpu/ascend/vnpu.html#ascend-device-plugin-daemonset","title":"\u91cd\u542f\u00a0ascend-device-plugin-daemonset","text":"\u5207\u5206\u5b9e\u4f8b\u540e\u624b\u52a8\u91cd\u542f device-plugin pod\uff0c\u7136\u540e\u4f7f\u7528 kubectl describe
\u547d\u4ee4\u67e5\u770b\u5df2\u6ce8\u518c node \u7684\u8d44\u6e90\uff1a
kubectl describe node {{nodename}}\n
"},{"location":"end-user/kpanda/gpu/ascend/vnpu.html#_4","title":"\u5982\u4f55\u4f7f\u7528\u8bbe\u5907","text":"\u5728\u521b\u5efa\u5e94\u7528\u65f6\uff0c\u6307\u5b9a\u8d44\u6e90 key\uff0c\u53c2\u8003\u4e0b\u8ff0 YAML\uff1a
......\nresources:\n requests:\n huawei.com/Ascend310P-2c: 1\n limits:\n huawei.com/Ascend310P-2c: 1\n......\n
"},{"location":"end-user/kpanda/gpu/metax/usemetax.html","title":"\u6c90\u66e6 GPU \u7ec4\u4ef6\u5b89\u88c5\u4e0e\u4f7f\u7528","text":"\u672c\u7ae0\u8282\u63d0\u4f9b\u6c90\u66e6 gpu-extensions\u3001gpu-operator \u7b49\u7ec4\u4ef6\u7684\u5b89\u88c5\u6307\u5bfc\u548c\u6c90\u66e6 GPU \u6574\u5361\u548c vGPU \u4e24\u79cd\u6a21\u5f0f\u7684\u4f7f\u7528\u65b9\u6cd5\u3002
"},{"location":"end-user/kpanda/gpu/metax/usemetax.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"Metax \u63d0\u4f9b\u4e86\u4e24\u4e2a helm-chart \u5305\uff0c\u4e00\u4e2a\u662f metax-extensions\uff0c\u4e00\u4e2a\u662f gpu-operator\uff0c\u6839\u636e\u4f7f\u7528\u573a\u666f\u53ef\u9009\u62e9\u5b89\u88c5\u4e0d\u540c\u7684\u7ec4\u4ef6\u3002
\u4ece /home/metax/metax-docs/k8s/metax-gpu-k8s-package.0.7.10.tar.gz
\u6587\u4ef6\u4e2d\u89e3\u538b\u51fa
\u67e5\u770b\u7cfb\u7edf\u662f\u5426\u5b89\u88c5\u9a71\u52a8
$ lsmod | grep metax \nmetax 1605632 0 \nttm 86016 3 drm_vram_helper,metax,drm_ttm_helper \ndrm 618496 7 drm_kms_helper,drm_vram_helper,ast,metax,drm_ttm_helper,ttm\n
\u5b89\u88c5\u9a71\u52a8
\u63a8\u9001\u955c\u50cf
tar -xf metax-gpu-k8s-package.0.7.10.tar.gz\n./metax-k8s-images.0.7.10.run push {registry}/metax\n
\u63a8\u9001 Helm Chart
helm plugin install https://github.com/chartmuseum/helm-push\nhelm repo add --username rootuser --password rootpass123 metax http://172.16.16.5:8081\nhelm cm-push metax-operator-0.7.10.tgz metax\nhelm cm-push metax-gpu-extensions-0.7.10.tgz metax\n
\u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4e0a\u5b89\u88c5 metax-gpu-extensions
\u90e8\u7f72\u6210\u529f\u4e4b\u540e\uff0c\u53ef\u4ee5\u5728\u8282\u70b9\u4e0a\u67e5\u770b\u5230\u8d44\u6e90\u3002
\u4fee\u6539\u6210\u529f\u4e4b\u540e\u5c31\u53ef\u4ee5\u5728\u8282\u70b9\u4e0a\u770b\u5230\u5e26\u6709 Metax GPU
\u7684\u6807\u7b7e
\u5b89\u88c5 gpu-opeartor
\u65f6\u7684\u5df2\u77e5\u95ee\u9898\uff1a
metax-operator
\u3001gpu-label
\u3001gpu-device
\u3001container-runtime
\u8fd9\u51e0\u4e2a\u7ec4\u4ef6\u955c\u50cf\u8981\u5e26\u6709 amd64
\u540e\u7f00\u3002
metax-maca
\u7ec4\u4ef6\u7684\u955c\u50cf\u4e0d\u5728 metax-k8s-images.0.7.13.run
\u5305\u91cc\u9762\uff0c\u9700\u8981\u5355\u72ec\u4e0b\u8f7d maca-mxc500-2.23.0.23-ubuntu20.04-x86_64.tar.xz
\u8fd9\u7c7b\u955c\u50cf\uff0cload
\u4e4b\u540e\u91cd\u65b0\u4fee\u6539 metax-maca
\u7ec4\u4ef6\u7684\u955c\u50cf\u3002
metax-driver
\u7ec4\u4ef6\u7684\u955c\u50cf\u9700\u8981\u4ece https://pub-docstore.metax-tech.com:7001
\u8fd9\u4e2a\u7f51\u7ad9\u4e0b\u8f7d k8s-driver-image.2.23.0.25.run
\u6587\u4ef6\uff0c\u7136\u540e\u6267\u884c k8s-driver-image.2.23.0.25.run push {registry}/metax
\u547d\u4ee4\u628a\u955c\u50cf\u63a8\u9001\u5230\u955c\u50cf\u4ed3\u5e93\u3002\u63a8\u9001\u4e4b\u540e\u4fee\u6539 metax-driver
\u7ec4\u4ef6\u7684\u955c\u50cf\u5730\u5740\u3002
\u5b89\u88c5\u540e\u53ef\u5728\u5de5\u4f5c\u8d1f\u8f7d\u4e2d\u4f7f\u7528\u6c90\u66e6 GPU\u3002\u6ce8\u610f\u542f\u7528 GPU \u540e\uff0c\u9700\u9009\u62e9GPU\u7c7b\u578b\u4e3a Metax GPU
\u8fdb\u5165\u5bb9\u5668\uff0c\u6267\u884c mx-smi \u53ef\u67e5\u770b GPU \u7684\u4f7f\u7528\u60c5\u51b5.
"},{"location":"end-user/kpanda/gpu/mlu/use-mlu.html","title":"\u4f7f\u7528\u5bd2\u6b66\u7eaa GPU","text":"\u672c\u6587\u4ecb\u7ecd\u5982\u4f55\u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4e2d\u4f7f\u7528\u5bd2\u6b66\u7eaa GPU\u3002
"},{"location":"end-user/kpanda/gpu/mlu/use-mlu.html#_1","title":"\u524d\u7f6e\u6761\u4ef6","text":"\u5728\u5b89\u88c5 DevicePlugin \u65f6\u8bf7\u5173\u95ed --enable-device-type \u53c2\u6570\uff0c\u5426\u5219\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u5c06\u65e0\u6cd5\u6b63\u786e\u8bc6\u522b\u5bd2\u6b66\u7eaa GPU\u3002
"},{"location":"end-user/kpanda/gpu/mlu/use-mlu.html#gpu_1","title":"\u5bd2\u6b66\u7eaa GPU \u6a21\u5f0f\u4ecb\u7ecd","text":"\u5bd2\u6b66\u7eaa GPU \u6709\u4ee5\u4e0b\u51e0\u79cd\u6a21\u5f0f\uff1a
\u8fd9\u91cc\u4ee5 Dynamic smlu \u6a21\u5f0f\u4e3a\u4f8b\uff1a
\u5728\u6b63\u786e\u5b89\u88c5 DevicePlugin \u7b49\u7ec4\u4ef6\u540e\uff0c\u70b9\u51fb\u5bf9\u5e94 \u96c6\u7fa4 -> \u96c6\u7fa4\u8fd0\u7ef4-> \u96c6\u7fa4\u8bbe\u7f6e -> Addon \u63d2\u4ef6 \uff0c\u67e5\u770b\u662f\u5426\u5df2\u81ea\u52a8\u542f\u7528\u5e76\u81ea\u52a8\u68c0\u6d4b\u5bf9\u5e94 GPU \u7c7b\u578b\u3002
\u70b9\u51fb\u8282\u70b9\u7ba1\u7406\u9875\u9762\uff0c\u67e5\u770b\u8282\u70b9\u662f\u5426\u5df2\u7ecf\u6b63\u786e\u8bc6\u522b\u5230\u5bf9\u5e94\u7684GPU\u7c7b\u578b\u3002
\u90e8\u7f72\u5de5\u4f5c\u8d1f\u8f7d\u3002\u70b9\u51fb\u5bf9\u5e94 \u96c6\u7fa4 -> \u5de5\u4f5c\u8d1f\u8f7d \uff0c\u901a\u8fc7\u955c\u50cf\u65b9\u5f0f\u90e8\u7f72\u5de5\u4f5c\u8d1f\u8f7d\uff0c\u9009\u62e9\u7c7b\u578b\uff08MLU VGPU\uff09\u4e4b\u540e\uff0c\u9700\u8981\u914d\u7f6e App \u4f7f\u7528\u7684 GPU \u8d44\u6e90\uff1a
\u53c2\u8003 YAML \u6587\u4ef6\u5982\u4e0b\uff1a
apiVersion: v1 \nkind: Pod \nmetadata: \n name: pod1 \nspec: \n restartPolicy: OnFailure \n containers: \n - image: ubuntu:16.04 \n name: pod1-ctr \n command: [\"sleep\"] \n args: [\"100000\"] \n resources: \n limits: \n cambricon.com/mlu: \"1\" # use this when device type is not enabled, else delete this line. \n #cambricon.com/mlu: \"1\" #uncomment to use when device type is enabled \n #cambricon.com/mlu.share: \"1\" #uncomment to use device with env-share mode \n #cambricon.com/mlu.mim-2m.8gb: \"1\" #uncomment to use device with mim mode \n #cambricon.com/mlu.smlu.vcore: \"100\" #uncomment to use device with mim mode \n #cambricon.com/mlu.smlu.vmemory: \"1024\" #uncomment to use device with mim mode\n
"},{"location":"end-user/kpanda/gpu/nvidia/index.html","title":"NVIDIA GPU \u5361\u4f7f\u7528\u6a21\u5f0f","text":"NVIDIA \u4f5c\u4e3a\u4e1a\u5185\u77e5\u540d\u7684\u56fe\u5f62\u8ba1\u7b97\u4f9b\u5e94\u5546\uff0c\u4e3a\u7b97\u529b\u7684\u63d0\u5347\u63d0\u4f9b\u4e86\u8bf8\u591a\u8f6f\u786c\u4ef6\u89e3\u51b3\u65b9\u6848\uff0c\u5176\u4e2d NVIDIA \u5728 GPU \u7684\u4f7f\u7528\u65b9\u5f0f\u4e0a\u63d0\u4f9b\u4e86\u5982\u4e0b\u4e09\u79cd\u89e3\u51b3\u65b9\u6848\uff1a
"},{"location":"end-user/kpanda/gpu/nvidia/index.html#full-gpu","title":"\u6574\u5361\uff08Full GPU\uff09","text":"\u6574\u5361\u662f\u6307\u5c06\u6574\u4e2a NVIDIA GPU \u5206\u914d\u7ed9\u5355\u4e2a\u7528\u6237\u6216\u5e94\u7528\u7a0b\u5e8f\u3002\u5728\u8fd9\u79cd\u914d\u7f6e\u4e0b\uff0c\u5e94\u7528\u53ef\u4ee5\u5b8c\u5168\u5360\u7528 GPU \u7684\u6240\u6709\u8d44\u6e90\uff0c \u5e76\u83b7\u5f97\u6700\u5927\u7684\u8ba1\u7b97\u6027\u80fd\u3002\u6574\u5361\u9002\u7528\u4e8e\u9700\u8981\u5927\u91cf\u8ba1\u7b97\u8d44\u6e90\u548c\u5185\u5b58\u7684\u5de5\u4f5c\u8d1f\u8f7d\uff0c\u5982\u6df1\u5ea6\u5b66\u4e60\u8bad\u7ec3\u3001\u79d1\u5b66\u8ba1\u7b97\u7b49\u3002
"},{"location":"end-user/kpanda/gpu/nvidia/index.html#vgpuvirtual-gpu","title":"vGPU\uff08Virtual GPU\uff09","text":"vGPU \u662f\u4e00\u79cd\u865a\u62df\u5316\u6280\u672f\uff0c\u5141\u8bb8\u5c06\u4e00\u4e2a\u7269\u7406 GPU \u5212\u5206\u4e3a\u591a\u4e2a\u865a\u62df GPU\uff0c\u6bcf\u4e2a\u865a\u62df GPU \u5206\u914d\u7ed9\u4e0d\u540c\u7684\u4e91\u4e3b\u673a\u6216\u7528\u6237\u3002 vGPU \u4f7f\u591a\u4e2a\u7528\u6237\u53ef\u4ee5\u5171\u4eab\u540c\u4e00\u53f0\u7269\u7406 GPU\uff0c\u5e76\u5728\u5404\u81ea\u7684\u865a\u62df\u73af\u5883\u4e2d\u72ec\u7acb\u4f7f\u7528 GPU \u8d44\u6e90\u3002 \u6bcf\u4e2a\u865a\u62df GPU \u53ef\u4ee5\u83b7\u5f97\u4e00\u5b9a\u7684\u8ba1\u7b97\u80fd\u529b\u548c\u663e\u5b58\u5bb9\u91cf\u3002vGPU \u9002\u7528\u4e8e\u865a\u62df\u5316\u73af\u5883\u548c\u4e91\u8ba1\u7b97\u573a\u666f\uff0c\u53ef\u4ee5\u63d0\u4f9b\u66f4\u9ad8\u7684\u8d44\u6e90\u5229\u7528\u7387\u548c\u7075\u6d3b\u6027\u3002
"},{"location":"end-user/kpanda/gpu/nvidia/index.html#migmulti-instance-gpu","title":"MIG\uff08Multi-Instance GPU\uff09","text":"MIG \u662f NVIDIA Ampere \u67b6\u6784\u5f15\u5165\u7684\u4e00\u9879\u529f\u80fd\uff0c\u5b83\u5141\u8bb8\u5c06\u4e00\u4e2a\u7269\u7406 GPU \u5212\u5206\u4e3a\u591a\u4e2a\u7269\u7406 GPU \u5b9e\u4f8b\uff0c\u6bcf\u4e2a\u5b9e\u4f8b\u53ef\u4ee5\u72ec\u7acb\u5206\u914d\u7ed9\u4e0d\u540c\u7684\u7528\u6237\u6216\u5de5\u4f5c\u8d1f\u8f7d\u3002 \u6bcf\u4e2a MIG \u5b9e\u4f8b\u5177\u6709\u81ea\u5df1\u7684\u8ba1\u7b97\u8d44\u6e90\u3001\u663e\u5b58\u548c PCIe \u5e26\u5bbd\uff0c\u5c31\u50cf\u4e00\u4e2a\u72ec\u7acb\u7684\u865a\u62df GPU\u3002 MIG \u63d0\u4f9b\u4e86\u66f4\u7ec6\u7c92\u5ea6\u7684 GPU \u8d44\u6e90\u5206\u914d\u548c\u7ba1\u7406\uff0c\u53ef\u4ee5\u6839\u636e\u9700\u6c42\u52a8\u6001\u8c03\u6574\u5b9e\u4f8b\u7684\u6570\u91cf\u548c\u5927\u5c0f\u3002 MIG \u9002\u7528\u4e8e\u591a\u79df\u6237\u73af\u5883\u3001\u5bb9\u5668\u5316\u5e94\u7528\u7a0b\u5e8f\u548c\u6279\u5904\u7406\u4f5c\u4e1a\u7b49\u573a\u666f\u3002
\u65e0\u8bba\u662f\u5728\u865a\u62df\u5316\u73af\u5883\u4e2d\u4f7f\u7528 vGPU\uff0c\u8fd8\u662f\u5728\u7269\u7406 GPU \u4e0a\u4f7f\u7528 MIG\uff0cNVIDIA \u4e3a\u7528\u6237\u63d0\u4f9b\u4e86\u66f4\u591a\u7684\u9009\u62e9\u548c\u4f18\u5316 GPU \u8d44\u6e90\u7684\u65b9\u5f0f\u3002 \u7b97\u4e30 AI \u7b97\u529b\u5bb9\u5668\u7ba1\u7406\u5e73\u53f0\u5168\u9762\u517c\u5bb9\u4e86\u4e0a\u8ff0 NVIDIA \u7684\u80fd\u529b\u7279\u6027\uff0c\u7528\u6237\u53ea\u9700\u901a\u8fc7\u7b80\u5355\u7684\u754c\u9762\u64cd\u4f5c\uff0c\u5c31\u80fd\u591f\u83b7\u5f97\u5168\u90e8 NVIDIA GPU \u7684\u8ba1\u7b97\u80fd\u529b\uff0c\u4ece\u800c\u63d0\u9ad8\u8d44\u6e90\u5229\u7528\u7387\u5e76\u964d\u4f4e\u6210\u672c\u3002
\u5f00\u542f\u914d\u7f6e\u8be6\u60c5\u53c2\u8003 GPU Operator \u79bb\u7ebf\u5b89\u88c5\u3002
"},{"location":"end-user/kpanda/gpu/nvidia/index.html#_1","title":"\u5982\u4f55\u4f7f\u7528","text":"\u60a8\u53ef\u4ee5\u53c2\u8003\u4ee5\u4e0b\u94fe\u63a5\uff0c\u5feb\u901f\u4f7f\u7528\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u5173\u4e8e NVIDIA GPU \u5361\u7684\u7ba1\u7406\u80fd\u529b\u3002
\u672c\u8282\u4ecb\u7ecd\u5982\u4f55\u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u5c06\u6574\u4e2a NVIDIA GPU \u5361\u5206\u914d\u7ed9\u5355\u4e2a\u5e94\u7528\u3002
"},{"location":"end-user/kpanda/gpu/nvidia/full_gpu_userguide.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u786e\u8ba4\u96c6\u7fa4\u662f\u5426\u5df2\u68c0\u6d4b GPU \u5361\u3002\u70b9\u51fb\u5bf9\u5e94 \u96c6\u7fa4 -> \u96c6\u7fa4\u8bbe\u7f6e -> Addon \u63d2\u4ef6 \uff0c\u67e5\u770b\u662f\u5426\u5df2\u81ea\u52a8\u542f\u7528\u5e76\u81ea\u52a8\u68c0\u6d4b\u5bf9\u5e94 GPU \u7c7b\u578b\u3002 \u76ee\u524d\u96c6\u7fa4\u4f1a\u81ea\u52a8\u542f\u7528 GPU \uff0c\u5e76\u4e14\u8bbe\u7f6e GPU \u7c7b\u578b\u4e3a Nvidia GPU \u3002
\u90e8\u7f72\u5de5\u4f5c\u8d1f\u8f7d\uff0c\u70b9\u51fb\u5bf9\u5e94 \u96c6\u7fa4 -> \u5de5\u4f5c\u8d1f\u8f7d \uff0c\u901a\u8fc7\u955c\u50cf\u65b9\u5f0f\u90e8\u7f72\u5de5\u4f5c\u8d1f\u8f7d\uff0c\u9009\u62e9\u7c7b\u578b\uff08Nvidia GPU\uff09\u4e4b\u540e\uff0c\u9700\u8981\u914d\u7f6e\u5e94\u7528\u4f7f\u7528\u7684\u7269\u7406\u5361\u6570\u91cf\uff1a
\u7269\u7406\u5361\u6570\u91cf\uff08nvidia.com/gpu\uff09 \uff1a\u8868\u793a\u5f53\u524d Pod \u9700\u8981\u6302\u8f7d\u51e0\u5f20\u7269\u7406\u5361\uff0c\u8f93\u5165\u503c\u5fc5\u987b\u4e3a\u6574\u6570\u4e14 \u5c0f\u4e8e\u7b49\u4e8e \u5bbf\u4e3b\u673a\u4e0a\u7684\u5361\u6570\u91cf\u3002
\u5982\u679c\u4e0a\u8ff0\u503c\u914d\u7f6e\u7684\u6709\u95ee\u9898\u5219\u4f1a\u51fa\u73b0\u8c03\u5ea6\u5931\u8d25\uff0c\u8d44\u6e90\u5206\u914d\u4e0d\u4e86\u7684\u60c5\u51b5\u3002
\u521b\u5efa\u5de5\u4f5c\u8d1f\u8f7d\u7533\u8bf7 GPU \u8d44\u6e90\uff0c\u5728\u8d44\u6e90\u7533\u8bf7\u548c\u9650\u5236\u914d\u7f6e\u4e2d\u589e\u52a0 nvidia.com/gpu: 1 \u53c2\u6570\u914d\u7f6e\u5e94\u7528\u4f7f\u7528\u7269\u7406\u5361\u7684\u6570\u91cf\u3002
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: full-gpu-demo\n namespace: default\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: full-gpu-demo\n template:\n metadata:\n labels:\n app: full-gpu-demo\n spec:\n containers:\n - image: chrstnhntschl/gpu_burn\n name: container-0\n resources:\n requests:\n cpu: 250m\n memory: 512Mi\n nvidia.com/gpu: 1 # \u7533\u8bf7 GPU \u7684\u6570\u91cf\n limits:\n cpu: 250m\n memory: 512Mi\n nvidia.com/gpu: 1 # GPU \u6570\u91cf\u7684\u4f7f\u7528\u4e0a\u9650\n imagePullSecrets:\n - name: default-secret\n
Note
\u4f7f\u7528 nvidia.com/gpu \u53c2\u6570\u6307\u5b9a GPU \u6570\u91cf\u65f6\uff0crequests \u548c limits \u503c\u9700\u8981\u4fdd\u6301\u4e00\u81f4\u3002
"},{"location":"end-user/kpanda/gpu/nvidia/install_nvidia_driver_of_operator.html","title":"GPU Operator \u79bb\u7ebf\u5b89\u88c5","text":"\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u9884\u7f6e\u4e86 Ubuntu22.04\u3001Ubuntu20.04\u3001CentOS 7.9 \u8fd9\u4e09\u4e2a\u64cd\u4f5c\u7cfb\u7edf\u7684 Driver \u955c\u50cf\uff0c\u9a71\u52a8\u7248\u672c\u662f 535.104.12\uff1b \u5e76\u4e14\u5185\u7f6e\u4e86\u5404\u64cd\u4f5c\u7cfb\u7edf\u6240\u9700\u7684 Toolkit \u955c\u50cf\uff0c\u7528\u6237\u4e0d\u518d\u9700\u8981\u624b\u52a8\u79bb\u7ebf Toolkit \u955c\u50cf\u3002
\u672c\u6587\u4f7f\u7528 AMD \u67b6\u6784\u7684 CentOS 7.9\uff083.10.0-1160\uff09\u8fdb\u884c\u6f14\u793a\u3002\u5982\u9700\u4f7f\u7528 Red Hat 8.4 \u90e8\u7f72\uff0c \u8bf7\u53c2\u8003\u5411\u706b\u79cd\u8282\u70b9\u4ed3\u5e93\u4e0a\u4f20 Red Hat GPU Opreator \u79bb\u7ebf\u955c\u50cf\u548c\u6784\u5efa Red Hat 8.4 \u79bb\u7ebf yum \u6e90\u3002
"},{"location":"end-user/kpanda/gpu/nvidia/install_nvidia_driver_of_operator.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u53c2\u8003\u5982\u4e0b\u6b65\u9aa4\u4e3a\u96c6\u7fa4\u5b89\u88c5 gpu-operator \u63d2\u4ef6\u3002
\u767b\u5f55\u5e73\u53f0\uff0c\u8fdb\u5165 \u5bb9\u5668\u7ba1\u7406 -> \u5f85\u5b89\u88c5 gpu-operator \u7684\u96c6\u7fa4 -> \u8fdb\u5165\u96c6\u7fa4\u8be6\u60c5\u3002
\u5728 Helm \u6a21\u677f \u9875\u9762\uff0c\u9009\u62e9 \u5168\u90e8\u4ed3\u5e93 \uff0c\u641c\u7d22 gpu-operator \u3002
\u9009\u62e9 gpu-operator \uff0c\u70b9\u51fb \u5b89\u88c5 \u3002
\u53c2\u8003\u4e0b\u6587\u53c2\u6570\u914d\u7f6e\uff0c\u914d\u7f6e gpu-operator \u5b89\u88c5\u53c2\u6570\uff0c\u5b8c\u6210 gpu-operator \u7684\u5b89\u88c5\u3002
Ubuntu 22.04
\u3001Ubuntu20.04
\u3001Centos7.9
\u3001other
\u56db\u4e2a\u9009\u9879\uff0c\u8bf7\u6b63\u786e\u7684\u9009\u62e9\u64cd\u4f5c\u7cfb\u7edf\u3002Driver.version \uff1aGPU \u9a71\u52a8\u955c\u50cf\u7684\u7248\u672c\uff0c\u79bb\u7ebf\u90e8\u7f72\u8bf7\u4f7f\u7528\u9ed8\u8ba4\u53c2\u6570\uff0c\u4ec5\u5728\u7ebf\u5b89\u88c5\u65f6\u9700\u914d\u7f6e\u3002\u4e0d\u540c\u7c7b\u578b\u64cd\u4f5c\u7cfb\u7edf\u7684 Driver \u955c\u50cf\u7684\u7248\u672c\u5b58\u5728\u5982\u4e0b\u5dee\u5f02\uff0c \u8be6\u60c5\u53ef\u53c2\u8003\uff1aNvidia GPU Driver \u7248\u672c\u3002 \u5982\u4e0b\u4e0d\u540c\u64cd\u4f5c\u7cfb\u7edf\u7684 Driver Version
\u793a\u4f8b\uff1a
Note
\u4f7f\u7528\u5185\u7f6e\u7684\u64cd\u4f5c\u7cfb\u7edf\u7248\u672c\u65e0\u9700\u4fee\u6539\u955c\u50cf\u7248\u672c\uff0c\u5176\u4ed6\u64cd\u4f5c\u7cfb\u7edf\u7248\u672c\u8bf7\u53c2\u8003\u5411\u706b\u79cd\u8282\u70b9\u4ed3\u5e93\u4e0a\u4f20\u955c\u50cf\u3002 \u6ce8\u610f\u7248\u672c\u53f7\u540e\u65e0\u9700\u586b\u5199 Ubuntu\u3001CentOS\u3001Red Hat \u7b49\u64cd\u4f5c\u7cfb\u7edf\u540d\u79f0\uff0c\u82e5\u5b98\u65b9\u955c\u50cf\u542b\u6709\u64cd\u4f5c\u7cfb\u7edf\u540e\u7f00\uff0c\u8bf7\u624b\u52a8\u79fb\u9664\u3002
525.105.17
535-5.15.0-1043-nvidia
525.147.05
Driver.RepoConfig.ConfigMapName \uff1a\u7528\u6765\u8bb0\u5f55 GPU Operator \u7684\u79bb\u7ebf yum \u6e90\u914d\u7f6e\u6587\u4ef6\u540d\u79f0\uff0c \u5f53\u4f7f\u7528\u9884\u7f6e\u7684\u79bb\u7ebf\u5305\u65f6\uff0c\u5404\u7c7b\u578b\u7684\u64cd\u4f5c\u7cfb\u7edf\u8bf7\u53c2\u8003\u5982\u4e0b\u7684\u6587\u6863\u3002
Toolkit.enable \uff1a\u9ed8\u8ba4\u5f00\u542f\uff0c\u8be5\u7ec4\u4ef6\u8ba9 conatainerd/docker \u652f\u6301\u8fd0\u884c\u9700\u8981 GPU \u7684\u5bb9\u5668\u3002
"},{"location":"end-user/kpanda/gpu/nvidia/install_nvidia_driver_of_operator.html#mig","title":"MIG \u914d\u7f6e\u53c2\u6570","text":"\u8be6\u7ec6\u914d\u7f6e\u65b9\u5f0f\u8bf7\u53c2\u8003\u5f00\u542f MIG \u529f\u80fd
MigManager.Config.name \uff1aMIG \u7684\u5207\u5206\u914d\u7f6e\u6587\u4ef6\u540d\uff0c\u7528\u4e8e\u5b9a\u4e49 MIG \u7684\uff08GI, CI\uff09\u5207\u5206\u7b56\u7565\u3002 \u9ed8\u8ba4\u4e3a default-mig-parted-config \u3002\u81ea\u5b9a\u4e49\u53c2\u6570\u53c2\u8003\u5f00\u542f MIG \u529f\u80fd\u3002
"},{"location":"end-user/kpanda/gpu/nvidia/install_nvidia_driver_of_operator.html#_6","title":"\u4e0b\u4e00\u6b65\u64cd\u4f5c","text":"\u5b8c\u6210\u4e0a\u8ff0\u76f8\u5173\u53c2\u6570\u914d\u7f6e\u548c\u521b\u5efa\u540e\uff1a
\u5982\u679c\u4f7f\u7528 \u6574\u5361\u6a21\u5f0f\uff0c\u5e94\u7528\u521b\u5efa\u65f6\u53ef\u4f7f\u7528 GPU \u8d44\u6e90
\u5982\u679c\u4f7f\u7528 vGPU \u6a21\u5f0f \uff0c\u5b8c\u6210\u4e0a\u8ff0\u76f8\u5173\u53c2\u6570\u914d\u7f6e\u548c\u521b\u5efa\u540e\uff0c\u4e0b\u4e00\u6b65\u8bf7\u5b8c\u6210 vGPU Addon \u5b89\u88c5
\u5982\u679c\u4f7f\u7528 MIG \u6a21\u5f0f\uff0c\u5e76\u4e14\u9700\u8981\u7ed9\u4e2a\u522b GPU \u8282\u70b9\u6309\u7167\u67d0\u79cd\u5207\u5206\u89c4\u683c\u8fdb\u884c\u4f7f\u7528\uff0c \u5426\u5219\u6309\u7167 MigManager.Config
\u4e2d\u7684 default \u503c\u8fdb\u884c\u5207\u5206\u3002
single \u6a21\u5f0f\u8bf7\u7ed9\u5bf9\u5e94\u8282\u70b9\u6253\u4e0a\u5982\u4e0b Label\uff1a
kubectl label nodes {node} nvidia.com/mig.config=\"all-1g.10gb\" --overwrite\n
mixed \u6a21\u5f0f\u8bf7\u7ed9\u5bf9\u5e94\u8282\u70b9\u6253\u4e0a\u5982\u4e0b Label\uff1a
kubectl label nodes {node} nvidia.com/mig.config=\"custom-config\" --overwrite\n
\u200b \u5207\u5206\u540e\uff0c\u5e94\u7528\u53ef\u4f7f\u7528 MIG GPU \u8d44\u6e90\u3002
"},{"location":"end-user/kpanda/gpu/nvidia/push_image_to_repo.html","title":"\u5411\u706b\u79cd\u8282\u70b9\u4ed3\u5e93\u4e0a\u4f20 Red Hat GPU Opreator \u79bb\u7ebf\u955c\u50cf","text":"\u672c\u6587\u4ee5 Red Hat 8.4 \u7684 nvcr.io/nvidia/driver:525.105.17-rhel8.4
\u79bb\u7ebf\u9a71\u52a8\u955c\u50cf\u4e3a\u4f8b\uff0c\u4ecb\u7ecd\u5982\u4f55\u5411\u706b\u79cd\u8282\u70b9\u4ed3\u5e93\u4e0a\u4f20\u79bb\u7ebf\u955c\u50cf\u3002
\u4ee5\u4e0b\u64cd\u4f5c\u5728\u8054\u7f51\u8282\u70b9\u4e0a\u8fdb\u884c\u3002
\u5728\u8054\u7f51\u673a\u5668\u4e0a\u62c9\u53d6 nvcr.io/nvidia/driver:525.105.17-rhel8.4
\u79bb\u7ebf\u9a71\u52a8\u955c\u50cf\uff1a
docker pull nvcr.io/nvidia/driver:525.105.17-rhel8.4\n
\u955c\u50cf\u62c9\u53d6\u5b8c\u6210\u540e\uff0c\u6253\u5305\u955c\u50cf\u4e3a nvidia-driver.tar
\u538b\u7f29\u5305\uff1a
docker save nvcr.io/nvidia/driver:525.105.17-rhel8.4 > nvidia-driver.tar\n
\u62f7\u8d1d nvidia-driver.tar
\u955c\u50cf\u538b\u7f29\u5305\u5230\u706b\u79cd\u8282\u70b9\uff1a
scp nvidia-driver.tar user@ip:/root\n
\u4f8b\u5982\uff1a
scp nvidia-driver.tar root@10.6.175.10:/root\n
\u4ee5\u4e0b\u64cd\u4f5c\u5728\u706b\u79cd\u8282\u70b9\u4e0a\u8fdb\u884c\u3002
\u767b\u5f55\u706b\u79cd\u8282\u70b9\uff0c\u5c06\u8054\u7f51\u8282\u70b9\u62f7\u8d1d\u7684\u955c\u50cf\u538b\u7f29\u5305 nvidia-driver.tar
\u5bfc\u5165\u672c\u5730\uff1a
docker load -i nvidia-driver.tar\n
\u67e5\u770b\u521a\u521a\u5bfc\u5165\u7684\u955c\u50cf\uff1a
docker images -a |grep nvidia\n
\u9884\u671f\u8f93\u51fa\uff1a
nvcr.io/nvidia/driver e3ed7dee73e9 1 days ago 1.02GB\n
\u91cd\u65b0\u6807\u8bb0\u955c\u50cf\uff0c\u4f7f\u5176\u4e0e\u8fdc\u7a0b Registry \u4ed3\u5e93\u4e2d\u7684\u76ee\u6807\u4ed3\u5e93\u5bf9\u5e94\uff1a
docker tag <image-name> <registry-url>/<repository-name>:<tag>\n
<image-name>
\u662f\u4e0a\u4e00\u6b65 nvidia \u955c\u50cf\u7684\u540d\u79f0\uff0c<registry-url>
\u662f\u706b\u79cd\u8282\u70b9\u4e0a Registry \u670d\u52a1\u7684\u5730\u5740\uff0c<repository-name>
\u662f\u60a8\u8981\u63a8\u9001\u5230\u7684\u4ed3\u5e93\u540d\u79f0\uff0c<tag>
\u662f\u60a8\u4e3a\u955c\u50cf\u6307\u5b9a\u7684\u6807\u7b7e\u3002\u4f8b\u5982\uff1a
registry\uff1adocker tag nvcr.io/nvidia/driver 10.6.10.5/nvcr.io/nvidia/driver:525.105.17-rhel8.4\n
\u5c06\u955c\u50cf\u63a8\u9001\u5230\u706b\u79cd\u8282\u70b9\u955c\u50cf\u4ed3\u5e93\uff1a
docker push {ip}/nvcr.io/nvidia/driver:525.105.17-rhel8.4\n
\u53c2\u8003\u6784\u5efa Red Hat 8.4 \u79bb\u7ebf yum \u6e90\u548c GPU Operator \u79bb\u7ebf\u5b89\u88c5\u6765\u4e3a\u96c6\u7fa4\u90e8\u7f72 GPU Operator\u3002
"},{"location":"end-user/kpanda/gpu/nvidia/rhel9.2_offline_install_driver.html","title":"RHEL 9.2 \u79bb\u7ebf\u5b89\u88c5 gpu-operator \u9a71\u52a8","text":"\u524d\u63d0\u6761\u4ef6\uff1a\u5df2\u5b89\u88c5 gpu-operator v23.9.0+2 \u53ca\u66f4\u9ad8\u7248\u672c
RHEL 9.2 \u9a71\u52a8\u955c\u50cf\u4e0d\u80fd\u76f4\u63a5\u5b89\u88c5\uff0c\u5b98\u65b9\u7684\u9a71\u52a8\u811a\u672c\u5b58\u5728\u4e00\u70b9\u95ee\u9898\uff0c\u5728\u5b98\u65b9\u4fee\u590d\u4e4b\u524d\uff0c\u63d0\u4f9b\u5982\u4e0b\u7684\u6b65\u9aa4\u6765\u5b9e\u73b0\u79bb\u7ebf\u5b89\u88c5\u9a71\u52a8\u3002
"},{"location":"end-user/kpanda/gpu/nvidia/rhel9.2_offline_install_driver.html#nouveau","title":"\u7981\u7528nouveau\u9a71\u52a8","text":"\u5728 RHEL 9.2 \u4e2d\u5b58\u5728 nouveau
\u975e\u5b98\u65b9\u7684 Nvidia
\u9a71\u52a8\uff0c\u56e0\u6b64\u9700\u8981\u5148\u7981\u7528\u3002
# \u521b\u5efa\u4e00\u4e2a\u65b0\u7684\u6587\u4ef6\nsudo vi /etc/modprobe.d/blacklist-nouveau.conf\n# \u6dfb\u52a0\u4ee5\u4e0b\u4e24\u884c\u5185\u5bb9:\nblacklist nouveau\noptions nouveau modeset=0\n# \u7981\u7528Nouveau\nsudo dracut --force\n# \u91cd\u542fvm\nsudo reboot\n# \u68c0\u67e5\u662f\u5426\u5df2\u7ecf\u6210\u529f\u7981\u7528\nlsmod | grep nouveau\n
"},{"location":"end-user/kpanda/gpu/nvidia/rhel9.2_offline_install_driver.html#_1","title":"\u81ea\u5b9a\u4e49\u9a71\u52a8\u955c\u50cf","text":"\u5148\u5728\u672c\u5730\u521b\u5efa nvidia-driver
\u6587\u4ef6\uff1a
#! /bin/bash -x\n# Copyright (c) 2018-2020, NVIDIA CORPORATION. All rights reserved.\n\nset -eu\n\nRUN_DIR=/run/nvidia\nPID_FILE=${RUN_DIR}/${0##*/}.pid\nDRIVER_VERSION=${DRIVER_VERSION:?\"Missing DRIVER_VERSION env\"}\nKERNEL_UPDATE_HOOK=/run/kernel/postinst.d/update-nvidia-driver\nNUM_VGPU_DEVICES=0\nNVIDIA_MODULE_PARAMS=()\nNVIDIA_UVM_MODULE_PARAMS=()\nNVIDIA_MODESET_MODULE_PARAMS=()\nNVIDIA_PEERMEM_MODULE_PARAMS=()\nTARGETARCH=${TARGETARCH:?\"Missing TARGETARCH env\"}\nUSE_HOST_MOFED=\"${USE_HOST_MOFED:-false}\"\nDNF_RELEASEVER=${DNF_RELEASEVER:-\"\"}\nRHEL_VERSION=${RHEL_VERSION:-\"\"}\nRHEL_MAJOR_VERSION=9\n\nOPEN_KERNEL_MODULES_ENABLED=${OPEN_KERNEL_MODULES_ENABLED:-false}\n[[ \"${OPEN_KERNEL_MODULES_ENABLED}\" == \"true\" ]] && KERNEL_TYPE=kernel-open || KERNEL_TYPE=kernel\n\nDRIVER_ARCH=${TARGETARCH/amd64/x86_64} && DRIVER_ARCH=${DRIVER_ARCH/arm64/aarch64}\necho \"DRIVER_ARCH is $DRIVER_ARCH\"\n\nSCRIPT_DIR=$( cd -- \"$( dirname -- \"${BASH_SOURCE[0]}\" )\" &> /dev/null && pwd )\nsource $SCRIPT_DIR/common.sh\n\n_update_package_cache() {\n if [ \"${PACKAGE_TAG:-}\" != \"builtin\" ]; then\n echo \"Updating the package cache...\"\n if ! yum -q makecache; then\n echo \"FATAL: failed to reach RHEL package repositories. \"\\\n \"Ensure that the cluster can access the proper networks.\"\n exit 1\n fi\n fi\n}\n\n_cleanup_package_cache() {\n if [ \"${PACKAGE_TAG:-}\" != \"builtin\" ]; then\n echo \"Cleaning up the package cache...\"\n rm -rf /var/cache/yum/*\n fi\n}\n\n_get_rhel_version_from_kernel() {\n local rhel_version_underscore rhel_version_arr\n rhel_version_underscore=$(echo \"${KERNEL_VERSION}\" | sed 's/.*el\\([0-9]\\+_[0-9]\\+\\).*/\\1/g')\n # For e.g. :- from the kernel version 4.18.0-513.9.1.el8_9, we expect to extract the string \"8_9\"\n if [[ ! ${rhel_version_underscore} =~ ^[0-9]+_[0-9]+$ ]]; then\n echo \"Unable to resolve RHEL version from kernel version\" >&2\n return 1\n fi\n IFS='_' read -r -a rhel_version_arr <<< \"$rhel_version_underscore\"\n if [[ ${#rhel_version_arr[@]} -ne 2 ]]; then\n echo \"Unable to resolve RHEL version from kernel version\" >&2\n return 1\n fi\n RHEL_VERSION=\"${rhel_version_arr[0]}.${rhel_version_arr[1]}\"\n echo \"RHEL VERSION successfully resolved from kernel: ${RHEL_VERSION}\"\n return 0\n}\n\n_resolve_rhel_version() {\n _get_rhel_version_from_kernel || RHEL_VERSION=\"${RHEL_MAJOR_VERSION}\"\n # set dnf release version as rhel version by default\n if [[ -z \"${DNF_RELEASEVER}\" ]]; then\n DNF_RELEASEVER=\"${RHEL_VERSION}\"\n fi\n return 0\n}\n\n# Resolve the kernel version to the form major.minor.patch-revision.\n_resolve_kernel_version() {\n echo \"Resolving Linux kernel version...\"\n local version=$(yum -q list available --showduplicates kernel-headers |\n awk -v arch=$(uname -m) 'NR>1 {print $2\".\"arch}' | tac | grep -E -m1 \"^${KERNEL_VERSION/latest/.*}\")\n\n if [ -z \"${version}\" ]; then\n echo \"Could not resolve Linux kernel version\" >&2\n return 1\n fi\n KERNEL_VERSION=\"${version}\"\n echo \"Proceeding with Linux kernel version ${KERNEL_VERSION}\"\n return 0\n}\n\n# Install the kernel modules header/builtin/order files and generate the kernel version string.\n_install_prerequisites() (\n local tmp_dir=$(mktemp -d)\n\n trap \"rm -rf ${tmp_dir}\" EXIT\n cd ${tmp_dir}\n\n echo \"Installing elfutils...\"\n if ! dnf install -q -y elfutils-libelf.$DRIVER_ARCH; then\n echo \"FATAL: failed to install elfutils packages. RHEL entitlement may be improperly deployed.\"\n exit 1\n fi\n if ! dnf install -q -y elfutils-libelf-devel.$DRIVER_ARCH; then\n echo \"FATAL: failed to install elfutils packages. RHEL entitlement may be improperly deployed.\"\n exit 1\n fi \n\n rm -rf /lib/modules/${KERNEL_VERSION}\n mkdir -p /lib/modules/${KERNEL_VERSION}/proc\n\n echo \"Enabling RHOCP and EUS RPM repos...\"\n if [ -n \"${OPENSHIFT_VERSION:-}\" ]; then\n dnf config-manager --set-enabled rhocp-${OPENSHIFT_VERSION}-for-rhel-9-$DRIVER_ARCH-rpms || true\n if ! dnf makecache --releasever=${DNF_RELEASEVER}; then\n dnf config-manager --set-disabled rhocp-${OPENSHIFT_VERSION}-for-rhel-9-$DRIVER_ARCH-rpms || true\n fi\n fi\n\n dnf config-manager --set-enabled rhel-9-for-$DRIVER_ARCH-baseos-eus-rpms || true\n if ! dnf makecache --releasever=${DNF_RELEASEVER}; then\n dnf config-manager --set-disabled rhel-9-for-$DRIVER_ARCH-baseos-eus-rpms || true\n fi\n\n # try with EUS disabled, if it does not work, then try just major version\n if ! dnf makecache --releasever=${DNF_RELEASEVER}; then\n # If pointing to DNF_RELEASEVER does not work, we point to the RHEL_MAJOR_VERSION as a last resort\n if ! dnf makecache --releasever=${RHEL_MAJOR_VERSION}; then\n echo \"FATAL: failed to update the dnf metadata cache after multiple attempts with releasevers ${DNF_RELEASEVER}, ${RHEL_MAJOR_VERSION}\"\n exit 1\n else\n DNF_RELEASEVER=${RHEL_MAJOR_VERSION}\n fi\n fi\n\n echo \"Installing Linux kernel headers...\"\n dnf -q -y --releasever=${DNF_RELEASEVER} install kernel-headers-${KERNEL_VERSION} kernel-devel-${KERNEL_VERSION} --allowerasing > /dev/null\n ln -s /usr/src/kernels/${KERNEL_VERSION} /lib/modules/${KERNEL_VERSION}/build\n\n echo \"Installing Linux kernel module files...\"\n dnf -q -y --releasever=${DNF_RELEASEVER} install kernel-core-${KERNEL_VERSION} > /dev/null\n\n # Prevent depmod from giving a WARNING about missing files\n touch /lib/modules/${KERNEL_VERSION}/modules.order\n touch /lib/modules/${KERNEL_VERSION}/modules.builtin\n\n depmod ${KERNEL_VERSION}\n\n echo \"Generating Linux kernel version string...\"\n if [ \"$TARGETARCH\" = \"arm64\" ]; then\n gunzip -c /lib/modules/${KERNEL_VERSION}/vmlinuz | strings | grep -E '^Linux version' | sed 's/^\\(.*\\)\\s\\+(.*)$/\\1/' > version\n else\n extract-vmlinux /lib/modules/${KERNEL_VERSION}/vmlinuz | strings | grep -E '^Linux version' | sed 's/^\\(.*\\)\\s\\+(.*)$/\\1/' > version\n fi\n if [ -z \"$(<version)\" ]; then\n echo \"Could not locate Linux kernel version string\" >&2\n return 1\n fi\n mv version /lib/modules/${KERNEL_VERSION}/proc\n\n # Parse gcc version\n # gcc_version is expected to match x.y.z\n # current_gcc is expected to match 'gcc-x.y.z-rel.el8.x86_64\n local gcc_version=$(cat /lib/modules/${KERNEL_VERSION}/proc/version | grep -Eo \"gcc \\(GCC\\) ([0-9\\.]+)\" | grep -Eo \"([0-9\\.]+)\")\n local current_gcc=$(rpm -qa gcc)\n echo \"kernel requires gcc version: 'gcc-${gcc_version}', current gcc version is '${current_gcc}'\"\n\n if ! [[ \"${current_gcc}\" =~ \"gcc-${gcc_version}\"-.* ]]; then\n dnf install -q -y --releasever=${DNF_RELEASEVER} \"gcc-${gcc_version}\"\n fi\n)\n\n# Cleanup the prerequisites installed above.\n_remove_prerequisites() {\n true\n if [ \"${PACKAGE_TAG:-}\" != \"builtin\" ]; then\n dnf -q -y remove kernel-headers-${KERNEL_VERSION} kernel-devel-${KERNEL_VERSION} > /dev/null\n # TODO remove module files not matching an existing driver package.\n fi\n}\n\n# Check if the kernel version requires a new precompiled driver packages.\n_kernel_requires_package() {\n local proc_mount_arg=\"\"\n\n echo \"Checking NVIDIA driver packages...\"\n\n [[ ! -d /usr/src/nvidia-${DRIVER_VERSION}/${KERNEL_TYPE} ]] && return 0\n cd /usr/src/nvidia-${DRIVER_VERSION}/${KERNEL_TYPE}\n\n proc_mount_arg=\"--proc-mount-point /lib/modules/${KERNEL_VERSION}/proc\"\n for pkg_name in $(ls -d -1 precompiled/** 2> /dev/null); do\n is_match=$(../mkprecompiled --match ${pkg_name} ${proc_mount_arg})\n if [ \"${is_match}\" == \"kernel interface matches.\" ]; then\n echo \"Found NVIDIA driver package ${pkg_name##*/}\"\n return 1\n fi\n done\n return 0\n}\n\n# Compile the kernel modules, optionally sign them, and generate a precompiled package for use by the nvidia-installer.\n_create_driver_package() (\n local pkg_name=\"nvidia-modules-${KERNEL_VERSION%%-*}${PACKAGE_TAG:+-${PACKAGE_TAG}}\"\n local nvidia_sign_args=\"\"\n local nvidia_modeset_sign_args=\"\"\n local nvidia_uvm_sign_args=\"\"\n\n trap \"make -s -j ${MAX_THREADS} SYSSRC=/lib/modules/${KERNEL_VERSION}/build clean > /dev/null\" EXIT\n\n echo \"Compiling NVIDIA driver kernel modules...\"\n cd /usr/src/nvidia-${DRIVER_VERSION}/${KERNEL_TYPE}\n\n if _gpu_direct_rdma_enabled; then\n ln -s /run/mellanox/drivers/usr/src/ofa_kernel /usr/src/\n # if arch directory exists(MOFED >=5.5) then create a symlink as expected by GPU driver installer\n # This is required as currently GPU driver installer doesn't expect headers in x86_64 folder, but only in either default or kernel-version folder.\n # ls -ltr /usr/src/ofa_kernel/\n # lrwxrwxrwx 1 root root 36 Dec 8 20:10 default -> /etc/alternatives/ofa_kernel_headers\n # drwxr-xr-x 4 root root 4096 Dec 8 20:14 x86_64\n # lrwxrwxrwx 1 root root 44 Dec 9 19:05 5.4.0-90-generic -> /usr/src/ofa_kernel/x86_64/5.4.0-90-generic/\n if [[ -d \"/run/mellanox/drivers/usr/src/ofa_kernel/$(uname -m)/$(uname -r)\" ]]; then\n if [[ ! -e \"/usr/src/ofa_kernel/$(uname -r)\" ]]; then\n ln -s \"/run/mellanox/drivers/usr/src/ofa_kernel/$(uname -m)/$(uname -r)\" /usr/src/ofa_kernel/\n fi\n fi\n fi\n\n make -s -j ${MAX_THREADS} SYSSRC=/lib/modules/${KERNEL_VERSION}/build nv-linux.o nv-modeset-linux.o > /dev/null\n\n echo \"Relinking NVIDIA driver kernel modules...\"\n rm -f nvidia.ko nvidia-modeset.ko\n ld -d -r -o nvidia.ko ./nv-linux.o ./nvidia/nv-kernel.o_binary\n ld -d -r -o nvidia-modeset.ko ./nv-modeset-linux.o ./nvidia-modeset/nv-modeset-kernel.o_binary\n\n if [ -n \"${PRIVATE_KEY}\" ]; then\n echo \"Signing NVIDIA driver kernel modules...\"\n donkey get ${PRIVATE_KEY} sh -c \"PATH=${PATH}:/usr/src/linux-headers-${KERNEL_VERSION}/scripts && \\\n sign-file sha512 \\$DONKEY_FILE pubkey.x509 nvidia.ko nvidia.ko.sign && \\\n sign-file sha512 \\$DONKEY_FILE pubkey.x509 nvidia-modeset.ko nvidia-modeset.ko.sign && \\\n sign-file sha512 \\$DONKEY_FILE pubkey.x509 nvidia-uvm.ko\"\n nvidia_sign_args=\"--linked-module nvidia.ko --signed-module nvidia.ko.sign\"\n nvidia_modeset_sign_args=\"--linked-module nvidia-modeset.ko --signed-module nvidia-modeset.ko.sign\"\n nvidia_uvm_sign_args=\"--signed\"\n fi\n\n echo \"Building NVIDIA driver package ${pkg_name}...\"\n ../mkprecompiled --pack ${pkg_name} --description ${KERNEL_VERSION} \\\n --proc-mount-point /lib/modules/${KERNEL_VERSION}/proc \\\n --driver-version ${DRIVER_VERSION} \\\n --kernel-interface nv-linux.o \\\n --linked-module-name nvidia.ko \\\n --core-object-name nvidia/nv-kernel.o_binary \\\n ${nvidia_sign_args} \\\n --target-directory . \\\n --kernel-interface nv-modeset-linux.o \\\n --linked-module-name nvidia-modeset.ko \\\n --core-object-name nvidia-modeset/nv-modeset-kernel.o_binary \\\n ${nvidia_modeset_sign_args} \\\n --target-directory . \\\n --kernel-module nvidia-uvm.ko \\\n ${nvidia_uvm_sign_args} \\\n --target-directory .\n mkdir -p precompiled\n mv ${pkg_name} precompiled\n)\n\n_assert_nvswitch_system() {\n [ -d /proc/driver/nvidia-nvswitch ] || return 1\n entries=$(ls -1 /proc/driver/nvidia-nvswitch/devices/*)\n if [ -z \"${entries}\" ]; then\n return 1\n fi\n return 0\n}\n\n# For each kernel module configuration file mounted into the container,\n# parse the file contents and extract the custom module parameters that\n# are to be passed as input to 'modprobe'.\n#\n# Assumptions:\n# - Configuration files are named <module-name>.conf (i.e. nvidia.conf, nvidia-uvm.conf).\n# - Configuration files are mounted inside the container at /drivers.\n# - Each line in the file contains at least one parameter, where parameters on the same line\n# are space delimited. It is up to the user to properly format the file to ensure\n# the correct set of parameters are passed to 'modprobe'.\n_get_module_params() {\n local base_path=\"/drivers\"\n # nvidia\n if [ -f \"${base_path}/nvidia.conf\" ]; then\n while IFS=\"\" read -r param || [ -n \"$param\" ]; do\n NVIDIA_MODULE_PARAMS+=(\"$param\")\n done <\"${base_path}/nvidia.conf\"\n echo \"Module parameters provided for nvidia: ${NVIDIA_MODULE_PARAMS[@]}\"\n fi\n # nvidia-uvm\n if [ -f \"${base_path}/nvidia-uvm.conf\" ]; then\n while IFS=\"\" read -r param || [ -n \"$param\" ]; do\n NVIDIA_UVM_MODULE_PARAMS+=(\"$param\")\n done <\"${base_path}/nvidia-uvm.conf\"\n echo \"Module parameters provided for nvidia-uvm: ${NVIDIA_UVM_MODULE_PARAMS[@]}\"\n fi\n # nvidia-modeset\n if [ -f \"${base_path}/nvidia-modeset.conf\" ]; then\n while IFS=\"\" read -r param || [ -n \"$param\" ]; do\n NVIDIA_MODESET_MODULE_PARAMS+=(\"$param\")\n done <\"${base_path}/nvidia-modeset.conf\"\n echo \"Module parameters provided for nvidia-modeset: ${NVIDIA_MODESET_MODULE_PARAMS[@]}\"\n fi\n # nvidia-peermem\n if [ -f \"${base_path}/nvidia-peermem.conf\" ]; then\n while IFS=\"\" read -r param || [ -n \"$param\" ]; do\n NVIDIA_PEERMEM_MODULE_PARAMS+=(\"$param\")\n done <\"${base_path}/nvidia-peermem.conf\"\n echo \"Module parameters provided for nvidia-peermem: ${NVIDIA_PEERMEM_MODULE_PARAMS[@]}\"\n fi\n}\n\n# Load the kernel modules and start persistenced.\n_load_driver() {\n echo \"Parsing kernel module parameters...\"\n _get_module_params\n\n local nv_fw_search_path=\"$RUN_DIR/driver/lib/firmware\"\n local set_fw_path=\"true\"\n local fw_path_config_file=\"/sys/module/firmware_class/parameters/path\"\n for param in \"${NVIDIA_MODULE_PARAMS[@]}\"; do\n if [[ \"$param\" == \"NVreg_EnableGpuFirmware=0\" ]]; then\n set_fw_path=\"false\"\n fi\n done\n\n if [[ \"$set_fw_path\" == \"true\" ]]; then\n echo \"Configuring the following firmware search path in '$fw_path_config_file': $nv_fw_search_path\"\n if [[ ! -z $(grep '[^[:space:]]' $fw_path_config_file) ]]; then\n echo \"WARNING: A search path is already configured in $fw_path_config_file\"\n echo \" Retaining the current configuration\"\n else\n echo -n \"$nv_fw_search_path\" > $fw_path_config_file || echo \"WARNING: Failed to configure the firmware search path\"\n fi\n fi\n\n echo \"Loading ipmi and i2c_core kernel modules...\"\n modprobe -a i2c_core ipmi_msghandler ipmi_devintf\n\n echo \"Loading NVIDIA driver kernel modules...\"\n set -o xtrace +o nounset\n modprobe nvidia \"${NVIDIA_MODULE_PARAMS[@]}\"\n modprobe nvidia-uvm \"${NVIDIA_UVM_MODULE_PARAMS[@]}\"\n modprobe nvidia-modeset \"${NVIDIA_MODESET_MODULE_PARAMS[@]}\"\n set +o xtrace -o nounset\n\n if _gpu_direct_rdma_enabled; then\n echo \"Loading NVIDIA Peer Memory kernel module...\"\n set -o xtrace +o nounset\n modprobe -a nvidia-peermem \"${NVIDIA_PEERMEM_MODULE_PARAMS[@]}\"\n set +o xtrace -o nounset\n fi\n\n echo \"Starting NVIDIA persistence daemon...\"\n nvidia-persistenced --persistence-mode\n\n if [ \"${DRIVER_TYPE}\" = \"vgpu\" ]; then\n echo \"Copying gridd.conf...\"\n cp /drivers/gridd.conf /etc/nvidia/gridd.conf\n if [ \"${VGPU_LICENSE_SERVER_TYPE}\" = \"NLS\" ]; then\n echo \"Copying ClientConfigToken...\"\n mkdir -p /etc/nvidia/ClientConfigToken/\n cp /drivers/ClientConfigToken/* /etc/nvidia/ClientConfigToken/\n fi\n\n echo \"Starting nvidia-gridd..\"\n LD_LIBRARY_PATH=/usr/lib64/nvidia/gridd nvidia-gridd\n\n # Start virtual topology daemon\n _start_vgpu_topology_daemon\n fi\n\n if _assert_nvswitch_system; then\n echo \"Starting NVIDIA fabric manager daemon...\"\n nv-fabricmanager -c /usr/share/nvidia/nvswitch/fabricmanager.cfg\n fi\n}\n\n# Stop persistenced and unload the kernel modules if they are currently loaded.\n_unload_driver() {\n local rmmod_args=()\n local nvidia_deps=0\n local nvidia_refs=0\n local nvidia_uvm_refs=0\n local nvidia_modeset_refs=0\n local nvidia_peermem_refs=0\n\n echo \"Stopping NVIDIA persistence daemon...\"\n if [ -f /var/run/nvidia-persistenced/nvidia-persistenced.pid ]; then\n local pid=$(< /var/run/nvidia-persistenced/nvidia-persistenced.pid)\n\n kill -SIGTERM \"${pid}\"\n for i in $(seq 1 50); do\n kill -0 \"${pid}\" 2> /dev/null || break\n sleep 0.1\n done\n if [ $i -eq 50 ]; then\n echo \"Could not stop NVIDIA persistence daemon\" >&2\n return 1\n fi\n fi\n\n if [ -f /var/run/nvidia-gridd/nvidia-gridd.pid ]; then\n echo \"Stopping NVIDIA grid daemon...\"\n local pid=$(< /var/run/nvidia-gridd/nvidia-gridd.pid)\n\n kill -SIGTERM \"${pid}\"\n for i in $(seq 1 10); do\n kill -0 \"${pid}\" 2> /dev/null || break\n sleep 0.1\n done\n if [ $i -eq 10 ]; then\n echo \"Could not stop NVIDIA Grid daemon\" >&2\n return 1\n fi\n fi\n\n if [ -f /var/run/nvidia-fabricmanager/nv-fabricmanager.pid ]; then\n echo \"Stopping NVIDIA fabric manager daemon...\"\n local pid=$(< /var/run/nvidia-fabricmanager/nv-fabricmanager.pid)\n\n kill -SIGTERM \"${pid}\"\n for i in $(seq 1 50); do\n kill -0 \"${pid}\" 2> /dev/null || break\n sleep 0.1\n done\n if [ $i -eq 50 ]; then\n echo \"Could not stop NVIDIA fabric manager daemon\" >&2\n return 1\n fi\n fi\n\n echo \"Unloading NVIDIA driver kernel modules...\"\n if [ -f /sys/module/nvidia_modeset/refcnt ]; then\n nvidia_modeset_refs=$(< /sys/module/nvidia_modeset/refcnt)\n rmmod_args+=(\"nvidia-modeset\")\n ((++nvidia_deps))\n fi\n if [ -f /sys/module/nvidia_uvm/refcnt ]; then\n nvidia_uvm_refs=$(< /sys/module/nvidia_uvm/refcnt)\n rmmod_args+=(\"nvidia-uvm\")\n ((++nvidia_deps))\n fi\n if [ -f /sys/module/nvidia/refcnt ]; then\n nvidia_refs=$(< /sys/module/nvidia/refcnt)\n rmmod_args+=(\"nvidia\")\n fi\n if [ -f /sys/module/nvidia_peermem/refcnt ]; then\n nvidia_peermem_refs=$(< /sys/module/nvidia_peermem/refcnt)\n rmmod_args+=(\"nvidia-peermem\")\n ((++nvidia_deps))\n fi\n if [ ${nvidia_refs} -gt ${nvidia_deps} ] || [ ${nvidia_uvm_refs} -gt 0 ] || [ ${nvidia_modeset_refs} -gt 0 ] || [ ${nvidia_peermem_refs} -gt 0 ]; then\n echo \"Could not unload NVIDIA driver kernel modules, driver is in use\" >&2\n return 1\n fi\n\n if [ ${#rmmod_args[@]} -gt 0 ]; then\n rmmod ${rmmod_args[@]}\n fi\n return 0\n}\n\n# Link and install the kernel modules from a precompiled package using the nvidia-installer.\n_install_driver() {\n local install_args=()\n\n echo \"Installing NVIDIA driver kernel modules...\"\n cd /usr/src/nvidia-${DRIVER_VERSION}\n rm -rf /lib/modules/${KERNEL_VERSION}/video\n\n if [ \"${ACCEPT_LICENSE}\" = \"yes\" ]; then\n install_args+=(\"--accept-license\")\n fi\n IGNORE_CC_MISMATCH=1 nvidia-installer --kernel-module-only --no-drm --ui=none --no-nouveau-check -m=${KERNEL_TYPE} ${install_args[@]+\"${install_args[@]}\"}\n # May need to add no-cc-check for Rhel, otherwise it complains about cc missing in path\n # /proc/version and lib/modules/KERNEL_VERSION/proc are different, by default installer looks at /proc/ so, added the proc-mount-point\n # TODO: remove the -a flag. its not needed. in the new driver version, license-acceptance is implicit\n #nvidia-installer --kernel-module-only --no-drm --ui=none --no-nouveau-check --no-cc-version-check --proc-mount-point /lib/modules/${KERNEL_VERSION}/proc ${install_args[@]+\"${install_args[@]}\"}\n}\n\n# Mount the driver rootfs into the run directory with the exception of sysfs.\n_mount_rootfs() {\n echo \"Mounting NVIDIA driver rootfs...\"\n mount --make-runbindable /sys\n mount --make-private /sys\n mkdir -p ${RUN_DIR}/driver\n mount --rbind / ${RUN_DIR}/driver\n\n echo \"Check SELinux status\"\n if [ -e /sys/fs/selinux ]; then\n echo \"SELinux is enabled\"\n echo \"Change device files security context for selinux compatibility\"\n chcon -R -t container_file_t ${RUN_DIR}/driver/dev\n else\n echo \"SELinux is disabled, skipping...\"\n fi\n}\n\n# Unmount the driver rootfs from the run directory.\n_unmount_rootfs() {\n echo \"Unmounting NVIDIA driver rootfs...\"\n if findmnt -r -o TARGET | grep \"${RUN_DIR}/driver\" > /dev/null; then\n umount -l -R ${RUN_DIR}/driver\n fi\n}\n\n# Write a kernel postinst.d script to automatically precompile packages on kernel update (similar to DKMS).\n_write_kernel_update_hook() {\n if [ ! -d ${KERNEL_UPDATE_HOOK%/*} ]; then\n return\n fi\n\n echo \"Writing kernel update hook...\"\n cat > ${KERNEL_UPDATE_HOOK} <<'EOF'\n#!/bin/bash\n\nset -eu\ntrap 'echo \"ERROR: Failed to update the NVIDIA driver\" >&2; exit 0' ERR\n\nNVIDIA_DRIVER_PID=$(< /run/nvidia/nvidia-driver.pid)\n\nexport \"$(grep -z DRIVER_VERSION /proc/${NVIDIA_DRIVER_PID}/environ)\"\nnsenter -t \"${NVIDIA_DRIVER_PID}\" -m -- nvidia-driver update --kernel \"$1\"\nEOF\n chmod +x ${KERNEL_UPDATE_HOOK}\n}\n\n_shutdown() {\n if _unload_driver; then\n _unmount_rootfs\n rm -f ${PID_FILE} ${KERNEL_UPDATE_HOOK}\n return 0\n fi\n return 1\n}\n\n_find_vgpu_driver_version() {\n local count=\"\"\n local version=\"\"\n local drivers_path=\"/drivers\"\n\n if [ \"${DISABLE_VGPU_VERSION_CHECK}\" = \"true\" ]; then\n echo \"vgpu version compatibility check is disabled\"\n return 0\n fi\n # check if vgpu devices are present\n count=$(vgpu-util count)\n if [ $? -ne 0 ]; then\n echo \"cannot find vgpu devices on host, pleae check /var/log/vgpu-util.log for more details...\"\n return 0\n fi\n NUM_VGPU_DEVICES=$(echo \"$count\" | awk -F= '{print $2}')\n if [ $NUM_VGPU_DEVICES -eq 0 ]; then\n # no vgpu devices found, treat as passthrough\n return 0\n fi\n echo \"found $NUM_VGPU_DEVICES vgpu devices on host\"\n\n # find compatible guest driver using driver catalog\n if [ -d \"/mnt/shared-nvidia-driver-toolkit/drivers\" ]; then\n drivers_path=\"/mnt/shared-nvidia-driver-toolkit/drivers\"\n fi\n version=$(vgpu-util match -i \"${drivers_path}\" -c \"${drivers_path}/vgpuDriverCatalog.yaml\")\n if [ $? -ne 0 ]; then\n echo \"cannot find match for compatible vgpu driver from available list, please check /var/log/vgpu-util.log for more details...\"\n return 1\n fi\n DRIVER_VERSION=$(echo \"$version\" | awk -F= '{print $2}')\n echo \"vgpu driver version selected: ${DRIVER_VERSION}\"\n return 0\n}\n\n_start_vgpu_topology_daemon() {\n type nvidia-topologyd > /dev/null 2>&1 || return 0\n echo \"Starting nvidia-topologyd..\"\n nvidia-topologyd\n}\n\n_prepare() {\n if [ \"${DRIVER_TYPE}\" = \"vgpu\" ]; then\n _find_vgpu_driver_version || exit 1\n fi\n\n # Install the userspace components and copy the kernel module sources.\n sh NVIDIA-Linux-$DRIVER_ARCH-$DRIVER_VERSION.run -x && \\\n cd NVIDIA-Linux-$DRIVER_ARCH-$DRIVER_VERSION && \\\n sh /tmp/install.sh nvinstall && \\\n mkdir -p /usr/src/nvidia-$DRIVER_VERSION && \\\n mv LICENSE mkprecompiled ${KERNEL_TYPE} /usr/src/nvidia-$DRIVER_VERSION && \\\n sed '9,${/^\\(kernel\\|LICENSE\\)/!d}' .manifest > /usr/src/nvidia-$DRIVER_VERSION/.manifest\n\n echo -e \"\\n========== NVIDIA Software Installer ==========\\n\"\n echo -e \"Starting installation of NVIDIA driver version ${DRIVER_VERSION} for Linux kernel version ${KERNEL_VERSION}\\n\"\n}\n\n_prepare_exclusive() {\n _prepare\n\n exec 3> ${PID_FILE}\n if ! flock -n 3; then\n echo \"An instance of the NVIDIA driver is already running, aborting\"\n exit 1\n fi\n echo $$ >&3\n\n trap \"echo 'Caught signal'; exit 1\" HUP INT QUIT PIPE TERM\n trap \"_shutdown\" EXIT\n\n _unload_driver || exit 1\n _unmount_rootfs\n}\n\n_build() {\n # Install dependencies\n if _kernel_requires_package; then\n _update_package_cache\n _install_prerequisites\n _create_driver_package\n #_remove_prerequisites\n _cleanup_package_cache\n fi\n\n # Build the driver\n _install_driver\n}\n\n_load() {\n _load_driver\n _mount_rootfs\n _write_kernel_update_hook\n\n echo \"Done, now waiting for signal\"\n sleep infinity &\n trap \"echo 'Caught signal'; _shutdown && { kill $!; exit 0; }\" HUP INT QUIT PIPE TERM\n trap - EXIT\n while true; do wait $! || continue; done\n exit 0\n}\n\ninit() {\n _prepare_exclusive\n\n _build\n\n _load\n}\n\nbuild() {\n _prepare\n\n _build\n}\n\nload() {\n _prepare_exclusive\n\n _load\n}\n\nupdate() {\n exec 3>&2\n if exec 2> /dev/null 4< ${PID_FILE}; then\n if ! flock -n 4 && read pid <&4 && kill -0 \"${pid}\"; then\n exec > >(tee -a \"/proc/${pid}/fd/1\")\n exec 2> >(tee -a \"/proc/${pid}/fd/2\" >&3)\n else\n exec 2>&3\n fi\n exec 4>&-\n fi\n exec 3>&-\n\n # vgpu driver version is chosen dynamically during runtime, so pre-compile modules for\n # only non-vgpu driver types\n if [ \"${DRIVER_TYPE}\" != \"vgpu\" ]; then\n # Install the userspace components and copy the kernel module sources.\n if [ ! -e /usr/src/nvidia-${DRIVER_VERSION}/mkprecompiled ]; then\n sh NVIDIA-Linux-$DRIVER_ARCH-$DRIVER_VERSION.run -x && \\\n cd NVIDIA-Linux-$DRIVER_ARCH-$DRIVER_VERSION && \\\n sh /tmp/install.sh nvinstall && \\\n mkdir -p /usr/src/nvidia-$DRIVER_VERSION && \\\n mv LICENSE mkprecompiled ${KERNEL_TYPE} /usr/src/nvidia-$DRIVER_VERSION && \\\n sed '9,${/^\\(kernel\\|LICENSE\\)/!d}' .manifest > /usr/src/nvidia-$DRIVER_VERSION/.manifest\n fi\n fi\n\n echo -e \"\\n========== NVIDIA Software Updater ==========\\n\"\n echo -e \"Starting update of NVIDIA driver version ${DRIVER_VERSION} for Linux kernel version ${KERNEL_VERSION}\\n\"\n\n trap \"echo 'Caught signal'; exit 1\" HUP INT QUIT PIPE TERM\n\n _update_package_cache\n _resolve_kernel_version || exit 1\n _install_prerequisites\n if _kernel_requires_package; then\n _create_driver_package\n fi\n _remove_prerequisites\n _cleanup_package_cache\n\n echo \"Done\"\n exit 0\n}\n\n# Wait for MOFED drivers to be loaded and load nvidia-peermem whenever it gets unloaded during MOFED driver updates\nreload_nvidia_peermem() {\n if [ \"$USE_HOST_MOFED\" = \"true\" ]; then\n until lsmod | grep mlx5_core > /dev/null 2>&1 && [ -f /run/nvidia/validations/.driver-ctr-ready ];\n do\n echo \"waiting for mellanox ofed and nvidia drivers to be installed\"\n sleep 10\n done\n else\n # use driver readiness flag created by MOFED container\n until [ -f /run/mellanox/drivers/.driver-ready ] && [ -f /run/nvidia/validations/.driver-ctr-ready ];\n do\n echo \"waiting for mellanox ofed and nvidia drivers to be installed\"\n sleep 10\n done\n fi\n # get any parameters provided for nvidia-peermem\n _get_module_params && set +o nounset\n if chroot /run/nvidia/driver modprobe nvidia-peermem \"${NVIDIA_PEERMEM_MODULE_PARAMS[@]}\"; then\n if [ -f /sys/module/nvidia_peermem/refcnt ]; then\n echo \"successfully loaded nvidia-peermem module, now waiting for signal\"\n sleep inf\n trap \"echo 'Caught signal'; exit 1\" HUP INT QUIT PIPE TERM\n fi\n fi\n echo \"failed to load nvidia-peermem module\"\n exit 1\n}\n\n# probe by gpu-operator for liveness/startup checks for nvidia-peermem module to be loaded when MOFED drivers are ready\nprobe_nvidia_peermem() {\n if lsmod | grep mlx5_core > /dev/null 2>&1; then\n if [ ! -f /sys/module/nvidia_peermem/refcnt ]; then\n echo \"nvidia-peermem module is not loaded\"\n return 1\n fi\n else\n echo \"MOFED drivers are not ready, skipping probe to avoid container restarts...\"\n fi\n return 0\n}\n\nusage() {\n cat >&2 <<EOF\nUsage: $0 COMMAND [ARG...]\n\nCommands:\n init [-a | --accept-license] [-m | --max-threads MAX_THREADS]\n build [-a | --accept-license] [-m | --max-threads MAX_THREADS]\n load\n update [-k | --kernel VERSION] [-s | --sign KEYID] [-t | --tag TAG] [-m | --max-threads MAX_THREADS]\nEOF\n exit 1\n}\n\nif [ $# -eq 0 ]; then\n usage\nfi\ncommand=$1; shift\ncase \"${command}\" in\n init) options=$(getopt -l accept-license,max-threads: -o am: -- \"$@\") ;;\n build) options=$(getopt -l accept-license,tag:,max-threads: -o a:t:m: -- \"$@\") ;;\n load) options=\"\" ;;\n update) options=$(getopt -l kernel:,sign:,tag:,max-threads: -o k:s:t:m: -- \"$@\") ;;\n reload_nvidia_peermem) options=\"\" ;;\n probe_nvidia_peermem) options=\"\" ;;\n *) usage ;;\nesac\nif [ $? -ne 0 ]; then\n usage\nfi\neval set -- \"${options}\"\n\nACCEPT_LICENSE=\"\"\nMAX_THREADS=\"\"\nKERNEL_VERSION=$(uname -r)\nPRIVATE_KEY=\"\"\nPACKAGE_TAG=\"\"\n\nfor opt in ${options}; do\n case \"$opt\" in\n -a | --accept-license) ACCEPT_LICENSE=\"yes\"; shift 1 ;;\n -k | --kernel) KERNEL_VERSION=$2; shift 2 ;;\n -m | --max-threads) MAX_THREADS=$2; shift 2 ;;\n -s | --sign) PRIVATE_KEY=$2; shift 2 ;;\n -t | --tag) PACKAGE_TAG=$2; shift 2 ;;\n --) shift; break ;;\n esac\ndone\nif [ $# -ne 0 ]; then\n usage\nfi\n\n_resolve_rhel_version || exit 1\n\n$command\n
\u4f7f\u7528\u5b98\u65b9\u7684\u955c\u50cf\u6765\u4e8c\u6b21\u6784\u5efa\u81ea\u5b9a\u4e49\u955c\u50cf\uff0c\u5982\u4e0b\u662f\u4e00\u4e2a Dockerfile
\u6587\u4ef6\u7684\u5185\u5bb9\uff1a
FROM nvcr.io/nvidia/driver:535.183.06-rhel9.2\nCOPY nvidia-driver /usr/local/bin\nRUN chmod +x /usr/local/bin/nvidia-driver\nCMD [\"/bin/bash\", \"-c\"]\n
\u6784\u5efa\u547d\u4ee4\u5e76\u63a8\u9001\u5230\u706b\u79cd\u96c6\u7fa4\uff1a
docker build -t {\u706b\u79cdregistry}/nvcr.m.daocloud.io/nvidia/driver:535.183.06-01-rhel9.2 -f Dockerfile .\ndocker push {\u706b\u79cdregistry}/nvcr.m.daocloud.io/nvidia/driver:535.183.06-01-rhel9.2\n
"},{"location":"end-user/kpanda/gpu/nvidia/rhel9.2_offline_install_driver.html#_2","title":"\u5b89\u88c5\u9a71\u52a8","text":"driver.version=535.183.06-01
\u524d\u63d0\u6761\u4ef6\uff1a\u5df2\u5b89\u88c5 gpu-operator v23.9.0+2 \u53ca\u66f4\u9ad8\u7248\u672c
"},{"location":"end-user/kpanda/gpu/nvidia/ubuntu22.04_offline_install_driver.html#_1","title":"\u51c6\u5907\u79bb\u7ebf\u955c\u50cf","text":"\u67e5\u770b\u5185\u6838\u7248\u672c
$ uname -r\n5.15.0-78-generic\n
\u67e5\u770b\u5185\u6838\u5bf9\u5e94\u7684 GPU Driver \u955c\u50cf\u7248\u672c\uff0c https://catalog.ngc.nvidia.com/orgs/nvidia/containers/driver/tags
\u3002 \u4f7f\u7528\u5185\u6838\u67e5\u8be2\u955c\u50cf\u7248\u672c\uff0c\u901a\u8fc7 ctr export
\u4fdd\u5b58\u955c\u50cf\u3002
ctr i pull nvcr.io/nvidia/driver:535-5.15.0-78-generic-ubuntu22.04\nctr i export --all-platforms driver.tar.gz nvcr.io/nvidia/driver:535-5.15.0-78-generic-ubuntu22.04 \n
\u628a\u955c\u50cf\u5bfc\u5165\u5230\u706b\u79cd\u96c6\u7fa4\u7684\u955c\u50cf\u4ed3\u5e93\u4e2d
ctr i import driver.tar.gz\nctr i tag nvcr.io/nvidia/driver:535-5.15.0-78-generic-ubuntu22.04 {\u706b\u79cdregistry}/nvcr.m.daocloud.io/nvidia/driver:535-5.15.0-78-generic-ubuntu22.04\nctr i push {\u706b\u79cdregistry}/nvcr.m.daocloud.io/nvidia/driver:535-5.15.0-78-generic-ubuntu22.04 --skip-verify=true\n
driver.usePrecompiled=true
,\u5e76\u8bbe\u7f6e driver.version=535
\uff0c\u8fd9\u91cc\u8981\u6ce8\u610f\uff0c\u5199\u7684\u662f 535\uff0c\u4e0d\u662f 535.104.12\u3002\uff08\u975e\u9884\u7f16\u8bd1\u6a21\u5f0f\u8df3\u8fc7\u6b64\u6b65\uff0c\u76f4\u63a5\u5b89\u88c5\u5373\u53ef\uff09\u5f53\u5de5\u4f5c\u8282\u70b9\u7684\u5185\u6838\u7248\u672c\u4e0e\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u7684\u63a7\u5236\u8282\u70b9\u5185\u6838\u7248\u672c\u6216 OS \u7c7b\u578b\u4e0d\u4e00\u81f4\u65f6\uff0c\u9700\u8981\u7528\u6237\u624b\u52a8\u6784\u5efa\u79bb\u7ebf yum \u6e90\u3002
\u672c\u6587\u4ecb\u7ecd\u5982\u4f55\u6784\u5efa\u79bb\u7ebf yum \u6e90\uff0c \u5e76\u5728\u5b89\u88c5 Gpu Operator \u65f6\uff0c\u901a\u8fc7 RepoConfig.ConfigMapName
\u53c2\u6570\u6765\u4f7f\u7528\u3002
\u672c\u6587\u4ee5\u5185\u6838\u7248\u672c\u4e3a 3.10.0-1160.95.1.el7.x86_64
\u7684 CentOS 7.9 \u8282\u70b9\u4e3a\u4f8b\uff0c\u4ecb\u7ecd\u5982\u4f55\u6784\u5efa GPU operator \u79bb\u7ebf\u5305\u7684 yum \u6e90\u3002
\u5206\u522b\u5728\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u7684\u63a7\u5236\u8282\u70b9\u548c\u5f85\u90e8\u7f72 GPU Operator \u7684\u8282\u70b9\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u82e5\u4e24\u4e2a\u8282\u70b9\u7684 OS \u548c\u5185\u6838\u7248\u672c\u4e00\u81f4\u5219\u65e0\u9700\u6784\u5efa yum \u6e90\uff0c \u53ef\u53c2\u8003\u79bb\u7ebf\u5b89\u88c5 GPU Operator \u6587\u6863\u76f4\u63a5\u5b89\u88c5\uff1b\u82e5\u4e24\u4e2a\u8282\u70b9\u7684 OS \u6216\u5185\u6838\u7248\u672c\u4e0d\u4e00\u81f4\uff0c\u8bf7\u6267\u884c\u4e0b\u4e00\u6b65\u3002
\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u67e5\u770b\u96c6\u7fa4\u4e0b\u5f85\u90e8\u7f72 GPU Operator \u8282\u70b9\u7684\u53d1\u884c\u7248\u540d\u79f0\u548c\u7248\u672c\u53f7\u3002
cat /etc/redhat-release\n
\u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a
CentOS Linux release 7.9 (Core)\n
\u8f93\u51fa\u7ed3\u679c\u4e3a\u5f53\u524d\u8282\u70b9\u5185\u6838\u7248\u672c CentOS 7.9
\u3002
\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u67e5\u770b\u96c6\u7fa4\u4e0b\u5f85\u90e8\u7f72 GPU Operator \u8282\u70b9\u7684\u5185\u6838\u7248\u672c\u3002
uname -a\n
\u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a
Linux localhost.localdomain 3.10.0-1160.95.1.el7.x86_64 #1 SMP Mon Oct 19 16:18:59 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux\n
\u8f93\u51fa\u7ed3\u679c\u4e3a\u5f53\u524d\u8282\u70b9\u5185\u6838\u7248\u672c 3.10.0-1160.el7.x86_64
\u3002
\u5728\u4e00\u4e2a\u80fd\u591f\u8bbf\u95ee\u4e92\u8054\u7f51\u548c\u6587\u4ef6\u670d\u52a1\u5668\u7684\u8282\u70b9\u4e0a\u8fdb\u884c\u64cd\u4f5c\u3002
\u5728\u4e00\u4e2a\u80fd\u591f\u8bbf\u95ee\u4e92\u8054\u7f51\u548c\u6587\u4ef6\u670d\u52a1\u5668\u7684\u8282\u70b9\u4e0a\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u65b0\u5efa\u4e00\u4e2a\u540d\u4e3a yum.sh \u7684\u811a\u672c\u6587\u4ef6\u3002
vi yum.sh\n
\u7136\u540e\u6309\u4e0b i \u952e\u8fdb\u5165\u63d2\u5165\u6a21\u5f0f\uff0c\u8f93\u5165\u4ee5\u4e0b\u5185\u5bb9\uff1a
export TARGET_KERNEL_VERSION=$1\n\ncat >> run.sh << \\EOF\n#! /bin/bash\necho \"start install kernel repo\"\necho ${KERNEL_VERSION}\nmkdir centos-base\n\nif [ \"$OS\" -eq 7 ]; then\n yum install --downloadonly --downloaddir=./centos-base perl\n yum install --downloadonly --downloaddir=./centos-base elfutils-libelf.x86_64\n yum install --downloadonly --downloaddir=./redhat-base elfutils-libelf-devel.x86_64\n yum install --downloadonly --downloaddir=./centos-base kernel-headers-${KERNEL_VERSION}.el7.x86_64\n yum install --downloadonly --downloaddir=./centos-base kernel-devel-${KERNEL_VERSION}.el7.x86_64\n yum install --downloadonly --downloaddir=./centos-base kernel-${KERNEL_VERSION}.el7.x86_64\n yum install -y --downloadonly --downloaddir=./centos-base groff-base\nelif [ \"$OS\" -eq 8 ]; then\n yum install --downloadonly --downloaddir=./centos-base perl\n yum install --downloadonly --downloaddir=./centos-base elfutils-libelf.x86_64\n yum install --downloadonly --downloaddir=./redhat-base elfutils-libelf-devel.x86_64\n yum install --downloadonly --downloaddir=./centos-base kernel-headers-${KERNEL_VERSION}.el8.x86_64\n yum install --downloadonly --downloaddir=./centos-base kernel-devel-${KERNEL_VERSION}.el8.x86_64\n yum install --downloadonly --downloaddir=./centos-base kernel-${KERNEL_VERSION}.el8.x86_64\n yum install -y --downloadonly --downloaddir=./centos-base groff-base\nelse\n echo \"Error os version\"\nfi\n\ncreaterepo centos-base/\nls -lh centos-base/\ntar -zcf centos-base.tar.gz centos-base/\necho \"end install kernel repo\"\nEOF\n\ncat >> Dockerfile << EOF\nFROM centos:7\nENV KERNEL_VERSION=\"\"\nENV OS=7\nRUN yum install -y createrepo\nCOPY run.sh .\nENTRYPOINT [\"/bin/bash\",\"run.sh\"]\nEOF\n\ndocker build -t test:v1 -f Dockerfile .\ndocker run -e KERNEL_VERSION=$TARGET_KERNEL_VERSION --name centos7.9 test:v1\ndocker cp centos7.9:/centos-base.tar.gz .\ntar -xzf centos-base.tar.gz\n
\u6309\u4e0b esc \u952e\u9000\u51fa\u63d2\u5165\u6a21\u5f0f\uff0c\u7136\u540e\u8f93\u5165 __ :wq__ \u4fdd\u5b58\u5e76\u9000\u51fa\u3002
\u8fd0\u884c yum.sh \u6587\u4ef6\uff1a
bash -x yum.sh TARGET_KERNEL_VERSION\n
TARGET_KERNEL_VERSION
\u53c2\u6570\u7528\u4e8e\u6307\u5b9a\u96c6\u7fa4\u8282\u70b9\u7684\u5185\u6838\u7248\u672c\uff0c\u6ce8\u610f\uff1a\u53d1\u884c\u7248\u6807\u8bc6\u7b26\uff08\u5982 __ .el7.x86_64 __ \uff09\u65e0\u9700\u8f93\u5165\u3002 \u4f8b\u5982\uff1a
bash -x yum.sh 3.10.0-1160.95.1\n
\u81f3\u6b64\uff0c\u60a8\u5df2\u7ecf\u751f\u6210\u4e86\u5185\u6838\u4e3a 3.10.0-1160.95.1.el7.x86_64 \u7684\u79bb\u7ebf\u7684 yum \u6e90\uff1a centos-base \u3002
"},{"location":"end-user/kpanda/gpu/nvidia/upgrade_yum_source_centos7_9.html#yum_1","title":"\u4e0a\u4f20\u79bb\u7ebf yum \u6e90\u5230\u6587\u4ef6\u670d\u52a1\u5668","text":"\u5728\u4e00\u4e2a\u80fd\u591f\u8bbf\u95ee\u4e92\u8054\u7f51\u548c\u6587\u4ef6\u670d\u52a1\u5668\u7684\u8282\u70b9\u4e0a\u8fdb\u884c\u64cd\u4f5c\u3002\u4e3b\u8981\u7528\u4e8e\u5c06\u4e0a\u4e00\u6b65\u4e2d\u751f\u6210\u7684 yum \u6e90\u4e0a\u4f20\u5230\u53ef\u4ee5\u88ab\u5f85\u90e8\u7f72 GPU Operator \u7684\u96c6\u7fa4\u8fdb\u884c\u8bbf\u95ee\u7684\u6587\u4ef6\u670d\u52a1\u5668\u4e2d\u3002 \u6587\u4ef6\u670d\u52a1\u5668\u53ef\u4ee5\u4e3a Nginx \u3001 Minio \u6216\u5176\u5b83\u652f\u6301 Http \u534f\u8bae\u7684\u6587\u4ef6\u670d\u52a1\u5668\u3002
\u672c\u64cd\u4f5c\u793a\u4f8b\u91c7\u7528\u7684\u662f\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u706b\u79cd\u8282\u70b9\u5185\u7f6e\u7684 Minio \u4f5c\u4e3a\u6587\u4ef6\u670d\u52a1\u5668\uff0cMinio \u76f8\u5173\u4fe1\u606f\u5982\u4e0b\uff1a
http://10.5.14.200:9000\uff08\u4e00\u822c\u4e3a{\u706b\u79cd\u8282\u70b9 IP} + {9000 \u7aef\u53e3}\uff09
\u767b\u5f55\u5bc6\u7801\uff1arootpass123
\u5728\u8282\u70b9\u5f53\u524d\u8def\u5f84\u4e0b\uff0c\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u5c06\u8282\u70b9\u672c\u5730 mc \u547d\u4ee4\u884c\u5de5\u5177\u548c minio \u670d\u52a1\u5668\u5efa\u7acb\u94fe\u63a5\u3002
mc config host add minio http://10.5.14.200:9000 rootuser rootpass123\n
\u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a
Added `minio` successfully.\n
mc \u547d\u4ee4\u884c\u5de5\u5177\u662f Minio \u6587\u4ef6\u670d\u52a1\u5668\u63d0\u4f9b\u7684\u5ba2\u6237\u7aef\u547d\u4ee4\u884c\u5de5\u5177\uff0c\u8be6\u60c5\u8bf7\u53c2\u8003\uff1a MinIO Client\u3002
\u5728\u8282\u70b9\u5f53\u524d\u8def\u5f84\u4e0b\uff0c\u65b0\u5efa\u4e00\u4e2a\u540d\u4e3a centos-base \u7684\u5b58\u50a8\u6876\uff08bucket\uff09\u3002
mc mb -p minio/centos-base\n
\u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a
Bucket created successfully __minio/centos-base__ .\n
\u5c06\u5b58\u50a8\u6876 centos-base \u7684\u8bbf\u95ee\u7b56\u7565\u8bbe\u7f6e\u4e3a\u5141\u8bb8\u516c\u5f00\u4e0b\u8f7d\u3002\u4ee5\u4fbf\u5728\u540e\u671f\u5b89\u88c5 GPU-operator \u65f6\u80fd\u591f\u88ab\u8bbf\u95ee\u3002
mc anonymous set download minio/centos-base\n
\u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a
Access permission for `minio/centos-base` is set to `download` \n
\u5728\u8282\u70b9\u5f53\u524d\u8def\u5f84\u4e0b\uff0c\u5c06\u6b65\u9aa4\u4e8c\u751f\u6210\u7684\u79bb\u7ebf yum \u6e90\u6587\u4ef6 centos-base \u590d\u5236\u5230 minio \u670d\u52a1\u5668\u7684 minio/centos-base \u5b58\u50a8\u6876\u4e2d\u3002
mc cp centos-base minio/centos-base --recursive\n
\u5728\u5f85\u90e8\u7f72 GPU Operator \u96c6\u7fa4\u7684\u63a7\u5236\u8282\u70b9\u4e0a\u8fdb\u884c\u64cd\u4f5c\u3002
\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u521b\u5efa\u540d\u4e3a CentOS-Base.repo \u7684\u6587\u4ef6\uff0c\u7528\u6765\u6307\u5b9a yum \u6e90\u5b58\u50a8\u7684\u914d\u7f6e\u4fe1\u606f\u3002
# \u6587\u4ef6\u540d\u79f0\u5fc5\u987b\u4e3a CentOS-Base.repo\uff0c\u5426\u5219\u5b89\u88c5 gpu-operator \u65f6\u65e0\u6cd5\u88ab\u8bc6\u522b\ncat > CentOS-Base.repo << EOF\n[extension-0]\nbaseurl = http://10.5.14.200:9000/centos-base/centos-base #\u6b65\u9aa4\u4e09\u4e2d\uff0c\u653e\u7f6e yum \u6e90\u7684\u6587\u4ef6\u670d\u52a1\u5668\u5730\u5740\ngpgcheck = 0\nname = kubean extension 0\n\n[extension-1]\nbaseurl = http://10.5.14.200:9000/centos-base/centos-base #\u6b65\u9aa4\u4e09\u4e2d\uff0c\u653e\u7f6e yum \u6e90\u7684\u6587\u4ef6\u670d\u52a1\u5668\u5730\u5740\ngpgcheck = 0\nname = kubean extension 1\nEOF\n
\u57fa\u4e8e\u521b\u5efa\u7684 CentOS-Base.repo \u6587\u4ef6\uff0c\u5728 gpu-operator \u547d\u540d\u7a7a\u95f4\u4e0b\uff0c\u521b\u5efa\u540d\u4e3a local-repo-config \u7684\u914d\u7f6e\u6587\u4ef6\uff1a
kubectl create configmap local-repo-config -n gpu-operator --from-file=CentOS-Base.repo=/etc/yum.repos.d/extension.repo\n
\u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a
configmap/local-repo-config created\n
local-repo-config \u914d\u7f6e\u6587\u4ef6\u7528\u4e8e\u5728\u5b89\u88c5 gpu-operator \u65f6\uff0c\u63d0\u4f9b RepoConfig.ConfigMapName
\u53c2\u6570\u7684\u503c\uff0c\u914d\u7f6e\u6587\u4ef6\u540d\u79f0\u7528\u6237\u53ef\u81ea\u5b9a\u4e49\u3002
\u67e5\u770b local-repo-config \u7684\u914d\u7f6e\u6587\u4ef6\u7684\u5185\u5bb9\uff1a
kubectl get configmap local-repo-config -n gpu-operator -oyaml\n
\u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a
apiVersion: v1\ndata:\nCentOS-Base.repo: \"[extension-0]\\nbaseurl = http://10.6.232.5:32618/centos-base#\u6b65\u9aa4\u4e8c\u4e2d\uff0c\u653e\u7f6e yum \u6e90\u7684\u6587\u4ef6\u670d\u52a1\u5668\u8def\u5f84\\ngpgcheck = 0\\nname = kubean extension 0\\n \\n[extension-1]\\nbaseurl\n = http://10.6.232.5:32618/centos-base #\u6b65\u9aa4\u4e8c\u4e2d\uff0c\u653e\u7f6e yum \u6e90\u7684\u6587\u4ef6\u670d\u52a1\u5668\u8def\u5f84\\ngpgcheck = 0\\nname\n = kubean extension 1\\n\"\nkind: ConfigMap\nmetadata:\ncreationTimestamp: \"2023-10-18T01:59:02Z\"\nname: local-repo-config\nnamespace: gpu-operator\nresourceVersion: \"59445080\"\nuid: c5f0ebab-046f-442c-b932-f9003e014387\n
\u81f3\u6b64\uff0c\u60a8\u5df2\u6210\u529f\u4e3a\u5f85\u90e8\u7f72 GPU Operator \u7684\u96c6\u7fa4\u521b\u5efa\u4e86\u79bb\u7ebf yum \u6e90\u914d\u7f6e\u6587\u4ef6\u3002 \u901a\u8fc7\u5728\u79bb\u7ebf\u5b89\u88c5 GPU Operator \u65f6\u901a\u8fc7 RepoConfig.ConfigMapName
\u53c2\u6570\u6765\u4f7f\u7528\u3002
\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u9884\u7f6e\u4e86 CentOS 7.9\uff0c\u5185\u6838\u4e3a 3.10.0-1160 \u7684 GPU operator \u79bb\u7ebf\u5305\u3002\u5176\u5b83 OS \u7c7b\u578b\u7684\u8282\u70b9\u6216\u5185\u6838\u9700\u8981\u7528\u6237\u624b\u52a8\u6784\u5efa\u79bb\u7ebf yum \u6e90\u3002
\u672c\u6587\u4ecb\u7ecd\u5982\u4f55\u57fa\u4e8e\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4efb\u610f\u8282\u70b9\u6784\u5efa Red Hat 8.4 \u79bb\u7ebf yum \u6e90\u5305\uff0c\u5e76\u5728\u5b89\u88c5 Gpu Operator \u65f6\uff0c\u901a\u8fc7 RepoConfig.ConfigMapName
\u53c2\u6570\u6765\u4f7f\u7528\u3002
\u672c\u6587\u4ee5 Red Hat 8.4 4.18.0-305.el8.x86_64 \u8282\u70b9\u4e3a\u4f8b\uff0c\u4ecb\u7ecd\u5982\u4f55\u57fa\u4e8e\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4efb\u610f\u8282\u70b9\u6784\u5efa Red Hat 8.4 \u79bb\u7ebf yum \u6e90\u5305\uff0c \u5e76\u5728\u5b89\u88c5 Gpu Operator \u65f6\uff0c\u901a\u8fc7 RepoConfig.ConfigMapName
\u53c2\u6570\u6765\u4f7f\u7528\u3002
\u4ee5\u4e0b\u64cd\u4f5c\u5728\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u7684 master \u8282\u70b9\u4e0a\u6267\u884c\u3002
\u4f7f\u7528 ssh \u6216\u5176\u5b83\u65b9\u5f0f\u8fdb\u5165\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u5185\u4efb\u4e00\u8282\u70b9\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff1a
cat /etc/yum.repos.d/extension.repo #\u67e5\u770b extension.repo \u4e2d\u7684\u5185\u5bb9\n
\u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a
[extension-0]\nbaseurl = http://10.5.14.200:9000/kubean/redhat/$releasever/os/$basearch\ngpgcheck = 0\nname = kubean extension 0\n\n[extension-1]\nbaseurl = http://10.5.14.200:9000/kubean/redhat-iso/$releasever/os/$basearch/AppStream\ngpgcheck = 0\nname = kubean extension 1\n\n[extension-2]\nbaseurl = http://10.5.14.200:9000/kubean/redhat-iso/$releasever/os/$basearch/BaseOS\ngpgcheck = 0\nname = kubean extension 2\n
\u5728 root \u8def\u5f84\u4e0b\u65b0\u5efa\u4e00\u4e2a\u540d\u4e3a redhat-base-repo \u7684\u6587\u4ef6\u5939
mkdir redhat-base-repo\n
\u4e0b\u8f7d yum \u6e90\u4e2d\u7684 rpm \u5305\u5230\u672c\u5730\uff1a
yum install yum-utils\n
\u4e0b\u8f7d extension-1 \u4e2d\u7684 rpm \u5305\uff1a
reposync -p redhat-base-repo -n --repoid=extension-1\n
\u4e0b\u8f7d extension-2 \u4e2d\u7684 rpm \u5305\uff1a
reposync -p redhat-base-repo -n --repoid=extension-2\n
\u4ee5\u4e0b\u64cd\u4f5c\u5728\u8054\u7f51\u8282\u70b9\u6267\u884c\u64cd\u4f5c\uff0c\u5728\u64cd\u4f5c\u524d\uff0c\u60a8\u9700\u8981\u4fdd\u8bc1\u8054\u7f51\u8282\u70b9\u548c\u5168\u5c40\u670d\u52a1\u96c6\u7fa4 master \u8282\u70b9\u95f4\u7684\u7f51\u7edc\u8054\u901a\u6027\u3002
\u5728\u8054\u7f51\u8282\u70b9\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u4e0b\u8f7d elfutils-libelf-devel-0.187-4.el8.x86_64.rpm \u5305\uff1a
wget https://rpmfind.net/linux/centos/8-stream/BaseOS/x86_64/os/Packages/elfutils-libelf-devel-0.187-4.el8.x86_64.rpm\n
\u5728\u5f53\u524d\u76ee\u5f55\u4e0b\u5c06 elfutils-libelf-devel-0.187-4.el8.x86_64.rpm \u5305\u4f20\u8f93\u81f3\u6b65\u9aa4\u4e00\u4e2d\u7684\u8282\u70b9\u4e0a\uff1a
scp elfutils-libelf-devel-0.187-4.el8.x86_64.rpm user@ip:~/redhat-base-repo/extension-2/Packages/\n
\u4f8b\u5982\uff1a
scp elfutils-libelf-devel-0.187-4.el8.x86_64.rpm root@10.6.175.10:~/redhat-base-repo/extension-2/Packages/\n
\u4ee5\u4e0b\u64cd\u4f5c\u5728\u6b65\u9aa4\u4e00\u4e2d\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u7684 master \u8282\u70b9\u4e0a\u6267\u884c\u3002
\u8fdb\u5165 yum repo \u76ee\u5f55\uff1a
cd ~/redhat-base-repo/extension-1/Packages\ncd ~/redhat-base-repo/extension-2/Packages\n
\u751f\u6210\u76ee\u5f55 repo \u7d22\u5f15\uff1a
yum install createrepo -y # \u82e5\u5df2\u5b89\u88c5 createrepo \u53ef\u7701\u7565\u6b64\u6b65\u9aa4\ncreaterepo_c ./\n
\u81f3\u6b64\uff0c\u60a8\u5df2\u7ecf\u751f\u6210\u4e86\u5185\u6838\u4e3a 4.18.0-305.el8.x86_64
\u7684\u79bb\u7ebf\u7684 yum \u6e90\uff1a redhat-base-repo \u3002
\u672c\u64cd\u4f5c\u793a\u4f8b\u91c7\u7528\u7684\u662f\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u706b\u79cd\u8282\u70b9\u5185\u7f6e\u7684 Minio \u4f5c\u4e3a\u6587\u4ef6\u670d\u52a1\u5668\uff0c\u7528\u6237\u53ef\u57fa\u4e8e\u81ea\u8eab\u60c5\u51b5\u9009\u62e9\u6587\u4ef6\u670d\u52a1\u5668\u3002Minio \u76f8\u5173\u4fe1\u606f\u5982\u4e0b\uff1a
http://10.5.14.200:9000\uff08\u4e00\u822c\u4e3a{\u706b\u79cd\u8282\u70b9 IP} + {9000 \u7aef\u53e3}\uff09
\u767b\u5f55\u5bc6\u7801\uff1arootpass123
\u5728\u8282\u70b9\u5f53\u524d\u8def\u5f84\u4e0b\uff0c\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u5c06\u8282\u70b9\u672c\u5730 mc \u547d\u4ee4\u884c\u5de5\u5177\u548c minio \u670d\u52a1\u5668\u5efa\u7acb\u94fe\u63a5\u3002
mc config host add minio \u6587\u4ef6\u670d\u52a1\u5668\u8bbf\u95ee\u5730\u5740 \u7528\u6237\u540d \u5bc6\u7801\n
\u4f8b\u5982\uff1a
mc config host add minio http://10.5.14.200:9000 rootuser rootpass123\n
\u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a
Added `minio` successfully.\n
mc \u547d\u4ee4\u884c\u5de5\u5177\u662f Minio \u6587\u4ef6\u670d\u52a1\u5668\u63d0\u4f9b\u7684\u5ba2\u6237\u7aef\u547d\u4ee4\u884c\u5de5\u5177\uff0c\u8be6\u60c5\u8bf7\u53c2\u8003\uff1a MinIO Client\u3002
\u5728\u8282\u70b9\u5f53\u524d\u8def\u5f84\u4e0b\uff0c\u65b0\u5efa\u4e00\u4e2a\u540d\u4e3a redhat-base \u7684\u5b58\u50a8\u6876(bucket)\u3002
mc mb -p minio/redhat-base\n
\u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a
Bucket created successfully `minio/redhat-base`.\n
\u5c06\u5b58\u50a8\u6876 redhat-base \u7684\u8bbf\u95ee\u7b56\u7565\u8bbe\u7f6e\u4e3a\u5141\u8bb8\u516c\u5f00\u4e0b\u8f7d\u3002\u4ee5\u4fbf\u5728\u540e\u671f\u5b89\u88c5 GPU-operator \u65f6\u80fd\u591f\u88ab\u8bbf\u95ee\u3002
mc anonymous set download minio/redhat-base\n
\u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a
Access permission for `minio/redhat-base` is set to `download` \n
\u5728\u8282\u70b9\u5f53\u524d\u8def\u5f84\u4e0b\uff0c\u5c06\u6b65\u9aa4\u4e8c\u751f\u6210\u7684\u79bb\u7ebf yum \u6e90\u6587\u4ef6 redhat-base-repo \u590d\u5236\u5230 minio \u670d\u52a1\u5668\u7684 minio/redhat-base \u5b58\u50a8\u6876\u4e2d\u3002
mc cp redhat-base-repo minio/redhat-base --recursive\n
\u672c\u6b65\u9aa4\u5728\u5f85\u90e8\u7f72 GPU Operator \u96c6\u7fa4\u7684\u63a7\u5236\u8282\u70b9\u4e0a\u8fdb\u884c\u64cd\u4f5c\u3002
\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u521b\u5efa\u540d\u4e3a redhat.repo \u7684\u6587\u4ef6\uff0c\u7528\u6765\u6307\u5b9a yum \u6e90\u5b58\u50a8\u7684\u914d\u7f6e\u4fe1\u606f\u3002
# \u6587\u4ef6\u540d\u79f0\u5fc5\u987b\u4e3a redhat.repo\uff0c\u5426\u5219\u5b89\u88c5 gpu-operator \u65f6\u65e0\u6cd5\u88ab\u8bc6\u522b\ncat > redhat.repo << EOF\n[extension-0]\nbaseurl = http://10.5.14.200:9000/redhat-base/redhat-base-repo/Packages #\u6b65\u9aa4\u4e00\u4e2d\uff0c\u653e\u7f6e yum \u6e90\u7684\u6587\u4ef6\u670d\u52a1\u5668\u5730\u5740\ngpgcheck = 0\nname = kubean extension 0\n\n[extension-1]\nbaseurl = http://10.5.14.200:9000/redhat-base/redhat-base-repo/Packages #\u6b65\u9aa4\u4e00\u4e2d\uff0c\u653e\u7f6e yum \u6e90\u7684\u6587\u4ef6\u670d\u52a1\u5668\u5730\u5740\ngpgcheck = 0\nname = kubean extension 1\nEOF\n
\u57fa\u4e8e\u521b\u5efa\u7684 redhat.repo \u6587\u4ef6\uff0c\u5728 gpu-operator \u547d\u540d\u7a7a\u95f4\u4e0b\uff0c\u521b\u5efa\u540d\u4e3a local-repo-config \u7684\u914d\u7f6e\u6587\u4ef6\uff1a
kubectl create configmap local-repo-config -n gpu-operator --from-file=./redhat.repo \n
\u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a
configmap/local-repo-config created\n
local-repo-config \u914d\u7f6e\u6587\u4ef6\u7528\u4e8e\u5728\u5b89\u88c5 gpu-operator \u65f6\uff0c\u63d0\u4f9b RepoConfig.ConfigMapName
\u53c2\u6570\u7684\u503c\uff0c\u914d\u7f6e\u6587\u4ef6\u540d\u79f0\u7528\u6237\u53ef\u81ea\u5b9a\u4e49\u3002
\u67e5\u770b local-repo-config \u7684\u914d\u7f6e\u6587\u4ef6\u7684\u5185\u5bb9\uff1a
kubectl get configmap local-repo-config -n gpu-operator -oyaml\n
\u81f3\u6b64\uff0c\u60a8\u5df2\u6210\u529f\u4e3a\u5f85\u90e8\u7f72 GPU Operator \u7684\u96c6\u7fa4\u521b\u5efa\u4e86\u79bb\u7ebf yum \u6e90\u914d\u7f6e\u6587\u4ef6\u3002 \u901a\u8fc7\u5728\u79bb\u7ebf\u5b89\u88c5 GPU Operator \u65f6\u901a\u8fc7 RepoConfig.ConfigMapName
\u53c2\u6570\u6765\u4f7f\u7528\u3002
\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u9884\u7f6e\u4e86 CentOS 7.9\uff0c\u5185\u6838\u4e3a 3.10.0-1160 \u7684 GPU Operator \u79bb\u7ebf\u5305\u3002\u5176\u5b83 OS \u7c7b\u578b\u7684\u8282\u70b9\u6216\u5185\u6838\u9700\u8981\u7528\u6237\u624b\u52a8\u6784\u5efa\u79bb\u7ebf yum \u6e90\u3002
\u672c\u6587\u4ecb\u7ecd\u5982\u4f55\u57fa\u4e8e\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4efb\u610f\u8282\u70b9\u6784\u5efa Red Hat 7.9 \u79bb\u7ebf yum \u6e90\u5305\uff0c\u5e76\u5728\u5b89\u88c5 Gpu Operator \u65f6\u4f7f\u7528 RepoConfig.ConfigMapName
\u53c2\u6570\u3002
\u4e0b\u8f7d rhel7.9 ISO
\u4e0b\u8f7d\u4e0e Kubean \u7248\u672c\u5bf9\u5e94\u7684\u7684 rhel7.9 ospackage
\u5728 \u5bb9\u5668\u7ba1\u7406 \u7684\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4e2d\u627e\u5230 Helm \u5e94\u7528 \uff0c\u641c\u7d22 kubean\uff0c\u53ef\u67e5\u770b kubean \u7684\u7248\u672c\u53f7\u3002
\u5728 kubean\u7684\u4ee3\u7801\u4ed3\u5e93 \u4e2d\u4e0b\u8f7d\u8be5\u7248\u672c\u7684 rhel7.9 ospackage\u3002
\u901a\u8fc7\u5b89\u88c5\u5668\u5bfc\u5165\u79bb\u7ebf\u8d44\u6e90
\u70b9\u51fb\u67e5\u770b\u4e0b\u8f7d\u5730\u5740\u3002
"},{"location":"end-user/kpanda/gpu/nvidia/yum_source_redhat7_9.html#3-red-hat-gpu-opreator","title":"3. \u5411\u706b\u79cd\u8282\u70b9\u4ed3\u5e93\u4e0a\u4f20 Red Hat GPU Opreator \u79bb\u7ebf\u955c\u50cf","text":"\u53c2\u8003\u5411\u706b\u79cd\u8282\u70b9\u4ed3\u5e93\u4e0a\u4f20 Red Hat GPU Opreator \u79bb\u7ebf\u955c\u50cf\u3002
Note
\u6b64\u53c2\u8003\u4ee5 rhel8.4 \u4e3a\u4f8b\uff0c\u8bf7\u6ce8\u610f\u4fee\u6539\u6210 rhel7.9\u3002
"},{"location":"end-user/kpanda/gpu/nvidia/yum_source_redhat7_9.html#4-yum","title":"4. \u5728\u96c6\u7fa4\u521b\u5efa\u914d\u7f6e\u9879\u7528\u6765\u4fdd\u5b58 Yum \u6e90\u4fe1\u606f","text":"\u5728\u5f85\u90e8\u7f72 GPU Operator \u96c6\u7fa4\u7684\u63a7\u5236\u8282\u70b9\u4e0a\u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\u3002
\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u521b\u5efa\u540d\u4e3a CentOS-Base.repo \u7684\u6587\u4ef6\uff0c\u7528\u6765\u6307\u5b9a yum \u6e90\u5b58\u50a8\u7684\u914d\u7f6e\u4fe1\u606f\u3002
# \u6587\u4ef6\u540d\u79f0\u5fc5\u987b\u4e3a CentOS-Base.repo\uff0c\u5426\u5219\u5b89\u88c5 gpu-operator \u65f6\u65e0\u6cd5\u88ab\u8bc6\u522b\ncat > CentOS-Base.repo << EOF\n[extension-0]\nbaseurl = http://10.5.14.200:9000/centos-base/centos-base # \u706b\u79cd\u8282\u70b9\u7684\u7684\u6587\u4ef6\u670d\u52a1\u5668\u5730\u5740\uff0c\u4e00\u822c\u4e3a{\u706b\u79cd\u8282\u70b9 IP} + {9000 \u7aef\u53e3}\ngpgcheck = 0\nname = kubean extension 0\n\n[extension-1]\nbaseurl = http://10.5.14.200:9000/centos-base/centos-base # \u706b\u79cd\u8282\u70b9\u7684\u7684\u6587\u4ef6\u670d\u52a1\u5668\u5730\u5740\uff0c\u4e00\u822c\u4e3a{\u706b\u79cd\u8282\u70b9 IP} + {9000 \u7aef\u53e3}\ngpgcheck = 0\nname = kubean extension 1\nEOF\n
\u57fa\u4e8e\u521b\u5efa\u7684 CentOS-Base.repo \u6587\u4ef6\uff0c\u5728 gpu-operator \u547d\u540d\u7a7a\u95f4\u4e0b\uff0c\u521b\u5efa\u540d\u4e3a local-repo-config \u7684\u914d\u7f6e\u6587\u4ef6\uff1a
kubectl create configmap local-repo-config -n gpu-operator --from-file=CentOS-Base.repo=/etc/yum.repos.d/extension.repo\n
\u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a
configmap/local-repo-config created\n
local-repo-config \u914d\u7f6e\u6587\u4ef6\u7528\u4e8e\u5728\u5b89\u88c5 gpu-operator \u65f6\uff0c\u63d0\u4f9b RepoConfig.ConfigMapName
\u53c2\u6570\u7684\u503c\uff0c\u914d\u7f6e\u6587\u4ef6\u540d\u79f0\u7528\u6237\u53ef\u81ea\u5b9a\u4e49\u3002
\u67e5\u770b local-repo-config \u7684\u914d\u7f6e\u6587\u4ef6\u7684\u5185\u5bb9\uff1a
kubectl get configmap local-repo-config -n gpu-operator -oyaml\n
\u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a
local-repo-config.yamlapiVersion: v1\ndata:\n CentOS-Base.repo: \"[extension-0]\\nbaseurl = http://10.6.232.5:32618/centos-base # \u6b65\u9aa4 2 \u4e2d\uff0c\u653e\u7f6e yum \u6e90\u7684\u6587\u4ef6\u670d\u52a1\u5668\u8def\u5f84 \\ngpgcheck = 0\\nname = kubean extension 0\\n \\n[extension-1]\\nbaseurl\n = http://10.6.232.5:32618/centos-base # \u6b65\u9aa4 2 \u4e2d\uff0c\u653e\u7f6e yum \u6e90\u7684\u6587\u4ef6\u670d\u52a1\u5668\u8def\u5f84 \\ngpgcheck = 0\\nname\n = kubean extension 1\\n\"\nkind: ConfigMap\nmetadata:\n creationTimestamp: \"2023-10-18T01:59:02Z\"\n name: local-repo-config\n namespace: gpu-operator\n resourceVersion: \"59445080\"\n uid: c5f0ebab-046f-442c-b932-f9003e014387\n
\u81f3\u6b64\uff0c\u60a8\u5df2\u6210\u529f\u4e3a\u5f85\u90e8\u7f72 GPU Operator \u7684\u96c6\u7fa4\u521b\u5efa\u4e86\u79bb\u7ebf yum \u6e90\u914d\u7f6e\u6587\u4ef6\u3002 \u5176\u4e2d\u5728\u79bb\u7ebf\u5b89\u88c5 GPU Operator \u65f6\u4f7f\u7528\u4e86 RepoConfig.ConfigMapName
\u53c2\u6570\u3002
\u672c\u6587\u4ecb\u7ecd\u5982\u4f55\u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u8bbe\u7f6e GPU \u76f8\u5173\u7684\u544a\u8b66\u89c4\u5219\u3002
"},{"location":"end-user/kpanda/gpu/nvidia/gpu-monitoring-alarm/gpu-alarm.html#_1","title":"\u524d\u7f6e\u6761\u4ef6","text":"\u672c\u8282\u4ecb\u7ecd GPU \u544a\u8b66\u5e38\u7528\u7684\u6307\u6807\uff0c\u5206\u4e3a\u4e24\u4e2a\u90e8\u5206\uff1a
\u8fd9\u91cc\u4f1a\u4ecb\u7ecd\u5982\u4f55\u8bbe\u7f6e GPU \u544a\u8b66\u89c4\u5219\uff0c\u4f7f\u7528 GPU \u5361\u5229\u7528\u7387\u6307\u6807\u4f5c\u4e3a\u6848\u4f8b\uff0c\u8bf7\u7528\u6237\u6839\u636e\u5b9e\u9645\u7684\u4e1a\u52a1\u573a\u666f\u9009\u62e9\u6307\u6807\u4ee5\u53ca\u7f16\u5199 promql\u3002
\u76ee\u6807\uff1a\u5f53GPU\u5361\u5229\u7528\u7387\u5728\u4e94\u79d2\u949f\u5185\u4e00\u76f4\u4fdd\u6301 80% \u7684\u5229\u7528\u7387\u65f6\u53d1\u51fa\u544a\u8b66
\u5728\u53ef\u89c2\u6d4b\u9875\u9762\uff0c\u70b9\u51fb \u544a\u8b66 -> \u544a\u8b66\u7b56\u7565 -> \u521b\u5efa\u544a\u8b66\u7b56\u7565
\u586b\u5199\u57fa\u672c\u4fe1\u606f
\u6dfb\u52a0\u89c4\u5219
\u9009\u62e9\u901a\u77e5\u65b9\u5f0f
\u8bbe\u7f6e\u5b8c\u6210\u540e\uff0c\u5f53\u4e00\u4e2a GPU \u5728 5s \u5185\u4e00\u76f4\u4fdd\u6301 80% \u7684\u5229\u7528\u7387\uff0c\u4f1a\u6536\u5230\u5982\u4e0b\u7684\u544a\u8b66\u4fe1\u606f\u3002
\u672c\u9875\u5217\u51fa\u4e00\u4e9b\u5e38\u7528\u7684 GPU \u76d1\u63a7\u6307\u6807\u3002
"},{"location":"end-user/kpanda/gpu/nvidia/gpu-monitoring-alarm/gpu-metrics.html#_1","title":"\u96c6\u7fa4\u7ef4\u5ea6","text":"\u6307\u6807\u540d\u79f0 \u63cf\u8ff0 GPU \u5361\u6570 \u96c6\u7fa4\u4e0b\u6240\u6709\u7684 GPU \u5361\u6570\u91cf GPU \u5e73\u5747\u4f7f\u7528\u7387 \u96c6\u7fa4\u4e0b\u6240\u6709 GPU \u5361\u7684\u5e73\u5747\u7b97\u529b\u4f7f\u7528\u7387 GPU \u5e73\u5747\u663e\u5b58\u4f7f\u7528\u7387 \u96c6\u7fa4\u4e0b\u6240\u6709 GPU \u5361\u7684\u5e73\u5747\u663e\u5b58\u4f7f\u7528\u7387 GPU \u5361\u529f\u7387 \u96c6\u7fa4\u4e0b\u6240\u6709 GPU \u5361\u7684\u529f\u7387 GPU \u5361\u6e29\u5ea6 \u96c6\u7fa4\u4e0b\u6240\u6709 GPU \u5361\u7684\u6e29\u5ea6 GPU \u7b97\u529b\u4f7f\u7528\u7387\u7ec6\u8282 24 \u5c0f\u65f6\u5185\uff0c\u96c6\u7fa4\u4e0b\u6240\u6709 GPU \u5361\u7684\u4f7f\u7528\u7387\u7ec6\u8282\uff08\u5305\u542b max\u3001avg\u3001current\uff09 GPU \u663e\u5b58\u4f7f\u7528\u91cf\u7ec6\u8282 24 \u5c0f\u65f6\u5185\uff0c\u96c6\u7fa4\u4e0b\u6240\u6709 GPU \u5361\u7684\u663e\u5b58\u4f7f\u7528\u91cf\u7ec6\u8282\uff08\u5305\u542b min\u3001max\u3001avg\u3001current\uff09 GPU \u663e\u5b58\u5e26\u5bbd\u4f7f\u7528\u7387 \u8868\u793a\u5185\u5b58\u5e26\u5bbd\u5229\u7528\u7387\u3002\u4ee5 Nvidia GPU V100 \u4e3a\u4f8b\uff0c\u5176\u6700\u5927\u5185\u5b58\u5e26\u5bbd\u4e3a 900 GB/sec\uff0c\u5982\u679c\u5f53\u524d\u7684\u5185\u5b58\u5e26\u5bbd\u4e3a 450 GB/sec\uff0c\u5219\u5185\u5b58\u5e26\u5bbd\u5229\u7528\u7387\u4e3a 50%"},{"location":"end-user/kpanda/gpu/nvidia/gpu-monitoring-alarm/gpu-metrics.html#_2","title":"\u8282\u70b9\u7ef4\u5ea6","text":"\u6307\u6807\u540d\u79f0 \u63cf\u8ff0 GPU \u6a21\u5f0f \u8282\u70b9\u4e0a GPU \u5361\u7684\u4f7f\u7528\u6a21\u5f0f\uff0c\u5305\u542b\u6574\u5361\u6a21\u5f0f\u3001MIG \u6a21\u5f0f\u3001vGPU \u6a21\u5f0f GPU \u7269\u7406\u5361\u6570 \u8282\u70b9\u4e0a\u6240\u6709\u7684 GPU \u5361\u6570\u91cf GPU \u865a\u62df\u5361\u6570 \u8282\u70b9\u4e0a\u5df2\u7ecf\u88ab\u521b\u5efa\u51fa\u6765\u7684 vGPU \u8bbe\u5907\u6570\u91cf GPU MIG \u5b9e\u4f8b\u6570 \u8282\u70b9\u4e0a\u5df2\u7ecf\u88ab\u521b\u5efa\u51fa\u6765\u7684 MIG \u5b9e\u4f8b\u6570 GPU \u663e\u5b58\u5206\u914d\u7387 \u8282\u70b9\u4e0a\u6240\u6709 GPU \u5361\u7684\u663e\u5b58\u5206\u914d\u7387 GPU \u7b97\u529b\u5e73\u5747\u4f7f\u7528\u7387 \u8282\u70b9\u4e0a\u6240\u6709 GPU \u5361\u7684\u7b97\u529b\u5e73\u5747\u4f7f\u7528\u7387 GPU \u663e\u5b58\u5e73\u5747\u4f7f\u7528\u7387 \u8282\u70b9\u4e0a\u6240\u6709 GPU \u5361\u7684\u5e73\u5747\u663e\u5b58\u4f7f\u7528\u7387 GPU \u9a71\u52a8\u7248\u672c \u8282\u70b9\u4e0a GPU \u5361\u9a71\u52a8\u7684\u7248\u672c\u4fe1\u606f GPU \u7b97\u529b\u4f7f\u7528\u7387\u7ec6\u8282 24 \u5c0f\u65f6\u5185\uff0c\u8282\u70b9\u4e0a\u6bcf\u5f20 GPU \u5361\u7684\u7b97\u529b\u4f7f\u7528\u7387\u7ec6\u8282\uff08\u5305\u542b max\u3001avg\u3001current\uff09 GPU \u663e\u5b58\u4f7f\u7528\u91cf 24 \u5c0f\u65f6\u5185\uff0c\u8282\u70b9\u4e0a\u6bcf\u5f20 GPU \u5361\u7684\u663e\u5b58\u4f7f\u7528\u91cf\u7ec6\u8282\uff08\u5305\u542b min\u3001max\u3001avg\u3001current\uff09\u6839\u636e XID \u72b6\u6001\u6392\u67e5 GPU \u76f8\u5173\u95ee\u9898
XID \u6d88\u606f\u662f NVIDIA \u9a71\u52a8\u7a0b\u5e8f\u5411\u64cd\u4f5c\u7cfb\u7edf\u7684\u5185\u6838\u65e5\u5fd7\u6216\u4e8b\u4ef6\u65e5\u5fd7\u6253\u5370\u7684\u9519\u8bef\u62a5\u544a\u3002XID \u6d88\u606f\u7528\u4e8e\u6807\u8bc6 GPU \u9519\u8bef\u4e8b\u4ef6\uff0c \u63d0\u4f9b GPU \u786c\u4ef6\u3001NVIDIA \u8f6f\u4ef6\u6216\u5e94\u7528\u4e2d\u7684\u9519\u8bef\u7c7b\u578b\u3001\u9519\u8bef\u4f4d\u7f6e\u3001\u9519\u8bef\u4ee3\u7801\u7b49\u4fe1\u606f\u3002 \u5982\u68c0\u67e5\u9879 GPU \u8282\u70b9\u4e0a\u7684 XID \u5f02\u5e38\u4e3a\u7a7a\uff0c\u8868\u660e\u65e0 XID \u6d88\u606f\uff1b\u5982\u6709\uff0c\u60a8\u53ef\u6309\u7167\u4e0b\u8868\u81ea\u52a9\u6392\u67e5\u5e76\u89e3\u51b3\u95ee\u9898\uff0c \u6216\u67e5\u770b\u66f4\u591a XID \u6d88\u606f\u3002
XID \u6d88\u606f \u8bf4\u660e 13 Graphics Engine Exception. \u901a\u5e38\u662f\u6570\u7ec4\u8d8a\u754c\u3001\u6307\u4ee4\u9519\u8bef\uff0c\u5c0f\u6982\u7387\u662f\u786c\u4ef6\u95ee\u9898\u3002 31 GPU memory page fault. \u901a\u5e38\u662f\u5e94\u7528\u7a0b\u5e8f\u7684\u975e\u6cd5\u5730\u5740\u8bbf\u95ee\uff0c\u6781\u5c0f\u6982\u7387\u662f\u9a71\u52a8\u6216\u8005\u786c\u4ef6\u95ee\u9898\u3002 32 Invalid or corrupted push buffer stream. \u4e8b\u4ef6\u7531 PCIE \u603b\u7ebf\u4e0a\u7ba1\u7406 NVIDIA \u9a71\u52a8\u548c GPU \u4e4b\u95f4\u901a\u4fe1\u7684 DMA \u63a7\u5236\u5668\u4e0a\u62a5\uff0c\u901a\u5e38\u662f PCI \u8d28\u91cf\u95ee\u9898\u5bfc\u81f4\uff0c\u800c\u975e\u60a8\u7684\u7a0b\u5e8f\u4ea7\u751f\u3002 38 Driver firmware error. \u901a\u5e38\u662f\u9a71\u52a8\u56fa\u4ef6\u9519\u8bef\u800c\u975e\u786c\u4ef6\u95ee\u9898\u3002 43 GPU stopped processing. \u901a\u5e38\u662f\u60a8\u5e94\u7528\u81ea\u8eab\u9519\u8bef\uff0c\u800c\u975e\u786c\u4ef6\u95ee\u9898\u3002 45 Preemptive cleanup, due to previous errors -- Most likely to see when running multiple cuda applications and hitting a DBE. \u901a\u5e38\u662f\u60a8\u624b\u52a8\u9000\u51fa\u6216\u8005\u5176\u4ed6\u6545\u969c\uff08\u786c\u4ef6\u3001\u8d44\u6e90\u9650\u5236\u7b49\uff09\u5bfc\u81f4\u7684 GPU \u5e94\u7528\u9000\u51fa\uff0cXID 45 \u53ea\u63d0\u4f9b\u4e00\u4e2a\u7ed3\u679c\uff0c\u5177\u4f53\u539f\u56e0\u901a\u5e38\u9700\u8981\u8fdb\u4e00\u6b65\u5206\u6790\u65e5\u5fd7\u3002 48 Double Bit ECC Error (DBE). \u5f53 GPU \u53d1\u751f\u4e0d\u53ef\u7ea0\u6b63\u7684\u9519\u8bef\u65f6\uff0c\u4f1a\u4e0a\u62a5\u6b64\u4e8b\u4ef6\uff0c\u8be5\u9519\u8bef\u4e5f\u4f1a\u540c\u65f6\u53cd\u9988\u7ed9\u60a8\u7684\u5e94\u7528\u7a0b\u5e8f\u3002\u901a\u5e38\u9700\u8981\u91cd\u7f6e GPU \u6216\u91cd\u542f\u8282\u70b9\u6765\u6e05\u9664\u8fd9\u4e2a\u9519\u8bef\u3002 61 Internal micro-controller breakpoint/warning. GPU \u5185\u90e8\u5f15\u64ce\u505c\u6b62\u5de5\u4f5c\uff0c\u60a8\u7684\u4e1a\u52a1\u5df2\u7ecf\u53d7\u5230\u5f71\u54cd\u3002 62 Internal micro-controller halt. \u4e0e XID 61 \u7684\u89e6\u53d1\u573a\u666f\u7c7b\u4f3c\u3002 63 ECC page retirement or row remapping recording event. \u5f53\u5e94\u7528\u7a0b\u5e8f\u906d\u9047\u5230 GPU \u663e\u5b58\u786c\u4ef6\u9519\u8bef\u65f6\uff0cNVIDIA \u81ea\u7ea0\u9519\u673a\u5236\u4f1a\u5c06\u9519\u8bef\u7684\u5185\u5b58\u533a\u57df retire \u6216\u8005 remap\uff0cretirement \u548c remapped \u4fe1\u606f\u9700\u8bb0\u5f55\u5230 infoROM \u4e2d\u624d\u80fd\u6c38\u4e45\u751f\u6548\u3002Volt \u67b6\u6784\uff1a\u6210\u529f\u8bb0\u5f55 ECC page retirement \u4e8b\u4ef6\u5230 infoROM\u3002Ampere \u67b6\u6784\uff1a\u6210\u529f\u8bb0\u5f55 row remapping \u4e8b\u4ef6\u5230 infoROM\u3002 64 ECC page retirement or row remapper recording failure. \u4e0e XID 63 \u7684\u89e6\u53d1\u573a\u666f\u7c7b\u4f3c\u3002\u4f46 XID 63 \u4ee3\u8868 retirement \u548c remapped \u4fe1\u606f\u6210\u529f\u8bb0\u5f55\u5230\u4e86 infoROM\uff0cXID 64 \u4ee3\u8868\u8be5\u8bb0\u5f55\u64cd\u4f5c\u5931\u8d25\u3002 68 NVDEC0 Exception. \u901a\u5e38\u662f\u786c\u4ef6\u6216\u9a71\u52a8\u95ee\u9898\u3002 74 NVLINK Error. NVLink \u786c\u4ef6\u9519\u8bef\u4ea7\u751f\u7684 XID\uff0c\u8868\u660e GPU \u5df2\u7ecf\u51fa\u73b0\u4e25\u91cd\u786c\u4ef6\u6545\u969c\uff0c\u9700\u8981\u4e0b\u7ebf\u7ef4\u4fee\u3002 79 GPU has fallen off the bus. GPU \u786c\u4ef6\u68c0\u6d4b\u5230\u6389\u5361\uff0c\u603b\u7ebf\u4e0a\u65e0\u6cd5\u68c0\u6d4b\u8be5 GPU\uff0c\u8868\u660e\u8be5 GPU \u5df2\u7ecf\u51fa\u73b0\u4e25\u91cd\u786c\u4ef6\u6545\u969c\uff0c\u9700\u8981\u4e0b\u7ebf\u7ef4\u4fee\u3002 92 High single-bit ECC error rate. \u786c\u4ef6\u6216\u9a71\u52a8\u6545\u969c\u3002 94 Contained ECC error. \u5f53\u5e94\u7528\u7a0b\u5e8f\u906d\u9047\u5230 GPU \u4e0d\u53ef\u7ea0\u6b63\u7684\u663e\u5b58 ECC \u9519\u8bef\u65f6\uff0cNVIDIA \u9519\u8bef\u6291\u5236\u673a\u5236\u4f1a\u5c1d\u8bd5\u5c06\u9519\u8bef\u6291\u5236\u5728\u53d1\u751f\u786c\u4ef6\u6545\u969c\u7684\u5e94\u7528\u7a0b\u5e8f\uff0c\u907f\u514d\u8be5\u9519\u8bef\u5f71\u54cd GPU \u8282\u70b9\u4e0a\u8fd0\u884c\u7684\u5176\u4ed6\u5e94\u7528\u7a0b\u5e8f\u3002\u5f53\u6291\u5236\u673a\u5236\u6210\u529f\u6291\u5236\u9519\u8bef\u65f6\uff0c\u4f1a\u4ea7\u751f\u8be5\u4e8b\u4ef6\uff0c\u4ec5\u51fa\u73b0\u4e0d\u53ef\u7ea0\u6b63 ECC \u9519\u8bef\u7684\u5e94\u7528\u7a0b\u5e8f\u53d7\u5230\u5f71\u54cd\u3002 95 Uncontained ECC error. \u4e0e XID 94 \u7684\u89e6\u53d1\u573a\u666f\u7c7b\u4f3c\u3002\u4f46 XID 94 \u4ee3\u8868\u6291\u5236\u6210\u529f\uff0c\u800c XID 95 \u4ee3\u8868\u6291\u5236\u5931\u8d25\uff0c\u8868\u660e\u8fd0\u884c\u5728\u8be5 GPU \u4e0a\u7684\u6240\u6709\u5e94\u7528\u7a0b\u5e8f\u90fd\u5df2\u53d7\u5230\u5f71\u54cd\u3002"},{"location":"end-user/kpanda/gpu/nvidia/gpu-monitoring-alarm/gpu-metrics.html#pod","title":"Pod \u7ef4\u5ea6","text":"\u5206\u7c7b \u6307\u6807\u540d\u79f0 \u63cf\u8ff0 \u5e94\u7528\u6982\u89c8 GPU \u5361 - \u7b97\u529b & \u663e\u5b58 Pod GPU \u7b97\u529b\u4f7f\u7528\u7387 \u5f53\u524d Pod \u6240\u4f7f\u7528\u5230\u7684 GPU \u5361\u7684\u7b97\u529b\u4f7f\u7528\u7387 Pod GPU \u663e\u5b58\u4f7f\u7528\u7387 \u5f53\u524d Pod \u6240\u4f7f\u7528\u5230\u7684 GPU \u5361\u7684\u663e\u5b58\u4f7f\u7528\u7387 Pod \u663e\u5b58\u4f7f\u7528\u91cf \u5f53\u524d Pod \u6240\u4f7f\u7528\u5230\u7684 GPU \u5361\u7684\u663e\u5b58\u4f7f\u7528\u91cf \u663e\u5b58\u5206\u914d\u91cf \u5f53\u524d Pod \u6240\u4f7f\u7528\u5230\u7684 GPU \u5361\u7684\u663e\u5b58\u5206\u914d\u91cf Pod GPU \u663e\u5b58\u590d\u5236\u4f7f\u7528\u7387 \u5f53\u524d Pod \u6240\u4f7f\u7528\u5230\u7684 GPU \u5361\u7684\u663e\u5b58\u663e\u5b58\u590d\u5236\u6bd4\u7387 GPU \u5361 - \u5f15\u64ce\u6982\u89c8 GPU \u56fe\u5f62\u5f15\u64ce\u6d3b\u52a8\u767e\u5206\u6bd4 \u8868\u793a\u5728\u4e00\u4e2a\u76d1\u63a7\u5468\u671f\u5185\uff0cGraphics \u6216 Compute \u5f15\u64ce\u5904\u4e8e Active \u7684\u65f6\u95f4\u5360\u603b\u7684\u65f6\u95f4\u7684\u6bd4\u4f8b GPU \u5185\u5b58\u5e26\u5bbd\u5229\u7528\u7387 \u8868\u793a\u5185\u5b58\u5e26\u5bbd\u5229\u7528\u7387\uff08Memory BW Utilization\uff09\u5c06\u6570\u636e\u53d1\u9001\u5230\u8bbe\u5907\u5185\u5b58\u6216\u4ece\u8bbe\u5907\u5185\u5b58\u63a5\u6536\u6570\u636e\u7684\u5468\u671f\u5206\u6570\u3002\u8be5\u503c\u8868\u793a\u65f6\u95f4\u95f4\u9694\u5185\u7684\u5e73\u5747\u503c\uff0c\u800c\u4e0d\u662f\u77ac\u65f6\u503c\u3002\u8f83\u9ad8\u7684\u503c\u8868\u793a\u8bbe\u5907\u5185\u5b58\u7684\u5229\u7528\u7387\u8f83\u9ad8\u3002\u8be5\u503c\u4e3a 1\uff08100%\uff09\u8868\u793a\u5728\u6574\u4e2a\u65f6\u95f4\u95f4\u9694\u5185\u7684\u6bcf\u4e2a\u5468\u671f\u6267\u884c\u4e00\u6761 DRAM \u6307\u4ee4\uff08\u5b9e\u9645\u4e0a\uff0c\u5cf0\u503c\u7ea6\u4e3a 0.8 (80%) \u662f\u53ef\u5b9e\u73b0\u7684\u6700\u5927\u503c\uff09\u3002\u5047\u8bbe\u8be5\u503c\u4e3a 0.2\uff0820%\uff09\uff0c\u8868\u793a 20% \u7684\u5468\u671f\u5728\u65f6\u95f4\u95f4\u9694\u5185\u8bfb\u53d6\u6216\u5199\u5165\u8bbe\u5907\u5185\u5b58\u3002 Tensor \u6838\u5fc3\u5f15\u64ce\u4f7f\u7528\u7387 \u8868\u793a\u5728\u4e00\u4e2a\u76d1\u63a7\u5468\u671f\u5185\uff0cTensor Core \u7ba1\u9053\uff08Pipe\uff09\u5904\u4e8e Active \u65f6\u95f4\u5360\u603b\u65f6\u95f4\u7684\u6bd4\u4f8b FP16 \u5f15\u64ce\u4f7f\u7528\u7387 \u8868\u793a\u5728\u4e00\u4e2a\u76d1\u63a7\u5468\u671f\u5185\uff0cFP16 \u7ba1\u9053\u5904\u4e8e Active \u7684\u65f6\u95f4\u5360\u603b\u7684\u65f6\u95f4\u7684\u6bd4\u4f8b FP32 \u5f15\u64ce\u4f7f\u7528\u7387 \u8868\u793a\u5728\u4e00\u4e2a\u76d1\u63a7\u5468\u671f\u5185\uff0cFP32 \u7ba1\u9053\u5904\u4e8e Active \u7684\u65f6\u95f4\u5360\u603b\u7684\u65f6\u95f4\u7684\u6bd4\u4f8b FP64 \u5f15\u64ce\u4f7f\u7528\u7387 \u8868\u793a\u5728\u4e00\u4e2a\u76d1\u63a7\u5468\u671f\u5185\uff0cFP64 \u7ba1\u9053\u5904\u4e8e Active \u7684\u65f6\u95f4\u5360\u603b\u7684\u65f6\u95f4\u7684\u6bd4\u4f8b GPU \u89e3\u7801\u4f7f\u7528\u7387 GPU \u5361\u89e3\u7801\u5f15\u64ce\u6bd4\u7387 GPU \u7f16\u7801\u4f7f\u7528\u7387 GPU \u5361\u7f16\u7801\u5f15\u64ce\u6bd4\u7387 GPU \u5361 - \u6e29\u5ea6 & \u529f\u8017 GPU \u5361\u6e29\u5ea6 \u96c6\u7fa4\u4e0b\u6240\u6709 GPU \u5361\u7684\u6e29\u5ea6 GPU \u5361\u529f\u7387 \u96c6\u7fa4\u4e0b\u6240\u6709 GPU \u5361\u7684\u529f\u7387 GPU \u5361 - \u603b\u8017\u80fd GPU \u5361\u603b\u5171\u6d88\u8017\u7684\u80fd\u91cf GPU \u5361 - Clock GPU \u5361\u5185\u5b58\u9891\u7387 \u5185\u5b58\u9891\u7387 GPU \u5361\u5e94\u7528SM \u65f6\u949f\u9891\u7387 \u5e94\u7528\u7684 SM \u65f6\u949f\u9891\u7387 GPU \u5361\u5e94\u7528\u5185\u5b58\u9891\u7387 \u5e94\u7528\u5185\u5b58\u9891\u7387 GPU \u5361\u89c6\u9891\u5f15\u64ce\u9891\u7387 \u89c6\u9891\u5f15\u64ce\u9891\u7387 GPU \u5361\u964d\u9891\u539f\u56e0 \u964d\u9891\u539f\u56e0 GPU \u5361 - \u5176\u4ed6\u7ec6\u8282 \u56fe\u5f62\u5f15\u64ce\u6d3b\u52a8 \u56fe\u5f62\u6216\u8ba1\u7b97\u5f15\u64ce\u7684\u4efb\u4f55\u90e8\u5206\u5904\u4e8e\u6d3b\u52a8\u72b6\u6001\u7684\u65f6\u95f4\u6bd4\u4f8b\u3002\u5982\u679c\u56fe\u5f62/\u8ba1\u7b97\u4e0a\u4e0b\u6587\u5df2\u7ed1\u5b9a\u4e14\u56fe\u5f62/\u8ba1\u7b97\u7ba1\u9053\u7e41\u5fd9\uff0c\u5219\u56fe\u5f62\u5f15\u64ce\u5904\u4e8e\u6d3b\u52a8\u72b6\u6001\u3002\u8be5\u503c\u8868\u793a\u65f6\u95f4\u95f4\u9694\u5185\u7684\u5e73\u5747\u503c\uff0c\u800c\u4e0d\u662f\u77ac\u65f6\u503c\u3002 SM\u6d3b\u52a8 \u591a\u5904\u7406\u5668\u4e0a\u81f3\u5c11\u4e00\u4e2a Warp \u5904\u4e8e\u6d3b\u52a8\u72b6\u6001\u7684\u65f6\u95f4\u6bd4\u4f8b\uff0c\u6240\u6709\u591a\u5904\u7406\u5668\u7684\u5e73\u5747\u503c\u3002\u8bf7\u6ce8\u610f\uff0c\u201c\u6d3b\u52a8\u201d\u5e76\u4e0d\u4e00\u5b9a\u610f\u5473\u7740 Warp \u6b63\u5728\u79ef\u6781\u8ba1\u7b97\u3002\u4f8b\u5982\uff0c\u7b49\u5f85\u5185\u5b58\u8bf7\u6c42\u7684 Warp \u88ab\u89c6\u4e3a\u6d3b\u52a8\u72b6\u6001\u3002\u8be5\u503c\u8868\u793a\u65f6\u95f4\u95f4\u9694\u5185\u7684\u5e73\u5747\u503c\uff0c\u800c\u4e0d\u662f\u77ac\u65f6\u503c\u30020.8 \u6216\u66f4\u5927\u7684\u503c\u662f\u6709\u6548\u4f7f\u7528 GPU \u7684\u5fc5\u8981\u6761\u4ef6\uff0c\u4f46\u8fd8\u4e0d\u591f\u3002\u5c0f\u4e8e 0.5 \u7684\u503c\u53ef\u80fd\u8868\u793a GPU \u4f7f\u7528\u6548\u7387\u4f4e\u4e0b\u3002\u7ed9\u51fa\u4e00\u4e2a\u7b80\u5316\u7684 GPU \u67b6\u6784\u89c6\u56fe\uff0c\u5982\u679c GPU \u6709 N \u4e2a SM\uff0c\u5219\u4f7f\u7528 N \u4e2a\u5757\u5e76\u5728\u6574\u4e2a\u65f6\u95f4\u95f4\u9694\u5185\u8fd0\u884c\u7684\u5185\u6838\u5c06\u5bf9\u5e94\u4e8e\u6d3b\u52a8 1\uff08100%\uff09\u3002\u4f7f\u7528 N/5 \u4e2a\u5757\u5e76\u5728\u6574\u4e2a\u65f6\u95f4\u95f4\u9694\u5185\u8fd0\u884c\u7684\u5185\u6838\u5c06\u5bf9\u5e94\u4e8e\u6d3b\u52a8 0.2\uff0820%\uff09\u3002\u4f7f\u7528 N \u4e2a\u5757\u5e76\u8fd0\u884c\u4e94\u5206\u4e4b\u4e00\u65f6\u95f4\u95f4\u9694\u7684\u5185\u6838\uff0c\u5982\u679c SM \u5904\u4e8e\u7a7a\u95f2\u72b6\u6001\uff0c\u5219\u6d3b\u52a8\u4e5f\u5c06\u4e3a 0.2\uff0820%\uff09\u3002\u8be5\u503c\u4e0e\u6bcf\u4e2a\u5757\u7684\u7ebf\u7a0b\u6570\u65e0\u5173\uff08\u53c2\u89c1DCGM_FI_PROF_SM_OCCUPANCY\uff09\u3002 SM \u5165\u4f4f\u7387 \u591a\u5904\u7406\u5668\u4e0a\u9a7b\u7559 Warp \u7684\u6bd4\u4f8b\uff0c\u76f8\u5bf9\u4e8e\u591a\u5904\u7406\u5668\u4e0a\u652f\u6301\u7684\u6700\u5927\u5e76\u53d1 Warp \u6570\u3002\u8be5\u503c\u8868\u793a\u65f6\u95f4\u95f4\u9694\u5185\u7684\u5e73\u5747\u503c\uff0c\u800c\u4e0d\u662f\u77ac\u65f6\u503c\u3002\u5360\u7528\u7387\u8d8a\u9ad8\u5e76\u4e0d\u4e00\u5b9a\u8868\u793a GPU \u4f7f\u7528\u7387\u8d8a\u9ad8\u3002\u5bf9\u4e8e GPU \u5185\u5b58\u5e26\u5bbd\u53d7\u9650\u7684\u5de5\u4f5c\u8d1f\u8f7d\uff08\u53c2\u89c1DCGM_FI_PROF_DRAM_ACTIVE\uff09\uff0c\u5360\u7528\u7387\u8d8a\u9ad8\u8868\u660e GPU \u4f7f\u7528\u7387\u8d8a\u9ad8\u3002\u4f46\u662f\uff0c\u5982\u679c\u5de5\u4f5c\u8d1f\u8f7d\u662f\u8ba1\u7b97\u53d7\u9650\u7684\uff08\u5373\u4e0d\u53d7 GPU \u5185\u5b58\u5e26\u5bbd\u6216\u5ef6\u8fdf\u9650\u5236\uff09\uff0c\u5219\u5360\u7528\u7387\u8d8a\u9ad8\u5e76\u4e0d\u4e00\u5b9a\u4e0e GPU \u4f7f\u7528\u7387\u8d8a\u9ad8\u76f8\u5173\u3002\u8ba1\u7b97\u5360\u7528\u7387\u5e76\u4e0d\u7b80\u5355\uff0c\u5b83\u53d6\u51b3\u4e8e GPU \u5c5e\u6027\u3001\u6bcf\u4e2a\u5757\u7684\u7ebf\u7a0b\u6570\u3001\u6bcf\u4e2a\u7ebf\u7a0b\u7684\u5bc4\u5b58\u5668\u4ee5\u53ca\u6bcf\u4e2a\u5757\u7684\u5171\u4eab\u5185\u5b58\u7b49\u56e0\u7d20\u3002\u4f7f\u7528CUDA \u5360\u7528\u7387\u8ba1\u7b97\u5668 \u63a2\u7d22\u5404\u79cd\u5360\u7528\u7387\u573a\u666f\u3002 \u5f20\u91cf\u6d3b\u52a8 \u5f20\u91cf (HMMA / IMMA) \u7ba1\u9053\u5904\u4e8e\u6d3b\u52a8\u72b6\u6001\u7684\u5468\u671f\u5206\u6570\u3002\u8be5\u503c\u8868\u793a\u65f6\u95f4\u95f4\u9694\u5185\u7684\u5e73\u5747\u503c\uff0c\u800c\u4e0d\u662f\u77ac\u65f6\u503c\u3002\u503c\u8d8a\u9ad8\uff0c\u5f20\u91cf\u6838\u5fc3\u7684\u5229\u7528\u7387\u8d8a\u9ad8\u3002\u6d3b\u52a8 1 (100%) \u76f8\u5f53\u4e8e\u5728\u6574\u4e2a\u65f6\u95f4\u95f4\u9694\u5185\u6bcf\u9694\u4e00\u4e2a\u5468\u671f\u53d1\u51fa\u4e00\u4e2a\u5f20\u91cf\u6307\u4ee4\u3002\u6d3b\u52a8 0.2 (20%) \u53ef\u80fd\u8868\u793a 20% \u7684 SM \u5728\u6574\u4e2a\u65f6\u95f4\u6bb5\u5185\u7684\u5229\u7528\u7387\u4e3a 100%\uff0c100% \u7684 SM \u5728\u6574\u4e2a\u65f6\u95f4\u6bb5\u5185\u7684\u5229\u7528\u7387\u4e3a 20%\uff0c100% \u7684 SM \u5728 20% \u7684\u65f6\u95f4\u6bb5\u5185\u7684\u5229\u7528\u7387\u4e3a 100%\uff0c\u6216\u8005\u4ecb\u4e8e\u4e24\u8005\u4e4b\u95f4\u7684\u4efb\u4f55\u7ec4\u5408\uff08\u8bf7\u53c2\u9605DCGM_FI_PROF_SM_ACTIVE\u4ee5\u5e2e\u52a9\u6d88\u9664\u8fd9\u4e9b\u53ef\u80fd\u6027\u7684\u6b67\u4e49\uff09\u3002 FP64 \u5f15\u64ce\u6d3b\u52a8 FP64\uff08\u53cc\u7cbe\u5ea6\uff09\u7ba1\u9053\u5904\u4e8e\u6d3b\u52a8\u72b6\u6001\u7684\u5468\u671f\u5206\u6570\u3002\u8be5\u503c\u8868\u793a\u65f6\u95f4\u95f4\u9694\u5185\u7684\u5e73\u5747\u503c\uff0c\u800c\u4e0d\u662f\u77ac\u65f6\u503c\u3002\u503c\u8d8a\u9ad8\uff0cFP64 \u6838\u5fc3\u7684\u5229\u7528\u7387\u8d8a\u9ad8\u3002\u6d3b\u52a8\u91cf 1\uff08100%\uff09\u76f8\u5f53\u4e8e\u6574\u4e2a\u65f6\u95f4\u95f4\u9694\u5185 Volta \u4e0a\u6bcf\u56db\u4e2a\u5468\u671f\u7684\u6bcf\u4e2a SM\u4e0a\u6267\u884c\u4e00\u6761 FP64 \u6307\u4ee4 \u3002\u6d3b\u52a8\u91cf 0.2\uff0820%\uff09\u53ef\u80fd\u8868\u793a 20% \u7684 SM \u5728\u6574\u4e2a\u65f6\u95f4\u6bb5\u5185\u5229\u7528\u7387\u4e3a 100%\uff0c100% \u7684 SM \u5728\u6574\u4e2a\u65f6\u95f4\u6bb5\u5185\u5229\u7528\u7387\u4e3a 20%\uff0c100% \u7684 SM \u5728 20% \u7684\u65f6\u95f4\u6bb5\u5185\u5229\u7528\u7387\u4e3a 100%\uff0c\u6216\u8005\u4ecb\u4e8e\u4e24\u8005\u4e4b\u95f4\u7684\u4efb\u4f55\u7ec4\u5408\uff08\u8bf7\u53c2\u9605 DCGM_FI_PROF_SM_ACTIVE \u4ee5\u5e2e\u52a9\u6d88\u9664\u8fd9\u4e9b\u53ef\u80fd\u6027\u7684\u6b67\u4e49\uff09\u3002 FP32 \u5f15\u64ce\u6d3b\u52a8 FMA\uff08FP32\uff08\u5355\u7cbe\u5ea6\uff09\u548c\u6574\u6570\uff09\u7ba1\u9053\u5904\u4e8e\u6d3b\u52a8\u72b6\u6001\u7684\u5468\u671f\u5206\u6570\u3002\u8be5\u503c\u8868\u793a\u65f6\u95f4\u95f4\u9694\u5185\u7684\u5e73\u5747\u503c\uff0c\u800c\u4e0d\u662f\u77ac\u65f6\u503c\u3002\u503c\u8d8a\u9ad8\uff0cFP32 \u6838\u5fc3\u7684\u5229\u7528\u7387\u8d8a\u9ad8\u3002\u6d3b\u52a8\u91cf 1\uff08100%\uff09\u76f8\u5f53\u4e8e\u6574\u4e2a\u65f6\u95f4\u95f4\u9694\u5185\u6bcf\u9694\u4e00\u4e2a\u5468\u671f\u6267\u884c\u4e00\u6b21 FP32 \u6307\u4ee4\u3002\u6d3b\u52a8\u91cf 0.2\uff0820%\uff09\u53ef\u80fd\u8868\u793a 20% \u7684 SM \u5728\u6574\u4e2a\u65f6\u95f4\u6bb5\u5185\u5229\u7528\u7387\u4e3a 100%\uff0c100% \u7684 SM \u5728\u6574\u4e2a\u65f6\u95f4\u6bb5\u5185\u5229\u7528\u7387\u4e3a 20%\uff0c100% \u7684 SM \u5728 20% \u7684\u65f6\u95f4\u6bb5\u5185\u5229\u7528\u7387\u4e3a 100%\uff0c\u6216\u8005\u4e24\u8005\u4e4b\u95f4\u7684\u4efb\u4f55\u7ec4\u5408\uff08\u8bf7\u53c2\u9605DCGM_FI_PROF_SM_ACTIVE\u4ee5\u5e2e\u52a9\u6d88\u9664\u8fd9\u4e9b\u53ef\u80fd\u6027\u7684\u6b67\u4e49\uff09\u3002 FP16 \u5f15\u64ce\u6d3b\u52a8 FP16\uff08\u534a\u7cbe\u5ea6\uff09\u7ba1\u9053\u5904\u4e8e\u6d3b\u52a8\u72b6\u6001\u7684\u5468\u671f\u5206\u6570\u3002\u8be5\u503c\u8868\u793a\u65f6\u95f4\u95f4\u9694\u5185\u7684\u5e73\u5747\u503c\uff0c\u800c\u4e0d\u662f\u77ac\u65f6\u503c\u3002\u503c\u8d8a\u9ad8\uff0cFP16 \u6838\u5fc3\u7684\u5229\u7528\u7387\u8d8a\u9ad8\u3002\u6d3b\u52a8\u91cf 1\uff08100%\uff09\u76f8\u5f53\u4e8e\u6574\u4e2a\u65f6\u95f4\u95f4\u9694\u5185\u6bcf\u9694\u4e00\u4e2a\u5468\u671f\u6267\u884c\u4e00\u6b21 FP16 \u6307\u4ee4\u3002\u6d3b\u52a8\u91cf 0.2\uff0820%\uff09\u53ef\u80fd\u8868\u793a 20% \u7684 SM \u5728\u6574\u4e2a\u65f6\u95f4\u6bb5\u5185\u5229\u7528\u7387\u4e3a 100%\uff0c100% \u7684 SM \u5728\u6574\u4e2a\u65f6\u95f4\u6bb5\u5185\u5229\u7528\u7387\u4e3a 20%\uff0c100% \u7684 SM \u5728 20% \u7684\u65f6\u95f4\u6bb5\u5185\u5229\u7528\u7387\u4e3a 100%\uff0c\u6216\u8005\u4ecb\u4e8e\u4e24\u8005\u4e4b\u95f4\u7684\u4efb\u4f55\u7ec4\u5408\uff08\u8bf7\u53c2\u9605DCGM_FI_PROF_SM_ACTIVE\u4ee5\u5e2e\u52a9\u6d88\u9664\u8fd9\u4e9b\u53ef\u80fd\u6027\u7684\u6b67\u4e49\uff09\u3002 \u5185\u5b58\u5e26\u5bbd\u5229\u7528\u7387 \u5411\u8bbe\u5907\u5185\u5b58\u53d1\u9001\u6570\u636e\u6216\u4ece\u8bbe\u5907\u5185\u5b58\u63a5\u6536\u6570\u636e\u7684\u5468\u671f\u6bd4\u4f8b\u3002\u8be5\u503c\u8868\u793a\u65f6\u95f4\u95f4\u9694\u5185\u7684\u5e73\u5747\u503c\uff0c\u800c\u4e0d\u662f\u77ac\u65f6\u503c\u3002\u503c\u8d8a\u9ad8\uff0c\u8bbe\u5907\u5185\u5b58\u7684\u5229\u7528\u7387\u8d8a\u9ad8\u3002\u6d3b\u52a8\u7387\u4e3a 1 (100%) \u76f8\u5f53\u4e8e\u6574\u4e2a\u65f6\u95f4\u95f4\u9694\u5185\u6bcf\u4e2a\u5468\u671f\u6267\u884c\u4e00\u6761 DRAM \u6307\u4ee4\uff08\u5b9e\u9645\u4e0a\uff0c\u5cf0\u503c\u7ea6\u4e3a 0.8 (80%) \u662f\u53ef\u5b9e\u73b0\u7684\u6700\u5927\u503c\uff09\u3002\u6d3b\u52a8\u7387\u4e3a 0.2 (20%) \u8868\u793a\u5728\u65f6\u95f4\u95f4\u9694\u5185\u6709 20% \u7684\u5468\u671f\u6b63\u5728\u8bfb\u53d6\u6216\u5199\u5165\u8bbe\u5907\u5185\u5b58\u3002 NVLink \u5e26\u5bbd \u901a\u8fc7 NVLink \u4f20\u8f93/\u63a5\u6536\u7684\u6570\u636e\u901f\u7387\uff08\u4e0d\u5305\u62ec\u534f\u8bae\u6807\u5934\uff09\uff0c\u4ee5\u6bcf\u79d2\u5b57\u8282\u6570\u4e3a\u5355\u4f4d\u3002\u8be5\u503c\u8868\u793a\u4e00\u6bb5\u65f6\u95f4\u5185\u7684\u5e73\u5747\u503c\uff0c\u800c\u4e0d\u662f\u77ac\u65f6\u503c\u3002\u901f\u7387\u662f\u4e00\u6bb5\u65f6\u95f4\u5185\u7684\u5e73\u5747\u503c\u3002\u4f8b\u5982\uff0c\u5982\u679c 1 \u79d2\u5185\u4f20\u8f93\u4e86 1 GB \u7684\u6570\u636e\uff0c\u5219\u65e0\u8bba\u6570\u636e\u662f\u4ee5\u6052\u5b9a\u901f\u7387\u8fd8\u662f\u7a81\u53d1\u901f\u7387\u4f20\u8f93\uff0c\u901f\u7387\u90fd\u662f 1 GB/s\u3002\u7406\u8bba\u4e0a\uff0c\u6bcf\u4e2a\u94fe\u8def\u6bcf\u4e2a\u65b9\u5411\u7684\u6700\u5927 NVLink Gen2 \u5e26\u5bbd\u4e3a 25 GB/s\u3002 PCIe \u5e26\u5bbd \u901a\u8fc7 PCIe \u603b\u7ebf\u4f20\u8f93/\u63a5\u6536\u7684\u6570\u636e\u901f\u7387\uff0c\u5305\u62ec\u534f\u8bae\u6807\u5934\u548c\u6570\u636e\u6709\u6548\u8d1f\u8f7d\uff0c\u4ee5\u5b57\u8282/\u79d2\u4e3a\u5355\u4f4d\u3002\u8be5\u503c\u8868\u793a\u4e00\u6bb5\u65f6\u95f4\u5185\u7684\u5e73\u5747\u503c\uff0c\u800c\u4e0d\u662f\u77ac\u65f6\u503c\u3002\u8be5\u901f\u7387\u662f\u4e00\u6bb5\u65f6\u95f4\u5185\u7684\u5e73\u5747\u503c\u3002\u4f8b\u5982\uff0c\u5982\u679c 1 \u79d2\u5185\u4f20\u8f93\u4e86 1 GB \u7684\u6570\u636e\uff0c\u5219\u65e0\u8bba\u6570\u636e\u662f\u4ee5\u6052\u5b9a\u901f\u7387\u8fd8\u662f\u7a81\u53d1\u901f\u7387\u4f20\u8f93\uff0c\u901f\u7387\u90fd\u662f 1 GB/s\u3002\u7406\u8bba\u4e0a\u6700\u5927 PCIe Gen3 \u5e26\u5bbd\u4e3a\u6bcf\u901a\u9053 985 MB/s\u3002 PCIe \u4f20\u8f93\u901f\u7387 \u8282\u70b9 GPU \u5361\u901a\u8fc7 PCIe \u603b\u7ebf\u4f20\u8f93\u7684\u6570\u636e\u901f\u7387 PCIe \u63a5\u6536\u901f\u7387 \u8282\u70b9 GPU \u5361\u901a\u8fc7 PCIe \u603b\u7ebf\u63a5\u6536\u7684\u6570\u636e\u901f\u7387"},{"location":"end-user/kpanda/gpu/nvidia/mig/index.html","title":"NVIDIA \u591a\u5b9e\u4f8b GPU(MIG) \u6982\u8ff0","text":""},{"location":"end-user/kpanda/gpu/nvidia/mig/index.html#mig","title":"MIG \u573a\u666f","text":"\u591a\u79df\u6237\u4e91\u73af\u5883
MIG \u5141\u8bb8\u4e91\u670d\u52a1\u63d0\u4f9b\u5546\u5c06\u4e00\u5757\u7269\u7406 GPU \u5212\u5206\u4e3a\u591a\u4e2a\u72ec\u7acb\u7684 GPU \u5b9e\u4f8b\uff0c\u6bcf\u4e2a\u5b9e\u4f8b\u53ef\u4ee5\u72ec\u7acb\u5206\u914d\u7ed9\u4e0d\u540c\u7684\u79df\u6237\u3002\u8fd9\u6837\u53ef\u4ee5\u5b9e\u73b0\u8d44\u6e90\u7684\u9694\u79bb\u548c\u72ec\u7acb\u6027\uff0c\u6ee1\u8db3\u591a\u4e2a\u79df\u6237\u5bf9 GPU \u8ba1\u7b97\u80fd\u529b\u7684\u9700\u6c42\u3002
\u5bb9\u5668\u5316\u5e94\u7528\u7a0b\u5e8f
MIG \u53ef\u4ee5\u5728\u5bb9\u5668\u5316\u73af\u5883\u4e2d\u5b9e\u73b0\u66f4\u7ec6\u7c92\u5ea6\u7684 GPU \u8d44\u6e90\u7ba1\u7406\u3002\u901a\u8fc7\u5c06\u7269\u7406 GPU \u5212\u5206\u4e3a\u591a\u4e2a MIG \u5b9e\u4f8b\uff0c\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u5bb9\u5668\u5206\u914d\u72ec\u7acb\u7684 GPU \u8ba1\u7b97\u8d44\u6e90\uff0c\u63d0\u4f9b\u66f4\u597d\u7684\u6027\u80fd\u9694\u79bb\u548c\u8d44\u6e90\u5229\u7528\u3002
\u6279\u5904\u7406\u4f5c\u4e1a
\u5bf9\u4e8e\u9700\u8981\u5927\u89c4\u6a21\u5e76\u884c\u8ba1\u7b97\u7684\u6279\u5904\u7406\u4f5c\u4e1a\uff0cMIG \u53ef\u4ee5\u63d0\u4f9b\u66f4\u9ad8\u7684\u8ba1\u7b97\u6027\u80fd\u548c\u66f4\u5927\u7684\u663e\u5b58\u5bb9\u91cf\u3002\u6bcf\u4e2a MIG \u5b9e\u4f8b\u53ef\u4ee5\u5229\u7528\u7269\u7406 GPU \u7684\u4e00\u90e8\u5206\u8ba1\u7b97\u8d44\u6e90\uff0c\u4ece\u800c\u52a0\u901f\u5927\u89c4\u6a21\u8ba1\u7b97\u4efb\u52a1\u7684\u5904\u7406\u3002
AI/\u673a\u5668\u5b66\u4e60\u8bad\u7ec3
MIG \u53ef\u4ee5\u5728\u8bad\u7ec3\u5927\u89c4\u6a21\u6df1\u5ea6\u5b66\u4e60\u6a21\u578b\u65f6\u63d0\u4f9b\u66f4\u5927\u7684\u8ba1\u7b97\u80fd\u529b\u548c\u663e\u5b58\u5bb9\u91cf\u3002\u5c06\u7269\u7406 GPU \u5212\u5206\u4e3a\u591a\u4e2a MIG \u5b9e\u4f8b\uff0c\u6bcf\u4e2a\u5b9e\u4f8b\u53ef\u4ee5\u72ec\u7acb\u8fdb\u884c\u6a21\u578b\u8bad\u7ec3\uff0c\u63d0\u9ad8\u8bad\u7ec3\u6548\u7387\u548c\u541e\u5410\u91cf\u3002
\u603b\u4f53\u800c\u8a00\uff0cNVIDIA MIG \u9002\u7528\u4e8e\u9700\u8981\u66f4\u7ec6\u7c92\u5ea6\u7684GPU\u8d44\u6e90\u5206\u914d\u548c\u7ba1\u7406\u7684\u573a\u666f\uff0c\u53ef\u4ee5\u5b9e\u73b0\u8d44\u6e90\u7684\u9694\u79bb\u3001\u63d0\u9ad8\u6027\u80fd\u5229\u7528\u7387\uff0c\u5e76\u4e14\u6ee1\u8db3\u591a\u4e2a\u7528\u6237\u6216\u5e94\u7528\u7a0b\u5e8f\u5bf9 GPU \u8ba1\u7b97\u80fd\u529b\u7684\u9700\u6c42\u3002
"},{"location":"end-user/kpanda/gpu/nvidia/mig/index.html#mig_1","title":"MIG \u6982\u8ff0","text":"NVIDIA \u591a\u5b9e\u4f8b GPU\uff08Multi-Instance GPU\uff0c\u7b80\u79f0 MIG\uff09\u662f NVIDIA \u5728 H100\uff0cA100\uff0cA30 \u7cfb\u5217 GPU \u5361\u4e0a\u63a8\u51fa\u7684\u4e00\u9879\u65b0\u7279\u6027\uff0c \u65e8\u5728\u5c06\u4e00\u5757\u7269\u7406 GPU \u5206\u5272\u4e3a\u591a\u4e2a GPU \u5b9e\u4f8b\uff0c\u4ee5\u63d0\u4f9b\u66f4\u7ec6\u7c92\u5ea6\u7684\u8d44\u6e90\u5171\u4eab\u548c\u9694\u79bb\u3002MIG \u6700\u591a\u53ef\u5c06\u4e00\u5757 GPU \u5212\u5206\u6210\u4e03\u4e2a GPU \u5b9e\u4f8b\uff0c \u4f7f\u5f97\u4e00\u4e2a \u7269\u7406 GPU \u5361\u53ef\u4e3a\u591a\u4e2a\u7528\u6237\u63d0\u4f9b\u5355\u72ec\u7684 GPU \u8d44\u6e90\uff0c\u4ee5\u5b9e\u73b0\u6700\u4f73 GPU \u5229\u7528\u7387\u3002
\u8fd9\u4e2a\u529f\u80fd\u4f7f\u5f97\u591a\u4e2a\u5e94\u7528\u7a0b\u5e8f\u6216\u7528\u6237\u53ef\u4ee5\u540c\u65f6\u5171\u4eabGPU\u8d44\u6e90\uff0c\u63d0\u9ad8\u4e86\u8ba1\u7b97\u8d44\u6e90\u7684\u5229\u7528\u7387\uff0c\u5e76\u589e\u52a0\u4e86\u7cfb\u7edf\u7684\u53ef\u6269\u5c55\u6027\u3002
\u901a\u8fc7 MIG\uff0c\u6bcf\u4e2a GPU \u5b9e\u4f8b\u7684\u5904\u7406\u5668\u5728\u6574\u4e2a\u5185\u5b58\u7cfb\u7edf\u4e2d\u5177\u6709\u72ec\u7acb\u4e14\u9694\u79bb\u7684\u8def\u5f84\u2014\u2014\u82af\u7247\u4e0a\u7684\u4ea4\u53c9\u5f00\u5173\u7aef\u53e3\u3001L2 \u9ad8\u901f\u7f13\u5b58\u7ec4\u3001\u5185\u5b58\u63a7\u5236\u5668\u548c DRAM \u5730\u5740\u603b\u7ebf\u90fd\u552f\u4e00\u5206\u914d\u7ed9\u5355\u4e2a\u5b9e\u4f8b\u3002
\u8fd9\u786e\u4fdd\u4e86\u5355\u4e2a\u7528\u6237\u7684\u5de5\u4f5c\u8d1f\u8f7d\u80fd\u591f\u4ee5\u53ef\u9884\u6d4b\u7684\u541e\u5410\u91cf\u548c\u5ef6\u8fdf\u8fd0\u884c\uff0c\u5e76\u5177\u6709\u76f8\u540c\u7684\u4e8c\u7ea7\u7f13\u5b58\u5206\u914d\u548c DRAM \u5e26\u5bbd\u3002 MIG \u53ef\u4ee5\u5212\u5206\u53ef\u7528\u7684 GPU \u8ba1\u7b97\u8d44\u6e90\uff08\u5305\u62ec\u6d41\u591a\u5904\u7406\u5668\u6216 SM \u548c GPU \u5f15\u64ce\uff0c\u5982\u590d\u5236\u5f15\u64ce\u6216\u89e3\u7801\u5668\uff09\u8fdb\u884c\u5206\u533a\uff0c \u4ee5\u4fbf\u4e3a\u4e0d\u540c\u7684\u5ba2\u6237\u7aef\uff08\u5982\u4e91\u4e3b\u673a\u3001\u5bb9\u5668\u6216\u8fdb\u7a0b\uff09\u63d0\u4f9b\u5b9a\u4e49\u7684\u670d\u52a1\u8d28\u91cf\uff08QoS\uff09\u548c\u6545\u969c\u9694\u79bb\uff09\u3002 MIG \u4f7f\u591a\u4e2a GPU \u5b9e\u4f8b\u80fd\u591f\u5728\u5355\u4e2a\u7269\u7406 GPU \u4e0a\u5e76\u884c\u8fd0\u884c\u3002
MIG \u5141\u8bb8\u591a\u4e2a vGPU\uff08\u4ee5\u53ca\u4e91\u4e3b\u673a\uff09\u5728\u5355\u4e2a GPU \u5b9e\u4f8b\u4e0a\u5e76\u884c\u8fd0\u884c\uff0c\u540c\u65f6\u4fdd\u7559 vGPU \u63d0\u4f9b\u7684\u9694\u79bb\u4fdd\u8bc1\u3002 \u6709\u5173\u4f7f\u7528 vGPU \u548c MIG \u8fdb\u884c GPU \u5206\u533a\u7684\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 NVIDIA Multi-Instance GPU and NVIDIA Virtual Compute Server\u3002
"},{"location":"end-user/kpanda/gpu/nvidia/mig/index.html#mig_2","title":"MIG \u67b6\u6784","text":"\u5982\u4e0b\u662f\u4e00\u4e2a MIG \u7684\u6982\u8ff0\u56fe\uff0c\u53ef\u4ee5\u770b\u51fa MIG \u5c06\u4e00\u5f20\u7269\u7406 GPU \u5361\u865a\u62df\u5316\u6210\u4e86 7 \u4e2a GPU \u5b9e\u4f8b\uff0c\u8fd9\u4e9b GPU \u5b9e\u4f8b\u80fd\u591f\u53ef\u4ee5\u88ab\u591a\u4e2a User \u4f7f\u7528\u3002
"},{"location":"end-user/kpanda/gpu/nvidia/mig/index.html#_1","title":"\u91cd\u8981\u6982\u5ff5","text":"\u672c\u8282\u4ecb\u7ecd\u5982\u4f55\u5728 GPU \u4e0a\u521b\u5efa\u5404\u79cd\u5206\u533a\u3002\u5c06\u4f7f\u7528 A100-40GB \u4f5c\u4e3a\u793a\u4f8b\u6f14\u793a\u5982\u4f55\u5bf9\u5355\u4e2a GPU \u7269\u7406\u5361\u4e0a\u8fdb\u884c\u5206\u533a\u3002
GPU \u7684\u5206\u533a\u662f\u4f7f\u7528\u5185\u5b58\u5207\u7247\u8fdb\u884c\u7684\uff0c\u56e0\u6b64\u53ef\u4ee5\u8ba4\u4e3a A100-40GB GPU \u5177\u6709 8x5GB \u5185\u5b58\u5207\u7247\u548c 7 \u4e2a GPU SM \u5207\u7247\uff0c\u5982\u4e0b\u56fe\u6240\u793a\uff0c\u5c55\u793a\u4e86 A100 \u4e0a\u53ef\u7528\u7684\u5185\u5b58\u5207\u7247\u3002
\u5982\u4e0a\u6240\u8ff0\uff0c\u521b\u5efa GPU \u5b9e\u4f8b \uff08GI\uff09 \u9700\u8981\u5c06\u4e00\u5b9a\u6570\u91cf\u7684\u5185\u5b58\u5207\u7247\u4e0e\u4e00\u5b9a\u6570\u91cf\u7684\u8ba1\u7b97\u5207\u7247\u76f8\u7ed3\u5408\u3002 \u5728\u4e0b\u56fe\u4e2d\uff0c\u4e00\u4e2a 5GB \u5185\u5b58\u5207\u7247\u4e0e 1 \u4e2a\u8ba1\u7b97\u5207\u7247\u76f8\u7ed3\u5408\uff0c\u4ee5\u521b\u5efa 1g.5gb GI \u914d\u7f6e\u6587\u4ef6\uff1a
\u540c\u6837\uff0c4x5GB \u5185\u5b58\u5207\u7247\u53ef\u4ee5\u4e0e 4x1 \u8ba1\u7b97\u5207\u7247\u7ed3\u5408\u4f7f\u7528\u4ee5\u521b\u5efa 4g.20gb \u7684 GI \u914d\u7f6e\u6587\u4ef6\uff1a
"},{"location":"end-user/kpanda/gpu/nvidia/mig/index.html#ci","title":"\u8ba1\u7b97\u5b9e\u4f8b\uff08CI\uff09","text":"GPU \u5b9e\u4f8b\u7684\u8ba1\u7b97\u5207\u7247(GI)\u53ef\u4ee5\u8fdb\u4e00\u6b65\u7ec6\u5206\u4e3a\u591a\u4e2a\u8ba1\u7b97\u5b9e\u4f8b\uff08CI\uff09\uff0c\u5176\u4e2d CI \u5171\u4eab\u7236 GI \u7684\u5f15\u64ce\u548c\u5185\u5b58\uff0c \u4f46\u6bcf\u4e2a CI \u90fd\u6709\u4e13\u7528\u7684 SM \u8d44\u6e90\u3002\u4f7f\u7528\u4e0a\u9762\u7684\u76f8\u540c 4g.20gb \u793a\u4f8b\uff0c\u53ef\u4ee5\u521b\u5efa\u4e00\u4e2a CI \u4ee5\u4ec5\u4f7f\u7528\u7b2c\u4e00\u4e2a\u8ba1\u7b97\u5207\u7247\u7684 1c.4g.20gb \u8ba1\u7b97\u914d\u7f6e\uff0c\u5982\u4e0b\u56fe\u84dd\u8272\u90e8\u5206\u6240\u793a\uff1a
\u5728\u8fd9\u79cd\u60c5\u51b5\u4e0b\uff0c\u53ef\u4ee5\u901a\u8fc7\u9009\u62e9\u4efb\u4f55\u8ba1\u7b97\u5207\u7247\u6765\u521b\u5efa 4 \u4e2a\u4e0d\u540c\u7684 CI\u3002\u8fd8\u53ef\u4ee5\u5c06\u4e24\u4e2a\u8ba1\u7b97\u5207\u7247\u7ec4\u5408\u5728\u4e00\u8d77\u4ee5\u521b\u5efa 2c.4g.20gb \u7684\u8ba1\u7b97\u914d\u7f6e\uff09\uff1a
\u9664\u6b64\u4e4b\u5916\uff0c\u8fd8\u53ef\u4ee5\u7ec4\u5408 3 \u4e2a\u8ba1\u7b97\u5207\u7247\u4ee5\u521b\u5efa\u8ba1\u7b97\u914d\u7f6e\u6587\u4ef6\uff0c\u6216\u8005\u53ef\u4ee5\u7ec4\u5408\u6240\u6709 4 \u4e2a\u8ba1\u7b97\u5207\u7247\u4ee5\u521b\u5efa 3c.4g.20gb \u3001 4c.4g.20gb \u8ba1\u7b97\u914d\u7f6e\u6587\u4ef6\u3002 \u5408\u5e76\u6240\u6709 4 \u4e2a\u8ba1\u7b97\u5207\u7247\u65f6\uff0c\u914d\u7f6e\u6587\u4ef6\u7b80\u79f0\u4e3a 4g.20gb \u3002
"},{"location":"end-user/kpanda/gpu/nvidia/mig/create_mig.html","title":"\u5f00\u542f MIG \u529f\u80fd","text":"\u672c\u7ae0\u8282\u4ecb\u7ecd\u5982\u4f55\u5f00\u542f NVIDIA MIG \u529f\u80fd\u65b9\u5f0f\uff0cNVIDIA \u5f53\u524d\u63d0\u4f9b\u4e24\u79cd\u5728 Kubernetes \u8282\u70b9\u4e0a\u516c\u5f00 MIG \u8bbe\u5907\u7684\u7b56\u7565\uff1a
\u8be6\u60c5\u53c2\u8003 NVIDIA GPU \u5361\u4f7f\u7528\u6a21\u5f0f\u3002
"},{"location":"end-user/kpanda/gpu/nvidia/mig/create_mig.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u5b89\u88c5 Operator \u65f6\u9700\u8981\u5bf9\u5e94\u8bbe\u7f6e MigManager Config \u53c2\u6570\uff0c \u9ed8\u8ba4\u4e3a default-mig-parted-config \uff0c\u540c\u65f6\u4e5f\u53ef\u4ee5\u81ea\u5b9a\u4e49\u5207\u5206\u7b56\u7565\u914d\u7f6e\u6587\u4ef6\uff1a
"},{"location":"end-user/kpanda/gpu/nvidia/mig/create_mig.html#_3","title":"\u81ea\u5b9a\u4e49\u5207\u5206\u7b56\u7565","text":" ## \u81ea\u5b9a\u4e49\u5207\u5206 GI \u5b9e\u4f8b\u914d\u7f6e\n all-disabled:\n - devices: all\n mig-enabled: false\n all-enabled:\n - devices: all\n mig-enabled: true\n mig-devices: {}\n all-1g.10gb:\n - devices: all\n mig-enabled: true\n mig-devices:\n 1g.5gb: 7\n all-1g.10gb.me:\n - devices: all\n mig-enabled: true\n mig-devices:\n 1g.10gb+me: 1\n all-1g.20gb:\n - devices: all\n mig-enabled: true\n mig-devices:\n 1g.20gb: 4\n all-2g.20gb:\n - devices: all\n mig-enabled: true\n mig-devices:\n 2g.20gb: 3\n all-3g.40gb:\n - devices: all\n mig-enabled: true\n mig-devices:\n 3g.40gb: 2\n all-4g.40gb:\n - devices: all\n mig-enabled: true\n mig-devices:\n 4g.40gb: 1\n all-7g.80gb:\n - devices: all\n mig-enabled: true\n mig-devices:\n 7g.80gb: 1\n all-balanced:\n - device-filter: [\"0x233110DE\", \"0x232210DE\", \"0x20B210DE\", \"0x20B510DE\", \"0x20F310DE\", \"0x20F510DE\"]\n devices: all\n mig-enabled: true\n mig-devices:\n 1g.10gb: 2\n 2g.20gb: 1\n 3g.40gb: 1\n # \u8bbe\u7f6e\u540e\u4f1a\u6309\u7167\u8bbe\u7f6e\u89c4\u683c\u5207\u5206 CI \u5b9e\u4f8b\n custom-config:\n - devices: all\n mig-enabled: true\n mig-devices:\n 3g.40gb: 2\n
\u5728\u4e0a\u8ff0\u7684 YAML \u4e2d\u8bbe\u7f6e custom-config \uff0c\u8bbe\u7f6e\u540e\u4f1a\u6309\u7167\u89c4\u683c\u5207\u5206 CI \u5b9e\u4f8b\u3002
custom-config:\n - devices: all\n mig-enabled: true\n mig-devices:\n 1c.3g.40gb: 6\n
\u8bbe\u7f6e\u5b8c\u6210\u540e\uff0c\u5728\u786e\u8ba4\u90e8\u7f72\u5e94\u7528\u65f6\u5373\u53ef\u4f7f\u7528 GPU MIG \u8d44\u6e90\u3002
"},{"location":"end-user/kpanda/gpu/nvidia/mig/create_mig.html#gpu","title":"\u5207\u6362\u8282\u70b9 GPU \u6a21\u5f0f","text":"Note
\u5207\u6362 GPU \u6a21\u5f0f\u6216\u8005\u4fee\u6539\u5207\u5206\u89c4\u683c\u540e\u9700\u8981\u91cd\u542f nvidia-mig-manager\u3002
\u5f53\u6211\u4eec\u6210\u529f\u5b89\u88c5 gpu-operator \u4e4b\u540e\uff0c\u8282\u70b9\u9ed8\u8ba4\u662f\u6574\u5361\u6a21\u5f0f\uff0c\u5728\u8282\u70b9\u7ba1\u7406\u9875\u9762\u4f1a\u6709\u6807\u8bc6\uff0c\u5982\u4e0b\u56fe\u6240\u793a\uff1a
\u70b9\u51fb\u8282\u70b9\u5217\u8868\u53f3\u4fa7\u7684 \u2507 \uff0c\u9009\u62e9 GPU \u6a21\u5f0f\u5207\u6362 \uff0c\u7136\u540e\u9009\u62e9\u5bf9\u5e94\u7684 MIG \u6a21\u5f0f\u4ee5\u53ca\u5207\u5206\u7684\u7b56\u7565\uff0c\u8fd9\u91cc\u4ee5 MIXED \u6a21\u5f0f\u4e3a\u4f8b\uff1a
\u8fd9\u91cc\u4e00\u5171\u6709\u4e24\u4e2a\u914d\u7f6e\uff1a
\u70b9\u51fb \u786e\u5b9a \u6309\u94ae\u540e\uff0c\u7b49\u5f85\u7ea6\u4e00\u5206\u949f\u5de6\u53f3\u5237\u65b0\u9875\u9762\uff0cMIG \u6a21\u5f0f\u5207\u6362\u6210\uff1a
"},{"location":"end-user/kpanda/gpu/nvidia/mig/mig_command.html","title":"MIG \u76f8\u5173\u547d\u4ee4","text":"GI \u76f8\u5173\u547d\u540d\uff1a
\u5b50\u547d\u4ee4 \u8bf4\u660e nvidia-smi mig -lgi \u67e5\u770b\u521b\u5efa GI \u5b9e\u4f8b\u5217\u8868 nvidia-smi mig -dgi -gi \u5220\u9664\u6307\u5b9a\u7684 GI \u5b9e\u4f8b nvidia-smi mig -lgip \u67e5\u770b GI \u7684 profile nvidia-smi mig -cgi \u901a\u8fc7\u6307\u5b9a profile \u7684 ID \u521b\u5efa GICI \u76f8\u5173\u547d\u4ee4\uff1a
\u5b50\u547d\u4ee4 \u8bf4\u660e nvidia-smi mig -lcip { -gi {gi Instance ID}} \u67e5\u770b CI \u7684 profile \uff0c\u6307\u5b9a -gi \u53ef\u4ee5\u67e5\u770b\u7279\u5b9a GI \u5b9e\u4f8b\u53ef\u4ee5\u521b\u5efa\u7684 CI nvidia-smi mig -lci \u67e5\u770b\u521b\u5efa\u7684 CI \u5b9e\u4f8b\u5217\u8868 nvidia-smi mig -cci {profile id} -gi {gi instance id} \u6307\u5b9a\u7684 GI \u521b\u5efa CI \u5b9e\u4f8b nvidia-smi mig -dci -ci \u5220\u9664\u6307\u5b9a CI \u5b9e\u4f8bGI+CI \u76f8\u5173\u547d\u4ee4\uff1a
\u5b50\u547d\u4ee4 \u8bf4\u660e nvidia-smi mig -i 0 -cgi {gi profile id} -C {ci profile id} \u76f4\u63a5\u521b\u5efa GI + CI \u5b9e\u4f8b"},{"location":"end-user/kpanda/gpu/nvidia/mig/mig_usage.html","title":"\u4f7f\u7528 MIG GPU \u8d44\u6e90","text":"\u672c\u8282\u4ecb\u7ecd\u5e94\u7528\u5982\u4f55\u4f7f\u7528 MIG GPU \u8d44\u6e90\u3002
"},{"location":"end-user/kpanda/gpu/nvidia/mig/mig_usage.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u786e\u8ba4\u96c6\u7fa4\u662f\u5426\u5df2\u8bc6\u522b GPU \u5361\u7c7b\u578b
\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 -> \u8282\u70b9\u7ba1\u7406 \uff0c\u67e5\u770b\u662f\u5426\u5df2\u6b63\u786e\u8bc6\u522b\u4e3a MIG \u6a21\u5f0f\u3002
\u901a\u8fc7\u955c\u50cf\u90e8\u7f72\u5e94\u7528\uff0c\u53ef\u9009\u62e9\u5e76\u4f7f\u7528 NVIDIA MIG \u8d44\u6e90\u3002
MIG Single \u6a21\u5f0f\u793a\u4f8b\uff08\u4e0e\u6574\u5361\u4f7f\u7528\u65b9\u5f0f\u76f8\u540c\uff09\uff1a
Note
MIG single \u7b56\u7565\u5141\u8bb8\u7528\u6237\u4ee5\u4e0e GPU \u6574\u5361\u76f8\u540c\u7684\u65b9\u5f0f\uff08nvidia.com/gpu
\uff09\u8bf7\u6c42\u548c\u4f7f\u7528GPU\u8d44\u6e90\uff0c\u4e0d\u540c\u7684\u662f\u8fd9\u4e9b\u8d44\u6e90\u53ef\u4ee5\u662f GPU \u7684\u4e00\u90e8\u5206\uff08MIG\u8bbe\u5907\uff09\uff0c\u800c\u4e0d\u662f\u6574\u4e2aGPU\u3002\u4e86\u89e3\u66f4\u591a GPU MIG \u6a21\u5f0f\u8bbe\u8ba1
MIG Mixed \u6a21\u5f0f\u793a\u4f8b\uff1a
MIG Single \u6a21\u5f0f\uff1a
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: mig-demo\n namespace: default\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: mig-demo\n template:\n metadata:\n creationTimestamp: null\n labels:\n app: mig-demo\n spec:\n containers:\n - name: mig-demo1\n image: chrstnhntschl/gpu_burn\n resources:\n limits:\n nvidia.com/gpu: 2 # (1)!\n imagePullPolicy: Always\n restartPolicy: Always\n
MIG Mixed \u6a21\u5f0f\uff1a
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: mig-demo\n namespace: default\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: mig-demo\n template:\n metadata:\n creationTimestamp: null\n labels:\n app: mig-demo\n spec:\n containers:\n - name: mig-demo1\n image: chrstnhntschl/gpu_burn\n resources:\n limits:\n nvidia.com/mig-4g.20gb: 1 # (1)!\n imagePullPolicy: Always\n restartPolicy: Always\n
\u8fdb\u5165\u5bb9\u5668\u540e\u53ef\u4ee5\u67e5\u770b\u53ea\u4f7f\u7528\u4e86\u4e00\u4e2a MIG \u8bbe\u5907\u3002
"},{"location":"end-user/kpanda/gpu/nvidia/vgpu/hami.html","title":"\u6784\u5efa vGPU \u663e\u5b58\u8d85\u914d\u955c\u50cf","text":"Hami \u9879\u76ee\u4e2d vGPU \u663e\u5b58\u8d85\u914d\u7684\u529f\u80fd\u5df2\u7ecf\u4e0d\u5b58\u5728\uff0c\u76ee\u524d\u4f7f\u7528\u6709\u663e\u5b58\u8d85\u914d\u7684 libvgpu.so
\u6587\u4ef6\u91cd\u65b0\u6784\u5efa\u3002
FROM docker.m.daocloud.io/projecthami/hami:v2.3.11\nCOPY libvgpu.so /k8s-vgpu/lib/nvidia/\n
\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u6784\u5efa\u955c\u50cf\uff1a
docker build -t release.daocloud.io/projecthami/hami:v2.3.11 -f Dockerfile .\n
\u7136\u540e\u628a\u955c\u50cf push \u5230 release.daocloud.io
\u4e2d\u3002
\u5982\u9700\u5c06\u4e00\u5f20 NVIDIA \u865a\u62df\u5316\u6210\u591a\u4e2a\u865a\u62df GPU\uff0c\u5e76\u5c06\u5176\u5206\u914d\u7ed9\u4e0d\u540c\u7684\u4e91\u4e3b\u673a\u6216\u7528\u6237\uff0c\u60a8\u53ef\u4ee5\u4f7f\u7528 NVIDIA \u7684 vGPU \u80fd\u529b\u3002 \u672c\u8282\u4ecb\u7ecd\u5982\u4f55\u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4e2d\u5b89\u88c5 vGPU \u63d2\u4ef6\uff0c\u8fd9\u662f\u4f7f\u7528 NVIDIA vGPU \u80fd\u529b\u7684\u524d\u63d0\u3002
"},{"location":"end-user/kpanda/gpu/nvidia/vgpu/vgpu_addon.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u529f\u80fd\u6a21\u5757\u8def\u5f84\uff1a \u5bb9\u5668\u7ba1\u7406 -> \u96c6\u7fa4\u7ba1\u7406 \uff0c\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u4ece\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb Helm \u5e94\u7528 -> Helm \u6a21\u677f -> \u641c\u7d22 nvidia-vgpu \u3002
\u5728\u5b89\u88c5 vGPU \u7684\u8fc7\u7a0b\u4e2d\u63d0\u4f9b\u4e86\u51e0\u4e2a\u57fa\u672c\u4fee\u6539\u7684\u53c2\u6570\uff0c\u5982\u679c\u9700\u8981\u4fee\u6539\u9ad8\u7ea7\u53c2\u6570\u70b9\u51fb YAML \u5217\u8fdb\u884c\u4fee\u6539\uff1a
deviceCoreScaling \uff1aNVIDIA \u88c5\u7f6e\u7b97\u529b\u4f7f\u7528\u6bd4\u4f8b\uff0c\u9884\u8bbe\u503c\u662f 1\u3002\u53ef\u4ee5\u5927\u4e8e 1\uff08\u542f\u7528\u865a\u62df\u7b97\u529b\uff0c\u5b9e\u9a8c\u529f\u80fd\uff09\u3002\u5982\u679c\u6211\u4eec\u914d\u7f6e devicePlugin.deviceCoreScaling \u53c2\u6570\u4e3a S\uff0c\u5728\u90e8\u7f72\u4e86\u6211\u4eec\u88c5\u7f6e\u63d2\u4ef6\u7684 Kubernetes \u96c6\u7fa4\u4e2d\uff0c\u8fd9\u5f20 GPU \u5206\u51fa\u7684 vGPU \u5c06\u603b\u5171\u5305\u542b S * 100% \u7b97\u529b\u3002
deviceMemoryScaling \uff1aNVIDIA \u88c5\u7f6e\u663e\u5b58\u4f7f\u7528\u6bd4\u4f8b\uff0c\u9884\u8bbe\u503c\u662f 1\u3002\u53ef\u4ee5\u5927\u4e8e 1\uff08\u542f\u7528\u865a\u62df\u663e\u5b58\uff0c\u5b9e\u9a8c\u529f\u80fd\uff09\u3002 \u5bf9\u4e8e\u6709 M \u663e\u5b58\u5927\u5c0f\u7684 NVIDIA GPU\uff0c\u5982\u679c\u6211\u4eec\u914d\u7f6e devicePlugin.deviceMemoryScaling \u53c2\u6570\u4e3a S\uff0c \u5728\u90e8\u7f72\u4e86\u6211\u4eec\u88c5\u7f6e\u63d2\u4ef6\u7684 Kubernetes \u96c6\u7fa4\u4e2d\uff0c\u8fd9\u5f20 GPU \u5206\u51fa\u7684 vGPU \u5c06\u603b\u5171\u5305\u542b S * M \u663e\u5b58\u3002
deviceSplitCount \uff1a\u6574\u6570\u7c7b\u578b\uff0c\u9884\u8bbe\u503c\u662f 10\u3002GPU \u7684\u5206\u5272\u6570\uff0c\u6bcf\u4e00\u5f20 GPU \u90fd\u4e0d\u80fd\u5206\u914d\u8d85\u8fc7\u5176\u914d\u7f6e\u6570\u76ee\u7684\u4efb\u52a1\u3002 \u82e5\u5176\u914d\u7f6e\u4e3a N \u7684\u8bdd\uff0c\u6bcf\u4e2a GPU \u4e0a\u6700\u591a\u53ef\u4ee5\u540c\u65f6\u5b58\u5728 N \u4e2a\u4efb\u52a1\u3002
Resources \uff1a\u5c31\u662f\u5bf9\u5e94 vgpu-device-plugin \u548c vgpu-schedule pod \u7684\u8d44\u6e90\u4f7f\u7528\u91cf\u3002
ServiceMonitor \uff1a\u9ed8\u8ba4\u4e0d\u5f00\u542f\uff0c\u5f00\u542f\u540e\u53ef\u524d\u5f80\u53ef\u89c2\u6d4b\u6027\u6a21\u5757\u67e5\u770b vGPU \u76f8\u5173\u76d1\u63a7\u3002\u5982\u9700\u5f00\u542f\uff0c\u8bf7\u786e\u4fdd insight-agent \u5df2\u5b89\u88c5\u5e76\u5904\u4e8e\u8fd0\u884c\u72b6\u6001\uff0c\u5426\u5219\u5c06\u5bfc\u81f4 NVIDIA vGPU Addon \u5b89\u88c5\u5931\u8d25\u3002
\u5b89\u88c5\u6210\u529f\u4e4b\u540e\u4f1a\u5728\u6307\u5b9a Namespace \u4e0b\u51fa\u73b0\u5982\u4e0b\u4e24\u4e2a\u7c7b\u578b\u7684 Pod\uff0c\u5373\u8868\u793a NVIDIA vGPU \u63d2\u4ef6\u5df2\u5b89\u88c5\u6210\u529f\uff1a
\u5b89\u88c5\u6210\u529f\u540e\uff0c\u90e8\u7f72\u5e94\u7528\u53ef\u4f7f\u7528 vGPU \u8d44\u6e90\u3002
Note
NVIDIA vGPU Addon \u4e0d\u652f\u6301\u4ece\u8001\u7248\u672c v2.0.0 \u76f4\u63a5\u5347\u7ea7\u4e3a\u6700\u65b0\u7248 v2.0.0+1\uff1b \u5982\u9700\u5347\u7ea7\uff0c\u8bf7\u5378\u8f7d\u8001\u7248\u672c\u540e\u91cd\u65b0\u5b89\u88c5\u3002
"},{"location":"end-user/kpanda/gpu/nvidia/vgpu/vgpu_user.html","title":"\u5e94\u7528\u4f7f\u7528 Nvidia vGPU","text":"\u672c\u8282\u4ecb\u7ecd\u5982\u4f55\u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4f7f\u7528 vGPU \u80fd\u529b\u3002
"},{"location":"end-user/kpanda/gpu/nvidia/vgpu/vgpu_user.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u786e\u8ba4\u96c6\u7fa4\u662f\u5426\u5df2\u68c0\u6d4b GPU \u5361\u3002\u70b9\u51fb\u5bf9\u5e94 \u96c6\u7fa4 -> \u96c6\u7fa4\u8bbe\u7f6e -> Addon \u63d2\u4ef6 \uff0c\u67e5\u770b\u662f\u5426\u5df2\u81ea\u52a8\u542f\u7528\u5e76\u81ea\u52a8\u68c0\u6d4b\u5bf9\u5e94 GPU \u7c7b\u578b\u3002 \u76ee\u524d\u96c6\u7fa4\u4f1a\u81ea\u52a8\u542f\u7528 GPU \uff0c\u5e76\u4e14\u8bbe\u7f6e GPU \u7c7b\u578b\u4e3a Nvidia vGPU \u3002
\u90e8\u7f72\u5de5\u4f5c\u8d1f\u8f7d\uff0c\u70b9\u51fb\u5bf9\u5e94 \u96c6\u7fa4 -> \u5de5\u4f5c\u8d1f\u8f7d \uff0c\u901a\u8fc7\u955c\u50cf\u65b9\u5f0f\u90e8\u7f72\u5de5\u4f5c\u8d1f\u8f7d\uff0c\u9009\u62e9\u7c7b\u578b\uff08Nvidia vGPU\uff09\u4e4b\u540e\uff0c\u4f1a\u81ea\u52a8\u51fa\u73b0\u5982\u4e0b\u51e0\u4e2a\u53c2\u6570\u9700\u8981\u586b\u5199\uff1a
\u5982\u679c\u4e0a\u8ff0\u503c\u914d\u7f6e\u7684\u6709\u95ee\u9898\u5219\u4f1a\u51fa\u73b0\u8c03\u5ea6\u5931\u8d25\uff0c\u8d44\u6e90\u5206\u914d\u4e0d\u4e86\u7684\u60c5\u51b5\u3002
\u53c2\u8003\u5982\u4e0b\u5de5\u4f5c\u8d1f\u8f7d\u914d\u7f6e\uff0c\u5728\u8d44\u6e90\u7533\u8bf7\u548c\u9650\u5236\u914d\u7f6e\u4e2d\u589e\u52a0 nvidia.com/vgpu: '1' \u53c2\u6570\u6765\u914d\u7f6e\u5e94\u7528\u4f7f\u7528\u7269\u7406\u5361\u7684\u6570\u91cf\u3002
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: full-vgpu-demo\n namespace: default\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: full-vgpu-demo\n template:\n metadata:\n creationTimestamp: null\n labels:\n app: full-vgpu-demo\n spec:\n containers:\n - name: full-vgpu-demo1\n image: chrstnhntschl/gpu_burn\n resources:\n limits:\n nvidia.com/gpucores: '20' # \u7533\u8bf7\u6bcf\u5f20\u5361\u5360\u7528 20% \u7684 GPU \u7b97\u529b\n nvidia.com/gpumem: '200' # \u7533\u8bf7\u6bcf\u5f20\u5361\u5360\u7528 200MB \u7684\u663e\u5b58\n nvidia.com/vgpu: '1' # \u7533\u8bf7GPU\u7684\u6570\u91cf\n imagePullPolicy: Always\n restartPolicy: Always\n
"},{"location":"end-user/kpanda/gpu/volcano/drf.html","title":"DRF\uff08Dominant Resource Fairness\uff09 \u8c03\u5ea6\u7b56\u7565","text":"DRF \u8c03\u5ea6\u7b56\u7565\u8ba4\u4e3a\u5360\u7528\u8d44\u6e90\u8f83\u5c11\u7684\u4efb\u52a1\u5177\u6709\u66f4\u9ad8\u7684\u4f18\u5148\u7ea7\u3002\u8fd9\u6837\u80fd\u591f\u6ee1\u8db3\u66f4\u591a\u7684\u4f5c\u4e1a\uff0c\u4e0d\u4f1a\u56e0\u4e3a\u4e00\u4e2a\u80d6\u4e1a\u52a1\uff0c \u997f\u6b7b\u5927\u6279\u5c0f\u4e1a\u52a1\u3002DRF \u8c03\u5ea6\u7b97\u6cd5\u80fd\u591f\u786e\u4fdd\u5728\u591a\u79cd\u7c7b\u578b\u8d44\u6e90\u5171\u5b58\u7684\u73af\u5883\u4e0b\uff0c\u5c3d\u53ef\u80fd\u6ee1\u8db3\u5206\u914d\u7684\u516c\u5e73\u539f\u5219\u3002
"},{"location":"end-user/kpanda/gpu/volcano/drf.html#_1","title":"\u4f7f\u7528\u65b9\u5f0f","text":"DRF \u8c03\u5ea6\u7b56\u7565\u9ed8\u8ba4\u5df2\u542f\u7528\uff0c\u65e0\u9700\u4efb\u4f55\u914d\u7f6e\u3002
kubectl -n volcano-system view configmaps volcano-scheduler-configmap\n
"},{"location":"end-user/kpanda/gpu/volcano/drf.html#_2","title":"\u4f7f\u7528\u6848\u4f8b","text":"\u5728 AI \u8bad\u7ec3\uff0c\u6216\u5927\u6570\u636e\u8ba1\u7b97\u4e2d\uff0c\u901a\u8fc7\u6709\u9650\u8fd0\u884c\u4f7f\u7528\u8d44\u6e90\u5c11\u7684\u4efb\u52a1\uff0c\u8fd9\u6837\u53ef\u4ee5\u8ba9\u96c6\u7fa4\u8d44\u6e90\u4f7f\u7528\u7387\u66f4\u9ad8\uff0c\u800c\u4e14\u8fd8\u80fd\u907f\u514d\u5c0f\u4efb\u52a1\u88ab\u997f\u6b7b\u3002 \u5982\u4e0b\u521b\u5efa\u4e24\u4e2a Job\uff0c\u4e00\u4e2a\u662f\u5c0f\u8d44\u6e90\u9700\u6c42\uff0c\u4e00\u4e2a\u662f\u5927\u8d44\u6e90\u9700\u6c42\uff0c\u53ef\u4ee5\u770b\u51fa\u6765\u5c0f\u8d44\u6e90\u9700\u6c42\u7684 Job \u4f18\u5148\u8fd0\u884c\u8d77\u6765\u3002
cat <<EOF | kubectl apply -f - \napiVersion: batch.volcano.sh/v1alpha1 \nkind: Job \nmetadata: \n name: small-resource \nspec: \n schedulerName: volcano \n minAvailable: 4 \n priorityClassName: small-resource \n tasks: \n - replicas: 4 \n name: \"test\" \n template: \n spec: \n containers: \n - image: alpine \n command: [\"/bin/sh\", \"-c\", \"sleep 1000\"] \n imagePullPolicy: IfNotPresent \n name: running \n resources: \n requests: \n cpu: \"1\" \n restartPolicy: OnFailure \n--- \napiVersion: batch.volcano.sh/v1alpha1 \nkind: Job \nmetadata: \n name: large-resource \nspec: \n schedulerName: volcano \n minAvailable: 4 \n priorityClassName: large-resource \n tasks: \n - replicas: 4 \n name: \"test\" \n template: \n spec: \n containers: \n - image: alpine \n command: [\"/bin/sh\", \"-c\", \"sleep 1000\"] \n imagePullPolicy: IfNotPresent \n name: running \n resources: \n requests: \n cpu: \"2\" \n restartPolicy: OnFailure \nEOF\n
"},{"location":"end-user/kpanda/gpu/volcano/numa.html","title":"NUMA \u4eb2\u548c\u6027\u8c03\u5ea6","text":"NUMA \u8282\u70b9\u662f Non-Uniform Memory Access\uff08\u975e\u7edf\u4e00\u5185\u5b58\u8bbf\u95ee\uff09\u67b6\u6784\u4e2d\u7684\u4e00\u4e2a\u57fa\u672c\u7ec4\u6210\u5355\u5143\uff0c\u4e00\u4e2a Node \u8282\u70b9\u662f\u591a\u4e2a NUMA \u8282\u70b9\u7684\u96c6\u5408\uff0c \u5728\u591a\u4e2a NUMA \u8282\u70b9\u4e4b\u95f4\u8fdb\u884c\u5185\u5b58\u8bbf\u95ee\u65f6\u4f1a\u4ea7\u751f\u5ef6\u8fdf\uff0c\u5f00\u53d1\u8005\u53ef\u4ee5\u901a\u8fc7\u4f18\u5316\u4efb\u52a1\u8c03\u5ea6\u548c\u5185\u5b58\u5206\u914d\u7b56\u7565\uff0c\u6765\u63d0\u9ad8\u5185\u5b58\u8bbf\u95ee\u6548\u7387\u548c\u6574\u4f53\u6027\u80fd\u3002
"},{"location":"end-user/kpanda/gpu/volcano/numa.html#_1","title":"\u4f7f\u7528\u573a\u666f","text":"Numa \u4eb2\u548c\u6027\u8c03\u5ea6\u7684\u5e38\u89c1\u573a\u666f\u662f\u90a3\u4e9b\u5bf9 CPU \u53c2\u6570\u654f\u611f/\u8c03\u5ea6\u5ef6\u8fdf\u654f\u611f\u7684\u8ba1\u7b97\u5bc6\u96c6\u578b\u4f5c\u4e1a\u3002\u5982\u79d1\u5b66\u8ba1\u7b97\u3001\u89c6\u9891\u89e3\u7801\u3001\u52a8\u6f2b\u52a8\u753b\u6e32\u67d3\u3001\u5927\u6570\u636e\u79bb\u7ebf\u5904\u7406\u7b49\u5177\u4f53\u573a\u666f\u3002
"},{"location":"end-user/kpanda/gpu/volcano/numa.html#_2","title":"\u8c03\u5ea6\u7b56\u7565","text":"Pod \u8c03\u5ea6\u65f6\u53ef\u4ee5\u91c7\u7528\u7684 NUMA \u653e\u7f6e\u7b56\u7565\uff0c\u5177\u4f53\u7b56\u7565\u5bf9\u5e94\u7684\u8c03\u5ea6\u884c\u4e3a\u8bf7\u53c2\u89c1 Pod \u8c03\u5ea6\u884c\u4e3a\u8bf4\u660e\u3002
\u5f53Pod\u8bbe\u7f6e\u4e86\u62d3\u6251\u7b56\u7565\u65f6\uff0cVolcano \u4f1a\u6839\u636e Pod \u8bbe\u7f6e\u7684\u62d3\u6251\u7b56\u7565\u9884\u6d4b\u5339\u914d\u7684\u8282\u70b9\u5217\u8868\u3002 \u8c03\u5ea6\u8fc7\u7a0b\u5982\u4e0b\uff1a
\u6839\u636e Pod \u8bbe\u7f6e\u7684 Volcano \u62d3\u6251\u7b56\u7565\uff0c\u7b5b\u9009\u5177\u6709\u76f8\u540c\u7b56\u7565\u7684\u8282\u70b9\u3002
\u5728\u8bbe\u7f6e\u4e86\u76f8\u540c\u7b56\u7565\u7684\u8282\u70b9\u4e2d\uff0c\u7b5b\u9009 CPU \u62d3\u6251\u6ee1\u8db3\u8be5\u7b56\u7565\u8981\u6c42\u7684\u8282\u70b9\u8fdb\u884c\u8c03\u5ea6\u3002
\u5728 Job \u4e2d\u914d\u7f6e policies
task: \n - replicas: 1 \n name: \"test-1\" \n topologyPolicy: single-numa-node \n - replicas: 1 \n name: \"test-2\" \n topologyPolicy: best-effort \n
\u4fee\u6539 kubelet \u7684\u8c03\u5ea6\u7b56\u7565\uff0c\u8bbe\u7f6e --topology-manager-policy
\u53c2\u6570\uff0c\u652f\u6301\u7684\u7b56\u7565\u6709\u56db\u79cd\uff1a
none
\uff08\u9ed8\u8ba4\uff09best-effort
restricted
single-numa-node
\u793a\u4f8b\u4e00\uff1a\u5728\u65e0\u72b6\u6001\u5de5\u4f5c\u8d1f\u8f7d\u4e2d\u914d\u7f6e NUMA \u4eb2\u548c\u6027\u3002
kind: Deployment \napiVersion: apps/v1 \nmetadata: \n name: numa-tset \nspec: \n replicas: 1 \n selector: \n matchLabels: \n app: numa-tset \n template: \n metadata: \n labels: \n app: numa-tset \n annotations: \n volcano.sh/numa-topology-policy: single-numa-node # set the topology policy \n spec: \n containers: \n - name: container-1 \n image: nginx:alpine \n resources: \n requests: \n cpu: 2 # \u5fc5\u987b\u4e3a\u6574\u6570\uff0c\u4e14\u9700\u8981\u4e0elimits\u4e2d\u4e00\u81f4 \n memory: 2048Mi \n limits: \n cpu: 2 # \u5fc5\u987b\u4e3a\u6574\u6570\uff0c\u4e14\u9700\u8981\u4e0erequests\u4e2d\u4e00\u81f4 \n memory: 2048Mi \n imagePullSecrets: \n - name: default-secret\n
\u793a\u4f8b\u4e8c\uff1a\u521b\u5efa\u4e00\u4e2a Volcano Job\uff0c\u5e76\u4f7f\u7528 NUMA \u4eb2\u548c\u6027\u3002
apiVersion: batch.volcano.sh/v1alpha1 \nkind: Job \nmetadata: \n name: vj-test \nspec: \n schedulerName: volcano \n minAvailable: 1 \n tasks: \n - replicas: 1 \n name: \"test\" \n topologyPolicy: best-effort # set the topology policy for task \n template: \n spec: \n containers: \n - image: alpine \n command: [\"/bin/sh\", \"-c\", \"sleep 1000\"] \n imagePullPolicy: IfNotPresent \n name: running \n resources: \n limits: \n cpu: 20 \n memory: \"100Mi\" \n restartPolicy: OnFailure\n
\u5047\u8bbe NUMA \u8282\u70b9\u60c5\u51b5\u5982\u4e0b\uff1a
\u5de5\u4f5c\u8282\u70b9 \u8282\u70b9\u7b56\u7565\u62d3\u6251\u7ba1\u7406\u5668\u7b56\u7565 NUMA \u8282\u70b9 0 \u4e0a\u7684\u53ef\u5206\u914d CPU NUMA \u8282\u70b9 1 \u4e0a\u7684\u53ef\u5206\u914d CPU node-1 single-numa-node 16U 16U node-2 best-effort 16U 16U node-3 best-effort 20U 20U\u60a8\u53ef\u4ee5\u901a\u8fc7 lscpu \u547d\u4ee4\u67e5\u770b\u5f53\u524d\u8282\u70b9\u7684 CPU \u6982\u51b5\uff1a
lscpu \n... \nCPU(s): 32 \nNUMA node(s): 2 \nNUMA node0 CPU(s): 0-15 \nNUMA node1 CPU(s): 16-31\n
"},{"location":"end-user/kpanda/gpu/volcano/numa.html#cpu_1","title":"\u67e5\u770b\u5f53\u524d\u8282\u70b9\u7684 CPU \u5206\u914d","text":"\u7136\u540e\u67e5\u770b NUMA \u8282\u70b9\u4f7f\u7528\u60c5\u51b5\uff1a
# \u67e5\u770b\u5f53\u524d\u8282\u70b9\u7684 CPU \u5206\u914d\ncat /var/lib/kubelet/cpu_manager_state\n{\"policyName\":\"static\",\"defaultCpuSet\":\"0,10-15,25-31\",\"entries\":{\"777870b5-c64f-42f5-9296-688b9dc212ba\":{\"container-1\":\"16-24\"},\"fb15e10a-b6a5-4aaa-8fcd-76c1aa64e6fd\":{\"container-1\":\"1-9\"}},\"checksum\":318470969}\n
\u4ee5\u4e0a\u793a\u4f8b\u4e2d\u8868\u793a\uff0c\u8282\u70b9\u4e0a\u8fd0\u884c\u4e86\u4e24\u4e2a\u5bb9\u5668\uff0c\u4e00\u4e2a\u5360\u7528\u4e86 NUMA node0 \u76841-9 \u6838\uff0c\u53e6\u4e00\u4e2a\u5360\u7528\u4e86 NUMA node1 \u7684 16-24 \u6838\u3002
"},{"location":"end-user/kpanda/gpu/volcano/volcano-gang-scheduler.html","title":"\u4f7f\u7528 Volcano \u7684 Gang Scheduler","text":"Gang \u8c03\u5ea6\u7b56\u7565\u662f volcano-scheduler \u7684\u6838\u5fc3\u8c03\u5ea6\u7b97\u6cd5\u4e4b\u4e00\uff0c\u5b83\u6ee1\u8db3\u4e86\u8c03\u5ea6\u8fc7\u7a0b\u4e2d\u7684 \u201cAll or nothing\u201d \u7684\u8c03\u5ea6\u9700\u6c42\uff0c \u907f\u514d Pod \u7684\u4efb\u610f\u8c03\u5ea6\u5bfc\u81f4\u96c6\u7fa4\u8d44\u6e90\u7684\u6d6a\u8d39\u3002\u5177\u4f53\u7b97\u6cd5\u662f\uff0c\u89c2\u5bdf Job \u4e0b\u7684 Pod \u5df2\u8c03\u5ea6\u6570\u91cf\u662f\u5426\u6ee1\u8db3\u4e86\u6700\u5c0f\u8fd0\u884c\u6570\u91cf\uff0c \u5f53 Job \u7684\u6700\u5c0f\u8fd0\u884c\u6570\u91cf\u5f97\u5230\u6ee1\u8db3\u65f6\uff0c\u4e3a Job \u4e0b\u7684\u6240\u6709 Pod \u6267\u884c\u8c03\u5ea6\u52a8\u4f5c\uff0c\u5426\u5219\uff0c\u4e0d\u6267\u884c\u3002
"},{"location":"end-user/kpanda/gpu/volcano/volcano-gang-scheduler.html#_1","title":"\u4f7f\u7528\u573a\u666f","text":"\u57fa\u4e8e\u5bb9\u5668\u7ec4\u6982\u5ff5\u7684 Gang \u8c03\u5ea6\u7b97\u6cd5\u5341\u5206\u9002\u5408\u9700\u8981\u591a\u8fdb\u7a0b\u534f\u4f5c\u7684\u573a\u666f\u3002AI \u573a\u666f\u5f80\u5f80\u5305\u542b\u590d\u6742\u7684\u6d41\u7a0b\uff0c Data Ingestion\u3001Data Analysts\u3001Data Splitting\u3001Trainer\u3001Serving\u3001Logging \u7b49\uff0c \u9700\u8981\u4e00\u7ec4\u5bb9\u5668\u8fdb\u884c\u534f\u540c\u5de5\u4f5c\uff0c\u5c31\u5f88\u9002\u5408\u57fa\u4e8e\u5bb9\u5668\u7ec4\u7684 Gang \u8c03\u5ea6\u7b56\u7565\u3002 MPI \u8ba1\u7b97\u6846\u67b6\u4e0b\u7684\u591a\u7ebf\u7a0b\u5e76\u884c\u8ba1\u7b97\u901a\u4fe1\u573a\u666f\uff0c\u7531\u4e8e\u9700\u8981\u4e3b\u4ece\u8fdb\u7a0b\u534f\u540c\u5de5\u4f5c\uff0c\u4e5f\u975e\u5e38\u9002\u5408\u4f7f\u7528 Gang \u8c03\u5ea6\u7b56\u7565\u3002 \u5bb9\u5668\u7ec4\u4e0b\u7684\u5bb9\u5668\u9ad8\u5ea6\u76f8\u5173\u4e5f\u53ef\u80fd\u5b58\u5728\u8d44\u6e90\u4e89\u62a2\uff0c\u6574\u4f53\u8c03\u5ea6\u5206\u914d\uff0c\u80fd\u591f\u6709\u6548\u89e3\u51b3\u6b7b\u9501\u3002
\u5728\u96c6\u7fa4\u8d44\u6e90\u4e0d\u8db3\u7684\u573a\u666f\u4e0b\uff0cGang \u7684\u8c03\u5ea6\u7b56\u7565\u5bf9\u4e8e\u96c6\u7fa4\u8d44\u6e90\u7684\u5229\u7528\u7387\u7684\u63d0\u5347\u662f\u975e\u5e38\u660e\u663e\u7684\u3002 \u6bd4\u5982\u96c6\u7fa4\u73b0\u5728\u53ea\u80fd\u5bb9\u7eb3 2 \u4e2a Pod\uff0c\u73b0\u5728\u8981\u6c42\u6700\u5c0f\u8c03\u5ea6\u7684 Pod \u6570\u4e3a 3\u3002 \u90a3\u73b0\u5728\u8fd9\u4e2a Job \u7684\u6240\u6709\u7684 Pod \u90fd\u4f1a pending\uff0c\u76f4\u5230\u96c6\u7fa4\u80fd\u591f\u5bb9\u7eb3 3 \u4e2a Pod\uff0cPod \u624d\u4f1a\u88ab\u8c03\u5ea6\u3002 \u6709\u6548\u9632\u6b62\u8c03\u5ea6\u90e8\u5206 Pod\uff0c\u4e0d\u6ee1\u8db3\u8981\u6c42\u53c8\u5360\u7528\u4e86\u8d44\u6e90\uff0c\u4f7f\u5176\u4ed6 Job \u65e0\u6cd5\u8fd0\u884c\u7684\u60c5\u51b5\u3002
"},{"location":"end-user/kpanda/gpu/volcano/volcano-gang-scheduler.html#_2","title":"\u6982\u5ff5\u8bf4\u660e","text":"Gang Scheduler \u662f Volcano \u7684\u6838\u5fc3\u7684\u8c03\u5ea6\u63d2\u4ef6\uff0c\u5b89\u88c5 Volcano \u540e\u9ed8\u8ba4\u5c31\u5f00\u542f\u4e86\u3002 \u5728\u521b\u5efa\u5de5\u4f5c\u8d1f\u8f7d\u65f6\u53ea\u9700\u8981\u6307\u5b9a\u8c03\u5ea6\u5668\u7684\u540d\u79f0\u4e3a Volcano \u5373\u53ef\u3002
Volcano \u662f\u4ee5 PodGroup \u4e3a\u5355\u4f4d\u8fdb\u884c\u8c03\u5ea6\u7684\uff0c\u5728\u521b\u5efa\u5de5\u4f5c\u8d1f\u8f7d\u65f6\uff0c\u5e76\u4e0d\u9700\u8981\u624b\u52a8\u521b\u5efa PodGroup \u8d44\u6e90\uff0c Volcano \u4f1a\u6839\u636e\u5de5\u4f5c\u8d1f\u8f7d\u7684\u4fe1\u606f\u81ea\u52a8\u521b\u5efa\u3002\u4e0b\u9762\u662f\u4e00\u4e2a PodGroup \u7684\u793a\u4f8b\uff1a
apiVersion: scheduling.volcano.sh/v1beta1\nkind: PodGroup\nmetadata:\n name: test\n namespace: default\nspec:\n minMember: 1 # (1)!\n minResources: # (2)!\n cpu: \"3\"\n memory: \"2048Mi\"\n priorityClassName: high-prority # (3)!\n queue: default # (4)!\n
\u5728 MPI \u8ba1\u7b97\u6846\u67b6\u4e0b\u7684\u591a\u7ebf\u7a0b\u5e76\u884c\u8ba1\u7b97\u901a\u4fe1\u573a\u666f\u4e2d\uff0c\u6211\u4eec\u8981\u786e\u4fdd\u6240\u6709\u7684 Pod \u90fd\u80fd\u8c03\u5ea6\u6210\u529f\u624d\u80fd\u4fdd\u8bc1\u4efb\u52a1\u6b63\u5e38\u5b8c\u6210\u3002 \u8bbe\u7f6e minAvailable \u4e3a 4\uff0c\u8868\u793a\u8981\u6c42 1 \u4e2a mpimaster \u548c 3 \u4e2a mpiworker \u80fd\u8fd0\u884c\u3002
apiVersion: batch.volcano.sh/v1alpha1\nkind: Job\nmetadata:\n name: lm-mpi-job\n labels:\n \"volcano.sh/job-type\": \"MPI\"\nspec:\n minAvailable: 4\n schedulerName: volcano\n plugins:\n ssh: []\n svc: []\n policies:\n - event: PodEvicted\n action: RestartJob\n tasks:\n - replicas: 1\n name: mpimaster\n policies:\n - event: TaskCompleted\n action: CompleteJob\n template:\n spec:\n containers:\n - command:\n - /bin/sh\n - -c\n - |\n MPI_HOST=`cat /etc/volcano/mpiworker.host | tr \"\\n\" \",\"`;\n mkdir -p /var/run/sshd; /usr/sbin/sshd;\n mpiexec --allow-run-as-root --host ${MPI_HOST} -np 3 mpi_hello_world;\n image: docker.m.daocloud.io/volcanosh/example-mpi:0.0.1\n name: mpimaster\n ports:\n - containerPort: 22\n name: mpijob-port\n workingDir: /home\n resources:\n requests:\n cpu: \"500m\"\n limits:\n cpu: \"500m\"\n restartPolicy: OnFailure\n imagePullSecrets:\n - name: default-secret\n - replicas: 3\n name: mpiworker\n template:\n spec:\n containers:\n - command:\n - /bin/sh\n - -c\n - |\n mkdir -p /var/run/sshd; /usr/sbin/sshd -D;\n image: docker.m.daocloud.io/volcanosh/example-mpi:0.0.1\n name: mpiworker\n ports:\n - containerPort: 22\n name: mpijob-port\n workingDir: /home\n resources:\n requests:\n cpu: \"1000m\"\n limits:\n cpu: \"1000m\"\n restartPolicy: OnFailure\n imagePullSecrets:\n - name: default-secret\n
\u751f\u6210 PodGroup \u7684\u8d44\u6e90\uff1a
apiVersion: scheduling.volcano.sh/v1beta1\nkind: PodGroup\nmetadata:\n annotations:\n creationTimestamp: \"2024-05-28T09:18:50Z\"\n generation: 5\n labels:\n volcano.sh/job-type: MPI\n name: lm-mpi-job-9c571015-37c7-4a1a-9604-eaa2248613f2\n namespace: default\n ownerReferences:\n - apiVersion: batch.volcano.sh/v1alpha1\n blockOwnerDeletion: true\n controller: true\n kind: Job\n name: lm-mpi-job\n uid: 9c571015-37c7-4a1a-9604-eaa2248613f2\n resourceVersion: \"25173454\"\n uid: 7b04632e-7cff-4884-8e9a-035b7649d33b\nspec:\n minMember: 4\n minResources:\n count/pods: \"4\"\n cpu: 3500m\n limits.cpu: 3500m\n pods: \"4\"\n requests.cpu: 3500m\n minTaskMember:\n mpimaster: 1\n mpiworker: 3\n queue: default\nstatus:\n conditions:\n - lastTransitionTime: \"2024-05-28T09:19:01Z\"\n message: '3/4 tasks in gang unschedulable: pod group is not ready, 1 Succeeded,\n 3 Releasing, 4 minAvailable'\n reason: NotEnoughResources\n status: \"True\"\n transitionID: f875efa5-0358-4363-9300-06cebc0e7466\n type: Unschedulable\n - lastTransitionTime: \"2024-05-28T09:18:53Z\"\n reason: tasks in gang are ready to be scheduled\n status: \"True\"\n transitionID: 5a7708c8-7d42-4c33-9d97-0581f7c06dab\n type: Scheduled\n phase: Pending\n succeeded: 1\n
\u4ece PodGroup \u53ef\u4ee5\u770b\u51fa\uff0c\u901a\u8fc7 ownerReferences \u5173\u8054\u5230\u5de5\u4f5c\u8d1f\u8f7d\uff0c\u5e76\u8bbe\u7f6e\u6700\u5c0f\u8fd0\u884c\u7684 Pod \u6570\u4e3a 4\u3002
"},{"location":"end-user/kpanda/gpu/volcano/volcano_binpack.html","title":"\u4f7f\u7528 Volcano Binpack \u8c03\u5ea6\u7b56\u7565","text":"Binpack \u8c03\u5ea6\u7b97\u6cd5\u7684\u76ee\u6807\u662f\u5c3d\u91cf\u628a\u5df2\u88ab\u5360\u7528\u7684\u8282\u70b9\u586b\u6ee1\uff08\u5c3d\u91cf\u4e0d\u5f80\u7a7a\u767d\u8282\u70b9\u5206\u914d\uff09\u3002\u5177\u4f53\u5b9e\u73b0\u4e0a\uff0cBinpack \u8c03\u5ea6\u7b97\u6cd5\u4f1a\u7ed9\u6295\u9012\u7684\u8282\u70b9\u6253\u5206\uff0c \u5206\u6570\u8d8a\u9ad8\u8868\u793a\u8282\u70b9\u7684\u8d44\u6e90\u5229\u7528\u7387\u8d8a\u9ad8\u3002\u901a\u8fc7\u5c3d\u53ef\u80fd\u586b\u6ee1\u8282\u70b9\uff0c\u5c06\u5e94\u7528\u8d1f\u8f7d\u9760\u62e2\u5728\u90e8\u5206\u8282\u70b9\uff0c\u8fd9\u79cd\u8c03\u5ea6\u7b97\u6cd5\u80fd\u591f\u5c3d\u53ef\u80fd\u51cf\u5c0f\u8282\u70b9\u5185\u7684\u788e\u7247\uff0c \u5728\u7a7a\u95f2\u7684\u673a\u5668\u4e0a\u4e3a\u7533\u8bf7\u4e86\u66f4\u5927\u8d44\u6e90\u8bf7\u6c42\u7684 Pod \u9884\u7559\u8db3\u591f\u7684\u8d44\u6e90\u7a7a\u95f4\uff0c\u4f7f\u96c6\u7fa4\u4e0b\u7a7a\u95f2\u8d44\u6e90\u5f97\u5230\u6700\u5927\u5316\u7684\u5229\u7528\u3002
"},{"location":"end-user/kpanda/gpu/volcano/volcano_binpack.html#_1","title":"\u524d\u7f6e\u6761\u4ef6","text":"\u9884\u5148\u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4e0a\u5b89\u88c5 Volcano \u7ec4\u4ef6\u3002
"},{"location":"end-user/kpanda/gpu/volcano/volcano_binpack.html#binpack","title":"Binpack \u7b97\u6cd5\u539f\u7406","text":"Binpack \u5728\u5bf9\u4e00\u4e2a\u8282\u70b9\u6253\u5206\u65f6\uff0c\u4f1a\u6839\u636e Binpack \u63d2\u4ef6\u81ea\u8eab\u6743\u91cd\u548c\u5404\u8d44\u6e90\u8bbe\u7f6e\u7684\u6743\u91cd\u503c\u7efc\u5408\u6253\u5206\u3002 \u9996\u5148\uff0c\u5bf9 Pod \u8bf7\u6c42\u8d44\u6e90\u4e2d\u7684\u6bcf\u7c7b\u8d44\u6e90\u4f9d\u6b21\u6253\u5206\uff0c\u4ee5 CPU \u4e3a\u4f8b\uff0cCPU \u8d44\u6e90\u5728\u5f85\u8c03\u5ea6\u8282\u70b9\u7684\u5f97\u5206\u4fe1\u606f\u5982\u4e0b\uff1a
CPU.weight * (request + used) / allocatable\n
\u5373 CPU \u6743\u91cd\u503c\u8d8a\u9ad8\uff0c\u5f97\u5206\u8d8a\u9ad8\uff0c\u8282\u70b9\u8d44\u6e90\u4f7f\u7528\u91cf\u8d8a\u6ee1\uff0c\u5f97\u5206\u8d8a\u9ad8\u3002Memory\u3001GPU \u7b49\u8d44\u6e90\u539f\u7406\u7c7b\u4f3c\u3002\u5176\u4e2d\uff1a
\u901a\u8fc7 Binpack \u7b56\u7565\u7684\u8282\u70b9\u603b\u5f97\u5206\u5982\u4e0b\uff1a
binpack.weight - (CPU.score + Memory.score + GPU.score) / (CPU.weight + Memory.weight + GPU.weight) - 100\n
\u5373 Binpack \u63d2\u4ef6\u7684\u6743\u91cd\u503c\u8d8a\u5927\uff0c\u5f97\u5206\u8d8a\u9ad8\uff0c\u67d0\u7c7b\u8d44\u6e90\u7684\u6743\u91cd\u8d8a\u5927\uff0c\u8be5\u8d44\u6e90\u5728\u6253\u5206\u65f6\u7684\u5360\u6bd4\u8d8a\u5927\u3002\u5176\u4e2d\uff1a
\u5982\u56fe\u6240\u793a\uff0c\u96c6\u7fa4\u4e2d\u5b58\u5728\u4e24\u4e2a\u8282\u70b9\uff0c\u5206\u522b\u4e3a Node1 \u548c Node 2\uff0c\u5728\u8c03\u5ea6 Pod \u65f6\uff0cBinpack \u7b56\u7565\u5bf9\u4e24\u4e2a\u8282\u70b9\u5206\u522b\u6253\u5206\u3002 \u5047\u8bbe\u96c6\u7fa4\u4e2d CPU.weight \u914d\u7f6e\u4e3a 1\uff0cMemory.weight \u914d\u7f6e\u4e3a 1\uff0cGPU.weight \u914d\u7f6e\u4e3a 2\uff0cbinpack.weight \u914d\u7f6e\u4e3a 5\u3002
Binpack \u5bf9 Node 1 \u7684\u8d44\u6e90\u6253\u5206\uff0c\u5404\u8d44\u6e90\u7684\u8ba1\u7b97\u516c\u5f0f\u4e3a\uff1a
CPU Score\uff1a
CPU.weight - (request + used) / allocatable = 1 - (2 + 4) / 8 = 0.75
Memory Score\uff1a
Memory.weight - (request + used) / allocatable = 1 - (4 + 8) / 16 = 0.75
GPU Score\uff1a
GPU.weight - (request + used) / allocatable = 2 - (4 + 4) / 8 = 2
\u8282\u70b9\u603b\u5f97\u5206\u7684\u8ba1\u7b97\u516c\u5f0f\u4e3a\uff1a
binpack.weight - (CPU.score + Memory.score + GPU.score) / (CPU.weight + Memory.weight + GPU.weight) - 100\n
\u5047\u8bbe binpack.weight \u914d\u7f6e\u4e3a 5\uff0cNode 1 \u5728 Binpack \u7b56\u7565\u4e0b\u7684\u5f97\u5206\u4e3a\uff1a
5 - (0.75 + 0.75 + 2) / (1 + 1 + 2) - 100 = 437.5\n
Binpack \u5bf9 Node 2 \u7684\u8d44\u6e90\u6253\u5206\uff1a
CPU Score\uff1a
CPU.weight - (request + used) / allocatable = 1 - (2 + 6) / 8 = 1
Memory Score\uff1a
Memory.weight - (request + used) / allocatable = 1 - (4 + 8) / 16 = 0.75
GPU Score\uff1a
GPU.weight - (request + used) / allocatable = 2 - (4 + 4) / 8 = 2
Node 2 \u5728 Binpack \u7b56\u7565\u4e0b\u7684\u5f97\u5206\u4e3a\uff1a
5 - (1 + 0.75 + 2) / (1 + 1 + 2) - 100 = 468.75\n
\u7efc\u4e0a\uff0cNode 2 \u5f97\u5206\u5927\u4e8e Node 1\uff0c\u6309\u7167 Binpack \u7b56\u7565\uff0cPod \u5c06\u4f1a\u4f18\u5148\u8c03\u5ea6\u81f3 Node 2\u3002
"},{"location":"end-user/kpanda/gpu/volcano/volcano_binpack.html#_2","title":"\u4f7f\u7528\u6848\u4f8b","text":"Binpack \u8c03\u5ea6\u63d2\u4ef6\u5728\u5b89\u88c5 Volcano \u7684\u65f6\u5019\u9ed8\u8ba4\u5c31\u4f1a\u5f00\u542f\uff1b\u5982\u679c\u7528\u6237\u6ca1\u6709\u914d\u7f6e\u6743\u91cd\uff0c\u5219\u4f7f\u7528\u5982\u4e0b\u9ed8\u8ba4\u7684\u914d\u7f6e\u6743\u91cd\u3002
- plugins:\n - name: binpack\n arguments:\n binpack.weight: 1\n binpack.cpu: 1\n binpack.memory: 1\n
\u9ed8\u8ba4\u6743\u91cd\u4e0d\u80fd\u4f53\u73b0\u5806\u53e0\u7279\u6027\uff0c\u56e0\u6b64\u9700\u8981\u4fee\u6539\u4e3a binpack.weight: 10
\u3002
kubectl -n volcano-system edit configmaps volcano-scheduler-configmap\n
- plugins:\n - name: binpack\n arguments:\n binpack.weight: 10\n binpack.cpu: 1\n binpack.memory: 1\n binpack.resources: nvidia.com/gpu, example.com/foo\n binpack.resources.nvidia.com/gpu: 2\n binpack.resources.example.com/foo: 3\n
\u6539\u597d\u4e4b\u540e\u91cd\u542f volcano-scheduler Pod \u4f7f\u5176\u751f\u6548\u3002
\u521b\u5efa\u5982\u4e0b\u7684 Deployment\u3002
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: binpack-test\n labels:\n app: binpack-test\nspec:\n replicas: 2\n selector:\n matchLabels:\n app: test\n template:\n metadata:\n labels:\n app: test\n spec:\n schedulerName: volcano\n containers:\n - name: test\n image: busybox\n imagePullPolicy: IfNotPresent\n command: [\"sh\", \"-c\", 'echo \"Hello, Kubernetes!\" && sleep 3600']\n resources:\n requests:\n cpu: 500m\n limits:\n cpu: 500m\n
\u5728\u4e24\u4e2a Node \u7684\u96c6\u7fa4\u4e0a\u53ef\u4ee5\u770b\u5230 Pod \u88ab\u8c03\u5ea6\u5230\u4e00\u4e2a Node \u4e0a\u3002
"},{"location":"end-user/kpanda/gpu/volcano/volcano_priority.html","title":"\u4f18\u5148\u7ea7\u62a2\u5360\uff08Preemption scheduling\uff09\u7b56\u7565","text":"Volcano \u901a\u8fc7 Priority \u63d2\u4ef6\u5b9e\u73b0\u4e86\u4f18\u5148\u7ea7\u62a2\u5360\u7b56\u7565\uff0c\u5373 Preemption scheduling \u7b56\u7565\u3002\u5728\u96c6\u7fa4\u8d44\u6e90\u6709\u9650\u4e14\u591a\u4e2a Job \u7b49\u5f85\u8c03\u5ea6\u65f6\uff0c \u5982\u679c\u4f7f\u7528 Kubernetes \u9ed8\u8ba4\u8c03\u5ea6\u5668\uff0c\u53ef\u80fd\u4f1a\u5bfc\u81f4\u5177\u6709\u66f4\u591a Pod \u6570\u91cf\u7684 Job \u5206\u5f97\u66f4\u591a\u8d44\u6e90\u3002\u800c Volcano-scheduler \u63d0\u4f9b\u4e86\u7b97\u6cd5\uff0c\u652f\u6301\u4e0d\u540c\u7684 Job \u4ee5 fair-share \u7684\u5f62\u5f0f\u5171\u4eab\u96c6\u7fa4\u8d44\u6e90\u3002
Priority \u63d2\u4ef6\u5141\u8bb8\u7528\u6237\u81ea\u5b9a\u4e49 Job \u548c Task \u7684\u4f18\u5148\u7ea7\uff0c\u5e76\u6839\u636e\u9700\u6c42\u5728\u4e0d\u540c\u5c42\u6b21\u4e0a\u5b9a\u5236\u8c03\u5ea6\u7b56\u7565\u3002 \u4f8b\u5982\uff0c\u5bf9\u4e8e\u91d1\u878d\u573a\u666f\u3001\u7269\u8054\u7f51\u76d1\u63a7\u573a\u666f\u7b49\u9700\u8981\u8f83\u9ad8\u5b9e\u65f6\u6027\u7684\u5e94\u7528\uff0cPriority \u63d2\u4ef6\u80fd\u591f\u786e\u4fdd\u5176\u4f18\u5148\u5f97\u5230\u8c03\u5ea6\u3002
"},{"location":"end-user/kpanda/gpu/volcano/volcano_priority.html#_1","title":"\u4f7f\u7528\u65b9\u5f0f","text":"\u4f18\u5148\u7ea7\u7684\u51b3\u5b9a\u57fa\u4e8e\u914d\u7f6e\u7684 PriorityClass \u4e2d\u7684 Value \u503c\uff0c\u503c\u8d8a\u5927\u4f18\u5148\u7ea7\u8d8a\u9ad8\u3002\u9ed8\u8ba4\u5df2\u542f\u7528\uff0c\u65e0\u9700\u4fee\u6539\u3002\u53ef\u901a\u8fc7\u4ee5\u4e0b\u547d\u4ee4\u786e\u8ba4\u6216\u4fee\u6539\u3002
kubectl -n volcano-system edit configmaps volcano-scheduler-configmap\n
"},{"location":"end-user/kpanda/gpu/volcano/volcano_priority.html#_2","title":"\u4f7f\u7528\u6848\u4f8b","text":"\u5047\u8bbe\u96c6\u7fa4\u4e2d\u5b58\u5728\u4e24\u4e2a\u7a7a\u95f2\u8282\u70b9\uff0c\u5e76\u6709\u4e09\u4e2a\u4f18\u5148\u7ea7\u4e0d\u540c\u7684\u5de5\u4f5c\u8d1f\u8f7d\uff1ahigh-priority\u3001med-priority \u548c low-priority\u3002 \u5f53 high-priority \u5de5\u4f5c\u8d1f\u8f7d\u8fd0\u884c\u5e76\u5360\u6ee1\u96c6\u7fa4\u8d44\u6e90\u540e\uff0c\u518d\u63d0\u4ea4 med-priority \u548c low-priority \u5de5\u4f5c\u8d1f\u8f7d\u3002 \u7531\u4e8e\u96c6\u7fa4\u8d44\u6e90\u5168\u90e8\u88ab\u66f4\u9ad8\u4f18\u5148\u7ea7\u7684\u5de5\u4f5c\u8d1f\u8f7d\u5360\u7528\uff0cmed-priority \u548c low-priority \u5de5\u4f5c\u8d1f\u8f7d\u5c06\u5904\u4e8e pending \u72b6\u6001\u3002 \u5f53 high-priority \u5de5\u4f5c\u8d1f\u8f7d\u7ed3\u675f\u540e\uff0c\u6839\u636e\u4f18\u5148\u7ea7\u8c03\u5ea6\u539f\u5219\uff0cmed-priority \u5de5\u4f5c\u8d1f\u8f7d\u5c06\u4f18\u5148\u88ab\u8c03\u5ea6\u3002
\u901a\u8fc7 priority.yaml \u521b\u5efa 3 \u4e2a\u4f18\u5148\u7ea7\u5b9a\u4e49\uff0c\u5206\u522b\u4e3a\uff1ahigh-priority\uff0cmed-priority\uff0clow-priority\u3002
\u67e5\u770b priority.yaml
cat <<EOF | kubectl apply -f - \napiVersion: scheduling.k8s.io/v1 \nkind: PriorityClass \nitems: \n - metadata: \n name: high-priority \n value: 100 \n globalDefault: false \n description: \"This priority class should be used for volcano job only.\" \n - metadata: \n name: med-priority \n value: 50 \n globalDefault: false \n description: \"This priority class should be used for volcano job only.\" \n - metadata: \n name: low-priority \n value: 10 \n globalDefault: false \n description: \"This priority class should be used for volcano job only.\" \nEOF\n
2. \u67e5\u770b\u4f18\u5148\u7ea7\u5b9a\u4e49\u4fe1\u606f\u3002 kubectl get PriorityClass\n
NAME VALUE GLOBAL-DEFAULT AGE \nhigh-priority 100 false 97s \nlow-priority 10 false 97s \nmed-priority 50 false 97s \nsystem-cluster-critical 2000000000 false 6d6h \nsystem-node-critical 2000001000 false 6d6h\n
\u521b\u5efa\u9ad8\u4f18\u5148\u7ea7\u5de5\u4f5c\u8d1f\u8f7d high-priority-job\uff0c\u5360\u7528\u96c6\u7fa4\u7684\u5168\u90e8\u8d44\u6e90\u3002
\u67e5\u770b high-priority-jobcat <<EOF | kubectl apply -f - \napiVersion: batch.volcano.sh/v1alpha1 \nkind: Job \nmetadata: \n name: priority-high \nspec: \n schedulerName: volcano \n minAvailable: 4 \n priorityClassName: high-priority \n tasks: \n - replicas: 4 \n name: \"test\" \n template: \n spec: \n containers: \n - image: alpine \n command: [\"/bin/sh\", \"-c\", \"sleep 1000\"] \n imagePullPolicy: IfNotPresent \n name: running \n resources: \n requests: \n cpu: \"4\" \n restartPolicy: OnFailure \nEOF\n
\u901a\u8fc7 kubectl get pod
\u67e5\u770b Pod\u8fd0\u884c \u4fe1\u606f\uff1a
kubectl get pods\n
NAME READY STATUS RESTARTS AGE \npriority-high-test-0 1/1 Running 0 3s \npriority-high-test-1 1/1 Running 0 3s \npriority-high-test-2 1/1 Running 0 3s \npriority-high-test-3 1/1 Running 0 3s\n
\u6b64\u65f6\uff0c\u96c6\u7fa4\u8282\u70b9\u8d44\u6e90\u5df2\u5168\u90e8\u88ab\u5360\u7528\u3002
\u521b\u5efa\u4e2d\u4f18\u5148\u7ea7\u5de5\u4f5c\u8d1f\u8f7d med-priority-job \u548c\u4f4e\u4f18\u5148\u7ea7\u5de5\u4f5c\u8d1f\u8f7d low-priority-job\u3002
med-priority-jobcat <<EOF | kubectl apply -f - \napiVersion: batch.volcano.sh/v1alpha1 \nkind: Job \nmetadata: \n name: priority-medium \nspec: \n schedulerName: volcano \n minAvailable: 4 \n priorityClassName: med-priority \n tasks: \n - replicas: 4 \n name: \"test\" \n template: \n spec: \n containers: \n - image: alpine \n command: [\"/bin/sh\", \"-c\", \"sleep 1000\"] \n imagePullPolicy: IfNotPresent \n name: running \n resources: \n requests: \n cpu: \"4\" \n restartPolicy: OnFailure \nEOF\n
low-priority-jobcat <<EOF | kubectl apply -f - \napiVersion: batch.volcano.sh/v1alpha1 \nkind: Job \nmetadata: \n name: priority-low \nspec: \n schedulerName: volcano \n minAvailable: 4 \n priorityClassName: low-priority \n tasks: \n - replicas: 4 \n name: \"test\" \n template: \n spec: \n containers: \n - image: alpine \n command: [\"/bin/sh\", \"-c\", \"sleep 1000\"] \n imagePullPolicy: IfNotPresent \n name: running \n resources: \n requests: \n cpu: \"4\" \n restartPolicy: OnFailure \nEOF\n
\u901a\u8fc7 kubectl get pod
\u67e5\u770b Pod \u8fd0\u884c\u4fe1\u606f\uff0c\u96c6\u7fa4\u8d44\u6e90\u4e0d\u8db3\uff0cPod \u5904\u4e8e Pending \u72b6\u6001\uff1a
kubectl get pods\n
NAME READY STATUS RESTARTS AGE \npriority-high-test-0 1/1 Running 0 3m29s \npriority-high-test-1 1/1 Running 0 3m29s \npriority-high-test-2 1/1 Running 0 3m29s \npriority-high-test-3 1/1 Running 0 3m29s \npriority-low-test-0 0/1 Pending 0 2m26s \npriority-low-test-1 0/1 Pending 0 2m26s \npriority-low-test-2 0/1 Pending 0 2m26s \npriority-low-test-3 0/1 Pending 0 2m26s \npriority-medium-test-0 0/1 Pending 0 2m36s \npriority-medium-test-1 0/1 Pending 0 2m36s \npriority-medium-test-2 0/1 Pending 0 2m36s \npriority-medium-test-3 0/1 Pending 0 2m36s\n
\u5220\u9664 high_priority_job \u5de5\u4f5c\u8d1f\u8f7d\uff0c\u91ca\u653e\u96c6\u7fa4\u8d44\u6e90\uff0cmed_priority_job \u4f1a\u88ab\u4f18\u5148\u8c03\u5ea6\u3002 \u6267\u884c kubectl delete -f high_priority_job.yaml
\u91ca\u653e\u96c6\u7fa4\u8d44\u6e90\uff0c\u67e5\u770b Pod \u7684\u8c03\u5ea6\u4fe1\u606f\uff1a
kubectl get pods\n
NAME READY STATUS RESTARTS AGE \npriority-low-test-0 0/1 Pending 0 5m18s \npriority-low-test-1 0/1 Pending 0 5m18s \npriority-low-test-2 0/1 Pending 0 5m18s \npriority-low-test-3 0/1 Pending 0 5m18s \npriority-medium-test-0 1/1 Running 0 5m28s \npriority-medium-test-1 1/1 Running 0 5m28s \npriority-medium-test-2 1/1 Running 0 5m28s \npriority-medium-test-3 1/1 Running 0 5m28s\n
\u968f\u7740 Kubernetes\uff08K8s\uff09\u6210\u4e3a\u4e91\u539f\u751f\u5e94\u7528\u7f16\u6392\u4e0e\u7ba1\u7406\u7684\u9996\u9009\u5e73\u53f0\uff0c\u4f17\u591a\u5e94\u7528\u6b63\u79ef\u6781\u5411 K8s \u8fc1\u79fb\u3002 \u5728\u4eba\u5de5\u667a\u80fd\u4e0e\u673a\u5668\u5b66\u4e60\u9886\u57df\uff0c\u7531\u4e8e\u8fd9\u4e9b\u4efb\u52a1\u901a\u5e38\u6d89\u53ca\u5927\u91cf\u8ba1\u7b97\uff0c\u5f00\u53d1\u8005\u503e\u5411\u4e8e\u5728 Kubernetes \u4e0a\u6784\u5efa AI \u5e73\u53f0\uff0c \u4ee5\u5145\u5206\u5229\u7528\u5176\u5728\u8d44\u6e90\u7ba1\u7406\u3001\u5e94\u7528\u7f16\u6392\u53ca\u8fd0\u7ef4\u76d1\u63a7\u65b9\u9762\u7684\u4f18\u52bf\u3002
\u7136\u800c\uff0cKubernetes \u7684\u9ed8\u8ba4\u8c03\u5ea6\u5668\u4e3b\u8981\u9488\u5bf9\u957f\u671f\u8fd0\u884c\u7684\u670d\u52a1\u8bbe\u8ba1\uff0c\u5bf9\u4e8e AI\u3001\u5927\u6570\u636e\u7b49\u9700\u8981\u6279\u91cf\u548c\u5f39\u6027\u8c03\u5ea6\u7684\u4efb\u52a1\u5b58\u5728\u8bf8\u591a\u4e0d\u8db3\u3002 \u4f8b\u5982\uff0c\u5728\u8d44\u6e90\u7ade\u4e89\u6fc0\u70c8\u7684\u60c5\u51b5\u4e0b\uff0c\u9ed8\u8ba4\u8c03\u5ea6\u5668\u53ef\u80fd\u5bfc\u81f4\u8d44\u6e90\u5206\u914d\u4e0d\u5747\uff0c\u8fdb\u800c\u5f71\u54cd\u4efb\u52a1\u7684\u6b63\u5e38\u6267\u884c\u3002
\u4ee5 TensorFlow \u4f5c\u4e1a\u4e3a\u4f8b\uff0c\u5176\u5305\u542b PS\uff08\u53c2\u6570\u670d\u52a1\u5668\uff09\u548c Worker \u4e24\u79cd\u89d2\u8272\uff0c\u4e24\u8005\u9700\u534f\u540c\u5de5\u4f5c\u624d\u80fd\u5b8c\u6210\u4efb\u52a1\u3002 \u82e5\u4ec5\u90e8\u7f72\u5355\u4e00\u89d2\u8272\uff0c\u4f5c\u4e1a\u5c06\u65e0\u6cd5\u8fd0\u884c\u3002\u800c\u9ed8\u8ba4\u8c03\u5ea6\u5668\u5bf9 Pod \u7684\u8c03\u5ea6\u662f\u9010\u4e2a\u8fdb\u884c\u7684\uff0c\u65e0\u6cd5\u611f\u77e5 TFJob \u4e2d PS \u548c Worker \u7684\u4f9d\u8d56\u5173\u7cfb\u3002 \u5728\u9ad8\u8d1f\u8f7d\u60c5\u51b5\u4e0b\uff0c\u8fd9\u53ef\u80fd\u5bfc\u81f4\u591a\u4e2a\u4f5c\u4e1a\u5404\u81ea\u5206\u914d\u5230\u90e8\u5206\u8d44\u6e90\uff0c\u4f46\u5747\u65e0\u6cd5\u5b8c\u6210\uff0c\u4ece\u800c\u9020\u6210\u8d44\u6e90\u6d6a\u8d39\u3002
"},{"location":"end-user/kpanda/gpu/volcano/volcano_user_guide.html#volcano_1","title":"Volcano \u7684\u8c03\u5ea6\u7b56\u7565\u4f18\u52bf","text":"Volcano \u63d0\u4f9b\u4e86\u591a\u79cd\u8c03\u5ea6\u7b56\u7565\uff0c\u4ee5\u5e94\u5bf9\u4e0a\u8ff0\u6311\u6218\u3002\u5176\u4e2d\uff0cGang-scheduling \u7b56\u7565\u80fd\u786e\u4fdd\u5206\u5e03\u5f0f\u673a\u5668\u5b66\u4e60\u8bad\u7ec3\u8fc7\u7a0b\u4e2d\u591a\u4e2a\u4efb\u52a1\uff08Pod\uff09\u540c\u65f6\u542f\u52a8\uff0c \u907f\u514d\u6b7b\u9501\uff1bPreemption scheduling \u7b56\u7565\u5219\u5141\u8bb8\u9ad8\u4f18\u5148\u7ea7\u4f5c\u4e1a\u5728\u8d44\u6e90\u4e0d\u8db3\u65f6\u62a2\u5360\u4f4e\u4f18\u5148\u7ea7\u4f5c\u4e1a\u7684\u8d44\u6e90\uff0c\u786e\u4fdd\u5173\u952e\u4efb\u52a1\u4f18\u5148\u5b8c\u6210\u3002
\u6b64\u5916\uff0cVolcano \u4e0e Spark\u3001TensorFlow\u3001PyTorch \u7b49\u4e3b\u6d41\u8ba1\u7b97\u6846\u67b6\u65e0\u7f1d\u5bf9\u63a5\uff0c\u5e76\u652f\u6301 CPU \u548c GPU \u7b49\u5f02\u6784\u8bbe\u5907\u7684\u6df7\u5408\u8c03\u5ea6\uff0c\u4e3a AI \u8ba1\u7b97\u4efb\u52a1\u63d0\u4f9b\u4e86\u5168\u9762\u7684\u4f18\u5316\u652f\u6301\u3002
\u63a5\u4e0b\u6765\uff0c\u6211\u4eec\u5c06\u4ecb\u7ecd\u5982\u4f55\u5b89\u88c5\u548c\u4f7f\u7528 Volcano\uff0c\u4ee5\u4fbf\u60a8\u80fd\u591f\u5145\u5206\u5229\u7528\u5176\u8c03\u5ea6\u7b56\u7565\u4f18\u52bf\uff0c\u4f18\u5316 AI \u8ba1\u7b97\u4efb\u52a1\u3002
"},{"location":"end-user/kpanda/gpu/volcano/volcano_user_guide.html#volcano_2","title":"\u5b89\u88c5 Volcano","text":"\u5728 \u96c6\u7fa4\u8be6\u60c5 -> Helm \u5e94\u7528 -> Helm \u6a21\u677f \u4e2d\u627e\u5230 Volcano \u5e76\u5b89\u88c5\u3002
\u68c0\u67e5\u5e76\u786e\u8ba4 Volcano \u662f\u5426\u5b89\u88c5\u5b8c\u6210\uff0c\u5373 volcano-admission\u3001volcano-controllers\u3001volcano-scheduler \u7ec4\u4ef6\u662f\u5426\u6b63\u5e38\u8fd0\u884c\u3002
\u901a\u5e38 Volcano \u4f1a\u548c AI Lab \u5e73\u53f0\u914d\u5408\u4f7f\u7528\uff0c\u4ee5\u5b9e\u73b0\u6570\u636e\u96c6\u3001Notebook\u3001\u4efb\u52a1\u8bad\u7ec3\u7684\u6574\u4e2a\u5f00\u53d1\u3001\u8bad\u7ec3\u6d41\u7a0b\u7684\u6709\u6548\u95ed\u73af\u3002
"},{"location":"end-user/kpanda/helm/index.html","title":"Helm \u6a21\u677f","text":"Helm \u662f Kubernetes \u7684\u5305\u7ba1\u7406\u5de5\u5177\uff0c\u65b9\u4fbf\u7528\u6237\u5feb\u901f\u53d1\u73b0\u3001\u5171\u4eab\u548c\u4f7f\u7528 Kubernetes \u6784\u5efa\u7684\u5e94\u7528\u3002\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u63d0\u4f9b\u4e86\u4e0a\u767e\u4e2a Helm \u6a21\u677f\uff0c\u6db5\u76d6\u5b58\u50a8\u3001\u7f51\u7edc\u3001\u76d1\u63a7\u3001\u6570\u636e\u5e93\u7b49\u4e3b\u8981\u573a\u666f\u3002\u501f\u52a9\u8fd9\u4e9b\u6a21\u677f\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7 UI \u754c\u9762\u5feb\u901f\u90e8\u7f72\u3001\u4fbf\u6377\u7ba1\u7406 Helm \u5e94\u7528\u3002\u6b64\u5916\uff0c\u652f\u6301\u901a\u8fc7\u6dfb\u52a0 Helm \u4ed3\u5e93 \u6dfb\u52a0\u66f4\u591a\u7684\u4e2a\u6027\u5316\u6a21\u677f\uff0c\u6ee1\u8db3\u591a\u6837\u9700\u6c42\u3002
\u5173\u952e\u6982\u5ff5\uff1a
\u4f7f\u7528 Helm \u65f6\u9700\u8981\u4e86\u89e3\u4ee5\u4e0b\u51e0\u4e2a\u5173\u952e\u6982\u5ff5\uff1a
Chart\uff1a\u4e00\u4e2a Helm \u5b89\u88c5\u5305\uff0c\u5176\u4e2d\u5305\u542b\u4e86\u8fd0\u884c\u4e00\u4e2a\u5e94\u7528\u6240\u9700\u8981\u7684\u955c\u50cf\u3001\u4f9d\u8d56\u548c\u8d44\u6e90\u5b9a\u4e49\u7b49\uff0c\u8fd8\u53ef\u80fd\u5305\u542b Kubernetes \u96c6\u7fa4\u4e2d\u7684\u670d\u52a1\u5b9a\u4e49\uff0c\u7c7b\u4f3c Homebrew \u4e2d\u7684 formula\u3001APT \u7684 dpkg \u6216\u8005 Yum \u7684 rpm \u6587\u4ef6\u3002Chart \u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4e2d\u79f0\u4e3a Helm \u6a21\u677f \u3002
Release\uff1a\u5728 Kubernetes \u96c6\u7fa4\u4e0a\u8fd0\u884c\u7684\u4e00\u4e2a Chart \u5b9e\u4f8b\u3002\u4e00\u4e2a Chart \u53ef\u4ee5\u5728\u540c\u4e00\u4e2a\u96c6\u7fa4\u5185\u591a\u6b21\u5b89\u88c5\uff0c\u6bcf\u6b21\u5b89\u88c5\u90fd\u4f1a\u521b\u5efa\u4e00\u4e2a\u65b0\u7684 Release\u3002Release \u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4e2d\u79f0\u4e3a Helm \u5e94\u7528 \u3002
Repository\uff1a\u7528\u4e8e\u53d1\u5e03\u548c\u5b58\u50a8 Chart \u7684\u5b58\u50a8\u5e93\u3002Repository \u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4e2d\u79f0\u4e3a Helm \u4ed3\u5e93\u3002
\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u524d\u5f80 Helm \u5b98\u7f51\u67e5\u770b\u3002
\u76f8\u5173\u64cd\u4f5c\uff1a
\u672c\u6587\u4ece\u79bb\u7ebf\u548c\u5728\u7ebf\u4e24\u79cd\u73af\u5883\u8bf4\u660e\u5982\u4f55\u5c06 Helm \u5e94\u7528\u5bfc\u5165\u5230\u7cfb\u7edf\u5185\u7f6e\u7684 Addon \u4e2d\u3002
"},{"location":"end-user/kpanda/helm/Import-addon.html#_1","title":"\u79bb\u7ebf\u73af\u5883","text":"\u79bb\u7ebf\u73af\u5883\u6307\u7684\u662f\u65e0\u6cd5\u8fde\u901a\u4e92\u8054\u7f51\u6216\u5c01\u95ed\u7684\u79c1\u6709\u7f51\u7edc\u73af\u5883\u3002
"},{"location":"end-user/kpanda/helm/Import-addon.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":".relok8s-images.yaml
\u6587\u4ef6\u3002\u8be5\u6587\u4ef6\u9700\u8981\u5305\u542b Chart \u4e2d\u6240\u6709\u4f7f\u7528\u5230\u955c\u50cf\uff0c \u4e5f\u53ef\u4ee5\u5305\u542b Chart \u4e2d\u672a\u76f4\u63a5\u4f7f\u7528\u7684\u955c\u50cf\uff0c\u7c7b\u4f3c Operator \u4e2d\u4f7f\u7528\u7684\u955c\u50cf\u3002Note
\u5bb9\u5668\u7ba1\u7406
-> Helm \u5e94\u7528
-> Helm \u4ed3\u5e93
\uff0c\u641c\u7d22 addon\uff0c\u83b7\u53d6\u5185\u7f6e\u4ed3\u5e93\u5730\u5740\u548c\u7528\u6237\u540d/\u5bc6\u7801\uff08\u7cfb\u7edf\u5185\u7f6e\u4ed3\u5e93\u9ed8\u8ba4\u7528\u6237\u540d/\u5bc6\u7801\u4e3a rootuser/rootpass123\uff09\u3002\u540c\u6b65 Helm Chart \u5230\u5bb9\u5668\u7ba1\u7406\u5185\u7f6e\u4ed3\u5e93 Addon
\u7f16\u5199\u5982\u4e0b\u914d\u7f6e\u6587\u4ef6\uff0c\u53ef\u4ee5\u6839\u636e\u5177\u4f53\u914d\u7f6e\u4fee\u6539\uff0c\u5e76\u4fdd\u5b58\u4e3a sync-dao-2048.yaml
\u3002
source: # helm charts \u6e90\u4fe1\u606f\n repo:\n kind: HARBOR # \u4e5f\u53ef\u4ee5\u662f\u4efb\u4f55\u5176\u4ed6\u652f\u6301\u7684 Helm Chart \u4ed3\u5e93\u7c7b\u522b\uff0c\u6bd4\u5982 CHARTMUSEUM\n url: https://release-ci.daocloud.io/chartrepo/community # \u9700\u66f4\u6539\u4e3a chart repo url\n #auth: # \u7528\u6237\u540d/\u5bc6\u7801,\u82e5\u6ca1\u6709\u8bbe\u7f6e\u5bc6\u7801\u53ef\u4ee5\u4e0d\u586b\u5199\n #username: \"admin\"\n #password: \"Harbor12345\"\ncharts: # \u9700\u8981\u540c\u6b65\n - name: dao-2048 # helm charts \u4fe1\u606f\uff0c\u82e5\u4e0d\u586b\u5199\u5219\u540c\u6b65\u6e90 helm repo \u5185\u6240\u6709 charts\n versions:\n - 1.4.1\ntarget: # helm charts \u76ee\u6807\u4fe1\u606f\n containerRegistry: 10.5.14.40 # \u955c\u50cf\u4ed3\u5e93 url\n repo:\n kind: CHARTMUSEUM # \u4e5f\u53ef\u4ee5\u662f\u4efb\u4f55\u5176\u4ed6\u652f\u6301\u7684 Helm Chart \u4ed3\u5e93\u7c7b\u522b\uff0c\u6bd4\u5982 HARBOR\n url: http://10.5.14.40:8081 # \u9700\u66f4\u6539\u4e3a\u6b63\u786e chart repo url\uff0c\u53ef\u4ee5\u901a\u8fc7 helm repo add $HELM-REPO \u9a8c\u8bc1\u5730\u5740\u662f\u5426\u6b63\u786e\n auth: # \u7528\u6237\u540d/\u5bc6\u7801\uff0c\u82e5\u6ca1\u6709\u8bbe\u7f6e\u5bc6\u7801\u53ef\u4ee5\u4e0d\u586b\u5199\n username: \"rootuser\"\n password: \"rootpass123\"\n containers:\n # kind: HARBOR # \u82e5\u955c\u50cf\u4ed3\u5e93\u4e3a HARBOR \u4e14\u5e0c\u671b charts-syncer \u81ea\u52a8\u521b\u5efa\u955c\u50cf Repository \u5219\u586b\u5199\u8be5\u5b57\u6bb5 \n # auth: # \u7528\u6237\u540d/\u5bc6\u7801\uff0c\u82e5\u6ca1\u6709\u8bbe\u7f6e\u5bc6\u7801\u53ef\u4ee5\u4e0d\u586b\u5199 \n # username: \"admin\"\n # password: \"Harbor12345\"\n\n# leverage .relok8s-images.yaml file inside the Charts to move the container images too\nrelocateContainerImages: true\n
\u6267\u884c charts-syncer \u547d\u4ee4\u540c\u6b65 Chart \u53ca\u5176\u5305\u542b\u7684\u955c\u50cf
charts-syncer sync --config sync-dao-2048.yaml --insecure --auto-create-repository\n
\u9884\u671f\u8f93\u51fa\u4e3a\uff1a
I1222 15:01:47.119777 8743 sync.go:45] Using config file: \"examples/sync-dao-2048.yaml\"\nW1222 15:01:47.234238 8743 syncer.go:263] Ignoring skipDependencies option as dependency sync is not supported if container image relocation is true or syncing from/to intermediate directory\nI1222 15:01:47.234685 8743 sync.go:58] There is 1 chart out of sync!\nI1222 15:01:47.234706 8743 sync.go:66] Syncing \"dao-2048_1.4.1\" chart...\n.relok8s-images.yaml hints file found\nComputing relocation...\n\nRelocating dao-2048@1.4.1...\nPushing 10.5.14.40/daocloud/dao-2048:v1.4.1...\nDone\nDone moving /var/folders/vm/08vw0t3j68z9z_4lcqyhg8nm0000gn/T/charts-syncer869598676/dao-2048-1.4.1.tgz\n
\u5f85\u4e0a\u4e00\u6b65\u6267\u884c\u5b8c\u6210\u540e\uff0c\u8fdb\u5165\u5bb9\u5668\u7ba1\u7406
-> Helm \u5e94\u7528
-> Helm \u4ed3\u5e93
\uff0c\u627e\u5230\u5bf9\u5e94 Addon\uff0c \u5728\u64cd\u4f5c\u680f\u70b9\u51fb\u540c\u6b65\u4ed3\u5e93
\uff0c\u56de\u5230 Helm \u6a21\u677f\u5c31\u53ef\u4ee5\u770b\u5230\u4e0a\u4f20\u7684 Helm \u5e94\u7528
\u540e\u7eed\u53ef\u6b63\u5e38\u8fdb\u884c\u5b89\u88c5\u3001\u5347\u7ea7\u3001\u5378\u8f7d
\u5728\u7ebf\u73af\u5883\u7684 Helm Repo \u5730\u5740\u4e3a release.daocloud.io
\u3002 \u5982\u679c\u7528\u6237\u65e0\u6743\u9650\u6dfb\u52a0 Helm Repo\uff0c\u5219\u65e0\u6cd5\u5c06\u81ea\u5b9a\u4e49 Helm \u5e94\u7528\u5bfc\u5165\u7cfb\u7edf\u5185\u7f6e Addon\u3002 \u60a8\u53ef\u4ee5\u6dfb\u52a0\u81ea\u5df1\u642d\u5efa\u7684 Helm \u4ed3\u5e93\uff0c\u7136\u540e\u6309\u7167\u79bb\u7ebf\u73af\u5883\u4e2d\u540c\u6b65 Helm Chart \u7684\u6b65\u9aa4\u5c06\u60a8\u7684 Helm \u4ed3\u5e93\u96c6\u6210\u5230\u5e73\u53f0\u4f7f\u7528\u3002
\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u652f\u6301\u5bf9 Helm \u8fdb\u884c\u754c\u9762\u5316\u7ba1\u7406\uff0c\u5305\u62ec\u4f7f\u7528 Helm \u6a21\u677f\u521b\u5efa Helm \u5b9e\u4f8b\u3001\u81ea\u5b9a\u4e49 Helm \u5b9e\u4f8b\u53c2\u6570\u3001\u5bf9 Helm \u5b9e\u4f8b\u8fdb\u884c\u5168\u751f\u547d\u5468\u671f\u7ba1\u7406\u7b49\u529f\u80fd\u3002
\u672c\u8282\u5c06\u4ee5 cert-manager \u4e3a\u4f8b\uff0c\u4ecb\u7ecd\u5982\u4f55\u901a\u8fc7\u5bb9\u5668\u7ba1\u7406\u754c\u9762\u521b\u5efa\u5e76\u7ba1\u7406 Helm \u5e94\u7528\u3002
"},{"location":"end-user/kpanda/helm/helm-app.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u5df2\u63a5\u5165 Kubernetes \u96c6\u7fa4\u6216\u8005\u5df2\u521b\u5efa Kubernetes \u96c6\u7fa4\uff0c\u4e14\u80fd\u591f\u8bbf\u95ee\u96c6\u7fa4\u7684 UI \u754c\u9762\u3002
\u5df2\u5b8c\u6210\u4e00\u4e2a\u547d\u540d\u7a7a\u95f4\u7684\u521b\u5efa\u3001\u7528\u6237\u7684\u521b\u5efa\uff0c\u5e76\u4e3a\u7528\u6237\u6388\u4e88 NS Admin \u6216\u66f4\u9ad8\u6743\u9650\uff0c\u8be6\u60c5\u53ef\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u6388\u6743\u3002
\u53c2\u7167\u4ee5\u4e0b\u6b65\u9aa4\u5b89\u88c5 Helm \u5e94\u7528\u3002
\u70b9\u51fb\u4e00\u4e2a\u96c6\u7fa4\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\uff0c\u4f9d\u6b21\u70b9\u51fb Helm \u5e94\u7528 -> Helm \u6a21\u677f \uff0c\u8fdb\u5165 Helm \u6a21\u677f\u9875\u9762\u3002
\u5728 Helm \u6a21\u677f\u9875\u9762\u9009\u62e9\u540d\u4e3a addon \u7684 Helm \u4ed3\u5e93\uff0c\u6b64\u65f6\u754c\u9762\u4e0a\u5c06\u5448\u73b0 addon \u4ed3\u5e93\u4e0b\u6240\u6709\u7684 Helm chart \u6a21\u677f\u3002 \u70b9\u51fb\u540d\u79f0\u4e3a cert-manager \u7684 Chart\u3002
\u5728\u5b89\u88c5\u9875\u9762\uff0c\u80fd\u591f\u770b\u5230 Chart \u7684\u76f8\u5173\u8be6\u7ec6\u4fe1\u606f\uff0c\u5728\u754c\u9762\u53f3\u4e0a\u89d2\u9009\u62e9\u9700\u8981\u5b89\u88c5\u7684\u7248\u672c\uff0c\u70b9\u51fb \u5b89\u88c5 \u6309\u94ae\u3002\u6b64\u5904\u9009\u62e9 v1.9.1 \u7248\u672c\u8fdb\u884c\u5b89\u88c5\u3002
\u914d\u7f6e \u540d\u79f0 \u3001 \u547d\u540d\u7a7a\u95f4 \u53ca \u7248\u672c\u4fe1\u606f \uff0c\u4e5f\u53ef\u4ee5\u5728\u4e0b\u65b9\u7684 \u53c2\u6570\u914d\u7f6e \u533a\u57df\u901a\u8fc7\u4fee\u6539 YAML \u6765\u81ea\u5b9a\u4e49\u53c2\u6570\u3002\u70b9\u51fb \u786e\u5b9a \u3002
\u7cfb\u7edf\u5c06\u81ea\u52a8\u8fd4\u56de Helm \u5e94\u7528\u5217\u8868\uff0c\u65b0\u521b\u5efa\u7684 Helm \u5e94\u7528\u72b6\u6001\u4e3a \u5b89\u88c5\u4e2d \uff0c\u7b49\u5f85\u4e00\u6bb5\u65f6\u95f4\u540e\u72b6\u6001\u53d8\u4e3a \u8fd0\u884c\u4e2d \u3002
\u5f53\u6211\u4eec\u901a\u8fc7\u754c\u9762\u5b8c\u6210\u4e00\u4e2a Helm \u5e94\u7528\u7684\u5b89\u88c5\u540e\uff0c\u6211\u4eec\u53ef\u4ee5\u5bf9 Helm \u5e94\u7528\u6267\u884c\u66f4\u65b0\u64cd\u4f5c\u3002\u6ce8\u610f\uff1a\u53ea\u6709\u901a\u8fc7\u754c\u9762\u5b89\u88c5\u7684 Helm \u5e94\u7528\u624d\u652f\u6301\u4f7f\u7528\u754c\u9762\u8fdb\u884c\u66f4\u65b0\u64cd\u4f5c\u3002
\u53c2\u7167\u4ee5\u4e0b\u6b65\u9aa4\u66f4\u65b0 Helm \u5e94\u7528\u3002
\u70b9\u51fb\u4e00\u4e2a\u96c6\u7fa4\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\uff0c\u70b9\u51fb Helm \u5e94\u7528 \uff0c\u8fdb\u5165 Helm \u5e94\u7528\u5217\u8868\u9875\u9762\u3002
\u5728 Helm \u5e94\u7528\u5217\u8868\u9875\u9009\u62e9\u9700\u8981\u66f4\u65b0\u7684 Helm \u5e94\u7528\uff0c\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507 \u64cd\u4f5c\u6309\u94ae\uff0c\u5728\u4e0b\u62c9\u9009\u62e9\u4e2d\u9009\u62e9 \u66f4\u65b0 \u64cd\u4f5c\u3002
\u70b9\u51fb \u66f4\u65b0 \u6309\u94ae\u540e\uff0c\u7cfb\u7edf\u5c06\u8df3\u8f6c\u81f3\u66f4\u65b0\u754c\u9762\uff0c\u60a8\u53ef\u4ee5\u6839\u636e\u9700\u8981\u5bf9 Helm \u5e94\u7528\u8fdb\u884c\u66f4\u65b0\uff0c\u6b64\u5904\u6211\u4eec\u4ee5\u66f4\u65b0 dao-2048 \u8fd9\u4e2a\u5e94\u7528\u7684 http \u7aef\u53e3\u4e3a\u4f8b\u3002
\u4fee\u6539\u5b8c\u76f8\u5e94\u53c2\u6570\u540e\u3002\u60a8\u53ef\u4ee5\u5728\u53c2\u6570\u914d\u7f6e\u4e0b\u70b9\u51fb \u53d8\u5316 \u6309\u94ae\uff0c\u5bf9\u6bd4\u4fee\u6539\u524d\u540e\u7684\u6587\u4ef6\uff0c\u786e\u5b9a\u65e0\u8bef\u540e\uff0c\u70b9\u51fb\u5e95\u90e8 \u786e\u5b9a \u6309\u94ae\uff0c\u5b8c\u6210 Helm \u5e94\u7528\u7684\u66f4\u65b0\u3002
\u7cfb\u7edf\u5c06\u81ea\u52a8\u8fd4\u56de Helm \u5e94\u7528\u5217\u8868\uff0c\u53f3\u4e0a\u89d2\u5f39\u7a97\u63d0\u793a \u66f4\u65b0\u6210\u529f \u3002
Helm \u5e94\u7528\u7684\u6bcf\u6b21\u5b89\u88c5\u3001\u66f4\u65b0\u3001\u5220\u9664\u90fd\u6709\u8be6\u7ec6\u7684\u64cd\u4f5c\u8bb0\u5f55\u548c\u65e5\u5fd7\u53ef\u4f9b\u67e5\u770b\u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\uff0c\u4f9d\u6b21\u70b9\u51fb \u96c6\u7fa4\u8fd0\u7ef4 -> \u6700\u8fd1\u64cd\u4f5c \uff0c\u7136\u540e\u5728\u9875\u9762\u4e0a\u65b9\u9009\u62e9 Helm \u64cd\u4f5c \u6807\u7b7e\u9875\u3002\u6bcf\u4e00\u6761\u8bb0\u5f55\u5bf9\u5e94\u4e00\u6b21\u5b89\u88c5/\u66f4\u65b0/\u5220\u9664\u64cd\u4f5c\u3002
\u5982\u9700\u67e5\u770b\u6bcf\u4e00\u6b21\u64cd\u4f5c\u7684\u8be6\u7ec6\u65e5\u5fd7\uff1a\u5728\u5217\u8868\u53f3\u4fa7\u70b9\u51fb \u2507 \uff0c\u5728\u5f39\u51fa\u83dc\u5355\u4e2d\u9009\u62e9 \u65e5\u5fd7 \u3002
\u6b64\u65f6\u9875\u9762\u4e0b\u65b9\u5c06\u4ee5\u63a7\u5236\u53f0\u7684\u5f62\u5f0f\u5c55\u793a\u8be6\u7ec6\u7684\u8fd0\u884c\u65e5\u5fd7\u3002
\u53c2\u7167\u4ee5\u4e0b\u6b65\u9aa4\u5220\u9664 Helm \u5e94\u7528\u3002
\u627e\u5230\u5f85\u5220\u9664\u7684 Helm \u5e94\u7528\u6240\u5728\u7684\u96c6\u7fa4\uff0c\u70b9\u51fb\u96c6\u7fa4\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\uff0c\u70b9\u51fb Helm \u5e94\u7528 \uff0c\u8fdb\u5165 Helm \u5e94\u7528\u5217\u8868\u9875\u9762\u3002
\u5728 Helm \u5e94\u7528\u5217\u8868\u9875\u9009\u62e9\u60a8\u9700\u8981\u5220\u9664\u7684 Helm \u5e94\u7528\uff0c\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507 \u64cd\u4f5c\u6309\u94ae\uff0c\u5728\u4e0b\u62c9\u9009\u62e9\u4e2d\u9009\u62e9 \u5220\u9664 \u3002
\u5728\u5f39\u7a97\u5185\u8f93\u5165 Helm \u5e94\u7528\u7684\u540d\u79f0\u8fdb\u884c\u786e\u8ba4\uff0c\u7136\u540e\u70b9\u51fb \u5220\u9664 \u6309\u94ae\u3002
Helm \u4ed3\u5e93\u662f\u7528\u6765\u5b58\u50a8\u548c\u53d1\u5e03 Chart \u7684\u5b58\u50a8\u5e93\u3002Helm \u5e94\u7528\u6a21\u5757\u652f\u6301\u901a\u8fc7 HTTP(s) \u534f\u8bae\u6765\u8bbf\u95ee\u5b58\u50a8\u5e93\u4e2d\u7684 Chart \u5305\u3002\u7cfb\u7edf\u9ed8\u8ba4\u5185\u7f6e\u4e86\u4e0b\u8868\u6240\u793a\u7684 4 \u4e2a Helm \u4ed3\u5e93\u4ee5\u6ee1\u8db3\u4f01\u4e1a\u751f\u4ea7\u8fc7\u7a0b\u4e2d\u7684\u5e38\u89c1\u9700\u6c42\u3002
\u4ed3\u5e93 \u63cf\u8ff0 \u793a\u4f8b partner \u7531\u751f\u6001\u5408\u4f5c\u4f19\u4f34\u6240\u63d0\u4f9b\u7684\u5404\u7c7b\u4f18\u8d28\u7279\u8272 Chart tidb system \u7cfb\u7edf\u6838\u5fc3\u529f\u80fd\u7ec4\u4ef6\u53ca\u90e8\u5206\u9ad8\u7ea7\u529f\u80fd\u6240\u5fc5\u9700\u4f9d\u8d56\u7684 Chart\uff0c\u5982\u5fc5\u9700\u5b89\u88c5 insight-agent \u624d\u80fd\u591f\u83b7\u53d6\u96c6\u7fa4\u7684\u76d1\u63a7\u4fe1\u606f Insight addon \u4e1a\u52a1\u573a\u666f\u4e2d\u5e38\u89c1\u7684 Chart cert-manager community Kubernetes \u793e\u533a\u8f83\u4e3a\u70ed\u95e8\u7684\u5f00\u6e90\u7ec4\u4ef6 Chart Istio\u9664\u4e0a\u8ff0\u9884\u7f6e\u4ed3\u5e93\u5916\uff0c\u60a8\u4e5f\u53ef\u4ee5\u81ea\u884c\u6dfb\u52a0\u7b2c\u4e09\u65b9 Helm \u4ed3\u5e93\u3002\u672c\u6587\u5c06\u4ecb\u7ecd\u5982\u4f55\u6dfb\u52a0\u3001\u66f4\u65b0\u7b2c\u4e09\u65b9 Helm \u4ed3\u5e93\u3002
"},{"location":"end-user/kpanda/helm/helm-repo.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u5df2\u63a5\u5165 Kubernetes \u96c6\u7fa4\u6216\u8005\u5df2\u521b\u5efa Kubernetes \u96c6\u7fa4\uff0c\u4e14\u80fd\u591f\u8bbf\u95ee\u96c6\u7fa4\u7684 UI \u754c\u9762
\u5df2\u5b8c\u6210\u4e00\u4e2a\u547d\u540d\u7a7a\u95f4\u7684\u521b\u5efa\u3001\u7528\u6237\u7684\u521b\u5efa\uff0c\u5e76\u4e3a\u7528\u6237\u6388\u4e88 NS Admin \u6216\u66f4\u9ad8\u6743\u9650 \uff0c\u8be6\u60c5\u53ef\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u6388\u6743\u3002
\u5982\u679c\u4f7f\u7528\u79c1\u6709\u4ed3\u5e93\uff0c\u5f53\u524d\u64cd\u4f5c\u7528\u6237\u5e94\u62e5\u6709\u5bf9\u8be5\u79c1\u6709\u4ed3\u5e93\u7684\u8bfb\u5199\u6743\u9650\u3002
\u4e0b\u9762\u4ee5 Kubevela \u516c\u5f00\u7684\u955c\u50cf\u4ed3\u5e93\u4e3a\u4f8b\uff0c\u5f15\u5165 Helm \u4ed3\u5e93\u5e76\u7ba1\u7406\u3002
\u627e\u5230\u9700\u8981\u5f15\u5165\u7b2c\u4e09\u65b9 Helm \u4ed3\u5e93\u7684\u96c6\u7fa4\uff0c\u70b9\u51fb\u96c6\u7fa4\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\uff0c\u4f9d\u6b21\u70b9\u51fb Helm \u5e94\u7528 -> Helm \u4ed3\u5e93 \uff0c\u8fdb\u5165 Helm \u4ed3\u5e93\u9875\u9762\u3002
\u5728 Helm \u4ed3\u5e93\u9875\u9762\u70b9\u51fb \u521b\u5efa\u4ed3\u5e93 \u6309\u94ae\uff0c\u8fdb\u5165\u521b\u5efa\u4ed3\u5e93\u9875\u9762\uff0c\u6309\u7167\u4e0b\u8868\u914d\u7f6e\u76f8\u5173\u53c2\u6570\u3002
\u70b9\u51fb \u786e\u5b9a \uff0c\u5b8c\u6210 Helm \u4ed3\u5e93\u7684\u521b\u5efa\u3002\u9875\u9762\u4f1a\u81ea\u52a8\u8df3\u8f6c\u81f3 Helm \u4ed3\u5e93\u5217\u8868\u3002
\u5f53 Helm \u4ed3\u5e93\u7684\u5730\u5740\u4fe1\u606f\u53d1\u751f\u53d8\u5316\u65f6\uff0c\u53ef\u4ee5\u66f4\u65b0 Helm \u4ed3\u5e93\u7684\u5730\u5740\u3001\u8ba4\u8bc1\u65b9\u5f0f\u3001\u6807\u7b7e\u3001\u6ce8\u89e3\u53ca\u63cf\u8ff0\u4fe1\u606f\u3002
\u627e\u5230\u5f85\u66f4\u65b0\u4ed3\u5e93\u6240\u5728\u7684\u96c6\u7fa4\uff0c\u70b9\u51fb\u96c6\u7fa4\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\uff0c\u4f9d\u6b21\u70b9\u51fb Helm \u5e94\u7528 -> Helm \u4ed3\u5e93 \uff0c\u8fdb\u5165 Helm \u4ed3\u5e93\u5217\u8868\u9875\u9762\u3002
\u5728\u4ed3\u5e93\u5217\u8868\u9875\u9762\u627e\u5230\u9700\u8981\u66f4\u65b0\u7684 Helm \u4ed3\u5e93\uff0c\u5728\u5217\u8868\u53f3\u4fa7\u70b9\u51fb \u2507 \u6309\u94ae\uff0c\u5728\u5f39\u51fa\u83dc\u5355\u4e2d\u70b9\u51fb \u66f4\u65b0 \u3002
\u5728 \u7f16\u8f91 Helm \u4ed3\u5e93 \u9875\u9762\u8fdb\u884c\u66f4\u65b0\uff0c\u5b8c\u6210\u540e\u70b9\u51fb \u786e\u5b9a \u3002
\u8fd4\u56de Helm \u4ed3\u5e93\u5217\u8868\uff0c\u5c4f\u5e55\u63d0\u793a\u66f4\u65b0\u6210\u529f\u3002
\u9664\u4e86\u5f15\u5165\u3001\u66f4\u65b0\u4ed3\u5e93\u5916\uff0c\u60a8\u4e5f\u53ef\u4ee5\u5c06\u4e0d\u9700\u8981\u7684\u4ed3\u5e93\u5220\u9664\uff0c\u5305\u62ec\u7cfb\u7edf\u9884\u7f6e\u4ed3\u5e93\u548c\u7b2c\u4e09\u65b9\u4ed3\u5e93\u3002
\u627e\u5230\u5f85\u5220\u9664\u4ed3\u5e93\u6240\u5728\u7684\u96c6\u7fa4\uff0c\u70b9\u51fb\u96c6\u7fa4\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\uff0c\u4f9d\u6b21\u70b9\u51fb Helm \u5e94\u7528 -> Helm \u4ed3\u5e93 \uff0c\u8fdb\u5165 Helm \u4ed3\u5e93\u5217\u8868\u9875\u9762\u3002
\u5728\u4ed3\u5e93\u5217\u8868\u9875\u9762\u627e\u5230\u9700\u8981\u66f4\u65b0\u7684 Helm \u4ed3\u5e93\uff0c\u5728\u5217\u8868\u53f3\u4fa7\u70b9\u51fb \u2507 \u6309\u94ae\uff0c\u5728\u5f39\u51fa\u83dc\u5355\u4e2d\u70b9\u51fb \u5220\u9664 \u3002
\u8f93\u5165\u4ed3\u5e93\u540d\u79f0\u8fdb\u884c\u786e\u8ba4\uff0c\u70b9\u51fb \u5220\u9664 \u3002
\u8fd4\u56de Helm \u4ed3\u5e93\u5217\u8868\uff0c\u5c4f\u5e55\u63d0\u793a\u5220\u9664\u6210\u529f\u3002
\u901a\u5e38\u5728\u591a\u67b6\u6784\u96c6\u7fa4\u4e2d\uff0c\u4e5f\u4f1a\u4f7f\u7528\u591a\u67b6\u6784\u7684 Helm \u5305\u6765\u90e8\u7f72\u5e94\u7528\uff0c\u4ee5\u89e3\u51b3\u67b6\u6784\u5dee\u5f02\u5e26\u6765\u7684\u90e8\u7f72\u95ee\u9898\u3002 \u672c\u6587\u5c06\u4ecb\u7ecd\u5982\u4f55\u5c06\u5355\u67b6\u6784 Helm \u5e94\u7528\u878d\u5408\u4e3a\u591a\u67b6\u6784\uff0c\u4ee5\u53ca\u591a\u67b6\u6784\u4e0e\u591a\u67b6\u6784 Helm \u5e94\u7528\u7684\u76f8\u4e92\u878d\u5408\u3002
"},{"location":"end-user/kpanda/helm/multi-archi-helm.html#_1","title":"\u5bfc\u5165","text":""},{"location":"end-user/kpanda/helm/multi-archi-helm.html#_2","title":"\u5355\u67b6\u6784\u5bfc\u5165","text":"\u51c6\u5907\u597d\u5f85\u5bfc\u5165\u7684\u79bb\u7ebf\u5305 addon-offline-full-package-${version}-${arch}.tar.gz
\u3002 \u628a\u8def\u5f84\u586b\u5199\u81f3 clusterConfig.yml \u914d\u7f6e\u6587\u4ef6\uff0c\u4f8b\u5982\uff1a
addonPackage:\n path: \"/home/addon-offline-full-package-v0.9.0-amd64.tar.gz\"\n
\u7136\u540e\u6267\u884c\u5bfc\u5165\u547d\u4ee4\uff1a
~/dce5-installer cluster-create -c /home/dce5/sample/clusterConfig.yaml -m /home/dce5/sample/manifest.yaml -d -j13\n
"},{"location":"end-user/kpanda/helm/multi-archi-helm.html#_3","title":"\u591a\u67b6\u6784\u878d\u5408","text":"\u51c6\u5907\u597d\u5f85\u878d\u5408\u7684\u79bb\u7ebf\u5305 addon-offline-full-package-${version}-${arch}.tar.gz
\u3002
\u4ee5 addon-offline-full-package-v0.9.0-arm64.tar.gz \u4e3a\u4f8b\uff0c\u6267\u884c\u5bfc\u5165\u547d\u4ee4\uff1a
~/dce5-installer import-addon -c /home/dce5/sample/clusterConfig.yaml --addon-path=/home/addon-offline-full-package-v0.9.0-arm64.tar.gz\n
"},{"location":"end-user/kpanda/helm/multi-archi-helm.html#_4","title":"\u5347\u7ea7","text":""},{"location":"end-user/kpanda/helm/multi-archi-helm.html#_5","title":"\u5355\u67b6\u6784\u5347\u7ea7","text":"\u51c6\u5907\u597d\u5f85\u5bfc\u5165\u7684\u79bb\u7ebf\u5305 addon-offline-full-package-${version}-${arch}.tar.gz
\u3002
\u628a\u8def\u5f84\u586b\u5199\u81f3 clusterConfig.yml \u914d\u7f6e\u6587\u4ef6\uff0c\u4f8b\u5982\uff1a
addonPackage:\n path: \"/home/addon-offline-full-package-v0.11.0-amd64.tar.gz\"\n
\u7136\u540e\u6267\u884c\u5bfc\u5165\u547d\u4ee4\uff1a
~/dce5-installer cluster-create -c /home/dce5/sample/clusterConfig.yaml -m /home/dce5/sample/manifest.yaml -d -j13\n
"},{"location":"end-user/kpanda/helm/multi-archi-helm.html#_6","title":"\u591a\u67b6\u6784\u878d\u5408","text":"\u51c6\u5907\u597d\u5f85\u878d\u5408\u7684\u79bb\u7ebf\u5305 addon-offline-full-package-${version}-${arch}.tar.gz
\u3002
\u4ee5 addon-offline-full-package-v0.11.0-arm64.tar.gz \u4e3a\u4f8b\uff0c\u6267\u884c\u5bfc\u5165\u547d\u4ee4\uff1a
~/dce5-installer import-addon -c /home/dce5/sample/clusterConfig.yaml --addon-path=/home/addon-offline-full-package-v0.11.0-arm64.tar.gz\n
"},{"location":"end-user/kpanda/helm/multi-archi-helm.html#_7","title":"\u6ce8\u610f\u4e8b\u9879","text":""},{"location":"end-user/kpanda/helm/multi-archi-helm.html#_8","title":"\u78c1\u76d8\u7a7a\u95f4","text":"\u79bb\u7ebf\u5305\u6bd4\u8f83\u5927\uff0c\u4e14\u8fc7\u7a0b\u4e2d\u9700\u8981\u89e3\u538b\u548c load \u955c\u50cf\uff0c\u9700\u8981\u9884\u7559\u5145\u8db3\u7684\u7a7a\u95f4\uff0c\u5426\u5219\u53ef\u80fd\u5728\u8fc7\u7a0b\u4e2d\u62a5 \u201cno space left\u201d \u800c\u4e2d\u65ad\u3002
"},{"location":"end-user/kpanda/helm/multi-archi-helm.html#_9","title":"\u5931\u8d25\u540e\u91cd\u8bd5","text":"\u5982\u679c\u5728\u591a\u67b6\u6784\u878d\u5408\u6b65\u9aa4\u6267\u884c\u5931\u8d25\uff0c\u91cd\u8bd5\u524d\u9700\u8981\u6e05\u7406\u4e00\u4e0b\u6b8b\u7559\uff1a
rm -rf addon-offline-target-package\n
"},{"location":"end-user/kpanda/helm/multi-archi-helm.html#_10","title":"\u955c\u50cf\u7a7a\u95f4","text":"\u5982\u679c\u878d\u5408\u7684\u79bb\u7ebf\u5305\u4e2d\u5305\u542b\u4e86\u4e0e\u5bfc\u5165\u7684\u79bb\u7ebf\u5305\u4e0d\u4e00\u81f4\u7684\u955c\u50cf\u7a7a\u95f4\uff0c\u53ef\u80fd\u4f1a\u5728\u878d\u5408\u8fc7\u7a0b\u4e2d\u56e0\u4e3a\u955c\u50cf\u7a7a\u95f4\u4e0d\u5b58\u5728\u800c\u62a5\u9519\uff1a
\u89e3\u51b3\u529e\u6cd5\uff1a\u53ea\u9700\u8981\u5728\u878d\u5408\u4e4b\u524d\u521b\u5efa\u597d\u8be5\u955c\u50cf\u7a7a\u95f4\u5373\u53ef\uff0c\u4f8b\u5982\u4e0a\u56fe\u62a5\u9519\u53ef\u901a\u8fc7\u521b\u5efa\u955c\u50cf\u7a7a\u95f4 localhost \u63d0\u524d\u907f\u514d\u3002
"},{"location":"end-user/kpanda/helm/multi-archi-helm.html#_11","title":"\u67b6\u6784\u51b2\u7a81","text":"\u5347\u7ea7\u81f3\u4f4e\u4e8e 0.12.0 \u7248\u672c\u7684 addon \u65f6\uff0c\u7531\u4e8e\u76ee\u6807\u79bb\u7ebf\u5305\u91cc\u7684 charts-syncer \u6ca1\u6709\u68c0\u67e5\u955c\u50cf\u5b58\u5728\u5219\u4e0d\u63a8\u9001\u529f\u80fd\uff0c\u56e0\u6b64\u4f1a\u5728\u5347\u7ea7\u7684\u8fc7\u7a0b\u4e2d\u4f1a\u91cd\u65b0\u628a\u591a\u67b6\u6784\u51b2\u6210\u5355\u67b6\u6784\u3002 \u4f8b\u5982\uff1a\u5728 v0.10 \u7248\u672c\u5c06 addon \u5b9e\u73b0\u4e3a\u591a\u67b6\u6784\uff0c\u6b64\u65f6\u82e5\u5347\u7ea7\u4e3a v0.11 \u7248\u672c\uff0c\u5219\u591a\u67b6\u6784 addon \u4f1a\u88ab\u8986\u76d6\u4e3a\u5355\u67b6\u6784\uff1b\u82e5\u5347\u7ea7\u4e3a 0.12.0 \u53ca\u4ee5\u4e0a\u7248\u672c\u5219\u4ecd\u80fd\u591f\u4fdd\u6301\u591a\u67b6\u6784\u3002
"},{"location":"end-user/kpanda/helm/upload-helm.html","title":"\u4e0a\u4f20 Helm \u6a21\u677f","text":"\u672c\u6587\u4ecb\u7ecd\u5982\u4f55\u4e0a\u4f20 Helm \u6a21\u677f\uff0c\u64cd\u4f5c\u6b65\u9aa4\u89c1\u4e0b\u6587\u3002
\u5f15\u5165 Helm \u4ed3\u5e93\uff0c\u64cd\u4f5c\u6b65\u9aa4\u53c2\u8003\u5f15\u5165\u7b2c\u4e09\u65b9 Helm \u4ed3\u5e93\u3002
\u4e0a\u4f20 Helm Chart \u5230 Helm \u4ed3\u5e93\u3002
\u5ba2\u6237\u7aef\u4e0a\u4f20\u9875\u9762\u4e0a\u4f20Note
\u6b64\u65b9\u5f0f\u9002\u7528\u4e8e Harbor\u3001ChartMuseum\u3001JFrog \u7c7b\u578b\u4ed3\u5e93\u3002
\u767b\u5f55\u4e00\u4e2a\u53ef\u4ee5\u8bbf\u95ee\u5230 Helm \u4ed3\u5e93\u7684\u8282\u70b9\uff0c\u5c06 Helm \u4e8c\u8fdb\u5236\u6587\u4ef6\u4e0a\u4f20\u5230\u8282\u70b9\uff0c\u5e76\u5b89\u88c5 cm-push \u63d2\u4ef6\uff08\u9700\u8981\u8fde\u901a\u5916\u7f51\u5e76\u63d0\u524d\u5b89\u88c5 Git\uff09\u3002
\u5b89\u88c5\u63d2\u4ef6\u6d41\u7a0b\u53c2\u8003\u5b89\u88c5 cm-push \u63d2\u4ef6\u3002
\u63a8\u9001 Helm Chart \u5230 Helm \u4ed3\u5e93\uff0c\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff1b
helm cm-push ${charts-dir} ${HELM_REPO_URL} --username ${username} --password ${password}\n
\u5b57\u6bb5\u8bf4\u660e\uff1a
charts-dir
\uff1aHelm Chart \u7684\u76ee\u5f55\uff0c\u6216\u8005\u662f\u6253\u5305\u597d\u7684 Chart\uff08\u5373 .tgz \u6587\u4ef6\uff09\u3002HELM_REPO_URL
\uff1aHelm \u4ed3\u5e93\u7684 URL\u3002username
/password
\uff1a\u6709\u63a8\u9001\u6743\u9650\u7684 Helm \u4ed3\u5e93\u7528\u6237\u540d\u548c\u5bc6\u7801\u3002--insecure
Note
\u6b64\u65b9\u5f0f\u4ec5\u9002\u7528\u4e8e Harbor \u7c7b\u578b\u4ed3\u5e93\u3002
\u767b\u5f55\u7f51\u9875 Harbor \u4ed3\u5e93\uff0c\u8bf7\u786e\u4fdd\u767b\u5f55\u7528\u6237\u6709\u63a8\u9001\u6743\u9650\uff1b
\u8fdb\u5165\u5230\u5bf9\u5e94\u9879\u76ee\uff0c\u9009\u62e9 Helm Charts \u9875\u7b7e\uff0c\u70b9\u51fb\u9875\u9762 \u4e0a\u4f20 \u6309\u94ae\uff0c\u5b8c\u6210 Helm Chart \u4e0a\u4f20\u3002
\u540c\u6b65\u8fdc\u7aef\u4ed3\u5e93\u6570\u636e
\u624b\u52a8\u540c\u6b65\u81ea\u52a8\u540c\u6b65\u9ed8\u8ba4\u96c6\u7fa4\u672a\u5f00\u542f Helm \u4ed3\u5e93\u81ea\u52a8\u5237\u65b0 \uff0c\u9700\u8981\u6267\u884c\u624b\u52a8\u540c\u6b65\u64cd\u4f5c\uff0c\u5927\u81f4\u6b65\u9aa4\u4e3a\uff1a
\u8fdb\u5165 Helm \u5e94\u7528 -> Helm \u4ed3\u5e93 \uff0c\u70b9\u51fb\u4ed3\u5e93\u5217\u8868\u53f3\u4fa7\u7684 \u2507 \u6309\u94ae\uff0c\u9009\u62e9 \u540c\u6b65\u4ed3\u5e93 \uff0c\u5b8c\u6210\u4ed3\u5e93\u6570\u636e\u540c\u6b65\u3002
\u5982\u9700\u5f00\u542f Helm \u4ed3\u5e93\u81ea\u52a8\u540c\u6b65\u529f\u80fd\uff0c\u53ef\u8fdb\u5165 \u96c6\u7fa4\u8fd0\u7ef4 -> \u96c6\u7fa4\u8bbe\u7f6e -> \u9ad8\u7ea7\u914d\u7f6e \uff0c\u5f00\u542f Helm \u4ed3\u5e93\u81ea\u52a8\u5237\u65b0\u5f00\u5173\u3002
\u96c6\u7fa4\u5de1\u68c0\u53ef\u4ee5\u901a\u8fc7\u81ea\u52a8\u6216\u624b\u52a8\u65b9\u5f0f\uff0c\u5b9a\u671f\u6216\u968f\u65f6\u68c0\u67e5\u96c6\u7fa4\u7684\u6574\u4f53\u5065\u5eb7\u72b6\u6001\uff0c\u8ba9\u7ba1\u7406\u5458\u83b7\u5f97\u4fdd\u969c\u96c6\u7fa4\u5b89\u5168\u7684\u4e3b\u52a8\u6743\u3002 \u57fa\u4e8e\u5408\u7406\u7684\u5de1\u68c0\u8ba1\u5212\uff0c\u8fd9\u79cd\u4e3b\u52a8\u81ea\u53d1\u7684\u96c6\u7fa4\u68c0\u67e5\u53ef\u4ee5\u8ba9\u7ba1\u7406\u5458\u968f\u65f6\u638c\u63e1\u96c6\u7fa4\u72b6\u6001\uff0c\u6446\u8131\u4e4b\u524d\u51fa\u73b0\u6545\u969c\u65f6\u53ea\u80fd\u88ab\u52a8\u6392\u67e5\u95ee\u9898\u7684\u56f0\u5883\uff0c\u505a\u5230\u4e8b\u5148\u76d1\u63a7\u3001\u63d0\u524d\u9632\u8303\u3002
\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u63d0\u4f9b\u7684\u96c6\u7fa4\u5de1\u68c0\u529f\u80fd\uff0c\u652f\u6301\u4ece\u96c6\u7fa4\u3001\u8282\u70b9\u3001\u5bb9\u5668\u7ec4\uff08Pod\uff09\u4e09\u4e2a\u7ef4\u5ea6\u8fdb\u884c\u81ea\u5b9a\u4e49\u5de1\u68c0\u9879\uff0c\u5de1\u68c0\u7ed3\u675f\u540e\u4f1a\u81ea\u52a8\u751f\u6210\u53ef\u89c6\u5316\u7684\u5de1\u68c0\u62a5\u544a\u3002
\u5982\u9700\u4e86\u89e3\u6216\u6267\u884c\u5b89\u5168\u65b9\u9762\u7684\u5de1\u68c0\uff0c\u53ef\u53c2\u8003\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u652f\u6301\u7684\u5b89\u5168\u626b\u63cf\u7c7b\u578b\u3002
"},{"location":"end-user/kpanda/inspect/config.html","title":"\u521b\u5efa\u5de1\u68c0\u914d\u7f6e","text":"\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u63d0\u4f9b\u96c6\u7fa4\u5de1\u68c0\u529f\u80fd\uff0c\u652f\u6301\u4ece\u96c6\u7fa4\u7ef4\u5ea6\u3001\u8282\u70b9\u7ef4\u5ea6\u3001\u5bb9\u5668\u7ec4\u7ef4\u5ea6\u8fdb\u884c\u5de1\u68c0\u3002
\u4e0b\u9762\u4ecb\u7ecd\u5982\u4f55\u521b\u5efa\u5de1\u68c0\u914d\u7f6e\u3002
"},{"location":"end-user/kpanda/inspect/config.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u96c6\u7fa4\u5de1\u68c0 \u3002
\u5728\u9875\u9762\u53f3\u4fa7\u70b9\u51fb \u5de1\u68c0\u914d\u7f6e \u3002
\u53c2\u8003\u4ee5\u4e0b\u8bf4\u660e\u586b\u5199\u5de1\u68c0\u914d\u7f6e\uff0c\u7136\u540e\u5728\u9875\u9762\u5e95\u90e8\u70b9\u51fb \u786e\u5b9a \u5373\u53ef\u3002
\u53c2\u6570\u914d\u7f6e\uff1a\u53c2\u6570\u914d\u7f6e\u5206\u4e3a\u96c6\u7fa4\u7ef4\u5ea6\u3001\u8282\u70b9\u7ef4\u5ea6\u3001\u5bb9\u5668\u7ec4\u7ef4\u5ea6\u4e09\u90e8\u5206\uff0c\u53ef\u4ee5\u6839\u636e\u573a\u666f\u9700\u6c42\u542f\u7528\u6216\u7981\u7528\u67d0\u4e9b\u5de1\u68c0\u9879\u3002
\u5de1\u68c0\u914d\u7f6e\u521b\u5efa\u5b8c\u6210\u540e\uff0c\u4f1a\u81ea\u52a8\u663e\u793a\u5728\u5de1\u68c0\u914d\u7f6e\u5217\u8868\u4e2d\u3002\u5728\u914d\u7f6e\u53f3\u4fa7\u70b9\u51fb\u66f4\u591a\u64cd\u4f5c\u6309\u94ae\u53ef\u4ee5\u7acb\u5373\u6267\u884c\u5de1\u68c0\u3001\u4fee\u6539\u5de1\u68c0\u914d\u7f6e\u3001\u5220\u9664\u5de1\u68c0\u914d\u7f6e\u548c\u5de1\u68c0\u8bb0\u5f55\u3002
\u70b9\u51fb \u5220\u9664 \u53ef\u4ee5\u5220\u9664\u8be5\u5de1\u68c0\u914d\u7f6e\u548c\u5386\u53f2\u7684\u5de1\u68c0\u8bb0\u5f55
Note
\u5de1\u68c0\u914d\u7f6e\u521b\u5efa\u5b8c\u6210\u540e\uff0c\u5982\u679c\u542f\u7528\u4e86 \u5b9a\u65f6\u5de1\u68c0 \u914d\u7f6e\uff0c\u5219\u4f1a\u5728\u6307\u5b9a\u65f6\u95f4\u81ea\u52a8\u6267\u884c\u5de1\u68c0\u3002\u5982\u672a\u542f\u7528 \u5b9a\u65f6\u5de1\u68c0 \u914d\u7f6e\uff0c\u5219\u9700\u8981\u624b\u52a8\u89e6\u53d1\u5de1\u68c0\u3002
\u6b64\u9875\u4ecb\u7ecd\u5982\u4f55\u624b\u52a8\u6267\u884c\u96c6\u7fa4\u5de1\u68c0\u3002
"},{"location":"end-user/kpanda/inspect/inspect.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u6267\u884c\u5de1\u68c0\u65f6\uff0c\u652f\u6301\u52fe\u9009\u591a\u4e2a\u96c6\u7fa4\u8fdb\u884c\u6279\u91cf\u5de1\u68c0\uff0c\u6216\u8005\u4ec5\u5bf9\u67d0\u4e00\u4e2a\u96c6\u7fa4\u8fdb\u884c\u5355\u72ec\u5de1\u68c0\u3002
\u6279\u91cf\u5de1\u68c0\u5355\u72ec\u5de1\u68c0\u5728\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u7684\u4e00\u7ea7\u5bfc\u822a\u680f\u70b9\u51fb \u96c6\u7fa4\u5de1\u68c0 \uff0c\u7136\u540e\u5728\u9875\u9762\u53f3\u4fa7\u70b9\u51fb \u5de1\u68c0 \u3002
\u52fe\u9009\u9700\u8981\u5de1\u68c0\u7684\u96c6\u7fa4\uff0c\u7136\u540e\u5728\u9875\u9762\u5e95\u90e8\u70b9\u51fb \u786e\u5b9a \u5373\u53ef\u3002
\u5982\u672a\u8bbe\u7f6e\u96c6\u7fa4\u5de1\u68c0\u914d\u7f6e\uff0c\u5c06\u4f7f\u7528\u7cfb\u7edf\u9ed8\u8ba4\u914d\u7f6e\u3002
\u5728\u5bf9\u5e94\u5de1\u68c0\u914d\u7f6e\u7684\u53f3\u4fa7\u70b9\u51fb \u2507 \u66f4\u591a\u64cd\u4f5c\u6309\u94ae\uff0c\u7136\u540e\u5728\u5f39\u51fa\u7684\u83dc\u5355\u4e2d\u9009\u62e9 \u5de1\u68c0 \u5373\u53ef\u3002
\u5de1\u68c0\u6267\u884c\u5b8c\u6210\u540e\uff0c\u53ef\u4ee5\u67e5\u770b\u5de1\u68c0\u8bb0\u5f55\u548c\u8be6\u7ec6\u7684\u5de1\u68c0\u62a5\u544a\u3002
"},{"location":"end-user/kpanda/inspect/report.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u8fdb\u5165\u96c6\u7fa4\u5de1\u68c0\u9875\u9762\uff0c\u70b9\u51fb\u76ee\u6807\u5de1\u68c0\u96c6\u7fa4\u7684\u540d\u79f0\u3002
\u70b9\u51fb\u60f3\u8981\u67e5\u770b\u7684\u5de1\u68c0\u8bb0\u5f55\u540d\u79f0\u3002
\u5f53\u5de1\u68c0\u8bb0\u5f55\u8d85\u8fc7\u5de1\u68c0\u914d\u7f6e\u4e2d\u8bbe\u7f6e\u7684\u6700\u5927\u4fdd\u7559\u6761\u6570\u65f6\uff0c\u4ece\u6267\u884c\u65f6\u95f4\u6700\u65e9\u7684\u8bb0\u5f55\u5f00\u59cb\u5220\u9664\u3002
\u67e5\u770b\u5de1\u68c0\u7684\u8be6\u7ec6\u4fe1\u606f\uff0c\u6839\u636e\u5de1\u68c0\u914d\u7f6e\u53ef\u80fd\u5305\u62ec\u96c6\u7fa4\u8d44\u6e90\u6982\u89c8\u3001\u7cfb\u7edf\u7ec4\u4ef6\u7684\u8fd0\u884c\u60c5\u51b5\u7b49\u3002
\u5728\u9875\u9762\u53f3\u4e0a\u89d2\u53ef\u4ee5\u4e0b\u8f7d\u5de1\u68c0\u62a5\u544a\u6216\u5220\u9664\u8be5\u9879\u5de1\u68c0\u62a5\u544a\u3002
\u547d\u540d\u7a7a\u95f4\u662f Kubernetes \u4e2d\u7528\u6765\u8fdb\u884c\u8d44\u6e90\u9694\u79bb\u7684\u4e00\u79cd\u62bd\u8c61\u3002\u4e00\u4e2a\u96c6\u7fa4\u4e0b\u53ef\u4ee5\u5305\u542b\u591a\u4e2a\u4e0d\u91cd\u540d\u7684\u547d\u540d\u7a7a\u95f4\uff0c\u6bcf\u4e2a\u547d\u540d\u7a7a\u95f4\u4e2d\u7684\u8d44\u6e90\u76f8\u4e92\u9694\u79bb\u3002\u6709\u5173\u547d\u540d\u7a7a\u95f4\u7684\u8be6\u7ec6\u4ecb\u7ecd\uff0c\u53ef\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u3002
\u672c\u6587\u5c06\u4ecb\u7ecd\u547d\u540d\u7a7a\u95f4\u7684\u76f8\u5173\u64cd\u4f5c\u3002
"},{"location":"end-user/kpanda/namespaces/createns.html#_2","title":"\u521b\u5efa\u547d\u540d\u7a7a\u95f4","text":"\u652f\u6301\u901a\u8fc7\u8868\u5355\u8f7b\u677e\u521b\u5efa\u547d\u540d\u7a7a\u95f4\uff0c\u4e5f\u652f\u6301\u901a\u8fc7\u7f16\u5199\u6216\u5bfc\u5165 YAML \u6587\u4ef6\u5feb\u901f\u521b\u5efa\u547d\u540d\u7a7a\u95f4\u3002
Note
\u5728 \u96c6\u7fa4\u5217\u8868 \u9875\u9762\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u547d\u540d\u7a7a\u95f4 \uff0c\u7136\u540e\u70b9\u51fb\u9875\u9762\u53f3\u4fa7\u7684 \u521b\u5efa \u6309\u94ae\u3002
\u586b\u5199\u547d\u540d\u7a7a\u95f4\u7684\u540d\u79f0\uff0c\u914d\u7f6e\u5de5\u4f5c\u7a7a\u95f4\u548c\u6807\u7b7e\uff08\u53ef\u9009\u8bbe\u7f6e\uff09\uff0c\u7136\u540e\u70b9\u51fb \u786e\u5b9a \u3002
Info
\u547d\u540d\u7a7a\u95f4\u7ed1\u5b9a\u5de5\u4f5c\u7a7a\u95f4\u4e4b\u540e\uff0c\u8be5\u547d\u540d\u7a7a\u95f4\u7684\u8d44\u6e90\u5c31\u4f1a\u5171\u4eab\u7ed9\u6240\u7ed1\u5b9a\u7684\u5de5\u4f5c\u7a7a\u95f4\u3002\u6709\u5173\u5de5\u4f5c\u7a7a\u95f4\u7684\u8be6\u7ec6\u8bf4\u660e\uff0c\u53ef\u53c2\u8003\u5de5\u4f5c\u7a7a\u95f4\u4e0e\u5c42\u7ea7\u3002
\u547d\u540d\u7a7a\u95f4\u521b\u5efa\u5b8c\u6210\u540e\uff0c\u4ecd\u7136\u53ef\u4ee5\u7ed1\u5b9a/\u89e3\u7ed1\u5de5\u4f5c\u7a7a\u95f4\u3002
\u70b9\u51fb \u786e\u5b9a \uff0c\u5b8c\u6210\u547d\u540d\u7a7a\u95f4\u7684\u521b\u5efa\u3002\u5728\u547d\u540d\u7a7a\u95f4\u5217\u8868\u53f3\u4fa7\uff0c\u70b9\u51fb \u2507 \uff0c\u53ef\u4ee5\u4ece\u5f39\u51fa\u83dc\u5355\u4e2d\u9009\u62e9\u67e5\u770b YAML\u3001\u4fee\u6539\u6807\u7b7e\u3001\u7ed1\u5b9a/\u89e3\u7ed1\u5de5\u4f5c\u7a7a\u95f4\u3001\u914d\u989d\u7ba1\u7406\u3001\u5220\u9664\u7b49\u66f4\u591a\u64cd\u4f5c\u3002
\u5728 \u96c6\u7fa4\u5217\u8868 \u9875\u9762\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u547d\u540d\u7a7a\u95f4 \uff0c\u7136\u540e\u70b9\u51fb\u9875\u9762\u53f3\u4fa7\u7684 YAML \u521b\u5efa \u6309\u94ae\u3002
\u8f93\u5165\u6216\u7c98\u8d34\u4e8b\u5148\u51c6\u5907\u597d\u7684 YAML \u5185\u5bb9\uff0c\u6216\u8005\u4ece\u672c\u5730\u76f4\u63a5\u5bfc\u5165\u5df2\u6709\u7684 YAML \u6587\u4ef6\u3002
\u8f93\u5165 YAML \u5185\u5bb9\u540e\uff0c\u70b9\u51fb \u4e0b\u8f7d \u53ef\u4ee5\u5c06\u8be5 YAML \u6587\u4ef6\u4fdd\u5b58\u5230\u672c\u5730\u3002
\u6700\u540e\u5728\u5f39\u6846\u53f3\u4e0b\u89d2\u70b9\u51fb \u786e\u5b9a \u5373\u53ef\u3002
\u547d\u540d\u7a7a\u95f4\u72ec\u4eab\u8282\u70b9\u6307\u5728 kubernetes \u96c6\u7fa4\u4e2d\uff0c\u901a\u8fc7\u6c61\u70b9\u548c\u6c61\u70b9\u5bb9\u5fcd\u7684\u65b9\u5f0f\u5b9e\u73b0\u7279\u5b9a\u547d\u540d\u7a7a\u95f4\u5bf9\u4e00\u4e2a\u6216\u591a\u4e2a\u8282\u70b9 CPU\u3001\u5185\u5b58\u7b49\u8d44\u6e90\u7684\u72ec\u4eab\u3002\u4e3a\u7279\u5b9a\u547d\u540d\u7a7a\u95f4\u914d\u7f6e\u72ec\u4eab\u8282\u70b9\u540e\uff0c\u5176\u5b83\u975e\u6b64\u547d\u540d\u7a7a\u95f4\u7684\u5e94\u7528\u548c\u670d\u52a1\u5747\u4e0d\u80fd\u8fd0\u884c\u5728\u88ab\u72ec\u4eab\u7684\u8282\u70b9\u4e0a\u3002\u4f7f\u7528\u72ec\u4eab\u8282\u70b9\u53ef\u4ee5\u8ba9\u91cd\u8981\u5e94\u7528\u72ec\u4eab\u4e00\u90e8\u5206\u8ba1\u7b97\u8d44\u6e90\uff0c\u4ece\u800c\u548c\u5176\u4ed6\u5e94\u7528\u5b9e\u73b0\u7269\u7406\u9694\u79bb\u3002
Note
\u5728\u8282\u70b9\u88ab\u8bbe\u7f6e\u4e3a\u72ec\u4eab\u8282\u70b9\u524d\u5df2\u7ecf\u8fd0\u884c\u5728\u6b64\u8282\u70b9\u4e0a\u7684\u5e94\u7528\u548c\u670d\u52a1\u5c06\u4e0d\u4f1a\u53d7\u5f71\u54cd\uff0c\u4f9d\u7136\u4f1a\u6b63\u5e38\u8fd0\u884c\u5728\u8be5\u8282\u70b9\u4e0a\uff0c\u4ec5\u5f53\u8fd9\u4e9b Pod \u88ab\u5220\u9664\u6216\u91cd\u5efa\u65f6\uff0c\u624d\u4f1a\u8c03\u5ea6\u5230\u5176\u5b83\u975e\u72ec\u4eab\u8282\u70b9\u4e0a\u3002
"},{"location":"end-user/kpanda/namespaces/exclusive.html#_2","title":"\u51c6\u5907\u5de5\u4f5c","text":"\u68c0\u67e5\u5f53\u524d\u96c6\u7fa4\u7684 kube-apiserver \u662f\u5426\u542f\u7528\u4e86 PodNodeSelector \u548c PodTolerationRestriction \u51c6\u5165\u63a7\u5236\u5668\u3002
\u4f7f\u7528\u547d\u540d\u7a7a\u95f4\u72ec\u4eab\u8282\u70b9\u529f\u80fd\u9700\u8981\u7528\u6237\u542f\u7528 kube-apiserver \u4e0a\u7684 PodNodeSelector \u548c PodTolerationRestriction \u4e24\u4e2a\u7279\u6027\u51c6\u5165\u63a7\u5236\u5668\uff08Admission Controllers\uff09\uff0c\u5173\u4e8e\u51c6\u5165\u63a7\u5236\u5668\u66f4\u591a\u8bf4\u660e\u8bf7\u53c2\u9605 kubernetes Admission Controllers Reference\u3002
\u60a8\u53ef\u4ee5\u524d\u5f80\u5f53\u524d\u96c6\u7fa4\u4e0b\u4efb\u610f\u4e00\u4e2a Master \u8282\u70b9\u4e0a\u68c0\u67e5 kube-apiserver.yaml \u6587\u4ef6\u5185\u662f\u5426\u542f\u7528\u4e86\u8fd9\u4e24\u4e2a\u7279\u6027\uff0c\u4e5f\u53ef\u4ee5\u5728 Master \u8282\u70b9\u4e0a\u6267\u884c\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u5feb\u901f\u68c0\u67e5\uff1a
```bash\n[root@g-master1 ~]# cat /etc/kubernetes/manifests/kube-apiserver.yaml | grep enable-admission-plugins\n\n# \u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a\n- --enable-admission-plugins=NodeRestriction,PodNodeSelector,PodTolerationRestriction\n```\n
"},{"location":"end-user/kpanda/namespaces/exclusive.html#_3","title":"\u5728\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4e0a\u542f\u7528\u547d\u540d\u7a7a\u95f4\u72ec\u4eab\u8282\u70b9","text":"\u7531\u4e8e\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4e0a\u8fd0\u884c\u7740 kpanda\u3001ghippo\u3001insight \u7b49\u5e73\u53f0\u57fa\u7840\u7ec4\u4ef6\uff0c\u5728 Global \u542f\u7528\u547d\u540d\u7a7a\u95f4\u72ec\u4eab\u8282\u70b9\u5c06\u53ef\u80fd\u5bfc\u81f4\u5f53\u7cfb\u7edf\u7ec4\u4ef6\u91cd\u542f\u540e\uff0c\u7cfb\u7edf\u7ec4\u4ef6\u65e0\u6cd5\u8c03\u5ea6\u5230\u88ab\u72ec\u4eab\u7684\u8282\u70b9\u4e0a\uff0c\u5f71\u54cd\u7cfb\u7edf\u7684\u6574\u4f53\u9ad8\u53ef\u7528\u80fd\u529b\u3002\u56e0\u6b64\uff0c\u901a\u5e38\u60c5\u51b5\u4e0b\uff0c\u6211\u4eec\u4e0d\u63a8\u8350\u7528\u6237\u5728\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4e0a\u542f\u7528\u547d\u540d\u7a7a\u95f4\u72ec\u4eab\u8282\u70b9\u7279\u6027\u3002
\u5982\u679c\u60a8\u786e\u5b9e\u9700\u8981\u5728\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4e0a\u542f\u7528\u547d\u540d\u7a7a\u95f4\u72ec\u4eab\u8282\u70b9\uff0c\u8bf7\u53c2\u8003\u4ee5\u4e0b\u6b65\u9aa4\u8fdb\u884c\u5f00\u542f\uff1a
\u4e3a\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u7684 kube-apiserver \u542f\u7528\u4e86 PodNodeSelector \u548c PodTolerationRestriction \u51c6\u5165\u63a7\u5236\u5668
Note
\u5982\u679c\u96c6\u7fa4\u5df2\u542f\u7528\u4e86\u4e0a\u8ff0\u7684\u4e24\u4e2a\u51c6\u5165\u63a7\u5236\u5668\uff0c\u8bf7\u8df3\u8fc7\u6b64\u6b65\uff0c\u76f4\u63a5\u524d\u5f80\u914d\u7f6e\u7cfb\u7edf\u7ec4\u4ef6\u5bb9\u5fcd\u3002
\u524d\u5f80\u5f53\u524d\u96c6\u7fa4\u4e0b\u4efb\u610f\u4e00\u4e2a Master \u8282\u70b9\u4e0a\u4fee\u6539 kube-apiserver.yaml \u914d\u7f6e\u6587\u4ef6\uff0c\u4e5f\u53ef\u4ee5\u5728 Master \u8282\u70b9\u4e0a\u6267\u884c\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u914d\u7f6e\uff1a
[root@g-master1 ~]# vi /etc/kubernetes/manifests/kube-apiserver.yaml\n\n# \u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a\napiVersion: v1\nkind: Pod\nmetadata:\n ......\nspec:\ncontainers:\n- command:\n - kube-apiserver\n ......\n - --default-not-ready-toleration-seconds=300\n - --default-unreachable-toleration-seconds=300\n - --enable-admission-plugins=NodeRestriction #\u542f\u7528\u7684\u51c6\u5165\u63a7\u5236\u5668\u5217\u8868\n - --enable-aggregator-routing=False\n - --enable-bootstrap-token-auth=true\n - --endpoint-reconciler-type=lease\n - --etcd-cafile=/etc/kubernetes/ssl/etcd/ca.crt\n ......\n
\u627e\u5230 --enable-admission-plugins \u53c2\u6570\uff0c\u52a0\u5165\uff08\u4ee5\u82f1\u6587\u9017\u53f7\u5206\u9694\u7684\uff09 PodNodeSelector \u548c PodTolerationRestriction \u51c6\u5165\u63a7\u5236\u5668\u3002\u53c2\u8003\u5982\u4e0b\uff1a
# \u52a0\u5165 __ ,PodNodeSelector,PodTolerationRestriction__ \n- --enable-admission-plugins=NodeRestriction,PodNodeSelector,PodTolerationRestriction \n
\u4e3a\u5e73\u53f0\u7ec4\u4ef6\u6240\u5728\u7684\u547d\u540d\u7a7a\u95f4\u6dfb\u52a0\u5bb9\u5fcd\u6ce8\u89e3
\u5b8c\u6210\u51c6\u5165\u63a7\u5236\u5668\u7684\u5f00\u542f\u540e\uff0c\u60a8\u9700\u8981\u4e3a\u5e73\u53f0\u7ec4\u4ef6\u6240\u5728\u7684\u547d\u540d\u7a7a\u95f4\u6dfb\u52a0\u5bb9\u5fcd\u6ce8\u89e3\uff0c\u4ee5\u4fdd\u8bc1\u5e73\u53f0\u7ec4\u4ef6\u7684\u9ad8\u53ef\u7528\u3002
\u76ee\u524d\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u7684\u7cfb\u7edf\u7ec4\u4ef6\u547d\u540d\u7a7a\u95f4\u5982\u4e0b\u8868\uff1a
\u547d\u540d\u7a7a\u95f4 \u6240\u5305\u542b\u7684\u7cfb\u7edf\u7ec4\u4ef6 kpanda-system kpanda hwameiStor-system hwameiStor istio-system istio metallb-system metallb cert-manager-system cert-manager contour-system contour kubean-system kubean ghippo-system ghippo kcoral-system kcoral kcollie-system kcollie insight-system insight\u3001insight-agent: ipavo-system ipavo kairship-system kairship karmada-system karmada amamba-system amamba\u3001jenkins skoala-system skoala mspider-system mspider mcamel-system mcamel-rabbitmq\u3001mcamel-elasticsearch\u3001mcamel-mysql\u3001mcamel-redis\u3001mcamel-kafka\u3001mcamel-minio\u3001mcamel-postgresql spidernet-system spidernet kangaroo-system kangaroo gmagpie-system gmagpie dowl-system dowl\u68c0\u67e5\u5f53\u524d\u96c6\u7fa4\u4e2d\u6240\u6709\u547d\u540d\u7a7a\u95f4\u662f\u5426\u5b58\u5728\u4e0a\u8ff0\u7684\u547d\u540d\u7a7a\u95f4\uff0c\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5206\u522b\u4e3a\u6bcf\u4e2a\u547d\u540d\u7a7a\u95f4\u6dfb\u52a0\u6ce8\u89e3\uff1a scheduler.alpha.kubernetes.io/defaultTolerations: '[{\"operator\": \"Exists\", \"effect\": \"NoSchedule\", \"key\": \"ExclusiveNamespace\"}]'
\u3002
kubectl annotate ns <namespace-name> scheduler.alpha.kubernetes.io/defaultTolerations: '[{\"operator\": \"Exists\", \"effect\": \n\"NoSchedule\", \"key\": \"ExclusiveNamespace\"}]'\n
\u8bf7\u786e\u4fdd\u5c06 <namespace-name>
\u66ff\u6362\u4e3a\u8981\u6dfb\u52a0\u6ce8\u89e3\u7684\u5e73\u53f0\u547d\u540d\u7a7a\u95f4\u540d\u79f0\u3002 \u4f7f\u7528\u754c\u9762\u4e3a\u547d\u540d\u7a7a\u95f4\u8bbe\u7f6e\u72ec\u4eab\u8282\u70b9
\u5f53\u60a8\u786e\u8ba4\u96c6\u7fa4 API \u670d\u52a1\u5668\u4e0a\u7684 PodNodeSelector \u548c PodTolerationRestriction \u4e24\u4e2a\u7279\u6027\u51c6\u5165\u63a7\u5236\u5668\u5df2\u7ecf\u5f00\u542f\u540e\uff0c\u8bf7\u53c2\u8003\u5982\u4e0b\u6b65\u9aa4\u4f7f\u7528\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u7684 UI \u7ba1\u7406\u754c\u9762\u4e3a\u547d\u540d\u7a7a\u95f4\u8bbe\u7f6e\u72ec\u4eab\u8282\u70b9\u4e86\u3002
\u5728\u96c6\u7fa4\u5217\u8868\u9875\u9762\u70b9\u51fb\u96c6\u7fa4\u540d\u79f0\uff0c\u7136\u540e\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u547d\u540d\u7a7a\u95f4 \u3002
\u70b9\u51fb\u547d\u540d\u7a7a\u95f4\u540d\u79f0\uff0c\u7136\u540e\u70b9\u51fb \u72ec\u4eab\u8282\u70b9 \u9875\u7b7e\uff0c\u5728\u4e0b\u65b9\u53f3\u4fa7\u70b9\u51fb \u6dfb\u52a0\u8282\u70b9 \u3002
\u5728\u9875\u9762\u5de6\u4fa7\u9009\u62e9\u8ba9\u8be5\u547d\u540d\u7a7a\u95f4\u72ec\u4eab\u54ea\u4e9b\u8282\u70b9\uff0c\u5728\u53f3\u4fa7\u53ef\u4ee5\u6e05\u7a7a\u6216\u5220\u9664\u67d0\u4e2a\u5df2\u9009\u8282\u70b9\uff0c\u6700\u540e\u5728\u5e95\u90e8\u70b9\u51fb \u786e\u5b9a \u3002
\u53ef\u4ee5\u5728\u5217\u8868\u4e2d\u67e5\u770b\u6b64\u547d\u540d\u7a7a\u95f4\u7684\u5df2\u6709\u7684\u72ec\u4eab\u8282\u70b9\uff0c\u5728\u8282\u70b9\u53f3\u4fa7\u53ef\u4ee5\u9009\u62e9 \u53d6\u6d88\u72ec\u4eab \u3002
\u53d6\u6d88\u72ec\u4eab\u4e4b\u540e\uff0c\u5176\u4ed6\u547d\u540d\u7a7a\u95f4\u4e0b\u7684 Pod \u4e5f\u53ef\u4ee5\u88ab\u8c03\u5ea6\u5230\u8be5\u8282\u70b9\u4e0a\u3002
\u5728 \u975e\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4e0a\u542f\u7528\u547d\u540d\u7a7a\u95f4\u72ec\u4eab\u8282\u70b9\uff0c\u8bf7\u53c2\u8003\u4ee5\u4e0b\u6b65\u9aa4\u8fdb\u884c\u5f00\u542f\uff1a
\u4e3a\u5f53\u524d\u96c6\u7fa4\u7684 kube-apiserver \u542f\u7528\u4e86 PodNodeSelector \u548c PodTolerationRestriction \u51c6\u5165\u63a7\u5236\u5668
Note
\u5982\u679c\u96c6\u7fa4\u5df2\u542f\u7528\u4e86\u4e0a\u8ff0\u7684\u4e24\u4e2a\u51c6\u5165\u63a7\u5236\u5668\uff0c\u8bf7\u8df3\u8fc7\u6b64\u6b65\uff0c\u76f4\u63a5\u524d\u5f80\u754c\u9762\u4e3a\u547d\u540d\u7a7a\u95f4\u8bbe\u7f6e\u72ec\u4eab\u8282\u70b9
\u524d\u5f80\u5f53\u524d\u96c6\u7fa4\u4e0b\u4efb\u610f\u4e00\u4e2a Master \u8282\u70b9\u4e0a\u4fee\u6539 kube-apiserver.yaml \u914d\u7f6e\u6587\u4ef6\uff0c\u4e5f\u53ef\u4ee5\u5728 Master \u8282\u70b9\u4e0a\u6267\u884c\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u914d\u7f6e\uff1a
[root@g-master1 ~]# vi /etc/kubernetes/manifests/kube-apiserver.yaml\n\n# \u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a\napiVersion: v1\nkind: Pod\nmetadata:\n ......\nspec:\ncontainers:\n- command:\n - kube-apiserver\n ......\n - --default-not-ready-toleration-seconds=300\n - --default-unreachable-toleration-seconds=300\n - --enable-admission-plugins=NodeRestriction #\u542f\u7528\u7684\u51c6\u5165\u63a7\u5236\u5668\u5217\u8868\n - --enable-aggregator-routing=False\n - --enable-bootstrap-token-auth=true\n - --endpoint-reconciler-type=lease\n - --etcd-cafile=/etc/kubernetes/ssl/etcd/ca.crt\n ......\n
\u627e\u5230 --enable-admission-plugins \u53c2\u6570\uff0c\u52a0\u5165\uff08\u4ee5\u82f1\u6587\u9017\u53f7\u5206\u9694\u7684\uff09 PodNodeSelector \u548c PodTolerationRestriction \u51c6\u5165\u63a7\u5236\u5668\u3002\u53c2\u8003\u5982\u4e0b\uff1a
# \u52a0\u5165 __ ,PodNodeSelector,PodTolerationRestriction__ \n- --enable-admission-plugins=NodeRestriction,PodNodeSelector,PodTolerationRestriction \n
\u4f7f\u7528\u754c\u9762\u4e3a\u547d\u540d\u7a7a\u95f4\u8bbe\u7f6e\u72ec\u4eab\u8282\u70b9
\u5f53\u60a8\u786e\u8ba4\u96c6\u7fa4 API \u670d\u52a1\u5668\u4e0a\u7684 PodNodeSelector \u548c PodTolerationRestriction \u4e24\u4e2a\u7279\u6027\u51c6\u5165\u63a7\u5236\u5668\u5df2\u7ecf\u5f00\u542f\u540e\uff0c\u8bf7\u53c2\u8003\u5982\u4e0b\u6b65\u9aa4\u4f7f\u7528\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u7684 UI \u7ba1\u7406\u754c\u9762\u4e3a\u547d\u540d\u7a7a\u95f4\u8bbe\u7f6e\u72ec\u4eab\u8282\u70b9\u4e86\u3002
\u5728\u96c6\u7fa4\u5217\u8868\u9875\u9762\u70b9\u51fb\u96c6\u7fa4\u540d\u79f0\uff0c\u7136\u540e\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u547d\u540d\u7a7a\u95f4 \u3002
\u70b9\u51fb\u547d\u540d\u7a7a\u95f4\u540d\u79f0\uff0c\u7136\u540e\u70b9\u51fb \u72ec\u4eab\u8282\u70b9 \u9875\u7b7e\uff0c\u5728\u4e0b\u65b9\u53f3\u4fa7\u70b9\u51fb \u6dfb\u52a0\u8282\u70b9 \u3002
\u5728\u9875\u9762\u5de6\u4fa7\u9009\u62e9\u8ba9\u8be5\u547d\u540d\u7a7a\u95f4\u72ec\u4eab\u54ea\u4e9b\u8282\u70b9\uff0c\u5728\u53f3\u4fa7\u53ef\u4ee5\u6e05\u7a7a\u6216\u5220\u9664\u67d0\u4e2a\u5df2\u9009\u8282\u70b9\uff0c\u6700\u540e\u5728\u5e95\u90e8\u70b9\u51fb \u786e\u5b9a \u3002
\u53ef\u4ee5\u5728\u5217\u8868\u4e2d\u67e5\u770b\u6b64\u547d\u540d\u7a7a\u95f4\u7684\u5df2\u6709\u7684\u72ec\u4eab\u8282\u70b9\uff0c\u5728\u8282\u70b9\u53f3\u4fa7\u53ef\u4ee5\u9009\u62e9 \u53d6\u6d88\u72ec\u4eab \u3002
\u53d6\u6d88\u72ec\u4eab\u4e4b\u540e\uff0c\u5176\u4ed6\u547d\u540d\u7a7a\u95f4\u4e0b\u7684 Pod \u4e5f\u53ef\u4ee5\u88ab\u8c03\u5ea6\u5230\u8be5\u8282\u70b9\u4e0a\u3002
\u4e3a\u9700\u8981\u9ad8\u53ef\u7528\u7684\u7ec4\u4ef6\u6240\u5728\u7684\u547d\u540d\u7a7a\u95f4\u6dfb\u52a0\u5bb9\u5fcd\u6ce8\u89e3\uff08\u53ef\u9009\uff09
\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u9700\u8981\u9ad8\u53ef\u7528\u7684\u7ec4\u4ef6\u6240\u5728\u7684\u547d\u540d\u7a7a\u95f4\u6dfb\u52a0\u6ce8\u89e3\uff1ascheduler.alpha.kubernetes.io/defaultTolerations: '[{\"operator\": \"Exists\", \"effect\": \"NoSchedule\", \"key\": \"ExclusiveNamespace\"}]'
\u3002
kubectl annotate ns <namespace-name> scheduler.alpha.kubernetes.io/defaultTolerations: '[{\"operator\": \"Exists\", \"effect\": \n\"NoSchedule\", \"key\": \"ExclusiveNamespace\"}]'\n
\u8bf7\u786e\u4fdd\u5c06 <namespace-name>
\u66ff\u6362\u4e3a\u8981\u6dfb\u52a0\u6ce8\u89e3\u7684\u5e73\u53f0\u547d\u540d\u7a7a\u95f4\u540d\u79f0\u3002
\u5bb9\u5668\u7ec4\u5b89\u5168\u7b56\u7565\u6307\u5728 kubernetes \u96c6\u7fa4\u4e2d\uff0c\u901a\u8fc7\u4e3a\u6307\u5b9a\u547d\u540d\u7a7a\u95f4\u914d\u7f6e\u4e0d\u540c\u7684\u7b49\u7ea7\u548c\u6a21\u5f0f\uff0c\u5b9e\u73b0\u5728\u5b89\u5168\u7684\u5404\u4e2a\u65b9\u9762\u63a7\u5236 Pod \u7684\u884c\u4e3a\uff0c\u53ea\u6709\u6ee1\u8db3\u4e00\u5b9a\u7684\u6761\u4ef6\u7684 Pod \u624d\u4f1a\u88ab\u7cfb\u7edf\u63a5\u53d7\u3002\u5b83\u8bbe\u7f6e\u4e09\u4e2a\u7b49\u7ea7\u548c\u4e09\u79cd\u6a21\u5f0f\uff0c\u7528\u6237\u53ef\u4ee5\u6839\u636e\u81ea\u5df1\u7684\u9700\u6c42\u9009\u62e9\u66f4\u52a0\u5408\u9002\u7684\u65b9\u6848\u6765\u8bbe\u7f6e\u9650\u5236\u7b56\u7565\u3002
Note
\u4e00\u6761\u5b89\u5168\u6a21\u5f0f\u4ec5\u80fd\u914d\u7f6e\u4e00\u6761\u5b89\u5168\u7b56\u7565\u3002\u540c\u65f6\u8bf7\u8c28\u614e\u4e3a\u547d\u540d\u7a7a\u95f4\u914d\u7f6e enforce \u7684\u5b89\u5168\u6a21\u5f0f\uff0c\u8fdd\u53cd\u540e\u5c06\u4f1a\u5bfc\u81f4 Pod \u65e0\u6cd5\u521b\u5efa\u3002
\u672c\u8282\u5c06\u4ecb\u7ecd\u5982\u4f55\u901a\u8fc7\u5bb9\u5668\u7ba1\u7406\u754c\u9762\u4e3a\u547d\u540d\u7a7a\u95f4\u914d\u7f6e\u5bb9\u5668\u7ec4\u5b89\u5168\u7b56\u7565\u3002
"},{"location":"end-user/kpanda/namespaces/podsecurity.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u5df2\u63a5\u5165 Kubernetes \u96c6\u7fa4\u6216\u8005\u5df2\u521b\u5efa Kubernetes \u96c6\u7fa4\uff0c\u96c6\u7fa4\u7684\u7248\u672c\u9700\u8981\u5728 v1.22 \u4ee5\u4e0a\uff0c\u4e14\u80fd\u591f\u8bbf\u95ee\u96c6\u7fa4\u7684 UI \u754c\u9762\u3002
\u5df2\u5b8c\u6210\u4e00\u4e2a\u547d\u540d\u7a7a\u95f4\u7684\u521b\u5efa\u3001\u7528\u6237\u7684\u521b\u5efa\uff0c\u5e76\u4e3a\u7528\u6237\u6388\u4e88 NS Admin \u6216\u66f4\u9ad8\u6743\u9650\uff0c\u8be6\u60c5\u53ef\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u6388\u6743\u3002
\u9009\u62e9\u9700\u8981\u914d\u7f6e\u5bb9\u5668\u7ec4\u5b89\u5168\u7b56\u7565\u7684\u547d\u540d\u7a7a\u95f4\uff0c\u8fdb\u5165\u8be6\u60c5\u9875\u3002\u5728 \u5bb9\u5668\u7ec4\u5b89\u5168\u7b56\u7565 \u9875\u9762\u70b9\u51fb \u914d\u7f6e\u7b56\u7565 \uff0c\u8fdb\u5165\u914d\u7f6e\u9875\u3002
\u5728\u914d\u7f6e\u9875\u70b9\u51fb \u6dfb\u52a0\u7b56\u7565 \uff0c\u5219\u4f1a\u51fa\u73b0\u4e00\u6761\u7b56\u7565\uff0c\u5305\u62ec\u5b89\u5168\u7ea7\u522b\u548c\u5b89\u5168\u6a21\u5f0f\uff0c\u4ee5\u4e0b\u662f\u5bf9\u5b89\u5168\u7ea7\u522b\u548c\u5b89\u5168\u7b56\u7565\u7684\u8be6\u7ec6\u4ecb\u7ecd\u3002
\u5b89\u5168\u7ea7\u522b \u63cf\u8ff0 Privileged \u4e0d\u53d7\u9650\u5236\u7684\u7b56\u7565\uff0c\u63d0\u4f9b\u6700\u5927\u53ef\u80fd\u8303\u56f4\u7684\u6743\u9650\u8bb8\u53ef\u3002\u6b64\u7b56\u7565\u5141\u8bb8\u5df2\u77e5\u7684\u7279\u6743\u63d0\u5347\u3002 Baseline \u9650\u5236\u6027\u6700\u5f31\u7684\u7b56\u7565\uff0c\u7981\u6b62\u5df2\u77e5\u7684\u7b56\u7565\u63d0\u5347\u3002\u5141\u8bb8\u4f7f\u7528\u9ed8\u8ba4\u7684\uff08\u89c4\u5b9a\u6700\u5c11\uff09Pod \u914d\u7f6e\u3002 Restricted \u9650\u5236\u6027\u975e\u5e38\u5f3a\u7684\u7b56\u7565\uff0c\u9075\u5faa\u5f53\u524d\u7684\u4fdd\u62a4 Pod \u7684\u6700\u4f73\u5b9e\u8df5\u3002 \u5b89\u5168\u6a21\u5f0f \u63cf\u8ff0 Audit \u8fdd\u53cd\u6307\u5b9a\u7b56\u7565\u4f1a\u5728\u5ba1\u8ba1\u65e5\u5fd7\u4e2d\u6dfb\u52a0\u65b0\u7684\u5ba1\u8ba1\u4e8b\u4ef6\uff0cPod \u53ef\u4ee5\u88ab\u521b\u5efa\u3002 Warn \u8fdd\u53cd\u6307\u5b9a\u7b56\u7565\u4f1a\u8fd4\u56de\u7528\u6237\u53ef\u89c1\u7684\u544a\u8b66\u4fe1\u606f\uff0cPod \u53ef\u4ee5\u88ab\u521b\u5efa\u3002 Enforce \u8fdd\u53cd\u6307\u5b9a\u7b56\u7565\u4f1a\u5bfc\u81f4 Pod \u65e0\u6cd5\u521b\u5efa\u3002\u4e0d\u540c\u7684\u5b89\u5168\u7ea7\u522b\u5bf9\u5e94\u4e0d\u540c\u7684\u68c0\u67e5\u9879\uff0c\u82e5\u60a8\u4e0d\u77e5\u9053\u8be5\u5982\u4f55\u4e3a\u60a8\u7684\u547d\u540d\u7a7a\u95f4\u914d\u7f6e\uff0c\u53ef\u4ee5\u70b9\u51fb\u9875\u9762\u53f3\u4e0a\u89d2\u7684 \u7b56\u7565\u914d\u7f6e\u9879\u8bf4\u660e \u67e5\u770b\u8be6\u7ec6\u4fe1\u606f\u3002
\u70b9\u51fb\u786e\u5b9a\uff0c\u82e5\u521b\u5efa\u6210\u529f\uff0c\u5219\u9875\u9762\u4e0a\u5c06\u51fa\u73b0\u60a8\u914d\u7f6e\u7684\u5b89\u5168\u7b56\u7565\u3002
\u70b9\u51fb \u2507 \u8fd8\u53ef\u4ee5\u7f16\u8f91\u6216\u8005\u5220\u9664\u60a8\u914d\u7f6e\u7684\u5b89\u5168\u7b56\u7565\u3002
\u5728 Kubernetes \u96c6\u7fa4\u4e2d\uff0cIngress \u516c\u5f00\u4ece\u96c6\u7fa4\u5916\u90e8\u5230\u96c6\u7fa4\u5185\u670d\u52a1\u7684 HTTP \u548c HTTPS \u8def\u7531\u3002 \u6d41\u91cf\u8def\u7531\u7531 Ingress \u8d44\u6e90\u4e0a\u5b9a\u4e49\u7684\u89c4\u5219\u63a7\u5236\u3002\u4e0b\u9762\u662f\u4e00\u4e2a\u5c06\u6240\u6709\u6d41\u91cf\u90fd\u53d1\u9001\u5230\u540c\u4e00 Service \u7684\u7b80\u5355 Ingress \u793a\u4f8b\uff1a
Ingress \u662f\u5bf9\u96c6\u7fa4\u4e2d\u670d\u52a1\u7684\u5916\u90e8\u8bbf\u95ee\u8fdb\u884c\u7ba1\u7406\u7684 API \u5bf9\u8c61\uff0c\u5178\u578b\u7684\u8bbf\u95ee\u65b9\u5f0f\u662f HTTP\u3002Ingress \u53ef\u4ee5\u63d0\u4f9b\u8d1f\u8f7d\u5747\u8861\u3001SSL \u7ec8\u7ed3\u548c\u57fa\u4e8e\u540d\u79f0\u7684\u865a\u62df\u6258\u7ba1\u3002
"},{"location":"end-user/kpanda/network/create-ingress.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u4ee5 NS Editor \u7528\u6237\u6210\u529f\u767b\u5f55\u540e\uff0c\u70b9\u51fb\u5de6\u4e0a\u89d2\u7684 \u96c6\u7fa4\u5217\u8868 \u8fdb\u5165 \u96c6\u7fa4\u5217\u8868 \u9875\u9762\u3002\u5728\u96c6\u7fa4\u5217\u8868\u4e2d\uff0c\u70b9\u51fb\u4e00\u4e2a\u96c6\u7fa4\u540d\u79f0\u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u4e2d\uff0c\u70b9\u51fb \u5bb9\u5668\u7f51\u7edc -> \u8def\u7531 \u8fdb\u5165\u670d\u52a1\u5217\u8868\uff0c\u70b9\u51fb\u53f3\u4e0a\u89d2 \u521b\u5efa\u8def\u7531 \u6309\u94ae\u3002
Note
\u4e5f\u53ef\u4ee5\u901a\u8fc7 YAML \u521b\u5efa \u4e00\u4e2a\u8def\u7531\u3002
\u6253\u5f00 \u521b\u5efa\u8def\u7531 \u9875\u9762\uff0c\u8fdb\u884c\u914d\u7f6e\u3002\u53ef\u9009\u62e9\u4e24\u79cd\u534f\u8bae\u7c7b\u578b\uff0c\u53c2\u8003\u4ee5\u4e0b\u4e24\u4e2a\u53c2\u6570\u8868\u8fdb\u884c\u914d\u7f6e\u3002
\u8f93\u5165\u5982\u4e0b\u53c2\u6570\uff1a
nginx.ingress.kubernetes.io/upstream-hash-by: \"$binary_remote_addr\"
nginx.ingress.kubernetes.io/affinity: \"cookie\"\u3002nginx.ingress.kubernetes.io/affinity-mode: persistent
nginx.ingress.kubernetes.io/upstream-hash-by: \"$http_x_forwarded_for\"
\u8f93\u5165\u5982\u4e0b\u53c2\u6570\uff1a
Note
\u6ce8\u610f\uff1a\u4e0e HTTP \u534f\u8bae \u8bbe\u7f6e\u8def\u7531\u89c4\u5219 \u4e0d\u540c\uff0c\u589e\u52a0\u5bc6\u94a5\u9009\u62e9\u8bc1\u4e66\uff0c\u5176\u4ed6\u57fa\u672c\u4e00\u81f4\u3002
\u914d\u7f6e\u5b8c\u6240\u6709\u53c2\u6570\u540e\uff0c\u70b9\u51fb \u786e\u5b9a \u6309\u94ae\uff0c\u81ea\u52a8\u8fd4\u56de\u8def\u7531\u5217\u8868\u3002\u5728\u5217\u8868\u53f3\u4fa7\uff0c\u70b9\u51fb \u2507 \uff0c\u53ef\u4ee5\u4fee\u6539\u6216\u5220\u9664\u6240\u9009\u8def\u7531\u3002
"},{"location":"end-user/kpanda/network/create-services.html","title":"\u521b\u5efa\u670d\u52a1\uff08Service\uff09","text":"\u5728 Kubernetes \u96c6\u7fa4\u4e2d\uff0c\u6bcf\u4e2a Pod \u90fd\u6709\u4e00\u4e2a\u5185\u90e8\u72ec\u7acb\u7684 IP \u5730\u5740\uff0c\u4f46\u662f\u5de5\u4f5c\u8d1f\u8f7d\u4e2d\u7684 Pod \u53ef\u80fd\u4f1a\u88ab\u968f\u65f6\u521b\u5efa\u548c\u5220\u9664\uff0c\u76f4\u63a5\u4f7f\u7528 Pod IP \u5730\u5740\u5e76\u4e0d\u80fd\u5bf9\u5916\u63d0\u4f9b\u670d\u52a1\u3002
\u8fd9\u5c31\u9700\u8981\u521b\u5efa\u670d\u52a1\uff0c\u901a\u8fc7\u670d\u52a1\u60a8\u4f1a\u83b7\u5f97\u4e00\u4e2a\u56fa\u5b9a\u7684 IP \u5730\u5740\uff0c\u4ece\u800c\u5b9e\u73b0\u5de5\u4f5c\u8d1f\u8f7d\u524d\u7aef\u548c\u540e\u7aef\u7684\u89e3\u8026\uff0c\u8ba9\u5916\u90e8\u7528\u6237\u80fd\u591f\u8bbf\u95ee\u670d\u52a1\u3002\u540c\u65f6\uff0c\u670d\u52a1\u8fd8\u63d0\u4f9b\u4e86\u8d1f\u8f7d\u5747\u8861\uff08LoadBalancer\uff09\u529f\u80fd\uff0c\u4f7f\u7528\u6237\u80fd\u4ece\u516c\u7f51\u8bbf\u95ee\u5230\u5de5\u4f5c\u8d1f\u8f7d\u3002
"},{"location":"end-user/kpanda/network/create-services.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u5df2\u63a5\u5165 Kubernetes \u96c6\u7fa4\u6216\u8005\u5df2\u521b\u5efa Kubernetes\uff0c\u4e14\u80fd\u591f\u8bbf\u95ee\u96c6\u7fa4\u7684 UI \u754c\u9762\u3002
\u5df2\u5b8c\u6210\u4e00\u4e2a\u547d\u540d\u7a7a\u95f4\u7684\u521b\u5efa\u3001\u7528\u6237\u7684\u521b\u5efa\uff0c\u5e76\u5c06\u7528\u6237\u6388\u6743\u4e3a NS Editor \u89d2\u8272 \uff0c\u8be6\u60c5\u53ef\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u6388\u6743\u3002
\u5355\u4e2a\u5b9e\u4f8b\u4e2d\u6709\u591a\u4e2a\u5bb9\u5668\u65f6\uff0c\u8bf7\u786e\u4fdd\u5bb9\u5668\u4f7f\u7528\u7684\u7aef\u53e3\u4e0d\u51b2\u7a81\uff0c\u5426\u5219\u90e8\u7f72\u4f1a\u5931\u6548\u3002
\u4ee5 NS Editor \u7528\u6237\u6210\u529f\u767b\u5f55\u540e\uff0c\u70b9\u51fb\u5de6\u4e0a\u89d2\u7684 \u96c6\u7fa4\u5217\u8868 \u8fdb\u5165 \u96c6\u7fa4\u5217\u8868 \u9875\u9762\u3002\u5728\u96c6\u7fa4\u5217\u8868\u4e2d\uff0c\u70b9\u51fb\u4e00\u4e2a\u96c6\u7fa4\u540d\u79f0\u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u4e2d\uff0c\u70b9\u51fb \u5bb9\u5668\u7f51\u7edc -> \u670d\u52a1 \u8fdb\u5165\u670d\u52a1\u5217\u8868\uff0c\u70b9\u51fb\u53f3\u4e0a\u89d2 \u521b\u5efa\u670d\u52a1 \u6309\u94ae\u3002
Tip
\u4e5f\u53ef\u4ee5\u901a\u8fc7 YAML \u521b\u5efa \u4e00\u4e2a\u670d\u52a1\u3002
\u6253\u5f00 \u521b\u5efa\u670d\u52a1 \u9875\u9762\uff0c\u9009\u62e9\u4e00\u79cd\u8bbf\u95ee\u7c7b\u578b\uff0c\u53c2\u8003\u4ee5\u4e0b\u51e0\u4e2a\u53c2\u6570\u8868\u8fdb\u884c\u914d\u7f6e\u3002
\u70b9\u9009 \u96c6\u7fa4\u5185\u8bbf\u95ee\uff08ClusterIP\uff09 \uff0c\u8fd9\u662f\u6307\u901a\u8fc7\u96c6\u7fa4\u7684\u5185\u90e8 IP \u66b4\u9732\u670d\u52a1\uff0c\u9009\u62e9\u6b64\u9879\u7684\u670d\u52a1\u53ea\u80fd\u5728\u96c6\u7fa4\u5185\u90e8\u8bbf\u95ee\u3002\u8fd9\u662f\u9ed8\u8ba4\u7684\u670d\u52a1\u7c7b\u578b\u3002\u53c2\u8003\u4e0b\u8868\u914d\u7f6e\u53c2\u6570\u3002
\u53c2\u6570 \u8bf4\u660e \u4e3e\u4f8b\u503c \u8bbf\u95ee\u7c7b\u578b \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u6307\u5b9a Pod \u670d\u52a1\u53d1\u73b0\u7684\u65b9\u5f0f\uff0c\u8fd9\u91cc\u9009\u62e9\u96c6\u7fa4\u5185\u8bbf\u95ee\uff08ClusterIP\uff09\u3002 ClusterIP \u670d\u52a1\u540d\u79f0 \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u8f93\u5165\u65b0\u5efa\u670d\u52a1\u7684\u540d\u79f0\u3002\u3010\u6ce8\u610f\u3011\u8bf7\u8f93\u5165 4 \u5230 63 \u4e2a\u5b57\u7b26\u7684\u5b57\u7b26\u4e32\uff0c\u53ef\u4ee5\u5305\u542b\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u3001\u6570\u5b57\u548c\u4e2d\u5212\u7ebf\uff08-\uff09\uff0c\u5e76\u4ee5\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u5f00\u5934\uff0c\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u6216\u6570\u5b57\u7ed3\u5c3e\u3002 Svc-01 \u547d\u540d\u7a7a\u95f4 \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u9009\u62e9\u65b0\u5efa\u670d\u52a1\u6240\u5728\u7684\u547d\u540d\u7a7a\u95f4\u3002\u5173\u4e8e\u547d\u540d\u7a7a\u95f4\u66f4\u591a\u4fe1\u606f\u8bf7\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u6982\u8ff0\u3002\u3010\u6ce8\u610f\u3011\u8bf7\u8f93\u5165 4 \u5230 63 \u4e2a\u5b57\u7b26\u7684\u5b57\u7b26\u4e32\uff0c\u53ef\u4ee5\u5305\u542b\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u3001\u6570\u5b57\u548c\u4e2d\u5212\u7ebf\uff08-\uff09\uff0c\u5e76\u4ee5\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u5f00\u5934\uff0c\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u6216\u6570\u5b57\u7ed3\u5c3e\u3002 default \u6807\u7b7e\u9009\u62e9\u5668 \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u6dfb\u52a0\u6807\u7b7e\uff0cService \u6839\u636e\u6807\u7b7e\u9009\u62e9 Pod\uff0c\u586b\u5199\u540e\u70b9\u51fb\u201c\u6dfb\u52a0\u201d\u3002\u4e5f\u53ef\u4ee5\u5f15\u7528\u5df2\u6709\u5de5\u4f5c\u8d1f\u8f7d\u7684\u6807\u7b7e\uff0c\u70b9\u51fb \u5f15\u7528\u8d1f\u8f7d\u6807\u7b7e \uff0c\u5728\u5f39\u51fa\u7684\u7a97\u53e3\u4e2d\u9009\u62e9\u8d1f\u8f7d\uff0c\u7cfb\u7edf\u4f1a\u9ed8\u8ba4\u5c06\u6240\u9009\u7684\u8d1f\u8f7d\u6807\u7b7e\u4f5c\u4e3a\u9009\u62e9\u5668\u3002 app:job01 \u7aef\u53e3\u914d\u7f6e \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u4e3a\u670d\u52a1\u6dfb\u52a0\u534f\u8bae\u7aef\u53e3\uff0c\u9700\u8981\u5148\u9009\u62e9\u7aef\u53e3\u534f\u8bae\u7c7b\u578b\uff0c\u76ee\u524d\u652f\u6301 TCP\u3001UDP \u4e24\u79cd\u4f20\u8f93\u534f\u8bae\u3002\u7aef\u53e3\u540d\u79f0\uff1a\u8f93\u5165\u81ea\u5b9a\u4e49\u7684\u7aef\u53e3\u7684\u540d\u79f0\u3002\u670d\u52a1\u7aef\u53e3\uff08port\uff09\uff1aPod \u5bf9\u5916\u63d0\u4f9b\u670d\u52a1\u7684\u8bbf\u95ee\u7aef\u53e3\u3002\u5bb9\u5668\u7aef\u53e3\uff08targetport\uff09\uff1a\u5de5\u4f5c\u8d1f\u8f7d\u5b9e\u9645\u76d1\u542c\u7684\u5bb9\u5668\u7aef\u53e3\uff0c\u7528\u6765\u5bf9\u96c6\u7fa4\u5185\u66b4\u9732\u670d\u52a1\u3002 \u4f1a\u8bdd\u4fdd\u6301 \u3010\u7c7b\u578b\u3011\u9009\u586b\u3010\u542b\u4e49\u3011\u5f00\u542f\u540e\uff0c\u76f8\u540c\u5ba2\u6237\u7aef\u7684\u8bf7\u6c42\u5c06\u8f6c\u53d1\u81f3\u540c\u4e00 Pod \u5f00\u542f \u4f1a\u8bdd\u4fdd\u6301\u6700\u5927\u65f6\u957f \u3010\u7c7b\u578b\u3011\u9009\u586b\u3010\u542b\u4e49\u3011\u5f00\u542f\u4f1a\u8bdd\u4fdd\u6301\u540e\uff0c\u4fdd\u6301\u7684\u6700\u5927\u65f6\u957f\uff0c\u9ed8\u8ba4\u4e3a 30 \u79d2 30 \u79d2 \u6ce8\u89e3 \u3010\u7c7b\u578b\u3011\u9009\u586b\u3010\u542b\u4e49\u3011\u4e3a\u670d\u52a1\u6dfb\u52a0\u6ce8\u89e3"},{"location":"end-user/kpanda/network/create-services.html#nodeport","title":"\u521b\u5efa NodePort \u670d\u52a1","text":"\u70b9\u9009 \u8282\u70b9\u8bbf\u95ee\uff08NodePort\uff09 \uff0c\u8fd9\u662f\u6307\u901a\u8fc7\u6bcf\u4e2a\u8282\u70b9\u4e0a\u7684 IP \u548c\u9759\u6001\u7aef\u53e3\uff08 NodePort \uff09\u66b4\u9732\u670d\u52a1\u3002 NodePort \u670d\u52a1\u4f1a\u8def\u7531\u5230\u81ea\u52a8\u521b\u5efa\u7684 ClusterIP \u670d\u52a1\u3002\u901a\u8fc7\u8bf7\u6c42 <\u8282\u70b9 IP>:<\u8282\u70b9\u7aef\u53e3> \uff0c\u60a8\u53ef\u4ee5\u4ece\u96c6\u7fa4\u7684\u5916\u90e8\u8bbf\u95ee\u4e00\u4e2a NodePort \u670d\u52a1\u3002\u53c2\u8003\u4e0b\u8868\u914d\u7f6e\u53c2\u6570\u3002
\u53c2\u6570 \u8bf4\u660e \u4e3e\u4f8b\u503c \u8bbf\u95ee\u7c7b\u578b \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u6307\u5b9a Pod \u670d\u52a1\u53d1\u73b0\u7684\u65b9\u5f0f\uff0c\u8fd9\u91cc\u9009\u62e9\u8282\u70b9\u8bbf\u95ee\uff08NodePort\uff09\u3002 NodePort \u670d\u52a1\u540d\u79f0 \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u8f93\u5165\u65b0\u5efa\u670d\u52a1\u7684\u540d\u79f0\u3002\u3010\u6ce8\u610f\u3011\u8bf7\u8f93\u5165 4 \u5230 63 \u4e2a\u5b57\u7b26\u7684\u5b57\u7b26\u4e32\uff0c\u53ef\u4ee5\u5305\u542b\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u3001\u6570\u5b57\u548c\u4e2d\u5212\u7ebf\uff08-\uff09\uff0c\u5e76\u4ee5\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u5f00\u5934\uff0c\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u6216\u6570\u5b57\u7ed3\u5c3e\u3002 Svc-01 \u547d\u540d\u7a7a\u95f4 \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u9009\u62e9\u65b0\u5efa\u670d\u52a1\u6240\u5728\u7684\u547d\u540d\u7a7a\u95f4\u3002\u5173\u4e8e\u547d\u540d\u7a7a\u95f4\u66f4\u591a\u4fe1\u606f\u8bf7\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u6982\u8ff0\u3002\u3010\u6ce8\u610f\u3011\u8bf7\u8f93\u5165 4 \u5230 63 \u4e2a\u5b57\u7b26\u7684\u5b57\u7b26\u4e32\uff0c\u53ef\u4ee5\u5305\u542b\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u3001\u6570\u5b57\u548c\u4e2d\u5212\u7ebf\uff08-\uff09\uff0c\u5e76\u4ee5\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u5f00\u5934\uff0c\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u6216\u6570\u5b57\u7ed3\u5c3e\u3002 default \u6807\u7b7e\u9009\u62e9\u5668 \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u6dfb\u52a0\u6807\u7b7e\uff0cService \u6839\u636e\u6807\u7b7e\u9009\u62e9 Pod\uff0c\u586b\u5199\u540e\u70b9\u51fb\u201c\u6dfb\u52a0\u201d\u3002\u4e5f\u53ef\u4ee5\u5f15\u7528\u5df2\u6709\u5de5\u4f5c\u8d1f\u8f7d\u7684\u6807\u7b7e\uff0c\u70b9\u51fb \u5f15\u7528\u8d1f\u8f7d\u6807\u7b7e \uff0c\u5728\u5f39\u51fa\u7684\u7a97\u53e3\u4e2d\u9009\u62e9\u8d1f\u8f7d\uff0c\u7cfb\u7edf\u4f1a\u9ed8\u8ba4\u5c06\u6240\u9009\u7684\u8d1f\u8f7d\u6807\u7b7e\u4f5c\u4e3a\u9009\u62e9\u5668\u3002 \u7aef\u53e3\u914d\u7f6e \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u4e3a\u670d\u52a1\u6dfb\u52a0\u534f\u8bae\u7aef\u53e3\uff0c\u9700\u8981\u5148\u9009\u62e9\u7aef\u53e3\u534f\u8bae\u7c7b\u578b\uff0c\u76ee\u524d\u652f\u6301 TCP\u3001UDP \u4e24\u79cd\u4f20\u8f93\u534f\u8bae\u3002\u7aef\u53e3\u540d\u79f0\uff1a\u8f93\u5165\u81ea\u5b9a\u4e49\u7684\u7aef\u53e3\u7684\u540d\u79f0\u3002\u670d\u52a1\u7aef\u53e3\uff08port\uff09\uff1aPod \u5bf9\u5916\u63d0\u4f9b\u670d\u52a1\u7684\u8bbf\u95ee\u7aef\u53e3\u3002\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u65b9\u4fbf\u8d77\u89c1\uff0c\u670d\u52a1\u7aef\u53e3\u88ab\u8bbe\u7f6e\u4e3a\u4e0e\u5bb9\u5668\u7aef\u53e3\u5b57\u6bb5\u76f8\u540c\u7684\u503c\u3002\u5bb9\u5668\u7aef\u53e3\uff08targetport\uff09\uff1a\u5de5\u4f5c\u8d1f\u8f7d\u5b9e\u9645\u76d1\u542c\u7684\u5bb9\u5668\u7aef\u53e3\u3002\u8282\u70b9\u7aef\u53e3\uff08nodeport\uff09\uff1a\u8282\u70b9\u7684\u7aef\u53e3\uff0c\u63a5\u6536\u6765\u81ea ClusterIP \u4f20\u8f93\u7684\u6d41\u91cf\u3002\u7528\u6765\u505a\u5916\u90e8\u6d41\u91cf\u8bbf\u95ee\u7684\u5165\u53e3\u3002 \u4f1a\u8bdd\u4fdd\u6301 \u3010\u7c7b\u578b\u3011\u9009\u586b\u3010\u542b\u4e49\u3011\u5f00\u542f\u540e\uff0c\u76f8\u540c\u5ba2\u6237\u7aef\u7684\u8bf7\u6c42\u5c06\u8f6c\u53d1\u81f3\u540c\u4e00 Pod\u5f00\u542f\u540e Service \u7684.spec.sessionAffinity
\u4e3a ClientIP \uff0c\u8be6\u60c5\u8bf7\u53c2\u8003\uff1aService \u7684\u4f1a\u8bdd\u4eb2\u548c\u6027 \u5f00\u542f \u4f1a\u8bdd\u4fdd\u6301\u6700\u5927\u65f6\u957f \u3010\u7c7b\u578b\u3011\u9009\u586b\u3010\u542b\u4e49\u3011\u5f00\u542f\u4f1a\u8bdd\u4fdd\u6301\u540e\uff0c\u4fdd\u6301\u7684\u6700\u5927\u65f6\u957f\uff0c\u9ed8\u8ba4\u8d85\u65f6\u65f6\u957f\u4e3a 30 \u79d2.spec.sessionAffinityConfig.clientIP.timeoutSeconds \u9ed8\u8ba4\u8bbe\u7f6e\u4e3a 30 \u79d2 30 \u79d2 \u6ce8\u89e3 \u3010\u7c7b\u578b\u3011\u9009\u586b\u3010\u542b\u4e49\u3011\u4e3a\u670d\u52a1\u6dfb\u52a0\u6ce8\u89e3"},{"location":"end-user/kpanda/network/create-services.html#loadbalancer","title":"\u521b\u5efa LoadBalancer \u670d\u52a1","text":"\u70b9\u9009 \u8d1f\u8f7d\u5747\u8861\uff08LoadBalancer\uff09 \uff0c\u8fd9\u662f\u6307\u4f7f\u7528\u4e91\u63d0\u4f9b\u5546\u7684\u8d1f\u8f7d\u5747\u8861\u5668\u5411\u5916\u90e8\u66b4\u9732\u670d\u52a1\u3002 \u5916\u90e8\u8d1f\u8f7d\u5747\u8861\u5668\u53ef\u4ee5\u5c06\u6d41\u91cf\u8def\u7531\u5230\u81ea\u52a8\u521b\u5efa\u7684 NodePort \u670d\u52a1\u548c ClusterIP \u670d\u52a1\u4e0a\u3002\u53c2\u8003\u4e0b\u8868\u914d\u7f6e\u53c2\u6570\u3002
\u53c2\u6570 \u8bf4\u660e \u4e3e\u4f8b\u503c \u8bbf\u95ee\u7c7b\u578b \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u6307\u5b9a Pod \u670d\u52a1\u53d1\u73b0\u7684\u65b9\u5f0f\uff0c\u8fd9\u91cc\u9009\u62e9\u8d1f\u8f7d\u5747\u8861\uff08LoadBalancer\uff09\u3002 LoadBalancer \u670d\u52a1\u540d\u79f0 \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u8f93\u5165\u65b0\u5efa\u670d\u52a1\u7684\u540d\u79f0\u3002\u3010\u6ce8\u610f\u3011\u8bf7\u8f93\u5165 4 \u5230 63 \u4e2a\u5b57\u7b26\u7684\u5b57\u7b26\u4e32\uff0c\u53ef\u4ee5\u5305\u542b\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u3001\u6570\u5b57\u548c\u4e2d\u5212\u7ebf\uff08-\uff09\uff0c\u5e76\u4ee5\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u5f00\u5934\uff0c\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u6216\u6570\u5b57\u7ed3\u5c3e\u3002 Svc-01 \u547d\u540d\u7a7a\u95f4 \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u9009\u62e9\u65b0\u5efa\u670d\u52a1\u6240\u5728\u7684\u547d\u540d\u7a7a\u95f4\u3002\u5173\u4e8e\u547d\u540d\u7a7a\u95f4\u66f4\u591a\u4fe1\u606f\u8bf7\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u6982\u8ff0\u3002\u3010\u6ce8\u610f\u3011\u8bf7\u8f93\u5165 4 \u5230 63 \u4e2a\u5b57\u7b26\u7684\u5b57\u7b26\u4e32\uff0c\u53ef\u4ee5\u5305\u542b\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u3001\u6570\u5b57\u548c\u4e2d\u5212\u7ebf\uff08-\uff09\uff0c\u5e76\u4ee5\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u5f00\u5934\uff0c\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u6216\u6570\u5b57\u7ed3\u5c3e\u3002 default \u5916\u90e8\u6d41\u91cf\u7b56\u7565 \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u8bbe\u7f6e\u5916\u90e8\u6d41\u91cf\u7b56\u7565\u3002Cluster\uff1a\u6d41\u91cf\u53ef\u4ee5\u8f6c\u53d1\u5230\u96c6\u7fa4\u4e2d\u6240\u6709\u8282\u70b9\u4e0a\u7684 Pod\u3002Local\uff1a\u6d41\u91cf\u53ea\u53d1\u7ed9\u672c\u8282\u70b9\u4e0a\u7684 Pod\u3002\u3010\u6ce8\u610f\u3011\u8bf7\u8f93\u5165 4 \u5230 63 \u4e2a\u5b57\u7b26\u7684\u5b57\u7b26\u4e32\uff0c\u53ef\u4ee5\u5305\u542b\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u3001\u6570\u5b57\u548c\u4e2d\u5212\u7ebf\uff08-\uff09\uff0c\u5e76\u4ee5\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u5f00\u5934\uff0c\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u6216\u6570\u5b57\u7ed3\u5c3e\u3002 \u6807\u7b7e\u9009\u62e9\u5668 \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u6dfb\u52a0\u6807\u7b7e\uff0cService \u6839\u636e\u6807\u7b7e\u9009\u62e9 Pod\uff0c\u586b\u5199\u540e\u70b9\u51fb\u201c\u6dfb\u52a0\u201d\u3002\u4e5f\u53ef\u4ee5\u5f15\u7528\u5df2\u6709\u5de5\u4f5c\u8d1f\u8f7d\u7684\u6807\u7b7e\uff0c\u70b9\u51fb \u5f15\u7528\u8d1f\u8f7d\u6807\u7b7e \uff0c\u5728\u5f39\u51fa\u7684\u7a97\u53e3\u4e2d\u9009\u62e9\u8d1f\u8f7d\uff0c\u7cfb\u7edf\u4f1a\u9ed8\u8ba4\u5c06\u6240\u9009\u7684\u8d1f\u8f7d\u6807\u7b7e\u4f5c\u4e3a\u9009\u62e9\u5668\u3002 \u8d1f\u8f7d\u5747\u8861\u7c7b\u578b \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u4f7f\u7528\u7684\u8d1f\u8f7d\u5747\u8861\u7c7b\u578b\uff0c\u5f53\u524d\u652f\u6301 MetalLB \u548c\u5176\u4ed6\u3002 MetalLB IP \u6c60 \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u9009\u62e9\u7684 \u8d1f\u8f7d\u5747\u8861\u7c7b\u578b\u4e3a MetalLB \u65f6\uff0cLoadBalancer Service\u9ed8\u8ba4\u4f1a\u4ece\u8fd9\u4e2a\u6c60\u4e2d\u5206\u914d IP \u5730\u5740, \u5e76\u4e14\u901a\u8fc7 APR \u5ba3\u544a\u8fd9\u4e2a\u6c60\u4e2d\u7684\u6240\u6709 IP \u5730\u5740 \u8d1f\u8f7d\u5747\u8861\u5730\u5740 \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u30111.\u5982\u4f7f\u7528\u7684\u662f\u516c\u6709\u4e91 CloudProvider\uff0c\u6b64\u5904\u586b\u5199\u7684\u4e3a\u4e91\u5382\u5546\u63d0\u4f9b\u7684\u8d1f\u8f7d\u5747\u8861\u5730\u5740\uff1b2.\u5982\u679c\u4e0a\u8ff0\u8d1f\u8f7d\u5747\u8861\u7c7b\u578b\u9009\u62e9\u4e3a MetalLB \uff0c\u9ed8\u8ba4\u4ece\u4e0a\u8ff0 IP \u6c60\u4e2d\u83b7\u53d6 IP \uff0c\u5982\u679c\u4e0d\u586b\u5219\u81ea\u52a8\u83b7\u53d6\u3002 \u7aef\u53e3\u914d\u7f6e \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u4e3a\u670d\u52a1\u6dfb\u52a0\u534f\u8bae\u7aef\u53e3\uff0c\u9700\u8981\u5148\u9009\u62e9\u7aef\u53e3\u534f\u8bae\u7c7b\u578b\uff0c\u76ee\u524d\u652f\u6301 TCP\u3001UDP \u4e24\u79cd\u4f20\u8f93\u534f\u8bae\u3002\u7aef\u53e3\u540d\u79f0\uff1a\u8f93\u5165\u81ea\u5b9a\u4e49\u7684\u7aef\u53e3\u7684\u540d\u79f0\u3002\u670d\u52a1\u7aef\u53e3\uff08port\uff09\uff1aPod \u5bf9\u5916\u63d0\u4f9b\u670d\u52a1\u7684\u8bbf\u95ee\u7aef\u53e3\u3002\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u65b9\u4fbf\u8d77\u89c1\uff0c\u670d\u52a1\u7aef\u53e3\u88ab\u8bbe\u7f6e\u4e3a\u4e0e\u5bb9\u5668\u7aef\u53e3\u5b57\u6bb5\u76f8\u540c\u7684\u503c\u3002\u5bb9\u5668\u7aef\u53e3\uff08targetport\uff09\uff1a\u5de5\u4f5c\u8d1f\u8f7d\u5b9e\u9645\u76d1\u542c\u7684\u5bb9\u5668\u7aef\u53e3\u3002\u8282\u70b9\u7aef\u53e3\uff08nodeport\uff09\uff1a\u8282\u70b9\u7684\u7aef\u53e3\uff0c\u63a5\u6536\u6765\u81ea ClusterIP \u4f20\u8f93\u7684\u6d41\u91cf\u3002\u7528\u6765\u505a\u5916\u90e8\u6d41\u91cf\u8bbf\u95ee\u7684\u5165\u53e3\u3002 \u6ce8\u89e3 \u3010\u7c7b\u578b\u3011\u9009\u586b\u3010\u542b\u4e49\u3011\u4e3a\u670d\u52a1\u6dfb\u52a0\u6ce8\u89e3"},{"location":"end-user/kpanda/network/create-services.html#externalname","title":"\u521b\u5efa ExternalName \u670d\u52a1","text":"\u70b9\u9009 \u5916\u90e8\u670d\u52a1\uff08ExternalName\uff09 \uff0c\u8fd9\u662f\u6307\u901a\u8fc7\u5c06\u670d\u52a1\u6620\u5c04\u5230\u5916\u90e8\u57df\u540d\u6765\u66b4\u9732\u670d\u52a1\u3002\u9009\u62e9\u6b64\u9879\u7684\u670d\u52a1\u4e0d\u4f1a\u521b\u5efa\u5178\u578b\u7684 ClusterIP \u6216 NodePort\uff0c\u800c\u662f\u901a\u8fc7 DNS \u540d\u79f0\u89e3\u6790\u5c06\u8bf7\u6c42\u91cd\u5b9a\u5411\u5230\u5916\u90e8\u7684\u670d\u52a1\u5730\u5740\u3002\u53c2\u8003\u4e0b\u8868\u914d\u7f6e\u53c2\u6570\u3002
\u53c2\u6570 \u8bf4\u660e \u4e3e\u4f8b\u503c \u8bbf\u95ee\u7c7b\u578b \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u6307\u5b9a Pod \u670d\u52a1\u53d1\u73b0\u7684\u65b9\u5f0f\uff0c\u8fd9\u91cc\u9009\u62e9\u5916\u90e8\u670d\u52a1\uff08ExternalName\uff09\u3002 ExternalName \u670d\u52a1\u540d\u79f0 \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u8f93\u5165\u65b0\u5efa\u670d\u52a1\u7684\u540d\u79f0\u3002\u3010\u6ce8\u610f\u3011\u8bf7\u8f93\u5165 4 \u5230 63 \u4e2a\u5b57\u7b26\u7684\u5b57\u7b26\u4e32\uff0c\u53ef\u4ee5\u5305\u542b\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u3001\u6570\u5b57\u548c\u4e2d\u5212\u7ebf\uff08-\uff09\uff0c\u5e76\u4ee5\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u5f00\u5934\uff0c\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u6216\u6570\u5b57\u7ed3\u5c3e\u3002 Svc-01 \u547d\u540d\u7a7a\u95f4 \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u9009\u62e9\u65b0\u5efa\u670d\u52a1\u6240\u5728\u7684\u547d\u540d\u7a7a\u95f4\u3002\u5173\u4e8e\u547d\u540d\u7a7a\u95f4\u66f4\u591a\u4fe1\u606f\u8bf7\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u6982\u8ff0\u3002\u3010\u6ce8\u610f\u3011\u8bf7\u8f93\u5165 4 \u5230 63 \u4e2a\u5b57\u7b26\u7684\u5b57\u7b26\u4e32\uff0c\u53ef\u4ee5\u5305\u542b\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u3001\u6570\u5b57\u548c\u4e2d\u5212\u7ebf\uff08-\uff09\uff0c\u5e76\u4ee5\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u5f00\u5934\uff0c\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u6216\u6570\u5b57\u7ed3\u5c3e\u3002 default \u57df\u540d \u3010\u7c7b\u578b\u3011\u5fc5\u586b"},{"location":"end-user/kpanda/network/create-services.html#_3","title":"\u5b8c\u6210\u670d\u52a1\u521b\u5efa","text":"\u914d\u7f6e\u5b8c\u6240\u6709\u53c2\u6570\u540e\uff0c\u70b9\u51fb \u786e\u5b9a \u6309\u94ae\uff0c\u81ea\u52a8\u8fd4\u56de\u670d\u52a1\u5217\u8868\u3002\u5728\u5217\u8868\u53f3\u4fa7\uff0c\u70b9\u51fb \u2507 \uff0c\u53ef\u4ee5\u4fee\u6539\u6216\u5220\u9664\u6240\u9009\u670d\u52a1\u3002
"},{"location":"end-user/kpanda/network/network-policy.html","title":"\u7f51\u7edc\u7b56\u7565","text":"\u7f51\u7edc\u7b56\u7565\uff08NetworkPolicy\uff09\u53ef\u4ee5\u5728 IP \u5730\u5740\u6216\u7aef\u53e3\u5c42\u9762\uff08OSI \u7b2c 3 \u5c42\u6216\u7b2c 4 \u5c42\uff09\u63a7\u5236\u7f51\u7edc\u6d41\u91cf\u3002\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u76ee\u524d\u652f\u6301\u521b\u5efa\u57fa\u4e8e Pod \u6216\u547d\u540d\u7a7a\u95f4\u7684\u7f51\u7edc\u7b56\u7565\uff0c\u652f\u6301\u901a\u8fc7\u6807\u7b7e\u9009\u62e9\u5668\u6765\u8bbe\u5b9a\u54ea\u4e9b\u6d41\u91cf\u53ef\u4ee5\u8fdb\u5165\u6216\u79bb\u5f00\u5e26\u6709\u7279\u5b9a\u6807\u7b7e\u7684 Pod\u3002
\u6709\u5173\u7f51\u7edc\u7b56\u7565\u7684\u66f4\u591a\u8be6\u60c5\uff0c\u53ef\u53c2\u8003 Kubernetes \u5b98\u65b9\u6587\u6863\u7f51\u7edc\u7b56\u7565\u3002
"},{"location":"end-user/kpanda/network/network-policy.html#_2","title":"\u521b\u5efa\u7f51\u7edc\u7b56\u7565","text":"\u76ee\u524d\u652f\u6301\u901a\u8fc7 YAML \u548c\u8868\u5355\u4e24\u79cd\u65b9\u5f0f\u521b\u5efa\u7f51\u7edc\u7b56\u7565\uff0c\u8fd9\u4e24\u79cd\u65b9\u5f0f\u5404\u6709\u4f18\u52a3\uff0c\u53ef\u4ee5\u6ee1\u8db3\u4e0d\u540c\u7528\u6237\u7684\u4f7f\u7528\u9700\u6c42\u3002
\u901a\u8fc7 YAML \u521b\u5efa\u6b65\u9aa4\u66f4\u5c11\u3001\u66f4\u9ad8\u6548\uff0c\u4f46\u95e8\u69db\u8981\u6c42\u8f83\u9ad8\uff0c\u9700\u8981\u719f\u6089\u7f51\u7edc\u7b56\u7565\u7684 YAML \u6587\u4ef6\u914d\u7f6e\u3002
\u901a\u8fc7\u8868\u5355\u521b\u5efa\u66f4\u76f4\u89c2\u66f4\u7b80\u5355\uff0c\u6839\u636e\u63d0\u793a\u586b\u5199\u5bf9\u5e94\u7684\u503c\u5373\u53ef\uff0c\u4f46\u6b65\u9aa4\u66f4\u52a0\u7e41\u7410\u3002
"},{"location":"end-user/kpanda/network/network-policy.html#yaml","title":"YAML \u521b\u5efa","text":"\u5728\u96c6\u7fa4\u5217\u8868\u4e2d\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u7136\u540e\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u5bb9\u5668\u7f51\u7edc -> \u7f51\u7edc\u7b56\u7565 -> YAML \u521b\u5efa \u3002
\u5728\u5f39\u6846\u4e2d\u8f93\u5165\u6216\u7c98\u8d34\u4e8b\u5148\u51c6\u5907\u597d\u7684 YAML \u6587\u4ef6\uff0c\u7136\u540e\u5728\u5f39\u6846\u5e95\u90e8\u70b9\u51fb \u786e\u5b9a \u3002
\u5728\u96c6\u7fa4\u5217\u8868\u4e2d\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u7136\u540e\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u5bb9\u5668\u7f51\u7edc -> \u7f51\u7edc\u7b56\u7565 -> \u521b\u5efa\u7b56\u7565 \u3002
\u586b\u5199\u57fa\u672c\u4fe1\u606f\u3002
\u540d\u79f0\u548c\u547d\u540d\u7a7a\u95f4\u5728\u521b\u5efa\u4e4b\u540e\u4e0d\u53ef\u66f4\u6539\u3002
\u586b\u5199\u7b56\u7565\u914d\u7f6e\u3002
\u7b56\u7565\u914d\u7f6e\u5206\u4e3a\u5165\u6d41\u91cf\u7b56\u7565\u548c\u51fa\u6d41\u91cf\u7b56\u7565\u3002\u5982\u679c\u6e90 Pod \u60f3\u8981\u6210\u529f\u8fde\u63a5\u5230\u76ee\u6807 Pod\uff0c\u6e90 Pod \u7684\u51fa\u6d41\u91cf\u7b56\u7565\u548c\u76ee\u6807 Pod \u7684\u5165\u6d41\u91cf\u7b56\u7565\u90fd\u9700\u8981\u5141\u8bb8\u8fde\u63a5\u3002\u5982\u679c\u4efb\u4f55\u4e00\u65b9\u4e0d\u5141\u8bb8\u8fde\u63a5\uff0c\u90fd\u4f1a\u5bfc\u81f4\u8fde\u63a5\u5931\u8d25\u3002
\u5165\u6d41\u91cf\u7b56\u7565\uff1a\u70b9\u51fb \u2795 \u5f00\u59cb\u914d\u7f6e\u7b56\u7565\uff0c\u652f\u6301\u914d\u7f6e\u591a\u6761\u7b56\u7565\u3002\u591a\u6761\u7f51\u7edc\u7b56\u7565\u7684\u6548\u679c\u76f8\u4e92\u53e0\u52a0\uff0c\u53ea\u6709\u540c\u65f6\u6ee1\u8db3\u6240\u6709\u7f51\u7edc\u7b56\u7565\uff0c\u624d\u80fd\u6210\u529f\u5efa\u7acb\u8fde\u63a5\u3002
\u51fa\u6d41\u91cf\u7b56\u7565
\u5728\u96c6\u7fa4\u5217\u8868\u4e2d\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u7136\u540e\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u5bb9\u5668\u7f51\u7edc -> \u7f51\u7edc\u7b56\u7565 \uff0c\u70b9\u51fb\u7f51\u7edc\u7b56\u7565\u7684\u540d\u79f0\u3002
\u67e5\u770b\u8be5\u7b56\u7565\u7684\u57fa\u672c\u914d\u7f6e\u3001\u5173\u8054\u5b9e\u4f8b\u4fe1\u606f\u3001\u5165\u6d41\u91cf\u7b56\u7565\u3001\u51fa\u6d41\u91cf\u7b56\u7565\u3002
Info
\u5728\u5173\u8054\u5b9e\u4f8b\u9875\u7b7e\u4e0b\uff0c\u652f\u6301\u67e5\u770b\u5b9e\u4f8b\u76d1\u63a7\u3001\u65e5\u5fd7\u3001\u5bb9\u5668\u5217\u8868\u3001YAML \u6587\u4ef6\u3001\u4e8b\u4ef6\u7b49\u3002
"},{"location":"end-user/kpanda/network/network-policy.html#_5","title":"\u66f4\u65b0\u7f51\u7edc\u7b56\u7565","text":"\u6709\u4e24\u79cd\u9014\u5f84\u53ef\u4ee5\u66f4\u65b0\u7f51\u7edc\u7b56\u7565\u3002\u652f\u6301\u901a\u8fc7\u8868\u5355\u6216 YAML \u6587\u4ef6\u66f4\u65b0\u7f51\u7edc\u7b56\u7565\u3002
\u5728\u7f51\u7edc\u7b56\u7565\u5217\u8868\u9875\u9762\uff0c\u627e\u5230\u9700\u8981\u66f4\u65b0\u7684\u7b56\u7565\uff0c\u5728\u53f3\u4fa7\u7684\u64cd\u4f5c\u680f\u4e0b\u9009\u62e9 \u66f4\u65b0 \u5373\u53ef\u901a\u8fc7\u8868\u5355\u66f4\u65b0\uff0c\u9009\u62e9 \u7f16\u8f91 YAML \u5373\u53ef\u901a\u8fc7 YAML \u66f4\u65b0\u3002
\u70b9\u51fb\u7f51\u7edc\u7b56\u7565\u7684\u540d\u79f0\uff0c\u8fdb\u5165\u7f51\u7edc\u7b56\u7565\u7684\u8be6\u60c5\u9875\u9762\u540e\uff0c\u5728\u9875\u9762\u53f3\u4e0a\u89d2\u9009\u62e9 \u66f4\u65b0 \u5373\u53ef\u901a\u8fc7\u8868\u5355\u66f4\u65b0\uff0c\u9009\u62e9 \u7f16\u8f91 YAML \u5373\u53ef\u901a\u8fc7 YAML \u66f4\u65b0\u3002
\u6709\u4e24\u79cd\u9014\u5f84\u53ef\u4ee5\u5220\u9664\u7f51\u7edc\u7b56\u7565\u3002\u652f\u6301\u901a\u8fc7\u8868\u5355\u6216 YAML \u6587\u4ef6\u66f4\u65b0\u7f51\u7edc\u7b56\u7565\u3002
\u5728\u7f51\u7edc\u7b56\u7565\u5217\u8868\u9875\u9762\uff0c\u627e\u5230\u9700\u8981\u66f4\u65b0\u7684\u7b56\u7565\uff0c\u5728\u53f3\u4fa7\u7684\u64cd\u4f5c\u680f\u4e0b\u9009\u62e9 \u66f4\u65b0 \u5373\u53ef\u901a\u8fc7\u8868\u5355\u66f4\u65b0\uff0c\u9009\u62e9 \u7f16\u8f91 YAML \u5373\u53ef\u901a\u8fc7 YAML \u5220\u9664\u3002
\u70b9\u51fb\u7f51\u7edc\u7b56\u7565\u7684\u540d\u79f0\uff0c\u8fdb\u5165\u7f51\u7edc\u7b56\u7565\u7684\u8be6\u60c5\u9875\u9762\u540e\uff0c\u5728\u9875\u9762\u53f3\u4e0a\u89d2\u9009\u62e9 \u66f4\u65b0 \u5373\u53ef\u901a\u8fc7\u8868\u5355\u66f4\u65b0\uff0c\u9009\u62e9 \u7f16\u8f91 YAML \u5373\u53ef\u901a\u8fc7 YAML \u5220\u9664\u3002
\u968f\u7740\u4e1a\u52a1\u5e94\u7528\u4e0d\u65ad\u589e\u957f\uff0c\u96c6\u7fa4\u8d44\u6e90\u65e5\u8d8b\u7d27\u5f20\uff0c\u8fd9\u65f6\u53ef\u4ee5\u57fa\u4e8e kubean \u5bf9\u96c6\u7fa4\u8282\u70b9\u8fdb\u884c\u6269\u5bb9\u3002\u6269\u5bb9\u540e\uff0c\u5e94\u7528\u53ef\u4ee5\u8fd0\u884c\u5728\u65b0\u589e\u7684\u8282\u70b9\u4e0a\uff0c\u7f13\u89e3\u8d44\u6e90\u538b\u529b\u3002
\u53ea\u6709\u901a\u8fc7\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u521b\u5efa\u7684\u96c6\u7fa4\u624d\u652f\u6301\u8282\u70b9\u6269\u7f29\u5bb9\uff0c\u4ece\u5916\u90e8\u63a5\u5165\u7684\u96c6\u7fa4\u4e0d\u652f\u6301\u6b64\u64cd\u4f5c\u3002\u672c\u6587\u4e3b\u8981\u4ecb\u7ecd\u540c\u79cd\u67b6\u6784\u4e0b\u5de5\u4f5c\u96c6\u7fa4\u7684 \u5de5\u4f5c\u8282\u70b9 \u6269\u5bb9\u3002
\u5728 \u96c6\u7fa4\u5217\u8868 \u9875\u9762\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\u3002
\u82e5 \u96c6\u7fa4\u89d2\u8272 \u4e2d\u5e26\u6709 \u63a5\u5165\u96c6\u7fa4 \u7684\u6807\u7b7e\uff0c\u5219\u8bf4\u660e\u8be5\u96c6\u7fa4\u4e0d\u652f\u6301\u8282\u70b9\u6269\u7f29\u5bb9\u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u8282\u70b9\u7ba1\u7406 \uff0c\u7136\u540e\u5728\u9875\u9762\u53f3\u4e0a\u89d2\u70b9\u51fb \u63a5\u5165\u8282\u70b9 \u3002
\u8f93\u5165\u4e3b\u673a\u540d\u79f0\u548c\u8282\u70b9 IP \u5e76\u70b9\u51fb \u786e\u5b9a \u3002
\u70b9\u51fb \u2795 \u6dfb\u52a0\u5de5\u4f5c\u8282\u70b9 \u53ef\u4ee5\u7ee7\u7eed\u63a5\u5165\u66f4\u591a\u8282\u70b9\u3002
Note
\u63a5\u5165\u8282\u70b9\u5927\u7ea6\u9700\u8981 20 \u5206\u949f\uff0c\u8bf7\u60a8\u8010\u5fc3\u7b49\u5f85\u3002
"},{"location":"end-user/kpanda/nodes/add-node.html#_2","title":"\u53c2\u8003\u6587\u6863","text":"\u5f53\u4e1a\u52a1\u9ad8\u5cf0\u671f\u7ed3\u675f\u4e4b\u540e\uff0c\u4e3a\u4e86\u8282\u7701\u8d44\u6e90\u6210\u672c\uff0c\u53ef\u4ee5\u7f29\u5c0f\u96c6\u7fa4\u89c4\u6a21\uff0c\u5378\u8f7d\u5197\u4f59\u7684\u8282\u70b9\uff0c\u5373\u8282\u70b9\u7f29\u5bb9\u3002\u8282\u70b9\u5378\u8f7d\u540e\uff0c\u5e94\u7528\u65e0\u6cd5\u7ee7\u7eed\u8fd0\u884c\u5728\u8be5\u8282\u70b9\u4e0a\u3002
"},{"location":"end-user/kpanda/nodes/delete-node.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u96c6\u7fa4\u8282\u70b9\u7f29\u5bb9\u65f6\uff0c\u53ea\u80fd\u9010\u4e2a\u8fdb\u884c\u5378\u8f7d\uff0c\u65e0\u6cd5\u6279\u91cf\u5378\u8f7d\u3002
\u5982\u9700\u5378\u8f7d\u96c6\u7fa4\u63a7\u5236\u5668\u8282\u70b9\uff0c\u9700\u8981\u786e\u4fdd\u6700\u7ec8\u63a7\u5236\u5668\u8282\u70b9\u6570\u4e3a \u5947\u6570\u3002
\u96c6\u7fa4\u8282\u70b9\u7f29\u5bb9\u65f6\u4e0d\u53ef\u4e0b\u7ebf \u7b2c\u4e00\u4e2a\u63a7\u5236\u5668 \u8282\u70b9\u3002\u5982\u679c\u5fc5\u987b\u6267\u884c\u6b64\u64cd\u4f5c\uff0c\u8bf7\u8054\u7cfb\u552e\u540e\u5de5\u7a0b\u5e08\u3002
\u5728 \u96c6\u7fa4\u5217\u8868 \u9875\u9762\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\u3002
\u82e5 \u96c6\u7fa4\u89d2\u8272 \u4e2d\u5e26\u6709 \u63a5\u5165\u96c6\u7fa4 \u7684\u6807\u7b7e\uff0c\u5219\u8bf4\u660e\u8be5\u96c6\u7fa4\u4e0d\u652f\u6301\u8282\u70b9\u6269\u7f29\u5bb9\u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u8282\u70b9\u7ba1\u7406 \uff0c\u627e\u5230\u9700\u8981\u5378\u8f7d\u7684\u8282\u70b9\uff0c\u70b9\u51fb \u2507 \u9009\u62e9 \u79fb\u9664\u8282\u70b9 \u3002
\u8f93\u5165\u8282\u70b9\u540d\u79f0\uff0c\u5e76\u70b9\u51fb \u5220\u9664 \u8fdb\u884c\u786e\u8ba4\u3002
\u6807\u7b7e\uff08Labels\uff09\u662f\u4e3a Pod\u3001\u8282\u70b9\u3001\u96c6\u7fa4\u7b49 Kubernetes \u5bf9\u8c61\u6dfb\u52a0\u7684\u6807\u8bc6\u6027\u952e\u503c\u5bf9\uff0c\u53ef\u7ed3\u5408\u6807\u7b7e\u9009\u62e9\u5668\u67e5\u627e\u5e76\u7b5b\u9009\u6ee1\u8db3\u67d0\u4e9b\u6761\u4ef6\u7684 Kubernetes \u5bf9\u8c61\u3002\u6bcf\u4e2a\u952e\u5bf9\u4e8e\u7ed9\u5b9a\u5bf9\u8c61\u5fc5\u987b\u662f\u552f\u4e00\u7684\u3002
\u6ce8\u89e3\uff08Annotations\uff09\u548c\u6807\u7b7e\u4e00\u6837\uff0c\u4e5f\u662f\u952e/\u503c\u5bf9\uff0c\u4f46\u4e0d\u5177\u5907\u6807\u8bc6\u6216\u7b5b\u9009\u529f\u80fd\u3002 \u4f7f\u7528\u6ce8\u89e3\u53ef\u4ee5\u4e3a\u8282\u70b9\u6dfb\u52a0\u4efb\u610f\u7684\u5143\u6570\u636e\u3002 \u6ce8\u89e3\u7684\u952e\u901a\u5e38\u4f7f\u7528\u7684\u683c\u5f0f\u4e3a \u524d\u7f00\uff08\u53ef\u9009\uff09/\u540d\u79f0\uff08\u5fc5\u586b\uff09 \uff0c\u4f8b\u5982 nfd.node.kubernetes.io/extended-resources \u3002 \u5982\u679c\u7701\u7565\u524d\u7f00\uff0c\u8868\u793a\u8be5\u6ce8\u89e3\u952e\u662f\u7528\u6237\u79c1\u6709\u7684\u3002
\u6709\u5173\u6807\u7b7e\u548c\u6ce8\u89e3\u7684\u66f4\u591a\u4fe1\u606f\uff0c\u53ef\u53c2\u8003 Kubernetes \u7684\u5b98\u65b9\u6587\u6863\u6807\u7b7e\u548c\u9009\u62e9\u7b97\u7b26\u6216\u6ce8\u89e3\u3002
\u6dfb\u52a0/\u5220\u9664\u6807\u7b7e\u4e0e\u6ce8\u89e3\u7684\u6b65\u9aa4\u5982\u4e0b\uff1a
\u5728 \u96c6\u7fa4\u5217\u8868 \u9875\u9762\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u8282\u70b9\u7ba1\u7406 \uff0c\u5728\u8282\u70b9\u53f3\u4fa7\u70b9\u51fb \u2507 \u64cd\u4f5c\u56fe\u6807\uff0c\u70b9\u51fb \u4fee\u6539\u6807\u7b7e \u6216 \u4fee\u6539\u6ce8\u89e3 \u3002
\u70b9\u51fb \u2795 \u6dfb\u52a0 \u53ef\u4ee5\u6dfb\u52a0\u6807\u7b7e\u6216\u6ce8\u89e3\uff0c\u70b9\u51fb X \u53ef\u4ee5\u5220\u9664\u6807\u7b7e\u6216\u6ce8\u89e3\uff0c\u6700\u540e\u70b9\u51fb \u786e\u5b9a \u3002
\u5982\u679c\u60a8\u9009\u62e9\u4f7f\u7528 SSH \u5bc6\u94a5\u4f5c\u4e3a\u5f85\u521b\u5efa\u96c6\u7fa4\u7684\u8282\u70b9\u8ba4\u8bc1\u65b9\u5f0f\uff0c\u60a8\u9700\u8981\u6309\u7167\u5982\u4e0b\u8bf4\u660e\u914d\u7f6e\u516c\u79c1\u94a5\u3002
\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5728 \u5f85\u5efa\u96c6\u7fa4\u7684\u7ba1\u7406\u96c6\u7fa4\u4e2d\u7684\u4efb\u610f\u8282\u70b9 \u4e0a\u751f\u6210\u516c\u79c1\u94a5\u3002
cd /root/.ssh\nssh-keygen -t rsa\n
\u6267\u884c ls \u547d\u4ee4\u67e5\u770b\u7ba1\u7406\u96c6\u7fa4\u4e0a\u7684\u5bc6\u94a5\u662f\u5426\u521b\u5efa\u6210\u529f\uff0c\u6b63\u786e\u53cd\u9988\u5982\u4e0b\uff1a
ls\nid_rsa id_rsa.pub known_hosts\n
\u5176\u4e2d\u540d\u4e3a id_rsa \u7684\u6587\u4ef6\u662f\u79c1\u94a5\uff0c\u540d\u4e3a id_rsa.pub \u7684\u6587\u4ef6\u662f\u516c\u94a5\u3002
\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5206\u522b\u5c06\u516c\u94a5\u6587\u4ef6 id_rsa.pub \u52a0\u8f7d\u5230\u5f85\u521b\u5efa\u96c6\u7fa4\u7684\u6240\u6709\u8282\u70b9\u4e0a\u3002
ssh-copy-id -i /root/.ssh/id_rsa.pub root@10.0.0.0\n
\u5c06\u4e0a\u9762\u547d\u4ee4\u4e2d\u7684 root@10.0.0.0 \u7528\u6237\u8d26\u53f7\u548c\u8282\u70b9 IP \u66ff\u6362\u4e3a\u5f85\u521b\u5efa\u96c6\u7fa4\u7684\u8282\u70b9\u7528\u6237\u540d\u548c IP\u3002** \u9700\u8981\u5728\u5f85\u521b\u5efa\u96c6\u7fa4\u7684\u6bcf\u53f0\u8282\u70b9\u90fd\u6267\u884c\u76f8\u540c\u7684\u64cd\u4f5c **\u3002
\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u67e5\u770b\u6b65\u9aa4 1 \u6240\u521b\u5efa\u7684\u79c1\u94a5\u6587\u4ef6 id_rsa \u3002
cat /root/.ssh/id_rsa\n
\u8f93\u51fa\u5982\u4e0b\u5185\u5bb9\uff1a
-----BEGIN RSA PRIVATE KEY-----\nMIIEpQIBAAKCAQEA3UvyKINzY5BFuemQ+uJ6q+GqgfvnWwNC8HzZhpcMSjJy26MM\nUtBEBJxy8fMi57XcjYxPibXW/wnd+32ICCycqCwByUmuXeCC1cjlCQDqjcAvXae7\nY54IXGF7wm2IsMNwf0kjFEXjuS48FLDA0mGRaN3BG+Up5geXcHckg3K5LD8kXFFx\ndEmSIjdyw55NaUitmEdHzN7cIdfi6Z56jcV8dcFBgWKUx+ebiyPmZBkXToz6GnMF\nrswzzZCl+G6Jb2xTGy7g7ozb4BoZd1IpSD5EhDanRrESVE0C5YuJ5zUAC0CvVd1l\nv67AK8Ko6MXToHp01/bcsvlM6cqgwUFXZKVeOwIDAQABAoIBAQCO36GQlo3BEjxy\nM2HvGJmqrx+unDxafliRe4nVY2AD515Qf4xNSzke4QM1QoyenMOwf446krQkJPK0\nk+9nl6Xszby5gGCbK4BNFk8I6RaGPjZWeRx6zGUJf8avWJiPxx6yjz2esSC9RiR0\nF0nmiiefVMyAfgv2/5++dK2WUFNNRKLgSRRpP5bRaD5wMzzxtSSXrUon6217HO8p\n3RoWsI51MbVzhdVgpHUNABcoa0rpr9svT6XLKZxY8mxpKFYjM0Wv2JIDABg3kBvh\nQbJ7kStCO3naZjKMU9UuSqVJs06cflGYw7Or8/tABR3LErNQKPjkhAQqt0DXw7Iw\n3tKdTAJBAoGBAP687U7JAOqQkcphek2E/A/sbO/d37ix7Z3vNOy065STrA+ZWMZn\npZ6Ui1B/oJpoZssnfvIoz9sn559X0j67TljFALFd2ZGS0Fqh9KVCqDvfk+Vst1dq\n+3r/yZdTOyswoccxkJiC/GDwZGK0amJWqvob39JCZhDAKIGLbGMmjdAHAoGBAN5k\nm1WGnni1nZ+3dryIwgB6z1hWcnLTamzSET6KhSuo946ET0IRG9xtlheCx6dqICbr\nVk1Y4NtRZjK/p/YGx59rDWf7E3I8ZMgR7mjieOcUZ4lUlA4l7ZIlW/2WZHW+nUXO\nTi20fqJ8qSp4BUvOvuth1pz2GLUHe2/Fxjf7HIstAoGBAPHpPr9r+TfIlPsJeRj2\n6lzA3G8qWFRQfGRYjv0fjv0pA+RIb1rzgP/I90g5+63G6Z+R4WdcxI/OJJNY1iuG\nuw9n/pFxm7U4JC990BPE6nj5iLz+clpNGYckNDBF9VG9vFSrSDLdaYkxoVNvG/xJ\na9Na90H4lm7f3VewrPy310KvAoGAZr+mwNoEh5Kpc6xo8Gxi7aPP/mlaUVD6X7Ki\ngvmu02AqmC7rC4QqEiqTaONkaSXwGusqIWxJ3yp5hELmUBYLzszAEeV/s4zRp1oZ\ng133LBRSTbHFAdBmNdqK6Nu+KGRb92980UMOKvZbliKDl+W6cbfvVu+gtKrzTc3b\naevb4TUCgYEAnJAxyVYDP1nJf7bjBSHXQu1E/DMwbtrqw7dylRJ8cAzI7IxfSCez\n7BYWq41PqVd9/zrb3Pbh2phiVzKe783igAIMqummcjo/kZyCwFsYBzK77max1jF5\naPQsLbRS2aDz8kIH6jHPZ/R+15EROmdtLmA7vIJZGerWWQR0dUU+XXA=\n
\u5c06\u79c1\u94a5\u5185\u5bb9\u590d\u5236\u540e\u586b\u81f3\u754c\u9762\u5bc6\u94a5\u8f93\u5165\u6846\u3002
\u5728\u521b\u5efa\u96c6\u7fa4\u6216\u4e3a\u5df2\u6709\u96c6\u7fa4\u6dfb\u52a0\u8282\u70b9\u65f6\uff0c\u8bf7\u53c2\u9605\u4e0b\u8868\uff0c\u68c0\u67e5\u8282\u70b9\u914d\u7f6e\uff0c\u4ee5\u907f\u514d\u56e0\u8282\u70b9\u914d\u7f6e\u9519\u8bef\u5bfc\u81f4\u96c6\u7fa4\u521b\u5efa\u6216\u6269\u5bb9\u5931\u8d25\u3002
\u68c0\u67e5\u9879 \u63cf\u8ff0 \u64cd\u4f5c\u7cfb\u7edf \u53c2\u8003\u652f\u6301\u7684\u67b6\u6784\u53ca\u64cd\u4f5c\u7cfb\u7edf SELinux \u5173\u95ed \u9632\u706b\u5899 \u5173\u95ed \u67b6\u6784\u4e00\u81f4\u6027 \u8282\u70b9\u95f4 CPU \u67b6\u6784\u4e00\u81f4\uff08\u5982\u5747\u4e3a ARM \u6216 x86\uff09 \u4e3b\u673a\u65f6\u95f4 \u6240\u6709\u4e3b\u673a\u95f4\u540c\u6b65\u8bef\u5dee\u5c0f\u4e8e 10 \u79d2\u3002 \u7f51\u7edc\u8054\u901a\u6027 \u8282\u70b9\u53ca\u5176 SSH \u7aef\u53e3\u80fd\u591f\u6b63\u5e38\u88ab\u5e73\u53f0\u8bbf\u95ee\u3002 CPU \u53ef\u7528 CPU \u8d44\u6e90\u5927\u4e8e 4 Core \u5185\u5b58 \u53ef\u7528\u5185\u5b58\u8d44\u6e90\u5927\u4e8e 8 GB"},{"location":"end-user/kpanda/nodes/node-check.html#_2","title":"\u652f\u6301\u7684\u67b6\u6784\u53ca\u64cd\u4f5c\u7cfb\u7edf","text":"\u67b6\u6784 \u64cd\u4f5c\u7cfb\u7edf \u5907\u6ce8 ARM Kylin Linux Advanced Server release V10 (Sword) SP2 \u63a8\u8350 ARM UOS Linux ARM openEuler x86 CentOS 7.x \u63a8\u8350 x86 Redhat 7.x \u63a8\u8350 x86 Redhat 8.x \u63a8\u8350 x86 Flatcar Container Linux by Kinvolk x86 Debian Bullseye, Buster, Jessie, Stretch x86 Ubuntu 16.04, 18.04, 20.04, 22.04 x86 Fedora 35, 36 x86 Fedora CoreOS x86 openSUSE Leap 15.x/Tumbleweed x86 Oracle Linux 7, 8, 9 x86 Alma Linux 8, 9 x86 Rocky Linux 8, 9 x86 Amazon Linux 2 x86 Kylin Linux Advanced Server release V10 (Sword) - SP2 \u6d77\u5149 x86 UOS Linux x86 openEuler"},{"location":"end-user/kpanda/nodes/node-details.html","title":"\u8282\u70b9\u8be6\u60c5","text":"\u63a5\u5165\u6216\u521b\u5efa\u96c6\u7fa4\u4e4b\u540e\uff0c\u53ef\u4ee5\u67e5\u770b\u96c6\u7fa4\u4e2d\u5404\u4e2a\u8282\u70b9\u7684\u4fe1\u606f\uff0c\u5305\u62ec\u8282\u70b9\u72b6\u6001\u3001\u6807\u7b7e\u3001\u8d44\u6e90\u7528\u91cf\u3001Pod\u3001\u76d1\u63a7\u4fe1\u606f\u7b49\u3002
\u5728 \u96c6\u7fa4\u5217\u8868 \u9875\u9762\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u8282\u70b9\u7ba1\u7406 \uff0c\u53ef\u4ee5\u67e5\u770b\u8282\u70b9\u72b6\u6001\u3001\u89d2\u8272\u3001\u6807\u7b7e\u3001CPU/\u5185\u5b58\u4f7f\u7528\u60c5\u51b5\u3001IP \u5730\u5740\u3001\u521b\u5efa\u65f6\u95f4\u3002
\u70b9\u51fb\u8282\u70b9\u540d\u79f0\uff0c\u53ef\u4ee5\u8fdb\u5165\u8282\u70b9\u8be6\u60c5\u9875\u9762\u67e5\u770b\u66f4\u591a\u4fe1\u606f\uff0c\u5305\u62ec\u6982\u89c8\u4fe1\u606f\u3001\u5bb9\u5668\u7ec4\u4fe1\u606f\u3001\u6807\u7b7e\u6ce8\u89e3\u4fe1\u606f\u3001\u4e8b\u4ef6\u5217\u8868\u3001\u72b6\u6001\u7b49\u3002
\u6b64\u5916\uff0c\u8fd8\u53ef\u4ee5\u67e5\u770b\u8282\u70b9\u7684 YAML \u6587\u4ef6\u3001\u76d1\u63a7\u4fe1\u606f\u3001\u6807\u7b7e\u548c\u6ce8\u89e3\u7b49\u3002
\u652f\u6301\u5c06\u8282\u70b9\u6682\u505c\u8c03\u5ea6\u6216\u6062\u590d\u8c03\u5ea6\u3002\u6682\u505c\u8c03\u5ea6\u6307\uff0c\u505c\u6b62\u5c06 Pod \u8c03\u5ea6\u5230\u8be5\u8282\u70b9\u3002\u6062\u590d\u8c03\u5ea6\u6307\uff0c\u53ef\u4ee5\u5c06 Pod \u8c03\u5ea6\u5230\u8be5\u8282\u70b9\u3002
\u5728 \u96c6\u7fa4\u5217\u8868 \u9875\u9762\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u8282\u70b9\u7ba1\u7406 \uff0c\u5728\u8282\u70b9\u53f3\u4fa7\u70b9\u51fb \u2507 \u64cd\u4f5c\u56fe\u6807\uff0c\u70b9\u51fb \u6682\u505c\u8c03\u5ea6 \u6309\u94ae\u5373\u53ef\u6682\u505c\u8c03\u5ea6\u8be5\u8282\u70b9\u3002
\u5728\u8282\u70b9\u53f3\u4fa7\u70b9\u51fb \u2507 \u64cd\u4f5c\u56fe\u6807\uff0c\u70b9\u51fb \u6062\u590d\u8c03\u5ea6 \u6309\u94ae\u5373\u53ef\u6062\u590d\u8c03\u5ea6\u8be5\u8282\u70b9\u3002
\u8282\u70b9\u8c03\u5ea6\u72b6\u6001\u53ef\u80fd\u56e0\u7f51\u7edc\u60c5\u51b5\u6709\u6240\u5ef6\u8fdf\uff0c\u70b9\u51fb\u641c\u7d22\u6846\u53f3\u4fa7\u7684\u5237\u65b0\u56fe\u6807\u53ef\u4ee5\u5237\u65b0\u8282\u70b9\u8c03\u5ea6\u72b6\u6001\u3002
"},{"location":"end-user/kpanda/nodes/taints.html","title":"\u8282\u70b9\u6c61\u70b9\u7ba1\u7406","text":"\u6c61\u70b9 (Taint) \u80fd\u591f\u4f7f\u8282\u70b9\u6392\u65a5\u67d0\u4e00\u7c7b Pod\uff0c\u907f\u514d Pod \u88ab\u8c03\u5ea6\u5230\u8be5\u8282\u70b9\u4e0a\u3002 \u6bcf\u4e2a\u8282\u70b9\u4e0a\u53ef\u4ee5\u5e94\u7528\u4e00\u4e2a\u6216\u591a\u4e2a\u6c61\u70b9\uff0c\u4e0d\u80fd\u5bb9\u5fcd\u8fd9\u4e9b\u6c61\u70b9\u7684 Pod \u5219\u4e0d\u4f1a\u88ab\u8c03\u5ea6\u8be5\u8282\u70b9\u4e0a\u3002
"},{"location":"end-user/kpanda/nodes/taints.html#_2","title":"\u6ce8\u610f\u4e8b\u9879","text":"\u5728 \u96c6\u7fa4\u5217\u8868 \u9875\u627e\u5230\u76ee\u6807\u96c6\u7fa4\uff0c\u70b9\u51fb\u96c6\u7fa4\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u6982\u89c8 \u9875\u9762\u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\uff0c\u70b9\u51fb \u8282\u70b9\u7ba1\u7406 \uff0c\u627e\u5230\u9700\u8981\u4fee\u6539\u6c61\u70b9\u7684\u8282\u70b9\uff0c\u70b9\u51fb\u53f3\u4fa7\u7684 \u2507 \u64cd\u4f5c\u56fe\u6807\u5e76\u70b9\u51fb \u4fee\u6539\u6c61\u70b9 \u6309\u94ae\u3002
\u5728\u5f39\u6846\u5185\u8f93\u5165\u6c61\u70b9\u7684\u952e\u503c\u4fe1\u606f\uff0c\u9009\u62e9\u6c61\u70b9\u6548\u679c\uff0c\u70b9\u51fb \u786e\u5b9a \u3002
\u70b9\u51fb \u2795 \u6dfb\u52a0 \u53ef\u4ee5\u4e3a\u8282\u70b9\u6dfb\u52a0\u591a\u4e2a\u6c61\u70b9\uff0c\u70b9\u51fb\u6c61\u70b9\u6548\u679c\u53f3\u4fa7\u7684 X \u53ef\u4ee5\u5220\u9664\u6c61\u70b9\u3002
\u76ee\u524d\u652f\u6301\u4e09\u79cd\u6c61\u70b9\u6548\u679c\uff1a
NoSchedule
\uff1a\u65b0\u7684 Pod \u4e0d\u4f1a\u88ab\u8c03\u5ea6\u5230\u5e26\u6709\u6b64\u6c61\u70b9\u7684\u8282\u70b9\u4e0a\uff0c\u9664\u975e\u65b0\u7684 Pod \u5177\u6709\u76f8\u5339\u914d\u7684\u5bb9\u5fcd\u5ea6\u3002\u5f53\u524d\u6b63\u5728\u8282\u70b9\u4e0a\u8fd0\u884c\u7684 Pod \u4e0d\u4f1a \u88ab\u9a71\u9010\u3002NoExecute
\uff1a\u8fd9\u4f1a\u5f71\u54cd\u5df2\u5728\u8282\u70b9\u4e0a\u8fd0\u884c\u7684 Pod\uff1atolerationSeconds
\uff0c\u5219 Pod \u8fd8\u4f1a\u4e00\u76f4\u5728\u8fd9\u4e2a\u8282\u70b9\u4e0a\u8fd0\u884c\u3002tolerationSeconds
\uff0c\u5219 Pod \u8fd8\u80fd\u5728\u8fd9\u4e2a\u8282\u70b9\u4e0a\u7ee7\u7eed\u8fd0\u884c\u6307\u5b9a\u7684\u65f6\u957f\u3002\u8fd9\u6bb5\u65f6\u95f4\u8fc7\u53bb\u540e\uff0c\u518d\u4ece\u8282\u70b9\u4e0a\u9a71\u9664\u8fd9\u4e9b Pod\u3002PreferNoSchedule
\uff1a\u8fd9\u662f\u201c\u8f6f\u6027\u201d\u7684 NoSchedule
\u3002\u63a7\u5236\u5e73\u9762\u5c06**\u5c1d\u8bd5**\u907f\u514d\u5c06\u4e0d\u5bb9\u5fcd\u6b64\u6c61\u70b9\u7684 Pod \u8c03\u5ea6\u5230\u8282\u70b9\u4e0a\uff0c\u4f46\u4e0d\u80fd\u4fdd\u8bc1\u5b8c\u5168\u907f\u514d\u3002\u6240\u4ee5\u8981\u5c3d\u91cf\u907f\u514d\u4f7f\u7528\u6b64\u6c61\u70b9\u3002\u6709\u5173\u6c61\u70b9\u7684\u66f4\u591a\u8be6\u60c5\uff0c\u8bf7\u53c2\u9605 Kubernetes \u5b98\u65b9\u6587\u6863\uff1a\u6c61\u70b9\u548c\u5bb9\u5fcd\u5ea6\u3002
"},{"location":"end-user/kpanda/olm/import-miniooperator.html","title":"\u5bfc\u5165\u79bb\u7ebf MinIo Operator","text":"\u672c\u6587\u5c06\u4ecb\u7ecd\u5728\u79bb\u7ebf\u73af\u5883\u4e0b\u5982\u4f55\u5bfc\u5165 MinIo Operator\u3002
"},{"location":"end-user/kpanda/olm/import-miniooperator.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u5728\u6267\u884c\u73af\u5883\u4e2d\u8bbe\u7f6e\u73af\u5883\u53d8\u91cf\u5e76\u5728\u540e\u7eed\u6b65\u9aa4\u4f7f\u7528\uff0c\u6267\u884c\u547d\u4ee4\uff1a
export OPM_IMG=10.5.14.200/quay.m.daocloud.io/operator-framework/opm:v1.29.0 \nexport BUNDLE_IMG=10.5.14.200/quay.m.daocloud.io/operatorhubio/minio-operator:v5.0.3 \n
\u5982\u4f55\u83b7\u53d6\u4e0a\u8ff0\u955c\u50cf\u5730\u5740\uff1a
\u524d\u5f80 \u5bb9\u5668\u7ba1\u7406 -> \u9009\u62e9\u5f53\u524d\u96c6\u7fa4 -> helm \u5e94\u7528 -> \u67e5\u770b olm \u7ec4\u4ef6 -> \u63d2\u4ef6\u8bbe\u7f6e \uff0c\u627e\u5230\u540e\u7eed\u6b65\u9aa4\u6240\u9700 opm\uff0cminio\uff0cminio bundle\uff0cminio operator \u7684\u955c\u50cf\u3002
\u4ee5\u4e0a\u8bc9\u622a\u56fe\u4e3a\u4f8b\uff0c\u5219\u56db\u4e2a\u955c\u50cf\u5730\u5740\u5982\u4e0b\n\n# opm \u955c\u50cf \n10.5.14.200/quay.m.daocloud.io/operator-framework/opm:v1.29.0\n\n# minio \u955c\u50cf\n10.5.14.200/quay.m.daocloud.io/minio/minio:RELEASE.2023-03-24T21-41-23Z\n\n# minio bundle \u955c\u50cf\n10.5.14.200/quay.m.daocloud.io/operatorhubio/minio-operator:v5.0.3\n\n# minio operator \u955c\u50cf \n10.5.14.200/quay.m.daocloud.io/minio/operator:v5.0.3\n
\u6267\u884c opm \u547d\u4ee4\u83b7\u53d6\u79bb\u7ebf bundle \u955c\u50cf\u5305\u542b\u7684 operator\u3002
# \u521b\u5efa operator \u5b58\u653e\u76ee\u5f55\n$ mkdir minio-operator && cd minio-operator \n\n# \u83b7\u53d6 operator yaml \n$ docker run --user root -v $PWD/minio-operator:/minio-operator ${OPM_IMG} alpha bundle unpack --skip-tls-verify -v -d ${BUNDLE_IMG} -o ./minio-operator\n\n# \u9884\u671f\u7ed3\u679c\n.\n\u2514\u2500\u2500 minio-operator\n \u251c\u2500\u2500 manifests\n \u2502\u00a0\u00a0 \u251c\u2500\u2500 console-env_v1_configmap.yaml\n \u2502\u00a0\u00a0 \u251c\u2500\u2500 console-sa-secret_v1_secret.yaml\n \u2502\u00a0\u00a0 \u251c\u2500\u2500 console_v1_service.yaml\n \u2502\u00a0\u00a0 \u251c\u2500\u2500 minio-operator.clusterserviceversion.yaml\n \u2502\u00a0\u00a0 \u251c\u2500\u2500 minio.min.io_tenants.yaml\n \u2502\u00a0\u00a0 \u251c\u2500\u2500 operator_v1_service.yaml\n \u2502\u00a0\u00a0 \u251c\u2500\u2500 sts.min.io_policybindings.yaml\n \u2502\u00a0\u00a0 \u2514\u2500\u2500 sts_v1_service.yaml\n \u2514\u2500\u2500 metadata\n \u2514\u2500\u2500 annotations.yaml\n\n3 directories, 9 files\n
\u66ff\u6362\u00a0 minio-operator/manifests/minio-operator.clusterserviceversion.yaml\u00a0 \u6587\u4ef6\u4e2d\u7684\u6240\u6709\u955c\u50cf\u5730\u5740\u4e3a\u79bb\u7ebf\u955c\u50cf\u4ed3\u5e93\u5730\u5740\u955c\u50cf\u3002
\u66ff\u6362\u524d\uff1a
\u66ff\u6362\u540e\uff1a
\u751f\u6210\u6784\u5efa bundle \u955c\u50cf\u7684 Dockerfile
$ docker run --user root -v $PWD:/minio-operator -w /minio-operator ${OPM_IMG} alpha bundle generate --channels stable,beta -d /minio-operator/minio-operator/manifests -e stable -p minio-operator \u00a0\n\n# \u9884\u671f\u7ed3\u679c\n.\n\u251c\u2500\u2500 bundle.Dockerfile\n\u2514\u2500\u2500 minio-operator\n \u251c\u2500\u2500 manifests\n \u2502\u00a0\u00a0 \u251c\u2500\u2500 console-env_v1_configmap.yaml\n \u2502\u00a0\u00a0 \u251c\u2500\u2500 console-sa-secret_v1_secret.yaml\n \u2502\u00a0\u00a0 \u251c\u2500\u2500 console_v1_service.yaml\n \u2502\u00a0\u00a0 \u251c\u2500\u2500 minio-operator.clusterserviceversion.yaml\n \u2502\u00a0\u00a0 \u251c\u2500\u2500 minio.min.io_tenants.yaml\n \u2502\u00a0\u00a0 \u251c\u2500\u2500 operator_v1_service.yaml\n \u2502\u00a0\u00a0 \u251c\u2500\u2500 sts.min.io_policybindings.yaml\n \u2502\u00a0\u00a0 \u2514\u2500\u2500 sts_v1_service.yaml\n \u2514\u2500\u2500 metadata\n \u2514\u2500\u2500 annotations.yaml\n\n3 directories, 10 files\n
\u6267\u884c\u6784\u5efa\u547d\u4ee4\uff0c\u6784\u5efa bundle \u955c\u50cf\u4e14\u63a8\u9001\u5230\u79bb\u7ebf registry\u3002
# \u8bbe\u7f6e\u65b0\u7684 bundle image \nexport OFFLINE_BUNDLE_IMG=10.5.14.200/quay.m.daocloud.io/operatorhubio/minio-operator:v5.0.3-offline \n\n$ docker build . -f bundle.Dockerfile -t ${OFFLINE_BUNDLE_IMG} \u00a0\n\n$ docker push ${OFFLINE_BUNDLE_IMG}\n
\u751f\u6210\u6784\u5efa catalog \u955c\u50cf\u7684 Dockerfile\u3002
$ docker run --user root -v $PWD:/minio-operator -w /minio-operator ${OPM_IMG} index add --bundles ${OFFLINE_BUNDLE_IMG} --generate --binary-image ${OPM_IMG} --skip-tls-verify\n\n# \u9884\u671f\u7ed3\u679c\n.\n\u251c\u2500\u2500 bundle.Dockerfile\n\u251c\u2500\u2500 database\n\u2502\u00a0\u00a0 \u2514\u2500\u2500 index.db\n\u251c\u2500\u2500 index.Dockerfile\n\u2514\u2500\u2500 minio-operator\n \u251c\u2500\u2500 manifests\n \u2502\u00a0\u00a0 \u251c\u2500\u2500 console-env_v1_configmap.yaml\n \u2502\u00a0\u00a0 \u251c\u2500\u2500 console-sa-secret_v1_secret.yaml\n \u2502\u00a0\u00a0 \u251c\u2500\u2500 console_v1_service.yaml\n \u2502\u00a0\u00a0 \u251c\u2500\u2500 minio.min.io_tenants.yaml\n \u2502\u00a0\u00a0 \u251c\u2500\u2500 minio-operator.clusterserviceversion.yaml\n \u2502\u00a0\u00a0 \u251c\u2500\u2500 operator_v1_service.yaml\n \u2502\u00a0\u00a0 \u251c\u2500\u2500 sts.min.io_policybindings.yaml\n \u2502\u00a0\u00a0 \u2514\u2500\u2500 sts_v1_service.yaml\n \u2514\u2500\u2500 metadata\n \u2514\u2500\u2500 annotations.yaml\n\n4 directories, 12 files\n
\u6784\u5efa catalog \u955c\u50cf
# \u8bbe\u7f6e\u65b0\u7684 catalog image \nexport OFFLINE_CATALOG_IMG=10.5.14.200/release.daocloud.io/operator-framework/system-operator-index:v0.1.0-offline\n\n$ docker build . -f index.Dockerfile -t ${OFFLINE_CATALOG_IMG} \n\n$ docker push ${OFFLINE_CATALOG_IMG}\n
\u524d\u5f80\u5bb9\u5668\u7ba1\u7406\uff0c\u66f4\u65b0 helm \u5e94\u7528 olm \u7684\u5185\u7f6e catsrc \u955c\u50cf\uff08\u586b\u5199\u6784\u5efa catalog \u955c\u50cf\u6307\u5b9a\u7684 ${catalog-image} \u5373\u53ef\uff09
\u66f4\u65b0\u6210\u529f\u540e\uff0cOperator Hub \u4e2d\u4f1a\u51fa\u73b0 minio-operator \u7ec4\u4ef6
\u5bb9\u5668\u7ba1\u7406\u57fa\u4e8e\u5168\u5c40\u6743\u9650\u7ba1\u7406\u53ca\u5168\u5c40\u7528\u6237/\u7528\u6237\u7ec4\u7ba1\u7406\u5b9e\u73b0\u6388\u6743\uff0c\u5982\u9700\u4e3a\u7528\u6237\u6388\u4e88\u5bb9\u5668\u7ba1\u7406\u7684\u6700\u9ad8\u6743\u9650\uff08\u53ef\u4ee5\u521b\u5efa\u3001\u7ba1\u7406\u3001\u5220\u9664\u6240\u6709\u96c6\u7fa4\uff09\u3002
"},{"location":"end-user/kpanda/permissions/cluster-ns-auth.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u7ed9\u7528\u6237/\u7528\u6237\u7ec4\u6388\u6743\u4e4b\u524d\uff0c\u8bf7\u5b8c\u6210\u5982\u4e0b\u51c6\u5907\uff1a
\u5df2\u5728\u5168\u5c40\u7ba1\u7406\u4e2d\u521b\u5efa\u4e86\u5f85\u6388\u6743\u7684\u7528\u6237/\u7528\u6237\u7ec4\uff0c\u8bf7\u53c2\u8003\u7528\u6237\u3002
\u4ec5 Kpanda Owner\u53ca\u5f53\u524d\u96c6\u7fa4\u7684 Cluster Admin \u5177\u5907\u96c6\u7fa4\u6388\u6743\u80fd\u529b\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u6743\u9650\u8bf4\u660e\u3002
\u4ec5 Kpanda Owner\u3001\u5f53\u524d\u96c6\u7fa4\u7684 Cluster Admin\uff0c\u5f53\u524d\u547d\u540d\u7a7a\u95f4\u7684 NS Admin \u5177\u5907\u547d\u540d\u7a7a\u95f4\u6388\u6743\u80fd\u529b\u3002
\u7528\u6237\u767b\u5f55\u5e73\u53f0\u540e\uff0c\u70b9\u51fb\u5de6\u4fa7\u83dc\u5355\u680f \u5bb9\u5668\u7ba1\u7406 \u4e0b\u7684 \u6743\u9650\u7ba1\u7406 \uff0c\u9ed8\u8ba4\u4f4d\u4e8e \u96c6\u7fa4\u6743\u9650 \u9875\u7b7e\u3002
\u70b9\u51fb \u6dfb\u52a0\u6388\u6743 \u6309\u94ae\u3002
\u5728 \u6dfb\u52a0\u96c6\u7fa4\u6743\u9650 \u9875\u9762\u4e2d\uff0c\u9009\u62e9\u76ee\u6807\u96c6\u7fa4\u3001\u5f85\u6388\u6743\u7684\u7528\u6237/\u7528\u6237\u7ec4\u540e\uff0c\u70b9\u51fb \u786e\u5b9a \u3002
\u76ee\u524d\u4ec5\u652f\u6301\u7684\u96c6\u7fa4\u89d2\u8272\u4e3a Cluster Admin \uff0c\u8be6\u60c5\u6743\u9650\u53ef\u53c2\u8003\u6743\u9650\u8bf4\u660e\u3002\u5982\u9700\u8981\u7ed9\u591a\u4e2a\u7528\u6237/\u7528\u6237\u7ec4\u540c\u65f6\u8fdb\u884c\u6388\u6743\uff0c \u53ef\u70b9\u51fb \u6dfb\u52a0\u7528\u6237\u6743\u9650 \u8fdb\u884c\u591a\u6b21\u6dfb\u52a0\u3002
\u8fd4\u56de\u96c6\u7fa4\u6743\u9650\u7ba1\u7406\u9875\u9762\uff0c\u5c4f\u5e55\u51fa\u73b0\u6d88\u606f\uff1a \u6dfb\u52a0\u96c6\u7fa4\u6743\u9650\u6210\u529f \u3002
\u7528\u6237\u767b\u5f55\u5e73\u53f0\u540e\uff0c\u70b9\u51fb\u5de6\u4fa7\u83dc\u5355\u680f \u5bb9\u5668\u7ba1\u7406 \u4e0b\u7684 \u6743\u9650\u7ba1\u7406 \uff0c\u70b9\u51fb \u547d\u540d\u7a7a\u95f4\u6743\u9650 \u9875\u7b7e\u3002
\u70b9\u51fb \u6dfb\u52a0\u6388\u6743 \u6309\u94ae\u3002\u5728 \u6dfb\u52a0\u547d\u540d\u7a7a\u95f4\u6743\u9650 \u9875\u9762\u4e2d\uff0c\u9009\u62e9\u76ee\u6807\u96c6\u7fa4\u3001\u76ee\u6807\u547d\u540d\u7a7a\u95f4\uff0c\u4ee5\u53ca\u5f85\u6388\u6743\u7684\u7528\u6237/\u7528\u6237\u7ec4\u540e\uff0c\u70b9\u51fb \u786e\u5b9a \u3002
\u76ee\u524d\u652f\u6301\u7684\u547d\u540d\u7a7a\u95f4\u89d2\u8272\u4e3a NS Admin\u3001NS Editor\u3001NS Viewer\uff0c\u8be6\u60c5\u6743\u9650\u53ef\u53c2\u8003\u6743\u9650\u8bf4\u660e\u3002\u5982\u9700\u7ed9\u591a\u4e2a\u7528\u6237/\u7528\u6237\u7ec4\u540c\u65f6\u8fdb\u884c\u6388\u6743\uff0c\u53ef\u70b9\u51fb \u6dfb\u52a0\u7528\u6237\u6743\u9650 \u8fdb\u884c\u591a\u6b21\u6dfb\u52a0\u3002\u70b9\u51fb \u786e\u5b9a \u5b8c\u6210\u6743\u9650\u6388\u6743\u3002
\u8fd4\u56de\u547d\u540d\u7a7a\u95f4\u6743\u9650\u7ba1\u7406\u9875\u9762\uff0c\u5c4f\u5e55\u51fa\u73b0\u6d88\u606f\uff1a \u6dfb\u52a0\u96c6\u7fa4\u6743\u9650\u6210\u529f \u3002
Tip
\u540e\u7eed\u5982\u9700\u5220\u9664\u6216\u7f16\u8f91\u6743\u9650\uff0c\u53ef\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507 \uff0c\u9009\u62e9 \u7f16\u8f91 \u6216 \u5220\u9664 \u3002
\u8fc7\u53bb Kpanda \u5185\u7f6e\u89d2\u8272\u7684\u6743\u9650\u70b9\uff08rbac rules\uff09\u90fd\u662f\u63d0\u524d\u9884\u5b9a\u4e49\u597d\u7684\u4e14\u7528\u6237\u65e0\u6cd5\u4fee\u6539\uff0c\u56e0\u4e3a\u4ee5\u524d\u4fee\u6539\u5185\u7f6e\u89d2\u8272\u7684\u6743\u9650\u70b9\u4e4b\u540e\u4e5f\u4f1a\u88ab Kpanda \u63a7\u5236\u5668\u8fd8\u539f\u6210\u9884\u5b9a\u4e49\u7684\u6743\u9650\u70b9\u3002 \u4e3a\u4e86\u652f\u6301\u66f4\u52a0\u7075\u6d3b\u7684\u6743\u9650\u914d\u7f6e\uff0c\u6ee1\u8db3\u5bf9\u7cfb\u7edf\u89d2\u8272\u7684\u81ea\u5b9a\u4e49\u9700\u6c42\uff0c\u76ee\u524d Kpanda \u652f\u6301\u4e3a\u5185\u7f6e\u7cfb\u7edf\u89d2\u8272\uff08cluster admin\u3001ns admin\u3001ns editor\u3001ns viewer\uff09\u4fee\u6539\u6743\u9650\u70b9\u3002 \u4ee5\u4e0b\u793a\u4f8b\u6f14\u793a\u5982\u4f55\u65b0\u589e ns-viewer \u6743\u9650\u70b9\uff0c\u5c1d\u8bd5\u589e\u52a0\u53ef\u4ee5\u5220\u9664 Deployment \u7684\u6743\u9650\u3002\u5176\u4ed6\u6743\u9650\u70b9\u64cd\u4f5c\u7c7b\u4f3c\u3002
"},{"location":"end-user/kpanda/permissions/custom-kpanda-role.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"Note
\u53ea\u652f\u6301\u4f7f\u7528\u56fa\u5b9a Label \u7684 ClusterRole \u8ffd\u52a0\u6743\u9650\uff0c\u4e0d\u652f\u6301\u66ff\u6362\u6216\u8005\u5220\u9664\u6743\u9650\uff0c\u4e5f\u4e0d\u80fd\u4f7f\u7528 role \u8ffd\u52a0\u6743\u9650\uff0c\u5185\u7f6e\u89d2\u8272\u8ddf\u7528\u6237\u521b\u5efa\u7684 ClusterRole Label \u5bf9\u5e94\u5173\u7cfb\u5982\u4e0b
cluster-admin: rbac.kpanda.io/role-template-cluster-admin: \"true\"\ncluster-edit: rbac.kpanda.io/role-template-cluster-edit: \"true\"\ncluster-view: rbac.kpanda.io/role-template-cluster-view: \"true\"\nns-admin: rbac.kpanda.io/role-template-ns-admin: \"true\"\nns-edit: rbac.kpanda.io/role-template-ns-edit: \"true\"\nns-view: rbac.kpanda.io/role-template-ns-view: \"true\"\n
\u4f7f\u7528 admin \u6216\u8005 cluster admin \u6743\u9650\u7684\u7528\u6237\u521b\u5efa\u65e0\u72b6\u6001\u8d1f\u8f7d
\u6388\u6743 ns-viewer\uff0c\u7528\u6237\u6709\u8be5 namespace ns-view \u6743\u9650
\u5207\u6362\u767b\u5f55\u7528\u6237\u4e3a ns-viewer\uff0c\u6253\u5f00\u63a7\u5236\u53f0\u83b7\u53d6 ns-viewer \u7528\u6237\u5bf9\u5e94\u7684 token\uff0c\u4f7f\u7528 curl \u8bf7\u6c42\u5220\u9664\u4e0a\u8ff0\u7684 deployment nginx\uff0c\u53d1\u73b0\u65e0\u5220\u9664\u6743\u9650
[root@master-01 ~]# curl -k -X DELETE 'https://${URL}/apis/kpanda.io/v1alpha1/clusters/cluster-member/namespaces/default/deployments/nginx' -H 'authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJOU044MG9BclBRMzUwZ2VVU2ZyNy1xMEREVWY4MmEtZmJqR05uRE1sd1lFIn0.eyJleHAiOjE3MTU3NjY1NzksImlhdCI6MTcxNTY4MDE3OSwiYXV0aF90aW1lIjoxNzE1NjgwMTc3LCJqdGkiOiIxZjI3MzJlNC1jYjFhLTQ4OTktYjBiZC1iN2IxZWY1MzAxNDEiLCJpc3MiOiJodHRwczovLzEwLjYuMjAxLjIwMTozMDE0Ny9hdXRoL3JlYWxtcy9naGlwcG8iLCJhdWQiOiJfX2ludGVybmFsLWdoaXBwbyIsInN1YiI6ImMxZmMxM2ViLTAwZGUtNDFiYS05ZTllLWE5OGU2OGM0MmVmMCIsInR5cCI6IklEIiwiYXpwIjoiX19pbnRlcm5hbC1naGlwcG8iLCJzZXNzaW9uX3N0YXRlIjoiMGJjZWRjZTctMTliYS00NmU1LTkwYmUtOTliMWY2MWEyNzI0IiwiYXRfaGFzaCI6IlJhTHoyQjlKQ2FNc1RrbGVMR3V6blEiLCJhY3IiOiIwIiwic2lkIjoiMGJjZWRjZTctMTliYS00NmU1LTkwYmUtOTliMWY2MWEyNzI0IiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJncm91cHMiOltdLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJucy12aWV3ZXIiLCJsb2NhbGUiOiIifQ.As2ipMjfvzvgONAGlc9RnqOd3zMwAj82VXlcqcR74ZK9tAq3Q4ruQ1a6WuIfqiq8Kq4F77ljwwzYUuunfBli2zhU2II8zyxVhLoCEBu4pBVBd_oJyUycXuNa6HfQGnl36E1M7-_QG8b-_T51wFxxVb5b7SEDE1AvIf54NAlAr-rhDmGRdOK1c9CohQcS00ab52MD3IPiFFZ8_Iljnii-RpXKZoTjdcULJVn_uZNk_SzSUK-7MVWmPBK15m6sNktOMSf0pCObKWRqHd15JSe-2aA2PKBo1jBH3tHbOgZyMPdsLI0QdmEnKB5FiiOeMpwn_oHnT6IjT-BZlB18VkW8rA'\n{\"code\":7,\"message\":\"[RBAC] delete resources(deployments: nginx) is forbidden for user(ns-viewer) in cluster(cluster-member)\",\"details\":[]}[root@master-01 ~]#\n[root@master-01 ~]#\n
\u5728\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4e0a\u521b\u5efa\u5982\u4e0b ClusterRole\uff1a
apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n name: append-ns-view # (1)!\n labels:\n rbac.kpanda.io/role-template-ns-view: \"true\" # (2)!\nrules:\n - apiGroups: [ \"apps\" ]\n resources: [ \"deployments\" ]\n verbs: [ \"delete\" ]\n
\u7b49\u5f85 Kpanda \u63a7\u5236\u5668\u6dfb\u52a0\u7528\u6237\u521b\u5efa\u6743\u9650\u5230\u5185\u7f6e\u89d2\u8272 ns-viewer \u4e2d\uff0c\u53ef\u67e5\u770b\u5bf9\u5e94\u5185\u7f6e\u89d2\u8272\u5982\u662f\u5426\u6709\u4e0a\u4e00\u6b65\u65b0\u589e\u7684\u6743\u9650\u70b9
[root@master-01 ~]# kubectl get clusterrole role-template-ns-view -oyaml|grep deployments -C 10|tail -n 6\n
- apiGroups:\n - apps\n resources:\n - deployments\n verbs:\n - delete\n
\u518d\u6b21\u4f7f\u7528 curl \u8bf7\u6c42\u5220\u9664\u4e0a\u8ff0\u7684 deployment nginx\uff0c\u8fd9\u6b21\u6210\u529f\u5220\u9664\u4e86\u3002\u4e5f\u5c31\u662f\u8bf4\uff0cns-viewer \u6210\u529f\u65b0\u589e\u4e86\u5220\u9664 Deployment \u7684\u6743\u9650\u3002
[root@master-01 ~]# curl -k -X DELETE 'https://${URL}/apis/kpanda.io/v1alpha1/clusters/cluster-member/namespaces/default/deployments/nginx' -H 'authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJOU044MG9BclBRMzUwZ2VVU2ZyNy1xMEREVWY4MmEtZmJqR05uRE1sd1lFIn0.eyJleHAiOjE3MTU3NjY1NzksImlhdCI6MTcxNTY4MDE3OSwiYXV0aF90aW1lIjoxNzE1NjgwMTc3LCJqdGkiOiIxZjI3MzJlNC1jYjFhLTQ4OTktYjBiZC1iN2IxZWY1MzAxNDEiLCJpc3MiOiJodHRwczovLzEwLjYuMjAxLjIwMTozMDE0Ny9hdXRoL3JlYWxtcy9naGlwcG8iLCJhdWQiOiJfX2ludGVybmFsLWdoaXBwbyIsInN1YiI6ImMxZmMxM2ViLTAwZGUtNDFiYS05ZTllLWE5OGU2OGM0MmVmMCIsInR5cCI6IklEIiwiYXpwIjoiX19pbnRlcm5hbC1naGlwcG8iLCJzZXNzaW9uX3N0YXRlIjoiMGJjZWRjZTctMTliYS00NmU1LTkwYmUtOTliMWY2MWEyNzI0IiwiYXRfaGFzaCI6IlJhTHoyQjlKQ2FNc1RrbGVMR3V6blEiLCJhY3IiOiIwIiwic2lkIjoiMGJjZWRjZTctMTliYS00NmU1LTkwYmUtOTliMWY2MWEyNzI0IiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJncm91cHMiOltdLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJucy12aWV3ZXIiLCJsb2NhbGUiOiIifQ.As2ipMjfvzvgONAGlc9RnqOd3zMwAj82VXlcqcR74ZK9tAq3Q4ruQ1a6WuIfqiq8Kq4F77ljwwzYUuunfBli2zhU2II8zyxVhLoCEBu4pBVBd_oJyUycXuNa6HfQGnl36E1M7-_QG8b-_T51wFxxVb5b7SEDE1AvIf54NAlAr-rhDmGRdOK1c9CohQcS00ab52MD3IPiFFZ8_Iljnii-RpXKZoTjdcULJVn_uZNk_SzSUK-7MVWmPBK15m6sNktOMSf0pCObKWRqHd15JSe-2aA2PKBo1jBH3tHbOgZyMPdsLI0QdmEnKB5FiiOeMpwn_oHnT6IjT-BZlB18VkW8rA'\n
\u5bb9\u5668\u7ba1\u7406\u6743\u9650\u57fa\u4e8e\u5168\u5c40\u6743\u9650\u7ba1\u7406\u4ee5\u53ca Kubernetes RBAC \u6743\u9650\u7ba1\u7406\u6253\u9020\u7684\u591a\u7ef4\u5ea6\u6743\u9650\u7ba1\u7406\u4f53\u7cfb\u3002 \u652f\u6301\u96c6\u7fa4\u7ea7\u3001\u547d\u540d\u7a7a\u95f4\u7ea7\u7684\u6743\u9650\u63a7\u5236\uff0c\u5e2e\u52a9\u7528\u6237\u4fbf\u6377\u7075\u6d3b\u5730\u5bf9\u79df\u6237\u4e0b\u7684 IAM \u7528\u6237\u3001\u7528\u6237\u7ec4\uff08\u7528\u6237\u7684\u96c6\u5408\uff09\u8bbe\u5b9a\u4e0d\u540c\u7684\u64cd\u4f5c\u6743\u9650\u3002
"},{"location":"end-user/kpanda/permissions/permission-brief.html#_2","title":"\u96c6\u7fa4\u6743\u9650","text":"\u96c6\u7fa4\u6743\u9650\u57fa\u4e8e Kubernetes RBAC \u7684 ClusterRolebinding \u6388\u6743\uff0c\u96c6\u7fa4\u6743\u9650\u8bbe\u7f6e\u53ef\u8ba9\u7528\u6237/\u7528\u6237\u7ec4\u5177\u5907\u96c6\u7fa4\u76f8\u5173\u6743\u9650\u3002 \u76ee\u524d\u7684\u9ed8\u8ba4\u96c6\u7fa4\u89d2\u8272\u4e3a Cluster Admin \uff08\u4e0d\u5177\u5907\u96c6\u7fa4\u7684\u521b\u5efa\u3001\u5220\u9664\u6743\u9650\uff09\u3002
"},{"location":"end-user/kpanda/permissions/permission-brief.html#cluster-admin","title":"Cluster Admin","text":"Cluster Admin \u5177\u6709\u4ee5\u4e0b\u6743\u9650\uff1a
\u53ef\u7ba1\u7406\u3001\u7f16\u8f91\u3001\u67e5\u770b\u5bf9\u5e94\u96c6\u7fa4
\u7ba1\u7406\u3001\u7f16\u8f91\u3001\u67e5\u770b \u547d\u540d\u7a7a\u95f4\u4e0b\u7684\u6240\u6709\u5de5\u4f5c\u8d1f\u8f7d\u53ca\u96c6\u7fa4\u5185\u6240\u6709\u8d44\u6e90
\u53ef\u6388\u6743\u7528\u6237\u4e3a\u96c6\u7fa4\u5185\u89d2\u8272 (Cluster Admin\u3001NS Admin\u3001NS Editor\u3001NS Viewer)
\u8be5\u96c6\u7fa4\u89d2\u8272\u7684 YAML \u793a\u4f8b\u5982\u4e0b\uff1a
apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n annotations:\n kpanda.io/creator: system\n creationTimestamp: \"2022-06-16T09:42:49Z\"\n labels:\n iam.kpanda.io/role-template: \"true\"\n name: role-template-cluster-admin\n resourceVersion: \"15168\"\n uid: f8f86d42-d5ef-47aa-b284-097615795076\nrules:\n- apiGroups:\n - '*'\n resources:\n - '*'\n verbs:\n - '*'\n- nonResourceURLs:\n - '*'\n verbs:\n - '*'\n
"},{"location":"end-user/kpanda/permissions/permission-brief.html#_3","title":"\u547d\u540d\u7a7a\u95f4\u6743\u9650","text":"\u547d\u540d\u7a7a\u95f4\u6743\u9650\u662f\u57fa\u4e8e Kubernetes RBAC \u80fd\u529b\u7684\u6388\u6743\uff0c\u53ef\u4ee5\u5b9e\u73b0\u4e0d\u540c\u7684\u7528\u6237/\u7528\u6237\u7ec4\u5bf9\u547d\u540d\u7a7a\u95f4\u4e0b\u7684\u8d44\u6e90\u5177\u6709\u4e0d\u540c\u7684\u64cd\u4f5c\u6743\u9650(\u5305\u62ec Kubernetes API \u6743\u9650)\uff0c\u8be6\u60c5\u53ef\u53c2\u8003\uff1aKubernetes RBAC\u3002\u76ee\u524d\u5bb9\u5668\u7ba1\u7406\u7684\u9ed8\u8ba4\u89d2\u8272\u4e3a\uff1aNS Admin\u3001NS Editor\u3001NS Viewer\u3002
"},{"location":"end-user/kpanda/permissions/permission-brief.html#ns-admin","title":"NS Admin","text":"NS Admin \u5177\u6709\u4ee5\u4e0b\u6743\u9650\uff1a
\u8be5\u96c6\u7fa4\u89d2\u8272\u7684 YAML \u793a\u4f8b\u5982\u4e0b\uff1a
apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n annotations:\n kpanda.io/creator: system\n creationTimestamp: \"2022-06-16T09:42:49Z\"\n labels:\n iam.kpanda.io/role-template: \"true\"\n name: role-template-ns-admin\n resourceVersion: \"15173\"\n uid: 69f64c7e-70e7-4c7c-a3e0-053f507f2bc3\nrules:\n- apiGroups:\n - '*'\n resources:\n - '*'\n verbs:\n - '*'\n- nonResourceURLs:\n - '*'\n verbs:\n - '*' \n
"},{"location":"end-user/kpanda/permissions/permission-brief.html#ns-editor","title":"NS Editor","text":"NS Editor \u5177\u6709\u4ee5\u4e0b\u6743\u9650\uff1a
apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n annotations:\n kpanda.io/creator: system\n creationTimestamp: \"2022-06-16T09:42:50Z\"\n labels:\n iam.kpanda.io/role-template: \"true\"\n name: role-template-ns-edit\n resourceVersion: \"15175\"\n uid: ca9e690e-96c0-4978-8915-6e4c00c748fe\nrules:\n- apiGroups:\n - \"\"\n resources:\n - configmaps\n - endpoints\n - persistentvolumeclaims\n - persistentvolumeclaims/status\n - pods\n - replicationcontrollers\n - replicationcontrollers/scale\n - serviceaccounts\n - services\n - services/status\n verbs:\n - '*'\n- apiGroups:\n - \"\"\n resources:\n - bindings\n - events\n - limitranges\n - namespaces/status\n - pods/log\n - pods/status\n - replicationcontrollers/status\n - resourcequotas\n - resourcequotas/status\n verbs:\n - '*'\n- apiGroups:\n - \"\"\n resources:\n - namespaces\n verbs:\n - '*'\n- apiGroups:\n - apps\n resources:\n - controllerrevisions\n - daemonsets\n - daemonsets/status\n - deployments\n - deployments/scale\n - deployments/status\n - replicasets\n - replicasets/scale\n - replicasets/status\n - statefulsets\n - statefulsets/scale\n - statefulsets/status\n verbs:\n - '*'\n- apiGroups:\n - autoscaling\n resources:\n - horizontalpodautoscalers\n - horizontalpodautoscalers/status\n verbs:\n - '*'\n- apiGroups:\n - batch\n resources:\n - cronjobs\n - cronjobs/status\n - jobs\n - jobs/status\n verbs:\n - '*'\n- apiGroups:\n - extensions\n resources:\n - daemonsets\n - daemonsets/status\n - deployments\n - deployments/scale\n - deployments/status\n - ingresses\n - ingresses/status\n - networkpolicies\n - replicasets\n - replicasets/scale\n - replicasets/status\n - replicationcontrollers/scale\n verbs:\n - '*'\n- apiGroups:\n - policy\n resources:\n - poddisruptionbudgets\n - poddisruptionbudgets/status\n verbs:\n - '*'\n- apiGroups:\n - networking.k8s.io\n resources:\n - ingresses\n - ingresses/status\n - networkpolicies\n verbs:\n - '*' \n
"},{"location":"end-user/kpanda/permissions/permission-brief.html#ns-viewer","title":"NS Viewer","text":"NS Viewer \u5177\u6709\u4ee5\u4e0b\u6743\u9650\uff1a
apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n annotations:\n kpanda.io/creator: system\n creationTimestamp: \"2022-06-16T09:42:50Z\"\n labels:\n iam.kpanda.io/role-template: \"true\"\n name: role-template-ns-view\n resourceVersion: \"15183\"\n uid: 853888fd-6ee8-42ac-b91e-63923918baf8\nrules:\n- apiGroups:\n - \"\"\n resources:\n - configmaps\n - endpoints\n - persistentvolumeclaims\n - persistentvolumeclaims/status\n - pods\n - replicationcontrollers\n - replicationcontrollers/scale\n - serviceaccounts\n - services\n - services/status\n verbs:\n - get\n - list\n - watch\n- apiGroups:\n - \"\"\n resources:\n - bindings\n - events\n - limitranges\n - namespaces/status\n - pods/log\n - pods/status\n - replicationcontrollers/status\n - resourcequotas\n - resourcequotas/status\n verbs:\n - get\n - list\n - watch\n- apiGroups:\n - \"\"\n resources:\n - namespaces\n verbs:\n - get\n - list\n - watch\n- apiGroups:\n - apps\n resources:\n - controllerrevisions\n - daemonsets\n - daemonsets/status\n - deployments\n - deployments/scale\n - deployments/status\n - replicasets\n - replicasets/scale\n - replicasets/status\n - statefulsets\n - statefulsets/scale\n - statefulsets/status\n verbs:\n - get\n - list\n - watch\n- apiGroups:\n - autoscaling\n resources:\n - horizontalpodautoscalers\n - horizontalpodautoscalers/status\n verbs:\n - get\n - list\n - watch\n- apiGroups:\n - batch\n resources:\n - cronjobs\n - cronjobs/status\n - jobs\n - jobs/status\n verbs:\n - get\n - list\n - watch\n- apiGroups:\n - extensions\n resources:\n - daemonsets\n - daemonsets/status\n - deployments\n - deployments/scale\n - deployments/status\n - ingresses\n - ingresses/status\n - networkpolicies\n - replicasets\n - replicasets/scale\n - replicasets/status\n - replicationcontrollers/scale\n verbs:\n - get\n - list\n - watch\n- apiGroups:\n - policy\n resources:\n - poddisruptionbudgets\n - poddisruptionbudgets/status\n verbs:\n - get\n - list\n - watch\n- apiGroups:\n - networking.k8s.io\n resources:\n - ingresses\n - ingresses/status\n - networkpolicies\n verbs:\n - get\n - list\n - watch \n
"},{"location":"end-user/kpanda/permissions/permission-brief.html#faq","title":"\u6743\u9650 FAQ","text":"\u5168\u5c40\u6743\u9650\u548c\u5bb9\u5668\u7ba1\u7406\u6743\u9650\u7ba1\u7406\u7684\u5173\u7cfb\uff1f
\u7b54\uff1a\u5168\u5c40\u6743\u9650\u4ec5\u6388\u6743\u4e3a\u7c97\u7c92\u5ea6\u6743\u9650\uff0c\u53ef\u7ba1\u7406\u6240\u6709\u96c6\u7fa4\u7684\u521b\u5efa\u3001\u7f16\u8f91\u3001\u5220\u9664\uff1b\u800c\u5bf9\u4e8e\u7ec6\u7c92\u5ea6\u7684\u6743\u9650\uff0c\u5982\u5355\u4e2a\u96c6\u7fa4\u7684\u7ba1\u7406\u6743\u9650\uff0c\u5355\u4e2a\u547d\u540d\u7a7a\u95f4\u7684\u7ba1\u7406\u3001\u7f16\u8f91\u3001\u5220\u9664\u6743\u9650\uff0c\u9700\u8981\u57fa\u4e8e Kubernetes RBAC \u7684\u5bb9\u5668\u7ba1\u7406\u6743\u9650\u8fdb\u884c\u5b9e\u73b0\u3002 \u4e00\u822c\u6743\u9650\u7684\u7528\u6237\u4ec5\u9700\u8981\u5728\u5bb9\u5668\u7ba1\u7406\u4e2d\u8fdb\u884c\u6388\u6743\u5373\u53ef\u3002
\u76ee\u524d\u4ec5\u652f\u6301\u56db\u4e2a\u9ed8\u8ba4\u89d2\u8272\uff0c\u540e\u53f0\u81ea\u5b9a\u4e49\u89d2\u8272\u7684 RoleBinding \u4ee5\u53ca ClusterRoleBinding \uff08Kubernetes \u7ec6\u7c92\u5ea6\u7684 RBAC\uff09\u662f\u5426\u4e5f\u80fd\u751f\u6548\uff1f
\u7b54\uff1a\u76ee\u524d\u81ea\u5b9a\u4e49\u6743\u9650\u6682\u65f6\u65e0\u6cd5\u901a\u8fc7\u56fe\u5f62\u754c\u9762\u8fdb\u884c\u7ba1\u7406\uff0c\u4f46\u662f\u901a\u8fc7 kubectl \u521b\u5efa\u7684\u6743\u9650\u89c4\u5219\u540c\u6837\u80fd\u751f\u6548\u3002
\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u652f\u6301 Pod \u8d44\u6e90\u57fa\u4e8e\u6307\u6807\u8fdb\u884c\u5f39\u6027\u4f38\u7f29\uff08Horizontal Pod Autoscaling, HPA\uff09\u3002 \u7528\u6237\u53ef\u4ee5\u901a\u8fc7\u8bbe\u7f6e CPU \u5229\u7528\u7387\u3001\u5185\u5b58\u7528\u91cf\u53ca\u81ea\u5b9a\u4e49\u6307\u6807\u6307\u6807\u6765\u52a8\u6001\u8c03\u6574 Pod \u8d44\u6e90\u7684\u526f\u672c\u6570\u91cf\u3002 \u4f8b\u5982\uff0c\u4e3a\u5de5\u4f5c\u8d1f\u8f7d\u8bbe\u7f6e\u57fa\u4e8e CPU \u5229\u7528\u7387\u6307\u6807\u5f39\u6027\u4f38\u7f29\u7b56\u7565\u540e\uff0c\u5f53 Pod \u7684 CPU \u5229\u7528\u7387\u8d85\u8fc7/\u4f4e\u4e8e\u60a8\u8bbe\u7f6e\u7684\u6307\u6807\u9600\u503c\uff0c\u5de5\u4f5c\u8d1f\u8f7d\u63a7\u5236\u5668\u5c06\u4f1a\u81ea\u52a8\u589e\u52a0/\u8f83\u5c11 Pod \u526f\u672c\u6570\u3002
\u672c\u6587\u5c06\u4ecb\u7ecd\u5982\u4f55\u4e3a\u5de5\u4f5c\u8d1f\u8f7d\u914d\u7f6e\u57fa\u4e8e\u5185\u7f6e\u6307\u6807\u7684\u5f39\u6027\u4f38\u7f29\u3002
Note
\u7cfb\u7edf\u5185\u7f6e\u4e86 CPU \u548c\u5185\u5b58\u4e24\u79cd\u5f39\u6027\u4f38\u7f29\u6307\u6807\u4ee5\u6ee1\u8db3\u7528\u6237\u7684\u57fa\u7840\u4e1a\u52a1\u4f7f\u7528\u573a\u666f\u3002
"},{"location":"end-user/kpanda/scale/create-hpa.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u5728\u4e3a\u5de5\u4f5c\u8d1f\u8f7d\u914d\u7f6e\u5185\u7f6e\u6307\u6807\u5f39\u6027\u4f38\u7f29\u7b56\u7565\u4e4b\u524d\uff0c\u9700\u8981\u6ee1\u8db3\u4ee5\u4e0b\u524d\u63d0\u6761\u4ef6\uff1a
\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u5df2\u63a5\u5165 Kubernetes \u96c6\u7fa4\u6216\u8005\u5df2\u521b\u5efa Kubernetes \u96c6\u7fa4\uff0c\u4e14\u80fd\u591f\u8bbf\u95ee\u96c6\u7fa4\u7684 UI \u754c\u9762\u3002
\u5df2\u5b8c\u6210\u4e00\u4e2a\u547d\u540d\u7a7a\u95f4\u7684\u521b\u5efa\u3001\u65e0\u72b6\u6001\u5de5\u4f5c\u8d1f\u8f7d\u7684\u521b\u5efa\u6216\u6709\u72b6\u6001\u5de5\u4f5c\u8d1f\u8f7d\u7684\u521b\u5efa\u3002
\u5f53\u524d\u64cd\u4f5c\u7528\u6237\u5e94\u5177\u6709 NS Editor \u6216\u66f4\u9ad8\u6743\u9650\uff0c\u8be6\u60c5\u53ef\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u6388\u6743\u3002
\u5df2\u5b8c\u6210 metrics-server \u63d2\u4ef6\u5b89\u88c5 \u3002
\u53c2\u8003\u4ee5\u4e0b\u6b65\u9aa4\uff0c\u4e3a\u5de5\u4f5c\u8d1f\u8f7d\u914d\u7f6e\u5185\u7f6e\u6307\u6807\u5f39\u6027\u4f38\u7f29\u7b56\u7565\u3002
\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u4e0a\u7684 \u96c6\u7fa4\u5217\u8868 \u8fdb\u5165\u96c6\u7fa4\u5217\u8868\u9875\u9762\u3002\u70b9\u51fb\u4e00\u4e2a\u96c6\u7fa4\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u9875\u9762\u3002
\u5728\u96c6\u7fa4\u8be6\u60c5\u9875\u9762\uff0c\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u7684 \u5de5\u4f5c\u8d1f\u8f7d \u8fdb\u5165\u5de5\u4f5c\u8d1f\u8f7d\u5217\u8868\u540e\uff0c\u70b9\u51fb\u4e00\u4e2a\u8d1f\u8f7d\u540d\u79f0\uff0c\u8fdb\u5165 \u5de5\u4f5c\u8d1f\u8f7d\u8be6\u60c5 \u9875\u9762\u3002
\u70b9\u51fb \u5f39\u6027\u4f38\u7f29 \u9875\u7b7e\uff0c\u67e5\u770b\u5f53\u524d\u96c6\u7fa4\u7684\u5f39\u6027\u4f38\u7f29\u914d\u7f6e\u60c5\u51b5\u3002
\u786e\u8ba4\u96c6\u7fa4\u5df2\u5b89\u88c5\u4e86 metrics-server \u63d2\u4ef6\uff0c\u4e14\u63d2\u4ef6\u8fd0\u884c\u72b6\u6001\u4e3a\u6b63\u5e38\u540e\uff0c\u5373\u53ef\u70b9\u51fb \u65b0\u5efa\u4f38\u7f29 \u6309\u94ae\u3002
\u521b\u5efa\u81ea\u5b9a\u4e49\u6307\u6807\u5f39\u6027\u4f38\u7f29\u7b56\u7565\u53c2\u6570\u3002
\u5b8c\u6210\u53c2\u6570\u914d\u7f6e\u540e\uff0c\u70b9\u51fb \u786e\u5b9a \u6309\u94ae\uff0c\u81ea\u52a8\u8fd4\u56de\u5f39\u6027\u4f38\u7f29\u8be6\u60c5\u9875\u9762\u3002\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507 \uff0c\u53ef\u4ee5\u6267\u884c\u7f16\u8f91\u3001\u5220\u9664\u64cd\u4f5c\uff0c\u8fd8\u53ef\u4ee5\u67e5\u770b\u76f8\u5173\u4e8b\u4ef6\u3002
\u5bb9\u5668\u5782\u76f4\u6269\u7f29\u5bb9\u7b56\u7565\uff08Vertical Pod Autoscaler, VPA\uff09\u901a\u8fc7\u76d1\u63a7 Pod \u5728\u4e00\u6bb5\u65f6\u95f4\u5185\u7684\u8d44\u6e90\u7533\u8bf7\u548c\u7528\u91cf\uff0c \u8ba1\u7b97\u51fa\u5bf9\u8be5 Pod \u800c\u8a00\u6700\u9002\u5408\u7684 CPU \u548c\u5185\u5b58\u8bf7\u6c42\u503c\u3002\u4f7f\u7528 VPA \u53ef\u4ee5\u66f4\u52a0\u5408\u7406\u5730\u4e3a\u96c6\u7fa4\u4e0b\u6bcf\u4e2a Pod \u5206\u914d\u8d44\u6e90\uff0c\u63d0\u9ad8\u96c6\u7fa4\u7684\u6574\u4f53\u8d44\u6e90\u5229\u7528\u7387\uff0c\u907f\u514d\u96c6\u7fa4\u8d44\u6e90\u6d6a\u8d39\u3002
\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u652f\u6301\u901a\u8fc7\u5bb9\u5668\u5782\u76f4\u6269\u7f29\u5bb9\u7b56\u7565\uff08Vertical Pod Autoscaler, VPA\uff09\uff0c\u57fa\u4e8e\u6b64\u529f\u80fd\u53ef\u4ee5\u6839\u636e\u5bb9\u5668\u8d44\u6e90\u7684\u4f7f\u7528\u60c5\u51b5\u52a8\u6001\u8c03\u6574 Pod \u8bf7\u6c42\u503c\u3002 \u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u652f\u6301\u901a\u8fc7\u624b\u52a8\u548c\u81ea\u52a8\u4e24\u79cd\u65b9\u5f0f\u6765\u4fee\u6539\u8d44\u6e90\u8bf7\u6c42\u503c\uff0c\u60a8\u53ef\u4ee5\u6839\u636e\u5b9e\u9645\u9700\u8981\u8fdb\u884c\u914d\u7f6e\u3002
\u672c\u6587\u5c06\u4ecb\u7ecd\u5982\u4f55\u4e3a\u5de5\u4f5c\u8d1f\u8f7d\u914d\u7f6e Pod \u5782\u76f4\u4f38\u7f29\u3002
Warning
\u4f7f\u7528 VPA \u4fee\u6539 Pod \u8d44\u6e90\u8bf7\u6c42\u4f1a\u89e6\u53d1 Pod \u91cd\u542f\u3002\u7531\u4e8e Kubernetes \u672c\u8eab\u7684\u9650\u5236\uff0c Pod \u91cd\u542f\u540e\u53ef\u80fd\u4f1a\u88ab\u8c03\u5ea6\u5230\u5176\u5b83\u8282\u70b9\u4e0a\u3002
"},{"location":"end-user/kpanda/scale/create-vpa.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u4e3a\u5de5\u4f5c\u8d1f\u8f7d\u914d\u7f6e\u5782\u76f4\u4f38\u7f29\u7b56\u7565\u4e4b\u524d\uff0c\u9700\u8981\u6ee1\u8db3\u4ee5\u4e0b\u524d\u63d0\u6761\u4ef6\uff1a
\u5728\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u4e2d\u63a5\u5165 Kubernetes \u96c6\u7fa4\u6216\u8005\u7ba1\u7406\u5458\u5df2\u4e3a\u7528\u6237\u521b\u5efa\u4e86\u96c6\u7fa4\uff0c\u4e14\u80fd\u591f\u8bbf\u95ee\u96c6\u7fa4\u7684 UI \u754c\u9762\u3002
\u521b\u5efa\u4e00\u4e2a\u547d\u540d\u7a7a\u95f4\u3001\u7528\u6237\u3001\u65e0\u72b6\u6001\u5de5\u4f5c\u8d1f\u8f7d\u6216\u6709\u72b6\u6001\u5de5\u4f5c\u8d1f\u8f7d\u3002
\u5f53\u524d\u64cd\u4f5c\u7528\u6237\u5e94\u5177\u6709 NS Editor \u6216\u66f4\u9ad8\u6743\u9650\uff0c\u8be6\u60c5\u53ef\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u6388\u6743\u3002
\u5f53\u524d\u96c6\u7fa4\u5df2\u7ecf\u5b89\u88c5 metrics-server \u548c VPA \u63d2\u4ef6\u3002
\u53c2\u8003\u4ee5\u4e0b\u6b65\u9aa4\uff0c\u4e3a\u5de5\u4f5c\u8d1f\u8f7d\u914d\u7f6e\u5185\u7f6e\u6307\u6807\u5f39\u6027\u4f38\u7f29\u7b56\u7565\u3002
\u5728 \u96c6\u7fa4\u5217\u8868 \u4e2d\u627e\u5230\u76ee\u524d\u96c6\u7fa4\uff0c\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u5de5\u4f5c\u8d1f\u8f7d \uff0c\u627e\u5230\u9700\u8981\u521b\u5efa VPA \u7684\u8d1f\u8f7d\uff0c\u70b9\u51fb\u8be5\u8d1f\u8f7d\u7684\u540d\u79f0\u3002
3. \u70b9\u51fb \u5f39\u6027\u4f38\u7f29 \u9875\u7b7e\uff0c\u67e5\u770b\u5f53\u524d\u96c6\u7fa4\u7684\u5f39\u6027\u4f38\u7f29\u914d\u7f6e\uff0c\u786e\u8ba4\u5df2\u7ecf\u5b89\u88c5\u4e86\u76f8\u5173\u63d2\u4ef6\u5e76\u4e14\u63d2\u4ef6\u662f\u5426\u8fd0\u884c\u6b63\u5e38\u3002
\u70b9\u51fb \u65b0\u5efa\u4f38\u7f29 \u6309\u94ae\uff0c\u5e76\u914d\u7f6e VPA \u5782\u76f4\u4f38\u7f29\u7b56\u7565\u53c2\u6570\u3002
\u5b8c\u6210\u53c2\u6570\u914d\u7f6e\u540e\uff0c\u70b9\u51fb \u786e\u5b9a \u6309\u94ae\uff0c\u81ea\u52a8\u8fd4\u56de\u5f39\u6027\u4f38\u7f29\u8be6\u60c5\u9875\u9762\u3002\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507 \uff0c\u53ef\u4ee5\u6267\u884c\u7f16\u8f91\u3001\u5220\u9664\u64cd\u4f5c\u3002
Note
\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c--min-replicas \u7684\u503c\u4e3a 2\u3002\u8868\u793a\u5f53\u526f\u672c\u6570\u5927\u4e8e 1 \u65f6\uff0cVPA \u624d\u4f1a\u751f\u6548\uff0c \u53ef\u4ee5\u901a\u8fc7\u4fee\u6539 updater \u7684 --min-replicas \u53c2\u6570\u503c\u6765\u6539\u53d8\u8fd9\u4e00\u9ed8\u8ba4\u884c\u4e3a\u3002
spec: \n containers: \n - name: updater \n args: \n - \"--min-replicas=2\"\n
"},{"location":"end-user/kpanda/scale/custom-hpa.html","title":"\u57fa\u4e8e\u81ea\u5b9a\u4e49\u6307\u6807\u521b\u5efa HPA","text":"\u5f53\u7cfb\u7edf\u5185\u7f6e\u7684 CPU \u548c\u5185\u5b58\u4e24\u79cd\u6307\u6807\u4e0d\u80fd\u6ee1\u8db3\u60a8\u4e1a\u52a1\u7684\u5b9e\u9645\u9700\u6c42\u65f6\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7\u914d\u7f6e ServiceMonitoring \u6765\u6dfb\u52a0\u81ea\u5b9a\u4e49\u6307\u6807\uff0c \u5e76\u57fa\u4e8e\u81ea\u5b9a\u4e49\u6307\u6807\u5b9e\u73b0\u5f39\u6027\u4f38\u7f29\u3002\u672c\u6587\u5c06\u4ecb\u7ecd\u5982\u4f55\u4e3a\u5de5\u4f5c\u8d1f\u8f7d\u914d\u7f6e\u57fa\u4e8e\u81ea\u5b9a\u4e49\u6307\u6807\u8fdb\u884c\u5f39\u6027\u4f38\u7f29\u3002
Note
\u5728\u4e3a\u5de5\u4f5c\u8d1f\u8f7d\u914d\u7f6e\u81ea\u5b9a\u4e49\u6307\u6807\u5f39\u6027\u4f38\u7f29\u7b56\u7565\u4e4b\u524d\uff0c\u9700\u8981\u6ee1\u8db3\u4ee5\u4e0b\u524d\u63d0\u6761\u4ef6\uff1a
\u53c2\u8003\u4ee5\u4e0b\u6b65\u9aa4\uff0c\u4e3a\u5de5\u4f5c\u8d1f\u8f7d\u914d\u7f6e\u6307\u6807\u5f39\u6027\u4f38\u7f29\u7b56\u7565\u3002
\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u4e0a\u7684 \u96c6\u7fa4\u5217\u8868 \u8fdb\u5165\u96c6\u7fa4\u5217\u8868\u9875\u9762\u3002\u70b9\u51fb\u4e00\u4e2a\u96c6\u7fa4\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u9875\u9762\u3002
\u5728\u96c6\u7fa4\u8be6\u60c5\u9875\u9762\uff0c\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u7684 \u5de5\u4f5c\u8d1f\u8f7d \u8fdb\u5165\u5de5\u4f5c\u8d1f\u8f7d\u5217\u8868\u540e\uff0c\u70b9\u51fb\u4e00\u4e2a\u8d1f\u8f7d\u540d\u79f0\uff0c\u8fdb\u5165 \u5de5\u4f5c\u8d1f\u8f7d\u8be6\u60c5 \u9875\u9762\u3002
\u70b9\u51fb \u5f39\u6027\u4f38\u7f29 \u9875\u7b7e\uff0c\u67e5\u770b\u5f53\u524d\u96c6\u7fa4\u7684\u5f39\u6027\u4f38\u7f29\u914d\u7f6e\u60c5\u51b5\u3002
\u786e\u8ba4\u96c6\u7fa4\u5df2\u5b89\u88c5\u4e86 metrics-server \u3001Insight\u3001Prometheus-adapter \u63d2\u4ef6\u4e14\u63d2\u4ef6\u8fd0\u884c\u72b6\u6001\u4e3a\u6b63\u5e38\u540e\uff0c\u5373\u53ef\u70b9\u51fb \u65b0\u5efa\u4f38\u7f29 \u6309\u94ae\u3002
Note
\u5982\u679c\u76f8\u5173\u63d2\u4ef6\u672a\u5b89\u88c5\u6216\u63d2\u4ef6\u5904\u4e8e\u5f02\u5e38\u72b6\u6001\uff0c\u60a8\u5728\u9875\u9762\u4e0a\u5c06\u65e0\u6cd5\u770b\u89c1\u521b\u5efa\u81ea\u5b9a\u4e49\u6307\u6807\u5f39\u6027\u4f38\u7f29\u5165\u53e3\u3002
\u521b\u5efa\u81ea\u5b9a\u4e49\u6307\u6807\u5f39\u6027\u4f38\u7f29\u7b56\u7565\u53c2\u6570\u3002
\u672c\u6848\u4f8b\u4ee5 Golang \u4e1a\u52a1\u7a0b\u5e8f\u4e3a\u4f8b\uff0c\u8be5\u793a\u4f8b\u7a0b\u5e8f\u66b4\u9732\u4e86 httpserver_requests_total
\u6307\u6807\uff0c\u5e76\u8bb0\u5f55 HTTP \u7684\u8bf7\u6c42\uff0c\u901a\u8fc7\u8be5\u6307\u6807\u53ef\u4ee5\u8ba1\u7b97\u51fa\u4e1a\u52a1\u7a0b\u5e8f\u7684 QPS \u503c\u3002
\u4f7f\u7528 Deployment \u90e8\u7f72\u4e1a\u52a1\u7a0b\u5e8f\uff1a
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: httpserver\n namespace: httpserver\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: httpserver\n template:\n metadata:\n labels:\n app: httpserver\n spec:\n containers:\n - name: httpserver\n image: registry.imroc.cc/test/httpserver:custom-metrics\n imagePullPolicy: Always\n---\n\napiVersion: v1\nkind: Service\nmetadata:\n name: httpserver\n namespace: httpserver\n labels:\n app: httpserver\n annotations:\n prometheus.io/scrape: \"true\"\n prometheus.io/path: \"/metrics\"\n prometheus.io/port: \"http\"\nspec:\n type: ClusterIP\n ports:\n - port: 80\n protocol: TCP\n name: http\n selector:\n app: httpserver\n
"},{"location":"end-user/kpanda/scale/custom-hpa.html#prometheus","title":"Prometheus \u91c7\u96c6\u4e1a\u52a1\u76d1\u63a7","text":"\u82e5\u5df2\u5b89\u88c5 insight-agent\uff0c\u53ef\u4ee5\u901a\u8fc7\u521b\u5efa ServiceMonitor \u7684 CRD \u5bf9\u8c61\u914d\u7f6e Prometheus\u3002
\u64cd\u4f5c\u6b65\u9aa4\uff1a\u5728 \u96c6\u7fa4\u8be6\u60c5 -> \u81ea\u5b9a\u4e49\u8d44\u6e90 \u641c\u7d22\u201cservicemonitors.monitoring.coreos.com\"\uff0c\u70b9\u51fb\u540d\u79f0\u8fdb\u5165\u8be6\u60c5\u3002 \u901a\u8fc7\u521b\u5efa YAML\uff0c\u5728\u547d\u540d\u7a7a\u95f4 httpserver \u4e0b\u521b\u5efa\u5982\u4e0b\u793a\u4f8b\u7684 CRD\uff1a
apiVersion: monitoring.coreos.com/v1\nkind: ServiceMonitor\nmetadata:\n name: httpserver\n namespace: httpserver\n labels:\n operator.insight.io/managed-by: insight\nspec:\n endpoints:\n - port: http\n interval: 5s\n namespaceSelector:\n matchNames:\n - httpserver\n selector:\n matchLabels:\n app: httpserver\n
Note
\u82e5\u901a\u8fc7 insight \u5b89\u88c5 Prometheus\uff0c\u5219 serviceMonitor \u4e0a\u5fc5\u987b\u6253\u4e0a operator.insight.io/managed-by: insight
\u8fd9\u4e2a label\uff0c\u901a\u8fc7\u5176\u4ed6\u65b9\u5f0f\u5b89\u88c5\u5219\u65e0\u9700\u6b64 label\u3002
\u64cd\u4f5c\u6b65\u9aa4\uff1a\u5728 \u96c6\u7fa4\u8be6\u60c5 -> Helm \u5e94\u7528 \u641c\u7d22 \u201cprometheus-adapter\"\uff0c\u901a\u8fc7\u64cd\u4f5c\u680f\u8fdb\u5165\u66f4\u65b0\u9875\u9762\uff0c\u5728 YAML \u4e2d\u914d\u7f6e\u81ea\u5b9a\u4e49\u6307\u6807\uff0c\u793a\u4f8b\u5982\u4e0b\uff1a
rules:\n custom:\n - metricsQuery: sum(rate(<<.Series>>{<<.LabelMatchers>>}[1m])) by (<<.GroupBy>>)\n name:\n as: httpserver_requests_qps\n matches: httpserver_requests_total\n resources:\n template: <<.Resource>>\n seriesQuery: httpserver_requests_total\n
"},{"location":"end-user/kpanda/scale/custom-hpa.html#_5","title":"\u521b\u5efa\u81ea\u5b9a\u4e49\u6307\u6807\u5f39\u6027\u4f38\u7f29\u7b56\u7565\u53c2\u6570","text":"\u6309\u7167\u4e0a\u8ff0\u6b65\u9aa4\u5728 Deployment \u4e2d\u627e\u5230\u5e94\u7528\u7a0b\u5e8f httpserver \u5e76\u901a\u8fc7\u81ea\u5b9a\u4e49\u6307\u6807\u521b\u5efa\u5f39\u6027\u4f38\u7f29\u3002
"},{"location":"end-user/kpanda/scale/hpa-cronhpa-compatibility-rules.html","title":"HPA \u548c CronHPA \u517c\u5bb9\u89c4\u5219","text":"HPA \u5168\u79f0\u4e3a HorizontalPodAutoscaler\uff0c\u5373 Pod \u6c34\u5e73\u81ea\u52a8\u4f38\u7f29\u3002
CronHPA \u5168\u79f0\u4e3a Cron HorizontalPodAutoscaler\uff0c\u5373 Pod \u5b9a\u65f6\u7684\u6c34\u5e73\u81ea\u52a8\u4f38\u7f29\u3002
"},{"location":"end-user/kpanda/scale/hpa-cronhpa-compatibility-rules.html#cronhpa-hpa","title":"CronHPA \u548c HPA \u517c\u5bb9\u51b2\u7a81","text":"\u5b9a\u65f6\u4f38\u7f29 CronHPA \u901a\u8fc7\u8bbe\u7f6e\u5b9a\u65f6\u7684\u65b9\u5f0f\u89e6\u53d1\u5bb9\u5668\u7684\u6c34\u5e73\u526f\u672c\u4f38\u7f29\u3002\u4e3a\u4e86\u9632\u6b62\u7a81\u53d1\u7684\u6d41\u91cf\u51b2\u51fb\u7b49\u72b6\u51b5\uff0c \u60a8\u53ef\u80fd\u5df2\u7ecf\u914d\u7f6e HPA \u4fdd\u969c\u5e94\u7528\u7684\u6b63\u5e38\u8fd0\u884c\u3002\u5982\u679c\u540c\u65f6\u68c0\u6d4b\u5230\u4e86 HPA \u548c CronHPA \u7684\u5b58\u5728\uff0c \u7531\u4e8e CronHPA \u548c HPA \u76f8\u4e92\u72ec\u7acb\u65e0\u6cd5\u611f\u77e5\uff0c\u5c31\u4f1a\u51fa\u73b0\u4e24\u4e2a\u63a7\u5236\u5668\u5404\u81ea\u5de5\u4f5c\uff0c\u540e\u6267\u884c\u7684\u64cd\u4f5c\u4f1a\u8986\u76d6\u5148\u6267\u884c\u7684\u64cd\u4f5c\u3002
\u5bf9\u6bd4 CronHPA \u548c HPA \u7684\u5b9a\u4e49\u6a21\u677f\uff0c\u53ef\u4ee5\u89c2\u5bdf\u5230\u4ee5\u4e0b\u51e0\u70b9\uff1a
Note
\u5982\u679c\u540c\u65f6\u8bbe\u7f6e CronHPA \u548c HPA\uff0c\u4f1a\u51fa\u73b0 CronHPA \u548c HPA \u540c\u65f6\u64cd\u4f5c\u4e00\u4e2a scaleTargetRef \u7684\u573a\u666f\u3002
"},{"location":"end-user/kpanda/scale/hpa-cronhpa-compatibility-rules.html#cronhpa-hpa_1","title":"CronHPA \u548c HPA \u517c\u5bb9\u65b9\u6848","text":"\u4ece\u4e0a\u6587\u53ef\u77e5\uff0cCronHPA \u548c HPA \u540c\u65f6\u4f7f\u7528\u4f1a\u5bfc\u81f4\u540e\u6267\u884c\u7684\u64cd\u4f5c\u8986\u76d6\u5148\u6267\u884c\u64cd\u4f5c\u7684\u672c\u8d28\u539f\u56e0\u662f\u4e24\u4e2a\u63a7\u5236\u5668\u65e0\u6cd5\u76f8\u4e92\u611f\u77e5\uff0c \u90a3\u4e48\u53ea\u9700\u8981\u8ba9 CronHPA \u611f\u77e5 HPA \u7684\u5f53\u524d\u72b6\u6001\u5c31\u80fd\u89e3\u51b3\u51b2\u7a81\u95ee\u9898\u3002
\u7cfb\u7edf\u4f1a\u5c06 HPA \u4f5c\u4e3a\u5b9a\u65f6\u4f38\u7f29 CronHPA \u7684\u6269\u7f29\u5bb9\u5bf9\u8c61\uff0c\u4ece\u800c\u5b9e\u73b0\u5bf9\u8be5 HPA \u5b9a\u4e49\u7684 Deployment \u5bf9\u8c61\u7684\u5b9a\u65f6\u6269\u7f29\u5bb9\u3002
HPA \u7684\u5b9a\u4e49\u5c06 Deployment \u914d\u7f6e\u5728 scaleTargetRef \u5b57\u6bb5\u4e0b\uff0c\u7136\u540e Deployment \u901a\u8fc7\u81ea\u8eab\u5b9a\u4e49\u67e5\u627e ReplicaSet\uff0c\u6700\u540e\u901a\u8fc7 ReplicaSet \u8c03\u6574\u771f\u5b9e\u7684\u526f\u672c\u6570\u76ee\u3002
\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u5c06 CronHPA \u4e2d\u7684 scaleTargetRef \u8bbe\u7f6e\u4e3a HPA \u5bf9\u8c61\uff0c\u7136\u540e\u901a\u8fc7 HPA \u5bf9\u8c61\u6765\u5bfb\u627e\u771f\u5b9e\u7684 scaleTargetRef\uff0c\u4ece\u800c\u8ba9 CronHPA \u611f\u77e5 HPA \u7684\u5f53\u524d\u72b6\u6001\u3002
CronHPA \u4f1a\u901a\u8fc7\u8c03\u6574 HPA \u7684\u65b9\u5f0f\u611f\u77e5 HPA\u3002CronHPA \u901a\u8fc7\u8bc6\u522b\u8981\u8fbe\u5230\u7684\u526f\u672c\u6570\u4e0e\u5f53\u524d\u526f\u672c\u6570\u4e24\u8005\u95f4\u7684\u8f83\u5927\u503c\uff0c \u5224\u65ad\u662f\u5426\u9700\u8981\u6269\u7f29\u5bb9\u53ca\u4fee\u6539 HPA \u7684\u4e0a\u9650\uff1bCronHPA \u901a\u8fc7\u8bc6\u522b CronHPA \u8981\u8fbe\u5230\u7684\u526f\u672c\u6570\u4e0e HPA \u7684\u914d\u7f6e\u95f4\u7684\u8f83\u5c0f\u503c\uff0c\u5224\u65ad\u662f\u5426\u9700\u8981\u4fee\u6539 HPA \u7684\u4e0b\u9650\u3002
"},{"location":"end-user/kpanda/scale/install-cronhpa.html","title":"\u5b89\u88c5 kubernetes-cronhpa-controller \u63d2\u4ef6","text":"\u5bb9\u5668\u526f\u672c\u5b9a\u65f6\u6c34\u5e73\u6269\u7f29\u5bb9\u7b56\u7565\uff08CronHPA\uff09\u80fd\u591f\u4e3a\u5468\u671f\u6027\u9ad8\u5e76\u53d1\u5e94\u7528\u63d0\u4f9b\u7a33\u5b9a\u7684\u8ba1\u7b97\u8d44\u6e90\u4fdd\u969c\uff0c kubernetes-cronhpa-controller \u5219\u662f\u5b9e\u73b0 CronHPA \u7684\u5173\u952e\u7ec4\u4ef6\u3002
\u672c\u8282\u4ecb\u7ecd\u5982\u4f55\u5b89\u88c5 kubernetes-cronhpa-controller \u63d2\u4ef6\u3002
Note
\u4e3a\u4e86\u4f7f\u7528 CornHPA\uff0c\u4e0d\u4ec5\u9700\u8981\u5b89\u88c5 kubernetes-cronhpa-controller \u63d2\u4ef6\uff0c\u8fd8\u8981\u5b89\u88c5 metrics-server \u63d2\u4ef6\u3002
"},{"location":"end-user/kpanda/scale/install-cronhpa.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u5b89\u88c5 kubernetes-cronhpa-controller \u63d2\u4ef6\u4e4b\u524d\uff0c\u9700\u8981\u6ee1\u8db3\u4ee5\u4e0b\u524d\u63d0\u6761\u4ef6\uff1a
\u5728\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u4e2d\u63a5\u5165 Kubernetes \u96c6\u7fa4\u6216\u8005\u7ba1\u7406\u5458\u5df2\u4e3a\u7528\u6237\u521b\u5efa\u4e86\u96c6\u7fa4\uff0c\u4e14\u80fd\u591f\u8bbf\u95ee\u96c6\u7fa4\u7684 UI \u754c\u9762\u3002
\u521b\u5efa\u4e00\u4e2a\u547d\u540d\u7a7a\u95f4\u3002
\u5f53\u524d\u64cd\u4f5c\u7528\u6237\u5e94\u5177\u6709 NS Editor \u6216\u66f4\u9ad8\u6743\u9650\uff0c\u8be6\u60c5\u53ef\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u6388\u6743\u3002
\u53c2\u8003\u5982\u4e0b\u6b65\u9aa4\u4e3a\u96c6\u7fa4\u5b89\u88c5 kubernetes-cronhpa-controller \u63d2\u4ef6\u3002
\u5728 \u96c6\u7fa4\u5217\u8868 \u9875\u9762\u627e\u5230\u9700\u8981\u5b89\u88c5\u6b64\u63d2\u4ef6\u7684\u76ee\u6807\u96c6\u7fa4\uff0c\u70b9\u51fb\u8be5\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u7136\u540e\u5728\u5de6\u4fa7\u70b9\u51fb \u5de5\u4f5c\u8d1f\u8f7d -> \u65e0\u72b6\u6001\u5de5\u4f5c\u8d1f\u8f7d \uff0c\u70b9\u51fb\u76ee\u6807\u5de5\u4f5c\u8d1f\u8f7d\u7684\u540d\u79f0\u3002
\u5728\u5de5\u4f5c\u8d1f\u8f7d\u8be6\u60c5\u9875\u9762\uff0c\u70b9\u51fb \u5f39\u6027\u4f38\u7f29 \u9875\u7b7e\uff0c\u5728 CronHPA \u53f3\u4fa7\u70b9\u51fb \u5b89\u88c5 \u3002
\u9605\u8bfb\u8be5\u63d2\u4ef6\u7684\u76f8\u5173\u4ecb\u7ecd\uff0c\u9009\u62e9\u7248\u672c\u540e\u70b9\u51fb \u5b89\u88c5 \u6309\u94ae\u3002\u63a8\u8350\u5b89\u88c5 1.3.0 \u6216\u66f4\u9ad8\u7248\u672c\u3002
\u53c2\u8003\u4ee5\u4e0b\u8bf4\u660e\u914d\u7f6e\u53c2\u6570\u3002
Note
\u5f00\u542f \u5c31\u7eea\u7b49\u5f85 \u548c/\u6216 \u5931\u8d25\u5220\u9664 \u540e\uff0c\u5e94\u7528\u9700\u8981\u8f83\u957f\u65f6\u95f4\u624d\u4f1a\u88ab\u6807\u8bb0\u4e3a\u201c\u8fd0\u884c\u4e2d\u201d\u72b6\u6001\u3002
\u5728\u9875\u9762\u53f3\u4e0b\u89d2\u70b9\u51fb \u786e\u5b9a \uff0c\u7cfb\u7edf\u5c06\u81ea\u52a8\u8df3\u8f6c\u81f3 Helm \u5e94\u7528 \u5217\u8868\u9875\u9762\u3002\u7a0d\u7b49\u51e0\u5206\u949f\u540e\u5237\u65b0\u9875\u9762\u4f5c\uff0c\u5373\u53ef\u770b\u5230\u521a\u521a\u5b89\u88c5\u7684\u5e94\u7528\u3002
Warning
\u5982\u9700\u5220\u9664 kubernetes-cronhpa-controller \u63d2\u4ef6\uff0c\u5e94\u5728 Helm \u5e94\u7528 \u5217\u8868\u9875\u9762\u624d\u80fd\u5c06\u5176\u5f7b\u5e95\u5220\u9664\u3002
\u5982\u679c\u5728\u5de5\u4f5c\u8d1f\u8f7d\u7684 \u5f39\u6027\u4f38\u7f29 \u9875\u7b7e\u4e0b\u5220\u9664\u63d2\u4ef6\uff0c\u8fd9\u53ea\u662f\u5220\u9664\u4e86\u8be5\u63d2\u4ef6\u7684\u5de5\u4f5c\u8d1f\u8f7d\u526f\u672c\uff0c\u63d2\u4ef6\u672c\u8eab\u4ecd\u672a\u5220\u9664\uff0c\u540e\u7eed\u91cd\u65b0\u5b89\u88c5\u8be5\u63d2\u4ef6\u65f6\u4e5f\u4f1a\u63d0\u793a\u9519\u8bef\u3002
\u56de\u5230\u5de5\u4f5c\u8d1f\u8f7d\u8be6\u60c5\u9875\u9762\u4e0b\u7684 \u5f39\u6027\u4f38\u7f29 \u9875\u7b7e\uff0c\u53ef\u4ee5\u770b\u5230\u754c\u9762\u663e\u793a \u63d2\u4ef6\u5df2\u5b89\u88c5 \u3002\u73b0\u5728\u53ef\u4ee5\u5f00\u59cb\u521b\u5efa CronHPA \u7b56\u7565\u4e86\u3002
metrics-server \u662f Kubernetes \u5185\u7f6e\u7684\u8d44\u6e90\u4f7f\u7528\u6307\u6807\u91c7\u96c6\u7ec4\u4ef6\u3002 \u60a8\u53ef\u4ee5\u901a\u8fc7\u914d\u7f6e\u5f39\u6027\u4f38\u7f29\uff08HPA\uff09\u7b56\u7565\u6765\u5b9e\u73b0\u5de5\u4f5c\u8d1f\u8f7d\u8d44\u6e90\u81ea\u52a8\u6c34\u5e73\u4f38\u7f29 Pod \u526f\u672c\u3002
\u672c\u8282\u4ecb\u7ecd\u5982\u4f55\u5b89\u88c5 metrics-server \u3002
"},{"location":"end-user/kpanda/scale/install-metrics-server.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u5b89\u88c5 metrics-server \u63d2\u4ef6\u524d\uff0c\u9700\u8981\u6ee1\u8db3\u4ee5\u4e0b\u524d\u63d0\u6761\u4ef6\uff1a
\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u5df2\u63a5\u5165 Kubernetes \u96c6\u7fa4\u6216\u8005\u5df2\u521b\u5efa Kubernetes \u96c6\u7fa4\uff0c\u4e14\u80fd\u591f\u8bbf\u95ee\u96c6\u7fa4\u7684 UI \u754c\u9762\u3002
\u5df2\u5b8c\u6210\u4e00\u4e2a\u547d\u540d\u7a7a\u95f4\u7684\u521b\u5efa\u3002
\u5f53\u524d\u64cd\u4f5c\u7528\u6237\u5e94\u5177\u6709 NS Editor \u6216\u66f4\u9ad8\u6743\u9650\uff0c\u8be6\u60c5\u53ef\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u6388\u6743\u3002
\u8bf7\u6267\u884c\u5982\u4e0b\u6b65\u9aa4\u4e3a\u96c6\u7fa4\u5b89\u88c5 metrics-server \u63d2\u4ef6\u3002
\u5728\u5de5\u4f5c\u8d1f\u8f7d\u8be6\u60c5\u4e0b\u7684\u5f39\u6027\u4f38\u7f29\u9875\u9762\uff0c\u70b9\u51fb \u53bb\u5b89\u88c5 \uff0c\u8fdb\u5165 metrics-server \u63d2\u4ef6\u5b89\u88c5\u754c\u9762\u3002
\u9605\u8bfb metrics-server \u63d2\u4ef6\u76f8\u5173\u4ecb\u7ecd\uff0c\u9009\u62e9\u7248\u672c\u540e\u70b9\u51fb \u5b89\u88c5 \u6309\u94ae\u3002\u672c\u6587\u5c06\u4ee5 3.8.2 \u7248\u672c\u4e3a\u4f8b\u8fdb\u884c\u5b89\u88c5\uff0c\u63a8\u8350\u60a8\u5b89\u88c5 3.8.2 \u53ca\u66f4\u9ad8\u7248\u672c\u3002
\u5728\u5b89\u88c5\u914d\u7f6e\u754c\u9762\u914d\u7f6e\u57fa\u672c\u53c2\u6570\u3002
Note
\u5f00\u542f \u5c31\u7eea\u7b49\u5f85 \u548c/\u6216 \u5931\u8d25\u5220\u9664 \u540e\uff0c\u5e94\u7528\u9700\u8981\u7ecf\u8fc7\u8f83\u957f\u65f6\u95f4\u624d\u4f1a\u88ab\u6807\u8bb0\u4e3a \u8fd0\u884c\u4e2d \u72b6\u6001\u3002
\u9ad8\u7ea7\u53c2\u6570\u914d\u7f6e
\u5982\u679c\u96c6\u7fa4\u7f51\u7edc\u65e0\u6cd5\u8bbf\u95ee k8s.gcr.io
\u4ed3\u5e93\uff0c\u8bf7\u5c1d\u8bd5\u4fee\u6539 repositort
\u53c2\u6570\u4e3a repository: k8s.m.daocloud.io/metrics-server/metrics-server
\u5b89\u88c5 metrics-server \u63d2\u4ef6\u8fd8\u9700\u63d0\u4f9b SSL \u8bc1\u4e66\u3002\u5982\u9700\u7ed5\u8fc7\u8bc1\u4e66\u6821\u9a8c\uff0c\u9700\u8981\u5728 defaultArgs:
\u5904\u6dfb\u52a0 - --kubelet-insecure-tls
\u53c2\u6570\u3002
image:\n repository: k8s.m.daocloud.io/metrics-server/metrics-server # \u5c06\u4ed3\u5e93\u6e90\u5730\u5740\u4fee\u6539\u4e3a k8s.m.daocloud.io\n tag: ''\n pullPolicy: IfNotPresent\nimagePullSecrets: []\nnameOverride: ''\nfullnameOverride: ''\nserviceAccount:\n create: true\n annotations: {}\n name: ''\nrbac:\n create: true\n pspEnabled: false\napiService:\n create: true\npodLabels: {}\npodAnnotations: {}\npodSecurityContext: {}\nsecurityContext:\n allowPrivilegeEscalation: false\n readOnlyRootFilesystem: true\n runAsNonRoot: true\n runAsUser: 1000\npriorityClassName: system-cluster-critical\ncontainerPort: 4443\nhostNetwork:\n enabled: false\nreplicas: 1\nupdateStrategy: {}\npodDisruptionBudget:\n enabled: false\n minAvailable: null\n maxUnavailable: null\ndefaultArgs:\n - '--cert-dir=/tmp'\n - '--kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname'\n - '--kubelet-use-node-status-port'\n - '--metric-resolution=15s'\n - --kubelet-insecure-tls # \u7ed5\u8fc7\u8bc1\u4e66\u6821\u9a8c\nargs: []\nlivenessProbe:\n httpGet:\n path: /livez\n port: https\n scheme: HTTPS\n initialDelaySeconds: 0\n periodSeconds: 10\n failureThreshold: 3\nreadinessProbe:\n httpGet:\n path: /readyz\n port: https\n scheme: HTTPS\n initialDelaySeconds: 20\n periodSeconds: 10\n failureThreshold: 3\nservice:\n type: ClusterIP\n port: 443\n annotations: {}\n labels: {}\nmetrics:\n enabled: false\nserviceMonitor:\n enabled: false\n additionalLabels: {}\n interval: 1m\n scrapeTimeout: 10s\nresources: {}\nextraVolumeMounts: []\nextraVolumes: []\nnodeSelector: {}\ntolerations: []\naffinity: {}\n
\u70b9\u51fb \u786e\u5b9a \u6309\u94ae\uff0c\u5b8c\u6210 metrics-server \u63d2\u4ef6\u7684\u5b89\u88c5\uff0c\u4e4b\u540e\u7cfb\u7edf\u5c06\u81ea\u52a8\u8df3\u8f6c\u81f3 Helm \u5e94\u7528 \u5217\u8868\u9875\u9762\uff0c \u7a0d\u7b49\u51e0\u5206\u949f\u540e\uff0c\u4e3a\u9875\u9762\u6267\u884c\u5237\u65b0\u64cd\u4f5c\uff0c\u5373\u53ef\u770b\u5230\u521a\u521a\u5b89\u88c5\u7684\u5e94\u7528\u3002
Note
\u5220\u9664 metrics-server \u63d2\u4ef6\u65f6\uff0c\u5728 Helm \u5e94\u7528 \u5217\u8868\u9875\u9762\u624d\u80fd\u5f7b\u5e95\u5220\u9664\u8be5\u63d2\u4ef6\u3002\u5982\u679c\u4ec5\u5728\u5de5\u4f5c\u8d1f\u8f7d\u9875\u9762\u5220\u9664 metrics-server \uff0c \u8fd9\u53ea\u662f\u5220\u9664\u4e86\u8be5\u5e94\u7528\u7684\u5de5\u4f5c\u8d1f\u8f7d\u526f\u672c\uff0c\u5e94\u7528\u672c\u8eab\u4ecd\u672a\u5220\u9664\uff0c\u540e\u7eed\u91cd\u65b0\u5b89\u88c5\u8be5\u63d2\u4ef6\u65f6\u4e5f\u4f1a\u63d0\u793a\u9519\u8bef\u3002
"},{"location":"end-user/kpanda/scale/install-vpa.html","title":"\u5b89\u88c5 vpa \u63d2\u4ef6","text":"\u5bb9\u5668\u5782\u76f4\u6269\u7f29\u5bb9\u7b56\u7565\uff08Vertical Pod Autoscaler, VPA\uff09\u80fd\u591f\u8ba9\u96c6\u7fa4\u7684\u8d44\u6e90\u914d\u7f6e\u66f4\u52a0\u5408\u7406\uff0c\u907f\u514d\u96c6\u7fa4\u8d44\u6e90\u6d6a\u8d39\u3002 vpa \u5219\u662f\u5b9e\u73b0\u5bb9\u5668\u5782\u76f4\u6269\u7f29\u5bb9\u7684\u5173\u952e\u7ec4\u4ef6\u3002
\u672c\u8282\u4ecb\u7ecd\u5982\u4f55\u5b89\u88c5 vpa \u63d2\u4ef6\u3002
\u4e3a\u4e86\u4f7f\u7528 VPA \u7b56\u7565\uff0c\u4e0d\u4ec5\u9700\u8981\u5b89\u88c5 __vpa__ \u63d2\u4ef6\uff0c\u8fd8\u8981[\u5b89\u88c5 __metrics-server__ \u63d2\u4ef6](install-metrics-server.md)\u3002\n
"},{"location":"end-user/kpanda/scale/install-vpa.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u5b89\u88c5 vpa \u63d2\u4ef6\u4e4b\u524d\uff0c\u9700\u8981\u6ee1\u8db3\u4ee5\u4e0b\u524d\u63d0\u6761\u4ef6\uff1a
\u5728\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u4e2d\u63a5\u5165 Kubernetes \u96c6\u7fa4\u6216\u8005\u7ba1\u7406\u5458\u5df2\u4e3a\u7528\u6237\u521b\u5efa\u4e86\u96c6\u7fa4\uff0c\u4e14\u80fd\u591f\u8bbf\u95ee\u96c6\u7fa4\u7684 UI \u754c\u9762\u3002
\u521b\u5efa\u4e00\u4e2a\u547d\u540d\u7a7a\u95f4\u3002
\u5f53\u524d\u64cd\u4f5c\u7528\u6237\u5e94\u5177\u6709 NS Editor \u6216\u66f4\u9ad8\u6743\u9650\uff0c\u8be6\u60c5\u53ef\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u6388\u6743\u3002
\u53c2\u8003\u5982\u4e0b\u6b65\u9aa4\u4e3a\u96c6\u7fa4\u5b89\u88c5 vpa \u63d2\u4ef6\u3002
\u5728 \u96c6\u7fa4\u5217\u8868 \u9875\u9762\u627e\u5230\u9700\u8981\u5b89\u88c5\u6b64\u63d2\u4ef6\u7684\u76ee\u6807\u96c6\u7fa4\uff0c\u70b9\u51fb\u8be5\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u7136\u540e\u5728\u5de6\u4fa7\u70b9\u51fb \u5de5\u4f5c\u8d1f\u8f7d -> \u65e0\u72b6\u6001\u5de5\u4f5c\u8d1f\u8f7d \uff0c\u70b9\u51fb\u76ee\u6807\u5de5\u4f5c\u8d1f\u8f7d\u7684\u540d\u79f0\u3002
\u5728\u5de5\u4f5c\u8d1f\u8f7d\u8be6\u60c5\u9875\u9762\uff0c\u70b9\u51fb \u5f39\u6027\u4f38\u7f29 \u9875\u7b7e\uff0c\u5728 VPA \u53f3\u4fa7\u70b9\u51fb \u5b89\u88c5 \u3002
3. \u9605\u8bfb\u8be5\u63d2\u4ef6\u7684\u76f8\u5173\u4ecb\u7ecd\uff0c\u9009\u62e9\u7248\u672c\u540e\u70b9\u51fb \u5b89\u88c5 \u6309\u94ae\u3002\u63a8\u8350\u5b89\u88c5 1.5.0 \u6216\u66f4\u9ad8\u7248\u672c\u3002
4. \u67e5\u770b\u4ee5\u4e0b\u8bf4\u660e\u914d\u7f6e\u53c2\u6570\u3002
- \u540d\u79f0\uff1a\u8f93\u5165\u63d2\u4ef6\u540d\u79f0\uff0c\u8bf7\u6ce8\u610f\u540d\u79f0\u6700\u957f 63 \u4e2a\u5b57\u7b26\uff0c\u53ea\u80fd\u5305\u542b\u5c0f\u5199\u5b57\u6bcd\u3001\u6570\u5b57\u53ca\u5206\u9694\u7b26\uff08\u201c-\u201d\uff09\uff0c\u4e14\u5fc5\u987b\u4ee5\u5c0f\u5199\u5b57\u6bcd\u6216\u6570\u5b57\u5f00\u5934\u53ca\u7ed3\u5c3e\uff0c\u4f8b\u5982 kubernetes-cronhpa-controller\u3002 - \u547d\u540d\u7a7a\u95f4\uff1a\u9009\u62e9\u5c06\u63d2\u4ef6\u5b89\u88c5\u5728\u54ea\u4e2a\u547d\u540d\u7a7a\u95f4\uff0c\u6b64\u5904\u4ee5 default \u4e3a\u4f8b\u3002 - \u7248\u672c\uff1a\u63d2\u4ef6\u7684\u7248\u672c\uff0c\u6b64\u5904\u4ee5 4.5.0 \u7248\u672c\u4e3a\u4f8b\u3002 - \u5c31\u7eea\u7b49\u5f85\uff1a\u542f\u7528\u540e\uff0c\u5c06\u7b49\u5f85\u5e94\u7528\u4e0b\u7684\u6240\u6709\u5173\u8054\u8d44\u6e90\u90fd\u5904\u4e8e\u5c31\u7eea\u72b6\u6001\uff0c\u624d\u4f1a\u6807\u8bb0\u5e94\u7528\u5b89\u88c5\u6210\u529f\u3002 - \u5931\u8d25\u5220\u9664\uff1a\u5982\u679c\u63d2\u4ef6\u5b89\u88c5\u5931\u8d25\uff0c\u5219\u5220\u9664\u5df2\u7ecf\u5b89\u88c5\u7684\u5173\u8054\u8d44\u6e90\u3002\u5f00\u542f\u540e\uff0c\u5c06\u9ed8\u8ba4\u540c\u6b65\u5f00\u542f \u5c31\u7eea\u7b49\u5f85 \u3002 - \u8be6\u60c5\u65e5\u5fd7\uff1a\u5f00\u542f\u540e\uff0c\u5c06\u8bb0\u5f55\u5b89\u88c5\u8fc7\u7a0b\u7684\u8be6\u7ec6\u65e5\u5fd7\u3002
Note
\u5f00\u542f \u5c31\u7eea\u7b49\u5f85 \u548c/\u6216 \u5931\u8d25\u5220\u9664 \u540e\uff0c\u5e94\u7528\u9700\u8981\u7ecf\u8fc7\u8f83\u957f\u65f6\u95f4\u624d\u4f1a\u88ab\u6807\u8bb0\u4e3a\u201c\u8fd0\u884c\u4e2d\u201d\u72b6\u6001\u3002
\u5728\u9875\u9762\u53f3\u4e0b\u89d2\u70b9\u51fb \u786e\u5b9a \uff0c\u7cfb\u7edf\u5c06\u81ea\u52a8\u8df3\u8f6c\u81f3 Helm \u5e94\u7528 \u5217\u8868\u9875\u9762\u3002\u7a0d\u7b49\u51e0\u5206\u949f\u540e\u5237\u65b0\u9875\u9762\u4f5c\uff0c\u5373\u53ef\u770b\u5230\u521a\u521a\u5b89\u88c5\u7684\u5e94\u7528\u3002
Warning
\u5982\u9700\u5220\u9664 vpa \u63d2\u4ef6\uff0c\u5e94\u5728 Helm \u5e94\u7528 \u5217\u8868\u9875\u9762\u624d\u80fd\u5c06\u5176\u5f7b\u5e95\u5220\u9664\u3002
\u5982\u679c\u5728\u5de5\u4f5c\u8d1f\u8f7d\u7684 \u5f39\u6027\u4f38\u7f29 \u9875\u7b7e\u4e0b\u5220\u9664\u63d2\u4ef6\uff0c\u8fd9\u53ea\u662f\u5220\u9664\u4e86\u8be5\u63d2\u4ef6\u7684\u5de5\u4f5c\u8d1f\u8f7d\u526f\u672c\uff0c\u63d2\u4ef6\u672c\u8eab\u4ecd\u672a\u5220\u9664\uff0c\u540e\u7eed\u91cd\u65b0\u5b89\u88c5\u8be5\u63d2\u4ef6\u65f6\u4e5f\u4f1a\u63d0\u793a\u9519\u8bef\u3002
\u56de\u5230\u5de5\u4f5c\u8d1f\u8f7d\u8be6\u60c5\u9875\u9762\u4e0b\u7684 \u5f39\u6027\u4f38\u7f29 \u9875\u7b7e\uff0c\u53ef\u4ee5\u770b\u5230\u754c\u9762\u663e\u793a \u63d2\u4ef6\u5df2\u5b89\u88c5 \u3002\u73b0\u5728\u53ef\u4ee5\u5f00\u59cb\u521b\u5efa VPA \u7b56\u7565\u4e86\u3002
Knative \u662f\u4e00\u4e2a\u9762\u5411\u65e0\u670d\u52a1\u5668\u90e8\u7f72\u7684\u8de8\u5e73\u53f0\u89e3\u51b3\u65b9\u6848\u3002
"},{"location":"end-user/kpanda/scale/knative/install.html#_2","title":"\u6b65\u9aa4","text":"\u767b\u5f55\u96c6\u7fa4\uff0c\u70b9\u51fb\u4fa7\u8fb9\u680f Helm \u5e94\u7528 -> Helm \u6a21\u677f \uff0c\u5728\u53f3\u4fa7\u4e0a\u65b9\u641c\u7d22\u6846\u8f93\u5165 knative \uff0c\u7136\u540e\u6309\u56de\u8f66\u952e\u641c\u7d22\u3002
\u70b9\u51fb\u641c\u7d22\u51fa\u7684 knative-operator \uff0c\u8fdb\u5165\u5b89\u88c5\u914d\u7f6e\u754c\u9762\u3002\u4f60\u53ef\u4ee5\u5728\u8be5\u754c\u9762\u67e5\u770b\u53ef\u7528\u7248\u672c\u4ee5\u53ca Helm values \u7684 Parameters \u53ef\u9009\u9879\u3002
\u70b9\u51fb\u5b89\u88c5\u6309\u94ae\u540e\uff0c\u8fdb\u5165\u5b89\u88c5\u914d\u7f6e\u754c\u9762\u3002
\u8f93\u5165\u540d\u79f0\uff0c\u5b89\u88c5\u79df\u6237\uff0c\u5efa\u8bae\u52fe\u9009 \u5c31\u7eea\u7b49\u5f85 \u548c \u8be6\u7ec6\u65e5\u5fd7 \u3002
\u5728\u4e0b\u65b9\u8bbe\u7f6e\uff0c\u53ef\u4ee5\u52fe\u9009 Serving \uff0c\u5e76\u8f93\u5165 Knative Serving \u7ec4\u4ef6\u7684\u5b89\u88c5\u79df\u6237\uff0c\u4f1a\u5728\u5b89\u88c5\u540e\u90e8\u7f72 Knative Serving \u7ec4\u4ef6\uff0c\u8be5\u7ec4\u4ef6\u7531 Knative Operator \u7ba1\u7406\u3002
Knative \u63d0\u4f9b\u4e86\u4e00\u79cd\u66f4\u9ad8\u5c42\u6b21\u7684\u62bd\u8c61\uff0c\u7b80\u5316\u5e76\u52a0\u901f\u4e86\u5728 Kubernetes \u4e0a\u6784\u5efa\u3001\u90e8\u7f72\u548c\u7ba1\u7406\u5e94\u7528\u7684\u8fc7\u7a0b\u3002\u5b83\u4f7f\u5f97\u5f00\u53d1\u4eba\u5458\u80fd\u591f\u66f4\u4e13\u6ce8\u4e8e\u4e1a\u52a1\u903b\u8f91\u7684\u5b9e\u73b0\uff0c\u800c\u5c06\u5927\u90e8\u5206\u57fa\u7840\u8bbe\u65bd\u548c\u8fd0\u7ef4\u5de5\u4f5c\u4ea4\u7ed9 Knative \u53bb\u5904\u7406\uff0c\u4ece\u800c\u663e\u8457\u63d0\u9ad8\u751f\u4ea7\u529b\u3002
"},{"location":"end-user/kpanda/scale/knative/knative.html#_1","title":"\u7ec4\u4ef6","text":"knative-operator \u8fd0\u884c\u7ec4\u4ef6\u5982\u4e0b\u3002
knative-operator knative-operator-58f7d7db5c-7f6r5 1/1 Running 0 6m55s\nknative-operator operator-webhook-667dc67bc-qvrv4 1/1 Running 0 6m55s\n
knative-serving \u7ec4\u4ef6\u5982\u4e0b\u3002
knative-serving 3scale-kourier-gateway-d69fbfbd-bd8d8 1/1 Running 0 7m13s\nknative-serving activator-7c6fddd698-wdlng 1/1 Running 0 7m3s\nknative-serving autoscaler-8f4b876bb-kd25p 1/1 Running 0 7m17s\nknative-serving autoscaler-hpa-5f7f74679c-vkc7p 1/1 Running 0 7m15s\nknative-serving controller-789c896c46-tfvsv 1/1 Running 0 7m17s\nknative-serving net-kourier-controller-7db578c889-7gd5l 1/1 Running 0 7m14s\nknative-serving webhook-5c88b94c5-78x7m 1/1 Running 0 7m1s\nknative-serving storage-version-migration-serving-serving-1.12.2-t7zvd 0/1 Completed 0 7m15s\n
\u7ec4\u4ef6 \u4f5c\u7528 Activator \u5bf9\u8bf7\u6c42\u6392\u961f\uff08\u5982\u679c\u4e00\u4e2a Knative Service \u5df2\u7ecf\u7f29\u51cf\u5230\u96f6\uff09\u3002\u8c03\u7528 autoscaler\uff0c\u5c06\u7f29\u51cf\u5230 0 \u7684\u670d\u52a1\u6062\u590d\u5e76\u8f6c\u53d1\u6392\u961f\u7684\u8bf7\u6c42\u3002Activator \u8fd8\u53ef\u4ee5\u5145\u5f53\u8bf7\u6c42\u7f13\u51b2\u5668\uff0c\u5904\u7406\u7a81\u53d1\u6d41\u91cf\u3002 Autoscaler Autoscaler \u8d1f\u8d23\u6839\u636e\u914d\u7f6e\u3001\u6307\u6807\u548c\u8fdb\u5165\u7684\u8bf7\u6c42\u6765\u7f29\u653e Knative \u670d\u52a1\u3002 Controller \u7ba1\u7406 Knative CR \u7684\u72b6\u6001\u3002\u5b83\u4f1a\u76d1\u89c6\u591a\u4e2a\u5bf9\u8c61\uff0c\u7ba1\u7406\u4f9d\u8d56\u8d44\u6e90\u7684\u751f\u547d\u5468\u671f\uff0c\u5e76\u66f4\u65b0\u8d44\u6e90\u72b6\u6001\u3002 Queue-Proxy Sidecar \u5bb9\u5668\uff0c\u6bcf\u4e2a Knative Service \u90fd\u4f1a\u6ce8\u5165\u4e00\u4e2a\u3002\u8d1f\u8d23\u6536\u96c6\u6d41\u91cf\u6570\u636e\u5e76\u62a5\u544a\u7ed9 Autoscaler\uff0cAutoscaler \u6839\u636e\u8fd9\u4e9b\u6570\u636e\u548c\u9884\u8bbe\u7684\u89c4\u5219\u6765\u53d1\u8d77\u6269\u5bb9\u6216\u7f29\u5bb9\u8bf7\u6c42\u3002 Webhooks Knative Serving \u6709\u51e0\u4e2a Webhooks \u8d1f\u8d23\u9a8c\u8bc1\u548c\u53d8\u66f4 Knative \u8d44\u6e90\u3002"},{"location":"end-user/kpanda/scale/knative/knative.html#ingress","title":"Ingress \u6d41\u91cf\u5165\u53e3\u65b9\u6848","text":"\u65b9\u6848 \u9002\u7528\u573a\u666f Istio \u5982\u679c\u5df2\u7ecf\u7528\u4e86 Istio\uff0c\u53ef\u4ee5\u9009\u62e9 Istio \u4f5c\u4e3a\u6d41\u91cf\u5165\u53e3\u65b9\u6848\u3002 Contour \u5982\u679c\u96c6\u7fa4\u4e2d\u5df2\u7ecf\u542f\u7528\u4e86 Contour\uff0c\u53ef\u4ee5\u9009\u62e9 Contour \u4f5c\u4e3a\u6d41\u91cf\u5165\u53e3\u65b9\u6848\u3002 Kourier \u5982\u679c\u5728\u6ca1\u6709\u4e0a\u8ff0 2 \u79cd Ingress \u7ec4\u4ef6\u65f6\uff0c\u53ef\u4ee5\u4f7f\u7528 Knative \u57fa\u4e8e Envoy \u5b9e\u73b0\u7684 Kourier Ingress \u4f5c\u4e3a\u6d41\u91cf\u5165\u53e3\u3002"},{"location":"end-user/kpanda/scale/knative/knative.html#autoscaler","title":"Autoscaler \u65b9\u6848\u5bf9\u6bd4","text":"Autoscaler \u7c7b\u578b \u662f\u5426\u4e3a Knative Serving \u6838\u5fc3\u90e8\u5206 \u9ed8\u8ba4\u542f\u7528 Scale to Zero \u652f\u6301 \u57fa\u4e8e CPU \u7684 Autoscaling \u652f\u6301 Knative Pod Autoscaler (KPA) \u662f \u662f \u662f \u5426 Horizontal Pod Autoscaler (HPA) \u5426 \u9700\u5b89\u88c5 Knative Serving \u540e\u542f\u7528 \u5426 \u662f"},{"location":"end-user/kpanda/scale/knative/knative.html#crd","title":"CRD","text":"\u8d44\u6e90\u7c7b\u578b API \u540d\u79f0 \u63cf\u8ff0 Services service.serving.knative.dev \u81ea\u52a8\u7ba1\u7406 Workload \u7684\u6574\u4e2a\u751f\u547d\u5468\u671f\uff0c\u63a7\u5236\u5176\u4ed6\u5bf9\u8c61\u7684\u521b\u5efa\uff0c\u786e\u4fdd\u5e94\u7528\u5177\u6709 Routes\u3001Configurations \u4ee5\u53ca\u6bcf\u6b21\u66f4\u65b0\u65f6\u7684\u65b0 revision\u3002 Routes route.serving.knative.dev \u5c06\u7f51\u7edc\u7aef\u70b9\u6620\u5c04\u5230\u4e00\u4e2a\u6216\u591a\u4e2a\u4fee\u8ba2\u7248\u672c\uff0c\u652f\u6301\u6d41\u91cf\u5206\u914d\u548c\u7248\u672c\u8def\u7531\u3002 Configurations configuration.serving.knative.dev \u7ef4\u62a4\u90e8\u7f72\u7684\u671f\u671b\u72b6\u6001\uff0c\u63d0\u4f9b\u4ee3\u7801\u548c\u914d\u7f6e\u4e4b\u95f4\u7684\u5206\u79bb\uff0c\u9075\u5faa Twelve-Factor \u5e94\u7528\u7a0b\u5e8f\u65b9\u6cd5\u8bba\uff0c\u4fee\u6539\u914d\u7f6e\u4f1a\u521b\u5efa\u65b0\u7684 revision\u3002 Revisions revision.serving.knative.dev \u6bcf\u6b21\u5bf9\u5de5\u4f5c\u8d1f\u8f7d\u4fee\u6539\u7684\u65f6\u95f4\u70b9\u5feb\u7167\uff0c\u662f\u4e0d\u53ef\u53d8\u5bf9\u8c61\uff0c\u53ef\u6839\u636e\u6d41\u91cf\u81ea\u52a8\u6269\u5bb9\u548c\u7f29\u5bb9\u3002"},{"location":"end-user/kpanda/scale/knative/playground.html","title":"Knative \u4f7f\u7528\u5b9e\u8df5","text":"\u5728\u672c\u8282\u4e2d\uff0c\u6211\u4eec\u5c06\u901a\u8fc7\u51e0\u4e2a\u5b9e\u8df5\u6765\u6df1\u5165\u4e86\u89e3\u5b66\u4e60 Knative\u3002
"},{"location":"end-user/kpanda/scale/knative/playground.html#case-1-hello-world","title":"case 1 - Hello World","text":"apiVersion: serving.knative.dev/v1\nkind: Service\nmetadata:\n name: hello\nspec:\n template:\n spec:\n containers:\n - image: m.daocloud.io/ghcr.io/knative/helloworld-go:latest\n ports:\n - containerPort: 8080\n env:\n - name: TARGET\n value: \"World\"\n
\u53ef\u4ee5\u4f7f\u7528 kubectl \u5df2\u90e8\u7f72\u7684\u5e94\u7528\u7684\u72b6\u6001\uff0c\u8fd9\u4e2a\u5e94\u7528\u7531 knative \u81ea\u52a8\u914d\u7f6e\u4e86 ingress \u548c\u4f38\u7f29\u5668\u3002
~ kubectl get service.serving.knative.dev/hello\nNAME URL LATESTCREATED LATESTREADY READY REASON\nhello http://hello.knative-serving.knative.loulan.me hello-00001 hello-00001 True\n
\u90e8\u7f72\u51fa\u7684 Pod YAML \u5982\u4e0b\uff0c\u7531 2 \u4e2a Pod \u7ec4\u6210\uff1auser-container \u548c queue-proxy\u3002
apiVersion: v1\nkind: Pod\nmetadata:\n name: hello-00003-deployment-5fcb8ccbf-7qjfk\nspec:\n containers:\n - name: user-container\n - name: queue-proxy\n
\u8bf7\u6c42\u6d41\uff1a
case3 \u6d41\u91cf\u518d\u53d8\u5c0f\u65f6\uff0c\u6d41\u91cf\u4f4e\u4e8e current_demand + target-burst-capacity > (pods * concurrency-target) \u65f6\u5c06\u518d\u6b21\u8def\u7531\u5230 activator
\u5f85\u5904\u7406\u7684\u8bf7\u6c42\u603b\u6570 + \u80fd\u63a5\u53d7\u7684\u8d85\u8fc7\u76ee\u6807\u5e76\u53d1\u6570\u7684\u8bf7\u6c42\u6570\u91cf > \u6bcf\u4e2a Pod \u7684\u76ee\u6807\u5e76\u53d1\u6570 * Pod \u6570\u91cf
\u6211\u4eec\u9996\u5148\u5728\u96c6\u7fa4\u5e94\u7528\u4e0b\u9762 YAML \u5b9a\u4e49\u3002
apiVersion: serving.knative.dev/v1\nkind: Service\nmetadata:\n name: hello\nspec:\n template:\n metadata:\n annotations:\n autoscaling.knative.dev/target: \"1\"\n autoscaling.knative.dev/class: \"kpa.autoscaling.knative.dev\"\n spec:\n containers:\n - image: m.daocloud.io/ghcr.io/knative/helloworld-go:latest\n ports:\n - containerPort: 8080\n env:\n - name: TARGET\n value: \"World\"\n
\u6267\u884c\u4e0b\u9762\u547d\u4ee4\u6d4b\u8bd5\uff0c\u5e76\u53ef\u4ee5\u901a\u8fc7 kubectl get pods -A -w
\u6765\u89c2\u5bdf\u6269\u5bb9\u7684 Pod\u3002
wrk -t2 -c4 -d6s http://hello.knative-serving.knative.daocloud.io/\n
"},{"location":"end-user/kpanda/scale/knative/playground.html#case-3-","title":"case 3 - \u57fa\u4e8e\u5e76\u53d1\u5f39\u6027\u4f38\u7f29\uff0c\u8fbe\u5230\u7279\u5b9a\u6bd4\u4f8b\u63d0\u524d\u6269\u5bb9","text":"\u6211\u4eec\u53ef\u4ee5\u5f88\u8f7b\u677e\u7684\u5b9e\u73b0\uff0c\u4f8b\u5982\u9650\u5236\u6bcf\u4e2a\u5bb9\u5668\u5e76\u53d1\u4e3a 10\uff0c\u53ef\u4ee5\u901a\u8fc7 autoscaling.knative.dev/target-utilization-percentage: 70
\u6765\u5b9e\u73b0\uff0c\u8fbe\u5230 70% \u5c31\u5f00\u59cb\u6269\u5bb9 Pod\u3002
apiVersion: serving.knative.dev/v1\nkind: Service\nmetadata:\n name: hello\nspec:\n template:\n metadata:\n annotations:\n autoscaling.knative.dev/target: \"10\"\n autoscaling.knative.dev/class: \"kpa.autoscaling.knative.dev\"\n \u00a0 \u00a0 \u00a0 \u00a0autoscaling.knative.dev/target-utilization-percentage: \"70\" \n \u00a0 \u00a0 \u00a0 \u00a0autoscaling.knative.dev/metric: \"concurrency\"\n \u00a0 \u00a0 spec:\n containers:\n - image: m.daocloud.io/ghcr.io/knative/helloworld-go:latest\n ports:\n - containerPort: 8080\n env:\n - name: TARGET\n value: \"World\"\n
"},{"location":"end-user/kpanda/scale/knative/playground.html#case-4-","title":"case 4 - \u7070\u5ea6\u53d1\u5e03/\u6d41\u91cf\u767e\u5206\u6bd4","text":"\u6211\u4eec\u53ef\u4ee5\u901a\u8fc7 spec.traffic
\u5b9e\u73b0\u5230\u6bcf\u4e2a\u7248\u672c\u6d41\u91cf\u7684\u63a7\u5236\u3002
apiVersion: serving.knative.dev/v1\nkind: Service\nmetadata:\n name: hello\nspec:\n template:\n metadata:\n annotations:\n autoscaling.knative.dev/target: \"1\" \n autoscaling.knative.dev/class: \"kpa.autoscaling.knative.dev\" \n spec:\n containers:\n - image: m.daocloud.io/ghcr.io/knative/helloworld-go:latest\n ports:\n - containerPort: 8080\n env:\n - name: TARGET\n value: \"World\"\n traffic:\n - latestRevision: true\n percent: 50\n - latestRevision: false\n percent: 50\n revisionName: hello-00001\n
"},{"location":"end-user/kpanda/scale/knative/scene.html","title":"\u4f7f\u7528\u573a\u666f","text":""},{"location":"end-user/kpanda/scale/knative/scene.html#_2","title":"\u9002\u5408\u7684\u573a\u666f","text":"Tip
\u77ed\u8fde\u63a5\u9ad8\u5e76\u53d1\u4e1a\u52a1\u4ee5\u53ca\u9700\u8981\u5f39\u6027\u4f38\u7f29\u7684\u4e1a\u52a1\uff0c\u63a8\u8350\u4f7f\u7528 HPA \u548c VPA \u80fd\u529b\u3002
"},{"location":"end-user/kpanda/scale/knative/scene.html#_3","title":"\u4e0d\u9002\u5408\u7684\u573a\u666f","text":"\u5728Kubernetes\uff08\u7b80\u79f0K8s\uff09\u73af\u5883\u4e2d\uff0c\u5b89\u5168\u626b\u63cf\u662f\u786e\u4fdd\u96c6\u7fa4\u5b89\u5168\u6027\u7684\u5173\u952e\u63aa\u65bd\u4e4b\u4e00\u3002\u5176\u4e2d\uff0c\u5408\u89c4\u6027\u626b\u63cf\uff08\u57fa\u4e8eCIS Benchmark\uff09\u3001\u6743\u9650\u626b\u63cf\uff08\u57fa\u4e8ekube-audit\u5ba1\u8ba1\u529f\u80fd\uff09\u3001\u6f0f\u6d1e\u626b\u63cf\uff08\u57fa\u4e8e kube-hunter\uff09\u662f\u4e09\u79cd\u5e38\u89c1\u4e14\u91cd\u8981\u7684\u5b89\u5168\u626b\u63cf\u624b\u6bb5\uff1a
\u5408\u89c4\u6027\u626b\u63cf\uff1a\u57fa\u4e8e CIS Benchmark \u5bf9\u96c6\u7fa4\u8282\u70b9\u8fdb\u884c\u5b89\u5168\u626b\u63cf\u3002CIS Benchmark \u662f\u4e00\u5957\u5168\u7403\u516c\u8ba4\u7684\u6700\u4f73\u5b9e\u8df5\u6807\u51c6\uff0c\u4e3a Kubernetes \u96c6\u7fa4\u63d0\u4f9b\u4e86\u8be6\u7ec6\u7684\u5b89\u5168\u914d\u7f6e\u6307\u5357\u548c\u81ea\u52a8\u5316\u68c0\u67e5\u5de5\u5177\uff08\u5982Kube-Bench\uff09\uff0c\u5e2e\u52a9\u7ec4\u7ec7\u786e\u4fdd\u5176K8s\u96c6\u7fa4\u7b26\u5408\u5b89\u5168\u57fa\u7ebf\u8981\u6c42\uff0c\u4fdd\u62a4\u7cfb\u7edf\u548c\u6570\u636e\u514d\u53d7\u5a01\u80c1\u3002
\u6743\u9650\u626b\u63cf\uff1a\u57fa\u4e8ekube-audit\u5ba1\u8ba1\u529f\u80fd\u3002\u6743\u9650\u626b\u63cf\u4e3b\u8981\u89e3\u51b3\u96c6\u7fa4\u8bbf\u95ee\u63a7\u5236\u548c\u64cd\u4f5c\u900f\u660e\u5ea6\u7684\u95ee\u9898\u3002\u901a\u8fc7\u5ba1\u8ba1\u65e5\u5fd7\uff0c\u96c6\u7fa4\u7ba1\u7406\u5458\u80fd\u591f\u8ffd\u6eaf\u96c6\u7fa4\u8d44\u6e90\u7684\u8bbf\u95ee\u5386\u53f2\uff0c\u8bc6\u522b\u5f02\u5e38\u884c\u4e3a\uff0c\u5982\u672a\u7ecf\u6388\u6743\u7684\u8bbf\u95ee\u3001\u654f\u611f\u6570\u636e\u7684\u6cc4\u9732\u3001\u6709\u5b89\u5168\u6f0f\u6d1e\u7684\u64cd\u4f5c\u8bb0\u5f55\u7b49\u3002\u8fd9\u5bf9\u4e8e\u6545\u969c\u6392\u67e5\u3001\u5b89\u5168\u4e8b\u4ef6\u54cd\u5e94\u4ee5\u53ca\u6ee1\u8db3\u5408\u89c4\u6027\u8981\u6c42\u81f3\u5173\u91cd\u8981\u3002\u6b64\u5916\uff0c\u6743\u9650\u626b\u63cf\u8fd8\u53ef\u4ee5\u5e2e\u52a9\u7ec4\u7ec7\u53d1\u73b0\u6f5c\u5728\u7684\u6743\u9650\u6ee5\u7528\u95ee\u9898\uff0c\u53ca\u65f6\u91c7\u53d6\u63aa\u65bd\u9632\u6b62\u5b89\u5168\u4e8b\u4ef6\u7684\u53d1\u751f\u3002
\u6f0f\u6d1e\u626b\u63cf\uff1a\u57fa\u4e8e kube-hunter\uff0c\u4e3b\u8981\u89e3\u51b3 Kubernetes \u96c6\u7fa4\u4e2d\u5b58\u5728\u7684\u5df2\u77e5\u6f0f\u6d1e\u548c\u914d\u7f6e\u9519\u8bef\u95ee\u9898\u3002kube-hunter \u901a\u8fc7\u6a21\u62df\u653b\u51fb\u884c\u4e3a\uff0c\u80fd\u591f\u8bc6\u522b\u96c6\u7fa4\u4e2d\u53ef\u88ab\u6076\u610f\u5229\u7528\u7684\u6f0f\u6d1e\uff0c\u5982\u672a\u6388\u6743\u8bbf\u95ee\u3001\u66b4\u9732\u7684\u670d\u52a1\u548cAPI\u7aef\u70b9\u3001\u914d\u7f6e\u9519\u8bef\u7684\u89d2\u8272\u548c\u7ed1\u5b9a\u7b56\u7565\u7b49\u3002\u7279\u522b\u5730\uff0ckube-hunter\u80fd\u591f\u8bc6\u522b\u5e76\u62a5\u544a CVE \u6f0f\u6d1e\uff0c\u8fd9\u4e9b\u6f0f\u6d1e\u5982\u679c\u88ab\u6076\u610f\u5229\u7528\uff0c\u53ef\u80fd\u5bfc\u81f4\u6570\u636e\u6cc4\u9732\u3001\u670d\u52a1\u4e2d\u65ad\u7b49\u4e25\u91cd\u540e\u679c\u3002CVE \u6f0f\u6d1e\u662f\u7531\u56fd\u9645\u77e5\u540d\u7684\u5b89\u5168\u7ec4\u7ec7\u5982MITRE\u6240\u5b9a\u4e49\u548c\u7ef4\u62a4\u7684\uff0cCVE\u6570\u636e\u5e93\u4e3a\u8f6f\u4ef6\u548c\u56fa\u4ef6\u4e2d\u7684\u5df2\u77e5\u6f0f\u6d1e\u63d0\u4f9b\u4e86\u552f\u4e00\u6807\u8bc6\u7b26\uff0c\u6210\u4e3a\u5168\u7403\u5b89\u5168\u793e\u533a\u5171\u540c\u9075\u5faa\u7684\u6807\u51c6\u3002kube-hunter \u901a\u8fc7\u5229\u7528 CVE \u6570\u636e\u5e93\u4e2d\u7684\u4fe1\u606f\uff0c\u80fd\u591f\u5e2e\u52a9\u7528\u6237\u5feb\u901f\u8bc6\u522b\u5e76\u54cd\u5e94Kubernetes\u96c6\u7fa4\u4e2d\u7684\u5b89\u5168\u5a01\u80c1\u3002
\u5408\u89c4\u6027\u626b\u63cf\u7684\u5bf9\u8c61\u662f\u96c6\u7fa4\u8282\u70b9\u3002\u626b\u63cf\u7ed3\u679c\u4e2d\u4f1a\u5217\u51fa\u626b\u63cf\u9879\u4ee5\u53ca\u626b\u63cf\u7ed3\u679c\uff0c\u5e76\u9488\u5bf9\u672a\u901a\u8fc7\u7684\u626b\u63cf\u9879\u7ed9\u51fa\u4fee\u590d\u5efa\u8bae\u3002\u6709\u5173\u626b\u63cf\u65f6\u7528\u5230\u7684\u5177\u4f53\u5b89\u5168\u89c4\u5219\uff0c\u53ef\u53c2\u8003 CIS Kubernetes Benchmark
\u68c0\u67e5\u4e0d\u540c\u7c7b\u578b\u7684\u8282\u70b9\u65f6\uff0c\u626b\u63cf\u7684\u4fa7\u91cd\u70b9\u6709\u6240\u4e0d\u540c\u3002
\u626b\u63cf\u63a7\u5236\u5e73\u9762\u8282\u70b9\uff08Controller\uff09
\u626b\u63cf\u5de5\u4f5c\u8282\u70b9\uff08Worker\uff09
Tip
\u4f7f\u7528\u5408\u89c4\u6027\u626b\u63cf\u65f6\uff0c\u9700\u8981\u5148\u521b\u5efa\u626b\u63cf\u914d\u7f6e\uff0c\u7136\u540e\u57fa\u4e8e\u8be5\u914d\u7f6e\u521b\u5efa\u626b\u63cf\u7b56\u7565\u3002\u6267\u884c\u626b\u63cf\u7b56\u7565\u4e4b\u540e\uff0c\u53ef\u4ee5\u67e5\u770b\u626b\u63cf\u62a5\u544a\u3002
"},{"location":"end-user/kpanda/security/index.html#_3","title":"\u6743\u9650\u626b\u63cf","text":"\u6743\u9650\u626b\u63cf\u4fa7\u91cd\u4e8e\u6743\u9650\u95ee\u9898\u5f15\u53d1\u7684\u5b89\u5168\u6f0f\u6d1e\u3002\u6743\u9650\u626b\u63cf\u53ef\u4ee5\u5e2e\u52a9\u7528\u6237\u8bc6\u522b Kubernetes \u96c6\u7fa4\u4e2d\u7684\u5b89\u5168\u5a01\u80c1\uff0c\u6807\u8bc6\u54ea\u4e9b\u8d44\u6e90\u9700\u8981\u8fdb\u884c\u8fdb\u4e00\u6b65\u7684\u5ba1\u67e5\u548c\u4fdd\u62a4\u63aa\u65bd\u3002\u901a\u8fc7\u6267\u884c\u8fd9\u4e9b\u68c0\u67e5\u9879\uff0c\u7528\u6237\u53ef\u4ee5\u66f4\u6e05\u695a\u3001\u66f4\u5168\u9762\u5730\u4e86\u89e3\u81ea\u5df1\u7684 Kubernetes \u73af\u5883\uff0c\u786e\u4fdd\u96c6\u7fa4\u73af\u5883\u7b26\u5408 Kubernetes \u7684\u6700\u4f73\u5b9e\u8df5\u548c\u5b89\u5168\u6807\u51c6\u3002
\u5177\u4f53\u800c\u8a00\uff0c\u6743\u9650\u626b\u63cf\u652f\u6301\u4ee5\u4e0b\u64cd\u4f5c\uff1a
\u626b\u63cf\u96c6\u7fa4\u4e2d\u7684\u6240\u6709\u8282\u70b9\u7684\u5065\u5eb7\u72b6\u6001\u3002
\u626b\u63cf\u96c6\u7fa4\u7ec4\u4ef6\u7684\u8fd0\u884c\u72b6\u51b5\uff0c\u5982 kube-apiserver \u3001 kube-controller-manager \u3001 kube-scheduler \u7b49\u3002
\u626b\u63cf\u5b89\u5168\u914d\u7f6e\uff1a\u68c0\u67e5 Kubernetes \u7684\u5b89\u5168\u914d\u7f6e
\u63d0\u4f9b\u8b66\u544a\u548c\u5efa\u8bae\uff1a\u5efa\u8bae\u96c6\u7fa4\u7ba1\u7406\u5458\u6267\u884c\u7684\u5b89\u5168\u6700\u4f73\u5b9e\u8df5\uff0c\u4f8b\u5982\u5b9a\u671f\u8f6e\u6362\u8bc1\u4e66\u3001\u4f7f\u7528\u5f3a\u5bc6\u7801\u3001\u9650\u5236\u7f51\u7edc\u8bbf\u95ee\u7b49\u3002
Tip
\u4f7f\u7528\u5408\u89c4\u6027\u626b\u63cf\u65f6\uff0c\u9700\u8981\u5148\u521b\u5efa\u626b\u63cf\u7b56\u7565\u3002\u6267\u884c\u626b\u63cf\u7b56\u7565\u4e4b\u540e\uff0c\u53ef\u4ee5\u67e5\u770b\u626b\u63cf\u62a5\u544a\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u5b89\u5168\u626b\u63cf\u3002
"},{"location":"end-user/kpanda/security/index.html#_4","title":"\u6f0f\u6d1e\u626b\u63cf","text":"\u6f0f\u6d1e\u626b\u63cf\u4fa7\u91cd\u4e8e\u626b\u63cf\u6f5c\u5728\u7684\u6076\u610f\u653b\u51fb\u548c\u5b89\u5168\u6f0f\u6d1e\uff0c\u4f8b\u5982\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u3001SQL \u6ce8\u5165\u3001XSS \u653b\u51fb\u7b49\uff0c\u4ee5\u53ca\u4e00\u4e9b\u9488\u5bf9 Kubernetes \u7279\u5b9a\u7684\u653b\u51fb\u3002\u6700\u7ec8\u7684\u626b\u63cf\u62a5\u544a\u4f1a\u5217\u51fa\u96c6\u7fa4\u4e2d\u5b58\u5728\u7684\u5b89\u5168\u6f0f\u6d1e\uff0c\u5e76\u63d0\u51fa\u4fee\u590d\u5efa\u8bae\u3002
Tip
\u4f7f\u7528\u5408\u89c4\u6027\u626b\u63cf\u65f6\uff0c\u9700\u8981\u5148\u521b\u5efa\u626b\u63cf\u7b56\u7565\u3002\u6267\u884c\u626b\u63cf\u7b56\u7565\u4e4b\u540e\uff0c\u53ef\u4ee5\u67e5\u770b\u626b\u63cf\u62a5\u544a\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u6f0f\u6d1e\u626b\u63cf\u3002
"},{"location":"end-user/kpanda/security/audit.html","title":"\u6743\u9650\u626b\u63cf","text":"\u4e3a\u4e86\u4f7f\u7528\u6743\u9650\u626b\u63cf\u529f\u80fd\uff0c\u9700\u8981\u5148\u521b\u5efa\u626b\u63cf\u7b56\u7565\uff0c\u6267\u884c\u8be5\u7b56\u7565\u4e4b\u540e\u4f1a\u81ea\u52a8\u751f\u6210\u626b\u63cf\u62a5\u544a\u4ee5\u4f9b\u67e5\u770b\u3002
"},{"location":"end-user/kpanda/security/audit.html#_2","title":"\u521b\u5efa\u626b\u63cf\u7b56\u7565","text":"\u5728\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u7684\u9996\u9875\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u5b89\u5168\u7ba1\u7406 \u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u6743\u9650\u626b\u63cf \uff0c\u70b9\u51fb \u626b\u63cf\u7b56\u7565 \u9875\u7b7e\uff0c\u5728\u53f3\u4fa7\u70b9\u51fb \u521b\u5efa\u626b\u63cf\u7b56\u7565 \u3002
\u53c2\u8003\u4e0b\u5217\u8bf4\u660e\u586b\u5199\u914d\u7f6e\uff0c\u6700\u540e\u70b9\u51fb \u786e\u5b9a \u5373\u53ef\u3002
\u626b\u63cf\u7c7b\u578b\uff1a
\u626b\u63cf\u62a5\u544a\u4fdd\u7559\u6570\u91cf\uff1a\u8bbe\u7f6e\u6700\u591a\u4fdd\u7559\u591a\u5c11\u626b\u63cf\u62a5\u544a\u3002\u8d85\u8fc7\u6307\u5b9a\u7684\u4fdd\u7559\u6570\u91cf\u65f6\uff0c\u4ece\u6700\u65e9\u7684\u62a5\u544a\u5f00\u59cb\u5220\u9664\u3002
\u521b\u5efa\u626b\u63cf\u7b56\u7565\u4e4b\u540e\uff0c\u53ef\u4ee5\u6839\u636e\u9700\u8981\u66f4\u65b0\u6216\u5220\u9664\u626b\u63cf\u7b56\u7565\u3002
\u5728 \u626b\u63cf\u7b56\u7565 \u9875\u7b7e\u4e0b\uff0c\u70b9\u51fb\u914d\u7f6e\u53f3\u4fa7\u7684 \u2507 \u64cd\u4f5c\u6309\u94ae\uff1a
\u5bf9\u4e8e\u5468\u671f\u6027\u7684\u626b\u63cf\u7b56\u7565\uff1a
\u5bf9\u4e8e\u4e00\u6b21\u6027\u7684\u626b\u63cf\u7b56\u7565\uff1a\u4ec5\u652f\u6301 \u5220\u9664 \u64cd\u4f5c\u3002
\u5728 \u5b89\u5168\u7ba1\u7406 -> \u6743\u9650\u626b\u63cf -> \u626b\u63cf\u62a5\u544a \u9875\u7b7e\u4e0b\uff0c\u70b9\u51fb\u62a5\u544a\u540d\u79f0
\u5728\u62a5\u544a\u53f3\u4fa7\u70b9\u51fb \u5220\u9664 \u53ef\u4ee5\u624b\u52a8\u5220\u9664\u62a5\u544a\u3002
\u67e5\u770b\u626b\u63cf\u62a5\u544a\u5185\u5bb9\uff0c\u5305\u62ec\uff1a
\u68c0\u67e5\u8be6\u60c5\uff0c\u4f8b\u5982\u88ab\u68c0\u67e5\u7684\u8d44\u6e90\u3001\u8d44\u6e90\u7c7b\u578b\u3001\u626b\u63cf\u7ed3\u679c\u3001\u9519\u8bef\u7c7b\u578b\u3001\u9519\u8bef\u8be6\u60c5
\u4e3a\u4e86\u4f7f\u7528\u6f0f\u6d1e\u626b\u63cf\u529f\u80fd\uff0c\u9700\u8981\u5148\u521b\u5efa\u626b\u63cf\u7b56\u7565\uff0c\u6267\u884c\u8be5\u7b56\u7565\u4e4b\u540e\u4f1a\u81ea\u52a8\u751f\u6210\u626b\u63cf\u62a5\u544a\u4ee5\u4f9b\u67e5\u770b\u3002
"},{"location":"end-user/kpanda/security/hunter.html#_2","title":"\u521b\u5efa\u626b\u63cf\u7b56\u7565","text":"\u5728\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u7684\u9996\u9875\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u5b89\u5168\u7ba1\u7406 \u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u6f0f\u6d1e\u626b\u63cf \uff0c\u70b9\u51fb \u626b\u63cf\u7b56\u7565 \u9875\u7b7e\uff0c\u5728\u53f3\u4fa7\u70b9\u51fb \u521b\u5efa\u626b\u63cf\u7b56\u7565 \u3002
\u53c2\u8003\u4e0b\u5217\u8bf4\u660e\u586b\u5199\u914d\u7f6e\uff0c\u6700\u540e\u70b9\u51fb \u786e\u5b9a \u5373\u53ef\u3002
\u626b\u63cf\u7c7b\u578b\uff1a
\u626b\u63cf\u62a5\u544a\u4fdd\u7559\u6570\u91cf\uff1a\u8bbe\u7f6e\u6700\u591a\u4fdd\u7559\u591a\u5c11\u626b\u63cf\u62a5\u544a\u3002\u8d85\u8fc7\u6307\u5b9a\u7684\u4fdd\u7559\u6570\u91cf\u65f6\uff0c\u4ece\u6700\u65e9\u7684\u62a5\u544a\u5f00\u59cb\u5220\u9664\u3002
\u521b\u5efa\u626b\u63cf\u7b56\u7565\u4e4b\u540e\uff0c\u53ef\u4ee5\u6839\u636e\u9700\u8981\u66f4\u65b0\u6216\u5220\u9664\u626b\u63cf\u7b56\u7565\u3002
\u5728 \u626b\u63cf\u7b56\u7565 \u9875\u7b7e\u4e0b\uff0c\u70b9\u51fb\u914d\u7f6e\u53f3\u4fa7\u7684 \u2507 \u64cd\u4f5c\u6309\u94ae\uff1a
\u5bf9\u4e8e\u5468\u671f\u6027\u7684\u626b\u63cf\u7b56\u7565\uff1a
\u5bf9\u4e8e\u4e00\u6b21\u6027\u7684\u626b\u63cf\u7b56\u7565\uff1a\u4ec5\u652f\u6301 \u5220\u9664 \u64cd\u4f5c\u3002
\u5728 \u5b89\u5168\u7ba1\u7406 -> \u6743\u9650\u626b\u63cf -> \u626b\u63cf\u62a5\u544a \u9875\u7b7e\u4e0b\uff0c\u70b9\u51fb\u62a5\u544a\u540d\u79f0
\u5728\u62a5\u544a\u53f3\u4fa7\u70b9\u51fb \u5220\u9664 \u53ef\u4ee5\u624b\u52a8\u5220\u9664\u62a5\u544a\u3002
\u67e5\u770b\u626b\u63cf\u62a5\u544a\u5185\u5bb9\uff0c\u5305\u62ec\uff1a
\u68c0\u67e5\u8be6\u60c5\uff0c\u4f8b\u5982\u6f0f\u6d1e ID\u3001\u6f0f\u6d1e\u7c7b\u578b\u3001\u6f0f\u6d1e\u540d\u79f0\u3001\u6f0f\u6d1e\u63cf\u8ff0\u7b49
\u4f7f\u7528\u5408\u89c4\u6027\u626b\u63cf\u7684\u7b2c\u4e00\u6b65\uff0c\u5c31\u662f\u5148\u521b\u5efa\u626b\u63cf\u914d\u7f6e\u3002\u57fa\u4e8e\u626b\u63cf\u914d\u7f6e\u518d\u521b\u5efa\u626b\u63cf\u7b56\u7565\u3001\u6267\u884c\u626b\u63cf\u7b56\u7565\uff0c\u6700\u540e\u67e5\u770b\u626b\u63cf\u7ed3\u679c\u3002
"},{"location":"end-user/kpanda/security/cis/config.html#_2","title":"\u521b\u5efa\u626b\u63cf\u914d\u7f6e","text":"\u521b\u5efa\u626b\u63cf\u914d\u7f6e\u7684\u6b65\u9aa4\u5982\u4e0b\uff1a
\u5728\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u7684\u9996\u9875\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u5b89\u5168\u7ba1\u7406 \u3002
\u9ed8\u8ba4\u8fdb\u5165 \u5408\u89c4\u6027\u626b\u63cf \u9875\u9762\uff0c\u70b9\u51fb \u626b\u63cf\u914d\u7f6e \u9875\u7b7e\uff0c\u7136\u540e\u5728\u53f3\u4e0a\u89d2\u70b9\u51fb \u521b\u5efa\u626b\u63cf\u914d\u7f6e \u3002
\u586b\u5199\u914d\u7f6e\u540d\u79f0\u3001\u9009\u62e9\u914d\u7f6e\u6a21\u677f\u3001\u6309\u9700\u52fe\u9009\u626b\u63cf\u9879\uff0c\u6700\u540e\u70b9\u51fb \u786e\u5b9a \u3002
\u626b\u63cf\u6a21\u677f\uff1a\u76ee\u524d\u63d0\u4f9b\u4e86\u4e24\u4e2a\u6a21\u677f\u3002 kubeadm \u6a21\u677f\u9002\u7528\u4e8e\u4e00\u822c\u60c5\u51b5\u4e0b\u7684 Kubernetes \u96c6\u7fa4\u3002 \u6211\u4eec\u5728 kubeadm \u6a21\u677f\u57fa\u7840\u4e0a\uff0c\u7ed3\u5408\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u7684\u5e73\u53f0\u8bbe\u8ba1\u5ffd\u7565\u4e86\u4e0d\u9002\u7528\u4e8e\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u7684\u626b\u63cf\u9879\u3002
\u5728\u626b\u63cf\u914d\u7f6e\u9875\u7b7e\u4e0b\uff0c\u70b9\u51fb\u626b\u63cf\u914d\u7f6e\u7684\u540d\u79f0\uff0c\u53ef\u4ee5\u67e5\u770b\u8be5\u914d\u7f6e\u7684\u7c7b\u578b\u3001\u626b\u63cf\u9879\u6570\u91cf\u3001\u521b\u5efa\u65f6\u95f4\u3001\u914d\u7f6e\u6a21\u677f\uff0c\u4ee5\u53ca\u8be5\u914d\u7f6e\u542f\u7528\u7684\u5177\u4f53\u626b\u63cf\u9879\u3002
"},{"location":"end-user/kpanda/security/cis/config.html#_4","title":"\u66f4\u65b0/\u5220\u9664\u626b\u63cf\u914d\u7f6e","text":"\u626b\u63cf\u914d\u7f6e\u521b\u5efa\u6210\u529f\u4e4b\u540e\uff0c\u53ef\u4ee5\u6839\u636e\u9700\u6c42\u66f4\u65b0\u914d\u7f6e\u6216\u5220\u9664\u8be5\u914d\u7f6e\u3002
\u5728\u626b\u63cf\u914d\u7f6e\u9875\u7b7e\u4e0b\uff0c\u70b9\u51fb\u914d\u7f6e\u53f3\u4fa7\u7684 \u2507 \u64cd\u4f5c\u6309\u94ae\uff1a
\u9009\u62e9 \u5220\u9664 \u53ef\u4ee5\u5220\u9664\u8be5\u914d\u7f6e\u3002
\u521b\u5efa\u626b\u63cf\u914d\u7f6e\u4e4b\u540e\uff0c\u53ef\u4ee5\u57fa\u4e8e\u914d\u7f6e\u521b\u5efa\u626b\u63cf\u7b56\u7565\u3002
\u5728 \u5b89\u5168\u7ba1\u7406 -> \u5408\u89c4\u6027\u626b\u63cf \u9875\u9762\u7684 \u626b\u63cf\u7b56\u7565 \u9875\u7b7e\u4e0b\uff0c\u5728\u53f3\u4fa7\u70b9\u51fb\u521b\u5efa\u626b\u63cf\u7b56\u7565\u3002
\u53c2\u8003\u4e0b\u5217\u8bf4\u660e\u586b\u5199\u914d\u7f6e\u540e\uff0c\u70b9\u51fb \u786e\u5b9a \u3002
\u626b\u63cf\u7c7b\u578b\uff1a
\u626b\u63cf\u62a5\u544a\u4fdd\u7559\u6570\u91cf\uff1a\u8bbe\u7f6e\u6700\u591a\u4fdd\u7559\u591a\u5c11\u626b\u63cf\u62a5\u544a\u3002\u8d85\u8fc7\u6307\u5b9a\u7684\u4fdd\u7559\u6570\u91cf\u65f6\uff0c\u4ece\u6700\u65e9\u7684\u62a5\u544a\u5f00\u59cb\u5220\u9664\u3002
\u521b\u5efa\u626b\u63cf\u7b56\u7565\u4e4b\u540e\uff0c\u53ef\u4ee5\u6839\u636e\u9700\u8981\u66f4\u65b0\u6216\u5220\u9664\u626b\u63cf\u7b56\u7565\u3002
\u5728 \u626b\u63cf\u7b56\u7565 \u9875\u7b7e\u4e0b\uff0c\u70b9\u51fb\u914d\u7f6e\u53f3\u4fa7\u7684 \u2507 \u64cd\u4f5c\u6309\u94ae\uff1a
\u5bf9\u4e8e\u5468\u671f\u6027\u7684\u626b\u63cf\u7b56\u7565\uff1a
\u5bf9\u4e8e\u4e00\u6b21\u6027\u7684\u626b\u63cf\u7b56\u7565\uff1a\u4ec5\u652f\u6301 \u5220\u9664 \u64cd\u4f5c\u3002
hide\uff1a - toc
"},{"location":"end-user/kpanda/security/cis/report.html#_1","title":"\u626b\u63cf\u62a5\u544a","text":"\u6267\u884c\u626b\u63cf\u7b56\u7565\u4e4b\u540e\u4f1a\u81ea\u52a8\u751f\u6210\u626b\u63cf\u62a5\u544a\u3002\u60a8\u53ef\u4ee5\u5728\u7ebf\u67e5\u770b\u626b\u63cf\u62a5\u544a\u6216\u5c06\u5176\u4e0b\u8f7d\u5230\u672c\u5730\u67e5\u770b\u3002
\u4e0b\u8f7d\u67e5\u770b\u626b\u63cf\u62a5\u544a
\u5b89\u5168\u7ba1\u7406 -> \u5408\u89c4\u6027\u626b\u63cf \u9875\u9762\u7684 \u626b\u63cf\u62a5\u544a \u9875\u7b7e\u70b9\u51fb\u62a5\u544a\u53f3\u4fa7\u7684 \u2507 \u64cd\u4f5c\u6309\u94ae\u9009\u62e9 \u4e0b\u8f7d \u3002
\u5728\u7ebf\u67e5\u770b\u626b\u63cf\u62a5\u544a
\u70b9\u51fb\u67d0\u4e2a\u62a5\u544a\u7684\u540d\u79f0\uff0c\u60a8\u53ef\u4ee5\u5728\u7ebf\u67e5\u770b CIS \u5408\u89c4\u6027\u626b\u63cf\u7684\u62a5\u544a\u5185\u5bb9\u3002\u5177\u4f53\u5305\u62ec\uff1a
\u6570\u636e\u5377\uff08PersistentVolume\uff0cPV\uff09\u662f\u96c6\u7fa4\u4e2d\u7684\u4e00\u5757\u5b58\u50a8\uff0c\u53ef\u7531\u7ba1\u7406\u5458\u4e8b\u5148\u5236\u5907\uff0c\u6216\u4f7f\u7528\u5b58\u50a8\u7c7b\uff08Storage Class\uff09\u6765\u52a8\u6001\u5236\u5907\u3002PV \u662f\u96c6\u7fa4\u8d44\u6e90\uff0c\u4f46\u62e5\u6709\u72ec\u7acb\u7684\u751f\u547d\u5468\u671f\uff0c\u4e0d\u4f1a\u968f\u7740 Pod \u8fdb\u7a0b\u7ed3\u675f\u800c\u88ab\u5220\u9664\u3002\u5c06 PV \u6302\u8f7d\u5230\u5de5\u4f5c\u8d1f\u8f7d\u53ef\u4ee5\u5b9e\u73b0\u5de5\u4f5c\u8d1f\u8f7d\u7684\u6570\u636e\u6301\u4e45\u5316\u3002PV \u4e2d\u4fdd\u5b58\u4e86\u53ef\u88ab Pod \u4e2d\u5bb9\u5668\u8bbf\u95ee\u7684\u6570\u636e\u76ee\u5f55\u3002
"},{"location":"end-user/kpanda/storage/pv.html#_1","title":"\u521b\u5efa\u6570\u636e\u5377","text":"\u76ee\u524d\u652f\u6301\u901a\u8fc7 YAML \u548c\u8868\u5355\u4e24\u79cd\u65b9\u5f0f\u521b\u5efa\u6570\u636e\u5377\uff0c\u8fd9\u4e24\u79cd\u65b9\u5f0f\u5404\u6709\u4f18\u52a3\uff0c\u53ef\u4ee5\u6ee1\u8db3\u4e0d\u540c\u7528\u6237\u7684\u4f7f\u7528\u9700\u6c42\u3002
\u901a\u8fc7 YAML \u521b\u5efa\u6b65\u9aa4\u66f4\u5c11\u3001\u66f4\u9ad8\u6548\uff0c\u4f46\u95e8\u69db\u8981\u6c42\u8f83\u9ad8\uff0c\u9700\u8981\u719f\u6089\u6570\u636e\u5377\u7684 YAML \u6587\u4ef6\u914d\u7f6e\u3002
\u901a\u8fc7\u8868\u5355\u521b\u5efa\u66f4\u76f4\u89c2\u66f4\u7b80\u5355\uff0c\u6839\u636e\u63d0\u793a\u586b\u5199\u5bf9\u5e94\u7684\u503c\u5373\u53ef\uff0c\u4f46\u6b65\u9aa4\u66f4\u52a0\u7e41\u7410\u3002
\u5728\u96c6\u7fa4\u5217\u8868\u4e2d\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u7136\u540e\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u5bb9\u5668\u5b58\u50a8 -> \u6570\u636e\u5377(PV) -> YAML \u521b\u5efa \u3002
\u5728\u5f39\u6846\u4e2d\u8f93\u5165\u6216\u7c98\u8d34\u4e8b\u5148\u51c6\u5907\u597d\u7684 YAML \u6587\u4ef6\uff0c\u7136\u540e\u5728\u5f39\u6846\u5e95\u90e8\u70b9\u51fb \u786e\u5b9a \u3002
\u652f\u6301\u4ece\u672c\u5730\u5bfc\u5165 YAML \u6587\u4ef6\u6216\u5c06\u586b\u5199\u597d\u7684\u6587\u4ef6\u4e0b\u8f7d\u4fdd\u5b58\u5230\u672c\u5730\u3002
\u5728\u96c6\u7fa4\u5217\u8868\u4e2d\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u7136\u540e\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u5bb9\u5668\u5b58\u50a8 -> \u6570\u636e\u5377(PV) -> \u521b\u5efa\u6570\u636e\u5377(PV) \u3002
\u586b\u5199\u57fa\u672c\u4fe1\u606f\u3002
\u6570\u636e\u5377\u7c7b\u578b\uff1a\u6709\u5173\u5377\u7c7b\u578b\u7684\u8be6\u7ec6\u4ecb\u7ecd\uff0c\u53ef\u53c2\u8003 Kubernetes \u5b98\u65b9\u6587\u6863\u5377\u3002
Local\uff1a\u5c06 Node \u8282\u70b9\u7684\u672c\u5730\u5b58\u50a8\u5305\u88c5\u6210 PVC \u63a5\u53e3\uff0c\u5bb9\u5668\u76f4\u63a5\u4f7f\u7528 PVC \u800c\u65e0\u9700\u5173\u6ce8\u5e95\u5c42\u7684\u5b58\u50a8\u7c7b\u578b\u3002Local \u5377\u4e0d\u652f\u6301\u52a8\u6001\u914d\u7f6e\u6570\u636e\u5377\uff0c\u4f46\u652f\u6301\u914d\u7f6e\u8282\u70b9\u4eb2\u548c\u6027\uff0c\u53ef\u4ee5\u9650\u5236\u80fd\u4ece\u54ea\u4e9b\u8282\u70b9\u4e0a\u8bbf\u95ee\u8be5\u6570\u636e\u5377\u3002
HostPath\uff1a\u4f7f\u7528 Node \u8282\u70b9\u7684\u6587\u4ef6\u7cfb\u7edf\u4e0a\u7684\u6587\u4ef6\u6216\u76ee\u5f55\u4f5c\u4e3a\u6570\u636e\u5377\uff0c\u4e0d\u652f\u6301\u57fa\u4e8e\u8282\u70b9\u4eb2\u548c\u6027\u7684 Pod \u8c03\u5ea6\u3002
\u6302\u8f7d\u8def\u5f84\uff1a\u5c06\u6570\u636e\u5377\u6302\u8f7d\u5230\u5bb9\u5668\u4e2d\u7684\u67d0\u4e2a\u5177\u4f53\u76ee\u5f55\u4e0b\u3002
\u8bbf\u95ee\u6a21\u5f0f\uff1a
\u56de\u6536\u7b56\u7565\uff1a
\u5377\u6a21\u5f0f\uff1a
\u8282\u70b9\u4eb2\u548c\u6027\uff1a
\u5728\u96c6\u7fa4\u5217\u8868\u4e2d\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u7136\u540e\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u5bb9\u5668\u5b58\u50a8 -> \u6570\u636e\u5377(PV) \u3002
\u8be5\u9875\u9762\u53ef\u4ee5\u67e5\u770b\u5f53\u524d\u96c6\u7fa4\u4e2d\u7684\u6240\u6709\u6570\u636e\u5377\uff0c\u4ee5\u53ca\u5404\u4e2a\u6570\u636e\u5377\u7684\u72b6\u6001\u3001\u5bb9\u91cf\u3001\u547d\u540d\u7a7a\u95f4\u7b49\u4fe1\u606f\u3002
\u652f\u6301\u6309\u7167\u6570\u636e\u5377\u7684\u540d\u79f0\u3001\u72b6\u6001\u3001\u547d\u540d\u7a7a\u95f4\u3001\u521b\u5efa\u65f6\u95f4\u8fdb\u884c\u987a\u5e8f\u6216\u9006\u5e8f\u6392\u5e8f\u3002
\u70b9\u51fb\u6570\u636e\u5377\u7684\u540d\u79f0\uff0c\u53ef\u4ee5\u67e5\u770b\u8be5\u6570\u636e\u5377\u7684\u57fa\u672c\u914d\u7f6e\u3001\u5b58\u50a8\u6c60\u4fe1\u606f\u3001\u6807\u7b7e\u3001\u6ce8\u89e3\u7b49\u4fe1\u606f\u3002
\u901a\u8fc7\u514b\u9686\u6570\u636e\u5377\uff0c\u53ef\u4ee5\u57fa\u4e8e\u88ab\u514b\u9686\u6570\u636e\u5377\u7684\u914d\u7f6e\uff0c\u91cd\u65b0\u521b\u5efa\u4e00\u4e2a\u65b0\u7684\u6570\u636e\u5377\u3002
\u8fdb\u5165\u514b\u9686\u9875\u9762
\u5728\u6570\u636e\u5377\u5217\u8868\u9875\u9762\uff0c\u627e\u5230\u9700\u8981\u514b\u9686\u7684\u6570\u636e\u5377\uff0c\u5728\u53f3\u4fa7\u7684\u64cd\u4f5c\u680f\u4e0b\u9009\u62e9 \u514b\u9686 \u3002
\u4e5f\u53ef\u4ee5\u70b9\u51fb\u6570\u636e\u5377\u7684\u540d\u79f0\uff0c\u5728\u8be6\u60c5\u9875\u9762\u7684\u53f3\u4e0a\u89d2\u70b9\u51fb\u64cd\u4f5c\u6309\u94ae\u9009\u62e9 \u514b\u9686 \u3002
\u76f4\u63a5\u4f7f\u7528\u539f\u914d\u7f6e\uff0c\u6216\u8005\u6309\u9700\u8fdb\u884c\u4fee\u6539\uff0c\u7136\u540e\u5728\u9875\u9762\u5e95\u90e8\u70b9\u51fb \u786e\u5b9a \u3002
\u6709\u4e24\u79cd\u9014\u5f84\u53ef\u4ee5\u66f4\u65b0\u6570\u636e\u5377\u3002\u652f\u6301\u901a\u8fc7\u8868\u5355\u6216 YAML \u6587\u4ef6\u66f4\u65b0\u6570\u636e\u5377\u3002
Note
\u4ec5\u652f\u6301\u66f4\u65b0\u6570\u636e\u5377\u7684\u522b\u540d\u3001\u5bb9\u91cf\u3001\u8bbf\u95ee\u6a21\u5f0f\u3001\u56de\u6536\u7b56\u7565\u3001\u6807\u7b7e\u548c\u6ce8\u89e3\u3002
\u5728\u6570\u636e\u5377\u5217\u8868\u9875\u9762\uff0c\u627e\u5230\u9700\u8981\u66f4\u65b0\u7684\u6570\u636e\u5377\uff0c\u5728\u53f3\u4fa7\u7684\u64cd\u4f5c\u680f\u4e0b\u9009\u62e9 \u66f4\u65b0 \u5373\u53ef\u901a\u8fc7\u8868\u5355\u66f4\u65b0\uff0c\u9009\u62e9 \u7f16\u8f91 YAML \u5373\u53ef\u901a\u8fc7 YAML \u66f4\u65b0\u3002
\u70b9\u51fb\u6570\u636e\u5377\u7684\u540d\u79f0\uff0c\u8fdb\u5165\u6570\u636e\u5377\u7684\u8be6\u60c5\u9875\u9762\u540e\uff0c\u5728\u9875\u9762\u53f3\u4e0a\u89d2\u9009\u62e9 \u66f4\u65b0 \u5373\u53ef\u901a\u8fc7\u8868\u5355\u66f4\u65b0\uff0c\u9009\u62e9 \u7f16\u8f91 YAML \u5373\u53ef\u901a\u8fc7 YAML \u66f4\u65b0\u3002
\u5728\u6570\u636e\u5377\u5217\u8868\u9875\u9762\uff0c\u627e\u5230\u9700\u8981\u5220\u9664\u7684\u6570\u636e\uff0c\u5728\u53f3\u4fa7\u7684\u64cd\u4f5c\u680f\u4e0b\u9009\u62e9 \u5220\u9664 \u3002
\u4e5f\u53ef\u4ee5\u70b9\u51fb\u6570\u636e\u5377\u7684\u540d\u79f0\uff0c\u5728\u8be6\u60c5\u9875\u9762\u7684\u53f3\u4e0a\u89d2\u70b9\u51fb\u64cd\u4f5c\u6309\u94ae\u9009\u62e9 \u5220\u9664 \u3002
"},{"location":"end-user/kpanda/storage/pvc.html","title":"\u6570\u636e\u5377\u58f0\u660e(PVC)","text":"\u6301\u4e45\u5377\u58f0\u660e\uff08PersistentVolumeClaim\uff0cPVC\uff09\u8868\u8fbe\u7684\u662f\u7528\u6237\u5bf9\u5b58\u50a8\u7684\u8bf7\u6c42\u3002PVC \u6d88\u8017 PV \u8d44\u6e90\uff0c\u7533\u9886\u4f7f\u7528\u7279\u5b9a\u5927\u5c0f\u3001\u7279\u5b9a\u8bbf\u95ee\u6a21\u5f0f\u7684\u6570\u636e\u5377\uff0c\u4f8b\u5982\u8981\u6c42 PV \u5377\u4ee5 ReadWriteOnce\u3001ReadOnlyMany \u6216 ReadWriteMany \u7b49\u6a21\u5f0f\u6765\u6302\u8f7d\u3002
"},{"location":"end-user/kpanda/storage/pvc.html#_1","title":"\u521b\u5efa\u6570\u636e\u5377\u58f0\u660e","text":"\u76ee\u524d\u652f\u6301\u901a\u8fc7 YAML \u548c\u8868\u5355\u4e24\u79cd\u65b9\u5f0f\u521b\u5efa\u6570\u636e\u5377\u58f0\u660e\uff0c\u8fd9\u4e24\u79cd\u65b9\u5f0f\u5404\u6709\u4f18\u52a3\uff0c\u53ef\u4ee5\u6ee1\u8db3\u4e0d\u540c\u7528\u6237\u7684\u4f7f\u7528\u9700\u6c42\u3002
\u901a\u8fc7 YAML \u521b\u5efa\u6b65\u9aa4\u66f4\u5c11\u3001\u66f4\u9ad8\u6548\uff0c\u4f46\u95e8\u69db\u8981\u6c42\u8f83\u9ad8\uff0c\u9700\u8981\u719f\u6089\u6570\u636e\u5377\u58f0\u660e\u7684 YAML \u6587\u4ef6\u914d\u7f6e\u3002
\u901a\u8fc7\u8868\u5355\u521b\u5efa\u66f4\u76f4\u89c2\u66f4\u7b80\u5355\uff0c\u6839\u636e\u63d0\u793a\u586b\u5199\u5bf9\u5e94\u7684\u503c\u5373\u53ef\uff0c\u4f46\u6b65\u9aa4\u66f4\u52a0\u7e41\u7410\u3002
\u5728\u96c6\u7fa4\u5217\u8868\u4e2d\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u7136\u540e\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u5bb9\u5668\u5b58\u50a8 -> \u6570\u636e\u5377\u58f0\u660e (PVC) -> YAML \u521b\u5efa \u3002
\u5728\u5f39\u6846\u4e2d\u8f93\u5165\u6216\u7c98\u8d34\u4e8b\u5148\u51c6\u5907\u597d\u7684 YAML \u6587\u4ef6\uff0c\u7136\u540e\u5728\u5f39\u6846\u5e95\u90e8\u70b9\u51fb \u786e\u5b9a \u3002
\u652f\u6301\u4ece\u672c\u5730\u5bfc\u5165 YAML \u6587\u4ef6\u6216\u5c06\u586b\u5199\u597d\u7684\u6587\u4ef6\u4e0b\u8f7d\u4fdd\u5b58\u5230\u672c\u5730\u3002
\u5728\u96c6\u7fa4\u5217\u8868\u4e2d\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u7136\u540e\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u5bb9\u5668\u5b58\u50a8 -> \u6570\u636e\u5377\u58f0\u660e (PVC) -> \u521b\u5efa\u6570\u636e\u5377\u58f0\u660e (PVC) \u3002
\u586b\u5199\u57fa\u672c\u4fe1\u606f\u3002
\u521b\u5efa\u65b9\u5f0f\uff1a\u5728\u5df2\u6709\u7684\u5b58\u50a8\u6c60\u6216\u8005\u6570\u636e\u5377\u4e2d\u52a8\u6001\u521b\u5efa\u65b0\u7684\u6570\u636e\u5377\u58f0\u660e\uff0c\u6216\u8005\u57fa\u4e8e\u6570\u636e\u5377\u58f0\u660e\u7684\u5feb\u7167\u521b\u5efa\u65b0\u7684\u6570\u636e\u5377\u58f0\u660e\u3002
\u57fa\u4e8e\u5feb\u7167\u521b\u5efa\u65f6\u65e0\u6cd5\u4fee\u6539\u6570\u636e\u5377\u58f0\u660e\u7684\u5bb9\u91cf\uff0c\u53ef\u4ee5\u5728\u521b\u5efa\u5b8c\u6210\u540e\u518d\u8fdb\u884c\u4fee\u6539\u3002
\u9009\u62e9\u521b\u5efa\u65b9\u5f0f\u4e4b\u540e\uff0c\u5728\u4e0b\u62c9\u5217\u8868\u4e2d\u9009\u62e9\u60f3\u8981\u4f7f\u7528\u7684\u5b58\u50a8\u6c60/\u6570\u636e\u5377/\u5feb\u7167\u3002
\u8bbf\u95ee\u6a21\u5f0f\uff1a
ReadWriteOnce\uff0c\u6570\u636e\u5377\u58f0\u660e\u53ef\u4ee5\u88ab\u4e00\u4e2a\u8282\u70b9\u4ee5\u8bfb\u5199\u65b9\u5f0f\u6302\u8f7d\u3002
ReadWriteOncePod\uff0c\u6570\u636e\u5377\u58f0\u660e\u53ef\u4ee5\u88ab\u5355\u4e2a Pod \u4ee5\u8bfb\u5199\u65b9\u5f0f\u6302\u8f7d\u3002
\u5728\u96c6\u7fa4\u5217\u8868\u4e2d\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u7136\u540e\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u5bb9\u5668\u5b58\u50a8 -> \u6570\u636e\u5377\u58f0\u660e(PVC) \u3002
\u8be5\u9875\u9762\u53ef\u4ee5\u67e5\u770b\u5f53\u524d\u96c6\u7fa4\u4e2d\u7684\u6240\u6709\u6570\u636e\u5377\u58f0\u660e\uff0c\u4ee5\u53ca\u5404\u4e2a\u6570\u636e\u5377\u58f0\u660e\u7684\u72b6\u6001\u3001\u5bb9\u91cf\u3001\u547d\u540d\u7a7a\u95f4\u7b49\u4fe1\u606f\u3002
\u652f\u6301\u6309\u7167\u6570\u636e\u5377\u58f0\u660e\u7684\u540d\u79f0\u3001\u72b6\u6001\u3001\u547d\u540d\u7a7a\u95f4\u3001\u521b\u5efa\u65f6\u95f4\u8fdb\u884c\u987a\u5e8f\u6216\u9006\u5e8f\u6392\u5e8f\u3002
\u70b9\u51fb\u6570\u636e\u5377\u58f0\u660e\u7684\u540d\u79f0\uff0c\u53ef\u4ee5\u67e5\u770b\u8be5\u6570\u636e\u5377\u58f0\u660e\u7684\u57fa\u672c\u914d\u7f6e\u3001\u5b58\u50a8\u6c60\u4fe1\u606f\u3001\u6807\u7b7e\u3001\u6ce8\u89e3\u7b49\u4fe1\u606f\u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u5bb9\u5668\u5b58\u50a8 -> \u6570\u636e\u5377\u58f0\u660e(PVC) \uff0c\u627e\u5230\u60f3\u8981\u8c03\u6574\u5bb9\u91cf\u7684\u6570\u636e\u5377\u58f0\u660e\u3002
\u70b9\u51fb\u6570\u636e\u5377\u58f0\u660e\u7684\u540d\u79f0\uff0c\u7136\u540e\u5728\u9875\u9762\u53f3\u4e0a\u89d2\u70b9\u51fb\u64cd\u4f5c\u6309\u94ae\u9009\u62e9 \u6269\u5bb9 \u3002
\u8f93\u5165\u76ee\u6807\u5bb9\u91cf\uff0c\u7136\u540e\u70b9\u51fb \u786e\u5b9a \u3002
\u901a\u8fc7\u514b\u9686\u6570\u636e\u5377\u58f0\u660e\uff0c\u53ef\u4ee5\u57fa\u4e8e\u88ab\u514b\u9686\u6570\u636e\u5377\u58f0\u660e\u7684\u914d\u7f6e\uff0c\u91cd\u65b0\u521b\u5efa\u4e00\u4e2a\u65b0\u7684\u6570\u636e\u5377\u58f0\u660e\u3002
\u8fdb\u5165\u514b\u9686\u9875\u9762
\u5728\u6570\u636e\u5377\u58f0\u660e\u5217\u8868\u9875\u9762\uff0c\u627e\u5230\u9700\u8981\u514b\u9686\u7684\u6570\u636e\u5377\u58f0\u660e\uff0c\u5728\u53f3\u4fa7\u7684\u64cd\u4f5c\u680f\u4e0b\u9009\u62e9 \u514b\u9686 \u3002
\u4e5f\u53ef\u4ee5\u70b9\u51fb\u6570\u636e\u5377\u58f0\u660e\u7684\u540d\u79f0\uff0c\u5728\u8be6\u60c5\u9875\u9762\u7684\u53f3\u4e0a\u89d2\u70b9\u51fb\u64cd\u4f5c\u6309\u94ae\u9009\u62e9 \u514b\u9686 \u3002
\u76f4\u63a5\u4f7f\u7528\u539f\u914d\u7f6e\uff0c\u6216\u8005\u6309\u9700\u8fdb\u884c\u4fee\u6539\uff0c\u7136\u540e\u5728\u9875\u9762\u5e95\u90e8\u70b9\u51fb \u786e\u5b9a \u3002
\u6709\u4e24\u79cd\u9014\u5f84\u53ef\u4ee5\u66f4\u65b0\u6570\u636e\u5377\u58f0\u660e\u3002\u652f\u6301\u901a\u8fc7\u8868\u5355\u6216 YAML \u6587\u4ef6\u66f4\u65b0\u6570\u636e\u5377\u58f0\u660e\u3002
Note
\u4ec5\u652f\u6301\u66f4\u65b0\u6570\u636e\u5377\u58f0\u660e\u7684\u522b\u540d\u3001\u6807\u7b7e\u548c\u6ce8\u89e3\u3002
\u5728\u6570\u636e\u5377\u5217\u8868\u9875\u9762\uff0c\u627e\u5230\u9700\u8981\u66f4\u65b0\u7684\u6570\u636e\u5377\u58f0\u660e\uff0c\u5728\u53f3\u4fa7\u7684\u64cd\u4f5c\u680f\u4e0b\u9009\u62e9 \u66f4\u65b0 \u5373\u53ef\u901a\u8fc7\u8868\u5355\u66f4\u65b0\uff0c\u9009\u62e9 \u7f16\u8f91 YAML \u5373\u53ef\u901a\u8fc7 YAML \u66f4\u65b0\u3002
\u70b9\u51fb\u6570\u636e\u5377\u58f0\u660e\u7684\u540d\u79f0\uff0c\u8fdb\u5165\u6570\u636e\u5377\u58f0\u660e\u7684\u8be6\u60c5\u9875\u9762\u540e\uff0c\u5728\u9875\u9762\u53f3\u4e0a\u89d2\u9009\u62e9 \u66f4\u65b0 \u5373\u53ef\u901a\u8fc7\u8868\u5355\u66f4\u65b0\uff0c\u9009\u62e9 \u7f16\u8f91 YAML \u5373\u53ef\u901a\u8fc7 YAML \u66f4\u65b0\u3002
\u5728\u6570\u636e\u5377\u58f0\u660e\u5217\u8868\u9875\u9762\uff0c\u627e\u5230\u9700\u8981\u5220\u9664\u7684\u6570\u636e\uff0c\u5728\u53f3\u4fa7\u7684\u64cd\u4f5c\u680f\u4e0b\u9009\u62e9 \u5220\u9664 \u3002
\u4e5f\u53ef\u4ee5\u70b9\u51fb\u6570\u636e\u5377\u58f0\u660e\u7684\u540d\u79f0\uff0c\u5728\u8be6\u60c5\u9875\u9762\u7684\u53f3\u4e0a\u89d2\u70b9\u51fb\u64cd\u4f5c\u6309\u94ae\u9009\u62e9 \u5220\u9664 \u3002
"},{"location":"end-user/kpanda/storage/pvc.html#_8","title":"\u5e38\u89c1\u95ee\u9898","text":"\u5982\u679c\u5217\u8868\u4e2d\u6ca1\u6709\u53ef\u9009\u7684\u5b58\u50a8\u6c60\u6216\u6570\u636e\u5377\uff0c\u53ef\u4ee5\u521b\u5efa\u5b58\u50a8\u6c60\u6216\u521b\u5efa\u6570\u636e\u5377\u3002
\u5982\u679c\u5217\u8868\u4e2d\u6ca1\u6709\u53ef\u9009\u7684\u5feb\u7167\uff0c\u53ef\u4ee5\u8fdb\u5165\u6570\u636e\u5377\u58f0\u660e\u7684\u8be6\u60c5\u9875\uff0c\u5728\u53f3\u4e0a\u89d2\u5236\u4f5c\u5feb\u7167\u3002
\u5982\u679c\u6570\u636e\u5377\u58f0\u660e\u6240\u4f7f\u7528\u7684\u5b58\u50a8\u6c60 (SC) \u6ca1\u6709\u542f\u7528\u5feb\u7167\uff0c\u5219\u65e0\u6cd5\u5236\u4f5c\u5feb\u7167\uff0c\u9875\u9762\u4e0d\u4f1a\u663e\u793a\u201c\u5236\u4f5c\u5feb\u7167\u201d\u9009\u9879\u3002
\u5982\u679c\u6570\u636e\u5377\u58f0\u660e\u6240\u4f7f\u7528\u7684\u5b58\u50a8\u6c60 (SC) \u6ca1\u6709\u5f00\u542f\u6269\u5bb9\u529f\u80fd\uff0c\u5219\u8be5\u6570\u636e\u5377\u4e0d\u652f\u6301\u6269\u5bb9\uff0c\u9875\u9762\u4e0d\u4f1a\u663e\u793a\u6269\u5bb9\u9009\u9879\u3002
\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u652f\u6301\u5c06\u4e00\u4e2a\u5b58\u50a8\u6c60\u5171\u4eab\u7ed9\u591a\u4e2a\u547d\u540d\u7a7a\u95f4\u4f7f\u7528\uff0c\u4ee5\u4fbf\u63d0\u9ad8\u8d44\u6e90\u5229\u7528\u6548\u7387\u3002
\u5728\u5b58\u50a8\u6c60\u5217\u8868\u4e2d\u627e\u5230\u9700\u8981\u5171\u4eab\u7684\u5b58\u50a8\u6c60\uff0c\u5728\u53f3\u4fa7\u64cd\u4f5c\u680f\u4e0b\u70b9\u51fb \u6388\u6743\u547d\u540d\u7a7a\u95f4 \u3002
\u70b9\u51fb \u81ea\u5b9a\u4e49\u547d\u540d\u7a7a\u95f4 \u53ef\u4ee5\u9010\u4e00\u9009\u62e9\u9700\u8981\u5c06\u6b64\u5b58\u50a8\u6c60\u5171\u4eab\u5230\u54ea\u4e9b\u547d\u540d\u7a7a\u95f4\u3002
\u5728\u5217\u8868\u53f3\u4fa7\u7684\u64cd\u4f5c\u680f\u4e0b\u65b9\u70b9\u51fb \u79fb\u9664\u6388\u6743 \uff0c\u53ef\u4ee5\u89e3\u9664\u6388\u6743\uff0c\u505c\u6b62\u5c06\u6b64\u5b58\u50a8\u6c60\u5171\u4eab\u5230\u8be5\u547d\u540d\u7a7a\u95f4\u3002
\u5b58\u50a8\u6c60\u6307\u5c06\u8bb8\u591a\u7269\u7406\u78c1\u76d8\u7ec4\u6210\u4e00\u4e2a\u5927\u578b\u5b58\u50a8\u8d44\u6e90\u6c60\uff0c\u672c\u5e73\u53f0\u652f\u6301\u63a5\u5165\u5404\u7c7b\u5b58\u50a8\u5382\u5546\u540e\u521b\u5efa\u5757\u5b58\u50a8\u6c60\u3001\u672c\u5730\u5b58\u50a8\u6c60\u3001\u81ea\u5b9a\u4e49\u5b58\u50a8\u6c60\uff0c\u7136\u540e\u4e3a\u5de5\u4f5c\u8d1f\u8f7d\u52a8\u6001\u914d\u7f6e\u6570\u636e\u5377\u3002
"},{"location":"end-user/kpanda/storage/sc.html#sc_1","title":"\u521b\u5efa\u5b58\u50a8\u6c60(SC)","text":"\u76ee\u524d\u652f\u6301\u901a\u8fc7 YAML \u548c\u8868\u5355\u4e24\u79cd\u65b9\u5f0f\u521b\u5efa\u5b58\u50a8\u6c60\uff0c\u8fd9\u4e24\u79cd\u65b9\u5f0f\u5404\u6709\u4f18\u52a3\uff0c\u53ef\u4ee5\u6ee1\u8db3\u4e0d\u540c\u7528\u6237\u7684\u4f7f\u7528\u9700\u6c42\u3002
\u901a\u8fc7 YAML \u521b\u5efa\u6b65\u9aa4\u66f4\u5c11\u3001\u66f4\u9ad8\u6548\uff0c\u4f46\u95e8\u69db\u8981\u6c42\u8f83\u9ad8\uff0c\u9700\u8981\u719f\u6089\u5b58\u50a8\u6c60\u7684 YAML \u6587\u4ef6\u914d\u7f6e\u3002
\u901a\u8fc7\u8868\u5355\u521b\u5efa\u66f4\u76f4\u89c2\u66f4\u7b80\u5355\uff0c\u6839\u636e\u63d0\u793a\u586b\u5199\u5bf9\u5e94\u7684\u503c\u5373\u53ef\uff0c\u4f46\u6b65\u9aa4\u66f4\u52a0\u7e41\u7410\u3002
\u5728\u96c6\u7fa4\u5217\u8868\u4e2d\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u7136\u540e\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u5bb9\u5668\u5b58\u50a8 -> \u5b58\u50a8\u6c60(SC) -> YAML \u521b\u5efa \u3002
\u5728\u5f39\u6846\u4e2d\u8f93\u5165\u6216\u7c98\u8d34\u4e8b\u5148\u51c6\u5907\u597d\u7684 YAML \u6587\u4ef6\uff0c\u7136\u540e\u5728\u5f39\u6846\u5e95\u90e8\u70b9\u51fb \u786e\u5b9a \u3002
\u652f\u6301\u4ece\u672c\u5730\u5bfc\u5165 YAML \u6587\u4ef6\u6216\u5c06\u586b\u5199\u597d\u7684\u6587\u4ef6\u4e0b\u8f7d\u4fdd\u5b58\u5230\u672c\u5730\u3002
\u5728\u96c6\u7fa4\u5217\u8868\u4e2d\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u7136\u540e\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u5bb9\u5668\u5b58\u50a8 -> \u5b58\u50a8\u6c60(SC) -> \u521b\u5efa\u5b58\u50a8\u6c60(SC) \u3002
\u586b\u5199\u57fa\u672c\u4fe1\u606f\uff0c\u7136\u540e\u5728\u5e95\u90e8\u70b9\u51fb \u786e\u5b9a \u3002
\u81ea\u5b9a\u4e49\u5b58\u50a8\u7cfb\u7edf
CSI \u5b58\u50a8\u9a71\u52a8\uff1a\u57fa\u4e8e\u6807\u51c6 Kubernetes \u7684\u5bb9\u5668\u5b58\u50a8\u63a5\u53e3\u63d2\u4ef6\uff0c\u9700\u9075\u5b88\u5b58\u50a8\u5382\u5546\u89c4\u5b9a\u7684\u683c\u5f0f\uff0c\u4f8b\u5982 rancher.io/local-path \u3002
HwameiStor \u5b58\u50a8\u7cfb\u7edf
lvm.hwameistor.io
\u3002hdd.hwameistor.io
Note
\u76ee\u524d HwameiStor xfs\u3001ext4 \u4e24\u79cd\u6587\u4ef6\u7cfb\u7edf\uff0c\u5176\u4e2d\u9ed8\u8ba4\u4f7f\u7528\u7684\u662f xfs \u6587\u4ef6\u7cfb\u7edf\uff0c\u5982\u679c\u60f3\u8981\u66ff\u6362\u4e3a ext4\uff0c\u53ef\u4ee5\u5728\u81ea\u5b9a\u4e49\u53c2\u6570\u6dfb\u52a0 csi.storage.k8s.io/fstype: ext4
\u5728\u5b58\u50a8\u6c60\u5217\u8868\u9875\u9762\uff0c\u627e\u5230\u9700\u8981\u66f4\u65b0\u7684\u5b58\u50a8\u6c60\uff0c\u5728\u53f3\u4fa7\u7684\u64cd\u4f5c\u680f\u4e0b\u9009\u62e9 \u7f16\u8f91 \u5373\u53ef\u901a\u8fc7\u66f4\u65b0\u5b58\u50a8\u6c60\u3002
Info
\u9009\u62e9 \u67e5\u770b YAML \u53ef\u4ee5\u67e5\u770b\u8be5\u5b58\u50a8\u6c60\u7684 YAML \u6587\u4ef6\uff0c\u4f46\u4e0d\u652f\u6301\u7f16\u8f91\u3002
"},{"location":"end-user/kpanda/storage/sc.html#sc_3","title":"\u5220\u9664\u5b58\u50a8\u6c60(SC)","text":"\u5728\u5b58\u50a8\u6c60\u5217\u8868\u9875\u9762\uff0c\u627e\u5230\u9700\u8981\u5220\u9664\u7684\u5b58\u50a8\u6c60\uff0c\u5728\u53f3\u4fa7\u7684\u64cd\u4f5c\u680f\u4e0b\u9009\u62e9 \u5220\u9664 \u3002
"},{"location":"end-user/kpanda/workloads/create-cronjob.html","title":"\u521b\u5efa\u5b9a\u65f6\u4efb\u52a1\uff08CronJob\uff09","text":"\u672c\u6587\u4ecb\u7ecd\u5982\u4f55\u901a\u8fc7\u955c\u50cf\u548c YAML \u6587\u4ef6\u4e24\u79cd\u65b9\u5f0f\u521b\u5efa\u5b9a\u65f6\u4efb\u52a1\uff08CronJob\uff09\u3002
\u5b9a\u65f6\u4efb\u52a1\uff08CronJob\uff09\u9002\u7528\u4e8e\u4e8e\u6267\u884c\u5468\u671f\u6027\u7684\u64cd\u4f5c\uff0c\u4f8b\u5982\u5907\u4efd\u3001\u62a5\u544a\u751f\u6210\u7b49\u3002\u8fd9\u4e9b\u4efb\u52a1\u53ef\u4ee5\u914d\u7f6e\u4e3a\u5468\u671f\u6027\u91cd\u590d\u7684\uff08\u4f8b\u5982\uff1a\u6bcf\u5929/\u6bcf\u5468/\u6bcf\u6708\u4e00\u6b21\uff09\uff0c\u53ef\u4ee5\u5b9a\u4e49\u4efb\u52a1\u5f00\u59cb\u6267\u884c\u7684\u65f6\u95f4\u95f4\u9694\u3002
"},{"location":"end-user/kpanda/workloads/create-cronjob.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u521b\u5efa\u5b9a\u65f6\u4efb\u52a1\uff08CronJob\uff09\u4e4b\u524d\uff0c\u9700\u8981\u6ee1\u8db3\u4ee5\u4e0b\u524d\u63d0\u6761\u4ef6\uff1a
\u5728\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u4e2d\u63a5\u5165 Kubernetes \u96c6\u7fa4\u6216\u8005\u7ba1\u7406\u5458\u5df2\u4e3a\u7528\u6237\u521b\u5efa\u4e86\u96c6\u7fa4\uff0c\u4e14\u80fd\u591f\u8bbf\u95ee\u96c6\u7fa4\u7684 UI \u754c\u9762\u3002
\u521b\u5efa\u4e00\u4e2a\u547d\u540d\u7a7a\u95f4\u548c\u7528\u6237\u3002
\u5f53\u524d\u64cd\u4f5c\u7528\u6237\u5e94\u5177\u6709 NS Editor \u6216\u66f4\u9ad8\u6743\u9650\uff0c\u8be6\u60c5\u53ef\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u6388\u6743\u3002
\u5355\u4e2a\u5b9e\u4f8b\u4e2d\u6709\u591a\u4e2a\u5bb9\u5668\u65f6\uff0c\u8bf7\u786e\u4fdd\u5bb9\u5668\u4f7f\u7528\u7684\u7aef\u53e3\u4e0d\u51b2\u7a81\uff0c\u5426\u5219\u90e8\u7f72\u4f1a\u5931\u6548\u3002
\u53c2\u8003\u4ee5\u4e0b\u6b65\u9aa4\uff0c\u4f7f\u7528\u955c\u50cf\u521b\u5efa\u4e00\u4e2a\u5b9a\u65f6\u4efb\u52a1\u3002
\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u4e0a\u7684 \u96c6\u7fa4\u5217\u8868 \uff0c\u7136\u540e\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u9875\u9762\u3002
\u5728\u96c6\u7fa4\u8be6\u60c5\u9875\u9762\uff0c\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u7684 \u5de5\u4f5c\u8d1f\u8f7d -> \u5b9a\u65f6\u4efb\u52a1 \uff0c\u7136\u540e\u70b9\u51fb\u9875\u9762\u53f3\u4e0a\u89d2\u7684 \u955c\u50cf\u521b\u5efa \u6309\u94ae\u3002
\u4f9d\u6b21\u586b\u5199\u57fa\u672c\u4fe1\u606f\u3001\u5bb9\u5668\u914d\u7f6e\u3001\u5b9a\u65f6\u4efb\u52a1\u914d\u7f6e\u3001\u9ad8\u7ea7\u914d\u7f6e\u540e\uff0c\u5728\u9875\u9762\u53f3\u4e0b\u89d2\u70b9\u51fb \u786e\u5b9a \u5b8c\u6210\u521b\u5efa\u3002
\u7cfb\u7edf\u5c06\u81ea\u52a8\u8fd4\u56de \u5b9a\u65f6\u4efb\u52a1 \u5217\u8868\u3002\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507 \uff0c\u53ef\u4ee5\u5bf9\u5b9a\u65f6\u4efb\u52a1\u6267\u884c\u6267\u884c\u66f4\u65b0\u3001\u5220\u9664\u3001\u91cd\u542f\u7b49\u64cd\u4f5c\u3002
\u5728 \u521b\u5efa\u5b9a\u65f6\u4efb\u52a1 \u9875\u9762\u4e2d\uff0c\u6839\u636e\u4e0b\u8868\u8f93\u5165\u4fe1\u606f\u540e\uff0c\u70b9\u51fb \u4e0b\u4e00\u6b65 \u3002
\u5bb9\u5668\u914d\u7f6e\u5206\u4e3a\u57fa\u672c\u4fe1\u606f\u3001\u751f\u547d\u5468\u671f\u3001\u5065\u5eb7\u68c0\u67e5\u3001\u73af\u5883\u53d8\u91cf\u3001\u6570\u636e\u5b58\u50a8\u3001\u5b89\u5168\u8bbe\u7f6e\u516d\u90e8\u5206\uff0c\u70b9\u51fb\u4e0b\u65b9\u7684\u76f8\u5e94\u9875\u7b7e\u53ef\u67e5\u770b\u5404\u90e8\u5206\u7684\u914d\u7f6e\u8981\u6c42\u3002
\u5bb9\u5668\u914d\u7f6e\u4ec5\u9488\u5bf9\u5355\u4e2a\u5bb9\u5668\u8fdb\u884c\u914d\u7f6e\uff0c\u5982\u9700\u5728\u4e00\u4e2a\u5bb9\u5668\u7ec4\u4e2d\u6dfb\u52a0\u591a\u4e2a\u5bb9\u5668\uff0c\u53ef\u70b9\u51fb\u53f3\u4fa7\u7684 + \u6dfb\u52a0\u591a\u4e2a\u5bb9\u5668\u3002
\u57fa\u672c\u4fe1\u606f\uff08\u5fc5\u586b\uff09\u751f\u547d\u5468\u671f\uff08\u9009\u586b\uff09\u5065\u5eb7\u68c0\u67e5\uff08\u9009\u586b\uff09\u73af\u5883\u53d8\u91cf\uff08\u9009\u586b\uff09\u6570\u636e\u5b58\u50a8\uff08\u9009\u586b\uff09\u5b89\u5168\u8bbe\u7f6e\uff08\u9009\u586b\uff09\u5728\u914d\u7f6e\u5bb9\u5668\u76f8\u5173\u53c2\u6570\u65f6\uff0c\u5fc5\u987b\u6b63\u786e\u586b\u5199\u5bb9\u5668\u7684\u540d\u79f0\u3001\u955c\u50cf\u53c2\u6570\uff0c\u5426\u5219\u5c06\u65e0\u6cd5\u8fdb\u5165\u4e0b\u4e00\u6b65\u3002\u53c2\u8003\u4ee5\u4e0b\u8981\u6c42\u586b\u5199\u914d\u7f6e\u540e\uff0c\u70b9\u51fb \u786e\u8ba4 \u3002
\u5de5\u4f5c\u5bb9\u5668
\u3002\u6709\u5173\u521d\u59cb\u5316\u5bb9\u5668\uff0c\u53c2\u89c1 k8s \u5b98\u65b9\u6587\u6863\u3002\u8bbe\u7f6e GPU \u4e4b\u524d\uff0c\u9700\u8981\u7ba1\u7406\u5458\u9884\u5148\u5728\u96c6\u7fa4\u4e0a\u5b89\u88c5 GPU Operator \u548c nvidia-vgpu\uff08\u4ec5 vGPU \u6a21\u5f0f\u9700\u8981\u5b89\u88c5\uff09\uff0c\u5e76\u5728\u96c6\u7fa4\u8bbe\u7f6e\u4e2d\u5f00\u542f GPU \u7279\u6027\u3002
\u8bbe\u7f6e\u5bb9\u5668\u542f\u52a8\u65f6\u3001\u542f\u52a8\u540e\u3001\u505c\u6b62\u524d\u9700\u8981\u6267\u884c\u7684\u547d\u4ee4\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u5bb9\u5668\u751f\u547d\u5468\u671f\u914d\u7f6e\u3002
\u7528\u4e8e\u5224\u65ad\u5bb9\u5668\u548c\u5e94\u7528\u7684\u5065\u5eb7\u72b6\u6001\uff0c\u6709\u52a9\u4e8e\u63d0\u9ad8\u5e94\u7528\u7684\u53ef\u7528\u6027\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u5bb9\u5668\u5065\u5eb7\u68c0\u67e5\u914d\u7f6e\u3002
\u914d\u7f6e Pod \u5185\u7684\u5bb9\u5668\u53c2\u6570\uff0c\u4e3a Pod \u6dfb\u52a0\u73af\u5883\u53d8\u91cf\u6216\u4f20\u9012\u914d\u7f6e\u7b49\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u5bb9\u5668\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002
\u914d\u7f6e\u5bb9\u5668\u6302\u8f7d\u6570\u636e\u5377\u548c\u6570\u636e\u6301\u4e45\u5316\u7684\u8bbe\u7f6e\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u5bb9\u5668\u6570\u636e\u5b58\u50a8\u914d\u7f6e\u3002
\u901a\u8fc7 Linux \u5185\u7f6e\u7684\u8d26\u53f7\u6743\u9650\u9694\u79bb\u673a\u5236\u6765\u5bf9\u5bb9\u5668\u8fdb\u884c\u5b89\u5168\u9694\u79bb\u3002\u60a8\u53ef\u4ee5\u901a\u8fc7\u4f7f\u7528\u4e0d\u540c\u6743\u9650\u7684\u8d26\u53f7 UID\uff08\u6570\u5b57\u8eab\u4efd\u6807\u8bb0\uff09\u6765\u9650\u5236\u5bb9\u5668\u7684\u6743\u9650\u3002\u4f8b\u5982\uff0c\u8f93\u5165 0 \u8868\u793a\u4f7f\u7528 root \u8d26\u53f7\u7684\u6743\u9650\u3002
"},{"location":"end-user/kpanda/workloads/create-cronjob.html#_5","title":"\u5b9a\u65f6\u4efb\u52a1\u914d\u7f6e","text":"\u5e76\u53d1\u7b56\u7565\uff1a\u662f\u5426\u5141\u8bb8\u591a\u4e2a Job \u4efb\u52a1\u5e76\u884c\u6267\u884c\u3002
\u4e0a\u8ff0\u89c4\u5219\u4ec5\u9002\u7528\u4e8e\u540c\u4e00\u4e2a CronJob \u521b\u5efa\u7684\u591a\u4e2a\u4efb\u52a1\u3002\u591a\u4e2a CronJob \u521b\u5efa\u7684\u591a\u4e2a\u4efb\u52a1\u603b\u662f\u5141\u8bb8\u5e76\u53d1\u6267\u884c\u3002
\u5b9a\u65f6\u89c4\u5219\uff1a\u57fa\u4e8e\u5206\u949f\u3001\u5c0f\u65f6\u3001\u5929\u3001\u5468\u3001\u6708\u8bbe\u7f6e\u4efb\u52a1\u6267\u884c\u7684\u65f6\u95f4\u5468\u671f\u3002\u652f\u6301\u7528\u6570\u5b57\u548c *
\u81ea\u5b9a\u4e49 Cron \u8868\u8fbe\u5f0f\uff0c\u8f93\u5165\u8868\u8fbe\u5f0f\u540e\u4e0b\u65b9\u4f1a\u63d0\u793a\u5f53\u524d\u8868\u8fbe\u5f0f\u7684\u542b\u4e49\u3002\u6709\u5173\u8be6\u7ec6\u7684\u8868\u8fbe\u5f0f\u8bed\u6cd5\u89c4\u5219\uff0c\u53ef\u53c2\u8003 Cron \u65f6\u95f4\u8868\u8bed\u6cd5\u3002
\u4e3a\u6709\u72b6\u6001\u8d1f\u8f7d\u914d\u7f6e\u670d\u52a1\uff08Service\uff09\uff0c\u4f7f\u6709\u72b6\u6001\u8d1f\u8f7d\u80fd\u591f\u88ab\u5916\u90e8\u8bbf\u95ee\u3002
\u70b9\u51fb \u521b\u5efa\u670d\u52a1 \u6309\u94ae\u3002
\u53c2\u8003\u521b\u5efa\u670d\u52a1\uff0c\u914d\u7f6e\u670d\u52a1\u53c2\u6570\u3002
\u70b9\u51fb \u786e\u5b9a \uff0c\u70b9\u51fb \u4e0b\u4e00\u6b65 \u3002
\u5b9a\u65f6\u4efb\u52a1\u7684\u9ad8\u7ea7\u914d\u7f6e\u4e3b\u8981\u6d89\u53ca\u6807\u7b7e\u4e0e\u6ce8\u89e3\u3002
\u53ef\u4ee5\u70b9\u51fb \u6dfb\u52a0 \u6309\u94ae\u4e3a\u5de5\u4f5c\u8d1f\u8f7d\u5b9e\u4f8b Pod \u6dfb\u52a0\u6807\u7b7e\u548c\u6ce8\u89e3\u3002
"},{"location":"end-user/kpanda/workloads/create-cronjob.html#yaml","title":"YAML \u521b\u5efa","text":"\u9664\u4e86\u901a\u8fc7\u955c\u50cf\u65b9\u5f0f\u5916\uff0c\u8fd8\u53ef\u4ee5\u901a\u8fc7 YAML \u6587\u4ef6\u66f4\u5feb\u901f\u5730\u521b\u5efa\u521b\u5efa\u5b9a\u65f6\u4efb\u52a1\u3002
\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u4e0a\u7684 \u96c6\u7fa4\u5217\u8868 \uff0c\u7136\u540e\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u9875\u9762\u3002
\u5728\u96c6\u7fa4\u8be6\u60c5\u9875\u9762\uff0c\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u7684 \u5de5\u4f5c\u8d1f\u8f7d -> \u5b9a\u65f6\u4efb\u52a1 \uff0c\u7136\u540e\u70b9\u51fb\u9875\u9762\u53f3\u4e0a\u89d2\u7684 YAML \u521b\u5efa \u6309\u94ae\u3002
\u8f93\u5165\u6216\u7c98\u8d34\u4e8b\u5148\u51c6\u5907\u597d\u7684 YAML \u6587\u4ef6\uff0c\u70b9\u51fb \u786e\u5b9a \u5373\u53ef\u5b8c\u6210\u521b\u5efa\u3002
apiVersion: batch/v1\nkind: CronJob\nmetadata:\n creationTimestamp: '2022-12-26T09:45:47Z'\n generation: 1\n name: demo\n namespace: default\n resourceVersion: '92726617'\n uid: d030d8d7-a405-4dcd-b09a-176942ef36c9\nspec:\n concurrencyPolicy: Allow\n failedJobsHistoryLimit: 1\n jobTemplate:\n metadata:\n creationTimestamp: null\n spec:\n activeDeadlineSeconds: 360\n backoffLimit: 6\n template:\n metadata:\n creationTimestamp: null\n spec:\n containers:\n - image: nginx\n imagePullPolicy: IfNotPresent\n lifecycle: {}\n name: container-3\n resources:\n limits:\n cpu: 250m\n memory: 512Mi\n requests:\n cpu: 250m\n memory: 512Mi\n securityContext:\n privileged: false\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n dnsPolicy: ClusterFirst\n restartPolicy: Never\n schedulerName: default-scheduler\n securityContext: {}\n terminationGracePeriodSeconds: 30\n schedule: 0 0 13 * 5\n successfulJobsHistoryLimit: 3\n suspend: false\nstatus: {}\n
"},{"location":"end-user/kpanda/workloads/create-daemonset.html","title":"\u521b\u5efa\u5b88\u62a4\u8fdb\u7a0b(DaemonSet)","text":"\u672c\u6587\u4ecb\u7ecd\u5982\u4f55\u901a\u8fc7\u955c\u50cf\u548c YAML \u6587\u4ef6\u4e24\u79cd\u65b9\u5f0f\u521b\u5efa\u5b88\u62a4\u8fdb\u7a0b\uff08DaemonSet\uff09\u3002
\u5b88\u62a4\u8fdb\u7a0b\uff08DaemonSet\uff09\u901a\u8fc7\u8282\u70b9\u4eb2\u548c\u6027\u4e0e\u6c61\u70b9\u529f\u80fd\u786e\u4fdd\u5728\u5168\u90e8\u6216\u90e8\u5206\u8282\u70b9\u4e0a\u8fd0\u884c\u4e00\u4e2a Pod \u7684\u526f\u672c\u3002\u5bf9\u4e8e\u65b0\u52a0\u5165\u96c6\u7fa4\u7684\u8282\u70b9\uff0cDaemonSet \u81ea\u52a8\u5728\u65b0\u8282\u70b9\u4e0a\u90e8\u7f72\u76f8\u5e94\u7684 Pod\uff0c\u5e76\u8ddf\u8e2a Pod \u7684\u8fd0\u884c\u72b6\u6001\u3002\u5f53\u8282\u70b9\u88ab\u79fb\u9664\u65f6\uff0cDaemonSet \u5219\u5220\u9664\u5176\u521b\u5efa\u7684\u6240\u6709 Pod\u3002
\u5b88\u62a4\u8fdb\u7a0b\u7684\u5e38\u89c1\u7528\u4f8b\u5305\u62ec\uff1a
\u5728\u6bcf\u4e2a\u8282\u70b9\u4e0a\u8fd0\u884c\u96c6\u7fa4\u5b88\u62a4\u8fdb\u7a0b\u3002
\u5728\u6bcf\u4e2a\u8282\u70b9\u4e0a\u8fd0\u884c\u65e5\u5fd7\u6536\u96c6\u5b88\u62a4\u8fdb\u7a0b\u3002
\u5728\u6bcf\u4e2a\u8282\u70b9\u4e0a\u8fd0\u884c\u76d1\u63a7\u5b88\u62a4\u8fdb\u7a0b\u3002
\u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5728\u6bcf\u4e2a\u8282\u70b9\u4e0a\u4e3a\u6bcf\u79cd\u7c7b\u578b\u7684\u5b88\u62a4\u8fdb\u7a0b\u90fd\u542f\u52a8\u4e00\u4e2a DaemonSet\u3002\u5982\u9700\u66f4\u7cbe\u7ec6\u3001\u66f4\u9ad8\u7ea7\u5730\u7ba1\u7406\u5b88\u62a4\u8fdb\u7a0b\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u540c\u4e00\u79cd\u5b88\u62a4\u8fdb\u7a0b\u90e8\u7f72\u591a\u4e2a DaemonSet\u3002\u6bcf\u4e2a DaemonSet \u5177\u6709\u4e0d\u540c\u7684\u6807\u5fd7\uff0c\u5e76\u4e14\u5bf9\u4e0d\u540c\u786c\u4ef6\u7c7b\u578b\u5177\u6709\u4e0d\u540c\u7684\u5185\u5b58\u3001CPU \u8981\u6c42\u3002
"},{"location":"end-user/kpanda/workloads/create-daemonset.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u521b\u5efa DaemonSet \u4e4b\u524d\uff0c\u9700\u8981\u6ee1\u8db3\u4ee5\u4e0b\u524d\u63d0\u6761\u4ef6\uff1a
\u5728\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u4e2d\u63a5\u5165 Kubernetes \u96c6\u7fa4\u6216\u8005\u7ba1\u7406\u5458\u5df2\u4e3a\u7528\u6237\u521b\u5efa\u4e86\u96c6\u7fa4\uff0c\u4e14\u80fd\u591f\u8bbf\u95ee\u96c6\u7fa4\u7684 UI \u754c\u9762\u3002
\u521b\u5efa\u4e00\u4e2a\u547d\u540d\u7a7a\u95f4\u548c\u7528\u6237\u3002
\u5f53\u524d\u64cd\u4f5c\u7528\u6237\u5e94\u5177\u6709 NS Editor \u6216\u66f4\u9ad8\u6743\u9650\uff0c\u8be6\u60c5\u53ef\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u6388\u6743\u3002
\u5355\u4e2a\u5b9e\u4f8b\u4e2d\u6709\u591a\u4e2a\u5bb9\u5668\u65f6\uff0c\u8bf7\u786e\u4fdd\u5bb9\u5668\u4f7f\u7528\u7684\u7aef\u53e3\u4e0d\u51b2\u7a81\uff0c\u5426\u5219\u90e8\u7f72\u4f1a\u5931\u6548\u3002
\u53c2\u8003\u4ee5\u4e0b\u6b65\u9aa4\uff0c\u4f7f\u7528\u955c\u50cf\u521b\u5efa\u4e00\u4e2a\u5b88\u62a4\u8fdb\u7a0b\u3002
\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u4e0a\u7684 \u96c6\u7fa4\u5217\u8868 \uff0c\u7136\u540e\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u9875\u9762\u3002
\u5728\u96c6\u7fa4\u8be6\u60c5\u9875\u9762\uff0c\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u7684 \u5de5\u4f5c\u8d1f\u8f7d -> \u5b88\u62a4\u8fdb\u7a0b \uff0c\u7136\u540e\u70b9\u51fb\u9875\u9762\u53f3\u4e0a\u89d2\u7684 \u955c\u50cf\u521b\u5efa \u6309\u94ae\u3002
\u4f9d\u6b21\u586b\u5199\u57fa\u672c\u4fe1\u606f\u3001\u5bb9\u5668\u914d\u7f6e\u3001\u670d\u52a1\u914d\u7f6e\u3001\u9ad8\u7ea7\u914d\u7f6e\u540e\uff0c\u5728\u9875\u9762\u53f3\u4e0b\u89d2\u70b9\u51fb \u786e\u5b9a \u5b8c\u6210\u521b\u5efa\u3002
\u7cfb\u7edf\u5c06\u81ea\u52a8\u8fd4\u56de \u5b88\u62a4\u8fdb\u7a0b \u5217\u8868\u3002\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507 \uff0c\u53ef\u4ee5\u5bf9\u5b88\u62a4\u8fdb\u7a0b\u6267\u884c\u6267\u884c\u66f4\u65b0\u3001\u5220\u9664\u3001\u91cd\u542f\u7b49\u64cd\u4f5c\u3002
\u5728 \u521b\u5efa\u5b88\u62a4\u8fdb\u7a0b \u9875\u9762\u4e2d\uff0c\u6839\u636e\u4e0b\u8868\u8f93\u5165\u4fe1\u606f\u540e\uff0c\u70b9\u51fb \u4e0b\u4e00\u6b65 \u3002
\u5bb9\u5668\u914d\u7f6e\u5206\u4e3a\u57fa\u672c\u4fe1\u606f\u3001\u751f\u547d\u5468\u671f\u3001\u5065\u5eb7\u68c0\u67e5\u3001\u73af\u5883\u53d8\u91cf\u3001\u6570\u636e\u5b58\u50a8\u3001\u5b89\u5168\u8bbe\u7f6e\u516d\u90e8\u5206\uff0c\u70b9\u51fb\u4e0b\u65b9\u7684\u76f8\u5e94\u9875\u7b7e\u53ef\u67e5\u770b\u5404\u90e8\u5206\u7684\u914d\u7f6e\u8981\u6c42\u3002
\u5bb9\u5668\u914d\u7f6e\u4ec5\u9488\u5bf9\u5355\u4e2a\u5bb9\u5668\u8fdb\u884c\u914d\u7f6e\uff0c\u5982\u9700\u5728\u4e00\u4e2a\u5bb9\u5668\u7ec4\u4e2d\u6dfb\u52a0\u591a\u4e2a\u5bb9\u5668\uff0c\u53ef\u70b9\u51fb\u53f3\u4fa7\u7684 + \u6dfb\u52a0\u591a\u4e2a\u5bb9\u5668\u3002
\u57fa\u672c\u4fe1\u606f\uff08\u5fc5\u586b\uff09\u751f\u547d\u5468\u671f\uff08\u9009\u586b\uff09\u5065\u5eb7\u68c0\u67e5\uff08\u9009\u586b\uff09\u73af\u5883\u53d8\u91cf\uff08\u9009\u586b\uff09\u6570\u636e\u5b58\u50a8\uff08\u9009\u586b\uff09\u5b89\u5168\u8bbe\u7f6e\uff08\u9009\u586b\uff09\u5728\u914d\u7f6e\u5bb9\u5668\u76f8\u5173\u53c2\u6570\u65f6\uff0c\u5fc5\u987b\u6b63\u786e\u586b\u5199\u5bb9\u5668\u7684\u540d\u79f0\u3001\u955c\u50cf\u53c2\u6570\uff0c\u5426\u5219\u5c06\u65e0\u6cd5\u8fdb\u5165\u4e0b\u4e00\u6b65\u3002\u53c2\u8003\u4ee5\u4e0b\u8981\u6c42\u586b\u5199\u914d\u7f6e\u540e\uff0c\u70b9\u51fb \u786e\u8ba4 \u3002
\u5de5\u4f5c\u5bb9\u5668
\u3002\u6709\u5173\u521d\u59cb\u5316\u5bb9\u5668\uff0c\u53c2\u89c1 k8s \u5b98\u65b9\u6587\u6863\u3002\u8bbe\u7f6e GPU \u4e4b\u524d\uff0c\u9700\u8981\u7ba1\u7406\u5458\u9884\u5148\u5728\u96c6\u7fa4\u4e0a\u5b89\u88c5 GPU Operator \u548c nvidia-vgpu\uff08\u4ec5 vGPU \u6a21\u5f0f\u9700\u8981\u5b89\u88c5\uff09\uff0c\u5e76\u5728\u96c6\u7fa4\u8bbe\u7f6e\u4e2d\u5f00\u542f GPU \u7279\u6027\u3002
\u8bbe\u7f6e\u5bb9\u5668\u542f\u52a8\u65f6\u3001\u542f\u52a8\u540e\u3001\u505c\u6b62\u524d\u9700\u8981\u6267\u884c\u7684\u547d\u4ee4\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u5bb9\u5668\u751f\u547d\u5468\u671f\u914d\u7f6e\u3002
\u7528\u4e8e\u5224\u65ad\u5bb9\u5668\u548c\u5e94\u7528\u7684\u5065\u5eb7\u72b6\u6001\uff0c\u6709\u52a9\u4e8e\u63d0\u9ad8\u5e94\u7528\u7684\u53ef\u7528\u6027\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u5bb9\u5668\u5065\u5eb7\u68c0\u67e5\u914d\u7f6e\u3002
\u914d\u7f6e Pod \u5185\u7684\u5bb9\u5668\u53c2\u6570\uff0c\u4e3a Pod \u6dfb\u52a0\u73af\u5883\u53d8\u91cf\u6216\u4f20\u9012\u914d\u7f6e\u7b49\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u5bb9\u5668\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002
\u914d\u7f6e\u5bb9\u5668\u6302\u8f7d\u6570\u636e\u5377\u548c\u6570\u636e\u6301\u4e45\u5316\u7684\u8bbe\u7f6e\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u5bb9\u5668\u6570\u636e\u5b58\u50a8\u914d\u7f6e\u3002
\u901a\u8fc7 Linux \u5185\u7f6e\u7684\u8d26\u53f7\u6743\u9650\u9694\u79bb\u673a\u5236\u6765\u5bf9\u5bb9\u5668\u8fdb\u884c\u5b89\u5168\u9694\u79bb\u3002\u60a8\u53ef\u4ee5\u901a\u8fc7\u4f7f\u7528\u4e0d\u540c\u6743\u9650\u7684\u8d26\u53f7 UID\uff08\u6570\u5b57\u8eab\u4efd\u6807\u8bb0\uff09\u6765\u9650\u5236\u5bb9\u5668\u7684\u6743\u9650\u3002\u4f8b\u5982\uff0c\u8f93\u5165 0 \u8868\u793a\u4f7f\u7528 root \u8d26\u53f7\u7684\u6743\u9650\u3002
"},{"location":"end-user/kpanda/workloads/create-daemonset.html#_5","title":"\u670d\u52a1\u914d\u7f6e","text":"\u4e3a\u5b88\u62a4\u8fdb\u7a0b\u521b\u5efa\u670d\u52a1\uff08Service\uff09\uff0c\u4f7f\u5b88\u62a4\u8fdb\u7a0b\u80fd\u591f\u88ab\u5916\u90e8\u8bbf\u95ee\u3002
\u70b9\u51fb \u521b\u5efa\u670d\u52a1 \u6309\u94ae\u3002
\u914d\u7f6e\u670d\u52a1\u53c2\u6570\uff0c\u8be6\u60c5\u8bf7\u53c2\u8003\u521b\u5efa\u670d\u52a1\u3002
\u70b9\u51fb \u786e\u5b9a \uff0c\u70b9\u51fb \u4e0b\u4e00\u6b65 \u3002
\u9ad8\u7ea7\u914d\u7f6e\u5305\u62ec\u8d1f\u8f7d\u7684\u7f51\u7edc\u914d\u7f6e\u3001\u5347\u7ea7\u7b56\u7565\u3001\u8c03\u5ea6\u7b56\u7565\u3001\u6807\u7b7e\u4e0e\u6ce8\u89e3\u56db\u90e8\u5206\uff0c\u53ef\u70b9\u51fb\u4e0b\u65b9\u7684\u9875\u7b7e\u67e5\u770b\u5404\u90e8\u5206\u7684\u914d\u7f6e\u8981\u6c42\u3002
\u7f51\u7edc\u914d\u7f6e\u5347\u7ea7\u7b56\u7565\u8c03\u5ea6\u7b56\u7565\u6807\u7b7e\u4e0e\u6ce8\u89e3\u5e94\u7528\u5728\u67d0\u4e9b\u573a\u666f\u4e0b\u4f1a\u51fa\u73b0\u5197\u4f59\u7684 DNS \u67e5\u8be2\u3002Kubernetes \u4e3a\u5e94\u7528\u63d0\u4f9b\u4e86\u4e0e DNS \u76f8\u5173\u7684\u914d\u7f6e\u9009\u9879\uff0c\u80fd\u591f\u5728\u67d0\u4e9b\u573a\u666f\u4e0b\u6709\u6548\u5730\u51cf\u5c11\u5197\u4f59\u7684 DNS \u67e5\u8be2\uff0c\u63d0\u5347\u4e1a\u52a1\u5e76\u53d1\u91cf\u3002
DNS \u7b56\u7565
\u57df\u540d\u670d\u52a1\u5668\uff1a\u586b\u5199\u57df\u540d\u670d\u52a1\u5668\u7684\u5730\u5740\uff0c\u4f8b\u5982 10.6.175.20 \u3002
\u5177\u4f53\u8be6\u60c5\u8bf7\u53c2\u8003\u8c03\u5ea6\u7b56\u7565\u3002
\u53ef\u4ee5\u70b9\u51fb \u6dfb\u52a0 \u6309\u94ae\u4e3a\u5de5\u4f5c\u8d1f\u8f7d\u548c\u5bb9\u5668\u7ec4\u6dfb\u52a0\u6807\u7b7e\u548c\u6ce8\u89e3\u3002
"},{"location":"end-user/kpanda/workloads/create-daemonset.html#yaml","title":"YAML \u521b\u5efa","text":"\u9664\u4e86\u901a\u8fc7\u955c\u50cf\u65b9\u5f0f\u5916\uff0c\u8fd8\u53ef\u4ee5\u901a\u8fc7 YAML \u6587\u4ef6\u66f4\u5feb\u901f\u5730\u521b\u5efa\u521b\u5efa\u5b88\u62a4\u8fdb\u7a0b\u3002
\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u4e0a\u7684 \u96c6\u7fa4\u5217\u8868 \uff0c\u7136\u540e\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u9875\u9762\u3002
\u5728\u96c6\u7fa4\u8be6\u60c5\u9875\u9762\uff0c\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u7684 \u5de5\u4f5c\u8d1f\u8f7d -> \u5b88\u62a4\u8fdb\u7a0b \uff0c\u7136\u540e\u70b9\u51fb\u9875\u9762\u53f3\u4e0a\u89d2\u7684 YAML \u521b\u5efa \u6309\u94ae\u3002
\u8f93\u5165\u6216\u7c98\u8d34\u4e8b\u5148\u51c6\u5907\u597d\u7684 YAML \u6587\u4ef6\uff0c\u70b9\u51fb \u786e\u5b9a \u5373\u53ef\u5b8c\u6210\u521b\u5efa\u3002
kind: DaemonSet\napiVersion: apps/v1\nmetadata:\n name: hwameistor-local-disk-manager\n namespace: hwameistor\n uid: ccbdc098-7de3-4a8a-96dd-d1cee159c92b\n resourceVersion: '90999552'\n generation: 1\n creationTimestamp: '2022-12-15T09:03:44Z'\n labels:\n app.kubernetes.io/managed-by: Helm\n annotations:\n deprecated.daemonset.template.generation: '1'\n meta.helm.sh/release-name: hwameistor\n meta.helm.sh/release-namespace: hwameistor\nspec:\n selector:\n matchLabels:\n app: hwameistor-local-disk-manager\n template:\n metadata:\n creationTimestamp: null\n labels:\n app: hwameistor-local-disk-manager\n spec:\n volumes:\n - name: udev\n hostPath:\n path: /run/udev\n type: Directory\n - name: procmount\n hostPath:\n path: /proc\n type: Directory\n - name: devmount\n hostPath:\n path: /dev\n type: Directory\n - name: socket-dir\n hostPath:\n path: /var/lib/kubelet/plugins/disk.hwameistor.io\n type: DirectoryOrCreate\n - name: registration-dir\n hostPath:\n path: /var/lib/kubelet/plugins_registry/\n type: Directory\n - name: plugin-dir\n hostPath:\n path: /var/lib/kubelet/plugins\n type: DirectoryOrCreate\n - name: pods-mount-dir\n hostPath:\n path: /var/lib/kubelet/pods\n type: DirectoryOrCreate\n containers:\n - name: registrar\n image: k8s-gcr.m.daocloud.io/sig-storage/csi-node-driver-registrar:v2.5.0\n args:\n - '--v=5'\n - '--csi-address=/csi/csi.sock'\n - >-\n --kubelet-registration-path=/var/lib/kubelet/plugins/disk.hwameistor.io/csi.sock\n env:\n - name: KUBE_NODE_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: spec.nodeName\n resources: {}\n volumeMounts:\n - name: socket-dir\n mountPath: /csi\n - name: registration-dir\n mountPath: /registration\n lifecycle:\n preStop:\n exec:\n command:\n - /bin/sh\n - '-c'\n - >-\n rm -rf /registration/disk.hwameistor.io \n /registration/disk.hwameistor.io-reg.sock\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: IfNotPresent\n - name: manager\n image: ghcr.m.daocloud.io/hwameistor/local-disk-manager:v0.6.1\n command:\n - /local-disk-manager\n args:\n - '--endpoint=$(CSI_ENDPOINT)'\n - '--nodeid=$(NODENAME)'\n - '--csi-enable=true'\n env:\n - name: CSI_ENDPOINT\n value: unix://var/lib/kubelet/plugins/disk.hwameistor.io/csi.sock\n - name: NAMESPACE\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n - name: WATCH_NAMESPACE\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n - name: POD_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.name\n - name: NODENAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: spec.nodeName\n - name: OPERATOR_NAME\n value: local-disk-manager\n resources: {}\n volumeMounts:\n - name: udev\n mountPath: /run/udev\n - name: procmount\n readOnly: true\n mountPath: /host/proc\n - name: devmount\n mountPath: /dev\n - name: registration-dir\n mountPath: /var/lib/kubelet/plugins_registry\n - name: plugin-dir\n mountPath: /var/lib/kubelet/plugins\n mountPropagation: Bidirectional\n - name: pods-mount-dir\n mountPath: /var/lib/kubelet/pods\n mountPropagation: Bidirectional\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: IfNotPresent\n securityContext:\n privileged: true\n restartPolicy: Always\n terminationGracePeriodSeconds: 30\n dnsPolicy: ClusterFirst\n serviceAccountName: hwameistor-admin\n serviceAccount: hwameistor-admin\n hostNetwork: true\n hostPID: true\n securityContext: {}\n schedulerName: default-scheduler\n tolerations:\n - key: CriticalAddonsOnly\n operator: Exists\n - key: node.kubernetes.io/not-ready\n operator: Exists\n effect: NoSchedule\n - key: node-role.kubernetes.io/master\n operator: Exists\n effect: NoSchedule\n - key: node-role.kubernetes.io/control-plane\n operator: Exists\n effect: NoSchedule\n - key: node.cloudprovider.kubernetes.io/uninitialized\n operator: Exists\n effect: NoSchedule\n updateStrategy:\n type: RollingUpdate\n rollingUpdate:\n maxUnavailable: 1\n maxSurge: 0\n revisionHistoryLimit: 10\nstatus:\n currentNumberScheduled: 4\n numberMisscheduled: 0\n desiredNumberScheduled: 4\n numberReady: 4\n observedGeneration: 1\n updatedNumberScheduled: 4\n numberAvailable: 4\n
"},{"location":"end-user/kpanda/workloads/create-deployment.html","title":"\u521b\u5efa\u65e0\u72b6\u6001\u8d1f\u8f7d\uff08Deployment\uff09","text":"\u672c\u6587\u4ecb\u7ecd\u5982\u4f55\u901a\u8fc7\u955c\u50cf\u548c YAML \u6587\u4ef6\u4e24\u79cd\u65b9\u5f0f\u521b\u5efa\u65e0\u72b6\u6001\u8d1f\u8f7d\u3002
\u65e0\u72b6\u6001\u8d1f\u8f7d\uff08Deployment\uff09\u662f Kubernetes \u4e2d\u7684\u4e00\u79cd\u5e38\u89c1\u8d44\u6e90\uff0c\u4e3b\u8981\u4e3a Pod \u548c ReplicaSet \u63d0\u4f9b\u58f0\u660e\u5f0f\u66f4\u65b0\uff0c\u652f\u6301\u5f39\u6027\u4f38\u7f29\u3001\u6eda\u52a8\u5347\u7ea7\u3001\u7248\u672c\u56de\u9000\u7b49\u529f\u80fd\u3002\u5728 Deployment \u4e2d\u58f0\u660e\u671f\u671b\u7684 Pod \u72b6\u6001\uff0cDeployment Controller \u4f1a\u901a\u8fc7 ReplicaSet \u4fee\u6539\u5f53\u524d\u72b6\u6001\uff0c\u4f7f\u5176\u8fbe\u5230\u9884\u5148\u58f0\u660e\u7684\u671f\u671b\u72b6\u6001\u3002Deployment \u662f\u65e0\u72b6\u6001\u7684\uff0c\u4e0d\u652f\u6301\u6570\u636e\u6301\u4e45\u5316\uff0c\u9002\u7528\u4e8e\u90e8\u7f72\u65e0\u72b6\u6001\u7684\u3001\u4e0d\u9700\u8981\u4fdd\u5b58\u6570\u636e\u3001\u968f\u65f6\u53ef\u4ee5\u91cd\u542f\u56de\u6eda\u7684\u5e94\u7528\u3002
\u901a\u8fc7\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u7684\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\uff0c\u53ef\u4ee5\u57fa\u4e8e\u76f8\u5e94\u7684\u89d2\u8272\u6743\u9650\u8f7b\u677e\u7ba1\u7406\u591a\u4e91\u591a\u96c6\u7fa4\u4e0a\u7684\u5de5\u4f5c\u8d1f\u8f7d\uff0c\u5305\u62ec\u5bf9\u65e0\u72b6\u6001\u8d1f\u8f7d\u7684\u521b\u5efa\u3001\u66f4\u65b0\u3001\u5220\u9664\u3001\u5f39\u6027\u6269\u7f29\u3001\u91cd\u542f\u3001\u7248\u672c\u56de\u9000\u7b49\u5168\u751f\u547d\u5468\u671f\u7ba1\u7406\u3002
"},{"location":"end-user/kpanda/workloads/create-deployment.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u5728\u4f7f\u7528\u955c\u50cf\u521b\u5efa\u65e0\u72b6\u6001\u8d1f\u8f7d\u4e4b\u524d\uff0c\u9700\u8981\u6ee1\u8db3\u4ee5\u4e0b\u524d\u63d0\u6761\u4ef6\uff1a
\u5728\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u4e2d\u63a5\u5165 Kubernetes \u96c6\u7fa4\u6216\u8005\u7ba1\u7406\u5458\u5df2\u4e3a\u7528\u6237\u521b\u5efa\u4e86\u96c6\u7fa4\uff0c\u4e14\u80fd\u591f\u8bbf\u95ee\u96c6\u7fa4\u7684 UI \u754c\u9762\u3002
\u521b\u5efa\u4e00\u4e2a\u547d\u540d\u7a7a\u95f4\u548c\u7528\u6237\u3002
\u5f53\u524d\u64cd\u4f5c\u7528\u6237\u5e94\u5177\u6709 NS Editor \u6216\u66f4\u9ad8\u6743\u9650\uff0c\u8be6\u60c5\u53ef\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u6388\u6743\u3002
\u5355\u4e2a\u5b9e\u4f8b\u4e2d\u6709\u591a\u4e2a\u5bb9\u5668\u65f6\uff0c\u8bf7\u786e\u4fdd\u5bb9\u5668\u4f7f\u7528\u7684\u7aef\u53e3\u4e0d\u51b2\u7a81\uff0c\u5426\u5219\u90e8\u7f72\u4f1a\u5931\u6548\u3002
\u53c2\u8003\u4ee5\u4e0b\u6b65\u9aa4\uff0c\u4f7f\u7528\u955c\u50cf\u521b\u5efa\u4e00\u4e2a\u65e0\u72b6\u6001\u8d1f\u8f7d\u3002
\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u4e0a\u7684 \u96c6\u7fa4\u5217\u8868 \uff0c\u7136\u540e\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u9875\u9762\u3002
\u5728\u96c6\u7fa4\u8be6\u60c5\u9875\u9762\uff0c\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u7684 \u5de5\u4f5c\u8d1f\u8f7d -> \u65e0\u72b6\u6001\u8d1f\u8f7d \uff0c\u7136\u540e\u70b9\u51fb\u9875\u9762\u53f3\u4e0a\u89d2\u7684 \u955c\u50cf\u521b\u5efa \u6309\u94ae\u3002
\u4f9d\u6b21\u586b\u5199\u57fa\u672c\u4fe1\u606f\u3001\u5bb9\u5668\u914d\u7f6e\u3001\u670d\u52a1\u914d\u7f6e\u3001\u9ad8\u7ea7\u914d\u7f6e\u540e\uff0c\u5728\u9875\u9762\u53f3\u4e0b\u89d2\u70b9\u51fb \u786e\u5b9a \u5b8c\u6210\u521b\u5efa\u3002
\u7cfb\u7edf\u5c06\u81ea\u52a8\u8fd4\u56de \u65e0\u72b6\u6001\u8d1f\u8f7d \u5217\u8868\u3002\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507 \uff0c\u53ef\u4ee5\u5bf9\u8d1f\u8f7d\u6267\u884c\u6267\u884c\u66f4\u65b0\u3001\u5220\u9664\u3001\u5f39\u6027\u6269\u7f29\u3001\u91cd\u542f\u3001\u7248\u672c\u56de\u9000\u7b49\u64cd\u4f5c\u3002\u5982\u679c\u8d1f\u8f7d\u72b6\u6001\u51fa\u73b0\u5f02\u5e38\uff0c\u8bf7\u67e5\u770b\u5177\u4f53\u5f02\u5e38\u4fe1\u606f\uff0c\u53ef\u53c2\u8003\u5de5\u4f5c\u8d1f\u8f7d\u72b6\u6001\u3002
\u63cf\u8ff0\uff1a\u8f93\u5165\u8d1f\u8f7d\u7684\u63cf\u8ff0\u4fe1\u606f\uff0c\u5185\u5bb9\u81ea\u5b9a\u4e49\u3002\u5b57\u7b26\u6570\u4e0d\u8d85\u8fc7 512\u3002
\u5bb9\u5668\u914d\u7f6e\u5206\u4e3a\u57fa\u672c\u4fe1\u606f\u3001\u751f\u547d\u5468\u671f\u3001\u5065\u5eb7\u68c0\u67e5\u3001\u73af\u5883\u53d8\u91cf\u3001\u6570\u636e\u5b58\u50a8\u3001\u5b89\u5168\u8bbe\u7f6e\u516d\u90e8\u5206\uff0c\u70b9\u51fb\u4e0b\u65b9\u7684\u76f8\u5e94\u9875\u7b7e\u53ef\u67e5\u770b\u5404\u90e8\u5206\u7684\u914d\u7f6e\u8981\u6c42\u3002
\u5bb9\u5668\u914d\u7f6e\u4ec5\u9488\u5bf9\u5355\u4e2a\u5bb9\u5668\u8fdb\u884c\u914d\u7f6e\uff0c\u5982\u9700\u5728\u4e00\u4e2a\u5bb9\u5668\u7ec4\u4e2d\u6dfb\u52a0\u591a\u4e2a\u5bb9\u5668\uff0c\u53ef\u70b9\u51fb\u53f3\u4fa7\u7684 + \u6dfb\u52a0\u591a\u4e2a\u5bb9\u5668\u3002
\u57fa\u672c\u4fe1\u606f\uff08\u5fc5\u586b\uff09\u751f\u547d\u5468\u671f\uff08\u9009\u586b\uff09\u5065\u5eb7\u68c0\u67e5\uff08\u9009\u586b\uff09\u73af\u5883\u53d8\u91cf\uff08\u9009\u586b\uff09\u6570\u636e\u5b58\u50a8\uff08\u9009\u586b\uff09\u5b89\u5168\u8bbe\u7f6e\uff08\u9009\u586b\uff09\u5728\u914d\u7f6e\u5bb9\u5668\u76f8\u5173\u53c2\u6570\u65f6\uff0c\u5fc5\u987b\u6b63\u786e\u586b\u5199\u5bb9\u5668\u7684\u540d\u79f0\u3001\u955c\u50cf\u53c2\u6570\uff0c\u5426\u5219\u5c06\u65e0\u6cd5\u8fdb\u5165\u4e0b\u4e00\u6b65\u3002\u53c2\u8003\u4ee5\u4e0b\u8981\u6c42\u586b\u5199\u914d\u7f6e\u540e\uff0c\u70b9\u51fb \u786e\u8ba4 \u3002
\u5de5\u4f5c\u5bb9\u5668
\u3002\u6709\u5173\u521d\u59cb\u5316\u5bb9\u5668\uff0c\u53c2\u89c1 k8s \u5b98\u65b9\u6587\u6863\u3002\u8bbe\u7f6e GPU \u4e4b\u524d\uff0c\u9700\u8981\u7ba1\u7406\u5458\u9884\u5148\u5728\u96c6\u7fa4\u4e0a\u5b89\u88c5 GPU Operator \u548c nvidia-vgpu\uff08\u4ec5 vGPU \u6a21\u5f0f\u9700\u8981\u5b89\u88c5\uff09\uff0c\u5e76\u5728\u96c6\u7fa4\u8bbe\u7f6e\u4e2d\u5f00\u542f GPU \u7279\u6027\u3002
\u8bbe\u7f6e\u5bb9\u5668\u542f\u52a8\u65f6\u3001\u542f\u52a8\u540e\u3001\u505c\u6b62\u524d\u9700\u8981\u6267\u884c\u7684\u547d\u4ee4\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u5bb9\u5668\u751f\u547d\u5468\u671f\u914d\u7f6e\u3002
\u7528\u4e8e\u5224\u65ad\u5bb9\u5668\u548c\u5e94\u7528\u7684\u5065\u5eb7\u72b6\u6001\uff0c\u6709\u52a9\u4e8e\u63d0\u9ad8\u5e94\u7528\u7684\u53ef\u7528\u6027\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u5bb9\u5668\u5065\u5eb7\u68c0\u67e5\u914d\u7f6e\u3002
\u914d\u7f6e Pod \u5185\u7684\u5bb9\u5668\u53c2\u6570\uff0c\u4e3a Pod \u6dfb\u52a0\u73af\u5883\u53d8\u91cf\u6216\u4f20\u9012\u914d\u7f6e\u7b49\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u5bb9\u5668\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002
\u914d\u7f6e\u5bb9\u5668\u6302\u8f7d\u6570\u636e\u5377\u548c\u6570\u636e\u6301\u4e45\u5316\u7684\u8bbe\u7f6e\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u5bb9\u5668\u6570\u636e\u5b58\u50a8\u914d\u7f6e\u3002
\u901a\u8fc7 Linux \u5185\u7f6e\u7684\u8d26\u53f7\u6743\u9650\u9694\u79bb\u673a\u5236\u6765\u5bf9\u5bb9\u5668\u8fdb\u884c\u5b89\u5168\u9694\u79bb\u3002\u60a8\u53ef\u4ee5\u901a\u8fc7\u4f7f\u7528\u4e0d\u540c\u6743\u9650\u7684\u8d26\u53f7 UID\uff08\u6570\u5b57\u8eab\u4efd\u6807\u8bb0\uff09\u6765\u9650\u5236\u5bb9\u5668\u7684\u6743\u9650\u3002\u4f8b\u5982\uff0c\u8f93\u5165 0 \u8868\u793a\u4f7f\u7528 root \u8d26\u53f7\u7684\u6743\u9650\u3002
"},{"location":"end-user/kpanda/workloads/create-deployment.html#_5","title":"\u670d\u52a1\u914d\u7f6e","text":"\u4e3a\u65e0\u72b6\u6001\u8d1f\u8f7d\u914d\u7f6e\u670d\u52a1\uff08Service\uff09\uff0c\u4f7f\u65e0\u72b6\u6001\u8d1f\u8f7d\u80fd\u591f\u88ab\u5916\u90e8\u8bbf\u95ee\u3002
\u70b9\u51fb \u521b\u5efa\u670d\u52a1 \u6309\u94ae\u3002
\u53c2\u8003\u521b\u5efa\u670d\u52a1\uff0c\u914d\u7f6e\u670d\u52a1\u53c2\u6570\u3002
\u70b9\u51fb \u786e\u5b9a \uff0c\u70b9\u51fb \u4e0b\u4e00\u6b65 \u3002
\u9ad8\u7ea7\u914d\u7f6e\u5305\u62ec\u8d1f\u8f7d\u7684\u7f51\u7edc\u914d\u7f6e\u3001\u5347\u7ea7\u7b56\u7565\u3001\u8c03\u5ea6\u7b56\u7565\u3001\u6807\u7b7e\u4e0e\u6ce8\u89e3\u56db\u90e8\u5206\uff0c\u53ef\u70b9\u51fb\u4e0b\u65b9\u7684\u9875\u7b7e\u67e5\u770b\u5404\u90e8\u5206\u7684\u914d\u7f6e\u8981\u6c42\u3002
\u7f51\u7edc\u914d\u7f6e\u5347\u7ea7\u7b56\u7565\u8c03\u5ea6\u7b56\u7565\u6807\u7b7e\u4e0e\u6ce8\u89e3\u5982\u5728\u96c6\u7fa4\u4e2d\u90e8\u7f72\u4e86 SpiderPool \u548c Multus \u7ec4\u4ef6\uff0c\u5219\u53ef\u4ee5\u5728\u7f51\u7edc\u914d\u7f6e\u4e2d\u914d\u7f6e\u5bb9\u5668\u7f51\u5361\u3002
DNS \u914d\u7f6e\uff1a\u5e94\u7528\u5728\u67d0\u4e9b\u573a\u666f\u4e0b\u4f1a\u51fa\u73b0\u5197\u4f59\u7684 DNS \u67e5\u8be2\u3002Kubernetes \u4e3a\u5e94\u7528\u63d0\u4f9b\u4e86\u4e0e DNS \u76f8\u5173\u7684\u914d\u7f6e\u9009\u9879\uff0c\u80fd\u591f\u5728\u67d0\u4e9b\u573a\u666f\u4e0b\u6709\u6548\u5730\u51cf\u5c11\u5197\u4f59\u7684 DNS \u67e5\u8be2\uff0c\u63d0\u5347\u4e1a\u52a1\u5e76\u53d1\u91cf\u3002
DNS \u7b56\u7565
\u57df\u540d\u670d\u52a1\u5668\uff1a\u586b\u5199\u57df\u540d\u670d\u52a1\u5668\u7684\u5730\u5740\uff0c\u4f8b\u5982 10.6.175.20 \u3002
\u4e3b\u673a\u522b\u540d\uff1a\u4e3a\u4e3b\u673a\u8bbe\u7f6e\u7684\u522b\u540d\u3002
\u7f29\u5bb9\u65f6\u95f4\u7a97\uff1a\u8d1f\u8f7d\u505c\u6b62\u524d\u547d\u4ee4\u7684\u6267\u884c\u65f6\u95f4\u7a97\uff080-9,999\u79d2\uff09\uff0c\u9ed8\u8ba4 30 \u79d2\u3002
\u5177\u4f53\u8be6\u60c5\u8bf7\u53c2\u8003\u8c03\u5ea6\u7b56\u7565\u3002
\u53ef\u4ee5\u70b9\u51fb \u6dfb\u52a0 \u6309\u94ae\u4e3a\u5de5\u4f5c\u8d1f\u8f7d\u548c\u5bb9\u5668\u7ec4\u6dfb\u52a0\u6807\u7b7e\u548c\u6ce8\u89e3\u3002
"},{"location":"end-user/kpanda/workloads/create-deployment.html#yaml","title":"YAML \u521b\u5efa","text":"\u9664\u4e86\u901a\u8fc7\u955c\u50cf\u65b9\u5f0f\u5916\uff0c\u8fd8\u53ef\u4ee5\u901a\u8fc7 YAML \u6587\u4ef6\u66f4\u5feb\u901f\u5730\u521b\u5efa\u521b\u5efa\u65e0\u72b6\u6001\u8d1f\u8f7d\u3002
\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u4e0a\u7684 \u96c6\u7fa4\u5217\u8868 \uff0c\u7136\u540e\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u9875\u9762\u3002
\u5728\u96c6\u7fa4\u8be6\u60c5\u9875\u9762\uff0c\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u7684 \u5de5\u4f5c\u8d1f\u8f7d -> \u65e0\u72b6\u6001\u8d1f\u8f7d \uff0c\u7136\u540e\u70b9\u51fb\u9875\u9762\u53f3\u4e0a\u89d2\u7684 YAML \u521b\u5efa \u6309\u94ae\u3002
\u8f93\u5165\u6216\u7c98\u8d34\u4e8b\u5148\u51c6\u5907\u597d\u7684 YAML \u6587\u4ef6\uff0c\u70b9\u51fb \u786e\u5b9a \u5373\u53ef\u5b8c\u6210\u521b\u5efa\u3002
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: nginx-deployment\nspec:\n selector:\n matchLabels:\n app: nginx\n replicas: 2 # \u544a\u77e5 Deployment \u8fd0\u884c 2 \u4e2a\u4e0e\u8be5\u6a21\u677f\u5339\u914d\u7684 Pod\n template:\n metadata:\n labels:\n app: nginx\n spec:\n containers:\n - name: nginx\n image: nginx:1.14.2\n ports:\n - containerPort: 80\n
"},{"location":"end-user/kpanda/workloads/create-job.html","title":"\u521b\u5efa\u4efb\u52a1\uff08Job\uff09","text":"\u672c\u6587\u4ecb\u7ecd\u5982\u4f55\u901a\u8fc7\u955c\u50cf\u548c YAML \u6587\u4ef6\u4e24\u79cd\u65b9\u5f0f\u521b\u5efa\u4efb\u52a1\uff08Job\uff09\u3002
\u4efb\u52a1\uff08Job\uff09\u9002\u7528\u4e8e\u6267\u884c\u4e00\u6b21\u6027\u4efb\u52a1\u3002Job \u4f1a\u521b\u5efa\u4e00\u4e2a\u6216\u591a\u4e2a Pod\uff0cJob \u4f1a\u4e00\u76f4\u91cd\u65b0\u5c1d\u8bd5\u6267\u884c Pod\uff0c\u76f4\u5230\u6210\u529f\u7ec8\u6b62\u7684 Pod \u8fbe\u5230\u4e00\u5b9a\u6570\u91cf\u3002\u6210\u529f\u7ec8\u6b62\u7684 Pod \u8fbe\u5230\u6307\u5b9a\u7684\u6570\u91cf\u540e\uff0cJob \u4e5f\u968f\u4e4b\u7ed3\u675f\u3002\u5220\u9664 Job \u65f6\u4f1a\u4e00\u540c\u6e05\u9664\u8be5 Job \u521b\u5efa\u7684\u6240\u6709 Pod\u3002\u6682\u505c Job \u65f6\u5220\u9664\u8be5 Job \u4e2d\u7684\u6240\u6709\u6d3b\u8dc3 Pod\uff0c\u76f4\u5230 Job \u88ab\u7ee7\u7eed\u6267\u884c\u3002\u6709\u5173\u4efb\u52a1\uff08Job\uff09\u7684\u66f4\u591a\u4ecb\u7ecd\uff0c\u53ef\u53c2\u8003Job\u3002
"},{"location":"end-user/kpanda/workloads/create-job.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u5728\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u4e2d\u63a5\u5165 Kubernetes \u96c6\u7fa4\u6216\u8005\u7ba1\u7406\u5458\u5df2\u4e3a\u7528\u6237\u521b\u5efa\u4e86\u96c6\u7fa4\uff0c\u4e14\u80fd\u591f\u8bbf\u95ee\u96c6\u7fa4\u7684 UI \u754c\u9762\u3002
\u521b\u5efa\u4e00\u4e2a\u547d\u540d\u7a7a\u95f4\u548c\u7528\u6237\u3002
\u5f53\u524d\u64cd\u4f5c\u7528\u6237\u5e94\u5177\u6709 NS Editor \u6216\u66f4\u9ad8\u6743\u9650\uff0c\u8be6\u60c5\u53ef\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u6388\u6743\u3002
\u5355\u4e2a\u5b9e\u4f8b\u4e2d\u6709\u591a\u4e2a\u5bb9\u5668\u65f6\uff0c\u8bf7\u786e\u4fdd\u5bb9\u5668\u4f7f\u7528\u7684\u7aef\u53e3\u4e0d\u51b2\u7a81\uff0c\u5426\u5219\u90e8\u7f72\u4f1a\u5931\u6548\u3002
\u53c2\u8003\u4ee5\u4e0b\u6b65\u9aa4\uff0c\u4f7f\u7528\u955c\u50cf\u521b\u5efa\u4e00\u4e2a\u4efb\u52a1\u3002
\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u4e0a\u7684 \u96c6\u7fa4\u5217\u8868 \uff0c\u7136\u540e\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u9875\u9762\u3002
\u5728\u96c6\u7fa4\u8be6\u60c5\u9875\u9762\uff0c\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u7684 \u5de5\u4f5c\u8d1f\u8f7d -> \u4efb\u52a1 \uff0c\u7136\u540e\u70b9\u51fb\u9875\u9762\u53f3\u4e0a\u89d2\u7684 \u955c\u50cf\u521b\u5efa \u6309\u94ae\u3002
\u4f9d\u6b21\u586b\u5199\u57fa\u672c\u4fe1\u606f\u3001\u5bb9\u5668\u914d\u7f6e\u3001\u670d\u52a1\u914d\u7f6e\u3001\u9ad8\u7ea7\u914d\u7f6e\u540e\uff0c\u5728\u9875\u9762\u53f3\u4e0b\u89d2\u70b9\u51fb \u786e\u5b9a \u5b8c\u6210\u521b\u5efa\u3002
\u7cfb\u7edf\u5c06\u81ea\u52a8\u8fd4\u56de \u4efb\u52a1 \u5217\u8868\u3002\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507 \uff0c\u53ef\u4ee5\u5bf9\u4efb\u52a1\u6267\u884c\u6267\u884c\u66f4\u65b0\u3001\u5220\u9664\u3001\u91cd\u542f\u7b49\u64cd\u4f5c\u3002
\u5728 \u521b\u5efa\u4efb\u52a1 \u9875\u9762\u4e2d\uff0c\u6839\u636e\u4e0b\u8868\u8f93\u5165\u57fa\u672c\u4fe1\u606f\u540e\uff0c\u70b9\u51fb \u4e0b\u4e00\u6b65 \u3002
\u5bb9\u5668\u914d\u7f6e\u5206\u4e3a\u57fa\u672c\u4fe1\u606f\u3001\u751f\u547d\u5468\u671f\u3001\u5065\u5eb7\u68c0\u67e5\u3001\u73af\u5883\u53d8\u91cf\u3001\u6570\u636e\u5b58\u50a8\u3001\u5b89\u5168\u8bbe\u7f6e\u516d\u90e8\u5206\uff0c\u70b9\u51fb\u4e0b\u65b9\u7684\u76f8\u5e94\u9875\u7b7e\u53ef\u67e5\u770b\u5404\u90e8\u5206\u7684\u914d\u7f6e\u8981\u6c42\u3002
\u5bb9\u5668\u914d\u7f6e\u4ec5\u9488\u5bf9\u5355\u4e2a\u5bb9\u5668\u8fdb\u884c\u914d\u7f6e\uff0c\u5982\u9700\u5728\u4e00\u4e2a\u5bb9\u5668\u7ec4\u4e2d\u6dfb\u52a0\u591a\u4e2a\u5bb9\u5668\uff0c\u53ef\u70b9\u51fb\u53f3\u4fa7\u7684 + \u6dfb\u52a0\u591a\u4e2a\u5bb9\u5668\u3002
\u57fa\u672c\u4fe1\u606f\uff08\u5fc5\u586b\uff09\u751f\u547d\u5468\u671f\uff08\u9009\u586b\uff09\u5065\u5eb7\u68c0\u67e5\uff08\u9009\u586b\uff09\u73af\u5883\u53d8\u91cf\uff08\u9009\u586b\uff09\u6570\u636e\u5b58\u50a8\uff08\u9009\u586b\uff09\u5b89\u5168\u8bbe\u7f6e\uff08\u9009\u586b\uff09\u5728\u914d\u7f6e\u5bb9\u5668\u76f8\u5173\u53c2\u6570\u65f6\uff0c\u5fc5\u987b\u6b63\u786e\u586b\u5199\u5bb9\u5668\u7684\u540d\u79f0\u3001\u955c\u50cf\u53c2\u6570\uff0c\u5426\u5219\u5c06\u65e0\u6cd5\u8fdb\u5165\u4e0b\u4e00\u6b65\u3002\u53c2\u8003\u4ee5\u4e0b\u8981\u6c42\u586b\u5199\u914d\u7f6e\u540e\uff0c\u70b9\u51fb \u786e\u8ba4 \u3002
\u5de5\u4f5c\u5bb9\u5668
\u3002\u6709\u5173\u521d\u59cb\u5316\u5bb9\u5668\uff0c\u53c2\u89c1 k8s \u5b98\u65b9\u6587\u6863\u3002\u8bbe\u7f6e GPU \u4e4b\u524d\uff0c\u9700\u8981\u7ba1\u7406\u5458\u9884\u5148\u5728\u96c6\u7fa4\u4e0a\u5b89\u88c5 GPU Operator \u548c nvidia-vgpu\uff08\u4ec5 vGPU \u6a21\u5f0f\u9700\u8981\u5b89\u88c5\uff09\uff0c\u5e76\u5728\u96c6\u7fa4\u8bbe\u7f6e\u4e2d\u5f00\u542f GPU \u7279\u6027\u3002
\u8bbe\u7f6e\u5bb9\u5668\u542f\u52a8\u65f6\u3001\u542f\u52a8\u540e\u3001\u505c\u6b62\u524d\u9700\u8981\u6267\u884c\u7684\u547d\u4ee4\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u5bb9\u5668\u751f\u547d\u5468\u671f\u914d\u7f6e\u3002
\u7528\u4e8e\u5224\u65ad\u5bb9\u5668\u548c\u5e94\u7528\u7684\u5065\u5eb7\u72b6\u6001\uff0c\u6709\u52a9\u4e8e\u63d0\u9ad8\u5e94\u7528\u7684\u53ef\u7528\u6027\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u5bb9\u5668\u5065\u5eb7\u68c0\u67e5\u914d\u7f6e\u3002
\u914d\u7f6e Pod \u5185\u7684\u5bb9\u5668\u53c2\u6570\uff0c\u4e3a Pod \u6dfb\u52a0\u73af\u5883\u53d8\u91cf\u6216\u4f20\u9012\u914d\u7f6e\u7b49\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u5bb9\u5668\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002
\u914d\u7f6e\u5bb9\u5668\u6302\u8f7d\u6570\u636e\u5377\u548c\u6570\u636e\u6301\u4e45\u5316\u7684\u8bbe\u7f6e\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u5bb9\u5668\u6570\u636e\u5b58\u50a8\u914d\u7f6e\u3002
\u901a\u8fc7 Linux \u5185\u7f6e\u7684\u8d26\u53f7\u6743\u9650\u9694\u79bb\u673a\u5236\u6765\u5bf9\u5bb9\u5668\u8fdb\u884c\u5b89\u5168\u9694\u79bb\u3002\u60a8\u53ef\u4ee5\u901a\u8fc7\u4f7f\u7528\u4e0d\u540c\u6743\u9650\u7684\u8d26\u53f7 UID\uff08\u6570\u5b57\u8eab\u4efd\u6807\u8bb0\uff09\u6765\u9650\u5236\u5bb9\u5668\u7684\u6743\u9650\u3002\u4f8b\u5982\uff0c\u8f93\u5165 0 \u8868\u793a\u4f7f\u7528 root \u8d26\u53f7\u7684\u6743\u9650\u3002
"},{"location":"end-user/kpanda/workloads/create-job.html#_5","title":"\u9ad8\u7ea7\u914d\u7f6e","text":"\u9ad8\u7ea7\u914d\u7f6e\u5305\u62ec\u4efb\u52a1\u8bbe\u7f6e\u3001\u6807\u7b7e\u4e0e\u6ce8\u89e3\u4e24\u90e8\u5206\u3002
\u4efb\u52a1\u8bbe\u7f6e\u6807\u7b7e\u4e0e\u6ce8\u89e3\u53ef\u4ee5\u70b9\u51fb \u6dfb\u52a0 \u6309\u94ae\u4e3a\u5de5\u4f5c\u8d1f\u8f7d\u5b9e\u4f8b Pod \u6dfb\u52a0\u6807\u7b7e\u548c\u6ce8\u89e3\u3002
"},{"location":"end-user/kpanda/workloads/create-job.html#yaml","title":"YAML \u521b\u5efa","text":"\u9664\u4e86\u901a\u8fc7\u955c\u50cf\u65b9\u5f0f\u5916\uff0c\u8fd8\u53ef\u4ee5\u901a\u8fc7 YAML \u6587\u4ef6\u66f4\u5feb\u901f\u5730\u521b\u5efa\u521b\u5efa\u4efb\u52a1\u3002
\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u4e0a\u7684 \u96c6\u7fa4\u5217\u8868 \uff0c\u7136\u540e\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u9875\u9762\u3002
\u5728\u96c6\u7fa4\u8be6\u60c5\u9875\u9762\uff0c\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u7684 \u5de5\u4f5c\u8d1f\u8f7d -> \u4efb\u52a1 \uff0c\u7136\u540e\u70b9\u51fb\u9875\u9762\u53f3\u4e0a\u89d2\u7684 YAML \u521b\u5efa \u6309\u94ae\u3002
\u8f93\u5165\u6216\u7c98\u8d34\u4e8b\u5148\u51c6\u5907\u597d\u7684 YAML \u6587\u4ef6\uff0c\u70b9\u51fb \u786e\u5b9a \u5373\u53ef\u5b8c\u6210\u521b\u5efa\u3002
kind: Job\napiVersion: batch/v1\nmetadata:\n name: demo\n namespace: default\n uid: a9708239-0358-4aa1-87d3-a092c080836e\n resourceVersion: '92751876'\n generation: 1\n creationTimestamp: '2022-12-26T10:52:22Z'\n labels:\n app: demo\n controller-uid: a9708239-0358-4aa1-87d3-a092c080836e\n job-name: demo\n annotations:\n revisions: >-\n {\"1\":{\"status\":\"running\",\"uid\":\"a9708239-0358-4aa1-87d3-a092c080836e\",\"start-time\":\"2022-12-26T10:52:22Z\",\"completion-time\":\"0001-01-01T00:00:00Z\"}}\nspec:\n parallelism: 1\n backoffLimit: 6\n selector:\n matchLabels:\n controller-uid: a9708239-0358-4aa1-87d3-a092c080836e\n template:\n metadata:\n creationTimestamp: null\n labels:\n app: demo\n controller-uid: a9708239-0358-4aa1-87d3-a092c080836e\n job-name: demo\n spec:\n containers:\n - name: container-4\n image: nginx\n resources:\n limits:\n cpu: 250m\n memory: 512Mi\n requests:\n cpu: 250m\n memory: 512Mi\n lifecycle: {}\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: IfNotPresent\n securityContext:\n privileged: false\n restartPolicy: Never\n terminationGracePeriodSeconds: 30\n dnsPolicy: ClusterFirst\n securityContext: {}\n schedulerName: default-scheduler\n completionMode: NonIndexed\n suspend: false\nstatus:\n startTime: '2022-12-26T10:52:22Z'\n active: 1\n
"},{"location":"end-user/kpanda/workloads/create-statefulset.html","title":"\u521b\u5efa\u6709\u72b6\u6001\u8d1f\u8f7d\uff08StatefulSet\uff09","text":"\u672c\u6587\u4ecb\u7ecd\u5982\u4f55\u901a\u8fc7\u955c\u50cf\u548c YAML \u6587\u4ef6\u4e24\u79cd\u65b9\u5f0f\u521b\u5efa\u6709\u72b6\u6001\u8d1f\u8f7d\uff08StatefulSet\uff09\u3002
\u6709\u72b6\u6001\u8d1f\u8f7d\uff08StatefulSet\uff09\u662f Kubernetes \u4e2d\u7684\u4e00\u79cd\u5e38\u89c1\u8d44\u6e90\uff0c\u548c\u65e0\u72b6\u6001\u8d1f\u8f7d\uff08Deployment\uff09\u7c7b\u4f3c\uff0c\u4e3b\u8981\u7528\u4e8e\u7ba1\u7406 Pod \u96c6\u5408\u7684\u90e8\u7f72\u548c\u4f38\u7f29\u3002\u4e8c\u8005\u7684\u4e3b\u8981\u533a\u522b\u5728\u4e8e\uff0cDeployment \u662f\u65e0\u72b6\u6001\u7684\uff0c\u4e0d\u4fdd\u5b58\u6570\u636e\uff0c\u800c StatefulSet \u662f\u6709\u72b6\u6001\u7684\uff0c\u4e3b\u8981\u7528\u4e8e\u7ba1\u7406\u6709\u72b6\u6001\u5e94\u7528\u3002\u6b64\u5916\uff0cStatefulSet \u4e2d\u7684 Pod \u5177\u6709\u6c38\u4e45\u4e0d\u53d8\u7684 ID\uff0c\u4fbf\u4e8e\u5728\u5339\u914d\u5b58\u50a8\u5377\u65f6\u8bc6\u522b\u5bf9\u5e94\u7684 Pod\u3002
\u901a\u8fc7\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u7684\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\uff0c\u53ef\u4ee5\u57fa\u4e8e\u76f8\u5e94\u7684\u89d2\u8272\u6743\u9650\u8f7b\u677e\u7ba1\u7406\u591a\u4e91\u591a\u96c6\u7fa4\u4e0a\u7684\u5de5\u4f5c\u8d1f\u8f7d\uff0c\u5305\u62ec\u5bf9\u6709\u72b6\u6001\u5de5\u4f5c\u8d1f\u8f7d\u7684\u521b\u5efa\u3001\u66f4\u65b0\u3001\u5220\u9664\u3001\u5f39\u6027\u6269\u7f29\u3001\u91cd\u542f\u3001\u7248\u672c\u56de\u9000\u7b49\u5168\u751f\u547d\u5468\u671f\u7ba1\u7406\u3002
"},{"location":"end-user/kpanda/workloads/create-statefulset.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u5728\u4f7f\u7528\u955c\u50cf\u521b\u5efa\u6709\u72b6\u6001\u8d1f\u8f7d\u4e4b\u524d\uff0c\u9700\u8981\u6ee1\u8db3\u4ee5\u4e0b\u524d\u63d0\u6761\u4ef6\uff1a
\u5728\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u4e2d\u63a5\u5165 Kubernetes \u96c6\u7fa4\u6216\u8005\u7ba1\u7406\u5458\u5df2\u4e3a\u7528\u6237\u521b\u5efa\u4e86\u96c6\u7fa4\uff0c\u4e14\u80fd\u591f\u8bbf\u95ee\u96c6\u7fa4\u7684 UI \u754c\u9762\u3002
\u521b\u5efa\u4e00\u4e2a\u547d\u540d\u7a7a\u95f4\u548c\u7528\u6237\u3002
\u5f53\u524d\u64cd\u4f5c\u7528\u6237\u5e94\u5177\u6709 NS Editor \u6216\u66f4\u9ad8\u6743\u9650\uff0c\u8be6\u60c5\u53ef\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u6388\u6743\u3002
\u5355\u4e2a\u5b9e\u4f8b\u4e2d\u6709\u591a\u4e2a\u5bb9\u5668\u65f6\uff0c\u8bf7\u786e\u4fdd\u5bb9\u5668\u4f7f\u7528\u7684\u7aef\u53e3\u4e0d\u51b2\u7a81\uff0c\u5426\u5219\u90e8\u7f72\u4f1a\u5931\u6548\u3002
\u53c2\u8003\u4ee5\u4e0b\u6b65\u9aa4\uff0c\u4f7f\u7528\u955c\u50cf\u521b\u5efa\u4e00\u4e2a\u6709\u72b6\u6001\u8d1f\u8f7d\u3002
\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u4e0a\u7684 \u96c6\u7fa4\u5217\u8868 \uff0c\u7136\u540e\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u3002
\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u7684 \u5de5\u4f5c\u8d1f\u8f7d -> \u6709\u72b6\u6001\u8d1f\u8f7d \uff0c\u7136\u540e\u70b9\u51fb\u53f3\u4e0a\u89d2 \u955c\u50cf\u521b\u5efa \u6309\u94ae\u3002
\u4f9d\u6b21\u586b\u5199\u57fa\u672c\u4fe1\u606f\u3001\u5bb9\u5668\u914d\u7f6e\u3001\u670d\u52a1\u914d\u7f6e\u3001\u9ad8\u7ea7\u914d\u7f6e\u540e\uff0c\u5728\u9875\u9762\u53f3\u4e0b\u89d2\u70b9\u51fb \u786e\u5b9a \u5b8c\u6210\u521b\u5efa\u3002
\u7cfb\u7edf\u5c06\u81ea\u52a8\u8fd4\u56de \u6709\u72b6\u6001\u5de5\u4f5c\u8d1f\u8f7d \u5217\u8868\uff0c\u7b49\u5f85\u5de5\u4f5c\u8d1f\u8f7d\u72b6\u6001\u53d8\u4e3a \u8fd0\u884c\u4e2d \u3002\u5982\u679c\u5de5\u4f5c\u8d1f\u8f7d\u72b6\u6001\u51fa\u73b0\u5f02\u5e38\uff0c\u8bf7\u67e5\u770b\u5177\u4f53\u5f02\u5e38\u4fe1\u606f\uff0c\u53ef\u53c2\u8003\u5de5\u4f5c\u8d1f\u8f7d\u72b6\u6001\u3002
\u70b9\u51fb\u65b0\u5efa\u5de5\u4f5c\u8d1f\u8f7d\u5217\u53f3\u4fa7\u7684 \u2507 \uff0c\u53ef\u4ee5\u5bf9\u5de5\u4f5c\u8d1f\u8f7d\u6267\u884c\u6267\u884c\u66f4\u65b0\u3001\u5220\u9664\u3001\u5f39\u6027\u6269\u7f29\u3001\u91cd\u542f\u3001\u7248\u672c\u56de\u9000\u7b49\u64cd\u4f5c\u3002
\u63cf\u8ff0\uff1a\u8f93\u5165\u8d1f\u8f7d\u7684\u63cf\u8ff0\u4fe1\u606f\uff0c\u5185\u5bb9\u81ea\u5b9a\u4e49\u3002\u5b57\u7b26\u6570\u4e0d\u8d85\u8fc7 512\u3002
\u5bb9\u5668\u914d\u7f6e\u5206\u4e3a\u57fa\u672c\u4fe1\u606f\u3001\u751f\u547d\u5468\u671f\u3001\u5065\u5eb7\u68c0\u67e5\u3001\u73af\u5883\u53d8\u91cf\u3001\u6570\u636e\u5b58\u50a8\u3001\u5b89\u5168\u8bbe\u7f6e\u516d\u90e8\u5206\uff0c\u70b9\u51fb\u4e0b\u65b9\u7684\u76f8\u5e94\u9875\u7b7e\u53ef\u67e5\u770b\u5404\u90e8\u5206\u7684\u914d\u7f6e\u8981\u6c42\u3002
\u5bb9\u5668\u914d\u7f6e\u4ec5\u9488\u5bf9\u5355\u4e2a\u5bb9\u5668\u8fdb\u884c\u914d\u7f6e\uff0c\u5982\u9700\u5728\u4e00\u4e2a\u5bb9\u5668\u7ec4\u4e2d\u6dfb\u52a0\u591a\u4e2a\u5bb9\u5668\uff0c\u53ef\u70b9\u51fb\u53f3\u4fa7\u7684 + \u6dfb\u52a0\u591a\u4e2a\u5bb9\u5668\u3002
\u57fa\u672c\u4fe1\u606f\uff08\u5fc5\u586b\uff09\u751f\u547d\u5468\u671f\uff08\u9009\u586b\uff09\u5065\u5eb7\u68c0\u67e5\uff08\u9009\u586b\uff09\u73af\u5883\u53d8\u91cf\uff08\u9009\u586b\uff09\u6570\u636e\u5b58\u50a8\uff08\u9009\u586b\uff09\u5b89\u5168\u8bbe\u7f6e\uff08\u9009\u586b\uff09\u5728\u914d\u7f6e\u5bb9\u5668\u76f8\u5173\u53c2\u6570\u65f6\uff0c\u5fc5\u987b\u6b63\u786e\u586b\u5199\u5bb9\u5668\u7684\u540d\u79f0\u3001\u955c\u50cf\u53c2\u6570\uff0c\u5426\u5219\u5c06\u65e0\u6cd5\u8fdb\u5165\u4e0b\u4e00\u6b65\u3002\u53c2\u8003\u4ee5\u4e0b\u8981\u6c42\u586b\u5199\u914d\u7f6e\u540e\uff0c\u70b9\u51fb \u786e\u8ba4 \u3002
\u5de5\u4f5c\u5bb9\u5668
\u3002\u6709\u5173\u521d\u59cb\u5316\u5bb9\u5668\uff0c\u53c2\u89c1 k8s \u5b98\u65b9\u6587\u6863\u3002\u8bbe\u7f6e GPU \u4e4b\u524d\uff0c\u9700\u8981\u7ba1\u7406\u5458\u9884\u5148\u5728\u96c6\u7fa4\u4e0a\u5b89\u88c5 GPU Operator \u548c nvidia-vgpu\uff08\u4ec5 vGPU \u6a21\u5f0f\u9700\u8981\u5b89\u88c5\uff09\uff0c\u5e76\u5728\u96c6\u7fa4\u8bbe\u7f6e\u4e2d\u5f00\u542f GPU \u7279\u6027\u3002
\u8bbe\u7f6e\u5bb9\u5668\u542f\u52a8\u65f6\u3001\u542f\u52a8\u540e\u3001\u505c\u6b62\u524d\u9700\u8981\u6267\u884c\u7684\u547d\u4ee4\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u5bb9\u5668\u751f\u547d\u5468\u671f\u914d\u7f6e\u3002
\u7528\u4e8e\u5224\u65ad\u5bb9\u5668\u548c\u5e94\u7528\u7684\u5065\u5eb7\u72b6\u6001\u3002\u6709\u52a9\u4e8e\u63d0\u9ad8\u5e94\u7528\u7684\u53ef\u7528\u6027\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u5bb9\u5668\u5065\u5eb7\u68c0\u67e5\u914d\u7f6e\u3002
\u914d\u7f6e Pod \u5185\u7684\u5bb9\u5668\u53c2\u6570\uff0c\u4e3a Pod \u6dfb\u52a0\u73af\u5883\u53d8\u91cf\u6216\u4f20\u9012\u914d\u7f6e\u7b49\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u5bb9\u5668\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002
\u914d\u7f6e\u5bb9\u5668\u6302\u8f7d\u6570\u636e\u5377\u548c\u6570\u636e\u6301\u4e45\u5316\u7684\u8bbe\u7f6e\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u5bb9\u5668\u6570\u636e\u5b58\u50a8\u914d\u7f6e\u3002
\u901a\u8fc7 Linux \u5185\u7f6e\u7684\u8d26\u53f7\u6743\u9650\u9694\u79bb\u673a\u5236\u6765\u5bf9\u5bb9\u5668\u8fdb\u884c\u5b89\u5168\u9694\u79bb\u3002\u60a8\u53ef\u4ee5\u901a\u8fc7\u4f7f\u7528\u4e0d\u540c\u6743\u9650\u7684\u8d26\u53f7 UID\uff08\u6570\u5b57\u8eab\u4efd\u6807\u8bb0\uff09\u6765\u9650\u5236\u5bb9\u5668\u7684\u6743\u9650\u3002\u4f8b\u5982\uff0c\u8f93\u5165 0 \u8868\u793a\u4f7f\u7528 root \u8d26\u53f7\u7684\u6743\u9650\u3002
"},{"location":"end-user/kpanda/workloads/create-statefulset.html#_5","title":"\u670d\u52a1\u914d\u7f6e","text":"\u4e3a\u6709\u72b6\u6001\u8d1f\u8f7d\u914d\u7f6e\u670d\u52a1\uff08Service\uff09\uff0c\u4f7f\u6709\u72b6\u6001\u8d1f\u8f7d\u80fd\u591f\u88ab\u5916\u90e8\u8bbf\u95ee\u3002
\u70b9\u51fb \u521b\u5efa\u670d\u52a1 \u6309\u94ae\u3002
\u53c2\u8003\u521b\u5efa\u670d\u52a1\uff0c\u914d\u7f6e\u670d\u52a1\u53c2\u6570\u3002
\u70b9\u51fb \u786e\u5b9a \uff0c\u70b9\u51fb \u4e0b\u4e00\u6b65 \u3002
\u9ad8\u7ea7\u914d\u7f6e\u5305\u62ec\u8d1f\u8f7d\u7684\u7f51\u7edc\u914d\u7f6e\u3001\u5347\u7ea7\u7b56\u7565\u3001\u8c03\u5ea6\u7b56\u7565\u3001\u6807\u7b7e\u4e0e\u6ce8\u89e3\u56db\u90e8\u5206\uff0c\u53ef\u70b9\u51fb\u4e0b\u65b9\u7684\u9875\u7b7e\u67e5\u770b\u5404\u90e8\u5206\u7684\u914d\u7f6e\u8981\u6c42\u3002
\u7f51\u7edc\u914d\u7f6e\u5347\u7ea7\u7b56\u7565\u5bb9\u5668\u7ba1\u7406\u7b56\u7565\u8c03\u5ea6\u7b56\u7565\u6807\u7b7e\u4e0e\u6ce8\u89e3\u5982\u5728\u96c6\u7fa4\u4e2d\u90e8\u7f72\u4e86 SpiderPool \u548c Multus \u7ec4\u4ef6\uff0c\u5219\u53ef\u4ee5\u5728\u7f51\u7edc\u914d\u7f6e\u4e2d\u914d\u7f6e\u5bb9\u5668\u7f51\u5361\u3002
DNS \u914d\u7f6e\uff1a\u5e94\u7528\u5728\u67d0\u4e9b\u573a\u666f\u4e0b\u4f1a\u51fa\u73b0\u5197\u4f59\u7684 DNS \u67e5\u8be2\u3002Kubernetes \u4e3a\u5e94\u7528\u63d0\u4f9b\u4e86\u4e0e DNS \u76f8\u5173\u7684\u914d\u7f6e\u9009\u9879\uff0c\u80fd\u591f\u5728\u67d0\u4e9b\u573a\u666f\u4e0b\u6709\u6548\u5730\u51cf\u5c11\u5197\u4f59\u7684 DNS \u67e5\u8be2\uff0c\u63d0\u5347\u4e1a\u52a1\u5e76\u53d1\u91cf\u3002
DNS \u7b56\u7565
\u57df\u540d\u670d\u52a1\u5668\uff1a\u586b\u5199\u57df\u540d\u670d\u52a1\u5668\u7684\u5730\u5740\uff0c\u4f8b\u5982 10.6.175.20 \u3002
\u4e3b\u673a\u522b\u540d\uff1a\u4e3a\u4e3b\u673a\u8bbe\u7f6e\u7684\u522b\u540d\u3002
\u7f29\u5bb9\u65f6\u95f4\u7a97\uff1a\u8d1f\u8f7d\u505c\u6b62\u524d\u547d\u4ee4\u7684\u6267\u884c\u65f6\u95f4\u7a97\uff080-9,999\u79d2\uff09\uff0c\u9ed8\u8ba4 30 \u79d2\u3002
Kubernetes v1.7 \u53ca\u5176\u4e4b\u540e\u7684\u7248\u672c\u53ef\u4ee5\u901a\u8fc7 .spec.podManagementPolicy \u8bbe\u7f6e Pod \u7684\u7ba1\u7406\u7b56\u7565\uff0c\u652f\u6301\u4ee5\u4e0b\u4e24\u79cd\u65b9\u5f0f\uff1a
\u6309\u5e8f\u7b56\u7565\uff08OrderedReady\uff09 \uff1a\u9ed8\u8ba4\u7684 Pod \u7ba1\u7406\u7b56\u7565\uff0c\u8868\u793a\u6309\u987a\u5e8f\u90e8\u7f72 Pod\uff0c\u53ea\u6709\u524d\u4e00\u4e2a Pod \u90e8\u7f72 \u6210\u529f\u5b8c\u6210\u540e\uff0c\u6709\u72b6\u6001\u8d1f\u8f7d\u624d\u4f1a\u5f00\u59cb\u90e8\u7f72\u4e0b\u4e00\u4e2a Pod\u3002\u5220\u9664 Pod \u65f6\u5219\u91c7\u7528\u9006\u5e8f\uff0c\u6700\u540e\u521b\u5efa\u7684\u6700\u5148\u88ab\u5220\u9664\u3002
\u5e76\u884c\u7b56\u7565\uff08Parallel\uff09 \uff1a\u5e76\u884c\u521b\u5efa\u6216\u5220\u9664\u5bb9\u5668\uff0c\u548c Deployment \u7c7b\u578b\u7684 Pod \u4e00\u6837\u3002StatefulSet \u63a7\u5236\u5668\u5e76\u884c\u5730\u542f\u52a8\u6216\u7ec8\u6b62\u6240\u6709\u7684\u5bb9\u5668\u3002\u542f\u52a8\u6216\u8005\u7ec8\u6b62\u5176\u4ed6 Pod \u524d\uff0c\u65e0\u9700\u7b49\u5f85 Pod \u8fdb\u5165 Running \u548c ready \u6216\u8005\u5b8c\u5168\u505c\u6b62\u72b6\u6001\u3002 \u8fd9\u4e2a\u9009\u9879\u53ea\u4f1a\u5f71\u54cd\u6269\u7f29\u64cd\u4f5c\u7684\u884c\u4e3a\uff0c\u4e0d\u5f71\u54cd\u66f4\u65b0\u65f6\u7684\u987a\u5e8f\u3002
\u5177\u4f53\u8be6\u60c5\u8bf7\u53c2\u8003\u8c03\u5ea6\u7b56\u7565\u3002
![\u8c03\u5ea6\u7b56\u7565](../../../images/deploy15_1.png)\n
\u53ef\u4ee5\u70b9\u51fb \u6dfb\u52a0 \u6309\u94ae\u4e3a\u5de5\u4f5c\u8d1f\u8f7d\u548c\u5bb9\u5668\u7ec4\u6dfb\u52a0\u6807\u7b7e\u548c\u6ce8\u89e3\u3002
"},{"location":"end-user/kpanda/workloads/create-statefulset.html#yaml","title":"YAML \u521b\u5efa","text":"\u9664\u4e86\u901a\u8fc7\u955c\u50cf\u65b9\u5f0f\u5916\uff0c\u8fd8\u53ef\u4ee5\u901a\u8fc7 YAML \u6587\u4ef6\u66f4\u5feb\u901f\u5730\u521b\u5efa\u521b\u5efa\u6709\u72b6\u6001\u8d1f\u8f7d\u3002
\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u4e0a\u7684 \u96c6\u7fa4\u5217\u8868 \uff0c\u7136\u540e\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u9875\u9762\u3002
\u5728\u96c6\u7fa4\u8be6\u60c5\u9875\u9762\uff0c\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u7684 \u5de5\u4f5c\u8d1f\u8f7d -> \u6709\u72b6\u6001\u8d1f\u8f7d \uff0c\u7136\u540e\u70b9\u51fb\u9875\u9762\u53f3\u4e0a\u89d2\u7684 YAML \u521b\u5efa \u6309\u94ae\u3002
\u8f93\u5165\u6216\u7c98\u8d34\u4e8b\u5148\u51c6\u5907\u597d\u7684 YAML \u6587\u4ef6\uff0c\u70b9\u51fb \u786e\u5b9a \u5373\u53ef\u5b8c\u6210\u521b\u5efa\u3002
kind: StatefulSet\napiVersion: apps/v1\nmetadata:\n name: test-mysql-123-mysql\n namespace: default\n uid: d3f45527-a0ab-4b22-9013-5842a06f4e0e\n resourceVersion: '20504385'\n generation: 1\n creationTimestamp: '2022-09-22T09:34:10Z'\n ownerReferences:\n - apiVersion: mysql.presslabs.org/v1alpha1\n kind: MysqlCluster\n name: test-mysql-123\n uid: 5e877cc3-5167-49da-904e-820940cf1a6d\n controller: true\n blockOwnerDeletion: true\nspec:\n replicas: 1\n selector:\n matchLabels:\n app.kubernetes.io/managed-by: mysql.presslabs.org\n app.kubernetes.io/name: mysql\n mysql.presslabs.org/cluster: test-mysql-123\n template:\n metadata:\n creationTimestamp: null\n labels:\n app.kubernetes.io/component: database\n app.kubernetes.io/instance: test-mysql-123\n app.kubernetes.io/managed-by: mysql.presslabs.org\n app.kubernetes.io/name: mysql\n app.kubernetes.io/version: 5.7.31\n mysql.presslabs.org/cluster: test-mysql-123\n annotations:\n config_rev: '13941099'\n prometheus.io/port: '9125'\n prometheus.io/scrape: 'true'\n secret_rev: '13941101'\n spec:\n volumes:\n - name: conf\n emptyDir: {}\n - name: init-scripts\n emptyDir: {}\n - name: config-map\n configMap:\n name: test-mysql-123-mysql\n defaultMode: 420\n - name: data\n persistentVolumeClaim:\n claimName: data\n initContainers:\n - name: init\n image: docker.m.daocloud.io/bitpoke/mysql-operator-sidecar-5.7:v0.6.1\n args:\n - clone-and-init\n envFrom:\n - secretRef:\n name: test-mysql-123-mysql-operated\n env:\n - name: MY_NAMESPACE\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n - name: MY_POD_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.name\n - name: MY_POD_IP\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: status.podIP\n - name: MY_SERVICE_NAME\n value: mysql\n - name: MY_CLUSTER_NAME\n value: test-mysql-123\n - name: MY_FQDN\n value: $(MY_POD_NAME).$(MY_SERVICE_NAME).$(MY_NAMESPACE)\n - name: MY_MYSQL_VERSION\n value: 5.7.31\n - name: BACKUP_USER\n valueFrom:\n secretKeyRef:\n name: test-mysql-123-mysql-operated\n key: BACKUP_USER\n optional: true\n - name: BACKUP_PASSWORD\n valueFrom:\n secretKeyRef:\n name: test-mysql-123-mysql-operated\n key: BACKUP_PASSWORD\n optional: true\n resources: {}\n volumeMounts:\n - name: conf\n mountPath: /etc/mysql\n - name: config-map\n mountPath: /mnt/conf\n - name: data\n mountPath: /var/lib/mysql\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: IfNotPresent\n containers:\n - name: mysql\n image: docker.m.daocloud.io/mysql:5.7.31\n ports:\n - name: mysql\n containerPort: 3306\n protocol: TCP\n env:\n - name: MY_NAMESPACE\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n - name: MY_POD_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.name\n - name: MY_POD_IP\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: status.podIP\n - name: MY_SERVICE_NAME\n value: mysql\n - name: MY_CLUSTER_NAME\n value: test-mysql-123\n - name: MY_FQDN\n value: $(MY_POD_NAME).$(MY_SERVICE_NAME).$(MY_NAMESPACE)\n - name: MY_MYSQL_VERSION\n value: 5.7.31\n - name: ORCH_CLUSTER_ALIAS\n value: test-mysql-123.default\n - name: ORCH_HTTP_API\n value: http://mysql-operator.mcamel-system/api\n - name: MYSQL_ROOT_PASSWORD\n valueFrom:\n secretKeyRef:\n name: test-mysql-123-secret\n key: ROOT_PASSWORD\n optional: false\n - name: MYSQL_USER\n valueFrom:\n secretKeyRef:\n name: test-mysql-123-secret\n key: USER\n optional: true\n - name: MYSQL_PASSWORD\n valueFrom:\n secretKeyRef:\n name: test-mysql-123-secret\n key: PASSWORD\n optional: true\n - name: MYSQL_DATABASE\n valueFrom:\n secretKeyRef:\n name: test-mysql-123-secret\n key: DATABASE\n optional: true\n resources:\n limits:\n cpu: '1'\n memory: 1Gi\n requests:\n cpu: 100m\n memory: 512Mi\n volumeMounts:\n - name: conf\n mountPath: /etc/mysql\n - name: data\n mountPath: /var/lib/mysql\n livenessProbe:\n exec:\n command:\n - mysqladmin\n - '--defaults-file=/etc/mysql/client.conf'\n - ping\n initialDelaySeconds: 60\n timeoutSeconds: 5\n periodSeconds: 5\n successThreshold: 1\n failureThreshold: 3\n readinessProbe:\n exec:\n command:\n - /bin/sh\n - '-c'\n - >-\n test $(mysql --defaults-file=/etc/mysql/client.conf -NB -e\n 'SELECT COUNT(*) FROM sys_operator.status WHERE\n name=\"configured\" AND value=\"1\"') -eq 1\n initialDelaySeconds: 5\n timeoutSeconds: 5\n periodSeconds: 2\n successThreshold: 1\n failureThreshold: 3\n lifecycle:\n preStop:\n exec:\n command:\n - bash\n - /etc/mysql/pre-shutdown-ha.sh\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: IfNotPresent\n - name: sidecar\n image: docker.m.daocloud.io/bitpoke/mysql-operator-sidecar-5.7:v0.6.1\n args:\n - config-and-serve\n ports:\n - name: sidecar-http\n containerPort: 8080\n protocol: TCP\n envFrom:\n - secretRef:\n name: test-mysql-123-mysql-operated\n env:\n - name: MY_NAMESPACE\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n - name: MY_POD_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.name\n - name: MY_POD_IP\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: status.podIP\n - name: MY_SERVICE_NAME\n value: mysql\n - name: MY_CLUSTER_NAME\n value: test-mysql-123\n - name: MY_FQDN\n value: $(MY_POD_NAME).$(MY_SERVICE_NAME).$(MY_NAMESPACE)\n - name: MY_MYSQL_VERSION\n value: 5.7.31\n - name: XTRABACKUP_TARGET_DIR\n value: /tmp/xtrabackup_backupfiles/\n resources:\n limits:\n cpu: '1'\n memory: 1Gi\n requests:\n cpu: 10m\n memory: 64Mi\n volumeMounts:\n - name: conf\n mountPath: /etc/mysql\n - name: data\n mountPath: /var/lib/mysql\n readinessProbe:\n httpGet:\n path: /health\n port: 8080\n scheme: HTTP\n initialDelaySeconds: 30\n timeoutSeconds: 5\n periodSeconds: 5\n successThreshold: 1\n failureThreshold: 3\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: IfNotPresent\n - name: metrics-exporter\n image: prom/mysqld-exporter:v0.13.0\n args:\n - '--web.listen-address=0.0.0.0:9125'\n - '--web.telemetry-path=/metrics'\n - '--collect.heartbeat'\n - '--collect.heartbeat.database=sys_operator'\n ports:\n - name: prometheus\n containerPort: 9125\n protocol: TCP\n env:\n - name: MY_NAMESPACE\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n - name: MY_POD_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.name\n - name: MY_POD_IP\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: status.podIP\n - name: MY_SERVICE_NAME\n value: mysql\n - name: MY_CLUSTER_NAME\n value: test-mysql-123\n - name: MY_FQDN\n value: $(MY_POD_NAME).$(MY_SERVICE_NAME).$(MY_NAMESPACE)\n - name: MY_MYSQL_VERSION\n value: 5.7.31\n - name: USER\n valueFrom:\n secretKeyRef:\n name: test-mysql-123-mysql-operated\n key: METRICS_EXPORTER_USER\n optional: false\n - name: PASSWORD\n valueFrom:\n secretKeyRef:\n name: test-mysql-123-mysql-operated\n key: METRICS_EXPORTER_PASSWORD\n optional: false\n - name: DATA_SOURCE_NAME\n value: $(USER):$(PASSWORD)@(127.0.0.1:3306)/\n resources:\n limits:\n cpu: 100m\n memory: 128Mi\n requests:\n cpu: 10m\n memory: 32Mi\n livenessProbe:\n httpGet:\n path: /metrics\n port: 9125\n scheme: HTTP\n initialDelaySeconds: 30\n timeoutSeconds: 30\n periodSeconds: 30\n successThreshold: 1\n failureThreshold: 3\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: IfNotPresent\n - name: pt-heartbeat\n image: docker.m.daocloud.io/bitpoke/mysql-operator-sidecar-5.7:v0.6.1\n args:\n - pt-heartbeat\n - '--update'\n - '--replace'\n - '--check-read-only'\n - '--create-table'\n - '--database'\n - sys_operator\n - '--table'\n - heartbeat\n - '--utc'\n - '--defaults-file'\n - /etc/mysql/heartbeat.conf\n - '--fail-successive-errors=20'\n env:\n - name: MY_NAMESPACE\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n - name: MY_POD_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.name\n - name: MY_POD_IP\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: status.podIP\n - name: MY_SERVICE_NAME\n value: mysql\n - name: MY_CLUSTER_NAME\n value: test-mysql-123\n - name: MY_FQDN\n value: $(MY_POD_NAME).$(MY_SERVICE_NAME).$(MY_NAMESPACE)\n - name: MY_MYSQL_VERSION\n value: 5.7.31\n resources:\n limits:\n cpu: 100m\n memory: 64Mi\n requests:\n cpu: 10m\n memory: 32Mi\n volumeMounts:\n - name: conf\n mountPath: /etc/mysql\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: IfNotPresent\n restartPolicy: Always\n terminationGracePeriodSeconds: 30\n dnsPolicy: ClusterFirst\n securityContext:\n runAsUser: 999\n fsGroup: 999\n affinity:\n podAntiAffinity:\n preferredDuringSchedulingIgnoredDuringExecution:\n - weight: 100\n podAffinityTerm:\n labelSelector:\n matchLabels:\n app.kubernetes.io/component: database\n app.kubernetes.io/instance: test-mysql-123\n app.kubernetes.io/managed-by: mysql.presslabs.org\n app.kubernetes.io/name: mysql\n app.kubernetes.io/version: 5.7.31\n mysql.presslabs.org/cluster: test-mysql-123\n topologyKey: kubernetes.io/hostname\n schedulerName: default-scheduler\n volumeClaimTemplates:\n - kind: PersistentVolumeClaim\n apiVersion: v1\n metadata:\n name: data\n creationTimestamp: null\n ownerReferences:\n - apiVersion: mysql.presslabs.org/v1alpha1\n kind: MysqlCluster\n name: test-mysql-123\n uid: 5e877cc3-5167-49da-904e-820940cf1a6d\n controller: true\n spec:\n accessModes:\n - ReadWriteOnce\n resources:\n limits:\n storage: 1Gi\n requests:\n storage: 1Gi\n storageClassName: local-path\n volumeMode: Filesystem\n status:\n phase: Pending\n serviceName: mysql\n podManagementPolicy: OrderedReady\n updateStrategy:\n type: RollingUpdate\n rollingUpdate:\n partition: 0\n revisionHistoryLimit: 10\nstatus:\n observedGeneration: 1\n replicas: 1\n readyReplicas: 1\n currentReplicas: 1\n updatedReplicas: 1\n currentRevision: test-mysql-123-mysql-6b8f5577c7\n updateRevision: test-mysql-123-mysql-6b8f5577c7\n collisionCount: 0\n availableReplicas: 1\n
"},{"location":"end-user/kpanda/workloads/pod-config/env-variables.html","title":"\u914d\u7f6e\u73af\u5883\u53d8\u91cf","text":"\u73af\u5883\u53d8\u91cf\u662f\u6307\u5bb9\u5668\u8fd0\u884c\u73af\u5883\u4e2d\u8bbe\u5b9a\u7684\u4e00\u4e2a\u53d8\u91cf\uff0c\u7528\u4e8e\u7ed9 Pod \u6dfb\u52a0\u73af\u5883\u6807\u5fd7\u6216\u4f20\u9012\u914d\u7f6e\u7b49\uff0c\u652f\u6301\u901a\u8fc7\u952e\u503c\u5bf9\u7684\u5f62\u5f0f\u4e3a Pod \u914d\u7f6e\u73af\u5883\u53d8\u91cf\u3002
\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u5bb9\u5668\u7ba1\u7406\u5728\u539f\u751f Kubernetes \u7684\u57fa\u7840\u4e0a\u589e\u52a0\u4e86\u56fe\u5f62\u5316\u754c\u9762\u4e3a Pod \u914d\u7f6e\u73af\u5883\u53d8\u91cf\uff0c\u652f\u6301\u4ee5\u4e0b\u51e0\u79cd\u914d\u7f6e\u65b9\u5f0f\uff1a
\u5bb9\u5668\u5065\u5eb7\u68c0\u67e5\u6839\u636e\u7528\u6237\u9700\u6c42\uff0c\u68c0\u67e5\u5bb9\u5668\u7684\u5065\u5eb7\u72b6\u51b5\u3002\u914d\u7f6e\u540e\uff0c\u5bb9\u5668\u5185\u7684\u5e94\u7528\u7a0b\u5e8f\u5165\u5982\u679c\u5f02\u5e38\uff0c\u5bb9\u5668\u4f1a\u81ea\u52a8\u8fdb\u884c\u91cd\u542f\u6062\u590d\u3002Kubernetes \u63d0\u4f9b\u4e86\u5b58\u6d3b\uff08Liveness\uff09\u68c0\u67e5\u3001\u5c31\u7eea\uff08Readiness\uff09\u68c0\u67e5\u548c\u542f\u52a8\uff08Startup\uff09\u68c0\u67e5\u3002
\u5b58\u6d3b\u68c0\u67e5\uff08LivenessProbe\uff09 \u53ef\u63a2\u6d4b\u5230\u5e94\u7528\u6b7b\u9501\uff08\u5e94\u7528\u7a0b\u5e8f\u5728\u8fd0\u884c\uff0c\u4f46\u662f\u65e0\u6cd5\u7ee7\u7eed\u6267\u884c\u540e\u9762\u7684\u6b65\u9aa4\uff09\u60c5\u51b5\u3002 \u91cd\u542f\u8fd9\u79cd\u72b6\u6001\u4e0b\u7684\u5bb9\u5668\u6709\u52a9\u4e8e\u63d0\u9ad8\u5e94\u7528\u7684\u53ef\u7528\u6027\uff0c\u5373\u4f7f\u5176\u4e2d\u5b58\u5728\u7f3a\u9677\u3002
\u5c31\u7eea\u68c0\u67e5\uff08ReadinessProbe\uff09 \u53ef\u63a2\u77e5\u5bb9\u5668\u4f55\u65f6\u51c6\u5907\u597d\u63a5\u53d7\u8bf7\u6c42\u6d41\u91cf\uff0c\u5f53\u4e00\u4e2a Pod \u5185\u7684\u6240\u6709\u5bb9\u5668\u90fd\u5c31\u7eea\u65f6\uff0c\u624d\u80fd\u8ba4\u4e3a\u8be5 Pod \u5c31\u7eea\u3002 \u8fd9\u79cd\u4fe1\u53f7\u7684\u4e00\u4e2a\u7528\u9014\u5c31\u662f\u63a7\u5236\u54ea\u4e2a Pod \u4f5c\u4e3a Service \u7684\u540e\u7aef\u3002 \u82e5 Pod \u5c1a\u672a\u5c31\u7eea\uff0c\u4f1a\u88ab\u4ece Service \u7684\u8d1f\u8f7d\u5747\u8861\u5668\u4e2d\u5254\u9664\u3002
\u542f\u52a8\u68c0\u67e5\uff08StartupProbe\uff09 \u53ef\u4ee5\u4e86\u89e3\u5e94\u7528\u5bb9\u5668\u4f55\u65f6\u542f\u52a8\uff0c\u914d\u7f6e\u540e\uff0c\u53ef\u63a7\u5236\u5bb9\u5668\u5728\u542f\u52a8\u6210\u529f\u540e\u518d\u8fdb\u884c\u5b58\u6d3b\u6027\u548c\u5c31\u7eea\u6001\u68c0\u67e5\uff0c \u786e\u4fdd\u8fd9\u4e9b\u5b58\u6d3b\u3001\u5c31\u7eea\u63a2\u6d4b\u5668\u4e0d\u4f1a\u5f71\u54cd\u5e94\u7528\u7684\u542f\u52a8\u3002 \u542f\u52a8\u63a2\u6d4b\u53ef\u4ee5\u7528\u4e8e\u5bf9\u6162\u542f\u52a8\u5bb9\u5668\u8fdb\u884c\u5b58\u6d3b\u6027\u68c0\u6d4b\uff0c\u907f\u514d\u5b83\u4eec\u5728\u542f\u52a8\u8fd0\u884c\u4e4b\u524d\u5c31\u88ab\u6740\u6389\u3002
\u5b58\u6d3b\u68c0\u67e5\uff08LivenessProbe\uff09\u7684\u914d\u7f6e\u548c\u5c31\u7eea\u68c0\u67e5\uff08ReadinessProbe\uff09\u7684\u914d\u7f6e\u53c2\u6570\u76f8\u4f3c\uff0c \u552f\u4e00\u533a\u522b\u662f\u8981\u4f7f\u7528 readinessProbe \u5b57\u6bb5\uff0c\u800c\u4e0d\u662f livenessProbe \u5b57\u6bb5\u3002
HTTP GET \u53c2\u6570\u8bf4\u660e\uff1a
\u53c2\u6570 \u53c2\u6570\u8bf4\u660e \u8def\u5f84\uff08 Path\uff09 \u8bbf\u95ee\u7684\u8bf7\u6c42\u8def\u5f84\u3002\u5982\uff1a \u793a\u4f8b\u4e2d\u7684 /healthz \u8def\u5f84 \u7aef\u53e3(Port) \u670d\u52a1\u76d1\u542c\u7aef\u53e3\u3002 \u5982\uff1a \u793a\u4f8b\u4e2d\u7684 8080 \u7aef\u53e3 \u534f\u8bae \u8bbf\u95ee\u534f\u8bae\uff0cHttp \u6216\u8005Https \u5ef6\u8fdf\u65f6\u95f4\uff08initialDelaySeconds\uff09 \u5ef6\u8fdf\u68c0\u67e5\u65f6\u95f4\uff0c\u5355\u4f4d\u4e3a\u79d2\uff0c\u6b64\u8bbe\u7f6e\u4e0e\u4e1a\u52a1\u7a0b\u5e8f\u6b63\u5e38\u542f\u52a8\u65f6\u95f4\u76f8\u5173\u3002\u4f8b\u5982\uff0c\u8bbe\u7f6e\u4e3a30\uff0c\u8868\u660e\u5bb9\u5668\u542f\u52a8\u540e30\u79d2\u624d\u5f00\u59cb\u5065\u5eb7\u68c0\u67e5\uff0c\u8be5\u65f6\u95f4\u662f\u9884\u7559\u7ed9\u4e1a\u52a1\u7a0b\u5e8f\u542f\u52a8\u7684\u65f6\u95f4\u3002 \u8d85\u65f6\u65f6\u95f4\uff08timeoutSeconds\uff09 \u8d85\u65f6\u65f6\u95f4\uff0c\u5355\u4f4d\u4e3a\u79d2\u3002\u4f8b\u5982\uff0c\u8bbe\u7f6e\u4e3a10\uff0c\u8868\u660e\u6267\u884c\u5065\u5eb7\u68c0\u67e5\u7684\u8d85\u65f6\u7b49\u5f85\u65f6\u95f4\u4e3a10\u79d2\uff0c\u5982\u679c\u8d85\u8fc7\u8fd9\u4e2a\u65f6\u95f4\uff0c\u672c\u6b21\u5065\u5eb7\u68c0\u67e5\u5c31\u88ab\u89c6\u4e3a\u5931\u8d25\u3002\u82e5\u8bbe\u7f6e\u4e3a0\u6216\u4e0d\u8bbe\u7f6e\uff0c\u9ed8\u8ba4\u8d85\u65f6\u7b49\u5f85\u65f6\u95f4\u4e3a1\u79d2\u3002 \u8d85\u65f6\u65f6\u95f4\uff08timeoutSeconds\uff09 \u8d85\u65f6\u65f6\u95f4\uff0c\u5355\u4f4d\u4e3a\u79d2\u3002\u4f8b\u5982\uff0c\u8bbe\u7f6e\u4e3a10\uff0c\u8868\u660e\u6267\u884c\u5065\u5eb7\u68c0\u67e5\u7684\u8d85\u65f6\u7b49\u5f85\u65f6\u95f4\u4e3a10\u79d2\uff0c\u5982\u679c\u8d85\u8fc7\u8fd9\u4e2a\u65f6\u95f4\uff0c\u672c\u6b21\u5065\u5eb7\u68c0\u67e5\u5c31\u88ab\u89c6\u4e3a\u5931\u8d25\u3002\u82e5\u8bbe\u7f6e\u4e3a0\u6216\u4e0d\u8bbe\u7f6e\uff0c\u9ed8\u8ba4\u8d85\u65f6\u7b49\u5f85\u65f6\u95f4\u4e3a1\u79d2\u3002 \u6210\u529f\u9608\u503c\uff08successThreshold\uff09 \u63a2\u6d4b\u5931\u8d25\u540e\uff0c\u88ab\u89c6\u4e3a\u6210\u529f\u7684\u6700\u5c0f\u8fde\u7eed\u6210\u529f\u6570\u3002\u9ed8\u8ba4\u503c\u662f 1\uff0c\u6700\u5c0f\u503c\u662f 1\u3002\u5b58\u6d3b\u548c\u542f\u52a8\u63a2\u6d4b\u7684\u8fd9\u4e2a\u503c\u5fc5\u987b\u662f 1\u3002 \u6700\u5927\u5931\u8d25\u6b21\u6570\uff08failureThreshold\uff09 \u5f53\u63a2\u6d4b\u5931\u8d25\u65f6\u91cd\u8bd5\u7684\u6b21\u6570\u3002\u5b58\u6d3b\u63a2\u6d4b\u60c5\u51b5\u4e0b\u7684\u653e\u5f03\u5c31\u610f\u5473\u7740\u91cd\u65b0\u542f\u52a8\u5bb9\u5668\u3002\u5c31\u7eea\u63a2\u6d4b\u60c5\u51b5\u4e0b\u7684\u653e\u5f03 Pod \u4f1a\u88ab\u6253\u4e0a\u672a\u5c31\u7eea\u7684\u6807\u7b7e\u3002\u9ed8\u8ba4\u503c\u662f 3\u3002\u6700\u5c0f\u503c\u662f 1\u3002"},{"location":"end-user/kpanda/workloads/pod-config/health-check.html#http-get","title":"\u4f7f\u7528 HTTP GET \u8bf7\u6c42\u68c0\u67e5","text":"YAML \u793a\u4f8b\uff1a
apiVersion: v1\nkind: Pod\nmetadata:\n labels:\n test: liveness\n name: liveness-http\nspec:\n containers:\n - name: liveness\n image: k8s.gcr.io/liveness\n args:\n - /server\n livenessProbe:\n httpGet:\n path: /healthz # \u8bbf\u95ee\u7684\u8bf7\u6c42\u8def\u5f84\n port: 8080 # \u670d\u52a1\u76d1\u542c\u7aef\u53e3\n httpHeaders:\n - name: Custom-Header\n value: Awesome\n initialDelaySeconds: 3 # kubelet \u5728\u6267\u884c\u7b2c\u4e00\u6b21\u63a2\u6d4b\u524d\u5e94\u8be5\u7b49\u5f85 3 \u79d2\n periodSeconds: 3 # kubelet \u6bcf\u9694 3 \u79d2\u6267\u884c\u4e00\u6b21\u5b58\u6d3b\u63a2\u6d4b\n
\u6309\u7167\u8bbe\u5b9a\u7684\u89c4\u5219\uff0cubelet \u5411\u5bb9\u5668\u5185\u8fd0\u884c\u7684\u670d\u52a1\uff08\u670d\u52a1\u5728\u76d1\u542c 8080 \u7aef\u53e3\uff09\u53d1\u9001\u4e00\u4e2a HTTP GET \u8bf7\u6c42\u6765\u6267\u884c\u63a2\u6d4b\u3002\u5982\u679c\u670d\u52a1\u5668\u4e0a /healthz \u8def\u5f84\u4e0b\u7684\u5904\u7406\u7a0b\u5e8f\u8fd4\u56de\u6210\u529f\u4ee3\u7801\uff0c\u5219 kubelet \u8ba4\u4e3a\u5bb9\u5668\u662f\u5065\u5eb7\u5b58\u6d3b\u7684\u3002 \u5982\u679c\u5904\u7406\u7a0b\u5e8f\u8fd4\u56de\u5931\u8d25\u4ee3\u7801\uff0c\u5219 kubelet \u4f1a\u6740\u6b7b\u8fd9\u4e2a\u5bb9\u5668\u5e76\u5c06\u5176\u91cd\u542f\u3002\u8fd4\u56de\u5927\u4e8e\u6216\u7b49\u4e8e 200 \u5e76\u4e14\u5c0f\u4e8e 400 \u7684\u4efb\u4f55\u4ee3\u7801\u90fd\u6807\u793a\u6210\u529f\uff0c\u5176\u5b83\u8fd4\u56de\u4ee3\u7801\u90fd\u6807\u793a\u5931\u8d25\u3002 \u5bb9\u5668\u5b58\u6d3b\u671f\u95f4\u7684\u6700\u5f00\u59cb 10 \u79d2\u4e2d\uff0c /healthz \u5904\u7406\u7a0b\u5e8f\u8fd4\u56de 200 \u7684\u72b6\u6001\u7801\u3002 \u4e4b\u540e\u5904\u7406\u7a0b\u5e8f\u8fd4\u56de 500 \u7684\u72b6\u6001\u7801\u3002
"},{"location":"end-user/kpanda/workloads/pod-config/health-check.html#tcp","title":"\u4f7f\u7528 TCP \u7aef\u53e3\u68c0\u67e5","text":"TCP \u7aef\u53e3\u53c2\u6570\u8bf4\u660e\uff1a
\u53c2\u6570 \u53c2\u6570\u8bf4\u660e \u7aef\u53e3(Port) \u670d\u52a1\u76d1\u542c\u7aef\u53e3\u3002 \u5982\uff1a \u793a\u4f8b\u4e2d\u7684 8080 \u7aef\u53e3 \u5ef6\u8fdf\u65f6\u95f4\uff08initialDelaySeconds\uff09 \u5ef6\u8fdf\u68c0\u67e5\u65f6\u95f4\uff0c\u5355\u4f4d\u4e3a\u79d2\uff0c\u6b64\u8bbe\u7f6e\u4e0e\u4e1a\u52a1\u7a0b\u5e8f\u6b63\u5e38\u542f\u52a8\u65f6\u95f4\u76f8\u5173\u3002\u4f8b\u5982\uff0c\u8bbe\u7f6e\u4e3a30\uff0c\u8868\u660e\u5bb9\u5668\u542f\u52a8\u540e30\u79d2\u624d\u5f00\u59cb\u5065\u5eb7\u68c0\u67e5\uff0c\u8be5\u65f6\u95f4\u662f\u9884\u7559\u7ed9\u4e1a\u52a1\u7a0b\u5e8f\u542f\u52a8\u7684\u65f6\u95f4\u3002 \u8d85\u65f6\u65f6\u95f4\uff08timeoutSeconds\uff09 \u8d85\u65f6\u65f6\u95f4\uff0c\u5355\u4f4d\u4e3a\u79d2\u3002\u4f8b\u5982\uff0c\u8bbe\u7f6e\u4e3a10\uff0c\u8868\u660e\u6267\u884c\u5065\u5eb7\u68c0\u67e5\u7684\u8d85\u65f6\u7b49\u5f85\u65f6\u95f4\u4e3a10\u79d2\uff0c\u5982\u679c\u8d85\u8fc7\u8fd9\u4e2a\u65f6\u95f4\uff0c\u672c\u6b21\u5065\u5eb7\u68c0\u67e5\u5c31\u88ab\u89c6\u4e3a\u5931\u8d25\u3002\u82e5\u8bbe\u7f6e\u4e3a0\u6216\u4e0d\u8bbe\u7f6e\uff0c\u9ed8\u8ba4\u8d85\u65f6\u7b49\u5f85\u65f6\u95f4\u4e3a1\u79d2\u3002\u5bf9\u4e8e\u63d0\u4f9bTCP\u901a\u4fe1\u670d\u52a1\u7684\u5bb9\u5668\uff0c\u57fa\u4e8e\u6b64\u914d\u7f6e\uff0c\u6309\u7167\u8bbe\u5b9a\u89c4\u5219\u96c6\u7fa4\u5bf9\u8be5\u5bb9\u5668\u5efa\u7acbTCP\u8fde\u63a5\uff0c\u5982\u679c\u8fde\u63a5\u6210\u529f\uff0c\u5219\u8bc1\u660e\u63a2\u6d4b\u6210\u529f\uff0c\u5426\u5219\u63a2\u6d4b\u5931\u8d25\u3002\u9009\u62e9TCP\u7aef\u53e3\u63a2\u6d4b\u65b9\u5f0f\uff0c\u5fc5\u987b\u6307\u5b9a\u5bb9\u5668\u76d1\u542c\u7684\u7aef\u53e3\u3002
YAML \u793a\u4f8b\uff1a
apiVersion: v1\nkind: Pod\nmetadata:\n name: goproxy\n labels:\n app: goproxy\nspec:\n containers:\n - name: goproxy\n image: k8s.gcr.io/goproxy:0.1\n ports:\n - containerPort: 8080\n readinessProbe:\n tcpSocket:\n port: 8080\n initialDelaySeconds: 5\n periodSeconds: 10\n livenessProbe:\n tcpSocket:\n port: 8080\n initialDelaySeconds: 15\n periodSeconds: 20\n
\u6b64\u793a\u4f8b\u540c\u65f6\u4f7f\u7528\u5c31\u7eea\u548c\u5b58\u6d3b\u63a2\u9488\u3002kubelet \u5728\u5bb9\u5668\u542f\u52a8 5 \u79d2\u540e\u53d1\u9001\u7b2c\u4e00\u4e2a\u5c31\u7eea\u63a2\u6d4b\u3002 \u5c1d\u8bd5\u8fde\u63a5 goproxy \u5bb9\u5668\u7684 8080 \u7aef\u53e3\uff0c \u5982\u679c\u63a2\u6d4b\u6210\u529f\uff0c\u8fd9\u4e2a Pod \u4f1a\u88ab\u6807\u8bb0\u4e3a\u5c31\u7eea\u72b6\u6001\uff0ckubelet \u5c06\u7ee7\u7eed\u6bcf\u9694 10 \u79d2\u8fd0\u884c\u4e00\u6b21\u68c0\u6d4b\u3002
\u9664\u4e86\u5c31\u7eea\u63a2\u6d4b\uff0c\u8fd9\u4e2a\u914d\u7f6e\u5305\u62ec\u4e86\u4e00\u4e2a\u5b58\u6d3b\u63a2\u6d4b\u3002 kubelet \u4f1a\u5728\u5bb9\u5668\u542f\u52a8 15 \u79d2\u540e\u8fdb\u884c\u7b2c\u4e00\u6b21\u5b58\u6d3b\u63a2\u6d4b\u3002 \u5c31\u7eea\u63a2\u6d4b\u4f1a\u5c1d\u8bd5\u8fde\u63a5 goproxy \u5bb9\u5668\u7684 8080 \u7aef\u53e3\u3002 \u5982\u679c\u5b58\u6d3b\u63a2\u6d4b\u5931\u8d25\uff0c\u5bb9\u5668\u4f1a\u88ab\u91cd\u65b0\u542f\u52a8\u3002
"},{"location":"end-user/kpanda/workloads/pod-config/health-check.html#_3","title":"\u6267\u884c\u547d\u4ee4\u68c0\u67e5","text":"YAML \u793a\u4f8b:
apiVersion: v1\nkind: Pod\nmetadata:\n labels:\n test: liveness\n name: liveness-exec\nspec:\n containers:\n - name: liveness\n image: k8s.gcr.io/busybox\n args:\n - /bin/sh\n - -c\n - touch /tmp/healthy; sleep 30; rm -f /tmp/healthy; sleep 600\n livenessProbe:\n exec:\n command:\n - cat\n - /tmp/healthy\n initialDelaySeconds: 5 # kubelet \u5728\u6267\u884c\u7b2c\u4e00\u6b21\u63a2\u6d4b\u524d\u7b49\u5f85 5 \u79d2\n periodSeconds: 5 #kubelet \u6bcf 5 \u79d2\u6267\u884c\u4e00\u6b21\u5b58\u6d3b\u63a2\u6d4b\n
periodSeconds \u5b57\u6bb5\u6307\u5b9a\u4e86 kubelet \u6bcf 5 \u79d2\u6267\u884c\u4e00\u6b21\u5b58\u6d3b\u63a2\u6d4b\uff0c initialDelaySeconds \u5b57\u6bb5\u6307\u5b9a kubelet \u5728\u6267\u884c\u7b2c\u4e00\u6b21\u63a2\u6d4b\u524d\u7b49\u5f85 5 \u79d2\u3002\u6309\u7167\u8bbe\u5b9a\u89c4\u5219\uff0c\u96c6\u7fa4\u5468\u671f\u6027\u7684\u901a\u8fc7 kubelet \u5728\u5bb9\u5668\u5185\u6267\u884c\u547d\u4ee4 cat /tmp/healthy \u6765\u8fdb\u884c\u63a2\u6d4b\u3002 \u5982\u679c\u547d\u4ee4\u6267\u884c\u6210\u529f\u5e76\u4e14\u8fd4\u56de\u503c\u4e3a 0\uff0ckubelet \u5c31\u4f1a\u8ba4\u4e3a\u8fd9\u4e2a\u5bb9\u5668\u662f\u5065\u5eb7\u5b58\u6d3b\u7684\u3002 \u5982\u679c\u8fd9\u4e2a\u547d\u4ee4\u8fd4\u56de\u975e 0 \u503c\uff0ckubelet \u4f1a\u6740\u6b7b\u8fd9\u4e2a\u5bb9\u5668\u5e76\u91cd\u65b0\u542f\u52a8\u5b83\u3002
"},{"location":"end-user/kpanda/workloads/pod-config/health-check.html#_4","title":"\u4f7f\u7528\u542f\u52a8\u524d\u68c0\u67e5\u4fdd\u62a4\u6162\u542f\u52a8\u5bb9\u5668","text":"\u6709\u4e9b\u5e94\u7528\u5728\u542f\u52a8\u65f6\u9700\u8981\u8f83\u957f\u7684\u521d\u59cb\u5316\u65f6\u95f4\uff0c\u9700\u8981\u4f7f\u7528\u76f8\u540c\u7684\u547d\u4ee4\u6765\u8bbe\u7f6e\u542f\u52a8\u63a2\u6d4b\uff0c\u9488\u5bf9 HTTP \u6216 TCP \u68c0\u6d4b\uff0c\u53ef\u4ee5\u901a\u8fc7\u5c06 failureThreshold * periodSeconds \u53c2\u6570\u8bbe\u7f6e\u4e3a\u8db3\u591f\u957f\u7684\u65f6\u95f4\u6765\u5e94\u5bf9\u542f\u52a8\u9700\u8981\u8f83\u957f\u65f6\u95f4\u7684\u573a\u666f\u3002
YAML \u793a\u4f8b\uff1a
ports:\n- name: liveness-port\n containerPort: 8080\n hostPort: 8080\n\nlivenessProbe:\n httpGet:\n path: /healthz\n port: liveness-port\n failureThreshold: 1\n periodSeconds: 10\n\nstartupProbe:\n httpGet:\n path: /healthz\n port: liveness-port\n failureThreshold: 30\n periodSeconds: 10\n
\u5982\u4e0a\u8bbe\u7f6e\uff0c\u5e94\u7528\u5c06\u6709\u6700\u591a 5 \u5206\u949f\uff0830 * 10 = 300s\uff09\u7684\u65f6\u95f4\u6765\u5b8c\u6210\u542f\u52a8\u8fc7\u7a0b\uff0c \u4e00\u65e6\u542f\u52a8\u63a2\u6d4b\u6210\u529f\uff0c\u5b58\u6d3b\u63a2\u6d4b\u4efb\u52a1\u5c31\u4f1a\u63a5\u7ba1\u5bf9\u5bb9\u5668\u7684\u63a2\u6d4b\uff0c\u5bf9\u5bb9\u5668\u6b7b\u9501\u4f5c\u51fa\u5feb\u901f\u54cd\u5e94\u3002 \u5982\u679c\u542f\u52a8\u63a2\u6d4b\u4e00\u76f4\u6ca1\u6709\u6210\u529f\uff0c\u5bb9\u5668\u4f1a\u5728 300 \u79d2\u540e\u88ab\u6740\u6b7b\uff0c\u5e76\u4e14\u6839\u636e restartPolicy \u6765 \u6267\u884c\u8fdb\u4e00\u6b65\u5904\u7f6e\u3002
"},{"location":"end-user/kpanda/workloads/pod-config/job-parameters.html","title":"\u4efb\u52a1\u53c2\u6570\u8bf4\u660e","text":"\u6839\u636e .spec.completions \u548c .spec.Parallelism \u7684\u8bbe\u7f6e\uff0c\u53ef\u4ee5\u5c06\u4efb\u52a1\uff08Job\uff09\u5212\u5206\u4e3a\u4ee5\u4e0b\u51e0\u79cd\u7c7b\u578b:
Job \u7c7b\u578b \u8bf4\u660e \u975e\u5e76\u884c Job \u521b\u5efa\u4e00\u4e2a Pod \u76f4\u81f3\u5176 Job \u6210\u529f\u7ed3\u675f \u5177\u6709\u786e\u5b9a\u5b8c\u6210\u8ba1\u6570\u7684\u5e76\u884c Job \u5f53\u6210\u529f\u7684 Pod \u4e2a\u6570\u8fbe\u5230 .spec.completions \u65f6\uff0cJob \u88ab\u89c6\u4e3a\u5b8c\u6210 \u5e76\u884c Job \u521b\u5efa\u4e00\u4e2a\u6216\u591a\u4e2a Pod \u76f4\u81f3\u6709\u4e00\u4e2a\u6210\u529f\u7ed3\u675f\u53c2\u6570\u8bf4\u660e
RestartPolicy \u521b\u5efa\u4e00\u4e2a Pod \u76f4\u81f3\u5176\u6210\u529f\u7ed3\u675f .spec.completions \u8868\u793a Job \u7ed3\u675f\u9700\u8981\u6210\u529f\u8fd0\u884c\u7684 Pod \u4e2a\u6570\uff0c\u9ed8\u8ba4\u4e3a 1 .spec.parallelism \u8868\u793a\u5e76\u884c\u8fd0\u884c\u7684 Pod \u7684\u4e2a\u6570\uff0c\u9ed8\u8ba4\u4e3a 1 spec.backoffLimit \u8868\u793a\u5931\u8d25 Pod \u7684\u91cd\u8bd5\u6700\u5927\u6b21\u6570\uff0c\u8d85\u8fc7\u8fd9\u4e2a\u6b21\u6570\u4e0d\u4f1a\u7ee7\u7eed\u91cd\u8bd5\u3002 .spec.activeDeadlineSeconds \u8868\u793a Pod \u8fd0\u884c\u65f6\u95f4\uff0c\u4e00\u65e6\u8fbe\u5230\u8fd9\u4e2a\u65f6\u95f4\uff0cJob \u5373\u5176\u6240\u6709\u7684 Pod \u90fd\u4f1a\u505c\u6b62\u3002\u4e14activeDeadlineSeconds \u4f18\u5148\u7ea7\u9ad8\u4e8e backoffLimit\uff0c\u5373\u5230\u8fbe activeDeadlineSeconds \u7684 Job \u4f1a\u5ffd\u7565backoffLimit \u7684\u8bbe\u7f6e\u3002\u4ee5\u4e0b\u662f\u4e00\u4e2a Job \u914d\u7f6e\u793a\u4f8b\uff0c\u4fdd\u5b58\u5728 myjob.yaml \u4e2d\uff0c\u5176\u8ba1\u7b97 \u03c0 \u5230 2000 \u4f4d\u5e76\u6253\u5370\u8f93\u51fa\u3002
apiVersion: batch/v1\nkind: Job # \u5f53\u524d\u8d44\u6e90\u7684\u7c7b\u578b\nmetadata:\n name: myjob\nspec:\n completions: 50 # Job\u7ed3\u675f\u9700\u8981\u8fd0\u884c50\u4e2aPod\uff0c\u8fd9\u4e2a\u793a\u4f8b\u4e2d\u5c31\u662f\u6253\u5370\u03c0 50\u6b21\n parallelism: 5 # \u5e76\u884c5\u4e2aPod\n backoffLimit: 5 # \u6700\u591a\u91cd\u8bd55\u6b21\n template:\n spec:\n containers:\n - name: pi\n image: perl\n command: [\"perl\", \"-Mbignum=bpi\", \"-wle\", \"print bpi(2000)\"]\n restartPolicy: Never #\u91cd\u542f\u7b56\u7565\n
\u76f8\u5173\u547d\u4ee4
kubectl apply -f myjob.yaml #\u542f\u52a8 job\nkubectl get job #\u67e5\u770b\u8fd9\u4e2ajob\nkubectl logs myjob-1122dswzs \u67e5\u770bJob Pod \u7684\u65e5\u5fd7\n
"},{"location":"end-user/kpanda/workloads/pod-config/lifecycle.html","title":"\u914d\u7f6e\u5bb9\u5668\u751f\u547d\u5468\u671f","text":"Pod \u9075\u5faa\u4e00\u4e2a\u9884\u5b9a\u4e49\u7684\u751f\u547d\u5468\u671f\uff0c\u8d77\u59cb\u4e8e Pending \u9636\u6bb5\uff0c\u5982\u679c Pod \u5185\u81f3\u5c11\u6709\u4e00\u4e2a\u5bb9\u5668\u6b63\u5e38\u542f\u52a8\uff0c\u5219\u8fdb\u5165 Running \u72b6\u6001\u3002\u5982\u679c Pod \u4e2d\u6709\u5bb9\u5668\u4ee5\u5931\u8d25\u72b6\u6001\u7ed3\u675f\uff0c\u5219\u72b6\u6001\u53d8\u4e3a Failed \u3002\u4ee5\u4e0b phase \u5b57\u6bb5\u503c\u8868\u660e\u4e86\u4e00\u4e2a Pod \u5904\u4e8e\u751f\u547d\u5468\u671f\u7684\u54ea\u4e2a\u9636\u6bb5\u3002
\u503c \u63cf\u8ff0 Pending \uff08\u60ac\u51b3\uff09 Pod \u5df2\u88ab\u7cfb\u7edf\u63a5\u53d7\uff0c\u4f46\u6709\u4e00\u4e2a\u6216\u8005\u591a\u4e2a\u5bb9\u5668\u5c1a\u672a\u521b\u5efa\u4ea6\u672a\u8fd0\u884c\u3002\u8fd9\u4e2a\u9636\u6bb5\u5305\u62ec\u7b49\u5f85 Pod \u88ab\u8c03\u5ea6\u7684\u65f6\u95f4\u548c\u901a\u8fc7\u7f51\u7edc\u4e0b\u8f7d\u955c\u50cf\u7684\u65f6\u95f4\u3002 Running \uff08\u8fd0\u884c\u4e2d\uff09 Pod \u5df2\u7ecf\u7ed1\u5b9a\u5230\u4e86\u67d0\u4e2a\u8282\u70b9\uff0cPod \u4e2d\u7684\u6240\u6709\u5bb9\u5668\u90fd\u5df2\u88ab\u521b\u5efa\u3002\u81f3\u5c11\u6709\u4e00\u4e2a\u5bb9\u5668\u4ecd\u5728\u8fd0\u884c\uff0c\u6216\u8005\u6b63\u5904\u4e8e\u542f\u52a8\u6216\u91cd\u542f\u72b6\u6001\u3002 Succeeded \uff08\u6210\u529f\uff09 Pod \u4e2d\u7684\u6240\u6709\u5bb9\u5668\u90fd\u5df2\u6210\u529f\u7ec8\u6b62\uff0c\u5e76\u4e14\u4e0d\u4f1a\u518d\u91cd\u542f\u3002 Failed \uff08\u5931\u8d25\uff09 Pod \u4e2d\u7684\u6240\u6709\u5bb9\u5668\u90fd\u5df2\u7ec8\u6b62\uff0c\u5e76\u4e14\u81f3\u5c11\u6709\u4e00\u4e2a\u5bb9\u5668\u662f\u56e0\u4e3a\u5931\u8d25\u800c\u7ec8\u6b62\u3002\u4e5f\u5c31\u662f\u8bf4\uff0c\u5bb9\u5668\u4ee5\u975e 0 \u72b6\u6001\u9000\u51fa\u6216\u8005\u88ab\u7cfb\u7edf\u7ec8\u6b62\u3002 Unknown \uff08\u672a\u77e5\uff09 \u56e0\u4e3a\u67d0\u4e9b\u539f\u56e0\u65e0\u6cd5\u53d6\u5f97 Pod \u7684\u72b6\u6001\uff0c\u8fd9\u79cd\u60c5\u51b5\u901a\u5e38\u662f\u56e0\u4e3a\u4e0e Pod \u6240\u5728\u4e3b\u673a\u901a\u4fe1\u5931\u8d25\u6240\u81f4\u3002\u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u5bb9\u5668\u7ba1\u7406\u4e2d\u521b\u5efa\u4e00\u4e2a\u5de5\u4f5c\u8d1f\u8f7d\u65f6\uff0c\u901a\u5e38\u4f7f\u7528\u955c\u50cf\u6765\u6307\u5b9a\u5bb9\u5668\u4e2d\u7684\u8fd0\u884c\u73af\u5883\u3002\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u5728\u6784\u5efa\u955c\u50cf\u65f6\uff0c\u53ef\u4ee5\u901a\u8fc7 Entrypoint \u548c CMD \u4e24\u4e2a\u5b57\u6bb5\u6765\u5b9a\u4e49\u5bb9\u5668\u8fd0\u884c\u65f6\u6267\u884c\u7684\u547d\u4ee4\u548c\u53c2\u6570\u3002\u5982\u679c\u9700\u8981\u66f4\u6539\u5bb9\u5668\u955c\u50cf\u542f\u52a8\u524d\u3001\u542f\u52a8\u540e\u3001\u505c\u6b62\u524d\u7684\u547d\u4ee4\u548c\u53c2\u6570\uff0c\u53ef\u4ee5\u901a\u8fc7\u8bbe\u7f6e\u5bb9\u5668\u7684\u751f\u547d\u5468\u671f\u4e8b\u4ef6\u547d\u4ee4\u548c\u53c2\u6570\uff0c\u6765\u8986\u76d6\u955c\u50cf\u4e2d\u9ed8\u8ba4\u7684\u547d\u4ee4\u548c\u53c2\u6570\u3002
"},{"location":"end-user/kpanda/workloads/pod-config/lifecycle.html#_2","title":"\u751f\u547d\u5468\u671f\u914d\u7f6e","text":"\u6839\u636e\u4e1a\u52a1\u9700\u8981\u5bf9\u5bb9\u5668\u7684\u542f\u52a8\u547d\u4ee4\u3001\u542f\u52a8\u540e\u547d\u4ee4\u3001\u505c\u6b62\u524d\u547d\u4ee4\u8fdb\u884c\u914d\u7f6e\u3002
\u53c2\u6570 \u8bf4\u660e \u4e3e\u4f8b\u503c \u542f\u52a8\u547d\u4ee4 \u3010\u7c7b\u578b\u3011\u9009\u586b\u3010\u542b\u4e49\u3011\u5bb9\u5668\u5c06\u6309\u7167\u542f\u52a8\u547d\u4ee4\u8fdb\u884c\u542f\u52a8\u3002 \u542f\u52a8\u540e\u547d\u4ee4 \u3010\u7c7b\u578b\u3011\u9009\u586b\u3010\u542b\u4e49\u3011\u5bb9\u5668\u542f\u52a8\u540e\u51fa\u53d1\u7684\u547d\u4ee4 \u505c\u6b62\u524d\u547d\u4ee4 \u3010\u7c7b\u578b\u3011\u9009\u586b\u3010\u542b\u4e49\u3011\u5bb9\u5668\u5728\u6536\u5230\u505c\u6b62\u547d\u4ee4\u540e\u6267\u884c\u7684\u547d\u4ee4\u3002\u786e\u4fdd\u5347\u7ea7\u6216\u5b9e\u4f8b\u5220\u9664\u65f6\u53ef\u63d0\u524d\u5c06\u5b9e\u4f8b\u4e2d\u8fd0\u884c\u7684\u4e1a\u52a1\u6392\u6c34\u3002"},{"location":"end-user/kpanda/workloads/pod-config/lifecycle.html#_3","title":"\u542f\u52a8\u547d\u4ee4","text":"\u6839\u636e\u4e0b\u8868\u5bf9\u542f\u52a8\u547d\u4ee4\u8fdb\u884c\u914d\u7f6e\u3002
\u53c2\u6570 \u8bf4\u660e \u4e3e\u4f8b\u503c \u8fd0\u884c\u547d\u4ee4 \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u8f93\u5165\u53ef\u6267\u884c\u7684\u547d\u4ee4\uff0c\u591a\u4e2a\u547d\u4ee4\u4e4b\u95f4\u7528\u7a7a\u683c\u8fdb\u884c\u5206\u5272\uff0c\u5982\u547d\u4ee4\u672c\u8eab\u5e26\u7a7a\u683c\uff0c\u5219\u9700\u8981\u52a0\uff08\u201c\u201d\uff09\u3002\u3010\u542b\u4e49\u3011\u591a\u547d\u4ee4\u65f6\uff0c\u8fd0\u884c\u547d\u4ee4\u5efa\u8bae\u7528/bin/sh\u6216\u5176\u4ed6\u7684shell\uff0c\u5176\u4ed6\u5168\u90e8\u547d\u4ee4\u4f5c\u4e3a\u53c2\u6570\u6765\u4f20\u5165\u3002 /run/server \u8fd0\u884c\u53c2\u6570 \u3010\u7c7b\u578b\u3011\u9009\u586b\u3010\u542b\u4e49\u3011\u8f93\u5165\u63a7\u5236\u5bb9\u5668\u8fd0\u884c\u547d\u4ee4\u53c2\u6570\u3002 port=8080"},{"location":"end-user/kpanda/workloads/pod-config/lifecycle.html#_4","title":"\u542f\u52a8\u540e\u547d\u4ee4","text":"\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u63d0\u4f9b\u547d\u4ee4\u884c\u811a\u672c\u548c HTTP \u8bf7\u6c42\u4e24\u79cd\u5904\u7406\u7c7b\u578b\u5bf9\u542f\u52a8\u540e\u547d\u4ee4\u8fdb\u884c\u914d\u7f6e\u3002\u60a8\u53ef\u4ee5\u6839\u636e\u4e0b\u8868\u9009\u62e9\u9002\u5408\u60a8\u7684\u914d\u7f6e\u65b9\u5f0f\u3002
\u547d\u4ee4\u884c\u811a\u672c\u914d\u7f6e
\u53c2\u6570 \u8bf4\u660e \u4e3e\u4f8b\u503c \u8fd0\u884c\u547d\u4ee4 \u3010\u7c7b\u578b\u3011\u9009\u586b\u3010\u542b\u4e49\u3011\u8f93\u5165\u53ef\u6267\u884c\u7684\u547d\u4ee4\uff0c\u591a\u4e2a\u547d\u4ee4\u4e4b\u95f4\u7528\u7a7a\u683c\u8fdb\u884c\u5206\u5272\uff0c\u5982\u547d\u4ee4\u672c\u8eab\u5e26\u7a7a\u683c\uff0c\u5219\u9700\u8981\u52a0\uff08\u201c\u201d\uff09\u3002\u3010\u542b\u4e49\u3011\u591a\u547d\u4ee4\u65f6\uff0c\u8fd0\u884c\u547d\u4ee4\u5efa\u8bae\u7528/bin/sh\u6216\u5176\u4ed6\u7684shell\uff0c\u5176\u4ed6\u5168\u90e8\u547d\u4ee4\u4f5c\u4e3a\u53c2\u6570\u6765\u4f20\u5165\u3002 /run/server \u8fd0\u884c\u53c2\u6570 \u3010\u7c7b\u578b\u3011\u9009\u586b\u3010\u542b\u4e49\u3011\u8f93\u5165\u63a7\u5236\u5bb9\u5668\u8fd0\u884c\u547d\u4ee4\u53c2\u6570\u3002 port=8080"},{"location":"end-user/kpanda/workloads/pod-config/lifecycle.html#_5","title":"\u505c\u6b62\u524d\u547d\u4ee4","text":"\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u63d0\u4f9b\u547d\u4ee4\u884c\u811a\u672c\u548c HTTP \u8bf7\u6c42\u4e24\u79cd\u5904\u7406\u7c7b\u578b\u5bf9\u505c\u6b62\u524d\u547d\u4ee4\u8fdb\u884c\u914d\u7f6e\u3002\u60a8\u53ef\u4ee5\u6839\u636e\u4e0b\u8868\u9009\u62e9\u9002\u5408\u60a8\u7684\u914d\u7f6e\u65b9\u5f0f\u3002
HTTP \u8bf7\u6c42\u914d\u7f6e
\u53c2\u6570 \u8bf4\u660e \u4e3e\u4f8b\u503c URL \u8def\u5f84 \u3010\u7c7b\u578b\u3011\u9009\u586b\u3010\u542b\u4e49\u3011\u8bf7\u6c42\u7684URL\u8def\u5f84\u3002\u3010\u542b\u4e49\u3011\u591a\u547d\u4ee4\u65f6\uff0c\u8fd0\u884c\u547d\u4ee4\u5efa\u8bae\u7528/bin/sh\u6216\u5176\u4ed6\u7684shell\uff0c\u5176\u4ed6\u5168\u90e8\u547d\u4ee4\u4f5c\u4e3a\u53c2\u6570\u6765\u4f20\u5165\u3002 /run/server \u7aef\u53e3 \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u8bf7\u6c42\u7684\u7aef\u53e3\u3002 port=8080 \u8282\u70b9\u5730\u5740 \u3010\u7c7b\u578b\u3011\u9009\u586b\u3010\u542b\u4e49\u3011\u8bf7\u6c42\u7684 IP \u5730\u5740\uff0c\u9ed8\u8ba4\u662f\u5bb9\u5668\u6240\u5728\u7684\u8282\u70b9 IP\u3002"},{"location":"end-user/kpanda/workloads/pod-config/scheduling-policy.html","title":"\u8c03\u5ea6\u7b56\u7565","text":"\u5728 Kubernetes \u96c6\u7fa4\u4e2d\uff0c\u8282\u70b9\u4e5f\u6709\u6807\u7b7e\u3002\u60a8\u53ef\u4ee5\u624b\u52a8\u6dfb\u52a0\u6807\u7b7e\u3002 Kubernetes \u4e5f\u4f1a\u4e3a\u96c6\u7fa4\u4e2d\u6240\u6709\u8282\u70b9\u6dfb\u52a0\u4e00\u4e9b\u6807\u51c6\u7684\u6807\u7b7e\u3002\u53c2\u89c1\u5e38\u7528\u7684\u6807\u7b7e\u3001\u6ce8\u89e3\u548c\u6c61\u70b9\u4ee5\u4e86\u89e3\u5e38\u89c1\u7684\u8282\u70b9\u6807\u7b7e\u3002\u901a\u8fc7\u4e3a\u8282\u70b9\u6dfb\u52a0\u6807\u7b7e\uff0c\u60a8\u53ef\u4ee5\u8ba9 Pod \u8c03\u5ea6\u5230\u7279\u5b9a\u8282\u70b9\u6216\u8282\u70b9\u7ec4\u4e0a\u3002\u60a8\u53ef\u4ee5\u4f7f\u7528\u8fd9\u4e2a\u529f\u80fd\u6765\u786e\u4fdd\u7279\u5b9a\u7684 Pod \u53ea\u80fd\u8fd0\u884c\u5728\u5177\u6709\u4e00\u5b9a\u9694\u79bb\u6027\uff0c\u5b89\u5168\u6027\u6216\u76d1\u7ba1\u5c5e\u6027\u7684\u8282\u70b9\u4e0a\u3002
nodeSelector \u662f\u8282\u70b9\u9009\u62e9\u7ea6\u675f\u7684\u6700\u7b80\u5355\u63a8\u8350\u5f62\u5f0f\u3002\u60a8\u53ef\u4ee5\u5c06 nodeSelector \u5b57\u6bb5\u6dfb\u52a0\u5230 Pod \u7684\u89c4\u7ea6\u4e2d\u8bbe\u7f6e\u60a8\u5e0c\u671b\u76ee\u6807\u8282\u70b9\u6240\u5177\u6709\u7684\u8282\u70b9\u6807\u7b7e\u3002Kubernetes \u53ea\u4f1a\u5c06 Pod \u8c03\u5ea6\u5230\u62e5\u6709\u6307\u5b9a\u6bcf\u4e2a\u6807\u7b7e\u7684\u8282\u70b9\u4e0a\u3002 nodeSelector \u63d0\u4f9b\u4e86\u4e00\u79cd\u6700\u7b80\u5355\u7684\u65b9\u6cd5\u6765\u5c06 Pod \u7ea6\u675f\u5230\u5177\u6709\u7279\u5b9a\u6807\u7b7e\u7684\u8282\u70b9\u4e0a\u3002\u4eb2\u548c\u6027\u548c\u53cd\u4eb2\u548c\u6027\u6269\u5c55\u4e86\u60a8\u53ef\u4ee5\u5b9a\u4e49\u7684\u7ea6\u675f\u7c7b\u578b\u3002\u4f7f\u7528\u4eb2\u548c\u6027\u4e0e\u53cd\u4eb2\u548c\u6027\u7684\u4e00\u4e9b\u597d\u5904\u6709\uff1a
\u4eb2\u548c\u6027\u3001\u53cd\u4eb2\u548c\u6027\u8bed\u8a00\u7684\u8868\u8fbe\u80fd\u529b\u66f4\u5f3a\u3002 nodeSelector \u53ea\u80fd\u9009\u62e9\u62e5\u6709\u6240\u6709\u6307\u5b9a\u6807\u7b7e\u7684\u8282\u70b9\u3002\u4eb2\u548c\u6027\u3001\u53cd\u4eb2\u548c\u6027\u4e3a\u60a8\u63d0\u4f9b\u5bf9\u9009\u62e9\u903b\u8f91\u7684\u66f4\u5f3a\u63a7\u5236\u80fd\u529b\u3002
\u60a8\u53ef\u4ee5\u6807\u660e\u67d0\u89c4\u5219\u662f\u201c\u8f6f\u9700\u6c42\u201d\u6216\u8005\u201c\u504f\u597d\u201d\uff0c\u8fd9\u6837\u8c03\u5ea6\u5668\u5728\u65e0\u6cd5\u627e\u5230\u5339\u914d\u8282\u70b9\u65f6\uff0c\u4f1a\u5ffd\u7565\u4eb2\u548c\u6027/\u53cd\u4eb2\u548c\u6027\u89c4\u5219\uff0c\u786e\u4fdd Pod \u8c03\u5ea6\u6210\u529f\u3002
\u60a8\u53ef\u4ee5\u4f7f\u7528\u8282\u70b9\u4e0a\uff08\u6216\u5176\u4ed6\u62d3\u6251\u57df\u4e2d\uff09\u8fd0\u884c\u7684\u5176\u4ed6 Pod \u7684\u6807\u7b7e\u6765\u5b9e\u65bd\u8c03\u5ea6\u7ea6\u675f\uff0c\u800c\u4e0d\u662f\u53ea\u80fd\u4f7f\u7528\u8282\u70b9\u672c\u8eab\u7684\u6807\u7b7e\u3002\u8fd9\u4e2a\u80fd\u529b\u8ba9\u60a8\u80fd\u591f\u5b9a\u4e49\u89c4\u5219\u5141\u8bb8\u54ea\u4e9b Pod \u53ef\u4ee5\u88ab\u653e\u7f6e\u5728\u4e00\u8d77\u3002
\u60a8\u53ef\u4ee5\u901a\u8fc7\u8bbe\u7f6e\u4eb2\u548c\uff08affinity\uff09\u4e0e\u53cd\u4eb2\u548c\uff08anti-affinity\uff09\u6765\u9009\u62e9 Pod \u8981\u90e8\u7f72\u7684\u8282\u70b9\u3002
"},{"location":"end-user/kpanda/workloads/pod-config/scheduling-policy.html#_2","title":"\u5bb9\u5fcd\u65f6\u95f4","text":"\u5f53\u5de5\u4f5c\u8d1f\u8f7d\u5b9e\u4f8b\u6240\u5728\u7684\u8282\u70b9\u4e0d\u53ef\u7528\u65f6\uff0c\u7cfb\u7edf\u5c06\u5b9e\u4f8b\u91cd\u65b0\u8c03\u5ea6\u5230\u5176\u5b83\u53ef\u7528\u8282\u70b9\u7684\u65f6\u95f4\u7a97\u3002\u9ed8\u8ba4\u4e3a 300 \u79d2\u3002
"},{"location":"end-user/kpanda/workloads/pod-config/scheduling-policy.html#nodeaffinity","title":"\u8282\u70b9\u4eb2\u548c\u6027\uff08nodeAffinity\uff09","text":"\u8282\u70b9\u4eb2\u548c\u6027\u6982\u5ff5\u4e0a\u7c7b\u4f3c\u4e8e nodeSelector \uff0c \u5b83\u4f7f\u60a8\u53ef\u4ee5\u6839\u636e\u8282\u70b9\u4e0a\u7684\u6807\u7b7e\u6765\u7ea6\u675f Pod \u53ef\u4ee5\u8c03\u5ea6\u5230\u54ea\u4e9b\u8282\u70b9\u4e0a\u3002 \u8282\u70b9\u4eb2\u548c\u6027\u6709\u4e24\u79cd\uff1a
\u5fc5\u987b\u6ee1\u8db3\uff1a\uff08 requiredDuringSchedulingIgnoredDuringExecution \uff09 \u8c03\u5ea6\u5668\u53ea\u6709\u5728\u89c4\u5219\u88ab\u6ee1\u8db3\u7684\u65f6\u5019\u624d\u80fd\u6267\u884c\u8c03\u5ea6\u3002\u6b64\u529f\u80fd\u7c7b\u4f3c\u4e8e nodeSelector \uff0c \u4f46\u5176\u8bed\u6cd5\u8868\u8fbe\u80fd\u529b\u66f4\u5f3a\u3002\u60a8\u53ef\u4ee5\u5b9a\u4e49\u591a\u6761\u786c\u7ea6\u675f\u89c4\u5219\uff0c\u4f46\u53ea\u9700\u6ee1\u8db3\u5176\u4e2d\u4e00\u6761\u3002
\u5c3d\u91cf\u6ee1\u8db3\uff1a\uff08 preferredDuringSchedulingIgnoredDuringExecution \uff09 \u8c03\u5ea6\u5668\u4f1a\u5c1d\u8bd5\u5bfb\u627e\u6ee1\u8db3\u5bf9\u5e94\u89c4\u5219\u7684\u8282\u70b9\u3002\u5982\u679c\u627e\u4e0d\u5230\u5339\u914d\u7684\u8282\u70b9\uff0c\u8c03\u5ea6\u5668\u4ecd\u7136\u4f1a\u8c03\u5ea6\u8be5 Pod\u3002\u60a8\u8fd8\u53ef\u4e3a\u8f6f\u7ea6\u675f\u89c4\u5219\u8bbe\u5b9a\u6743\u91cd\uff0c\u5177\u4f53\u8c03\u5ea6\u65f6\uff0c\u82e5\u5b58\u5728\u591a\u4e2a\u7b26\u5408\u6761\u4ef6\u7684\u8282\u70b9\uff0c\u6743\u91cd\u6700\u5927\u7684\u8282\u70b9\u4f1a\u88ab\u4f18\u5148\u8c03\u5ea6\u3002\u540c\u65f6\u60a8\u8fd8\u53ef\u4ee5\u5b9a\u4e49\u591a\u6761\u786c\u7ea6\u675f\u89c4\u5219\uff0c\u4f46\u53ea\u9700\u6ee1\u8db3\u5176\u4e2d\u4e00\u6761\u3002
\u5bf9\u5e94\u8282\u70b9\u7684\u6807\u7b7e\uff0c\u53ef\u4ee5\u4f7f\u7528\u9ed8\u8ba4\u7684\u6807\u7b7e\u4e5f\u53ef\u4ee5\u7528\u6237\u81ea\u5b9a\u4e49\u6807\u7b7e\u3002
"},{"location":"end-user/kpanda/workloads/pod-config/scheduling-policy.html#_4","title":"\u64cd\u4f5c\u7b26","text":"\u4ec5\u652f\u6301\u5728\u201c\u5c3d\u91cf\u6ee1\u8db3\u201d\u7b56\u7565\u4e2d\u6dfb\u52a0\uff0c\u53ef\u4ee5\u7406\u89e3\u4e3a\u8c03\u5ea6\u7684\u4f18\u5148\u7ea7\uff0c\u6743\u91cd\u5927\u7684\u4f1a\u88ab\u4f18\u5148\u8c03\u5ea6\u3002\u53d6\u503c\u8303\u56f4\u662f 1 \u5230 100\u3002
"},{"location":"end-user/kpanda/workloads/pod-config/scheduling-policy.html#_6","title":"\u5de5\u4f5c\u8d1f\u8f7d\u4eb2\u548c\u6027","text":"\u4e0e\u8282\u70b9\u4eb2\u548c\u6027\u7c7b\u4f3c\uff0c\u5de5\u4f5c\u8d1f\u8f7d\u7684\u4eb2\u548c\u6027\u4e5f\u6709\u4e24\u79cd\u7c7b\u578b\uff1a
\u5de5\u4f5c\u8d1f\u8f7d\u7684\u4eb2\u548c\u6027\u4e3b\u8981\u7528\u6765\u51b3\u5b9a\u5de5\u4f5c\u8d1f\u8f7d\u7684 Pod \u53ef\u4ee5\u548c\u54ea\u4e9b Pod\u90e8 \u7f72\u5728\u540c\u4e00\u62d3\u6251\u57df\u3002\u4f8b\u5982\uff0c\u5bf9\u4e8e\u76f8\u4e92\u901a\u4fe1\u7684\u670d\u52a1\uff0c\u53ef\u901a\u8fc7\u5e94\u7528\u4eb2\u548c\u6027\u8c03\u5ea6\uff0c\u5c06\u5176\u90e8\u7f72\u5230\u540c\u4e00\u62d3\u6251\u57df\uff08\u5982\u540c\u4e00\u53ef\u7528\u533a\uff09\u4e2d\uff0c\u51cf\u5c11\u5b83\u4eec\u4e4b\u95f4\u7684\u7f51\u7edc\u5ef6\u8fdf\u3002
"},{"location":"end-user/kpanda/workloads/pod-config/scheduling-policy.html#_7","title":"\u6807\u7b7e\u540d","text":"\u5bf9\u5e94\u8282\u70b9\u7684\u6807\u7b7e\uff0c\u53ef\u4ee5\u4f7f\u7528\u9ed8\u8ba4\u7684\u6807\u7b7e\u4e5f\u53ef\u4ee5\u7528\u6237\u81ea\u5b9a\u4e49\u6807\u7b7e\u3002
"},{"location":"end-user/kpanda/workloads/pod-config/scheduling-policy.html#_8","title":"\u547d\u540d\u7a7a\u95f4","text":"\u6307\u5b9a\u8c03\u5ea6\u7b56\u7565\u751f\u6548\u7684\u547d\u540d\u7a7a\u95f4\u3002
"},{"location":"end-user/kpanda/workloads/pod-config/scheduling-policy.html#_9","title":"\u64cd\u4f5c\u7b26","text":"\u6307\u5b9a\u8c03\u5ea6\u65f6\u7684\u5f71\u54cd\u8303\u56f4\u3002\u4f8b\u5982\uff0c\u5982\u679c\u6307\u5b9a\u4e3a kubernetes.io/Clustername \u8868\u793a\u4ee5 Node \u8282\u70b9\u4e3a\u533a\u5206\u8303\u56f4\u3002
"},{"location":"end-user/kpanda/workloads/pod-config/scheduling-policy.html#_11","title":"\u5de5\u4f5c\u8d1f\u8f7d\u53cd\u4eb2\u548c\u6027","text":"\u4e0e\u8282\u70b9\u4eb2\u548c\u6027\u7c7b\u4f3c\uff0c\u5de5\u4f5c\u8d1f\u8f7d\u7684\u53cd\u4eb2\u548c\u6027\u4e5f\u6709\u4e24\u79cd\u7c7b\u578b\uff1a
\u5de5\u4f5c\u8d1f\u8f7d\u7684\u53cd\u4eb2\u548c\u6027\u4e3b\u8981\u7528\u6765\u51b3\u5b9a\u5de5\u4f5c\u8d1f\u8f7d\u7684 Pod \u4e0d\u53ef\u4ee5\u548c\u54ea\u4e9b Pod \u90e8\u7f72\u5728\u540c\u4e00\u62d3\u6251\u57df\u3002\u4f8b\u5982\uff0c\u5c06\u4e00\u4e2a\u8d1f\u8f7d\u7684\u76f8\u540c Pod \u5206\u6563\u90e8\u7f72\u5230\u4e0d\u540c\u7684\u62d3\u6251\u57df\uff08\u4f8b\u5982\u4e0d\u540c\u4e3b\u673a\uff09\u4e2d\uff0c\u63d0\u9ad8\u8d1f\u8f7d\u672c\u8eab\u7684\u7a33\u5b9a\u6027\u3002
"},{"location":"end-user/kpanda/workloads/pod-config/scheduling-policy.html#_12","title":"\u6807\u7b7e\u540d","text":"\u5bf9\u5e94\u8282\u70b9\u7684\u6807\u7b7e\uff0c\u53ef\u4ee5\u4f7f\u7528\u9ed8\u8ba4\u7684\u6807\u7b7e\u4e5f\u53ef\u4ee5\u7528\u6237\u81ea\u5b9a\u4e49\u6807\u7b7e\u3002
"},{"location":"end-user/kpanda/workloads/pod-config/scheduling-policy.html#_13","title":"\u547d\u540d\u7a7a\u95f4","text":"\u6307\u5b9a\u8c03\u5ea6\u7b56\u7565\u751f\u6548\u7684\u547d\u540d\u7a7a\u95f4\u3002
"},{"location":"end-user/kpanda/workloads/pod-config/scheduling-policy.html#_14","title":"\u64cd\u4f5c\u7b26","text":"\u6307\u5b9a\u8c03\u5ea6\u65f6\u7684\u5f71\u54cd\u8303\u56f4\u3002\u4f8b\u5982\uff0c\u5982\u679c\u6307\u5b9a\u4e3a kubernetes.io/Clustername \u8868\u793a\u4ee5 Node \u8282\u70b9\u4e3a\u533a\u5206\u8303\u56f4\u3002
"},{"location":"end-user/kpanda/workloads/pod-config/workload-status.html","title":"\u5de5\u4f5c\u8d1f\u8f7d\u72b6\u6001","text":"\u5de5\u4f5c\u8d1f\u8f7d\u662f\u8fd0\u884c\u5728 Kubernetes \u4e0a\u7684\u4e00\u4e2a\u5e94\u7528\u7a0b\u5e8f\uff0c\u5728 Kubernetes \u4e2d\uff0c\u65e0\u8bba\u60a8\u7684\u5e94\u7528\u7a0b\u5e8f\u662f\u7531\u5355\u4e2a\u540c\u4e00\u7ec4\u4ef6\u6216\u662f\u7531\u591a\u4e2a\u4e0d\u540c\u7684\u7ec4\u4ef6\u6784\u6210\uff0c\u90fd\u53ef\u4ee5\u4f7f\u7528\u4e00\u7ec4 Pod \u6765\u8fd0\u884c\u5b83\u3002Kubernetes \u63d0\u4f9b\u4e86\u4e94\u79cd\u5185\u7f6e\u7684\u5de5\u4f5c\u8d1f\u8f7d\u8d44\u6e90\u6765\u7ba1\u7406 Pod\uff1a
\u60a8\u4e5f\u53ef\u4ee5\u901a\u8fc7\u8bbe\u7f6e\u81ea\u5b9a\u4e49\u8d44\u6e90 CRD \u6765\u5b9e\u73b0\u5bf9\u5de5\u4f5c\u8d1f\u8f7d\u8d44\u6e90\u7684\u6269\u5c55\u3002\u5728\u7b2c\u4e94\u4ee3\u5bb9\u5668\u7ba1\u7406\u4e2d\uff0c\u652f\u6301\u5bf9\u5de5\u4f5c\u8d1f\u8f7d\u8fdb\u884c\u521b\u5efa\u3001\u66f4\u65b0\u3001\u6269\u5bb9\u3001\u76d1\u63a7\u3001\u65e5\u5fd7\u3001\u5220\u9664\u3001\u7248\u672c\u7ba1\u7406\u7b49\u5168\u751f\u547d\u5468\u671f\u7ba1\u7406\u3002
"},{"location":"end-user/kpanda/workloads/pod-config/workload-status.html#pod","title":"Pod \u72b6\u6001","text":"Pod \u662f Kuberneters \u4e2d\u521b\u5efa\u548c\u7ba1\u7406\u7684\u3001\u6700\u5c0f\u7684\u8ba1\u7b97\u5355\u5143\uff0c\u5373\u4e00\u7ec4\u5bb9\u5668\u7684\u96c6\u5408\u3002\u8fd9\u4e9b\u5bb9\u5668\u5171\u4eab\u5b58\u50a8\u3001\u7f51\u7edc\u4ee5\u53ca\u7ba1\u7406\u63a7\u5236\u5bb9\u5668\u8fd0\u884c\u65b9\u5f0f\u7684\u7b56\u7565\u3002 Pod \u901a\u5e38\u4e0d\u7531\u7528\u6237\u76f4\u63a5\u521b\u5efa\uff0c\u800c\u662f\u901a\u8fc7\u5de5\u4f5c\u8d1f\u8f7d\u8d44\u6e90\u6765\u521b\u5efa\u3002 Pod \u9075\u5faa\u4e00\u4e2a\u9884\u5b9a\u4e49\u7684\u751f\u547d\u5468\u671f\uff0c\u8d77\u59cb\u4e8e Pending \u9636\u6bb5\uff0c\u5982\u679c\u81f3\u5c11\u5176\u4e2d\u6709\u4e00\u4e2a\u4e3b\u8981\u5bb9\u5668\u6b63\u5e38\u542f\u52a8\uff0c\u5219\u8fdb\u5165 Running \uff0c\u4e4b\u540e\u53d6\u51b3\u4e8e Pod \u4e2d\u662f\u5426\u6709\u5bb9\u5668\u4ee5\u5931\u8d25\u72b6\u6001\u7ed3\u675f\u800c\u8fdb\u5165 Succeeded \u6216\u8005 Failed \u9636\u6bb5\u3002
"},{"location":"end-user/kpanda/workloads/pod-config/workload-status.html#_2","title":"\u5de5\u4f5c\u8d1f\u8f7d\u72b6\u6001","text":"\u7b2c\u4e94\u4ee3\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u4f9d\u636e Pod \u7684\u72b6\u6001\u3001\u526f\u672c\u6570\u7b49\u56e0\u7d20\uff0c\u8bbe\u8ba1\u4e86\u4e00\u79cd\u5185\u7f6e\u7684\u5de5\u4f5c\u8d1f\u8f7d\u751f\u547d\u5468\u671f\u7684\u72b6\u6001\u96c6\uff0c\u4ee5\u8ba9\u7528\u6237\u80fd\u591f\u66f4\u52a0\u771f\u5b9e\u7684\u611f\u77e5\u5de5\u4f5c\u8d1f\u8f7d\u8fd0\u884c\u60c5\u51b5\u3002 \u7531\u4e8e\u4e0d\u540c\u7684\u5de5\u4f5c\u8d1f\u8f7d\u7c7b\u578b\uff08\u6bd4\u5982\u65e0\u72b6\u6001\u5de5\u4f5c\u8d1f\u8f7d\u548c\u4efb\u52a1\uff09\u5bf9 Pod \u7684\u7ba1\u7406\u673a\u5236\u4e0d\u4e00\u81f4\uff0c\u56e0\u6b64\uff0c\u4e0d\u540c\u7684\u5de5\u4f5c\u8d1f\u8f7d\u5728\u8fd0\u884c\u8fc7\u7a0b\u4e2d\u4f1a\u5448\u73b0\u4e0d\u540c\u7684\u751f\u547d\u5468\u671f\u72b6\u6001\uff0c\u5177\u4f53\u5982\u4e0b\u8868\uff1a
"},{"location":"end-user/kpanda/workloads/pod-config/workload-status.html#_3","title":"\u65e0\u72b6\u6001\u8d1f\u8f7d\u3001\u6709\u72b6\u6001\u8d1f\u8f7d\u3001\u5b88\u62a4\u8fdb\u7a0b\u72b6\u6001","text":"\u72b6\u6001 \u63cf\u8ff0 \u7b49\u5f85\u4e2d 1. \u5de5\u4f5c\u8d1f\u8f7d\u521b\u5efa\u6b63\u5728\u8fdb\u884c\u4e2d\uff0c\u5de5\u4f5c\u8d1f\u8f7d\u5904\u4e8e\u6b64\u72b6\u6001\u30022. \u89e6\u53d1\u5347\u7ea7\u6216\u8005\u56de\u6eda\u52a8\u4f5c\u540e\uff0c\u5de5\u4f5c\u8d1f\u8f7d\u5904\u4e8e\u6b64\u72b6\u6001\u30023. \u89e6\u53d1\u6682\u505c/\u6269\u7f29\u5bb9\u7b49\u64cd\u4f5c\uff0c\u5de5\u4f5c\u8d1f\u8f7d\u5904\u5728\u6b64\u72b6\u6001\u3002 \u8fd0\u884c\u4e2d \u8d1f\u8f7d\u4e0b\u7684\u6240\u6709\u5b9e\u4f8b\u90fd\u5728\u8fd0\u884c\u4e2d\u4e14\u526f\u672c\u6570\u4e0e\u7528\u6237\u9884\u5b9a\u4e49\u7684\u6570\u91cf\u4e00\u81f4\u65f6\u5904\u4e8e\u6b64\u72b6\u6001\u3002 \u5220\u9664\u4e2d \u6267\u884c\u5220\u9664\u64cd\u4f5c\u65f6\uff0c\u8d1f\u8f7d\u5904\u4e8e\u6b64\u72b6\u6001\uff0c\u76f4\u5230\u5220\u9664\u5b8c\u6210\u3002 \u5f02\u5e38 \u56e0\u4e3a\u67d0\u4e9b\u539f\u56e0\u65e0\u6cd5\u53d6\u5f97\u5de5\u4f5c\u8d1f\u8f7d\u7684\u72b6\u6001\u3002\u8fd9\u79cd\u60c5\u51b5\u901a\u5e38\u662f\u56e0\u4e3a\u4e0e Pod \u6240\u5728\u4e3b\u673a\u901a\u4fe1\u5931\u8d25\u3002 \u672a\u5c31\u7eea \u5bb9\u5668\u5904\u4e8e\u5f02\u5e38\uff0cpending \u72b6\u6001\u65f6\uff0c\u56e0\u672a\u77e5\u9519\u8bef\u5bfc\u81f4\u8d1f\u8f7d\u65e0\u6cd5\u542f\u52a8\u65f6\u663e\u793a\u6b64\u72b6\u6001"},{"location":"end-user/kpanda/workloads/pod-config/workload-status.html#_4","title":"\u4efb\u52a1\u72b6\u6001","text":"\u72b6\u6001 \u63cf\u8ff0 \u7b49\u5f85\u4e2d \u4efb\u52a1\u521b\u5efa\u6b63\u5728\u8fdb\u884c\u4e2d\uff0c\u5de5\u4f5c\u8d1f\u8f7d\u5904\u4e8e\u6b64\u72b6\u6001\u3002 \u6267\u884c\u4e2d \u4efb\u52a1\u6b63\u5728\u6267\u884c\u4e2d\uff0c\u5de5\u4f5c\u8d1f\u8f7d\u5904\u4e8e\u6b64\u72b6\u6001\u3002 \u6267\u884c\u5b8c\u6210 \u4efb\u52a1\u6267\u884c\u5b8c\u6210\uff0c\u5de5\u4f5c\u8d1f\u8f7d\u5904\u4e8e\u6b64\u72b6\u6001\u3002 \u5220\u9664\u4e2d \u89e6\u53d1\u5220\u9664\u64cd\u4f5c\uff0c\u5de5\u4f5c\u8d1f\u8f7d\u5904\u5728\u6b64\u72b6\u6001\u3002 \u5f02\u5e38 \u56e0\u4e3a\u67d0\u4e9b\u539f\u56e0\u65e0\u6cd5\u53d6\u5f97 Pod \u7684\u72b6\u6001\u3002\u8fd9\u79cd\u60c5\u51b5\u901a\u5e38\u662f\u56e0\u4e3a\u4e0e Pod \u6240\u5728\u4e3b\u673a\u901a\u4fe1\u5931\u8d25\u3002"},{"location":"end-user/kpanda/workloads/pod-config/workload-status.html#_5","title":"\u5b9a\u65f6\u4efb\u52a1\u72b6\u6001","text":"\u72b6\u6001 \u63cf\u8ff0 \u7b49\u5f85\u4e2d \u5b9a\u65f6\u4efb\u52a1\u521b\u5efa\u6b63\u5728\u8fdb\u884c\u4e2d\uff0c\u5b9a\u65f6\u4efb\u52a1\u5904\u4e8e\u6b64\u72b6\u6001\u3002 \u5df2\u542f\u52a8 \u521b\u5efa\u5b9a\u65f6\u4efb\u52a1\u6210\u529f\u540e\uff0c\u6b63\u5e38\u8fd0\u884c\u6216\u5c06\u5df2\u6682\u505c\u7684\u4efb\u52a1\u542f\u52a8\u65f6\u5b9a\u65f6\u4efb\u52a1\u5904\u4e8e\u6b64\u72b6\u6001\u3002 \u5df2\u505c\u6b62 \u6267\u884c\u505c\u6b62\u4efb\u52a1\u64cd\u4f5c\u65f6\uff0c\u5b9a\u65f6\u4efb\u52a1\u5904\u4e8e\u6b64\u72b6\u6001\u3002 \u5220\u9664\u4e2d \u89e6\u53d1\u5220\u9664\u64cd\u4f5c\uff0c\u5b9a\u65f6\u4efb\u52a1\u5904\u5728\u6b64\u72b6\u6001\u3002\u5f53\u5de5\u4f5c\u8d1f\u8f7d\u5904\u4e8e\u5f02\u5e38\u6216\u672a\u5c31\u7eea\u72b6\u6001\u65f6\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7\u5c06\u9f20\u6807\u79fb\u52a8\u5230\u8d1f\u8f7d\u7684\u72b6\u6001\u503c\u4e0a\uff0c\u7cfb\u7edf\u5c06\u901a\u8fc7\u63d0\u793a\u6846\u5c55\u793a\u66f4\u52a0\u8be6\u7ec6\u7684\u9519\u8bef\u4fe1\u606f\u3002\u60a8\u4e5f\u53ef\u4ee5\u901a\u8fc7\u67e5\u770b\u65e5\u5fd7\u6216\u4e8b\u4ef6\u6765\u83b7\u53d6\u5de5\u4f5c\u8d1f\u8f7d\u7684\u76f8\u5173\u8fd0\u884c\u4fe1\u606f\u3002
"},{"location":"end-user/register/index.html","title":"\u7528\u6237\u6ce8\u518c","text":"\u65b0\u7528\u6237\u9996\u6b21\u4f7f\u7528 AI \u7b97\u529b\u5e73\u53f0\u9700\u8981\u8fdb\u884c\u6ce8\u518c\u3002
"},{"location":"end-user/register/index.html#_2","title":"\u524d\u7f6e\u6761\u4ef6","text":"\u6253\u5f00 AI \u7b97\u529b\u5e73\u53f0\u9996\u9875 https://ai.isuanova.com/\uff0c\u70b9\u51fb \u6ce8\u518c
\u952e\u5165\u7528\u6237\u540d\u3001\u5bc6\u7801\u3001\u90ae\u7bb1\u540e\u70b9\u51fb \u6ce8\u518c
\u7cfb\u7edf\u63d0\u793a\u53d1\u9001\u4e86\u4e00\u5c01\u90ae\u4ef6\u5230\u60a8\u7684\u90ae\u7bb1\u3002
\u767b\u5f55\u81ea\u5df1\u7684\u90ae\u7bb1\uff0c\u627e\u5230\u90ae\u4ef6\uff0c\u70b9\u51fb\u94fe\u63a5\u3002
\u606d\u559c\uff0c\u60a8\u6210\u529f\u8fdb\u5165\u4e86 AI \u7b97\u529b\u5e73\u53f0\uff0c\u73b0\u5728\u53ef\u4ee5\u5f00\u59cb\u60a8\u7684 AI \u4e4b\u65c5\u4e86\u3002
Notebook \u901a\u5e38\u6307\u7684\u662f Jupyter Notebook \u6216\u7c7b\u4f3c\u7684\u4ea4\u4e92\u5f0f\u8ba1\u7b97\u73af\u5883\u3002 \u8fd9\u662f\u4e00\u79cd\u975e\u5e38\u6d41\u884c\u7684\u5de5\u5177\uff0c\u5e7f\u6cdb\u7528\u4e8e\u6570\u636e\u79d1\u5b66\u3001\u673a\u5668\u5b66\u4e60\u548c\u6df1\u5ea6\u5b66\u4e60\u7b49\u9886\u57df\u3002 \u672c\u9875\u8bf4\u660e\u5982\u4f55\u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4e2d\u4f7f\u7528 Notebook\u3002
"},{"location":"end-user/share/notebook.html#_1","title":"\u524d\u7f6e\u6761\u4ef6","text":"\u5bfc\u822a\u81f3 AI Lab -> \u8fd0\u7ef4\u7ba1\u7406 -> \u961f\u5217\u7ba1\u7406 \uff0c\u70b9\u51fb\u53f3\u4fa7\u7684 \u521b\u5efa \u6309\u94ae
\u952e\u5165\u540d\u79f0\uff0c\u9009\u62e9\u96c6\u7fa4\u3001\u5de5\u4f5c\u7a7a\u95f4\u548c\u914d\u989d\u540e\uff0c\u70b9\u51fb \u786e\u5b9a
\u4ee5 \u7528\u6237\u8eab\u4efd \u767b\u5f55 AI \u7b97\u529b\u5e73\u53f0\uff0c\u5bfc\u822a\u81f3 AI Lab -> Notebook \uff0c\u70b9\u51fb\u53f3\u4fa7\u7684 \u521b\u5efa \u6309\u94ae
\u914d\u7f6e\u5404\u9879\u53c2\u6570\u540e\u70b9\u51fb \u786e\u5b9a
\u57fa\u672c\u4fe1\u606f\u8d44\u6e90\u914d\u7f6e\u9ad8\u7ea7\u914d\u7f6e\u952e\u5165\u540d\u79f0\uff0c\u9009\u62e9\u96c6\u7fa4\u3001\u547d\u540d\u7a7a\u95f4\uff0c\u9009\u62e9\u521a\u521b\u5efa\u7684\u961f\u5217\uff0c\u70b9\u51fb \u4e00\u952e\u521d\u59cb\u5316
\u9009\u62e9 Notebook \u7c7b\u578b\uff0c\u914d\u7f6e\u5185\u5b58\u3001CPU\uff0c\u5f00\u542f GPU\uff0c\u521b\u5efa\u548c\u914d\u7f6e PVC\uff1a
\u5f00\u542f SSH \u5916\u7f51\u8bbf\u95ee\uff1a
\u81ea\u52a8\u8df3\u8f6c\u5230 Notebook \u5b9e\u4f8b\u5217\u8868\uff0c\u70b9\u51fb\u5b9e\u4f8b\u540d\u79f0
\u8fdb\u5165 Notebook \u5b9e\u4f8b\u8be6\u60c5\u9875\uff0c\u70b9\u51fb\u53f3\u4e0a\u89d2\u7684 \u6253\u5f00 \u6309\u94ae
\u8fdb\u5165\u4e86 Notebook \u5f00\u53d1\u73af\u5883\uff0c\u6bd4\u5982\u5728 /home/jovyan
\u76ee\u5f55\u6302\u8f7d\u4e86\u6301\u4e45\u5377\uff0c\u53ef\u4ee5\u901a\u8fc7 git \u514b\u9686\u4ee3\u7801\uff0c\u901a\u8fc7 SSH \u8fde\u63a5\u540e\u4e0a\u4f20\u6570\u636e\u7b49\u3002
\u5728\u81ea\u5df1\u7684\u7535\u8111\u4e0a\u751f\u6210 SSH \u5bc6\u94a5\u5bf9
\u5728\u81ea\u5df1\u7535\u8111\u4e0a\u6253\u5f00\u547d\u4ee4\u884c\uff0c\u6bd4\u5982\u5728 Windows \u4e0a\u6253\u5f00 git bash\uff0c\u8f93\u5165 ssh-keygen.exe -t rsa
\uff0c\u7136\u540e\u4e00\u8def\u56de\u8f66\u3002
\u901a\u8fc7 cat ~/.ssh/id_rsa.pub
\u7b49\u547d\u4ee4\u67e5\u770b\u5e76\u590d\u5236\u516c\u94a5
\u4ee5\u7528\u6237\u8eab\u4efd\u767b\u5f55 AI \u7b97\u529b\u5e73\u53f0\uff0c\u5728\u53f3\u4e0a\u89d2\u70b9\u51fb \u4e2a\u4eba\u4e2d\u5fc3 -> SSH \u516c\u94a5 -> \u5bfc\u5165 SSH \u516c\u94a5
\u8fdb\u5165 Notebook \u5b9e\u4f8b\u7684\u8be6\u60c5\u9875\uff0c\u590d\u5236 SSH \u7684\u94fe\u63a5
\u5728\u5ba2\u6237\u7aef\u4f7f\u7528 SSH \u8bbf\u95ee Notebook \u5b9e\u4f8b
\u4e0b\u4e00\u6b65\uff1a\u521b\u5efa\u8bad\u7ec3\u4efb\u52a1
"},{"location":"end-user/share/workload.html","title":"\u521b\u5efa AI \u8d1f\u8f7d\u4f7f\u7528 GPU \u8d44\u6e90","text":"\u7ba1\u7406\u5458\u4e3a\u5de5\u4f5c\u7a7a\u95f4\u5206\u914d\u8d44\u6e90\u914d\u989d\u540e\uff0c\u7528\u6237\u5c31\u53ef\u4ee5\u521b\u5efa AI \u5de5\u4f5c\u8d1f\u8f7d\u6765\u4f7f\u7528 GPU \u7b97\u529b\u8d44\u6e90\u3002
"},{"location":"end-user/share/workload.html#_1","title":"\u524d\u7f6e\u6761\u4ef6","text":"\u5bfc\u822a\u81f3 \u5bb9\u5668\u7ba1\u7406 \uff0c\u9009\u62e9\u4e00\u4e2a\u547d\u540d\u7a7a\u95f4\uff0c\u70b9\u51fb \u5de5\u4f5c\u8d1f\u8f7d -> \u65e0\u72b6\u6001\u8d1f\u8f7d \uff0c \u70b9\u51fb\u53f3\u4fa7\u7684 \u955c\u50cf\u521b\u5efa \u6309\u94ae
\u914d\u7f6e\u5404\u9879\u53c2\u6570\u540e\u70b9\u51fb \u786e\u5b9a
\u57fa\u672c\u4fe1\u606f\u5bb9\u5668\u914d\u7f6e\u5176\u4ed6\u9009\u62e9\u81ea\u5df1\u7684\u547d\u540d\u7a7a\u95f4\u3002
\u8bbe\u7f6e\u955c\u50cf\uff0c\u914d\u7f6e CPU\u3001\u5185\u5b58\u3001GPU \u7b49\u8d44\u6e90\uff0c\u8bbe\u7f6e\u542f\u52a8\u547d\u4ee4\u3002
\u670d\u52a1\u914d\u7f6e\u548c\u9ad8\u7ea7\u914d\u7f6e\u53ef\u4ee5\u4f7f\u7528\u9ed8\u8ba4\u914d\u7f6e\u3002
\u81ea\u52a8\u8fd4\u56de\u65e0\u72b6\u6001\u8d1f\u8f7d\u5217\u8868\uff0c\u70b9\u51fb\u8d1f\u8f7d\u540d\u79f0
\u8fdb\u5165\u8be6\u60c5\u9875\uff0c\u53ef\u4ee5\u770b\u5230 GPU \u914d\u989d
\u4f60\u8fd8\u53ef\u4ee5\u8fdb\u5165\u63a7\u5236\u53f0\uff0c\u8fd0\u884c mx-smi
\u547d\u4ee4\u67e5\u770b GPU \u8d44\u6e90
\u4e0b\u4e00\u6b65\uff1a\u4f7f\u7528 Notebook
"},{"location":"openapi/index.html","title":"OpenAPI \u6587\u6863","text":"\u8fd9\u662f\u9762\u5411\u5f00\u53d1\u8005\u7684\u4e00\u4e9b OpenAPI \u6587\u6863\u3002
\u8bbf\u95ee\u5bc6\u94a5\uff08Access Key\uff09\u53ef\u7528\u4e8e\u8bbf\u95ee OpenAPI \u548c\u6301\u7eed\u53d1\u5e03\uff0c\u7528\u6237\u53ef\u5728\u4e2a\u4eba\u4e2d\u5fc3\u53c2\u7167\u4ee5\u4e0b\u6b65\u9aa4\u83b7\u53d6\u5bc6\u94a5\u5e76\u8bbf\u95ee API\u3002
\u767b\u5f55 AI \u7b97\u529b\u5e73\u53f0\uff0c\u5728\u53f3\u4e0a\u89d2\u7684\u4e0b\u62c9\u83dc\u5355\u4e2d\u627e\u5230 \u4e2a\u4eba\u4e2d\u5fc3 \uff0c\u53ef\u4ee5\u5728 \u8bbf\u95ee\u5bc6\u94a5 \u9875\u9762\u7ba1\u7406\u8d26\u53f7\u7684\u8bbf\u95ee\u5bc6\u94a5\u3002
Info
\u8bbf\u95ee\u5bc6\u94a5\u4fe1\u606f\u4ec5\u663e\u793a\u4e00\u6b21\u3002\u5982\u679c\u60a8\u5fd8\u8bb0\u4e86\u8bbf\u95ee\u5bc6\u94a5\u4fe1\u606f\uff0c\u60a8\u9700\u8981\u91cd\u65b0\u521b\u5efa\u65b0\u7684\u8bbf\u95ee\u5bc6\u94a5\u3002
"},{"location":"openapi/index.html#api","title":"\u4f7f\u7528\u5bc6\u94a5\u8bbf\u95ee API","text":"\u5728\u8bbf\u95ee\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0openAPI \u65f6\uff0c\u5728\u8bf7\u6c42\u4e2d\u52a0\u4e0a\u8bf7\u6c42\u5934 Authorization:Bearer ${token}
\u4ee5\u6807\u8bc6\u8bbf\u95ee\u8005\u7684\u8eab\u4efd\uff0c \u5176\u4e2d ${token}
\u662f\u4e0a\u4e00\u6b65\u4e2d\u83b7\u53d6\u5230\u7684\u5bc6\u94a5\u3002
\u8bf7\u6c42\u793a\u4f8b
curl -X GET -H 'Authorization:Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IkRKVjlBTHRBLXZ4MmtQUC1TQnVGS0dCSWc1cnBfdkxiQVVqM2U3RVByWnMiLCJ0eXAiOiJKV1QifQ.eyJleHAiOjE2NjE0MTU5NjksImlhdCI6MTY2MDgxMTE2OSwiaXNzIjoiZ2hpcHBvLmlvIiwic3ViIjoiZjdjOGIxZjUtMTc2MS00NjYwLTg2MWQtOWI3MmI0MzJmNGViIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiYWRtaW4iLCJncm91cHMiOltdfQ.RsUcrAYkQQ7C6BxMOrdD3qbBRUt0VVxynIGeq4wyIgye6R8Ma4cjxG5CbU1WyiHKpvIKJDJbeFQHro2euQyVde3ygA672ozkwLTnx3Tu-_mB1BubvWCBsDdUjIhCQfT39rk6EQozMjb-1X1sbLwzkfzKMls-oxkjagI_RFrYlTVPwT3Oaw-qOyulRSw7Dxd7jb0vINPq84vmlQIsI3UuTZSNO5BCgHpubcWwBss-Aon_DmYA-Et_-QtmPBA3k8E2hzDSzc7eqK0I68P25r9rwQ3DeKwD1dbRyndqWORRnz8TLEXSiCFXdZT2oiMrcJtO188Ph4eLGut1-4PzKhwgrQ' https://demo-dev.daocloud.io/apis/ghippo.io/v1alpha1/users?page=1&pageSize=10 -k\n
\u8bf7\u6c42\u7ed3\u679c
{\n \"items\": [\n {\n \"id\": \"a7cfd010-ebbe-4601-987f-d098d9ef766e\",\n \"name\": \"a\",\n \"email\": \"\",\n \"description\": \"\",\n \"firstname\": \"\",\n \"lastname\": \"\",\n \"source\": \"locale\",\n \"enabled\": true,\n \"createdAt\": \"1660632794800\",\n \"updatedAt\": \"0\",\n \"lastLoginAt\": \"\"\n }\n ],\n \"pagination\": {\n \"page\": 1,\n \"pageSize\": 10,\n \"total\": 1\n }\n}\n
"},{"location":"openapi/baize/index.html","title":"AI Lab OpenAPI \u6587\u6863","text":""},{"location":"openapi/ghippo/index.html","title":"\u5168\u5c40\u7ba1\u7406 OpenAPI \u6587\u6863","text":""},{"location":"openapi/insight/index.html","title":"\u53ef\u89c2\u6d4b\u6027 OpenAPI \u6587\u6863","text":""},{"location":"openapi/kpanda/index.html","title":"\u5bb9\u5668\u7ba1\u7406 OpenAPI \u6587\u6863","text":""},{"location":"openapi/virtnest/index.html","title":"\u4e91\u4e3b\u673a OpenAPI \u6587\u6863","text":""},{"location":"stylesheets/tags.html","title":"Tags","text":"Following is a list of relevant tags:
[TAGS]
"},{"location":"en/index.html","title":"Suanova Website for AI Platform","text":"This is the website for the Suanova AI Platform.
This is the operation and maintenance documentation for the Suanova AI Platform aimed at administrators.
Cloud Host
A cloud host is a virtual machine deployed in the cloud.
Container Management
Manage K8s clusters, nodes, applications, resources, and permissions.
AI Lab
Manage AI resources and queues.
Insight
Understand Insight resources, configuration, and troubleshooting.
Global Management
Control access permissions for users, user groups, workspaces, resources, etc.
AI Lab provides a job scheduler to help you better manage jobs. In addition to the basic scheduler, it also supports custom schedulers.
"},{"location":"en/admin/baize/best-practice/add-scheduler.html#introduction-to-job-scheduler","title":"Introduction to Job Scheduler","text":"In Kubernetes, the job scheduler is responsible for deciding which node to assign a Pod to. It considers various factors such as resource requirements, hardware/software constraints, affinity/anti-affinity rules, and data locality.
The default scheduler is a core component in a Kubernetes cluster that decides which node a Pod should run on. Let's delve into its working principles, features, and configuration methods.
"},{"location":"en/admin/baize/best-practice/add-scheduler.html#scheduler-workflow","title":"Scheduler Workflow","text":"The workflow of the default scheduler can be divided into two main phases: filtering and scoring.
"},{"location":"en/admin/baize/best-practice/add-scheduler.html#filtering-phase","title":"Filtering Phase","text":"The scheduler traverses all nodes and excludes those that do not meet the Pod's requirements, considering factors such as:
These parameters can be set through advanced configurations when creating a job.
"},{"location":"en/admin/baize/best-practice/add-scheduler.html#scoring-phase","title":"Scoring Phase","text":"The scheduler scores the nodes that passed the filtering phase and selects the highest-scoring node to run the Pod. Factors considered include:
In addition to basic job scheduling capabilities, we also support the use of Scheduler Plugins: Kubernetes SIG Scheduling
, which maintains a set of scheduler plugins including Coscheduling (Gang Scheduling)
and other features.
To deploy a secondary scheduler plugin in a worker cluster, refer to Deploying Secondary Scheduler Plugin.
"},{"location":"en/admin/baize/best-practice/add-scheduler.html#enable-scheduler-plugins-in-ai-lab","title":"Enable Scheduler Plugins in AI Lab","text":"Danger
Improper operations when adding scheduler plugins may affect the stability of the entire cluster. It is recommended to test in a test environment or contact our technical support team.
Note that if you wish to use more scheduler plugins in training jobs, you need to manually install them successfully in the worker cluster first. Then, when deploying the baize-agent
in the cluster, add the proper scheduler plugin configuration.
Through the container management UI provided by Helm Apps , you can easily deploy scheduler plugins in the cluster.
Then, click Install in the top right corner. (If the baize-agent
has already been deployed, you can update it in the Helm App list.) Add the scheduler.
Note the parameter hierarchy of the scheduler. After adding, click OK .
Note: Do not omit this configuration when updating the baize-agent
in the future.
Once you have successfully deployed the proper scheduler plugin in the cluster and correctly added the proper scheduler configuration in the baize-agent
, you can specify the scheduler when creating a job.
If everything is set up correctly, you will see the scheduler plugin you deployed in the scheduler dropdown menu.
This concludes the instructions for configuring and using the scheduler options in AI Lab.
"},{"location":"en/admin/baize/best-practice/change-notebook-image.html","title":"Update Built-in Notebook Images","text":"In the Notebook, multiple available base images are provided by default for developers to choose from. In most cases, this will meet the developers' needs.
This AI platform provides a default Notebook image that contains all necessary development tools and resources.
baize/baize-notebook\n
This Notebook includes basic development tools. Taking baize-notebook:v0.5.0
(May 30, 2024) as an example, the relevant dependencies and versions are as follows:
Note
With each version iteration, AI platform will proactively maintain and update.
However, sometimes users may need custom images. This page explains how to update images and add them to the Notebook creation interface for selection.
"},{"location":"en/admin/baize/best-practice/change-notebook-image.html#build-custom-images-for-reference-only","title":"Build Custom Images (For Reference Only)","text":"Note
Building a new image requires using baize-notebook
as the base image to ensure the Notebook runs properly.
When building a custom image, it is recommended to first understand the Dockerfile of the baize-notebook image to better understand how to build a custom image.
"},{"location":"en/admin/baize/best-practice/change-notebook-image.html#dockerfile-for-baize-notebook","title":"Dockerfile for baize-notebook","text":"ARG BASE_IMG=docker.m.daocloud.io/kubeflownotebookswg/jupyter:v1.8.0\n\nFROM $BASE_IMG\n\nUSER root\n\n# install - useful linux packages\nRUN export DEBIAN_FRONTEND=noninteractive \\\n && apt-get -yq update \\\n && apt-get -yq install --no-install-recommends \\\n openssh-server git git-lfs bash-completion \\\n && apt-get clean \\\n && rm -rf /var/lib/apt/lists/*\n\n# remove default s6 jupyterlab run script\nRUN rm -rf /etc/services.d/jupyterlab\n\n# install - useful jupyter plugins\nRUN mamba install -n base -y jupyterlab-language-pack-zh-cn \\\n && mamba clean --all -y\n\nARG CODESERVER_VERSION=4.89.1\nARG TARGETARCH\n\nRUN curl -fsSL \"https://github.com/coder/code-server/releases/download/v$CODESERVER_VERSION/code-server_${CODESERVER_VERSION}_$TARGETARCH.deb\" -o /tmp/code-server.deb \\\n && dpkg -i /tmp/code-server.deb \\\n && rm -f /tmp/code-server.deb\n\nARG CODESERVER_PYTHON_VERSION=2024.4.1\nARG CODESERVER_JUPYTER_VERSION=2024.3.1\nARG CODESERVER_LANGUAGE_PACK_ZH_CN=1.89.0\nARG CODESERVER_YAML=1.14.0\nARG CODESERVER_DOTENV=1.0.1\nARG CODESERVER_EDITORCONFIG=0.16.6\nARG CODESERVER_TOML=0.19.1\nARG CODESERVER_GITLENS=15.0.4\n\n# configure for code-server extensions\n# # https://github.com/kubeflow/kubeflow/blob/709254159986d2cc99e675d0fad5a128ddeb0917/components/example-notebook-servers/codeserver-python/Dockerfile\n# # and\n# # https://github.com/kubeflow/kubeflow/blob/709254159986d2cc99e675d0fad5a128ddeb0917/components/example-notebook-servers/codeserver/Dockerfile\nRUN code-server --list-extensions --show-versions \\\n && code-server --list-extensions --show-versions \\\n && code-server \\\n --install-extension MS-CEINTL.vscode-language-pack-zh-hans@$CODESERVER_LANGUAGE_PACK_ZH_CN \\\n --install-extension ms-python.python@$CODESERVER_PYTHON_VERSION \\\n --install-extension ms-toolsai.jupyter@$CODESERVER_JUPYTER_VERSION \\\n --install-extension redhat.vscode-yaml@$CODESERVER_YAML \\\n --install-extension mikestead.dotenv@$CODESERVER_DOTENV \\\n --install-extension EditorConfig.EditorConfig@$CODESERVER_EDITORCONFIG \\\n --install-extension tamasfe.even-better-toml@$CODESERVER_TOML \\\n --install-extension eamodio.gitlens@$CODESERVER_GITLENS \\\n --install-extension catppuccin.catppuccin-vsc-pack \\\n --force \\\n && code-server --list-extensions --show-versions\n\n# configure for code-server\nRUN mkdir -p /home/${NB_USER}/.local/share/code-server/User \\\n && chown -R ${NB_USER}:users /home/${NB_USER} \\\n && cat <<EOF > /home/${NB_USER}/.local/share/code-server/User/settings.json\n{\n \"gitlens.showWelcomeOnInstall\": false,\n \"workbench.colorTheme\": \"Catppuccin Mocha\",\n}\nEOF\n\nRUN mkdir -p /tmp_home/${NB_USER}/.local/share \\\n && mv /home/${NB_USER}/.local/share/code-server /tmp_home/${NB_USER}/.local/share\n\n# set ssh configuration\nRUN mkdir -p /run/sshd \\\n && chown -R ${NB_USER}:users /etc/ssh \\\n && chown -R ${NB_USER}:users /run/sshd \\\n && sed -i \"/#\\?Port/s/^.*$/Port 2222/g\" /etc/ssh/sshd_config \\\n && sed -i \"/#\\?PasswordAuthentication/s/^.*$/PasswordAuthentication no/g\" /etc/ssh/sshd_config \\\n && sed -i \"/#\\?PubkeyAuthentication/s/^.*$/PubkeyAuthentication yes/g\" /etc/ssh/sshd_config \\\n && rclone_version=v1.65.0 && \\\n arch=$(uname -m | sed -E 's/x86_64/amd64/g;s/aarch64/arm64/g') && \\\n filename=rclone-${rclone_version}-linux-${arch} && \\\n curl -fsSL https://github.com/rclone/rclone/releases/download/${rclone_version}/${filename}.zip -o ${filename}.zip && \\\n unzip ${filename}.zip && mv ${filename}/rclone /usr/local/bin && rm -rf ${filename} ${filename}.zip\n\n# Init mamba\nRUN mamba init --system\n\n# init baize-base environment for essential python packages\nRUN mamba create -n baize-base -y python \\\n && /opt/conda/envs/baize-base/bin/pip install tensorboard \\\n && mamba clean --all -y \\\n && ln -s /opt/conda/envs/baize-base/bin/tensorboard /usr/local/bin/tensorboard\n\n# prepare baize-runtime-env directory\nRUN mkdir -p /opt/baize-runtime-env \\\n && chown -R ${NB_USER}:users /opt/baize-runtime-env\n\nARG APP\nARG PROD_NAME\nARG TARGETOS\n\nCOPY out/$TARGETOS/$TARGETARCH/data-loader /usr/local/bin/\nCOPY out/$TARGETOS/$TARGETARCH/baizectl /usr/local/bin/\n\nRUN chmod +x /usr/local/bin/baizectl /usr/local/bin/data-loader && \\\n echo \"source /etc/bash_completion\" >> /opt/conda/etc/profile.d/conda.sh && \\\n echo \"source <(baizectl completion bash)\" >> /opt/conda/etc/profile.d/conda.sh && \\\n echo \"source <(kubectl completion bash)\" >> /opt/conda/etc/profile.d/conda.sh && \\\n echo '[ -f /run/baize-env ] && export $(cat /run/baize-env | xargs)' >> /opt/conda/etc/profile.d/conda.sh && \\\n echo 'alias conda=\"mamba\"' >> /opt/conda/etc/profile.d/conda.sh\n\nUSER ${NB_UID}\n
"},{"location":"en/admin/baize/best-practice/change-notebook-image.html#build-your-image","title":"Build Your Image","text":"ARG BASE_IMG=release.daocloud.io/baize/baize-notebook:v0.5.0\n\nFROM $BASE_IMG\nUSER root\n\n# Do Customization\nRUN mamba install -n baize-base -y pytorch torchvision torchaudio cpuonly -c pytorch \\\n && mamba install -n baize-base -y tensorflow \\\n && mamba clean --all -y\n\nUSER ${NB_UID}\n
"},{"location":"en/admin/baize/best-practice/change-notebook-image.html#add-to-the-notebook-image-list-helm","title":"Add to the Notebook Image List (Helm)","text":"Warning
Note that this must be done by the platform administrator. Be cautious with changes.
Currently, the image selector needs to be modified by updating the Helm
parameters of baize
. The specific steps are as follows:
In the Helm Apps
list of the kpanda-global-cluster global management cluster, find baize, enter the update page, and modify the Notebook image in the YAML
parameters:
Note the parameter modification path global.config.notebook_images
:
...\nglobal:\n ...\n config:\n notebook_images:\n ...\n names: release.daocloud.io/baize/baize-notebook:v0.5.0\n # Add your image information here\n
After the update is completed and the Helm App restarts successfully, you can see the new image in the Notebook creation interface image selection.
"},{"location":"en/admin/baize/best-practice/checkpoint.html","title":"Checkpoint Mechanism and Usage","text":"In practical deep learning scenarios, model training typically lasts for a period, which places higher demands on the stability and efficiency of distributed training tasks. Moreover, during actual training, unexpected interruptions can cause the loss of the model state, requiring the training process to start over. This not only wastes time and resources, which is particularly evident in LLM training, but also affects the training effectiveness of the model.
The ability to save the model state during training, so that it can be restored in case of an interruption, becomes crucial. Checkpointing is the mainstream solution to this problem. This article will introduce the basic concepts of the Checkpoint mechanism and its usage in PyTorch and TensorFlow.
"},{"location":"en/admin/baize/best-practice/checkpoint.html#what-is-a-checkpoint","title":"What is a Checkpoint?","text":"A checkpoint is a mechanism for saving the state of a model during training. By periodically saving checkpoints, you can restore the model in the following situations:
In PyTorch, torch.save
and torch.load
are the basic functions used for saving and loading models.
In PyTorch, the state_dict
is typically used to save the model's parameters. Here is a simple example:
import torch\nimport torch.nn as nn\n\n# Assume you have a simple neural network\nclass SimpleModel(nn.Module):\n def __init__(self):\n super(SimpleModel, self).__init__()\n self.fc = nn.Linear(10, 2)\n\n def forward(self, x):\n return self.fc(x)\n\n# Initialize model and optimizer\nmodel = SimpleModel()\noptimizer = torch.optim.Adam(model.parameters(), lr=0.001)\n\n# Train the model...\n# Save checkpoint\ncheckpoint_path = 'model_checkpoint.pth'\ntorch.save({\n 'epoch': 10,\n 'model_state_dict': model.state_dict(),\n 'optimizer_state_dict': optimizer.state_dict(),\n 'loss': 0.02,\n}, checkpoint_path)\n
"},{"location":"en/admin/baize/best-practice/checkpoint.html#restore-checkpoints-in-pytorch","title":"Restore Checkpoints in PyTorch","text":"When loading the model, you need to restore the model parameters and optimizer state, and then continue training or inference:
# Restore checkpoint\ncheckpoint = torch.load('model_checkpoint.pth')\nmodel.load_state_dict(checkpoint['model_state_dict'])\noptimizer.load_state_dict(checkpoint['optimizer_state_dict'])\nepoch = checkpoint['epoch']\nloss = checkpoint['loss']\n\n# Continue training or inference...\n
model_state_dict
: Model parametersoptimizer_state_dict
: Optimizer stateepoch
: Current training epochloss
: Loss valuelearning_rate
: Learning ratebest_accuracy
: Best accuracyTensorFlow provides the tf.train.Checkpoint
class to manage the saving and restoring of models and optimizers.
Here is an example of saving a checkpoint in TensorFlow:
import tensorflow as tf\n\n# Assume you have a simple model\nmodel = tf.keras.Sequential([\n tf.keras.layers.Dense(2, input_shape=(10,))\n])\noptimizer = tf.keras.optimizers.Adam(learning_rate=0.001)\n\n# Define checkpoint\ncheckpoint = tf.train.Checkpoint(optimizer=optimizer, model=model)\ncheckpoint_dir = './checkpoints'\ncheckpoint_prefix = f'{checkpoint_dir}/ckpt'\n\n# Train the model...\n# Save checkpoint\ncheckpoint.save(file_prefix=checkpoint_prefix)\n
Note
Users of AI Lab can directly mount high-performance storage as the checkpoint directory to improve the speed of saving and restoring checkpoints.
"},{"location":"en/admin/baize/best-practice/checkpoint.html#restore-checkpoints-in-tensorflow","title":"Restore Checkpoints in TensorFlow","text":"Load the checkpoint and restore the model and optimizer state:
# Restore checkpoint\nlatest_checkpoint = tf.train.latest_checkpoint(checkpoint_dir)\ncheckpoint.restore(latest_checkpoint)\n\n# Continue training or inference...\n
"},{"location":"en/admin/baize/best-practice/checkpoint.html#manage-checkpoints-in-distributed-training-with-tensorflow","title":"Manage Checkpoints in Distributed Training with TensorFlow","text":"In distributed training, TensorFlow manages checkpoints primarily through the following methods:
Using tf.train.Checkpoint
and tf.train.CheckpointManager
checkpoint = tf.train.Checkpoint(model=model, optimizer=optimizer)\nmanager = tf.train.CheckpointManager(checkpoint, directory='/tmp/model', max_to_keep=3)\n
Saving checkpoints within a distributed strategy
strategy = tf.distribute.MirroredStrategy()\nwith strategy.scope():\n checkpoint = tf.train.Checkpoint(model=model, optimizer=optimizer)\n manager = tf.train.CheckpointManager(checkpoint, directory='/tmp/model', max_to_keep=3)\n
Saving checkpoints only on the chief worker node
if strategy.cluster_resolver.task_type == 'chief':\n manager.save()\n
Special handling when using MultiWorkerMirroredStrategy
strategy = tf.distribute.MultiWorkerMirroredStrategy()\nwith strategy.scope():\n # Define model\n ...\n checkpoint = tf.train.Checkpoint(model=model, optimizer=optimizer)\n manager = tf.train.CheckpointManager(checkpoint, '/tmp/model', max_to_keep=3)\n\ndef _chief_worker(task_type, task_id):\n return task_type is None or task_type == 'chief' or (task_type == 'worker' and task_id == 0)\n\nif _chief_worker(strategy.cluster_resolver.task_type, strategy.cluster_resolver.task_id):\n manager.save()\n
Using a distributed file system
Ensure all worker nodes can access the same checkpoint directory, typically using a distributed file system such as HDFS or GCS.
Asynchronous saving
Use tf.keras.callbacks.ModelCheckpoint
and set the save_freq
parameter to asynchronously save checkpoints during training.
Checkpoint restoration
status = checkpoint.restore(manager.latest_checkpoint)\nstatus.assert_consumed() # (1)!\n
Performance optimization
tf.train.experimental.enable_mixed_precision_graph_rewrite()
tf.saved_model.save()
to save the entire model, not just the weightsRegular Saving : Determine a suitable saving frequency based on training time and resource consumption, such as every epoch or every few training steps.
Save Multiple Checkpoints : Keep the latest few checkpoints to prevent issues like file corruption or inapplicability.
Record Metadata : Save additional information in the checkpoint, such as the epoch number and loss value, to better restore the training state.
Use Version Control : Save checkpoints for different experiments to facilitate comparison and reuse.
Validation and Testing : Use checkpoints for validation and testing at different training stages to ensure model performance and stability.
The checkpoint mechanism plays a crucial role in deep learning training. By effectively using the checkpoint features in PyTorch and TensorFlow, you can significantly improve the reliability and efficiency of training. The methods and best practices described in this article should help you better manage the training process of deep learning models.
"},{"location":"en/admin/baize/best-practice/deploy-nfs-in-worker.html","title":"Deploy NFS for Preloading Dataset","text":"A Network File System (NFS) allows remote hosts to mount file systems over a network and interact with those file systems as though they are mounted locally. This enables system administrators to consolidate resources onto centralized servers on the network.
Dataset is a core feature provided by AI Lab. By abstracting the dependency on data throughout the entire lifecycle of MLOps into datasets, users can manage various types of data in datasets so that training tasks can directly use the data in the dataset.
When remote data is not within the worker cluster, datasets provide the capability to automatically preheat data, supporting data preloading from sources such as Git
, S3
, and HTTP
to the local cluster.
A storage service supporting the ReadWriteMany
mode is needed for preloading remote data for the dataset
, and it is recommended to deploy NFS within the cluster.
This article mainly introduces how to quickly deploy an NFS service and add it as a StorageClass
for the cluster.
Helm
and Kubectl
, please make sure they are already installed.Several components need to be installed:
All system components will be installed in the nfs
namespace, so it is necessary to create this namespace first.
kubectl create namespace nfs\n
"},{"location":"en/admin/baize/best-practice/deploy-nfs-in-worker.html#install-nfs-server","title":"Install NFS Server","text":"Here is a simple YAML deployment file that can be used directly.
Note
Be sure to check the image:
and modify it to a domestic mirror based on the location of the cluster.
---\nkind: Service\napiVersion: v1\nmetadata:\n name: nfs-server\n namespace: nfs\n labels:\n app: nfs-server\nspec:\n type: ClusterIP\n selector:\n app: nfs-server\n ports:\n - name: tcp-2049\n port: 2049\n protocol: TCP\n - name: udp-111\n port: 111\n protocol: UDP\n---\nkind: Deployment\napiVersion: apps/v1\nmetadata:\n name: nfs-server\n namespace: nfs\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: nfs-server\n template:\n metadata:\n name: nfs-server\n labels:\n app: nfs-server\n spec:\n nodeSelector:\n \"kubernetes.io/os\": linux\n containers:\n - name: nfs-server\n image: itsthenetwork/nfs-server-alpine:latest\n env:\n - name: SHARED_DIRECTORY\n value: \"/exports\"\n volumeMounts:\n - mountPath: /exports\n name: nfs-vol\n securityContext:\n privileged: true\n ports:\n - name: tcp-2049\n containerPort: 2049\n protocol: TCP\n - name: udp-111\n containerPort: 111\n protocol: UDP\n volumes:\n - name: nfs-vol\n hostPath:\n path: /nfsdata # (1)!\n type: DirectoryOrCreate\n
Save the above YAML as nfs-server.yaml
, then run the following commands for deployment:
kubectl -n nfs apply -f nfs-server.yaml\n\n# Check the deployment result\nkubectl -n nfs get pod,svc\n
"},{"location":"en/admin/baize/best-practice/deploy-nfs-in-worker.html#install-csi-driver-nfs","title":"Install csi-driver-nfs","text":"Installing csi-driver-nfs
requires the use of Helm
, please ensure it is installed beforehand.
# Add Helm repository\nhelm repo add csi-driver-nfs https://mirror.ghproxy.com/https://raw.githubusercontent.com/kubernetes-csi/csi-driver-nfs/master/charts\nhelm repo update csi-driver-nfs\n\n# Deploy csi-driver-nfs\n# The parameters here mainly optimize the image address to accelerate downloads in China\nhelm upgrade --install csi-driver-nfs csi-driver-nfs/csi-driver-nfs \\\n --set image.nfs.repository=k8s.m.daocloud.io/sig-storage/nfsplugin \\\n --set image.csiProvisioner.repository=k8s.m.daocloud.io/sig-storage/csi-provisioner \\\n --set image.livenessProbe.repository=k8s.m.daocloud.io/sig-storage/livenessprobe \\\n --set image.nodeDriverRegistrar.repository=k8s.m.daocloud.io/sig-storage/csi-node-driver-registrar \\\n --namespace nfs \\\n --version v4.5.0\n
Warning
Not all images of csi-nfs-controller
support helm
parameters, so the image
field of the deployment
needs to be manually modified. Change image: registry.k8s.io
to image: k8s.dockerproxy.com
to accelerate downloads in China.
Save the following YAML as nfs-sc.yaml
:
apiVersion: storage.k8s.io/v1\nkind: StorageClass\nmetadata:\n name: nfs-csi\nprovisioner: nfs.csi.k8s.io\nparameters:\n server: nfs-server.nfs.svc.cluster.local\n share: /\n # csi.storage.k8s.io/provisioner-secret is only needed for providing mountOptions in DeleteVolume\n # csi.storage.k8s.io/provisioner-secret-name: \"mount-options\"\n # csi.storage.k8s.io/provisioner-secret-namespace: \"default\"\nreclaimPolicy: Delete\nvolumeBindingMode: Immediate\nmountOptions:\n - nfsvers=4.1\n
then run the following command:
kubectl apply -f nfs-sc.yaml\n
"},{"location":"en/admin/baize/best-practice/deploy-nfs-in-worker.html#test","title":"Test","text":"Create a dataset and set the dataset's associated storage class and preloading method
to NFS
to preheat remote data into the cluster.
After the dataset is successfully created, you can see that the dataset's status is preloading
, and you can start using it after the preloading is completed.
/sbin/mount
","text":"bad option; for several filesystems (e.g. nfs, cifs) you might need a /sbin/mount.<type> helper program.\n
On the nodes running Kubernetes, ensure that the NFS client is installed:
Ubuntu/DebianCentOS/RHELRun the following commands to install the NFS client:
sudo apt-get update\nsudo apt-get install nfs-common\n
Run the following command to install the NFS client:
sudo yum install nfs-utils\n
Check the NFS server configuration to ensure that the NFS server is running and configured correctly. You can try mounting manually to test:
sudo mkdir -p /mnt/test\nsudo mount -t nfs <nfs-server>:/nfsdata /mnt/test\n
"},{"location":"en/admin/baize/best-practice/finetunel-llm.html","title":"Fine-tune the ChatGLM3 Model by Using AI Lab","text":"This page uses the ChatGLM3
model as an example to demonstrate how to use LoRA (Low-Rank Adaptation) to fine-tune the ChatGLM3 model within the AI Lab environment. The demo program is from the ChatGLM3 official example.
The general process of fine-tuning is as follows:
"},{"location":"en/admin/baize/best-practice/finetunel-llm.html#environment-requirements","title":"Environment Requirements","text":"Info
Before starting, ensure AI platform and AI Lab are correctly installed, GPU queue resources are successfully initialized, and computing resources are sufficient.
"},{"location":"en/admin/baize/best-practice/finetunel-llm.html#prepare-data","title":"Prepare Data","text":"Utilize the dataset management feature provided by AI Lab to quickly preheat and persist the data required for fine-tuning large models, reducing GPU resource occupation due to data preparation, and improving resource utilization efficiency.
Create the required data resources on the dataset list page. These resources include the ChatGLM3 code and data files, all of which can be managed uniformly through the dataset list.
"},{"location":"en/admin/baize/best-practice/finetunel-llm.html#code-and-model-files","title":"Code and Model Files","text":"ChatGLM3 is a dialogue pre-training model jointly released by zhipuai.cn and Tsinghua University KEG Lab.
First, pull the ChatGLM3 code repository and download the pre-training model for subsequent fine-tuning tasks.
AI Lab will automatically preheat the data in the background to ensure quick data access for subsequent tasks.
"},{"location":"en/admin/baize/best-practice/finetunel-llm.html#advertisegen-dataset","title":"AdvertiseGen Dataset","text":"Domestic data can be directly obtained from Tsinghua Cloud using the HTTP
data source method.
After creation, wait for the dataset to be preheated, which is usually quick and depends on your network conditions.
"},{"location":"en/admin/baize/best-practice/finetunel-llm.html#fine-tune-output-data","title":"Fine-tune Output Data","text":"You also need to prepare an empty dataset to store the model files output after the fine-tuning task is completed. Here, create an empty dataset, using PVC
as an example.
Warning
Ensure to use a storage type that supports ReadWriteMany
to allow quick access to resources for subsequent tasks.
For model developers, preparing the Python environment dependencies required for model development is crucial. Traditionally, environment dependencies are either packaged directly into the development tool's image or installed in the local environment, which can lead to inconsistency in environment dependencies and difficulties in managing and updating dependencies.
AI Lab provides environment management capabilities, decoupling Python environment dependency package management from development tools and task images, solving dependency management chaos and environment inconsistency issues.
Here, use the environment management feature provided by AI Lab to create the environment required for ChatGLM3 fine-tuning for subsequent use.
Warning
requirements.txt
file that includes the environment dependencies required for ChatGLM3 fine-tuning.deepspeed
and mpi4py
packages. It is recommended to comment them out in the requirements.txt
file to avoid compilation failures.In the environment management list, you can quickly create a Python environment and complete the environment creation through a simple form configuration; a Python 3.11.x environment is required here.
Since CUDA is required for this experiment, GPU resources need to be configured here to preheat the necessary resource dependencies.
Creating the environment involves downloading a series of Python dependencies, and download speeds may vary based on your location. Using a domestic mirror for acceleration can speed up the download.
"},{"location":"en/admin/baize/best-practice/finetunel-llm.html#use-notebook-as-ide","title":"Use Notebook as IDE","text":"AI Lab provides Notebook as an IDE feature, allowing users to write, run, and view code results directly in the browser. This is very suitable for development in data analysis, machine learning, and deep learning fields.
You can use the JupyterLab Notebook provided by AI Lab for the ChatGLM3 fine-tuning task.
"},{"location":"en/admin/baize/best-practice/finetunel-llm.html#create-jupyterlab-notebook","title":"Create JupyterLab Notebook","text":"In the Notebook list, you can create a Notebook according to the page operation guide. Note that you need to configure the proper Notebook resource parameters according to the resource requirements mentioned earlier to avoid resource issues affecting the fine-tuning process.
Note
When creating a Notebook, you can directly mount the preloaded model code dataset and environment, greatly saving data preparation time.
"},{"location":"en/admin/baize/best-practice/finetunel-llm.html#mount-dataset-and-code","title":"Mount Dataset and Code","text":"Note: The ChatGLM3 code files are mounted to the /home/jovyan/ChatGLM3
directory, and you also need to mount the AdvertiseGen
dataset to the /home/jovyan/ChatGLM3/finetune_demo/data/AdvertiseGen
directory to allow the fine-tuning task to access the data.
The model output location used this time is the /home/jovyan/ChatGLM3/finetune_demo/output
directory. You can mount the previously created PVC
dataset to this directory, so the trained model can be saved to the dataset for subsequent inference tasks.
After creation, you can see the Notebook interface where you can write, run, and view code results directly in the Notebook.
"},{"location":"en/admin/baize/best-practice/finetunel-llm.html#fine-tune-chatglm3","title":"Fine-tune ChatGLM3","text":"Once in the Notebook, you can find the previously mounted dataset and code in the File Browser
option in the Notebook sidebar. Locate the ChatGLM3 folder.
You will find the fine-tuning code for ChatGLM3 in the finetune_demo
folder. Open the lora_finetune.ipynb
file, which contains the fine-tuning code for ChatGLM3.
First, follow the instructions in the README.md
file to understand the entire fine-tuning process. It is recommended to read it thoroughly to ensure that the basic environment dependencies and data preparation work are completed.
Open the terminal and use conda
to switch to the preheated environment, ensuring consistency with the JupyterLab Kernel for subsequent code execution.
First, preprocess the AdvertiseGen
dataset, standardizing the data to meet the Lora
pre-training format requirements. Save the processed data to the AdvertiseGen_fix
folder.
import json\nfrom typing import Union\nfrom pathlib import Path\n\ndef _resolve_path(path: Union[str, Path]) -> Path:\n return Path(path).expanduser().resolve()\n\ndef _mkdir(dir_name: Union[str, Path]):\n dir_name = _resolve_path(dir_name)\n if not dir_name.is_dir():\n dir_name.mkdir(parents=True, exist_ok=False)\n\ndef convert_adgen(data_dir: Union[str, Path], save_dir: Union[str, Path]):\n def _convert(in_file: Path, out_file: Path):\n _mkdir(out_file.parent)\n with open(in_file, encoding='utf-8') as fin:\n with open(out_file, 'wt', encoding='utf-8') as fout:\n for line in fin:\n dct = json.loads(line)\n sample = {'conversations': [{'role': 'user', 'content': dct['content']},\n {'role': 'assistant', 'content': dct['summary']}]}\n fout.write(json.dumps(sample, ensure_ascii=False) + '\\n')\n\n data_dir = _resolve_path(data_dir)\n save_dir = _resolve_path(save_dir)\n\n train_file = data_dir / 'train.json'\n if train_file is_file():\n out_file = save_dir / train_file.relative_to(data_dir)\n _convert(train_file, out_file)\n\n dev_file = data_dir / 'dev.json'\n if dev_file.is_file():\n out_file = save_dir / dev_file.relative_to(data_dir)\n _convert(dev_file, out_file)\n\nconvert_adgen('data/AdvertiseGen', 'data/AdvertiseGen_fix')\n
To save debugging time, you can reduce the number of entries in /home/jovyan/ChatGLM3/finetune_demo/data/AdvertiseGen_fix/dev.json
to 50. The data is in JSON format, making it easy to process.
After preprocessing the data, you can proceed with the fine-tuning test. Configure the fine-tuning parameters in the /home/jovyan/ChatGLM3/finetune_demo/configs/lora.yaml
file. Key parameters to focus on include:
Open a new terminal window and use the following command for local fine-tuning testing. Ensure that the parameter configurations and paths are correct:
!CUDA_VISIBLE_DEVICES=0 NCCL_P2P_DISABLE=\"1\" NCCL_IB_DISABLE=\"1\" python finetune_hf.py data/AdvertiseGen_fix ./chatglm3-6b configs/lora.yaml\n
In this command:
finetune_hf.py
is the fine-tuning script in the ChatGLM3 codedata/AdvertiseGen_fix
is your preprocessed dataset./chatglm3-6b
is your pre-trained model pathconfigs/lora.yaml
is the fine-tuning configuration fileDuring fine-tuning, you can use the nvidia-smi
command to check GPU memory usage:
After fine-tuning is complete, an output
directory will be generated in the finetune_demo
directory, containing the fine-tuned model files. This way, the fine-tuned model files are saved to the previously created PVC
dataset.
After completing the local fine-tuning test and ensuring that your code and data are correct, you can submit the fine-tuning task to the AI Lab for large-scale training and fine-tuning tasks.
Note
This is the recommended model development and fine-tuning process: first, conduct local fine-tuning tests to ensure that the code and data are correct.
"},{"location":"en/admin/baize/best-practice/finetunel-llm.html#submit-fine-tuning-tasks-via-ui","title":"Submit Fine-tuning Tasks via UI","text":"Use Pytorch
to create a fine-tuning task. Select the resources of the cluster you need to use based on your actual situation. Ensure to meet the resource requirements mentioned earlier.
Startup command: Based on your experience using LoRA fine-tuning in the Notebook, the code files and data are in the /home/jovyan/ChatGLM3/finetune_demo
directory, so you can directly use this path:
bash -c \"cd /home/jovyan/ChatGLM3/finetune_demo && CUDA_VISIBLE_DEVICES=0 NCCL_P2P_DISABLE=\"1\" NCCL_IB_DISABLE=\"1\" python finetune_hf.py data/AdvertiseGen_fix ./chatglm3-6b configs/lora.yaml\"\n
Mount environment: This way, the preloaded environment dependencies can be used not only in the Notebook but also in the tasks.
AdvertiseGen
dataset to the /home/jovyan/ChatGLM3/finetune_demo/data/AdvertiseGen
directoryAfter successfully submitting the task, you can view the training progress of the task in real-time in the task list. You can see the task status, resource usage, logs, and other information.
View task logs
After the task is completed, you can view the fine-tuned model files in the data output dataset for subsequent inference tasks.
"},{"location":"en/admin/baize/best-practice/finetunel-llm.html#submit-tasks-via-baizectl","title":"Submit Tasks viabaizectl
","text":"AI Lab's Notebook supports using the baizectl
command-line tool without authentication. If you prefer using CLI, you can directly use the baizectl
command-line tool to submit tasks.
baizectl job submit --name finetunel-chatglm3 -t PYTORCH \\\n --image release.daocloud.io/baize/baize-notebook:v0.5.0 \\\n --priority baize-high-priority \\\n --resources cpu=8,memory=16Gi,nvidia.com/gpu=1 \\\n --workers 1 \\\n --queue default \\\n --working-dir /home/jovyan/ChatGLM3 \\\n --datasets AdvertiseGen:/home/jovyan/ChatGLM3/finetune_demo/data/AdvertiseGen \\\n --datasets output:/home/jovyan/ChatGLM3/finetune_demo/output \\\n --labels job_type=pytorch \\\n --restart-policy on-failure \\\n -- bash -c \"cd /home/jovyan/ChatGLM3/finetune_demo && CUDA_VISIBLE_DEVICES=0 NCCL_P2P_DISABLE=\"1\" NCCL_IB_DISABLE=\"1\" python finetune_hf.py data/AdvertiseGen_fix ./chatglm3-6b configs/lora.yaml\"\n
For more information on using baizectl
, refer to the baizectl Usage Documentation.
After completing the fine-tuning task, you can use the fine-tuned model for inference tasks. Here, you can use the inference service provided by AI Lab to create an inference service with the output model.
In the inference service list, you can create a new inference service. When selecting the model, choose the previously output dataset and configure the model path.
Regarding model resource requirements and GPU resource requirements for inference services, configure them based on the model size and inference concurrency. Refer to the resource configuration of the previous fine-tuning tasks.
"},{"location":"en/admin/baize/best-practice/finetunel-llm.html#configure-model-runtime","title":"Configure Model Runtime","text":"Configuring the model runtime is crucial. Currently, AI Lab supports vLLM
as the model inference service runtime, which can be directly selected.
Tip
vLLM supports a wide range of large language models. Visit vLLM for more information. These models can be easily used within AI Lab.
After creation, you can see the created inference service in the inference service list. The model service list allows you to get the model's access address directly.
"},{"location":"en/admin/baize/best-practice/finetunel-llm.html#test-the-model-service","title":"Test the Model Service","text":"Try using the curl
command in the terminal to test the model service. Here, you can see the returned results, enabling you to use the model service for inference tasks.
curl -X POST http://10.20.100.210:31118/v2/models/chatglm3-6b/generate \\\n -d '{\"text_input\": \"hello\", \"stream\": false, \"sampling_parameters\": \"{\\\"temperature\\\": 0.7, \\\"top_p\\\": 0.95, \\'max_tokens\\\": 1024\uff5d\"\uff5d'\n
"},{"location":"en/admin/baize/best-practice/finetunel-llm.html#wrap-up","title":"Wrap up","text":"This page used ChatGLM3
as an example to quickly introduce and get you started with the AI Lab for model fine-tuning, using LoRA
to fine-tune the ChatGLM3 model.
AI Lab provides a wealth of features to help model developers quickly conduct model development, fine-tuning, and inference tasks. It also offers rich OpenAPI interfaces, facilitating integration with third-party application ecosystems.
"},{"location":"en/admin/baize/best-practice/label-studio.html","title":"Deploy Label Studio","text":"Label Studio is an open-source data labeling tool used for various machine learning and artificial intelligence jobs. Here is a brief introduction to Label Studio:
Label Studio offers a powerful data labeling solution for data scientists and machine learning engineers due to its flexibility and rich features.
"},{"location":"en/admin/baize/best-practice/label-studio.html#deploy-to-ai-platform","title":"Deploy to AI platform","text":"To use Label Studio in AI Lab, it needs to be deployed to the Global Service Cluster. You can quickly deploy it using Helm.
Note
For more deployment details, refer to Deploy Label Studio on Kubernetes.
Enter the Global Service Cluster, find Helm Apps -> Helm Repositories from the left navigation bar, click the Create Repository button, and fill in the following parameters:
After successfully adding the repository, click the \u2507 on the right side of the list and select Sync Repository. Wait a moment to complete the synchronization. (This sync operation will also be used for future updates of Label Studio).
Then navigate to the Helm Charts page, search for label-studio
, and click the card.
Choose the latest version and configure the installation parameters as shown below, naming it label-studio
. It is recommended to create a new namespace. Switch the parameters to YAML
and modify the configuration according to the instructions.
global:\n image:\n repository: heartexlabs/label-studio # Configure proxy address here if docker.io is inaccessible\n extraEnvironmentVars:\n LABEL_STUDIO_HOST: https://{Access_Address}/label-studio # Use the AI platform login address, refer to the current webpage URL\n LABEL_STUDIO_USERNAME: {User_Email} # Must be an email, replace with your own\n LABEL_STUDIO_PASSWORD: {User_Password}\napp:\n nginx:\n livenessProbe:\n path: /label-studio/nginx_health\n readinessProbe:\n path: /label-studio/version\n
At this point, the installation of Label Studio is complete.
Warning
By default, PostgreSQL will be installed as the data service middleware. If the image pull fails, it may be because docker.io
is inaccessible. Ensure to switch to an available proxy.
If you have your own PostgreSQL data service middleware, you can use the following parameters:
global:\n image:\n repository: heartexlabs/label-studio # Configure proxy address here if docker.io is inaccessible\n extraEnvironmentVars:\n LABEL_STUDIO_HOST: https://{Access_Address}/label-studio # Use the AI platform login address, refer to the current webpage URL\n LABEL_STUDIO_USERNAME: {User_Email} # Must be an email, replace with your own\n LABEL_STUDIO_PASSWORD: {User_Password}\napp:\n nginx:\n livenessProbe:\n path: /label-studio/nginx_health\n readinessProbe:\n path: /label-studio/version\npostgresql:\n enabled: false # Disable the built-in PostgreSQL\nexternalPostgresql:\n host: \"postgres-postgresql\" # PostgreSQL address\n port: 5432\n username: \"label_studio\" # PostgreSQL username\n password: \"your_label_studio_password\" # PostgreSQL password\n database: \"label_studio\" # PostgreSQL database name\n
"},{"location":"en/admin/baize/best-practice/label-studio.html#add-gproduct-to-navigation-bar","title":"Add GProduct to Navigation Bar","text":"To add Label Studio to the AI platform navigation bar, you can refer to the method in Global Management OEM IN. The following example shows how to add it to the secondary navigation of AI Lab.
"},{"location":"en/admin/baize/best-practice/label-studio.html#add-proxy-access","title":"Add Proxy Access","text":"apiVersion: ghippo.io/v1alpha1\nkind: GProductProxy\nmetadata:\n name: label-studio\nspec:\n gproduct: label-studio\n proxies:\n - authnCheck: false\n destination:\n host: label-studio-ls-app.label-studio.svc.cluster.local\n port: 80\n match:\n uri:\n prefix: /label-studio\n
"},{"location":"en/admin/baize/best-practice/label-studio.html#add-to-ai-lab","title":"Add to AI Lab","text":"Modify the CRD for GProductNavigator
CR baize
, then make the following changes:
apiVersion: ghippo.io/v1alpha1\nkind: GProductNavigator\nmetadata:\n labelings:\n meta.helm.sh/release-name: baize\n meta.helm.sh/release-namespace: baize-system\n labels:\n app.kubernetes.io/managed-by: Helm\n gProductName: baize\n name: baize\nspec:\n category: cloudnativeai\n gproduct: baize\n iconUrl: ./ui/baize/logo.svg\n isCustom: false\n localizedName:\n en-US: AI Lab\n zh-CN: AI Lab\n menus:\n - iconUrl: ''\n isCustom: false\n localizedName:\n en-US: AI Lab\n zh-CN: AI Lab\n name: workspace-view\n order: 1\n url: ./baize\n visible: true\n - iconUrl: ''\n isCustom: false\n localizedName:\n en-US: Operator\n zh-CN: \u8fd0\u7ef4\u7ba1\u7406\n name: admin-view\n order: 1\n url: ./baize/admin\n visible: true\n # Start adding\n - iconUrl: ''\n localizedName:\n en-US: Data Labeling\n zh-CN: \u6570\u636e\u6807\u6ce8\n name: label-studio\n order: 1\n target: blank # Control new blank page\n url: https://{Access_Address}/label-studio # url to access\n visible: true\n # End adding\n name: AI Lab\n order: 10\n url: ./baize\n visible: true\n
"},{"location":"en/admin/baize/best-practice/label-studio.html#adding-effect","title":"Adding Effect","text":""},{"location":"en/admin/baize/best-practice/label-studio.html#conclusion","title":"Conclusion","text":"The above describes how to add Label Studio and integrate it as an labeling component in AI Lab. By adding labels to the datasets in AI Lab, you can associate it with algorithm development and improve the algorithm development process. For further usage, refer to relevant documentation.
"},{"location":"en/admin/baize/best-practice/train-with-deepspeed.html","title":"Submit a DeepSpeed Training Task","text":"According to the DeepSpeed official documentation, it's recommended to modifying your code to implement the training task.
Specifically, you can use deepspeed.init_distributed()
instead of torch.distributed.init_process_group(...)
. Then run the command using torchrun
to submit it as a PyTorch distributed task, which will allow you to run a DeepSpeed task.
Yes, you can use torchrun
to run your DeepSpeed training script. torchrun
is a utility provided by PyTorch for distributed training. You can combine torchrun
with the DeepSpeed API to start your training task.
Below is an example of running a DeepSpeed training script using torchrun
:
Write the training script:
train.pyimport torch\nimport deepspeed\nfrom torch.utils.data import DataLoader\n\n# Load model and data\nmodel = YourModel()\ntrain_dataset = YourDataset()\ntrain_dataloader = DataLoader(train_dataset, batch_size=32)\n\n# Configure file path\ndeepspeed_config = \"deepspeed_config.json\"\n\n# Create DeepSpeed training engine\nmodel_engine, optimizer, _, _ = deepspeed.initialize(\n model=model,\n model_parameters=model.parameters(),\n config_params=deepspeed_config\n)\n\n# Training loop\nfor batch in train_dataloader:\n loss = model_engine(batch)\n model_engine.backward(loss)\n model_engine.step()\n
Create the DeepSpeed configuration file:
deepspeed_config.json{\n \"train_batch_size\": 32,\n \"gradient_accumulation_steps\": 1,\n \"fp16\": {\n \"enabled\": true,\n \"loss_scale\": 0\n },\n \"optimizer\": {\n \"type\": \"Adam\",\n \"params\": {\n \"lr\": 0.00015,\n \"betas\": [0.9, 0.999],\n \"eps\": 1e-08,\n \"weight_decay\": 0\n }\n }\n}\n
Run the training script using torchrun
or baizectl
:
torchrun train.py\n
In this way, you can combine PyTorch's distributed training capabilities with DeepSpeed's optimization technologies for more efficient training. You can use the baizectl
command to submit a job in a notebook:
baizectl job submit --pytorch --workers 2 -- torchrun train.py\n
Operator is the daily management of IT resources by IT operations personnel, handling workspace tasks.
Here, you can visually understand the current usage status of resources such as clusters, nodes, CPUs, GPUs, and vGPUs.
"},{"location":"en/admin/baize/oam/index.html#glossary","title":"Glossary","text":"Automatically consolidate GPU resource information across the entire platform, providing detailed GPU device information display, and allowing you to view workload statistics and task execution information for various GPUs.
After entering Operator, click Resource Management -> GPU Management in the left navigation bar to view GPU and task information.
"},{"location":"en/admin/baize/oam/queue/create.html","title":"Create Queue","text":"In the Operator mode, queues can be used to schedule and optimize batch job workloads, effectively managing multiple tasks running on a cluster and optimizing resource utilization through a queue system.
Click Queue Management in the left navigation bar, then click the Create button on the right.
The system will pre-fill basic setup data, including the cluster to deploy to, workspace, and queuing policy. Click OK after adjusting these parameters.
A confirmation message will appear upon creation, returning you to the queue management list. Click the \u2507 on the right side of the list to perform additional operations such as update or delete.
In the Operator mode, if you find a queue to be redundant, expired, or no longer needed for any other reason, you can delete it from the queue list.
Click the \u2507 on the right side of the queue in the queue list, then choose Delete from the dropdown menu.
In the pop-up window, confirm the queue you want to delete, enter the queue name, and then click Delete.
A confirmation message will appear indicating successful deletion, and the queue will disappear from the list.
Caution
Once a queue is deleted, it cannot be recovered, so please proceed with caution.
"},{"location":"en/admin/baize/troubleshoot/index.html","title":"Troubleshooting","text":"This document will continuously compile and organize errors that may arise from environmental issues or improper operations during the use of AI Lab, as well as analyze and provide solutions for certain errors encountered during use.
Warning
This documentation is only applicable to version AI platform. If you encounter issues with the use of AI Lab, please refer to this troubleshooting guide first.
In AI platform, the module name for AI Lab is baize
, which offers one-stop solutions for model training, inference, model management, and more.
In the AI Lab Developer and Operator UI, the desired cluster cannot be found in the drop-down list while you search for a cluster.
"},{"location":"en/admin/baize/troubleshoot/cluster-not-found.html#analysis","title":"Analysis","text":"If the desired cluster is missing from the cluster drop-down list in AI Lab, it could be due to the following reasons:
baize-agent
is not installed or failed to install, causing AI Lab to be unable to retrieve cluster information.baize-agent
, causing AI Lab to be unable to retrieve cluster information.baize-agent
not installed or failed to install","text":"AI Lab requires some basic components to be installed in each worker cluster. If the baize-agent
is not installed in the worker cluster, you can choose to install it via UI, which might lead to some unexpected errors.
Therefore, to ensure a good user experience, the selectable cluster range only includes clusters where the baize-agent
has been successfully installed.
If the issue is due to the baize-agent
not being installed or installation failure, use the following steps:
Container Management -> Clusters -> Helm Apps -> Helm Charts , find baize-agent
and install it.
Note
Quickly jump to this address: https://<host>/kpanda/clusters/<cluster_name>/helm/charts/addon/baize-agent
. Note to replace <host>
with the actual console address, and <cluster_name>
with the actual cluster name.
baize-agent
","text":"When installing baize-agent
, ensure to configure the cluster name. This name will be used for Insight metrics collection and is empty by default, requiring manual configuration .
If the Insight components in the cluster are abnormal, it might cause AI Lab to be unable to retrieve cluster information. Check if the platform's Insight services are running and configured correctly.
When creating a Notebook, training task, or inference service, if the queue is being used for the first time in that namespace, there will be a prompt to initialize the queue with one click. However, the initialization fails.
"},{"location":"en/admin/baize/troubleshoot/local-queue-initialization-failed.html#issue-analysis","title":"Issue Analysis","text":"In the AI Lab environment, the queue management capability is provided by Kueue. Kueue provides two types of queue management resources:
In the AI Lab environment, if a service is created and the specified namespace does not have a LocalQueue
, there will be a prompt to initialize the queue.
In rare cases, the LocalQueue
initialization might fail due to special reasons.
Check if Kueue is running normally. If the kueue-controller-manager
is not running, you can check it with the following command:
kubectl get deploy kueue-controller-manager -n baize-system\n
If the kueue-controller-manager
is not running properly, fix Kueue first.
In the AI Lab module, when users create a Notebook, they find that even if the selected queue lacks resources, the Notebook can still be created successfully.
"},{"location":"en/admin/baize/troubleshoot/notebook-not-controlled-by-quotas.html#issue-01-unsupported-kubernetes-version","title":"Issue 01: Unsupported Kubernetes Version","text":"Analysis:
The queue management capability in AI Lab is provided by Kueue, and the Notebook service is provided through JupyterHub. JupyterHub has high requirements for the Kubernetes version. For versions below v1.27, even if queue quotas are set in AI platform, and users select the quota when creating a Notebook, the Notebook will not actually be restricted by the queue quota.
Solution: Plan in advance. It is recommended to use Kubernetes version v1.27
or above in the production environment.
Reference: Jupyter Notebook Documentation
Analysis:
When the Kubernetes cluster version is greater than v1.27, the Notebook still cannot be restricted by the queue quota.
This is because Kueue needs to have support for enablePlainPod
enabled to take effect for the Notebook service.
Solution: When deploying baize-agent
in the worker cluster, enable Kueue support for enablePlainPod
.
Reference: Run Plain Pods as a Kueue-Managed Job
If you forget your password, you can reset it by following the instructions on this page.
"},{"location":"en/admin/ghippo/password.html#steps-to-reset-password","title":"Steps to Reset Password","text":"When an administrator initially creates a user, it sets a username and password for him. After the user logs in, fill in the email address and change the password in Personal Center . If the user has not set an email address, he can only contact the administrator to reset the password.
If you forget your password, you can click Forgot your password? on the login interface.
Enter your login email and click Submit .
Find the password reset email in the mailbox, and click the link in your email. The link is effective for 5 minutes.
Install applications that support 2FA dynamic password generation (such as Google Authenticator) on mobile phone or other devices. Set up a dynamic password to activate your account, and click Submit .
Set a new password and click Submit . The requirements for setting a new password are consistent with the password rules when creating an account.
The password is successfully reset, and you enter the home page directly.
The flow of the password reset process is as follows.
graph TB\n\npass[Forgot password] --> usern[Enter username]\n--> button[Click button to send a mail] --> judge1[Check your username is correct or not]\n\n judge1 -.Correct.-> judge2[Check if you have bounded a mail]\n judge1 -.Wrong.-> tip1[Error of incorrect username]\n\n judge2 -.A mail has been bounded.-> send[Send a reset mail]\n judge2 -.No any mail bounded.-> tip2[No any mail bounded<br>Contact admin to reset password]\n\nsend --> click[Click the mail link] --> config[Config dynamic password] --> reset[Reset password]\n--> success[Successfully reset]\n\nclassDef plain fill:#ddd,stroke:#fff,stroke-width:1px,color:#000;\nclassDef k8s fill:#326ce5,stroke:#fff,stroke-width:1px,color:#fff;\nclassDef cluster fill:#fff,stroke:#bbb,stroke-width:1px,color:#326ce5;\n\nclass pass,usern,button,tip1,send,tip2,send,click,config,reset,success plain;\nclass judge1,judge2 k8s
"},{"location":"en/admin/ghippo/access-control/custom-role.html","title":"Custom Roles","text":"AI platform supports the creation of three scopes of custom roles:
A platform role refers to a role that can manipulate features related to a certain module of AI platform (such as container management, microservice engine, Multicloud Management, service mesh, Container registry, Workbench, and global management).
From the left navigation bar, click Global Management -> Access Control -> Roles , and click Create Custom Role .
Enter the name and description, select Platform Role , check the role permissions and click OK .
Return to the role list, search for the custom role you just created, and click \u2507 on the right to perform operations such as copying, editing, and deleting.
After the platform role is successfully created, you can go to User/group to add users and groups for this role.
A workspace role refers to a role that can manipulate features related to a module (such as container management, microservice engine, Multicloud Management, service mesh, container registry, Workbench, and global management) according to the workspace.
From the left navigation bar, click Global Management -> Access Control -> Roles , and click Create Custom Role .
Enter the name and description, select Workspace role , check the role permissions and click OK .
Return to the role list, search for the custom role you just created, and click \u2507 on the right to perform operations such as copying, editing, and deleting.
After the workspace role is successfully created, you can go to Workspace to authorize and set which workspaces this role can manage.
The folder role refers to the ability to manipulate the relevant features of a module of AI platform (such as container management, microservice engine, Multicloud Management, service mesh, container registry, Workbench and global management) according to folders and subfolders. Role.
From the left navigation bar, click Global Management -> Access Control -> Roles , and click Create Custom Role .
Enter the name and description, select Folder Role , check the role permissions and click OK .
Return to the role list, search for the custom role you just created, and click \u2507 on the right to perform operations such as copying, editing, and deleting.
After the folder role is successfully created, you can go to Folder to authorize and set which folders this role can manage.
When two or more platforms need to integrate or embed with each other, user system integration is usually required. During the process of user system integration, the Docking Portal mainly provides SSO (Single Sign-On) capability. If you want to integrate AI platform as a user source into a client platform, you can achieve it by docking a product through Docking Portal .
"},{"location":"en/admin/ghippo/access-control/docking.html#docking-a-product","title":"Docking a product","text":"Prerequisite: Administrator privileges for the platform or IAM Owner privileges for access control.
Log in with an admin, navigate to Access Control , select Docking Portal , enter the Docking Portal list, and click Create SSO Profile in the upper right corner.
On the Create SSO Profile page, fill in the Client ID.
After successfully creating the SSO access, in the Docking Portal list, click the just created Client ID to enter the details, copy the Client ID, Secret Key, and Single Sign-On URL information, and fill them in the client platform to complete the user system integration.
AI platform provides predefined system roles to help users simplify the process of role permission usage.
Note
AI platform provides three types of system roles: platform role, workspace role, and folder role.
Five system roles are predefined in Access Control: Admin, IAM Owner, Audit Owner, Kpanda Owner, and Workspace and Folder Owner. These five roles are created by the system and cannot be modified by users. The proper permissions of each role are as follows:
Role Name Role Type Module Role Permissions Admin System role All Platform administrator, manages all platform resources, represents the highest authority of the platform. IAM Owner System role Access Control Administrator of Access Control, has all permissions under this service, such as managing users/groups and authorization. Audit Owner System role Audit Log Administrator of Audit Log, has all permissions under this service, such as setting audit log policies and exporting audit logs. Kpanda Owner System role Container Management Administrator of Container Management, has all permissions under this service, such as creating/accessing clusters, deploying applications, granting cluster/namespace-related permissions to users/groups. Workspace and Folder Owner System role Workspace and Folder Administrator of Workspace and Folder, has all permissions under this service, such as creating folders/workspaces, authorizing folder/workspace-related permissions to users/groups."},{"location":"en/admin/ghippo/access-control/global.html#workspace-roles","title":"Workspace Roles","text":"Three system roles are predefined in Access Control: Workspace Admin, Workspace Editor, and Workspace Viewer. These three roles are created by the system and cannot be modified by users. The proper permissions of each role are as follows:
Role Name Role Type Module Role Permissions Workspace Admin System role Workspace Administrator of a workspace, with management permission of the workspace. Workspace Editor System role Workspace Editor of a workspace, with editing permission of the workspace. Workspace Viewer System role Workspace Viewer of a workspace, with readonly permission of the workspace."},{"location":"en/admin/ghippo/access-control/global.html#folder-roles","title":"Folder Roles","text":"Three system roles are predefined in Access Control: Folder Admin, Folder Editor, and Folder Viewer. These three roles are created by the system and cannot be modified by users. The proper permissions of each role are as follows:
Role Name Role Type Module Role Permissions Folder Admin System role Workspace Administrator of a folder and its subfolders/workspaces, with management permission. Folder Editor System role Workspace Editor of a folder and its subfolders/workspaces, with editing permission. Folder Viewer System role Workspace Viewer of a folder and its subfolders/workspaces, with readonly permission."},{"location":"en/admin/ghippo/access-control/group.html","title":"Group","text":"A group is a collection of users. By joining a group, a user can inherit the role permissions of the group. Authorize users in batches through groups to better manage users and their permissions.
"},{"location":"en/admin/ghippo/access-control/group.html#use-cases","title":"Use cases","text":"When a user's permission changes, it only needs to be moved to the proper group without affecting other users.
When the permissions of a group change, you only need to modify the role permissions of the group to apply to all users in the group.
"},{"location":"en/admin/ghippo/access-control/group.html#create-group","title":"Create group","text":"Prerequisite: Admin or IAM Owner.
Enters Access Control , selects Groups , enters the list of groups, and clicks Create a group on the upper right.
Fill in the group information on the Create group page.
Click OK , the group is created successfully, and you will return to the group list page. The first line in the list is the newly created group.
Prerequisite: The group already exists.
Enters Access Control , selects Groups , enters the list of groups, and clicks \u2507 -> Add permissions .
On the Add permissions page, check the required role permissions (multiple choices are allowed).
Click OK to add permissions to the group. Automatically return to the group list, click a group to view the permissions granted to the group.
Enters Access Control , selects Groups to display the group list, and on the right side of a group, click \u2507 -> Add Members .
On the Add Group Members page, click the user to be added (multiple choices are allowed). If there is no user available, click Create a new user , first go to create a user, and then return to this page and click the refresh icon to display the newly created user.
Click OK to finish adding users to the group.
Note
Users in the group will inherit the permissions of the group; users who join the group can be viewed in the group details.
"},{"location":"en/admin/ghippo/access-control/group.html#delete-group","title":"Delete group","text":"Note: Deleting a group will not delete the users in the group, but the users in the group will no longer be able to inherit the permissions of the group
The administrator enters Access Control , selects group to enter the group list, and on the right side of a group, click \u2507 -> Delete .
Click Delete to delete the group.
Return to the group list, and the screen will prompt that the deletion is successful.
Note
Deleting a group will not delete the users in the group, but the users in the group will no longer be able to inherit the permissions from the group.
"},{"location":"en/admin/ghippo/access-control/iam.html","title":"What is IAM","text":"IAM (Identity and Access Management) is an important module of global management. You can create, manage and destroy users (groups) through the access control module, and use system roles and custom roles to control other users Access to the AI platform.
"},{"location":"en/admin/ghippo/access-control/iam.html#benefits","title":"Benefits","text":"Simple and smooth
Structures and roles within an enterprise can be complex, with the management of projects, work groups, and mandates constantly changing. Access control uses a clear and tidy page to open up the authorization relationship between users, groups, and roles, and realize the authorization of users (groups) with the shortest link.
Appropriate role
Access control pre-defines an administrator role for each sub-module, without user maintenance, you can directly authorize the predefined system roles of the platform to users to realize the modular management of the platform. For fine-grained permissions, please refer to Permission Management.
Enterprise-grade access control
When you want your company's employees to use the company's internal authentication system to log in to the AI platform without creating proper users on the AI platform, you can use the identity provider feature of access control to establish a trust relationship between your company and Suanova, Through joint authentication, employees can directly log in to the AI platform with the existing account of the enterprise, realizing single sign-on.
Here is a typical process to perform access control.
graph TD\n login[Login] --> user[Create User]\n user --> auth[Authorize User]\n auth --> group[Create Group]\n group --> role[Create Custom Role]\n role --> id[Create Identity Provider]\n\n classDef plain fill:#ddd,stroke:#fff,stroke-width:4px,color:#000;\n classDef k8s fill:#326ce5,stroke:#fff,stroke-width:4px,color:#fff;\n classDef cluster fill:#fff,stroke:#bbb,stroke-width:1px,color:#326ce5;\n class login,user,auth,group,role,id cluster;
"},{"location":"en/admin/ghippo/access-control/idprovider.html","title":"Identity provider","text":"Global management supports single sign-on based on LDPA and OIDC protocols. If your enterprise or organization has its own account system and you want to manage members in the organization to use AI platform resources, you can use the identity provider feature provided by global management. Instead of having to create username/passwords for every organization member in your AI platform. You can grant permissions to use AI platform resources to these external user identities.
"},{"location":"en/admin/ghippo/access-control/idprovider.html#basic-concept","title":"Basic concept","text":"Identity Provider (IdP for short)
Responsible for collecting and storing user identity information, usernames, and passwords, and responsible for authenticating users when they log in. In the identity authentication process between an enterprise and AI platform, the identity provider refers to the identity provider of the enterprise itself.
Service Provider (SP)
The service provider establishes a trust relationship with the identity provider IdP, and uses the user information provided by the IDP to provide users with specific services. In the process of enterprise authentication with AI platform, the service provider refers to AI platform.
LDAP
LDAP refers to Lightweight Directory Access Protocol (Lightweight Directory Access Protocol), which is often used for single sign-on, that is, users can log in with one account password in multiple services. Global management supports LDAP for identity authentication, so the enterprise IdP that establishes identity authentication with AI platform through the LDAP protocol must support the LDAP protocol. For a detailed description of LDAP, please refer to: Welcome to LDAP.
OIDC
OIDC, short for OpenID Connect, is an identity authentication standard protocol based on the OAuth 2.0 protocol. Global management supports the OIDC protocol for identity authentication, so the enterprise IdP that establishes identity authentication with AI platform through the OIDC protocol must support the OIDC protocol. For a detailed description of OIDC, please refer to: Welcome to OpenID Connect.
OAuth 2.0
OAuth 2.0 is the abbreviation of Open Authorization 2.0. It is an open authorization protocol. The authorization framework supports third-party applications to obtain access permissions in their own name.
Administrators do not need to recreate AI platform users
Before using the identity provider for identity authentication, the administrator needs to create an account for the user in the enterprise management system and AI platform respectively; after using the identity provider for identity authentication, the enterprise administrator only needs to create an account for the user in the enterprise management system, Users can access both systems at the same time, reducing personnel management costs.
Users do not need to remember two sets of platform accounts
Before using the identity provider for identity authentication, users need to log in with the accounts of the two systems to access the enterprise management system and AI platform; after using the identity provider for identity authentication, users can log in to the enterprise management system to access the two systems.
The full name of LDAP is Lightweight Directory Access Protocol, which is an open and neutral industry-standard application protocol that provides access control and maintains directories for distributed information through the IP protocol.
If your enterprise or organization has its own account system, and your enterprise user management system supports the LDAP protocol, you can use the identity provider feature based on the LDAP protocol provided by the Global Management instead of creating usernames/passwords for each member in AI platform. You can grant permissions to use AI platform resources to these external user identities.
In Global Management, the operation steps are as follows:
Log in to AI platform as a user with admin role. Click Global Management -> Access Control in the lower left corner of the left navigation bar.
Click Identity Provider on the left nav bar, click Create an Identity Provider button.
In the LDAP tab, fill in the following fields and click Save to establish a trust relationship with the identity provider and a user mapping relationship.
Field Description Vendor Supports LDAP (Lightweight Directory Access Protocol) and AD (Active Directory) Identity Provider Name (UI display name) Used to distinguish different identity providers Connection URL The address and port number of the LDAP service, e.g., ldap://10.6.165.2:30061 Bind DN The DN of the LDAP administrator, which Keycloak will use to access the LDAP server Bind credentials The password of the LDAP administrator. This field can retrieve its value from a vault using the ${vault.ID} format. Users DN The full DN of the LDAP tree where your users are located. This DN is the parent of the LDAP users. For example, if the DN of a typical user is similar to \u201cuid='john',ou=users,dc=example,dc=com\u201d, it can be \u201cou=users,dc=example,dc=com\u201d. User Object Classes All values of the LDAP objectClass attribute for users in LDAP, separated by commas. For example: \u201cinetOrgPerson,organizationalPerson\u201d. New Keycloak users will be written to LDAP with all of these object classes, and existing LDAP user records will be found if they contain all of these object classes. Enable StartTLS Encrypts the connection between AI platform and LDAP when enabled Default Permission Users/groups have no permissions by default after synchronization Full name mapping proper First name and Last Name User Name Mapping The unique username for the user Mailbox Mapping User emailAdvanced Config
Field Description Enable or not Enabled by default. When disabled, this LDAP configuration will not take effect. Periodic full sync Disabled by default. When enabled, a sync period can be configured, such as syncing once every hour. Edit mode Read-only mode will not modify the source data in LDAP. Write mode will sync data back to LDAP after user information is edited on the platform. Read timeout Adjusting this value can effectively avoid interface timeouts when the amount of LDAP data is large. User LDAP filter An additional LDAP filter used to filter the search for users. Leave it empty if no additional filter is needed. Ensure it starts with \u201c(\u201d and ends with \u201c)\u201d. Username LDAP attribute The name of the LDAP attribute maps to the Keycloak username. For many LDAP server vendors, it can be \u201cuid\u201d. For Active Directory, it can be \u201csAMAccountName\u201d or \u201ccn\u201d. This attribute should be filled in for all LDAP user records you want to import into Keycloak. RDN LDAP attribute The name of the LDAP attribute that serves as the RDN (top-level attribute) of the typical user DN. It is usually the same as the Username LDAP attribute, but this is not required. For example, for Active Directory, when the username attribute might be \u201csAMAccountName\u201d, \u201ccn\u201d is often used as the RDN attribute. UUID LDAP attribute The name of the LDAP attribute used as the unique object identifier (UUID) for objects in LDAP. For many LDAP server vendors, it is \u201centryUUID\u201d. However, some may differ. For example, for Active Directory, it should be \u201cobjectGUID\u201d. If your LDAP server does not support the UUID concept, you can use any other attribute that should be unique among LDAP users in the tree, such as \u201cuid\u201d or \u201centryDN\u201d.On the Sync Groups tab, fill in the following fields to configure the mapping relationship of groups, and click Save again.
Field Description Example base DN location of the group in the LDAP tree ou=groups,dc=example,dc=org Usergroup Object Filter Object classes for usergroups, separated by commas if more classes are required. In a typical LDAP deployment, usually \"groupOfNames\", the system has been filled in automatically, if you need to change it, just edit it. * means all. * group name cn UnchangeableNote
If all members in your enterprise or organization are managed in WeCom, you can use the identity provider feature based on the OAuth 2.0 protocol provided by Global Management, without the need to create a username/password for each organization member in AI platform. You can grant these external user identities permission to use AI platform resources.
"},{"location":"en/admin/ghippo/access-control/oauth2.0.html#steps","title":"Steps","text":"Log in to AI platform with a user who has the admin role. Click Global Management -> Access Control at the bottom of the left navigation bar.
Select Identity Providers on the left navigation bar, and click the OAuth 2.0 tab. Fill in the form fields and establish a trust relationship with WeCom, then click Save.
Note
Before integration, you need to create a custom application in the WeCom management console. Refer to How to create a custom application link
Field Description Corp ID ID of WeCom Agent ID ID of the custom application ClientSecret Secret of the custom applicationWeCom ID:
Agent ID and ClientSecret:
"},{"location":"en/admin/ghippo/access-control/oidc.html","title":"Create and Manage OIDC","text":"OIDC (OpenID Connect) is an identity layer based on OAuth 2.0 and an identity authentication standard protocol based on the OAuth2 protocol.
If your enterprise or organization already has its own account system, and your enterprise user management system supports the OIDC protocol, you can use the OIDC protocol-based identity provider feature provided by the Global Management instead of creating usernames/passwords for each member in AI platform. You can grant permissions to use AI platform resources to these external user identities.
The specific operation steps are as follows.
Log in to AI platform as a user with admin role. Click Global Management -> Access Control at the bottom of the left navigation bar.
On the left nav bar select Identity Provider , click OIDC -> Create an Identity Provider
After completing the form fields and establishing a trust relationship with the identity provider, click Save .
Fields Descriptions Provider Name displayed on the login page and is the entry point for the identity provider Authentication Method Client authentication method. If the JWT is signed with a private key, select JWT signed with private key from the dropdown. For details, refer to Client Authentication. Client ID Client ID Client Secret Client Secret Client URL One-click access to login URL, Token URL, user information URL and logout URL through the identity provider's well-known interface Auto-associate After it is turned on, when the identity provider username/email is duplicated with the AI platform username/email, the two will be automatically associatedNote
The interactive process of user authentication is as follows:
A role corresponds to a set of permissions that determine the actions that can be performed on resources. Granting a user a role means granting all the permissions included in that role.
AI platform provides three levels of roles, which effectively solve your permission-related issues:
Platform roles are coarse-grained permissions that grant proper permissions to all relevant resources on the platform. By assigning platform roles, users can have permissions to create, delete, modify, and view all clusters and workspaces, but not specifically to a particular cluster or workspace. AI platform provides 5 pre-defined platform roles that users can directly use:
Additionally, AI platform supports the creation of custom platform roles with customized content as needed. For example, creating a platform role that includes all functional permissions in the Workbench. Since the Workbench depends on workspaces, the platform will automatically select the \"view\" permission for workspaces by default. Please do not manually deselect it. If User A is granted this Workbench role, they will automatically have all functional permissions related to the Workbench in all workspaces.
"},{"location":"en/admin/ghippo/access-control/role.html#platform-role-authorization-methods","title":"Platform Role Authorization Methods","text":"There are three ways to authorize platform roles:
In the Global Management -> Access Control -> Users section, find the user in the user list, click ... , select Authorization , and grant platform role permissions to the user.
In the Global Management -> Access Control -> Groups section, create a group in the group list, add the user to the group, and grant authorization to the group (the specific operation is: find the group in the group list, click ... , select Add Permissions , and grant platform roles to the group).
In the Global Management -> Access Control -> Roles section, find the proper platform role in the role list, click the role name to access details, click the Related Members button, select the user or group, and click OK .
Workspace roles are fine-grained roles that grant users management permissions, view permissions, or Workbench-related permissions for a specific workspace. Users with these roles can only manage the assigned workspace and cannot access other workspaces. AI platform provides 3 pre-defined workspace roles that users can directly use:
Moreover, AI platform supports the creation of custom workspace roles with customized content as needed. For example, creating a workspace role that includes all functional permissions in the Workbench. Since the Workbench depends on workspaces, the platform will automatically select the \"view\" permission for workspaces by default. Please do not manually deselect it. If User A is granted this role in Workspace 01, they will have all functional permissions related to the Workbench in Workspace 01.
Note
Unlike platform roles, workspace roles need to be used within the workspace. Once authorized, users will only have the functional permissions of that role within the assigned workspace.
"},{"location":"en/admin/ghippo/access-control/role.html#workspace-role-authorization-methods","title":"Workspace Role Authorization Methods","text":"In the Global Management -> Workspace and Folder list, find the workspace, click Authorization , and grant workspace role permissions to the user.
"},{"location":"en/admin/ghippo/access-control/role.html#folder-roles","title":"Folder Roles","text":"Folder roles have permissions granularity between platform roles and workspace roles. They grant users management permissions and view permissions for a specific folder and its sub-folders, as well as all workspaces within that folder. Folder roles are commonly used in departmental scenarios in enterprises. For example, User B is a leader of a first-level department and usually has management permissions over the first-level department, all second-level departments under it, and projects within those departments. In this scenario, User B is granted admin permissions for the first-level folder, which also grants proper permissions for the second-level folders and workspaces below them. AI platform provides 3 pre-defined folder roles that users can directly use:
Additionally, AI platform supports the creation of custom folder roles with customized content as needed. For example, creating a folder role that includes all functional permissions in the Workbench. If User A is granted this role in Folder 01, they will have all functional permissions related to the Workbench in all workspaces within Folder 01.
Note
The functionality of modules depends on workspaces, and folders provide further grouping mechanisms with permission inheritance capabilities. Therefore, folder permissions not only include the folder itself but also its sub-folders and workspaces.
"},{"location":"en/admin/ghippo/access-control/role.html#folder-role-authorization-methods","title":"Folder Role Authorization Methods","text":"In the Global Management -> Workspace and Folder list, find the folder, click Authorization , and grant folder role permissions to the user.
"},{"location":"en/admin/ghippo/access-control/user.html","title":"User","text":"A user refers to a user created by the platform administrator Admin or the access control administrator IAM Owner on the Global Management -> Access Control -> Users page, or a user connected through LDAP / OIDC . The username represents the account, and the user logs in to the Suanova Enterprise platform through the username and password.
Having a user account is a prerequisite for users to access the platform. The newly created user does not have any permissions by default. For example, you need to assign proper role permissions to users, such as granting administrator permissions to submodules in User List or User Details . The sub-module administrator has the highest authority of the sub-module, and can create, manage, and delete all resources of the module. If a user needs to be granted permission for a specific resource, such as the permission to use a certain resource, please see Resource Authorization Description.
This page introduces operations such as creating, authorizing, disabling, enabling, and deleting users.
"},{"location":"en/admin/ghippo/access-control/user.html#create-user","title":"Create user","text":"Prerequisite: You have the platform administrator Admin permission or the access control administrator IAM Admin permission.
The administrator enters Access Control , selects Users , enters the user list, and clicks Create User on the upper right.
Fill in the username and login password on the Create User page. If you need to create multiple users at one time, you can click Create User to create in batches, and you can create up to 5 users at a time. Determine whether to set the user to reset the password when logging in for the first time according to your actual situation.
Click OK , the user is successfully created and returns to the user list page.
Note
The username and password set here will be used to log in to the platform.
"},{"location":"en/admin/ghippo/access-control/user.html#authorize-for-user","title":"Authorize for User","text":"Prerequisite: The user already exists.
The administrator enters Access Control , selects Users , enters the user list, and clicks \u2507 -> Authorization .
On the Authorization page, check the required role permissions (multiple choices are allowed).
Click OK to complete the authorization for the user.
Note
In the user list, click a user to enter the user details page.
"},{"location":"en/admin/ghippo/access-control/user.html#add-user-to-group","title":"Add user to group","text":"The administrator enters Access Control , selects Users , enters the user list, and clicks \u2507 -> Add to Group .
On the Add to Group page, check the groups to be joined (multiple choices are allowed). If there is no optional group, click Create a new group to create a group, and then return to this page and click the Refresh button to display the newly created group.
Click OK to add the user to the group.
Note
The user will inherit the permissions of the group, and you can view the groups that the user has joined in User Details .
"},{"location":"en/admin/ghippo/access-control/user.html#enabledisable-user","title":"Enable/Disable user","text":"Once a user is deactivated, that user will no longer be able to access the Platform. Unlike deleting a user, a disabled user can be enabled again as needed. It is recommended to disable the user before deleting it to ensure that no critical service is using the key created by the user.
The administrator enters Access Control , selects Users , enters the user list, and clicks a username to enter user details.
Click Edit on the upper right, turn off the status button, and make the button gray and inactive.
Click OK to finish disabling the user.
Premise: User mailboxes need to be set. There are two ways to set user mailboxes.
On the user details page, the administrator clicks Edit , enters the user's email address in the pop-up box, and clicks OK to complete the email setting.
Users can also enter the Personal Center and set the email address on the Security Settings page.
If the user forgets the password when logging in, please refer to Reset Password.
"},{"location":"en/admin/ghippo/access-control/user.html#delete-users","title":"Delete users","text":"Warning
After deleting a user, the user will no longer be able to access platform resources in any way, please delete carefully. Before deleting a user, make sure your key programs no longer use keys created by that user. If you are unsure, it is recommended to disable the user before deleting. If you delete a user and then create a new user with the same name, the new user is considered a new, separate identity that does not inherit the deleted user's roles.
The administrator enters Access Control , selects Users , enters the user list, and clicks \u2507 -> Delete .
Click Delete to finish deleting the user.
With AI platform integrated into the client's system, you can create Webhooks to send message notifications when users are created, updated, deleted, logged in, or logged out.
Webhook is a mechanism for implementing real-time event notifications. It allows an application to push data or events to another application without the need for polling or continuous querying. By configuring Webhooks, you can specify that the target application receives and processes notifications when a certain event occurs.
The working principle of Webhook is as follows:
By using Webhooks, you can achieve the following functionalities:
Common use cases include:
The steps to configure Webhooks in AI platform are as follows:
On the left nav, click Global Management -> Access Control -> Docking Portal , create a client ID.
Click a client ID to enter the details page, then click the Create Webhook button.
Fill in the field information in the popup window and click OK .
A screen prompt indicates that the Webhook was created successfully.
Now try creating a user.
User creation succeeds, and you can see that an enterprise WeChat group received a message.
Default Message Body
AI platform predefines some variables that you can use in the message body based on your needs.
{\n \"id\": \"{{$$.ID$$}}\",\n \"email\": \"{{$$.Email$$}}\",\n \"username\": \"{{$$.Name$$}}\",\n \"last_name\": \"{{$$.LastName$$}}\",\n \"first_name\": \"{{$$.FirstName$$}}\",\n \"created_at\": \"{{$$.CreatedAt$$}}\",\n \"enabled\": \"{{$$.Enabled$$}}\"\n}\n
Message Body for WeCom Group Robot
{\n \"msgtype\": \"text\",\n \"text\": {\n \"content\": \"{{$$.Name$$}} hello world\"\n }\n}\n
"},{"location":"en/admin/ghippo/audit/audit-log.html","title":"Audit log","text":"Audit logs help you monitor and record the activities of each user, and provide features for collecting, storing and querying security-related records arranged in chronological order. With the audit log service, you can continuously monitor and retain user behaviors in the Global Management module, including but not limited to user creation, user login/logout, user authorization, and user operations related to Kubernetes.
"},{"location":"en/admin/ghippo/audit/audit-log.html#features","title":"Features","text":"The audit log feature has the following characteristics:
Out of the box: When installing and using the platform, the audit log feature will be enabled by default, automatically recording various user-related actions, such as creating users, authorization, and login/logout. By default, 365 days of user behavior can be viewed within the platform.
Security analysis: The audit log will record user operations in detail and provide an export function. Through these events, you can judge whether the account is at risk.
Real-time recording: Quickly collect operation events, and trace back in the audit log list after user operations, so that suspicious behavior can be found at any time.
Convenient and reliable: The audit log supports manual cleaning and automatic cleaning, and the cleaning policy can be configured according to your storage size.
Log in to AI platform with a user account that has the admin or Audit Owner role.
At the bottom of the left navigation bar, click Global Management -> Audit Logs .
On the User operations tab, you can search for user operation events by time range, or by using fuzzy or exact search.
Click the \u2507 icon on the right side of an event to view its details.
The event details are shown in the following figure.
Click the Export in the upper right corner to export the user operation logs within the selected time range in CSV or Excel format.
"},{"location":"en/admin/ghippo/audit/audit-log.html#system-operations","title":"System operations","text":"On the System operations tab, you can search for system operation events by time range, or by using fuzzy or exact search.
Similarly, click the \u2507 icon on the right side of an event to view its details.
Click the Export in the upper right corner to export the system operation logs within the selected time range in CSV or Excel format.
"},{"location":"en/admin/ghippo/audit/audit-log.html#settings","title":"Settings","text":"On the Settings tab, you can clean up audit logs for user operations and system operations.
You can manually clean up the logs, but it is recommended to export and save them before cleaning. You can also set the maximum retention time for the logs to automatically clean them up.
Note
The audit logs related to Kubernetes in the auditing module are provided by the Insight module. To reduce the storage pressure of the audit logs, Global Management by default does not collect Kubernetes-related logs. If you need to record them, please refer to Enabling K8s Audit Logs. Once enabled, the cleanup function is consistent with the Global Management cleanup function, but they do not affect each other.
"},{"location":"en/admin/ghippo/audit/open-audit.html","title":"Enable/Disable collection of audit logs","text":"Run the following command to check if audit logs are generated under the /var/log/kubernetes/audit directory. If they exist, it means that Kubernetes audit logs are successfully enabled.
ls /var/log/kubernetes/audit\n
If they are not enabled, please refer to the documentation on enabling/disabling Kubernetes audit logs.
"},{"location":"en/admin/ghippo/audit/open-audit.html#enable-collection-of-kubernetes-audit-logs-process","title":"Enable Collection of Kubernetes Audit Logs Process","text":"Add ChartMuseum to the helm repo.
helm repo add chartmuseum http://10.5.14.30:8081\n
Modify the IP address in this command to the IP address of the Spark node.
Note
If using a self-built Harbor repository, please modify the chart repo URL in the first step to the insight-agent chart URL of the self-built repository.
Save the current Insight Agent helm values.
helm get values insight-agent -n insight-system -o yaml > insight-agent-values-bak.yaml\n
Get the current version number ${insight_version_code}.
insight_version_code=`helm list -n insight-system |grep insight-agent | awk {'print $10'}`\n
Update the helm value configuration.
helm upgrade --install --create-namespace --version ${insight_version_code} --cleanup-on-fail insight-agent chartmuseum/insight-agent -n insight-system -f insight-agent-values-bak.yaml --set global.exporters.auditLog.kubeAudit.enabled=true\n
Restart all fluentBit pods under the insight-system namespace.
fluent_pod=`kubectl get pod -n insight-system | grep insight-agent-fluent-bit | awk {'print $1'} | xargs`\nkubectl delete pod ${fluent_pod} -n insight-system\n
The remaining steps are the same as enabling the collection of Kubernetes audit logs, with only a modification in the previous section's step 4: updating the helm value configuration.
helm upgrade --install --create-namespace --version ${insight_version_code} --cleanup-on-fail insight-agent chartmuseum/insight-agent -n insight-system -f insight-agent-values-bak.yaml --set global.exporters.auditLog.kubeAudit.enabled=false\n
"},{"location":"en/admin/ghippo/audit/open-audit.html#ai-community-online-installation-environment","title":"AI Community Online Installation Environment","text":"Note
If installing AI Community in a Kind cluster, perform the following steps inside the Kind container.
"},{"location":"en/admin/ghippo/audit/open-audit.html#confirm-enabling-kubernetes-audit-logs_1","title":"Confirm Enabling Kubernetes Audit Logs","text":"Run the following command to check if audit logs are generated under the /var/log/kubernetes/audit directory. If they exist, it means that Kubernetes audit logs are successfully enabled.
ls /var/log/kubernetes/audit\n
If they are not enabled, please refer to the documentation on enabling/disabling Kubernetes audit logs.
"},{"location":"en/admin/ghippo/audit/open-audit.html#enable-collection-of-kubernetes-audit-logs-process_1","title":"Enable Collection of Kubernetes Audit Logs Process","text":"Save the current values.
helm get values insight-agent -n insight-system -o yaml > insight-agent-values-bak.yaml\n
Get the current version number ${insight_version_code} and update the configuration.
insight_version_code=`helm list -n insight-system |grep insight-agent | awk {'print $10'}`\n
Update the helm value configuration.
helm upgrade --install --create-namespace --version ${insight_version_code} --cleanup-on-fail insight-agent insight-release/insight-agent -n insight-system -f insight-agent-values-bak.yaml --set global.exporters.auditLog.kubeAudit.enabled=true\n
If the upgrade fails due to an unsupported version, check if the helm repo used in the command has that version. If not, retry after you updated the helm repo.
helm repo update insight-release\n
Restart all fluentBit pods under the insight-system namespace.
fluent_pod=`kubectl get pod -n insight-system | grep insight-agent-fluent-bit | awk {'print $1'} | xargs`\nkubectl delete pod ${fluent_pod} -n insight-system\n
The remaining steps are the same as enabling the collection of Kubernetes audit logs, with only a modification in the previous section's step 3: updating the helm value configuration.
helm upgrade --install --create-namespace --version ${insight_version_code} --cleanup-on-fail insight-agent insight-release/insight-agent -n insight-system -f insight-agent-values-bak.yaml --set global.exporters.auditLog.kubeAudit.enabled=false\n
"},{"location":"en/admin/ghippo/audit/open-audit.html#change-worker-cluster","title":"Change Worker Cluster","text":"Each worker cluster is independent and can be turned on as needed.
"},{"location":"en/admin/ghippo/audit/open-audit.html#steps-to-enable-audit-log-collection-when-creating-a-cluster","title":"Steps to Enable Audit Log Collection When Creating a Cluster","text":"By default, the collection of K8s audit logs is turned off. If you need to enable it, you can follow these steps:
Set the switch to the enabled state to enable the collection of K8s audit logs.
When creating a worker cluster via AI platform, ensure that the K8s audit log option for the cluster is set to 'true' so that the created worker cluster will have audit logs enabled.
After the cluster creation is successful, the K8s audit logs for that worker cluster will be collected.
"},{"location":"en/admin/ghippo/audit/open-audit.html#steps-to-enabledisable-after-accessing-or-creating-the-cluster","title":"Steps to Enable/Disable After Accessing or Creating the Cluster","text":""},{"location":"en/admin/ghippo/audit/open-audit.html#confirm-enabling-k8s-audit-logs","title":"Confirm Enabling K8s Audit Logs","text":"Run the following command to check if audit logs are generated under the /var/log/kubernetes/audit directory. If they exist, it means that K8s audit logs are successfully enabled.
ls /var/log/kubernetes/audit\n
If they are not enabled, please refer to the documentation on enabling/disabling K8s audit logs.
"},{"location":"en/admin/ghippo/audit/open-audit.html#enable-collection-of-k8s-audit-logs","title":"Enable Collection of K8s Audit Logs","text":"The collection of K8s audit logs is disabled by default. To enable it, follow these steps:
Select the cluster that has been accessed and needs to enable the collection of K8s audit logs.
Go to the Helm App management page and update the insight-agent configuration (if insight-agent is not installed, you can install it).
Enable/Disable the collection of K8s audit logs switch.
After enabling/disabling the switch, the fluent-bit pod needs to be restarted for the changes to take effect.
By default, the Kubernetes cluster does not generate audit log information. Through the following configuration, you can enable the audit log feature of Kubernetes.
Note
In a public cloud environment, it may not be possible to control the output and output path of Kubernetes audit logs.
apiVersion: audit.k8s.io/v1\nkind: Policy\nrules:\n# The following requests were manually identified as high-volume and low-risk,\n# so drop them.\n- level: None\n users: [\"system:kube-proxy\"]\n verbs: [\"watch\"]\n resources:\n - group: \"\" # core\n resources: [\"endpoints\", \"services\", \"services/status\"]\n- level: None\n # Ingress controller reads `configmaps/ingress-uid` through the unsecured port.\n # TODO(#46983): Change this to the ingress controller service account.\n users: [\"system:unsecured\"]\n namespaces: [\"kube-system\"]\n verbs: [\"get\"]\n resources:\n - group: \"\" # core\n resources: [\"configmaps\"]\n- level: None\n users: [\"kubelet\"] # legacy kubelet identity\n verbs: [\"get\"]\n resources:\n - group: \"\" # core\n resources: [\"nodes\", \"nodes/status\"]\n- level: None\n userGroups: [\"system:nodes\"]\n verbs: [\"get\"]\n resources:\n - group: \"\" # core\n resources: [\"nodes\", \"nodes/status\"]\n- level: None\n users:\n - system:kube-controller-manager\n - system:kube-scheduler\n - system:serviceaccount:kube-system:endpoint-controller\n verbs: [\"get\", \"update\"]\n namespaces: [\"kube-system\"]\n resources:\n - group: \"\" # core\n resources: [\"endpoints\"]\n- level: None\n users: [\"system:apiserver\"]\n verbs: [\"get\"]\n resources:\n - group: \"\" # core\n resources: [\"namespaces\", \"namespaces/status\", \"namespaces/finalize\"]\n# Don't log HPA fetching metrics.\n- level: None\n users:\n - system:kube-controller-manager\n verbs: [\"get\", \"list\"]\n resources:\n - group: \"metrics.k8s.io\"\n# Don't log these read-only URLs.\n- level: None\n nonResourceURLs:\n - /healthz*\n - /version\n - /swagger*\n# Don't log events requests.\n- level: None\n resources:\n - group: \"\" # core\n resources: [\"events\"]\n# Secrets, ConfigMaps, TokenRequest and TokenReviews can contain sensitive & binary data,\n# so only log at the Metadata level.\n- level: Metadata\n resources:\n - group: \"\" # core\n resources: [\"secrets\", \"configmaps\", \"serviceaccounts/token\"]\n - group: authentication.k8s.io\n resources: [\"tokenreviews\"]\n omitStages:\n - \"RequestReceived\"\n# Get responses can be large; skip them.\n- level: Request\n verbs: [\"get\", \"list\", \"watch\"]\n resources:\n - group: \"\" # core\n - group: \"admissionregistration.k8s.io\"\n - group: \"apiextensions.k8s.io\"\n - group: \"apiregistration.k8s.io\"\n - group: \"apps\"\n - group: \"authentication.k8s.io\"\n - group: \"authorization.k8s.io\"\n - group: \"autoscaling\"\n - group: \"batch\"\n - group: \"certificates.k8s.io\"\n - group: \"extensions\"\n - group: \"metrics.k8s.io\"\n - group: \"networking.k8s.io\"\n - group: \"policy\"\n - group: \"rbac.authorization.k8s.io\"\n - group: \"settings.k8s.io\"\n - group: \"storage.k8s.io\"\n omitStages:\n - \"RequestReceived\"\n# Default level for known APIs\n- level: RequestResponse\n resources:\n - group: \"\" # core\n - group: \"admissionregistration.k8s.io\"\n - group: \"apiextensions.k8s.io\"\n - group: \"apiregistration.k8s.io\"\n - group: \"apps\"\n - group: \"authentication.k8s.io\"\n - group: \"authorization.k8s.io\"\n - group: \"autoscaling\"\n - group: \"batch\"\n - group: \"certificates.k8s.io\"\n - group: \"extensions\"\n - group: \"metrics.k8s.io\"\n - group: \"networking.k8s.io\"\n - group: \"policy\"\n - group: \"rbac.authorization.k8s.io\"\n - group: \"settings.k8s.io\"\n - group: \"storage.k8s.io\"\n omitStages:\n - \"RequestReceived\"\n# Default level for all other requests.\n- level: Metadata\n omitStages:\n - \"RequestReceived\"\n
Put the above audit log file in /etc/kubernetes/audit-policy/ folder, and name it apiserver-audit-policy.yaml .
"},{"location":"en/admin/ghippo/audit/open-k8s-audit.html#configure-the-api-server","title":"Configure the API server","text":"Open the configuration file kube-apiserver.yaml of the API server, usually in the /etc/kubernetes/manifests/ folder, and add the following configuration information:
Please back up kube-apiserver.yaml before this step. The backup file cannot be placed in the /etc/kubernetes/manifests/ , and it is recommended to put it in the /etc/kubernetes/tmp .
Add the command under spec.containers.command :
--audit-log-maxage=30\n--audit-log-maxbackup=10\n--audit-log-maxsize=100\n--audit-log-path=/var/log/audit/kube-apiserver-audit.log\n--audit-policy-file=/etc/kubernetes/audit-policy/apiserver-audit-policy.yaml\n
Add the command under spec.containers.volumeMounts :
- mountPath: /var/log/audit\n name: audit-logs\n- mountPath: /etc/kubernetes/audit-policy\n name: audit-policy\n
Add the command under spec.volumes :
- hostPath:\n path: /var/log/kubernetes/audit\n type: \"\"\n name: audit-logs\n- hostPath:\n path: /etc/kubernetes/audit-policy\n type: \"\"\n name: audit-policy\n
After a while, the API server will automatically restart, and run the following command to check whether there is an audit log generated in the /var/log/kubernetes/audit directory. If so, it means that the K8s audit log is successfully enabled.
ls /var/log/kubernetes/audit\n
If you want to close it, just remove the relevant commands in spec.containers.command .
"},{"location":"en/admin/ghippo/audit/source-ip.html","title":"Get Source IP in Audit Logs","text":"The source IP in audit logs plays a critical role in system and network management. It helps track activities, maintain security, resolve issues, and ensure system compliance. However, getting the source IP can result in some performance overhead, so that audit logs are not always enabled in AI platform. The default enablement of source IP in audit logs and the methods to enable it vary depending on the installation mode. The following sections will explain the default enablement and the steps to enable source IP in audit logs based on the installation mode.
Note
Enabling audit logs will modify the replica count of the istio-ingressgateway, resulting in a certain performance overhead. Enabling audit logs requires disabling LoadBalance of kube-proxy and Topology Aware Routing, which can have a certain impact on cluster performance. After enabling audit logs, it is essential to ensure that the istio-ingressgateway exists on the proper node to the access IP. If the istio-ingressgateway drifts due to node health issues or other issues, it needs to be manually rescheduled back to that node. Otherwise, it will affect the normal operation of AI platform.
"},{"location":"en/admin/ghippo/audit/source-ip.html#determine-the-installation-mode","title":"Determine the Installation Mode","text":"kubectl get pod -n metallb-system\n
Run the above command in the cluster. If the result is as follows, it means that the cluster is not in the MetalLB installation mode:
No resources found in metallbs-system namespace.\n
"},{"location":"en/admin/ghippo/audit/source-ip.html#nodeport-installation-mode","title":"NodePort Installation Mode","text":"In this mode, the source IP in audit logs is disabled by default. The steps to enable it are as follows:
Set the minimum replica count of the istio-ingressgateway HPA to be equal to the number of control plane nodes
count=$(kubectl get nodes --selector=node-role.kubernetes.io/control-plane | wc -l)\ncount=$((count-1))\n\nkubectl patch hpa istio-ingressgateway -n istio-system -p '{\"spec\":{\"minReplicas\":'$count'}}'\n
Modify the externalTrafficPolicy and internalTrafficPolicy value of the istio-ingressgateway service to \"Local\"
kubectl patch svc istio-ingressgateway -n istio-system -p '{\"spec\":{\"externalTrafficPolicy\":\"Local\",\"internalTrafficPolicy\":\"Local\"}}'\n
In this mode, the source IP in audit logs is gotten by default after the installation.
"},{"location":"en/admin/ghippo/audit/gproduct-audit/ghippo.html","title":"Audit Items of Global Management","text":"Events Resource Type Notes UpdateEmail-Account Account UpdatePassword-Account Account CreateAccessKeys-Account Account UpdateAccessKeys-Account Account DeleteAccessKeys-Account Account Create-User User Delete-User User Update-User User UpdateRoles-User User UpdatePassword-User User CreateAccessKeys-User User UpdateAccessKeys-User User DeleteAccessKeys-User User Create-Group Group Delete-Group Group Update-Group Group AddUserTo-Group Group RemoveUserFrom-Group Group UpdateRoles-Group Group UpdateRoles-User User Create-LADP LADP Update-LADP LADP Delete-LADP LADP Unable to audit through API server for OIDC Login-User User Logout-User User UpdatePassword-SecurityPolicy SecurityPolicy UpdateSessionTimeout-SecurityPolicy SecurityPolicy UpdateAccountLockout-SecurityPolicy SecurityPolicy UpdateLogout-SecurityPolicy SecurityPolicy MailServer-SecurityPolicy SecurityPolicy CustomAppearance-SecurityPolicy SecurityPolicy OfficialAuthz-SecurityPolicy SecurityPolicy Create-Workspace Workspace Delete-Workspace Workspace BindResourceTo-Workspace Workspace UnBindResource-Workspace Workspace BindShared-Workspace Workspace SetQuota-Workspace Workspace Authorize-Workspace Workspace DeAuthorize-Workspace Workspace UpdateDeAuthorize-Workspace Workspace Update-Workspace Workspace Create-Folder Folder Delete-Folder Folder UpdateAuthorize-Folder Folder Update-Folder Folder Authorize-Folder Folder DeAuthorize-Folder Folder AutoCleanup-Audit Audit ManualCleanup-Audit Audit Export-Audit Audit"},{"location":"en/admin/ghippo/audit/gproduct-audit/insight.html","title":"Insight Audit Items","text":"Events Resource Type Notes Create-ProbeJob ProbeJob Update-ProbeJob ProbeJob Delete-ProbeJob ProbeJob Create-AlertPolicy AlertPolicy Update-AlertPolicy AlertPolicy Delete-AlertPolicy AlertPolicy Import-AlertPolicy AlertPolicy Create-AlertRule AlertRule Update-AlertRule AlertRule Delete-AlertRule AlertRule Create-RuleTemplate RuleTemplate Update-RuleTemplate RuleTemplate Delete-RuleTemplate RuleTemplate Create-email email Update-email email Delete-Receiver Receiver Create-dingtalk dingtalk Update-dingtalk dingtalk Delete-Receiver Receiver Create-wecom wecom Update-wecom wecom Delete-Receiver Receiver Create-webhook webhook Update-webhook webhook Delete-Receiver Receiver Create-sms sms Update-sms sms Delete-Receiver Receiver Create-aliyun(tencent,custom) aliyun, tencent, custom Update-aliyun(tencent,custom) aliyun, tencent, custom Delete-SMSserver SMSserver Create-MessageTemplate MessageTemplate Update-MessageTemplate MessageTemplate Delete-MessageTemplate MessageTemplate Create-AlertSilence AlertSilence Update-AlertSilence AlertSilence Delete-AlertSilence AlertSilence Create-AlertInhibition AlertInhibition Update-AlertInhibition AlertInhibition Delete-AlertInhibition AlertInhibition Update-SystemSettings SystemSettings"},{"location":"en/admin/ghippo/audit/gproduct-audit/kpanda.html","title":"Audit Items of Container Management","text":"Events Resource Types Create-Cluster Cluster Delete-Cluster Cluster Integrate-Cluster Cluster Remove-Cluster Cluster Upgrade-Cluster Cluster Integrate-Node Node Remove-Node Node Update-NodeGPUMode NodeGPUMode Create-HelmRepo HelmRepo Create-HelmApp HelmApp Delete-HelmApp HelmApp Create-Deployment Deployment Delete-Deployment Deployment Create-DaemonSet DaemonSet Delete-DaemonSet DaemonSet Create-StatefulSet StatefulSet Delete-StatefulSet StatefulSet Create-Job Job Delete-Job Job Create-CronJob CronJob Delete-CronJob CronJob Delete-Pod Pod Create-Service Service Delete-Service Service Create-Ingress Ingress Delete-Ingress Ingress Create-StorageClass StorageClass Delete-StorageClass StorageClass Create-PersistentVolume PersistentVolume Delete-PersistentVolume PersistentVolume Create-PersistentVolumeClaim PersistentVolumeClaim Delete-PersistentVolumeClaim PersistentVolumeClaim Delete-ReplicaSet ReplicaSet BindResourceTo-Workspace Workspace UnBindResource-Workspace Workspace BindResourceTo-Workspace Workspace UnBindResource-Workspace Workspace Create-CloudShell CloudShell Delete-CloudShell CloudShell"},{"location":"en/admin/ghippo/audit/gproduct-audit/virtnest.html","title":"Audit Items of Virtual Machine","text":"Events Resource Type Notes Restart-VMs VM ConvertToTemplate-VMs VM Edit-VMs VM Update-VMs VM Restore-VMs VM Power on-VMs VM LiveMigrate-VMs VM Delete-VMs VM Delete-VM Template VM Template Create-VMs VM CreateSnapshot-VMs VM Power off-VMs VM Clone-VMs VM"},{"location":"en/admin/ghippo/best-practice/authz-plan.html","title":"Ordinary user authorization plan","text":"Ordinary users refer to those who can use most product modules and features (except management features), have certain operation rights to resources within the scope of authority, and can independently use resources to deploy applications.
The authorization and resource planning process for such users is shown in the following figure.
graph TB\n\n start([Start]) --> user[1. Create User]\n user --> ns[2. Prepare Kubernetes Namespace]\n ns --> ws[3. Prepare Workspace]\n ws --> ws-to-ns[4. Bind a workspace to namespace]\n ws-to-ns --> authu[5. Authorize a user with Workspace Editor]\n authu --> complete([End])\n\n classDef plain fill:#ddd,stroke:#fff,stroke-width:4px,color:#000;\n classDef k8s fill:#326ce5,stroke:#fff,stroke-width:4px,color:#fff;\n classDef cluster fill:#fff,stroke:#bbb,stroke-width:1px,color:#326ce5;\n class user,ns,ws,ws-to-ns,authu cluster;\n class start,complete plain;
"},{"location":"en/admin/ghippo/best-practice/cluster-for-multiws.html","title":"Assign a Cluster to Multiple Workspaces (Tenants)","text":"Cluster resources are typically managed by operations personnel. When allocating resources, they need to create namespaces to isolate resources and set resource quotas. This method has a drawback: if the business volume of the enterprise is large, manually allocating resources requires a significant amount of work, and flexibly adjusting resource quotas can also be challenging.
To address this, the AI platform introduces the concept of workspaces. By sharing resources, workspaces can provide higher-dimensional resource quota capabilities, allowing workspaces (tenants) to self-create Kubernetes namespaces under resource quotas.
For example, if you want several departments to share different clusters:
Cluster01 (Normal) Cluster02 (High Availability) Department (Workspace) A 50 quota 10 quota Department (Workspace) B 100 quota 20 quotaYou can follow the process below to share clusters with multiple departments/workspaces/tenants:
graph TB\n\npreparews[Prepare Workspace] --> preparecs[Prepare Cluster]\n--> share[Share Cluster to Workspace]\n--> judge([Judge Workspace Remaining Quota])\njudge -.Greater than remaining quota.->modifyns[Modify Namespace Quota]\njudge -.Less than remaining quota.->createns[Create Namespace]\n\nclassDef plain fill:#ddd,stroke:#fff,stroke-width:1px,color:#000;\nclassDef k8s fill:#326ce5,stroke:#fff,stroke-width:1px,color:#fff;\nclassDef cluster fill:#fff,stroke:#bbb,stroke-width:1px,color:#326ce5;\n\nclass preparews,preparecs,share, cluster;\nclass judge plain\nclass modifyns,createns k8s
"},{"location":"en/admin/ghippo/best-practice/cluster-for-multiws.html#prepare-a-workspace","title":"Prepare a Workspace","text":"Workspaces are designed to meet multi-tenant usage scenarios, forming isolated resource environments based on clusters, cluster namespaces, meshes, mesh namespaces, multicloud, multicloud namespaces, and other resources. Workspaces can be mapped to various concepts such as projects, tenants, enterprises, and suppliers.
Log in to AI platform with a user having the admin/folder admin role and click Global Management at the bottom of the left navigation bar.
Click Workspaces and Folders in the left navigation bar, then click the Create Workspace button at the top right.
Fill in the workspace name, folder, and other information, then click OK to complete the creation of the workspace.
Workspaces are designed to meet multi-tenant usage scenarios, forming isolated resource environments based on clusters, cluster namespaces, meshes, mesh namespaces, multicloud, multicloud namespaces, and other resources. Workspaces can be mapped to various concepts such as projects, tenants, enterprises, and suppliers.
Follow these steps to prepare a cluster.
Click Container Management at the bottom of the left navigation bar, then select Clusters .
Click Create Cluster to create a cluster or click Integrate Cluster to integrate a cluster.
Return to Global Management to add clusters to the workspace.
Click Global Management -> Workspaces and Folders -> Shared Resources, then click a workspace name and click the New Shared Resource button.
Select the cluster, fill in the resource quota, and click OK .
A folder represents an organizational unit (such as a department) and is a node in the resource hierarchy.
A folder can contain workspaces, subfolders, or a combination of both. It provides identity management, multi-level and permission mapping capabilities, and can map the role of a user/group in a folder to its subfolders, workspaces and resources. Therefore, with the help of folders, enterprise managers can centrally manage and control all resources.
Build corporate hierarchy
First of all, according to the existing enterprise hierarchy structure, build the same folder hierarchy as the enterprise. The AI platform supports 5-level folders, which can be freely combined according to the actual situation of the enterprise, and folders and workspaces are mapped to entities such as departments, projects, and suppliers in the enterprise.
Folders are not directly linked to resources, but indirectly achieve resource grouping through workspaces.
User identity management
Folder provides three roles: Folder Admin, Folder Editor, and Folder Viewer. View role permissions, you can grant different roles to users/groups in the same folder through Authorization.
Role and permission mapping
Enterprise Administrator: Grant the Folder Admin role on the root folder. He will have administrative authority over all departments, projects and their resources.
Department manager: grant separate management rights to each subfolder and workspace.
Project members: Grant management rights separately at the workspace and resource levels.
With the continuous scaling of business, the company's scale continues to grow, subsidiaries and branches are established one after another, and some subsidiaries even further establish subsidiaries. The original large departments are gradually subdivided into multiple smaller departments, leading to an increasing number of hierarchical levels in the organizational structure. This organizational structure change also affects the IT governance architecture.
The specific operational steps are as follows:
Enable Isolation Mode between Folder/WS
Please refer to Enable Isolation Mode between Folder/WS.
Plan Enterprise Architecture according to the Actual Situation
Under a multi-level organizational structure, it is recommended to use the second-level folder as an isolation unit to isolate users/user groups/resources between \"sub-companies\". After isolation, users/user groups/resources between \"sub-companies\" are not visible to each other.
Create Users/Integrate User Systems
The main platform administrator Admin can create users on the platform or integrate users through LDAP/OIDC/OAuth2.0 and other identity providers to AI platform.
Create Folder Roles
In the isolation mode of Folder/WS, the platform administrator Admin needs to first authorize users to invite them to various sub-companies, so that the \"sub-company administrators (Folder Admin)\" can manage these users, such as secondary authorization or editing permissions. It is recommended to simplify the management work of the platform administrator Admin by creating a role without actual permissions to assist the platform administrator Admin in inviting users to sub-companies through \"authorization\". The actual permissions of sub-company users are delegated to the sub-company administrators (Folder Admin) to manage independently. (The following demonstrates how to create a resource-bound role without actual permissions, i.e., minirole)
Note
Resource-bound permissions used alone do not take effect, hence meeting the requirement of inviting users to sub-companies through \"authorization\" and then managed by sub-company administrators Folder Admin.
Authorize Users
The platform administrator invites users to various sub-companies according to the actual situation and appoints sub-company administrators.
Authorize sub-company regular users as \"minirole\" (1), and authorize sub-company administrators as Folder Admin.
Sub-company Administrators Manage Users/User Groups Independently
Sub-company administrator Folder Admin can only see their own \"Sub-company 2\" after logging into the platform, and can adjust the architecture by creating folders, creating workspaces, and assigning other permissions to users in Sub-company 2 through adding authorization/edit permissions.
When adding authorization, sub-company administrator Folder Admin can only see users invited by the platform administrator through \"authorization\", and cannot see all users on the platform, thus achieving user isolation between Folder/WS, and the same applies to user groups (the platform administrator can see and authorize all users and user groups on the platform).
Note
The main difference between large enterprises and small/medium-sized enterprises lies in whether users/user groups in Folder and workspaces are visible to each other. In large enterprises, users/user groups between subsidiaries are not visible + permission isolation; in small/medium-sized enterprises, users between departments are visible to each other + permission isolation.
"},{"location":"en/admin/ghippo/best-practice/system-message.html","title":"System Messages","text":"System messages are used to notify all users, similar to system announcements, and will be displayed at the top bar of the AI platform UI at specific times.
"},{"location":"en/admin/ghippo/best-practice/system-message.html#configure-system-messages","title":"Configure System Messages","text":"You can create a system message by applying the YAML for the system message in the Cluster Roles. The display time of the message is determined by the time fields in the YAML. System messages will only be displayed within the time range configured by the start and end fields.
In the Clusters, click the name of the Global Service Cluster to enter the Gobal Service Cluster.
Select CRDs from the left navigation bar, search for ghippoconfig
, and click the ghippoconfigs.ghippo.io
that appears in the search results.
Click Create from YAML or modify an existing YAML.
A sample YAML is as follows:
apiVersion: ghippo.io/v1alpha1\nkind: GhippoConfig\nmetadata:\n name: system-message\nspec:\n message: \"this is a message\"\n start: 2024-01-02T15:04:05+08:00\n end: 2024-07-24T17:26:05+08:00\n
"},{"location":"en/admin/ghippo/best-practice/ws-best-practice.html","title":"Workspace Best Practices","text":"A workspace is a resource grouping unit, and most resources can be bound to a certain workspace. The workspace can realize the binding relationship between users and roles through authorization and resource binding, and apply it to all resources in the workspace at one time.
Through the workspace, you can easily manage teams and resources, and solve cross-module and cross-cluster resource authorization issues.
"},{"location":"en/admin/ghippo/best-practice/ws-best-practice.html#workspace-features","title":"Workspace features","text":"A workspace consists of three features: authorization, resource groups, and shared resources. It mainly solves the problems of unified authorization of resources, resource grouping and resource quota.
Authorization: Grant users/groups different roles in the workspace, and apply the roles to the resources in the workspace.
Best practice: When users want to use container management, the administrator needs to grant the workspace permissions (Workspace Admin, Workspace Edit, Workspace View). The administrator here can be the Admin role, the Workspace Admin role of the workspace, or the Folder Admin role above the workspace. See Relationship between Folder and Workspace.
Resource group: Resource group and shared resource are two resource management modes of the workspace.
Resource groups support four resource types: Cluster, Cluster-Namespace (cross-cluster), Mesh, and Mesh-Namespace. A resource can only be bound to one resource group. After a resource is bound to a resource group, the owner of the workspace will have all the management rights of the resource, which is equivalent to the owner of the resource, so it is not limited by the resource quota.
Best practice: The workspace can grant different role permissions to department members through the \"authorization\" function, and the workspace can apply the authorization relationship between people and roles to all resources in the workspace at one time. Therefore, the operation and maintenance personnel only need to bind resources to resource groups, and add different roles in the department to different resource groups to ensure that resource permissions are assigned correctly.
Department Role Cluster Cross-cluster Cluster-Namespace Mesh Mesh-Namespace Department Admin Workspace Admin \u2713 \u2713 \u2713 \u2713 Department Core Members Workspace Edit \u2713 \u2717 \u2713 \u2717 Other Members Workspace View \u2713 \u2717 \u2717 \u2717Shared resources: The shared resource feature is mainly for cluster resources.
A cluster can be shared by multiple workspaces (referring to the shared resource feature in the workspace); a workspace can also use the resources of multiple clusters at the same time. However, resource sharing does not mean that the sharer (workspace) can use the shared resource (cluster) without restriction, so the resource quota that the sharer (workspace) can use is usually limited.
At the same time, unlike resource groups, workspace members are only users of shared resources and can use resources in the cluster under resource quotas. For example, go to Workbench to create a namespace, and deploy applications, but do not have the management authority of the cluster. After the restriction, the total resource quota of the namespace created/bound under this workspace cannot exceed the resources set by the cluster in this workspace.
Best practice: The operation and maintenance department has a high-availability cluster 01, and wants to allocate it to department A (workspace A) and department B (workspace B), where department A allocates 50 CPU cores, and department B allocates CPU 100 cores. Then you can borrow the concept of shared resources, share cluster 01 with department A and department B respectively, and limit the CPU usage quota of department A to 50, and the CPU usage quota of department B to 100. Then the administrator of department A (workspace A Admin) can create and use a namespace in Workbench, and the sum of the namespace quotas cannot exceed 50 cores, and the administrator of department B (workspace B Admin) can create a namespace in Workbench And use namespaces, where the sum of namespace credits cannot exceed 100 cores. The namespaces created by the administrators of department A and department B will be automatically bound to the department, and other members of the department will have the roles of Namesapce Admin, Namesapce Edit, and Namesapce View proper to the namespace (the department here refers to Workspace, workspace can also be mapped to other concepts such as organization, and supplier). The whole process is as follows:
Department Role Cluster Resource Quota Department Administrator A Workspace Admin CPU 50 cores CPU 50 cores Department Administrator B Workspace Admin CPU 100 cores CPU 100 cores Other Members of the Department Namesapce AdminNamesapce EditNamesapce View Assign as Needed Assign as NeededModule name: Container Management
Due to the particularity of functional modules, resources created in the container management module will not be automatically bound to a certain workspace.
If you need to perform unified authorization management on people and resources through workspaces, you can manually bind the required resources to a certain workspace, to apply the roles of users in this workspace to resources (resources here can be cross- clustered).
In addition, there is a slight difference between container management and service mesh in terms of resource binding entry. The workspace provides the binding entry of Cluster and Cluster-Namespace resources in container management, but has not opened the Mesh and Mesh-Namespace for service mesh. Bindings for Namespace resources.
For Mesh and Mesh-Namespace resources, you can manually bind them in the resource list of the service mesh.
"},{"location":"en/admin/ghippo/best-practice/ws-best-practice.html#use-cases-of-workspace","title":"Use Cases of Workspace","text":"Namespaces from different clusters are bound under the workspace (tenant), which enables the workspace (tenant) to flexibly manage the Kubernetes Namespace under any cluster on the platform. At the same time, the platform provides permission mapping capabilities, which can map the user's permissions in the workspace to the bound namespace.
When one or more cross-cluster namespaces are bound under the workspace (tenant), the administrator does not need to authorize the members in the workspace again. The roles of members in the workspace will be automatically mapped according to the following mapping relationship to complete the authorization, avoiding repeated operations of multiple authorizations:
Here is an example:
User Workspace Role User A Workspace01 Workspace AdminAfter binding a namespace to a workspace:
User Category Role User A Workspace01 Workspace Admin Namespace01 Namespace Admin"},{"location":"en/admin/ghippo/best-practice/ws-to-ns.html#implementation-plan","title":"Implementation plan","text":"Bind different namespaces from different clusters to the same workspace (tenant), and use the process for members under the workspace (tenant) as shown in the figure.
graph TB\n\npreparews[prepare workspace] --> preparens[prepare namespace]\n--> judge([whether the namespace is bound to another workspace])\njudge -.unbound.->nstows[bind namespace to workspace] -->wsperm[manage workspace access]\njudge -.bound.->createns[Create a new namespace]\n\nclassDef plain fill:#ddd,stroke:#fff,stroke-width:1px,color:#000;\nclassDef k8s fill: #326ce5, stroke: #fff, stroke-width: 1px, color: #fff;\nclassDef cluster fill:#fff,stroke:#bbb,stroke-width:1px,color:#326ce5;\n\nclass preparews, preparens, createns, nstows, wsperm cluster;\nclass judge plain
Tip
A namespace can only be bound by one workspace.
"},{"location":"en/admin/ghippo/best-practice/ws-to-ns.html#prepare-workspace","title":"Prepare workspace","text":"In order to meet the multi-tenant use cases, the workspace forms an isolated resource environment based on multiple resources such as clusters, cluster namespaces, meshs, mesh namespaces, multicloud, and multicloud namespaces. Workspaces can be mapped to various concepts such as projects, tenants, enterprises, and suppliers.
Log in to AI platform as a user with the admin/folder admin role, and click Global Management at the bottom of the left navigation bar.
Click Workspace and Folder in the left navigation bar, and click the Create Workspace button in the upper right corner.
After filling in the workspace name, folder and other information, click OK to complete the creation of the workspace.
Tip
If the created namespace already exists in the platform, click a workspace, and under the Resource Group tab, click Bind Resource to directly bind the namespace.
"},{"location":"en/admin/ghippo/best-practice/ws-to-ns.html#prepare-the-namespace","title":"Prepare the namespace","text":"A namespace is a smaller unit of resource isolation that can be managed and used by members of a workspace after it is bound to a workspace.
Follow the steps below to prepare a namespace that is not yet bound to any workspace.
Click Container Management at the bottom of the left navigation bar.
Click the name of the target cluster to enter Cluster Details .
Click Namespace on the left navigation bar to enter the namespace management page, and click the Create button on the right side of the page.
Fill in the name of the namespace, configure the workspace and tags (optional settings), and click OK .
Info
Workspaces are primarily used to divide groups of resources and grant users (groups of users) different access rights to that resource. For a detailed description of the workspace, please refer to Workspace and Folder.
Click OK to complete the creation of the namespace. On the right side of the namespace list, click \u2507 , and you can select Bind Workspace from the pop-up menu.
In addition to binding in the namespace list, you can also return to global management , follow the steps below to bind the workspace.
Click Global Management -> Workspace and Folder -> Resource Group , click a workspace name, and click the Bind Resource button.
Select the workspace to be bound (multiple choices are allowed), and click OK to complete the binding.
In Workspace and Folder -> Authorization , click the name of a workspace, and click the Add Authorization button.
After selecting the User/group and Role to be authorized, click OK to complete the authorization.
GProduct is the general term for all other modules in AI platform except the global management. These modules need to be connected with the global management before they can be added to AI platform.
"},{"location":"en/admin/ghippo/best-practice/gproduct/intro.html#what-to-be-docking","title":"What to be docking","text":"Docking Navigation Bar
The entrances are unified on the left navigation bar.
Access Routing and AuthN
Unify the IP or domain name, and unify the routing entry through the globally managed Istio Gateway.
Unified login / unified AuthN authentication
The login page is unified using the global management (Keycloak) login page, and the API authn token verification uses Istio Gateway. After GProduct is connected to the global management, there is no need to pay attention to how to implement login and authentication.
Take container management (codename kpanda
) as an example, docking to the navigation bar.
The expected effect after docking is as follows:
"},{"location":"en/admin/ghippo/best-practice/gproduct/nav.html#docking-method","title":"Docking method","text":"Refer to the following steps to dock the GProduct:
Register all kpanda (container management) features to the nav bar via GProductNavigator CR.
apiVersion: ghippo.io/v1alpha1\nkind: GProductNavigator\nmetadata:\n name: kpanda\nspec:\n gproduct: kpanda\n name: \u5bb9\u5668\u7ba1\u7406\n localizedName:\n zh-CN: \u5bb9\u5668\u7ba1\u7406\n en-US: Container Management\n url: /kpanda\n category: \u5bb9\u5668 # (1)\n iconUrl: /kpanda/nav-icon.png\n order: 10 # (2)\n menus:\n - name: \u5907\u4efd\u7ba1\u7406\n localizedName:\n zh-CN: \u5907\u4efd\u7ba1\u7406\n en-US: Backup Management\n iconUrl: /kpanda/bkup-icon.png\n url: /kpanda/backup\n
The configuration for the global management navigation bar category is stored in a ConfigMap and cannot be added through registration at present. Please contact the global management team to add it.
The kpanda
front-end is integrated into the AI platform parent application Anakin
as a micro-frontend.
AI platform frontend uses qiankun to connect the sub-applications UI. See getting started.
After registering the GProductNavigator CR, the proper registration information will be generated for the front-end parent application. For example, kpanda
will generate the following registration information:
{\n \"id\": \"kpanda\",\n \"title\": \"\u5bb9\u5668\u7ba1\u7406\",\n \"url\": \"/kpanda\",\n \"uiAssetsUrl\": \"/ui/kpanda/\", // The trailing / is required\n \"needImportLicense\": false\n},\n
The proper relation between the above registration and the qiankun sub-application fields is:
{\n name: id,\n entry: uiAssetsUrl,\n container: '#container',\n activeRule: url, \n loader,\n props: globalProps,\n}\n
container and loader are provided by the frontend parent application. The sub-application does not need to concern it. Props will provide a pinia store containing user basic information and sub-product registration information.
qiankun will use the following parameters on startup:
start({\n sandbox: {\n experimentalStyleIsolation: true,\n },\n // Remove the favicon in the sub-application to prevent it from overwriting the parent application's favicon in Firefox\n getTemplate: (template) => template.replaceAll(/<link\\s* rel=\"[\\w\\s]*icon[\\w\\s]*\"\\s*( href=\".*?\")?\\s*\\/?>/g, ''),\n});\n
Refer to Docking demo tar to GProduct provided by frontend team.
"},{"location":"en/admin/ghippo/best-practice/gproduct/route-auth.html","title":"Access routing and login authentication","text":"Unified login and password verification after docking, the effect is as follows:
The API bear token verification of each GProduct module goes through the Istio Gateway.
The routing map after access is as follows:
"},{"location":"en/admin/ghippo/best-practice/gproduct/route-auth.html#docking-method","title":"Docking method","text":"Take kpanda
as an example to register GProductProxy CR.
# GProductProxy CR example, including routing and login authentication\n\n# spec.proxies: The route written later cannot be a subset of the route written first, and vice versa\n# spec.proxies.match.uri.prefix: If it is a backend api, it is recommended to add \"/\" at the end of the prefix to indicate the end of this path (special requirements can not be added)\n# spec.proxies.match.uri: supports prefix and exact modes; Prefix and Exact can only choose 1 out of 2; Prefix has a higher priority than Exact\n\napiVersion: ghippo.io/v1alpha1\nkind: GProductProxy\nmetadata:\n name: kpanda # (1)\nspec:\n gproduct: kpanda # (2)\n proxies:\n - labels:\n kind: UIEntry\n match:\n uri:\n prefix: /kpanda # (3)\n rewrite:\n uri: /index.html\n destination:\n host: ghippo-anakin.ghippo-system.svc.cluster.local\n port: 80\n authnCheck: false # (4)\n - labels:\n kind: UIAssets\n match:\n uri:\n prefix: /ui/kpanda/ # (5)\n destination:\n host: kpanda-ui.kpanda-system.svc.cluster.local\n port: 80\n authnCheck: false\n - match:\n uri:\n prefix: /apis/kpanda.io/v1/a\n destination:\n host: kpanda-service.kpanda-system.svc.cluster.local\n port: 80\n authnCheck: false\n - match:\n uri:\n prefix: /apis/kpanda.io/v1 # (6)\n destination:\n host: kpanda-service.kpanda-system.svc.cluster.local\n port: 80\n authnCheck: true\n
Under the current permission system, Global Management has the capability to regulate the visibility of navigation bar menus according to user permissions. However, due to the authorization information of Container Management not being synchronized with Global Management, Global Management cannot accurately determine whether to display the Container Management menu.
This document implements the following through configuration: By default, the menus for Container Management and Insight will not be displayed in areas where Global Management cannot make a judgment. A Whitelist authorization strategy is employed to effectively manage the visibility of these menus. (The permissions for clusters or namespaces authorized through the Container Management page cannot be perceived or judged by Global Management)
For example, if User A holds the Cluster Admin role for cluster A in Container Management, Global Management cannot determine whether to display the Container Management menu. After the configuration described in this document, User A will not see the Container Management menu by default. They will need to have explicit permission in Global Management to access the Container Management menu.
"},{"location":"en/admin/ghippo/best-practice/menu/menu-display-or-hiding.html#prerequisites","title":"Prerequisites","text":"The feature to show/hide menus based on permissions must be enabled. The methods to enable this are as follows:
--set global.navigatorVisibleDependency=true
parameter when using helm install
.helm get values ghippo -n ghippo-system -o yaml
, then modify bak.yaml and add global.navigatorVisibleDependency: true
.Then upgrade the Global Management using the following command:
helm upgrade ghippo ghippo-release/ghippo \\ \n -n ghippo-system \\ \n -f ./bak.yaml \\ \n --version ${version}\n
"},{"location":"en/admin/ghippo/best-practice/menu/menu-display-or-hiding.html#configure-the-navigation-bar","title":"Configure the Navigation Bar","text":"Apply the following YAML in kpanda-global-cluster:
apiVersion: ghippo.io/v1alpha1 \nkind: GProductNavigator \nmetadata: \n name: kpanda-menus-custom \nspec: \n category: container \n gproduct: kpanda \n iconUrl: ./ui/kpanda/kpanda.svg \n isCustom: true \n localizedName: \n en-US: Container Management \n zh-CN: \u5bb9\u5668\u7ba1\u7406 \n menus: \n - iconUrl: '' \n isCustom: true \n localizedName: \n en-US: Clusters \n zh-CN: \u96c6\u7fa4\u5217\u8868 \n name: Clusters \n order: 80 \n url: ./kpanda/clusters \n visible: true \n visibleDependency: \n permissions: \n - kpanda.cluster.* \n - kpanda.menu.get \n - iconUrl: '' \n isCustom: true \n localizedName: \n en-US: Namespaces \n zh-CN: \u547d\u540d\u7a7a\u95f4 \n name: Namespaces \n order: 70 \n url: ./kpanda/namespaces \n visible: true \n visibleDependency: \n permissions: \n - kpanda.cluster.* \n - kpanda.menu.get \n - iconUrl: '' \n isCustom: true \n localizedName: \n en-US: Workloads \n zh-CN: \u5de5\u4f5c\u8d1f\u8f7d \n name: Workloads \n order: 60 \n url: ./kpanda/workloads/deployments \n visible: true \n visibleDependency: \n permissions: \n - kpanda.cluster.* \n - kpanda.menu.get \n - iconUrl: '' \n isCustom: true \n localizedName: \n en-US: Permissions \n zh-CN: \u6743\u9650\u7ba1\u7406 \n name: Permissions \n order: 10 \n url: ./kpanda/rbac/content/cluster \n visible: true \n visibleDependency: \n permissions: \n - kpanda.cluster.* \n - kpanda.menu.get \n name: Container Management \n order: 50 \n url: ./kpanda/clusters \n visible: true \n\n---\napiVersion: ghippo.io/v1alpha1 \nkind: GProductNavigator \nmetadata: \n name: insight-menus-custom \nspec: \n category: microservice \n gproduct: insight \n iconUrl: ./ui/insight/logo.svg \n isCustom: true \n localizedName: \n en-US: Insight \n zh-CN: \u53ef\u89c2\u6d4b\u6027 \n menus: \n - iconUrl: '' \n isCustom: true \n localizedName: \n en-US: Overview \n zh-CN: \u6982\u89c8 \n name: Overview \n order: 9 \n url: ./insight/overview \n visible: true \n visibleDependency: \n permissions: \n - kpanda.cluster.* \n - kpanda.menu.get \n - iconUrl: '' \n isCustom: true \n localizedName: \n en-US: Dashboard \n zh-CN: \u4eea\u8868\u76d8 \n name: Dashboard \n order: 8 \n url: ./insight/dashboard \n visible: true \n visibleDependency: \n permissions: \n - kpanda.cluster.* \n - kpanda.menu.get \n - iconUrl: '' \n isCustom: true \n localizedName: \n en-US: Infrastructure \n zh-CN: \u57fa\u7840\u8bbe\u65bd \n name: Infrastructure \n order: 7 \n url: ./insight/clusters \n visible: true \n visibleDependency: \n permissions: \n - kpanda.cluster.* \n - kpanda.menu.get \n - iconUrl: '' \n isCustom: true \n localizedName: \n en-US: Metrics \n zh-CN: \u6307\u6807 \n name: Metrics \n order: 6 \n url: ./insight/metric/basic \n visible: true \n visibleDependency: \n permissions: \n - kpanda.cluster.* \n - kpanda.menu.get \n - iconUrl: '' \n isCustom: true \n localizedName: \n en-US: Logs \n zh-CN: \u65e5\u5fd7 \n name: Logs \n order: 5 \n url: ./insight/logs \n visible: true \n visibleDependency: \n permissions: \n - kpanda.cluster.* \n - kpanda.menu.get \n - iconUrl: '' \n isCustom: true \n localizedName: \n en-US: Trace Tracking \n zh-CN: \u94fe\u8def\u8ffd\u8e2a \n name: Trace Tracking \n order: 4 \n url: ./insight/topology \n visible: true \n visibleDependency: \n permissions: \n - kpanda.cluster.* \n - kpanda.menu.get \n - iconUrl: '' \n isCustom: true \n localizedName: \n en-US: Alerts \n zh-CN: \u544a\u8b66 \n name: Alerts \n order: 3 \n url: ./insight/alerts/active/metrics \n visible: true \n visibleDependency: \n permissions: \n - kpanda.cluster.* \n - kpanda.menu.get \n - iconUrl: '' \n isCustom: true \n localizedName: \n en-US: Collect Management \n zh-CN: \u91c7\u96c6\u7ba1\u7406 \n name: Collect Management \n order: 2 \n url: ./insight/agents \n visible: true \n visibleDependency: \n permissions: \n - kpanda.cluster.* \n - kpanda.menu.get \n - iconUrl: '' \n isCustom: true \n localizedName: \n en-US: System Management \n zh-CN: \u7cfb\u7edf\u7ba1\u7406 \n name: System Management \n order: 1 \n url: ./insight/system-components \n visible: true \n visibleDependency: \n permissions: \n - kpanda.cluster.* \n - kpanda.menu.get \n name: Insight \n order: 30 \n url: ./insight \n visible: true \n\n---\napiVersion: ghippo.io/v1alpha1 \nkind: GProductResourcePermissions \nmetadata: \n name: kpanda \nspec: \n actions: \n - localizedName: \n en-US: Create \n zh-CN: \u521b\u5efa \n name: create \n - localizedName: \n en-US: Delete \n zh-CN: \u5220\u9664 \n name: delete \n - localizedName: \n en-US: Update \n zh-CN: \u7f16\u8f91 \n name: update \n - localizedName: \n en-US: Get \n zh-CN: \u67e5\u770b \n name: get \n - localizedName: \n en-US: Admin \n zh-CN: \u7ba1\u7406 \n name: admin \n authScopes: \n - resourcePermissions: \n - actions: \n - name: get \n - dependPermissions: \n - action: get \n name: create \n - dependPermissions: \n - action: get \n name: update \n - dependPermissions: \n - action: get \n name: delete \n resourceType: cluster \n - actions: \n - name: get \n resourceType: menu \n scope: platform \n - resourcePermissions: \n - actions: \n - name: admin \n tips: \n - en-US: >- \n If the workspace is bound to a cluster, it will be assigned \n the Cluster Admin role upon authorization. \n zh-CN: \u82e5\u5de5\u4f5c\u7a7a\u95f4\u7ed1\u5b9a\u4e86\u96c6\u7fa4\uff0c\u6388\u6743\u540e\u8fd8\u5c06\u88ab\u6620\u5c04\u4e3a\u5bf9\u5e94\u96c6\u7fa4\u7684 Cluster Admin \u89d2\u8272 \n resourceType: cluster \n - actions: \n - name: get \n tips: \n - en-US: >- \n If the workspace is bound to a namespace, it will be \n assigned the NS View role upon authorization. \n zh-CN: \u82e5\u5de5\u4f5c\u7a7a\u95f4\u7ed1\u5b9a\u4e86\u547d\u540d\u7a7a\u95f4\uff0c\u6388\u6743\u540e\u8fd8\u5c06\u88ab\u6620\u5c04\u4e3a\u5bf9\u5e94\u547d\u540d\u7a7a\u95f4\u7684 NS View \u89d2\u8272 \n - name: update \n tips: \n - en-US: >- \n If the workspace is bound to a namespace, it will be \n assigned the NS Edit role upon authorization. \n zh-CN: \u82e5\u5de5\u4f5c\u7a7a\u95f4\u7ed1\u5b9a\u4e86\u547d\u540d\u7a7a\u95f4\uff0c\u6388\u6743\u540e\u8fd8\u5c06\u88ab\u6620\u5c04\u4e3a\u5bf9\u5e94\u547d\u540d\u7a7a\u95f4\u7684 NS Edit \u89d2\u8272 \n - name: admin \n tips: \n - en-US: >- \n If the workspace is bound to a namespace, it will be \n assigned the NS Admin role upon authorization. \n zh-CN: \u82e5\u5de5\u4f5c\u7a7a\u95f4\u7ed1\u5b9a\u4e86\u547d\u540d\u7a7a\u95f4\uff0c\u6388\u6743\u540e\u8fd8\u5c06\u88ab\u6620\u5c04\u4e3a\u5bf9\u5e94\u547d\u540d\u7a7a\u95f4\u7684 NS Admin \u89d2\u8272 \n resourceType: namespace \n scope: workspace \n gproduct: kpanda \n resourceTypes: \n - localizedName: \n en-US: Cluster Management \n zh-CN: \u96c6\u7fa4\u7ba1\u7406 \n name: cluster \n - localizedName: \n en-US: Menu \n zh-CN: \u83dc\u5355 \n name: menu \n - localizedName: \n en-US: Namespace Management \n zh-CN: \u547d\u540d\u7a7a\u95f4 \n name: namespace\n
"},{"location":"en/admin/ghippo/best-practice/menu/menu-display-or-hiding.html#achieve-the-above-effect-through-custom-roles","title":"Achieve the Above Effect Through Custom Roles","text":"Note
Only the menus for the Container Management module need to be configured separately menu permissions. Other modules will automatically show/hide based on user permissions
Create a custom role that includes the permission to view the Container Management menu, and then grant this role to users who need access to the Container Management menu.
you can see the navigation bar menus for container management and observability. The result is as follows:
"},{"location":"en/admin/ghippo/best-practice/oem/custom-idp.html","title":"Customizing AI platform Integration with IdP","text":"Identity Provider (IdP): In AI platform, when a client system needs to be used as the user source and user authentication is performed through the client system's login interface, the client system is referred to as the Identity Provider for AI platform.
"},{"location":"en/admin/ghippo/best-practice/oem/custom-idp.html#use-cases","title":"Use Cases","text":"If there is a high customization requirement for the Ghippo login IdP, such as supporting WeCom, WeChat, or other social organization login requirements, please refer to this document for implementation.
"},{"location":"en/admin/ghippo/best-practice/oem/custom-idp.html#supported-versions","title":"Supported Versions","text":"Ghippo v0.15.0 and above.
"},{"location":"en/admin/ghippo/best-practice/oem/custom-idp.html#specific-steps","title":"Specific Steps","text":""},{"location":"en/admin/ghippo/best-practice/oem/custom-idp.html#customizing-ghippo-keycloak-plugin","title":"Customizing Ghippo Keycloak Plugin","text":"Customize the plugin
Refer to the official keycloak documentation and customizing Keycloak IdP for development.
Build the image
# FROM scratch\nFROM scratch\n\n# plugin\nCOPY ./xxx-jar-with-dependencies.jar /plugins/\n
Note
If you need two customized IdPs, you need to copy two jar packages.
"},{"location":"en/admin/ghippo/best-practice/oem/custom-idp.html#deploying-ghippo-keycloak-plugin-steps","title":"Deploying Ghippo Keycloak Plugin Steps","text":"Upgrade Ghippo to v0.15.0 or above. You can also directly install and deploy Ghippo v0.15.0, but make sure to manually record the following information.
helm -n ghippo-system get values ghippo -o yaml\n
apiserver:\n image:\n repository: release.daocloud.io/ghippo-ci/ghippo-apiserver\n tag: v0.4.2-test-3-gaba5ec2\ncontrollermanager:\n image:\n repository: release.daocloud.io/ghippo-ci/ghippo-apiserver\n tag: v0.4.2-test-3-gaba5ec2\nglobal:\n database:\n builtIn: true\n reverseProxy: http://192.168.31.10:32628\n
After a successful upgrade, an installation command should be manually run. The parameter values set in --set
should be gotten from the above saved content, along with additional parameter values:
Here is an example:
helm upgrade \\\n ghippo \\\n ghippo-release/ghippo \\\n --version v0.4.2-test-3-gaba5ec2 \\\n -n ghippo-system \\\n --set apiserver.image.repository=release.daocloud.io/ghippo-ci/ghippo-apiserver \\\n --set apiserver.image.tag=v0.4.2-test-3-gaba5ec2 \\\n --set controllermanager.image.repository=release.daocloud.io/ghippo-ci/ghippo-apiserver \\\n --set controllermanager.image.tag=v0.4.2-test-3-gaba5ec2 \\\n --set global.reverseProxy=http://192.168.31.10:32628 \\\n --set global.database.builtIn=true \\\n --set global.idpPlugin.enabled=true \\\n --set global.idpPlugin.image.repository=chenyang-idp \\\n --set global.idpPlugin.image.tag=v0.0.1 \\\n --set global.idpPlugin.path=/plugins/.\n
Select the desired plugin on the Keycloak administration page.
npm install\n
Compile and hot-reload for development:
npm run serve\n
Compile and build:
npm run build\n
Fix linting issues:
npm run lint\n
"},{"location":"en/admin/ghippo/best-practice/oem/demo.html#custom-configuration","title":"Custom Configuration","text":"Refer to the Configuration Reference for customization options.
Build the image:
docker build -t release.daocloud.io/henry/gproduct-demo .\n
Run on Kubernetes:
kubectl apply -f demo.yaml\n
"},{"location":"en/admin/ghippo/best-practice/oem/keycloak-idp.html","title":"Customizing Keycloak Identity Provider (IdP)","text":"Requirements: keycloak >= v20
Known issue in keycloak >= v21, support for old version themes has been removed and may be fixed in v22. See Issue #15344.
This demo uses Keycloak v20.0.5.
"},{"location":"en/admin/ghippo/best-practice/oem/keycloak-idp.html#source-based-development","title":"Source-based Development","text":""},{"location":"en/admin/ghippo/best-practice/oem/keycloak-idp.html#configure-the-environment","title":"Configure the Environment","text":"Refer to keycloak/building.md for environment configuration.
Run the following commands based on keycloak/README.md:
cd quarkus\nmvn -f ../pom.xml clean install -DskipTestsuite -DskipExamples -DskipTests\n
"},{"location":"en/admin/ghippo/best-practice/oem/keycloak-idp.html#run-from-ide","title":"Run from IDE","text":""},{"location":"en/admin/ghippo/best-practice/oem/keycloak-idp.html#add-service-code","title":"Add Service Code","text":""},{"location":"en/admin/ghippo/best-practice/oem/keycloak-idp.html#if-inheriting-some-functionality-from-keycloak","title":"If inheriting some functionality from Keycloak","text":"Add files under the directory services/src/main/java/org/keycloak/broker :
The file names should be xxxProvider.java and xxxProviderFactory.java .
xxxProviderFactory.java example:
Pay attention to the variable PROVIDER_ID = \"oauth\"; , as it will be used in the HTML definition later.
xxxProvider.java example:
"},{"location":"en/admin/ghippo/best-practice/oem/keycloak-idp.html#if-unable-to-inherit-functionality-from-keycloak","title":"If unable to inherit functionality from Keycloak","text":"Refer to the three files in the image below to write your own code:
Add xxxProviderFactory to resource service
Add xxxProviderFactory to services/src/main/resources/META-INF/services/org.keycloak.broker.provider.IdentityProviderFactory so that the newly added code can work:
Add HTML file
Copy the file themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-oidc.html and rename it as realm-identity-provider-oauth.html (remember the variable to pay attention to from earlier).
Place the copied file in themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-oauth.html .
All the necessary files have been added. Now you can start debugging the functionality.
"},{"location":"en/admin/ghippo/best-practice/oem/keycloak-idp.html#packaging-as-a-jar-plugin","title":"Packaging as a JAR Plugin","text":"Create a new Java project and copy the above code into the project, as shown below:
Refer to pom.xml.
Run mvn clean package to package the code, resulting in the xxx-jar-with-dependencies.jar file.
Download Keycloak Release 20.0.5 zip package and extract it.
Copy the xxx-jar-with-dependencies.jar file to the keycloak-20.0.5/providers directory.
Run the following command to check if the functionality is working correctly:
bin/kc.sh start-dev\n
"},{"location":"en/admin/ghippo/best-practice/oem/oem-in.html","title":"Integrating Customer Systems into AI platform (OEM IN)","text":"OEM IN refers to the partner's platform being embedded as a submodule in AI platform, appearing in the primary navigation bar of AI platform. Users can log in and manage it uniformly through AI platform. The implementation of OEM IN is divided into 5 steps:
Note
The open source software Label Studio is used for nested demonstrations below. In actual scenarios, you need to solve the following issues in the customer system:
The customer system needs to add a Subpath to distinguish which services belong to AI platform and which belong to the customer system.
"},{"location":"en/admin/ghippo/best-practice/oem/oem-in.html#environment-preparation","title":"Environment Preparation","text":"Deploy the AI platform environment:
https://10.6.202.177:30443
as AI platform
Deploy the customer system environment:
http://10.6.202.177:30123
as the customer system
Adjust the operations on the customer system during the application according to the actual situation.
Plan the Subpath path of the customer system: http://10.6.202.177:30123/label-studio
(It is recommended to use a recognizable name as the Subpath, which should not conflict with the HTTP router of the main AI platform). Ensure that users can access the customer system through http://10.6.202.177:30123/label-studio
.
SSH into the AI platform server.
ssh root@10.6.202.177\n
Create the label-studio.yaml file using the vim
command.
vim label-studio.yaml\n
label-studio.yamlapiVersion: networking.istio.io/v1beta1\nkind: ServiceEntry\nmetadata:\n name: label-studio\n namespace: ghippo-system\nspec:\n exportTo:\n - \"*\"\n hosts:\n - label-studio.svc.external\n ports:\n # Add a virtual port\n - number: 80\n name: http\n protocol: HTTP\n location: MESH_EXTERNAL\n resolution: STATIC\n endpoints:\n # Change to the domain name (or IP) of the customer system\n - address: 10.6.202.177\n ports:\n # Change to the port number of the customer system\n http: 30123\n---\napiVersion: networking.istio.io/v1alpha3\nkind: VirtualService\nmetadata:\n # Change to the name of the customer system\n name: label-studio\n namespace: ghippo-system\nspec:\n exportTo:\n - \"*\"\n hosts:\n - \"*\"\n gateways:\n - ghippo-gateway\n http:\n - match:\n - uri:\n exact: /label-studio # Change to the routing address of the customer system in the Web UI entry\n - uri:\n prefix: /label-studio/ # Change to the routing address of the customer system in the Web UI entry\n route:\n - destination:\n # Change to the value of spec.hosts in the ServiceEntry above\n host: label-studio.svc.external\n port:\n # Change to the value of spec.ports in the ServiceEntry above\n number: 80\n---\napiVersion: security.istio.io/v1beta1\nkind: AuthorizationPolicy\nmetadata:\n # Change to the name of the customer system\n name: label-studio\n namespace: istio-system\nspec:\n action: ALLOW\n selector:\n matchLabels:\n app: istio-ingressgateway\n rules:\n - from:\n - source:\n requestPrincipals:\n - '*'\n - to:\n - operation:\n paths:\n - /label-studio # Change to the value of spec.http.match.uri.prefix in VirtualService\n - /label-studio/* # Change to the value of spec.http.match.uri.prefix in VirtualService (Note: add \"*\" at the end)\n
Apply the label-studio.yaml using the kubectl
command:
kubectl apply -f\u00a0label-studio.yaml\n
Verify if the IP and port of the Label Studio UI are consistent:
Integrate the customer system with the AI platform through protocols like OIDC/OAUTH, allowing users to enter the customer system without logging in again after logging into the AI platform.
In the scenario of two AI platform, you can create SSO access through Global Management -> Access Control -> Docking Portal.
After creating, fill in the details such as the Client ID, Client Secret, and Login URL in the customer system's Global Management -> Access Control -> Identity Provider -> OIDC, to complete user integration.
After integration, the customer system login page will display the OIDC (Custom) option. Select to log in via OIDC the first time entering the customer system from the AI platform, and subsequently, you will directly enter the customer system without selecting again.
Refer to the tar package at the bottom of the document to implement an empty frontend sub-application, and embed the customer system into this empty shell application in the form of an iframe.
Download the gproduct-demo-main.tar.gz file and change the value of the src attribute in App-iframe.vue under the src folder (the user entering the customer system):
src=\"https://10.6.202.177:30443/label-studio\" (AI platform address + Subpath)
src=\"./external-anyproduct/insight\"
<template>\n <iframe>\n src=\"https://daocloud.io\"\n title=\"demo\"\n class=\"iframe-container\"\n </iframe>\n</template>\n\n<style lang=\"scss\">\nhtml,\nbody {\n height: 100%;\n}\n\n# app {\n display: flex;\n height: 100%;\n .iframe-container {\n border: 0;\n flex: 1 1 0;\n }\n}\n</style>\n
Delete the App.vue and main.ts files under the src folder, and rename:
Build the image following the steps in the readme (Note: before executing the last step, replace the image address in demo.yaml with the built image address)
demo.yamlkind: Namespace\napiVersion: v1\nmetadata:\n name: gproduct-demo\n---\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: gproduct-demo\n namespace: gproduct-demo\n labels:\n app: gproduct-demo\nspec:\n selector:\n matchLabels:\n app: gproduct-demo\n template:\n metadata:\n name: gproduct-demo\n labels:\n app: gproduct-demo\n spec:\n containers:\n - name: gproduct-demo\n image: release.daocloud.io/gproduct-demo # Modify this image address\n ports:\n - containerPort: 80\n---\napiVersion: v1\nkind: Service\n...\n
After integration, the Customer System will appear in the primary navigation bar of AI platform, and clicking it will allow users to enter the customer system.
"},{"location":"en/admin/ghippo/best-practice/oem/oem-in.html#customize-appearance","title":"Customize Appearance","text":"Note
AI platform supports customizing the appearance by writing CSS. How the customer system implements appearance customization in actual applications needs to be handled according to the actual situation.
Log in to the customer system, and through Global Management -> Settings -> Appearance, you can customize platform background colors, logos, and names. For specific operations, please refer to Appearance Customization.
"},{"location":"en/admin/ghippo/best-practice/oem/oem-in.html#integrate-permission-system-optional","title":"Integrate Permission System (Optional)","text":"Method One:
Customized teams can implement a customized module that AI platform will notify each user login event to the customized module via Webhook, and the customized module can call the OpenAPI of AnyProduct and AI platform to synchronize the user's permission information.
Method Two:
Through Webhook, notify AnyProduct of each authorization change (if required, it can be implemented later).
"},{"location":"en/admin/ghippo/best-practice/oem/oem-in.html#use-other-capabilities-of-ai-platform-in-anyproduct-optional","title":"Use Other Capabilities of AI platform in AnyProduct (Optional)","text":"The method is to call the AI platform OpenAPI.
"},{"location":"en/admin/ghippo/best-practice/oem/oem-in.html#references","title":"References","text":"OEM OUT refers to integrating AI platform as a sub-module into other products, appearing in their menus. You can directly access AI platform without logging in again after logging into other products. The OEM OUT integration involves 5 steps:
Deploy AI platform (Assuming the access address after deployment is https://10.6.8.2:30343/
).
To achieve cross-domain access between the customer system and AI platform, you can use an nginx reverse proxy. Use the following example configuration in vi /etc/nginx/conf.d/default.conf :
server {\n listen 80;\n server_name localhost;\n\n location /dce5/ {\n proxy_pass https://10.6.8.2:30343/;\n proxy_http_version 1.1;\n proxy_read_timeout 300s; # This line is required for using kpanda cloudtty, otherwise it can be removed\n proxy_send_timeout 300s; # This line is required for using kpanda cloudtty, otherwise it can be removed\n\n proxy_set_header Host $host;\n proxy_set_header X-Real-IP $remote_addr;\n proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\n\n proxy_set_header Upgrade $http_upgrade; # This line is required for using kpanda cloudtty, otherwise it can be removed\n proxy_set_header Connection $connection_upgrade; # This line is required for using kpanda cloudtty, otherwise it can be removed\n }\n\n location / {\n proxy_pass https://10.6.165.50:30443/; # Assuming this is the customer system address (e.g., Yiyun)\n proxy_http_version 1.1;\n\n proxy_set_header Host $host;\n proxy_set_header X-Real-IP $remote_addr;\n proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\n }\n}\n
Assuming the nginx entry address is 10.6.165.50, follow the Customize AI platform Reverse Proxy Server Address to set the AI_PROXY reverse proxy as http://10.6.165.50/dce5
. Ensure that AI platform can be accessed via http://10.6.165.50/dce5
. The customer system also needs to configure the reverse proxy based on its specific requirements.
Integrate the customer system with AI platform using protocols like OIDC/OAUTH, allowing users to access AI platform without logging in again after logging into the customer system. Fill in the OIDC information of the customer system in Global Management -> Access Control -> Identity Provider .
After integration, the AI platform login page will display the OIDC (custom) option. When accessing AI platform from the customer system for the first time, select OIDC login, and subsequent logins will directly enter AI platform without needing to choose again.
"},{"location":"en/admin/ghippo/best-practice/oem/oem-out.html#navigation-bar-integration","title":"Navigation Bar Integration","text":"Navigation bar integration means adding AI platform to the menu of the customer system. You can directly access AI platform by clicking the proper menu item. The navigation bar integration depends on the customer system and needs to be handled based on specific circumstances.
"},{"location":"en/admin/ghippo/best-practice/oem/oem-out.html#customizie-appearance","title":"Customizie Appearance","text":"Use Global Management -> Settings -> Appearance to customize the platform's background color, logo, and name. For detailed instructions, refer to Appearance Customization.
"},{"location":"en/admin/ghippo/best-practice/oem/oem-out.html#permission-system-integration-optional","title":"Permission System Integration (optional)","text":"Permission system integration is complex. If you have such requirements, please contact the Global Management team.
"},{"location":"en/admin/ghippo/best-practice/oem/oem-out.html#reference","title":"Reference","text":"Follow the steps below to configure the Guomi Gateway for AI platform.
"},{"location":"en/admin/ghippo/install/gm-gateway.html#software-introduction","title":"Software Introduction","text":"Tengine: Tengine is a web server project initiated by taobao.com. Based on Nginx, it adds many advanced features and features for the needs of high-traffic websites.
Tongsuo: Formerly known as BabaSSL, Tongsuo is an open-source cryptographic library that offers a range of modern cryptographic algorithms and secure communication protocols. It is designed to support a variety of use cases, including storage, network security, key management, and privacy computing. By providing foundational cryptographic capabilities, Tongsuo ensures the privacy, integrity, and authenticity of data during transmission, storage, and usage. It also enhances security throughout the data lifecycle, offering robust privacy protection and security features.
"},{"location":"en/admin/ghippo/install/gm-gateway.html#preparation","title":"Preparation","text":"A Linux host with Docker installed and internet access.
"},{"location":"en/admin/ghippo/install/gm-gateway.html#compile-and-install-tengine-tongsuo","title":"Compile and install Tengine & Tongsuo","text":"Note
This configuration is for reference only.
FROM docker.m.daocloud.io/debian:11.3\n\n# Version\nENV TENGINE_VERSION=\"2.3.4\" \\\n TONGSUO_VERSION=\"8.3.2\"\n\n# Install required system packages and dependencies\nRUN apt update && \\\n apt -y install \\\n wget \\\n gcc \\\n make \\\n libpcre3 \\\n libpcre3-dev \\\n zlib1g-dev \\\n perl \\\n && apt clean\n\n# Build tengine\nRUN mkdir -p /tmp/pkg/cache/ && cd /tmp/pkg/cache/ \\\n && wget https://github.com/alibaba/tengine/archive/refs/tags/${TENGINE_VERSION}.tar.gz -O tengine-${TENGINE_VERSION}.tar.gz \\\n && tar zxvf tengine-${TENGINE_VERSION}.tar.gz \\\n && wget https://github.com/Tongsuo-Project/Tongsuo/archive/refs/tags/${TONGSUO_VERSION}.tar.gz -O Tongsuo-${TONGSUO_VERSION}.tar.gz \\\n && tar zxvf Tongsuo-${TONGSUO_VERSION}.tar.gz \\\n && cd tengine-${TENGINE_VERSION} \\\n && ./configure \\\n --add-module=modules/ngx_openssl_ntls \\\n --with-openssl=/tmp/pkg/cache/Tongsuo-${TONGSUO_VERSION} \\\n --with-openssl-opt=\"--strict-warnings enable-ntls\" \\\n --with-http_ssl_module --with-stream \\\n --with-stream_ssl_module --with-stream_sni \\\n && make \\\n && make install \\\n && ln -s /usr/local/nginx/sbin/nginx /usr/sbin/ \\\n && rm -rf /tmp/pkg/cache\n\nEXPOSE 80 443\nSTOPSIGNAL SIGTERM\nCMD [\"nginx\", \"-g\", \"daemon off;\"]\n
docker build -t tengine:0.0.1 .\n
"},{"location":"en/admin/ghippo/install/gm-gateway.html#generate-sm2-and-rsa-tls-certificates","title":"Generate SM2 and RSA TLS Certificates","text":"Here's how to generate SM2 and RSA TLS certificates and configure the Guomi gateway.
"},{"location":"en/admin/ghippo/install/gm-gateway.html#sm2-tls-certificate","title":"SM2 TLS Certificate","text":"Note
This certificate is only for testing purposes.
You can refer to the Tongsuo official documentation to use OpenSSL to generate SM2 certificates, or visit Guomi SSL Laboratory to apply for SM2 certificates.
In the end, we will get the following files:
-rw-r--r-- 1 root root 749 Dec 8 02:59 sm2.*.enc.crt.pem\n-rw-r--r-- 1 root root 258 Dec 8 02:59 sm2.*.enc.key.pem\n-rw-r--r-- 1 root root 749 Dec 8 02:59 sm2.*.sig.crt.pem\n-rw-r--r-- 1 root root 258 Dec 8 02:59 sm2.*.sig.key.pem\n
"},{"location":"en/admin/ghippo/install/gm-gateway.html#rsa-tls-certificate","title":"RSA TLS Certificate","text":"-rw-r--r-- 1 root root 216 Dec 8 03:21 rsa.*.crt.pem\n-rw-r--r-- 1 root root 4096 Dec 8 02:59 rsa.*.key.pem\n
"},{"location":"en/admin/ghippo/install/gm-gateway.html#configure-sm2-and-rsa-tls-certificates-for-the-guomi-gateway","title":"Configure SM2 and RSA TLS Certificates for the Guomi Gateway","text":"The Guomi gateway used in this article supports SM2 and RSA TLS certificates. The advantage of dual certificates is that when the browser does not support SM2 TLS certificates, it automatically switches to RSA TLS certificates.
For more detailed configurations, please refer to the Tongsuo official documentation.
We enter the Tengine container:
# Go to the nginx configuration file directory\ncd /usr/local/nginx/conf\n\n# Create the cert folder to store TLS certificates\nmkdir cert\n\n# Copy the SM2 and RSA TLS certificates to the `/usr/local/nginx/conf/cert` directory\ncp sm2.*.enc.crt.pem sm2.*.enc.key.pem sm2.*.sig.crt.pem sm2.*.sig.key.pem /usr/local/nginx/conf/cert\ncp rsa.*.crt.pem rsa.*.key.pem /usr/local/nginx/conf/cert\n\n# Edit the nginx.conf configuration\nvim nginx.conf\n...\nserver {\n listen 443 ssl;\n proxy_http_version 1.1;\n # Enable Guomi function to support SM2 TLS certificates\n enable_ntls on;\n\n # RSA certificate\n # If your browser does not support Guomi certificates, you can enable this option, and Tengine will automatically recognize the user's browser and use RSA certificates for fallback\n ssl_certificate /usr/local/nginx/conf/cert/rsa.*.crt.pem;\n ssl_certificate_key /usr/local/nginx/conf/cert/rsa.*.key.pem;\n\n # Configure two pairs of SM2 certificates for encryption and signature\n # SM2 signature certificate\n ssl_sign_certificate /usr/local/nginx/conf/cert/sm2.*.sig.crt.pem;\n ssl_sign_certificate_key /usr/local/nginx/conf/cert/sm2.*.sig.key.pem;\n # SM2 encryption certificate\n ssl_enc_certificate /usr/local/nginx/conf/cert/sm2.*.enc.crt.pem;\n ssl_enc_certificate_key /usr/local/nginx/conf/cert/sm2.*.enc.key.pem;\n ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;\n\n location / {\n proxy_set_header Host $http_host;\n proxy_set_header X-Real-IP $remote_addr;\n proxy_set_header REMOTE-HOST $remote_addr;\n proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\n # You need to modify the address here to the address of the Istio ingress gateway\n # For example, proxy_pass https://istio-ingressgateway.istio-system.svc.cluster.local\n # Or proxy_pass https://demo-dev.daocloud.io\n proxy_pass https://istio-ingressgateway.istio-system.svc.cluster.local;\n }\n}\n
"},{"location":"en/admin/ghippo/install/gm-gateway.html#reload-the-configuration-of-the-guomi-gateway","title":"Reload the Configuration of the Guomi Gateway","text":"nginx -s reload\n
"},{"location":"en/admin/ghippo/install/gm-gateway.html#next-steps","title":"Next Steps","text":"After successfully deploying the Guomi gateway, customize the AI platform reverse proxy server address.
"},{"location":"en/admin/ghippo/install/gm-gateway.html#verification","title":"Verification","text":"You can deploy a web browser that supports Guomi certificates. For example, Samarium Browser, and then access the UI interface through Tengine to verify if the Guomi certificate is effective.
"},{"location":"en/admin/ghippo/install/login.html","title":"Login","text":"Before a user uses a new system, there is no data in the system, and the system cannot identify the new user. In order to identify the user identity and bind user data, the user needs an account that can uniquely identify the user identity.
AI platform assigns an account with certain permissions to the user through the way the administrator creates a new user in User and Access Control . All behaviors generated by this user will be associated with their own account.
The user logs in through the account/password, and the system verifies whether the identity is legal. If the verification is legal, the user logs in successfully.
Note
If the user does not perform any operation within 24 hours after logging in, the login status will be automatically logged out. If the logged-in user is always active, the logged-in state will persist.
The simple process of user login is shown in the figure below.
graph TB\n\nuser[Input username] --> pass[Input password] --> judge([Click Login and verify username and password])\njudge -.Correct.->success[Success]\njudge -.Incorrect.->fail[Fail]\n\nclassDef plain fill:#ddd,stroke:#fff,stroke-width:1px,color:#000;\nclassDef k8s fill:#326ce5,stroke:#fff,stroke-width:1px,color:#fff;\nclassDef cluster fill:#fff,stroke:#bbb,stroke-width:1px,color:#326ce5;\n\nclass user,pass cluster;\nclass judge plain\nclass success,fail k8s
The user login screen is as shown in the figure below. For the specific login screen, please refer to the actual product.
"},{"location":"en/admin/ghippo/install/reverse-proxy.html","title":"Customize AI platform Reverse Proxy Server Address","text":"The specific setup steps are as follows:
Check if the global management Helm repository exists.
helm repo list | grep ghippo\n
If the result is empty or shows the following error, proceed to the next step; otherwise, skip the next step.
Error: no repositories to show\n
Add and update the global management Helm repository.
helm repo add ghippo http://{harbor url}/chartrepo/{project}\nhelm repo update ghippo\n
Set environment variables for easier use in the following steps.
# Your reverse proxy address, for example `export Suanova_PROXY=\"https://demo-alpha.daocloud.io\"` \nexport Suanova_PROXY=\"https://domain:port\"\n\n# Helm --set parameter backup file\nexport GHIPPO_VALUES_BAK=\"ghippo-values-bak.yaml\"\n\n# Get the current version of ghippo\nexport GHIPPO_HELM_VERSION=$(helm get notes ghippo -n ghippo-system | grep \"Chart Version\" | awk -F ': ' '{ print $2 }')\n
Backup the --set parameters.
helm get values ghippo -n ghippo-system -o yaml > ${GHIPPO_VALUES_BAK}\n
Add your reverse proxy address.
Note
If possible, you can use the yq command:
yq -i \".global.reverseProxy = \\\"${Suanova_PROXY}\\\"\" ${GHIPPO_VALUES_BAK}\n
Or you can use the vim command to edit and save:
vim ${GHIPPO_VALUES_BAK}\n\nUSER-SUPPLIED VALUES:\n...\nglobal:\n ...\n reverseProxy: ${Suanova_PROXY} # Only need to modify this line\n
Run helm upgrade
to apply the configuration.
helm upgrade ghippo ghippo/ghippo \\\n -n ghippo-system \\\n -f ${GHIPPO_VALUES_BAK} \\\n --version ${GHIPPO_HELM_VERSION}\n
Use kubectl to restart the global management Pod to apply the configuration.
kubectl rollout restart deploy/ghippo-apiserver -n ghippo-system\nkubectl rollout restart statefulset/ghippo-keycloakx -n ghippo-system\n
The specific setup steps are as follows:
Check if the global management Helm repository exists.
helm repo list | grep ghippo\n
If the result is empty or shows the following error, proceed to the next step; otherwise, skip the next step.
Error: no repositories to show\n
Add and update the global management Helm repository.
helm repo add ghippo http://{harbor url}/chartrepo/{project}\nhelm repo update ghippo\n
Set environment variables for easier use in the following steps.
# Your reverse proxy address, for example `export Suanova_PROXY=\"https://demo-alpha.daocloud.io\"` \nexport Suanova_PROXY=\"https://domain:port\"\n\n# Helm --set parameter backup file\nexport GHIPPO_VALUES_BAK=\"ghippo-values-bak.yaml\"\n\n# Get the current version of ghippo\nexport GHIPPO_HELM_VERSION=$(helm get notes ghippo -n ghippo-system | grep \"Chart Version\" | awk -F ': ' '{ print $2 }')\n
Backup the --set parameters.
helm get values ghippo -n ghippo-system -o yaml > ${GHIPPO_VALUES_BAK}\n
Add your reverse proxy address.
Note
If possible, you can use the yq command:
yq -i \".apiserver.userIsolationMode = \\\"Folder\\\"\" ${GHIPPO_VALUES_BAK}\n
Or you can use the vim command to edit and save:
vim ${GHIPPO_VALUES_BAK}\n\nUSER-SUPPLIED VALUES:\n...\n# Just add the following two lines\napiserver:\n userIsolationMode: Folder\n
Run helm upgrade
to apply the configuration.
helm upgrade ghippo ghippo/ghippo \\\n -n ghippo-system \\\n -f ${GHIPPO_VALUES_BAK} \\\n --version ${GHIPPO_HELM_VERSION}\n
Use kubectl to restart the global management Pod to apply the configuration.
kubectl rollout restart deploy/ghippo-apiserver -n ghippo-system\n
AI Lab supports four user roles:
Developer
and Operator
.Developer
.Developer
.Developer
.Each role has different permissions, as detailed below.
Menu Object Operation Admin / Baize Owner Workspace Admin Workspace Editor Workspace Viewer Developer Overview View Overview \u2713 \u2713 \u2713 \u2713 Notebooks View Notebooks \u2713 \u2713 \u2713 \u2713 View Notebooks Details \u2713 \u2713 \u2713 \u2717 Create Notebooks \u2713 \u2713 \u2717 \u2717 Update Notebooks \u2713 \u2713 \u2713 \u2717 Clone Notebooks \u2713 \u2713 \u2717 \u2717 Stop Notebooks \u2713 \u2713 \u2713 \u2717 Start Notebooks \u2713 \u2713 \u2713 \u2717 Delete Notebooks \u2713 \u2713 \u2717 \u2717 Jobs View Jobs \u2713 \u2713 \u2713 \u2713 View Job Details \u2713 \u2713 \u2713 \u2713 Create Job \u2713 \u2713 \u2717 \u2717 Clone Job \u2713 \u2713 \u2717 \u2717 View Job Load Details \u2713 \u2713 \u2713 \u2717 Delete Job \u2713 \u2713 \u2717 \u2717 Job Analysis View Job Analysis \u2713 \u2713 \u2713 \u2713 View Job Analysis Details \u2713 \u2713 \u2713 \u2713 Delete Job Analysis \u2713 \u2713 \u2717 \u2717 Datasets View Datasets \u2713 \u2713 \u2713 \u2717 Create Dataset \u2713 \u2713 \u2717 \u2717 Resync Dataset \u2713 \u2713 \u2713 \u2717 Update Credentials \u2713 \u2713 \u2713 \u2717 Delete Dataset \u2713 \u2713 \u2717 \u2717 Runtime Env View Runtime Env \u2713 \u2713 \u2713 \u2713 Create Runtime Env \u2713 \u2713 \u2717 \u2717 Update Runtime Env \u2713 \u2713 \u2713 \u2717 Delete Runtime Env \u2713 \u2713 \u2717 \u2717 Inference Services View Inference Services \u2713 \u2713 \u2713 \u2713 View Inference Services Details \u2713 \u2713 \u2713 \u2713 Create Inference Service \u2713 \u2713 \u2717 \u2717 Update Inference Service \u2713 \u2713 \u2713 \u2717 Stop Inference Service \u2713 \u2713 \u2713 \u2717 Start Inference Service \u2713 \u2713 \u2713 \u2717 Delete Inference Service \u2713 \u2713 \u2717 \u2717 Operator Overview View Overview \u2713 \u2717 \u2717 \u2717 GPU Management View GPU Management \u2713 \u2717 \u2717 \u2717 Queue Management View Queue Management \u2713 \u2717 \u2717 \u2717 View Queue Details \u2713 \u2717 \u2717 \u2717 Create Queue \u2713 \u2717 \u2717 \u2717 Update Queue \u2713 \u2717 \u2717 \u2717 Delete Queue \u2713 \u2717 \u2717 \u2717"},{"location":"en/admin/ghippo/permissions/kpanda.html","title":"Container Management Permissions","text":"The container management module uses the following roles:
Note
The permissions granted to each role are as follows:
Primary Function Secondary Function Permission Cluster Admin Ns Admin Ns Editor NS Viewer Cluster Clusters View Clusters \u2714 \u2714 \u2714 \u2714 Access Cluster \u2718 \u2718 \u2718 \u2718 Create Cluster \u2718 \u2718 \u2718 \u2718 Cluster Operations Enter Console \u2714 \u2714 (only in the list) \u2714 \u2718 View Monitoring \u2714 \u2718 \u2718 \u2718 Edit Basic Configuration \u2714 \u2718 \u2718 \u2718 Download kubeconfig \u2714 \u2714 (with ns permission) \u2714 (with ns permission) \u2714 (with ns permission) Disconnect Cluster \u2718 \u2718 \u2718 \u2718 View Logs \u2714 \u2718 \u2718 \u2718 Retry \u2718 \u2718 \u2718 \u2718 Uninstall Cluster \u2718 \u2718 \u2718 \u2718 Cluster Overview View Cluster Overview \u2714 \u2718 \u2718 \u2718 Node Management Access Node \u2718 \u2718 \u2718 \u2718 View Node List \u2714 \u2718 \u2718 \u2718 View Node Details \u2714 \u2718 \u2718 \u2718 View YAML \u2714 \u2718 \u2718 \u2718 Pause Scheduling \u2714 \u2718 \u2718 \u2718 Modify Labels \u2714 \u2718 \u2718 \u2718 Modify Annotations \u2714 \u2718 \u2718 \u2718 Modify Taints \u2714 \u2718 \u2718 \u2718 Remove Node \u2718 \u2718 \u2718 \u2718 Deployment View List \u2714 \u2714 \u2714 \u2714 View/Manage Details \u2714 \u2714 \u2714 \u2714 (view only) Create by YAML \u2714 \u2714 \u2714 \u2718 Create by image \u2714 \u2714 \u2714 \u2718 Select an instance in ws bound to ns Select image \u2714 \u2714 \u2714 \u2718 View IP Pool \u2714 \u2714 \u2714 \u2718 Edit Network Interface \u2714 \u2714 \u2714 \u2718 Enter Console \u2714 \u2714 \u2714 \u2718 View Monitoring \u2714 \u2714 \u2714 \u2714 View Logs \u2714 \u2714 \u2714 \u2714 Load Balancer Scaling \u2714 \u2714 \u2714 \u2718 Edit YAML \u2714 \u2714 \u2714 \u2718 Update \u2714 \u2714 \u2714 \u2718 Status - Pause Upgrade \u2714 \u2714 \u2714 \u2718 Status - Stop \u2714 \u2714 \u2714 \u2718 Status - Restart \u2714 \u2714 \u2714 \u2718 Delete \u2714 \u2714 \u2714 \u2718 StatefulSet View List \u2714 \u2714 \u2714 \u2714 View/Manage Details \u2714 \u2714 \u2714 \u2714 (view only) Create by YAML \u2714 \u2714 \u2714 \u2718 Create by image \u2714 \u2714 \u2714 \u2718 Select an instance in ws bound to ns Select image \u2714 \u2714 \u2714 \u2718 Enter Console \u2714 \u2714 \u2714 \u2718 View Monitoring \u2714 \u2714 \u2714 \u2714 View Logs \u2714 \u2714 \u2714 \u2714 Load Balancer Scaling \u2714 \u2714 \u2714 \u2718 Edit YAML \u2714 \u2714 \u2714 \u2718 Update \u2714 \u2714 \u2714 \u2718 Status - Stop \u2714 \u2714 \u2714 \u2718 Status - Restart \u2713 \u2713 \u2713 \u2717 Delete \u2713 \u2713 \u2713 \u2717 \u5b88\u62a4\u8fdb\u7a0b View list \u2713 \u2713 \u2713 \u2713 View/Manage details \u2713 \u2713 \u2713 \u2713 (Only view) Create by YAML \u2713 \u2713 \u2713 \u2717 Create by image \u2713 \u2713 \u2713 \u2717 Select an instance in ws bound to ns Select image \u2713 \u2713 \u2713 \u2717 Go to console \u2713 \u2713 \u2713 \u2717 Check monitor \u2713 \u2713 \u2713 \u2713 View logs \u2713 \u2713 \u2713 \u2713 Edit YAML \u2713 \u2713 \u2713 \u2717 Update \u2713 \u2713 \u2713 \u2717 Status - restart \u2713 \u2713 \u2713 \u2717 Delete \u2713 \u2713 \u2713 \u2717 Job View list \u2713 \u2713 \u2713 \u2713 View/Manage details \u2713 \u2713 \u2713 \u2713 (Only view) Create by YAML \u2713 \u2713 \u2713 \u2717 Create by image \u2713 \u2713 \u2713 \u2717 Instance list \u2713 \u2713 \u2713 \u2713 Select an instance in ws bound to ns Select image \u2713 \u2713 \u2713 \u2717 Go to console \u2713 \u2713 \u2713 \u2717 View logs \u2713 \u2713 \u2713 \u2713 View YAML \u2713 \u2713 \u2713 \u2713 Restart \u2713 \u2713 \u2713 \u2717 View event \u2713 \u2713 \u2713 \u2713 Delete \u2713 \u2713 \u2713 \u2717 CronJob View list \u2713 \u2713 \u2713 \u2713 View/Manage details \u2713 \u2713 \u2713 \u2713 (Only view) Create by YAML \u2713 \u2713 \u2713 \u2717 Create by image \u2713 \u2713 \u2713 \u2717 Select an instance in ws bound to ns Select image \u2713 \u2713 \u2713 \u2717 Edit YAML \u2713 \u2713 \u2713 \u2717 Stop \u2713 \u2713 \u2713 \u2717 View jobs \u2713 \u2713 \u2713 \u2713 View event \u2713 \u2713 \u2713 \u2713 Delete \u2713 \u2713 \u2713 \u2717 Pod View list \u2713 \u2713 \u2713 \u2713 View/Manage details \u2713 \u2713 \u2713 \u2713 (Only view) Go to console \u2713 \u2713 \u2713 \u2717 Check monitor \u2713 \u2713 \u2713 \u2713 View logs \u2713 \u2713 \u2713 \u2713 View YAML \u2713 \u2713 \u2713 \u2713 Upload file \u2713 \u2713 \u2713 \u2717 Download file \u2713 \u2713 \u2713 \u2717 View containers \u2713 \u2713 \u2713 \u2713 View event \u2713 \u2713 \u2713 \u2713 Delete \u2713 \u2713 \u2713 \u2717 ReplicaSet View list \u2713 \u2713 \u2713 \u2713 View/Manage details \u2713 \u2713 \u2713 \u2713 (Only view) Go to console \u2713 \u2713 \u2713 \u2717 Check monitor \u2713 \u2713 \u2713 \u2713 View logs \u2713 \u2713 \u2713 \u2713 View YAML \u2713 \u2713 \u2713 \u2713 Delete \u2713 \u2713 \u2713 \u2717 Helm app View list \u2713 \u2713 \u2713 \u2713 View/Manage details \u2713 \u2713 \u2713 \u2713 (Only view) Update \u2713 \u2713 \u2713 \u2717 View YAML \u2713 \u2713 \u2713 \u2713 Delete \u2713 \u2713 \u2713 \u2717 Helm chart View list \u2713 \u2713 \u2713 \u2713 View details \u2713 \u2713 \u2713 \u2713 Install chart \u2713 \u2713 (Fine for ns level) \u2717 \u2717 Download chart \u2713 \u2713 \u2713 (Consistent with viewing interface) \u2713 Helm repo View list \u2713 \u2713 \u2713 \u2713 Create repo \u2713 \u2717 \u2717 \u2717 Update repo \u2713 \u2717 \u2717 \u2717 Clone repo \u2713 \u2717 \u2717 \u2717 Refresh repo \u2713 \u2717 \u2717 \u2717 Modify label \u2713 \u2717 \u2717 \u2717 Modify annotation \u2713 \u2717 \u2717 \u2717 Delete \u2713 \u2717 \u2717 \u2717 Service View list \u2713 \u2713 \u2713 \u2713 View/Manage details \u2713 \u2713 \u2713 \u2713 (Only view) Create by YAML \u2713 \u2713 \u2713 \u2717 Create \u2713 \u2713 \u2713 \u2717 Update \u2713 \u2713 \u2713 \u2717 View event \u2713 \u2713 \u2713 \u2713 Edit YAML \u2713 \u2713 \u2713 \u2717 Delete \u2713 \u2713 \u2713 \u2717 Ingress View list \u2713 \u2713 \u2713 \u2713 View/Manage details \u2713 \u2713 \u2713 \u2713 (Only view) Create by YAML \u2713 \u2713 \u2713 \u2717 Create \u2713 \u2713 \u2713 \u2717 Update \u2713 \u2713 \u2713 \u2717 View event \u2713 \u2713 \u2713 \u2713 Edit YAML \u2713 \u2713 \u2713 \u2717 Delete \u2713 \u2713 \u2713 \u2717 Network policy View list \u2713 \u2713 \u2713 \u2713 View/Manage details \u2713 \u2713 \u2713 \u2717 Create by YAML \u2713 \u2713 \u2713 \u2717 Create \u2713 \u2713 \u2713 \u2717 Delete \u2713 \u2713 \u2713 \u2717 Network config Config \u2713 \u2713 \u2713 \u2717 CRD View list \u2713 \u2717 \u2717 \u2717 View/Manage details \u2713 \u2717 \u2717 \u2717 Create by YAML \u2713 \u2717 \u2717 \u2717 Edit YAML \u2713 \u2717 \u2717 \u2717 Delete \u2713 \u2717 \u2717 \u2717 PVC View list \u2713 \u2713 \u2713 \u2713 View/Manage details \u2713 \u2713 \u2713 \u2713 (Only view) Create \u2713 \u2713 \u2713 \u2717 Select sc \u2713 \u2713 \u2713 \u2717 Create by YAML \u2713 \u2713 \u2713 \u2717 Edit YAML \u2713 \u2713 \u2713 \u2717 Clone \u2713 \u2713 \u2713 \u2717 Delete \u2713 \u2713 \u2713 \u2717 PV View list \u2713 \u2717 \u2717 \u2717 View/Manage details \u2713 \u2717 \u2717 \u2717 Create by YAML \u2713 \u2717 \u2717 \u2717 Create \u2713 \u2717 \u2717 \u2717 Edit YAML \u2713 \u2717 \u2717 \u2717 Update \u2713 \u2717 \u2717 \u2717 Clone \u2713 \u2717 \u2717 \u2717 Modify label \u2713 \u2717 \u2717 \u2717 Modify annotation \u2713 \u2717 \u2717 \u2717 Delete \u2713 \u2717 \u2717 \u2717 SC View list \u2713 \u2717 \u2717 \u2717 Create by YAML \u2713 \u2717 \u2717 \u2717 Create \u2713 \u2717 \u2717 \u2717 View YAML \u2713 \u2717 \u2717 \u2717 Update \u2713 \u2717 \u2717 \u2717 Authorize NS \u2713 \u2717 \u2717 \u2717 Deauthorize \u2713 \u2717 \u2717 \u2717 Delete \u2713 \u2717 \u2717 \u2717 ConfigMap View list \u2713 \u2713 \u2713 \u2713 View/Manage details \u2713 \u2713 \u2713 \u2713 (Only view) Create by YAML \u2713 \u2713 \u2713 \u2717 Create \u2713 \u2713 \u2713 \u2717 Edit YAML \u2713 \u2713 \u2713 \u2717 Update \u2713 \u2713 \u2713 \u2717 Export ConfigMap \u2713 \u2713 \u2713 \u2717 Delete \u2713 \u2713 \u2713 \u2717 Secret View list \u2713 \u2713 \u2713 \u2717 View/Manage details \u2713 \u2713 \u2713 \u2717 Create by YAML \u2713 \u2713 \u2713 \u2717 Create \u2713 \u2713 \u2713 \u2717 Edit YAML \u2713 \u2713 \u2713 \u2717 Update \u2713 \u2713 \u2713 \u2717 Export secret \u2713 \u2713 \u2713 \u2717 Delete \u2713 \u2713 \u2713 \u2717 Namespace View list \u2713 \u2713 \u2713 \u2713 View/Manage details \u2713 \u2713 \u2713 \u2713 (Only view) Create by YAML \u2713 \u2717 \u2717 \u2717 Create \u2713 \u2717 \u2717 \u2717 View YAML \u2713 \u2713 \u2713 \u2717 Modify label \u2713 \u2713 \u2717 \u2717 Unbind WS \u2717 \u2717 \u2717 \u2717 Bind WS \u2717 \u2717 \u2717 \u2717 Quotas \u2713 \u2717 \u2717 \u2717 Delete \u2713 \u2717 \u2717 \u2717 Cluster operation View list \u2713 \u2717 \u2717 \u2717 View YAML \u2713 \u2717 \u2717 \u2717 View logs \u2713 \u2717 \u2717 \u2717 Delete \u2713 \u2717 \u2717 \u2717 Helm operation Set preserved entries \u2713 \u2717 \u2717 \u2717 View YAML \u2713 \u2713 \u2717 \u2717 View logs \u2713 \u2713 \u2717 \u2717 Delete \u2713 \u2713 \u2717 \u2717 Cluster upgrade View details \u2713 \u2717 \u2717 \u2717 Upgrade \u2717 \u2717 \u2717 \u2717 Cluster settings Addon config \u2713 \u2717 \u2717 \u2717 Advanced config \u2713 \u2717 \u2717 \u2717 Namespace View list \u2713 \u2713 \u2713 \u2713 Create \u2713 \u2717 \u2717 \u2717 View/Manage details \u2713 \u2713 \u2713 \u2713 View YAML \u2713 \u2713 \u2713 \u2717 Modify label \u2713 \u2713 \u2717 \u2717 Bind WS \u2713 \u2717 \u2717 \u2717 Quotas \u2713 \u2717 \u2717 \u2717 Delete \u2713 \u2717 \u2717 \u2717 Workload Deployment View list \u2713 \u2713 \u2713 \u2713 View/Manage details \u2713 \u2713 \u2713 \u2713 (Only view) Go to console \u2713 \u2713 \u2713 \u2717 Check monitor \u2713 \u2713 \u2713 \u2713 View logs \u2713 \u2713 \u2713 \u2713 Workload scaling \u2713 \u2713 \u2713 \u2717 Edit YAML \u2713 \u2713 \u2713 \u2717 Update \u2713 \u2713 \u2713 \u2717 Status - Pause Upgrade \u2713 \u2713 \u2713 \u2717 Status - Stop \u2713 \u2713 \u2713 \u2717 Status - restart \u2713 \u2713 \u2713 \u2717 Revert \u2713 \u2713 \u2713 \u2717 Modify label and annotation \u2713 \u2713 \u2713 \u2717 Delete \u2713 \u2713 \u2713 \u2717 StatefulSet View list \u2713 \u2713 \u2713 \u2713 View/Manage details \u2713 \u2713 \u2713 \u2713 (Only view) Go to console \u2713 \u2713 \u2713 \u2717 Check monitor \u2713 \u2713 \u2713 \u2713 View logs \u2713 \u2713 \u2713 \u2713 Workload scaling \u2713 \u2713 \u2713 \u2717 Edit YAML \u2713 \u2713 \u2713 \u2717 Update \u2713 \u2713 \u2713 \u2717 Status - Stop \u2713 \u2713 \u2713 \u2717 Status - restart \u2713 \u2713 \u2713 \u2717 Delete \u2713 \u2713 \u2713 \u2717 DaemonSet View list \u2713 \u2713 \u2713 \u2713 View/Manage details \u2713 \u2713 \u2713 \u2713 (Only view) Go to console \u2713 \u2713 \u2713 \u2717 Check monitor \u2713 \u2713 \u2713 \u2713 View logs \u2713 \u2713 \u2713 \u2713 Edit YAML \u2713 \u2713 \u2713 \u2717 Update \u2713 \u2713 \u2713 \u2717 Status - restart \u2713 \u2713 \u2713 \u2717 Delete \u2713 \u2713 \u2713 \u2717 Job View list \u2713 \u2713 \u2713 \u2713 View/Manage details \u2713 \u2713 \u2713 \u2713 (Only view) Go to console \u2713 \u2713 \u2713 \u2717 View logs \u2713 \u2713 \u2713 \u2713 View YAML \u2713 \u2713 \u2713 \u2717 Restart \u2713 \u2713 \u2713 \u2717 View event \u2713 \u2713 \u2713 \u2713 Delete \u2713 \u2713 \u2713 \u2717 CronJob View list \u2713 \u2713 \u2713 \u2713 View/Manage details \u2713 \u2713 \u2713 \u2713 (Only view) View event \u2713 \u2713 \u2713 \u2713 Delete \u2713 \u2713 \u2713 \u2717 Pod View list \u2713 \u2713 \u2713 \u2713 View/Manage details \u2713 \u2713 \u2713 \u2713 (Only view) Go to console \u2713 \u2713 \u2713 \u2717 Check monitor \u2713 \u2713 \u2713 \u2713 View logs \u2713 \u2713 \u2713 \u2713 View YAML \u2713 \u2713 \u2713 \u2713 Upload file \u2713 \u2713 \u2713 \u2717 Download file \u2713 \u2713 \u2713 \u2717 View containers \u2713 \u2713 \u2713 \u2713 View event \u2713 \u2713 \u2713 \u2713 Delete \u2713 \u2713 \u2713 \u2717 Backup and Restore App backup View list \u2713 \u2717 \u2717 \u2717 View/Manage details \u2713 \u2717 \u2717 \u2717 Create backup schedule \u2713 \u2717 \u2717 \u2717 View YAML \u2713 \u2717 \u2717 \u2717 Update Schedule \u2713 \u2717 \u2717 \u2717 Pause \u2713 \u2717 \u2717 \u2717 Run now \u2713 \u2717 \u2717 \u2717 Delete \u2713 \u2717 \u2717 \u2717 Resume backup View list \u2713 \u2717 \u2717 \u2717 View/Manage details \u2713 \u2717 \u2717 \u2717 Resume backup \u2713 \u2717 \u2717 \u2717 Delete \u2713 \u2717 \u2717 \u2717 Backup point View list \u2713 \u2717 \u2717 \u2717 Delete \u2713 \u2717 \u2717 \u2717 Object storage View list \u2713 \u2717 \u2717 \u2717 etcd backup View backup policies \u2713 \u2717 \u2717 \u2717 Create backup policies \u2713 \u2717 \u2717 \u2717 View logs \u2713 \u2717 \u2717 \u2717 View YAML \u2713 \u2717 \u2717 \u2717 Update backup policy \u2713 \u2717 \u2717 \u2717 Stop/Start \u2713 \u2717 \u2717 \u2717 Run now \u2713 \u2717 \u2717 \u2717 View/Manage details \u2713 \u2717 \u2717 \u2717 Delete backup records \u2713 \u2717 \u2717 \u2717 View backup points \u2713 \u2717 \u2717 \u2717 Cluster inspection Cluster inspection View list \u2713 \u2717 \u2717 \u2717 View/Manage details \u2713 \u2717 \u2717 \u2717 Cluster inspection \u2713 \u2717 \u2717 \u2717 Settings \u2713 \u2717 \u2717 \u2717 Permissions Permissions View list \u2713 \u2717 \u2717 \u2717 Grant to cluster admin \u2713 \u2717 \u2717 \u2717 Delete \u2713 \u2717 \u2717 \u2717 NS permissions View list \u2713 \u2713 \u2717 \u2717 Grant to ns admin \u2713 \u2713 \u2717 \u2717 Grant to ns editor \u2713 \u2713 \u2717 \u2717 Grant to ns viewer \u2713 \u2713 \u2717 \u2717 Edit permissions \u2713 \u2713 \u2717 \u2717 Delete \u2713 \u2713 \u2717 \u2717 Security Compliance scanning View scanning report \u2713 \u2717 \u2717 \u2717 View scanning report details \u2713 \u2717 \u2717 \u2717 Download scanning report \u2713 \u2717 \u2717 \u2717 Delete scanning report \u2713 \u2717 \u2717 \u2717 View scanning policies \u2713 \u2717 \u2717 \u2717 Create scanning policy \u2713 \u2717 \u2717 \u2717 Delete scanning policy \u2713 \u2717 \u2717 \u2717 View scanning config list \u2713 \u2717 \u2717 \u2717 View scanning config details \u2713 \u2717 \u2717 \u2717 Delete scanning config \u2713 \u2717 \u2717 \u2717 Scan permission View scanning reports \u2713 \u2717 \u2717 \u2717 View scanning report details \u2713 \u2717 \u2717 \u2717 Delete scanning report \u2713 \u2717 \u2717 \u2717 View scanning policies \u2713 \u2717 \u2717 \u2717 Create scanning policy \u2713 \u2717 \u2717 \u2717 Delete scanning policy \u2713 \u2717 \u2717 \u2717 Scan vulnerability View scanning reports \u2713 \u2717 \u2717 \u2717 View scanning report detail \u2713 \u2717 \u2717 \u2717 Delete scanning report \u2713 \u2717 \u2717 \u2717 View scanning policies \u2713 \u2717 \u2717 \u2717 Create scanning policy \u2713 \u2717 \u2717 \u2717 Delete scanning policy \u2713 \u2717 \u2717 \u2717"},{"location":"en/admin/ghippo/personal-center/accesstoken.html","title":"Access key","text":"The access key can be used to access the openAPI and continuous delivery. Users can obtain the key and access the API by referring to the following steps in the personal center.
"},{"location":"en/admin/ghippo/personal-center/accesstoken.html#get-key","title":"Get key","text":"Log in to AI platform, find Personal Center in the drop-down menu in the upper right corner, and you can manage the access key of the account on the Access Keys page.
Info
Access key is displayed only once. If you forget your access key, you will need to create a new key.
"},{"location":"en/admin/ghippo/personal-center/accesstoken.html#use-the-key-to-access-api","title":"Use the key to access API","text":"When accessing AI platform openAPI, add the header Authorization:Bearer ${token}
to the request to identify the visitor, where ${token}
is the key obtained in the previous step. Request Example
curl -X GET -H 'Authorization:Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IkRKVjlBTHRBLXZ4MmtQUC1TQnVGS0dCSWc1cnBfdkxiQVVqM2U3RVByWnMiLCJ0eXAiOiJKV1QifQ.eyJleHAiOjE2NjE0MTU5NjksImlhdCI6MTY2MDgxMTE2OSwiaXNzIjoiZ2hpcHBvLmlvIiwic3ViIjoiZjdjOGIxZjUtMTc2MS00NjYwLTg2MWQtOWI3MmI0MzJmNGViIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiYWRtaW4iLCJncm91cHMiOltdfQ.RsUcrAYkQQ7C6BxMOrdD3qbBRUt0VVxynIGeq4wyIgye6R8Ma4cjxG5CbU1WyiHKpvIKJDJbeFQHro2euQyVde3ygA672ozkwLTnx3Tu-_mB1BubvWCBsDdUjIhCQfT39rk6EQozMjb-1X1sbLwzkfzKMls-oxkjagI_RFrYlTVPwT3Oaw-qOyulRSw7Dxd7jb0vINPq84vmlQIsI3UuTZSNO5BCgHpubcWwBss-Aon_DmYA-Et_-QtmPBA3k8E2hzDSzc7eqK0I68P25r9rwQ3DeKwD1dbRyndqWORRnz8TLEXSiCFXdZT2oiMrcJtO188Ph4eLGut1-4PzKhwgrQ' https://demo-dev.daocloud.io/apis/ghippo.io/v1alpha1/users?page=1&pageSize=10 -k\n
Request result
{\n \"items\": [\n {\n \"id\": \"a7cfd010-ebbe-4601-987f-d098d9ef766e\",\n \"name\": \"a\",\n \"email\": \"\",\n \"description\": \"\",\n \"firstname\": \"\",\n \"lastname\": \"\",\n \"source\": \"locale\",\n \"enabled\": true,\n \"createdAt\": \"1660632794800\",\n \"updatedAt\": \"0\",\n \"lastLoginAt\": \"\"\n }\n ],\n \"pagination\": {\n \"page\": 1,\n \"pageSize\": 10,\n \"total\": 1\n }\n}\n
"},{"location":"en/admin/ghippo/personal-center/language.html","title":"language settings","text":"This section explains how to set the interface language. Currently supports Chinese, English two languages.
Language setting is the portal for the platform to provide multilingual services. The platform is displayed in Chinese by default. Users can switch the platform language by selecting English or automatically detecting the browser language preference according to their needs. Each user's multilingual service is independent of each other, and switching will not affect other users.
The platform provides three ways to switch languages: Chinese, English-English, and automatically detect your browser language preference.
The operation steps are as follows.
Log in to the AI platform with your username/password. Click Global Management at the bottom of the left navigation bar.
Click the username in the upper right corner and select Personal Center .
Click the Language Settings tab.
Toggle the language option.
Function description: It is used to fill in the email address and modify the login password.
The specific operation steps are as follows:
Click the username in the upper right corner and select Personal Center .
Click the Security Settings tab. Fill in your email address or change the login password.
This article explains how to configure SSH public key.
"},{"location":"en/admin/ghippo/personal-center/ssh-key.html#step-1-view-existing-ssh-keys","title":"Step 1. View Existing SSH Keys","text":"Before generating a new SSH key, please check if you need to use an existing SSH key stored in the root directory of the local user. For Linux and Mac, use the following command to view existing public keys. Windows users can use the following command in WSL (requires Windows 10 or above) or Git Bash to view the generated public keys.
ED25519 Algorithm:
cat ~/.ssh/id_ed25519.pub\n
RSA Algorithm:
cat ~/.ssh/id_rsa.pub\n
If a long string starting with ssh-ed25519 or ssh-rsa is returned, it means that a local public key already exists. You can skip Step 2 Generate SSH Key and proceed directly to Step 3.
"},{"location":"en/admin/ghippo/personal-center/ssh-key.html#step-2-generate-ssh-key","title":"Step 2. Generate SSH Key","text":"If Step 1 does not return the specified content string, it means that there is no available SSH key locally and a new SSH key needs to be generated. Please follow these steps:
Access the terminal (Windows users please use WSL or Git Bash), and run ssh-keygen -t
.
Enter the key algorithm type and an optional comment.
The comment will appear in the .pub file and can generally use the email address as the comment content.
To generate a key pair based on the ED25519
algorithm, use the following command:
ssh-keygen -t ed25519 -C \"<comment>\"\n
To generate a key pair based on the RSA
algorithm, use the following command:
ssh-keygen -t rsa -C \"<comment>\"\n
Press Enter to choose the SSH key generation path.
Taking the ED25519 algorithm as an example, the default path is as follows:
Generating public/private ed25519 key pair.\nEnter file in which to save the key (/home/user/.ssh/id_ed25519):\n
The default key generation path is /home/user/.ssh/id_ed25519
, and the proper public key is /home/user/.ssh/id_ed25519.pub
.
Set a passphrase for the key.
Enter passphrase (empty for no passphrase):\nEnter same passphrase again:\n
The passphrase is empty by default, and you can choose to use a passphrase to protect the private key file. If you do not want to enter a passphrase every time you access the repository using the SSH protocol, you can enter an empty passphrase when creating the key.
Press Enter to complete the key pair creation.
In addition to manually copying the generated public key information printed on the command line, you can use the following commands to copy the public key to the clipboard, depending on the operating system.
Windows (in WSL or Git Bash):
cat ~/.ssh/id_ed25519.pub | clip\n
Mac:
tr -d '\\n'< ~/.ssh/id_ed25519.pub | pbcopy\n
GNU/Linux (requires xclip):
xclip -sel clip < ~/.ssh/id_ed25519.pub\n
Log in to the AI platform UI page and select Profile -> SSH Public Key in the upper right corner of the page.
Add the generated SSH public key information.
SSH public key content.
Public key title: Supports customizing the public key name for management differentiation.
Expiration: Set the expiration period for the public key. After it expires, the public key will be automatically invalidated and cannot be used. If not set, it will be permanently valid.
The About page primarily showcases the latest versions of each module, highlights the open source software used, and expresses gratitude to the technical team via an animated video.
Steps to view are as follows:
Log in to AI platform as a user with Admin role. Click Global Management at the bottom of the left navigation bar.
Click Settings , select About , and check the product version, open source software statement, and development teams.
License Statement
Technical Team
In AI platform, you have the option to customize the appearance of the login page, top navigation bar, bottom copyright and ICP registration to enhance your product recognition.
"},{"location":"en/admin/ghippo/platform-setting/appearance.html#customizing-login-page-and-top-navigation-bar","title":"Customizing Login Page and Top Navigation Bar","text":"To get started, log in to AI platform as a user with the admin role and navigate to Global Management -> Settings found at the bottom of the left navigation bar.
Select Appearance . On the Custom your login page tab, modify the icon and text of the login page as needed, then click Save .
Log out and refresh the login page to see the configured effect.
On the Advanced customization tab, you can modify login page, navigation bar, copyright, and ICP registration with css.
Note
If you wish to restore the default settings, simply click Revert . This action will discard all customized settings.
"},{"location":"en/admin/ghippo/platform-setting/appearance.html#advanced-customization","title":"Advanced Customization","text":"Advanced customization allows you to modify the color, font spacing, and font size of the entire container platform using CSS styles. Please note that familiarity with CSS syntax is required.
To reset any advanced customizations, delete the contents of the black input box or click the Revert button.
Sample CSS for Login Page Customization:
.test {\n width: 12px;\n}\n\n#kc-login {\n /* color: red!important; */\n}\n
CSS sample for page customization after login:
.dao-icon.dao-iconfont.icon-service-global.dao-nav__head-icon {\n color: red!important;\n}\n.ghippo-header-logo {\n background-color: green!important;\n}\n.ghippo-header {\n background-color: rgb(128, 115, 0)!important;\n}\n.ghippo-header-nav-main {\n background-color: rgb(0, 19, 128)!important;\n}\n.ghippo-header-sub-nav-main .dao-popper-inner {\n background-color: rgb(231, 82, 13) !important;\n}\n
CSS sample for custom footer (including copyright, filing, and other information at the bottom)
<div class=\"footer-content\">\n <span class=\"footer-item\">Copyright \u00a9 2024 Suanova</span>\n <a class=\"footer-item\" href=\"https://beian.miit.gov.cn/\" target=\"_blank\" rel=\"noopener noreferrer\">\u6caa ICP \u5907 14048409 \u53f7 - 1</a>\n <a class=\"footer-item\" href=\"https://beian.miit.gov.cn/\" target=\"_blank\" rel=\"noopener noreferrer\">\u6caa ICP \u5907 14048409 \u53f7 - 2</a>\n</div>\n<div class=\"footer-content\">\n <img class=\"gongan-icon\" src=\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAASCAYAAABWzo5XAAAACXBIWXMAAAsTAAALEwEAmpwYAAAKTWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAHjanVN3WJP3Fj7f92UPVkLY8LGXbIEAIiOsCMgQWaIQkgBhhBASQMWFiApWFBURnEhVxILVCkidiOKgKLhnQYqIWotVXDjuH9yntX167+3t+9f7vOec5/zOec8PgBESJpHmomoAOVKFPDrYH49PSMTJvYACFUjgBCAQ5svCZwXFAADwA3l4fnSwP/wBr28AAgBw1S4kEsfh/4O6UCZXACCRAOAiEucLAZBSAMguVMgUAMgYALBTs2QKAJQAAGx5fEIiAKoNAOz0ST4FANipk9wXANiiHKkIAI0BAJkoRyQCQLsAYFWBUiwCwMIAoKxAIi4EwK4BgFm2MkcCgL0FAHaOWJAPQGAAgJlCLMwAIDgCAEMeE80DIEwDoDDSv+CpX3CFuEgBAMDLlc2XS9IzFLiV0Bp38vDg4iHiwmyxQmEXKRBmCeQinJebIxNI5wNMzgwAABr50cH+OD+Q5+bk4eZm52zv9MWi/mvwbyI+IfHf/ryMAgQAEE7P79pf5eXWA3DHAbB1v2upWwDaVgBo3/ldM9sJoFoK0Hr5i3k4/EAenqFQyDwdHAoLC+0lYqG9MOOLPv8z4W/gi372/EAe/tt68ABxmkCZrcCjg/1xYW52rlKO58sEQjFu9+cj/seFf/2OKdHiNLFcLBWK8ViJuFAiTcd5uVKRRCHJleIS6X8y8R+W/QmTdw0ArIZPwE62B7XLbMB+7gECiw5Y0nYAQH7zLYwaC5EAEGc0Mnn3AACTv/mPQCsBAM2XpOMAALzoGFyolBdMxggAAESggSqwQQcMwRSswA6cwR28wBcCYQZEQAwkwDwQQgbkgBwKoRiWQRlUwDrYBLWwAxqgEZrhELTBMTgN5+ASXIHrcBcGYBiewhi8hgkEQcgIE2EhOogRYo7YIs4IF5mOBCJhSDSSgKQg6YgUUSLFyHKkAqlCapFdSCPyLXIUOY1cQPqQ28ggMor8irxHMZSBslED1AJ1QLmoHxqKxqBz0XQ0D12AlqJr0Rq0Hj2AtqKn0UvodXQAfYqOY4DRMQ5mjNlhXIyHRWCJWBomxxZj5Vg1Vo81Yx1YN3YVG8CeYe8IJAKLgBPsCF6EEMJsgpCQR1hMWEOoJewjtBK6CFcJg4Qxwicik6hPtCV6EvnEeGI6sZBYRqwm7iEeIZ4lXicOE1+TSCQOyZLkTgohJZAySQtJa0jbSC2kU6Q+0hBpnEwm65Btyd7kCLKArCCXkbeQD5BPkvvJw+S3FDrFiOJMCaIkUqSUEko1ZT/lBKWfMkKZoKpRzame1AiqiDqfWkltoHZQL1OHqRM0dZolzZsWQ8ukLaPV0JppZ2n3aC/pdLoJ3YMeRZfQl9Jr6Afp5+mD9HcMDYYNg8dIYigZaxl7GacYtxkvmUymBdOXmchUMNcyG5lnmA+Yb1VYKvYqfBWRyhKVOpVWlX6V56pUVXNVP9V5qgtUq1UPq15WfaZGVbNQ46kJ1Bar1akdVbupNq7OUndSj1DPUV+jvl/9gvpjDbKGhUaghkijVGO3xhmNIRbGMmXxWELWclYD6yxrmE1iW7L57Ex2Bfsbdi97TFNDc6pmrGaRZp3mcc0BDsax4PA52ZxKziHODc57LQMtPy2x1mqtZq1+rTfaetq+2mLtcu0W7eva73VwnUCdLJ31Om0693UJuja6UbqFutt1z+o+02PreekJ9cr1Dund0Uf1bfSj9Rfq79bv0R83MDQINpAZbDE4Y/DMkGPoa5hpuNHwhOGoEctoupHEaKPRSaMnuCbuh2fjNXgXPmasbxxirDTeZdxrPGFiaTLbpMSkxeS+Kc2Ua5pmutG003TMzMgs3KzYrMnsjjnVnGueYb7ZvNv8jYWlRZzFSos2i8eW2pZ8ywWWTZb3rJhWPlZ5VvVW16xJ1lzrLOtt1ldsUBtXmwybOpvLtqitm63Edptt3xTiFI8p0in1U27aMez87ArsmuwG7Tn2YfYl9m32zx3MHBId1jt0O3xydHXMdmxwvOuk4TTDqcSpw+lXZxtnoXOd8zUXpkuQyxKXdpcXU22niqdun3rLleUa7rrStdP1o5u7m9yt2W3U3cw9xX2r+00umxvJXcM970H08PdY4nHM452nm6fC85DnL152Xlle+70eT7OcJp7WMG3I28Rb4L3Le2A6Pj1l+s7pAz7GPgKfep+Hvqa+It89viN+1n6Zfgf8nvs7+sv9j/i/4XnyFvFOBWABwQHlAb2BGoGzA2sDHwSZBKUHNQWNBbsGLww+FUIMCQ1ZH3KTb8AX8hv5YzPcZyya0RXKCJ0VWhv6MMwmTB7WEY6GzwjfEH5vpvlM6cy2CIjgR2yIuB9pGZkX+X0UKSoyqi7qUbRTdHF09yzWrORZ+2e9jvGPqYy5O9tqtnJ2Z6xqbFJsY+ybuIC4qriBeIf4RfGXEnQTJAntieTE2MQ9ieNzAudsmjOc5JpUlnRjruXcorkX5unOy553PFk1WZB8OIWYEpeyP+WDIEJQLxhP5aduTR0T8oSbhU9FvqKNolGxt7hKPJLmnVaV9jjdO31D+miGT0Z1xjMJT1IreZEZkrkj801WRNberM/ZcdktOZSclJyjUg1plrQr1zC3KLdPZisrkw3keeZtyhuTh8r35CP5c/PbFWyFTNGjtFKuUA4WTC+oK3hbGFt4uEi9SFrUM99m/ur5IwuCFny9kLBQuLCz2Lh4WfHgIr9FuxYji1MXdy4xXVK6ZHhp8NJ9y2jLspb9UOJYUlXyannc8o5Sg9KlpUMrglc0lamUycturvRauWMVYZVkVe9ql9VbVn8qF5VfrHCsqK74sEa45uJXTl/VfPV5bdra3kq3yu3rSOuk626s91m/r0q9akHV0IbwDa0b8Y3lG19tSt50oXpq9Y7NtM3KzQM1YTXtW8y2rNvyoTaj9nqdf13LVv2tq7e+2Sba1r/dd3vzDoMdFTve75TsvLUreFdrvUV99W7S7oLdjxpiG7q/5n7duEd3T8Wej3ulewf2Re/ranRvbNyvv7+yCW1SNo0eSDpw5ZuAb9qb7Zp3tXBaKg7CQeXBJ9+mfHvjUOihzsPcw83fmX+39QjrSHkr0jq/dawto22gPaG97+iMo50dXh1Hvrf/fu8x42N1xzWPV56gnSg98fnkgpPjp2Snnp1OPz3Umdx590z8mWtdUV29Z0PPnj8XdO5Mt1/3yfPe549d8Lxw9CL3Ytslt0utPa49R35w/eFIr1tv62X3y+1XPK509E3rO9Hv03/6asDVc9f41y5dn3m978bsG7duJt0cuCW69fh29u0XdwruTNxdeo94r/y+2v3qB/oP6n+0/rFlwG3g+GDAYM/DWQ/vDgmHnv6U/9OH4dJHzEfVI0YjjY+dHx8bDRq98mTOk+GnsqcTz8p+Vv9563Or59/94vtLz1j82PAL+YvPv655qfNy76uprzrHI8cfvM55PfGm/K3O233vuO+638e9H5ko/ED+UPPR+mPHp9BP9z7nfP78L/eE8/sl0p8zAAAAIGNIUk0AAHolAACAgwAA+f8AAIDpAAB1MAAA6mAAADqYAAAXb5JfxUYAAAQjSURBVHjaVNNZbFRlGIDh95w525zpdGa6TVtbykBbyiICxQY0AhYTJUCiiYqGqEEiJhKQmBg0ESPeeCGRENEYb4jhBr0gNQrRlCBiSgyLaSlSaKEs3Wemy+xnzuqFYdD/6rt6ku/N9wue55EcPwWArCgIgkx5ZRuYVxsnJ801Z05f3jY1MRnb/HxHV+uSph9RKq4mhkdwbZVgdQ2SHkPTwgj/h1QUWWi8/tfg/hM/XN/Y2zfaZnkSnuRDtLMsXhBOvrJtya/LlrcdMs1Qb1lVRQmSAEDAsU1kxpgamXp3y+azu1esreK9dyRqs9PIjkW6OsLx7lTV1ld/237s8HRV57MbnvO8CA+e9GCQFTk6Mza+4/0P+t9a9VSEI3uyTH/eR27aB2Ed31Q/Hx1sI6BHOPT13c5Frd0HW9p3HPUQEwAigJW9RDp+bstrOy981nVGLN/7RpHUV70YfXnEAtjxFPasxPDBQXatjzNTdOQXtg983H/51AFFy1KCIg2bNIdC+8270NwmUmelsXqSqHkDK5PDl8iCW0QcnEW+lqCjvcjQuMZ4YnQRTkotQUZu4GkjcfZNv19G011kXw4vayNYNvqCCvSVTciOgABgeuhBGwhgz5zbkI2ff7HUqJiNR2QktbbSYnBYYqbMT/ilKI4SIbT/GcRylbnvLmJ2X8N7tJ7rR8OE/BbliqEYea81WIotmOs02WFpc55Lf0f5/mSI3dsamOgxSX7ZjaALuBmB6M6FnB+S+POCwmOLk1QFFAqZyQWl1YrpiRZJLvDkygyC5NJ1XCax7xYNiTQVEYVIuUulayIcGeLkpw6WK7GuPY/fb2CkhleXIFFe8XPGaKBj9QxLW1Ik0bg8EuT2zRCJYZvZIYepe0EGbvi4bQUJVZhs2phADFYj+df0lBqJUnaekS4SUHXe3jrOnoE2PhSewHfRpfZGgcryIvfHdQruQlLo7Ns6QizqkJ31CIUlqwQJXuWUpDXj6qOsW32HT3YNImll9FwJsb4jyaLmWQ4fa6a+2sQw0ry8YZSiHcPxxXBtMfCv4XkUCrfliWs/fTE31rtTVfv9vsIorvQIniMhqXM4popVcJFVMHMpfMEaLPdxR1Tnna1b1vl6tGntpAjgCTNWONZyIFBR8Ydtr6EgrCI3VySfzZPLBDHyIq5gkpmzcOUmTGMF+bh7M9LYulfWzMmHBzk7Fpq9deWEYxjrtaCMXjWfstp6BCGNXZzBdYqYhogWqkMum4+oBVD0YnP63u/fFqbv1D+M7VSlBbmmK5uYaLYLYwslfwFVAyXQiOfcx3XyyGIM8DDn0lgWyGokHogu/0UJxpL/+f2e569s/CZQZ53OpzJr0+NXludUfb5jVdf7VUGXJUPIZast1S9PeII6jFDT5xMjFwO1S4c8zwTgnwEAxufYSzA67PMAAAAASUVORK5CYII=\" >\n <a class=\"footer-item\" href=\"http://www.beian.gov.cn/portal/registerSystemInfo\">\u6caa\u516c\u7f51\u5b89\u5907 12345678912345\u53f7</a>\n</div>\n<style>\n.footer-content {\n display: flex;\n flex-wrap: wrap;\n align-items: center;\n justify-content: center;\n}\n.footer-content + .footer-content {\n margin-top: 8px;\n}\n.login-pf .footer-item {\n color: white;\n}\n.footer-item {\n color: var(--dao-gray-010);\n text-decoration: none;\n}\n.footer-item + .footer-item {\n margin-left: 8px;\n}\n.gongan-icon {\n width: 18px;\n height: 18px;\n margin-right: 4px;\n}\n</style>\n
"},{"location":"en/admin/ghippo/platform-setting/mail-server.html","title":"Mail Server","text":"AI platform will send an e-mail to the user to verify the e-mail address if the user forgets the password to ensure that the user is acting in person. In order for AI platform to be able to send email, you need to provide your mail server address first.
The specific operation steps are as follows:
Log in to AI platform as a user with admin role. Click Global Management at the bottom of the left navigation bar.
Click Settings , select Mail Server Settings .
Complete the following fields to configure the mail server:
Field Description Example SMTP server address SMTP server address that can provide mail service smtp.163.com SMTP server port Port for sending mail 25 Username Name of the SMTP user test@163.com Password Password for the SMTP account 123456 Sender's email address Sender's email address test@163.com Use SSL secure connection SSL can be used to encrypt emails, thereby improving the security of information transmitted via emails, usually need to configure a certificate for the mail server DisableAfter the configuration is complete, click Save , and click Test Mail Server .
A message indicating that the mail has been successfully sent appears in the upper right corner of the screen, indicating that the mail server has been successfully set up.
Q: What is the reason why the user still cannot retrieve the password after the mail server is set up?
Answer: The user may not have an email address or set a wrong email address; at this time, users with the admin role can find the user by username in Global Management -> Access Control , and set it as The user sets a new login password.
If the mail server is not connected, please check whether the mail server address, username and password are correct.
"},{"location":"en/admin/ghippo/platform-setting/security.html","title":"Security Policy","text":"AI platform offers robust security measures, including password policies and access control for the graphical interface.
"},{"location":"en/admin/ghippo/platform-setting/security.html#password-policy","title":"Password Policy","text":"To configure the password and access control policies, navigate to global management, then click Settings -> Security Policy in the left navigation bar.
"},{"location":"en/admin/ghippo/report-billing/index.html","title":"Operation Management","text":"Operation Management provides a visual representation of the total usage and utilization rates of CPU, memory, storage and GPU across various dimensions such as cluster, node, namespace, pod, and workspace within a specified time range on the platform. It also automatically calculates platform consumption information based on usage, usage time, and unit price. By default, the module enables all report statistics, but platform administrators can manually enable or disable individual reports. After enabling or disabling, the platform will start or stop collecting report data within a maximum of 20 minutes. Previously collected data will still be displayed normally. Operation Management data can be retained on the platform for up to 365 days. Statistical data exceeding this retention period will be automatically deleted. You can also download reports in CSV or Excel format for further statistics and analysis.
Operation Management is available only for the Standard Edition and above. It is not supported in the Community Edition.
You need to install or upgrade the Operations Management module first, and then you can experience report management and billing metering.
"},{"location":"en/admin/ghippo/report-billing/index.html#report-management","title":"Report Management","text":"Report Management provides data statistics for cluster, node, pods, workspace, and namespace across five dimensions: CPU Utilization, Memory Utilization, Storage Utilization, GPU Utilization, and GPU Memory Utilization. It also integrates with the audit and alert modules to support the statistical management of audit and alert data, supporting a total of seven types of reports.
"},{"location":"en/admin/ghippo/report-billing/index.html#accounting-billing","title":"Accounting & Billing","text":"Accounting & Billing provides billing statistics for clusters, nodes, pods, namespaces, and workspaces on the platform. It calculates the consumption for each resource during the statistical period based on the usage of CPU, memory, storage and GPU, as well as user-configured prices and currency units. Depending on the selected time span, such as monthly, quarterly, or annually, it can quickly calculate the actual consumption for that period.
"},{"location":"en/admin/ghippo/report-billing/billing.html","title":"Accounting & Billing","text":"Accounting and billing further process the usage data of resources based on reports. You can manually set the unit price and currency unit for CPU, memory, GPU and storage. After setting, the system will automatically calculate the expenses of clusters, nodes, pods, namespaces, and workspaces over a period. You can adjust the period freely and export billing reports in Excel or Csv format after filtering by week, month, quarter, or year.
"},{"location":"en/admin/ghippo/report-billing/billing.html#billing-rules-and-effective-time","title":"Billing Rules and Effective Time","text":"Currently, the following reports are supported:
Log in to AI platform as a user with the admin role. Click Global Management -> Operations Management at the bottom of the left navigation bar.
After entering the Operations Management , switch to different menus to view billing reports for clusters, nodes, and pods.
Report management visually displays statistical data across clusters, nodes, pods, workspaces, namespaces, audits, and alarms. This data provides a reliable foundation for platform billing and utilization optimization.
"},{"location":"en/admin/ghippo/report-billing/report.html#features","title":"Features","text":"Currently, the following reports are supported:
Log in to AI platform as a user with the Admin role. Click Global Management -> Operations Management at the bottom of the left sidebar.
After entering Operations Management, switch between different menus to view reports on clusters, nodes, and pods.
The error message is as shown in the following image:
Possible cause: The jwtsUri address of the RequestAuthentication CR cannot be accessed, causing istiod to be unable to push the configuration to istio-ingressgateway (This bug can be avoided in Istio 1.15: https://github.com/istio/istio/pull/39341/).
Solution:
Backup the RequestAuthentication ghippo CR.
kubectl get RequestAuthentication ghippo -n istio-system -o yaml > ghippo-ra.yaml\n
Delete the RequestAuthentication ghippo CR.
kubectl delete RequestAuthentication ghippo -n istio-system\n
Restart Istio.
kubectl rollout restart deploy/istiod -n istio-system\nkubectl rollout restart deploy/istio-ingressgateway -n istio-system\n
Reapply the RequestAuthentication ghippo CR.
kubectl apply -f ghippo-ra.yaml\n
Note
Before applying the RequestAuthentication ghippo CR, make sure that ghippo-apiserver and ghippo-keycloak are started correctly.
This issue occurs when the MySQL database connected to ghippo-keycloak encounters a failure, causing the OIDC Public keys to be reset.
For Global Management version 0.11.1 and above, you can follow these steps to restore normal operation by updating the Global Management configuration file using helm .
# Update helm repository\nhelm repo update ghippo\n\n# Backup ghippo parameters\nhelm get values ghippo -n ghippo-system -o yaml > ghippo-values-bak.yaml\n\n# Get the current deployed ghippo version\nversion=$(helm get notes ghippo -n ghippo-system | grep \"Chart Version\" | awk -F ': ' '{ print $2 }')\n\n# Perform the update operation to make the configuration file take effect\nhelm upgrade ghippo ghippo/ghippo \\\n-n ghippo-system \\\n-f ./ghippo-values-bak.yaml \\\n--version ${version}\n
"},{"location":"en/admin/ghippo/troubleshooting/ghippo03.html","title":"Keycloak Unable to Start","text":""},{"location":"en/admin/ghippo/troubleshooting/ghippo03.html#common-issues","title":"Common Issues","text":""},{"location":"en/admin/ghippo/troubleshooting/ghippo03.html#symptoms","title":"Symptoms","text":"MySQL is ready with no errors. After installing the global management, Keycloak fails to start (more than 10 times).
"},{"location":"en/admin/ghippo/troubleshooting/ghippo03.html#checklist","title":"Checklist","text":"Keycloak cannot start normally, the Keycloak pod is in the CrashLoopBackOff
state, and the Keycloak log shows:
Run the following script to check the supported CPU types:
cat <<\"EOF\" > detect-cpu.sh\n#!/bin/sh -eu\n\nflags=$(cat /proc/cpuinfo | grep flags | head -n 1 | cut -d: -f2)\n\nsupports_v2='awk \"/cx16/&&/lahf/&&/popcnt/&&/sse4_1/&&/sse4_2/&&/ssse3/ {found=1} END {exit !found}\"'\nsupports_v3='awk \"/avx/&&/avx2/&&/bmi1/&&/bmi2/&&/f16c/&&/fma/&&/abm/&&/movbe/&&/xsave/ {found=1} END {exit !found}\"'\nsupports_v4='awk \"/avx512f/&&/avx512bw/&&/avx512cd/&&/avx512dq/&&/avx512vl/ {found=1} END {exit !found}\"'\n\necho \"$flags\" | eval $supports_v2 || exit 2 && echo \"CPU supports x86-64-v2\"\necho \"$flags\" | eval $supports_v3 || exit 3 && echo \"CPU supports x86-64-v3\"\necho \"$flags\" | eval $supports_v4 || exit 4 && echo \"CPU supports x86-64-v4\"\nEOF\n\nchmod +x detect-cpu.sh\nsh detect-cpu.sh\n
Execute the command below to check the current CPU features. If the output contains sse4_2, it indicates that your processor supports SSE 4.2.
lscpu | grep sse4_2\n
"},{"location":"en/admin/ghippo/troubleshooting/ghippo03.html#solution","title":"Solution","text":"You need to upgrade your virtual machine or physical machine CPU to support x86-64-v2 and above, ensuring that the x86 CPU instruction set supports SSE4.2. For details on how to upgrade, you should consult your virtual machine platform provider or your physical machine provider.
For more information, see: https://github.com/keycloak/keycloak/issues/17290
"},{"location":"en/admin/ghippo/troubleshooting/ghippo04.html","title":"Failure to Upgrade Global Management Separately","text":"If the upgrade fails and includes the following message, you can refer to the Offline Upgrade section to complete the installation of CRDs by following the steps for updating the ghippo crd.
ensure CRDs are installed first\n
"},{"location":"en/admin/ghippo/workspace/folder-permission.html","title":"Description of folder permissions","text":"Folders have permission mapping capabilities, which can map the permissions of users/groups in this folder to subfolders, workspaces and resources under it.
If the user/group is Folder Admin role in this folder, it is still Folder Admin role when mapped to a subfolder, and Workspace Admin is mapped to the workspace under it; If a Namespace is bound in Workspace and Folder -> Resource Group , the user/group is also a Namespace Admin after mapping.
Note
The permission mapping capability of folders will not be applied to shared resources, because sharing is to share the use permissions of the cluster to multiple workspaces, rather than assigning management permissions to workspaces, so permission inheritance and role mapping will not be implemented.
"},{"location":"en/admin/ghippo/workspace/folder-permission.html#use-cases","title":"Use cases","text":"Folders have hierarchical capabilities, so when folders are mapped to departments/suppliers/projects in the enterprise,
Folders have the capability to map permissions, allowing users/user groups to have their permissions in the folder mapped to its sub-folders, workspaces, and resources.
Follow the steps below to create a folder:
Log in to AI platform with a user account having the admin/folder admin role. Click Global Management -> Workspace and Folder at the bottom of the left navigation bar.
Click the Create Folder button in the top right corner.
Fill in the folder name, parent folder, and other information, then click OK to complete creating the folder.
Tip
After successful creation, the folder name will be displayed in the left tree structure, represented by different icons for workspaces and folders.
Note
To edit or delete a specific folder, select it and Click \u2507 on the right side.
If there are resources bound to the resource group or shared resources within the folder, the folder cannot be deleted. All resources need to be unbound before deleting.
If there are registry resources accessed by the microservice engine module within the folder, the folder cannot be deleted. All access to the registry needs to be removed before deleting the folder.
Shared resources do not necessarily mean that the shared users can use the shared resources without any restrictions. Admin, Kpanda Owner, and Workspace Admin can limit the maximum usage quota of a user through the Resource Quota feature in shared resources. If no restrictions are set, it means the usage is unlimited.
A resource (cluster) can be shared among multiple workspaces, and a workspace can use resources from multiple shared clusters simultaneously.
"},{"location":"en/admin/ghippo/workspace/quota.html#resource-groups-and-shared-resources","title":"Resource Groups and Shared Resources","text":"Cluster resources in both shared resources and resource groups are derived from Container Management. However, different effects will occur when binding a cluster to a workspace or sharing it with a workspace.
Binding Resources
Users/User groups in the workspace will have full management and usage permissions for the cluster. Workspace Admin will be mapped as Cluster Admin. Workspace Admin can access the Container Management module to manage the cluster.
Note
As of now, there are no Cluster Editor and Cluster Viewer roles in the Container Management module. Therefore, Workspace Editor and Workspace Viewer cannot be mapped.
Adding Shared Resources
Users/User groups in the workspace will have usage permissions for the cluster resources.
Unlike resource groups, when sharing a cluster with a workspace, the roles of the users in the workspace will not be mapped to the resources. Therefore, Workspace Admin will not be mapped as Cluster Admin.
This section demonstrates three scenarios related to resource quotas.
"},{"location":"en/admin/ghippo/workspace/quota.html#create-namespaces","title":"Create Namespaces","text":"Creating a namespace involves resource quotas.
Add a shared cluster to workspace ws01 .
Select workspace ws01 and the shared cluster in Workbench, and create a namespace ns01 .
Prerequisite: Workspace ws01 has added a shared cluster, and the operator has the Workspace Admin + Kpanda Owner or Admin role.
The two methods of binding have the same effect.
Bind the created namespace ns01 to ws01 in Container Management.
Bind the namespace ns01 to ws01 in Global Management.
The two methods of unbinding have the same effect.
Unbind the namespace ns01 from workspace ws01 in Container Management.
Unbind the namespace ns01 from workspace ws01 in Global Management.
Both resource groups and shared resources support cluster binding, but they have significant differences in usage.
"},{"location":"en/admin/ghippo/workspace/res-gp-and-shared-res.html#differences-in-usage-scenarios","title":"Differences in Usage Scenarios","text":"Note: In this scenario, the platform administrator needs to impose resource restrictions on secondary suppliers. Currently, it is not supported to limit the cluster quota of secondary suppliers by the primary supplier.
"},{"location":"en/admin/ghippo/workspace/res-gp-and-shared-res.html#differences-in-cluster-quota-usage","title":"Differences in Cluster Quota Usage","text":"After binding to a cluster, both resource groups and shared resources can go to the Workbench to create namespaces, which will be automatically bound to the workspace.
"},{"location":"en/admin/ghippo/workspace/workspace.html","title":"Creating/Deleting Workspaces","text":"A workspace is a resource category that represents a hierarchical relationship of resources. A workspace can contain resources such as clusters, namespaces, and registries. Typically, each workspace corresponds to a project and different resources can be allocated, and different users and user groups can be assigned to each workspace.
Follow the steps below to create a workspace:
Log in to AI platform with a user account having the admin/folder admin role. Click Global Management -> Workspace and Folder at the bottom of the left navigation bar.
Click the Create Workspace button in the top right corner.
Fill in the workspace name, folder assignment, and other information, then click OK to complete creating the workspace.
Tip
After successful creation, the workspace name will be displayed in the left tree structure, represented by different icons for folders and workspaces.
Note
To edit or delete a specific workspace or folder, select it and click ... on the right side.
Workspace and Folder is a feature that provides resource isolation and grouping, addressing issues related to unified authorization, resource grouping, and resource quotas.
Workspace and Folder involves two concepts: workspaces and folders.
"},{"location":"en/admin/ghippo/workspace/ws-folder.html#workspaces","title":"Workspaces","text":"Workspaces allow the management of resources through Authorization , Resource Group , and Shared Resource , enabling users (and user groups) to share resources within the workspace.
Resources
Resources are at the lowest level of the hierarchy in the resource management module. They include clusters, namespaces, pipelines, gateways, and more. All these resources can only have workspaces as their parent level. Workspaces act as containers for grouping resources.
Workspace
A workspace usually refers to a project or environment, and the resources in each workspace are logically isolated from those in other workspaces. You can grant users (groups of users) different access rights to the same set of resources through authorization in the workspace.
Workspaces are at the first level, counting from the bottom of the hierarchy, and contain resources. All resources except shared resources have one and only one parent. All workspaces also have one and only one parent folder.
Resources are grouped by workspace, and there are two grouping modes in workspace, namely Resource Group and Shared Resource .
Resource group
A resource can only be added to one resource group, and resource groups correspond to workspaces one by one. After a resource is added to a resource group, Workspace Admin will obtain the management authority of the resource, which is equivalent to the owner of the resource.
Share resource
For shared resources, multiple workspaces can share one or more resources. Resource owners can choose to share their own resources with the workspace. Generally, when sharing, the resource owner will limit the amount of resources that can be used by the shared workspace. After resources are shared, Workspace Admin only has resource usage rights under the resource limit, and cannot manage resources or adjust the amount of resources that can be used by the workspace.
At the same time, shared resources also have certain requirements for the resources themselves. Only Cluster (cluster) resources can be shared. Cluster Admin can share Cluster resources to different workspaces, and limit the use of workspaces on this Cluster.
Workspace Admin can create multiple Namespaces within the resource quota, but the sum of the resource quotas of the Namespaces cannot exceed the resource quota of the Cluster in the workspace. For Kubernetes resources, the only resource type that can be shared currently is Cluster.
Folders can be used to build enterprise business hierarchy relationships.
Folders are a further grouping mechanism based on workspaces and have a hierarchical structure. A folder can contain workspaces, other folders, or a combination of both, forming a tree-like organizational relationship.
Folders allow you to map your business hierarchy and group workspaces by department. Folders are not directly linked to resources, but indirectly achieve resource grouping through workspaces.
A folder has one and only one parent folder, and the root folder is the highest level of the hierarchy. The root folder has no parent, and folders and workspaces are attached to the root folder.
In addition, users (groups) in folders can inherit permissions from their parents through a hierarchical structure. The permissions of the user in the hierarchical structure come from the combination of the permissions of the current level and the permissions inherited from its parents. The permissions are additive and there is no mutual exclusion.
"},{"location":"en/admin/ghippo/workspace/ws-permission.html","title":"Description of workspace permissions","text":"The workspace has permission mapping and resource isolation capabilities, and can map the permissions of users/groups in the workspace to the resources under it. If the user/group has the Workspace Admin role in the workspace and the resource Namespace is bound to the workspace-resource group, the user/group will become Namespace Admin after mapping.
Note
The permission mapping capability of the workspace will not be applied to shared resources, because sharing is to share the cluster usage permissions to multiple workspaces, rather than assigning management permissions to the workspaces, so permission inheritance and role mapping will not be implemented.
"},{"location":"en/admin/ghippo/workspace/ws-permission.html#use-cases","title":"Use cases","text":"Resource isolation is achieved by binding resources to different workspaces. Therefore, resources can be flexibly allocated to each workspace (tenant) with the help of permission mapping, resource isolation, and resource sharing capabilities.
Generally applicable to the following two use cases:
Cluster one-to-one
Ordinary Cluster Department/Tenant (Workspace) Purpose Cluster 01 A Administration and Usage Cluster 02 B Administration and UsageCluster one-to-many
Cluster Department/Tenant (Workspace) Resource Quota Cluster 01 A 100 core CPU B 50-core CPUFor the operation scope of the roles of Workspace Admin, Workspace Editor, and Workspace Viewer in each module, please refer to the permission description:
\u21a9
If a user John (\"John\" represents any user who is required to bind resources) has the Workspace Admin role assigned or has been granted proper permissions through a custom role, which includes the Workspace's \"Resource Binding\" Permissions, and wants to bind a specific cluster or namespace to the workspace.
To bind cluster/namespace resources to a workspace, not only the workspace's \"Resource Binding\" permissions are required, but also the permissions of Cluster Admin.
"},{"location":"en/admin/ghippo/workspace/wsbind-permission.html#granting-authorization-to-john","title":"Granting Authorization to John","text":"Using the Platform Admin Role, grant John the role of Workspace Admin on the Workspace -> Authorization page.
Then, on the Container Management -> Permissions page, authorize John as a Cluster Admin by Add Permission.
Using John's account to log in to AI platform, on the Container Management -> Clusters page, John can bind the specified cluster to his own workspace by using the Bind Workspace button.
Note
John can only bind clusters or namespaces to a specific workspace in the Container Management module, and cannot perform this operation in the Global Management module.
To bind a namespace to a workspace, you must have at least Workspace Admin and Cluster Admin permissions.
"},{"location":"en/admin/host/createhost.html","title":"Create and Start a Cloud Host","text":"After the user completes registration and is assigned a workspace, namespace, and resources, they can create and start a cloud host.
"},{"location":"en/admin/host/createhost.html#prerequisites","title":"Prerequisites","text":"Click Create Cloud Host -> Create from Template
After defining all configurations for the cloud host, click Next
Basic ConfigurationTemplate ConfigurationStorage and NetworkAfter configuring the root password or SSH key, click OK
Return to the host list and wait for the status to change to Running. After that, you can start the host by clicking the \u2507 on the right side.
Next step: Use the Cloud Host
"},{"location":"en/admin/host/usehost.html","title":"Using Cloud Host","text":"After creating and starting the cloud host, users can begin using it.
"},{"location":"en/admin/host/usehost.html#prerequisites","title":"Prerequisites","text":"Navigate to Container Management -> Container Network -> Services, click the service name to enter the service details page, and click Update at the top right corner.
Change the port range to 30900-30999, ensuring there are no conflicts.
Log in to the AI platform as an end user, navigate to the proper service, and check the access port.
Use an SSH client to log in to the cloud host from the external network.
At this point, you can perform various operations on the cloud host.
Next step: Cloud Resource Sharing: Quota Management
"},{"location":"en/admin/insight/alert-center/index.html","title":"Alert Center","text":"The Alert Center is an important feature provided by AI platform that allows users to easily view all active and historical alerts by cluster and namespace through a graphical interface, and search alerts based on severity level (critical, warning, info).
All alerts are triggered based on the threshold conditions set in the preset alert rules. In AI platform, some global alert policies are built-in, but users can also create or delete alert policies at any time, and set thresholds for the following metrics:
Users can also add labels and annotations to alert rules. Alert rules can be classified as active or expired, and certain rules can be enabled/disabled to achieve silent alerts.
When the threshold condition is met, users can configure how they want to be notified, including email, DingTalk, WeCom, webhook, and SMS notifications. All notification message templates can be customized and all messages are sent at specified intervals.
In addition, the Alert Center also supports sending alert messages to designated users through short message services provided by Alibaba Cloud, Tencent Cloud, and more platforms that will be added soon, enabling multiple ways of alert notification.
AI platform Alert Center is a powerful alert management platform that helps users quickly detect and resolve problems in the cluster, improve business stability and availability, and facilitate cluster inspection and troubleshooting.
"},{"location":"en/admin/insight/alert-center/alert-policy.html","title":"Alert Policies","text":"In addition to the built-in alert policies, AI platform allows users to create custom alert policies. Each alert policy is a collection of alert rules that can be set for clusters, nodes, and workloads. When an alert object reaches the threshold set by any of the rules in the policy, an alert is automatically triggered and a notification is sent.
Taking the built-in alerts as an example, click the first alert policy alertmanager.rules .
You can see that some alert rules have been set under it. You can add more rules under this policy, or edit or delete them at any time. You can also view the historical and active alerts related to this alert policy and edit the notification configuration.
"},{"location":"en/admin/insight/alert-center/alert-policy.html#create-alert-policies","title":"Create Alert Policies","text":"Select Alert Center -> Alert Policies , and click the Create Alert Policy button.
Fill in the basic information, select one or more clusters, nodes, or workloads as the alert objects, and click Next .
The list must have at least one rule. If the list is empty, please Add Rule .
Create an alert rule in the pop-up window, fill in the parameters, and click OK .
After clicking Next , configure notifications.
After the configuration is complete, click the OK button to return to the Alert Policy list.
Tip
The newly created alert policy is in the Not Triggered state. Once the threshold conditions and duration specified in the rules are met, it will change to the Triggered state.
"},{"location":"en/admin/insight/alert-center/alert-policy.html#create-log-rules","title":"Create Log Rules","text":"After filling in the basic information, click Add Rule and select Log Rule as the rule type.
Creating log rules is supported only when the resource object is selected as a node or workload.
Field Explanation:
After filling in the basic information, click Add Rule and select Event Rule as the rule type.
Creating event rules is supported only when the resource object is selected as a workload.
Field Explanation:
Click \u2507 at the right side of the list, then choose Delete from the pop-up menu to delete an alert policy. By clicking on the policy name, you can enter the policy details where you can add, edit, or delete the alert rules under it.
Warning
Deleted alert strategies will be permanently removed, so please proceed with caution.
"},{"location":"en/admin/insight/alert-center/alert-template.html","title":"Alert Template","text":"The Alert template allows platform administrators to create Alert templates and rules, and business units can directly use Alert templates to create Alert policies. This feature can reduce the management of Alert rules by business personnel and allow for modification of Alert thresholds based on actual environment conditions.
"},{"location":"en/admin/insight/alert-center/alert-template.html#create-alert-template","title":"Create Alert Template","text":"In the navigation bar, select Alert -> Alert Policy, and click Alert Template at the top.
Click Create Alert Template, and set the name, description, and other information for the Alert template.
Parameter Description Template Name The name can only contain lowercase letters, numbers, and hyphens (-), must start and end with a lowercase letter or number, and can be up to 63 characters long. Description The description can contain any characters and can be up to 256 characters long. Resource Type Used to specify the matching type of the Alert template. Alert Rule Supports pre-defined multiple Alert rules, including template rules and PromQL rules.Click OK to complete the creation and return to the Alert template list. Click the template name to view the template details.
Click \u2507 next to the target rule, then click Edit to enter the editing page for the suppression rule.
"},{"location":"en/admin/insight/alert-center/alert-template.html#delete-alert-template","title":"Delete Alert Template","text":"Click \u2507 next to the target template, then click Delete. Enter the name of the Alert template in the input box to confirm deletion.
"},{"location":"en/admin/insight/alert-center/inhibition.html","title":"Alert Inhibition","text":"Alert Inhibition is mainly a mechanism for temporarily hiding or reducing the priority of alerts that do not need immediate attention. The purpose of this feature is to reduce unnecessary alert information that may disturb operations personnel, allowing them to focus on more critical issues.
Alert inhibition recognizes and ignores certain alerts by defining a set of rules to deal with specific conditions. There are mainly the following conditions:
In the left navigation bar, select Alert -> Noise Reduction, and click Inhibition at the top.
Click Create Inhibition, and set the name and rules for the inhibition.
Note
The problem of avoiding multiple similar or related alerts that may be triggered by the same issue is achieved by defining a set of rules to identify and ignore certain alerts through Rule Details and Alert Details.
Parameter Description Name The name can only contain lowercase letters, numbers, and hyphens (-), must start and end with a lowercase letter or number, and can be up to 63 characters long. Description The description can contain any characters and can be up to 256 characters long. Cluster The cluster where the inhibition rule applies. Namespace The namespace where the inhibition rule applies. Source Alert Matching alerts by label conditions. It compares alerts that meet all label conditions with those that meet inhibition conditions, and alerts that do not meet inhibition conditions will be sent to the user as usual. Value range explanation: - Alert Level: The level of metric or event alerts, can be set as: Critical, Major, Minor. - Resource Type: The resource type specific for the alert object, can be set as: Cluster, Node, StatefulSet, Deployment, DaemonSet, Pod. - Labels: Alert identification attributes, consisting of label name and label value, supports user-defined values. Inhibition Specifies the matching conditions for the target alert (the alert to be inhibited). Alerts that meet all the conditions will no longer be sent to the user. Equal Specifies the list of labels to compare to determine if the source alert and target alert match. Inhibition is triggered only when the values of the labels specified inequal
are exactly the same in the source and target alerts. The equal
field is optional. If the equal
field is omitted, all labels are used for matching. Click OK to complete the creation and return to Inhibition list. Click the inhibition rule name to view the rule details.
In the left navigation bar, select Alert -> Alert Policy, and click the policy name to view the rule details.
!!! note\n\n You can add cuntom tags when adding rules.\n
"},{"location":"en/admin/insight/alert-center/inhibition.html#view-alert-details","title":"View Alert Details","text":"In the left navigation bar, select Alert -> Alerts, and click the policy name to view details.
!!! note\n\n Alert details show information and settings for creating inhibitions.\n
"},{"location":"en/admin/insight/alert-center/inhibition.html#edit-inhibition-rule","title":"Edit Inhibition Rule","text":"Click \u2507 next to the target rule, then click Edit to enter the editing page for the inhibition rule.
"},{"location":"en/admin/insight/alert-center/inhibition.html#delete-inhibition-rule","title":"Delete Inhibition Rule","text":"Click \u2507 next to the target rule, then click Delete. Enter the name of the inhibition rule in the input box to confirm deletion.
"},{"location":"en/admin/insight/alert-center/message.html","title":"Notification Settings","text":"On the Notification Settings page, you can configure how to send messages to users through email, WeCom, DingTalk, Webhook, and SMS.
"},{"location":"en/admin/insight/alert-center/message.html#email-group","title":"Email Group","text":"After entering Insight , click Alert Center -> Notification Settings in the left navigation bar. By default, the email notification object is selected. Click Add email group and add one or more email addresses.
Multiple email addresses can be added.
After the configuration is complete, the notification list will automatically return. Click \u2507 on the right side of the list to edit or delete the email group.
In the left navigation bar, click Alert Center -> Notification Settings -> WeCom . Click Add Group Robot and add one or more group robots.
For the URL of the WeCom group robot, please refer to the official document of WeCom: How to use group robots.
After the configuration is complete, the notification list will automatically return. Click \u2507 on the right side of the list, select Send Test Information , and you can also edit or delete the group robot.
In the left navigation bar, click Alert Center -> Notification Settings -> DingTalk . Click Add Group Robot and add one or more group robots.
For the URL of the DingTalk group robot, please refer to the official document of DingTalk: Custom Robot Access.
After the configuration is complete, the notification list will automatically return. Click \u2507 on the right side of the list, select Send Test Information , and you can also edit or delete the group robot.
In the left navigation bar, click Alert Center -> Notification Settings -> Lark . Click Add Group Bot and add one or more group bots.
Note
When signature verification is required in Lark's group bot, you need to fill in the specific signature key when enabling notifications. Refer to Customizing Bot User Guide.
After configuration, you will be automatically redirected to the list page. Click \u2507 on the right side of the list and select Send Test Message . You can edit or delete group bots.
In the left navigation bar, click Alert Center -> Notification Settings -> Webhook . Click New Webhook and add one or more Webhooks.
For the Webhook URL and more configuration methods, please refer to the webhook document.
After the configuration is complete, the notification list will automatically return. Click \u2507 on the right side of the list, select Send Test Information , and you can also edit or delete the Webhook.
Note
Alert messages are sent to the personal Message sector and notifications can be viewed by clicking \ud83d\udd14 at the top.
In the left navigation bar, click Alert Center -> Notification Settings -> Message\uff0cclick Create Message .
You can add and notify multiple users for a message.
After configuration, you will be automatically redirected to the list page. Click \u2507 on the right side of the list and select Send Test Message .
In the left navigation bar, click Alert Center -> Notification Settings -> SMS . Click Add SMS Group and add one or more SMS groups.
Enter the name, the object receiving the message, phone number, and notification server in the pop-up window.
The notification server needs to be created in advance under Notification Settings -> Notification Server . Currently, two cloud servers, Alibaba Cloud and Tencent Cloud, are supported. Please refer to your own cloud server information for the specific configuration parameters.
After the SMS group is successfully added, the notification list will automatically return. Click \u2507 on the right side of the list to edit or delete the SMS group.
The message template feature supports customizing the content of message templates and can notify specified objects in the form of email, WeCom, DingTalk, Webhook, and SMS.
"},{"location":"en/admin/insight/alert-center/msg-template.html#creating-a-message-template","title":"Creating a Message Template","text":"In the left navigation bar, select Alert -> Message Template .
Insight comes with two default built-in templates in both Chinese and English for user convenience.
Fill in the template content.
Info
Observability comes with predefined message templates. If you need to define the content of the templates, refer to Configure Notification Templates.
"},{"location":"en/admin/insight/alert-center/msg-template.html#message-template-details","title":"Message Template Details","text":"Click the name of a message template to view the details of the message template in the right slider.
Parameters Variable Description ruleName {{ .Labels.alertname }} The name of the rule that triggered the alert groupName {{ .Labels.alertgroup }} The name of the alert policy to which the alert rule belongs severity {{ .Labels.severity }} The level of the alert that was triggered cluster {{ .Labels.cluster }} The cluster where the resource that triggered the alert is located namespace {{ .Labels.namespace }} The namespace where the resource that triggered the alert is located node {{ .Labels.node }} The node where the resource that triggered the alert is located targetType {{ .Labels.target_type }} The resource type of the alert target target {{ .Labels.target }} The name of the object that triggered the alert value {{ .Annotations.value }} The metric value at the time the alert notification was triggered startsAt {{ .StartsAt }} The time when the alert started to occur endsAt {{ .EndsAt }} The time when the alert ended description {{ .Annotations.description }} A detailed description of the alert labels {{ for .labels }} {{ end }} All labels of the alert use thefor
function to iterate through the labels list to get all label contents."},{"location":"en/admin/insight/alert-center/msg-template.html#editing-or-deleting-a-message-template","title":"Editing or Deleting a Message Template","text":"Click \u2507 on the right side of the list and select Edit or Delete from the pop-up menu to modify or delete the message template.
Warning
Once a template is deleted, it cannot be recovered, so please use caution when deleting templates.
"},{"location":"en/admin/insight/alert-center/silent.html","title":"Alert Silence","text":"Alert silence is a feature that allows alerts meeting certain criteria to be temporarily disabled from sending notifications within a specific time range. This feature helps operations personnel avoid receiving too many noisy alerts during certain operations or events, while also allowing for more precise handling of real issues that need to be addressed.
On the Alert Silence page, you can see two tabs: Active Rule and Expired Rule. The former presents the rules currently in effect, while the latter presents those that were defined in the past but have now expired (or have been deleted by the user).
"},{"location":"en/admin/insight/alert-center/silent.html#creating-a-silent-rule","title":"Creating a Silent Rule","text":"In the left navigation bar, select Alert -> Noice Reduction -> Alert Silence , and click the Create Silence Rule button.
Fill in the parameters for the silent rule, such as cluster, namespace, tags, and time, to define the scope and effective time of the rule, and then click OK .
Return to the rule list, and on the right side of the list, click \u2507 to edit or delete a silent rule.
Through the Alert Silence feature, you can flexibly control which alerts should be ignored and when they should be effective, thereby improving operational efficiency and reducing the possibility of false alerts.
"},{"location":"en/admin/insight/alert-center/sms-provider.html","title":"Configure Notification Server","text":"Insight supports SMS notifications and currently sends alert messages using integrated Alibaba Cloud and Tencent Cloud SMS services. This article explains how to configure the SMS notification server in Insight. The variables supported in the SMS signature are the default variables in the message template. As the number of SMS characters is limited, it is recommended to choose more explicit variables.
For information on how to configure SMS recipients, refer to the document: Configure SMS Notification Group.
"},{"location":"en/admin/insight/alert-center/sms-provider.html#procedure","title":"Procedure","text":"Go to Alert Center -> Notification Settings -> Notification Server .
Click Add Notification Server .
Configure Alibaba Cloud server.
To apply for Alibaba Cloud SMS service, please refer to Alibaba Cloud SMS Service.
Field descriptions:
Please refer to Alibaba Cloud Variable Specification.
Note
Example: The template content defined in Alibaba Cloud is: ${severity}: ${alertname} triggered at ${startat}. Refer to the configuration in the parameter template.
Configure Tencent Cloud server.
To apply for Tencent Cloud SMS service, please refer to Tencent Cloud SMS.
Field descriptions:
Note
Example: The template content defined in Tencent Cloud is: {1}: {2} triggered at {3}. Refer to the configuration in the parameter template.
After installing the insight-agent in the cluster, Fluent Bit in insight-agent will collect logs in the cluster by default, including Kubernetes event logs, node logs, and container logs. Fluent Bit has already configured various log collection plugins, related filter plugins, and log output plugins. The working status of these plugins determines whether log collection is normal. Below is a dashboard for Fluent Bit that monitors the working conditions of each Fluent Bit in the cluster and the collection, processing, and export of plugin logs.
Use AI platform, enter Insight , and select the Dashboard in the left navigation bar.
Click the dashboard title Overview .
Switch to the insight-system -> Fluent Bit dashboard.
There are several check boxes above the Fluent Bit dashboard to select the input plugin, filter plugin, output plugin, and cluster in which it is located.
Here are some plugins for Fluent Bit .
Log Collection Plugin
Input Plugin Plugin Description Collection Directory tail.kube Collect container logs /var/log/containers/*.log tail.kubeevent Collect Kubernetes event logs /var/log/containers/-kubernetes-event-exporter.log tail.syslog.dmesg Collect host dmesg logs /var/log/dmesg tail.syslog.messages Collect frequently used host logs /var/log/secure, /var/log/messages, /var/log/syslog,/var/log/auth.log syslog.syslog.RSyslog Collect RSyslog logs systemd.syslog.systemd Collect Journald daemon logs tail.audit_log.k8s Collect Kubernetes audit logs /var/log//audit/.log tail.audit_log.ghippo Collect global management audit logs /var/log/containers/_ghippo-system_audit-log.log tail.skoala-gw Collect microservice gateway logs /var/log/containers/_skoala-gw.logLog Filter Plugin
Filter Plugin Plugin Description Lua.audit_log.k8s Use lua to filter Kubernetes audit logs that meet certain conditionsNote
There are more filter plugins than Lua.audit_log.k8s, which only introduces filters that will discard logs.
Log Output Plugin
Output Plugin Plugin Description es.kube.kubeevent.syslog Write Kubernetes audit logs, event logs, and syslog logs to ElasticSearch cluster forward.audit_log Send Kubernetes audit logs and global management audit logs to Global Management es.skoala Write request logs and instance logs of microservice gateway to ElasticSearch cluster"},{"location":"en/admin/insight/best-practice/debug-trace.html","title":"Trace Collection Troubleshooting Guide","text":"Before attempting to troubleshoot issues with trace data collection, you need to understand the transmission path of trace data. The following is a schematic diagram of the transmission of trace data:
graph TB\n\nsdk[Language proble / SDK] --> workload[Workload cluster otel collector]\n--> otel[Global cluster otel collector]\n--> jaeger[Global cluster jaeger collector]\n--> es[Elasticsearch cluster]\n\nclassDef plain fill:#ddd,stroke:#fff,stroke-width:1px,color:#000;\nclassDef k8s fill:#326ce5,stroke:#fff,stroke-width:1px,color:#fff;\nclassDef cluster fill:#fff,stroke:#bbb,stroke-width:1px,color:#326ce5;\n\nclass sdk,workload,otel,jaeger,es cluster
As shown in the above figure, any transmission failure at any step will result in the inability to query trace data. If you find that there is no trace data after completing the application trace enhancement, please perform the following steps:
Use AI platform, enter Insight , and select the Dashboard in the left navigation bar.
Click the dashboard title Overview .
Switch to the insight-system -> insight tracing debug dashboard.
You can see that this dashboard is composed of three blocks, each responsible for monitoring the data transmission of different clusters and components. Check whether there are problems with trace data transmission through the generated time series chart.
workload opentelemetry collector
Display the opentelemetry collector in different worker clusters receiving language probe/SDK trace data and sending aggregated trace data. You can select the cluster where it is located by the Cluster selection box in the upper left corner.
Note
Based on these four time series charts, you can determine whether the opentelemetry collector in this cluster is running normally.
global opentelemetry collector
Display the opentelemetry collector in the Global Service Cluster receiving trace data from the worker cluster's opentelemetry collector and sending aggregated trace data.
Note
The opentelemetry collector in the Global Management Cluster is also responsible for sending audit logs of all worker clusters' global management module and Kubernetes audit logs (not collected by default) to the audit server component of the global management module.
global jaeger collector
Display the jaeger collector in the Global Management Cluster receiving data from the otel collector in the Global Management Cluster and sending trace data to the ElasticSearch cluster.
This article serves as a guide on using Insight to identify and analyze abnormal components in AI platform and determine the root causes of component exceptions.
Please note that this post assumes you have a basic understanding of Insight's product features or vision.
"},{"location":"en/admin/insight/best-practice/find_root_cause.html#service-map-identifying-abnormalities-on-a-macro-level","title":"Service Map - Identifying Abnormalities on a Macro Level","text":"In enterprise microservice architectures, managing a large number of services with complex interdependencies can be challenging. Insight offers service map monitoring, allowing users to gain a high-level overview of the running microservices in the system.
In the example below, you observe that the node insight-server is highlighted in red/yellow on the service map. By hovering over the node, you can see the error rate associated with it. To investigate further and understand why the error rate is not 0 , you can explore more detailed information:
Alternatively, clicking on the service name at the top will take you to the service's overview UI:
"},{"location":"en/admin/insight/best-practice/find_root_cause.html#service-overview-delving-into-detailed-analysis","title":"Service Overview - Delving into Detailed Analysis","text":"When it becomes necessary to analyze inbound and outbound traffic separately, you can use the filter in the upper right corner to refine the data. After applying the filter, you can observe that the service has multiple operations proper to a non-zero error rate. To investigate further, you can inspect the traces generated by these operations during a specific time period by clicking on \"View Traces\":
"},{"location":"en/admin/insight/best-practice/find_root_cause.html#trace-details-identifying-and-eliminating-root-causes-of-errors","title":"Trace Details - Identifying and Eliminating Root Causes of Errors","text":"In the trace list, you can easily identify traces marked as error (circled in red in the figure above) and examine their details by clicking on the proper trace. The following figure illustrates the trace details:
Within the trace diagram, you can quickly locate the last piece of data in an error state. Expanding the associated logs section reveals the cause of the request error:
Following the above analysis method, you can also identify traces related to other operation errors:
"},{"location":"en/admin/insight/best-practice/find_root_cause.html#lets-get-started-with-your-analysis","title":"Let's Get Started with Your Analysis!","text":""},{"location":"en/admin/insight/best-practice/insight-kafka.html","title":"Kafka + Elasticsearch Stream Architecture for Handling Large-Scale Logs","text":"
As businesses grow, the amount of log data generated by applications increases significantly. To ensure that systems can properly collect and analyze massive amounts of log data, it is common practice to introduce a streaming architecture using Kafka to handle asynchronous data collection. The collected log data flows through Kafka and is consumed by proper components, which then store the data into Elasticsearch for visualization and analysis using Insight.
This article will introduce two solutions:
Once we integrate Kafka into the logging system, the data flow diagram looks as follows:
Both solutions share similarities but differ in the component used to consume Kafka data. To ensure compatibility with Insight's data analysis, the format of the data consumed from Kafka and written into Elasticsearch should be consistent with the data directly written by Fluentbit to Elasticsearch.
Let's first see how Fluentbit writes logs to Kafka:
"},{"location":"en/admin/insight/best-practice/insight-kafka.html#modifying-fluentbit-output-configuration","title":"Modifying Fluentbit Output Configuration","text":"Once the Kafka cluster is ready, we need to modify the content of the insight-system namespace's ConfigMap . We will add three Kafka outputs and comment out the original three Elasticsearch outputs:
Assuming the Kafka Brokers address is: insight-kafka.insight-system.svc.cluster.local:9092
[OUTPUT]\n Name kafka\n Match_Regex (?:kube|syslog)\\.(.*)\n Brokers insight-kafka.insight-system.svc.cluster.local:9092\n Topics insight-logs\n format json\n timestamp_key @timestamp\n rdkafka.batch.size 65536\n rdkafka.compression.level 6\n rdkafka.compression.type lz4\n rdkafka.linger.ms 0\n rdkafka.log.connection.close false\n rdkafka.message.max.bytes 2.097152e+06\n rdkafka.request.required.acks 1\n [OUTPUT]\n Name kafka\n Match_Regex (?:skoala-gw)\\.(.*)\n Brokers insight-kafka.insight-system.svc.cluster.local:9092\n Topics insight-gw-skoala\n format json\n timestamp_key @timestamp\n rdkafka.batch.size 65536\n rdkafka.compression.level 6\n rdkafka.compression.type lz4\n rdkafka.linger.ms 0\n rdkafka.log.connection.close false\n rdkafka.message.max.bytes 2.097152e+06\n rdkafka.request.required.acks 1\n [OUTPUT]\n Name kafka\n Match_Regex (?:kubeevent)\\.(.*)\n Brokers insight-kafka.insight-system.svc.cluster.local:9092\n Topics insight-event\n format json\n timestamp_key @timestamp\n rdkafka.batch.size 65536\n rdkafka.compression.level 6\n rdkafka.compression.type lz4\n rdkafka.linger.ms 0\n rdkafka.log.connection.close false\n rdkafka.message.max.bytes 2.097152e+06\n rdkafka.request.required.acks 1\n
Next, let's discuss the subtle differences in consuming Kafka data and writing it to Elasticsearch. As mentioned at the beginning of this article, we will explore Logstash and Vector as two ways to consume Kafka data.
"},{"location":"en/admin/insight/best-practice/insight-kafka.html#consuming-kafka-and-writing-to-elasticsearch","title":"Consuming Kafka and Writing to Elasticsearch","text":"Assuming the Elasticsearch address is: https://mcamel-common-es-cluster-es-http.mcamel-system:9200
If you are familiar with the Logstash technology stack, you can continue using this approach.
When deploying Logstash via Helm, you can add the following pipeline in the logstashPipeline section:
replicas: 3\nresources:\n requests:\n cpu: 100m\n memory: 1536Mi\n limits:\n cpu: 1000m\n memory: 1536Mi\nlogstashConfig:\n logstash.yml: |\n http.host: 0.0.0.0\n xpack.monitoring.enabled: false\nlogstashPipeline:\n insight-event.conf: |\n input {\n kafka {\n add_field => {\"kafka_topic\" => \"insight-event\"}\n topics => [\"insight-event\"] \n bootstrap_servers => \"172.30.120.189:32082\" # kafka\u7684ip \u548c\u7aef\u53e3\n enable_auto_commit => true\n consumer_threads => 1 # \u5bf9\u5e94 partition \u7684\u6570\u91cf\n decorate_events => true\n codec => \"plain\"\n }\n }\n\n filter {\n mutate { gsub => [ \"message\", \"@timestamp\", \"_@timestamp\"] }\n json {source => \"message\"}\n date {\n match => [ \"_@timestamp\", \"UNIX\" ]\n remove_field => \"_@timestamp\"\n remove_tag => \"_timestampparsefailure\"\n }\n mutate {\n remove_field => [\"event\", \"message\"]\n }\n }\n\n output {\n if [kafka_topic] == \"insight-event\" {\n elasticsearch {\n hosts => [\"https://172.30.120.201:32427\"] # elasticsearch \u5730\u5740\n user => 'elastic' # elasticsearch \u7528\u6237\u540d\n ssl => 'true'\n password => '0OWj4D54GTH3xK06f9Gg01Zk' # elasticsearch \u5bc6\u7801\n ssl_certificate_verification => 'false'\n action => \"create\"\n index => \"insight-es-k8s-event-logs-alias\"\n data_stream => \"false\"\n }\n }\n }\n insight-gw-skoala.conf: |\n input {\n kafka {\n add_field => {\"kafka_topic\" => \"insight-gw-skoala\"}\n topics => [\"insight-gw-skoala\"] \n bootstrap_servers => \"172.30.120.189:32082\"\n enable_auto_commit => true\n consumer_threads => 1\n decorate_events => true\n codec => \"plain\"\n }\n }\n\n filter {\n mutate { gsub => [ \"message\", \"@timestamp\", \"_@timestamp\"] }\n json {source => \"message\"}\n date {\n match => [ \"_@timestamp\", \"UNIX\" ]\n remove_field => \"_@timestamp\"\n remove_tag => \"_timestampparsefailure\"\n }\n mutate {\n remove_field => [\"event\", \"message\"]\n }\n }\n\n output {\n if [kafka_topic] == \"insight-gw-skoala\" {\n elasticsearch {\n hosts => [\"https://172.30.120.201:32427\"]\n user => 'elastic'\n ssl => 'true'\n password => '0OWj4D54GTH3xK06f9Gg01Zk'\n ssl_certificate_verification => 'false'\n action => \"create\"\n index => \"skoala-gw-alias\"\n data_stream => \"false\"\n }\n }\n }\n insight-logs.conf: |\n input {\n kafka {\n add_field => {\"kafka_topic\" => \"insight-logs\"}\n topics => [\"insight-logs\"] \n bootstrap_servers => \"172.30.120.189:32082\" \n enable_auto_commit => true\n consumer_threads => 1\n decorate_events => true\n codec => \"plain\"\n }\n }\n\n filter {\n mutate { gsub => [ \"message\", \"@timestamp\", \"_@timestamp\"] }\n json {source => \"message\"}\n date {\n match => [ \"_@timestamp\", \"UNIX\" ]\n remove_field => \"_@timestamp\"\n remove_tag => \"_timestampparsefailure\"\n }\n mutate {\n remove_field => [\"event\", \"message\"]\n }\n }\n\n output {\n if [kafka_topic] == \"insight-logs\" {\n elasticsearch {\n hosts => [\"https://172.30.120.201:32427\"]\n user => 'elastic'\n ssl => 'true'\n password => '0OWj4D54GTH3xK06f9Gg01Zk'\n ssl_certificate_verification => 'false'\n action => \"create\"\n index => \"insight-es-k8s-logs-alias\"\n data_stream => \"false\"\n }\n }\n }\n
"},{"location":"en/admin/insight/best-practice/insight-kafka.html#consumption-with-vector","title":"Consumption with Vector","text":"If you are familiar with the Vector technology stack, you can continue using this approach.
When deploying Vector via Helm, you can reference a ConfigMap with the following rules:
metadata:\n name: vector\napiVersion: v1\ndata:\n aggregator.yaml: |\n api:\n enabled: true\n address: '0.0.0.0:8686'\n sources:\n insight_logs_kafka:\n type: kafka\n bootstrap_servers: 'insight-kafka.insight-system.svc.cluster.local:9092'\n group_id: consumer-group-insight\n topics:\n - insight-logs\n insight_event_kafka:\n type: kafka\n bootstrap_servers: 'insight-kafka.insight-system.svc.cluster.local:9092'\n group_id: consumer-group-insight\n topics:\n - insight-event\n insight_gw_skoala_kafka:\n type: kafka\n bootstrap_servers: 'insight-kafka.insight-system.svc.cluster.local:9092'\n group_id: consumer-group-insight\n topics:\n - insight-gw-skoala\n transforms:\n insight_logs_remap:\n type: remap\n inputs:\n - insight_logs_kafka\n source: |2\n . = parse_json!(string!(.message))\n .@timestamp = now()\n insight_event_kafka_remap:\n type: remap\n inputs:\n - insight_event_kafka\n - insight_gw_skoala_kafka\n source: |2\n . = parse_json!(string!(.message))\n .@timestamp = now()\n insight_gw_skoala_kafka_remap:\n type: remap\n inputs:\n - insight_gw_skoala_kafka\n source: |2\n . = parse_json!(string!(.message))\n .@timestamp = now()\n sinks:\n insight_es_logs:\n type: elasticsearch\n inputs:\n - insight_logs_remap\n api_version: auto\n auth:\n strategy: basic\n user: elastic\n password: 8QZJ656ax3TXZqQh205l3Ee0\n bulk:\n index: insight-es-k8s-logs-alias-1418\n endpoints:\n - 'https://mcamel-common-es-cluster-es-http.mcamel-system:9200'\n tls:\n verify_certificate: false\n verify_hostname: false\n insight_es_event:\n type: elasticsearch\n inputs:\n - insight_event_kafka_remap\n api_version: auto\n auth:\n strategy: basic\n user: elastic\n password: 8QZJ656ax3TXZqQh205l3Ee0\n bulk:\n index: insight-es-k8s-event-logs-alias-1418\n endpoints:\n - 'https://mcamel-common-es-cluster-es-http.mcamel-system:9200'\n tls:\n verify_certificate: false\n verify_hostname: false\n insight_es_gw_skoala:\n type: elasticsearch\n inputs:\n - insight_gw_skoala_kafka_remap\n api_version: auto\n auth:\n strategy: basic\n user: elastic\n password: 8QZJ656ax3TXZqQh205l3Ee0\n bulk:\n index: skoala-gw-alias-1418\n endpoints:\n - 'https://mcamel-common-es-cluster-es-http.mcamel-system:9200'\n tls:\n verify_certificate: false\n verify_hostname: false\n
"},{"location":"en/admin/insight/best-practice/insight-kafka.html#checking-if-its-working-properly","title":"Checking if it's Working Properly","text":"You can verify if the configuration is successful by checking if there are new data in the Insight log query interface or observing an increase in the number of indices in Elasticsearch.
"},{"location":"en/admin/insight/best-practice/insight-kafka.html#references","title":"References","text":"DeepFlow is an observability product based on eBPF. Its community edition has been integrated into Insight. The following is the integration process.
"},{"location":"en/admin/insight/best-practice/integration_deepflow.html#prerequisites","title":"Prerequisites","text":"Installing DeepFlow components requires two charts:
deepflow
: includes components such as deepflow-app
, deepflow-server
, deepflow-clickhouse
, and deepflow-agent
. Generally, deepflow
is deployed in the global service cluster, so it also installs deepflow-agent
together.deepflow-agent
: only includes the deepflow-agent
component, used to collect eBPF data and send it to deepflow-server
.DeepFlow needs to be installed in the global service cluster.
Go to the kpanda-global-cluster cluster and click Helm Apps -> Helm Charts in the left navigation bar, select community as the repository, and search for deepflow
in the search box:
Click the deepflow card to enter the details page:
Click Install to enter the installation page:
Most of the values have default values. Clickhouse and Mysql require applying storage volumes, and their default sizes are 10Gi. You can search for relevant configurations and modify them using the persistence keyword.
After configuring, click OK to start the installation.
After installing DeepFlow, you also need to enable the related feature switches in Insight.
Click ConfigMps & Keys -> ConfigMaps in the left navigation bar, search for insight-server-config in the search box, and edit it:
In the YAML, find the eBPF Flow feature switch and enable it:
Save the changes and restart insight-server. The Insight main page will display Network Observability :
DeepFlow Agent is installed in the sub-cluster using the deepflow-agent
chart. It is used to collect eBPF observability data from the sub-cluster and report it to the global service cluster. Similar to installing deepflow
, go to Helm Apps -> Helm Charts, select community as the repository, and search for deepflow-agent
in the search box. Follow the process to enter the installation page.
Parameter Explanation:
daemonset
.Asia/Shanghai
.30035
.After configuring, click OK to complete the installation.
"},{"location":"en/admin/insight/best-practice/integration_deepflow.html#usage","title":"Usage","text":"After correctly installing DeepFlow, click Network Observability to enter the DeepFlow Grafana UI. It contains a large number of dashboards for viewing and helping analyze issues. Click DeepFlow Templates to browse all available dashboards:
"},{"location":"en/admin/insight/best-practice/sw-to-otel.html","title":"Simplifying Trace Data Integration with OpenTelemetry and SkyWalking","text":"This article explains how to seamlessly integrate trace data from SkyWalking into the Insight platform, using OpenTelemetry. With zero code modification required, you can transform your existing SkyWalking trace data and leverage Insight's capabilities.
"},{"location":"en/admin/insight/best-practice/sw-to-otel.html#understanding-the-code","title":"Understanding the Code","text":"To ensure compatibility with different distributed tracing implementations, OpenTelemetry provides a way to incorporate components that standardize data processing and output to various backends. While Jaeger and Zipkin are already available, we have contributed the SkyWalkingReceiver to the OpenTelemetry community. This receiver has been refined and is now suitable for use in production environments without any modifications to your application's code.
Although SkyWalking and OpenTelemetry share similarities, such as using Trace to define a trace and Span to mark the smallest granularity, there are differences in certain details and implementations:
SkyWalking OpenTelemetry Data Structure Span -> Segment -> Trace Span -> Trace Attribute Information Tags Attributes Application Time Logs Events Reference Relationship References LinksNow, let's discuss the steps involved in converting SkyWalking Trace to OpenTelemetry Trace. The main tasks include:
Constructing OpenTelemetry's TraceId and SpanId
Constructing OpenTelemetry's ParentSpanId
Retaining SkyWalking's original TraceId, SegmentId, and SpanId in OpenTelemetry Spans
First, let's look at how to construct the TraceId and SpanId for OpenTelemetry. Both SkyWalking and OpenTelemetry use TraceId to connect distributed service calls and use SpanId to mark each Span, but there are significant differences in the implementation specifications:
Info
View GitHub for code implementation\uff1a
Specifically, the possible formats for SkyWalking TraceId and SegmentId are as follows:
In the OpenTelemetry protocol, a Span is unique across all Traces, while in SkyWalking, a Span is only unique within each Segment. This means that to uniquely identify a Span in SkyWalking, it is necessary to combine the SegmentId and SpanId, and convert it to the SpanId in OpenTelemetry.
Info
View GitHub for code implementation\uff1a
Next, let's see how to construct the ParentSpanId for OpenTelemetry. Within a Segment, the ParentSpanId field in SkyWalking can be directly used to construct the ParentSpanId field in OpenTelemetry. However, when a Trace spans multiple Segments, SkyWalking uses the association information represented by ParentTraceSegmentId and ParentSpanId in the Reference. In this case, the ParentSpanId in OpenTelemetry needs to be constructed using the information in the Reference.
Code implementation can be found on GitHub: Skywalking Receiver
Finally, let's see how to preserve the original TraceId, SegmentId, and SpanId from SkyWalking in the OpenTelemetry Span. We carry these original information to associate the OpenTelemetry TraceId and SpanId displayed in the distributed tracing backend with the SkyWalking TraceId, SegmentId, and SpanId in the application logs. We choose to carry the original TraceId, SegmentId, and ParentSegmentId from SkyWalking to the OpenTelemetry Attributes.
Info
View GitHub for code implementation\uff1a
After this series of conversions, we have fully transformed the SkyWalking Segment Object into an OpenTelemetry Trace, as shown in the following diagram:
"},{"location":"en/admin/insight/best-practice/sw-to-otel.html#deploying-the-demo","title":"Deploying the Demo","text":"To demonstrate the complete process of collecting and displaying SkyWalking tracing data using OpenTelemetry, we will use a demo application.
First, deploy the OpenTelemetry Agent and enable the following configuration to ensure compatibility with the SkyWalking protocol:
# otel-agent config\nreceivers:\n skywalking:\n protocols:\n grpc:\n endpoint: 0.0.0.0:11800 # Receive trace data reported by the SkyWalking Agent\n http: \n endpoint: 0.0.0.0:12800 # Receive trace data reported from the front-end / nginx or other HTTP protocols\nservice: \n pipelines: \n traces: \n receivers: [skywalking]\n\n# otel-agent service yaml\nspec:\n ports: \n - name: sw-http\n port: 12800 \n protocol: TCP \n targetPort: 12800 \n - name: sw-grpc \n port: 11800 \n protocol: TCP \n targetPort: 11800\n
Next, modify the connection of your business application from the SkyWalking OAP Service (e.g., oap:11800) to the OpenTelemetry Agent Service (e.g., otel-agent:11800). This will allow you to start receiving trace data from the SkyWalking probe using OpenTelemetry.
To demonstrate the entire process, we will use the SkyWalking-showcase Demo. This demo utilizes the SkyWalking Agent for tracing, and after being processed by OpenTelemetry, the final results are presented using Jaeger:
From the architecture diagram of the SkyWalking Showcase, we can observe that the data remains intact even after standardization by OpenTelemetry. In this trace, the request starts from app/homepage, then two requests /rcmd and /songs/top are initiated simultaneously within the app, distributed to the recommendation and songs services, and finally reach the database for querying, completing the entire request chain.
Additionally, you can view the original SkyWalking Id information on the Jaeger page, which facilitates correlation with application logs:
By following these steps, you can seamlessly integrate SkyWalking trace data into OpenTelemetry and leverage the capabilities of the Insight platform.
"},{"location":"en/admin/insight/best-practice/tail-based-sampling.html","title":"About Trace Sampling and Configuration","text":"Using distributed tracing, you can observe how requests flow through various systems in a distributed system. Undeniably, it is very useful for understanding service connections, diagnosing latency issues, and providing many other benefits.
However, if most of your requests are successful and there are no unacceptable delays or errors, do you really need all this data? Therefore, you only need to achieve the right insights through appropriate data sampling rather than a large amount or complete data.
The idea behind sampling is to control the traces sent to the observability collector, thereby reducing collection costs. Different organizations have different reasons for sampling, including why they want to sample and what types of data they wish to sample. Therefore, we need to customize the sampling strategy:
It is important to use consistent terminology when discussing sampling. A Trace or Span is considered sampled or unsampled:
Head sampling is a sampling technique used to make a sampling decision as early as possible. A decision to sample or drop a span or trace is not made by inspecting the trace as a whole.
For example, the most common form of head sampling is Consistent Probability Sampling. This is also be referred to as Deterministic Sampling. In this case, a sampling decision is made based on the trace ID and the desired percentage of traces to sample. This ensures that whole traces are sampled - no missing spans - at a consistent rate, such as 5% of all traces.
The upsides to head sampling are: - Easy to understand - Easy to configure - Efficient - Can be done at any point in the trace collection pipeline
The primary downside to head sampling is that it is not possible to make a sampling decision based on data in the entire trace. This means that while head sampling is effective as a blunt instrument, but it is completely insufficient for sampling strategies that must consider information from the entire system. For example, you cannot ensure that all traces with an error within them are sampled with head sampling alone. For this situation and many others, you need tail sampling.
"},{"location":"en/admin/insight/best-practice/tail-based-sampling.html#tail-sampling-recommended","title":"Tail Sampling (Recommended)","text":"Tail sampling is where the decision to sample a trace takes place by considering all or most of the spans within the trace. Tail Sampling gives you the option to sample your traces based on specific criteria derived from different parts of a trace, which isn\u2019t an option with Head Sampling.
Some examples of how to use tail sampling include:
As you can see, tail sampling allows for a much higher degree of sophistication in how you sample data. For larger systems that must sample telemetry, it is almost always necessary to use Tail Sampling to balance data volume with the usefulness of that data.
There are three primary downsides to tail sampling today:
Finally, for some systems, tail sampling might be used in conjunction with Head Sampling. For example, a set of services that produce an extremely high volume of trace data might first use head sampling to sample only a small percentage of traces, and then later in the telemetry pipeline use tail sampling to make more sophisticated sampling decisions before exporting to a backend. This is often done in the interest of protecting the telemetry pipeline from being overloaded.
Insight currently recommends using tail sampling and prioritizes support for tail sampling.
The tail sampling processor samples traces based on a defined set of strategies. However, all spans of a trace must be received by the same collector instance to make effective sampling decisions.
Therefore, adjustments need to be made to the Global OpenTelemetry Collector architecture of Insight to implement the tail sampling strategy.
"},{"location":"en/admin/insight/best-practice/tail-based-sampling.html#specific-changes-to-insight","title":"Specific Changes to Insight","text":"Introduce an Opentelemetry Collector Gateway component with load balancing capabilities in front of the insight-opentelemetry-collector
in the Global cluster, allowing the same group of Traces to be routed to the same Opentelemetry Collector instance based on the TraceID.
Deploy an OTEL COL Gateway component with load balancing capabilities.
If you are using Insight V0.25.x, you can quickly enable this by using the Helm Upgrade parameter --set opentelemetry-collector-gateway.enabled=true
, thereby skipping the deployment process described below.
Refer to the following YAML to deploy the component.
Click to view deployment configurationkind: ClusterRole\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n name: insight-otel-collector-gateway\nrules:\n- apiGroups: [\"\"]\n resources: [\"endpoints\"]\n verbs: [\"get\", \"watch\", \"list\"]\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: insight-otel-collector-gateway\n namespace: insight-system\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n name: insight-otel-collector-gateway\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: insight-otel-collector-gateway\nsubjects:\n- kind: ServiceAccount\n name: insight-otel-collector-gateway\n namespace: insight-system\n---\nkind: ConfigMap\nmetadata:\n labels:\n app.kubernetes.io/component: opentelemetry-collector\n app.kubernetes.io/instance: insight-otel-collector-gateway\n app.kubernetes.io/name: insight-otel-collector-gateway\n name: insight-otel-collector-gateway-collector\n namespace: insight-system\napiVersion: v1\ndata:\n collector.yaml: |\n receivers:\n otlp:\n protocols:\n grpc:\n http:\n jaeger:\n protocols:\n grpc:\n processors:\n\n extensions:\n health_check:\n pprof:\n endpoint: :1888\n zpages:\n endpoint: :55679\n exporters:\n logging:\n loadbalancing:\n routing_key: \"traceID\"\n protocol:\n otlp:\n # all options from the OTLP exporter are supported\n # except the endpoint\n timeout: 1s\n tls:\n insecure: true\n resolver:\n k8s:\n service: insight-opentelemetry-collector\n ports:\n - 4317\n service:\n extensions: [pprof, zpages, health_check]\n pipelines:\n traces:\n receivers: [otlp, jaeger]\n exporters: [loadbalancing]\n---\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n labels:\n app.kubernetes.io/component: opentelemetry-collector\n app.kubernetes.io/instance: insight-otel-collector-gateway\n app.kubernetes.io/name: insight-otel-collector-gateway\n name: insight-otel-collector-gateway\n namespace: insight-system\nspec:\n replicas: 2\n selector:\n matchLabels:\n app.kubernetes.io/component: opentelemetry-collector\n app.kubernetes.io/instance: insight-otel-collector-gateway\n app.kubernetes.io/name: insight-otel-collector-gateway\n template:\n metadata:\n labels:\n app.kubernetes.io/component: opentelemetry-collector\n app.kubernetes.io/instance: insight-otel-collector-gateway\n app.kubernetes.io/name: insight-otel-collector-gateway\n spec:\n containers:\n - args:\n - --config=/conf/collector.yaml\n env:\n - name: POD_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.name\n image: ghcr.m.daocloud.io/openinsight-proj/opentelemetry-collector-contrib:5baef686672cfe5551e03b5c19d3072c432b6f33\n imagePullPolicy: IfNotPresent\n livenessProbe:\n failureThreshold: 3\n httpGet:\n path: /\n port: 13133\n scheme: HTTP\n periodSeconds: 10\n successThreshold: 1\n timeoutSeconds: 1\n name: otc-container\n resources:\n limits:\n cpu: '1'\n memory: 2Gi\n requests:\n cpu: 100m\n memory: 400Mi\n ports:\n - containerPort: 14250\n name: jaeger-grpc\n protocol: TCP\n - containerPort: 8888\n name: metrics\n protocol: TCP\n - containerPort: 4317\n name: otlp-grpc\n protocol: TCP\n - containerPort: 4318\n name: otlp-http\n protocol: TCP\n - containerPort: 55679\n name: zpages\n protocol: TCP\n\n volumeMounts:\n - mountPath: /conf\n name: otc-internal\n\n serviceAccount: insight-otel-collector-gateway\n serviceAccountName: insight-otel-collector-gateway\n volumes:\n - configMap:\n defaultMode: 420\n items:\n - key: collector.yaml\n path: collector.yaml\n name: insight-otel-collector-gateway-collector\n name: otc-internal\n---\nkind: Service\napiVersion: v1\nmetadata:\n name: insight-opentelemetry-collector-gateway\n namespace: insight-system\n labels:\n app.kubernetes.io/component: opentelemetry-collector\n app.kubernetes.io/instance: insight-otel-collector-gateway\n app.kubernetes.io/name: insight-otel-collector-gateway\nspec:\n ports:\n - name: fluentforward\n protocol: TCP\n port: 8006\n targetPort: 8006\n - name: jaeger-compact\n protocol: UDP\n port: 6831\n targetPort: 6831\n - name: jaeger-grpc\n protocol: TCP\n port: 14250\n targetPort: 14250\n - name: jaeger-thrift\n protocol: TCP\n port: 14268\n targetPort: 14268\n - name: metrics\n protocol: TCP\n port: 8888\n targetPort: 8888\n - name: otlp\n protocol: TCP\n appProtocol: grpc\n port: 4317\n targetPort: 4317\n - name: otlp-http\n protocol: TCP\n port: 4318\n targetPort: 4318\n - name: zipkin\n protocol: TCP\n port: 9411\n targetPort: 9411\n - name: zpages\n protocol: TCP\n port: 55679\n targetPort: 55679\n selector:\n app.kubernetes.io/component: opentelemetry-collector\n app.kubernetes.io/instance: insight-otel-collector-gateway\n app.kubernetes.io/name: insight-otel-collector-gateway\n
Configure Tail Sampling Rules
Note
Tail sampling rules need to be added to the existing insight-otel-collector-config configmap configuration group.
Add the following content in the processor
section, and adjust the specific rules as needed, refer to the OTel official example.
........\ntail_sampling:\n decision_wait: 10s # Wait for 10 seconds, traces older than 10 seconds will no longer be processed\n num_traces: 1500000 # Number of traces saved in memory, assuming 1000 traces per second, should not be less than 1000 * decision_wait * 2;\n # Setting it too large may consume too much memory resources, setting it too small may cause some traces to be dropped\n expected_new_traces_per_sec: 10\n policies: # Reporting policies\n [\n {\n name: latency-policy,\n type: latency, # Report traces that exceed 500ms\n latency: {threshold_ms: 500}\n },\n {\n name: status_code-policy,\n type: status_code, # Report traces with ERROR status code\n status_code: {status_codes: [ ERROR ]}\n }\n ]\n......\ntail_sampling: # Composite sampling\n decision_wait: 10s # Wait for 10 seconds, traces older than 10 seconds will no longer be processed\n num_traces: 1500000 # Number of traces saved in memory, assuming 1000 traces per second, should not be less than 1000 * decision_wait * 2;\n # Setting it too large may consume too much memory resources, setting it too small may cause some traces to be dropped\n expected_new_traces_per_sec: 10\n policies: [\n {\n name: debug-worker-cluster-sample-policy,\n type: and,\n and:\n {\n and_sub_policy:\n [\n {\n name: service-name-policy,\n type: string_attribute,\n string_attribute:\n { key: k8s.cluster.id, values: [xxxxxxx] },\n },\n {\n name: trace-status-policy,\n type: status_code,\n status_code: { status_codes: [ERROR] },\n },\n {\n name: probabilistic-policy,\n type: probabilistic,\n probabilistic: { sampling_percentage: 1 },\n }\n ]\n }\n }\n ]\n
Activate the processor
in the otel col pipeline
within the insight-otel-collector-config
configmap:
traces:\n exporters:\n - servicegraph\n - otlp/jaeger\n processors:\n - memory_limiter\n - tail_sampling # \ud83d\udc48\n - batch\n receivers:\n - otlp\n
Restart the insight-opentelemetry-collector
component.
When deploying the insight-agent, modify the reporting address of the link data to the 4317
port address of the otel-col
LB.
....\n exporters:\n otlp/global:\n endpoint: insight-opentelemetry-collector-lb.insight-system.svc.cluster.local:4317 # \ud83d\udc48 Modify to lb address\n
In AI platform, Insight acts as a multi-cluster observability product. To achieve unified data collection across multiple clusters, users need to install the Helm App insight-agent (installed by default in the insight-system namespace). Refer to How to Install insight-agent .
"},{"location":"en/admin/insight/collection-manag/agent-status.html#status-explanation","title":"Status Explanation","text":"In the \"Observability\" -> \"Collection Management\" section, you can view the installation status of insight-agent in each cluster.
You can troubleshoot using the following steps:
Run the following command. If the status is deployed , proceed to the next step. If it is failed , it is recommended to uninstall and reinstall it from Container Management -> Helm Apps as it may affect application upgrades:
helm list -n insight-system\n
Run the following command or check the status of the deployed components in Insight -> Data Collection . If there are Pods not in the Running state, restart the containers in an abnormal state.
kubectl get pods -n insight-system\n
The resource consumption of the Prometheus metric collection component in insight-agent is directly proportional to the number of Pods running in the cluster. Please adjust the resources for Prometheus according to the cluster size. Refer to Prometheus Resource Planning.
The storage capacity of the vmstorage metric storage component in the global service cluster is directly proportional to the total number of Pods in the clusters.
Data Collection is mainly to centrally manage and display the entrance of the cluster installation collection plug-in insight-agent , which helps users quickly view the health status of the cluster collection plug-in, and provides a quick entry to configure collection rules.
The specific operation steps are as follows:
Click in the upper left corner and select Insight -> Data Collection .
You can view the status of all cluster collection plug-ins.
When the cluster is connected to insight-agent and is running, click a cluster name to enter the details\u3002
In the Service Monitor tab, click the shortcut link to jump to Container Management -> CRD to add service discovery rules.
Prometheus primarily uses the Pull approach to retrieve monitoring metrics from target services' exposed endpoints. Therefore, it requires configuring proper scraping jobs to request monitoring data and write it into the storage provided by Prometheus. Currently, Prometheus offers several configurations for these jobs:
Note
[ ]
indicates optional configmaps.
The proper configmaps are explained as follows:
# Name of the scraping job, also adds a label (job=job_name) to the scraped metrics\njob_name: <job_name>\n\n# Time interval between scrapes\n[ scrape_interval: <duration> | default = <global_config.scrape_interval> ]\n\n# Timeout for scrape requests\n[ scrape_timeout: <duration> | default = <global_config.scrape_timeout> ]\n\n# URI path for the scrape request\n[ metrics_path: <path> | default = /metrics ]\n\n# Handling of label conflicts between scraped labels and labels added by the backend Prometheus.\n# true: Retains the scraped labels and ignores conflicting labels from the backend Prometheus.\n# false: Adds an \"exported_<original-label>\" prefix to the scraped labels and includes the additional labels added by the backend Prometheus.\n[ honor_labels: <boolean> | default = false ]\n\n# Whether to use the timestamp generated by the target being scraped.\n# true: Uses the timestamp from the target if available.\n# false: Ignores the timestamp from the target.\n[ honor_timestamps: <boolean> | default = true ]\n\n# Protocol for the scrape request: http or https\n[ scheme: <scheme> | default = http ]\n\n# URL parameters for the scrape request\nparams:\n [ <string>: [<string>, ...] ]\n\n# Set the value of the `Authorization` header in the scrape request through basic authentication. password/password_file are mutually exclusive, with password_file taking precedence.\nbasic_auth:\n [ username: <string> ]\n [ password: <secret> ]\n [ password_file: <string> ]\n\n# Set the value of the `Authorization` header in the scrape request through bearer token authentication. bearer_token/bearer_token_file are mutually exclusive, with bearer_token taking precedence.\n[ bearer_token: <secret> ]\n\n# Set the value of the `Authorization` header in the scrape request through bearer token authentication. bearer_token/bearer_token_file are mutually exclusive, with bearer_token taking precedence.\n[ bearer_token_file: <filename> ]\n\n# Whether the scrape connection should use a TLS secure channel, configure the proper TLS parameters\ntls_config:\n [ <tls_config> ]\n\n# Use a proxy service to scrape the metrics from the target, specify the address of the proxy service.\n[ proxy_url: <string> ]\n\n# Specify the targets using static configuration, see explanation below.\nstatic_configs:\n [ - <static_config> ... ]\n\n# CVM service discovery configuration, see explanation below.\ncvm_sd_configs:\n [ - <cvm_sd_config> ... ]\n\n# After scraping the data, rewrite the labels of the proper target using the relabel mechanism. Executes multiple relabel rules in order.\n# See explanation below for relabel_config.\nrelabel_configs:\n [ - <relabel_config> ... ]\n\n# Before writing the scraped data, rewrite the values of the labels using the relabel mechanism. Executes multiple relabel rules in order.\n# See explanation below for relabel_config.\nmetric_relabel_configs:\n [ - <relabel_config> ... ]\n\n# Limit the number of data points per scrape, 0: no limit, default is 0\n[ sample_limit: <int> | default = 0 ]\n\n# Limit the number of targets per scrape, 0: no limit, default is 0\n[ target_limit: <int> | default = 0 ]\n
"},{"location":"en/admin/insight/collection-manag/metric-collect.html#pod-monitor","title":"Pod Monitor","text":"The explanation for the proper configmaps is as follows:
# Prometheus Operator CRD version\napiVersion: monitoring.coreos.com/v1\n# proper Kubernetes resource type, here it is PodMonitor\nkind: PodMonitor\n# proper Kubernetes Metadata, only the name needs to be concerned. If jobLabel is not specified, the value of the job label in the scraped metrics will be <namespace>/<name>\nmetadata:\n name: redis-exporter # Specify a unique name\n namespace: cm-prometheus # Fixed namespace, no need to modify\n# Describes the selection and configuration of the target Pods to be scraped\n labels:\n operator.insight.io/managed-by: insight # Label indicating managed by Insight\nspec:\n # Specify the label of the proper Pod, pod monitor will use this value as the job label value.\n # If viewing the Pod YAML, use the values in pod.metadata.labels.\n # If viewing Deployment/Daemonset/Statefulset, use spec.template.metadata.labels.\n [ jobLabel: string ]\n # Adds the proper Pod's Labels to the Target's Labels\n [ podTargetLabels: []string ]\n # Limit the number of data points per scrape, 0: no limit, default is 0\n [ sampleLimit: uint64 ]\n # Limit the number of targets per scrape, 0: no limit, default is 0\n [ targetLimit: uint64 ]\n # Configure the Prometheus HTTP endpoints that need to be scraped and exposed. Multiple endpoints can be configured.\n podMetricsEndpoints:\n [ - <endpoint_config> ... ] # See explanation below for endpoint\n # Select the namespaces where the monitored Pods are located. Leave it blank to select all namespaces.\n [ namespaceSelector: ]\n # Select all namespaces\n [ any: bool ]\n # Specify the list of namespaces to be selected\n [ matchNames: []string ]\n # Specify the Label values of the Pods to be monitored in order to locate the target Pods [K8S metav1.LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#labelselector-v1-meta)\n selector:\n [ matchExpressions: array ]\n [ example: - {key: tier, operator: In, values: [cache]} ]\n [ matchLabels: object ]\n [ example: k8s-app: redis-exporter ]\n
"},{"location":"en/admin/insight/collection-manag/metric-collect.html#example-1","title":"Example 1","text":"apiVersion: monitoring.coreos.com/v1\nkind: PodMonitor\nmetadata:\n name: redis-exporter # Specify a unique name\n namespace: cm-prometheus # Fixed namespace, do not modify\n labels:\n operator.insight.io/managed-by: insight # Label indicating managed by Insight, required.\nspec:\n podMetricsEndpoints:\n - interval: 30s\n port: metric-port # Specify the Port Name proper to Prometheus Exporter in the pod YAML\n path: /metrics # Specify the value of the Path proper to Prometheus Exporter, if not specified, default is /metrics\n relabelings:\n - action: replace\n sourceLabels:\n - instance\n regex: (.*)\n targetLabel: instance\n replacement: \"crs-xxxxxx\" # Adjust to the proper Redis instance ID\n - action: replace\n sourceLabels:\n - instance\n regex: (.*)\n targetLabel: ip\n replacement: \"1.x.x.x\" # Adjust to the proper Redis instance IP\n namespaceSelector: # Select the namespaces where the monitored Pods are located\n matchNames:\n - redis-test\n selector: # Specify the Label values of the Pods to be monitored in order to locate the target pods\n matchLabels:\n k8s-app: redis-exporter\n
"},{"location":"en/admin/insight/collection-manag/metric-collect.html#example-2","title":"Example 2","text":"job_name: prometheus\nscrape_interval: 30s\nstatic_configs:\n- targets:\n - 127.0.0.1:9090\n
"},{"location":"en/admin/insight/collection-manag/metric-collect.html#service-monitor","title":"Service Monitor","text":"The explanation for the proper configmaps is as follows:
# Prometheus Operator CRD version\napiVersion: monitoring.coreos.com/v1\n# proper Kubernetes resource type, here it is ServiceMonitor\nkind: ServiceMonitor\n# proper Kubernetes Metadata, only the name needs to be concerned. If jobLabel is not specified, the value of the job label in the scraped metrics will be the name of the Service.\nmetadata:\n name: redis-exporter # Specify a unique name\n namespace: cm-prometheus # Fixed namespace, no need to modify\n# Describes the selection and configuration of the target Pods to be scraped\n labels:\n operator.insight.io/managed-by: insight # Label indicating managed by Insight, required.\nspec:\n # Specify the label(metadata/labels) of the proper Pod, service monitor will use this value as the job label value.\n [ jobLabel: string ]\n # Adds the Labels of the proper service to the Target's Labels\n [ targetLabels: []string ]\n # Adds the Labels of the proper Pod to the Target's Labels\n [ podTargetLabels: []string ]\n # Limit the number of data points per scrape, 0: no limit, default is 0\n [ sampleLimit: uint64 ]\n # Limit the number of targets per scrape, 0: no limit, default is 0\n [ targetLimit: uint64 ]\n # Configure the Prometheus HTTP endpoints that need to be scraped and exposed. Multiple endpoints can be configured.\n endpoints:\n [ - <endpoint_config> ... ] # See explanation below for endpoint\n # Select the namespaces where the monitored Pods are located. Leave it blank to select all namespaces.\n [ namespaceSelector: ]\n # Select all namespaces\n [ any: bool ]\n # Specify the list of namespaces to be selected\n [ matchNames: []string ]\n # Specify the Label values of the Pods to be monitored in order to locate the target Pods [K8S metav1.LabelSelector](https://v1-17.docs.kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#labelselector-v1-meta)\n selector:\n [ matchExpressions: array ]\n [ example: - {key: tier, operator: In, values: [cache]} ]\n [ matchLabels: object ]\n [ example: k8s-app: redis-exporter ]\n
"},{"location":"en/admin/insight/collection-manag/metric-collect.html#example","title":"Example","text":"apiVersion: monitoring.coreos.com/v1\nkind: ServiceMonitor\nmetadata:\n name: go-demo # Specify a unique name\n namespace: cm-prometheus # Fixed namespace, do not modify\n labels:\n operator.insight.io/managed-by: insight # Label indicating managed by Insight, required.\nspec:\n endpoints:\n - interval: 30s\n # Specify the Port Name proper to Prometheus Exporter in the service YAML\n port: 8080-8080-tcp\n # Specify the value of the Path proper to Prometheus Exporter, if not specified, default is /metrics\n path: /metrics\n relabelings:\n # ** There must be a label named 'application', assuming there is a label named 'app' in k8s,\n # we replace it with 'application' using the relabel 'replace' action\n - action: replace\n sourceLabels: [__meta_kubernetes_pod_label_app]\n targetLabel: application\n # Select the namespace where the monitored service is located\n namespaceSelector:\n matchNames:\n - golang-demo\n # Specify the Label values of the service to be monitored in order to locate the target service\n selector:\n matchLabels:\n app: golang-app-demo\n
"},{"location":"en/admin/insight/collection-manag/metric-collect.html#endpoint_config","title":"endpoint_config","text":"The explanation for the proper configmaps is as follows:
# The name of the proper port. Please note that it's not the actual port number.\n# Default: 80. Possible values are as follows:\n# ServiceMonitor: corresponds to Service>spec/ports/name;\n# PodMonitor: explained as follows:\n# If viewing the Pod YAML, take the value from pod.spec.containers.ports.name.\n# If viewing Deployment/DaemonSet/StatefulSet, take the value from spec.template.spec.containers.ports.name.\n[ port: string | default = 80]\n# The URI path for the scrape request.\n[ path: string | default = /metrics ]\n# The protocol for the scrape: http or https.\n[ scheme: string | default = http]\n# URL parameters for the scrape request.\n[ params: map[string][]string]\n# The interval between scrape requests.\n[ interval: string | default = 30s ]\n# The timeout for the scrape request.\n[ scrapeTimeout: string | default = 30s]\n# Whether the scrape connection should be made over a secure TLS channel, and the TLS configuration.\n[ tlsConfig: TLSConfig ]\n# Read the bearer token value from the specified file and include it in the headers of the scrape request.\n[ bearerTokenFile: string ]\n# Read the bearer token from the specified K8S secret key. Note that the secret namespace must match the PodMonitor/ServiceMonitor.\n[ bearerTokenSecret: string ]\n# Handling conflicts when scraped labels conflict with labels added by the backend Prometheus.\n# true: Keep the scraped labels and ignore the conflicting labels from the backend Prometheus.\n# false: For conflicting labels, prefix the scraped label with 'exported_<original-label>' and add the labels added by the backend Prometheus.\n[ honorLabels: bool | default = false ]\n# Whether to use the timestamp generated on the target during the scrape.\n# true: Use the timestamp on the target if available.\n# false: Ignore the timestamp on the target.\n[ honorTimestamps: bool | default = true ]\n# Basic authentication credentials. Fill in the values of username/password from the proper K8S secret key. Note that the secret namespace must match the PodMonitor/ServiceMonitor.\n[ basicAuth: BasicAuth ]\n# Scrape the metrics from the target through a proxy server. Specify the address of the proxy server.\n[ proxyUrl: string ]\n# After scraping the data, rewrite the values of the labels on the target using the relabeling mechanism. Multiple relabel rules are executed in order.\n# See explanation below for relabel_config\nrelabelings:\n[ - <relabel_config> ...]\n# Before writing the scraped data, rewrite the values of the proper labels on the target using the relabeling mechanism. Multiple relabel rules are executed in order.\n# See explanation below for relabel_config\nmetricRelabelings:\n[ - <relabel_config> ...]\n
"},{"location":"en/admin/insight/collection-manag/metric-collect.html#relabel_config","title":"relabel_config","text":"The explanation for the proper configmaps is as follows:
# Specifies which labels to take from the original labels for relabeling. The values taken are concatenated using the separator defined in the configuration.\n# For PodMonitor/ServiceMonitor, the proper configmap is sourceLabels.\n[ source_labels: '[' <labelname> [, ...] ']' ]\n# Defines the character used to concatenate the values of the labels to be relabeled. Default is ';'.\n[ separator: <string> | default = ; ]\n\n# When the action is replace/hashmod, target_label is used to specify the proper label name.\n# For PodMonitor/ServiceMonitor, the proper configmap is targetLabel.\n[ target_label: <labelname> ]\n\n# Regular expression used to match the values of the source labels.\n[ regex: <regex> | default = (.*) ]\n\n# Used when action is hashmod, it takes the modulus value based on the MD5 hash of the source label's value.\n[ modulus: <int> ]\n\n# Used when action is replace, it defines the expression to replace when the regex matches. It can use regular expression replacement with regex.\n[ replacement: <string> | default = $1 ]\n\n# Actions performed based on the matched values of regex. The available actions are as follows, with replace being the default:\n# replace: If the regex matches, replace the proper value with the value defined in replacement. Set the value using target_label and add the proper label.\n# keep: If the regex doesn't match, discard the value.\n# drop: If the regex matches, discard the value.\n# hashmod: Take the modulus of the MD5 hash of the source label's value based on the value specified in modulus.\n# Add a new label with a label name specified by target_label.\n# labelmap: If the regex matches, replace the proper label name with the value specified in replacement.\n# labeldrop: If the regex matches, delete the proper label.\n# labelkeep: If the regex doesn't match, delete the proper label.\n[ action: <relabel_action> | default = replace ]\n
"},{"location":"en/admin/insight/collection-manag/probe-module.html","title":"Custom probers","text":"Insight uses the Blackbox Exporter provided by Prometheus as a blackbox monitoring solution, allowing detection of target instances via HTTP, HTTPS, DNS, ICMP, TCP, and gRPC. It can be used in the following scenarios:
In this page, we will explain how to configure custom probers in an existing Blackbox ConfigMap.
ICMP prober is not enabled by default in Insight because it requires higher permissions. Therfore We will use the HTTP prober as an example to demonstrate how to modify the ConfigMap to achieve custom HTTP probing.
"},{"location":"en/admin/insight/collection-manag/probe-module.html#procedure","title":"Procedure","text":"Find the ConfigMap named insight-agent-prometheus-blackbox-exporter and click Edit YAML .
Add custom probers under modules :
module:\n http_2xx:\n prober: http\n timeout: 5s\n http:\n valid_http_versions: [HTTP/1.1, HTTP/2]\n valid_status_codes: [] # Defaults to 2xx\n method: GET\n
module:\n ICMP: # Example of ICMP prober configuration\n prober: icmp\n timeout: 5s\n icmp:\n preferred_ip_protocol: ip4\nicmp_example: # Example 2 of ICMP prober configuration\n prober: icmp\n timeout: 5s\n icmp:\n preferred_ip_protocol: \"ip4\"\n source_ip_address: \"127.0.0.1\"\n
Since ICMP requires higher permissions, we also need to elevate the pod permissions. Otherwise, an operation not permitted
error will occur. There are two ways to elevate permissions: Directly edit the BlackBox Exporter
deployment file to enable it
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: insight-agent-prometheus-blackbox-exporter\n namespace: insight-system\nspec:\n template:\n spec:\n containers:\n - name: blackbox-exporter\n image: # ... (image, args, ports, etc. remain unchanged)\n imagePullPolicy: IfNotPresent\n securityContext:\n allowPrivilegeEscalation: false\n capabilities:\n add:\n - NET_RAW\n drop:\n - ALL\n readOnlyRootFilesystem: true\n runAsGroup: 0\n runAsNonRoot: false\n runAsUser: 0\n
Elevate permissions via helm upgrade
prometheus-blackbox-exporter:\n enabled: true\n securityContext:\n runAsUser: 0\n runAsGroup: 0\n readOnlyRootFilesystem: true\n runAsNonRoot: false\n allowPrivilegeEscalation: false\n capabilities:\n add: [\"NET_RAW\"]\n
Info
For more probers, refer to blackbox_exporter Configuration.
"},{"location":"en/admin/insight/collection-manag/probe-module.html#other-references","title":"Other References","text":"The following YAML file contains various probers such as HTTP, TCP, SMTP, ICMP, and DNS. You can modify the configuration file of insight-agent-prometheus-blackbox-exporter
according to your needs.
kind: ConfigMap\napiVersion: v1\nmetadata:\n name: insight-agent-prometheus-blackbox-exporter\n namespace: insight-system\n labels:\n app.kubernetes.io/instance: insight-agent\n app.kubernetes.io/managed-by: Helm\n app.kubernetes.io/name: prometheus-blackbox-exporter\n app.kubernetes.io/version: v0.24.0\n helm.sh/chart: prometheus-blackbox-exporter-8.8.0\n annotations:\n meta.helm.sh/release-name: insight-agent\n meta.helm.sh/release-namespace: insight-system\ndata:\n blackbox.yaml: |\n modules:\n HTTP_GET:\n prober: http\n timeout: 5s\n http:\n method: GET\n valid_http_versions: [\"HTTP/1.1\", \"HTTP/2.0\"]\n follow_redirects: true\n preferred_ip_protocol: \"ip4\"\n HTTP_POST:\n prober: http\n timeout: 5s\n http:\n method: POST\n body_size_limit: 1MB\n TCP:\n prober: tcp\n timeout: 5s\n # Not enabled by default:\n # ICMP:\n # prober: icmp\n # timeout: 5s\n # icmp:\n # preferred_ip_protocol: ip4\n SSH:\n prober: tcp\n timeout: 5s\n tcp:\n query_response:\n - expect: \"^SSH-2.0-\"\n POP3S:\n prober: tcp\n tcp:\n query_response:\n - expect: \"^+OK\"\n tls: true\n tls_config:\n insecure_skip_verify: false\n http_2xx_example: # http prober example\n prober: http\n timeout: 5s # probe timeout\n http:\n valid_http_versions: [\"HTTP/1.1\", \"HTTP/2.0\"] # Version in the response, usually default\n valid_status_codes: [] # Defaults to 2xx # Valid range of response codes, probe successful if within this range\n method: GET # request method\n headers: # request headers\n Host: vhost.example.com\n Accept-Language: en-US\n Origin: example.com\n no_follow_redirects: false # allow redirects\n fail_if_ssl: false \n fail_if_not_ssl: false\n fail_if_body_matches_regexp:\n - \"Could not connect to database\"\n fail_if_body_not_matches_regexp:\n - \"Download the latest version here\"\n fail_if_header_matches: # Verifies that no cookies are set\n - header: Set-Cookie\n allow_missing: true\n regexp: '.*'\n fail_if_header_not_matches:\n - header: Access-Control-Allow-Origin\n regexp: '(\\*|example\\.com)'\n tls_config: # tls configuration for https requests\n insecure_skip_verify: false\n preferred_ip_protocol: \"ip4\" # defaults to \"ip6\" # Preferred IP protocol version\n ip_protocol_fallback: false # no fallback to \"ip6\" \n http_post_2xx: # http prober example with body\n prober: http\n timeout: 5s\n http:\n method: POST # probe request method\n headers:\n Content-Type: application/json\n body: '{\"username\":\"admin\",\"password\":\"123456\"}' # body carried during probe\n http_basic_auth_example: # prober example with username and password\n prober: http\n timeout: 5s\n http:\n method: POST\n headers:\n Host: \"login.example.com\"\n basic_auth: # username and password to be added during probe\n username: \"username\"\n password: \"mysecret\"\n http_custom_ca_example:\n prober: http\n http:\n method: GET\n tls_config: # root certificate used during probe\n ca_file: \"/certs/my_cert.crt\"\n http_gzip:\n prober: http\n http:\n method: GET\n compression: gzip # compression method used during probe\n http_gzip_with_accept_encoding:\n prober: http\n http:\n method: GET\n compression: gzip\n headers:\n Accept-Encoding: gzip\n tls_connect: # TCP prober example\n prober: tcp\n timeout: 5s\n tcp:\n tls: true # use TLS\n tcp_connect_example:\n prober: tcp\n timeout: 5s\n imap_starttls: # IMAP email server probe configuration example\n prober: tcp\n timeout: 5s\n tcp:\n query_response:\n - expect: \"OK.*STARTTLS\"\n - send: \". STARTTLS\"\n - expect: \"OK\"\n - starttls: true\n - send: \". capability\"\n - expect: \"CAPABILITY IMAP4rev1\"\n smtp_starttls: # SMTP email server probe configuration example\n prober: tcp\n timeout: 5s\n tcp:\n query_response:\n - expect: \"^220 ([^ ]+) ESMTP (.+)$\"\n - send: \"EHLO prober\\r\"\n - expect: \"^250-STARTTLS\"\n - send: \"STARTTLS\\r\"\n - expect: \"^220\"\n - starttls: true\n - send: \"EHLO prober\\r\"\n - expect: \"^250-AUTH\"\n - send: \"QUIT\\r\"\n irc_banner_example:\n prober: tcp\n timeout: 5s\n tcp:\n query_response:\n - send: \"NICK prober\"\n - send: \"USER prober prober prober :prober\"\n - expect: \"PING :([^ ]+)\"\n send: \"PONG ${1}\"\n - expect: \"^:[^ ]+ 001\"\n # icmp_example: # ICMP prober configuration example\n # prober: icmp\n # timeout: 5s\n # icmp:\n # preferred_ip_protocol: \"ip4\"\n # source_ip_address: \"127.0.0.1\"\n dns_udp_example: # DNS query example using UDP\n prober: dns\n timeout: 5s\n dns:\n query_name: \"www.prometheus.io\" # domain name to resolve\n query_type: \"A\" # type proper to this domain\n valid_rcodes:\n - NOERROR\n validate_answer_rrs:\n fail_if_matches_regexp:\n - \".*127.0.0.1\"\n fail_if_all_match_regexp:\n - \".*127.0.0.1\"\n fail_if_not_matches_regexp:\n - \"www.prometheus.io.\\t300\\tIN\\tA\\t127.0.0.1\"\n fail_if_none_matches_regexp:\n - \"127.0.0.1\"\n validate_authority_rrs:\n fail_if_matches_regexp:\n - \".*127.0.0.1\"\n validate_additional_rrs:\n fail_if_matches_regexp:\n - \".*127.0.0.1\"\n dns_soa:\n prober: dns\n dns:\n query_name: \"prometheus.io\"\n query_type: \"SOA\"\n dns_tcp_example: # DNS query example using TCP\n prober: dns\n dns:\n transport_protocol: \"tcp\" # defaults to \"udp\"\n preferred_ip_protocol: \"ip4\" # defaults to \"ip6\"\n query_name: \"www.prometheus.io\"\n
"},{"location":"en/admin/insight/collection-manag/service-monitor.html","title":"Configure service discovery rules","text":"Observable Insight supports the way of creating CRD ServiceMonitor through container management to meet your collection requirements for custom service discovery. Users can use ServiceMonitor to define the scope of the Namespace discovered by the Pod and select the monitored Service through matchLabel .
"},{"location":"en/admin/insight/collection-manag/service-monitor.html#prerequisites","title":"Prerequisites","text":"The cluster has the Helm App insight-agent installed and in the running state.
"},{"location":"en/admin/insight/collection-manag/service-monitor.html#steps","title":"Steps","text":"Select Data Collection on the left navigation bar to view the status of all cluster collection plug-ins.
Click a cluster name to enter the collection configuration details.
Click the link to jump to Container Management to create a Service Monitor.
apiVersion: monitoring.coreos.com/v1\nkind: ServiceMonitor\nmetadata:\n name: micrometer-demo # (1)\n namespace: insight-system # (2)\n labels: \n operator.insight.io/managed-by: insight\nspec:\n endpoints: # (3)\n - honorLabels: true\n interval: 15s\n path: /actuator/prometheus\n port: http\n namespaceSelector: # (4)\n matchNames:\n - insight-system # (5)\n selector: # (6)\n matchLabels:\n micrometer-prometheus-discovery: \"true\"\n
This is the service endpoint, which represents the address where Prometheus collects Metrics. endpoints is an array, and multiple endpoints can be created at the same time. Each endpoint contains three fields, and the meaning of each field is as follows:
This is the scope of the Service that needs to be discovered. namespaceSelector contains two mutually exclusive fields, and the meaning of the fields is as follows:
matchNames : An array value that specifies the scope of namespace to be monitored. For example, if you only want to monitor the Services in two namespaces, default and insight-system, the matchNames are set as follows:
namespaceSelector:\n matchNames:\n - default\n - insight-system\n
The namespace where the application that needs to expose metrics is located
\u2705: Test passed; \u274c: Test failed; No Value: Test not conducted.
"},{"location":"en/admin/insight/compati-test/k8s-compatibility.html#kubernetes-compatibility-testing-for-insight-server","title":"Kubernetes Compatibility Testing for Insight Server","text":"Scenario Testing Method K8s 1.31 K8s 1.30 K8s 1.29 K8s 1.28 K8s 1.27 K8s 1.26 k8s 1.25.0 k8s 1.24 k8s 1.23 k8s 1.22 Baseline Scenario E2E \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 Metrics Query E2E \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 Logs Query E2E \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 Traces Query E2E \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 Alert Center E2E \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 Topology Query E2E \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705"},{"location":"en/admin/insight/compati-test/k8s-compatibility.html#kubernetes-compatibility-testing-for-insight-agent","title":"Kubernetes Compatibility Testing for Insight-agent","text":"Scenario Testing Method K8s 1.31 K8s 1.30 K8s 1.29 K8s 1.28 K8s 1.27 K8s 1.26 k8s 1.25 k8s 1.24 k8s 1.23 k8s 1.22 k8s 1.21 k8s 1.20 k8s 1.19 k8s 1.18 k8s 1.17 k8s 1.16 Baseline Scenario E2E \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u274c \u274c \u274c Metrics Query E2E \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u274c \u274c \u274c Logs Query E2E \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u274c \u274c \u274c Traces Query E2E \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u274c \u274c \u274c Alert Center E2E \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u274c \u274c \u274c Topology Query E2E \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u274c \u274c \u274cNote
Insight-agent Version Compatibility History:
\u2705: Test passed; \u274c: Test failed.
Note
The table does not cover all test scenarios.
Test Case Test Method OCP 4.10 (K8s 1.23.0) Remarks Collect and query web application metrics Manual \u2705 - Add custom metric collection Manual \u2705 - Query real-time metrics Manual \u2705 - Instantaneous index query Manual \u2705 - Instantaneous metric API field verification Manual \u2705 - Query metrics over a period of time Manual \u2705 - Metric API field verification within a period of time Manual \u2705 - Batch query cluster CPU, memory usage, total cluster CPU, cluster memory usage, total number of cluster nodes Manual \u2705 - Batch query node CPU, memory usage, total node CPU, node memory usage Manual \u2705 - Batch query cluster metrics within a period of time Manual \u2705 - Metric API field verification within a period of time Manual \u2705 - Query Pod log Manual \u2705 - Query SVC log Manual \u2705 - Query statefulset logs Manual \u2705 - Query Deployment Logs Manual \u2705 - Query NPD log Manual \u2705 - Log Filtering Manual \u2705 - Log fuzzy query - workloadSearch Manual \u2705 - Log fuzzy query - podSearch Manual \u2705 - Log fuzzy query - containerSearch Manual \u2705 - Log Accurate Query - cluster Manual \u2705 - Log Accurate Query - namespace Manual \u2705 - Log query API field verification Manual \u2705 - Alert Rule - CRUD operations Manual \u2705 - Alert Template - CRUD operations Manual \u2705 - Notification Method - CRUD operations Manual \u2705 - Link Query Manual \u2705 - Topology Query Manual \u2705 -The table above represents the Openshift 4.x cluster compatibility test. It includes various test cases, their proper test method (manual), and the test results for the OCP version 4.10 (with Kubernetes version 1.23.0).
Please note that this is not an exhaustive list, and additional test scenarios may exist.
"},{"location":"en/admin/insight/compati-test/rancher-compatibility.html","title":"Rancher Cluster Compatibility Test","text":"\u2705: Test passed; \u274c: Test failed.
Note
The table does not cover all test scenarios.
Test Scenario Test Method Rancher rke2c1 (K8s 1.24.11) Notes Collect and query web application metrics Manual \u2705 - Add custom metric collection Manual \u2705 - Query real-time metrics Manual \u2705 - Instantaneous index query Manual \u2705 - Instantaneous metric API field verification Manual \u2705 - Query metrics over a period of time Manual \u2705 - Metric API field verification within a period of time Manual \u2705 - Batch query cluster CPU, memory usage, total cluster CPU, cluster memory usage, total number of cluster nodes Manual \u2705 - Batch query node CPU, memory usage, total node CPU, node memory usage Manual \u2705 - Batch query cluster metrics within a period of time Manual \u2705 - Metric API field verification within a period of time Manual \u2705 - Query Pod log Manual \u2705 - Query SVC log Manual \u2705 - Query statefulset logs Manual \u2705 - Query Deployment Logs Manual \u2705 - Query NPD log Manual \u2705 - Log Filtering Manual \u2705 - Log fuzzy query - workloadSearch Manual \u2705 - Log fuzzy query - podSearch Manual \u2705 - Log fuzzy query - containerSearch Manual \u2705 - Log Accurate Query - cluster Manual \u2705 - Log Accurate Query - namespace Manual \u2705 - Log query API field verification Manual \u2705 - Alert Rule - CRUD operations Manual \u2705 - Alert Template - CRUD operations Manual \u2705 - Notification Method - CRUD operations Manual \u2705 - Link Query Manual \u2705 - Topology Query Manual \u2705 -"},{"location":"en/admin/insight/dashboard/dashboard.html","title":"Dashboard","text":"Grafana is a cross-platform open source visual analysis tool. Insight uses open source Grafana to provide monitoring services, and supports viewing resource consumption from multiple dimensions such as clusters, nodes, and namespaces.
For more information on open source Grafana, see Grafana Official Documentation.
"},{"location":"en/admin/insight/dashboard/dashboard.html#steps","title":"Steps","text":"Select Dashboard from the left navigation bar .
In the Insight / Overview dashboard, you can view the resource usage of multiple clusters and analyze resource usage, network, storage, and more based on dimensions such as namespaces and Pods.
Click the dropdown menu in the upper-left corner of the dashboard to switch between clusters.
Click the lower-right corner of the dashboard to switch the time range for queries.
Insight provides several recommended dashboards that allow monitoring from different dimensions such as nodes, namespaces, and workloads. Switch between dashboards by clicking the insight-system / Insight / Overview section.
Note
For accessing Grafana UI, refer to Access Native Grafana.
For importing custom dashboards, refer to Importing Custom Dashboards.
By using Grafana CRD, you can incorporate the management and deployment of dashboards into the lifecycle management of Kubernetes. This enables version control, automated deployment, and cluster-level management of dashboards. This page describes how to import custom dashboards using CRD and the UI interface.
"},{"location":"en/admin/insight/dashboard/import-dashboard.html#steps","title":"Steps","text":"Log in to the AI platform and go to Container Management . Select the kpanda-global-cluster from the cluster list.
Choose Custom Resources from the left navigation bar. Look for the grafanadashboards.integreatly.org file in the list and click it to view the details.
Click YAML Create and use the following template. Replace the dashboard JSON in the Json field.
apiVersion: integreatly.org/v1alpha1\nkind: GrafanaDashboard\nmetadata:\n labels:\n app: insight-grafana-operator\n operator.insight.io/managed-by: insight\n name: sample-dashboard\n namespace: insight-system\nspec:\n json: >\n {\n \"id\": null,\n \"title\": \"Simple Dashboard\",\n \"tags\": [],\n \"style\": \"dark\",\n \"timezone\": \"browser\",\n \"editable\": true,\n \"hideControls\": false,\n \"graphTooltip\": 1,\n \"panels\": [],\n \"time\": {\n \"from\": \"now-6h\",\n \"to\": \"now\"\n },\n \"timepicker\": {\n \"time_options\": [],\n \"refresh_intervals\": []\n },\n \"templating\": {\n \"list\": []\n },\n \"annotations\": {\n \"list\": []\n },\n \"refresh\": \"5s\",\n \"schemaVersion\": 17,\n \"version\": 0,\n \"links\": []\n }\n
After clicking OK , wait for a while to view the newly imported dashboard in Dashboard .
Info
If you need to customize the dashboard, refer to Add Dashboard Panel.
"},{"location":"en/admin/insight/dashboard/login-grafana.html","title":"Access Native Grafana","text":"Please make sure that the Helm App Insight in your global management cluster is in Running state.
The specific operation steps are as follows:
Log in to the console to access native Grafana.
Access address: http://ip:port/ui/insight-grafana
For example: http://10.6.10.233:30209/ui/insight-grafana
Click Login in the lower right corner, and use the default username and password to log in.
Default username: admin
Default password: admin
Click Log in to complete the login.
Insight only collects data from clusters that have insight-agent installed and running in a normal state. The overview provides an overview of resources across multiple clusters:
Select Overview in the left navigation bar to enter the details page.
"},{"location":"en/admin/insight/data-query/log.html","title":"Log query","text":"By default, Insight collects node logs, container logs, and Kubernetes audit logs. In the log query page, you can search for standard output (stdout) logs within the permissions of your login account. This includes node logs, product logs, and Kubernetes audit logs. You can quickly find the desired logs among a large volume of logs. Additionally, you can use the source information and contextual raw data of the logs to assist in troubleshooting and issue resolution.
"},{"location":"en/admin/insight/data-query/log.html#prerequisites","title":"Prerequisites","text":"The cluster has insight-agent installed and the application is in running state.
"},{"location":"en/admin/insight/data-query/log.html#query-log","title":"Query log","text":"In the left navigation bar, select Data Query -> Log Query .
After selecting the query criteria, click Search , and the log records in the form of graphs will be displayed. The most recent logs are displayed on top.
In the Filter panel, switch Type and select Node to check the logs of all nodes in the cluster.
In the Filter panel, switch Type and select Event to view the logs generated by all Kubernetes events in the cluster.
Lucene Syntax Explanation:
timestamp:[2022-01-01 TO 2022-01-31]
.Clicking on the button next to a log will slide out a panel on the right side where you can view the default 100 lines of context for that log. You can switch the Display Rows option to view more contextual content.
"},{"location":"en/admin/insight/data-query/log.html#export-log","title":"Export log","text":"Click the download button located in the upper right corner of the list.
Metric query supports querying the index data of each container resource, and you can view the trend changes of the monitoring index. At the same time, advanced query supports native PromQL statements for Metric query.
"},{"location":"en/admin/insight/data-query/metric.html#prerequisites","title":"Prerequisites","text":"In the left navigation bar, click Data Query -> Metrics .
After selecting query conditions such as cluster, type, node, and metric name, click Search , and the proper metric chart and data details will be displayed on the right side of the screen.
Tip
Support custom time range. You can manually click the Refresh icon or select a default time interval to refresh.
"},{"location":"en/admin/insight/data-query/metric.html#advanced-search","title":"Advanced Search","text":"In the left navigation bar, click Data Query -> metric Query , click the Advanced Query tab to switch to the advanced query page.
Enter a PromQL statement (see PromQL Syntax), click Query , and the query metric chart and data details will be displayed.
When ElasticSearch memory is full, you can choose to either scale up or delete data to resolve the issue:
You can run the following command to check the resource usage of ES nodes.
kubectl get pod -n mcamel-system | grep common-es-cluster-masters-es | awk '{print $1}' | xargs -I {} kubectl exec {} -n mcamel-system -c elasticsearch -- df -h | grep /usr/share/elasticsearch/data\n
"},{"location":"en/admin/insight/faq/expand-once-es-full.html#scale-up","title":"Scale Up","text":"If the host still has available resources, scaling up is a common solution, which involves increasing the PVC capacity.
First, run the following command to get the PVC configuration of the es-data-0
node. Use the actual environment's PVC as a reference.
kubectl edit -n mcamel-system pvc elasticsearch-data-mcamel-common-es-cluster-masters-es-data-0\n
Then modify the following storage
field (the storage class SC you are using should be scalable):
spec:\n accessModes:\n - ReadWriteOnce\n resources:\n requests:\n storage: 35Gi # (1)!\n
When ElasticSearch memory is full, you can also delete index data to free up resources.
You can follow the steps below to access the Kibana page and manually delete data.
First, ensure that the Kibana Pod exists and is running normally:
kubectl get po -n mcamel-system | grep mcamel-common-es-cluster-masters-kb\n
If it does not exist, manually set the replica to 1 and wait for the service to run normally. If it exists, skip this step.
kubectl scale -n mcamel-system deployment mcamel-common-es-cluster-masters-kb --replicas 1\n
Modify the Kibana Service to be exposed as a NodePort for access:
kubectl patch svc -n mcamel-system mcamel-common-es-cluster-masters-kb-http -p '{\"spec\":{\"type\":\"NodePort\"}}'\n\n# After modification, check the NodePort. For example, if the port is 30128, the access URL will be https://{NodeIP in the cluster}:30128\n[root@insight-master1 ~]# kubectl get svc -n mcamel-system | grep mcamel-common-es-cluster-masters-kb-http\nmcamel-common-es-cluster-masters-kb-http NodePort 10.233.51.174 <none> 5601:30128/TCP 108m\n
Retrieve the ElasticSearch Secret to log in to Kibana (username is elastic
):
kubectl get secrets -n mcamel-system mcamel-common-es-cluster-masters-es-elastic-user -o jsonpath=\"{.data.elastic}\" | base64 -d\n
Go to Kibana -> Stack Management -> Index Management and enable the Include hidden indices option to see all indexes. Based on the index sequence numbers, keep the indexes with larger numbers and delete the ones with smaller numbers.
In a distributed system, due to Clock Skew (clock skew adjustment) influence, Time drift exists between different hosts. Generally speaking, the system time of different hosts at the same time has a slight deviation.
The traces system is a typical distributed system, and it is also affected by this phenomenon in terms of time data collection. For example, in a link, the start time of the server-side span is earlier than that of the client-side span. This phenomenon does not exist logically, but due to the influence of clock skew, there is a deviation in the system time between the hosts at the moment when the trace data is collected in each service, which eventually leads to the phenomenon shown in the following figure:
The phenomenon in the above figure cannot be eliminated theoretically. However, this phenomenon is rare, and even if it occurs, it will not affect the calling relationship between services.
Currently Insight uses Jaeger UI to display trace data, and the UI will remind when encountering such a link:
Currently Jaeger's community is trying to optimize this problem through the UI level.
For more information, refer to:
Through cluster monitoring, you can view the basic information of the cluster, the resource consumption and the trend of resource consumption over a period of time.
"},{"location":"en/admin/insight/infra/cluster.html#prerequisites","title":"Prerequisites","text":"The cluster has insight-agent installed and the application is in running state.
"},{"location":"en/admin/insight/infra/cluster.html#steps","title":"Steps","text":"Go to the Insight product module.
Select Infrastructure > Clusters from the left navigation bar. On this page, you can view the following information:
Click Resource Level Monitor, you can view more metrics of the current cluster.
Container insight is the process of monitoring workloads in cluster management. In the list, you can view basic information and status of workloads. On the Workloads details page, you can see the number of active alerts and the trend of resource consumption such as CPU and memory.
"},{"location":"en/admin/insight/infra/container.html#prerequisites","title":"Prerequisites","text":"The cluster has insight-agent installed, and all pods are in the Running state.
To install insight-agent, please refer to: Installing insight-agent online or Offline upgrade of insight-agent.
Follow these steps to view service monitoring metrics:
Go to the Insight product module.
Select Infrastructure > Workloads from the left navigation bar.
Switch between tabs at the top to view data for different types of workloads.
Click the target workload name to view the details.
Switch to the Pods tab to view the status of various pods for the workload, including their nodes, restart counts, and other information.
Switch to the JVM monitor tab to view the JVM metrics for each pods
Note
AI platform Insight supports event querying by cluster and namespace.
"},{"location":"en/admin/insight/infra/event.html#event-status-distribution","title":"Event Status Distribution","text":"By default, the events that occurred within the last 12 hours are displayed. You can select a different time range in the upper right corner to view longer or shorter periods. You can also customize the sampling interval from 1 minute to 5 hours.
The event status distribution chart provides a visual representation of the intensity and dispersion of events. This helps in evaluating and preparing for subsequent cluster operations and maintenance tasks. If events are densely concentrated during specific time periods, you may need to allocate more resources or take proper measures to ensure cluster stability and high availability. On the other hand, if events are dispersed, you can effectively schedule other maintenance tasks such as system optimization, upgrades, or handling other tasks during this period.
By considering the event status distribution chart and the selected time range, you can better plan and manage your cluster operations and maintenance work, ensuring system stability and reliability.
"},{"location":"en/admin/insight/infra/event.html#event-count-and-statistics","title":"Event Count and Statistics","text":"Through important event statistics, you can easily understand the number of image pull failures, health check failures, Pod execution failures, Pod scheduling failures, container OOM (Out-of-Memory) occurrences, volume mounting failures, and the total count of all events. These events are typically categorized as \"Warning\" and \"Normal\".
"},{"location":"en/admin/insight/infra/event.html#event-list","title":"Event List","text":"The event list is presented chronologically based on time. You can sort the events by Last Occurrend At and Type .
By clicking on the \u2699\ufe0f icon on the right side, you can customize the displayed columns according to your preferences and needs.
Additionally, you can click the refresh icon to update the current event list when needed.
In the operation column on the right, clicking the icon allows you to view the history of a specific event.
"},{"location":"en/admin/insight/infra/event.html#reference","title":"Reference","text":"For detailed meanings of the built-in Events in the system, refer to the Kubernetes API Event List.
"},{"location":"en/admin/insight/infra/namespace.html","title":"Namespace Monitoring","text":"With namespaces as the dimension, you can quickly query resource consumption and trends within a namespace.
"},{"location":"en/admin/insight/infra/namespace.html#prerequisites","title":"Prerequisites","text":"Go to the Insight product module.
Select Infrastructure -> Namespaces from the left navigation bar. On this page, you can view the following information:
Through node monitoring, you can get an overview of the current health status of the nodes in the selected cluster and the number of abnormal pod; on the current node details page, you can view the number of alerts and the trend of resource consumption such as CPU, memory, and disk.
"},{"location":"en/admin/insight/infra/node.html#prerequisites","title":"Prerequisites","text":"Go to the Insight product module.
Select Infrastructure -> Nodes from the left navigation bar. On this page, you can view the following information:
Click Resource Level Monitor, you can view more metrics of the current cluster.
Probe refers to the use of black-box monitoring to regularly test the connectivity of targets through HTTP, TCP, and other methods, enabling quick detection of ongoing faults.
Insight uses the Prometheus Blackbox Exporter tool to probe the network using protocols such as HTTP, HTTPS, DNS, TCP, and ICMP, and returns the probe results to understand the network status.
"},{"location":"en/admin/insight/infra/probe.html#prerequisites","title":"Prerequisites","text":"The insight-agent has been successfully deployed in the target cluster and is in the Running state.
"},{"location":"en/admin/insight/infra/probe.html#view-probes","title":"View Probes","text":"Select Infrastructure -> Probes in the left navigation bar.
Fill in the basic information and click Next .
Configure the probe parameters.
After configuring, click OK to complete the creation.
Warning
After the probe task is created, it takes about 3 minutes to synchronize the configuration. During this period, no probes will be performed, and probe results cannot be viewed.
"},{"location":"en/admin/insight/infra/probe.html#view-monitoring-dashboards","title":"View Monitoring Dashboards","text":"Click \u2507 in the operations column and click View Monitoring Dashboard .
Metric Name Description Current Status Response Represents the response status code of the HTTP probe request. Ping Status Indicates whether the probe request was successful. 1 indicates a successful probe request, and 0 indicates a failed probe request. IP Protocol Indicates the IP protocol version used in the probe request. SSL Expiry Represents the earliest expiration time of the SSL/TLS certificate. DNS Response (Latency) Represents the duration of the entire probe process in seconds. HTTP Duration Represents the duration of the entire process from sending the request to receiving the complete response."},{"location":"en/admin/insight/infra/probe.html#edit-a-probe","title":"Edit a Probe","text":"Click \u2507 in the operations column and click Edit .
"},{"location":"en/admin/insight/infra/probe.html#delete-a-probe","title":"Delete a Probe","text":"Click \u2507 in the operations column and click Delete .
"},{"location":"en/admin/insight/quickstart/install/index.html","title":"Start Observing","text":"AI platform enables the management and creation of multicloud and multiple clusters. Building upon this capability, Insight serves as a unified observability solution for multiple clusters. It collects observability data from multiple clusters by deploying the insight-agent plugin and allows querying of metrics, logs, and trace data through the AI platform Insight.
insight-agent is a tool that facilitates the collection of observability data from multiple clusters. Once installed, it automatically collects metrics, logs, and trace data without any modifications.
Clusters created through Container Management come pre-installed with insight-agent. Hence, this guide specifically provides instructions on enabling observability for integrated clusters.
As a unified observability platform for multiple clusters, Insight's resource consumption of certain components is closely related to the data of cluster creation and the number of integrated clusters. When installing insight-agent, it is necessary to adjust the resources of the proper components based on the cluster size.
Adjust the CPU and memory resources of the Prometheus collection component in insight-agent according to the size of the cluster created or integrated. Please refer to Prometheus resource planning.
As the metric data from multiple clusters is stored centrally, AI platform administrators need to adjust the disk space of vmstorage based on the cluster size. Please refer to vmstorage disk capacity planning.
For instructions on adjusting the disk space of vmstorage, please refer to Expanding vmstorage disk.
Since AI platform supports the management of multicloud and multiple clusters, insight-agent has undergone partial verification. However, there are known conflicts with monitoring components when installing insight-agent in Suanova 4.0 clusters and Openshift 4.x clusters. If you encounter similar issues, please refer to the following documents:
Currently, the insight-agent collection component has undergone functional testing for popular versions of Kubernetes. Please refer to:
The Insight Module supports switching log to Big Log mode and trace to Big Trace mode, in order to enhance data writing capabilities in large-scale environments. This page introduces following methods for enabling these modes:
manifest.yaml
)This section explains the differences between the normal log mode and the Big Log mode.
"},{"location":"en/admin/insight/quickstart/install/big-log-and-trace.html#log-mode","title":"Log Mode","text":"Components: Fluentbit + Elasticsearch
This mode is referred to as the ES mode, and the data flow diagram is shown below:
"},{"location":"en/admin/insight/quickstart/install/big-log-and-trace.html#big-log-mode","title":"Big Log Mode","text":"Components: Fluentbit + Kafka + Vector + Elasticsearch
This mode is referred to as the Kafka mode, and the data flow diagram is shown below:
"},{"location":"en/admin/insight/quickstart/install/big-log-and-trace.html#traces","title":"Traces","text":"This section explains the differences between the normal trace mode and the Big Trace mode.
"},{"location":"en/admin/insight/quickstart/install/big-log-and-trace.html#trace-mode","title":"Trace Mode","text":"Components: Agent opentelemetry-collector + Global opentelemetry-collector + Jaeger-collector + Elasticsearch
This mode is referred to as the OTlp mode, and the data flow diagram is shown below:
"},{"location":"en/admin/insight/quickstart/install/big-log-and-trace.html#big-trace-mode","title":"Big Trace Mode","text":"Components: Agent opentelemetry-collector + Kafka + Global opentelemetry-collector + Jaeger-collector + Elasticsearch
This mode is referred to as the Kafka mode, and the data flow diagram is shown below:
"},{"location":"en/admin/insight/quickstart/install/big-log-and-trace.html#enabling-via-installer","title":"Enabling via Installer","text":"When deploying/upgrading AI platform using the installer, the manifest.yaml
file includes the infrastructures.kafka
field. To enable observable Big Log and Big Trace modes, Kafka must be activated:
apiVersion: manifest.daocloud.io/v1alpha1\nkind: SuanovaManifest\n...\ninfrastructures:\n ...\n kafka:\n enable: true # Default is false\n cpuLimit: 1\n memLimit: 2Gi\n pvcSize: 15Gi\n
"},{"location":"en/admin/insight/quickstart/install/big-log-and-trace.html#enable","title":"Enable","text":"When using a manifest.yaml
that enables kafka
during installation, Kafka middleware will be installed by default, and Big Log and Big Trace modes will be enabled automatically. The installation command is:
./dce5-installer cluster-create -c clusterConfig.yaml -m manifest.yaml\n
"},{"location":"en/admin/insight/quickstart/install/big-log-and-trace.html#upgrade","title":"Upgrade","text":"The upgrade also involves modifying the kafka
field. However, note that since the old environment was installed with kafka: false
, Kafka is not present in the environment. Therefore, you need to specify the upgrade for middleware
to install Kafka middleware simultaneously. The upgrade command is:
./dce5-installer cluster-create -c clusterConfig.yaml -m manifest.yaml -u gproduct,middleware\n
Note
After the upgrade is complete, you need to manually restart the following components:
Prerequisites: Ensure that there is a usable Kafka and that the address is accessible.
Use the following commands to retrieve the values of the old versions of Insight and insight-agent (it's recommended to back them up):
helm get values insight -n insight-system -o yaml > insight.yaml\nhelm get values insight-agent -n insight-system -o yaml > insight-agent.yaml\n
"},{"location":"en/admin/insight/quickstart/install/big-log-and-trace.html#enabling-big-log","title":"Enabling Big Log","text":"There are several ways to enable or upgrade to Big Log mode:
Use--set
in the helm upgrade
commandModify YAML and run helm upgradeUpgrade via Container Management UI First, run the following Insight upgrade command, ensuring the Kafka brokers address is correct:
helm upgrade insight insight-release/insight \\\n -n insight-system \\\n -f ./insight.yaml \\\n --set global.kafka.brokers=\"10.6.216.111:30592\" \\\n --set global.kafka.enabled=true \\\n --set vector.enabled=true \\\n --version 0.30.1\n
Then, run the following insight-agent upgrade command, ensuring the Kafka brokers address is correct:
helm upgrade insight-agent insight-release/insight-agent \\\n -n insight-system \\\n -f ./insight-agent.yaml \\\n --set global.exporters.logging.kafka.brokers=\"10.6.216.111:30592\" \\\n --set global.exporters.logging.output=kafka \\\n --version 0.30.1\n
Follow these steps to modify the YAML and then run the helm upgrade
command:
Modify insight.yaml
global:\n ...\n kafka:\n brokers: 10.6.216.111:30592\n enabled: true\n...\nvector:\n enabled: true\n
Upgrade the Insight component:
helm upgrade insight insight-release/insight \\\n -n insight-system \\\n -f ./insight.yaml \\\n --version 0.30.1\n
Modify insight-agent.yaml
global:\n ...\n exporters:\n ...\n logging:\n ...\n kafka:\n brokers: 10.6.216.111:30592\n output: kafka\n
Upgrade the insight-agent:
helm upgrade insight-agent insight-release/insight-agent \\\n -n insight-system \\\n -f ./insight-agent.yaml \\\n --version 0.30.1\n
In the Container Management module, find the cluster, select Helm Apps from the left navigation bar, and find and update the insight-agent.
In Logging Settings, select kafka for output and fill in the correct brokers address.
Note that after the upgrade is complete, you need to manually restart the insight-agent-fluent-bit component.
"},{"location":"en/admin/insight/quickstart/install/big-log-and-trace.html#enabling-big-trace","title":"Enabling Big Trace","text":"There are several ways to enable or upgrade to Big Trace mode:
Using --set in thehelm upgrade
commandModify YAML and run helm upgradeUpgrade via Container Management UI First, run the following Insight upgrade command, ensuring the Kafka brokers address is correct:
helm upgrade insight insight-release/insight \\\n -n insight-system \\\n -f ./insight.yaml \\\n --set global.kafka.brokers=\"10.6.216.111:30592\" \\\n --set global.kafka.enabled=true \\\n --set global.tracing.kafkaReceiver.enabled=true \\\n --version 0.30.1\n
Then, run the following insight-agent upgrade command, ensuring the Kafka brokers address is correct:
helm upgrade insight-agent insight-release/insight-agent \\\n -n insight-system \\\n -f ./insight-agent.yaml \\\n --set global.exporters.trace.kafka.brokers=\"10.6.216.111:30592\" \\\n --set global.exporters.trace.output=kafka \\\n --version 0.30.1\n
Follow these steps to modify the YAML and then run the helm upgrade
command:
Modify insight.yaml
global:\n ...\n kafka:\n brokers: 10.6.216.111:30592\n enabled: true\n...\ntracing:\n ...\n kafkaReceiver:\n enabled: true\n
Upgrade the Insight component:
helm upgrade insight insight-release/insight \\\n -n insight-system \\\n -f ./insight.yaml \\\n --version 0.30.1\n
Modify insight-agent.yaml
global:\n ...\n exporters:\n ...\n trace:\n ...\n kafka:\n brokers: 10.6.216.111:30592\n output: kafka\n
Upgrade the insight-agent:
helm upgrade insight-agent insight-release/insight-agent \\\n -n insight-system \\\n -f ./insight-agent.yaml \\\n --version 0.30.1\n
In the Container Management module, find the cluster, select Helm Apps from the left navigation bar, and find and update the insight-agent.
In Trace Settings, select kafka for output and fill in the correct brokers address.
Note that after the upgrade is complete, you need to manually restart the insight-agent-opentelemetry-collector and insight-opentelemetry-collector components.
"},{"location":"en/admin/insight/quickstart/install/component-scheduling.html","title":"Custom Insight Component Scheduling Policy","text":"When deploying Insight to a Kubernetes environment, proper resource management and optimization are crucial. Insight includes several core components such as Prometheus, OpenTelemetry, FluentBit, Vector, and Elasticsearch. These components, during their operation, may negatively impact the performance of other pods within the cluster due to resource consumption issues. To effectively manage resources and optimize cluster operations, node affinity becomes an important option.
This page is about how to add taints and node affinity to ensure that each component runs on the appropriate nodes, avoiding resource competition or contention, thereby guranttee the stability and efficiency of the entire Kubernetes cluster.
"},{"location":"en/admin/insight/quickstart/install/component-scheduling.html#configure-dedicated-nodes-for-insight-using-taints","title":"Configure dedicated nodes for Insight using taints","text":"Since the Insight Agent includes DaemonSet components, the configuration method described in this section is to have all components except the Insight DaemonSet run on dedicated nodes.
This is achieved by adding taints to the dedicated nodes and using tolerations to match them. More details can be found in the Kubernetes official documentation.
You can refer to the following commands to add and remove taints on nodes:
# Add taint\nkubectl taint nodes worker1 node.daocloud.io=insight-only:NoSchedule\n\n# Remove taint\nkubectl taint nodes worker1 node.daocloud.io:NoSchedule-\n
There are two ways to schedule Insight components to dedicated nodes:
"},{"location":"en/admin/insight/quickstart/install/component-scheduling.html#1-add-tolerations-for-each-component","title":"1. Add tolerations for each component","text":"Configure the tolerations for the insight-server
and insight-agent
Charts respectively:
server:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n\nui:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n\nrunbook:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n\n# mysql:\nvictoria-metrics-k8s-stack:\n victoria-metrics-operator:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n vmcluster:\n spec:\n vmstorage:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n vmselect:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n vminsert:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n vmalert:\n spec:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n alertmanager:\n spec:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n\njaeger:\n collector:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n query:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n\nopentelemetry-collector-aggregator:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n\nopentelemetry-collector:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n\ngrafana-operator:\n operator:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n grafana:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\nkibana:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n\nelastic-alert:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n\nvector:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n
kube-prometheus-stack:\n prometheus:\n prometheusSpec:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n prometheus-node-exporter:\n tolerations:\n - effect: NoSchedule\n operator: Exists\n prometheusOperator:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n\nkube-state-metrics:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\nopentelemetry-operator:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\nopentelemetry-collector:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\ntailing-sidecar-operator:\n operator:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\nopentelemetry-kubernetes-collector:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\nprometheus-blackbox-exporter:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\netcd-exporter:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\" \n
"},{"location":"en/admin/insight/quickstart/install/component-scheduling.html#2-configure-at-the-namespace-level","title":"2. Configure at the namespace level","text":"Allow pods in the insight-system
namespace to tolerate the node.daocloud.io=insight-only
taint.
Adjust the apiserver
configuration file /etc/kubernetes/manifests/kube-apiserver.yaml
to include PodTolerationRestriction,PodNodeSelector
. See the following picture:
Add an annotation to the insight-system
namespace:
apiVersion: v1\nkind: Namespace\nmetadata:\n name: insight-system\n annotations:\n scheduler.alpha.kubernetes.io/defaultTolerations: '[{\"operator\": \"Equal\", \"effect\": \"NoSchedule\", \"key\": \"node.daocloud.io\", \"value\": \"insight-only\"}]'\n
Restart the components under the insight-system namespace to allow normal scheduling of pods under the insight-system.
"},{"location":"en/admin/insight/quickstart/install/component-scheduling.html#use-node-labels-and-node-affinity-to-manage-component-scheduling","title":"Use node labels and node affinity to manage component scheduling","text":"Info
Node affinity is conceptually similar to nodeSelector
, allowing you to constrain which nodes a pod can be scheduled on based on labels on the nodes. There are two types of node affinity:
For more details, please refer to the Kubernetes official documentation.
To meet different user needs for scheduling Insight components, Insight provides fine-grained labels for different components' scheduling policies. Below is a description of the labels and their associated components:
Label Key Label Value Descriptionnode.daocloud.io/insight-any
Any value, recommended to use true
Represents that all Insight components prefer nodes with this label node.daocloud.io/insight-prometheus
Any value, recommended to use true
Specifically for Prometheus components node.daocloud.io/insight-vmstorage
Any value, recommended to use true
Specifically for VictoriaMetrics vmstorage components node.daocloud.io/insight-vector
Any value, recommended to use true
Specifically for Vector components node.daocloud.io/insight-otel-col
Any value, recommended to use true
Specifically for OpenTelemetry components You can refer to the following commands to add and remove labels on nodes:
# Add label to node8, prioritizing scheduling insight-prometheus to node8 \nkubectl label nodes node8 node.daocloud.io/insight-prometheus=true\n\n# Remove the node.daocloud.io/insight-prometheus label from node8\nkubectl label nodes node8 node.daocloud.io/insight-prometheus-\n
Below is the default affinity preference for the insight-prometheus component during deployment:
affinity:\n nodeAffinity:\n preferredDuringSchedulingIgnoredDuringExecution:\n - preference:\n matchExpressions:\n - key: node-role.kubernetes.io/control-plane\n operator: DoesNotExist\n weight: 1\n - preference:\n matchExpressions:\n - key: node.daocloud.io/insight-prometheus # (1)!\n operator: Exists\n weight: 2\n - preference:\n matchExpressions:\n - key: node.daocloud.io/insight-any\n operator: Exists\n weight: 3\n podAntiAffinity:\n preferredDuringSchedulingIgnoredDuringExecution:\n - weight: 1\n podAffinityTerm:\n topologyKey: kubernetes.io/hostname\n labelSelector:\n matchExpressions:\n - key: app.kubernetes.io/instance\n operator: In\n values:\n - insight-agent-kube-prometh-prometheus\n
Insight is a product for unified observation of multiple clusters. To achieve unified storage and querying of observation data from multiple clusters, sub-clusters need to report the collected observation data to the global service cluster for unified storage. This document provides the required address of the storage component when installing the collection component insight-agent.
"},{"location":"en/admin/insight/quickstart/install/gethosturl.html#install-insight-agent-in-global-service-cluster","title":"Install insight-agent in Global Service Cluster","text":"If installing insight-agent in the global service cluster, it is recommended to access the cluster via domain name:
export vminsert_host=\"vminsert-insight-victoria-metrics-k8s-stack.insight-system.svc.cluster.local\" # (1)!\nexport es_host=\"insight-es-master.insight-system.svc.cluster.local\" # (2)!\nexport otel_col_host=\"insight-opentelemetry-collector.insight-system.svc.cluster.local\" # (3)!\n
"},{"location":"en/admin/insight/quickstart/install/gethosturl.html#install-insight-agent-in-other-clusters","title":"Install insight-agent in Other Clusters","text":""},{"location":"en/admin/insight/quickstart/install/gethosturl.html#get-address-via-interface-provided-by-insight-server","title":"Get Address via Interface Provided by Insight Server","text":"The management cluster uses the default LoadBalancer mode for exposure.
Log in to the console of the global service cluster and run the following command:
export INSIGHT_SERVER_IP=$(kubectl get service insight-server -n insight-system --output=jsonpath={.spec.clusterIP})\ncurl --location --request POST 'http://'\"${INSIGHT_SERVER_IP}\"'/apis/insight.io/v1alpha1/agentinstallparam'\n
Note
Please replace the ${INSIGHT_SERVER_IP}
parameter in the command.
You will get the following response:
{\n \"values\": {\n \"global\": {\n \"exporters\": {\n \"logging\": {\n \"host\": \"10.6.182.32\"\n },\n \"metric\": {\n \"host\": \"10.6.182.32\"\n },\n \"auditLog\": {\n \"host\": \"10.6.182.32\"\n },\n \"trace\": {\n \"host\": \"10.6.182.32\"\n }\n }\n },\n \"opentelemetry-operator\": {\n \"enabled\": true\n },\n \"opentelemetry-collector\": {\n \"enabled\": true\n }\n }\n}\n
global.exporters.logging.host
is the log service address, no need to set the proper service port, the default value will be used.global.exporters.metric.host
is the metrics service address.global.exporters.trace.host
is the trace service address.global.exporters.auditLog.host
is the audit log service address (same service as trace but different port).Management cluster disables LoadBalancer
When calling the interface, you need to additionally pass an externally accessible node IP from the cluster, which will be used to construct the complete access address of the proper service.
export INSIGHT_SERVER_IP=$(kubectl get service insight-server -n insight-system --output=jsonpath={.spec.clusterIP})\ncurl --location --request POST 'http://'\"${INSIGHT_SERVER_IP}\"'/apis/insight.io/v1alpha1/agentinstallparam' --data '{\"extra\": {\"EXPORTER_EXTERNAL_IP\": \"10.5.14.51\"}}'\n
You will get the following response:
{\n \"values\": {\n \"global\": {\n \"exporters\": {\n \"logging\": {\n \"scheme\": \"https\",\n \"host\": \"10.5.14.51\",\n \"port\": 32007,\n \"user\": \"elastic\",\n \"password\": \"j8V1oVoM1184HvQ1F3C8Pom2\"\n },\n \"metric\": {\n \"host\": \"10.5.14.51\",\n \"port\": 30683\n },\n \"auditLog\": {\n \"host\": \"10.5.14.51\",\n \"port\": 30884\n },\n \"trace\": {\n \"host\": \"10.5.14.51\",\n \"port\": 30274\n }\n }\n },\n \"opentelemetry-operator\": {\n \"enabled\": true\n },\n \"opentelemetry-collector\": {\n \"enabled\": true\n }\n }\n}\n
global.exporters.logging.host
is the log service address.global.exporters.logging.port
is the NodePort exposed by the log service.global.exporters.metric.host
is the metrics service address.global.exporters.metric.port
is the NodePort exposed by the metrics service.global.exporters.trace.host
is the trace service address.global.exporters.trace.port
is the NodePort exposed by the trace service.global.exporters.auditLog.host
is the audit log service address (same service as trace but different port).global.exporters.auditLog.port
is the NodePort exposed by the audit log service.If LoadBalancer
is enabled in the cluster and a VIP
is set for Insight, you can manually execute the following command to obtain the address information for vminsert
and opentelemetry-collector
:
$ kubectl get service -n insight-system | grep lb\nlb-insight-opentelemetry-collector LoadBalancer 10.233.23.12 <pending> 4317:31286/TCP,8006:31351/TCP 24d\nlb-vminsert-insight-victoria-metrics-k8s-stack LoadBalancer 10.233.63.67 <pending> 8480:31629/TCP 24d\n
lb-vminsert-insight-victoria-metrics-k8s-stack
is the address for the metrics service.lb-insight-opentelemetry-collector
is the address for the tracing service.Execute the following command to obtain the address information for elasticsearch
:
$ kubectl get service -n mcamel-system | grep es\nmcamel-common-es-cluster-masters-es-http NodePort 10.233.16.120 <none> 9200:30465/TCP 47d\n
mcamel-common-es-cluster-masters-es-http
is the address for the logging service.
The LoadBalancer feature is disabled in the global service cluster.
In this case, the LoadBalancer resources mentioned above will not be created by default. The relevant service names are:
After obtaining the proper port information for the services in the above two scenarios, make the following settings:
--set global.exporters.logging.host= # (1)!\n--set global.exporters.logging.port= # (2)!\n--set global.exporters.metric.host= # (3)!\n--set global.exporters.metric.port= # (4)!\n--set global.exporters.trace.host= # (5)!\n--set global.exporters.trace.port= # (6)!\n--set global.exporters.auditLog.host= # (7)!\n
insight-agent is a plugin for collecting insight data, supporting unified observation of metrics, links, and log data. This article describes how to install insight-agent in an online environment for the accessed cluster.
"},{"location":"en/admin/insight/quickstart/install/install-agent.html#prerequisites","title":"Prerequisites","text":"Please confirm that your cluster has successfully connected to the container management platform. You can refer to Integrate Clusters for details.
"},{"location":"en/admin/insight/quickstart/install/install-agent.html#steps","title":"Steps","text":"Enter Container Management from the left navigation bar, and enter Clusters . Find the cluster where you want to install insight-agent.
Choose Install now to jump, or click the cluster and click Helm Apps -> Helm Templates in the left navigation bar, search for insight-agent in the search box, and click it for details.
Select the appropriate version and click Install .
Fill in the name, select the namespace and version, and fill in the addresses of logging, metric, audit, and trace reporting data in the yaml file. The system has filled in the address of the component for data reporting by default, please check it before clicking OK to install.
If you need to modify the data reporting address, please refer to Get Data Reporting Address.
The system will automatically return to Helm Apps . When the application status changes from Unknown to Deployed , it means that insight-agent is installed successfully.
Note
Click \u2507 on the far right, and you can perform more operations such as Update , View YAML and Delete in the pop-up menu.
This page lists some issues related to the installation and uninstallation of Insight Agent and their workarounds.
"},{"location":"en/admin/insight/quickstart/install/knownissues.html#uninstallation-failure-of-insight-agent","title":"Uninstallation Failure of Insight Agent","text":"When you run the following command to uninstall Insight Agent,
helm uninstall insight agent\n
The tls secret
used by otel-operator
is failed to uninstall.
Due to the logic of \"reusing tls secret\" in the following code of otel-operator
, it checks whether MutationConfiguration
exists and reuses the CA cert bound in MutationConfiguration. However, since helm uninstall
has uninstalled MutationConfiguration
, it results in a null value.
Therefore, please manually delete the proper secret
using one of the following methods:
Delete via command line: Log in to the console of the target cluster and run the following command:
kubectl -n insight-system delete secret insight-agent-opentelemetry-operator-controller-manager-service-cert\n
Delete via UI: Log in to AI platform container management, select the target cluster, select Secret from the left menu, input insight-agent-opentelemetry-operator-controller-manager-service-cert
, then select Delete
.
When updating the log configuration of the insight-agent from Elasticsearch to Kafka or from Kafka to Elasticsearch, the changes do not take effect and the agent continues to use the previous configuration.
Solution :
Manually restart Fluent Bit in the cluster.
"},{"location":"en/admin/insight/quickstart/install/knownissues.html#podmonitor-collects-multiple-sets-of-jvm-metrics","title":"PodMonitor Collects Multiple Sets of JVM Metrics","text":"In this version, there is a defect in PodMonitor/insight-kubernetes-pod: it will incorrectly create Jobs to collect metrics for all containers in Pods that are marked with insight.opentelemetry.io/metric-scrape=true
, instead of only the containers proper to insight.opentelemetry.io/metric-port
.
After PodMonitor is declared, PrometheusOperator will pre-configure some service discovery configurations. Considering the compatibility of CRDs, it is abandoned to configure the collection tasks through annotations.
Use the additional scrape config mechanism provided by Prometheus to configure the service discovery rules in a secret and introduce them into Prometheus.
Therefore:
In the new rule, action: keepequal is used to compare the consistency between source_labels and target_label to determine whether to create collection tasks for the ports of a container. Note that this feature is only available in Prometheus v2.41.0 (2022-12-20) and higher.
+ - source_labels: [__meta_kubernetes_pod_annotation_insight_opentelemetry_io_metric_port]\n+ separator: ;\n+ target_label: __meta_kubernetes_pod_container_port_number\n+ action: keepequal\n
"},{"location":"en/admin/insight/quickstart/install/upgrade-note.html","title":"Upgrade Notes","text":"This page provides some considerations for upgrading insight-server and insight-agent.
"},{"location":"en/admin/insight/quickstart/install/upgrade-note.html#upgrade-from-v028x-or-lower-to-v029x","title":"Upgrade from v0.28.x (or lower) to v0.29.x","text":"Due to the upgrade of the Opentelemetry community operator chart version in v0.29.0, the supported values for featureGates
in the values file have changed. Therefore, before upgrading, you need to set the value of featureGates
to empty, as follows:
- --set opentelemetry-operator.manager.featureGates=\"+operator.autoinstrumentation.go,+operator.autoinstrumentation.multi-instrumentation,+operator.autoinstrumentation.nginx\" \\\n+ --set opentelemetry-operator.manager.featureGates=\"\"\n
"},{"location":"en/admin/insight/quickstart/install/upgrade-note.html#upgrade-from-v026x-or-lower-to-v027x-or-higher","title":"Upgrade from v0.26.x (or lower) to v0.27.x or higher","text":"In v0.27.x, the switch for the vector component has been separated. If the existing environment has vector enabled, you need to specify --set vector.enabled=true
when upgrading the insight-server.
Before upgrading Insight , you need to manually delete the jaeger-collector and jaeger-query deployments by running the following command:
kubectl -n insight-system delete deployment insight-jaeger-collector\nkubectl -n insight-system delete deployment insight-jaeger-query\n
"},{"location":"en/admin/insight/quickstart/install/upgrade-note.html#upgrade-from-v017x-or-lower-to-v018x","title":"Upgrade from v0.17.x (or lower) to v0.18.x","text":"In v0.18.x, there have been updates to the Jaeger-related deployment files, so you need to manually run the following commands before upgrading insight-server:
kubectl -n insight-system delete deployment insight-jaeger-collector\nkubectl -n insight-system delete deployment insight-jaeger-query\n
There have been changes to metric names in v0.18.x, so after upgrading insight-server, insight-agent should also be upgraded.
In addition, the parameters for enabling the tracing module and adjusting the ElasticSearch connection have been modified. Refer to the following parameters:
+ --set global.tracing.enable=true \\\n- --set jaeger.collector.enabled=true \\\n- --set jaeger.query.enabled=true \\\n+ --set global.elasticsearch.scheme=${your-external-elasticsearch-scheme} \\\n+ --set global.elasticsearch.host=${your-external-elasticsearch-host} \\\n+ --set global.elasticsearch.port=${your-external-elasticsearch-port} \\\n+ --set global.elasticsearch.user=${your-external-elasticsearch-username} \\\n+ --set global.elasticsearch.password=${your-external-elasticsearch-password} \\\n- --set jaeger.storage.elasticsearch.scheme=${your-external-elasticsearch-scheme} \\\n- --set jaeger.storage.elasticsearch.host=${your-external-elasticsearch-host} \\\n- --set jaeger.storage.elasticsearch.port=${your-external-elasticsearch-port} \\\n- --set jaeger.storage.elasticsearch.user=${your-external-elasticsearch-username} \\\n- --set jaeger.storage.elasticsearch.password=${your-external-elasticsearch-password} \\\n
"},{"location":"en/admin/insight/quickstart/install/upgrade-note.html#upgrade-from-v015x-or-lower-to-v016x","title":"Upgrade from v0.15.x (or lower) to v0.16.x","text":"In v0.16.x, a new feature parameter disableRouteContinueEnforce
in the vmalertmanagers CRD
is used. Therefore, you need to manually run the following command before upgrading insight-server:
kubectl apply --server-side -f https://raw.githubusercontent.com/VictoriaMetrics/operator/v0.33.0/config/crd/bases/operator.victoriametrics.com_vmalertmanagers.yaml --force-conflicts\n
Note
If you are performing an offline installation, after extracting the insight offline package, please run the following command to update CRDs.
kubectl apply --server-side -f insight/dependency-crds --force-conflicts \n
"},{"location":"en/admin/insight/quickstart/install/upgrade-note.html#upgrade-from-v023x-or-lower-to-v024x","title":"Upgrade from v0.23.x (or lower) to v0.24.x","text":"In v0.24.x, CRDs have been added to the OTEL operator chart
. However, helm upgrade does not update CRDs, so you need to manually run the following command:
kubectl apply -f https://raw.githubusercontent.com/open-telemetry/opentelemetry-helm-charts/main/charts/opentelemetry-operator/crds/crd-opentelemetry.io_opampbridges.yaml\n
If you are performing an offline installation, you can find the above CRD yaml file after extracting the insight-agent offline package. After extracting the insight-agent Chart, manually run the following command:
kubectl apply -f charts/agent/crds/crd-opentelemetry.io_opampbridges.yaml\n
"},{"location":"en/admin/insight/quickstart/install/upgrade-note.html#upgrade-from-v019x-or-lower-to-v020x","title":"Upgrade from v0.19.x (or lower) to v0.20.x","text":"In v0.20.x, Kafka log export configuration has been added, and there have been some adjustments to the log export configuration. Before upgrading insight-agent , please note the parameter changes. The previous logging configuration has been moved to the logging.elasticsearch configuration:
- --set global.exporters.logging.host \\\n- --set global.exporters.logging.port \\\n+ --set global.exporters.logging.elasticsearch.host \\\n+ --set global.exporters.logging.elasticsearch.port \\\n
"},{"location":"en/admin/insight/quickstart/install/upgrade-note.html#upgrade-from-v017x-or-lower-to-v018x_1","title":"Upgrade from v0.17.x (or lower) to v0.18.x","text":"Due to the updated deployment files for Jaeger In v0.18.x, it is important to note the changes in parameters before upgrading the insight-agent.
+ --set global.exporters.trace.enable=true \\\n- --set opentelemetry-collector.enabled=true \\\n- --set opentelemetry-operator.enabled=true \\\n
"},{"location":"en/admin/insight/quickstart/install/upgrade-note.html#upgrade-from-v016x-or-lower-to-v017x","title":"Upgrade from v0.16.x (or lower) to v0.17.x","text":"In v0.17.x, the kube-prometheus-stack chart version was upgraded from 41.9.1 to 45.28.1, and there were also some field upgrades in the CRD used, such as the attachMetadata field of servicemonitor. Therefore, the following command needs to be rund before upgrading the insight-agent:
kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.65.1/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --force-conflicts\n
If you are performing an offline installation, you can find the yaml for the above CRD in insight-agent/dependency-crds after extracting the insight-agent offline package.
"},{"location":"en/admin/insight/quickstart/install/upgrade-note.html#upgrade-from-v011x-or-earlier-to-v012x","title":"Upgrade from v0.11.x (or earlier) to v0.12.x","text":"v0.12.x upgrades kube-prometheus-stack chart from 39.6.0 to 41.9.1, including prometheus-operator to v0.60.1, prometheus-node-exporter chart to v4.3.0. Prometheus-node-exporter uses Kubernetes recommended label after upgrading, so you need to delete node-exporter daemonset. prometheus-operator has updated the CRD, so you need to run the following command before upgrading the insight-agent:
kubectl delete daemonset insight-agent-prometheus-node-exporter -n insight-system\nkubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml --force- conflicts\nkubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml --force- conflicts\nkubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml --force- conflicts\nkubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml --force- conflicts\nkubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml --force- conflicts\nkubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml --force- conflicts\nkubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --force- conflicts\nkubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml --force- conflicts\n
Note
If you are installing offline, you can run the following command to update the CRD after decompressing the insight-agent offline package.
kubectl apply --server-side -f insight-agent/dependency-crds --force-conflicts\n
"},{"location":"en/admin/insight/quickstart/otel/operator.html","title":"Enhance Applications Non-Intrusively with Operators","text":"Currently, only Java, Node.js, Python, .NET, and Golang support non-intrusive integration through the Operator approach.
"},{"location":"en/admin/insight/quickstart/otel/operator.html#prerequisites","title":"Prerequisites","text":"Please ensure that the insight-agent is ready. If not, please refer to Install insight-agent for data collection and make sure the following three items are ready:
Tip
Starting from Insight v0.22.0, there is no longer a need to manually install the Instrumentation CR.
Install it in the insight-system namespace. There are some minor differences between different versions.
Insight v0.21.xInsight v0.20.xInsight v0.18.xInsight v0.17.xInsight v0.16.xK8S_CLUSTER_UID=$(kubectl get namespace kube-system -o jsonpath='{.metadata.uid}')\nkubectl apply -f - <<EOF\napiVersion: opentelemetry.io/v1alpha1\nkind: Instrumentation\nmetadata:\n name: insight-opentelemetry-autoinstrumentation\n namespace: insight-system\nspec:\n # https://github.com/open-telemetry/opentelemetry-operator/blob/main/docs/api.md#instrumentationspecresource\n resource:\n addK8sUIDAttributes: true\n env:\n - name: OTEL_EXPORTER_OTLP_ENDPOINT\n value: http://insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317\n sampler:\n # Enum: always_on, always_off, traceidratio, parentbased_always_on, parentbased_always_off, parentbased_traceidratio, jaeger_remote, xray\n type: always_on\n java:\n image: ghcr.m.daocloud.io/openinsight-proj/autoinstrumentation-java:1.31.0\n env:\n - name: OTEL_JAVAAGENT_DEBUG\n value: \"false\"\n - name: OTEL_INSTRUMENTATION_JDBC_ENABLED\n value: \"true\"\n - name: SPLUNK_PROFILER_ENABLED\n value: \"false\"\n - name: OTEL_METRICS_EXPORTER\n value: \"prometheus\"\n - name: OTEL_METRICS_EXPORTER_PORT\n value: \"9464\"\n - name: OTEL_K8S_CLUSTER_UID\n value: $K8S_CLUSTER_UID\n nodejs:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-nodejs:0.41.1\n python:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-python:0.40b0\n dotnet:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-dotnet:1.0.0\n go:\n # Must set the default value manually for now.\n # See https://github.com/open-telemetry/opentelemetry-operator/issues/1756 for details.\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-go-instrumentation/autoinstrumentation-go:v0.2.2-alpha\nEOF\n
kubectl apply -f - <<EOF\napiVersion: opentelemetry.io/v1alpha1\nkind: Instrumentation\nmetadata:\n name: insight-opentelemetry-autoinstrumentation\n namespace: insight-system\nspec:\n # https://github.com/open-telemetry/opentelemetry-operator/blob/main/docs/api.md#instrumentationspecresource\n resource:\n addK8sUIDAttributes: true\n env:\n - name: OTEL_EXPORTER_OTLP_ENDPOINT\n value: http://insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317\n sampler:\n # Enum: always_on, always_off, traceidratio, parentbased_always_on, parentbased_always_off, parentbased_traceidratio, jaeger_remote, xray\n type: always_on\n java:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-java:1.29.0\n env:\n - name: OTEL_JAVAAGENT_DEBUG\n value: \"false\"\n - name: OTEL_INSTRUMENTATION_JDBC_ENABLED\n value: \"true\"\n - name: SPLUNK_PROFILER_ENABLED\n value: \"false\"\n - name: OTEL_METRICS_EXPORTER\n value: \"prometheus\"\n - name: OTEL_METRICS_EXPORTER_PORT\n value: \"9464\"\n nodejs:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-nodejs:0.41.1\n python:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-python:0.40b0\n dotnet:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-dotnet:1.0.0-rc.2\n go:\n # Must set the default value manually for now.\n # See https://github.com/open-telemetry/opentelemetry-operator/issues/1756 for details.\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-go-instrumentation/autoinstrumentation-go:v0.2.2-alpha\nEOF\n
kubectl apply -f - <<EOF\napiVersion: opentelemetry.io/v1alpha1\nkind: Instrumentation\nmetadata:\n name: insight-opentelemetry-autoinstrumentation\n namespace: insight-system\nspec:\n # https://github.com/open-telemetry/opentelemetry-operator/blob/main/docs/api.md#instrumentationspecresource\n resource:\n addK8sUIDAttributes: true\n env:\n - name: OTEL_EXPORTER_OTLP_ENDPOINT\n value: http://insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317\n sampler:\n # Enum: always_on, always_off, traceidratio, parentbased_always_on, parentbased_always_off, parentbased_traceidratio, jaeger_remote, xray\n type: always_on\n java:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-java:1.25.0\n env:\n - name: OTEL_JAVAAGENT_DEBUG\n value: \"false\"\n - name: OTEL_INSTRUMENTATION_JDBC_ENABLED\n value: \"true\"\n - name: SPLUNK_PROFILER_ENABLED\n value: \"false\"\n - name: OTEL_METRICS_EXPORTER\n value: \"prometheus\"\n - name: OTEL_METRICS_EXPORTER_PORT\n value: \"9464\"\n nodejs:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-nodejs:0.37.0\n python:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-python:0.38b0\n go:\n # Must set the default value manually for now.\n # See https://github.com/open-telemetry/opentelemetry-operator/issues/1756 for details.\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-go-instrumentation/autoinstrumentation-go:v0.2.1-alpha\nEOF\n
kubectl apply -f - <<EOF\napiVersion: opentelemetry.io/v1alpha1\nkind: Instrumentation\nmetadata:\n name: insight-opentelemetry-autoinstrumentation\n namespace: insight-system\nspec:\n # https://github.com/open-telemetry/opentelemetry-operator/blob/main/docs/api.md#instrumentationspecresource\n resource:\n addK8sUIDAttributes: true\n env:\n - name: OTEL_EXPORTER_OTLP_ENDPOINT\n value: http://insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317\n sampler:\n # Enum: always_on, always_off, traceidratio, parentbased_always_on, parentbased_always_off, parentbased_traceidratio, jaeger_remote, xray\n type: always_on\n java:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-java:1.23.0\n env:\n - name: OTEL_JAVAAGENT_DEBUG\n value: \"false\"\n - name: OTEL_INSTRUMENTATION_JDBC_ENABLED\n value: \"true\"\n - name: SPLUNK_PROFILER_ENABLED\n value: \"false\"\n - name: OTEL_METRICS_EXPORTER\n value: \"prometheus\"\n - name: OTEL_METRICS_EXPORTER_PORT\n value: \"9464\"\n nodejs:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-nodejs:0.34.0\n python:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-python:0.33b0\nEOF\n
kubectl apply -f - <<EOF\napiVersion: opentelemetry.io/v1alpha1\nkind: Instrumentation\nmetadata:\n name: insight-opentelemetry-autoinstrumentation\n namespace: insight-system\nspec:\n # https://github.com/open-telemetry/opentelemetry-operator/blob/main/docs/api.md#instrumentationspecresource\n resource:\n addK8sUIDAttributes: true\n env:\n - name: OTEL_EXPORTER_OTLP_ENDPOINT\n value: http://insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317\n sampler:\n # Enum: always_on, always_off, traceidratio, parentbased_always_on, parentbased_always_off, parentbased_traceidratio, jaeger_remote, xray\n type: always_on\n java:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-java:1.23.0\n env:\n - name: OTEL_JAVAAGENT_DEBUG\n value: \"false\"\n - name: OTEL_INSTRUMENTATION_JDBC_ENABLED\n value: \"true\"\n - name: SPLUNK_PROFILER_ENABLED\n value: \"false\"\n - name: OTEL_METRICS_EXPORTER\n value: \"prometheus\"\n - name: OTEL_METRICS_EXPORTER_PORT\n value: \"9464\"\n nodejs:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-nodejs:0.34.0\n python:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-python:0.33b0\nEOF\n
"},{"location":"en/admin/insight/quickstart/otel/operator.html#works-with-the-service-mesh-product-mspider","title":"Works with the Service Mesh Product (Mspider)","text":"If you enable the tracing capability of the Mspider(Service Mesh), you need to add an additional environment variable injection configuration:
"},{"location":"en/admin/insight/quickstart/otel/operator.html#the-operation-steps-are-as-follows","title":"The operation steps are as follows","text":"Select the insight-system namespace, then edit insight-opentelemetry-autoinstrumentation, and add the following content under spec:env:
:
- name: OTEL_SERVICE_NAME\n valueFrom:\n fieldRef:\n fieldPath: metadata.labels['app'] \n
The complete example (for Insight v0.21.x) is as follows:
K8S_CLUSTER_UID=$(kubectl get namespace kube-system -o jsonpath='{.metadata.uid}')\nkubectl apply -f - <<EOF\napiVersion: opentelemetry.io/v1alpha1\nkind: Instrumentation\nmetadata:\n name: insight-opentelemetry-autoinstrumentation\n namespace: insight-system\nspec:\n # https://github.com/open-telemetry/opentelemetry-operator/blob/main/docs/api.md#instrumentationspecresource\n resource:\n addK8sUIDAttributes: true\n env:\n - name: OTEL_EXPORTER_OTLP_ENDPOINT\n value: http://insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317\n - name: OTEL_SERVICE_NAME\n valueFrom:\n fieldRef:\n fieldPath: metadata.labels['app'] \n sampler:\n # Enum: always_on, always_off, traceidratio, parentbased_always_on, parentbased_always_off, parentbased_traceidratio, jaeger_remote, xray\n type: always_on\n java:\n image: ghcr.m.daocloud.io/openinsight-proj/autoinstrumentation-java:1.31.0\n env:\n - name: OTEL_JAVAAGENT_DEBUG\n value: \"false\"\n - name: OTEL_INSTRUMENTATION_JDBC_ENABLED\n value: \"true\"\n - name: SPLUNK_PROFILER_ENABLED\n value: \"false\"\n - name: OTEL_METRICS_EXPORTER\n value: \"prometheus\"\n - name: OTEL_METRICS_EXPORTER_PORT\n value: \"9464\"\n - name: OTEL_K8S_CLUSTER_UID\n value: $K8S_CLUSTER_UID\n nodejs:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-nodejs:0.41.1\n python:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-python:0.40b0\n dotnet:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-dotnet:1.0.0\n go:\n # Must set the default value manually for now.\n # See https://github.com/open-telemetry/opentelemetry-operator/issues/1756 for details.\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-go-instrumentation/autoinstrumentation-go:v0.2.2-alpha\nEOF\n
After the above is ready, you can access traces for the application through annotations (Annotation). Otel currently supports accessing traces through annotations. Depending on the service language, different pod annotations need to be added. Each service can add one of two types of annotations:
Only inject environment variable annotations
There is only one such annotation, which is used to add otel-related environment variables, such as link reporting address, cluster id where the container is located, and namespace (this annotation is very useful when the application does not support automatic probe language)
instrumentation.opentelemetry.io/inject-sdk: \"insight-system/insight-opentelemetry-autoinstrumentation\"\n
The value is divided into two parts by /
, the first value (insight-system) is the namespace of the CR installed in the previous step, and the second value (insight-opentelemetry-autoinstrumentation) is the name of the CR.
Automatic probe injection and environment variable injection annotations
There are currently 4 such annotations, proper to 4 different programming languages: java, nodejs, python, dotnet. After using it, automatic probes and otel default environment variables will be injected into the first container under spec.pod:
Java applicationNodeJs applicationPython applicationDotnet applicationGolang applicationinstrumentation.opentelemetry.io/inject-java: \"insight-system/insight-opentelemetry-autoinstrumentation\"\n
instrumentation.opentelemetry.io/inject-nodejs: \"insight-system/insight-opentelemetry-autoinstrumentation\"\n
instrumentation.opentelemetry.io/inject-python: \"insight-system/insight-opentelemetry-autoinstrumentation\"\n
instrumentation.opentelemetry.io/inject-dotnet: \"insight-system/insight-opentelemetry-autoinstrumentation\"\n
Since Go's automatic detection requires the setting of OTEL_GO_AUTO_TARGET_EXE, you must provide a valid executable path through annotations or Instrumentation resources. Failure to set this value will result in the termination of Go's automatic detection injection, leading to a failure in the connection trace.
instrumentation.opentelemetry.io/inject-go: \"insight-system/insight-opentelemetry-autoinstrumentation\"\ninstrumentation.opentelemetry.io/otel-go-auto-target-exe: \"/path/to/container/executable\"\n
Go's automatic detection also requires elevated permissions. The following permissions are automatically set and are necessary.
securityContext:\n privileged: true\n runAsUser: 0\n
Tip
The OpenTelemetry Operator automatically adds some OTel-related environment variables when injecting probes and also supports overriding these variables. The priority order for overriding these environment variables is as follows:
original container env vars -> language specific env vars -> common env vars -> instrument spec configs' vars\n
However, it is important to avoid manually overriding OTEL_RESOURCE_ATTRIBUTES_NODE_NAME . This variable serves as an identifier within the operator to determine if a pod has already been injected with a probe. Manually adding this variable may prevent the probe from being injected successfully.
"},{"location":"en/admin/insight/quickstart/otel/operator.html#automatic-injection-demo","title":"Automatic injection Demo","text":"Note that the annotation
is added under spec.annotations.
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: my-app\n labels:\n app: my-app\nspec:\n selector:\n matchLabels:\n app: my-app\n replicas: 1\n template:\n metadata:\n labels:\n app: my-app\n annotations:\n instrumentation.opentelemetry.io/inject-java: \"insight-system/insight-opentelemetry-autoinstrumentation\"\n spec:\n containers:\n - name: myapp\n image: jaegertracing/vertx-create-span:operator-e2e-tests\n ports:\n - containerPort: 8080\n protocol: TCP\n
The final generated YAML is as follows:
apiVersion: v1\nkind: Pod\nmetadata:\n name: my-deployment-with-sidecar-565bd877dd-nqkk6\n generateName: my-deployment-with-sidecar-565bd877dd-\n namespace: default\n uid: aa89ca0d-620c-4d20-8bc1-37d67bad4ea4\n resourceVersion: '2668986'\n creationTimestamp: '2022-04-08T05:58:48Z'\n labels:\n app: my-pod-with-sidecar\n pod-template-hash: 565bd877dd\n annotations:\n cni.projectcalico.org/containerID: 234eae5e55ea53db2a4bc2c0384b9a1021ed3908f82a675e4a92a49a7e80dd61\n cni.projectcalico.org/podIP: 192.168.134.133/32\n cni.projectcalico.org/podIPs: 192.168.134.133/32\n instrumentation.opentelemetry.io/inject-java: \"insight-system/insight-opentelemetry-autoinstrumentation\"\nspec:\n volumes:\n - name: kube-api-access-sp2mz\n projected:\n sources:\n - serviceAccountToken:\n expirationSeconds: 3607\n path: token\n - configMap:\n name: kube-root-ca.crt\n items:\n - key: ca.crt\n path: ca.crt\n - downwardAPI:\n items:\n - path: namespace\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n defaultMode: 420\n - name: opentelemetry-auto-instrumentation\n emptyDir: {}\n initContainers:\n - name: opentelemetry-auto-instrumentation\n image: >-\n ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-java\n command:\n - cp\n - /javaagent.jar\n - /otel-auto-instrumentation/javaagent.jar\n resources: {}\n volumeMounts:\n - name: opentelemetry-auto-instrumentation\n mountPath: /otel-auto-instrumentation\n - name: kube-api-access-sp2mz\n readOnly: true\n mountPath: /var/run/secrets/kubernetes.io/serviceaccount\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: Always\n containers:\n - name: myapp\n image: ghcr.io/pavolloffay/spring-petclinic:latest\n env:\n - name: OTEL_JAVAAGENT_DEBUG\n value: 'true'\n - name: OTEL_INSTRUMENTATION_JDBC_ENABLED\n value: 'true'\n - name: SPLUNK_PROFILER_ENABLED\n value: 'false'\n - name: JAVA_TOOL_OPTIONS\n value: ' -javaagent:/otel-auto-instrumentation/javaagent.jar'\n - name: OTEL_TRACES_EXPORTER\n value: otlp\n - name: OTEL_EXPORTER_OTLP_ENDPOINT\n value: http://insight-agent-opentelemetry-collector.svc.cluster.local:4317\n - name: OTEL_EXPORTER_OTLP_TIMEOUT\n value: '20'\n - name: OTEL_TRACES_SAMPLER\n value: parentbased_traceidratio\n - name: OTEL_TRACES_SAMPLER_ARG\n value: '0.85'\n - name: SPLUNK_TRACE_RESPONSE_HEADER_ENABLED\n value: 'true'\n - name: OTEL_SERVICE_NAME\n value: my-deployment-with-sidecar\n - name: OTEL_RESOURCE_ATTRIBUTES_POD_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.name\n - name: OTEL_RESOURCE_ATTRIBUTES_POD_UID\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.uid\n - name: OTEL_RESOURCE_ATTRIBUTES_NODE_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: spec.nodeName\n - name: OTEL_RESOURCE_ATTRIBUTES\n value: >-\n k8s.container.name=myapp,k8s.deployment.name=my-deployment-with-sidecar,k8s.deployment.uid=8de6929d-dda0-436c-bca1-604e9ca7ea4e,k8s.namespace.name=default,k8s.node.name=$(OTEL_RESOURCE_ATTRIBUTES_NODE_NAME),k8s.pod.name=$(OTEL_RESOURCE_ATTRIBUTES_POD_NAME),k8s.pod.uid=$(OTEL_RESOURCE_ATTRIBUTES_POD_UID),k8s.replicaset.name=my-deployment-with-sidecar-565bd877dd,k8s.replicaset.uid=190d5f6e-ba7f-4794-b2e6-390b5879a6c4\n - name: OTEL_PROPAGATORS\n value: jaeger,b3\n resources: {}\n volumeMounts:\n - name: kube-api-access-sp2mz\n readOnly: true\n mountPath: /var/run/secrets/kubernetes.io/serviceaccount\n - name: opentelemetry-auto-instrumentation\n mountPath: /otel-auto-instrumentation\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: Always\n restartPolicy: Always\n terminationGracePeriodSeconds: 30\n dnsPolicy: ClusterFirst\n serviceAccountName: default\n serviceAccount: default\n nodeName: k8s-master3\n securityContext:\n runAsUser: 1000\n runAsGroup: 3000\n fsGroup: 2000\n schedulerName: default-scheduler\n tolerations:\n - key: node.kubernetes.io/not-ready\n operator: Exists\n effect: NoExecute\n tolerationSeconds: 300\n - key: node.kubernetes.io/unreachable\n operator: Exists\n effect: NoExecute\n tolerationSeconds: 300\n priority: 0\n enableServiceLinks: true\n preemptionPolicy: PreemptLowerPriority\n
"},{"location":"en/admin/insight/quickstart/otel/operator.html#trace-query","title":"Trace query","text":"How to query the connected services, refer to Trace Query.
"},{"location":"en/admin/insight/quickstart/otel/otel.html","title":"Use OTel to provide the application observability","text":"Enhancement is the process of enabling application code to generate telemetry data. i.e. something that helps you monitor or measure the performance and status of your application.
OpenTelemetry is a leading open source project providing instrumentation libraries for major programming languages \u200b\u200band popular frameworks. It is a project under the Cloud Native Computing Foundation and is supported by the vast resources of the community. It provides a standardized data format for collected data without the need to integrate specific vendors.
Insight supports OpenTelemetry for application instrumentation to enhance your applications.
This guide introduces the basic concepts of telemetry enhancement using OpenTelemetry. OpenTelemetry also has an ecosystem of libraries, plugins, integrations, and other useful tools to extend it. You can find these resources at the OTel Registry.
You can use any open standard library for telemetry enhancement and use Insight as an observability backend to ingest, analyze, and visualize data.
To enhance your code, you can use the enhanced operations provided by OpenTelemetry for specific languages:
Insight currently provides an easy way to enhance .Net NodeJS, Java, Python and Golang applications with OpenTelemetry. Please follow the guidelines below.
"},{"location":"en/admin/insight/quickstart/otel/otel.html#trace-enhancement","title":"Trace Enhancement","text":"This document describes how customers can send trace data to Insight on their own. It mainly includes the following two scenarios:
In each cluster where Insight Agent is installed, there is an insight-agent-otel-col component that is used to receive trace data from that cluster. Therefore, this component serves as the entry point for user access and needs to obtain its address first. You can get the address of the Opentelemetry Collector in the cluster through the AI platform interface, such as insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317 :
In addition, there are some slight differences for different reporting methods:
"},{"location":"en/admin/insight/quickstart/otel/send_tracing_to_insight.html#customer-apps-report-traces-to-insight-through-otel-agentsdk","title":"Customer apps report traces to Insight through OTEL Agent/SDK","text":"To successfully report trace data to Insight and display it properly, it is recommended to provide the required metadata (Resource Attributes) for OTLP through the following environment variables. There are two ways to achieve this:
Manually add them to the deployment YAML file, for example:
...\n- name: OTEL_EXPORTER_OTLP_ENDPOINT\n value: \"http://insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317\"\n- name: \"OTEL_SERVICE_NAME\"\n value: my-java-app-name\n- name: \"OTEL_K8S_NAMESPACE\"\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n- name: OTEL_RESOURCE_ATTRIBUTES_NODE_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: spec.nodeName\n- name: OTEL_RESOURCE_ATTRIBUTES_POD_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.name\n- name: OTEL_RESOURCE_ATTRIBUTES\n value: \"k8s.namespace.name=$(OTEL_K8S_NAMESPACE),k8s.node.name=$(OTEL_RESOURCE_ATTRIBUTES_NODE_NAME),k8s.pod.name=$(OTEL_RESOURCE_ATTRIBUTES_POD_NAME)\"\n
Use the automatic injection capability of Insight Agent to inject the metadata (Resource Attributes)
Ensure that Insight Agent is working properly and after installing the Instrumentation CR, you only need to add the following annotation to the Pod:
instrumentation.opentelemetry.io/inject-sdk: \"insight-system/insight-opentelemetry-autoinstrumentation\"\n
For example:
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: my-deployment-with-aotu-instrumentation\nspec:\n selector:\n matchLabels:\n app.kubernetes.io/name: my-deployment-with-aotu-instrumentation-kuberntes\n replicas: 1\n template:\n metadata:\n labels:\n app.kubernetes.io/name: my-deployment-with-aotu-instrumentation-kuberntes\n annotations:\n sidecar.opentelemetry.io/inject: \"false\"\n instrumentation.opentelemetry.io/inject-sdk: \"insight-system/insight-opentelemetry-autoinstrumentation\"\n
After ensuring that the application has added the metadata mentioned above, you only need to add an OTLP Exporter in your customer's Opentelemetry Collector to forward the trace data to Insight Agent Opentelemetry Collector. Below is an example Opentelemetry Collector configuration file:
...\nexporters:\n otlp/insight:\n endpoint: insight-opentelemetry-collector.insight-system.svc.cluster.local:4317\nservice:\n...\npipelines:\n...\ntraces:\n exporters:\n - otlp/insight\n
"},{"location":"en/admin/insight/quickstart/otel/send_tracing_to_insight.html#references","title":"References","text":"This page contains instructions on how to set up OpenTelemetry enhancements in a Go application.
OpenTelemetry, also known simply as OTel, is an open-source observability framework that helps generate and collect telemetry data: traces, metrics, and logs in Go apps.
"},{"location":"en/admin/insight/quickstart/otel/golang/golang.html#enhance-go-apps-with-the-opentelemetry-sdk","title":"Enhance Go apps with the OpenTelemetry SDK","text":""},{"location":"en/admin/insight/quickstart/otel/golang/golang.html#install-related-dependencies","title":"Install related dependencies","text":"Dependencies related to the OpenTelemetry exporter and SDK must be installed first. If you are using another request router, please refer to request routing. After switching/going into the application source folder run the following command:
go get go.opentelemetry.io/otel@v1.8.0 \\\n go.opentelemetry.io/otel/trace@v1.8.0 \\\n go.opentelemetry.io/otel/sdk@v1.8.0 \\\n go.opentelemetry.io/contrib/instrumentation/github.com/gin-gonic/gin/otelgin@v0.33.0 \\\n go.opentelemetry.io/otel/exporters/otlp/otlptrace@v1.7.0 \\\n go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@v1.4.1\n
"},{"location":"en/admin/insight/quickstart/otel/golang/golang.html#create-an-initialization-feature-using-the-opentelemetry-sdk","title":"Create an initialization feature using the OpenTelemetry SDK","text":"In order for an application to be able to send data, a feature is required to initialize OpenTelemetry. Add the following code snippet to the main.go file:
import (\n \"context\"\n \"os\"\n \"time\"\n\n \"go.opentelemetry.io/otel\"\n \"go.opentelemetry.io/otel/exporters/otlp/otlptrace\"\n \"go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc\"\n \"go.opentelemetry.io/otel/propagation\"\n \"go.opentelemetry.io/otel/sdk/resource\"\n sdktrace \"go.opentelemetry.io/otel/sdk/trace\"\n semconv \"go.opentelemetry.io/otel/semconv/v1.7.0\"\n \"go.uber.org/zap\"\n \"google.golang.org/grpc\"\n)\n\nvar tracerExp *otlptrace.Exporter\n\nfunc retryInitTracer() func() {\n var shutdown func()\n go func() {\n for {\n // otel will reconnected and re-send spans when otel col recover. so, we don't need to re-init tracer exporter.\n if tracerExp == nil {\n shutdown = initTracer()\n } else {\n break\n }\n time.Sleep(time.Minute * 5)\n }\n }()\n return shutdown\n}\n\nfunc initTracer() func() {\n // temporarily set timeout to 10s\n ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)\n defer cancel()\n\n serviceName, ok := os.LookupEnv(\"OTEL_SERVICE_NAME\")\n if !ok {\n serviceName = \"server_name\"\n os.Setenv(\"OTEL_SERVICE_NAME\", serviceName)\n }\n otelAgentAddr, ok := os.LookupEnv(\"OTEL_EXPORTER_OTLP_ENDPOINT\")\n if !ok {\n otelAgentAddr = \"http://localhost:4317\"\n os.Setenv(\"OTEL_EXPORTER_OTLP_ENDPOINT\", otelAgentAddr)\n }\n zap.S().Infof(\"OTLP Trace connect to: %s with service name: %s\", otelAgentAddr, serviceName)\n\n traceExporter, err := otlptracegrpc.New(ctx, otlptracegrpc.WithInsecure(), otlptracegrpc.WithDialOption(grpc.WithBlock()))\n if err != nil {\n handleErr(err, \"OTLP Trace gRPC Creation\")\n return nil\n }\n\n tracerProvider := sdktrace.NewTracerProvider(\n sdktrace.WithBatcher(traceExporter),\n sdktrace.WithSampler(sdktrace.AlwaysSample()),\n sdktrace.WithResource(resource.NewWithAttributes(semconv.SchemaURL)))\n\n otel.SetTracerProvider(tracerProvider)\n otel.SetTextMapPropagator(propagation.NewCompositeTextMapPropagator(propagation.TraceContext{}, propagation.Baggage{}))\n\n tracerExp = traceExporter\n return func() {\n // Shutdown will flush any remaining spans and shut down the exporter.\n handleErr(tracerProvider.Shutdown(ctx), \"failed to shutdown TracerProvider\")\n }\n}\n\nfunc handleErr(err error, message string) {\n if err != nil {\n zap.S().Errorf(\"%s: %v\", message, err)\n }\n}\n
"},{"location":"en/admin/insight/quickstart/otel/golang/golang.html#initialize-tracker-in-maingo","title":"Initialize tracker in main.go","text":"Modify the main feature to initialize the tracker in main.go. Also when your service shuts down, you should call TracerProvider.Shutdown() to ensure all spans are exported. The service makes the call as a deferred feature in the main function:
func main() {\n // start otel tracing\n if shutdown := retryInitTracer(); shutdown != nil {\n defer shutdown()\n }\n ......\n}\n
"},{"location":"en/admin/insight/quickstart/otel/golang/golang.html#add-opentelemetry-gin-middleware-to-the-application","title":"Add OpenTelemetry Gin middleware to the application","text":"Configure Gin to use the middleware by adding the following line to main.go :
import (\n ....\n \"go.opentelemetry.io/contrib/instrumentation/github.com/gin-gonic/gin/otelgin\"\n)\n\nfunc main() {\n ......\n r := gin.Default()\n r.Use(otelgin.Middleware(\"my-app\"))\n ......\n}\n
"},{"location":"en/admin/insight/quickstart/otel/golang/golang.html#run-the-application","title":"Run the application","text":"Local debugging and running
Note: This step is only used for local development and debugging. In the production environment, the Operator will automatically complete the injection of the following environment variables.
The above steps have completed the work of initializing the SDK. Now if you need to develop and debug locally, you need to obtain the address of insight-agent-opentelemerty-collector in the insight-system namespace in advance, assuming: insight-agent-opentelemetry-collector .insight-system.svc.cluster.local:4317 .
Therefore, you can add the following environment variables when you start the application locally:
OTEL_SERVICE_NAME=my-golang-app OTEL_EXPORTER_OTLP_ENDPOINT=http://insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317 go run main.go...\n
Running in a production environment
Please refer to the introduction of Only injecting environment variable annotations in Achieving non-intrusive enhancement of applications through Operators to add annotations to deployment yaml:
instrumentation.opentelemetry.io/inject-sdk: \"insight-system/insight-opentelemetry-autoinstrumentation\"\n
If you cannot use annotations, you can manually add the following environment variables to the deployment yaml:
\u00b7\u00b7\u00b7\u00b7\u00b7\u00b7\nenv:\n - name: OTEL_EXPORTER_OTLP_ENDPOINT\n value: 'http://insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317'\n - name: OTEL_SERVICE_NAME\n value: \"your depolyment name\" # modify it.\n - name: OTEL_K8S_NAMESPACE\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n - name: OTEL_RESOURCE_ATTRIBUTES_NODE_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: spec.nodeName\n - name: OTEL_RESOURCE_ATTRIBUTES_POD_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.name\n - name: OTEL_RESOURCE_ATTRIBUTES\n value: 'k8s.namespace.name=$(OTEL_K8S_NAMESPACE),k8s.node.name=$(OTEL_RESOURCE_ATTRIBUTES_NODE_NAME),k8s.pod.name=$(OTEL_RESOURCE_ATTRIBUTES_POD_NAME)'\n\u00b7\u00b7\u00b7\u00b7\u00b7\u00b7\n
"},{"location":"en/admin/insight/quickstart/otel/golang/golang.html#request-routing","title":"Request Routing","text":""},{"location":"en/admin/insight/quickstart/otel/golang/golang.html#opentelemetry-gingonic-enhancements","title":"OpenTelemetry gin/gonic enhancements","text":"# Add one line to your import() stanza depending upon your request router:\nmiddleware \"go.opentelemetry.io/contrib/instrumentation/github.com/gin-gonic/gin/otelgin\"\n
Then inject the OpenTelemetry middleware:
router. Use(middleware. Middleware(\"my-app\"))\n
"},{"location":"en/admin/insight/quickstart/otel/golang/golang.html#opentelemetry-gorillamux-enhancements","title":"OpenTelemetry gorillamux enhancements","text":"# Add one line to your import() stanza depending upon your request router:\nmiddleware \"go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux\"\n
Then inject the OpenTelemetry middleware:
router. Use(middleware. Middleware(\"my-app\"))\n
"},{"location":"en/admin/insight/quickstart/otel/golang/golang.html#grpc-enhancements","title":"gRPC enhancements","text":"Likewise, OpenTelemetry can help you auto-detect gRPC requests. To detect any gRPC server you have, add the interceptor to the server's instantiation.
import (\n grpcotel \"go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc\"\n)\nfunc main() {\n [...]\n\n s := grpc.NewServer(\n grpc.UnaryInterceptor(grpcotel.UnaryServerInterceptor()),\n grpc.StreamInterceptor(grpcotel.StreamServerInterceptor()),\n )\n}\n
It should be noted that if your program uses Grpc Client to call third-party services, you also need to add an interceptor to Grpc Client:
[...]\n\n conn, err := grpc.Dial(addr, grpc.WithTransportCredentials(insecure.NewCredentials()),\n grpc.WithUnaryInterceptor(otelgrpc.UnaryClientInterceptor()),\n grpc.WithStreamInterceptor(otelgrpc.StreamClientInterceptor()),\n )\n
"},{"location":"en/admin/insight/quickstart/otel/golang/golang.html#if-not-using-request-routing","title":"If not using request routing","text":"import (\n \"go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp\"\n)\n
Everywhere you pass http.Handler to ServeMux you will wrap the handler function. For example, the following replacements would be made:
- mux.Handle(\"/path\", h)\n+ mux.Handle(\"/path\", otelhttp.NewHandler(h, \"description of path\"))\n---\n- mux.Handle(\"/path\", http.HandlerFunc(f))\n+ mux.Handle(\"/path\", otelhttp.NewHandler(http.HandlerFunc(f), \"description of path\"))\n
In this way, you can ensure that each feature wrapped with othttp will automatically collect its metadata and start the proper trace.
"},{"location":"en/admin/insight/quickstart/otel/golang/golang.html#database-enhancements","title":"database enhancements","text":""},{"location":"en/admin/insight/quickstart/otel/golang/golang.html#golang-gorm","title":"Golang Gorm","text":"The OpenTelemetry community has also developed middleware for database access libraries, such as Gorm:
import (\n \"github.com/uptrace/opentelemetry-go-extra/otelgorm\"\n \"gorm.io/driver/sqlite\"\n \"gorm.io/gorm\"\n)\n\ndb, err := gorm.Open(sqlite.Open(\"file::memory:?cache=shared\"), &gorm.Config{})\nif err != nil {\n panic(err)\n}\n\notelPlugin := otelgorm.NewPlugin(otelgorm.WithDBName(\"mydb\"), # Missing this can lead to incomplete display of database related topology\n otelgorm.WithAttributes(semconv.ServerAddress(\"memory\"))) # Missing this can lead to incomplete display of database related topology\nif err := db.Use(otelPlugin); err != nil {\n panic(err)\n}\n
"},{"location":"en/admin/insight/quickstart/otel/golang/golang.html#custom-span","title":"Custom Span","text":"In many cases, the middleware provided by OpenTelemetry cannot help us record more internally called features, and we need to customize Span to record
\u00b7\u00b7\u00b7\u00b7\u00b7\u00b7\n _, span := otel.Tracer(\"GetServiceDetail\").Start(ctx,\n \"spanMetricDao.GetServiceDetail\",\n trace.WithSpanKind(trace.SpanKindInternal))\n defer span.End()\n \u00b7\u00b7\u00b7\u00b7\u00b7\u00b7\n
"},{"location":"en/admin/insight/quickstart/otel/golang/golang.html#add-custom-properties-and-custom-events-to-span","title":"Add custom properties and custom events to span","text":"It is also possible to set a custom attribute or tag as a span. To add custom properties and events, follow these steps:
"},{"location":"en/admin/insight/quickstart/otel/golang/golang.html#import-tracking-and-property-libraries","title":"Import Tracking and Property Libraries","text":"import (\n ...\n \"go.opentelemetry.io/otel/attribute\"\n \"go.opentelemetry.io/otel/trace\"\n)\n
"},{"location":"en/admin/insight/quickstart/otel/golang/golang.html#get-the-current-span-from-the-context","title":"Get the current Span from the context","text":"span := trace.SpanFromContext(c.Request.Context())\n
"},{"location":"en/admin/insight/quickstart/otel/golang/golang.html#set-properties-in-the-current-span","title":"Set properties in the current Span","text":"span.SetAttributes(attribute. String(\"controller\", \"books\"))\n
"},{"location":"en/admin/insight/quickstart/otel/golang/golang.html#add-an-event-to-the-current-span","title":"Add an Event to the current Span","text":"Adding span events is done using AddEvent on the span object.
span.AddEvent(msg)\n
"},{"location":"en/admin/insight/quickstart/otel/golang/golang.html#log-errors-and-exceptions","title":"Log errors and exceptions","text":"import \"go.opentelemetry.io/otel/codes\"\n\n// Get the current span\nspan := trace.SpanFromContext(ctx)\n\n// RecordError will automatically convert an error into a span even\nspan.RecordError(err)\n\n// Flag this span as an error\nspan.SetStatus(codes.Error, \"internal error\")\n
"},{"location":"en/admin/insight/quickstart/otel/golang/golang.html#references","title":"References","text":"For the Demo presentation, please refer to:
This article is intended for users who wish to evaluate or explore the developing OTLP metrics.
The OpenTelemetry project requires that APIs and SDKs must emit data in the OpenTelemetry Protocol (OTLP) for supported languages.
"},{"location":"en/admin/insight/quickstart/otel/golang/meter.html#for-golang-applications","title":"For Golang Applications","text":"Golang can expose runtime metrics through the SDK by adding the following methods to enable the metrics exporter within the application:
"},{"location":"en/admin/insight/quickstart/otel/golang/meter.html#install-required-dependencies","title":"Install Required Dependencies","text":"Navigate to your application\u2019s source folder and run the following command:
go get go.opentelemetry.io/otel \\\n go.opentelemetry.io/otel/attribute \\\n go.opentelemetry.io/otel/exporters/prometheus \\\n go.opentelemetry.io/otel/metric/global \\\n go.opentelemetry.io/otel/metric/instrument \\\n go.opentelemetry.io/otel/sdk/metric\n
"},{"location":"en/admin/insight/quickstart/otel/golang/meter.html#create-an-initialization-function-using-otel-sdk","title":"Create an Initialization Function Using OTel SDK","text":"import (\n .....\n\n \"go.opentelemetry.io/otel/attribute\"\n otelPrometheus \"go.opentelemetry.io/otel/exporters/prometheus\"\n \"go.opentelemetry.io/otel/metric/global\"\n \"go.opentelemetry.io/otel/metric/instrument\"\n \"go.opentelemetry.io/otel/sdk/metric/aggregator/histogram\"\n controller \"go.opentelemetry.io/otel/sdk/metric/controller/basic\"\n \"go.opentelemetry.io/otel/sdk/metric/export/aggregation\"\n processor \"go.opentelemetry.io/otel/sdk/metric/processor/basic\"\n selector \"go.opentelemetry.io/otel/sdk/metric/selector/simple\"\n)\n\nfunc (s *insightServer) initMeter() *otelPrometheus.Exporter {\n s.meter = global.Meter(\"xxx\")\n\n config := otelPrometheus.Config{\n DefaultHistogramBoundaries: []float64{1, 2, 5, 10, 20, 50},\n Gatherer: prometheus.DefaultGatherer,\n Registry: prometheus.NewRegistry(),\n Registerer: prometheus.DefaultRegisterer,\n }\n\n c := controller.New(\n processor.NewFactory(\n selector.NewWithHistogramDistribution(\n histogram.WithExplicitBoundaries(config.DefaultHistogramBoundaries),\n ),\n aggregation.CumulativeTemporalitySelector(),\n processor.WithMemory(true),\n ),\n )\n\n exporter, err := otelPrometheus.New(config, c)\n if err != nil {\n zap.S().Panicf(\"failed to initialize prometheus exporter %v\", err)\n }\n\n global.SetMeterProvider(exporter.MeterProvider())\n\n http.HandleFunc(\"/metrics\", exporter.ServeHTTP)\n\n go func() {\n _ = http.ListenAndServe(fmt.Sprintf(\":%d\", 8888), nil)\n }()\n\n zap.S().Info(\"Prometheus server running on \", fmt.Sprintf(\":%d\", port))\n return exporter\n}\n
The above method will expose a metrics endpoint for your application at: http://localhost:8888/metrics
.
Next, initialize it in main.go
:
func main() {\n // ...\n tp := initMeter()\n // ...\n}\n
If you want to add custom metrics, you can refer to the following:
// exposeClusterMetric exposes a metric like \"insight_logging_count{} 1\"\nfunc (s *insightServer) exposeLoggingMetric(lserver *log.LogService) {\n s.meter = global.Meter(\"insight.io/basic\")\n\n var lock sync.Mutex\n logCounter, err := s.meter.AsyncFloat64().Counter(\"insight_log_total\")\n if err != nil {\n zap.S().Panicf(\"failed to initialize instrument: %v\", err)\n }\n\n _ = s.meter.RegisterCallback([]instrument.Asynchronous{logCounter}, func(ctx context.Context) {\n lock.Lock()\n defer lock.Unlock()\n count, err := lserver.Count(ctx)\n if err == nil || count != -1 {\n logCounter.Observe(ctx, float64(count))\n }\n })\n}\n
Then, call this method in main.go
:
// ...\ns.exposeLoggingMetric(lservice)\n// ...\n
You can check if your metrics are working correctly by visiting http://localhost:8888/metrics
.
For Java applications, you can directly expose JVM-related metrics by using the OpenTelemetry agent with the following environment variable:
OTEL_METRICS_EXPORTER=prometheus\n
You can then check your metrics at http://localhost:8888/metrics
.
Next, combine it with a Prometheus ServiceMonitor
to complete the metrics integration. If you want to expose custom metrics, please refer to opentelemetry-java-docs/prometheus.
The process is mainly divided into two steps:
/*\n * Copyright The OpenTelemetry Authors\n * SPDX-License-Identifier: Apache-2.0\n */\n\npackage io.opentelemetry.example.prometheus;\n\nimport io.opentelemetry.api.metrics.MeterProvider;\nimport io.opentelemetry.exporter.prometheus.PrometheusHttpServer;\nimport io.opentelemetry.sdk.metrics.SdkMeterProvider;\nimport io.opentelemetry.sdk.metrics.export.MetricReader;\n\npublic final class ExampleConfiguration {\n\n /**\n * Initializes the Meter SDK and configures the Prometheus collector with all default settings.\n *\n * @param prometheusPort the port to open up for scraping.\n * @return A MeterProvider for use in instrumentation.\n */\n static MeterProvider initializeOpenTelemetry(int prometheusPort) {\n MetricReader prometheusReader = PrometheusHttpServer.builder().setPort(prometheusPort).build();\n\n return SdkMeterProvider.builder().registerMetricReader(prometheusReader).build();\n }\n}\n
package io.opentelemetry.example.prometheus;\n\nimport io.opentelemetry.api.common.Attributes;\nimport io.opentelemetry.api.metrics.Meter;\nimport io.opentelemetry.api.metrics.MeterProvider;\nimport java.util.concurrent.ThreadLocalRandom;\n\n/**\n * Example of using the PrometheusHttpServer to convert OTel metrics to Prometheus format and expose\n * these to a Prometheus instance via a HttpServer exporter.\n *\n * <p>A Gauge is used to periodically measure how many incoming messages are awaiting processing.\n * The Gauge callback gets executed every collection interval.\n */\npublic final class PrometheusExample {\n private long incomingMessageCount;\n\n public PrometheusExample(MeterProvider meterProvider) {\n Meter meter = meterProvider.get(\"PrometheusExample\");\n meter\n .gaugeBuilder(\"incoming.messages\")\n .setDescription(\"No of incoming messages awaiting processing\")\n .setUnit(\"message\")\n .buildWithCallback(result -> result.record(incomingMessageCount, Attributes.empty()));\n }\n\n void simulate() {\n for (int i = 500; i > 0; i--) {\n try {\n System.out.println(\n i + \" Iterations to go, current incomingMessageCount is: \" + incomingMessageCount);\n incomingMessageCount = ThreadLocalRandom.current().nextLong(100);\n Thread.sleep(1000);\n } catch (InterruptedException e) {\n // ignored here\n }\n }\n }\n\n public static void main(String[] args) {\n int prometheusPort = 8888;\n\n // It is important to initialize the OpenTelemetry SDK as early as possible in your process.\n MeterProvider meterProvider = ExampleConfiguration.initializeOpenTelemetry(prometheusPort);\n\n PrometheusExample prometheusExample = new PrometheusExample(meterProvider);\n\n prometheusExample.simulate();\n\n System.out.println(\"Exiting\");\n }\n}\n
After running the Java application, you can check if your metrics are working correctly by visiting http://localhost:8888/metrics
.
Lastly, it is important to note that you have exposed metrics in your application, and now you need Insight to collect those metrics.
The recommended way to expose metrics is via ServiceMonitor or PodMonitor.
"},{"location":"en/admin/insight/quickstart/otel/golang/meter.html#creating-servicemonitorpodmonitor","title":"Creating ServiceMonitor/PodMonitor","text":"The added ServiceMonitor/PodMonitor needs to have the label operator.insight.io/managed-by: insight
for the Operator to recognize it:
apiVersion: monitoring.coreos.com/v1\nkind: ServiceMonitor\nmetadata:\n name: example-app\n labels:\n operator.insight.io/managed-by: insight\nspec:\n selector:\n matchLabels:\n app: example-app\n endpoints:\n - port: web\n namespaceSelector:\n any: true\n
"},{"location":"en/admin/insight/quickstart/otel/java/index.html","title":"Start Monitoring Java Applications","text":"For accessing and monitoring Java application links, please refer to the document Implementing Non-Intrusive Enhancements for Applications via Operator, which explains how to automatically integrate links through annotations.
Monitoring the JVM of Java applications: How Java applications that have already exposed JVM metrics and those that have not yet exposed JVM metrics can connect with observability Insight.
If your Java application has not yet started exposing JVM metrics, you can refer to the following documents:
If your Java application has already exposed JVM metrics, you can refer to the following document:
Writing TraceId and SpanId into Java Application Logs to correlate link data with log data.
This article explains how to automatically write TraceId and SpanId into Java application logs using OpenTelemetry. By including TraceId and SpanId in your logs, you can correlate distributed tracing data with log data, enabling more efficient fault diagnosis and performance analysis.
"},{"location":"en/admin/insight/quickstart/otel/java/mdc.html#supported-logging-libraries","title":"Supported Logging Libraries","text":"For more information, please refer to the Logger MDC auto-instrumentation.
Logging Framework Supported Automatic Instrumentation Versions Dependencies Required for Manual Instrumentation Log4j 1 1.2+ None Log4j 2 2.7+ opentelemetry-log4j-context-data-2.17-autoconfigure Logback 1.0+ opentelemetry-logback-mdc-1.0"},{"location":"en/admin/insight/quickstart/otel/java/mdc.html#using-logback-spring-boot-project","title":"Using Logback (Spring Boot Project)","text":"Spring Boot projects come with a built-in logging framework and use Logback as the default logging implementation. If your Java project is a Spring Boot project, you can write TraceId into logs with minimal configuration.
Set logging.pattern.level
in application.properties
, adding %mdc{trace_id}
and %mdc{span_id}
to the logs.
logging.pattern.level=trace_id=%mdc{trace_id} span_id=%mdc{span_id} %5p ....omited...\n
Here is an example of the logs:
2024-06-26 10:56:31.200 trace_id=8f7ebd8a73f9a8f50e6a00a87a20952a span_id=1b08f18b8858bb9a INFO 53724 --- [nio-8081-exec-1] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring DispatcherServlet 'dispatcherServlet'\n2024-06-26 10:56:31.201 trace_id=8f7ebd8a73f9a8f50e6a00a87a20952a span_id=1b08f18b8858bb9a INFO 53724 --- [nio-8081-exec-1] o.s.web.servlet.DispatcherServlet : Initializing Servlet 'dispatcherServlet'\n2024-06-26 10:56:31.209 trace_id=8f7ebd8a73f9a8f50e6a00a87a20952a span_id=1b08f18b8858bb9a INFO 53724 --- [nio-8081-exec-1] o.s.web.servlet.DispatcherServlet : Completed initialization in 8 ms\n2024-06-26 10:56:31.296 trace_id=8f7ebd8a73f9a8f50e6a00a87a20952a span_id=5743699405074f4e INFO 53724 --- [nio-8081-exec-1] com.example.httpserver.ot.OTServer : hello world\n
"},{"location":"en/admin/insight/quickstart/otel/java/mdc.html#using-log4j2","title":"Using Log4j2","text":"Add OpenTelemetry Log4j2
dependency in pom.xml
:
Tip
Please replace OPENTELEMETRY_VERSION
with the latest version.
<dependencies>\n <dependency>\n <groupId>io.opentelemetry.instrumentation</groupId>\n <artifactId>opentelemetry-log4j-context-data-2.17-autoconfigure</artifactId>\n <version>OPENTELEMETRY_VERSION</version>\n <scope>runtime</scope>\n </dependency>\n</dependencies>\n
Modify the log4j2.xml
configuration, adding %X{trace_id}
and %X{span_id}
in the pattern
to automatically write TraceId and SpanId into the logs:
<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<Configuration>\n <Appenders>\n <Console name=\"Console\" target=\"SYSTEM_OUT\">\n <PatternLayout\n pattern=\"%d{HH:mm:ss.SSS} [%t] %-5level %logger{36} trace_id=%X{trace_id} span_id=%X{span_id} trace_flags=%X{trace_flags} - %msg%n\"/>\n </Console>\n </Appenders>\n <Loggers>\n <Root>\n <AppenderRef ref=\"Console\" level=\"All\"/>\n </Root>\n </Loggers>\n</Configuration>\n
If using Logback, add OpenTelemetry Logback
dependency in pom.xml
.
Tip
Please replace OPENTELEMETRY_VERSION
with the latest version.
<dependencies>\n <dependency>\n <groupId>io.opentelemetry.instrumentation</groupId>\n <artifactId>opentelemetry-logback-mdc-1.0</artifactId>\n <version>OPENTELEMETRY_VERSION</version>\n </dependency>\n</dependencies>\n
Modify the log4j2.xml
configuration, adding %X{trace_id}
and %X{span_id}
in the pattern
to automatically write TraceId and SpanId into the logs:
<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<configuration>\n <appender name=\"CONSOLE\" class=\"ch.qos.logback.core.ConsoleAppender\">\n <encoder>\n <pattern>%d{HH:mm:ss.SSS} trace_id=%X{trace_id} span_id=%X{span_id} trace_flags=%X{trace_flags} %msg%n</pattern>\n </encoder>\n </appender>\n\n <!-- Just wrap your logging appender, for example ConsoleAppender, with OpenTelemetryAppender -->\n <appender name=\"OTEL\" class=\"io.opentelemetry.instrumentation.logback.mdc.v1_0.OpenTelemetryAppender\">\n <appender-ref ref=\"CONSOLE\"/>\n </appender>\n\n <!-- Use the wrapped \"OTEL\" appender instead of the original \"CONSOLE\" one -->\n <root level=\"INFO\">\n <appender-ref ref=\"OTEL\"/>\n </root>\n\n</configuration>\n
JMX Exporter provides two usage methods:
Note
The official recommendation is not to use the first method due to its complex configuration and the requirement for a separate process, which introduces additional monitoring challenges. Therefore, this article focuses on the second method, detailing how to use JMX Exporter to expose JVM monitoring metrics in a Kubernetes environment.
In this method, you need to specify the JMX Exporter jar file and configuration file when starting the JVM. Since the jar file is a binary file that is not ideal for mounting via a configmap, and the configuration file typically does not require modifications, it is recommended to package both the JMX Exporter jar file and the configuration file directly into the business container image.
For the second method, you can choose to include the JMX Exporter jar file in the application image or mount it during deployment. Below are explanations for both approaches:
"},{"location":"en/admin/insight/quickstart/otel/java/jvm-monitor/jmx-exporter.html#method-1-building-jmx-exporter-jar-file-into-the-business-image","title":"Method 1: Building JMX Exporter JAR File into the Business Image","text":"The content of prometheus-jmx-config.yaml
is as follows:
...\nssl: false\nlowercaseOutputName: false\nlowercaseOutputLabelNames: false\nrules:\n- pattern: \".*\"\n
Note
For more configuration options, please refer to the introduction at the bottom or Prometheus official documentation.
Next, prepare the jar file. You can find the latest jar download link on the jmx_exporter GitHub page and refer to the following Dockerfile:
FROM openjdk:11.0.15-jre\nWORKDIR /app/\nCOPY target/my-app.jar ./\nCOPY prometheus-jmx-config.yaml ./\nRUN set -ex; \\\n curl -L -O https://repo1.maven.org/maven2/io/prometheus/jmx/jmx_prometheus_javaagent/0.17.2/jmx_prometheus_javaagent-0.17.2.jar;\nENV JAVA_TOOL_OPTIONS=-javaagent:/app/jmx_prometheus_javaagent-0.17.2.jar=8088:/app/prometheus-jmx-config.yaml\nEXPOSE 8081 8999 8080 8888\nENTRYPOINT java $JAVA_OPTS -jar my-app.jar\n
Note:
-javaagent:=:
First, we need to create a Docker image for the JMX Exporter. The following Dockerfile is for reference:
FROM alpine/curl:3.14\nWORKDIR /app/\n# Copy the previously created config file into the image\nCOPY prometheus-jmx-config.yaml ./\n# Download the jmx prometheus javaagent jar online\nRUN set -ex; \\\n curl -L -O https://repo1.maven.org/maven2/io/prometheus/jmx/jmx_prometheus_javaagent/0.17.2/jmx_prometheus_javaagent-0.17.2.jar;\n
Build the image using the above Dockerfile: docker build -t my-jmx-exporter .
Add the following init container to the Java application deployment YAML:
Click to expand YAML fileapiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: my-demo-app\n labels:\n app: my-demo-app\nspec:\n selector:\n matchLabels:\n app: my-demo-app\n template:\n metadata:\n labels:\n app: my-demo-app\n spec:\n imagePullSecrets:\n - name: registry-pull\n initContainers:\n - name: jmx-sidecar\n image: my-jmx-exporter\n command: [\"cp\", \"-r\", \"/app/jmx_prometheus_javaagent-0.17.2.jar\", \"/target/jmx_prometheus_javaagent-0.17.2.jar\"] \u278a\n volumeMounts:\n - name: sidecar\n mountPath: /target\n containers:\n - image: my-demo-app-image\n name: my-demo-app\n resources:\n requests:\n memory: \"1000Mi\"\n cpu: \"500m\"\n limits:\n memory: \"1000Mi\"\n cpu: \"500m\"\n ports:\n - containerPort: 18083\n env:\n - name: JAVA_TOOL_OPTIONS\n value: \"-javaagent:/app/jmx_prometheus_javaagent-0.17.2.jar=8088:/app/prometheus-jmx-config.yaml\" \u278b\n volumeMounts:\n - name: host-time\n mountPath: /etc/localtime\n readOnly: true\n - name: sidecar\n mountPath: /sidecar\n volumes:\n - name: host-time\n hostPath:\n path: /etc/localtime\n - name: sidecar # Shared agent folder\n emptyDir: {}\n restartPolicy: Always\n
With the above modifications, the example application my-demo-app
now has the capability to expose JVM metrics. After running the service, you can access the Prometheus formatted metrics at http://localhost:8088
.
Next, you can refer to Connecting Existing JVM Metrics of Java Applications to Observability.
"},{"location":"en/admin/insight/quickstart/otel/java/jvm-monitor/legacy-jvm.html","title":"Integrating Existing JVM Metrics of Java Applications with Observability","text":"If your Java application exposes JVM monitoring metrics through other means (such as Spring Boot Actuator), you will need to ensure that the monitoring data is collected. You can achieve this by adding annotations (Kubernetes Annotations) to your workload to allow Insight to scrape the existing JVM metrics:
annotations: \n insight.opentelemetry.io/metric-scrape: \"true\" # Whether to scrape\n insight.opentelemetry.io/metric-path: \"/\" # Path to scrape metrics\n insight.opentelemetry.io/metric-port: \"9464\" # Port to scrape metrics\n
For example, to add annotations to the my-deployment-app:
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: my-deployment-app\nspec:\n selector:\n matchLabels:\n app: my-deployment-app\n app.kubernetes.io/name: my-deployment-app\n replicas: 1\n template:\n metadata:\n labels:\n app: my-deployment-app\n app.kubernetes.io/name: my-deployment-app\n annotations:\n insight.opentelemetry.io/metric-scrape: \"true\" # Whether to scrape\n insight.opentelemetry.io/metric-path: \"/\" # Path to scrape metrics\n insight.opentelemetry.io/metric-port: \"9464\" # Port to scrape metrics\n
Here is a complete example:
---\napiVersion: v1\nkind: Service\nmetadata:\n name: spring-boot-actuator-prometheus-metrics-demo\nspec:\n type: NodePort\n selector:\n app.kubernetes.io/name: spring-boot-actuator-prometheus-metrics-demo\n ports:\n - name: http\n port: 8080\n---\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: spring-boot-actuator-prometheus-metrics-demo\nspec:\n selector:\n matchLabels:\n app.kubernetes.io/name: spring-boot-actuator-prometheus-metrics-demo\n replicas: 1\n template:\n metadata:\n labels:\n app.kubernetes.io/name: spring-boot-actuator-prometheus-metrics-demo\n annotations:\n insight.opentelemetry.io/metric-scrape: \"true\" # Whether to scrape\n insight.opentelemetry.io/metric-path: \"/actuator/prometheus\" # Path to scrape metrics\n insight.opentelemetry.io/metric-port: \"8080\" # Port to scrape metrics\n spec:\n containers:\n - name: myapp\n image: docker.m.daocloud.io/wutang/spring-boot-actuator-prometheus-metrics-demo\n ports:\n - name: http\n containerPort: 8080\n resources:\n limits:\n cpu: 500m\n memory: 800Mi\n requests:\n cpu: 200m\n memory: 400Mi\n
In the above example, Insight will scrape the Prometheus metrics exposed through Spring Boot Actuator via http://<service-ip>:8080/actuator/prometheus
.
Starting from OpenTelemetry Agent v1.20.0 and later, the OpenTelemetry Agent has introduced the JMX Metric Insight module. If your application is already integrated with the OpenTelemetry Agent for tracing, you no longer need to introduce another agent to expose JMX metrics for your application. The OpenTelemetry Agent collects and exposes metrics by detecting the locally available MBeans in the application.
The OpenTelemetry Agent also provides built-in monitoring examples for common Java servers or frameworks. Please refer to the Predefined Metrics.
When using the OpenTelemetry Java Agent, you also need to consider how to mount the JAR into the container. In addition to the methods for mounting the JAR file as described with the JMX Exporter, you can leverage the capabilities provided by the OpenTelemetry Operator to automatically enable JVM metrics exposure for your application.
If your application is already integrated with the OpenTelemetry Agent for tracing, you do not need to introduce another agent to expose JMX metrics. The OpenTelemetry Agent can now locally collect and expose metrics interfaces by detecting the locally available MBeans in the application.
However, as of the current version, you still need to manually add the appropriate annotations to your application for the JVM data to be collected by Insight. For specific annotation content, please refer to Integrating Existing JVM Metrics of Java Applications with Observability.
"},{"location":"en/admin/insight/quickstart/otel/java/jvm-monitor/otel-java-agent.html#exposing-metrics-for-java-middleware","title":"Exposing Metrics for Java Middleware","text":"The OpenTelemetry Agent also includes built-in examples for monitoring middleware. Please refer to the Predefined Metrics.
By default, no specific types are designated; you need to specify them using the -Dotel.jmx.target.system
JVM options, for example, -Dotel.jmx.target.system=jetty,kafka-broker
.
Gaining JMX Metric Insights with the OpenTelemetry Java Agent
Otel JMX Metrics
Although the OpenShift system comes with a monitoring system, we will still install Insight Agent because of some rules in the data collection agreement.
Among them, in addition to the basic installation configuration, the following parameters need to be added during helm install:
## Parameters related to fluentbit;\n--set fluent-bit.ocp.enabled=true \\\n--set fluent-bit.serviceAccount.create=false \\\n--set fluent-bit.securityContext.runAsUser=0 \\\n--set fluent-bit.securityContext.seLinuxOptions.type=spc_t \\\n--set fluent-bit.securityContext.readOnlyRootFilesystem=false \\\n--set fluent-bit.securityContext.allowPrivilegeEscalation=false \\\n\n## Enable Prometheus(CR) for OpenShift4.x\n--set compatibility.openshift.prometheus.enabled=true \\\n\n## Close the Prometheus instance of the higher version\n--set kube-prometheus-stack.prometheus.enabled=false \\\n--set kube-prometheus-stack.kubeApiServer.enabled=false \\\n--set kube-prometheus-stack.kubelet.enabled=false \\\n--set kube-prometheus-stack.kubeControllerManager.enabled=false \\\n--set kube-prometheus-stack.coreDns.enabled=false \\\n--set kube-prometheus-stack.kubeDns.enabled=false \\\n--set kube-prometheus-stack.kubeEtcd.enabled=false \\\n--set kube-prometheus-stack.kubeEtcd.enabled=false \\\n--set kube-prometheus-stack.kubeScheduler.enabled=false \\\n--set kube-prometheus-stack.kubeStateMetrics.enabled=false \\\n--set kube-prometheus-stack.nodeExporter.enabled=false \\\n\n## Limit the namespace processed by PrometheusOperator to avoid competition with OpenShift's own PrometheusOperator\n--set kube-prometheus-stack.prometheusOperator.kubeletService.namespace=\"insight-system\" \\\n--set kube-prometheus-stack.prometheusOperator.prometheusInstanceNamespaces=\"insight-system\" \\\n--set kube-prometheus-stack.prometheusOperator.denyNamespaces[0]=\"openshift-monitoring\" \\\n--set kube-prometheus-stack.prometheusOperator.denyNamespaces[1]=\"openshift-user-workload-monitoring\" \\\n--set kube-prometheus-stack.prometheusOperator.denyNamespaces[2]=\"openshift-customer-monitoring\" \\\n--set kube-prometheus-stack.prometheusOperator.denyNamespaces[3]=\"openshift-route-monitor-operator\" \\\n
"},{"location":"en/admin/insight/quickstart/other/install-agent-on-ocp.html#write-system-monitoring-data-into-prometheus-through-openshifts-own-mechanism","title":"Write system monitoring data into Prometheus through OpenShift's own mechanism","text":"apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: cluster-monitoring-config\n namespace: openshift-monitoring\ndata:\n config.yaml: |\n prometheusK8s:\n remoteWrite:\n - queueConfig:\n batchSendDeadline: 60s\n maxBackoff: 5s\n minBackoff: 30ms\n minShards: 1\n capacity: 5000\n maxSamplesPerSend: 1000\n maxShards: 100\n remoteTimeout: 30s\n url: http://insight-agent-prometheus.insight-system.svc.cluster.local:9090/api/v1/write\n writeRelabelConfigs:\n - action: keep\n regex: etcd|kubelet|node-exporter|apiserver|kube-state-metrics\n sourceLabels:\n - job\n
"},{"location":"en/admin/insight/quickstart/res-plan/modify-vms-disk.html","title":"vmstorage Disk Expansion","text":"This article describes the method for expanding the vmstorage disk. Please refer to the vmstorage disk capacity planning for the specifications of the vmstorage disk.
"},{"location":"en/admin/insight/quickstart/res-plan/modify-vms-disk.html#procedure","title":"Procedure","text":""},{"location":"en/admin/insight/quickstart/res-plan/modify-vms-disk.html#enable-storageclass-expansion","title":"Enable StorageClass expansion","text":"Log in to the AI platform as a global service cluster administrator. Click Container Management -> Clusters and go to the details of the kpanda-global-cluster cluster.
Select the left navigation menu Container Storage -> PVCs and find the PVC bound to the vmstorage.
Click a vmstorage PVC to enter the details of the volume claim for vmstorage and confirm the StorageClass that the PVC is bound to.
Select the left navigation menu Container Storage -> Storage Class and find local-path . Click the \u2507 on the right side of the target and select Edit in the popup menu.
Enable Scale Up and click OK .
Log in to the AI platform as a global service cluster administrator and go to the details of the kpanda-global-cluster cluster.
Select the left navigation menu CRDs and find the custom resource for vmcluster .
Click the custom resource for vmcluster to enter the details page, switch to the insight-system namespace, and select Edit YAML from the right menu of insight-victoria-metrics-k8s-stack .
Modify according to the legend and click OK .
Select the left navigation menu Container Storage -> PVCs again and find the volume claim bound to vmstorage. Confirm that the modification has taken effect. In the details page of a PVC, click the associated storage source (PV).
Open the volume details page and click the Update button in the upper right corner.
After modifying the Capacity , click OK and wait for a moment until the expansion is successful.
If the storage volume expansion fails, you can refer to the following method to clone the storage volume.
Log in to the AI platform as a global service cluster administrator and go to the details of the kpanda-global-cluster cluster.
Select the left navigation menu Workloads -> StatefulSets and find the statefulset for vmstorage . Click the \u2507 on the right side of the target and select Status -> Stop -> OK in the popup menu.
After logging into the master node of the kpanda-global-cluster cluster in the command line, run the following command to copy the vm-data directory in the vmstorage container to store the metric information locally:
kubectl cp -n insight-system vmstorage-insight-victoria-metrics-k8s-stack-1:vm-data ./vm-data\n
Log in to the AI platform and go to the details of the kpanda-global-cluster cluster. Select the left navigation menu Container Storage -> PVs , click Clone in the upper right corner, and modify the capacity of the volume.
Delete the previous data volume of vmstorage.
Wait for a moment until the volume claim is bound to the cloned data volume, then run the following command to import the exported data from step 3 into the proper container, and then start the previously paused vmstorage .
kubectl cp -n insight-system ./vm-data vmstorage-insight-victoria-metrics-k8s-stack-1:vm-data\n
In the actual use of Prometheus, affected by the number of cluster containers and the opening of Istio, the CPU, memory and other resource usage of Prometheus will exceed the set resources.
In order to ensure the normal operation of Prometheus in clusters of different sizes, it is necessary to adjust the resources of Prometheus according to the actual size of the cluster.
"},{"location":"en/admin/insight/quickstart/res-plan/prometheus-res.html#reference-resource-planning","title":"Reference resource planning","text":"In the case that the mesh is not enabled, the test statistics show that the relationship between the system Job index and pods is Series count = 800 * pod count
When the service mesh is enabled, the magnitude of the Istio-related metrics generated by the pod after the feature is enabled is Series count = 768 * pod count
"},{"location":"en/admin/insight/quickstart/res-plan/prometheus-res.html#when-the-service-mesh-is-not-enabled","title":"When the service mesh is not enabled","text":"The following resource planning is recommended by Prometheus when the service mesh is not enabled :
Cluster size (pod count) Metrics (service mesh is not enabled) CPU (core) Memory (GB) 100 8w Request: 0.5Limit: 1 Request: 2GBLimit: 4GB 200 16w Request: 1Limit: 1.5 Request: 3GBLimit: 6GB 300 24w Request: 1Limit: 2 Request: 3GBLimit: 6GB 400 32w Request: 1Limit: 2 Request: 4GBLimit: 8GB 500 40w Request: 1.5Limit: 3 Request: 5GBLimit: 10GB 800 64w Request: 2Limit: 4 Request: 8GBLimit: 16GB 1000 80w Request: 2.5Limit: 5 Request: 9GBLimit: 18GB 2000 160w Request: 3.5Limit: 7 Request: 20GBLimit: 40GB 3000 240w Request: 4Limit: 8 Request: 33GBLimit: 66GB"},{"location":"en/admin/insight/quickstart/res-plan/prometheus-res.html#when-the-service-mesh-feature-is-enabled","title":"When the service mesh feature is enabled","text":"The following resource planning is recommended by Prometheus in the scenario of starting the service mesh:
Cluster size (pod count) metric volume (service mesh enabled) CPU (core) Memory (GB) 100 15w Request: 1Limit: 2 Request: 3GBLimit: 6GB 200 31w Request: 2Limit: 3 Request: 5GBLimit: 10GB 300 46w Request: 2Limit: 4 Request: 6GBLimit: 12GB 400 62w Request: 2Limit: 4 Request: 8GBLimit: 16GB 500 78w Request: 3Limit: 6 Request: 10GBLimit: 20GB 800 125w Request: 4Limit: 8 Request: 15GBLimit: 30GB 1000 156w Request: 5Limit: 10 Request: 18GBLimit: 36GB 2000 312w Request: 7Limit: 14 Request: 40GBLimit: 80GB 3000 468w Request: 8Limit: 16 Request: 65GBLimit: 130GBNote
vmstorage is responsible for storing multicluster metrics for observability. In order to ensure the stability of vmstorage, it is necessary to adjust the disk capacity of vmstorage according to the number of clusters and the size of the cluster. For more information, please refer to vmstorage retention period and disk space.
"},{"location":"en/admin/insight/quickstart/res-plan/vms-res-plan.html#test-results","title":"Test Results","text":"After 14 days of disk observation of vmstorage of clusters of different sizes, We found that the disk usage of vmstorage was positively correlated with the amount of metrics it stored and the disk usage of individual data points.
Disk usage = Instantaneous metrics x 2 x disk usage for a single data point x 60 x 24 x storage time (days)
Parameter Description:
Warning
This formula is a general solution, and it is recommended to reserve redundant disk capacity on the calculation result to ensure the normal operation of vmstorage.
"},{"location":"en/admin/insight/quickstart/res-plan/vms-res-plan.html#reference-capacity","title":"reference capacity","text":"The data in the table is calculated based on the default storage time of one month (30 days), and the disk usage of a single data point (datapoint) is calculated as 0.9. In a multicluster scenario, the number of Pods represents the sum of the number of Pods in the multicluster.
"},{"location":"en/admin/insight/quickstart/res-plan/vms-res-plan.html#when-the-service-mesh-is-not-enabled","title":"When the service mesh is not enabled","text":"Cluster size (number of Pods) Metrics Disk capacity 100 8W 6 GiB 200 16W 12 GiB 300 24w 18 GiB 400 32w 24 GiB 500 40w 30 GiB 800 64w 48 GiB 1000 80W 60 GiB 2000 160w 120 GiB 3000 240w 180 GiB"},{"location":"en/admin/insight/quickstart/res-plan/vms-res-plan.html#when-the-service-mesh-is-enabled","title":"When the service mesh is enabled","text":"Cluster size (number of Pods) Metrics Disk capacity 100 15W 12 GiB 200 31w 24 GiB 300 46w 36 GiB 400 62w 48 GiB 500 78w 60 GiB 800 125w 94 GiB 1000 156w 120 GiB 2000 312w 235 GiB 3000 468w 350 GiB"},{"location":"en/admin/insight/quickstart/res-plan/vms-res-plan.html#example","title":"Example","text":"There are two clusters in the AI platform, of which 500 Pods are running in the global management cluster (service mesh is turned on), and 1000 Pods are running in the worker cluster (service mesh is not turned on), and the expected metrics are stored for 30 days.
Then the current vmstorage disk usage should be set to (784000+80000)x2x0.9x60x24x31 =124384896000 byte = 116 GiB
Note
For the relationship between the number of metrics and the number of Pods in the cluster, please refer to Prometheus Resource Planning.
"},{"location":"en/admin/insight/reference/alertnotification.html","title":"Alert Notification Process Description","text":"When configuring an alert policy in Insight, you have the ability to set different notification sending intervals for alerts triggered at different levels within the same policy. However, due to the presence of two parameters, group_interval and repeat_interval , in the native Alertmanager configuration, the actual intervals for sending alert notifications may deviate.
"},{"location":"en/admin/insight/reference/alertnotification.html#parameter-configuration","title":"Parameter Configuration","text":"In the Alertmanager configuration, set the following parameters:
route: \n group_by: [\"rulename\"]\n group_wait: 30s\n group_interval: 5m\n repeat_interval: 1h\n
Parameter descriptions:
group_wait : Specifies the waiting time before sending alert notifications. When Alertmanager receives a group of alerts, if no further alerts are received within the duration specified by group_wait , Alertmanager waits for a certain amount of time to collect additional alerts with the same labels and content. It then includes all qualifying alerts in the same notification.
group_interval : Determines the waiting time before merging a group of alerts into a single notification. If no more alerts from the same group are received during this period, Alertmanager sends a notification containing all received alerts.
repeat_interval : Sets the interval for resending alert notifications. After Alertmanager sends an alert notification to a receiver, if it continues to receive alerts with the same labels and content within the duration specified by repeat_interval , Alertmanager will resend the alert notification.
When the group_wait , group_interval , and repeat_interval parameters are set simultaneously, Alertmanager handles alert notifications under the same group as follows:
When Alertmanager receives qualifying alerts, it waits for at least the duration specified in the group_wait parameter to collect additional alerts with the same labels and content. It includes all qualifying alerts in the same notification.
If no further alerts are received during the group_wait duration, Alertmanager sends all received alerts to the receiver after that time. If additional qualifying alerts arrive during this period, Alertmanager continues to wait until all alerts are collected or a timeout occurs.
If more alerts with the same labels and content are received within the group_interval parameter, these new alerts are merged into the previous notification and sent together. If there are still unsent alerts after the group_interval duration, Alertmanager starts a new timing cycle and waits for more alerts until the group_interval duration is reached again or new alerts are received.
If Alertmanager keeps receiving alerts with the same labels and content within the duration specified by repeat_interval , it will resend the previously sent alert notifications. When resending alert notifications, Alertmanager does not wait for group_wait or group_interval , but sends notifications repeatedly according to the time interval specified by repeat_interval .
If there are still unsent alerts after the repeat_interval duration, Alertmanager starts a new timing cycle and continues to wait for new alerts with the same labels and content. This process continues until there are no new alerts or Alertmanager is stopped.
In the following example, Alertmanager assigns all alerts with CPU usage above the threshold to a policy named \"critical_alerts\".
groups:\n- name: critical_alerts\n rules:\n - alert: HighCPUUsage\n expr: node_cpu_seconds_total{mode=\"idle\"} < 50\n for: 5m\n labels:\n severity: critical\n annotations:\n summary: \"High CPU usage detected on instance {{ $labels.instance }}\"\n group_by: [rulename]\n group_wait: 30s\n group_interval: 5m\n repeat_interval: 1h\n
In this case:
When Alertmanager receives an alert, it waits for at least 30 seconds to collect additional alerts with the same labels and content, and includes them in the same notification.
If more alerts with the same labels and content are received within 5 minutes, these new alerts are merged into the previous notification and sent together. If there are still unsent alerts after 15 minutes, Alertmanager starts a new timing cycle and waits for more alerts until 5 minutes have passed or new alerts are received.
If Alertmanager continues to receive alerts with the same labels and content within 1 hour, it will resend the previously sent alert notifications.
Lucene is a subproject of Apache Software Foundation's Jakarta project and is an open-source full-text search engine toolkit. The purpose of Lucene is to provide software developers with a simple and easy-to-use toolkit for implementing full-text search functionality in their target systems.
"},{"location":"en/admin/insight/reference/lucene.html#lucene-syntax","title":"Lucene Syntax","text":"Lucene's syntax allows you to construct search queries in a flexible way to meet different search requirements. Here is a detailed explanation of Lucene's syntax:
"},{"location":"en/admin/insight/reference/lucene.html#keyword-queries","title":"Keyword Queries","text":"To perform searches with multiple keywords using Lucene syntax, you can use Boolean logical operators to combine multiple keywords. Lucene supports the following operators:
AND operator
OR operator
NOT operator
Quotes
Specify fields
field1:keyword1 AND (field2:keyword2 OR field3:keyword3) NOT field4:keyword4\n
Explanation:
Not specify fields
keyword1 AND (keyword2 OR keyword3) NOT keyword4\n
Explanation:
In Lucene, fuzzy queries can be performed using the tilde ( ~ ) operator for approximate matching. You can specify an edit distance to limit the degree of similarity in the matches.
term~\n
In the above example, term is the keyword to perform a fuzzy match on.
Please note the following:
Lucene supports the following wildcard queries:
*
wildcard: Used to match zero or more characters.
For example, te*t can match \"test\", \"text\", and \"tempest\".
?
wildcard: Used to match a single character.
For example, te?t can match \"test\" and \"text\".
te?t\n
In the above example, te?t represents a word that starts with \"te\", followed by any single character, and ends with \"t\". This query can match words like \"test\", \"text\", and \"tent\".
It is important to note that the question mark ( ?
) represents only a single character. If you want to match multiple characters or varying lengths of characters, you can use the asterisk ( *
) for multi-character wildcard matching. Additionally, the question mark will not match an empty string.
To summarize, in Lucene syntax, the question mark ( ?
) is used as a single-character wildcard to match any single character. By using the question mark in your search keywords, you can perform more flexible and specific pattern matching.
Lucene syntax supports range queries, where you can use square brackets [ ] or curly braces { } to represent a range. Here are examples of range queries:
Inclusive boundary range query:
Exclusive boundary range query:
Omitted boundary range query:
Note
Please note that range queries are applicable only to fields that can be sorted, such as numeric fields and date fields. Also, ensure that you correctly specify the boundary values as the actual value type of the field in your query. If you want to perform a range query across the entire index without specifying a specific field, you can use the wildcard query *
instead of a field name.
Specify a field
timestamp:[2022-01-01 TO 2022-01-31]\n
This will retrieve data where the timestamp field falls within the range from January 1, 2022, to January 31, 2022.
Not specify a field
*:[value1 TO value2]\n
This will search the entire index for documents with values ranging from value1 to value2 .
If you want to accurately match a specific value, you can add a .keyword
suffix after the keyword, e.g. kubernetes.containername.keyword
.
Query container logs of the specified container in the specified Pod
kubernetes.pod_name.keyword:nginx-pod AND kubernetes.container_name.keyword:nginx\n
2. Query container logs containing 'nginx pod' in the Pod name kubernetes.pod_name:nginx-pod\n
The alert notification template uses Go Template syntax to render the template.
The template will be rendered based on the following data.
{\n \"status\": \"firing\",\n \"labels\": {\n \"alertgroup\": \"test-group\", // Alert policy name\n \"alertname\": \"test-rule\", // Alert rule name\n \"cluster\": \"35b54a48-b66c-467b-a8dc-503c40826330\",\n \"customlabel1\": \"v1\",\n \"customlabel2\": \"v2\",\n \"endpoint\": \"https\",\n \"group_id\": \"01gypg06fcdf7rmqc4ksv97646\",\n \"instance\": \"10.6.152.85:6443\",\n \"job\": \"apiserver\",\n \"namespace\": \"default\",\n \"prometheus\": \"insight-system/insight-agent-kube-prometh-prometheus\",\n \"prometheus_replica\": \"prometheus-insight-agent-kube-prometh-prometheus-0\",\n \"rule_id\": \"01gypg06fcyn2g9zyehbrvcdfn\",\n \"service\": \"kubernetes\",\n \"severity\": \"critical\",\n \"target\": \"35b54a48-b66c-467b-a8dc-503c40826330\",\n \"target_type\": \"cluster\"\n },\n \"annotations\": {\n \"customanno1\": \"v1\",\n \"customanno2\": \"v2\",\n \"description\": \"This is a test rule, 10.6.152.85:6443 down\",\n \"value\": \"1\"\n },\n \"startsAt\": \"2023-04-20T07:53:54.637363473Z\",\n \"endsAt\": \"0001-01-01T00:00:00Z\",\n \"generatorURL\": \"http://vmalert-insight-victoria-metrics-k8s-stack-df987997b-npsl9:8080/vmalert/alert?group_id=16797738747470868115&alert_id=10071735367745833597\",\n \"fingerprint\": \"25c8d93d5bf58ac4\"\n}\n
"},{"location":"en/admin/insight/reference/notify-helper.html#instructions-for-use","title":"Instructions for Use","text":".
character
Render the specified object in the current scope.
Example 1: Take all content under the top-level scope, which is all of the context data in the example code.
{{ . }}\n
Conditional statement if / else
Use if to check the data and run else if it does not meet.
{{if .Labels.namespace }}Namespace: {{ .Labels.namespace }} \\n{{ end }}\n
Loop feature for
The for feature is used to repeat the code content.
Example 1: Traverse the labels list to obtain all label content for alerts.
{{ for .Labels}} \\n {{end}}\n
Insight's \"notification templates\" and \"SMS templates\" support over 70 sprig functions, as well as custom functions.
"},{"location":"en/admin/insight/reference/notify-helper.html#sprig-functions","title":"Sprig Functions","text":"Sprig provides over 70 built-in template functions to assist in rendering data. The following are some commonly used functions:
For more details, you can refer to the official documentation.
"},{"location":"en/admin/insight/reference/notify-helper.html#custom-functions","title":"Custom Functions","text":""},{"location":"en/admin/insight/reference/notify-helper.html#toclustername","title":"toClusterName","text":"The toClusterName function retrieves the \"cluster name\" based on the \"cluster unique identifier (ID)\". If there is no proper cluster found, it will directly return the passed-in cluster's unique identifier.
func toClusterName(id string) (string, error)\n
Example:
{{ toClusterName \"clusterId\" }}\n{{ \"clusterId\" | toClusterName }}\n
"},{"location":"en/admin/insight/reference/notify-helper.html#toclusterid","title":"toClusterId","text":"The toClusterId function retrieves the \"cluster unique identifier (ID)\" based on the \"cluster name\". If there is no proper cluster found, it will directly return the passed-in cluster name.
func toClusterId(name string) (string, error)\n
Example:
{{ toClusterId \"clusterName\" }}\n{{ \"clusterName\" | toClusterId }}\n
"},{"location":"en/admin/insight/reference/notify-helper.html#todateinzone","title":"toDateInZone","text":"The toDateInZone function converts a string date into the desired time format and applies the specified time zone.
func toDateInZone(fmt string, date interface{}, zone string) string\n
Example 1:
{{ toDateInZone \"2006-01-02T15:04:05\" \"2022-08-15T05:59:08.064449533Z\" \"Asia/Shanghai\" }}\n
This will return 2022-08-15T13:59:08. Additionally, you can achieve the same effect as toDateInZone using the built-in functions provided by sprig:
{{ dateInZone \"2006-01-02T15:04:05\" (toDate \"2006-01-02T15:04:05Z07:00\" .StartsAt) \"Asia/Shanghai\" }}\n
Example 2:
{{ toDateInZone \"2006-01-02T15:04:05\" .StartsAt \"Asia/Shanghai\" }}\n\n## Threshold Template Description\n\nThe built-in webhook alert template in Insight is as follows. Other contents such as email and WeCom are the same, only proper adjustments are made for line breaks.\n\n```text\nRule Name: {{ .Labels.alertname }} \\n\nPolicy Name: {{ .Labels.alertgroup }} \\n\nAlert level: {{ .Labels.severity }} \\n\nCluster: {{ .Labels.cluster }} \\n\n{{if .Labels.namespace }}Namespace: {{ .Labels.namespace }} \\n{{ end }}\n{{if .Labels.node }}Node: {{ .Labels.node }} \\n{{ end }}\nResource Type: {{ .Labels.target_type }} \\n\n{{if .Labels.target }}Resource Name: {{ .Labels.target }} \\n{{ end }}\nTrigger Value: {{ .Annotations.value }} \\n\nOccurred Time: {{ .StartsAt }} \\n\n{{if ne \"0001-01-01T00:00:00Z\" .EndsAt }}End Time: {{ .EndsAt }} \\n{{ end }}\nDescription: {{ .Annotations.description }} \\n\n
"},{"location":"en/admin/insight/reference/notify-helper.html#email-subject-parameters","title":"Email Subject Parameters","text":"Because Insight combines messages generated by the same rule at the same time when sending alert messages, email subjects are different from the four templates above and only use the content of commonLabels in the alert message to render the template. The default template is as follows:
[{{ .status }}] [{{ .severity }}] Alert: {{ .alertname }}\n
Other fields that can be used as email subjects are as follows:
{{ .status }} Triggering status of the alert message\n{{ .alertgroup }} Name of the policy to which the alert belongs\n{{ .alertname }} Name of the rule to which the alert belongs\n{{ .severity }} Severity level of the alert\n{{ .target_type }} Type of resource for which the alert is raised\n{{ .target }} Resource object for which the alert is raised\n{{ .Custom label key for other rules }}\n
"},{"location":"en/admin/insight/reference/tailing-sidecar.html","title":"Collecting Container Logs through Sidecar","text":"Tailing Sidecar is a Kubernetes cluster-level logging proxy that acts as a streaming sidecar container. It allows automatic collection and summarization of log files within containers, even when the container cannot write to standard output or standard error streams.
Insight supports log collection through the Sidecar mode, which involves running a Sidecar container alongside each Pod to output log data to the standard output stream. This enables FluentBit to collect container logs effectively.
The Insight Agent comes with the tailing-sidecar operator installed by default. To enable file log collection within a container, you can add annotations to the Pod, which will automatically inject the Tailing Sidecar container. The injected Sidecar container reads the files in the business container and outputs them to the standard output stream.
Here are the specific steps to follow:
Modify the YAML file of the Pod and add the following parameters in the annotation field:
metadata:\n annotations:\n tailing-sidecar: <sidecar-name-0>:<volume-name-0>:<path-to-tail-0>;<sidecar-name-1>:<volume-name-1>:<path-to -tail-1>\n
Field description:
Note
Each Pod can run multiple sidecar containers, separated by ; . This allows different sidecar containers to collect multiple files and store them in various volumes.
Restart the Pod. Once the Pod's status changes to Running , you can use the Log Query interface to search for logs within the container of the Pod.
The metrics in this article are organized based on the community's kube-prometheus framework. Currently, it covers metrics from multiple levels, including Cluster, Node, Namespace, and Workload. This article lists some commonly used metrics, their descriptions, and units for easy reference.
"},{"location":"en/admin/insight/reference/used-metric-in-insight.html#cluster","title":"Cluster","text":"Metric Name Description Unit cluster_cpu_utilization Cluster CPU Utilization cluster_cpu_total Total CPU in Cluster Core cluster_cpu_usage CPU Used in Cluster Core cluster_cpu_requests_commitment CPU Allocation Rate in Cluster cluster_memory_utilization Cluster Memory Utilization cluster_memory_usage Memory Usage in Cluster Byte cluster_memory_available Available Memory in Cluster Byte cluster_memory_requests_commitment Memory Allocation Rate in Cluster cluster_memory_total Total Memory in Cluster Byte cluster_net_utilization Network Data Transfer Rate in Cluster Byte/s cluster_net_bytes_transmitted Network Data Transmitted in Cluster (Upstream) Byte/s cluster_net_bytes_received Network Data Received in Cluster (Downstream) Byte/s cluster_disk_read_iops Disk Read IOPS in Cluster times/s cluster_disk_write_iops Disk Write IOPS in Cluster times/s cluster_disk_read_throughput Disk Read Throughput in Cluster Byte/s cluster_disk_write_throughput Disk Write Throughput in Cluster Byte/s cluster_disk_size_capacity Total Disk Capacity in Cluster Byte cluster_disk_size_available Available Disk Size in Cluster Byte cluster_disk_size_usage Disk Usage in Cluster Byte cluster_disk_size_utilization Disk Utilization in Cluster cluster_node_total Total Nodes in Cluster units cluster_node_online Online Nodes in Cluster units cluster_node_offline_count Count of Offline Nodes in Cluster units cluster_pod_count Total Pods in Cluster units cluster_pod_running_count Count of Running Pods in Cluster units cluster_pod_abnormal_count Count of Abnormal Pods in Cluster units cluster_deployment_count Total Deployments in Cluster units cluster_deployment_normal_count Count of Normal Deployments in Cluster units cluster_deployment_abnormal_count Count of Abnormal Deployments in Cluster units cluster_statefulset_count Count of StatefulSets in Cluster units cluster_statefulset_normal_count Count of Normal StatefulSets in Cluster units cluster_statefulset_abnormal_count Count of Abnormal StatefulSets in Cluster units cluster_daemonset_count Count of DaemonSets in Cluster units cluster_daemonset_normal_count Count of Normal DaemonSets in Cluster units cluster_daemonset_abnormal_count Count of Abnormal DaemonSets in Cluster units cluster_job_count Total Jobs in Cluster units cluster_job_normal_count Count of Normal Jobs in Cluster units cluster_job_abnormal_count Count of Abnormal Jobs in Cluster unitsTip
Utilization is generally a number in the range (0,1] (e.g., 0.21, not 21%)
"},{"location":"en/admin/insight/reference/used-metric-in-insight.html#node","title":"Node","text":"Metric Name Description Unit node_cpu_utilization Node CPU Utilization node_cpu_total Total CPU in Node Core node_cpu_usage CPU Usage in Node Core node_cpu_requests_commitment CPU Allocation Rate in Node node_memory_utilization Node Memory Utilization node_memory_usage Memory Usage in Node Byte node_memory_requests_commitment Memory Allocation Rate in Node node_memory_available Available Memory in Node Byte node_memory_total Total Memory in Node Byte node_net_utilization Network Data Transfer Rate in Node Byte/s node_net_bytes_transmitted Network Data Transmitted in Node (Upstream) Byte/s node_net_bytes_received Network Data Received in Node (Downstream) Byte/s node_disk_read_iops Disk Read IOPS in Node times/s node_disk_write_iops Disk Write IOPS in Node times/s node_disk_read_throughput Disk Read Throughput in Node Byte/s node_disk_write_throughput Disk Write Throughput in Node Byte/s node_disk_size_capacity Total Disk Capacity in Node Byte node_disk_size_available Available Disk Size in Node Byte node_disk_size_usage Disk Usage in Node Byte node_disk_size_utilization Disk Utilization in Node"},{"location":"en/admin/insight/reference/used-metric-in-insight.html#workload","title":"Workload","text":"The currently supported workload types include: Deployment, StatefulSet, DaemonSet, Job, and CronJob.
Metric Name Description Unit workload_cpu_usage Workload CPU Usage Core workload_cpu_limits Workload CPU Limit Core workload_cpu_requests Workload CPU Requests Core workload_cpu_utilization Workload CPU Utilization workload_memory_usage Workload Memory Usage Byte workload_memory_limits Workload Memory Limit Byte workload_memory_requests Workload Memory Requests Byte workload_memory_utilization Workload Memory Utilization workload_memory_usage_cached Workload Memory Usage (including cache) Byte workload_net_bytes_transmitted Workload Network Data Transmitted Rate Byte/s workload_net_bytes_received Workload Network Data Received Rate Byte/s workload_disk_read_throughput Workload Disk Read Throughput Byte/s workload_disk_write_throughput Workload Disk Write Throughput Byte/sworkload_cpu_usage{workload_type=\"deployment\", workload=\"prometheus\"}
.workload_pod_utilization
: workload_pod_usage / workload_pod_request
.You can obtain the CPU usage of all Pods belonging to the Deployment named prometheus by using pod_cpu_usage{workload_type=\"deployment\", workload=\"prometheus\"}
.
Observability will persist the data of metrics, logs, and traces by default. Users can modify the system configuration according to This page.
"},{"location":"en/admin/insight/system-config/modify-config.html#how-to-modify-the-metric-data-retention-period","title":"How to modify the metric data retention period","text":"Refer to the following steps to modify the metric data retention period.
run the following command:
kubectl edit vmcluster insight-victoria-metrics-k8s-stack -n insight-system\n
In the Yaml file, the default value of retentionPeriod is 14 , and the unit is day . You can modify the parameters according to your needs.
apiVersion: operator.victoriametrics.com/v1beta1\nkind: VMCluster\nmetadata:\n annotations:\n meta.helm.sh/release-name: insight\n meta.helm.sh/release-namespace: insight-system\n creationTimestamp: \"2022-08-25T04:31:02Z\"\n finalizers:\n - apps.victoriametrics.com/finalizer\n generation: 2\n labels:\n app.kubernetes.io/instance: insight\n app.kubernetes.io/managed-by: Helm\n app.kubernetes.io/name: victoria-metrics-k8s-stack\n app.kubernetes.io/version: 1.77.2\n helm.sh/chart: victoria-metrics-k8s-stack-0.9.3\n name: insight-victoria-metrics-k8s-stack\n namespace: insight-system\n resourceVersion: \"123007381\"\n uid: 55cee8d6-c651-404b-b2c9-50603b405b54\nspec:\n replicationFactor: 1\n retentionPeriod: \"14\"\n vminsert:\n extraArgs:\n maxLabelsPerTimeseries: \"45\"\n image:\n repository: docker.m.daocloud.io/victoriametrics/vminsert\n tag: v1.80.0-cluster\n replicaCount: 1\n
After saving the modification, the pod of the component responsible for storing the metrics will automatically restart, just wait for a while.
Refer to the following steps to modify the log data retention period:
"},{"location":"en/admin/insight/system-config/modify-config.html#method-1-modify-the-json-file","title":"Method 1: Modify the Json file","text":"Modify the max_age parameter in the rollover field in the following files, and set the retention period. The default storage period is 7d . Change http://localhost:9200
to the address of elastic .
curl -X PUT \"http://localhost:9200/_ilm/policy/insight-es-k8s-logs-policy?pretty\" -H 'Content-Type: application/json' -d'\n{\n\"policy\": {\n \"phases\": {\n \"hot\": {\n \"min_age\": \"0ms\",\n \"actions\": {\n \"set_priority\": {\n \"priority\": 100\n },\n \"rollover\": {\n \"max_age\": \"7d\",\n \"max_size\": \"10gb\"\n }\n }\n },\n \"warm\": {\n \"min_age\": \"10d\",\n \"actions\": {\n \"forcemerge\": {\n \"max_num_segments\": 1\n }\n }\n },\n \"delete\": {\n \"min_age\": \"30d\",\n \"actions\": {\n \"delete\": {}\n }\n }\n }\n}\n}\n
After modification, run the above command. It will print out the content as shown below, then the modification is successful.
{\n\"acknowledged\": true\n}\n
Log in kibana , select Stack Management in the left navigation bar.
Select the left navigation Index Lifecycle Polices , and find the index insight-es-k8s-logs-policy , click to enter the details.
Expand the Hot phase configuration panel, modify the Maximum age parameter, and set the retention period. The default storage period is 7d .
After modification, click Save policy at the bottom of the page to complete the modification.
Refer to the following steps to modify the trace data retention period:
"},{"location":"en/admin/insight/system-config/modify-config.html#method-1-modify-the-json-file_1","title":"Method 1: Modify the Json file","text":"Modify the max_age parameter in the rollover field in the following files, and set the retention period. The default storage period is 7d . At the same time, modify http://localhost:9200
to the access address of elastic .
curl -X PUT \"http://localhost:9200/_ilm/policy/jaeger-ilm-policy?pretty\" -H 'Content-Type: application/json' -d'\n{\n\"policy\": {\n \"phases\": {\n \"hot\": {\n \"min_age\": \"0ms\",\n \"actions\": {\n \"set_priority\": {\n \"priority\": 100\n },\n \"rollover\": {\n \"max_age\": \"7d\",\n \"max_size\": \"10gb\"\n }\n }\n },\n \"warm\": {\n \"min_age\": \"10d\",\n \"actions\": {\n \"forcemerge\": {\n \"max_num_segments\": 1\n }\n }\n },\n \"delete\": {\n \"min_age\": \"30d\",\n \"actions\": {\n \"delete\": {}\n }\n }\n }\n}\n}\n
After modification, run the above command on the console. It will print out the content as shown below, then the modification is successful.
{\n\"acknowledged\": true\n}\n
Log in kibana , select Stack Management in the left navigation bar.
Select the left navigation Index Lifecycle Polices , and find the index jaeger-ilm-policy , click to enter the details.
Expand the Hot phase configuration panel, modify the Maximum age parameter, and set the retention period. The default storage period is 7d .
After modification, click Save policy at the bottom of the page to complete the modification.
On the system component page, you can quickly view the running status of the system components in Insight. When a system component fails, some features in Insight will be unavailable.
System Settings displays the default storage time of metrics, logs, traces and the default Apdex threshold.
Click the right navigation bar and select System Settings .
Currently only supports modifying the storage duration of historical alerts, click Edit to enter the target duration.
When the storage duration is set to \"0\", the historical alerts will not be cleared.
Note
To modify other settings, please click to view How to modify the system settings?
"},{"location":"en/admin/insight/trace/service.html","title":"Service Insight","text":"In Insight , a service refers to a group of workloads that provide the same behavior for incoming requests. Service insight helps observe the performance and status of applications during the operation process by using the OpenTelemetry SDK.
For how to use OpenTelemetry, please refer to: Using OTel to give your application insight.
"},{"location":"en/admin/insight/trace/service.html#glossary","title":"Glossary","text":"The Services List page displays key metrics such as throughput rate, error rate, and request latency for all services that have been instrumented with distributed tracing. You can filter services based on clusters or namespaces and sort the list by throughput rate, error rate, or request latency. By default, the data displayed in the list is for the last hour, but you can customize the time range.
Follow these steps to view service insight metrics:
Go to the Insight product module.
Select Trace Tracking -> Services from the left navigation bar.
Attention
Click a service name (taking insight-system as an example) to view the detailed metrics and operation metrics for that service.
Service map is a visual representation of the connections, communication, and dependencies between services. It provides insights into the service-to-service interactions, allowing you to view the calls and performance of services within a specified time range. The connections between nodes in the topology map represent the existence of service-to-service calls during the queried time period.
"},{"location":"en/admin/insight/trace/topology.html#prerequisites","title":"Prerequisites","text":"Go to the Insight product module.
Select Tracing -> Service Map from the left navigation bar.
In the Service Map, you can perform the following actions:
In the Service Map, there can be nodes that are not part of the cluster. These external nodes can be categorized into three types:
Virtual Node
If a service makes a request to a Database or Message Queue, these two types of nodes will be displayed by default in the topology map. However, Virtual Nodes represent nodes outside the cluster or services not integrated into the trace, and they will not be displayed by default in the map.
When a service makes a request to MySQL, PostgreSQL, or Oracle Database, the detailed database type can be seen in the map.
insight-server
chart values, locate the parameter shown in the image below, and change false
to true
.Virtual Services
option to enable it.On the trace query page, you can query detailed information about a call trace by TraceID or filter call traces based on various conditions.
"},{"location":"en/admin/insight/trace/trace.html#glossary","title":"Glossary","text":"Please follow these steps to search for a trace:
Select Tracing -> Traces from the left navigation bar.
Note
Sorting by Span, Latency, and Start At is supported in the list.
Click the TraceID Query in the filter bar to switch to TraceID search.
To search using TraceID, please enter the complete TraceID.
Click the TraceID of a trace in the trace list to view its detailed call information.
Click the icon on the right side of the trace data to search for associated logs.
Click View More to jump to the Associated Log page with conditions.
By default, all logs are searched, but you can filter by the TraceID or the relevant container logs from the trace call process using the dropdown.
Note
Since trace may span across clusters or namespaces, if the user does not have sufficient permissions, they will be unable to query the associated logs for that trace.
If there are not enough nodes, you can add more nodes to the cluster.
"},{"location":"en/admin/k8s/add-node.html#prerequisites","title":"Prerequisites","text":"Navigate to Container Management -> Clusters, and click the name of the target cluster.
On the cluster overview page, click Node Management, and then click the Add Node button on the right side.
Follow the wizard, fill in the required parameters, and then click OK.
Basic InformationParameter ConfigurationClick OK in the popup window.
Return to the node list. The status of the newly added node will be Pending. After a few minutes, if the status changes to Running, it indicates that the node has been successfully added.
Tip
For nodes that have just been successfully added, it may take an additional 2-3 minutes for the GPU to be recognized.
"},{"location":"en/admin/k8s/create-k8s.html","title":"Creating a Kubernetes Cluster on the Cloud","text":"Deploying a Kubernetes cluster is aimed at supporting efficient AI computing resource scheduling and management, achieving elastic scalability, providing high availability, and optimizing the model training and inference processes.
"},{"location":"en/admin/k8s/create-k8s.html#prerequisites","title":"Prerequisites","text":"Create and launch 3 cloud hosts without GPUs to serve as the Master nodes for the cluster.
Navigate to Container Management -> Clusters, and click the Create Cluster button on the right side.
Follow the wizard to configure the various parameters of the cluster.
Basic InformationNode ConfigurationNetwork ConfigurationAddon ConfigurationAdvanced ConfigurationAfter configuring the node information, click Start Check.
Each node can run a default of 110 Pods (container groups). If the node configuration is higher, it can be adjusted to 200 or 300 Pods.
Wait for the cluster creation to complete.
In the cluster list, find the newly created cluster, click the cluster name, navigate to Helm Apps -> Helm Charts, and search for metax-gpu-extensions
in the search box, then click the card.
Click the Install button on the right to begin installing the GPU plugin.
Application SettingsKubernetes Orchestration ConfirmationEnter a name, select a namespace, and modify the image address in the YAML:
You will automatically return to the Helm App list. Wait for the status of metax-gpu-extensions
to change to Deployed.
The cluster has been successfully created. You can now check the nodes included in the cluster. You can create AI workloads and use the GPU.
Next step: Create AI Workloads
"},{"location":"en/admin/k8s/remove-node.html","title":"Removing GPU Worker Nodes","text":"The cost of GPU resources is relatively high. If you temporarily do not need a GPU, you can remove the worker nodes with GPUs. The following steps are also applicable for removing regular worker nodes.
"},{"location":"en/admin/k8s/remove-node.html#prerequisites","title":"Prerequisites","text":"Navigate to Container Management -> Clusters, and click the name of the target cluster.
On the cluster overview page, click Nodes, find the node you want to remove, click the \u2507 on the right side of the list, and select Remove Node from the pop-up menu.
In the pop-up window, enter the node name, and after confirming it is correct, click Delete.
You will automatically return to the node list, and the status will be Removing. After a few minutes, refresh the page; if the node is no longer there, it indicates that the node has been successfully removed.
After removing the node from the UI list and shutting it down, log in to the host of the removed node via SSH and execute the shutdown command.
Tip
After removing the node from the UI and shutting it down, the data on the node is not immediately deleted; the node's data will be retained for a period of time.
"},{"location":"en/admin/kpanda/backup/index.html","title":"Backup and Restore","text":"Backup and restore are essential aspects of system management. In practice, it is important to first back up the data of the system at a specific point in time and securely store the backup. In case of incidents such as data corruption, loss, or accidental deletion, the system can be quickly restored based on the previous backup data, reducing downtime and minimizing losses.
Therefore, backup and restore are vital as the last line of defense for maintaining system stability and ensuring data security.
Backups are typically classified into three types: full backups, incremental backups, and differential backups. Currently, AI platform supports full backups and incremental backups.
The backup and restore provided by AI platform can be divided into two categories: Application Backup and ETCD Backup. It supports both manual backups and scheduled automatic backups using CronJobs.
Application Backup
Application backup refers to backing up data of a specific workload in the cluster and then restoring that data either within the same cluster or in another cluster. It supports backing up all resources under a namespace or filtering resources by specific labels.
Application backup also supports cross-cluster backup of stateful applications. For detailed steps, refer to the Backup and Restore MySQL Applications and Data Across Clusters guide.
etcd Backup
etcd is the data storage component of Kubernetes. Kubernetes stores its own component's data and application data in etcd. Therefore, backing up etcd is equivalent to backing up the entire cluster's data, allowing quick restoration of the cluster to a previous state in case of failures.
It's worth noting that currently, restoring etcd backup data is only supported within the same cluster (the original cluster). To learn more about related best practices, refer to the ETCD Backup and Restore guide.
This article explains how to backup applications in AI platform. The demo application used in this tutorial is called dao-2048 , which is a deployment.
"},{"location":"en/admin/kpanda/backup/deployment.html#prerequisites","title":"Prerequisites","text":"Before backing up a deployment, the following prerequisites must be met:
Integrate a Kubernetes cluster or create a Kubernetes cluster in the Container Management module, and be able to access the UI interface of the cluster.
Create a Namespace and a user.
The current operating user should have NS Editor or higher permissions, for details, refer to Namespace Authorization.
Install the velero component, and ensure the velero component is running properly.
Create a deployment (the workload in this tutorial is named dao-2048 ), and label the deployment with app: dao-2048 .
Follow the steps below to backup the deployment dao-2048 .
Enter the Container Management module, click Backup Recovery -> Application Backup on the left navigation bar, and enter the Application Backup list page.
On the Application Backup list page, select the cluster where the velero and dao-2048 applications have been installed. Click Backup Plan in the upper right corner to create a new backup cluster.
Refer to the instructions below to fill in the backup configuration.
Refer to the instructions below to set the backup execution frequency, and then click Next .
*
, after inputting the expression, the meaning of the current expression will be prompted. For detailed expression syntax rules, refer to Cron Schedule Syntax.Backup Volume (PV): Whether to back up the data in the volume (PV), support direct copy and use CSI snapshot.
Click OK , the page will automatically return to the application backup plan list, find the newly created dao-2048 backup plan, and perform the Immediate Execution operation.
At this point, the Last Execution State of the cluster will change to in progress . After the backup is complete, you can click the name of the backup plan to view the details of the backup plan.
etcd backup is based on cluster data as the core backup. In cases such as hardware device damage, development and test configuration errors, etc., the backup cluster data can be restored through etcd backup.
This section will introduce how to realize the etcd backup for clusters. Also see etcd Backup and Restore Best Practices.
"},{"location":"en/admin/kpanda/backup/etcd-backup.html#prerequisites","title":"Prerequisites","text":"Integrated the Kubernetes cluster or created the Kubernetes cluster, and you can access the UI interface of the cluster.
Created a namespace, user, and granted NS Admin
or higher permissions to the user. For details, refer to Namespace Authorization.
Prepared a MinIO instance. It is recommended to create it through AI platform's MinIO middleware. For specific steps, refer to MinIO Object Storage.
Follow the steps below to create an etcd backup.
Enter Container Management -> Backup Recovery -> etcd Backup page, you can see all the current backup policies. Click Create Backup Policy on the right.
Fill in the Basic Information. Then, click Next to automatically verify the connectivity of etcd. If the verification passes, proceed to the next step.
Enter etcd, and the format is https://${NodeIP}:${Port}
.
Find the etcd Pod in the kube-system namespace
kubectl get po -n kube-system | grep etcd\n
Get the port number from the listen-client-urls of the etcd Pod
kubectl get po -n kube-system ${etcd_pod_name} -oyaml | grep listen-client-urls # (1)!\n
The expected output is as follows, where the number after the node IP is the port number:
- --listen-client-urls=https://127.0.0.1:2379,https://10.6.229.191:2379\n
Fill in the CA certificate, you can use the following command to view the certificate content. Then, copy and paste it to the proper location:
Standard Kubernetes ClusterSuanova 4.0 Clustercat /etc/kubernetes/ssl/etcd/ca.crt\n
cat /etc/daocloud/dce/certs/ca.crt\n
Fill in the Cert certificate, you can use the following command to view the content of the certificate. Then, copy and paste it to the proper location:
Standard Kubernetes ClusterSuanova 4.0 Clustercat /etc/kubernetes/ssl/apiserver-etcd-client.crt\n
cat /etc/daocloud/dce/certs/etcd/server.crt\n
Fill in the Key, you can use the following command to view the content of the certificate and copy and paste it to the proper location:
Standard Kubernetes ClusterSuanova 4.0 Clustercat /etc/kubernetes/ssl/apiserver-etcd-client.key\n
cat /etc/daocloud/dce/certs/etcd/server.key\n
Note
Click How to get below the input box to see how to obtain the proper information on the UI page.
Refer to the following information to fill in the Backup Policy.
Backup Method: Choose either manual backup or scheduled backup
Backup Chain Length: the maximum number of backup data to retain. The default is 30.
Refer to the following information to fill in the Storage Path.
After clicking OK , the page will automatically redirect to the backup policy list, where you can view all the currently created ones.
Click Logs to view the log content. By default, 100 lines are displayed. If you want to see more log information or download the logs, you can follow the prompts above the logs to go to the observability module.
"},{"location":"en/admin/kpanda/backup/etcd-backup.html#view-backup-policy-details","title":"View Backup POlicy Details","text":"Go to Container Management -> Backup Recovery -> etcd Backup , click the Backup Policy tab, and then click the policy to view the details.
"},{"location":"en/admin/kpanda/backup/etcd-backup.html#view-recovery-point","title":"View Recovery Point","text":"After selecting the target cluster, you can view all the backup information under that cluster.
Each time a backup is executed, a proper recovery point is generated, which can be used to quickly restore the application from a successful recovery point.
velero is an open source tool for backing up and restoring Kubernetes cluster resources. It can back up resources in a Kubernetes cluster to cloud storage services, local storage, or other locations, and restore those resources to the same or a different cluster when needed.
This section introduces how to deploy the Velero plugin in AI platform using the Helm Apps.
"},{"location":"en/admin/kpanda/backup/install-velero.html#prerequisites","title":"Prerequisites","text":"Before installing the velero plugin, the following prerequisites need to be met:
Please perform the following steps to install the velero plugin for your cluster.
On the cluster list page, find the target cluster that needs to install the velero plugin, click the name of the cluster, click Helm Apps -> Helm chart in the left navigation bar, and enter velero in the search bar to search .
Read the introduction of the velero plugin, select the version and click the Install button. This page will take 5.2.0 version as an example to install, and it is recommended that you install 5.2.0 and later versions.
Configure basic info .
Note
After enabling Ready Wait and/or Failed Delete , it takes a long time for the app to be marked as Running .
Configure Velero chart Parameter Settings according to the following instructions
S3 Credentials: Configure the authentication information of object storage (minio).
Use existing secret parameter example is as follows:
[default]\naws_access_key_id = minio\naws_secret_access_key = minio123\n
BackupStorageLocation: The location where Velero backs up data.
S3 Configs: Detailed configuration of S3 storage (minio).
Click the OK button to complete the installation of the Velero plugin. The system will automatically jump to the Helm Apps list page. After waiting for a few minutes, refresh the page, and you can see the application just installed.
This article provides a step-by-step guide on how to manually scale the control nodes in a worker cluster to achieve high availability for self-built clusters.
Note
It is recommended to enable high availability mode when creating the worker cluster in the interface. Manually scaling the control nodes of the worker cluster involves certain operational risks, so please proceed with caution.
"},{"location":"en/admin/kpanda/best-practice/add-master-node.html#prerequisites","title":"Prerequisites","text":"Note
Managed cluster refers to the cluster specified during the creation of the worker cluster, which provides capabilities such as Kubernetes version upgrades, node scaling, uninstallation, and operation records for the current cluster.
"},{"location":"en/admin/kpanda/best-practice/add-master-node.html#modify-the-host-manifest","title":"Modify the Host manifest","text":"Log in to the container management platform and go to the overview page of the cluster where you want to scale the control nodes. In the Basic Information section, locate the Managed Cluster of the current cluster and click its name to enter the overview page.
In the overview page of the managed cluster, click Console to open the cloud terminal console. Run the following command to find the host manifest of the worker cluster that needs to be scaled.
kubectl get cm -n kubean-system ${ClusterName}-hosts-conf -oyaml\n
${ClusterName}
is the name of the worker cluster to be scaled.
Modify the host manifest file based on the example below and add information for the controller nodes.
Before ModificationAfter ModificationapiVersion: v1\nkind: ConfigMap\nmetadata:\n name: tanghai-dev-hosts-conf\n namespace: kubean-system\ndata:\n hosts.yml: |\n all:\n hosts:\n node1:\n ip: 10.6.175.10 \n access_ip: 10.6.175.10\n ansible_host: 10.6.175.10 \n ansible_connection: ssh\n ansible_user: root\n ansible_password: password01\n children:\n kube_control_plane:\n hosts:\n node1:\n kube_node:\n hosts:\n node1:\n etcd:\n hosts:\n node1:\n k8s_cluster:\n children:\n kube_control_plane:\n kube_node:\n calico_rr:\n hosts: {}\n......\n
apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: tanghai-dev-hosts-conf\n namespace: kubean-system\ndata:\n hosts.yml: |\n all:\n hosts:\n node1:\n ip: 10.6.175.10\n access_ip: 10.6.175.10 \n ansible_host: 10.6.175.10\n ansible_connection: ssh\n ansible_user: root\n ansible_password: password01\n node2: # Add controller node2\n ip: 10.6.175.20\n access_ip: 10.6.175.20\n ansible_host: 10.6.175.20\n ansible_connection: ssh\n ansible_user: root\n ansible_password: password01\n node3:\n ip: 10.6.175.30 \n access_ip: 10.6.175.30\n ansible_host: 10.6.175.30 \n ansible_connection: ssh\n ansible_user: root\n ansible_password: password01\n children:\n kube_control_plane:\n hosts:\n node1:\n node2: # Add controller node2\n node3: # Add controller node3\n kube_node:\n hosts:\n node1:\n node2: # Add controller node2\n node3: # Add controller node3\n etcd:\n hosts:\n node1:\n node2: # Add controller node2\n node3: # Add controller node3\n k8s_cluster:\n children:\n kube_control_plane:\n kube_node:\n calico_rr:\n hosts: {}\n
Important Parameters:
all.hosts.node1
: Existing master node in the original clusterall.hosts.node2
, all.hosts.node3
: Control nodes to be added during cluster scalingall.children.kube_control_plane.hosts
: Control plane group in the clusterall.children.kube_node.hosts
: Worker node group in the clusterall.children.etcd.hosts
: ETCD node group in the clusterUse the following ClusterOperation.yml
template to add a cluster control node expansion task called \"scale-master-node-ops.yaml\".
apiVersion: kubean.io/v1alpha1\nkind: ClusterOperation\nmetadata:\n name: cluster1-online-install-ops\nspec:\n cluster: ${cluster-name} # Specify cluster name\n image: ghcr.m.daocloud.io/kubean-io/spray-job:v0.18.0 # Specify the image for the kubean job\n actionType: playbook\n action: cluster.yml\n extraArgs: --limit=etcd,kube_control_plane -e ignore_assert_errors=yes\n preHook:\n - actionType: playbook\n action: ping.yml\n - actionType: playbook\n action: disable-firewalld.yml\n - actionType: playbook\n action: enable-repo.yml # In an offline environment, you need to add this yaml and\n # set the correct repo-list (for installing operating system packages).\n # The following parameter values are for reference only.\n extraArgs: |\n -e \"{repo_list: ['http://172.30.41.0:9000/kubean/centos/\\$releasever/os/\\$basearch','http://172.30.41.0:9000/kubean/centos-iso/\\$releasever/os/\\$basearch']}\"\n postHook:\n - actionType: playbook\n action: upgrade-cluster.yml\n extraArgs: --limit=etcd,kube_control_plane -e ignore_assert_errors=yes\n - actionType: playbook\n action: kubeconfig.yml\n - actionType: playbook\n action: cluster-info.yml\n
Note
-e etcd_retries=10
should be added to cluster.yaml to increase etcd node join retry times--limit=etcd,kube_control_plane -e ignore_assert_errors=yes
--limit=etcd,kube_control_plane -e ignore_assert_errors=yes
Create and deploy scale-master-node-ops.yaml based on the above configuration.
# Copy the above manifest\nvi scale-master-node-ops.yaml\nkubectl apply -f scale-master-node-ops.yaml -n kubean-system\n
Perform the following command to verify it.
kubectl get node\n
"},{"location":"en/admin/kpanda/best-practice/add-worker-node-on-global.html","title":"Scaling the Worker Nodes of the Global Service Cluster","text":"This page introduces how to manually scale the worker nodes of the global service cluster in offline mode. By default, it is not recommended to scale the global service cluster after deploying AI platform. Please ensure proper resource planning before deploying AI platform.
Note
The controller node of the global service cluster do not support scaling.
"},{"location":"en/admin/kpanda/best-practice/add-worker-node-on-global.html#prerequisites","title":"Prerequisites","text":"Run the following command to log in to the bootstrap node:
ssh root@bootstrap-node-ip-address\n
On the bootstrap node, run the following command to get the CONTAINER ID
of the kind cluster:
[root@localhost ~]# podman ps\n\n# Expected output:\nCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES\n220d662b1b6a docker.m.daocloud.io/kindest/node:v1.26.2 2 weeks ago Up 2 weeks 0.0.0.0:443->30443/tcp, 0.0.0.0:8081->30081/tcp, 0.0.0.0:9000-9001->32000-32001/tcp, 0.0.0.0:36674->6443/tcp my-cluster-installer-control-plane\n
Run the following command to enter a container in the kind cluster:
podman exec -it {CONTAINER ID} bash\n
Replace {CONTAINER ID}
with your actual container ID.
Inside the container of the kind cluster, run the following command to get the kubeconfig information for the kind cluster:
kubectl config view --minify --flatten --raw\n
After the console output, copy the kubeconfig information of the kind cluster for the next step.
cluster.kubean.io
resources in the kind cluster on the bootstrap node","text":"Use the command podman exec -it {CONTAINER ID} bash
to enter the kind cluster container.
Inside the kind cluster container, run the following command to get the kind cluster name:
kubectl get clusters\n
Copy and run the following command within the kind cluster to create the cluster.kubean.io
resource:
kubectl apply -f - <<EOF\napiVersion: kubean.io/v1alpha1\nkind: Cluster\nmetadata:\n labels:\n clusterName: kpanda-global-cluster\n name: kpanda-global-cluster\nspec:\n hostsConfRef:\n name: my-cluster-hosts-conf\n namespace: kubean-system\n kubeconfRef:\n name: my-cluster-kubeconf\n namespace: kubean-system\n varsConfRef:\n name: my-cluster-vars-conf\n namespace: kubean-system\nEOF\n
Note
The default cluster name for spec.hostsConfRef.name
, spec.kubeconfRef.name
, and spec.varsConfRef.name
is my-cluster
. Please replace it with the kind cluster name obtained in the previous step.
Run the following command in the kind cluster to verify if the cluster.kubean.io
resource is created successfully:
kubectl get clusters\n
Expected output is:
NAME AGE\nkpanda-global-cluster 3s\nmy-cluster 16d\n
Run the following command to log in to one of the controller nodes of the global service cluster:
ssh root@<global-service-cluster-controller-node-IP>\n
On the global service cluster controller node, run the following command to copy the containerd configuration file config.toml from the controller node to the bootstrap node:
scp /etc/containerd/config.toml root@<bootstrap-node-IP>:/root\n
On the bootstrap node, select the insecure registry section from the containerd configuration file config.toml that was copied from the controller node, and add it to the config.toml in the kind cluster.
An example of the insecure registry section is as follows:
[plugins.\"io.containerd.grpc.v1.cri\".registry]\n [plugins.\"io.containerd.grpc.v1.cri\".registry.mirrors]\n [plugins.\"io.containerd.grpc.v1.cri\".registry.mirrors.\"10.6.202.20\"]\n endpoint = [\"https://10.6.202.20\"]\n [plugins.\"io.containerd.grpc.v1.cri\".registry.configs.\"10.6.202.20\".tls]\n insecure_skip_verify = true\n
Note
Since the config.toml
file in the kind cluster cannot be modified directly, you can first copy the file out to modify it and then copy it back to the kind cluster. The steps are as follows:
Run the following command on the bootstrap node to copy the file out:
podman cp {CONTAINER ID}:/etc/containerd/config.toml ./config.toml.kind\n
Run the following command to edit the config.toml
file:
vim ./config.toml.kind\n
After modifying the file, copy it back to the kind cluster by running the following command:
podman cp ./config.toml.kind {CONTAINER ID}:/etc/containerd/config.toml\n
{CONTAINER ID} should be replaced with your actual container ID.
Run the following command within the kind cluster to restart the containerd service:
systemctl restart containerd\n
Log in to AI platform, navigate to Container Management, and on the right side of the cluster list, click the Integrate Cluster button.
In the integration configuration section, fill in and edit the kubeconfig of the Kind cluster.
apiVersion: v1\nclusters:\n- cluster:\n insecure-skip-tls-verify: true # (1)!\n certificate-authority-data: LS0TLSCFDFWEFEWFEWFGGEWGFWFEWGWEGFEWGEWGSDGFSDSD\n server: https://my-cluster-installer-control-plane:6443 # (2)!\nname: my-cluster-installer\ncontexts:\n- context:\n cluster: my-cluster-installer\n user: kubernetes-admin\nname: kubernetes-admin@my-cluster-installer\ncurrent-context: kubernetes-admin@my-cluster-installer\nkind: Config\npreferences: {}\nusers:\n
podman ps|grep 6443
to check the mapped port).Click the OK to complete the integration of the Kind cluster.
Log in to AI platform, navigate to Container Management, find the kapnda-global-cluster , and in the right-side, find the Basic Configuration menu options.
In the Basic Configuration page, add the label kpanda.io/managed-by=my-cluster
for the global service cluster:
Note
The value in the label kpanda.io/managed-by=my-cluster
corresponds to the name of the cluster specified during the integration process, which defaults to my-cluster
. Please adjust this according to your actual situation.
Go to the node list page of the global service cluster, find the Integrate Node button on the right side of the node list, and click to enter the node configuration page.
After filling in the IP and authentication information of the node to be integrated, click Start Check . Once the node check is completed, click Next .
Add the following custom parameters in the Custom Parameters section:
download_run_once: false\ndownload_container: false\ndownload_force_cache: false\ndownload_localhost: false\n
Click the OK button and wait for the node to be added.
This demonstration will show how to use the application backup feature in AI platform to perform cross-cluster backup migration for a stateful application.
Note
The current operator should have admin privileges on the AI platform.
"},{"location":"en/admin/kpanda/best-practice/backup-mysql-on-nfs.html#prepare-the-demonstration-environment","title":"Prepare the Demonstration Environment","text":""},{"location":"en/admin/kpanda/best-practice/backup-mysql-on-nfs.html#prepare-two-clusters","title":"Prepare Two Clusters","text":"main-cluster will be the source cluster for backup data, and recovery-cluster will be the target cluster for data recovery.
Cluster IP Nodes main-cluster 10.6.175.100 1 node recovery-cluster 10.6.175.110 1 node"},{"location":"en/admin/kpanda/best-practice/backup-mysql-on-nfs.html#set-up-minio-configuration","title":"Set Up MinIO Configuration","text":"MinIO Server Address Bucket Username Password http://10.7.209.110:9000 mysql-demo root dangerous"},{"location":"en/admin/kpanda/best-practice/backup-mysql-on-nfs.html#deploy-nfs-storage-service-in-both-clusters","title":"Deploy NFS Storage Service in Both Clusters","text":"Note
NFS storage service needs to be deployed on all nodes in both the source and target clusters.
Install the dependencies required for NFS on all nodes in both clusters.
yum install nfs-utils iscsi-initiator-utils nfs-utils iscsi-initiator-utils nfs-utils iscsi-initiator-utils -y\n
Expected output
[root@g-master1 ~]# kubectl apply -f nfs.yaml\nclusterrole.rbac.authorization.k8s.io/nfs-provisioner-runner created\nclusterrolebinding.rbac.authorization.k8s.io/run-nfs-provisioner created\nrole.rbac.authorization.k8s.io/leader-locking-nfs-provisioner created\nrolebinding.rbac.authorization.k8s.io/leader-locking-nfs-provisioner created\nserviceaccount/nfs-provisioner created\nservice/nfs-provisioner created\ndeployment.apps/nfs-provisioner created\nstorageclass.storage.k8s.io/nfs created\n
Prepare NFS storage service for the MySQL application.
Log in to any control node of both main-cluster and recovery-cluster . Use the command vi nfs.yaml to create a file named nfs.yaml on the node, and copy the following YAML content into the nfs.yaml file.
<details>\n<summary>nfs.yaml</summary>\n```yaml\nkind: ClusterRole\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\nname: nfs-provisioner-runner\nnamespace: nfs-system\nrules:\n- apiGroups: [\"\"]\n resources: [\"persistentvolumes\"]\n verbs: [\"get\", \"list\", \"watch\", \"create\", \"delete\"]\n- apiGroups: [\"\"]\n resources: [\"persistentvolumeclaims\"]\n verbs: [\"get\", \"list\", \"watch\", \"update\"]\n- apiGroups: [\"storage.k8s.io\"]\n resources: [\"storageclasses\"]\n verbs: [\"get\", \"list\", \"watch\"]\n- apiGroups: [\"\"]\n resources: [\"events\"]\n verbs: [\"create\", \"update\", \"patch\"]\n- apiGroups: [\"\"]\n resources: [\"services\", \"endpoints\"]\n verbs: [\"get\"]\n- apiGroups: [\"extensions\"]\n resources: [\"podsecuritypolicies\"]\n resourceNames: [\"nfs-provisioner\"]\n verbs: [\"use\"]\n---\nkind: ClusterRoleBinding\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\nname: run-nfs-provisioner\nsubjects:\n- kind: ServiceAccount\n name: nfs-provisioner\n # replace with namespace where provisioner is deployed\n namespace: default\nroleRef:\nkind: ClusterRole\nname: nfs-provisioner-runner\napiGroup: rbac.authorization.k8s.io\n---\nkind: Role\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\nname: leader-locking-nfs-provisioner\nrules:\n- apiGroups: [\"\"]\n resources: [\"endpoints\"]\n verbs: [\"get\", \"list\", \"watch\", \"create\", \"update\", \"patch\"]\n---\nkind: RoleBinding\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\nname: leader-locking-nfs-provisioner\nsubjects:\n- kind: ServiceAccount\n name: nfs-provisioner\n # replace with namespace where provisioner is deployed\n namespace: default\nroleRef:\nkind: Role\nname: leader-locking-nfs-provisioner\napiGroup: rbac.authorization.k8s.io\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\nname: nfs-provisioner\n---\nkind: Service\napiVersion: v1\nmetadata:\nname: nfs-provisioner\nlabels:\n app: nfs-provisioner\nspec:\nports:\n - name: nfs\n port: 2049\n - name: nfs-udp\n port: 2049\n protocol: UDP\n - name: nlockmgr\n port: 32803\n - name: nlockmgr-udp\n port: 32803\n protocol: UDP\n - name: mountd\n port: 20048\n - name: mountd-udp\n port: 20048\n protocol: UDP\n - name: rquotad\n port: 875\n - name: rquotad-udp\n port: 875\n protocol: UDP\n - name: rpcbind\n port: 111\n - name: rpcbind-udp\n port: 111\n protocol: UDP\n - name: statd\n port: 662\n - name: statd-udp\n port: 662\n protocol: UDP\nselector:\n app: nfs-provisioner\n---\nkind: Deployment\napiVersion: apps/v1\nmetadata:\nname: nfs-provisioner\nspec:\nselector:\n matchLabels:\n app: nfs-provisioner\nreplicas: 1\nstrategy:\n type: Recreate\ntemplate:\n metadata:\n labels:\n app: nfs-provisioner\n spec:\n serviceAccount: nfs-provisioner\n containers:\n - name: nfs-provisioner\n resources:\n limits:\n cpu: \"1\"\n memory: \"4294967296\"\n image: release.daocloud.io/velero/nfs-provisioner:v3.0.0\n ports:\n - name: nfs\n containerPort: 2049\n - name: nfs-udp\n containerPort: 2049\n protocol: UDP\n - name: nlockmgr\n containerPort: 32803\n - name: nlockmgr-udp\n containerPort: 32803\n protocol: UDP\n - name: mountd\n containerPort: 20048\n - name: mountd-udp\n containerPort: 20048\n protocol: UDP\n - name: rquotad\n containerPort: 875\n - name: rquotad-udp\n containerPort: 875\n protocol: UDP\n - name: rpcbind\n containerPort: 111\n - name: rpcbind-udp\n containerPort: 111\n protocol: UDP\n - name: statd\n containerPort: 662\n - name: statd-udp\n containerPort: 662\n protocol: UDP\n securityContext:\n capabilities:\n add:\n - DAC_READ_SEARCH\n - SYS_RESOURCE\n args:\n - \"-provisioner=example.com/nfs\"\n env:\n - name: POD_IP\n valueFrom:\n fieldRef:\n fieldPath: status.podIP\n - name: SERVICE_NAME\n value: nfs-provisioner\n - name: POD_NAMESPACE\n valueFrom:\n fieldRef:\n fieldPath: metadata.namespace\n imagePullPolicy: \"IfNotPresent\"\n volumeMounts:\n - name: export-volume\n mountPath: /export\n volumes:\n - name: export-volume\n hostPath:\n path: /data\n---\nkind: StorageClass\napiVersion: storage.k8s.io/v1\nmetadata:\nname: nfs\nprovisioner: example.com/nfs\nmountOptions:\n- vers=4.1\n```\n</details>\n
Run the nfs.yaml file on the control nodes of both clusters.
kubectl apply -f nfs.yaml\n
Check the status of the NFS Pod and wait for its status to become running (approximately 2 minutes).
kubectl get pod -n nfs-system -owide\n
Expected output
[root@g-master1 ~]# kubectl get pod -owide\nNAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES\nnfs-provisioner-7dfb9bcc45-74ws2 1/1 Running 0 4m45s 10.6.175.100 g-master1 <none> <none>\n
Prepare a PVC (Persistent Volume Claim) based on NFS storage for the MySQL application to store its data.
Use the command vi pvc.yaml to create a file named pvc.yaml on the node, and copy the following YAML content into the pvc.yaml file.
pvc.yaml
apiVersion: v1\nkind: PersistentVolumeClaim\nmetadata:\n name: mydata\n namespace: default\nspec:\n accessModes:\n - ReadWriteOnce\n resources:\n requests:\n storage: \"1Gi\"\n storageClassName: nfs\n volumeMode: Filesystem\n
Run the pvc.yaml file using the kubectl tool on the node.
kubectl apply -f pvc.yaml\n
Expected output
[root@g-master1 ~]# kubectl apply -f pvc.yaml\npersistentvolumeclaim/mydata created\n
Deploy the MySQL application.
Use the command vi mysql.yaml to create a file named mysql.yaml on the node, and copy the following YAML content into the mysql.yaml file.
mysql.yaml
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n labels:\n app: mysql-deploy\n name: mysql-deploy\n namespace: default\nspec:\n progressDeadlineSeconds: 600\n replicas: 1\n revisionHistoryLimit: 10\n selector:\n matchLabels:\n app: mysql-deploy\n strategy:\n rollingUpdate:\n maxSurge: 25%\n maxUnavailable: 25%\n type: RollingUpdate\n template:\n metadata:\n creationTimestamp: null\n labels:\n app: mysql-deploy\n name: mysql-deploy\n spec:\n containers:\n - args:\n - --ignore-db-dir=lost+found\n env:\n - name: MYSQL_ROOT_PASSWORD\n value: dangerous\n image: release.daocloud.io/velero/mysql:5\n imagePullPolicy: IfNotPresent\n name: mysql-deploy\n ports:\n - containerPort: 3306\n protocol: TCP\n resources:\n limits:\n cpu: \"1\"\n memory: \"4294967296\"\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n volumeMounts:\n - mountPath: /var/lib/mysql\n name: data\n dnsPolicy: ClusterFirst\n restartPolicy: Always\n schedulerName: default-scheduler\n securityContext:\n fsGroup: 999\n terminationGracePeriodSeconds: 30\n volumes:\n - name: data\n persistentVolumeClaim:\n claimName: mydata\n
Run the mysql.yaml file using the kubectl tool on the node.
kubectl apply -f mysql.yaml\n
Expected output
[root@g-master1 ~]# kubectl apply -f mysql.yaml\ndeployment.apps/mysql-deploy created\n
Check the status of the MySQL Pod.
Run kubectl get pod | grep mysql
to view the status of the MySQL Pod and wait for its status to become running (approximately 2 minutes).
Expected output
[root@g-master1 ~]# kubectl get pod |grep mysql\nmysql-deploy-5d6f94cb5c-gkrks 1/1 Running 0 2m53s\n
Note
Write data to the MySQL application.
To verify the success of the data migration later, you can use a script to write test data to the MySQL application.
Use the command vi insert.sh to create a script named insert.sh on the node, and copy the following content into the script.
insert.sh
#!/bin/bash\n\nfunction rand(){\n min=$1\n max=$(($2-$min+1))\n num=$(date +%s%N)\n echo $(($num%$max+$min))\n}\n\nfunction insert(){\n user=$(date +%s%N | md5sum | cut -c 1-9)\n age=$(rand 1 100)\n\n sql=\"INSERT INTO test.users(user_name, age)VALUES('${user}', ${age});\"\n echo -e ${sql}\n\n kubectl exec deploy/mysql-deploy -- mysql -uroot -pdangerous -e \"${sql}\"\n\n}\n\nkubectl exec deploy/mysql-deploy -- mysql -uroot -pdangerous -e \"CREATE DATABASE IF NOT EXISTS test;\"\nkubectl exec deploy/mysql-deploy -- mysql -uroot -pdangerous -e \"CREATE TABLE IF NOT EXISTS test.users(user_name VARCHAR(10) NOT NULL,age INT UNSIGNED)ENGINE=InnoDB DEFAULT CHARSET=utf8;\"\n\nwhile true;do\n insert\n sleep 1\ndone\n
Add permission to insert.sh and run this script.
[root@g-master1 ~]# chmod +x insert.sh\n[root@g-master1 ~]# ./insert.sh\n
Expected output
mysql: [Warning] Using a password on the command line interface can be insecure.\nmysql: [Warning] Using a password on the command line interface can be insecure.\nINSERT INTO test.users(user_name, age)VALUES('dc09195ba', 10);\nmysql: [Warning] Using a password on the command line interface can be insecure.\nINSERT INTO test.users(user_name, age)VALUES('80ab6aa28', 70);\nmysql: [Warning] Using a password on the command line interface can be insecure.\nINSERT INTO test.users(user_name, age)VALUES('f488e3d46', 23);\nmysql: [Warning] Using a password on the command line interface can be insecure.\nINSERT INTO test.users(user_name, age)VALUES('e6098695c', 93);\nmysql: [Warning] Using a password on the command line interface can be insecure.\nINSERT INTO test.users(user_name, age)VALUES('eda563e7d', 63);\nmysql: [Warning] Using a password on the command line interface can be insecure.\nINSERT INTO test.users(user_name, age)VALUES('a4d1b8d68', 17);\nmysql: [Warning] Using a password on the command line interface can be insecure.\n
Press Ctrl + C on the keyboard simultaneously to pause the script execution.
Go to the MySQL Pod and check the data written in MySQL.
kubectl exec deploy/mysql-deploy -- mysql -uroot -pdangerous -e \"SELECT * FROM test.users;\"\n
Expected output
[root@g-master1 ~]# kubectl exec deploy/mysql-deploy -- mysql -uroot -pdangerous -e \"SELECT * FROM test.users;\"\nmysql: [Warning] Using a password on the command line interface can be insecure.\nuser_name age\ndc09195ba 10\n80ab6aa28 70\nf488e3d46 23\ne6098695c 93\neda563e7d 63\na4d1b8d68 17\nea47546d9 86\na34311f2e 47\n740cefe17 33\nede85ea28 65\nb6d0d6a0e 46\nf0eb38e50 44\nc9d2f28f5 72\n8ddaafc6f 31\n3ae078d0e 23\n6e041631e 96\n
Note
The velero plugin needs to be installed on both the source and target clusters.
Refer to the Install Velero Plugin documentation and the MinIO configuration below to install the velero plugin on the main-cluster and recovery-cluster .
MinIO Server Address Bucket Username Password http://10.7.209.110:9000 mysql-demo root dangerousNote
When installing the plugin, replace S3url with the MinIO server address prepared for this demonstration, and replace the bucket with an existing bucket in MinIO.
"},{"location":"en/admin/kpanda/best-practice/backup-mysql-on-nfs.html#backup-mysql-application-and-data","title":"Backup MySQL Application and Data","text":"Add a unique label, backup=mysql , to the MySQL application and PVC data. This will facilitate resource selection during backup.
kubectl label deploy mysql-deploy backup=mysql # Add label to mysql-deploy\nkubectl label pod mysql-deploy-5d6f94cb5c-gkrks backup=mysql # Add label to mysql pod\nkubectl label pvc mydata backup=mysql # Add label to mysql pvc\n
Refer to the steps described in Application Backup and the parameters below to create an application backup.
Name: backup-mysql (can be customized)
Fill in the parameters based on the following instructions:
Name: restore-mysql (can be customized)
Log in to the control plane of recovery-cluster , check if mysql-deploy is successfully backed up in the current cluster.
kubectl get pod\n
Expected output\u5982\u4e0b\uff1a
NAME READY STATUS RESTARTS AGE\nmysql-deploy-5798f5d4b8-62k6c 1/1 Running 0 24h\n
Check if the data in MySQL datasheet is restored or not.
kubectl exec deploy/mysql-deploy -- mysql -uroot -pdangerous -e \"SELECT * FROM test.users;\"\n
Expected output is as follows\uff1a
[root@g-master1 ~]# kubectl exec deploy/mysql-deploy -- mysql -uroot -pdangerous -e \"SELECT * FROM test.users;\"\nmysql: [Warning] Using a password on the command line interface can be insecure.\nuser_name age\ndc09195ba 10\n80ab6aa28 70\nf488e3d46 23\ne6098695c 93\neda563e7d 63\na4d1b8d68 17\nea47546d9 86\na34311f2e 47\n740cefe17 33\nede85ea28 65\nb6d0d6a0e 46\nf0eb38e50 44\nc9d2f28f5 72\n8ddaafc6f 31\n3ae078d0e 23\n6e041631e 96\n
Success
As you can see, the data in the Pod is consistent with the data inside the Pods in the main-cluster . This indicates that the MySQL application and its data from the main-cluster have been successfully recovered to the recovery-cluster cluster.
This article explains how to create a RedHat 9.2 worker cluster on an existing CentOS management platform.
Note
This article only applies to the offline mode, using the AI platform to create a worker cluster. The architecture of the management platform and the cluster to be created are both AMD. When creating a cluster, heterogeneous deployment (mixing AMD and ARM) is not supported. After the cluster is created, you can use the method of connecting heterogeneous nodes to achieve mixed deployment and management of the cluster.
"},{"location":"en/admin/kpanda/best-practice/create-redhat9.2-on-centos-platform.html#prerequisites","title":"Prerequisites","text":"A AI platform full-mode has been deployed, and the spark node is still alive.
"},{"location":"en/admin/kpanda/best-practice/create-redhat9.2-on-centos-platform.html#download-and-import-redhat-offline-packages","title":"Download and Import RedHat Offline Packages","text":"Make sure you are logged into the spark node! And the clusterConfig.yaml file used when deploying AI platform is still available.
"},{"location":"en/admin/kpanda/best-practice/create-redhat9.2-on-centos-platform.html#download-the-relevant-redhat-offline-packages","title":"Download the Relevant RedHat Offline Packages","text":"Download the required RedHat OS package and ISO offline packages:
Resource Name Description Download Link os-pkgs-redhat9-v0.9.3.tar.gz RedHat9.2 OS-package package Download ISO Offline Package ISO package import script Go to RedHat Official Download Site import-iso ISO import script Download"},{"location":"en/admin/kpanda/best-practice/create-redhat9.2-on-centos-platform.html#import-the-os-package-to-the-minio-of-the-spark-node","title":"Import the OS Package to the MinIO of the Spark Node","text":"Extract the RedHat OS package
Execute the following command to extract the downloaded OS package. Here we download the RedHat OS package.
tar -xvf os-pkgs-redhat9-v0.9.3.tar.gz\n
The contents of the extracted OS package are as follows:
os-pkgs\n \u251c\u2500\u2500 import_ospkgs.sh # This script is used to import OS packages into the MinIO file service\n \u251c\u2500\u2500 os-pkgs-amd64.tar.gz # OS packages for the amd64 architecture\n \u251c\u2500\u2500 os-pkgs-arm64.tar.gz # OS packages for the arm64 architecture\n \u2514\u2500\u2500 os-pkgs.sha256sum.txt # sha256sum verification file of the OS packages\n
Import the OS Package to the MinIO of the Spark Node
Execute the following command to import the OS packages to the MinIO file service:
MINIO_USER=rootuser MINIO_PASS=rootpass123 ./import_ospkgs.sh http://127.0.0.1:9000 os-pkgs-redhat9-v0.9.3.tar.gz\n
Note
The above command is only applicable to the MinIO service built into the spark node. If an external MinIO is used, replace http://127.0.0.1:9000
with the access address of the external MinIO. \"rootuser\" and \"rootpass123\" are the default account and password of the MinIO service built into the spark node. \"os-pkgs-redhat9-v0.9.3.tar.gz\" is the name of the downloaded OS package offline package.
Execute the following command to import the ISO package to the MinIO file service:
MINIO_USER=rootuser MINIO_PASS=rootpass123 ./import_iso.sh http://127.0.0.1:9000 rhel-9.2-x86_64-dvd.iso\n
Note
The above command is only applicable to the MinIO service built into the spark node. If an external MinIO is used, replace http://127.0.0.1:9000
with the access address of the external MinIO. \"rootuser\" and \"rootpass123\" are the default account and password of the MinIO service built into the spark node. \"rhel-9.2-x86_64-dvd.iso\" is the name of the downloaded ISO offline package.
Refer to the document Creating a Worker Cluster to create a RedHat 9.2 cluster.
"},{"location":"en/admin/kpanda/best-practice/create-ubuntu-on-centos-platform.html","title":"Create an Ubuntu Worker Cluster on CentOS","text":"This page explains how to create an Ubuntu worker cluster on an existing CentOS.
Note
This page is specifically for the offline mode, using the AI platform to create a worker cluster, where both the CentOS platform and the worker cluster to be created are based on AMD architecture. Heterogeneous (mixed AMD and ARM) deployments are not supported during cluster creation; however, after the cluster is created, you can manage a mixed deployment by adding heterogeneous nodes.
"},{"location":"en/admin/kpanda/best-practice/create-ubuntu-on-centos-platform.html#prerequisite","title":"Prerequisite","text":"Please ensure you are logged into the bootstrap node! Also, make sure that the clusterConfig.yaml file used during the AI platform deployment is still available.
"},{"location":"en/admin/kpanda/best-practice/create-ubuntu-on-centos-platform.html#download-ubuntu-offline-packages","title":"Download Ubuntu Offline Packages","text":"Download the required Ubuntu OS packages and ISO offline packages:
Resource Name Description Download Link os-pkgs-ubuntu2204-v0.18.2.tar.gz Ubuntu 20.04 OS package https://github.com/kubean-io/kubean/releases/download/v0.18.2/os-pkgs-ubuntu2204-v0.18.2.tar.gz ISO Offline Package ISO Package http://mirrors.melbourne.co.uk/ubuntu-releases/"},{"location":"en/admin/kpanda/best-practice/create-ubuntu-on-centos-platform.html#create-cluster-on-ui","title":"Create Cluster on UI","text":"Refer to the documentation Creating a Worker Cluster to create the Ubuntu cluster.
"},{"location":"en/admin/kpanda/best-practice/etcd-backup.html","title":"etcd Backup and Restore","text":"Using the ETCD backup feature to create a backup policy, you can back up the etcd data of a specified cluster to S3 storage on a scheduled basis. This page focuses on how to restore the data that has been backed up to the current cluster.
Note
The following is a specific case to illustrate the whole process of backup and restore.
"},{"location":"en/admin/kpanda/best-practice/etcd-backup.html#environmental-information","title":"Environmental Information","text":"Begin with basic information about the target cluster and S3 storage for the restore. Here, MinIo is used as S3 storage, and the whole cluster has 3 control planes (3 etcd copies).
IP Host Role Remarks 10.6.212.10 host01 k8s-master01 k8s node 1 10.6.212.11 host02 k8s-master02 k8s node 2 10.6.212.12 host03 k8s-master03 k8s node 3 10.6.212.13 host04 minio minio service"},{"location":"en/admin/kpanda/best-practice/etcd-backup.html#prerequisites","title":"Prerequisites","text":""},{"location":"en/admin/kpanda/best-practice/etcd-backup.html#install-the-etcdbrctl-tool","title":"Install the etcdbrctl tool","text":"To implement ETCD data backup and restore, you need to install the etcdbrctl open source tool on any of the above k8s nodes. This tool does not have binary files for the time being and needs to be compiled by itself. Refer to the compilation mode.
After installation, use the following command to check whether the tool is available:
etcdbrctl -v\n
The expected output is as follows:
INFO[0000] etcd-backup-restore Version: v0.23.0-dev\nINFO[0000] Git SHA: b980beec\nINFO[0000] Go Version: go1.19.3\nINFO[0000] Go OS/Arch: linux/amd64\n
"},{"location":"en/admin/kpanda/best-practice/etcd-backup.html#check-the-backup-data","title":"Check the backup data","text":"You need to check the following before restoring:
Note
The backup of AI platform is a full data backup, and the full data of the last backup will be restored when restoring.
"},{"location":"en/admin/kpanda/best-practice/etcd-backup.html#shut-down-the-cluster","title":"Shut down the cluster","text":"Before backing up, the cluster must be shut down. The default clusters etcd and kube-apiserver are started as static pods. To close the cluster here means to move the static Pod manifest file out of the /etc/kubernetes/manifest directory, and the cluster will remove Pods to close the service.
First, delete the previous backup data. Removing the data does not delete the existing etcd data, but refers to modifying the name of the etcd data directory. Wait for the backup to be successfully restored before deleting this directory. The purpose of this is to also try to restore the current cluster if the etcd backup restore fails. This step needs to be performed for each node.
rm -rf /var/lib/etcd_bak\n
The service then needs to be shut down kube-apiserver to ensure that there are no new changes to the etcd data. This step needs to be performed for each node.
mv /etc/kubernetes/manifests/kube-apiserver.yaml /tmp/kube-apiserver.yaml\n
You also need to turn off the etcd service. This step needs to be performed for each node.
mv /etc/kubernetes/manifests/etcd.yaml /tmp/etcd.yaml\n
Ensure that all control plane kube-apiserver and etcd services are turned off.
After shutting down all the nodes, use the following command to check etcd the cluster status. This command can be executed at any node.
The endpoints value of needs to be replaced with the actual node name
etcdctl endpoint status --endpoints=controller-node-1:2379,controller-node-2:2379,controller-node-3:2379 -w table \\\n --cacert=\"/etc/kubernetes/ssl/etcd/ca.crt\" \\\n --cert=\"/etc/kubernetes/ssl/apiserver-etcd-client.crt\" \\\n --key=\"/etc/kubernetes/ssl/apiserver-etcd-client.key\"\n
The expected output is as follows, indicating that all etcd nodes have been destroyed:
{\"level\":\"warn\",\"ts\":\"2023-03-29T17:51:50.817+0800\",\"logger\":\"etcd-client\",\"caller\":\"v3@v3.5.6/retry_interceptor.go:62\",\"msg\":\"retrying of unary invoker failed\",\"target\":\"etcd-endpoints://0xc0001ba000/controller-node-1:2379\",\"attempt\":0,\"error\":\"rpc error: code = DeadlineExceeded desc = latest balancer error: last connection error: connection error: desc = \\\"transport: Error while dialing dial tcp 10.5.14.31:2379: connect: connection refused\\\"\"}\nFailed to get the status of endpoint controller-node-1:2379 (context deadline exceeded)\n{\"level\":\"warn\",\"ts\":\"2023-03-29T17:51:55.818+0800\",\"logger\":\"etcd-client\",\"caller\":\"v3@v3.5.6/retry_interceptor.go:62\",\"msg\":\"retrying of unary invoker failed\",\"target\":\"etcd-endpoints://0xc0001ba000/controller-node-2:2379\",\"attempt\":0,\"error\":\"rpc error: code = DeadlineExceeded desc = latest balancer error: last connection error: connection error: desc = \\\"transport: Error while dialing dial tcp 10.5.14.32:2379: connect: connection refused\\\"\"}\nFailed to get the status of endpoint controller-node-2:2379 (context deadline exceeded)\n{\"level\":\"warn\",\"ts\":\"2023-03-29T17:52:00.820+0800\",\"logger\":\"etcd-client\",\"caller\":\"v3@v3.5.6/retry_interceptor.go:62\",\"msg\":\"retrying of unary invoker failed\",\"target\":\"etcd-endpoints://0xc0001ba000/controller-node-1:2379\",\"attempt\":0,\"error\":\"rpc error: code = DeadlineExceeded desc = latest balancer error: last connection error: connection error: desc = \\\"transport: Error while dialing dial tcp 10.5.14.33:2379: connect: connection refused\\\"\"}\nFailed to get the status of endpoint controller-node-3:2379 (context deadline exceeded)\n+----------+----+---------+---------+-----------+------------+-----------+------------+--------------------+--------+\n| ENDPOINT | ID | VERSION | DB SIZE | IS LEADER | IS LEARNER | RAFT TERM | RAFT INDEX | RAFT APPLIED INDEX | ERRORS |\n+----------+----+---------+---------+-----------+------------+-----------+------------+--------------------+--------+\n+----------+----+---------+---------+-----------+------------+-----------+------------+--------------------+--------+\n
You only need to restore the data of one node, and the etcd data of other nodes will be automatically synchronized.
Set environment variables
Before restoring the data using etcdbrctl, run the following command to set the authentication information of the connection S3 as an environment variable:
export ECS_ENDPOINT=http://10.6.212.13:9000 # (1)\nexport ECS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE # (2)\nexport ECS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY # (3)\n
Perform the restore operation
Run the etcdbrctl command line tool to perform the restore, which is the most critical step.
etcdbrctl restore --data-dir /var/lib/etcd/ --store-container=\"etcd-backup\" \\ \n --storage-provider=ECS \\\n --initial-cluster=controller-node1=https://10.6.212.10:2380 \\\n --initial-advertise-peer-urls=https://10.6.212.10:2380 \n
The parameters are described as follows:
The expected output is as follows:
INFO[0000] Finding latest set of snapshot to recover from...\nINFO[0000] Restoring from base snapshot: Full-00000000-00111147-1679991074 actor=restorer\nINFO[0001] successfully fetched data of base snapshot in 1.241380207 seconds actor=restorer\n{\"level\":\"info\",\"ts\":1680011221.2511616,\"caller\":\"mvcc/kvstore.go:380\",\"msg\":\"restored last compact revision\",\"meta-bucket-name\":\"meta\",\"meta-bucket-name-key\":\"finishedCompactRev\",\"restored-compact-revision\":110327}\n{\"level\":\"info\",\"ts\":1680011221.3045986,\"caller\":\"membership/cluster.go:392\",\"msg\":\"added member\",\"cluster-id\":\"66638454b9dd7b8a\",\"local-member-id\":\"0\",\"added-peer-id\":\"123c2503a378fc46\",\"added-peer-peer-urls\":[\"https://10.6.212.10:2380\"]}\nINFO[0001] Starting embedded etcd server... actor=restorer\n\n....\n\n{\"level\":\"info\",\"ts\":\"2023-03-28T13:47:02.922Z\",\"caller\":\"embed/etcd.go:565\",\"msg\":\"stopped serving peer traffic\",\"address\":\"127.0.0.1:37161\"}\n{\"level\":\"info\",\"ts\":\"2023-03-28T13:47:02.922Z\",\"caller\":\"embed/etcd.go:367\",\"msg\":\"closed etcd server\",\"name\":\"default\",\"data-dir\":\"/var/lib/etcd\",\"advertise-peer-urls\":[\"http://localhost:0\"],\"advertise-client-urls\":[\"http://localhost:0\"]}\nINFO[0003] Successfully restored the etcd data directory.\n
!!! note \u201cYou can check the YAML file of etcd for comparison to avoid configuration errors\u201d
```shell\ncat /tmp/etcd.yaml | grep initial-\n- --experimental-initial-corrupt-check=true\n- --initial-advertise-peer-urls=https://10.6.212.10:2380\n- --initial-cluster=controller-node-1=https://10.6.212.10:2380\n```\n
The following command is executed on node 01 in order to restore the etcd service for node 01.
First, move the manifest file of etcd static Pod to the /etc/kubernetes/manifests directory, and kubelet will restart etcd:
mv /tmp/etcd.yaml /etc/kubernetes/manifests/etcd.yaml\n
Then wait for the etcd service to finish starting, and check the status of etcd. The default directory of etcd-related certificates is: /etc/kubernetes/ssl . If the cluster certificate is stored in another location, specify the proper path.
Check the etcd cluster list:
etcdctl member list -w table \\\n--cacert=\"/etc/kubernetes/ssl/etcd/ca.crt\" \\\n--cert=\"/etc/kubernetes/ssl/apiserver-etcd-client.crt\" \\\n--key=\"/etc/kubernetes/ssl/apiserver-etcd-client.key\" \n
The expected output is as follows:
+------------------+---------+-------------------+--------------------------+--------------------------+------------+\n| ID | STATUS | NAME | PEER ADDRS | CLIENT ADDRS | IS LEARNER |\n+------------------+---------+-------------------+--------------------------+--------------------------+------------+\n| 123c2503a378fc46 | started | controller-node-1 | https://10.6.212.10:2380 | https://10.6.212.10:2379 | false |\n+------------------+---------+-------------------+--------------------------+--------------------------+------------+\n
To view the status of controller-node-1:
etcdctl endpoint status --endpoints=controller-node-1:2379 -w table \\\n--cacert=\"/etc/kubernetes/ssl/etcd/ca.crt\" \\\n--cert=\"/etc/kubernetes/ssl/apiserver-etcd-client.crt\" \\\n--key=\"/etc/kubernetes/ssl/apiserver-etcd-client.key\"\n
The expected output is as follows:
+------------------------+------------------+---------+---------+-----------+------------+-----------+------------+--------------------+--------+\n| ENDPOINT | ID | VERSION | DB SIZE | IS LEADER | IS LEARNER | RAFT TERM | RAFT INDEX | RAFT APPLIED INDEX | ERRORS |\n+------------------------+------------------+---------+---------+-----------+------------+-----------+------------+--------------------+--------+\n| controller-node-1:2379 | 123c2503a378fc46 | 3.5.6 | 15 MB | true | false | 3 | 1200 | 1199 | |\n+------------------------+------------------+---------+---------+-----------+------------+-----------+------------+--------------------+--------+\n
Restore other node data
The above steps have restored the data of node 01. If you want to restore the data of other nodes, you only need to start the Pod of etcd and let etcd complete the data synchronization by itself.
Do the same at both node 02 and node 03:
mv /tmp/etcd.yaml /etc/kubernetes/manifests/etcd.yaml\n
Data synchronization between etcd member clusters takes some time. You can check the etcd cluster status to ensure that all etcd clusters are normal:
Check whether the etcd cluster status is normal:
etcdctl member list -w table \\\n--cacert=\"/etc/kubernetes/ssl/etcd/ca.crt\" \\\n--cert=\"/etc/kubernetes/ssl/apiserver-etcd-client.crt\" \\\n--key=\"/etc/kubernetes/ssl/apiserver-etcd-client.key\"\n
The expected output is as follows:
+------------------+---------+-------------------+-------------------------+-------------------------+------------+\n| ID | STATUS | NAME | PEER ADDRS | CLIENT ADDRS | IS LEARNER |\n+------------------+---------+-------------------+-------------------------+-------------------------+------------+\n| 6ea47110c5a87c03 | started | controller-node-1 | https://10.5.14.31:2380 | https://10.5.14.31:2379 | false |\n| e222e199f1e318c4 | started | controller-node-2 | https://10.5.14.32:2380 | https://10.5.14.32:2379 | false |\n| f64eeda321aabe2d | started | controller-node-3 | https://10.5.14.33:2380 | https://10.5.14.33:2379 | false |\n+------------------+---------+-------------------+-------------------------+-------------------------+------------+\n
Check whether the three member nodes are normal:
etcdctl endpoint status --endpoints=controller-node-1:2379,controller-node-2:2379,controller-node-3:2379 -w table \\\n--cacert=\"/etc/kubernetes/ssl/etcd/ca.crt\" \\\n--cert=\"/etc/kubernetes/ssl/apiserver-etcd-client.crt\" \\\n--key=\"/etc/kubernetes/ssl/apiserver-etcd-client.key\"\n
The expected output is as follows:
+------------------------+------------------+---------+---------+-----------+------------+-----------+------------+--------------------+--------+\n| ENDPOINT | ID | VERSION | DB SIZE | IS LEADER | IS LEARNER | RAFT TERM | RAFT INDEX | RAFT APPLIED INDEX | ERRORS |\n+------------------------+------------------+---------+---------+-----------+------------+-----------+------------+--------------------+--------+\n| controller-node-1:2379 | 6ea47110c5a87c03 | 3.5.6 | 88 MB | true | false | 6 | 199008 | 199008 | |\n| controller-node-2:2379 | e222e199f1e318c4 | 3.5.6 | 88 MB | false | false | 6 | 199114 | 199114 | |\n| controller-node-3:2379 | f64eeda321aabe2d | 3.5.6 | 88 MB | false | false | 6 | 199316 | 199316 | |\n+------------------------+------------------+---------+---------+-----------+------------+-----------+------------+--------------------+--------+\n
After the etcd data of all nodes are synchronized, the kube-apiserver can be restarted to restore the entire cluster to an accessible state:
Restart the kube-apiserver service for node1
mv /tmp/kube-apiserver.yaml /etc/kubernetes/manifests/kube-apiserver.yaml\n
Restart the kube-apiserver service for node2
mv /tmp/kube-apiserver.yaml /etc/kubernetes/manifests/kube-apiserver.yaml\n
Restart the kube-apiserver service for node3
mv /tmp/kube-apiserver.yaml /etc/kubernetes/manifests/kube-apiserver.yaml\n
After kubelet starts kube-apiserver, check whether the restored k8s data is normal:
kubectl get nodes\n
The expected output is as follows:
NAME STATUS ROLES AGE VERSION\ncontroller-node-1 Ready <none> 3h30m v1.25.4\ncontroller-node-3 Ready control-plane 3h29m v1.25.4\ncontroller-node-3 Ready control-plane 3h28m v1.25.4\n
In AI platform, when using the CIS Benchmark (CIS) scan on a work cluster created using the user interface, some scan items did not pass the scan. This article provides hardening instructions based on different versions of CIS Benchmark.
"},{"location":"en/admin/kpanda/best-practice/hardening-cluster.html#cis-benchmark-127","title":"CIS Benchmark 1.27","text":"Scan Environment:
[FAIL] 1.2.5 Ensure that the --kubelet-certificate-authority argument is set as appropriate (Automated)
Reason: CIS requires that kube-apiserver must specify the CA certificate path for kubelet:
[FAIL] 1.3.7 Ensure that the --bind-address argument is set to 127.0.0.1 (Automated)
Reason: CIS requires that kube-controller-manager's --bind-address=127.0.0.1
[FAIL] 1.4.1 Ensure that the --profiling argument is set to false (Automated)
Reason: CIS requires that kube-scheduler sets --profiling=false
[FAIL] 1.4.2 Ensure that the --bind-address argument is set to 127.0.0.1 (Automated)
Reason: CIS requires setting kube-scheduler's --bind-address=127.0.0.1
To address these security scan issues, kubespray has added default values in v2.22 to solve some of the problems. For more details, refer to the kubespray hardening documentation.
Add parameters by modifying the kubean var-config configuration file:
kubernetes_audit: true\nkube_controller_manager_bind_address: 127.0.0.1\nkube_scheduler_bind_address: 127.0.0.1\nkube_kubeadm_scheduler_extra_args:\n profiling: false\nkubelet_rotate_server_certificates: true\n
In AI platform, there is also a feature to configure advanced parameters through the user interface. Add custom parameters in the last step of cluster creation:
After setting the custom parameters, the following parameters are added to the var-config configmap in kubean:
Perform a scan after installing the cluster:
After the scan, all scan items passed the scan (WARN and INFO are counted as PASS). Note that this document only applies to CIS Benchmark 1.27, as CIS Benchmark is continuously updated.
"},{"location":"en/admin/kpanda/best-practice/kubean-low-version.html","title":"Deploy and Upgrade Compatible Versions of Kubean in Offline Scenarios","text":"In order to meet the customer's demand for building Kubernetes (K8s) clusters with lower versions, Kubean provides the capability to be compatible with lower versions and create K8s clusters with those versions.
Currently, the supported versions for self-built worker clusters range from 1.26.0-v1.28
. Refer to the AI platform Cluster Version Support System for more information.
This article will demonstrate how to deploy a K8s cluster with a lower version.
Note
Node environment used in the document:
Prepare a management cluster where kubean resides, and the current environment has deployed the podman
, skopeo
, and minio client
commands. If not supported, you can install the dependent components through the script, Installing Prerequisite Dependencies.
Go to kubean to view the released artifacts, and choose the specific artifact version based on the actual situation. The currently supported artifact versions and their proper cluster version ranges are as follows:
Artifact Version Cluster Range AI platform Support release-2.21 v1.23.0 ~ v1.25.6 Supported since installer v0.14.0 release-2.22 v1.24.0 ~ v1.26.9 Supported since installer v0.15.0 release-2.23 v1.25.0 ~ v1.27.7 Expected to support from installer v0.16.0This article demonstrates the offline deployment of a K8s cluster with version 1.23.0 and the offline upgrade of a K8s cluster from version 1.23.0 to 1.24.0, so we choose the artifact release-2.21
.
Import the spray-job image into the registry of the offline environment.
# Assuming the registry address in the bootstrap cluster is 172.30.41.200\nREGISTRY_ADDR=\"172.30.41.200\"\n\n# The image spray-job can use the accelerator address here, and the image address is determined based on the selected artifact version\nSPRAY_IMG_ADDR=\"ghcr.m.daocloud.io/kubean-io/spray-job:2.21-d6f688f\"\n\n# skopeo parameters\nSKOPEO_PARAMS=\" --insecure-policy -a --dest-tls-verify=false --retry-times=3 \"\n\n# Online environment: Export the spray-job image of version release-2.21 and transfer it to the offline environment\nskopeo copy docker://${SPRAY_IMG_ADDR} docker-archive:spray-job-2.21.tar\n\n# Offline environment: Import the spray-job image of version release-2.21 into the bootstrap registry\nskopeo copy ${SKOPEO_PARAMS} docker-archive:spray-job-2.21.tar docker://${REGISTRY_ADDR}/${SPRAY_IMG_ADDR}\n
"},{"location":"en/admin/kpanda/best-practice/kubean-low-version.html#create-offline-resources-for-the-earlier-versions-of-k8s","title":"Create Offline Resources for the Earlier Versions of K8s","text":"Prepare the manifest.yml file.
cat > \"manifest.yml\" <<EOF\nimage_arch:\n - \"amd64\" ## \"arm64\"\nkube_version: ## Fill in the cluster version according to the actual scenario\n - \"v1.23.0\"\n - \"v1.24.0\"\nEOF\n
Create the offline incremental package.
# Create the data directory\nmkdir data\n# Create the offline package\nAIRGAP_IMG_ADDR=\"ghcr.m.daocloud.io/kubean-io/airgap-patch:2.21-d6f688f\" # (1)\npodman run --rm -v $(pwd)/manifest.yml:/manifest.yml -v $(pwd)/data:/data -e ZONE=CN -e MODE=FULL ${AIRGAP_IMG_ADDR}\n
Import the offline images and binary packages for the proper K8s version.
# Import the binaries from the data directory to the minio in the bootstrap node\ncd ./data/amd64/files/\nMINIO_ADDR=\"http://172.30.41.200:9000\" # Replace IP with the actual repository url\nMINIO_USER=rootuser MINIO_PASS=rootpass123 ./import_files.sh ${MINIO_ADDR}\n\n# Import the images from the data directory to the image repository in the bootstrap node\ncd ./data/amd64/images/\nREGISTRY_ADDR=\"172.30.41.200\" ./import_images.sh # Replace IP with the actual repository url\n
Deploy the manifest
and localartifactset.cr.yaml
custom resources to the management cluster where kubean resides or the Global cluster. In this example, we use the Global cluster.
# Deploy the localArtifactSet resources in the data directory\ncd ./data\nkubectl apply -f data/localartifactset.cr.yaml\n\n# Download the manifest resources proper to release-2.21\nwget https://raw.githubusercontent.com/kubean-io/kubean-manifest/main/manifests/manifest-2.21-d6f688f.yml\n\n# Deploy the manifest resources proper to release-2.21\nkubectl apply -f manifest-2.21-d6f688f.yml\n
Go to Container Management and click the Create Cluster button on the Clusters page.
Choose the manifest
and localartifactset.cr.yaml
custom resources deployed cluster as the Managed
parameter. In this example, we use the Global cluster.
Refer to Creating a Cluster for the remaining parameters.
Select the newly created cluster and go to the details page.
Click Cluster Operations in the left navigation bar, then click Cluster Upgrade on the top right of the page.
Select the available cluster for upgrade.
This page explains how to add ARM architecture nodes with Kylin v10 sp2 operating system to an AMD architecture worker cluster with CentOS 7.9 operating system.
Note
This page is only applicable to adding heterogeneous nodes to a worker cluster created using the AI platform in offline mode, excluding connected clusters.
"},{"location":"en/admin/kpanda/best-practice/multi-arch.html#prerequisites","title":"Prerequisites","text":"Take ARM architecture and Kylin v10 sp2 operating system as examples.
Make sure you are logged into the bootstrap node! Also, make sure the clusterConfig.yaml file used during the AI platform deployment is available.
"},{"location":"en/admin/kpanda/best-practice/multi-arch.html#offline-image-package","title":"Offline Image Package","text":"CPU Architecture Version Download Link AMD64 v0.18.0 https://qiniu-download-public.daocloud.io/DaoCloud_Enterprise/dce5/offline-v0.18.0-amd64.tar ARM64 v0.18.0 https://qiniu-download-public.daocloud.io/DaoCloud_Enterprise/dce5/offline-v0.18.0-arm64.tarAfter downloading, extract the offline package:
tar -xvf offline-v0.18.0-arm64.tar\n
"},{"location":"en/admin/kpanda/best-practice/multi-arch.html#iso-offline-package-kylin-v10-sp2","title":"ISO Offline Package (Kylin v10 sp2)","text":"CPU Architecture Operating System Version Download Link ARM64 Kylin Linux Advanced Server release V10 (Sword) SP2 https://www.kylinos.cn/support/trial.html Note
Kylin operating system requires personal information to be provided for downloading and usage. Select V10 (Sword) SP2 when downloading.
"},{"location":"en/admin/kpanda/best-practice/multi-arch.html#ospackage-offline-package-kylin-v10-sp2","title":"osPackage Offline Package (Kylin v10 sp2)","text":"The Kubean project provides osPackage offline packages for different operating systems. Visit https://github.com/kubean-io/kubean/releases to view the available packages.
Operating System Version Download Link Kylin Linux Advanced Server release V10 (Sword) SP2 https://github.com/kubean-io/kubean/releases/download/v0.16.3/os-pkgs-kylinv10-v0.16.3.tar.gzNote
Check the specific version of the osPackage offline package in the offline/sample/clusterConfig.yaml file of the offline image package.
"},{"location":"en/admin/kpanda/best-practice/multi-arch.html#import-offline-packages-to-the-bootstrap-node","title":"Import Offline Packages to the Bootstrap Node","text":"Run the import-artifact command:
./offline/dce5-installer import-artifact -c clusterConfig.yaml \\\n --offline-path=/root/offline \\\n --iso-path=/root/Kylin-Server-10-SP2-aarch64-Release-Build09-20210524.iso \\\n --os-pkgs-path=/root/os-pkgs-kylinv10-v0.7.4.tar.gz\n
Note
Parameter Explanation:
After a successful import command execution, the offline package will be uploaded to Minio on the bootstrap node.
"},{"location":"en/admin/kpanda/best-practice/multi-arch.html#add-heterogeneous-worker-nodes","title":"Add Heterogeneous Worker Nodes","text":"Make sure you are logged into the management node of the AI platform Global Service Cluster.
"},{"location":"en/admin/kpanda/best-practice/multi-arch.html#modify-the-host-manifest","title":"Modify the Host Manifest","text":"Here is an example of host manifest:
Before adding a nodeAfter adding a nodeapiVersion: v1\nkind: ConfigMap\nmetadata:\n name: ${cluster-name}-hosts-conf\n namespace: kubean-system\ndata:\n hosts.yml: |\n all:\n children:\n etcd:\n hosts:\n centos-master:\n k8s_cluster:\n children:\n kube_control_plane:\n kube_node:\n kube_control_plane:\n hosts:\n centos-master:\n kube_node:\n hosts:\n centos-master:\n hosts:\n centos-master:\n ip: 10.5.14.122\n access_ip: 10.5.14.122\n ansible_host: 10.5.14.122\n ansible_connection: ssh\n ansible_user: root\n ansible_ssh_pass: ******\n
apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: ${cluster-name}-hosts-conf\n namespace: kubean-system\ndata:\n hosts.yml: |\n all:\n hosts:\n centos-master:\n ip: 10.5.14.122\n access_ip: 10.5.14.122\n ansible_host: 10.5.14.122\n ansible_connection: ssh\n ansible_user: root\n ansible_ssh_pass: ******\n # Add heterogeneous nodes\n kylin-worker:\n ip: 10.5.10.220\n access_ip: 10.5.10.220\n ansible_host: 10.5.10.220\n ansible_connection: ssh\n ansible_user: root\n ansible_ssh_pass: dangerous@2022\n children:\n kube_control_plane:\n hosts:\n - centos-master\n kube_node:\n hosts:\n - centos-master\n - kylin-worker # Add the name of heterogeneous node\n etcd:\n hosts:\n - centos-master\n k8s_cluster:\n children:\n - kube_control_plane\n - kube_node\n
To add information about the newly added worker nodes according to the above comments:
kubectl edit cm ${cluster-name}-hosts-conf -n kubean-system\n
"},{"location":"en/admin/kpanda/best-practice/multi-arch.html#add-expansion-tasks-through-clusteroperationyml","title":"Add Expansion Tasks through ClusterOperation.yml","text":"Example:
ClusterOperation.ymlapiVersion: kubean.io/v1alpha1\nkind: ClusterOperation\nmetadata:\n name: add-worker-node\nspec:\n cluster: ${cluster-name} # Specify cluster name\n image: ghcr.m.daocloud.io/kubean-io/spray-job:v0.5.0\n backoffLimit: 0\n actionType: playbook\n action: scale.yml\n extraArgs: --limit=kylin-worker\n preHook:\n - actionType: playbook\n action: ping.yml\n - actionType: playbook\n action: disable-firewalld.yml\n - actionType: playbook\n action: enable-repo.yml\n extraArgs: |\n -e \"{repo_list: [\"http://10.5.14.30:9000/kubean/kylin-iso/\\$releasever/os/\\$basearch\",\"http://10.5.14.30:9000/kubean/kylin/\\$releasever/os/\\$basearch\"]}\"\n postHook:\n - actionType: playbook\n action: cluster-info.yml\n
Note
To create and deploy join-node-ops.yaml according to the above configuration:
vi join-node-ops.yaml\nkubectl apply -f join-node-ops.yaml -n kubean-system\n
"},{"location":"en/admin/kpanda/best-practice/multi-arch.html#check-the-status-of-the-task-execution","title":"Check the status of the task execution","text":"kubectl -n kubean-system get pod | grep add-worker-node\n
To check the progress of the scaling task, you can view the logs of the proper pod.
"},{"location":"en/admin/kpanda/best-practice/multi-arch.html#verify-in-ui","title":"Verify in UI","text":"Go to Container Management -> Clusters -> Nodes .
Click the newly added node to view details.
This page will take a highly available three-master-node worker cluster as an example. When the first master node of the worker cluster fails or malfunctions, how to replace or reintroduce the first master node.
This page features a highly available cluster with three master nodes.
Assuming node1 is down, the following steps will explain how to reintroduce the recovered node1 back into the worker cluster.
"},{"location":"en/admin/kpanda/best-practice/replace-first-master-node.html#preparations","title":"Preparations","text":"Before performing the replacement operation, first obtain basic information about the cluster resources, which will be used when modifying related configurations.
Note
The following commands to obtain cluster resource information are executed in the management cluster.
Get the cluster name
Run the following command to find the clusters.kubean.io
resource proper to the cluster:
# For example, if the resource name of clusters.kubean.io is cluster-mini-1\n# Get the name of the cluster\nCLUSTER_NAME=$(kubectl get clusters.kubean.io cluster-mini-1 -o=jsonpath=\"{.metadata.name}{'\\n'}\")\n
Get the host list configmap of the cluster
kubectl get clusters.kubean.io cluster-mini-1 -o=jsonpath=\"{.spec.hostsConfRef}{'\\n'}\"\n{\"name\":\"mini-1-hosts-conf\",\"namespace\":\"kubean-system\"}\n
Get the configuration parameters configmap of the cluster
kubectl get clusters.kubean.io cluster-mini-1 -o=jsonpath=\"{.spec.varsConfRef}{'\\n'}\"\n{\"name\":\"mini-1-vars-conf\",\"namespace\":\"kubean-system\"}\n
Adjust the order of control plane nodes
Reset the node1 node to restore it to the state before installing the cluster (or use a new node), maintaining the network connectivity of the node1 node.
Adjust the order of the node1 node in the kube_control_plane, kube_node, and etcd sections in the host list (node1/node2/node3 -> node2/node3/node1):
function change_control_plane_order() {\n cat << EOF | kubectl apply -f -\n---\napiVersion: v1\nkind: ConfigMap\nmetadata:\n name: mini-1-hosts-conf\n namespace: kubean-system\ndata:\n hosts.yml: |\n all:\n hosts:\n node1:\n ip: \"172.30.41.161\"\n access_ip: \"172.30.41.161\"\n ansible_host: \"172.30.41.161\"\n ansible_connection: ssh\n ansible_user: root\n ansible_password: dangerous\n node2:\n ip: \"172.30.41.162\"\n access_ip: \"172.30.41.162\"\n ansible_host: \"172.30.41.162\"\n ansible_connection: ssh\n ansible_user: root\n ansible_password: dangerous\n node3:\n ip: \"172.30.41.163\"\n access_ip: \"172.30.41.163\"\n ansible_host: \"172.30.41.163\"\n ansible_connection: ssh\n ansible_user: root\n ansible_password: dangerous\n children:\n kube_control_plane:\n hosts:\n node2:\n node3:\n node1:\n kube_node:\n hosts:\n node2:\n node3:\n node1:\n etcd:\n hosts:\n node2:\n node3:\n node1:\n k8s_cluster:\n children:\n kube_control_plane:\n kube_node:\n calico_rr:\n hosts: {}\nEOF\n}\n\nchange_control_plane_order\n
Remove the first master node in an abnormal state
After adjusting the order of nodes in the host list, remove the node1 in an abnormal state of the K8s control plane.
Note
If node1 is offline or malfunctioning, the following ConfigMaps must be added to extraArgs, you need not to add them when node1 is online.
reset_nodes=false # Skip resetting node operation\nallow_ungraceful_removal=true # Allow ungraceful removal operation\n
# Image spray-job can use an accelerator address here\n\nSPRAY_IMG_ADDR=\"ghcr.m.daocloud.io/kubean-io/spray-job\"\nSPRAY_RLS_2_22_TAG=\"2.22-336b323\"\nKUBE_VERSION=\"v1.24.14\"\nCLUSTER_NAME=\"cluster-mini-1\"\nREMOVE_NODE_NAME=\"node1\"\n\ncat << EOF | kubectl apply -f -\n---\napiVersion: kubean.io/v1alpha1\nkind: ClusterOperation\nmetadata:\n name: cluster-mini-1-remove-node-ops\nspec:\n cluster: ${CLUSTER_NAME}\n image: ${SPRAY_IMG_ADDR}:${SPRAY_RLS_2_22_TAG}\n actionType: playbook\n action: remove-node.yml\n extraArgs: -e node=${REMOVE_NODE_NAME} -e reset_nodes=false -e allow_ungraceful_removal=true -e kube_version=${KUBE_VERSION}\n postHook:\n - actionType: playbook\n action: cluster-info.yml\nEOF\n
Manually modify the cluster configuration, edit and update cluster-info
# Edit cluster-info\nkubectl -n kube-public edit cm cluster-info\n\n# 1. If the ca.crt certificate is updated, the content of the certificate-authority-data field needs to be updated\n# View the base64 encoding of the ca certificate:\ncat /etc/kubernetes/ssl/ca.crt | base64 | tr -d '\\n'\n\n# 2. Change the IP address in the server field to the new first master IP, this document will use the IP address of node2, 172.30.41.162\n
Manually modify the cluster configuration, edit and update kubeadm-config
# Edit kubeadm-config\nkubectl -n kube-system edit cm kubeadm-config\n\n# Change controlPlaneEndpoint to the new first master IP,\n# this document will use the IP address of node2, 172.30.41.162\n
Scale up the master node and update the cluster
Note
--limit
to limit the update operation to only affect the etcd and kube_control_plane node groups.cat << EOF | kubectl apply -f -\n---\napiVersion: kubean.io/v1alpha1\nkind: ClusterOperation\nmetadata:\n name: cluster-mini-1-update-cluster-ops\nspec:\n cluster: ${CLUSTER_NAME}\n image: ${SPRAY_IMG_ADDR}:${SPRAY_RLS_2_22_TAG}\n actionType: playbook\n action: cluster.yml\n extraArgs: --limit=etcd,kube_control_plane -e kube_version=${KUBE_VERSION}\n preHook:\n - actionType: playbook\n action: enable-repo.yml # This yaml needs to be added in an offline environment,\n # and set the correct repo-list (install operating system packages),\n # the following parameter values are for reference only\n extraArgs: |\n -e \"{repo_list: ['http://172.30.41.0:9000/kubean/centos/\\$releasever/os/\\$basearch','http://172.30.41.0:9000/kubean/centos-iso/\\$releasever/os/\\$basearch']}\"\n postHook:\n - actionType: playbook\n action: cluster-info.yml\nEOF\n
Now, you completed the replacement of the first Master node.
"},{"location":"en/admin/kpanda/best-practice/update-offline-cluster.html","title":"Offline Deployment/Upgrade Guide for Worker Clusters","text":"Note
This document is specifically designed for deploying or upgrading the Kubernetes version of worker clusters created on the AI platform in offline mode. It does not cover the deployment or upgrade of other Kubernetes components.
This guide is applicable to the following offline scenarios:
The overall approach is as follows:
Note
For a list of currently supported offline Kubernetes versions, refer to the list of Kubernetes versions supported by Kubean.
"},{"location":"en/admin/kpanda/best-practice/update-offline-cluster.html#building-the-offline-package-on-an-integrated-node","title":"Building the Offline Package on an Integrated Node","text":"Since the offline environment cannot connect to the internet, you need to prepare an integrated node in advance to build the incremental offline package and start Docker or Podman services on this node.
Check the status of the Docker service on the integrated node.
ps aux | grep docker\n
You should see output similar to the following:
root 12341 0.5 0.2 654372 26736 ? Ssl 23:45 0:00 /usr/bin/docked\nroot 12351 0.2 0.1 625080 13740 ? Ssl 23:45 0:00 docker-containerd --config /var/run/docker/containerd/containerd.toml\nroot 13024 0.0 0.0 112824 980 pts/0 S+ 23:45 0:00 grep --color=auto docker\n
Create a file named manifest.yaml in the /root directory of the integrated node with the following command:
vi manifest.yaml\n
The content of manifest.yaml should be as follows:
manifest.yamlimage_arch:\n- \"amd64\"\nkube_version: # Specify the version of the cluster to be upgraded\n- \"v1.28.0\"\n
Create a folder named /data in the /root directory to store the incremental offline package.
mkdir data\n
Run the following command to generate the offline package using the kubean airgap-patch
image. Make sure the tag of the airgap-patch
image matches the Kubean version, and that the Kubean version covers the Kubernetes version you wish to upgrade.
# Assuming the Kubean version is v0.13.9\ndocker run --rm -v $(pwd)/manifest.yaml:/manifest.yaml -v $(pwd)/data:/data ghcr.m.daocloud.io/kubean-io/airgap-patch:v0.13.9\n
After the Docker service completes running, check the files in the /data folder. The folder structure should look like this:
data\n\u251c\u2500\u2500 amd64\n\u2502 \u251c\u2500\u2500 files\n\u2502 \u2502 \u251c\u2500\u2500 import_files.sh\n\u2502 \u2502 \u2514\u2500\u2500 offline-files.tar.gz\n\u2502 \u251c\u2500\u2500 images\n\u2502 \u2502 \u251c\u2500\u2500 import_images.sh\n\u2502 \u2502 \u2514\u2500\u2500 offline-images.tar.gz\n\u2502 \u2514\u2500\u2500 os-pkgs\n\u2502 \u2514\u2500\u2500 import_ospkgs.sh\n\u2514\u2500\u2500 localartifactset.cr.yaml\n
Copy the /data files from the integrated node to the /root directory of the bootstrap node. On the integrated node , run the following command:
scp -r data root@x.x.x.x:/root\n
Replace x.x.x.x
with the IP address of the bootstrap node.
On the bootstrap node, copy the image files in the /data folder to the built-in Docker registry of the bootstrap node. After logging into the bootstrap node, run the following commands:
Navigate to the directory where the image files are located.
cd data/amd64/images\n
Run the import_images.sh script to import the images into the built-in Docker Registry of the bootstrap node.
REGISTRY_ADDR=\"127.0.0.1\" ./import_images.sh\n
Note
The above command is only applicable to the built-in Docker Registry of the bootstrap node. If you are using an external registry, use the following command:
REGISTRY_SCHEME=https REGISTRY_ADDR=${registry_address} REGISTRY_USER=${username} REGISTRY_PASS=${password} ./import_images.sh\n
On the bootstrap node, copy the binary files in the /data folder to the built-in Minio service of the bootstrap node.
Navigate to the directory where the binary files are located.
cd data/amd64/files/\n
Run the import_files.sh script to import the binary files into the built-in Minio service of the bootstrap node.
MINIO_USER=rootuser MINIO_PASS=rootpass123 ./import_files.sh http://127.0.0.1:9000\n
Note
The above command is only applicable to the built-in Minio service of the bootstrap node. If you are using an external Minio, replace http://127.0.0.1:9000
with the access address of the external Minio. \"rootuser\" and \"rootpass123\" are the default account and password for the built-in Minio service of the bootstrap node.
Run the following command on the bootstrap node to deploy the localartifactset
resource to the global service cluster:
kubectl apply -f data/kubeanofflineversion.cr.patch.yaml\n
"},{"location":"en/admin/kpanda/best-practice/update-offline-cluster.html#next-steps","title":"Next Steps","text":"Log into the AI platform UI management interface to continue with the following actions:
Refer to the Creating Cluster Documentation to create a worker cluster, where you can select the incremental version of Kubernetes.
Refer to the Upgrading Cluster Documentation to upgrade your self-built worker cluster.
This document outlines how to create a worker cluster on an unsupported OS in offline mode.
The main process for creating a worker cluster on an unsupported OS in offline mode is illustrated in the diagram below:
Next, we will use the openAnolis operating system as an example to demonstrate how to create a cluster on a non-mainstream operating system.
"},{"location":"en/admin/kpanda/best-practice/use-otherlinux-create-custer.html#prerequisites","title":"Prerequisites","text":"Find an online environment with the same architecture and OS as the nodes in the target cluster. In this example, we will use AnolisOS 8.8 GA. Run the following command to generate an offline os-pkgs package:
# Download relevant scripts and build os packages package\n$ curl -Lo ./pkgs.yml https://raw.githubusercontent.com/kubean-io/kubean/main/build/os-packages/others/pkgs.yml\n$ curl -Lo ./other_os_pkgs.sh https://raw.githubusercontent.com/kubean-io/kubean/main/build/os-packages/others/other_os_pkgs.sh && chmod +x other_os_pkgs.sh\n$ ./other_os_pkgs.sh build # Build the offline package\n
After executing the above command, you should have a compressed package named os-pkgs-anolis-8.8.tar.gz in the current directory. The file structure in the current directory should look like this:
.\n \u251c\u2500\u2500 other_os_pkgs.sh\n \u251c\u2500\u2500 pkgs.yml\n \u2514\u2500\u2500 os-pkgs-anolis-8.8.tar.gz\n
"},{"location":"en/admin/kpanda/best-practice/use-otherlinux-create-custer.html#offline-node-installing-the-offline-package","title":"Offline Node - Installing the Offline Package","text":"Copy the three files generated on the online node ( other_os_pkgs.sh , pkgs.yml , and os-pkgs-anolis-8.8.tar.gz ) to all nodes in the target cluster in the offline environment.
Login to any one of the nodes in the offline environment that is part of the target cluster, and run the following command to install the os-pkg package on the node:
# Configure environment variables\n$ export PKGS_YML_PATH=/root/workspace/os-pkgs/pkgs.yml # Path to the pkgs.yml file on the current offline node\n$ export PKGS_TAR_PATH=/root/workspace/os-pkgs/os-pkgs-anolis-8.8.tar.gz # Path to the os-pkgs-anolis-8.8.tar.gz file on the current offline node\n$ export SSH_USER=root # Username for the current offline node\n$ export SSH_PASS=dangerous # Password for the current offline node\n$ export HOST_IPS='172.30.41.168' # IP address of the current offline node\n$ ./other_os_pkgs.sh install # Install the offline package\n
After executing the above command, wait for the interface to prompt: All packages for node (X.X.X.X) have been installed , which indicates that the installation is complete.
"},{"location":"en/admin/kpanda/best-practice/use-otherlinux-create-custer.html#go-to-the-user-interface-to-create-cluster","title":"Go to the User Interface to Create Cluster","text":"Refer to the documentation on Creating a Worker Cluster to create an openAnolis cluster.
"},{"location":"en/admin/kpanda/clusterops/cluster-oversold.html","title":"Dynamic Resource Overprovision in the Cluster","text":"Currently, many businesses experience peaks and valleys in demand. To ensure service performance and stability, resources are typically allocated based on peak demand when deploying services. However, peak periods may be very short, resulting in resource waste during off-peak times. Cluster resource overprovision utilizes these allocated but unused resources (i.e., the difference between allocation and usage) to enhance cluster resource utilization and reduce waste.
This article mainly introduces how to use the cluster dynamic resource overprovision feature.
"},{"location":"en/admin/kpanda/clusterops/cluster-oversold.html#prerequisites","title":"Prerequisites","text":"click Clusters in the left navigation bar, then clickthe name of the target cluster to enter the Cluster Details page.
On the cluster details page, click Cluster Operations -> Cluster Settings in the left navigation bar, then select the Advanced Configuration tab.
Enable cluster overprovision and set the overprovision ratio.
Note
The proper namespace in the cluster must have the following label applied for the cluster overprovision policy to take effect.
clusterresourceoverrides.admission.autoscaling.openshift.io/enabled: \"true\"\n
Once the cluster dynamic resource overprovision ratio is set, it will take effect while workloads are running. The following example uses nginx to validate the use of resource overprovision capabilities.
Create a workload (nginx) and set the proper resource limits. For the creation process, refer to Creating Stateless Workloads (Deployment).
Check whether the ratio of the Pod's resource requests to limits meets the overprovision ratio.
Cluster settings are used to customize advanced feature settings for your cluster, including whether to enable GPU, helm repo refresh cycle, Helm operation record retention, etc.
Enable GPU: GPUs and proper driver plug-ins need to be installed on the cluster in advance.
Click the name of the target cluster, and click Operations and Maintenance -> Cluster Settings -> Addons in the left navigation bar.
Helm operation basic image, registry refresh cycle, number of operation records retained, whether to enable cluster deletion protection (the cluster cannot be uninstalled directly after enabling)
On this page, you can view the recent cluster operation records and Helm operation records, as well as the YAML files and logs of each operation, and you can also delete a certain record.
Set the number of reserved entries for Helm operations:
By default, the system keeps the last 100 Helm operation records. If you keep too many entries, it may cause data redundancy, and if you keep too few entries, you may lose the key operation records you need. A reasonable reserved quantity needs to be set according to the actual situation. Specific steps are as follows:
Click the name of the target cluster, and click Recent Operations -> Helm Operations -> Set Number of Retained Items in the left navigation bar.
Set how many Helm operation records need to be kept, and click OK .
Clusters integrated or created using the AI platform Container Management platform can be accessed not only through the UI interface but also in two other ways for access control:
Note
When accessing the cluster, the user should have Cluster Admin permission or higher.
"},{"location":"en/admin/kpanda/clusters/access-cluster.html#access-via-cloudshell","title":"Access via CloudShell","text":"Enter Clusters page, select the cluster you want to access via CloudShell, click the ... icon on the right, and then click Console from the dropdown list.
Run kubectl get node command in the Console to verify the connectivity between CloudShell and the cluster. If the console returns node information of the cluster, you can access and manage the cluster through CloudShell.
If you want to access and manage remote clusters from a local node, make sure you have met these prerequisites:
If everything is in place, follow these steps to access a cloud cluster from your local environment.
Enter Clusters page, find your target cluster, click ... on the right, and select Download kubeconfig in the drop-down list.
Set the Kubeconfig period and click Download .
Open the downloaded certificate and copy its content to the config file of the local node.
By default, the kubectl tool will look for a file named config in the $HOME/.kube directory on the local node. This file stores access credentials of clusters. Kubectl can access the cluster with that configuration file.
Run the following command on the local node to verify its connectivity with the cluster:
kubectl get pod -n default\n
An expected output is as follows:
NAME READY STATUS RESTARTS AGE\ndao-2048-2048-58c7f7fc5-mq7h4 1/1 Running 0 30h\n
Now you can access and manage the cluster locally with kubectl.
"},{"location":"en/admin/kpanda/clusters/cluster-role.html","title":"Cluster Roles","text":"Suanova AI platform categorizes clusters based on different functionalities to help users better manage IT infrastructure.
"},{"location":"en/admin/kpanda/clusters/cluster-role.html#global-service-cluster","title":"Global Service Cluster","text":"This cluster is used to run AI platform components such as Container Management, Global Management, Insight. It generally does not carry business workloads.
Supported Features Description K8s Version 1.22+ Operating System RedHat 7.6 x86/ARM, RedHat 7.9 x86, RedHat 8.4 x86/ARM, RedHat 8.6 x86;Ubuntu 18.04 x86, Ubuntu 20.04 x86;CentOS 7.6 x86/AMD, CentOS 7.9 x86/AMD Full Lifecycle Management Supported K8s Resource Management Supported Cloud Native Storage Supported Cloud Native Network Calico, Cillium, Multus, and other CNIs Policy Management Supports network policies, quota policies, resource limits, disaster recovery policies, security policies"},{"location":"en/admin/kpanda/clusters/cluster-role.html#management-cluster","title":"Management Cluster","text":"This cluster is used to manage worker clusters and generally does not carry business workloads.
Supported Features Description K8s Version 1.22+ Operating System RedHat 7.6 x86/ARM, RedHat 7.9 x86, RedHat 8.4 x86/ARM, RedHat 8.6 x86;Ubuntu 18.04 x86, Ubuntu 20.04 x86;CentOS 7.6 x86/AMD, CentOS 7.9 x86/AMD Full Lifecycle Management Supported K8s Resource Management Supported Cloud Native Storage Supported Cloud Native Network Calico, Cillium, Multus, and other CNIs Policy Management Supports network policies, quota policies, resource limits, disaster recovery policies, security policies"},{"location":"en/admin/kpanda/clusters/cluster-role.html#worker-cluster","title":"Worker Cluster","text":"This is a cluster created using Container Management and is mainly used to carry business workloads. This cluster is managed by the management cluster.
Supported Features Description K8s Version Supports K8s 1.22 and above Operating System RedHat 7.6 x86/ARM, RedHat 7.9 x86, RedHat 8.4 x86/ARM, RedHat 8.6 x86;Ubuntu 18.04 x86, Ubuntu 20.04 x86;CentOS 7.6 x86/AMD, CentOS 7.9 x86/AMD Full Lifecycle Management Supported K8s Resource Management Supported Cloud Native Storage Supported Cloud Native Network Calico, Cillium, Multus, and other CNIs Policy Management Supports network policies, quota policies, resource limits, disaster recovery policies, security policies"},{"location":"en/admin/kpanda/clusters/cluster-role.html#integrated-cluster","title":"Integrated Cluster","text":"This cluster is used to integrate existing standard K8s clusters, including but not limited to self-built clusters in local data centers, clusters provided by public cloud vendors, clusters provided by private cloud vendors, edge clusters, Xinchuang clusters, heterogeneous clusters, and different Suanova clusters. It is mainly used to carry business workloads.
Supported Features Description K8s Version 1.18+ Supported Vendors VMware Tanzu, Amazon EKS, Redhat Openshift, SUSE Rancher, Alibaba ACK, Huawei CCE, Tencent TKE, Standard K8s Cluster, Suanova Full Lifecycle Management Not Supported K8s Resource Management Supported Cloud Native Storage Supported Cloud Native Network Depends on the network mode of the integrated cluster's kernel Policy Management Supports network policies, quota policies, resource limits, disaster recovery policies, security policiesNote
A cluster can have multiple cluster roles. For example, a cluster can be both a global service cluster and a management cluster or a worker cluster.
"},{"location":"en/admin/kpanda/clusters/cluster-scheduler-plugin.html","title":"Deploy Second Scheduler scheduler-plugins in a Cluster","text":"This page describes how to deploy a second scheduler-plugins in a cluster.
"},{"location":"en/admin/kpanda/clusters/cluster-scheduler-plugin.html#why-do-we-need-scheduler-plugins","title":"Why do we need scheduler-plugins?","text":"The cluster created through the platform will install the native K8s scheduler-plugin, but the native scheduler-plugin has many limitations:
This page takes the scenario of using the vgpu scheduler-plugin while combining the coscheduling plugin capability of scheduler-plugins as an example to introduce how to install and use scheduler-plugins.
"},{"location":"en/admin/kpanda/clusters/cluster-scheduler-plugin.html#installing-scheduler-plugins","title":"Installing scheduler-plugins","text":""},{"location":"en/admin/kpanda/clusters/cluster-scheduler-plugin.html#prerequisites","title":"Prerequisites","text":"Add the scheduler-plugins parameter in Create Cluster -> Advanced Settings -> Custom Parameters.
scheduler_plugins_enabled:true\nscheduler_plugins_plugin_config:\n - name: Coscheduling\n args:\n permitWaitingTimeSeconds: 10 # default is 60\n
Parameters:
scheduler_plugins_enabled
Set to true to enable the scheduler-plugins capability.scheduler_plugins_enabled_plugins
or scheduler_plugins_disabled_plugins
options. See K8s Official Plugin Names for reference.scheduler_plugins_plugin_config
, for example: set the permitWaitingTimeoutSeconds
parameter for coscheduling. See K8s Official Plugin Configuration for reference.After successful cluster creation, the system will automatically install the scheduler-plugins and controller component loads. You can check the workload status in the proper cluster's deployment.
Here is an example of how to use scheduler-plugins by demonstrating a scenario where the vgpu scheduler is used in combination with the coscheduling plugin capability of scheduler-plugins.
Install vgpu in the Helm Charts and set the values.yaml parameters.
schedulerName: scheduler-plugins-scheduler
: This is the scheduler name for scheduler-plugins installed by kubean, and currently cannot be modified.scheduler.kubeScheduler.enabled: false
: Do not install kube-scheduler and use vgpu-scheduler as a separate extender.Extend vgpu-scheduler on scheduler-plugins.
[root@master01 charts]# kubectl get cm -n scheduler-plugins scheduler-config -ojsonpath=\"{.data.scheduler-config\\.yaml}\"\n
apiVersion: kubescheduler.config.k8s.io/v1\nkind: KubeSchedulerConfiguration\nleaderElection:\n leaderElect: false\nprofiles:\n # Compose all plugins in one profile\n - schedulerName: scheduler-plugins-scheduler\n plugins:\n multiPoint:\n enabled:\n - name: Coscheduling\n - name: CapacityScheduling\n - name: NodeResourceTopologyMatch\n - name: NodeResourcesAllocatable\n disabled:\n - name: PrioritySort\npluginConfig:\n - args:\n permitWaitingTimeSeconds: 10\n name: Coscheduling\n
Modify configmap of scheduler-config for scheduler-plugins:
[root@master01 charts]# kubectl get cm -n scheduler-plugins scheduler-config -ojsonpath=\"{.data.scheduler-config\\.yaml}\"\n
apiVersion: kubescheduler.config.k8s.io/v1\nkind: KubeSchedulerConfiguration\nleaderElection:\n leaderElect: false\nprofiles:\n # Compose all plugins in one profile\n - schedulerName: scheduler-plugins-scheduler\n plugins:\n multiPoint:\n enabled:\n - name: Coscheduling\n - name: CapacityScheduling\n - name: NodeResourceTopologyMatch\n - name: NodeResourcesAllocatable\n disabled:\n - name: PrioritySort\npluginConfig:\n - args:\n permitWaitingTimeSeconds: 10\n name: Coscheduling\nextenders:\n - urlPrefix: \"${urlPrefix}\"\n filterVerb: filter\n bindVerb: bind\n nodeCacheCapable: true\n ignorable: true\n httpTimeout: 30s\n weight: 1\n enableHTTPS: true\n tlsConfig:\n insecure: true\n managedResources:\n - name: nvidia.com/vgpu\n ignoredByScheduler: true\n - name: nvidia.com/gpumem\n ignoredByScheduler: true\n - name: nvidia.com/gpucores\n ignoredByScheduler: true\n - name: nvidia.com/gpumem-percentage\n ignoredByScheduler: true\n - name: nvidia.com/priority\n ignoredByScheduler: true\n - name: cambricon.com/mlunum\n ignoredByScheduler: true\n
After installing vgpu-scheduler, the system will automatically create a service (svc), and the urlPrefix specifies the URL of the svc.
Note
The svc refers to the pod service load. You can use the following command in the namespace where the nvidia-vgpu plugin is installed to get the external access information for port 443.
kubectl get svc -n ${namespace}\n
The urlPrefix format is https://${ip address}:${port}
Restart the scheduler pod of scheduler-plugins to load the new configuration file.
Note
When creating a vgpu application, you do not need to specify the name of a scheduler-plugin. The vgpu-scheduler webhook will automatically change the scheduler's name to \"scheduler-plugins-scheduler\" without manual specification.
AI platform Container Management module can manage two types of clusters: integrated clusters and created clusters.
For more information about cluster types, see Cluster Role.
We designed several status for these two clusters.
"},{"location":"en/admin/kpanda/clusters/cluster-status.html#integrated-clusters","title":"Integrated Clusters","text":"Status Description Integrating The cluster is being integrated into AI platform. Removing The cluster is being removed from AI platform. Running The cluster is running as expected. Unknown The cluster is lost. Data displayed in the AI platform UI is the cached data before the disconnection, which does not represent real-time data. Any operation during this status will not take effect. You should check cluster network connectivity or host status."},{"location":"en/admin/kpanda/clusters/cluster-status.html#created-clusters","title":"Created Clusters","text":"Status Description Creating The cluster is being created. Updating The Kubernetes version of the cluster is being operating. Deleting The cluster is being deleted. Running The cluster is running as expected. Unknown The cluster is lost. Data displayed in the AI platform UI is the cached data before the disconnection, which does not represent real-time data. Any operation during this status will not take effect. You should check cluster network connectivity or host status. Failed The cluster creation is failed. You should check the logs for detailed reasons."},{"location":"en/admin/kpanda/clusters/cluster-version.html","title":"Supported Kubernetes Versions","text":"In AI platform, the integrated clusters and created clusters have different version support mechanisms.
This page focuses on the version support mechanism for created clusters.
The Kubernetes community supports three version ranges: 1.26, 1.27, and 1.28. When a new version is released by the community, the supported version range is incremented. For example, if the latest version released by the community is 1.27, the supported version range by the community will be 1.27, 1.28, and 1.29.
To ensure the security and stability of the clusters, when creating clusters in AI platform, the supported version range will always be one version lower than the community's version.
For instance, if the Kubernetes community supports v1.25, v1.26, and v1.27, then the version range for creating worker clusters in AI platform will be v1.24, v1.25, and v1.26. Additionally, a stable version, such as 1.24.7, will be recommended to users.
Furthermore, the version range for creating worker clusters in AI platform will remain highly synchronized with the community. When the community version increases incrementally, the version range for creating worker clusters in AI platform will also increase by one version.
"},{"location":"en/admin/kpanda/clusters/cluster-version.html#supported-kubernetes-versions_1","title":"Supported Kubernetes Versions","text":"Kubernetes Community Versions Created Worker Cluster Versions Recommended Versions for Created Worker Cluster AI platform Installer Release DateIn AI platform Container Management, clusters can have four roles: global service cluster, management cluster, worker cluster, and integrated cluster. An integrated cluster can only be integrated from third-party vendors (see Integrate Cluster).
This page explains how to create a Worker Cluster. By default, when creating a new Worker Cluster, the operating system type and CPU architecture of the worker nodes should be consistent with the Global Service Cluster. If you want to create a cluster with a different operating system or architecture than the Global Management Cluster, refer to Creating an Ubuntu Worker Cluster on a CentOS Management Platform for instructions.
It is recommended to use the supported operating systems in AI platform to create the cluster. If your local nodes are not within the supported range, you can refer to Creating a Cluster on Non-Mainstream Operating Systems for instructions.
"},{"location":"en/admin/kpanda/clusters/create-cluster.html#prerequisites","title":"Prerequisites","text":"Certain prerequisites must be met before creating a cluster:
v1.26.0-v1.28
. If you need to create a cluster with a lower version, refer to the Supporterd Cluster Versions.Enter the Container Management module, click Create Cluster on the upper right corner of the Clusters page.
Fill in the basic information by referring to the following instructions.
Fill in the node configuration information and click Node Check .
High Availability: When enabled, at least 3 controller nodes are required. When disabled, only 1 controller node is needed.
It is recommended to use High Availability mode in production environments.
Credential Type: Choose whether to access nodes using username/password or public/private keys.
If using public/private key authentication, SSH keys for the nodes need to be configured in advance. Refer to Using SSH Key Authentication for Nodes.
Same Password: When enabled, all nodes in the cluster will have the same access password. Enter the unified password for accessing all nodes in the field below. If disabled, you can set separate usernames and passwords for each node.
If node check is passed, click Next . If the check failed, update Node Information and check again.
Fill in the network configuration and click Next .
Fill in the plug-in configuration and click Next .
Fill in advanced settings and click OK .
Success
Note
Clusters created in AI platform Container Management can be either deleted or removed. Clusters integrated into AI platform can only be removed.
Info
If you want to delete an integrated cluster, you should delete it in the platform where it is created.
In AI platform, the difference between Delete and Remove is:
Note
Enter the Container Management module, find your target cluster, click __ ...__ on the right, and select Remove in the drop-down list.
Enter the cluster name to confirm and click Delete .
You will be auto directed to cluster lists. The status of this cluster will changed to Deleting . It may take a while to delete/remove a cluster.
With the features of integrating clusters, AI platform allows you to manage on-premise and cloud clusters of various providers in a unified manner. This is quite important in avoiding the risk of being locked in by a certain providers, helping enterprises safely migrate their business to the cloud.
In AI platform Container Management module, you can integrate a cluster of the following providers: standard Kubernetes clusters, Redhat Openshift, SUSE Rancher, VMware Tanzu, Amazon EKS, Aliyun ACK, Huawei CCE, Tencent TKE, etc.
"},{"location":"en/admin/kpanda/clusters/integrate-cluster.html#prerequisites","title":"Prerequisites","text":"Enter Container Management module, and click Integrate Cluster in the upper right corner.
Fill in the basic information by referring to the following instructions.
Fill in the KubeConfig of the target cluster and click Verify Config . The cluster can be successfully connected only after the verification is passed.
Click How do I get the KubeConfig? to see the specific steps for getting this file.
Confirm that all parameters are filled in correctly and click OK in the lower right corner of the page.
Note
The status of the newly integrated cluster is Integrating , which will become Running after the integration succeeds.
"},{"location":"en/admin/kpanda/clusters/integrate-rancher-cluster.html","title":"Integrate the Rancher Cluster","text":"This page explains how to integrate a Rancher cluster.
"},{"location":"en/admin/kpanda/clusters/integrate-rancher-cluster.html#prerequisites","title":"Prerequisites","text":"Log in to the Rancher cluster with a role that has administrator privileges, and create a file named sa.yaml using the terminal.
vi sa.yaml\n
Press the i key to enter insert mode, then copy and paste the following content:
sa.yamlapiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n name: rancher-rke\n rules:\n - apiGroups:\n - '*'\n resources:\n - '*'\n verbs:\n - '*'\n - nonResourceURLs:\n - '*'\n verbs:\n - '*'\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n name: rancher-rke\n roleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: rancher-rke\n subjects:\n - kind: ServiceAccount\n name: rancher-rke\n namespace: kube-system\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: rancher-rke\n namespace: kube-system\n
Press the Esc key to exit insert mode, then type :wq to save and exit.
Run the following command in the current directory to create a ServiceAccount named rancher-rke (referred to as SA for short):
kubectl apply -f sa.yaml\n
The expected output is as follows:
clusterrole.rbac.authorization.k8s.io/rancher-rke created\nclusterrolebinding.rbac.authorization.k8s.io/rancher-rke created\nserviceaccount/rancher-rke created\n
Create a secret named rancher-rke-secret and bind the secret to the rancher-rke SA.
kubectl apply -f - <<EOF\napiVersion: v1\nkind: Secret\nmetadata:\n name: rancher-rke-secret\n namespace: kube-system\n annotations:\n kubernetes.io/service-account.name: rancher-rke\n type: kubernetes.io/service-account-token\nEOF\n
The output is expected to be:
secret/rancher-rke-secret created\n
Note
If your cluster version is lower than 1.24, please ignore this step and proceed to the next one.
Check secret for rancher-rke SA:
kubectl -n kube-system get secret | grep rancher-rke | awk '{print $1}'\n
The output is expected to be:
rancher-rke-secret\n
Check the rancher-rke-secret secret:
kubectl -n kube-system describe secret rancher-rke-secret\n
The output is expected to be:
Name: rancher-rke-secret\nNamespace: kube-system\nLabels: <none>\nAnnotations: kubernetes.io/service-account.name: rancher-rke\n kubernetes.io/service-account.uid: d83df5d9-bd7d-488d-a046-b740618a0174\n\nType: kubernetes.io/service-account-token\n\nData\n====\nca.crt: 570 bytes\nnamespace: 11 bytes\ntoken: eyJhbGciOiJSUzI1NiIsImtpZCI6IjUtNE9nUWZLRzVpbEJORkZaNmtCQXhqVzRsZHU4MHhHcDBfb0VCaUo0V1kifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJyYW5jaGVyLXJrZS1zZWNyZXQiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoicmFuY2hlci1ya2UiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJkODNkZjVkOS1iZDdkLTQ4OGQtYTA0Ni1iNzQwNjE4YTAxNzQiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06cmFuY2hlci1ya2UifQ.VNsMtPEFOdDDeGt_8VHblcMRvjOwPXMM-79o9UooHx6q-VkHOcIOp3FOT2hnEdNnIsyODZVKCpEdCgyozX-3y5x2cZSZpocnkMcBbQm-qfTyUcUhAY7N5gcYUtHUhvRAsNWJcsDCn6d96gT_qo-ddo_cT8Ri39Lc123FDYOnYG-YGFKSgRQVy7Vyv34HIajZCCjZzy7i--eE_7o4DXeTjNqAFMFstUxxHBOXI3Rdn1zKQKqh5Jhg4ES7X-edSviSUfJUX-QV_LlAw5DuAyGPH7bDH4QaQ5k-p6cIctmpWZE-9wRDlKA4LYRblKE7MJcI6OmM4ldlMM0Jc8N-gCtl4w\n
Perform the following steps on any local node where kubelet is installed:
Configure kubelet token.
kubectl config set-credentials rancher-rke --token= __rancher-rke-secret__ # token \u4fe1\u606f\n
For example,
kubectl config set-credentials eks-admin --token=eyJhbGciOiJSUzI1NiIsImtpZCI6IjUtNE9nUWZLRzVpbEJORkZaNmtCQXhqVzRsZHU4MHhHcDBfb0VCaUo0V1kifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJyYW5jaGVyLXJrZS1zZWNyZXQiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoicmFuY2hlci1ya2UiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJkODNkZjVkOS1iZDdkLTQ4OGQtYTA0Ni1iNzQwNjE4YTAxNzQiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06cmFuY2hlci1ya2UifQ.VNsMtPEFOdDDeGt_8VHblcMRvjOwPXMM-79o9UooHx6q-VkHOcIOp3FOT2hnEdNnIsyODZVKCpEdCgyozX-3y5x2cZSZpocnkMcBbQm-qfTyUcUhAY7N5gcYUtHUhvRAsNWJcsDCn6d96gT_qo-ddo_cT8Ri39Lc123FDYOnYG-YGFKSgRQVy7Vyv34HIajZCCjZzy7i--eE_7o4DXeTjNqAFMFstUxxHBOXI3Rdn1zKQKqh5Jhg4ES7X-edSviSUfJUX-QV_LlAw5DuAyGPH7bDH4QaQ5k-p6cIctmpWZE-9wRDlKA4LYRblKE7MJcI6OmM4ldlMM0Jc8N-gCtl4w\n
Configure the kubelet APIServer information.
kubectl config set-cluster {cluster-name} --insecure-skip-tls-verify=true --server={APIServer}\n
https://10.X.X.X:6443
.For example,
kubectl config set-cluster rancher-rke --insecure-skip-tls-verify=true --server=https://10.X.X.X:6443\n
Configure the kubelet context.
kubectl config set-context {context-name} --cluster={cluster-name} --user={SA-usename}\n
For example,
kubectl config set-context rancher-rke-context --cluster=rancher-rke --user=rancher-rke\n
Specify the newly created context rancher-rke-context in kubelet.
kubectl config use-context rancher-rke-context\n
Fetch the kubeconfig information for the context rancher-rke-context .
kubectl config view --minify --flatten --raw\n
The output is expected to be:
```yaml apiVersion: v1 clusters: - cluster: insecure-skip-tls-verify: true server: https://77C321BCF072682C70C8665ED4BFA10D.gr7.ap-southeast-1.eks.amazonaws.com name: joincluster contexts: - context: cluster: joincluster user: eks-admin name: ekscontext current-context: ekscontext kind: Config preferences: {} users: - name: eks-admin user: token: eyJhbGciOiJSUzI1NiIsImtpZCI6ImcxTjJwNkktWm5IbmRJU1RFRExvdWY1TGFWVUtGQ3VIejFtNlFQcUNFalEifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2V
Using the kubeconfig file fetched earlier, refer to the Integrate Cluster documentation to integrate the Rancher cluster to the global cluster.
"},{"location":"en/admin/kpanda/clusters/k8s-cert.html","title":"Update Kubernetes Cluster Certificate","text":"To ensure secure communication between various components of Kubernetes, TLS authentication is performed during calls between components, which requires configuring the cluster PKI certificates.
The validity period of cluster certificates is 1 year. To avoid service interruptions due to certificate expiration, please update the certificates in a timely manner.
This article explains how to manually update the certificates.
"},{"location":"en/admin/kpanda/clusters/k8s-cert.html#check-if-the-certificates-are-expired","title":"Check if the Certificates are Expired","text":"You can execute the following command to check if the certificates are expired:
kubeadm certs check-expiration\n
The output will be similar to the following:
CERTIFICATE EXPIRES RESIDUAL TIME CERTIFICATE AUTHORITY EXTERNALLY MANAGED\nadmin.conf Dec 14, 2024 07:26 UTC 204d no \napiserver Dec 14, 2024 07:26 UTC 204d ca no \napiserver-etcd-client Dec 14, 2024 07:26 UTC 204d etcd-ca no \napiserver-kubelet-client Dec 14, 2024 07:26 UTC 204d ca no \ncontroller-manager.conf Dec 14, 2024 07:26 UTC 204d no \netcd-healthcheck-client Dec 14, 2024 07:26 UTC 204d etcd-ca no \netcd-peer Dec 14, 2024 07:26 UTC 204d etcd-ca no \netcd-server Dec 14, 2024 07:26 UTC 204d etcd-ca no \nfront-proxy-client Dec 14, 2024 07:26 UTC 204d front-proxy-ca no \nscheduler.conf Dec 14, 2024 07:26 UTC 204d no \n\nCERTIFICATE AUTHORITY EXPIRES RESIDUAL TIME EXTERNALLY MANAGED\nca Dec 12, 2033 07:26 UTC 9y no \netcd-ca Dec 12, 2033 07:26 UTC 9y no \nfront-proxy-ca Dec 12, 2033 07:26 UTC 9y no \n
"},{"location":"en/admin/kpanda/clusters/k8s-cert.html#manually-update-certificates","title":"Manually Update Certificates","text":"You can manually update the certificates using the following command with appropriate command-line options. Please back up the current certificates before updating.
To update a specific certificate:
kubeadm certs renew\n
To update all certificates:
kubeadm certs renew all\n
The updated certificates can be viewed in the /etc/kubernetes/pki
directory, with a validity period extended by 1 year. The following corresponding configuration files will also be updated:
Note
/etc/kubernetes/pki
.After executing the update operation, you need to restart the control plane Pods. Since dynamic certificate reloading is currently not supported by all components and certificates, this operation is necessary.
Static Pods are managed by the local kubelet rather than the API server, so kubectl cannot be used to delete or restart them.
To restart static Pods, you can temporarily remove the manifest files from /etc/kubernetes/manifests/
and wait for 20 seconds. Refer to the fileCheckFrequency
value in the KubeletConfiguration structure.
If the Pods are not in the manifest directory, the kubelet will terminate them. After another fileCheckFrequency
cycle, you can move the files back, and the kubelet will recreate the Pods, completing the certificate update operation.
mv ./manifests/* ./temp/\nmv ./temp/* ./manifests/\n
Note
If the container service uses Docker, to make the certificates take effect, you can use the following command to restart the services involved with the certificates:
docker ps | grep -E 'k8s_kube-apiserver|k8s_kube-controller-manager|k8s_kube-scheduler|k8s_etcd_etcd' | awk -F ' ' '{print $1}' | xargs docker restart\n
"},{"location":"en/admin/kpanda/clusters/k8s-cert.html#update-kubeconfig","title":"Update KubeConfig","text":"During cluster setup, the admin.conf certificate is usually copied to $HOME/.kube/config. To update the contents of $HOME/.kube/config after updating admin.conf, you must run the following commands:
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config\nsudo chown $(id -u):$(id -g) $HOME/.kube/config\n
"},{"location":"en/admin/kpanda/clusters/k8s-cert.html#configure-certificate-rotation-for-kubelet","title":"Configure Certificate Rotation for Kubelet","text":"After completing the above operations, the update for all cluster certificates is basically complete, except for kubelet.
Kubernetes includes a feature for kubelet certificate rotation that automatically generates new keys and requests new certificates from the Kubernetes API when the current certificates are about to expire. Once the new certificates are available, they will be used for connection authentication with the Kubernetes API.
Note
This feature is available in Kubernetes version 1.8.0 or higher.
To enable client certificate rotation, configure the following parameters:
The kubelet process receives the --rotate-certificates
parameter, which determines whether kubelet will automatically request new certificates when the currently used certificates are about to expire.
The kube-controller-manager process receives the --cluster-signing-duration
parameter (previously --experimental-cluster-signing-duration
before version 1.19) to control the validity period of issued certificates.
For more details, refer to Configure Certificate Rotation for Kubelet.
"},{"location":"en/admin/kpanda/clusters/k8s-cert.html#automatically-update-certificates","title":"Automatically Update Certificates","text":"For more efficient and convenient handling of expired or soon-to-expire Kubernetes cluster certificates, you can refer to the K8s Version Cluster Certificate Update.
"},{"location":"en/admin/kpanda/clusters/runtime.html","title":"How to choose the container runtime","text":"The container runtime is an important component in kubernetes to manage the life cycle of containers and container images. Kubernetes made containerd the default container runtime in version 1.19, and removed support for the Dockershim component in version 1.24.
Therefore, compared to the Docker runtime, we recommend you to use the lightweight containerd as your container runtime, because this has become the current mainstream runtime choice.
In addition, some operating system distribution vendors are not friendly enough for Docker runtime compatibility. The runtime support of different operating systems is as follows:
"},{"location":"en/admin/kpanda/clusters/runtime.html#operating-systems-and-supported-runtimes","title":"Operating systems and supported runtimes","text":"Operating System Supported containerd Versions Supported Docker Versions CentOS 1.5.5, 1.5.7, 1.5.8, 1.5.9, 1.5.10, 1.5.11, 1.5.12, 1.5.13, 1.6.0, 1.6.1, 1.6.2, 1.6.3, 1.6.4, 1.6.5, 1.6.6, 1.6.7, 1.6.8, 1.6.9, 1.6.10, 1.6.11, 1.6.12, 1.6.13, 1.6.14, 1.6.15 (default) 18.09, 19.03, 20.10 (default) RedHatOS 1.5.5, 1.5.7, 1.5.8, 1.5.9, 1.5.10, 1.5.11, 1.5.12, 1.5.13, 1.6.0, 1.6.1, 1.6.2, 1.6.3, 1.6.4, 1.6.5, 1.6.6, 1.6.7, 1.6.8, 1.6.9, 1.6.10, 1.6.11, 1.6.12, 1.6.13, 1.6.14, 1.6.15 (default) 18.09, 19.03, 20.10 (default) KylinOS 1.5.5, 1.5.7, 1.5.8, 1.5.9, 1.5.10, 1.5.11, 1.5.12, 1.5.13, 1.6.0, 1.6.1, 1.6.2, 1.6.3, 1.6.4, 1.6.5, 1.6.6, 1.6.7, 1.6.8, 1.6.9, 1.6.10, 1.6.11, 1.6.12, 1.6.13, 1.6.14, 1.6.15 (default) 19.03 (Only supported by ARM architecture, Docker is not supported as a runtime under x86 architecture)Note
In the offline installation mode, you need to prepare the runtime offline package of the relevant operating system in advance.
"},{"location":"en/admin/kpanda/clusters/upgrade-cluster.html","title":"Cluster Upgrade","text":"The Kubernetes Community packages a small version every quarter, and the maintenance cycle of each version is only about 9 months. Some major bugs or security holes will not be updated after the version stops maintenance. Manually upgrading cluster operations is cumbersome and places a huge workload on administrators.
In Suanova, you can upgrade the Kubernetes cluster with one click through the web UI interface.
Danger
After the version is upgraded, it will not be possible to roll back to the previous version, please proceed with caution.
Note
Click the name of the target cluster in the cluster list.
Then click Cluster Operation and Maintenance -> Cluster Upgrade in the left navigation bar, and click Version Upgrade in the upper right corner of the page.
Select the version that can be upgraded, and enter the cluster name to confirm.
After clicking OK , you can see the upgrade progress of the cluster.
The cluster upgrade is expected to take 30 minutes. You can click the Real-time Log button to view the detailed log of the cluster upgrade.
ConfigMaps store non-confidential data in the form of key-value pairs to achieve the effect of mutual decoupling of configuration data and application code. ConfigMaps can be used as environment variables for containers, command-line parameters, or configuration files in storage volumes.
Note
The data saved in ConfigMaps cannot exceed 1 MiB. If you need to store larger volumes of data, it is recommended to mount a storage volume or use an independent database or file service.
ConfigMaps do not provide confidentiality or encryption. If you want to store encrypted data, it is recommended to use secret, or other third-party tools to ensure the privacy of data.
You can create ConfigMaps with two methods:
Integrated the Kubernetes cluster or created the Kubernetes cluster, and you can access the UI interface of the cluster.
Created a namespace, user, and authorized the user as NS Editor. For details, refer to Namespace Authorization.
Click the name of a cluster on the Clusters page to enter Cluster Details .
In the left navigation bar, click ConfigMap and Secret -> ConfigMap , and click the Create ConfigMap button in the upper right corner.
Fill in the configuration information on the Create ConfigMap page, and click OK .
!!! note
Click __Upload File__ to import an existing file locally to quickly create ConfigMaps.\n
After the creation is complete, click More on the right side of the ConfigMap to edit YAML, update, export, delete and other operations.
Click the name of a cluster on the Clusters page to enter Cluster Details .
In the left navigation bar, click ConfigMap and Secret -> ConfigMap , and click the YAML Create button in the upper right corner.
Fill in or paste the configuration file prepared in advance, and then click OK in the lower right corner of the pop-up box.
!!! note
- Click __Import__ to import an existing file locally to quickly create ConfigMaps.\n - After filling in the data, click __Download__ to save the configuration file locally.\n
After the creation is complete, click More on the right side of the ConfigMap to edit YAML, update, export, delete and other operations.
```yaml\n kind: ConfigMap\n apiVersion: v1\n metadata:\n name: kube-root-ca.crt\n namespace: default\n annotations:\n data:\n version: '1.0'\n ```\n
Next step: Use ConfigMaps
"},{"location":"en/admin/kpanda/configmaps-secrets/create-secret.html","title":"Create Secret","text":"A secret is a resource object used to store and manage sensitive information such as passwords, OAuth tokens, SSH, TLS credentials, etc. Using keys means you don't need to include sensitive secrets in your application code.
Secrets can be used in some cases:
You can create ConfigMaps with two methods:
Integrated the Kubernetes cluster or created the Kubernetes cluster, and you can access the UI interface of the cluster
Created a namespace, user, and authorized the user as NS Editor. For details, refer to Namespace Authorization.
Click the name of a cluster on the Clusters page to enter Cluster Details .
In the left navigation bar, click ConfigMap and Secret -> Secret , and click the Create Secret button in the upper right corner.
Fill in the configuration information on the Create Secret page, and click OK .
Note when filling in the configuration:
Click the name of a cluster on the Clusters page to enter Cluster Details .
In the left navigation bar, click ConfigMap and Secret -> Secret , and click the YAML Create button in the upper right corner.
Fill in the YAML configuration on the Create with YAML page, and click OK .
Supports importing YAML files from local or downloading and saving filled files to local.
```yaml\n apiVersion: v1\n kind: Secret\n metadata:\n name: secretdemo\n type: Opaque\n data:\n username: ****\n password: ****\n ```\n
Next step: use secret
"},{"location":"en/admin/kpanda/configmaps-secrets/use-configmap.html","title":"Use ConfigMaps","text":"ConfigMap (ConfigMap) is an API object of Kubernetes, which is used to save non-confidential data into key-value pairs, and can store configurations that other objects need to use. When used, the container can use it as an environment variable, a command-line argument, or a configuration file in a storage volume. By using ConfigMaps, configuration data and application code can be separated, providing a more flexible way to modify application configuration.
Note
ConfigMaps do not provide confidentiality or encryption. If the data to be stored is confidential, please use secret, or use other third-party tools to ensure the privacy of the data instead of ConfigMaps. In addition, when using ConfigMaps in containers, the container and ConfigMaps must be in the same cluster namespace.
"},{"location":"en/admin/kpanda/configmaps-secrets/use-configmap.html#scenes-to-be-used","title":"scenes to be used","text":"You can use ConfigMaps in Pods. There are many use cases, mainly including:
Use ConfigMaps to set the environment variables of the container
Use ConfigMaps to set the command line parameters of the container
Use ConfigMaps as container volumes
You can use the ConfigMap as the environment variable of the container through the graphical interface or the terminal command line.
Note
The ConfigMap import is to use the ConfigMap as the value of the environment variable; the ConfigMap key value import is to use a certain parameter in the ConfigMap as the value of the environment variable.
"},{"location":"en/admin/kpanda/configmaps-secrets/use-configmap.html#graphical-interface-operation","title":"Graphical interface operation","text":"When creating a workload through an image, you can set environment variables for the container by selecting Import ConfigMaps or Import ConfigMap Key Values on the Environment Variables interface.
Go to the Image Creation Workload page, in the Container Configuration step, select the Environment Variables configuration, and click the Add Environment Variable button.
Select ConfigMap Import or ConfigMap Key Value Import in the environment variable type.
When the environment variable type is selected as ConfigMap import , enter variable name , prefix name, ConfigMap name in sequence.
When the environment variable type is selected as ConfigMap key-value import , enter variable name , ConfigMap name, and Secret name in sequence.
You can set ConfigMaps as environment variables when creating a workload, using the valueFrom parameter to refer to the Key/Value in the ConfigMap.
apiVersion: v1\nkind: Pod\nmetadata:\n name: configmap-pod-1\nspec:\n containers:\n - name: test-container\n image: busybox\n command: [ \"/bin/sh\", \"-c\", \"env\" ]\n env:\n - name: SPECIAL_LEVEL_KEY\n valueFrom: # (1)\n configMapKeyRef:\n name: kpanda-configmap # (2)\n key: SPECIAL_LEVEL # (3)\n restartPolicy: Never\n
You can use ConfigMaps to set the command or parameter value in the container, and use the environment variable substitution syntax $(VAR_NAME) to do so. As follows.
apiVersion: v1\nkind: Pod\nmetadata:\n name: configmap-pod-3\nspec:\n containers:\n - name: test-container\n image: busybox\n command: [ \"/bin/sh\", \"-c\", \"echo $(SPECIAL_LEVEL_KEY) $(SPECIAL_TYPE_KEY)\" ]\n env:\n - name: SPECIAL_LEVEL_KEY\n valueFrom:\n configMapKeyRef:\n name: kpanda-configmap\n key: SPECIAL_LEVEL\n - name: SPECIAL_TYPE_KEY\n valueFrom:\n configMapKeyRef:\n name: kpanda-configmap\n key: SPECIAL_TYPE\n restartPolicy: Never\n
After the Pod runs, the output is as follows.
Hello Kpanda\n
"},{"location":"en/admin/kpanda/configmaps-secrets/use-configmap.html#used-as-container-volume","title":"Used as container volume","text":"You can use the ConfigMap as the environment variable of the container through the graphical interface or the terminal command line.
"},{"location":"en/admin/kpanda/configmaps-secrets/use-configmap.html#graphical-operation","title":"Graphical operation","text":"When creating a workload through an image, you can use the ConfigMap as the volume of the container by selecting the storage type as \"ConfigMap\" on the \"Data Storage\" interface.
Go to the Image Creation Workload page, in the Container Configuration step, select the Data Storage configuration, and click __Add in the __ Node Path Mapping __ list __ button.
Select ConfigMap in the storage type, and enter container path , subpath and other information in sequence.
To use a ConfigMap in a Pod's storage volume.
Here is an example Pod that mounts a ConfigMap as a volume:
apiVersion: v1\nkind: Pod\nmetadata:\n name: mypod\nspec:\n containers:\n -name: mypod\n image: redis\n volumeMounts:\n - name: foo\n mountPath: \"/etc/foo\"\n readOnly: true\n volumes:\n - name: foo\n configMap:\n name: myconfigmap\n
If there are multiple containers in a Pod, each container needs its own volumeMounts block, but you only need to set one spec.volumes block per ConfigMap.
Note
When a ConfigMap is used as a volume mounted on a container, the ConfigMap can only be read as a read-only file.
"},{"location":"en/admin/kpanda/configmaps-secrets/use-secret.html","title":"use key","text":"A secret is a resource object used to store and manage sensitive information such as passwords, OAuth tokens, SSH, TLS credentials, etc. Using keys means you don't need to include sensitive secrets in your application code.
"},{"location":"en/admin/kpanda/configmaps-secrets/use-secret.html#scenes-to-be-used","title":"scenes to be used","text":"You can use keys in Pods in a variety of use cases, mainly including:
You can use the key as the environment variable of the container through the GUI or the terminal command line.
Note
Key import is to use the key as the value of an environment variable; key key value import is to use a parameter in the key as the value of an environment variable.
"},{"location":"en/admin/kpanda/configmaps-secrets/use-secret.html#graphical-interface-operation","title":"Graphical interface operation","text":"When creating a workload from an image, you can set environment variables for the container by selecting Key Import or Key Key Value Import on the Environment Variables interface.
Go to the Image Creation Workload page.
Select the Environment Variables configuration in Container Configuration , and click the Add Environment Variable button.
Select Key Import or Key Key Value Import in the environment variable type.
When the environment variable type is selected as Key Import , enter Variable Name , Prefix , and Secret in sequence.
When the environment variable type is selected as key key value import , enter variable name , Secret , Secret name in sequence.
As shown in the example below, you can set the secret as an environment variable when creating the workload, using the valueFrom parameter to refer to the Key/Value in the Secret.
apiVersion: v1\nkind: Pod\nmetadata:\n name: secret-env-pod\nspec:\n containers:\n -name: mycontainer\n image: redis\n env:\n - name: SECRET_USERNAME\n valueFrom:\n secretKeyRef:\n name: mysecret\n key: username\n optional: false # (1)\n - name: SECRET_PASSWORD\n valueFrom:\n secretKeyRef:\n name: mysecret\n key: password\n optional: false # (2)\n
When creating a workload through an image, you can use the key as the volume of the container by selecting the storage type as \"key\" on the \"data storage\" interface.
Go to the Image Creation Workload page.
In the Container Configuration , select the Data Storage configuration, and click the Add button in the Node Path Mapping list.
Select Secret in the storage type, and enter container path , subpath and other information in sequence.
The following is an example of a Pod that mounts a Secret named mysecret via a volume:
apiVersion: v1\nkind: Pod\nmetadata:\n name: mypod\nspec:\n containers:\n -name: mypod\n image: redis\n volumeMounts:\n - name: foo\n mountPath: \"/etc/foo\"\n readOnly: true\n volumes:\n - name: foo\n secret:\n secretName: mysecret\n optional: false # (1)\n
If the Pod contains multiple containers, each container needs its own volumeMounts block, but only one .spec.volumes setting is required for each Secret.
"},{"location":"en/admin/kpanda/configmaps-secrets/use-secret.html#used-as-the-identity-authentication-credential-for-the-container-registry-when-the-kubelet-pulls-the-container-image","title":"Used as the identity authentication credential for the container registry when the kubelet pulls the container image","text":"You can use the key as the identity authentication credential for the Container registry through the GUI or the terminal command line.
"},{"location":"en/admin/kpanda/configmaps-secrets/use-secret.html#graphical-operation","title":"Graphical operation","text":"When creating a workload through an image, you can use the key as the volume of the container by selecting the storage type as \"key\" on the \"data storage\" interface.
Go to the Image Creation Workload page.
In the second step of Container Configuration , select the Basic Information configuration, and click the Select Image button.
Select the name of the private container registry in the drop-down list of `container registry' in the pop-up box. Please see Create Secret for details on private image secret creation.
Enter the image name in the private registry, click OK to complete the image selection.
Note
When creating a key, you need to ensure that you enter the correct container registry address, username, password, and select the correct mirror name, otherwise you will not be able to obtain the mirror image in the container registry.
"},{"location":"en/admin/kpanda/custom-resources/create.html","title":"CustomResourceDefinition (CRD)","text":"In Kubernetes, all objects are abstracted as resources, such as Pod, Deployment, Service, Volume, etc. are the default resources provided by Kubernetes. This provides important support for our daily operation and maintenance and management work, but in some special cases, the existing preset resources cannot meet the needs of the business. Therefore, we hope to expand the capabilities of the Kubernetes API, and CustomResourceDefinition (CRD) was born based on this requirement.
The container management module supports interface-based management of custom resources, and its main features are as follows:
Integrated the Kubernetes cluster or created Kubernetes, and you can access the cluster UI interface.
Created a namespace, user, and authorized the user as Cluster Admin
For details, refer to Namespace Authorization.
Click a cluster name to enter Cluster Details .
In the left navigation bar, click Custom Resource , and click the YAML Create button in the upper right corner.
On the Create with YAML page, fill in the YAML statement and click OK .
Return to the custom resource list page, and you can view the custom resource named crontabs.stable.example.com
just created.
Custom resource example:
CRD exampleapiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: crontabs.stable.example.com\nspec:\n group: stable.example.com\n versions:\n - name: v1\n served: true\n storage: true\n schema:\n openAPIV3Schema:\n type: object\n properties:\n spec:\n type: object\n properties:\n cronSpec:\n type: string\n image:\n type: string\n replicas:\n type: integer\n scope: Namespaced\n names:\n plural: crontabs\n singular: crontab\n kind: CronTab\n shortNames:\n - ct\n
"},{"location":"en/admin/kpanda/custom-resources/create.html#create-a-custom-resource-example-via-yaml","title":"Create a custom resource example via YAML","text":"Click a cluster name to enter Cluster Details .
In the left navigation bar, click Custom Resource , and click the YAML Create button in the upper right corner.
Click the custom resource named crontabs.stable.example.com
, enter the details, and click the YAML Create button in the upper right corner.
On the Create with YAML page, fill in the YAML statement and click OK .
Return to the details page of crontabs.stable.example.com
, and you can view the custom resource named my-new-cron-object just created.
CR Example:
CR exampleapiVersion: \"stable.example.com/v1\"\nkind: CronTab\nmetadata:\n name: my-new-cron-object\nspec:\n cronSpec: \"* * * * */5\"\n image: my-awesome-cron-image\n
"},{"location":"en/admin/kpanda/gpu/index.html","title":"Overview of GPU Management","text":"This article introduces the capability of Suanova container management platform in unified operations and management of heterogeneous resources, with a focus on GPUs.
"},{"location":"en/admin/kpanda/gpu/index.html#background","title":"Background","text":"With the rapid development of emerging technologies such as AI applications, large-scale models, artificial intelligence, and autonomous driving, enterprises are facing an increasing demand for compute-intensive tasks and data processing. Traditional compute architectures represented by CPUs can no longer meet the growing computational requirements of enterprises. At this point, heterogeneous computing represented by GPUs has been widely applied due to its unique advantages in processing large-scale data, performing complex calculations, and real-time graphics rendering.
Meanwhile, due to the lack of experience and professional solutions in scheduling and managing heterogeneous resources, the utilization efficiency of GPU devices is extremely low, resulting in high AI production costs for enterprises. The challenge of reducing costs, increasing efficiency, and improving the utilization of GPUs and other heterogeneous resources has become a pressing issue for many enterprises.
"},{"location":"en/admin/kpanda/gpu/index.html#introduction-to-gpu-capabilities","title":"Introduction to GPU Capabilities","text":"The Suanova container management platform supports unified scheduling and operations management of GPUs, NPUs, and other heterogeneous resources, fully unleashing the computational power of GPU resources, and accelerating the development of enterprise AI and other emerging applications. The GPU management capabilities of Suanova are as follows:
Similar to regular computer hardware, NVIDIA GPUs, as physical devices, need to have the NVIDIA GPU driver installed in order to be used. To reduce the cost of using GPUs on Kubernetes, NVIDIA provides the NVIDIA GPU Operator component to manage various components required for using NVIDIA GPUs. These components include the NVIDIA driver (for enabling CUDA), NVIDIA container runtime, GPU node labeling, DCGM-based monitoring, and more. In theory, users only need to plug the GPU into a compute device managed by Kubernetes, and they can use all the capabilities of NVIDIA GPUs through the GPU Operator. For more information about NVIDIA GPU Operator, refer to the NVIDIA official documentation. For deployment instructions, refer to Offline Installation of GPU Operator.
Architecture diagram of NVIDIA GPU Operator:
"},{"location":"en/admin/kpanda/gpu/FAQ.html","title":"GPU FAQs","text":""},{"location":"en/admin/kpanda/gpu/FAQ.html#gpu-processes-are-not-visible-while-running-nvidia-smi-inside-a-pod","title":"GPU processes are not visible while running nvidia-smi inside a pod","text":"Q: When running the nvidia-smi
command inside a GPU-utilizing pod, no GPU process information is visible in the full-card mode and vGPU mode.
A: Due to PID namespace
isolation, GPU processes are not visible inside the Pod. To view GPU processes, you can use one of the following methods:
hostPID: true
to enable viewing PIDs on the host.nvidia-smi
command in the driver pod of the gpu-operator to view processes.chroot /run/nvidia/driver nvidia-smi
command on the host to view processes.This section describes how to use Iluvatar virtual GPU on AI platform.
"},{"location":"en/admin/kpanda/gpu/Iluvatar_usage.html#prerequisites","title":"Prerequisites","text":"Check if the GPU in the cluster has been detected. Click Clusters -> Cluster Settings -> Addon Plugins , and check if the proper GPU type has been automatically enabled and detected. Currently, the cluster will automatically enable GPU and set the GPU type as Iluvatar .
Deploy a workload. Click Clusters -> Workloads and deploy a workload using the image. After selecting the type as (Iluvatar) , configure the GPU resources used by the application:
Physical Card Count (iluvatar.ai/vcuda-core): Indicates the number of physical cards that the current pod needs to mount. The input value must be an integer and less than or equal to the number of cards on the host machine.
Memory Usage (iluvatar.ai/vcuda-memory): Indicates the amount of GPU memory occupied by each card. The value is in MB, with a minimum value of 1 and a maximum value equal to the entire memory of the card.
If there are any issues with the configuration values, scheduling failures or resource allocation failures may occur.
To request GPU resources for a workload, add the iluvatar.ai/vcuda-core: 1 and iluvatar.ai/vcuda-memory: 200 to the requests and limits. These parameters configure the application to use the physical card resources.
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: full-iluvatar-gpu-demo\n namespace: default\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: full-iluvatar-gpu-demo\n template:\n metadata:\n labels:\n app: full-iluvatar-gpu-demo\n spec:\n containers:\n - image: nginx:perl\n name: container-0\n resources:\n limits:\n cpu: 250m\n iluvatar.ai/vcuda-core: '1'\n iluvatar.ai/vcuda-memory: '200'\n memory: 512Mi\n requests:\n cpu: 250m\n memory: 512Mi\n imagePullSecrets:\n - name: default-secret\n
"},{"location":"en/admin/kpanda/gpu/dynamic-regulation.html","title":"GPU Scheduling Configuration (Binpack and Spread)","text":"This page introduces how to reduce GPU resource fragmentation and prevent single points of failure through Binpack and Spread when using NVIDIA vGPU, achieving advanced scheduling for vGPU. The AI platform provides Binpack and Spread scheduling policies across two dimensions: clusters and workloads, meeting different usage requirements in various scenarios.
"},{"location":"en/admin/kpanda/gpu/dynamic-regulation.html#prerequisites","title":"Prerequisites","text":"Scheduling policy based on GPU dimension
Scheduling policy based on node dimension
Note
By default, workloads will follow the cluster-level Binpack and Spread. If a workload sets its own Binpack and Spread scheduling policies that differ from the cluster, the workload will prioritize its own scheduling policy.
On the Clusters page, select the cluster for which you want to adjust the Binpack and Spread scheduling policies. Click the \u2507 icon on the right and select GPU Scheduling Configuration from the dropdown list.
Adjust the GPU scheduling configuration according to your business scenario, and click OK to save.
Note
When the Binpack and Spread scheduling policies at the workload level conflict with the cluster-level configuration, the workload-level configuration takes precedence.
Follow the steps below to create a deployment using an image and configure Binpack and Spread scheduling policies within the workload.
Click Clusters in the left navigation bar, then click the name of the target cluster to enter the Cluster Details page.
On the Cluster Details page, click Workloads -> Deployments in the left navigation bar, then click the Create by Image button in the upper right corner of the page.
Sequentially fill in the Basic Information, Container Settings, and in the Container Configuration section, enable GPU configuration, selecting the GPU type as NVIDIA vGPU. Click Advanced Settings, enable the Binpack / Spread scheduling policy, and adjust the GPU scheduling configuration according to the business scenario. After configuration, click Next to proceed to Service Settings and Advanced Settings. Finally, click OK at the bottom right of the page to complete the creation.
This page explains the matrix of supported GPUs and operating systems for AI platform.
"},{"location":"en/admin/kpanda/gpu/gpu_matrix.html#nvidia-gpu","title":"NVIDIA GPU","text":"GPU Manufacturer and Type Supported GPU Models Compatible Operating System (Online) Recommended Kernel Recommended Operating System and Kernel Installation Documentation NVIDIA GPU (Full Card/vGPU)This document mainly introduces the configuration of GPU
scheduling, which can implement advanced scheduling policies. Currently, the primary implementation is the vgpu
scheduling policy.
vGPU
provides two policies for resource usage: binpack
and spread
. These correspond to node-level and GPU-level dimensions, respectively. The use case is whether you want to distribute workloads more sparsely across different nodes and GPUs or concentrate them on the same node and GPU, thereby making resource utilization more efficient and reducing resource fragmentation.
You can modify the scheduling policy in your cluster by following these steps:
binpack
, and the GPU-level policy is spread
.The above steps modify the cluster-level scheduling policy. Users can also specify their own scheduling policy at the workload level to change the scheduling results. Below is an example of modifying the scheduling policy at the workload level:
apiVersion: v1\nkind: Pod\nmetadata:\n name: gpu-pod\n annotations:\n hami.io/node-scheduler-policy: \"binpack\"\n hami.io/gpu-scheduler-policy: \"binpack\"\nspec:\n containers:\n - name: ubuntu-container\n image: ubuntu:18.04\n command: [\"bash\", \"-c\", \"sleep 86400\"]\n resources:\n limits:\n nvidia.com/gpu: 1\n nvidia.com/gpumem: 3000\n nvidia.com/gpucores: 30\n
In this example, both the node- and GPU-level scheduling policies are set to binpack
. This ensures that the workload is scheduled to maximize resource utilization and reduce fragmentation.
This section describes how to use vGPU capabilities on the AI platform.
"},{"location":"en/admin/kpanda/gpu/vgpu_quota.html#prerequisites","title":"Prerequisites","text":"The proper GPU driver (NVIDIA GPU, NVIDIA MIG, Iluvatar, Ascend) has been deployed on the current cluster either through an Operator or manually.
"},{"location":"en/admin/kpanda/gpu/vgpu_quota.html#procedure","title":"Procedure","text":"Follow these steps to manage GPU quotas in AI platform:
Go to Namespaces and click Quota Management to configure the GPU resources that can be used by a specific namespace.
The currently supported card types for quota management in a namespace are: NVIDIA vGPU, NVIDIA MIG, Iluvatar, and Ascend.
NVIDIA vGPU Quota Management: Configure the specific quota that can be used. This will create a ResourcesQuota CR.
- Physical Card Count (nvidia.com/vgpu): Indicates the number of physical cards that the current pod needs to mount. The input value must be an integer and **less than or equal to** the number of cards on the host machine.\n- GPU Core Count (nvidia.com/gpucores): Indicates the GPU compute power occupied by each card. The value ranges from 0 to 100. If configured as 0, it is considered not to enforce isolation. If configured as 100, it is considered to exclusively occupy the entire card.\n- GPU Memory Usage (nvidia.com/gpumem): Indicates the amount of GPU memory occupied by each card. The value is in MB, with a minimum value of 1 and a maximum value equal to the entire memory of the card.\n
This chapter provides installation guidance for Ascend NPU drivers, Device Plugin, NPU-Exporter, and other components.
"},{"location":"en/admin/kpanda/gpu/ascend/ascend_driver_install.html#prerequisites","title":"Prerequisites","text":"Before using NPU resources, you need to complete the firmware installation, NPU driver installation, Docker Runtime installation, user creation, log directory creation, and NPU Device Plugin installation. Refer to the following steps for details.
"},{"location":"en/admin/kpanda/gpu/ascend/ascend_driver_install.html#install-firmware","title":"Install Firmware","text":"npu-smi info
, and if the NPU information is returned normally, it indicates that the NPU driver and firmware are ready.Download Ascend Docker Runtime
Community edition download link: https://www.hiascend.com/zh/software/mindx-dl/community
wget -c https://mindx.obs.cn-south-1.myhuaweicloud.com/OpenSource/MindX/MindX%205.0.RC2/MindX%20DL%205.0.RC2/Ascend-docker-runtime_5.0.RC2_linux-x86_64.run\n
Install to the specified path by executing the following two commands in order, with parameters specifying the installation path:
chmod u+x Ascend-docker-runtime_5.0.RC2_linux-x86_64.run \n./Ascend-docker-runtime_{version}_linux-{arch}.run --install --install-path=<path>\n
Modify the containerd configuration file
If containerd has no default configuration file, execute the following three commands in order to create the configuration file:
mkdir /etc/containerd \ncontainerd config default > /etc/containerd/config.toml \nvim /etc/containerd/config.toml\n
If containerd has a configuration file:
vim /etc/containerd/config.toml\n
Modify the runtime installation path according to the actual situation, mainly modifying the runtime field:
... \n[plugins.\"io.containerd.monitor.v1.cgroups\"]\n no_prometheus = false \n[plugins.\"io.containerd.runtime.v1.linux\"]\n shim = \"containerd-shim\"\n runtime = \"/usr/local/Ascend/Ascend-Docker-Runtime/ascend-docker-runtime\"\n runtime_root = \"\"\n no_shim = false\n shim_debug = false\n [plugins.\"io.containerd.runtime.v2.task\"]\n platforms = [\"linux/amd64\"]\n...\n
Execute the following command to restart containerd:
systemctl restart containerd\n
Execute the following commands on the node where the components are installed to create a user.
# Ubuntu operating system\nuseradd -d /home/hwMindX -u 9000 -m -s /usr/sbin/nologin hwMindX\nusermod -a -G HwHiAiUser hwMindX\n# CentOS operating system\nuseradd -d /home/hwMindX -u 9000 -m -s /sbin/nologin hwMindX\nusermod -a -G HwHiAiUser hwMindX\n
"},{"location":"en/admin/kpanda/gpu/ascend/ascend_driver_install.html#create-log-directory","title":"Create Log Directory","text":"Create the parent directory for component logs and the log directories for each component on the proper node, and set the appropriate owner and permissions for the directories. Execute the following command to create the parent directory for component logs.
mkdir -m 755 /var/log/mindx-dl\nchown root:root /var/log/mindx-dl\n
Execute the following command to create the Device Plugin component log directory.
mkdir -m 750 /var/log/mindx-dl/devicePlugin\nchown root:root /var/log/mindx-dl/devicePlugin\n
Note
Please create the proper log directory for each required component. In this example, only the Device Plugin component is needed. For other component requirements, refer to the official documentation
"},{"location":"en/admin/kpanda/gpu/ascend/ascend_driver_install.html#create-node-labels","title":"Create Node Labels","text":"Refer to the following commands to create labels on the proper nodes:
# Create this label on computing nodes where the driver is installed\nkubectl label node {nodename} huawei.com.ascend/Driver=installed\nkubectl label node {nodename} node-role.kubernetes.io/worker=worker\nkubectl label node {nodename} workerselector=dls-worker-node\nkubectl label node {nodename} host-arch=huawei-arm // or host-arch=huawei-x86, select according to the actual situation\nkubectl label node {nodename} accelerator=huawei-Ascend910 // select according to the actual situation\n# Create this label on control nodes\nkubectl label node {nodename} masterselector=dls-master-node\n
"},{"location":"en/admin/kpanda/gpu/ascend/ascend_driver_install.html#install-device-plugin-and-npuexporter","title":"Install Device Plugin and NpuExporter","text":"Functional module path: Container Management -> Cluster, click the name of the target cluster, then click Helm Apps -> Helm Charts from the left navigation bar, and search for ascend-mindxdl.
After a successful installation, two components will appear under the proper namespace, as shown below:
At the same time, the proper NPU information will also appear on the node information:
Once everything is ready, you can select the proper NPU device when creating a workload through the page, as shown below:
Note
For detailed information of how to use, refer to Using Ascend (Ascend) NPU.
"},{"location":"en/admin/kpanda/gpu/ascend/vnpu.html","title":"Enable Ascend Virtualization","text":"Ascend virtualization is divided into dynamic virtualization and static virtualization. This document describes how to enable and use Ascend static virtualization capabilities.
"},{"location":"en/admin/kpanda/gpu/ascend/vnpu.html#prerequisites","title":"Prerequisites","text":"Supported NPU models:
For more details, refer to the official virtualization hardware documentation.
Refer to the Ascend NPU Component Installation Documentation for the basic environment setup.
"},{"location":"en/admin/kpanda/gpu/ascend/vnpu.html#enable-virtualization-capabilities","title":"Enable Virtualization Capabilities","text":"To enable virtualization capabilities, you need to manually modify the startup parameters of the ascend-device-plugin-daemonset
component. Refer to the following command:
- device-plugin -useAscendDocker=true -volcanoType=false -presetVirtualDevice=true\n- logFile=/var/log/mindx-dl/devicePlugin/devicePlugin.log -logLevel=0\n
"},{"location":"en/admin/kpanda/gpu/ascend/vnpu.html#split-vnpu-instances","title":"Split VNPU Instances","text":"Static virtualization requires manually splitting VNPU instances. Refer to the following command:
npu-smi set -t create-vnpu -i 13 -c 0 -f vir02\n
i
refers to the card id.c
refers to the chip id.vir02
refers to the split specification template.Card id and chip id can be queried using npu-smi info
. The split specifications can be found in the Ascend official templates.
After splitting the instance, you can query the split results using the following command:
npu-smi info -t info-vnpu -i 13 -c 0\n
The query result is as follows:
"},{"location":"en/admin/kpanda/gpu/ascend/vnpu.html#restart-ascend-device-plugin-daemonset","title":"Restartascend-device-plugin-daemonset
","text":"After splitting the instance, manually restart the device-plugin
pod, then use the kubectl describe
command to check the resources of the registered node:
kubectl describe node {{nodename}}\n
"},{"location":"en/admin/kpanda/gpu/ascend/vnpu.html#how-to-use-the-device","title":"How to Use the Device","text":"When creating an application, specify the resource key as shown in the following YAML:
......\nresources:\n requests:\n huawei.com/Ascend310P-2c: 1\n limits:\n huawei.com/Ascend310P-2c: 1\n......\n
"},{"location":"en/admin/kpanda/gpu/metax/usemetax.html","title":"MetaX GPU Component Installation and Usage","text":"This chapter provides installation guidance for MetaX's gpu-extensions, gpu-operator, and other components, as well as usage methods for both the full GPU and vGPU modes.
"},{"location":"en/admin/kpanda/gpu/metax/usemetax.html#prerequisites","title":"Prerequisites","text":"Metax provides two helm-chart packages: metax-extensions and gpu-operator. Depending on the usage scenario, different components can be selected for installation.
Extract the following from the /home/metax/metax-docs/k8s/metax-gpu-k8s-package.0.7.10.tar.gz
file:
Check if the system has the driver installed:
$ lsmod | grep metax \nmetax 1605632 0 \nttm 86016 3 drm_vram_helper,metax,drm_ttm_helper \ndrm 618496 7 drm_kms_helper,drm_vram_helper,ast,metax,drm_ttm_helper,ttm\n
Install the driver.
Push the image:
tar -xf metax-gpu-k8s-package.0.7.10.tar.gz\n./metax-k8s-images.0.7.10.run push {registry}/metax\n
Push the Helm Chart:
helm plugin install https://github.com/chartmuseum/helm-push\nhelm repo add --username rootuser --password rootpass123 metax http://172.16.16.5:8081\nhelm cm-push metax-operator-0.7.10.tgz metax\nhelm cm-push metax-gpu-extensions-0.7.10.tgz metax\n
Install metax-gpu-extensions on the AI computing platform.
After successful deployment, resources can be viewed on the node.
After successful modification, you can see the label with Metax GPU
on the node.
Known issues when installing gpu-operator
:
The images for the components metax-operator
, gpu-label
, gpu-device
, and container-runtime
must have the amd64
suffix.
The image for the metax-maca
component is not included in the metax-k8s-images.0.7.13.run
package and needs to be separately downloaded, such as maca-mxc500-2.23.0.23-ubuntu20.04-x86_64.tar.xz
. After loading it, the image for the metax-maca
component needs to be modified again.
The image for the metax-driver
component needs to be downloaded from https://pub-docstore.metax-tech.com:7001
as the k8s-driver-image.2.23.0.25.run
file, and then execute the command k8s-driver-image.2.23.0.25.run push {registry}/metax
to push the image to the image repository. After pushing, modify the image address for the metax-driver
component.
After installation, you can use MetaX GPU in workloads. Note that after enabling the GPU, you need to select the GPU type as Metax GPU.
Enter the container and execute mx-smi
to view the GPU usage.
This article introduces how to use Cambricon GPU in the Suanova AI computing platform.
"},{"location":"en/admin/kpanda/gpu/mlu/use-mlu.html#prerequisites","title":"Prerequisites","text":"When installing DevicePlugin, please disable the --enable-device-type parameter; otherwise, the Suanova AI computing platform will not be able to correctly recognize the Cambricon GPU.
"},{"location":"en/admin/kpanda/gpu/mlu/use-mlu.html#introduction-to-cambricon-gpu-modes","title":"Introduction to Cambricon GPU Modes","text":"Cambricon GPUs have the following modes:
virtualization-num
parameter.Here, we take the Dynamic SMLU mode as an example:
After correctly installing the DevicePlugin and other components, click the proper Cluster -> Cluster Maintenance -> Cluster Settings -> Addon Plugins to check whether the proper GPU type has been automatically enabled and detected.
Click the node management page to check if the nodes have correctly recognized the proper GPU type.
Deploy workloads. Click the proper Cluster -> Workloads, and deploy workloads using images. After selecting the type (MLU VGPU), you need to configure the GPU resources used by the App:
Refer to the following YAML file:
apiVersion: v1 \nkind: Pod \nmetadata: \n name: pod1 \nspec: \n restartPolicy: OnFailure \n containers: \n - image: ubuntu:16.04 \n name: pod1-ctr \n command: [\"sleep\"] \n args: [\"100000\"] \n resources: \n limits: \n cambricon.com/mlu: \"1\" # use this when device type is not enabled, else delete this line. \n #cambricon.com/mlu: \"1\" #uncomment to use when device type is enabled \n #cambricon.com/mlu.share: \"1\" #uncomment to use device with env-share mode \n #cambricon.com/mlu.mim-2m.8gb: \"1\" #uncomment to use device with mim mode \n #cambricon.com/mlu.smlu.vcore: \"100\" #uncomment to use device with mim mode \n #cambricon.com/mlu.smlu.vmemory: \"1024\" #uncomment to use device with mim mode\n
"},{"location":"en/admin/kpanda/gpu/nvidia/index.html","title":"NVIDIA GPU Usage Modes","text":"NVIDIA, as a well-known graphics computing provider, offers various software and hardware solutions to enhance computational power. Among them, NVIDIA provides the following three solutions for GPU usage:
"},{"location":"en/admin/kpanda/gpu/nvidia/index.html#full-gpu","title":"Full GPU","text":"Full GPU refers to allocating the entire NVIDIA GPU to a single user or application. In this configuration, the application can fully occupy all the resources of the GPU and achieve maximum computational performance. Full GPU is suitable for workloads that require a large amount of computational resources and memory, such as deep learning training, scientific computing, etc.
"},{"location":"en/admin/kpanda/gpu/nvidia/index.html#vgpu-virtual-gpu","title":"vGPU (Virtual GPU)","text":"vGPU is a virtualization technology that allows one physical GPU to be partitioned into multiple virtual GPUs, with each virtual GPU assigned to different virtual machines or users. vGPU enables multiple users to share the same physical GPU and independently use GPU resources in their respective virtual environments. Each virtual GPU can access a certain amount of compute power and memory capacity. vGPU is suitable for virtualized environments and cloud computing scenarios, providing higher resource utilization and flexibility.
"},{"location":"en/admin/kpanda/gpu/nvidia/index.html#mig-multi-instance-gpu","title":"MIG (Multi-Instance GPU)","text":"MIG is a feature introduced by the NVIDIA Ampere architecture that allows one physical GPU to be divided into multiple physical GPU instances, each of which can be independently allocated to different users or workloads. Each MIG instance has its own compute resources, memory, and PCIe bandwidth, just like an independent virtual GPU. MIG provides finer-grained GPU resource allocation and management and allows dynamic adjustment of the number and size of instances based on demand. MIG is suitable for multi-tenant environments, containerized applications, batch jobs, and other scenarios.
Whether using vGPU in a virtualized environment or MIG on a physical GPU, NVIDIA provides users with more choices and optimized ways to utilize GPU resources. The Suanova container management platform fully supports the above NVIDIA capabilities. Users can easily access the full computational power of NVIDIA GPUs through simple UI operations, thereby improving resource utilization and reducing costs.
nvidia.com/gpu
resource type.nvidia.com/mig-<slice_count>g.<memory_size>gb
.For detailed instructions on enabling these configurations, refer to Offline Installation of GPU Operator.
"},{"location":"en/admin/kpanda/gpu/nvidia/index.html#how-to-use","title":"How to Use","text":"You can refer to the following links to quickly start using Suanova's management capabilities for NVIDIA GPUs.
This section describes how to allocate the entire NVIDIA GPU to a single application on the AI platform.
"},{"location":"en/admin/kpanda/gpu/nvidia/full_gpu_userguide.html#prerequisites","title":"Prerequisites","text":"Check if the cluster has detected the GPUs. Click Clusters -> Cluster Settings -> Addon Plugins to see if it has automatically enabled and detected the proper GPU types. Currently, the cluster will automatically enable GPU and set the GPU Type as Nvidia GPU .
Deploy a workload. Click Clusters -> Workloads , and deploy the workload using the image method. After selecting the type ( Nvidia GPU ), configure the number of physical cards used by the application:
Physical Card Count (nvidia.com/gpu): Indicates the number of physical cards that the current pod needs to mount. The input value must be an integer and less than or equal to the number of cards on the host machine.
If the above value is configured incorrectly, scheduling failures and resource allocation issues may occur.
To request GPU resources for a workload, add the nvidia.com/gpu: 1 parameter to the resource request and limit configuration in the YAML file. This parameter configures the number of physical cards used by the application.
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: full-gpu-demo\n namespace: default\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: full-gpu-demo\n template:\n metadata:\n labels:\n app: full-gpu-demo\n spec:\n containers:\n - image: chrstnhntschl/gpu_burn\n name: container-0\n resources:\n requests:\n cpu: 250m\n memory: 512Mi\n nvidia.com/gpu: 1 # Number of GPUs requested\n limits:\n cpu: 250m\n memory: 512Mi\n nvidia.com/gpu: 1 # Upper limit of GPU usage\n imagePullSecrets:\n - name: default-secret\n
Note
When using the nvidia.com/gpu
parameter to specify the number of GPUs, the values for requests and limits must be consistent.
AI platform comes with pre-installed driver
images for the following three operating systems: Ubuntu 22.04, Ubuntu 20.04, and CentOS 7.9. The driver version is 535.104.12
. Additionally, it includes the required Toolkit
images for each operating system, so users no longer need to manually provide offline toolkit
images.
This page demonstrates using AMD architecture with CentOS 7.9 (3.10.0-1160). If you need to deploy on Red Hat 8.4, refer to Uploading Red Hat gpu-operator Offline Image to the Bootstrap Node Repository and Building Offline Yum Source for Red Hat 8.4.
"},{"location":"en/admin/kpanda/gpu/nvidia/install_nvidia_driver_of_operator.html#prerequisites","title":"Prerequisites","text":"To install the gpu-operator plugin for your cluster, follow these steps:
Log in to the platform and go to Container Management -> Clusters , check cluster eetails.
On the Helm Charts page, select All Repositories and search for gpu-operator .
Select gpu-operator and click Install .
Configure the installation parameters for gpu-operator based on the instructions below to complete the installation.
Ubuntu 22.04
, Ubuntu 20.04
, Centos 7.9
, and other
. Please choose the correct operating system.Driver.version : Version of the GPU driver image, use default parameters for offline deployment. Configuration is only required for online installation. Different versions of the Driver image exist for different types of operating systems. For more details, refer to Nvidia GPU Driver Versions. Examples of Driver Version
for different operating systems are as follows:
Note
When using the built-in operating system version, there is no need to modify the image version. For other operating system versions, please refer to Uploading Images to the Bootstrap Node Repository. note that there is no need to include the operating system name such as Ubuntu, CentOS, or Red Hat in the version number. If the official image contains an operating system suffix, please manually remove it.
525.105.17
535-5.15.0-1043-nvidia
525.147.05
Driver.RepoConfig.ConfigMapName : Used to record the name of the offline yum repository configuration file for the gpu-operator. When using the pre-packaged offline bundle, refer to the following documents for different types of operating systems.
Toolkit.enable : Enabled by default. This component allows containerd/docker to support running containers that require GPUs.
"},{"location":"en/admin/kpanda/gpu/nvidia/install_nvidia_driver_of_operator.html#mig-parameters","title":"MIG parameters","text":"For detailed configuration methods, refer to Enabling MIG Functionality.
MigManager.Config.name : The name of the MIG split configuration file, used to define the MIG (GI, CI) split policy. The default is default-mig-parted-config . For custom parameters, refer to Enabling MIG Functionality.
"},{"location":"en/admin/kpanda/gpu/nvidia/install_nvidia_driver_of_operator.html#next-steps","title":"Next Steps","text":"After completing the configuration and creation of the above parameters:
If using full-card mode , GPU resources can be used when creating applications.
If using vGPU mode , after completing the above configuration and creation, proceed to vGPU Addon Installation.
If using MIG mode and you need to use a specific split specification for individual GPU nodes, otherwise, split according to the default value in MigManager.Config
.
For single mode, add label to nodes as follows:
kubectl label nodes {node} nvidia.com/mig.config=\"all-1g.10gb\" --overwrite\n
For mixed mode, add label to nodes as follows:
kubectl label nodes {node} nvidia.com/mig.config=\"custom-config\" --overwrite\n
After spliting, applications can use MIG GPU resources.
This guide explains how to upload an offline image to the bootstrap repository using the nvcr.io/nvidia/driver:525.105.17-rhel8.4 offline driver image for Red Hat 8.4 as an example.
"},{"location":"en/admin/kpanda/gpu/nvidia/push_image_to_repo.html#prerequisites","title":"Prerequisites","text":"Perform the following steps on the internet-connected node:
Pull the nvcr.io/nvidia/driver:525.105.17-rhel8.4 offline driver image:
docker pull nvcr.io/nvidia/driver:525.105.17-rhel8.4\n
Once the image is pulled, save it as a compressed archive named nvidia-driver.tar :
docker save nvcr.io/nvidia/driver:525.105.17-rhel8.4 > nvidia-driver.tar\n
Copy the compressed image archive nvidia-driver.tar to the bootstrap node:
scp nvidia-driver.tar user@ip:/root\n
For example:
scp nvidia-driver.tar root@10.6.175.10:/root\n
Perform the following steps on the bootstrap node:
Log in to the bootstrap node and import the compressed image archive nvidia-driver.tar :
docker load -i nvidia-driver.tar\n
View the imported image:
docker images -a | grep nvidia\n
Expected output:
nvcr.io/nvidia/driver e3ed7dee73e9 1 days ago 1.02GB\n
Retag the image to correspond to the target repository in the remote Registry repository:
docker tag <image-name> <registry-url>/<repository-name>:<tag>\n
Replace with the name of the Nvidia image from the previous step, with the address of the Registry service on the bootstrap node, with the name of the repository you want to push the image to, and with the desired tag for the image.
For example:
docker tag nvcr.io/nvidia/driver 10.6.10.5/nvcr.io/nvidia/driver:525.105.17-rhel8.4\n
Push the image to the bootstrap repository:
docker push {ip}/nvcr.io/nvidia/driver:525.105.17-rhel8.4\n
Refer to Building Red Hat 8.4 Offline Yum Source and Offline Installation of GPU Operator to deploy the GPU Operator to your cluster.
"},{"location":"en/admin/kpanda/gpu/nvidia/ubuntu22.04_offline_install_driver.html","title":"Offline Install gpu-operator Driver on Ubuntu 22.04","text":"Prerequisite: Installed gpu-operator v23.9.0+2 or higher versions
"},{"location":"en/admin/kpanda/gpu/nvidia/ubuntu22.04_offline_install_driver.html#prepare-offline-image","title":"Prepare Offline Image","text":"Check the kernel version
$ uname -r\n5.15.0-78-generic\n
Check the GPU Driver image version applicable to your kernel, at https://catalog.ngc.nvidia.com/orgs/nvidia/containers/driver/tags
. Use the kernel to query the image version and save the image using ctr export
.
ctr i pull nvcr.io/nvidia/driver:535-5.15.0-78-generic-ubuntu22.04\nctr i export --all-platforms driver.tar.gz nvcr.io/nvidia/driver:535-5.15.0-78-generic-ubuntu22.04 \n
Import the image into the cluster's container registry
ctr i import driver.tar.gz\nctr i tag nvcr.io/nvidia/driver:535-5.15.0-78-generic-ubuntu22.04 {your_registry}/nvcr.m.daocloud.io/nvidia/driver:535-5.15.0-78-generic-ubuntu22.04\nctr i push {your_registry}/nvcr.m.daocloud.io/nvidia/driver:535-5.15.0-78-generic-ubuntu22.04 --skip-verify=true\n
driver.usePrecompiled=true
driver.version=535
, note that it should be 535, not 535.104.12The AI platform comes with a pre-installed GPU Operator offline package for CentOS 7.9 with kernel version 3.10.0-1160. or other OS types or kernel versions, users need to manually build an offline yum source.
This guide explains how to build an offline yum source for CentOS 7.9 with a specific kernel version and use it when installing the GPU Operator by specifying the RepoConfig.ConfigMapName parameter.
"},{"location":"en/admin/kpanda/gpu/nvidia/upgrade_yum_source_centos7_9.html#prerequisites","title":"Prerequisites","text":"This guide uses CentOS 7.9 with kernel version 3.10.0-1160.95.1.el7.x86_64 as an example to explain how to upgrade the pre-installed GPU Operator offline package's yum source.
"},{"location":"en/admin/kpanda/gpu/nvidia/upgrade_yum_source_centos7_9.html#check-os-and-kernel-versions-of-cluster-nodes","title":"Check OS and Kernel Versions of Cluster Nodes","text":"Run the following commands on both the control node of the Global cluster and the node where GPU Operator will be deployed. If the OS and kernel versions of the two nodes are consistent, there is no need to build a yum source. You can directly refer to the Offline Installation of GPU Operator document for installation. If the OS or kernel versions of the two nodes are not consistent, please proceed to the next step.
Run the following command to view the distribution name and version of the node where GPU Operator will be deployed in the cluster.
cat /etc/redhat-release\n
Expected output:
CentOS Linux release 7.9 (Core)\n
The output shows the current node's OS version as CentOS 7.9
.
Run the following command to view the kernel version of the node where GPU Operator will be deployed in the cluster.
uname -a\n
Expected output:
Linux localhost.localdomain 3.10.0-1160.95.1.el7.x86_64 #1 SMP Mon Oct 19 16:18:59 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux\n
The output shows the current node's kernel version as 3.10.0-1160.el7.x86_64
.
Perform the following steps on a node that has internet access and can access the file server:
Create a script file named yum.sh by running the following command:
vi yum.sh\n
Then press the i key to enter insert mode and enter the following content:
export TARGET_KERNEL_VERSION=$1\n\ncat >> run.sh << \\EOF\n#! /bin/bash\necho \"start install kernel repo\"\necho ${KERNEL_VERSION}\nmkdir centos-base\n\nif [ \"$OS\" -eq 7 ]; then\n yum install --downloadonly --downloaddir=./centos-base perl\n yum install --downloadonly --downloaddir=./centos-base elfutils-libelf.x86_64\n yum install --downloadonly --downloaddir=./redhat-base elfutils-libelf-devel.x86_64\n yum install --downloadonly --downloaddir=./centos-base kernel-headers-${KERNEL_VERSION}.el7.x86_64\n yum install --downloadonly --downloaddir=./centos-base kernel-devel-${KERNEL_VERSION}.el7.x86_64\n yum install --downloadonly --downloaddir=./centos-base kernel-${KERNEL_VERSION}.el7.x86_64\n yum install -y --downloadonly --downloaddir=./centos-base groff-base\nelif [ \"$OS\" -eq 8 ]; then\n yum install --downloadonly --downloaddir=./centos-base perl\n yum install --downloadonly --downloaddir=./centos-base elfutils-libelf.x86_64\n yum install --downloadonly --downloaddir=./redhat-base elfutils-libelf-devel.x86_64\n yum install --downloadonly --downloaddir=./centos-base kernel-headers-${KERNEL_VERSION}.el8.x86_64\n yum install --downloadonly --downloaddir=./centos-base kernel-devel-${KERNEL_VERSION}.el8.x86_64\n yum install --downloadonly --downloaddir=./centos-base kernel-${KERNEL_VERSION}.el8.x86_64\n yum install -y --downloadonly --downloaddir=./centos-base groff-base\nelse\n echo \"Error os version\"\nfi\n\ncreaterepo centos-base/\nls -lh centos-base/\ntar -zcf centos-base.tar.gz centos-base/\necho \"end install kernel repo\"\nEOF\n\ncat >> Dockerfile << EOF\nFROM centos:7\nENV KERNEL_VERSION=\"\"\nENV OS=7\nRUN yum install -y createrepo\nCOPY run.sh .\nENTRYPOINT [\"/bin/bash\",\"run.sh\"]\nEOF\n\ndocker build -t test:v1 -f Dockerfile .\ndocker run -e KERNEL_VERSION=$TARGET_KERNEL_VERSION --name centos7.9 test:v1\ndocker cp centos7.9:/centos-base.tar.gz .\ntar -xzf centos-base.tar.gz\n
Press the Esc key to exit insert mode, then enter :wq to save and exit.
Run the yum.sh file:
bash -x yum.sh TARGET_KERNEL_VERSION\n
The TARGET_KERNEL_VERSION
parameter is used to specify the kernel version of the cluster nodes.
Note: You don't need to include the distribution identifier (e.g., __ .el7.x86_64__ ). For example:
bash -x yum.sh 3.10.0-1160.95.1\n
Now you have generated an offline yum source, centos-base , for the kernel version 3.10.0-1160.95.1.el7.x86_64 .
"},{"location":"en/admin/kpanda/gpu/nvidia/upgrade_yum_source_centos7_9.html#upload-the-offline-yum-source-to-the-file-server","title":"Upload the Offline Yum Source to the File Server","text":"Perform the following steps on a node that has internet access and can access the file server. This step is used to upload the generated yum source from the previous step to a file server that can be accessed by the cluster where the GPU Operator will be deployed. The file server can be Nginx, MinIO, or any other file server that supports the HTTP protocol.
In this example, we will use the built-in MinIO as the file server. The MinIO details are as follows:
http://10.5.14.200:9000
(usually {bootstrap-node IP} + {port-9000} )Login password: rootpass123
Run the following command in the current directory of the node to establish a connection between the node's local mc command-line tool and the MinIO server:
mc config host add minio http://10.5.14.200:9000 rootuser rootpass123\n
The expected output should resemble the following:
Added __minio__ successfully.\n
mc is the command-line tool provided by MinIO for interacting with the MinIO server. For more details, refer to the MinIO Client documentation.
In the current directory of the node, create a bucket named centos-base :
mc mb -p minio/centos-base\n
The expected output should resemble the following:
Bucket created successfully __minio/centos-base__ .\n
Set the access policy of the bucket centos-base to allow public download. This will enable access during the installation of the GPU Operator:
mc anonymous set download minio/centos-base\n
The expected output should resemble the following:
Access permission for __minio/centos-base__ is set to __download__ \n
In the current directory of the node, copy the generated centos-base offline yum source to the minio/centos-base bucket on the MinIO server:
mc cp centos-base minio/centos-base --recursive\n
Perform the following steps on the control node of the cluster where the GPU Operator will be deployed.
Run the following command to create a file named CentOS-Base.repo that specifies the configmap for the yum source storage:
# The file name must be CentOS-Base.repo, otherwise it cannot be recognized during the installation of the GPU Operator\ncat > CentOS-Base.repo << EOF\n[extension-0]\nbaseurl = http://10.5.14.200:9000/centos-base/centos-base # The file server address where the yum source is placed in step 3\ngpgcheck = 0\nname = kubean extension 0\n\n[extension-1]\nbaseurl = http://10.5.14.200:9000/centos-base/centos-base # The file server address where the yum source is placed in step 3\ngpgcheck = 0\nname = kubean extension 1\nEOF\n
Based on the created CentOS-Base.repo file, create a configmap named local-repo-config in the gpu-operator namespace:
kubectl create configmap local-repo-config -n gpu-operator --from-file=CentOS-Base.repo=/etc/yum.repos.d/extension.repo\n
The expected output should resemble the following:
configmap/local-repo-config created\n
The local-repo-config configmap will be used to provide the value for the RepoConfig.ConfigMapName parameter during the installation of the GPU Operator. You can customize the configuration file name.
View the content of the local-repo-config configmap:
kubectl get configmap local-repo-config -n gpu-operator -oyaml\n
The expected output should resemble the following:
apiVersion: v1\ndata:\nCentOS-Base.repo: \"[extension-0]\\nbaseurl = http://10.6.232.5:32618/centos-base# The file server path where the yum source is placed in step 2\\ngpgcheck = 0\\nname = kubean extension 0\\n \\n[extension-1]\\nbaseurl = http://10.6.232.5:32618/centos-base # The file server path where the yum source is placed in step 2\\ngpgcheck = 0\\nname = kubean extension 1\\n\"\nkind: ConfigMap\nmetadata:\ncreationTimestamp: \"2023-10-18T01:59:02Z\"\nname: local-repo-config\nnamespace: gpu-operator\nresourceVersion: \"59445080\"\nuid: c5f0ebab-046f-442c-b932-f9003e014387\n
You have successfully created an offline yum source configuration file for the cluster where the GPU Operator will be deployed. You can use it during the offline installation of the GPU Operator by specifying the RepoConfig.ConfigMapName parameter.
"},{"location":"en/admin/kpanda/gpu/nvidia/upgrade_yum_source_redhat8_4.html","title":"Building Red Hat 8.4 Offline Yum Source","text":"The AI platform comes with pre-installed CentOS v7.9 and GPU Operator offline packages with kernel v3.10.0-1160. For other OS types or nodes with different kernels, users need to manually build the offline yum source.
This guide explains how to build an offline yum source package for Red Hat 8.4 based on any node in the Global cluster. It also demonstrates how to use it during the installation of the GPU Operator by specifying the RepoConfig.ConfigMapName parameter.
"},{"location":"en/admin/kpanda/gpu/nvidia/upgrade_yum_source_redhat8_4.html#prerequisites","title":"Prerequisites","text":"This guide uses a node with Red Hat 8.4 4.18.0-305.el8.x86_64 as an example to demonstrate how to build an offline yum source package for Red Hat 8.4 based on any node in the Global cluster. It also explains how to use it during the installation of the GPU Operator by specifying the RepoConfig.ConfigMapName parameter.
"},{"location":"en/admin/kpanda/gpu/nvidia/upgrade_yum_source_redhat8_4.html#step-1-download-the-yum-source-from-the-bootstrap-node","title":"Step 1: Download the Yum Source from the Bootstrap Node","text":"Perform the following steps on the master node of the Global cluster.
Use SSH or any other method to access any node in the Global cluster and run the following command:
cat /etc/yum.repos.d/extension.repo # View the contents of extension.repo.\n
The expected output should resemble the following:
[extension-0]\nbaseurl = http://10.5.14.200:9000/kubean/redhat/$releasever/os/$basearch\ngpgcheck = 0\nname = kubean extension 0\n\n[extension-1]\nbaseurl = http://10.5.14.200:9000/kubean/redhat-iso/$releasever/os/$basearch/AppStream\ngpgcheck = 0\nname = kubean extension 1\n\n[extension-2]\nbaseurl = http://10.5.14.200:9000/kubean/redhat-iso/$releasever/os/$basearch/BaseOS\ngpgcheck = 0\nname = kubean extension 2\n
Create a folder named redhat-base-repo under the root directory:
mkdir redhat-base-repo\n
Download the RPM packages from the yum source to your local machine:
Download the RPM packages from extension-1 :
reposync -p redhat-base-repo -n --repoid=extension-1\n
Download the RPM packages from extension-2 :
reposync -p redhat-base-repo -n --repoid=extension-2\n
Perform the following steps on a node with internet access. Before proceeding, ensure that there is network connectivity between the node with internet access and the master node of the Global cluster.
Run the following command on the node with internet access to download the elfutils-libelf-devel-0.187-4.el8.x86_64.rpm package:
wget https://rpmfind.net/linux/centos/8-stream/BaseOS/x86_64/os/Packages/elfutils-libelf-devel-0.187-4.el8.x86_64.rpm\n
Transfer the elfutils-libelf-devel-0.187-4.el8.x86_64.rpm package from the current directory to the node mentioned in step 1:
scp elfutils-libelf-devel-0.187-4.el8.x86_64.rpm user@ip:~/redhat-base-repo/extension-2/Packages/\n
For example:
scp elfutils-libelf-devel-0.187-4.el8.x86_64.rpm root@10.6.175.10:~/redhat-base-repo/extension-2/Packages/\n
Perform the following steps on the master node of the Global cluster mentioned in Step 1.
Enter the yum repository directories:
cd ~/redhat-base-repo/extension-1/Packages\ncd ~/redhat-base-repo/extension-2/Packages\n
Generate the repository index for the directories:
createrepo_c ./\n
You have now generated the offline yum source named redhat-base-repo for kernel version 4.18.0-305.el8.x86_64 .
"},{"location":"en/admin/kpanda/gpu/nvidia/upgrade_yum_source_redhat8_4.html#step-4-upload-the-local-yum-repository-to-the-file-server","title":"Step 4: Upload the Local Yum Repository to the File Server","text":"In this example, we will use Minio, which is built-in as the file server in the bootstrap node. However, you can choose any file server that suits your needs. Here are the details for Minio:
http://10.5.14.200:9000
(usually the {bootstrap-node-IP} + {port-9000})Login password: rootpass123
On the current node, establish a connection between the local mc command-line tool and the Minio server by running the following command:
mc config host add minio <file_server_access_url> <username> <password>\n
For example:
mc config host add minio http://10.5.14.200:9000 rootuser rootpass123\n
The expected output should be similar to:
Added __minio__ successfully.\n
The mc command-line tool is provided by the Minio file server as a client command-line tool. For more details, refer to the MinIO Client documentation.
Create a bucket named redhat-base in the current location:
mc mb -p minio/redhat-base\n
The expected output should be similar to:
Bucket created successfully __minio/redhat-base__ .\n
Set the access policy of the redhat-base bucket to allow public downloads so that it can be accessed during the installation of the GPU Operator:
mc anonymous set download minio/redhat-base\n
The expected output should be similar to:
Access permission for __minio/redhat-base__ is set to __download__ \n
Copy the offline yum repository files ( redhat-base-repo ) from the current location to the Minio server's minio/redhat-base bucket:
mc cp redhat-base-repo minio/redhat-base --recursive\n
Perform the following steps on the control node of the cluster where you will deploy the GPU Operator.
Run the following command to create a file named redhat.repo , which specifies the configuration information for the yum repository storage:
# The file name must be redhat.repo, otherwise it won't be recognized when installing gpu-operator\ncat > redhat.repo << EOF\n[extension-0]\nbaseurl = http://10.5.14.200:9000/redhat-base/redhat-base-repo/Packages # The file server address where the yum source is stored in Step 1\ngpgcheck = 0\nname = kubean extension 0\n\n[extension-1]\nbaseurl = http://10.5.14.200:9000/redhat-base/redhat-base-repo/Packages # The file server address where the yum source is stored in Step 1\ngpgcheck = 0\nname = kubean extension 1\nEOF\n
Based on the created redhat.repo file, create a configmap named local-repo-config in the gpu-operator namespace:
kubectl create configmap local-repo-config -n gpu-operator --from-file=./redhat.repo\n
The expected output should be similar to:
configmap/local-repo-config created\n
The local-repo-config configuration file is used to provide the value for the RepoConfig.ConfigMapName parameter during the installation of the GPU Operator. You can choose a different name for the configuration file.
View the contents of the local-repo-config configuration file:
kubectl get configmap local-repo-config -n gpu-operator -oyaml\n
You have successfully created the offline yum source configuration file for the cluster where the GPU Operator will be deployed. You can use it by specifying the RepoConfig.ConfigMapName parameter during the offline installation of the GPU Operator.
"},{"location":"en/admin/kpanda/gpu/nvidia/yum_source_redhat7_9.html","title":"Build an Offline Yum Repository for Red Hat 7.9","text":""},{"location":"en/admin/kpanda/gpu/nvidia/yum_source_redhat7_9.html#introduction","title":"Introduction","text":"AI platform comes with a pre-installed CentOS 7.9 with GPU Operator offline package for kernel 3.10.0-1160. You need to manually build an offline yum repository for other OS types or nodes with different kernels.
This page explains how to build an offline yum repository for Red Hat 7.9 based on any node in the Global cluster, and how to use the RepoConfig.ConfigMapName
parameter when installing the GPU Operator.
Download rhel7.9 ISO
Download the rhel7.9 ospackage that corresponds to your Kubean version.
Find the version number of Kubean in the Container Management section of the Global cluster under Helm Apps.
Download the rhel7.9 ospackage for that version from the Kubean repository.
Import offline resources using the installer.
Click here to view the download url.
"},{"location":"en/admin/kpanda/gpu/nvidia/yum_source_redhat7_9.html#3-upload-red-hat-gpu-operator-offline-image-to-boostrap-node-repository","title":"3. Upload Red Hat GPU Operator Offline Image to Boostrap Node Repository","text":"Refer to Upload Red Hat GPU Operator Offline Image to Boostrap Node Repository.
Note
This reference is based on rhel8.4, so make sure to modify it for rhel7.9.
"},{"location":"en/admin/kpanda/gpu/nvidia/yum_source_redhat7_9.html#4-create-configmaps-in-the-cluster-to-save-yum-repository-information","title":"4. Create ConfigMaps in the Cluster to Save Yum Repository Information","text":"Run the following command on the control node of the cluster where the GPU Operator is to be deployed.
Run the following command to create a file named CentOS-Base.repo to specify the configuration information where the yum repository is stored.
# The file name must be CentOS-Base.repo, otherwise it will not be recognized when installing gpu-operator\ncat > CentOS-Base.repo << EOF\n[extension-0]\nbaseurl = http://10.5.14.200:9000/centos-base/centos-base # The server file address of the boostrap node, usually {boostrap node IP} + {9000 port}\ngpgcheck = 0\nname = kubean extension 0\n\n[extension-1]\nbaseurl = http://10.5.14.200:9000/centos-base/centos-base # The server file address of the boostrap node, usually {boostrap node IP} + {9000 port}\ngpgcheck = 0\nname = kubean extension 1\nEOF\n
Based on the created CentOS-Base.repo file, create a profile named local-repo-config in the gpu-operator namespace:
kubectl create configmap local-repo-config -n gpu-operator --from-file=CentOS-Base.repo=/etc/yum.repos.d/extension.repo\n
The expected output is as follows:
configmap/local-repo-config created\n
The local-repo-config profile is used to provide the value of the RepoConfig.ConfigMapName
parameter when installing gpu-operator, and the profile name can be customized by the user.
View the contents of the local-repo-config profile:
kubectl get configmap local-repo-config -n gpu-operator -oyaml\n
The expected output is as follows:
local-repo-config.yamlapiVersion: v1\ndata:\n CentOS-Base.repo: \"[extension-0]\\nbaseurl = http://10.6.232.5:32618/centos-base # The file path where yum repository is placed in Step 2 \\ngpgcheck = 0\\nname = kubean extension 0\\n \\n[extension-1]\\nbaseurl\n = http://10.6.232.5:32618/centos-base # The file path where yum repository is placed in Step 2 \\ngpgcheck = 0\\nname\n = kubean extension 1\\n\"\nkind: ConfigMap\nmetadata:\n creationTimestamp: \"2023-10-18T01:59:02Z\"\n name: local-repo-config\n namespace: gpu-operator\n resourceVersion: \"59445080\"\n uid: c5f0ebab-046f-442c-b932-f9003e014387\n
At this point, you have successfully created the offline yum repository profile for the cluster where the GPU Operator is to be deployed. The RepoConfig.ConfigMapName
parameter was used during the Offline Installation of GPU Operator.
MIG allows cloud service providers to partition a physical GPU into multiple independent GPU instances, which can be allocated to different tenants. This enables resource isolation and independence, meeting the GPU computing needs of multiple tenants.
MIG enables finer-grained GPU resource management in containerized environments. By partitioning a physical GPU into multiple MIG instances, each container can be assigned with dedicated GPU compute resources, providing better performance isolation and resource utilization.
For batch processing jobs requiring large-scale parallel computing, MIG provides higher computational performance and larger memory capacity. Each MIG instance can utilize a portion of the physical GPU's compute resources, accelerating the processing of large-scale computational tasks.
MIG offers increased compute power and memory capacity for training large-scale deep learning models. By partitioning the physical GPU into multiple MIG instances, each instance can independently carry out model training, improving training efficiency and throughput.
In general, NVIDIA MIG is suitable for scenarios that require finer-grained allocation and management of GPU resources. It enables resource isolation, improved performance utilization, and meets the GPU computing needs of multiple users or applications.
"},{"location":"en/admin/kpanda/gpu/nvidia/mig/index.html#overview-of-mig","title":"Overview of MIG","text":"NVIDIA Multi-Instance GPU (MIG) is a new feature introduced by NVIDIA on H100, A100, and A30 series GPUs. Its purpose is to divide a physical GPU into multiple GPU instances to provide finer-grained resource sharing and isolation. MIG can split a GPU into up to seven GPU instances, allowing a single physical GPU to provide separate GPU resources to multiple users, maximizing GPU utilization.
This feature enables multiple applications or users to share GPU resources simultaneously, improving the utilization of computational resources and increasing system scalability.
With MIG, each GPU instance's processor has an independent and isolated path throughout the entire memory system, including cross-switch ports on the chip, L2 cache groups, memory controllers, and DRAM address buses, all uniquely allocated to a single instance.
This ensures that the workload of individual users can run with predictable throughput and latency, along with identical L2 cache allocation and DRAM bandwidth. MIG can partition available GPU compute resources (such as streaming multiprocessors or SMs and GPU engines like copy engines or decoders) to provide defined quality of service (QoS) and fault isolation for different clients such as virtual machines, containers, or processes. MIG enables multiple GPU instances to run in parallel on a single physical GPU.
MIG allows multiple vGPUs (and virtual machines) to run in parallel on a single GPU instance while retaining the isolation guarantees provided by vGPU. For more details on using vGPU and MIG for GPU partitioning, refer to NVIDIA Multi-Instance GPU and NVIDIA Virtual Compute Server.
"},{"location":"en/admin/kpanda/gpu/nvidia/mig/index.html#mig-architecture","title":"MIG Architecture","text":"The following diagram provides an overview of MIG, illustrating how it virtualizes one physical GPU into seven GPU instances that can be used by multiple users.
"},{"location":"en/admin/kpanda/gpu/nvidia/mig/index.html#important-concepts","title":"Important Concepts","text":"Resource Sharing: MIG allows a single physical GPU to be divided into multiple GPU instances, providing efficient sharing of GPU resources among different users or applications. This maximizes GPU utilization and enables improved performance isolation.
Fine-Grained Resource Allocation: With MIG, GPU resources can be allocated at a finer granularity, allowing for more precise partitioning and allocation of compute power and memory capacity.
Improved Performance Isolation: Each MIG instance operates independently with its dedicated resources, ensuring predictable throughput and latency for individual users or applications. This improves performance isolation and prevents interference between different workloads running on the same GPU.
Enhanced Security and Fault Isolation: MIG provides better security and fault isolation by ensuring that each user or application has its dedicated GPU resources. This prevents unauthorized access to data and mitigates the impact of faults or errors in one instance on others.
Increased Scalability: MIG enables the simultaneous usage of GPU resources by multiple users or applications, increasing system scalability and accommodating the needs of various workloads.
Efficient Containerization: By using MIG in containerized environments, GPU resources can be effectively allocated to different containers, improving performance isolation and resource utilization.
Overall, MIG offers significant advantages in terms of resource sharing, fine-grained allocation, performance isolation, security, scalability, and containerization, making it a valuable feature for various GPU computing scenarios.
"},{"location":"en/admin/kpanda/gpu/nvidia/mig/create_mig.html","title":"Enabling MIG Features","text":"This section describes how to enable NVIDIA MIG features. NVIDIA currently provides two strategies for exposing MIG devices on Kubernetes nodes:
For more details, refer to the NVIDIA GPU Usage Modes.
"},{"location":"en/admin/kpanda/gpu/nvidia/mig/create_mig.html#prerequisites","title":"Prerequisites","text":"When installing the Operator, you need to set the MigManager Config parameter accordingly. The default setting is default-mig-parted-config. You can also customize the sharding policy configuration file:
"},{"location":"en/admin/kpanda/gpu/nvidia/mig/create_mig.html#custom-sharding-policy","title":"Custom Sharding Policy","text":" ## Custom GI Instance Configuration\n all-disabled:\n - devices: all\n mig-enabled: false\n all-enabled:\n - devices: all\n mig-enabled: true\n mig-devices: {}\n all-1g.10gb:\n - devices: all\n mig-enabled: true\n mig-devices:\n 1g.5gb: 7\n all-1g.10gb.me:\n - devices: all\n mig-enabled: true\n mig-devices:\n 1g.10gb+me: 1\n all-1g.20gb:\n - devices: all\n mig-enabled: true\n mig-devices:\n 1g.20gb: 4\n all-2g.20gb:\n - devices: all\n mig-enabled: true\n mig-devices:\n 2g.20gb: 3\n all-3g.40gb:\n - devices: all\n mig-enabled: true\n mig-devices:\n 3g.40gb: 2\n all-4g.40gb:\n - devices: all\n mig-enabled: true\n mig-devices:\n 4g.40gb: 1\n all-7g.80gb:\n - devices: all\n mig-enabled: true\n mig-devices:\n 7g.80gb: 1\n all-balanced:\n - device-filter: [\"0x233110DE\", \"0x232210DE\", \"0x20B210DE\", \"0x20B510DE\", \"0x20F310DE\", \"0x20F510DE\"]\n devices: all\n mig-enabled: true\n mig-devices:\n 1g.10gb: 2\n 2g.20gb: 1\n 3g.40gb: 1\n # After setting, CI instances will be partitioned according to the specified configuration\n custom-config:\n - devices: all\n mig-enabled: true\n mig-devices:\n 3g.40gb: 2\n
In the above YAML, set custom-config to partition CI instances according to the specifications.
custom-config:\n - devices: all\n mig-enabled: true\n mig-devices:\n 1c.3g.40gb: 6\n
After completing the settings, you can use GPU MIG resources when confirming the deployment of the application.
"},{"location":"en/admin/kpanda/gpu/nvidia/mig/create_mig.html#switch-node-gpu-mode","title":"Switch Node GPU Mode","text":"After successfully installing the GPU operator, the node is in full card mode by default. There will be an indicator on the node management page, as shown below:
Click the \u2507 at the right side of the node list, select a GPU mode to switch, and then choose the proper MIG mode and sharding policy. Here, we take MIXED mode as an example:
There are two configurations here:
After clicking OK button, wait for about a minute and refresh the page. The MIG mode will be switched to:
"},{"location":"en/admin/kpanda/gpu/nvidia/mig/mig_command.html","title":"MIG Related Commands","text":"GI Related Commands:
Subcommand Description nvidia-smi mig -lgi View the list of created GI instances nvidia-smi mig -dgi -gi Delete a specific GI instance nvidia-smi mig -lgip View the profile of GI nvidia-smi mig -cgi Create a GI using the specified profile IDCI Related Commands:
Subcommand Description nvidia-smi mig -lcip { -gi {gi Instance ID}} View the profile of CI, specifying -gi will show the CIs that can be created for a particular GI instance nvidia-smi mig -lci View the list of created CI instances nvidia-smi mig -cci {profile id} -gi {gi instance id} Create a CI instance with the specified GI nvidia-smi mig -dci -ci Delete a specific CI instanceGI+CI Related Commands:
Subcommand Description nvidia-smi mig -i 0 -cgi {gi profile id} -C {ci profile id} Create a GI + CI instance directly"},{"location":"en/admin/kpanda/gpu/nvidia/mig/mig_usage.html","title":"Using MIG GPU Resources","text":"This section explains how applications can use MIG GPU resources.
"},{"location":"en/admin/kpanda/gpu/nvidia/mig/mig_usage.html#prerequisites","title":"Prerequisites","text":"Confirm if the cluster has recognized the GPU type.
Go to Cluster Details -> Nodes and check if it has been correctly recognized as MIG.
When deploying an application using an image, you can select and use NVIDIA MIG resources.
Example of MIG Single Mode (used in the same way as a full GPU):
Note
The MIG single policy allows users to request and use GPU resources in the same way as a full GPU (nvidia.com/gpu
). The difference is that these resources can be a portion of the GPU (MIG device) rather than the entire GPU. Learn more from the GPU MIG Mode Design.
MIG Mixed Mode
MIG Single mode:
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: mig-demo\n namespace: default\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: mig-demo\n template:\n metadata:\n creationTimestamp: null\n labels:\n app: mig-demo\n spec:\n containers:\n - name: mig-demo1\n image: chrstnhntschl/gpu_burn\n resources:\n limits:\n nvidia.com/gpu: 2 # (1)!\n imagePullPolicy: Always\n restartPolicy: Always\n
MIG Mixed mode:
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: mig-demo\n namespace: default\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: mig-demo\n template:\n metadata:\n creationTimestamp: null\n labels:\n app: mig-demo\n spec:\n containers:\n - name: mig-demo1\n image: chrstnhntschl/gpu_burn\n resources:\n limits:\n nvidia.com/mig-4g.20gb: 1 # (1)!\n imagePullPolicy: Always\n restartPolicy: Always\n
After entering the container, you can check if only one MIG device is being used:
"},{"location":"en/admin/kpanda/gpu/nvidia/vgpu/hami.html","title":"Build a vGPU Memory Oversubscription Image","text":"The vGPU memory oversubscription feature in the Hami Project no longer exists. To use this feature, you need to rebuild with the libvgpu.so
file that supports memory oversubscription.
FROM docker.m.daocloud.io/projecthami/hami:v2.3.11\nCOPY libvgpu.so /k8s-vgpu/lib/nvidia/\n
Run the following command to build the image:
docker build -t release.daocloud.io/projecthami/hami:v2.3.11 -f Dockerfile .\n
Then, push the image to release.daocloud.io
.
To virtualize a single NVIDIA GPU into multiple virtual GPUs and allocate them to different virtual machines or users, you can use NVIDIA's vGPU capability. This section explains how to install the vGPU plugin in the AI platform, which is a prerequisite for using NVIDIA vGPU capability.
"},{"location":"en/admin/kpanda/gpu/nvidia/vgpu/vgpu_addon.html#prerequisites","title":"Prerequisites","text":"Path: Container Management -> Cluster Management -> Click the target cluster -> Helm Apps -> Helm Charts -> Search for nvidia-vgpu .
During the installation of vGPU, several basic modification parameters are provided. If you need to modify advanced parameters, click the YAML column to make changes:
deviceMemoryScaling : NVIDIA device memory scaling factor, the input value must be an integer, with a default value of 1. It can be greater than 1 (enabling virtual memory, experimental feature). For an NVIDIA GPU with a memory size of M, if we configure the devicePlugin.deviceMemoryScaling parameter as S, in a Kubernetes cluster where we have deployed our device plugin, the vGPUs assigned from this GPU will have a total memory of S * M .
deviceSplitCount : An integer type, with a default value of 10. Number of GPU splits, each GPU cannot be assigned more tasks than its configuration count. If configured as N, each GPU can have up to N tasks simultaneously.
Resources : Represents the resource usage of the vgpu-device-plugin and vgpu-schedule pods.
After a successful installation, you will see two types of pods in the specified namespace, indicating that the NVIDIA vGPU plugin has been successfully installed:
After a successful installation, you can deploy applications using vGPU resources.
Note
NVIDIA vGPU Addon does not support upgrading directly from the older v2.0.0 to the latest v2.0.0+1; To upgrade, please uninstall the older version and then reinstall the latest version.
"},{"location":"en/admin/kpanda/gpu/nvidia/vgpu/vgpu_user.html","title":"Using NVIDIA vGPU in Applications","text":"This section explains how to use the vGPU capability in the AI platform.
"},{"location":"en/admin/kpanda/gpu/nvidia/vgpu/vgpu_user.html#prerequisites","title":"Prerequisites","text":"Confirm if the cluster has detected GPUs. Click the Clusters -> Cluster Settings -> Addon Plugins and check if the GPU plugin has been automatically enabled and the proper GPU type has been detected. Currently, the cluster will automatically enable the GPU addon and set the GPU Type as Nvidia vGPU .
Deploy a workload by clicking Clusters -> Workloads . When deploying a workload using an image, select the type Nvidia vGPU , and you will be prompted with the following parameters:
If there are issues with the configuration values above, it may result in scheduling failure or inability to allocate resources.
Refer to the following workload configuration and add the parameter nvidia.com/vgpu: '1' in the resource requests and limits section to configure the number of physical cards used by the application.
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: full-vgpu-demo\n namespace: default\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: full-vgpu-demo\n template:\n metadata:\n creationTimestamp: null\n labels:\n app: full-vgpu-demo\n spec:\n containers:\n - name: full-vgpu-demo1\n image: chrstnhntschl/gpu_burn\n resources:\n limits:\n nvidia.com/gpucores: '20' # Request 20% of GPU cores for each card\n nvidia.com/gpumem: '200' # Request 200MB of GPU memory for each card\n nvidia.com/vgpu: '1' # Request 1 GPU\n imagePullPolicy: Always\n restartPolicy: Always\n
This YAML configuration requests the application to use vGPU resources. It specifies that each card should utilize 20% of GPU cores, 200MB of GPU memory, and requests 1 GPU.
"},{"location":"en/admin/kpanda/gpu/volcano/volcano-gang-scheduler.html","title":"Using Volcano's Gang Scheduler","text":"The Gang scheduling policy is one of the core scheduling algorithms of the volcano-scheduler. It satisfies the \"All or nothing\" scheduling requirement during the scheduling process, preventing arbitrary scheduling of Pods that could waste cluster resources. The specific algorithm observes whether the number of scheduled Pods under a Job meets the minimum running quantity. When the Job's minimum running quantity is satisfied, scheduling actions are performed for all Pods under the Job; otherwise, no actions are taken.
"},{"location":"en/admin/kpanda/gpu/volcano/volcano-gang-scheduler.html#use-cases","title":"Use Cases","text":"The Gang scheduling algorithm, based on the concept of a Pod group, is particularly suitable for scenarios that require multi-process collaboration. AI scenarios often involve complex workflows, such as Data Ingestion, Data Analysis, Data Splitting, Training, Serving, and Logging, which require a group of containers to work together. This makes the Gang scheduling policy based on pods very appropriate.
In multi-threaded parallel computing communication scenarios under the MPI computation framework, Gang scheduling is also very suitable because it requires master and slave processes to work together. High relevance among containers in a pod may lead to resource contention, and overall scheduling allocation can effectively resolve deadlocks.
In scenarios with insufficient cluster resources, the Gang scheduling policy significantly improves the utilization of cluster resources. For example, if the cluster can currently accommodate only 2 Pods, but the minimum number of Pods required for scheduling is 3, then all Pods of this Job will remain pending until the cluster can accommodate 3 Pods, at which point the Pods will be scheduled. This effectively prevents the partial scheduling of Pods, which would not meet the requirements and would occupy resources, making other Jobs unable to run.
"},{"location":"en/admin/kpanda/gpu/volcano/volcano-gang-scheduler.html#concept-explanation","title":"Concept Explanation","text":"The Gang Scheduler is the core scheduling plugin of Volcano, and it is enabled by default upon installing Volcano. When creating a workload, you only need to specify the scheduler name as Volcano.
Volcano schedules based on PodGroups. When creating a workload, there is no need to manually create PodGroup resources; Volcano will automatically create them based on the workload information. Below is an example of a PodGroup:
apiVersion: scheduling.volcano.sh/v1beta1\nkind: PodGroup\nmetadata:\n name: test\n namespace: default\nspec:\n minMember: 1 # (1)!\n minResources: # (2)!\n cpu: \"3\"\n memory: \"2048Mi\"\n priorityClassName: high-prority # (3)!\n queue: default # (4)!\n
In a multi-threaded parallel computing communication scenario under the MPI computation framework, we need to ensure that all Pods can be successfully scheduled to ensure the job is completed correctly. Setting minAvailable to 4 means that 1 mpimaster and 3 mpiworkers are required to run.
apiVersion: batch.volcano.sh/v1alpha1\nkind: Job\nmetadata:\n name: lm-mpi-job\n labels:\n \"volcano.sh/job-type\": \"MPI\"\nspec:\n minAvailable: 4\n schedulerName: volcano\n plugins:\n ssh: []\n svc: []\n policies:\n - event: PodEvicted\n action: RestartJob\n tasks:\n - replicas: 1\n name: mpimaster\n policies:\n - event: TaskCompleted\n action: CompleteJob\n template:\n spec:\n containers:\n - command:\n - /bin/sh\n - -c\n - |\n MPI_HOST=`cat /etc/volcano/mpiworker.host | tr \"\\n\" \",\"`;\n mkdir -p /var/run/sshd; /usr/sbin/sshd;\n mpiexec --allow-run-as-root --host ${MPI_HOST} -np 3 mpi_hello_world;\n image: docker.m.daocloud.io/volcanosh/example-mpi:0.0.1\n name: mpimaster\n ports:\n - containerPort: 22\n name: mpijob-port\n workingDir: /home\n resources:\n requests:\n cpu: \"500m\"\n limits:\n cpu: \"500m\"\n restartPolicy: OnFailure\n imagePullSecrets:\n - name: default-secret\n - replicas: 3\n name: mpiworker\n template:\n spec:\n containers:\n - command:\n - /bin/sh\n - -c\n - |\n mkdir -p /var/run/sshd; /usr/sbin/sshd -D;\n image: docker.m.daocloud.io/volcanosh/example-mpi:0.0.1\n name: mpiworker\n ports:\n - containerPort: 22\n name: mpijob-port\n workingDir: /home\n resources:\n requests:\n cpu: \"1000m\"\n limits:\n cpu: \"1000m\"\n restartPolicy: OnFailure\n imagePullSecrets:\n - name: default-secret\n
Generate the resources for PodGroup:
apiVersion: scheduling.volcano.sh/v1beta1\nkind: PodGroup\nmetadata:\n annotations:\n creationTimestamp: \"2024-05-28T09:18:50Z\"\n generation: 5\n labels:\n volcano.sh/job-type: MPI\n name: lm-mpi-job-9c571015-37c7-4a1a-9604-eaa2248613f2\n namespace: default\n ownerReferences:\n - apiVersion: batch.volcano.sh/v1alpha1\n blockOwnerDeletion: true\n controller: true\n kind: Job\n name: lm-mpi-job\n uid: 9c571015-37c7-4a1a-9604-eaa2248613f2\n resourceVersion: \"25173454\"\n uid: 7b04632e-7cff-4884-8e9a-035b7649d33b\nspec:\n minMember: 4\n minResources:\n count/pods: \"4\"\n cpu: 3500m\n limits.cpu: 3500m\n pods: \"4\"\n requests.cpu: 3500m\n minTaskMember:\n mpimaster: 1\n mpiworker: 3\n queue: default\nstatus:\n conditions:\n - lastTransitionTime: \"2024-05-28T09:19:01Z\"\n message: '3/4 tasks in gang unschedulable: pod group is not ready, 1 Succeeded,\n 3 Releasing, 4 minAvailable'\n reason: NotEnoughResources\n status: \"True\"\n transitionID: f875efa5-0358-4363-9300-06cebc0e7466\n type: Unschedulable\n - lastTransitionTime: \"2024-05-28T09:18:53Z\"\n reason: tasks in gang are ready to be scheduled\n status: \"True\"\n transitionID: 5a7708c8-7d42-4c33-9d97-0581f7c06dab\n type: Scheduled\n phase: Pending\n succeeded: 1\n
From the PodGroup, it can be seen that it is associated with the workload through ownerReferences and sets the minimum number of running Pods to 4.
"},{"location":"en/admin/kpanda/gpu/volcano/volcano_user_guide.html","title":"Use Volcano for AI Compute","text":""},{"location":"en/admin/kpanda/gpu/volcano/volcano_user_guide.html#usage-scenarios","title":"Usage Scenarios","text":"Kubernetes has become the de facto standard for orchestrating and managing cloud-native applications, and an increasing number of applications are choosing to migrate to K8s. The fields of artificial intelligence and machine learning inherently involve a large number of compute-intensive tasks, and developers are very willing to build AI platforms based on Kubernetes to fully leverage its resource management, application orchestration, and operations monitoring capabilities. However, the default Kubernetes scheduler was initially designed primarily for long-running services and has many shortcomings in batch and elastic scheduling for AI and big data tasks. For example, resource contention issues:
Take TensorFlow job scenarios as an example. TensorFlow jobs include two different roles, PS and Worker, and the Pods for these two roles need to work together to complete the entire job. If only one type of role Pod is running, the entire job cannot be executed properly. The default scheduler schedules Pods one by one and is unaware of the PS and Worker roles in a Kubeflow TFJob. In a high-load cluster (insufficient resources), multiple jobs may each be allocated some resources to run a portion of their Pods, but the jobs cannot complete successfully, leading to resource waste. For instance, if a cluster has 4 GPUs and both TFJob1 and TFJob2 each have 4 Workers, TFJob1 and TFJob2 might each be allocated 2 GPUs. However, both TFJob1 and TFJob2 require 4 GPUs to run. This mutual waiting for resource release creates a deadlock situation, resulting in GPU resource waste.
"},{"location":"en/admin/kpanda/gpu/volcano/volcano_user_guide.html#volcano-batch-scheduling-system","title":"Volcano Batch Scheduling System","text":"Volcano is the first Kubernetes-based container batch computing platform under CNCF, focusing on high-performance computing scenarios. It fills in the missing functionalities of Kubernetes in fields such as machine learning, big data, and scientific computing, providing essential support for these high-performance workloads. Additionally, Volcano seamlessly integrates with mainstream computing frameworks like Spark, TensorFlow, and PyTorch, and supports hybrid scheduling of heterogeneous devices, including CPUs and GPUs, effectively resolving the deadlock issues mentioned above.
The following sections will introduce how to install and use Volcano.
"},{"location":"en/admin/kpanda/gpu/volcano/volcano_user_guide.html#install-volcano","title":"Install Volcano","text":"Find Volcano in Cluster Details -> Helm Apps -> Helm Charts and install it.
Check and confirm whether Volcano is installed successfully, that is, whether the components volcano-admission, volcano-controllers, and volcano-scheduler are running properly.
Typically, Volcano is used in conjunction with the AI Lab to achieve an effective closed-loop process for the development and training of datasets, Notebooks, and task training.
"},{"location":"en/admin/kpanda/gpu/volcano/volcano_user_guide.html#volcano-use-cases","title":"Volcano Use Cases","text":"schedulerName: volcano
).volcanoJob
resource is an extension of the Job in Volcano, breaking the Job down into smaller working units called tasks, which can interact with each other.Here is an example:
apiVersion: batch.volcano.sh/v1alpha1\nkind: Job\nmetadata:\n name: tensorflow-benchmark\n labels:\n \"volcano.sh/job-type\": \"Tensorflow\"\nspec:\n minAvailable: 3\n schedulerName: volcano\n plugins:\n env: []\n svc: []\n policies:\n - event: PodEvicted\n action: RestartJob\n tasks:\n - replicas: 1\n name: ps\n template:\n spec:\n imagePullSecrets:\n - name: default-secret\n containers:\n - command:\n - sh\n - -c\n - |\n PS_HOST=`cat /etc/volcano/ps.host | sed 's/$/&:2222/g' | tr \"\\n\" \",\"`;\n WORKER_HOST=`cat /etc/volcano/worker.host | sed 's/$/&:2222/g' | tr \"\\n\" \",\"`;\n python tf_cnn_benchmarks.py --batch_size=32 --model=resnet50 --variable_update=parameter_server --flush_stdout=true --num_gpus=1 --local_parameter_device=cpu --device=cpu --data_format=NHWC --job_name=ps --task_index=${VK_TASK_INDEX} --ps_hosts=${PS_HOST} --worker_hosts=${WORKER_HOST}\n image: docker.m.daocloud.io/volcanosh/example-tf:0.0.1\n name: tensorflow\n ports:\n - containerPort: 2222\n name: tfjob-port\n resources:\n requests:\n cpu: \"1000m\"\n memory: \"2048Mi\"\n limits:\n cpu: \"1000m\"\n memory: \"2048Mi\"\n workingDir: /opt/tf-benchmarks/scripts/tf_cnn_benchmarks\n restartPolicy: OnFailure\n - replicas: 2\n name: worker\n policies:\n - event: TaskCompleted\n action: CompleteJob\n template:\n spec:\n imagePullSecrets:\n - name: default-secret\n containers:\n - command:\n - sh\n - -c\n - |\n PS_HOST=`cat /etc/volcano/ps.host | sed 's/$/&:2222/g' | tr \"\\n\" \",\"`;\n WORKER_HOST=`cat /etc/volcano/worker.host | sed 's/$/&:2222/g' | tr \"\\n\" \",\"`;\n python tf_cnn_benchmarks.py --batch_size=32 --model=resnet50 --variable_update=parameter_server --flush_stdout=true --num_gpus=1 --local_parameter_device=cpu --device=cpu --data_format=NHWC --job_name=worker --task_index=${VK_TASK_INDEX} --ps_hosts=${PS_HOST} --worker_hosts=${WORKER_HOST}\n image: docker.m.daocloud.io/volcanosh/example-tf:0.0.1\n name: tensorflow\n ports:\n - containerPort: 2222\n name: tfjob-port\n resources:\n requests:\n cpu: \"2000m\"\n memory: \"2048Mi\"\n limits:\n cpu: \"2000m\"\n memory: \"4096Mi\"\n workingDir: /opt/tf-benchmarks/scripts/tf_cnn_benchmarks\n restartPolicy: OnFailure\n
"},{"location":"en/admin/kpanda/gpu/volcano/volcano_user_guide.html#parallel-computing-with-mpi","title":"Parallel Computing with MPI","text":"In multi-threaded parallel computing communication scenarios under the MPI computing framework, we need to ensure that all Pods are successfully scheduled to guarantee the task's proper completion. Setting minAvailable
to 4 indicates that 1 mpimaster
and 3 mpiworkers
are required to run. By simply setting the schedulerName
field value to \"volcano,\" you can enable the Volcano scheduler.
Here is an example:
apiVersion: batch.volcano.sh/v1alpha1\nkind: Job\nmetadata:\n name: lm-mpi-job\n labels:\n \"volcano.sh/job-type\": \"MPI\"\nspec:\n minAvailable: 4\n schedulerName: volcano\n plugins:\n ssh: []\n svc: []\n policies:\n - event: PodEvicted\n action: RestartJob\n tasks:\n - replicas: 1\n name: mpimaster\n policies:\n - event: TaskCompleted\n action: CompleteJob\n template:\n spec:\n containers:\n - command:\n - /bin/sh\n - -c\n - |\n MPI_HOST=`cat /etc/volcano/mpiworker.host | tr \"\\n\" \",\"`;\n mkdir -p /var/run/sshd; /usr/sbin/sshd;\n mpiexec --allow-run-as-root --host ${MPI_HOST} -np 3 mpi_hello_world;\n image: docker.m.daocloud.io/volcanosh/example-mpi:0.0.1\n name: mpimaster\n ports:\n - containerPort: 22\n name: mpijob-port\n workingDir: /home\n resources:\n requests:\n cpu: \"500m\"\n limits:\n cpu: \"500m\"\n restartPolicy: OnFailure\n imagePullSecrets:\n - name: default-secret\n - replicas: 3\n name: mpiworker\n template:\n spec:\n containers:\n - command:\n - /bin/sh\n - -c\n - |\n mkdir -p /var/run/sshd; /usr/sbin/sshd -D;\n image: docker.m.daocloud.io/volcanosh/example-mpi:0.0.1\n name: mpiworker\n ports:\n - containerPort: 22\n name: mpijob-port\n workingDir: /home\n resources:\n requests:\n cpu: \"1000m\"\n limits:\n cpu: \"1000m\"\n restartPolicy: OnFailure\n imagePullSecrets:\n - name: default-secret\n
Resources to generate PodGroup:
apiVersion: scheduling.volcano.sh/v1beta1\nkind: PodGroup\nmetadata:\n annotations:\n creationTimestamp: \"2024-05-28T09:18:50Z\"\n generation: 5\n labels:\n volcano.sh/job-type: MPI\n name: lm-mpi-job-9c571015-37c7-4a1a-9604-eaa2248613f2\n namespace: default\n ownerReferences:\n - apiVersion: batch.volcano.sh/v1alpha1\n blockOwnerDeletion: true\n controller: true\n kind: Job\n name: lm-mpi-job\n uid: 9c571015-37c7-4a1a-9604-eaa2248613f2\n resourceVersion: \"25173454\"\n uid: 7b04632e-7cff-4884-8e9a-035b7649d33b\nspec:\n minMember: 4\n minResources:\n count/pods: \"4\"\n cpu: 3500m\n limits.cpu: 3500m\n pods: \"4\"\n requests.cpu: 3500m\n minTaskMember:\n mpimaster: 1\n mpiworker: 3\n queue: default\nstatus:\n conditions:\n - lastTransitionTime: \"2024-05-28T09:19:01Z\"\n message: '3/4 tasks in gang unschedulable: pod group is not ready, 1 Succeeded,\n 3 Releasing, 4 minAvailable'\n reason: NotEnoughResources\n status: \"True\"\n transitionID: f875efa5-0358-4363-9300-06cebc0e7466\n type: Unschedulable\n - lastTransitionTime: \"2024-05-28T09:18:53Z\"\n reason: tasks in gang are ready to be scheduled\n status: \"True\"\n transitionID: 5a7708c8-7d42-4c33-9d97-0581f7c06dab\n type: Scheduled\n phase: Pending\n succeeded: 1\n
From the PodGroup, it can be seen that it is associated with the workload through ownerReferences
and sets the minimum number of running Pods to 4.
If you want to learn more about the features and usage scenarios of Volcano, refer to Volcano Introduction.
"},{"location":"en/admin/kpanda/helm/index.html","title":"Helm Charts","text":"Helm is a package management tool for Kubernetes, which makes it easy for users to quickly discover, share and use applications built with Kubernetes. The Container Management Module provides hundreds of Helm charts, covering storage, network, monitoring, database and other main cases. With these templates, you can quickly deploy and easily manage Helm apps through the UI interface. In addition, it supports adding more personalized templates through Add Helm repository to meet various needs.
Key Concepts:
There are a few key concepts to understand when using Helm:
Chart: A Helm installation package, which contains the images, dependencies, and resource definitions required to run an application, and may also contain service definitions in the Kubernetes cluster, similar to the formula in Homebrew, dpkg in APT, or rpm files in Yum. Charts are called Helm Charts in AI platform.
Release: A Chart instance running on the Kubernetes cluster. A Chart can be installed multiple times in the same cluster, and each installation will create a new Release. Release is called Helm Apps in AI platform.
Repository: A repository for publishing and storing Charts. Repository is called Helm Repositories in AI platform.
For more details, refer to Helm official website.
Related operations:
This article explains how to import Helm appss into the system's built-in addons in both offline and online environments.
"},{"location":"en/admin/kpanda/helm/Import-addon.html#offline-environment","title":"Offline Environment","text":"An offline environment refers to an environment that cannot connect to the internet or is a closed private network environment.
"},{"location":"en/admin/kpanda/helm/Import-addon.html#prerequisites","title":"Prerequisites","text":"Note
Go to Container Management -> Helm Apps -> Helm Repositories , search for the addon, and obtain the built-in repository address and username/password (the default username/password for the system's built-in repository is rootuser/rootpass123).
Sync the Helm Chart to the built-in repository addon of the container management system
Write the following configuration file, modify it according to your specific configuration, and save it as sync-dao-2048.yaml .
source: # helm charts source information\n repo:\n kind: HARBOR # It can also be any other supported Helm Chart repository type, such as CHARTMUSEUM\n url: https://release-ci.daocloud.io/chartrepo/community # Change to the chart repo URL\n #auth: # username/password, if no password is set, leave it blank\n #username: \"admin\"\n #password: \"Harbor12345\"\ncharts: # charts to sync\n - name: dao-2048 # helm charts information, if not specified, sync all charts in the source helm repo\n versions:\n - 1.4.1\ntarget: # helm charts target information\n containerRegistry: 10.5.14.40 # image repository URL\n repo:\n kind: CHARTMUSEUM # It can also be any other supported Helm Chart repository type, such as HARBOR\n url: http://10.5.14.40:8081 # Change to the correct chart repo URL, you can verify the address by using helm repo add $HELM-REPO\n auth: # username/password, if no password is set, leave it blank\n username: \"rootuser\"\n password: \"rootpass123\"\n containers:\n # kind: HARBOR # If the image repository is HARBOR and you want charts-syncer to automatically create an image repository, fill in this field\n # auth: # username/password, if no password is set, leave it blank\n # username: \"admin\"\n # password: \"Harbor12345\"\n\n# leverage .relok8s-images.yaml file inside the Charts to move the container images too\nrelocateContainerImages: true\n
Run the charts-syncer command to sync the Chart and its included images
charts-syncer sync --config sync-dao-2048.yaml --insecure --auto-create-repository\n
The expected output is:
I1222 15:01:47.119777 8743 sync.go:45] Using config file: \"examples/sync-dao-2048.yaml\"\nW1222 15:01:47.234238 8743 syncer.go:263] Ignoring skipDependencies option as dependency sync is not supported if container image relocation is true or syncing from/to intermediate directory\nI1222 15:01:47.234685 8743 sync.go:58] There is 1 chart out of sync!\nI1222 15:01:47.234706 8743 sync.go:66] Syncing \"dao-2048_1.4.1\" chart...\n.relok8s-images.yaml hints file found\nComputing relocation...\n\nRelocating dao-2048@1.4.1...\nPushing 10.5.14.40/daocloud/dao-2048:v1.4.1...\nDone\nDone moving /var/folders/vm/08vw0t3j68z9z_4lcqyhg8nm0000gn/T/charts-syncer869598676/dao-2048-1.4.1.tgz\n
Once the previous step is completed, go to Container Management -> Helm Apps -> Helm Repositories , find the proper addon, click Sync Repository in the action column, and you will see the uploaded Helm apps in the Helm template.
You can then proceed with normal installation, upgrade, and uninstallation.
The Helm Repo address for the online environment is release.daocloud.io . If the user does not have permission to add Helm Repo, they will not be able to import custom Helm appss into the system's built-in addons. You can add your own Helm repository and then integrate your Helm repository into the platform using the same steps as syncing Helm Chart in the offline environment.
"},{"location":"en/admin/kpanda/helm/helm-app.html","title":"Manage Helm Apps","text":"The container management module supports interface-based management of Helm, including creating Helm instances using Helm charts, customizing Helm instance arguments, and managing the full lifecycle of Helm instances.
This section will take cert-manager as an example to introduce how to create and manage Helm apps through the container management interface.
"},{"location":"en/admin/kpanda/helm/helm-app.html#prerequisites","title":"Prerequisites","text":"Integrated the Kubernetes cluster or created the Kubernetes cluster, and you can access the UI interface of the cluster.
Created a namespace, user, and granted NS Admin
or higher permissions to the user. For details, refer to Namespace Authorization.
Follow the steps below to install the Helm app.
Click a cluster name to enter Cluster Details .
In the left navigation bar, click Helm Apps -> Helm Chart to enter the Helm chart page.
On the Helm chart page, select the Helm repository named addon , and all the Helm chart templates under the addon repository will be displayed on the interface. Click the Chart named cert-manager .
On the installation page, you can see the relevant detailed information of the Chart, select the version to be installed in the upper right corner of the interface, and click the Install button. Here select v1.9.1 version for installation.
Configure Name , Namespace and Version Information . You can also customize arguments by modifying YAML in the argument Configuration area below. Click OK .
The system will automatically return to the list of Helm apps, and the status of the newly created Helm app is Installing , and the status will change to Running after a period of time.
After we have completed the installation of a Helm app through the interface, we can perform an update operation on the Helm app. Note: Update operations using the UI are only supported for Helm apps installed via the UI.
Follow the steps below to update the Helm app.
Click a cluster name to enter Cluster Details .
In the left navigation bar, click Helm Apps to enter the Helm app list page.
On the Helm app list page, select the Helm app that needs to be updated, click the __ ...__ operation button on the right side of the list, and select the Update operation in the drop-down selection.
After clicking the Update button, the system will jump to the update interface, where you can update the Helm app as needed. Here we take updating the http port of the dao-2048 application as an example.
After modifying the proper arguments. You can click the Change button under the argument configuration to compare the files before and after the modification. After confirming that there is no error, click the OK button at the bottom to complete the update of the Helm app.
The system will automatically return to the Helm app list, and a pop-up window in the upper right corner will prompt update successful .
Every installation, update, and deletion of Helm apps has detailed operation records and logs for viewing.
In the left navigation bar, click Cluster Operations -> Recent Operations , and then select the Helm Operations tab at the top of the page. Each record corresponds to an install/update/delete operation.
To view the detailed log of each operation: Click \u2507 on the right side of the list, and select Log from the pop-up menu.
At this point, the detailed operation log will be displayed in the form of console at the bottom of the page.
Follow the steps below to delete the Helm app.
Find the cluster where the Helm app to be deleted resides, click the cluster name, and enter Cluster Details .
In the left navigation bar, click Helm Apps to enter the Helm app list page.
On the Helm app list page, select the Helm app you want to delete, click the __ ...__ operation button on the right side of the list, and select Delete from the drop-down selection.
Enter the name of the Helm app in the pop-up window to confirm, and then click the Delete button.
The Helm repository is a repository for storing and publishing Charts. The Helm App module supports HTTP(s) protocol to access Chart packages in the repository. By default, the system has 4 built-in helm repos as shown in the table below to meet common needs in the production process of enterprises.
Repository Description Example partner Various high-quality features provided by ecological partners Chart tidb system Chart that must be relied upon by system core functional components and some advanced features. For example, insight-agent must be installed to obtain cluster monitoring information Insight addon Common Chart in business cases cert-manager community The most popular open source components in the Kubernetes community Chart IstioIn addition to the above preset repositories, you can also add third-party Helm repositories yourself. This page will introduce how to add and update third-party Helm repositories.
"},{"location":"en/admin/kpanda/helm/helm-repo.html#prerequisites","title":"Prerequisites","text":"Integrated the Kubernetes cluster or created the Kubernetes cluster, and you can access the UI interface of the cluster.
Created a namespace, user, and granted NS Admin
or higher permissions to the user. For details, refer to Namespace Authorization.
If using a private repository, you should have read and write permissions to the repository.
The following takes the public container repository of Kubevela as an example to introduce and manage the helm repo.
Find the cluster that needs to be imported into the third-party helm repo, click the cluster name, and enter cluster details.
In the left navigation bar, click Helm Apps -> Helm Repositories to enter the helm repo page.
Click the Create Repository button on the helm repo page to enter the Create repository page, and configure relevant arguments according to the table below.
Click OK to complete the creation of the Helm repository. The page will automatically jump to the list of Helm repositories.
When the address information of the helm repo changes, the address, authentication method, label, annotation, and description information of the helm repo can be updated.
Find the cluster where the repository to be updated is located, click the cluster name, and enter cluster details .
In the left navigation bar, click Helm Apps -> Helm Repositories to enter the helm repo list page.
Find the Helm repository that needs to be updated on the repository list page, click the \u2507 button on the right side of the list, and click Update in the pop-up menu.
Update on the Update Helm Repository page, and click OK when finished.
Return to the helm repo list, and the screen prompts that the update is successful.
In addition to importing and updating repositorys, you can also delete unnecessary repositories, including system preset repositories and third-party repositories.
Find the cluster where the repository to be deleted is located, click the cluster name, and enter cluster details .
In the left navigation bar, click Helm Apps -> Helm Repositories to enter the helm repo list page.
Find the Helm repository that needs to be updated on the repository list page, click the \u2507 button on the right side of the list, and click Delete in the pop-up menu.
Enter the repository name to confirm, and click Delete .
Return to the list of Helm repositories, and the screen prompts that the deletion is successful.
In a multi-arch cluster, it is common to use Helm charts that support multiple architectures to address deployment issues caused by architectural differences. This guide will explain how to integrate single-arch Helm apps into multi-arch deployments and how to integrate multi-arch Helm apps.
"},{"location":"en/admin/kpanda/helm/multi-archi-helm.html#import","title":"Import","text":""},{"location":"en/admin/kpanda/helm/multi-archi-helm.html#import-single-arch","title":"Import Single-arch","text":"Prepare the offline package addon-offline-full-package-${version}-${arch}.tar.gz
.
Specify the path in the clusterConfig.yml configuration file, for example:
addonPackage:\n path: \"/home/addon-offline-full-package-v0.9.0-amd64.tar.gz\"\n
Then run the import command:
~/dce5-installer cluster-create -c /home/dce5/sample/clusterConfig.yaml -m /home/dce5/sample/manifest.yaml -d -j13\n
"},{"location":"en/admin/kpanda/helm/multi-archi-helm.html#integrate-multi-arch","title":"Integrate Multi-arch","text":"Prepare the offline package addon-offline-full-package-${version}-${arch}.tar.gz
.
Take addon-offline-full-package-v0.9.0-arm64.tar.gz
as an example and run the import command:
~/dce5-installer import-addon -c /home/dce5/sample/clusterConfig.yaml --addon-path=/home/addon-offline-full-package-v0.9.0-arm64.tar.gz\n
"},{"location":"en/admin/kpanda/helm/multi-archi-helm.html#upgrade","title":"Upgrade","text":""},{"location":"en/admin/kpanda/helm/multi-archi-helm.html#upgrade-single-arch","title":"Upgrade Single-arch","text":"Prepare the offline package addon-offline-full-package-${version}-${arch}.tar.gz
.
Specify the path in the clusterConfig.yml configuration file, for example:
addonPackage:\n path: \"/home/addon-offline-full-package-v0.11.0-amd64.tar.gz\"\n
Then run the import command:
~/dce5-installer cluster-create -c /home/dce5/sample/clusterConfig.yaml -m /home/dce5/sample/manifest.yaml -d -j13\n
"},{"location":"en/admin/kpanda/helm/multi-archi-helm.html#multi-arch-integration","title":"Multi-arch Integration","text":"Prepare the offline package addon-offline-full-package-${version}-${arch}.tar.gz
.
Take addon-offline-full-package-v0.11.0-arm64.tar.gz
as an example and run the import command:
~/dce5-installer import-addon -c /home/dce5/sample/clusterConfig.yaml --addon-path=/home/addon-offline-full-package-v0.11.0-arm64.tar.gz\n
"},{"location":"en/admin/kpanda/helm/multi-archi-helm.html#notes","title":"Notes","text":""},{"location":"en/admin/kpanda/helm/multi-archi-helm.html#disk-space","title":"Disk Space","text":"The offline package is quite large and requires sufficient space for decompression and loading of images. Otherwise, it may interrupt the process with a \"no space left\" error.
"},{"location":"en/admin/kpanda/helm/multi-archi-helm.html#retry-after-failure","title":"Retry after Failure","text":"If the multi-arch fusion step fails, you need to clean up the residue before retrying:
rm -rf addon-offline-target-package\n
"},{"location":"en/admin/kpanda/helm/multi-archi-helm.html#registry-space","title":"Registry Space","text":"If the offline package for fusion contains registry spaces that are inconsistent with the imported offline package, an error may occur during the fusion process due to the non-existence of the registry spaces:
Solution: Simply create the registry space before the fusion. For example, in the above error, creating the registry space \"localhost\" in advance can prevent the error.
"},{"location":"en/admin/kpanda/helm/multi-archi-helm.html#architecture-conflict","title":"Architecture Conflict","text":"When upgrading to a version lower than 0.12.0 of the addon, the charts-syncer in the target offline package does not check the existence of the image before pushing, so it will recombine the multi-arch into a single architecture during the upgrade process. For example, if the addon is implemented as a multi-arch in v0.10, upgrading to v0.11 will overwrite the multi-arch addon with a single architecture. However, upgrading to v0.12.0 or above can still maintain the multi-arch.
"},{"location":"en/admin/kpanda/helm/upload-helm.html","title":"Upload Helm Charts","text":"This article explains how to upload Helm charts. See the steps below.
Add a Helm repository, refer to Adding a Third-Party Helm Repository for the procedure.
Upload the Helm Chart to the Helm repository.
Upload with ClientUpload with Web PageNote
This method is suitable for Harbor, ChartMuseum, JFrog type repositories.
Log in to a node that can access the Helm repository, upload the Helm binary to the node, and install the cm-push plugin (VPN is needed and Git should be installed in advance).
Refer to the plugin installation process.
Push the Helm Chart to the Helm repository by executing the following command:
helm cm-push ${charts-dir} ${HELM_REPO_URL} --username ${username} --password ${password}\n
Argument descriptions:
charts-dir
: The directory of the Helm Chart, or the packaged Chart (i.e., .tgz file).HELM_REPO_URL
: The URL of the Helm repository.username
/password
: The username and password for the Helm repository with push permissions.--insecure
.Note
This method is only applicable to Harbor repositories.
Log into the Harbor repository, ensuring the logged-in user has permissions to push;
Go to the relevant project, select the Helm Charts tab, click the Upload button on the page to upload the Helm Chart.
Sync Remote Repository Data
Manual SyncAuto SyncBy default, the cluster does not enable Helm Repository Auto-Refresh, so you need to perform a manual sync operation. The general steps are:
Go to Helm Apps -> Helm Repositories, click the \u2507 button on the right side of the repository list, and select Sync Repository to complete the repository data synchronization.
If you need to enable the Helm repository auto-sync feature, you can go to Cluster Maintenance -> Cluster Settings -> Advanced Settings and turn on the Helm repository auto-refresh switch.
Cluster inspection allows administrators to regularly or ad-hoc check the overall health of the cluster, giving them proactive control over ensuring cluster security. With a well-planned inspection schedule, this proactive cluster check allows administrators to monitor the cluster status at any time and address potential issues in advance. It eliminates the previous dilemma of passive troubleshooting during failures, enabling proactive monitoring and prevention.
The cluster inspection feature provided by AI platform's container management module supports custom inspection items at the cluster, node, and pod levels. After the inspection is completed, it automatically generates visual inspection reports.
For information on security inspections or executing security-related inspections, refer to the supported security scan types in AI platform.
"},{"location":"en/admin/kpanda/inspect/config.html","title":"Creating Inspection Configuration","text":"AI platform Container Management module provides cluster inspection functionality, which supports inspection at the cluster, node, and pod levels.
Here's how to create an inspection configuration.
Click Cluster Inspection in the left navigation bar.
On the right side of the page, click Inspection Configuration .
Fill in the inspection configuration based on the following instructions, then click OK at the bottom of the page.
After creating the inspection configuration, it will be automatically displayed in the inspection configuration list. Click the more options button on the right of the configuration to immediately perform an inspection, modify the inspection configuration or delete the inspection configuration and reports.
Click Delete to delete the inspection configuration and reports.
Note
After creating an inspection configuration, if the Scheduled Inspection configuration is enabled, inspections will be automatically executed at the specified time. If the Scheduled Inspection configuration is not enabled, you need to manually trigger the inspection.
This page explains how to manually perform a cluster inspection.
"},{"location":"en/admin/kpanda/inspect/inspect.html#prerequisites","title":"Prerequisites","text":"When performing an inspection, you can choose to inspect multiple clusters in batches or perform a separate inspection for a specific cluster.
Batch InspectionIndividual InspectionClick Cluster Inspection in the top-level navigation bar of the Container Management module, then click Inspection on the right side of the page.
Select the clusters you want to inspect, then click OK at the bottom of the page.
Click the more options button ( \u2507 ) on the right of the proper inspection configuration, then select Inspection from the popup menu.
After the inspection execution is completed, you can view the inspection records and detailed inspection reports.
"},{"location":"en/admin/kpanda/inspect/report.html#prerequisites","title":"Prerequisites","text":"Go to the Cluster Inspection page and click the name of the target inspection cluster.
Click the name of the inspection record you want to view.
View the detailed information of the inspection, which may include an overview of cluster resources and the running status of system components.
You can download the inspection report or delete the inspection report from the top right corner of the page.
Namespaces are an abstraction used in Kubernetes for resource isolation. A cluster can contain multiple namespaces with different names, and the resources in each namespace are isolated from each other. For a detailed introduction to namespaces, refer to Namespaces.
This page will introduce the related operations of the namespace.
"},{"location":"en/admin/kpanda/namespaces/createns.html#create-a-namespace","title":"Create a namespace","text":"Supports easy creation of namespaces through forms, and quick creation of namespaces by writing or importing YAML files.
Note
On the cluster list page, click the name of the target cluster.
Click Namespace in the left navigation bar, then click the Create button on the right side of the page.
Fill in the name of the namespace, configure the workspace and labels (optional), and then click OK.
Info
After binding a namespace to a workspace, the resources of that namespace will be shared with the bound workspace. For a detailed explanation of workspaces, refer to Workspaces and Folders.
After the namespace is created, you can still bind/unbind the workspace.
Click OK to complete the creation of the namespace. On the right side of the namespace list, click \u2507 to select update, bind/unbind workspace, quota management, delete, and more from the pop-up menu.
On the Clusters page, click the name of the target cluster.
Click Namespace in the left navigation bar, then click the YAML Create button on the right side of the page.
Enter or paste the prepared YAML content, or directly import an existing YAML file locally.
After entering the YAML content, click Download to save the YAML file locally.
Finally, click OK in the lower right corner of the pop-up box.
Namespace exclusive nodes in a Kubernetes cluster allow a specific namespace to have exclusive access to one or more node's CPU, memory, and other resources through taints and tolerations. Once exclusive nodes are configured for a specific namespace, applications and services from other namespaces cannot run on the exclusive nodes. Using exclusive nodes allows important applications to have exclusive access to some computing resources, achieving physical isolation from other applications.
Note
Applications and services running on a node before it is set to be an exclusive node will not be affected and will continue to run normally on that node. Only when these Pods are deleted or rebuilt will they be scheduled to other non-exclusive nodes.
"},{"location":"en/admin/kpanda/namespaces/exclusive.html#preparation","title":"Preparation","text":"Check whether the kube-apiserver of the current cluster has enabled the PodNodeSelector and PodTolerationRestriction admission controllers.
The use of namespace exclusive nodes requires users to enable the PodNodeSelector and PodTolerationRestriction admission controllers on the kube-apiserver. For more information about admission controllers, refer to Kubernetes Admission Controllers Reference.
You can go to any Master node in the current cluster to check whether these two features are enabled in the kube-apiserver.yaml file, or you can execute the following command on the Master node for a quick check:
[root@g-master1 ~]# cat /etc/kubernetes/manifests/kube-apiserver.yaml | grep enable-admission-plugins\n\n# The expected output is as follows:\n- --enable-admission-plugins=NodeRestriction,PodNodeSelector,PodTolerationRestriction\n
"},{"location":"en/admin/kpanda/namespaces/exclusive.html#enable-namespace-exclusive-nodes-on-global-cluster","title":"Enable Namespace Exclusive Nodes on Global Cluster","text":"Since the Global cluster runs platform basic components such as kpanda, ghippo, and insight, enabling namespace exclusive nodes on Global may cause system components to not be scheduled to the exclusive nodes when they restart, affecting the overall high availability of the system. Therefore, we generally do not recommend users to enable the namespace exclusive node feature on the Global cluster.
If you do need to enable namespace exclusive nodes on the Global cluster, please follow the steps below:
Enable the PodNodeSelector and PodTolerationRestriction admission controllers for the kube-apiserver of the Global cluster
Note
If the cluster has already enabled the above two admission controllers, please skip this step and go directly to configure system component tolerations.
Go to any Master node in the current cluster to modify the kube-apiserver.yaml configuration file, or execute the following command on the Master node for configuration:
[root@g-master1 ~]# vi /etc/kubernetes/manifests/kube-apiserver.yaml\n\n# The expected output is as follows:\napiVersion: v1\nkind: Pod\nmetadata:\n ......\nspec:\ncontainers:\n- command:\n - kube-apiserver\n ......\n - --default-not-ready-toleration-seconds=300\n - --default-unreachable-toleration-seconds=300\n - --enable-admission-plugins=NodeRestriction #List of enabled admission controllers\n - --enable-aggregator-routing=False\n - --enable-bootstrap-token-auth=true\n - --endpoint-reconciler-type=lease\n - --etcd-cafile=/etc/kubernetes/ssl/etcd/ca.crt\n ......\n
Find the --enable-admission-plugins parameter and add the PodNodeSelector and PodTolerationRestriction admission controllers (separated by commas). Refer to the following:
# Add __ ,PodNodeSelector,PodTolerationRestriction__ \n- --enable-admission-plugins=NodeRestriction,PodNodeSelector,PodTolerationRestriction \n
Add toleration annotations to the namespace where the platform components are located
After enabling the admission controllers, you need to add toleration annotations to the namespace where the platform components are located to ensure the high availability of the platform components.
The system component namespaces for AI platform are as follows:
Namespace System Components Included kpanda-system kpanda hwameiStor-system hwameiStor istio-system istio metallb-system metallb cert-manager-system cert-manager contour-system contour kubean-system kubean ghippo-system ghippo kcoral-system kcoral kcollie-system kcollie insight-system insight, insight-agent: ipavo-system ipavo kairship-system kairship karmada-system karmada amamba-system amamba, jenkins skoala-system skoala mspider-system mspider mcamel-system mcamel-rabbitmq, mcamel-elasticsearch, mcamel-mysql, mcamel-redis, mcamel-kafka, mcamel-minio, mcamel-postgresql spidernet-system spidernet kangaroo-system kangaroo gmagpie-system gmagpie dowl-system dowlCheck whether there are the above namespaces in the current cluster, execute the following command, and add the annotation: scheduler.alpha.kubernetes.io/defaultTolerations: '[{\"operator\": \"Exists\", \"effect\": \"NoSchedule\", \"key\": \"ExclusiveNamespace\"}]'
for each namespace.
kubectl annotate ns <namespace-name> scheduler.alpha.kubernetes.io/defaultTolerations: '[{\"operator\": \"Exists\", \"effect\": \n\"NoSchedule\", \"key\": \"ExclusiveNamespace\"}]'\n
Please make sure to replace <namespace-name>
with the name of the platform namespace you want to add the annotation to. Use the interface to set exclusive nodes for the namespace
After confirming that the PodNodeSelector and PodTolerationRestriction admission controllers on the cluster API server have been enabled, please follow the steps below to use the AI platform UI management interface to set exclusive nodes for the namespace.
Click the cluster name in the cluster list page, then click Namespace in the left navigation bar.
Click the namespace name, then click the Exclusive Node tab, and click Add Node on the bottom right.
Select which nodes you want to be exclusive to this namespace on the left side of the page. On the right side, you can clear or delete a selected node. Finally, click OK at the bottom.
You can view the current exclusive nodes for this namespace in the list. You can choose to Stop Exclusivity on the right side of the node.
After cancelling exclusivity, Pods from other namespaces can also be scheduled to this node.
To enable namespace exclusive nodes on non-Global clusters, please follow the steps below:
Enable the PodNodeSelector and PodTolerationRestriction admission controllers for the kube-apiserver of the current cluster
Note
If the cluster has already enabled the above two admission controllers, please skip this step and go directly to using the interface to set exclusive nodes for the namespace.
Go to any Master node in the current cluster to modify the kube-apiserver.yaml configuration file, or execute the following command on the Master node for configuration:
[root@g-master1 ~]# vi /etc/kubernetes/manifests/kube-apiserver.yaml\n\n# The expected output is as follows:\napiVersion: v1\nkind: Pod\nmetadata:\n ......\nspec:\ncontainers:\n- command:\n - kube-apiserver\n ......\n - --default-not-ready-toleration-seconds=300\n - --default-unreachable-toleration-seconds=300\n - --enable-admission-plugins=NodeRestriction #List of enabled admission controllers\n - --enable-aggregator-routing=False\n - --enable-bootstrap-token-auth=true\n - --endpoint-reconciler-type=lease\n - --etcd-cafile=/etc/kubernetes/ssl/etcd/ca.crt\n ......\n
Find the --enable-admission-plugins parameter and add the PodNodeSelector and PodTolerationRestriction admission controllers (separated by commas). Refer to the following:
# Add __ ,PodNodeSelector,PodTolerationRestriction__ \n- --enable-admission-plugins=NodeRestriction,PodNodeSelector,PodTolerationRestriction \n
Use the interface to set exclusive nodes for the namespace
After confirming that the PodNodeSelector and PodTolerationRestriction admission controllers on the cluster API server have been enabled, please follow the steps below to use the AI platform UI management interface to set exclusive nodes for the namespace.
Click the cluster name in the cluster list page, then click Namespace in the left navigation bar.
Click the namespace name, then click the Exclusive Node tab, and click Add Node on the bottom right.
Select which nodes you want to be exclusive to this namespace on the left side of the page. On the right side, you can clear or delete a selected node. Finally, click OK at the bottom.
You can view the current exclusive nodes for this namespace in the list. You can choose to Stop Exclusivity on the right side of the node.
After cancelling exclusivity, Pods from other namespaces can also be scheduled to this node.
Add toleration annotations to the namespace where the components that need high availability are located (optional)
Execute the following command to add the annotation: scheduler.alpha.kubernetes.io/defaultTolerations: '[{\"operator\": \"Exists\", \"effect\": \"NoSchedule\", \"key\": \"ExclusiveNamespace\"}]'
to the namespace where the components that need high availability are located.
kubectl annotate ns <namespace-name> scheduler.alpha.kubernetes.io/defaultTolerations: '[{\"operator\": \"Exists\", \"effect\": \n\"NoSchedule\", \"key\": \"ExclusiveNamespace\"}]'\n
Please make sure to replace <namespace-name>
with the name of the platform namespace you want to add the annotation to.
Pod security policies in a Kubernetes cluster allow you to control the behavior of Pods in various aspects of security by configuring different levels and modes for specific namespaces. Only Pods that meet certain conditions will be accepted by the system. It sets three levels and three modes, allowing users to choose the most suitable scheme to set restriction policies according to their needs.
Note
Only one security policy can be configured for one security mode. Please be careful when configuring the enforce security mode for a namespace, as violations will prevent Pods from being created.
This section will introduce how to configure Pod security policies for namespaces through the container management interface.
"},{"location":"en/admin/kpanda/namespaces/podsecurity.html#prerequisites","title":"Prerequisites","text":"The container management module has integrated a Kubernetes cluster or created a Kubernetes cluster. The cluster version needs to be v1.22 or above, and you should be able to access the cluster's UI interface.
A namespace has been created, a user has been created, and the user has been granted NS Admin or higher permissions. For details, refer to Namespace Authorization.
Select the namespace for which you want to configure Pod security policies and go to the details page. Click Configure Policy on the Pod Security Policy page to go to the configuration page.
Click Add Policy on the configuration page, and a policy will appear, including security level and security mode. The following is a detailed introduction to the security level and security policy.
Security Level Description Privileged An unrestricted policy that provides the maximum possible range of permissions. This policy allows known privilege elevations. Baseline The least restrictive policy that prohibits known privilege elevations. Allows the use of default (minimum specified) Pod configurations. Restricted A highly restrictive policy that follows current best practices for protecting Pods. Security Mode Description Audit Violations of the specified policy will add new audit events in the audit log, and the Pod can be created. Warn Violations of the specified policy will return user-visible warning information, and the Pod can be created. Enforce Violations of the specified policy will prevent the Pod from being created.Different security levels correspond to different check items. If you don't know how to configure your namespace, you can Policy ConfigMap Explanation at the top right corner of the page to view detailed information.
Click Confirm. If the creation is successful, the security policy you configured will appear on the page.
Click \u2507 to edit or delete the security policy you configured.
In a Kubernetes cluster, Ingress exposes services from outside the cluster to inside the cluster HTTP and HTTPS ingress. Traffic ingress is controlled by rules defined on the Ingress resource. Here's an example of a simple Ingress that sends all traffic to the same Service:
Ingress is an API object that manages external access to services in the cluster, and the typical access method is HTTP. Ingress can provide load balancing, SSL termination, and name-based virtual hosting.
"},{"location":"en/admin/kpanda/network/create-ingress.html#prerequisites","title":"Prerequisites","text":"After successfully logging in as the NS Editor user, click Clusters in the upper left corner to enter the Clusters page. In the list of clusters, click a cluster name.
In the left navigation bar, click Container Network -> Ingress to enter the service list, and click the Create Ingress button in the upper right corner.
Note
It is also possible to Create from YAML .
Open Create Ingress page to configure. There are two protocol types to choose from, refer to the following two parameter tables for configuration.
After configuring all the parameters, click the OK button to return to the ingress list automatically. On the right side of the list, click \u2507 to modify or delete the selected ingress.
"},{"location":"en/admin/kpanda/network/create-services.html","title":"Create a Service","text":"In a Kubernetes cluster, each Pod has an internal independent IP address, but Pods in the workload may be created and deleted at any time, and directly using the Pod IP address cannot provide external services.
This requires creating a service through which you get a fixed IP address, decoupling the front-end and back-end of the workload, and allowing external users to access the service. At the same time, the service also provides the Load Balancer feature, enabling users to access workloads from the public network.
"},{"location":"en/admin/kpanda/network/create-services.html#prerequisites","title":"Prerequisites","text":"Container management module connected to Kubernetes cluster or created Kubernetes, and can access the cluster UI interface.
Completed a namespace creation, user creation, and authorize the user as NS Editor role, for details, refer to Namespace Authorization.
When there are multiple containers in a single instance, please make sure that the ports used by the containers do not conflict, otherwise the deployment will fail.
After successfully logging in as the NS Editor user, click Clusters in the upper left corner to enter the Clusters page. In the list of clusters, click a cluster name.
In the left navigation bar, click Container Network -> Service to enter the service list, and click the Create Service button in the upper right corner.
Tip
It is also possible to create a service via YAML .
Open the Create Service page, select an access type, and refer to the following three parameter tables for configuration.
Click Intra-Cluster Access (ClusterIP) , which refers to exposing services through the internal IP of the cluster. The services selected for this option can only be accessed within the cluster. This is the default service type. Refer to the configuration parameters in the table below.
Parameter Description Example value Access type [Type] Required[Meaning] Specify the method of Pod service discovery, here select intra-cluster access (ClusterIP). ClusterIP Service Name [Type] Required[Meaning] Enter the name of the new service. [Note] Please enter a string of 4 to 63 characters, which can contain lowercase English letters, numbers and dashes (-), and start with a lowercase English letter and end with a lowercase English letter or number. Svc-01 Namespace [Type] Required[Meaning] Select the namespace where the new service is located. For more information about namespaces, refer to Namespace Overview. [Note] Please enter a string of 4 to 63 characters, which can contain lowercase English letters, numbers and dashes (-), and start with a lowercase English letter and end with a lowercase English letter or number. default Label selector [Type] Required[Meaning] Add a label, the Service selects a Pod according to the label, and click \"Add\" after filling. You can also refer to the label of an existing workload. Click Reference workload label , select the workload in the pop-up window, and the system will use the selected workload label as the selector by default. app:job01 Port configuration [Type] Required[Meaning] To add a protocol port for a service, you need to select the port protocol type first. Currently, it supports TCP and UDP. Port Name: Enter the name of the custom port. Service port (port): The access port for Pod to provide external services. Container port (targetport): The container port that the workload actually monitors, used to expose services to the cluster. Session Persistence [Type] Optional [Meaning] When enabled, requests from the same client will be forwarded to the same Pod Enabled Maximum session hold time [Type] Optional [Meaning] After session hold is enabled, the maximum hold time is 30 seconds by default 30 seconds Annotation [Type] Optional[Meaning] Add annotation for service"},{"location":"en/admin/kpanda/network/create-services.html#create-nodeport-service","title":"Create NodePort service","text":"Click NodePort , which means exposing the service via IP and static port ( NodePort ) on each node. The NodePort service is routed to the automatically created ClusterIP service. You can access a NodePort service from outside the cluster by requesting : . Refer to the configuration parameters in the table below. Parameter Description Example value Access type [Type] Required[Meaning] Specify the method of Pod service discovery, here select node access (NodePort). NodePort Service Name [Type] Required[Meaning] Enter the name of the new service. [Note] Please enter a string of 4 to 63 characters, which can contain lowercase English letters, numbers and dashes (-), and start with a lowercase English letter and end with a lowercase English letter or number. Svc-01 Namespace [Type] Required[Meaning] Select the namespace where the new service is located. For more information about namespaces, refer to Namespace Overview. [Note] Please enter a string of 4 to 63 characters, which can contain lowercase English letters, numbers and dashes (-), and start with a lowercase English letter and end with a lowercase English letter or number. default Label selector [Type] Required[Meaning] Add a label, the Service selects a Pod according to the label, and click \"Add\" after filling. You can also refer to the label of an existing workload. Click Reference workload label , select the workload in the pop-up window, and the system will use the selected workload label as the selector by default. Port configuration [Type] Required[Meaning] To add a protocol port for a service, you need to select the port protocol type first. Currently, it supports TCP and UDP. Port Name: Enter the name of the custom port. Service port (port): The access port for Pod to provide external services. By default, the service port is set to the same value as the container port field for convenience. ***Container port (targetport)*: The container port actually monitored by the workload. Node port (nodeport): The port of the node, which receives traffic from ClusterIP transmission. It is used as the entrance for external traffic access. Session Persistence [Type] Optional [Meaning] When enabled, requests from the same client will be forwarded to the same PodAfter enabled, .spec.sessionAffinity of Service is ClientIP , refer to for details : Session Affinity for Service Enabled Maximum session hold time [Type] Optional [Meaning] After session hold is enabled, the maximum hold time, the default timeout is 30 seconds.spec.sessionAffinityConfig.clientIP.timeoutSeconds is set to 30 by default seconds 30 seconds Annotation [Type] Optional[Meaning] Add annotation for service"},{"location":"en/admin/kpanda/network/create-services.html#create-loadbalancer-service","title":"Create LoadBalancer service","text":"
Click Load Balancer , which refers to using the cloud provider's load balancer to expose services to the outside. External load balancers can route traffic to automatically created NodePort services and ClusterIP services. Refer to the configuration parameters in the table below.
Parameter Description Example value Access type [Type] Required[Meaning] Specify the method of Pod service discovery, here select node access (NodePort). NodePort Service Name [Type] Required[Meaning] Enter the name of the new service. [Note] Please enter a string of 4 to 63 characters, which can contain lowercase English letters, numbers and dashes (-), and start with a lowercase English letter and end with a lowercase English letter or number. Svc-01 Namespace [Type] Required[Meaning] Select the namespace where the new service is located. For more information about namespaces, refer to Namespace Overview. [Note] Please enter a string of 4 to 63 characters, which can contain lowercase English letters, numbers and dashes (-), and start with a lowercase English letter and end with a lowercase English letter or number. default External Traffic Policy [Type] Required[Meaning] Set external traffic policy. Cluster: Traffic can be forwarded to Pods on all nodes in the cluster. Local: Traffic is only sent to Pods on this node. [Note] Please enter a string of 4 to 63 characters, which can contain lowercase English letters, numbers and dashes (-), and start with a lowercase English letter and end with a lowercase English letter or number. Tag selector [Type] Required [Meaning] Add tag, Service Select the Pod according to the label, fill it out and click \"Add\". You can also refer to the label of an existing workload. Click Reference workload label , select the workload in the pop-up window, and the system will use the selected workload label as the selector by default. Load balancing type [Type] Required [Meaning] The type of load balancing used, currently supports MetalLB and others. MetalLB IP Pool [Type] Required[Meaning] When the selected load balancing type is MetalLB, LoadBalancer Service will allocate IP addresses from this pool by default, and declare all IP addresses in this pool through APR. Load balancing address [Type] Required[Meaning] 1. If you are using a public cloud CloudProvider, fill in the load balancing address provided by the cloud provider here;2. If the above load balancing type is selected as MetalLB, the IP will be obtained from the above IP pool by default, if not filled, it will be obtained automatically. Port configuration [Type] Required[Meaning] To add a protocol port for a service, you need to select the port protocol type first. Currently, it supports TCP and UDP. Port Name: Enter the name of the custom port. Service port (port): The access port for Pod to provide external services. By default, the service port is set to the same value as the container port field for convenience. Container port (targetport): The container port actually monitored by the workload. Node port (nodeport): The port of the node, which receives traffic from ClusterIP transmission. It is used as the entrance for external traffic access. Annotation [Type] Optional[Meaning] Add annotation for service"},{"location":"en/admin/kpanda/network/create-services.html#complete-service-creation","title":"Complete service creation","text":"After configuring all parameters, click the OK button to return to the service list automatically. On the right side of the list, click \u2507 to modify or delete the selected service.
"},{"location":"en/admin/kpanda/network/network-policy.html","title":"Network Policies","text":"Network policies in Kubernetes allow you to control network traffic at the IP address or port level (OSI layer 3 or layer 4). The container management module currently supports creating network policies based on Pods or namespaces, using label selectors to specify which traffic can enter or leave Pods with specific labels.
For more details on network policies, refer to the official Kubernetes documentation on Network Policies.
"},{"location":"en/admin/kpanda/network/network-policy.html#creating-network-policies","title":"Creating Network Policies","text":"Currently, there are two methods available for creating network policies: YAML and form-based creation. Each method has its advantages and disadvantages, catering to different user needs.
YAML creation requires fewer steps and is more efficient, but it has a higher learning curve as it requires familiarity with configuring network policy YAML files.
Form-based creation is more intuitive and straightforward. Users can simply fill in the proper values based on the prompts. However, this method involves more steps.
"},{"location":"en/admin/kpanda/network/network-policy.html#yaml-creation","title":"YAML Creation","text":"In the cluster list, click the name of the target cluster, then navigate to Container Network -> Network Policies -> Create with YAML in the left navigation bar.
In the pop-up dialog, enter or paste the pre-prepared YAML file, then click OK at the bottom of the dialog.
In the cluster list, click the name of the target cluster, then navigate to Container Network -> Network Policies -> Create Policy in the left navigation bar.
Fill in the basic information.
The name and namespace cannot be changed after creation.
Fill in the policy configuration.
The policy configuration includes ingress and egress policies. To establish a successful connection from a source Pod to a target Pod, both the egress policy of the source Pod and the ingress policy of the target Pod need to allow the connection. If either side does not allow the connection, the connection will fail.
Ingress Policy: Click \u2795 to begin configuring the policy. Multiple policies can be configured. The effects of multiple network policies are cumulative. Only when all network policies are satisfied simultaneously can a connection be successfully established.
Egress Policy
In the cluster list, click the name of the target cluster, then navigate to Container Network -> Network Policies . Click the name of the network policy.
View the basic configuration, associated instances, ingress policies, and egress policies of the policy.
Info
Under the \"Associated Instances\" tab, you can view instance monitoring, logs, container lists, YAML files, events, and more.
"},{"location":"en/admin/kpanda/network/network-policy.html#updating-network-policies","title":"Updating Network Policies","text":"There are two ways to update network policies. You can either update them through the form or by using a YAML file.
On the network policy list page, find the policy you want to update, and choose Update in the action column on the right to update it via the form. Choose Edit YAML to update it using a YAML file.
Click the name of the network policy, then choose Update in the top right corner of the policy details page to update it via the form. Choose Edit YAML to update it using a YAML file.
There are two ways to delete network policies. You can delete network policies either through the form or by using a YAML file.
On the network policy list page, find the policy you want to delete, and choose Delete in the action column on the right to delete it via the form. Choose Edit YAML to delete it using a YAML file.
Click the name of the network policy, then choose Delete in the top right corner of the policy details page to delete it via the form. Choose Edit YAML to delete it using a YAML file.
As the number of business applications continues to grow, the resources of the cluster become increasingly tight. At this point, you can expand the cluster nodes based on kubean. After the expansion, applications can run on the newly added nodes, alleviating resource pressure.
Only clusters created through the container management module support node autoscaling. Clusters accessed from the outside do not support this operation. This article mainly introduces the expansion of worker nodes in the same architecture work cluster. If you need to add control nodes or heterogeneous work nodes to the cluster, refer to: Expanding the control node of the work cluster, Adding heterogeneous nodes to the work cluster, Expanding the worker node of the global service cluster.
On the Clusters page, click the name of the target cluster.
If the Cluster Type contains the label Integrated Cluster, it means that the cluster does not support node autoscaling.
Click Nodes in the left navigation bar, and then click Integrate Node in the upper right corner of the page.
Enter the host name and node IP and click OK.
Click \u2795 Add Worker Node to continue accessing more nodes.
Note
Accessing the node takes about 20 minutes, please be patient.
"},{"location":"en/admin/kpanda/nodes/delete-node.html","title":"Node Scales Down","text":"When the peak business period is over, in order to save resource costs, you can reduce the size of the cluster and unload redundant nodes, that is, node scaling. After a node is uninstalled, applications cannot continue to run on the node.
"},{"location":"en/admin/kpanda/nodes/delete-node.html#prerequisites","title":"Prerequisites","text":"Cluster Admin
role authorization.When cluster nodes scales down, they can only be uninstalled one by one, not in batches.
If you need to uninstall cluster controller nodes, you need to ensure that the final number of controller nodes is an odd number.
The first controller node cannot be offline when the cluster node scales down. If it is necessary to perform this operation, please contact the after-sales engineer.
On the Clusters page, click the name of the target cluster.
If the Cluster Type has the tag Integrate Cluster , it means that the cluster does not support node autoscaling.
Click Nodes on the left navigation bar, find the node to be uninstalled, click \u2507 and select Remove .
Enter the node name, and click Delete to confirm.
Labels are identifying key-value pairs added to Kubernetes objects such as Pods, nodes, and clusters, which can be combined with label selectors to find and filter Kubernetes objects that meet certain conditions. Each key must be unique for a given object.
Annotations, like tags, are key/value pairs, but they do not have identification or filtering features. Annotations can be used to add arbitrary metadata to nodes. Annotation keys usually use the format prefix(optional)/name(required) , for example nfd.node.kubernetes.io/extended-resources . If the prefix is \u200b\u200bomitted, it means that the annotation key is private to the user.
For more information about labels and annotations, refer to the official Kubernetes documentation labels and selectors Or Annotations.
The steps to add/delete tags and annotations are as follows:
On the Clusters page, click the name of the target cluster.
Click Nodes on the left navigation bar, click the \u2507 operation icon on the right side of the node, and click Edit Labels or Edit Annotations .
Click \u2795 Add to add tags or annotations, click X to delete tags or annotations, and finally click OK .
If you choose to authenticate the nodes of the cluster-to-be-created using SSH keys, you need to configure the public and private keys according to the following instructions.
Run the following command on any node within the management cluster of the cluster-to-be-created to generate the public and private keys.
cd /root/.ssh\nssh-keygen -t rsa\n
Run the ls command to check if the keys have been successfully created in the management cluster. The correct output should be as follows:
ls\nid_rsa id_rsa.pub known_hosts\n
The file named id_rsa is the private key, and the file named id_rsa.pub is the public key.
Run the following command to load the public key file id_rsa.pub onto all the nodes of the cluster-to-be-created.
ssh-copy-id -i /root/.ssh/id_rsa.pub root@10.0.0.0\n
Replace the user account and node IP in the above command with the username and IP of the nodes in the cluster-to-be-created. The same operation needs to be performed on every node in the cluster-to-be-created.
Run the following command to view the private key file id_rsa created in step 1.
cat /root/.ssh/id_rsa\n
The output should be as follows:
-----BEGIN RSA PRIVATE KEY-----\nMIIEpQIBAAKCAQEA3UvyKINzY5BFuemQ+uJ6q+GqgfvnWwNC8HzZhpcMSjJy26MM\nUtBEBJxy8fMi57XcjYxPibXW/wnd+32ICCycqCwByUmuXeCC1cjlCQDqjcAvXae7\nY54IXGF7wm2IsMNwf0kjFEXjuS48FLDA0mGRaN3BG+Up5geXcHckg3K5LD8kXFFx\ndEmSIjdyw55NaUitmEdHzN7cIdfi6Z56jcV8dcFBgWKUx+ebiyPmZBkXToz6GnMF\nrswzzZCl+G6Jb2xTGy7g7ozb4BoZd1IpSD5EhDanRrESVE0C5YuJ5zUAC0CvVd1l\nv67AK8Ko6MXToHp01/bcsvlM6cqgwUFXZKVeOwIDAQABAoIBAQCO36GQlo3BEjxy\nM2HvGJmqrx+unDxafliRe4nVY2AD515Qf4xNSzke4QM1QoyenMOwf446krQkJPK0\nk+9nl6Xszby5gGCbK4BNFk8I6RaGPjZWeRx6zGUJf8avWJiPxx6yjz2esSC9RiR0\nF0nmiiefVMyAfgv2/5++dK2WUFNNRKLgSRRpP5bRaD5wMzzxtSSXrUon6217HO8p\n3RoWsI51MbVzhdVgpHUNABcoa0rpr9svT6XLKZxY8mxpKFYjM0Wv2JIDABg3kBvh\nQbJ7kStCO3naZjKMU9UuSqVJs06cflGYw7Or8/tABR3LErNQKPjkhAQqt0DXw7Iw\n3tKdTAJBAoGBAP687U7JAOqQkcphek2E/A/sbO/d37ix7Z3vNOy065STrA+ZWMZn\npZ6Ui1B/oJpoZssnfvIoz9sn559X0j67TljFALFd2ZGS0Fqh9KVCqDvfk+Vst1dq\n+3r/yZdTOyswoccxkJiC/GDwZGK0amJWqvob39JCZhDAKIGLbGMmjdAHAoGBAN5k\nm1WGnni1nZ+3dryIwgB6z1hWcnLTamzSET6KhSuo946ET0IRG9xtlheCx6dqICbr\nVk1Y4NtRZjK/p/YGx59rDWf7E3I8ZMgR7mjieOcUZ4lUlA4l7ZIlW/2WZHW+nUXO\nTi20fqJ8qSp4BUvOvuth1pz2GLUHe2/Fxjf7HIstAoGBAPHpPr9r+TfIlPsJeRj2\n6lzA3G8qWFRQfGRYjv0fjv0pA+RIb1rzgP/I90g5+63G6Z+R4WdcxI/OJJNY1iuG\nuw9n/pFxm7U4JC990BPE6nj5iLz+clpNGYckNDBF9VG9vFSrSDLdaYkxoVNvG/xJ\na9Na90H4lm7f3VewrPy310KvAoGAZr+mwNoEh5Kpc6xo8Gxi7aPP/mlaUVD6X7Ki\ngvmu02AqmC7rC4QqEiqTaONkaSXwGusqIWxJ3yp5hELmUBYLzszAEeV/s4zRp1oZ\ng133LBRSTbHFAdBmNdqK6Nu+KGRb92980UMOKvZbliKDl+W6cbfvVu+gtKrzTc3b\naevb4TUCgYEAnJAxyVYDP1nJf7bjBSHXQu1E/DMwbtrqw7dylRJ8cAzI7IxfSCez\n7BYWq41PqVd9/zrb3Pbh2phiVzKe783igAIMqummcjo/kZyCwFsYBzK77max1jF5\naPQsLbRS2aDz8kIH6jHPZ/R+15EROmdtLmA7vIJZGerWWQR0dUU+XXA=\n
Copy the content of the private key and paste it into the interface's key input field.
"},{"location":"en/admin/kpanda/nodes/node-check.html","title":"Create a node availability check","text":"When creating a cluster or adding nodes to an existing cluster, refer to the table below to check the node configuration to avoid cluster creation or expansion failure due to wrong node configuration.
Check Item Description OS Refer to Supported Architectures and Operating Systems SELinux Off Firewall Off Architecture Consistency Consistent CPU architecture between nodes (such as ARM or x86) Host Time All hosts are out of sync within 10 seconds. Network Connectivity The node and its SSH port can be accessed normally by the platform. CPU Available CPU resources are greater than 4 Cores Memory Available memory resources are greater than 8 GB"},{"location":"en/admin/kpanda/nodes/node-check.html#supported-architectures-and-operating-systems","title":"Supported architectures and operating systems","text":"Architecture Operating System Remarks ARM Kylin Linux Advanced Server release V10 (Sword) SP2 Recommended ARM UOS Linux ARM openEuler x86 CentOS 7.x Recommended x86 Redhat 7.x Recommended x86 Redhat 8.x Recommended x86 Flatcar Container Linux by Kinvolk x86 Debian Bullseye, Buster, Jessie, Stretch x86 Ubuntu 16.04, 18.04, 20.04, 22.04 x86 Fedora 35, 36 x86 Fedora CoreOS x86 openSUSE Leap 15.x/Tumbleweed x86 Oracle Linux 7, 8, 9 x86 Alma Linux 8, 9 x86 Rocky Linux 8, 9 x86 Amazon Linux 2 x86 Kylin Linux Advanced Server release V10 (Sword) - SP2 Haiguang x86 UOS Linux x86 openEuler"},{"location":"en/admin/kpanda/nodes/node-details.html","title":"Node Details","text":"After accessing or creating a cluster, you can view the information of each node in the cluster, including node status, labels, resource usage, Pod, monitoring information, etc.
On the Clusters page, click the name of the target cluster.
Click Nodes on the left navigation bar to view the node status, role, label, CPU/memory usage, IP address, and creation time.
Click the node name to enter the node details page to view more information, including overview information, pod information, label annotation information, event list, status, etc.
In addition, you can also view the node's YAML file, monitoring information, labels and annotations, etc.
Supports suspending or resuming scheduling of nodes. Pausing scheduling means stopping the scheduling of Pods to the node. Resuming scheduling means that Pods can be scheduled to that node.
On the Clusters page, click the name of the target cluster.
Click Nodes on the left navigation bar, click the \u2507 operation icon on the right side of the node, and click the Cordon button to suspend scheduling the node.
Click the \u2507 operation icon on the right side of the node, and click the Uncordon button to resume scheduling the node.
The node scheduling status may be delayed due to network conditions. Click the refresh icon on the right side of the search box to refresh the node scheduling status.
"},{"location":"en/admin/kpanda/nodes/taints.html","title":"Node Taints","text":"Taint can make a node exclude a certain type of Pod and prevent Pod from being scheduled on the node. One or more taints can be applied to each node, and Pods that cannot tolerate these taints will not be scheduled on that node.
"},{"location":"en/admin/kpanda/nodes/taints.html#precautions","title":"Precautions","text":"Find the target cluster on the Clusters page, and click the cluster name to enter the Cluster page.
In the left navigation bar, click Nodes , find the node that needs to modify the taint, click the \u2507 operation icon on the right and click the Edit Taints button.
Enter the key value information of the taint in the pop-up box, select the taint effect, and click OK .
Click \u2795 Add to add multiple taints to the node, and click X on the right side of the taint effect to delete the taint.
Currently supports three taint effects:
NoExecute
: This affects pods that are already running on the node as follows:
tolerationSeconds
in their toleration specification remain bound forevertolerationSeconds
remain bound for the specified amount of time. After that time elapses, the node lifecycle controller evicts the Pods from the node.NoSchedule
: No new Pods will be scheduled on the tainted node unless they have a matching toleration. Pods currently running on the node are not evicted.
PreferNoSchedule
: This is a \"preference\" or \"soft\" version of NoSchedule
. The control plane will try to avoid placing a Pod that does not tolerate the taint on the node, but it is not guaranteed, so this taint is not recommended to use in a production environment.
For more details about taints, refer to the Kubernetes documentation Taints and Tolerance.
"},{"location":"en/admin/kpanda/olm/import-miniooperator.html","title":"Importing MinIo Operator Offline","text":"This guide explains how to import the MinIo Operator offline in an environment without internet access.
"},{"location":"en/admin/kpanda/olm/import-miniooperator.html#prerequisites","title":"Prerequisites","text":"Set the environment variables in the execution environment and use them in the subsequent steps by running the following command:
export OPM_IMG=10.5.14.200/quay.m.daocloud.io/operator-framework/opm:v1.29.0 \nexport BUNDLE_IMG=10.5.14.200/quay.m.daocloud.io/operatorhubio/minio-operator:v5.0.3 \n
How to get the above image addresses:
Go to Container Management -> Select the current cluster -> Helm Apps -> View the olm component -> Plugin Settings , and find the images needed for the opm, minio, minio bundle, and minio operator in the subsequent steps.
Using the screenshot as an example, the four image addresses are as follows:\n\n# opm image\n10.5.14.200/quay.m.daocloud.io/operator-framework/opm:v1.29.0\n\n# minio image\n10.5.14.200/quay.m.daocloud.io/minio/minio:RELEASE.2023-03-24T21-41-23Z\n\n# minio bundle image\n10.5.14.200/quay.m.daocloud.io/operatorhubio/minio-operator:v5.0.3\n\n# minio operator image\n10.5.14.200/quay.m.daocloud.io/minio/operator:v5.0.3\n
Run the opm command to get the operators included in the offline bundle image.
# Create the operator directory\n$ mkdir minio-operator && cd minio-operator \n\n# Get the operator yaml\n$ docker run --user root -v $PWD/minio-operator:/minio-operator ${OPM_IMG} alpha bundle unpack --skip-tls-verify -v -d ${BUNDLE_IMG} -o ./minio-operator\n\n# Expected result\n.\n\u2514\u2500\u2500 minio-operator\n \u251c\u2500\u2500 manifests\n \u2502 \u251c\u2500\u2500 console-env_v1_configmap.yaml\n \u2502 \u251c\u2500\u2500 console-sa-secret_v1_secret.yaml\n \u2502 \u251c\u2500\u2500 console_v1_service.yaml\n \u2502 \u251c\u2500\u2500 minio-operator.clusterserviceversion.yaml\n \u2502 \u251c\u2500\u2500 minio.min.io_tenants.yaml\n \u2502 \u251c\u2500\u2500 operator_v1_service.yaml\n \u2502 \u251c\u2500\u2500 sts.min.io_policybindings.yaml\n \u2502 \u2514\u2500\u2500 sts_v1_service.yaml\n \u2514\u2500\u2500 metadata\n \u2514\u2500\u2500 annotations.yaml\n\n3 directories, 9 files\n
Replace all image addresses in the minio-operator/manifests/minio-operator.clusterserviceversion.yaml file with the image addresses from the offline container registry.
Before replacement:
After replacement:
Generate a Dockerfile for building the bundle image.
$ docker run --user root -v $PWD:/minio-operator -w /minio-operator ${OPM_IMG} alpha bundle generate --channels stable,beta -d /minio-operator/minio-operator/manifests -e stable -p minio-operator \u00a0\n\n# Expected result\n.\n\u251c\u2500\u2500 bundle.Dockerfile\n\u2514\u2500\u2500 minio-operator\n \u251c\u2500\u2500 manifests\n \u2502 \u251c\u2500\u2500 console-env_v1_configmap.yaml\n \u2502 \u251c\u2500\u2500 console-sa-secret_v1_secret.yaml\n \u2502 \u251c\u2500\u2500 console_v1_service.yaml\n \u2502 \u251c\u2500\u2500 minio-operator.clusterserviceversion.yaml\n \u2502 \u251c\u2500\u2500 minio.min.io_tenants.yaml\n \u2502 \u251c\u2500\u2500 operator_v1_service.yaml\n \u2502 \u251c\u2500\u2500 sts.min.io_policybindings.yaml\n \u2502 \u2514\u2500\u2500 sts_v1_service.yaml\n \u2514\u2500\u2500 metadata\n \u2514\u2500\u2500 annotations.yaml\n\n3 directories, 10 files\n
Build the bundle image and push it to the offline registry.
# Set the new bundle image\nexport OFFLINE_BUNDLE_IMG=10.5.14.200/quay.m.daocloud.io/operatorhubio/minio-operator:v5.0.3-offline \n\n$ docker build . -f bundle.Dockerfile -t ${OFFLINE_BUNDLE_IMG} \u00a0\n\n$ docker push ${OFFLINE_BUNDLE_IMG}\n
Generate a Dockerfile for building the catalog image.
$ docker run --user root -v $PWD:/minio-operator -w /minio-operator ${OPM_IMG} index add --bundles ${OFFLINE_BUNDLE_IMG} --generate --binary-image ${OPM_IMG} --skip-tls-verify\n\n# Expected result\n.\n\u251c\u2500\u2500 bundle.Dockerfile\n\u251c\u2500\u2500 database\n\u2502 \u2514\u2500\u2500 index.db\n\u251c\u2500\u2500 index.Dockerfile\n\u2514\u2500\u2500 minio-operator\n \u251c\u2500\u2500 manifests\n \u2502 \u251c\u2500\u2500 console-env_v1_configmap.yaml\n \u2502 \u251c\u2500\u2500 console-sa-secret_v1_secret.yaml\n \u2502 \u251c\u2500\u2500 console_v1_service.yaml\n \u2502 \u251c\u2500\u2500 minio.min.io_tenants.yaml\n \u2502 \u251c\u2500\u2500 minio-operator.clusterserviceversion.yaml\n \u2502 \u251c\u2500\u2500 operator_v1_service.yaml\n \u2502 \u251c\u2500\u2500 sts.min.io_policybindings.yaml\n \u2502 \u2514\u2500\u2500 sts_v1_service.yaml\n \u2514\u2500\u2500 metadata\n \u2514\u2500\u2500 annotations.yaml\n\n4 directories, 12 files\n
Build the catalog image.
# Set the new catalog image \nexport OFFLINE_CATALOG_IMG=10.5.14.200/release.daocloud.io/operator-framework/system-operator-index:v0.1.0-offline\n\n$ docker build . -f index.Dockerfile -t ${OFFLINE_CATALOG_IMG} \n\n$ docker push ${OFFLINE_CATALOG_IMG}\n
Go to Container Management and update the built-in catsrc image for the Helm App olm (enter the catalog image specified in the construction of the catalog image, ${catalog-image} ).
After the update is successful, the minio-operator component will appear in the Operator Hub.
Container management implements authorization based on global authority management and global user/group management. If you need to grant users the highest authority for container management (can create, manage, and delete all clusters), refer to What are Access Control.
"},{"location":"en/admin/kpanda/permissions/cluster-ns-auth.html#prerequisites","title":"Prerequisites","text":"Before authorizing users/groups, complete the following preparations:
The user/group to be authorized has been created in the global management, refer to user.
Only Kpanda Owner and Cluster Admin
of the current cluster have Cluster authorization capability. For details, refer to Permission Description.
only Kpanda Owner , Cluster Admin
for the current cluster, NS Admin
of the current namespace has namespace authorization capability.
After the user logs in to the platform, click Privilege Management under Container Management on the left menu bar, which is located on the Cluster Permissions tab by default.
Click the Add Authorization button.
On the Add Cluster Permission page, select the target cluster, the user/group to be authorized, and click OK .
Currently, the only cluster role supported is Cluster Admin . For details about permissions, refer to Permission Description. If you need to authorize multiple users/groups at the same time, you can click Add User Permissions to add multiple times.
Return to the cluster permission management page, and a message appears on the screen: Cluster permission added successfully .
After the user logs in to the platform, click Permissions under Container Management on the left menu bar, and click the Namespace Permissions tab.
Click the Add Authorization button. On the Add Namespace Permission page, select the target cluster, target namespace, and user/group to be authorized, and click OK .
The currently supported namespace roles are NS Admin, NS Editor, and NS Viewer. For details about permissions, refer to Permission Description. If you need to authorize multiple users/groups at the same time, you can click Add User Permission to add multiple times. Click OK to complete the permission authorization.
Return to the namespace permission management page, and a message appears on the screen: Cluster permission added successfully .
Tip
If you need to delete or edit permissions later, you can click \u2507 on the right side of the list and select Edit or Delete .
In the past, the RBAC rules for those system roles in container management were pre-defined and could not be modified by users. To support more flexible permission settings and to meet the customized needs for system roles, now you can modify RBAC rules for system roles such as cluster admin, ns admin, ns editor, ns viewer.
The following example demonstrates how to add a new ns-view rule, granting the authority to delete workload deployments. Similar operations can be performed for other rules.
"},{"location":"en/admin/kpanda/permissions/custom-kpanda-role.html#prerequisites","title":"Prerequisites","text":"Before adding RBAC rules to system roles, the following prerequisites must be met:
Note
Only ClusterRoles with fixed Label are supported for adding rules. Replacing or deleting rules is not supported, nor is adding rules by using role. The correspondence between built-in roles and ClusterRole Label created by users is as follows.
cluster-admin: rbac.kpanda.io/role-template-cluster-admin: \"true\"\ncluster-edit: rbac.kpanda.io/role-template-cluster-edit: \"true\"\ncluster-view: rbac.kpanda.io/role-template-cluster-view: \"true\"\nns-admin: rbac.kpanda.io/role-template-ns-admin: \"true\"\nns-edit: rbac.kpanda.io/role-template-ns-edit: \"true\"\nns-view: rbac.kpanda.io/role-template-ns-view: \"true\"\n
Create a deployment by a user with admin
or cluster admin
permissions.
Grant a user the ns-viewer
role to provide them with the ns-view
permission.
Switch the login user to ns-viewer, open the console to get the token for the ns-viewer user, and use curl
to request and delete the nginx deployment mentioned above. However, a prompt appears as below, indicating the user doesn't have permission to delete it.
[root@master-01 ~]# curl -k -X DELETE 'https://${URL}/apis/kpanda.io/v1alpha1/clusters/cluster-member/namespaces/default/deployments/nginx' -H 'authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJOU044MG9BclBRMzUwZ2VVU2ZyNy1xMEREVWY4MmEtZmJqR05uRE1sd1lFIn0.eyJleHAiOjE3MTU3NjY1NzksImlhdCI6MTcxNTY4MDE3OSwiYXV0aF90aW1lIjoxNzE1NjgwMTc3LCJqdGkiOiIxZjI3MzJlNC1jYjFhLTQ4OTktYjBiZC1iN2IxZWY1MzAxNDEiLCJpc3MiOiJodHRwczovLzEwLjYuMjAxLjIwMTozMDE0Ny9hdXRoL3JlYWxtcy9naGlwcG8iLCJhdWQiOiJfX2ludGVybmFsLWdoaXBwbyIsInN1YiI6ImMxZmMxM2ViLTAwZGUtNDFiYS05ZTllLWE5OGU2OGM0MmVmMCIsInR5cCI6IklEIiwiYXpwIjoiX19pbnRlcm5hbC1naGlwcG8iLCJzZXNzaW9uX3N0YXRlIjoiMGJjZWRjZTctMTliYS00NmU1LTkwYmUtOTliMWY2MWEyNzI0IiwiYXRfaGFzaCI6IlJhTHoyQjlKQ2FNc1RrbGVMR3V6blEiLCJhY3IiOiIwIiwic2lkIjoiMGJjZWRjZTctMTliYS00NmU1LTkwYmUtOTliMWY2MWEyNzI0IiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJncm91cHMiOltdLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJucy12aWV3ZXIiLCJsb2NhbGUiOiIifQ.As2ipMjfvzvgONAGlc9RnqOd3zMwAj82VXlcqcR74ZK9tAq3Q4ruQ1a6WuIfqiq8Kq4F77ljwwzYUuunfBli2zhU2II8zyxVhLoCEBu4pBVBd_oJyUycXuNa6HfQGnl36E1M7-_QG8b-_T51wFxxVb5b7SEDE1AvIf54NAlAr-rhDmGRdOK1c9CohQcS00ab52MD3IPiFFZ8_Iljnii-RpXKZoTjdcULJVn_uZNk_SzSUK-7MVWmPBK15m6sNktOMSf0pCObKWRqHd15JSe-2aA2PKBo1jBH3tHbOgZyMPdsLI0QdmEnKB5FiiOeMpwn_oHnT6IjT-BZlB18VkW8rA'\n{\"code\":7,\"message\":\"[RBAC] delete resources(deployments: nginx) is forbidden for user(ns-viewer) in cluster(cluster-member)\",\"details\":[]}[root@master-01 ~]#\n[root@master-01 ~]#\n
Create a ClusterRole on the global cluster, as shown in the yaml below.
apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n name: append-ns-view # (1)!\n labels:\n rbac.kpanda.io/role-template-ns-view: \"true\" # (2)!\nrules:\n - apiGroups: [ \"apps\" ]\n resources: [ \"deployments\" ]\n verbs: [ \"delete\" ]\n
Wait for the kpanda controller to add a rule of user creation to the built-in role: ns-viewer, then you can check if the rules added in the previous step are present for ns-viewer.
[root@master-01 ~]# kubectl get clusterrole role-template-ns-view -oyaml|grep deployments -C 10|tail -n 6\n
- apiGroups:\n - apps\n resources:\n - deployments\n verbs:\n - delete\n
When using curl again to request the deletion of the aforementioned nginx deployment, this time the deletion was successful. This means that ns-viewer has successfully added the rule to delete deployments.
[root@master-01 ~]# curl -k -X DELETE 'https://${URL}/apis/kpanda.io/v1alpha1/clusters/cluster-member/namespaces/default/deployments/nginx' -H 'authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJOU044MG9BclBRMzUwZ2VVU2ZyNy1xMEREVWY4MmEtZmJqR05uRE1sd1lFIn0.eyJleHAiOjE3MTU3NjY1NzksImlhdCI6MTcxNTY4MDE3OSwiYXV0aF90aW1lIjoxNzE1NjgwMTc3LCJqdGkiOiIxZjI3MzJlNC1jYjFhLTQ4OTktYjBiZC1iN2IxZWY1MzAxNDEiLCJpc3MiOiJodHRwczovLzEwLjYuMjAxLjIwMTozMDE0Ny9hdXRoL3JlYWxtcy9naGlwcG8iLCJhdWQiOiJfX2ludGVybmFsLWdoaXBwbyIsInN1YiI6ImMxZmMxM2ViLTAwZGUtNDFiYS05ZTllLWE5OGU2OGM0MmVmMCIsInR5cCI6IklEIiwiYXpwIjoiX19pbnRlcm5hbC1naGlwcG8iLCJzZXNzaW9uX3N0YXRlIjoiMGJjZWRjZTctMTliYS00NmU1LTkwYmUtOTliMWY2MWEyNzI0IiwiYXRfaGFzaCI6IlJhTHoyQjlKQ2FNc1RrbGVMR3V6blEiLCJhY3IiOiIwIiwic2lkIjoiMGJjZWRjZTctMTliYS00NmU1LTkwYmUtOTliMWY2MWEyNzI0IiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJncm91cHMiOltdLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJucy12aWV3ZXIiLCJsb2NhbGUiOiIifQ.As2ipMjfvzvgONAGlc9RnqOd3zMwAj82VXlcqcR74ZK9tAq3Q4ruQ1a6WuIfqiq8Kq4F77ljwwzYUuunfBli2zhU2II8zyxVhLoCEBu4pBVBd_oJyUycXuNa6HfQGnl36E1M7-_QG8b-_T51wFxxVb5b7SEDE1AvIf54NAlAr-rhDmGRdOK1c9CohQcS00ab52MD3IPiFFZ8_Iljnii-RpXKZoTjdcULJVn_uZNk_SzSUK-7MVWmPBK15m6sNktOMSf0pCObKWRqHd15JSe-2aA2PKBo1jBH3tHbOgZyMPdsLI0QdmEnKB5FiiOeMpwn_oHnT6IjT-BZlB18VkW8rA'\n
Container management permissions are based on a multi-dimensional permission management system created by global permission management and Kubernetes RBAC permission management. It supports cluster-level and namespace-level permission control, helping users to conveniently and flexibly set different operation permissions for IAM users and groups (collections of users) under a tenant.
"},{"location":"en/admin/kpanda/permissions/permission-brief.html#cluster-permissions","title":"Cluster Permissions","text":"Cluster permissions are authorized based on Kubernetes RBAC's ClusterRoleBinding, allowing users/groups to have cluster-related permissions. The current default cluster role is Cluster Admin (does not have the permission to create or delete clusters).
"},{"location":"en/admin/kpanda/permissions/permission-brief.html#cluster-admin","title":"Cluster Admin","text":"Cluster Admin has the following permissions:
The YAML example for this cluster role is as follows:
apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n annotations:\n kpanda.io/creator: system\n creationTimestamp: \"2022-06-16T09:42:49Z\"\n labels:\n iam.kpanda.io/role-template: \"true\"\n name: role-template-cluster-admin\n resourceVersion: \"15168\"\n uid: f8f86d42-d5ef-47aa-b284-097615795076\nrules:\n- apiGroups:\n - '*'\n resources:\n - '*'\n verbs:\n - '*'\n- nonResourceURLs:\n - '*'\n verbs:\n - '*'\n
"},{"location":"en/admin/kpanda/permissions/permission-brief.html#namespace-permissions","title":"Namespace Permissions","text":"Namespace permissions are authorized based on Kubernetes RBAC capabilities, allowing different users/groups to have different operation permissions on resources under a namespace (including Kubernetes API permissions). For details, refer to: Kubernetes RBAC. Currently, the default roles for container management are: NS Admin, NS Editor, NS Viewer.
"},{"location":"en/admin/kpanda/permissions/permission-brief.html#ns-admin","title":"NS Admin","text":"NS Admin has the following permissions:
The YAML example for this cluster role is as follows:
apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n annotations:\n kpanda.io/creator: system\n creationTimestamp: \"2022-06-16T09:42:49Z\"\n labels:\n iam.kpanda.io/role-template: \"true\"\n name: role-template-ns-admin\n resourceVersion: \"15173\"\n uid: 69f64c7e-70e7-4c7c-a3e0-053f507f2bc3\nrules:\n- apiGroups:\n - '*'\n resources:\n - '*'\n verbs:\n - '*'\n- nonResourceURLs:\n - '*'\n verbs:\n - '*' \n
"},{"location":"en/admin/kpanda/permissions/permission-brief.html#ns-editor","title":"NS Editor","text":"NS Editor has the following permissions:
apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n annotations:\n kpanda.io/creator: system\n creationTimestamp: \"2022-06-16T09:42:50Z\"\n labels:\n iam.kpanda.io/role-template: \"true\"\n name: role-template-ns-edit\n resourceVersion: \"15175\"\n uid: ca9e690e-96c0-4978-8915-6e4c00c748fe\nrules:\n- apiGroups:\n - \"\"\n resources:\n - configmaps\n - endpoints\n - persistentvolumeclaims\n - persistentvolumeclaims/status\n - pods\n - replicationcontrollers\n - replicationcontrollers/scale\n - serviceaccounts\n - services\n - services/status\n verbs:\n - '*'\n- apiGroups:\n - \"\"\n resources:\n - bindings\n - events\n - limitranges\n - namespaces/status\n - pods/log\n - pods/status\n - replicationcontrollers/status\n - resourcequotas\n - resourcequotas/status\n verbs:\n - '*'\n- apiGroups:\n - \"\"\n resources:\n - namespaces\n verbs:\n - '*'\n- apiGroups:\n - apps\n resources:\n - controllerrevisions\n - daemonsets\n - daemonsets/status\n - deployments\n - deployments/scale\n - deployments/status\n - replicasets\n - replicasets/scale\n - replicasets/status\n - statefulsets\n - statefulsets/scale\n - statefulsets/status\n verbs:\n - '*'\n- apiGroups:\n - autoscaling\n resources:\n - horizontalpodautoscalers\n - horizontalpodautoscalers/status\n verbs:\n - '*'\n- apiGroups:\n - batch\n resources:\n - cronjobs\n - cronjobs/status\n - jobs\n - jobs/status\n verbs:\n - '*'\n- apiGroups:\n - extensions\n resources:\n - daemonsets\n - daemonsets/status\n - deployments\n - deployments/scale\n - deployments/status\n - ingresses\n - ingresses/status\n - networkpolicies\n - replicasets\n - replicasets/scale\n - replicasets/status\n - replicationcontrollers/scale\n verbs:\n - '*'\n- apiGroups:\n - policy\n resources:\n - poddisruptionbudgets\n - poddisruptionbudgets/status\n verbs:\n - '*'\n- apiGroups:\n - networking.k8s.io\n resources:\n - ingresses\n - ingresses/status\n - networkpolicies\n verbs:\n - '*' \n
"},{"location":"en/admin/kpanda/permissions/permission-brief.html#ns-viewer","title":"NS Viewer","text":"NS Viewer has the following permissions:
apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n annotations:\n kpanda.io/creator: system\n creationTimestamp: \"2022-06-16T09:42:50Z\"\n labels:\n iam.kpanda.io/role-template: \"true\"\n name: role-template-ns-view\n resourceVersion: \"15183\"\n uid: 853888fd-6ee8-42ac-b91e-63923918baf8\nrules:\n- apiGroups:\n - \"\"\n resources:\n - configmaps\n - endpoints\n - persistentvolumeclaims\n - persistentvolumeclaims/status\n - pods\n - replicationcontrollers\n - replicationcontrollers/scale\n - serviceaccounts\n - services\n - services/status\n verbs:\n - get\n - list\n - watch\n- apiGroups:\n - \"\"\n resources:\n - bindings\n - events\n - limitranges\n - namespaces/status\n - pods/log\n - pods/status\n - replicationcontrollers/status\n - resourcequotas\n - resourcequotas/status\n verbs:\n - get\n - list\n - watch\n- apiGroups:\n - \"\"\n resources:\n - namespaces\n verbs:\n - get\n - list\n - watch\n- apiGroups:\n - apps\n resources:\n - controllerrevisions\n - daemonsets\n - daemonsets/status\n - deployments\n - deployments/scale\n - deployments/status\n - replicasets\n - replicasets/scale\n - replicasets/status\n - statefulsets\n - statefulsets/scale\n - statefulsets/status\n verbs:\n - get\n - list\n - watch\n- apiGroups:\n - autoscaling\n resources:\n - horizontalpodautoscalers\n - horizontalpodautoscalers/status\n verbs:\n - get\n - list\n - watch\n- apiGroups:\n - batch\n resources:\n - cronjobs\n - cronjobs/status\n - jobs\n - jobs/status\n verbs:\n - get\n - list\n - watch\n- apiGroups:\n - extensions\n resources:\n - daemonsets\n - daemonsets/status\n - deployments\n - deployments/scale\n - deployments/status\n - ingresses\n - ingresses/status\n - networkpolicies\n - replicasets\n - replicasets/scale\n - replicasets/status\n - replicationcontrollers/scale\n verbs:\n - get\n - list\n - watch\n- apiGroups:\n - policy\n resources:\n - poddisruptionbudgets\n - poddisruptionbudgets/status\n verbs:\n - get\n - list\n - watch\n- apiGroups:\n - networking.k8s.io\n resources:\n - ingresses\n - ingresses/status\n - networkpolicies\n verbs:\n - get\n - list\n - watch \n
"},{"location":"en/admin/kpanda/permissions/permission-brief.html#permissions-faq","title":"Permissions FAQ","text":"What is the relationship between global permissions and container management permissions?
Answer: Global permissions only authorize coarse-grained permissions, which can manage the creation, editing, and deletion of all clusters; while for fine-grained permissions, such as the management permissions of a single cluster, the management, editing, and deletion permissions of a single namespace, they need to be implemented based on Kubernetes RBAC container management permissions. Generally, users only need to be authorized in container management.
Currently, only four default roles are supported. Can the RoleBinding and ClusterRoleBinding (Kubernetes fine-grained RBAC) for custom roles also take effect?
Answer: Currently, custom permissions cannot be managed through the graphical interface, but the permission rules created using kubectl can still take effect.
Suanova AI platform supports elastic scaling of Pod resources based on metrics (Horizontal Pod Autoscaling, HPA). Users can dynamically adjust the number of copies of Pod resources by setting CPU utilization, memory usage, and custom metrics. For example, after setting an auto scaling policy based on the CPU utilization metric for the workload, when the CPU utilization of the Pod exceeds/belows the metric threshold you set, the workload controller will automatically increase/decrease the number of Pod replicas.
This page describes how to configure auto scaling based on built-in metrics and custom metrics for workloads.
Note
The system has two built-in elastic scaling metrics of CPU and memory to meet users' basic business cases.
"},{"location":"en/admin/kpanda/scale/create-hpa.html#prerequisites","title":"Prerequisites","text":"Before configuring the built-in index auto scaling policy for the workload, the following prerequisites need to be met:
Integrated the Kubernetes cluster or created the Kubernetes cluster, and you can access the UI interface of the cluster.
Created a namespace, deployment or statefulset.
You should have permissions not lower than NS Editor. For details, refer to Namespace Authorization.
Installed metrics-server plugin install.
Refer to the following steps to configure the built-in index auto scaling policy for the workload.
Click Clusters on the left navigation bar to enter the cluster list page. Click a cluster name to enter the Cluster Details page.
On the cluster details page, click Workload in the left navigation bar to enter the workload list, and then click a workload name to enter the Workload Details page.
Click the Auto Scaling tab to view the auto scaling configuration of the current cluster.
After confirming that the cluster has installed the metrics-server plug-in, and the plug-in is running normally, you can click the New Scaling button.
Create custom metric auto scaling policy parameters.
After completing the parameter configuration, click the OK button to automatically return to the elastic scaling details page. Click \u2507 on the right side of the list to edit, delete, and view related events.
The container Vertical Pod Autoscaler (VPA) calculates the most suitable CPU and memory request values \u200b\u200bfor the Pod by monitoring the Pod's resource application and usage over a period of time. Using VPA can allocate resources to each Pod in the cluster more reasonably, improve the overall resource utilization of the cluster, and avoid waste of cluster resources.
AI platform supports VPA through containers. Based on this feature, the Pod request value can be dynamically adjusted according to the usage of container resources. AI platform supports manual and automatic modification of resource request values, and you can configure them according to actual needs.
This page describes how to configure VPA for deployment.
Warning
Using VPA to modify a Pod resource request will trigger a Pod restart. Due to the limitations of Kubernetes itself, Pods may be scheduled to other nodes after restarting.
"},{"location":"en/admin/kpanda/scale/create-vpa.html#prerequisites","title":"Prerequisites","text":"Before configuring a vertical scaling policy for deployment, the following prerequisites must be met:
In the Container Management module Integrate Kubernetes Cluster or Create Kubernetes Cluster, and can access the cluster UI interface.
Create a namespace, user, Deployments or Statefulsets.
The current operating user should have NS Editor or higher permissions, for details, refer to Namespace Authorization.
The current cluster has installed metrics-server and VPA plugins.
Refer to the following steps to configure the built-in index auto scaling policy for the deployment.
Find the current cluster in Clusters , and click the name of the target cluster.
Click Deployments in the left navigation bar, find the deployment that needs to create a VPA, and click the name of the deployment.
Click the Auto Scaling tab to view the auto scaling configuration of the current cluster, and confirm that the relevant plug-ins have been installed and are running normally.
Click the Create Autoscaler button and configure the VPA vertical scaling policy parameters.
After completing the parameter configuration, click the OK button to automatically return to the elastic scaling details page. Click \u2507 on the right side of the list to perform edit and delete operations.
When the built-in CPU and memory metrics in the system do not meet your business needs, you can add custom metrics by configuring ServiceMonitoring and achieve auto-scaling based on these custom metrics. This article will introduce how to configure auto-scaling for workloads based on custom metrics.
Note
Before configuring the custom metrics auto-scaling policy for workloads, the following prerequisites must be met:
Refer to the following steps to configure the auto-scaling policy based on metrics for workloads.
Click Clusters in the left navigation bar to enter the clusters page. Click a cluster name to enter the Cluster Overview page.
On the Cluster Details page, click Workloads in the left navigation bar to enter the workload list, and click a workload name to enter the Workload Details page.
Click the Auto Scaling tab to view the current autoscaling configuration of the cluster.
Confirm that the cluster has installed metrics-server, Insight, and Prometheus-adapter plugins, and that the plugins are running normally, then click the Create AutoScaler button.
Note
If the related plugins are not installed or the plugins are in an abnormal state, you will not be able to see the entry for creating custom metrics auto-scaling on the page.
Create custom metrics auto-scaling policy parameters.
This case takes a Golang business program as an example. The example program exposes the httpserver_requests_total
metric and records HTTP requests. This metric can be used to calculate the QPS value of the business program.
Use Deployment to deploy the business program:
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: httpserver\n namespace: httpserver\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: httpserver\n template:\n metadata:\n labels:\n app: httpserver\n spec:\n containers:\n - name: httpserver\n image: registry.imroc.cc/test/httpserver:custom-metrics\n imagePullPolicy: Always\n---\n\napiVersion: v1\nkind: Service\nmetadata:\n name: httpserver\n namespace: httpserver\n labels:\n app: httpserver\n annotations:\n prometheus.io/scrape: \"true\"\n prometheus.io/path: \"/metrics\"\n prometheus.io/port: \"http\"\nspec:\n type: ClusterIP\n ports:\n - port: 80\n protocol: TCP\n name: http\n selector:\n app: httpserver\n
"},{"location":"en/admin/kpanda/scale/custom-hpa.html#prometheus-collects-business-monitoring","title":"Prometheus Collects Business Monitoring","text":"If the insight-agent is installed, Prometheus can be configured by creating a ServiceMonitor CRD object.
Operation steps: In Cluster Details -> Custom Resources, search for \u201cservicemonitors.monitoring.coreos.com\", click the name to enter the details. Create the following example CRD in the httpserver namespace via YAML:
apiVersion: monitoring.coreos.com/v1\nkind: ServiceMonitor\nmetadata:\n name: httpserver\n namespace: httpserver\n labels:\n operator.insight.io/managed-by: insight\nspec:\n endpoints:\n - port: http\n interval: 5s\n namespaceSelector:\n matchNames:\n - httpserver\n selector:\n matchLabels:\n app: httpserver\n
Note
If Prometheus is installed via insight, the serviceMonitor must be labeled with operator.insight.io/managed-by: insight
. If installed by other means, this label is not required.
steps: In Clusters -> Helm Apps, search for \u201cprometheus-adapter\",enter the update page through the action bar, and configure custom metrics in YAML as follows:
rules:\n custom:\n - metricsQuery: sum(rate(<<.Series>>{<<.LabelMatchers>>}[1m])) by (<<.GroupBy>>)\n name:\n as: httpserver_requests_qps\n matches: httpserver_requests_total\n resources:\n template: <<.Resource>>\n seriesQuery: httpserver_requests_total\n
"},{"location":"en/admin/kpanda/scale/custom-hpa.html#create-custom-metrics-auto-scaling-policy-parameters","title":"Create Custom Metrics Auto-scaling Policy Parameters","text":"Follow the above steps to find the application httpserver in the Deployment and create auto-scaling via custom metrics.
"},{"location":"en/admin/kpanda/scale/hpa-cronhpa-compatibility-rules.html","title":"Compatibility Rules for HPA and CronHPA","text":"HPA stands for HorizontalPodAutoscaler, which refers to horizontal pod auto-scaling.
CronHPA stands for Cron HorizontalPodAutoscaler, which refers to scheduled horizontal pod auto-scaling.
"},{"location":"en/admin/kpanda/scale/hpa-cronhpa-compatibility-rules.html#conflict-between-cronhpa-and-hpa","title":"Conflict Between CronHPA and HPA","text":"Scheduled scaling with CronHPA triggers horizontal pod scaling at specified times. To prevent sudden traffic surges, you may have configured HPA to ensure the normal operation of your application. If both HPA and CronHPA are detected simultaneously, conflicts arise because CronHPA and HPA operate independently without awareness of each other. Consequently, the actions performed last will override those executed first.
By comparing the definition templates of CronHPA and HPA, the following points can be observed:
scaleTargetRef
field to identify the scaling target.Note
If both CronHPA and HPA are set, there will be scenarios where CronHPA and HPA simultaneously operate on a single scaleTargetRef
.
As noted above, the fundamental reason that simultaneous use of CronHPA and HPA results in the later action overriding the earlier one is that the two controllers cannot sense each other. Therefore, the conflict can be resolved by enabling CronHPA to be aware of HPA's current state.
The system will treat HPA as the scaling object for CronHPA, thus achieving scheduled scaling for the Deployment object defined by the HPA.
HPA's definition configures the Deployment in the scaleTargetRef
field, and then the Deployment uses its definition to locate the ReplicaSet, which ultimately adjusts the actual number of replicas.
In AI platform, the scaleTargetRef
in CronHPA is set to the HPA object, and it uses the HPA object to find the actual scaleTargetRef
, allowing CronHPA to be aware of HPA's current state.
CronHPA senses HPA by adjusting HPA. CronHPA determines whether scaling is needed and modifies the HPA upper limit by comparing the target number of replicas with the current number of replicas, choosing the larger value. Similarly, CronHPA determines whether to modify the HPA lower limit by comparing the target number of replicas from CronHPA with the configuration in HPA, choosing the smaller value.
"},{"location":"en/admin/kpanda/scale/install-cronhpa.html","title":"Install kubernetes-cronhpa-controller","text":"The container copy timing horizontal autoscaling policy (CronHPA) can provide stable computing resource guarantee for periodic high-concurrency applications, and kubernetes-cronhpa-controller is a key component to implement CronHPA.
This section describes how to install the kubernetes-cronhpa-controller plugin.
Note
In order to use CornHPA, not only the kubernetes-cronhpa-controller plugin needs to be installed, but also install the metrics-server plugin.
"},{"location":"en/admin/kpanda/scale/install-cronhpa.html#prerequisites","title":"Prerequisites","text":"Before installing the kubernetes-cronhpa-controller plugin, the following prerequisites need to be met:
In the Container Management module Integrate Kubernetes Cluster or Create Kubernetes Cluster, and can access the cluster UI interface.
Create a namespace.
The current operating user should have NS Editor or higher permissions, for details, refer to Namespace Authorization.
Refer to the following steps to install the kubernetes-cronhpa-controller plugin for the cluster.
On the Clusters page, find the target cluster where the plugin needs to be installed, click the name of the cluster, then click Workloads -> Deployments on the left, and click the name of the target workload.
On the workload details page, click the Auto Scaling tab, and click Install on the right side of CronHPA .
Read the relevant introduction of the plug-in, select the version and click the Install button. It is recommended to install 1.3.0 or later.
Refer to the following instructions to configure the parameters.
Note
After enabling ready wait and/or failed deletion , it takes a long time for the application to be marked as \"running\".
Click OK in the lower right corner of the page, and the system will automatically jump to the Helm Apps list page. Wait a few minutes and refresh the page to see the application you just installed.
Warning
If you need to delete the kubernetes-cronhpa-controller plugin, you should go to the Helm Apps list page to delete it completely.
If you delete the plug-in under the Auto Scaling tab of the workload, this only deletes the workload copy of the plug-in, and the plug-in itself is still not deleted, and an error will be prompted when the plug-in is reinstalled later.
Go back to the Auto Scaling tab under the workload details page, and you can see that the interface displays Plug-in installed . Now it's time to start creating CronHPA policies.
metrics-server is the built-in resource usage metrics collection component of Kubernetes. You can automatically scale Pod copies horizontally for workload resources by configuring HPA policies.
This section describes how to install metrics-server .
"},{"location":"en/admin/kpanda/scale/install-metrics-server.html#prerequisites","title":"Prerequisites","text":"Before installing the metrics-server plugin, the following prerequisites need to be met:
Integrated the Kubernetes cluster or created the Kubernetes cluster, and you can access the UI interface of the cluster.
Created a namespace.
You should have permissions not lower than NS Editor. For details, refer to Namespace Authorization.
Please perform the following steps to install the metrics-server plugin for the cluster.
On the Auto Scaling page under workload details, click the Install button to enter the metrics-server plug-in installation interface.
Read the introduction of the metrics-server plugin, select the version and click the Install button. This page will use the 3.8.2 version as an example to install, and it is recommended that you install 3.8.2 and later versions.
Configure basic parameters on the installation configuration interface.
Note
After enabling Wait and/or Deletion failed , it takes a long time for the app to be marked as Running .
Advanced parameter configuration
If the cluster network cannot access the k8s.gcr.io repository, please try to modify the repositort parameter to repository: k8s.m.daocloud.io/metrics-server/metrics-server .
An SSL certificate is also required to install the metrics-server plugin. To bypass certificate verification, you need to add - --kubelet-insecure-tls parameter at defaultArgs: .
image:\n repository: k8s.m.daocloud.io/metrics-server/metrics-server # Change the registry source address to k8s.m.daocloud.io\n tag: ''\n pullPolicy: IfNotPresent\nimagePullSecrets: []\nnameOverride: ''\nfullnameOverride: ''\nserviceAccount:\n create: true\n annotations: {}\n name: ''\nrbac:\n create: true\n pspEnabled: false\napiService:\n create: true\npodLabels: {}\npodAnnotations: {}\npodSecurityContext: {}\nsecurityContext:\n allowPrivilegeEscalation: false\n readOnlyRootFilesystem: true\n runAsNonRoot: true\n runAsUser: 1000\npriorityClassName: system-cluster-critical\ncontainerPort: 4443\nhostNetwork:\n enabled: false\nreplicas: 1\nupdateStrategy: {}\npodDisruptionBudget:\n enabled: false\n minAvailable: null\n maxUnavailable: null\ndefaultArgs:\n - '--cert-dir=/tmp'\n - '--kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname'\n - '--kubelet-use-node-status-port'\n - '--metric-resolution=15s'\n - --kubelet-insecure-tls # Bypass certificate verification\nargs: []\nlivenessProbe:\n httpGet:\n path: /livez\n port:https\n scheme: HTTPS\n initialDelaySeconds: 0\n periodSeconds: 10\n failureThreshold: 3\nreadinessProbe:\n httpGet:\n path: /readyz\n port:https\n scheme: HTTPS\n initialDelaySeconds: 20\n periodSeconds: 10\n failureThreshold: 3\nservice:\n type: ClusterIP\n port: 443\n annotations: {}\n labels: {}\nmetrics:\n enabled: false\nserviceMonitor:\n enabled: false\n additionalLabels: {}\n interval: 1m\n scrapeTimeout: 10s\nresources: {}\nextraVolumeMounts: []\nextraVolumes: []\nnodeSelector: {}\ntolerations: []\naffinity: {}\n
Click the OK button to complete the installation of the metrics-server plug-in, and then the system will automatically jump to the Helm Apps list page. After a few minutes, refresh the page and you will see the newly installed Applications.
Note
When deleting the metrics-server plugin, the plugin can only be completely deleted on the Helm Apps list page. If you only delete metrics-server on the workload page, this only deletes the workload copy of the application, the application itself is still not deleted, and an error will be prompted when you reinstall the plugin later.
"},{"location":"en/admin/kpanda/scale/install-vpa.html","title":"Install vpa","text":"The Vertical Pod Autoscaler, VPA, can make the resource allocation of the cluster more reasonable and avoid the waste of cluster resources. vpa is the key component to realize the vertical autoscaling of the container.
This section describes how to install the vpa plugin.
In order to use VPA policies, not only the __vpa__ plugin needs to be installed, but also [install the __metrics-server__ plugin](install-metrics-server.md).\n
"},{"location":"en/admin/kpanda/scale/install-vpa.html#prerequisites","title":"Prerequisites","text":"Before installing the vpa plugin, the following prerequisites need to be met:
In the Container Management module Integrate Kubernetes Cluster or Create Kubernetes Cluster, and can access the cluster UI interface.
Create a namespace.
The current operating user should have NS Editor or higher permissions, for details, refer to Namespace Authorization.
Refer to the following steps to install the vpa plugin for the cluster.
On the Clusters page, find the target cluster where the plugin needs to be installed, click the name of the cluster, then click Workloads -> Deployments on the left, and click the name of the target workload.
On the workload details page, click the Auto Scaling tab, and click Install on the right side of VPA .
Read the relevant introduction of the plug-in, select the version and click the Install button. It is recommended to install 1.5.0 or later.
Review the configuration parameters described below.
Note
After enabling Wait and/or Deletion failed , it takes a long time for the application to be marked as running .
Click OK in the lower right corner of the page, and the system will automatically jump to the Helm Apps list page. Wait a few minutes and refresh the page to see the application you just installed.
Warning
If you need to delete the vpa plugin, you should go to the Helm Apps list page to delete it completely.
If you delete the plug-in under the Auto Scaling tab of the workload, this only deletes the workload copy of the plug-in, and the plug-in itself is still not deleted, and an error will be prompted when the plug-in is reinstalled later.
Go back to the Auto Scaling tab under the workload details page, and you can see that the interface displays Plug-in installed . Now you can start Create VPA policy.
Knative is a platform-agnostic solution for running serverless deployments.
"},{"location":"en/admin/kpanda/scale/knative/install.html#steps","title":"Steps","text":"Log in to the cluster, click the sidebar Helm Apps \u2192 Helm Charts , enter knative in the search box at the top right, and then press the enter key to search.
Click the knative-operator to enter the installation configuration interface. You can view the available versions and the Parameters optional items of Helm values on this interface.
After clicking the install button, you will enter the installation configuration interface.
Enter the name, installation tenant, and it is recommended to check Wait and Detailed Logs .
In the settings below, you can tick Serving and enter the installation tenant of the Knative Serving component, which will deploy the Knative Serving component after installation. This component is managed by the Knative Operator.
Knative provides a higher level of abstraction, simplifying and speeding up the process of building, deploying, and managing applications on Kubernetes. It allows developers to focus more on implementing business logic, while leaving most of the infrastructure and operations work to Knative, significantly improving productivity.
"},{"location":"en/admin/kpanda/scale/knative/knative.html#components","title":"Components","text":"The Knative operator runs the following components.
knative-operator knative-operator-58f7d7db5c-7f6r5 1/1 Running 0 6m55s\nknative-operator operator-webhook-667dc67bc-qvrv4 1/1 Running 0 6m55s\n
The Knative serving components are as follows.
knative-serving 3scale-kourier-gateway-d69fbfbd-bd8d8 1/1 Running 0 7m13s\nknative-serving activator-7c6fddd698-wdlng 1/1 Running 0 7m3s\nknative-serving autoscaler-8f4b876bb-kd25p 1/1 Running 0 7m17s\nknative-serving autoscaler-hpa-5f7f74679c-vkc7p 1/1 Running 0 7m15s\nknative-serving controller-789c896c46-tfvsv 1/1 Running 0 7m17s\nknative-serving net-kourier-controller-7db578c889-7gd5l 1/1 Running 0 7m14s\nknative-serving webhook-5c88b94c5-78x7m 1/1 Running 0 7m1s\nknative-serving storage-version-migration-serving-serving-1.12.2-t7zvd 0/1 Completed 0 7m15s\n
Component Features Activator Queues requests (if a Knative Service has scaled to zero). Calls the autoscaler to bring back services that have scaled down to zero and forward queued requests. The Activator can also act as a request buffer, handling bursts of traffic. Autoscaler Responsible for scaling Knative services based on configuration, metrics, and incoming requests. Controller Manages the state of Knative CRs. It monitors multiple objects, manages the lifecycle of dependent resources, and updates resource status. Queue-Proxy Sidecar container injected into each Knative Service. Responsible for collecting traffic data and reporting it to the Autoscaler, which then initiates scaling requests based on this data and preset rules. Webhooks Knative Serving has several Webhooks responsible for validating and mutating Knative resources."},{"location":"en/admin/kpanda/scale/knative/knative.html#ingress-traffic-entry-solutions","title":"Ingress Traffic Entry Solutions","text":"Solution Use Case Istio If Istio is already in use, it can be chosen as the traffic entry solution. Contour If Contour has been enabled in the cluster, it can be chosen as the traffic entry solution. Kourier If neither of the above two Ingress components are present, Knative's Envoy-based Kourier Ingress can be used as the traffic entry solution."},{"location":"en/admin/kpanda/scale/knative/knative.html#autoscaler-solutions-comparison","title":"Autoscaler Solutions Comparison","text":"Autoscaler Type Core Part of Knative Serving Default Enabled Scale to Zero Support CPU-based Autoscaling Support Knative Pod Autoscaler (KPA) Yes Yes Yes No Horizontal Pod Autoscaler (HPA) No Needs to be enabled after installing Knative Serving No Yes"},{"location":"en/admin/kpanda/scale/knative/knative.html#crd","title":"CRD","text":"Resource Type API Name Description Services service.serving.knative.dev
Automatically manages the entire lifecycle of Workloads, controls the creation of other objects, ensures applications have Routes, Configurations, and new revisions with each update. Routes route.serving.knative.dev
Maps network endpoints to one or more revision versions, supports traffic distribution and version routing. Configurations configuration.serving.knative.dev
Maintains the desired state of deployments, provides separation between code and configuration, follows the Twelve-Factor App methodology, modifying configurations creates new revisions. Revisions revision.serving.knative.dev
Snapshot of the workload at each modification time point, immutable object, automatically scales based on traffic."},{"location":"en/admin/kpanda/scale/knative/playground.html","title":"Knative Practices","text":"In this section, we will delve into learning Knative through several practical exercises.
"},{"location":"en/admin/kpanda/scale/knative/playground.html#case-1-hello-world","title":"Case 1 - Hello World","text":"apiVersion: serving.knative.dev/v1\nkind: Service\nmetadata:\n name: hello\nspec:\n template:\n spec:\n containers:\n - image: m.daocloud.io/ghcr.io/knative/helloworld-go:latest\n ports:\n - containerPort: 8080\n env:\n - name: TARGET\n value: \"World\"\n
You can use kubectl
to check the status of a deployed application that has been automatically configured with ingress and scalers by Knative.
~ kubectl get service.serving.knative.dev/hello\nNAME URL LATESTCREATED LATESTREADY READY REASON\nhello http://hello.knative-serving.knative.loulan.me hello-00001 hello-00001 True\n
The deployed Pod YAML is as follows, consisting of two Pods: user-container
and queue-proxy
.
apiVersion: v1\nkind: Pod\nmetadata:\n name: hello-00003-deployment-5fcb8ccbf-7qjfk\nspec:\n containers:\n - name: user-container\n - name: queue-proxy\n
Request Flow:
case3 When the traffic decreases again, traffic will be routed back to the activator if the traffic is lower than current_demand + target-burst-capacity > (pods * concurrency-target).
The total number of pending requests + the number of requests that can exceed the target concurrency > the target concurrency per Pod * number of Pods.
We first apply the following YAML definition under the cluster.
apiVersion: serving.knative.dev/v1\nkind: Service\nmetadata:\n name: hello\nspec:\n template:\n metadata:\n annotations:\n autoscaling.knative.dev/target: \"1\"\n autoscaling.knative.dev/class: \"kpa.autoscaling.knative.dev\"\n spec:\n containers:\n - image: m.daocloud.io/ghcr.io/knative/helloworld-go:latest\n ports:\n - containerPort: 8080\n env:\n - name: TARGET\n value: \"World\"\n
Execute the following command for testing, and you can observe the scaling of the Pods by using kubectl get pods -A -w
.
wrk -t2 -c4 -d6s http://hello.knative-serving.knative.daocloud.io/\n
"},{"location":"en/admin/kpanda/scale/knative/playground.html#case-3-based-on-concurrent-elastic-scaling-scale-out-in-advance-to-reach-a-specific-ratio","title":"Case 3 - Based on concurrent elastic scaling, scale out in advance to reach a specific ratio.","text":"You can easily achieve this, for example, by limiting the concurrency to 10 per container. This can be implemented through autoscaling.knative.dev/target-utilization-percentage: 70
, starting to scale out the Pods when 70% is reached.
apiVersion: serving.knative.dev/v1\nkind: Service\nmetadata:\n name: hello\nspec:\n template:\n metadata:\n annotations:\n autoscaling.knative.dev/target: \"10\"\n autoscaling.knative.dev/class: \"kpa.autoscaling.knative.dev\"\n \u00a0 \u00a0 \u00a0 \u00a0autoscaling.knative.dev/target-utilization-percentage: \"70\" \n \u00a0 \u00a0 \u00a0 \u00a0autoscaling.knative.dev/metric: \"concurrency\"\n \u00a0 \u00a0 spec:\n containers:\n - image: m.daocloud.io/ghcr.io/knative/helloworld-go:latest\n ports:\n - containerPort: 8080\n env:\n - name: TARGET\n value: \"World\"\n
"},{"location":"en/admin/kpanda/scale/knative/playground.html#case-4-canary-releasetraffic-percentage","title":"Case 4 - Canary Release/Traffic Percentage","text":"You can control the distribution of traffic to each version through spec.traffic
.
apiVersion: serving.knative.dev/v1\nkind: Service\nmetadata:\n name: hello\nspec:\n template:\n metadata:\n annotations:\n autoscaling.knative.dev/target: \"1\" \n autoscaling.knative.dev/class: \"kpa.autoscaling.knative.dev\" \n spec:\n containers:\n - image: m.daocloud.io/ghcr.io/knative/helloworld-go:latest\n ports:\n - containerPort: 8080\n env:\n - name: TARGET\n value: \"World\"\n traffic:\n - latestRevision: true\n percent: 50\n - latestRevision: false\n percent: 50\n revisionName: hello-00001\n
"},{"location":"en/admin/kpanda/scale/knative/scene.html","title":"Use Cases","text":""},{"location":"en/admin/kpanda/scale/knative/scene.html#suitable-cases","title":"Suitable Cases","text":"AI platform Container Management provides three types of security scans:
The object of compliance scanning is the cluster node. The scan result lists the scan items and results and provides repair suggestions for any failed scan items. For specific security rules used during scanning, refer to the CIS Kubernetes Benchmark.
The focus of the scan varies when checking different types of nodes.
Scan the control plane node (Controller)
Scan worker nodes
Tip
To use compliance scanning, you need to create a scan configuration first, and then create a scan policy based on that configuration. After executing the scan policy, you can view the scan report.
"},{"location":"en/admin/kpanda/security/index.html#authorization-scan","title":"Authorization Scan","text":"Authorization scanning focuses on security vulnerabilities caused by authorization issues. Authorization scans can help users identify security threats in Kubernetes clusters, identify which resources need further review and protection measures. By performing these checks, users can gain a clearer and more comprehensive understanding of their Kubernetes environment and ensure that the cluster environment meets Kubernetes' best practices and security standards.
Specifically, authorization scanning supports the following operations:
Scans the health status of all nodes in the cluster.
Scans the running state of components in the cluster, such as kube-apiserver , kube-controller-manager , kube-scheduler , etc.
Scans security configurations: Check Kubernetes' security configuration.
Provides warnings and suggestions: Security best practices that cluster administrators should perform, such as regularly rotating certificates, using strong passwords, restricting network access, etc.
Tip
To use authorization scanning, you need to create a scan policy first. After executing the scan policy, you can view the scan report. For details, refer to Security Scanning.
"},{"location":"en/admin/kpanda/security/index.html#vulnerability-scan","title":"Vulnerability Scan","text":"Vulnerability scanning focuses on scanning potential malicious attacks and security vulnerabilities, such as remote code execution, SQL injection, XSS attacks, and some attacks specific to Kubernetes. The final scan report lists the security vulnerabilities in the cluster and provides repair suggestions.
Tip
To use vulnerability scanning, you need to create a scan policy first. After executing the scan policy, you can view the scan report. For details, refer to Vulnerability Scan.
"},{"location":"en/admin/kpanda/security/audit.html","title":"Permission Scan","text":"To use the Permission Scan feature, you need to create a scan policy first. After executing the policy, a scan report will be automatically generated for viewing.
"},{"location":"en/admin/kpanda/security/audit.html#create-a-scan-policy","title":"Create a Scan Policy","text":"On the left navigation bar of the homepage in the Container Management module, click Security Management .
Click Permission Scan on the left navigation bar, then click the Scan Policy tab and click Create Scan Policy on the right.
Fill in the configuration according to the following instructions, and then click OK .
Scan Type:
Number of Scan Reports to Keep: Set the maximum number of scan reports to be kept. When the specified retention quantity is exceeded, delete from the earliest report.
After creating a scan policy, you can update or delete it as needed.
Under the Scan Policy tab, click the \u2507 action button to the right of a configuration:
For periodic scan policies:
For one-time scan policies: Only support the Delete operation.
Under the Security Management -> Permission Scanning -> Scan Reports tab, click the report name.
Clicking Delete on the right of a report allows you to manually delete the report.
View the scan report content, including:
To use the Vulnerability Scan feature, you need to create a scan policy first. After executing the policy, a scan report will be automatically generated for viewing.
"},{"location":"en/admin/kpanda/security/hunter.html#create-a-scan-policy","title":"Create a Scan Policy","text":"On the left navigation bar of the homepage in the Container Management module, click Security Management .
Click Vulnerability Scan on the left navigation bar, then click the Scan Policy tab and click Create Scan Policy on the right.
Fill in the configuration according to the following instructions, and then click OK .
Scan Type:
Number of Scan Reports to Keep: Set the maximum number of scan reports to be kept. When the specified retention quantity is exceeded, delete from the earliest report.
After creating a scan policy, you can update or delete it as needed.
Under the Scan Policy tab, click the \u2507 action button to the right of a configuration:
For periodic scan policies:
For one-time scan policies: Only support the Delete operation.
Under the Security Management -> Vulnerability Scanning -> Scan Reports tab, click the report name.
Clicking Delete on the right of a report allows you to manually delete the report.
View the scan report content, including:
The first step in using CIS Scanning is to create a scan configuration. Based on the scan configuration, you can then create scan policies, execute scan policies, and finally view scan results.
"},{"location":"en/admin/kpanda/security/cis/config.html#create-a-scan-configuration","title":"Create a Scan Configuration","text":"The steps for creating a scan configuration are as follows:
Click Security Management in the left navigation bar of the homepage of the container management module.
By default, enter the Compliance Scanning page, click the Scan Configuration tab, and then click Create Scan Configuration in the upper-right corner.
Fill in the configuration name, select the configuration template, and optionally check the scan items, then click OK .
Scan Template: Currently, two templates are provided. The kubeadm template is suitable for general Kubernetes clusters. The daocloud template ignores scan items that are not applicable to AI platform based on the kubeadm template and the platform design of AI platform.
Under the scan configuration tab, clicking the name of a scan configuration displays the type of the configuration, the number of scan items, the creation time, the configuration template, and the specific scan items enabled for the configuration.
"},{"location":"en/admin/kpanda/security/cis/config.html#updatdelete-scan-configuration","title":"Updat/Delete Scan Configuration","text":"After a scan configuration has been successfully created, it can be updated or deleted according to your needs.
Under the scan configuration tab, click the \u2507 action button to the right of a configuration:
After creating a scan configuration, you can create a scan policy based on the configuration.
Under the Security Management -> Compliance Scanning page, click the Scan Policy tab on the right to create a scan policy.
Fill in the configuration according to the following instructions and click OK .
Scan Type:
Number of Scan Reports to Keep: Set the maximum number of scan reports to be kept. When the specified retention quantity is exceeded, delete from the earliest report.
After creating a scan policy, you can update or delete it as needed.
Under the Scan Policy tab, click the \u2507 action button to the right of a configuration:
For periodic scan policies:
For one-time scan policies: Only support the Delete operation.
After executing a scan policy, a scan report will be generated automatically. You can view the scan report online or download it to your local computer.
Download and View
Under the Security Management -> Compliance Scanning page, click the Scan Report tab, then click the \u2507 action button to the right of a report and select Download .
View Online
Clicking the name of a report allows you to view its content online, which includes:
A volume (PersistentVolume, PV) is a piece of storage in the cluster, which can be prepared in advance by the administrator, or dynamically prepared using a storage class (Storage Class). PV is a cluster resource, but it has an independent life cycle and will not be deleted when the Pod process ends. Mounting PVs to workloads can achieve data persistence for workloads. The PV holds the data directory that can be accessed by the containers in the Pod.
"},{"location":"en/admin/kpanda/storage/pv.html#create-volume","title":"Create volume","text":"Currently, there are two ways to create volumes: YAML and form. These two ways have their own advantages and disadvantages, and can meet the needs of different users.
There are fewer steps and more efficient creation through YAML, but the threshold requirement is high, and you need to be familiar with the YAML file configuration of the volume.
It is more intuitive and easier to create through the form, just fill in the proper values \u200b\u200baccording to the prompts, but the steps are more cumbersome.
Click the name of the target cluster in the cluster list, and then click Container Storage -> Volume (PV) -> Create with YAML in the left navigation bar.
Enter or paste the prepared YAML file in the pop-up box, and click OK at the bottom of the pop-up box.
Supports importing YAML files from local or downloading and saving filled files to local.
Click the name of the target cluster in the cluster list, and then click Container Storage -> Volume (PV) -> Create Volume (PV) in the left navigation bar.
Fill in the basic information.
Volume type: For a detailed introduction to volume types, refer to the official Kubernetes document Volumes.
Local: The local storage of the Node node is packaged into a PVC interface, and the container directly uses the PVC without paying attention to the underlying storage type. Local volumes do not support dynamic configuration of volumes, but support configuration of node affinity, which can limit which nodes can access the volume.
HostPath: Use files or directories on the file system of Node nodes as volumes, and do not support Pod scheduling based on node affinity.
Mount path: mount the volume to a specific directory in the container.
access mode:
Recycling policy:
Volume mode:
Node affinity:
Click the name of the target cluster in the cluster list, and then click Container Storage -> Volume (PV) in the left navigation bar.
On this page, you can view all volumes in the current cluster, as well as information such as the status, capacity, and namespace of each volume.
Supports sequential or reverse sorting according to the name, status, namespace, and creation time of volumes.
Click the name of a volume to view the basic configuration, StorageClass information, labels, comments, etc. of the volume.
By cloning a volume, a new volume can be recreated based on the configuration of the cloned volume.
Enter the clone page
On the volume list page, find the volume to be cloned, and select Clone under the operation bar on the right.
You can also click the name of the volume, click the operation button in the upper right corner of the details page and select Clone .
Use the original configuration directly, or modify it as needed, and click OK at the bottom of the page.
There are two ways to update volumes. Support for updating volumes via forms or YAML files.
Note
Only updating the alias, capacity, access mode, reclamation policy, label, and comment of the volume is supported.
On the volume list page, find the volume that needs to be updated, select Update under the operation bar on the right to update through the form, select Edit YAML to update through YAML.
Click the name of the volume to enter the details page of the volume, select Update in the upper right corner of the page to update through the form, select Edit YAML to update through YAML.
On the volume list page, find the data to be deleted, and select Delete in the operation column on the right.
You can also click the name of the volume, click the operation button in the upper right corner of the details page and select Delete .
"},{"location":"en/admin/kpanda/storage/pvc.html","title":"PersistentVolumeClaim (PVC)","text":"A persistent volume claim (PersistentVolumeClaim, PVC) expresses a user's request for storage. PVC consumes PV resources and claims a volume with a specific size and specific access mode. For example, the PV volume is required to be mounted in ReadWriteOnce, ReadOnlyMany or ReadWriteMany modes.
"},{"location":"en/admin/kpanda/storage/pvc.html#create-volume-statement","title":"Create volume statement","text":"Currently, there are two ways to create PersistentVolumeClaims: YAML and form. These two ways have their own advantages and disadvantages, and can meet the needs of different users.
There are fewer steps and more efficient creation through YAML, but the threshold requirement is high, and you need to be familiar with the YAML file configuration of the PersistentVolumeClaim.
It is more intuitive and easier to create through the form, just fill in the proper values \u200b\u200baccording to the prompts, but the steps are more cumbersome.
Click the name of the target cluster in the cluster list, and then click Container Storage -> PersistentVolumeClaim (PVC) -> Create with YAML in the left navigation bar.
Enter or paste the prepared YAML file in the pop-up box, and click OK at the bottom of the pop-up box.
Supports importing YAML files from local or downloading and saving filled files to local.
Click the name of the target cluster in the cluster list, and then click Container Storage -> PersistentVolumeClaim (PVC) -> Create PersistentVolumeClaim (PVC) in the left navigation bar.
Fill in the basic information.
Creation method: dynamically create a new volume claim in an existing StorageClass or volume, or create a new volume claim based on a snapshot of a volume claim.
The declared capacity of the volume cannot be modified when the snapshot is created, and can be modified after the creation is complete.
After selecting the creation method, select the desired StorageClass/volume/snapshot from the drop-down list.
access mode:
ReadWriteOnce, the PersistentVolumeClaim can be mounted by a node in read-write mode.
Click the name of the target cluster in the cluster list, and then click Container Storage -> PersistentVolumeClaim (PVC) in the left navigation bar.
On this page, you can view all PersistentVolumeClaims in the current cluster, as well as information such as the status, capacity, and namespace of each PersistentVolumeClaim.
Supports sorting in sequential or reverse order according to the declared name, status, namespace, and creation time of the volume.
Click the name of the PersistentVolumeClaim to view the basic configuration, StorageClass information, labels, comments and other information of the PersistentVolumeClaim.
In the left navigation bar, click Container Storage -> PersistentVolumeClaim (PVC) , and find the PersistentVolumeClaim whose capacity you want to adjust.
Click the name of the PersistentVolumeClaim, and then click the operation button in the upper right corner of the page and select Expansion .
Enter the target capacity and click OK .
By cloning a volume claim, a new volume claim can be recreated based on the configuration of the cloned volume claim.
Enter the clone page
On the PersistentVolumeClaim list page, find the PersistentVolumeClaim that needs to be cloned, and select Clone under the operation bar on the right.
You can also click the name of the PersistentVolumeClaim, click the operation button in the upper right corner of the details page and select Clone .
Use the original configuration directly, or modify it as needed, and click OK at the bottom of the page.
There are two ways to update volume claims. Support for updating volume claims via form or YAML file.
Note
Only aliases, labels, and annotations for volume claims are updated.
On the volume list page, find the PersistentVolumeClaim that needs to be updated, select Update in the operation bar on the right to update it through the form, and select Edit YAML to update it through YAML.
Click the name of the PersistentVolumeClaim, enter the details page of the PersistentVolumeClaim, select Update in the upper right corner of the page to update through the form, select Edit YAML to update through YAML.
On the PersistentVolumeClaim list page, find the data to be deleted, and select Delete in the operation column on the right.
You can also click the name of the volume statement, click the operation button in the upper right corner of the details page and select Delete .
"},{"location":"en/admin/kpanda/storage/pvc.html#common-problem","title":"common problem","text":"If there is no optional StorageClass or volume in the list, you can Create a StorageClass or Create a volume.
If there is no optional snapshot in the list, you can enter the details page of the PersistentVolumeClaim and create a snapshot in the upper right corner.
If the StorageClass (SC) used by the PersistentVolumeClaim is not enabled for snapshots, snapshots cannot be made, and the page will not display the \"Make Snapshot\" option.
The AI platform container management module supports sharing a StorageClass with multiple namespaces to improve resource utilization efficiency.
Find the StorageClass that needs to be shared in the StorageClass list, and click Authorize Namespace under the operation bar on the right.
Click Custom Namespace to select which namespaces this StorageClass needs to be shared to one by one.
A StorageClass refers to a large storage resource pool composed of many physical disks. This platform supports the creation of block StorageClass, local StorageClass, and custom StorageClass after accessing various storage vendors, and then dynamically configures volumes for workloads.
"},{"location":"en/admin/kpanda/storage/sc.html#create-storageclass-sc","title":"Create StorageClass (SC)","text":"Currently, it supports creating StorageClass through YAML and forms. These two methods have their own advantages and disadvantages, and can meet the needs of different users.
There are fewer steps and more efficient creation through YAML, but the threshold requirement is high, and you need to be familiar with the YAML file configuration of the StorageClass.
It is more intuitive and easier to create through the form, just fill in the proper values \u200b\u200baccording to the prompts, but the steps are more cumbersome.
Click the name of the target cluster in the cluster list, and then click Container Storage -> StorageClass (SC) -> Create with YAML in the left navigation bar.
Enter or paste the prepared YAML file in the pop-up box, and click OK at the bottom of the pop-up box.
Supports importing YAML files from local or downloading and saving filled files to local.
Click the name of the target cluster in the cluster list, and then click Container Storage -> StorageClass (SC) -> Create StorageClass (SC) in the left navigation bar.
Fill in the basic information and click OK at the bottom.
CUSTOM STORAGE SYSTEM
CSI storage driver: A standard Kubernetes-based container storage interface plug-in, which must comply with the format specified by the storage manufacturer, such as rancher.io/local-path .
HwameiStor storage system
lvm.hwameistor.io
.hdd.hwameistor.io
.On the StorageClass list page, find the StorageClass that needs to be updated, and select Edit under the operation bar on the right to update the StorageClass.
Info
Select View YAML to view the YAML file of the StorageClass, but editing is not supported.
"},{"location":"en/admin/kpanda/storage/sc.html#delete-storageclass-sc","title":"Delete StorageClass (SC)","text":"On the StorageClass list page, find the StorageClass to be deleted, and select Delete in the operation column on the right.
"},{"location":"en/admin/kpanda/workloads/create-cronjob.html","title":"Create CronJob","text":"This page introduces how to create a CronJob through images and YAML files.
CronJobs are suitable for performing periodic operations, such as backup and report generation. These jobs can be configured to repeat periodically (for example: daily/weekly/monthly), and the time interval at which the job starts to run can be defined.
"},{"location":"en/admin/kpanda/workloads/create-cronjob.html#prerequisites","title":"Prerequisites","text":"Before creating a CronJob, the following prerequisites need to be met:
In the Container Management module Integrate Kubernetes Cluster or Create Kubernetes Cluster, and can access the cluster UI interface.
Create a namespace and a user.
The current operating user should have NS Editor or higher permissions, for details, refer to Namespace Authorization.
When there are multiple containers in a single instance, please make sure that the ports used by the containers do not conflict, otherwise the deployment will fail.
Refer to the following steps to create a CronJob using the image.
Click Clusters on the left navigation bar, and then click the name of the target cluster to enter the cluster details page.
On the cluster details page, click Workloads -> CronJobs in the left navigation bar, and then click the Create by Image button in the upper right corner of the page.
Fill in Basic Information, Container Settings, CronJob Settings, Advanced Configuration, click OK in the lower right corner of the page to complete the creation.
The system will automatically return to the CronJobs list. Click \u2507 on the right side of the list to perform operations such as updating, deleting, and restarting the CronJob.
On the Create CronJobs page, enter the information according to the table below, and click Next .
Container setting is divided into six parts: basic information, life cycle, health check, environment variables, data storage, and security settings. Click the tab below to view the requirements of each part.
Container setting is only configured for a single container. To add multiple containers to a pod, click + on the right to add multiple containers.
Basic information (required)Lifecycle (optional)Health Check (optional)Environment variables (optional)Data storage (optional)Security settings (optional)
When configuring container-related parameters, you must correctly fill in the container name and image parameters, otherwise you will not be able to proceed to the next step. After filling in the configuration with reference to the following requirements, click OK .
GPU Exclusive: Configure the GPU usage for the container, only positive integers are supported. The GPU quota setting supports setting exclusive use of the entire GPU or part of the vGPU for the container. For example, for an 8-core GPU, enter the number 8 to let the container exclusively use the entire length of the card, and enter the number 1 to configure a 1-core vGPU for the container.
Before setting exclusive GPU, the administrator needs to install the GPU and driver plug-in on the cluster nodes in advance, and enable the GPU feature in Cluster Settings.
Set the commands that need to be executed when the container starts, after starting, and before stopping. For details, refer to Container Lifecycle Configuration.
It is used to judge the health status of containers and applications, which helps to improve the availability of applications. For details, refer to Container Health Check Configuration.
Configure container parameters within the Pod, add environment variables or pass configuration to the Pod, etc. For details, refer to Container environment variable configuration.
Configure the settings for container mounting volumes and data persistence. For details, refer to Container Data Storage Configuration.
Containers are securely isolated through Linux's built-in account authority isolation mechanism. You can limit container permissions by using account UIDs (digital identity tokens) with different permissions. For example, enter 0 to use the privileges of the root account.
"},{"location":"en/admin/kpanda/workloads/create-cronjob.html#cronjob-settings","title":"CronJob Settings","text":"Concurrency Policy: Whether to allow multiple Job jobs to run in parallel.
The above rules only apply to multiple jobs created by the same CronJob. Multiple jobs created by multiple CronJobs are always allowed to run concurrently.
Policy Settings: Set the time period for job execution based on minutes, hours, days, weeks, and months. Support custom Cron expressions with numbers and *
, after inputting the expression, the meaning of the current expression will be prompted. For detailed expression syntax rules, refer to Cron Schedule Syntax.
Configure Service for the statefulset, so that the statefulset can be accessed externally.
Click the Create Service button.
Refer to Create Service to configure service parameters.
Click OK and click Next .
The advanced configuration of CronJobs mainly involves labels and annotations.
You can click the Add button to add labels and annotations to the workload instance Pod.
"},{"location":"en/admin/kpanda/workloads/create-cronjob.html#create-from-yaml","title":"Create from YAML","text":"In addition to mirroring, you can also create timed jobs more quickly through YAML files.
Click Clusters on the left navigation bar, and then click the name of the target cluster to enter the cluster details page.
On the cluster details page, click Workloads -> CronJobs in the left navigation bar, and then click the Create from YAML button in the upper right corner of the page.
Enter or paste the YAML file prepared in advance, click OK to complete the creation.
apiVersion: batch/v1\nkind: CronJob\nmetadata:\n creationTimestamp: '2022-12-26T09:45:47Z'\n generation: 1\n name: demo\n namespace: default\n resourceVersion: '92726617'\n uid: d030d8d7-a405-4dcd-b09a-176942ef36c9\nspec:\n concurrencyPolicy: Allow\n failedJobsHistoryLimit: 1\n jobTemplate:\n metadata:\n creationTimestamp: null\n spec:\n activeDeadlineSeconds: 360\n backoffLimit: 6\n template:\n metadata:\n creationTimestamp: null\n spec:\n containers:\n - image: nginx\n imagePullPolicy: IfNotPresent\n lifecycle: {}\n name: container-3\n resources:\n limits:\n cpu: 250m\n memory: 512Mi\n requests:\n cpu: 250m\n memory: 512Mi\n securityContext:\n privileged: false\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n dnsPolicy: ClusterFirst\n restartPolicy: Never\n schedulerName: default-scheduler\n securityContext: {}\n terminationGracePeriodSeconds: 30\n schedule: 0 0 13 * 5\n successfulJobsHistoryLimit: 3\n suspend: false\nstatus: {}\n
"},{"location":"en/admin/kpanda/workloads/create-daemonset.html","title":"Create DaemonSet","text":"This page introduces how to create a daemonSet through image and YAML files.
DaemonSet is connected to taint through node affinity feature ensures that a replica of a Pod is running on all or some of the nodes. For nodes that newly joined the cluster, DaemonSet automatically deploys the proper Pod on the new node and tracks the running status of the Pod. When a node is removed, the DaemonSet deletes all Pods it created.
Common cases for daemons include:
For simplicity, a DaemonSet can be started on each node for each type of daemon. For finer and more advanced daemon management, you can also deploy multiple DaemonSets for the same daemon. Each DaemonSet has different flags and has different memory, CPU requirements for different hardware types.
"},{"location":"en/admin/kpanda/workloads/create-daemonset.html#prerequisites","title":"Prerequisites","text":"Before creating a DaemonSet, the following prerequisites need to be met:
In the Container Management module Integrate Kubernetes Cluster or Create Kubernetes Cluster, and can access the cluster UI interface.
Create a namespace and a user.
The current operating user should have NS Editor or higher permissions, for details, refer to Namespace Authorization.
When there are multiple containers in a single instance, please make sure that the ports used by the containers do not conflict, otherwise the deployment will fail.
Refer to the following steps to create a daemon using the image.
Click Clusters on the left navigation bar, and then click the name of the target cluster to enter the cluster details page.
On the cluster details page, click Workloads -> DaemonSets in the left navigation bar, and then click the Create by Image button in the upper right corner of the page.
Fill in Basic Information, Container Settings, Service Settings, Advanced Settings, click OK in the lower right corner of the page to complete the creation.
The system will automatically return the list of DaemonSets . Click \u2507 on the right side of the list to perform operations such as updating, deleting, and restarting the DaemonSet.
On the Create DaemonSets page, after entering the information according to the table below, click Next .
Container setting is divided into six parts: basic information, life cycle, health check, environment variables, data storage, and security settings. Click the tab below to view the requirements of each part.
Container setting is only configured for a single container. To add multiple containers to a pod, click + on the right to add multiple containers.
Basic information (required)Lifecycle (optional)Health Check (optional)Environment variables (optional)Data storage (optional)Security settings (optional)When configuring container-related parameters, you must correctly fill in the container name and image parameters, otherwise you will not be able to proceed to the next step. After filling in the settings with reference to the following requirements, click OK .
GPU Exclusive: Configure the GPU usage for the container, only positive integers are supported. The GPU quota setting supports setting exclusive use of the entire GPU or part of the vGPU for the container. For example, for an 8-core GPU, enter the number 8 to let the container exclusively use the entire length of the card, and enter the number 1 to configure a 1-core vGPU for the container.
Before setting exclusive GPU, the administrator needs to install the GPU and driver plug-in on the cluster nodes in advance, and enable the GPU feature in Cluster Settings.
Set the commands that need to be executed when the container starts, after starting, and before stopping. For details, refer to Container Lifecycle Configuration.
It is used to judge the health status of containers and applications, which helps to improve the availability of applications. For details, refer to Container Health Check Configuration.
Configure container parameters within the Pod, add environment variables or pass settings to the Pod, etc. For details, refer to Container environment variable settings.
Configure the settings for container mounting volumes and data persistence. For details, refer to Container Data Storage Configuration.
Containers are securely isolated through Linux's built-in account authority isolation mechanism. You can limit container permissions by using account UIDs (digital identity tokens) with different permissions. For example, enter 0 to use the privileges of the root account.
"},{"location":"en/admin/kpanda/workloads/create-daemonset.html#service-settings","title":"Service settings","text":"Create a Service (Service) for the daemon, so that the daemon can be accessed externally.
Click the Create Service button.
Configure service parameters, refer to Create Service for details.
Click OK and click Next .
Advanced setting includes four parts: load network settings, upgrade policy, scheduling policy, label and annotation. You can click the tabs below to view the requirements of each part.
Network ConfigurationUpgrade PolicyScheduling PoliciesLabels and AnnotationsIn some cases, the application will have redundant DNS queries. Kubernetes provides DNS-related settings options for applications, which can effectively reduce redundant DNS queries and increase business concurrency in certain cases.
DNS Policy
Nameservers: fill in the address of the domain name server, such as 10.6.175.20 .
For details, refer to Scheduling Policy.
You can click the Add button to add tags and annotations to workloads and pods.
"},{"location":"en/admin/kpanda/workloads/create-daemonset.html#create-from-yaml","title":"Create from YAML","text":"In addition to image, you can also create daemons more quickly through YAML files.
Click Clusters on the left navigation bar, and then click the name of the target cluster to enter the Cluster Details page.
On the cluster details page, click Workload -> Daemons in the left navigation bar, and then click the YAML Create button in the upper right corner of the page.
Enter or paste the YAML file prepared in advance, click OK to complete the creation.
kind: DaemonSet\n apiVersion: apps/v1\n metadata:\n name: hwameistor-local-disk-manager\n namespace: hwameistor\n uid: ccbdc098-7de3-4a8a-96dd-d1cee159c92b\n resourceVersion: '90999552'\n generation: 1\n creationTimestamp: '2022-12-15T09:03:44Z'\n labels:\n app.kubernetes.io/managed-by: Helm\n annotations:\n deprecated.DaemonSet.template.generation: '1'\n meta.helm.sh/release-name: hwameistor\n meta.helm.sh/release-namespace:hwameistor\n spec:\n selector:\n matchLabels:\n app: hwameistor-local-disk-manager\n template:\n metadata:\n creationTimestamp: null\n labels:\n app: hwameistor-local-disk-manager\n spec:\n volumes:\n - name: udev\n hostPath:\n path: /run/udev\n type: Directory\n - name: procmount\n hostPath:\n path: /proc\n type: Directory\n - name: devmount\n hostPath:\n path: /dev\n type: Directory\n - name: socket-dir\n hostPath:\n path: /var/lib/kubelet/plugins/disk.hwameistor.io\n type: DirectoryOrCreate\n - name: registration-dir\n hostPath:\n path: /var/lib/kubelet/plugins_registry/\n type: Directory\n - name: plugin-dir\n hostPath:\n path: /var/lib/kubelet/plugins\n type: DirectoryOrCreate\n - name: pods-mount-dir\n hostPath:\n path: /var/lib/kubelet/pods\n type: DirectoryOrCreate\n containers:\n - name: registrar\n image: k8s-gcr.m.daocloud.io/sig-storage/csi-node-driver-registrar:v2.5.0\n args:\n - '--v=5'\n - '--csi-address=/csi/csi.sock'\n - >-\n --kubelet-registration-path=/var/lib/kubelet/plugins/disk.hwameistor.io/csi.sock\n env:\n - name: KUBE_NODE_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: spec.nodeName\n resources: {}\n volumeMounts:\n - name: socket-dir\n mountPath: /csi\n - name: registration-dir\n mountPath: /registration\n lifecycle:\n preStop:\n exec:\n command:\n - /bin/sh\n - '-c'\n - >-\n rm -rf /registration/disk.hwameistor.io\n /registration/disk.hwameistor.io-reg.sock\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: IfNotPresent\n -name: managerimage: ghcr.m.daocloud.io/hwameistor/local-disk-manager:v0.6.1\n command:\n - /local-disk-manager\n args:\n - '--endpoint=$(CSI_ENDPOINT)'\n - '--nodeid=$(NODENAME)'\n - '--csi-enable=true'\n env:\n - name: CSI_ENDPOINT\n value: unix://var/lib/kubelet/plugins/disk.hwameistor.io/csi.sock\n - name: NAMESPACE\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n - name: WATCH_NAMESPACE\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n - name: POD_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.name\n - name: NODENAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: spec.nodeName\n - name: OPERATOR_NAME\n value: local-disk-manager\n resources: {}\n volumeMounts:\n - name: udev\n mountPath: /run/udev\n - name: procmount\n readOnly: true\n mountPath: /host/proc\n - name: devmount\n mountPath: /dev\n - name: registration-dir\n mountPath: /var/lib/kubelet/plugins_registry\n - name: plugin-dir\n mountPath: /var/lib/kubelet/plugins\n mountPropagation: Bidirectional\n - name: pods-mount-dir\n mountPath: /var/lib/kubelet/pods\n mountPropagation: Bidirectional\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: IfNotPresent\n securityContext:\n privileged: true\n restartPolicy: Always\n terminationGracePeriodSeconds: 30\n dnsPolicy: ClusterFirst\n serviceAccountName: hwameistor-admin\n serviceAccount: hwameistor-admin\n hostNetwork: true\n hostPID: true\n securityContext: {}\n schedulerName: default-scheduler\n tolerations:\n - key: CriticalAddonsOnly\n operator: Exists\n - key: node.kubernetes.io/not-ready\n operator: Exists\n effect: NoSchedule\n - key: node-role.kubernetes.io/master\n operator: Exists\n effect: NoSchedule\n - key: node-role.kubernetes.io/control-plane\n operator: Exists\n effect: NoSchedule\n - key: node.cloudprovider.kubernetes.io/uninitialized\n operator: Exists\n effect: NoSchedule\n updateStrategy:\n type: RollingUpdate\n rollingUpdate:\n maxUnavailable: 1\n maxSurge: 0\n revisionHistoryLimit: 10\nstatus:\n currentNumberScheduled: 4\n numberMisscheduled: 0\n desiredNumberScheduled: 4\n numberReady: 4\n observedGeneration: 1\n updatedNumberScheduled: 4\n numberAvailable: 4\n
"},{"location":"en/admin/kpanda/workloads/create-deployment.html","title":"Create Deployment","text":"This page describes how to create deployments through images and YAML files.
Deployment is a common resource in Kubernetes, mainly Pod and ReplicaSet provide declarative updates, support elastic scaling, rolling upgrades, and version rollbacks features. Declare the desired Pod state in the Deployment, and the Deployment Controller will modify the current state through the ReplicaSet to make it reach the pre-declared desired state. Deployment is stateless and does not support data persistence. It is suitable for deploying stateless applications that do not need to save data and can be restarted and rolled back at any time.
Through the container management module of AI platform, workloads on multicloud and multiclusters can be easily managed based on proper role permissions, including the creation of deployments, Full life cycle management such as update, deletion, elastic scaling, restart, and version rollback.
"},{"location":"en/admin/kpanda/workloads/create-deployment.html#prerequisites","title":"Prerequisites","text":"Before using image to create deployments, the following prerequisites need to be met:
In the Container Management module Integrate Kubernetes Cluster or Create Kubernetes Cluster, and can access the cluster UI interface.
Create a namespace and a user.
The current operating user should have NS Editor or higher permissions, for details, refer to Namespace Authorization.
When there are multiple containers in a single instance, please make sure that the ports used by the containers do not conflict, otherwise the deployment will fail.
Follow the steps below to create a deployment by image.
Click Clusters on the left navigation bar, and then click the name of the target cluster to enter the Cluster Details page.
On the cluster details page, click Workloads -> Deployments in the left navigation bar, and then click the Create by Image button in the upper right corner of the page.
Fill in Basic Information, Container Setting, Service Setting, Advanced Setting in turn, click OK in the lower right corner of the page to complete the creation.
The system will automatically return the list of Deployments . Click \u2507 on the right side of the list to perform operations such as update, delete, elastic scaling, restart, and version rollback on the load. If the workload status is abnormal, please check the specific abnormal information, refer to Workload Status.
Container setting is divided into six parts: basic information, life cycle, health check, environment variables, data storage, and security settings. Click the tab below to view the requirements of each part.
Container setting is only configured for a single container. To add multiple containers to a pod, click + on the right to add multiple containers.
Basic Information (Required)Lifecycle (optional)Health Check (optional)Environment variables (optional)Data storage (optional)Security settings (optional)When configuring container-related parameters, it is essential to correctly fill in the container name and image parameters; otherwise, you will not be able to proceed to the next step. After filling in the configuration according to the following requirements, click OK.
Work Container
. For information on init containers, see the [K8s Official Documentation] (https://kubernetes.io/docs/concepts/workloads/pods/init-containers/).Before setting the GPU, the administrator needs to pre-install the GPU and driver plugin on the cluster node and enable the GPU feature in the Cluster Settings.
Set the commands that need to be executed when the container starts, after starting, and before stopping. For details, refer to Container Lifecycle Setting.
It is used to judge the health status of containers and applications, which helps to improve the availability of applications. For details, refer to Container Health Check Setting.
Configure container parameters within the Pod, add environment variables or pass setting to the Pod, etc. For details, refer to Container environment variable setting.
Configure the settings for container mounting volumes and data persistence. For details, refer to Container Data Storage Setting.
Containers are securely isolated through Linux's built-in account authority isolation mechanism. You can limit container permissions by using account UIDs (digital identity tokens) with different permissions. For example, enter 0 to use the privileges of the root account.
"},{"location":"en/admin/kpanda/workloads/create-deployment.html#service-settings","title":"Service settings","text":"Configure Service for the deployment, so that the deployment can be accessed externally.
Click the Create Service button.
Refer to Create Service to configure service parameters.
Click OK and click Next .
Advanced setting includes four parts: Network Settings, Upgrade Policy, Scheduling Policies, Labels and Annotations. You can click the tabs below to view the setting requirements of each part.
Network SettingsUpgrade PolicyScheduling PoliciesLabels and AnnotationsIn some cases, the application will have redundant DNS queries. Kubernetes provides DNS-related setting options for applications, which can effectively reduce redundant DNS queries and increase business concurrency in certain cases.
DNS Policy
Nameservers: fill in the address of the domain name server, such as 10.6.175.20 .
For details, refer to Scheduling Policy.
You can click the Add button to add tags and annotations to workloads and pods.
"},{"location":"en/admin/kpanda/workloads/create-deployment.html#create-from-yaml","title":"Create from YAML","text":"In addition to image, you can also create deployments more quickly through YAML files.
Click Clusters on the left navigation bar, and then click the name of the target cluster to enter the Cluster Details page.
On the cluster details page, click Workloads -> Deployments in the left navigation bar, and then click the Create from YAML button in the upper right corner of the page.
Enter or paste the YAML file prepared in advance, click OK to complete the creation.
apiVersion: apps/v1\n kind: Deployment\n metadata:\n name: nginx-deployment\n spec:\n selector:\n matchLabels:\n app: nginx\n replicas: 2 # (1)!\n template:\n metadata:\n labels:\n app: nginx\n spec:\n containers:\n -name: nginx\n image: nginx:1.14.2\n ports:\n - containerPort: 80\n
This page introduces how to create a job through image and YAML file.
Job is suitable for performing one-time jobs. A Job creates one or more Pods, and the Job keeps retrying to run Pods until a certain number of Pods are successfully terminated. A Job ends when the specified number of Pods are successfully terminated. When a Job is deleted, all Pods created by the Job will be cleared. When a Job is paused, all active Pods in the Job are deleted until the Job is resumed. For more information about jobs, refer to Job.
"},{"location":"en/admin/kpanda/workloads/create-job.html#prerequisites","title":"Prerequisites","text":"In the Container Management module Integrate Kubernetes Cluster or Create Kubernetes Cluster, and can access the cluster UI interface.
Create a namespace and a user.
The current operating user should have NS Editor or higher permissions, for details, refer to Namespace Authorization.
When there are multiple containers in a single instance, please make sure that the ports used by the containers do not conflict, otherwise the deployment will fail.
Refer to the following steps to create a job using an image.
Click Clusters on the left navigation bar, and then click the name of the target cluster to enter the cluster details page.
On the cluster details page, click Workloads -> Jobs in the left navigation bar, and then click the Create by Image button in the upper right corner of the page.
Fill in Basic Information, Container Settings and Advanced Settings, click OK in the lower right corner of the page to complete the creation.
The system will automatically return to the job list. Click \u2507 on the right side of the list to perform operations such as updating, deleting, and restarting the job.
On the Create Jobs page, enter the basic information according to the table below, and click Next .
Container setting is divided into six parts: basic information, life cycle, health check, environment variables, data storage, and security settings. Click the tab below to view the setting requirements of each part.
Container settings is only configured for a single container. To add multiple containers to a pod, click + on the right to add multiple containers.
Basic information (required)Lifecycle (optional)Health Check (optional)Environment Variables (optional)Data Storage (optional)Security Settings (optional)When configuring container-related parameters, you must correctly fill in the container name and image parameters, otherwise you will not be able to proceed to the next step. After filling in the settings with reference to the following requirements, click OK .
Before setting exclusive GPU, the administrator needs to install the GPU and driver plug-in on the cluster nodes in advance, and enable the GPU feature in Cluster Settings.
Set the commands that need to be executed when the container starts, after starting, and before stopping. For details, refer to Container Lifecycle settings.
It is used to judge the health status of containers and applications, which helps to improve the availability of applications. For details, refer to Container Health Check settings.
Configure container parameters within the Pod, add environment variables or pass settings to the Pod, etc. For details, refer to Container environment variable settings.
Configure the settings for container mounting volumes and data persistence. For details, refer to Container Data Storage settings.
Containers are securely isolated through Linux's built-in account authority isolation mechanism. You can limit container permissions by using account UIDs (digital identity tokens) with different permissions. For example, enter 0 to use the privileges of the root account.
"},{"location":"en/admin/kpanda/workloads/create-job.html#advanced-settings","title":"Advanced settings","text":"Advanced setting includes job settings, labels and annotations.
Job SettingsLabels and AnnotationsYou can click the Add button to add labels and annotations to the workload instance Pod.
"},{"location":"en/admin/kpanda/workloads/create-job.html#create-from-yaml","title":"Create from YAML","text":"In addition to image, creation jobs can also be created more quickly through YAML files.
Click Clusters on the left navigation bar, and then click the name of the target cluster to enter the cluster details page.
On the cluster details page, click Workloads -> Jobs in the left navigation bar, and then click the Create from YAML button in the upper right corner of the page.
Enter or paste the YAML file prepared in advance, click OK to complete the creation.
kind: Job\napiVersion: batch/v1\nmetadata:\n name: demo\n namespace: default\n uid: a9708239-0358-4aa1-87d3-a092c080836e\n resourceVersion: '92751876'\n generation: 1\n creationTimestamp: '2022-12-26T10:52:22Z'\n labels:\n app: demo\n controller-uid: a9708239-0358-4aa1-87d3-a092c080836e\n job-name: demo\n annotations:\n revisions: >-\n {\"1\":{\"status\":\"running\",\"uid\":\"a9708239-0358-4aa1-87d3-a092c080836e\",\"start-time\":\"2022-12-26T10:52:22Z\",\"completion-time\":\"0001-01-01T00:00:00Z\"}}\nspec:\n parallelism: 1\n backoffLimit: 6\n selector:\n matchLabels:\n controller-uid: a9708239-0358-4aa1-87d3-a092c080836e\n template:\n metadata:\n creationTimestamp: null\n labels:\n app: demo\n controller-uid: a9708239-0358-4aa1-87d3-a092c080836e\n job-name: demo\n spec:\n containers:\n - name: container-4\n image: nginx\n resources:\n limits:\n cpu: 250m\n memory: 512Mi\n requests:\n cpu: 250m\n memory: 512Mi\n lifecycle: {}\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: IfNotPresent\n securityContext:\n privileged: false\n restartPolicy: Never\n terminationGracePeriodSeconds: 30\n dnsPolicy: ClusterFirst\n securityContext: {}\n schedulerName: default-scheduler\n completionMode: NonIndexed\n suspend: false\nstatus:\n startTime: '2022-12-26T10:52:22Z'\n active: 1\n
"},{"location":"en/admin/kpanda/workloads/create-statefulset.html","title":"Create StatefulSet","text":"This page describes how to create a StatefulSet through image and YAML files.
StatefulSet is a common resource in Kubernetes, and Deployment, mainly used to manage the deployment and scaling of Pod collections. The main difference between the two is that Deployment is stateless and does not save data, while StatefulSet is stateful and is mainly used to manage stateful applications. In addition, Pods in a StatefulSet have a persistent ID, which makes it easy to identify the proper Pod when matching storage volumes.
Through the container management module of AI platform, workloads on multicloud and multiclusters can be easily managed based on proper role permissions, including the creation of StatefulSets, update, delete, elastic scaling, restart, version rollback and other full life cycle management.
"},{"location":"en/admin/kpanda/workloads/create-statefulset.html#prerequisites","title":"Prerequisites","text":"Before using image to create StatefulSets, the following prerequisites need to be met:
In the Container Management module Integrate Kubernetes Cluster or Create Kubernetes Cluster, and can access the cluster UI interface.
Create a namespace and a user.
The current operating user should have NS Editor or higher permissions, for details, refer to Namespace Authorization.
When there are multiple containers in a single instance, please make sure that the ports used by the containers do not conflict, otherwise the deployment will fail.
Follow the steps below to create a statefulSet using image.
Click Clusters on the left navigation bar, then click the name of the target cluster to enter Cluster Details.
Click Workloads -> StatefulSets in the left navigation bar, and then click the Create by Image button in the upper right corner.
Fill in Basic Information, Container Settings, Service Settings, Advanced Settings, click OK in the lower right corner of the page to complete the creation.
The system will automatically return to the list of StatefulSets , and wait for the status of the workload to become running . If the workload status is abnormal, refer to Workload Status for specific exception information.
Click \u2507 on the right side of the New Workload column to perform operations such as update, delete, elastic scaling, restart, and version rollback on the workload.
Container setting is divided into six parts: basic information, life cycle, health check, environment variables, data storage, and security settings. Click the tab below to view the requirements of each part.
Container settings is only configured for a single container. To add multiple containers to a pod, click + on the right to add multiple containers.
Basic information (required)Lifecycle (optional)Health Check (optional)Environment Variables (optional)Data Storage (optional)Security Settings (optional)When configuring container-related parameters, you must correctly fill in the container name and image parameters, otherwise you will not be able to proceed to the next step. After filling in the settings with reference to the following requirements, click OK .
Before setting exclusive GPU, the administrator needs to install the GPU and driver plug-in on the cluster nodes in advance, and enable the GPU feature in Cluster Settings.
Set the commands that need to be executed when the container starts, after starting, and before stopping. For details, refer to Container Lifecycle Configuration.
Used to judge the health status of containers and applications. Helps improve app usability. For details, refer to Container Health Check Configuration.
Configure container parameters within the Pod, add environment variables or pass settings to the Pod, etc. For details, refer to Container environment variable settings.
Configure the settings for container mounting volumes and data persistence. For details, refer to Container Data Storage Configuration.
Containers are securely isolated through Linux's built-in account authority isolation mechanism. You can limit container permissions by using account UIDs (digital identity tokens) with different permissions. For example, enter 0 to use the privileges of the root account.
"},{"location":"en/admin/kpanda/workloads/create-statefulset.html#service-settings","title":"Service settings","text":"Configure Service (Service) for the statefulset, so that the statefulset can be accessed externally.
Click the Create Service button.
Refer to Create Service to configure service parameters.
Click OK and click Next .
Advanced setting includes four parts: load network settings, upgrade policy, scheduling policy, label and annotation. You can click the tabs below to view the requirements of each part.
Network ConfigurationUpgrade PolicyContainer Management PoliciesScheduling PoliciesLabels and AnnotationsIn some cases, the application will have redundant DNS queries. Kubernetes provides DNS-related settings options for applications, which can effectively reduce redundant DNS queries and increase business concurrency in certain cases.
DNS Policy
Nameservers: fill in the address of the domain name server, such as 10.6.175.20 .
Kubernetes v1.7 and later versions can set Pod management policies through .spec.podManagementPolicy , which supports the following two methods:
OrderedReady : The default Pod management policy, which means that Pods are deployed in order. Only after the deployment of the previous Pod is successfully completed, the statefulset will start to deploy the next Pod. Pods are deleted in reverse order, with the last created being deleted first.
Parallel : Create or delete containers in parallel, just like Pods of the Deployment type. The StatefulSet controller starts or terminates all containers in parallel. There is no need to wait for a Pod to enter the Running and ready state or to stop completely before starting or terminating other Pods. This option only affects the behavior of scaling operations, not the order of updates.
For details, refer to Scheduling Policy.
You can click the Add button to add tags and annotations to workloads and pods.
"},{"location":"en/admin/kpanda/workloads/create-statefulset.html#create-from-yaml","title":"Create from YAML","text":"In addition to image, you can also create statefulsets more quickly through YAML files.
Click Clusters on the left navigation bar, and then click the name of the target cluster to enter the Cluster Details page.
On the cluster details page, click Workloads -> StatefulSets in the left navigation bar, and then click the Create from YAML button in the upper right corner of the page.
Enter or paste the YAML file prepared in advance, click OK to complete the creation.
kind: StatefulSet\n apiVersion: apps/v1\n metadata:\n name: test-mysql-123-mysql\n namespace: default\n uid: d3f45527-a0ab-4b22-9013-5842a06f4e0e\n resourceVersion: '20504385'\n generation: 1\n creationTimestamp: '2022-09-22T09:34:10Z'\n ownerReferences:\n - apiVersion: mysql.presslabs.org/v1alpha1\n kind: MysqlCluster\n name: test-mysql-123\n uid: 5e877cc3-5167-49da-904e-820940cf1a6d\n controller: true\n blockOwnerDeletion: true\n spec:\n replicas: 1\n selector:\n matchLabels:\n app.kubernetes.io/managed-by: mysql.presslabs.org\n app.kubernetes.io/name: mysql\n mysql.presslabs.org/cluster: test-mysql-123\n template:\n metadata:\n creationTimestamp: null\n labels:\n app.kubernetes.io/component: database\n app.kubernetes.io/instance: test-mysql-123\n app.kubernetes.io/managed-by: mysql.presslabs.org\n app.kubernetes.io/name: mysql\n app.kubernetes.io/version: 5.7.31\n mysql.presslabs.org/cluster: test-mysql-123\n annotations:\n config_rev: '13941099'\n prometheus.io/port: '9125'\n prometheus.io/scrape: 'true'\n secret_rev: '13941101'\n spec:\n volumes:\n -name: conf\n emptyDir: {}\n - name: init-scripts\n emptyDir: {}\n - name: config-map\n configMap:\n name: test-mysql-123-mysql\n defaultMode: 420\n - name: data\n persistentVolumeClaim:\n claimName: data\n initContainers:\n -name: init\n image: docker.m.daocloud.io/bitpoke/mysql-operator-sidecar-5.7:v0.6.1\n args:\n - clone-and-init\n envFrom:\n - secretRef:\n name: test-mysql-123-mysql-operated\n env:\n - name: MY_NAMESPACE\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n - name: MY_POD_NAME\n valueFrom:\n fieldRef:apiVersion: v1\n fieldPath: metadata.name\n - name: MY_POD_IP\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: status.podIP\n - name: MY_SERVICE_NAME\n value: mysql\n - name: MY_CLUSTER_NAME\n value: test-mysql-123\n - name: MY_FQDN\n value: $(MY_POD_NAME).$(MY_SERVICE_NAME).$(MY_NAMESPACE)\n - name: MY_MYSQL_VERSION\n value: 5.7.31\n - name: BACKUP_USER\n valueFrom:\n secretKeyRef:\n name: test-mysql-123-mysql-operated\n key: BACKUP_USER\n optional: true\n - name: BACKUP_PASSWORD\n valueFrom:\n secretKeyRef:\n name: test-mysql-123-mysql-operated\n key: BACKUP_PASSWORD\n optional: true\n resources: {}\n volumeMounts:\n - name: conf\n mountPath: /etc/mysql\n - name: config-map\n mountPath: /mnt/conf\n - name: data\n mountPath: /var/lib/mysql\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: IfNotPresent\n containers:\n - name: mysql\n image: docker.m.daocloud.io/mysql:5.7.31\n ports:\n - name: mysql\n containerPort: 3306\n protocol: TCP\n env:\n - name: MY_NAMESPACE\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n - name: MY_POD_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.name\n - name: MY_POD_IP\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: status.podIP\n - name: MY_SERVICE_NAME\n value: mysql\n - name: MY_CLUSTER_NAME\n value: test-mysql-123\n - name: MY_FQDN\n value: $(MY_POD_NAME).$(MY_SERVICE_NAME).$(MY_NAMESPACE)\n - name: MY_MYSQL_VERSION\n value: 5.7.31\n - name: ORCH_CLUSTER_ALIAS\n value: test-mysql-123.default\n - name: ORCH_HTTP_API\n value: http://mysql-operator.mcamel-system/api\n - name: MYSQL_ROOT_PASSWORD\n valueFrom:\n secretKeyRef:\n name: test-mysql-123-secret\n key: ROOT_PASSWORD\n optional: false\n - name: MYSQL_USER\n valueFrom:\n secretKeyRef:\n name: test-mysql-123-secret\n key: USER\n optional: true\n - name: MYSQL_PASSWORD\n valueFrom:\n secretKeyRef:\n name: test-mysql-123-secret\n key: PASSWORD\n optional: true\n - name: MYSQL_DATABASE\n valueFrom:\n secretKeyRef:\n name: test-mysql-123-secret\n key: DATABASE\n optional: true\n resources:\n limits:\n cpu: '1'\n memory: 1Gi\n requests:\n cpu: 100m\n memory: 512Mi\n volumeMounts:\n - name: conf\n mountPath: /etc/mysql\n - name: data\n mountPath: /var/lib/mysql\n livenessProbe:\n exec:\n command:\n - mysqladmin\n - '--defaults-file=/etc/mysql/client.conf'\n - ping\n initialDelaySeconds: 60\n timeoutSeconds: 5\n periodSeconds: 5\n successThreshold: 1\n failureThreshold: 3\n readinessProbe:\n exec:\n command:\n - /bin/sh\n - '-c'\n - >-\n test $(mysql --defaults-file=/etc/mysql/client.conf -NB -e\n 'SELECT COUNT(*) FROM sys_operator.status WHERE\n name=\"configured\" AND value=\"1\"') -eq 1\n initialDelaySeconds: 5\n timeoutSeconds: 5\n periodSeconds: 2\n successThreshold: 1\n failureThreshold: 3\n lifecycle:preStop:\n exec:\n command:\n - bash\n - /etc/mysql/pre-shutdown-ha.sh\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: IfNotPresent\n - name: sidecar\n image: docker.m.daocloud.io/bitpoke/mysql-operator-sidecar-5.7:v0.6.1\n args:\n - config-and-serve\n ports:\n - name: sidecar-http\n containerPort: 8080\n protocol: TCP\n envFrom:\n - secretRef:\n name: test-mysql-123-mysql-operated\n env:\n - name: MY_NAMESPACE\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n - name: MY_POD_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.name\n - name: MY_POD_IP\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: status.podIP\n - name: MY_SERVICE_NAME\n value: mysql\n - name: MY_CLUSTER_NAME\n value: test-mysql-123\n - name: MY_FQDN\n value: $(MY_POD_NAME).$(MY_SERVICE_NAME).$(MY_NAMESPACE)\n - name: MY_MYSQL_VERSION\n value: 5.7.31\n - name: XTRABACKUP_TARGET_DIR\n value: /tmp/xtrabackup_backupfiles/\n resources:\n limits:\n cpu: '1'\n memory: 1Gi\n requests:\n cpu: 10m\n memory: 64Mi\n volumeMounts:\n - name: conf\n mountPath: /etc/mysql\n - name: data\n mountPath: /var/lib/mysql\n readinessProbe:\n httpGet:\n path: /health\n port: 8080\n scheme: HTTP\n initialDelaySeconds: 30\n timeoutSeconds: 5\n periodSeconds: 5\n successThreshold: 1\n failureThreshold: 3\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: IfNotPresent\n - name: metrics-exporter\n image: prom/mysqld-exporter:v0.13.0\n args:\n - '--web.listen-address=0.0.0.0:9125'\n - '--web.telemetry-path=/metrics'\n - '--collect.heartbeat'\n - '--collect.heartbeat.database=sys_operator'\n ports:\n - name: prometheus\n containerPort: 9125\n protocol: TCP\n env:\n - name: MY_NAMESPACE\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n - name: MY_POD_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.name\n - name: MY_POD_IP\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: status.podIP\n - name: MY_SERVICE_NAME\n value: mysql\n - name: MY_CLUSTER_NAME\n value: test-mysql-123\n - name: MY_FQDN\n value: $(MY_POD_NAME).$(MY_SERVICE_NAME).$(MY_NAMESPACE)\n - name: MY_MYSQL_VERSION\n value: 5.7.31\n - name: USER\n valueFrom:\n secretKeyRef:\n name: test-mysql-123-mysql-operated\n key: METRICS_EXPORTER_USER\n optional: false\n - name: PASSWORD\n valueFrom:\n secretKeyRef:\n name: test-mysql-123-mysql-operated\n key: METRICS_EXPORTER_PASSWORD\n optional: false\n - name: DATA_SOURCE_NAME\n value: $(USER):$(PASSWORD)@(127.0.0.1:3306)/\n resources:\n limits:\n cpu: 100m\n memory: 128Mi\n requests:\n cpu: 10m\n memory: 32Mi\n livenessProbe:\n httpGet:\n path: /metrics\n port: 9125\n scheme: HTTP\n initialDelaySeconds: 30\n timeoutSeconds: 30\n periodSeconds: 30\n successThreshold: 1\n failureThreshold: 3\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: IfNotPresent\n - name: pt-heartbeat\n image: docker.m.daocloud.io/bitpoke/mysql-operator-sidecar-5.7:v0.6.1\n args:\n - pt-heartbeat\n - '--update'\n - '--replace'\n - '--check-read-only'\n - '--create-table'\n - '--database'\n - sys_operator\n - '--table'\n - heartbeat\n - '--utc'\n - '--defaults-file'\n - /etc/mysql/heartbeat.conf\n - '--fail-successive-errors=20'\n env:\n - name: MY_NAMESPACE\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n - name: MY_POD_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.name\n - name: MY_POD_IP\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: status.podIP\n - name: MY_SERVICE_NAME\n value: mysql\n - name: MY_CLUSTER_NAME\n value: test-mysql-123\n - name: MY_FQDN\n value: $(MY_POD_NAME).$(MY_SERVICE_NAME).$(MY_NAMESPACE)\n - name: MY_MYSQL_VERSION\n value: 5.7.31\n resources:\n limits:\n cpu: 100m\n memory: 64Mi\n requests:\n cpu: 10m\n memory: 32Mi\n volumeMounts:\n - name: conf\n mountPath: /etc/mysql\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: IfNotPresent\n restartPolicy: Always\n terminationGracePeriodSeconds: 30\n dnsPolicy: ClusterFirst\n securityContext:\n runAsUser: 999\n fsGroup: 999\n affinity:\n podAntiAffinity:\n preferredDuringSchedulingIgnoredDuringExecution:\n - weight: 100\n podAffinityTerm:\n labelSelector:\n matchLabels:\n app.kubernetes.io/component: database\n app.kubernetes.io/instance: test-mysql-123\n app.kubernetes.io/managed-by: mysql.presslabs.org\n app.kubernetes.io/name: mysql\n app.kubernetes.io/version: 5.7.31\n mysql.presslabs.org/cluster: test-mysql-123\n topologyKey: kubernetes.io/hostname\n schedulerName: default-scheduler\n volumeClaimTemplates:\n - kind: PersistentVolumeClaim\n apiVersion: v1\n metadata:\n name: data\n creationTimestamp: null\n ownerReferences:\n - apiVersion: mysql.presslabs.org/v1alpha1\n kind: MysqlCluster\n name: test-mysql-123\n uid: 5e877cc3-5167-49da-904e-820940cf1a6d\n controller: true\n spec:\n accessModes:\n - ReadWriteOnce\n resources:\n limits:\n storage: 1Gi\n requests:\n storage: 1Gi\n storageClassName: local-path\n volumeMode: Filesystem\n status:\n phase: Pending\n serviceName: mysql\n podManagementPolicy: OrderedReady\n updateStrategy:\n type: RollingUpdate\n rollingUpdate:\n partition: 0\n revisionHistoryLimit: 10\nstatus:\n observedGeneration: 1\n replicas: 1\n readyReplicas: 1\n currentReplicas: 1\n updatedReplicas: 1\n currentRevision: test-mysql-123-mysql-6b8f5577c7\n updateRevision: test-mysql-123-mysql-6b8f5577c7\n collisionCount: 0\n availableReplicas: 1\n
"},{"location":"en/admin/kpanda/workloads/pod-config/env-variables.html","title":"Configure environment variables","text":"An environment variable refers to a variable set in the container running environment, which is used to add environment flags to Pods or transfer configurations, etc. It supports configuring environment variables for Pods in the form of key-value pairs.
Suanova container management adds a graphical interface to configure environment variables for Pods on the basis of native Kubernetes, and supports the following configuration methods:
Key-value pair (Key/Value Pair): Use a custom key-value pair as the environment variable of the container
Resource reference (Resource): Use the fields defined by Container as the value of environment variables, such as the memory limit of the container, the number of copies, etc.
Variable/Variable Reference (Pod Field): Use the Pod field as the value of an environment variable, such as the name of the Pod
ConfigMap key value import (ConfigMap key): Import the value of a key in the ConfigMap as the value of an environment variable
Key key value import (Secret Key): use the data from the Secret to define the value of the environment variable
Key Import (Secret): Import all key values \u200b\u200bin Secret as environment variables
ConfigMap import (ConfigMap): import all key values \u200b\u200bin the ConfigMap as environment variables
Container health check checks the health status of containers according to user requirements. After configuration, if the application in the container is abnormal, the container will automatically restart and recover. Kubernetes provides Liveness checks, Readiness checks, and Startup checks.
LivenessProbe can detect application deadlock (the application is running, but cannot continue to run the following steps). Restarting containers in this state can help improve the availability of applications, even if there are bugs in them.
ReadinessProbe can detect when a container is ready to accept request traffic. A Pod can only be considered ready when all containers in a Pod are ready. One use of this signal is to control which Pod is used as the backend of the Service. If the Pod is not ready, it will be removed from the Service's load balancer.
Startup check (StartupProbe) can know when the application container is started. After configuration, it can control the container to check the viability and readiness after it starts successfully, so as to ensure that these liveness and readiness probes will not affect the start of the application. Startup detection can be used to perform liveness checks on slow-starting containers, preventing them from being killed before they start running.
The configuration of LivenessProbe is similar to that of ReadinessProbe, the only difference is to use readinessProbe field instead of livenessProbe field.
HTTP GET parameter description:
Parameter Description Path (Path) The requested path for access. Such as: /healthz path in the example Port (Port) Service listening port. Such as: port 8080 in the example protocol access protocol, Http or Https Delay time (initialDelaySeconds) Delay check time, in seconds, this setting is related to the normal startup time of business programs. For example, if it is set to 30, it means that the health check will start 30 seconds after the container is started, which is the time reserved for business program startup. Timeout (timeoutSeconds) Timeout, in seconds. For example, if it is set to 10, it indicates that the timeout waiting period for executing the health check is 10 seconds. If this time is exceeded, the health check will be regarded as a failure. If set to 0 or not set, the default timeout waiting time is 1 second. Timeout (timeoutSeconds) Timeout, in seconds. For example, if it is set to 10, it indicates that the timeout waiting period for executing the health check is 10 seconds. If this time is exceeded, the health check will be regarded as a failure. If set to 0 or not set, the default timeout waiting time is 1 second. SuccessThreshold (successThreshold) The minimum number of consecutive successes that are considered successful after a probe fails. The default value is 1, and the minimum value is 1. This value must be 1 for liveness and startup probes. Maximum number of failures (failureThreshold) The number of retries when the probe fails. Giving up in case of a liveness probe means restarting the container. Pods that are abandoned due to readiness probes are marked as not ready. The default value is 3. The minimum value is 1."},{"location":"en/admin/kpanda/workloads/pod-config/health-check.html#check-with-http-get-request","title":"Check with HTTP GET request","text":"YAML example:
apiVersion: v1\nkind: Pod\nmetadata:\n labels:\n test: liveness\n name: liveness-http\nspec:\n containers:\n - name: liveness # Container name\n image: k8s.gcr.io/liveness # Container image\n args:\n - /server # Arguments to pass to the container\n livenessProbe:\n httpGet:\n path: /healthz # Access request path\n port: 8080 # Service listening port\n httpHeaders:\n - name: Custom-Header # Custom header name\n value: Awesome # Custom header value\n initialDelaySeconds: 3 # Wait 3 seconds before the first probe\n periodSeconds: 3 # Perform liveness detection every 3 seconds\n
According to the set rules, Kubelet sends an HTTP GET request to the service running in the container (the service is listening on port 8080) to perform the detection. The kubelet considers the container alive if the handler under the /healthz path on the server returns a success code. If the handler returns a failure code, the kubelet kills the container and restarts it. Any return code greater than or equal to 200 and less than 400 indicates success, and any other return code indicates failure. The /healthz handler returns a 200 status code for the first 10 seconds of the container's lifetime. The handler then returns a status code of 500.
"},{"location":"en/admin/kpanda/workloads/pod-config/health-check.html#use-tcp-port-check","title":"Use TCP port check","text":"TCP port parameter description:
Parameter Description Port (Port) Service listening port. Such as: port 8080 in the example Delay time (initialDelaySeconds) Delay check time, in seconds, this setting is related to the normal startup time of business programs. For example, if it is set to 30, it means that the health check will start 30 seconds after the container is started, which is the time reserved for business program startup. Timeout (timeoutSeconds) Timeout, in seconds. For example, if it is set to 10, it indicates that the timeout waiting period for executing the health check is 10 seconds. If this time is exceeded, the health check will be regarded as a failure. If set to 0 or not set, the default timeout waiting time is 1 second.For a container that provides TCP communication services, based on this configuration, the cluster establishes a TCP connection to the container according to the set rules. If the connection is successful, it proves that the detection is successful, otherwise the detection fails. If you choose the TCP port detection method, you must specify the port that the container listens to.
YAML example:
apiVersion: v1\nkind: Pod\nmetadata:\n name: goproxy\n labels:\n app: goproxy\nspec:\n containers:\n - name: goproxy\n image: k8s.gcr.io/goproxy:0.1\n ports:\n - containerPort: 8080\n readinessProbe:\n tcpSocket:\n port: 8080\n initialDelaySeconds: 5\n periodSeconds: 10\n livenessProbe:\n tcpSocket:\n port: 8080\n initialDelaySeconds: 15\n periodSeconds: 20\n
This example uses both readiness and liveness probes. The kubelet sends the first readiness probe 5 seconds after the container is started. Attempt to connect to port 8080 of the goproxy container. If the probe is successful, the Pod will be marked as ready and the kubelet will continue to run the check every 10 seconds.
In addition to the readiness probe, this configuration includes a liveness probe. The kubelet will perform the first liveness probe 15 seconds after the container is started. The readiness probe will attempt to connect to the goproxy container on port 8080. If the liveness probe fails, the container will be restarted.
"},{"location":"en/admin/kpanda/workloads/pod-config/health-check.html#run-command-check","title":"Run command check","text":"YAML example:
apiVersion: v1\nkind: Pod\nmetadata:\n labels:\n test: liveness\n name: liveness-exec\nspec:\n containers:\n - name: liveness # Container name\n image: k8s.gcr.io/busybox # Container image\n args:\n - /bin/sh # Command to run\n - -c # Pass the following string as a command\n - touch /tmp/healthy; sleep 30; rm -f /tmp/healthy; sleep 600 # Command to execute\n livenessProbe:\n exec:\n command:\n - cat # Command to check liveness\n - /tmp/healthy # File to check\n initialDelaySeconds: 5 # Wait 5 seconds before the first probe\n periodSeconds: 5 # Perform liveness detection every 5 seconds\n
The periodSeconds field specifies that the kubelet performs a liveness probe every 5 seconds, and the initialDelaySeconds field specifies that the kubelet waits for 5 seconds before performing the first probe. According to the set rules, the cluster periodically executes the command cat /tmp/healthy in the container through the kubelet to detect. If the command executes successfully and the return value is 0, the kubelet considers the container to be healthy and alive. If this command returns a non-zero value, the kubelet will kill the container and restart it.
"},{"location":"en/admin/kpanda/workloads/pod-config/health-check.html#protect-slow-starting-containers-with-pre-start-checks","title":"Protect slow-starting containers with pre-start checks","text":"Some applications require a long initialization time at startup. You need to use the same command to set startup detection. For HTTP or TCP detection, you can set the failureThreshold * periodSeconds parameter to a long enough time to cope with the long startup time scene.
YAML example:
ports:\n- name: liveness-port\n containerPort: 8080\n hostPort: 8080\n\nlivenessProbe:\n httpGet:\n path: /healthz\n port: liveness-port\n failureThreshold: 1\n periodSeconds: 10\n\nstartupProbe:\n httpGet:\n path: /healthz\n port: liveness-port\n failureThreshold: 30\n periodSeconds: 10\n
With the above settings, the application will have up to 5 minutes (30 * 10 = 300s) to complete the startup process. Once the startup detection is successful, the survival detection task will take over the detection of the container and respond quickly to the container deadlock. If the start probe has been unsuccessful, the container is killed after 300 seconds and further disposition is performed according to the restartPolicy .
"},{"location":"en/admin/kpanda/workloads/pod-config/job-parameters.html","title":"Description of job parameters","text":"According to the settings of .spec.completions and .spec.Parallelism , jobs (Job) can be divided into the following types:
Job Type Description Non-parallel Job Creates a Pod until its Job completes successfully Parallel Jobs with deterministic completion counts A Job is considered complete when the number of successful Pods reaches .spec.completions Parallel Job Creates one or more Pods until one finishes successfullyParameter Description
RestartPolicy Creates a Pod until it terminates successfully .spec.completions Indicates the number of Pods that need to run successfully when the Job ends, the default is 1 .spec.parallelism Indicates the number of Pods running in parallel, the default is 1 spec.backoffLimit Indicates the maximum number of retries for a failed Pod, beyond which no more retries will continue. .spec.activeDeadlineSeconds Indicates the Pod running time. Once this time is reached, the Job, that is, all its Pods, will stop. And activeDeadlineSeconds has a higher priority than backoffLimit, that is, the job that reaches activeDeadlineSeconds will ignore the setting of backoffLimit.The following is an example Job configuration, saved in myjob.yaml, which calculates \u03c0 to 2000 digits and prints the output.
apiVersion: batch/v1\nkind: Job #The type of the current resource\nmetadata:\n name: myjob\nspec:\n completions: 50 # Job needs to run 50 Pods at the end, in this example it prints \u03c0 50 times\n parallelism: 5 # 5 Pods in parallel\n backoffLimit: 5 # retry up to 5 times\n template:\n spec:\n containers:\n - name: pi\n image: perl\n command: [\"perl\", \"-Mbignum=bpi\", \"-wle\", \"print bpi(2000)\"]\n restartPolicy: Never #restart policy\n
Related commands
kubectl apply -f myjob.yaml # Start job\nkubectl get job # View this job\nkubectl logs myjob-1122dswzs View Job Pod logs\n
"},{"location":"en/admin/kpanda/workloads/pod-config/lifecycle.html","title":"Configure the container lifecycle","text":"Pods follow a predefined lifecycle, starting in the Pending phase and entering the Running state if at least one container in the Pod starts normally. If any container in the Pod ends in a failed state, the state becomes Failed . The following phase field values \u200b\u200bindicate which phase of the lifecycle a Pod is in.
Value Description Pending The Pod has been accepted by the system, but one or more containers have not yet been created or run. This phase includes waiting for the pod to be scheduled and downloading the image over the network. Running (Running) The Pod has been bound to a node, and all containers in the Pod have been created. At least one container is still running, or in the process of starting or restarting. Succeeded (Success) All containers in the Pod were successfully terminated and will not be restarted. Failed All containers in the Pod have terminated, and at least one container terminated due to failure. That is, the container exited with a non-zero status or was terminated by the system. Unknown (Unknown) The status of the Pod cannot be obtained for some reason, usually due to a communication failure with the host where the Pod resides.When creating a workload in Suanova container management, images are usually used to specify the running environment in the container. By default, when building an image, the Entrypoint and CMD fields can be used to define the commands and parameters to be executed when the container is running. If you need to change the commands and parameters of the container image before starting, after starting, and before stopping, you can override the default commands and parameters in the image by setting the lifecycle event commands and parameters of the container.
"},{"location":"en/admin/kpanda/workloads/pod-config/lifecycle.html#lifecycle-configuration","title":"Lifecycle configuration","text":"Configure the startup command, post-start command, and pre-stop command of the container according to business needs.
Parameter Description Example value Start command Type: Optional Meaning: The container will be started according to the start command. Command after startup Type: optionalMeaning: command after container startup Command before stopping Type: Optional Meaning: The command executed by the container after receiving the stop command. Ensure that the services running in the instance can be drained in advance when the instance is upgraded or deleted. -"},{"location":"en/admin/kpanda/workloads/pod-config/lifecycle.html#start-command","title":"start command","text":"Configure the startup command according to the table below.
Parameter Description Example value Run command Type: RequiredMeaning: Enter an executable command, and separate multiple commands with spaces. If the command itself has spaces, you need to add (\"\"). Meaning: When there are multiple commands, it is recommended to use /bin/sh or other shells to run the command, and pass in all other commands as parameters. /run/server Running parameters Type: OptionalMeaning: Enter the parameters of the control container running command. port=8080"},{"location":"en/admin/kpanda/workloads/pod-config/lifecycle.html#post-start-commands","title":"Post-start commands","text":"Suanova provides two processing types, command line script and HTTP request, to configure post-start commands. You can choose the configuration method that suits you according to the table below.
Command line script configuration
Parameter Description Example value Run Command Type: Optional Meaning: Enter an executable command, and separate multiple commands with spaces. If the command itself contains spaces, you need to add (\"\"). Meaning: When there are multiple commands, it is recommended to use /bin/sh or other shells to run the command, and pass in all other commands as parameters. /run/server Running parameters Type: OptionalMeaning: Enter the parameters of the control container running command. port=8080"},{"location":"en/admin/kpanda/workloads/pod-config/lifecycle.html#stop-pre-command","title":"stop pre-command","text":"Suanova provides two processing types, command line script and HTTP request, to configure the pre-stop command. You can choose the configuration method that suits you according to the table below.
HTTP request configuration
Parameter Description Example value URL Path Type: Optional Meaning: Requested URL path. Meaning: When there are multiple commands, it is recommended to use /bin/sh or other shells to run the command, and pass in all other commands as parameters. /run/server Port Type: RequiredMeaning: Requested port. port=8080 Node Address Type: Optional Meaning: The requested IP address, the default is the node IP where the container is located. -"},{"location":"en/admin/kpanda/workloads/pod-config/scheduling-policy.html","title":"Scheduling Policy","text":"In a Kubernetes cluster, like many other Kubernetes objects, nodes have labels. You can manually add labels. Kubernetes also adds some standard labels to all nodes in the cluster. See Common Labels, Annotations, and Taints for common node labels. By adding labels to nodes, you can have pods scheduled on specific nodes or groups of nodes. You can use this feature to ensure that specific Pods can only run on nodes with certain isolation, security or governance properties.
nodeSelector is the simplest recommended form of a node selection constraint. You can add a nodeSelector field to the Pod's spec to set the node label. Kubernetes will only schedule pods on nodes with each label specified. nodeSelector provides one of the easiest ways to constrain Pods to nodes with specific labels. Affinity and anti-affinity expand the types of constraints you can define. Some benefits of using affinity and anti-affinity are:
Affinity and anti-affinity languages are more expressive. nodeSelector can only select nodes that have all the specified labels. Affinity, anti-affinity give you greater control over selection logic.
You can mark a rule as \"soft demand\" or \"preference\", so that the scheduler will still schedule the Pod if no matching node can be found.
You can use the labels of other Pods running on the node (or in other topological domains) to enforce scheduling constraints, instead of only using the labels of the node itself. This capability allows you to define rules which allow Pods to be placed together.
You can choose which node the Pod will deploy to by setting affinity and anti-affinity.
"},{"location":"en/admin/kpanda/workloads/pod-config/scheduling-policy.html#tolerance-time","title":"Tolerance time","text":"When the node where the workload instance is located is unavailable, the period for the system to reschedule the instance to other available nodes. The default is 300 seconds.
"},{"location":"en/admin/kpanda/workloads/pod-config/scheduling-policy.html#node-affinity-nodeaffinity","title":"Node affinity (nodeAffinity)","text":"Node affinity is conceptually similar to nodeSelector , which allows you to constrain which nodes Pods can be scheduled on based on the labels on the nodes. There are two types of node affinity:
Must be satisfied: ( requiredDuringSchedulingIgnoredDuringExecution ) The scheduler can only run scheduling when the rules are satisfied. This functionality is similar to nodeSelector , but with a more expressive syntax. You can define multiple hard constraint rules, but only one of them must be satisfied.
Satisfy as much as possible: ( preferredDuringSchedulingIgnoredDuringExecution ) The scheduler will try to find nodes that meet the proper rules. If no matching node is found, the scheduler will still schedule the Pod. You can also set weights for soft constraint rules. During specific scheduling, if there are multiple nodes that meet the conditions, the node with the highest weight will be scheduled first. At the same time, you can also define multiple hard constraint rules, but only one of them needs to be satisfied.
The label proper to the node can use the default label or user-defined label.
"},{"location":"en/admin/kpanda/workloads/pod-config/scheduling-policy.html#operators","title":"Operators","text":"It can only be added in the \"as far as possible\" policy, which can be understood as the priority of scheduling, and those with the highest weight will be scheduled first. The value range is 1 to 100.
"},{"location":"en/admin/kpanda/workloads/pod-config/scheduling-policy.html#workload-affinity","title":"Workload Affinity","text":"Similar to node affinity, there are two types of workload affinity:
The affinity of the workload is mainly used to determine which Pods of the workload can be deployed in the same topology domain. For example, services that communicate with each other can be deployed in the same topology domain (such as the same availability zone) by applying affinity scheduling to reduce the network delay between them.
"},{"location":"en/admin/kpanda/workloads/pod-config/scheduling-policy.html#tag-name_1","title":"Tag name","text":"The label proper to the node can use the default label or user-defined label.
"},{"location":"en/admin/kpanda/workloads/pod-config/scheduling-policy.html#namespaces","title":"Namespaces","text":"Specifies the namespace in which the scheduling policy takes effect.
"},{"location":"en/admin/kpanda/workloads/pod-config/scheduling-policy.html#operators_1","title":"Operators","text":"Specify the scope of influence during scheduling. If you specify kubernetes.io/Clustername, it will use the Node node as the distinguishing scope.
"},{"location":"en/admin/kpanda/workloads/pod-config/scheduling-policy.html#workload-anti-affinity","title":"Workload Anti-Affinity","text":"Similar to node affinity, there are two types of anti-affinity for workloads:
The anti-affinity of the workload is mainly used to determine which Pods of the workload cannot be deployed in the same topology domain. For example, the same Pod of a load is distributed to different topological domains (such as different hosts) to improve the stability of the workload itself.
"},{"location":"en/admin/kpanda/workloads/pod-config/scheduling-policy.html#tag-name_2","title":"Tag name","text":"The label proper to the node can use the default label or user-defined label.
"},{"location":"en/admin/kpanda/workloads/pod-config/scheduling-policy.html#namespaces_1","title":"Namespaces","text":"Specifies the namespace in which the scheduling policy takes effect.
"},{"location":"en/admin/kpanda/workloads/pod-config/scheduling-policy.html#operators_2","title":"Operators","text":"Specify the scope of influence when scheduling, such as specifying kubernetes.io/Clustername, it will use the Node node as the distinguishing scope.
"},{"location":"en/admin/kpanda/workloads/pod-config/workload-status.html","title":"Workload Status","text":"A workload is an application running on Kubernetes, and in Kubernetes, whether your application is composed of a single same component or composed of many different components, you can use a set of Pods to run it. Kubernetes provides five built-in workload resources to manage pods:
You can also expand workload resources by setting Custom Resource CRD. In the fifth-generation container management, it supports full lifecycle management of workloads such as creation, update, capacity expansion, monitoring, logging, deletion, and version management.
"},{"location":"en/admin/kpanda/workloads/pod-config/workload-status.html#pod-status","title":"Pod Status","text":"Pod is the smallest computing unit created and managed in Kubernetes, that is, a collection of containers. These containers share storage, networking, and management policies that control how the containers run. Pods are typically not created directly by users, but through workload resources. Pods follow a predefined lifecycle, starting at Pending phase, if at least one of the primary containers starts normally, it enters Running , and then enters the Succeeded or Failed stage depending on whether any container in the Pod ends in a failed status.
"},{"location":"en/admin/kpanda/workloads/pod-config/workload-status.html#workload-status_1","title":"Workload Status","text":"The fifth-generation container management module designs a built-in workload life cycle status set based on factors such as Pod status and number of replicas, so that users can more realistically perceive the running status of workloads. Because different workload types (such as Deployment and Jobs) have inconsistent management mechanisms for Pods, different workloads will have different lifecycle status during operation, as shown in the following table.
"},{"location":"en/admin/kpanda/workloads/pod-config/workload-status.html#deployment-statefulset-damemonset-status","title":"Deployment, StatefulSet, DamemonSet Status","text":"Status Description Waiting 1. A workload is in this status while its creation is in progress. 2. After an upgrade or rollback action is triggered, the workload is in this status. 3. Trigger operations such as pausing/scaling, and the workload is in this status. Running This status occurs when all instances under the workload are running and the number of replicas matches the user-defined number. Deleting When a delete operation is performed, the payload is in this status until the delete is complete. Exception Unable to get the status of the workload for some reason. This usually occurs because communication with the pod's host has failed. Not Ready When the container is in an abnormal, pending status, this status is displayed when the workload cannot be started due to an unknown error"},{"location":"en/admin/kpanda/workloads/pod-config/workload-status.html#job-status","title":"Job Status","text":"Status Description Waiting The workload is in this status while Job creation is in progress. Executing The Job is in progress and the workload is in this status. Execution Complete The Job execution is complete and the workload is in this status. Deleting A delete operation is triggered and the workload is in this status. Exception Pod status could not be obtained for some reason. This usually occurs because communication with the pod's host has failed."},{"location":"en/admin/kpanda/workloads/pod-config/workload-status.html#cronjob-status","title":"CronJob status","text":"Status Description Waiting The CronJob is in this status when it is being created. Started After the CronJob is successfully created, the CronJob is in this status when it is running normally or when the paused task is started. Stopped The CronJob is in this status when the stop task operation is performed. Deleting The deletion operation is triggered, and the CronJob is in this status.When the workload is in an abnormal or unready status, you can move the mouse over the status value of the load, and the system will display more detailed error information through a prompt box. You can also view the log or events to obtain related running information of the workload.
"},{"location":"en/admin/register/index.html","title":"User Registration","text":"New users need to register to use the AI platform for the first time.
"},{"location":"en/admin/register/index.html#prerequisites","title":"Prerequisites","text":"Open the AI platform homepage at https://ai.isuanova.com/ and click Register.
Enter your username, password, and email, then click Register.
The system will prompt that an email has been sent to your inbox.
Log in to your email, find the email, and click the link.
Congratulations, you have successfully accessed the AI platform, and you can now begin your AI journey.
Next step: Bind a Workspace for the User
"},{"location":"en/admin/register/bindws.html","title":"Binding a Workspace for the User","text":"After a user successfully registers, a workspace needs to be bound to them.
"},{"location":"en/admin/register/bindws.html#prerequisites","title":"Prerequisites","text":"Navigate to Global Management -> Workspace and Folder, and click Create Workspace.
Enter the workspace name, select a folder, and click OK to create a workspace.
Bind resources to the workspace.
On this interface, you can click Create Namespace to create a namespace.
Add authorization: Assign the user to the workspace.
The user logs in to the AI platform to check if they have permissions for the workspace and namespace. The administrator can perform more actions through the \u2507 on the right side.
Next step: Allocate Resources for the Workspace
"},{"location":"en/admin/register/wsres.html","title":"Allocate Resources to the Workspace","text":"After binding a user to a workspace, it is necessary to allocate appropriate resources to the workspace.
"},{"location":"en/admin/register/wsres.html#prerequisites","title":"Prerequisites","text":"Navigate to Global Management -> Workspace and Folder, find the workspace to which you want to add resources, and click Add Shared Resources.
Select the cluster, set the appropriate resource quota, and then click OK
Return to the shared resources page. Resources have been successfully allocated to the workspace, and the administrator can modify them at any time using the \u2507 on the right side.
Next step: Create a Cloud Host
"},{"location":"en/admin/security/index.html","title":"Cloud Native Security","text":"AI platform provides a fully automated security implementation for containers, Pods, images, runtimes, and microservices. The following table lists some of the security features that have been implemented or are in the process of being implemented.
Security Features Specific Items Description Image security Trusted image Distribution Key pairs and signature information are required to achieve secure transport of images. It's allowed to select a key for mirror signing during mirror transmission. Runtime security Event correlation analysis Support correlation and risk analysis of security events detected at runtime to enhance attack traceability. Support converge alerts, reduce invalid alerts, and improve event response efficiency. - Container decoy repository The container decoy repository is equipped with common decoys including but not limited to: unauthorized access vulnerabilities, code execution vulnerabilities, local file reading vulnerabilities, remote command execution RCE vulnerabilities, and other container decoys. - Container decoy deployment Support custom decoy containers, including service names, service locations, etc. - Container decoy alerting Support alerting on suspicious behavior in container decoys. - Offset detection While scanning the image, learn all the binary information in the image and form a \"whitelist\" to allow only the binaries in the \"whitelist\" to run after the container is online, which ensures that the container can not run unauthorized (such as illegal download) executable files. Micro-isolation Intelligent recommendation of isolation policies Support for recording historical access traffic to resources, and intelligent policy recommendation based on historical access traffic when configuring isolation policies for resources. - Tenant isolation Support isolation control of tenants in Kubernetes clusters, with the ability to set different network security groups for different tenants, and supports tenant-level security policies to achieve inter-tenant network access and isolation. Microservices security Service and API security scanning Supports automatic, manual and periodic scanning of services and APIs within a cluster. Support all traditional web scanning items including XSS vulnerabilities, SQL injection, command/code injection, directory enumeration, path traversal, XML entity injection, poc, file upload, weak password, jsonp, ssrf, arbitrary jump, CRLF injection and other risks. For vulnerabilities found in the container environment, support vulnerability type display, url display, parameter display, danger level display, test method display, etc."},{"location":"en/admin/security/falco-exporter.html","title":"What is Falco-exporter","text":"Falco-exporter is a Prometheus Metrics exporter for Falco output events.
Falco-exporter is deployed as a DaemonSet on a Kubernetes cluster. If Prometheus is installed and running in the cluster, metrics provided by Falco-exporter will be automatically discovered.
"},{"location":"en/admin/security/falco-exporter.html#install-falco-exporter","title":"Install Falco-exporter","text":"This section describes how to install Falco-exporter.
Note
Before installing and using Falco-exporter, you need to install and run Falco with gRPC output enabled (enabled by via Unix sockets by default). For more information on enabling gRPC output in Falco Helm Chart, see Enabling gRPC.
Please confirm that your cluster has successfully connected to the Container Management
platform, and then perform the following steps to install Falco-exporter.
Click Container Management
->Clusters
in the left navigation bar, then find the cluster name where you want to install Falco-exporter.
In the left navigation bar, select Helm Releases
-> Helm Charts
, and then find and click falco-exporter
.
Select the version you want to install in Version
and click Install
.
On the installation screen, fill in the required installation parameters.
Fill in application name
, namespace
, version
, etc.
Fill in the following parameters:
Falco Prometheus Exporter
-> Image Settings
-> Registry
: set the repository address of the falco-exporter image, which is already filled with the available online repositories by default. If it is a private environment, you can change it to a private repository address.
Falco Prometheus Exporter
-> Prometheus ServiceMonitor Settings
-> Repository
: set the falco-exporter image name.
Falco Prometheus Exporter
-> Prometheus ServiceMonitor Settings
-> Install ServiceMonitor
: install Prometheus Operator service monitor. It is enabled by default.
Falco Prometheus Exporter
-> Prometheus ServiceMonitor Settings
-> Scrape Interval
: user-defined interval; if not specified, the Prometheus default interval is used.
Falco Prometheus Exporter
-> Prometheus ServiceMonitor Settings
-> Scrape Timeout
: user-defined scrape timeout; if not specified, the Prometheus default scrape timeout is used.
In the screen as above, fill in the following parameters:
Falco Prometheus Exporter
-> Prometheus prometheusRules
-> Install prometheusRules
: create PrometheusRules to alert on priority events. It is enabled by default.
Falco Prometheus Exporter
-> Prometheus prometheusRules
-> Alerts settings
: set whether alerts are enabled for different levels of log events, the interval between alerts, and the threshold for alerts.
Click the OK
button at the bottom right corner to complete the installation.
Please confirm that your cluster has successfully connected to the Container Management
platform, and then perform the following steps to install Falco.
Click Container Management
->Clusters
in the left navigation bar, then find the cluster name where you want to install Falco.
In the left navigation bar, select Helm Releases
-> Helm Charts
, and then find and click Falco
.
Select the version you want to install in Version
, and click Install
.
On the installation page, fill in the required installation parameters.
Fill in the application name
, namespace
, version
, etc.
Fill in the following parameters:
Falco
-> Image Settings
-> Registry
: set the repository address of the Falco image, which is already filled with the available online repositories by default. If it is a private environment, you can change it to a private repository address.
Falco
-> Image Settings
-> Repository
: set the Falco image name.
Falco
-> Falco Driver
-> Image Settings
-> Registry
: set the repository address of the Falco Driver image, which is already filled with available online repositories by default. If it is a private environment, you can change it to a private repository address.
Falco
-> Falco Driver
-> Image Settings
-> Repository
: set the Falco Driver image name.
Falco
-> Falco Driver
-> Image Settings
-> Driver Kind
: set the Driver Kind, providing the following two options.
ebpf: use ebpf to detect events, which requires the Linux kernel to support ebpf and enable CONFIG_BPF_JIT and sysctl net.core.bpf_jit_enable=1.
module: use kernel module detection with limited OS version support. Refer to module support system version.
Falco
-> Falco Driver
-> Image Settings
-> Log Level
: the minimum log level to be included in the log.
Optional values include: emergency
, alert
, critical
, error
, warning
, notice
, info
, debug
.
Click the OK
button in the bottom right corner to complete the installation.
Falco is a cloudnative runtime security
tool designed to detect anomalous activity in applications, and can be used to monitor the runtime security of Kubernetes applications and internal components. With only a set of rules, Falco can continuously monitor and watch for anomalous activity in containers, applications, hosts, and networks.
Falco can detect and alert on any behavior involving Linux system calls. Falco alerts can be triggered using specific system calls, parameters, and properties of the calling process. For example, Falco can easily detect events including but not limited to the following:
For more information on the default rules that come with Falco, see the Rules documentation.
"},{"location":"en/admin/security/falco.html#what-are-falco-rules","title":"What are Falco rules?","text":"Falco rules define the behavior and events that Falco should monitor. Rules can be written in the Falco rules file or in a generic configuration file. For more information on writing, managing and deploying rules, see Falco Rules.
"},{"location":"en/admin/security/falco.html#what-are-falco-alerts","title":"What are Falco Alerts?","text":"Alerts are configurable downstream operations that can be as simple as logging or as complex as STDOUT passing a gRPC call to a client. For more information on configuring, understanding, and developing alerts, see Falco Alerts. Falco can send alerts t:
Falco consists of the following main components:
Userspace program: a CLI tool that can be used to interact with Falco. The userspace program handles signals, parses messages from a Falco driver, and sends alerts.
Configuration: define how Falco is run, what rules to assert, and how to perform alerts. For more information, see Configuration.
Driver: a software that adheres to the Falco driver specification and sends a stream of system call information. You cannot run Falco without installing a driver. Currently, Falco supports the following drivers:
Userspace instrumentation
For more information, see Falco drivers.
Plugins: allow users to extend the functionality of falco libraries/falco executable by adding new event sources and new fields that can extract information from events. For more information, see Plugins.
Notebook typically refers to Jupyter Notebook or similar interactive computing environments. This is a very popular tool widely used in fields such as data science, machine learning, and deep learning. This page explains how to use Notebook on the Canfeng AI platform.
"},{"location":"en/admin/share/notebook.html#prerequisites","title":"Prerequisites","text":"Navigate to AI Lab -> Queue Management, and click the Create button on the right.
After entering a name, selecting a cluster, workspace, and quota, click OK.
Log in to the AI platform as a User, navigate to AI Lab -> Notebook, and click the Create button on the right.
After configuring the parameters, click OK.
Basic InformationResource ConfigurationAdvanced ConfigurationEnter a name, select a cluster, namespace, choose the newly created queue, and click One-click Initialization.
Select Notebook type, configure memory and CPU, enable GPU, create and configure PVC:
Enable SSH external access:
You will be automatically redirected to the Notebook instance list; click the instance name.
Enter the Notebook instance details page and click the Open button in the upper right corner.
You will enter the Notebook development environment, where a persistent volume is mounted in the /home/jovyan
directory. You can clone code using git and upload data after connecting via SSH, etc.
Generate an SSH key pair on your own computer.
Open the command line on your computer, for example, open git bash on Windows, and enter ssh-keygen.exe -t rsa
, then press enter until completion.
Use commands like cat ~/.ssh/id_rsa.pub
to view and copy the public key.
Log in to the AI platform as a user, click Personal Center in the upper right corner -> SSH Public Key -> Import SSH Public Key.
Go to the details page of the Notebook instance and copy the SSH link.
Use SSH to access the Notebook instance from the client.
Next step: Create Training Jobs
"},{"location":"en/admin/share/quota.html","title":"Quota Management","text":"Once a user is bound to a workspace, resources can be allocated to the workspace, and resource quotas can be managed.
"},{"location":"en/admin/share/quota.html#prerequisites","title":"Prerequisites","text":"Allocate resource quotas to the workspace.
Manage the resource quotas for the namespace test-ns-1
, ensuring that the values do not exceed the workspace's quota.
Log in to the AI platform as a User to check if they have been assigned the test-ns-1
namespace.
Next step: Create AI Workloads Using GPUs
"},{"location":"en/admin/share/workload.html","title":"Creating AI Workloads Using GPU Resources","text":"After the administrator allocates resource quotas for the workspace, users can create AI workloads to utilize GPU computing resources.
"},{"location":"en/admin/share/workload.html#prerequisites","title":"Prerequisites","text":"Navigate to Container Management, select a namespace, then click Workloads -> Deployments, and then click the Create from Image button on the right.
After configuring the parameters, click OK.
Basic InformationContainer ConfigurationOthersSelect your own namespace.
Set the image, configure resources such as CPU, memory, and GPU, and set the startup command.
Service configuration and advanced settings can use default configurations.
Automatically return to the stateless workload list and click the workload name.
Enter the details page to view the GPU quota.
You can also enter the console and run the mx-smi
command to check the GPU resources.
Next step: Using Notebook
"},{"location":"en/admin/virtnest/best-practice/import-ubuntu.html","title":"Import a Linux Virtual Machine with Ubuntu from an External Platform","text":"This page provides a detailed introduction on how to import Linux virtual machines from the external platform VMware into the virtual machines of AI platform through the command line.
Info
The external virtual platform in this document is VMware vSphere Client, abbreviated as vSphere. Technically, it relies on kubevirt cdi for implementation. Before proceeding, the virtual machine imported on vSphere needs to be shut down. Take a virtual machine of the Ubuntu operating system as an example.
"},{"location":"en/admin/virtnest/best-practice/import-ubuntu.html#fetch-basic-information-of-vsphere-virtual-machine","title":"Fetch Basic Information of vSphere Virtual Machine","text":"vSphere URL: Fetch information on the URL of the target platform
vSphere SSL Certificate Thumbprint: Need to be fetched using openssl
openssl s_client -connect 10.64.56.11:443 </dev/null | openssl x509 -in /dev/stdin -fingerprint -sha1 -noout\n
Output will be similar to: Can't use SSL_get_servername\ndepth=0 CN = vcsa.daocloud.io\nverify error:num=20:unable to get local issuer certificate\nverify return:1\ndepth=0 CN = vcsa.daocloud.io\nverify error:num=21:unable to verify the first certificate\nverify return:1\ndepth=0 CN = vcsa.daocloud.io\nverify return:1\nDONE\nsha1 Fingerprint=C3:9D:D7:55:6A:43:11:2B:DE:BA:27:EA:3B:C2:13:AF:E4:12:62:4D # Value needed\n
vSphere Account: Fetch account information for vSphere, and pay attention to permissions
vSphere Password: Fetch password information for vSphere
UUID of the virtual machine to be imported: Need to be fetched on the web page of vSphere
Access the Vsphere page, go to the details page of the virtual machine to be imported, click Edit Settings , open the browser's developer console at this point, click Network -> Headers , find the URL as shown in the image below.
Click Response , locate vmConfigContext -> config , and finally find the target value uuid .
Path of the vmdk file of the virtual machine to be imported
Different information needs to be configured based on the chosen network mode. If a fixed IP address is required, you should select the Bridge network mode.
Create subnets and IP pools.
apiVersion: spiderpool.spidernet.io/v2beta1\nkind: SpiderIPPool\nmetadata:\n name: test2\nspec:\n ips:\n - 10.20.3.90\n subnet: 10.20.0.0/16\n gateway: 10.20.0.1\n\n---\napiVersion: spiderpool.spidernet.io/v2beta1\nkind: SpiderIPPool\nmetadata:\n name: test3\nspec:\n ips:\n - 10.20.240.1\n subnet: 10.20.0.0/16\n gateway: 10.20.0.1\n\n---\napiVersion: spiderpool.spidernet.io/v2beta1\nkind: SpiderMultusConfig\nmetadata:\n name: test1\n namespace: kube-system\nspec:\n cniType: ovs\n coordinator:\n detectGateway: false\n detectIPConflict: false\n mode: auto\n tunePodRoutes: true\n disableIPAM: false\n enableCoordinator: true\n ovs:\n bridge: br-1\n ippools:\n ipv4:\n - test1\n - test2\n
apiVersion: v1\nkind: Secret\nmetadata:\n name: vsphere # Can be changed\n labels:\n app: containerized-data-importer # Do not change\ntype: Opaque\ndata:\n accessKeyId: \"username-base64\"\n secretKey: \"password-base64\"\n
"},{"location":"en/admin/virtnest/best-practice/import-ubuntu.html#write-a-kubevirt-vm-yaml-to-create-vm","title":"Write a KubeVirt VM YAML to create VM","text":"Tip
If a fixed IP address is required, the YAML configuration differs slightly from the one used for the default network. These differences have been highlighted.
apiVersion: kubevirt.io/v1\nkind: VirtualMachine\nmetadata:\n annotations:\n kubevirt.io/latest-observed-api-version: v1\n kubevirt.io/storage-observed-api-version: v1\n virtnest.io/alias-name: \"\"\n virtnest.io/image-secret: \"\"\n creationTimestamp: \"2024-05-23T06:46:28Z\"\n finalizers:\n - kubevirt.io/virtualMachineControllerFinalize\n generation: 1\n labels:\n virtnest.io/os-family: Ubuntu\n virtnest.io/os-version: \"22.04\"\n name: export-ubuntu\n namespace: default\nspec:\n dataVolumeTemplates:\n - metadata:\n creationTimestamp: null\n name: export-ubuntu-rootdisk\n namespace: default\n spec:\n pvc:\n accessModes:\n - ReadWriteOnce\n resources:\n requests:\n storage: 10Gi\n storageClassName: local-path\n source:\n vddk:\n backingFile: \"[A05-09-ShangPu-Local-DataStore] virtnest-export-ubuntu/virtnest-export-ubuntu.vmdk\" \n url: \"https://10.64.56.21\" \n uuid: \"421d6135-4edb-df80-ee54-8c5b10cc4e78\" \n thumbprint: \"D7:C4:22:E3:6F:69:DA:72:50:81:12:FA:42:18:3F:29:5C:7F:41:CA\" \n secretRef: \"vsphere\"\n initImageURL: \"release.daocloud.io/virtnest/vddk:v8\" \n runStrategy: Manual\n template:\n metadata:\n annotations:\n ipam.spidernet.io/ippools: '[{\"cleangateway\":false,\"ipv4\":[\"test2\"]}]' // Add spiderpool network here\n creationTimestamp: null\n spec:\n architecture: amd64\n domain:\n devices:\n disks:\n - bootOrder: 1\n disk:\n bus: virtio\n name: rootdisk\n interfaces: // Modify the network configuration\n - bridge: {}\n name: ovs-bridge0\n machine:\n type: q35\n resources:\n requests:\n memory: 4Gi\n networks: // Modify the network configuration\n - multus:\n default: true\n networkName: kube-system/test1\n name: ovs-bridge0\n volumes:\n - dataVolume:\n name: export-ubuntu-rootdisk\n name: rootdisk\n
"},{"location":"en/admin/virtnest/best-practice/import-ubuntu.html#access-vnc-to-verify-successful-operation","title":"Access VNC to verify successful operation","text":"Modify the network configuration of the virtual machine
Check the current network
When the actual import is completed, the configuration shown in the image below has been completed. However, it should be noted that the enp1s0 interface does not contain the inet field, so it cannot connect to the external network.
Configure netplan
In the configuration shown in the image above, change the objects in ethernets to enp1s0 and obtain an IP address using DHCP.
Apply the netplan configuration to the system network configuration
sudo netplan apply\n
Perform a ping test on the external network
Access the virtual machine on the node via SSH.
This page provides a detailed introduction on how to import virtual machines from an external platform -- VMware, into the virtual machines of AI platform using the command line.
Info
The external virtual platform on this page is VMware vSphere Client, abbreviated as vSphere. Technically, it relies on kubevirt cdi for implementation. Before proceeding, the virtual machine imported on vSphere needs to be shut down. Take a virtual machine of the Windows operating system as an example.
"},{"location":"en/admin/virtnest/best-practice/import-windows.html#environment-preparation","title":"Environment Preparation","text":"Before importing, refer to the Network Configuration to prepare the environment.
"},{"location":"en/admin/virtnest/best-practice/import-windows.html#fetch-information-of-the-windows-virtual-machine","title":"Fetch Information of the Windows Virtual Machine","text":"Similar to importing a virtual machine with a Linux operating system, refer to Importing a Linux Virtual Machine with Ubuntu from an External Platform to get the following information:
When importing a virtual machine from an external platform into the AI platform virtualization platform, you need to configure it according to the boot type (BIOS or UEFI) to ensure it can boot and run correctly.
You can check whether Windows uses BIOS or UEFI through \"System Summary.\" If it uses UEFI, you need to add the relevant information in the YAML file.
"},{"location":"en/admin/virtnest/best-practice/import-windows.html#import-process","title":"Import Process","text":"Prepare the window.yaml
file and pay attention to the following configmaps:
apiVersion: kubevirt.io/v1\nkind: VirtualMachine\nmetadata:\n labels:\n virtnest.io/os-family: windows\n virtnest.io/os-version: \"server2019\"\n name: export-window-21\n namespace: default\nspec:\n dataVolumeTemplates:\n - metadata:\n name: export-window-21-rootdisk\n spec:\n pvc:\n accessModes:\n - ReadWriteOnce\n resources:\n requests:\n storage: 22Gi\n storageClassName: local-path\n source:\n vddk:\n backingFile: \"[A05-09-ShangPu-Local-DataStore] virtnest-export-window/virtnest-export-window.vmdk\"\n url: \"https://10.64.56.21\"\n uuid: \"421d40f2-21a2-cfeb-d5c9-e7f8abfc2faa\"\n thumbprint: \"D7:C4:22:E3:6F:69:DA:72:50:81:12:FA:42:18:3F:29:5C:7F:41:CA\"\n secretRef: \"vsphere21\"\n initImageURL: \"release.daocloud.io/virtnest/vddk:v8\"\n - metadata:\n name: export-window-21-datadisk\n spec:\n pvc:\n accessModes:\n - ReadWriteOnce\n resources:\n requests:\n storage: 1Gi\n storageClassName: local-path\n source:\n vddk:\n backingFile: \"[A05-09-ShangPu-Local-DataStore] virtnest-export-window/virtnest-export-window_1.vmdk\"\n url: \"https://10.64.56.21\"\n uuid: \"421d40f2-21a2-cfeb-d5c9-e7f8abfc2faa\"\n thumbprint: \"D7:C4:22:E3:6F:69:DA:72:50:81:12:FA:42:18:3F:29:5C:7F:41:CA\"\n secretRef: \"vsphere21\"\n initImageURL: \"release.daocloud.io/virtnest/vddk:v8\"\n # <1>. PVC for booting Virtio drivers\n # \u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\n - metadata:\n name: virtio-disk\n spec:\n pvc:\n accessModes:\n - ReadWriteOnce\n resources:\n requests:\n storage: 10Mi\n storageClassName: local-path\n source:\n blank: {}\n # \u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\n running: true\n template:\n metadata:\n annotations:\n ipam.spidernet.io/ippools: '[{\"cleangateway\":false,\"ipv4\":[\"test86\"]}]'\n spec:\n dnsConfig:\n nameservers:\n - 223.5.5.5\n domain:\n cpu:\n cores: 2\n memory:\n guest: 4Gi\n devices:\n disks:\n - bootOrder: 1\n disk:\n bus: sata # <2> Disk bus type, set to SATA or Virtio depending on the boot type\n name: rootdisk\n - bootOrder: 2\n disk:\n bus: sata # <2> Disk bus type, set to SATA or Virtio depending on the boot type\n name: datadisk\n # <1>. disk for booting Virtio drivers\n # \u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\n - bootOrder: 3\n disk:\n bus: virtio\n name: virtdisk\n - bootOrder: 4\n cdrom:\n bus: sata\n name: virtiocontainerdisk\n # \u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\n interfaces:\n - bridge: {}\n name: ovs-bridge0\n # <3> In the above section \"Check the Boot Type of Windows\"\n # If using UEFI, add the following information\n # \u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\n features:\n smm:\n enabled: true\n firmware:\n bootloader:\n efi:\n secureBoot: false\n # \u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\n machine:\n type: q35\n resources:\n requests:\n memory: 4Gi\n networks:\n - multus:\n default: true\n networkName: kube-system/test1\n name: ovs-bridge0\n volumes:\n - dataVolume:\n name: export-window-21-rootdisk\n name: rootdisk\n - dataVolume:\n name: export-window-21-datadisk\n name: datadisk \n # <1> Volumes for booting Virtio drivers\n # \u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\n - dataVolume:\n name: virtio-disk\n name: virtdisk\n - containerDisk:\n image: release-ci.daocloud.io/virtnest/kubevirt/virtio-win:v4.12.12-5\n name: virtiocontainerdisk\n # \u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\n
"},{"location":"en/admin/virtnest/best-practice/import-windows.html#install-virtio-drivers-via-vnc","title":"Install VirtIO Drivers via VNC","text":"# Delete fields marked with <1>, modify fields marked with <2>: change sata to virtio\napiVersion: kubevirt.io/v1\nkind: VirtualMachine\nmetadata:\n labels:\n virtnest.io/os-family: windows\n virtnest.io/os-version: \"server2019\"\n name: export-window-21\n namespace: default\nspec:\n dataVolumeTemplates:\n - metadata:\n name: export-window-21-rootdisk\n spec:\n pvc:\n accessModes:\n - ReadWriteOnce\n resources:\n requests:\n storage: 22Gi\n storageClassName: local-path\n source:\n vddk:\n backingFile: \"[A05-09-ShangPu-Local-DataStore] virtnest-export-window/virtnest-export-window.vmdk\"\n url: \"https://10.64.56.21\"\n uuid: \"421d40f2-21a2-cfeb-d5c9-e7f8abfc2faa\"\n thumbprint: \"D7:C4:22:E3:6F:69:DA:72:50:81:12:FA:42:18:3F:29:5C:7F:41:CA\"\n secretRef: \"vsphere21\"\n initImageURL: \"release.daocloud.io/virtnest/vddk:v8\"\n - metadata:\n name: export-window-21-datadisk\n spec:\n pvc:\n accessModes:\n - ReadWriteOnce\n resources:\n requests:\n storage: 1Gi\n storageClassName: local-path\n source:\n vddk:\n backingFile: \"[A05-09-ShangPu-Local-DataStore] virtnest-export-window/virtnest-export-window_1.vmdk\"\n url: \"https://10.64.56.21\"\n uuid: \"421d40f2-21a2-cfeb-d5c9-e7f8abfc2faa\"\n thumbprint: \"D7:C4:22:E3:6F:69:DA:72:50:81:12:FA:42:18:3F:29:5C:7F:41:CA\"\n secretRef: \"vsphere21\"\n initImageURL: \"release.daocloud.io/virtnest/vddk:v8\"\n running: true\n template:\n metadata:\n annotations:\n ipam.spidernet.io/ippools: '[{\"cleangateway\":false,\"ipv4\":[\"test86\"]}]'\n spec:\n dnsConfig:\n nameservers:\n - 223.5.5.5\n domain:\n cpu:\n cores: 2\n memory:\n guest: 4Gi\n devices:\n disks:\n - bootOrder: 1\n disk:\n bus: virtio # <2>\n name: rootdisk\n - bootOrder: 2\n disk:\n bus: virtio # <2>\n name: datadisk\n interfaces:\n - bridge: {}\n name: ovs-bridge0\n # <3> In the above section \"Check the Boot Type of Windows\"\n # If using UEFI, add the following information\n # \u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\n features:\n smm:\n enabled: true\n firmware:\n bootloader:\n efi:\n secureBoot: false\n # \u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\n machine:\n type: q35\n resources:\n requests:\n memory: 4Gi\n networks:\n - multus:\n default: true\n networkName: kube-system/test1\n name: ovs-bridge0\n volumes:\n - dataVolume:\n name: export-window-21-rootdisk\n name: rootdisk\n - dataVolume:\n name: export-window-21-datadisk\n name: datadisk\n
"},{"location":"en/admin/virtnest/best-practice/import-windows.html#access-and-verify-via-rdp","title":"Access and Verify via RDP","text":"Use an RDP client to connect to the virtual machine. Log in with the default account admin
and password dangerous!123
.
Verify network access and data disk data
This document will explain how to create a Windows virtual machine via the command line.
"},{"location":"en/admin/virtnest/best-practice/vm-windows.html#prerequisites","title":"Prerequisites","text":"Creating a Windows virtual machine requires importing an ISO image primarily to install the Windows operating system. Unlike Linux operating systems, the Windows installation process usually involves booting from an installation disc or ISO image file. Therefore, when creating a Windows virtual machine, it is necessary to first import the installation ISO image of the Windows operating system so that the virtual machine can be installed properly.
Here are two methods for importing ISO images:
(Recommended) Creating a Docker image. It is recommended to refer to building images.
(Not recommended) Using virtctl to import the image into a Persistent Volume Claim (PVC).
You can refer to the following command:
virtctl image-upload -n <namespace> pvc <PVC name> \\\n --image-path=<ISO file path> \\\n --access-mode=ReadWriteOnce \\\n --size=6G \\\n --uploadproxy-url=<https://cdi-uploadproxy ClusterIP and port> \\\n --force-bind \\\n --insecure \\\n --wait-secs=240 \\\n --storage-class=<SC>\n
For example:
virtctl image-upload -n <namespace> pvc <PVC name> \\\n --image-path=<ISO file path> \\\n --access-mode=ReadWriteOnce \\\n --size=6G \\\n --uploadproxy-url=<https://cdi-uploadproxy ClusterIP and port> \\\n --force-bind \\\n --insecure \\\n --wait-secs=240 \\\n --storage-class=<SC>\n
Creating a Windows virtual machine using YAML is more flexible and easier to write and maintain. Below are three reference YAML examples:
(Recommended) Using Virtio drivers + Docker image:
apiVersion: kubevirt.io/v1\nkind: VirtualMachine\nmetadata:\n annotations:\n kubevirt.io/latest-observed-api-version: v1\n kubevirt.io/storage-observed-api-version: v1\n labels:\n virtnest.io/os-family: Windows\n virtnest.io/os-version: '10'\n name: windows10-virtio\n namespace: default\nspec:\n dataVolumeTemplates:\n - metadata:\n name: win10-system-virtio\n namespace: default\n spec:\n pvc:\n accessModes:\n - ReadWriteOnce\n resources:\n requests:\n storage: 32Gi\n storageClassName: local-path\n source:\n blank: {}\n running: true\n template:\n metadata:\n labels:\n app: windows10-virtio\n version: v1\n kubevirt.io/domain: windows10-virtio\n spec:\n architecture: amd64\n domain:\n cpu:\n cores: 8\n sockets: 1\n threads: 1\n devices:\n disks:\n - bootOrder: 1\n disk:\n bus: virtio # Use virtio\n name: win10-system-virtio \n - bootOrder: 2\n cdrom:\n bus: sata # Use sata for ISO image\n name: iso-win10\n - bootOrder: 3\n cdrom:\n bus: sata # Use sata for containerdisk\n name: virtiocontainerdisk\n interfaces:\n - name: default\n masquerade: {}\n machine:\n type: q35\n resources:\n requests:\n memory: 8G\n networks:\n - name: default\n pod: {}\n volumes:\n - name: iso-win10\n persistentVolumeClaim:\n claimName: iso-win10\n - name: win10-system-virtio\n persistentVolumeClaim:\n claimName: win10-system-virtio\n - containerDisk:\n image: kubevirt/virtio-container-disk\n name: virtiocontainerdisk\n
(Not recommended) Using a combination of Virtio drivers and virtctl tool to import the image into a Persistent Volume Claim (PVC).
apiVersion: kubevirt.io/v1\nkind: VirtualMachine\nmetadata:\n annotations:\n kubevirt.io/latest-observed-api-version: v1\n kubevirt.io/storage-observed-api-version: v1\n labels:\n virtnest.io/os-family: Windows\n virtnest.io/os-version: '10'\n name: windows10-virtio\n namespace: default\nspec:\n dataVolumeTemplates:\n - metadata:\n name: win10-system-virtio\n namespace: default\n spec:\n pvc:\n accessModes:\n - ReadWriteOnce\n resources:\n requests:\n storage: 32Gi\n storageClassName: local-path\n source:\n blank: {}\n running: true\n template:\n metadata:\n labels:\n app: windows10-virtio\n version: v1\n kubevirt.io/domain: windows10-virtio\n spec:\n architecture: amd64\n domain:\n cpu:\n cores: 8\n sockets: 1\n threads: 1\n devices:\n disks:\n - bootOrder: 1\n # Use virtio\n disk:\n bus: virtio\n name: win10-system-virtio\n # Use sata for ISO image\n - bootOrder: 2\n cdrom:\n bus: sata\n name: iso-win10\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 # Use sata for containerdisk\n - bootOrder: 3\n cdrom:\n bus: sata\n name: virtiocontainerdisk\n interfaces:\n - name: default\n masquerade: {}\n machine:\n type: q35\n resources:\n requests:\n memory: 8G\n networks:\n - name: default\n pod: {}\n volumes:\n - name: iso-win10\n persistentVolumeClaim:\n claimName: iso-win10\n - name: win10-system-virtio\n persistentVolumeClaim:\n claimName: win10-system-virtio\n - containerDisk:\n image: kubevirt/virtio-container-disk\n name: virtiocontainerdisk\n
(Not recommended) In a scenario where Virtio drivers are not used, importing the image into a Persistent Volume Claim (PVC) using the virtctl tool. The virtual machine may use other types of drivers or default drivers to operate disk and network devices.
apiVersion: kubevirt.io/v1\nkind: VirtualMachine\nmetadata:\n annotations:\n kubevirt.io/latest-observed-api-version: v1\n kubevirt.io/storage-observed-api-version: v1\n labels:\n virtnest.io/os-family: Windows\n virtnest.io/os-version: '10'\n name: windows10\n namespace: default\nspec:\n dataVolumeTemplates:\n # Create multiple PVC (disks) for system disk\n - metadata:\n name: win10-system\n namespace: default\n spec:\n pvc:\n accessModes:\n - ReadWriteOnce\n resources:\n requests:\n storage: 32Gi\n storageClassName: local-path\n source:\n blank: {}\n running: true\n template:\n metadata:\n labels:\n app: windows10\n version: v1\n kubevirt.io/domain: windows10\n spec:\n architecture: amd64\n domain:\n cpu:\n cores: 8\n sockets: 1\n threads: 1\n devices:\n disks:\n - bootOrder: 1\n # Use sata without virtio driver\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0cdrom:\n bus: sata\n name: win10-system\n # Use sata for ISO\n - bootOrder: 2\n cdrom:\n bus: sata\n name: iso-win10\n interfaces:\n - name: default\n masquerade: {}\n machine:\n type: q35\n resources:\n requests:\n memory: 8G\n networks:\n - name: default\n pod: {}\n volumes:\n - name: iso-win10\n persistentVolumeClaim:\n claimName: iso-win10\n - name: win10-system\n persistentVolumeClaim:\n claimName: win10-system\n
For Windows virtual machines, remote desktop control access is often required. It is recommended to use Microsoft Remote Desktop to control your virtual machine.
Note
Adding a data disk to a Windows virtual machine follows the same process as adding one to a Linux virtual machine. You can refer to the provided YAML example for guidance.
apiVersion: kubevirt.io/v1\n kind: VirtualMachine\n <...>\n spec:\n dataVolumeTemplates:\n # Add a data disk\n - metadata:\n name: win10-disk\n namespace: default\n spec:\n pvc:\n accessModes:\n - ReadWriteOnce\n resources:\n requests:\n storage: 16Gi\n storageClassName: hwameistor-storage-lvm-hdd\n source:\n blank: {}\n template:\n spec:\n domain:\n devices:\n disks:\n - bootOrder: 1\n disk:\n bus: virtio\n name: win10-system\n # Add a data disk\n - bootOrder: 2\n disk:\n bus: virtio\n name: win10-disk\n <....>\n volumes:\n <....>\n # Add a data disk\n - name: win10-disk\n persistentVolumeClaim:\n claimName: win10-disk\n
"},{"location":"en/admin/virtnest/best-practice/vm-windows.html#snapshots-cloning-live-migration","title":"Snapshots, Cloning, Live Migration","text":"These capabilities are consistent with Linux virtual machines and can be configured using the same methods.
"},{"location":"en/admin/virtnest/best-practice/vm-windows.html#access-your-windows-virtual-machine","title":"Access Your Windows Virtual Machine","text":"After successful creation, access the virtual machine list page to confirm that the virtual machine is running properly.
Click the console access (VNC) to access it successfully.
This page will explain the prerequisites for configuring GPU when creating a virtual machine.
The key to configuring GPU for virtual machines is to configure the GPU Operator to deploy different software components on the worker nodes, depending on the GPU workload configuration. Here are three example nodes:
The worker nodes can run GPU-accelerated containers, virtual machines with GPU passthrough, or virtual machines with vGPU. However, a combination of any of these is not supported.
To enable GPU passthrough, the cluster nodes need to have IOMMU enabled. Refer to How to Enable IOMMU. If your cluster is running on a virtual machine, please consult your virtual machine platform provider.
"},{"location":"en/admin/virtnest/gpu/vm-gpu.html#label-the-cluster-nodes","title":"Label the Cluster Nodes","text":"Go to Container Management, select your worker cluster, click Node Management, and then click Modify Labels in the action bar to add labels to the nodes. Each node can only have one label.
You can assign the following values to the labels: container, vm-passthrough, and vm-vgpu.
"},{"location":"en/admin/virtnest/gpu/vm-gpu.html#install-nvidia-operator","title":"Install Nvidia Operator","text":"Go to Container Management, select your worker cluster, click Helm Apps -> Helm Chart , and choose and install gpu-operator. Modify the relevant fields in the yaml.
gpu-operator.sandboxWorkloads.enabled=true\ngpu-operator.vfioManager.enabled=true\ngpu-operator.sandboxDevicePlugin.enabled=true\ngpu-operator.sandboxDevicePlugin.version=v1.2.4 // version should be >= v1.2.4\ngpu-operator.toolkit.version=v1.14.3-ubuntu20.04\n
Wait for the installation to succeed, as shown in the following image:
Install virtnest-agent, refer to Install virtnest-agent.
Add vGPU and GPU passthrough to the Virtnest Kubevirt CR. The following example shows the relevant yaml after adding vGPU and GPU passthrough:
spec:\n configuration:\n developerConfiguration:\n featureGates:\n - GPU\n - DisableMDEVConfiguration\n permittedHostDevices: # (1)!\n mediatedDevices: # (2)!\n - mdevNameSelector: GRID P4-1Q\n resourceName: nvidia.com /GRID_P4-1Q\n pciHostDevices: # (3)!\n - externalResourceProvider: true\n pciVendorSelector: 10DE:1BB3\n resourceName: nvidia.com /GP104GL_TESLA_P4\n
In the kubevirt CR yaml, permittedHostDevices
is used to import VM devices. For vGPU, mediatedDevices needs to be added, with the following structure:
mediatedDevices: \n- mdevNameSelector: GRID P4-1Q # (1)!\n resourceName: nvidia.com/GRID_P4-1Q # (2)!\n
For GPU passthrough, pciHostDevices needs to be added under permittedHostDevices
, with the following structure:
pciHostDevices: \n- externalResourceProvider: true # (1)!\n pciVendorSelector: 10DE:1BB3 # (2)!\n resourceName: nvidia.com/GP104GL_TESLA_P4 # (3)!\n
Example of obtaining vGPU information (only applicable to vGPU): View the node information on the node marked as nvidia.com/gpu.workload.config=vm-gpu
, such as work-node-2
, in the Capacity section, nvidia.com/GRID_P4-1Q: 8
indicates the available vGPU:
kubectl describe node work-node-2\n
Capacity:\n cpu: 64\n devices.kubevirt.io/kvm: 1k\n devices.kubevirt.io/tun: 1k\n devices.kubevirt.io/vhost-net: 1k\n ephemeral-storage: 102626232Ki\n hugepages-1Gi: 0\n hugepages-2Mi: 0\n memory: 264010840Ki\n nvidia.com/GRID_P4-1Q : 8\n pods: 110\nAllocatable:\n cpu: 64\n devices.kubevirt.io/kvm: 1k\n devices.kubevirt.io/tun: 1k\n devices.kubevirt.io/vhost-net: 1k\n ephemeral-storage: 94580335255\n hugepages-1Gi: 0\n hugepages-2Mi: 0\n memory: 263908440Ki\n nvidia.com/GRID_P4-1Q: 8\n pods: 110\n
In this case, the mdevNameSelector should be \"GRID P4-1Q\" and the resourceName should be \"GRID_P4-1Q\".
Get GPU passthrough information: On the node marked as nvidia.com/gpu.workload.config=vm-passthrough
(work-node-1 in this example), view the node information. In the Capacity section, nvidia.com/GP104GL_TESLA_P4: 2
represents the available vGPU:
kubectl describe node work-node-1\n
Capacity:\n cpu: 64\n devices.kubevirt.io/kvm: 1k\n devices.kubevirt.io/tun: 1k\n devices.kubevirt.io/vhost-net: 1k\n ephemeral-storage: 102626232Ki\n hugepages-1Gi: 0\n hugepages-2Mi: 0\n memory: 264010840Ki\n nvidia.com/GP104GL_TESLA_P4: 2\n pods: 110\nAllocatable:\n cpu: 64\n devices.kubevirt.io/kvm: 1k\n devices.kubevirt.io/tun: 1k\n devices.kubevirt.io/vhost-net: 1k\n ephemeral-storage: 94580335255\n hugepages-1Gi: 0\n hugepages-2Mi: 0\n memory: 263908440Ki\n nvidia.com/GP104GL_TESLA_P4: 2\n pods: 110\n
The resourceName should be \"GRID_P4-1Q\". How to obtain the pciVendorSelector? Use SSH to log in to the target node work-node-1 and use the lspci -nnk -d 10de:
command to obtain the Nvidia GPU PCI information, as shown below: The red box indicates the pciVendorSelector information.
Edit the kubevirt CR note: If there are multiple GPUs of the same model, you only need to write one in the CR, there is no need to list every GPU.
kubectl -n virtnest-system edit kubevirt kubevirt\n
spec:\n configuration:\n developerConfiguration:\n featureGates:\n - GPU\n - DisableMDEVConfiguration\n permittedHostDevices: # (1)!\n mediatedDevices: # (2)!\n - mdevNameSelector: GRID P4-1Q\n resourceName: nvidia.com/GRID_P4-1Q\n pciHostDevices: # (3)!\n - externalResourceProvider: true\n pciVendorSelector: 10DE:1BB3\n resourceName: nvidia.com/GP104GL_TESLA_P4 \n
The only difference from a regular virtual machine is adding GPU-related information in the devices section.
Click to view the complete YAMLapiVersion: kubevirt.io/v1\nkind: VirtualMachine\nmetadata:\n name: testvm-gpu1\n namespace: default\nspec:\n dataVolumeTemplates:\n - metadata:\n creationTimestamp: null\n name: systemdisk-testvm-gpu1\n namespace: default\n spec:\n pvc:\n accessModes:\n - ReadWriteOnce\n resources:\n requests:\n storage: 10Gi\n storageClassName: www\n source:\n registry:\n url: docker://release-ci.daocloud.io/virtnest/system-images/debian-12-x86_64:v1\nrunStrategy: Manual\ntemplate:\n metadata:\n creationTimestamp: null\n spec:\n domain:\n cpu:\n cores: 1\n sockets: 1\n threads: 1\n devices:\n disks:\n - bootOrder: 1\n disk:\n bus: virtio\n name: systemdisk-testvm-gpu1\n - disk:\n bus: virtio\n name: cloudinitdisk\n gpus:\n - deviceName: nvidia.com/GP104GL_TESLA_P4\n name: gpu-0-0\n - deviceName: nvidia.com/GP104GL_TESLA_P4\n name: gpu-0-1\n interfaces:\n - masquerade: {}\n name: default\n machine:\n type: q35\n resources:\n requests:\n memory: 2Gi\n networks:\n - name: default\n pod: {}\n volumes:\n - dataVolume:\n name: systemdisk-testvm-gpu1\n name: systemdisk-testvm-gpu1\n - cloudInitNoCloud:\n userDataBase64: I2Nsb3VkLWNvbmZpZwpzc2hfcHdhdXRoOiB0cnVlCmRpc2FibGVfcm9vdDogZmFsc2UKY2hwYXNzd2Q6IHsibGlzdCI6ICJyb290OmRhbmdlcm91cyIsIGV4cGlyZTogRmFsc2V9CgoKcnVuY21kOgogIC0gc2VkIC1pICIvI1w/UGVybWl0Um9vdExvZ2luL3MvXi4qJC9QZXJtaXRSb290TG9naW4geWVzL2ciIC9ldGMvc3NoL3NzaGRfY29uZmlnCiAgLSBzeXN0ZW1jdGwgcmVzdGFydCBzc2guc2VydmljZQ==\n name: cloudinitdisk\n
"},{"location":"en/admin/virtnest/gpu/vm-vgpu.html","title":"Configure GPU (vGPU) for Virtual Machines","text":"This page will explain the prerequisites for configuring GPU when creating a virtual machine.
The key to configuring GPU for virtual machines is to configure the GPU Operator to deploy different software components on the worker nodes, depending on the GPU workload configuration. Here are three example nodes:
The worker nodes can run GPU-accelerated containers, virtual machines with GPU passthrough, or virtual machines with vGPU. However, a combination of any of these is not supported.
To enable GPU passthrough, the cluster nodes need to have IOMMU enabled. Please refer to How to Enable IOMMU. If your cluster is running on a virtual machine, please consult your virtual machine platform provider.
"},{"location":"en/admin/virtnest/gpu/vm-vgpu.html#build-vgpu-manager-image","title":"Build vGPU Manager Image","text":"Note: This step is only required when using NVIDIA vGPU. If you plan to use GPU passthrough only, skip this section.
Follow these steps to build the vGPU Manager image and push it to the container registry:
Download the vGPU software from the NVIDIA Licensing Portal.
NVIDIA-Linux-x86_64-<version>-vgpu-kvm.run
).Open a terminal and clone the container-images/driver repository.
git clone https://gitlab.com/nvidia/container-images/driver cd driver\n
Switch to the vgpu-manager directory proper to your operating system.
cd vgpu-manager/<your-os>\n
Copy the .run file extracted in step 1 to the current directory.
cp <local-driver-download-directory>/*-vgpu-kvm.run ./\n
Set the environment variables.
export PRIVATE_REGISTRY=my/private/registry VERSION=510.73.06 OS_TAG=ubuntu22.04 CUDA_VERSION=12.2.0\n
Build the NVIDIA vGPU Manager Image.
docker build \\\n --build-arg DRIVER_VERSION=${VERSION} \\\n --build-arg CUDA_VERSION=${CUDA_VERSION} \\\n -t ${PRIVATE_REGISTRY}``/vgpu-manager``:${VERSION}-${OS_TAG} .\n
Push the NVIDIA vGPU Manager image to your container registry.
docker push ${PRIVATE_REGISTRY}/vgpu-manager:${VERSION}-${OS_TAG}\n
Go to Container Management, select your worker cluster, click Node Management, and then click Modify Labels in the action bar to add labels to the nodes. Each node can only have one label.
You can assign the following values to the labels: container, vm-passthrough, and vm-vgpu.
"},{"location":"en/admin/virtnest/gpu/vm-vgpu.html#install-nvidia-operator","title":"Install Nvidia Operator","text":"Go to Container Management, select your worker cluster, click Helm Apps -> Helm Chart, and choose and install gpu-operator. Modify the relevant fields in the yaml.
gpu-operator.sandboxWorkloads.enabled=true\ngpu-operator.vgpuManager.enabled=true\ngpu-operator.vgpuManager.repository=<your-register-url> # (1)!\ngpu-operator.vgpuManager.image=vgpu-manager\ngpu-operator.vgpuManager.version=<your-vgpu-manager-version> # (2)!\ngpu-operator.vgpuDeviceManager.enabled=true\n
Wait for the installation to succeed, as shown in the following image:
Install virtnest-agent, refer to Install virtnest-agent.
Add vGPU and GPU passthrough to the Virtnest Kubevirt CR. The following example shows the relevant yaml after adding vGPU and GPU passthrough:
spec:\n configuration:\n developerConfiguration:\n featureGates:\n - GPU\n - DisableMDEVConfiguration\n permittedHostDevices: # (1)!\n mediatedDevices: # (2)!\n - mdevNameSelector: GRID P4-1Q\n resourceName: nvidia.com /GRID_P4-1Q\n pciHostDevices: # (3)!\n - externalResourceProvider: true\n pciVendorSelector: 10DE:1BB3\n resourceName: nvidia.com /GP104GL_TESLA_P4\n
In the kubevirt CR yaml, permittedHostDevices
is used to import VM devices. For vGPU, mediatedDevices needs to be added, with the following structure:
mediatedDevices: \n- mdevNameSelector: GRID P4-1Q # (1)!\n resourceName: nvidia.com/GRID_P4-1Q # (2)!\n
For GPU passthrough, pciHostDevices needs to be added under permittedHostDevices
, with the following structure:
pciHostDevices: \n- externalResourceProvider: true # (1)!\n pciVendorSelector: 10DE:1BB3 # (2)!\n resourceName: nvidia.com/GP104GL_TESLA_P4 # (3)!\n
Example of obtaining vGPU information (only applicable to vGPU): View the node information on the node marked as nvidia.com/gpu.workload.config=vm-gpu
, such as work-node-2
, in the Capacity section, nvidia.com/GRID_P4-1Q: 8
indicates the available vGPU:
kubectl describe node work-node-2\n
Capacity:\n cpu: 64\n devices.kubevirt.io/kvm: 1k\n devices.kubevirt.io/tun: 1k\n devices.kubevirt.io/vhost-net: 1k\n ephemeral-storage: 102626232Ki\n hugepages-1Gi: 0\n hugepages-2Mi: 0\n memory: 264010840Ki\n nvidia.com/GRID_P4-1Q : 8\n pods: 110\nAllocatable:\n cpu: 64\n devices.kubevirt.io/kvm: 1k\n devices.kubevirt.io/tun: 1k\n devices.kubevirt.io/vhost-net: 1k\n ephemeral-storage: 94580335255\n hugepages-1Gi: 0\n hugepages-2Mi: 0\n memory: 263908440Ki\n nvidia.com/GRID_P4-1Q: 8\n pods: 110\n
In this case, the mdevNameSelector should be \"GRID P4-1Q\" and the resourceName should be \"GRID_P4-1Q\".
Get GPU passthrough information: On the node marked as nvidia.com/gpu.workload.config=vm-passthrough
(work-node-1 in this example), view the node information. In the Capacity section, nvidia.com/GP104GL_TESLA_P4: 2
represents the available vGPU:
kubectl describe node work-node-1\n
Capacity:\n cpu: 64\n devices.kubevirt.io/kvm: 1k\n devices.kubevirt.io/tun: 1k\n devices.kubevirt.io/vhost-net: 1k\n ephemeral-storage: 102626232Ki\n hugepages-1Gi: 0\n hugepages-2Mi: 0\n memory: 264010840Ki\n nvidia.com/GP104GL_TESLA_P4: 2\n pods: 110\nAllocatable:\n cpu: 64\n devices.kubevirt.io/kvm: 1k\n devices.kubevirt.io/tun: 1k\n devices.kubevirt.io/vhost-net: 1k\n ephemeral-storage: 94580335255\n hugepages-1Gi: 0\n hugepages-2Mi: 0\n memory: 263908440Ki\n nvidia.com/GP104GL_TESLA_P4: 2\n pods: 110\n
The resourceName should be \"GRID_P4-1Q\". How to obtain the pciVendorSelector? SSH into the target node work-node-1 and use the lspci -nnk -d 10de:
command to obtain the Nvidia GPU PCI information, as shown below: The red box indicates the pciVendorSelector information.
Edit the kubevirt CR note: If there are multiple GPUs of the same model, you only need to write one in the CR, there is no need to list every GPU.
kubectl -n virtnest-system edit kubevirt kubevirt\n
spec:\n configuration:\n developerConfiguration:\n featureGates:\n - GPU\n - DisableMDEVConfiguration\n permittedHostDevices: # (1)!\n mediatedDevices: # (2)!\n - mdevNameSelector: GRID P4-1Q\n resourceName: nvidia.com/GRID_P4-1Q\n pciHostDevices: # (3)!\n - externalResourceProvider: true\n pciVendorSelector: 10DE:1BB3\n resourceName: nvidia.com/GP104GL_TESLA_P4 \n
The only difference from a regular virtual machine is adding the gpu-related information in the devices section.
Click to view the complete YAMLapiVersion: kubevirt.io/v1\nkind: VirtualMachine\nmetadata:\n name: testvm-gpu1\n namespace: default\nspec:\n dataVolumeTemplates:\n - metadata:\n creationTimestamp: null\n name: systemdisk-testvm-gpu1\n namespace: default\n spec:\n pvc:\n accessModes:\n - ReadWriteOnce\n resources:\n requests:\n storage: 10Gi\n storageClassName: www\n source:\n registry:\n url: docker://release-ci.daocloud.io/virtnest/system-images/debian-12-x86_64:v1\nrunStrategy: Manual\ntemplate:\n metadata:\n creationTimestamp: null\n spec:\n domain:\n cpu:\n cores: 1\n sockets: 1\n threads: 1\n devices:\n disks:\n - bootOrder: 1\n disk:\n bus: virtio\n name: systemdisk-testvm-gpu1\n - disk:\n bus: virtio\n name: cloudinitdisk\n gpus:\n - deviceName: nvidia.com/GP104GL_TESLA_P4\n name: gpu-0-0\n - deviceName: nvidia.com/GP104GL_TESLA_P4\n name: gpu-0-1\n interfaces:\n - masquerade: {}\n name: default\n machine:\n type: q35\n resources:\n requests:\n memory: 2Gi\n networks:\n - name: default\n pod: {}\n volumes:\n - dataVolume:\n name: systemdisk-testvm-gpu1\n name: systemdisk-testvm-gpu1\n - cloudInitNoCloud:\n userDataBase64: I2Nsb3VkLWNvbmZpZwpzc2hfcHdhdXRoOiB0cnVlCmRpc2FibGVfcm9vdDogZmFsc2UKY2hwYXNzd2Q6IHsibGlzdCI6ICJyb290OmRhbmdlcm91cyIsIGV4cGlyZTogRmFsc2V9CgoKcnVuY21kOgogIC0gc2VkIC1pICIvI1w/UGVybWl0Um9vdExvZ2luL3MvXi4qJC9QZXJtaXRSb290TG9naW4geWVzL2ciIC9ldGMvc3NoL3NzaGRfY29uZmlnCiAgLSBzeXN0ZW1jdGwgcmVzdGFydCBzc2guc2VydmljZQ==\n name: cloudinitdisk\n
"},{"location":"en/admin/virtnest/install/index.html","title":"Install Virtual Machine Module","text":"This page explains how to install the virtual machine module.
Info
The term virtnest appearing in the following commands or scripts is the internal development code name for the Virtual Machine module.
"},{"location":"en/admin/virtnest/install/index.html#configure-helm-repo","title":"Configure Helm Repo","text":"Helm-charts repository address: https://release.daocloud.io/harbor/projects/10/helm-charts/virtnest/versions
helm repo add virtnest-release https://release.daocloud.io/chartrepo/virtnest\nhelm repo update virtnest-release\n
If you want to experience the latest development version of virtnest, then please add the following repository address (the development version of virtnest is extremely unstable).
helm repo add virtnest-release-ci https://release-ci.daocloud.io/chartrepo/virtnest\nhelm repo update virtnest-release-ci\n
"},{"location":"en/admin/virtnest/install/index.html#choose-a-version-that-you-want-to-install","title":"Choose a Version that You Want to Install","text":"It is recommended to install the latest version.
[root@master ~]# helm search repo virtnest-release/virtnest --versions\nNAME CHART VERSION APP VERSION DESCRIPTION\nvirtnest-release/virtnest 0.6.0 v0.6.0 A Helm chart for virtnest\n
"},{"location":"en/admin/virtnest/install/index.html#create-a-namespace","title":"Create a Namespace","text":"kubectl create namespace virtnest-system\n
"},{"location":"en/admin/virtnest/install/index.html#perform-installation-steps","title":"Perform Installation Steps","text":"helm install virtnest virtnest-release/virtnest -n virtnest-system --version 0.6.0\n
"},{"location":"en/admin/virtnest/install/index.html#upgrade","title":"Upgrade","text":""},{"location":"en/admin/virtnest/install/index.html#update-the-virtnest-helm-repository","title":"Update the virtnest Helm Repository","text":"helm repo update virtnest-release\n
"},{"location":"en/admin/virtnest/install/index.html#back-up-the-set-parameters","title":"Back up the --set Parameters","text":"Before upgrading the virtnest version, we recommend executing the following command to backup the --set parameters of the previous version
helm get values virtnest -n virtnest-system -o yaml > bak.yaml\n
"},{"location":"en/admin/virtnest/install/index.html#perform-helm-upgrade","title":"Perform Helm Upgrade","text":"helm upgrade virtnest virtnest-release/virtnest \\\n -n virtnest-system \\\n -f ./bak.yaml \\\n --version 0.6.0\n
"},{"location":"en/admin/virtnest/install/index.html#delete","title":"Delete","text":"helm delete virtnest -n virtnest-system\n
"},{"location":"en/admin/virtnest/install/install-dependency.html","title":"Dependencies and Prerequisites","text":"This page explains the dependencies and prerequisites for installing virtual machine.
Info
The term virtnest mentioned in the commands or scripts below is the internal development codename for the Global Management module.
"},{"location":"en/admin/virtnest/install/install-dependency.html#prerequisites","title":"Prerequisites","text":""},{"location":"en/admin/virtnest/install/install-dependency.html#kernel-version-being-above-v411","title":"Kernel version being above v4.11","text":"The kernel version of all nodes in the target cluster needs to be higher than v4.11. For detail information, see kubevirt issue. Run the following command to see the version:
uname -a\n
Example output:
Linux master 6.5.3-1.el7.elrepo.x86_64 #1 SMP PREEMPT_DYNAMIC Wed Sep 13 11:46:28 EDT 2023 x86_64 x86_64 x86_64 GNU/Linux\n
"},{"location":"en/admin/virtnest/install/install-dependency.html#cpu-supporting-x86-64-v2-instruction-set-or-higher","title":"CPU supporting x86-64-v2 instruction set or higher","text":"You can use the following script to check if the current node's CPU is usable:
Note
If you encounter a message like the one shown below, you can safely ignore it as it does not impact the final result.
\u793a\u4f8b$ sh detect-cpu.sh\ndetect-cpu.sh: line 3: fpu: command not found\n
cat <<EOF > detect-cpu.sh\n#!/bin/sh -eu\n\nflags=$(cat /proc/cpuinfo | grep flags | head -n 1 | cut -d: -f2)\n\nsupports_v2='awk \"/cx16/&&/lahf/&&/popcnt/&&/sse4_1/&&/sse4_2/&&/ssse3/ {found=1} END {exit !found}\"'\nsupports_v3='awk \"/avx/&&/avx2/&&/bmi1/&&/bmi2/&&/f16c/&&/fma/&&/abm/&&/movbe/&&/xsave/ {found=1} END {exit !found}\"'\nsupports_v4='awk \"/avx512f/&&/avx512bw/&&/avx512cd/&&/avx512dq/&&/avx512vl/ {found=1} END {exit !found}\"'\n\necho \"$flags\" | eval $supports_v2 || exit 2 && echo \"CPU supports x86-64-v2\"\necho \"$flags\" | eval $supports_v3 || exit 3 && echo \"CPU supports x86-64-v3\"\necho \"$flags\" | eval $supports_v4 || exit 4 && echo \"CPU supports x86-64-v4\"\nEOF\nchmod +x detect-cpu.sh\nsh detect-cpu.sh\n
"},{"location":"en/admin/virtnest/install/install-dependency.html#all-nodes-having-hardware-virtualization-nested-virtualization-enabled","title":"All Nodes having hardware virtualization (nested virtualization) enabled","text":"Run the following command to check if it has been achieved:
virt-host-validate qemu\n
# Successful case\nQEMU: Checking for hardware virtualization : PASS\nQEMU: Checking if device /dev/kvm exists : PASS\nQEMU: Checking if device /dev/kvm is accessible : PASS\nQEMU: Checking if device /dev/vhost-net exists : PASS\nQEMU: Checking if device /dev/net/tun exists : PASS\nQEMU: Checking for cgroup 'cpu' controller support : PASS\nQEMU: Checking for cgroup 'cpuacct' controller support : PASS\nQEMU: Checking for cgroup 'cpuset' controller support : PASS\nQEMU: Checking for cgroup 'memory' controller support : PASS\nQEMU: Checking for cgroup 'devices' controller support : PASS\nQEMU: Checking for cgroup 'blkio' controller support : PASS\nQEMU: Checking for device assignment IOMMU support : PASS\nQEMU: Checking if IOMMU is enabled by kernel : PASS\nQEMU: Checking for secure guest support : WARN (Unknown if this platform has Secure Guest support)\n\n# Failure case\nQEMU: Checking for hardware virtualization : FAIL (Only emulated CPUs are available, performance will be significantly limited)\nQEMU: Checking if device /dev/vhost-net exists : PASS\nQEMU: Checking if device /dev/net/tun exists : PASS\nQEMU: Checking for cgroup 'memory' controller support : PASS\nQEMU: Checking for cgroup 'memory' controller mount-point : PASS\nQEMU: Checking for cgroup 'cpu' controller support : PASS\nQEMU: Checking for cgroup 'cpu' controller mount-point : PASS\nQEMU: Checking for cgroup 'cpuacct' controller support : PASS\nQEMU: Checking for cgroup 'cpuacct' controller mount-point : PASS\nQEMU: Checking for cgroup 'cpuset' controller support : PASS\nQEMU: Checking for cgroup 'cpuset' controller mount-point : PASS\nQEMU: Checking for cgroup 'devices' controller support : PASS\nQEMU: Checking for cgroup 'devices' controller mount-point : PASS\nQEMU: Checking for cgroup 'blkio' controller support : PASS\nQEMU: Checking for cgroup 'blkio' controller mount-point : PASS\nWARN (Unknown if this platform has IOMMU support)\n
Install virt-host-validate:
On CentOSOn Ubuntuyum install -y qemu-kvm libvirt virt-install bridge-utils\n
apt install qemu-kvm libvirt-daemon-system libvirt-clients bridge-utils\n
Methods to enable hardware virtualization
Methods vary from platforms, and this page takes vsphere as an example. See vmware website.
If Docker Engine is used as the container runtime, it must be higher than v20.10.10.
"},{"location":"en/admin/virtnest/install/install-dependency.html#enabling-iommu-is-recommended","title":"Enabling IOMMU is recommended","text":"To prepare for future functions, it is recommended to enable IOMMU.
"},{"location":"en/admin/virtnest/install/offline-install.html","title":"Offline Upgrade of the Virtual Machine Module","text":"This page explains how to install or upgrade the Virtual Machine module after downloading it from the Download Center.
Info
The term \"virtnest\" appearing in the following commands or scripts is the internal development code name for the Virtual Machine module.
"},{"location":"en/admin/virtnest/install/offline-install.html#load-images-from-the-installation-package","title":"Load Images from the Installation Package","text":"You can load the images using one of the following two methods. When there is an container registry available in your environment, it is recommended to choose the chart-syncer method for synchronizing the images to the container registry, as it is more efficient and convenient.
"},{"location":"en/admin/virtnest/install/offline-install.html#synchronize-images-to-the-container-registry-using-chart-syncer","title":"Synchronize Images to the container registry using chart-syncer","text":"Create load-image.yaml file.
Note
All parameters in this YAML file are mandatory. You need a private container registry and modify the relevant configurations.
Chart Repo InstalledChart Repo Not InstalledIf the chart repo is already installed in your environment, chart-syncer also supports exporting the chart as a tgz file.
load-image.yamlsource:\n intermediateBundlesPath: virtnest-offline # (1)\ntarget:\n containerRegistry: 10.16.10.111 # (2)\n containerRepository: release.daocloud.io/virtnest # (3)\n repo:\n kind: HARBOR # (4)\n url: http://10.16.10.111/chartrepo/release.daocloud.io # (5)\n auth:\n username: \"admin\" # (6)\n password: \"Harbor12345\" # (7)\n containers:\n auth:\n username: \"admin\" # (8)\n password: \"Harbor12345\" # (9)\n
If the chart repo is not installed in your environment, chart-syncer also supports exporting the chart as a tgz file and storing it in the specified path.
load-image.yamlsource:\n intermediateBundlesPath: virtnest-offline # (1)\ntarget:\n containerRegistry: 10.16.10.111 # (2)\n containerRepository: release.daocloud.io/virtnest # (3)\n repo:\n kind: LOCAL\n path: ./local-repo # (4)\n containers:\n auth:\n username: \"admin\" # (5)\n password: \"Harbor12345\" # (6)\n
Run the command to synchronize the images.
charts-syncer sync --config load-image.yaml\n
Unpack and load the image files.
Unpack the tar archive.
tar xvf virtnest.bundle.tar\n
After successful extraction, you will have three files:
Load the images from the local file to Docker or containerd.
Dockercontainerddocker load -i images.tar\n
ctr -n k8s.io image import images.tar\n
Note
Perform the Docker or containerd image loading operation on each node. After loading is complete, tag the images to match the Registry and Repository used during installation.
"},{"location":"en/admin/virtnest/install/offline-install.html#upgrade","title":"Upgrade","text":"There are two upgrade methods available. You can choose the appropriate upgrade method based on the prerequisites:
Upgrade via helm repoUpgrade via chart packageCheck if the Virtual Machine Helm repository exists.
helm repo list | grep virtnest\n
If the result is empty or shows the following message, proceed to the next step. Otherwise, skip the next step.
Error: no repositories to show\n
Add the Virtual Machine Helm repository.
helm repo add virtnest http://{harbor url}/chartrepo/{project}\n
Update the Virtual Machine Helm repository.
helm repo update virtnest # (1)\n
helm update repo
.Choose the version of the Virtual Machine you want to install (it is recommended to install the latest version).
helm search repo virtnest/virtnest --versions\n
[root@master ~]# helm search repo virtnest/virtnest --versions\nNAME CHART VERSION APP VERSION DESCRIPTION\nvirtnest/virtnest 0.2.0 v0.2.0 A Helm chart for virtnest\n...\n
Back up the --set
parameters.
Before upgrading the Virtual Machine version, it is recommended to run the following command to backup the --set
parameters of the previous version.
helm get values virtnest -n virtnest-system -o yaml > bak.yaml\n
Update the virtnest CRDs.
helm pull virtnest/virtnest --version 0.2.0 && tar -zxf virtnest-0.2.0.tgz\nkubectl apply -f virtnest/crds\n
Run helm upgrade
.
Before upgrading, it is recommended to replace the global.imageRegistry
field in bak.yaml with the current container registry address.
export imageRegistry={your container registry}\n
helm upgrade virtnest virtnest/virtnest \\\n -n virtnest-system \\\n -f ./bak.yaml \\\n --set global.imageRegistry=$imageRegistry \\\n --version 0.2.0\n
Back up the --set
parameters.
Before upgrading the Virtual Machine version, it is recommended to run the following command to backup the --set
parameters of the previous version.
helm get values virtnest -n virtnest-system -o yaml > bak.yaml\n
Update the virtnest CRDs.
kubectl apply -f ./crds\n
Run helm upgrade
.
Before upgrading, it is recommended to replace the global.imageRegistry
field in bak.yaml with the current container registry address.
export imageRegistry={your container registry}\n
helm upgrade virtnest . \\\n -n virtnest-system \\\n -f ./bak.yaml \\\n --set global.imageRegistry=$imageRegistry\n
This guide explains how to install the virtnest-agent in a cluster.
"},{"location":"en/admin/virtnest/install/virtnest-agent.html#prerequisites","title":"Prerequisites","text":"Before installing the virtnest-agent, the following prerequisite must be met:
To utilize the Virtual Machine (VM), the virtnest-agent component needs to be installed in the cluster using Helm.
Click Container Management in the left navigation menu, then click Virtual Machines . If the virtnest-agent component is not installed, you will not be able to use the VM. The interface will display a reminder for you to install within the required cluster.
Select the desired cluster, click Helm Apps in the left navigation menu, then click Helm Charts to view the template list.
Search for the virtnest-agent component, and click to the see details. Select the appropriate version and click Install button to install.
On the installation page, fill in the required information, and click OK to finish the installation.
Go back to the Virtual Machines in the navigation menu. If the installation is successful, you will see the VM list, and you can now use the VM.
This article will explain how to create a virtual machine using two methods: image and YAML file.
Virtual machine, based on KubeVirt, manages virtual machines as cloud native applications, seamlessly integrating with containers. This allows users to easily deploy virtual machine applications and enjoy a smooth experience similar to containerized applications.
"},{"location":"en/admin/virtnest/quickstart/index.html#prerequisites","title":"Prerequisites","text":"Before creating a virtual machine, make sure you meet the following prerequisites:
Follow the steps below to create a virtual machine using an image.
Click Container Management on the left navigation bar, then click Virtual Machines to enter the VM page.
On the virtual machine list page, click Create VMs and select Create with Image.
Fill the basic information, image settings, storage and network, login settings, and click OK at the bottom right corner to complete the creation.
The system will automatically return to the virtual machine list. By clicking the \u2507 button on the right side of the list, you can perform operations such as power on/off, restart, clone, update, create snapshots, console access (VNC), and delete virtual machines. Cloning and snapshot capabilities depend on the selected StorageClass.
In the Create VMs page, enter the information according to the table below and click Next.
Fill in the image-related information according to the table below, then click Next.
Image Source: Supports three types of sources.
The following are the built-in images provided by the platform, including the operating system, version, and the image URL. Custom virtual machine images are also supported.
Operating System Version Image Address CentOS CentOS 7.9 release-ci.daocloud.io/virtnest/system-images/centos-7.9-x86_64:v1 Ubuntu Ubuntu 22.04 release-ci.daocloud.io/virtnest/system-images/ubuntu-22.04-x86_64:v1 Debian Debian 12 release-ci.daocloud.io/virtnest/system-images/debian-12-x86_64:v1Image Secret: Only supports the default (Opaque) type of key, for specific operations you can refer to Create Secret.
The built-in image storage in the bootstrap cluster, and the container registry of the bootstrap cluster is not encrypted, so when selecting the built-in image, there is no need to select a secret.
Note
The hot-plug configuration for CPU and memory requires virtnest v0.10.0 or higher, and virtnest-agent v0.7.0 or higher.
Resource Config: For CPU, it is recommended to use whole numbers. If a decimal is entered, it will be rounded up. The hot-plug configuration for CPU and memory is supported.
GPU Configuration: Enabling GPU functionality requires meeting certain prerequisites. For details, refer to Configuring GPU for Virtual Machines (Nvidia). Virtual machines support two types of Nvidia GPUs: Nvidia-GPU and Nvidia-vGPU. After selecting the desired type, you will need to choose the proper GPU model and the number of cards.
Storage:
Storage is closely related to the function of the virtual machine. Mainly by using Kubernetes' persistent volumes and storage classes, it provides flexible and scalable virtual machine storage capabilities. For example, the virtual machine image is stored in the PVC, and it supports cloning, snapshotting, etc. with other data.
System Disk: The system automatically creates a VirtIO type rootfs system disk for storing the operating system and data.
Data Disk: The data disk is a storage device in the virtual machine used to store user data, application data, or other non-operating system related files. Compared with the system disk, the data disk is optional and can be dynamically added or removed as needed. The capacity of the data disk can also be flexibly configured according to demand.
Block storage is used by default. If you need to use the clone and snapshot functions, make sure that your storage pool has created the proper VolumeSnapshotClass, which you can refer to the following example. If you need to use the live migration function, make sure your storage supports and selects the ReadWriteMany access mode.
In most cases, the storage will not automatically create such a VolumeSnapshotClass during the installation process, so you need to manually create a VolumeSnapshotClass. The following is an example of HwameiStor creating a VolumeSnapshotClass:
kind: VolumeSnapshotClass\napiVersion: snapshot.storage.k8s.io/v1\nmetadata:\n name: hwameistor-storage-lvm-snapshot\n annotations:\n snapshot.storage.kubernetes.io/is-default-class: \"true\"\nparameters:\n snapsize: \"1073741824\"\ndriver: lvm.hwameistor.io\ndeletionPolicy: Delete\n
Run the following command to check if the VolumeSnapshotClass was created successfully.
kubectl get VolumeSnapshotClass\n
View the created Snapshotclass and confirm that the provisioner property is consistent with the Driver property in the storage pool.
Network:
Network setting can be combined as needed according to the table information.
Network Mode CNI Install Spiderpool Network Cards Fixed IP Live Migration Masquerade (NAT) Calico \u274c Single \u274c \u2705 Cilium \u274c Single \u274c \u2705 Flannel \u274c Single \u274c \u2705 Bridge OVS \u2705 Multiple \u2705 \u2705Network modes are divided into Masquerade (NAT) and Bridge, the latter mode need to be installed after the spiderpool component can be used.
Add Network Card
In addition to creating virtual machines using images, you can also create them more quickly using YAML files.
Go to the Virtual Machine list page and click the Create with YAML button.
Click to view an example YAML for creating a virtual machineapiVersion: kubevirt.io/v1\nkind: VirtualMachine\nmetadata:\n name: example\n namespace: default\nspec:\n dataVolumeTemplates:\n - metadata:\n name: systemdisk-example\n spec:\n pvc:\n accessModes:\n - ReadWriteOnce\n resources:\n requests:\n storage: 10Gi\n storageClassName: rook-ceph-block\n source:\n registry:\n url: >-\n docker://release-ci.daocloud.io/virtnest/system-images/centos-7.9-x86_64:v1\n runStrategy: Always\n template:\n spec:\n domain:\n cpu:\n cores: 1\n devices:\n disks:\n - disk:\n bus: virtio\n name: systemdisk-example\n - disk:\n bus: virtio\n name: cloudinitdisk\n interfaces:\n - masquerade: {}\n name: default\n machine:\n type: q35\n resources:\n requests:\n memory: 1Gi\n networks:\n - name: default\n pod: {}\n volumes:\n - dataVolume:\n name: systemdisk-example\n name: systemdisk-example\n
"},{"location":"en/admin/virtnest/quickstart/access.html","title":"Connect to Virtual Machines","text":"This article will introduce two methods for connecting to virtual machines: Console Access (VNC) and Terminal Access.
"},{"location":"en/admin/virtnest/quickstart/access.html#terminal-access","title":"Terminal Access","text":"Accessing virtual machines through the terminal provides more flexibility and lightweight access. However, it does not directly display the graphical interface, has limited interactivity, and does not support multiple concurrent terminal sessions.
Click Container Management in the left navigation bar, then click Virtual Machines to access the list page. Click the \u2507 button on the right side of the list to access the virtual machine via the terminal.
"},{"location":"en/admin/virtnest/quickstart/access.html#console-access-vnc","title":"Console Access (VNC)","text":"Accessing virtual machines through VNC allows you to access and control the full graphical interface of the remote computer. It provides a more interactive experience and allows intuitive operation of the remote device. However, it may have some performance impact, and it does not support multiple concurrent terminal sessions.
Choose VNC for Windows systems.
Click Container Management in the left navigation bar, then click Virtual Machines to access the list page. Click the \u2507 button on the right side of the list to access the virtual machine via Console Access (VNC).
"},{"location":"en/admin/virtnest/quickstart/detail.html","title":"Virtual Machine Details","text":"After successfully creating a virtual machine, you can enter the VM Detail page to view Basic Information, Settings, GPU Settings, Overview, Storage, Network, Snapshot and Event List.
Click Container Management in the left navigation bar, then click Clusters to enter the page of the cluster where the virtual machine is located. Click the VM Name to view the virtual machine details.
"},{"location":"en/admin/virtnest/quickstart/detail.html#basic-information","title":"Basic Information","text":"The basic information of VM includes Status, Alias, Cluster, Namespace, IP, Label, Annotation, Node, Username, Password, and Create Time.
Settings includes:
Bridge
or Masquerade(NAT)
.GPU Settings includes: GPU Type, GPU Model and GPU Counts
"},{"location":"en/admin/virtnest/quickstart/detail.html#other-information","title":"Other Information","text":"OverviewStorageNetworkSnapshotsEvent ListIt allows you to view its insight content. Please note that if insight-agent is not installed, overview information cannot be obtained.
It displays the storage used by the virtual machine, including information about the system disk and data disk.
It displays the network settings of the virtual machine, including Multus CR, NIC Name, IP Address and so on.
If you have created snapshots, this part will display relative information. Restoring the virtual machine from snapshots is supported.
The event list includes various state changes, operation records, and system messages during the lifecycle of the virtual machine.
"},{"location":"en/admin/virtnest/quickstart/nodeport.html","title":"Accessing Virtual Machine via NodePort","text":"This page explains how to access a virtual machine using NodePort.
"},{"location":"en/admin/virtnest/quickstart/nodeport.html#limitations-of-existing-access-methods","title":"Limitations of Existing Access Methods","text":"Virtual machines support access via VNC or console, but both methods have a limitation: they do not allow multiple terminals to be simultaneously online.
Using a NodePort-formatted Service can help solve this problem.
Using the Container Management Page
vm.kubevirt.io/name: your-vm-name
.After successful creation, you can access the virtual machine by using ssh username@nodeip -p port
.
Write the YAML file as follows:
apiVersion: v1\nkind: Service\nmetadata:\n name: test-ssh\nspec:\n ports:\n - name: tcp-ssh\n nodePort: 32090\n protocol: TCP\n port: 22\n targetPort: 22\n selector:\n vm.kubevirt.io/name: test-image-s3\n type: NodePort\n
Run the following command:
kubectl apply -f your-svc.yaml\n
After successful creation, you can access the virtual machine by using ssh username@nodeip -p 32090
.
This page is about how to update a virtual machine using both forms and YAML files.
"},{"location":"en/admin/virtnest/quickstart/update.html#prerequisite","title":"Prerequisite","text":"Before updating the CPU, memory, and data disks of the VM while it is powered on, the following prerequisite must be met:
On the virtual machine list page, click Update to enter the Update VM page.
"},{"location":"en/admin/virtnest/quickstart/update.html#basic-information","title":"Basic Information","text":"On this page, Alias , Label and Annotation can be updated, while other information cannot. After completing the updates, click Next to proceed to the Image Settings page.
"},{"location":"en/admin/virtnest/quickstart/update.html#image-settings","title":"Image Settings","text":"On this page, parameters such as Image Address, Operating System, and Version cannot be changed once selected. Users are allowed to update the GPU Quota, including enabling or disabling GPU support, selecting the GPU type, specifying the required model, and configuring the number of GPU. A restart is required for taking effect. After completing the updates, click Next to proceed to the Storage and Network page.
"},{"location":"en/admin/virtnest/quickstart/update.html#storage-and-network","title":"Storage and Network","text":"On the Storage and Network page, the StorageClass and PVC Mode for the System Disk cannot be changed once selected. You can increase Disk Capacity, but reducing it is not supported. And you can freely add or remove Data Disk. Network updates are not supported. After completing the updates, click Next to proceed to the Login Settings page.
Note
It is recommended to restart the virtual machine after modifying storage capacity or adding data disks to ensure the configuration takes effect.
"},{"location":"en/admin/virtnest/quickstart/update.html#login-settings","title":"Login Settings","text":"On the Login Settings page, Username, Password, and SSH cannot be changed once set. After confirming your login information is correct, click OK to complete the update process.
"},{"location":"en/admin/virtnest/quickstart/update.html#edit-yaml","title":"Edit YAML","text":"In addition to updating the virtual machine via forms, you can also quickly update it using a YAML file.
Go to the virtual machine list page and click the Edit YAML button.
"},{"location":"en/admin/virtnest/template/index.html","title":"Create Virtual Machines via Templates","text":"This guide explains how to create virtual machines using templates.
With internal templates and custom templates, users can easily create new virtual machines. Additionally, we provide the ability to convert existing virtual machines into templates, allowing users to manage and utilize resources more flexibly.
"},{"location":"en/admin/virtnest/template/index.html#create-with-template","title":"Create with Template","text":"Follow these steps to create a virtual machine using a template.
Click Container Management in the left navigation menu, then click Virtual Machines to access the Virtual Machine Management page. On the virtual machine list page, click Create Virtual Machine and select Create with Template .
On the template creation page, fill in the required information, including Basic Information, Template Config, Storage and Network, and Login Settings. Then, click OK in the bottom-right corner to complete the creation.
The system will automatically return to the virtual machine list. By clicking \u2507 on the right side of the list, you can perform operations such as power off/restart, clone, update, create snapshot, convert to template, console access (VNC), and delete. The ability to clone and create snapshots depends on the selected storage pool.
On the Create VMs page, enter the information according to the table below and click Next .
The template list will appear, and you can choose either an internal template or a custom template based on your needs.
Select an Internal Template: AI platform Virtual Machine provides several standard templates that cannot be edited or deleted. When selecting an internal template, the image source, operating system, image address, and other information will be based on the template and cannot be modified. GPU quota will also be based on the template but can be modified.
Select a Custom Template: These templates are created from virtual machine configurations and can be edited or deleted. When using a custom template, you can modify the image source and other information based on your specific requirements.
Storage: By default, the system creates a rootfs system disk of VirtIO type for storing the operating system and data. Block storage is used by default. If you need to use clone and snapshot functionality, make sure your storage pool supports the VolumeSnapshots feature and create it in the storage pool (SC). Please note that the storage pool (SC) has additional prerequisites that need to be met.
Prerequisites:
Supports adding one system disk and multiple data disks.
Network: If no configuration is made, the system will create a VirtIO type network by default.
This guide explains the usage of internal VM templates and custom VM templates.
Using both internal and custom templates, users can easily create new VMs. Additionally, we provide the ability to convert existing VMs into VM templates, allowing users to manage and utilize resources more flexibly.
"},{"location":"en/admin/virtnest/template/tep.html#vm-templates","title":"VM Templates","text":"Click Container Management in the left navigation menu, then click VM Template to access the VM Template page. If the template is converted from a virtual machine configured with a GPU, the template will also include GPU information and will be displayed in the template list.
Click the \u2507 on the right side of a template in the list. For internal templates, you can create VM and view YAML. For custom templates, you can create VM, edit YAML and delete template.
The platform provides CentOS and Ubuntu as templates.
Custom templates are created from VM configurations. The following steps explain how to convert a VM configuration into a template.
Click Container Management in the left navigation menu, then click Virtual Machines to access the list page. Click the \u2507 on the right side of a VM in the list to convert the configuration into a template. Only running or stopped VMs can be converted.
Provide a name for the new template. A notification will indicate that the original VM will be preserved and remain available. After a successful conversion, a new entry will be added to the template list.
After successfully creating a template, you can click the template name to view the details of the VM, including Basic Information, GPU Settings, Storage, Network, and more. If you need to quickly deploy a new VM based on that template, simply click the Create VM button in the upper right corner of the page for easy operation.
"},{"location":"en/admin/virtnest/vm/auto-migrate.html","title":"Automatic VM Drifting","text":"This article will explain how to seamlessly migrate running virtual machines to other nodes when a node in the cluster becomes inaccessible due to power outages or network failures, ensuring business continuity and data security.
Compared to automatic drifting, live migration requires you to manually initiate the migration process through the interface, rather than having the system automatically trigger it.
"},{"location":"en/admin/virtnest/vm/auto-migrate.html#prerequisites","title":"Prerequisites","text":"Before implementing automatic drifting, the following prerequisites must be met:
Check the status of the virtual machine launcher pod:
kubectl get pod\n
Check if the launcher pod is in a Terminating state.
Force delete the launcher pod:
If the launcher pod is in a Terminating state, you can force delete it with the following command:
kubectl delete <launcher pod> --force\n
Replace <launcher pod>
with the name of your launcher pod.
Wait for recreation and check the status:
After deletion, the system will automatically recreate the launcher pod. Wait for its status to become running, then refresh the virtual machine list to see if the VM has successfully migrated to the new node.
If using rook-ceph as storage, it needs to be configured in ReadWriteOnce mode:
After force deleting the pod, you need to wait approximately six minutes for the launcher pod to start, or you can immediately start the pod using the following commands:
kubectl get pv | grep <vm name>\nkubectl get VolumeAttachment | grep <pv name>\n
Replace <vm name>
and <pv name>
with your virtual machine name and persistent volume name.
Then delete the proper VolumeAttachment with the following command:
kubectl delete VolumeAttachment <vm>\n
Replace <vm>
with your virtual machine name.
This article will introduce how to clone a new cloud host.
Users can clone a new cloud host, which will have the same operating system and system configuration as the original cloud host. This enables quick deployment and scaling, allowing for the rapid creation of new cloud hosts with similar configurations without the need to install from scratch.
"},{"location":"en/admin/virtnest/vm/clone.html#prerequisites","title":"Prerequisites","text":"Before using the cloning feature, the following prerequisites must be met (which are the same as those for the snapshot feature):
Click__Container Management__ in the left navigation bar, then click__Cloud Hosts__ to enter the list page. Clickthe \u2507 on the right side of the list to perform snapshot operations on cloud hosts that are not in an error state.
A popup will appear, requiring you to fill in the name and description for the new cloud host being cloned. The cloning operation may take some time, depending on the size of the cloud host and storage performance.
After a successful clone, you can view the new cloud host in the cloud host list. The newly created cloud host will be in a powered-off state and will need to be manually powered on if required.
It is recommended to take a snapshot of the original cloud host before cloning. If you encounter issues during the cloning process, please check whether the prerequisites are met and try to execute the cloning operation again.
When creating a virtual machine using Object Storage (S3) as the image source, sometimes you need to fill in a secret to get through S3's verification. The following will introduce how to create a secret that meets the requirements of the virtual machine.
Click Container Management in the left navigation bar, then click Clusters , enter the details of the cluster where the virtual machine is located, click ConfigMaps & Secrets , select the Secrets , and click Create Secret .
Enter the creation page, fill in the secret name, select the namespace that is the same as the virtual machine, and note that you need to select the default type Opaque . The secret data needs to follow the following principles.
After successful creation, you can use the required secret when creating a virtual machine.
This feature currently does not have a UI, so you can follow the steps in the documentation.
"},{"location":"en/admin/virtnest/vm/cross-cluster-migrate.html#use-cases","title":"Use Cases","text":"Before performing migration of a VM across cluster, the following prerequisites must be met:
To activate the VMExport Feature Gate, run the following command in the original cluster. You can refer to How to activate a feature gate
kubectl edit kubevirt kubevirt -n virtnest-system\n
This command modifies the featureGates
to include VMExport
.
apiVersion: kubevirt.io/v1\nkind: KubeVirt\nmetadata:\n name: kubevirt\n namespace: virtnest-system\nspec:\n configuration:\n developerConfiguration:\n featureGates:\n - DataVolumes\n - LiveMigration\n - VMExport\n
"},{"location":"en/admin/virtnest/vm/cross-cluster-migrate.html#configure-ingress-for-the-original-cluster","title":"Configure Ingress for the Original Cluster","text":"Using Nginx Ingress as an example, configure Ingress to point to the virt-exportproxy
Service:
apiVersion: networking.k8s.io/v1\nkind: Ingress\nmetadata:\n name: ingress-vm-export\n namespace: virtnest-system\nspec:\n tls:\n - hosts:\n - upgrade-test.com\n secretName: nginx-tls\n rules:\n - host: upgrade-test.com\n http:\n paths:\n - path: /\n pathType: Prefix\n backend:\n service:\n name: virt-exportproxy\n port:\n number: 8443\n ingressClassName: nginx\n
"},{"location":"en/admin/virtnest/vm/cross-cluster-migrate.html#migration-steps","title":"Migration Steps","text":"Create a VirtualMachineExport CR.
If cold migration is performed while the VM is powered off :
apiVersion: v1\nkind: Secret\nmetadata:\n name: example-token # Export Token used by the VM\n namespace: default # Namespace where the VM resides\nstringData:\n token: 1234567890ab # Export the used Token (Modifiable)\n\n---\napiVersion: export.kubevirt.io/v1alpha1\nkind: VirtualMachineExport\nmetadata:\n name: example-export # Export name (Modifiable)\n namespace: default # Namespace where the VM resides\nspec:\n tokenSecretRef: example-token # Must match the name of the token created above\n source:\n apiGroup: \"kubevirt.io\"\n kind: VirtualMachine\n name: testvm # VM name\n
If hot migration is performed using a VM snapshot while the VM is powered on :
apiVersion: v1\nkind: Secret\nmetadata:\n name: example-token # Export Token used by VM\n namespace: default # Namespace where the VM resides\nstringData:\n token: 1234567890ab # Export the used Token (Modifiable)\n\n---\napiVersion: export.kubevirt.io/v1alpha1\nkind: VirtualMachineExport\nmetadata:\n name: export-snapshot # Export name (Modifiable)\n namespace: default # Namespace where the VM resides\nspec:\n tokenSecretRef: export-token # Must match the name of the token created above\n source:\n apiGroup: \"snapshot.kubevirt.io\"\n kind: VirtualMachineSnapshot\n name: export-snap-202407191524 # Name of the proper VM snapshot\n
Check if the VirtualMachineExport is ready:
# Replace example-export with the name of the created VirtualMachineExport\nkubectl get VirtualMachineExport example-export -n default\n\nNAME SOURCEKIND SOURCENAME PHASE\nexample-export VirtualMachine testvm Ready\n
Once the VirtualMachineExport is ready, export the VM YAML.
If virtctl is installed, you can use the following command to export the VM YAML:
# Replace example-export with the name of the created VirtualMachineExport\n# Specify the namespace with -n\nvirtctl vmexport download example-export --manifest --include-secret --output=manifest.yaml\n
If virtctl is not installed, you can use the following commands to export the VM YAML:
# Replace example-export with the name and namespace of the created VirtualMachineExport\nmanifesturl=$(kubectl get VirtualMachineExport example-export -n default -o=jsonpath='{.status.links.internal.manifests[0].url}')\nsecreturl=$(kubectl get VirtualMachineExport example-export -n default -o=jsonpath='{.status.links.internal.manifests[1].url}')\n# Replace with the secret name and namespace\ntoken=$(kubectl get secret example-token -n default -o=jsonpath='{.data.token}' | base64 -d)\n\ncurl -H \"Accept: application/yaml\" -H \"x-kubevirt-export-token: $token\" --insecure $secreturl > manifest.yaml\ncurl -H \"Accept: application/yaml\" -H \"x-kubevirt-export-token: $token\" --insecure $manifesturl >> manifest.yaml\n
Import VM.
Copy the exported manifest.yaml
to the target migration cluster and run the following command.(If the namespace does not exist, it need to be created in advance) :
kubectl apply -f manifest.yaml\n
After successfully creating a VM, you need to restart it. Once the VM is running successfully, the original VM need to be deleted in the original cluster (Do not delete the original VM if it has not started successfully). When configuring the liveness and readiness probes for a cloud host, the process is similar to that of Kubernetes configuration. This article will introduce how to configure health check parameters for a cloud host using YAML.
However, it is important to note that the configuration must be done when the cloud host has been successfully created and is in a powered-off state.
"},{"location":"en/admin/virtnest/vm/health-check.html#configuring-http-liveness-probe","title":"Configuring HTTP Liveness Probe","text":"livenessProbe.httpGet
in spec.template.spec
.Modify cloudInitNoCloud
to start an HTTP server.
apiVersion: kubevirt.io/v1\nkind: VirtualMachine\nmetadata:\n annotations:\n kubevirt.io/latest-observed-api-version: v1\n kubevirt.io/storage-observed-api-version: v1\n virtnest.io/alias-name: ''\n virtnest.io/image-secret: ''\n virtnest.io/image-source: docker\n virtnest.io/os-image: release-ci.daocloud.io/virtnest/system-images/ubuntu-22.04-x86_64:v1\n creationTimestamp: '2024-10-15T02:39:45Z'\n finalizers:\n - kubevirt.io/virtualMachineControllerFinalize\n generation: 1\n labels:\n virtnest.io/os-family: Ubuntu\n virtnest.io/os-version: '22.04'\n name: test-probe\n namespace: amamba-team\n resourceVersion: '254032135'\n uid: 6d92779d-7415-4721-8c7b-a2dde163d758\nspec:\n dataVolumeTemplates:\n - metadata:\n creationTimestamp: null\n name: test-probe-rootdisk\n namespace: amamba-team\n spec:\n pvc:\n accessModes:\n - ReadWriteOnce\n resources:\n requests:\n storage: 10Gi\n storageClassName: hwameistor-storage-lvm-hdd\n source:\n registry:\n url: >-\n docker://release-ci.daocloud.io/virtnest/system-images/ubuntu-22.04-x86_64:v1\n runStrategy: Halted\n template:\n metadata:\n creationTimestamp: null\n spec:\n architecture: amd64\n domain:\n cpu:\n cores: 1\n sockets: 1\n threads: 1\n devices:\n disks:\n - bootOrder: 1\n disk:\n bus: virtio\n name: rootdisk\n - disk:\n bus: virtio\n name: cloudinitdisk\n interfaces:\n - masquerade: {}\n name: default\n machine:\n type: q35\n memory:\n guest: 2Gi\n resources:\n requests:\n memory: 2Gi\n networks:\n - name: default\n pod: {}\n livenessProbe:\n initialDelaySeconds: 120\n periodSeconds: 20\n httpGet:\n port: 1500\n timeoutSeconds: 10\n volumes:\n - dataVolume:\n name: test-probe-rootdisk\n name: rootdisk\n - cloudInitNoCloud:\n userData: |\n #cloud-config\n ssh_pwauth: true\n disable_root: false\n chpasswd: {\"list\": \"root:dangerous\", expire: False}\n runcmd:\n - sed -i \"/#\\?PermitRootLogin/s/^.*$/PermitRootLogin yes/g\" /etc/ssh/sshd_config\n - systemctl restart ssh.service\n - dhclient -r && dhclient\n - apt-get update && apt-get install -y ncat\n - [\"systemd-run\", \"--unit=httpserver\", \"ncat\", \"-klp\", \"1500\", \"-e\", '/usr/bin/echo -e HTTP/1.1 200 OK\\nContent-Length: 12\\n\\nHello World!']\n name: cloudinitdisk\n
The configuration of userData
may vary depending on the operating system (such as Ubuntu/Debian or CentOS). The main differences are:
Package manager:
Ubuntu/Debian uses apt-get
as the package manager. CentOS uses yum
as the package manager.
SSH service restart command:
Ubuntu/Debian uses systemctl restart ssh.service
. CentOS uses systemctl restart sshd.service
(note that for CentOS 7 and earlier versions, it uses service sshd restart
).
Installed packages:
Ubuntu/Debian installs ncat
. CentOS installs nmap-ncat
(because ncat
may not be available in the default repository for CentOS).
Configure livenessProbe.tcpSocket
in spec.template.spec
.
apiVersion: kubevirt.io/v1\nkind: VirtualMachine\nmetadata:\n annotations:\n kubevirt.io/latest-observed-api-version: v1\n kubevirt.io/storage-observed-api-version: v1\n virtnest.io/alias-name: ''\n virtnest.io/image-secret: ''\n virtnest.io/image-source: docker\n virtnest.io/os-image: release-ci.daocloud.io/virtnest/system-images/ubuntu-22.04-x86_64:v1\n creationTimestamp: '2024-10-15T02:39:45Z'\n finalizers:\n - kubevirt.io/virtualMachineControllerFinalize\n generation: 1\n labels:\n virtnest.io/os-family: Ubuntu\n virtnest.io/os-version: '22.04'\n name: test-probe\n namespace: amamba-team\n resourceVersion: '254032135'\n uid: 6d92779d-7415-4721-8c7b-a2dde163d758\nspec:\n dataVolumeTemplates:\n - metadata:\n creationTimestamp: null\n name: test-probe-rootdisk\n namespace: amamba-team\n spec:\n pvc:\n accessModes:\n - ReadWriteOnce\n resources:\n requests:\n storage: 10Gi\n storageClassName: hwameistor-storage-lvm-hdd\n source:\n registry:\n url: >-\n docker://release-ci.daocloud.io/virtnest/system-images/ubuntu-22.04-x86_64:v1\n runStrategy: Halted\n template:\n metadata:\n creationTimestamp: null\n spec:\n architecture: amd64\n domain:\n cpu:\n cores: 1\n sockets: 1\n threads: 1\n devices:\n disks:\n - bootOrder: 1\n disk:\n bus: virtio\n name: rootdisk\n - disk:\n bus: virtio\n name: cloudinitdisk\n interfaces:\n - masquerade: {}\n name: default\n machine:\n type: q35\n memory:\n guest: 2Gi\n resources:\n requests:\n memory: 2Gi\n networks:\n - name: default\n pod: {}\n livenessProbe:\n initialDelaySeconds: 120\n periodSeconds: 20\n tcpSocket:\n port: 1500\n timeoutSeconds: 10\n volumes:\n - dataVolume:\n name: test-probe-rootdisk\n name: rootdisk\n - cloudInitNoCloud:\n userData: |\n #cloud-config\n ssh_pwauth: true\n disable_root: false\n chpasswd: {\"list\": \"root:dangerous\", expire: False}\n runcmd:\n - sed -i \"/#\\?PermitRootLogin/s/^.*$/PermitRootLogin yes/g\" /etc/ssh/sshd_config\n - systemctl restart ssh.service\n - dhclient -r && dhclient\n - apt-get update && apt-get install -y ncat\n - [\"systemd-run\", \"--unit=httpserver\", \"ncat\", \"-klp\", \"1500\", \"-e\", '/usr/bin/echo -e HTTP/1.1 200 OK\\nContent-Length: 12\\n\\nHello World!']\n name: cloudinitdisk\n
"},{"location":"en/admin/virtnest/vm/health-check.html#configuring-readiness-probes","title":"Configuring Readiness Probes","text":"Configure readiness
in spec.template.spec
.
apiVersion: kubevirt.io/v1\nkind: VirtualMachine\nmetadata:\n annotations:\n kubevirt.io/latest-observed-api-version: v1\n kubevirt.io/storage-observed-api-version: v1\n virtnest.io/alias-name: ''\n virtnest.io/image-secret: ''\n virtnest.io/image-source: docker\n virtnest.io/os-image: release-ci.daocloud.io/virtnest/system-images/ubuntu-22.04-x86_64:v1\n creationTimestamp: '2024-10-15T02:39:45Z'\n finalizers:\n - kubevirt.io/virtualMachineControllerFinalize\n generation: 1\n labels:\n virtnest.io/os-family: Ubuntu\n virtnest.io/os-version: '22.04'\n name: test-probe\n namespace: amamba-team\n resourceVersion: '254032135'\n uid: 6d92779d-7415-4721-8c7b-a2dde163d758\nspec:\n dataVolumeTemplates:\n - metadata:\n creationTimestamp: null\n name: test-probe-rootdisk\n namespace: amamba-team\n spec:\n pvc:\n accessModes:\n - ReadWriteOnce\n resources:\n requests:\n storage: 10Gi\n storageClassName: hwameistor-storage-lvm-hdd\n source:\n registry:\n url: >-\n docker://release-ci.daocloud.io/virtnest/system-images/ubuntu-22.04-x86_64:v1\n runStrategy: Halted\n template:\n metadata:\n creationTimestamp: null\n spec:\n architecture: amd64\n domain:\n cpu:\n cores: 1\n sockets: 1\n threads: 1\n devices:\n disks:\n - bootOrder: 1\n disk:\n bus: virtio\n name: rootdisk\n - disk:\n bus: virtio\n name: cloudinitdisk\n interfaces:\n - masquerade: {}\n name: default\n machine:\n type: q35\n memory:\n guest: 2Gi\n resources:\n requests:\n memory: 2Gi\n networks:\n - name: default\n pod: {}\n readiness:\n initialDelaySeconds: 120\n periodSeconds: 20\n httpGet:\n port: 1500\n timeoutSeconds: 10\n volumes:\n - dataVolume:\n name: test-probe-rootdisk\n name: rootdisk\n - cloudInitNoCloud:\n userData: |\n #cloud-config\n ssh_pwauth: true\n disable_root: false\n chpasswd: {\"list\": \"root:dangerous\", expire: False}\n runcmd:\n - sed -i \"/#\\?PermitRootLogin/s/^.*$/PermitRootLogin yes/g\" /etc/ssh/sshd_config\n - systemctl restart ssh.service\n - dhclient -r && dhclient\n - apt-get update && apt-get install -y ncat\n - [\"systemd-run\", \"--unit=httpserver\", \"ncat\", \"-klp\", \"1500\", \"-e\", '/usr/bin/echo -e HTTP/1.1 200 OK\\nContent-Length: 12\\n\\nHello World!']\n name: cloudinitdisk\n
"},{"location":"en/admin/virtnest/vm/live-migration.html","title":"Live Migration","text":"This article will explain how to migrate a virtual machine from one node to another.
When a node needs maintenance or upgrades, users can seamlessly migrate running virtual machines to other nodes while ensuring business continuity and data security.
"},{"location":"en/admin/virtnest/vm/live-migration.html#prerequisites","title":"Prerequisites","text":"Before using live migration, the following prerequisites must be met:
Click Container Management on the left navigation bar, then click Virtual Machines to enter the list page. Click \u2507 on the right side of the list to migrate running virtual machines. Currently, the virtual machine is on the node controller-node-1 .
A pop-up box will appear, indicating that during live migration, the running virtual machine instances will be migrated to another node, but the target node cannot be predetermined. Please ensure that other nodes have sufficient resources.
After a successful migration, you can view the node information in the virtual machine list. At this time, the node has been migrated to controller-node-2 .
This article will introduce how to move a cloud host from one node to another within the same cluster while it is powered off.
The main feature of cold migration is that the cloud host will be offline during the migration process, which may impact business continuity. Therefore, careful planning of the migration time window is necessary, taking into account business needs and system availability. Typically, cold migration is suitable for scenarios where downtime requirements are not very strict.
"},{"location":"en/admin/virtnest/vm/migratiom.html#prerequisites","title":"Prerequisites","text":"Before using cold migration, the following prerequisites must be met:
Click__Container Management__ in the left navigation bar, then click__Cloud Hosts__ to enter the list page. Clickthe \u2507 on the right side of the list to initiate the migration action for the cloud host that is in a powered-off state. The current node of the cloud host cannot be viewed while it is powered off, so prior planning or checking while powered on is required.
Note
If you have used local-path in the storage pool of the original node, there may be issues during cross-node migration. Please choose carefully.
After clicking migrate, a prompt will appear allowing you to choose to migrate to a specific node or randomly. If you need to change the storage pool, ensure that there is an available storage pool in the target node. Also, ensure that the target node has sufficient resources. The migration process may take a significant amount of time, so please be patient.
The migration will take some time, so please be patient. After it is successful, you need to restart the cloud host to check if the migration was successful. This example has already powered on the cloud host to check the migration effect.
The virtual machine's monitoring is based on the Grafana Dashboard open-sourced by Kubevirt, which generates monitoring dashboards for each virtual machine.
Monitoring information of the virtual machine can provide better insights into the resource consumption of the virtual machine, such as CPU, memory, storage, and network resource usage. These information can help optimize and plan resources, improving overall resource utilization efficiency.
"},{"location":"en/admin/virtnest/vm/monitor.html#prerequisites","title":"Prerequisites","text":"Before viewing the virtual machine monitoring information, the following prerequisites need to be met:
Navigate to the VM Detail page and click Overview to view the monitoring content of the virtual machine. Please note that without the insight-agent component installed, monitoring information cannot be obtained. Below are the detailed information:
Total CPU, CPU Usage, Memory Total, Memory Usage.
CPU Utilisation: the percentage of CPU resources currently used by the virtual machine;
Memory Utilisation: the percentage of memory resources currently used by the virtual machine out of the total available memory.
Network Traffic by Virtual Machines: the amount of network data sent and received by the virtual machine during a specific time period;
Network Packet Loss Rate: the proportion of lost data packets during data transmission out of the total sent data packets.
Network Packet Error Rate: the rate of errors that occur during network transmission;
Storage Traffic: the speed and capacity at which the virtual machine system reads and writes to the disk within a certain time period.
Storage IOPS: the number of input/output operations the virtual machine system performs in one second.
Storage Delay: the time delay experienced by the virtual machine system when performing disk read and write operations.
This article introduces how to create snapshots for VMs on a schedule.
You can create scheduled snapshots for VMs, providing continuous protection for data and ensuring effective data recovery in case of data loss, corruption, or deletion.
"},{"location":"en/admin/virtnest/vm/scheduled-snapshot.html#steps","title":"Steps","text":"In the left navigation bar, click Container Management -> Clusters to select the proper cluster where the target VM is located. After entering the cluster, click Workloads -> CronJobs, and choose Create from YAML to create a scheduled task. Refer to the following YAML example to create snapshots for the specified VM on a schedule.
Click to view the YAML example for creating a scheduled taskapiVersion: batch/v1\nkind: CronJob\nmetadata:\n name: xxxxx-xxxxx-cronjob # Scheduled task name (Customizable)\n namespace: virtnest-system # Do not modify the namespace\nspec:\n schedule: \"5 * * * *\" # Modify the scheduled task execution interval as needed\n concurrencyPolicy: Allow\n suspend: false\n successfulJobsHistoryLimit: 10\n failedJobsHistoryLimit: 3\n startingDeadlineSeconds: 60\n jobTemplate:\n spec:\n template:\n metadata:\n labels:\n virtnest.io/vm: xxxx # Modify to the name of the VM that needs to be snapshotted\n virtnest.io/namespace: xxxx # Modify to the namespace where the VM is located\n spec:\n serviceAccountName: kubevirt-operator\n containers:\n - name: snapshot-job\n image: release.daocloud.io/virtnest/tools:v0.1.5 # For offline environments, modify the registry address to the proper registry address of the cluster\n imagePullPolicy: IfNotPresent\n env:\n - name: NS\n valueFrom:\n fieldRef:\n fieldPath: metadata.labels['virtnest.io/namespace']\n - name: VM\n valueFrom:\n fieldRef:\n fieldPath: metadata.labels['virtnest.io/vm']\n command:\n - /bin/sh\n - -c\n - |\n export SUFFIX=$(date +\"%Y%m%d-%H%M%S\")\n cat <<EOF | kubectl apply -f -\n apiVersion: snapshot.kubevirt.io/v1alpha1\n kind: VirtualMachineSnapshot\n metadata:\n name: $(VM)-snapshot-$SUFFIX\n namespace: $(NS)\n spec:\n source:\n apiGroup: kubevirt.io\n kind: VirtualMachine\n name: $(VM)\n EOF\n restartPolicy: OnFailure\n
After creating the scheduled task and running it successfully, you can click Virtual Machines in the list page to select the target VM. After entering the details, you can view the snapshot list.
This guide explains how to create snapshots for virtual machines and restore them.
You can create snapshots for virtual machines to save the current state of the virtual machine. A snapshot can be restored multiple times, and each time the virtual machine will be reverted to the state when the snapshot was created. Snapshots are commonly used for backup, recovery and rollback.
"},{"location":"en/admin/virtnest/vm/snapshot.html#prerequisites","title":"Prerequisites","text":"Before using the snapshots, the following prerequisites need to be met:
Click Container Management in the left navigation menu, then click Virtual Machines to access the list page. Click the \u2507 on the right side of the list for a virtual machine to perform snapshot operations (only available for non-error state virtual machines).
A dialog box will pop up, prompting you to input a name and description for the snapshot. Please note that the creation process may take a few minutes, during which you won't be able to perform any operations on the virtual machine.
After successfully creating the snapshot, you can view its details within the virtual machine's information section. Here, you have the option to edit the description, recover from the snapshot, delete it, among other operations.
Click Restore from Snapshot and provide a name for the virtual machine recovery record. The recovery operation may take some time to complete, depending on the size of the snapshot and other factors. After a successful recovery, the virtual machine will be restored to the state when the snapshot was created.
After some time, you can scroll down to the snapshot information to view all the recovery records for the current snapshot. It also provides a way to locate the position of the recovery.
This article will introduce how to configure network information when creating virtual machines.
In virtual machines, network management is a crucial part that allows us to manage and configure network connections for virtual machines in a Kubernetes environment. It can be configured according to different needs and scenarios, achieving a more flexible and diverse network architecture.
When selecting the Bridge network mode, some information needs to be configured in advance:
ovs
. You can create a custom Multus CR or use YAML for creationNetwork configuration can be combined according to the table information.
Network Mode CNI Spiderpool Installed NIC Mode Fixed IP Live Migration Masquerade (NAT) Calico \u274c Single NIC \u274c \u2705 Cilium \u274c Single NIC \u274c \u2705 Flannel \u274c Single NIC \u274c \u2705 Bridge OVS \u2705 Multiple NIC \u2705 \u2705Network Mode: There are two modes - Masquerade (NAT) and Bridge. Bridge mode requires the installation of the spiderpool component.
The default selection is Masquerade (NAT) network mode using the eth0 default NIC.
If the cluster has the spiderpool component installed, then Bridge mode can be selected. The Bridge mode supports multiple NICs.
Adding NICs
Bridge modes support manually adding NICs. Click Add NIC to configure the NIC IP pool. Choose a Multus CR that matches the network mode, if not available, it needs to be created manually.
If the Use Default IP Pool switch is turned on, it will use the default IP pool in the multus CR configuration. If turned off, manually select the IP pool.
This article will introduce how to configure storage when creating a virtual machine.
Storage and virtual machine functionality are closely related, mainly providing flexible and scalable virtual machine storage capabilities through the use of Kubernetes persistent volumes and storage classes. For example, virtual machine image storage in PVC supports cloning, snapshotting, and other operations with other data.
"},{"location":"en/admin/virtnest/vm/vm-sc.html#deploying-different-storage","title":"Deploying Different Storage","text":"Before using virtual machine storage functionality, different storage needs to be deployed according to requirements:
kubectl apply -f
to create the following YAML:---\napiVersion: v1\nkind: Namespace\nmetadata:\n name: local-path-storage\n\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: local-path-provisioner-service-account\n namespace: local-path-storage\n\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n name: local-path-provisioner-role\nrules:\n- apiGroups: [\"\"]\n resources: [\"nodes\", \"persistentvolumeclaims\", \"configmaps\"]\n verbs: [\"get\", \"list\", \"watch\"]\n- apiGroups: [\"\"]\n resources: [\"endpoints\", \"persistentvolumes\", \"pods\"]\n verbs: [\"*\"]\n- apiGroups: [\"\"]\n resources: [\"events\"]\n verbs: [\"create\", \"patch\"]\n- apiGroups: [\"storage.k8s.io\"]\n resources: [\"storageclasses\"]\n verbs: [\"get\", \"list\", \"watch\"]\n\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n name: local-path-provisioner-bind\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: local-path-provisioner-role\nsubjects:\n- kind: ServiceAccount\n name: local-path-provisioner-service-account\n namespace: local-path-storage\n\n---\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: local-path-provisioner\n namespace: local-path-storage\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: local-path-provisioner\n template:\n metadata:\n labels:\n app: local-path-provisioner\n spec:\n serviceAccountName: local-path-provisioner-service-account\n containers:\n - name: local-path-provisioner\n image: rancher/local-path-provisioner:v0.0.22\n imagePullPolicy: IfNotPresent\n command:\n - local-path-provisioner\n - --debug\n - start\n - --config\n - /etc/config/config.json\n volumeMounts:\n - name: config-volume\n mountPath: /etc/config/\n env:\n - name: POD_NAMESPACE\n valueFrom:\n fieldRef:\n fieldPath: metadata.namespace\n volumes:\n - name: config-volume\n configMap:\n name: local-path-config\n\n---\napiVersion: storage.k8s.io/v1\nkind: StorageClass\nmetadata:\n name: local-path\nprovisioner: rancher.io/local-path\nvolumeBindingMode: WaitForFirstConsumer\nreclaimPolicy: Delete\n\n---\nkind: ConfigMap\napiVersion: v1\nmetadata:\n name: local-path-config\n namespace: local-path-storage\ndata:\n config.json: |-\n {\n \"nodePathMap\": [\n {\n \"node\": \"DEFAULT_PATH_FOR_NON_LISTED_NODES\",\n \"paths\": [\"/opt/local-path-provisioner\"]\n }\n ]\n }\n setup: |-\n #!/bin/sh\n set -eu\n mkdir -m 0777 -p \"$VOL_DIR\"\n teardown: |-\n #!/bin/sh\n set -eu\n rm -rf \"$VOL_DIR\"\n helperPod.yaml: |-\n apiVersion: v1\n kind: Pod\n metadata:\n name: helper-pod\n spec:\n containers:\n - name: helper-pod\n image: busybox\n imagePullPolicy: IfNotPresent\n
"},{"location":"en/admin/virtnest/vm/vm-sc.html#virtual-machine-storage","title":"Virtual Machine Storage","text":"System Disk: By default, a VirtIO type rootfs system disk is created for the system to store the operating system and data.
Data Disk: The data disk is a storage device in the virtual machine used to store user data, application data, or other files unrelated to the operating system. Compared to the system disk, the data disk is optional and can be dynamically added or removed as needed. The capacity of the data disk can also be flexibly configured according to requirements.
Block storage is used by default. If you need to use cloning and snapshot functions, make sure that your storage pool has created the proper VolumeSnapshotClass, as shown in the example below. If you need to use real-time migration, make sure that your storage supports and has selected the ReadWriteMany access mode.
In most cases, such VolumeSnapshotClass is not automatically created during the installation process, so you need to manually create VolumeSnapshotClass. Here is an example of creating a VolumeSnapshotClass in HwameiStor:
kind: VolumeSnapshotClass\napiVersion: snapshot.storage.k8s.io/v1\nmetadata:\n name: hwameistor-storage-lvm-snapshot\n annotations:\n snapshot.storage.kubernetes.io/is-default-class: \"true\"\nparameters:\n snapsize: \"1073741824\"\ndriver: lvm.hwameistor.io\ndeletionPolicy: Delete\n
Execute the following command to check if the VolumeSnapshotClass has been successfully created.
kubectl get VolumeSnapshotClass\n
View the created Snapshotclass and confirm that the Provisioner property is consistent with the Driver property in the storage pool.
This document will explain how to build the required virtual machine images.
A virtual machine image is essentially a replica file, which is a disk partition with an installed operating system. Common image file formats include raw, qcow2, vmdk, etc.
"},{"location":"en/admin/virtnest/vm-image/index.html#build-an-image","title":"Build an Image","text":"Below are some detailed steps for building virtual machine images:
Download System Images
Before building virtual machine images, you need to download the required system images. We recommend using images in qcow2, raw, or vmdk formats. You can visit the following links to get CentOS and Fedora images:
Build a Docker Image and Push it to a Containe Registry
In this step, we will use Docker to build an image and push it to a container registry for easy deployment and usage when needed.
Create a Dockerfile
FROM scratch\nADD --chown=107:107 CentOS-7-x86_64-GenericCloud.qcow2 /disk/\n
The Dockerfile above adds a file named CentOS-7-x86_64-GenericCloud.qcow2
to the image being built from a scratch base image and places it in the /disk/ directory within the image. This operation includes the file in the image, allowing it to provide a CentOS 7 x86_64 operating system environment when used to create a virtual machine.
Build the Image
docker build -t release-ci.daocloud.io/ghippo/kubevirt-demo/centos7:v1 .\n
The above command builds an image named release-ci.daocloud.io/ghippo/kubevirt-demo/centos7:v1
using the instructions in the Dockerfile. You can modify the image name according to your project requirements.
Push the Image to the Container Registry
Use the following command to push the built image to the release-ci.daocloud.io
container registry. You can modify the repository name and address as needed.
docker push release-ci.daocloud.io/ghippo/kubevirt-demo/centos7:v1\n
These are the detailed steps and instructions for building virtual machine images. By following these steps, you will be able to successfully build and push images for virtual machines to meet your usage needs.
"},{"location":"en/admin/ghippo/best-practice/navigator.html","title":"Custom Navigation Bar","text":"Currently, the custom navigation bar needs to be manually created as a YAML file and applied to the cluster.
"},{"location":"en/admin/ghippo/best-practice/navigator.html#navigation-bar-categories","title":"Navigation Bar Categories","text":"To add or reorder navigation bar categories, you can achieve it by adding or modifying the category YAML.
Here is an example of a category YAML:
apiVersion: ghippo.io/v1alpha1\nkind: NavigatorCategory\nmetadata:\n name: management-custom # (1)!\nspec:\n name: Management # (2)!\n isCustom: true # (3)!\n localizedName: # (4)!\n zh-CN: \u7ba1\u7406\n en-US: Management\n order: 100 # (5)!\n
After writing the YAML file, you can see the newly added or modified navigation bar categories by executing the following command and refreshing the page:
kubectl apply -f xxx.yaml\n
"},{"location":"en/admin/ghippo/best-practice/navigator.html#navigation-bar-menus","title":"Navigation Bar Menus","text":"To add or reorder navigation bar menus, you can achieve it by adding a navigator YAML.
Note
If you need to edit an existing navigation bar menu (not a custom menu added by the user), you need to set the \"gproduct\" field of the new custom menu the same as the \"gproduct\" field of the menu to be overridden. The new navigation bar menu will overwrite the parts with the same \"name\" in the \"menus\" section, and perform an addition operation for the parts with different \"name\".
"},{"location":"en/admin/ghippo/best-practice/navigator.html#first-level-menu","title":"First-level Menu","text":"Insert as a product under a navigation bar category
apiVersion: ghippo.io/v1alpha1\nkind: GProductNavigator\nmetadata:\n name: gmagpie-custom # (1)!\nspec:\n name: Operations Management\n iconUrl: ./ui/gmagpie/gmagpie.svg\n localizedName: # (2)!\n zh-CN: \u8fd0\u8425\u7ba1\u7406\n en-US: Operations Management\n url: ./gmagpie\n category: management # (3)!\n menus: # (4)!\n - name: Access Control\n iconUrl: ./ui/ghippo/menus/access-control.svg\n localizedName:\n zh-CN: \u7528\u6237\u4e0e\u8bbf\u95ee\u63a7\u5236\n en-US: Access Control\n url: ./ghippo/users\n order: 50 # (5)!\n - name: Workspace\n iconUrl: ./ui/ghippo/menus/workspace-folder.svg\n localizedName:\n zh-CN: \u5de5\u4f5c\u7a7a\u95f4\u4e0e\u5c42\u7ea7\n en-US: Workspace and Folder\n url: ./ghippo/workspaces\n order: 40\n - name: Audit Log\n iconUrl: ./ui/ghippo/menus/audit-logs.svg\n localizedName:\n zh-CN: \u5ba1\u8ba1\u65e5\u5fd7\n en-US: Audit Log\n url: ./ghippo/audit\n order: 30\n - name: Settings\n iconUrl: ./ui/ghippo/menus/setting.svg\n localizedName:\n zh-CN: \u5e73\u53f0\u8bbe\u7f6e\n en-US: Settings\n url: ./ghippo/settings\n order: 10\n gproduct: gmagpie # (6)!\n visible: true # (7)!\n isCustom: true # (8)!\n order: 20 # (9)!\n target: blank # (10)!\n
Insert as a sub-product under the second-level menu of a first-level menu
apiVersion: ghippo.io/v1alpha1\nkind: GProductNavigator\nmetadata:\n name: gmagpie-custom # (1)!\nspec:\n name: Operations Management\n iconUrl: ./ui/gmagpie/gmagpie.svg\n localizedName: # (2)!\n zh-CN: \u8fd0\u8425\u7ba1\u7406\n en-US: Operations Management\n url: ./gmagpie\n parentGProduct: ghippo # (3)!\n gproduct: gmagpie # (4)!\n visible: true # (5)!\n isCustom: true # (6)!\n order: 20 # (7)!\n
Insight is a multicluster observation product in AI platform. In order to realize the unified collection of multicluster observation data, users need to install the Helm App insight-agent (Installed in insight-system namespace by default). See How to install insight-agent .
"},{"location":"en/admin/insight/quickstart/agent-status.html#status-description","title":"Status description","text":"In Insight -> Data Collection section, you can view the status of insight-agent installed in each cluster.
Can be checked by:
Run the following command, if the status is deployed , go to the next step. If it is failed , since it will affect the upgrade of the application, it is recommended to reinstall after uninstalling Container Management -> Helm Apps :
helm list -n insight-system\n
run the following command or check the status of the components deployed in the cluster in Insight -> Data Collection . If there is a pod that is not in the Running state, please restart the abnormal pod.
kubectl get pods -n insight-system\n
The resource consumption of the metric collection component Prometheus in insight-agent is directly proportional to the number of pods running in the cluster. Adjust Prometheus resources according to the cluster size, please refer to Prometheus Resource Planning.
Since the storage capacity of the metric storage component vmstorage in the global service cluster is directly proportional to the sum of the number of pods in each cluster.
JMX-Exporter provides two usages:
Note
Officials do not recommend the first method. On the one hand, the configuration is complicated, and on the other hand, it requires a separate process, and the monitoring of this process itself has become a new problem. So This page focuses on the second usage and how to use JMX Exporter to expose JVM monitoring metrics in the Kubernetes environment.
The second usage is used here, and the JMX Exporter jar package file and configuration file need to be specified when starting the JVM. The jar package is a binary file, so it is not easy to mount it through configmap. We hardly need to modify the configuration file. So the suggestion is to directly package the jar package and configuration file of JMX Exporter into the business container image.
Among them, in the second way, we can choose to put the jar file of JMX Exporter in the business application mirror, You can also choose to mount it during deployment. Here is an introduction to the two methods:
"},{"location":"en/admin/insight/quickstart/jvm-monitor/jmx-exporter.html#method-1-build-the-jmx-exporter-jar-file-into-the-business-image","title":"Method 1: Build the JMX Exporter JAR file into the business image","text":"The content of prometheus-jmx-config.yaml is as follows:
prometheus-jmx-config.yaml...\nssl: false\nlowercaseOutputName: false\nlowercaseOutputLabelNames: false\nrules:\n- pattern: \".*\"\n
Note
For more configmaps, please refer to the bottom introduction or Prometheus official documentation.
Then prepare the jar package file, you can find the latest jar package download address on the Github page of jmx_exporter and refer to the following Dockerfile:
FROM openjdk:11.0.15-jre\nWORKDIR /app/\nCOPY target/my-app.jar ./\nCOPY prometheus-jmx-config.yaml ./\nRUN set -ex; \\\n curl -L -O https://repo1.maven.org/maven2/io/prometheus/jmx/jmx_prometheus_javaagent/0.17.2/jmx_prometheus_javaagent-0.17.2.jar;\nENV JAVA_TOOL_OPTIONS=-javaagent:/app/jmx_prometheus_javaagent-0.17.2.jar=8088:/app/prometheus-jmx-config.yaml\nEXPOSE 8081 8999 8080 8888\nENTRYPOINT java $JAVA_OPTS -jar my-app.jar\n
Notice:
We need to make the JMX exporter into a Docker image first, the following Dockerfile is for reference only:
FROM alpine/curl:3.14\nWORKDIR /app/\n# Copy the previously created config file to the mirror\nCOPY prometheus-jmx-config.yaml ./\n# Download jmx prometheus javaagent jar online\nRUN set -ex; \\\n curl -L -O https://repo1.maven.org/maven2/io/prometheus/jmx/jmx_prometheus_javaagent/0.17.2/jmx_prometheus_javaagent-0.17.2.jar;\n
Build the image according to the above Dockerfile: docker build -t my-jmx-exporter .
Add the following init container to the Java application deployment Yaml:
Click to view YAML fileapiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: my-demo-app\n labels:\n app: my-demo-app\nspec:\n selector:\n matchLabels:\n app: my-demo-app\n template:\n metadata:\n labels:\n app: my-demo-app\n spec:\n imagePullSecrets:\n - name: registry-pull\n initContainers:\n - name: jmx-sidecar\n image: my-jmx-exporter\n command: [\"cp\", \"-r\", \"/app/jmx_prometheus_javaagent-0.17.2.jar\", \"/target/jmx_prometheus_javaagent-0.17.2.jar\"] \u278a\n volumeMounts:\n - name: sidecar\n mountPath: /target\n containers:\n - image: my-demo-app-image\n name: my-demo-app\n resources:\n requests:\n memory: \"1000Mi\"\n cpu: \"500m\"\n limits:\n memory: \"1000Mi\"\n cpu: \"500m\"\n ports:\n - containerPort: 18083\n env:\n - name: JAVA_TOOL_OPTIONS\n value: \"-javaagent:/app/jmx_prometheus_javaagent-0.17.2.jar=8088:/app/prometheus-jmx-config.yaml\" \u278b\n volumeMounts:\n - name: host-time\n mountPath: /etc/localtime\n readOnly: true\n - name: sidecar\n mountPath: /sidecar\n volumes:\n - name: host-time\n hostPath:\n path: /etc/localtime\n - name: sidecar # Share the agent folder\n emptyDir: {}\n restartPolicy: Always\n
After the above modification, the sample application my-demo-app has the ability to expose JVM metrics. After running the service, we can access the prometheus format metrics exposed by the service through http://lcoalhost:8088
.
Then, you can refer to Java Application Docking Observability with JVM Metrics.
"},{"location":"en/admin/insight/quickstart/jvm-monitor/jvm-catelogy.html","title":"Start monitoring Java applications","text":"This document mainly describes how to monitor the JVM of the customer's Java application. It describes how Java applications that have exposed JVM metrics, and those that have not, interface with Insight.
If your Java application does not start exposing JVM metrics, you can refer to the following documents:
If your Java application has exposed JVM metrics, you can refer to the following documents:
If your Java application exposes JVM monitoring metrics through other means (such as Spring Boot Actuator), We need to allow monitoring data to be collected. You can let Insight collect existing JVM metrics by adding Kubernetes Annotations to the workload:
annatation:\n insight.opentelemetry.io/metric-scrape: \"true\" # whether to collect\n insight.opentelemetry.io/metric-path: \"/\" # path to collect metrics\n insight.opentelemetry.io/metric-port: \"9464\" # port for collecting metrics\n
YAML Example to add annotations for my-deployment-app workload\uff1a
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: my-deployment-app\nspec:\n selector:\n matchLabels:\n app: my-deployment-app\n app.kubernetes.io/name: my-deployment-app\n replicas: 1\n template:\n metadata:\n labels:\n app: my-deployment-app\n app.kubernetes.io/name: my-deployment-app\n annotations:\n insight.opentelemetry.io/metric-scrape: \"true\" # whether to collect\n insight.opentelemetry.io/metric-path: \"/\" # path to collect metrics\n insight.opentelemetry.io/metric-port: \"9464\" # port for collecting metrics\n
The following shows the complete YAML:
---\napiVersion: v1\nkind: Service\nmetadata:\n name: spring-boot-actuator-prometheus-metrics-demo\nspec:\n type: NodePort\n selector:\n #app: my-deployment-with-aotu-instrumentation-app\n app.kubernetes.io/name: spring-boot-actuator-prometheus-metrics-demo\n ports:\n - name: http\n port: 8080\n---\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: spring-boot-actuator-prometheus-metrics-demo\nspec:\n selector:\n matchLabels:\n #app: my-deployment-with-aotu-instrumentation-app\n app.kubernetes.io/name: spring-boot-actuator-prometheus-metrics-demo\n replicas: 1\n template:\n metadata:\n labels:\n app.kubernetes.io/name: spring-boot-actuator-prometheus-metrics-demo\n annotations:\n insight.opentelemetry.io/metric-scrape: \"true\" # whether to collect\n insight.opentelemetry.io/metric-path: \"/actuator/prometheus\" # path to collect metrics\n insight.opentelemetry.io/metric-port: \"8080\" # port for collecting metrics\n spec:\n containers:\n - name: myapp\n image: docker.m.daocloud.io/wutang/spring-boot-actuator-prometheus-metrics-demo\n ports:\n - name: http\n containerPort: 8080\n resources:\n limits:\n cpu: 500m\n memory: 800Mi\n requests:\n cpu: 200m\n memory: 400Mi\n
In the above example\uff0cInsight will use :8080//actuator/prometheus to get Prometheus metrics exposed through Spring Boot Actuator .
"},{"location":"en/admin/insight/quickstart/jvm-monitor/otel-java-agent.html","title":"Use OpenTelemetry Java Agent to expose JVM monitoring metrics","text":"In Opentelemetry Agent v1.20.0 and above, Opentelemetry Agent has added the JMX Metric Insight module. If your application has integrated Opentelemetry Agent to collect application traces, then you no longer need to introduce other Agents for our application Expose JMX metrics. The Opentelemetry Agent also collects and exposes metrics by instrumenting the metrics exposed by MBeans locally available in the application.
Opentelemetry Agent also has some built-in monitoring samples for common Java Servers or frameworks, please refer to predefined metrics.
Using the OpenTelemetry Java Agent also needs to consider how to mount the JAR into the container. In addition to referring to the JMX Exporter above to mount the JAR file, we can also use the Operator capabilities provided by OpenTelemetry to automatically enable JVM metric exposure for our applications. :
If your application has integrated Opentelemetry Agent to collect application traces, then you no longer need to introduce other Agents to expose JMX metrics for our application. The Opentelemetry Agent can now natively collect and expose metrics interfaces by instrumenting metrics exposed by MBeans available locally in the application.
However, for current version, you still need to manually add the proper annotations to workload before the JVM data will be collected by Insight.
"},{"location":"en/admin/insight/quickstart/jvm-monitor/otel-java-agent.html#expose-metrics-for-java-middleware","title":"Expose metrics for Java middleware","text":"Opentelemetry Agent also has some built-in middleware monitoring samples, please refer to Predefined Metrics.
By default, no type is specified, and it needs to be specified through -Dotel.jmx.target.system JVM Options, such as -Dotel.jmx.target.system=jetty,kafka-broker .
"},{"location":"en/admin/insight/quickstart/jvm-monitor/otel-java-agent.html#reference","title":"Reference","text":"Gaining JMX Metric Insights with the OpenTelemetry Java Agent
Otel jmx metrics
If you don't want to manually change the application code, you can try This page's eBPF-based automatic enhancement method. This feature is currently in the review stage of donating to the OpenTelemetry community, and does not support Operator injection through annotations (it will be supported in the future), so you need to manually change the Deployment YAML or use a patch.
"},{"location":"en/admin/insight/quickstart/otel/golang-ebpf.html#prerequisites","title":"Prerequisites","text":"Make sure Insight Agent is ready. If not, see Install insight-agent to collect data and make sure the following three items are in place:
Install under the Insight-system namespace, skip this step if it has already been installed.
Note: This CR currently only supports the injection of environment variables (including service name and trace address) required to connect to Insight, and will support the injection of Golang probes in the future.
kubectl apply -f - <<EOF\napiVersion: opentelemetry.io/v1alpha1\nkind: Instrumentation\nmetadata:\n name: insight-opentelemetry-autoinstrumentation\n namespace: insight-system\nspec:\n # https://github.com/open-telemetry/opentelemetry-operator/blob/main/docs/api.md#instrumentationspecresource\n resource:\n addK8sUIDAttributes: true\n env:\n - name: OTEL_EXPORTER_OTLP_ENDPOINT\n value: http://insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317\n sampler:\n # Enum: always_on, always_off, traceidratio, parentbased_always_on, parentbased_always_off, parentbased_traceidratio, jaeger_remote, xray\n type: always_on\n java:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-java:1.17.0\n env:\n - name: OTEL_JAVAAGENT_DEBUG\n value: \"false\"\n - name: OTEL_INSTRUMENTATION_JDBC_ENABLED\n value: \"true\"\n - name: SPLUNK_PROFILER_ENABLED\n value: \"false\"\n nodejs:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-nodejs:0.31.0\n python:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-python:0.34b0\n dotnet:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-dotnet:0.3.1-beta.1\nEOF\n
"},{"location":"en/admin/insight/quickstart/otel/golang-ebpf.html#change-the-application-deployment-file","title":"Change the application deployment file","text":"Add environment variable annotations
There is only one such annotation, which is used to add OpenTelemetry-related environment variables, such as link reporting address, cluster id where the container is located, and namespace:
instrumentation.opentelemetry.io/inject-sdk: \"insight-system/insight-opentelemetry-autoinstrumentation\"\n
The value is divided into two parts by / , the first value insight-system is the namespace of the CR installed in the second step, and the second value insight-opentelemetry-autoinstrumentation is the name of the CR.
Add golang ebpf probe container
Here is sample code:
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: voting\n namespace: emojivoto\n labels:\n app.kubernetes.io/name: voting\n app.kubernetes.io/part-of: emojivoto\n app.kubernetes.io/version: v11\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: voting-svc\n version: v11\n template:\n metadata:\n labels:\n app: voting-svc\n version: v11\n annotations:\n instrumentation.opentelemetry.io/inject-sdk: \"insight-system/insight-opentelemetry-autoinstrumentation\" # (1)\n spec:\n containers:\n - env:\n - name: GRPC_PORT\n value: \"8080\"\n - name: PROM_PORT\n value: \"8801\"\n image: docker.l5d.io/buoyantio/emojivoto-voting-svc:v11 # (2)\n name: voting-svc\n command:\n - /usr/local/bin/emojivoto-voting-svc\n ports:\n - containerPort: 8080\n name: grpc\n - containerPort: 8801\n name: prom\n resources:\n requests:\n cpu: 100m\n - name: emojivoto-voting-instrumentation\n image: docker.m.daocloud.io/keyval/otel-go-agent:v0.6.0\n env:\n - name: OTEL_TARGET_EXE\n value: /usr/local/bin/emojivoto-voting-svc # (3)\n securityContext:\n runAsUser: 0\n capabilities:\n add:\n - SYS_PTRACE\n privileged: true\n volumeMounts:\n - mountPath: /sys/kernel/debug\n name: kernel-debug\n volumes:\n - name: kernel-debug\n hostPath:\n path: /sys/kernel/debug\n
The final generated Yaml content is as follows:
apiVersion: v1\nkind: Pod\nmetadata:\n name: voting-84b696c897-p9xbp\n generateName: voting-84b696c897-\n namespace: default\n uid: 742639b0-db6e-4f06-ac90-68a80e2b8a11\n resourceVersion: '65560793'\n creationTimestamp: '2022-10-19T07:08:56Z'\n labels:\n app: voting-svc\n pod-template-hash: 84b696c897\n version: v11\n annotations:\n cni.projectcalico.org/containerID: 0a987cf0055ce0dfbe75c3f30d580719eb4fbbd7e1af367064b588d4d4e4c7c7\n cni.projectcalico.org/podIP: 192.168.141.218/32\n cni.projectcalico.org/podIPs: 192.168.141.218/32\n instrumentation.opentelemetry.io/inject-sdk: insight-system/insight-opentelemetry-autoinstrumentation\nspec:\n volumes:\n - name: launcherdir\n emptyDir: {}\n - name: kernel-debug\n hostPath:\n path: /sys/kernel/debug\n type: ''\n - name: kube-api-access-gwj5v\n projected:\n sources:\n - serviceAccountToken:\n expirationSeconds: 3607\n path: token\n - configMap:\n name: kube-root-ca.crt\n items:\n - key: ca.crt\n path: ca.crt\n - downwardAPI:\n items:\n - path: namespace\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n defaultMode: 420\n containers:\n - name: voting-svc\n image: docker.l5d.io/buoyantio/emojivoto-voting-svc:v11\n command:\n - /odigos-launcher/launch\n - /usr/local/bin/emojivoto-voting-svc\n ports:\n - name: grpc\n containerPort: 8080\n protocol: TCP\n - name: prom\n containerPort: 8801\n protocol: TCP\n env:\n - name: GRPC_PORT\n value: '8080'\n - name: PROM_PORT\n value: '8801'\n - name: OTEL_TRACES_EXPORTER\n value: otlp\n - name: OTEL_EXPORTER_OTLP_ENDPOINT\n value: >-\n http://insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317\n - name: OTEL_EXPORTER_OTLP_TIMEOUT\n value: '200'\n - name: SPLUNK_TRACE_RESPONSE_HEADER_ENABLED\n value: 'true'\n - name: OTEL_SERVICE_NAME\n value: voting\n - name: OTEL_RESOURCE_ATTRIBUTES_POD_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.name\n - name: OTEL_RESOURCE_ATTRIBUTES_POD_UID\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.uid\n - name: OTEL_RESOURCE_ATTRIBUTES_NODE_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: spec.nodeName\n - name: OTEL_PROPAGATORS\n value: jaeger,b3\n - name: OTEL_TRACES_SAMPLER\n value: always_on\n - name: OTEL_RESOURCE_ATTRIBUTES\n value: >-\n k8s.container.name=voting-svc,k8s.deployment.name=voting,k8s.deployment.uid=79e015e2-4643-44c0-993c-e486aebaba10,k8s.namespace.name=default,k8s.node.name=$(OTEL_RESOURCE_ATTRIBUTES_NODE_NAME),k8s.pod.name=$(OTEL_RESOURCE_ATTRIBUTES_POD_NAME),k8s.pod.uid=$(OTEL_RESOURCE_ATTRIBUTES_POD_UID),k8s.replicaset.name=voting-84b696c897,k8s.replicaset.uid=63f56167-6632-415d-8b01-43a3db9891ff\n resources:\n requests:\n cpu: 100m\n volumeMounts:\n - name: launcherdir\n mountPath: /odigos-launcher\n - name: kube-api-access-gwj5v\n readOnly: true\n mountPath: /var/run/secrets/kubernetes.io/serviceaccount\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: IfNotPresent\n - name: emojivoto-voting-instrumentation\n image: keyval/otel-go-agent:v0.6.0\n env:\n - name: OTEL_TARGET_EXE\n value: /usr/local/bin/emojivoto-voting-svc\n - name: OTEL_EXPORTER_OTLP_ENDPOINT\n value: jaeger:4317\n - name: OTEL_SERVICE_NAME\n value: emojivoto-voting\n resources: {}\n volumeMounts:\n - name: kernel-debug\n mountPath: /sys/kernel/debug\n - name: kube-api-access-gwj5v\n readOnly: true\n mountPath: /var/run/secrets/kubernetes.io/serviceaccount\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: IfNotPresent\n securityContext:\n capabilities:\n add:\n - SYS_PTRACE\n privileged: true\n runAsUser: 0\n\u00b7\u00b7\u00b7\u00b7\u00b7\u00b7\n
"},{"location":"en/admin/insight/quickstart/otel/golang-ebpf.html#reference","title":"Reference","text":"In AI platform, previous Suanova 4.0 can be accessed as a subcluster. This guide provides potential issues and solutions when installing insight-agent in a Suanova 4.0 cluster.
"},{"location":"en/admin/insight/quickstart/other/install-agentindce.html#issue-one","title":"Issue One","text":"Since most Suanova 4.0 clusters have installed dx-insight as the monitoring system, installing insight-agent at this time will conflict with the existing prometheus operator in the cluster, making it impossible to install smoothly.
"},{"location":"en/admin/insight/quickstart/other/install-agentindce.html#solution","title":"Solution","text":"Enable the parameters of the prometheus operator, retain the prometheus operator in dx-insight, and make it compatible with the prometheus operator in insight-agent in 5.0.
"},{"location":"en/admin/insight/quickstart/other/install-agentindce.html#steps","title":"Steps","text":"Run the following command (the following command is for reference only, the actual command needs to replace the prometheus operator name and namespace in the command).
kubectl edit deploy insight-agent-kube-prometh-operator -n insight-system\n
Note
The open-source node-exporter turns on hostnetwork by default and the default port is 9100. If the monitoring system of the cluster has installed node-exporter , then installing insight-agent at this time will cause node-exporter port conflict and it cannot run normally.
Note
Insight's node exporter will enable some features to collect special indicators, so it is recommended to install.
Currently, it does not support modifying the port in the installation command. After helm install insight-agent , you need to manually modify the related ports of the insight node-exporter daemonset and svc.
"},{"location":"en/admin/insight/quickstart/other/install-agentindce.html#issue-two","title":"Issue Two","text":"After Insight Agent is successfully deployed, fluentbit does not collect logs of Suanova 4.0.
"},{"location":"en/admin/insight/quickstart/other/install-agentindce.html#solution_1","title":"Solution","text":"The docker storage directory of Suanova 4.0 is /var/lib/containers , which is different from the path in the configuration of insigh-agent, so the logs are not collected.
"},{"location":"en/admin/insight/quickstart/other/install-agentindce.html#steps_1","title":"Steps","text":"Modify the following parameters in the insight-agent Chart.
fluent-bit:\ndaemonSetVolumeMounts:\n - name: varlog\n mountPath: /var/log\n - name: varlibdockercontainers\n- mountPath: /var/lib/docker/containers\n+ mountPath: /var/lib/containers/docker/containers\n readOnly: true\n - name: etcmachineid\n mountPath: /etc/machine-id\n readOnly: true\n - name: dmesg\n mountPath: /var/log/dmesg\n readOnly: true\n
The service topology provided by Observability allows you to quickly identify the request relationships between services and determine the health status of services based on different colors. The health status is determined based on the request latency and error rate of the service's overall traffic. This article explains the elements in the service topology.
"},{"location":"en/admin/insight/trace/topology-helper.html#node-status-explanation","title":"Node Status Explanation","text":"The node health status is determined based on the error rate and request latency of the service's overall traffic, following these rules:
Color Status Rules Gray Healthy Error rate equals 0% and request latency is less than 100ms Orange Warning Error rate (0, 5%) or request latency (100ms, 200ms) Red Abnormal Error rate (5%, 100%) or request latency (200ms, +Infinity)"},{"location":"en/admin/insight/trace/topology-helper.html#connection-status-explanation","title":"Connection Status Explanation","text":"Color Status Rules Green Healthy Error rate equals 0% and request latency is less than 100ms Orange Warning Error rate (0, 5%) or request latency (100ms, 200ms) Red Abnormal Error rate (5%, 100%) or request latency (200ms, +Infinity)"},{"location":"en/admin/kpanda/gpu/gpu-metrics.html","title":"GPU Metrics","text":"This page lists some commonly used GPU metrics.
"},{"location":"en/admin/kpanda/gpu/gpu-metrics.html#cluster-level","title":"Cluster Level","text":"Metric Name Description Number of GPUs Total number of GPUs in the cluster Average GPU Utilization Average compute utilization of all GPUs in the cluster Average GPU Memory Utilization Average memory utilization of all GPUs in the cluster GPU Power Power consumption of all GPUs in the cluster GPU Temperature Temperature of all GPUs in the cluster GPU Utilization Details 24-hour usage details of all GPUs in the cluster (includes max, avg, current) GPU Memory Usage Details 24-hour memory usage details of all GPUs in the cluster (includes min, max, avg, current) GPU Memory Bandwidth Utilization For example, an Nvidia V100 GPU has a maximum memory bandwidth of 900 GB/sec. If the current memory bandwidth is 450 GB/sec, the utilization is 50%"},{"location":"en/admin/kpanda/gpu/gpu-metrics.html#node-level","title":"Node Level","text":"Metric Name Description GPU Mode Usage mode of GPUs on the node, including full-card mode, MIG mode, vGPU mode Number of Physical GPUs Total number of physical GPUs on the node Number of Virtual GPUs Number of vGPU devices created on the node Number of MIG Instances Number of MIG instances created on the node GPU Memory Allocation Rate Memory allocation rate of all GPUs on the node Average GPU Utilization Average compute utilization of all GPUs on the node Average GPU Memory Utilization Average memory utilization of all GPUs on the node GPU Driver Version Driver version information of GPUs on the node GPU Utilization Details 24-hour usage details of each GPU on the node (includes max, avg, current) GPU Memory Usage Details 24-hour memory usage details of each GPU on the node (includes min, max, avg, current)"},{"location":"en/admin/kpanda/gpu/gpu-metrics.html#pod-level","title":"Pod Level","text":"Category Metric Name Description Application Overview GPU - Compute & Memory Pod GPU Utilization Compute utilization of the GPUs used by the current Pod Pod GPU Memory Utilization Memory utilization of the GPUs used by the current Pod Pod GPU Memory Usage Memory usage of the GPUs used by the current Pod Memory Allocation Memory allocation of the GPUs used by the current Pod Pod GPU Memory Copy Ratio Memory copy ratio of the GPUs used by the current Pod GPU - Engine Overview GPU Graphics Engine Activity Percentage Percentage of time the Graphics or Compute engine is active during a monitoring cycle GPU Memory Bandwidth Utilization Memory bandwidth utilization (Memory BW Utilization) indicates the fraction of cycles during which data is sent to or received from the device memory. This value represents the average over the interval, not an instantaneous value. A higher value indicates higher utilization of device memory.A value of 1 (100%) indicates that a DRAM instruction is executed every cycle during the interval (in practice, a peak of about 0.8 (80%) is the maximum achievable).A value of 0.2 (20%) indicates that 20% of the cycles during the interval are spent reading from or writing to device memory. Tensor Core Utilization Percentage of time the Tensor Core pipeline is active during a monitoring cycle FP16 Engine Utilization Percentage of time the FP16 pipeline is active during a monitoring cycle FP32 Engine Utilization Percentage of time the FP32 pipeline is active during a monitoring cycle FP64 Engine Utilization Percentage of time the FP64 pipeline is active during a monitoring cycle GPU Decode Utilization Decode engine utilization of the GPU GPU Encode Utilization Encode engine utilization of the GPU GPU - Temperature & Power GPU Temperature Temperature of all GPUs in the cluster GPU Power Power consumption of all GPUs in the cluster GPU Total Power Consumption Total power consumption of the GPUs GPU - Clock GPU Memory Clock Memory clock frequency GPU Application SM Clock Application SM clock frequency GPU Application Memory Clock Application memory clock frequency GPU Video Engine Clock Video engine clock frequency GPU Throttle Reasons Reasons for GPU throttling GPU - Other Details PCIe Transfer Rate Data transfer rate of the GPU through the PCIe bus PCIe Receive Rate Data receive rate of the GPU through the PCIe bus"},{"location":"en/admin/kpanda/gpu/ascend/Ascend_usage.html","title":"Use Ascend NPU","text":"This section explains how to use Ascend NPU on the AI platform.
"},{"location":"en/admin/kpanda/gpu/ascend/Ascend_usage.html#prerequisites","title":"Prerequisites","text":"Refer to the Ascend NPU Component Installation Document to install the basic environment.
"},{"location":"en/admin/kpanda/gpu/ascend/Ascend_usage.html#quick-start","title":"Quick Start","text":"This document uses the AscentCL Image Classification Application example from the Ascend sample library.
Download the Ascend repository
Run the following command to download the Ascend demo repository, and remember the storage location of the code for subsequent use.
git clone https://gitee.com/ascend/samples.git\n
Prepare the base image
This example uses the Ascent-pytorch base image, which can be obtained from the Ascend Container Registry.
Prepare the YAML file
ascend-demo.yamlapiVersion: batch/v1\nkind: Job\nmetadata:\n name: resnetinfer1-1-1usoc\nspec:\n template:\n spec:\n containers:\n - image: ascendhub.huawei.com/public-ascendhub/ascend-pytorch:23.0.RC2-ubuntu18.04 # Inference image name\n imagePullPolicy: IfNotPresent\n name: resnet50infer\n securityContext:\n runAsUser: 0\n command:\n - \"/bin/bash\"\n - \"-c\"\n - |\n source /usr/local/Ascend/ascend-toolkit/set_env.sh &&\n TEMP_DIR=/root/samples_copy_$(date '+%Y%m%d_%H%M%S_%N') &&\n cp -r /root/samples \"$TEMP_DIR\" &&\n cd \"$TEMP_DIR\"/inference/modelInference/sampleResnetQuickStart/python/model &&\n wget https://obs-9be7.obs.cn-east-2.myhuaweicloud.com/003_Atc_Models/resnet50/resnet50.onnx &&\n atc --model=resnet50.onnx --framework=5 --output=resnet50 --input_shape=\"actual_input_1:1,3,224,224\" --soc_version=Ascend910 &&\n cd ../data &&\n wget https://obs-9be7.obs.cn-east-2.myhuaweicloud.com/models/aclsample/dog1_1024_683.jpg &&\n cd ../scripts &&\n bash sample_run.sh\n resources:\n requests:\n huawei.com/Ascend910: 1 # Number of the Ascend 910 Processors\n limits:\n huawei.com/Ascend910: 1 # The value should be the same as that of requests\n volumeMounts:\n - name: hiai-driver\n mountPath: /usr/local/Ascend/driver\n readOnly: true\n - name: slog\n mountPath: /var/log/npu/conf/slog/slog.conf\n - name: localtime # The container time must be the same as the host time\n mountPath: /etc/localtime\n - name: dmp\n mountPath: /var/dmp_daemon\n - name: slogd\n mountPath: /var/slogd\n - name: hbasic\n mountPath: /etc/hdcBasic.cfg\n - name: sys-version\n mountPath: /etc/sys_version.conf\n - name: aicpu\n mountPath: /usr/lib64/aicpu_kernels\n - name: tfso\n mountPath: /usr/lib64/libtensorflow.so\n - name: sample-path\n mountPath: /root/samples\n volumes:\n - name: hiai-driver\n hostPath:\n path: /usr/local/Ascend/driver\n - name: slog\n hostPath:\n path: /var/log/npu/conf/slog/slog.conf\n - name: localtime\n hostPath:\n path: /etc/localtime\n - name: dmp\n hostPath:\n path: /var/dmp_daemon\n - name: slogd\n hostPath:\n path: /var/slogd\n - name: hbasic\n hostPath:\n path: /etc/hdcBasic.cfg\n - name: sys-version\n hostPath:\n path: /etc/sys_version.conf\n - name: aicpu\n hostPath:\n path: /usr/lib64/aicpu_kernels\n - name: tfso\n hostPath:\n path: /usr/lib64/libtensorflow.so\n - name: sample-path\n hostPath:\n path: /root/samples\n restartPolicy: OnFailure\n
Some fields in the above YAML need to be modified according to the actual situation:
Deploy a Job and check its results
Use the following command to create a Job:
kubectl apply -f ascend-demo.yaml\n
Check the Pod running status:
After the Pod runs successfully, check the log results. The key prompt information on the screen is shown in the figure below. The Label indicates the category identifier, Conf indicates the maximum confidence of the classification, and Class indicates the belonging category. These values may vary depending on the version and environment, so please refer to the actual situation:
Result image display:
Confirm whether the cluster has detected the GPU. Click Clusters -> Cluster Settings -> Addon Plugins , and check whether the proper GPU type is automatically enabled and detected. Currently, the cluster will automatically enable GPU and set the GPU type to Ascend .
Deploy the workload. Click Clusters -> Workloads , deploy the workload through an image, select the type (Ascend), and then configure the number of physical cards used by the application:
Number of Physical Cards (huawei.com/Ascend910) : This indicates how many physical cards the current Pod needs to mount. The input value must be an integer and less than or equal to the number of cards on the host.
If there is an issue with the above configuration, it will result in scheduling failure and resource allocation issues.
This article will introduce the prerequisites for configuring GPU when creating a virtual machine.
The key point of configuring GPU for virtual machines is to configure the GPU Operator so that different software components can be deployed on working nodes depending on the GPU workloads configured on these nodes. Taking the following three nodes as examples:
Working nodes can run GPU-accelerated containers, virtual machines with direct GPUs, or virtual machines with vGPUs, but not a combination of any.
To enable the GPU direct pass-through feature, the cluster nodes need to enable IOMMU. Please refer to How to Enable IOMMU. If your cluster is running on a virtual machine, consult your virtual machine platform provider.
"},{"location":"en/admin/virtnest/vm/vm-gpu.html#build-vgpu-manager-image","title":"Build vGPU Manager Image","text":"Note: Building a vGPU Manager image is only required when using NVIDIA vGPUs. If you plan to use only GPU direct pass-through, skip this section.
The following are the steps to build the vGPU Manager image and push it to the container registry:
Download the vGPU software from the NVIDIA Licensing Portal.
NVIDIA-Linux-x86_64-<version>-vgpu-kvm.run
).Clone the container-images/driver repository in the terminal
git clone https://gitlab.com/nvidia/container-images/driver cd driver\n
Switch to the vgpu-manager directory for your operating system
cd vgpu-manager/<your-os>\n
Copy the .run file extracted in step 1 to the current directory
cp <local-driver-download-directory>/*-vgpu-kvm.run ./\n
Set environment variables
export PRIVATE_REGISTRY=my/private/registry VERSION=510.73.06 OS_TAG=ubuntu22.04 CUDA_VERSION=12.2.0\n
Build the NVIDIA vGPU Manager Image
docker build \\\n --build-arg DRIVER_VERSION=${VERSION} \\\n --build-arg CUDA_VERSION=${CUDA_VERSION} \\\n -t ${PRIVATE_REGISTRY}/vgpu-manager:${VERSION}-${OS_TAG} .\n
Push the NVIDIA vGPU Manager image to your container registry
docker push ${PRIVATE_REGISTRY}/vgpu-manager:${VERSION}-${OS_TAG}\n
Go to Container Management , select your worker cluster and click Nodes. On the right of the list, click \u2507 and select Edit Labels to add labels to the nodes. Each node can only have one label.
You can assign the following values to the labels: container, vm-passthrough, and vm-vgpu.
"},{"location":"en/admin/virtnest/vm/vm-gpu.html#install-nvidia-operator","title":"Install Nvidia Operator","text":"Go to Container Management , select your worker cluster, click Helm Apps -> Helm Charts , choose and install gpu-operator. You need to modify some fields in the yaml.
gpu-operator.sandboxWorkloads.enabled=true\ngpu-operator.vgpuManager.enabled=true\ngpu-operator.vgpuManager.repository=<your-register-url> # (1)!\ngpu-operator.vgpuManager.image=vgpu-manager\ngpu-operator.vgpuManager.version=<your-vgpu-manager-version> # (2)!\ngpu-operator.vgpuDeviceManager.enabled=true\n
Wait for the installation to be successful, as shown in the image below:
Install virtnest-agent, refer to Install virtnest-agent.
Add vGPU and GPU direct pass-through to the Virtnest Kubevirt CR. The following example shows the key yaml after adding vGPU and GPU direct pass-through:
spec:\n configuration:\n developerConfiguration:\n featureGates:\n - GPU\n - DisableMDEVConfiguration\n # Fill in the information below\n permittedHostDevices:\n mediatedDevices: # vGPU\n - mdevNameSelector: GRID P4-1Q\n resourceName: nvidia.com /GRID_P4-1Q\n pciHostDevices: # GPU direct pass-through\n - externalResourceProvider: true\n pciVendorSelector: 10DE:1BB3\n resourceName: nvidia.com /GP104GL_TESLA_P4\n
In the kubevirt CR yaml, permittedHostDevices
is used to import VM devices, and vGPU should be added in mediatedDevices
with the following structure:
mediatedDevices: \n- mdevNameSelector: GRID P4-1Q # Device Name\n resourceName: nvidia.com/GRID_P4-1Q # vGPU information registered by GPU Operator to the node\n
GPU direct pass-through should be added in pciHostDevices
under permittedHostDevices
with the following structure:
pciHostDevices: \n- externalResourceProvider: true # Do not change by default\n pciVendorSelector: 10DE:1BB3 # Vendor id of the current pci device\n resourceName: nvidia.com/GP104GL_TESLA_P4 # GPU information registered by GPU Operator to the node\n
Example of obtaining vGPU information (only applicable to vGPU): View node information on a node marked as nvidia.com/gpu.workload.config=vm-vgpu
(e.g., work-node-2), and the nvidia.com/GRID_P4-1Q: 8
in Capacity indicates available vGPUs:
# kubectl describe node work-node-2\nCapacity:\n cpu: 64\n devices.kubevirt.io/kvm: 1k\n devices.kubevirt.io/tun: 1k\n devices.kubevirt.io/vhost-net: 1k\n ephemeral-storage: 102626232Ki\n hugepages-1Gi: 0\n hugepages-2Mi: 0\n memory: 264010840Ki\n nvidia.com/GRID_P4-1Q : 8\n pods: 110\nAllocatable:\n cpu: 64\n devices.kubevirt.io/kvm: 1k\n devices.kubevirt.io/tun: 1k\n devices.kubevirt.io/vhost-net: 1k\n ephemeral-storage: 94580335255\n hugepages-1Gi: 0\n hugepages-2Mi: 0\n memory: 263908440Ki\n nvidia.com/GRID_P4-1Q: 8\n pods: 110\n
So the mdevNameSelector
should be \"GRID P4-1Q\" and the resourceName
should be \"GRID_P4-1Q\".
Obtain GPU direct pass-through information: On a node marked as nvidia.com/gpu.workload.config=vm-passthrough
(e.g., work-node-1), view the node information, and nvidia.com/GP104GL_TESLA_P4: 2
in Capacity indicates available vGPUs:
# kubectl describe node work-node-1\nCapacity:\n cpu: 64\n devices.kubevirt.io/kvm: 1k\n devices.kubevirt.io/tun: 1k\n devices.kubevirt.io/vhost-net: 1k\n ephemeral-storage: 102626232Ki\n hugepages-1Gi: 0\n hugepages-2Mi: 0\n memory: 264010840Ki\n nvidia.com/GP104GL_TESLA_P4: 2\n pods: 110\nAllocatable:\n cpu: 64\n devices.kubevirt.io/kvm: 1k\n devices.kubevirt.io/tun: 1k\n devices.kubevirt.io/vhost-net: 1k\n ephemeral-storage: 94580335255\n hugepages-1Gi: 0\n hugepages-2Mi: 0\n memory: 263908440Ki\n nvidia.com/GP104GL_TESLA_P4: 2\n pods: 110\n
So the resourceName
should be \"GRID_P4-1Q\". How to obtain the pciVendorSelector
? SSH into the target node work-node-1 and use the command \"lspci -nnk -d 10de:\" to get the Nvidia GPU PCI information, as shown in the image above.
Editing kubevirt CR note: If there are multiple GPUs of the same model, only one needs to be written in the CR, listing each GPU is not necessary.
# kubectl -n virtnest-system edit kubevirt kubevirt\nspec:\n configuration:\n developerConfiguration:\n featureGates:\n - GPU\n - DisableMDEVConfiguration\n # Fill in the information below\n permittedHostDevices:\n mediatedDevices: # vGPU\n - mdevNameSelector: GRID P4-1Q\n resourceName: nvidia.com/GRID_P4-1Q\n pciHostDevices: # GPU direct pass-through, in the above example, TEESLA P4 has two GPUs, only register one here\n - externalResourceProvider: true\n pciVendorSelector: 10DE:1BB3\n resourceName: nvidia.com/GP104GL_TESLA_P4 \n
The only difference from a regular virtual machine is adding GPU-related information in the devices section.
Click to view complete YAMLapiVersion: kubevirt.io/v1\nkind: VirtualMachine\nmetadata:\n name: testvm-gpu1\n namespace: default\nspec:\n dataVolumeTemplates:\n - metadata:\n creationTimestamp: null\n name: systemdisk-testvm-gpu1\n namespace: default\n spec:\n pvc:\n accessModes:\n - ReadWriteOnce\n resources:\n requests:\n storage: 10Gi\n storageClassName: www\n source:\n registry:\n url: docker://release-ci.daocloud.io/virtnest/system-images/debian-12-x86_64:v1\nrunStrategy: Manual\ntemplate:\n metadata:\n creationTimestamp: null\n spec:\n domain:\n cpu:\n cores: 1\n sockets: 1\n threads: 1\n devices:\n disks:\n - bootOrder: 1\n disk:\n bus: virtio\n name: systemdisk-testvm-gpu1\n - disk:\n bus: virtio\n name: cloudinitdisk\n gpus:\n - deviceName: nvidia.com/GP104GL_TESLA_P4\n name: gpu-0-0\n - deviceName: nvidia.com/GP104GL_TESLA_P4\n name: gpu-0-1\n interfaces:\n - masquerade: {}\n name: default\n machine:\n type: q35\n resources:\n requests:\n memory: 2Gi\n networks:\n - name: default\n pod: {}\n volumes:\n - dataVolume:\n name: systemdisk-testvm-gpu1\n name: systemdisk-testvm-gpu1\n - cloudInitNoCloud:\n userDataBase64: I2Nsb3VkLWNvbmZpZwpzc2hfcHdhdXRoOiB0cnVlCmRpc2FibGVfcm9vdDogZmFsc2UKY2hwYXNzd2Q6IHsibGlzdCI6ICJyb290OmRhbmdlcm91cyIsIGV4cGlyZTogRmFsc2V9CgoKcnVuY21kOgogIC0gc2VkIC1pICIvI1w/UGVybWl0Um9vdExvZ2luL3MvXi4qJC9QZXJtaXRSb290TG9naW4geWVzL2ciIC9ldGMvc3NoL3NzaGRfY29uZmlnCiAgLSBzeXN0ZW1jdGwgcmVzdGFydCBzc2guc2VydmljZQ==\n name: cloudinitdisk\n
"},{"location":"en/end-user/index.html","title":"Suanova AI Platform - End User","text":"This is the user documentation for the Suanova AI Platform aimed at end users.
User Registration
User registration is the first step to using the AI platform.
Cloud Host
A cloud host is a virtual machine deployed in the cloud.
Container Management
Container management is the core module of the AI computing center.
AI Lab
Manage datasets and run AI training and inference jobs.
Insight
Monitor the status of clusters, nodes, and workloads through dashboards.
Personal Center
Set password, keys, and language in the personal center.
This article serves as a straightforward manual for users to leverage AI Lab throughout the development and training process involving datasets, Notebooks, and job training.
"},{"location":"en/end-user/baize/quick-start.html#preparing-your-dataset","title":"Preparing Your Dataset","text":"Start by clicking on Data Management -> Datasets, and then select the Create button to set up the three datasets outlined below.
"},{"location":"en/end-user/baize/quick-start.html#dataset-training-code","title":"Dataset: Training Code","text":"tensorflow/tf-fashion-mnist-sample
Note
Currently, only the StorageClass
with read-write mode ReadWriteMany
is supported. Please use NFS or the recommended JuiceFS.
For this training session, we will use the Fashion-MNIST dataset, which can be found at https://github.com/zalandoresearch/fashion-mnist.git.
If you're in China, you can use Gitee for a quicker download: https://gitee.com/samzong_lu/fashion-mnist.git
Note
If the training data dataset isn't created beforehand, it will be automatically downloaded during the training script execution. Preparing the dataset in advance can help speed up the training process.
"},{"location":"en/end-user/baize/quick-start.html#dataset-empty-dataset","title":"Dataset: Empty Dataset","text":"AI Lab allows you to use PVC
as the data source type for datasets. After creating an empty PVC bound to the dataset, you can utilize this empty dataset to store the output datasets from future training jobs, including models and logs.
When running the script, you'll need the TensorFlow
Python library. You can use AI Lab's environment dependency management feature to download and prepare the necessary Python libraries in advance, eliminating the need for image builds.
Check out the Environment Dependency guide to add a CONDA
environment.
name: tensorflow\nchannels:\n - defaults\n - conda-forge\ndependencies:\n - python=3.12\n - tensorflow\nprefix: /opt/conda/envs/tensorflow\n
Note
After the environment is successfully set up, you only need to mount this environment to the Notebook or training jobs, using the base image provided by AI Lab.
"},{"location":"en/end-user/baize/quick-start.html#using-a-notebook-to-debug-your-script","title":"Using a Notebook to Debug Your Script","text":"Prepare your development environment by clicking on Notebooks in the navigation bar, then hit Create.
Associate the three datasets you prepared earlier, filling in the mount paths as shown in the image below. Make sure to configure the empty dataset in the output dataset location.
Select and bind the environment dependency package.
Wait for the Notebook to be successfully created, then click the access link in the list to enter the Notebook. In the Notebook terminal, run the following command to start the training job:
Note
The script uses TensorFlow; if you forget to associate the dependency library, you can temporarily install it using pip install tensorflow
.
python /home/jovyan/code/tensorflow/tf-fashion-mnist-sample/train.py\n
TensorFlow
job.In the job resource configuration, correctly set up the job resources and click Next.
TensorFlow
Python library.bash
.Enable Command:
python /home/jovyan/code/tensorflow/tf-fashion-mnist-sample/train.py\n
In the advanced configuration, enable Job Analysis (TensorBoard), and click OK.
Note
Logs will be saved in the output dataset at /home/jovyan/model/train/logs/
.
Return to the training job list and wait for the status to change to Success. Click on the \u2507 icon on the right side of the list to view details, clone jobs, update priority, view logs, and delete jobs, among other options.
Once the job is successfully created, click on Job Analysis in the left navigation bar to check the job status and fine-tune your training.
AI Lab provides comprehensive dataset management functions needed for model development, training, and inference processes. Currently, it supports unified access to various data sources.
With simple configurations, you can connect data sources to AI Lab, achieving unified data management, preloading, dataset management, and other functionalities.
"},{"location":"en/end-user/baize/dataset/create-use-delete.html#create-a-dataset","title":"Create a Dataset","text":"In the left navigation bar, click Data Management -> Dataset List, and then click the Create button on the right.
Select the worker cluster and namespace to which the dataset belongs, then click Next.
Configure the data source type for the target data, then click OK.
Currently supported data sources include:
Upon successful creation, the dataset will be returned to the dataset list. You can perform more actions by clicking \u2507 on the right.
Info
The system will automatically perform a one-time data preloading after the dataset is successfully created; the dataset cannot be used until the preloading is complete.
"},{"location":"en/end-user/baize/dataset/create-use-delete.html#use-a-dataset","title":"Use a Dataset","text":"Once the dataset is successfully created, it can be used in tasks such as model training and inference.
"},{"location":"en/end-user/baize/dataset/create-use-delete.html#use-in-notebook","title":"Use in Notebook","text":"In creating a Notebook, you can directly use the dataset; the usage is as follows:
If you find a dataset to be redundant, expired, or no longer needed, you can delete it from the dataset list.
Click the \u2507 on the right side of the dataset list, then choose Delete from the dropdown menu.
In the pop-up window, confirm the dataset you want to delete, enter the dataset name, and then click Delete.
A confirmation message will appear indicating successful deletion, and the dataset will disappear from the list.
Caution
Once a dataset is deleted, it cannot be recovered, so please proceed with caution.
"},{"location":"en/end-user/baize/dataset/environments.html","title":"Manage Python Environment Dependencies","text":"This document aims to guide users on managing environment dependencies using AI platform. Below are the specific steps and considerations.
Traditionally, Python environment dependencies are built into an image, which includes the Python version and dependency packages. This approach has high maintenance costs and is inconvenient to update, often requiring a complete rebuild of the image.
In AI Lab, users can manage pure environment dependencies through the Environment Management module, decoupling this part from the image. The advantages include:
The main components of the environment management are:
On the Environment Management interface, click the Create button at the top right to enter the environment creation process.
Fill in the following basic information:
gpu-cluster
.default
.In the environment configuration step, users need to configure the Python version and dependency management tool.
"},{"location":"en/end-user/baize/dataset/environments.html#environment-settings","title":"Environment Settings","text":"3.12.3
.PIP
or CONDA
.PIP
is selected: Enter the dependency package list in requirements.txt
format in the editor below.CONDA
is selected: Enter the dependency package list in environment.yaml
format in the editor below.ReadWriteMany
.After configuration, click the Create button, and the system will automatically create and configure the new Python environment.
"},{"location":"en/end-user/baize/dataset/environments.html#troubleshooting","title":"Troubleshooting","text":"If environment creation fails:
If dependency preloading fails:
requirements.txt
or environment.yaml
file format is correct.These are the basic steps and considerations for managing Python dependencies in AI Lab.
"},{"location":"en/end-user/baize/inference/models.html","title":"Model Support","text":"With the rapid iteration of AI Lab, we have now supported various model inference services. Here, you can see information about the supported models.
LLama
, Qwen
, ChatGLM
, and more.Note
The support for inference capabilities is related to the version of AI Lab.
You can use GPU types that have been verified by AI platform in AI Lab. For more details, refer to the GPU Support Matrix.
"},{"location":"en/end-user/baize/inference/models.html#triton-inference-server","title":"Triton Inference Server","text":"Through the Triton Inference Server, traditional deep learning models can be well supported. Currently, AI Lab supports mainstream inference backend services:
Backend Supported Model Formats Description pytorch TorchScript, PyTorch 2.0 formats triton-inference-server/pytorch_backend tensorflow TensorFlow 2.x triton-inference-server/tensorflow_backend vLLM (Deprecated) TensorFlow 2.x triton-inference-server/tensorflow_backendDanger
The use of Triton's Backend vLLM method has been deprecated. It is recommended to use the latest support for vLLM to deploy your large language models.
"},{"location":"en/end-user/baize/inference/models.html#vllm","title":"vLLM","text":"With vLLM, we can quickly use large language models. Here, you can see the list of models we support, which generally aligns with the vLLM Support Models
.
Currently, AI Lab also supports some new features when using vLLM as an inference tool:
Lora Adapter
to optimize model inference services during inference.OpenAPI
interface with OpenAI
, making it easy for users to switch to local inference services at a low cost and quickly transition.The AI Lab currently offers Triton and vLLM as inference frameworks. Users can quickly start a high-performance inference service with simple configurations.
Danger
The use of Triton's Backend vLLM method has been deprecated. It is recommended to use the latest support for vLLM to deploy your large language models.
"},{"location":"en/end-user/baize/inference/triton-inference.html#introduction-to-triton","title":"Introduction to Triton","text":"Triton is an open-source inference server developed by NVIDIA, designed to simplify the deployment and inference of machine learning models. It supports a variety of deep learning frameworks, including TensorFlow and PyTorch, enabling users to easily manage and deploy different types of models.
"},{"location":"en/end-user/baize/inference/triton-inference.html#prerequisites","title":"Prerequisites","text":"Prepare model data: Manage the model code in dataset management and ensure that the data is successfully preloaded. The following example illustrates the PyTorch model for mnist handwritten digit recognition.
Note
The model to be inferred must adhere to the following directory structure within the dataset:
<model-repository-name>\n \u2514\u2500\u2500 <model-name>\n \u2514\u2500\u2500 <version>\n \u2514\u2500\u2500 <model-definition-file>\n
The directory structure in this example is as follows:
model-repo\n \u2514\u2500\u2500 mnist-cnn\n \u2514\u2500\u2500 1\n \u2514\u2500\u2500 model.pt\n
"},{"location":"en/end-user/baize/inference/triton-inference.html#create-inference-service","title":"Create Inference Service","text":"Currently, form-based creation is supported, allowing you to create services with field prompts in the interface.
"},{"location":"en/end-user/baize/inference/triton-inference.html#configure-model-path","title":"Configure Model Path","text":"The model path model-repo/mnist-cnn/1/model.pt
must be consistent with the directory structure of the dataset.
Note
The first dimension of the input and output parameters defaults to batchsize
, setting it to -1
allows for the automatic calculation of the batchsize based on the input inference data. The remaining dimensions and data type must match the model's input.
You can import the environment created in Manage Python Environment Dependencies to serve as the runtime environment for inference.
"},{"location":"en/end-user/baize/inference/triton-inference.html#advanced-settings","title":"Advanced Settings","text":""},{"location":"en/end-user/baize/inference/triton-inference.html#configure-authentication-policy","title":"Configure Authentication Policy","text":"Supports API key-based request authentication. Users can customize and add authentication parameters.
"},{"location":"en/end-user/baize/inference/triton-inference.html#affinity-scheduling","title":"Affinity Scheduling","text":"Supports automated affinity scheduling based on GPU resources and other node configurations. It also allows users to customize scheduling policies.
"},{"location":"en/end-user/baize/inference/triton-inference.html#access","title":"Access","text":""},{"location":"en/end-user/baize/inference/triton-inference.html#api-access","title":"API Access","text":"Send HTTP POST Request: Use tools like curl
or HTTP client libraries (e.g., Python's requests
library) to send POST requests to the Triton Server.
Set HTTP Headers: Configuration generated automatically based on user settings, include metadata about the model inputs and outputs in the HTTP headers.
Construct Request Body: The request body usually contains the input data for inference and model-specific metadata.
curl -X POST \"http://<ip>:<port>/v2/models/<inference-name>/infer\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"inputs\": [\n {\n \"name\": \"model_input\", \n \"shape\": [1, 1, 32, 32], \n \"datatype\": \"FP32\", \n \"data\": [\n [0.1234, 0.5678, 0.9101, ... ] \n ]\n }\n ]\n }'\n
<ip>
is the host address where the Triton Inference Server is running.<port>
is the port where the Triton Inference Server is running.<inference-name>
is the name of the inference service that has been created.\"name\"
must match the name
of the input parameter in the model configuration.\"shape\"
must match the dims
of the input parameter in the model configuration.\"datatype\"
must match the Data Type
of the input parameter in the model configuration.\"data\"
should be replaced with the actual inference data.Please note that the above example code needs to be adjusted according to your specific model and environment. The format and content of the input data must also comply with the model's requirements.
"},{"location":"en/end-user/baize/inference/vllm-inference.html","title":"Create Inference Service Using vLLM Framework","text":"AI Lab supports using vLLM as an inference service, offering all the capabilities of vLLM while fully adapting to the OpenAI interface definition.
"},{"location":"en/end-user/baize/inference/vllm-inference.html#introduction-to-vllm","title":"Introduction to vLLM","text":"vLLM is a fast and easy-to-use library for inference and services. It aims to significantly improve the throughput and memory efficiency of language model services in real-time scenarios. vLLM boasts several features in terms of speed and flexibility:
Prepare model data: Manage the model code in dataset management and ensure that the data is successfully preloaded.
"},{"location":"en/end-user/baize/inference/vllm-inference.html#create-inference-service","title":"Create Inference Service","text":"Select the vLLM
inference framework. In the model module selection, choose the pre-created model dataset hdd-models
and fill in the path
information where the model is located within the dataset.
This guide uses the ChatGLM3 model for creating the inference service.
Configure the resources for the inference service and adjust the parameters for running the inference service.
Parameter Name Description GPU Resources Configure GPU resources for inference based on the model scale and cluster resources. Allow Remote Code Controls whether vLLM trusts and executes code from remote sources. LoRA LoRA is a parameter-efficient fine-tuning technique for deep learning models. It reduces the number of parameters and computational complexity by decomposing the original model parameter matrix into low-rank matrices. 1.--lora-modules
: Specifies specific modules or layers for low-rank approximation. 2. max_loras_rank
: Specifies the maximum rank for each adapter layer in the LoRA model. For simpler tasks, a smaller rank value can be chosen, while more complex tasks may require a larger rank value to ensure model performance. 3. max_loras
: Indicates the maximum number of LoRA layers that can be included in the model, customized based on model size and inference complexity. 4. max_cpu_loras
: Specifies the maximum number of LoRA layers that can be handled in a CPU environment. Associated Environment Selects predefined environment dependencies required for inference. Info
For models that support LoRA parameters, refer to vLLM Supported Models.
In the Advanced Configuration , support is provided for automated affinity scheduling based on GPU resources and other node configurations. Users can also customize scheduling policies.
Once the inference service is created, click the name of the inference service to enter the details and view the API call methods. Verify the execution results using Curl, Python, and Node.js.
Copy the curl
command from the details and execute it in the terminal to send a model inference request. The expected output should be:
Job management refers to the functionality of creating and managing job lifecycles through job scheduling and control components.
AI platform Smart Computing Capability adopts Kubernetes' Job mechanism to schedule various AI inference and training jobs.
Click Job Center -> Jobs in the left navigation bar to enter the job list. Click the Create button on the right.
The system will pre-fill basic configuration data, including the cluster, namespace, type, queue, and priority. Adjust these parameters and click Next.
Configure the URL, runtime parameters, and associated datasets, then click Next.
Optionally add labels, annotations, runtime env variables, and other job parameters. Select a scheduling policy and click OK.
After the job is successfully created, it will have several running statuses:
If you find a job to be redundant, expired, or no longer needed for any other reason, you can delete it from the job list.
Click the \u2507 on the right side of the job in the job list, then choose Delete from the dropdown menu.
In the pop-up window, confirm the job you want to delete, enter the job name, and then click Delete.
A confirmation message will appear indicating successful deletion, and the job will disappear from the list.
Caution
Once a job is deleted, it cannot be recovered, so please proceed with caution.
"},{"location":"en/end-user/baize/jobs/mpi.html","title":"MPI Jobs","text":"MPI (Message Passing Interface) is a communication protocol used for parallel computing, allowing multiple computing nodes to exchange messages and collaborate. An MPI job is a job that performs parallel computation using the MPI protocol, suitable for applications requiring large-scale parallel processing, such as distributed training and scientific computing.
In AI Lab, we provide support for MPI jobs, allowing you to quickly create MPI jobs through a graphical interface for high-performance parallel computing. This tutorial will guide you on how to create and run an MPI job in AI Lab.
"},{"location":"en/end-user/baize/jobs/mpi.html#job-configuration-overview","title":"Job Configuration Overview","text":"MPI
, used for running parallel computing jobs.Here we will use the baize-notebook
base image and the associated environment method as the foundational running environment for the job. Ensure that the running environment includes MPI and related libraries, such as OpenMPI and mpi4py
.
Note : For information on how to create an environment, please refer to the Environment List.
"},{"location":"en/end-user/baize/jobs/mpi.html#creating-an-mpi-job","title":"Creating an MPI Job","text":""},{"location":"en/end-user/baize/jobs/mpi.html#steps-to-create-an-mpi-job","title":"Steps to Create an MPI Job","text":"MPI
, then click Next.mpirun
, which is the command to run MPI programs.Example: Running TensorFlow Benchmarks
In this example, we will run a TensorFlow benchmark program using Horovod for distributed training. First, make sure that the image you are using contains the necessary dependencies, such as TensorFlow, Horovod, Open MPI, etc.
Image Selection : Use an image that includes TensorFlow and MPI, such as mai.daocloud.io/docker.io/mpioperator/tensorflow-benchmarks:latest
.
Command Arguments :
mpirun --allow-run-as-root -np 2 -bind-to none -map-by slot \\\n -x NCCL_DEBUG=INFO -x LD_LIBRARY_PATH -x PATH \\\n -mca pml ob1 -mca btl ^openib \\\n python scripts/tf_cnn_benchmarks/tf_cnn_benchmarks.py \\\n --model=resnet101 --batch_size=64 --variable_update=horovod\n
Explanation:
mpirun
: The MPI start command.--allow-run-as-root
: Allows running as the root user (usually the root user in containers).-np 2
: Specifies the number of processes to run as 2.-bind-to none
, -map-by slot
: Configuration for MPI process binding and mapping.-x NCCL_DEBUG=INFO
: Sets the debug information level for NCCL (NVIDIA Collective Communication Library).-x LD_LIBRARY_PATH
, -x PATH
: Passes necessary environment variables in the MPI environment.-mca pml ob1 -mca btl ^openib
: MPI configuration arguments specifying transport and message layer protocols.python scripts/tf_cnn_benchmarks/tf_cnn_benchmarks.py
: Runs the TensorFlow benchmark script.--model=resnet101
, --batch_size=64
, --variable_update=horovod
: Arguments for the TensorFlow script, specifying the model, batch size, and using Horovod for argument updates.In the job configuration, you need to allocate appropriate resources for each node (Launcher and Worker), such as CPU, memory, and GPU.
Resource Example :
Launcher :
Worker :
Below is a complete MPIJob configuration example for your reference.
apiVersion: kubeflow.org/v1\nkind: MPIJob\nmetadata:\n name: tensorflow-benchmarks\nspec:\n slotsPerWorker: 1\n runPolicy:\n cleanPodPolicy: Running\n mpiReplicaSpecs:\n Launcher:\n replicas: 1\n template:\n spec:\n containers:\n - name: tensorflow-benchmarks\n image: mai.daocloud.io/docker.io/mpioperator/tensorflow-benchmarks:latest\n command:\n - mpirun\n - --allow-run-as-root\n - -np\n - \"2\"\n - -bind-to\n - none\n - -map-by\n - slot\n - -x\n - NCCL_DEBUG=INFO\n - -x\n - LD_LIBRARY_PATH\n - -x\n - PATH\n - -mca\n - pml\n - ob1\n - -mca\n - btl\n - ^openib\n - python\n - scripts/tf_cnn_benchmarks/tf_cnn_benchmarks.py\n - --model=resnet101\n - --batch_size=64\n - --variable_update=horovod\n resources:\n limits:\n cpu: \"2\"\n memory: 4Gi\n requests:\n cpu: \"2\"\n memory: 4Gi\n Worker:\n replicas: 2\n template:\n spec:\n containers:\n - name: tensorflow-benchmarks\n image: mai.daocloud.io/docker.io/mpioperator/tensorflow-benchmarks:latest\n resources:\n limits:\n cpu: \"2\"\n memory: 4Gi\n nvidia.com/gpumem: 1k\n nvidia.com/vgpu: \"1\"\n requests:\n cpu: \"2\"\n memory: 4Gi\n
Configuration Explanation:
apiVersion
and kind
: Indicate the API version and type of resource; MPIJob
is a custom resource defined by Kubeflow for creating MPI-type jobs.metadata
: Metadata containing the job name and other information.spec
: Detailed configuration of the job.slotsPerWorker
: Number of slots per Worker node, typically set to 1.runPolicy
: Running policy, such as whether to clean up Pods after job completion.mpiReplicaSpecs
: Replica configuration for the MPI job.Launcher
: The launcher responsible for starting the MPI job.replicas
: Number of replicas, usually 1.template
: Pod template defining the container's running image, command, resources, etc.Worker
: The worker nodes that actually execute the job.replicas
: Number of replicas set according to parallel needs, here set to 2.template
: Pod template defining the container's running environment and resources.When creating an MPI job, you need to correctly set the Job Replica Count according to the number of replicas configured in mpiReplicaSpecs
.
Launcher
replicas + Worker
replicasIn this example:
Launcher
replicas: 1Worker
replicas: 2Therefore, in the job configuration, you need to set the Job Replica Count to 3.
"},{"location":"en/end-user/baize/jobs/mpi.html#submitting-the-job","title":"Submitting the Job","text":"Once the configuration is complete, click the Submit button to start running the MPI job.
"},{"location":"en/end-user/baize/jobs/mpi.html#viewing-the-running-results","title":"Viewing the Running Results","text":"After the job is successfully submitted, you can enter the Job Details page to view resource usage and the job's running status. From the upper right corner, you can access Workload Details to see the log output from each node during the run.
Example Output :
TensorFlow: 1.13\nModel: resnet101\nMode: training\nBatch size: 64\n...\n\nTotal images/sec: 125.67\n
This indicates that the MPI job has successfully run, and the TensorFlow benchmark program has completed distributed training.
"},{"location":"en/end-user/baize/jobs/mpi.html#summary","title":"Summary","text":"Through this tutorial, you have learned how to create and run an MPI job on the AI Lab platform. We detailed the configuration methods for MPIJob and how to specify the running commands and resource requirements in the job. We hope this tutorial is helpful to you; if you have any questions, please refer to other documents provided by the platform or contact technical support.
Appendix :
mpi4py
, Horovod, etc.), please add installation commands in the job or use an image with the relevant dependencies pre-installed.Warning
Since the Apache MXNet project has been archived, the Kubeflow MXJob will be deprecated and removed in the future Training Operator version 1.9.
Apache MXNet is a high-performance deep learning framework that supports multiple programming languages. MXNet jobs can be trained using various methods, including single-node and distributed modes. In AI Lab, we provide support for MXNet jobs, allowing you to quickly create MXNet jobs for model training through an interface.
This tutorial will guide you on how to create and run both single-node and distributed MXNet jobs on the AI Lab platform.
"},{"location":"en/end-user/baize/jobs/mxnet.html#job-configuration-overview","title":"Job Configuration Overview","text":"MXNet
, supporting both single-node and distributed modes.We will use the release-ci.daocloud.io/baize/kubeflow/mxnet-gpu:latest
image as the base running environment for the job. This image comes pre-installed with MXNet and its related dependencies, supporting GPU acceleration.
Note : For information on how to create and manage environments, please refer to the Environment List.
"},{"location":"en/end-user/baize/jobs/mxnet.html#creating-an-mxnet-job","title":"Creating an MXNet Job","text":""},{"location":"en/end-user/baize/jobs/mxnet.html#mxnet-single-node-job","title":"MXNet Single-node Job","text":""},{"location":"en/end-user/baize/jobs/mxnet.html#steps-to-create","title":"Steps to Create","text":"MXNet
, then click Next.python3
Command Arguments :
/mxnet/mxnet/example/gluon/mnist/mnist.py --epochs 10 --cuda\n
Explanation :
/mxnet/mxnet/example/gluon/mnist/mnist.py
: The MNIST handwritten digit recognition example script provided by MXNet.--epochs 10
: Sets the number of training epochs to 10.--cuda
: Uses CUDA for GPU acceleration.Below is the YAML configuration for a single-node MXJob:
apiVersion: \"kubeflow.org/v1\"\nkind: \"MXJob\"\nmetadata:\n name: \"mxnet-single-job\"\nspec:\n jobMode: MXTrain\n mxReplicaSpecs:\n Worker:\n replicas: 1\n restartPolicy: Never\n template:\n spec:\n containers:\n - name: mxnet\n image: release-ci.daocloud.io/baize/kubeflow/mxnet-gpu:latest\n command: [\"python3\"]\n args:\n [\n \"/mxnet/mxnet/example/gluon/mnist/mnist.py\",\n \"--epochs\",\n \"10\",\n \"--cuda\",\n ]\n ports:\n - containerPort: 9991\n name: mxjob-port\n resources:\n limits:\n cpu: \"2\"\n memory: 4Gi\n nvidia.com/gpu: 1\n requests:\n cpu: \"2\"\n memory: 4Gi\n nvidia.com/gpu: 1\n
Configuration Explanation :
apiVersion
and kind
: Specify the API version and type of resource; here it is MXJob
.metadata
: Metadata including the job name and other information.spec
: Detailed configuration of the job.jobMode
: Set to MXTrain
, indicating a training job.mxReplicaSpecs
: Replica configuration for the MXNet job.Worker
: Specifies the configuration for worker nodes.replicas
: Number of replicas, here set to 1.restartPolicy
: Restart policy set to Never
, indicating that the job will not restart if it fails.template
: Pod template defining the running environment and resources for the container.containers
: List of containers.name
: Container name.image
: The image used.command
and args
: Start command and arguments.ports
: Container port configuration.resources
: Resource requests and limits.Once the configuration is complete, click the Submit button to start running the MXNet single-node job.
"},{"location":"en/end-user/baize/jobs/mxnet.html#viewing-the-results","title":"Viewing the Results","text":"After the job is successfully submitted, you can enter the Job Details page to view resource usage and the job's running status. You can access Workload Details from the upper right corner to see the log output during the run.
Example Output :
Epoch 1: accuracy=0.95\nEpoch 2: accuracy=0.97\n...\nEpoch 10: accuracy=0.98\nTraining completed.\n
This indicates that the MXNet single-node job has run successfully and the model training has been completed.
"},{"location":"en/end-user/baize/jobs/mxnet.html#mxnet-distributed-job","title":"MXNet Distributed Job","text":"In distributed mode, the MXNet job can utilize multiple computing nodes to complete training, improving training efficiency.
"},{"location":"en/end-user/baize/jobs/mxnet.html#steps-to-create_1","title":"Steps to Create","text":"MXNet
, then click Next.python3
Command Arguments :
/mxnet/mxnet/example/image-classification/train_mnist.py --num-epochs 10 --num-layers 2 --kv-store dist_device_sync --gpus 0\n
Explanation :
/mxnet/mxnet/example/image-classification/train_mnist.py
: The image classification example script provided by MXNet.--num-epochs 10
: Sets the number of training epochs to 10.--num-layers 2
: Sets the number of layers in the model to 2.--kv-store dist_device_sync
: Uses distributed device synchronization mode.--gpus 0
: Uses GPU for acceleration.Below is the YAML configuration for a distributed MXJob:
apiVersion: \"kubeflow.org/v1\"\nkind: \"MXJob\"\nmetadata:\n name: \"mxnet-job\"\nspec:\n jobMode: MXTrain\n mxReplicaSpecs:\n Scheduler:\n replicas: 1\n restartPolicy: Never\n template:\n spec:\n containers:\n - name: mxnet\n image: release-ci.daocloud.io/baize/kubeflow/mxnet-gpu:latest\n ports:\n - containerPort: 9991\n name: mxjob-port\n resources:\n limits:\n cpu: \"2\"\n memory: 4Gi\n nvidia.com/gpu: 1\n requests:\n cpu: \"2\"\n memory: 4Gi\n Server:\n replicas: 1\n restartPolicy: Never\n template:\n spec:\n containers:\n - name: mxnet\n image: release-ci.daocloud.io/baize/kubeflow/mxnet-gpu:latest\n ports:\n - containerPort: 9991\n name: mxjob-port\n resources:\n limits:\n cpu: \"2\"\n memory: 4Gi\n nvidia.com/gpu: 1\n requests:\n cpu: \"2\"\n memory: 4Gi\n Worker:\n replicas: 1\n restartPolicy: Never\n template:\n spec:\n containers:\n - name: mxnet\n image: release-ci.daocloud.io/baize/kubeflow/mxnet-gpu:latest\n command: [\"python3\"]\n args:\n [\n \"/mxnet/mxnet/example/image-classification/train_mnist.py\",\n \"--num-epochs\",\n \"10\",\n \"--num-layers\",\n \"2\",\n \"--kv-store\",\n \"dist_device_sync\",\n \"--gpus\",\n \"0\",\n ]\n ports:\n - containerPort: 9991\n name: mxjob-port\n resources:\n limits:\n cpu: \"2\"\n memory: 4Gi\n nvidia.com/gpu: 1\n requests:\n cpu: \"2\"\n memory: 4Gi\n
Configuration Explanation :
When creating a distributed MXNet job, you need to correctly set the Job Replica Count based on the replica counts configured in mxReplicaSpecs
.
Therefore, in the job configuration, you need to set the Job Replica Count to 3.
"},{"location":"en/end-user/baize/jobs/mxnet.html#submitting-the-job_1","title":"Submitting the Job","text":"Once the configuration is complete, click the Submit button to start running the MXNet distributed job.
"},{"location":"en/end-user/baize/jobs/mxnet.html#viewing-the-results_1","title":"Viewing the Results","text":"You can enter the Job Details page to view the job's running status and resource usage. You can check the log output from each role (Scheduler, Server, Worker).
Example Output :
INFO:root:Epoch[0] Batch [50] Speed: 1000 samples/sec accuracy=0.85\nINFO:root:Epoch[0] Batch [100] Speed: 1200 samples/sec accuracy=0.87\n...\nINFO:root:Epoch[9] Batch [100] Speed: 1300 samples/sec accuracy=0.98\nTraining completed.\n
This indicates that the MXNet distributed job has run successfully, and the model training has been completed.
"},{"location":"en/end-user/baize/jobs/mxnet.html#summary","title":"Summary","text":"Through this tutorial, you have learned how to create and run both single-node and distributed MXNet jobs on the AI Lab platform. We provided detailed information on configuring the MXJob and how to specify running commands and resource requirements in the job. We hope this tutorial is helpful to you; if you have any questions, please refer to other documents provided by the platform or contact technical support.
"},{"location":"en/end-user/baize/jobs/mxnet.html#appendix","title":"Appendix","text":"Notes :
Reference Documents :
PaddlePaddle is an open-source deep learning platform developed by Baidu, supporting a rich variety of neural network models and distributed training methods. PaddlePaddle jobs can be trained using either single-node or distributed modes. On the AI Lab platform, we provide support for PaddlePaddle jobs, allowing you to quickly create PaddlePaddle jobs for model training through a graphical interface.
This tutorial will guide you on how to create and run both single-node and distributed PaddlePaddle jobs on the AI Lab platform.
"},{"location":"en/end-user/baize/jobs/paddle.html#job-configuration-overview","title":"Job Configuration Overview","text":"PaddlePaddle
, supporting both single-node and distributed modes.We use the registry.baidubce.com/paddlepaddle/paddle:2.4.0rc0-cpu
image as the base running environment for the job. This image comes pre-installed with the PaddlePaddle framework and is suitable for CPU computations. If you need to use GPU, choose the proper GPU version of the image.
Note : For information on how to create and manage environments, refer to the Environment List.
"},{"location":"en/end-user/baize/jobs/paddle.html#creating-a-paddlepaddle-job","title":"Creating a PaddlePaddle Job","text":""},{"location":"en/end-user/baize/jobs/paddle.html#paddlepaddle-single-node-training-job","title":"PaddlePaddle Single-node Training Job","text":""},{"location":"en/end-user/baize/jobs/paddle.html#steps-to-create","title":"Steps to Create","text":"PaddlePaddle
, then click Next.python
Command Arguments :
-m paddle.distributed.launch run_check\n
Explanation :
-m paddle.distributed.launch
: Uses the distributed launch module provided by PaddlePaddle, which can also be used in single-node mode for easier future migration to distributed mode.run_check
: A test script provided by PaddlePaddle to check if the distributed environment is set up correctly.Below is the YAML configuration for a single-node PaddleJob:
apiVersion: kubeflow.org/v1\nkind: PaddleJob\nmetadata:\n name: paddle-simple-cpu\n namespace: kubeflow\nspec:\n paddleReplicaSpecs:\n Worker:\n replicas: 1\n restartPolicy: OnFailure\n template:\n spec:\n containers:\n - name: paddle\n image: registry.baidubce.com/paddlepaddle/paddle:2.4.0rc0-cpu\n command:\n [\n 'python',\n '-m',\n 'paddle.distributed.launch',\n 'run_check',\n ]\n
Configuration Explanation :
apiVersion
and kind
: Specify the API version and type of resource; here it is PaddleJob
.metadata
: Metadata including the job name and namespace.spec
: Detailed configuration of the job.paddleReplicaSpecs
: Replica configuration for the PaddlePaddle job.Worker
: Specifies the configuration for worker nodes.replicas
: Number of replicas, here set to 1 for single-node training.restartPolicy
: Restart policy set to OnFailure
, indicating that the job will automatically restart if it fails.template
: Pod template defining the running environment and resources for the container.containers
: List of containers.name
: Container name.image
: The image used.command
: Start command and arguments.Once the configuration is complete, click the Submit button to start running the PaddlePaddle single-node job.
"},{"location":"en/end-user/baize/jobs/paddle.html#viewing-the-results","title":"Viewing the Results","text":"After the job is successfully submitted, you can enter the Job Details page to view resource usage and the job's running status. You can access Workload Details from the upper right corner to see the log output during the run.
Example Output :
run check success, PaddlePaddle is installed correctly on this node :)\n
This indicates that the PaddlePaddle single-node job has run successfully and the environment is configured correctly.
"},{"location":"en/end-user/baize/jobs/paddle.html#paddlepaddle-distributed-training-job","title":"PaddlePaddle Distributed Training Job","text":"In distributed mode, PaddlePaddle jobs can utilize multiple computing nodes to complete training, improving training efficiency.
"},{"location":"en/end-user/baize/jobs/paddle.html#steps-to-create_1","title":"Steps to Create","text":"PaddlePaddle
, then click Next.python
Command Arguments :
-m paddle.distributed.launch train.py --epochs=10\n
Explanation :
-m paddle.distributed.launch
: Uses the distributed launch module provided by PaddlePaddle.train.py
: Your training script, which needs to be included in the image or mounted into the container.--epochs=10
: Sets the number of training epochs to 10.Worker
replica count; here it is 2.Below is the YAML configuration for a distributed PaddleJob:
apiVersion: kubeflow.org/v1\nkind: PaddleJob\nmetadata:\n name: paddle-distributed-job\n namespace: kubeflow\nspec:\n paddleReplicaSpecs:\n Worker:\n replicas: 2\n restartPolicy: OnFailure\n template:\n spec:\n containers:\n - name: paddle\n image: registry.baidubce.com/paddlepaddle/paddle:2.4.0rc0-cpu\n command:\n [\n 'python',\n '-m',\n 'paddle.distributed.launch',\n 'train.py',\n ]\n args:\n - '--epochs=10'\n
Configuration Explanation :
Worker
:replicas
: Set to 2, indicating that 2 worker nodes will be used for distributed training.When creating a distributed PaddlePaddle job, you need to set the Job Replica Count correctly based on the replica count configured in paddleReplicaSpecs
.
Worker
replica countWorker
replica count: 2Therefore, in the job configuration, you need to set the Job Replica Count to 2.
"},{"location":"en/end-user/baize/jobs/paddle.html#submitting-the-job_1","title":"Submitting the Job","text":"Once the configuration is complete, click the Submit button to start running the PaddlePaddle distributed job.
"},{"location":"en/end-user/baize/jobs/paddle.html#viewing-the-results_1","title":"Viewing the Results","text":"You can enter the Job Details page to view the job's running status and resource usage. You can check the log output from each worker node to confirm that the distributed training is running correctly.
Example Output :
Worker 0: Epoch 1, Batch 100, Loss 0.5\nWorker 1: Epoch 1, Batch 100, Loss 0.6\n...\nTraining completed.\n
This indicates that the PaddlePaddle distributed job has run successfully, and the model training has been completed.
"},{"location":"en/end-user/baize/jobs/paddle.html#summary","title":"Summary","text":"Through this tutorial, you have learned how to create and run both single-node and distributed PaddlePaddle jobs on the AI Lab platform. We provided detailed information on configuring the PaddleJob and how to specify running commands and resource requirements in the job. We hope this tutorial is helpful to you; if you have any questions, please refer to other documents provided by the platform or contact technical support.
"},{"location":"en/end-user/baize/jobs/paddle.html#appendix","title":"Appendix","text":"Notes :
train.py
(or other training scripts) exists inside the container. You can place the script in the container through custom images or by mounting persistent storage.paddle:2.4.0rc0-gpu
for GPU.command
and args
to pass different training arguments.Reference Documents :
Pytorch is an open-source deep learning framework that provides a flexible environment for training and deployment. A Pytorch job is a job that uses the Pytorch framework.
In the AI Lab platform, we provide support and adaptation for Pytorch jobs. Through a graphical interface, you can quickly create Pytorch jobs and perform model training.
"},{"location":"en/end-user/baize/jobs/pytorch.html#job-configuration","title":"Job Configuration","text":"Pytorch Single
and Pytorch Distributed
modes.Here we use the baize-notebook
base image and the associated environment
as the basic runtime environment for the job.
To learn how to create an environment, refer to Environments.
"},{"location":"en/end-user/baize/jobs/pytorch.html#create-jobs","title":"Create Jobs","text":""},{"location":"en/end-user/baize/jobs/pytorch.html#pytorch-single-jobs","title":"Pytorch Single Jobs","text":"Pytorch Single
and click Next .bash
import torch\nimport torch.nn as nn\nimport torch.optim as optim\n\n# Define a simple neural network\nclass SimpleNet(nn.Module):\n def __init__(self):\n super(SimpleNet, self).__init__()\n self.fc = nn.Linear(10, 1)\n\n def forward(self, x):\n return self.fc(x)\n\n# Create model, loss function, and optimizer\nmodel = SimpleNet()\ncriterion = nn.MSELoss()\noptimizer = optim.SGD(model.parameters(), lr=0.01)\n\n# Generate some random data\nx = torch.randn(100, 10)\ny = torch.randn(100, 1)\n\n# Train the model\nfor epoch in range(100):\n # Forward pass\n outputs = model(x)\n loss = criterion(outputs, y)\n\n # Backward pass and optimization\n optimizer.zero_grad()\n loss.backward()\n optimizer.step()\n\n if (epoch + 1) % 10 == 0:\n print(f'Epoch [{epoch+1}/100], Loss: {loss.item():.4f}')\n\nprint('Training finished.')\n
"},{"location":"en/end-user/baize/jobs/pytorch.html#results","title":"Results","text":"Once the job is successfully submitted, we can enter the job details to see the resource usage. From the upper right corner, go to Workload Details to view the log output during the training process.
[HAMI-core Warn(1:140244541377408:utils.c:183)]: get default cuda from (null)\n[HAMI-core Msg(1:140244541377408:libvgpu.c:855)]: Initialized\nEpoch [10/100], Loss: 1.1248\nEpoch [20/100], Loss: 1.0486\nEpoch [30/100], Loss: 0.9969\nEpoch [40/100], Loss: 0.9611\nEpoch [50/100], Loss: 0.9360\nEpoch [60/100], Loss: 0.9182\nEpoch [70/100], Loss: 0.9053\nEpoch [80/100], Loss: 0.8960\nEpoch [90/100], Loss: 0.8891\nEpoch [100/100], Loss: 0.8841\nTraining finished.\n[HAMI-core Msg(1:140244541377408:multiprocess_memory_limit.c:468)]: Calling exit handler 1\n
"},{"location":"en/end-user/baize/jobs/pytorch.html#pytorch-distributed-jobs","title":"Pytorch Distributed Jobs","text":"Pytorch Distributed
and click Next.bash
import os\nimport torch\nimport torch.distributed as dist\nimport torch.nn as nn\nimport torch.optim as optim\nfrom torch.nn.parallel import DistributedDataParallel as DDP\n\nclass SimpleModel(nn.Module):\n def __init__(self):\n super(SimpleModel, self).__init__()\n self.fc = nn.Linear(10, 1)\n\n def forward(self, x):\n return self.fc(x)\n\ndef train():\n # Print environment information\n print(f'PyTorch version: {torch.__version__}')\n print(f'CUDA available: {torch.cuda.is_available()}')\n if torch.cuda.is_available():\n print(f'CUDA version: {torch.version.cuda}')\n print(f'CUDA device count: {torch.cuda.device_count()}')\n\n rank = int(os.environ.get('RANK', '0'))\n world_size = int(os.environ.get('WORLD_SIZE', '1'))\n\n print(f'Rank: {rank}, World Size: {world_size}')\n\n # Initialize distributed environment\n try:\n if world_size > 1:\n dist.init_process_group('nccl')\n print('Distributed process group initialized successfully')\n else:\n print('Running in non-distributed mode')\n except Exception as e:\n print(f'Error initializing process group: {e}')\n return\n\n # Set device\n try:\n if torch.cuda.is_available():\n device = torch.device(f'cuda:{rank % torch.cuda.device_count()}')\n print(f'Using CUDA device: {device}')\n else:\n device = torch.device('cpu')\n print('CUDA not available, using CPU')\n except Exception as e:\n print(f'Error setting device: {e}')\n device = torch.device('cpu')\n print('Falling back to CPU')\n\n try:\n model = SimpleModel().to(device)\n print('Model moved to device successfully')\n except Exception as e:\n print(f'Error moving model to device: {e}')\n return\n\n try:\n if world_size > 1:\n ddp_model = DDP(model, device_ids=[rank % torch.cuda.device_count()] if torch.cuda.is_available() else None)\n print('DDP model created successfully')\n else:\n ddp_model = model\n print('Using non-distributed model')\n except Exception as e:\n print(f'Error creating DDP model: {e}')\n return\n\n loss_fn = nn.MSELoss()\n optimizer = optim.SGD(ddp_model.parameters(), lr=0.001)\n\n # Generate some random data\n try:\n data = torch.randn(100, 10, device=device)\n labels = torch.randn(100, 1, device=device)\n print('Data generated and moved to device successfully')\n except Exception as e:\n print(f'Error generating or moving data to device: {e}')\n return\n\n for epoch in range(10):\n try:\n ddp_model.train()\n outputs = ddp_model(data)\n loss = loss_fn(outputs, labels)\n optimizer.zero_grad()\n loss.backward()\n optimizer.step()\n\n if rank == 0:\n print(f'Epoch {epoch}, Loss: {loss.item():.4f}')\n except Exception as e:\n print(f'Error during training epoch {epoch}: {e}')\n break\n\n if world_size > 1:\n dist.destroy_process_group()\n\nif __name__ == '__main__':\n train()\n
"},{"location":"en/end-user/baize/jobs/pytorch.html#number-of-job-replicas","title":"Number of Job Replicas","text":"Note that Pytorch Distributed
training jobs will create a group of Master
and Worker
training Pods, where the Master
is responsible for coordinating the training job, and the Worker
is responsible for the actual training work.
Note
In this demonstration: Master
replica count is 1, Worker
replica count is 2; Therefore, we need to set the replica count to 3 in the Job Configuration , which is the sum of Master
and Worker
replica counts. Pytorch will automatically tune the roles of Master
and Worker
.
Similarly, we can enter the job details to view the resource usage and the log output of each Pod.
"},{"location":"en/end-user/baize/jobs/tensorboard.html","title":"Job Analysis","text":"AI Lab provides important visualization analysis tools provided for the model development process, used to display the training process and results of machine learning models. This document will introduce the basic concepts of Job Analysis (Tensorboard), its usage in the AI Lab system, and how to configure the log content of datasets.
Note
Tensorboard is a visualization tool provided by TensorFlow, used to display the training process and results of machine learning models. It can help developers more intuitively understand the training dynamics of their models, analyze model performance, debug issues, and more.
The role and advantages of Tensorboard in the model development process:
In the AI Lab system, we provide a convenient way to create and manage Tensorboard. Here are the specific steps:
"},{"location":"en/end-user/baize/jobs/tensorboard.html#enable-tensorboard-when-creating-a-notebook","title":"Enable Tensorboard When Creating a Notebook","text":"Enable Tensorboard : On the Notebook creation page, enable the Tensorboard option and specify the dataset and log path.
View Tensorboard After Job Completion : After the job is completed, you can view the Tensorboard link on the job details page. Click the link to see the visualized results of the training process.
In a Notebook, you can directly start Tensorboard through code. Here is a sample code snippet:
# Import necessary libraries\nimport tensorflow as tf\nimport datetime\n\n# Define log directory\nlog_dir = \"logs/fit/\" + datetime.datetime.now().strftime(\"%Y%m%d-%H%M%S\")\n\n# Create Tensorboard callback\ntensorboard_callback = tf.keras.callbacks.TensorBoard(log_dir=log_dir, histogram_freq=1)\n\n# Build and compile model\nmodel = tf.keras.models.Sequential([\n tf.keras.layers.Flatten(input_shape=(28, 28)),\n tf.keras.layers.Dense(512, activation='relu'),\n tf.keras.layers.Dropout(0.2),\n tf.keras.layers.Dense(10, activation='softmax')\n])\n\nmodel.compile(optimizer='adam',\n loss='sparse_categorical_crossentropy',\n metrics=['accuracy'])\n\n# Train model and enable Tensorboard callback\nmodel.fit(x_train, y_train, epochs=5, validation_data=(x_test, y_test), callbacks=[tensorboard_callback])\n
"},{"location":"en/end-user/baize/jobs/tensorboard.html#how-to-configure-dataset-log-content","title":"How to Configure Dataset Log Content","text":"When using Tensorboard, you can record and configure different datasets and log content. Here are some common configuration methods:
"},{"location":"en/end-user/baize/jobs/tensorboard.html#configure-training-and-validation-dataset-logs","title":"Configure Training and Validation Dataset Logs","text":"While training the model, you can use TensorFlow's tf.summary
API to record logs for the training and validation datasets. Here is a sample code snippet:
# Import necessary libraries\nimport tensorflow as tf\n\n# Create log directories\ntrain_log_dir = 'logs/gradient_tape/train'\nval_log_dir = 'logs/gradient_tape/val'\ntrain_summary_writer = tf.summary.create_file_writer(train_log_dir)\nval_summary_writer = tf.summary.create_file_writer(val_log_dir)\n\n# Train model and record logs\nfor epoch in range(EPOCHS):\n for (x_train, y_train) in train_dataset:\n # Training step\n train_step(x_train, y_train)\n with train_summary_writer.as_default():\n tf.summary.scalar('loss', train_loss.result(), step=epoch)\n tf.summary.scalar('accuracy', train_accuracy.result(), step=epoch)\n\n for (x_val, y_val) in val_dataset:\n # Validation step\n val_step(x_val, y_val)\n with val_summary_writer.as_default():\n tf.summary.scalar('loss', val_loss.result(), step=epoch)\n tf.summary.scalar('accuracy', val_accuracy.result(), step=epoch)\n
"},{"location":"en/end-user/baize/jobs/tensorboard.html#configure-custom-logs","title":"Configure Custom Logs","text":"In addition to logs for training and validation datasets, you can also record other custom log content such as learning rate and gradient distribution. Here is a sample code snippet:
# Record custom logs\nwith train_summary_writer.as_default():\n tf.summary.scalar('learning_rate', learning_rate, step=epoch)\n tf.summary.histogram('gradients', gradients, step=epoch)\n
"},{"location":"en/end-user/baize/jobs/tensorboard.html#tensorboard-management","title":"Tensorboard Management","text":"In AI Lab, Tensorboards created through various methods are uniformly displayed on the job analysis page, making it convenient for users to view and manage.
Users can view information such as the link, status, and creation time of Tensorboard on the job analysis page and directly access the visualized results of Tensorboard through the link.
"},{"location":"en/end-user/baize/jobs/tensorflow.html","title":"Tensorflow Jobs","text":"Tensorflow, along with Pytorch, is a highly active open-source deep learning framework that provides a flexible environment for training and deployment.
AI Lab provides support and adaptation for the Tensorflow framework. You can quickly create Tensorflow jobs and conduct model training through graphical operations.
"},{"location":"en/end-user/baize/jobs/tensorflow.html#job-configuration","title":"Job Configuration","text":"Tensorflow Single
and Tensorflow Distributed
modes.Here, we use the baize-notebook
base image and the associated environment
as the basic runtime environment for jobs.
For information on how to create an environment, refer to Environment List.
"},{"location":"en/end-user/baize/jobs/tensorflow.html#creating-a-job","title":"Creating a Job","text":""},{"location":"en/end-user/baize/jobs/tensorflow.html#example-tfjob-single","title":"Example TFJob Single","text":"Tensorflow Single
and click Next .Use AI Lab -> Dataset List to create a dataset and pull the code from a remote GitHub repository into the dataset. This way, when creating a job, you can directly select the dataset and mount the code into the job.
Demo code repository address: https://github.com/d-run/training-sample-code/
"},{"location":"en/end-user/baize/jobs/tensorflow.html#parameters","title":"Parameters","text":"bash
python /code/tensorflow/tf-single.py
\"\"\"\n pip install tensorflow numpy\n\"\"\"\n\nimport tensorflow as tf\nimport numpy as np\n\n# Create some random data\nx = np.random.rand(100, 1)\ny = 2 * x + 1 + np.random.rand(100, 1) * 0.1\n\n# Create a simple model\nmodel = tf.keras.Sequential([\n tf.keras.layers.Dense(1, input_shape=(1,))\n])\n\n# Compile the model\nmodel.compile(optimizer='adam', loss='mse')\n\n# Train the model, setting epochs to 10\nhistory = model.fit(x, y, epochs=10, verbose=1)\n\n# Print the final loss\nprint('Final loss: {' + str(history.history['loss'][-1]) +'}')\n\n# Use the model to make predictions\ntest_x = np.array([[0.5]])\nprediction = model.predict(test_x)\nprint(f'Prediction for x=0.5: {prediction[0][0]}')\n
"},{"location":"en/end-user/baize/jobs/tensorflow.html#results","title":"Results","text":"After the job is successfully submitted, you can enter the job details to see the resource usage. From the upper right corner, navigate to Workload Details to view log outputs during the training process.
"},{"location":"en/end-user/baize/jobs/tensorflow.html#tfjob-distributed-job","title":"TFJob Distributed Job","text":"Tensorflow Distributed
and click Next.This job includes three roles: Chief
, Worker
, and Parameter Server (PS)
.
Different resources are allocated to different roles. Chief
and Worker
use GPUs, while PS
uses CPUs and larger memory.
bash
python /code/tensorflow/tensorflow-distributed.py
import os\nimport json\nimport tensorflow as tf\n\nclass SimpleModel(tf.keras.Model):\n def __init__(self):\n super(SimpleModel, self).__init__()\n self.fc = tf.keras.layers.Dense(1, input_shape=(10,))\n\n def call(self, x):\n return self.fc(x)\n\ndef train():\n # Print environment information\n print(f\"TensorFlow version: {tf.__version__}\")\n print(f\"GPU available: {tf.test.is_gpu_available()}\")\n if tf.test.is_gpu_available():\n print(f\"GPU device count: {len(tf.config.list_physical_devices('GPU'))}\")\n\n # Retrieve distributed training information\n tf_config = json.loads(os.environ.get('TF_CONFIG') or '{}')\n job_type = tf_config.get('job', {}).get('type')\n job_id = tf_config.get('job', {}).get('index')\n\n print(f\"Job type: {job_type}, Job ID: {job_id}\")\n\n # Set up distributed strategy\n strategy = tf.distribute.experimental.MultiWorkerMirroredStrategy()\n\n with strategy.scope():\n model = SimpleModel()\n loss_fn = tf.keras.losses.MeanSquaredError()\n optimizer = tf.keras.optimizers.SGD(learning_rate=0.001)\n\n # Generate some random data\n data = tf.random.normal((100, 10))\n labels = tf.random.normal((100, 1))\n\n @tf.function\n def train_step(inputs, labels):\n with tf.GradientTape() as tape:\n predictions = model(inputs)\n loss = loss_fn(labels, predictions)\n gradients = tape.gradient(loss, model.trainable_variables)\n optimizer.apply_gradients(zip(gradients, model.trainable_variables))\n return loss\n\n for epoch in range(10):\n loss = train_step(data, labels)\n if job_type == 'chief':\n print(f'Epoch {epoch}, Loss: {loss.numpy():.4f}')\n\nif __name__ == '__main__':\n train()\n
"},{"location":"en/end-user/baize/jobs/tensorflow.html#results_1","title":"Results","text":"Similarly, you can enter the job details to view the resource usage and log outputs of each Pod.
"},{"location":"en/end-user/baize/jobs/view.html","title":"View Job Workloads","text":"Once a job is created, it will be displayed in the job list.
In the job list, click the \u2507 on the right side of a job and select Job Workload Details .
A pop-up window will appear asking you to choose which Pod to view. Click Enter .
You will be redirected to the container management interface, where you can view the container\u2019s working status, labels and annotations, and any events that have occurred.
You can also view detailed logs of the current Pod for the recent period. By default, 100 lines of logs are displayed. To view more detailed logs or to download logs, click the blue Insight text at the top.
Additionally, you can use the ... in the upper right corner to view the current Pod's YAML, and to upload or download files. Below is an example of a Pod's YAML.
kind: Pod\napiVersion: v1\nmetadata:\n name: neko-tensorboard-job-test-202404181843-skxivllb-worker-0\n namespace: default\n uid: ddedb6ff-c278-47eb-ae1e-0de9b7c62f8c\n resourceVersion: '41092552'\n creationTimestamp: '2024-04-18T10:43:36Z'\n labels:\n training.kubeflow.org/job-name: neko-tensorboard-job-test-202404181843-skxivllb\n training.kubeflow.org/operator-name: pytorchjob-controller\n training.kubeflow.org/replica-index: '0'\n training.kubeflow.org/replica-type: worker\n annotations:\n cni.projectcalico.org/containerID: 0cfbb9af257d5e69027c603c6cb2d3890a17c4ae1a145748d5aef73a10d7fbe1\n cni.projectcalico.org/podIP: ''\n cni.projectcalico.org/podIPs: ''\n hami.io/bind-phase: success\n hami.io/bind-time: '1713437016'\n hami.io/vgpu-devices-allocated: GPU-29d5fa0d-935b-2966-aff8-483a174d61d1,NVIDIA,1024,20:;\n hami.io/vgpu-devices-to-allocate: ;\n hami.io/vgpu-node: worker-a800-1\n hami.io/vgpu-time: '1713437016'\n k8s.v1.cni.cncf.io/network-status: |-\n [{\n \"name\": \"kube-system/calico\",\n \"ips\": [\n \"10.233.97.184\"\n ],\n \"default\": true,\n \"dns\": {}\n }]\n k8s.v1.cni.cncf.io/networks-status: |-\n [{\n \"name\": \"kube-system/calico\",\n \"ips\": [\n \"10.233.97.184\"\n ],\n \"default\": true,\n \"dns\": {}\n }]\n ownerReferences:\n - apiVersion: kubeflow.org/v1\n kind: PyTorchJob\n name: neko-tensorboard-job-test-202404181843-skxivllb\n uid: e5a8b05d-1f03-4717-8e1c-4ec928014b7b\n controller: true\n blockOwnerDeletion: true\nspec:\n volumes:\n - name: 0-dataset-pytorch-examples\n persistentVolumeClaim:\n claimName: pytorch-examples\n - name: kube-api-access-wh9rh\n projected:\n sources:\n - serviceAccountToken:\n expirationSeconds: 3607\n path: token\n - configMap:\n name: kube-root-ca.crt\n items:\n - key: ca.crt\n path: ca.crt\n - downwardAPI:\n items:\n - path: namespace\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n defaultMode: 420\n containers:\n - name: pytorch\n image: m.daocloud.io/docker.io/pytorch/pytorch\n command:\n - bash\n args:\n - '-c'\n - >-\n ls -la /root && which pip && pip install pytorch_lightning tensorboard\n && python /root/Git/pytorch/examples/mnist/main.py\n ports:\n - name: pytorchjob-port\n containerPort: 23456\n protocol: TCP\n env:\n - name: PYTHONUNBUFFERED\n value: '1'\n - name: PET_NNODES\n value: '1'\n resources:\n limits:\n cpu: '4'\n memory: 8Gi\n nvidia.com/gpucores: '20'\n nvidia.com/gpumem: '1024'\n nvidia.com/vgpu: '1'\n requests:\n cpu: '4'\n memory: 8Gi\n nvidia.com/gpucores: '20'\n nvidia.com/gpumem: '1024'\n nvidia.com/vgpu: '1'\n volumeMounts:\n - name: 0-dataset-pytorch-examples\n mountPath: /root/Git/pytorch/examples\n - name: kube-api-access-wh9rh\n readOnly: true\n mountPath: /var/run/secrets/kubernetes.io/serviceaccount\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: Always\n restartPolicy: Never\n terminationGracePeriodSeconds: 30\n dnsPolicy: ClusterFirst\n serviceAccountName: default\n serviceAccount: default\n nodeName: worker-a800-1\n securityContext: {}\n affinity: {}\n schedulerName: hami-scheduler\n tolerations:\n - key: node.kubernetes.io/not-ready\n operator: Exists\n effect: NoExecute\n tolerationSeconds: 300\n - key: node.kubernetes.io/unreachable\n operator: Exists\n effect: NoExecute\n tolerationSeconds: 300\n priorityClassName: baize-high-priority\n priority: 100000\n enableServiceLinks: true\n preemptionPolicy: PreemptLowerPriority\nstatus:\n phase: Succeeded\n conditions:\n - type: Initialized\n status: 'True'\n lastProbeTime: null\n lastTransitionTime: '2024-04-18T10:43:36Z'\n reason: PodCompleted\n - type: Ready\n status: 'False'\n lastProbeTime: null\n lastTransitionTime: '2024-04-18T10:46:34Z'\n reason: PodCompleted\n - type: ContainersReady\n status: 'False'\n lastProbeTime: null\n lastTransitionTime: '2024-04-18T10:46:34Z'\n reason: PodCompleted\n - type: PodScheduled\n status: 'True'\n lastProbeTime: null\n lastTransitionTime: '2024-04-18T10:43:36Z'\n hostIP: 10.20.100.211\n podIP: 10.233.97.184\n podIPs:\n - ip: 10.233.97.184\n startTime: '2024-04-18T10:43:36Z'\n containerStatuses:\n - name: pytorch\n state:\n terminated:\n exitCode: 0\n reason: Completed\n startedAt: '2024-04-18T10:43:39Z'\n finishedAt: '2024-04-18T10:46:34Z'\n containerID: >-\n containerd://09010214bcf3315e81d38fba50de3943c9d2b48f50a6cc2e83f8ef0e5c6eeec1\n lastState: {}\n ready: false\n restartCount: 0\n image: m.daocloud.io/docker.io/pytorch/pytorch:latest\n imageID: >-\n m.daocloud.io/docker.io/pytorch/pytorch@sha256:11691e035a3651d25a87116b4f6adc113a27a29d8f5a6a583f8569e0ee5ff897\n containerID: >-\n containerd://09010214bcf3315e81d38fba50de3943c9d2b48f50a6cc2e83f8ef0e5c6eeec1\n started: false\n qosClass: Guaranteed\n
"},{"location":"en/end-user/ghippo/personal-center/accesstoken.html","title":"Access key","text":"The access key can be used to access the openAPI and continuous delivery. Users can obtain the key and access the API by referring to the following steps in the personal center.
"},{"location":"en/end-user/ghippo/personal-center/accesstoken.html#get-key","title":"Get key","text":"Log in to AI platform, find Personal Center in the drop-down menu in the upper right corner, and you can manage the access key of the account on the Access Keys page.
Info
Access key is displayed only once. If you forget your access key, you will need to create a new key.
"},{"location":"en/end-user/ghippo/personal-center/accesstoken.html#use-the-key-to-access-api","title":"Use the key to access API","text":"When accessing AI platform openAPI, add the header Authorization:Bearer ${token}
to the request to identify the visitor, where ${token}
is the key obtained in the previous step. For the specific API, see OpenAPI Documentation.
Request Example
curl -X GET -H 'Authorization:Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IkRKVjlBTHRBLXZ4MmtQUC1TQnVGS0dCSWc1cnBfdkxiQVVqM2U3RVByWnMiLCJ0eXAiOiJKV1QifQ.eyJleHAiOjE2NjE0MTU5NjksImlhdCI6MTY2MDgxMTE2OSwiaXNzIjoiZ2hpcHBvLmlvIiwic3ViIjoiZjdjOGIxZjUtMTc2MS00NjYwLTg2MWQtOWI3MmI0MzJmNGViIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiYWRtaW4iLCJncm91cHMiOltdfQ.RsUcrAYkQQ7C6BxMOrdD3qbBRUt0VVxynIGeq4wyIgye6R8Ma4cjxG5CbU1WyiHKpvIKJDJbeFQHro2euQyVde3ygA672ozkwLTnx3Tu-_mB1BubvWCBsDdUjIhCQfT39rk6EQozMjb-1X1sbLwzkfzKMls-oxkjagI_RFrYlTVPwT3Oaw-qOyulRSw7Dxd7jb0vINPq84vmlQIsI3UuTZSNO5BCgHpubcWwBss-Aon_DmYA-Et_-QtmPBA3k8E2hzDSzc7eqK0I68P25r9rwQ3DeKwD1dbRyndqWORRnz8TLEXSiCFXdZT2oiMrcJtO188Ph4eLGut1-4PzKhwgrQ' https://demo-dev.daocloud.io/apis/ghippo.io/v1alpha1/users?page=1&pageSize=10 -k\n
Request result
{\n \"items\": [\n {\n \"id\": \"a7cfd010-ebbe-4601-987f-d098d9ef766e\",\n \"name\": \"a\",\n \"email\": \"\",\n \"description\": \"\",\n \"firstname\": \"\",\n \"lastname\": \"\",\n \"source\": \"locale\",\n \"enabled\": true,\n \"createdAt\": \"1660632794800\",\n \"updatedAt\": \"0\",\n \"lastLoginAt\": \"\"\n }\n ],\n \"pagination\": {\n \"page\": 1,\n \"pageSize\": 10,\n \"total\": 1\n }\n}\n
"},{"location":"en/end-user/ghippo/personal-center/language.html","title":"language settings","text":"This section explains how to set the interface language. Currently supports Chinese, English two languages.
Language setting is the portal for the platform to provide multilingual services. The platform is displayed in Chinese by default. Users can switch the platform language by selecting English or automatically detecting the browser language preference according to their needs. Each user's multilingual service is independent of each other, and switching will not affect other users.
The platform provides three ways to switch languages: Chinese, English-English, and automatically detect your browser language preference.
The operation steps are as follows.
Log in to the AI platform with your username/password. Click Global Management at the bottom of the left navigation bar.
Click the username in the upper right corner and select Personal Center .
Click the Language Settings tab.
Toggle the language option.
Function description: It is used to fill in the email address and modify the login password.
The specific operation steps are as follows:
Click the username in the upper right corner and select Personal Center .
Click the Security Settings tab. Fill in your email address or change the login password.
This article explains how to configure SSH public key.
"},{"location":"en/end-user/ghippo/personal-center/ssh-key.html#step-1-view-existing-ssh-keys","title":"Step 1. View Existing SSH Keys","text":"Before generating a new SSH key, please check if you need to use an existing SSH key stored in the root directory of the local user. For Linux and Mac, use the following command to view existing public keys. Windows users can use the following command in WSL (requires Windows 10 or above) or Git Bash to view the generated public keys.
ED25519 Algorithm:
cat ~/.ssh/id_ed25519.pub\n
RSA Algorithm:
cat ~/.ssh/id_rsa.pub\n
If a long string starting with ssh-ed25519 or ssh-rsa is returned, it means that a local public key already exists. You can skip Step 2 Generate SSH Key and proceed directly to Step 3.
"},{"location":"en/end-user/ghippo/personal-center/ssh-key.html#step-2-generate-ssh-key","title":"Step 2. Generate SSH Key","text":"If Step 1 does not return the specified content string, it means that there is no available SSH key locally and a new SSH key needs to be generated. Please follow these steps:
Access the terminal (Windows users please use WSL or Git Bash), and run ssh-keygen -t
.
Enter the key algorithm type and an optional comment.
The comment will appear in the .pub file and can generally use the email address as the comment content.
To generate a key pair based on the ED25519
algorithm, use the following command:
ssh-keygen -t ed25519 -C \"<comment>\"\n
To generate a key pair based on the RSA
algorithm, use the following command:
ssh-keygen -t rsa -C \"<comment>\"\n
Press Enter to choose the SSH key generation path.
Taking the ED25519 algorithm as an example, the default path is as follows:
Generating public/private ed25519 key pair.\nEnter file in which to save the key (/home/user/.ssh/id_ed25519):\n
The default key generation path is /home/user/.ssh/id_ed25519
, and the proper public key is /home/user/.ssh/id_ed25519.pub
.
Set a passphrase for the key.
Enter passphrase (empty for no passphrase):\nEnter same passphrase again:\n
The passphrase is empty by default, and you can choose to use a passphrase to protect the private key file. If you do not want to enter a passphrase every time you access the repository using the SSH protocol, you can enter an empty passphrase when creating the key.
Press Enter to complete the key pair creation.
In addition to manually copying the generated public key information printed on the command line, you can use the following commands to copy the public key to the clipboard, depending on the operating system.
Windows (in WSL or Git Bash):
cat ~/.ssh/id_ed25519.pub | clip\n
Mac:
tr -d '\\n'< ~/.ssh/id_ed25519.pub | pbcopy\n
GNU/Linux (requires xclip):
xclip -sel clip < ~/.ssh/id_ed25519.pub\n
Log in to the AI platform UI page and select Profile -> SSH Public Key in the upper right corner of the page.
Add the generated SSH public key information.
SSH public key content.
Public key title: Supports customizing the public key name for management differentiation.
Expiration: Set the expiration period for the public key. After it expires, the public key will be automatically invalidated and cannot be used. If not set, it will be permanently valid.
Folders have permission mapping capabilities, which can map the permissions of users/groups in this folder to subfolders, workspaces and resources under it.
If the user/group is Folder Admin role in this folder, it is still Folder Admin role when mapped to a subfolder, and Workspace Admin is mapped to the workspace under it; If a Namespace is bound in Workspace and Folder -> Resource Group , the user/group is also a Namespace Admin after mapping.
Note
The permission mapping capability of folders will not be applied to shared resources, because sharing is to share the use permissions of the cluster to multiple workspaces, rather than assigning management permissions to workspaces, so permission inheritance and role mapping will not be implemented.
"},{"location":"en/end-user/ghippo/workspace/folder-permission.html#use-cases","title":"Use cases","text":"Folders have hierarchical capabilities, so when folders are mapped to departments/suppliers/projects in the enterprise,
Folders have the capability to map permissions, allowing users/user groups to have their permissions in the folder mapped to its sub-folders, workspaces, and resources.
Follow the steps below to create a folder:
Log in to AI platform with a user account having the admin/folder admin role. Click Global Management -> Workspace and Folder at the bottom of the left navigation bar.
Click the Create Folder button in the top right corner.
Fill in the folder name, parent folder, and other information, then click OK to complete creating the folder.
Tip
After successful creation, the folder name will be displayed in the left tree structure, represented by different icons for workspaces and folders.
Note
To edit or delete a specific folder, select it and Click \u2507 on the right side.
Shared resources do not necessarily mean that the shared users can use the shared resources without any restrictions. Admin, Kpanda Owner, and Workspace Admin can limit the maximum usage quota of a user through the Resource Quota feature in shared resources. If no restrictions are set, it means the usage is unlimited.
A resource (cluster) can be shared among multiple workspaces, and a workspace can use resources from multiple shared clusters simultaneously.
"},{"location":"en/end-user/ghippo/workspace/quota.html#resource-groups-and-shared-resources","title":"Resource Groups and Shared Resources","text":"Cluster resources in both shared resources and resource groups are derived from Container Management. However, different effects will occur when binding a cluster to a workspace or sharing it with a workspace.
Binding Resources
Users/User groups in the workspace will have full management and usage permissions for the cluster. Workspace Admin will be mapped as Cluster Admin. Workspace Admin can access the Container Management module to manage the cluster.
Note
As of now, there are no Cluster Editor and Cluster Viewer roles in the Container Management module. Therefore, Workspace Editor and Workspace Viewer cannot be mapped.
Adding Shared Resources
Users/User groups in the workspace will have usage permissions for the cluster resources.
Unlike resource groups, when sharing a cluster with a workspace, the roles of the users in the workspace will not be mapped to the resources. Therefore, Workspace Admin will not be mapped as Cluster Admin.
This section demonstrates three scenarios related to resource quotas.
"},{"location":"en/end-user/ghippo/workspace/quota.html#create-namespaces","title":"Create Namespaces","text":"Creating a namespace involves resource quotas.
Add a shared cluster to workspace ws01 .
Select workspace ws01 and the shared cluster in Workbench, and create a namespace ns01 .
Prerequisite: Workspace ws01 has added a shared cluster, and the operator has the Workspace Admin + Kpanda Owner or Admin role.
The two methods of binding have the same effect.
Bind the created namespace ns01 to ws01 in Container Management.
Bind the namespace ns01 to ws01 in Global Management.
The two methods of unbinding have the same effect.
Unbind the namespace ns01 from workspace ws01 in Container Management.
Unbind the namespace ns01 from workspace ws01 in Global Management.
Both resource groups and shared resources support cluster binding, but they have significant differences in usage.
"},{"location":"en/end-user/ghippo/workspace/res-gp-and-shared-res.html#differences-in-usage-scenarios","title":"Differences in Usage Scenarios","text":"Note: In this scenario, the platform administrator needs to impose resource restrictions on secondary suppliers. Currently, it is not supported to limit the cluster quota of secondary suppliers by the primary supplier.
"},{"location":"en/end-user/ghippo/workspace/res-gp-and-shared-res.html#differences-in-cluster-quota-usage","title":"Differences in Cluster Quota Usage","text":"After binding to a cluster, both resource groups and shared resources can go to the Workbench to create namespaces, which will be automatically bound to the workspace.
"},{"location":"en/end-user/ghippo/workspace/workspace.html","title":"Creating/Deleting Workspaces","text":"A workspace is a resource category that represents a hierarchical relationship of resources. A workspace can contain resources such as clusters, namespaces, and registries. Typically, each workspace corresponds to a project and different resources can be allocated, and different users and user groups can be assigned to each workspace.
Follow the steps below to create a workspace:
Log in to AI platform with a user account having the admin/folder admin role. Click Global Management -> Workspace and Folder at the bottom of the left navigation bar.
Click the Create Workspace button in the top right corner.
Fill in the workspace name, folder assignment, and other information, then click OK to complete creating the workspace.
Tip
After successful creation, the workspace name will be displayed in the left tree structure, represented by different icons for folders and workspaces.
Note
To edit or delete a specific workspace or folder, select it and click ... on the right side.
Workspace and Folder is a feature that provides resource isolation and grouping, addressing issues related to unified authorization, resource grouping, and resource quotas.
Workspace and Folder involves two concepts: workspaces and folders.
"},{"location":"en/end-user/ghippo/workspace/ws-folder.html#workspaces","title":"Workspaces","text":"Workspaces allow the management of resources through Authorization , Resource Group , and Shared Resource , enabling users (and user groups) to share resources within the workspace.
Resources
Resources are at the lowest level of the hierarchy in the resource management module. They include clusters, namespaces, pipelines, gateways, and more. All these resources can only have workspaces as their parent level. Workspaces act as containers for grouping resources.
Workspace
A workspace usually refers to a project or environment, and the resources in each workspace are logically isolated from those in other workspaces. You can grant users (groups of users) different access rights to the same set of resources through authorization in the workspace.
Workspaces are at the first level, counting from the bottom of the hierarchy, and contain resources. All resources except shared resources have one and only one parent. All workspaces also have one and only one parent folder.
Resources are grouped by workspace, and there are two grouping modes in workspace, namely Resource Group and Shared Resource .
Resource group
A resource can only be added to one resource group, and resource groups correspond to workspaces one by one. After a resource is added to a resource group, Workspace Admin will obtain the management authority of the resource, which is equivalent to the owner of the resource.
Share resource
For shared resources, multiple workspaces can share one or more resources. Resource owners can choose to share their own resources with the workspace. Generally, when sharing, the resource owner will limit the amount of resources that can be used by the shared workspace. After resources are shared, Workspace Admin only has resource usage rights under the resource limit, and cannot manage resources or adjust the amount of resources that can be used by the workspace.
At the same time, shared resources also have certain requirements for the resources themselves. Only Cluster (cluster) resources can be shared. Cluster Admin can share Cluster resources to different workspaces, and limit the use of workspaces on this Cluster.
Workspace Admin can create multiple Namespaces within the resource quota, but the sum of the resource quotas of the Namespaces cannot exceed the resource quota of the Cluster in the workspace. For Kubernetes resources, the only resource type that can be shared currently is Cluster.
Folders can be used to build enterprise business hierarchy relationships.
Folders are a further grouping mechanism based on workspaces and have a hierarchical structure. A folder can contain workspaces, other folders, or a combination of both, forming a tree-like organizational relationship.
Folders allow you to map your business hierarchy and group workspaces by department. Folders are not directly linked to resources, but indirectly achieve resource grouping through workspaces.
A folder has one and only one parent folder, and the root folder is the highest level of the hierarchy. The root folder has no parent, and folders and workspaces are attached to the root folder.
In addition, users (groups) in folders can inherit permissions from their parents through a hierarchical structure. The permissions of the user in the hierarchical structure come from the combination of the permissions of the current level and the permissions inherited from its parents. The permissions are additive and there is no mutual exclusion.
"},{"location":"en/end-user/ghippo/workspace/ws-permission.html","title":"Description of workspace permissions","text":"The workspace has permission mapping and resource isolation capabilities, and can map the permissions of users/groups in the workspace to the resources under it. If the user/group has the Workspace Admin role in the workspace and the resource Namespace is bound to the workspace-resource group, the user/group will become Namespace Admin after mapping.
Note
The permission mapping capability of the workspace will not be applied to shared resources, because sharing is to share the cluster usage permissions to multiple workspaces, rather than assigning management permissions to the workspaces, so permission inheritance and role mapping will not be implemented.
"},{"location":"en/end-user/ghippo/workspace/ws-permission.html#use-cases","title":"Use cases","text":"Resource isolation is achieved by binding resources to different workspaces. Therefore, resources can be flexibly allocated to each workspace (tenant) with the help of permission mapping, resource isolation, and resource sharing capabilities.
Generally applicable to the following two use cases:
Cluster one-to-one
Ordinary Cluster Department/Tenant (Workspace) Purpose Cluster 01 A Administration and Usage Cluster 02 B Administration and UsageCluster one-to-many
Cluster Department/Tenant (Workspace) Resource Quota Cluster 01 A 100 core CPU B 50-core CPUFor the operation scope of the roles of Workspace Admin, Workspace Editor, and Workspace Viewer in each module, please refer to the permission description:
\u21a9
If a user John (\"John\" represents any user who is required to bind resources) has the Workspace Admin role assigned or has been granted proper permissions through a custom role, which includes the Workspace's \"Resource Binding\" Permissions, and wants to bind a specific cluster or namespace to the workspace.
To bind cluster/namespace resources to a workspace, not only the workspace's \"Resource Binding\" permissions are required, but also the permissions of Cluster Admin.
"},{"location":"en/end-user/ghippo/workspace/wsbind-permission.html#granting-authorization-to-john","title":"Granting Authorization to John","text":"Using the Platform Admin Role, grant John the role of Workspace Admin on the Workspace -> Authorization page.
Then, on the Container Management -> Permissions page, authorize John as a Cluster Admin by Add Permission.
Using John's account to log in to AI platform, on the Container Management -> Clusters page, John can bind the specified cluster to his own workspace by using the Bind Workspace button.
Note
John can only bind clusters or namespaces to a specific workspace in the Container Management module, and cannot perform this operation in the Global Management module.
To bind a namespace to a workspace, you must have at least Workspace Admin and Cluster Admin permissions.
"},{"location":"en/end-user/host/createhost.html","title":"Creating and Starting a Cloud Host","text":"Once the user completes registration and is assigned a workspace, namespace, and resources, they can create and start a cloud host.
"},{"location":"en/end-user/host/createhost.html#prerequisites","title":"Prerequisites","text":"Click Create VMs -> Create with Template.
After defining the configurations for the cloud host, click Next.
Basic InformationTemplate ConfigurationStorage and NetworkAfter configuring the root password or SSH key, click OK.
Return to the host list and wait for the status to change to Running. Then, you can start the host using the \u2507 button on the right.
Next step: Using the Cloud Host
"},{"location":"en/end-user/host/usehost.html","title":"Using the Cloud Host","text":"After creating and starting the cloud host, the user can begin using the cloud host.
"},{"location":"en/end-user/host/usehost.html#prerequisites","title":"Prerequisites","text":"Navigate to Container Management -> Container Network -> Services, click the service name to enter the service details page, and click Update in the upper right corner.
Change the port range to 30900-30999, ensuring there are no conflicts.
Log into the AI platform as an end user, navigate to the proper service, and check the access ports.
Use an SSH client to log into the cloud host from the external network.
At this point, you can perform various operations on the cloud host.
Next step: Using Notebook
"},{"location":"en/end-user/insight/alert-center/index.html","title":"Alert Center","text":"The Alert Center is an important feature provided by AI platform that allows users to easily view all active and historical alerts by cluster and namespace through a graphical interface, and search alerts based on severity level (critical, warning, info).
All alerts are triggered based on the threshold conditions set in the preset alert rules. In AI platform, some global alert policies are built-in, but users can also create or delete alert policies at any time, and set thresholds for the following metrics:
Users can also add labels and annotations to alert rules. Alert rules can be classified as active or expired, and certain rules can be enabled/disabled to achieve silent alerts.
When the threshold condition is met, users can configure how they want to be notified, including email, DingTalk, WeCom, webhook, and SMS notifications. All notification message templates can be customized and all messages are sent at specified intervals.
In addition, the Alert Center also supports sending alert messages to designated users through short message services provided by Alibaba Cloud, Tencent Cloud, and more platforms that will be added soon, enabling multiple ways of alert notification.
AI platform Alert Center is a powerful alert management platform that helps users quickly detect and resolve problems in the cluster, improve business stability and availability, and facilitate cluster inspection and troubleshooting.
"},{"location":"en/end-user/insight/alert-center/alert-policy.html","title":"Alert Policies","text":"In addition to the built-in alert policies, AI platform allows users to create custom alert policies. Each alert policy is a collection of alert rules that can be set for clusters, nodes, and workloads. When an alert object reaches the threshold set by any of the rules in the policy, an alert is automatically triggered and a notification is sent.
Taking the built-in alerts as an example, click the first alert policy alertmanager.rules .
You can see that some alert rules have been set under it. You can add more rules under this policy, or edit or delete them at any time. You can also view the historical and active alerts related to this alert policy and edit the notification configuration.
"},{"location":"en/end-user/insight/alert-center/alert-policy.html#create-alert-policies","title":"Create Alert Policies","text":"Select Alert Center -> Alert Policies , and click the Create Alert Policy button.
Fill in the basic information, select one or more clusters, nodes, or workloads as the alert objects, and click Next .
The list must have at least one rule. If the list is empty, please Add Rule .
Create an alert rule in the pop-up window, fill in the parameters, and click OK .
After clicking Next , configure notifications.
After the configuration is complete, click the OK button to return to the Alert Policy list.
Tip
The newly created alert policy is in the Not Triggered state. Once the threshold conditions and duration specified in the rules are met, it will change to the Triggered state.
"},{"location":"en/end-user/insight/alert-center/alert-policy.html#create-log-rules","title":"Create Log Rules","text":"After filling in the basic information, click Add Rule and select Log Rule as the rule type.
Creating log rules is supported only when the resource object is selected as a node or workload.
Field Explanation:
After filling in the basic information, click Add Rule and select Event Rule as the rule type.
Creating event rules is supported only when the resource object is selected as a workload.
Field Explanation:
Click \u2507 at the right side of the list, then choose Delete from the pop-up menu to delete an alert policy. By clicking on the policy name, you can enter the policy details where you can add, edit, or delete the alert rules under it.
Warning
Deleted alert strategies will be permanently removed, so please proceed with caution.
"},{"location":"en/end-user/insight/alert-center/alert-template.html","title":"Alert Template","text":"The Alert template allows platform administrators to create Alert templates and rules, and business units can directly use Alert templates to create Alert policies. This feature can reduce the management of Alert rules by business personnel and allow for modification of Alert thresholds based on actual environment conditions.
"},{"location":"en/end-user/insight/alert-center/alert-template.html#create-alert-template","title":"Create Alert Template","text":"In the navigation bar, select Alert -> Alert Policy, and click Alert Template at the top.
Click Create Alert Template, and set the name, description, and other information for the Alert template.
Parameter Description Template Name The name can only contain lowercase letters, numbers, and hyphens (-), must start and end with a lowercase letter or number, and can be up to 63 characters long. Description The description can contain any characters and can be up to 256 characters long. Resource Type Used to specify the matching type of the Alert template. Alert Rule Supports pre-defined multiple Alert rules, including template rules and PromQL rules.Click OK to complete the creation and return to the Alert template list. Click the template name to view the template details.
Click \u2507 next to the target rule, then click Edit to enter the editing page for the suppression rule.
![Edit](../images/template04.png){ width=1000px}\n
"},{"location":"en/end-user/insight/alert-center/alert-template.html#delete-alert-template","title":"Delete Alert Template","text":"Click \u2507 next to the target template, then click Delete. Enter the name of the Alert template in the input box to confirm deletion.
![Delete](../images/template05.png){ width=1000px}\n
"},{"location":"en/end-user/insight/alert-center/inhibition.html","title":"Alert Inhibition","text":"Alert Inhibition is mainly a mechanism for temporarily hiding or reducing the priority of alerts that do not need immediate attention. The purpose of this feature is to reduce unnecessary alert information that may disturb operations personnel, allowing them to focus on more critical issues.
Alert inhibition recognizes and ignores certain alerts by defining a set of rules to deal with specific conditions. There are mainly the following conditions:
In the left navigation bar, select Alert -> Noise Reduction, and click Inhibition at the top.
Click Create Inhibition, and set the name and rules for the inhibition.
Note
The problem of avoiding multiple similar or related alerts that may be triggered by the same issue is achieved by defining a set of rules to identify and ignore certain alerts through Rule Details and Alert Details.
Parameter Description Name The name can only contain lowercase letters, numbers, and hyphens (-), must start and end with a lowercase letter or number, and can be up to 63 characters long. Description The description can contain any characters and can be up to 256 characters long. Cluster The cluster where the inhibition rule applies. Namespace The namespace where the inhibition rule applies. Source Alert Matching alerts by label conditions. It compares alerts that meet all label conditions with those that meet inhibition conditions, and alerts that do not meet inhibition conditions will be sent to the user as usual. Value range explanation: - Alert Level: The level of metric or event alerts, can be set as: Critical, Major, Minor. - Resource Type: The resource type specific for the alert object, can be set as: Cluster, Node, StatefulSet, Deployment, DaemonSet, Pod. - Labels: Alert identification attributes, consisting of label name and label value, supports user-defined values. Inhibition Specifies the matching conditions for the target alert (the alert to be inhibited). Alerts that meet all the conditions will no longer be sent to the user. Equal Specifies the list of labels to compare to determine if the source alert and target alert match. Inhibition is triggered only when the values of the labels specified inequal
are exactly the same in the source and target alerts. The equal
field is optional. If the equal
field is omitted, all labels are used for matching. Click OK to complete the creation and return to Inhibition list. Click the inhibition rule name to view the rule details.
In the left navigation bar, select Alert -> Alert Policy, and click the policy name to view the rule details.
!!! note\n\n You can add cuntom tags when adding rules.\n
"},{"location":"en/end-user/insight/alert-center/inhibition.html#view-alert-details","title":"View Alert Details","text":"In the left navigation bar, select Alert -> Alerts, and click the policy name to view details.
!!! note\n\n Alert details show information and settings for creating inhibitions.\n
"},{"location":"en/end-user/insight/alert-center/inhibition.html#edit-inhibition-rule","title":"Edit Inhibition Rule","text":"Click \u2507 next to the target rule, then click Edit to enter the editing page for the inhibition rule.
"},{"location":"en/end-user/insight/alert-center/inhibition.html#delete-inhibition-rule","title":"Delete Inhibition Rule","text":"Click \u2507 next to the target rule, then click Delete. Enter the name of the inhibition rule in the input box to confirm deletion.
"},{"location":"en/end-user/insight/alert-center/message.html","title":"Notification Settings","text":"On the Notification Settings page, you can configure how to send messages to users through email, WeCom, DingTalk, Webhook, and SMS.
"},{"location":"en/end-user/insight/alert-center/message.html#email-group","title":"Email Group","text":"After entering Insight , click Alert Center -> Notification Settings in the left navigation bar. By default, the email notification object is selected. Click Add email group and add one or more email addresses.
Multiple email addresses can be added.
After the configuration is complete, the notification list will automatically return. Click \u2507 on the right side of the list to edit or delete the email group.
In the left navigation bar, click Alert Center -> Notification Settings -> WeCom . Click Add Group Robot and add one or more group robots.
For the URL of the WeCom group robot, please refer to the official document of WeCom: How to use group robots.
After the configuration is complete, the notification list will automatically return. Click \u2507 on the right side of the list, select Send Test Information , and you can also edit or delete the group robot.
In the left navigation bar, click Alert Center -> Notification Settings -> DingTalk . Click Add Group Robot and add one or more group robots.
For the URL of the DingTalk group robot, please refer to the official document of DingTalk: Custom Robot Access.
After the configuration is complete, the notification list will automatically return. Click \u2507 on the right side of the list, select Send Test Information , and you can also edit or delete the group robot.
In the left navigation bar, click Alert Center -> Notification Settings -> Lark . Click Add Group Bot and add one or more group bots.
Note
When signature verification is required in Lark's group bot, you need to fill in the specific signature key when enabling notifications. Refer to Customizing Bot User Guide.
After configuration, you will be automatically redirected to the list page. Click \u2507 on the right side of the list and select Send Test Message . You can edit or delete group bots.
In the left navigation bar, click Alert Center -> Notification Settings -> Webhook . Click New Webhook and add one or more Webhooks.
For the Webhook URL and more configuration methods, please refer to the webhook document.
After the configuration is complete, the notification list will automatically return. Click \u2507 on the right side of the list, select Send Test Information , and you can also edit or delete the Webhook.
Note
Alert messages are sent to the personal Message sector and notifications can be viewed by clicking \ud83d\udd14 at the top.
In the left navigation bar, click Alert Center -> Notification Settings -> Message\uff0cclick Create Message .
You can add and notify multiple users for a message.
After configuration, you will be automatically redirected to the list page. Click \u2507 on the right side of the list and select Send Test Message .
In the left navigation bar, click Alert Center -> Notification Settings -> SMS . Click Add SMS Group and add one or more SMS groups.
Enter the name, the object receiving the message, phone number, and notification server in the pop-up window.
The notification server needs to be created in advance under Notification Settings -> Notification Server . Currently, two cloud servers, Alibaba Cloud and Tencent Cloud, are supported. Please refer to your own cloud server information for the specific configuration parameters.
After the SMS group is successfully added, the notification list will automatically return. Click \u2507 on the right side of the list to edit or delete the SMS group.
The message template feature supports customizing the content of message templates and can notify specified objects in the form of email, WeCom, DingTalk, Webhook, and SMS.
"},{"location":"en/end-user/insight/alert-center/msg-template.html#creating-a-message-template","title":"Creating a Message Template","text":"In the left navigation bar, select Alert -> Message Template .
Insight comes with two default built-in templates in both Chinese and English for user convenience.
Fill in the template content.
Info
Observability comes with predefined message templates. If you need to define the content of the templates, refer to Configure Notification Templates.
"},{"location":"en/end-user/insight/alert-center/msg-template.html#message-template-details","title":"Message Template Details","text":"Click the name of a message template to view the details of the message template in the right slider.
Parameters Variable Description ruleName {{ .Labels.alertname }} The name of the rule that triggered the alert groupName {{ .Labels.alertgroup }} The name of the alert policy to which the alert rule belongs severity {{ .Labels.severity }} The level of the alert that was triggered cluster {{ .Labels.cluster }} The cluster where the resource that triggered the alert is located namespace {{ .Labels.namespace }} The namespace where the resource that triggered the alert is located node {{ .Labels.node }} The node where the resource that triggered the alert is located targetType {{ .Labels.target_type }} The resource type of the alert target target {{ .Labels.target }} The name of the object that triggered the alert value {{ .Annotations.value }} The metric value at the time the alert notification was triggered startsAt {{ .StartsAt }} The time when the alert started to occur endsAt {{ .EndsAt }} The time when the alert ended description {{ .Annotations.description }} A detailed description of the alert labels {{ for .labels }} {{ end }} All labels of the alert use thefor
function to iterate through the labels list to get all label contents."},{"location":"en/end-user/insight/alert-center/msg-template.html#editing-or-deleting-a-message-template","title":"Editing or Deleting a Message Template","text":"Click \u2507 on the right side of the list and select Edit or Delete from the pop-up menu to modify or delete the message template.
Warning
Once a template is deleted, it cannot be recovered, so please use caution when deleting templates.
"},{"location":"en/end-user/insight/alert-center/silent.html","title":"Alert Silence","text":"Alert silence is a feature that allows alerts meeting certain criteria to be temporarily disabled from sending notifications within a specific time range. This feature helps operations personnel avoid receiving too many noisy alerts during certain operations or events, while also allowing for more precise handling of real issues that need to be addressed.
On the Alert Silence page, you can see two tabs: Active Rule and Expired Rule. The former presents the rules currently in effect, while the latter presents those that were defined in the past but have now expired (or have been deleted by the user).
"},{"location":"en/end-user/insight/alert-center/silent.html#creating-a-silent-rule","title":"Creating a Silent Rule","text":"In the left navigation bar, select Alert -> Noice Reduction -> Alert Silence , and click the Create Silence Rule button.
Fill in the parameters for the silent rule, such as cluster, namespace, tags, and time, to define the scope and effective time of the rule, and then click OK .
Return to the rule list, and on the right side of the list, click \u2507 to edit or delete a silent rule.
Through the Alert Silence feature, you can flexibly control which alerts should be ignored and when they should be effective, thereby improving operational efficiency and reducing the possibility of false alerts.
"},{"location":"en/end-user/insight/alert-center/sms-provider.html","title":"Configure Notification Server","text":"Insight supports SMS notifications and currently sends alert messages using integrated Alibaba Cloud and Tencent Cloud SMS services. This article explains how to configure the SMS notification server in Insight. The variables supported in the SMS signature are the default variables in the message template. As the number of SMS characters is limited, it is recommended to choose more explicit variables.
For information on how to configure SMS recipients, refer to the document: Configure SMS Notification Group.
"},{"location":"en/end-user/insight/alert-center/sms-provider.html#procedure","title":"Procedure","text":"Go to Alert Center -> Notification Settings -> Notification Server .
Click Add Notification Server .
Configure Alibaba Cloud server.
To apply for Alibaba Cloud SMS service, refer to Alibaba Cloud SMS Service.
Field descriptions:
Please refer to Alibaba Cloud Variable Specification.
Note
Example: The template content defined in Alibaba Cloud is: ${severity}: ${alertname} triggered at ${startat}. Refer to the configuration in the parameter template.
Configure Tencent Cloud server.
To apply for Tencent Cloud SMS service, please refer to Tencent Cloud SMS.
Field descriptions:
Note
Example: The template content defined in Tencent Cloud is: {1}: {2} triggered at {3}. Refer to the configuration in the parameter template.
In AI platform, Insight acts as a multi-cluster observability product. To achieve unified data collection across multiple clusters, users need to install the Helm App insight-agent (installed by default in the insight-system namespace). Refer to How to Install insight-agent .
"},{"location":"en/end-user/insight/collection-manag/agent-status.html#status-explanation","title":"Status Explanation","text":"In the \"Observability\" -> \"Collection Management\" section, you can view the installation status of insight-agent in each cluster.
You can troubleshoot using the following steps:
Run the following command. If the status is deployed , proceed to the next step. If it is failed , it is recommended to uninstall and reinstall it from Container Management -> Helm Apps as it may affect application upgrades:
helm list -n insight-system\n
Run the following command or check the status of the deployed components in Insight -> Data Collection . If there are Pods not in the Running state, restart the containers in an abnormal state.
kubectl get pods -n insight-system\n
The resource consumption of the Prometheus metric collection component in insight-agent is directly proportional to the number of Pods running in the cluster. Please adjust the resources for Prometheus according to the cluster size. Refer to Prometheus Resource Planning.
The storage capacity of the vmstorage metric storage component in the global service cluster is directly proportional to the total number of Pods in the clusters.
Data Collection is mainly to centrally manage and display the entrance of the cluster installation collection plug-in insight-agent , which helps users quickly view the health status of the cluster collection plug-in, and provides a quick entry to configure collection rules.
The specific operation steps are as follows:
Click in the upper left corner and select Insight -> Data Collection .
You can view the status of all cluster collection plug-ins.
When the cluster is connected to insight-agent and is running, click a cluster name to enter the details\u3002
In the Service Monitor tab, click the shortcut link to jump to Container Management -> CRD to add service discovery rules.
Prometheus primarily uses the Pull approach to retrieve monitoring metrics from target services' exposed endpoints. Therefore, it requires configuring proper scraping jobs to request monitoring data and write it into the storage provided by Prometheus. Currently, Prometheus offers several configurations for these jobs:
Note
[ ]
indicates optional configmaps.
The proper configmaps are explained as follows:
# Name of the scraping job, also adds a label (job=job_name) to the scraped metrics\njob_name: <job_name>\n\n# Time interval between scrapes\n[ scrape_interval: <duration> | default = <global_config.scrape_interval> ]\n\n# Timeout for scrape requests\n[ scrape_timeout: <duration> | default = <global_config.scrape_timeout> ]\n\n# URI path for the scrape request\n[ metrics_path: <path> | default = /metrics ]\n\n# Handling of label conflicts between scraped labels and labels added by the backend Prometheus.\n# true: Retains the scraped labels and ignores conflicting labels from the backend Prometheus.\n# false: Adds an \"exported_<original-label>\" prefix to the scraped labels and includes the additional labels added by the backend Prometheus.\n[ honor_labels: <boolean> | default = false ]\n\n# Whether to use the timestamp generated by the target being scraped.\n# true: Uses the timestamp from the target if available.\n# false: Ignores the timestamp from the target.\n[ honor_timestamps: <boolean> | default = true ]\n\n# Protocol for the scrape request: http or https\n[ scheme: <scheme> | default = http ]\n\n# URL parameters for the scrape request\nparams:\n [ <string>: [<string>, ...] ]\n\n# Set the value of the `Authorization` header in the scrape request through basic authentication. password/password_file are mutually exclusive, with password_file taking precedence.\nbasic_auth:\n [ username: <string> ]\n [ password: <secret> ]\n [ password_file: <string> ]\n\n# Set the value of the `Authorization` header in the scrape request through bearer token authentication. bearer_token/bearer_token_file are mutually exclusive, with bearer_token taking precedence.\n[ bearer_token: <secret> ]\n\n# Set the value of the `Authorization` header in the scrape request through bearer token authentication. bearer_token/bearer_token_file are mutually exclusive, with bearer_token taking precedence.\n[ bearer_token_file: <filename> ]\n\n# Whether the scrape connection should use a TLS secure channel, configure the proper TLS parameters\ntls_config:\n [ <tls_config> ]\n\n# Use a proxy service to scrape the metrics from the target, specify the address of the proxy service.\n[ proxy_url: <string> ]\n\n# Specify the targets using static configuration, see explanation below.\nstatic_configs:\n [ - <static_config> ... ]\n\n# CVM service discovery configuration, see explanation below.\ncvm_sd_configs:\n [ - <cvm_sd_config> ... ]\n\n# After scraping the data, rewrite the labels of the proper target using the relabel mechanism. Executes multiple relabel rules in order.\n# See explanation below for relabel_config.\nrelabel_configs:\n [ - <relabel_config> ... ]\n\n# Before writing the scraped data, rewrite the values of the labels using the relabel mechanism. Executes multiple relabel rules in order.\n# See explanation below for relabel_config.\nmetric_relabel_configs:\n [ - <relabel_config> ... ]\n\n# Limit the number of data points per scrape, 0: no limit, default is 0\n[ sample_limit: <int> | default = 0 ]\n\n# Limit the number of targets per scrape, 0: no limit, default is 0\n[ target_limit: <int> | default = 0 ]\n
"},{"location":"en/end-user/insight/collection-manag/metric-collect.html#pod-monitor","title":"Pod Monitor","text":"The explanation for the proper configmaps is as follows:
# Prometheus Operator CRD version\napiVersion: monitoring.coreos.com/v1\n# proper Kubernetes resource type, here it is PodMonitor\nkind: PodMonitor\n# proper Kubernetes Metadata, only the name needs to be concerned. If jobLabel is not specified, the value of the job label in the scraped metrics will be <namespace>/<name>\nmetadata:\n name: redis-exporter # Specify a unique name\n namespace: cm-prometheus # Fixed namespace, no need to modify\n# Describes the selection and configuration of the target Pods to be scraped\n labels:\n operator.insight.io/managed-by: insight # Label indicating managed by Insight\nspec:\n # Specify the label of the proper Pod, pod monitor will use this value as the job label value.\n # If viewing the Pod YAML, use the values in pod.metadata.labels.\n # If viewing Deployment/Daemonset/Statefulset, use spec.template.metadata.labels.\n [ jobLabel: string ]\n # Adds the proper Pod's Labels to the Target's Labels\n [ podTargetLabels: []string ]\n # Limit the number of data points per scrape, 0: no limit, default is 0\n [ sampleLimit: uint64 ]\n # Limit the number of targets per scrape, 0: no limit, default is 0\n [ targetLimit: uint64 ]\n # Configure the Prometheus HTTP endpoints that need to be scraped and exposed. Multiple endpoints can be configured.\n podMetricsEndpoints:\n [ - <endpoint_config> ... ] # See explanation below for endpoint\n # Select the namespaces where the monitored Pods are located. Leave it blank to select all namespaces.\n [ namespaceSelector: ]\n # Select all namespaces\n [ any: bool ]\n # Specify the list of namespaces to be selected\n [ matchNames: []string ]\n # Specify the Label values of the Pods to be monitored in order to locate the target Pods [K8S metav1.LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#labelselector-v1-meta)\n selector:\n [ matchExpressions: array ]\n [ example: - {key: tier, operator: In, values: [cache]} ]\n [ matchLabels: object ]\n [ example: k8s-app: redis-exporter ]\n
"},{"location":"en/end-user/insight/collection-manag/metric-collect.html#example-1","title":"Example 1","text":"apiVersion: monitoring.coreos.com/v1\nkind: PodMonitor\nmetadata:\n name: redis-exporter # Specify a unique name\n namespace: cm-prometheus # Fixed namespace, do not modify\n labels:\n operator.insight.io/managed-by: insight # Label indicating managed by Insight, required.\nspec:\n podMetricsEndpoints:\n - interval: 30s\n port: metric-port # Specify the Port Name proper to Prometheus Exporter in the pod YAML\n path: /metrics # Specify the value of the Path proper to Prometheus Exporter, if not specified, default is /metrics\n relabelings:\n - action: replace\n sourceLabels:\n - instance\n regex: (.*)\n targetLabel: instance\n replacement: \"crs-xxxxxx\" # Adjust to the proper Redis instance ID\n - action: replace\n sourceLabels:\n - instance\n regex: (.*)\n targetLabel: ip\n replacement: \"1.x.x.x\" # Adjust to the proper Redis instance IP\n namespaceSelector: # Select the namespaces where the monitored Pods are located\n matchNames:\n - redis-test\n selector: # Specify the Label values of the Pods to be monitored in order to locate the target pods\n matchLabels:\n k8s-app: redis-exporter\n
"},{"location":"en/end-user/insight/collection-manag/metric-collect.html#example-2","title":"Example 2","text":"job_name: prometheus\nscrape_interval: 30s\nstatic_configs:\n- targets:\n - 127.0.0.1:9090\n
"},{"location":"en/end-user/insight/collection-manag/metric-collect.html#service-monitor","title":"Service Monitor","text":"The explanation for the proper configmaps is as follows:
# Prometheus Operator CRD version\napiVersion: monitoring.coreos.com/v1\n# proper Kubernetes resource type, here it is ServiceMonitor\nkind: ServiceMonitor\n# proper Kubernetes Metadata, only the name needs to be concerned. If jobLabel is not specified, the value of the job label in the scraped metrics will be the name of the Service.\nmetadata:\n name: redis-exporter # Specify a unique name\n namespace: cm-prometheus # Fixed namespace, no need to modify\n# Describes the selection and configuration of the target Pods to be scraped\n labels:\n operator.insight.io/managed-by: insight # Label indicating managed by Insight, required.\nspec:\n # Specify the label(metadata/labels) of the proper Pod, service monitor will use this value as the job label value.\n [ jobLabel: string ]\n # Adds the Labels of the proper service to the Target's Labels\n [ targetLabels: []string ]\n # Adds the Labels of the proper Pod to the Target's Labels\n [ podTargetLabels: []string ]\n # Limit the number of data points per scrape, 0: no limit, default is 0\n [ sampleLimit: uint64 ]\n # Limit the number of targets per scrape, 0: no limit, default is 0\n [ targetLimit: uint64 ]\n # Configure the Prometheus HTTP endpoints that need to be scraped and exposed. Multiple endpoints can be configured.\n endpoints:\n [ - <endpoint_config> ... ] # See explanation below for endpoint\n # Select the namespaces where the monitored Pods are located. Leave it blank to select all namespaces.\n [ namespaceSelector: ]\n # Select all namespaces\n [ any: bool ]\n # Specify the list of namespaces to be selected\n [ matchNames: []string ]\n # Specify the Label values of the Pods to be monitored in order to locate the target Pods [K8S metav1.LabelSelector](https://v1-17.docs.kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#labelselector-v1-meta)\n selector:\n [ matchExpressions: array ]\n [ example: - {key: tier, operator: In, values: [cache]} ]\n [ matchLabels: object ]\n [ example: k8s-app: redis-exporter ]\n
"},{"location":"en/end-user/insight/collection-manag/metric-collect.html#example","title":"Example","text":"apiVersion: monitoring.coreos.com/v1\nkind: ServiceMonitor\nmetadata:\n name: go-demo # Specify a unique name\n namespace: cm-prometheus # Fixed namespace, do not modify\n labels:\n operator.insight.io/managed-by: insight # Label indicating managed by Insight, required.\nspec:\n endpoints:\n - interval: 30s\n # Specify the Port Name proper to Prometheus Exporter in the service YAML\n port: 8080-8080-tcp\n # Specify the value of the Path proper to Prometheus Exporter, if not specified, default is /metrics\n path: /metrics\n relabelings:\n # ** There must be a label named 'application', assuming there is a label named 'app' in k8s,\n # we replace it with 'application' using the relabel 'replace' action\n - action: replace\n sourceLabels: [__meta_kubernetes_pod_label_app]\n targetLabel: application\n # Select the namespace where the monitored service is located\n namespaceSelector:\n matchNames:\n - golang-demo\n # Specify the Label values of the service to be monitored in order to locate the target service\n selector:\n matchLabels:\n app: golang-app-demo\n
"},{"location":"en/end-user/insight/collection-manag/metric-collect.html#endpoint_config","title":"endpoint_config","text":"The explanation for the proper configmaps is as follows:
# The name of the proper port. Please note that it's not the actual port number.\n# Default: 80. Possible values are as follows:\n# ServiceMonitor: corresponds to Service>spec/ports/name;\n# PodMonitor: explained as follows:\n# If viewing the Pod YAML, take the value from pod.spec.containers.ports.name.\n# If viewing Deployment/DaemonSet/StatefulSet, take the value from spec.template.spec.containers.ports.name.\n[ port: string | default = 80]\n# The URI path for the scrape request.\n[ path: string | default = /metrics ]\n# The protocol for the scrape: http or https.\n[ scheme: string | default = http]\n# URL parameters for the scrape request.\n[ params: map[string][]string]\n# The interval between scrape requests.\n[ interval: string | default = 30s ]\n# The timeout for the scrape request.\n[ scrapeTimeout: string | default = 30s]\n# Whether the scrape connection should be made over a secure TLS channel, and the TLS configuration.\n[ tlsConfig: TLSConfig ]\n# Read the bearer token value from the specified file and include it in the headers of the scrape request.\n[ bearerTokenFile: string ]\n# Read the bearer token from the specified K8S secret key. Note that the secret namespace must match the PodMonitor/ServiceMonitor.\n[ bearerTokenSecret: string ]\n# Handling conflicts when scraped labels conflict with labels added by the backend Prometheus.\n# true: Keep the scraped labels and ignore the conflicting labels from the backend Prometheus.\n# false: For conflicting labels, prefix the scraped label with 'exported_<original-label>' and add the labels added by the backend Prometheus.\n[ honorLabels: bool | default = false ]\n# Whether to use the timestamp generated on the target during the scrape.\n# true: Use the timestamp on the target if available.\n# false: Ignore the timestamp on the target.\n[ honorTimestamps: bool | default = true ]\n# Basic authentication credentials. Fill in the values of username/password from the proper K8S secret key. Note that the secret namespace must match the PodMonitor/ServiceMonitor.\n[ basicAuth: BasicAuth ]\n# Scrape the metrics from the target through a proxy server. Specify the address of the proxy server.\n[ proxyUrl: string ]\n# After scraping the data, rewrite the values of the labels on the target using the relabeling mechanism. Multiple relabel rules are executed in order.\n# See explanation below for relabel_config\nrelabelings:\n[ - <relabel_config> ...]\n# Before writing the scraped data, rewrite the values of the proper labels on the target using the relabeling mechanism. Multiple relabel rules are executed in order.\n# See explanation below for relabel_config\nmetricRelabelings:\n[ - <relabel_config> ...]\n
"},{"location":"en/end-user/insight/collection-manag/metric-collect.html#relabel_config","title":"relabel_config","text":"The explanation for the proper configmaps is as follows:
# Specifies which labels to take from the original labels for relabeling. The values taken are concatenated using the separator defined in the configuration.\n# For PodMonitor/ServiceMonitor, the proper configmap is sourceLabels.\n[ source_labels: '[' <labelname> [, ...] ']' ]\n# Defines the character used to concatenate the values of the labels to be relabeled. Default is ';'.\n[ separator: <string> | default = ; ]\n\n# When the action is replace/hashmod, target_label is used to specify the proper label name.\n# For PodMonitor/ServiceMonitor, the proper configmap is targetLabel.\n[ target_label: <labelname> ]\n\n# Regular expression used to match the values of the source labels.\n[ regex: <regex> | default = (.*) ]\n\n# Used when action is hashmod, it takes the modulus value based on the MD5 hash of the source label's value.\n[ modulus: <int> ]\n\n# Used when action is replace, it defines the expression to replace when the regex matches. It can use regular expression replacement with regex.\n[ replacement: <string> | default = $1 ]\n\n# Actions performed based on the matched values of regex. The available actions are as follows, with replace being the default:\n# replace: If the regex matches, replace the proper value with the value defined in replacement. Set the value using target_label and add the proper label.\n# keep: If the regex doesn't match, discard the value.\n# drop: If the regex matches, discard the value.\n# hashmod: Take the modulus of the MD5 hash of the source label's value based on the value specified in modulus.\n# Add a new label with a label name specified by target_label.\n# labelmap: If the regex matches, replace the proper label name with the value specified in replacement.\n# labeldrop: If the regex matches, delete the proper label.\n# labelkeep: If the regex doesn't match, delete the proper label.\n[ action: <relabel_action> | default = replace ]\n
"},{"location":"en/end-user/insight/collection-manag/probe-module.html","title":"Custom probers","text":"Insight uses the Blackbox Exporter provided by Prometheus as a blackbox monitoring solution, allowing detection of target instances via HTTP, HTTPS, DNS, ICMP, TCP, and gRPC. It can be used in the following scenarios:
In this page, we will explain how to configure custom probers in an existing Blackbox ConfigMap.
ICMP prober is not enabled by default in Insight because it requires higher permissions. Therfore We will use the HTTP prober as an example to demonstrate how to modify the ConfigMap to achieve custom HTTP probing.
"},{"location":"en/end-user/insight/collection-manag/probe-module.html#procedure","title":"Procedure","text":"Find the ConfigMap named insight-agent-prometheus-blackbox-exporter and click Edit YAML .
Add custom probers under modules :
module:\n http_2xx:\n prober: http\n timeout: 5s\n http:\n valid_http_versions: [HTTP/1.1, HTTP/2]\n valid_status_codes: [] # Defaults to 2xx\n method: GET\n
module:\n ICMP: # Example of ICMP prober configuration\n prober: icmp\n timeout: 5s\n icmp:\n preferred_ip_protocol: ip4\nicmp_example: # Example 2 of ICMP prober configuration\n prober: icmp\n timeout: 5s\n icmp:\n preferred_ip_protocol: \"ip4\"\n source_ip_address: \"127.0.0.1\"\n
Since ICMP requires higher permissions, we also need to elevate the pod permissions. Otherwise, an operation not permitted
error will occur. There are two ways to elevate permissions: Directly edit the BlackBox Exporter
deployment file to enable it
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: insight-agent-prometheus-blackbox-exporter\n namespace: insight-system\nspec:\n template:\n spec:\n containers:\n - name: blackbox-exporter\n image: # ... (image, args, ports, etc. remain unchanged)\n imagePullPolicy: IfNotPresent\n securityContext:\n allowPrivilegeEscalation: false\n capabilities:\n add:\n - NET_RAW\n drop:\n - ALL\n readOnlyRootFilesystem: true\n runAsGroup: 0\n runAsNonRoot: false\n runAsUser: 0\n
Elevate permissions via helm upgrade
prometheus-blackbox-exporter:\n enabled: true\n securityContext:\n runAsUser: 0\n runAsGroup: 0\n readOnlyRootFilesystem: true\n runAsNonRoot: false\n allowPrivilegeEscalation: false\n capabilities:\n add: [\"NET_RAW\"]\n
Info
For more probers, refer to blackbox_exporter Configuration.
"},{"location":"en/end-user/insight/collection-manag/probe-module.html#other-references","title":"Other References","text":"The following YAML file contains various probers such as HTTP, TCP, SMTP, ICMP, and DNS. You can modify the configuration file of insight-agent-prometheus-blackbox-exporter
according to your needs.
kind: ConfigMap\napiVersion: v1\nmetadata:\n name: insight-agent-prometheus-blackbox-exporter\n namespace: insight-system\n labels:\n app.kubernetes.io/instance: insight-agent\n app.kubernetes.io/managed-by: Helm\n app.kubernetes.io/name: prometheus-blackbox-exporter\n app.kubernetes.io/version: v0.24.0\n helm.sh/chart: prometheus-blackbox-exporter-8.8.0\n annotations:\n meta.helm.sh/release-name: insight-agent\n meta.helm.sh/release-namespace: insight-system\ndata:\n blackbox.yaml: |\n modules:\n HTTP_GET:\n prober: http\n timeout: 5s\n http:\n method: GET\n valid_http_versions: [\"HTTP/1.1\", \"HTTP/2.0\"]\n follow_redirects: true\n preferred_ip_protocol: \"ip4\"\n HTTP_POST:\n prober: http\n timeout: 5s\n http:\n method: POST\n body_size_limit: 1MB\n TCP:\n prober: tcp\n timeout: 5s\n # Not enabled by default:\n # ICMP:\n # prober: icmp\n # timeout: 5s\n # icmp:\n # preferred_ip_protocol: ip4\n SSH:\n prober: tcp\n timeout: 5s\n tcp:\n query_response:\n - expect: \"^SSH-2.0-\"\n POP3S:\n prober: tcp\n tcp:\n query_response:\n - expect: \"^+OK\"\n tls: true\n tls_config:\n insecure_skip_verify: false\n http_2xx_example: # http prober example\n prober: http\n timeout: 5s # probe timeout\n http:\n valid_http_versions: [\"HTTP/1.1\", \"HTTP/2.0\"] # Version in the response, usually default\n valid_status_codes: [] # Defaults to 2xx # Valid range of response codes, probe successful if within this range\n method: GET # request method\n headers: # request headers\n Host: vhost.example.com\n Accept-Language: en-US\n Origin: example.com\n no_follow_redirects: false # allow redirects\n fail_if_ssl: false \n fail_if_not_ssl: false\n fail_if_body_matches_regexp:\n - \"Could not connect to database\"\n fail_if_body_not_matches_regexp:\n - \"Download the latest version here\"\n fail_if_header_matches: # Verifies that no cookies are set\n - header: Set-Cookie\n allow_missing: true\n regexp: '.*'\n fail_if_header_not_matches:\n - header: Access-Control-Allow-Origin\n regexp: '(\\*|example\\.com)'\n tls_config: # tls configuration for https requests\n insecure_skip_verify: false\n preferred_ip_protocol: \"ip4\" # defaults to \"ip6\" # Preferred IP protocol version\n ip_protocol_fallback: false # no fallback to \"ip6\" \n http_post_2xx: # http prober example with body\n prober: http\n timeout: 5s\n http:\n method: POST # probe request method\n headers:\n Content-Type: application/json\n body: '{\"username\":\"admin\",\"password\":\"123456\"}' # body carried during probe\n http_basic_auth_example: # prober example with username and password\n prober: http\n timeout: 5s\n http:\n method: POST\n headers:\n Host: \"login.example.com\"\n basic_auth: # username and password to be added during probe\n username: \"username\"\n password: \"mysecret\"\n http_custom_ca_example:\n prober: http\n http:\n method: GET\n tls_config: # root certificate used during probe\n ca_file: \"/certs/my_cert.crt\"\n http_gzip:\n prober: http\n http:\n method: GET\n compression: gzip # compression method used during probe\n http_gzip_with_accept_encoding:\n prober: http\n http:\n method: GET\n compression: gzip\n headers:\n Accept-Encoding: gzip\n tls_connect: # TCP prober example\n prober: tcp\n timeout: 5s\n tcp:\n tls: true # use TLS\n tcp_connect_example:\n prober: tcp\n timeout: 5s\n imap_starttls: # IMAP email server probe configuration example\n prober: tcp\n timeout: 5s\n tcp:\n query_response:\n - expect: \"OK.*STARTTLS\"\n - send: \". STARTTLS\"\n - expect: \"OK\"\n - starttls: true\n - send: \". capability\"\n - expect: \"CAPABILITY IMAP4rev1\"\n smtp_starttls: # SMTP email server probe configuration example\n prober: tcp\n timeout: 5s\n tcp:\n query_response:\n - expect: \"^220 ([^ ]+) ESMTP (.+)$\"\n - send: \"EHLO prober\\r\"\n - expect: \"^250-STARTTLS\"\n - send: \"STARTTLS\\r\"\n - expect: \"^220\"\n - starttls: true\n - send: \"EHLO prober\\r\"\n - expect: \"^250-AUTH\"\n - send: \"QUIT\\r\"\n irc_banner_example:\n prober: tcp\n timeout: 5s\n tcp:\n query_response:\n - send: \"NICK prober\"\n - send: \"USER prober prober prober :prober\"\n - expect: \"PING :([^ ]+)\"\n send: \"PONG ${1}\"\n - expect: \"^:[^ ]+ 001\"\n # icmp_example: # ICMP prober configuration example\n # prober: icmp\n # timeout: 5s\n # icmp:\n # preferred_ip_protocol: \"ip4\"\n # source_ip_address: \"127.0.0.1\"\n dns_udp_example: # DNS query example using UDP\n prober: dns\n timeout: 5s\n dns:\n query_name: \"www.prometheus.io\" # domain name to resolve\n query_type: \"A\" # type proper to this domain\n valid_rcodes:\n - NOERROR\n validate_answer_rrs:\n fail_if_matches_regexp:\n - \".*127.0.0.1\"\n fail_if_all_match_regexp:\n - \".*127.0.0.1\"\n fail_if_not_matches_regexp:\n - \"www.prometheus.io.\\t300\\tIN\\tA\\t127.0.0.1\"\n fail_if_none_matches_regexp:\n - \"127.0.0.1\"\n validate_authority_rrs:\n fail_if_matches_regexp:\n - \".*127.0.0.1\"\n validate_additional_rrs:\n fail_if_matches_regexp:\n - \".*127.0.0.1\"\n dns_soa:\n prober: dns\n dns:\n query_name: \"prometheus.io\"\n query_type: \"SOA\"\n dns_tcp_example: # DNS query example using TCP\n prober: dns\n dns:\n transport_protocol: \"tcp\" # defaults to \"udp\"\n preferred_ip_protocol: \"ip4\" # defaults to \"ip6\"\n query_name: \"www.prometheus.io\"\n
"},{"location":"en/end-user/insight/collection-manag/service-monitor.html","title":"Configure service discovery rules","text":"Observable Insight supports the way of creating CRD ServiceMonitor through container management to meet your collection requirements for custom service discovery. Users can use ServiceMonitor to define the scope of the Namespace discovered by the Pod and select the monitored Service through matchLabel .
"},{"location":"en/end-user/insight/collection-manag/service-monitor.html#prerequisites","title":"Prerequisites","text":"The cluster has the Helm App insight-agent installed and in the running state.
"},{"location":"en/end-user/insight/collection-manag/service-monitor.html#steps","title":"Steps","text":"Select Data Collection on the left navigation bar to view the status of all cluster collection plug-ins.
Click a cluster name to enter the collection configuration details.
Click the link to jump to Container Management to create a Service Monitor.
apiVersion: monitoring.coreos.com/v1\nkind: ServiceMonitor\nmetadata:\n name: micrometer-demo # (1)\n namespace: insight-system # (2)\n labels: \n operator.insight.io/managed-by: insight\nspec:\n endpoints: # (3)\n - honorLabels: true\n interval: 15s\n path: /actuator/prometheus\n port: http\n namespaceSelector: # (4)\n matchNames:\n - insight-system # (5)\n selector: # (6)\n matchLabels:\n micrometer-prometheus-discovery: \"true\"\n
This is the service endpoint, which represents the address where Prometheus collects Metrics. endpoints is an array, and multiple endpoints can be created at the same time. Each endpoint contains three fields, and the meaning of each field is as follows:
This is the scope of the Service that needs to be discovered. namespaceSelector contains two mutually exclusive fields, and the meaning of the fields is as follows:
matchNames : An array value that specifies the scope of namespace to be monitored. For example, if you only want to monitor the Services in two namespaces, default and insight-system, the matchNames are set as follows:
namespaceSelector:\n matchNames:\n - default\n - insight-system\n
The namespace where the application that needs to expose metrics is located
Grafana is a cross-platform open source visual analysis tool. Insight uses open source Grafana to provide monitoring services, and supports viewing resource consumption from multiple dimensions such as clusters, nodes, and namespaces.
For more information on open source Grafana, see Grafana Official Documentation.
"},{"location":"en/end-user/insight/dashboard/dashboard.html#steps","title":"Steps","text":"Select Dashboard from the left navigation bar .
In the Insight / Overview dashboard, you can view the resource usage of multiple clusters and analyze resource usage, network, storage, and more based on dimensions such as namespaces and Pods.
Click the dropdown menu in the upper-left corner of the dashboard to switch between clusters.
Click the lower-right corner of the dashboard to switch the time range for queries.
Insight provides several recommended dashboards that allow monitoring from different dimensions such as nodes, namespaces, and workloads. Switch between dashboards by clicking the insight-system / Insight / Overview section.
Note
For accessing Grafana UI, refer to Access Native Grafana.
For importing custom dashboards, refer to Importing Custom Dashboards.
By using Grafana CRD, you can incorporate the management and deployment of dashboards into the lifecycle management of Kubernetes. This enables version control, automated deployment, and cluster-level management of dashboards. This page describes how to import custom dashboards using CRD and the UI interface.
"},{"location":"en/end-user/insight/dashboard/import-dashboard.html#steps","title":"Steps","text":"Log in to the AI platform and go to Container Management . Select the kpanda-global-cluster from the cluster list.
Choose Custom Resources from the left navigation bar. Look for the grafanadashboards.integreatly.org file in the list and click it to view the details.
Click YAML Create and use the following template. Replace the dashboard JSON in the Json field.
apiVersion: integreatly.org/v1alpha1\nkind: GrafanaDashboard\nmetadata:\n labels:\n app: insight-grafana-operator\n operator.insight.io/managed-by: insight\n name: sample-dashboard\n namespace: insight-system\nspec:\n json: >\n {\n \"id\": null,\n \"title\": \"Simple Dashboard\",\n \"tags\": [],\n \"style\": \"dark\",\n \"timezone\": \"browser\",\n \"editable\": true,\n \"hideControls\": false,\n \"graphTooltip\": 1,\n \"panels\": [],\n \"time\": {\n \"from\": \"now-6h\",\n \"to\": \"now\"\n },\n \"timepicker\": {\n \"time_options\": [],\n \"refresh_intervals\": []\n },\n \"templating\": {\n \"list\": []\n },\n \"annotations\": {\n \"list\": []\n },\n \"refresh\": \"5s\",\n \"schemaVersion\": 17,\n \"version\": 0,\n \"links\": []\n }\n
After clicking OK , wait for a while to view the newly imported dashboard in Dashboard .
Info
If you need to customize the dashboard, refer to Add Dashboard Panel.
"},{"location":"en/end-user/insight/dashboard/login-grafana.html","title":"Access Native Grafana","text":"Please make sure that the Helm App Insight in your global management cluster is in Running state.
The specific operation steps are as follows:
Log in to the console to access native Grafana.
Access address: http://ip:port/ui/insight-grafana
For example: http://10.6.10.233:30209/ui/insight-grafana
Click Login in the lower right corner, and use the default username and password to log in.
Default username: admin
Default password: admin
Click Log in to complete the login.
Insight only collects data from clusters that have insight-agent installed and running in a normal state. The overview provides an overview of resources across multiple clusters:
Select Overview in the left navigation bar to enter the details page.
"},{"location":"en/end-user/insight/data-query/log.html","title":"Log query","text":"By default, Insight collects node logs, container logs, and Kubernetes audit logs. In the log query page, you can search for standard output (stdout) logs within the permissions of your login account. This includes node logs, product logs, and Kubernetes audit logs. You can quickly find the desired logs among a large volume of logs. Additionally, you can use the source information and contextual raw data of the logs to assist in troubleshooting and issue resolution.
"},{"location":"en/end-user/insight/data-query/log.html#prerequisites","title":"Prerequisites","text":"The cluster has insight-agent installed and the application is in running state.
"},{"location":"en/end-user/insight/data-query/log.html#query-log","title":"Query log","text":"In the left navigation bar, select Data Query -> Log Query .
After selecting the query criteria, click Search , and the log records in the form of graphs will be displayed. The most recent logs are displayed on top.
In the Filter panel, switch Type and select Node to check the logs of all nodes in the cluster.
In the Filter panel, switch Type and select Event to view the logs generated by all Kubernetes events in the cluster.
Lucene Syntax Explanation:
timestamp:[2022-01-01 TO 2022-01-31]
.Clicking on the button next to a log will slide out a panel on the right side where you can view the default 100 lines of context for that log. You can switch the Display Rows option to view more contextual content.
"},{"location":"en/end-user/insight/data-query/log.html#export-log","title":"Export log","text":"Click the download button located in the upper right corner of the list.
Metric query supports querying the index data of each container resource, and you can view the trend changes of the monitoring index. At the same time, advanced query supports native PromQL statements for Metric query.
"},{"location":"en/end-user/insight/data-query/metric.html#prerequisites","title":"Prerequisites","text":"In the left navigation bar, click Data Query -> metric Query .
After selecting query conditions such as cluster, type, node, and metric name, click Search , and the proper metric chart and data details will be displayed on the right side of the screen.
Tip
Support custom time range. You can manually click the Refresh icon or select a default time interval to refresh.
"},{"location":"en/end-user/insight/data-query/metric.html#advanced-search","title":"Advanced Search","text":"In the left navigation bar, click Data Query -> metric Query , click the Advanced Query tab to switch to the advanced query page.
Enter a PromQL statement (see PromQL Syntax), click Query , and the query metric chart and data details will be displayed.
Through cluster monitoring, you can view the basic information of the cluster, the resource consumption and the trend of resource consumption over a period of time.
"},{"location":"en/end-user/insight/infra/cluster.html#prerequisites","title":"Prerequisites","text":"The cluster has insight-agent installed and the application is in running state.
"},{"location":"en/end-user/insight/infra/cluster.html#steps","title":"Steps","text":"Go to the Insight product module.
Select Infrastructure > Clusters from the left navigation bar. On this page, you can view the following information:
Click Resource Level Monitor, you can view more metrics of the current cluster.
Container insight is the process of monitoring workloads in cluster management. In the list, you can view basic information and status of workloads. On the Workloads details page, you can see the number of active alerts and the trend of resource consumption such as CPU and memory.
"},{"location":"en/end-user/insight/infra/container.html#prerequisites","title":"Prerequisites","text":"The cluster has insight-agent installed, and all pods are in the Running state.
To install insight-agent, please refer to: Installing insight-agent online or Offline upgrade of insight-agent.
Follow these steps to view service monitoring metrics:
Go to the Insight product module.
Select Infrastructure > Workloads from the left navigation bar.
Switch between tabs at the top to view data for different types of workloads.
Click the target workload name to view the details.
Switch to the Pods tab to view the status of various pods for the workload, including their nodes, restart counts, and other information.
Switch to the JVM monitor tab to view the JVM metrics for each pods
Note
AI platform Insight supports event querying by cluster and namespace.
"},{"location":"en/end-user/insight/infra/event.html#event-status-distribution","title":"Event Status Distribution","text":"By default, the events that occurred within the last 12 hours are displayed. You can select a different time range in the upper right corner to view longer or shorter periods. You can also customize the sampling interval from 1 minute to 5 hours.
The event status distribution chart provides a visual representation of the intensity and dispersion of events. This helps in evaluating and preparing for subsequent cluster operations and maintenance tasks. If events are densely concentrated during specific time periods, you may need to allocate more resources or take proper measures to ensure cluster stability and high availability. On the other hand, if events are dispersed, you can effectively schedule other maintenance tasks such as system optimization, upgrades, or handling other tasks during this period.
By considering the event status distribution chart and the selected time range, you can better plan and manage your cluster operations and maintenance work, ensuring system stability and reliability.
"},{"location":"en/end-user/insight/infra/event.html#event-count-and-statistics","title":"Event Count and Statistics","text":"Through important event statistics, you can easily understand the number of image pull failures, health check failures, Pod execution failures, Pod scheduling failures, container OOM (Out-of-Memory) occurrences, volume mounting failures, and the total count of all events. These events are typically categorized as \"Warning\" and \"Normal\".
"},{"location":"en/end-user/insight/infra/event.html#event-list","title":"Event List","text":"The event list is presented chronologically based on time. You can sort the events by Last Occurrend At and Type .
By clicking on the \u2699\ufe0f icon on the right side, you can customize the displayed columns according to your preferences and needs.
Additionally, you can click the refresh icon to update the current event list when needed.
In the operation column on the right, clicking the icon allows you to view the history of a specific event.
"},{"location":"en/end-user/insight/infra/event.html#reference","title":"Reference","text":"For detailed meanings of the built-in Events in the system, refer to the Kubernetes API Event List.
"},{"location":"en/end-user/insight/infra/namespace.html","title":"Namespace Monitoring","text":"With namespaces as the dimension, you can quickly query resource consumption and trends within a namespace.
"},{"location":"en/end-user/insight/infra/namespace.html#prerequisites","title":"Prerequisites","text":"Go to the Insight product module.
Select Infrastructure -> Namespaces from the left navigation bar. On this page, you can view the following information:
Through node monitoring, you can get an overview of the current health status of the nodes in the selected cluster and the number of abnormal pod; on the current node details page, you can view the number of alerts and the trend of resource consumption such as CPU, memory, and disk.
"},{"location":"en/end-user/insight/infra/node.html#prerequisites","title":"Prerequisites","text":"Go to the Insight product module.
Select Infrastructure -> Nodes from the left navigation bar. On this page, you can view the following information:
Click Resource Level Monitor, you can view more metrics of the current cluster.
Probe refers to the use of black-box monitoring to regularly test the connectivity of targets through HTTP, TCP, and other methods, enabling quick detection of ongoing faults.
Insight uses the Prometheus Blackbox Exporter tool to probe the network using protocols such as HTTP, HTTPS, DNS, TCP, and ICMP, and returns the probe results to understand the network status.
"},{"location":"en/end-user/insight/infra/probe.html#prerequisites","title":"Prerequisites","text":"The insight-agent has been successfully deployed in the target cluster and is in the Running state.
"},{"location":"en/end-user/insight/infra/probe.html#view-probes","title":"View Probes","text":"Select Infrastructure -> Probes in the left navigation bar.
Fill in the basic information and click Next .
Configure the probe parameters.
After configuring, click OK to complete the creation.
Warning
After the probe task is created, it takes about 3 minutes to synchronize the configuration. During this period, no probes will be performed, and probe results cannot be viewed.
"},{"location":"en/end-user/insight/infra/probe.html#view-monitoring-dashboards","title":"View Monitoring Dashboards","text":"Click \u2507 in the operations column and click View Monitoring Dashboard .
Metric Name Description Current Status Response Represents the response status code of the HTTP probe request. Ping Status Indicates whether the probe request was successful. 1 indicates a successful probe request, and 0 indicates a failed probe request. IP Protocol Indicates the IP protocol version used in the probe request. SSL Expiry Represents the earliest expiration time of the SSL/TLS certificate. DNS Response (Latency) Represents the duration of the entire probe process in seconds. HTTP Duration Represents the duration of the entire process from sending the request to receiving the complete response."},{"location":"en/end-user/insight/infra/probe.html#edit-a-probe","title":"Edit a Probe","text":"Click \u2507 in the operations column and click Edit .
"},{"location":"en/end-user/insight/infra/probe.html#delete-a-probe","title":"Delete a Probe","text":"Click \u2507 in the operations column and click Delete .
"},{"location":"en/end-user/insight/quickstart/agent-status.html","title":"Insight-agent component status","text":"Insight is a multicluster observation product in AI platform. In order to realize the unified collection of multicluster observation data, users need to install the Helm App insight-agent (Installed in insight-system namespace by default). See How to install insight-agent .
"},{"location":"en/end-user/insight/quickstart/agent-status.html#status-description","title":"Status description","text":"In Insight -> Data Collection section, you can view the status of insight-agent installed in each cluster.
Can be checked by:
Run the following command, if the status is deployed , go to the next step. If it is failed , since it will affect the upgrade of the application, it is recommended to reinstall after uninstalling Container Management -> Helm Apps :
helm list -n insight-system\n
run the following command or check the status of the components deployed in the cluster in Insight -> Data Collection . If there is a pod that is not in the Running state, please restart the abnormal pod.
kubectl get pods -n insight-system\n
The resource consumption of the metric collection component Prometheus in insight-agent is directly proportional to the number of pods running in the cluster. Adjust Prometheus resources according to the cluster size, please refer to Prometheus Resource Planning.
Since the storage capacity of the metric storage component vmstorage in the global service cluster is directly proportional to the sum of the number of pods in each cluster.
AI platform enables the management and creation of multicloud and multiple clusters. Building upon this capability, Insight serves as a unified observability solution for multiple clusters. It collects observability data from multiple clusters by deploying the insight-agent plugin and allows querying of metrics, logs, and trace data through the AI platform Insight.
insight-agent is a tool that facilitates the collection of observability data from multiple clusters. Once installed, it automatically collects metrics, logs, and trace data without any modifications.
Clusters created through Container Management come pre-installed with insight-agent. Hence, this guide specifically provides instructions on enabling observability for integrated clusters.
As a unified observability platform for multiple clusters, Insight's resource consumption of certain components is closely related to the data of cluster creation and the number of integrated clusters. When installing insight-agent, it is necessary to adjust the resources of the proper components based on the cluster size.
Adjust the CPU and memory resources of the Prometheus collection component in insight-agent according to the size of the cluster created or integrated. Please refer to Prometheus resource planning.
As the metric data from multiple clusters is stored centrally, AI platform administrators need to adjust the disk space of vmstorage based on the cluster size. Please refer to vmstorage disk capacity planning.
For instructions on adjusting the disk space of vmstorage, please refer to Expanding vmstorage disk.
Since AI platform supports the management of multicloud and multiple clusters, insight-agent has undergone partial verification. However, there are known conflicts with monitoring components when installing insight-agent in Suanova 4.0 clusters and Openshift 4.x clusters. If you encounter similar issues, please refer to the following documents:
Currently, the insight-agent collection component has undergone functional testing for popular versions of Kubernetes. Please refer to:
The Insight Module supports switching log to Big Log mode and trace to Big Trace mode, in order to enhance data writing capabilities in large-scale environments. This page introduces following methods for enabling these modes:
manifest.yaml
)This section explains the differences between the normal log mode and the Big Log mode.
"},{"location":"en/end-user/insight/quickstart/install/big-log-and-trace.html#log-mode","title":"Log Mode","text":"Components: Fluentbit + Elasticsearch
This mode is referred to as the ES mode, and the data flow diagram is shown below:
"},{"location":"en/end-user/insight/quickstart/install/big-log-and-trace.html#big-log-mode","title":"Big Log Mode","text":"Components: Fluentbit + Kafka + Vector + Elasticsearch
This mode is referred to as the Kafka mode, and the data flow diagram is shown below:
"},{"location":"en/end-user/insight/quickstart/install/big-log-and-trace.html#traces","title":"Traces","text":"This section explains the differences between the normal trace mode and the Big Trace mode.
"},{"location":"en/end-user/insight/quickstart/install/big-log-and-trace.html#trace-mode","title":"Trace Mode","text":"Components: Agent opentelemetry-collector + Global opentelemetry-collector + Jaeger-collector + Elasticsearch
This mode is referred to as the OTlp mode, and the data flow diagram is shown below:
"},{"location":"en/end-user/insight/quickstart/install/big-log-and-trace.html#big-trace-mode","title":"Big Trace Mode","text":"Components: Agent opentelemetry-collector + Kafka + Global opentelemetry-collector + Jaeger-collector + Elasticsearch
This mode is referred to as the Kafka mode, and the data flow diagram is shown below:
"},{"location":"en/end-user/insight/quickstart/install/big-log-and-trace.html#enabling-via-installer","title":"Enabling via Installer","text":"When deploying/upgrading AI platform using the installer, the manifest.yaml
file includes the infrastructures.kafka
field. To enable observable Big Log and Big Trace modes, Kafka must be activated:
apiVersion: manifest.daocloud.io/v1alpha1\nkind: SuanovaManifest\n...\ninfrastructures:\n ...\n kafka:\n enable: true # Default is false\n cpuLimit: 1\n memLimit: 2Gi\n pvcSize: 15Gi\n
"},{"location":"en/end-user/insight/quickstart/install/big-log-and-trace.html#enable","title":"Enable","text":"When using a manifest.yaml
that enables kafka
during installation, Kafka middleware will be installed by default, and Big Log and Big Trace modes will be enabled automatically. The installation command is:
./dce5-installer cluster-create -c clusterConfig.yaml -m manifest.yaml\n
"},{"location":"en/end-user/insight/quickstart/install/big-log-and-trace.html#upgrade","title":"Upgrade","text":"The upgrade also involves modifying the kafka
field. However, note that since the old environment was installed with kafka: false
, Kafka is not present in the environment. Therefore, you need to specify the upgrade for middleware
to install Kafka middleware simultaneously. The upgrade command is:
./dce5-installer cluster-create -c clusterConfig.yaml -m manifest.yaml -u gproduct,middleware\n
Note
After the upgrade is complete, you need to manually restart the following components:
Prerequisites: Ensure that there is a usable Kafka and that the address is accessible.
Use the following commands to retrieve the values of the old versions of Insight and insight-agent (it's recommended to back them up):
helm get values insight -n insight-system -o yaml > insight.yaml\nhelm get values insight-agent -n insight-system -o yaml > insight-agent.yaml\n
"},{"location":"en/end-user/insight/quickstart/install/big-log-and-trace.html#enabling-big-log","title":"Enabling Big Log","text":"There are several ways to enable or upgrade to Big Log mode:
Use--set
in the helm upgrade
commandModify YAML and run helm upgradeUpgrade via Container Management UI First, run the following Insight upgrade command, ensuring the Kafka brokers address is correct:
helm upgrade insight insight-release/insight \\\n -n insight-system \\\n -f ./insight.yaml \\\n --set global.kafka.brokers=\"10.6.216.111:30592\" \\\n --set global.kafka.enabled=true \\\n --set vector.enabled=true \\\n --version 0.30.1\n
Then, run the following insight-agent upgrade command, ensuring the Kafka brokers address is correct:
helm upgrade insight-agent insight-release/insight-agent \\\n -n insight-system \\\n -f ./insight-agent.yaml \\\n --set global.exporters.logging.kafka.brokers=\"10.6.216.111:30592\" \\\n --set global.exporters.logging.output=kafka \\\n --version 0.30.1\n
Follow these steps to modify the YAML and then run the helm upgrade
command:
Modify insight.yaml
global:\n ...\n kafka:\n brokers: 10.6.216.111:30592\n enabled: true\n...\nvector:\n enabled: true\n
Upgrade the Insight component:
helm upgrade insight insight-release/insight \\\n -n insight-system \\\n -f ./insight.yaml \\\n --version 0.30.1\n
Modify insight-agent.yaml
global:\n ...\n exporters:\n ...\n logging:\n ...\n kafka:\n brokers: 10.6.216.111:30592\n output: kafka\n
Upgrade the insight-agent:
helm upgrade insight-agent insight-release/insight-agent \\\n -n insight-system \\\n -f ./insight-agent.yaml \\\n --version 0.30.1\n
In the Container Management module, find the cluster, select Helm Apps from the left navigation bar, and find and update the insight-agent.
In Logging Settings, select kafka for output and fill in the correct brokers address.
Note that after the upgrade is complete, you need to manually restart the insight-agent-fluent-bit component.
"},{"location":"en/end-user/insight/quickstart/install/big-log-and-trace.html#enabling-big-trace","title":"Enabling Big Trace","text":"There are several ways to enable or upgrade to Big Trace mode:
Using --set in thehelm upgrade
commandModify YAML and run helm upgradeUpgrade via Container Management UI First, run the following Insight upgrade command, ensuring the Kafka brokers address is correct:
helm upgrade insight insight-release/insight \\\n -n insight-system \\\n -f ./insight.yaml \\\n --set global.kafka.brokers=\"10.6.216.111:30592\" \\\n --set global.kafka.enabled=true \\\n --set global.tracing.kafkaReceiver.enabled=true \\\n --version 0.30.1\n
Then, run the following insight-agent upgrade command, ensuring the Kafka brokers address is correct:
helm upgrade insight-agent insight-release/insight-agent \\\n -n insight-system \\\n -f ./insight-agent.yaml \\\n --set global.exporters.trace.kafka.brokers=\"10.6.216.111:30592\" \\\n --set global.exporters.trace.output=kafka \\\n --version 0.30.1\n
Follow these steps to modify the YAML and then run the helm upgrade
command:
Modify insight.yaml
global:\n ...\n kafka:\n brokers: 10.6.216.111:30592\n enabled: true\n...\ntracing:\n ...\n kafkaReceiver:\n enabled: true\n
Upgrade the Insight component:
helm upgrade insight insight-release/insight \\\n -n insight-system \\\n -f ./insight.yaml \\\n --version 0.30.1\n
Modify insight-agent.yaml
global:\n ...\n exporters:\n ...\n trace:\n ...\n kafka:\n brokers: 10.6.216.111:30592\n output: kafka\n
Upgrade the insight-agent:
helm upgrade insight-agent insight-release/insight-agent \\\n -n insight-system \\\n -f ./insight-agent.yaml \\\n --version 0.30.1\n
In the Container Management module, find the cluster, select Helm Apps from the left navigation bar, and find and update the insight-agent.
In Trace Settings, select kafka for output and fill in the correct brokers address.
Note that after the upgrade is complete, you need to manually restart the insight-agent-opentelemetry-collector and insight-opentelemetry-collector components.
"},{"location":"en/end-user/insight/quickstart/install/component-scheduling.html","title":"Custom Insight Component Scheduling Policy","text":"When deploying Insight to a Kubernetes environment, proper resource management and optimization are crucial. Insight includes several core components such as Prometheus, OpenTelemetry, FluentBit, Vector, and Elasticsearch. These components, during their operation, may negatively impact the performance of other pods within the cluster due to resource consumption issues. To effectively manage resources and optimize cluster operations, node affinity becomes an important option.
This page is about how to add taints and node affinity to ensure that each component runs on the appropriate nodes, avoiding resource competition or contention, thereby guranttee the stability and efficiency of the entire Kubernetes cluster.
"},{"location":"en/end-user/insight/quickstart/install/component-scheduling.html#configure-dedicated-nodes-for-insight-using-taints","title":"Configure dedicated nodes for Insight using taints","text":"Since the Insight Agent includes DaemonSet components, the configuration method described in this section is to have all components except the Insight DaemonSet run on dedicated nodes.
This is achieved by adding taints to the dedicated nodes and using tolerations to match them. More details can be found in the Kubernetes official documentation.
You can refer to the following commands to add and remove taints on nodes:
# Add taint\nkubectl taint nodes worker1 node.daocloud.io=insight-only:NoSchedule\n\n# Remove taint\nkubectl taint nodes worker1 node.daocloud.io:NoSchedule-\n
There are two ways to schedule Insight components to dedicated nodes:
"},{"location":"en/end-user/insight/quickstart/install/component-scheduling.html#1-add-tolerations-for-each-component","title":"1. Add tolerations for each component","text":"Configure the tolerations for the insight-server
and insight-agent
Charts respectively:
server:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n\nui:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n\nrunbook:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n\n# mysql:\nvictoria-metrics-k8s-stack:\n victoria-metrics-operator:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n vmcluster:\n spec:\n vmstorage:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n vmselect:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n vminsert:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n vmalert:\n spec:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n alertmanager:\n spec:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n\njaeger:\n collector:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n query:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n\nopentelemetry-collector-aggregator:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n\nopentelemetry-collector:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n\ngrafana-operator:\n operator:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n grafana:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\nkibana:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n\nelastic-alert:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n\nvector:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n
kube-prometheus-stack:\n prometheus:\n prometheusSpec:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n prometheus-node-exporter:\n tolerations:\n - effect: NoSchedule\n operator: Exists\n prometheusOperator:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n\nkube-state-metrics:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\nopentelemetry-operator:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\nopentelemetry-collector:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\ntailing-sidecar-operator:\n operator:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\nopentelemetry-kubernetes-collector:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\nprometheus-blackbox-exporter:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\netcd-exporter:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\" \n
"},{"location":"en/end-user/insight/quickstart/install/component-scheduling.html#2-configure-at-the-namespace-level","title":"2. Configure at the namespace level","text":"Allow pods in the insight-system
namespace to tolerate the node.daocloud.io=insight-only
taint.
Adjust the apiserver
configuration file /etc/kubernetes/manifests/kube-apiserver.yaml
to include PodTolerationRestriction,PodNodeSelector
. See the following picture:
Add an annotation to the insight-system
namespace:
apiVersion: v1\nkind: Namespace\nmetadata:\n name: insight-system\n annotations:\n scheduler.alpha.kubernetes.io/defaultTolerations: '[{\"operator\": \"Equal\", \"effect\": \"NoSchedule\", \"key\": \"node.daocloud.io\", \"value\": \"insight-only\"}]'\n
Restart the components under the insight-system namespace to allow normal scheduling of pods under the insight-system.
"},{"location":"en/end-user/insight/quickstart/install/component-scheduling.html#use-node-labels-and-node-affinity-to-manage-component-scheduling","title":"Use node labels and node affinity to manage component scheduling","text":"Info
Node affinity is conceptually similar to nodeSelector
, allowing you to constrain which nodes a pod can be scheduled on based on labels on the nodes. There are two types of node affinity:
For more details, please refer to the Kubernetes official documentation.
To meet different user needs for scheduling Insight components, Insight provides fine-grained labels for different components' scheduling policies. Below is a description of the labels and their associated components:
Label Key Label Value Descriptionnode.daocloud.io/insight-any
Any value, recommended to use true
Represents that all Insight components prefer nodes with this label node.daocloud.io/insight-prometheus
Any value, recommended to use true
Specifically for Prometheus components node.daocloud.io/insight-vmstorage
Any value, recommended to use true
Specifically for VictoriaMetrics vmstorage components node.daocloud.io/insight-vector
Any value, recommended to use true
Specifically for Vector components node.daocloud.io/insight-otel-col
Any value, recommended to use true
Specifically for OpenTelemetry components You can refer to the following commands to add and remove labels on nodes:
# Add label to node8, prioritizing scheduling insight-prometheus to node8 \nkubectl label nodes node8 node.daocloud.io/insight-prometheus=true\n\n# Remove the node.daocloud.io/insight-prometheus label from node8\nkubectl label nodes node8 node.daocloud.io/insight-prometheus-\n
Below is the default affinity preference for the insight-prometheus component during deployment:
affinity:\n nodeAffinity:\n preferredDuringSchedulingIgnoredDuringExecution:\n - preference:\n matchExpressions:\n - key: node-role.kubernetes.io/control-plane\n operator: DoesNotExist\n weight: 1\n - preference:\n matchExpressions:\n - key: node.daocloud.io/insight-prometheus # (1)!\n operator: Exists\n weight: 2\n - preference:\n matchExpressions:\n - key: node.daocloud.io/insight-any\n operator: Exists\n weight: 3\n podAntiAffinity:\n preferredDuringSchedulingIgnoredDuringExecution:\n - weight: 1\n podAffinityTerm:\n topologyKey: kubernetes.io/hostname\n labelSelector:\n matchExpressions:\n - key: app.kubernetes.io/instance\n operator: In\n values:\n - insight-agent-kube-prometh-prometheus\n
Insight is a product for unified observation of multiple clusters. To achieve unified storage and querying of observation data from multiple clusters, sub-clusters need to report the collected observation data to the global service cluster for unified storage. This document provides the required address of the storage component when installing the collection component insight-agent.
"},{"location":"en/end-user/insight/quickstart/install/gethosturl.html#install-insight-agent-in-global-service-cluster","title":"Install insight-agent in Global Service Cluster","text":"If installing insight-agent in the global service cluster, it is recommended to access the cluster via domain name:
export vminsert_host=\"vminsert-insight-victoria-metrics-k8s-stack.insight-system.svc.cluster.local\"\nexport es_host=\"insight-es-master.insight-system.svc.cluster.local\"\nexport otel_col_host=\"insight-opentelemetry-collector.insight-system.svc.cluster.local\"\n
"},{"location":"en/end-user/insight/quickstart/install/gethosturl.html#install-insight-agent-in-other-clusters","title":"Install insight-agent in Other Clusters","text":""},{"location":"en/end-user/insight/quickstart/install/gethosturl.html#get-address-via-interface-provided-by-insight-server","title":"Get Address via Interface Provided by Insight Server","text":"The management cluster uses the default LoadBalancer mode for exposure.
Log in to the console of the global service cluster and run the following command:
export INSIGHT_SERVER_IP=$(kubectl get service insight-server -n insight-system --output=jsonpath={.spec.clusterIP})\ncurl --location --request POST 'http://'\"${INSIGHT_SERVER_IP}\"'/apis/insight.io/v1alpha1/agentinstallparam'\n
Note
Please replace the ${INSIGHT_SERVER_IP}
parameter in the command.
You will get the following response:
{\n \"values\": {\n \"global\": {\n \"exporters\": {\n \"logging\": {\n \"host\": \"10.6.182.32\"\n },\n \"metric\": {\n \"host\": \"10.6.182.32\"\n },\n \"auditLog\": {\n \"host\": \"10.6.182.32\"\n },\n \"trace\": {\n \"host\": \"10.6.182.32\"\n }\n }\n },\n \"opentelemetry-operator\": {\n \"enabled\": true\n },\n \"opentelemetry-collector\": {\n \"enabled\": true\n }\n }\n}\n
global.exporters.logging.host
is the log service address, no need to set the proper service port, the default value will be used.global.exporters.metric.host
is the metrics service address.global.exporters.trace.host
is the trace service address.global.exporters.auditLog.host
is the audit log service address (same service as trace but different port).Management cluster disables LoadBalancer
When calling the interface, you need to additionally pass an externally accessible node IP from the cluster, which will be used to construct the complete access address of the proper service.
export INSIGHT_SERVER_IP=$(kubectl get service insight-server -n insight-system --output=jsonpath={.spec.clusterIP})\ncurl --location --request POST 'http://'\"${INSIGHT_SERVER_IP}\"'/apis/insight.io/v1alpha1/agentinstallparam' --data '{\"extra\": {\"EXPORTER_EXTERNAL_IP\": \"10.5.14.51\"}}'\n
You will get the following response:
{\n \"values\": {\n \"global\": {\n \"exporters\": {\n \"logging\": {\n \"scheme\": \"https\",\n \"host\": \"10.5.14.51\",\n \"port\": 32007,\n \"user\": \"elastic\",\n \"password\": \"j8V1oVoM1184HvQ1F3C8Pom2\"\n },\n \"metric\": {\n \"host\": \"10.5.14.51\",\n \"port\": 30683\n },\n \"auditLog\": {\n \"host\": \"10.5.14.51\",\n \"port\": 30884\n },\n \"trace\": {\n \"host\": \"10.5.14.51\",\n \"port\": 30274\n }\n }\n },\n \"opentelemetry-operator\": {\n \"enabled\": true\n },\n \"opentelemetry-collector\": {\n \"enabled\": true\n }\n }\n}\n
global.exporters.logging.host
is the log service address.global.exporters.logging.port
is the NodePort exposed by the log service.global.exporters.metric.host
is the metrics service address.global.exporters.metric.port
is the NodePort exposed by the metrics service.global.exporters.trace.host
is the trace service address.global.exporters.trace.port
is the NodePort exposed by the trace service.global.exporters.auditLog.host
is the audit log service address (same service as trace but different port).global.exporters.auditLog.port
is the NodePort exposed by the audit log service.If LoadBalancer
is enabled in the cluster and a VIP
is set for Insight, you can manually execute the following command to obtain the address information for vminsert
and opentelemetry-collector
:
$ kubectl get service -n insight-system | grep lb\nlb-insight-opentelemetry-collector LoadBalancer 10.233.23.12 <pending> 4317:31286/TCP,8006:31351/TCP 24d\nlb-vminsert-insight-victoria-metrics-k8s-stack LoadBalancer 10.233.63.67 <pending> 8480:31629/TCP 24d\n
lb-vminsert-insight-victoria-metrics-k8s-stack
is the address for the metrics service.lb-insight-opentelemetry-collector
is the address for the tracing service.Execute the following command to obtain the address information for elasticsearch
:
$ kubectl get service -n mcamel-system | grep es\nmcamel-common-es-cluster-masters-es-http NodePort 10.233.16.120 <none> 9200:30465/TCP 47d\n
mcamel-common-es-cluster-masters-es-http
is the address for the logging service.
The LoadBalancer feature is disabled in the global service cluster.
In this case, the LoadBalancer resources mentioned above will not be created by default. The relevant service names are:
After obtaining the proper port information for the services in the above two scenarios, make the following settings:
--set global.exporters.logging.host= # (1)!\n--set global.exporters.logging.port= # (2)!\n--set global.exporters.metric.host= # (3)!\n--set global.exporters.metric.port= # (4)!\n--set global.exporters.trace.host= # (5)!\n--set global.exporters.trace.port= # (6)!\n--set global.exporters.auditLog.host= # (7)!\n
insight-agent is a plugin for collecting insight data, supporting unified observation of metrics, links, and log data. This article describes how to install insight-agent in an online environment for the accessed cluster.
"},{"location":"en/end-user/insight/quickstart/install/install-agent.html#prerequisites","title":"Prerequisites","text":"Please confirm that your cluster has successfully connected to the container management platform. You can refer to Integrate Clusters for details.
"},{"location":"en/end-user/insight/quickstart/install/install-agent.html#steps","title":"Steps","text":"Enter Container Management from the left navigation bar, and enter Clusters . Find the cluster where you want to install insight-agent.
Choose Install now to jump, or click the cluster and click Helm Apps -> Helm Templates in the left navigation bar, search for insight-agent in the search box, and click it for details.
Select the appropriate version and click Install .
Fill in the name, select the namespace and version, and fill in the addresses of logging, metric, audit, and trace reporting data in the yaml file. The system has filled in the address of the component for data reporting by default, please check it before clicking OK to install.
If you need to modify the data reporting address, please refer to Get Data Reporting Address.
The system will automatically return to Helm Apps . When the application status changes from Unknown to Deployed , it means that insight-agent is installed successfully.
Note
Click \u2507 on the far right, and you can perform more operations such as Update , View YAML and Delete in the pop-up menu.
This page lists some issues related to the installation and uninstallation of Insight Agent and their workarounds.
"},{"location":"en/end-user/insight/quickstart/install/knownissues.html#uninstallation-failure-of-insight-agent","title":"Uninstallation Failure of Insight Agent","text":"When you run the following command to uninstall Insight Agent,
helm uninstall insight agent\n
The tls secret
used by otel-operator
is failed to uninstall.
Due to the logic of \"reusing tls secret\" in the following code of otel-operator
, it checks whether MutationConfiguration
exists and reuses the CA cert bound in MutationConfiguration. However, since helm uninstall
has uninstalled MutationConfiguration
, it results in a null value.
Therefore, please manually delete the proper secret
using one of the following methods:
Delete via command line: Log in to the console of the target cluster and run the following command:
kubectl -n insight-system delete secret insight-agent-opentelemetry-operator-controller-manager-service-cert\n
Delete via UI: Log in to AI platform container management, select the target cluster, select Secret from the left menu, input insight-agent-opentelemetry-operator-controller-manager-service-cert
, then select Delete
.
When updating the log configuration of the insight-agent from Elasticsearch to Kafka or from Kafka to Elasticsearch, the changes do not take effect and the agent continues to use the previous configuration.
Solution :
Manually restart Fluent Bit in the cluster.
"},{"location":"en/end-user/insight/quickstart/install/knownissues.html#podmonitor-collects-multiple-sets-of-jvm-metrics","title":"PodMonitor Collects Multiple Sets of JVM Metrics","text":"In this version, there is a defect in PodMonitor/insight-kubernetes-pod: it will incorrectly create Jobs to collect metrics for all containers in Pods that are marked with insight.opentelemetry.io/metric-scrape=true
, instead of only the containers proper to insight.opentelemetry.io/metric-port
.
After PodMonitor is declared, PrometheusOperator will pre-configure some service discovery configurations. Considering the compatibility of CRDs, it is abandoned to configure the collection tasks through annotations.
Use the additional scrape config mechanism provided by Prometheus to configure the service discovery rules in a secret and introduce them into Prometheus.
Therefore:
In the new rule, action: keepequal is used to compare the consistency between source_labels and target_label to determine whether to create collection tasks for the ports of a container. Note that this feature is only available in Prometheus v2.41.0 (2022-12-20) and higher.
+ - source_labels: [__meta_kubernetes_pod_annotation_insight_opentelemetry_io_metric_port]\n+ separator: ;\n+ target_label: __meta_kubernetes_pod_container_port_number\n+ action: keepequal\n
"},{"location":"en/end-user/insight/quickstart/install/upgrade-note.html","title":"Upgrade Notes","text":"This page provides some considerations for upgrading insight-server and insight-agent.
"},{"location":"en/end-user/insight/quickstart/install/upgrade-note.html#upgrade-from-v028x-or-lower-to-v029x","title":"Upgrade from v0.28.x (or lower) to v0.29.x","text":"Due to the upgrade of the Opentelemetry community operator chart version in v0.29.0, the supported values for featureGates
in the values file have changed. Therefore, before upgrading, you need to set the value of featureGates
to empty, as follows:
- --set opentelemetry-operator.manager.featureGates=\"+operator.autoinstrumentation.go,+operator.autoinstrumentation.multi-instrumentation,+operator.autoinstrumentation.nginx\" \\\n+ --set opentelemetry-operator.manager.featureGates=\"\"\n
"},{"location":"en/end-user/insight/quickstart/install/upgrade-note.html#upgrade-from-v026x-or-lower-to-v027x-or-higher","title":"Upgrade from v0.26.x (or lower) to v0.27.x or higher","text":"In v0.27.x, the switch for the vector component has been separated. If the existing environment has vector enabled, you need to specify --set vector.enabled=true
when upgrading the insight-server.
Before upgrading Insight , you need to manually delete the jaeger-collector and jaeger-query deployments by running the following command:
kubectl -n insight-system delete deployment insight-jaeger-collector\nkubectl -n insight-system delete deployment insight-jaeger-query\n
"},{"location":"en/end-user/insight/quickstart/install/upgrade-note.html#upgrade-from-v017x-or-lower-to-v018x","title":"Upgrade from v0.17.x (or lower) to v0.18.x","text":"In v0.18.x, there have been updates to the Jaeger-related deployment files, so you need to manually run the following commands before upgrading insight-server:
kubectl -n insight-system delete deployment insight-jaeger-collector\nkubectl -n insight-system delete deployment insight-jaeger-query\n
There have been changes to metric names in v0.18.x, so after upgrading insight-server, insight-agent should also be upgraded.
In addition, the parameters for enabling the tracing module and adjusting the ElasticSearch connection have been modified. Refer to the following parameters:
+ --set global.tracing.enable=true \\\n- --set jaeger.collector.enabled=true \\\n- --set jaeger.query.enabled=true \\\n+ --set global.elasticsearch.scheme=${your-external-elasticsearch-scheme} \\\n+ --set global.elasticsearch.host=${your-external-elasticsearch-host} \\\n+ --set global.elasticsearch.port=${your-external-elasticsearch-port} \\\n+ --set global.elasticsearch.user=${your-external-elasticsearch-username} \\\n+ --set global.elasticsearch.password=${your-external-elasticsearch-password} \\\n- --set jaeger.storage.elasticsearch.scheme=${your-external-elasticsearch-scheme} \\\n- --set jaeger.storage.elasticsearch.host=${your-external-elasticsearch-host} \\\n- --set jaeger.storage.elasticsearch.port=${your-external-elasticsearch-port} \\\n- --set jaeger.storage.elasticsearch.user=${your-external-elasticsearch-username} \\\n- --set jaeger.storage.elasticsearch.password=${your-external-elasticsearch-password} \\\n
"},{"location":"en/end-user/insight/quickstart/install/upgrade-note.html#upgrade-from-v015x-or-lower-to-v016x","title":"Upgrade from v0.15.x (or lower) to v0.16.x","text":"In v0.16.x, a new feature parameter disableRouteContinueEnforce
in the vmalertmanagers CRD
is used. Therefore, you need to manually run the following command before upgrading insight-server:
kubectl apply --server-side -f https://raw.githubusercontent.com/VictoriaMetrics/operator/v0.33.0/config/crd/bases/operator.victoriametrics.com_vmalertmanagers.yaml --force-conflicts\n
Note
If you are performing an offline installation, after extracting the insight offline package, please run the following command to update CRDs.
kubectl apply --server-side -f insight/dependency-crds --force-conflicts \n
"},{"location":"en/end-user/insight/quickstart/install/upgrade-note.html#upgrade-from-v023x-or-lower-to-v024x","title":"Upgrade from v0.23.x (or lower) to v0.24.x","text":"In v0.24.x, CRDs have been added to the OTEL operator chart
. However, helm upgrade does not update CRDs, so you need to manually run the following command:
kubectl apply -f https://raw.githubusercontent.com/open-telemetry/opentelemetry-helm-charts/main/charts/opentelemetry-operator/crds/crd-opentelemetry.io_opampbridges.yaml\n
If you are performing an offline installation, you can find the above CRD yaml file after extracting the insight-agent offline package. After extracting the insight-agent Chart, manually run the following command:
kubectl apply -f charts/agent/crds/crd-opentelemetry.io_opampbridges.yaml\n
"},{"location":"en/end-user/insight/quickstart/install/upgrade-note.html#upgrade-from-v019x-or-lower-to-v020x","title":"Upgrade from v0.19.x (or lower) to v0.20.x","text":"In v0.20.x, Kafka log export configuration has been added, and there have been some adjustments to the log export configuration. Before upgrading insight-agent , please note the parameter changes. The previous logging configuration has been moved to the logging.elasticsearch configuration:
- --set global.exporters.logging.host \\\n- --set global.exporters.logging.port \\\n+ --set global.exporters.logging.elasticsearch.host \\\n+ --set global.exporters.logging.elasticsearch.port \\\n
"},{"location":"en/end-user/insight/quickstart/install/upgrade-note.html#upgrade-from-v017x-or-lower-to-v018x_1","title":"Upgrade from v0.17.x (or lower) to v0.18.x","text":"Due to the updated deployment files for Jaeger In v0.18.x, it is important to note the changes in parameters before upgrading the insight-agent.
+ --set global.exporters.trace.enable=true \\\n- --set opentelemetry-collector.enabled=true \\\n- --set opentelemetry-operator.enabled=true \\\n
"},{"location":"en/end-user/insight/quickstart/install/upgrade-note.html#upgrade-from-v016x-or-lower-to-v017x","title":"Upgrade from v0.16.x (or lower) to v0.17.x","text":"In v0.17.x, the kube-prometheus-stack chart version was upgraded from 41.9.1 to 45.28.1, and there were also some field upgrades in the CRD used, such as the attachMetadata field of servicemonitor. Therefore, the following command needs to be rund before upgrading the insight-agent:
kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.65.1/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --force-conflicts\n
If you are performing an offline installation, you can find the yaml for the above CRD in insight-agent/dependency-crds after extracting the insight-agent offline package.
"},{"location":"en/end-user/insight/quickstart/install/upgrade-note.html#upgrade-from-v011x-or-earlier-to-v012x","title":"Upgrade from v0.11.x (or earlier) to v0.12.x","text":"v0.12.x upgrades kube-prometheus-stack chart from 39.6.0 to 41.9.1, including prometheus-operator to v0.60.1, prometheus-node-exporter chart to v4.3.0. Prometheus-node-exporter uses Kubernetes recommended label after upgrading, so you need to delete node-exporter daemonset. prometheus-operator has updated the CRD, so you need to run the following command before upgrading the insight-agent:
kubectl delete daemonset insight-agent-prometheus-node-exporter -n insight-system\nkubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml --force- conflicts\nkubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml --force- conflicts\nkubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml --force- conflicts\nkubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml --force- conflicts\nkubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml --force- conflicts\nkubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml --force- conflicts\nkubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --force- conflicts\nkubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml --force- conflicts\n
Note
If you are installing offline, you can run the following command to update the CRD after decompressing the insight-agent offline package.
kubectl apply --server-side -f insight-agent/dependency-crds --force-conflicts\n
"},{"location":"en/end-user/insight/quickstart/jvm-monitor/jmx-exporter.html","title":"Use JMX Exporter to expose JVM monitoring metrics","text":"JMX-Exporter provides two usages:
Note
Officials do not recommend the first method. On the one hand, the configuration is complicated, and on the other hand, it requires a separate process, and the monitoring of this process itself has become a new problem. So This page focuses on the second usage and how to use JMX Exporter to expose JVM monitoring metrics in the Kubernetes environment.
The second usage is used here, and the JMX Exporter jar package file and configuration file need to be specified when starting the JVM. The jar package is a binary file, so it is not easy to mount it through configmap. We hardly need to modify the configuration file. So the suggestion is to directly package the jar package and configuration file of JMX Exporter into the business container image.
Among them, in the second way, we can choose to put the jar file of JMX Exporter in the business application mirror, You can also choose to mount it during deployment. Here is an introduction to the two methods:
"},{"location":"en/end-user/insight/quickstart/jvm-monitor/jmx-exporter.html#method-1-build-the-jmx-exporter-jar-file-into-the-business-image","title":"Method 1: Build the JMX Exporter JAR file into the business image","text":"The content of prometheus-jmx-config.yaml is as follows:
prometheus-jmx-config.yaml...\nssl: false\nlowercaseOutputName: false\nlowercaseOutputLabelNames: false\nrules:\n- pattern: \".*\"\n
Note
For more configmaps, please refer to the bottom introduction or Prometheus official documentation.
Then prepare the jar package file, you can find the latest jar package download address on the Github page of jmx_exporter and refer to the following Dockerfile:
FROM openjdk:11.0.15-jre\nWORKDIR /app/\nCOPY target/my-app.jar ./\nCOPY prometheus-jmx-config.yaml ./\nRUN set -ex; \\\n curl -L -O https://repo1.maven.org/maven2/io/prometheus/jmx/jmx_prometheus_javaagent/0.17.2/jmx_prometheus_javaagent-0.17.2.jar;\nENV JAVA_TOOL_OPTIONS=-javaagent:/app/jmx_prometheus_javaagent-0.17.2.jar=8088:/app/prometheus-jmx-config.yaml\nEXPOSE 8081 8999 8080 8888\nENTRYPOINT java $JAVA_OPTS -jar my-app.jar\n
Notice:
We need to make the JMX exporter into a Docker image first, the following Dockerfile is for reference only:
FROM alpine/curl:3.14\nWORKDIR /app/\n# Copy the previously created config file to the mirror\nCOPY prometheus-jmx-config.yaml ./\n# Download jmx prometheus javaagent jar online\nRUN set -ex; \\\n curl -L -O https://repo1.maven.org/maven2/io/prometheus/jmx/jmx_prometheus_javaagent/0.17.2/jmx_prometheus_javaagent-0.17.2.jar;\n
Build the image according to the above Dockerfile: docker build -t my-jmx-exporter .
Add the following init container to the Java application deployment Yaml:
Click to view YAML fileapiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: my-demo-app\n labels:\n app: my-demo-app\nspec:\n selector:\n matchLabels:\n app: my-demo-app\n template:\n metadata:\n labels:\n app: my-demo-app\n spec:\n imagePullSecrets:\n - name: registry-pull\n initContainers:\n - name: jmx-sidecar\n image: my-jmx-exporter\n command: [\"cp\", \"-r\", \"/app/jmx_prometheus_javaagent-0.17.2.jar\", \"/target/jmx_prometheus_javaagent-0.17.2.jar\"] \u278a\n volumeMounts:\n - name: sidecar\n mountPath: /target\n containers:\n - image: my-demo-app-image\n name: my-demo-app\n resources:\n requests:\n memory: \"1000Mi\"\n cpu: \"500m\"\n limits:\n memory: \"1000Mi\"\n cpu: \"500m\"\n ports:\n - containerPort: 18083\n env:\n - name: JAVA_TOOL_OPTIONS\n value: \"-javaagent:/app/jmx_prometheus_javaagent-0.17.2.jar=8088:/app/prometheus-jmx-config.yaml\" \u278b\n volumeMounts:\n - name: host-time\n mountPath: /etc/localtime\n readOnly: true\n - name: sidecar\n mountPath: /sidecar\n volumes:\n - name: host-time\n hostPath:\n path: /etc/localtime\n - name: sidecar # Share the agent folder\n emptyDir: {}\n restartPolicy: Always\n
After the above modification, the sample application my-demo-app has the ability to expose JVM metrics. After running the service, we can access the prometheus format metrics exposed by the service through http://lcoalhost:8088
.
Then, you can refer to Java Application Docking Observability with JVM Metrics.
"},{"location":"en/end-user/insight/quickstart/jvm-monitor/jvm-catelogy.html","title":"Start monitoring Java applications","text":"This document mainly describes how to monitor the JVM of the customer's Java application. It describes how Java applications that have exposed JVM metrics, and those that have not, interface with Insight.
If your Java application does not start exposing JVM metrics, you can refer to the following documents:
If your Java application has exposed JVM metrics, you can refer to the following documents:
If your Java application exposes JVM monitoring metrics through other means (such as Spring Boot Actuator), We need to allow monitoring data to be collected. You can let Insight collect existing JVM metrics by adding Kubernetes Annotations to the workload:
annatation:\n insight.opentelemetry.io/metric-scrape: \"true\" # whether to collect\n insight.opentelemetry.io/metric-path: \"/\" # path to collect metrics\n insight.opentelemetry.io/metric-port: \"9464\" # port for collecting metrics\n
YAML Example to add annotations for my-deployment-app workload\uff1a
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: my-deployment-app\nspec:\n selector:\n matchLabels:\n app: my-deployment-app\n app.kubernetes.io/name: my-deployment-app\n replicas: 1\n template:\n metadata:\n labels:\n app: my-deployment-app\n app.kubernetes.io/name: my-deployment-app\n annotations:\n insight.opentelemetry.io/metric-scrape: \"true\" # whether to collect\n insight.opentelemetry.io/metric-path: \"/\" # path to collect metrics\n insight.opentelemetry.io/metric-port: \"9464\" # port for collecting metrics\n
The following shows the complete YAML:
---\napiVersion: v1\nkind: Service\nmetadata:\n name: spring-boot-actuator-prometheus-metrics-demo\nspec:\n type: NodePort\n selector:\n #app: my-deployment-with-aotu-instrumentation-app\n app.kubernetes.io/name: spring-boot-actuator-prometheus-metrics-demo\n ports:\n - name: http\n port: 8080\n---\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: spring-boot-actuator-prometheus-metrics-demo\nspec:\n selector:\n matchLabels:\n #app: my-deployment-with-aotu-instrumentation-app\n app.kubernetes.io/name: spring-boot-actuator-prometheus-metrics-demo\n replicas: 1\n template:\n metadata:\n labels:\n app.kubernetes.io/name: spring-boot-actuator-prometheus-metrics-demo\n annotations:\n insight.opentelemetry.io/metric-scrape: \"true\" # whether to collect\n insight.opentelemetry.io/metric-path: \"/actuator/prometheus\" # path to collect metrics\n insight.opentelemetry.io/metric-port: \"8080\" # port for collecting metrics\n spec:\n containers:\n - name: myapp\n image: docker.m.daocloud.io/wutang/spring-boot-actuator-prometheus-metrics-demo\n ports:\n - name: http\n containerPort: 8080\n resources:\n limits:\n cpu: 500m\n memory: 800Mi\n requests:\n cpu: 200m\n memory: 400Mi\n
In the above example\uff0cInsight will use :8080//actuator/prometheus to get Prometheus metrics exposed through Spring Boot Actuator .
"},{"location":"en/end-user/insight/quickstart/jvm-monitor/otel-java-agent.html","title":"Use OpenTelemetry Java Agent to expose JVM monitoring metrics","text":"In Opentelemetry Agent v1.20.0 and above, Opentelemetry Agent has added the JMX Metric Insight module. If your application has integrated Opentelemetry Agent to collect application traces, then you no longer need to introduce other Agents for our application Expose JMX metrics. The Opentelemetry Agent also collects and exposes metrics by instrumenting the metrics exposed by MBeans locally available in the application.
Opentelemetry Agent also has some built-in monitoring samples for common Java Servers or frameworks, please refer to predefined metrics.
Using the OpenTelemetry Java Agent also needs to consider how to mount the JAR into the container. In addition to referring to the JMX Exporter above to mount the JAR file, we can also use the Operator capabilities provided by OpenTelemetry to automatically enable JVM metric exposure for our applications. :
If your application has integrated Opentelemetry Agent to collect application traces, then you no longer need to introduce other Agents to expose JMX metrics for our application. The Opentelemetry Agent can now natively collect and expose metrics interfaces by instrumenting metrics exposed by MBeans available locally in the application.
However, for current version, you still need to manually add the proper annotations to workload before the JVM data will be collected by Insight.
"},{"location":"en/end-user/insight/quickstart/jvm-monitor/otel-java-agent.html#expose-metrics-for-java-middleware","title":"Expose metrics for Java middleware","text":"Opentelemetry Agent also has some built-in middleware monitoring samples, please refer to Predefined Metrics.
By default, no type is specified, and it needs to be specified through -Dotel.jmx.target.system JVM Options, such as -Dotel.jmx.target.system=jetty,kafka-broker .
"},{"location":"en/end-user/insight/quickstart/jvm-monitor/otel-java-agent.html#reference","title":"Reference","text":"Gaining JMX Metric Insights with the OpenTelemetry Java Agent
Otel jmx metrics
If you don't want to manually change the application code, you can try This page's eBPF-based automatic enhancement method. This feature is currently in the review stage of donating to the OpenTelemetry community, and does not support Operator injection through annotations (it will be supported in the future), so you need to manually change the Deployment YAML or use a patch.
"},{"location":"en/end-user/insight/quickstart/otel/golang-ebpf.html#prerequisites","title":"Prerequisites","text":"Make sure Insight Agent is ready. If not, see Install insight-agent to collect data and make sure the following three items are in place:
Install under the Insight-system namespace, skip this step if it has already been installed.
Note: This CR currently only supports the injection of environment variables (including service name and trace address) required to connect to Insight, and will support the injection of Golang probes in the future.
kubectl apply -f - <<EOF\napiVersion: opentelemetry.io/v1alpha1\nkind: Instrumentation\nmetadata:\n name: insight-opentelemetry-autoinstrumentation\n namespace: insight-system\nspec:\n # https://github.com/open-telemetry/opentelemetry-operator/blob/main/docs/api.md#instrumentationspecresource\n resource:\n addK8sUIDAttributes: true\n env:\n - name: OTEL_EXPORTER_OTLP_ENDPOINT\n value: http://insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317\n sampler:\n # Enum: always_on, always_off, traceidratio, parentbased_always_on, parentbased_always_off, parentbased_traceidratio, jaeger_remote, xray\n type: always_on\n java:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-java:1.17.0\n env:\n - name: OTEL_JAVAAGENT_DEBUG\n value: \"false\"\n - name: OTEL_INSTRUMENTATION_JDBC_ENABLED\n value: \"true\"\n - name: SPLUNK_PROFILER_ENABLED\n value: \"false\"\n nodejs:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-nodejs:0.31.0\n python:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-python:0.34b0\n dotnet:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-dotnet:0.3.1-beta.1\nEOF\n
"},{"location":"en/end-user/insight/quickstart/otel/golang-ebpf.html#change-the-application-deployment-file","title":"Change the application deployment file","text":"Add environment variable annotations
There is only one such annotation, which is used to add OpenTelemetry-related environment variables, such as link reporting address, cluster id where the container is located, and namespace:
instrumentation.opentelemetry.io/inject-sdk: \"insight-system/insight-opentelemetry-autoinstrumentation\"\n
The value is divided into two parts by / , the first value insight-system is the namespace of the CR installed in the second step, and the second value insight-opentelemetry-autoinstrumentation is the name of the CR.
Add golang ebpf probe container
Here is sample code:
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: voting\n namespace: emojivoto\n labels:\n app.kubernetes.io/name: voting\n app.kubernetes.io/part-of: emojivoto\n app.kubernetes.io/version: v11\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: voting-svc\n version: v11\n template:\n metadata:\n labels:\n app: voting-svc\n version: v11\n annotations:\n instrumentation.opentelemetry.io/inject-sdk: \"insight-system/insight-opentelemetry-autoinstrumentation\" # (1)\n spec:\n containers:\n - env:\n - name: GRPC_PORT\n value: \"8080\"\n - name: PROM_PORT\n value: \"8801\"\n image: docker.l5d.io/buoyantio/emojivoto-voting-svc:v11 # (2)\n name: voting-svc\n command:\n - /usr/local/bin/emojivoto-voting-svc\n ports:\n - containerPort: 8080\n name: grpc\n - containerPort: 8801\n name: prom\n resources:\n requests:\n cpu: 100m\n - name: emojivoto-voting-instrumentation\n image: docker.m.daocloud.io/keyval/otel-go-agent:v0.6.0\n env:\n - name: OTEL_TARGET_EXE\n value: /usr/local/bin/emojivoto-voting-svc # (3)\n securityContext:\n runAsUser: 0\n capabilities:\n add:\n - SYS_PTRACE\n privileged: true\n volumeMounts:\n - mountPath: /sys/kernel/debug\n name: kernel-debug\n volumes:\n - name: kernel-debug\n hostPath:\n path: /sys/kernel/debug\n
The final generated Yaml content is as follows:
apiVersion: v1\nkind: Pod\nmetadata:\n name: voting-84b696c897-p9xbp\n generateName: voting-84b696c897-\n namespace: default\n uid: 742639b0-db6e-4f06-ac90-68a80e2b8a11\n resourceVersion: '65560793'\n creationTimestamp: '2022-10-19T07:08:56Z'\n labels:\n app: voting-svc\n pod-template-hash: 84b696c897\n version: v11\n annotations:\n cni.projectcalico.org/containerID: 0a987cf0055ce0dfbe75c3f30d580719eb4fbbd7e1af367064b588d4d4e4c7c7\n cni.projectcalico.org/podIP: 192.168.141.218/32\n cni.projectcalico.org/podIPs: 192.168.141.218/32\n instrumentation.opentelemetry.io/inject-sdk: insight-system/insight-opentelemetry-autoinstrumentation\nspec:\n volumes:\n - name: launcherdir\n emptyDir: {}\n - name: kernel-debug\n hostPath:\n path: /sys/kernel/debug\n type: ''\n - name: kube-api-access-gwj5v\n projected:\n sources:\n - serviceAccountToken:\n expirationSeconds: 3607\n path: token\n - configMap:\n name: kube-root-ca.crt\n items:\n - key: ca.crt\n path: ca.crt\n - downwardAPI:\n items:\n - path: namespace\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n defaultMode: 420\n containers:\n - name: voting-svc\n image: docker.l5d.io/buoyantio/emojivoto-voting-svc:v11\n command:\n - /odigos-launcher/launch\n - /usr/local/bin/emojivoto-voting-svc\n ports:\n - name: grpc\n containerPort: 8080\n protocol: TCP\n - name: prom\n containerPort: 8801\n protocol: TCP\n env:\n - name: GRPC_PORT\n value: '8080'\n - name: PROM_PORT\n value: '8801'\n - name: OTEL_TRACES_EXPORTER\n value: otlp\n - name: OTEL_EXPORTER_OTLP_ENDPOINT\n value: >-\n http://insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317\n - name: OTEL_EXPORTER_OTLP_TIMEOUT\n value: '200'\n - name: SPLUNK_TRACE_RESPONSE_HEADER_ENABLED\n value: 'true'\n - name: OTEL_SERVICE_NAME\n value: voting\n - name: OTEL_RESOURCE_ATTRIBUTES_POD_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.name\n - name: OTEL_RESOURCE_ATTRIBUTES_POD_UID\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.uid\n - name: OTEL_RESOURCE_ATTRIBUTES_NODE_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: spec.nodeName\n - name: OTEL_PROPAGATORS\n value: jaeger,b3\n - name: OTEL_TRACES_SAMPLER\n value: always_on\n - name: OTEL_RESOURCE_ATTRIBUTES\n value: >-\n k8s.container.name=voting-svc,k8s.deployment.name=voting,k8s.deployment.uid=79e015e2-4643-44c0-993c-e486aebaba10,k8s.namespace.name=default,k8s.node.name=$(OTEL_RESOURCE_ATTRIBUTES_NODE_NAME),k8s.pod.name=$(OTEL_RESOURCE_ATTRIBUTES_POD_NAME),k8s.pod.uid=$(OTEL_RESOURCE_ATTRIBUTES_POD_UID),k8s.replicaset.name=voting-84b696c897,k8s.replicaset.uid=63f56167-6632-415d-8b01-43a3db9891ff\n resources:\n requests:\n cpu: 100m\n volumeMounts:\n - name: launcherdir\n mountPath: /odigos-launcher\n - name: kube-api-access-gwj5v\n readOnly: true\n mountPath: /var/run/secrets/kubernetes.io/serviceaccount\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: IfNotPresent\n - name: emojivoto-voting-instrumentation\n image: keyval/otel-go-agent:v0.6.0\n env:\n - name: OTEL_TARGET_EXE\n value: /usr/local/bin/emojivoto-voting-svc\n - name: OTEL_EXPORTER_OTLP_ENDPOINT\n value: jaeger:4317\n - name: OTEL_SERVICE_NAME\n value: emojivoto-voting\n resources: {}\n volumeMounts:\n - name: kernel-debug\n mountPath: /sys/kernel/debug\n - name: kube-api-access-gwj5v\n readOnly: true\n mountPath: /var/run/secrets/kubernetes.io/serviceaccount\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: IfNotPresent\n securityContext:\n capabilities:\n add:\n - SYS_PTRACE\n privileged: true\n runAsUser: 0\n\u00b7\u00b7\u00b7\u00b7\u00b7\u00b7\n
"},{"location":"en/end-user/insight/quickstart/otel/golang-ebpf.html#reference","title":"Reference","text":"Currently, only Java, Node.js, Python, .NET, and Golang support non-intrusive integration through the Operator approach.
"},{"location":"en/end-user/insight/quickstart/otel/operator.html#prerequisites","title":"Prerequisites","text":"Please ensure that the insight-agent is ready. If not, please refer to Install insight-agent for data collection and make sure the following three items are ready:
Tip
Starting from Insight v0.22.0, there is no longer a need to manually install the Instrumentation CR.
Install it in the insight-system namespace. There are some minor differences between different versions.
Insight v0.21.xInsight v0.20.xInsight v0.18.xInsight v0.17.xInsight v0.16.xK8S_CLUSTER_UID=$(kubectl get namespace kube-system -o jsonpath='{.metadata.uid}')\nkubectl apply -f - <<EOF\napiVersion: opentelemetry.io/v1alpha1\nkind: Instrumentation\nmetadata:\n name: insight-opentelemetry-autoinstrumentation\n namespace: insight-system\nspec:\n # https://github.com/open-telemetry/opentelemetry-operator/blob/main/docs/api.md#instrumentationspecresource\n resource:\n addK8sUIDAttributes: true\n env:\n - name: OTEL_EXPORTER_OTLP_ENDPOINT\n value: http://insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317\n sampler:\n # Enum: always_on, always_off, traceidratio, parentbased_always_on, parentbased_always_off, parentbased_traceidratio, jaeger_remote, xray\n type: always_on\n java:\n image: ghcr.m.daocloud.io/openinsight-proj/autoinstrumentation-java:1.31.0\n env:\n - name: OTEL_JAVAAGENT_DEBUG\n value: \"false\"\n - name: OTEL_INSTRUMENTATION_JDBC_ENABLED\n value: \"true\"\n - name: SPLUNK_PROFILER_ENABLED\n value: \"false\"\n - name: OTEL_METRICS_EXPORTER\n value: \"prometheus\"\n - name: OTEL_METRICS_EXPORTER_PORT\n value: \"9464\"\n - name: OTEL_K8S_CLUSTER_UID\n value: $K8S_CLUSTER_UID\n nodejs:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-nodejs:0.41.1\n python:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-python:0.40b0\n dotnet:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-dotnet:1.0.0\n go:\n # Must set the default value manually for now.\n # See https://github.com/open-telemetry/opentelemetry-operator/issues/1756 for details.\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-go-instrumentation/autoinstrumentation-go:v0.2.2-alpha\nEOF\n
kubectl apply -f - <<EOF\napiVersion: opentelemetry.io/v1alpha1\nkind: Instrumentation\nmetadata:\n name: insight-opentelemetry-autoinstrumentation\n namespace: insight-system\nspec:\n # https://github.com/open-telemetry/opentelemetry-operator/blob/main/docs/api.md#instrumentationspecresource\n resource:\n addK8sUIDAttributes: true\n env:\n - name: OTEL_EXPORTER_OTLP_ENDPOINT\n value: http://insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317\n sampler:\n # Enum: always_on, always_off, traceidratio, parentbased_always_on, parentbased_always_off, parentbased_traceidratio, jaeger_remote, xray\n type: always_on\n java:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-java:1.29.0\n env:\n - name: OTEL_JAVAAGENT_DEBUG\n value: \"false\"\n - name: OTEL_INSTRUMENTATION_JDBC_ENABLED\n value: \"true\"\n - name: SPLUNK_PROFILER_ENABLED\n value: \"false\"\n - name: OTEL_METRICS_EXPORTER\n value: \"prometheus\"\n - name: OTEL_METRICS_EXPORTER_PORT\n value: \"9464\"\n nodejs:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-nodejs:0.41.1\n python:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-python:0.40b0\n dotnet:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-dotnet:1.0.0-rc.2\n go:\n # Must set the default value manually for now.\n # See https://github.com/open-telemetry/opentelemetry-operator/issues/1756 for details.\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-go-instrumentation/autoinstrumentation-go:v0.2.2-alpha\nEOF\n
kubectl apply -f - <<EOF\napiVersion: opentelemetry.io/v1alpha1\nkind: Instrumentation\nmetadata:\n name: insight-opentelemetry-autoinstrumentation\n namespace: insight-system\nspec:\n # https://github.com/open-telemetry/opentelemetry-operator/blob/main/docs/api.md#instrumentationspecresource\n resource:\n addK8sUIDAttributes: true\n env:\n - name: OTEL_EXPORTER_OTLP_ENDPOINT\n value: http://insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317\n sampler:\n # Enum: always_on, always_off, traceidratio, parentbased_always_on, parentbased_always_off, parentbased_traceidratio, jaeger_remote, xray\n type: always_on\n java:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-java:1.25.0\n env:\n - name: OTEL_JAVAAGENT_DEBUG\n value: \"false\"\n - name: OTEL_INSTRUMENTATION_JDBC_ENABLED\n value: \"true\"\n - name: SPLUNK_PROFILER_ENABLED\n value: \"false\"\n - name: OTEL_METRICS_EXPORTER\n value: \"prometheus\"\n - name: OTEL_METRICS_EXPORTER_PORT\n value: \"9464\"\n nodejs:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-nodejs:0.37.0\n python:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-python:0.38b0\n go:\n # Must set the default value manually for now.\n # See https://github.com/open-telemetry/opentelemetry-operator/issues/1756 for details.\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-go-instrumentation/autoinstrumentation-go:v0.2.1-alpha\nEOF\n
kubectl apply -f - <<EOF\napiVersion: opentelemetry.io/v1alpha1\nkind: Instrumentation\nmetadata:\n name: insight-opentelemetry-autoinstrumentation\n namespace: insight-system\nspec:\n # https://github.com/open-telemetry/opentelemetry-operator/blob/main/docs/api.md#instrumentationspecresource\n resource:\n addK8sUIDAttributes: true\n env:\n - name: OTEL_EXPORTER_OTLP_ENDPOINT\n value: http://insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317\n sampler:\n # Enum: always_on, always_off, traceidratio, parentbased_always_on, parentbased_always_off, parentbased_traceidratio, jaeger_remote, xray\n type: always_on\n java:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-java:1.23.0\n env:\n - name: OTEL_JAVAAGENT_DEBUG\n value: \"false\"\n - name: OTEL_INSTRUMENTATION_JDBC_ENABLED\n value: \"true\"\n - name: SPLUNK_PROFILER_ENABLED\n value: \"false\"\n - name: OTEL_METRICS_EXPORTER\n value: \"prometheus\"\n - name: OTEL_METRICS_EXPORTER_PORT\n value: \"9464\"\n nodejs:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-nodejs:0.34.0\n python:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-python:0.33b0\nEOF\n
kubectl apply -f - <<EOF\napiVersion: opentelemetry.io/v1alpha1\nkind: Instrumentation\nmetadata:\n name: insight-opentelemetry-autoinstrumentation\n namespace: insight-system\nspec:\n # https://github.com/open-telemetry/opentelemetry-operator/blob/main/docs/api.md#instrumentationspecresource\n resource:\n addK8sUIDAttributes: true\n env:\n - name: OTEL_EXPORTER_OTLP_ENDPOINT\n value: http://insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317\n sampler:\n # Enum: always_on, always_off, traceidratio, parentbased_always_on, parentbased_always_off, parentbased_traceidratio, jaeger_remote, xray\n type: always_on\n java:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-java:1.23.0\n env:\n - name: OTEL_JAVAAGENT_DEBUG\n value: \"false\"\n - name: OTEL_INSTRUMENTATION_JDBC_ENABLED\n value: \"true\"\n - name: SPLUNK_PROFILER_ENABLED\n value: \"false\"\n - name: OTEL_METRICS_EXPORTER\n value: \"prometheus\"\n - name: OTEL_METRICS_EXPORTER_PORT\n value: \"9464\"\n nodejs:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-nodejs:0.34.0\n python:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-python:0.33b0\nEOF\n
"},{"location":"en/end-user/insight/quickstart/otel/operator.html#works-with-the-service-mesh-product-mspider","title":"Works with the Service Mesh Product (Mspider)","text":"If you enable the tracing capability of the Mspider(Service Mesh), you need to add an additional environment variable injection configuration:
"},{"location":"en/end-user/insight/quickstart/otel/operator.html#the-operation-steps-are-as-follows","title":"The operation steps are as follows","text":"Select the insight-system namespace, then edit insight-opentelemetry-autoinstrumentation, and add the following content under spec:env:
:
- name: OTEL_SERVICE_NAME\n valueFrom:\n fieldRef:\n fieldPath: metadata.labels['app'] \n
The complete example (for Insight v0.21.x) is as follows:
K8S_CLUSTER_UID=$(kubectl get namespace kube-system -o jsonpath='{.metadata.uid}')\nkubectl apply -f - <<EOF\napiVersion: opentelemetry.io/v1alpha1\nkind: Instrumentation\nmetadata:\n name: insight-opentelemetry-autoinstrumentation\n namespace: insight-system\nspec:\n # https://github.com/open-telemetry/opentelemetry-operator/blob/main/docs/api.md#instrumentationspecresource\n resource:\n addK8sUIDAttributes: true\n env:\n - name: OTEL_EXPORTER_OTLP_ENDPOINT\n value: http://insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317\n - name: OTEL_SERVICE_NAME\n valueFrom:\n fieldRef:\n fieldPath: metadata.labels['app'] \n sampler:\n # Enum: always_on, always_off, traceidratio, parentbased_always_on, parentbased_always_off, parentbased_traceidratio, jaeger_remote, xray\n type: always_on\n java:\n image: ghcr.m.daocloud.io/openinsight-proj/autoinstrumentation-java:1.31.0\n env:\n - name: OTEL_JAVAAGENT_DEBUG\n value: \"false\"\n - name: OTEL_INSTRUMENTATION_JDBC_ENABLED\n value: \"true\"\n - name: SPLUNK_PROFILER_ENABLED\n value: \"false\"\n - name: OTEL_METRICS_EXPORTER\n value: \"prometheus\"\n - name: OTEL_METRICS_EXPORTER_PORT\n value: \"9464\"\n - name: OTEL_K8S_CLUSTER_UID\n value: $K8S_CLUSTER_UID\n nodejs:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-nodejs:0.41.1\n python:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-python:0.40b0\n dotnet:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-dotnet:1.0.0\n go:\n # Must set the default value manually for now.\n # See https://github.com/open-telemetry/opentelemetry-operator/issues/1756 for details.\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-go-instrumentation/autoinstrumentation-go:v0.2.2-alpha\nEOF\n
After the above is ready, you can access traces for the application through annotations (Annotation). Otel currently supports accessing traces through annotations. Depending on the service language, different pod annotations need to be added. Each service can add one of two types of annotations:
Only inject environment variable annotations
There is only one such annotation, which is used to add otel-related environment variables, such as link reporting address, cluster id where the container is located, and namespace (this annotation is very useful when the application does not support automatic probe language)
instrumentation.opentelemetry.io/inject-sdk: \"insight-system/insight-opentelemetry-autoinstrumentation\"\n
The value is divided into two parts by /
, the first value (insight-system) is the namespace of the CR installed in the previous step, and the second value (insight-opentelemetry-autoinstrumentation) is the name of the CR.
Automatic probe injection and environment variable injection annotations
There are currently 4 such annotations, proper to 4 different programming languages: java, nodejs, python, dotnet. After using it, automatic probes and otel default environment variables will be injected into the first container under spec.pod:
Java applicationNodeJs applicationPython applicationDotnet applicationGolang applicationinstrumentation.opentelemetry.io/inject-java: \"insight-system/insight-opentelemetry-autoinstrumentation\"\n
instrumentation.opentelemetry.io/inject-nodejs: \"insight-system/insight-opentelemetry-autoinstrumentation\"\n
instrumentation.opentelemetry.io/inject-python: \"insight-system/insight-opentelemetry-autoinstrumentation\"\n
instrumentation.opentelemetry.io/inject-dotnet: \"insight-system/insight-opentelemetry-autoinstrumentation\"\n
Since Go's automatic detection requires the setting of OTEL_GO_AUTO_TARGET_EXE, you must provide a valid executable path through annotations or Instrumentation resources. Failure to set this value will result in the termination of Go's automatic detection injection, leading to a failure in the connection trace.
instrumentation.opentelemetry.io/inject-go: \"insight-system/insight-opentelemetry-autoinstrumentation\"\ninstrumentation.opentelemetry.io/otel-go-auto-target-exe: \"/path/to/container/executable\"\n
Go's automatic detection also requires elevated permissions. The following permissions are automatically set and are necessary.
securityContext:\n privileged: true\n runAsUser: 0\n
Tip
The OpenTelemetry Operator automatically adds some OTel-related environment variables when injecting probes and also supports overriding these variables. The priority order for overriding these environment variables is as follows:
original container env vars -> language specific env vars -> common env vars -> instrument spec configs' vars\n
However, it is important to avoid manually overriding OTEL_RESOURCE_ATTRIBUTES_NODE_NAME . This variable serves as an identifier within the operator to determine if a pod has already been injected with a probe. Manually adding this variable may prevent the probe from being injected successfully.
"},{"location":"en/end-user/insight/quickstart/otel/operator.html#automatic-injection-demo","title":"Automatic injection Demo","text":"Note that the annotation
is added under spec.annotations.
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: my-app\n labels:\n app: my-app\nspec:\n selector:\n matchLabels:\n app: my-app\n replicas: 1\n template:\n metadata:\n labels:\n app: my-app\n annotations:\n instrumentation.opentelemetry.io/inject-java: \"insight-system/insight-opentelemetry-autoinstrumentation\"\n spec:\n containers:\n - name: myapp\n image: jaegertracing/vertx-create-span:operator-e2e-tests\n ports:\n - containerPort: 8080\n protocol: TCP\n
The final generated YAML is as follows:
apiVersion: v1\nkind: Pod\nmetadata:\n name: my-deployment-with-sidecar-565bd877dd-nqkk6\n generateName: my-deployment-with-sidecar-565bd877dd-\n namespace: default\n uid: aa89ca0d-620c-4d20-8bc1-37d67bad4ea4\n resourceVersion: '2668986'\n creationTimestamp: '2022-04-08T05:58:48Z'\n labels:\n app: my-pod-with-sidecar\n pod-template-hash: 565bd877dd\n annotations:\n cni.projectcalico.org/containerID: 234eae5e55ea53db2a4bc2c0384b9a1021ed3908f82a675e4a92a49a7e80dd61\n cni.projectcalico.org/podIP: 192.168.134.133/32\n cni.projectcalico.org/podIPs: 192.168.134.133/32\n instrumentation.opentelemetry.io/inject-java: \"insight-system/insight-opentelemetry-autoinstrumentation\"\nspec:\n volumes:\n - name: kube-api-access-sp2mz\n projected:\n sources:\n - serviceAccountToken:\n expirationSeconds: 3607\n path: token\n - configMap:\n name: kube-root-ca.crt\n items:\n - key: ca.crt\n path: ca.crt\n - downwardAPI:\n items:\n - path: namespace\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n defaultMode: 420\n - name: opentelemetry-auto-instrumentation\n emptyDir: {}\n initContainers:\n - name: opentelemetry-auto-instrumentation\n image: >-\n ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-java\n command:\n - cp\n - /javaagent.jar\n - /otel-auto-instrumentation/javaagent.jar\n resources: {}\n volumeMounts:\n - name: opentelemetry-auto-instrumentation\n mountPath: /otel-auto-instrumentation\n - name: kube-api-access-sp2mz\n readOnly: true\n mountPath: /var/run/secrets/kubernetes.io/serviceaccount\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: Always\n containers:\n - name: myapp\n image: ghcr.io/pavolloffay/spring-petclinic:latest\n env:\n - name: OTEL_JAVAAGENT_DEBUG\n value: 'true'\n - name: OTEL_INSTRUMENTATION_JDBC_ENABLED\n value: 'true'\n - name: SPLUNK_PROFILER_ENABLED\n value: 'false'\n - name: JAVA_TOOL_OPTIONS\n value: ' -javaagent:/otel-auto-instrumentation/javaagent.jar'\n - name: OTEL_TRACES_EXPORTER\n value: otlp\n - name: OTEL_EXPORTER_OTLP_ENDPOINT\n value: http://insight-agent-opentelemetry-collector.svc.cluster.local:4317\n - name: OTEL_EXPORTER_OTLP_TIMEOUT\n value: '20'\n - name: OTEL_TRACES_SAMPLER\n value: parentbased_traceidratio\n - name: OTEL_TRACES_SAMPLER_ARG\n value: '0.85'\n - name: SPLUNK_TRACE_RESPONSE_HEADER_ENABLED\n value: 'true'\n - name: OTEL_SERVICE_NAME\n value: my-deployment-with-sidecar\n - name: OTEL_RESOURCE_ATTRIBUTES_POD_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.name\n - name: OTEL_RESOURCE_ATTRIBUTES_POD_UID\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.uid\n - name: OTEL_RESOURCE_ATTRIBUTES_NODE_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: spec.nodeName\n - name: OTEL_RESOURCE_ATTRIBUTES\n value: >-\n k8s.container.name=myapp,k8s.deployment.name=my-deployment-with-sidecar,k8s.deployment.uid=8de6929d-dda0-436c-bca1-604e9ca7ea4e,k8s.namespace.name=default,k8s.node.name=$(OTEL_RESOURCE_ATTRIBUTES_NODE_NAME),k8s.pod.name=$(OTEL_RESOURCE_ATTRIBUTES_POD_NAME),k8s.pod.uid=$(OTEL_RESOURCE_ATTRIBUTES_POD_UID),k8s.replicaset.name=my-deployment-with-sidecar-565bd877dd,k8s.replicaset.uid=190d5f6e-ba7f-4794-b2e6-390b5879a6c4\n - name: OTEL_PROPAGATORS\n value: jaeger,b3\n resources: {}\n volumeMounts:\n - name: kube-api-access-sp2mz\n readOnly: true\n mountPath: /var/run/secrets/kubernetes.io/serviceaccount\n - name: opentelemetry-auto-instrumentation\n mountPath: /otel-auto-instrumentation\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: Always\n restartPolicy: Always\n terminationGracePeriodSeconds: 30\n dnsPolicy: ClusterFirst\n serviceAccountName: default\n serviceAccount: default\n nodeName: k8s-master3\n securityContext:\n runAsUser: 1000\n runAsGroup: 3000\n fsGroup: 2000\n schedulerName: default-scheduler\n tolerations:\n - key: node.kubernetes.io/not-ready\n operator: Exists\n effect: NoExecute\n tolerationSeconds: 300\n - key: node.kubernetes.io/unreachable\n operator: Exists\n effect: NoExecute\n tolerationSeconds: 300\n priority: 0\n enableServiceLinks: true\n preemptionPolicy: PreemptLowerPriority\n
"},{"location":"en/end-user/insight/quickstart/otel/operator.html#trace-query","title":"Trace query","text":"How to query the connected services, refer to Trace Query.
"},{"location":"en/end-user/insight/quickstart/otel/otel.html","title":"Use OTel to provide the application observability","text":"Enhancement is the process of enabling application code to generate telemetry data. i.e. something that helps you monitor or measure the performance and status of your application.
OpenTelemetry is a leading open source project providing instrumentation libraries for major programming languages \u200b\u200band popular frameworks. It is a project under the Cloud Native Computing Foundation and is supported by the vast resources of the community. It provides a standardized data format for collected data without the need to integrate specific vendors.
Insight supports OpenTelemetry for application instrumentation to enhance your applications.
This guide introduces the basic concepts of telemetry enhancement using OpenTelemetry. OpenTelemetry also has an ecosystem of libraries, plugins, integrations, and other useful tools to extend it. You can find these resources at the OTel Registry.
You can use any open standard library for telemetry enhancement and use Insight as an observability backend to ingest, analyze, and visualize data.
To enhance your code, you can use the enhanced operations provided by OpenTelemetry for specific languages:
Insight currently provides an easy way to enhance .Net NodeJS, Java, Python and Golang applications with OpenTelemetry. Please follow the guidelines below.
"},{"location":"en/end-user/insight/quickstart/otel/otel.html#trace-enhancement","title":"Trace Enhancement","text":"This document describes how customers can send trace data to Insight on their own. It mainly includes the following two scenarios:
In each cluster where Insight Agent is installed, there is an insight-agent-otel-col component that is used to receive trace data from that cluster. Therefore, this component serves as the entry point for user access and needs to obtain its address first. You can get the address of the Opentelemetry Collector in the cluster through the AI platform interface, such as insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317 :
In addition, there are some slight differences for different reporting methods:
"},{"location":"en/end-user/insight/quickstart/otel/send_tracing_to_insight.html#customer-apps-report-traces-to-insight-through-otel-agentsdk","title":"Customer apps report traces to Insight through OTEL Agent/SDK","text":"To successfully report trace data to Insight and display it properly, it is recommended to provide the required metadata (Resource Attributes) for OTLP through the following environment variables. There are two ways to achieve this:
Manually add them to the deployment YAML file, for example:
...\n- name: OTEL_EXPORTER_OTLP_ENDPOINT\n value: \"http://insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317\"\n- name: \"OTEL_SERVICE_NAME\"\n value: my-java-app-name\n- name: \"OTEL_K8S_NAMESPACE\"\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n- name: OTEL_RESOURCE_ATTRIBUTES_NODE_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: spec.nodeName\n- name: OTEL_RESOURCE_ATTRIBUTES_POD_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.name\n- name: OTEL_RESOURCE_ATTRIBUTES\n value: \"k8s.namespace.name=$(OTEL_K8S_NAMESPACE),k8s.node.name=$(OTEL_RESOURCE_ATTRIBUTES_NODE_NAME),k8s.pod.name=$(OTEL_RESOURCE_ATTRIBUTES_POD_NAME)\"\n
Use the automatic injection capability of Insight Agent to inject the metadata (Resource Attributes)
Ensure that Insight Agent is working properly and after installing the Instrumentation CR, you only need to add the following annotation to the Pod:
instrumentation.opentelemetry.io/inject-sdk: \"insight-system/insight-opentelemetry-autoinstrumentation\"\n
For example:
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: my-deployment-with-aotu-instrumentation\nspec:\n selector:\n matchLabels:\n app.kubernetes.io/name: my-deployment-with-aotu-instrumentation-kuberntes\n replicas: 1\n template:\n metadata:\n labels:\n app.kubernetes.io/name: my-deployment-with-aotu-instrumentation-kuberntes\n annotations:\n sidecar.opentelemetry.io/inject: \"false\"\n instrumentation.opentelemetry.io/inject-sdk: \"insight-system/insight-opentelemetry-autoinstrumentation\"\n
After ensuring that the application has added the metadata mentioned above, you only need to add an OTLP Exporter in your customer's Opentelemetry Collector to forward the trace data to Insight Agent Opentelemetry Collector. Below is an example Opentelemetry Collector configuration file:
...\nexporters:\n otlp/insight:\n endpoint: insight-opentelemetry-collector.insight-system.svc.cluster.local:4317\nservice:\n...\npipelines:\n...\ntraces:\n exporters:\n - otlp/insight\n
"},{"location":"en/end-user/insight/quickstart/otel/send_tracing_to_insight.html#references","title":"References","text":"This page contains instructions on how to set up OpenTelemetry enhancements in a Go application.
OpenTelemetry, also known simply as OTel, is an open-source observability framework that helps generate and collect telemetry data: traces, metrics, and logs in Go apps.
"},{"location":"en/end-user/insight/quickstart/otel/golang/golang.html#enhance-go-apps-with-the-opentelemetry-sdk","title":"Enhance Go apps with the OpenTelemetry SDK","text":""},{"location":"en/end-user/insight/quickstart/otel/golang/golang.html#install-related-dependencies","title":"Install related dependencies","text":"Dependencies related to the OpenTelemetry exporter and SDK must be installed first. If you are using another request router, please refer to request routing. After switching/going into the application source folder run the following command:
go get go.opentelemetry.io/otel@v1.8.0 \\\n go.opentelemetry.io/otel/trace@v1.8.0 \\\n go.opentelemetry.io/otel/sdk@v1.8.0 \\\n go.opentelemetry.io/contrib/instrumentation/github.com/gin-gonic/gin/otelgin@v0.33.0 \\\n go.opentelemetry.io/otel/exporters/otlp/otlptrace@v1.7.0 \\\n go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@v1.4.1\n
"},{"location":"en/end-user/insight/quickstart/otel/golang/golang.html#create-an-initialization-feature-using-the-opentelemetry-sdk","title":"Create an initialization feature using the OpenTelemetry SDK","text":"In order for an application to be able to send data, a feature is required to initialize OpenTelemetry. Add the following code snippet to the main.go file:
import (\n \"context\"\n \"os\"\n \"time\"\n\n \"go.opentelemetry.io/otel\"\n \"go.opentelemetry.io/otel/exporters/otlp/otlptrace\"\n \"go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc\"\n \"go.opentelemetry.io/otel/propagation\"\n \"go.opentelemetry.io/otel/sdk/resource\"\n sdktrace \"go.opentelemetry.io/otel/sdk/trace\"\n semconv \"go.opentelemetry.io/otel/semconv/v1.7.0\"\n \"go.uber.org/zap\"\n \"google.golang.org/grpc\"\n)\n\nvar tracerExp *otlptrace.Exporter\n\nfunc retryInitTracer() func() {\n var shutdown func()\n go func() {\n for {\n // otel will reconnected and re-send spans when otel col recover. so, we don't need to re-init tracer exporter.\n if tracerExp == nil {\n shutdown = initTracer()\n } else {\n break\n }\n time.Sleep(time.Minute * 5)\n }\n }()\n return shutdown\n}\n\nfunc initTracer() func() {\n // temporarily set timeout to 10s\n ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)\n defer cancel()\n\n serviceName, ok := os.LookupEnv(\"OTEL_SERVICE_NAME\")\n if !ok {\n serviceName = \"server_name\"\n os.Setenv(\"OTEL_SERVICE_NAME\", serviceName)\n }\n otelAgentAddr, ok := os.LookupEnv(\"OTEL_EXPORTER_OTLP_ENDPOINT\")\n if !ok {\n otelAgentAddr = \"http://localhost:4317\"\n os.Setenv(\"OTEL_EXPORTER_OTLP_ENDPOINT\", otelAgentAddr)\n }\n zap.S().Infof(\"OTLP Trace connect to: %s with service name: %s\", otelAgentAddr, serviceName)\n\n traceExporter, err := otlptracegrpc.New(ctx, otlptracegrpc.WithInsecure(), otlptracegrpc.WithDialOption(grpc.WithBlock()))\n if err != nil {\n handleErr(err, \"OTLP Trace gRPC Creation\")\n return nil\n }\n\n tracerProvider := sdktrace.NewTracerProvider(\n sdktrace.WithBatcher(traceExporter),\n sdktrace.WithSampler(sdktrace.AlwaysSample()),\n sdktrace.WithResource(resource.NewWithAttributes(semconv.SchemaURL)))\n\n otel.SetTracerProvider(tracerProvider)\n otel.SetTextMapPropagator(propagation.NewCompositeTextMapPropagator(propagation.TraceContext{}, propagation.Baggage{}))\n\n tracerExp = traceExporter\n return func() {\n // Shutdown will flush any remaining spans and shut down the exporter.\n handleErr(tracerProvider.Shutdown(ctx), \"failed to shutdown TracerProvider\")\n }\n}\n\nfunc handleErr(err error, message string) {\n if err != nil {\n zap.S().Errorf(\"%s: %v\", message, err)\n }\n}\n
"},{"location":"en/end-user/insight/quickstart/otel/golang/golang.html#initialize-tracker-in-maingo","title":"Initialize tracker in main.go","text":"Modify the main feature to initialize the tracker in main.go. Also when your service shuts down, you should call TracerProvider.Shutdown() to ensure all spans are exported. The service makes the call as a deferred feature in the main function:
func main() {\n // start otel tracing\n if shutdown := retryInitTracer(); shutdown != nil {\n defer shutdown()\n }\n ......\n}\n
"},{"location":"en/end-user/insight/quickstart/otel/golang/golang.html#add-opentelemetry-gin-middleware-to-the-application","title":"Add OpenTelemetry Gin middleware to the application","text":"Configure Gin to use the middleware by adding the following line to main.go :
import (\n ....\n \"go.opentelemetry.io/contrib/instrumentation/github.com/gin-gonic/gin/otelgin\"\n)\n\nfunc main() {\n ......\n r := gin.Default()\n r.Use(otelgin.Middleware(\"my-app\"))\n ......\n}\n
"},{"location":"en/end-user/insight/quickstart/otel/golang/golang.html#run-the-application","title":"Run the application","text":"Local debugging and running
Note: This step is only used for local development and debugging. In the production environment, the Operator will automatically complete the injection of the following environment variables.
The above steps have completed the work of initializing the SDK. Now if you need to develop and debug locally, you need to obtain the address of insight-agent-opentelemerty-collector in the insight-system namespace in advance, assuming: insight-agent-opentelemetry-collector .insight-system.svc.cluster.local:4317 .
Therefore, you can add the following environment variables when you start the application locally:
OTEL_SERVICE_NAME=my-golang-app OTEL_EXPORTER_OTLP_ENDPOINT=http://insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317 go run main.go...\n
Running in a production environment
Please refer to the introduction of Only injecting environment variable annotations in Achieving non-intrusive enhancement of applications through Operators to add annotations to deployment yaml:
instrumentation.opentelemetry.io/inject-sdk: \"insight-system/insight-opentelemetry-autoinstrumentation\"\n
If you cannot use annotations, you can manually add the following environment variables to the deployment yaml:
\u00b7\u00b7\u00b7\u00b7\u00b7\u00b7\nenv:\n - name: OTEL_EXPORTER_OTLP_ENDPOINT\n value: 'http://insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317'\n - name: OTEL_SERVICE_NAME\n value: \"your depolyment name\" # modify it.\n - name: OTEL_K8S_NAMESPACE\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n - name: OTEL_RESOURCE_ATTRIBUTES_NODE_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: spec.nodeName\n - name: OTEL_RESOURCE_ATTRIBUTES_POD_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.name\n - name: OTEL_RESOURCE_ATTRIBUTES\n value: 'k8s.namespace.name=$(OTEL_K8S_NAMESPACE),k8s.node.name=$(OTEL_RESOURCE_ATTRIBUTES_NODE_NAME),k8s.pod.name=$(OTEL_RESOURCE_ATTRIBUTES_POD_NAME)'\n\u00b7\u00b7\u00b7\u00b7\u00b7\u00b7\n
"},{"location":"en/end-user/insight/quickstart/otel/golang/golang.html#request-routing","title":"Request Routing","text":""},{"location":"en/end-user/insight/quickstart/otel/golang/golang.html#opentelemetry-gingonic-enhancements","title":"OpenTelemetry gin/gonic enhancements","text":"# Add one line to your import() stanza depending upon your request router:\nmiddleware \"go.opentelemetry.io/contrib/instrumentation/github.com/gin-gonic/gin/otelgin\"\n
Then inject the OpenTelemetry middleware:
router. Use(middleware. Middleware(\"my-app\"))\n
"},{"location":"en/end-user/insight/quickstart/otel/golang/golang.html#opentelemetry-gorillamux-enhancements","title":"OpenTelemetry gorillamux enhancements","text":"# Add one line to your import() stanza depending upon your request router:\nmiddleware \"go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux\"\n
Then inject the OpenTelemetry middleware:
router. Use(middleware. Middleware(\"my-app\"))\n
"},{"location":"en/end-user/insight/quickstart/otel/golang/golang.html#grpc-enhancements","title":"gRPC enhancements","text":"Likewise, OpenTelemetry can help you auto-detect gRPC requests. To detect any gRPC server you have, add the interceptor to the server's instantiation.
import (\n grpcotel \"go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc\"\n)\nfunc main() {\n [...]\n\n s := grpc.NewServer(\n grpc.UnaryInterceptor(grpcotel.UnaryServerInterceptor()),\n grpc.StreamInterceptor(grpcotel.StreamServerInterceptor()),\n )\n}\n
It should be noted that if your program uses Grpc Client to call third-party services, you also need to add an interceptor to Grpc Client:
[...]\n\n conn, err := grpc.Dial(addr, grpc.WithTransportCredentials(insecure.NewCredentials()),\n grpc.WithUnaryInterceptor(otelgrpc.UnaryClientInterceptor()),\n grpc.WithStreamInterceptor(otelgrpc.StreamClientInterceptor()),\n )\n
"},{"location":"en/end-user/insight/quickstart/otel/golang/golang.html#if-not-using-request-routing","title":"If not using request routing","text":"import (\n \"go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp\"\n)\n
Everywhere you pass http.Handler to ServeMux you will wrap the handler function. For example, the following replacements would be made:
- mux.Handle(\"/path\", h)\n+ mux.Handle(\"/path\", otelhttp.NewHandler(h, \"description of path\"))\n---\n- mux.Handle(\"/path\", http.HandlerFunc(f))\n+ mux.Handle(\"/path\", otelhttp.NewHandler(http.HandlerFunc(f), \"description of path\"))\n
In this way, you can ensure that each feature wrapped with othttp will automatically collect its metadata and start the proper trace.
"},{"location":"en/end-user/insight/quickstart/otel/golang/golang.html#database-enhancements","title":"database enhancements","text":""},{"location":"en/end-user/insight/quickstart/otel/golang/golang.html#golang-gorm","title":"Golang Gorm","text":"The OpenTelemetry community has also developed middleware for database access libraries, such as Gorm:
import (\n \"github.com/uptrace/opentelemetry-go-extra/otelgorm\"\n \"gorm.io/driver/sqlite\"\n \"gorm.io/gorm\"\n)\n\ndb, err := gorm.Open(sqlite.Open(\"file::memory:?cache=shared\"), &gorm.Config{})\nif err != nil {\n panic(err)\n}\n\notelPlugin := otelgorm.NewPlugin(otelgorm.WithDBName(\"mydb\"), # Missing this can lead to incomplete display of database related topology\n otelgorm.WithAttributes(semconv.ServerAddress(\"memory\"))) # Missing this can lead to incomplete display of database related topology\nif err := db.Use(otelPlugin); err != nil {\n panic(err)\n}\n
"},{"location":"en/end-user/insight/quickstart/otel/golang/golang.html#custom-span","title":"Custom Span","text":"In many cases, the middleware provided by OpenTelemetry cannot help us record more internally called features, and we need to customize Span to record
\u00b7\u00b7\u00b7\u00b7\u00b7\u00b7\n _, span := otel.Tracer(\"GetServiceDetail\").Start(ctx,\n \"spanMetricDao.GetServiceDetail\",\n trace.WithSpanKind(trace.SpanKindInternal))\n defer span.End()\n \u00b7\u00b7\u00b7\u00b7\u00b7\u00b7\n
"},{"location":"en/end-user/insight/quickstart/otel/golang/golang.html#add-custom-properties-and-custom-events-to-span","title":"Add custom properties and custom events to span","text":"It is also possible to set a custom attribute or tag as a span. To add custom properties and events, follow these steps:
"},{"location":"en/end-user/insight/quickstart/otel/golang/golang.html#import-tracking-and-property-libraries","title":"Import Tracking and Property Libraries","text":"import (\n ...\n \"go.opentelemetry.io/otel/attribute\"\n \"go.opentelemetry.io/otel/trace\"\n)\n
"},{"location":"en/end-user/insight/quickstart/otel/golang/golang.html#get-the-current-span-from-the-context","title":"Get the current Span from the context","text":"span := trace.SpanFromContext(c.Request.Context())\n
"},{"location":"en/end-user/insight/quickstart/otel/golang/golang.html#set-properties-in-the-current-span","title":"Set properties in the current Span","text":"span.SetAttributes(attribute. String(\"controller\", \"books\"))\n
"},{"location":"en/end-user/insight/quickstart/otel/golang/golang.html#add-an-event-to-the-current-span","title":"Add an Event to the current Span","text":"Adding span events is done using AddEvent on the span object.
span.AddEvent(msg)\n
"},{"location":"en/end-user/insight/quickstart/otel/golang/golang.html#log-errors-and-exceptions","title":"Log errors and exceptions","text":"import \"go.opentelemetry.io/otel/codes\"\n\n// Get the current span\nspan := trace.SpanFromContext(ctx)\n\n// RecordError will automatically convert an error into a span even\nspan.RecordError(err)\n\n// Flag this span as an error\nspan.SetStatus(codes.Error, \"internal error\")\n
"},{"location":"en/end-user/insight/quickstart/otel/golang/golang.html#references","title":"References","text":"For the Demo presentation, please refer to:
This article is intended for users who wish to evaluate or explore the developing OTLP metrics.
The OpenTelemetry project requires that APIs and SDKs must emit data in the OpenTelemetry Protocol (OTLP) for supported languages.
"},{"location":"en/end-user/insight/quickstart/otel/golang/meter.html#for-golang-applications","title":"For Golang Applications","text":"Golang can expose runtime metrics through the SDK by adding the following methods to enable the metrics exporter within the application:
"},{"location":"en/end-user/insight/quickstart/otel/golang/meter.html#install-required-dependencies","title":"Install Required Dependencies","text":"Navigate to your application\u2019s source folder and run the following command:
go get go.opentelemetry.io/otel \\\n go.opentelemetry.io/otel/attribute \\\n go.opentelemetry.io/otel/exporters/prometheus \\\n go.opentelemetry.io/otel/metric/global \\\n go.opentelemetry.io/otel/metric/instrument \\\n go.opentelemetry.io/otel/sdk/metric\n
"},{"location":"en/end-user/insight/quickstart/otel/golang/meter.html#create-an-initialization-function-using-otel-sdk","title":"Create an Initialization Function Using OTel SDK","text":"import (\n .....\n\n \"go.opentelemetry.io/otel/attribute\"\n otelPrometheus \"go.opentelemetry.io/otel/exporters/prometheus\"\n \"go.opentelemetry.io/otel/metric/global\"\n \"go.opentelemetry.io/otel/metric/instrument\"\n \"go.opentelemetry.io/otel/sdk/metric/aggregator/histogram\"\n controller \"go.opentelemetry.io/otel/sdk/metric/controller/basic\"\n \"go.opentelemetry.io/otel/sdk/metric/export/aggregation\"\n processor \"go.opentelemetry.io/otel/sdk/metric/processor/basic\"\n selector \"go.opentelemetry.io/otel/sdk/metric/selector/simple\"\n)\n\nfunc (s *insightServer) initMeter() *otelPrometheus.Exporter {\n s.meter = global.Meter(\"xxx\")\n\n config := otelPrometheus.Config{\n DefaultHistogramBoundaries: []float64{1, 2, 5, 10, 20, 50},\n Gatherer: prometheus.DefaultGatherer,\n Registry: prometheus.NewRegistry(),\n Registerer: prometheus.DefaultRegisterer,\n }\n\n c := controller.New(\n processor.NewFactory(\n selector.NewWithHistogramDistribution(\n histogram.WithExplicitBoundaries(config.DefaultHistogramBoundaries),\n ),\n aggregation.CumulativeTemporalitySelector(),\n processor.WithMemory(true),\n ),\n )\n\n exporter, err := otelPrometheus.New(config, c)\n if err != nil {\n zap.S().Panicf(\"failed to initialize prometheus exporter %v\", err)\n }\n\n global.SetMeterProvider(exporter.MeterProvider())\n\n http.HandleFunc(\"/metrics\", exporter.ServeHTTP)\n\n go func() {\n _ = http.ListenAndServe(fmt.Sprintf(\":%d\", 8888), nil)\n }()\n\n zap.S().Info(\"Prometheus server running on \", fmt.Sprintf(\":%d\", port))\n return exporter\n}\n
The above method will expose a metrics endpoint for your application at: http://localhost:8888/metrics
.
Next, initialize it in main.go
:
func main() {\n // ...\n tp := initMeter()\n // ...\n}\n
If you want to add custom metrics, you can refer to the following:
// exposeClusterMetric exposes a metric like \"insight_logging_count{} 1\"\nfunc (s *insightServer) exposeLoggingMetric(lserver *log.LogService) {\n s.meter = global.Meter(\"insight.io/basic\")\n\n var lock sync.Mutex\n logCounter, err := s.meter.AsyncFloat64().Counter(\"insight_log_total\")\n if err != nil {\n zap.S().Panicf(\"failed to initialize instrument: %v\", err)\n }\n\n _ = s.meter.RegisterCallback([]instrument.Asynchronous{logCounter}, func(ctx context.Context) {\n lock.Lock()\n defer lock.Unlock()\n count, err := lserver.Count(ctx)\n if err == nil || count != -1 {\n logCounter.Observe(ctx, float64(count))\n }\n })\n}\n
Then, call this method in main.go
:
// ...\ns.exposeLoggingMetric(lservice)\n// ...\n
You can check if your metrics are working correctly by visiting http://localhost:8888/metrics
.
For Java applications, you can directly expose JVM-related metrics by using the OpenTelemetry agent with the following environment variable:
OTEL_METRICS_EXPORTER=prometheus\n
You can then check your metrics at http://localhost:8888/metrics
.
Next, combine it with a Prometheus ServiceMonitor
to complete the metrics integration. If you want to expose custom metrics, please refer to opentelemetry-java-docs/prometheus.
The process is mainly divided into two steps:
/*\n * Copyright The OpenTelemetry Authors\n * SPDX-License-Identifier: Apache-2.0\n */\n\npackage io.opentelemetry.example.prometheus;\n\nimport io.opentelemetry.api.metrics.MeterProvider;\nimport io.opentelemetry.exporter.prometheus.PrometheusHttpServer;\nimport io.opentelemetry.sdk.metrics.SdkMeterProvider;\nimport io.opentelemetry.sdk.metrics.export.MetricReader;\n\npublic final class ExampleConfiguration {\n\n /**\n * Initializes the Meter SDK and configures the Prometheus collector with all default settings.\n *\n * @param prometheusPort the port to open up for scraping.\n * @return A MeterProvider for use in instrumentation.\n */\n static MeterProvider initializeOpenTelemetry(int prometheusPort) {\n MetricReader prometheusReader = PrometheusHttpServer.builder().setPort(prometheusPort).build();\n\n return SdkMeterProvider.builder().registerMetricReader(prometheusReader).build();\n }\n}\n
package io.opentelemetry.example.prometheus;\n\nimport io.opentelemetry.api.common.Attributes;\nimport io.opentelemetry.api.metrics.Meter;\nimport io.opentelemetry.api.metrics.MeterProvider;\nimport java.util.concurrent.ThreadLocalRandom;\n\n/**\n * Example of using the PrometheusHttpServer to convert OTel metrics to Prometheus format and expose\n * these to a Prometheus instance via a HttpServer exporter.\n *\n * <p>A Gauge is used to periodically measure how many incoming messages are awaiting processing.\n * The Gauge callback gets executed every collection interval.\n */\npublic final class PrometheusExample {\n private long incomingMessageCount;\n\n public PrometheusExample(MeterProvider meterProvider) {\n Meter meter = meterProvider.get(\"PrometheusExample\");\n meter\n .gaugeBuilder(\"incoming.messages\")\n .setDescription(\"No of incoming messages awaiting processing\")\n .setUnit(\"message\")\n .buildWithCallback(result -> result.record(incomingMessageCount, Attributes.empty()));\n }\n\n void simulate() {\n for (int i = 500; i > 0; i--) {\n try {\n System.out.println(\n i + \" Iterations to go, current incomingMessageCount is: \" + incomingMessageCount);\n incomingMessageCount = ThreadLocalRandom.current().nextLong(100);\n Thread.sleep(1000);\n } catch (InterruptedException e) {\n // ignored here\n }\n }\n }\n\n public static void main(String[] args) {\n int prometheusPort = 8888;\n\n // It is important to initialize the OpenTelemetry SDK as early as possible in your process.\n MeterProvider meterProvider = ExampleConfiguration.initializeOpenTelemetry(prometheusPort);\n\n PrometheusExample prometheusExample = new PrometheusExample(meterProvider);\n\n prometheusExample.simulate();\n\n System.out.println(\"Exiting\");\n }\n}\n
After running the Java application, you can check if your metrics are working correctly by visiting http://localhost:8888/metrics
.
Lastly, it is important to note that you have exposed metrics in your application, and now you need Insight to collect those metrics.
The recommended way to expose metrics is via ServiceMonitor or PodMonitor.
"},{"location":"en/end-user/insight/quickstart/otel/golang/meter.html#creating-servicemonitorpodmonitor","title":"Creating ServiceMonitor/PodMonitor","text":"The added ServiceMonitor/PodMonitor needs to have the label operator.insight.io/managed-by: insight
for the Operator to recognize it:
apiVersion: monitoring.coreos.com/v1\nkind: ServiceMonitor\nmetadata:\n name: example-app\n labels:\n operator.insight.io/managed-by: insight\nspec:\n selector:\n matchLabels:\n app: example-app\n endpoints:\n - port: web\n namespaceSelector:\n any: true\n
"},{"location":"en/end-user/insight/quickstart/otel/java/index.html","title":"Start Monitoring Java Applications","text":"For accessing and monitoring Java application links, please refer to the document Implementing Non-Intrusive Enhancements for Applications via Operator, which explains how to automatically integrate links through annotations.
Monitoring the JVM of Java applications: How Java applications that have already exposed JVM metrics and those that have not yet exposed JVM metrics can connect with observability Insight.
If your Java application has not yet started exposing JVM metrics, you can refer to the following documents:
If your Java application has already exposed JVM metrics, you can refer to the following document:
Writing TraceId and SpanId into Java Application Logs to correlate link data with log data.
This article explains how to automatically write TraceId and SpanId into Java application logs using OpenTelemetry. By including TraceId and SpanId in your logs, you can correlate distributed tracing data with log data, enabling more efficient fault diagnosis and performance analysis.
"},{"location":"en/end-user/insight/quickstart/otel/java/mdc.html#supported-logging-libraries","title":"Supported Logging Libraries","text":"For more information, please refer to the Logger MDC auto-instrumentation.
Logging Framework Supported Automatic Instrumentation Versions Dependencies Required for Manual Instrumentation Log4j 1 1.2+ None Log4j 2 2.7+ opentelemetry-log4j-context-data-2.17-autoconfigure Logback 1.0+ opentelemetry-logback-mdc-1.0"},{"location":"en/end-user/insight/quickstart/otel/java/mdc.html#using-logback-spring-boot-project","title":"Using Logback (Spring Boot Project)","text":"Spring Boot projects come with a built-in logging framework and use Logback as the default logging implementation. If your Java project is a Spring Boot project, you can write TraceId into logs with minimal configuration.
Set logging.pattern.level
in application.properties
, adding %mdc{trace_id}
and %mdc{span_id}
to the logs.
logging.pattern.level=trace_id=%mdc{trace_id} span_id=%mdc{span_id} %5p ....omited...\n
Here is an example of the logs:
2024-06-26 10:56:31.200 trace_id=8f7ebd8a73f9a8f50e6a00a87a20952a span_id=1b08f18b8858bb9a INFO 53724 --- [nio-8081-exec-1] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring DispatcherServlet 'dispatcherServlet'\n2024-06-26 10:56:31.201 trace_id=8f7ebd8a73f9a8f50e6a00a87a20952a span_id=1b08f18b8858bb9a INFO 53724 --- [nio-8081-exec-1] o.s.web.servlet.DispatcherServlet : Initializing Servlet 'dispatcherServlet'\n2024-06-26 10:56:31.209 trace_id=8f7ebd8a73f9a8f50e6a00a87a20952a span_id=1b08f18b8858bb9a INFO 53724 --- [nio-8081-exec-1] o.s.web.servlet.DispatcherServlet : Completed initialization in 8 ms\n2024-06-26 10:56:31.296 trace_id=8f7ebd8a73f9a8f50e6a00a87a20952a span_id=5743699405074f4e INFO 53724 --- [nio-8081-exec-1] com.example.httpserver.ot.OTServer : hello world\n
"},{"location":"en/end-user/insight/quickstart/otel/java/mdc.html#using-log4j2","title":"Using Log4j2","text":"Add OpenTelemetry Log4j2
dependency in pom.xml
:
Tip
Please replace OPENTELEMETRY_VERSION
with the latest version.
<dependencies>\n <dependency>\n <groupId>io.opentelemetry.instrumentation</groupId>\n <artifactId>opentelemetry-log4j-context-data-2.17-autoconfigure</artifactId>\n <version>OPENTELEMETRY_VERSION</version>\n <scope>runtime</scope>\n </dependency>\n</dependencies>\n
Modify the log4j2.xml
configuration, adding %X{trace_id}
and %X{span_id}
in the pattern
to automatically write TraceId and SpanId into the logs:
<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<Configuration>\n <Appenders>\n <Console name=\"Console\" target=\"SYSTEM_OUT\">\n <PatternLayout\n pattern=\"%d{HH:mm:ss.SSS} [%t] %-5level %logger{36} trace_id=%X{trace_id} span_id=%X{span_id} trace_flags=%X{trace_flags} - %msg%n\"/>\n </Console>\n </Appenders>\n <Loggers>\n <Root>\n <AppenderRef ref=\"Console\" level=\"All\"/>\n </Root>\n </Loggers>\n</Configuration>\n
If using Logback, add OpenTelemetry Logback
dependency in pom.xml
.
Tip
Please replace OPENTELEMETRY_VERSION
with the latest version.
<dependencies>\n <dependency>\n <groupId>io.opentelemetry.instrumentation</groupId>\n <artifactId>opentelemetry-logback-mdc-1.0</artifactId>\n <version>OPENTELEMETRY_VERSION</version>\n </dependency>\n</dependencies>\n
Modify the log4j2.xml
configuration, adding %X{trace_id}
and %X{span_id}
in the pattern
to automatically write TraceId and SpanId into the logs:
<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<configuration>\n <appender name=\"CONSOLE\" class=\"ch.qos.logback.core.ConsoleAppender\">\n <encoder>\n <pattern>%d{HH:mm:ss.SSS} trace_id=%X{trace_id} span_id=%X{span_id} trace_flags=%X{trace_flags} %msg%n</pattern>\n </encoder>\n </appender>\n\n <!-- Just wrap your logging appender, for example ConsoleAppender, with OpenTelemetryAppender -->\n <appender name=\"OTEL\" class=\"io.opentelemetry.instrumentation.logback.mdc.v1_0.OpenTelemetryAppender\">\n <appender-ref ref=\"CONSOLE\"/>\n </appender>\n\n <!-- Use the wrapped \"OTEL\" appender instead of the original \"CONSOLE\" one -->\n <root level=\"INFO\">\n <appender-ref ref=\"OTEL\"/>\n </root>\n\n</configuration>\n
JMX Exporter provides two usage methods:
Note
The official recommendation is not to use the first method due to its complex configuration and the requirement for a separate process, which introduces additional monitoring challenges. Therefore, this article focuses on the second method, detailing how to use JMX Exporter to expose JVM monitoring metrics in a Kubernetes environment.
In this method, you need to specify the JMX Exporter jar file and configuration file when starting the JVM. Since the jar file is a binary file that is not ideal for mounting via a configmap, and the configuration file typically does not require modifications, it is recommended to package both the JMX Exporter jar file and the configuration file directly into the business container image.
For the second method, you can choose to include the JMX Exporter jar file in the application image or mount it during deployment. Below are explanations for both approaches:
"},{"location":"en/end-user/insight/quickstart/otel/java/jvm-monitor/jmx-exporter.html#method-1-building-jmx-exporter-jar-file-into-the-business-image","title":"Method 1: Building JMX Exporter JAR File into the Business Image","text":"The content of prometheus-jmx-config.yaml
is as follows:
...\nssl: false\nlowercaseOutputName: false\nlowercaseOutputLabelNames: false\nrules:\n- pattern: \".*\"\n
Note
For more configuration options, please refer to the introduction at the bottom or Prometheus official documentation.
Next, prepare the jar file. You can find the latest jar download link on the jmx_exporter GitHub page and refer to the following Dockerfile:
FROM openjdk:11.0.15-jre\nWORKDIR /app/\nCOPY target/my-app.jar ./\nCOPY prometheus-jmx-config.yaml ./\nRUN set -ex; \\\n curl -L -O https://repo1.maven.org/maven2/io/prometheus/jmx/jmx_prometheus_javaagent/0.17.2/jmx_prometheus_javaagent-0.17.2.jar;\nENV JAVA_TOOL_OPTIONS=-javaagent:/app/jmx_prometheus_javaagent-0.17.2.jar=8088:/app/prometheus-jmx-config.yaml\nEXPOSE 8081 8999 8080 8888\nENTRYPOINT java $JAVA_OPTS -jar my-app.jar\n
Note:
-javaagent:=:
First, we need to create a Docker image for the JMX Exporter. The following Dockerfile is for reference:
FROM alpine/curl:3.14\nWORKDIR /app/\n# Copy the previously created config file into the image\nCOPY prometheus-jmx-config.yaml ./\n# Download the jmx prometheus javaagent jar online\nRUN set -ex; \\\n curl -L -O https://repo1.maven.org/maven2/io/prometheus/jmx/jmx_prometheus_javaagent/0.17.2/jmx_prometheus_javaagent-0.17.2.jar;\n
Build the image using the above Dockerfile: docker build -t my-jmx-exporter .
Add the following init container to the Java application deployment YAML:
Click to expand YAML fileapiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: my-demo-app\n labels:\n app: my-demo-app\nspec:\n selector:\n matchLabels:\n app: my-demo-app\n template:\n metadata:\n labels:\n app: my-demo-app\n spec:\n imagePullSecrets:\n - name: registry-pull\n initContainers:\n - name: jmx-sidecar\n image: my-jmx-exporter\n command: [\"cp\", \"-r\", \"/app/jmx_prometheus_javaagent-0.17.2.jar\", \"/target/jmx_prometheus_javaagent-0.17.2.jar\"] \u278a\n volumeMounts:\n - name: sidecar\n mountPath: /target\n containers:\n - image: my-demo-app-image\n name: my-demo-app\n resources:\n requests:\n memory: \"1000Mi\"\n cpu: \"500m\"\n limits:\n memory: \"1000Mi\"\n cpu: \"500m\"\n ports:\n - containerPort: 18083\n env:\n - name: JAVA_TOOL_OPTIONS\n value: \"-javaagent:/app/jmx_prometheus_javaagent-0.17.2.jar=8088:/app/prometheus-jmx-config.yaml\" \u278b\n volumeMounts:\n - name: host-time\n mountPath: /etc/localtime\n readOnly: true\n - name: sidecar\n mountPath: /sidecar\n volumes:\n - name: host-time\n hostPath:\n path: /etc/localtime\n - name: sidecar # Shared agent folder\n emptyDir: {}\n restartPolicy: Always\n
With the above modifications, the example application my-demo-app
now has the capability to expose JVM metrics. After running the service, you can access the Prometheus formatted metrics at http://localhost:8088
.
Next, you can refer to Connecting Existing JVM Metrics of Java Applications to Observability.
"},{"location":"en/end-user/insight/quickstart/otel/java/jvm-monitor/legacy-jvm.html","title":"Integrating Existing JVM Metrics of Java Applications with Observability","text":"If your Java application exposes JVM monitoring metrics through other means (such as Spring Boot Actuator), you will need to ensure that the monitoring data is collected. You can achieve this by adding annotations (Kubernetes Annotations) to your workload to allow Insight to scrape the existing JVM metrics:
annotations: \n insight.opentelemetry.io/metric-scrape: \"true\" # Whether to scrape\n insight.opentelemetry.io/metric-path: \"/\" # Path to scrape metrics\n insight.opentelemetry.io/metric-port: \"9464\" # Port to scrape metrics\n
For example, to add annotations to the my-deployment-app:
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: my-deployment-app\nspec:\n selector:\n matchLabels:\n app: my-deployment-app\n app.kubernetes.io/name: my-deployment-app\n replicas: 1\n template:\n metadata:\n labels:\n app: my-deployment-app\n app.kubernetes.io/name: my-deployment-app\n annotations:\n insight.opentelemetry.io/metric-scrape: \"true\" # Whether to scrape\n insight.opentelemetry.io/metric-path: \"/\" # Path to scrape metrics\n insight.opentelemetry.io/metric-port: \"9464\" # Port to scrape metrics\n
Here is a complete example:
---\napiVersion: v1\nkind: Service\nmetadata:\n name: spring-boot-actuator-prometheus-metrics-demo\nspec:\n type: NodePort\n selector:\n app.kubernetes.io/name: spring-boot-actuator-prometheus-metrics-demo\n ports:\n - name: http\n port: 8080\n---\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: spring-boot-actuator-prometheus-metrics-demo\nspec:\n selector:\n matchLabels:\n app.kubernetes.io/name: spring-boot-actuator-prometheus-metrics-demo\n replicas: 1\n template:\n metadata:\n labels:\n app.kubernetes.io/name: spring-boot-actuator-prometheus-metrics-demo\n annotations:\n insight.opentelemetry.io/metric-scrape: \"true\" # Whether to scrape\n insight.opentelemetry.io/metric-path: \"/actuator/prometheus\" # Path to scrape metrics\n insight.opentelemetry.io/metric-port: \"8080\" # Port to scrape metrics\n spec:\n containers:\n - name: myapp\n image: docker.m.daocloud.io/wutang/spring-boot-actuator-prometheus-metrics-demo\n ports:\n - name: http\n containerPort: 8080\n resources:\n limits:\n cpu: 500m\n memory: 800Mi\n requests:\n cpu: 200m\n memory: 400Mi\n
In the above example, Insight will scrape the Prometheus metrics exposed through Spring Boot Actuator via http://<service-ip>:8080/actuator/prometheus
.
Starting from OpenTelemetry Agent v1.20.0 and later, the OpenTelemetry Agent has introduced the JMX Metric Insight module. If your application is already integrated with the OpenTelemetry Agent for tracing, you no longer need to introduce another agent to expose JMX metrics for your application. The OpenTelemetry Agent collects and exposes metrics by detecting the locally available MBeans in the application.
The OpenTelemetry Agent also provides built-in monitoring examples for common Java servers or frameworks. Please refer to the Predefined Metrics.
When using the OpenTelemetry Java Agent, you also need to consider how to mount the JAR into the container. In addition to the methods for mounting the JAR file as described with the JMX Exporter, you can leverage the capabilities provided by the OpenTelemetry Operator to automatically enable JVM metrics exposure for your application.
If your application is already integrated with the OpenTelemetry Agent for tracing, you do not need to introduce another agent to expose JMX metrics. The OpenTelemetry Agent can now locally collect and expose metrics interfaces by detecting the locally available MBeans in the application.
However, as of the current version, you still need to manually add the appropriate annotations to your application for the JVM data to be collected by Insight. For specific annotation content, please refer to Integrating Existing JVM Metrics of Java Applications with Observability.
"},{"location":"en/end-user/insight/quickstart/otel/java/jvm-monitor/otel-java-agent.html#exposing-metrics-for-java-middleware","title":"Exposing Metrics for Java Middleware","text":"The OpenTelemetry Agent also includes built-in examples for monitoring middleware. Please refer to the Predefined Metrics.
By default, no specific types are designated; you need to specify them using the -Dotel.jmx.target.system
JVM options, for example, -Dotel.jmx.target.system=jetty,kafka-broker
.
Gaining JMX Metric Insights with the OpenTelemetry Java Agent
Otel JMX Metrics
Although the OpenShift system comes with a monitoring system, we will still install Insight Agent because of some rules in the data collection agreement.
Among them, in addition to the basic installation configuration, the following parameters need to be added during helm install:
## Parameters related to fluentbit;\n--set fluent-bit.ocp.enabled=true \\\n--set fluent-bit.serviceAccount.create=false \\\n--set fluent-bit.securityContext.runAsUser=0 \\\n--set fluent-bit.securityContext.seLinuxOptions.type=spc_t \\\n--set fluent-bit.securityContext.readOnlyRootFilesystem=false \\\n--set fluent-bit.securityContext.allowPrivilegeEscalation=false \\\n\n## Enable Prometheus(CR) for OpenShift4.x\n--set compatibility.openshift.prometheus.enabled=true \\\n\n## Close the Prometheus instance of the higher version\n--set kube-prometheus-stack.prometheus.enabled=false \\\n--set kube-prometheus-stack.kubeApiServer.enabled=false \\\n--set kube-prometheus-stack.kubelet.enabled=false \\\n--set kube-prometheus-stack.kubeControllerManager.enabled=false \\\n--set kube-prometheus-stack.coreDns.enabled=false \\\n--set kube-prometheus-stack.kubeDns.enabled=false \\\n--set kube-prometheus-stack.kubeEtcd.enabled=false \\\n--set kube-prometheus-stack.kubeEtcd.enabled=false \\\n--set kube-prometheus-stack.kubeScheduler.enabled=false \\\n--set kube-prometheus-stack.kubeStateMetrics.enabled=false \\\n--set kube-prometheus-stack.nodeExporter.enabled=false \\\n\n## Limit the namespace processed by PrometheusOperator to avoid competition with OpenShift's own PrometheusOperator\n--set kube-prometheus-stack.prometheusOperator.kubeletService.namespace=\"insight-system\" \\\n--set kube-prometheus-stack.prometheusOperator.prometheusInstanceNamespaces=\"insight-system\" \\\n--set kube-prometheus-stack.prometheusOperator.denyNamespaces[0]=\"openshift-monitoring\" \\\n--set kube-prometheus-stack.prometheusOperator.denyNamespaces[1]=\"openshift-user-workload-monitoring\" \\\n--set kube-prometheus-stack.prometheusOperator.denyNamespaces[2]=\"openshift-customer-monitoring\" \\\n--set kube-prometheus-stack.prometheusOperator.denyNamespaces[3]=\"openshift-route-monitor-operator\" \\\n
"},{"location":"en/end-user/insight/quickstart/other/install-agent-on-ocp.html#write-system-monitoring-data-into-prometheus-through-openshifts-own-mechanism","title":"Write system monitoring data into Prometheus through OpenShift's own mechanism","text":"apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: cluster-monitoring-config\n namespace: openshift-monitoring\ndata:\n config.yaml: |\n prometheusK8s:\n remoteWrite:\n - queueConfig:\n batchSendDeadline: 60s\n maxBackoff: 5s\n minBackoff: 30ms\n minShards: 1\n capacity: 5000\n maxSamplesPerSend: 1000\n maxShards: 100\n remoteTimeout: 30s\n url: http://insight-agent-prometheus.insight-system.svc.cluster.local:9090/api/v1/write\n writeRelabelConfigs:\n - action: keep\n regex: etcd|kubelet|node-exporter|apiserver|kube-state-metrics\n sourceLabels:\n - job\n
"},{"location":"en/end-user/insight/quickstart/other/install-agentindce.html","title":"Install insight-agent in Suanova 4.0","text":"In AI platform, previous Suanova 4.0 can be accessed as a subcluster. This guide provides potential issues and solutions when installing insight-agent in a Suanova 4.0 cluster.
"},{"location":"en/end-user/insight/quickstart/other/install-agentindce.html#issue-one","title":"Issue One","text":"Since most Suanova 4.0 clusters have installed dx-insight as the monitoring system, installing insight-agent at this time will conflict with the existing prometheus operator in the cluster, making it impossible to install smoothly.
"},{"location":"en/end-user/insight/quickstart/other/install-agentindce.html#solution","title":"Solution","text":"Enable the parameters of the prometheus operator, retain the prometheus operator in dx-insight, and make it compatible with the prometheus operator in insight-agent in 5.0.
"},{"location":"en/end-user/insight/quickstart/other/install-agentindce.html#steps","title":"Steps","text":"Run the following command (the following command is for reference only, the actual command needs to replace the prometheus operator name and namespace in the command).
kubectl edit deploy insight-agent-kube-prometh-operator -n insight-system\n
Note
The open-source node-exporter turns on hostnetwork by default and the default port is 9100. If the monitoring system of the cluster has installed node-exporter , then installing insight-agent at this time will cause node-exporter port conflict and it cannot run normally.
Note
Insight's node exporter will enable some features to collect special indicators, so it is recommended to install.
Currently, it does not support modifying the port in the installation command. After helm install insight-agent , you need to manually modify the related ports of the insight node-exporter daemonset and svc.
"},{"location":"en/end-user/insight/quickstart/other/install-agentindce.html#issue-two","title":"Issue Two","text":"After Insight Agent is successfully deployed, fluentbit does not collect logs of Suanova 4.0.
"},{"location":"en/end-user/insight/quickstart/other/install-agentindce.html#solution_1","title":"Solution","text":"The docker storage directory of Suanova 4.0 is /var/lib/containers , which is different from the path in the configuration of insigh-agent, so the logs are not collected.
"},{"location":"en/end-user/insight/quickstart/other/install-agentindce.html#steps_1","title":"Steps","text":"Modify the following parameters in the insight-agent Chart.
fluent-bit:\ndaemonSetVolumeMounts:\n - name: varlog\n mountPath: /var/log\n - name: varlibdockercontainers\n- mountPath: /var/lib/docker/containers\n+ mountPath: /var/lib/containers/docker/containers\n readOnly: true\n - name: etcmachineid\n mountPath: /etc/machine-id\n readOnly: true\n - name: dmesg\n mountPath: /var/log/dmesg\n readOnly: true\n
This article describes the method for expanding the vmstorage disk. Please refer to the vmstorage disk capacity planning for the specifications of the vmstorage disk.
"},{"location":"en/end-user/insight/quickstart/res-plan/modify-vms-disk.html#procedure","title":"Procedure","text":""},{"location":"en/end-user/insight/quickstart/res-plan/modify-vms-disk.html#enable-storageclass-expansion","title":"Enable StorageClass expansion","text":"Log in to the AI platform as a global service cluster administrator. Click Container Management -> Clusters and go to the details of the kpanda-global-cluster cluster.
Select the left navigation menu Container Storage -> PVCs and find the PVC bound to the vmstorage.
Click a vmstorage PVC to enter the details of the volume claim for vmstorage and confirm the StorageClass that the PVC is bound to.
Select the left navigation menu Container Storage -> Storage Class and find local-path . Click the \u2507 on the right side of the target and select Edit in the popup menu.
Enable Scale Up and click OK .
Log in to the AI platform as a global service cluster administrator and go to the details of the kpanda-global-cluster cluster.
Select the left navigation menu CRDs and find the custom resource for vmcluster .
Click the custom resource for vmcluster to enter the details page, switch to the insight-system namespace, and select Edit YAML from the right menu of insight-victoria-metrics-k8s-stack .
Modify according to the legend and click OK .
Select the left navigation menu Container Storage -> PVCs again and find the volume claim bound to vmstorage. Confirm that the modification has taken effect. In the details page of a PVC, click the associated storage source (PV).
Open the volume details page and click the Update button in the upper right corner.
After modifying the Capacity , click OK and wait for a moment until the expansion is successful.
If the storage volume expansion fails, you can refer to the following method to clone the storage volume.
Log in to the AI platform as a global service cluster administrator and go to the details of the kpanda-global-cluster cluster.
Select the left navigation menu Workloads -> StatefulSets and find the statefulset for vmstorage . Click the \u2507 on the right side of the target and select Status -> Stop -> OK in the popup menu.
After logging into the master node of the kpanda-global-cluster cluster in the command line, run the following command to copy the vm-data directory in the vmstorage container to store the metric information locally:
kubectl cp -n insight-system vmstorage-insight-victoria-metrics-k8s-stack-1:vm-data ./vm-data\n
Log in to the AI platform and go to the details of the kpanda-global-cluster cluster. Select the left navigation menu Container Storage -> PVs , click Clone in the upper right corner, and modify the capacity of the volume.
Delete the previous data volume of vmstorage.
Wait for a moment until the volume claim is bound to the cloned data volume, then run the following command to import the exported data from step 3 into the proper container, and then start the previously paused vmstorage .
kubectl cp -n insight-system ./vm-data vmstorage-insight-victoria-metrics-k8s-stack-1:vm-data\n
In the actual use of Prometheus, affected by the number of cluster containers and the opening of Istio, the CPU, memory and other resource usage of Prometheus will exceed the set resources.
In order to ensure the normal operation of Prometheus in clusters of different sizes, it is necessary to adjust the resources of Prometheus according to the actual size of the cluster.
"},{"location":"en/end-user/insight/quickstart/res-plan/prometheus-res.html#reference-resource-planning","title":"Reference resource planning","text":"In the case that the mesh is not enabled, the test statistics show that the relationship between the system Job index and pods is Series count = 800 * pod count
When the service mesh is enabled, the magnitude of the Istio-related metrics generated by the pod after the feature is enabled is Series count = 768 * pod count
"},{"location":"en/end-user/insight/quickstart/res-plan/prometheus-res.html#when-the-service-mesh-is-not-enabled","title":"When the service mesh is not enabled","text":"The following resource planning is recommended by Prometheus when the service mesh is not enabled :
Cluster size (pod count) Metrics (service mesh is not enabled) CPU (core) Memory (GB) 100 8w Request: 0.5Limit: 1 Request: 2GBLimit: 4GB 200 16w Request: 1Limit: 1.5 Request: 3GBLimit: 6GB 300 24w Request: 1Limit: 2 Request: 3GBLimit: 6GB 400 32w Request: 1Limit: 2 Request: 4GBLimit: 8GB 500 40w Request: 1.5Limit: 3 Request: 5GBLimit: 10GB 800 64w Request: 2Limit: 4 Request: 8GBLimit: 16GB 1000 80w Request: 2.5Limit: 5 Request: 9GBLimit: 18GB 2000 160w Request: 3.5Limit: 7 Request: 20GBLimit: 40GB 3000 240w Request: 4Limit: 8 Request: 33GBLimit: 66GB"},{"location":"en/end-user/insight/quickstart/res-plan/prometheus-res.html#when-the-service-mesh-feature-is-enabled","title":"When the service mesh feature is enabled","text":"The following resource planning is recommended by Prometheus in the scenario of starting the service mesh:
Cluster size (pod count) metric volume (service mesh enabled) CPU (core) Memory (GB) 100 15w Request: 1Limit: 2 Request: 3GBLimit: 6GB 200 31w Request: 2Limit: 3 Request: 5GBLimit: 10GB 300 46w Request: 2Limit: 4 Request: 6GBLimit: 12GB 400 62w Request: 2Limit: 4 Request: 8GBLimit: 16GB 500 78w Request: 3Limit: 6 Request: 10GBLimit: 20GB 800 125w Request: 4Limit: 8 Request: 15GBLimit: 30GB 1000 156w Request: 5Limit: 10 Request: 18GBLimit: 36GB 2000 312w Request: 7Limit: 14 Request: 40GBLimit: 80GB 3000 468w Request: 8Limit: 16 Request: 65GBLimit: 130GBNote
vmstorage is responsible for storing multicluster metrics for observability. In order to ensure the stability of vmstorage, it is necessary to adjust the disk capacity of vmstorage according to the number of clusters and the size of the cluster. For more information, please refer to vmstorage retention period and disk space.
"},{"location":"en/end-user/insight/quickstart/res-plan/vms-res-plan.html#test-results","title":"Test Results","text":"After 14 days of disk observation of vmstorage of clusters of different sizes, We found that the disk usage of vmstorage was positively correlated with the amount of metrics it stored and the disk usage of individual data points.
Disk usage = Instantaneous metrics x 2 x disk usage for a single data point x 60 x 24 x storage time (days)
Parameter Description:
Warning
This formula is a general solution, and it is recommended to reserve redundant disk capacity on the calculation result to ensure the normal operation of vmstorage.
"},{"location":"en/end-user/insight/quickstart/res-plan/vms-res-plan.html#reference-capacity","title":"reference capacity","text":"The data in the table is calculated based on the default storage time of one month (30 days), and the disk usage of a single data point (datapoint) is calculated as 0.9. In a multicluster scenario, the number of Pods represents the sum of the number of Pods in the multicluster.
"},{"location":"en/end-user/insight/quickstart/res-plan/vms-res-plan.html#when-the-service-mesh-is-not-enabled","title":"When the service mesh is not enabled","text":"Cluster size (number of Pods) Metrics Disk capacity 100 8W 6 GiB 200 16W 12 GiB 300 24w 18 GiB 400 32w 24 GiB 500 40w 30 GiB 800 64w 48 GiB 1000 80W 60 GiB 2000 160w 120 GiB 3000 240w 180 GiB"},{"location":"en/end-user/insight/quickstart/res-plan/vms-res-plan.html#when-the-service-mesh-is-enabled","title":"When the service mesh is enabled","text":"Cluster size (number of Pods) Metrics Disk capacity 100 15W 12 GiB 200 31w 24 GiB 300 46w 36 GiB 400 62w 48 GiB 500 78w 60 GiB 800 125w 94 GiB 1000 156w 120 GiB 2000 312w 235 GiB 3000 468w 350 GiB"},{"location":"en/end-user/insight/quickstart/res-plan/vms-res-plan.html#example","title":"Example","text":"There are two clusters in the AI platform, of which 500 Pods are running in the global management cluster (service mesh is turned on), and 1000 Pods are running in the worker cluster (service mesh is not turned on), and the expected metrics are stored for 30 days.
Then the current vmstorage disk usage should be set to (784000+80000)x2x0.9x60x24x31 =124384896000 byte = 116 GiB
Note
For the relationship between the number of metrics and the number of Pods in the cluster, please refer to Prometheus Resource Planning.
"},{"location":"en/end-user/insight/system-config/modify-config.html","title":"Modify system configuration","text":"Observability will persist the data of metrics, logs, and traces by default. Users can modify the system configuration according to This page.
"},{"location":"en/end-user/insight/system-config/modify-config.html#how-to-modify-the-metric-data-retention-period","title":"How to modify the metric data retention period","text":"Refer to the following steps to modify the metric data retention period.
run the following command:
kubectl edit vmcluster insight-victoria-metrics-k8s-stack -n insight-system\n
In the Yaml file, the default value of retentionPeriod is 14 , and the unit is day . You can modify the parameters according to your needs.
apiVersion: operator.victoriametrics.com/v1beta1\nkind: VMCluster\nmetadata:\n annotations:\n meta.helm.sh/release-name: insight\n meta.helm.sh/release-namespace: insight-system\n creationTimestamp: \"2022-08-25T04:31:02Z\"\n finalizers:\n - apps.victoriametrics.com/finalizer\n generation: 2\n labels:\n app.kubernetes.io/instance: insight\n app.kubernetes.io/managed-by: Helm\n app.kubernetes.io/name: victoria-metrics-k8s-stack\n app.kubernetes.io/version: 1.77.2\n helm.sh/chart: victoria-metrics-k8s-stack-0.9.3\n name: insight-victoria-metrics-k8s-stack\n namespace: insight-system\n resourceVersion: \"123007381\"\n uid: 55cee8d6-c651-404b-b2c9-50603b405b54\nspec:\n replicationFactor: 1\n retentionPeriod: \"14\"\n vminsert:\n extraArgs:\n maxLabelsPerTimeseries: \"45\"\n image:\n repository: docker.m.daocloud.io/victoriametrics/vminsert\n tag: v1.80.0-cluster\n replicaCount: 1\n
After saving the modification, the pod of the component responsible for storing the metrics will automatically restart, just wait for a while.
Refer to the following steps to modify the log data retention period:
"},{"location":"en/end-user/insight/system-config/modify-config.html#method-1-modify-the-json-file","title":"Method 1: Modify the Json file","text":"Modify the max_age parameter in the rollover field in the following files, and set the retention period. The default storage period is 7d . Change http://localhost:9200
to the address of elastic .
curl -X PUT \"http://localhost:9200/_ilm/policy/insight-es-k8s-logs-policy?pretty\" -H 'Content-Type: application/json' -d'\n{\n\"policy\": {\n \"phases\": {\n \"hot\": {\n \"min_age\": \"0ms\",\n \"actions\": {\n \"set_priority\": {\n \"priority\": 100\n },\n \"rollover\": {\n \"max_age\": \"7d\",\n \"max_size\": \"10gb\"\n }\n }\n },\n \"warm\": {\n \"min_age\": \"10d\",\n \"actions\": {\n \"forcemerge\": {\n \"max_num_segments\": 1\n }\n }\n },\n \"delete\": {\n \"min_age\": \"30d\",\n \"actions\": {\n \"delete\": {}\n }\n }\n }\n}\n}\n
After modification, run the above command. It will print out the content as shown below, then the modification is successful.
{\n\"acknowledged\": true\n}\n
Log in kibana , select Stack Management in the left navigation bar.
Select the left navigation Index Lifecycle Polices , and find the index insight-es-k8s-logs-policy , click to enter the details.
Expand the Hot phase configuration panel, modify the Maximum age parameter, and set the retention period. The default storage period is 7d .
After modification, click Save policy at the bottom of the page to complete the modification.
Refer to the following steps to modify the trace data retention period:
"},{"location":"en/end-user/insight/system-config/modify-config.html#method-1-modify-the-json-file_1","title":"Method 1: Modify the Json file","text":"Modify the max_age parameter in the rollover field in the following files, and set the retention period. The default storage period is 7d . At the same time, modify http://localhost:9200
to the access address of elastic .
curl -X PUT \"http://localhost:9200/_ilm/policy/jaeger-ilm-policy?pretty\" -H 'Content-Type: application/json' -d'\n{\n\"policy\": {\n \"phases\": {\n \"hot\": {\n \"min_age\": \"0ms\",\n \"actions\": {\n \"set_priority\": {\n \"priority\": 100\n },\n \"rollover\": {\n \"max_age\": \"7d\",\n \"max_size\": \"10gb\"\n }\n }\n },\n \"warm\": {\n \"min_age\": \"10d\",\n \"actions\": {\n \"forcemerge\": {\n \"max_num_segments\": 1\n }\n }\n },\n \"delete\": {\n \"min_age\": \"30d\",\n \"actions\": {\n \"delete\": {}\n }\n }\n }\n}\n}\n
After modification, run the above command on the console. It will print out the content as shown below, then the modification is successful.
{\n\"acknowledged\": true\n}\n
Log in kibana , select Stack Management in the left navigation bar.
Select the left navigation Index Lifecycle Polices , and find the index jaeger-ilm-policy , click to enter the details.
Expand the Hot phase configuration panel, modify the Maximum age parameter, and set the retention period. The default storage period is 7d .
After modification, click Save policy at the bottom of the page to complete the modification.
On the system component page, you can quickly view the running status of the system components in Insight. When a system component fails, some features in Insight will be unavailable.
System Configuration displays the default storage time of metrics, logs, traces and the default Apdex threshold.
Click the right navigation bar and select System Configuration .
Currently only supports modifying the storage duration of historical alerts, click Edit to enter the target duration.
When the storage duration is set to \"0\", the historical alerts will not be cleared.
Note
To modify other configurations, please click to view How to modify the system configuration?
"},{"location":"en/end-user/insight/trace/service.html","title":"Service Insight","text":"In Insight , a service refers to a group of workloads that provide the same behavior for incoming requests. Service insight helps observe the performance and status of applications during the operation process by using the OpenTelemetry SDK.
For how to use OpenTelemetry, please refer to: Using OTel to give your application insight.
"},{"location":"en/end-user/insight/trace/service.html#glossary","title":"Glossary","text":"The Services List page displays key metrics such as throughput rate, error rate, and request latency for all services that have been instrumented with distributed tracing. You can filter services based on clusters or namespaces and sort the list by throughput rate, error rate, or request latency. By default, the data displayed in the list is for the last hour, but you can customize the time range.
Follow these steps to view service insight metrics:
Go to the Insight product module.
Select Trace Tracking -> Services from the left navigation bar.
Attention
Click a service name (taking insight-system as an example) to view the detailed metrics and operation metrics for that service.
The service topology provided by Observability allows you to quickly identify the request relationships between services and determine the health status of services based on different colors. The health status is determined based on the request latency and error rate of the service's overall traffic. This article explains the elements in the service topology.
"},{"location":"en/end-user/insight/trace/topology-helper.html#node-status-explanation","title":"Node Status Explanation","text":"The node health status is determined based on the error rate and request latency of the service's overall traffic, following these rules:
Color Status Rules Gray Healthy Error rate equals 0% and request latency is less than 100ms Orange Warning Error rate (0, 5%) or request latency (100ms, 200ms) Red Abnormal Error rate (5%, 100%) or request latency (200ms, +Infinity)"},{"location":"en/end-user/insight/trace/topology-helper.html#connection-status-explanation","title":"Connection Status Explanation","text":"Color Status Rules Green Healthy Error rate equals 0% and request latency is less than 100ms Orange Warning Error rate (0, 5%) or request latency (100ms, 200ms) Red Abnormal Error rate (5%, 100%) or request latency (200ms, +Infinity)"},{"location":"en/end-user/insight/trace/topology.html","title":"Service Map","text":"Service map is a visual representation of the connections, communication, and dependencies between services. It provides insights into the service-to-service interactions, allowing you to view the calls and performance of services within a specified time range. The connections between nodes in the topology map represent the existence of service-to-service calls during the queried time period.
"},{"location":"en/end-user/insight/trace/topology.html#prerequisites","title":"Prerequisites","text":"Go to the Insight product module.
Select Tracing -> Service Map from the left navigation bar.
In the Service Map, you can perform the following actions:
In the Service Map, there can be nodes that are not part of the cluster. These external nodes can be categorized into three types:
Virtual Node
If a service makes a request to a Database or Message Queue, these two types of nodes will be displayed by default in the topology map. However, Virtual Nodes represent nodes outside the cluster or services not integrated into the trace, and they will not be displayed by default in the map.
When a service makes a request to MySQL, PostgreSQL, or Oracle Database, the detailed database type can be seen in the map.
insight-server
chart values, locate the parameter shown in the image below, and change false
to true
.Virtual Services
option to enable it.On the trace query page, you can query detailed information about a call trace by TraceID or filter call traces based on various conditions.
"},{"location":"en/end-user/insight/trace/trace.html#glossary","title":"Glossary","text":"Please follow these steps to search for a trace:
Select Tracing -> Traces from the left navigation bar.
Note
Sorting by Span, Latency, and Start At is supported in the list.
Click the TraceID Query in the filter bar to switch to TraceID search.
To search using TraceID, please enter the complete TraceID.
Click the TraceID of a trace in the trace list to view its detailed call information.
Click the icon on the right side of the trace data to search for associated logs.
Click View More to jump to the Associated Log page with conditions.
By default, all logs are searched, but you can filter by the TraceID or the relevant container logs from the trace call process using the dropdown.
Note
Since trace may span across clusters or namespaces, if the user does not have sufficient permissions, they will be unable to query the associated logs for that trace.
If there are not enough nodes, you can add more nodes to the cluster.
"},{"location":"en/end-user/k8s/add-node.html#prerequisites","title":"Prerequisites","text":"Navigate to Container Management -> Clusters, and click the name of the target cluster.
On the cluster overview page, click Nodes, then click the Add Node button on the right.
Follow the wizard to fill in the parameters and click OK.
In the pop-up window, click OK.
Return to the node list; the status of the newly added node will be Connecting. After a few minutes, when the status changes to Running, it indicates that the connection was successful.
Tip
For newly connected nodes, it may take an additional 2-3 minutes to recognize the GPU.
"},{"location":"en/end-user/k8s/create-k8s.html","title":"Creating a Kubernetes Cluster in the Cloud","text":"Deploying a Kubernetes cluster is aimed at supporting efficient AI computing resource scheduling and management, achieving elastic scaling, providing high availability, and optimizing the model training and inference processes.
"},{"location":"en/end-user/k8s/create-k8s.html#prerequisites","title":"Prerequisites","text":"Create and launch 3 cloud hosts without GPU to serve as Master nodes for the cluster.
Navigate to Container Management -> Clusters, and click the Create Cluster button on the right.
Follow the wizard to configure various parameters of the cluster.
Wait for the cluster creation to complete.
In the cluster list, find the newly created cluster, click the cluster name, navigate to Helm Apps -> Helm Charts, and search for metax-gpu-extensions in the search box, then click the card.
Click the Install button on the right to start installing the GPU plugin.
Automatically return to the Helm App list and wait for the status of metax-gpu-extensions to change to Deployed.
At this point, the cluster has been successfully created. You can check the nodes included in the cluster. You can now create AI workloads and use GPUs.
Next step: Create AI Workloads
"},{"location":"en/end-user/k8s/remove-node.html","title":"Removing GPU Worker Nodes","text":"The cost of GPU resources is relatively high. If GPUs are not needed temporarily, you can remove the worker nodes with GPUs. The following steps also apply to removing regular worker nodes.
"},{"location":"en/end-user/k8s/remove-node.html#prerequisites","title":"Prerequisites","text":"Navigate to Container Management -> Clusters, and click the name of the target cluster.
Enter the cluster overview page, click Nodes, find the node to be removed, click the \u2507 on the right side of the list, and select Remove Node from the pop-up menu.
In the pop-up window, enter the node name, and after confirming it is correct, click Delete.
You will automatically return to the node list, where the status will be Removing. After a few minutes, refresh the page, and if the node is no longer present, it indicates that the node has been successfully removed.
After removing the node from the UI list, SSH into the removed node's host and execute the shutdown command.
Tip
After removing the node in the UI and shutting it down, the data on the node is not immediately deleted; the node's data will be retained for a period of time.
"},{"location":"en/end-user/kpanda/backup/index.html","title":"Backup and Restore","text":"Backup and restore are essential aspects of system management. In practice, it is important to first back up the data of the system at a specific point in time and securely store the backup. In case of incidents such as data corruption, loss, or accidental deletion, the system can be quickly restored based on the previous backup data, reducing downtime and minimizing losses.
Therefore, backup and restore are vital as the last line of defense for maintaining system stability and ensuring data security.
Backups are typically classified into three types: full backups, incremental backups, and differential backups. Currently, AI platform supports full backups and incremental backups.
The backup and restore provided by AI platform can be divided into two categories: Application Backup and ETCD Backup. It supports both manual backups and scheduled automatic backups using CronJobs.
Application Backup
Application backup refers to backing up data of a specific workload in the cluster and then restoring that data either within the same cluster or in another cluster. It supports backing up all resources under a namespace or filtering resources by specific labels.
Application backup also supports cross-cluster backup of stateful applications. For detailed steps, refer to the Backup and Restore MySQL Applications and Data Across Clusters guide.
etcd Backup
etcd is the data storage component of Kubernetes. Kubernetes stores its own component's data and application data in etcd. Therefore, backing up etcd is equivalent to backing up the entire cluster's data, allowing quick restoration of the cluster to a previous state in case of failures.
It's worth noting that currently, restoring etcd backup data is only supported within the same cluster (the original cluster). To learn more about related best practices, refer to the ETCD Backup and Restore guide.
This article explains how to backup applications in AI platform. The demo application used in this tutorial is called dao-2048 , which is a deployment.
"},{"location":"en/end-user/kpanda/backup/deployment.html#prerequisites","title":"Prerequisites","text":"Before backing up a deployment, the following prerequisites must be met:
Integrate a Kubernetes cluster or create a Kubernetes cluster in the Container Management module, and be able to access the UI interface of the cluster.
Create a Namespace and a user.
The current operating user should have NS Editor or higher permissions, for details, refer to Namespace Authorization.
Install the velero component, and ensure the velero component is running properly.
Create a deployment (the workload in this tutorial is named dao-2048 ), and label the deployment with app: dao-2048 .
Follow the steps below to backup the deployment dao-2048 .
Enter the Container Management module, click Backup Recovery -> Application Backup on the left navigation bar, and enter the Application Backup list page.
On the Application Backup list page, select the cluster where the velero and dao-2048 applications have been installed. Click Backup Plan in the upper right corner to create a new backup cluster.
Refer to the instructions below to fill in the backup configuration.
Refer to the instructions below to set the backup execution frequency, and then click Next .
*
, after inputting the expression, the meaning of the current expression will be prompted. For detailed expression syntax rules, refer to Cron Schedule Syntax.Backup Data Volume (PV): Whether to back up the data in the data volume (PV), support direct copy and use CSI snapshot.
Click OK , the page will automatically return to the application backup plan list, find the newly created dao-2048 backup plan, and perform the Immediate Execution operation.
At this point, the Last Execution State of the cluster will change to in progress . After the backup is complete, you can click the name of the backup plan to view the details of the backup plan.
etcd backup is based on cluster data as the core backup. In cases such as hardware device damage, development and test configuration errors, etc., the backup cluster data can be restored through etcd backup.
This section will introduce how to realize the etcd backup for clusters. Also see etcd Backup and Restore Best Practices.
"},{"location":"en/end-user/kpanda/backup/etcd-backup.html#prerequisites","title":"Prerequisites","text":"Integrated the Kubernetes cluster or created the Kubernetes cluster, and you can access the UI interface of the cluster.
Created a namespace, user, and granted NS Admin
or higher permissions to the user. For details, refer to Namespace Authorization.
Prepared a MinIO instance. It is recommended to create it through AI platform's MinIO middleware.
Follow the steps below to create an etcd backup.
Enter Container Management -> Backup Recovery -> etcd Backup page, you can see all the current backup policies. Click Create Backup Policy on the right.
Fill in the Basic Information. Then, click Next to automatically verify the connectivity of etcd. If the verification passes, proceed to the next step.
Enter etcd, and the format is https://${NodeIP}:${Port}
.
Find the etcd Pod in the kube-system namespace
kubectl get po -n kube-system | grep etcd\n
Get the port number from the listen-client-urls of the etcd Pod
kubectl get po -n kube-system ${etcd_pod_name} -oyaml | grep listen-client-urls # (1)!\n
The expected output is as follows, where the number after the node IP is the port number:
- --listen-client-urls=https://127.0.0.1:2379,https://10.6.229.191:2379\n
Fill in the CA certificate, you can use the following command to view the certificate content. Then, copy and paste it to the proper location:
Standard Kubernetes ClusterSuanova 4.0 Clustercat /etc/kubernetes/ssl/etcd/ca.crt\n
cat /etc/daocloud/dce/certs/ca.crt\n
Fill in the Cert certificate, you can use the following command to view the content of the certificate. Then, copy and paste it to the proper location:
Standard Kubernetes ClusterSuanova 4.0 Clustercat /etc/kubernetes/ssl/apiserver-etcd-client.crt\n
cat /etc/daocloud/dce/certs/etcd/server.crt\n
Fill in the Key, you can use the following command to view the content of the certificate and copy and paste it to the proper location:
Standard Kubernetes ClusterSuanova 4.0 Clustercat /etc/kubernetes/ssl/apiserver-etcd-client.key\n
cat /etc/daocloud/dce/certs/etcd/server.key\n
Note
Click How to get below the input box to see how to obtain the proper information on the UI page.
Refer to the following information to fill in the Backup Policy.
Backup Method: Choose either manual backup or scheduled backup
Backup Chain Length: the maximum number of backup data to retain. The default is 30.
Refer to the following information to fill in the Storage Path.
After clicking OK , the page will automatically redirect to the backup policy list, where you can view all the currently created ones.
Click Logs to view the log content. By default, 100 lines are displayed. If you want to see more log information or download the logs, you can follow the prompts above the logs to go to the observability module.
"},{"location":"en/end-user/kpanda/backup/etcd-backup.html#view-backup-policy-details","title":"View Backup POlicy Details","text":"Go to Container Management -> Backup Recovery -> etcd Backup , click the Backup Policy tab, and then click the policy to view the details.
"},{"location":"en/end-user/kpanda/backup/etcd-backup.html#view-recovery-point","title":"View Recovery Point","text":"After selecting the target cluster, you can view all the backup information under that cluster.
Each time a backup is executed, a proper recovery point is generated, which can be used to quickly restore the application from a successful recovery point.
velero is an open source tool for backing up and restoring Kubernetes cluster resources. It can back up resources in a Kubernetes cluster to cloud storage services, local storage, or other locations, and restore those resources to the same or a different cluster when needed.
This section introduces how to deploy the Velero plugin in AI platform using the Helm Apps.
"},{"location":"en/end-user/kpanda/backup/install-velero.html#prerequisites","title":"Prerequisites","text":"Before installing the velero plugin, the following prerequisites need to be met:
Please perform the following steps to install the velero plugin for your cluster.
On the cluster list page, find the target cluster that needs to install the velero plugin, click the name of the cluster, click Helm Apps -> Helm chart in the left navigation bar, and enter velero in the search bar to search .
Read the introduction of the velero plugin, select the version and click the Install button. This page will take 5.2.0 version as an example to install, and it is recommended that you install 5.2.0 and later versions.
Configure basic info .
!!! note
After enabling __Ready Wait__ and/or __Failed Delete__ , it takes a long time for the app to be marked as __Running__ .\n
Configure Velero chart Parameter Settings according to the following instructions
S3 Credentials: Configure the authentication information of object storage (minio).
Use existing secret parameter example is as follows:
[default]\naws_access_key_id = minio\naws_secret_access_key = minio123\n
BackupStorageLocation: The location where Velero backs up data.
S3 Configs: Detailed configuration of S3 storage (minio).
Click the OK button to complete the installation of the Velero plugin. The system will automatically jump to the Helm Apps list page. After waiting for a few minutes, refresh the page, and you can see the application just installed.
Cluster settings are used to customize advanced feature settings for your cluster, including whether to enable GPU, helm repo refresh cycle, Helm operation record retention, etc.
Enable GPU: GPUs and proper driver plug-ins need to be installed on the cluster in advance.
Click the name of the target cluster, and click Operations and Maintenance -> Cluster Settings -> Addons in the left navigation bar.
Helm operation basic image, registry refresh cycle, number of operation records retained, whether to enable cluster deletion protection (the cluster cannot be uninstalled directly after enabling)
On this page, you can view the recent cluster operation records and Helm operation records, as well as the YAML files and logs of each operation, and you can also delete a certain record.
Set the number of reserved entries for Helm operations:
By default, the system keeps the last 100 Helm operation records. If you keep too many entries, it may cause data redundancy, and if you keep too few entries, you may lose the key operation records you need. A reasonable reserved quantity needs to be set according to the actual situation. Specific steps are as follows:
Click the name of the target cluster, and click Recent Operations -> Helm Operations -> Set Number of Retained Items in the left navigation bar.
Set how many Helm operation records need to be kept, and click OK .
Clusters integrated or created using the AI platform Container Management platform can be accessed not only through the UI interface but also in two other ways for access control:
Note
When accessing the cluster, the user should have Cluster Admin permission or higher.
"},{"location":"en/end-user/kpanda/clusters/access-cluster.html#access-via-cloudshell","title":"Access via CloudShell","text":"Enter Clusters page, select the cluster you want to access via CloudShell, click the ... icon on the right, and then click Console from the dropdown list.
Run kubectl get node command in the Console to verify the connectivity between CloudShell and the cluster. If the console returns node information of the cluster, you can access and manage the cluster through CloudShell.
If you want to access and manage remote clusters from a local node, make sure you have met these prerequisites:
If everything is in place, follow these steps to access a cloud cluster from your local environment.
Enter Clusters page, find your target cluster, click ... on the right, and select Download kubeconfig in the drop-down list.
Set the Kubeconfig period and click Download .
Open the downloaded certificate and copy its content to the config file of the local node.
By default, the kubectl tool will look for a file named config in the $HOME/.kube directory on the local node. This file stores access credentials of clusters. Kubectl can access the cluster with that configuration file.
Run the following command on the local node to verify its connectivity with the cluster:
kubectl get pod -n default\n
An expected output is as follows:
NAME READY STATUS RESTARTS AGE\ndao-2048-2048-58c7f7fc5-mq7h4 1/1 Running 0 30h\n
Now you can access and manage the cluster locally with kubectl.
"},{"location":"en/end-user/kpanda/clusters/cluster-role.html","title":"Cluster Roles","text":"Suanova AI platform categorizes clusters based on different functionalities to help users better manage IT infrastructure.
"},{"location":"en/end-user/kpanda/clusters/cluster-role.html#global-service-cluster","title":"Global Service Cluster","text":"This cluster is used to run AI platform components. It generally does not carry business workloads.
Supported Features Description K8s Version 1.22+ Operating System RedHat 7.6 x86/ARM, RedHat 7.9 x86, RedHat 8.4 x86/ARM, RedHat 8.6 x86;Ubuntu 18.04 x86, Ubuntu 20.04 x86;CentOS 7.6 x86/AMD, CentOS 7.9 x86/AMD Full Lifecycle Management Supported K8s Resource Management Supported Cloud Native Storage Supported Cloud Native Network Calico, Cillium, Multus, and other CNIs Policy Management Supports network policies, quota policies, resource limits, disaster recovery policies, security policies"},{"location":"en/end-user/kpanda/clusters/cluster-role.html#management-cluster","title":"Management Cluster","text":"This cluster is used to manage worker clusters and generally does not carry business workloads.
Supported Features Description K8s Version 1.22+ Operating System RedHat 7.6 x86/ARM, RedHat 7.9 x86, RedHat 8.4 x86/ARM, RedHat 8.6 x86;Ubuntu 18.04 x86, Ubuntu 20.04 x86;CentOS 7.6 x86/AMD, CentOS 7.9 x86/AMD Full Lifecycle Management Supported K8s Resource Management Supported Cloud Native Storage Supported Cloud Native Network Calico, Cillium, Multus, and other CNIs Policy Management Supports network policies, quota policies, resource limits, disaster recovery policies, security policies"},{"location":"en/end-user/kpanda/clusters/cluster-role.html#worker-cluster","title":"Worker Cluster","text":"This is a cluster created using Container Management and is mainly used to carry business workloads. This cluster is managed by the management cluster.
Supported Features Description K8s Version Supports K8s 1.22 and above Operating System RedHat 7.6 x86/ARM, RedHat 7.9 x86, RedHat 8.4 x86/ARM, RedHat 8.6 x86;Ubuntu 18.04 x86, Ubuntu 20.04 x86;CentOS 7.6 x86/AMD, CentOS 7.9 x86/AMD Full Lifecycle Management Supported K8s Resource Management Supported Cloud Native Storage Supported Cloud Native Network Calico, Cillium, Multus, and other CNIs Policy Management Supports network policies, quota policies, resource limits, disaster recovery policies, security policies"},{"location":"en/end-user/kpanda/clusters/cluster-role.html#integrated-cluster","title":"Integrated Cluster","text":"This cluster is used to integrate existing standard K8s clusters, including but not limited to self-built clusters in local data centers, clusters provided by public cloud vendors, clusters provided by private cloud vendors, edge clusters, Xinchuang clusters, heterogeneous clusters, and different Suanova clusters. It is mainly used to carry business workloads.
Supported Features Description K8s Version 1.18+ Supported Vendors VMware Tanzu, Amazon EKS, Redhat Openshift, SUSE Rancher, Alibaba ACK, Huawei CCE, Tencent TKE, Standard K8s Cluster, Suanova Full Lifecycle Management Not Supported K8s Resource Management Supported Cloud Native Storage Supported Cloud Native Network Depends on the network mode of the integrated cluster's kernel Policy Management Supports network policies, quota policies, resource limits, disaster recovery policies, security policiesNote
A cluster can have multiple cluster roles. For example, a cluster can be both a global service cluster and a management cluster or a worker cluster.
"},{"location":"en/end-user/kpanda/clusters/cluster-scheduler-plugin.html","title":"Deploy Second Scheduler scheduler-plugins in a Cluster","text":"This page describes how to deploy a second scheduler-plugins in a cluster.
"},{"location":"en/end-user/kpanda/clusters/cluster-scheduler-plugin.html#why-do-we-need-scheduler-plugins","title":"Why do we need scheduler-plugins?","text":"The cluster created through the platform will install the native K8s scheduler-plugin, but the native scheduler-plugin has many limitations:
This page takes the scenario of using the vgpu scheduler-plugin while combining the coscheduling plugin capability of scheduler-plugins as an example to introduce how to install and use scheduler-plugins.
"},{"location":"en/end-user/kpanda/clusters/cluster-scheduler-plugin.html#installing-scheduler-plugins","title":"Installing scheduler-plugins","text":""},{"location":"en/end-user/kpanda/clusters/cluster-scheduler-plugin.html#prerequisites","title":"Prerequisites","text":"Add the scheduler-plugins parameter in Create Cluster -> Advanced Settings -> Custom Parameters.
scheduler_plugins_enabled:true\nscheduler_plugins_plugin_config:\n - name: Coscheduling\n args:\n permitWaitingTimeSeconds: 10 # default is 60\n
Parameters:
scheduler_plugins_enabled
Set to true to enable the scheduler-plugins capability.scheduler_plugins_enabled_plugins
or scheduler_plugins_disabled_plugins
options. See K8s Official Plugin Names for reference.scheduler_plugins_plugin_config
, for example: set the permitWaitingTimeoutSeconds
parameter for coscheduling. See K8s Official Plugin Configuration for reference.After successful cluster creation, the system will automatically install the scheduler-plugins and controller component loads. You can check the workload status in the proper cluster's deployment.
Here is an example of how to use scheduler-plugins by demonstrating a scenario where the vgpu scheduler is used in combination with the coscheduling plugin capability of scheduler-plugins.
Install vgpu in the Helm Charts and set the values.yaml parameters.
schedulerName: scheduler-plugins-scheduler
: This is the scheduler name for scheduler-plugins installed by kubean, and currently cannot be modified.scheduler.kubeScheduler.enabled: false
: Do not install kube-scheduler and use vgpu-scheduler as a separate extender.Extend vgpu-scheduler on scheduler-plugins.
[root@master01 charts]# kubectl get cm -n scheduler-plugins scheduler-config -ojsonpath=\"{.data.scheduler-config\\.yaml}\"\n
apiVersion: kubescheduler.config.k8s.io/v1\nkind: KubeSchedulerConfiguration\nleaderElection:\n leaderElect: false\nprofiles:\n # Compose all plugins in one profile\n - schedulerName: scheduler-plugins-scheduler\n plugins:\n multiPoint:\n enabled:\n - name: Coscheduling\n - name: CapacityScheduling\n - name: NodeResourceTopologyMatch\n - name: NodeResourcesAllocatable\n disabled:\n - name: PrioritySort\npluginConfig:\n - args:\n permitWaitingTimeSeconds: 10\n name: Coscheduling\n
Modify configmap of scheduler-config for scheduler-plugins:
[root@master01 charts]# kubectl get cm -n scheduler-plugins scheduler-config -ojsonpath=\"{.data.scheduler-config\\.yaml}\"\n
apiVersion: kubescheduler.config.k8s.io/v1\nkind: KubeSchedulerConfiguration\nleaderElection:\n leaderElect: false\nprofiles:\n # Compose all plugins in one profile\n - schedulerName: scheduler-plugins-scheduler\n plugins:\n multiPoint:\n enabled:\n - name: Coscheduling\n - name: CapacityScheduling\n - name: NodeResourceTopologyMatch\n - name: NodeResourcesAllocatable\n disabled:\n - name: PrioritySort\npluginConfig:\n - args:\n permitWaitingTimeSeconds: 10\n name: Coscheduling\nextenders:\n - urlPrefix: \"${urlPrefix}\"\n filterVerb: filter\n bindVerb: bind\n nodeCacheCapable: true\n ignorable: true\n httpTimeout: 30s\n weight: 1\n enableHTTPS: true\n tlsConfig:\n insecure: true\n managedResources:\n - name: nvidia.com/vgpu\n ignoredByScheduler: true\n - name: nvidia.com/gpumem\n ignoredByScheduler: true\n - name: nvidia.com/gpucores\n ignoredByScheduler: true\n - name: nvidia.com/gpumem-percentage\n ignoredByScheduler: true\n - name: nvidia.com/priority\n ignoredByScheduler: true\n - name: cambricon.com/mlunum\n ignoredByScheduler: true\n
After installing vgpu-scheduler, the system will automatically create a service (svc), and the urlPrefix specifies the URL of the svc.
Note
The svc refers to the pod service load. You can use the following command in the namespace where the nvidia-vgpu plugin is installed to get the external access information for port 443.
kubectl get svc -n ${namespace}\n
The urlPrefix format is https://${ip address}:${port}
Restart the scheduler pod of scheduler-plugins to load the new configuration file.
Note
When creating a vgpu application, you do not need to specify the name of a scheduler-plugin. The vgpu-scheduler webhook will automatically change the scheduler's name to \"scheduler-plugins-scheduler\" without manual specification.
AI platform Container Management module can manage two types of clusters: integrated clusters and created clusters.
For more information about cluster types, see Cluster Role.
We designed several status for these two clusters.
"},{"location":"en/end-user/kpanda/clusters/cluster-status.html#integrated-clusters","title":"Integrated Clusters","text":"Status Description Integrating The cluster is being integrated into AI platform. Removing The cluster is being removed from AI platform. Running The cluster is running as expected. Unknown The cluster is lost. Data displayed in the AI platform UI is the cached data before the disconnection, which does not represent real-time data. Any operation during this status will not take effect. You should check cluster network connectivity or host status."},{"location":"en/end-user/kpanda/clusters/cluster-status.html#created-clusters","title":"Created Clusters","text":"Status Description Creating The cluster is being created. Updating The Kubernetes version of the cluster is being operating. Deleting The cluster is being deleted. Running The cluster is running as expected. Unknown The cluster is lost. Data displayed in the AI platform UI is the cached data before the disconnection, which does not represent real-time data. Any operation during this status will not take effect. You should check cluster network connectivity or host status. Failed The cluster creation is failed. You should check the logs for detailed reasons."},{"location":"en/end-user/kpanda/clusters/cluster-version.html","title":"Supported Kubernetes Versions","text":"In AI platform, the integrated clusters and created clusters have different version support mechanisms.
This page focuses on the version support mechanism for created clusters.
The Kubernetes community supports three version ranges: 1.26, 1.27, and 1.28. When a new version is released by the community, the supported version range is incremented. For example, if the latest version released by the community is 1.27, the supported version range by the community will be 1.27, 1.28, and 1.29.
To ensure the security and stability of the clusters, when creating clusters in AI platform, the supported version range will always be one version lower than the community's version.
For instance, if the Kubernetes community supports v1.25, v1.26, and v1.27, then the version range for creating worker clusters in AI platform will be v1.24, v1.25, and v1.26. Additionally, a stable version, such as 1.24.7, will be recommended to users.
Furthermore, the version range for creating worker clusters in AI platform will remain highly synchronized with the community. When the community version increases incrementally, the version range for creating worker clusters in AI platform will also increase by one version.
"},{"location":"en/end-user/kpanda/clusters/cluster-version.html#supported-kubernetes-versions_1","title":"Supported Kubernetes Versions","text":"Kubernetes Community Versions Created Worker Cluster Versions Recommended Versions for Created Worker Cluster AI platform Installer Release DateIn AI platform Container Management, clusters can have four roles: global service cluster, management cluster, worker cluster, and integrated cluster. An integrated cluster can only be integrated from third-party vendors (see Integrate Cluster).
This page explains how to create a Worker Cluster. By default, when creating a new Worker Cluster, the operating system type and CPU architecture of the worker nodes should be consistent with the Global Service Cluster. It is recommended to use the supported operating systems in AI platform to create the cluster.
"},{"location":"en/end-user/kpanda/clusters/create-cluster.html#prerequisites","title":"Prerequisites","text":"Certain prerequisites must be met before creating a cluster:
v1.26.0-v1.28
. If you need to create a cluster with a lower version, refer to the Supporterd Cluster Versions.Enter the Container Management module, click Create Cluster on the upper right corner of the Clusters page.
Fill in the basic information by referring to the following instructions.
Fill in the node configuration information and click Node Check
High Availability: When enabled, at least 3 controller nodes are required. When disabled, only 1 controller node is needed.
It is recommended to use High Availability mode in production environments.
Credential Type: Choose whether to access nodes using username/password or public/private keys.
If using public/private key authentication, SSH keys for the nodes need to be configured in advance. Refer to Using SSH Key Authentication for Nodes.
Same Password: When enabled, all nodes in the cluster will have the same access password. Enter the unified password for accessing all nodes in the field below. If disabled, you can set separate usernames and passwords for each node.
If node check is passed, click Next . If the check failed, update Node Information and check again.
Fill in the network configuration and click Next .
Fill in the plug-in configuration and click Next .
Fill in advanced settings and click OK .
Success
Note
Clusters created in AI platform Container Management can be either deleted or removed. Clusters integrated into AI platform can only be removed.
Info
If you want to delete an integrated cluster, you should delete it in the platform where it is created.
In AI platform, the difference between Delete and Remove is:
Note
Enter the Container Management module, find your target cluster, click __ ...__ on the right, and select Delete cluster / Remove in the drop-down list.
Enter the cluster name to confirm and click Delete .
You will be auto directed to cluster lists. The status of this cluster will changed to Deleting . It may take a while to delete/remove a cluster.
With the features of integrating clusters, AI platform allows you to manage on-premise and cloud clusters of various providers in a unified manner. This is quite important in avoiding the risk of being locked in by a certain providers, helping enterprises safely migrate their business to the cloud.
In AI platform Container Management module, you can integrate a cluster of the following providers: standard Kubernetes clusters, Redhat Openshift, SUSE Rancher, VMware Tanzu, Amazon EKS, Aliyun ACK, Huawei CCE, Tencent TKE, etc.
"},{"location":"en/end-user/kpanda/clusters/integrate-cluster.html#prerequisites","title":"Prerequisites","text":"Enter Container Management module, and click Integrate Cluster in the upper right corner.
Fill in the basic information by referring to the following instructions.
Fill in the KubeConfig of the target cluster and click Verify Config . The cluster can be successfully connected only after the verification is passed.
Click How do I get the KubeConfig? to see the specific steps for getting this file.
Confirm that all parameters are filled in correctly and click OK in the lower right corner of the page.
Note
The status of the newly integrated cluster is Integrating , which will become Running after the integration succeeds.
"},{"location":"en/end-user/kpanda/clusters/integrate-rancher-cluster.html","title":"Integrate the Rancher Cluster","text":"This page explains how to integrate a Rancher cluster.
"},{"location":"en/end-user/kpanda/clusters/integrate-rancher-cluster.html#prerequisites","title":"Prerequisites","text":"Log in to the Rancher cluster with a role that has administrator privileges, and create a file named sa.yaml using the terminal.
vi sa.yaml\n
Press the i key to enter insert mode, then copy and paste the following content:
sa.yamlapiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n name: rancher-rke\n rules:\n - apiGroups:\n - '*'\n resources:\n - '*'\n verbs:\n - '*'\n - nonResourceURLs:\n - '*'\n verbs:\n - '*'\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n name: rancher-rke\n roleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: rancher-rke\n subjects:\n - kind: ServiceAccount\n name: rancher-rke\n namespace: kube-system\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: rancher-rke\n namespace: kube-system\n
Press the Esc key to exit insert mode, then type :wq to save and exit.
Run the following command in the current directory to create a ServiceAccount named rancher-rke (referred to as SA for short):
kubectl apply -f sa.yaml\n
The expected output is as follows:
clusterrole.rbac.authorization.k8s.io/rancher-rke created\nclusterrolebinding.rbac.authorization.k8s.io/rancher-rke created\nserviceaccount/rancher-rke created\n
Create a secret named rancher-rke-secret and bind the secret to the rancher-rke SA.
kubectl apply -f - <<EOF\napiVersion: v1\nkind: Secret\nmetadata:\n name: rancher-rke-secret\n namespace: kube-system\n annotations:\n kubernetes.io/service-account.name: rancher-rke\n type: kubernetes.io/service-account-token\nEOF\n
The output is expected to be:
secret/rancher-rke-secret created\n
Note
If your cluster version is lower than 1.24, please ignore this step and proceed to the next one.
Check secret for rancher-rke SA:
kubectl -n kube-system get secret | grep rancher-rke | awk '{print $1}'\n
The output is expected to be:
rancher-rke-secret\n
Check the rancher-rke-secret secret:
kubectl -n kube-system describe secret rancher-rke-secret\n
The output is expected to be:
Name: rancher-rke-secret\nNamespace: kube-system\nLabels: <none>\nAnnotations: kubernetes.io/service-account.name: rancher-rke\n kubernetes.io/service-account.uid: d83df5d9-bd7d-488d-a046-b740618a0174\n\nType: kubernetes.io/service-account-token\n\nData\n====\nca.crt: 570 bytes\nnamespace: 11 bytes\ntoken: eyJhbGciOiJSUzI1NiIsImtpZCI6IjUtNE9nUWZLRzVpbEJORkZaNmtCQXhqVzRsZHU4MHhHcDBfb0VCaUo0V1kifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJyYW5jaGVyLXJrZS1zZWNyZXQiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoicmFuY2hlci1ya2UiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJkODNkZjVkOS1iZDdkLTQ4OGQtYTA0Ni1iNzQwNjE4YTAxNzQiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06cmFuY2hlci1ya2UifQ.VNsMtPEFOdDDeGt_8VHblcMRvjOwPXMM-79o9UooHx6q-VkHOcIOp3FOT2hnEdNnIsyODZVKCpEdCgyozX-3y5x2cZSZpocnkMcBbQm-qfTyUcUhAY7N5gcYUtHUhvRAsNWJcsDCn6d96gT_qo-ddo_cT8Ri39Lc123FDYOnYG-YGFKSgRQVy7Vyv34HIajZCCjZzy7i--eE_7o4DXeTjNqAFMFstUxxHBOXI3Rdn1zKQKqh5Jhg4ES7X-edSviSUfJUX-QV_LlAw5DuAyGPH7bDH4QaQ5k-p6cIctmpWZE-9wRDlKA4LYRblKE7MJcI6OmM4ldlMM0Jc8N-gCtl4w\n
Perform the following steps on any local node where kubelet is installed:
Configure kubelet token.
kubectl config set-credentials rancher-rke --token= __rancher-rke-secret__ # token \u4fe1\u606f\n
For example,
kubectl config set-credentials eks-admin --token=eyJhbGciOiJSUzI1NiIsImtpZCI6IjUtNE9nUWZLRzVpbEJORkZaNmtCQXhqVzRsZHU4MHhHcDBfb0VCaUo0V1kifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJyYW5jaGVyLXJrZS1zZWNyZXQiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoicmFuY2hlci1ya2UiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJkODNkZjVkOS1iZDdkLTQ4OGQtYTA0Ni1iNzQwNjE4YTAxNzQiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06cmFuY2hlci1ya2UifQ.VNsMtPEFOdDDeGt_8VHblcMRvjOwPXMM-79o9UooHx6q-VkHOcIOp3FOT2hnEdNnIsyODZVKCpEdCgyozX-3y5x2cZSZpocnkMcBbQm-qfTyUcUhAY7N5gcYUtHUhvRAsNWJcsDCn6d96gT_qo-ddo_cT8Ri39Lc123FDYOnYG-YGFKSgRQVy7Vyv34HIajZCCjZzy7i--eE_7o4DXeTjNqAFMFstUxxHBOXI3Rdn1zKQKqh5Jhg4ES7X-edSviSUfJUX-QV_LlAw5DuAyGPH7bDH4QaQ5k-p6cIctmpWZE-9wRDlKA4LYRblKE7MJcI6OmM4ldlMM0Jc8N-gCtl4w\n
Configure the kubelet APIServer information.
kubectl config set-cluster {cluster-name} --insecure-skip-tls-verify=true --server={APIServer}\n
https://10.X.X.X:6443
.For example,
kubectl config set-cluster rancher-rke --insecure-skip-tls-verify=true --server=https://10.X.X.X:6443\n
Configure the kubelet context.
kubectl config set-context {context-name} --cluster={cluster-name} --user={SA-usename}\n
For example,
kubectl config set-context rancher-rke-context --cluster=rancher-rke --user=rancher-rke\n
Specify the newly created context rancher-rke-context in kubelet.
kubectl config use-context rancher-rke-context\n
Fetch the kubeconfig information for the context rancher-rke-context .
kubectl config view --minify --flatten --raw\n
The output is expected to be:
```yaml apiVersion: v1 clusters: - cluster: insecure-skip-tls-verify: true server: https://77C321BCF072682C70C8665ED4BFA10D.gr7.ap-southeast-1.eks.amazonaws.com name: joincluster contexts: - context: cluster: joincluster user: eks-admin name: ekscontext current-context: ekscontext kind: Config preferences: {} users: - name: eks-admin user: token: eyJhbGciOiJSUzI1NiIsImtpZCI6ImcxTjJwNkktWm5IbmRJU1RFRExvdWY1TGFWVUtGQ3VIejFtNlFQcUNFalEifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2V
Using the kubeconfig file fetched earlier, refer to the Integrate Cluster documentation to integrate the Rancher cluster to the global cluster.
"},{"location":"en/end-user/kpanda/clusters/runtime.html","title":"How to choose the container runtime","text":"The container runtime is an important component in kubernetes to manage the life cycle of containers and container images. Kubernetes made containerd the default container runtime in version 1.19, and removed support for the Dockershim component in version 1.24.
Therefore, compared to the Docker runtime, we recommend you to use the lightweight containerd as your container runtime, because this has become the current mainstream runtime choice.
In addition, some operating system distribution vendors are not friendly enough for Docker runtime compatibility. The runtime support of different operating systems is as follows:
"},{"location":"en/end-user/kpanda/clusters/runtime.html#operating-systems-and-supported-runtimes","title":"Operating systems and supported runtimes","text":"Operating System Supported containerd Versions Supported Docker Versions CentOS 1.5.5, 1.5.7, 1.5.8, 1.5.9, 1.5.10, 1.5.11, 1.5.12, 1.5.13, 1.6.0, 1.6.1, 1.6.2, 1.6.3, 1.6.4, 1.6.5, 1.6.6, 1.6.7, 1.6.8, 1.6.9, 1.6.10, 1.6.11, 1.6.12, 1.6.13, 1.6.14, 1.6.15 (default) 18.09, 19.03, 20.10 (default) RedHatOS 1.5.5, 1.5.7, 1.5.8, 1.5.9, 1.5.10, 1.5.11, 1.5.12, 1.5.13, 1.6.0, 1.6.1, 1.6.2, 1.6.3, 1.6.4, 1.6.5, 1.6.6, 1.6.7, 1.6.8, 1.6.9, 1.6.10, 1.6.11, 1.6.12, 1.6.13, 1.6.14, 1.6.15 (default) 18.09, 19.03, 20.10 (default) KylinOS 1.5.5, 1.5.7, 1.5.8, 1.5.9, 1.5.10, 1.5.11, 1.5.12, 1.5.13, 1.6.0, 1.6.1, 1.6.2, 1.6.3, 1.6.4, 1.6.5, 1.6.6, 1.6.7, 1.6.8, 1.6.9, 1.6.10, 1.6.11, 1.6.12, 1.6.13, 1.6.14, 1.6.15 (default) 19.03 (Only supported by ARM architecture, Docker is not supported as a runtime under x86 architecture)Note
In the offline installation mode, you need to prepare the runtime offline package of the relevant operating system in advance.
"},{"location":"en/end-user/kpanda/clusters/upgrade-cluster.html","title":"Cluster Upgrade","text":"The Kubernetes Community packages a small version every quarter, and the maintenance cycle of each version is only about 9 months. Some major bugs or security holes will not be updated after the version stops maintenance. Manually upgrading cluster operations is cumbersome and places a huge workload on administrators.
In Suanova, you can upgrade the Kubernetes cluster with one click through the web UI interface.
Danger
After the version is upgraded, it will not be possible to roll back to the previous version, please proceed with caution.
Note
Click the name of the target cluster in the cluster list.
Then click Cluster Operation and Maintenance -> Cluster Upgrade in the left navigation bar, and click Version Upgrade in the upper right corner of the page.
Select the version that can be upgraded, and enter the cluster name to confirm.
After clicking OK , you can see the upgrade progress of the cluster.
The cluster upgrade is expected to take 30 minutes. You can click the Real-time Log button to view the detailed log of the cluster upgrade.
ConfigMaps store non-confidential data in the form of key-value pairs to achieve the effect of mutual decoupling of configuration data and application code. ConfigMaps can be used as environment variables for containers, command-line parameters, or configuration files in storage volumes.
Note
The data saved in ConfigMaps cannot exceed 1 MiB. If you need to store larger volumes of data, it is recommended to mount a storage volume or use an independent database or file service.
ConfigMaps do not provide confidentiality or encryption. If you want to store encrypted data, it is recommended to use secret, or other third-party tools to ensure the privacy of data.
You can create ConfigMaps with two methods:
Integrated the Kubernetes cluster or created the Kubernetes cluster, and you can access the UI interface of the cluster.
Created a namespace, user, and authorized the user as NS Editor. For details, refer to Namespace Authorization.
Click the name of a cluster on the Clusters page to enter Cluster Details .
In the left navigation bar, click ConfigMap and Secret -> ConfigMap , and click the Create ConfigMap button in the upper right corner.
Fill in the configuration information on the Create ConfigMap page, and click OK .
!!! note
Click __Upload File__ to import an existing file locally to quickly create ConfigMaps.\n
After the creation is complete, click More on the right side of the ConfigMap to edit YAML, update, export, delete and other operations.
Click the name of a cluster on the Clusters page to enter Cluster Details .
In the left navigation bar, click ConfigMap and Secret -> ConfigMap , and click the YAML Create button in the upper right corner.
Fill in or paste the configuration file prepared in advance, and then click OK in the lower right corner of the pop-up box.
!!! note
- Click __Import__ to import an existing file locally to quickly create ConfigMaps.\n - After filling in the data, click __Download__ to save the configuration file locally.\n
After the creation is complete, click More on the right side of the ConfigMap to edit YAML, update, export, delete and other operations.
```yaml\n kind: ConfigMap\n apiVersion: v1\n metadata:\n name: kube-root-ca.crt\n namespace: default\n annotations:\n data:\n version: '1.0'\n ```\n
Next step: Use ConfigMaps
"},{"location":"en/end-user/kpanda/configmaps-secrets/create-secret.html","title":"Create Secret","text":"A secret is a resource object used to store and manage sensitive information such as passwords, OAuth tokens, SSH, TLS credentials, etc. Using keys means you don't need to include sensitive secrets in your application code.
Secrets can be used in some cases:
You can create ConfigMaps with two methods:
Integrated the Kubernetes cluster or created the Kubernetes cluster, and you can access the UI interface of the cluster
Created a namespace, user, and authorized the user as NS Editor. For details, refer to Namespace Authorization.
Click the name of a cluster on the Clusters page to enter Cluster Details .
In the left navigation bar, click ConfigMap and Secret -> Secret , and click the Create Secret button in the upper right corner.
Fill in the configuration information on the Create Secret page, and click OK .
Note when filling in the configuration:
Click the name of a cluster on the Clusters page to enter Cluster Details .
In the left navigation bar, click ConfigMap and Secret -> Secret , and click the YAML Create button in the upper right corner.
Fill in the YAML configuration on the Create with YAML page, and click OK .
Supports importing YAML files from local or downloading and saving filled files to local.
```yaml\n apiVersion: v1\n kind: Secret\n metadata:\n name: secretdemo\n type: Opaque\n data:\n username: ****\n password: ****\n ```\n
Next step: use secret
"},{"location":"en/end-user/kpanda/configmaps-secrets/use-configmap.html","title":"Use ConfigMaps","text":"ConfigMap (ConfigMap) is an API object of Kubernetes, which is used to save non-confidential data into key-value pairs, and can store configurations that other objects need to use. When used, the container can use it as an environment variable, a command-line argument, or a configuration file in a storage volume. By using ConfigMaps, configuration data and application code can be separated, providing a more flexible way to modify application configuration.
Note
ConfigMaps do not provide confidentiality or encryption. If the data to be stored is confidential, please use secret, or use other third-party tools to ensure the privacy of the data instead of ConfigMaps. In addition, when using ConfigMaps in containers, the container and ConfigMaps must be in the same cluster namespace.
"},{"location":"en/end-user/kpanda/configmaps-secrets/use-configmap.html#scenes-to-be-used","title":"scenes to be used","text":"You can use ConfigMaps in Pods. There are many use cases, mainly including:
Use ConfigMaps to set the environment variables of the container
Use ConfigMaps to set the command line parameters of the container
Use ConfigMaps as container data volumes
You can use the ConfigMap as the environment variable of the container through the graphical interface or the terminal command line.
Note
The ConfigMap import is to use the ConfigMap as the value of the environment variable; the ConfigMap key value import is to use a certain parameter in the ConfigMap as the value of the environment variable.
"},{"location":"en/end-user/kpanda/configmaps-secrets/use-configmap.html#graphical-interface-operation","title":"Graphical interface operation","text":"When creating a workload through an image, you can set environment variables for the container by selecting Import ConfigMaps or Import ConfigMap Key Values on the Environment Variables interface.
Go to the Image Creation Workload page, in the Container Configuration step, select the Environment Variables configuration, and click the Add Environment Variable button.
Select ConfigMap Import or ConfigMap Key Value Import in the environment variable type.
When the environment variable type is selected as ConfigMap import , enter variable name , prefix name, ConfigMap name in sequence.
When the environment variable type is selected as ConfigMap key-value import , enter variable name , ConfigMap name, and Secret name in sequence.
You can set ConfigMaps as environment variables when creating a workload, using the valueFrom parameter to refer to the Key/Value in the ConfigMap.
apiVersion: v1\nkind: Pod\nmetadata:\n name: configmap-pod-1\nspec:\n containers:\n - name: test-container\n image: busybox\n command: [ \"/bin/sh\", \"-c\", \"env\" ]\n env:\n - name: SPECIAL_LEVEL_KEY\n valueFrom: # (1)\n configMapKeyRef:\n name: kpanda-configmap # (2)\n key: SPECIAL_LEVEL # (3)\n restartPolicy: Never\n
You can use ConfigMaps to set the command or parameter value in the container, and use the environment variable substitution syntax $(VAR_NAME) to do so. As follows.
apiVersion: v1\nkind: Pod\nmetadata:\n name: configmap-pod-3\nspec:\n containers:\n - name: test-container\n image: busybox\n command: [ \"/bin/sh\", \"-c\", \"echo $(SPECIAL_LEVEL_KEY) $(SPECIAL_TYPE_KEY)\" ]\n env:\n - name: SPECIAL_LEVEL_KEY\n valueFrom:\n configMapKeyRef:\n name: kpanda-configmap\n key: SPECIAL_LEVEL\n - name: SPECIAL_TYPE_KEY\n valueFrom:\n configMapKeyRef:\n name: kpanda-configmap\n key: SPECIAL_TYPE\n restartPolicy: Never\n
After the Pod runs, the output is as follows.
Hello Kpanda\n
"},{"location":"en/end-user/kpanda/configmaps-secrets/use-configmap.html#used-as-container-data-volume","title":"Used as container data volume","text":"You can use the ConfigMap as the environment variable of the container through the graphical interface or the terminal command line.
"},{"location":"en/end-user/kpanda/configmaps-secrets/use-configmap.html#graphical-operation","title":"Graphical operation","text":"When creating a workload through an image, you can use the ConfigMap as the data volume of the container by selecting the storage type as \"ConfigMap\" on the \"Data Storage\" interface.
Go to the Image Creation Workload page, in the Container Configuration step, select the Data Storage configuration, and click __Add in the __ Node Path Mapping __ list __ button.
Select ConfigMap in the storage type, and enter container path , subpath and other information in sequence.
To use a ConfigMap in a Pod's storage volume.
Here is an example Pod that mounts a ConfigMap as a volume:
apiVersion: v1\nkind: Pod\nmetadata:\n name: mypod\nspec:\n containers:\n -name: mypod\n image: redis\n volumeMounts:\n - name: foo\n mountPath: \"/etc/foo\"\n readOnly: true\n volumes:\n - name: foo\n configMap:\n name: myconfigmap\n
If there are multiple containers in a Pod, each container needs its own volumeMounts block, but you only need to set one spec.volumes block per ConfigMap.
Note
When a ConfigMap is used as a data volume mounted on a container, the ConfigMap can only be read as a read-only file.
"},{"location":"en/end-user/kpanda/configmaps-secrets/use-secret.html","title":"use key","text":"A secret is a resource object used to store and manage sensitive information such as passwords, OAuth tokens, SSH, TLS credentials, etc. Using keys means you don't need to include sensitive secrets in your application code.
"},{"location":"en/end-user/kpanda/configmaps-secrets/use-secret.html#scenes-to-be-used","title":"scenes to be used","text":"You can use keys in Pods in a variety of use cases, mainly including:
You can use the key as the environment variable of the container through the GUI or the terminal command line.
Note
Key import is to use the key as the value of an environment variable; key key value import is to use a parameter in the key as the value of an environment variable.
"},{"location":"en/end-user/kpanda/configmaps-secrets/use-secret.html#graphical-interface-operation","title":"Graphical interface operation","text":"When creating a workload from an image, you can set environment variables for the container by selecting Key Import or Key Key Value Import on the Environment Variables interface.
Go to the Image Creation Workload page.
Select the Environment Variables configuration in Container Configuration , and click the Add Environment Variable button.
Select Key Import or Key Key Value Import in the environment variable type.
When the environment variable type is selected as Key Import , enter Variable Name , Prefix , and Secret in sequence.
When the environment variable type is selected as key key value import , enter variable name , Secret , Secret name in sequence.
As shown in the example below, you can set the secret as an environment variable when creating the workload, using the valueFrom parameter to refer to the Key/Value in the Secret.
apiVersion: v1\nkind: Pod\nmetadata:\n name: secret-env-pod\nspec:\n containers:\n -name: mycontainer\n image: redis\n env:\n - name: SECRET_USERNAME\n valueFrom:\n secretKeyRef:\n name: mysecret\n key: username\n optional: false # (1)\n - name: SECRET_PASSWORD\n valueFrom:\n secretKeyRef:\n name: mysecret\n key: password\n optional: false # (2)\n
When creating a workload through an image, you can use the key as the data volume of the container by selecting the storage type as \"key\" on the \"data storage\" interface.
Go to the Image Creation Workload page.
In the Container Configuration , select the Data Storage configuration, and click the Add button in the Node Path Mapping list.
Select Secret in the storage type, and enter container path , subpath and other information in sequence.
The following is an example of a Pod that mounts a Secret named mysecret via a data volume:
apiVersion: v1\nkind: Pod\nmetadata:\n name: mypod\nspec:\n containers:\n -name: mypod\n image: redis\n volumeMounts:\n - name: foo\n mountPath: \"/etc/foo\"\n readOnly: true\n volumes:\n - name: foo\n secret:\n secretName: mysecret\n optional: false # (1)\n
If the Pod contains multiple containers, each container needs its own volumeMounts block, but only one .spec.volumes setting is required for each Secret.
"},{"location":"en/end-user/kpanda/configmaps-secrets/use-secret.html#used-as-the-identity-authentication-credential-for-the-container-registry-when-the-kubelet-pulls-the-container-image","title":"Used as the identity authentication credential for the container registry when the kubelet pulls the container image","text":"You can use the key as the identity authentication credential for the Container registry through the GUI or the terminal command line.
"},{"location":"en/end-user/kpanda/configmaps-secrets/use-secret.html#graphical-operation","title":"Graphical operation","text":"When creating a workload through an image, you can use the key as the data volume of the container by selecting the storage type as \"key\" on the \"data storage\" interface.
Go to the Image Creation Workload page.
In the second step of Container Configuration , select the Basic Information configuration, and click the Select Image button.
Select the name of the private container registry in the drop-down list of `container registry' in the pop-up box. Please see Create Secret for details on private image secret creation.
Enter the image name in the private registry, click OK to complete the image selection.
Note
When creating a key, you need to ensure that you enter the correct container registry address, username, password, and select the correct mirror name, otherwise you will not be able to obtain the mirror image in the container registry.
"},{"location":"en/end-user/kpanda/custom-resources/create.html","title":"CustomResourceDefinition (CRD)","text":"In Kubernetes, all objects are abstracted as resources, such as Pod, Deployment, Service, Volume, etc. are the default resources provided by Kubernetes. This provides important support for our daily operation and maintenance and management work, but in some special cases, the existing preset resources cannot meet the needs of the business. Therefore, we hope to expand the capabilities of the Kubernetes API, and CustomResourceDefinition (CRD) was born based on this requirement.
The container management module supports interface-based management of custom resources, and its main features are as follows:
Integrated the Kubernetes cluster or created Kubernetes, and you can access the cluster UI interface.
Created a namespace, user, and authorized the user as Cluster Admin
For details, refer to Namespace Authorization.
Click a cluster name to enter Cluster Details .
In the left navigation bar, click Custom Resource , and click the YAML Create button in the upper right corner.
On the Create with YAML page, fill in the YAML statement and click OK .
Return to the custom resource list page, and you can view the custom resource named crontabs.stable.example.com
just created.
Custom resource example:
CRD exampleapiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: crontabs.stable.example.com\nspec:\n group: stable.example.com\n versions:\n - name: v1\n served: true\n storage: true\n schema:\n openAPIV3Schema:\n type: object\n properties:\n spec:\n type: object\n properties:\n cronSpec:\n type: string\n image:\n type: string\n replicas:\n type: integer\n scope: Namespaced\n names:\n plural: crontabs\n singular: crontab\n kind: CronTab\n shortNames:\n - ct\n
"},{"location":"en/end-user/kpanda/custom-resources/create.html#create-a-custom-resource-example-via-yaml","title":"Create a custom resource example via YAML","text":"Click a cluster name to enter Cluster Details .
In the left navigation bar, click Custom Resource , and click the YAML Create button in the upper right corner.
Click the custom resource named crontabs.stable.example.com
, enter the details, and click the YAML Create button in the upper right corner.
On the Create with YAML page, fill in the YAML statement and click OK .
Return to the details page of crontabs.stable.example.com
, and you can view the custom resource named my-new-cron-object just created.
CR Example:
CR exampleapiVersion: \"stable.example.com/v1\"\nkind: CronTab\nmetadata:\n name: my-new-cron-object\nspec:\n cronSpec: \"* * * * */5\"\n image: my-awesome-cron-image\n
"},{"location":"en/end-user/kpanda/gpu/index.html","title":"Overview of GPU Management","text":"This article introduces the capability of Suanova container management platform in unified operations and management of heterogeneous resources, with a focus on GPUs.
"},{"location":"en/end-user/kpanda/gpu/index.html#background","title":"Background","text":"With the rapid development of emerging technologies such as AI applications, large-scale models, artificial intelligence, and autonomous driving, enterprises are facing an increasing demand for compute-intensive tasks and data processing. Traditional compute architectures represented by CPUs can no longer meet the growing computational requirements of enterprises. At this point, heterogeneous computing represented by GPUs has been widely applied due to its unique advantages in processing large-scale data, performing complex calculations, and real-time graphics rendering.
Meanwhile, due to the lack of experience and professional solutions in scheduling and managing heterogeneous resources, the utilization efficiency of GPU devices is extremely low, resulting in high AI production costs for enterprises. The challenge of reducing costs, increasing efficiency, and improving the utilization of GPUs and other heterogeneous resources has become a pressing issue for many enterprises.
"},{"location":"en/end-user/kpanda/gpu/index.html#introduction-to-gpu-capabilities","title":"Introduction to GPU Capabilities","text":"The Suanova container management platform supports unified scheduling and operations management of GPUs, NPUs, and other heterogeneous resources, fully unleashing the computational power of GPU resources, and accelerating the development of enterprise AI and other emerging applications. The GPU management capabilities of Suanova are as follows:
Similar to regular computer hardware, NVIDIA GPUs, as physical devices, need to have the NVIDIA GPU driver installed in order to be used. To reduce the cost of using GPUs on Kubernetes, NVIDIA provides the NVIDIA GPU Operator component to manage various components required for using NVIDIA GPUs. These components include the NVIDIA driver (for enabling CUDA), NVIDIA container runtime, GPU node labeling, DCGM-based monitoring, and more. In theory, users only need to plug the GPU into a compute device managed by Kubernetes, and they can use all the capabilities of NVIDIA GPUs through the GPU Operator. For more information about NVIDIA GPU Operator, refer to the NVIDIA official documentation. For deployment instructions, refer to Offline Installation of GPU Operator.
Architecture diagram of NVIDIA GPU Operator:
"},{"location":"en/end-user/kpanda/gpu/FAQ.html","title":"GPU FAQs","text":""},{"location":"en/end-user/kpanda/gpu/FAQ.html#gpu-processes-are-not-visible-while-running-nvidia-smi-inside-a-pod","title":"GPU processes are not visible while running nvidia-smi inside a pod","text":"Q: When running the nvidia-smi
command inside a GPU-utilizing pod, no GPU process information is visible in the full-card mode and vGPU mode.
A: Due to PID namespace
isolation, GPU processes are not visible inside the Pod. To view GPU processes, you can use one of the following methods:
hostPID: true
to enable viewing PIDs on the host.nvidia-smi
command in the driver pod of the gpu-operator to view processes.chroot /run/nvidia/driver nvidia-smi
command on the host to view processes.This section describes how to use Iluvatar virtual GPU on AI platform.
"},{"location":"en/end-user/kpanda/gpu/Iluvatar_usage.html#prerequisites","title":"Prerequisites","text":"Check if the GPU in the cluster has been detected. Click Clusters -> Cluster Settings -> Addon Plugins , and check if the proper GPU type has been automatically enabled and detected. Currently, the cluster will automatically enable GPU and set the GPU type as Iluvatar .
Deploy a workload. Click Clusters -> Workloads and deploy a workload using the image. After selecting the type as (Iluvatar) , configure the GPU resources used by the application:
Physical Card Count (iluvatar.ai/vcuda-core): Indicates the number of physical cards that the current pod needs to mount. The input value must be an integer and less than or equal to the number of cards on the host machine.
Memory Usage (iluvatar.ai/vcuda-memory): Indicates the amount of GPU memory occupied by each card. The value is in MB, with a minimum value of 1 and a maximum value equal to the entire memory of the card.
If there are any issues with the configuration values, scheduling failures or resource allocation failures may occur.
To request GPU resources for a workload, add the iluvatar.ai/vcuda-core: 1 and iluvatar.ai/vcuda-memory: 200 to the requests and limits. These parameters configure the application to use the physical card resources.
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: full-iluvatar-gpu-demo\n namespace: default\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: full-iluvatar-gpu-demo\n template:\n metadata:\n labels:\n app: full-iluvatar-gpu-demo\n spec:\n containers:\n - image: nginx:perl\n name: container-0\n resources:\n limits:\n cpu: 250m\n iluvatar.ai/vcuda-core: '1'\n iluvatar.ai/vcuda-memory: '200'\n memory: 512Mi\n requests:\n cpu: 250m\n memory: 512Mi\n imagePullSecrets:\n - name: default-secret\n
"},{"location":"en/end-user/kpanda/gpu/dynamic-regulation.html","title":"GPU Scheduling Configuration (Binpack and Spread)","text":"This page introduces how to reduce GPU resource fragmentation and prevent single points of failure through Binpack and Spread when using NVIDIA vGPU, achieving advanced scheduling for vGPU. The AI platform provides Binpack and Spread scheduling policies across two dimensions: clusters and workloads, meeting different usage requirements in various scenarios.
"},{"location":"en/end-user/kpanda/gpu/dynamic-regulation.html#prerequisites","title":"Prerequisites","text":"Scheduling policy based on GPU dimension
Scheduling policy based on node dimension
Note
By default, workloads will follow the cluster-level Binpack and Spread. If a workload sets its own Binpack and Spread scheduling policies that differ from the cluster, the workload will prioritize its own scheduling policy.
On the Clusters page, select the cluster for which you want to adjust the Binpack and Spread scheduling policies. Click the \u2507 icon on the right and select GPU Scheduling Configuration from the dropdown list.
Adjust the GPU scheduling configuration according to your business scenario, and click OK to save.
Note
When the Binpack and Spread scheduling policies at the workload level conflict with the cluster-level configuration, the workload-level configuration takes precedence.
Follow the steps below to create a deployment using an image and configure Binpack and Spread scheduling policies within the workload.
Click Clusters in the left navigation bar, then click the name of the target cluster to enter the Cluster Details page.
On the Cluster Details page, click Workloads -> Deployments in the left navigation bar, then click the Create by Image button in the upper right corner of the page.
Sequentially fill in the Basic Information, Container Settings, and in the Container Configuration section, enable GPU configuration, selecting the GPU type as NVIDIA vGPU. Click Advanced Settings, enable the Binpack / Spread scheduling policy, and adjust the GPU scheduling configuration according to the business scenario. After configuration, click Next to proceed to Service Settings and Advanced Settings. Finally, click OK at the bottom right of the page to complete the creation.
This page lists some commonly used GPU metrics.
"},{"location":"en/end-user/kpanda/gpu/gpu-metrics.html#cluster-level","title":"Cluster Level","text":"Metric Name Description Number of GPUs Total number of GPUs in the cluster Average GPU Utilization Average compute utilization of all GPUs in the cluster Average GPU Memory Utilization Average memory utilization of all GPUs in the cluster GPU Power Power consumption of all GPUs in the cluster GPU Temperature Temperature of all GPUs in the cluster GPU Utilization Details 24-hour usage details of all GPUs in the cluster (includes max, avg, current) GPU Memory Usage Details 24-hour memory usage details of all GPUs in the cluster (includes min, max, avg, current) GPU Memory Bandwidth Utilization For example, an Nvidia V100 GPU has a maximum memory bandwidth of 900 GB/sec. If the current memory bandwidth is 450 GB/sec, the utilization is 50%"},{"location":"en/end-user/kpanda/gpu/gpu-metrics.html#node-level","title":"Node Level","text":"Metric Name Description GPU Mode Usage mode of GPUs on the node, including full-card mode, MIG mode, vGPU mode Number of Physical GPUs Total number of physical GPUs on the node Number of Virtual GPUs Number of vGPU devices created on the node Number of MIG Instances Number of MIG instances created on the node GPU Memory Allocation Rate Memory allocation rate of all GPUs on the node Average GPU Utilization Average compute utilization of all GPUs on the node Average GPU Memory Utilization Average memory utilization of all GPUs on the node GPU Driver Version Driver version information of GPUs on the node GPU Utilization Details 24-hour usage details of each GPU on the node (includes max, avg, current) GPU Memory Usage Details 24-hour memory usage details of each GPU on the node (includes min, max, avg, current)"},{"location":"en/end-user/kpanda/gpu/gpu-metrics.html#pod-level","title":"Pod Level","text":"Category Metric Name Description Application Overview GPU - Compute & Memory Pod GPU Utilization Compute utilization of the GPUs used by the current Pod Pod GPU Memory Utilization Memory utilization of the GPUs used by the current Pod Pod GPU Memory Usage Memory usage of the GPUs used by the current Pod Memory Allocation Memory allocation of the GPUs used by the current Pod Pod GPU Memory Copy Ratio Memory copy ratio of the GPUs used by the current Pod GPU - Engine Overview GPU Graphics Engine Activity Percentage Percentage of time the Graphics or Compute engine is active during a monitoring cycle GPU Memory Bandwidth Utilization Memory bandwidth utilization (Memory BW Utilization) indicates the fraction of cycles during which data is sent to or received from the device memory. This value represents the average over the interval, not an instantaneous value. A higher value indicates higher utilization of device memory.A value of 1 (100%) indicates that a DRAM instruction is executed every cycle during the interval (in practice, a peak of about 0.8 (80%) is the maximum achievable).A value of 0.2 (20%) indicates that 20% of the cycles during the interval are spent reading from or writing to device memory. Tensor Core Utilization Percentage of time the Tensor Core pipeline is active during a monitoring cycle FP16 Engine Utilization Percentage of time the FP16 pipeline is active during a monitoring cycle FP32 Engine Utilization Percentage of time the FP32 pipeline is active during a monitoring cycle FP64 Engine Utilization Percentage of time the FP64 pipeline is active during a monitoring cycle GPU Decode Utilization Decode engine utilization of the GPU GPU Encode Utilization Encode engine utilization of the GPU GPU - Temperature & Power GPU Temperature Temperature of all GPUs in the cluster GPU Power Power consumption of all GPUs in the cluster GPU Total Power Consumption Total power consumption of the GPUs GPU - Clock GPU Memory Clock Memory clock frequency GPU Application SM Clock Application SM clock frequency GPU Application Memory Clock Application memory clock frequency GPU Video Engine Clock Video engine clock frequency GPU Throttle Reasons Reasons for GPU throttling GPU - Other Details PCIe Transfer Rate Data transfer rate of the GPU through the PCIe bus PCIe Receive Rate Data receive rate of the GPU through the PCIe bus"},{"location":"en/end-user/kpanda/gpu/gpu_matrix.html","title":"GPU Support Matrix","text":"This page explains the matrix of supported GPUs and operating systems for AI platform.
"},{"location":"en/end-user/kpanda/gpu/gpu_matrix.html#nvidia-gpu","title":"NVIDIA GPU","text":"GPU Manufacturer and Type Supported GPU Models Compatible Operating System (Online) Recommended Kernel Recommended Operating System and Kernel Installation Documentation NVIDIA GPU (Full Card/vGPU)This document mainly introduces the configuration of GPU
scheduling, which can implement advanced scheduling policies. Currently, the primary implementation is the vgpu
scheduling policy.
vGPU
provides two policies for resource usage: binpack
and spread
. These correspond to node-level and GPU-level dimensions, respectively. The use case is whether you want to distribute workloads more sparsely across different nodes and GPUs or concentrate them on the same node and GPU, thereby making resource utilization more efficient and reducing resource fragmentation.
You can modify the scheduling policy in your cluster by following these steps:
binpack
, and the GPU-level policy is spread
.The above steps modify the cluster-level scheduling policy. Users can also specify their own scheduling policy at the workload level to change the scheduling results. Below is an example of modifying the scheduling policy at the workload level:
apiVersion: v1\nkind: Pod\nmetadata:\n name: gpu-pod\n annotations:\n hami.io/node-scheduler-policy: \"binpack\"\n hami.io/gpu-scheduler-policy: \"binpack\"\nspec:\n containers:\n - name: ubuntu-container\n image: ubuntu:18.04\n command: [\"bash\", \"-c\", \"sleep 86400\"]\n resources:\n limits:\n nvidia.com/gpu: 1\n nvidia.com/gpumem: 3000\n nvidia.com/gpucores: 30\n
In this example, both the node- and GPU-level scheduling policies are set to binpack
. This ensures that the workload is scheduled to maximize resource utilization and reduce fragmentation.
This section describes how to use vGPU capabilities on the AI platform.
"},{"location":"en/end-user/kpanda/gpu/vgpu_quota.html#prerequisites","title":"Prerequisites","text":"The proper GPU driver (NVIDIA GPU, NVIDIA MIG, Iluvatar, Ascend) has been deployed on the current cluster either through an Operator or manually.
"},{"location":"en/end-user/kpanda/gpu/vgpu_quota.html#procedure","title":"Procedure","text":"Follow these steps to manage GPU quotas in AI platform:
Go to Namespaces and click Quota Management to configure the GPU resources that can be used by a specific namespace.
The currently supported card types for quota management in a namespace are: NVIDIA vGPU, NVIDIA MIG, Iluvatar, and Ascend.
NVIDIA vGPU Quota Management: Configure the specific quota that can be used. This will create a ResourcesQuota CR.
- Physical Card Count (nvidia.com/vgpu): Indicates the number of physical cards that the current pod needs to mount. The input value must be an integer and **less than or equal to** the number of cards on the host machine.\n- GPU Core Count (nvidia.com/gpucores): Indicates the GPU compute power occupied by each card. The value ranges from 0 to 100. If configured as 0, it is considered not to enforce isolation. If configured as 100, it is considered to exclusively occupy the entire card.\n- GPU Memory Usage (nvidia.com/gpumem): Indicates the amount of GPU memory occupied by each card. The value is in MB, with a minimum value of 1 and a maximum value equal to the entire memory of the card.\n
This section explains how to use Ascend NPU on the AI platform.
"},{"location":"en/end-user/kpanda/gpu/ascend/Ascend_usage.html#prerequisites","title":"Prerequisites","text":"Refer to the Ascend NPU Component Installation Document to install the basic environment.
"},{"location":"en/end-user/kpanda/gpu/ascend/Ascend_usage.html#quick-start","title":"Quick Start","text":"This document uses the AscentCL Image Classification Application example from the Ascend sample library.
Download the Ascend repository
Run the following command to download the Ascend demo repository, and remember the storage location of the code for subsequent use.
git clone https://gitee.com/ascend/samples.git\n
Prepare the base image
This example uses the Ascent-pytorch base image, which can be obtained from the Ascend Container Registry.
Prepare the YAML file
ascend-demo.yamlapiVersion: batch/v1\nkind: Job\nmetadata:\n name: resnetinfer1-1-1usoc\nspec:\n template:\n spec:\n containers:\n - image: ascendhub.huawei.com/public-ascendhub/ascend-pytorch:23.0.RC2-ubuntu18.04 # Inference image name\n imagePullPolicy: IfNotPresent\n name: resnet50infer\n securityContext:\n runAsUser: 0\n command:\n - \"/bin/bash\"\n - \"-c\"\n - |\n source /usr/local/Ascend/ascend-toolkit/set_env.sh &&\n TEMP_DIR=/root/samples_copy_$(date '+%Y%m%d_%H%M%S_%N') &&\n cp -r /root/samples \"$TEMP_DIR\" &&\n cd \"$TEMP_DIR\"/inference/modelInference/sampleResnetQuickStart/python/model &&\n wget https://obs-9be7.obs.cn-east-2.myhuaweicloud.com/003_Atc_Models/resnet50/resnet50.onnx &&\n atc --model=resnet50.onnx --framework=5 --output=resnet50 --input_shape=\"actual_input_1:1,3,224,224\" --soc_version=Ascend910 &&\n cd ../data &&\n wget https://obs-9be7.obs.cn-east-2.myhuaweicloud.com/models/aclsample/dog1_1024_683.jpg &&\n cd ../scripts &&\n bash sample_run.sh\n resources:\n requests:\n huawei.com/Ascend910: 1 # Number of the Ascend 910 Processors\n limits:\n huawei.com/Ascend910: 1 # The value should be the same as that of requests\n volumeMounts:\n - name: hiai-driver\n mountPath: /usr/local/Ascend/driver\n readOnly: true\n - name: slog\n mountPath: /var/log/npu/conf/slog/slog.conf\n - name: localtime # The container time must be the same as the host time\n mountPath: /etc/localtime\n - name: dmp\n mountPath: /var/dmp_daemon\n - name: slogd\n mountPath: /var/slogd\n - name: hbasic\n mountPath: /etc/hdcBasic.cfg\n - name: sys-version\n mountPath: /etc/sys_version.conf\n - name: aicpu\n mountPath: /usr/lib64/aicpu_kernels\n - name: tfso\n mountPath: /usr/lib64/libtensorflow.so\n - name: sample-path\n mountPath: /root/samples\n volumes:\n - name: hiai-driver\n hostPath:\n path: /usr/local/Ascend/driver\n - name: slog\n hostPath:\n path: /var/log/npu/conf/slog/slog.conf\n - name: localtime\n hostPath:\n path: /etc/localtime\n - name: dmp\n hostPath:\n path: /var/dmp_daemon\n - name: slogd\n hostPath:\n path: /var/slogd\n - name: hbasic\n hostPath:\n path: /etc/hdcBasic.cfg\n - name: sys-version\n hostPath:\n path: /etc/sys_version.conf\n - name: aicpu\n hostPath:\n path: /usr/lib64/aicpu_kernels\n - name: tfso\n hostPath:\n path: /usr/lib64/libtensorflow.so\n - name: sample-path\n hostPath:\n path: /root/samples\n restartPolicy: OnFailure\n
Some fields in the above YAML need to be modified according to the actual situation:
Deploy a Job and check its results
Use the following command to create a Job:
kubectl apply -f ascend-demo.yaml\n
Check the Pod running status:
After the Pod runs successfully, check the log results. The key prompt information on the screen is shown in the figure below. The Label indicates the category identifier, Conf indicates the maximum confidence of the classification, and Class indicates the belonging category. These values may vary depending on the version and environment, so please refer to the actual situation:
Result image display:
Confirm whether the cluster has detected the GPU. Click Clusters -> Cluster Settings -> Addon Plugins , and check whether the proper GPU type is automatically enabled and detected. Currently, the cluster will automatically enable GPU and set the GPU type to Ascend .
Deploy the workload. Click Clusters -> Workloads , deploy the workload through an image, select the type (Ascend), and then configure the number of physical cards used by the application:
Number of Physical Cards (huawei.com/Ascend910) : This indicates how many physical cards the current Pod needs to mount. The input value must be an integer and less than or equal to the number of cards on the host.
If there is an issue with the above configuration, it will result in scheduling failure and resource allocation issues.
This chapter provides installation guidance for Ascend NPU drivers, Device Plugin, NPU-Exporter, and other components.
"},{"location":"en/end-user/kpanda/gpu/ascend/ascend_driver_install.html#prerequisites","title":"Prerequisites","text":"Before using NPU resources, you need to complete the firmware installation, NPU driver installation, Docker Runtime installation, user creation, log directory creation, and NPU Device Plugin installation. Refer to the following steps for details.
"},{"location":"en/end-user/kpanda/gpu/ascend/ascend_driver_install.html#install-firmware","title":"Install Firmware","text":"npu-smi info
, and if the NPU information is returned normally, it indicates that the NPU driver and firmware are ready.Download Ascend Docker Runtime
Community edition download link: https://www.hiascend.com/zh/software/mindx-dl/community
wget -c https://mindx.obs.cn-south-1.myhuaweicloud.com/OpenSource/MindX/MindX%205.0.RC2/MindX%20DL%205.0.RC2/Ascend-docker-runtime_5.0.RC2_linux-x86_64.run\n
Install to the specified path by executing the following two commands in order, with parameters specifying the installation path:
chmod u+x Ascend-docker-runtime_5.0.RC2_linux-x86_64.run \n./Ascend-docker-runtime_{version}_linux-{arch}.run --install --install-path=<path>\n
Modify the containerd configuration file
If containerd has no default configuration file, execute the following three commands in order to create the configuration file:
mkdir /etc/containerd \ncontainerd config default > /etc/containerd/config.toml \nvim /etc/containerd/config.toml\n
If containerd has a configuration file:
vim /etc/containerd/config.toml\n
Modify the runtime installation path according to the actual situation, mainly modifying the runtime field:
... \n[plugins.\"io.containerd.monitor.v1.cgroups\"]\n no_prometheus = false \n[plugins.\"io.containerd.runtime.v1.linux\"]\n shim = \"containerd-shim\"\n runtime = \"/usr/local/Ascend/Ascend-Docker-Runtime/ascend-docker-runtime\"\n runtime_root = \"\"\n no_shim = false\n shim_debug = false\n [plugins.\"io.containerd.runtime.v2.task\"]\n platforms = [\"linux/amd64\"]\n...\n
Execute the following command to restart containerd:
systemctl restart containerd\n
Execute the following commands on the node where the components are installed to create a user.
# Ubuntu operating system\nuseradd -d /home/hwMindX -u 9000 -m -s /usr/sbin/nologin hwMindX\nusermod -a -G HwHiAiUser hwMindX\n# CentOS operating system\nuseradd -d /home/hwMindX -u 9000 -m -s /sbin/nologin hwMindX\nusermod -a -G HwHiAiUser hwMindX\n
"},{"location":"en/end-user/kpanda/gpu/ascend/ascend_driver_install.html#create-log-directory","title":"Create Log Directory","text":"Create the parent directory for component logs and the log directories for each component on the proper node, and set the appropriate owner and permissions for the directories. Execute the following command to create the parent directory for component logs.
mkdir -m 755 /var/log/mindx-dl\nchown root:root /var/log/mindx-dl\n
Execute the following command to create the Device Plugin component log directory.
mkdir -m 750 /var/log/mindx-dl/devicePlugin\nchown root:root /var/log/mindx-dl/devicePlugin\n
Note
Please create the proper log directory for each required component. In this example, only the Device Plugin component is needed. For other component requirements, refer to the official documentation
"},{"location":"en/end-user/kpanda/gpu/ascend/ascend_driver_install.html#create-node-labels","title":"Create Node Labels","text":"Refer to the following commands to create labels on the proper nodes:
# Create this label on computing nodes where the driver is installed\nkubectl label node {nodename} huawei.com.ascend/Driver=installed\nkubectl label node {nodename} node-role.kubernetes.io/worker=worker\nkubectl label node {nodename} workerselector=dls-worker-node\nkubectl label node {nodename} host-arch=huawei-arm // or host-arch=huawei-x86, select according to the actual situation\nkubectl label node {nodename} accelerator=huawei-Ascend910 // select according to the actual situation\n# Create this label on control nodes\nkubectl label node {nodename} masterselector=dls-master-node\n
"},{"location":"en/end-user/kpanda/gpu/ascend/ascend_driver_install.html#install-device-plugin-and-npuexporter","title":"Install Device Plugin and NpuExporter","text":"Functional module path: Container Management -> Cluster, click the name of the target cluster, then click Helm Apps -> Helm Charts from the left navigation bar, and search for ascend-mindxdl.
After a successful installation, two components will appear under the proper namespace, as shown below:
At the same time, the proper NPU information will also appear on the node information:
Once everything is ready, you can select the proper NPU device when creating a workload through the page, as shown below:
Note
For detailed information of how to use, refer to Using Ascend (Ascend) NPU.
"},{"location":"en/end-user/kpanda/gpu/ascend/vnpu.html","title":"Enable Ascend Virtualization","text":"Ascend virtualization is divided into dynamic virtualization and static virtualization. This document describes how to enable and use Ascend static virtualization capabilities.
"},{"location":"en/end-user/kpanda/gpu/ascend/vnpu.html#prerequisites","title":"Prerequisites","text":"Supported NPU models:
For more details, refer to the official virtualization hardware documentation.
Refer to the Ascend NPU Component Installation Documentation for the basic environment setup.
"},{"location":"en/end-user/kpanda/gpu/ascend/vnpu.html#enable-virtualization-capabilities","title":"Enable Virtualization Capabilities","text":"To enable virtualization capabilities, you need to manually modify the startup parameters of the ascend-device-plugin-daemonset
component. Refer to the following command:
- device-plugin -useAscendDocker=true -volcanoType=false -presetVirtualDevice=true\n- logFile=/var/log/mindx-dl/devicePlugin/devicePlugin.log -logLevel=0\n
"},{"location":"en/end-user/kpanda/gpu/ascend/vnpu.html#split-vnpu-instances","title":"Split VNPU Instances","text":"Static virtualization requires manually splitting VNPU instances. Refer to the following command:
npu-smi set -t create-vnpu -i 13 -c 0 -f vir02\n
i
refers to the card id.c
refers to the chip id.vir02
refers to the split specification template.Card id and chip id can be queried using npu-smi info
. The split specifications can be found in the Ascend official templates.
After splitting the instance, you can query the split results using the following command:
npu-smi info -t info-vnpu -i 13 -c 0\n
The query result is as follows:
"},{"location":"en/end-user/kpanda/gpu/ascend/vnpu.html#restart-ascend-device-plugin-daemonset","title":"Restartascend-device-plugin-daemonset
","text":"After splitting the instance, manually restart the device-plugin
pod, then use the kubectl describe
command to check the resources of the registered node:
kubectl describe node {{nodename}}\n
"},{"location":"en/end-user/kpanda/gpu/ascend/vnpu.html#how-to-use-the-device","title":"How to Use the Device","text":"When creating an application, specify the resource key as shown in the following YAML:
......\nresources:\n requests:\n huawei.com/Ascend310P-2c: 1\n limits:\n huawei.com/Ascend310P-2c: 1\n......\n
"},{"location":"en/end-user/kpanda/gpu/nvidia/index.html","title":"NVIDIA GPU Usage Modes","text":"NVIDIA, as a well-known graphics computing provider, offers various software and hardware solutions to enhance computational power. Among them, NVIDIA provides the following three solutions for GPU usage:
"},{"location":"en/end-user/kpanda/gpu/nvidia/index.html#full-gpu","title":"Full GPU","text":"Full GPU refers to allocating the entire NVIDIA GPU to a single user or application. In this configuration, the application can fully occupy all the resources of the GPU and achieve maximum computational performance. Full GPU is suitable for workloads that require a large amount of computational resources and memory, such as deep learning training, scientific computing, etc.
"},{"location":"en/end-user/kpanda/gpu/nvidia/index.html#vgpu-virtual-gpu","title":"vGPU (Virtual GPU)","text":"vGPU is a virtualization technology that allows one physical GPU to be partitioned into multiple virtual GPUs, with each virtual GPU assigned to different virtual machines or users. vGPU enables multiple users to share the same physical GPU and independently use GPU resources in their respective virtual environments. Each virtual GPU can access a certain amount of compute power and memory capacity. vGPU is suitable for virtualized environments and cloud computing scenarios, providing higher resource utilization and flexibility.
"},{"location":"en/end-user/kpanda/gpu/nvidia/index.html#mig-multi-instance-gpu","title":"MIG (Multi-Instance GPU)","text":"MIG is a feature introduced by the NVIDIA Ampere architecture that allows one physical GPU to be divided into multiple physical GPU instances, each of which can be independently allocated to different users or workloads. Each MIG instance has its own compute resources, memory, and PCIe bandwidth, just like an independent virtual GPU. MIG provides finer-grained GPU resource allocation and management and allows dynamic adjustment of the number and size of instances based on demand. MIG is suitable for multi-tenant environments, containerized applications, batch jobs, and other scenarios.
Whether using vGPU in a virtualized environment or MIG on a physical GPU, NVIDIA provides users with more choices and optimized ways to utilize GPU resources. The Suanova container management platform fully supports the above NVIDIA capabilities. Users can easily access the full computational power of NVIDIA GPUs through simple UI operations, thereby improving resource utilization and reducing costs.
nvidia.com/gpu
resource type.nvidia.com/mig-<slice_count>g.<memory_size>gb
.For detailed instructions on enabling these configurations, refer to Offline Installation of GPU Operator.
"},{"location":"en/end-user/kpanda/gpu/nvidia/index.html#how-to-use","title":"How to Use","text":"You can refer to the following links to quickly start using Suanova's management capabilities for NVIDIA GPUs.
This section describes how to allocate the entire NVIDIA GPU to a single application on the AI platform.
"},{"location":"en/end-user/kpanda/gpu/nvidia/full_gpu_userguide.html#prerequisites","title":"Prerequisites","text":"Check if the cluster has detected the GPUs. Click Clusters -> Cluster Settings -> Addon Plugins to see if it has automatically enabled and detected the proper GPU types. Currently, the cluster will automatically enable GPU and set the GPU Type as Nvidia GPU .
Deploy a workload. Click Clusters -> Workloads , and deploy the workload using the image method. After selecting the type ( Nvidia GPU ), configure the number of physical cards used by the application:
Physical Card Count (nvidia.com/gpu): Indicates the number of physical cards that the current pod needs to mount. The input value must be an integer and less than or equal to the number of cards on the host machine.
If the above value is configured incorrectly, scheduling failures and resource allocation issues may occur.
To request GPU resources for a workload, add the nvidia.com/gpu: 1 parameter to the resource request and limit configuration in the YAML file. This parameter configures the number of physical cards used by the application.
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: full-gpu-demo\n namespace: default\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: full-gpu-demo\n template:\n metadata:\n labels:\n app: full-gpu-demo\n spec:\n containers:\n - image: chrstnhntschl/gpu_burn\n name: container-0\n resources:\n requests:\n cpu: 250m\n memory: 512Mi\n nvidia.com/gpu: 1 # Number of GPUs requested\n limits:\n cpu: 250m\n memory: 512Mi\n nvidia.com/gpu: 1 # Upper limit of GPU usage\n imagePullSecrets:\n - name: default-secret\n
Note
When using the nvidia.com/gpu
parameter to specify the number of GPUs, the values for requests and limits must be consistent.
AI platform comes with pre-installed driver
images for the following three operating systems: Ubuntu 22.04, Ubuntu 20.04, and CentOS 7.9. The driver version is 535.104.12
. Additionally, it includes the required Toolkit
images for each operating system, so users no longer need to manually provide offline toolkit
images.
This page demonstrates using AMD architecture with CentOS 7.9 (3.10.0-1160). If you need to deploy on Red Hat 8.4, refer to Uploading Red Hat gpu-operator Offline Image to the Bootstrap Node Repository and Building Offline Yum Source for Red Hat 8.4.
"},{"location":"en/end-user/kpanda/gpu/nvidia/install_nvidia_driver_of_operator.html#prerequisites","title":"Prerequisites","text":"To install the gpu-operator plugin for your cluster, follow these steps:
Log in to the platform and go to Container Management -> Clusters , check cluster eetails.
On the Helm Charts page, select All Repositories and search for gpu-operator .
Select gpu-operator and click Install .
Configure the installation parameters for gpu-operator based on the instructions below to complete the installation.
Ubuntu 22.04
, Ubuntu 20.04
, Centos 7.9
, and other
. Please choose the correct operating system.Driver.version : Version of the GPU driver image, use default parameters for offline deployment. Configuration is only required for online installation. Different versions of the Driver image exist for different types of operating systems. For more details, refer to Nvidia GPU Driver Versions. Examples of Driver Version
for different operating systems are as follows:
Note
When using the built-in operating system version, there is no need to modify the image version. For other operating system versions, please refer to Uploading Images to the Bootstrap Node Repository. note that there is no need to include the operating system name such as Ubuntu, CentOS, or Red Hat in the version number. If the official image contains an operating system suffix, please manually remove it.
525.105.17
535-5.15.0-1043-nvidia
525.147.05
Driver.RepoConfig.ConfigMapName : Used to record the name of the offline yum repository configuration file for the gpu-operator. When using the pre-packaged offline bundle, refer to the following documents for different types of operating systems.
Toolkit.enable : Enabled by default. This component allows containerd/docker to support running containers that require GPUs.
"},{"location":"en/end-user/kpanda/gpu/nvidia/install_nvidia_driver_of_operator.html#mig-parameters","title":"MIG parameters","text":"For detailed configuration methods, refer to Enabling MIG Functionality.
MigManager.Config.name : The name of the MIG split configuration file, used to define the MIG (GI, CI) split policy. The default is default-mig-parted-config . For custom parameters, refer to Enabling MIG Functionality.
"},{"location":"en/end-user/kpanda/gpu/nvidia/install_nvidia_driver_of_operator.html#next-steps","title":"Next Steps","text":"After completing the configuration and creation of the above parameters:
If using full-card mode , GPU resources can be used when creating applications.
If using vGPU mode , after completing the above configuration and creation, proceed to vGPU Addon Installation.
If using MIG mode and you need to use a specific split specification for individual GPU nodes, otherwise, split according to the default value in MigManager.Config
.
For single mode, add label to nodes as follows:
kubectl label nodes {node} nvidia.com/mig.config=\"all-1g.10gb\" --overwrite\n
For mixed mode, add label to nodes as follows:
kubectl label nodes {node} nvidia.com/mig.config=\"custom-config\" --overwrite\n
After spliting, applications can use MIG GPU resources.
This guide explains how to upload an offline image to the bootstrap repository using the nvcr.io/nvidia/driver:525.105.17-rhel8.4 offline driver image for Red Hat 8.4 as an example.
"},{"location":"en/end-user/kpanda/gpu/nvidia/push_image_to_repo.html#prerequisites","title":"Prerequisites","text":"Perform the following steps on the internet-connected node:
Pull the nvcr.io/nvidia/driver:525.105.17-rhel8.4 offline driver image:
docker pull nvcr.io/nvidia/driver:525.105.17-rhel8.4\n
Once the image is pulled, save it as a compressed archive named nvidia-driver.tar :
docker save nvcr.io/nvidia/driver:525.105.17-rhel8.4 > nvidia-driver.tar\n
Copy the compressed image archive nvidia-driver.tar to the bootstrap node:
scp nvidia-driver.tar user@ip:/root\n
For example:
scp nvidia-driver.tar root@10.6.175.10:/root\n
Perform the following steps on the bootstrap node:
Log in to the bootstrap node and import the compressed image archive nvidia-driver.tar :
docker load -i nvidia-driver.tar\n
View the imported image:
docker images -a | grep nvidia\n
Expected output:
nvcr.io/nvidia/driver e3ed7dee73e9 1 days ago 1.02GB\n
Retag the image to correspond to the target repository in the remote Registry repository:
docker tag <image-name> <registry-url>/<repository-name>:<tag>\n
Replace with the name of the Nvidia image from the previous step, with the address of the Registry service on the bootstrap node, with the name of the repository you want to push the image to, and with the desired tag for the image.
For example:
docker tag nvcr.io/nvidia/driver 10.6.10.5/nvcr.io/nvidia/driver:525.105.17-rhel8.4\n
Push the image to the bootstrap repository:
docker push {ip}/nvcr.io/nvidia/driver:525.105.17-rhel8.4\n
Refer to Building Red Hat 8.4 Offline Yum Source and Offline Installation of GPU Operator to deploy the GPU Operator to your cluster.
"},{"location":"en/end-user/kpanda/gpu/nvidia/ubuntu22.04_offline_install_driver.html","title":"Offline Install gpu-operator Driver on Ubuntu 22.04","text":"Prerequisite: Installed gpu-operator v23.9.0+2 or higher versions
"},{"location":"en/end-user/kpanda/gpu/nvidia/ubuntu22.04_offline_install_driver.html#prepare-offline-image","title":"Prepare Offline Image","text":"Check the kernel version
$ uname -r\n5.15.0-78-generic\n
Check the GPU Driver image version applicable to your kernel, at https://catalog.ngc.nvidia.com/orgs/nvidia/containers/driver/tags
. Use the kernel to query the image version and save the image using ctr export
.
ctr i pull nvcr.io/nvidia/driver:535-5.15.0-78-generic-ubuntu22.04\nctr i export --all-platforms driver.tar.gz nvcr.io/nvidia/driver:535-5.15.0-78-generic-ubuntu22.04 \n
Import the image into the cluster's container registry
ctr i import driver.tar.gz\nctr i tag nvcr.io/nvidia/driver:535-5.15.0-78-generic-ubuntu22.04 {your_registry}/nvcr.m.daocloud.io/nvidia/driver:535-5.15.0-78-generic-ubuntu22.04\nctr i push {your_registry}/nvcr.m.daocloud.io/nvidia/driver:535-5.15.0-78-generic-ubuntu22.04 --skip-verify=true\n
driver.usePrecompiled=true
driver.version=535
, note that it should be 535, not 535.104.12The AI platform comes with a pre-installed GPU Operator offline package for CentOS 7.9 with kernel version 3.10.0-1160. or other OS types or kernel versions, users need to manually build an offline yum source.
This guide explains how to build an offline yum source for CentOS 7.9 with a specific kernel version and use it when installing the GPU Operator by specifying the RepoConfig.ConfigMapName parameter.
"},{"location":"en/end-user/kpanda/gpu/nvidia/upgrade_yum_source_centos7_9.html#prerequisites","title":"Prerequisites","text":"This guide uses CentOS 7.9 with kernel version 3.10.0-1160.95.1.el7.x86_64 as an example to explain how to upgrade the pre-installed GPU Operator offline package's yum source.
"},{"location":"en/end-user/kpanda/gpu/nvidia/upgrade_yum_source_centos7_9.html#check-os-and-kernel-versions-of-cluster-nodes","title":"Check OS and Kernel Versions of Cluster Nodes","text":"Run the following commands on both the control node of the Global cluster and the node where GPU Operator will be deployed. If the OS and kernel versions of the two nodes are consistent, there is no need to build a yum source. You can directly refer to the Offline Installation of GPU Operator document for installation. If the OS or kernel versions of the two nodes are not consistent, please proceed to the next step.
Run the following command to view the distribution name and version of the node where GPU Operator will be deployed in the cluster.
cat /etc/redhat-release\n
Expected output:
CentOS Linux release 7.9 (Core)\n
The output shows the current node's OS version as CentOS 7.9
.
Run the following command to view the kernel version of the node where GPU Operator will be deployed in the cluster.
uname -a\n
Expected output:
Linux localhost.localdomain 3.10.0-1160.95.1.el7.x86_64 #1 SMP Mon Oct 19 16:18:59 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux\n
The output shows the current node's kernel version as 3.10.0-1160.el7.x86_64
.
Perform the following steps on a node that has internet access and can access the file server:
Create a script file named yum.sh by running the following command:
vi yum.sh\n
Then press the i key to enter insert mode and enter the following content:
export TARGET_KERNEL_VERSION=$1\n\ncat >> run.sh << \\EOF\n#! /bin/bash\necho \"start install kernel repo\"\necho ${KERNEL_VERSION}\nmkdir centos-base\n\nif [ \"$OS\" -eq 7 ]; then\n yum install --downloadonly --downloaddir=./centos-base perl\n yum install --downloadonly --downloaddir=./centos-base elfutils-libelf.x86_64\n yum install --downloadonly --downloaddir=./redhat-base elfutils-libelf-devel.x86_64\n yum install --downloadonly --downloaddir=./centos-base kernel-headers-${KERNEL_VERSION}.el7.x86_64\n yum install --downloadonly --downloaddir=./centos-base kernel-devel-${KERNEL_VERSION}.el7.x86_64\n yum install --downloadonly --downloaddir=./centos-base kernel-${KERNEL_VERSION}.el7.x86_64\n yum install -y --downloadonly --downloaddir=./centos-base groff-base\nelif [ \"$OS\" -eq 8 ]; then\n yum install --downloadonly --downloaddir=./centos-base perl\n yum install --downloadonly --downloaddir=./centos-base elfutils-libelf.x86_64\n yum install --downloadonly --downloaddir=./redhat-base elfutils-libelf-devel.x86_64\n yum install --downloadonly --downloaddir=./centos-base kernel-headers-${KERNEL_VERSION}.el8.x86_64\n yum install --downloadonly --downloaddir=./centos-base kernel-devel-${KERNEL_VERSION}.el8.x86_64\n yum install --downloadonly --downloaddir=./centos-base kernel-${KERNEL_VERSION}.el8.x86_64\n yum install -y --downloadonly --downloaddir=./centos-base groff-base\nelse\n echo \"Error os version\"\nfi\n\ncreaterepo centos-base/\nls -lh centos-base/\ntar -zcf centos-base.tar.gz centos-base/\necho \"end install kernel repo\"\nEOF\n\ncat >> Dockerfile << EOF\nFROM centos:7\nENV KERNEL_VERSION=\"\"\nENV OS=7\nRUN yum install -y createrepo\nCOPY run.sh .\nENTRYPOINT [\"/bin/bash\",\"run.sh\"]\nEOF\n\ndocker build -t test:v1 -f Dockerfile .\ndocker run -e KERNEL_VERSION=$TARGET_KERNEL_VERSION --name centos7.9 test:v1\ndocker cp centos7.9:/centos-base.tar.gz .\ntar -xzf centos-base.tar.gz\n
Press the Esc key to exit insert mode, then enter :wq to save and exit.
Run the yum.sh file:
bash -x yum.sh TARGET_KERNEL_VERSION\n
The TARGET_KERNEL_VERSION
parameter is used to specify the kernel version of the cluster nodes.
Note: You don't need to include the distribution identifier (e.g., __ .el7.x86_64__ ). For example:
bash -x yum.sh 3.10.0-1160.95.1\n
Now you have generated an offline yum source, centos-base , for the kernel version 3.10.0-1160.95.1.el7.x86_64 .
"},{"location":"en/end-user/kpanda/gpu/nvidia/upgrade_yum_source_centos7_9.html#upload-the-offline-yum-source-to-the-file-server","title":"Upload the Offline Yum Source to the File Server","text":"Perform the following steps on a node that has internet access and can access the file server. This step is used to upload the generated yum source from the previous step to a file server that can be accessed by the cluster where the GPU Operator will be deployed. The file server can be Nginx, MinIO, or any other file server that supports the HTTP protocol.
In this example, we will use the built-in MinIO as the file server. The MinIO details are as follows:
http://10.5.14.200:9000
(usually {bootstrap-node IP} + {port-9000} )Login password: rootpass123
Run the following command in the current directory of the node to establish a connection between the node's local mc command-line tool and the MinIO server:
mc config host add minio http://10.5.14.200:9000 rootuser rootpass123\n
The expected output should resemble the following:
Added __minio__ successfully.\n
mc is the command-line tool provided by MinIO for interacting with the MinIO server. For more details, refer to the MinIO Client documentation.
In the current directory of the node, create a bucket named centos-base :
mc mb -p minio/centos-base\n
The expected output should resemble the following:
Bucket created successfully __minio/centos-base__ .\n
Set the access policy of the bucket centos-base to allow public download. This will enable access during the installation of the GPU Operator:
mc anonymous set download minio/centos-base\n
The expected output should resemble the following:
Access permission for __minio/centos-base__ is set to __download__ \n
In the current directory of the node, copy the generated centos-base offline yum source to the minio/centos-base bucket on the MinIO server:
mc cp centos-base minio/centos-base --recursive\n
Perform the following steps on the control node of the cluster where the GPU Operator will be deployed.
Run the following command to create a file named CentOS-Base.repo that specifies the configmap for the yum source storage:
# The file name must be CentOS-Base.repo, otherwise it cannot be recognized during the installation of the GPU Operator\ncat > CentOS-Base.repo << EOF\n[extension-0]\nbaseurl = http://10.5.14.200:9000/centos-base/centos-base # The file server address where the yum source is placed in step 3\ngpgcheck = 0\nname = kubean extension 0\n\n[extension-1]\nbaseurl = http://10.5.14.200:9000/centos-base/centos-base # The file server address where the yum source is placed in step 3\ngpgcheck = 0\nname = kubean extension 1\nEOF\n
Based on the created CentOS-Base.repo file, create a configmap named local-repo-config in the gpu-operator namespace:
kubectl create configmap local-repo-config -n gpu-operator --from-file=CentOS-Base.repo=/etc/yum.repos.d/extension.repo\n
The expected output should resemble the following:
configmap/local-repo-config created\n
The local-repo-config configmap will be used to provide the value for the RepoConfig.ConfigMapName parameter during the installation of the GPU Operator. You can customize the configuration file name.
View the content of the local-repo-config configmap:
kubectl get configmap local-repo-config -n gpu-operator -oyaml\n
The expected output should resemble the following:
apiVersion: v1\ndata:\nCentOS-Base.repo: \"[extension-0]\\nbaseurl = http://10.6.232.5:32618/centos-base# The file server path where the yum source is placed in step 2\\ngpgcheck = 0\\nname = kubean extension 0\\n \\n[extension-1]\\nbaseurl = http://10.6.232.5:32618/centos-base # The file server path where the yum source is placed in step 2\\ngpgcheck = 0\\nname = kubean extension 1\\n\"\nkind: ConfigMap\nmetadata:\ncreationTimestamp: \"2023-10-18T01:59:02Z\"\nname: local-repo-config\nnamespace: gpu-operator\nresourceVersion: \"59445080\"\nuid: c5f0ebab-046f-442c-b932-f9003e014387\n
You have successfully created an offline yum source configuration file for the cluster where the GPU Operator will be deployed. You can use it during the offline installation of the GPU Operator by specifying the RepoConfig.ConfigMapName parameter.
"},{"location":"en/end-user/kpanda/gpu/nvidia/upgrade_yum_source_redhat8_4.html","title":"Building Red Hat 8.4 Offline Yum Source","text":"The AI platform comes with pre-installed CentOS v7.9 and GPU Operator offline packages with kernel v3.10.0-1160. For other OS types or nodes with different kernels, users need to manually build the offline yum source.
This guide explains how to build an offline yum source package for Red Hat 8.4 based on any node in the Global cluster. It also demonstrates how to use it during the installation of the GPU Operator by specifying the RepoConfig.ConfigMapName parameter.
"},{"location":"en/end-user/kpanda/gpu/nvidia/upgrade_yum_source_redhat8_4.html#prerequisites","title":"Prerequisites","text":"This guide uses a node with Red Hat 8.4 4.18.0-305.el8.x86_64 as an example to demonstrate how to build an offline yum source package for Red Hat 8.4 based on any node in the Global cluster. It also explains how to use it during the installation of the GPU Operator by specifying the RepoConfig.ConfigMapName parameter.
"},{"location":"en/end-user/kpanda/gpu/nvidia/upgrade_yum_source_redhat8_4.html#step-1-download-the-yum-source-from-the-bootstrap-node","title":"Step 1: Download the Yum Source from the Bootstrap Node","text":"Perform the following steps on the master node of the Global cluster.
Use SSH or any other method to access any node in the Global cluster and run the following command:
cat /etc/yum.repos.d/extension.repo # View the contents of extension.repo.\n
The expected output should resemble the following:
[extension-0]\nbaseurl = http://10.5.14.200:9000/kubean/redhat/$releasever/os/$basearch\ngpgcheck = 0\nname = kubean extension 0\n\n[extension-1]\nbaseurl = http://10.5.14.200:9000/kubean/redhat-iso/$releasever/os/$basearch/AppStream\ngpgcheck = 0\nname = kubean extension 1\n\n[extension-2]\nbaseurl = http://10.5.14.200:9000/kubean/redhat-iso/$releasever/os/$basearch/BaseOS\ngpgcheck = 0\nname = kubean extension 2\n
Create a folder named redhat-base-repo under the root directory:
mkdir redhat-base-repo\n
Download the RPM packages from the yum source to your local machine:
Download the RPM packages from extension-1 :
reposync -p redhat-base-repo -n --repoid=extension-1\n
Download the RPM packages from extension-2 :
reposync -p redhat-base-repo -n --repoid=extension-2\n
Perform the following steps on a node with internet access. Before proceeding, ensure that there is network connectivity between the node with internet access and the master node of the Global cluster.
Run the following command on the node with internet access to download the elfutils-libelf-devel-0.187-4.el8.x86_64.rpm package:
wget https://rpmfind.net/linux/centos/8-stream/BaseOS/x86_64/os/Packages/elfutils-libelf-devel-0.187-4.el8.x86_64.rpm\n
Transfer the elfutils-libelf-devel-0.187-4.el8.x86_64.rpm package from the current directory to the node mentioned in step 1:
scp elfutils-libelf-devel-0.187-4.el8.x86_64.rpm user@ip:~/redhat-base-repo/extension-2/Packages/\n
For example:
scp elfutils-libelf-devel-0.187-4.el8.x86_64.rpm root@10.6.175.10:~/redhat-base-repo/extension-2/Packages/\n
Perform the following steps on the master node of the Global cluster mentioned in Step 1.
Enter the yum repository directories:
cd ~/redhat-base-repo/extension-1/Packages\ncd ~/redhat-base-repo/extension-2/Packages\n
Generate the repository index for the directories:
createrepo_c ./\n
You have now generated the offline yum source named redhat-base-repo for kernel version 4.18.0-305.el8.x86_64 .
"},{"location":"en/end-user/kpanda/gpu/nvidia/upgrade_yum_source_redhat8_4.html#step-4-upload-the-local-yum-repository-to-the-file-server","title":"Step 4: Upload the Local Yum Repository to the File Server","text":"In this example, we will use Minio, which is built-in as the file server in the bootstrap node. However, you can choose any file server that suits your needs. Here are the details for Minio:
http://10.5.14.200:9000
(usually the {bootstrap-node-IP} + {port-9000})Login password: rootpass123
On the current node, establish a connection between the local mc command-line tool and the Minio server by running the following command:
mc config host add minio <file_server_access_url> <username> <password>\n
For example:
mc config host add minio http://10.5.14.200:9000 rootuser rootpass123\n
The expected output should be similar to:
Added __minio__ successfully.\n
The mc command-line tool is provided by the Minio file server as a client command-line tool. For more details, refer to the MinIO Client documentation.
Create a bucket named redhat-base in the current location:
mc mb -p minio/redhat-base\n
The expected output should be similar to:
Bucket created successfully __minio/redhat-base__ .\n
Set the access policy of the redhat-base bucket to allow public downloads so that it can be accessed during the installation of the GPU Operator:
mc anonymous set download minio/redhat-base\n
The expected output should be similar to:
Access permission for __minio/redhat-base__ is set to __download__ \n
Copy the offline yum repository files ( redhat-base-repo ) from the current location to the Minio server's minio/redhat-base bucket:
mc cp redhat-base-repo minio/redhat-base --recursive\n
Perform the following steps on the control node of the cluster where you will deploy the GPU Operator.
Run the following command to create a file named redhat.repo , which specifies the configuration information for the yum repository storage:
# The file name must be redhat.repo, otherwise it won't be recognized when installing gpu-operator\ncat > redhat.repo << EOF\n[extension-0]\nbaseurl = http://10.5.14.200:9000/redhat-base/redhat-base-repo/Packages # The file server address where the yum source is stored in Step 1\ngpgcheck = 0\nname = kubean extension 0\n\n[extension-1]\nbaseurl = http://10.5.14.200:9000/redhat-base/redhat-base-repo/Packages # The file server address where the yum source is stored in Step 1\ngpgcheck = 0\nname = kubean extension 1\nEOF\n
Based on the created redhat.repo file, create a configmap named local-repo-config in the gpu-operator namespace:
kubectl create configmap local-repo-config -n gpu-operator --from-file=./redhat.repo\n
The expected output should be similar to:
configmap/local-repo-config created\n
The local-repo-config configuration file is used to provide the value for the RepoConfig.ConfigMapName parameter during the installation of the GPU Operator. You can choose a different name for the configuration file.
View the contents of the local-repo-config configuration file:
kubectl get configmap local-repo-config -n gpu-operator -oyaml\n
You have successfully created the offline yum source configuration file for the cluster where the GPU Operator will be deployed. You can use it by specifying the RepoConfig.ConfigMapName parameter during the offline installation of the GPU Operator.
"},{"location":"en/end-user/kpanda/gpu/nvidia/yum_source_redhat7_9.html","title":"Build an Offline Yum Repository for Red Hat 7.9","text":""},{"location":"en/end-user/kpanda/gpu/nvidia/yum_source_redhat7_9.html#introduction","title":"Introduction","text":"AI platform comes with a pre-installed CentOS 7.9 with GPU Operator offline package for kernel 3.10.0-1160. You need to manually build an offline yum repository for other OS types or nodes with different kernels.
This page explains how to build an offline yum repository for Red Hat 7.9 based on any node in the Global cluster, and how to use the RepoConfig.ConfigMapName
parameter when installing the GPU Operator.
Download rhel7.9 ISO
Download the rhel7.9 ospackage that corresponds to your Kubean version.
Find the version number of Kubean in the Container Management section of the Global cluster under Helm Apps.
Download the rhel7.9 ospackage for that version from the Kubean repository.
Import offline resources using the installer.
Click here to view the download url.
"},{"location":"en/end-user/kpanda/gpu/nvidia/yum_source_redhat7_9.html#3-upload-red-hat-gpu-operator-offline-image-to-boostrap-node-repository","title":"3. Upload Red Hat GPU Operator Offline Image to Boostrap Node Repository","text":"Refer to Upload Red Hat GPU Operator Offline Image to Boostrap Node Repository.
Note
This reference is based on rhel8.4, so make sure to modify it for rhel7.9.
"},{"location":"en/end-user/kpanda/gpu/nvidia/yum_source_redhat7_9.html#4-create-configmaps-in-the-cluster-to-save-yum-repository-information","title":"4. Create ConfigMaps in the Cluster to Save Yum Repository Information","text":"Run the following command on the control node of the cluster where the GPU Operator is to be deployed.
Run the following command to create a file named CentOS-Base.repo to specify the configuration information where the yum repository is stored.
# The file name must be CentOS-Base.repo, otherwise it will not be recognized when installing gpu-operator\ncat > CentOS-Base.repo << EOF\n[extension-0]\nbaseurl = http://10.5.14.200:9000/centos-base/centos-base # The server file address of the boostrap node, usually {boostrap node IP} + {9000 port}\ngpgcheck = 0\nname = kubean extension 0\n\n[extension-1]\nbaseurl = http://10.5.14.200:9000/centos-base/centos-base # The server file address of the boostrap node, usually {boostrap node IP} + {9000 port}\ngpgcheck = 0\nname = kubean extension 1\nEOF\n
Based on the created CentOS-Base.repo file, create a profile named local-repo-config in the gpu-operator namespace:
kubectl create configmap local-repo-config -n gpu-operator --from-file=CentOS-Base.repo=/etc/yum.repos.d/extension.repo\n
The expected output is as follows:
configmap/local-repo-config created\n
The local-repo-config profile is used to provide the value of the RepoConfig.ConfigMapName
parameter when installing gpu-operator, and the profile name can be customized by the user.
View the contents of the local-repo-config profile:
kubectl get configmap local-repo-config -n gpu-operator -oyaml\n
The expected output is as follows:
local-repo-config.yamlapiVersion: v1\ndata:\n CentOS-Base.repo: \"[extension-0]\\nbaseurl = http://10.6.232.5:32618/centos-base # The file path where yum repository is placed in Step 2 \\ngpgcheck = 0\\nname = kubean extension 0\\n \\n[extension-1]\\nbaseurl\n = http://10.6.232.5:32618/centos-base # The file path where yum repository is placed in Step 2 \\ngpgcheck = 0\\nname\n = kubean extension 1\\n\"\nkind: ConfigMap\nmetadata:\n creationTimestamp: \"2023-10-18T01:59:02Z\"\n name: local-repo-config\n namespace: gpu-operator\n resourceVersion: \"59445080\"\n uid: c5f0ebab-046f-442c-b932-f9003e014387\n
At this point, you have successfully created the offline yum repository profile for the cluster where the GPU Operator is to be deployed. The RepoConfig.ConfigMapName
parameter was used during the Offline Installation of GPU Operator.
MIG allows cloud service providers to partition a physical GPU into multiple independent GPU instances, which can be allocated to different tenants. This enables resource isolation and independence, meeting the GPU computing needs of multiple tenants.
MIG enables finer-grained GPU resource management in containerized environments. By partitioning a physical GPU into multiple MIG instances, each container can be assigned with dedicated GPU compute resources, providing better performance isolation and resource utilization.
For batch processing jobs requiring large-scale parallel computing, MIG provides higher computational performance and larger memory capacity. Each MIG instance can utilize a portion of the physical GPU's compute resources, accelerating the processing of large-scale computational tasks.
MIG offers increased compute power and memory capacity for training large-scale deep learning models. By partitioning the physical GPU into multiple MIG instances, each instance can independently carry out model training, improving training efficiency and throughput.
In general, NVIDIA MIG is suitable for scenarios that require finer-grained allocation and management of GPU resources. It enables resource isolation, improved performance utilization, and meets the GPU computing needs of multiple users or applications.
"},{"location":"en/end-user/kpanda/gpu/nvidia/mig/index.html#overview-of-mig","title":"Overview of MIG","text":"NVIDIA Multi-Instance GPU (MIG) is a new feature introduced by NVIDIA on H100, A100, and A30 series GPUs. Its purpose is to divide a physical GPU into multiple GPU instances to provide finer-grained resource sharing and isolation. MIG can split a GPU into up to seven GPU instances, allowing a single physical GPU to provide separate GPU resources to multiple users, maximizing GPU utilization.
This feature enables multiple applications or users to share GPU resources simultaneously, improving the utilization of computational resources and increasing system scalability.
With MIG, each GPU instance's processor has an independent and isolated path throughout the entire memory system, including cross-switch ports on the chip, L2 cache groups, memory controllers, and DRAM address buses, all uniquely allocated to a single instance.
This ensures that the workload of individual users can run with predictable throughput and latency, along with identical L2 cache allocation and DRAM bandwidth. MIG can partition available GPU compute resources (such as streaming multiprocessors or SMs and GPU engines like copy engines or decoders) to provide defined quality of service (QoS) and fault isolation for different clients such as virtual machines, containers, or processes. MIG enables multiple GPU instances to run in parallel on a single physical GPU.
MIG allows multiple vGPUs (and virtual machines) to run in parallel on a single GPU instance while retaining the isolation guarantees provided by vGPU. For more details on using vGPU and MIG for GPU partitioning, refer to NVIDIA Multi-Instance GPU and NVIDIA Virtual Compute Server.
"},{"location":"en/end-user/kpanda/gpu/nvidia/mig/index.html#mig-architecture","title":"MIG Architecture","text":"The following diagram provides an overview of MIG, illustrating how it virtualizes one physical GPU into seven GPU instances that can be used by multiple users.
"},{"location":"en/end-user/kpanda/gpu/nvidia/mig/index.html#important-concepts","title":"Important Concepts","text":"Resource Sharing: MIG allows a single physical GPU to be divided into multiple GPU instances, providing efficient sharing of GPU resources among different users or applications. This maximizes GPU utilization and enables improved performance isolation.
Fine-Grained Resource Allocation: With MIG, GPU resources can be allocated at a finer granularity, allowing for more precise partitioning and allocation of compute power and memory capacity.
Improved Performance Isolation: Each MIG instance operates independently with its dedicated resources, ensuring predictable throughput and latency for individual users or applications. This improves performance isolation and prevents interference between different workloads running on the same GPU.
Enhanced Security and Fault Isolation: MIG provides better security and fault isolation by ensuring that each user or application has its dedicated GPU resources. This prevents unauthorized access to data and mitigates the impact of faults or errors in one instance on others.
Increased Scalability: MIG enables the simultaneous usage of GPU resources by multiple users or applications, increasing system scalability and accommodating the needs of various workloads.
Efficient Containerization: By using MIG in containerized environments, GPU resources can be effectively allocated to different containers, improving performance isolation and resource utilization.
Overall, MIG offers significant advantages in terms of resource sharing, fine-grained allocation, performance isolation, security, scalability, and containerization, making it a valuable feature for various GPU computing scenarios.
"},{"location":"en/end-user/kpanda/gpu/nvidia/mig/create_mig.html","title":"Enabling MIG Features","text":"This section describes how to enable NVIDIA MIG features. NVIDIA currently provides two strategies for exposing MIG devices on Kubernetes nodes:
For more details, refer to the NVIDIA GPU Usage Modes.
"},{"location":"en/end-user/kpanda/gpu/nvidia/mig/create_mig.html#prerequisites","title":"Prerequisites","text":"When installing the Operator, you need to set the MigManager Config parameter accordingly. The default setting is default-mig-parted-config. You can also customize the sharding policy configuration file:
"},{"location":"en/end-user/kpanda/gpu/nvidia/mig/create_mig.html#custom-sharding-policy","title":"Custom Sharding Policy","text":" ## Custom GI Instance Configuration\n all-disabled:\n - devices: all\n mig-enabled: false\n all-enabled:\n - devices: all\n mig-enabled: true\n mig-devices: {}\n all-1g.10gb:\n - devices: all\n mig-enabled: true\n mig-devices:\n 1g.5gb: 7\n all-1g.10gb.me:\n - devices: all\n mig-enabled: true\n mig-devices:\n 1g.10gb+me: 1\n all-1g.20gb:\n - devices: all\n mig-enabled: true\n mig-devices:\n 1g.20gb: 4\n all-2g.20gb:\n - devices: all\n mig-enabled: true\n mig-devices:\n 2g.20gb: 3\n all-3g.40gb:\n - devices: all\n mig-enabled: true\n mig-devices:\n 3g.40gb: 2\n all-4g.40gb:\n - devices: all\n mig-enabled: true\n mig-devices:\n 4g.40gb: 1\n all-7g.80gb:\n - devices: all\n mig-enabled: true\n mig-devices:\n 7g.80gb: 1\n all-balanced:\n - device-filter: [\"0x233110DE\", \"0x232210DE\", \"0x20B210DE\", \"0x20B510DE\", \"0x20F310DE\", \"0x20F510DE\"]\n devices: all\n mig-enabled: true\n mig-devices:\n 1g.10gb: 2\n 2g.20gb: 1\n 3g.40gb: 1\n # After setting, CI instances will be partitioned according to the specified configuration\n custom-config:\n - devices: all\n mig-enabled: true\n mig-devices:\n 3g.40gb: 2\n
In the above YAML, set custom-config to partition CI instances according to the specifications.
custom-config:\n - devices: all\n mig-enabled: true\n mig-devices:\n 1c.3g.40gb: 6\n
After completing the settings, you can use GPU MIG resources when confirming the deployment of the application.
"},{"location":"en/end-user/kpanda/gpu/nvidia/mig/create_mig.html#switch-node-gpu-mode","title":"Switch Node GPU Mode","text":"After successfully installing the GPU operator, the node is in full card mode by default. There will be an indicator on the node management page, as shown below:
Click the \u2507 at the right side of the node list, select a GPU mode to switch, and then choose the proper MIG mode and sharding policy. Here, we take MIXED mode as an example:
There are two configurations here:
After clicking OK button, wait for about a minute and refresh the page. The MIG mode will be switched to:
"},{"location":"en/end-user/kpanda/gpu/nvidia/mig/mig_command.html","title":"MIG Related Commands","text":"GI Related Commands:
Subcommand Description nvidia-smi mig -lgi View the list of created GI instances nvidia-smi mig -dgi -gi Delete a specific GI instance nvidia-smi mig -lgip View the profile of GI nvidia-smi mig -cgi Create a GI using the specified profile IDCI Related Commands:
Subcommand Description nvidia-smi mig -lcip { -gi {gi Instance ID}} View the profile of CI, specifying -gi will show the CIs that can be created for a particular GI instance nvidia-smi mig -lci View the list of created CI instances nvidia-smi mig -cci {profile id} -gi {gi instance id} Create a CI instance with the specified GI nvidia-smi mig -dci -ci Delete a specific CI instanceGI+CI Related Commands:
Subcommand Description nvidia-smi mig -i 0 -cgi {gi profile id} -C {ci profile id} Create a GI + CI instance directly"},{"location":"en/end-user/kpanda/gpu/nvidia/mig/mig_usage.html","title":"Using MIG GPU Resources","text":"This section explains how applications can use MIG GPU resources.
"},{"location":"en/end-user/kpanda/gpu/nvidia/mig/mig_usage.html#prerequisites","title":"Prerequisites","text":"Confirm if the cluster has recognized the GPU type.
Go to Cluster Details -> Nodes and check if it has been correctly recognized as MIG.
When deploying an application using an image, you can select and use NVIDIA MIG resources.
Example of MIG Single Mode (used in the same way as a full GPU):
Note
The MIG single policy allows users to request and use GPU resources in the same way as a full GPU (nvidia.com/gpu
). The difference is that these resources can be a portion of the GPU (MIG device) rather than the entire GPU. Learn more from the GPU MIG Mode Design.
MIG Mixed Mode
MIG Single mode:
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: mig-demo\n namespace: default\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: mig-demo\n template:\n metadata:\n creationTimestamp: null\n labels:\n app: mig-demo\n spec:\n containers:\n - name: mig-demo1\n image: chrstnhntschl/gpu_burn\n resources:\n limits:\n nvidia.com/gpu: 2 # (1)!\n imagePullPolicy: Always\n restartPolicy: Always\n
MIG Mixed mode:
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: mig-demo\n namespace: default\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: mig-demo\n template:\n metadata:\n creationTimestamp: null\n labels:\n app: mig-demo\n spec:\n containers:\n - name: mig-demo1\n image: chrstnhntschl/gpu_burn\n resources:\n limits:\n nvidia.com/mig-4g.20gb: 1 # (1)!\n imagePullPolicy: Always\n restartPolicy: Always\n
After entering the container, you can check if only one MIG device is being used:
"},{"location":"en/end-user/kpanda/gpu/nvidia/vgpu/hami.html","title":"Build a vGPU Memory Oversubscription Image","text":"The vGPU memory oversubscription feature in the Hami Project no longer exists. To use this feature, you need to rebuild with the libvgpu.so
file that supports memory oversubscription.
FROM docker.m.daocloud.io/projecthami/hami:v2.3.11\nCOPY libvgpu.so /k8s-vgpu/lib/nvidia/\n
Run the following command to build the image:
docker build -t release.daocloud.io/projecthami/hami:v2.3.11 -f Dockerfile .\n
Then, push the image to release.daocloud.io
.
To virtualize a single NVIDIA GPU into multiple virtual GPUs and allocate them to different virtual machines or users, you can use NVIDIA's vGPU capability. This section explains how to install the vGPU plugin in the AI platform, which is a prerequisite for using NVIDIA vGPU capability.
"},{"location":"en/end-user/kpanda/gpu/nvidia/vgpu/vgpu_addon.html#prerequisites","title":"Prerequisites","text":"Path: Container Management -> Cluster Management -> Click the target cluster -> Helm Apps -> Helm Charts -> Search for nvidia-vgpu .
During the installation of vGPU, several basic modification parameters are provided. If you need to modify advanced parameters, click the YAML column to make changes:
deviceMemoryScaling : NVIDIA device memory scaling factor, the input value must be an integer, with a default value of 1. It can be greater than 1 (enabling virtual memory, experimental feature). For an NVIDIA GPU with a memory size of M, if we configure the devicePlugin.deviceMemoryScaling parameter as S, in a Kubernetes cluster where we have deployed our device plugin, the vGPUs assigned from this GPU will have a total memory of S * M .
deviceSplitCount : An integer type, with a default value of 10. Number of GPU splits, each GPU cannot be assigned more tasks than its configuration count. If configured as N, each GPU can have up to N tasks simultaneously.
Resources : Represents the resource usage of the vgpu-device-plugin and vgpu-schedule pods.
After a successful installation, you will see two types of pods in the specified namespace, indicating that the NVIDIA vGPU plugin has been successfully installed:
After a successful installation, you can deploy applications using vGPU resources.
Note
NVIDIA vGPU Addon does not support upgrading directly from the older v2.0.0 to the latest v2.0.0+1; To upgrade, please uninstall the older version and then reinstall the latest version.
"},{"location":"en/end-user/kpanda/gpu/nvidia/vgpu/vgpu_user.html","title":"Using NVIDIA vGPU in Applications","text":"This section explains how to use the vGPU capability in the AI platform.
"},{"location":"en/end-user/kpanda/gpu/nvidia/vgpu/vgpu_user.html#prerequisites","title":"Prerequisites","text":"Confirm if the cluster has detected GPUs. Click the Clusters -> Cluster Settings -> Addon Plugins and check if the GPU plugin has been automatically enabled and the proper GPU type has been detected. Currently, the cluster will automatically enable the GPU addon and set the GPU Type as Nvidia vGPU .
Deploy a workload by clicking Clusters -> Workloads . When deploying a workload using an image, select the type Nvidia vGPU , and you will be prompted with the following parameters:
If there are issues with the configuration values above, it may result in scheduling failure or inability to allocate resources.
Refer to the following workload configuration and add the parameter nvidia.com/vgpu: '1' in the resource requests and limits section to configure the number of physical cards used by the application.
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: full-vgpu-demo\n namespace: default\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: full-vgpu-demo\n template:\n metadata:\n creationTimestamp: null\n labels:\n app: full-vgpu-demo\n spec:\n containers:\n - name: full-vgpu-demo1\n image: chrstnhntschl/gpu_burn\n resources:\n limits:\n nvidia.com/gpucores: '20' # Request 20% of GPU cores for each card\n nvidia.com/gpumem: '200' # Request 200MB of GPU memory for each card\n nvidia.com/vgpu: '1' # Request 1 GPU\n imagePullPolicy: Always\n restartPolicy: Always\n
This YAML configuration requests the application to use vGPU resources. It specifies that each card should utilize 20% of GPU cores, 200MB of GPU memory, and requests 1 GPU.
"},{"location":"en/end-user/kpanda/gpu/volcano/volcano-gang-scheduler.html","title":"Using Volcano's Gang Scheduler","text":"The Gang scheduling policy is one of the core scheduling algorithms of the volcano-scheduler. It satisfies the \"All or nothing\" scheduling requirement during the scheduling process, preventing arbitrary scheduling of Pods that could waste cluster resources. The specific algorithm observes whether the number of scheduled Pods under a Job meets the minimum running quantity. When the Job's minimum running quantity is satisfied, scheduling actions are performed for all Pods under the Job; otherwise, no actions are taken.
"},{"location":"en/end-user/kpanda/gpu/volcano/volcano-gang-scheduler.html#use-cases","title":"Use Cases","text":"The Gang scheduling algorithm, based on the concept of a Pod group, is particularly suitable for scenarios that require multi-process collaboration. AI scenarios often involve complex workflows, such as Data Ingestion, Data Analysis, Data Splitting, Training, Serving, and Logging, which require a group of containers to work together. This makes the Gang scheduling policy based on pods very appropriate.
In multi-threaded parallel computing communication scenarios under the MPI computation framework, Gang scheduling is also very suitable because it requires master and slave processes to work together. High relevance among containers in a pod may lead to resource contention, and overall scheduling allocation can effectively resolve deadlocks.
In scenarios with insufficient cluster resources, the Gang scheduling policy significantly improves the utilization of cluster resources. For example, if the cluster can currently accommodate only 2 Pods, but the minimum number of Pods required for scheduling is 3, then all Pods of this Job will remain pending until the cluster can accommodate 3 Pods, at which point the Pods will be scheduled. This effectively prevents the partial scheduling of Pods, which would not meet the requirements and would occupy resources, making other Jobs unable to run.
"},{"location":"en/end-user/kpanda/gpu/volcano/volcano-gang-scheduler.html#concept-explanation","title":"Concept Explanation","text":"The Gang Scheduler is the core scheduling plugin of Volcano, and it is enabled by default upon installing Volcano. When creating a workload, you only need to specify the scheduler name as Volcano.
Volcano schedules based on PodGroups. When creating a workload, there is no need to manually create PodGroup resources; Volcano will automatically create them based on the workload information. Below is an example of a PodGroup:
apiVersion: scheduling.volcano.sh/v1beta1\nkind: PodGroup\nmetadata:\n name: test\n namespace: default\nspec:\n minMember: 1 # (1)!\n minResources: # (2)!\n cpu: \"3\"\n memory: \"2048Mi\"\n priorityClassName: high-prority # (3)!\n queue: default # (4)!\n
In a multi-threaded parallel computing communication scenario under the MPI computation framework, we need to ensure that all Pods can be successfully scheduled to ensure the job is completed correctly. Setting minAvailable to 4 means that 1 mpimaster and 3 mpiworkers are required to run.
apiVersion: batch.volcano.sh/v1alpha1\nkind: Job\nmetadata:\n name: lm-mpi-job\n labels:\n \"volcano.sh/job-type\": \"MPI\"\nspec:\n minAvailable: 4\n schedulerName: volcano\n plugins:\n ssh: []\n svc: []\n policies:\n - event: PodEvicted\n action: RestartJob\n tasks:\n - replicas: 1\n name: mpimaster\n policies:\n - event: TaskCompleted\n action: CompleteJob\n template:\n spec:\n containers:\n - command:\n - /bin/sh\n - -c\n - |\n MPI_HOST=`cat /etc/volcano/mpiworker.host | tr \"\\n\" \",\"`;\n mkdir -p /var/run/sshd; /usr/sbin/sshd;\n mpiexec --allow-run-as-root --host ${MPI_HOST} -np 3 mpi_hello_world;\n image: docker.m.daocloud.io/volcanosh/example-mpi:0.0.1\n name: mpimaster\n ports:\n - containerPort: 22\n name: mpijob-port\n workingDir: /home\n resources:\n requests:\n cpu: \"500m\"\n limits:\n cpu: \"500m\"\n restartPolicy: OnFailure\n imagePullSecrets:\n - name: default-secret\n - replicas: 3\n name: mpiworker\n template:\n spec:\n containers:\n - command:\n - /bin/sh\n - -c\n - |\n mkdir -p /var/run/sshd; /usr/sbin/sshd -D;\n image: docker.m.daocloud.io/volcanosh/example-mpi:0.0.1\n name: mpiworker\n ports:\n - containerPort: 22\n name: mpijob-port\n workingDir: /home\n resources:\n requests:\n cpu: \"1000m\"\n limits:\n cpu: \"1000m\"\n restartPolicy: OnFailure\n imagePullSecrets:\n - name: default-secret\n
Generate the resources for PodGroup:
apiVersion: scheduling.volcano.sh/v1beta1\nkind: PodGroup\nmetadata:\n annotations:\n creationTimestamp: \"2024-05-28T09:18:50Z\"\n generation: 5\n labels:\n volcano.sh/job-type: MPI\n name: lm-mpi-job-9c571015-37c7-4a1a-9604-eaa2248613f2\n namespace: default\n ownerReferences:\n - apiVersion: batch.volcano.sh/v1alpha1\n blockOwnerDeletion: true\n controller: true\n kind: Job\n name: lm-mpi-job\n uid: 9c571015-37c7-4a1a-9604-eaa2248613f2\n resourceVersion: \"25173454\"\n uid: 7b04632e-7cff-4884-8e9a-035b7649d33b\nspec:\n minMember: 4\n minResources:\n count/pods: \"4\"\n cpu: 3500m\n limits.cpu: 3500m\n pods: \"4\"\n requests.cpu: 3500m\n minTaskMember:\n mpimaster: 1\n mpiworker: 3\n queue: default\nstatus:\n conditions:\n - lastTransitionTime: \"2024-05-28T09:19:01Z\"\n message: '3/4 tasks in gang unschedulable: pod group is not ready, 1 Succeeded,\n 3 Releasing, 4 minAvailable'\n reason: NotEnoughResources\n status: \"True\"\n transitionID: f875efa5-0358-4363-9300-06cebc0e7466\n type: Unschedulable\n - lastTransitionTime: \"2024-05-28T09:18:53Z\"\n reason: tasks in gang are ready to be scheduled\n status: \"True\"\n transitionID: 5a7708c8-7d42-4c33-9d97-0581f7c06dab\n type: Scheduled\n phase: Pending\n succeeded: 1\n
From the PodGroup, it can be seen that it is associated with the workload through ownerReferences and sets the minimum number of running Pods to 4.
"},{"location":"en/end-user/kpanda/gpu/volcano/volcano_user_guide.html","title":"Use Volcano for AI Compute","text":""},{"location":"en/end-user/kpanda/gpu/volcano/volcano_user_guide.html#usage-scenarios","title":"Usage Scenarios","text":"Kubernetes has become the de facto standard for orchestrating and managing cloud-native applications, and an increasing number of applications are choosing to migrate to K8s. The fields of artificial intelligence and machine learning inherently involve a large number of compute-intensive tasks, and developers are very willing to build AI platforms based on Kubernetes to fully leverage its resource management, application orchestration, and operations monitoring capabilities. However, the default Kubernetes scheduler was initially designed primarily for long-running services and has many shortcomings in batch and elastic scheduling for AI and big data tasks. For example, resource contention issues:
Take TensorFlow job scenarios as an example. TensorFlow jobs include two different roles, PS and Worker, and the Pods for these two roles need to work together to complete the entire job. If only one type of role Pod is running, the entire job cannot be executed properly. The default scheduler schedules Pods one by one and is unaware of the PS and Worker roles in a Kubeflow TFJob. In a high-load cluster (insufficient resources), multiple jobs may each be allocated some resources to run a portion of their Pods, but the jobs cannot complete successfully, leading to resource waste. For instance, if a cluster has 4 GPUs and both TFJob1 and TFJob2 each have 4 Workers, TFJob1 and TFJob2 might each be allocated 2 GPUs. However, both TFJob1 and TFJob2 require 4 GPUs to run. This mutual waiting for resource release creates a deadlock situation, resulting in GPU resource waste.
"},{"location":"en/end-user/kpanda/gpu/volcano/volcano_user_guide.html#volcano-batch-scheduling-system","title":"Volcano Batch Scheduling System","text":"Volcano is the first Kubernetes-based container batch computing platform under CNCF, focusing on high-performance computing scenarios. It fills in the missing functionalities of Kubernetes in fields such as machine learning, big data, and scientific computing, providing essential support for these high-performance workloads. Additionally, Volcano seamlessly integrates with mainstream computing frameworks like Spark, TensorFlow, and PyTorch, and supports hybrid scheduling of heterogeneous devices, including CPUs and GPUs, effectively resolving the deadlock issues mentioned above.
The following sections will introduce how to install and use Volcano.
"},{"location":"en/end-user/kpanda/gpu/volcano/volcano_user_guide.html#install-volcano","title":"Install Volcano","text":"Find Volcano in Cluster Details -> Helm Apps -> Helm Charts and install it.
Check and confirm whether Volcano is installed successfully, that is, whether the components volcano-admission, volcano-controllers, and volcano-scheduler are running properly.
Typically, Volcano is used in conjunction with the AI Lab to achieve an effective closed-loop process for the development and training of datasets, Notebooks, and task training.
"},{"location":"en/end-user/kpanda/gpu/volcano/volcano_user_guide.html#volcano-use-cases","title":"Volcano Use Cases","text":"schedulerName: volcano
).volcanoJob
resource is an extension of the Job in Volcano, breaking the Job down into smaller working units called tasks, which can interact with each other.Here is an example:
apiVersion: batch.volcano.sh/v1alpha1\nkind: Job\nmetadata:\n name: tensorflow-benchmark\n labels:\n \"volcano.sh/job-type\": \"Tensorflow\"\nspec:\n minAvailable: 3\n schedulerName: volcano\n plugins:\n env: []\n svc: []\n policies:\n - event: PodEvicted\n action: RestartJob\n tasks:\n - replicas: 1\n name: ps\n template:\n spec:\n imagePullSecrets:\n - name: default-secret\n containers:\n - command:\n - sh\n - -c\n - |\n PS_HOST=`cat /etc/volcano/ps.host | sed 's/$/&:2222/g' | tr \"\\n\" \",\"`;\n WORKER_HOST=`cat /etc/volcano/worker.host | sed 's/$/&:2222/g' | tr \"\\n\" \",\"`;\n python tf_cnn_benchmarks.py --batch_size=32 --model=resnet50 --variable_update=parameter_server --flush_stdout=true --num_gpus=1 --local_parameter_device=cpu --device=cpu --data_format=NHWC --job_name=ps --task_index=${VK_TASK_INDEX} --ps_hosts=${PS_HOST} --worker_hosts=${WORKER_HOST}\n image: docker.m.daocloud.io/volcanosh/example-tf:0.0.1\n name: tensorflow\n ports:\n - containerPort: 2222\n name: tfjob-port\n resources:\n requests:\n cpu: \"1000m\"\n memory: \"2048Mi\"\n limits:\n cpu: \"1000m\"\n memory: \"2048Mi\"\n workingDir: /opt/tf-benchmarks/scripts/tf_cnn_benchmarks\n restartPolicy: OnFailure\n - replicas: 2\n name: worker\n policies:\n - event: TaskCompleted\n action: CompleteJob\n template:\n spec:\n imagePullSecrets:\n - name: default-secret\n containers:\n - command:\n - sh\n - -c\n - |\n PS_HOST=`cat /etc/volcano/ps.host | sed 's/$/&:2222/g' | tr \"\\n\" \",\"`;\n WORKER_HOST=`cat /etc/volcano/worker.host | sed 's/$/&:2222/g' | tr \"\\n\" \",\"`;\n python tf_cnn_benchmarks.py --batch_size=32 --model=resnet50 --variable_update=parameter_server --flush_stdout=true --num_gpus=1 --local_parameter_device=cpu --device=cpu --data_format=NHWC --job_name=worker --task_index=${VK_TASK_INDEX} --ps_hosts=${PS_HOST} --worker_hosts=${WORKER_HOST}\n image: docker.m.daocloud.io/volcanosh/example-tf:0.0.1\n name: tensorflow\n ports:\n - containerPort: 2222\n name: tfjob-port\n resources:\n requests:\n cpu: \"2000m\"\n memory: \"2048Mi\"\n limits:\n cpu: \"2000m\"\n memory: \"4096Mi\"\n workingDir: /opt/tf-benchmarks/scripts/tf_cnn_benchmarks\n restartPolicy: OnFailure\n
"},{"location":"en/end-user/kpanda/gpu/volcano/volcano_user_guide.html#parallel-computing-with-mpi","title":"Parallel Computing with MPI","text":"In multi-threaded parallel computing communication scenarios under the MPI computing framework, we need to ensure that all Pods are successfully scheduled to guarantee the task's proper completion. Setting minAvailable
to 4 indicates that 1 mpimaster
and 3 mpiworkers
are required to run. By simply setting the schedulerName
field value to \"volcano,\" you can enable the Volcano scheduler.
Here is an example:
apiVersion: batch.volcano.sh/v1alpha1\nkind: Job\nmetadata:\n name: lm-mpi-job\n labels:\n \"volcano.sh/job-type\": \"MPI\"\nspec:\n minAvailable: 4\n schedulerName: volcano\n plugins:\n ssh: []\n svc: []\n policies:\n - event: PodEvicted\n action: RestartJob\n tasks:\n - replicas: 1\n name: mpimaster\n policies:\n - event: TaskCompleted\n action: CompleteJob\n template:\n spec:\n containers:\n - command:\n - /bin/sh\n - -c\n - |\n MPI_HOST=`cat /etc/volcano/mpiworker.host | tr \"\\n\" \",\"`;\n mkdir -p /var/run/sshd; /usr/sbin/sshd;\n mpiexec --allow-run-as-root --host ${MPI_HOST} -np 3 mpi_hello_world;\n image: docker.m.daocloud.io/volcanosh/example-mpi:0.0.1\n name: mpimaster\n ports:\n - containerPort: 22\n name: mpijob-port\n workingDir: /home\n resources:\n requests:\n cpu: \"500m\"\n limits:\n cpu: \"500m\"\n restartPolicy: OnFailure\n imagePullSecrets:\n - name: default-secret\n - replicas: 3\n name: mpiworker\n template:\n spec:\n containers:\n - command:\n - /bin/sh\n - -c\n - |\n mkdir -p /var/run/sshd; /usr/sbin/sshd -D;\n image: docker.m.daocloud.io/volcanosh/example-mpi:0.0.1\n name: mpiworker\n ports:\n - containerPort: 22\n name: mpijob-port\n workingDir: /home\n resources:\n requests:\n cpu: \"1000m\"\n limits:\n cpu: \"1000m\"\n restartPolicy: OnFailure\n imagePullSecrets:\n - name: default-secret\n
Resources to generate PodGroup:
apiVersion: scheduling.volcano.sh/v1beta1\nkind: PodGroup\nmetadata:\n annotations:\n creationTimestamp: \"2024-05-28T09:18:50Z\"\n generation: 5\n labels:\n volcano.sh/job-type: MPI\n name: lm-mpi-job-9c571015-37c7-4a1a-9604-eaa2248613f2\n namespace: default\n ownerReferences:\n - apiVersion: batch.volcano.sh/v1alpha1\n blockOwnerDeletion: true\n controller: true\n kind: Job\n name: lm-mpi-job\n uid: 9c571015-37c7-4a1a-9604-eaa2248613f2\n resourceVersion: \"25173454\"\n uid: 7b04632e-7cff-4884-8e9a-035b7649d33b\nspec:\n minMember: 4\n minResources:\n count/pods: \"4\"\n cpu: 3500m\n limits.cpu: 3500m\n pods: \"4\"\n requests.cpu: 3500m\n minTaskMember:\n mpimaster: 1\n mpiworker: 3\n queue: default\nstatus:\n conditions:\n - lastTransitionTime: \"2024-05-28T09:19:01Z\"\n message: '3/4 tasks in gang unschedulable: pod group is not ready, 1 Succeeded,\n 3 Releasing, 4 minAvailable'\n reason: NotEnoughResources\n status: \"True\"\n transitionID: f875efa5-0358-4363-9300-06cebc0e7466\n type: Unschedulable\n - lastTransitionTime: \"2024-05-28T09:18:53Z\"\n reason: tasks in gang are ready to be scheduled\n status: \"True\"\n transitionID: 5a7708c8-7d42-4c33-9d97-0581f7c06dab\n type: Scheduled\n phase: Pending\n succeeded: 1\n
From the PodGroup, it can be seen that it is associated with the workload through ownerReferences
and sets the minimum number of running Pods to 4.
If you want to learn more about the features and usage scenarios of Volcano, refer to Volcano Introduction.
"},{"location":"en/end-user/kpanda/helm/index.html","title":"Helm Charts","text":"Helm is a package management tool for Kubernetes, which makes it easy for users to quickly discover, share and use applications built with Kubernetes. Container Management provides hundreds of Helm charts, covering storage, network, monitoring, database and other main cases. With these templates, you can quickly deploy and easily manage Helm apps through the UI interface. In addition, it supports adding more personalized templates through Add Helm repository to meet various needs.
Key Concepts:
There are a few key concepts to understand when using Helm:
Chart: A Helm installation package, which contains the images, dependencies, and resource definitions required to run an application, and may also contain service definitions in the Kubernetes cluster, similar to the formula in Homebrew, dpkg in APT, or rpm files in Yum. Charts are called Helm Charts in AI platform.
Release: A Chart instance running on the Kubernetes cluster. A Chart can be installed multiple times in the same cluster, and each installation will create a new Release. Release is called Helm Apps in AI platform.
Repository: A repository for publishing and storing Charts. Repository is called Helm Repositories in AI platform.
For more details, refer to Helm official website.
Related operations:
This article explains how to import Helm appss into the system's built-in addons in both offline and online environments.
"},{"location":"en/end-user/kpanda/helm/Import-addon.html#offline-environment","title":"Offline Environment","text":"An offline environment refers to an environment that cannot connect to the internet or is a closed private network environment.
"},{"location":"en/end-user/kpanda/helm/Import-addon.html#prerequisites","title":"Prerequisites","text":"Note
Go to Container Management -> Helm Apps -> Helm Repositories , search for the addon, and obtain the built-in repository address and username/password (the default username/password for the system's built-in repository is rootuser/rootpass123).
Sync the Helm Chart to the built-in repository addon of the container management system
Write the following configuration file, modify it according to your specific configuration, and save it as sync-dao-2048.yaml .
source: # helm charts source information\n repo:\n kind: HARBOR # It can also be any other supported Helm Chart repository type, such as CHARTMUSEUM\n url: https://release-ci.daocloud.io/chartrepo/community # Change to the chart repo URL\n #auth: # username/password, if no password is set, leave it blank\n #username: \"admin\"\n #password: \"Harbor12345\"\ncharts: # charts to sync\n - name: dao-2048 # helm charts information, if not specified, sync all charts in the source helm repo\n versions:\n - 1.4.1\ntarget: # helm charts target information\n containerRegistry: 10.5.14.40 # image repository URL\n repo:\n kind: CHARTMUSEUM # It can also be any other supported Helm Chart repository type, such as HARBOR\n url: http://10.5.14.40:8081 # Change to the correct chart repo URL, you can verify the address by using helm repo add $HELM-REPO\n auth: # username/password, if no password is set, leave it blank\n username: \"rootuser\"\n password: \"rootpass123\"\n containers:\n # kind: HARBOR # If the image repository is HARBOR and you want charts-syncer to automatically create an image repository, fill in this field\n # auth: # username/password, if no password is set, leave it blank\n # username: \"admin\"\n # password: \"Harbor12345\"\n\n# leverage .relok8s-images.yaml file inside the Charts to move the container images too\nrelocateContainerImages: true\n
Run the charts-syncer command to sync the Chart and its included images
charts-syncer sync --config sync-dao-2048.yaml --insecure --auto-create-repository\n
The expected output is:
I1222 15:01:47.119777 8743 sync.go:45] Using config file: \"examples/sync-dao-2048.yaml\"\nW1222 15:01:47.234238 8743 syncer.go:263] Ignoring skipDependencies option as dependency sync is not supported if container image relocation is true or syncing from/to intermediate directory\nI1222 15:01:47.234685 8743 sync.go:58] There is 1 chart out of sync!\nI1222 15:01:47.234706 8743 sync.go:66] Syncing \"dao-2048_1.4.1\" chart...\n.relok8s-images.yaml hints file found\nComputing relocation...\n\nRelocating dao-2048@1.4.1...\nPushing 10.5.14.40/daocloud/dao-2048:v1.4.1...\nDone\nDone moving /var/folders/vm/08vw0t3j68z9z_4lcqyhg8nm0000gn/T/charts-syncer869598676/dao-2048-1.4.1.tgz\n
Once the previous step is completed, go to Container Management -> Helm Apps -> Helm Repositories , find the proper addon, click Sync Repository in the action column, and you will see the uploaded Helm apps in the Helm template.
You can then proceed with normal installation, upgrade, and uninstallation.
The Helm Repo address for the online environment is release.daocloud.io . If the user does not have permission to add Helm Repo, they will not be able to import custom Helm appss into the system's built-in addons. You can add your own Helm repository and then integrate your Helm repository into the platform using the same steps as syncing Helm Chart in the offline environment.
"},{"location":"en/end-user/kpanda/helm/helm-app.html","title":"Manage Helm Apps","text":"The container management module supports interface-based management of Helm, including creating Helm instances using Helm charts, customizing Helm instance arguments, and managing the full lifecycle of Helm instances.
This section will take cert-manager as an example to introduce how to create and manage Helm apps through the container management interface.
"},{"location":"en/end-user/kpanda/helm/helm-app.html#prerequisites","title":"Prerequisites","text":"Integrated the Kubernetes cluster or created the Kubernetes cluster, and you can access the UI interface of the cluster.
Created a namespace, user, and granted NS Admin
or higher permissions to the user. For details, refer to Namespace Authorization.
Follow the steps below to install the Helm app.
Click a cluster name to enter Cluster Details .
In the left navigation bar, click Helm Apps -> Helm Chart to enter the Helm chart page.
On the Helm chart page, select the Helm repository named addon , and all the Helm chart templates under the addon repository will be displayed on the interface. Click the Chart named cert-manager .
On the installation page, you can see the relevant detailed information of the Chart, select the version to be installed in the upper right corner of the interface, and click the Install button. Here select v1.9.1 version for installation.
Configure Name , Namespace and Version Information . You can also customize arguments by modifying YAML in the argument Configuration area below. Click OK .
The system will automatically return to the list of Helm apps, and the status of the newly created Helm app is Installing , and the status will change to Running after a period of time.
After we have completed the installation of a Helm app through the interface, we can perform an update operation on the Helm app. Note: Update operations using the UI are only supported for Helm apps installed via the UI.
Follow the steps below to update the Helm app.
Click a cluster name to enter Cluster Details .
In the left navigation bar, click Helm Apps to enter the Helm app list page.
On the Helm app list page, select the Helm app that needs to be updated, click the __ ...__ operation button on the right side of the list, and select the Update operation in the drop-down selection.
After clicking the Update button, the system will jump to the update interface, where you can update the Helm app as needed. Here we take updating the http port of the dao-2048 application as an example.
After modifying the proper arguments. You can click the Change button under the argument configuration to compare the files before and after the modification. After confirming that there is no error, click the OK button at the bottom to complete the update of the Helm app.
The system will automatically return to the Helm app list, and a pop-up window in the upper right corner will prompt update successful .
Every installation, update, and deletion of Helm apps has detailed operation records and logs for viewing.
In the left navigation bar, click Cluster Operations -> Recent Operations , and then select the Helm Operations tab at the top of the page. Each record corresponds to an install/update/delete operation.
To view the detailed log of each operation: Click \u2507 on the right side of the list, and select Log from the pop-up menu.
At this point, the detailed operation log will be displayed in the form of console at the bottom of the page.
Follow the steps below to delete the Helm app.
Find the cluster where the Helm app to be deleted resides, click the cluster name, and enter Cluster Details .
In the left navigation bar, click Helm Apps to enter the Helm app list page.
On the Helm app list page, select the Helm app you want to delete, click the __ ...__ operation button on the right side of the list, and select Delete from the drop-down selection.
Enter the name of the Helm app in the pop-up window to confirm, and then click the Delete button.
The Helm repository is a repository for storing and publishing Charts. The Helm App module supports HTTP(s) protocol to access Chart packages in the repository. By default, the system has 4 built-in helm repos as shown in the table below to meet common needs in the production process of enterprises.
Repository Description Example partner Various high-quality features provided by ecological partners Chart tidb system Chart that must be relied upon by system core functional components and some advanced features. For example, insight-agent must be installed to obtain cluster monitoring information Insight addon Common Chart in business cases cert-manager community The most popular open source components in the Kubernetes community Chart IstioIn addition to the above preset repositories, you can also add third-party Helm repositories yourself. This page will introduce how to add and update third-party Helm repositories.
"},{"location":"en/end-user/kpanda/helm/helm-repo.html#prerequisites","title":"Prerequisites","text":"Integrated the Kubernetes cluster or created the Kubernetes cluster, and you can access the UI interface of the cluster.
Created a namespace, user, and granted NS Admin
or higher permissions to the user. For details, refer to Namespace Authorization.
If using a private repository, you should have read and write permissions to the repository.
The following takes the public container repository of Kubevela as an example to introduce and manage the helm repo.
Find the cluster that needs to be imported into the third-party helm repo, click the cluster name, and enter cluster details.
In the left navigation bar, click Helm Apps -> Helm Repositories to enter the helm repo page.
Click the Create Repository button on the helm repo page to enter the Create repository page, and configure relevant arguments according to the table below.
Click OK to complete the creation of the Helm repository. The page will automatically jump to the list of Helm repositories.
When the address information of the helm repo changes, the address, authentication method, label, annotation, and description information of the helm repo can be updated.
Find the cluster where the repository to be updated is located, click the cluster name, and enter cluster details .
In the left navigation bar, click Helm Apps -> Helm Repositories to enter the helm repo list page.
Find the Helm repository that needs to be updated on the repository list page, click the \u2507 button on the right side of the list, and click Update in the pop-up menu.
Update on the Update Helm Repository page, and click OK when finished.
Return to the helm repo list, and the screen prompts that the update is successful.
In addition to importing and updating repositorys, you can also delete unnecessary repositories, including system preset repositories and third-party repositories.
Find the cluster where the repository to be deleted is located, click the cluster name, and enter cluster details .
In the left navigation bar, click Helm Apps -> Helm Repositories to enter the helm repo list page.
Find the Helm repository that needs to be updated on the repository list page, click the \u2507 button on the right side of the list, and click Delete in the pop-up menu.
Enter the repository name to confirm, and click Delete .
Return to the list of Helm repositories, and the screen prompts that the deletion is successful.
In a multi-arch cluster, it is common to use Helm charts that support multiple architectures to address deployment issues caused by architectural differences. This guide will explain how to integrate single-arch Helm apps into multi-arch deployments and how to integrate multi-arch Helm apps.
"},{"location":"en/end-user/kpanda/helm/multi-archi-helm.html#import","title":"Import","text":""},{"location":"en/end-user/kpanda/helm/multi-archi-helm.html#import-single-arch","title":"Import Single-arch","text":"Prepare the offline package addon-offline-full-package-${version}-${arch}.tar.gz
.
Specify the path in the clusterConfig.yml configuration file, for example:
addonPackage:\n path: \"/home/addon-offline-full-package-v0.9.0-amd64.tar.gz\"\n
Then run the import command:
~/dce5-installer cluster-create -c /home/dce5/sample/clusterConfig.yaml -m /home/dce5/sample/manifest.yaml -d -j13\n
"},{"location":"en/end-user/kpanda/helm/multi-archi-helm.html#integrate-multi-arch","title":"Integrate Multi-arch","text":"Prepare the offline package addon-offline-full-package-${version}-${arch}.tar.gz
.
Take addon-offline-full-package-v0.9.0-arm64.tar.gz
as an example and run the import command:
~/dce5-installer import-addon -c /home/dce5/sample/clusterConfig.yaml --addon-path=/home/addon-offline-full-package-v0.9.0-arm64.tar.gz\n
"},{"location":"en/end-user/kpanda/helm/multi-archi-helm.html#upgrade","title":"Upgrade","text":""},{"location":"en/end-user/kpanda/helm/multi-archi-helm.html#upgrade-single-arch","title":"Upgrade Single-arch","text":"Prepare the offline package addon-offline-full-package-${version}-${arch}.tar.gz
.
Specify the path in the clusterConfig.yml configuration file, for example:
addonPackage:\n path: \"/home/addon-offline-full-package-v0.11.0-amd64.tar.gz\"\n
Then run the import command:
~/dce5-installer cluster-create -c /home/dce5/sample/clusterConfig.yaml -m /home/dce5/sample/manifest.yaml -d -j13\n
"},{"location":"en/end-user/kpanda/helm/multi-archi-helm.html#multi-arch-integration","title":"Multi-arch Integration","text":"Prepare the offline package addon-offline-full-package-${version}-${arch}.tar.gz
.
Take addon-offline-full-package-v0.11.0-arm64.tar.gz
as an example and run the import command:
~/dce5-installer import-addon -c /home/dce5/sample/clusterConfig.yaml --addon-path=/home/addon-offline-full-package-v0.11.0-arm64.tar.gz\n
"},{"location":"en/end-user/kpanda/helm/multi-archi-helm.html#notes","title":"Notes","text":""},{"location":"en/end-user/kpanda/helm/multi-archi-helm.html#disk-space","title":"Disk Space","text":"The offline package is quite large and requires sufficient space for decompression and loading of images. Otherwise, it may interrupt the process with a \"no space left\" error.
"},{"location":"en/end-user/kpanda/helm/multi-archi-helm.html#retry-after-failure","title":"Retry after Failure","text":"If the multi-arch fusion step fails, you need to clean up the residue before retrying:
rm -rf addon-offline-target-package\n
"},{"location":"en/end-user/kpanda/helm/multi-archi-helm.html#registry-space","title":"Registry Space","text":"If the offline package for fusion contains registry spaces that are inconsistent with the imported offline package, an error may occur during the fusion process due to the non-existence of the registry spaces:
Solution: Simply create the registry space before the fusion. For example, in the above error, creating the registry space \"localhost\" in advance can prevent the error.
"},{"location":"en/end-user/kpanda/helm/multi-archi-helm.html#architecture-conflict","title":"Architecture Conflict","text":"When upgrading to a version lower than 0.12.0 of the addon, the charts-syncer in the target offline package does not check the existence of the image before pushing, so it will recombine the multi-arch into a single architecture during the upgrade process. For example, if the addon is implemented as a multi-arch in v0.10, upgrading to v0.11 will overwrite the multi-arch addon with a single architecture. However, upgrading to v0.12.0 or above can still maintain the multi-arch.
"},{"location":"en/end-user/kpanda/helm/upload-helm.html","title":"Upload Helm Charts","text":"This article explains how to upload Helm charts. See the steps below.
Add a Helm repository, refer to Adding a Third-Party Helm Repository for the procedure.
Upload the Helm Chart to the Helm repository.
Upload with ClientUpload with Web PageNote
This method is suitable for Harbor, ChartMuseum, JFrog type repositories.
Log in to a node that can access the Helm repository, upload the Helm binary to the node, and install the cm-push plugin (VPN is needed and Git should be installed in advance).
Refer to the plugin installation process.
Push the Helm Chart to the Helm repository by executing the following command:
helm cm-push ${charts-dir} ${HELM_REPO_URL} --username ${username} --password ${password}\n
Argument descriptions:
charts-dir
: The directory of the Helm Chart, or the packaged Chart (i.e., .tgz file).HELM_REPO_URL
: The URL of the Helm repository.username
/password
: The username and password for the Helm repository with push permissions.--insecure
.Note
This method is only applicable to Harbor repositories.
Log into the Harbor repository, ensuring the logged-in user has permissions to push;
Go to the relevant project, select the Helm Charts tab, click the Upload button on the page to upload the Helm Chart.
Sync Remote Repository Data
Manual SyncAuto SyncBy default, the cluster does not enable Helm Repository Auto-Refresh, so you need to perform a manual sync operation. The general steps are:
Go to Helm Apps -> Helm Repositories, click the \u2507 button on the right side of the repository list, and select Sync Repository to complete the repository data synchronization.
If you need to enable the Helm repository auto-sync feature, you can go to Cluster Maintenance -> Cluster Settings -> Advanced Settings and turn on the Helm repository auto-refresh switch.
Cluster inspection allows administrators to regularly or ad-hoc check the overall health of the cluster, giving them proactive control over ensuring cluster security. With a well-planned inspection schedule, this proactive cluster check allows administrators to monitor the cluster status at any time and address potential issues in advance. It eliminates the previous dilemma of passive troubleshooting during failures, enabling proactive monitoring and prevention.
The cluster inspection feature provided by AI platform's container management module supports custom inspection items at the cluster, node, and pod levels. After the inspection is completed, it automatically generates visual inspection reports.
For information on security inspections or executing security-related inspections, refer to the supported security scan types in AI platform.
"},{"location":"en/end-user/kpanda/inspect/config.html","title":"Creating Inspection Configuration","text":"AI platform Container Management module provides cluster inspection functionality, which supports inspection at the cluster, node, and pod levels.
Here's how to create an inspection configuration.
Click Cluster Inspection in the left navigation bar.
On the right side of the page, click Inspection Configuration .
Fill in the inspection configuration based on the following instructions, then click OK at the bottom of the page.
After creating the inspection configuration, it will be automatically displayed in the inspection configuration list. Click the more options button on the right of the configuration to immediately perform an inspection, modify the inspection configuration or delete the inspection configuration and reports.
Click Delete to delete the inspection configuration and reports.
Note
After creating an inspection configuration, if the Scheduled Inspection configuration is enabled, inspections will be automatically executed at the specified time. If the Scheduled Inspection configuration is not enabled, you need to manually trigger the inspection.
This page explains how to manually perform a cluster inspection.
"},{"location":"en/end-user/kpanda/inspect/inspect.html#prerequisites","title":"Prerequisites","text":"When performing an inspection, you can choose to inspect multiple clusters in batches or perform a separate inspection for a specific cluster.
Batch InspectionIndividual InspectionClick Cluster Inspection in the top-level navigation bar of the Container Management module, then click Inspection on the right side of the page.
Select the clusters you want to inspect, then click OK at the bottom of the page.
Click the more options button ( \u2507 ) on the right of the proper inspection configuration, then select Inspection from the popup menu.
After the inspection execution is completed, you can view the inspection records and detailed inspection reports.
"},{"location":"en/end-user/kpanda/inspect/report.html#prerequisites","title":"Prerequisites","text":"Click the name of the inspection record you want to view.
View the detailed information of the inspection, which may include an overview of cluster resources and the running status of system components.
You can download the inspection report or delete the inspection report from the top right corner of the page.
Namespaces are an abstraction used in Kubernetes for resource isolation. A cluster can contain multiple namespaces with different names, and the resources in each namespace are isolated from each other. For a detailed introduction to namespaces, refer to Namespaces.
This page will introduce the related operations of the namespace.
"},{"location":"en/end-user/kpanda/namespaces/createns.html#create-a-namespace","title":"Create a namespace","text":"Supports easy creation of namespaces through forms, and quick creation of namespaces by writing or importing YAML files.
Note
On the cluster list page, click the name of the target cluster.
Click Namespace in the left navigation bar, then click the Create button on the right side of the page.
Fill in the name of the namespace, configure the workspace and labels (optional), and then click OK.
Info
After binding a namespace to a workspace, the resources of that namespace will be shared with the bound workspace. For a detailed explanation of workspaces, refer to Workspaces and Folders.
After the namespace is created, you can still bind/unbind the workspace.
Click OK to complete the creation of the namespace. On the right side of the namespace list, click \u2507 to select update, bind/unbind workspace, quota management, delete, and more from the pop-up menu.
On the Clusters page, click the name of the target cluster.
Click Namespace in the left navigation bar, then click the YAML Create button on the right side of the page.
Enter or paste the prepared YAML content, or directly import an existing YAML file locally.
After entering the YAML content, click Download to save the YAML file locally.
Finally, click OK in the lower right corner of the pop-up box.
Namespace exclusive nodes in a Kubernetes cluster allow a specific namespace to have exclusive access to one or more node's CPU, memory, and other resources through taints and tolerations. Once exclusive nodes are configured for a specific namespace, applications and services from other namespaces cannot run on the exclusive nodes. Using exclusive nodes allows important applications to have exclusive access to some computing resources, achieving physical isolation from other applications.
Note
Applications and services running on a node before it is set to be an exclusive node will not be affected and will continue to run normally on that node. Only when these Pods are deleted or rebuilt will they be scheduled to other non-exclusive nodes.
"},{"location":"en/end-user/kpanda/namespaces/exclusive.html#preparation","title":"Preparation","text":"Check whether the kube-apiserver of the current cluster has enabled the PodNodeSelector and PodTolerationRestriction admission controllers.
The use of namespace exclusive nodes requires users to enable the PodNodeSelector and PodTolerationRestriction admission controllers on the kube-apiserver. For more information about admission controllers, refer to Kubernetes Admission Controllers Reference.
You can go to any Master node in the current cluster to check whether these two features are enabled in the kube-apiserver.yaml file, or you can execute the following command on the Master node for a quick check:
[root@g-master1 ~]# cat /etc/kubernetes/manifests/kube-apiserver.yaml | grep enable-admission-plugins\n\n# The expected output is as follows:\n- --enable-admission-plugins=NodeRestriction,PodNodeSelector,PodTolerationRestriction\n
"},{"location":"en/end-user/kpanda/namespaces/exclusive.html#enable-namespace-exclusive-nodes-on-global-cluster","title":"Enable Namespace Exclusive Nodes on Global Cluster","text":"Since the Global cluster runs platform basic components such as kpanda, ghippo, and insight, enabling namespace exclusive nodes on Global may cause system components to not be scheduled to the exclusive nodes when they restart, affecting the overall high availability of the system. Therefore, we generally do not recommend users to enable the namespace exclusive node feature on the Global cluster.
If you do need to enable namespace exclusive nodes on the Global cluster, please follow the steps below:
Enable the PodNodeSelector and PodTolerationRestriction admission controllers for the kube-apiserver of the Global cluster
Note
If the cluster has already enabled the above two admission controllers, please skip this step and go directly to configure system component tolerations.
Go to any Master node in the current cluster to modify the kube-apiserver.yaml configuration file, or execute the following command on the Master node for configuration:
[root@g-master1 ~]# vi /etc/kubernetes/manifests/kube-apiserver.yaml\n\n# The expected output is as follows:\napiVersion: v1\nkind: Pod\nmetadata:\n ......\nspec:\ncontainers:\n- command:\n - kube-apiserver\n ......\n - --default-not-ready-toleration-seconds=300\n - --default-unreachable-toleration-seconds=300\n - --enable-admission-plugins=NodeRestriction # List of enabled admission controllers\n - --enable-aggregator-routing=False\n - --enable-bootstrap-token-auth=true\n - --endpoint-reconciler-type=lease\n - --etcd-cafile=/etc/kubernetes/ssl/etcd/ca.crt\n ......\n
Find the --enable-admission-plugins parameter and add the PodNodeSelector and PodTolerationRestriction admission controllers (separated by commas). Refer to the following:
# Add __ ,PodNodeSelector,PodTolerationRestriction__ \n- --enable-admission-plugins=NodeRestriction,PodNodeSelector,PodTolerationRestriction \n
Add toleration annotations to the namespace where the platform components are located
After enabling the admission controllers, you need to add toleration annotations to the namespace where the platform components are located to ensure the high availability of the platform components.
The system component namespaces for AI platform are as follows:
Namespace System Components Included kpanda-system kpanda hwameiStor-system hwameiStor istio-system istio metallb-system metallb cert-manager-system cert-manager contour-system contour kubean-system kubean ghippo-system ghippo kcoral-system kcoral kcollie-system kcollie insight-system insight, insight-agent: ipavo-system ipavo kairship-system kairship karmada-system karmada amamba-system amamba, jenkins skoala-system skoala mspider-system mspider mcamel-system mcamel-rabbitmq, mcamel-elasticsearch, mcamel-mysql, mcamel-redis, mcamel-kafka, mcamel-minio, mcamel-postgresql spidernet-system spidernet kangaroo-system kangaroo gmagpie-system gmagpie dowl-system dowlCheck whether there are the above namespaces in the current cluster, execute the following command, and add the annotation: scheduler.alpha.kubernetes.io/defaultTolerations: '[{\"operator\": \"Exists\", \"effect\": \"NoSchedule\", \"key\": \"ExclusiveNamespace\"}]'
for each namespace.
kubectl annotate ns <namespace-name> scheduler.alpha.kubernetes.io/defaultTolerations: '[{\"operator\": \"Exists\", \"effect\": \n\"NoSchedule\", \"key\": \"ExclusiveNamespace\"}]'\n
Please make sure to replace <namespace-name>
with the name of the platform namespace you want to add the annotation to. Use the interface to set exclusive nodes for the namespace
After confirming that the PodNodeSelector and PodTolerationRestriction admission controllers on the cluster API server have been enabled, please follow the steps below to use the AI platform UI management interface to set exclusive nodes for the namespace.
Click the cluster name in the cluster list page, then click Namespace in the left navigation bar.
Click the namespace name, then click the Exclusive Node tab, and click Add Node on the bottom right.
Select which nodes you want to be exclusive to this namespace on the left side of the page. On the right side, you can clear or delete a selected node. Finally, click OK at the bottom.
You can view the current exclusive nodes for this namespace in the list. You can choose to Stop Exclusivity on the right side of the node.
After cancelling exclusivity, Pods from other namespaces can also be scheduled to this node.
To enable namespace exclusive nodes on non-Global clusters, please follow the steps below:
Enable the PodNodeSelector and PodTolerationRestriction admission controllers for the kube-apiserver of the current cluster
Note
If the cluster has already enabled the above two admission controllers, please skip this step and go directly to using the interface to set exclusive nodes for the namespace.
Go to any Master node in the current cluster to modify the kube-apiserver.yaml configuration file, or execute the following command on the Master node for configuration:
[root@g-master1 ~]# vi /etc/kubernetes/manifests/kube-apiserver.yaml\n\n# The expected output is as follows:\napiVersion: v1\nkind: Pod\nmetadata:\n ......\nspec:\ncontainers:\n- command:\n - kube-apiserver\n ......\n - --default-not-ready-toleration-seconds=300\n - --default-unreachable-toleration-seconds=300\n - --enable-admission-plugins=NodeRestriction #List of enabled admission controllers\n - --enable-aggregator-routing=False\n - --enable-bootstrap-token-auth=true\n - --endpoint-reconciler-type=lease\n - --etcd-cafile=/etc/kubernetes/ssl/etcd/ca.crt\n ......\n
Find the --enable-admission-plugins parameter and add the PodNodeSelector and PodTolerationRestriction admission controllers (separated by commas). Refer to the following:
# Add __ ,PodNodeSelector,PodTolerationRestriction__ \n- --enable-admission-plugins=NodeRestriction,PodNodeSelector,PodTolerationRestriction \n
Use the interface to set exclusive nodes for the namespace
After confirming that the PodNodeSelector and PodTolerationRestriction admission controllers on the cluster API server have been enabled, please follow the steps below to use the AI platform UI management interface to set exclusive nodes for the namespace.
Click the cluster name in the cluster list page, then click Namespace in the left navigation bar.
Click the namespace name, then click the Exclusive Node tab, and click Add Node on the bottom right.
Select which nodes you want to be exclusive to this namespace on the left side of the page. On the right side, you can clear or delete a selected node. Finally, click OK at the bottom.
You can view the current exclusive nodes for this namespace in the list. You can choose to Stop Exclusivity on the right side of the node.
After cancelling exclusivity, Pods from other namespaces can also be scheduled to this node.
Add toleration annotations to the namespace where the components that need high availability are located (optional)
Execute the following command to add the annotation: scheduler.alpha.kubernetes.io/defaultTolerations: '[{\"operator\": \"Exists\", \"effect\": \"NoSchedule\", \"key\": \"ExclusiveNamespace\"}]'
to the namespace where the components that need high availability are located.
kubectl annotate ns <namespace-name> scheduler.alpha.kubernetes.io/defaultTolerations: '[{\"operator\": \"Exists\", \"effect\": \n\"NoSchedule\", \"key\": \"ExclusiveNamespace\"}]'\n
Please make sure to replace <namespace-name>
with the name of the platform namespace you want to add the annotation to.
Pod security policies in a Kubernetes cluster allow you to control the behavior of Pods in various aspects of security by configuring different levels and modes for specific namespaces. Only Pods that meet certain conditions will be accepted by the system. It sets three levels and three modes, allowing users to choose the most suitable scheme to set restriction policies according to their needs.
Note
Only one security policy can be configured for one security mode. Please be careful when configuring the enforce security mode for a namespace, as violations will prevent Pods from being created.
This section will introduce how to configure Pod security policies for namespaces through the container management interface.
"},{"location":"en/end-user/kpanda/namespaces/podsecurity.html#prerequisites","title":"Prerequisites","text":"The container management module has integrated a Kubernetes cluster or created a Kubernetes cluster. The cluster version needs to be v1.22 or above, and you should be able to access the cluster's UI interface.
A namespace has been created, a user has been created, and the user has been granted NS Admin or higher permissions. For details, refer to Namespace Authorization.
Select the namespace for which you want to configure Pod security policies and go to the details page. Click Configure Policy on the Pod Security Policy page to go to the configuration page.
Click Add Policy on the configuration page, and a policy will appear, including security level and security mode. The following is a detailed introduction to the security level and security policy.
Security Level Description Privileged An unrestricted policy that provides the maximum possible range of permissions. This policy allows known privilege elevations. Baseline The least restrictive policy that prohibits known privilege elevations. Allows the use of default (minimum specified) Pod configurations. Restricted A highly restrictive policy that follows current best practices for protecting Pods. Security Mode Description Audit Violations of the specified policy will add new audit events in the audit log, and the Pod can be created. Warn Violations of the specified policy will return user-visible warning information, and the Pod can be created. Enforce Violations of the specified policy will prevent the Pod from being created.Different security levels correspond to different check items. If you don't know how to configure your namespace, you can Policy ConfigMap Explanation at the top right corner of the page to view detailed information.
Click Confirm. If the creation is successful, the security policy you configured will appear on the page.
Click \u2507 to edit or delete the security policy you configured.
In a Kubernetes cluster, Ingress exposes services from outside the cluster to inside the cluster HTTP and HTTPS ingress. Traffic ingress is controlled by rules defined on the Ingress resource. Here's an example of a simple Ingress that sends all traffic to the same Service:
Ingress is an API object that manages external access to services in the cluster, and the typical access method is HTTP. Ingress can provide load balancing, SSL termination, and name-based virtual hosting.
"},{"location":"en/end-user/kpanda/network/create-ingress.html#prerequisites","title":"Prerequisites","text":"After successfully logging in as the NS Editor user, click Clusters in the upper left corner to enter the Clusters page. In the list of clusters, click a cluster name.
In the left navigation bar, click Container Network -> Ingress to enter the service list, and click the Create Ingress button in the upper right corner.
Note
It is also possible to Create from YAML .
Open Create Ingress page to configure. There are two protocol types to choose from, refer to the following two parameter tables for configuration.
After configuring all the parameters, click the OK button to return to the ingress list automatically. On the right side of the list, click \u2507 to modify or delete the selected ingress.
"},{"location":"en/end-user/kpanda/network/create-services.html","title":"Create a Service","text":"In a Kubernetes cluster, each Pod has an internal independent IP address, but Pods in the workload may be created and deleted at any time, and directly using the Pod IP address cannot provide external services.
This requires creating a service through which you get a fixed IP address, decoupling the front-end and back-end of the workload, and allowing external users to access the service. At the same time, the service also provides the Load Balancer feature, enabling users to access workloads from the public network.
"},{"location":"en/end-user/kpanda/network/create-services.html#prerequisites","title":"Prerequisites","text":"Container management module connected to Kubernetes cluster or created Kubernetes, and can access the cluster UI interface.
Completed a namespace creation, user creation, and authorize the user as NS Editor role, for details, refer to Namespace Authorization.
When there are multiple containers in a single instance, please make sure that the ports used by the containers do not conflict, otherwise the deployment will fail.
After successfully logging in as the NS Editor user, click Clusters in the upper left corner to enter the Clusters page. In the list of clusters, click a cluster name.
In the left navigation bar, click Container Network -> Service to enter the service list, and click the Create Service button in the upper right corner.
!!! tip
It is also possible to create a service via __YAML__ .\n
Open the Create Service page, select an access type, and refer to the following three parameter tables for configuration.
Click Intra-Cluster Access (ClusterIP) , which refers to exposing services through the internal IP of the cluster. The services selected for this option can only be accessed within the cluster. This is the default service type. Refer to the configuration parameters in the table below.
Parameter Description Example value Access type [Type] Required[Meaning] Specify the method of Pod service discovery, here select intra-cluster access (ClusterIP). ClusterIP Service Name [Type] Required[Meaning] Enter the name of the new service. [Note] Please enter a string of 4 to 63 characters, which can contain lowercase English letters, numbers and dashes (-), and start with a lowercase English letter and end with a lowercase English letter or number. Svc-01 Namespace [Type] Required[Meaning] Select the namespace where the new service is located. For more information about namespaces, refer to Namespace Overview. [Note] Please enter a string of 4 to 63 characters, which can contain lowercase English letters, numbers and dashes (-), and start with a lowercase English letter and end with a lowercase English letter or number. default Label selector [Type] Required[Meaning] Add a label, the Service selects a Pod according to the label, and click \"Add\" after filling. You can also refer to the label of an existing workload. Click Reference workload label , select the workload in the pop-up window, and the system will use the selected workload label as the selector by default. app:job01 Port configuration [Type] Required[Meaning] To add a protocol port for a service, you need to select the port protocol type first. Currently, it supports TCP and UDP. Port Name: Enter the name of the custom port. Service port (port): The access port for Pod to provide external services. Container port (targetport): The container port that the workload actually monitors, used to expose services to the cluster. Session Persistence [Type] Optional [Meaning] When enabled, requests from the same client will be forwarded to the same Pod Enabled Maximum session hold time [Type] Optional [Meaning] After session hold is enabled, the maximum hold time is 30 seconds by default 30 seconds Annotation [Type] Optional[Meaning] Add annotation for service"},{"location":"en/end-user/kpanda/network/create-services.html#create-nodeport-service","title":"Create NodePort service","text":"Click NodePort , which means exposing the service via IP and static port ( NodePort ) on each node. The NodePort service is routed to the automatically created ClusterIP service. You can access a NodePort service from outside the cluster by requesting : . Refer to the configuration parameters in the table below. Parameter Description Example value Access type [Type] Required[Meaning] Specify the method of Pod service discovery, here select node access (NodePort). NodePort Service Name [Type] Required[Meaning] Enter the name of the new service. [Note] Please enter a string of 4 to 63 characters, which can contain lowercase English letters, numbers and dashes (-), and start with a lowercase English letter and end with a lowercase English letter or number. Svc-01 Namespace [Type] Required[Meaning] Select the namespace where the new service is located. For more information about namespaces, refer to Namespace Overview. [Note] Please enter a string of 4 to 63 characters, which can contain lowercase English letters, numbers and dashes (-), and start with a lowercase English letter and end with a lowercase English letter or number. default Label selector [Type] Required[Meaning] Add a label, the Service selects a Pod according to the label, and click \"Add\" after filling. You can also refer to the label of an existing workload. Click Reference workload label , select the workload in the pop-up window, and the system will use the selected workload label as the selector by default. Port configuration [Type] Required[Meaning] To add a protocol port for a service, you need to select the port protocol type first. Currently, it supports TCP and UDP. Port Name: Enter the name of the custom port. Service port (port): The access port for Pod to provide external services. By default, the service port is set to the same value as the container port field for convenience. ***Container port (targetport)*: The container port actually monitored by the workload. Node port (nodeport): The port of the node, which receives traffic from ClusterIP transmission. It is used as the entrance for external traffic access. Session Persistence [Type] Optional [Meaning] When enabled, requests from the same client will be forwarded to the same PodAfter enabled, .spec.sessionAffinity of Service is ClientIP , refer to for details : Session Affinity for Service Enabled Maximum session hold time [Type] Optional [Meaning] After session hold is enabled, the maximum hold time, the default timeout is 30 seconds.spec.sessionAffinityConfig.clientIP.timeoutSeconds is set to 30 by default seconds 30 seconds Annotation [Type] Optional[Meaning] Add annotation for service"},{"location":"en/end-user/kpanda/network/create-services.html#create-loadbalancer-service","title":"Create LoadBalancer service","text":"
Click Load Balancer , which refers to using the cloud provider's load balancer to expose services to the outside. External load balancers can route traffic to automatically created NodePort services and ClusterIP services. Refer to the configuration parameters in the table below.
Parameter Description Example value Access type [Type] Required[Meaning] Specify the method of Pod service discovery, here select node access (NodePort). NodePort Service Name [Type] Required[Meaning] Enter the name of the new service. [Note] Please enter a string of 4 to 63 characters, which can contain lowercase English letters, numbers and dashes (-), and start with a lowercase English letter and end with a lowercase English letter or number. Svc-01 Namespace [Type] Required[Meaning] Select the namespace where the new service is located. For more information about namespaces, refer to Namespace Overview. [Note] Please enter a string of 4 to 63 characters, which can contain lowercase English letters, numbers and dashes (-), and start with a lowercase English letter and end with a lowercase English letter or number. default External Traffic Policy [Type] Required[Meaning] Set external traffic policy. Cluster: Traffic can be forwarded to Pods on all nodes in the cluster. Local: Traffic is only sent to Pods on this node. [Note] Please enter a string of 4 to 63 characters, which can contain lowercase English letters, numbers and dashes (-), and start with a lowercase English letter and end with a lowercase English letter or number. Tag selector [Type] Required [Meaning] Add tag, Service Select the Pod according to the label, fill it out and click \"Add\". You can also refer to the label of an existing workload. Click Reference workload label , select the workload in the pop-up window, and the system will use the selected workload label as the selector by default. Load balancing type [Type] Required [Meaning] The type of load balancing used, currently supports MetalLB and others. MetalLB IP Pool [Type] Required[Meaning] When the selected load balancing type is MetalLB, LoadBalancer Service will allocate IP addresses from this pool by default, and declare all IP addresses in this pool through APR Load balancing address [Type] Required[Meaning] 1. If you are using a public cloud CloudProvider, fill in the load balancing address provided by the cloud provider here;2. If the above load balancing type is selected as MetalLB, the IP will be obtained from the above IP pool by default, if not filled, it will be obtained automatically. Port configuration [Type] Required[Meaning] To add a protocol port for a service, you need to select the port protocol type first. Currently, it supports TCP and UDP. Port Name: Enter the name of the custom port. Service port (port): The access port for Pod to provide external services. By default, the service port is set to the same value as the container port field for convenience. Container port (targetport): The container port actually monitored by the workload. Node port (nodeport): The port of the node, which receives traffic from ClusterIP transmission. It is used as the entrance for external traffic access. Annotation [Type] Optional[Meaning] Add annotation for service"},{"location":"en/end-user/kpanda/network/create-services.html#complete-service-creation","title":"Complete service creation","text":"After configuring all parameters, click the OK button to return to the service list automatically. On the right side of the list, click \u2507 to modify or delete the selected service.
"},{"location":"en/end-user/kpanda/network/network-policy.html","title":"Network Policies","text":"Network policies in Kubernetes allow you to control network traffic at the IP address or port level (OSI layer 3 or layer 4). The container management module currently supports creating network policies based on Pods or namespaces, using label selectors to specify which traffic can enter or leave Pods with specific labels.
For more details on network policies, refer to the official Kubernetes documentation on Network Policies.
"},{"location":"en/end-user/kpanda/network/network-policy.html#creating-network-policies","title":"Creating Network Policies","text":"Currently, there are two methods available for creating network policies: YAML and form-based creation. Each method has its advantages and disadvantages, catering to different user needs.
YAML creation requires fewer steps and is more efficient, but it has a higher learning curve as it requires familiarity with configuring network policy YAML files.
Form-based creation is more intuitive and straightforward. Users can simply fill in the proper values based on the prompts. However, this method involves more steps.
"},{"location":"en/end-user/kpanda/network/network-policy.html#yaml-creation","title":"YAML Creation","text":"In the cluster list, click the name of the target cluster, then navigate to Container Network -> Network Policies -> Create with YAML in the left navigation bar.
In the pop-up dialog, enter or paste the pre-prepared YAML file, then click OK at the bottom of the dialog.
In the cluster list, click the name of the target cluster, then navigate to Container Network -> Network Policies -> Create Policy in the left navigation bar.
Fill in the basic information.
The name and namespace cannot be changed after creation.
Fill in the policy configuration.
The policy configuration includes ingress and egress policies. To establish a successful connection from a source Pod to a target Pod, both the egress policy of the source Pod and the ingress policy of the target Pod need to allow the connection. If either side does not allow the connection, the connection will fail.
Ingress Policy: Click \u2795 to begin configuring the policy. Multiple policies can be configured. The effects of multiple network policies are cumulative. Only when all network policies are satisfied simultaneously can a connection be successfully established.
Egress Policy
In the cluster list, click the name of the target cluster, then navigate to Container Network -> Network Policies . Click the name of the network policy.
View the basic configuration, associated instances, ingress policies, and egress policies of the policy.
Info
Under the \"Associated Instances\" tab, you can view instance monitoring, logs, container lists, YAML files, events, and more.
"},{"location":"en/end-user/kpanda/network/network-policy.html#updating-network-policies","title":"Updating Network Policies","text":"There are two ways to update network policies. You can either update them through the form or by using a YAML file.
On the network policy list page, find the policy you want to update, and choose Update in the action column on the right to update it via the form. Choose Edit YAML to update it using a YAML file.
Click the name of the network policy, then choose Update in the top right corner of the policy details page to update it via the form. Choose Edit YAML to update it using a YAML file.
There are two ways to delete network policies. You can delete network policies either through the form or by using a YAML file.
On the network policy list page, find the policy you want to delete, and choose Delete in the action column on the right to delete it via the form. Choose Edit YAML to delete it using a YAML file.
Click the name of the network policy, then choose Delete in the top right corner of the policy details page to delete it via the form. Choose Edit YAML to delete it using a YAML file.
As the number of business applications continues to grow, the resources of the cluster become increasingly tight. At this point, you can expand the cluster nodes based on kubean. After the expansion, applications can run on the newly added nodes, alleviating resource pressure.
Only clusters created through the container management module support node autoscaling. Clusters accessed from the outside do not support this operation. This article mainly introduces the expansion of worker nodes in the same architecture work cluster. If you need to add control nodes or heterogeneous work nodes to the cluster, refer to: Expanding the control node of the work cluster, Adding heterogeneous nodes to the work cluster, Expanding the worker node of the global service cluster.
On the Clusters page, click the name of the target cluster.
If the Cluster Type contains the label Integrated Cluster, it means that the cluster does not support node autoscaling.
Click Nodes in the left navigation bar, and then click Integrate Node in the upper right corner of the page.
Enter the host name and node IP and click OK.
Click \u2795 Add Worker Node to continue accessing more nodes.
Note
Accessing the node takes about 20 minutes, please be patient.
"},{"location":"en/end-user/kpanda/nodes/delete-node.html","title":"Node Scales Down","text":"When the peak business period is over, in order to save resource costs, you can reduce the size of the cluster and unload redundant nodes, that is, node scaling. After a node is uninstalled, applications cannot continue to run on the node.
"},{"location":"en/end-user/kpanda/nodes/delete-node.html#prerequisites","title":"Prerequisites","text":"Cluster Admin
role authorization.When cluster nodes scales down, they can only be uninstalled one by one, not in batches.
If you need to uninstall cluster controller nodes, you need to ensure that the final number of controller nodes is an odd number.
The first controller node cannot be offline when the cluster node scales down. If it is necessary to perform this operation, please contact the after-sales engineer.
On the Clusters page, click the name of the target cluster.
If the Cluster Type has the tag Integrate Cluster , it means that the cluster does not support node autoscaling.
Click Nodes on the left navigation bar, find the node to be uninstalled, click \u2507 and select Remove .
Enter the node name, and click Delete to confirm.
Labels are identifying key-value pairs added to Kubernetes objects such as Pods, nodes, and clusters, which can be combined with label selectors to find and filter Kubernetes objects that meet certain conditions. Each key must be unique for a given object.
Annotations, like tags, are key/value pairs, but they do not have identification or filtering features. Annotations can be used to add arbitrary metadata to nodes. Annotation keys usually use the format prefix(optional)/name(required) , for example nfd.node.kubernetes.io/extended-resources . If the prefix is \u200b\u200bomitted, it means that the annotation key is private to the user.
For more information about labels and annotations, refer to the official Kubernetes documentation labels and selectors Or Annotations.
The steps to add/delete tags and annotations are as follows:
On the Clusters page, click the name of the target cluster.
Click Nodes on the left navigation bar, click the \u2507 operation icon on the right side of the node, and click Edit Labels or Edit Annotations .
Click \u2795 Add to add tags or annotations, click X to delete tags or annotations, and finally click OK .
If you choose to authenticate the nodes of the cluster-to-be-created using SSH keys, you need to configure the public and private keys according to the following instructions.
Run the following command on any node within the management cluster of the cluster-to-be-created to generate the public and private keys.
cd /root/.ssh\nssh-keygen -t rsa\n
Run the ls command to check if the keys have been successfully created in the management cluster. The correct output should be as follows:
ls\nid_rsa id_rsa.pub known_hosts\n
The file named id_rsa is the private key, and the file named id_rsa.pub is the public key.
Run the following command to load the public key file id_rsa.pub onto all the nodes of the cluster-to-be-created.
ssh-copy-id -i /root/.ssh/id_rsa.pub root@10.0.0.0\n
Replace the user account and node IP in the above command with the username and IP of the nodes in the cluster-to-be-created. The same operation needs to be performed on every node in the cluster-to-be-created.
Run the following command to view the private key file id_rsa created in step 1.
cat /root/.ssh/id_rsa\n
The output should be as follows:
-----BEGIN RSA PRIVATE KEY-----\nMIIEpQIBAAKCAQEA3UvyKINzY5BFuemQ+uJ6q+GqgfvnWwNC8HzZhpcMSjJy26MM\nUtBEBJxy8fMi57XcjYxPibXW/wnd+32ICCycqCwByUmuXeCC1cjlCQDqjcAvXae7\nY54IXGF7wm2IsMNwf0kjFEXjuS48FLDA0mGRaN3BG+Up5geXcHckg3K5LD8kXFFx\ndEmSIjdyw55NaUitmEdHzN7cIdfi6Z56jcV8dcFBgWKUx+ebiyPmZBkXToz6GnMF\nrswzzZCl+G6Jb2xTGy7g7ozb4BoZd1IpSD5EhDanRrESVE0C5YuJ5zUAC0CvVd1l\nv67AK8Ko6MXToHp01/bcsvlM6cqgwUFXZKVeOwIDAQABAoIBAQCO36GQlo3BEjxy\nM2HvGJmqrx+unDxafliRe4nVY2AD515Qf4xNSzke4QM1QoyenMOwf446krQkJPK0\nk+9nl6Xszby5gGCbK4BNFk8I6RaGPjZWeRx6zGUJf8avWJiPxx6yjz2esSC9RiR0\nF0nmiiefVMyAfgv2/5++dK2WUFNNRKLgSRRpP5bRaD5wMzzxtSSXrUon6217HO8p\n3RoWsI51MbVzhdVgpHUNABcoa0rpr9svT6XLKZxY8mxpKFYjM0Wv2JIDABg3kBvh\nQbJ7kStCO3naZjKMU9UuSqVJs06cflGYw7Or8/tABR3LErNQKPjkhAQqt0DXw7Iw\n3tKdTAJBAoGBAP687U7JAOqQkcphek2E/A/sbO/d37ix7Z3vNOy065STrA+ZWMZn\npZ6Ui1B/oJpoZssnfvIoz9sn559X0j67TljFALFd2ZGS0Fqh9KVCqDvfk+Vst1dq\n+3r/yZdTOyswoccxkJiC/GDwZGK0amJWqvob39JCZhDAKIGLbGMmjdAHAoGBAN5k\nm1WGnni1nZ+3dryIwgB6z1hWcnLTamzSET6KhSuo946ET0IRG9xtlheCx6dqICbr\nVk1Y4NtRZjK/p/YGx59rDWf7E3I8ZMgR7mjieOcUZ4lUlA4l7ZIlW/2WZHW+nUXO\nTi20fqJ8qSp4BUvOvuth1pz2GLUHe2/Fxjf7HIstAoGBAPHpPr9r+TfIlPsJeRj2\n6lzA3G8qWFRQfGRYjv0fjv0pA+RIb1rzgP/I90g5+63G6Z+R4WdcxI/OJJNY1iuG\nuw9n/pFxm7U4JC990BPE6nj5iLz+clpNGYckNDBF9VG9vFSrSDLdaYkxoVNvG/xJ\na9Na90H4lm7f3VewrPy310KvAoGAZr+mwNoEh5Kpc6xo8Gxi7aPP/mlaUVD6X7Ki\ngvmu02AqmC7rC4QqEiqTaONkaSXwGusqIWxJ3yp5hELmUBYLzszAEeV/s4zRp1oZ\ng133LBRSTbHFAdBmNdqK6Nu+KGRb92980UMOKvZbliKDl+W6cbfvVu+gtKrzTc3b\naevb4TUCgYEAnJAxyVYDP1nJf7bjBSHXQu1E/DMwbtrqw7dylRJ8cAzI7IxfSCez\n7BYWq41PqVd9/zrb3Pbh2phiVzKe783igAIMqummcjo/kZyCwFsYBzK77max1jF5\naPQsLbRS2aDz8kIH6jHPZ/R+15EROmdtLmA7vIJZGerWWQR0dUU+XXA=\n
Copy the content of the private key and paste it into the interface's key input field.
"},{"location":"en/end-user/kpanda/nodes/node-check.html","title":"Create a cluster node availability check","text":"When creating a cluster or adding nodes to an existing cluster, refer to the table below to check the node configuration to avoid cluster creation or expansion failure due to wrong node configuration.
Check Item Description OS Refer to Supported Architectures and Operating Systems SELinux Off Firewall Off Architecture Consistency Consistent CPU architecture between nodes (such as ARM or x86) Host Time All hosts are out of sync within 10 seconds. Network Connectivity The node and its SSH port can be accessed normally by the platform. CPU Available CPU resources are greater than 4 Cores Memory Available memory resources are greater than 8 GB"},{"location":"en/end-user/kpanda/nodes/node-check.html#supported-architectures-and-operating-systems","title":"Supported architectures and operating systems","text":"Architecture Operating System Remarks ARM Kylin Linux Advanced Server release V10 (Sword) SP2 Recommended ARM UOS Linux ARM openEuler x86 CentOS 7.x Recommended x86 Redhat 7.x Recommended x86 Redhat 8.x Recommended x86 Flatcar Container Linux by Kinvolk x86 Debian Bullseye, Buster, Jessie, Stretch x86 Ubuntu 16.04, 18.04, 20.04, 22.04 x86 Fedora 35, 36 x86 Fedora CoreOS x86 openSUSE Leap 15.x/Tumbleweed x86 Oracle Linux 7, 8, 9 x86 Alma Linux 8, 9 x86 Rocky Linux 8, 9 x86 Amazon Linux 2 x86 Kylin Linux Advanced Server release V10 (Sword) - SP2 Haiguang x86 UOS Linux x86 openEuler"},{"location":"en/end-user/kpanda/nodes/node-details.html","title":"Node Details","text":"After accessing or creating a cluster, you can view the information of each node in the cluster, including node status, labels, resource usage, Pod, monitoring information, etc.
On the Clusters page, click the name of the target cluster.
Click Nodes on the left navigation bar to view the node status, role, label, CPU/memory usage, IP address, and creation time.
Click the node name to enter the node details page to view more information, including overview information, pod information, label annotation information, event list, status, etc.
In addition, you can also view the node's YAML file, monitoring information, labels and annotations, etc.
Supports suspending or resuming scheduling of nodes. Pausing scheduling means stopping the scheduling of Pods to the node. Resuming scheduling means that Pods can be scheduled to that node.
On the Clusters page, click the name of the target cluster.
Click Nodes on the left navigation bar, click the \u2507 operation icon on the right side of the node, and click the Cordon button to suspend scheduling the node.
Click the \u2507 operation icon on the right side of the node, and click the Uncordon button to resume scheduling the node.
The node scheduling status may be delayed due to network conditions. Click the refresh icon on the right side of the search box to refresh the node scheduling status.
"},{"location":"en/end-user/kpanda/nodes/taints.html","title":"Node Taints","text":"Taint can make a node exclude a certain type of Pod and prevent Pod from being scheduled on the node. One or more taints can be applied to each node, and Pods that cannot tolerate these taints will not be scheduled on that node.
"},{"location":"en/end-user/kpanda/nodes/taints.html#precautions","title":"Precautions","text":"Find the target cluster on the Clusters page, and click the cluster name to enter the Cluster page.
In the left navigation bar, click Nodes , find the node that needs to modify the taint, click the \u2507 operation icon on the right and click the Edit Taints button.
Enter the key value information of the taint in the pop-up box, select the taint effect, and click OK .
Click \u2795 Add to add multiple taints to the node, and click X on the right side of the taint effect to delete the taint.
Currently supports three taint effects:
NoExecute
: This affects pods that are already running on the node as follows:
tolerationSeconds
in their toleration specification remain bound forevertolerationSeconds
remain bound for the specified amount of time. After that time elapses, the node lifecycle controller evicts the Pods from the node.NoSchedule
: No new Pods will be scheduled on the tainted node unless they have a matching toleration. Pods currently running on the node are not evicted.
PreferNoSchedule
: This is a \"preference\" or \"soft\" version of NoSchedule
. The control plane will try to avoid placing a Pod that does not tolerate the taint on the node, but it is not guaranteed, so this taint is not recommended to use in a production environment.
For more details about taints, refer to the Kubernetes documentation Taints and Tolerance.
"},{"location":"en/end-user/kpanda/olm/import-miniooperator.html","title":"Importing MinIo Operator Offline","text":"This guide explains how to import the MinIo Operator offline in an environment without internet access.
"},{"location":"en/end-user/kpanda/olm/import-miniooperator.html#prerequisites","title":"Prerequisites","text":"Set the environment variables in the execution environment and use them in the subsequent steps by running the following command:
export OPM_IMG=10.5.14.200/quay.m.daocloud.io/operator-framework/opm:v1.29.0 \nexport BUNDLE_IMG=10.5.14.200/quay.m.daocloud.io/operatorhubio/minio-operator:v5.0.3 \n
How to get the above image addresses:
Go to Container Management -> Select the current cluster -> Helm Apps -> View the olm component -> Plugin Settings , and find the images needed for the opm, minio, minio bundle, and minio operator in the subsequent steps.
Using the screenshot as an example, the four image addresses are as follows:\n\n# opm image\n10.5.14.200/quay.m.daocloud.io/operator-framework/opm:v1.29.0\n\n# minio image\n10.5.14.200/quay.m.daocloud.io/minio/minio:RELEASE.2023-03-24T21-41-23Z\n\n# minio bundle image\n10.5.14.200/quay.m.daocloud.io/operatorhubio/minio-operator:v5.0.3\n\n# minio operator image\n10.5.14.200/quay.m.daocloud.io/minio/operator:v5.0.3\n
Run the opm command to get the operators included in the offline bundle image.
# Create the operator directory\n$ mkdir minio-operator && cd minio-operator \n\n# Get the operator yaml\n$ docker run --user root -v $PWD/minio-operator:/minio-operator ${OPM_IMG} alpha bundle unpack --skip-tls-verify -v -d ${BUNDLE_IMG} -o ./minio-operator\n\n# Expected result\n.\n\u2514\u2500\u2500 minio-operator\n \u251c\u2500\u2500 manifests\n \u2502 \u251c\u2500\u2500 console-env_v1_configmap.yaml\n \u2502 \u251c\u2500\u2500 console-sa-secret_v1_secret.yaml\n \u2502 \u251c\u2500\u2500 console_v1_service.yaml\n \u2502 \u251c\u2500\u2500 minio-operator.clusterserviceversion.yaml\n \u2502 \u251c\u2500\u2500 minio.min.io_tenants.yaml\n \u2502 \u251c\u2500\u2500 operator_v1_service.yaml\n \u2502 \u251c\u2500\u2500 sts.min.io_policybindings.yaml\n \u2502 \u2514\u2500\u2500 sts_v1_service.yaml\n \u2514\u2500\u2500 metadata\n \u2514\u2500\u2500 annotations.yaml\n\n3 directories, 9 files\n
Replace all image addresses in the minio-operator/manifests/minio-operator.clusterserviceversion.yaml file with the image addresses from the offline container registry.
Before replacement:
After replacement:
Generate a Dockerfile for building the bundle image.
$ docker run --user root -v $PWD:/minio-operator -w /minio-operator ${OPM_IMG} alpha bundle generate --channels stable,beta -d /minio-operator/minio-operator/manifests -e stable -p minio-operator \u00a0\n\n# Expected result\n.\n\u251c\u2500\u2500 bundle.Dockerfile\n\u2514\u2500\u2500 minio-operator\n \u251c\u2500\u2500 manifests\n \u2502 \u251c\u2500\u2500 console-env_v1_configmap.yaml\n \u2502 \u251c\u2500\u2500 console-sa-secret_v1_secret.yaml\n \u2502 \u251c\u2500\u2500 console_v1_service.yaml\n \u2502 \u251c\u2500\u2500 minio-operator.clusterserviceversion.yaml\n \u2502 \u251c\u2500\u2500 minio.min.io_tenants.yaml\n \u2502 \u251c\u2500\u2500 operator_v1_service.yaml\n \u2502 \u251c\u2500\u2500 sts.min.io_policybindings.yaml\n \u2502 \u2514\u2500\u2500 sts_v1_service.yaml\n \u2514\u2500\u2500 metadata\n \u2514\u2500\u2500 annotations.yaml\n\n3 directories, 10 files\n
Build the bundle image and push it to the offline registry.
# Set the new bundle image\nexport OFFLINE_BUNDLE_IMG=10.5.14.200/quay.m.daocloud.io/operatorhubio/minio-operator:v5.0.3-offline \n\n$ docker build . -f bundle.Dockerfile -t ${OFFLINE_BUNDLE_IMG} \u00a0\n\n$ docker push ${OFFLINE_BUNDLE_IMG}\n
Generate a Dockerfile for building the catalog image.
$ docker run --user root -v $PWD:/minio-operator -w /minio-operator ${OPM_IMG} index add --bundles ${OFFLINE_BUNDLE_IMG} --generate --binary-image ${OPM_IMG} --skip-tls-verify\n\n# Expected result\n.\n\u251c\u2500\u2500 bundle.Dockerfile\n\u251c\u2500\u2500 database\n\u2502 \u2514\u2500\u2500 index.db\n\u251c\u2500\u2500 index.Dockerfile\n\u2514\u2500\u2500 minio-operator\n \u251c\u2500\u2500 manifests\n \u2502 \u251c\u2500\u2500 console-env_v1_configmap.yaml\n \u2502 \u251c\u2500\u2500 console-sa-secret_v1_secret.yaml\n \u2502 \u251c\u2500\u2500 console_v1_service.yaml\n \u2502 \u251c\u2500\u2500 minio.min.io_tenants.yaml\n \u2502 \u251c\u2500\u2500 minio-operator.clusterserviceversion.yaml\n \u2502 \u251c\u2500\u2500 operator_v1_service.yaml\n \u2502 \u251c\u2500\u2500 sts.min.io_policybindings.yaml\n \u2502 \u2514\u2500\u2500 sts_v1_service.yaml\n \u2514\u2500\u2500 metadata\n \u2514\u2500\u2500 annotations.yaml\n\n4 directories, 12 files\n
Build the catalog image.
# Set the new catalog image \nexport OFFLINE_CATALOG_IMG=10.5.14.200/release.daocloud.io/operator-framework/system-operator-index:v0.1.0-offline\n\n$ docker build . -f index.Dockerfile -t ${OFFLINE_CATALOG_IMG} \n\n$ docker push ${OFFLINE_CATALOG_IMG}\n
Go to Container Management and update the built-in catsrc image for the Helm App olm (enter the catalog image specified in the construction of the catalog image, ${catalog-image} ).
After the update is successful, the minio-operator component will appear in the Operator Hub.
Container management implements authorization based on global authority management and global user/group management. If you need to grant users the highest authority for container management (can create, manage, and delete all clusters).
"},{"location":"en/end-user/kpanda/permissions/cluster-ns-auth.html#prerequisites","title":"Prerequisites","text":"Before authorizing users/groups, complete the following preparations:
The user/group to be authorized has been created in the global management.
Only Kpanda Owner
and Cluster Admin
of the current cluster have Cluster authorization capability. For details, refer to Permission Description.
Only Kpanda Owner
, Cluster Admin
for the current cluster, NS Admin
of the current namespace has namespace authorization capability.
After the user logs in to the platform, click Privilege Management under Container Management on the left menu bar, which is located on the Cluster Permissions tab by default.
Click the Add Authorization button.
On the Add Cluster Permission page, select the target cluster, the user/group to be authorized, and click OK .
Currently, the only cluster role supported is Cluster Admin . For details about permissions, refer to Permission Description. If you need to authorize multiple users/groups at the same time, you can click Add User Permissions to add multiple times.
Return to the cluster permission management page, and a message appears on the screen: Cluster permission added successfully .
After the user logs in to the platform, click Permissions under Container Management on the left menu bar, and click the Namespace Permissions tab.
Click the Add Authorization button. On the Add Namespace Permission page, select the target cluster, target namespace, and user/group to be authorized, and click OK .
The currently supported namespace roles are NS Admin, NS Editor, and NS Viewer. For details about permissions, refer to Permission Description. If you need to authorize multiple users/groups at the same time, you can click Add User Permission to add multiple times. Click OK to complete the permission authorization.
Return to the namespace permission management page, and a message appears on the screen: Cluster permission added successfully .
Tip
If you need to delete or edit permissions later, you can click \u2507 on the right side of the list and select Edit or Delete .
In the past, the RBAC rules for those system roles in container management were pre-defined and could not be modified by users. To support more flexible permission settings and to meet the customized needs for system roles, now you can modify RBAC rules for system roles such as cluster admin, ns admin, ns editor, ns viewer.
The following example demonstrates how to add a new ns-view rule, granting the authority to delete workload deployments. Similar operations can be performed for other rules.
"},{"location":"en/end-user/kpanda/permissions/custom-kpanda-role.html#prerequisites","title":"Prerequisites","text":"Before adding RBAC rules to system roles, the following prerequisites must be met:
Note
Only ClusterRoles with fixed Label are supported for adding rules. Replacing or deleting rules is not supported, nor is adding rules by using role. The correspondence between built-in roles and ClusterRole Label created by users is as follows.
cluster-admin: rbac.kpanda.io/role-template-cluster-admin: \"true\"\ncluster-edit: rbac.kpanda.io/role-template-cluster-edit: \"true\"\ncluster-view: rbac.kpanda.io/role-template-cluster-view: \"true\"\nns-admin: rbac.kpanda.io/role-template-ns-admin: \"true\"\nns-edit: rbac.kpanda.io/role-template-ns-edit: \"true\"\nns-view: rbac.kpanda.io/role-template-ns-view: \"true\"\n
Create a deployment by a user with admin
or cluster admin
permissions.
Grant a user the ns-viewer
role to provide them with the ns-view
permission.
Switch the login user to ns-viewer, open the console to get the token for the ns-viewer user, and use curl
to request and delete the nginx deployment mentioned above. However, a prompt appears as below, indicating the user doesn't have permission to delete it.
[root@master-01 ~]# curl -k -X DELETE 'https://${URL}/apis/kpanda.io/v1alpha1/clusters/cluster-member/namespaces/default/deployments/nginx' -H 'authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJOU044MG9BclBRMzUwZ2VVU2ZyNy1xMEREVWY4MmEtZmJqR05uRE1sd1lFIn0.eyJleHAiOjE3MTU3NjY1NzksImlhdCI6MTcxNTY4MDE3OSwiYXV0aF90aW1lIjoxNzE1NjgwMTc3LCJqdGkiOiIxZjI3MzJlNC1jYjFhLTQ4OTktYjBiZC1iN2IxZWY1MzAxNDEiLCJpc3MiOiJodHRwczovLzEwLjYuMjAxLjIwMTozMDE0Ny9hdXRoL3JlYWxtcy9naGlwcG8iLCJhdWQiOiJfX2ludGVybmFsLWdoaXBwbyIsInN1YiI6ImMxZmMxM2ViLTAwZGUtNDFiYS05ZTllLWE5OGU2OGM0MmVmMCIsInR5cCI6IklEIiwiYXpwIjoiX19pbnRlcm5hbC1naGlwcG8iLCJzZXNzaW9uX3N0YXRlIjoiMGJjZWRjZTctMTliYS00NmU1LTkwYmUtOTliMWY2MWEyNzI0IiwiYXRfaGFzaCI6IlJhTHoyQjlKQ2FNc1RrbGVMR3V6blEiLCJhY3IiOiIwIiwic2lkIjoiMGJjZWRjZTctMTliYS00NmU1LTkwYmUtOTliMWY2MWEyNzI0IiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJncm91cHMiOltdLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJucy12aWV3ZXIiLCJsb2NhbGUiOiIifQ.As2ipMjfvzvgONAGlc9RnqOd3zMwAj82VXlcqcR74ZK9tAq3Q4ruQ1a6WuIfqiq8Kq4F77ljwwzYUuunfBli2zhU2II8zyxVhLoCEBu4pBVBd_oJyUycXuNa6HfQGnl36E1M7-_QG8b-_T51wFxxVb5b7SEDE1AvIf54NAlAr-rhDmGRdOK1c9CohQcS00ab52MD3IPiFFZ8_Iljnii-RpXKZoTjdcULJVn_uZNk_SzSUK-7MVWmPBK15m6sNktOMSf0pCObKWRqHd15JSe-2aA2PKBo1jBH3tHbOgZyMPdsLI0QdmEnKB5FiiOeMpwn_oHnT6IjT-BZlB18VkW8rA'\n{\"code\":7,\"message\":\"[RBAC] delete resources(deployments: nginx) is forbidden for user(ns-viewer) in cluster(cluster-member)\",\"details\":[]}[root@master-01 ~]#\n[root@master-01 ~]#\n
Create a ClusterRole on the global cluster, as shown in the yaml below.
apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n name: append-ns-view # (1)!\n labels:\n rbac.kpanda.io/role-template-ns-view: \"true\" # (2)!\nrules:\n - apiGroups: [ \"apps\" ]\n resources: [ \"deployments\" ]\n verbs: [ \"delete\" ]\n
Wait for the kpanda controller to add a rule of user creation to the built-in role: ns-viewer, then you can check if the rules added in the previous step are present for ns-viewer.
[root@master-01 ~]# kubectl get clusterrole role-template-ns-view -oyaml|grep deployments -C 10|tail -n 6\n
- apiGroups:\n - apps\n resources:\n - deployments\n verbs:\n - delete\n
When using curl again to request the deletion of the aforementioned nginx deployment, this time the deletion was successful. This means that ns-viewer has successfully added the rule to delete deployments.
[root@master-01 ~]# curl -k -X DELETE 'https://${URL}/apis/kpanda.io/v1alpha1/clusters/cluster-member/namespaces/default/deployments/nginx' -H 'authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJOU044MG9BclBRMzUwZ2VVU2ZyNy1xMEREVWY4MmEtZmJqR05uRE1sd1lFIn0.eyJleHAiOjE3MTU3NjY1NzksImlhdCI6MTcxNTY4MDE3OSwiYXV0aF90aW1lIjoxNzE1NjgwMTc3LCJqdGkiOiIxZjI3MzJlNC1jYjFhLTQ4OTktYjBiZC1iN2IxZWY1MzAxNDEiLCJpc3MiOiJodHRwczovLzEwLjYuMjAxLjIwMTozMDE0Ny9hdXRoL3JlYWxtcy9naGlwcG8iLCJhdWQiOiJfX2ludGVybmFsLWdoaXBwbyIsInN1YiI6ImMxZmMxM2ViLTAwZGUtNDFiYS05ZTllLWE5OGU2OGM0MmVmMCIsInR5cCI6IklEIiwiYXpwIjoiX19pbnRlcm5hbC1naGlwcG8iLCJzZXNzaW9uX3N0YXRlIjoiMGJjZWRjZTctMTliYS00NmU1LTkwYmUtOTliMWY2MWEyNzI0IiwiYXRfaGFzaCI6IlJhTHoyQjlKQ2FNc1RrbGVMR3V6blEiLCJhY3IiOiIwIiwic2lkIjoiMGJjZWRjZTctMTliYS00NmU1LTkwYmUtOTliMWY2MWEyNzI0IiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJncm91cHMiOltdLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJucy12aWV3ZXIiLCJsb2NhbGUiOiIifQ.As2ipMjfvzvgONAGlc9RnqOd3zMwAj82VXlcqcR74ZK9tAq3Q4ruQ1a6WuIfqiq8Kq4F77ljwwzYUuunfBli2zhU2II8zyxVhLoCEBu4pBVBd_oJyUycXuNa6HfQGnl36E1M7-_QG8b-_T51wFxxVb5b7SEDE1AvIf54NAlAr-rhDmGRdOK1c9CohQcS00ab52MD3IPiFFZ8_Iljnii-RpXKZoTjdcULJVn_uZNk_SzSUK-7MVWmPBK15m6sNktOMSf0pCObKWRqHd15JSe-2aA2PKBo1jBH3tHbOgZyMPdsLI0QdmEnKB5FiiOeMpwn_oHnT6IjT-BZlB18VkW8rA'\n
Container management permissions are based on a multi-dimensional permission management system created by global permission management and Kubernetes RBAC permission management. It supports cluster-level and namespace-level permission control, helping users to conveniently and flexibly set different operation permissions for IAM users and user groups (collections of users) under a tenant.
"},{"location":"en/end-user/kpanda/permissions/permission-brief.html#cluster-permissions","title":"Cluster Permissions","text":"Cluster permissions are authorized based on Kubernetes RBAC's ClusterRoleBinding, allowing users/user groups to have cluster-related permissions. The current default cluster role is Cluster Admin (does not have the permission to create or delete clusters).
"},{"location":"en/end-user/kpanda/permissions/permission-brief.html#cluster-admin","title":"Cluster Admin","text":"Cluster Admin has the following permissions:
The YAML example for this cluster role is as follows:
apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n annotations:\n kpanda.io/creator: system\n creationTimestamp: \"2022-06-16T09:42:49Z\"\n labels:\n iam.kpanda.io/role-template: \"true\"\n name: role-template-cluster-admin\n resourceVersion: \"15168\"\n uid: f8f86d42-d5ef-47aa-b284-097615795076\nrules:\n- apiGroups:\n - '*'\n resources:\n - '*'\n verbs:\n - '*'\n- nonResourceURLs:\n - '*'\n verbs:\n - '*'\n
"},{"location":"en/end-user/kpanda/permissions/permission-brief.html#namespace-permissions","title":"Namespace Permissions","text":"Namespace permissions are authorized based on Kubernetes RBAC capabilities, allowing different users/user groups to have different operation permissions on resources under a namespace (including Kubernetes API permissions). For details, refer to: Kubernetes RBAC. Currently, the default roles for container management are: NS Admin, NS Editor, NS Viewer.
"},{"location":"en/end-user/kpanda/permissions/permission-brief.html#ns-admin","title":"NS Admin","text":"NS Admin has the following permissions:
The YAML example for this cluster role is as follows:
apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n annotations:\n kpanda.io/creator: system\n creationTimestamp: \"2022-06-16T09:42:49Z\"\n labels:\n iam.kpanda.io/role-template: \"true\"\n name: role-template-ns-admin\n resourceVersion: \"15173\"\n uid: 69f64c7e-70e7-4c7c-a3e0-053f507f2bc3\nrules:\n- apiGroups:\n - '*'\n resources:\n - '*'\n verbs:\n - '*'\n- nonResourceURLs:\n - '*'\n verbs:\n - '*' \n
"},{"location":"en/end-user/kpanda/permissions/permission-brief.html#ns-editor","title":"NS Editor","text":"NS Editor has the following permissions:
apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n annotations:\n kpanda.io/creator: system\n creationTimestamp: \"2022-06-16T09:42:50Z\"\n labels:\n iam.kpanda.io/role-template: \"true\"\n name: role-template-ns-edit\n resourceVersion: \"15175\"\n uid: ca9e690e-96c0-4978-8915-6e4c00c748fe\nrules:\n- apiGroups:\n - \"\"\n resources:\n - configmaps\n - endpoints\n - persistentvolumeclaims\n - persistentvolumeclaims/status\n - pods\n - replicationcontrollers\n - replicationcontrollers/scale\n - serviceaccounts\n - services\n - services/status\n verbs:\n - '*'\n- apiGroups:\n - \"\"\n resources:\n - bindings\n - events\n - limitranges\n - namespaces/status\n - pods/log\n - pods/status\n - replicationcontrollers/status\n - resourcequotas\n - resourcequotas/status\n verbs:\n - '*'\n- apiGroups:\n - \"\"\n resources:\n - namespaces\n verbs:\n - '*'\n- apiGroups:\n - apps\n resources:\n - controllerrevisions\n - daemonsets\n - daemonsets/status\n - deployments\n - deployments/scale\n - deployments/status\n - replicasets\n - replicasets/scale\n - replicasets/status\n - statefulsets\n - statefulsets/scale\n - statefulsets/status\n verbs:\n - '*'\n- apiGroups:\n - autoscaling\n resources:\n - horizontalpodautoscalers\n - horizontalpodautoscalers/status\n verbs:\n - '*'\n- apiGroups:\n - batch\n resources:\n - cronjobs\n - cronjobs/status\n - jobs\n - jobs/status\n verbs:\n - '*'\n- apiGroups:\n - extensions\n resources:\n - daemonsets\n - daemonsets/status\n - deployments\n - deployments/scale\n - deployments/status\n - ingresses\n - ingresses/status\n - networkpolicies\n - replicasets\n - replicasets/scale\n - replicasets/status\n - replicationcontrollers/scale\n verbs:\n - '*'\n- apiGroups:\n - policy\n resources:\n - poddisruptionbudgets\n - poddisruptionbudgets/status\n verbs:\n - '*'\n- apiGroups:\n - networking.k8s.io\n resources:\n - ingresses\n - ingresses/status\n - networkpolicies\n verbs:\n - '*' \n
"},{"location":"en/end-user/kpanda/permissions/permission-brief.html#ns-viewer","title":"NS Viewer","text":"NS Viewer has the following permissions:
apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n annotations:\n kpanda.io/creator: system\n creationTimestamp: \"2022-06-16T09:42:50Z\"\n labels:\n iam.kpanda.io/role-template: \"true\"\n name: role-template-ns-view\n resourceVersion: \"15183\"\n uid: 853888fd-6ee8-42ac-b91e-63923918baf8\nrules:\n- apiGroups:\n - \"\"\n resources:\n - configmaps\n - endpoints\n - persistentvolumeclaims\n - persistentvolumeclaims/status\n - pods\n - replicationcontrollers\n - replicationcontrollers/scale\n - serviceaccounts\n - services\n - services/status\n verbs:\n - get\n - list\n - watch\n- apiGroups:\n - \"\"\n resources:\n - bindings\n - events\n - limitranges\n - namespaces/status\n - pods/log\n - pods/status\n - replicationcontrollers/status\n - resourcequotas\n - resourcequotas/status\n verbs:\n - get\n - list\n - watch\n- apiGroups:\n - \"\"\n resources:\n - namespaces\n verbs:\n - get\n - list\n - watch\n- apiGroups:\n - apps\n resources:\n - controllerrevisions\n - daemonsets\n - daemonsets/status\n - deployments\n - deployments/scale\n - deployments/status\n - replicasets\n - replicasets/scale\n - replicasets/status\n - statefulsets\n - statefulsets/scale\n - statefulsets/status\n verbs:\n - get\n - list\n - watch\n- apiGroups:\n - autoscaling\n resources:\n - horizontalpodautoscalers\n - horizontalpodautoscalers/status\n verbs:\n - get\n - list\n - watch\n- apiGroups:\n - batch\n resources:\n - cronjobs\n - cronjobs/status\n - jobs\n - jobs/status\n verbs:\n - get\n - list\n - watch\n- apiGroups:\n - extensions\n resources:\n - daemonsets\n - daemonsets/status\n - deployments\n - deployments/scale\n - deployments/status\n - ingresses\n - ingresses/status\n - networkpolicies\n - replicasets\n - replicasets/scale\n - replicasets/status\n - replicationcontrollers/scale\n verbs:\n - get\n - list\n - watch\n- apiGroups:\n - policy\n resources:\n - poddisruptionbudgets\n - poddisruptionbudgets/status\n verbs:\n - get\n - list\n - watch\n- apiGroups:\n - networking.k8s.io\n resources:\n - ingresses\n - ingresses/status\n - networkpolicies\n verbs:\n - get\n - list\n - watch \n
"},{"location":"en/end-user/kpanda/permissions/permission-brief.html#permissions-faq","title":"Permissions FAQ","text":"What is the relationship between global permissions and container management permissions?
Answer: Global permissions only authorize coarse-grained permissions, which can manage the creation, editing, and deletion of all clusters; while for fine-grained permissions, such as the management permissions of a single cluster, the management, editing, and deletion permissions of a single namespace, they need to be implemented based on Kubernetes RBAC container management permissions. Generally, users only need to be authorized in container management.
Currently, only four default roles are supported. Can the RoleBinding and ClusterRoleBinding (Kubernetes fine-grained RBAC) for custom roles also take effect?
Answer: Currently, custom permissions cannot be managed through the graphical interface, but the permission rules created using kubectl can still take effect.
Suanova AI platform supports elastic scaling of Pod resources based on metrics (Horizontal Pod Autoscaling, HPA). Users can dynamically adjust the number of copies of Pod resources by setting CPU utilization, memory usage, and custom metrics. For example, after setting an auto scaling policy based on the CPU utilization metric for the workload, when the CPU utilization of the Pod exceeds/belows the metric threshold you set, the workload controller will automatically increase/decrease the number of Pod replicas.
This page describes how to configure auto scaling based on built-in metrics and custom metrics for workloads.
Note
The system has two built-in elastic scaling metrics of CPU and memory to meet users' basic business cases.
"},{"location":"en/end-user/kpanda/scale/create-hpa.html#prerequisites","title":"Prerequisites","text":"Before configuring the built-in index auto scaling policy for the workload, the following prerequisites need to be met:
Integrated the Kubernetes cluster or created the Kubernetes cluster, and you can access the UI interface of the cluster.
Created a namespace, deployment or statefulset.
You should have permissions not lower than NS Editor. For details, refer to Namespace Authorization.
Installed metrics-server plugin install.
Refer to the following steps to configure the built-in index auto scaling policy for the workload.
Click Clusters on the left navigation bar to enter the cluster list page. Click a cluster name to enter the Cluster Details page.
On the cluster details page, click Workload in the left navigation bar to enter the workload list, and then click a workload name to enter the Workload Details page.
Click the Auto Scaling tab to view the auto scaling configuration of the current cluster.
After confirming that the cluster has installed the metrics-server plug-in, and the plug-in is running normally, you can click the New Scaling button.
Create custom metric auto scaling policy parameters.
After completing the parameter configuration, click the OK button to automatically return to the elastic scaling details page. Click \u2507 on the right side of the list to edit, delete, and view related events.
The container Vertical Pod Autoscaler (VPA) calculates the most suitable CPU and memory request values \u200b\u200bfor the Pod by monitoring the Pod's resource application and usage over a period of time. Using VPA can allocate resources to each Pod in the cluster more reasonably, improve the overall resource utilization of the cluster, and avoid waste of cluster resources.
AI platform supports VPA through containers. Based on this feature, the Pod request value can be dynamically adjusted according to the usage of container resources. AI platform supports manual and automatic modification of resource request values, and you can configure them according to actual needs.
This page describes how to configure VPA for deployment.
Warning
Using VPA to modify a Pod resource request will trigger a Pod restart. Due to the limitations of Kubernetes itself, Pods may be scheduled to other nodes after restarting.
"},{"location":"en/end-user/kpanda/scale/create-vpa.html#prerequisites","title":"Prerequisites","text":"Before configuring a vertical scaling policy for deployment, the following prerequisites must be met:
In the Container Management module Integrate Kubernetes Cluster or Create Kubernetes Cluster, and can access the cluster UI interface.
Create a namespace, user, Deployments or Statefulsets.
The current operating user should have NS Editor or higher permissions, for details, refer to Namespace Authorization.
The current cluster has installed metrics-server and VPA plugins.
Refer to the following steps to configure the built-in index auto scaling policy for the deployment.
Find the current cluster in Clusters , and click the name of the target cluster.
Click Deployments in the left navigation bar, find the deployment that needs to create a VPA, and click the name of the deployment.
Click the Auto Scaling tab to view the auto scaling configuration of the current cluster, and confirm that the relevant plug-ins have been installed and are running normally.
Click the Create Autoscaler button and configure the VPA vertical scaling policy parameters.
After completing the parameter configuration, click the OK button to automatically return to the elastic scaling details page. Click \u2507 on the right side of the list to perform edit and delete operations.
When the built-in CPU and memory metrics in the system do not meet your business needs, you can add custom metrics by configuring ServiceMonitoring and achieve auto-scaling based on these custom metrics. This article will introduce how to configure auto-scaling for workloads based on custom metrics.
Note
Before configuring the custom metrics auto-scaling policy for workloads, the following prerequisites must be met:
Refer to the following steps to configure the auto-scaling policy based on metrics for workloads.
Click Clusters in the left navigation bar to enter the clusters page. Click a cluster name to enter the Cluster Overview page.
On the Cluster Details page, click Workloads in the left navigation bar to enter the workload list, and click a workload name to enter the Workload Details page.
Click the Auto Scaling tab to view the current autoscaling configuration of the cluster.
Confirm that the cluster has installed metrics-server, Insight, and Prometheus-adapter plugins, and that the plugins are running normally, then click the Create AutoScaler button.
Note
If the related plugins are not installed or the plugins are in an abnormal state, you will not be able to see the entry for creating custom metrics auto-scaling on the page.
Create custom metrics auto-scaling policy parameters.
This case takes a Golang business program as an example. The example program exposes the httpserver_requests_total
metric and records HTTP requests. This metric can be used to calculate the QPS value of the business program.
Use Deployment to deploy the business program:
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: httpserver\n namespace: httpserver\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: httpserver\n template:\n metadata:\n labels:\n app: httpserver\n spec:\n containers:\n - name: httpserver\n image: registry.imroc.cc/test/httpserver:custom-metrics\n imagePullPolicy: Always\n---\n\napiVersion: v1\nkind: Service\nmetadata:\n name: httpserver\n namespace: httpserver\n labels:\n app: httpserver\n annotations:\n prometheus.io/scrape: \"true\"\n prometheus.io/path: \"/metrics\"\n prometheus.io/port: \"http\"\nspec:\n type: ClusterIP\n ports:\n - port: 80\n protocol: TCP\n name: http\n selector:\n app: httpserver\n
"},{"location":"en/end-user/kpanda/scale/custom-hpa.html#prometheus-collects-business-monitoring","title":"Prometheus Collects Business Monitoring","text":"If the insight-agent is installed, Prometheus can be configured by creating a ServiceMonitor CRD object.
Operation steps: In Cluster Details -> Custom Resources, search for \u201cservicemonitors.monitoring.coreos.com\", click the name to enter the details. Create the following example CRD in the httpserver namespace via YAML:
apiVersion: monitoring.coreos.com/v1\nkind: ServiceMonitor\nmetadata:\n name: httpserver\n namespace: httpserver\n labels:\n operator.insight.io/managed-by: insight\nspec:\n endpoints:\n - port: http\n interval: 5s\n namespaceSelector:\n matchNames:\n - httpserver\n selector:\n matchLabels:\n app: httpserver\n
Note
If Prometheus is installed via insight, the serviceMonitor must be labeled with operator.insight.io/managed-by: insight
. If installed by other means, this label is not required.
steps: In Clusters -> Helm Apps, search for \u201cprometheus-adapter\",enter the update page through the action bar, and configure custom metrics in YAML as follows:
rules:\n custom:\n - metricsQuery: sum(rate(<<.Series>>{<<.LabelMatchers>>}[1m])) by (<<.GroupBy>>)\n name:\n as: httpserver_requests_qps\n matches: httpserver_requests_total\n resources:\n template: <<.Resource>>\n seriesQuery: httpserver_requests_total\n
"},{"location":"en/end-user/kpanda/scale/custom-hpa.html#create-custom-metrics-auto-scaling-policy-parameters","title":"Create Custom Metrics Auto-scaling Policy Parameters","text":"Follow the above steps to find the application httpserver in the Deployment and create auto-scaling via custom metrics.
"},{"location":"en/end-user/kpanda/scale/hpa-cronhpa-compatibility-rules.html","title":"Compatibility Rules for HPA and CronHPA","text":"HPA stands for HorizontalPodAutoscaler, which refers to horizontal pod auto-scaling.
CronHPA stands for Cron HorizontalPodAutoscaler, which refers to scheduled horizontal pod auto-scaling.
"},{"location":"en/end-user/kpanda/scale/hpa-cronhpa-compatibility-rules.html#conflict-between-cronhpa-and-hpa","title":"Conflict Between CronHPA and HPA","text":"Scheduled scaling with CronHPA triggers horizontal pod scaling at specified times. To prevent sudden traffic surges, you may have configured HPA to ensure the normal operation of your application. If both HPA and CronHPA are detected simultaneously, conflicts arise because CronHPA and HPA operate independently without awareness of each other. Consequently, the actions performed last will override those executed first.
By comparing the definition templates of CronHPA and HPA, the following points can be observed:
scaleTargetRef
field to identify the scaling target.Note
If both CronHPA and HPA are set, there will be scenarios where CronHPA and HPA simultaneously operate on a single scaleTargetRef
.
As noted above, the fundamental reason that simultaneous use of CronHPA and HPA results in the later action overriding the earlier one is that the two controllers cannot sense each other. Therefore, the conflict can be resolved by enabling CronHPA to be aware of HPA's current state.
The system will treat HPA as the scaling object for CronHPA, thus achieving scheduled scaling for the Deployment object defined by the HPA.
HPA's definition configures the Deployment in the scaleTargetRef
field, and then the Deployment uses its definition to locate the ReplicaSet, which ultimately adjusts the actual number of replicas.
In AI platform, the scaleTargetRef
in CronHPA is set to the HPA object, and it uses the HPA object to find the actual scaleTargetRef
, allowing CronHPA to be aware of HPA's current state.
CronHPA senses HPA by adjusting HPA. CronHPA determines whether scaling is needed and modifies the HPA upper limit by comparing the target number of replicas with the current number of replicas, choosing the larger value. Similarly, CronHPA determines whether to modify the HPA lower limit by comparing the target number of replicas from CronHPA with the configuration in HPA, choosing the smaller value.
"},{"location":"en/end-user/kpanda/scale/install-cronhpa.html","title":"Install kubernetes-cronhpa-controller","text":"The container copy timing horizontal autoscaling policy (CronHPA) can provide stable computing resource guarantee for periodic high-concurrency applications, and kubernetes-cronhpa-controller is a key component to implement CronHPA.
This section describes how to install the kubernetes-cronhpa-controller plugin.
Note
In order to use CornHPA, not only the kubernetes-cronhpa-controller plugin needs to be installed, but also install the metrics-server plugin.
"},{"location":"en/end-user/kpanda/scale/install-cronhpa.html#prerequisites","title":"Prerequisites","text":"Before installing the kubernetes-cronhpa-controller plugin, the following prerequisites need to be met:
In the Container Management module Integrate Kubernetes Cluster or Create Kubernetes Cluster, and can access the cluster UI interface.
Create a namespace.
The current operating user should have NS Editor or higher permissions, for details, refer to Namespace Authorization.
Refer to the following steps to install the kubernetes-cronhpa-controller plugin for the cluster.
On the Clusters page, find the target cluster where the plugin needs to be installed, click the name of the cluster, then click Workloads -> Deployments on the left, and click the name of the target workload.
On the workload details page, click the Auto Scaling tab, and click Install on the right side of CronHPA .
Read the relevant introduction of the plug-in, select the version and click the Install button. It is recommended to install 1.3.0 or later.
Refer to the following instructions to configure the parameters.
Note
After enabling ready wait and/or failed deletion , it takes a long time for the application to be marked as \"running\".
Click OK in the lower right corner of the page, and the system will automatically jump to the Helm Apps list page. Wait a few minutes and refresh the page to see the application you just installed.
Warning
If you need to delete the kubernetes-cronhpa-controller plugin, you should go to the Helm Apps list page to delete it completely.
If you delete the plug-in under the Auto Scaling tab of the workload, this only deletes the workload copy of the plug-in, and the plug-in itself is still not deleted, and an error will be prompted when the plug-in is reinstalled later.
Go back to the Auto Scaling tab under the workload details page, and you can see that the interface displays Plug-in installed . Now it's time to start creating CronHPA policies.
metrics-server is the built-in resource usage metrics collection component of Kubernetes. You can automatically scale Pod copies horizontally for workload resources by configuring HPA policies.
This section describes how to install metrics-server .
"},{"location":"en/end-user/kpanda/scale/install-metrics-server.html#prerequisites","title":"Prerequisites","text":"Before installing the metrics-server plugin, the following prerequisites need to be met:
Integrated the Kubernetes cluster or created the Kubernetes cluster, and you can access the UI interface of the cluster.
Created a namespace.
You should have permissions not lower than NS Editor. For details, refer to Namespace Authorization.
Please perform the following steps to install the metrics-server plugin for the cluster.
On the Auto Scaling page under workload details, click the Install button to enter the metrics-server plug-in installation interface.
Read the introduction of the metrics-server plugin, select the version and click the Install button. This page will use the 3.8.2 version as an example to install, and it is recommended that you install 3.8.2 and later versions.
Configure basic parameters on the installation configuration interface.
Note
After enabling Wait and/or Deletion failed , it takes a long time for the app to be marked as Running .
Advanced parameter configuration
If the cluster network cannot access the k8s.gcr.io repository, please try to modify the repositort parameter to repository: k8s.m.daocloud.io/metrics-server/metrics-server .
An SSL certificate is also required to install the metrics-server plugin. To bypass certificate verification, you need to add - --kubelet-insecure-tls parameter at defaultArgs: .
image:\n repository: k8s.m.daocloud.io/metrics-server/metrics-server # Change the registry source address to k8s.m.daocloud.io\n tag: ''\n pullPolicy: IfNotPresent\nimagePullSecrets: []\nnameOverride: ''\nfullnameOverride: ''\nserviceAccount:\n create: true\n annotations: {}\n name: ''\nrbac:\n create: true\n pspEnabled: false\napiService:\n create: true\npodLabels: {}\npodAnnotations: {}\npodSecurityContext: {}\nsecurityContext:\n allowPrivilegeEscalation: false\n readOnlyRootFilesystem: true\n runAsNonRoot: true\n runAsUser: 1000\npriorityClassName: system-cluster-critical\ncontainerPort: 4443\nhostNetwork:\n enabled: false\nreplicas: 1\nupdateStrategy: {}\npodDisruptionBudget:\n enabled: false\n minAvailable: null\n maxUnavailable: null\ndefaultArgs:\n - '--cert-dir=/tmp'\n - '--kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname'\n - '--kubelet-use-node-status-port'\n - '--metric-resolution=15s'\n - --kubelet-insecure-tls # Bypass certificate verification\nargs: []\nlivenessProbe:\n httpGet:\n path: /livez\n port:https\n scheme: HTTPS\n initialDelaySeconds: 0\n periodSeconds: 10\n failureThreshold: 3\nreadinessProbe:\n httpGet:\n path: /readyz\n port:https\n scheme: HTTPS\n initialDelaySeconds: 20\n periodSeconds: 10\n failureThreshold: 3\nservice:\n type: ClusterIP\n port: 443\n annotations: {}\n labels: {}\nmetrics:\n enabled: false\nserviceMonitor:\n enabled: false\n additionalLabels: {}\n interval: 1m\n scrapeTimeout: 10s\nresources: {}\nextraVolumeMounts: []\nextraVolumes: []\nnodeSelector: {}\ntolerations: []\naffinity: {}\n
Click the OK button to complete the installation of the metrics-server plug-in, and then the system will automatically jump to the Helm Apps list page. After a few minutes, refresh the page and you will see the newly installed Applications.
Note
When deleting the metrics-server plugin, the plugin can only be completely deleted on the Helm Apps list page. If you only delete metrics-server on the workload page, this only deletes the workload copy of the application, the application itself is still not deleted, and an error will be prompted when you reinstall the plugin later.
"},{"location":"en/end-user/kpanda/scale/install-vpa.html","title":"Install vpa","text":"The Vertical Pod Autoscaler, VPA, can make the resource allocation of the cluster more reasonable and avoid the waste of cluster resources. vpa is the key component to realize the vertical autoscaling of the container.
This section describes how to install the vpa plugin.
In order to use VPA policies, not only the __vpa__ plugin needs to be installed, but also [install the __metrics-server__ plugin](install-metrics-server.md).\n
"},{"location":"en/end-user/kpanda/scale/install-vpa.html#prerequisites","title":"Prerequisites","text":"Before installing the vpa plugin, the following prerequisites need to be met:
In the Container Management module Integrate Kubernetes Cluster or Create Kubernetes Cluster, and can access the cluster UI interface.
Create a namespace.
The current operating user should have NS Editor or higher permissions, for details, refer to Namespace Authorization.
Refer to the following steps to install the vpa plugin for the cluster.
On the Clusters page, find the target cluster where the plugin needs to be installed, click the name of the cluster, then click Workloads -> Deployments on the left, and click the name of the target workload.
On the workload details page, click the Auto Scaling tab, and click Install on the right side of VPA .
Read the relevant introduction of the plug-in, select the version and click the Install button. It is recommended to install 1.5.0 or later.
Review the configuration parameters described below.
Note
After enabling Wait and/or Deletion failed , it takes a long time for the application to be marked as running .
Click OK in the lower right corner of the page, and the system will automatically jump to the Helm Apps list page. Wait a few minutes and refresh the page to see the application you just installed.
Warning
If you need to delete the vpa plugin, you should go to the Helm Apps list page to delete it completely.
If you delete the plug-in under the Auto Scaling tab of the workload, this only deletes the workload copy of the plug-in, and the plug-in itself is still not deleted, and an error will be prompted when the plug-in is reinstalled later.
Go back to the Auto Scaling tab under the workload details page, and you can see that the interface displays Plug-in installed . Now you can start Create VPA policy.
Knative is a platform-agnostic solution for running serverless deployments.
"},{"location":"en/end-user/kpanda/scale/knative/install.html#steps","title":"Steps","text":"Log in to the cluster, click the sidebar Helm Apps \u2192 Helm Charts , enter knative in the search box at the top right, and then press the enter key to search.
Click the knative-operator to enter the installation configuration interface. You can view the available versions and the Parameters optional items of Helm values on this interface.
After clicking the install button, you will enter the installation configuration interface.
Enter the name, installation tenant, and it is recommended to check Wait and Detailed Logs .
In the settings below, you can tick Serving and enter the installation tenant of the Knative Serving component, which will deploy the Knative Serving component after installation. This component is managed by the Knative Operator.
Knative provides a higher level of abstraction, simplifying and speeding up the process of building, deploying, and managing applications on Kubernetes. It allows developers to focus more on implementing business logic, while leaving most of the infrastructure and operations work to Knative, significantly improving productivity.
"},{"location":"en/end-user/kpanda/scale/knative/knative.html#components","title":"Components","text":"The Knative operator runs the following components.
knative-operator knative-operator-58f7d7db5c-7f6r5 1/1 Running 0 6m55s\nknative-operator operator-webhook-667dc67bc-qvrv4 1/1 Running 0 6m55s\n
The Knative serving components are as follows.
knative-serving 3scale-kourier-gateway-d69fbfbd-bd8d8 1/1 Running 0 7m13s\nknative-serving activator-7c6fddd698-wdlng 1/1 Running 0 7m3s\nknative-serving autoscaler-8f4b876bb-kd25p 1/1 Running 0 7m17s\nknative-serving autoscaler-hpa-5f7f74679c-vkc7p 1/1 Running 0 7m15s\nknative-serving controller-789c896c46-tfvsv 1/1 Running 0 7m17s\nknative-serving net-kourier-controller-7db578c889-7gd5l 1/1 Running 0 7m14s\nknative-serving webhook-5c88b94c5-78x7m 1/1 Running 0 7m1s\nknative-serving storage-version-migration-serving-serving-1.12.2-t7zvd 0/1 Completed 0 7m15s\n
Component Features Activator Queues requests (if a Knative Service has scaled to zero). Calls the autoscaler to bring back services that have scaled down to zero and forward queued requests. The Activator can also act as a request buffer, handling bursts of traffic. Autoscaler Responsible for scaling Knative services based on configuration, metrics, and incoming requests. Controller Manages the state of Knative CRs. It monitors multiple objects, manages the lifecycle of dependent resources, and updates resource status. Queue-Proxy Sidecar container injected into each Knative Service. Responsible for collecting traffic data and reporting it to the Autoscaler, which then initiates scaling requests based on this data and preset rules. Webhooks Knative Serving has several Webhooks responsible for validating and mutating Knative resources."},{"location":"en/end-user/kpanda/scale/knative/knative.html#ingress-traffic-entry-solutions","title":"Ingress Traffic Entry Solutions","text":"Solution Use Case Istio If Istio is already in use, it can be chosen as the traffic entry solution. Contour If Contour has been enabled in the cluster, it can be chosen as the traffic entry solution. Kourier If neither of the above two Ingress components are present, Knative's Envoy-based Kourier Ingress can be used as the traffic entry solution."},{"location":"en/end-user/kpanda/scale/knative/knative.html#autoscaler-solutions-comparison","title":"Autoscaler Solutions Comparison","text":"Autoscaler Type Core Part of Knative Serving Default Enabled Scale to Zero Support CPU-based Autoscaling Support Knative Pod Autoscaler (KPA) Yes Yes Yes No Horizontal Pod Autoscaler (HPA) No Needs to be enabled after installing Knative Serving No Yes"},{"location":"en/end-user/kpanda/scale/knative/knative.html#crd","title":"CRD","text":"Resource Type API Name Description Services service.serving.knative.dev
Automatically manages the entire lifecycle of Workloads, controls the creation of other objects, ensures applications have Routes, Configurations, and new revisions with each update. Routes route.serving.knative.dev
Maps network endpoints to one or more revision versions, supports traffic distribution and version routing. Configurations configuration.serving.knative.dev
Maintains the desired state of deployments, provides separation between code and configuration, follows the Twelve-Factor App methodology, modifying configurations creates new revisions. Revisions revision.serving.knative.dev
Snapshot of the workload at each modification time point, immutable object, automatically scales based on traffic."},{"location":"en/end-user/kpanda/scale/knative/playground.html","title":"Knative Practices","text":"In this section, we will delve into learning Knative through several practical exercises.
"},{"location":"en/end-user/kpanda/scale/knative/playground.html#case-1-hello-world","title":"case 1 - Hello World","text":"apiVersion: serving.knative.dev/v1\nkind: Service\nmetadata:\n name: hello\nspec:\n template:\n spec:\n containers:\n - image: m.daocloud.io/ghcr.io/knative/helloworld-go:latest\n ports:\n - containerPort: 8080\n env:\n - name: TARGET\n value: \"World\"\n
You can use kubectl
to check the status of a deployed application that has been automatically configured with ingress and scalers by Knative.
~ kubectl get service.serving.knative.dev/hello\nNAME URL LATESTCREATED LATESTREADY READY REASON\nhello http://hello.knative-serving.knative.loulan.me hello-00001 hello-00001 True\n
The deployed Pod YAML is as follows, consisting of two Pods: user-container
and queue-proxy
.
apiVersion: v1\nkind: Pod\nmetadata:\n name: hello-00003-deployment-5fcb8ccbf-7qjfk\nspec:\n containers:\n - name: user-container\n - name: queue-proxy\n
Request Flow:
case3 When the traffic decreases again, traffic will be routed back to the activator if the traffic is lower than current_demand + target-burst-capacity > (pods * concurrency-target).
The total number of pending requests + the number of requests that can exceed the target concurrency > the target concurrency per Pod * number of Pods.
We first apply the following YAML definition under the cluster.
apiVersion: serving.knative.dev/v1\nkind: Service\nmetadata:\n name: hello\nspec:\n template:\n metadata:\n annotations:\n autoscaling.knative.dev/target: \"1\"\n autoscaling.knative.dev/class: \"kpa.autoscaling.knative.dev\"\n spec:\n containers:\n - image: m.daocloud.io/ghcr.io/knative/helloworld-go:latest\n ports:\n - containerPort: 8080\n env:\n - name: TARGET\n value: \"World\"\n
Execute the following command for testing, and you can observe the scaling of the Pods by using kubectl get pods -A -w
.
wrk -t2 -c4 -d6s http://hello.knative-serving.knative.daocloud.io/\n
"},{"location":"en/end-user/kpanda/scale/knative/playground.html#case-3-based-on-concurrent-elastic-scaling-scale-out-in-advance-to-reach-a-specific-ratio","title":"case 3 - Based on concurrent elastic scaling, scale out in advance to reach a specific ratio.","text":"We can easily achieve this, for example, by limiting the concurrency to 10 per container. This can be implemented through autoscaling.knative.dev/target-utilization-percentage: 70
, starting to scale out the Pods when 70% is reached.
apiVersion: serving.knative.dev/v1\nkind: Service\nmetadata:\n name: hello\nspec:\n template:\n metadata:\n annotations:\n autoscaling.knative.dev/target: \"10\"\n autoscaling.knative.dev/class: \"kpa.autoscaling.knative.dev\"\n \u00a0 \u00a0 \u00a0 \u00a0autoscaling.knative.dev/target-utilization-percentage: \"70\" \n \u00a0 \u00a0 \u00a0 \u00a0autoscaling.knative.dev/metric: \"concurrency\"\n \u00a0 \u00a0 spec:\n containers:\n - image: m.daocloud.io/ghcr.io/knative/helloworld-go:latest\n ports:\n - containerPort: 8080\n env:\n - name: TARGET\n value: \"World\"\n
"},{"location":"en/end-user/kpanda/scale/knative/playground.html#case-4-canary-releasetraffic-percentage","title":"case 4 - Canary Release/Traffic Percentage","text":"We can control the distribution of traffic to each version through spec.traffic
.
apiVersion: serving.knative.dev/v1\nkind: Service\nmetadata:\n name: hello\nspec:\n template:\n metadata:\n annotations:\n autoscaling.knative.dev/target: \"1\" \n autoscaling.knative.dev/class: \"kpa.autoscaling.knative.dev\" \n spec:\n containers:\n - image: m.daocloud.io/ghcr.io/knative/helloworld-go:latest\n ports:\n - containerPort: 8080\n env:\n - name: TARGET\n value: \"World\"\n traffic:\n - latestRevision: true\n percent: 50\n - latestRevision: false\n percent: 50\n revisionName: hello-00001\n
"},{"location":"en/end-user/kpanda/scale/knative/scene.html","title":"Use Cases","text":""},{"location":"en/end-user/kpanda/scale/knative/scene.html#suitable-cases","title":"Suitable Cases","text":"AI platform Container Management provides three types of security scans:
The object of compliance scanning is the cluster node. The scan result lists the scan items and results and provides repair suggestions for any failed scan items. For specific security rules used during scanning, refer to the CIS Kubernetes Benchmark.
The focus of the scan varies when checking different types of nodes.
Scan the control plane node (Controller)
Scan worker nodes
Tip
To use compliance scanning, you need to create a scan configuration first, and then create a scan policy based on that configuration. After executing the scan policy, you can view the scan report.
"},{"location":"en/end-user/kpanda/security/index.html#authorization-scan","title":"Authorization Scan","text":"Authorization scanning focuses on security vulnerabilities caused by authorization issues. Authorization scans can help users identify security threats in Kubernetes clusters, identify which resources need further review and protection measures. By performing these checks, users can gain a clearer and more comprehensive understanding of their Kubernetes environment and ensure that the cluster environment meets Kubernetes' best practices and security standards.
Specifically, authorization scanning supports the following operations:
Scans the health status of all nodes in the cluster.
Scans the running state of components in the cluster, such as kube-apiserver , kube-controller-manager , kube-scheduler , etc.
Scans security configurations: Check Kubernetes' security configuration.
Provides warnings and suggestions: Security best practices that cluster administrators should perform, such as regularly rotating certificates, using strong passwords, restricting network access, etc.
Tip
To use authorization scanning, you need to create a scan policy first. After executing the scan policy, you can view the scan report. For details, refer to Security Scanning.
"},{"location":"en/end-user/kpanda/security/index.html#vulnerability-scan","title":"Vulnerability Scan","text":"Vulnerability scanning focuses on scanning potential malicious attacks and security vulnerabilities, such as remote code execution, SQL injection, XSS attacks, and some attacks specific to Kubernetes. The final scan report lists the security vulnerabilities in the cluster and provides repair suggestions.
Tip
To use vulnerability scanning, you need to create a scan policy first. After executing the scan policy, you can view the scan report. For details, refer to Vulnerability Scan.
"},{"location":"en/end-user/kpanda/security/audit.html","title":"Permission Scan","text":"To use the Permission Scan feature, you need to create a scan policy first. After executing the policy, a scan report will be automatically generated for viewing.
"},{"location":"en/end-user/kpanda/security/audit.html#create-a-scan-policy","title":"Create a Scan Policy","text":"On the left navigation bar of the homepage in the Container Management module, click Security Management .
Click Permission Scan on the left navigation bar, then click the Scan Policy tab and click Create Scan Policy on the right.
Fill in the configuration according to the following instructions, and then click OK .
Scan Type:
Number of Scan Reports to Keep: Set the maximum number of scan reports to be kept. When the specified retention quantity is exceeded, delete from the earliest report.
After creating a scan policy, you can update or delete it as needed.
Under the Scan Policy tab, click the \u2507 action button to the right of a configuration:
For periodic scan policies:
For one-time scan policies: Only support the Delete operation.
Under the Security Management -> Permission Scanning -> Scan Reports tab, click the report name.
Clicking Delete on the right of a report allows you to manually delete the report.
View the scan report content, including:
To use the Vulnerability Scan feature, you need to create a scan policy first. After executing the policy, a scan report will be automatically generated for viewing.
"},{"location":"en/end-user/kpanda/security/hunter.html#create-a-scan-policy","title":"Create a Scan Policy","text":"On the left navigation bar of the homepage in the Container Management module, click Security Management .
Click Vulnerability Scan on the left navigation bar, then click the Scan Policy tab and click Create Scan Policy on the right.
Fill in the configuration according to the following instructions, and then click OK .
Scan Type:
Number of Scan Reports to Keep: Set the maximum number of scan reports to be kept. When the specified retention quantity is exceeded, delete from the earliest report.
After creating a scan policy, you can update or delete it as needed.
Under the Scan Policy tab, click the \u2507 action button to the right of a configuration:
For periodic scan policies:
For one-time scan policies: Only support the Delete operation.
Under the Security Management -> Vulnerability Scanning -> Scan Reports tab, click the report name.
Clicking Delete on the right of a report allows you to manually delete the report.
View the scan report content, including:
The first step in using CIS Scanning is to create a scan configuration. Based on the scan configuration, you can then create scan policies, execute scan policies, and finally view scan results.
"},{"location":"en/end-user/kpanda/security/cis/config.html#create-a-scan-configuration","title":"Create a Scan Configuration","text":"The steps for creating a scan configuration are as follows:
Click Security Management in the left navigation bar of the homepage of the container management module.
By default, enter the Compliance Scanning page, click the Scan Configuration tab, and then click Create Scan Configuration in the upper-right corner.
Fill in the configuration name, select the configuration template, and optionally check the scan items, then click OK .
Scan Template: Currently, two templates are provided. The kubeadm template is suitable for general Kubernetes clusters. The daocloud template ignores scan items that are not applicable to AI platform based on the kubeadm template and the platform design of AI platform.
Under the scan configuration tab, clicking the name of a scan configuration displays the type of the configuration, the number of scan items, the creation time, the configuration template, and the specific scan items enabled for the configuration.
"},{"location":"en/end-user/kpanda/security/cis/config.html#updatdelete-scan-configuration","title":"Updat/Delete Scan Configuration","text":"After a scan configuration has been successfully created, it can be updated or deleted according to your needs.
Under the scan configuration tab, click the \u2507 action button to the right of a configuration:
After creating a scan configuration, you can create a scan policy based on the configuration.
Under the Security Management -> Compliance Scanning page, click the Scan Policy tab on the right to create a scan policy.
Fill in the configuration according to the following instructions and click OK .
Scan Type:
Number of Scan Reports to Keep: Set the maximum number of scan reports to be kept. When the specified retention quantity is exceeded, delete from the earliest report.
After creating a scan policy, you can update or delete it as needed.
Under the Scan Policy tab, click the \u2507 action button to the right of a configuration:
For periodic scan policies:
For one-time scan policies: Only support the Delete operation.
After executing a scan policy, a scan report will be generated automatically. You can view the scan report online or download it to your local computer.
Download and View
Under the Security Management -> Compliance Scanning page, click the Scan Report tab, then click the \u2507 action button to the right of a report and select Download .
View Online
Clicking the name of a report allows you to view its content online, which includes:
A data volume (PersistentVolume, PV) is a piece of storage in the cluster, which can be prepared in advance by the administrator, or dynamically prepared using a storage class (Storage Class). PV is a cluster resource, but it has an independent life cycle and will not be deleted when the Pod process ends. Mounting PVs to workloads can achieve data persistence for workloads. The PV holds the data directory that can be accessed by the containers in the Pod.
"},{"location":"en/end-user/kpanda/storage/pv.html#create-data-volume","title":"Create data volume","text":"Currently, there are two ways to create data volumes: YAML and form. These two ways have their own advantages and disadvantages, and can meet the needs of different users.
There are fewer steps and more efficient creation through YAML, but the threshold requirement is high, and you need to be familiar with the YAML file configuration of the data volume.
It is more intuitive and easier to create through the form, just fill in the proper values \u200b\u200baccording to the prompts, but the steps are more cumbersome.
Click the name of the target cluster in the cluster list, and then click Container Storage -> Data Volume (PV) -> Create with YAML in the left navigation bar.
Enter or paste the prepared YAML file in the pop-up box, and click OK at the bottom of the pop-up box.
Supports importing YAML files from local or downloading and saving filled files to local.
Click the name of the target cluster in the cluster list, and then click Container Storage -> Data Volume (PV) -> Create Data Volume (PV) in the left navigation bar.
Fill in the basic information.
Data volume type: For a detailed introduction to volume types, refer to the official Kubernetes document Volumes.
Local: The local storage of the Node node is packaged into a PVC interface, and the container directly uses the PVC without paying attention to the underlying storage type. Local volumes do not support dynamic configuration of data volumes, but support configuration of node affinity, which can limit which nodes can access the data volume.
HostPath: Use files or directories on the file system of Node nodes as data volumes, and do not support Pod scheduling based on node affinity.
Mount path: mount the data volume to a specific directory in the container.
access mode:
Recycling policy:
Volume mode:
Node affinity:
Click the name of the target cluster in the cluster list, and then click Container Storage -> Data Volume (PV) in the left navigation bar.
On this page, you can view all data volumes in the current cluster, as well as information such as the status, capacity, and namespace of each data volume.
Supports sequential or reverse sorting according to the name, status, namespace, and creation time of data volumes.
Click the name of a data volume to view the basic configuration, StorageClass information, labels, comments, etc. of the data volume.
By cloning a data volume, a new data volume can be recreated based on the configuration of the cloned data volume.
Enter the clone page
On the data volume list page, find the data volume to be cloned, and select Clone under the operation bar on the right.
You can also click the name of the data volume, click the operation button in the upper right corner of the details page and select Clone .
Use the original configuration directly, or modify it as needed, and click OK at the bottom of the page.
There are two ways to update data volumes. Support for updating data volumes via forms or YAML files.
Note
Only updating the alias, capacity, access mode, reclamation policy, label, and comment of the data volume is supported.
On the data volume list page, find the data volume that needs to be updated, select Update under the operation bar on the right to update through the form, select Edit YAML to update through YAML.
Click the name of the data volume to enter the details page of the data volume, select Update in the upper right corner of the page to update through the form, select Edit YAML to update through YAML.
On the data volume list page, find the data to be deleted, and select Delete in the operation column on the right.
You can also click the name of the data volume, click the operation button in the upper right corner of the details page and select Delete .
"},{"location":"en/end-user/kpanda/storage/pvc.html","title":"Data volume declaration (PVC)","text":"A persistent volume claim (PersistentVolumeClaim, PVC) expresses a user's request for storage. PVC consumes PV resources and claims a data volume with a specific size and specific access mode. For example, the PV volume is required to be mounted in ReadWriteOnce, ReadOnlyMany or ReadWriteMany modes.
"},{"location":"en/end-user/kpanda/storage/pvc.html#create-data-volume-statement","title":"Create data volume statement","text":"Currently, there are two ways to create data volume declarations: YAML and form. These two ways have their own advantages and disadvantages, and can meet the needs of different users.
There are fewer steps and more efficient creation through YAML, but the threshold requirement is high, and you need to be familiar with the YAML file configuration of the data volume declaration.
It is more intuitive and easier to create through the form, just fill in the proper values \u200b\u200baccording to the prompts, but the steps are more cumbersome.
Click the name of the target cluster in the cluster list, and then click Container Storage -> Data Volume Declaration (PVC) -> Create with YAML in the left navigation bar.
Enter or paste the prepared YAML file in the pop-up box, and click OK at the bottom of the pop-up box.
Supports importing YAML files from local or downloading and saving filled files to local.
Click the name of the target cluster in the cluster list, and then click Container Storage -> Data Volume Declaration (PVC) -> Create Data Volume Declaration (PVC) in the left navigation bar.
Fill in the basic information.
Creation method: dynamically create a new data volume claim in an existing StorageClass or data volume, or create a new data volume claim based on a snapshot of a data volume claim.
The declared capacity of the data volume cannot be modified when the snapshot is created, and can be modified after the creation is complete.
After selecting the creation method, select the desired StorageClass/data volume/snapshot from the drop-down list.
access mode:
ReadWriteOnce, the data volume declaration can be mounted by a node in read-write mode.
Click the name of the target cluster in the cluster list, and then click Container Storage -> Data Volume Declaration (PVC) in the left navigation bar.
On this page, you can view all data volume declarations in the current cluster, as well as information such as the status, capacity, and namespace of each data volume declaration.
Supports sorting in sequential or reverse order according to the declared name, status, namespace, and creation time of the data volume.
Click the name of the data volume declaration to view the basic configuration, StorageClass information, labels, comments and other information of the data volume declaration.
In the left navigation bar, click Container Storage -> Data Volume Declaration (PVC) , and find the data volume declaration whose capacity you want to adjust.
Click the name of the data volume declaration, and then click the operation button in the upper right corner of the page and select Expansion .
Enter the target capacity and click OK .
By cloning a data volume claim, a new data volume claim can be recreated based on the configuration of the cloned data volume claim.
Enter the clone page
On the data volume declaration list page, find the data volume declaration that needs to be cloned, and select Clone under the operation bar on the right.
You can also click the name of the data volume declaration, click the operation button in the upper right corner of the details page and select Clone .
Use the original configuration directly, or modify it as needed, and click OK at the bottom of the page.
There are two ways to update data volume claims. Support for updating data volume claims via form or YAML file.
Note
Only aliases, labels, and annotations for data volume claims are updated.
On the data volume list page, find the data volume declaration that needs to be updated, select Update in the operation bar on the right to update it through the form, and select Edit YAML to update it through YAML.
Click the name of the data volume declaration, enter the details page of the data volume declaration, select Update in the upper right corner of the page to update through the form, select Edit YAML to update through YAML.
On the data volume declaration list page, find the data to be deleted, and select Delete in the operation column on the right.
You can also click the name of the data volume statement, click the operation button in the upper right corner of the details page and select Delete .
"},{"location":"en/end-user/kpanda/storage/pvc.html#common-problem","title":"common problem","text":"If there is no optional StorageClass or data volume in the list, you can Create a StorageClass or Create a data volume.
If there is no optional snapshot in the list, you can enter the details page of the data volume declaration and create a snapshot in the upper right corner.
If the StorageClass (SC) used by the data volume declaration is not enabled for snapshots, snapshots cannot be made, and the page will not display the \"Make Snapshot\" option.
The AI platform container management module supports sharing a StorageClass with multiple namespaces to improve resource utilization efficiency.
Find the StorageClass that needs to be shared in the StorageClass list, and click Authorize Namespace under the operation bar on the right.
Click Custom Namespace to select which namespaces this StorageClass needs to be shared to one by one.
A StorageClass refers to a large storage resource pool composed of many physical disks. This platform supports the creation of block StorageClass, local StorageClass, and custom StorageClass after accessing various storage vendors, and then dynamically configures data volumes for workloads.
"},{"location":"en/end-user/kpanda/storage/sc.html#create-storageclass-sc","title":"Create StorageClass (SC)","text":"Currently, it supports creating StorageClass through YAML and forms. These two methods have their own advantages and disadvantages, and can meet the needs of different users.
There are fewer steps and more efficient creation through YAML, but the threshold requirement is high, and you need to be familiar with the YAML file configuration of the StorageClass.
It is more intuitive and easier to create through the form, just fill in the proper values \u200b\u200baccording to the prompts, but the steps are more cumbersome.
Click the name of the target cluster in the cluster list, and then click Container Storage -> StorageClass (SC) -> Create with YAML in the left navigation bar.
Enter or paste the prepared YAML file in the pop-up box, and click OK at the bottom of the pop-up box.
Supports importing YAML files from local or downloading and saving filled files to local.
Click the name of the target cluster in the cluster list, and then click Container Storage -> StorageClass (SC) -> Create StorageClass (SC) in the left navigation bar.
Fill in the basic information and click OK at the bottom.
CUSTOM STORAGE SYSTEM
CSI storage driver: A standard Kubernetes-based container storage interface plug-in, which must comply with the format specified by the storage manufacturer, such as rancher.io/local-path .
HwameiStor storage system
lvm.hwameistor.io
.hdd.hwameistor.io
.On the StorageClass list page, find the StorageClass that needs to be updated, and select Edit under the operation bar on the right to update the StorageClass.
Info
Select View YAML to view the YAML file of the StorageClass, but editing is not supported.
"},{"location":"en/end-user/kpanda/storage/sc.html#delete-storageclass-sc","title":"Delete StorageClass (SC)","text":"On the StorageClass list page, find the StorageClass to be deleted, and select Delete in the operation column on the right.
"},{"location":"en/end-user/kpanda/workloads/create-cronjob.html","title":"Create CronJob","text":"This page introduces how to create a CronJob through images and YAML files.
CronJobs are suitable for performing periodic operations, such as backup and report generation. These jobs can be configured to repeat periodically (for example: daily/weekly/monthly), and the time interval at which the job starts to run can be defined.
"},{"location":"en/end-user/kpanda/workloads/create-cronjob.html#prerequisites","title":"Prerequisites","text":"Before creating a CronJob, the following prerequisites need to be met:
In the Container Management module Integrate Kubernetes Cluster or Create Kubernetes Cluster, and can access the cluster UI interface.
Create a namespace and a user.
The current operating user should have NS Editor or higher permissions, for details, refer to Namespace Authorization.
When there are multiple containers in a single instance, please make sure that the ports used by the containers do not conflict, otherwise the deployment will fail.
Refer to the following steps to create a CronJob using the image.
Click Clusters on the left navigation bar, and then click the name of the target cluster to enter the cluster details page.
On the cluster details page, click Workloads -> CronJobs in the left navigation bar, and then click the Create by Image button in the upper right corner of the page.
Fill in Basic Information, Container Settings, CronJob Settings, Advanced Configuration, click OK in the lower right corner of the page to complete the creation.
The system will automatically return to the CronJobs list. Click \u2507 on the right side of the list to perform operations such as updating, deleting, and restarting the CronJob.
On the Create CronJobs page, enter the information according to the table below, and click Next .
Container setting is divided into six parts: basic information, life cycle, health check, environment variables, data storage, and security settings. Click the tab below to view the requirements of each part.
Container setting is only configured for a single container. To add multiple containers to a pod, click + on the right to add multiple containers.
Basic information (required)Lifecycle (optional)Health Check (optional)Environment variables (optional)Data storage (optional)Security settings (optional)
When configuring container-related parameters, you must correctly fill in the container name and image parameters, otherwise you will not be able to proceed to the next step. After filling in the configuration with reference to the following requirements, click OK .
GPU Exclusive: Configure the GPU usage for the container, only positive integers are supported. The GPU quota setting supports setting exclusive use of the entire GPU or part of the vGPU for the container. For example, for an 8-core GPU, enter the number 8 to let the container exclusively use the entire length of the card, and enter the number 1 to configure a 1-core vGPU for the container.
Before setting exclusive GPU, the administrator needs to install the GPU and driver plug-in on the cluster nodes in advance, and enable the GPU feature in Cluster Settings.
Set the commands that need to be executed when the container starts, after starting, and before stopping. For details, refer to Container Lifecycle Configuration.
It is used to judge the health status of containers and applications, which helps to improve the availability of applications. For details, refer to Container Health Check Configuration.
Configure container parameters within the Pod, add environment variables or pass configuration to the Pod, etc. For details, refer to Container environment variable configuration.
Configure the settings for container mounting data volumes and data persistence. For details, refer to Container Data Storage Configuration.
Containers are securely isolated through Linux's built-in account authority isolation mechanism. You can limit container permissions by using account UIDs (digital identity tokens) with different permissions. For example, enter 0 to use the privileges of the root account.
"},{"location":"en/end-user/kpanda/workloads/create-cronjob.html#cronjob-settings","title":"CronJob Settings","text":"Concurrency Policy: Whether to allow multiple Job jobs to run in parallel.
The above rules only apply to multiple jobs created by the same CronJob. Multiple jobs created by multiple CronJobs are always allowed to run concurrently.
Policy Settings: Set the time period for job execution based on minutes, hours, days, weeks, and months. Support custom Cron expressions with numbers and *
, after inputting the expression, the meaning of the current expression will be prompted. For detailed expression syntax rules, refer to Cron Schedule Syntax.
Configure Service for the statefulset, so that the statefulset can be accessed externally.
Click the Create Service button.
Refer to Create Service to configure service parameters.
Click OK and click Next .
The advanced configuration of CronJobs mainly involves labels and annotations.
You can click the Add button to add labels and annotations to the workload instance Pod.
"},{"location":"en/end-user/kpanda/workloads/create-cronjob.html#create-from-yaml","title":"Create from YAML","text":"In addition to mirroring, you can also create timed jobs more quickly through YAML files.
Click Clusters on the left navigation bar, and then click the name of the target cluster to enter the cluster details page.
On the cluster details page, click Workloads -> CronJobs in the left navigation bar, and then click the Create from YAML button in the upper right corner of the page.
Enter or paste the YAML file prepared in advance, click OK to complete the creation.
apiVersion: batch/v1\nkind: CronJob\nmetadata:\n creationTimestamp: '2022-12-26T09:45:47Z'\n generation: 1\n name: demo\n namespace: default\n resourceVersion: '92726617'\n uid: d030d8d7-a405-4dcd-b09a-176942ef36c9\nspec:\n concurrencyPolicy: Allow\n failedJobsHistoryLimit: 1\n jobTemplate:\n metadata:\n creationTimestamp: null\n spec:\n activeDeadlineSeconds: 360\n backoffLimit: 6\n template:\n metadata:\n creationTimestamp: null\n spec:\n containers:\n - image: nginx\n imagePullPolicy: IfNotPresent\n lifecycle: {}\n name: container-3\n resources:\n limits:\n cpu: 250m\n memory: 512Mi\n requests:\n cpu: 250m\n memory: 512Mi\n securityContext:\n privileged: false\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n dnsPolicy: ClusterFirst\n restartPolicy: Never\n schedulerName: default-scheduler\n securityContext: {}\n terminationGracePeriodSeconds: 30\n schedule: 0 0 13 * 5\n successfulJobsHistoryLimit: 3\n suspend: false\nstatus: {}\n
"},{"location":"en/end-user/kpanda/workloads/create-daemonset.html","title":"Create DaemonSet","text":"This page introduces how to create a daemonSet through image and YAML files.
DaemonSet is connected to taint through node affinity feature ensures that a replica of a Pod is running on all or some of the nodes. For nodes that newly joined the cluster, DaemonSet automatically deploys the proper Pod on the new node and tracks the running status of the Pod. When a node is removed, the DaemonSet deletes all Pods it created.
Common cases for daemons include:
For simplicity, a DaemonSet can be started on each node for each type of daemon. For finer and more advanced daemon management, you can also deploy multiple DaemonSets for the same daemon. Each DaemonSet has different flags and has different memory, CPU requirements for different hardware types.
"},{"location":"en/end-user/kpanda/workloads/create-daemonset.html#prerequisites","title":"Prerequisites","text":"Before creating a DaemonSet, the following prerequisites need to be met:
In the Container Management module Integrate Kubernetes Cluster or Create Kubernetes Cluster, and can access the cluster UI interface.
Create a namespace and a user.
The current operating user should have NS Editor or higher permissions, for details, refer to Namespace Authorization.
When there are multiple containers in a single instance, please make sure that the ports used by the containers do not conflict, otherwise the deployment will fail.
Refer to the following steps to create a daemon using the image.
Click Clusters on the left navigation bar, and then click the name of the target cluster to enter the cluster details page.
On the cluster details page, click Workloads -> DaemonSets in the left navigation bar, and then click the Create by Image button in the upper right corner of the page.
Fill in Basic Information, Container Settings, Service Settings, Advanced Settings, click OK in the lower right corner of the page to complete the creation.
The system will automatically return the list of DaemonSets . Click \u2507 on the right side of the list to perform operations such as updating, deleting, and restarting the DaemonSet.
On the Create DaemonSets page, after entering the information according to the table below, click Next .
Container setting is divided into six parts: basic information, life cycle, health check, environment variables, data storage, and security settings. Click the tab below to view the requirements of each part.
Container setting is only configured for a single container. To add multiple containers to a pod, click + on the right to add multiple containers.
Basic information (required)Lifecycle (optional)Health Check (optional)Environment variables (optional)Data storage (optional)Security settings (optional)When configuring container-related parameters, you must correctly fill in the container name and image parameters, otherwise you will not be able to proceed to the next step. After filling in the settings with reference to the following requirements, click OK .
GPU Exclusive: Configure the GPU usage for the container, only positive integers are supported. The GPU quota setting supports setting exclusive use of the entire GPU or part of the vGPU for the container. For example, for an 8-core GPU, enter the number 8 to let the container exclusively use the entire length of the card, and enter the number 1 to configure a 1-core vGPU for the container.
Before setting exclusive GPU, the administrator needs to install the GPU and driver plug-in on the cluster nodes in advance, and enable the GPU feature in Cluster Settings.
Set the commands that need to be executed when the container starts, after starting, and before stopping. For details, refer to Container Lifecycle Configuration.
It is used to judge the health status of containers and applications, which helps to improve the availability of applications. For details, refer to Container Health Check Configuration.
Configure container parameters within the Pod, add environment variables or pass settings to the Pod, etc. For details, refer to Container environment variable settings.
Configure the settings for container mounting data volumes and data persistence. For details, refer to Container Data Storage Configuration.
Containers are securely isolated through Linux's built-in account authority isolation mechanism. You can limit container permissions by using account UIDs (digital identity tokens) with different permissions. For example, enter 0 to use the privileges of the root account.
"},{"location":"en/end-user/kpanda/workloads/create-daemonset.html#service-settings","title":"Service settings","text":"Create a Service (Service) for the daemon, so that the daemon can be accessed externally.
Click the Create Service button.
Configure service parameters, refer to Create Service for details.
Click OK and click Next .
Advanced setting includes four parts: load network settings, upgrade policy, scheduling policy, label and annotation. You can click the tabs below to view the requirements of each part.
Network ConfigurationUpgrade PolicyScheduling PoliciesLabels and AnnotationsIn some cases, the application will have redundant DNS queries. Kubernetes provides DNS-related settings options for applications, which can effectively reduce redundant DNS queries and increase business concurrency in certain cases.
DNS Policy
Nameservers: fill in the address of the domain name server, such as 10.6.175.20 .
For details, refer to Scheduling Policy.
You can click the Add button to add tags and annotations to workloads and pods.
"},{"location":"en/end-user/kpanda/workloads/create-daemonset.html#create-from-yaml","title":"Create from YAML","text":"In addition to image, you can also create daemons more quickly through YAML files.
Click Clusters on the left navigation bar, and then click the name of the target cluster to enter the Cluster Details page.
On the cluster details page, click Workload -> Daemons in the left navigation bar, and then click the YAML Create button in the upper right corner of the page.
Enter or paste the YAML file prepared in advance, click OK to complete the creation.
kind: DaemonSet\n apiVersion: apps/v1\n metadata:\n name: hwameistor-local-disk-manager\n namespace: hwameistor\n uid: ccbdc098-7de3-4a8a-96dd-d1cee159c92b\n resourceVersion: '90999552'\n generation: 1\n creationTimestamp: '2022-12-15T09:03:44Z'\n labels:\n app.kubernetes.io/managed-by: Helm\n annotations:\n deprecated.DaemonSet.template.generation: '1'\n meta.helm.sh/release-name: hwameistor\n meta.helm.sh/release-namespace:hwameistor\n spec:\n selector:\n matchLabels:\n app: hwameistor-local-disk-manager\n template:\n metadata:\n creationTimestamp: null\n labels:\n app: hwameistor-local-disk-manager\n spec:\n volumes:\n - name: udev\n hostPath:\n path: /run/udev\n type: Directory\n - name: procmount\n hostPath:\n path: /proc\n type: Directory\n - name: devmount\n hostPath:\n path: /dev\n type: Directory\n - name: socket-dir\n hostPath:\n path: /var/lib/kubelet/plugins/disk.hwameistor.io\n type: DirectoryOrCreate\n - name: registration-dir\n hostPath:\n path: /var/lib/kubelet/plugins_registry/\n type: Directory\n - name: plugin-dir\n hostPath:\n path: /var/lib/kubelet/plugins\n type: DirectoryOrCreate\n - name: pods-mount-dir\n hostPath:\n path: /var/lib/kubelet/pods\n type: DirectoryOrCreate\n containers:\n - name: registrar\n image: k8s-gcr.m.daocloud.io/sig-storage/csi-node-driver-registrar:v2.5.0\n args:\n - '--v=5'\n - '--csi-address=/csi/csi.sock'\n - >-\n --kubelet-registration-path=/var/lib/kubelet/plugins/disk.hwameistor.io/csi.sock\n env:\n - name: KUBE_NODE_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: spec.nodeName\n resources: {}\n volumeMounts:\n - name: socket-dir\n mountPath: /csi\n - name: registration-dir\n mountPath: /registration\n lifecycle:\n preStop:\n exec:\n command:\n - /bin/sh\n - '-c'\n - >-\n rm -rf /registration/disk.hwameistor.io\n /registration/disk.hwameistor.io-reg.sock\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: IfNotPresent\n -name: managerimage: ghcr.m.daocloud.io/hwameistor/local-disk-manager:v0.6.1\n command:\n - /local-disk-manager\n args:\n - '--endpoint=$(CSI_ENDPOINT)'\n - '--nodeid=$(NODENAME)'\n - '--csi-enable=true'\n env:\n - name: CSI_ENDPOINT\n value: unix://var/lib/kubelet/plugins/disk.hwameistor.io/csi.sock\n - name: NAMESPACE\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n - name: WATCH_NAMESPACE\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n - name: POD_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.name\n - name: NODENAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: spec.nodeName\n - name: OPERATOR_NAME\n value: local-disk-manager\n resources: {}\n volumeMounts:\n - name: udev\n mountPath: /run/udev\n - name: procmount\n readOnly: true\n mountPath: /host/proc\n - name: devmount\n mountPath: /dev\n - name: registration-dir\n mountPath: /var/lib/kubelet/plugins_registry\n - name: plugin-dir\n mountPath: /var/lib/kubelet/plugins\n mountPropagation: Bidirectional\n - name: pods-mount-dir\n mountPath: /var/lib/kubelet/pods\n mountPropagation: Bidirectional\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: IfNotPresent\n securityContext:\n privileged: true\n restartPolicy: Always\n terminationGracePeriodSeconds: 30\n dnsPolicy: ClusterFirst\n serviceAccountName: hwameistor-admin\n serviceAccount: hwameistor-admin\n hostNetwork: true\n hostPID: true\n securityContext: {}\n schedulerName: default-scheduler\n tolerations:\n - key: CriticalAddonsOnly\n operator: Exists\n - key: node.kubernetes.io/not-ready\n operator: Exists\n effect: NoSchedule\n - key: node-role.kubernetes.io/master\n operator: Exists\n effect: NoSchedule\n - key: node-role.kubernetes.io/control-plane\n operator: Exists\n effect: NoSchedule\n - key: node.cloudprovider.kubernetes.io/uninitialized\n operator: Exists\n effect: NoSchedule\n updateStrategy:\n type: RollingUpdate\n rollingUpdate:\n maxUnavailable: 1\n maxSurge: 0\n revisionHistoryLimit: 10\nstatus:\n currentNumberScheduled: 4\n numberMisscheduled: 0\n desiredNumberScheduled: 4\n numberReady: 4\n observedGeneration: 1\n updatedNumberScheduled: 4\n numberAvailable: 4\n
"},{"location":"en/end-user/kpanda/workloads/create-deployment.html","title":"Create Deployment","text":"This page describes how to create deployments through images and YAML files.
Deployment is a common resource in Kubernetes, mainly Pod and ReplicaSet provide declarative updates, support elastic scaling, rolling upgrades, and version rollbacks features. Declare the desired Pod state in the Deployment, and the Deployment Controller will modify the current state through the ReplicaSet to make it reach the pre-declared desired state. Deployment is stateless and does not support data persistence. It is suitable for deploying stateless applications that do not need to save data and can be restarted and rolled back at any time.
Through the container management module of AI platform, workloads on multicloud and multiclusters can be easily managed based on proper role permissions, including the creation of deployments, Full life cycle management such as update, deletion, elastic scaling, restart, and version rollback.
"},{"location":"en/end-user/kpanda/workloads/create-deployment.html#prerequisites","title":"Prerequisites","text":"Before using image to create deployments, the following prerequisites need to be met:
In the Container Management module Integrate Kubernetes Cluster or Create Kubernetes Cluster, and can access the cluster UI interface.
Create a namespace and a user.
The current operating user should have NS Editor or higher permissions, for details, refer to Namespace Authorization.
When there are multiple containers in a single instance, please make sure that the ports used by the containers do not conflict, otherwise the deployment will fail.
Follow the steps below to create a deployment by image.
Click Clusters on the left navigation bar, and then click the name of the target cluster to enter the Cluster Details page.
On the cluster details page, click Workloads -> Deployments in the left navigation bar, and then click the Create by Image button in the upper right corner of the page.
Fill in Basic Information, Container Setting, Service Setting, Advanced Setting in turn, click OK in the lower right corner of the page to complete the creation.
The system will automatically return the list of Deployments . Click \u2507 on the right side of the list to perform operations such as update, delete, elastic scaling, restart, and version rollback on the load. If the workload status is abnormal, please check the specific abnormal information, refer to Workload Status.
Container setting is divided into six parts: basic information, life cycle, health check, environment variables, data storage, and security settings. Click the tab below to view the requirements of each part.
Container setting is only configured for a single container. To add multiple containers to a pod, click + on the right to add multiple containers.
Basic Information (Required)Lifecycle (optional)Health Check (optional)Environment variables (optional)Data storage (optional)Security settings (optional)When configuring container-related parameters, it is essential to correctly fill in the container name and image parameters; otherwise, you will not be able to proceed to the next step. After filling in the configuration according to the following requirements, click OK.
Work Container
. For information on init containers, see the [K8s Official Documentation] (https://kubernetes.io/docs/concepts/workloads/pods/init-containers/).Before setting the GPU, the administrator needs to pre-install the GPU and driver plugin on the cluster node and enable the GPU feature in the Cluster Settings.
Set the commands that need to be executed when the container starts, after starting, and before stopping. For details, refer to Container Lifecycle Setting.
It is used to judge the health status of containers and applications, which helps to improve the availability of applications. For details, refer to Container Health Check Setting.
Configure container parameters within the Pod, add environment variables or pass setting to the Pod, etc. For details, refer to Container environment variable setting.
Configure the settings for container mounting data volumes and data persistence. For details, refer to Container Data Storage Setting.
Containers are securely isolated through Linux's built-in account authority isolation mechanism. You can limit container permissions by using account UIDs (digital identity tokens) with different permissions. For example, enter 0 to use the privileges of the root account.
"},{"location":"en/end-user/kpanda/workloads/create-deployment.html#service-settings","title":"Service settings","text":"Configure Service for the deployment, so that the deployment can be accessed externally.
Click the Create Service button.
Refer to Create Service to configure service parameters.
Click OK and click Next .
Advanced setting includes four parts: Network Settings, Upgrade Policy, Scheduling Policies, Labels and Annotations. You can click the tabs below to view the setting requirements of each part.
Network SettingsUpgrade PolicyScheduling PoliciesLabels and AnnotationsIn some cases, the application will have redundant DNS queries. Kubernetes provides DNS-related setting options for applications, which can effectively reduce redundant DNS queries and increase business concurrency in certain cases.
DNS Policy
Nameservers: fill in the address of the domain name server, such as 10.6.175.20 .
For details, refer to Scheduling Policy.
You can click the Add button to add tags and annotations to workloads and pods.
"},{"location":"en/end-user/kpanda/workloads/create-deployment.html#create-from-yaml","title":"Create from YAML","text":"In addition to image, you can also create deployments more quickly through YAML files.
Click Clusters on the left navigation bar, and then click the name of the target cluster to enter the Cluster Details page.
On the cluster details page, click Workloads -> Deployments in the left navigation bar, and then click the Create from YAML button in the upper right corner of the page.
Enter or paste the YAML file prepared in advance, click OK to complete the creation.
apiVersion: apps/v1\n kind: Deployment\n metadata:\n name: nginx-deployment\n spec:\n selector:\n matchLabels:\n app: nginx\n replicas: 2 # (1)!\n template:\n metadata:\n labels:\n app: nginx\n spec:\n containers:\n -name: nginx\n image: nginx:1.14.2\n ports:\n - containerPort: 80\n
This page introduces how to create a job through image and YAML file.
Job is suitable for performing one-time jobs. A Job creates one or more Pods, and the Job keeps retrying to run Pods until a certain number of Pods are successfully terminated. A Job ends when the specified number of Pods are successfully terminated. When a Job is deleted, all Pods created by the Job will be cleared. When a Job is paused, all active Pods in the Job are deleted until the Job is resumed. For more information about jobs, refer to Job.
"},{"location":"en/end-user/kpanda/workloads/create-job.html#prerequisites","title":"Prerequisites","text":"In the Container Management module Integrate Kubernetes Cluster or Create Kubernetes Cluster, and can access the cluster UI interface.
Create a namespace and a user.
The current operating user should have NS Editor or higher permissions, for details, refer to Namespace Authorization.
When there are multiple containers in a single instance, please make sure that the ports used by the containers do not conflict, otherwise the deployment will fail.
Refer to the following steps to create a job using an image.
Click Clusters on the left navigation bar, and then click the name of the target cluster to enter the cluster details page.
On the cluster details page, click Workloads -> Jobs in the left navigation bar, and then click the Create by Image button in the upper right corner of the page.
Fill in Basic Information, Container Settings and Advanced Settings, click OK in the lower right corner of the page to complete the creation.
The system will automatically return to the job list. Click \u2507 on the right side of the list to perform operations such as updating, deleting, and restarting the job.
On the Create Jobs page, enter the basic information according to the table below, and click Next .
Container setting is divided into six parts: basic information, life cycle, health check, environment variables, data storage, and security settings. Click the tab below to view the setting requirements of each part.
Container settings is only configured for a single container. To add multiple containers to a pod, click + on the right to add multiple containers.
Basic information (required)Lifecycle (optional)Health Check (optional)Environment Variables (optional)Data Storage (optional)Security Settings (optional)When configuring container-related parameters, you must correctly fill in the container name and image parameters, otherwise you will not be able to proceed to the next step. After filling in the settings with reference to the following requirements, click OK .
Before setting exclusive GPU, the administrator needs to install the GPU and driver plug-in on the cluster nodes in advance, and enable the GPU feature in Cluster Settings.
Set the commands that need to be executed when the container starts, after starting, and before stopping. For details, refer to Container Lifecycle settings.
It is used to judge the health status of containers and applications, which helps to improve the availability of applications. For details, refer to Container Health Check settings.
Configure container parameters within the Pod, add environment variables or pass settings to the Pod, etc. For details, refer to Container environment variable settings.
Configure the settings for container mounting data volumes and data persistence. For details, refer to Container Data Storage settings.
Containers are securely isolated through Linux's built-in account authority isolation mechanism. You can limit container permissions by using account UIDs (digital identity tokens) with different permissions. For example, enter 0 to use the privileges of the root account.
"},{"location":"en/end-user/kpanda/workloads/create-job.html#advanced-settings","title":"Advanced settings","text":"Advanced setting includes job settings, labels and annotations.
Job SettingsLabels and AnnotationsYou can click the Add button to add labels and annotations to the workload instance Pod.
"},{"location":"en/end-user/kpanda/workloads/create-job.html#create-from-yaml","title":"Create from YAML","text":"In addition to image, creation jobs can also be created more quickly through YAML files.
Click Clusters on the left navigation bar, and then click the name of the target cluster to enter the cluster details page.
On the cluster details page, click Workloads -> Jobs in the left navigation bar, and then click the Create from YAML button in the upper right corner of the page.
Enter or paste the YAML file prepared in advance, click OK to complete the creation.
kind: Job\napiVersion: batch/v1\nmetadata:\n name: demo\n namespace: default\n uid: a9708239-0358-4aa1-87d3-a092c080836e\n resourceVersion: '92751876'\n generation: 1\n creationTimestamp: '2022-12-26T10:52:22Z'\n labels:\n app: demo\n controller-uid: a9708239-0358-4aa1-87d3-a092c080836e\n job-name: demo\n annotations:\n revisions: >-\n {\"1\":{\"status\":\"running\",\"uid\":\"a9708239-0358-4aa1-87d3-a092c080836e\",\"start-time\":\"2022-12-26T10:52:22Z\",\"completion-time\":\"0001-01-01T00:00:00Z\"}}\nspec:\n parallelism: 1\n backoffLimit: 6\n selector:\n matchLabels:\n controller-uid: a9708239-0358-4aa1-87d3-a092c080836e\n template:\n metadata:\n creationTimestamp: null\n labels:\n app: demo\n controller-uid: a9708239-0358-4aa1-87d3-a092c080836e\n job-name: demo\n spec:\n containers:\n - name: container-4\n image: nginx\n resources:\n limits:\n cpu: 250m\n memory: 512Mi\n requests:\n cpu: 250m\n memory: 512Mi\n lifecycle: {}\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: IfNotPresent\n securityContext:\n privileged: false\n restartPolicy: Never\n terminationGracePeriodSeconds: 30\n dnsPolicy: ClusterFirst\n securityContext: {}\n schedulerName: default-scheduler\n completionMode: NonIndexed\n suspend: false\nstatus:\n startTime: '2022-12-26T10:52:22Z'\n active: 1\n
"},{"location":"en/end-user/kpanda/workloads/create-statefulset.html","title":"Create StatefulSet","text":"This page describes how to create a StatefulSet through image and YAML files.
StatefulSet is a common resource in Kubernetes, and Deployment, mainly used to manage the deployment and scaling of Pod collections. The main difference between the two is that Deployment is stateless and does not save data, while StatefulSet is stateful and is mainly used to manage stateful applications. In addition, Pods in a StatefulSet have a persistent ID, which makes it easy to identify the proper Pod when matching storage volumes.
Through the container management module of AI platform, workloads on multicloud and multiclusters can be easily managed based on proper role permissions, including the creation of StatefulSets, update, delete, elastic scaling, restart, version rollback and other full life cycle management.
"},{"location":"en/end-user/kpanda/workloads/create-statefulset.html#prerequisites","title":"Prerequisites","text":"Before using image to create StatefulSets, the following prerequisites need to be met:
In the Container Management module Integrate Kubernetes Cluster or Create Kubernetes Cluster, and can access the cluster UI interface.
Create a namespace and a user.
The current operating user should have NS Editor or higher permissions, for details, refer to Namespace Authorization.
When there are multiple containers in a single instance, please make sure that the ports used by the containers do not conflict, otherwise the deployment will fail.
Follow the steps below to create a statefulSet using image.
Click Clusters on the left navigation bar, then click the name of the target cluster to enter Cluster Details.
Click Workloads -> StatefulSets in the left navigation bar, and then click the Create by Image button in the upper right corner.
Fill in Basic Information, Container Settings, Service Settings, Advanced Settings, click OK in the lower right corner of the page to complete the creation.
The system will automatically return to the list of StatefulSets , and wait for the status of the workload to become running . If the workload status is abnormal, refer to Workload Status for specific exception information.
Click \u2507 on the right side of the New Workload column to perform operations such as update, delete, elastic scaling, restart, and version rollback on the workload.
Container setting is divided into six parts: basic information, life cycle, health check, environment variables, data storage, and security settings. Click the tab below to view the requirements of each part.
Container settings is only configured for a single container. To add multiple containers to a pod, click + on the right to add multiple containers.
Basic information (required)Lifecycle (optional)Health Check (optional)Environment Variables (optional)Data Storage (optional)Security Settings (optional)When configuring container-related parameters, you must correctly fill in the container name and image parameters, otherwise you will not be able to proceed to the next step. After filling in the settings with reference to the following requirements, click OK .
Before setting exclusive GPU, the administrator needs to install the GPU and driver plug-in on the cluster nodes in advance, and enable the GPU feature in Cluster Settings.
Set the commands that need to be executed when the container starts, after starting, and before stopping. For details, refer to Container Lifecycle Configuration.
Used to judge the health status of containers and applications. Helps improve app usability. For details, refer to Container Health Check Configuration.
Configure container parameters within the Pod, add environment variables or pass settings to the Pod, etc. For details, refer to Container environment variable settings.
Configure the settings for container mounting data volumes and data persistence. For details, refer to Container Data Storage Configuration.
Containers are securely isolated through Linux's built-in account authority isolation mechanism. You can limit container permissions by using account UIDs (digital identity tokens) with different permissions. For example, enter 0 to use the privileges of the root account.
"},{"location":"en/end-user/kpanda/workloads/create-statefulset.html#service-settings","title":"Service settings","text":"Configure Service (Service) for the statefulset, so that the statefulset can be accessed externally.
Click the Create Service button.
Refer to Create Service to configure service parameters.
Click OK and click Next .
Advanced setting includes four parts: load network settings, upgrade policy, scheduling policy, label and annotation. You can click the tabs below to view the requirements of each part.
Network ConfigurationUpgrade PolicyContainer Management PoliciesScheduling PoliciesLabels and AnnotationsIn some cases, the application will have redundant DNS queries. Kubernetes provides DNS-related settings options for applications, which can effectively reduce redundant DNS queries and increase business concurrency in certain cases.
DNS Policy
Nameservers: fill in the address of the domain name server, such as 10.6.175.20 .
Kubernetes v1.7 and later versions can set Pod management policies through .spec.podManagementPolicy , which supports the following two methods:
OrderedReady : The default Pod management policy, which means that Pods are deployed in order. Only after the deployment of the previous Pod is successfully completed, the statefulset will start to deploy the next Pod. Pods are deleted in reverse order, with the last created being deleted first.
Parallel : Create or delete containers in parallel, just like Pods of the Deployment type. The StatefulSet controller starts or terminates all containers in parallel. There is no need to wait for a Pod to enter the Running and ready state or to stop completely before starting or terminating other Pods. This option only affects the behavior of scaling operations, not the order of updates.
For details, refer to Scheduling Policy.
You can click the Add button to add tags and annotations to workloads and pods.
"},{"location":"en/end-user/kpanda/workloads/create-statefulset.html#create-from-yaml","title":"Create from YAML","text":"In addition to image, you can also create statefulsets more quickly through YAML files.
Click Clusters on the left navigation bar, and then click the name of the target cluster to enter the Cluster Details page.
On the cluster details page, click Workloads -> StatefulSets in the left navigation bar, and then click the Create from YAML button in the upper right corner of the page.
Enter or paste the YAML file prepared in advance, click OK to complete the creation.
kind: StatefulSet\n apiVersion: apps/v1\n metadata:\n name: test-mysql-123-mysql\n namespace: default\n uid: d3f45527-a0ab-4b22-9013-5842a06f4e0e\n resourceVersion: '20504385'\n generation: 1\n creationTimestamp: '2022-09-22T09:34:10Z'\n ownerReferences:\n - apiVersion: mysql.presslabs.org/v1alpha1\n kind: MysqlCluster\n name: test-mysql-123\n uid: 5e877cc3-5167-49da-904e-820940cf1a6d\n controller: true\n blockOwnerDeletion: true\n spec:\n replicas: 1\n selector:\n matchLabels:\n app.kubernetes.io/managed-by: mysql.presslabs.org\n app.kubernetes.io/name: mysql\n mysql.presslabs.org/cluster: test-mysql-123\n template:\n metadata:\n creationTimestamp: null\n labels:\n app.kubernetes.io/component: database\n app.kubernetes.io/instance: test-mysql-123\n app.kubernetes.io/managed-by: mysql.presslabs.org\n app.kubernetes.io/name: mysql\n app.kubernetes.io/version: 5.7.31\n mysql.presslabs.org/cluster: test-mysql-123\n annotations:\n config_rev: '13941099'\n prometheus.io/port: '9125'\n prometheus.io/scrape: 'true'\n secret_rev: '13941101'\n spec:\n volumes:\n -name: conf\n emptyDir: {}\n - name: init-scripts\n emptyDir: {}\n - name: config-map\n configMap:\n name: test-mysql-123-mysql\n defaultMode: 420\n - name: data\n persistentVolumeClaim:\n claimName: data\n initContainers:\n -name: init\n image: docker.m.daocloud.io/bitpoke/mysql-operator-sidecar-5.7:v0.6.1\n args:\n - clone-and-init\n envFrom:\n - secretRef:\n name: test-mysql-123-mysql-operated\n env:\n - name: MY_NAMESPACE\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n - name: MY_POD_NAME\n valueFrom:\n fieldRef:apiVersion: v1\n fieldPath: metadata.name\n - name: MY_POD_IP\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: status.podIP\n - name: MY_SERVICE_NAME\n value: mysql\n - name: MY_CLUSTER_NAME\n value: test-mysql-123\n - name: MY_FQDN\n value: $(MY_POD_NAME).$(MY_SERVICE_NAME).$(MY_NAMESPACE)\n - name: MY_MYSQL_VERSION\n value: 5.7.31\n - name: BACKUP_USER\n valueFrom:\n secretKeyRef:\n name: test-mysql-123-mysql-operated\n key: BACKUP_USER\n optional: true\n - name: BACKUP_PASSWORD\n valueFrom:\n secretKeyRef:\n name: test-mysql-123-mysql-operated\n key: BACKUP_PASSWORD\n optional: true\n resources: {}\n volumeMounts:\n - name: conf\n mountPath: /etc/mysql\n - name: config-map\n mountPath: /mnt/conf\n - name: data\n mountPath: /var/lib/mysql\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: IfNotPresent\n containers:\n - name: mysql\n image: docker.m.daocloud.io/mysql:5.7.31\n ports:\n - name: mysql\n containerPort: 3306\n protocol: TCP\n env:\n - name: MY_NAMESPACE\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n - name: MY_POD_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.name\n - name: MY_POD_IP\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: status.podIP\n - name: MY_SERVICE_NAME\n value: mysql\n - name: MY_CLUSTER_NAME\n value: test-mysql-123\n - name: MY_FQDN\n value: $(MY_POD_NAME).$(MY_SERVICE_NAME).$(MY_NAMESPACE)\n - name: MY_MYSQL_VERSION\n value: 5.7.31\n - name: ORCH_CLUSTER_ALIAS\n value: test-mysql-123.default\n - name: ORCH_HTTP_API\n value: http://mysql-operator.mcamel-system/api\n - name: MYSQL_ROOT_PASSWORD\n valueFrom:\n secretKeyRef:\n name: test-mysql-123-secret\n key: ROOT_PASSWORD\n optional: false\n - name: MYSQL_USER\n valueFrom:\n secretKeyRef:\n name: test-mysql-123-secret\n key: USER\n optional: true\n - name: MYSQL_PASSWORD\n valueFrom:\n secretKeyRef:\n name: test-mysql-123-secret\n key: PASSWORD\n optional: true\n - name: MYSQL_DATABASE\n valueFrom:\n secretKeyRef:\n name: test-mysql-123-secret\n key: DATABASE\n optional: true\n resources:\n limits:\n cpu: '1'\n memory: 1Gi\n requests:\n cpu: 100m\n memory: 512Mi\n volumeMounts:\n - name: conf\n mountPath: /etc/mysql\n - name: data\n mountPath: /var/lib/mysql\n livenessProbe:\n exec:\n command:\n - mysqladmin\n - '--defaults-file=/etc/mysql/client.conf'\n - ping\n initialDelaySeconds: 60\n timeoutSeconds: 5\n periodSeconds: 5\n successThreshold: 1\n failureThreshold: 3\n readinessProbe:\n exec:\n command:\n - /bin/sh\n - '-c'\n - >-\n test $(mysql --defaults-file=/etc/mysql/client.conf -NB -e\n 'SELECT COUNT(*) FROM sys_operator.status WHERE\n name=\"configured\" AND value=\"1\"') -eq 1\n initialDelaySeconds: 5\n timeoutSeconds: 5\n periodSeconds: 2\n successThreshold: 1\n failureThreshold: 3\n lifecycle:preStop:\n exec:\n command:\n - bash\n - /etc/mysql/pre-shutdown-ha.sh\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: IfNotPresent\n - name: sidecar\n image: docker.m.daocloud.io/bitpoke/mysql-operator-sidecar-5.7:v0.6.1\n args:\n - config-and-serve\n ports:\n - name: sidecar-http\n containerPort: 8080\n protocol: TCP\n envFrom:\n - secretRef:\n name: test-mysql-123-mysql-operated\n env:\n - name: MY_NAMESPACE\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n - name: MY_POD_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.name\n - name: MY_POD_IP\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: status.podIP\n - name: MY_SERVICE_NAME\n value: mysql\n - name: MY_CLUSTER_NAME\n value: test-mysql-123\n - name: MY_FQDN\n value: $(MY_POD_NAME).$(MY_SERVICE_NAME).$(MY_NAMESPACE)\n - name: MY_MYSQL_VERSION\n value: 5.7.31\n - name: XTRABACKUP_TARGET_DIR\n value: /tmp/xtrabackup_backupfiles/\n resources:\n limits:\n cpu: '1'\n memory: 1Gi\n requests:\n cpu: 10m\n memory: 64Mi\n volumeMounts:\n - name: conf\n mountPath: /etc/mysql\n - name: data\n mountPath: /var/lib/mysql\n readinessProbe:\n httpGet:\n path: /health\n port: 8080\n scheme: HTTP\n initialDelaySeconds: 30\n timeoutSeconds: 5\n periodSeconds: 5\n successThreshold: 1\n failureThreshold: 3\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: IfNotPresent\n - name: metrics-exporter\n image: prom/mysqld-exporter:v0.13.0\n args:\n - '--web.listen-address=0.0.0.0:9125'\n - '--web.telemetry-path=/metrics'\n - '--collect.heartbeat'\n - '--collect.heartbeat.database=sys_operator'\n ports:\n - name: prometheus\n containerPort: 9125\n protocol: TCP\n env:\n - name: MY_NAMESPACE\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n - name: MY_POD_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.name\n - name: MY_POD_IP\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: status.podIP\n - name: MY_SERVICE_NAME\n value: mysql\n - name: MY_CLUSTER_NAME\n value: test-mysql-123\n - name: MY_FQDN\n value: $(MY_POD_NAME).$(MY_SERVICE_NAME).$(MY_NAMESPACE)\n - name: MY_MYSQL_VERSION\n value: 5.7.31\n - name: USER\n valueFrom:\n secretKeyRef:\n name: test-mysql-123-mysql-operated\n key: METRICS_EXPORTER_USER\n optional: false\n - name: PASSWORD\n valueFrom:\n secretKeyRef:\n name: test-mysql-123-mysql-operated\n key: METRICS_EXPORTER_PASSWORD\n optional: false\n - name: DATA_SOURCE_NAME\n value: $(USER):$(PASSWORD)@(127.0.0.1:3306)/\n resources:\n limits:\n cpu: 100m\n memory: 128Mi\n requests:\n cpu: 10m\n memory: 32Mi\n livenessProbe:\n httpGet:\n path: /metrics\n port: 9125\n scheme: HTTP\n initialDelaySeconds: 30\n timeoutSeconds: 30\n periodSeconds: 30\n successThreshold: 1\n failureThreshold: 3\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: IfNotPresent\n - name: pt-heartbeat\n image: docker.m.daocloud.io/bitpoke/mysql-operator-sidecar-5.7:v0.6.1\n args:\n - pt-heartbeat\n - '--update'\n - '--replace'\n - '--check-read-only'\n - '--create-table'\n - '--database'\n - sys_operator\n - '--table'\n - heartbeat\n - '--utc'\n - '--defaults-file'\n - /etc/mysql/heartbeat.conf\n - '--fail-successive-errors=20'\n env:\n - name: MY_NAMESPACE\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n - name: MY_POD_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.name\n - name: MY_POD_IP\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: status.podIP\n - name: MY_SERVICE_NAME\n value: mysql\n - name: MY_CLUSTER_NAME\n value: test-mysql-123\n - name: MY_FQDN\n value: $(MY_POD_NAME).$(MY_SERVICE_NAME).$(MY_NAMESPACE)\n - name: MY_MYSQL_VERSION\n value: 5.7.31\n resources:\n limits:\n cpu: 100m\n memory: 64Mi\n requests:\n cpu: 10m\n memory: 32Mi\n volumeMounts:\n - name: conf\n mountPath: /etc/mysql\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: IfNotPresent\n restartPolicy: Always\n terminationGracePeriodSeconds: 30\n dnsPolicy: ClusterFirst\n securityContext:\n runAsUser: 999\n fsGroup: 999\n affinity:\n podAntiAffinity:\n preferredDuringSchedulingIgnoredDuringExecution:\n - weight: 100\n podAffinityTerm:\n labelSelector:\n matchLabels:\n app.kubernetes.io/component: database\n app.kubernetes.io/instance: test-mysql-123\n app.kubernetes.io/managed-by: mysql.presslabs.org\n app.kubernetes.io/name: mysql\n app.kubernetes.io/version: 5.7.31\n mysql.presslabs.org/cluster: test-mysql-123\n topologyKey: kubernetes.io/hostname\n schedulerName: default-scheduler\n volumeClaimTemplates:\n - kind: PersistentVolumeClaim\n apiVersion: v1\n metadata:\n name: data\n creationTimestamp: null\n ownerReferences:\n - apiVersion: mysql.presslabs.org/v1alpha1\n kind: MysqlCluster\n name: test-mysql-123\n uid: 5e877cc3-5167-49da-904e-820940cf1a6d\n controller: true\n spec:\n accessModes:\n - ReadWriteOnce\n resources:\n limits:\n storage: 1Gi\n requests:\n storage: 1Gi\n storageClassName: local-path\n volumeMode: Filesystem\n status:\n phase: Pending\n serviceName: mysql\n podManagementPolicy: OrderedReady\n updateStrategy:\n type: RollingUpdate\n rollingUpdate:\n partition: 0\n revisionHistoryLimit: 10\nstatus:\n observedGeneration: 1\n replicas: 1\n readyReplicas: 1\n currentReplicas: 1\n updatedReplicas: 1\n currentRevision: test-mysql-123-mysql-6b8f5577c7\n updateRevision: test-mysql-123-mysql-6b8f5577c7\n collisionCount: 0\n availableReplicas: 1\n
"},{"location":"en/end-user/kpanda/workloads/pod-config/env-variables.html","title":"Configure environment variables","text":"An environment variable refers to a variable set in the container running environment, which is used to add environment flags to Pods or transfer configurations, etc. It supports configuring environment variables for Pods in the form of key-value pairs.
Suanova container management adds a graphical interface to configure environment variables for Pods on the basis of native Kubernetes, and supports the following configuration methods:
Key-value pair (Key/Value Pair): Use a custom key-value pair as the environment variable of the container
Resource reference (Resource): Use the fields defined by Container as the value of environment variables, such as the memory limit of the container, the number of copies, etc.
Variable/Variable Reference (Pod Field): Use the Pod field as the value of an environment variable, such as the name of the Pod
ConfigMap key value import (ConfigMap key): Import the value of a key in the ConfigMap as the value of an environment variable
Key key value import (Secret Key): use the data from the Secret to define the value of the environment variable
Key Import (Secret): Import all key values \u200b\u200bin Secret as environment variables
ConfigMap import (ConfigMap): import all key values \u200b\u200bin the ConfigMap as environment variables
Container health check checks the health status of containers according to user requirements. After configuration, if the application in the container is abnormal, the container will automatically restart and recover. Kubernetes provides Liveness checks, Readiness checks, and Startup checks.
LivenessProbe can detect application deadlock (the application is running, but cannot continue to run the following steps). Restarting containers in this state can help improve the availability of applications, even if there are bugs in them.
ReadinessProbe can detect when a container is ready to accept request traffic. A Pod can only be considered ready when all containers in a Pod are ready. One use of this signal is to control which Pod is used as the backend of the Service. If the Pod is not ready, it will be removed from the Service's load balancer.
Startup check (StartupProbe) can know when the application container is started. After configuration, it can control the container to check the viability and readiness after it starts successfully, so as to ensure that these liveness and readiness probes will not affect the start of the application. Startup detection can be used to perform liveness checks on slow-starting containers, preventing them from being killed before they start running.
The configuration of LivenessProbe is similar to that of ReadinessProbe, the only difference is to use readinessProbe field instead of livenessProbe field.
HTTP GET parameter description:
Parameter Description Path (Path) The requested path for access. Such as: /healthz path in the example Port (Port) Service listening port. Such as: port 8080 in the example protocol access protocol, Http or Https Delay time (initialDelaySeconds) Delay check time, in seconds, this setting is related to the normal startup time of business programs. For example, if it is set to 30, it means that the health check will start 30 seconds after the container is started, which is the time reserved for business program startup. Timeout (timeoutSeconds) Timeout, in seconds. For example, if it is set to 10, it indicates that the timeout waiting period for executing the health check is 10 seconds. If this time is exceeded, the health check will be regarded as a failure. If set to 0 or not set, the default timeout waiting time is 1 second. Timeout (timeoutSeconds) Timeout, in seconds. For example, if it is set to 10, it indicates that the timeout waiting period for executing the health check is 10 seconds. If this time is exceeded, the health check will be regarded as a failure. If set to 0 or not set, the default timeout waiting time is 1 second. SuccessThreshold (successThreshold) The minimum number of consecutive successes that are considered successful after a probe fails. The default value is 1, and the minimum value is 1. This value must be 1 for liveness and startup probes. Maximum number of failures (failureThreshold) The number of retries when the probe fails. Giving up in case of a liveness probe means restarting the container. Pods that are abandoned due to readiness probes are marked as not ready. The default value is 3. The minimum value is 1."},{"location":"en/end-user/kpanda/workloads/pod-config/health-check.html#check-with-http-get-request","title":"Check with HTTP GET request","text":"YAML example:
apiVersion: v1\nkind: Pod\nmetadata:\n labels:\n test: liveness\n name: liveness-http\nspec:\n containers:\n - name: liveness # Container name\n image: k8s.gcr.io/liveness # Container image\n args:\n - /server # Arguments to pass to the container\n livenessProbe:\n httpGet:\n path: /healthz # Access request path\n port: 8080 # Service listening port\n httpHeaders:\n - name: Custom-Header # Custom header name\n value: Awesome # Custom header value\n initialDelaySeconds: 3 # Wait 3 seconds before the first probe\n periodSeconds: 3 # Perform liveness detection every 3 seconds\n
According to the set rules, Kubelet sends an HTTP GET request to the service running in the container (the service is listening on port 8080) to perform the detection. The kubelet considers the container alive if the handler under the /healthz path on the server returns a success code. If the handler returns a failure code, the kubelet kills the container and restarts it. Any return code greater than or equal to 200 and less than 400 indicates success, and any other return code indicates failure. The /healthz handler returns a 200 status code for the first 10 seconds of the container's lifetime. The handler then returns a status code of 500.
"},{"location":"en/end-user/kpanda/workloads/pod-config/health-check.html#use-tcp-port-check","title":"Use TCP port check","text":"TCP port parameter description:
Parameter Description Port (Port) Service listening port. Such as: port 8080 in the example Delay time (initialDelaySeconds) Delay check time, in seconds, this setting is related to the normal startup time of business programs. For example, if it is set to 30, it means that the health check will start 30 seconds after the container is started, which is the time reserved for business program startup. Timeout (timeoutSeconds) Timeout, in seconds. For example, if it is set to 10, it indicates that the timeout waiting period for executing the health check is 10 seconds. If this time is exceeded, the health check will be regarded as a failure. If set to 0 or not set, the default timeout waiting time is 1 second.For a container that provides TCP communication services, based on this configuration, the cluster establishes a TCP connection to the container according to the set rules. If the connection is successful, it proves that the detection is successful, otherwise the detection fails. If you choose the TCP port detection method, you must specify the port that the container listens to.
YAML example:
apiVersion: v1\nkind: Pod\nmetadata:\n name: goproxy\n labels:\n app: goproxy\nspec:\n containers:\n - name: goproxy\n image: k8s.gcr.io/goproxy:0.1\n ports:\n - containerPort: 8080\n readinessProbe:\n tcpSocket:\n port: 8080\n initialDelaySeconds: 5\n periodSeconds: 10\n livenessProbe:\n tcpSocket:\n port: 8080\n initialDelaySeconds: 15\n periodSeconds: 20\n
This example uses both readiness and liveness probes. The kubelet sends the first readiness probe 5 seconds after the container is started. Attempt to connect to port 8080 of the goproxy container. If the probe is successful, the Pod will be marked as ready and the kubelet will continue to run the check every 10 seconds.
In addition to the readiness probe, this configuration includes a liveness probe. The kubelet will perform the first liveness probe 15 seconds after the container is started. The readiness probe will attempt to connect to the goproxy container on port 8080. If the liveness probe fails, the container will be restarted.
"},{"location":"en/end-user/kpanda/workloads/pod-config/health-check.html#run-command-check","title":"Run command check","text":"YAML example:
apiVersion: v1\nkind: Pod\nmetadata:\n labels:\n test: liveness\n name: liveness-exec\nspec:\n containers:\n - name: liveness # Container name\n image: k8s.gcr.io/busybox # Container image\n args:\n - /bin/sh # Command to run\n - -c # Pass the following string as a command\n - touch /tmp/healthy; sleep 30; rm -f /tmp/healthy; sleep 600 # Command to execute\n livenessProbe:\n exec:\n command:\n - cat # Command to check liveness\n - /tmp/healthy # File to check\n initialDelaySeconds: 5 # Wait 5 seconds before the first probe\n periodSeconds: 5 # Perform liveness detection every 5 seconds\n
The periodSeconds field specifies that the kubelet performs a liveness probe every 5 seconds, and the initialDelaySeconds field specifies that the kubelet waits for 5 seconds before performing the first probe. According to the set rules, the cluster periodically executes the command cat /tmp/healthy in the container through the kubelet to detect. If the command executes successfully and the return value is 0, the kubelet considers the container to be healthy and alive. If this command returns a non-zero value, the kubelet will kill the container and restart it.
"},{"location":"en/end-user/kpanda/workloads/pod-config/health-check.html#protect-slow-starting-containers-with-pre-start-checks","title":"Protect slow-starting containers with pre-start checks","text":"Some applications require a long initialization time at startup. You need to use the same command to set startup detection. For HTTP or TCP detection, you can set the failureThreshold * periodSeconds parameter to a long enough time to cope with the long startup time scene.
YAML example:
ports:\n- name: liveness-port\n containerPort: 8080\n hostPort: 8080\n\nlivenessProbe:\n httpGet:\n path: /healthz\n port: liveness-port\n failureThreshold: 1\n periodSeconds: 10\n\nstartupProbe:\n httpGet:\n path: /healthz\n port: liveness-port\n failureThreshold: 30\n periodSeconds: 10\n
With the above settings, the application will have up to 5 minutes (30 * 10 = 300s) to complete the startup process. Once the startup detection is successful, the survival detection task will take over the detection of the container and respond quickly to the container deadlock. If the start probe has been unsuccessful, the container is killed after 300 seconds and further disposition is performed according to the restartPolicy .
"},{"location":"en/end-user/kpanda/workloads/pod-config/job-parameters.html","title":"Description of job parameters","text":"According to the settings of .spec.completions and .spec.Parallelism , jobs (Job) can be divided into the following types:
Job Type Description Non-parallel Job Creates a Pod until its Job completes successfully Parallel Jobs with deterministic completion counts A Job is considered complete when the number of successful Pods reaches .spec.completions Parallel Job Creates one or more Pods until one finishes successfullyParameter Description
RestartPolicy Creates a Pod until it terminates successfully .spec.completions Indicates the number of Pods that need to run successfully when the Job ends, the default is 1 .spec.parallelism Indicates the number of Pods running in parallel, the default is 1 spec.backoffLimit Indicates the maximum number of retries for a failed Pod, beyond which no more retries will continue. .spec.activeDeadlineSeconds Indicates the Pod running time. Once this time is reached, the Job, that is, all its Pods, will stop. And activeDeadlineSeconds has a higher priority than backoffLimit, that is, the job that reaches activeDeadlineSeconds will ignore the setting of backoffLimit.The following is an example Job configuration, saved in myjob.yaml, which calculates \u03c0 to 2000 digits and prints the output.
apiVersion: batch/v1\nkind: Job #The type of the current resource\nmetadata:\n name: myjob\nspec:\n completions: 50 # Job needs to run 50 Pods at the end, in this example it prints \u03c0 50 times\n parallelism: 5 # 5 Pods in parallel\n backoffLimit: 5 # retry up to 5 times\n template:\n spec:\n containers:\n - name: pi\n image: perl\n command: [\"perl\", \"-Mbignum=bpi\", \"-wle\", \"print bpi(2000)\"]\n restartPolicy: Never #restart policy\n
Related commands
kubectl apply -f myjob.yaml # Start job\nkubectl get job # View this job\nkubectl logs myjob-1122dswzs View Job Pod logs\n
"},{"location":"en/end-user/kpanda/workloads/pod-config/lifecycle.html","title":"Configure the container lifecycle","text":"Pods follow a predefined lifecycle, starting in the Pending phase and entering the Running state if at least one container in the Pod starts normally. If any container in the Pod ends in a failed state, the state becomes Failed . The following phase field values \u200b\u200bindicate which phase of the lifecycle a Pod is in.
Value Description Pending The Pod has been accepted by the system, but one or more containers have not yet been created or run. This phase includes waiting for the pod to be scheduled and downloading the image over the network. Running (Running) The Pod has been bound to a node, and all containers in the Pod have been created. At least one container is still running, or in the process of starting or restarting. Succeeded (Success) All containers in the Pod were successfully terminated and will not be restarted. Failed All containers in the Pod have terminated, and at least one container terminated due to failure. That is, the container exited with a non-zero status or was terminated by the system. Unknown (Unknown) The status of the Pod cannot be obtained for some reason, usually due to a communication failure with the host where the Pod resides.When creating a workload in Suanova container management, images are usually used to specify the running environment in the container. By default, when building an image, the Entrypoint and CMD fields can be used to define the commands and parameters to be executed when the container is running. If you need to change the commands and parameters of the container image before starting, after starting, and before stopping, you can override the default commands and parameters in the image by setting the lifecycle event commands and parameters of the container.
"},{"location":"en/end-user/kpanda/workloads/pod-config/lifecycle.html#lifecycle-configuration","title":"Lifecycle configuration","text":"Configure the startup command, post-start command, and pre-stop command of the container according to business needs.
Parameter Description Example value Start command Type: Optional Meaning: The container will be started according to the start command. Command after startup Type: optionalMeaning: command after container startup Command before stopping Type: Optional Meaning: The command executed by the container after receiving the stop command. Ensure that the services running in the instance can be drained in advance when the instance is upgraded or deleted. -"},{"location":"en/end-user/kpanda/workloads/pod-config/lifecycle.html#start-command","title":"start command","text":"Configure the startup command according to the table below.
Parameter Description Example value Run command Type: RequiredMeaning: Enter an executable command, and separate multiple commands with spaces. If the command itself has spaces, you need to add (\"\"). Meaning: When there are multiple commands, it is recommended to use /bin/sh or other shells to run the command, and pass in all other commands as parameters. /run/server Running parameters Type: OptionalMeaning: Enter the parameters of the control container running command. port=8080"},{"location":"en/end-user/kpanda/workloads/pod-config/lifecycle.html#post-start-commands","title":"Post-start commands","text":"Suanova provides two processing types, command line script and HTTP request, to configure post-start commands. You can choose the configuration method that suits you according to the table below.
Command line script configuration
Parameter Description Example value Run Command Type: Optional Meaning: Enter an executable command, and separate multiple commands with spaces. If the command itself contains spaces, you need to add (\"\"). Meaning: When there are multiple commands, it is recommended to use /bin/sh or other shells to run the command, and pass in all other commands as parameters. /run/server Running parameters Type: OptionalMeaning: Enter the parameters of the control container running command. port=8080"},{"location":"en/end-user/kpanda/workloads/pod-config/lifecycle.html#stop-pre-command","title":"stop pre-command","text":"Suanova provides two processing types, command line script and HTTP request, to configure the pre-stop command. You can choose the configuration method that suits you according to the table below.
HTTP request configuration
Parameter Description Example value URL Path Type: Optional Meaning: Requested URL path. Meaning: When there are multiple commands, it is recommended to use /bin/sh or other shells to run the command, and pass in all other commands as parameters. /run/server Port Type: RequiredMeaning: Requested port. port=8080 Node Address Type: Optional Meaning: The requested IP address, the default is the node IP where the container is located. -"},{"location":"en/end-user/kpanda/workloads/pod-config/scheduling-policy.html","title":"Scheduling Policy","text":"In a Kubernetes cluster, like many other Kubernetes objects, nodes have labels. You can manually add labels. Kubernetes also adds some standard labels to all nodes in the cluster. See Common Labels, Annotations, and Taints for common node labels. By adding labels to nodes, you can have pods scheduled on specific nodes or groups of nodes. You can use this feature to ensure that specific Pods can only run on nodes with certain isolation, security or governance properties.
nodeSelector is the simplest recommended form of a node selection constraint. You can add a nodeSelector field to the Pod's spec to set the node label. Kubernetes will only schedule pods on nodes with each label specified. nodeSelector provides one of the easiest ways to constrain Pods to nodes with specific labels. Affinity and anti-affinity expand the types of constraints you can define. Some benefits of using affinity and anti-affinity are:
Affinity and anti-affinity languages are more expressive. nodeSelector can only select nodes that have all the specified labels. Affinity, anti-affinity give you greater control over selection logic.
You can mark a rule as \"soft demand\" or \"preference\", so that the scheduler will still schedule the Pod if no matching node can be found.
You can use the labels of other Pods running on the node (or in other topological domains) to enforce scheduling constraints, instead of only using the labels of the node itself. This capability allows you to define rules which allow Pods to be placed together.
You can choose which node the Pod will deploy to by setting affinity and anti-affinity.
"},{"location":"en/end-user/kpanda/workloads/pod-config/scheduling-policy.html#tolerance-time","title":"Tolerance time","text":"When the node where the workload instance is located is unavailable, the period for the system to reschedule the instance to other available nodes. The default is 300 seconds.
"},{"location":"en/end-user/kpanda/workloads/pod-config/scheduling-policy.html#node-affinity-nodeaffinity","title":"Node affinity (nodeAffinity)","text":"Node affinity is conceptually similar to nodeSelector , which allows you to constrain which nodes Pods can be scheduled on based on the labels on the nodes. There are two types of node affinity:
Must be satisfied: ( requiredDuringSchedulingIgnoredDuringExecution ) The scheduler can only run scheduling when the rules are satisfied. This functionality is similar to nodeSelector , but with a more expressive syntax. You can define multiple hard constraint rules, but only one of them must be satisfied.
Satisfy as much as possible: ( preferredDuringSchedulingIgnoredDuringExecution ) The scheduler will try to find nodes that meet the proper rules. If no matching node is found, the scheduler will still schedule the Pod. You can also set weights for soft constraint rules. During specific scheduling, if there are multiple nodes that meet the conditions, the node with the highest weight will be scheduled first. At the same time, you can also define multiple hard constraint rules, but only one of them needs to be satisfied.
The label proper to the node can use the default label or user-defined label.
"},{"location":"en/end-user/kpanda/workloads/pod-config/scheduling-policy.html#operators","title":"Operators","text":"It can only be added in the \"as far as possible\" policy, which can be understood as the priority of scheduling, and those with the highest weight will be scheduled first. The value range is 1 to 100.
"},{"location":"en/end-user/kpanda/workloads/pod-config/scheduling-policy.html#workload-affinity","title":"Workload Affinity","text":"Similar to node affinity, there are two types of workload affinity:
The affinity of the workload is mainly used to determine which Pods of the workload can be deployed in the same topology domain. For example, services that communicate with each other can be deployed in the same topology domain (such as the same availability zone) by applying affinity scheduling to reduce the network delay between them.
"},{"location":"en/end-user/kpanda/workloads/pod-config/scheduling-policy.html#tag-name_1","title":"Tag name","text":"The label proper to the node can use the default label or user-defined label.
"},{"location":"en/end-user/kpanda/workloads/pod-config/scheduling-policy.html#namespaces","title":"Namespaces","text":"Specifies the namespace in which the scheduling policy takes effect.
"},{"location":"en/end-user/kpanda/workloads/pod-config/scheduling-policy.html#operators_1","title":"Operators","text":"Specify the scope of influence during scheduling. If you specify kubernetes.io/Clustername, it will use the Node node as the distinguishing scope.
"},{"location":"en/end-user/kpanda/workloads/pod-config/scheduling-policy.html#workload-anti-affinity","title":"Workload Anti-Affinity","text":"Similar to node affinity, there are two types of anti-affinity for workloads:
The anti-affinity of the workload is mainly used to determine which Pods of the workload cannot be deployed in the same topology domain. For example, the same Pod of a load is distributed to different topological domains (such as different hosts) to improve the stability of the workload itself.
"},{"location":"en/end-user/kpanda/workloads/pod-config/scheduling-policy.html#tag-name_2","title":"Tag name","text":"The label proper to the node can use the default label or user-defined label.
"},{"location":"en/end-user/kpanda/workloads/pod-config/scheduling-policy.html#namespaces_1","title":"Namespaces","text":"Specifies the namespace in which the scheduling policy takes effect.
"},{"location":"en/end-user/kpanda/workloads/pod-config/scheduling-policy.html#operators_2","title":"Operators","text":"Specify the scope of influence when scheduling, such as specifying kubernetes.io/Clustername, it will use the Node node as the distinguishing scope.
"},{"location":"en/end-user/kpanda/workloads/pod-config/workload-status.html","title":"Workload Status","text":"A workload is an application running on Kubernetes, and in Kubernetes, whether your application is composed of a single same component or composed of many different components, you can use a set of Pods to run it. Kubernetes provides five built-in workload resources to manage pods:
You can also expand workload resources by setting Custom Resource CRD. In the fifth-generation container management, it supports full lifecycle management of workloads such as creation, update, capacity expansion, monitoring, logging, deletion, and version management.
"},{"location":"en/end-user/kpanda/workloads/pod-config/workload-status.html#pod-status","title":"Pod Status","text":"Pod is the smallest computing unit created and managed in Kubernetes, that is, a collection of containers. These containers share storage, networking, and management policies that control how the containers run. Pods are typically not created directly by users, but through workload resources. Pods follow a predefined lifecycle, starting at Pending phase, if at least one of the primary containers starts normally, it enters Running , and then enters the Succeeded or Failed stage depending on whether any container in the Pod ends in a failed status.
"},{"location":"en/end-user/kpanda/workloads/pod-config/workload-status.html#workload-status_1","title":"Workload Status","text":"The fifth-generation container management module designs a built-in workload life cycle status set based on factors such as Pod status and number of replicas, so that users can more realistically perceive the running status of workloads. Because different workload types (such as Deployment and Jobs) have inconsistent management mechanisms for Pods, different workloads will have different lifecycle status during operation, as shown in the following table.
"},{"location":"en/end-user/kpanda/workloads/pod-config/workload-status.html#deployment-statefulset-damemonset-status","title":"Deployment, StatefulSet, DamemonSet Status","text":"Status Description Waiting 1. A workload is in this status while its creation is in progress. 2. After an upgrade or rollback action is triggered, the workload is in this status. 3. Trigger operations such as pausing/scaling, and the workload is in this status. Running This status occurs when all instances under the workload are running and the number of replicas matches the user-defined number. Deleting When a delete operation is performed, the payload is in this status until the delete is complete. Exception Unable to get the status of the workload for some reason. This usually occurs because communication with the pod's host has failed. Not Ready When the container is in an abnormal, pending status, this status is displayed when the workload cannot be started due to an unknown error"},{"location":"en/end-user/kpanda/workloads/pod-config/workload-status.html#job-status","title":"Job Status","text":"Status Description Waiting The workload is in this status while Job creation is in progress. Executing The Job is in progress and the workload is in this status. Execution Complete The Job execution is complete and the workload is in this status. Deleting A delete operation is triggered and the workload is in this status. Exception Pod status could not be obtained for some reason. This usually occurs because communication with the pod's host has failed."},{"location":"en/end-user/kpanda/workloads/pod-config/workload-status.html#cronjob-status","title":"CronJob status","text":"Status Description Waiting The CronJob is in this status when it is being created. Started After the CronJob is successfully created, the CronJob is in this status when it is running normally or when the paused task is started. Stopped The CronJob is in this status when the stop task operation is performed. Deleting The deletion operation is triggered, and the CronJob is in this status.When the workload is in an abnormal or unready status, you can move the mouse over the status value of the load, and the system will display more detailed error information through a prompt box. You can also view the log or events to obtain related running information of the workload.
"},{"location":"en/end-user/register/index.html","title":"User Registration","text":"New users need to register when using the AI platform for the first time.
"},{"location":"en/end-user/register/index.html#prerequisites","title":"Prerequisites","text":"Open the AI platform homepage at https://ai.isuanova.com/ and click Register.
Enter your username, password, and email, then click Register.
The system will prompt that an email has been sent to your inbox.
Log into your email, find the email, and click the link.
Congratulations, you have successfully accessed the AI platform and can now start your AI journey.
Notebook usually refers to Jupyter Notebook or similar interactive computing environments. It is a very popular tool widely used in fields such as data science, machine learning, and deep learning. This page explains how to use Notebook in the AI platform.
"},{"location":"en/end-user/share/notebook.html#prerequisites","title":"Prerequisites","text":"Navigate to AI Lab -> Operator -> Queue Management, and click the Create button on the right.
Enter a name, select the cluster, workspace, and quota, then click OK.
Log into the AI platform as a User, navigate to AI Lab -> Notebook, and click the Create button on the right.
After configuring the various parameters, click OK.
Basic InformationResource ConfigurationAdvanced ConfigurationEnter a name, select the cluster, namespace, choose the queue just created, and click One-Click Initialization.
Select the Notebook type, configure memory, CPU, enable GPU, create and configure PVC:
Enable SSH external network access:
You will be automatically redirected to the Notebook instance list, click the instance name.
Enter the Notebook instance detail page and click the Open button in the upper right corner.
You have entered the Notebook development environment, where a persistent volume is mounted in the /home/jovyan
directory. You can clone code through git, upload data after connecting via SSH, etc.
Generate an SSH key pair on your own computer.
Open the command line on your computer, for example, open git bash on Windows, enter ssh-keygen.exe -t rsa
, and press enter through the prompts.
Use commands like cat ~/.ssh/id_rsa.pub
to view and copy the public key.
Log into the AI platform as a user, click Personal Center -> SSH Public Key -> Import SSH Public Key in the upper right corner.
Enter the detail page of the Notebook instance and copy the SSH link.
Use SSH to access the Notebook instance from the client.
Next step: Create Training Job
"},{"location":"en/end-user/share/workload.html","title":"Creating AI Workloads Using GPU Resources","text":"After the administrator allocates resource quotas for the workspace, users can create AI workloads to utilize GPU computing resources.
"},{"location":"en/end-user/share/workload.html#prerequisites","title":"Prerequisites","text":"Navigate to Container Management, select a namespace, click Workloads -> Deployments , and then click the Create Image button on the right.
After configuring various parameters, click OK.
Basic InformationContainer ConfigurationOtherSelect your namespace.
Set the image, configure CPU, memory, GPU, and other resources, and set the startup command.
Service configuration and advanced configuration can use the default settings.
You will be automatically redirected to the stateless workload list; click the workload name.
Enter the detail page where you can see the GPU quota.
You can also access the console and run the nvidia-smi
command to view GPU resources.
Next step: Using Notebook
"},{"location":"en/openapi/index.html","title":"OpenAPI Documentation","text":"This is some OpenAPI documentation aimed at developers.
Access Keys can be used to access the OpenAPI and for continuous publishing. You can follow the steps below to obtain their keys and access the API in their personal center.
Log in to the AI platform, find Personal Center in the dropdown menu at the top right corner, and manage your account's access keys on the Access Keys page.
Info
Access key information is displayed only once. If you forget the access key information, you will need to create a new access key.
"},{"location":"en/openapi/index.html#using-the-key-to-access-the-api","title":"Using the Key to Access the API","text":"When accessing the AI platform's OpenAPI, include the request header Authorization:Bearer ${token}
in the request to identify the visitor's identity, where ${token}
is the key obtained in the previous step.
Request Example
curl -X GET -H 'Authorization:Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IkRKVjlBTHRBLXZ4MmtQUC1TQnVGS0dCSWc1cnBfdkxiQVVqM2U3RVByWnMiLCJ0eXAiOiJKV1QifQ.eyJleHAiOjE2NjE0MTU5NjksImlhdCI6MTY2MDgxMTE2OSwiaXNzIjoiZ2hpcHBvLmlvIiwic3ViIjoiZjdjOGIxZjUtMTc2MS00NjYwLTg2MWQtOWI3MmI0MzJmNGViIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiYWRtaW4iLCJncm91cHMiOltdfQ.RsUcrAYkQQ7C6BxMOrdD3qbBRUt0VVxynIGeq4wyIgye6R8Ma4cjxG5CbU1WyiHKpvIKJDJbeFQHro2euQyVde3ygA672ozkwLTnx3Tu-_mB1BubvWCBsDdUjIhCQfT39rk6EQozMjb-1X1sbLwzkfzKMls-oxkjagI_RFrYlTVPwT3Oaw-qOyulRSw7Dxd7jb0vINPq84vmlQIsI3UuTZSNO5BCgHpubcWwBss-Aon_DmYA-Et_-QtmPBA3k8E2hzDSzc7eqK0I68P25r9rwQ3DeKwD1dbRyndqWORRnz8TLEXSiCFXdZT2oiMrcJtO188Ph4eLGut1-4PzKhwgrQ' https://demo-dev.daocloud.io/apis/ghippo.io/v1alpha1/users?page=1&pageSize=10 -k\n
Request Result
{\n \"items\": [\n {\n \"id\": \"a7cfd010-ebbe-4601-987f-d098d9ef766e\",\n \"name\": \"a\",\n \"email\": \"\",\n \"description\": \"\",\n \"firstname\": \"\",\n \"lastname\": \"\",\n \"source\": \"locale\",\n \"enabled\": true,\n \"createdAt\": \"1660632794800\",\n \"updatedAt\": \"0\",\n \"lastLoginAt\": \"\"\n }\n ],\n \"pagination\": {\n \"page\": 1,\n \"pageSize\": 10,\n \"total\": 1\n }\n}\n
"},{"location":"en/openapi/baize/index.html","title":"AI Lab OpenAPI","text":""},{"location":"en/openapi/ghippo/index.html","title":"Global Management OpenAPI","text":""},{"location":"en/openapi/insight/index.html","title":"Insight OpenAPI","text":""},{"location":"en/openapi/kpanda/index.html","title":"Container Management OpenAPI","text":""},{"location":"en/openapi/virtnest/index.html","title":"Cloud Host OpenAPI","text":""}]}
\ No newline at end of file
+{"config":{"lang":["en","zh"],"separator":"[\\s\\-]+","pipeline":["stopWordFilter"]},"docs":[{"location":"index.html","title":"\u8c50\u6536\u4e8c\u865f\u6a94\u6848\u7ad9","text":"\u9019\u662f\u8c50\u6536\u4e8c\u865f AI \u7b97\u529b\u4e2d\u5fc3\u7684\u6a94\u6848\u7ad9\u3002
\u8fd9\u662f\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u9762\u5411\u7ba1\u7406\u5458\u7684\u8fd0\u7ef4\u6587\u6863\u3002
\u4e91\u4e3b\u673a
\u4e91\u4e3b\u673a\u662f\u90e8\u7f72\u5728\u4e91\u7aef\u7684\u865a\u62df\u673a\u3002
\u5bb9\u5668\u7ba1\u7406
\u7ba1\u7406 K8s \u96c6\u7fa4\u3001\u8282\u70b9\u3001\u5e94\u7528\u3001\u8d44\u6e90\u548c\u6743\u9650\u3002
\u7b97\u6cd5\u5f00\u53d1
\u7ba1\u7406 AI \u8d44\u6e90\u548c\u961f\u5217\u3002
\u53ef\u89c2\u6d4b\u6027
\u4e86\u89e3\u53ef\u89c2\u6d4b\u6027\u8d44\u6e90\uff0c\u914d\u7f6e\u548c\u6545\u969c\u6392\u67e5\u3002
\u5168\u5c40\u7ba1\u7406
\u7ba1\u63a7\u7528\u6237\u3001\u7528\u6237\u7ec4\u3001\u5de5\u4f5c\u7a7a\u95f4\u3001\u8d44\u6e90\u7b49\u8bbf\u95ee\u6743\u9650\u3002
5.0 AI Lab \u63d0\u4f9b\u4e86\u4efb\u52a1\u8c03\u5ea6\u5668\uff0c\u53ef\u4ee5\u5e2e\u52a9\u60a8\u66f4\u597d\u5730\u7ba1\u7406\u4efb\u52a1\uff0c\u9664\u4e86\u63d0\u4f9b\u57fa\u7840\u7684\u8c03\u5ea6\u5668\u4e4b\u5916\uff0c\u76ee\u524d\u4e5f\u652f\u6301\u7528\u6237\u81ea\u5b9a\u4e49\u8c03\u5ea6\u5668\u3002
"},{"location":"admin/baize/best-practice/add-scheduler.html#_2","title":"\u4efb\u52a1\u8c03\u5ea6\u5668\u4ecb\u7ecd","text":"\u5728 Kubernetes \u4e2d\uff0c\u4efb\u52a1\u8c03\u5ea6\u5668\u8d1f\u8d23\u51b3\u5b9a\u5c06 Pod \u5206\u914d\u5230\u54ea\u4e2a\u8282\u70b9\u4e0a\u8fd0\u884c\u3002\u5b83\u8003\u8651\u591a\u79cd\u56e0\u7d20\uff0c\u5982\u8d44\u6e90\u9700\u6c42\u3001\u786c\u4ef6/\u8f6f\u4ef6\u7ea6\u675f\u3001\u4eb2\u548c\u6027/\u53cd\u4eb2\u548c\u6027\u89c4\u5219\u3001\u6570\u636e\u5c40\u90e8\u6027\u7b49\u3002
\u9ed8\u8ba4\u8c03\u5ea6\u5668\u662f Kubernetes \u96c6\u7fa4\u4e2d\u7684\u4e00\u4e2a\u6838\u5fc3\u7ec4\u4ef6\uff0c\u8d1f\u8d23\u51b3\u5b9a\u5c06 Pod \u5206\u914d\u5230\u54ea\u4e2a\u8282\u70b9\u4e0a\u8fd0\u884c\u3002\u8ba9\u6211\u4eec\u6df1\u5165\u4e86\u89e3\u5b83\u7684\u5de5\u4f5c\u539f\u7406\u3001\u7279\u6027\u548c\u914d\u7f6e\u65b9\u6cd5\u3002
"},{"location":"admin/baize/best-practice/add-scheduler.html#_3","title":"\u8c03\u5ea6\u5668\u7684\u5de5\u4f5c\u6d41\u7a0b","text":"\u9ed8\u8ba4\u8c03\u5ea6\u5668\u7684\u5de5\u4f5c\u6d41\u7a0b\u53ef\u4ee5\u5206\u4e3a\u4e24\u4e2a\u4e3b\u8981\u9636\u6bb5\uff1a\u8fc7\u6ee4\uff08Filtering\uff09\u548c\u8bc4\u5206\uff08Scoring\uff09\u3002
"},{"location":"admin/baize/best-practice/add-scheduler.html#_4","title":"\u8fc7\u6ee4\u9636\u6bb5","text":"\u8c03\u5ea6\u5668\u4f1a\u904d\u5386\u6240\u6709\u8282\u70b9\uff0c\u6392\u9664\u4e0d\u6ee1\u8db3 Pod \u8981\u6c42\u7684\u8282\u70b9\uff0c\u8003\u8651\u7684\u56e0\u7d20\u5305\u62ec\uff1a
\u4ee5\u4e0a\u53c2\u6570\uff0c\u6211\u4eec\u53ef\u4ee5\u901a\u8fc7\u521b\u5efa\u4efb\u52a1\u65f6\u7684\u9ad8\u7ea7\u914d\u7f6e\u6765\u8bbe\u7f6e\uff0c\u5982\u4e0b\u56fe\u6240\u793a\uff1a
"},{"location":"admin/baize/best-practice/add-scheduler.html#_5","title":"\u8bc4\u5206\u9636\u6bb5","text":"\u5bf9\u901a\u8fc7\u8fc7\u6ee4\u7684\u8282\u70b9\u8fdb\u884c\u6253\u5206\uff0c\u9009\u62e9\u5f97\u5206\u6700\u9ad8\u7684\u8282\u70b9\u6765\u8fd0\u884c Pod\uff0c\u8003\u8651\u56e0\u7d20\u5305\u62ec\uff1a
\u9664\u4e86\u57fa\u7840\u7684\u4e00\u4e9b\u4efb\u52a1\u8c03\u5ea6\u80fd\u529b\u4e4b\u5916\uff0c\u6211\u4eec\u8fd8\u652f\u6301\u4f7f\u7528 Scheduler Plugins\uff1aKubernetes SIG Scheduling
\u7ef4\u62a4\u7684\u4e00\u7ec4\u8c03\u5ea6\u5668\u63d2\u4ef6\uff0c\u5305\u62ec Coscheduling (Gang Scheduling)
\u7b49\u529f\u80fd\u3002
\u5728\u5de5\u4f5c\u96c6\u7fa4\u4e2d\u90e8\u7f72\u7b2c\u4e8c\u8c03\u5ea6\u5668\u63d2\u4ef6\uff0c\u8bf7\u53c2\u8003\u90e8\u7f72\u7b2c\u4e8c\u8c03\u5ea6\u5668\u63d2\u4ef6\u3002
"},{"location":"admin/baize/best-practice/add-scheduler.html#ai-lab","title":"\u5728 AI Lab \u4e2d\u542f\u7528\u8c03\u5ea6\u5668\u63d2\u4ef6","text":"Danger
\u589e\u52a0\u8c03\u5ea6\u5668\u63d2\u4ef6\u82e5\u64cd\u4f5c\u4e0d\u5f53\uff0c\u53ef\u80fd\u4f1a\u5f71\u54cd\u5230\u6574\u4e2a\u96c6\u7fa4\u7684\u7a33\u5b9a\u6027\uff0c\u5efa\u8bae\u5728\u6d4b\u8bd5\u73af\u5883\u4e2d\u8fdb\u884c\u6d4b\u8bd5\uff1b\u6216\u8005\u8054\u7cfb\u6211\u4eec\u7684\u6280\u672f\u652f\u6301\u56e2\u961f\u3002
\u6ce8\u610f\uff0c\u5982\u679c\u5e0c\u671b\u5728\u8bad\u7ec3\u4efb\u52a1\u4e2d\u4f7f\u7528\u66f4\u591a\u7684\u8c03\u5ea6\u5668\u63d2\u4ef6\uff0c\u9700\u8981\u4e8b\u5148\u624b\u5de5\u5728\u5de5\u4f5c\u96c6\u7fa4\u4e2d\u6210\u529f\u5b89\u88c5\uff0c\u7136\u540e\u5728\u96c6\u7fa4\u4e2d\u90e8\u7f72 baize-agent
\u65f6\uff0c\u589e\u52a0\u5bf9\u5e94\u7684\u8c03\u5ea6\u5668\u63d2\u4ef6\u914d\u7f6e\u3002
\u901a\u8fc7\u5bb9\u5668\u7ba1\u7406\u63d0\u4f9b\u7684\u754c\u9762 Helm \u5e94\u7528 \u7ba1\u7406\u80fd\u529b\uff0c\u53ef\u4ee5\u65b9\u4fbf\u5730\u5728\u96c6\u7fa4\u4e2d\u90e8\u7f72\u8c03\u5ea6\u5668\u63d2\u4ef6\uff0c\u5982\u4e0b\u56fe\u6240\u793a\uff1a
\u7136\u540e\uff0c\u5728\u53f3\u4e0a\u89d2\u70b9\u51fb \u5b89\u88c5 \uff0c\uff08\u82e5\u5df2\u90e8\u7f72\u4e86 baize-agent
\uff0c\u53ef\u4ee5\u5230 Helm \u5e94\u7528\u5217\u8868\u53bb\u66f4\u65b0\uff09\uff0c\u6839\u636e\u5982\u4e0b\u56fe\u6240\u793a\u7684\u914d\u7f6e\uff0c\u589e\u52a0\u8c03\u5ea6\u5668\u3002
\u6ce8\u610f\u8c03\u5ea6\u5668\u7684\u53c2\u6570\u5c42\u7ea7\uff0c\u6dfb\u52a0\u5b8c\u6210\u540e\uff0c\u70b9\u51fb \u786e\u5b9a \u5373\u53ef\u3002
\u6ce8\u610f\u4ee5\u540e\u5728\u66f4\u65b0 baize-agent
\u65f6\uff0c\u4e0d\u8981\u9057\u6f0f\u8fd9\u4e2a\u914d\u7f6e\u3002
\u5f53\u60a8\u5728\u96c6\u7fa4\u4e2d\u6210\u529f\u90e8\u7f72\u4e86\u5bf9\u5e94\u7684\u8c03\u5ea6\u5668\u63d2\u4ef6\uff0c\u5e76\u4e14\u5728 baize-agent
\u4e5f\u6b63\u786e\u589e\u52a0\u4e86\u5bf9\u5e94\u7684\u8c03\u5ea6\u5668\u914d\u7f6e\u540e\uff0c\u53ef\u4ee5\u5728\u521b\u5efa\u4efb\u52a1\u65f6\uff0c\u6307\u5b9a\u8c03\u5ea6\u5668\u3002
\u4e00\u5207\u6b63\u5e38\u7684\u60c5\u51b5\u4e0b\uff0c\u60a8\u53ef\u4ee5\u5728\u8c03\u5ea6\u5668\u4e0b\u62c9\u6846\u4e2d\u770b\u5230\u60a8\u90e8\u7f72\u7684\u8c03\u5ea6\u5668\u63d2\u4ef6\u3002
\u4ee5\u4e0a\uff0c\u5c31\u662f\u6211\u4eec\u5728 AI Lab \u4e2d\uff0c\u4e3a\u4efb\u52a1\u589e\u52a0\u8c03\u5ea6\u5668\u9009\u9879\u7684\u914d\u7f6e\u4f7f\u7528\u8bf4\u660e\u3002
"},{"location":"admin/baize/best-practice/change-notebook-image.html","title":"\u66f4\u65b0 Notebook \u5185\u7f6e\u955c\u50cf","text":"\u5728 Notebook \u4e2d\uff0c\u9ed8\u8ba4\u63d0\u4f9b\u4e86\u591a\u4e2a\u53ef\u7528\u7684\u57fa\u7840\u955c\u50cf\uff0c\u4f9b\u5f00\u53d1\u8005\u9009\u62e9\uff1b\u5927\u90e8\u5206\u60c5\u51b5\u4e0b\uff0c\u8fd9\u4f1a\u6ee1\u8db3\u5f00\u53d1\u8005\u7684\u4f7f\u7528\u3002
\u7b97\u4e30\u63d0\u4f9b\u4e86\u4e00\u4e2a\u9ed8\u8ba4\u7684 Notebook \u955c\u50cf\uff0c\u5305\u542b\u4e86\u6240\u9700\u7684\u4efb\u4f55\u5f00\u53d1\u5de5\u5177\u548c\u8d44\u6599\u3002
baize/baize-notebook\n
\u8fd9\u4e2a Notebook \u91cc\u9762\u5305\u542b\u4e86\u57fa\u7840\u7684\u5f00\u53d1\u5de5\u5177\uff0c\u4ee5 baize-notebook:v0.5.0
\uff082024 \u5e74 5 \u6708 30 \u65e5\uff09\u4e3a\u4f8b\uff0c\u76f8\u5173\u4f9d\u8d56\u53ca\u7248\u672c\u5982\u4e0b\uff1a
\u4f46\u6709\u65f6\u7528\u6237\u53ef\u80fd\u9700\u8981\u81ea\u5b9a\u4e49\u955c\u50cf\uff0c\u672c\u6587\u4ecb\u7ecd\u4e86\u5982\u4f55\u66f4\u65b0\u955c\u50cf\uff0c\u5e76\u589e\u52a0\u5230 Notebook \u521b\u5efa\u754c\u9762\u4e2d\u8fdb\u884c\u9009\u62e9\u3002
"},{"location":"admin/baize/best-practice/change-notebook-image.html#_1","title":"\u6784\u5efa\u81ea\u5b9a\u4e49\u955c\u50cf\uff08\u4ec5\u4f9b\u53c2\u8003\uff09","text":"Note
\u6ce8\u610f\uff0c\u6784\u5efa\u65b0\u955c\u50cf \u9700\u8981\u4ee5 baize-notebook
\u4f5c\u4e3a\u57fa\u7840\u955c\u50cf\uff0c\u4ee5\u4fdd\u8bc1 Notebook \u7684\u6b63\u5e38\u8fd0\u884c\u3002
\u5728\u6784\u5efa\u81ea\u5b9a\u4e49\u955c\u50cf\u65f6\uff0c\u5efa\u8bae\u5148\u4e86\u89e3 baize-notebook \u955c\u50cf\u7684 Dockerfile\uff0c\u4ee5\u4fbf\u66f4\u597d\u5730\u7406\u89e3\u5982\u4f55\u6784\u5efa\u81ea\u5b9a\u4e49\u955c\u50cf\u3002
"},{"location":"admin/baize/best-practice/change-notebook-image.html#baize-noteboook-dockerfile","title":"baize-noteboook \u7684 Dockerfile","text":"ARG BASE_IMG=docker.m.daocloud.io/kubeflownotebookswg/jupyter:v1.8.0\n\nFROM $BASE_IMG\n\nUSER root\n\n# install - useful linux packages\nRUN export DEBIAN_FRONTEND=noninteractive \\\n && apt-get -yq update \\\n && apt-get -yq install --no-install-recommends \\\n openssh-server git git-lfs bash-completion \\\n && apt-get clean \\\n && rm -rf /var/lib/apt/lists/*\n\n# remove default s6 jupyterlab run script\nRUN rm -rf /etc/services.d/jupyterlab\n\n# install - useful jupyter plugins\nRUN mamba install -n base -y jupyterlab-language-pack-zh-cn \\\n && mamba clean --all -y\n\nARG CODESERVER_VERSION=4.89.1\nARG TARGETARCH\n\nRUN curl -fsSL \"https://github.com/coder/code-server/releases/download/v$CODESERVER_VERSION/code-server_${CODESERVER_VERSION}_$TARGETARCH.deb\" -o /tmp/code-server.deb \\\n && dpkg -i /tmp/code-server.deb \\\n && rm -f /tmp/code-server.deb\n\nARG CODESERVER_PYTHON_VERSION=2024.4.1\nARG CODESERVER_JUPYTER_VERSION=2024.3.1\nARG CODESERVER_LANGUAGE_PACK_ZH_CN=1.89.0\nARG CODESERVER_YAML=1.14.0\nARG CODESERVER_DOTENV=1.0.1\nARG CODESERVER_EDITORCONFIG=0.16.6\nARG CODESERVER_TOML=0.19.1\nARG CODESERVER_GITLENS=15.0.4\n\n# configure for code-server extensions\n# # https://github.com/kubeflow/kubeflow/blob/709254159986d2cc99e675d0fad5a128ddeb0917/components/example-notebook-servers/codeserver-python/Dockerfile\n# # and\n# # https://github.com/kubeflow/kubeflow/blob/709254159986d2cc99e675d0fad5a128ddeb0917/components/example-notebook-servers/codeserver/Dockerfile\nRUN code-server --list-extensions --show-versions \\\n && code-server --list-extensions --show-versions \\\n && code-server \\\n --install-extension MS-CEINTL.vscode-language-pack-zh-hans@$CODESERVER_LANGUAGE_PACK_ZH_CN \\\n --install-extension ms-python.python@$CODESERVER_PYTHON_VERSION \\\n --install-extension ms-toolsai.jupyter@$CODESERVER_JUPYTER_VERSION \\\n --install-extension redhat.vscode-yaml@$CODESERVER_YAML \\\n --install-extension mikestead.dotenv@$CODESERVER_DOTENV \\\n --install-extension EditorConfig.EditorConfig@$CODESERVER_EDITORCONFIG \\\n --install-extension tamasfe.even-better-toml@$CODESERVER_TOML \\\n --install-extension eamodio.gitlens@$CODESERVER_GITLENS \\\n --install-extension catppuccin.catppuccin-vsc-pack \\\n --force \\\n && code-server --list-extensions --show-versions\n\n# configure for code-server\nRUN mkdir -p /home/${NB_USER}/.local/share/code-server/User \\\n && chown -R ${NB_USER}:users /home/${NB_USER} \\\n && cat <<EOF > /home/${NB_USER}/.local/share/code-server/User/settings.json\n{\n \"gitlens.showWelcomeOnInstall\": false,\n \"workbench.colorTheme\": \"Catppuccin Mocha\",\n}\nEOF\n\nRUN mkdir -p /tmp_home/${NB_USER}/.local/share \\\n && mv /home/${NB_USER}/.local/share/code-server /tmp_home/${NB_USER}/.local/share\n\n# set ssh configuration\nRUN mkdir -p /run/sshd \\\n && chown -R ${NB_USER}:users /etc/ssh \\\n && chown -R ${NB_USER}:users /run/sshd \\\n && sed -i \"/#\\?Port/s/^.*$/Port 2222/g\" /etc/ssh/sshd_config \\\n && sed -i \"/#\\?PasswordAuthentication/s/^.*$/PasswordAuthentication no/g\" /etc/ssh/sshd_config \\\n && sed -i \"/#\\?PubkeyAuthentication/s/^.*$/PubkeyAuthentication yes/g\" /etc/ssh/sshd_config \\\n && rclone_version=v1.65.0 && \\\n arch=$(uname -m | sed -E 's/x86_64/amd64/g;s/aarch64/arm64/g') && \\\n filename=rclone-${rclone_version}-linux-${arch} && \\\n curl -fsSL https://github.com/rclone/rclone/releases/download/${rclone_version}/${filename}.zip -o ${filename}.zip && \\\n unzip ${filename}.zip && mv ${filename}/rclone /usr/local/bin && rm -rf ${filename} ${filename}.zip\n\n# Init mamba\nRUN mamba init --system\n\n# init baize-base environment for essential python packages\nRUN mamba create -n baize-base -y python \\\n && /opt/conda/envs/baize-base/bin/pip install tensorboard \\\n && mamba clean --all -y \\\n && ln -s /opt/conda/envs/baize-base/bin/tensorboard /usr/local/bin/tensorboard\n\n# prepare baize-runtime-env directory\nRUN mkdir -p /opt/baize-runtime-env \\\n && chown -R ${NB_USER}:users /opt/baize-runtime-env\n\nARG APP\nARG PROD_NAME\nARG TARGETOS\n\nCOPY out/$TARGETOS/$TARGETARCH/data-loader /usr/local/bin/\nCOPY out/$TARGETOS/$TARGETARCH/baizectl /usr/local/bin/\n\nRUN chmod +x /usr/local/bin/baizectl /usr/local/bin/data-loader && \\\n echo \"source /etc/bash_completion\" >> /opt/conda/etc/profile.d/conda.sh && \\\n echo \"source <(baizectl completion bash)\" >> /opt/conda/etc/profile.d/conda.sh && \\\n echo \"source <(kubectl completion bash)\" >> /opt/conda/etc/profile.d/conda.sh && \\\n echo '[ -f /run/baize-env ] && export $(cat /run/baize-env | xargs)' >> /opt/conda/etc/profile.d/conda.sh && \\\n echo 'alias conda=\"mamba\"' >> /opt/conda/etc/profile.d/conda.sh\n\nUSER ${NB_UID}\n
"},{"location":"admin/baize/best-practice/change-notebook-image.html#_2","title":"\u6784\u5efa\u4f60\u7684\u955c\u50cf","text":"ARG BASE_IMG=release.daocloud.io/baize/baize-notebook:v0.5.0\n\nFROM $BASE_IMG\nUSER root\n\n# Do Customization\nRUN mamba install -n baize-base -y pytorch torchvision torchaudio cpuonly -c pytorch \\\n && mamba install -n baize-base -y tensorflow \\\n && mamba clean --all -y\n\nUSER ${NB_UID}\n
"},{"location":"admin/baize/best-practice/change-notebook-image.html#notebook-helm","title":"\u589e\u52a0\u5230 Notebook \u955c\u50cf\u5217\u8868\uff08Helm\uff09","text":"Warning
\u6ce8\u610f\uff0c\u5fc5\u987b\u7531\u5e73\u53f0\u7ba1\u7406\u5458\u64cd\u4f5c\uff0c\u8c28\u614e\u53d8\u66f4\u3002
\u76ee\u524d\uff0c\u955c\u50cf\u9009\u62e9\u5668\u9700\u8981\u901a\u8fc7\u66f4\u65b0 baize
\u7684 Helm
\u53c2\u6570\u6765\u4fee\u6539\uff0c\u5177\u4f53\u6b65\u9aa4\u5982\u4e0b\uff1a
\u5728 kpanda-global-cluster \u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u7684 Helm \u5e94\u7528
\u5217\u8868\uff0c\u627e\u5230 baize\uff0c\u8fdb\u5165\u66f4\u65b0\u9875\u9762\uff0c\u5728 YAML
\u53c2\u6570\u4e2d\u4fee\u6539 Notebook \u955c\u50cf\uff1a
\u6ce8\u610f\u53c2\u6570\u4fee\u6539\u7684\u8def\u5f84\u5982\u4e0b global.config.notebook_images
\uff1a
...\nglobal:\n ...\n config:\n notebook_images:\n ...\n names: release.daocloud.io/baize/baize-notebook:v0.5.0\n # \u5728\u8fd9\u91cc\u589e\u52a0\u4f60\u7684\u955c\u50cf\u4fe1\u606f\n
\u66f4\u65b0\u5b8c\u6210\u4e4b\u540e\uff0c\u5f85 Helm \u5e94\u7528\u91cd\u542f\u6210\u529f\u4e4b\u540e\uff0c\u53ef\u4ee5\u5728 Notebook \u521b\u5efa\u754c\u9762\u4e2d\u7684\u9009\u62e9\u955c\u50cf\u770b\u5230\u65b0\u7684\u955c\u50cf\u3002
"},{"location":"admin/baize/best-practice/checkpoint.html","title":"Checkpoint \u673a\u5236\u53ca\u4f7f\u7528\u4ecb\u7ecd","text":"\u5728\u6df1\u5ea6\u5b66\u4e60\u7684\u5b9e\u9645\u573a\u666f\u4e2d\uff0c\u6a21\u578b\u8bad\u7ec3\u4e00\u822c\u90fd\u4f1a\u6301\u7eed\u4e00\u6bb5\u65f6\u95f4\uff0c\u8fd9\u5bf9\u5206\u5e03\u5f0f\u8bad\u7ec3\u4efb\u52a1\u7684\u7a33\u5b9a\u6027\u548c\u6548\u7387\u63d0\u51fa\u4e86\u66f4\u9ad8\u7684\u8981\u6c42\u3002 \u800c\u4e14\uff0c\u5728\u5b9e\u9645\u8bad\u7ec3\u7684\u8fc7\u7a0b\u4e2d\uff0c\u5f02\u5e38\u4e2d\u65ad\u4f1a\u5bfc\u81f4\u8bad\u7ec3\u8fc7\u7a0b\u4e2d\u7684\u6a21\u578b\u72b6\u6001\u4e22\u5931\uff0c\u9700\u8981\u91cd\u65b0\u5f00\u59cb\u8bad\u7ec3\uff0c \u8fd9\u4e0d\u4ec5\u6d6a\u8d39\u4e86\u65f6\u95f4\u548c\u8d44\u6e90\uff0c\u8fd9\u5728 LLM \u8bad\u7ec3\u4e2d\u5c24\u4e3a\u660e\u663e\uff0c\u800c\u4e14\u4e5f\u4f1a\u5f71\u54cd\u6a21\u578b\u7684\u8bad\u7ec3\u6548\u679c\u3002
\u80fd\u591f\u5728\u8bad\u7ec3\u8fc7\u7a0b\u4e2d\u4fdd\u5b58\u6a21\u578b\u7684\u72b6\u6001\uff0c\u4ee5\u4fbf\u5728\u8bad\u7ec3\u8fc7\u7a0b\u4e2d\u51fa\u73b0\u5f02\u5e38\u65f6\u80fd\u591f\u6062\u590d\u6a21\u578b\u72b6\u6001\uff0c\u53d8\u5f97\u81f3\u5173\u91cd\u8981\u3002 Checkpoint \u5c31\u662f\u76ee\u524d\u4e3b\u6d41\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u672c\u6587\u5c06\u4ecb\u7ecd Checkpoint \u673a\u5236\u7684\u57fa\u672c\u6982\u5ff5\u548c\u5728 PyTorch \u548c TensorFlow \u4e2d\u7684\u4f7f\u7528\u65b9\u6cd5\u3002
"},{"location":"admin/baize/best-practice/checkpoint.html#checkpoint_1","title":"\u4ec0\u4e48\u662f Checkpoint\uff1f","text":"Checkpoint \u662f\u5728\u6a21\u578b\u8bad\u7ec3\u8fc7\u7a0b\u4e2d\u4fdd\u5b58\u6a21\u578b\u72b6\u6001\u7684\u673a\u5236\u3002\u901a\u8fc7\u5b9a\u671f\u4fdd\u5b58 Checkpoint\uff0c\u53ef\u4ee5\u5728\u4ee5\u4e0b\u60c5\u51b5\u4e0b\u6062\u590d\u6a21\u578b\uff1a
\u5728 PyTorch \u4e2d\uff0ctorch.save
\u548c torch.load
\u662f\u7528\u4e8e\u4fdd\u5b58\u548c\u52a0\u8f7d\u6a21\u578b\u7684\u57fa\u672c\u51fd\u6570\u3002
\u5728 PyTorch \u4e2d\uff0c\u901a\u5e38\u4f7f\u7528 state_dict
\u4fdd\u5b58\u6a21\u578b\u7684\u53c2\u6570\u3002\u4ee5\u4e0b\u662f\u4e00\u4e2a\u7b80\u5355\u7684\u793a\u4f8b\uff1a
import torch\nimport torch.nn as nn\n\n# \u5047\u8bbe\u6211\u4eec\u6709\u4e00\u4e2a\u7b80\u5355\u7684\u795e\u7ecf\u7f51\u7edc\nclass SimpleModel(nn.Module):\n def __init__(self):\n super(SimpleModel, self).__init__()\n self.fc = nn.Linear(10, 2)\n\n def forward(self, x):\n return self.fc(x)\n\n# \u521d\u59cb\u5316\u6a21\u578b\u548c\u4f18\u5316\u5668\nmodel = SimpleModel()\noptimizer = torch.optim.Adam(model.parameters(), lr=0.001)\n\n# \u8bad\u7ec3\u6a21\u578b...\n# \u4fdd\u5b58 Checkpoint\ncheckpoint_path = 'model_checkpoint.pth'\ntorch.save({\n 'epoch': 10,\n 'model_state_dict': model.state_dict(),\n 'optimizer_state_dict': optimizer.state_dict(),\n 'loss': 0.02,\n}, checkpoint_path)\n
"},{"location":"admin/baize/best-practice/checkpoint.html#pytorch-checkpoint_1","title":"PyTorch \u6062\u590d Checkpoint","text":"\u52a0\u8f7d\u6a21\u578b\u65f6\uff0c\u9700\u8981\u6062\u590d\u6a21\u578b\u53c2\u6570\u548c\u4f18\u5316\u5668\u72b6\u6001\uff0c\u5e76\u7ee7\u7eed\u8bad\u7ec3\u6216\u63a8\u7406\uff1a
# \u6062\u590d Checkpoint\ncheckpoint = torch.load('model_checkpoint.pth')\nmodel.load_state_dict(checkpoint['model_state_dict'])\noptimizer.load_state_dict(checkpoint['optimizer_state_dict'])\nepoch = checkpoint['epoch']\nloss = checkpoint['loss']\n\n# \u7ee7\u7eed\u8bad\u7ec3\u6216\u63a8\u7406...\n
model_state_dict
: \u6a21\u578b\u53c2\u6570optimizer_state_dict
: \u4f18\u5316\u5668\u72b6\u6001epoch
: \u5f53\u524d\u8bad\u7ec3\u8f6e\u6570loss
: \u635f\u5931\u503clearning_rate
: \u5b66\u4e60\u7387best_accuracy
: \u6700\u4f73\u51c6\u786e\u7387TensorFlow \u63d0\u4f9b\u4e86 tf.train.Checkpoint
\u7c7b\u6765\u7ba1\u7406\u6a21\u578b\u548c\u4f18\u5316\u5668\u7684\u4fdd\u5b58\u548c\u6062\u590d\u3002
\u4ee5\u4e0b\u662f\u4e00\u4e2a\u5728 TensorFlow \u4e2d\u4fdd\u5b58 Checkpoint \u7684\u793a\u4f8b\uff1a
import tensorflow as tf\n\n# \u5047\u8bbe\u6211\u4eec\u6709\u4e00\u4e2a\u7b80\u5355\u7684\u6a21\u578b\nmodel = tf.keras.Sequential([\n tf.keras.layers.Dense(2, input_shape=(10,))\n])\noptimizer = tf.keras.optimizers.Adam(learning_rate=0.001)\n\n# \u5b9a\u4e49 Checkpoint\ncheckpoint = tf.train.Checkpoint(optimizer=optimizer, model=model)\ncheckpoint_dir = './checkpoints'\ncheckpoint_prefix = f'{checkpoint_dir}/ckpt'\n\n# \u8bad\u7ec3\u6a21\u578b...\n# \u4fdd\u5b58 Checkpoint\ncheckpoint.save(file_prefix=checkpoint_prefix)\n
Note
\u4f7f\u7528 AI Lab \u7684\u7528\u6237\uff0c\u53ef\u4ee5\u76f4\u63a5\u5c06\u9ad8\u6027\u80fd\u5b58\u50a8\u6302\u8f7d\u4e3a Checkpoint \u76ee\u5f55\uff0c\u4ee5\u63d0\u9ad8 Checkpoint \u4fdd\u5b58\u548c\u6062\u590d\u7684\u901f\u5ea6\u3002
"},{"location":"admin/baize/best-practice/checkpoint.html#tensorflow-checkpoint_1","title":"TensorFlow \u6062\u590d Checkpoint","text":"\u52a0\u8f7d Checkpoint \u5e76\u6062\u590d\u6a21\u578b\u548c\u4f18\u5316\u5668\u72b6\u6001\uff1a
# \u6062\u590d Checkpoint\nlatest_checkpoint = tf.train.latest_checkpoint(checkpoint_dir)\ncheckpoint.restore(latest_checkpoint)\n\n# \u7ee7\u7eed\u8bad\u7ec3\u6216\u63a8\u7406...\n
"},{"location":"admin/baize/best-practice/checkpoint.html#tensorflow-checkpoint_2","title":"TensorFlow \u5728\u5206\u5e03\u5f0f\u8bad\u7ec3\u7684 Checkpoint \u7ba1\u7406","text":"TensorFlow \u5728\u5206\u5e03\u5f0f\u8bad\u7ec3\u4e2d\u7ba1\u7406 Checkpoint \u7684\u4e3b\u8981\u65b9\u6cd5\u5982\u4e0b\uff1a
\u4f7f\u7528 tf.train.Checkpoint
\u548c tf.train.CheckpointManager
checkpoint = tf.train.Checkpoint(model=model, optimizer=optimizer)\nmanager = tf.train.CheckpointManager(checkpoint, directory='/tmp/model', max_to_keep=3)\n
\u5728\u5206\u5e03\u5f0f\u7b56\u7565\u4e2d\u4fdd\u5b58 Checkpoint
strategy = tf.distribute.MirroredStrategy()\nwith strategy.scope():\n checkpoint = tf.train.Checkpoint(model=model, optimizer=optimizer)\n manager = tf.train.CheckpointManager(checkpoint, directory='/tmp/model', max_to_keep=3)\n
\u53ea\u5728\u4e3b\u8282\u70b9 (chief worker) \u4fdd\u5b58 Checkpoint
if strategy.cluster_resolver.task_type == 'chief':\n manager.save()\n
\u4f7f\u7528 MultiWorkerMirroredStrategy \u65f6\u7684\u7279\u6b8a\u5904\u7406
strategy = tf.distribute.MultiWorkerMirroredStrategy()\nwith strategy.scope():\n # \u6a21\u578b\u5b9a\u4e49\n ...\n checkpoint = tf.train.Checkpoint(model=model, optimizer=optimizer)\n manager = tf.train.CheckpointManager(checkpoint, '/tmp/model', max_to_keep=3)\n\ndef _chief_worker(task_type, task_id):\n return task_type is None or task_type == 'chief' or (task_type == 'worker' and task_id == 0)\n\nif _chief_worker(strategy.cluster_resolver.task_type, strategy.cluster_resolver.task_id):\n manager.save()\n
\u4f7f\u7528\u5206\u5e03\u5f0f\u6587\u4ef6\u7cfb\u7edf
\u786e\u4fdd\u6240\u6709\u5de5\u4f5c\u8282\u70b9\u90fd\u80fd\u8bbf\u95ee\u5230\u540c\u4e00\u4e2a Checkpoint \u76ee\u5f55\uff0c\u901a\u5e38\u4f7f\u7528\u5206\u5e03\u5f0f\u6587\u4ef6\u7cfb\u7edf\u5982 HDFS \u6216 GCS\u3002
\u5f02\u6b65\u4fdd\u5b58
\u4f7f\u7528 tf.keras.callbacks.ModelCheckpoint
\u5e76\u8bbe\u7f6e save_freq
\u53c2\u6570\u53ef\u4ee5\u5728\u8bad\u7ec3\u8fc7\u7a0b\u4e2d\u5f02\u6b65\u4fdd\u5b58 Checkpoint\u3002
Checkpoint \u6062\u590d
status = checkpoint.restore(manager.latest_checkpoint)\nstatus.assert_consumed() # (1)!\n
\u6027\u80fd\u4f18\u5316
tf.train.experimental.enable_mixed_precision_graph_rewrite()
\u542f\u7528\u6df7\u5408\u7cbe\u5ea6\u8bad\u7ec3tf.saved_model.save()
\u4fdd\u5b58\u6574\u4e2a\u6a21\u578b\uff0c\u800c\u4e0d\u4ec5\u4ec5\u662f\u6743\u91cd\u5b9a\u671f\u4fdd\u5b58\uff1a\u6839\u636e\u8bad\u7ec3\u65f6\u95f4\u548c\u8d44\u6e90\u6d88\u8017\uff0c\u51b3\u5b9a\u5408\u9002\u7684\u4fdd\u5b58\u9891\u7387\u3002\u5982\u6bcf\u4e2a epoch \u6216\u6bcf\u9694\u4e00\u5b9a\u7684\u8bad\u7ec3\u6b65\u6570\u3002
\u4fdd\u5b58\u591a\u4e2a Checkpoint\uff1a\u4fdd\u7559\u6700\u65b0\u7684\u51e0\u4e2a Checkpoint \u4ee5\u9632\u6b62\u6587\u4ef6\u635f\u574f\u6216\u4e0d\u9002\u7528\u7684\u60c5\u51b5\u3002
\u8bb0\u5f55\u5143\u6570\u636e\uff1a\u5728 Checkpoint \u4e2d\u4fdd\u5b58\u989d\u5916\u7684\u4fe1\u606f\uff0c\u5982 epoch \u6570\u3001\u635f\u5931\u503c\u7b49\uff0c\u4ee5\u4fbf\u66f4\u597d\u5730\u6062\u590d\u8bad\u7ec3\u72b6\u6001\u3002
\u4f7f\u7528\u7248\u672c\u63a7\u5236\uff1a\u4fdd\u5b58\u4e0d\u540c\u5b9e\u9a8c\u7684 Checkpoint\uff0c\u4fbf\u4e8e\u5bf9\u6bd4\u548c\u590d\u7528\u3002
\u9a8c\u8bc1\u548c\u6d4b\u8bd5\uff1a\u5728\u8bad\u7ec3\u7684\u4e0d\u540c\u9636\u6bb5\u4f7f\u7528 Checkpoint \u8fdb\u884c\u9a8c\u8bc1\u548c\u6d4b\u8bd5\uff0c\u786e\u4fdd\u6a21\u578b\u6027\u80fd\u548c\u7a33\u5b9a\u6027\u3002
Checkpoint \u673a\u5236\u5728\u6df1\u5ea6\u5b66\u4e60\u8bad\u7ec3\u4e2d\u8d77\u5230\u4e86\u5173\u952e\u4f5c\u7528\u3002\u901a\u8fc7\u5408\u7406\u4f7f\u7528 PyTorch \u548c TensorFlow \u4e2d\u7684 Checkpoint \u529f\u80fd\uff0c \u53ef\u4ee5\u6709\u6548\u63d0\u9ad8\u8bad\u7ec3\u7684\u53ef\u9760\u6027\u548c\u6548\u7387\u3002\u5e0c\u671b\u672c\u6587\u6240\u8ff0\u7684\u65b9\u6cd5\u548c\u6700\u4f73\u5b9e\u8df5\u80fd\u5e2e\u52a9\u4f60\u66f4\u597d\u5730\u7ba1\u7406\u6df1\u5ea6\u5b66\u4e60\u6a21\u578b\u7684\u8bad\u7ec3\u8fc7\u7a0b\u3002
"},{"location":"admin/baize/best-practice/deploy-nfs-in-worker.html","title":"\u90e8\u7f72 NFS \u505a\u6570\u636e\u96c6\u9884\u70ed","text":"\u7f51\u7edc\u6587\u4ef6\u7cfb\u7edf (NFS) \u5141\u8bb8\u8fdc\u7a0b\u4e3b\u673a\u901a\u8fc7\u7f51\u7edc\u6302\u8f7d\u6587\u4ef6\uff0c\u5e76\u50cf\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u4e00\u6837\u8fdb\u884c\u4ea4\u4e92\u3002 \u8fd9\u4f7f\u7cfb\u7edf\u7ba1\u7406\u5458\u80fd\u591f\u5c06\u8d44\u6e90\u96c6\u4e2d\u5230\u7f51\u7edc\u670d\u52a1\u5668\u4e0a\u8fdb\u884c\u7ba1\u7406\u3002
\u6570\u636e\u96c6 \u662f AI Lab \u4e2d\u7684\u6838\u5fc3\u6570\u636e\u7ba1\u7406\u529f\u80fd\uff0c\u5c06 MLOps \u751f\u547d\u5468\u671f\u4e2d\u5bf9\u4e8e\u6570\u636e\u7684\u4f9d\u8d56\u7edf\u4e00\u62bd\u8c61\u4e3a\u6570\u636e\u96c6\uff1b \u652f\u6301\u7528\u6237\u5c06\u5404\u7c7b\u6570\u636e\u7eb3\u7ba1\u5230\u6570\u636e\u96c6\u5185\uff0c\u4ee5\u4fbf\u8bad\u7ec3\u4efb\u52a1\u53ef\u4ee5\u76f4\u63a5\u4f7f\u7528\u6570\u636e\u96c6\u4e2d\u7684\u6570\u636e\u3002
\u5f53\u8fdc\u7aef\u6570\u636e\u4e0d\u5728\u5de5\u4f5c\u96c6\u7fa4\u5185\u65f6\uff0c\u6570\u636e\u96c6\u63d0\u4f9b\u4e86\u81ea\u52a8\u8fdb\u884c\u9884\u70ed\u7684\u80fd\u529b\uff0c\u652f\u6301 Git
\u3001S3
\u3001HTTP
\u7b49\u6570\u636e\u63d0\u524d\u9884\u70ed\u5230\u96c6\u7fa4\u672c\u5730\u3002
\u6570\u636e\u96c6\u9700\u8981\u4e00\u4e2a\u652f\u6301 ReadWriteMany
\u6a21\u5f0f\u7684\u5b58\u50a8\u670d\u52a1\u5bf9\u8fdc\u7aef\u6570\u636e\u8fdb\u884c\u9884\u70ed\uff0c\u63a8\u8350\u5728\u96c6\u7fa4\u5185\u90e8\u7f72 NFS\u3002
\u672c\u6587\u4e3b\u8981\u4ecb\u7ecd\u4e86\u5982\u4f55\u5feb\u901f\u90e8\u7f72\u4e00\u4e2a NFS \u670d\u52a1\uff0c\u5e76\u5c06\u5176\u6dfb\u52a0\u4e3a\u96c6\u7fa4\u7684\u5b58\u50a8\u7c7b
\u3002
Helm
\u4e0e Kubectl
\uff0c\u8bf7\u786e\u4fdd\u5df2\u7ecf\u5b89\u88c5\u597d\u3002\u4e00\u5171\u9700\u8981\u5b89\u88c5\u51e0\u4e2a\u7ec4\u4ef6\uff1a
\u6240\u6709\u7cfb\u7edf\u7ec4\u4ef6\u4f1a\u5b89\u88c5\u5230 nfs
\u547d\u540d\u7a7a\u95f4\u5185\uff0c\u56e0\u6b64\u9700\u8981\u5148\u521b\u5efa\u6b64\u547d\u540d\u7a7a\u95f4\u3002
kubectl create namespace nfs\n
"},{"location":"admin/baize/best-practice/deploy-nfs-in-worker.html#nfs-server","title":"\u5b89\u88c5 NFS Server","text":"\u8fd9\u91cc\u662f\u4e00\u4e2a\u7b80\u5355\u7684 YAML \u90e8\u7f72\u6587\u4ef6\uff0c\u53ef\u4ee5\u76f4\u63a5\u4f7f\u7528\u3002
Note
\u6ce8\u610f\u68c0\u67e5 image:
\uff0c\u6839\u636e\u96c6\u7fa4\u6240\u5728\u4f4d\u7f6e\u60c5\u51b5\uff0c\u53ef\u80fd\u9700\u8981\u4fee\u6539\u4e3a\u56fd\u5185\u955c\u50cf\u3002
kind: Service\napiVersion: v1\nmetadata:\n name: nfs-server\n namespace: nfs\n labels:\n app: nfs-server\nspec:\n type: ClusterIP\n selector:\n app: nfs-server\n ports:\n - name: tcp-2049\n port: 2049\n protocol: TCP\n - name: udp-111\n port: 111\n protocol: UDP\n---\nkind: Deployment\napiVersion: apps/v1\nmetadata:\n name: nfs-server\n namespace: nfs\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: nfs-server\n template:\n metadata:\n name: nfs-server\n labels:\n app: nfs-server\n spec:\n nodeSelector:\n \"kubernetes.io/os\": linux\n containers:\n - name: nfs-server\n image: itsthenetwork/nfs-server-alpine:latest\n env:\n - name: SHARED_DIRECTORY\n value: \"/exports\"\n volumeMounts:\n - mountPath: /exports\n name: nfs-vol\n securityContext:\n privileged: true\n ports:\n - name: tcp-2049\n containerPort: 2049\n protocol: TCP\n - name: udp-111\n containerPort: 111\n protocol: UDP\n volumes:\n - name: nfs-vol\n hostPath:\n path: /nfsdata # (1)!\n type: DirectoryOrCreate\n
\u5c06\u4e0a\u8ff0 YAML
\u4fdd\u5b58\u4e3a nfs-server.yaml
\uff0c\u7136\u540e\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u8fdb\u884c\u90e8\u7f72\uff1a
kubectl -n nfs apply -f nfs-server.yaml\n\n# \u68c0\u67e5\u90e8\u7f72\u7ed3\u679c\nkubectl -n nfs get pod,svc\n
"},{"location":"admin/baize/best-practice/deploy-nfs-in-worker.html#csi-driver-nfs","title":"\u5b89\u88c5 csi-driver-nfs","text":"\u5b89\u88c5 csi-driver-nfs
\u9700\u8981\u4f7f\u7528 Helm
\uff0c\u8bf7\u6ce8\u610f\u63d0\u524d\u5b89\u88c5\u3002
# \u6dfb\u52a0 Helm \u4ed3\u5e93\nhelm repo add csi-driver-nfs https://mirror.ghproxy.com/https://raw.githubusercontent.com/kubernetes-csi/csi-driver-nfs/master/charts\nhelm repo update csi-driver-nfs\n\n# \u90e8\u7f72 csi-driver-nfs\n# \u8fd9\u91cc\u53c2\u6570\u4e3b\u8981\u4f18\u5316\u4e86\u955c\u50cf\u5730\u5740\uff0c\u52a0\u901f\u56fd\u5185\u4e0b\u8f7d\nhelm upgrade --install csi-driver-nfs csi-driver-nfs/csi-driver-nfs \\\n --set image.nfs.repository=k8s.m.daocloud.io/sig-storage/nfsplugin \\\n --set image.csiProvisioner.repository=k8s.m.daocloud.io/sig-storage/csi-provisioner \\\n --set image.livenessProbe.repository=k8s.m.daocloud.io/sig-storage/livenessprobe \\\n --set image.nodeDriverRegistrar.repository=k8s.m.daocloud.io/sig-storage/csi-node-driver-registrar \\\n --namespace nfs \\\n --version v4.5.0\n
Warning
csi-nfs-controller
\u7684\u955c\u50cf\u5e76\u672a\u5168\u90e8\u652f\u6301 helm
\u53c2\u6570\uff0c\u9700\u8981\u624b\u5de5\u4fee\u6539 deployment
\u7684 image
\u5b57\u6bb5\u3002 \u5c06 image: registry.k8s.io
\u6539\u4e3a image: k8s.dockerproxy.com
\u4ee5\u52a0\u901f\u56fd\u5185\u4e0b\u8f7d\u3002
\u5c06\u4ee5\u4e0b YAML
\u4fdd\u5b58\u4e3a nfs-sc.yaml
\uff1a
apiVersion: storage.k8s.io/v1\nkind: StorageClass\nmetadata:\n name: nfs-csi\nprovisioner: nfs.csi.k8s.io\nparameters:\n server: nfs-server.nfs.svc.cluster.local\n share: /\n # csi.storage.k8s.io/provisioner-secret is only needed for providing mountOptions in DeleteVolume\n # csi.storage.k8s.io/provisioner-secret-name: \"mount-options\"\n # csi.storage.k8s.io/provisioner-secret-namespace: \"default\"\nreclaimPolicy: Retain\nvolumeBindingMode: Immediate\nmountOptions:\n - nfsvers=4.1\n
\u7136\u540e\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u8fdb\u884c\u90e8\u7f72\uff1a
kubectl apply -f nfs-sc.yaml\n
"},{"location":"admin/baize/best-practice/deploy-nfs-in-worker.html#_4","title":"\u6d4b\u8bd5","text":"\u521b\u5efa\u6570\u636e\u96c6\uff0c\u5e76\u5c06\u6570\u636e\u96c6\u7684 \u5173\u8054\u5b58\u50a8\u7c7b \uff0c\u9884\u70ed\u65b9\u5f0f
\u8bbe\u7f6e\u4e3a NFS
\uff0c\u5373\u53ef\u5c06\u8fdc\u7aef\u6570\u636e\u9884\u70ed\u5230\u96c6\u7fa4\u5185\u3002
\u6570\u636e\u96c6\u521b\u5efa\u6210\u529f\u540e\uff0c\u53ef\u4ee5\u770b\u5230\u6570\u636e\u96c6\u7684\u72b6\u6001\u4e3a \u9884\u70ed\u4e2d
\uff0c\u7b49\u5f85\u9884\u70ed\u5b8c\u6210\u540e\u5373\u53ef\u4f7f\u7528\u3002
/sbin/mount
","text":"bad option; for several filesystems (e.g. nfs, cifs) you might need a /sbin/mount.<type> helper program.\n
\u5728\u8fd0\u884c Kubernetes \u7684\u8282\u70b9\u673a\u5668\u4e0a\uff0c\u786e\u4fdd\u5df2\u5b89\u88c5 NFS \u5ba2\u6237\u7aef\uff1a
Ubuntu/DebianCentOS/RHEL\u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\u5b89\u88c5 NFS \u5ba2\u6237\u7aef\uff1a
sudo apt-get update\nsudo apt-get install nfs-common\n
\u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\u5b89\u88c5 NFS \u5ba2\u6237\u7aef\uff1a
sudo yum install nfs-utils\n
\u68c0\u67e5 NFS \u670d\u52a1\u5668\u914d\u7f6e\uff0c\u786e\u4fdd NFS \u670d\u52a1\u5668\u6b63\u5728\u8fd0\u884c\u4e14\u914d\u7f6e\u6b63\u786e\u3002\u4f60\u53ef\u4ee5\u5c1d\u8bd5\u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\u624b\u52a8\u6302\u8f7d\u6765\u6d4b\u8bd5\uff1a
sudo mkdir -p /mnt/test\nsudo mount -t nfs <nfs-server>:/nfsdata /mnt/test\n
"},{"location":"admin/baize/best-practice/finetunel-llm.html","title":"\u4f7f\u7528 AI Lab \u5fae\u8c03 ChatGLM3 \u6a21\u578b","text":"\u672c\u6587\u4ee5 ChatGLM3
\u6a21\u578b\u4e3a\u4f8b\uff0c\u6f14\u793a\u5982\u4f55\u5728 AI Lab \u4e2d\u4f7f\u7528 LoRA\uff08Low-Rank Adaptation\uff0c\u4f4e\u79e9\u81ea\u9002\u5e94\uff09\u5fae\u8c03 ChatGLM3 \u6a21\u578b\u3002 Demo \u7a0b\u5e8f\u6765\u81ea ChatGLM3 \u5b98\u65b9\u6848\u4f8b\u3002
\u5fae\u8c03\u7684\u5927\u81f4\u6d41\u7a0b\u4e3a\uff1a
"},{"location":"admin/baize/best-practice/finetunel-llm.html#_1","title":"\u73af\u5883\u4f9d\u8d56","text":"Info
\u5728\u5f00\u59cb\u4f53\u9a8c\u4e4b\u524d\uff0c\u8bf7\u68c0\u67e5 AI \u7b97\u529b\u5e73\u53f0\u4ee5\u53ca AI Lab \u90e8\u7f72\u6b63\u786e\uff0cGPU \u961f\u5217\u8d44\u6e90\u521d\u59cb\u5316\u6210\u529f\uff0c\u4e14\u7b97\u529b\u8d44\u6e90\u5145\u8db3\u3002
"},{"location":"admin/baize/best-practice/finetunel-llm.html#_2","title":"\u6570\u636e\u51c6\u5907","text":"\u5229\u7528 AI Lab \u63d0\u4f9b\u7684\u6570\u636e\u96c6\u7ba1\u7406\u529f\u80fd\uff0c\u5feb\u901f\u5c06\u5fae\u8c03\u5927\u6a21\u578b\u6240\u9700\u7684\u6570\u636e\u8fdb\u884c\u9884\u70ed\u53ca\u6301\u4e45\u5316\uff0c\u51cf\u5c11\u56e0\u4e3a\u51c6\u5907\u6570\u636e\u5bfc\u81f4\u7684 GPU \u8d44\u6e90\u5360\u7528\uff0c\u63d0\u9ad8\u8d44\u6e90\u5229\u7528\u6548\u7387\u3002
\u5728\u6570\u636e\u96c6\u5217\u8868\u9875\u9762\uff0c\u521b\u5efa\u9700\u8981\u7684\u6570\u636e\u8d44\u6e90\uff0c\u8fd9\u4e9b\u8d44\u6e90\u5305\u542b\u4e86 ChatGLM3 \u4ee3\u7801\uff0c\u4e5f\u53ef\u4ee5\u662f\u6570\u636e\u6587\u4ef6\uff0c\u6240\u6709\u8fd9\u4e9b\u6570\u636e\u90fd\u53ef\u4ee5\u901a\u8fc7\u6570\u636e\u96c6\u5217\u8868\u6765\u7edf\u4e00\u7ba1\u7406\u3002
"},{"location":"admin/baize/best-practice/finetunel-llm.html#_3","title":"\u4ee3\u7801\u53ca\u6a21\u578b\u6587\u4ef6","text":"ChatGLM3 \u662f\u667a\u8c31 AI \u548c\u6e05\u534e\u5927\u5b66 KEG \u5b9e\u9a8c\u5ba4\u8054\u5408\u53d1\u5e03\u7684\u5bf9\u8bdd\u9884\u8bad\u7ec3\u6a21\u578b\u3002
\u5148\u62c9\u53d6 ChatGLM3 \u4ee3\u7801\u4ed3\u5e93\uff0c\u4e0b\u8f7d\u9884\u8bad\u7ec3\u6a21\u578b\uff0c\u7528\u4e8e\u540e\u7eed\u7684\u5fae\u8c03\u4efb\u52a1\u3002
AI Lab \u4f1a\u5728\u540e\u53f0\u8fdb\u884c\u5168\u81ea\u52a8\u6570\u636e\u9884\u70ed\uff0c\u4ee5\u4fbf\u540e\u7eed\u7684\u4efb\u52a1\u80fd\u591f\u5feb\u901f\u8bbf\u95ee\u6570\u636e\u3002
"},{"location":"admin/baize/best-practice/finetunel-llm.html#advertisegen","title":"AdvertiseGen \u6570\u636e\u96c6","text":"\u56fd\u5185\u6570\u636e\u53ef\u4ee5\u4ece Tsinghua Cloud \u76f4\u63a5\u83b7\u53d6\uff0c\u8fd9\u91cc\u4f7f\u7528 HTTP
\u7684\u6570\u636e\u6e90\u65b9\u5f0f\u3002
\u6ce8\u610f\u521b\u5efa\u5b8c\u6210\u540e\uff0c\u9700\u8981\u7b49\u5f85\u6570\u636e\u96c6\u9884\u70ed\u5b8c\u6210\uff0c\u4e00\u822c\u5f88\u5feb\uff0c\u6839\u636e\u60a8\u7684\u7f51\u7edc\u60c5\u51b5\u800c\u5b9a\u3002
"},{"location":"admin/baize/best-practice/finetunel-llm.html#_4","title":"\u5fae\u8c03\u8f93\u51fa\u6570\u636e","text":"\u540c\u65f6\uff0c\u60a8\u9700\u8981\u51c6\u5907\u4e00\u4e2a\u7a7a\u7684\u6570\u636e\u96c6\uff0c\u7528\u4e8e\u5b58\u653e\u5fae\u8c03\u4efb\u52a1\u5b8c\u6210\u540e\u8f93\u51fa\u7684\u6a21\u578b\u6587\u4ef6\uff0c\u8fd9\u91cc\u521b\u5efa\u4e00\u4e2a\u7a7a\u7684\u6570\u636e\u96c6\uff0c\u4ee5 PVC
\u4e3a\u4f8b\u3002
Warning
\u6ce8\u610f\u9700\u8981\u4f7f\u7528\u652f\u6301 ReadWriteMany
\u7684\u5b58\u50a8\u7c7b\u578b\uff0c\u4ee5\u4fbf\u540e\u7eed\u7684\u4efb\u52a1\u80fd\u591f\u5feb\u901f\u8bbf\u95ee\u6570\u636e\u3002
\u5bf9\u4e8e\u6a21\u578b\u5f00\u53d1\u8005\u6765\u8bf4\uff0c\u51c6\u5907\u6a21\u578b\u5f00\u53d1\u9700\u8981\u7684 Python \u73af\u5883\u4f9d\u8d56\u662f\u975e\u5e38\u91cd\u8981\u7684\uff0c\u4f20\u7edf\u505a\u6cd5\u5c06\u73af\u5883\u4f9d\u8d56\u76f4\u63a5\u6253\u5305\u5230\u5f00\u53d1\u5de5\u5177\u7684\u955c\u50cf\u4e2d\uff0c \u6216\u8005\u76f4\u63a5\u5728\u672c\u5730\u73af\u5883\u4e2d\u5b89\u88c5\uff0c\u4f46\u662f\u8fd9\u6837\u505a\u4f1a\u5bfc\u81f4\u73af\u5883\u4f9d\u8d56\u7684\u4e0d\u4e00\u81f4\uff0c\u800c\u4e14\u4e0d\u5229\u4e8e\u73af\u5883\u7684\u7ba1\u7406\u548c\u4f9d\u8d56\u66f4\u65b0\u53ca\u540c\u6b65\u3002
AI Lab \u63d0\u4f9b\u4e86\u73af\u5883\u7ba1\u7406\u7684\u80fd\u529b\uff0c\u5c06 Python \u73af\u5883\u4f9d\u8d56\u5305\u7ba1\u7406\u548c\u5f00\u53d1\u5de5\u5177\u3001\u4efb\u52a1\u955c\u50cf\u7b49\u8fdb\u884c\u89e3\u8026\uff0c\u89e3\u51b3\u4e86\u4f9d\u8d56\u7ba1\u7406\u6df7\u4e71\uff0c\u73af\u5883\u4e0d\u4e00\u81f4\u7b49\u95ee\u9898\u3002
\u8fd9\u91cc\u4f7f\u7528 AI Lab \u63d0\u4f9b\u7684\u73af\u5883\u7ba1\u7406\u529f\u80fd\uff0c\u521b\u5efa ChatGLM3 \u5fae\u8c03\u6240\u9700\u7684\u73af\u5883\uff0c\u4ee5\u5907\u540e\u7eed\u4f7f\u7528\u3002
Warning
requirements.txt
\u6587\u4ef6\uff0c\u91cc\u9762\u5305\u542b\u4e86 ChatGLM3 \u5fae\u8c03\u6240\u9700\u7684\u73af\u5883\u4f9d\u8d56deepspeed
\u548c mpi4py
\u5305\uff0c\u5efa\u8bae\u4ece requirements.txt
\u6587\u4ef6\u4e2d\u5c06\u5176\u6ce8\u91ca\u6389\uff0c\u5426\u5219\u53ef\u80fd\u51fa\u73b0\u5305\u7f16\u8bd1\u4e0d\u901a\u8fc7\u7684\u60c5\u51b5\u5728\u73af\u5883\u7ba1\u7406\u5217\u8868\uff0c\u60a8\u53ef\u4ee5\u5feb\u901f\u521b\u5efa\u4e00\u4e2a Python \u73af\u5883\uff0c\u5e76\u901a\u8fc7\u7b80\u5355\u7684\u8868\u5355\u914d\u7f6e\u6765\u5b8c\u6210\u73af\u5883\u7684\u521b\u5efa\uff1b\u8fd9\u91cc\u9700\u8981\u4e00\u4e2a Python 3.11.x \u73af\u5883\uff0c
\u56e0\u4e3a\u672c\u5b9e\u9a8c\u9700\u8981\u4f7f\u7528 CUDA\uff0c\u6240\u4ee5\u5728\u8fd9\u91cc\u9700\u8981\u914d\u7f6e GPU \u8d44\u6e90\uff0c\u7528\u4e8e\u9884\u70ed\u9700\u8981\u8d44\u6e90\u7684\u4f9d\u8d56\u5e93\u3002
\u521b\u5efa\u73af\u5883\uff0c\u9700\u8981\u53bb\u4e0b\u8f7d\u4e00\u7cfb\u5217\u7684 Python \u4f9d\u8d56\uff0c\u6839\u636e\u60a8\u7684\u5b9e\u9645\u4f4d\u7f6e\u4e0d\u540c\uff0c\u53ef\u80fd\u4f1a\u6709\u4e0d\u540c\u7684\u4e0b\u8f7d\u901f\u5ea6\uff0c\u8fd9\u91cc\u4f7f\u7528\u4e86\u56fd\u5185\u7684\u955c\u50cf\u52a0\u901f\uff0c\u53ef\u4ee5\u52a0\u5feb\u4e0b\u8f7d\u901f\u5ea6\u3002
"},{"location":"admin/baize/best-practice/finetunel-llm.html#notebook-ide","title":"\u4f7f\u7528 Notebook \u4f5c\u4e3a IDE","text":"AI Lab \u63d0\u4f9b\u4e86 Notebook \u4f5c\u4e3a IDE \u7684\u529f\u80fd\uff0c\u53ef\u4ee5\u8ba9\u7528\u6237\u5728\u6d4f\u89c8\u5668\u4e2d\u76f4\u63a5\u7f16\u5199\u4ee3\u7801\uff0c\u8fd0\u884c\u4ee3\u7801\uff0c\u67e5\u770b\u4ee3\u7801\u8fd0\u884c\u7ed3\u679c\uff0c\u975e\u5e38\u9002\u5408\u4e8e\u6570\u636e\u5206\u6790\u3001\u673a\u5668\u5b66\u4e60\u3001\u6df1\u5ea6\u5b66\u4e60\u7b49\u9886\u57df\u7684\u5f00\u53d1\u3002
\u60a8\u53ef\u4ee5\u4f7f\u7528 AI Lab \u63d0\u4f9b\u7684 JupyterLab Notebook \u6765\u8fdb\u884c ChatGLM3 \u7684\u5fae\u8c03\u4efb\u52a1\u3002
"},{"location":"admin/baize/best-practice/finetunel-llm.html#jupyterlab-notebook","title":"\u521b\u5efa JupyterLab Notebook","text":"\u5728 Notebook \u5217\u8868\u4e2d\uff0c\u53ef\u4ee5\u6839\u636e\u9875\u9762\u64cd\u4f5c\u6307\u5f15\uff0c\u521b\u5efa\u4e00\u4e2a Notebook\u3002\u6ce8\u610f\u60a8\u9700\u8981\u6839\u636e\u524d\u6587\u63d0\u5230\u7684\u8d44\u6e90\u8981\u6c42\u6765\u914d\u7f6e\u5bf9\u5e94\u7684 Notebook \u8d44\u6e90\u53c2\u6570\uff0c \u907f\u514d\u540e\u7eed\u56e0\u4e3a\u8d44\u6e90\u95ee\u9898\uff0c\u5f71\u54cd\u5fae\u8c03\u8fc7\u7a0b\u3002
Note
\u5728\u521b\u5efa Notebook \u65f6\uff0c\u53ef\u4ee5\u5c06\u4e4b\u524d\u9884\u52a0\u8f7d\u7684\u6a21\u578b\u4ee3\u7801\u6570\u636e\u96c6\u548c\u73af\u5883\uff0c\u76f4\u63a5\u6302\u8f7d\u5230 Notebook \u4e2d\uff0c\u6781\u5927\u8282\u7701\u4e86\u6570\u636e\u51c6\u5907\u7684\u65f6\u95f4\u3002
"},{"location":"admin/baize/best-practice/finetunel-llm.html#_6","title":"\u6302\u8f7d\u6570\u636e\u96c6\u548c\u4ee3\u7801","text":"\u6ce8\u610f\uff1aChatGLM3 \u7684\u4ee3\u7801\u6587\u4ef6\u6302\u8f7d\u5230\u4e86 /home/jovyan/ChatGLM3
\u76ee\u5f55\u4e0b\uff0c\u540c\u65f6\u60a8\u4e5f\u9700\u8981\u5c06 AdvertiseGen
\u6570\u636e\u96c6\u6302\u8f7d\u5230 /home/jovyan/ChatGLM3/finetune_demo/data/AdvertiseGen
\u76ee\u5f55\u4e0b\uff0c\u4ee5\u4fbf\u540e\u7eed\u7684\u5fae\u8c03\u4efb\u52a1\u80fd\u591f\u8bbf\u95ee\u6570\u636e\u3002
\u672c\u6b21\u4f7f\u7528\u7684\u6a21\u578b\u8f93\u51fa\u4f4d\u7f6e\u5728 /home/jovyan/ChatGLM3/finetune_demo/output
\u76ee\u5f55\u4e0b\uff0c\u53ef\u4ee5\u5c06\u4e4b\u524d\u521b\u5efa\u7684 PVC
\u6570\u636e\u96c6\u6302\u8f7d\u5230\u8fd9\u4e2a\u76ee\u5f55\u4e0b\uff0c \u8fd9\u6837\u8bad\u7ec3\u8f93\u51fa\u7684\u6a21\u578b\u5c31\u53ef\u4ee5\u4fdd\u5b58\u5230\u6570\u636e\u96c6\u4e2d\uff0c\u540e\u7eed\u6a21\u578b\u63a8\u7406\u7b49\u4efb\u52a1\u53ef\u4ee5\u76f4\u63a5\u8bbf\u95ee\u3002
\u521b\u5efa\u5b8c\u6210\u540e\uff0c\u53ef\u4ee5\u770b\u5230 Notebook \u7684\u754c\u9762\uff0c\u60a8\u53ef\u4ee5\u76f4\u63a5\u5728 Notebook \u4e2d\u7f16\u5199\u4ee3\u7801\uff0c\u8fd0\u884c\u4ee3\u7801\uff0c\u67e5\u770b\u4ee3\u7801\u8fd0\u884c\u7ed3\u679c\u3002
"},{"location":"admin/baize/best-practice/finetunel-llm.html#chatglm3","title":"\u5fae\u8c03 ChatGLM3","text":"\u5f53\u60a8\u8fdb\u5165\u5230 Notebook \u4e2d\u540e\uff0c\u53ef\u4ee5\u5728 Notebook \u4fa7\u8fb9\u680f\u4f1a\u53d1\u73b0\u6709\u4e00\u4e2a File Browser
\u7684\u9009\u9879\uff0c\u53ef\u4ee5\u770b\u5230\u4e4b\u524d\u6302\u8f7d\u7684\u6570\u636e\u96c6\u548c\u4ee3\u7801\uff0c\u5728\u8fd9\u91cc\u627e\u5230 ChatGLM3 \u7684\u6587\u4ef6\u5939\u3002
\u60a8\u53ef\u4ee5\u770b\u5230 ChatGLM3 \u7684\u5fae\u8c03\u4ee3\u7801\u5728 finetune_demo
\u6587\u4ef6\u5939\u4e2d\uff0c\u8fd9\u91cc\u53ef\u4ee5\u76f4\u63a5\u6253\u5f00 lora_finetune.ipynb
\u6587\u4ef6\uff0c\u8fd9\u662f ChatGLM3 \u7684\u5fae\u8c03\u4ee3\u7801\u3002
\u9996\u5148\uff0c\u6839\u636e README.md
\u7684\u8bf4\u660e\uff0c\u60a8\u53ef\u4ee5\u4e86\u89e3\u5230\u6574\u4e2a\u5fae\u8c03\u7684\u8fc7\u7a0b\uff0c\u5efa\u8bae\u5148\u9605\u8bfb\u4e00\u904d\uff0c\u786e\u4fdd\u57fa\u7840\u7684\u73af\u5883\u4f9d\u8d56\u548c\u6570\u636e\u51c6\u5907\u5de5\u4f5c\u90fd\u5df2\u7ecf\u5b8c\u6210\u3002
\u6253\u5f00\u7ec8\u7aef\uff0c\u5e76\u4f7f\u7528 conda
\u5207\u6362\u5230\u60a8\u63d0\u524d\u9884\u70ed\u7684\u73af\u5883\u4e2d\uff0c\u6b64\u73af\u5883\u4e0e JupyterLab Kernel \u4fdd\u6301\u4e00\u81f4\uff0c\u4ee5\u4fbf\u540e\u7eed\u7684\u4ee3\u7801\u8fd0\u884c\u3002
\u9996\u5148\uff0c\u60a8\u9700\u8981\u5c06 AdvertiseGen
\u6570\u636e\u96c6\u8fdb\u884c\u9884\u5904\u7406\uff0c\u5bf9\u6570\u636e\u8fdb\u884c\u6807\u51c6\u5316\u5904\u7406\uff0c\u4f7f\u5176\u7b26\u5408 Lora
\u9884\u8bad\u7ec3\u7684\u6807\u51c6\u683c\u5f0f\u8981\u6c42\uff1b \u8fd9\u91cc\u5c06\u5904\u7406\u540e\u7684\u6570\u636e\u4fdd\u5b58\u5230 AdvertiseGen_fix
\u6587\u4ef6\u5939\u4e2d\u3002
import json\nfrom typing import Union\nfrom pathlib import Path\n\ndef _resolve_path(path: Union[str, Path]) -> Path:\n return Path(path).expanduser().resolve()\n\ndef _mkdir(dir_name: Union[str, Path]):\n dir_name = _resolve_path(dir_name)\n if not dir_name.is_dir():\n dir_name.mkdir(parents=True, exist_ok=False)\n\ndef convert_adgen(data_dir: Union[str, Path], save_dir: Union[str, Path]):\n def _convert(in_file: Path, out_file: Path):\n _mkdir(out_file.parent)\n with open(in_file, encoding='utf-8') as fin:\n with open(out_file, 'wt', encoding='utf-8') as fout:\n for line in fin:\n dct = json.loads(line)\n sample = {'conversations': [{'role': 'user', 'content': dct['content']},\n {'role': 'assistant', 'content': dct['summary']}]}\n fout.write(json.dumps(sample, ensure_ascii=False) + '\\n')\n\n data_dir = _resolve_path(data_dir)\n save_dir = _resolve_path(save_dir)\n\n train_file = data_dir / 'train.json'\n if train_file.is_file():\n out_file = save_dir / train_file.relative_to(data_dir)\n _convert(train_file, out_file)\n\n dev_file = data_dir / 'dev.json'\n if dev_file.is_file():\n out_file = save_dir / dev_file.relative_to(data_dir)\n _convert(dev_file, out_file)\n\nconvert_adgen('data/AdvertiseGen', 'data/AdvertiseGen_fix')\n
\u4e3a\u4e86\u8282\u7701\u8c03\u8bd5\u7684\u65f6\u95f4\uff0c\u60a8\u53ef\u4ee5\u5c06 /home/jovyan/ChatGLM3/finetune_demo/data/AdvertiseGen_fix/dev.json
\u4e2d\u7684\u6570\u636e\u91cf\u7f29\u51cf\u5230 50 \u6761\uff0c\u8fd9\u91cc\u7684\u6570\u636e\u662f JSON \u683c\u5f0f\uff0c\u5904\u7406\u8d77\u6765\u4e5f\u662f\u6bd4\u8f83\u65b9\u4fbf\u7684\u3002
\u5b8c\u6210\u6570\u636e\u7684\u9884\u5904\u7406\u4e4b\u540e\uff0c\u57fa\u672c\u4e0a\u60a8\u5c31\u53ef\u4ee5\u76f4\u63a5\u5fae\u8c03\u6d4b\u8bd5\u4e86\uff0c\u53ef\u4ee5\u5728 /home/jovyan/ChatGLM3/finetune_demo/configs/lora.yaml
\u6587\u4ef6\u4e2d\u914d\u7f6e\u5fae\u8c03\u7684\u53c2\u6570\uff0c\u4e00\u822c\u9700\u8981\u5173\u6ce8\u7684\u53c2\u6570\u57fa\u672c\u5982\u4e0b\uff1a
\u65b0\u5f00\u4e00\u4e2a\u7ec8\u7aef\u7a97\u53e3\uff0c\u4f7f\u7528\u5982\u4e0b\u547d\u4ee4\u5373\u53ef\u8fdb\u884c\u672c\u5730\u5fae\u8c03\u6d4b\u8bd5\uff0c\u8bf7\u786e\u4fdd\u53c2\u6570\u914d\u7f6e\u548c\u8def\u5f84\u6b63\u786e\uff1a
!CUDA_VISIBLE_DEVICES=0 NCCL_P2P_DISABLE=\"1\" NCCL_IB_DISABLE=\"1\" python finetune_hf.py data/AdvertiseGen_fix ./chatglm3-6b configs/lora.yaml\n
\u5728\u8fd9\u6761\u547d\u4ee4\u4e2d\uff0c
finetune_hf.py
\u662f ChatGLM3 \u4ee3\u7801\u4e2d\u7684\u5fae\u8c03\u811a\u672cdata/AdvertiseGen_fix
\u662f\u60a8\u9884\u5904\u7406\u540e\u7684\u6570\u636e\u96c6./chatglm3-6b
\u662f\u60a8\u9884\u8bad\u7ec3\u6a21\u578b\u7684\u8def\u5f84configs/lora.yaml
\u662f\u5fae\u8c03\u7684\u914d\u7f6e\u6587\u4ef6\u5fae\u8c03\u8fc7\u7a0b\u4e2d\u53ef\u4ee5\u4f7f\u7528 nvidia-smi
\u547d\u4ee4\u67e5\u770b GPU \u663e\u5b58\u4f7f\u7528\u60c5\u51b5\uff1a
\u5728\u5fae\u8c03\u5b8c\u6210\u540e\uff0c\u5728 finetune_demo
\u76ee\u5f55\u4e0b\u4f1a\u751f\u6210\u4e00\u4e2a output
\u76ee\u5f55\uff0c\u91cc\u9762\u5305\u542b\u4e86\u5fae\u8c03\u7684\u6a21\u578b\u6587\u4ef6\uff0c \u8fd9\u6837\u5fae\u8c03\u7684\u6a21\u578b\u6587\u4ef6\u5c31\u76f4\u63a5\u4fdd\u5b58\u5230\u60a8\u4e4b\u524d\u521b\u5efa\u7684 PVC
\u6570\u636e\u96c6\u4e2d\u4e86\u3002
\u5728\u672c\u5730\u5fae\u8c03\u6d4b\u8bd5\u5b8c\u6210\u540e\uff0c\u786e\u4fdd\u60a8\u7684\u4ee3\u7801\u548c\u6570\u636e\u6ca1\u6709\u95ee\u9898\uff0c\u63a5\u4e0b\u6765\u53ef\u4ee5\u5c06\u5fae\u8c03\u4efb\u52a1\u63d0\u4ea4\u5230AI Lab \u4e2d\uff0c\u8fdb\u884c\u5927\u89c4\u6a21\u7684\u8bad\u7ec3\u548c\u5fae\u8c03\u4efb\u52a1\u3002
\u8fd9\u4e5f\u662f\u63a8\u8350\u7684\u6a21\u578b\u5f00\u53d1\u548c\u5fae\u8c03\u6d41\u7a0b\uff0c\u5148\u5728\u672c\u5730\u8fdb\u884c\u5fae\u8c03\u6d4b\u8bd5\uff0c\u786e\u4fdd\u4ee3\u7801\u548c\u6570\u636e\u6ca1\u6709\u95ee\u9898\u3002
"},{"location":"admin/baize/best-practice/finetunel-llm.html#_9","title":"\u4f7f\u7528\u754c\u9762\u63d0\u4ea4\u5fae\u8c03\u4efb\u52a1","text":"\u8fd9\u91cc\u4f7f\u7528 Pytorch
\u6765\u521b\u5efa\u5fae\u8c03\u4efb\u52a1\uff0c\u6839\u636e\u60a8\u7684\u5b9e\u9645\u60c5\u51b5\uff0c\u9009\u62e9\u9700\u8981\u4f7f\u7528\u54ea\u4e2a\u96c6\u7fa4\u7684\u8d44\u6e90\uff0c\u6ce8\u610f\u9700\u8981\u6ee1\u8db3\u524d\u9762\u8d44\u6e90\u51c6\u5907\u4e2d\u63d0\u53ca\u7684\u8d44\u6e90\u8981\u6c42\u3002
\u542f\u52a8\u547d\u4ee4\uff0c\u6839\u636e\u60a8\u5728 Notebook \u4e2d\u4f7f\u7528 LoRA \u5fae\u8c03\u7684\u7ecf\u9a8c\uff0c\u4ee3\u7801\u6587\u4ef6\u548c\u6570\u636e\u5728 /home/jovyan/ChatGLM3/finetune_demo
\u76ee\u5f55\u4e0b\uff0c\u6240\u4ee5\u60a8\u53ef\u4ee5\u76f4\u63a5\u4f7f\u7528\u8fd9\u4e2a\u8def\u5f84\uff1a
bash -c \"cd /home/jovyan/ChatGLM3/finetune_demo && CUDA_VISIBLE_DEVICES=0 NCCL_P2P_DISABLE=\"1\" NCCL_IB_DISABLE=\"1\" python finetune_hf.py data/AdvertiseGen_fix ./chatglm3-6b configs/lora.yaml\"\n
\u6302\u8f7d\u73af\u5883\uff0c\u8fd9\u6837\u4e4b\u524d\u9884\u52a0\u8f7d\u7684\u73af\u5883\u4f9d\u8d56\u4e0d\u4ec5\u53ef\u4ee5\u5728 Notebook \u4e2d\u4f7f\u7528\uff0c\u540c\u65f6\u4e5f\u53ef\u4ee5\u5728\u4efb\u52a1\u4e2d\u4f7f\u7528
AdvertiseGen
\u6570\u636e\u96c6\u6302\u8f7d\u5230 /home/jovyan/ChatGLM3/finetune_demo/data/AdvertiseGen
\u76ee\u5f55\u4e0b\u4efb\u52a1\u6210\u529f\u63d0\u4ea4\u540e\uff0c\u60a8\u53ef\u4ee5\u5728\u4efb\u52a1\u5217\u8868\u4e2d\u5b9e\u65f6\u67e5\u770b\u4efb\u52a1\u7684\u8bad\u7ec3\u8fdb\u5c55\uff0c\u8fd9\u91cc\u60a8\u53ef\u4ee5\u770b\u5230\u4efb\u52a1\u7684\u72b6\u6001\u3001\u8d44\u6e90\u4f7f\u7528\u60c5\u51b5\u3001\u65e5\u5fd7\u7b49\u4fe1\u606f\u3002
\u67e5\u770b\u4efb\u52a1\u65e5\u5fd7
\u4efb\u52a1\u8fd0\u884c\u5b8c\u6210\u540e\uff0c\u60a8\u53ef\u4ee5\u5728\u6570\u636e\u8f93\u51fa\u7684\u6570\u636e\u96c6\u4e2d\u67e5\u770b\u5fae\u8c03\u7684\u6a21\u578b\u6587\u4ef6\uff0c\u8fd9\u6837\u5c31\u53ef\u4ee5\u4f7f\u7528\u8fd9\u4e2a\u6a21\u578b\u6587\u4ef6\u8fdb\u884c\u540e\u7eed\u7684\u63a8\u7406\u4efb\u52a1\u3002
"},{"location":"admin/baize/best-practice/finetunel-llm.html#baizectl","title":"\u4f7f\u7528baizectl
\u63d0\u4ea4\u4efb\u52a1","text":"AI Lab \u7684 Notebook \u652f\u6301\u514d\u8ba4\u8bc1\u76f4\u63a5\u4f7f\u7528 baizectl
\u547d\u4ee4\u884c\u5de5\u5177\uff0c \u5982\u679c\u60a8\u559c\u6b22\u4f7f\u7528 CLI\uff0c\u90a3\u4e48\u53ef\u4ee5\u76f4\u63a5\u4f7f\u7528 baizectl
\u63d0\u4f9b\u7684\u547d\u4ee4\u884c\u5de5\u5177\uff0c\u63d0\u4ea4\u4efb\u52a1\u3002
baizectl job submit --name finetunel-chatglm3 -t PYTORCH \\\n --image release.daocloud.io/baize/baize-notebook:v0.5.0 \\\n --priority baize-high-priority \\\n --resources cpu=8,memory=16Gi,nvidia.com/gpu=1 \\\n --workers 1 \\\n --queue default \\\n --working-dir /home/jovyan/ChatGLM3 \\\n --datasets AdvertiseGen:/home/jovyan/ChatGLM3/finetune_demo/data/AdvertiseGen \\\n --datasets output:/home/jovyan/ChatGLM3/finetune_demo/output \\\n --labels job_type=pytorch \\\n --restart-policy on-failure \\\n -- bash -c \"cd /home/jovyan/ChatGLM3/finetune_demo && CUDA_VISIBLE_DEVICES=0 NCCL_P2P_DISABLE=\"1\" NCCL_IB_DISABLE=\"1\" python finetune_hf.py data/AdvertiseGen_fix ./chatglm3-6b configs/lora.yaml\"\n
\u5982\u679c\u5e0c\u671b\u4e86\u89e3\u66f4\u591a baizectl
\u7684\u4f7f\u7528\u8bf4\u660e\uff0c\u53ef\u4ee5\u67e5\u770b baizectl \u4f7f\u7528\u6587\u6863\u3002
\u5728\u5fae\u8c03\u4efb\u52a1\u5b8c\u6210\u540e\uff0c\u60a8\u53ef\u4ee5\u4f7f\u7528\u5fae\u8c03\u7684\u6a21\u578b\u8fdb\u884c\u63a8\u7406\u4efb\u52a1\uff0c\u8fd9\u91cc\u60a8\u53ef\u4ee5\u4f7f\u7528AI Lab \u63d0\u4f9b\u7684\u63a8\u7406\u670d\u52a1\uff0c\u5c06\u8f93\u51fa\u540e\u7684\u6a21\u578b\u521b\u5efa\u4e3a\u63a8\u7406\u670d\u52a1\u3002
\u5728\u63a8\u7406\u670d\u52a1\u5217\u8868\u4e2d\uff0c\u60a8\u53ef\u4ee5\u521b\u5efa\u4e00\u4e2a\u65b0\u7684\u63a8\u7406\u670d\u52a1\uff0c\u5728\u9009\u62e9\u6a21\u578b\u7684\u4f4d\u7f6e\uff0c\u9009\u62e9\u4e4b\u524d\u63a8\u7406\u8f93\u51fa\u7684\u6570\u636e\u96c6\uff0c\u5e76\u914d\u7f6e\u6a21\u578b\u8def\u5f84\u3002
\u6709\u5173\u6a21\u578b\u8d44\u6e90\u8981\u6c42\u3001\u63a8\u7406\u670d\u52a1\u7684 GPU \u8d44\u6e90\u8981\u6c42\uff0c\u9700\u8981\u6839\u636e\u6a21\u578b\u7684\u5927\u5c0f\u548c\u63a8\u7406\u7684\u5e76\u53d1\u91cf\u6765\u914d\u7f6e\uff0c\u8fd9\u91cc\u60a8\u53ef\u4ee5\u6839\u636e\u4e4b\u524d\u5fae\u8c03\u4efb\u52a1\u7684\u8d44\u6e90\u914d\u7f6e\u6765\u914d\u7f6e\u3002
"},{"location":"admin/baize/best-practice/finetunel-llm.html#_12","title":"\u914d\u7f6e\u6a21\u578b\u8fd0\u884c\u65f6","text":"\u914d\u7f6e\u6a21\u578b\u7684\u8fd0\u884c\u65f6\u5c24\u4e3a\u91cd\u8981\uff0c\u76ee\u524d AI Lab \u5df2\u7ecf\u652f\u6301 vLLM
\u4f5c\u4e3a\u6a21\u578b\u63a8\u7406\u670d\u52a1\u7684\u8fd0\u884c\u65f6\uff0c\u53ef\u4ee5\u76f4\u63a5\u9009\u62e9 vLLM
\u3002
vLLM \u652f\u6301\u975e\u5e38\u4e30\u5bcc\u7684\u5927\u8bed\u8a00\u6a21\u578b\uff0c\u5efa\u8bae\u8bbf\u95ee vLLM \u4e86\u89e3\u66f4\u591a\u4fe1\u606f\uff0c\u8fd9\u4e9b\u6a21\u578b\u90fd\u53ef\u4ee5\u5f88\u65b9\u4fbf\u5730\u5728 AI Lab \u4e2d\u4f7f\u7528\u3002
\u521b\u5efa\u5b8c\u6210\u540e\uff0c\u60a8\u53ef\u4ee5\u5728\u63a8\u7406\u670d\u52a1\u5217\u8868\u4e2d\u770b\u5230\u60a8\u521b\u5efa\u7684\u63a8\u7406\u670d\u52a1\uff0c\u5728\u6a21\u578b\u670d\u52a1\u5217\u8868\uff0c\u60a8\u53ef\u4ee5\u76f4\u63a5\u83b7\u53d6\u6a21\u578b\u7684\u8bbf\u95ee\u5730\u5740
"},{"location":"admin/baize/best-practice/finetunel-llm.html#_13","title":"\u4f7f\u7528\u6a21\u578b\u670d\u52a1\u6d4b\u8bd5","text":"\u7b80\u5355\u5728\u7ec8\u7aef\u4e2d\u5c1d\u8bd5\uff0c\u4f7f\u7528 curl
\u547d\u4ee4\u6765\u6d4b\u8bd5\u6a21\u578b\u670d\u52a1\uff0c\u8fd9\u91cc\u60a8\u53ef\u4ee5\u770b\u5230\u8fd4\u56de\u7684\u7ed3\u679c\uff0c\u8fd9\u6837\u5c31\u53ef\u4ee5\u4f7f\u7528\u6a21\u578b\u670d\u52a1\u8fdb\u884c\u63a8\u7406\u4efb\u52a1\u4e86\u3002
curl -X POST http://10.20.100.210:31118/v2/models/chatglm3-6b/generate \\\n -d '{\"text_input\": \"hello\", \"stream\": false, \"sampling_parameters\": \"{\\\"temperature\\\": 0.7, \\\"top_p\\\": 0.95, \\'max_tokens\\\": 1024\uff5d\"\uff5d'\n
"},{"location":"admin/baize/best-practice/finetunel-llm.html#_14","title":"\u7ed3\u8bed","text":"\u672c\u6587\u4ee5 ChatGLM3
\u4e3a\u4f8b\uff0c\u5e26\u60a8\u5feb\u901f\u4e86\u89e3\u548c\u4e0a\u624b AI Lab \u7684\u6a21\u578b\u5fae\u8c03\uff0c\u4f7f\u7528 LoRA
\u5fae\u8c03\u4e86 ChatGLM3 \u6a21\u578b\u3002
AI Lab \u63d0\u4f9b\u4e86\u975e\u5e38\u4e30\u5bcc\u7684\u529f\u80fd\uff0c\u53ef\u4ee5\u5e2e\u52a9\u6a21\u578b\u5f00\u53d1\u8005\u5feb\u901f\u8fdb\u884c\u6a21\u578b\u5f00\u53d1\u3001\u5fae\u8c03\u3001\u63a8\u7406\u7b49\u4efb\u52a1\uff0c\u540c\u65f6\u4e5f\u63d0\u4f9b\u4e86\u4e30\u5bcc\u7684 OpenAPI \u63a5\u53e3\uff0c\u53ef\u4ee5\u65b9\u4fbf\u5730\u4e0e\u7b2c\u4e09\u65b9\u5e94\u7528\u751f\u6001\u8fdb\u884c\u7ed3\u5408\u3002
"},{"location":"admin/baize/best-practice/label-studio.html","title":"\u90e8\u7f72 Label Studio","text":"Label Studio \u662f\u4e00\u4e2a\u5f00\u6e90\u7684\u6570\u636e\u6807\u6ce8\u5de5\u5177\uff0c\u7528\u4e8e\u5404\u79cd\u673a\u5668\u5b66\u4e60\u548c\u4eba\u5de5\u667a\u80fd\u4efb\u52a1\u3002 \u4ee5\u4e0b\u662f Label Studio \u7684\u7b80\u8981\u4ecb\u7ecd\uff1a
Label Studio \u901a\u8fc7\u5176\u7075\u6d3b\u6027\u548c\u529f\u80fd\u4e30\u5bcc\u6027\uff0c\u4e3a\u6570\u636e\u79d1\u5b66\u5bb6\u548c\u673a\u5668\u5b66\u4e60\u5de5\u7a0b\u5e08\u63d0\u4f9b\u4e86\u5f3a\u5927\u7684\u6570\u636e\u6807\u6ce8\u89e3\u51b3\u65b9\u6848\u3002
"},{"location":"admin/baize/best-practice/label-studio.html#ai","title":"\u90e8\u7f72\u5230 AI \u7b97\u529b\u5e73\u53f0","text":"\u8981\u60f3\u5728 AI Lab \u4e2d\u4f7f\u7528 Label Studio\uff0c\u9700\u5c06\u5176\u90e8\u7f72\u5230\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\uff0c \u4f60\u53ef\u4ee5\u901a\u8fc7 Helm \u7684\u65b9\u5f0f\u5feb\u901f\u90e8\u7f72\u3002
Note
\u66f4\u591a\u90e8\u7f72\u8be6\u60c5\uff0c\u8bf7\u53c2\u9605 Deploy Label Studio on Kubernetes\u3002
\u6253\u5f00\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u754c\u9762\uff0c\u4ece\u5de6\u4fa7\u5bfc\u822a\u680f\u627e\u5230 Helm \u5e94\u7528 -> Helm \u4ed3\u5e93 \uff0c\u9009\u62e9 \u521b\u5efa\u4ed3\u5e93 \u6309\u94ae\uff0c\u586b\u5199\u5982\u4e0b\u53c2\u6570\uff1a
\u6dfb\u52a0\u6210\u529f\u540e\uff0c\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507 \uff0c\u9009\u62e9 \u540c\u6b65\u4ed3\u5e93 \uff0c\u7a0d\u7b49\u7247\u523b\u540e\u5b8c\u6210\u540c\u6b65\u3002\uff08\u540e\u7eed\u66f4\u65b0 Label Studio \u4e5f\u4f1a\u7528\u5230\u8fd9\u4e2a\u540c\u6b65\u64cd\u4f5c\uff09\u3002
\u7136\u540e\u8df3\u8f6c\u5230 Helm \u6a21\u677f \u9875\u9762\uff0c\u4f60\u53ef\u4ee5\u641c\u7d22\u627e\u5230 label-studio
\uff0c\u70b9\u51fb\u5361\u7247\u3002
\u9009\u62e9\u6700\u65b0\u7684\u7248\u672c\uff0c\u5982\u4e0b\u56fe\u914d\u7f6e\u5b89\u88c5\u53c2\u6570\uff0c\u540d\u79f0\u4e3a label-stuio
\uff0c\u5efa\u8bae\u521b\u5efa\u65b0\u7684\u547d\u4ee4\u7a7a\u95f4\uff0c\u914d\u7f6e\u53c2\u6570\u5207\u6362\u5230 YAML
\uff0c\u6839\u636e\u8bf4\u660e\u4fee\u6539\u5176\u4e2d\u914d\u7f6e\u3002
global:\n image:\n repository: heartexlabs/label-studio # \u5982\u679c\u65e0\u6cd5\u8bbf\u95ee docker.io\uff0c\u5728\u6b64\u5904\u914d\u7f6e\u4ee3\u7406\u5730\u5740\n extraEnvironmentVars:\n LABEL_STUDIO_HOST: https://{\u8bbf\u95ee\u5730\u5740}/label-studio # \u4f7f\u7528\u7684\u767b\u5f55\u5730\u5740\uff0c\u8bf7\u53c2\u9605\u5f53\u524d\u7f51\u9875 URL\n LABEL_STUDIO_USERNAME: {\u7528\u6237\u90ae\u7bb1} # \u5fc5\u987b\u662f\u90ae\u7bb1\uff0c\u66ff\u6362\u4e3a\u81ea\u5df1\u7684\n LABEL_STUDIO_PASSWORD: {\u7528\u6237\u5bc6\u7801} \napp:\n nginx:\n livenessProbe:\n path: /label-studio/nginx_health\n readinessProbe:\n path: /label-studio/version\n
\u81f3\u6b64\uff0c\u5b8c\u6210\u4e86 Label studio \u7684\u5b89\u88c5\u3002
Warning
\u9ed8\u8ba4\u4f1a\u5b89\u88c5 PostgreSQL \u4f5c\u4e3a\u6570\u636e\u670d\u52a1\u4e2d\u95f4\u4ef6\uff0c\u5982\u679c\u955c\u50cf\u62c9\u53d6\u5931\u8d25\uff0c\u53ef\u80fd\u662f docker.io
\u65e0\u6cd5\u8bbf\u95ee\uff0c\u6ce8\u610f\u5207\u6362\u5230\u53ef\u7528\u4ee3\u7406\u5373\u53ef\u3002
\u5982\u679c\u4f60\u6709\u81ea\u5df1\u7684 PostgreSQL \u6570\u636e\u670d\u52a1\u4e2d\u95f4\u4ef6\uff0c\u53ef\u4ee5\u4f7f\u7528\u5982\u4e0b\u53c2\u6570\u914d\u7f6e\uff1a
global:\n image:\n repository: heartexlabs/label-studio # \u5982\u679c\u65e0\u6cd5\u8bbf\u95ee docker.io\uff0c\u5728\u6b64\u5904\u914d\u7f6e\u4ee3\u7406\u5730\u5740\n extraEnvironmentVars:\n LABEL_STUDIO_HOST: https://{\u8bbf\u95ee\u5730\u5740}/label-studio # \u4f7f\u7528\u7684\u767b\u5f55\u5730\u5740\uff0c\u53c2\u9605\u5f53\u524d\u7f51\u9875 URL\n LABEL_STUDIO_USERNAME: {\u7528\u6237\u90ae\u7bb1} # \u5fc5\u987b\u662f\u90ae\u7bb1\uff0c\u66ff\u6362\u4e3a\u81ea\u5df1\u7684\n LABEL_STUDIO_PASSWORD: {\u7528\u6237\u5bc6\u7801} \napp:\n nginx:\n livenessProbe:\n path: /label-studio/nginx_health\n readinessProbe:\n path: /label-studio/version\npostgresql:\n enabled: false # \u7981\u7528\u5185\u7f6e\u7684 PostgreSQL\nexternalPostgresql:\n host: \"postgres-postgresql\" # PostgreSQL \u5730\u5740\n port: 5432\n username: \"label_studio\" # PostgreSQL \u7528\u6237\u540d\n password: \"your_label_studio_password\" # PostgreSQL \u5bc6\u7801\n database: \"label_studio\" # PostgreSQL \u6570\u636e\u5e93\u540d\n
"},{"location":"admin/baize/best-practice/label-studio.html#gproduct","title":"\u6dfb\u52a0 GProduct \u5230\u5bfc\u822a\u680f","text":"\u5982\u679c\u8981\u6dfb\u52a0 Label Studio \u5230\u5bfc\u822a\u680f\uff0c\u53ef\u4ee5\u53c2\u8003\u5168\u5c40\u7ba1\u7406 OEM IN \u7684\u65b9\u5f0f\u3002 \u4ee5\u4e0b\u6848\u4f8b\u662f\u589e\u52a0\u5230 AI Lab \u4e8c\u7ea7\u5bfc\u822a\u7684\u6dfb\u52a0\u65b9\u5f0f\u3002
"},{"location":"admin/baize/best-practice/label-studio.html#_1","title":"\u6dfb\u52a0\u4ee3\u7406\u8bbf\u95ee","text":"apiVersion: ghippo.io/v1alpha1\nkind: GProductProxy\nmetadata:\n name: label-studio\nspec:\n gproduct: label-studio\n proxies:\n - authnCheck: false\n destination:\n host: label-studio-ls-app.label-studio.svc.cluster.local\n port: 80\n match:\n uri:\n prefix: /label-studio\n
"},{"location":"admin/baize/best-practice/label-studio.html#ai-lab","title":"\u6dfb\u52a0\u5230 AI Lab","text":"\u4fee\u6539 CRD \u4e3a GProductNavigator
\u7684 CR baize
\uff0c\u7136\u540e\u5728\u73b0\u6709\u914d\u7f6e\u4e2d\u8fdb\u884c\u5982\u4e0b\u53d8\u66f4\uff1a
apiVersion: ghippo.io/v1alpha1\nkind: GProductNavigator\nmetadata:\n annotations:\n meta.helm.sh/release-name: baize\n meta.helm.sh/release-namespace: baize-system\n labels:\n app.kubernetes.io/managed-by: Helm\n gProductName: baize\n name: baize\nspec:\n category: cloudnativeai\n gproduct: baize\n iconUrl: ./ui/baize/logo.svg\n isCustom: false\n localizedName:\n en-US: AI Lab\n zh-CN: AI Lab\n menus:\n - iconUrl: ''\n isCustom: false\n localizedName:\n en-US: AI Lab\n zh-CN: AI Lab\n name: workspace-view\n order: 1\n url: ./baize\n visible: true\n - iconUrl: ''\n isCustom: false\n localizedName:\n en-US: Operator\n zh-CN: \u8fd0\u7ef4\u7ba1\u7406\n name: admin-view\n order: 1\n url: ./baize/admin\n visible: true\n # \u6dfb\u52a0\u5f00\u59cb\n - iconUrl: ''\n localizedName:\n en-US: Data Annotation\n zh-CN: \u6570\u636e\u6807\u6ce8\n name: label-studio\n order: 1\n target: blank # \u63a7\u5236\u65b0\u5f00\u9875\n url: https://{\u8bbf\u95ee\u5730\u5740}/label-studio # \u8bbf\u95ee\u5730\u5740\n visible: true\n # \u6dfb\u52a0\u7ed3\u675f\n name: AI Lab\n order: 10\n url: ./baize\n visible: true\n
"},{"location":"admin/baize/best-practice/label-studio.html#_2","title":"\u6dfb\u52a0\u6548\u679c","text":""},{"location":"admin/baize/best-practice/label-studio.html#_3","title":"\u7ed3\u8bed","text":"\u4ee5\u4e0a\uff0c\u5c31\u662f\u5982\u4f55\u6dfb\u52a0 Label Studio \u5e76\u5c06\u5176\u4f5c\u4e3a AI Lab \u7684\u6807\u6ce8\u7ec4\u4ef6\uff0c\u901a\u8fc7\u5c06\u6807\u6ce8\u540e\u7684\u6570\u636e\u6dfb\u52a0\u5230 AI Lab \u7684\u6570\u636e\u96c6\u4e2d\uff0c \u8054\u52a8\u7b97\u6cd5\u5f00\u53d1\uff0c\u5b8c\u5584\u7b97\u6cd5\u5f00\u53d1\u6d41\u7a0b\uff0c\u540e\u7eed\u5982\u4f55\u4f7f\u7528\u8bf7\u5173\u6ce8\u5176\u4ed6\u6587\u6863\u53c2\u8003\u3002
"},{"location":"admin/baize/best-practice/train-with-deepspeed.html","title":"\u5982\u4f55\u63d0\u4ea4 DeepSpeed \u8bad\u7ec3\u4efb\u52a1","text":"\u6839\u636e DeepSpeed \u5b98\u65b9\u6587\u6863\uff0c\u6211\u4eec\u63a8\u8350\u4f7f\u7528\u4fee\u6539\u4ee3\u7801\u7684\u65b9\u5f0f\u5b9e\u73b0\u3002
\u5373\u4f7f\u7528 deepspeed.init_distributed()
\u4ee3\u66ff torch.distributed.init_process_group(...)
\u3002 \u7136\u540e\u8fd0\u884c\u547d\u4ee4\u4f7f\u7528 torchrun
\uff0c\u63d0\u4ea4\u4e3a Pytorch \u5206\u5e03\u5f0f\u4efb\u52a1\uff0c\u65e2\u53ef\u8fd0\u884c DeepSpeed \u4efb\u52a1\u3002
\u662f\u7684\uff0c\u4f60\u53ef\u4ee5\u4f7f\u7528 torchrun
\u8fd0\u884c\u4f60\u7684 DeepSpeed \u8bad\u7ec3\u811a\u672c\u3002 torchrun
\u662f PyTorch \u63d0\u4f9b\u7684\u4e00\u4e2a\u5b9e\u7528\u5de5\u5177\uff0c\u7528\u4e8e\u5206\u5e03\u5f0f\u8bad\u7ec3\u3002\u4f60\u53ef\u4ee5\u7ed3\u5408 torchrun
\u548c DeepSpeed API \u6765\u542f\u52a8\u4f60\u7684\u8bad\u7ec3\u4efb\u52a1\u3002
\u4ee5\u4e0b\u662f\u4e00\u4e2a\u4f7f\u7528 torchrun
\u8fd0\u884c DeepSpeed \u8bad\u7ec3\u811a\u672c\u7684\u793a\u4f8b\uff1a
\u7f16\u5199\u8bad\u7ec3\u811a\u672c\uff1a
train.pyimport torch\nimport deepspeed\nfrom torch.utils.data import DataLoader\n\n# \u6a21\u578b\u548c\u6570\u636e\u52a0\u8f7d\nmodel = YourModel()\ntrain_dataset = YourDataset()\ntrain_dataloader = DataLoader(train_dataset, batch_size=32)\n\n# \u914d\u7f6e\u6587\u4ef6\u8def\u5f84\ndeepspeed_config = \"deepspeed_config.json\"\n\n# \u521b\u5efa DeepSpeed \u8bad\u7ec3\u5f15\u64ce\nmodel_engine, optimizer, _, _ = deepspeed.initialize(\n model=model,\n model_parameters=model.parameters(),\n config_params=deepspeed_config\n)\n\n# \u8bad\u7ec3\u5faa\u73af\nfor batch in train_dataloader:\n loss = model_engine(batch)\n model_engine.backward(loss)\n model_engine.step()\n
\u521b\u5efa DeepSpeed \u914d\u7f6e\u6587\u4ef6\uff1a
deepspeed_config.json{\n \"train_batch_size\": 32,\n \"gradient_accumulation_steps\": 1,\n \"fp16\": {\n \"enabled\": true,\n \"loss_scale\": 0\n },\n \"optimizer\": {\n \"type\": \"Adam\",\n \"params\": {\n \"lr\": 0.00015,\n \"betas\": [0.9, 0.999],\n \"eps\": 1e-08,\n \"weight_decay\": 0\n }\n }\n}\n
\u4f7f\u7528 torchrun
\u6216\u8005 baizectl
\u8fd0\u884c\u8bad\u7ec3\u811a\u672c\uff1a
torchrun train.py\n
\u901a\u8fc7\u8fd9\u79cd\u65b9\u5f0f\uff0c\u4f60\u53ef\u4ee5\u7ed3\u5408 PyTorch \u7684\u5206\u5e03\u5f0f\u8bad\u7ec3\u529f\u80fd\u548c DeepSpeed \u7684\u4f18\u5316\u6280\u672f\uff0c\u4ece\u800c\u5b9e\u73b0\u66f4\u9ad8\u6548\u7684\u8bad\u7ec3\u3002 \u60a8\u53ef\u4ee5\u5728 Notebook \u4e2d\uff0c\u4f7f\u7528 baizectl
\u63d0\u4ea4\u547d\u4ee4\uff1a
baizectl job submit --pytorch --workers 2 -- torchrun train.py\n
\u8fd0\u7ef4\u7ba1\u7406\u662f IT \u8fd0\u7ef4\u4eba\u5458\u65e5\u5e38\u7ba1\u7406 IT \u8d44\u6e90\uff0c\u5904\u7406\u5de5\u4f5c\u7684\u7a7a\u95f4\u3002
\u5728\u8fd9\u91cc\u53ef\u4ee5\u76f4\u89c2\u5730\u4e86\u89e3\u5f53\u524d\u96c6\u7fa4\u3001\u8282\u70b9\u3001CPU\u3001GPU\u3001vGPU \u7b49\u8d44\u6e90\u7684\u4f7f\u7528\u72b6\u51b5\u3002
"},{"location":"admin/baize/oam/index.html#_2","title":"\u5e38\u89c1\u672f\u8bed","text":"\u81ea\u52a8\u5316\u6c47\u603b\u6574\u4e2a\u5e73\u53f0\u4e2d\u7684 GPU \u8d44\u6e90\u4fe1\u606f\uff0c\u63d0\u4f9b\u8be6\u5c3d\u7684 GPU \u8bbe\u5907\u4fe1\u606f\u5c55\u793a\uff0c\u53ef\u67e5\u770b\u5404\u79cd GPU \u5361\u7684\u8d1f\u8f7d\u7edf\u8ba1\u548c\u4efb\u52a1\u8fd0\u884c\u4fe1\u606f\u3002
\u8fdb\u5165 \u8fd0\u7ef4\u7ba1\u7406 \u540e\uff0c\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u7684 \u8d44\u6e90\u7ba1\u7406 -> GPU \u7ba1\u7406 \uff0c\u53ef\u4ee5\u67e5\u770b GPU \u5361\u548c\u4efb\u52a1\u4fe1\u606f\u3002
"},{"location":"admin/baize/oam/queue/create.html","title":"\u521b\u5efa\u961f\u5217","text":"\u5728\u8fd0\u7ef4\u7ba1\u7406\u6a21\u5f0f\u4e2d\uff0c\u961f\u5217\u53ef\u7528\u4e8e\u8c03\u5ea6\u548c\u4f18\u5316\u6279\u5904\u7406\u5de5\u4f5c\u8d1f\u8f7d\uff0c\u5b83\u53ef\u4ee5\u6709\u6548\u5730\u7ba1\u7406\u5728\u96c6\u7fa4\u4e0a\u8fd0\u884c\u7684\u591a\u4e2a\u4efb\u52a1\uff0c\u901a\u8fc7\u961f\u5217\u7cfb\u7edf\u6765\u4f18\u5316\u8d44\u6e90\u5229\u7528\u7387\u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u4e2d\u70b9\u51fb \u961f\u5217\u7ba1\u7406 \uff0c\u70b9\u51fb\u53f3\u4fa7\u7684 \u521b\u5efa \u6309\u94ae\u3002
\u7cfb\u7edf\u4f1a\u9884\u5148\u586b\u5145\u57fa\u7840\u8bbe\u7f6e\u6570\u636e\uff0c\u5305\u62ec\u8981\u90e8\u7f72\u7684\u96c6\u7fa4\u3001\u5de5\u4f5c\u7a7a\u95f4\u3001\u6392\u961f\u7b56\u7565\u7b49\u3002 \u8c03\u6574\u8fd9\u4e9b\u53c2\u6570\u540e\u70b9\u51fb \u786e\u5b9a \u3002
\u5c4f\u5e55\u63d0\u793a\u521b\u5efa\uff0c\u8fd4\u56de\u961f\u5217\u7ba1\u7406\u5217\u8868\u3002\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507 \uff0c\u53ef\u4ee5\u6267\u884c\u66f4\u65b0\u3001\u5220\u9664\u7b49\u66f4\u591a\u64cd\u4f5c\u3002
\u5728\u8fd0\u7ef4\u7ba1\u7406\u6a21\u5f0f\u4e2d\uff0c\u5982\u679c\u53d1\u73b0\u961f\u5217\u5197\u4f59\u3001\u8fc7\u671f\u6216\u56e0\u5176\u4ed6\u7f18\u6545\u4e0d\u518d\u9700\u8981\uff0c\u53ef\u4ee5\u4ece\u961f\u5217\u5217\u8868\u4e2d\u5220\u9664\u3002
\u5728\u961f\u5217\u5217\u8868\u53f3\u4fa7\u70b9\u51fb \u2507 \uff0c\u5728\u5f39\u51fa\u83dc\u5355\u4e2d\u9009\u62e9 \u5220\u9664 \u3002
\u5728\u5f39\u7a97\u4e2d\u786e\u8ba4\u8981\u5220\u9664\u7684\u961f\u5217\uff0c\u8f93\u5165\u961f\u5217\u540d\u79f0\u540e\u70b9\u51fb \u5220\u9664 \u3002
\u5c4f\u5e55\u63d0\u793a\u5220\u9664\u6210\u529f\uff0c\u8be5\u961f\u5217\u4ece\u5217\u8868\u4e2d\u6d88\u5931\u3002
Caution
\u961f\u5217\u4e00\u65e6\u5220\u9664\u5c06\u4e0d\u53ef\u6062\u590d\uff0c\u8bf7\u8c28\u614e\u64cd\u4f5c\u3002
"},{"location":"admin/baize/troubleshoot/index.html","title":"\u6545\u969c\u6392\u67e5","text":"\u672c\u6587\u5c06\u6301\u7eed\u7edf\u8ba1\u548c\u68b3\u7406 AI Lab \u4f7f\u7528\u8fc7\u7a0b\u53ef\u80fd\u56e0\u73af\u5883\u6216\u64cd\u4f5c\u4e0d\u89c4\u8303\u5f15\u8d77\u7684\u62a5\u9519\uff0c\u4ee5\u53ca\u5728\u4f7f\u7528\u8fc7\u7a0b\u4e2d\u9047\u5230\u67d0\u4e9b\u62a5\u9519\u7684\u95ee\u9898\u5206\u6790\u3001\u89e3\u51b3\u65b9\u6848\u3002
Warning
\u672c\u6587\u6863\u4ec5\u9002\u7528\u4e8e AI \u7b97\u529b\u4e2d\u5fc3\u7248\u672c\uff0c\u82e5\u9047\u5230 AI Lab \u7684\u4f7f\u7528\u95ee\u9898\uff0c\u8bf7\u4f18\u5148\u67e5\u770b\u6b64\u6392\u969c\u624b\u518c\u3002
AI Lab \u5728 AI \u7b97\u529b\u4e2d\u5fc3\u4e2d\u6a21\u5757\u540d\u79f0 baize
\uff0c\u63d0\u4f9b\u4e86\u4e00\u7ad9\u5f0f\u7684\u6a21\u578b\u8bad\u7ec3\u3001\u63a8\u7406\u3001\u6a21\u578b\u7ba1\u7406\u7b49\u529f\u80fd\u3002
\u5728 AI Lab \u5f00\u53d1\u63a7\u5236\u53f0\u3001\u8fd0\u7ef4\u63a7\u5236\u53f0\uff0c\u529f\u80fd\u6a21\u5757\u7684\u96c6\u7fa4\u641c\u7d22\u6761\u4ef6\u7684\u4e0b\u62c9\u5217\u8868\u627e\u4e0d\u5230\u60f3\u8981\u7684\u96c6\u7fa4\u3002
"},{"location":"admin/baize/troubleshoot/cluster-not-found.html#_3","title":"\u95ee\u9898\u5206\u6790","text":"\u5728 AI Lab \u4e2d\uff0c\u96c6\u7fa4\u4e0b\u62c9\u5217\u8868\u5982\u679c\u7f3a\u5c11\u4e86\u60f3\u8981\u7684\u96c6\u7fa4\uff0c\u53ef\u80fd\u662f\u7531\u4e8e\u4ee5\u4e0b\u539f\u56e0\u5bfc\u81f4\u7684\uff1a
baize-agent
\u672a\u5b89\u88c5\u6216\u5b89\u88c5\u4e0d\u6210\u529f\uff0c\u5bfc\u81f4 AI Lab \u65e0\u6cd5\u83b7\u53d6\u96c6\u7fa4\u4fe1\u606fbaize-agent
\u672a\u914d\u7f6e\u96c6\u7fa4\u540d\u79f0\uff0c\u5bfc\u81f4 AI Lab \u65e0\u6cd5\u83b7\u53d6\u96c6\u7fa4\u4fe1\u606fbaize-agent
\u672a\u5b89\u88c5\u6216\u5b89\u88c5\u4e0d\u6210\u529f","text":"AI Lab \u6709\u4e00\u4e9b\u57fa\u7840\u7ec4\u4ef6\u9700\u8981\u5728\u6bcf\u4e2a\u5de5\u4f5c\u96c6\u7fa4\u5185\u8fdb\u884c\u5b89\u88c5\uff0c\u5982\u679c\u5de5\u4f5c\u96c6\u7fa4\u5185\u672a\u5b89\u88c5 baize-agent
\u65f6\uff0c\u53ef\u4ee5\u5728\u754c\u9762\u4e0a\u9009\u62e9\u5b89\u88c5\uff0c\u53ef\u80fd\u4f1a\u5bfc\u81f4\u4e00\u4e9b\u975e\u9884\u671f\u7684\u62a5\u9519\u7b49\u95ee\u9898\u3002
\u6240\u4ee5\uff0c\u4e3a\u4e86\u4fdd\u969c\u4f7f\u7528\u4f53\u9a8c\uff0c\u53ef\u9009\u62e9\u7684\u96c6\u7fa4\u8303\u56f4\u4ec5\u5305\u542b\u4e86\u5df2\u7ecf\u6210\u529f\u5b89\u88c5\u4e86 baize-agent
\u7684\u96c6\u7fa4\u3002
\u5982\u679c\u662f\u56e0\u4e3a baize-agent
\u672a\u5b89\u88c5\u6216\u5b89\u88c5\u5931\u8d25\uff0c\u5219\u4f7f\u7528 \u5bb9\u5668\u7ba1\u7406 -> \u96c6\u7fa4\u7ba1\u7406 -> Helm \u5e94\u7528 -> Helm \u6a21\u677f \uff0c\u627e\u5230 baize-agent
\u5e76\u5b89\u88c5\u3002
Note
\u6b64\u5730\u5740\u5feb\u901f\u8df3\u8f6c https://<ai_host>/kpanda/clusters/<cluster_name>/helm/charts/addon/baize-agent
\u3002 \u6ce8\u610f\u5c06 <ai_host>
\u66ff\u6362\u4e3a\u5b9e\u9645\u7684 AI \u7b97\u529b\u4e2d\u5fc3\u63a7\u5236\u53f0\u5730\u5740\uff0c<cluster_name>
\u66ff\u6362\u4e3a\u5b9e\u9645\u7684\u96c6\u7fa4\u540d\u79f0\u3002
baize-agent
\u65f6\u672a\u914d\u7f6e\u96c6\u7fa4\u540d\u79f0","text":"\u5728\u5b89\u88c5 baize-agent
\u65f6\uff0c\u9700\u8981\u6ce8\u610f\u914d\u7f6e\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u8fd9\u4e2a\u540d\u79f0\u4f1a\u7528\u4e8e\u53ef\u89c2\u6d4b\u6307\u6807\u91c7\u96c6\uff0c \u9ed8\u8ba4\u4e3a\u7a7a\uff0c\u9700\u624b\u5de5\u914d\u7f6e \u3002
\u5982\u679c\u96c6\u7fa4\u5185\u53ef\u89c2\u6d4b\u7ec4\u4ef6\u5f02\u5e38\uff0c\u53ef\u80fd\u4f1a\u5bfc\u81f4 AI Lab \u65e0\u6cd5\u83b7\u53d6\u96c6\u7fa4\u4fe1\u606f\uff0c\u8bf7\u68c0\u67e5\u5e73\u53f0\u7684\u53ef\u89c2\u6d4b\u670d\u52a1\u662f\u5426\u6b63\u5e38\u8fd0\u884c\u53ca\u914d\u7f6e\u3002
\u5728\u521b\u5efa Notebook\u3001\u8bad\u7ec3\u4efb\u52a1\u6216\u8005\u63a8\u7406\u670d\u52a1\u65f6\uff0c\u5f53\u961f\u5217\u662f\u9996\u6b21\u5728\u8be5\u547d\u540d\u7a7a\u95f4\u4f7f\u7528\u65f6\uff0c\u4f1a\u63d0\u793a\u9700\u8981\u4e00\u952e\u521d\u59cb\u5316\u961f\u5217\uff0c\u4f46\u662f\u521d\u59cb\u5316\u5931\u8d25\u3002
"},{"location":"admin/baize/troubleshoot/local-queue-initialization-failed.html#_3","title":"\u95ee\u9898\u5206\u6790","text":"\u5728 AI Lab \u4e2d\uff0c\u961f\u5217\u7ba1\u7406\u80fd\u529b\u7531 Kueue \u63d0\u4f9b\uff0c \u800c Kueue \u63d0\u4f9b\u4e86 \u4e24\u79cd\u961f\u5217\u7ba1\u7406\u8d44\u6e90\uff1a
\u5728 AI Lab \u4e2d\uff0c\u5982\u679c\u521b\u5efa\u670d\u52a1\u65f6\uff0c\u53d1\u73b0\u6307\u5b9a\u7684\u547d\u540d\u7a7a\u95f4\u4e0d\u5b58\u5728 LocalQueue
\uff0c\u5219\u4f1a\u63d0\u793a\u9700\u8981\u521d\u59cb\u5316\u961f\u5217\u3002
\u5728\u6781\u5c11\u6570\u60c5\u51b5\u4e0b\uff0c\u53ef\u80fd\u7531\u4e8e\u7279\u6b8a\u539f\u56e0\u4f1a\u5bfc\u81f4 LocalQueue
\u521d\u59cb\u5316\u5931\u8d25\u3002
\u68c0\u67e5 Kueue \u662f\u5426\u6b63\u5e38\u8fd0\u884c\uff0c\u5982\u679c kueue-controller-manager
\u672a\u8fd0\u884c\uff0c\u53ef\u4ee5\u901a\u8fc7\u4ee5\u4e0b\u547d\u4ee4\u67e5\u770b\u3002
kubectl get deploy kueue-controller-manager -n baize-sysatem\n
\u5982\u679c kueue-controller-manager
\u672a\u6b63\u5e38\u8fd0\u884c\uff0c\u8bf7\u5148\u4fee\u590d Kueue\u3002
\u5728 AI Lab \u4e2d\uff0c\u7528\u6237\u5728\u521b\u5efa Notebook \u65f6\uff0c\u53d1\u73b0\u9009\u62e9\u7684\u961f\u5217\u5373\u4f7f\u8d44\u6e90\u4e0d\u8db3\uff0cNotebook \u4f9d\u7136\u53ef\u4ee5\u521b\u5efa\u6210\u529f\u3002
"},{"location":"admin/baize/troubleshoot/notebook-not-controlled-by-quotas.html#01-kubernetes","title":"\u95ee\u9898 01: Kubernetes \u7248\u672c\u4e0d\u652f\u6301","text":"\u5206\u6790\uff1a
AI Lab \u4e2d\u7684\u961f\u5217\u7ba1\u7406\u80fd\u529b\u7531 Kueue \u63d0\u4f9b\uff0c Notebook \u670d\u52a1\u662f\u901a\u8fc7 JupyterHub \u63d0\u4f9b\u7684\u3002 JupyterHub \u5bf9 Kubernetes \u7684\u7248\u672c\u8981\u6c42\u8f83\u9ad8\uff0c\u5bf9\u4e8e\u4f4e\u4e8e v1.27 \u7684\u7248\u672c\uff0c\u5373\u4f7f\u5728 AI \u7b97\u529b\u4e2d\u5fc3\u4e2d\u8bbe\u7f6e\u4e86\u961f\u5217\u914d\u989d\uff0c \u7528\u6237\u5728\u521b\u5efa Notebook \u65f6\u4e5f\u9009\u62e9\u4e86\u914d\u989d\uff0c\u4f46 Notebook \u5b9e\u9645\u4e5f\u4e0d\u4f1a\u53d7\u5230\u961f\u5217\u914d\u989d\u7684\u9650\u5236\u3002
\u89e3\u51b3\u529e\u6cd5\uff1a\u63d0\u524d\u89c4\u5212\uff0c\u751f\u4ea7\u73af\u5883\u4e2d\u5efa\u8bae\u4f7f\u7528 Kubernetes \u7248\u672c v1.27
\u4ee5\u4e0a\u3002
\u53c2\u8003\u8d44\u6599\uff1aJupyter Notebook Documentation
\u5206\u6790\uff1a
\u5f53 Kubernetes \u96c6\u7fa4\u7248\u672c \u5927\u4e8e v1.27 \u65f6\uff0cNotebook \u4ecd\u65e0\u6cd5\u53d7\u5230\u961f\u5217\u914d\u989d\u7684\u9650\u5236\u3002
\u8fd9\u662f\u56e0\u4e3a\uff0cKueue \u9700\u8981\u542f\u7528\u5bf9 enablePlainPod
\u652f\u6301\uff0c\u624d\u4f1a\u5bf9 Notebook \u670d\u52a1\u751f\u6548\u3002
\u89e3\u51b3\u529e\u6cd5\uff1a\u5728\u5de5\u4f5c\u96c6\u7fa4\u4e2d\u90e8\u7f72 baize-agent
\u65f6\uff0c\u542f\u7528 Kueue \u5bf9 enablePlainPod
\u7684\u652f\u6301\u3002
\u53c2\u8003\u8d44\u6599\uff1aRun Plain Pods as a Kueue-Managed Job
\u5982\u679c\u60a8\u5fd8\u8bb0\u5bc6\u7801\uff0c\u53ef\u4ee5\u6309\u672c\u9875\u9762\u8bf4\u660e\u91cd\u7f6e\u5bc6\u7801\u3002
"},{"location":"admin/ghippo/password.html#_2","title":"\u91cd\u7f6e\u5bc6\u7801\u6b65\u9aa4","text":"\u7ba1\u7406\u5458\u6700\u521d\u521b\u5efa\u4e00\u4e2a\u7528\u6237\u65f6\uff0c\u4f1a\u4e3a\u5176\u8bbe\u7f6e\u7528\u6237\u540d\u548c\u5bc6\u7801\u3002 \u8be5\u7528\u6237\u767b\u5f55\u540e\uff0c\u5728 \u4e2a\u4eba\u4e2d\u5fc3 \u586b\u5199\u90ae\u7bb1\u5e76\u4fee\u6539\u5bc6\u7801\u3002 \u82e5\u8be5\u7528\u6237\u672a\u8bbe\u7f6e\u90ae\u7bb1\uff0c\u5219\u53ea\u80fd\u8054\u7cfb\u7ba1\u7406\u5458\u8fdb\u884c\u5bc6\u7801\u91cd\u7f6e\u3002
\u5982\u679c\u7528\u6237\u5fd8\u8bb0\u4e86\u5bc6\u7801\uff0c\u53ef\u4ee5\u5728\u767b\u5f55\u754c\u9762\u70b9\u51fb \u5fd8\u8bb0\u5bc6\u7801 \u3002
\u8f93\u5165\u767b\u5f55\u90ae\u7bb1\uff0c\u70b9\u51fb \u63d0\u4ea4 \u3002
\u5728\u90ae\u7bb1\u4e2d\u627e\u5230\u5bc6\u7801\u91cd\u7f6e\u90ae\u4ef6\uff0c\u70b9\u51fb\u4e0b\u65b9\u94fe\u63a5\u8fdb\u884c\u5bc6\u7801\u91cd\u7f6e\uff0c\u94fe\u63a5\u65f6\u6548 5 \u5206\u949f\u3002
\u5728\u624b\u673a\u7b49\u7ec8\u7aef\u8bbe\u5907\u5b89\u88c5\u652f\u6301 2FA \u52a8\u6001\u53e3\u4ee4\u751f\u6210\u7684\u5e94\u7528\uff08\u5982 Google Authenticator\uff09\uff0c\u6309\u7167\u9875\u9762\u63d0\u793a\u914d\u7f6e\u52a8\u6001\u53e3\u4ee4\u4ee5\u6fc0\u6d3b\u8d26\u6237\uff0c\u70b9\u51fb \u63d0\u4ea4 \u3002
\u8bbe\u7f6e\u65b0\u5bc6\u7801\uff0c\u70b9\u51fb \u63d0\u4ea4 \u3002\u8bbe\u7f6e\u65b0\u5bc6\u7801\u7684\u8981\u6c42\u4e0e\u521b\u5efa\u7528\u6237\u65f6\u7684\u5bc6\u7801\u89c4\u5219\u4e00\u81f4\u3002
\u4fee\u6539\u5bc6\u7801\u6210\u529f\uff0c\u76f4\u63a5\u8df3\u8f6c\u9996\u9875\u3002
\u6574\u4e2a\u5bc6\u7801\u91cd\u7f6e\u7684\u6d41\u7a0b\u793a\u610f\u56fe\u5982\u4e0b\u3002
graph TB\n\npass[\u5fd8\u8bb0\u5bc6\u7801] --> usern[\u8f93\u5165\u7528\u6237\u540d]\n--> button[\u70b9\u51fb\u53d1\u9001\u9a8c\u8bc1\u90ae\u4ef6\u7684\u6309\u94ae] --> judge1[\u5224\u65ad\u7528\u6237\u540d\u662f\u5426\u6b63\u786e]\n\n judge1 -.\u6b63\u786e.-> judge2[\u5224\u65ad\u662f\u5426\u7ed1\u5b9a\u90ae\u7bb1]\n judge1 -.\u9519\u8bef.-> tip1[\u63d0\u793a\u7528\u6237\u540d\u4e0d\u6b63\u786e]\n\n judge2 -.\u5df2\u7ed1\u5b9a\u90ae\u7bb1.-> send[\u53d1\u9001\u91cd\u7f6e\u90ae\u4ef6]\n judge2 -.\u672a\u7ed1\u5b9a\u90ae\u7bb1.-> tip2[\u63d0\u793a\u672a\u7ed1\u5b9a\u90ae\u7bb1<br>\u8054\u7cfb\u7ba1\u7406\u5458\u91cd\u7f6e\u5bc6\u7801]\n\nsend --> click[\u70b9\u51fb\u90ae\u4ef6\u4e2d\u7684\u94fe\u63a5] --> config[\u914d\u7f6e\u52a8\u6001\u53e3\u4ee4] --> reset[\u91cd\u7f6e\u5bc6\u7801]\n--> success[\u6210\u529f\u91cd\u7f6e\u5bc6\u7801]\n\nclassDef plain fill:#ddd,stroke:#fff,stroke-width:1px,color:#000;\nclassDef k8s fill:#326ce5,stroke:#fff,stroke-width:1px,color:#fff;\nclassDef cluster fill:#fff,stroke:#bbb,stroke-width:1px,color:#326ce5;\n\nclass pass,usern,button,tip1,send,tip2,send,click,config,reset,success plain;\nclass judge1,judge2 k8s
"},{"location":"admin/ghippo/access-control/custom-role.html","title":"\u81ea\u5b9a\u4e49\u89d2\u8272","text":"\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u652f\u6301\u521b\u5efa\u4e09\u79cd\u8303\u56f4\u7684\u81ea\u5b9a\u4e49\u89d2\u8272\uff1a
\u5e73\u53f0\u89d2\u8272\u662f\u7c97\u7c92\u5ea6\u89d2\u8272\uff0c\u80fd\u591f\u5bf9\u6240\u9009\u6743\u9650\u5185\u7684\u6240\u6709\u8d44\u6e90\u751f\u6548\u3002\u5982\u6388\u6743\u540e\u7528\u6237\u53ef\u4ee5\u62e5\u6709\u6240\u6709\u5de5\u4f5c\u7a7a\u95f4\u7684\u67e5\u770b\u6743\u9650\u3001\u6240\u6709\u96c6\u7fa4\u7684\u7f16\u8f91\u6743\u9650\u7b49\uff0c\u800c\u4e0d\u80fd\u9488\u5bf9\u67d0\u4e2a\u5de5\u4f5c\u7a7a\u95f4\u6216\u67d0\u4e2a\u96c6\u7fa4\u751f\u6548\u3002\u5e73\u53f0\u89d2\u8272\u521b\u5efa\u5b8c\u6210\u540e\u53ef\u4ee5\u5728\u7528\u6237/\u7528\u6237\u7ec4\u5217\u8868\u4e2d\u8fdb\u884c\u6388\u6743\u3002
\u4ece\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u5168\u5c40\u7ba1\u7406 -> \u7528\u6237\u4e0e\u8bbf\u95ee\u63a7\u5236 -> \u89d2\u8272 \uff0c\u70b9\u51fb \u521b\u5efa\u81ea\u5b9a\u4e49\u89d2\u8272 \u3002
\u8f93\u5165\u540d\u79f0\u3001\u63cf\u8ff0\uff0c\u9009\u62e9 \u5e73\u53f0\u89d2\u8272 \uff0c\u52fe\u9009\u89d2\u8272\u6743\u9650\u540e\u70b9\u51fb \u786e\u5b9a \u3002
\u8fd4\u56de\u89d2\u8272\u5217\u8868\uff0c\u641c\u7d22\u521a\u521b\u5efa\u7684\u81ea\u5b9a\u4e49\u89d2\u8272\uff0c\u70b9\u51fb\u53f3\u4fa7\u7684 \u2507 \uff0c\u53ef\u4ee5\u6267\u884c\u590d\u5236\u3001\u7f16\u8f91\u548c\u5220\u9664\u7b49\u64cd\u4f5c\u3002
\u5e73\u53f0\u89d2\u8272\u521b\u5efa\u6210\u529f\u540e\uff0c\u53ef\u4ee5\u53bb\u7528\u6237/\u7528\u6237\u7ec4\u6388\u6743\uff0c\u4e3a\u8fd9\u4e2a\u89d2\u8272\u6dfb\u52a0\u7528\u6237\u548c\u7528\u6237\u7ec4\u3002
\u5de5\u4f5c\u7a7a\u95f4\u89d2\u8272\u662f\u7ec6\u7c92\u5ea6\u89d2\u8272\uff0c\u9488\u5bf9\u67d0\u4e2a\u5de5\u4f5c\u7a7a\u95f4\u751f\u6548\u3002\u5982\u5728\u8be5\u89d2\u8272\u4e2d\u9009\u62e9\u5e94\u7528\u5de5\u4f5c\u53f0\u7684\u5168\u90e8\u6743\u9650\uff0c\u7ed9\u7528\u6237\u5728\u67d0\u4e2a\u5de5\u4f5c\u7a7a\u95f4\u4e0b\u6388\u4e88\u8be5\u89d2\u8272\u540e\uff0c\u8be5\u7528\u6237\u5c06\u4ec5\u80fd\u5728\u8be5\u5de5\u4f5c\u7a7a\u95f4\u4e0b\u4f7f\u7528\u5e94\u7528\u5de5\u4f5c\u53f0\u76f8\u5173\u7684\u529f\u80fd\uff0c\u800c\u65e0\u6cd5\u4f7f\u7528\u5982\u5fae\u670d\u52a1\u5f15\u64ce\u3001\u4e2d\u95f4\u4ef6\u7b49\u5176\u4ed6\u6a21\u5757\u7684\u80fd\u529b\u3002\u5de5\u4f5c\u7a7a\u95f4\u89d2\u8272\u521b\u5efa\u5b8c\u6210\u540e\uff0c\u53ef\u4ee5\u5728\u5de5\u4f5c\u7a7a\u95f4\u4e0e\u5c42\u7ea7\u4e2d\u9009\u62e9\u5de5\u4f5c\u7a7a\u95f4\u540e\u8fdb\u884c\u6388\u6743\u3002
\u4ece\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u5168\u5c40\u7ba1\u7406 -> \u7528\u6237\u4e0e\u8bbf\u95ee\u63a7\u5236 -> \u89d2\u8272 \uff0c\u70b9\u51fb \u521b\u5efa\u81ea\u5b9a\u4e49\u89d2\u8272 \u3002
\u8f93\u5165\u540d\u79f0\u3001\u63cf\u8ff0\uff0c\u9009\u62e9 \u5de5\u4f5c\u7a7a\u95f4\u89d2\u8272 \uff0c\u52fe\u9009\u89d2\u8272\u6743\u9650\u540e\u70b9\u51fb \u786e\u5b9a \u3002
\u8fd4\u56de\u89d2\u8272\u5217\u8868\uff0c\u641c\u7d22\u521a\u521b\u5efa\u7684\u81ea\u5b9a\u4e49\u89d2\u8272\uff0c\u70b9\u51fb\u53f3\u4fa7\u7684 \u2507 \uff0c\u53ef\u4ee5\u6267\u884c\u590d\u5236\u3001\u7f16\u8f91\u548c\u5220\u9664\u7b49\u64cd\u4f5c\u3002
\u5de5\u4f5c\u7a7a\u95f4\u89d2\u8272\u521b\u5efa\u6210\u529f\u540e\uff0c\u53ef\u4ee5\u53bb\u5de5\u4f5c\u7a7a\u95f4\u6388\u6743\uff0c\u8bbe\u5b9a\u8fd9\u4e2a\u89d2\u8272\u53ef\u4ee5\u7ba1\u7406\u54ea\u4e9b\u5de5\u4f5c\u7a7a\u95f4\u3002
\u6587\u4ef6\u5939\u89d2\u8272\u9488\u5bf9\u67d0\u4e2a\u6587\u4ef6\u5939\u548c\u8be5\u6587\u4ef6\u5939\u4e0b\u7684\u6240\u6709\u5b50\u6587\u4ef6\u5939\u53ca\u5de5\u4f5c\u7a7a\u95f4\u751f\u6548\u3002\u5982\u5728\u8be5\u89d2\u8272\u4e2d\u9009\u62e9\u5168\u5c40\u7ba1\u7406-\u5de5\u4f5c\u7a7a\u95f4\u548c\u5e94\u7528\u5de5\u4f5c\u53f0\uff0c\u7ed9\u7528\u6237\u5728\u67d0\u4e2a\u6587\u4ef6\u5939\u4e0b\u6388\u4e88\u8be5\u89d2\u8272\u540e\uff0c\u8be5\u7528\u6237\u5c06\u80fd\u591f\u5728\u5176\u4e0b\u7684\u6240\u6709\u5de5\u4f5c\u7a7a\u95f4\u4e2d\u4f7f\u7528\u5e94\u7528\u5de5\u4f5c\u53f0\u7684\u76f8\u5173\u529f\u80fd\uff0c\u800c\u65e0\u6cd5\u4f7f\u7528\u5982\u5fae\u670d\u52a1\u5f15\u64ce\u3001\u4e2d\u95f4\u4ef6\u7b49\u5176\u4ed6\u6a21\u5757\u7684\u80fd\u529b\u3002\u6587\u4ef6\u5939\u89d2\u8272\u521b\u5efa\u5b8c\u6210\u540e\uff0c\u53ef\u4ee5\u5728\u5de5\u4f5c\u7a7a\u95f4\u4e0e\u5c42\u7ea7\u4e2d\u9009\u62e9\u6587\u4ef6\u5939\u540e\u8fdb\u884c\u6388\u6743\u3002 \u8bf7\u6ce8\u610f\uff1a\u5e94\u7528\u5de5\u4f5c\u53f0\u3001\u591a\u4e91\u7f16\u6392\u3001\u955c\u50cf\u4ed3\u5e93\u3001\u5fae\u670d\u52a1\u5f15\u64ce\u3001\u670d\u52a1\u7f51\u683c\u548c\u4e2d\u95f4\u4ef6\u5747\u4f9d\u8d56\u4e8e\u5de5\u4f5c\u7a7a\u95f4\uff0c\u56e0\u6b64\u5728\u521b\u5efa\u6587\u4ef6\u5939\u89d2\u8272\u65f6\u5927\u90e8\u5206\u573a\u666f\u4e0b\u9700\u8981\u7528\u5230\u5de5\u4f5c\u7a7a\u95f4\uff0c\u8bf7\u6ce8\u610f\u5728\u5168\u5c40\u7ba1\u7406-\u5de5\u4f5c\u7a7a\u95f4\u4e0b\u52fe\u9009\u3002
\u4ece\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u5168\u5c40\u7ba1\u7406 -> \u7528\u6237\u4e0e\u8bbf\u95ee\u63a7\u5236 -> \u89d2\u8272 \uff0c\u70b9\u51fb \u521b\u5efa\u81ea\u5b9a\u4e49\u89d2\u8272 \u3002
\u8f93\u5165\u540d\u79f0\u3001\u63cf\u8ff0\uff0c\u9009\u62e9 \u6587\u4ef6\u5939\u89d2\u8272 \uff0c\u52fe\u9009\u89d2\u8272\u6743\u9650\u540e\u70b9\u51fb \u786e\u5b9a \u3002
\u8fd4\u56de\u89d2\u8272\u5217\u8868\uff0c\u641c\u7d22\u521a\u521b\u5efa\u7684\u81ea\u5b9a\u4e49\u89d2\u8272\uff0c\u70b9\u51fb\u53f3\u4fa7\u7684 \u2507 \uff0c\u53ef\u4ee5\u6267\u884c\u590d\u5236\u3001\u7f16\u8f91\u548c\u5220\u9664\u7b49\u64cd\u4f5c\u3002
\u6587\u4ef6\u5939\u89d2\u8272\u521b\u5efa\u6210\u529f\u540e\uff0c\u53ef\u4ee5\u53bb\u6587\u4ef6\u5939\u6388\u6743\uff0c\u8bbe\u5b9a\u8fd9\u4e2a\u89d2\u8272\u53ef\u4ee5\u7ba1\u7406\u54ea\u4e9b\u6587\u4ef6\u5939\u3002
\u5f53\u4e24\u4e2a\u6216\u4e24\u4e2a\u4ee5\u4e0a\u5e73\u53f0\u76f8\u4e92\u5bf9\u63a5\u6216\u5d4c\u5165\u65f6\uff0c\u901a\u5e38\u9700\u8981\u8fdb\u884c\u7528\u6237\u4f53\u7cfb\u6253\u901a\u3002 \u5728\u7528\u6237\u6253\u901a\u8fc7\u7a0b\u4e2d\uff0c \u63a5\u5165\u7ba1\u7406 \u4e3b\u8981\u63d0\u4f9b SSO \u63a5\u5165\u80fd\u529b\uff0c\u5f53\u60a8\u9700\u8981\u5c06\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4f5c\u4e3a\u7528\u6237\u6e90\u63a5\u5165\u5ba2\u6237\u7cfb\u7edf\u65f6\uff0c \u60a8\u53ef\u4ee5\u901a\u8fc7 \u63a5\u5165\u7ba1\u7406 \u521b\u5efa SSO \u63a5\u5165\u6765\u5b9e\u73b0\u3002
"},{"location":"admin/ghippo/access-control/docking.html#sso","title":"\u521b\u5efa SSO \u63a5\u5165","text":"\u524d\u63d0\uff1a\u62e5\u6709\u5e73\u53f0\u7ba1\u7406\u5458 Admin \u6743\u9650\u6216\u8005\u7528\u6237\u4e0e\u8bbf\u95ee\u63a7\u5236\u7ba1\u7406\u5458 IAM Owner \u6743\u9650\u3002
\u7ba1\u7406\u5458\u8fdb\u5165 \u7528\u6237\u4e0e\u8bbf\u95ee\u63a7\u5236 \uff0c\u9009\u62e9 \u63a5\u5165\u7ba1\u7406 \uff0c\u8fdb\u5165\u63a5\u5165\u7ba1\u7406\u5217\u8868\uff0c\u70b9\u51fb\u53f3\u4e0a\u65b9\u7684 \u521b\u5efa SSO \u63a5\u5165 \u3002
\u5728 \u521b\u5efa SSO \u63a5\u5165 \u9875\u9762\u586b\u5199\u5ba2\u6237\u7aef ID\u3002
\u521b\u5efa SSO \u63a5\u5165\u6210\u529f\u540e\uff0c\u5728 \u63a5\u5165\u7ba1\u7406 \u7ba1\u7406\u5217\u8868\uff0c\u70b9\u51fb\u521a\u521b\u5efa\u7684\u5ba2\u6237\u7aef ID \u8fdb\u5165\u8be6\u60c5\uff0c \u590d\u5236\u5ba2\u6237\u7aef ID\u3001\u5bc6\u94a5\u548c\u5355\u70b9\u767b\u5f55 URL \u4fe1\u606f\uff0c\u586b\u5199\u81f3\u5ba2\u6237\u7cfb\u7edf\u5b8c\u6210\u7528\u6237\u4f53\u7cfb\u6253\u901a\u3002
Note
realm \u540d\u79f0\u4e3a ghippo\u3002
\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u63d0\u4f9b\u4e86\u9884\u7f6e\u7684\u7cfb\u7edf\u89d2\u8272\uff0c\u5e2e\u52a9\u7528\u6237\u7b80\u5316\u89d2\u8272\u6743\u9650\u7684\u4f7f\u7528\u6b65\u9aa4\u3002
Note
\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u63d0\u4f9b\u4e86\u4e09\u79cd\u7c7b\u578b\u7684\u7cfb\u7edf\u89d2\u8272\uff0c\u5206\u522b\u4e3a\u5e73\u53f0\u89d2\u8272\u3001\u5de5\u4f5c\u7a7a\u95f4\u89d2\u8272\u548c\u6587\u4ef6\u5939\u89d2\u8272\u3002
- \u5e73\u53f0\u89d2\u8272\uff1a\u5bf9\u5e73\u53f0\u4e0a\u6240\u6709\u76f8\u5173\u8d44\u6e90\u5177\u6709\u76f8\u5e94\u6743\u9650\uff0c\u8bf7\u524d\u5f80\u7528\u6237/\u7528\u6237\u7ec4\u6388\u6743\u3002\n- \u5de5\u4f5c\u7a7a\u95f4\u89d2\u8272\uff1a\u5bf9\u67d0\u4e2a\u5de5\u4f5c\u7a7a\u95f4\u5177\u6709\u76f8\u5e94\u6743\u9650\uff0c\u8bf7\u524d\u5f80\u5177\u4f53\u5de5\u4f5c\u7a7a\u95f4\u6388\u6743\u3002\n- \u6587\u4ef6\u5939\u89d2\u8272\uff1a\u5bf9\u67d0\u4e2a\u6587\u4ef6\u5939\u3001\u5b50\u6587\u4ef6\u5939\u53ca\u5176\u5de5\u4f5c\u7a7a\u95f4\u4e0b\u7684\u8d44\u6e90\u5177\u6709\u76f8\u5e94\u6743\u9650\uff0c\u8bf7\u524d\u5f80\u5177\u4f53\u6587\u4ef6\u5939\u6388\u6743\u3002\n
"},{"location":"admin/ghippo/access-control/global.html#_3","title":"\u5e73\u53f0\u89d2\u8272","text":"\u5728\u7528\u6237\u4e0e\u8bbf\u95ee\u63a7\u5236\u4e2d\u9884\u5b9a\u4e49\u4e86 5 \u4e2a\u7cfb\u7edf\u89d2\u8272\uff0c\u5206\u522b\u662f\uff1aAdmin\u3001IAM Owner\u3001Audit Owner\u3001 Kpanda Owner \u548c Workspace and Folder Owner \u3002\u8fd9 5 \u4e2a\u89d2\u8272\u7531\u7cfb\u7edf\u521b\u5efa\uff0c\u7528\u6237\u53ea\u80fd\u4f7f\u7528\u4e0d\u80fd\u4fee\u6539\u3002\u89d2\u8272\u5bf9\u5e94\u7684\u6743\u9650\u5982\u4e0b\uff1a
\u89d2\u8272\u540d\u79f0 \u89d2\u8272\u7c7b\u578b \u6240\u5c5e\u6a21\u5757 \u89d2\u8272\u6743\u9650 Admin \u7cfb\u7edf\u89d2\u8272 \u5168\u90e8 \u5e73\u53f0\u7ba1\u7406\u5458\uff0c\u7ba1\u7406\u6240\u6709\u5e73\u53f0\u8d44\u6e90\uff0c\u4ee3\u8868\u5e73\u53f0\u7684\u6700\u9ad8\u6743\u9650 IAM Owner \u7cfb\u7edf\u89d2\u8272 \u7528\u6237\u4e0e\u8bbf\u95ee\u63a7\u5236 \u7528\u6237\u4e0e\u8bbf\u95ee\u63a7\u5236\u7684\u7ba1\u7406\u5458\uff0c\u62e5\u6709\u8be5\u670d\u52a1\u4e0b\u7684\u6240\u6709\u6743\u9650\uff0c\u5982\u7ba1\u7406\u7528\u6237/\u7528\u6237\u7ec4\u53ca\u6388\u6743 Audit Owner \u7cfb\u7edf\u89d2\u8272 \u5ba1\u8ba1\u65e5\u5fd7 \u5ba1\u8ba1\u65e5\u5fd7\u7684\u7ba1\u7406\u5458\uff0c\u62e5\u6709\u8be5\u670d\u52a1\u4e0b\u7684\u6240\u6709\u6743\u9650\uff0c\u5982\u8bbe\u7f6e\u5ba1\u8ba1\u65e5\u5fd7\u7b56\u7565\uff0c\u5bfc\u51fa\u5ba1\u8ba1\u65e5\u5fd7 Kpanda Owner \u7cfb\u7edf\u89d2\u8272 \u5bb9\u5668\u7ba1\u7406 \u5bb9\u5668\u7ba1\u7406\u7684\u7ba1\u7406\u5458\uff0c\u62e5\u6709\u8be5\u670d\u52a1\u4e0b\u7684\u6240\u6709\u6743\u9650\uff0c\u5982\u521b\u5efa/\u63a5\u5165\u96c6\u7fa4\uff0c\u90e8\u7f72\u5e94\u7528\uff0c\u7ed9\u7528\u6237/\u7528\u6237\u7ec4\u6388\u4e88\u96c6\u7fa4/\u547d\u540d\u7a7a\u95f4\u76f8\u5173\u7684\u6743\u9650 Workspace and Folder Owner \u7cfb\u7edf\u89d2\u8272 \u5de5\u4f5c\u7a7a\u95f4\u4e0e\u5c42\u7ea7 \u5de5\u4f5c\u7a7a\u95f4\u4e0e\u5c42\u7ea7\u7ba1\u7406\u5458\uff0c\u62e5\u6709\u8be5\u670d\u52a1\u4e0b\u7684\u6240\u6709\u6743\u9650\uff0c\u5982\u521b\u5efa\u6587\u4ef6\u5939/\u5de5\u4f5c\u7a7a\u95f4\uff0c\u7ed9\u7528\u6237/\u7528\u6237\u7ec4\u6388\u6743\u6587\u4ef6\u5939/\u5de5\u4f5c\u7a7a\u95f4\u7684\u76f8\u5173\u6743\u9650\uff0c\u5728\u5de5\u4f5c\u7a7a\u95f4\u4e0b\u4f7f\u7528\u5e94\u7528\u5de5\u4f5c\u53f0\u3001\u5fae\u670d\u52a1\u5f15\u64ce\u7b49\u529f\u80fd"},{"location":"admin/ghippo/access-control/global.html#_4","title":"\u5de5\u4f5c\u7a7a\u95f4\u89d2\u8272","text":"\u5728\u7528\u6237\u4e0e\u8bbf\u95ee\u63a7\u5236\u4e2d\u9884\u5b9a\u4e49\u4e86 3 \u4e2a\u7cfb\u7edf\u89d2\u8272\uff0c\u5206\u522b\u662f\uff1aWorkspace Admin\u3001Workspace Editor\u3001Workspace Viewer\u3002\u8fd9 3 \u4e2a\u89d2\u8272\u7531\u7cfb\u7edf\u521b\u5efa\uff0c\u7528\u6237\u53ea\u80fd\u4f7f\u7528\u4e0d\u80fd\u4fee\u6539\u3002\u89d2\u8272\u5bf9\u5e94\u7684\u6743\u9650\u5982\u4e0b\uff1a
\u89d2\u8272\u540d\u79f0 \u89d2\u8272\u7c7b\u578b \u6240\u5c5e\u6a21\u5757 \u89d2\u8272\u6743\u9650 Workspace Admin \u7cfb\u7edf\u89d2\u8272 \u5de5\u4f5c\u7a7a\u95f4 \u5de5\u4f5c\u7a7a\u95f4\u7684\u7ba1\u7406\u6743\u9650 Workspace Editor \u7cfb\u7edf\u89d2\u8272 \u5de5\u4f5c\u7a7a\u95f4 \u5de5\u4f5c\u7a7a\u95f4\u7684\u7f16\u8f91\u6743\u9650 Workspace Viewer \u7cfb\u7edf\u89d2\u8272 \u5de5\u4f5c\u7a7a\u95f4 \u5de5\u4f5c\u7a7a\u95f4\u7684\u53ea\u8bfb\u6743\u9650"},{"location":"admin/ghippo/access-control/global.html#_5","title":"\u6587\u4ef6\u5939\u89d2\u8272","text":"\u5728\u7528\u6237\u4e0e\u8bbf\u95ee\u63a7\u5236\u4e2d\u9884\u5b9a\u4e49\u4e86 3 \u4e2a\u7cfb\u7edf\u89d2\u8272\uff0c\u5206\u522b\u662f\uff1aFolder Admin\u3001Folder Editor\u3001Folder Viewer\u3002\u8fd9 3 \u4e2a\u89d2\u8272\u7531\u7cfb\u7edf\u521b\u5efa\uff0c\u7528\u6237\u53ea\u80fd\u4f7f\u7528\u4e0d\u80fd\u4fee\u6539\u3002\u89d2\u8272\u5bf9\u5e94\u7684\u6743\u9650\u5982\u4e0b\uff1a
\u89d2\u8272\u540d\u79f0 \u89d2\u8272\u7c7b\u578b \u6240\u5c5e\u6a21\u5757 \u89d2\u8272\u6743\u9650 Folder Admin \u7cfb\u7edf\u89d2\u8272 \u5de5\u4f5c\u7a7a\u95f4 \u6587\u4ef6\u5939\u53ca\u5176\u4e0b\u5b50\u6587\u4ef6\u5939\u3001\u5de5\u4f5c\u7a7a\u95f4\u7684\u7ba1\u7406\u6743\u9650 Folder Editor \u7cfb\u7edf\u89d2\u8272 \u5de5\u4f5c\u7a7a\u95f4 \u6587\u4ef6\u5939\u53ca\u5176\u4e0b\u5b50\u6587\u4ef6\u5939\u3001\u5de5\u4f5c\u7a7a\u95f4\u7684\u7f16\u8f91\u6743\u9650 Folder Viewer \u7cfb\u7edf\u89d2\u8272 \u5de5\u4f5c\u7a7a\u95f4 \u6587\u4ef6\u5939\u53ca\u5176\u4e0b\u5b50\u6587\u4ef6\u5939\u3001\u5de5\u4f5c\u7a7a\u95f4\u7684\u53ea\u8bfb\u6743\u9650"},{"location":"admin/ghippo/access-control/group.html","title":"\u7528\u6237\u7ec4","text":"\u7528\u6237\u7ec4\u662f\u7528\u6237\u7684\u96c6\u5408\uff0c\u7528\u6237\u53ef\u4ee5\u901a\u8fc7\u52a0\u5165\u7528\u6237\u7ec4\uff0c\u7ee7\u627f\u7528\u6237\u7ec4\u7684\u89d2\u8272\u6743\u9650\u3002\u901a\u8fc7\u7528\u6237\u7ec4\u6279\u91cf\u5730\u7ed9\u7528\u6237\u8fdb\u884c\u6388\u6743\uff0c\u53ef\u4ee5\u66f4\u597d\u5730\u7ba1\u7406\u7528\u6237\u53ca\u5176\u6743\u9650\u3002
"},{"location":"admin/ghippo/access-control/group.html#_2","title":"\u9002\u7528\u573a\u666f","text":"\u5f53\u7528\u6237\u6743\u9650\u53d1\u751f\u53d8\u5316\u65f6\uff0c\u53ea\u9700\u5c06\u5176\u79fb\u5230\u76f8\u5e94\u7684\u7528\u6237\u7ec4\u4e0b\uff0c\u4e0d\u4f1a\u5bf9\u5176\u4ed6\u7528\u6237\u4ea7\u751f\u5f71\u54cd\u3002
\u5f53\u7528\u6237\u7ec4\u7684\u6743\u9650\u53d1\u751f\u53d8\u5316\u65f6\uff0c\u53ea\u9700\u4fee\u6539\u7528\u6237\u7ec4\u7684\u89d2\u8272\u6743\u9650\uff0c\u5373\u53ef\u5e94\u7528\u5230\u7ec4\u5185\u7684\u6240\u6709\u7528\u6237\u3002
"},{"location":"admin/ghippo/access-control/group.html#_3","title":"\u521b\u5efa\u7528\u6237\u7ec4","text":"\u524d\u63d0\uff1a\u62e5\u6709\u5e73\u53f0\u7ba1\u7406\u5458 Admin \u6743\u9650\u6216\u8005\u7528\u6237\u4e0e\u8bbf\u95ee\u63a7\u5236\u7ba1\u7406\u5458 IAM Owner \u6743\u9650\u3002
\u7ba1\u7406\u5458\u8fdb\u5165 \u7528\u6237\u4e0e\u8bbf\u95ee\u63a7\u5236 \uff0c\u9009\u62e9 \u7528\u6237\u7ec4 \uff0c\u8fdb\u5165\u7528\u6237\u7ec4\u5217\u8868\uff0c\u70b9\u51fb\u53f3\u4e0a\u65b9\u7684 \u521b\u5efa\u7528\u6237\u7ec4 \u3002
\u5728 \u521b\u5efa\u7528\u6237\u7ec4 \u9875\u9762\u586b\u5199\u7528\u6237\u7ec4\u4fe1\u606f\u3002
\u70b9\u51fb \u786e\u5b9a \uff0c\u521b\u5efa\u7528\u6237\u7ec4\u6210\u529f\uff0c\u8fd4\u56de\u7528\u6237\u7ec4\u5217\u8868\u9875\u9762\u3002\u5217\u8868\u4e2d\u7684\u7b2c\u4e00\u884c\u662f\u65b0\u521b\u5efa\u7684\u7528\u6237\u7ec4\u3002
\u524d\u63d0\uff1a\u8be5\u7528\u6237\u7ec4\u5df2\u5b58\u5728\u3002
\u7ba1\u7406\u5458\u8fdb\u5165 \u7528\u6237\u4e0e\u8bbf\u95ee\u63a7\u5236 \uff0c\u9009\u62e9 \u7528\u6237\u7ec4 \uff0c\u8fdb\u5165\u7528\u6237\u7ec4\u5217\u8868\uff0c\u70b9\u51fb ... -> \u6388\u6743 \u3002
\u5728 \u6388\u6743 \u9875\u9762\u52fe\u9009\u9700\u8981\u7684\u89d2\u8272\u6743\u9650\uff08\u53ef\u591a\u9009\uff09\u3002
\u70b9\u51fb \u786e\u5b9a \u5b8c\u6210\u4e3a\u7528\u6237\u7ec4\u7684\u6388\u6743\u3002\u81ea\u52a8\u8fd4\u56de\u7528\u6237\u7ec4\u5217\u8868\uff0c\u70b9\u51fb\u67d0\u4e2a\u7528\u6237\u7ec4\uff0c\u53ef\u4ee5\u67e5\u770b\u7528\u6237\u7ec4\u88ab\u6388\u4e88\u7684\u6743\u9650\u3002
\u7ba1\u7406\u5458\u8fdb\u5165 \u7528\u6237\u4e0e\u8bbf\u95ee\u63a7\u5236 \uff0c\u9009\u62e9 \u7528\u6237\u7ec4 \u8fdb\u5165\u7528\u6237\u7ec4\u5217\u8868\uff0c\u5728\u67d0\u4e2a\u7528\u6237\u7ec4\u53f3\u4fa7\uff0c\u70b9\u51fb ... -> \u6dfb\u52a0\u7528\u6237 \u3002
\u5728 \u6dfb\u52a0\u7528\u6237 \u9875\u9762\u70b9\u9009\u9700\u8981\u6dfb\u52a0\u7684\u7528\u6237\uff08\u53ef\u591a\u9009\uff09\u3002\u82e5\u6ca1\u6709\u53ef\u9009\u7684\u7528\u6237\uff0c\u70b9\u51fb \u524d\u5f80\u521b\u5efa\u65b0\u7528\u6237 \uff0c\u5148\u524d\u5f80\u521b\u5efa\u7528\u6237\uff0c\u518d\u8fd4\u56de\u8be5\u9875\u9762\u70b9\u51fb \u5237\u65b0 \u6309\u94ae\uff0c\u663e\u793a\u521a\u521b\u5efa\u7684\u7528\u6237\u3002
\u70b9\u51fb \u786e\u5b9a \u5b8c\u6210\u7ed9\u7528\u6237\u7ec4\u6dfb\u52a0\u7528\u6237\u3002
Note
\u7528\u6237\u7ec4\u4e2d\u7684\u7528\u6237\u4f1a\u7ee7\u627f\u7528\u6237\u7ec4\u7684\u6743\u9650\uff1b\u53ef\u4ee5\u5728\u7528\u6237\u7ec4\u8be6\u60c5\u4e2d\u67e5\u770b\u52a0\u5165\u8be5\u7ec4\u7684\u7528\u6237\u3002
"},{"location":"admin/ghippo/access-control/group.html#_6","title":"\u5220\u9664\u7528\u6237\u7ec4","text":"\u8bf4\u660e\uff1a\u5220\u9664\u7528\u6237\u7ec4\uff0c\u4e0d\u4f1a\u5220\u9664\u7ec4\u5185\u7684\u7528\u6237\uff0c\u4f46\u7ec4\u5185\u7528\u6237\u5c06\u65e0\u6cd5\u518d\u7ee7\u627f\u8be5\u7ec4\u7684\u6743\u9650
\u7ba1\u7406\u5458\u8fdb\u5165 \u7528\u6237\u4e0e\u8bbf\u95ee\u63a7\u5236 \uff0c\u9009\u62e9 \u7528\u6237\u7ec4 \u8fdb\u5165\u7528\u6237\u7ec4\u5217\u8868\uff0c\u5728\u67d0\u4e2a\u7528\u6237\u7ec4\u53f3\u4fa7\uff0c\u70b9\u51fb ... -> \u5220\u9664 \u3002
\u70b9\u51fb \u79fb\u9664 \u5220\u9664\u7528\u6237\u7ec4\u3002
\u8fd4\u56de\u7528\u6237\u7ec4\u5217\u8868\uff0c\u5c4f\u5e55\u4e0a\u65b9\u5c06\u63d0\u793a\u5220\u9664\u6210\u529f\u3002
Note
\u8bf4\u660e\uff1a\u5220\u9664\u7528\u6237\u7ec4\uff0c\u4e0d\u4f1a\u5220\u9664\u7ec4\u5185\u7684\u7528\u6237\uff0c\u4f46\u7ec4\u5185\u7528\u6237\u5c06\u65e0\u6cd5\u518d\u7ee7\u627f\u8be5\u7ec4\u7684\u6743\u9650\u3002
"},{"location":"admin/ghippo/access-control/iam.html","title":"\u4ec0\u4e48\u662f\u7528\u6237\u4e0e\u8bbf\u95ee\u63a7\u5236","text":"IAM\uff08Identity and Access Management\uff0c\u7528\u6237\u4e0e\u8bbf\u95ee\u63a7\u5236\uff09\u662f\u5168\u5c40\u7ba1\u7406\u7684\u4e00\u4e2a\u91cd\u8981\u6a21\u5757\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7\u7528\u6237\u4e0e\u8bbf\u95ee\u63a7\u5236\u6a21\u5757\u521b\u5efa\u3001\u7ba1\u7406\u548c\u9500\u6bc1\u7528\u6237\uff08\u7528\u6237\u7ec4\uff09\uff0c\u5e76\u4f7f\u7528\u7cfb\u7edf\u89d2\u8272\u548c\u81ea\u5b9a\u4e49\u89d2\u8272\u63a7\u5236\u5176\u4ed6\u7528\u6237\u4f7f\u7528\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u7684\u6743\u9650\u3002
"},{"location":"admin/ghippo/access-control/iam.html#_2","title":"\u4f18\u52bf","text":"\u7b80\u6d01\u6d41\u7545
\u4f01\u4e1a\u5185\u90e8\u7684\u7ed3\u6784\u548c\u89d2\u8272\u53ef\u80fd\u975e\u5e38\u590d\u6742\uff0c\u9879\u76ee\u3001\u5de5\u4f5c\u5c0f\u7ec4\u53ca\u6388\u6743\u7684\u7ba1\u7406\u90fd\u5728\u4e0d\u65ad\u5730\u53d8\u5316\u3002\u7528\u6237\u4e0e\u8bbf\u95ee\u63a7\u5236\u91c7\u7528\u6e05\u6670\u6574\u6d01\u7684\u9875\u9762\uff0c\u6253\u901a\u7528\u6237\u3001\u7528\u6237\u7ec4\u3001\u89d2\u8272\u4e4b\u95f4\u7684\u6388\u6743\u5173\u7cfb\uff0c\u4ee5\u6700\u77ed\u94fe\u8def\u5b9e\u73b0\u5bf9\u7528\u6237\uff08\u7528\u6237\u7ec4\uff09\u7684\u6388\u6743\u3002
\u9002\u5f53\u7684\u89d2\u8272
\u7528\u6237\u4e0e\u8bbf\u95ee\u63a7\u5236\u4e3a\u6bcf\u4e2a\u5b50\u6a21\u5757\u9884\u5b9a\u4e49\u4e86\u4e00\u4e2a\u7ba1\u7406\u5458\u89d2\u8272\uff0c\u65e0\u9700\u7528\u6237\u7ef4\u62a4\uff0c\u60a8\u53ef\u4ee5\u76f4\u63a5\u5c06\u5e73\u53f0\u9884\u5b9a\u4e49\u7684\u7cfb\u7edf\u89d2\u8272\u6388\u6743\u7ed9\u7528\u6237\uff0c\u5b9e\u73b0\u5e73\u53f0\u7684\u6a21\u5757\u5316\u7ba1\u7406\uff08\u7ec6\u7c92\u5ea6\u6743\u9650\u8bf7\u53c2\u9605\u6743\u9650\u7ba1\u7406\u3002
\u4f01\u4e1a\u7ea7\u8bbf\u95ee\u63a7\u5236
\u5f53\u60a8\u5e0c\u671b\u672c\u4f01\u4e1a\u5458\u5de5\u53ef\u4ee5\u4f7f\u7528\u4f01\u4e1a\u5185\u90e8\u7684\u8ba4\u8bc1\u7cfb\u7edf\u767b\u5f55\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\uff0c\u800c\u4e0d\u9700\u8981\u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u521b\u5efa\u5bf9\u5e94\u7684\u7528\u6237\uff0c\u60a8\u53ef\u4ee5\u4f7f\u7528\u7528\u6237\u4e0e\u8bbf\u95ee\u63a7\u5236\u7684\u8eab\u4efd\u63d0\u4f9b\u5546\u529f\u80fd\uff0c\u5efa\u7acb\u60a8\u6240\u5728\u4f01\u4e1a\u4e0e\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u7684\u4fe1\u4efb\u5173\u7cfb\uff0c\u901a\u8fc7\u8054\u5408\u8ba4\u8bc1\u4f7f\u5458\u5de5\u4f7f\u7528\u4f01\u4e1a\u5df2\u6709\u8d26\u53f7\u76f4\u63a5\u767b\u5f55\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\uff0c\u5b9e\u73b0\u5355\u70b9\u767b\u5f55\u3002
\u6709\u5173\u8bbf\u95ee\u63a7\u5236\u7684\u5e38\u89c4\u6d41\u7a0b\u4e3a\uff1a
graph TD\n login[\u767b\u5f55] --> user[\u521b\u5efa\u7528\u6237]\n user --> auth[\u4e3a\u7528\u6237\u6388\u6743]\n auth --> group[\u521b\u5efa\u7528\u6237\u7ec4]\n group --> role[\u521b\u5efa\u81ea\u5b9a\u4e49\u89d2\u8272]\n role --> id[\u521b\u5efa\u8eab\u4efd\u63d0\u4f9b\u5546]\n\n classDef plain fill:#ddd,stroke:#fff,stroke-width:4px,color:#000;\n classDef k8s fill:#326ce5,stroke:#fff,stroke-width:4px,color:#fff;\n classDef cluster fill:#fff,stroke:#bbb,stroke-width:1px,color:#326ce5;\n class login,user,auth,group,role,id cluster;
"},{"location":"admin/ghippo/access-control/idprovider.html","title":"\u8eab\u4efd\u63d0\u4f9b\u5546","text":"\u5168\u5c40\u7ba1\u7406\u652f\u6301\u57fa\u4e8e LDAP \u548c OIDC \u534f\u8bae\u7684\u5355\u70b9\u767b\u5f55\uff0c\u5982\u679c\u60a8\u7684\u4f01\u4e1a\u6216\u7ec4\u7ec7\u5df2\u6709\u81ea\u5df1\u7684\u8d26\u53f7\u4f53\u7cfb\uff0c\u540c\u65f6\u5e0c\u671b\u7ba1\u7406\u7ec4\u7ec7\u5185\u7684\u6210\u5458\u4f7f\u7528\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u8d44\u6e90\uff0c\u60a8\u53ef\u4ee5\u4f7f\u7528\u5168\u5c40\u7ba1\u7406\u63d0\u4f9b\u7684\u8eab\u4efd\u63d0\u4f9b\u5546\u529f\u80fd\uff0c\u800c\u4e0d\u5fc5\u5728\u60a8\u7684\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4e2d\u4e3a\u6bcf\u4e00\u4f4d\u7ec4\u7ec7\u6210\u5458\u521b\u5efa\u7528\u6237\u540d/\u5bc6\u7801\u3002\u60a8\u53ef\u4ee5\u5411\u8fd9\u4e9b\u5916\u90e8\u7528\u6237\u8eab\u4efd\u6388\u4e88\u4f7f\u7528\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u8d44\u6e90\u7684\u6743\u9650\u3002
"},{"location":"admin/ghippo/access-control/idprovider.html#_2","title":"\u57fa\u672c\u6982\u5ff5","text":"\u8eab\u4efd\u63d0\u4f9b\u5546\uff08Identity Provider\uff0c\u7b80\u79f0 IdP\uff09
\u8d1f\u8d23\u6536\u96c6\u548c\u5b58\u50a8\u7528\u6237\u8eab\u4efd\u4fe1\u606f\u3001\u7528\u6237\u540d\u3001\u5bc6\u7801\u7b49\uff0c\u5728\u7528\u6237\u767b\u5f55\u65f6\u8d1f\u8d23\u8ba4\u8bc1\u7528\u6237\u7684\u670d\u52a1\u3002\u5728\u4f01\u4e1a\u4e0e\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u8fdb\u884c\u8eab\u4efd\u8ba4\u8bc1\u7684\u8fc7\u7a0b\u4e2d\uff0c\u8eab\u4efd\u63d0\u4f9b\u5546\u6307\u4f01\u4e1a\u81ea\u8eab\u7684\u8eab\u4efd\u63d0\u4f9b\u5546\u3002
\u670d\u52a1\u63d0\u4f9b\u5546\uff08Service Provider\uff0c\u7b80\u79f0 SP\uff09
\u670d\u52a1\u63d0\u4f9b\u5546\u901a\u8fc7\u4e0e\u8eab\u4efd\u63d0\u4f9b\u5546 IdP \u5efa\u7acb\u4fe1\u4efb\u5173\u7cfb\uff0c\u4f7f\u7528 IDP \u63d0\u4f9b\u7684\u7528\u6237\u4fe1\u606f\uff0c\u4e3a\u7528\u6237\u63d0\u4f9b\u5177\u4f53\u7684\u670d\u52a1\u3002\u5728\u4f01\u4e1a\u4e0e\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u8fdb\u884c\u8eab\u4efd\u8ba4\u8bc1\u7684\u8fc7\u7a0b\u4e2d\uff0c\u670d\u52a1\u63d0\u4f9b\u5546\u6307 \u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u3002
LDAP
LDAP \u6307\u8f7b\u578b\u76ee\u5f55\u8bbf\u95ee\u534f\u8bae\uff08Lightweight Directory Access Protocol\uff09\uff0c\u5e38\u7528\u4e8e\u5355\u70b9\u767b\u5f55\uff0c\u5373\u7528\u6237\u53ef\u4ee5\u5728\u591a\u4e2a\u670d\u52a1\u4e2d\u4f7f\u7528\u4e00\u4e2a\u8d26\u53f7\u5bc6\u7801\u8fdb\u884c\u767b\u5f55\u3002\u5168\u5c40\u7ba1\u7406\u652f\u6301 LDAP \u8fdb\u884c\u8eab\u4efd\u8ba4\u8bc1\uff0c\u56e0\u6b64\u4e0e\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u901a\u8fc7 LDAP \u534f\u8bae\u5efa\u7acb\u8eab\u4efd\u8ba4\u8bc1\u7684\u4f01\u4e1a IdP \u5fc5\u987b\u652f\u6301 LDAP \u534f\u8bae\u3002\u5173\u4e8e LDAP \u7684\u8be6\u7ec6\u63cf\u8ff0\u8bf7\u53c2\u89c1\uff1a\u6b22\u8fce\u4f7f\u7528 LDAP\u3002
OIDC
OIDC \u662f OpenID Connect \u7684\u7b80\u79f0\uff0c\u662f\u4e00\u4e2a\u57fa\u4e8e OAuth 2.0 \u534f\u8bae\u7684\u8eab\u4efd\u8ba4\u8bc1\u6807\u51c6\u534f\u8bae\u3002\u5168\u5c40\u7ba1\u7406\u652f\u6301\u4f7f\u7528 OIDC \u534f\u8bae\u8fdb\u884c\u8eab\u4efd\u8ba4\u8bc1\uff0c\u56e0\u6b64\u4e0e\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u901a\u8fc7 OIDC \u534f\u8bae\u5efa\u7acb\u8eab\u4efd\u8ba4\u8bc1\u7684\u4f01\u4e1a IdP \u5fc5\u987b\u652f\u6301 OIDC \u534f\u8bae\u3002\u5173\u4e8e OIDC \u7684\u8be6\u7ec6\u63cf\u8ff0\u8bf7\u53c2\u89c1\uff1a\u6b22\u8fce\u4f7f\u7528 OpenID Connect\u3002
OAuth 2.0
OAuth 2.0 \u662f Open Authorization 2.0 \u7684\u7b80\u79f0\uff0c\u662f\u4e00\u79cd\u5f00\u653e\u6388\u6743\u534f\u8bae\uff0c\u6388\u6743\u6846\u67b6\u652f\u6301\u7b2c\u4e09\u65b9\u5e94\u7528\u7a0b\u5e8f\u4ee5\u81ea\u5df1\u7684\u540d\u4e49\u83b7\u53d6\u8bbf\u95ee\u6743\u9650\u3002
\u7ba1\u7406\u5458\u65e0\u9700\u91cd\u65b0\u521b\u5efa\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u7528\u6237
\u4f7f\u7528\u8eab\u4efd\u63d0\u4f9b\u5546\u8fdb\u884c\u8eab\u4efd\u8ba4\u8bc1\u524d\uff0c\u7ba1\u7406\u5458\u9700\u8981\u5728\u4f01\u4e1a\u7ba1\u7406\u7cfb\u7edf\u548c\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4e2d\u5206\u522b\u4e3a\u7528\u6237\u521b\u5efa\u8d26\u53f7\uff1b\u4f7f\u7528\u8eab\u4efd\u63d0\u4f9b\u5546\u8fdb\u884c\u8eab\u4efd\u8ba4\u8bc1\u540e\uff0c\u4f01\u4e1a\u7ba1\u7406\u5458\u53ea\u9700\u8981\u5728\u4f01\u4e1a\u7ba1\u7406\u7cfb\u7edf\u4e2d\u4e3a\u7528\u6237\u521b\u5efa\u8d26\u53f7\uff0c\u7528\u6237\u5373\u53ef\u540c\u65f6\u8bbf\u95ee\u4e24\u4e2a\u7cfb\u7edf\uff0c\u964d\u4f4e\u4e86\u4eba\u5458\u7ba1\u7406\u6210\u672c\u3002
\u7528\u6237\u65e0\u9700\u8bb0\u4f4f\u4e24\u5957\u5e73\u53f0\u8d26\u53f7
\u4f7f\u7528\u8eab\u4efd\u63d0\u4f9b\u5546\u8fdb\u884c\u8eab\u4efd\u8ba4\u8bc1\u524d\uff0c\u7528\u6237\u8bbf\u95ee\u4f01\u4e1a\u7ba1\u7406\u7cfb\u7edf\u548c\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u9700\u8981\u4f7f\u7528\u4e24\u4e2a\u7cfb\u7edf\u7684\u8d26\u53f7\u767b\u5f55\uff1b\u4f7f\u7528\u8eab\u4efd\u63d0\u4f9b\u5546\u8fdb\u884c\u8eab\u4efd\u8ba4\u8bc1\u540e\uff0c\u7528\u6237\u5728\u672c\u4f01\u4e1a\u7ba1\u7406\u7cfb\u7edf\u4e2d\u767b\u5f55\u5373\u53ef\u8bbf\u95ee\u4e24\u4e2a\u7cfb\u7edf\u3002
LDAP \u82f1\u6587\u5168\u79f0\u4e3a Lightweight Directory Access Protocol\uff0c\u5373\u8f7b\u578b\u76ee\u5f55\u8bbf\u95ee\u534f\u8bae\uff0c\u8fd9\u662f\u4e00\u4e2a\u5f00\u653e\u7684\u3001\u4e2d\u7acb\u7684\u5de5\u4e1a\u6807\u51c6\u5e94\u7528\u534f\u8bae\uff0c \u901a\u8fc7 IP \u534f\u8bae\u63d0\u4f9b\u8bbf\u95ee\u63a7\u5236\u548c\u7ef4\u62a4\u5206\u5e03\u5f0f\u4fe1\u606f\u7684\u76ee\u5f55\u4fe1\u606f\u3002
\u5982\u679c\u60a8\u7684\u4f01\u4e1a\u6216\u7ec4\u7ec7\u5df2\u6709\u81ea\u5df1\u7684\u8d26\u53f7\u4f53\u7cfb\uff0c\u540c\u65f6\u60a8\u7684\u4f01\u4e1a\u7528\u6237\u7ba1\u7406\u7cfb\u7edf\u652f\u6301 LDAP \u534f\u8bae\uff0c\u5c31\u53ef\u4ee5\u4f7f\u7528\u5168\u5c40\u7ba1\u7406\u63d0\u4f9b\u7684\u57fa\u4e8e LDAP \u534f\u8bae\u7684\u8eab\u4efd\u63d0\u4f9b\u5546\u529f\u80fd\uff0c\u800c\u4e0d\u5fc5\u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4e2d\u4e3a\u6bcf\u4e00\u4f4d\u7ec4\u7ec7\u6210\u5458\u521b\u5efa\u7528\u6237\u540d/\u5bc6\u7801\u3002 \u60a8\u53ef\u4ee5\u5411\u8fd9\u4e9b\u5916\u90e8\u7528\u6237\u8eab\u4efd\u6388\u4e88\u4f7f\u7528\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u8d44\u6e90\u7684\u6743\u9650\u3002
\u5728\u5168\u5c40\u7ba1\u7406\u4e2d\uff0c\u5176\u64cd\u4f5c\u6b65\u9aa4\u5982\u4e0b\uff1a
\u4f7f\u7528\u5177\u6709 admin \u89d2\u8272\u7684\u7528\u6237\u767b\u5f55 AI \u7b97\u529b\u5e73\u53f0\u3002\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u5de6\u4e0b\u89d2\u7684 \u5168\u5c40\u7ba1\u7406 -> \u7528\u6237\u4e0e\u8bbf\u95ee\u63a7\u5236 \u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u8eab\u4efd\u63d0\u4f9b\u5546 \uff0c\u70b9\u51fb \u521b\u5efa\u8eab\u4efd\u63d0\u4f9b\u5546 \u6309\u94ae\u3002
\u5728 LDAP \u9875\u7b7e\u4e2d\uff0c\u586b\u5199\u4ee5\u4e0b\u5b57\u6bb5\u540e\u70b9\u51fb \u4fdd\u5b58 \uff0c\u5efa\u7acb\u4e0e\u8eab\u4efd\u63d0\u4f9b\u5546\u7684\u4fe1\u4efb\u5173\u7cfb\u53ca\u7528\u6237\u7684\u6620\u5c04\u5173\u7cfb\u3002
\u5b57\u6bb5 \u63cf\u8ff0 \u7c7b\u578b\uff08Vendor\uff09 \u652f\u6301 LDAP (Lightweight Directory Access Protocol) \u548c AD (Active Directory) \u8eab\u4efd\u63d0\u4f9b\u5546\u540d\u79f0\uff08UI display name\uff09 \u7528\u4e8e\u533a\u5206\u4e0d\u540c\u7684\u8eab\u4efd\u63d0\u4f9b\u5546 \u670d\u52a1\u5668\uff08Connection URL\uff09 LDAP \u670d\u52a1\u7684\u5730\u5740\u548c\u7aef\u53e3\u53f7\uff0c\u5982 ldap://10.6.165.2:30061 \u7528\u6237\u540d\u79f0\uff08Bind DN\uff09 LDAP \u7ba1\u7406\u5458\u7684 DN\uff0cKeycloak \u5c06\u4f7f\u7528\u8be5 DN \u6765\u8bbf\u95ee LDAP \u670d\u52a1\u5668 \u5bc6\u7801\uff08Bind credentials\uff09 LDAP \u7ba1\u7406\u5458\u7684\u5bc6\u7801\u3002\u8be5\u5b57\u6bb5\u53ef\u4ee5\u4ece vault \u4e2d\u83b7\u53d6\u5176\u503c\uff0c\u4f7f\u7528 ${vault.ID} \u683c\u5f0f\u3002 \u7528\u6237 DN\uff08Users DN\uff09 \u60a8\u7684\u7528\u6237\u6240\u5728\u7684 LDAP \u6811\u7684\u5b8c\u6574 DN\u3002\u6b64 DN \u662f LDAP \u7528\u6237\u7684\u7236\u7ea7\u3002\u4f8b\u5982\uff0c\u5047\u8bbe\u60a8\u7684\u5178\u578b\u7528\u6237\u7684 DN \u7c7b\u4f3c\u4e8e\u201cuid='john',ou=users,dc=example,dc=com\u201d\uff0c\u5219\u53ef\u4ee5\u662f\u201cou=users,dc=example,dc=com\u201d\u3002 \u7528\u6237\u5bf9\u8c61\u7c7b\uff08User object classes\uff09 LDAP \u4e2d\u7528\u6237\u7684 LDAP objectClass \u5c5e\u6027\u7684\u6240\u6709\u503c\uff0c\u4ee5\u9017\u53f7\u5206\u9694\u3002\u4f8b\u5982\uff1a\u201cinetOrgPerson\uff0corganizationalPerson\u201d\u3002\u65b0\u521b\u5efa\u7684 Keycloak \u7528\u6237\u5c06\u4e0e\u6240\u6709\u8fd9\u4e9b\u5bf9\u8c61\u7c7b\u4e00\u8d77\u5199\u5165 L\u200b\u200bDAP\uff0c\u5e76\u4e14\u53ea\u8981\u73b0\u6709 LDAP \u7528\u6237\u8bb0\u5f55\u5305\u542b\u6240\u6709\u8fd9\u4e9b\u5bf9\u8c61\u7c7b\uff0c\u5c31\u4f1a\u627e\u5230\u5b83\u4eec\u3002 \u662f\u5426\u542f\u7528TLS\uff08Enable StartTLS\uff09 \u542f\u7528\u540e\u5c06\u52a0\u5bc6\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4e0e LDAP \u7684\u8fde\u63a5 \u9884\u8bbe\u6743\u9650\uff08Default permission\uff09 \u540c\u6b65\u540e\u7684\u7528\u6237/\u7528\u6237\u7ec4\u9ed8\u8ba4\u6ca1\u6709\u4efb\u4f55\u6743\u9650 \u5168\u540d\u6620\u5c04\uff08First/Last name mapping\uff09 \u5bf9\u5e94 First name \u548c Last Name \u7528\u6237\u540d\u6620\u5c04\uff08User name mapping\uff09 \u7528\u6237\u552f\u4e00\u7684\u7528\u6237\u540d \u90ae\u7bb1\u6620\u5c04\uff08Mailbox mapping\uff09 \u7528\u6237\u7684\u90ae\u7bb1\u9ad8\u7ea7\u914d\u7f6e
\u5b57\u6bb5 \u63cf\u8ff0 \u662f\u5426\u542f\u7528\uff08Enable or not\uff09 \u9ed8\u8ba4\u542f\u7528\uff0c\u5173\u95ed\u540e\u8be5 LDAP \u914d\u7f6e\u4e0d\u751f\u6548 \u81ea\u52a8\u540c\u6b65\u7528\u6237\uff08Periodic full sync\uff09 \u9ed8\u8ba4\u4e0d\u542f\u7528\uff0c\u542f\u7528\u540e\u53ef\u914d\u7f6e\u540c\u6b65\u5468\u671f\uff0c\u5982\u6bcf\u5c0f\u65f6\u540c\u6b65\u4e00\u6b21 \u6570\u636e\u540c\u6b65\u6a21\u5f0f\uff08Edit mode\uff09 \u53ea\u8bfb\u6a21\u5f0f\u4e0d\u4f1a\u4fee\u6539 LDAP \u7684\u6e90\u6570\u636e\uff1b\u5199\u5165\u6a21\u5f0f\u5728\u5e73\u53f0\u7f16\u8f91\u7528\u6237\u4fe1\u606f\u540e\uff0c\u6570\u636e\u5c06\u540c\u6b65\u56deLDAP \u8bfb\u53d6\u8d85\u65f6\uff08Read timeout\uff09 \u5f53LDAP\u6570\u636e\u91cf\u8f83\u5927\u65f6\uff0c\u8c03\u6574\u8be5\u6570\u503c\u53ef\u4ee5\u6709\u6548\u907f\u514d\u63a5\u53e3\u8d85\u65f6 \u7528\u6237\u5bf9\u8c61\u8fc7\u6ee4\u5668\uff08User LDAP filter\uff09 \u7528\u4e8e\u8fc7\u6ee4\u641c\u7d22\u7528\u6237\u7684\u9644\u52a0 LDAP \u8fc7\u6ee4\u5668\u3002\u5982\u679c\u60a8\u4e0d\u9700\u8981\u989d\u5916\u7684\u8fc7\u6ee4\u5668\uff0c\u8bf7\u5c06\u5176\u7559\u7a7a\u3002\u786e\u4fdd\u5b83\u4ee5\u201c(\u201d\u5f00\u5934\uff0c\u5e76\u4ee5\u201c)\u201d\u7ed3\u5c3e\u3002 \u7528\u6237\u540d\u5c5e\u6027\uff08Username LDAP attribute\uff09 LDAP \u5c5e\u6027\u7684\u540d\u79f0\uff0c\u6620\u5c04\u4e3a Keycloak \u7528\u6237\u540d\u3002\u5bf9\u4e8e\u8bb8\u591a LDAP \u670d\u52a1\u5668\u4f9b\u5e94\u5546\u6765\u8bf4\uff0c\u5b83\u53ef\u4ee5\u662f\u201cuid\u201d\u3002\u5bf9\u4e8e Active Directory\uff0c\u5b83\u53ef\u4ee5\u662f\u201csAMAccountName\u201d\u6216\u201ccn\u201d\u3002\u5e94\u4e3a\u60a8\u60f3\u8981\u4ece LDAP \u5bfc\u5165\u5230 Keycloak \u7684\u6240\u6709 LDAP \u7528\u6237\u8bb0\u5f55\u586b\u5199\u8be5\u5c5e\u6027\u3002 RDN\u5c5e\u6027\uff08RDN LDAP attribute\uff09 LDAP \u5c5e\u6027\u540d\u79f0\uff0c\u4f5c\u4e3a\u5178\u578b\u7528\u6237DN\u7684RDN\uff08\u9876\u7ea7\u5c5e\u6027\uff09\u3002\u901a\u5e38\u5b83\u4e0e\u7528\u6237\u540d LDAP \u5c5e\u6027\u76f8\u540c\uff0c\u4f46\u8fd9\u4e0d\u662f\u5fc5\u9700\u7684\u3002\u4f8b\u5982\uff0c\u5bf9\u4e8e Active Directory\uff0c\u5f53\u7528\u6237\u540d\u5c5e\u6027\u53ef\u80fd\u662f\u201csAMAccountName\u201d\u65f6\uff0c\u901a\u5e38\u4f7f\u7528\u201ccn\u201d\u4f5c\u4e3a RDN \u5c5e\u6027\u3002 UUID\u5c5e\u6027\uff08UUID LDAP attribute\uff09 LDAP \u5c5e\u6027\u7684\u540d\u79f0\uff0c\u7528\u4f5c LDAP \u4e2d\u5bf9\u8c61\u7684\u552f\u4e00\u5bf9\u8c61\u6807\u8bc6\u7b26 (UUID)\u3002\u5bf9\u4e8e\u8bb8\u591a LDAP \u670d\u52a1\u5668\u4f9b\u5e94\u5546\u6765\u8bf4\uff0c\u5b83\u662f\u201centryUUID\u201d\uff1b\u7136\u800c\u6709\u4e9b\u662f\u4e0d\u540c\u7684\u3002\u4f8b\u5982\uff0c\u5bf9\u4e8e Active Directory\uff0c\u5b83\u5e94\u8be5\u662f\u201cobjectGUID\u201d\u3002\u5982\u679c\u60a8\u7684 LDAP \u670d\u52a1\u5668\u4e0d\u652f\u6301 UUID \u6982\u5ff5\uff0c\u60a8\u53ef\u4ee5\u4f7f\u7528\u5728\u6811\u4e2d\u7684 LDAP \u7528\u6237\u4e4b\u95f4\u5e94\u8be5\u552f\u4e00\u7684\u4efb\u4f55\u5176\u4ed6\u5c5e\u6027\u3002\u4f8b\u5982\u201cuid\u201d\u6216\u201centryDN\u201d\u3002\u5728 \u540c\u6b65\u7528\u6237\u7ec4 \u9875\u7b7e\u4e2d\uff0c\u586b\u5199\u4ee5\u4e0b\u5b57\u6bb5\u914d\u7f6e\u7528\u6237\u7ec4\u7684\u6620\u5c04\u5173\u7cfb\u540e\uff0c\u518d\u6b21\u70b9\u51fb \u4fdd\u5b58 \u3002
\u5b57\u6bb5 \u63cf\u8ff0 \u4e3e\u4f8b\u503c \u57fa\u51c6 DN \u7528\u6237\u7ec4\u5728 LDAP \u6811\u72b6\u7ed3\u6784\u4e2d\u7684\u4f4d\u7f6e ou=groups,dc=example,dc=org \u7528\u6237\u7ec4\u5bf9\u8c61\u8fc7\u6ee4\u5668 \u7528\u6237\u7ec4\u7684\u5bf9\u8c61\u7c7b\uff0c\u5982\u679c\u9700\u8981\u66f4\u591a\u7c7b\uff0c\u5219\u7528\u9017\u53f7\u5206\u9694\u3002\u5728\u5178\u578b\u7684 LDAP \u90e8\u7f72\u4e2d\uff0c\u901a\u5e38\u662f \u201cgroupOfNames\u201d\uff0c\u7cfb\u7edf\u5df2\u81ea\u52a8\u586b\u5165\uff0c\u5982\u9700\u66f4\u6539\u8bf7\u76f4\u63a5\u7f16\u8f91\u3002* \u8868\u793a\u6240\u6709\u3002 * \u7528\u6237\u7ec4\u540d cn \u4e0d\u53ef\u66f4\u6539Note
\u5982\u679c\u60a8\u7684\u4f01\u4e1a\u6216\u7ec4\u7ec7\u4e2d\u7684\u6210\u5458\u5747\u7ba1\u7406\u5728\u4f01\u4e1a\u5fae\u4fe1\u4e2d\uff0c\u60a8\u53ef\u4ee5\u4f7f\u7528\u5168\u5c40\u7ba1\u7406\u63d0\u4f9b\u7684\u57fa\u4e8e OAuth 2.0 \u534f\u8bae\u7684\u8eab\u4efd\u63d0\u4f9b\u5546\u529f\u80fd\uff0c \u800c\u4e0d\u5fc5\u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4e2d\u4e3a\u6bcf\u4e00\u4f4d\u7ec4\u7ec7\u6210\u5458\u521b\u5efa\u7528\u6237\u540d/\u5bc6\u7801\u3002 \u60a8\u53ef\u4ee5\u5411\u8fd9\u4e9b\u5916\u90e8\u7528\u6237\u8eab\u4efd\u6388\u4e88\u4f7f\u7528\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u8d44\u6e90\u7684\u6743\u9650\u3002
"},{"location":"admin/ghippo/access-control/oauth2.0.html#_1","title":"\u64cd\u4f5c\u6b65\u9aa4","text":"\u4f7f\u7528\u5177\u6709 Admin \u89d2\u8272\u7684\u7528\u6237\u767b\u5f55 AI \u7b97\u529b\u5e73\u53f0\u3002\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u5e95\u90e8\u7684 \u5168\u5c40\u7ba1\u7406 -> \u7528\u6237\u4e0e\u8bbf\u95ee\u63a7\u5236 \u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u9009\u62e9 \u8eab\u4efd\u63d0\u4f9b\u5546 \uff0c\u70b9\u51fb OAuth2.0 \u9875\u7b7e\u3002\u586b\u5199\u8868\u5355\u5b57\u6bb5\uff0c\u5efa\u7acb\u4e0e\u4f01\u4e1a\u5fae\u4fe1\u7684\u4fe1\u4efb\u5173\u7cfb\u540e\uff0c\u70b9\u51fb \u4fdd\u5b58 \u3002
Note
\u5bf9\u63a5\u524d\u9700\u8981\u5728\u4f01\u4e1a\u5fae\u4fe1\u7ba1\u7406\u540e\u53f0\u4e2d\u521b\u5efa\u81ea\u5efa\u5e94\u7528\uff0c\u53c2\u9605\u5982\u4f55\u521b\u5efa\u81ea\u5efa\u5e94\u7528\u94fe\u63a5\u3002
\u5b57\u6bb5 \u63cf\u8ff0 \u4f01\u4e1a ID \u4f01\u4e1a\u5fae\u4fe1\u7684 ID Agent ID \u81ea\u5efa\u5e94\u7528\u7684 ID ClientSecret \u81ea\u5efa\u5e94\u7528\u7684 Secret\u4f01\u4e1a\u5fae\u4fe1 ID\uff1a
Agent ID \u548c ClientSecret\uff1a
"},{"location":"admin/ghippo/access-control/oidc.html","title":"\u521b\u5efa\u548c\u7ba1\u7406 OIDC","text":"OIDC\uff08OpenID Connect\uff09\u662f\u5efa\u7acb\u5728 OAuth 2.0 \u57fa\u7840\u4e0a\u7684\u4e00\u4e2a\u8eab\u4efd\u5c42\uff0c\u662f\u57fa\u4e8e OAuth2 \u534f\u8bae\u7684\u8eab\u4efd\u8ba4\u8bc1\u6807\u51c6\u534f\u8bae\u3002
\u5982\u679c\u60a8\u7684\u4f01\u4e1a\u6216\u7ec4\u7ec7\u5df2\u6709\u81ea\u5df1\u7684\u8d26\u53f7\u4f53\u7cfb\uff0c\u540c\u65f6\u60a8\u7684\u4f01\u4e1a\u7528\u6237\u7ba1\u7406\u7cfb\u7edf\u652f\u6301 OIDC \u534f\u8bae\uff0c \u53ef\u4ee5\u4f7f\u7528\u5168\u5c40\u7ba1\u7406\u63d0\u4f9b\u7684\u57fa\u4e8e OIDC \u534f\u8bae\u7684\u8eab\u4efd\u63d0\u4f9b\u5546\u529f\u80fd\uff0c\u800c\u4e0d\u5fc5\u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4e2d\u4e3a\u6bcf\u4e00\u4f4d\u7ec4\u7ec7\u6210\u5458\u521b\u5efa\u7528\u6237\u540d/\u5bc6\u7801\u3002 \u60a8\u53ef\u4ee5\u5411\u8fd9\u4e9b\u5916\u90e8\u7528\u6237\u8eab\u4efd\u6388\u4e88\u4f7f\u7528\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u8d44\u6e90\u7684\u6743\u9650\u3002
\u5177\u4f53\u64cd\u4f5c\u6b65\u9aa4\u5982\u4e0b\u3002
\u4f7f\u7528\u5177\u6709 admin \u89d2\u8272\u7684\u7528\u6237\u767b\u5f55 AI \u7b97\u529b\u5e73\u53f0\u3002\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u5e95\u90e8\u7684 \u5168\u5c40\u7ba1\u7406 -> \u7528\u6237\u4e0e\u8bbf\u95ee\u63a7\u5236 \u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u9009\u62e9 \u8eab\u4efd\u63d0\u4f9b\u5546 \uff0c\u70b9\u51fb OIDC \u9875\u7b7e -> \u521b\u5efa\u8eab\u4efd\u63d0\u4f9b\u5546 \u6309\u94ae\u3002
\u586b\u5199\u8868\u5355\u5b57\u6bb5\uff0c\u5efa\u7acb\u4e0e\u8eab\u4efd\u63d0\u4f9b\u5546\u7684\u4fe1\u4efb\u5173\u7cfb\u540e\uff0c\u70b9\u51fb \u786e\u5b9a \u3002
\u5b57\u6bb5 \u63cf\u8ff0 \u63d0\u4f9b\u5546\u540d\u79f0 \u663e\u793a\u5728\u767b\u5f55\u9875\u4e0a\uff0c\u662f\u8eab\u4efd\u63d0\u4f9b\u5546\u7684\u5165\u53e3 \u8ba4\u8bc1\u65b9\u5f0f \u5ba2\u6237\u7aef\u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5\u3002\u5982\u679c JWT \u4f7f\u7528\u79c1\u94a5\u7b7e\u540d\uff0c\u8bf7\u4e0b\u62c9\u9009\u62e9 JWT signed with private key \u3002\u5177\u4f53\u53c2\u9605 Client Authentication\u3002 \u5ba2\u6237\u7aef ID \u5ba2\u6237\u7aef\u7684 ID \u5ba2\u6237\u7aef\u5bc6\u94a5 \u5ba2\u6237\u7aef\u5bc6\u7801 \u5ba2\u6237\u7aef URL \u53ef\u901a\u8fc7\u8eab\u4efd\u63d0\u4f9b\u5546 well-known \u63a5\u53e3\u4e00\u952e\u83b7\u53d6\u767b\u5f55 URL\u3001Token URL\u3001\u7528\u6237\u4fe1\u606f URL \u548c\u767b\u51fa URL \u81ea\u52a8\u5173\u8054 \u5f00\u542f\u540e\u5f53\u8eab\u4efd\u63d0\u4f9b\u5546\u7528\u6237\u540d/\u90ae\u7bb1\u4e0e\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u7528\u6237\u540d/\u90ae\u7bb1\u91cd\u590d\u65f6\u5c06\u81ea\u52a8\u4f7f\u4e8c\u8005\u5173\u8054Note
\u7528\u6237\u8eab\u4efd\u8ba4\u8bc1\u7684\u4ea4\u4e92\u6d41\u7a0b\u4e3a\uff1a
\u4e00\u4e2a\u89d2\u8272\u5bf9\u5e94\u4e00\u7ec4\u6743\u9650\u3002\u6743\u9650\u51b3\u5b9a\u4e86\u53ef\u4ee5\u5bf9\u8d44\u6e90\u6267\u884c\u7684\u64cd\u4f5c\u3002\u5411\u7528\u6237\u6388\u4e88\u67d0\u89d2\u8272\uff0c\u5373\u6388\u4e88\u8be5\u89d2\u8272\u6240\u5305\u542b\u7684\u6240\u6709\u6743\u9650\u3002
\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u5b58\u5728\u4e09\u79cd\u89d2\u8272\u8303\u56f4\uff0c\u80fd\u591f\u7075\u6d3b\u3001\u6709\u6548\u5730\u89e3\u51b3\u60a8\u5728\u6743\u9650\u4e0a\u7684\u4f7f\u7528\u95ee\u9898\uff1a
\u5e73\u53f0\u89d2\u8272\u662f\u7c97\u7c92\u5ea6\u6743\u9650\uff0c\u5bf9\u5e73\u53f0\u4e0a\u6240\u6709\u76f8\u5173\u8d44\u6e90\u5177\u6709\u76f8\u5e94\u6743\u9650\u3002\u901a\u8fc7\u5e73\u53f0\u89d2\u8272\u53ef\u4ee5\u8d4b\u4e88\u7528\u6237\u5bf9\u6240\u6709\u96c6\u7fa4\u3001\u6240\u6709\u5de5\u4f5c\u7a7a\u95f4\u7b49\u7684\u589e\u5220\u6539\u67e5\u6743\u9650\uff0c \u800c\u4e0d\u80fd\u5177\u4f53\u5230\u67d0\u4e00\u4e2a\u96c6\u7fa4\u6216\u67d0\u4e00\u4e2a\u5de5\u4f5c\u7a7a\u95f4\u3002\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u63d0\u4f9b\u4e86 5 \u4e2a\u9884\u7f6e\u7684\u3001\u7528\u6237\u53ef\u76f4\u63a5\u4f7f\u7528\u7684\u5e73\u53f0\u89d2\u8272\uff1a
\u540c\u65f6\uff0c\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u8fd8\u652f\u6301\u7528\u6237\u521b\u5efa\u81ea\u5b9a\u4e49\u5e73\u53f0\u89d2\u8272\uff0c\u53ef\u6839\u636e\u9700\u8981\u81ea\u5b9a\u4e49\u89d2\u8272\u5185\u5bb9\u3002 \u5982\u521b\u5efa\u4e00\u4e2a\u5e73\u53f0\u89d2\u8272\uff0c\u5305\u542b\u5e94\u7528\u5de5\u4f5c\u53f0\u7684\u6240\u6709\u529f\u80fd\u6743\u9650\uff0c\u7531\u4e8e\u5e94\u7528\u5de5\u4f5c\u53f0\u4f9d\u8d56\u4e8e\u5de5\u4f5c\u7a7a\u95f4\uff0c \u56e0\u6b64\u5e73\u53f0\u4f1a\u5e2e\u52a9\u7528\u6237\u9ed8\u8ba4\u52fe\u9009\u5de5\u4f5c\u7a7a\u95f4\u7684\u67e5\u770b\u6743\u9650\uff0c\u8bf7\u4e0d\u8981\u624b\u52a8\u53d6\u6d88\u52fe\u9009\u3002 \u82e5\u7528\u6237 A \u88ab\u6388\u4e88\u8be5 Workbench\uff08\u5e94\u7528\u5de5\u4f5c\u53f0\uff09\u89d2\u8272\uff0c\u5c06\u81ea\u52a8\u62e5\u6709\u6240\u6709\u5de5\u4f5c\u7a7a\u95f4\u4e0b\u7684\u5e94\u7528\u5de5\u4f5c\u53f0\u76f8\u5173\u529f\u80fd\u7684\u589e\u5220\u6539\u67e5\u7b49\u6743\u9650\u3002
"},{"location":"admin/ghippo/access-control/role.html#_3","title":"\u5e73\u53f0\u89d2\u8272\u6388\u6743\u65b9\u5f0f","text":"\u7ed9\u5e73\u53f0\u89d2\u8272\u6388\u6743\u5171\u6709\u4e09\u79cd\u65b9\u5f0f\uff1a
\u5728 \u5168\u5c40\u7ba1\u7406 -> \u7528\u6237\u4e0e\u8bbf\u95ee\u63a7\u5236 -> \u7528\u6237 \u7684\u7528\u6237\u5217\u8868\u4e2d\uff0c\u627e\u5230\u8be5\u7528\u6237\uff0c\u70b9\u51fb ... \uff0c\u9009\u62e9 \u6388\u6743 \uff0c\u4e3a\u8be5\u7528\u6237\u8d4b\u4e88\u5e73\u53f0\u89d2\u8272\u6743\u9650\u3002
\u5728 \u5168\u5c40\u7ba1\u7406 -> \u7528\u6237\u4e0e\u8bbf\u95ee\u63a7\u5236 -> \u7528\u6237\u7ec4 \u7684\u7528\u6237\u7ec4\u5217\u8868\u4e2d\u521b\u5efa\u7528\u6237\u7ec4\uff0c\u5c06\u8be5\u7528\u6237\u52a0\u5165\u7528\u6237\u7ec4\uff0c\u5e76\u7ed9\u7528\u6237\u7ec4\u6388\u6743 \uff08\u5177\u4f53\u64cd\u4f5c\u4e3a\uff1a\u5728\u7528\u6237\u7ec4\u5217\u8868\u627e\u5230\u8be5\u7528\u6237\u7ec4\uff0c\u70b9\u51fb ... \uff0c\u9009\u62e9 \u6388\u6743 \uff0c\u4e3a\u8be5\u7528\u6237\u7ec4\u8d4b\u4e88\u5e73\u53f0\u89d2\u8272\uff09\u3002
\u5728 \u5168\u5c40\u7ba1\u7406 -> \u7528\u6237\u4e0e\u8bbf\u95ee\u63a7\u5236 -> \u89d2\u8272 \u7684\u89d2\u8272\u5217\u8868\u4e2d\uff0c\u627e\u5230\u76f8\u5e94\u7684\u5e73\u53f0\u89d2\u8272\uff0c \u70b9\u51fb\u89d2\u8272\u540d\u79f0\u8fdb\u5165\u8be6\u60c5\uff0c\u70b9\u51fb \u5173\u8054\u6210\u5458 \u6309\u94ae\uff0c\u9009\u4e2d\u8be5\u7528\u6237\u6216\u7528\u6237\u6240\u5728\u7684\u7528\u6237\u7ec4\uff0c\u70b9\u51fb \u786e\u5b9a \u3002
\u5de5\u4f5c\u7a7a\u95f4\u89d2\u8272\u662f\u7ec6\u7c92\u5ea6\u89d2\u8272\uff0c\u901a\u8fc7\u5de5\u4f5c\u7a7a\u95f4\u89d2\u8272\u53ef\u4ee5\u8d4b\u4e88\u7528\u6237\u67d0\u4e2a\u5de5\u4f5c\u7a7a\u95f4\u7684\u7ba1\u7406\u6743\u9650\u3001\u67e5\u770b\u6743\u9650\u6216\u8be5\u5de5\u4f5c\u7a7a\u95f4\u5e94\u7528\u5de5\u4f5c\u53f0\u76f8\u5173\u7684\u6743\u9650\u7b49\u3002 \u83b7\u5f97\u8be5\u89d2\u8272\u6743\u9650\u7684\u7528\u6237\u53ea\u80fd\u7ba1\u7406\u8be5\u5de5\u4f5c\u7a7a\u95f4\uff0c\u800c\u65e0\u6cd5\u8bbf\u95ee\u5176\u4ed6\u5de5\u4f5c\u7a7a\u95f4\u3002\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u63d0\u4f9b\u4e86 3 \u4e2a\u9884\u7f6e\u7684\u3001\u7528\u6237\u53ef\u76f4\u63a5\u4f7f\u7528\u7684\u5de5\u4f5c\u7a7a\u95f4\u89d2\u8272\uff1a
\u540c\u65f6\uff0c\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u8fd8\u652f\u6301\u7528\u6237\u521b\u5efa\u81ea\u5b9a\u4e49\u5de5\u4f5c\u7a7a\u95f4\u89d2\u8272\uff0c\u53ef\u6839\u636e\u9700\u8981\u81ea\u5b9a\u4e49\u89d2\u8272\u5185\u5bb9\u3002\u5982\u521b\u5efa\u4e00\u4e2a\u5de5\u4f5c\u7a7a\u95f4\u89d2\u8272\uff0c \u5305\u542b\u5e94\u7528\u5de5\u4f5c\u53f0\u7684\u6240\u6709\u529f\u80fd\u6743\u9650\uff0c\u7531\u4e8e\u5e94\u7528\u5de5\u4f5c\u53f0\u4f9d\u8d56\u4e8e\u5de5\u4f5c\u7a7a\u95f4\uff0c\u56e0\u6b64\u5e73\u53f0\u4f1a\u5e2e\u52a9\u7528\u6237\u9ed8\u8ba4\u52fe\u9009\u5de5\u4f5c\u7a7a\u95f4\u7684\u67e5\u770b\u6743\u9650\uff0c \u8bf7\u4e0d\u8981\u624b\u52a8\u53d6\u6d88\u52fe\u9009\u3002\u82e5\u7528\u6237 A \u5728\u5de5\u4f5c\u7a7a\u95f4 01 \u4e2d\u88ab\u6388\u4e88\u8be5\u89d2\u8272\uff0c\u5c06\u62e5\u6709\u5de5\u4f5c\u7a7a\u95f4 01 \u4e0b\u7684\u5e94\u7528\u5de5\u4f5c\u53f0\u76f8\u5173\u529f\u80fd\u7684\u589e\u5220\u6539\u67e5\u6743\u9650\u3002
Note
\u4e0e\u5e73\u53f0\u89d2\u8272\u4e0d\u540c\uff0c\u5de5\u4f5c\u7a7a\u95f4\u89d2\u8272\u88ab\u521b\u5efa\u540e\u9700\u8981\u524d\u5f80\u5de5\u4f5c\u7a7a\u95f4\u4f7f\u7528\uff0c\u88ab\u6388\u6743\u540e\u7528\u6237\u4ec5\u5728\u8be5\u5de5\u4f5c\u7a7a\u95f4\u4e0b\u62e5\u6709\u8be5\u89d2\u8272\u4e2d\u7684\u529f\u80fd\u6743\u9650\u3002
"},{"location":"admin/ghippo/access-control/role.html#_5","title":"\u5de5\u4f5c\u7a7a\u95f4\u89d2\u8272\u6388\u6743\u65b9\u5f0f","text":"\u5728 \u5168\u5c40\u7ba1\u7406 -> \u5de5\u4f5c\u7a7a\u95f4\u4e0e\u5c42\u7ea7 \u5217\u8868\u4e2d\uff0c\u627e\u5230\u8be5\u5de5\u4f5c\u7a7a\u95f4\uff0c\u70b9\u51fb \u6dfb\u52a0\u6388\u6743 \uff0c\u4e3a\u8be5\u7528\u6237\u8d4b\u4e88\u5de5\u4f5c\u7a7a\u95f4\u89d2\u8272\u6743\u9650\u3002
"},{"location":"admin/ghippo/access-control/role.html#_6","title":"\u6587\u4ef6\u5939\u89d2\u8272","text":"\u6587\u4ef6\u5939\u89d2\u8272\u7684\u6743\u9650\u7c92\u5ea6\u4ecb\u4e8e\u5e73\u53f0\u89d2\u8272\u4e0e\u5de5\u4f5c\u7a7a\u95f4\u89d2\u8272\u4e4b\u95f4\uff0c\u901a\u8fc7\u6587\u4ef6\u5939\u89d2\u8272\u53ef\u4ee5\u8d4b\u4e88\u7528\u6237\u67d0\u4e2a\u6587\u4ef6\u5939\u53ca\u5176\u5b50\u6587\u4ef6\u5939\u548c\u8be5\u6587\u4ef6\u5939\u4e0b\u6240\u6709\u5de5\u4f5c\u7a7a\u95f4\u7684\u7ba1\u7406\u6743\u9650\u3001\u67e5\u770b\u6743\u9650\u7b49\uff0c \u5e38\u9002\u7528\u4e8e\u4f01\u4e1a\u4e2d\u7684\u90e8\u95e8\u573a\u666f\u3002\u6bd4\u5982\u7528\u6237 B \u662f\u4e00\u7ea7\u90e8\u95e8\u7684 Leader\uff0c\u901a\u5e38\u7528\u6237 B \u80fd\u591f\u7ba1\u7406\u8be5\u4e00\u7ea7\u90e8\u95e8\u3001\u5176\u4e0b\u7684\u6240\u6709\u4e8c\u7ea7\u90e8\u95e8\u548c\u90e8\u95e8\u4e2d\u7684\u9879\u76ee\u7b49\uff0c \u5728\u6b64\u573a\u666f\u4e2d\u7ed9\u7528\u6237 B \u6388\u4e88\u4e00\u7ea7\u6587\u4ef6\u5939\u7684\u7ba1\u7406\u5458\u6743\u9650\uff0c\u7528\u6237 B \u4e5f\u5c06\u62e5\u6709\u5176\u4e0b\u7684\u4e8c\u7ea7\u6587\u4ef6\u5939\u548c\u5de5\u4f5c\u7a7a\u95f4\u7684\u76f8\u5e94\u6743\u9650\u3002 \u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u63d0\u4f9b\u4e86 3 \u4e2a\u9884\u7f6e\u7684\u3001\u7528\u6237\u53ef\u76f4\u63a5\u4f7f\u7528\u6587\u4ef6\u5939\u89d2\u8272\uff1a
\u540c\u65f6\uff0c\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u8fd8\u652f\u6301\u7528\u6237\u521b\u5efa\u81ea\u5b9a\u4e49\u6587\u4ef6\u5939\u89d2\u8272\uff0c\u53ef\u6839\u636e\u9700\u8981\u81ea\u5b9a\u4e49\u89d2\u8272\u5185\u5bb9\u3002 \u5982\u521b\u5efa\u4e00\u4e2a\u6587\u4ef6\u5939\u89d2\u8272\uff0c\u5305\u542b\u5e94\u7528\u5de5\u4f5c\u53f0\u7684\u6240\u6709\u529f\u80fd\u6743\u9650\u3002\u82e5\u7528\u6237 A \u5728\u6587\u4ef6\u5939 01 \u4e2d\u88ab\u6388\u4e88\u8be5\u89d2\u8272\uff0c \u5c06\u62e5\u6709\u8be5\u6587\u4ef6\u5939\u4e0b\u6240\u6709\u5de5\u4f5c\u7a7a\u95f4\u4e2d\u5e94\u7528\u5de5\u4f5c\u53f0\u76f8\u5173\u529f\u80fd\u7684\u589e\u5220\u6539\u67e5\u6743\u9650\u3002
Note
\u529f\u80fd\u6a21\u5757\u672c\u8eab\u4f9d\u8d56\u7684\u662f\u5de5\u4f5c\u7a7a\u95f4\uff0c\u6587\u4ef6\u5939\u662f\u5de5\u4f5c\u7a7a\u95f4\u4e0a\u7684\u8fdb\u4e00\u6b65\u5206\u7ec4\u673a\u5236\u4e14\u5177\u6709\u6743\u9650\u7ee7\u627f\u80fd\u529b\uff0c \u56e0\u6b64\u6587\u4ef6\u5939\u6743\u9650\u4e0d\u5149\u5305\u542b\u6587\u4ef6\u5939\u672c\u8eab\uff0c\u8fd8\u5305\u62ec\u5176\u4e0b\u7684\u5b50\u6587\u4ef6\u5939\u548c\u5de5\u4f5c\u7a7a\u95f4\u3002
"},{"location":"admin/ghippo/access-control/role.html#_7","title":"\u6587\u4ef6\u5939\u89d2\u8272\u6388\u6743\u65b9\u5f0f","text":"\u5728 \u5168\u5c40\u7ba1\u7406 -> \u5de5\u4f5c\u7a7a\u95f4\u4e0e\u5c42\u7ea7 \u5217\u8868\u4e2d\uff0c\u627e\u5230\u8be5\u6587\u4ef6\u5939\uff0c\u70b9\u51fb \u6dfb\u52a0\u6388\u6743 \uff0c\u4e3a\u8be5\u7528\u6237\u8d4b\u4e88\u6587\u4ef6\u5939\u89d2\u8272\u6743\u9650\u3002
"},{"location":"admin/ghippo/access-control/user.html","title":"\u7528\u6237","text":"\u7528\u6237\u6307\u7684\u662f\u7531\u5e73\u53f0\u7ba1\u7406\u5458 admin \u6216\u8005\u7528\u6237\u4e0e\u8bbf\u95ee\u63a7\u5236\u7ba1\u7406\u5458 IAM Owner \u5728 \u5168\u5c40\u7ba1\u7406 -> \u7528\u6237\u4e0e\u8bbf\u95ee\u63a7\u5236 -> \u7528\u6237 \u9875\u9762\u521b\u5efa\u7684\u7528\u6237\uff0c\u6216\u8005\u901a\u8fc7 LDAP / OIDC \u5bf9\u63a5\u8fc7\u6765\u7684\u7528\u6237\u3002 \u7528\u6237\u540d\u4ee3\u8868\u8d26\u53f7\uff0c\u7528\u6237\u901a\u8fc7\u7528\u6237\u540d\u548c\u5bc6\u7801\u767b\u5f55\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u3002
\u62e5\u6709\u4e00\u4e2a\u7528\u6237\u8d26\u53f7\u662f\u7528\u6237\u8bbf\u95ee\u5e73\u53f0\u7684\u524d\u63d0\u3002\u65b0\u5efa\u7684\u7528\u6237\u9ed8\u8ba4\u6ca1\u6709\u4efb\u4f55\u6743\u9650\uff0c\u4f8b\u5982\u60a8\u9700\u8981\u7ed9\u7528\u6237\u8d4b\u4e88\u76f8\u5e94\u7684\u89d2\u8272\u6743\u9650\uff0c\u6bd4\u5982\u5728 \u7528\u6237\u5217\u8868 \u6216 \u7528\u6237\u8be6\u60c5 \u6388\u4e88\u5b50\u6a21\u5757\u7684\u7ba1\u7406\u5458\u6743\u9650\u3002 \u5b50\u6a21\u5757\u7ba1\u7406\u5458\u62e5\u6709\u8be5\u5b50\u6a21\u5757\u7684\u6700\u9ad8\u6743\u9650\uff0c\u80fd\u591f\u521b\u5efa\u3001\u7ba1\u7406\u3001\u5220\u9664\u8be5\u6a21\u5757\u7684\u6240\u6709\u8d44\u6e90\u3002 \u5982\u679c\u7528\u6237\u9700\u8981\u88ab\u6388\u4e88\u5177\u4f53\u8d44\u6e90\u7684\u6743\u9650\uff0c\u6bd4\u5982\u67d0\u4e2a\u8d44\u6e90\u7684\u4f7f\u7528\u6743\u9650\uff0c\u8bf7\u67e5\u770b\u8d44\u6e90\u6388\u6743\u8bf4\u660e\u3002
\u672c\u9875\u4ecb\u7ecd\u7528\u6237\u7684\u521b\u5efa\u3001\u6388\u6743\u3001\u7981\u7528\u3001\u542f\u7528\u3001\u5220\u9664\u7b49\u64cd\u4f5c\u3002
"},{"location":"admin/ghippo/access-control/user.html#_2","title":"\u521b\u5efa\u7528\u6237","text":"\u524d\u63d0\uff1a\u62e5\u6709\u5e73\u53f0\u7ba1\u7406\u5458 Admin \u6743\u9650\u6216\u8005\u7528\u6237\u4e0e\u8bbf\u95ee\u63a7\u5236\u7ba1\u7406\u5458 IAM Owner \u6743\u9650\u3002
\u7ba1\u7406\u5458\u8fdb\u5165 \u7528\u6237\u4e0e\u8bbf\u95ee\u63a7\u5236 \uff0c\u9009\u62e9 \u7528\u6237 \uff0c\u8fdb\u5165\u7528\u6237\u5217\u8868\uff0c\u70b9\u51fb\u53f3\u4e0a\u65b9\u7684 \u521b\u5efa\u7528\u6237 \u3002
\u5728 \u521b\u5efa\u7528\u6237 \u9875\u9762\u586b\u5199\u7528\u6237\u540d\u548c\u767b\u5f55\u5bc6\u7801\u3002\u5982\u9700\u4e00\u6b21\u6027\u521b\u5efa\u591a\u4e2a\u7528\u6237\uff0c\u53ef\u4ee5\u70b9\u51fb \u521b\u5efa\u7528\u6237 \u540e\u8fdb\u884c\u6279\u91cf\u521b\u5efa\uff0c\u4e00\u6b21\u6027\u6700\u591a\u521b\u5efa 5 \u4e2a\u7528\u6237\u3002\u6839\u636e\u60a8\u7684\u5b9e\u9645\u60c5\u51b5\u786e\u5b9a\u662f\u5426\u8bbe\u7f6e\u7528\u6237\u5728\u9996\u6b21\u767b\u5f55\u65f6\u91cd\u7f6e\u5bc6\u7801\u3002
\u70b9\u51fb \u786e\u5b9a \uff0c\u521b\u5efa\u7528\u6237\u6210\u529f\uff0c\u8fd4\u56de\u7528\u6237\u5217\u8868\u9875\u3002
Note
\u6b64\u5904\u8bbe\u7f6e\u7684\u7528\u6237\u540d\u548c\u5bc6\u7801\u5c06\u7528\u4e8e\u767b\u5f55\u5e73\u53f0\u3002
"},{"location":"admin/ghippo/access-control/user.html#grant-admin-permissions","title":"\u4e3a\u7528\u6237\u6388\u4e88\u5b50\u6a21\u5757\u7ba1\u7406\u5458\u6743\u9650","text":"\u524d\u63d0\uff1a\u8be5\u7528\u6237\u5df2\u5b58\u5728\u3002
\u7ba1\u7406\u5458\u8fdb\u5165 \u7528\u6237\u4e0e\u8bbf\u95ee\u63a7\u5236 \uff0c\u9009\u62e9 \u7528\u6237 \uff0c\u8fdb\u5165\u7528\u6237\u5217\u8868\uff0c\u70b9\u51fb \u2507 -> \u6388\u6743 \u3002
\u5728 \u6388\u6743 \u9875\u9762\u52fe\u9009\u9700\u8981\u7684\u89d2\u8272\u6743\u9650\uff08\u53ef\u591a\u9009\uff09\u3002
\u70b9\u51fb \u786e\u5b9a \u5b8c\u6210\u4e3a\u7528\u6237\u7684\u6388\u6743\u3002
Note
\u5728\u7528\u6237\u5217\u8868\u4e2d\uff0c\u70b9\u51fb\u67d0\u4e2a\u7528\u6237\uff0c\u53ef\u4ee5\u8fdb\u5165\u7528\u6237\u8be6\u60c5\u9875\u9762\u3002
"},{"location":"admin/ghippo/access-control/user.html#_3","title":"\u5c06\u7528\u6237\u52a0\u5165\u7528\u6237\u7ec4","text":"\u7ba1\u7406\u5458\u8fdb\u5165 \u7528\u6237\u4e0e\u8bbf\u95ee\u63a7\u5236 \uff0c\u9009\u62e9 \u7528\u6237 \uff0c\u8fdb\u5165\u7528\u6237\u5217\u8868\uff0c\u70b9\u51fb \u2507 -> \u52a0\u5165\u7528\u6237\u7ec4 \u3002
\u5728 \u52a0\u5165\u7528\u6237\u7ec4 \u9875\u9762\u52fe\u9009\u9700\u8981\u52a0\u5165\u7684\u7528\u6237\u7ec4\uff08\u53ef\u591a\u9009\uff09\u3002\u82e5\u6ca1\u6709\u53ef\u9009\u7684\u7528\u6237\u7ec4\uff0c\u70b9\u51fb \u521b\u5efa\u7528\u6237\u7ec4 \u521b\u5efa\u7528\u6237\u7ec4\uff0c\u518d\u8fd4\u56de\u8be5\u9875\u9762\u70b9\u51fb \u5237\u65b0 \u6309\u94ae\uff0c\u663e\u793a\u521a\u521b\u5efa\u7684\u7528\u6237\u7ec4\u3002
\u70b9\u51fb \u786e\u5b9a \u5c06\u7528\u6237\u52a0\u5165\u7528\u6237\u7ec4\u3002
Note
\u7528\u6237\u4f1a\u7ee7\u627f\u7528\u6237\u7ec4\u7684\u6743\u9650\uff0c\u53ef\u4ee5\u5728 \u7528\u6237\u8be6\u60c5 \u4e2d\u67e5\u770b\u8be5\u7528\u6237\u5df2\u52a0\u5165\u7684\u7528\u6237\u7ec4\u3002
"},{"location":"admin/ghippo/access-control/user.html#_4","title":"\u542f\u7528/\u7981\u7528\u7528\u6237","text":"\u7981\u7528\u7528\u6237\u540e\uff0c\u8be5\u7528\u6237\u5c06\u65e0\u6cd5\u518d\u8bbf\u95ee\u5e73\u53f0\u3002\u4e0e\u5220\u9664\u7528\u6237\u4e0d\u540c\uff0c\u7981\u7528\u7684\u7528\u6237\u53ef\u4ee5\u6839\u636e\u9700\u8981\u518d\u6b21\u542f\u7528\uff0c\u5efa\u8bae\u5220\u9664\u7528\u6237\u524d\u5148\u7981\u7528\uff0c\u4ee5\u786e\u4fdd\u6ca1\u6709\u5173\u952e\u670d\u52a1\u5728\u4f7f\u7528\u8be5\u7528\u6237\u521b\u5efa\u7684\u5bc6\u94a5\u3002
\u7ba1\u7406\u5458\u8fdb\u5165 \u7528\u6237\u4e0e\u8bbf\u95ee\u63a7\u5236 \uff0c\u9009\u62e9 \u7528\u6237 \uff0c\u8fdb\u5165\u7528\u6237\u5217\u8868\uff0c\u70b9\u51fb\u4e00\u4e2a\u7528\u6237\u540d\u8fdb\u5165\u7528\u6237\u8be6\u60c5\u3002
\u70b9\u51fb\u53f3\u4e0a\u65b9\u7684 \u7f16\u8f91 \uff0c\u5173\u95ed\u72b6\u6001\u6309\u94ae\uff0c\u4f7f\u6309\u94ae\u7f6e\u7070\u4e14\u5904\u4e8e\u672a\u542f\u7528\u72b6\u6001\u3002
\u70b9\u51fb \u786e\u5b9a \u5b8c\u6210\u7981\u7528\u7528\u6237\u7684\u64cd\u4f5c\u3002
\u524d\u63d0\uff1a\u9700\u8981\u8bbe\u7f6e\u7528\u6237\u90ae\u7bb1\uff0c\u6709\u4e24\u79cd\u65b9\u5f0f\u53ef\u4ee5\u8bbe\u7f6e\u7528\u6237\u90ae\u7bb1\u3002
\u7ba1\u7406\u5458\u5728\u8be5\u7528\u6237\u8be6\u60c5\u9875\u9762\uff0c\u70b9\u51fb \u7f16\u8f91 \uff0c\u5728\u5f39\u51fa\u6846\u8f93\u5165\u7528\u6237\u90ae\u7bb1\u5730\u5740\uff0c\u70b9\u51fb \u786e\u5b9a \u5b8c\u6210\u90ae\u7bb1\u8bbe\u7f6e\u3002
\u7528\u6237\u8fd8\u53ef\u4ee5\u8fdb\u5165 \u4e2a\u4eba\u4e2d\u5fc3 \uff0c\u5728 \u5b89\u5168\u8bbe\u7f6e \u9875\u9762\u8bbe\u7f6e\u90ae\u7bb1\u5730\u5740\u3002
\u5982\u679c\u7528\u6237\u767b\u5f55\u65f6\u5fd8\u8bb0\u5bc6\u7801\uff0c\u8bf7\u53c2\u8003\u91cd\u7f6e\u5bc6\u7801\u3002
"},{"location":"admin/ghippo/access-control/user.html#_6","title":"\u5220\u9664\u7528\u6237","text":"Warning
\u5220\u9664\u7528\u6237\u540e\uff0c\u8be5\u7528\u6237\u5c06\u65e0\u6cd5\u518d\u901a\u8fc7\u4efb\u4f55\u65b9\u5f0f\u8bbf\u95ee\u5e73\u53f0\u8d44\u6e90\uff0c\u8bf7\u8c28\u614e\u5220\u9664\u3002 \u5728\u5220\u9664\u7528\u6237\u4e4b\u524d\uff0c\u8bf7\u786e\u4fdd\u60a8\u7684\u5173\u952e\u7a0b\u5e8f\u4e0d\u518d\u4f7f\u7528\u8be5\u7528\u6237\u521b\u5efa\u7684\u5bc6\u94a5\u3002 \u5982\u679c\u60a8\u4e0d\u786e\u5b9a\uff0c\u5efa\u8bae\u5728\u5220\u9664\u524d\u5148\u7981\u7528\u8be5\u7528\u6237\u3002 \u5982\u679c\u60a8\u5220\u9664\u4e86\u4e00\u4e2a\u7528\u6237\uff0c\u7136\u540e\u518d\u521b\u5efa\u4e00\u4e2a\u540c\u540d\u7684\u65b0\u7528\u6237\uff0c\u5219\u65b0\u7528\u6237\u5c06\u88ab\u89c6\u4e3a\u4e00\u4e2a\u65b0\u7684\u72ec\u7acb\u8eab\u4efd\uff0c\u5b83\u4e0d\u4f1a\u7ee7\u627f\u5df2\u5220\u9664\u7528\u6237\u7684\u89d2\u8272\u3002
\u7ba1\u7406\u5458\u8fdb\u5165 \u7528\u6237\u4e0e\u8bbf\u95ee\u63a7\u5236 \uff0c\u9009\u62e9 \u7528\u6237 \uff0c\u8fdb\u5165\u7528\u6237\u5217\u8868\uff0c\u70b9\u51fb \u2507 -> \u5220\u9664 \u3002
\u70b9\u51fb \u79fb\u9664 \u5b8c\u6210\u5220\u9664\u7528\u6237\u7684\u64cd\u4f5c\u3002
\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u5728\u63a5\u5165\u5ba2\u6237\u7684\u7cfb\u7edf\u540e\uff0c\u53ef\u4ee5\u521b\u5efa Webhook\uff0c\u5728\u7528\u6237\u521b\u5efa/\u66f4\u65b0/\u5220\u9664/\u767b\u5f55/\u767b\u51fa\u4e4b\u65f6\u53d1\u9001\u6d88\u606f\u901a\u77e5\u3002
Webhook \u662f\u4e00\u79cd\u7528\u4e8e\u5b9e\u73b0\u5b9e\u65f6\u4e8b\u4ef6\u901a\u77e5\u7684\u673a\u5236\u3002\u5b83\u5141\u8bb8\u4e00\u4e2a\u5e94\u7528\u7a0b\u5e8f\u5c06\u6570\u636e\u6216\u4e8b\u4ef6\u63a8\u9001\u5230\u53e6\u4e00\u4e2a\u5e94\u7528\u7a0b\u5e8f\uff0c \u800c\u65e0\u9700\u8f6e\u8be2\u6216\u6301\u7eed\u67e5\u8be2\u3002\u901a\u8fc7\u914d\u7f6e Webhook\uff0c\u60a8\u53ef\u4ee5\u6307\u5b9a\u5728\u67d0\u4e2a\u4e8b\u4ef6\u53d1\u751f\u65f6\uff0c\u7531\u76ee\u6807\u5e94\u7528\u7a0b\u5e8f\u63a5\u6536\u5e76\u5904\u7406\u901a\u77e5\u3002
Webhook \u7684\u5de5\u4f5c\u539f\u7406\u5982\u4e0b\uff1a
\u901a\u8fc7\u4f7f\u7528 Webhook\uff0c\u60a8\u53ef\u4ee5\u5b9e\u73b0\u4ee5\u4e0b\u529f\u80fd\uff1a
\u5e38\u89c1\u7684\u5e94\u7528\u573a\u666f\u5305\u62ec\uff1a
\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u56fe\u5f62\u5316\u914d\u7f6e Webhook \u7684\u64cd\u4f5c\u6b65\u9aa4\u5982\u4e0b\uff1a
\u5728 \u5168\u5c40\u7ba1\u7406 -> \u7528\u6237\u4e0e\u8bbf\u95ee\u63a7\u5236 -> \u63a5\u5165\u7ba1\u7406 \uff0c\u521b\u5efa\u4e00\u4e2a\u5ba2\u6237\u7aef ID\u3002
\u70b9\u51fb\u67d0\u4e2a\u5ba2\u6237\u7aef ID\uff0c\u8fdb\u5165\u8be6\u60c5\u9875\uff0c\u70b9\u51fb \u521b\u5efa Webhook \u6309\u94ae\u3002
\u5728\u5f39\u7a97\u4e2d\u586b\u5165\u5b57\u6bb5\u4fe1\u606f\u540e\u70b9\u51fb \u786e\u5b9a \u3002
\u5c4f\u5e55\u63d0\u793a Webhook \u521b\u5efa\u6210\u529f\u3002
\u73b0\u5728\u53bb\u8bd5\u7740\u521b\u5efa\u4e00\u4e2a\u7528\u6237\u3002
\u7528\u6237\u521b\u5efa\u6210\u529f\uff0c\u53ef\u4ee5\u770b\u5230\u4f01\u4e1a\u5fae\u4fe1\u7fa4\u6536\u5230\u4e86\u4e00\u6761\u6d88\u606f\u3002
\u7cfb\u7edf\u9ed8\u8ba4\u7684\u6d88\u606f\u4f53
\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u9884\u5148\u5b9a\u4e49\u4e86\u4e00\u4e9b\u53d8\u91cf\uff0c\u60a8\u53ef\u4ee5\u6839\u636e\u81ea\u5df1\u60c5\u51b5\u5728\u6d88\u606f\u4f53\u4e2d\u4f7f\u7528\u8fd9\u4e9b\u53d8\u91cf\u3002
{\n \"id\": \"{{$$.ID$$}}\",\n \"email\": \"{{$$.Email$$}}\",\n \"username\": \"{{$$.Name$$}}\",\n \"last_name\": \"{{$$.LastName$$}}\",\n \"first_name\": \"{{$$.FirstName$$}}\",\n \"created_at\": \"{{$$.CreatedAt$$}}\",\n \"enabled\": \"{{$$.Enabled$$}}\"\n}\n
\u4f01\u4e1a\u5fae\u4fe1\u7fa4\u673a\u5668\u4eba\u7684 Message Body
{\n \"msgtype\": \"text\",\n \"text\": {\n \"content\": \"{{$$.Name$$}} hello world\"\n }\n}\n
"},{"location":"admin/ghippo/access-control/webhook.html#_3","title":"\u53c2\u8003\u6587\u6863","text":"\u5ba1\u8ba1\u65e5\u5fd7\u5e2e\u52a9\u60a8\u76d1\u63a7\u5e76\u8bb0\u5f55\u6bcf\u4e2a\u7528\u6237\u7684\u6d3b\u52a8\uff0c\u63d0\u4f9b\u4e86\u4e0e\u5b89\u5168\u76f8\u5173\u7684\u3001\u6309\u65f6\u95f4\u987a\u5e8f\u6392\u5217\u7684\u8bb0\u5f55\u7684\u6536\u96c6\u3001\u5b58\u50a8\u548c\u67e5\u8be2\u529f\u80fd\u3002 \u501f\u52a9\u5ba1\u8ba1\u65e5\u5fd7\u670d\u52a1\uff0c\u60a8\u53ef\u4ee5\u6301\u7eed\u76d1\u63a7\u5e76\u4fdd\u7559\u7528\u6237\u5728\u5168\u5c40\u7ba1\u7406\u6a21\u5757\u7684\u4f7f\u7528\u884c\u4e3a\uff0c\u5305\u62ec\u4f46\u4e0d\u9650\u4e8e\u521b\u5efa\u7528\u6237\u3001\u7528\u6237\u767b\u5f55/\u767b\u51fa\u3001\u7528\u6237\u6388\u6743\u4ee5\u53ca\u4e0e Kubernetes \u76f8\u5173\u7684\u7528\u6237\u64cd\u4f5c\u884c\u4e3a\u3002
"},{"location":"admin/ghippo/audit/audit-log.html#_2","title":"\u529f\u80fd\u7279\u6027","text":"\u5ba1\u8ba1\u65e5\u5fd7\u529f\u80fd\u5177\u6709\u4ee5\u4e0b\u7279\u70b9\uff1a
\u4f7f\u7528\u5177\u6709 admin \u6216 Audit Owner \u89d2\u8272\u7684\u7528\u6237\u767b\u5f55 AI \u7b97\u529b\u5e73\u53f0\u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u5e95\u90e8\uff0c\u70b9\u51fb \u5168\u5c40\u7ba1\u7406 -> \u5ba1\u8ba1\u65e5\u5fd7 \u3002
\u5728 \u7528\u6237\u64cd\u4f5c \u9875\u7b7e\u4e2d\uff0c\u53ef\u4ee5\u6309\u65f6\u95f4\u8303\u56f4\uff0c\u4e5f\u53ef\u4ee5\u901a\u8fc7\u6a21\u7cca\u641c\u7d22\u3001\u7cbe\u786e\u641c\u7d22\u6765\u67e5\u627e\u7528\u6237\u64cd\u4f5c\u4e8b\u4ef6\u3002
\u70b9\u51fb\u67d0\u4e2a\u4e8b\u4ef6\u6700\u53f3\u4fa7\u7684 \u2507 \uff0c\u53ef\u4ee5\u67e5\u770b\u4e8b\u4ef6\u8be6\u60c5\u3002
\u4e8b\u4ef6\u8be6\u60c5\u5982\u4e0b\u56fe\u6240\u793a\u3002
\u70b9\u51fb\u53f3\u4e0a\u89d2\u7684 \u5bfc\u51fa \u6309\u94ae\uff0c\u53ef\u4ee5\u6309 CSV \u548c Excel \u683c\u5f0f\u5bfc\u51fa\u5f53\u524d\u6240\u9009\u65f6\u95f4\u8303\u56f4\u5185\u7684\u7528\u6237\u64cd\u4f5c\u65e5\u5fd7\u3002
"},{"location":"admin/ghippo/audit/audit-log.html#_5","title":"\u7cfb\u7edf\u64cd\u4f5c","text":"\u5728 \u7cfb\u7edf\u64cd\u4f5c \u9875\u7b7e\u4e2d\uff0c\u53ef\u4ee5\u6309\u65f6\u95f4\u8303\u56f4\uff0c\u4e5f\u53ef\u4ee5\u901a\u8fc7\u6a21\u7cca\u641c\u7d22\u3001\u7cbe\u786e\u641c\u7d22\u6765\u67e5\u627e\u7cfb\u7edf\u64cd\u4f5c\u4e8b\u4ef6\u3002
\u540c\u6837\u70b9\u51fb\u67d0\u4e2a\u4e8b\u4ef6\u6700\u53f3\u4fa7\u7684 \u2507 \uff0c\u53ef\u4ee5\u67e5\u770b\u4e8b\u4ef6\u8be6\u60c5\u3002
\u70b9\u51fb\u53f3\u4e0a\u89d2\u7684 \u5bfc\u51fa \u6309\u94ae\uff0c\u53ef\u4ee5\u6309 CSV \u548c Excel \u683c\u5f0f\u5bfc\u51fa\u5f53\u524d\u6240\u9009\u65f6\u95f4\u8303\u56f4\u5185\u7684\u7cfb\u7edf\u64cd\u4f5c\u65e5\u5fd7\u3002
"},{"location":"admin/ghippo/audit/audit-log.html#_6","title":"\u8bbe\u7f6e","text":"\u5728 \u8bbe\u7f6e \u9875\u7b7e\u4e2d\uff0c\u60a8\u53ef\u4ee5\u6e05\u7406\u7528\u6237\u64cd\u4f5c\u548c\u7cfb\u7edf\u64cd\u4f5c\u7684\u5ba1\u8ba1\u65e5\u5fd7\u3002
\u53ef\u4ee5\u624b\u52a8\u6e05\u7406\uff0c\u5efa\u8bae\u6e05\u7406\u524d\u5148\u5bfc\u51fa\u5e76\u4fdd\u5b58\u3002\u4e5f\u53ef\u4ee5\u8bbe\u7f6e\u65e5\u5fd7\u7684\u6700\u957f\u4fdd\u5b58\u65f6\u95f4\u5b9e\u73b0\u81ea\u52a8\u6e05\u7406\u3002
Note
\u5ba1\u8ba1\u65e5\u5fd7\u4e2d\u4e0e Kubernetes \u76f8\u5173\u7684\u65e5\u5fd7\u8bb0\u5f55\u7531\u53ef\u89c2\u6d4b\u6027\u6a21\u5757\u63d0\u4f9b\uff0c\u4e3a\u51cf\u8f7b\u5ba1\u8ba1\u65e5\u5fd7\u7684\u5b58\u50a8\u538b\u529b\uff0c\u5168\u5c40\u7ba1\u7406\u9ed8\u8ba4\u4e0d\u91c7\u96c6 Kubernetes \u76f8\u5173\u65e5\u5fd7\u3002 \u5982\u9700\u8bb0\u5f55\u8bf7\u53c2\u9605\u5f00\u542f K8s \u5ba1\u8ba1\u65e5\u5fd7\u3002\u5f00\u542f\u540e\u7684\u6e05\u7406\u529f\u80fd\u4e0e\u5168\u5c40\u7ba1\u7406\u7684\u6e05\u7406\u529f\u80fd\u4e00\u81f4\uff0c\u4f46\u4e92\u4e0d\u5f71\u54cd\u3002
"},{"location":"admin/ghippo/audit/open-audit.html","title":"\u91c7\u96c6 K8s \u5ba1\u8ba1\u65e5\u5fd7","text":"\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u67e5\u770b /var/log/kubernetes/audit \u76ee\u5f55\u4e0b\u662f\u5426\u6709\u5ba1\u8ba1\u65e5\u5fd7\u751f\u6210\u3002 \u82e5\u6709\uff0c\u5219\u8868\u793a K8s \u5ba1\u8ba1\u65e5\u5fd7\u6210\u529f\u5f00\u542f\u3002
ls /var/log/kubernetes/audit\n
\u82e5\u672a\u5f00\u542f\uff0c\u8bf7\u53c2\u8003\u751f\u6210 K8s \u5ba1\u8ba1\u65e5\u5fd7\u3002
"},{"location":"admin/ghippo/audit/open-audit.html#k8s_3","title":"\u5f00\u542f\u91c7\u96c6 K8s \u5ba1\u8ba1\u65e5\u5fd7\u6d41\u7a0b","text":"\u6dfb\u52a0 chartmuseum \u5230 helm repo \u4e2d
helm repo add chartmuseum http://10.5.14.30:8081\n
\u8fd9\u6761\u547d\u4ee4\u4e2d\u7684 IP \u9700\u8981\u4fee\u6539\u4e3a\u706b\u79cd\u8282\u70b9\u7684 IP \u5730\u5740\u3002
Note
\u4f7f\u7528\u81ea\u5efa Harbor \u4ed3\u5e93\u7684\u60c5\u51b5\u4e0b\uff0c\u8bf7\u4fee\u6539\u7b2c\u4e00\u6b65\u4e2d\u7684 chart repo \u5730\u5740\u4e3a\u81ea\u5efa\u4ed3\u5e93\u7684 insight-agent chart \u5730\u5740\u3002
\u4fdd\u5b58\u5f53\u524d insight-agent helm value
helm get values insight-agent -n insight-system -o yaml > insight-agent-values-bak.yaml\n
\u83b7\u53d6\u5f53\u524d\u7248\u672c\u53f7 ${insight_version_code}
insight_version_code=`helm list -n insight-system |grep insight-agent | awk {'print $10'}`\n
\u66f4\u65b0 helm value \u914d\u7f6e
helm upgrade --install --create-namespace --version ${insight_version_code} --cleanup-on-fail insight-agent chartmuseum/insight-agent -n insight-system -f insight-agent-values-bak.yaml --set global.exporters.auditLog.kubeAudit.enabled=true\n
\u91cd\u542f insight-system \u4e0b\u7684\u6240\u6709 fluentBit pod
fluent_pod=`kubectl get pod -n insight-system | grep insight-agent-fluent-bit | awk {'print $1'} | xargs`\nkubectl delete pod ${fluent_pod} -n insight-system\n
\u5176\u4f59\u6b65\u9aa4\u548c\u5f00\u542f\u91c7\u96c6 K8s \u5ba1\u8ba1\u65e5\u5fd7\u4e00\u81f4\uff0c\u4ec5\u9700\u4fee\u6539\u4e0a\u4e00\u8282\u4e2d\u7b2c 4 \u6b65\uff1a\u66f4\u65b0 helm value \u914d\u7f6e\u3002
helm upgrade --install --create-namespace --version ${insight_version_code} --cleanup-on-fail insight-agent chartmuseum/insight-agent -n insight-system -f insight-agent-values-bak.yaml --set global.exporters.auditLog.kubeAudit.enabled=false\n
"},{"location":"admin/ghippo/audit/open-audit.html#_1","title":"\u5de5\u4f5c\u96c6\u7fa4\u5f00\u5173","text":"\u5404\u5de5\u4f5c\u96c6\u7fa4\u5f00\u5173\u72ec\u7acb\uff0c\u6309\u9700\u5f00\u542f\u3002
"},{"location":"admin/ghippo/audit/open-audit.html#_2","title":"\u521b\u5efa\u96c6\u7fa4\u65f6\u6253\u5f00\u91c7\u96c6\u5ba1\u8ba1\u65e5\u5fd7\u6b65\u9aa4","text":"\u91c7\u96c6 K8s \u5ba1\u8ba1\u65e5\u5fd7\u529f\u80fd\u9ed8\u8ba4\u4e3a\u5173\u95ed\u72b6\u6001\u3002\u82e5\u9700\u8981\u5f00\u542f\uff0c\u53ef\u4ee5\u6309\u7167\u5982\u4e0b\u6b65\u9aa4\uff1a
\u5c06\u8be5\u6309\u94ae\u8bbe\u7f6e\u4e3a\u542f\u7528\u72b6\u6001\uff0c\u5f00\u542f\u91c7\u96c6 K8s \u5ba1\u8ba1\u65e5\u5fd7\u529f\u80fd\u3002
\u901a\u8fc7\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u521b\u5efa\u5de5\u4f5c\u96c6\u7fa4\u65f6\uff0c\u786e\u8ba4\u8be5\u96c6\u7fa4\u7684 K8s \u5ba1\u8ba1\u65e5\u5fd7\u9009\u62e9 \u2018true'\uff0c\u8fd9\u6837\u521b\u5efa\u51fa\u6765\u7684\u5de5\u4f5c\u96c6\u7fa4 K8s \u5ba1\u8ba1\u65e5\u5fd7\u662f\u5f00\u542f\u7684\u3002
\u7b49\u5f85\u96c6\u7fa4\u521b\u5efa\u6210\u529f\u540e\uff0c\u8be5\u5de5\u4f5c\u96c6\u7fa4\u7684 K8s \u5ba1\u8ba1\u65e5\u5fd7\u5c06\u88ab\u91c7\u96c6\u3002
"},{"location":"admin/ghippo/audit/open-audit.html#_3","title":"\u63a5\u5165\u7684\u96c6\u7fa4\u548c\u521b\u5efa\u5b8c\u6210\u540e\u5f00\u5173\u6b65\u9aa4","text":""},{"location":"admin/ghippo/audit/open-audit.html#k8s_5","title":"\u786e\u8ba4\u5f00\u542f K8s \u5ba1\u8ba1\u65e5\u5fd7","text":"\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u67e5\u770b /var/log/kubernetes/audit \u76ee\u5f55\u4e0b\u662f\u5426\u6709\u5ba1\u8ba1\u65e5\u5fd7\u751f\u6210\uff0c\u82e5\u6709\uff0c\u5219\u8868\u793a K8s \u5ba1\u8ba1\u65e5\u5fd7\u6210\u529f\u5f00\u542f\u3002
ls /var/log/kubernetes/audit\n
\u82e5\u672a\u5f00\u542f\uff0c\u8bf7\u53c2\u8003\u6587\u6863\u7684\u5f00\u542f\u5173\u95ed K8s \u5ba1\u8ba1\u65e5\u5fd7
"},{"location":"admin/ghippo/audit/open-audit.html#k8s_6","title":"\u5f00\u542f\u91c7\u96c6 K8s \u5ba1\u8ba1\u65e5\u5fd7","text":"\u91c7\u96c6 K8s \u5ba1\u8ba1\u65e5\u5fd7\u529f\u80fd\u9ed8\u8ba4\u4e3a\u5173\u95ed\u72b6\u6001\uff0c\u82e5\u9700\u8981\u5f00\u542f\uff0c\u53ef\u4ee5\u6309\u7167\u5982\u4e0b\u6b65\u9aa4\uff1a
\u9009\u4e2d\u5df2\u63a5\u5165\u5e76\u4e14\u9700\u8981\u5f00\u542f\u91c7\u96c6 K8s \u5ba1\u8ba1\u65e5\u5fd7\u529f\u80fd\u7684\u96c6\u7fa4
\u8fdb\u5165 helm \u5e94\u7528\u7ba1\u7406\u9875\u9762\uff0c\u66f4\u65b0 insight-agent \u914d\u7f6e \uff08\u82e5\u672a\u5b89\u88c5 insight-agent\uff0c\u53ef\u4ee5\u5b89\u88c5 insight-agent\uff09
\u5f00\u542f/\u5173\u95ed\u91c7\u96c6 K8s \u5ba1\u8ba1\u65e5\u5fd7\u6309\u94ae
\u63a5\u5165\u96c6\u7fa4\u7684\u60c5\u51b5\u4e0b\u5f00\u5173\u540e\u4ecd\u9700\u8981\u91cd\u542f fluent-bit pod \u624d\u80fd\u751f\u6548
\u9ed8\u8ba4 Kubernetes \u96c6\u7fa4\u4e0d\u4f1a\u751f\u6210\u5ba1\u8ba1\u65e5\u5fd7\u4fe1\u606f\u3002\u901a\u8fc7\u4ee5\u4e0b\u914d\u7f6e\uff0c\u53ef\u4ee5\u5f00\u542f Kubernetes \u7684\u5ba1\u8ba1\u65e5\u5fd7\u529f\u80fd\u3002
Note
\u516c\u6709\u4e91\u73af\u5883\u4e2d\u53ef\u80fd\u65e0\u6cd5\u63a7\u5236 Kubernetes \u5ba1\u8ba1\u65e5\u5fd7\u8f93\u51fa\u53ca\u8f93\u51fa\u8def\u5f84\u3002
apiVersion: audit.k8s.io/v1\nkind: Policy\nrules:\n# The following requests were manually identified as high-volume and low-risk,\n# so drop them.\n- level: None\n users: [\"system:kube-proxy\"]\n verbs: [\"watch\"]\n resources:\n - group: \"\" # core\n resources: [\"endpoints\", \"services\", \"services/status\"]\n- level: None\n # Ingress controller reads `configmaps/ingress-uid` through the unsecured port.\n # TODO(#46983): Change this to the ingress controller service account.\n users: [\"system:unsecured\"]\n namespaces: [\"kube-system\"]\n verbs: [\"get\"]\n resources:\n - group: \"\" # core\n resources: [\"configmaps\"]\n- level: None\n users: [\"kubelet\"] # legacy kubelet identity\n verbs: [\"get\"]\n resources:\n - group: \"\" # core\n resources: [\"nodes\", \"nodes/status\"]\n- level: None\n userGroups: [\"system:nodes\"]\n verbs: [\"get\"]\n resources:\n - group: \"\" # core\n resources: [\"nodes\", \"nodes/status\"]\n- level: None\n users:\n - system:kube-controller-manager\n - system:kube-scheduler\n - system:serviceaccount:kube-system:endpoint-controller\n verbs: [\"get\", \"update\"]\n namespaces: [\"kube-system\"]\n resources:\n - group: \"\" # core\n resources: [\"endpoints\"]\n- level: None\n users: [\"system:apiserver\"]\n verbs: [\"get\"]\n resources:\n - group: \"\" # core\n resources: [\"namespaces\", \"namespaces/status\", \"namespaces/finalize\"]\n# Don't log HPA fetching metrics.\n- level: None\n users:\n - system:kube-controller-manager\n verbs: [\"get\", \"list\"]\n resources:\n - group: \"metrics.k8s.io\"\n# Don't log these read-only URLs.\n- level: None\n nonResourceURLs:\n - /healthz*\n - /version\n - /swagger*\n# Don't log events requests.\n- level: None\n resources:\n - group: \"\" # core\n resources: [\"events\"]\n# Secrets, ConfigMaps, TokenRequest and TokenReviews can contain sensitive & binary data,\n# so only log at the Metadata level.\n- level: Metadata\n resources:\n - group: \"\" # core\n resources: [\"secrets\", \"configmaps\", \"serviceaccounts/token\"]\n - group: authentication.k8s.io\n resources: [\"tokenreviews\"]\n omitStages:\n - \"RequestReceived\"\n# Get responses can be large; skip them.\n- level: Request\n verbs: [\"get\", \"list\", \"watch\"]\n resources:\n - group: \"\" # core\n - group: \"admissionregistration.k8s.io\"\n - group: \"apiextensions.k8s.io\"\n - group: \"apiregistration.k8s.io\"\n - group: \"apps\"\n - group: \"authentication.k8s.io\"\n - group: \"authorization.k8s.io\"\n - group: \"autoscaling\"\n - group: \"batch\"\n - group: \"certificates.k8s.io\"\n - group: \"extensions\"\n - group: \"metrics.k8s.io\"\n - group: \"networking.k8s.io\"\n - group: \"policy\"\n - group: \"rbac.authorization.k8s.io\"\n - group: \"settings.k8s.io\"\n - group: \"storage.k8s.io\"\n omitStages:\n - \"RequestReceived\"\n# Default level for known APIs\n- level: RequestResponse\n resources:\n - group: \"\" # core\n - group: \"admissionregistration.k8s.io\"\n - group: \"apiextensions.k8s.io\"\n - group: \"apiregistration.k8s.io\"\n - group: \"apps\"\n - group: \"authentication.k8s.io\"\n - group: \"authorization.k8s.io\"\n - group: \"autoscaling\"\n - group: \"batch\"\n - group: \"certificates.k8s.io\"\n - group: \"extensions\"\n - group: \"metrics.k8s.io\"\n - group: \"networking.k8s.io\"\n - group: \"policy\"\n - group: \"rbac.authorization.k8s.io\"\n - group: \"settings.k8s.io\"\n - group: \"storage.k8s.io\"\n omitStages:\n - \"RequestReceived\"\n# Default level for all other requests.\n- level: Metadata\n omitStages:\n - \"RequestReceived\"\n
\u5c06\u4ee5\u4e0a\u5ba1\u8ba1\u65e5\u5fd7\u6587\u4ef6\u653e\u5230 /etc/kubernetes/audit-policy/ \u6587\u4ef6\u5939\u4e0b\uff0c\u5e76\u53d6\u540d\u4e3a apiserver-audit-policy.yaml \u3002
"},{"location":"admin/ghippo/audit/open-k8s-audit.html#api","title":"\u914d\u7f6e API \u670d\u52a1\u5668","text":"\u6253\u5f00 API \u670d\u52a1\u5668\u7684\u914d\u7f6e\u6587\u4ef6 kube-apiserver.yaml \uff0c\u4e00\u822c\u4f1a\u5728 /etc/kubernetes/manifests/ \u6587\u4ef6\u5939\u4e0b\uff0c\u5e76\u6dfb\u52a0\u4ee5\u4e0b\u914d\u7f6e\u4fe1\u606f\uff1a
\u8fd9\u4e00\u6b65\u64cd\u4f5c\u524d\u8bf7\u5907\u4efd kube-apiserver.yaml \uff0c\u5e76\u4e14\u5907\u4efd\u7684\u6587\u4ef6\u4e0d\u80fd\u653e\u5728 /etc/kubernetes/manifests/ \u4e0b\uff0c\u5efa\u8bae\u653e\u5728 /etc/kubernetes/tmp \u3002
\u5728 spec.containers.command \u4e0b\u6dfb\u52a0\u547d\u4ee4\uff1a
--audit-log-maxage=30\n--audit-log-maxbackup=10\n--audit-log-maxsize=100\n--audit-log-path=/var/log/audit/kube-apiserver-audit.log\n--audit-policy-file=/etc/kubernetes/audit-policy/apiserver-audit-policy.yaml\n
\u5728 spec.containers.volumeMounts \u4e0b\u6dfb\u52a0\uff1a
- mountPath: /var/log/audit\n name: audit-logs\n- mountPath: /etc/kubernetes/audit-policy\n name: audit-policy\n
\u5728 spec.volumes \u4e0b\u6dfb\u52a0\uff1a
- hostPath:\n path: /var/log/kubernetes/audit\n type: \"\"\n name: audit-logs\n- hostPath:\n path: /etc/kubernetes/audit-policy\n type: \"\"\n name: audit-policy\n
\u7a0d\u7b49\u4e00\u4f1a\uff0cAPI \u670d\u52a1\u5668\u4f1a\u81ea\u52a8\u91cd\u542f\uff0c\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u67e5\u770b /var/log/kubernetes/audit \u76ee\u5f55\u4e0b\u662f\u5426\u6709\u5ba1\u8ba1\u65e5\u5fd7\u751f\u6210\uff0c\u82e5\u6709\uff0c\u5219\u8868\u793a K8s \u5ba1\u8ba1\u65e5\u5fd7\u6210\u529f\u5f00\u542f\u3002
ls /var/log/kubernetes/audit\n
\u5982\u679c\u60f3\u5173\u95ed\uff0c\u53bb\u6389 spec.containers.command \u4e2d\u7684\u76f8\u5173\u547d\u4ee4\u5373\u53ef\u3002
"},{"location":"admin/ghippo/audit/source-ip.html","title":"\u5ba1\u8ba1\u65e5\u5fd7\u83b7\u53d6\u6e90 IP","text":"\u5ba1\u8ba1\u65e5\u5fd7\u6e90 IP \u5728\u7cfb\u7edf\u548c\u7f51\u7edc\u7ba1\u7406\u4e2d\u626e\u6f14\u7740\u5173\u952e\u89d2\u8272\uff0c\u5b83\u6709\u52a9\u4e8e\u8ffd\u8e2a\u6d3b\u52a8\u3001\u7ef4\u62a4\u5b89\u5168\u3001\u89e3\u51b3\u95ee\u9898\u5e76\u786e\u4fdd\u7cfb\u7edf\u5408\u89c4\u6027\u3002 \u4f46\u662f\u83b7\u53d6\u6e90 IP \u4f1a\u5e26\u6765\u4e00\u5b9a\u7684\u6027\u80fd\u635f\u8017\uff0c\u6240\u4ee5\u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4e2d\u5ba1\u8ba1\u65e5\u5fd7\u5e76\u4e0d\u603b\u662f\u5f00\u542f\u7684\uff0c \u5728\u4e0d\u540c\u7684\u5b89\u88c5\u6a21\u5f0f\u4e0b\uff0c\u5ba1\u8ba1\u65e5\u5fd7\u6e90 IP \u7684\u9ed8\u8ba4\u5f00\u542f\u60c5\u51b5\u4e0d\u540c\uff0c\u5e76\u4e14\u5f00\u542f\u7684\u65b9\u5f0f\u4e0d\u540c\u3002 \u4e0b\u9762\u4f1a\u6839\u636e\u5b89\u88c5\u6a21\u5f0f\u5206\u522b\u4ecb\u7ecd\u5ba1\u8ba1\u65e5\u5fd7\u6e90 IP \u7684\u9ed8\u8ba4\u5f00\u542f\u60c5\u51b5\u4ee5\u53ca\u5982\u4f55\u5f00\u542f\u3002
Note
\u5f00\u542f\u5ba1\u8ba1\u65e5\u5fd7\u4f1a\u4fee\u6539 istio-ingressgateway \u7684\u526f\u672c\u6570\uff0c\u5e26\u6765\u4e00\u5b9a\u7684\u6027\u80fd\u635f\u8017\u3002 \u5f00\u542f\u5ba1\u8ba1\u65e5\u5fd7\u9700\u8981\u5173\u95ed kube-proxy \u7684\u8d1f\u8f7d\u5747\u8861\u4ee5\u53ca\u62d3\u6251\u611f\u77e5\u8def\u7531\uff0c\u4f1a\u5bf9\u96c6\u7fa4\u6027\u80fd\u4ea7\u751f\u4e00\u5b9a\u7684\u5f71\u54cd\u3002 \u5f00\u542f\u5ba1\u8ba1\u65e5\u5fd7\u540e\uff0c\u8bbf\u95eeIP\u6240\u5bf9\u5e94\u7684\u8282\u70b9\u4e0a\u5fc5\u987b\u4fdd\u8bc1\u5b58\u5728 istio-ingressgateway \uff0c\u82e5\u56e0\u4e3a\u8282\u70b9\u5065\u5eb7\u6216\u5176\u4ed6\u95ee\u9898\u5bfc\u81f4 istio-ingressgateway \u53d1\u751f\u6f02\u79fb\uff0c\u9700\u8981\u624b\u52a8\u8c03\u5ea6\u56de\u8be5\u8282\u70b9\uff0c\u5426\u5219\u4f1a\u5f71\u54cd\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u7684\u6b63\u5e38\u4f7f\u7528\u3002
"},{"location":"admin/ghippo/audit/source-ip.html#_1","title":"\u5224\u65ad\u5b89\u88c5\u6a21\u5f0f\u7684\u65b9\u6cd5","text":"kubectl get pod -n metallb-system\n
\u5728\u96c6\u7fa4\u4e2d\u6267\u884c\u4e0a\u9762\u7684\u547d\u4ee4\uff0c\u82e5\u8fd4\u56de\u7ed3\u679c\u5982\u4e0b\uff0c\u5219\u8868\u793a\u8be5\u96c6\u7fa4\u4e3a\u975e MetalLB \u5b89\u88c5\u6a21\u5f0f
No resources found in metallbs-system namespace.\n
"},{"location":"admin/ghippo/audit/source-ip.html#nodeport","title":"NodePort \u5b89\u88c5\u6a21\u5f0f","text":"\u8be5\u6a21\u5f0f\u5b89\u88c5\u4e0b\uff0c\u5ba1\u8ba1\u65e5\u5fd7\u6e90 IP \u9ed8\u8ba4\u662f\u5173\u95ed\u7684\uff0c\u5f00\u542f\u6b65\u9aa4\u5982\u4e0b\uff1a
\u8bbe\u7f6e istio-ingressgateway \u7684 HPA \u7684\u6700\u5c0f\u526f\u672c\u6570\u4e3a\u63a7\u5236\u9762\u8282\u70b9\u6570
count=$(kubectl get nodes --selector=node-role.kubernetes.io/control-plane | wc -l)\ncount=$((count-1))\n\nkubectl patch hpa istio-ingressgateway -n istio-system -p '{\"spec\":{\"minReplicas\":'$count'}}'\n
\u4fee\u6539 istio-ingressgateway \u7684 service \u7684 externalTrafficPolicy \u548c internalTrafficPolicy \u503c\u4e3a \"Local\"
kubectl patch svc istio-ingressgateway -n istio-system -p '{\"spec\":{\"externalTrafficPolicy\":\"Local\",\"internalTrafficPolicy\":\"Local\"}}'\n
\u8be5\u6a21\u5f0f\u4e0b\u5b89\u88c5\u5b8c\u6210\u540e\uff0c\u4f1a\u9ed8\u8ba4\u83b7\u53d6\u5ba1\u8ba1\u65e5\u5fd7\u6e90 IP\u3002
"},{"location":"admin/ghippo/audit/gproduct-audit/ghippo.html","title":"\u5168\u5c40\u7ba1\u7406\u5ba1\u8ba1\u9879\u6c47\u603b","text":"\u4e8b\u4ef6\u540d\u79f0 \u8d44\u6e90\u7c7b\u578b \u5907\u6ce8 \u4fee\u6539\u7528\u6237email\uff1aUpdateEmail-Account Account \u4fee\u6539\u7528\u6237\u5bc6\u7801\uff1aUpdatePassword-Account Account \u521b\u5efask\uff1aCreateAccessKeys-Account Account \u4fee\u6539sk\uff1aUpdateAccessKeys-Account Account \u5220\u9664sk\uff1aDeleteAccessKeys-Account Account \u521b\u5efa\u7528\u6237\uff1aCreate-User User \u5220\u9664\u7528\u6237\uff1aDelete-User User \u66f4\u65b0\u7528\u6237\u4fe1\u606f\uff1aUpdate-User User \u66f4\u65b0\u7528\u6237\u89d2\u8272\uff1a UpdateRoles-User User \u8bbe\u7f6e\u7528\u6237\u5bc6\u7801\uff1a UpdatePassword-User User \u521b\u5efa\u7528\u6237\u5bc6\u94a5\uff1a CreateAccessKeys-User User \u66f4\u65b0\u7528\u6237\u5bc6\u94a5\uff1a UpdateAccessKeys-User User \u5220\u9664\u7528\u6237\u5bc6\u94a5\uff1aDeleteAccessKeys-User User \u521b\u5efa\u7528\u6237\u7ec4\uff1aCreate-Group Group \u5220\u9664\u7528\u6237\u7ec4\uff1aDelete-Group Group \u66f4\u65b0\u7528\u6237\u7ec4\uff1aUpdate-Group Group \u6dfb\u52a0\u7528\u6237\u81f3\u7528\u6237\u7ec4\uff1aAddUserTo-Group Group \u4ece\u7528\u6237\u7ec4\u5220\u9664\u7528\u6237\uff1a RemoveUserFrom-Group Group \u66f4\u65b0\u7528\u6237\u7ec4\u89d2\u8272\uff1a UpdateRoles-Group Group \u89d2\u8272\u5173\u8054\u7528\u6237\uff1aUpdateRoles-User User \u521b\u5efaLdap \uff1aCreate-LADP LADP \u66f4\u65b0Ldap\uff1aUpdate-LADP LADP \u5220\u9664Ldap \uff1a Delete-LADP LADP OIDC\u6ca1\u6709\u8d70APIserver\u5ba1\u8ba1\u4e0d\u5230 \u767b\u5f55\uff1aLogin-User User \u767b\u51fa\uff1aLogout-User User \u8bbe\u7f6e\u5bc6\u7801\u7b56\u7565\uff1aUpdatePassword-SecurityPolicy SecurityPolicy \u8bbe\u7f6e\u4f1a\u8bdd\u8d85\u65f6\uff1aUpdateSessionTimeout-SecurityPolicy SecurityPolicy \u8bbe\u7f6e\u8d26\u53f7\u9501\u5b9a\uff1aUpdateAccountLockout-SecurityPolicy SecurityPolicy \u8bbe\u7f6e\u81ea\u52a8\u767b\u51fa\uff1aUpdateLogout-SecurityPolicy SecurityPolicy \u90ae\u4ef6\u670d\u52a1\u5668\u8bbe\u7f6e MailServer-SecurityPolicy SecurityPolicy \u5916\u89c2\u5b9a\u5236 CustomAppearance-SecurityPolicy SecurityPolicy \u6b63\u7248\u6388\u6743 OfficialAuthz-SecurityPolicy SecurityPolicy \u521b\u5efa\u5de5\u4f5c\u7a7a\u95f4\uff1aCreate-Workspace Workspace \u5220\u9664\u5de5\u4f5c\u7a7a\u95f4\uff1aDelete-Workspace Workspace \u7ed1\u5b9a\u8d44\u6e90\uff1aBindResourceTo-Workspace Workspace \u89e3\u7ed1\u8d44\u6e90\uff1aUnBindResource-Workspace Workspace \u7ed1\u5b9a\u5171\u4eab\u8d44\u6e90\uff1aBindShared-Workspace Workspace \u8bbe\u7f6e\u8d44\u6e90\u914d\u989d\uff1aSetQuota-Workspace Workspace \u5de5\u4f5c\u7a7a\u95f4\u6388\u6743\uff1aAuthorize-Workspace Workspace \u5220\u9664\u6388\u6743 DeAuthorize-Workspace Workspace \u7f16\u8f91\u6388\u6743 UpdateDeAuthorize-Workspace Workspace \u66f4\u65b0\u5de5\u4f5c\u7a7a\u95f4 Update-Workspace Workspace \u521b\u5efa\u6587\u4ef6\u5939\uff1aCreate-Folder Folder \u5220\u9664\u6587\u4ef6\u5939\uff1aDelete-Folder Folder \u7f16\u8f91\u6587\u4ef6\u5939\u6388\u6743\uff1aUpdateAuthorize-Folder Folder \u66f4\u65b0\u6587\u4ef6\u5939\uff1aUpdate-Folder Folder \u65b0\u589e\u6587\u4ef6\u5939\u6388\u6743\uff1aAuthorize-Folder Folder \u5220\u9664\u6587\u4ef6\u5939\u6388\u6743\uff1aDeAuthorize-Folder Folder \u8bbe\u7f6e\u5ba1\u8ba1\u65e5\u5fd7\u81ea\u52a8\u6e05\u7406\uff1aAutoCleanup-Audit Audit \u624b\u52a8\u6e05\u7406\u5ba1\u8ba1\u65e5\u5fd7\uff1aManualCleanup-Audit Audit \u5bfc\u51fa\u5ba1\u8ba1\u65e5\u5fd7\uff1aExport-Audit Audit"},{"location":"admin/ghippo/audit/gproduct-audit/insight.html","title":"\u53ef\u89c2\u6d4b\u6027\u5ba1\u8ba1\u9879\u6c47\u603b","text":"\u4e8b\u4ef6\u540d\u79f0 \u8d44\u6e90\u7c7b\u578b \u5907\u6ce8 \u521b\u5efa\u62e8\u6d4b\u4efb\u52a1\uff1aCreate-ProbeJob ProbeJob \u7f16\u8f91\u62e8\u6d4b\u4efb\u52a1\uff1aUpdate-ProbeJob ProbeJob \u5220\u9664\u62e8\u6d4b\u4efb\u52a1\uff1aDelete-ProbeJob ProbeJob \u521b\u5efa\u544a\u8b66\u7b56\u7565\uff1aCreate-AlertPolicy AlertPolicy \u7f16\u8f91\u544a\u8b66\u7b56\u7565\uff1aUpdate-AlertPolicy AlertPolicy \u5220\u9664\u544a\u8b66\u7b56\u7565\uff1aDelete-AlertPolicy AlertPolicy \u5bfc\u5165\u544a\u8b66\u7b56\u7565\uff1aImport-AlertPolicy AlertPolicy \u5728\u544a\u8b66\u7b56\u7565\u4e2d\u6dfb\u52a0\u89c4\u5219\uff1aCreate-AlertRule AlertRule \u5728\u544a\u8b66\u7b56\u7565\u4e2d\u7f16\u8f91\u89c4\u5219\uff1aUpdate-AlertRule AlertRule \u5728\u544a\u8b66\u7b56\u7565\u4e2d\u5220\u9664\u89c4\u5219\uff1aDelete-AlertRule AlertRule \u521b\u5efa\u544a\u8b66\u6a21\u677f\uff1aCreate-RuleTemplate RuleTemplate \u7f16\u8f91\u544a\u8b66\u6a21\u677f\uff1aUpdate-RuleTemplate RuleTemplate \u5220\u9664\u544a\u8b66\u6a21\u677f\uff1aDelete-RuleTemplate RuleTemplate \u521b\u5efa\u90ae\u7bb1\u7ec4\uff1aCreate-email email \u7f16\u8f91\u90ae\u7bb1\u7ec4\uff1aUpdate-email email \u5220\u9664\u90ae\u7bb1\u7ec4\uff1aDelete-Receiver Receiver \u521b\u5efa\u9489\u9489\u673a\u5668\u4eba\uff1aCreate-dingtalk dingtalk \u7f16\u8f91\u9489\u9489\u673a\u5668\u4eba\uff1aUpdate-dingtalk dingtalk \u5220\u9664\u9489\u9489\u673a\u5668\u4eba\uff1aDelete-Receiver Receiver \u521b\u5efa\u4f01\u5fae\u673a\u5668\u4eba\uff1aCreate-wecom wecom \u7f16\u8f91\u4f01\u5fae\u673a\u5668\u4eba\uff1aUpdate-wecom wecom \u5220\u9664\u4f01\u5fae\u673a\u5668\u4eba\uff1aDelete-Receiver Receiver \u521b\u5efa Webhook\uff1aCreate-webhook webhook \u7f16\u8f91 Webhook\uff1aUpdate-webhook webhook \u5220\u9664 Webhook\uff1aDelete-Receiver Receiver \u521b\u5efa SMS\uff1aCreate-sms sms \u7f16\u8f91 SMS\uff1aUpdate-sms sms \u5220\u9664 SMS\uff1aDelete-Receiver Receiver \u521b\u5efa SMS \u670d\u52a1\u5668\uff1aCreate-aliyun(\u6216\u8005\uff1atencent\uff0ccustom) aliyun, tencent, custom \u7f16\u8f91 SMS \u670d\u52a1\u5668\uff1aUpdate-aliyun(\u6216\u8005\uff1atencent\uff0ccustom) aliyun, tencent, custom \u5220\u9664 SMS \u670d\u52a1\u5668\uff1aDelete-SMSserver SMSserver \u521b\u5efa\u6d88\u606f\u6a21\u677f\uff1aCreate-MessageTemplate MessageTemplate \u7f16\u8f91\u6d88\u606f\u6a21\u677f\uff1aUpdate-MessageTemplate MessageTemplate \u5220\u9664\u6d88\u606f\u6a21\u677f\uff1aDelete-MessageTemplate MessageTemplate \u521b\u5efa\u544a\u8b66\u9759\u9ed8\uff1aCreate-AlertSilence AlertSilence \u7f16\u8f91\u544a\u8b66\u9759\u9ed8\uff1aUpdate-AlertSilence AlertSilence \u5220\u9664\u544a\u8b66\u9759\u9ed8\uff1aDelete-AlertSilence AlertSilence \u521b\u5efa\u544a\u8b66\u6291\u5236\u89c4\u5219\uff1aCreate-AlertInhibition AlertInhibition \u7f16\u8f91\u544a\u8b66\u6291\u5236\u89c4\u5219\uff1aUpdate-AlertInhibition AlertInhibition \u5220\u9664\u544a\u8b66\u6291\u5236\u89c4\u5219\uff1aDelete-AlertInhibition AlertInhibition \u66f4\u65b0\u7cfb\u7edf\u914d\u7f6e\uff1aUpdate-SystemSettings SystemSettings"},{"location":"admin/ghippo/audit/gproduct-audit/kpanda.html","title":"\u5bb9\u5668\u7ba1\u7406\u5ba1\u8ba1\u9879\u6c47\u603b","text":"\u4e8b\u4ef6\u540d\u79f0 \u8d44\u6e90\u7c7b\u578b \u521b\u5efa\u96c6\u7fa4\uff1aCreate-Cluster Cluster \u5378\u8f7d\u96c6\u7fa4\uff1aDelete-Cluster Cluster \u63a5\u5165\u96c6\u7fa4\uff1aIntegrate-Cluster Cluster \u89e3\u9664\u63a5\u5165\u7684\u96c6\u7fa4\uff1aRemove-Cluster Cluster \u96c6\u7fa4\u5347\u7ea7\uff1aUpgrade-Cluster Cluster \u96c6\u7fa4\u63a5\u5165\u8282\u70b9\uff1aIntegrate-Node Node \u96c6\u7fa4\u8282\u70b9\u79fb\u9664\uff1aRemove-Node Node \u96c6\u7fa4\u8282\u70b9 GPU \u6a21\u5f0f\u5207\u6362\uff1aUpdate-NodeGPUMode NodeGPUMode helm\u4ed3\u5e93\u521b\u5efa\uff1aCreate-HelmRepo HelmRepo helm\u5e94\u7528\u90e8\u7f72\uff1aCreate-HelmApp HelmApp helm\u5e94\u7528\u5220\u9664\uff1aDelete-HelmApp HelmApp \u521b\u5efa\u65e0\u72b6\u6001\u8d1f\u8f7d\uff1aCreate-Deployment Deployment \u5220\u9664\u65e0\u72b6\u6001\u8d1f\u8f7d\uff1aDelete-Deployment Deployment \u521b\u5efa\u5b88\u62a4\u8fdb\u7a0b\uff1aCreate-DaemonSet DaemonSet \u5220\u9664\u5b88\u62a4\u8fdb\u7a0b\uff1aDelete-DaemonSet DaemonSet \u521b\u5efa\u6709\u72b6\u6001\u8d1f\u8f7d\uff1aCreate-StatefulSet StatefulSet \u5220\u9664\u6709\u72b6\u6001\u8d1f\u8f7d\uff1aDelete-StatefulSet StatefulSet \u521b\u5efa\u4efb\u52a1\uff1aCreate-Job Job \u5220\u9664\u4efb\u52a1\uff1aDelete-Job Job \u521b\u5efa\u5b9a\u65f6\u4efb\u52a1\uff1aCreate-CronJob CronJob \u5220\u9664\u5b9a\u65f6\u4efb\u52a1\uff1aDelete-CronJob CronJob \u5220\u9664\u5bb9\u5668\u7ec4\uff1aDelete-Pod Pod \u521b\u5efa\u670d\u52a1\uff1aCreate-Service Service \u5220\u9664\u670d\u52a1\uff1aDelete-Service Service \u521b\u5efa\u8def\u7531\uff1aCreate-Ingress Ingress \u5220\u9664\u8def\u7531\uff1aDelete-Ingress Ingress \u521b\u5efa\u5b58\u50a8\u6c60\uff1aCreate-StorageClass StorageClass \u5220\u9664\u5b58\u50a8\u6c60\uff1aDelete-StorageClass StorageClass \u521b\u5efa\u6570\u636e\u5377\uff1aCreate-PersistentVolume PersistentVolume \u5220\u9664\u6570\u636e\u5377\uff1aDelete-PersistentVolume PersistentVolume \u521b\u5efa\u6570\u636e\u5377\u58f0\u660e\uff1aCreate-PersistentVolumeClaim PersistentVolumeClaim \u5220\u9664\u6570\u636e\u5377\u58f0\u660e\uff1aDelete-PersistentVolumeClaim PersistentVolumeClaim \u5220\u9664\u526f\u672c\u96c6\uff1aDelete-ReplicaSet ReplicaSet ns\u7ed1\u5b9a\u5de5\u4f5c\u7a7a\u95f4\uff1aBindResourceTo-Workspace Workspace ns\u89e3\u7ed1\u5de5\u4f5c\u7a7a\u95f4 \uff1aUnBindResource-Workspace Workspace \u96c6\u7fa4\u7ed1\u5b9a\u5de5\u4f5c\u7a7a\u95f4\uff1aBindResourceTo-Workspace Workspace \u96c6\u7fa4\u89e3\u7ed1\u5de5\u4f5c\u7a7a\u95f4\uff1aUnBindResource-Workspace Workspace \u6253\u5f00\u63a7\u5236\u53f0\uff1aCreate-CloudShell CloudShell \u5173\u95ed\u63a7\u5236\u53f0\uff1aDelete-CloudShell CloudShell"},{"location":"admin/ghippo/audit/gproduct-audit/virtnest.html","title":"\u4e91\u4e3b\u673a\u5ba1\u8ba1\u9879\u6c47\u603b","text":"\u4e8b\u4ef6\u540d\u79f0 \u8d44\u6e90\u7c7b\u578b \u5907\u6ce8 \u91cd\u542f\u4e91\u4e3b\u673a\uff1aRestart-VMs VM \u4e91\u4e3b\u673a\u8f6c\u6362\u4e3a\u6a21\u677f\uff1aConvertToTemplate-VMs VM \u7f16\u8f91\u4e91\u4e3b\u673a\uff1aEdit-VMs VM \u66f4\u65b0\u4e91\u4e3b\u673a\uff1aUpdate-VMs VM \u5feb\u7167\u6062\u590d\uff1aRestore-VMs VM \u5f00\u673a\u4e91\u4e3b\u673a\uff1aPower on-VMs VM \u5b9e\u65f6\u8fc1\u79fb\uff1aLiveMigrate-VMs VM \u5220\u9664\u4e91\u4e3b\u673a\uff1aDelete-VMs VM \u5220\u9664\u4e91\u4e3b\u673a\u6a21\u677f\uff1aDelete-VM Template VM Template \u521b\u5efa\u4e91\u4e3b\u673a\uff1aCreate-VMs VM \u521b\u5efa\u5feb\u7167\uff1aCreateSnapshot-VMs VM \u5173\u673a\u4e91\u4e3b\u673a\uff1aPower off-VMs VM \u514b\u9686\u4e91\u4e3b\u673a\uff1aClone-VMs VM"},{"location":"admin/ghippo/best-practice/authz-plan.html","title":"\u666e\u901a\u7528\u6237\u6388\u6743\u89c4\u5212","text":"\u666e\u901a\u7528\u6237\u662f\u6307\u80fd\u591f\u4f7f\u7528 AI \u7b97\u529b\u4e2d\u5fc3\u5927\u90e8\u5206\u4ea7\u54c1\u6a21\u5757\u53ca\u529f\u80fd\uff08\u7ba1\u7406\u529f\u80fd\u9664\u5916\uff09\uff0c\u5bf9\u6743\u9650\u8303\u56f4\u5185\u7684\u8d44\u6e90\u6709\u4e00\u5b9a\u7684\u64cd\u4f5c\u6743\u9650\uff0c\u80fd\u591f\u72ec\u7acb\u4f7f\u7528\u8d44\u6e90\u90e8\u7f72\u5e94\u7528\u3002
\u5bf9\u8fd9\u7c7b\u7528\u6237\u7684\u6388\u6743\u53ca\u8d44\u6e90\u89c4\u5212\u6d41\u7a0b\u5982\u4e0b\u56fe\u6240\u793a\u3002
graph TB\n\n start([\u5f00\u59cb]) --> user[1. \u521b\u5efa\u7528\u6237]\n user --> ns[2. \u51c6\u5907 Kubernetes \u547d\u540d\u7a7a\u95f4]\n ns --> ws[3. \u51c6\u5907\u5de5\u4f5c\u7a7a\u95f4]\n ws --> ws-to-ns[4. \u5de5\u4f5c\u7a7a\u95f4\u7ed1\u5b9a\u547d\u540d\u7a7a\u95f4]\n ws-to-ns --> authu[5. \u7ed9\u7528\u6237\u6388\u6743 Workspace Editor]\n authu --> complete([\u7ed3\u675f])\n\n classDef plain fill:#ddd,stroke:#fff,stroke-width:4px,color:#000;\n classDef k8s fill:#326ce5,stroke:#fff,stroke-width:4px,color:#fff;\n classDef cluster fill:#fff,stroke:#bbb,stroke-width:1px,color:#326ce5;\n class user,ns,ws,ws-to-ns,authu cluster;\n class start,complete plain;
"},{"location":"admin/ghippo/best-practice/cluster-for-multiws.html","title":"\u5c06\u96c6\u7fa4\u5206\u914d\u7ed9\u591a\u4e2a\u5de5\u4f5c\u7a7a\u95f4\uff08\u79df\u6237\uff09","text":"\u96c6\u7fa4\u8d44\u6e90\u901a\u5e38\u7531\u8fd0\u7ef4\u4eba\u5458\u8fdb\u884c\u7ba1\u7406\u3002\u5728\u5206\u914d\u8d44\u6e90\u5206\u914d\u65f6\uff0c\u4ed6\u4eec\u9700\u8981\u521b\u5efa\u547d\u540d\u7a7a\u95f4\u6765\u9694\u79bb\u8d44\u6e90\uff0c\u5e76\u8bbe\u7f6e\u8d44\u6e90\u914d\u989d\u3002 \u8fd9\u79cd\u65b9\u5f0f\u6709\u4e2a\u5f0a\u7aef\uff0c\u5982\u679c\u4f01\u4e1a\u7684\u4e1a\u52a1\u91cf\u5f88\u5927\uff0c\u624b\u52a8\u5206\u914d\u8d44\u6e90\u9700\u8981\u8f83\u5927\u7684\u5de5\u4f5c\u91cf\uff0c\u800c\u60f3\u8981\u7075\u6d3b\u8c03\u914d\u8d44\u6e90\u989d\u5ea6\u4e5f\u6709\u4e0d\u5c0f\u96be\u5ea6\u3002
AI \u7b97\u529b\u4e2d\u5fc3\u4e3a\u6b64\u5f15\u5165\u4e86\u5de5\u4f5c\u7a7a\u95f4\u7684\u6982\u5ff5\u3002\u5de5\u4f5c\u7a7a\u95f4\u901a\u8fc7\u5171\u4eab\u8d44\u6e90\u53ef\u4ee5\u63d0\u4f9b\u66f4\u9ad8\u7ef4\u5ea6\u7684\u8d44\u6e90\u9650\u989d\u80fd\u529b\uff0c\u5b9e\u73b0\u5de5\u4f5c\u7a7a\u95f4\uff08\u79df\u6237\uff09\u5728\u8d44\u6e90\u9650\u989d\u4e0b\u81ea\u52a9\u5f0f\u521b\u5efa Kubernetes \u547d\u540d\u7a7a\u95f4\u7684\u80fd\u529b\u3002
\u4e3e\u4f8b\u800c\u8a00\uff0c\u5982\u679c\u60f3\u8981\u8ba9\u51e0\u4e2a\u90e8\u95e8\u5171\u4eab\u4e0d\u540c\u7684\u96c6\u7fa4\u3002
Cluster01\uff08\u666e\u901a\uff09 Cluster02\uff08\u9ad8\u53ef\u7528\uff09 \u90e8\u95e8\uff08\u5de5\u4f5c\u7a7a\u95f4\uff09A 50 quota 10 quota \u90e8\u95e8\uff08\u5de5\u4f5c\u7a7a\u95f4\uff09B 100 quota 20 quota\u53ef\u4ee5\u53c2\u7167\u4ee5\u4e0b\u6d41\u7a0b\u5c06\u96c6\u7fa4\u5206\u4eab\u7ed9\u591a\u4e2a\u90e8\u95e8/\u5de5\u4f5c\u7a7a\u95f4/\u79df\u6237\uff1a
graph TB\n\npreparews[\u51c6\u5907\u5de5\u4f5c\u7a7a\u95f4] --> preparecs[\u51c6\u5907\u96c6\u7fa4]\n--> share[\u5c06\u96c6\u7fa4\u5171\u4eab\u5230\u5de5\u4f5c\u7a7a\u95f4]\n--> judge([\u5224\u65ad\u5de5\u4f5c\u7a7a\u95f4\u5269\u4f59\u989d\u5ea6])\njudge -.\u5927\u4e8e\u5269\u4f59\u989d\u5ea6.->modifyns[\u4fee\u6539\u547d\u540d\u7a7a\u95f4\u989d\u5ea6]\njudge -.\u5c0f\u4e8e\u5269\u4f59\u989d\u5ea6.->createns[\u521b\u5efa\u547d\u540d\u7a7a\u95f4]\n\nclassDef plain fill:#ddd,stroke:#fff,stroke-width:1px,color:#000;\nclassDef k8s fill:#326ce5,stroke:#fff,stroke-width:1px,color:#fff;\nclassDef cluster fill:#fff,stroke:#bbb,stroke-width:1px,color:#326ce5;\n\nclass preparews,preparecs,share, cluster;\nclass judge plain\nclass modifyns,createns k8s
"},{"location":"admin/ghippo/best-practice/cluster-for-multiws.html#_2","title":"\u51c6\u5907\u4e00\u4e2a\u5de5\u4f5c\u7a7a\u95f4","text":"\u5de5\u4f5c\u7a7a\u95f4\u662f\u4e3a\u4e86\u6ee1\u8db3\u591a\u79df\u6237\u7684\u4f7f\u7528\u573a\u666f\uff0c\u57fa\u4e8e\u96c6\u7fa4\u3001\u96c6\u7fa4\u547d\u540d\u7a7a\u95f4\u3001\u7f51\u683c\u3001\u7f51\u683c\u547d\u540d\u7a7a\u95f4\u3001\u591a\u4e91\u3001\u591a\u4e91\u547d\u540d\u7a7a\u95f4\u7b49\u591a\u79cd\u8d44\u6e90\u5f62\u6210\u76f8\u4e92\u9694\u79bb\u7684\u8d44\u6e90\u73af\u5883\uff0c \u5de5\u4f5c\u7a7a\u95f4\u53ef\u4ee5\u6620\u5c04\u4e3a\u9879\u76ee\u3001\u79df\u6237\u3001\u4f01\u4e1a\u3001\u4f9b\u5e94\u5546\u7b49\u591a\u79cd\u6982\u5ff5\u3002
\u4f7f\u7528 admin/folder admin \u89d2\u8272\u7684\u7528\u6237\u767b\u5f55 AI \u7b97\u529b\u4e2d\u5fc3\uff0c\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u5e95\u90e8\u7684 \u5168\u5c40\u7ba1\u7406 -> \u5de5\u4f5c\u7a7a\u95f4\u4e0e\u5c42\u7ea7 \u3002
\u70b9\u51fb\u53f3\u4e0a\u89d2\u7684 \u521b\u5efa\u5de5\u4f5c\u7a7a\u95f4 \u6309\u94ae\u3002
\u586b\u5199\u5de5\u4f5c\u7a7a\u95f4\u540d\u79f0\u3001\u6240\u5c5e\u6587\u4ef6\u5939\u7b49\u4fe1\u606f\u540e\uff0c\u70b9\u51fb \u786e\u5b9a \uff0c\u5b8c\u6210\u521b\u5efa\u5de5\u4f5c\u7a7a\u95f4\u3002
\u5de5\u4f5c\u7a7a\u95f4\u662f\u4e3a\u4e86\u6ee1\u8db3\u591a\u79df\u6237\u7684\u4f7f\u7528\u573a\u666f\uff0c\u57fa\u4e8e\u96c6\u7fa4\u3001\u96c6\u7fa4\u547d\u540d\u7a7a\u95f4\u3001\u7f51\u683c\u3001\u7f51\u683c\u547d\u540d\u7a7a\u95f4\u3001\u591a\u4e91\u3001\u591a\u4e91\u547d\u540d\u7a7a\u95f4\u7b49\u591a\u79cd\u8d44\u6e90\u5f62\u6210\u76f8\u4e92\u9694\u79bb\u7684\u8d44\u6e90\u73af\u5883\uff0c\u5de5\u4f5c\u7a7a\u95f4\u53ef\u4ee5\u6620\u5c04\u4e3a\u9879\u76ee\u3001\u79df\u6237\u3001\u4f01\u4e1a\u3001\u4f9b\u5e94\u5546\u7b49\u591a\u79cd\u6982\u5ff5\u3002
\u53c2\u7167\u4ee5\u4e0b\u6b65\u9aa4\u51c6\u5907\u4e00\u4e2a\u96c6\u7fa4\u3002
\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u5e95\u90e8\u7684 \u5bb9\u5668\u7ba1\u7406 \uff0c\u9009\u62e9 \u96c6\u7fa4\u5217\u8868 \u3002
\u70b9\u51fb \u521b\u5efa\u96c6\u7fa4 \u521b\u5efa\u4e00\u4e2a\u96c6\u7fa4\uff0c\u6216\u70b9\u51fb \u63a5\u5165\u96c6\u7fa4 \u63a5\u5165\u4e00\u4e2a\u96c6\u7fa4\u3002
\u8fd4\u56de \u5168\u5c40\u7ba1\u7406 \uff0c\u4e3a\u5de5\u4f5c\u7a7a\u95f4\u6dfb\u52a0\u96c6\u7fa4\u3002
\u4f9d\u6b21\u70b9\u51fb \u5168\u5c40\u7ba1\u7406 -> \u5de5\u4f5c\u7a7a\u95f4\u4e0e\u5c42\u7ea7 -> \u5171\u4eab\u8d44\u6e90 \uff0c\u70b9\u51fb\u67d0\u4e2a\u5de5\u4f5c\u7a7a\u95f4\u540d\u79f0\u540e\uff0c\u70b9\u51fb \u65b0\u589e\u5171\u4eab\u8d44\u6e90 \u6309\u94ae\u3002
\u9009\u62e9\u96c6\u7fa4\uff0c\u586b\u5199\u8d44\u6e90\u9650\u989d\u540e\uff0c\u70b9\u51fb \u786e\u5b9a \u3002
\u6587\u4ef6\u5939\u4ee3\u8868\u4e00\u4e2a\u7ec4\u7ec7\u673a\u6784\uff08\u4f8b\u5982\u4e00\u4e2a\u90e8\u95e8\uff09\uff0c\u662f\u8d44\u6e90\u5c42\u6b21\u7ed3\u6784\u4e2d\u7684\u4e00\u4e2a\u8282\u70b9\u3002
\u4e00\u4e2a\u6587\u4ef6\u5939\u53ef\u4ee5\u5305\u542b\u5de5\u4f5c\u7a7a\u95f4\u3001\u5b50\u6587\u4ef6\u5939\u6216\u4e24\u8005\u7684\u7ec4\u5408\u3002 \u5b83\u63d0\u4f9b\u4e86\u8eab\u4efd\u7ba1\u7406\u3001\u591a\u5c42\u7ea7\u548c\u6743\u9650\u6620\u5c04\u80fd\u529b\uff0c\u80fd\u591f\u5c06\u7528\u6237/\u7528\u6237\u7ec4\u5728\u6587\u4ef6\u5939\u4e2d\u7684\u89d2\u8272\u6620\u5c04\u5230\u5176\u4e0b\u7684\u5b50\u6587\u4ef6\u5939\u3001\u5de5\u4f5c\u7a7a\u95f4\u548c\u8d44\u6e90\u4e0a\u3002 \u56e0\u6b64\u501f\u52a9\u4e8e\u6587\u4ef6\u5939\uff0c\u4f01\u4e1a\u7ba1\u7406\u8005\u80fd\u591f\u96c6\u4e2d\u7ba1\u63a7\u6240\u6709\u8d44\u6e90\u3002
\u6784\u5efa\u4f01\u4e1a\u5c42\u7ea7\u5173\u7cfb
\u9996\u5148\u8981\u6309\u7167\u73b0\u6709\u7684\u4f01\u4e1a\u5c42\u7ea7\u7ed3\u6784\uff0c\u6784\u5efa\u4e0e\u4f01\u4e1a\u76f8\u540c\u7684\u6587\u4ef6\u5939\u5c42\u7ea7\u3002 AI \u7b97\u529b\u4e2d\u5fc3\u652f\u6301 5 \u7ea7\u6587\u4ef6\u5939\uff0c\u53ef\u4ee5\u6839\u636e\u4f01\u4e1a\u5b9e\u9645\u60c5\u51b5\u81ea\u7531\u7ec4\u5408\uff0c\u5c06\u6587\u4ef6\u5939\u548c\u5de5\u4f5c\u7a7a\u95f4\u6620\u5c04\u4e3a\u4f01\u4e1a\u4e2d\u7684\u90e8\u95e8\u3001\u9879\u76ee\u3001\u4f9b\u5e94\u5546\u7b49\u5b9e\u4f53\u3002
\u6587\u4ef6\u5939\u4e0d\u76f4\u63a5\u4e0e\u8d44\u6e90\u6302\u94a9\uff0c\u800c\u662f\u901a\u8fc7\u5de5\u4f5c\u7a7a\u95f4\u95f4\u63a5\u5b9e\u73b0\u8d44\u6e90\u5206\u7ec4\u3002
\u7528\u6237\u8eab\u4efd\u7ba1\u7406
\u6587\u4ef6\u5939\u63d0\u4f9b\u4e86 Folder Admin\u3001Folder Editor\u3001Folder Viewer \u4e09\u79cd\u89d2\u8272\u3002 \u67e5\u770b\u89d2\u8272\u6743\u9650\uff0c\u53ef\u901a\u8fc7\u6388\u6743\u7ed9\u540c\u4e00\u6587\u4ef6\u5939\u4e2d\u7684\u7528\u6237/\u7528\u6237\u7ec4\u6388\u4e88\u4e0d\u540c\u7684\u89d2\u8272\u3002
\u89d2\u8272\u6743\u9650\u6620\u5c04
\u4f01\u4e1a\u7ba1\u7406\u8005\uff1a\u5728\u6839\u6587\u4ef6\u5939\u6388\u4e88 Folder Admin \u89d2\u8272\u3002\u4ed6\u5c06\u62e5\u6709\u6240\u6709\u90e8\u95e8\u3001\u9879\u76ee\u53ca\u5176\u8d44\u6e90\u7684\u7ba1\u7406\u6743\u9650\u3002
\u90e8\u95e8\u7ba1\u7406\u8005\uff1a\u5728\u5404\u4e2a\u5b50\u6587\u4ef6\u5939\u3001\u5de5\u4f5c\u7a7a\u95f4\u5355\u72ec\u6388\u4e88\u7ba1\u7406\u6743\u9650\u3002
\u9879\u76ee\u6210\u5458\uff1a\u5728\u5de5\u4f5c\u7a7a\u95f4\u3001\u8d44\u6e90\u5c42\u7ea7\u5355\u72ec\u6388\u4e88\u7ba1\u7406\u6743\u9650\u3002
\u4f34\u968f\u4e1a\u52a1\u7684\u6301\u7eed\u6269\u5f20\uff0c\u516c\u53f8\u89c4\u6a21\u4e0d\u65ad\u58ee\u5927\uff0c\u5b50\u516c\u53f8\u3001\u5206\u516c\u53f8\u7eb7\u7eb7\u8bbe\u7acb\uff0c\u6709\u7684\u5b50\u516c\u53f8\u8fd8\u8fdb\u4e00\u6b65\u8bbe\u7acb\u5b59\u516c\u53f8\uff0c \u539f\u5148\u7684\u5927\u90e8\u95e8\u4e5f\u9010\u6e10\u7ec6\u5206\u6210\u591a\u4e2a\u5c0f\u90e8\u95e8\uff0c\u4ece\u800c\u4f7f\u5f97\u7ec4\u7ec7\u7ed3\u6784\u7684\u5c42\u7ea7\u65e5\u76ca\u589e\u591a\u3002\u8fd9\u79cd\u7ec4\u7ec7\u7ed3\u6784\u7684\u53d8\u5316\uff0c\u4e5f\u5bf9 IT \u6cbb\u7406\u67b6\u6784\u4ea7\u751f\u4e86\u5f71\u54cd\u3002
\u5177\u4f53\u64cd\u4f5c\u6b65\u9aa4\u5982\u4e0b\uff1a
\u5f00\u542f Folder/WS \u4e4b\u95f4\u7684\u9694\u79bb\u6a21\u5f0f
\u8bf7\u53c2\u8003\u5f00\u542f Folder/WS \u4e4b\u95f4\u7684\u9694\u79bb\u6a21\u5f0f\u3002
\u6309\u7167\u5b9e\u9645\u60c5\u51b5\u89c4\u5212\u4f01\u4e1a\u67b6\u6784
\u5728\u591a\u5c42\u7ea7\u7ec4\u7ec7\u67b6\u6784\u4e0b\uff0c\u5efa\u8bae\u5c06\u4e8c\u7ea7\u6587\u4ef6\u5939\u4f5c\u4e3a\u9694\u79bb\u5355\u5143\uff0c\u8fdb\u884c\u201c\u5b50\u516c\u53f8\u201d\u4e4b\u95f4\u7684\u7528\u6237/\u7528\u6237\u7ec4/\u8d44\u6e90\u4e4b\u95f4\u7684\u9694\u79bb\u3002 \u9694\u79bb\u540e\u201c\u5b50\u516c\u53f8\u201d\u4e4b\u95f4\u7684\u7528\u6237/\u7528\u6237\u7ec4/\u8d44\u6e90\u4e92\u4e0d\u53ef\u89c1\u3002
\u521b\u5efa\u7528\u6237/\u6253\u901a\u7528\u6237\u4f53\u7cfb
\u7531\u4e3b\u5e73\u53f0\u7ba1\u7406\u5458 Admin \u5728\u5e73\u53f0\u7edf\u4e00\u521b\u5efa\u7528\u6237\u6216\u901a\u8fc7 LDAP/OIDC/OAuth2.0 \u7b49\u8eab\u4efd\u63d0\u4f9b\u5546\u80fd\u529b\u5c06\u7528\u6237\u7edf\u4e00\u5bf9\u63a5\u5230 AI \u7b97\u529b\u4e2d\u5fc3\u3002
\u521b\u5efa\u6587\u4ef6\u5939\u89d2\u8272
\u5728 Folder/WS \u7684\u9694\u79bb\u6a21\u5f0f\u4e0b\uff0c\u9700\u8981\u5e73\u53f0\u7ba1\u7406\u5458 Admin \u901a\u8fc7 \u6388\u6743 \u9996\u5148\u5c06\u7528\u6237\u9080\u8bf7\u5230\u5404\u4e2a\u5b50\u516c\u53f8\uff0c\u201c\u5b50\u516c\u53f8\u7ba1\u7406\u5458\uff08Folder Admin\uff09\u201d\u624d\u80fd\u591f\u5bf9\u8fd9\u4e9b\u7528\u6237\u8fdb\u884c\u7ba1\u7406\uff0c \u5982\u4e8c\u6b21\u6388\u6743\u6216\u8005\u7f16\u8f91\u6743\u9650\u3002\u5efa\u8bae\u7b80\u5316\u5e73\u53f0\u7ba1\u7406\u5458 Admin \u7684\u7ba1\u7406\u5de5\u4f5c\uff0c\u521b\u5efa\u4e00\u4e2a\u65e0\u5b9e\u9645\u6743\u9650\u7684\u89d2\u8272\u6765\u8f85\u52a9\u5e73\u53f0\u7ba1\u7406\u5458 Admin \u5b9e\u73b0\u901a\u8fc7\u201c\u6388\u6743\u201d\u5c06\u7528\u6237\u9080\u8bf7\u5230\u5b50\u516c\u53f8\u7684\u64cd\u4f5c\u3002 \u800c\u5b50\u516c\u53f8\u7528\u6237\u7684\u5b9e\u9645\u6743\u9650\u4e0b\u653e\u5230\u5404\u4e2a\u5b50\u516c\u53f8\u7ba1\u7406\u5458\uff08Folder Admin\uff09\u81ea\u884c\u7ba1\u7406\u3002
Note
\u8d44\u6e90\u7ed1\u5b9a\u6743\u9650\u70b9\u5355\u72ec\u4f7f\u7528\u4e0d\u751f\u6548\uff0c\u56e0\u6b64\u7b26\u5408\u4e0a\u8ff0\u901a\u8fc7\u201c\u6388\u6743\u201d\u5c06\u7528\u6237\u9080\u8bf7\u5230\u5b50\u516c\u53f8\u7684\u64cd\u4f5c\uff0c\u518d\u7531\u5b50\u516c\u53f8\u7ba1\u7406\u5458 Folder Admin \u81ea\u884c\u7ba1\u7406\u7684\u8981\u6c42\u3002
\u4ee5\u4e0b\u6f14\u793a\u5982\u4f55\u521b\u5efa\u8d44\u6e90\u7ed1\u5b9a \u65e0\u5b9e\u9645\u6743\u9650\u7684\u89d2\u8272 \uff0c\u5373 minirole\u3002
\u7ed9\u7528\u6237\u6388\u6743
\u5e73\u53f0\u7ba1\u7406\u5458\u901a\u8fc7\u201c\u6388\u6743\u201d\u5c06\u7528\u6237\u6309\u7167\u5b9e\u9645\u60c5\u51b5\u9080\u8bf7\u5230\u5404\u4e2a\u5b50\u516c\u53f8\uff0c\u5e76\u4efb\u547d\u5b50\u516c\u53f8\u7ba1\u7406\u5458\u3002
\u5c06\u5b50\u516c\u53f8\u666e\u901a\u7528\u6237\u6388\u6743\u4e3a \u201cminirole\u201d (1)\uff0c\u5c06\u5b50\u516c\u53f8\u7ba1\u7406\u5458\u6388\u6743\u4e3a Floder Admin\u3002
\u5b50\u516c\u53f8\u7ba1\u7406\u5458\u81ea\u884c\u7ba1\u7406\u7528\u6237/\u7528\u6237\u7ec4
\u5b50\u516c\u53f8\u7ba1\u7406\u5458 Folder Admin \u767b\u5f55\u5e73\u53f0\u540e\u53ea\u80fd\u770b\u5230\u81ea\u5df1\u6240\u5728\u7684\u201c\u5b50\u516c\u53f8 2\u201d\uff0c \u5e76\u80fd\u591f\u901a\u8fc7\u521b\u5efa\u6587\u4ef6\u5939\u3001\u521b\u5efa\u5de5\u4f5c\u7a7a\u95f4\u8c03\u6574\u67b6\u6784\uff0c\u901a\u8fc7\u6dfb\u52a0\u6388\u6743/\u7f16\u8f91\u6743\u9650\u4e3a\u5b50\u516c\u53f8 2 \u4e2d\u7684\u7528\u6237\u8d4b\u4e88\u5176\u4ed6\u6743\u9650\u3002
\u5728\u6dfb\u52a0\u6388\u6743\u65f6\uff0c\u5b50\u516c\u53f8\u7ba1\u7406\u5458 Folder Admin \u53ea\u80fd\u770b\u5230\u88ab\u5e73\u53f0\u7ba1\u7406\u5458\u901a\u8fc7\u201c\u6388\u6743\u201d\u9080\u8bf7\u8fdb\u6765\u7684\u7528\u6237\uff0c\u800c\u4e0d\u80fd\u770b\u5230\u5e73\u53f0\u4e0a\u7684\u6240\u6709\u7528\u6237\uff0c \u4ece\u800c\u5b9e\u73b0 Folder/WS \u4e4b\u95f4\u7684\u7528\u6237\u9694\u79bb\uff0c\u7528\u6237\u7ec4\u540c\u7406\uff08\u5e73\u53f0\u7ba1\u7406\u5458\u89c6\u89d2\u80fd\u591f\u770b\u5230\u5e76\u6388\u6743\u5e73\u53f0\u4e0a\u6240\u6709\u7684\u7528\u6237\u548c\u7528\u6237\u7ec4\uff09\u3002
Note
\u8d85\u5927\u578b\u4f01\u4e1a\u4e0e\u5927/\u4e2d/\u5c0f\u578b\u4f01\u4e1a\u7684\u4e3b\u8981\u533a\u522b\u5728\u4e8e Folder \u548c\u5de5\u4f5c\u7a7a\u95f4\u4e2d\u7528\u6237/\u7528\u6237\u7ec4\u4e4b\u95f4\u662f\u5426\u53ef\u89c1\u3002 \u8d85\u5927\u578b\u4f01\u4e1a\u91cc\u5b50\u516c\u53f8\u4e0e\u5b50\u516c\u53f8\u4e4b\u95f4\u7528\u6237/\u7528\u6237\u7ec4\u4e0d\u53ef\u89c1 + \u6743\u9650\u9694\u79bb\uff1b \u5927/\u4e2d/\u5c0f\u578b\u4f01\u4e1a\u90e8\u95e8\u4e4b\u95f4\u7684\u7528\u6237\u76f8\u4e92\u53ef\u89c1 + \u6743\u9650\u9694\u79bb\u3002
"},{"location":"admin/ghippo/best-practice/system-message.html","title":"\u7cfb\u7edf\u6d88\u606f","text":"\u7cfb\u7edf\u6d88\u606f\u7528\u4e8e\u901a\u77e5\u6240\u6709\u7528\u6237\uff0c\u7c7b\u4f3c\u4e8e\u7cfb\u7edf\u516c\u544a\uff0c\u4f1a\u5728\u7279\u5b9a\u65f6\u95f4\u663e\u793a\u5728 AI \u7b97\u529b\u4e2d\u5fc3UI \u7684\u9876\u90e8\u680f\u3002
"},{"location":"admin/ghippo/best-practice/system-message.html#_2","title":"\u914d\u7f6e\u7cfb\u7edf\u6d88\u606f","text":"\u901a\u8fc7\u5728\u5168\u5c40\u670d\u52a1\u96c6\u7fa4 apply \u7cfb\u7edf\u6d88\u606f\u7684 YAML \u5373\u53ef\u521b\u5efa\u4e00\u6761\u7cfb\u7edf\u6d88\u606f\uff0c\u6d88\u606f\u7684\u663e\u793a\u65f6\u95f4\u7531 YAML \u4e2d\u7684\u65f6\u95f4\u5b57\u6bb5\u51b3\u5b9a\u3002 \u7cfb\u7edf\u6d88\u606f\u4ec5\u5728 start\u3001end \u5b57\u6bb5\u914d\u7f6e\u7684\u65f6\u95f4\u8303\u56f4\u4e4b\u5185\u624d\u4f1a\u663e\u793a\u3002
\u5728\u96c6\u7fa4\u5217\u8868\u4e2d\uff0c\u70b9\u51fb\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u8fdb\u5165\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u3002
\u9009\u62e9\u5de6\u4fa7\u5bfc\u822a\u680f\u7684 \u81ea\u5b9a\u4e49\u8d44\u6e90 \uff0c\u641c\u7d22 ghippoconfig
\uff0c\u70b9\u51fb\u641c\u7d22\u51fa\u6765\u7684 ghippoconfigs.ghippo.io
\u70b9\u51fb YAML \u521b\u5efa \uff0c\u6216\u4fee\u6539\u5df2\u5b58\u5728\u7684 YAML
\u6700\u7ec8\u6548\u679c\u5982\u4e0b
\u4ee5\u4e0b\u662f\u4e00\u4e2a YAML \u793a\u4f8b\uff1a
apiVersion: ghippo.io/v1alpha1\nkind: GhippoConfig\nmetadata:\n name: system-message\nspec:\n message: \"this is a message\"\n start: 2024-01-02T15:04:05+08:00\n end: 2024-07-24T17:26:05+08:00\n
"},{"location":"admin/ghippo/best-practice/ws-best-practice.html","title":"\u5de5\u4f5c\u7a7a\u95f4\u6700\u4f73\u5b9e\u8df5","text":"\u5de5\u4f5c\u7a7a\u95f4\u662f\u4e00\u79cd\u8d44\u6e90\u5206\u7ec4\u5355\u5143\uff0c\u5927\u591a\u6570\u8d44\u6e90\u90fd\u53ef\u4ee5\u5728\u5de5\u4f5c\u7a7a\u95f4\u4e0b\u521b\u5efa\u6216\u624b\u52a8\u7ed1\u5b9a\u5230\u67d0\u4e00\u4e2a\u5de5\u4f5c\u7a7a\u95f4\u4e2d\u3002 \u800c\u5de5\u4f5c\u7a7a\u95f4\u901a\u8fc7\u6388\u6743\u548c\u8d44\u6e90\u7ed1\u5b9a\uff0c\u80fd\u591f\u5b9e\u73b0\u7528\u6237\u4e0e\u89d2\u8272\u7684\u7ed1\u5b9a\u5173\u7cfb\uff0c\u5e76\u4e00\u6b21\u6027\u5e94\u7528\u5230\u5de5\u4f5c\u7a7a\u95f4\u7684\u6240\u6709\u8d44\u6e90\u4e0a\u3002
\u901a\u8fc7\u5de5\u4f5c\u7a7a\u95f4\uff0c\u53ef\u4ee5\u8f7b\u677e\u7ba1\u7406\u56e2\u961f\u4e0e\u8d44\u6e90\uff0c\u89e3\u51b3\u8de8\u6a21\u5757\u3001\u8de8\u96c6\u7fa4\u7684\u8d44\u6e90\u6388\u6743\u95ee\u9898\u3002
"},{"location":"admin/ghippo/best-practice/ws-best-practice.html#_2","title":"\u5de5\u4f5c\u7a7a\u95f4\u7684\u529f\u80fd","text":"\u5de5\u4f5c\u7a7a\u95f4\u5305\u542b\u4e09\u4e2a\u529f\u80fd\uff1a\u6388\u6743\u3001\u8d44\u6e90\u7ec4\u548c\u5171\u4eab\u8d44\u6e90\u3002\u4e3b\u8981\u89e3\u51b3\u8d44\u6e90\u7edf\u4e00\u6388\u6743\u3001\u8d44\u6e90\u5206\u7ec4\u53ca\u8d44\u6e90\u914d\u989d\u95ee\u9898\u3002
\u6388\u6743\uff1a\u4e3a\u7528\u6237/\u7528\u6237\u7ec4\u6388\u4e88\u8be5\u5de5\u4f5c\u7a7a\u95f4\u7684\u4e0d\u540c\u89d2\u8272\uff0c\u5e76\u5c06\u89d2\u8272\u5e94\u7528\u5230\u5de5\u4f5c\u7a7a\u95f4\u7684\u8d44\u6e90\u4e0a\u3002
\u6700\u4f73\u5b9e\u8df5\uff1a\u666e\u901a\u7528\u6237\u60f3\u8981\u4f7f\u7528\u5e94\u7528\u5de5\u4f5c\u53f0\u3001\u5fae\u670d\u52a1\u5f15\u64ce\u3001\u670d\u52a1\u7f51\u683c\u3001\u4e2d\u95f4\u4ef6\u6a21\u5757\u529f\u80fd\uff0c\u6216\u8005\u9700\u8981\u62e5\u6709\u5bb9\u5668\u7ba1\u7406\u3001\u670d\u52a1\u7f51\u683c\u4e2d\u90e8\u5206\u8d44\u6e90\u7684\u4f7f\u7528\u6743\u9650\u65f6\uff0c\u9700\u8981\u7ba1\u7406\u5458\u6388\u4e88\u8be5\u5de5\u4f5c\u7a7a\u95f4\u7684\u4f7f\u7528\u6743\u9650\uff08Workspace Admin\u3001Workspace Edit\u3001Workspace View\uff09\u3002 \u8fd9\u91cc\u7684\u7ba1\u7406\u5458\u53ef\u4ee5\u662f Admin \u89d2\u8272\u3001\u8be5\u5de5\u4f5c\u7a7a\u95f4\u7684 Workspace Admin \u89d2\u8272\u6216\u8be5\u5de5\u4f5c\u7a7a\u95f4\u4e0a\u5c42\u7684 Folder Admin \u89d2\u8272\u3002 \u67e5\u770b Folder \u4e0e Workspace \u7684\u5173\u7cfb\u3002
\u8d44\u6e90\u7ec4\uff1a\u8d44\u6e90\u7ec4\u652f\u6301 Cluster\u3001Cluster-Namespace (\u8de8\u96c6\u7fa4)\u3001Mesh\u3001Mesh-Namespace\u3001Kairship\u3001Kairship-Namespace \u516d\u79cd\u8d44\u6e90\u7c7b\u578b\u3002 \u4e00\u4e2a\u8d44\u6e90\u53ea\u80fd\u7ed1\u5b9a\u4e00\u4e2a\u8d44\u6e90\u7ec4\uff0c\u8d44\u6e90\u88ab\u7ed1\u5b9a\u5230\u8d44\u6e90\u7ec4\u540e\uff0c\u5de5\u4f5c\u7a7a\u95f4\u7684\u6240\u6709\u8005\u5c06\u62e5\u6709\u8be5\u8d44\u6e90\u7684\u6240\u6709\u7ba1\u7406\u6743\u9650\uff0c\u76f8\u5f53\u4e8e\u8be5\u8d44\u6e90\u7684\u6240\u6709\u8005\uff0c\u56e0\u6b64\u4e0d\u53d7\u8d44\u6e90\u914d\u989d\u7684\u9650\u5236\u3002
\u6700\u4f73\u5b9e\u8df5\uff1a\u5de5\u4f5c\u7a7a\u95f4\u901a\u8fc7\u201c\u6388\u6743\u201d\u529f\u80fd\u53ef\u4ee5\u7ed9\u90e8\u95e8\u6210\u5458\u6388\u4e88\u4e0d\u540c\u89d2\u8272\u6743\u9650\uff0c\u800c\u5de5\u4f5c\u7a7a\u95f4\u80fd\u591f\u628a\u4eba\u4e0e\u89d2\u8272\u7684\u6388\u6743\u5173\u7cfb\u4e00\u6b21\u6027\u5e94\u7528\u5230\u5de5\u4f5c\u7a7a\u95f4\u7684\u6240\u6709\u8d44\u6e90\u4e0a\u3002\u56e0\u6b64\u8fd0\u7ef4\u4eba\u5458\u53ea\u9700\u5c06\u8d44\u6e90\u7ed1\u5b9a\u5230\u8d44\u6e90\u7ec4\uff0c\u5c06\u90e8\u95e8\u4e2d\u7684\u4e0d\u540c\u89d2\u8272\u52a0\u5165\u4e0d\u540c\u7684\u8d44\u6e90\u7ec4\uff0c\u5c31\u80fd\u786e\u4fdd\u8d44\u6e90\u7684\u6743\u9650\u88ab\u6b63\u786e\u5206\u914d\u3002
\u89d2\u8272 \u96c6\u7fa4 Cluster \u8de8\u96c6\u7fa4 Cluster-Namespace Workspace Admin Cluster Admin NS Admin Workspace Edit \u2717 NS Editor Workspace View \u2717 NS Viewer\u5171\u4eab\u8d44\u6e90\uff1a\u5171\u4eab\u8d44\u6e90\u529f\u80fd\u4e3b\u8981\u9488\u5bf9\u96c6\u7fa4\u8d44\u6e90\u3002
\u4e00\u4e2a\u96c6\u7fa4\u53ef\u4ee5\u5171\u4eab\u7ed9\u591a\u4e2a\u5de5\u4f5c\u7a7a\u95f4\uff08\u6307\u5de5\u4f5c\u7a7a\u95f4\u4e2d\u7684\u5171\u4eab\u8d44\u6e90\u529f\u80fd\uff09\uff1b\u4e00\u4e2a\u5de5\u4f5c\u7a7a\u95f4\u4e5f\u53ef\u4ee5\u540c\u65f6\u4f7f\u7528\u591a\u4e2a\u96c6\u7fa4\u7684\u8d44\u6e90\u3002 \u4f46\u662f\u96c6\u7fa4\u8d44\u6e90\u88ab\u5171\u4eab\u540e\uff0c\u4e0d\u610f\u5473\u7740\u88ab\u5171\u4eab\u8005\uff08\u5de5\u4f5c\u7a7a\u95f4\uff09\u53ef\u4ee5\u65e0\u9650\u5236\u5730\u4f7f\u7528\uff0c\u56e0\u6b64\u901a\u5e38\u4f1a\u9650\u5236\u88ab\u5171\u4eab\u8005\uff08\u5de5\u4f5c\u7a7a\u95f4\uff09\u80fd\u591f\u4f7f\u7528\u7684\u8d44\u6e90\u9650\u989d\u3002
\u540c\u65f6\uff0c\u4e0e\u8d44\u6e90\u7ec4\u4e0d\u540c\uff0c\u5de5\u4f5c\u7a7a\u95f4\u6210\u5458\u53ea\u662f\u5171\u4eab\u8d44\u6e90\u7684\u4f7f\u7528\u8005\uff0c\u80fd\u591f\u5728\u8d44\u6e90\u9650\u989d\u4e0b\u4f7f\u7528\u96c6\u7fa4\u4e2d\u7684\u8d44\u6e90\u3002\u6bd4\u5982\u524d\u5f80\u5e94\u7528\u5de5\u4f5c\u53f0\u521b\u5efa\u547d\u540d\u7a7a\u95f4\u3001\u90e8\u7f72\u5e94\u7528\u7b49\uff0c\u4f46\u5e76\u4e0d\u5177\u5907\u96c6\u7fa4\u7684\u7ba1\u7406\u6743\u9650\uff0c\u9650\u5236\u540e\u5728\u8be5\u5de5\u4f5c\u7a7a\u95f4\u4e0b\u521b\u5efa/\u7ed1\u5b9a\u7684\u547d\u540d\u7a7a\u95f4\u7684\u8d44\u6e90\u914d\u989d\u603b\u548c\u4e0d\u80fd\u8d85\u8fc7\u96c6\u7fa4\u5728\u8be5\u5de5\u4f5c\u7a7a\u95f4\u8bbe\u7f6e\u7684\u8d44\u6e90\u4f7f\u7528\u4e0a\u9650\u3002
\u6700\u4f73\u5b9e\u8df5\uff1a\u8fd0\u7ef4\u90e8\u95e8\u624b\u4e2d\u6709\u4e00\u4e2a\u9ad8\u53ef\u7528\u96c6\u7fa4 01\uff0c\u60f3\u8981\u5206\u914d\u7ed9\u90e8\u95e8 A\uff08\u5de5\u4f5c\u7a7a\u95f4 A\uff09\u548c\u90e8\u95e8 B\uff08\u5de5\u4f5c\u7a7a\u95f4 B\uff09\u4f7f\u7528\uff0c\u5176\u4e2d\u90e8\u95e8 A \u5206\u914d CPU 50 \u6838\uff0c\u90e8\u95e8 B \u5206\u914d CPU 100 \u6838\u3002 \u90a3\u4e48\u53ef\u4ee5\u501f\u7528\u5171\u4eab\u8d44\u6e90\u7684\u6982\u5ff5\uff0c\u5c06\u96c6\u7fa4 01 \u5206\u522b\u5171\u4eab\u7ed9\u90e8\u95e8 A \u548c\u90e8\u95e8 B\uff0c\u5e76\u9650\u5236\u90e8\u95e8 A \u7684 CPU \u4f7f\u7528\u989d\u5ea6\u4e3a 50\uff0c\u90e8\u95e8 B \u7684 CPU \u4f7f\u7528\u989d\u5ea6\u4e3a 100\u3002 \u90a3\u4e48\u90e8\u95e8 A \u7684\u7ba1\u7406\u5458\uff08\u5de5\u4f5c\u7a7a\u95f4 A Admin\uff09\u80fd\u591f\u5728\u5e94\u7528\u5de5\u4f5c\u53f0\u521b\u5efa\u5e76\u4f7f\u7528\u547d\u540d\u7a7a\u95f4\uff0c\u5176\u4e2d\u547d\u540d\u7a7a\u95f4\u989d\u5ea6\u603b\u548c\u4e0d\u80fd\u8d85\u8fc7 50 \u6838\uff0c\u90e8\u95e8 B \u7684\u7ba1\u7406\u5458\uff08\u5de5\u4f5c\u7a7a\u95f4 B Admin\uff09\u80fd\u591f\u5728\u5e94\u7528\u5de5\u4f5c\u53f0\u521b\u5efa\u5e76\u4f7f\u7528\u547d\u540d\u7a7a\u95f4\uff0c\u5176\u4e2d\u547d\u540d\u7a7a\u95f4\u989d\u5ea6\u603b\u548c\u4e0d\u80fd\u8d85\u8fc7 100 \u6838\u3002 \u90e8\u95e8 A \u7684\u7ba1\u7406\u5458\u548c\u90e8\u95e8 B \u7ba1\u7406\u5458\u521b\u5efa\u7684\u547d\u540d\u7a7a\u95f4\u4f1a\u88ab\u81ea\u52a8\u7ed1\u5b9a\u5728\u8be5\u90e8\u95e8\uff0c\u90e8\u95e8\u4e2d\u7684\u5176\u4ed6\u6210\u5458\u5c06\u5bf9\u5e94\u7684\u62e5\u6709\u547d\u540d\u7a7a\u95f4\u7684 Namesapce Admin\u3001Namesapce Edit\u3001Namesapce View \u89d2\u8272\uff08\u8fd9\u91cc\u90e8\u95e8\u6307\u7684\u662f\u5de5\u4f5c\u7a7a\u95f4\uff0c\u5de5\u4f5c\u7a7a\u95f4\u8fd8\u53ef\u4ee5\u6620\u5c04\u4e3a\u7ec4\u7ec7\u3001\u4f9b\u5e94\u5546\u7b49\u5176\u4ed6\u6982\u5ff5\uff09\u3002\u6574\u4e2a\u8fc7\u7a0b\u5982\u4e0b\u8868\uff1a
\u90e8\u95e8 \u89d2\u8272 \u5171\u4eab\u96c6\u7fa4 Cluster \u8d44\u6e90\u914d\u989d \u90e8\u95e8\u7ba1\u7406\u5458 A Workspace Admin \u96c6\u7fa4 01 CPU 50 \u6838 \u90e8\u95e8\u7ba1\u7406\u5458 B Workspace Admin \u96c6\u7fa4 01 CPU 100 \u6838\u6a21\u5757\u540d\u79f0\uff1a\u5bb9\u5668\u7ba1\u7406
\u7531\u4e8e\u529f\u80fd\u6a21\u5757\u7684\u7279\u6b8a\u6027\uff0c\u5728\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u521b\u5efa\u7684\u8d44\u6e90\u4e0d\u4f1a\u81ea\u52a8\u88ab\u7ed1\u5b9a\u5230\u67d0\u4e2a\u5de5\u4f5c\u7a7a\u95f4\u3002
\u5982\u679c\u60a8\u9700\u8981\u901a\u8fc7\u5de5\u4f5c\u7a7a\u95f4\u5bf9\u4eba\u548c\u8d44\u6e90\u8fdb\u884c\u7edf\u4e00\u6388\u6743\u7ba1\u7406\uff0c\u53ef\u4ee5\u624b\u52a8\u5c06\u9700\u8981\u7684\u8d44\u6e90\u7ed1\u5b9a\u5230\u67d0\u4e2a\u5de5\u4f5c\u7a7a\u95f4\u4e2d\uff0c\u4ece\u800c\u5c06\u7528\u6237\u5728\u8be5\u5de5\u4f5c\u7a7a\u95f4\u7684\u89d2\u8272\u5e94\u7528\u5230\u8d44\u6e90\u4e0a\uff08\u8fd9\u91cc\u7684\u8d44\u6e90\u662f\u53ef\u4ee5\u8de8\u96c6\u7fa4\u7684\uff09\u3002
\u53e6\u5916\uff0c\u5728\u8d44\u6e90\u7684\u7ed1\u5b9a\u5165\u53e3\u4e0a\u5bb9\u5668\u7ba1\u7406\u4e0e\u670d\u52a1\u7f51\u683c\u7a0d\u6709\u5dee\u5f02\uff0c\u5de5\u4f5c\u7a7a\u95f4\u63d0\u4f9b\u4e86\u5bb9\u5668\u7ba1\u7406\u4e2d\u7684 Cluster \u3001 Cluster-Namesapce \u548c\u670d\u52a1\u7f51\u683c\u4e2d\u7684 Mesh\u3001Mesh-Namespace \u8d44\u6e90\u7684\u7ed1\u5b9a\u5165\u53e3\uff0c\u4f46\u5c1a\u672a\u5f00\u653e\u5bf9\u670d\u52a1\u7f51\u683c\u7684 kairship \u548c Kairship-Namespace \u8d44\u6e90\u7684\u7ed1\u5b9a\u3002
\u5bf9\u4e8e kairship \u548c Kairship-Namespace \u8d44\u6e90\uff0c\u53ef\u4ee5\u5728\u670d\u52a1\u7f51\u683c\u7684\u8d44\u6e90\u5217\u8868\u8fdb\u884c\u624b\u52a8\u7ed1\u5b9a\u3002
"},{"location":"admin/ghippo/best-practice/ws-best-practice.html#_3","title":"\u5de5\u4f5c\u7a7a\u95f4\u7684\u4f7f\u7528\u573a\u666f","text":"\u5de5\u4f5c\u7a7a\u95f4\uff08\u79df\u6237\uff09\u4e0b\u7ed1\u5b9a\u6765\u81ea\u4e0d\u540c\u96c6\u7fa4\u7684\u547d\u540d\u7a7a\u95f4\uff0c\u80fd\u591f\u4f7f\u5de5\u4f5c\u7a7a\u95f4\uff08\u79df\u6237\uff09\u7075\u6d3b\u7eb3\u7ba1\u5e73\u53f0\u4e0a\u4efb\u610f\u96c6\u7fa4\u4e0b\u7684 Kubernetes Namespace\u3002 \u540c\u65f6\u5e73\u53f0\u63d0\u4f9b\u4e86\u6743\u9650\u6620\u5c04\u80fd\u529b\uff0c\u80fd\u591f\u5c06\u7528\u6237\u5728\u5de5\u4f5c\u7a7a\u95f4\u7684\u6743\u9650\u6620\u5c04\u5230\u7ed1\u5b9a\u7684\u547d\u540d\u7a7a\u95f4\u8eab\u4e0a\u3002
\u5f53\u5de5\u4f5c\u7a7a\u95f4\uff08\u79df\u6237\uff09\u4e0b\u7ed1\u5b9a\u4e00\u4e2a\u6216\u591a\u4e2a\u8de8\u96c6\u7fa4\u7684\u547d\u540d\u7a7a\u95f4\u65f6\uff0c\u7ba1\u7406\u5458\u65e0\u9700\u518d\u6b21\u7ed9\u5de5\u4f5c\u7a7a\u95f4\u4e2d\u7684\u6210\u5458\u6388\u6743\uff0c \u6210\u5458\u4eec\u5728\u5de5\u4f5c\u7a7a\u95f4\u4e0a\u7684\u89d2\u8272\u5c06\u6839\u636e\u4ee5\u4e0b\u6620\u5c04\u5173\u7cfb\u81ea\u52a8\u6620\u5c04\u5b8c\u6210\u6388\u6743\uff0c\u907f\u514d\u4e86\u591a\u6b21\u6388\u6743\u7684\u91cd\u590d\u6027\u64cd\u4f5c\uff1a
\u4ee5\u4e0b\u662f\u4e00\u4e2a\u4f8b\u5b50\uff1a
\u7528\u6237 \u5de5\u4f5c\u7a7a\u95f4 \u89d2\u8272 \u7528\u6237 A Workspace01 Workspace Admin\u5c06\u4e00\u4e2a\u547d\u540d\u7a7a\u95f4\u7ed1\u5b9a\u5230\u5de5\u4f5c\u7a7a\u95f4\u540e\uff1a
\u7528\u6237 \u6240\u5c5e\u8303\u7574 \u89d2\u8272 \u7528\u6237 A Workspace01 Workspace Admin Namespace01 Namespace Admin"},{"location":"admin/ghippo/best-practice/ws-to-ns.html#_2","title":"\u5b9e\u73b0\u65b9\u6848","text":"\u5c06\u6765\u81ea\u4e0d\u540c\u96c6\u7fa4\u7684\u4e0d\u540c\u547d\u540d\u7a7a\u95f4\u7ed1\u5b9a\u5230\u540c\u4e00\u5de5\u4f5c\u7a7a\u95f4\uff08\u79df\u6237\uff09\uff0c\u7ed9\u5de5\u4f5c\u7a7a\u95f4\uff08\u79df\u6237\uff09\u4e0b\u7684\u6210\u5458\u4f7f\u7528\u6d41\u7a0b\u5982\u56fe\u3002
graph TB\n\npreparews[\u51c6\u5907\u5de5\u4f5c\u7a7a\u95f4] --> preparens[\u51c6\u5907\u547d\u540d\u7a7a\u95f4]\n--> judge([\u547d\u540d\u7a7a\u95f4\u662f\u5426\u4e0e\u7ed1\u5b9a\u5230\u5176\u4ed6\u5de5\u4f5c\u7a7a\u95f4])\njudge -.\u672a\u7ed1\u5b9a.->nstows[\u5c06\u547d\u540d\u7a7a\u95f4\u7ed1\u5b9a\u5230\u5de5\u4f5c\u7a7a\u95f4] --> wsperm[\u7ba1\u7406\u5de5\u4f5c\u7a7a\u95f4\u8bbf\u95ee\u6743\u9650]\njudge -.\u5df2\u7ed1\u5b9a.->createns[\u521b\u5efa\u65b0\u7684\u547d\u540d\u7a7a\u95f4]\n\nclassDef plain fill:#ddd,stroke:#fff,stroke-width:1px,color:#000;\nclassDef k8s fill:#326ce5,stroke:#fff,stroke-width:1px,color:#fff;\nclassDef cluster fill:#fff,stroke:#bbb,stroke-width:1px,color:#326ce5;\n\nclass preparews,preparens,createns,nstows,wsperm cluster;\nclass judge plain
Tip
\u4e00\u4e2a\u547d\u540d\u7a7a\u95f4\u53ea\u80fd\u88ab\u4e00\u4e2a\u5de5\u4f5c\u7a7a\u95f4\u7ed1\u5b9a\u3002
"},{"location":"admin/ghippo/best-practice/ws-to-ns.html#_3","title":"\u51c6\u5907\u5de5\u4f5c\u7a7a\u95f4","text":"\u5de5\u4f5c\u7a7a\u95f4\u662f\u4e3a\u4e86\u6ee1\u8db3\u591a\u79df\u6237\u7684\u4f7f\u7528\u573a\u666f\uff0c\u57fa\u4e8e\u96c6\u7fa4\u3001\u96c6\u7fa4\u547d\u540d\u7a7a\u95f4\u3001\u7f51\u683c\u3001\u7f51\u683c\u547d\u540d\u7a7a\u95f4\u3001\u591a\u4e91\u3001\u591a\u4e91\u547d\u540d\u7a7a\u95f4\u7b49\u591a\u79cd\u8d44\u6e90\u5f62\u6210\u76f8\u4e92\u9694\u79bb\u7684\u8d44\u6e90\u73af\u5883\u3002 \u5de5\u4f5c\u7a7a\u95f4\u53ef\u4ee5\u6620\u5c04\u4e3a\u9879\u76ee\u3001\u79df\u6237\u3001\u4f01\u4e1a\u3001\u4f9b\u5e94\u5546\u7b49\u591a\u79cd\u6982\u5ff5\u3002
\u4f7f\u7528 admin/folder admin \u89d2\u8272\u7684\u7528\u6237\u767b\u5f55 AI \u7b97\u529b\u4e2d\u5fc3\uff0c\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u5e95\u90e8\u7684 \u5168\u5c40\u7ba1\u7406 \u3002
\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u7684 \u5de5\u4f5c\u7a7a\u95f4\u4e0e\u5c42\u7ea7 \uff0c\u70b9\u51fb\u53f3\u4e0a\u89d2\u7684 \u521b\u5efa\u5de5\u4f5c\u7a7a\u95f4 \u6309\u94ae\u3002
\u586b\u5199\u5de5\u4f5c\u7a7a\u95f4\u540d\u79f0\u3001\u6240\u5c5e\u6587\u4ef6\u5939\u7b49\u4fe1\u606f\u540e\uff0c\u70b9\u51fb \u786e\u5b9a \uff0c\u5b8c\u6210\u521b\u5efa\u5de5\u4f5c\u7a7a\u95f4\u3002
\u63d0\u793a\uff1a\u82e5\u5e73\u53f0\u4e2d\u5df2\u5b58\u5728\u521b\u5efa\u597d\u7684\u547d\u540d\u7a7a\u95f4\uff0c\u70b9\u51fb\u67d0\u4e2a\u5de5\u4f5c\u7a7a\u95f4\uff0c\u5728 \u8d44\u6e90\u7ec4 \u9875\u7b7e\u4e0b\uff0c\u70b9\u51fb \u7ed1\u5b9a\u8d44\u6e90 \uff0c\u53ef\u4ee5\u76f4\u63a5\u7ed1\u5b9a\u547d\u540d\u7a7a\u95f4\u3002
"},{"location":"admin/ghippo/best-practice/ws-to-ns.html#_4","title":"\u51c6\u5907\u547d\u540d\u7a7a\u95f4","text":"\u547d\u540d\u7a7a\u95f4\u662f\u66f4\u5c0f\u7684\u8d44\u6e90\u9694\u79bb\u5355\u5143\uff0c\u5c06\u5176\u7ed1\u5b9a\u5230\u5de5\u4f5c\u7a7a\u95f4\u540e\uff0c\u5de5\u4f5c\u7a7a\u95f4\u7684\u6210\u5458\u5c31\u53ef\u4ee5\u8fdb\u884c\u7ba1\u7406\u548c\u4f7f\u7528\u3002
\u53c2\u7167\u4ee5\u4e0b\u6b65\u9aa4\u51c6\u5907\u4e00\u4e2a\u8fd8\u672a\u7ed1\u5b9a\u5230\u4efb\u4f55\u5de5\u4f5c\u7a7a\u95f4\u7684\u547d\u540d\u7a7a\u95f4\u3002
\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u5e95\u90e8\u7684 \u5bb9\u5668\u7ba1\u7406 \u3002
\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u547d\u540d\u7a7a\u95f4 \uff0c\u8fdb\u5165\u547d\u540d\u7a7a\u95f4\u7ba1\u7406\u9875\u9762\uff0c\u70b9\u51fb\u9875\u9762\u53f3\u4fa7\u7684 \u521b\u5efa \u6309\u94ae\u3002
\u586b\u5199\u547d\u540d\u7a7a\u95f4\u7684\u540d\u79f0\uff0c\u914d\u7f6e\u5de5\u4f5c\u7a7a\u95f4\u548c\u6807\u7b7e\uff08\u53ef\u9009\u8bbe\u7f6e\uff09\uff0c\u7136\u540e\u70b9\u51fb \u786e\u5b9a \u3002
Info
\u5de5\u4f5c\u7a7a\u95f4\u4e3b\u8981\u7528\u4e8e\u5212\u5206\u8d44\u6e90\u7ec4\u5e76\u4e3a\u7528\u6237\uff08\u7528\u6237\u7ec4\uff09\u6388\u4e88\u5bf9\u8be5\u8d44\u6e90\u7684\u4e0d\u540c\u8bbf\u95ee\u6743\u9650\u3002\u6709\u5173\u5de5\u4f5c\u7a7a\u95f4\u7684\u8be6\u7ec6\u8bf4\u660e\uff0c\u53ef\u53c2\u8003\u5de5\u4f5c\u7a7a\u95f4\u4e0e\u5c42\u7ea7\u3002
\u70b9\u51fb \u786e\u5b9a \uff0c\u5b8c\u6210\u547d\u540d\u7a7a\u95f4\u7684\u521b\u5efa\u3002\u5728\u547d\u540d\u7a7a\u95f4\u5217\u8868\u53f3\u4fa7\uff0c\u70b9\u51fb \u2507 \uff0c\u53ef\u4ee5\u4ece\u5f39\u51fa\u83dc\u5355\u4e2d\u9009\u62e9 \u7ed1\u5b9a\u5de5\u4f5c\u7a7a\u95f4 \u3002
\u9664\u4e86\u5728\u547d\u540d\u7a7a\u95f4\u5217\u8868\u4e2d\u7ed1\u5b9a\u5916\uff0c\u4e5f\u53ef\u4ee5\u8fd4\u56de \u5168\u5c40\u7ba1\u7406 \uff0c\u6309\u7167\u4ee5\u4e0b\u6b65\u9aa4\u7ed1\u5b9a\u5de5\u4f5c\u7a7a\u95f4\u3002
\u4f9d\u6b21\u70b9\u51fb \u5168\u5c40\u7ba1\u7406 -> \u5de5\u4f5c\u7a7a\u95f4\u4e0e\u5c42\u7ea7 -> \u8d44\u6e90\u7ec4 \uff0c\u70b9\u51fb\u67d0\u4e2a\u5de5\u4f5c\u7a7a\u95f4\u540d\u79f0\u540e\uff0c\u70b9\u51fb \u7ed1\u5b9a\u8d44\u6e90 \u6309\u94ae\u3002
\u9009\u4e2d\u8981\u7ed1\u5b9a\u7684\u5de5\u4f5c\u7a7a\u95f4\uff08\u53ef\u591a\u9009\uff09\uff0c\u70b9\u51fb \u786e\u5b9a \u5b8c\u6210\u7ed1\u5b9a\u3002
\u5728 \u5de5\u4f5c\u7a7a\u95f4\u4e0e\u5c42\u7ea7 -> \u6388\u6743 \u4e2d\uff0c\u70b9\u51fb\u67d0\u4e2a\u5de5\u4f5c\u7a7a\u95f4\u540d\u79f0\u540e\uff0c\u70b9\u51fb \u6dfb\u52a0\u6388\u6743 \u6309\u94ae\u3002
\u9009\u62e9\u8981\u6388\u6743\u7684 \u7528\u6237/\u7528\u6237\u7ec4 \u3001 \u89d2\u8272 \u540e\uff0c\u70b9\u51fb \u786e\u5b9a \u5b8c\u6210\u6388\u6743\u3002
GProduct \u662f AI \u7b97\u529b\u4e2d\u5fc3\u4e2d\u9664\u5168\u5c40\u7ba1\u7406\u5916\u7684\u6240\u6709\u5176\u4ed6\u6a21\u5757\u7684\u7edf\u79f0\uff0c\u8fd9\u4e9b\u6a21\u5757\u9700\u8981\u4e0e\u5168\u5c40\u7ba1\u7406\u5bf9\u63a5\u540e\u624d\u80fd\u52a0\u5165\u5230 AI \u7b97\u529b\u4e2d\u5fc3\u4e2d\u3002
"},{"location":"admin/ghippo/best-practice/gproduct/intro.html#_1","title":"\u5bf9\u63a5\u4ec0\u4e48","text":"\u5bf9\u63a5\u5bfc\u822a\u680f
\u5165\u53e3\u7edf\u4e00\u653e\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u3002
\u63a5\u5165\u8def\u7531\u548c AuthN
\u7edf\u4e00 IP \u6216\u57df\u540d\uff0c\u5c06\u8def\u7531\u5165\u53e3\u7edf\u4e00\u8d70\u5168\u5c40\u7ba1\u7406\u7684 Istio Gateway\u3002
\u7edf\u4e00\u767b\u5f55 / \u7edf\u4e00 AuthN \u8ba4\u8bc1
\u767b\u5f55\u7edf\u4e00\u4f7f\u7528\u5168\u5c40\u7ba1\u7406 (Keycloak) \u767b\u5f55\u9875\uff0cAPI authn token \u9a8c\u8bc1\u4f7f\u7528 Istio Gateway\u3002 GProduct \u5bf9\u63a5\u5168\u5c40\u7ba1\u7406\u540e\u4e0d\u9700\u8981\u5173\u6ce8\u5982\u4f55\u5b9e\u73b0\u767b\u5f55\u548c\u8ba4\u8bc1\u3002
\u4ee5\u5bb9\u5668\u7ba1\u7406\uff08\u5f00\u53d1\u4ee3\u53f7 kpanda
\uff09\u4e3a\u4f8b\uff0c\u5bf9\u63a5\u5230\u5bfc\u822a\u680f\u3002
\u5bf9\u63a5\u540e\u7684\u9884\u671f\u6548\u679c\u5982\u56fe\uff1a
"},{"location":"admin/ghippo/best-practice/gproduct/nav.html#_2","title":"\u5bf9\u63a5\u65b9\u6cd5","text":"\u53c2\u7167\u4ee5\u4e0b\u6b65\u9aa4\u5bf9\u63a5 GProduct\uff1a
\u901a\u8fc7 GProductNavigator CR \u5c06\u5bb9\u5668\u7ba1\u7406\u7684\u5404\u529f\u80fd\u9879\u6ce8\u518c\u5230\u5bfc\u822a\u680f\u83dc\u5355\u3002
apiVersion: ghippo.io/v1alpha1\nkind: GProductNavigator\nmetadata:\n name: kpanda\nspec:\n gproduct: kpanda\n name: \u5bb9\u5668\u7ba1\u7406\n localizedName:\n zh-CN: \u5bb9\u5668\u7ba1\u7406\n en-US: Container Management\n url: /kpanda\n category: \u5bb9\u5668 # (1)\n iconUrl: /kpanda/nav-icon.png\n order: 10 # (2)\n menus:\n - name: \u5907\u4efd\u7ba1\u7406\n localizedName:\n zh-CN: \u5907\u4efd\u7ba1\u7406\n en-US: Backup Management\n iconUrl: /kpanda/bkup-icon.png\n url: /kpanda/backup\n
\u5168\u5c40\u7ba1\u7406\u7684\u5bfc\u822a\u680f category \u914d\u7f6e\u5728 ConfigMap\uff0c\u6682\u65f6\u4e0d\u80fd\u4ee5\u6ce8\u518c\u65b9\u5f0f\u589e\u52a0\uff0c\u9700\u8981\u8054\u7cfb\u5168\u5c40\u7ba1\u7406\u56e2\u961f\u6765\u6dfb\u52a0\u3002
kpanda
\u524d\u7aef\u4f5c\u4e3a\u5fae\u524d\u7aef\u63a5\u5165\u5230 AI \u7b97\u529b\u4e2d\u5fc3\u7236\u5e94\u7528 Anakin \u4e2d
\u524d\u7aef\u4f7f\u7528 qiankun \u6765\u63a5\u5165\u5b50\u5e94\u7528 UI\uff0c \u53ef\u4ee5\u53c2\u8003\u5feb\u901f\u4e0a\u624b\u3002
\u5728\u6ce8\u518c GProductNavigator CR \u540e\uff0c\u63a5\u53e3\u4f1a\u751f\u6210\u5bf9\u5e94\u7684\u6ce8\u518c\u4fe1\u606f\uff0c\u4f9b\u524d\u7aef\u7236\u5e94\u7528\u6ce8\u518c\u4f7f\u7528\u3002 \u4f8b\u5982 kpanda
\u5c31\u4f1a\u751f\u6210\u4ee5\u4e0b\u6ce8\u518c\u4fe1\u606f\uff1a
{\n \"id\": \"kpanda\",\n \"title\": \"\u5bb9\u5668\u7ba1\u7406\",\n \"url\": \"/kpanda\",\n \"uiAssetsUrl\": \"/ui/kpanda/\", // \u7ed3\u5c3e\u7684/\u662f\u5fc5\u987b\u7684\n \"needImportLicense\": false\n},\n
\u4ee5\u4e0a\u6ce8\u518c\u4fe1\u606f\u4e0e qiankun \u5b50\u5e94\u7528\u4fe1\u606f\u5b57\u6bb5\u7684\u5bf9\u5e94\u5173\u7cfb\u662f\uff1a
{\n name: id,\n entry: uiAssetsUrl,\n container: '#container',\n activeRule: url, \n loader,\n props: globalProps,\n}\n
container \u548c loader \u7531\u524d\u7aef\u7236\u5e94\u7528\u63d0\u4f9b\uff0c\u5b50\u5e94\u7528\u65e0\u9700\u5173\u5fc3\u3002 props \u4f1a\u63d0\u4f9b\u4e00\u4e2a\u5305\u542b\u7528\u6237\u57fa\u672c\u4fe1\u606f\u3001\u5b50\u4ea7\u54c1\u6ce8\u518c\u4fe1\u606f\u7b49\u7684 pinia store\u3002
qiankun \u542f\u52a8\u65f6\u4f1a\u4f7f\u7528\u5982\u4e0b\u53c2\u6570\uff1a
start({\n sandbox: {\n experimentalStyleIsolation: true,\n },\n // \u53bb\u9664\u5b50\u5e94\u7528\u4e2d\u7684favicon\u9632\u6b62\u5728Firefox\u4e2d\u8986\u76d6\u7236\u5e94\u7528\u7684favicon\n getTemplate: (template) => template.replaceAll(/<link\\s* rel=\"[\\w\\s]*icon[\\w\\s]*\"\\s*( href=\".*?\")?\\s*\\/?>/g, ''),\n});\n
\u8bf7\u53c2\u9605\u524d\u7aef\u56e2\u961f\u51fa\u5177\u7684 GProduct \u5bf9\u63a5 demo tar \u5305\u3002
"},{"location":"admin/ghippo/best-practice/gproduct/route-auth.html","title":"\u63a5\u5165\u8def\u7531\u548c\u767b\u5f55\u8ba4\u8bc1","text":"\u63a5\u5165\u540e\u7edf\u4e00\u767b\u5f55\u548c\u5bc6\u7801\u9a8c\u8bc1\uff0c\u6548\u679c\u5982\u4e0b\u56fe\uff1a
\u5404\u4e2a GProduct \u6a21\u5757\u7684 API bear token \u9a8c\u8bc1\u90fd\u8d70 Istio Gateway\u3002
\u63a5\u5165\u540e\u7684\u8def\u7531\u6620\u5c04\u56fe\u5982\u4e0b\uff1a
"},{"location":"admin/ghippo/best-practice/gproduct/route-auth.html#_2","title":"\u63a5\u5165\u65b9\u6cd5","text":"\u4ee5 kpanda
\u4e3a\u4f8b\u6ce8\u518c GProductProxy CR\u3002
# GProductProxy CR \u793a\u4f8b, \u5305\u542b\u8def\u7531\u548c\u767b\u5f55\u8ba4\u8bc1\n\n# spec.proxies: \u540e\u5199\u7684\u8def\u7531\u4e0d\u80fd\u662f\u5148\u5199\u7684\u8def\u7531\u5b50\u96c6, \u53cd\u4e4b\u53ef\u4ee5\n# spec.proxies.match.uri.prefix: \u5982\u679c\u662f\u540e\u7aef api, \u5efa\u8bae\u5728 prefix \u672b\u5c3e\u6dfb\u52a0 \"/\" \u8868\u8ff0\u8fd9\u6bb5 path \u7ed3\u675f\uff08\u7279\u6b8a\u9700\u6c42\u53ef\u4ee5\u4e0d\u7528\u52a0\uff09\n# spec.proxies.match.uri: \u652f\u6301 prefix \u548c exact \u6a21\u5f0f; Prefix \u548c Exact \u53ea\u80fd 2 \u9009 1; Prefix \u4f18\u5148\u7ea7\u5927\u4e8e Exact\n\napiVersion: ghippo.io/v1alpha1\nkind: GProductProxy\nmetadata:\n name: kpanda # (1)\nspec:\n gproduct: kpanda # (2)\n proxies:\n - labels:\n kind: UIEntry\n match:\n uri:\n prefix: /kpanda # (3)\n rewrite:\n uri: /index.html\n destination:\n host: ghippo-anakin.ghippo-system.svc.cluster.local\n port: 80\n authnCheck: false # (4)\n - labels:\n kind: UIAssets\n match:\n uri:\n prefix: /ui/kpanda/ # (5)\n destination:\n host: kpanda-ui.kpanda-system.svc.cluster.local\n port: 80\n authnCheck: false\n - match:\n uri:\n prefix: /apis/kpanda.io/v1/a\n destination:\n host: kpanda-service.kpanda-system.svc.cluster.local\n port: 80\n authnCheck: false\n - match:\n uri:\n prefix: /apis/kpanda.io/v1 # (6)\n destination:\n host: kpanda-service.kpanda-system.svc.cluster.local\n port: 80\n authnCheck: true\n
\u5728\u73b0\u6709\u7684\u6743\u9650\u4f53\u7cfb\u4e0b, \u5168\u5c40\u7ba1\u7406\u53ef\u4ee5\u6839\u636e\u7528\u6237\u7684\u6743\u9650\u63a7\u5236\u5bfc\u822a\u680f\u7684\u83dc\u5355\u662f\u5426\u5c55\u793a\uff0c \u4f46\u662f\u7531\u4e8e\u5bb9\u5668\u7ba1\u7406\u7684\u6388\u6743\u4fe1\u606f\u672a\u540c\u6b65\u5230\u5168\u5c40\u7ba1\u7406\uff0c\u5bfc\u81f4\u5168\u5c40\u7ba1\u7406\u65e0\u6cd5\u51c6\u786e\u5224\u65ad\u5bb9\u5668\u7ba1\u7406\u83dc\u5355\u662f\u5426\u9700\u8981\u5c55\u793a\u3002
\u672c\u6587\u901a\u8fc7\u914d\u7f6e\u5b9e\u73b0\u4e86\uff1a \u5c06\u5bb9\u5668\u7ba1\u7406\u53ca\u53ef\u89c2\u6d4b\u6027\u7684\u83dc\u5355\u5728 \u5168\u5c40\u7ba1\u7406\u65e0\u6cd5\u5224\u65ad\u7684\u90e8\u5206, \u9ed8\u8ba4\u4e0d\u663e\u793a \uff0c \u901a\u8fc7 \u767d\u540d\u5355 \u6388\u6743\u7684\u65b9\u5f0f\uff0c\u5b9e\u73b0\u83dc\u5355\u7684\u9690\u85cf\u4e0e\u663e\u793a\uff08\u901a\u8fc7\u5bb9\u5668\u7ba1\u7406\u9875\u9762\u6388\u6743\u7684\u96c6\u7fa4\u6216\u547d\u540d\u7a7a\u95f4\u6743\u9650\uff0c\u5168\u5c40\u7ba1\u7406\u5747\u65e0\u6cd5\u611f\u77e5\u548c\u5224\u65ad\uff09\u3002
\u4f8b\u5982\uff1aA \u7528\u6237\u5728\u5bb9\u5668\u7ba1\u7406\u662f cluster A \u7684 Cluster Admin \u89d2\u8272\uff0c \u8fd9\u79cd\u60c5\u51b5\u4e0b\u5168\u5c40\u7ba1\u7406\u65e0\u6cd5\u5224\u65ad\u662f\u5426\u6709\u6743\u9650\u5c55\u793a\u5bb9\u5668\u7ba1\u7406\u83dc\u5355\u3002 \u901a\u8fc7\u672c\u6587\u6863\u914d\u7f6e\u540e\uff0c\u7528\u6237 A \u9ed8\u8ba4\u4e0d\u53ef\u89c1\u5bb9\u5668\u7ba1\u7406\u83dc\u5355\uff0c\u9700\u8981 \u663e\u5f0f\u5730\u5728\u5168\u5c40\u7ba1\u7406\u6388\u6743 \u624d\u53ef\u4ee5\u770b\u5230\u5bb9\u5668\u7ba1\u7406\u83dc\u5355\u3002
"},{"location":"admin/ghippo/best-practice/menu/menu-display-or-hiding.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u5df2\u5f00\u542f\u57fa\u4e8e\u6743\u9650\u663e\u793a/\u9690\u85cf\u83dc\u5355\u7684\u529f\u80fd\uff0c\u5f00\u542f\u65b9\u6cd5\u5982\u4e0b\uff1a
helm install
\u65f6\u589e\u52a0 --set global.navigatorVisibleDependency=true
\u53c2\u6570helm get values ghippo -n ghippo-system -o yaml
\u5907\u4efd values, \u968f\u540e\u4fee\u6539 bak.yaml \u5e76\u6dfb\u52a0 global.navigatorVisibleDependency: true
\u518d\u4f7f\u7528\u4ee5\u4e0b\u547d\u4ee4\u5347\u7ea7\u5168\u5c40\u7ba1\u7406\uff1a
helm upgrade ghippo ghippo-release/ghippo \\ \n -n ghippo-system \\ \n -f ./bak.yaml \\ \n --version ${version}\n
"},{"location":"admin/ghippo/best-practice/menu/menu-display-or-hiding.html#_3","title":"\u914d\u7f6e\u5bfc\u822a\u680f","text":"\u5728 kpanda-global-cluster \u4e2d apply \u5982\u4e0b YAML\uff1a
apiVersion: ghippo.io/v1alpha1 \nkind: GProductNavigator \nmetadata: \n name: kpanda-menus-custom \nspec: \n category: container \n gproduct: kpanda \n iconUrl: ./ui/kpanda/kpanda.svg \n isCustom: true \n localizedName: \n en-US: Container Management \n zh-CN: \u5bb9\u5668\u7ba1\u7406 \n menus: \n - iconUrl: '' \n isCustom: true \n localizedName: \n en-US: Clusters \n zh-CN: \u96c6\u7fa4\u5217\u8868 \n name: Clusters \n order: 80 \n url: ./kpanda/clusters \n visible: true \n visibleDependency: \n permissions: \n - kpanda.cluster.* \n - kpanda.menu.get \n - iconUrl: '' \n isCustom: true \n localizedName: \n en-US: Namespaces \n zh-CN: \u547d\u540d\u7a7a\u95f4 \n name: Namespaces \n order: 70 \n url: ./kpanda/namespaces \n visible: true \n visibleDependency: \n permissions: \n - kpanda.cluster.* \n - kpanda.menu.get \n - iconUrl: '' \n isCustom: true \n localizedName: \n en-US: Workloads \n zh-CN: \u5de5\u4f5c\u8d1f\u8f7d \n name: Workloads \n order: 60 \n url: ./kpanda/workloads/deployments \n visible: true \n visibleDependency: \n permissions: \n - kpanda.cluster.* \n - kpanda.menu.get \n - iconUrl: '' \n isCustom: true \n localizedName: \n en-US: Permissions \n zh-CN: \u6743\u9650\u7ba1\u7406 \n name: Permissions \n order: 10 \n url: ./kpanda/rbac/content/cluster \n visible: true \n visibleDependency: \n permissions: \n - kpanda.cluster.* \n - kpanda.menu.get \n name: \u5bb9\u5668\u7ba1\u7406 \n order: 50 \n url: ./kpanda/clusters \n visible: true \n\n---\napiVersion: ghippo.io/v1alpha1 \nkind: GProductNavigator \nmetadata: \n name: insight-menus-custom \nspec: \n category: microservice \n gproduct: insight \n iconUrl: ./ui/insight/logo.svg \n isCustom: true \n localizedName: \n en-US: Insight \n zh-CN: \u53ef\u89c2\u6d4b\u6027 \n menus: \n - iconUrl: '' \n isCustom: true \n localizedName: \n en-US: Overview \n zh-CN: \u6982\u89c8 \n name: Overview \n order: 9 \n url: ./insight/overview \n visible: true \n visibleDependency: \n permissions: \n - kpanda.cluster.* \n - kpanda.menu.get \n - iconUrl: '' \n isCustom: true \n localizedName: \n en-US: Dashboard \n zh-CN: \u4eea\u8868\u76d8 \n name: Dashboard \n order: 8 \n url: ./insight/dashboard \n visible: true \n visibleDependency: \n permissions: \n - kpanda.cluster.* \n - kpanda.menu.get \n - iconUrl: '' \n isCustom: true \n localizedName: \n en-US: Infrastructure \n zh-CN: \u57fa\u7840\u8bbe\u65bd \n name: Infrastructure \n order: 7 \n url: ./insight/clusters \n visible: true \n visibleDependency: \n permissions: \n - kpanda.cluster.* \n - kpanda.menu.get \n - iconUrl: '' \n isCustom: true \n localizedName: \n en-US: Metrics \n zh-CN: \u6307\u6807 \n name: Metrics \n order: 6 \n url: ./insight/metric/basic \n visible: true \n visibleDependency: \n permissions: \n - kpanda.cluster.* \n - kpanda.menu.get \n - iconUrl: '' \n isCustom: true \n localizedName: \n en-US: Logs \n zh-CN: \u65e5\u5fd7 \n name: Logs \n order: 5 \n url: ./insight/logs \n visible: true \n visibleDependency: \n permissions: \n - kpanda.cluster.* \n - kpanda.menu.get \n - iconUrl: '' \n isCustom: true \n localizedName: \n en-US: Trace Tracking \n zh-CN: \u94fe\u8def\u8ffd\u8e2a \n name: Trace Tracking \n order: 4 \n url: ./insight/topology \n visible: true \n visibleDependency: \n permissions: \n - kpanda.cluster.* \n - kpanda.menu.get \n - iconUrl: '' \n isCustom: true \n localizedName: \n en-US: Alerts \n zh-CN: \u544a\u8b66 \n name: Alerts \n order: 3 \n url: ./insight/alerts/active/metrics \n visible: true \n visibleDependency: \n permissions: \n - kpanda.cluster.* \n - kpanda.menu.get \n - iconUrl: '' \n isCustom: true \n localizedName: \n en-US: Collect Management \n zh-CN: \u91c7\u96c6\u7ba1\u7406 \n name: Collect Management \n order: 2 \n url: ./insight/agents \n visible: true \n visibleDependency: \n permissions: \n - kpanda.cluster.* \n - kpanda.menu.get \n - iconUrl: '' \n isCustom: true \n localizedName: \n en-US: System Management \n zh-CN: \u7cfb\u7edf\u7ba1\u7406 \n name: System Management \n order: 1 \n url: ./insight/system-components \n visible: true \n visibleDependency: \n permissions: \n - kpanda.cluster.* \n - kpanda.menu.get \n name: \u53ef\u89c2\u6d4b\u6027 \n order: 30 \n url: ./insight \n visible: true \n\n---\napiVersion: ghippo.io/v1alpha1 \nkind: GProductResourcePermissions \nmetadata: \n name: kpanda \nspec: \n actions: \n - localizedName: \n en-US: Create \n zh-CN: \u521b\u5efa \n name: create \n - localizedName: \n en-US: Delete \n zh-CN: \u5220\u9664 \n name: delete \n - localizedName: \n en-US: Update \n zh-CN: \u7f16\u8f91 \n name: update \n - localizedName: \n en-US: Get \n zh-CN: \u67e5\u770b \n name: get \n - localizedName: \n en-US: Admin \n zh-CN: \u7ba1\u7406 \n name: admin \n authScopes: \n - resourcePermissions: \n - actions: \n - name: get \n - dependPermissions: \n - action: get \n name: create \n - dependPermissions: \n - action: get \n name: update \n - dependPermissions: \n - action: get \n name: delete \n resourceType: cluster \n - actions: \n - name: get \n resourceType: menu \n scope: platform \n - resourcePermissions: \n - actions: \n - name: admin \n tips: \n - en-US: >- \n If the workspace is bound to a cluster, it will be assigned \n the Cluster Admin role upon authorization. \n zh-CN: \u82e5\u5de5\u4f5c\u7a7a\u95f4\u7ed1\u5b9a\u4e86\u96c6\u7fa4\uff0c\u6388\u6743\u540e\u8fd8\u5c06\u88ab\u6620\u5c04\u4e3a\u5bf9\u5e94\u96c6\u7fa4\u7684 Cluster Admin \u89d2\u8272 \n resourceType: cluster \n - actions: \n - name: get \n tips: \n - en-US: >- \n If the workspace is bound to a namespace, it will be \n assigned the NS View role upon authorization. \n zh-CN: \u82e5\u5de5\u4f5c\u7a7a\u95f4\u7ed1\u5b9a\u4e86\u547d\u540d\u7a7a\u95f4\uff0c\u6388\u6743\u540e\u8fd8\u5c06\u88ab\u6620\u5c04\u4e3a\u5bf9\u5e94\u547d\u540d\u7a7a\u95f4\u7684 NS View \u89d2\u8272 \n - name: update \n tips: \n - en-US: >- \n If the workspace is bound to a namespace, it will be \n assigned the NS Edit role upon authorization. \n zh-CN: \u82e5\u5de5\u4f5c\u7a7a\u95f4\u7ed1\u5b9a\u4e86\u547d\u540d\u7a7a\u95f4\uff0c\u6388\u6743\u540e\u8fd8\u5c06\u88ab\u6620\u5c04\u4e3a\u5bf9\u5e94\u547d\u540d\u7a7a\u95f4\u7684 NS Edit \u89d2\u8272 \n - name: admin \n tips: \n - en-US: >- \n If the workspace is bound to a namespace, it will be \n assigned the NS Admin role upon authorization. \n zh-CN: \u82e5\u5de5\u4f5c\u7a7a\u95f4\u7ed1\u5b9a\u4e86\u547d\u540d\u7a7a\u95f4\uff0c\u6388\u6743\u540e\u8fd8\u5c06\u88ab\u6620\u5c04\u4e3a\u5bf9\u5e94\u547d\u540d\u7a7a\u95f4\u7684 NS Admin \u89d2\u8272 \n resourceType: namespace \n scope: workspace \n gproduct: kpanda \n resourceTypes: \n - localizedName: \n en-US: Cluster Management \n zh-CN: \u96c6\u7fa4\u7ba1\u7406 \n name: cluster \n - localizedName: \n en-US: Menu \n zh-CN: \u83dc\u5355 \n name: menu \n - localizedName: \n en-US: Namespace Management \n zh-CN: \u547d\u540d\u7a7a\u95f4 \n name: namespace\n
"},{"location":"admin/ghippo/best-practice/menu/menu-display-or-hiding.html#_4","title":"\u901a\u8fc7\u81ea\u5b9a\u4e49\u89d2\u8272\u5b9e\u73b0\u4e0a\u8ff0\u6548\u679c","text":"Note
\u4ec5\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u7684\u83dc\u5355\u9700\u8981\u5355\u72ec\u914d\u7f6e\u83dc\u5355\u6743\u9650\uff0c\u5176\u4ed6\u6a21\u5757\u4f1a\u6839\u636e\u7528\u6237\u7684\u6743\u9650\u81ea\u52a8\u663e\u793a/\u9690\u85cf
\u521b\u5efa\u4e00\u4e2a\u81ea\u5b9a\u4e49\u89d2\u8272\uff0c\u5305\u542b\u7684\u6743\u9650\u70b9\u4e3a\u5bb9\u5668\u7ba1\u7406\u7684\u83dc\u5355\u67e5\u770b\u6743\u9650\uff0c\u540e\u7eed\u6388\u6743\u7ed9\u9700\u8981\u67e5\u770b\u5bb9\u5668\u7ba1\u7406\u83dc\u5355\u7684\u7528\u6237\u3002
\u6548\u679c\u5982\u4e0b\uff0c\u53ef\u4ee5\u770b\u5230\u5bb9\u5668\u7ba1\u7406\u548c\u53ef\u89c2\u6d4b\u6027\u7684\u5bfc\u822a\u680f\u83dc\u5355\uff1a
"},{"location":"admin/ghippo/best-practice/menu/navigator.html","title":"\u81ea\u5b9a\u4e49\u5bfc\u822a\u680f","text":"\u5f53\u524d\u81ea\u5b9a\u4e49\u5bfc\u822a\u680f\u9700\u8981\u901a\u8fc7\u624b\u52a8\u521b\u5efa\u5bfc\u822a\u680f\u7684 YAML \uff0c\u5e76 apply \u5230\u96c6\u7fa4\u4e2d\u3002
"},{"location":"admin/ghippo/best-practice/menu/navigator.html#_2","title":"\u5bfc\u822a\u680f\u5206\u7c7b","text":"\u82e5\u9700\u8981\u65b0\u589e\u6216\u91cd\u65b0\u6392\u5e8f\u5bfc\u822a\u680f\u5206\u7c7b\u53ef\u4ee5\u901a\u8fc7\u65b0\u589e\u3001\u4fee\u6539 category YAML \u5b9e\u73b0\u3002
category \u7684 YAML \u793a\u4f8b\u5982\u4e0b\uff1a
apiVersion: ghippo.io/v1alpha1\nkind: NavigatorCategory\nmetadata:\n name: management-custom # (1)!\nspec:\n name: Management # (2)!\n isCustom: true # (3)!\n localizedName: # (4)!\n zh-CN: \u7ba1\u7406\n en-US: Management\n order: 100 # (5)!\n
\u7f16\u5199\u597d YAML \u6587\u4ef6\u540e\uff0c\u901a\u8fc7\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u540e\uff0c\u5237\u65b0\u9875\u9762\u5373\u53ef\u770b\u5230\u65b0\u589e\u3001\u4fee\u6539\u7684\u5bfc\u822a\u680f\u5206\u7c7b\u3002
kubectl apply -f xxx.yaml\n
"},{"location":"admin/ghippo/best-practice/menu/navigator.html#_3","title":"\u5bfc\u822a\u680f\u83dc\u5355","text":"\u82e5\u9700\u8981\u65b0\u589e\u6216\u91cd\u65b0\u6392\u5e8f\u5bfc\u822a\u680f\u83dc\u5355\u53ef\u4ee5\u901a\u8fc7\u65b0\u589e navigator YAML \u5b9e\u73b0\u3002
Note
\u82e5\u9700\u8981\u7f16\u8f91\u5df2\u5b58\u5728\u7684\u5bfc\u822a\u680f\u83dc\u5355\uff08\u975e\u7528\u6237\u81ea\u5df1\u65b0\u589e\u7684 custom \u83dc\u5355\uff09\uff0c\u9700\u8981\u4ee4\u65b0\u589e custom \u83dc\u5355 gproduct \u5b57\u6bb5\u4e0e\u9700\u8981\u8986\u76d6\u7684\u83dc\u5355\u7684 gproduct \u76f8\u540c\uff0c \u65b0\u7684\u5bfc\u822a\u680f\u83dc\u5355\u4f1a\u5c06 menus \u4e2d name \u76f8\u540c\u7684\u90e8\u5206\u6267\u884c\u8986\u76d6\uff0cname \u4e0d\u540c\u7684\u5730\u65b9\u505a\u65b0\u589e\u64cd\u4f5c\u3002
"},{"location":"admin/ghippo/best-practice/menu/navigator.html#_4","title":"\u4e00\u7ea7\u83dc\u5355","text":"\u4f5c\u4e3a\u4ea7\u54c1\u63d2\u5165\u5230\u67d0\u4e2a\u5bfc\u822a\u680f\u5206\u7c7b\u4e0b
apiVersion: ghippo.io/v1alpha1\nkind: GProductNavigator\nmetadata:\n name: gmagpie-custom # (1)!\nspec:\n name: Operations Management\n iconUrl: ./ui/gmagpie/gmagpie.svg\n localizedName: # (2)!\n zh-CN: \u8fd0\u8425\u7ba1\u7406\n en-US: Operations Management\n url: ./gmagpie\n category: management # (3)!\n menus: # (4)!\n - name: Access Control\n iconUrl: ./ui/ghippo/menus/access-control.svg\n localizedName:\n zh-CN: \u7528\u6237\u4e0e\u8bbf\u95ee\u63a7\u5236\n en-US: Access Control\n url: ./ghippo/users\n order: 50 # (5)!\n - name: Workspace\n iconUrl: ./ui/ghippo/menus/workspace-folder.svg\n localizedName:\n zh-CN: \u5de5\u4f5c\u7a7a\u95f4\u4e0e\u5c42\u7ea7\n en-US: Workspace and Folder\n url: ./ghippo/workspaces\n order: 40\n - name: Audit Log\n iconUrl: ./ui/ghippo/menus/audit-logs.svg\n localizedName:\n zh-CN: \u5ba1\u8ba1\u65e5\u5fd7\n en-US: Audit Log\n url: ./ghippo/audit\n order: 30\n - name: Settings\n iconUrl: ./ui/ghippo/menus/setting.svg\n localizedName:\n zh-CN: \u5e73\u53f0\u8bbe\u7f6e\n en-US: Settings\n url: ./ghippo/settings\n order: 10\n gproduct: gmagpie # (6)!\n visible: true # (7)!\n isCustom: true # (8)!\n order: 20 # (9)!\n target: blank # (10)!\n
\u4f5c\u4e3a\u5b50\u4ea7\u54c1\u63d2\u5165\u5230\u67d0\u4e2a\u4e00\u7ea7\u83dc\u5355\u7684\u4e8c\u7ea7\u83dc\u5355\u4e2d
apiVersion: ghippo.io/v1alpha1\nkind: GProductNavigator\nmetadata:\n name: gmagpie-custom # (1)!\nspec:\n name: Operations Management\n iconUrl: ./ui/gmagpie/gmagpie.svg\n localizedName: # (2)!\n zh-CN: \u8fd0\u8425\u7ba1\u7406\n en-US: Operations Management\n url: ./gmagpie\n parentGProduct: ghippo # (3)!\n gproduct: gmagpie # (4)!\n visible: true # (5)!\n isCustom: true # (6)!\n order: 20 # (7)!\n
\u8eab\u4efd\u63d0\u4f9b\u5546\uff08IdP, Identity Provider\uff09\uff1a\u5f53 AI \u7b97\u529b\u4e2d\u5fc3\u9700\u8981\u4f7f\u7528\u5ba2\u6237\u7cfb\u7edf\u4f5c\u4e3a\u7528\u6237\u6e90\uff0c \u4f7f\u7528\u5ba2\u6237\u7cfb\u7edf\u767b\u5f55\u754c\u9762\u6765\u8fdb\u884c\u767b\u5f55\u8ba4\u8bc1\u65f6\uff0c\u8be5\u5ba2\u6237\u7cfb\u7edf\u88ab\u79f0\u4e3a AI \u7b97\u529b\u4e2d\u5fc3\u7684\u8eab\u4efd\u63d0\u4f9b\u5546
"},{"location":"admin/ghippo/best-practice/oem/custom-idp.html#_1","title":"\u9002\u7528\u573a\u666f","text":"\u5982\u679c\u5ba2\u6237\u5bf9 Ghippo \u767b\u5f55 IdP \u6709\u9ad8\u5ea6\u5b9a\u5236\u9700\u6c42\uff0c\u4f8b\u5982\u652f\u6301\u4f01\u4e1a\u5fae\u4fe1\u3001\u5fae\u4fe1\u7b49\u5176\u4ed6\u793e\u4f1a\u7ec4\u7ec7\u767b\u5f55\u9700\u6c42\uff0c\u8bf7\u6839\u636e\u672c\u6587\u6863\u5b9e\u65bd\u3002
"},{"location":"admin/ghippo/best-practice/oem/custom-idp.html#_2","title":"\u652f\u6301\u7248\u672c","text":"Ghippo 0.15.0\u53ca\u4ee5\u4e0a\u7248\u672c\u3002
"},{"location":"admin/ghippo/best-practice/oem/custom-idp.html#_3","title":"\u5177\u4f53\u65b9\u6cd5","text":""},{"location":"admin/ghippo/best-practice/oem/custom-idp.html#ghippo-keycloak-plugin","title":"\u81ea\u5b9a\u4e49 ghippo keycloak plugin","text":"\u5b9a\u5236 plugin
\u53c2\u8003 keycloak \u5b98\u65b9\u6587\u6863\u548c keycloak \u81ea\u5b9a\u4e49 IdP \u8fdb\u884c\u5f00\u53d1\u3002
\u6784\u5efa\u955c\u50cf
# FROM scratch\nFROM scratch\n\n# plugin\nCOPY ./xxx-jar-with-dependencies.jar /plugins/\n
Note
\u5982\u679c\u9700\u8981\u4e24\u4e2a\u5b9a\u5236\u5316 IdP\uff0c\u9700\u8981\u590d\u5236\u4e24\u4e2a jar \u5305\u3002
"},{"location":"admin/ghippo/best-practice/oem/custom-idp.html#ghippo-keycloak-plugin_1","title":"\u90e8\u7f72 Ghippo keycloak plugin \u6b65\u9aa4","text":"\u628a Ghippo \u5347\u7ea7\u5230 0.15.0 \u6216\u4ee5\u4e0a\u3002 \u60a8\u4e5f\u53ef\u4ee5\u76f4\u63a5\u5b89\u88c5\u90e8\u7f72 Ghippo 0.15.0 \u7248\u672c\uff0c\u4f46\u9700\u8981\u628a\u4ee5\u4e0b\u4fe1\u606f\u624b\u52a8\u8bb0\u5f55\u4e0b\u6765\u3002
helm -n ghippo-system get values ghippo -o yaml\n
apiserver:\n image:\n repository: release.daocloud.io/ghippo-ci/ghippo-apiserver\n tag: v0.4.2-test-3-gaba5ec2\ncontrollermanager:\n image:\n repository: release.daocloud.io/ghippo-ci/ghippo-apiserver\n tag: v0.4.2-test-3-gaba5ec2\nglobal:\n database:\n builtIn: true\n reverseProxy: http://192.168.31.10:32628\n
\u5347\u7ea7\u6210\u529f\u540e\uff0c\u624b\u5de5\u8dd1\u4e00\u4e2a\u5b89\u88c5\u547d\u4ee4\uff0c --set
\u91cc\u8bbe\u7684\u53c2\u6570\u503c\u4ece\u4e0a\u8ff0\u4fdd\u5b58\u7684\u5185\u5bb9\u91cc\u5f97\u5230\uff0c\u5e76\u4e14\u5916\u52a0\u51e0\u4e2a\u53c2\u6570\u503c\uff1a
\u5177\u4f53\u793a\u4f8b\u5982\u4e0b\uff1a
helm upgrade \\\n ghippo \\\n ghippo-release/ghippo \\\n --version v0.4.2-test-3-gaba5ec2 \\\n -n ghippo-system \\\n --set apiserver.image.repository=release.daocloud.io/ghippo-ci/ghippo-apiserver \\\n --set apiserver.image.tag=v0.4.2-test-3-gaba5ec2 \\\n --set controllermanager.image.repository=release.daocloud.io/ghippo-ci/ghippo-apiserver \\\n --set controllermanager.image.tag=v0.4.2-test-3-gaba5ec2 \\\n --set global.reverseProxy=http://192.168.31.10:32628 \\\n --set global.database.builtIn=true \\\n --set global.idpPlugin.enabled=true \\\n --set global.idpPlugin.image.repository=chenyang-idp \\\n --set global.idpPlugin.image.tag=v0.0.1 \\\n --set global.idpPlugin.path=/plugins/.\n
\u5728 keycloak \u7ba1\u7406\u9875\u9762\u9009\u62e9\u6240\u8981\u4f7f\u7528\u7684\u63d2\u4ef6\u3002
\u672c\u9875\u8bf4\u660e\u5982\u4f55\u642d\u5efa GProduct Demo \u73af\u5883\u3002
"},{"location":"admin/ghippo/best-practice/oem/demo.html#_1","title":"\u642d\u5efa\u73af\u5883","text":"npm install\n
\u7f16\u8bd1\u548c\u70ed\u52a0\u8f7d\u5f00\u53d1\u73af\u5883\uff1a
npm run serve\n
\u7f16\u8bd1\u548c\u6784\u5efa\uff1a
npm run build\n
\u8865\u5168 Lint \u68c0\u67e5\u6587\u4ef6\uff1a
npm run lint\n
"},{"location":"admin/ghippo/best-practice/oem/demo.html#_2","title":"\u81ea\u5b9a\u4e49\u914d\u7f6e","text":"\u53c2\u89c1\u914d\u7f6e\u53c2\u8003\u3002
\u6784\u5efa\u955c\u50cf\uff1a
docker build -t release.daocloud.io/henry/gproduct-demo .\n
\u5728 K8s \u4e0a\u8fd0\u884c\uff1a
kubectl apply -f demo.yaml\n
"},{"location":"admin/ghippo/best-practice/oem/keycloak-idp.html","title":"Keycloak \u81ea\u5b9a\u4e49 IdP","text":"\u8981\u6c42\uff1akeycloak >= v20
\u5df2\u77e5\u95ee\u9898 keycloak >= v21\uff0c\u5220\u9664\u4e86\u65e7\u7248 theme \u7684\u652f\u6301\uff0c\u53ef\u80fd\u4f1a\u5728 v22 \u4fee\u590d\u3002 \u53c2\u89c1 Issue #15344 \u3002
\u6b64\u6b21 demo \u4f7f\u7528 Keycloak v20.0.5\u3002
"},{"location":"admin/ghippo/best-practice/oem/keycloak-idp.html#source","title":"\u57fa\u4e8e source \u5f00\u53d1","text":""},{"location":"admin/ghippo/best-practice/oem/keycloak-idp.html#_1","title":"\u914d\u7f6e\u73af\u5883","text":"\u53c2\u7167 keycloak/building.md \u914d\u7f6e\u73af\u5883\u3002
\u53c2\u7167 keycloak/README.md \u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a
cd quarkus\nmvn -f ../pom.xml clean install -DskipTestsuite -DskipExamples -DskipTests\n
"},{"location":"admin/ghippo/best-practice/oem/keycloak-idp.html#ide","title":"\u4ece IDE \u8fd0\u884c","text":""},{"location":"admin/ghippo/best-practice/oem/keycloak-idp.html#service","title":"\u6dfb\u52a0 service \u4ee3\u7801","text":""},{"location":"admin/ghippo/best-practice/oem/keycloak-idp.html#keycloak","title":"\u5982\u679c\u53ef\u4ece keycloak \u7ee7\u627f\u90e8\u5206\u529f\u80fd","text":"\u5728\u76ee\u5f55 services/src/main/java/org/keycloak/broker \u4e0b\u6dfb\u52a0\u6587\u4ef6\uff1a
\u6587\u4ef6\u540d\u9700\u8981\u662f xxxProvider.java \u548c xxxProviderFactory.java
xxxProviderFactory.java \u793a\u4f8b\uff1a
\u7559\u610f PROVIDER_ID = \"oauth\"; \u8fd9\u4e2a\u53d8\u91cf\uff0c\u540e\u9762\u5b9a\u4e49 html \u4f1a\u7528\u5230\u3002
xxxProvider.java \u793a\u4f8b
"},{"location":"admin/ghippo/best-practice/oem/keycloak-idp.html#keycloak_1","title":"\u5982\u679c\u4e0d\u80fd\u4ece keycloak \u7ee7\u627f\u529f\u80fd","text":"\u53c2\u8003\u4e0b\u56fe\u4e2d\u7684\u4e09\u4e2a\u6587\u4ef6\u7f16\u5199\u4f60\u7684\u4ee3\u7801\uff1a
\u6dfb\u52a0 xxxProviderFactory \u5230 resource service
\u5728 services/src/main/resources/META-INF/services/org.keycloak.broker.provider.IdentityProviderFactory \u6dfb\u52a0 xxxProviderFactory\uff0c\u8fd9\u6837\u521a\u521a\u7f16\u5199\u7684\u80fd\u5de5\u4f5c\u4e86\uff1a
\u6dfb\u52a0 html \u6587\u4ef6
\u590d\u5236 themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-oidc.html \u6587\u4ef6\u5230\uff08\u6539\u540d\u4e3a realm-identity-provider-oauth.html \uff0c\u8fd8\u8bb0\u5f97\u4e0a\u6587\u4e2d\u9700\u8981\u7559\u610f\u7684\u53d8\u91cf\u5417\uff09 themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-oauth.html
\u5230\u6b64\u6240\u6709\u7684\u6587\u4ef6\u90fd\u6dfb\u52a0\u5b8c\u6210\u4e86\uff0c\u5f00\u59cb\u8c03\u8bd5\u529f\u80fd\u3002
"},{"location":"admin/ghippo/best-practice/oem/keycloak-idp.html#jar","title":"\u6253\u5305\u6210 jar \u4f5c\u4e3a\u63d2\u4ef6\u8fd0\u884c","text":"\u65b0\u5efa\u4e00\u4e2a java \u9879\u76ee\uff0c\u5e76\u5c06\u4e0a\u9762\u7684\u4ee3\u7801\u590d\u5236\u5230\u9879\u76ee\u4e2d\uff0c\u5982\u4e0b\u6240\u793a\uff1a
\u53c2\u89c1 pom.xml\u3002
\u8fd0\u884c mvn clean package \uff0c\u6253\u5305\u5b8c\u6210\u5f97\u5230 xxx-jar-with-dependencies.jar \u6587\u4ef6\u3002
\u4e0b\u8f7d keycloak Release 20.0.5 zip \u5305\u5e76\u89e3\u538b\u3002
\u5c06 xxx-jar-with-dependencies.jar \u590d\u5236\u5230 keycloak-20.0.5/providers \u76ee\u5f55\u4e2d\u3002
\u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\u67e5\u770b\u529f\u80fd\u662f\u5426\u5b8c\u6574\uff1a
bin/kc.sh start-dev\n
"},{"location":"admin/ghippo/best-practice/oem/oem-in.html","title":"\u5982\u4f55\u5c06\u5ba2\u6237\u7cfb\u7edf\u96c6\u6210\u5230 AI \u7b97\u529b\u4e2d\u5fc3\uff08OEM IN\uff09","text":"OEM IN \u662f\u6307\u5408\u4f5c\u4f19\u4f34\u7684\u5e73\u53f0\u4f5c\u4e3a\u5b50\u6a21\u5757\u5d4c\u5165 AI \u7b97\u529b\u4e2d\u5fc3\uff0c\u51fa\u73b0\u5728 AI \u7b97\u529b\u4e2d\u5fc3\u4e00\u7ea7\u5bfc\u822a\u680f\u3002 \u7528\u6237\u901a\u8fc7 AI \u7b97\u529b\u4e2d\u5fc3\u8fdb\u884c\u767b\u5f55\u548c\u7edf\u4e00\u7ba1\u7406\u3002\u5b9e\u73b0 OEM IN \u5171\u5206\u4e3a 5 \u6b65\uff0c\u5206\u522b\u662f\uff1a
Note
\u4ee5\u4e0b\u4f7f\u7528\u5f00\u6e90\u8f6f\u4ef6 Label Studio \u6765\u505a\u5d4c\u5957\u6f14\u793a\u3002\u5b9e\u9645\u573a\u666f\u9700\u8981\u81ea\u5df1\u89e3\u51b3\u5ba2\u6237\u7cfb\u7edf\u7684\u95ee\u9898\uff1a
\u4f8b\u5982\u5ba2\u6237\u7cfb\u7edf\u9700\u8981\u81ea\u5df1\u6dfb\u52a0\u4e00\u4e2a Subpath\uff0c\u7528\u4e8e\u533a\u5206\u54ea\u4e9b\u662f AI \u7b97\u529b\u4e2d\u5fc3\u7684\u670d\u52a1\uff0c\u54ea\u4e9b\u662f\u5ba2\u6237\u7cfb\u7edf\u7684\u670d\u52a1\u3002
"},{"location":"admin/ghippo/best-practice/oem/oem-in.html#_1","title":"\u73af\u5883\u51c6\u5907","text":"\u90e8\u7f72 AI \u7b97\u529b\u4e2d\u5fc3\u73af\u5883\uff1a
https://10.6.202.177:30443
\u4f5c\u4e3a AI \u7b97\u529b\u4e2d\u5fc3\u7684\u73af\u5883\u3002
\u90e8\u7f72\u5ba2\u6237\u7cfb\u7edf\u73af\u5883\uff1a
http://10.6.202.177:30123
\u4f5c\u4e3a\u5ba2\u6237\u7cfb\u7edf
\u5e94\u7528\u8fc7\u7a0b\u4e2d\u5bf9\u5ba2\u6237\u7cfb\u7edf\u7684\u64cd\u4f5c\u8bf7\u6839\u636e\u5b9e\u9645\u60c5\u51b5\u8fdb\u884c\u8c03\u6574\u3002
\u89c4\u5212\u5ba2\u6237\u7cfb\u7edf\u7684 Subpath \u8def\u5f84\uff1a http://10.6.202.177:30123/label-studio
\uff08\u5efa\u8bae\u4f7f\u7528\u8fa8\u8bc6\u5ea6\u9ad8\u7684\u540d\u79f0\u4f5c\u4e3a Subpath\uff0c\u4e0d\u80fd\u4e0e\u4e3b AI \u7b97\u529b\u4e2d\u5fc3\u7684 HTTP router \u53d1\u751f\u51b2\u7a81\uff09\u3002 \u8bf7\u786e\u4fdd\u7528\u6237\u901a\u8fc7 http://10.6.202.177:30123/label-studio
\u80fd\u591f\u6b63\u5e38\u8bbf\u95ee\u5ba2\u6237\u7cfb\u7edf\u3002
SSH \u767b\u5f55\u5230 AI \u7b97\u529b\u4e2d\u5fc3\u670d\u52a1\u5668\u3002
ssh root@10.6.202.177\n
\u4f7f\u7528 vim
\u547d\u4ee4\u521b\u5efa\u548c\u4fee\u6539 label-studio.yaml \u6587\u4ef6
vim label-studio.yaml\n
label-studio.yamlapiVersion: networking.istio.io/v1beta1\nkind: ServiceEntry\nmetadata:\n name: label-studio\n namespace: ghippo-system\nspec:\n exportTo:\n - \"*\"\n hosts:\n - label-studio.svc.external\n ports:\n # \u6dfb\u52a0\u865a\u62df\u7aef\u53e3\n - number: 80\n name: http\n protocol: HTTP\n location: MESH_EXTERNAL\n resolution: STATIC\n endpoints:\n # \u6539\u4e3a\u5ba2\u6237\u7cfb\u7edf\u7684\u57df\u540d\uff08\u6216IP\uff09\n - address: 10.6.202.177\n ports:\n # \u6539\u4e3a\u5ba2\u6237\u7cfb\u7edf\u7684\u7aef\u53e3\u53f7\n http: 30123\n---\napiVersion: networking.istio.io/v1alpha3\nkind: VirtualService\nmetadata:\n # \u4fee\u6539\u4e3a\u5ba2\u6237\u7cfb\u7edf\u7684\u540d\u5b57\n name: label-studio\n namespace: ghippo-system\nspec:\n exportTo:\n - \"*\"\n hosts:\n - \"*\"\n gateways:\n - ghippo-gateway\n http:\n - match:\n - uri:\n exact: /label-studio # \u4fee\u6539\u4e3a\u5ba2\u6237\u7cfb\u7edf\u5728 AI \u7b97\u529b\u4e2d\u5fc3.0 Web UI \u5165\u53e3\u4e2d\u7684\u8def\u7531\u5730\u5740\n - uri:\n prefix: /label-studio/ # \u4fee\u6539\u4e3a\u5ba2\u6237\u7cfb\u7edf\u5728 AI \u7b97\u529b\u4e2d\u5fc3.0 Web UI \u5165\u53e3\u4e2d\u7684\u8def\u7531\u5730\u5740\n route:\n - destination:\n # \u4fee\u6539\u4e3a\u4e0a\u6587 ServiceEntry \u4e2d\u7684 spec.hosts \u7684\u503c\n host: label-studio.svc.external\n port:\n # \u4fee\u6539\u4e3a\u4e0a\u6587 ServiceEntry \u4e2d\u7684 spec.ports \u7684\u503c\n number: 80\n---\napiVersion: security.istio.io/v1beta1\nkind: AuthorizationPolicy\nmetadata:\n # \u4fee\u6539\u4e3a\u5ba2\u6237\u7cfb\u7edf\u7684\u540d\u5b57\n name: label-studio\n namespace: istio-system\nspec:\n action: ALLOW\n selector:\n matchLabels:\n app: istio-ingressgateway\n rules:\n - from:\n - source:\n requestPrincipals:\n - '*'\n - to:\n - operation:\n paths:\n - /label-studio # \u4fee\u6539\u4e3a VirtualService \u4e2d\u7684 spec.http.match.uri.prefix \u7684\u503c\n - /label-studio/* # \u4fee\u6539\u4e3a VirtualService \u4e2d\u7684 spec.http.match.uri.prefix \u7684\u503c\uff08\u6ce8\u610f\uff0c\u672b\u5c3e\u9700\u8981\u6dfb\u52a0 \"*\"\uff09\n
\u4f7f\u7528 kubectl
\u547d\u4ee4\u5e94\u7528 label-studio.yaml \uff1a
kubectl apply -f\u00a0label-studio.yaml\n
\u9a8c\u8bc1 Label Studio UI \u7684 IP \u548c \u7aef\u53e3\u662f\u5426\u4e00\u81f4\uff1a
\u5c06\u5ba2\u6237\u7cfb\u7edf\u4e0e AI \u7b97\u529b\u4e2d\u5fc3\u5e73\u53f0\u901a\u8fc7 OIDC/OAUTH \u7b49\u534f\u8bae\u5bf9\u63a5\uff0c\u4f7f\u7528\u6237\u767b\u5f55 AI \u7b97\u529b\u4e2d\u5fc3\u5e73\u53f0\u540e\u8fdb\u5165\u5ba2\u6237\u7cfb\u7edf\u65f6\u65e0\u9700\u518d\u6b21\u767b\u5f55\u3002
Note
\u8fd9\u91cc\u4f7f\u7528\u4e24\u5957 AI \u7b97\u529b\u4e2d\u5fc3\u76f8\u4e92\u5bf9\u63a5\u6765\u8fdb\u884c\u6f14\u793a\u3002\u6db5\u76d6\u5c06 AI \u7b97\u529b\u4e2d\u5fc3 \u4f5c\u4e3a\u7528\u6237\u6e90\u767b\u5f55\u5ba2\u6237\u5e73\u53f0\uff0c\u548c\u5c06\u5ba2\u6237\u5e73\u53f0\u4f5c\u4e3a\u7528\u6237\u6e90\u767b\u5f55 AI \u7b97\u529b\u4e2d\u5fc3 \u5e73\u53f0\u4e24\u79cd\u573a\u666f\u3002
AI \u7b97\u529b\u4e2d\u5fc3\u4f5c\u4e3a\u7528\u6237\u6e90\uff0c\u767b\u5f55\u5ba2\u6237\u5e73\u53f0\uff1a \u9996\u5148\u5c06\u7b2c\u4e00\u5957 AI \u7b97\u529b\u4e2d\u5fc3\u4f5c\u4e3a\u7528\u6237\u6e90\uff0c\u5b9e\u73b0\u5bf9\u63a5\u540e\u7b2c\u4e00\u5957 AI \u7b97\u529b\u4e2d\u5fc3\u4e2d\u7684\u7528\u6237\u53ef\u4ee5\u901a\u8fc7 OIDC \u76f4\u63a5\u767b\u5f55\u7b2c\u4e8c\u5957 AI \u7b97\u529b\u4e2d\u5fc3\uff0c \u800c\u65e0\u9700\u5728\u7b2c\u4e8c\u5957\u4e2d\u518d\u6b21\u521b\u5efa\u7528\u6237\u3002\u5728\u7b2c\u4e00\u5957 AI \u7b97\u529b\u4e2d\u5fc3\u4e2d\u901a\u8fc7 \u5168\u5c40\u7ba1\u7406 -> \u7528\u6237\u4e0e\u8bbf\u95ee\u63a7\u5236 -> \u63a5\u5165\u7ba1\u7406 \u521b\u5efa SSO \u63a5\u5165\u3002
\u5ba2\u6237\u5e73\u53f0\u4f5c\u4e3a\u7528\u6237\u6e90\uff0c\u767b\u5f55 AI \u7b97\u529b\u4e2d\u5fc3\uff1a \u5c06\u7b2c\u4e00\u5957 AI \u7b97\u529b\u4e2d\u5fc3 \u4e2d\u751f\u6210\u7684\u5ba2\u6237\u7aef ID\u3001\u5ba2\u6237\u7aef\u5bc6\u94a5\u3001\u5355\u70b9\u767b\u5f55 URL \u7b49\u586b\u5199\u5230\u7b2c\u4e8c\u5957 AI \u7b97\u529b\u4e2d\u5fc3 \u5168\u5c40\u7ba1\u7406 -> \u7528\u6237\u4e0e\u8bbf\u95ee\u63a7\u5236 -> \u8eab\u4efd\u63d0\u4f9b\u5546 -> OIDC \u4e2d\uff0c\u5b8c\u6210\u7528\u6237\u5bf9\u63a5\u3002 \u5bf9\u63a5\u540e\uff0c\u7b2c\u4e00\u5957 AI \u7b97\u529b\u4e2d\u5fc3\u4e2d\u7684\u7528\u6237\u53ef\u4ee5\u901a\u8fc7 OIDC \u76f4\u63a5\u767b\u5f55\u7b2c\u4e8c\u5957 AI \u7b97\u529b\u4e2d\u5fc3\uff0c\u800c\u65e0\u9700\u5728\u7b2c\u4e8c\u5957\u4e2d\u518d\u6b21\u521b\u5efa\u7528\u6237\u3002
\u5bf9\u63a5\u5b8c\u6210\u540e\uff0c\u7b2c\u4e8c\u5957 AI \u7b97\u529b\u4e2d\u5fc3 \u767b\u5f55\u9875\u9762\u5c06\u51fa\u73b0 OIDC \u9009\u9879\uff0c\u9996\u6b21\u767b\u5f55\u65f6\u9009\u62e9\u901a\u8fc7 OIDC \u767b\u5f55\uff08\u81ea\u5b9a\u4e49\u540d\u79f0\uff0c\u8fd9\u91cc\u662f\u540d\u79f0\u662f loginname\uff09\uff0c \u540e\u7eed\u5c06\u76f4\u63a5\u8fdb\u5165\u65e0\u9700\u518d\u6b21\u9009\u62e9\u3002
Note
\u4f7f\u7528\u4e24\u5957 AI \u7b97\u529b\u4e2d\u5fc3,\u8868\u660e\u5ba2\u6237\u53ea\u8981\u652f\u6301 OIDC \u534f\u8bae\uff0c\u65e0\u8bba\u662f AI \u7b97\u529b\u4e2d\u5fc3\u4f5c\u4e3a\u7528\u6237\u6e90\uff0c\u8fd8\u662f\u201c\u5ba2\u6237\u5e73\u53f0\u201d\u4f5c\u4e3a\u7528\u6237\u6e90\uff0c\u4e24\u79cd\u573a\u666f\u90fd\u652f\u6301\u3002
"},{"location":"admin/ghippo/best-practice/oem/oem-in.html#_4","title":"\u5bf9\u63a5\u5bfc\u822a\u680f","text":"\u53c2\u8003\u6587\u6863\u4e0b\u65b9\u7684 tar \u5305\u6765\u5b9e\u73b0\u4e00\u4e2a\u7a7a\u58f3\u7684\u524d\u7aef\u5b50\u5e94\u7528\uff0c\u628a\u5ba2\u6237\u7cfb\u7edf\u4ee5 iframe \u7684\u5f62\u5f0f\u653e\u8fdb\u8be5\u7a7a\u58f3\u5e94\u7528\u91cc\u3002
\u4e0b\u8f7d gproduct-demo-main.tar.gz \u6587\u4ef6\uff0c\u6253\u5f00 src/App-iframe.vue \u6587\u4ef6\uff0c\u4fee\u6539\u5176\u4e2d\u7684 src \u5c5e\u6027\u503c\uff08\u5373\u8fdb\u5165\u5ba2\u6237\u7cfb\u7edf\u7684\u5730\u5740\uff09\uff1a
src=\"https://10.6.202.177:30443/label-studio\" (AI \u7b97\u529b\u4e2d\u5fc3\u5730\u5740 + Subpath)
src=\"./external-anyproduct/insight\"
<template>\n <iframe>\n src=\"https://daocloud.io\"\n title=\"demo\"\n class=\"iframe-container\"\n </iframe>\n</template>\n\n<style lang=\"scss\">\nhtml,\nbody {\n height: 100%;\n}\n\n# app {\n display: flex;\n height: 100%;\n .iframe-container {\n border: 0;\n flex: 1 1 0;\n }\n}\n</style>\n
\u5220\u9664 src \u6587\u4ef6\u5939\u4e0b\u7684 App.vue \u548c main.ts \u6587\u4ef6\uff0c\u540c\u65f6\u5c06\uff1a
\u6309\u7167 readme \u6b65\u9aa4\u6784\u5efa\u955c\u50cf\uff08\u6ce8\u610f\uff1a\u6267\u884c\u6700\u540e\u4e00\u6b65\u524d\u9700\u8981\u5c06 demo.yaml \u4e2d\u7684\u955c\u50cf\u5730\u5740\u66ff\u6362\u6210\u6784\u5efa\u51fa\u7684\u955c\u50cf\u5730\u5740\uff09
demo.yamlkind: Namespace\napiVersion: v1\nmetadata:\n name: gproduct-demo\n---\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: gproduct-demo\n namespace: gproduct-demo\n labels:\n app: gproduct-demo\nspec:\n selector:\n matchLabels:\n app: gproduct-demo\n template:\n metadata:\n name: gproduct-demo\n labels:\n app: gproduct-demo\n spec:\n containers:\n - name: gproduct-demo\n image: release.daocloud.io/gproduct-demo # \u4fee\u6539\u8fd9\u4e2a\u955c\u50cf\u5730\u5740\n ports:\n - containerPort: 80\n---\napiVersion: v1\nkind: Service\n...\n
\u5bf9\u63a5\u5b8c\u6210\u540e\uff0c\u5c06\u5728 AI \u7b97\u529b\u4e2d\u5fc3\u7684\u4e00\u7ea7\u5bfc\u822a\u680f\u51fa\u73b0 \u5ba2\u6237\u7cfb\u7edf \uff0c\u70b9\u51fb\u53ef\u8fdb\u5165\u5ba2\u6237\u7cfb\u7edf\u3002
"},{"location":"admin/ghippo/best-practice/oem/oem-in.html#_5","title":"\u5b9a\u5236\u5916\u89c2","text":"Note
AI \u7b97\u529b\u4e2d\u5fc3\u652f\u6301\u901a\u8fc7\u5199 CSS \u7684\u65b9\u5f0f\u6765\u5b9e\u73b0\u5916\u89c2\u5b9a\u5236\u3002\u5b9e\u9645\u5e94\u7528\u4e2d\u5ba2\u6237\u7cfb\u7edf\u5982\u4f55\u5b9e\u73b0\u5916\u89c2\u5b9a\u5236\u9700\u8981\u6839\u636e\u5b9e\u9645\u60c5\u51b5\u5904\u7406\u3002
\u767b\u5f55\u5ba2\u6237\u7cfb\u7edf\uff0c\u901a\u8fc7 \u5168\u5c40\u7ba1\u7406 -> \u5e73\u53f0\u8bbe\u7f6e -> \u5916\u89c2\u5b9a\u5236 \u53ef\u4ee5\u81ea\u5b9a\u4e49\u5e73\u53f0\u80cc\u666f\u989c\u8272\u3001logo\u3001\u540d\u79f0\u7b49\uff0c \u5177\u4f53\u64cd\u4f5c\u8bf7\u53c2\u7167\u5916\u89c2\u5b9a\u5236\u3002
"},{"location":"admin/ghippo/best-practice/oem/oem-in.html#_6","title":"\u6253\u901a\u6743\u9650\u4f53\u7cfb\uff08\u53ef\u9009\uff09","text":"\u65b9\u6848\u601d\u8def\u4e00\uff1a
\u5b9a\u5236\u5316\u56e2\u961f\u53ef\u5b9e\u73b0\u4e00\u5b9a\u5236\u6a21\u5757\uff0cAI \u7b97\u529b\u4e2d\u5fc3\u5c06\u6bcf\u4e00\u6b21\u7684\u7528\u6237\u767b\u5f55\u4e8b\u4ef6\u901a\u8fc7 Webhook \u7684\u65b9\u5f0f\u901a\u77e5\u5230\u5b9a\u5236\u6a21\u5757\uff0c \u5b9a\u5236\u6a21\u5757\u53ef\u81ea\u884c\u8c03\u7528 AnyProduct \u548c AI \u7b97\u529b\u4e2d\u5fc3\u7684 OpenAPI \u5c06\u8be5\u7528\u6237\u7684\u6743\u9650\u4fe1\u606f\u540c\u6b65\u3002
\u65b9\u6848\u601d\u8def\u4e8c\uff1a
\u901a\u8fc7 Webhook \u65b9\u5f0f\uff0c\u5c06\u6bcf\u4e00\u6b21\u7684\u6388\u6743\u53d8\u5316\u90fd\u901a\u77e5\u5230 AnyProduct\uff08\u5982\u6709\u9700\u6c42\uff0c\u540e\u7eed\u53ef\u5b9e\u73b0\uff09\u3002
"},{"location":"admin/ghippo/best-practice/oem/oem-in.html#anyproduct-ai","title":"AnyProduct \u4f7f\u7528 AI \u7b97\u529b\u4e2d\u5fc3\u7684\u5176\u4ed6\u80fd\u529b(\u53ef\u9009)","text":"\u64cd\u4f5c\u65b9\u6cd5\u4e3a\u8c03\u7528 AI \u7b97\u529b\u4e2d\u5fc3OpenAPI\u3002
"},{"location":"admin/ghippo/best-practice/oem/oem-in.html#_7","title":"\u53c2\u8003\u8d44\u6599","text":"OEM OUT \u662f\u6307\u5c06 AI \u7b97\u529b\u4e2d\u5fc3\u4f5c\u4e3a\u5b50\u6a21\u5757\u63a5\u5165\u5176\u4ed6\u4ea7\u54c1\uff0c\u51fa\u73b0\u5728\u5176\u4ed6\u4ea7\u54c1\u7684\u83dc\u5355\u4e2d\u3002 \u7528\u6237\u767b\u5f55\u5176\u4ed6\u4ea7\u54c1\u540e\u53ef\u76f4\u63a5\u8df3\u8f6c\u81f3 AI \u7b97\u529b\u4e2d\u5fc3\u65e0\u9700\u4e8c\u6b21\u767b\u5f55\u3002\u5b9e\u73b0 OEM OUT \u5171\u5206\u4e3a 5 \u6b65\uff0c\u5206\u522b\u662f\uff1a
\u90e8\u7f72 AI \u7b97\u529b\u4e2d\u5fc3\uff08\u5047\u8bbe\u90e8\u7f72\u5b8c\u7684\u8bbf\u95ee\u5730\u5740\u4e3a https://10.6.8.2:30343/
\uff09
\u5ba2\u6237\u7cfb\u7edf\u548c AI \u7b97\u529b\u4e2d\u5fc3\u524d\u53ef\u4ee5\u653e\u4e00\u4e2a nginx \u53cd\u4ee3\u6765\u5b9e\u73b0\u540c\u57df\u8bbf\u95ee\uff0c / \u8def\u7531\u5230\u5ba2\u6237\u7cfb\u7edf\uff0c /dce5 (subpath) \u8def\u7531\u5230 AI \u7b97\u529b\u4e2d\u5fc3\u7cfb\u7edf\uff0c vi /etc/nginx/conf.d/default.conf \u793a\u4f8b\u5982\u4e0b\uff1a
server {\n listen 80;\n server_name localhost;\n\n location /dce5/ {\n proxy_pass https://10.6.8.2:30343/;\n proxy_http_version 1.1;\n proxy_read_timeout 300s; # \u5982\u9700\u8981\u4f7f\u7528 kpanda cloudtty\u529f\u80fd\u9700\u8981\u8fd9\u884c\uff0c\u5426\u5219\u53ef\u4ee5\u53bb\u6389\n proxy_send_timeout 300s; # \u5982\u9700\u8981\u4f7f\u7528 kpanda cloudtty\u529f\u80fd\u9700\u8981\u8fd9\u884c\uff0c\u5426\u5219\u53ef\u4ee5\u53bb\u6389\n\n proxy_set_header Host $host;\n proxy_set_header X-Real-IP $remote_addr;\n proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\n\n proxy_set_header Upgrade $http_upgrade; # \u5982\u9700\u8981\u4f7f\u7528 kpanda cloudtty\u529f\u80fd\u9700\u8981\u8fd9\u884c\uff0c\u5426\u5219\u53ef\u4ee5\u53bb\u6389\n proxy_set_header Connection $connection_upgrade; # \u5982\u9700\u8981\u4f7f\u7528 kpanda cloudtty\u529f\u80fd\u9700\u8981\u8fd9\u884c\uff0c\u5426\u5219\u53ef\u4ee5\u53bb\u6389\n }\n\n location / {\n proxy_pass https://10.6.165.50:30443/; # \u5047\u8bbe\u8fd9\u662f\u5ba2\u6237\u7cfb\u7edf\u5730\u5740(\u5982\u610f\u4e91)\n proxy_http_version 1.1;\n\n proxy_set_header Host $host;\n proxy_set_header X-Real-IP $remote_addr;\n proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\n }\n}\n
\u5047\u8bbe nginx \u5165\u53e3\u5730\u5740\u4e3a 10.6.165.50\uff0c\u6309\u81ea\u5b9a\u4e49 AI \u7b97\u529b\u4e2d\u5fc3\u53cd\u5411\u4ee3\u7406\u670d\u52a1\u5668\u5730\u5740\u628a AI_PROXY \u53cd\u4ee3\u8bbe\u4e3a http://10.6.165.50/dce5
\u3002\u786e\u4fdd\u80fd\u591f\u901a\u8fc7 http://10.6.165.50/dce5
\u8bbf\u95ee AI \u7b97\u529b\u4e2d\u5fc3\u3002 \u5ba2\u6237\u7cfb\u7edf\u4e5f\u9700\u8981\u8fdb\u884c\u53cd\u4ee3\u8bbe\u7f6e\uff0c\u9700\u8981\u6839\u636e\u4e0d\u540c\u5e73\u53f0\u7684\u60c5\u51b5\u8fdb\u884c\u5904\u7406\u3002
\u5c06\u5ba2\u6237\u7cfb\u7edf\u4e0e AI \u7b97\u529b\u4e2d\u5fc3\u5e73\u53f0\u901a\u8fc7 OIDC/OAUTH \u7b49\u534f\u8bae\u5bf9\u63a5\uff0c\u4f7f\u7528\u6237\u767b\u5f55\u5ba2\u6237\u7cfb\u7edf\u540e\u8fdb\u5165 AI \u7b97\u529b\u4e2d\u5fc3\u65f6\u65e0\u9700\u518d\u6b21\u767b\u5f55\u3002 \u5728\u62ff\u5230\u5ba2\u6237\u7cfb\u7edf\u7684 OIDC \u4fe1\u606f\u540e\u586b\u5165 \u5168\u5c40\u7ba1\u7406 -> \u7528\u6237\u4e0e\u8bbf\u95ee\u63a7\u5236 -> \u8eab\u4efd\u63d0\u4f9b\u5546 \u4e2d\u3002
\u5bf9\u63a5\u5b8c\u6210\u540e\uff0cAI \u7b97\u529b\u4e2d\u5fc3\u767b\u5f55\u9875\u9762\u5c06\u51fa\u73b0 OIDC\uff08\u81ea\u5b9a\u4e49\uff09\u9009\u9879\uff0c\u9996\u6b21\u4ece\u5ba2\u6237\u7cfb\u7edf\u8fdb\u5165 AI \u7b97\u529b\u4e2d\u5fc3\u65f6\u9009\u62e9\u901a\u8fc7 OIDC \u767b\u5f55\uff0c \u540e\u7eed\u5c06\u76f4\u63a5\u8fdb\u5165 AI \u7b97\u529b\u4e2d\u5fc3\u65e0\u9700\u518d\u6b21\u9009\u62e9\u3002
"},{"location":"admin/ghippo/best-practice/oem/oem-out.html#_3","title":"\u5bf9\u63a5\u5bfc\u822a\u680f","text":"\u5bf9\u63a5\u5bfc\u822a\u680f\u662f\u6307 AI \u7b97\u529b\u4e2d\u5fc3\u51fa\u73b0\u5728\u5ba2\u6237\u7cfb\u7edf\u7684\u83dc\u5355\u4e2d\uff0c\u7528\u6237\u70b9\u51fb\u76f8\u5e94\u7684\u83dc\u5355\u540d\u79f0\u80fd\u591f\u76f4\u63a5\u8fdb\u5165 AI \u7b97\u529b\u4e2d\u5fc3\u3002 \u56e0\u6b64\u5bf9\u63a5\u5bfc\u822a\u680f\u4f9d\u8d56\u4e8e\u5ba2\u6237\u7cfb\u7edf\uff0c\u4e0d\u540c\u5e73\u53f0\u9700\u8981\u6309\u7167\u5177\u4f53\u60c5\u51b5\u8fdb\u884c\u5904\u7406\u3002
"},{"location":"admin/ghippo/best-practice/oem/oem-out.html#_4","title":"\u5b9a\u5236\u5916\u89c2","text":"\u901a\u8fc7 \u5168\u5c40\u7ba1\u7406 -> \u5e73\u53f0\u8bbe\u7f6e -> \u5916\u89c2\u5b9a\u5236 \u53ef\u4ee5\u81ea\u5b9a\u4e49\u5e73\u53f0\u80cc\u666f\u989c\u8272\u3001logo\u3001\u540d\u79f0\u7b49\uff0c \u5177\u4f53\u64cd\u4f5c\u8bf7\u53c2\u7167\u5916\u89c2\u5b9a\u5236\u3002
"},{"location":"admin/ghippo/best-practice/oem/oem-out.html#_5","title":"\u6253\u901a\u6743\u9650\u4f53\u7cfb\uff08\u53ef\u9009\uff09","text":"\u6253\u901a\u6743\u9650\u8f83\u4e3a\u590d\u6742\uff0c\u5982\u6709\u9700\u6c42\u8bf7\u8054\u7cfb\u5168\u5c40\u7ba1\u7406\u56e2\u961f\u3002
"},{"location":"admin/ghippo/best-practice/oem/oem-out.html#_6","title":"\u53c2\u8003","text":"\u53c2\u7167\u4ee5\u4e0b\u6b65\u9aa4\u4e3a AI \u7b97\u529b\u4e2d\u5fc3\u914d\u7f6e\u56fd\u5bc6\u7f51\u5173\u3002
"},{"location":"admin/ghippo/install/gm-gateway.html#_1","title":"\u8f6f\u4ef6\u4ecb\u7ecd","text":"Tengine: Tengine \u662f\u7531\u6dd8\u5b9d\u7f51\u53d1\u8d77\u7684 Web \u670d\u52a1\u5668\u9879\u76ee\u3002\u5b83\u5728 Nginx \u7684\u57fa\u7840\u4e0a\uff0c \u9488\u5bf9\u5927\u8bbf\u95ee\u91cf\u7f51\u7ad9\u7684\u9700\u6c42\uff0c\u6dfb\u52a0\u4e86\u5f88\u591a\u9ad8\u7ea7\u529f\u80fd\u548c\u7279\u6027\u3002\u6bd4\u5982\u652f\u6301 Tongsuo \u63d2\u4ef6\uff0c\u652f\u6301\u56fd\u5bc6\u8bc1\u4e66\u7b49\u3002
Tongsuo: \u94dc\u9501/Tongsuo\uff08\u539f BabaSSL\uff09\u662f\u4e00\u4e2a\u63d0\u4f9b\u73b0\u4ee3\u5bc6\u7801\u5b66\u7b97\u6cd5\u548c\u5b89\u5168\u901a\u4fe1\u534f\u8bae\u7684\u5f00\u6e90\u57fa\u7840\u5bc6\u7801\u5e93\uff0c \u4e3a\u5b58\u50a8\u3001\u7f51\u7edc\u3001\u5bc6\u94a5\u7ba1\u7406\u3001\u9690\u79c1\u8ba1\u7b97\u7b49\u8bf8\u591a\u4e1a\u52a1\u573a\u666f\u63d0\u4f9b\u5e95\u5c42\u7684\u5bc6\u7801\u5b66\u57fa\u7840\u80fd\u529b\uff0c\u5b9e\u73b0\u6570\u636e\u5728\u4f20\u8f93\u3001\u4f7f\u7528\u3001\u5b58\u50a8\u7b49\u8fc7\u7a0b\u4e2d\u7684\u79c1\u5bc6\u6027\u3001\u5b8c\u6574\u6027\u548c\u53ef\u8ba4\u8bc1\u6027\uff0c \u4e3a\u6570\u636e\u751f\u547d\u5468\u671f\u4e2d\u7684\u9690\u79c1\u548c\u5b89\u5168\u63d0\u4f9b\u4fdd\u62a4\u80fd\u529b\u3002
"},{"location":"admin/ghippo/install/gm-gateway.html#_2","title":"\u51c6\u5907\u5de5\u4f5c","text":"\u4e00\u53f0\u5b89\u88c5\u4e86 Docker \u7684 Linux \u4e3b\u673a\uff0c\u5e76\u4e14\u786e\u4fdd\u5b83\u80fd\u8bbf\u95ee\u4e92\u8054\u7f51\u3002
"},{"location":"admin/ghippo/install/gm-gateway.html#_3","title":"\u7f16\u8bd1\u548c\u5b89\u88c5\u56fd\u5bc6\u7f51\u5173","text":"\u4e0b\u9762\u4ecb\u7ecd\u5982\u4f55\u4f7f\u7528 Tengine \u548c Tongsuo \u6784\u5efa\u56fd\u5bc6\u7f51\u5173\u3002
Note
\u6b64\u914d\u7f6e\u4ec5\u4f9b\u53c2\u8003\u3002
FROM docker.m.daocloud.io/debian:11.3\n\n# Version\nENV TENGINE_VERSION=\"2.3.4\" \\\n TONGSUO_VERSION=\"8.3.2\"\n\n# Install required system packages and dependencies\nRUN apt update && \\\n apt -y install \\\n wget \\\n gcc \\\n make \\\n libpcre3 \\\n libpcre3-dev \\\n zlib1g-dev \\\n perl \\\n && apt clean\n\n# Build tengine\nRUN mkdir -p /tmp/pkg/cache/ && cd /tmp/pkg/cache/ \\\n && wget https://github.com/alibaba/tengine/archive/refs/tags/${TENGINE_VERSION}.tar.gz -O tengine-${TENGINE_VERSION}.tar.gz \\\n && tar zxvf tengine-${TENGINE_VERSION}.tar.gz \\\n && wget https://github.com/Tongsuo-Project/Tongsuo/archive/refs/tags/${TONGSUO_VERSION}.tar.gz -O Tongsuo-${TONGSUO_VERSION}.tar.gz \\\n && tar zxvf Tongsuo-${TONGSUO_VERSION}.tar.gz \\\n && cd tengine-${TENGINE_VERSION} \\\n && ./configure \\\n --add-module=modules/ngx_openssl_ntls \\\n --with-openssl=/tmp/pkg/cache/Tongsuo-${TONGSUO_VERSION} \\\n --with-openssl-opt=\"--strict-warnings enable-ntls\" \\\n --with-http_ssl_module --with-stream \\\n --with-stream_ssl_module --with-stream_sni \\\n && make \\\n && make install \\\n && ln -s /usr/local/nginx/sbin/nginx /usr/sbin/ \\\n && rm -rf /tmp/pkg/cache\n\nEXPOSE 80 443\nSTOPSIGNAL SIGTERM\nCMD [\"nginx\", \"-g\", \"daemon off;\"]\n
docker build -t tengine:0.0.1 .\n
"},{"location":"admin/ghippo/install/gm-gateway.html#sm2-rsa-tls","title":"\u751f\u6210 SM2 \u548c RSA TLS \u8bc1\u4e66","text":"\u4e0b\u9762\u4ecb\u7ecd\u5982\u4f55\u751f\u6210 SM2 \u548c RSA TLS \u8bc1\u4e66\uff0c\u5e76\u914d\u7f6e\u56fd\u5bc6\u7f51\u5173\u3002
"},{"location":"admin/ghippo/install/gm-gateway.html#sm2-tls","title":"SM2 TLS \u8bc1\u4e66","text":"Note
\u6b64\u8bc1\u4e66\u4ec5\u9002\u7528\u4e8e\u6d4b\u8bd5\u73af\u5883\u3002
\u60a8\u53ef\u4ee5\u53c2\u8003 Tongsuo \u5b98\u65b9\u6587\u6863\u4f7f\u7528 OpenSSL \u751f\u6210 SM2 \u8bc1\u4e66\uff0c \u6216\u8005\u8bbf\u95ee\u56fd\u5bc6 SSL \u5b9e\u9a8c\u5ba4\u7533\u8bf7 SM2 \u8bc1\u4e66\u3002
\u6700\u7ec8\u6211\u4eec\u4f1a\u5f97\u5230\u4ee5\u4e0b\u6587\u4ef6\uff1a
-rw-r--r-- 1 root root 749 Dec 8 02:59 sm2.*.enc.crt.pem\n-rw-r--r-- 1 root root 258 Dec 8 02:59 sm2.*.enc.key.pem\n-rw-r--r-- 1 root root 749 Dec 8 02:59 sm2.*.sig.crt.pem\n-rw-r--r-- 1 root root 258 Dec 8 02:59 sm2.*.sig.key.pem\n
"},{"location":"admin/ghippo/install/gm-gateway.html#rsa-tls","title":"RSA TLS \u8bc1\u4e66","text":"-rw-r--r-- 1 root root 216 Dec 8 03:21 rsa.*.crt.pem\n-rw-r--r-- 1 root root 4096 Dec 8 02:59 rsa.*.key.pem\n
"},{"location":"admin/ghippo/install/gm-gateway.html#sm2-rsa-tls_1","title":"\u7ed9\u56fd\u5bc6\u7f51\u5173\u914d\u7f6e SM2 \u548c RSA TLS \u8bc1\u4e66","text":"\u672c\u6587\u4e2d\u4f7f\u7528\u7684\u56fd\u5bc6\u7f51\u5173\uff0c\u652f\u6301 SM2 \u548c RSA \u7b49 TLS \u8bc1\u4e66\u3002\u53cc\u8bc1\u4e66\u7684\u4f18\u70b9\u662f\uff1a\u5f53\u6d4f\u89c8\u5668\u4e0d\u652f\u6301 SM2 TLS \u8bc1\u4e66\u65f6\uff0c\u81ea\u52a8\u5207\u6362\u5230 RSA TLS \u8bc1\u4e66\u3002
\u66f4\u591a\u8be6\u7ec6\u914d\u7f6e\uff0c\u8bf7\u53c2\u8003Tongsuo \u5b98\u65b9\u6587\u6863\u3002
\u6211\u4eec\u8fdb\u5165 Tengine \u5bb9\u5668\u5185\u90e8\uff1a
# \u8fdb\u5165 nginx \u914d\u7f6e\u6587\u4ef6\u5b58\u653e\u76ee\u5f55\ncd /usr/local/nginx/conf\n\n# \u521b\u5efa cert \u6587\u4ef6\u5939\uff0c\u7528\u4e8e\u5b58\u653e TLS \u8bc1\u4e66\nmkdir cert\n\n# \u628a SM2\u3001RSA TLS \u8bc1\u4e66\u62f7\u8d1d\u5230 `/usr/local/nginx/conf/cert` \u76ee\u5f55\u4e0b\ncp sm2.*.enc.crt.pem sm2.*.enc.key.pem sm2.*.sig.crt.pem sm2.*.sig.key.pem /usr/local/nginx/conf/cert\ncp rsa.*.crt.pem rsa.*.key.pem /usr/local/nginx/conf/cert\n\n# \u7f16\u8f91 nginx.conf \u914d\u7f6e\nvim nginx.conf\n...\nserver {\n listen 443 ssl;\n proxy_http_version 1.1;\n # \u5f00\u542f\u56fd\u5bc6\u529f\u80fd\uff0c\u4f7f\u5176\u652f\u6301 SM2 \u7b97\u6cd5\u7684 TLS \u8bc1\u4e66\n enable_ntls on;\n\n # RSA \u8bc1\u4e66\n # \u5982\u679c\u60a8\u7684\u6d4f\u89c8\u5668\u4e0d\u652f\u6301\u56fd\u5bc6\u8bc1\u4e66\uff0c\u90a3\u4e48\u60a8\u53ef\u4ee5\u5f00\u542f\u6b64\u9009\u9879\uff0cTengine \u4f1a\u81ea\u52a8\u8bc6\u522b\u6700\u7ec8\u7528\u6237\u7684\u6d4f\u89c8\u5668\uff0c\u5e76\u4f7f\u7528 RSA \u8bc1\u4e66\u8fdb\u884c\u56de\u9000\n ssl_certificate /usr/local/nginx/conf/cert/rsa.*.crt.pem;\n ssl_certificate_key /usr/local/nginx/conf/cert/rsa.*.key.pem;\n\n # \u914d\u7f6e\u4e24\u5bf9 SM2 \u8bc1\u4e66\uff0c\u7528\u4e8e\u52a0\u5bc6\u548c\u7b7e\u540d\n # SM2 \u7b7e\u540d\u8bc1\u4e66\n ssl_sign_certificate /usr/local/nginx/conf/cert/sm2.*.sig.crt.pem;\n ssl_sign_certificate_key /usr/local/nginx/conf/cert/sm2.*.sig.key.pem;\n # SM2 \u52a0\u5bc6\u8bc1\u4e66\n ssl_enc_certificate /usr/local/nginx/conf/cert/sm2.*.enc.crt.pem;\n ssl_enc_certificate_key /usr/local/nginx/conf/cert/sm2.*.enc.key.pem;\n ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;\n\n location / {\n proxy_set_header Host $http_host;\n proxy_set_header X-Real-IP $remote_addr;\n proxy_set_header REMOTE-HOST $remote_addr;\n proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\n # \u60a8\u9700\u8981\u5c06\u8fd9\u91cc\u7684\u5730\u5740\u4fee\u6539\u4e3a Istio \u5165\u53e3\u7f51\u5173\u7684\u5730\u5740\n # \u4f8b\u5982 proxy_pass https://istio-ingressgateway.istio-system.svc.cluster.local\n # \u6216\u8005 proxy_pass https://demo-dev.daocloud.io\n proxy_pass https://istio-ingressgateway.istio-system.svc.cluster.local;\n }\n}\n
"},{"location":"admin/ghippo/install/gm-gateway.html#_4","title":"\u91cd\u65b0\u52a0\u8f7d\u56fd\u5bc6\u7f51\u5173\u7684\u914d\u7f6e","text":"nginx -s reload\n
"},{"location":"admin/ghippo/install/gm-gateway.html#_5","title":"\u4e0b\u4e00\u6b65","text":"\u56fd\u5bc6\u7f51\u5173\u90e8\u7f72\u6210\u529f\u4e4b\u540e\uff0c\u81ea\u5b9a\u4e49 AI \u7b97\u529b\u4e2d\u5fc3\u53cd\u5411\u4ee3\u7406\u670d\u52a1\u5668\u5730\u5740\u3002
"},{"location":"admin/ghippo/install/gm-gateway.html#_6","title":"\u9a8c\u8bc1","text":"\u60a8\u53ef\u4ee5\u90e8\u7f72\u4e00\u4e2a\u652f\u6301\u56fd\u5bc6\u8bc1\u4e66\u7684 Web \u6d4f\u89c8\u5668\u3002 \u4f8b\u5982 Samarium Browser\uff0c \u7136\u540e\u901a\u8fc7 Tengine \u8bbf\u95ee AI \u7b97\u529b\u4e2d\u5fc3 UI \u754c\u9762\uff0c\u9a8c\u8bc1\u56fd\u5bc6\u8bc1\u4e66\u662f\u5426\u751f\u6548\u3002
"},{"location":"admin/ghippo/install/login.html","title":"\u767b\u5f55","text":"\u7528\u6237\u5728\u4f7f\u7528\u4e00\u4e2a\u65b0\u7cfb\u7edf\u524d\uff0c\u5728\u8fd9\u4e2a\u7cfb\u7edf\u4e2d\u662f\u6ca1\u6709\u4efb\u4f55\u6570\u636e\u7684\uff0c\u7cfb\u7edf\u4e5f\u65e0\u6cd5\u8bc6\u522b\u8fd9\u4e2a\u65b0\u7528\u6237\u3002\u4e3a\u4e86\u6807\u8bc6\u7528\u6237\u8eab\u4efd\u3001\u7ed1\u5b9a\u7528\u6237\u6570\u636e\uff0c\u7528\u6237\u9700\u8981\u4e00\u4e2a\u80fd\u552f\u4e00\u6807\u8bc6\u7528\u6237\u8eab\u4efd\u7684\u5e10\u53f7\u3002
AI \u7b97\u529b\u4e2d\u5fc3\u5728 \u7528\u6237\u4e0e\u8bbf\u95ee\u63a7\u5236 \u4e2d\u901a\u8fc7\u7ba1\u7406\u5458\u521b\u5efa\u65b0\u7528\u6237\u7684\u65b9\u5f0f\u4e3a\u7528\u6237\u5206\u914d\u4e00\u4e2a\u9644\u6709\u4e00\u5b9a\u6743\u9650\u7684\u8d26\u53f7\u3002\u8be5\u7528\u6237\u4ea7\u751f\u7684\u6240\u6709\u884c\u4e3a\u90fd\u5c06\u5173\u8054\u5230\u81ea\u5df1\u7684\u5e10\u53f7\u3002
\u7528\u6237\u901a\u8fc7\u8d26\u53f7/\u5bc6\u7801\u8fdb\u884c\u767b\u5f55\uff0c\u7cfb\u7edf\u9a8c\u8bc1\u8eab\u4efd\u662f\u5426\u5408\u6cd5\uff0c\u5982\u679c\u9a8c\u8bc1\u5408\u6cd5\uff0c\u5219\u7528\u6237\u6210\u529f\u767b\u5f55\u3002
Note
\u5982\u679c\u7528\u6237\u767b\u5f55\u540e 24 \u5c0f\u65f6\u5185\u65e0\u4efb\u4f55\u64cd\u4f5c\uff0c\u5c06\u81ea\u52a8\u9000\u51fa\u767b\u5f55\u72b6\u6001\u3002\u5982\u679c\u767b\u5f55\u7684\u7528\u6237\u59cb\u7ec8\u6d3b\u8dc3\uff0c\u5c06\u6301\u7eed\u5904\u4e8e\u767b\u5f55\u72b6\u6001\u3002
\u7528\u6237\u767b\u5f55\u7684\u7b80\u5355\u6d41\u7a0b\u5982\u4e0b\u56fe\u3002
graph TB\n\nuser[\u8f93\u5165\u7528\u6237\u540d] --> pass[\u8f93\u5165\u5bc6\u7801] --> judge([\u70b9\u51fb\u767b\u5f55\u5e76\u6821\u9a8c\u7528\u6237\u540d\u548c\u5bc6\u7801])\njudge -.\u6b63\u786e.->success[\u767b\u5f55\u6210\u529f]\njudge -.\u9519\u8bef.->fail[\u63d0\u793a\u9519\u8bef]\n\nclassDef plain fill:#ddd,stroke:#fff,stroke-width:1px,color:#000;\nclassDef k8s fill:#326ce5,stroke:#fff,stroke-width:1px,color:#fff;\nclassDef cluster fill:#fff,stroke:#bbb,stroke-width:1px,color:#326ce5;\n\nclass user,pass cluster;\nclass judge plain\nclass success,fail k8s
\u7528\u6237\u767b\u5f55\u754c\u9762\u5982\u4e0b\u56fe\u3002\u5177\u4f53\u767b\u5f55\u753b\u9762\uff0c\u8bf7\u4e0e\u5b9e\u9645\u4ea7\u54c1\u4e3a\u51c6\u3002
"},{"location":"admin/ghippo/install/offline-install.html","title":"\u79bb\u7ebf\u5347\u7ea7\u5168\u5c40\u7ba1\u7406\u6a21\u5757","text":"\u672c\u9875\u8bf4\u4e0b\u8f7d\u5168\u5c40\u7ba1\u7406\u6a21\u5757\u7684\u79bb\u7ebf\u5305\u540e\uff0c\u5e94\u8be5\u5982\u4f55\u5b89\u88c5\u6216\u5347\u7ea7\u3002
Info
\u4e0b\u8ff0\u547d\u4ee4\u6216\u811a\u672c\u5185\u51fa\u73b0\u7684 ghippo
\u5b57\u6837\u662f\u5168\u5c40\u7ba1\u7406\u6a21\u5757\u7684\u5185\u90e8\u5f00\u53d1\u4ee3\u53f7\u3002
\u60a8\u53ef\u4ee5\u6839\u636e\u4e0b\u9762\u4e24\u79cd\u65b9\u5f0f\u4e4b\u4e00\u52a0\u8f7d\u955c\u50cf\uff0c\u5f53\u73af\u5883\u4e2d\u5b58\u5728\u955c\u50cf\u4ed3\u5e93\u65f6\uff0c\u5efa\u8bae\u9009\u62e9 chart-syncer \u540c\u6b65\u955c\u50cf\u5230\u955c\u50cf\u4ed3\u5e93\uff0c\u8be5\u65b9\u6cd5\u66f4\u52a0\u9ad8\u6548\u4fbf\u6377\u3002
"},{"location":"admin/ghippo/install/offline-install.html#chart-syncer","title":"chart-syncer \u540c\u6b65\u955c\u50cf\u5230\u955c\u50cf\u4ed3\u5e93","text":"\u521b\u5efa load-image.yaml
Note
\u8be5 YAML \u6587\u4ef6\u4e2d\u7684\u5404\u9879\u53c2\u6570\u5747\u4e3a\u5fc5\u586b\u9879\u3002\u60a8\u9700\u8981\u4e00\u4e2a\u79c1\u6709\u7684\u955c\u50cf\u4ed3\u5e93\uff0c\u5e76\u4fee\u6539\u76f8\u5173\u914d\u7f6e\u3002
\u5df2\u5b89\u88c5 chart repo\u672a\u5b89\u88c5 chart repo\u82e5\u5f53\u524d\u73af\u5883\u5df2\u5b89\u88c5 chart repo\uff0cchart-syncer \u4e5f\u652f\u6301\u5c06 Chart \u5bfc\u51fa\u4e3a tgz \u6587\u4ef6\u3002
load-image.yamlsource:\n intermediateBundlesPath: ghippo-offline # (1)!\ntarget:\n containerRegistry: 10.16.10.111 # (2)!\n containerRepository: release.daocloud.io/ghippo # (3)!\n repo:\n kind: HARBOR # (4)!\n url: http://10.16.10.111/chartrepo/release.daocloud.io # (5)!\n auth:\n username: \"admin\" # (6)!\n password: \"Harbor12345\" # (7)!\n containers:\n auth:\n username: \"admin\" # (8)!\n password: \"Harbor12345\" # (9)!\n
\u82e5\u5f53\u524d\u73af\u5883\u672a\u5b89\u88c5 chart repo\uff0cchart-syncer \u4e5f\u652f\u6301\u5c06 Chart \u5bfc\u51fa\u4e3a tgz \u6587\u4ef6\uff0c\u5e76\u5b58\u653e\u5728\u6307\u5b9a\u8def\u5f84\u3002
load-image.yamlsource:\n intermediateBundlesPath: ghippo-offline # (1)!\ntarget:\n containerRegistry: 10.16.10.111 # (2)!\n containerRepository: release.daocloud.io/ghippo # (3)!\n repo:\n kind: LOCAL\n path: ./local-repo # (4)!\n containers:\n auth:\n username: \"admin\" # (5)!\n password: \"Harbor12345\" # (6)!\n
\u6267\u884c\u540c\u6b65\u955c\u50cf\u547d\u4ee4\u3002
charts-syncer sync --config load-image.yaml\n
\u89e3\u538b\u5e76\u52a0\u8f7d\u955c\u50cf\u6587\u4ef6\u3002
\u89e3\u538b tar \u538b\u7f29\u5305\u3002
tar xvf ghippo.bundle.tar\n
\u89e3\u538b\u6210\u529f\u540e\u4f1a\u5f97\u5230\u51e0\u4e2a\u6587\u4ef6\uff1a
\u4ece\u672c\u5730\u52a0\u8f7d\u955c\u50cf\u5230 Docker \u6216 containerd\u3002
Dockercontainerddocker load -i images.tar\n
ctr -n k8s.io image import images.tar\n
Note
\u6bcf\u4e2a node \u90fd\u9700\u8981\u505a Docker \u6216 containerd \u52a0\u8f7d\u955c\u50cf\u64cd\u4f5c\uff0c \u52a0\u8f7d\u5b8c\u6210\u540e\u9700\u8981 tag \u955c\u50cf\uff0c\u4fdd\u6301 Registry\u3001Repository \u4e0e\u5b89\u88c5\u65f6\u4e00\u81f4\u3002
"},{"location":"admin/ghippo/install/offline-install.html#_3","title":"\u5347\u7ea7","text":"\u5347\u7ea7\u6ce8\u610f\u4e8b\u9879\uff1a
\u4ece v0.11.x \u5347\u7ea7\u5230 \u2265v0.12.0\u4ece v0.15.x \u5347\u7ea7\u5230 \u2265v0.16.0\u5f53\u4ece v0.11.x (\u6216\u66f4\u4f4e\u7248\u672c) \u5347\u7ea7\u5230 v0.12.0 (\u6216\u66f4\u9ad8\u7248\u672c) \u65f6\uff0c\u9700\u8981\u5c06 bak.yaml \u4e2d\u6240\u6709 keycloak key \u4fee\u6539\u4e3a keycloakx \u3002
\u4fee\u6539\u524d\uff1a
bak.yamlUSER-SUPPLIED VALUES:\nkeycloak:\n ...\n
\u4fee\u6539\u540e\uff1a
bak.yamlUSER-SUPPLIED VALUES:\nkeycloakx:\n ...\n
\u5f53\u4ece v0.15.x (\u6216\u66f4\u4f4e\u7248\u672c) \u5347\u7ea7\u5230 v0.16.0 (\u6216\u66f4\u9ad8\u7248\u672c) \u65f6\uff0c\u9700\u8981\u4fee\u6539\u6570\u636e\u5e93\u8fde\u63a5\u53c2\u6570\u3002
\u4fee\u6539\u524d\uff1a
bak.yamlUSER-SUPPLIED VALUES:\nglobal:\n database:\n host: 127.0.0.1\n port: 3306\n apiserver:\n dbname: ghippo\n password: passowrd\n user: ghippo\n keycloakx:\n dbname: keycloak\n password: passowrd\n user: keycloak\n auditDatabase:\n auditserver:\n dbname: audit\n password: passowrd\n user: audit\n host: 127.0.0.1\n port: 3306\n
\u4fee\u6539\u540e\uff1a
bak.yamlUSER-SUPPLIED VALUES:\nglobal:\n storage:\n ghippo:\n - driver: mysql\n accessType: readwrite\n dsn: {global.database.apiserver.user}:{global.database.apiserver.password}@tcp({global.database.host}:{global.database.port})/{global.database.apiserver.dbname}?charset=utf8mb4&multiStatements=true&parseTime=true\n audit:\n - driver: mysql\n accessType: readwrite\n dsn: {global.auditDatabase.auditserver.user}:{global.auditDatabase.auditserver.password}@tcp({global.auditDatabase.host}:{global.auditDatabase.port})/{global.auditDatabase.auditserver.dbname}?charset=utf8mb4&multiStatements=true&parseTime=true\n keycloak:\n - driver: mysql\n accessType: readwrite\n dsn: {global.database.keycloakx.user}:{global.database.keycloakx.password}@tcp({global.database.host}:{global.database.port})/{global.database.keycloakx.dbname}?charset=utf8mb4\n
\u6709\u4e24\u79cd\u5347\u7ea7\u65b9\u5f0f\u3002\u60a8\u53ef\u4ee5\u6839\u636e\u524d\u7f6e\u64cd\u4f5c\uff0c\u9009\u62e9\u5bf9\u5e94\u7684\u5347\u7ea7\u65b9\u6848\uff1a
\u901a\u8fc7 Helm \u4ed3\u5e93\u5347\u7ea7\u901a\u8fc7 Chart \u5305\u5347\u7ea7\u68c0\u67e5\u5168\u5c40\u7ba1\u7406 Helm \u4ed3\u5e93\u662f\u5426\u5b58\u5728\u3002
helm repo list | grep ghippo\n
\u82e5\u8fd4\u56de\u7ed3\u679c\u4e3a\u7a7a\u6216\u5982\u4e0b\u63d0\u793a\uff0c\u5219\u8fdb\u884c\u4e0b\u4e00\u6b65\uff1b\u53cd\u4e4b\u5219\u8df3\u8fc7\u4e0b\u4e00\u6b65\u3002
Error: no repositories to show\n
\u6dfb\u52a0\u5168\u5c40\u7ba1\u7406\u7684 Helm \u4ed3\u5e93\u3002
helm repo add ghippo http://{harbor url}/chartrepo/{project}\n
\u66f4\u65b0\u5168\u5c40\u7ba1\u7406\u7684 Helm \u4ed3\u5e93\u3002
helm repo update ghippo # (1)!\n
helm update repo
\u9009\u62e9\u60a8\u60f3\u5b89\u88c5\u7684\u5168\u5c40\u7ba1\u7406\u7248\u672c\uff08\u5efa\u8bae\u5b89\u88c5\u6700\u65b0\u7248\u672c\uff09\u3002
helm search repo ghippo/ghippo --versions\n
NAME CHART VERSION APP VERSION DESCRIPTION\nghippo/ghippo 0.9.0 v0.9.0 A Helm chart for GHippo\n...\n
\u5907\u4efd --set
\u53c2\u6570\u3002
\u5728\u5347\u7ea7\u5168\u5c40\u7ba1\u7406\u7248\u672c\u4e4b\u524d\uff0c\u5efa\u8bae\u60a8\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5907\u4efd\u8001\u7248\u672c\u7684 --set
\u53c2\u6570\u3002
helm get values ghippo -n ghippo-system -o yaml > bak.yaml\n
\u66f4\u65b0 Ghippo CRD\uff1a
helm pull ghippo/ghippo --version 0.9.0 && tar -zxf ghippo-0.9.0.tgz\nkubectl apply -f ghippo/crds\n
\u6267\u884c helm upgrade
\u3002
\u5347\u7ea7\u524d\u5efa\u8bae\u60a8\u8986\u76d6 bak.yaml \u4e2d\u7684 global.imageRegistry
\u5b57\u6bb5\u4e3a\u5f53\u524d\u4f7f\u7528\u7684\u955c\u50cf\u4ed3\u5e93\u5730\u5740\u3002
export imageRegistry={\u4f60\u7684\u955c\u50cf\u4ed3\u5e93}\n
helm upgrade ghippo ghippo/ghippo \\\n -n ghippo-system \\\n -f ./bak.yaml \\\n --set global.imageRegistry=$imageRegistry \\\n --version 0.9.0\n
\u5907\u4efd --set
\u53c2\u6570\u3002
\u5728\u5347\u7ea7\u5168\u5c40\u7ba1\u7406\u7248\u672c\u4e4b\u524d\uff0c\u5efa\u8bae\u60a8\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5907\u4efd\u8001\u7248\u672c\u7684 --set
\u53c2\u6570\u3002
helm get values ghippo -n ghippo-system -o yaml > bak.yaml\n
\u66f4\u65b0 Ghippo CRD\uff1a
kubectl apply -f ./crds\n
\u6267\u884c helm upgrade
\u3002
\u5347\u7ea7\u524d\u5efa\u8bae\u60a8\u8986\u76d6 bak.yaml \u4e2d\u7684 global.imageRegistry
\u4e3a\u5f53\u524d\u4f7f\u7528\u7684\u955c\u50cf\u4ed3\u5e93\u5730\u5740\u3002
export imageRegistry={\u4f60\u7684\u955c\u50cf\u4ed3\u5e93}\n
helm upgrade ghippo . \\\n -n ghippo-system \\\n -f ./bak.yaml \\\n --set global.imageRegistry=$imageRegistry\n
\u5177\u4f53\u8bbe\u7f6e\u6b65\u9aa4\u5982\u4e0b\uff1a
\u68c0\u67e5\u5168\u5c40\u7ba1\u7406 helm \u4ed3\u5e93\u662f\u5426\u5b58\u5728\u3002
helm repo list | grep ghippo\n
\u82e5\u8fd4\u56de\u7ed3\u679c\u4e3a\u7a7a\u6216\u5982\u4e0b\u63d0\u793a\uff0c\u5219\u8fdb\u884c\u4e0b\u4e00\u6b65\uff1b\u53cd\u4e4b\u5219\u8df3\u8fc7\u4e0b\u4e00\u6b65\u3002
Error: no repositories to show\n
\u6dfb\u52a0\u5e76\u4e14\u66f4\u65b0\u5168\u5c40\u7ba1\u7406\u7684 helm \u4ed3\u5e93\u3002
helm repo add ghippo http://{harbor url}/chartrepo/{project}\nhelm repo update ghippo\n
\u8bbe\u7f6e\u73af\u5883\u53d8\u91cf\uff0c\u65b9\u4fbf\u5728\u4e0b\u6587\u4e2d\u4f7f\u7528\u3002
# \u60a8\u7684\u53cd\u5411\u4ee3\u7406\u5730\u5740\uff0c\u4f8b\u5982 `export AI_PROXY=\"https://demo-alpha.daocloud.io\"` \nexport AI_PROXY=\"https://domain:port\"\n\n# helm --set \u53c2\u6570\u5907\u4efd\u6587\u4ef6\nexport GHIPPO_VALUES_BAK=\"ghippo-values-bak.yaml\"\n\n# \u83b7\u53d6\u5f53\u524d ghippo \u7684\u7248\u672c\u53f7\nexport GHIPPO_HELM_VERSION=$(helm get notes ghippo -n ghippo-system | grep \"Chart Version\" | awk -F ': ' '{ print $2 }')\n
\u5907\u4efd --set \u53c2\u6570\u3002
helm get values ghippo -n ghippo-system -o yaml > ${GHIPPO_VALUES_BAK}\n
\u6dfb\u52a0\u60a8\u7684\u53cd\u5411\u4ee3\u7406\u5730\u5740\u3002
Note
\u5982\u679c\u53ef\u4ee5\uff0c\u60a8\u53ef\u4ee5\u4f7f\u7528 yq \u547d\u4ee4\uff1a
yq -i \".global.reverseProxy = \\\"${AI_PROXY}\\\"\" ${GHIPPO_VALUES_BAK}\n
\u6216\u8005\u60a8\u53ef\u4ee5\u4f7f\u7528 vim \u547d\u4ee4\u7f16\u8f91\u5e76\u4fdd\u5b58\uff1a
vim ${GHIPPO_VALUES_BAK}\n\nUSER-SUPPLIED VALUES:\n...\nglobal:\n ...\n reverseProxy: ${AI_PROXY} # \u53ea\u9700\u8981\u4fee\u6539\u8fd9\u4e00\u884c\n
\u6267\u884c helm upgrade
\u4f7f\u914d\u7f6e\u751f\u6548\u3002
helm upgrade ghippo ghippo/ghippo \\\n -n ghippo-system \\\n -f ${GHIPPO_VALUES_BAK} \\\n --version ${GHIPPO_HELM_VERSION}\n
\u4f7f\u7528 kubectl \u91cd\u542f\u5168\u5c40\u7ba1\u7406 Pod\uff0c\u4f7f\u914d\u7f6e\u751f\u6548\u3002
kubectl rollout restart deploy/ghippo-apiserver -n ghippo-system\nkubectl rollout restart statefulset/ghippo-keycloakx -n ghippo-system\n
\u5177\u4f53\u8bbe\u7f6e\u6b65\u9aa4\u5982\u4e0b\uff1a
\u68c0\u67e5\u5168\u5c40\u7ba1\u7406 helm \u4ed3\u5e93\u662f\u5426\u5b58\u5728\u3002
helm repo list | grep ghippo\n
\u82e5\u8fd4\u56de\u7ed3\u679c\u4e3a\u7a7a\u6216\u5982\u4e0b\u63d0\u793a\uff0c\u5219\u8fdb\u884c\u4e0b\u4e00\u6b65\uff1b\u53cd\u4e4b\u5219\u8df3\u8fc7\u4e0b\u4e00\u6b65\u3002
Error: no repositories to show\n
\u6dfb\u52a0\u5e76\u4e14\u66f4\u65b0\u5168\u5c40\u7ba1\u7406\u7684 helm \u4ed3\u5e93\u3002
helm repo add ghippo http://{harbor url}/chartrepo/{project}\nhelm repo update ghippo\n
\u8bbe\u7f6e\u73af\u5883\u53d8\u91cf\uff0c\u65b9\u4fbf\u5728\u4e0b\u6587\u4e2d\u4f7f\u7528\u3002
# helm --set \u53c2\u6570\u5907\u4efd\u6587\u4ef6\nexport GHIPPO_VALUES_BAK=\"ghippo-values-bak.yaml\"\n\n# \u83b7\u53d6\u5f53\u524d ghippo \u7684\u7248\u672c\u53f7\nexport GHIPPO_HELM_VERSION=$(helm get notes ghippo -n ghippo-system | grep \"Chart Version\" | awk -F ': ' '{ print $2 }')\n
\u5907\u4efd --set \u53c2\u6570\u3002
helm get values ghippo -n ghippo-system -o yaml > ${GHIPPO_VALUES_BAK}\n
\u6253\u5f00 Folder/WS \u4e4b\u95f4\u7684\u9694\u79bb\u6a21\u5f0f\u5f00\u5173\u3002
Note
\u5982\u679c\u53ef\u4ee5\uff0c\u60a8\u53ef\u4ee5\u4f7f\u7528 yq \u547d\u4ee4\uff1a
yq -i \".apiserver.userIsolationMode = \\\"Folder\\\"\" ${GHIPPO_VALUES_BAK}\n
\u6216\u8005\u60a8\u53ef\u4ee5\u4f7f\u7528 vim \u547d\u4ee4\u7f16\u8f91\u5e76\u4fdd\u5b58\uff1a
vim ${GHIPPO_VALUES_BAK}\n\nUSER-SUPPLIED VALUES:\n...\n# \u6dfb\u52a0\u4e0b\u9762\u4e24\u884c\u5373\u53ef\napiserver:\n userIsolationMode: Folder\n
\u6267\u884c helm upgrade
\u4f7f\u914d\u7f6e\u751f\u6548\u3002
helm upgrade ghippo ghippo/ghippo \\\n -n ghippo-system \\\n -f ${GHIPPO_VALUES_BAK} \\\n --version ${GHIPPO_HELM_VERSION}\n
\u4f7f\u7528 kubectl \u91cd\u542f\u5168\u5c40\u7ba1\u7406 Pod\uff0c\u4f7f\u914d\u7f6e\u751f\u6548\u3002
kubectl rollout restart deploy/ghippo-apiserver -n ghippo-system\n
AI Lab \u652f\u6301\u56db\u79cd\u7528\u6237\u89d2\u8272\uff1a
\u5f00\u53d1\u63a7\u5236\u53f0
\u548c \u8fd0\u7ef4\u7ba1\u7406
\u5168\u90e8\u529f\u80fd\u7684\u589e\u5220\u6539\u67e5\u7684\u6743\u9650\u3002\u5f00\u53d1\u63a7\u5236\u53f0
\u5168\u90e8\u529f\u80fd\u7684\u589e\u5220\u6539\u67e5\u7684\u6743\u9650\u3002\u5f00\u53d1\u63a7\u5236\u53f0
\u5168\u90e8\u529f\u80fd\u7684\u66f4\u65b0\u3001\u67e5\u8be2\u7684\u6743\u9650\u3002\u5f00\u53d1\u63a7\u5236\u53f0
\u5168\u90e8\u529f\u80fd\u7684\u67e5\u8be2\u7684\u6743\u9650\u3002\u6bcf\u79cd\u89d2\u8272\u5177\u6709\u4e0d\u540c\u7684\u6743\u9650\uff0c\u5177\u4f53\u8bf4\u660e\u5982\u4e0b\u3002
\u83dc\u5355\u5bf9\u8c61 \u64cd\u4f5c Admin / Baize Owner Workspace Admin Workspace Editor Workspace Viewer \u5f00\u53d1\u63a7\u5236\u53f0 \u6982\u89c8 \u67e5\u770b\u6982\u89c8 \u2713 \u2713 \u2713 \u2713 Notebooks \u67e5\u770b Notebooks \u5217\u8868 \u2713 \u2713 \u2713 \u2713 \u67e5\u770b Notebooks \u8be6\u60c5 \u2713 \u2713 \u2713 \u2717 \u521b\u5efa Notebooks \u2713 \u2713 \u2717 \u2717 \u66f4\u65b0 Notebooks \u2713 \u2713 \u2713 \u2717 \u514b\u9686 Notebooks \u2713 \u2713 \u2717 \u2717 \u505c\u6b62 Notebooks \u2713 \u2713 \u2713 \u2717 \u542f\u52a8 Notebooks \u2713 \u2713 \u2713 \u2717 \u5220\u9664 Notebooks \u2713 \u2713 \u2717 \u2717 \u4efb\u52a1\u5217\u8868 \u67e5\u770b\u4efb\u52a1\u5217\u8868 \u2713 \u2713 \u2713 \u2713 \u67e5\u770b\u4efb\u52a1\u8be6\u60c5 \u2713 \u2713 \u2713 \u2713 \u521b\u5efa\u4efb\u52a1 \u2713 \u2713 \u2717 \u2717 \u514b\u9686\u4efb\u52a1 \u2713 \u2713 \u2717 \u2717 \u67e5\u770b\u4efb\u52a1\u8d1f\u8f7d\u8be6\u60c5 \u2713 \u2713 \u2713 \u2717 \u5220\u9664\u4efb\u52a1 \u2713 \u2713 \u2717 \u2717 \u4efb\u52a1\u5206\u6790 \u67e5\u770b\u4efb\u52a1\u5206\u6790 \u2713 \u2713 \u2713 \u2713 \u67e5\u770b\u4efb\u52a1\u5206\u6790\u8be6\u60c5 \u2713 \u2713 \u2713 \u2713 \u5220\u9664\u4efb\u52a1\u5206\u6790 \u2713 \u2713 \u2717 \u2717 \u6570\u636e\u96c6\u5217\u8868 \u67e5\u770b\u6570\u636e\u96c6\u5217\u8868 \u2713 \u2713 \u2713 \u2717 \u521b\u5efa\u6570\u636e\u96c6 \u2713 \u2713 \u2717 \u2717 \u91cd\u65b0\u540c\u6b65\u6570\u636e\u96c6 \u2713 \u2713 \u2713 \u2717 \u66f4\u65b0\u51ed\u8bc1 \u2713 \u2713 \u2713 \u2717 \u5220\u9664\u6570\u636e\u96c6 \u2713 \u2713 \u2717 \u2717 \u73af\u5883\u7ba1\u7406 \u67e5\u770b\u73af\u5883\u7ba1\u7406\u5217\u8868 \u2713 \u2713 \u2713 \u2713 \u521b\u5efa\u73af\u5883 \u2713 \u2713 \u2717 \u2717 \u66f4\u65b0\u73af\u5883 \u2713 \u2713 \u2713 \u2717 \u5220\u9664\u73af\u5883 \u2713 \u2713 \u2717 \u2717 \u63a8\u7406\u670d\u52a1 \u67e5\u770b\u63a8\u7406\u670d\u52a1\u5217\u8868 \u2713 \u2713 \u2713 \u2713 \u67e5\u770b\u63a8\u7406\u670d\u52a1\u8be6\u60c5 \u2713 \u2713 \u2713 \u2713 \u521b\u5efa\u63a8\u7406\u670d\u52a1 \u2713 \u2713 \u2717 \u2717 \u66f4\u65b0\u63a8\u7406\u670d\u52a1 \u2713 \u2713 \u2713 \u2717 \u505c\u6b62\u63a8\u7406\u670d\u52a1 \u2713 \u2713 \u2713 \u2717 \u542f\u52a8\u63a8\u7406\u670d\u52a1 \u2713 \u2713 \u2713 \u2717 \u5220\u9664\u63a8\u7406\u670d\u52a1 \u2713 \u2713 \u2717 \u2717 \u8fd0\u7ef4\u7ba1\u7406 \u6982\u89c8 \u67e5\u770b\u6982\u89c8 \u2713 \u2717 \u2717 \u2717 GPU \u7ba1\u7406 \u67e5\u770b GPU \u7ba1\u7406\u5217\u8868 \u2713 \u2717 \u2717 \u2717 \u961f\u5217\u7ba1\u7406 \u67e5\u770b\u961f\u5217\u7ba1\u7406\u5217\u8868 \u2713 \u2717 \u2717 \u2717 \u67e5\u770b\u961f\u5217\u8be6\u60c5 \u2713 \u2717 \u2717 \u2717 \u521b\u5efa\u961f\u5217 \u2713 \u2717 \u2717 \u2717 \u66f4\u65b0\u961f\u5217 \u2713 \u2717 \u2717 \u2717 \u5220\u9664\u961f\u5217 \u2713 \u2717 \u2717 \u2717"},{"location":"admin/ghippo/permissions/kpanda.html","title":"\u5bb9\u5668\u7ba1\u7406\u6743\u9650\u8bf4\u660e","text":"\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u4f7f\u7528\u4ee5\u4e0b\u89d2\u8272\uff1a
Note
\u5404\u89d2\u8272\u6240\u5177\u5907\u7684\u6743\u9650\u5982\u4e0b\uff1a
\u4e00\u7ea7\u529f\u80fd \u4e8c\u7ea7\u529f\u80fd \u6743\u9650\u70b9 Cluster Admin Ns Admin Ns Editor NS Viewer \u96c6\u7fa4 \u96c6\u7fa4\u5217\u8868 \u67e5\u770b\u96c6\u7fa4\u5217\u8868 \u2713 \u2713 \u2713 \u2713 \u63a5\u5165\u96c6\u7fa4 \u2717 \u2717 \u2717 \u2717 \u521b\u5efa\u96c6\u7fa4 \u2717 \u2717 \u2717 \u2717 \u96c6\u7fa4\u64cd\u4f5c \u8fdb\u5165\u63a7\u5236\u53f0 \u2713 \u2713\uff08\u4ec5\u5217\u8868\u5185\u53ef\u4ee5\u8fdb\u5165\uff09 \u2713 \u2717 \u67e5\u770b\u76d1\u63a7 \u2713 \u2717 \u2717 \u2717 \u7f16\u8f91\u57fa\u7840\u914d\u7f6e \u2713 \u2717 \u2717 \u2717 \u4e0b\u8f7d kubeconfig \u2713 \u2713\uff08\u4e0b\u8f7dns\u6743\u9650\u7684kubeconfig\uff09 \u2713\uff08\u4e0b\u8f7d ns \u6743\u9650\u7684 kubeconfig\uff09 \u2713\uff08\u4e0b\u8f7d ns \u6743\u9650\u7684 kubeconfig\uff09 \u89e3\u9664\u63a5\u5165 \u2717 \u2717 \u2717 \u2717 \u67e5\u770b\u65e5\u5fd7 \u2713 \u2717 \u2717 \u2717 \u91cd\u8bd5 \u2717 \u2717 \u2717 \u2717 \u5378\u8f7d\u96c6\u7fa4 \u2717 \u2717 \u2717 \u2717 \u96c6\u7fa4\u6982\u89c8 \u67e5\u770b\u96c6\u7fa4\u6982\u89c8 \u2713 \u2717 \u2717 \u2717 \u8282\u70b9\u7ba1\u7406 \u63a5\u5165\u8282\u70b9 \u2717 \u2717 \u2717 \u2717 \u67e5\u770b\u8282\u70b9\u5217\u8868 \u2713 \u2717 \u2717 \u2717 \u67e5\u770b\u8282\u70b9\u8be6\u60c5 \u2713 \u2717 \u2717 \u2717 \u67e5\u770b YAML \u2713 \u2717 \u2717 \u2717 \u6682\u505c\u8c03\u5ea6 \u2713 \u2717 \u2717 \u2717 \u4fee\u6539\u6807\u7b7e \u2713 \u2717 \u2717 \u2717 \u4fee\u6539\u6ce8\u89e3 \u2713 \u2717 \u2717 \u2717 \u4fee\u6539\u6c61\u70b9 \u2713 \u2717 \u2717 \u2717 \u79fb\u9664\u8282\u70b9 \u2717 \u2717 \u2717 \u2717 \u65e0\u72b6\u6001\u8d1f\u8f7d \u67e5\u770b\u5217\u8868 \u2713 \u2713 \u2713 \u2713 \u67e5\u770b/\u7ba1\u7406\u8be6\u60c5 \u2713 \u2713 \u2713 \u2713\uff08\u4ec5\u67e5\u770b\uff09 YAML \u521b\u5efa \u2713 \u2713 \u2713 \u2717 \u955c\u50cf\u521b\u5efa \u2713 \u2713 \u2713 \u2717 \u9009\u62e9 ns \u7ed1\u5b9a\u7684 ws \u5185\u7684\u5b9e\u4f8b \u9009\u62e9\u955c\u50cf \u2713 \u2713 \u2713 \u2717 IP \u6c60\u67e5\u770b \u2713 \u2713 \u2713 \u2717 \u7f51\u5361\u7f16\u8f91 \u2713 \u2713 \u2713 \u2717 \u8fdb\u5165\u63a7\u5236\u53f0 \u2713 \u2713 \u2713 \u2717 \u67e5\u770b\u76d1\u63a7 \u2713 \u2713 \u2713 \u2713 \u67e5\u770b\u65e5\u5fd7 \u2713 \u2713 \u2713 \u2713 \u8d1f\u8f7d\u4f38\u7f29 \u2713 \u2713 \u2713 \u2717 \u7f16\u8f91 YAML \u2713 \u2713 \u2713 \u2717 \u66f4\u65b0 \u2713 \u2713 \u2713 \u2717 \u72b6\u6001 - \u6682\u505c\u5347\u7ea7 \u2713 \u2713 \u2713 \u2717 \u72b6\u6001 - \u505c\u6b62 \u2713 \u2713 \u2713 \u2717 \u72b6\u6001 - \u91cd\u542f \u2713 \u2713 \u2713 \u2717 \u5220\u9664 \u2713 \u2713 \u2713 \u2717 \u6709\u72b6\u6001\u8d1f\u8f7d \u67e5\u770b\u5217\u8868 \u2713 \u2713 \u2713 \u2713 \u67e5\u770b/\u7ba1\u7406\u8be6\u60c5 \u2713 \u2713 \u2713 \u2713\uff08\u4ec5\u67e5\u770b\uff09 YAML \u521b\u5efa \u2713 \u2713 \u2713 \u2717 \u955c\u50cf\u521b\u5efa \u2713 \u2713 \u2713 \u2717 \u9009\u62e9ns\u7ed1\u5b9a\u7684ws\u5185\u7684\u5b9e\u4f8b \u9009\u62e9\u955c\u50cf \u2713 \u2713 \u2713 \u2717 \u8fdb\u5165\u63a7\u5236\u53f0 \u2713 \u2713 \u2713 \u2717 \u67e5\u770b\u76d1\u63a7 \u2713 \u2713 \u2713 \u2713 \u67e5\u770b\u65e5\u5fd7 \u2713 \u2713 \u2713 \u2713 \u8d1f\u8f7d\u4f38\u7f29 \u2713 \u2713 \u2713 \u2717 \u7f16\u8f91 YAML \u2713 \u2713 \u2713 \u2717 \u66f4\u65b0 \u2713 \u2713 \u2713 \u2717 \u72b6\u6001-\u505c\u6b62 \u2713 \u2713 \u2713 \u2717 \u72b6\u6001-\u91cd\u542f \u2713 \u2713 \u2713 \u2717 \u5220\u9664 \u2713 \u2713 \u2713 \u2717 \u5b88\u62a4\u8fdb\u7a0b \u67e5\u770b\u5217\u8868 \u2713 \u2713 \u2713 \u2713 \u67e5\u770b/\u7ba1\u7406\u8be6\u60c5 \u2713 \u2713 \u2713 \u2713\uff08\u4ec5\u67e5\u770b\uff09 YAML \u521b\u5efa \u2713 \u2713 \u2713 \u2717 \u955c\u50cf\u521b\u5efa \u2713 \u2713 \u2713 \u2717 \u9009\u62e9ns\u7ed1\u5b9a\u7684ws\u5185\u7684\u5b9e\u4f8b \u9009\u62e9\u955c\u50cf \u2713 \u2713 \u2713 \u2717 \u8fdb\u5165\u63a7\u5236\u53f0 \u2713 \u2713 \u2713 \u2717 \u67e5\u770b\u76d1\u63a7 \u2713 \u2713 \u2713 \u2713 \u67e5\u770b\u65e5\u5fd7 \u2713 \u2713 \u2713 \u2713 \u7f16\u8f91 YAML \u2713 \u2713 \u2713 \u2717 \u66f4\u65b0 \u2713 \u2713 \u2713 \u2717 \u72b6\u6001-\u91cd\u542f \u2713 \u2713 \u2713 \u2717 \u5220\u9664 \u2713 \u2713 \u2713 \u2717 \u4efb\u52a1 \u67e5\u770b\u5217\u8868 \u2713 \u2713 \u2713 \u2713 \u67e5\u770b/\u7ba1\u7406\u8be6\u60c5 \u2713 \u2713 \u2713 \u2713\uff08\u4ec5\u67e5\u770b\uff09 YAML \u521b\u5efa \u2713 \u2713 \u2713 \u2717 \u955c\u50cf\u521b\u5efa \u2713 \u2713 \u2713 \u2717 \u5b9e\u4f8b\u5217\u8868 \u2713 \u2713 \u2713 \u2713 \u9009\u62e9ns\u7ed1\u5b9a\u7684ws\u5185\u7684\u5b9e\u4f8b \u9009\u62e9\u955c\u50cf \u2713 \u2713 \u2713 \u2717 \u8fdb\u5165\u63a7\u5236\u53f0 \u2713 \u2713 \u2713 \u2717 \u67e5\u770b\u65e5\u5fd7 \u2713 \u2713 \u2713 \u2713 \u67e5\u770b YAML \u2713 \u2713 \u2713 \u2713 \u91cd\u542f \u2713 \u2713 \u2713 \u2717 \u67e5\u770b\u4e8b\u4ef6 \u2713 \u2713 \u2713 \u2713 \u5220\u9664 \u2713 \u2713 \u2713 \u2717 \u5b9a\u65f6\u4efb\u52a1 \u67e5\u770b\u5217\u8868 \u2713 \u2713 \u2713 \u2713 \u67e5\u770b/\u7ba1\u7406\u8be6\u60c5 \u2713 \u2713 \u2713 \u2713\uff08\u4ec5\u67e5\u770b\uff09 YAML \u521b\u5efa \u2713 \u2713 \u2713 \u2717 \u955c\u50cf\u521b\u5efa \u2713 \u2713 \u2713 \u2717 \u9009\u62e9ns\u7ed1\u5b9a\u7684ws\u5185\u7684\u5b9e\u4f8b \u9009\u62e9\u955c\u50cf \u2713 \u2713 \u2713 \u2717 \u7f16\u8f91 YAML \u2713 \u2713 \u2713 \u2717 \u505c\u6b62 \u2713 \u2713 \u2713 \u2717 \u67e5\u770b\u4efb\u52a1\u5217\u8868 \u2713 \u2713 \u2713 \u2713 \u67e5\u770b\u4e8b\u4ef6 \u2713 \u2713 \u2713 \u2713 \u5220\u9664 \u2713 \u2713 \u2713 \u2717 \u5bb9\u5668\u7ec4 \u67e5\u770b\u5217\u8868 \u2713 \u2713 \u2713 \u2713 \u67e5\u770b/\u7ba1\u7406\u8be6\u60c5 \u2713 \u2713 \u2713 \u2713\uff08\u4ec5\u67e5\u770b\uff09 \u8fdb\u5165\u63a7\u5236\u53f0 \u2713 \u2713 \u2713 \u2717 \u67e5\u770b\u76d1\u63a7 \u2713 \u2713 \u2713 \u2713 \u67e5\u770b\u65e5\u5fd7 \u2713 \u2713 \u2713 \u2713 \u67e5\u770b YAML \u2713 \u2713 \u2713 \u2713 \u4e0a\u4f20\u6587\u4ef6 \u2713 \u2713 \u2713 \u2717 \u4e0b\u8f7d\u6587\u4ef6 \u2713 \u2713 \u2713 \u2717 \u67e5\u770b\u5bb9\u5668\u5217\u8868 \u2713 \u2713 \u2713 \u2713 \u67e5\u770b\u4e8b\u4ef6 \u2713 \u2713 \u2713 \u2713 \u5220\u9664 \u2713 \u2713 \u2713 \u2717 ReplicaSet \u67e5\u770b\u5217\u8868 \u2713 \u2713 \u2713 \u2713 \u67e5\u770b/\u7ba1\u7406\u8be6\u60c5 \u2713 \u2713 \u2713 \u2713\uff08\u4ec5\u67e5\u770b\uff09 \u8fdb\u5165\u63a7\u5236\u53f0 \u2713 \u2713 \u2713 \u2717 \u67e5\u770b\u76d1\u63a7 \u2713 \u2713 \u2713 \u2713 \u67e5\u770b\u65e5\u5fd7 \u2713 \u2713 \u2713 \u2713 \u67e5\u770b YAML \u2713 \u2713 \u2713 \u2713 \u5220\u9664 \u2713 \u2713 \u2713 \u2717 Helm \u5e94\u7528 \u67e5\u770b\u5217\u8868 \u2713 \u2713 \u2713 \u2713 \u67e5\u770b/\u7ba1\u7406\u8be6\u60c5 \u2713 \u2713 \u2713 \u2713\uff08\u4ec5\u67e5\u770b\uff09 \u66f4\u65b0 \u2713 \u2713 \u2713 \u2717 \u67e5\u770b YAML \u2713 \u2713 \u2713 \u2713 \u5220\u9664 \u2713 \u2713 \u2713 \u2717 Helm \u6a21\u677f \u67e5\u770b\u5217\u8868 \u2713 \u2713 \u2713 \u2713 \u67e5\u770b\u8be6\u60c5 \u2713 \u2713 \u2713 \u2713 \u5b89\u88c5\u6a21\u677f \u2713 \u2713\uff08ns\u7ea7\u522b\u7684\u53ef\u4ee5\uff09 \u2717 \u2717 \u4e0b\u8f7d\u6a21\u677f \u2713 \u2713 \u2713\uff08\u548c\u67e5\u770b\u63a5\u53e3\u4e00\u81f4\uff09 \u2713 Helm \u4ed3\u5e93 \u67e5\u770b\u5217\u8868 \u2713 \u2713 \u2713 \u2713 \u521b\u5efa\u4ed3\u5e93 \u2713 \u2717 \u2717 \u2717 \u66f4\u65b0\u4ed3\u5e93 \u2713 \u2717 \u2717 \u2717 \u514b\u9686\u4ed3\u5e93 \u2713 \u2717 \u2717 \u2717 \u5237\u65b0\u4ed3\u5e93 \u2713 \u2717 \u2717 \u2717 \u4fee\u6539\u6807\u7b7e \u2713 \u2717 \u2717 \u2717 \u4fee\u6539\u6ce8\u89e3 \u2713 \u2717 \u2717 \u2717 \u5220\u9664 \u2713 \u2717 \u2717 \u2717 \u670d\u52a1 \u67e5\u770b\u5217\u8868 \u2713 \u2713 \u2713 \u2713 \u67e5\u770b/\u7ba1\u7406\u8be6\u60c5 \u2713 \u2713 \u2713 \u2713\uff08\u4ec5\u67e5\u770b\uff09 YAML \u521b\u5efa \u2713 \u2713 \u2713 \u2717 \u521b\u5efa \u2713 \u2713 \u2713 \u2717 \u66f4\u65b0 \u2713 \u2713 \u2713 \u2717 \u67e5\u770b\u4e8b\u4ef6 \u2713 \u2713 \u2713 \u2713 \u7f16\u8f91 YAML \u2713 \u2713 \u2713 \u2717 \u5220\u9664 \u2713 \u2713 \u2713 \u2717 \u8def\u7531 \u67e5\u770b\u5217\u8868 \u2713 \u2713 \u2713 \u2713 \u67e5\u770b/\u7ba1\u7406\u8be6\u60c5 \u2713 \u2713 \u2713 \u2713\uff08\u4ec5\u67e5\u770b\uff09 YAML \u521b\u5efa \u2713 \u2713 \u2713 \u2717 \u521b\u5efa \u2713 \u2713 \u2713 \u2717 \u66f4\u65b0 \u2713 \u2713 \u2713 \u2717 \u67e5\u770b\u4e8b\u4ef6 \u2713 \u2713 \u2713 \u2713 \u7f16\u8f91 YAML \u2713 \u2713 \u2713 \u2717 \u5220\u9664 \u2713 \u2713 \u2713 \u2717 \u7f51\u7edc\u7b56\u7565 \u67e5\u770b\u5217\u8868 \u2713 \u2713 \u2713 \u2713 \u67e5\u770b/\u7ba1\u7406\u8be6\u60c5 \u2713 \u2713 \u2713 \u2717 YAML \u521b\u5efa \u2713 \u2713 \u2713 \u2717 \u521b\u5efa \u2713 \u2713 \u2713 \u2717 \u5220\u9664 \u2713 \u2713 \u2713 \u2717 \u7f51\u7edc\u914d\u7f6e \u914d\u7f6e\u7f51\u7edc \u2713 \u2713 \u2713 \u2717 \u81ea\u5b9a\u4e49\u8d44\u6e90 \u67e5\u770b\u5217\u8868 \u2713 \u2717 \u2717 \u2717 \u67e5\u770b/\u7ba1\u7406\u8be6\u60c5 \u2713 \u2717 \u2717 \u2717 YAML \u521b\u5efa \u2713 \u2717 \u2717 \u2717 \u7f16\u8f91 YAML \u2713 \u2717 \u2717 \u2717 \u5220\u9664 \u2713 \u2717 \u2717 \u2717 PVC \u67e5\u770b\u5217\u8868 \u2713 \u2713 \u2713 \u2713 \u67e5\u770b/\u7ba1\u7406\u8be6\u60c5 \u2713 \u2713 \u2713 \u2713\uff08\u4ec5\u67e5\u770b\uff09 \u521b\u5efa \u2713 \u2713 \u2713 \u2717 \u9009\u62e9sc \u2713 \u2713 \u2713 \u2717 YAML \u521b\u5efa \u2713 \u2713 \u2713 \u2717 \u7f16\u8f91 YAML \u2713 \u2713 \u2713 \u2717 \u514b\u9686 \u2713 \u2713 \u2713 \u2717 \u5220\u9664 \u2713 \u2713 \u2713 \u2717 PV \u67e5\u770b\u5217\u8868 \u2713 \u2717 \u2717 \u2717 \u67e5\u770b/\u7ba1\u7406\u8be6\u60c5 \u2713 \u2717 \u2717 \u2717 YAML \u521b\u5efa \u2713 \u2717 \u2717 \u2717 \u521b\u5efa \u2713 \u2717 \u2717 \u2717 \u7f16\u8f91 YAML \u2713 \u2717 \u2717 \u2717 \u66f4\u65b0 \u2713 \u2717 \u2717 \u2717 \u514b\u9686 \u2713 \u2717 \u2717 \u2717 \u4fee\u6539\u6807\u7b7e \u2713 \u2717 \u2717 \u2717 \u4fee\u6539\u6ce8\u89e3 \u2713 \u2717 \u2717 \u2717 \u5220\u9664 \u2713 \u2717 \u2717 \u2717 SC \u67e5\u770b\u5217\u8868 \u2713 \u2717 \u2717 \u2717 YAML \u521b\u5efa \u2713 \u2717 \u2717 \u2717 \u521b\u5efa \u2713 \u2717 \u2717 \u2717 \u67e5\u770b YAML \u2713 \u2717 \u2717 \u2717 \u66f4\u65b0 \u2713 \u2717 \u2717 \u2717 \u6388\u6743\u547d\u540d\u7a7a\u95f4 \u2713 \u2717 \u2717 \u2717 \u89e3\u9664\u6388\u6743 \u2713 \u2717 \u2717 \u2717 \u5220\u9664 \u2713 \u2717 \u2717 \u2717 \u914d\u7f6e\u9879 \u67e5\u770b\u5217\u8868 \u2713 \u2713 \u2713 \u2713 \u67e5\u770b/\u7ba1\u7406\u8be6\u60c5 \u2713 \u2713 \u2713 \u2713\uff08\u4ec5\u67e5\u770b\uff09 YAML \u521b\u5efa \u2713 \u2713 \u2713 \u2717 \u521b\u5efa \u2713 \u2713 \u2713 \u2717 \u7f16\u8f91 YAML \u2713 \u2713 \u2713 \u2717 \u66f4\u65b0 \u2713 \u2713 \u2713 \u2717 \u5bfc\u51fa\u914d\u7f6e\u9879 \u2713 \u2713 \u2713 \u2717 \u5220\u9664 \u2713 \u2713 \u2713 \u2717 \u5bc6\u94a5 \u67e5\u770b\u5217\u8868 \u2713 \u2713 \u2713 \u2717 \u67e5\u770b/\u7ba1\u7406\u8be6\u60c5 \u2713 \u2713 \u2713 \u2717 YAML \u521b\u5efa \u2713 \u2713 \u2713 \u2717 \u521b\u5efa \u2713 \u2713 \u2713 \u2717 \u7f16\u8f91 YAML \u2713 \u2713 \u2713 \u2717 \u66f4\u65b0 \u2713 \u2713 \u2713 \u2717 \u5bfc\u51fa\u5bc6\u94a5 \u2713 \u2713 \u2713 \u2717 \u5220\u9664 \u2713 \u2713 \u2713 \u2717 \u547d\u540d\u7a7a\u95f4 \u67e5\u770b\u5217\u8868 \u2713 \u2713 \u2713 \u2713 \u67e5\u770b/\u7ba1\u7406\u8be6\u60c5 \u2713 \u2713 \u2713 \u2713\uff08\u4ec5\u67e5\u770b\uff09 YAML \u521b\u5efa \u2713 \u2717 \u2717 \u2717 \u521b\u5efa \u2713 \u2717 \u2717 \u2717 \u67e5\u770b YAML \u2713 \u2713 \u2713 \u2717 \u4fee\u6539\u6807\u7b7e \u2713 \u2713 \u2717 \u2717 \u89e3\u7ed1\u5de5\u4f5c\u7a7a\u95f4 \u2717 \u2717 \u2717 \u2717 \u7ed1\u5b9a\u5de5\u4f5c\u7a7a\u95f4 \u2717 \u2717 \u2717 \u2717 \u914d\u989d\u7ba1\u7406 \u2713 \u2717 \u2717 \u2717 \u5220\u9664 \u2713 \u2717 \u2717 \u2717 \u96c6\u7fa4\u64cd\u4f5c \u67e5\u770b\u5217\u8868 \u2713 \u2717 \u2717 \u2717 \u67e5\u770b YAML \u2713 \u2717 \u2717 \u2717 \u67e5\u770b\u65e5\u5fd7 \u2713 \u2717 \u2717 \u2717 \u5220\u9664 \u2713 \u2717 \u2717 \u2717 helm \u64cd\u4f5c \u8bbe\u7f6e\u4fdd\u7559\u6761\u6570 \u2713 \u2717 \u2717 \u2717 \u67e5\u770b YAML \u2713 \u2713 \u2717 \u2717 \u67e5\u770b\u65e5\u5fd7 \u2713 \u2713 \u2717 \u2717 \u5220\u9664 \u2713 \u2713 \u2717 \u2717 \u96c6\u7fa4\u5347\u7ea7 \u67e5\u770b\u8be6\u60c5 \u2713 \u2717 \u2717 \u2717 \u5347\u7ea7 \u2717 \u2717 \u2717 \u2717 \u96c6\u7fa4\u8bbe\u7f6e addon \u63d2\u4ef6\u914d\u7f6e \u2713 \u2717 \u2717 \u2717 \u9ad8\u7ea7\u914d\u7f6e \u2713 \u2717 \u2717 \u2717 \u547d\u540d\u7a7a\u95f4 \u67e5\u770b\u5217\u8868 \u2713 \u2713 \u2713 \u2713 \u521b\u5efa \u2713 \u2717 \u2717 \u2717 \u67e5\u770b/\u7ba1\u7406\u8be6\u60c5 \u2713 \u2713 \u2713 \u2713 \u67e5\u770b YAML \u2713 \u2713 \u2713 \u2717 \u4fee\u6539\u6807\u7b7e \u2713 \u2713 \u2717 \u2717 \u7ed1\u5b9a\u5de5\u4f5c\u7a7a\u95f4 \u2713 \u2717 \u2717 \u2717 \u914d\u989d\u7ba1\u7406 \u2713 \u2717 \u2717 \u2717 \u5220\u9664 \u2713 \u2717 \u2717 \u2717 \u5de5\u4f5c\u8d1f\u8f7d \u65e0\u72b6\u6001\u8d1f\u8f7d \u67e5\u770b\u5217\u8868 \u2713 \u2713 \u2713 \u2713 \u67e5\u770b/\u7ba1\u7406\u8be6\u60c5 \u2713 \u2713 \u2713 \u2713\uff08\u4ec5\u67e5\u770b\uff09 \u8fdb\u5165\u63a7\u5236\u53f0 \u2713 \u2713 \u2713 \u2717 \u67e5\u770b\u76d1\u63a7 \u2713 \u2713 \u2713 \u2713 \u67e5\u770b\u65e5\u5fd7 \u2713 \u2713 \u2713 \u2713 \u8d1f\u8f7d\u4f38\u7f29 \u2713 \u2713 \u2713 \u2717 \u7f16\u8f91 YAML \u2713 \u2713 \u2713 \u2717 \u66f4\u65b0 \u2713 \u2713 \u2713 \u2717 \u72b6\u6001-\u6682\u505c\u5347\u7ea7 \u2713 \u2713 \u2713 \u2717 \u72b6\u6001-\u505c\u6b62 \u2713 \u2713 \u2713 \u2717 \u72b6\u6001-\u91cd\u542f \u2713 \u2713 \u2713 \u2717 \u56de\u9000 \u2713 \u2713 \u2713 \u2717 \u4fee\u6539\u6807\u7b7e\u6ce8\u89e3 \u2713 \u2713 \u2713 \u2717 \u5220\u9664 \u2713 \u2713 \u2713 \u2717 \u6709\u72b6\u6001\u8d1f\u8f7d \u67e5\u770b\u5217\u8868 \u2713 \u2713 \u2713 \u2713 \u67e5\u770b/\u7ba1\u7406\u8be6\u60c5 \u2713 \u2713 \u2713 \u2713\uff08\u4ec5\u67e5\u770b\uff09 \u8fdb\u5165\u63a7\u5236\u53f0 \u2713 \u2713 \u2713 \u2717 \u67e5\u770b\u76d1\u63a7 \u2713 \u2713 \u2713 \u2713 \u67e5\u770b\u65e5\u5fd7 \u2713 \u2713 \u2713 \u2713 \u8d1f\u8f7d\u4f38\u7f29 \u2713 \u2713 \u2713 \u2717 \u7f16\u8f91 YAML \u2713 \u2713 \u2713 \u2717 \u66f4\u65b0 \u2713 \u2713 \u2713 \u2717 \u72b6\u6001-\u505c\u6b62 \u2713 \u2713 \u2713 \u2717 \u72b6\u6001-\u91cd\u542f \u2713 \u2713 \u2713 \u2717 \u5220\u9664 \u2713 \u2713 \u2713 \u2717 \u5b88\u62a4\u8fdb\u7a0b \u67e5\u770b\u5217\u8868 \u2713 \u2713 \u2713 \u2713 \u67e5\u770b/\u7ba1\u7406\u8be6\u60c5 \u2713 \u2713 \u2713 \u2713\uff08\u4ec5\u67e5\u770b\uff09 \u8fdb\u5165\u63a7\u5236\u53f0 \u2713 \u2713 \u2713 \u2717 \u67e5\u770b\u76d1\u63a7 \u2713 \u2713 \u2713 \u2713 \u67e5\u770b\u65e5\u5fd7 \u2713 \u2713 \u2713 \u2713 \u7f16\u8f91 YAML \u2713 \u2713 \u2713 \u2717 \u66f4\u65b0 \u2713 \u2713 \u2713 \u2717 \u72b6\u6001-\u91cd\u542f \u2713 \u2713 \u2713 \u2717 \u5220\u9664 \u2713 \u2713 \u2713 \u2717 \u4efb\u52a1 \u67e5\u770b\u5217\u8868 \u2713 \u2713 \u2713 \u2713 \u67e5\u770b/\u7ba1\u7406\u8be6\u60c5 \u2713 \u2713 \u2713 \u2713\uff08\u4ec5\u67e5\u770b\uff09 \u8fdb\u5165\u63a7\u5236\u53f0 \u2713 \u2713 \u2713 \u2717 \u67e5\u770b\u65e5\u5fd7 \u2713 \u2713 \u2713 \u2713 \u67e5\u770b YAML \u2713 \u2713 \u2713 \u2717 \u91cd\u542f \u2713 \u2713 \u2713 \u2717 \u67e5\u770b\u4e8b\u4ef6 \u2713 \u2713 \u2713 \u2713 \u5220\u9664 \u2713 \u2713 \u2713 \u2717 \u5b9a\u65f6\u4efb\u52a1 \u67e5\u770b\u5217\u8868 \u2713 \u2713 \u2713 \u2713 \u67e5\u770b/\u7ba1\u7406\u8be6\u60c5 \u2713 \u2713 \u2713 \u2713\uff08\u4ec5\u67e5\u770b\uff09 \u67e5\u770b\u4e8b\u4ef6 \u2713 \u2713 \u2713 \u2713 \u5220\u9664 \u2713 \u2713 \u2713 \u2717 \u5bb9\u5668\u7ec4 \u67e5\u770b\u5217\u8868 \u2713 \u2713 \u2713 \u2713 \u67e5\u770b/\u7ba1\u7406\u8be6\u60c5 \u2713 \u2713 \u2713 \u2713\uff08\u4ec5\u67e5\u770b\uff09 \u8fdb\u5165\u63a7\u5236\u53f0 \u2713 \u2713 \u2713 \u2717 \u67e5\u770b\u76d1\u63a7 \u2713 \u2713 \u2713 \u2713 \u67e5\u770b\u65e5\u5fd7 \u2713 \u2713 \u2713 \u2713 \u67e5\u770b YAML \u2713 \u2713 \u2713 \u2713 \u4e0a\u4f20\u6587\u4ef6 \u2713 \u2713 \u2713 \u2717 \u4e0b\u8f7d\u6587\u4ef6 \u2713 \u2713 \u2713 \u2717 \u67e5\u770b\u5bb9\u5668\u5217\u8868 \u2713 \u2713 \u2713 \u2713 \u67e5\u770b\u4e8b\u4ef6 \u2713 \u2713 \u2713 \u2713 \u5220\u9664 \u2713 \u2713 \u2713 \u2717 \u5907\u4efd\u6062\u590d \u5e94\u7528\u5907\u4efd \u67e5\u770b\u5217\u8868 \u2713 \u2717 \u2717 \u2717 \u67e5\u770b/\u7ba1\u7406\u8be6\u60c5 \u2713 \u2717 \u2717 \u2717 \u521b\u5efa\u5907\u4efd\u8ba1\u5212 \u2713 \u2717 \u2717 \u2717 \u67e5\u770b YAML \u2713 \u2717 \u2717 \u2717 \u66f4\u65b0\u8ba1\u5212 \u2713 \u2717 \u2717 \u2717 \u6682\u505c \u2713 \u2717 \u2717 \u2717 \u7acb\u5373\u6267\u884c \u2713 \u2717 \u2717 \u2717 \u5220\u9664 \u2713 \u2717 \u2717 \u2717 \u6062\u590d\u5907\u4efd \u67e5\u770b\u5217\u8868 \u2713 \u2717 \u2717 \u2717 \u67e5\u770b/\u7ba1\u7406\u8be6\u60c5 \u2713 \u2717 \u2717 \u2717 \u6062\u590d\u5907\u4efd \u2713 \u2717 \u2717 \u2717 \u5220\u9664 \u2713 \u2717 \u2717 \u2717 \u5907\u4efd\u70b9 \u67e5\u770b\u5217\u8868 \u2713 \u2717 \u2717 \u2717 \u5220\u9664 \u2713 \u2717 \u2717 \u2717 \u5bf9\u8c61\u5b58\u50a8 \u67e5\u770b\u5217\u8868 \u2713 \u2717 \u2717 \u2717 ETCD\u5907\u4efd \u67e5\u770b\u5907\u4efd\u7b56\u7565\u5217\u8868 \u2713 \u2717 \u2717 \u2717 \u521b\u5efa\u5907\u4efd\u7b56\u7565 \u2713 \u2717 \u2717 \u2717 \u67e5\u770b\u65e5\u5fd7 \u2713 \u2717 \u2717 \u2717 \u67e5\u770b YAML \u2713 \u2717 \u2717 \u2717 \u66f4\u65b0\u5907\u4efd\u7b56\u7565 \u2713 \u2717 \u2717 \u2717 \u505c\u6b62/\u542f\u52a8 \u2713 \u2717 \u2717 \u2717 \u7acb\u5373\u6267\u884c \u2713 \u2717 \u2717 \u2717 \u67e5\u770b/\u7ba1\u7406\u8be6\u60c5 \u2713 \u2717 \u2717 \u2717 \u5220\u9664\u5907\u4efd\u8bb0\u5f55 \u2713 \u2717 \u2717 \u2717 \u67e5\u770b\u5907\u4efd\u70b9\u5217\u8868 \u2713 \u2717 \u2717 \u2717 \u96c6\u7fa4\u5de1\u68c0 \u96c6\u7fa4\u5de1\u68c0 \u67e5\u770b\u5217\u8868 \u2713 \u2717 \u2717 \u2717 \u67e5\u770b/\u7ba1\u7406\u8be6\u60c5 \u2713 \u2717 \u2717 \u2717 \u96c6\u7fa4\u5de1\u68c0 \u2713 \u2717 \u2717 \u2717 \u8bbe\u7f6e \u2713 \u2717 \u2717 \u2717 \u6743\u9650\u7ba1\u7406 \u96c6\u7fa4\u6743\u9650 \u67e5\u770b\u5217\u8868 \u2713 \u2717 \u2717 \u2717 \u6388\u6743\u7528\u6237\u4e3a cluster admin \u2713 \u2717 \u2717 \u2717 \u5220\u9664 \u2713 \u2717 \u2717 \u2717 \u547d\u540d\u7a7a\u95f4\u6743\u9650 \u67e5\u770b\u5217\u8868 \u2713 \u2713 \u2717 \u2717 \u6388\u6743\u7528\u6237\u4e3a ns admin \u2713 \u2713 \u2717 \u2717 \u6388\u6743\u7528\u6237\u4e3a ns editor \u2713 \u2713 \u2717 \u2717 \u6388\u6743\u7528\u6237\u4e3a ns viewer \u2713 \u2713 \u2717 \u2717 \u7f16\u8f91\u6743\u9650 \u2713 \u2713 \u2717 \u2717 \u5220\u9664 \u2713 \u2713 \u2717 \u2717 \u5b89\u5168\u7ba1\u7406 \u5408\u89c4\u6027\u626b\u63cf \u67e5\u770b\u626b\u63cf\u62a5\u544a\u5217\u8868 \u2713 \u2717 \u2717 \u2717 \u67e5\u770b\u626b\u63cf\u62a5\u544a\u8be6\u60c5 \u2713 \u2717 \u2717 \u2717 \u4e0b\u8f7d\u626b\u63cf\u62a5\u544a \u2713 \u2717 \u2717 \u2717 \u5220\u9664\u626b\u63cf\u62a5\u544a \u2713 \u2717 \u2717 \u2717 \u67e5\u770b\u626b\u63cf\u7b56\u7565\u5217\u8868 \u2713 \u2717 \u2717 \u2717 \u521b\u5efa\u626b\u63cf\u7b56\u7565 \u2713 \u2717 \u2717 \u2717 \u5220\u9664\u626b\u63cf\u7b56\u7565 \u2713 \u2717 \u2717 \u2717 \u67e5\u770b\u626b\u63cf\u914d\u7f6e\u5217\u8868 \u2713 \u2717 \u2717 \u2717 \u67e5\u770b\u626b\u63cf\u914d\u7f6e\u8be6\u60c5 \u2713 \u2717 \u2717 \u2717 \u5220\u9664\u626b\u63cf\u914d\u7f6e \u2713 \u2717 \u2717 \u2717 \u6743\u9650\u626b\u63cf \u67e5\u770b\u626b\u63cf\u62a5\u544a\u5217\u8868 \u2713 \u2717 \u2717 \u2717 \u67e5\u770b\u626b\u63cf\u62a5\u544a\u8be6\u60c5 \u2713 \u2717 \u2717 \u2717 \u5220\u9664\u626b\u63cf\u62a5\u544a \u2713 \u2717 \u2717 \u2717 \u67e5\u770b\u626b\u63cf\u7b56\u7565\u5217\u8868 \u2713 \u2717 \u2717 \u2717 \u521b\u5efa\u626b\u63cf\u7b56\u7565 \u2713 \u2717 \u2717 \u2717 \u5220\u9664\u626b\u63cf\u7b56\u7565 \u2713 \u2717 \u2717 \u2717 \u6f0f\u6d1e\u626b\u63cf \u67e5\u770b\u626b\u63cf\u62a5\u544a\u5217\u8868 \u2713 \u2717 \u2717 \u2717 \u67e5\u770b\u626b\u63cf\u62a5\u544a\u8be6\u60c5 \u2713 \u2717 \u2717 \u2717 \u5220\u9664\u626b\u63cf\u62a5\u544a \u2713 \u2717 \u2717 \u2717 \u67e5\u770b\u626b\u63cf\u7b56\u7565\u5217\u8868 \u2713 \u2717 \u2717 \u2717 \u521b\u5efa\u626b\u63cf\u7b56\u7565 \u2713 \u2717 \u2717 \u2717 \u5220\u9664\u626b\u63cf\u7b56\u7565 \u2713 \u2717 \u2717 \u2717"},{"location":"admin/ghippo/personal-center/accesstoken.html","title":"\u8bbf\u95ee\u5bc6\u94a5","text":"\u8bbf\u95ee\u5bc6\u94a5\uff08Access Key\uff09\u53ef\u7528\u4e8e\u8bbf\u95ee\u5f00\u653e API \u548c\u6301\u7eed\u53d1\u5e03\uff0c\u7528\u6237\u53ef\u5728\u4e2a\u4eba\u4e2d\u5fc3\u53c2\u7167\u4ee5\u4e0b\u6b65\u9aa4\u83b7\u53d6\u5bc6\u94a5\u5e76\u8bbf\u95ee API\u3002
"},{"location":"admin/ghippo/personal-center/accesstoken.html#_2","title":"\u83b7\u53d6\u5bc6\u94a5","text":"\u767b\u5f55 AI \u7b97\u529b\u5e73\u53f0\uff0c\u5728\u53f3\u4e0a\u89d2\u7684\u4e0b\u62c9\u83dc\u5355\u4e2d\u627e\u5230 \u4e2a\u4eba\u4e2d\u5fc3 \uff0c\u53ef\u4ee5\u5728 \u8bbf\u95ee\u5bc6\u94a5 \u9875\u9762\u7ba1\u7406\u8d26\u53f7\u7684\u8bbf\u95ee\u5bc6\u94a5\u3002
Info
\u8bbf\u95ee\u5bc6\u94a5\u4fe1\u606f\u4ec5\u663e\u793a\u4e00\u6b21\u3002\u5982\u679c\u60a8\u5fd8\u8bb0\u4e86\u8bbf\u95ee\u5bc6\u94a5\u4fe1\u606f\uff0c\u60a8\u9700\u8981\u91cd\u65b0\u521b\u5efa\u65b0\u7684\u8bbf\u95ee\u5bc6\u94a5\u3002
"},{"location":"admin/ghippo/personal-center/accesstoken.html#api","title":"\u4f7f\u7528\u5bc6\u94a5\u8bbf\u95ee API","text":"\u5728\u8bbf\u95ee\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0openAPI \u65f6\uff0c\u5728\u8bf7\u6c42\u4e2d\u52a0\u4e0a\u8bf7\u6c42\u5934 Authorization:Bearer ${token}
\u4ee5\u6807\u8bc6\u8bbf\u95ee\u8005\u7684\u8eab\u4efd\uff0c \u5176\u4e2d ${token}
\u662f\u4e0a\u4e00\u6b65\u4e2d\u83b7\u53d6\u5230\u7684\u5bc6\u94a5\uff0c\u5177\u4f53\u63a5\u53e3\u4fe1\u606f\u53c2\u89c1 OpenAPI \u63a5\u53e3\u6587\u6863\u3002
\u8bf7\u6c42\u793a\u4f8b
curl -X GET -H 'Authorization:Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IkRKVjlBTHRBLXZ4MmtQUC1TQnVGS0dCSWc1cnBfdkxiQVVqM2U3RVByWnMiLCJ0eXAiOiJKV1QifQ.eyJleHAiOjE2NjE0MTU5NjksImlhdCI6MTY2MDgxMTE2OSwiaXNzIjoiZ2hpcHBvLmlvIiwic3ViIjoiZjdjOGIxZjUtMTc2MS00NjYwLTg2MWQtOWI3MmI0MzJmNGViIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiYWRtaW4iLCJncm91cHMiOltdfQ.RsUcrAYkQQ7C6BxMOrdD3qbBRUt0VVxynIGeq4wyIgye6R8Ma4cjxG5CbU1WyiHKpvIKJDJbeFQHro2euQyVde3ygA672ozkwLTnx3Tu-_mB1BubvWCBsDdUjIhCQfT39rk6EQozMjb-1X1sbLwzkfzKMls-oxkjagI_RFrYlTVPwT3Oaw-qOyulRSw7Dxd7jb0vINPq84vmlQIsI3UuTZSNO5BCgHpubcWwBss-Aon_DmYA-Et_-QtmPBA3k8E2hzDSzc7eqK0I68P25r9rwQ3DeKwD1dbRyndqWORRnz8TLEXSiCFXdZT2oiMrcJtO188Ph4eLGut1-4PzKhwgrQ' https://demo-dev.daocloud.io/apis/ghippo.io/v1alpha1/users?page=1&pageSize=10 -k\n
\u8bf7\u6c42\u7ed3\u679c
{\n \"items\": [\n {\n \"id\": \"a7cfd010-ebbe-4601-987f-d098d9ef766e\",\n \"name\": \"a\",\n \"email\": \"\",\n \"description\": \"\",\n \"firstname\": \"\",\n \"lastname\": \"\",\n \"source\": \"locale\",\n \"enabled\": true,\n \"createdAt\": \"1660632794800\",\n \"updatedAt\": \"0\",\n \"lastLoginAt\": \"\"\n }\n ],\n \"pagination\": {\n \"page\": 1,\n \"pageSize\": 10,\n \"total\": 1\n }\n}\n
"},{"location":"admin/ghippo/personal-center/language.html","title":"\u8bed\u8a00\u8bbe\u7f6e","text":"\u672c\u8282\u8bf4\u660e\u5982\u4f55\u8bbe\u7f6e\u754c\u9762\u8bed\u8a00\u3002\u76ee\u524d\u652f\u6301\u4e2d\u6587\u3001English \u4e24\u4e2a\u8bed\u8a00\u3002
\u8bed\u8a00\u8bbe\u7f6e\u662f\u5e73\u53f0\u63d0\u4f9b\u591a\u8bed\u8a00\u670d\u52a1\u7684\u5165\u53e3\uff0c\u5e73\u53f0\u9ed8\u8ba4\u663e\u793a\u4e3a\u4e2d\u6587\uff0c\u7528\u6237\u53ef\u6839\u636e\u9700\u8981\u9009\u62e9\u82f1\u8bed\u6216\u81ea\u52a8\u68c0\u6d4b\u6d4f\u89c8\u5668\u8bed\u8a00\u9996\u9009\u9879\u7684\u65b9\u5f0f\u6765\u5207\u6362\u5e73\u53f0\u8bed\u8a00\u3002 \u6bcf\u4e2a\u7528\u6237\u7684\u591a\u8bed\u8a00\u670d\u52a1\u662f\u76f8\u4e92\u72ec\u7acb\u7684\uff0c\u5207\u6362\u540e\u4e0d\u4f1a\u5f71\u54cd\u5176\u4ed6\u7528\u6237\u3002
\u5e73\u53f0\u63d0\u4f9b\u4e09\u79cd\u5207\u6362\u8bed\u8a00\u65b9\u5f0f\uff1a\u4e2d\u6587\u3001\u82f1\u8bed-English\u3001\u81ea\u52a8\u68c0\u6d4b\u60a8\u7684\u6d4f\u89c8\u5668\u8bed\u8a00\u9996\u9009\u9879\u3002
\u64cd\u4f5c\u6b65\u9aa4\u5982\u4e0b\u3002
\u4f7f\u7528\u60a8\u7684\u7528\u6237\u540d/\u5bc6\u7801\u767b\u5f55 AI \u7b97\u529b\u5e73\u53f0\u3002\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u5e95\u90e8\u7684 \u5168\u5c40\u7ba1\u7406 \u3002
\u70b9\u51fb\u53f3\u4e0a\u89d2\u7684\u7528\u6237\u540d\u4f4d\u7f6e\uff0c\u9009\u62e9 \u4e2a\u4eba\u4e2d\u5fc3 \u3002
\u70b9\u51fb \u8bed\u8a00\u8bbe\u7f6e \u9875\u7b7e\u3002
\u5207\u6362\u8bed\u8a00\u9009\u9879\u3002
\u529f\u80fd\u8bf4\u660e\uff1a\u7528\u4e8e\u586b\u5199\u90ae\u7bb1\u5730\u5740\u548c\u4fee\u6539\u767b\u5f55\u5bc6\u7801\u3002
\u5177\u4f53\u64cd\u4f5c\u6b65\u9aa4\u5982\u4e0b\uff1a
\u70b9\u51fb\u53f3\u4e0a\u89d2\u7684\u7528\u6237\u540d\u4f4d\u7f6e\uff0c\u9009\u62e9 \u4e2a\u4eba\u4e2d\u5fc3 \u3002
\u70b9\u51fb \u5b89\u5168\u8bbe\u7f6e \u9875\u7b7e\u3002\u586b\u5199\u60a8\u7684\u90ae\u7bb1\u5730\u5740\u6216\u4fee\u6539\u767b\u5f55\u5bc6\u7801\u3002
\u672c\u6587\u8bf4\u660e\u5982\u4f55\u914d\u7f6e SSH \u516c\u94a5\u3002
"},{"location":"admin/ghippo/personal-center/ssh-key.html#1-ssh","title":"\u6b65\u9aa4 1\uff1a\u67e5\u770b\u5df2\u5b58\u5728\u7684 SSH \u5bc6\u94a5","text":"\u5728\u751f\u6210\u65b0\u7684 SSH \u5bc6\u94a5\u524d\uff0c\u8bf7\u5148\u786e\u8ba4\u662f\u5426\u9700\u8981\u4f7f\u7528\u672c\u5730\u5df2\u751f\u6210\u7684 SSH \u5bc6\u94a5\uff0cSSH \u5bc6\u94a5\u5bf9\u4e00\u822c\u5b58\u653e\u5728\u672c\u5730\u7528\u6237\u7684\u6839\u76ee\u5f55\u4e0b\u3002 Linux\u3001Mac \u8bf7\u76f4\u63a5\u4f7f\u7528\u4ee5\u4e0b\u547d\u4ee4\u67e5\u770b\u5df2\u5b58\u5728\u7684\u516c\u94a5\uff0cWindows \u7528\u6237\u5728 WSL\uff08\u9700\u8981 Windows 10 \u6216\u4ee5\u4e0a\uff09\u6216 Git Bash \u4e0b\u4f7f\u7528\u4ee5\u4e0b\u547d\u4ee4\u67e5\u770b\u5df2\u751f\u6210\u7684\u516c\u94a5\u3002
ED25519 \u7b97\u6cd5\uff1a
cat ~/.ssh/id_ed25519.pub\n
RSA \u7b97\u6cd5\uff1a
cat ~/.ssh/id_rsa.pub\n
\u5982\u679c\u8fd4\u56de\u4e00\u957f\u4e32\u4ee5 ssh-ed25519 \u6216 ssh-rsa \u5f00\u5934\u7684\u5b57\u7b26\u4e32\uff0c\u8bf4\u660e\u5df2\u5b58\u5728\u672c\u5730\u516c\u94a5\uff0c \u60a8\u53ef\u4ee5\u8df3\u8fc7\u6b65\u9aa4 2 \u751f\u6210 SSH \u5bc6\u94a5\uff0c\u76f4\u63a5\u64cd\u4f5c\u6b65\u9aa4 3\u3002
"},{"location":"admin/ghippo/personal-center/ssh-key.html#2-ssh","title":"\u6b65\u9aa4 2\uff1a\u751f\u6210 SSH \u5bc6\u94a5","text":"\u82e5\u6b65\u9aa4 1 \u672a\u8fd4\u56de\u6307\u5b9a\u7684\u5185\u5bb9\u5b57\u7b26\u4e32\uff0c\u8868\u793a\u672c\u5730\u6682\u65e0\u53ef\u7528 SSH \u5bc6\u94a5\uff0c\u9700\u8981\u751f\u6210\u65b0\u7684 SSH \u5bc6\u94a5\uff0c\u8bf7\u6309\u5982\u4e0b\u6b65\u9aa4\u64cd\u4f5c\uff1a
\u8bbf\u95ee\u7ec8\u7aef\uff08Windows \u8bf7\u4f7f\u7528 WSL \u6216 Git Bash\uff09\uff0c \u8fd0\u884c ssh-keygen -t
\u3002
\u8f93\u5165\u5bc6\u94a5\u7b97\u6cd5\u7c7b\u578b\u548c\u53ef\u9009\u7684\u6ce8\u91ca\u3002
\u6ce8\u91ca\u4f1a\u51fa\u73b0\u5728 .pub \u6587\u4ef6\u4e2d\uff0c\u4e00\u822c\u53ef\u4f7f\u7528\u90ae\u7bb1\u4f5c\u4e3a\u6ce8\u91ca\u5185\u5bb9\u3002
\u57fa\u4e8e ED25519
\u7b97\u6cd5\uff0c\u751f\u6210\u5bc6\u94a5\u5bf9\u547d\u4ee4\u5982\u4e0b\uff1a
ssh-keygen -t ed25519 -C \"<\u6ce8\u91ca\u5185\u5bb9>\"\n
\u57fa\u4e8e RSA
\u7b97\u6cd5\uff0c\u751f\u6210\u5bc6\u94a5\u5bf9\u547d\u4ee4\u5982\u4e0b\uff1a
ssh-keygen -t rsa -C \"<\u6ce8\u91ca\u5185\u5bb9>\"\n
\u70b9\u51fb\u56de\u8f66\uff0c\u9009\u62e9 SSH \u5bc6\u94a5\u751f\u6210\u8def\u5f84\u3002
\u4ee5 ED25519 \u7b97\u6cd5\u4e3a\u4f8b\uff0c\u9ed8\u8ba4\u8def\u5f84\u5982\u4e0b\uff1a
Generating public/private ed25519 key pair.\nEnter file in which to save the key (/home/user/.ssh/id_ed25519):\n
\u5bc6\u94a5\u9ed8\u8ba4\u751f\u6210\u8def\u5f84\uff1a/home/user/.ssh/id_ed25519
\uff0c\u516c\u94a5\u4e0e\u4e4b\u5bf9\u5e94\u4e3a\uff1a/home/user/.ssh/id_ed25519.pub
\u3002
\u8bbe\u7f6e\u4e00\u4e2a\u5bc6\u94a5\u53e3\u4ee4\u3002
Enter passphrase (empty for no passphrase):\nEnter same passphrase again:\n
\u53e3\u4ee4\u9ed8\u8ba4\u4e3a\u7a7a\uff0c\u60a8\u53ef\u4ee5\u9009\u62e9\u4f7f\u7528\u53e3\u4ee4\u4fdd\u62a4\u79c1\u94a5\u6587\u4ef6\u3002 \u5982\u679c\u60a8\u4e0d\u60f3\u5728\u6bcf\u6b21\u4f7f\u7528 SSH \u534f\u8bae\u8bbf\u95ee\u4ed3\u5e93\u65f6\uff0c\u90fd\u8981\u8f93\u5165\u7528\u4e8e\u4fdd\u62a4\u79c1\u94a5\u6587\u4ef6\u7684\u53e3\u4ee4\uff0c\u53ef\u4ee5\u5728\u521b\u5efa\u5bc6\u94a5\u65f6\uff0c\u8f93\u5165\u7a7a\u53e3\u4ee4\u3002
\u70b9\u51fb\u56de\u8f66\uff0c\u5b8c\u6210\u5bc6\u94a5\u5bf9\u521b\u5efa\u3002
\u9664\u4e86\u5728\u547d\u4ee4\u884c\u6253\u5370\u51fa\u5df2\u751f\u6210\u7684\u516c\u94a5\u4fe1\u606f\u624b\u52a8\u590d\u5236\u5916\uff0c\u53ef\u4ee5\u4f7f\u7528\u547d\u4ee4\u62f7\u8d1d\u516c\u94a5\u5230\u7c98\u8d34\u677f\u4e0b\uff0c\u8bf7\u53c2\u8003\u64cd\u4f5c\u7cfb\u7edf\u4f7f\u7528\u4ee5\u4e0b\u547d\u4ee4\u8fdb\u884c\u62f7\u8d1d\u3002
Windows\uff08\u5728 WSL \u6216 Git Bash \u4e0b\uff09\uff1a
cat ~/.ssh/id_ed25519.pub | clip\n
Mac\uff1a
tr -d '\\n'< ~/.ssh/id_ed25519.pub | pbcopy\n
GNU/Linux (requires xclip):
xclip -sel clip < ~/.ssh/id_ed25519.pub\n
\u767b\u5f55\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0UI \u9875\u9762\uff0c\u5728\u9875\u9762\u53f3\u4e0a\u89d2\u9009\u62e9 \u4e2a\u4eba\u4e2d\u5fc3 -> SSH \u516c\u94a5 \u3002
\u6dfb\u52a0\u751f\u6210\u7684 SSH \u516c\u94a5\u4fe1\u606f\u3002
SSH \u516c\u94a5\u5185\u5bb9\u3002
\u516c\u94a5\u6807\u9898\uff1a\u652f\u6301\u81ea\u5b9a\u4e49\u516c\u94a5\u540d\u79f0\uff0c\u7528\u4e8e\u533a\u5206\u7ba1\u7406\u3002
\u8fc7\u671f\u65f6\u95f4\uff1a\u8bbe\u7f6e\u516c\u94a5\u8fc7\u671f\u65f6\u95f4\uff0c\u5230\u671f\u540e\u516c\u94a5\u5c06\u81ea\u52a8\u5931\u6548\uff0c\u4e0d\u53ef\u4f7f\u7528\uff1b\u5982\u679c\u4e0d\u8bbe\u7f6e\uff0c\u5219\u6c38\u4e45\u6709\u6548\u3002
\u5173\u4e8e\u5e73\u53f0 \u4e3b\u8981\u5448\u73b0\u5e73\u53f0\u5404\u4e2a\u5b50\u6a21\u5757\u5f53\u524d\u66f4\u65b0\u7684\u7248\u672c\uff0c\u58f0\u660e\u4e86\u5e73\u53f0\u4f7f\u7528\u7684\u5404\u4e2a\u5f00\u6e90\u8f6f\u4ef6\uff0c\u5e76\u4ee5\u52a8\u753b\u89c6\u9891\u7684\u65b9\u5f0f\u81f4\u8c22\u4e86\u5e73\u53f0\u7684\u6280\u672f\u56e2\u961f\u3002
\u67e5\u770b\u6b65\u9aa4\uff1a
\u4f7f\u7528\u5177\u6709 Admin \u89d2\u8272\u7684\u7528\u6237\u767b\u5f55 AI \u7b97\u529b\u5e73\u53f0\u3002\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u5e95\u90e8\u7684 \u5168\u5c40\u7ba1\u7406 \u3002
\u70b9\u51fb \u5e73\u53f0\u8bbe\u7f6e \uff0c\u9009\u62e9 \u5173\u4e8e\u5e73\u53f0 \uff0c\u67e5\u770b\u4ea7\u54c1\u7248\u672c\u3001\u5f00\u6e90\u8f6f\u4ef6\u58f0\u660e\u548c\u6280\u672f\u56e2\u961f\u3002
License \u58f0\u660e
\u6280\u672f\u56e2\u961f
\u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4e2d\uff0c\u53ef\u901a\u8fc7 \u5916\u89c2\u5b9a\u5236 \u66f4\u6362\u767b\u5f55\u754c\u9762\u3001\u9876\u90e8\u5bfc\u822a\u680f\u4ee5\u53ca\u5e95\u90e8\u7248\u6743\u548c\u5907\u6848\u4fe1\u606f\uff0c\u5e2e\u52a9\u7528\u6237\u66f4\u597d\u5730\u8fa8\u8bc6\u4ea7\u54c1\u3002
"},{"location":"admin/ghippo/platform-setting/appearance.html#_2","title":"\u5b9a\u5236\u8bf4\u660e","text":"\u4f7f\u7528\u5177\u6709 admin \u89d2\u8272\u7684\u7528\u6237\u767b\u5f55 AI \u7b97\u529b\u5e73\u53f0\u3002\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u5e95\u90e8\u7684 \u5168\u5c40\u7ba1\u7406 -> \u5e73\u53f0\u8bbe\u7f6e \u3002
\u9009\u62e9 \u5916\u89c2\u5b9a\u5236 \uff0c\u5728 \u767b\u5f55\u9875\u5b9a\u5236 \u9875\u7b7e\u4e2d\uff0c\u4fee\u6539\u767b\u5f55\u9875\u7684\u56fe\u6807\u548c\u6587\u5b57\u540e\uff0c\u70b9\u51fb \u4fdd\u5b58 \u3002
\u9000\u51fa\u767b\u5f55\uff0c\u5728\u767b\u5f55\u9875\u5237\u65b0\u540e\u53ef\u770b\u5230\u914d\u7f6e\u540e\u7684\u6548\u679c
\u70b9\u51fb \u9876\u90e8\u5bfc\u822a\u680f\u5b9a\u5236 \u9875\u7b7e\uff0c\u4fee\u6539\u5bfc\u822a\u680f\u7684\u56fe\u6807\u548c\u6587\u5b57\u540e\uff0c\u70b9\u51fb \u4fdd\u5b58 \u3002
\u70b9\u51fb \u9ad8\u7ea7\u5b9a\u5236 \uff0c\u53ef\u4ee5\u7528 CSS \u6837\u5f0f\u8bbe\u7f6e\u767b\u5f55\u9875\u3001\u5bfc\u822a\u680f\u3001\u5e95\u90e8\u7248\u6743\u53ca\u5907\u6848\u4fe1\u606f\u3002
\u9ad8\u7ea7\u5b9a\u5236\u80fd\u591f\u901a\u8fc7 CSS \u6837\u5f0f\u6765\u4fee\u6539\u6574\u4e2a\u5bb9\u5668\u5e73\u53f0\u7684\u989c\u8272\u3001\u5b57\u4f53\u95f4\u9694\u3001\u5b57\u53f7\u7b49\u3002 \u60a8\u9700\u8981\u719f\u6089 CSS \u8bed\u6cd5\u3002\u5220\u9664\u9ed1\u8272\u8f93\u5165\u6846\u7684\u5185\u5bb9\uff0c\u53ef\u6062\u590d\u5230\u9ed8\u8ba4\u72b6\u6001\uff0c\u5f53\u7136\u4e5f\u53ef\u4ee5\u70b9\u51fb \u4e00\u952e\u8fd8\u539f \u6309\u94ae\u3002
\u767b\u5f55\u9875\u5b9a\u5236\u7684 CSS \u6837\u4f8b\uff1a
.test {\n width: 12px;\n}\n\n#kc-login {\n /* color: red!important; */\n}\n
\u767b\u5f55\u540e\u9875\u9762\u5b9a\u5236\u7684 CSS \u6837\u4f8b\uff1a
.dao-icon.dao-iconfont.icon-service-global.dao-nav__head-icon {\n color: red!important;\n}\n.ghippo-header-logo {\n background-color: green!important;\n}\n.ghippo-header {\n background-color: rgb(128, 115, 0)!important;\n}\n.ghippo-header-nav-main {\n background-color: rgb(0, 19, 128)!important;\n}\n.ghippo-header-sub-nav-main .dao-popper-inner {\n background-color: rgb(231, 82, 13) !important;\n}\n
Footer\uff08\u9875\u9762\u5e95\u90e8\u7684\u7248\u6743\u3001\u5907\u6848\u7b49\u4fe1\u606f\uff09\u5b9a\u5236\u793a\u4f8b
<div class=\"footer-content\">\n <span class=\"footer-item\">Copyright \u00a9 \u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4fdd\u7559\u6240\u6709\u6743\u5229</span>\n <a class=\"footer-item\" href=\"https://beian.miit.gov.cn/\" target=\"_blank\" rel=\"noopener noreferrer\">\u6caa ICP \u5907 xxxxxx \u53f7 - 1</a>\n <a class=\"footer-item\" href=\"https://beian.miit.gov.cn/\" target=\"_blank\" rel=\"noopener noreferrer\">\u6caa ICP \u5907 xxxxxx \u53f7 - 2</a>\n</div>\n<div class=\"footer-content\">\n <img class=\"gongan-icon\" src=\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAASCAYAAABWzo5XAAAACXBIWXMAAAsTAAALEwEAmpwYAAAKTWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAHjanVN3WJP3Fj7f92UPVkLY8LGXbIEAIiOsCMgQWaIQkgBhhBASQMWFiApWFBURnEhVxILVCkidiOKgKLhnQYqIWotVXDjuH9yntX167+3t+9f7vOec5/zOec8PgBESJpHmomoAOVKFPDrYH49PSMTJvYACFUjgBCAQ5svCZwXFAADwA3l4fnSwP/wBr28AAgBw1S4kEsfh/4O6UCZXACCRAOAiEucLAZBSAMguVMgUAMgYALBTs2QKAJQAAGx5fEIiAKoNAOz0ST4FANipk9wXANiiHKkIAI0BAJkoRyQCQLsAYFWBUiwCwMIAoKxAIi4EwK4BgFm2MkcCgL0FAHaOWJAPQGAAgJlCLMwAIDgCAEMeE80DIEwDoDDSv+CpX3CFuEgBAMDLlc2XS9IzFLiV0Bp38vDg4iHiwmyxQmEXKRBmCeQinJebIxNI5wNMzgwAABr50cH+OD+Q5+bk4eZm52zv9MWi/mvwbyI+IfHf/ryMAgQAEE7P79pf5eXWA3DHAbB1v2upWwDaVgBo3/ldM9sJoFoK0Hr5i3k4/EAenqFQyDwdHAoLC+0lYqG9MOOLPv8z4W/gi372/EAe/tt68ABxmkCZrcCjg/1xYW52rlKO58sEQjFu9+cj/seFf/2OKdHiNLFcLBWK8ViJuFAiTcd5uVKRRCHJleIS6X8y8R+W/QmTdw0ArIZPwE62B7XLbMB+7gECiw5Y0nYAQH7zLYwaC5EAEGc0Mnn3AACTv/mPQCsBAM2XpOMAALzoGFyolBdMxggAAESggSqwQQcMwRSswA6cwR28wBcCYQZEQAwkwDwQQgbkgBwKoRiWQRlUwDrYBLWwAxqgEZrhELTBMTgN5+ASXIHrcBcGYBiewhi8hgkEQcgIE2EhOogRYo7YIs4IF5mOBCJhSDSSgKQg6YgUUSLFyHKkAqlCapFdSCPyLXIUOY1cQPqQ28ggMor8irxHMZSBslED1AJ1QLmoHxqKxqBz0XQ0D12AlqJr0Rq0Hj2AtqKn0UvodXQAfYqOY4DRMQ5mjNlhXIyHRWCJWBomxxZj5Vg1Vo81Yx1YN3YVG8CeYe8IJAKLgBPsCF6EEMJsgpCQR1hMWEOoJewjtBK6CFcJg4Qxwicik6hPtCV6EvnEeGI6sZBYRqwm7iEeIZ4lXicOE1+TSCQOyZLkTgohJZAySQtJa0jbSC2kU6Q+0hBpnEwm65Btyd7kCLKArCCXkbeQD5BPkvvJw+S3FDrFiOJMCaIkUqSUEko1ZT/lBKWfMkKZoKpRzame1AiqiDqfWkltoHZQL1OHqRM0dZolzZsWQ8ukLaPV0JppZ2n3aC/pdLoJ3YMeRZfQl9Jr6Afp5+mD9HcMDYYNg8dIYigZaxl7GacYtxkvmUymBdOXmchUMNcyG5lnmA+Yb1VYKvYqfBWRyhKVOpVWlX6V56pUVXNVP9V5qgtUq1UPq15WfaZGVbNQ46kJ1Bar1akdVbupNq7OUndSj1DPUV+jvl/9gvpjDbKGhUaghkijVGO3xhmNIRbGMmXxWELWclYD6yxrmE1iW7L57Ex2Bfsbdi97TFNDc6pmrGaRZp3mcc0BDsax4PA52ZxKziHODc57LQMtPy2x1mqtZq1+rTfaetq+2mLtcu0W7eva73VwnUCdLJ31Om0693UJuja6UbqFutt1z+o+02PreekJ9cr1Dund0Uf1bfSj9Rfq79bv0R83MDQINpAZbDE4Y/DMkGPoa5hpuNHwhOGoEctoupHEaKPRSaMnuCbuh2fjNXgXPmasbxxirDTeZdxrPGFiaTLbpMSkxeS+Kc2Ua5pmutG003TMzMgs3KzYrMnsjjnVnGueYb7ZvNv8jYWlRZzFSos2i8eW2pZ8ywWWTZb3rJhWPlZ5VvVW16xJ1lzrLOtt1ldsUBtXmwybOpvLtqitm63Edptt3xTiFI8p0in1U27aMez87ArsmuwG7Tn2YfYl9m32zx3MHBId1jt0O3xydHXMdmxwvOuk4TTDqcSpw+lXZxtnoXOd8zUXpkuQyxKXdpcXU22niqdun3rLleUa7rrStdP1o5u7m9yt2W3U3cw9xX2r+00umxvJXcM970H08PdY4nHM452nm6fC85DnL152Xlle+70eT7OcJp7WMG3I28Rb4L3Le2A6Pj1l+s7pAz7GPgKfep+Hvqa+It89viN+1n6Zfgf8nvs7+sv9j/i/4XnyFvFOBWABwQHlAb2BGoGzA2sDHwSZBKUHNQWNBbsGLww+FUIMCQ1ZH3KTb8AX8hv5YzPcZyya0RXKCJ0VWhv6MMwmTB7WEY6GzwjfEH5vpvlM6cy2CIjgR2yIuB9pGZkX+X0UKSoyqi7qUbRTdHF09yzWrORZ+2e9jvGPqYy5O9tqtnJ2Z6xqbFJsY+ybuIC4qriBeIf4RfGXEnQTJAntieTE2MQ9ieNzAudsmjOc5JpUlnRjruXcorkX5unOy553PFk1WZB8OIWYEpeyP+WDIEJQLxhP5aduTR0T8oSbhU9FvqKNolGxt7hKPJLmnVaV9jjdO31D+miGT0Z1xjMJT1IreZEZkrkj801WRNberM/ZcdktOZSclJyjUg1plrQr1zC3KLdPZisrkw3keeZtyhuTh8r35CP5c/PbFWyFTNGjtFKuUA4WTC+oK3hbGFt4uEi9SFrUM99m/ur5IwuCFny9kLBQuLCz2Lh4WfHgIr9FuxYji1MXdy4xXVK6ZHhp8NJ9y2jLspb9UOJYUlXyannc8o5Sg9KlpUMrglc0lamUycturvRauWMVYZVkVe9ql9VbVn8qF5VfrHCsqK74sEa45uJXTl/VfPV5bdra3kq3yu3rSOuk626s91m/r0q9akHV0IbwDa0b8Y3lG19tSt50oXpq9Y7NtM3KzQM1YTXtW8y2rNvyoTaj9nqdf13LVv2tq7e+2Sba1r/dd3vzDoMdFTve75TsvLUreFdrvUV99W7S7oLdjxpiG7q/5n7duEd3T8Wej3ulewf2Re/ranRvbNyvv7+yCW1SNo0eSDpw5ZuAb9qb7Zp3tXBaKg7CQeXBJ9+mfHvjUOihzsPcw83fmX+39QjrSHkr0jq/dawto22gPaG97+iMo50dXh1Hvrf/fu8x42N1xzWPV56gnSg98fnkgpPjp2Snnp1OPz3Umdx590z8mWtdUV29Z0PPnj8XdO5Mt1/3yfPe549d8Lxw9CL3Ytslt0utPa49R35w/eFIr1tv62X3y+1XPK509E3rO9Hv03/6asDVc9f41y5dn3m978bsG7duJt0cuCW69fh29u0XdwruTNxdeo94r/y+2v3qB/oP6n+0/rFlwG3g+GDAYM/DWQ/vDgmHnv6U/9OH4dJHzEfVI0YjjY+dHx8bDRq98mTOk+GnsqcTz8p+Vv9563Or59/94vtLz1j82PAL+YvPv655qfNy76uprzrHI8cfvM55PfGm/K3O233vuO+638e9H5ko/ED+UPPR+mPHp9BP9z7nfP78L/eE8/sl0p8zAAAAIGNIUk0AAHolAACAgwAA+f8AAIDpAAB1MAAA6mAAADqYAAAXb5JfxUYAAAQjSURBVHjaVNNZbFRlGIDh95w525zpdGa6TVtbykBbyiICxQY0AhYTJUCiiYqGqEEiJhKQmBg0ESPeeCGRENEYb4jhBr0gNQrRlCBiSgyLaSlSaKEs3Wemy+xnzuqFYdD/6rt6ku/N9wue55EcPwWArCgIgkx5ZRuYVxsnJ801Z05f3jY1MRnb/HxHV+uSph9RKq4mhkdwbZVgdQ2SHkPTwgj/h1QUWWi8/tfg/hM/XN/Y2zfaZnkSnuRDtLMsXhBOvrJtya/LlrcdMs1Qb1lVRQmSAEDAsU1kxpgamXp3y+azu1esreK9dyRqs9PIjkW6OsLx7lTV1ld/237s8HRV57MbnvO8CA+e9GCQFTk6Mza+4/0P+t9a9VSEI3uyTH/eR27aB2Ed31Q/Hx1sI6BHOPT13c5Frd0HW9p3HPUQEwAigJW9RDp+bstrOy981nVGLN/7RpHUV70YfXnEAtjxFPasxPDBQXatjzNTdOQXtg983H/51AFFy1KCIg2bNIdC+8270NwmUmelsXqSqHkDK5PDl8iCW0QcnEW+lqCjvcjQuMZ4YnQRTkotQUZu4GkjcfZNv19G011kXw4vayNYNvqCCvSVTciOgABgeuhBGwhgz5zbkI2ff7HUqJiNR2QktbbSYnBYYqbMT/ilKI4SIbT/GcRylbnvLmJ2X8N7tJ7rR8OE/BbliqEYea81WIotmOs02WFpc55Lf0f5/mSI3dsamOgxSX7ZjaALuBmB6M6FnB+S+POCwmOLk1QFFAqZyQWl1YrpiRZJLvDkygyC5NJ1XCax7xYNiTQVEYVIuUulayIcGeLkpw6WK7GuPY/fb2CkhleXIFFe8XPGaKBj9QxLW1Ik0bg8EuT2zRCJYZvZIYepe0EGbvi4bQUJVZhs2phADFYj+df0lBqJUnaekS4SUHXe3jrOnoE2PhSewHfRpfZGgcryIvfHdQruQlLo7Ns6QizqkJ31CIUlqwQJXuWUpDXj6qOsW32HT3YNImll9FwJsb4jyaLmWQ4fa6a+2sQw0ry8YZSiHcPxxXBtMfCv4XkUCrfliWs/fTE31rtTVfv9vsIorvQIniMhqXM4popVcJFVMHMpfMEaLPdxR1Tnna1b1vl6tGntpAjgCTNWONZyIFBR8Ydtr6EgrCI3VySfzZPLBDHyIq5gkpmzcOUmTGMF+bh7M9LYulfWzMmHBzk7Fpq9deWEYxjrtaCMXjWfstp6BCGNXZzBdYqYhogWqkMum4+oBVD0YnP63u/fFqbv1D+M7VSlBbmmK5uYaLYLYwslfwFVAyXQiOfcx3XyyGIM8DDn0lgWyGokHogu/0UJxpL/+f2e569s/CZQZ53OpzJr0+NXludUfb5jVdf7VUGXJUPIZast1S9PeII6jFDT5xMjFwO1S4c8zwTgnwEAxufYSzA67PMAAAAASUVORK5CYII=\" >\n <a class=\"footer-item\" href=\"http://www.beian.gov.cn/portal/registerSystemInfo\">\u6caa\u516c\u7f51\u5b89\u5907 12345678912345\u53f7</a>\n</div>\n<style>\n.footer-content {\n display: flex;\n flex-wrap: wrap;\n align-items: center;\n justify-content: center;\n}\n.footer-content + .footer-content {\n margin-top: 8px;\n}\n.login-pf .footer-item {\n color: white;\n}\n.footer-item {\n color: var(--dao-gray-010);\n text-decoration: none;\n}\n.footer-item + .footer-item {\n margin-left: 8px;\n}\n.gongan-icon {\n width: 18px;\n height: 18px;\n margin-right: 4px;\n}\n</style>\n
Note
\u5982\u679c\u60f3\u8981\u6062\u590d\u9ed8\u8ba4\u8bbe\u7f6e\uff0c\u53ef\u4ee5\u70b9\u51fb \u4e00\u952e\u8fd8\u539f \u3002\u8bf7\u6ce8\u610f\uff0c\u4e00\u952e\u8fd8\u539f\u540e\u5c06\u4e22\u5f03\u6240\u6709\u81ea\u5b9a\u4e49\u8bbe\u7f6e\u3002
"},{"location":"admin/ghippo/platform-setting/mail-server.html","title":"\u90ae\u4ef6\u670d\u52a1\u5668","text":"\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4f1a\u5728\u7528\u6237\u5fd8\u8bb0\u5bc6\u7801\u65f6\uff0c\u5411\u7528\u6237\u53d1\u9001\u7535\u5b50\u90ae\u4ef6\u4ee5\u9a8c\u8bc1\u7535\u5b50\u90ae\u4ef6\u5730\u5740\uff0c\u786e\u4fdd\u7528\u6237\u662f\u672c\u4eba\u64cd\u4f5c\u3002 \u8981\u4f7f\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u80fd\u591f\u53d1\u9001\u7535\u5b50\u90ae\u4ef6\uff0c\u9700\u8981\u5148\u63d0\u4f9b\u60a8\u7684\u90ae\u4ef6\u670d\u52a1\u5668\u5730\u5740\u3002
\u5177\u4f53\u64cd\u4f5c\u6b65\u9aa4\u5982\u4e0b\uff1a
\u4f7f\u7528\u5177\u6709 admin \u89d2\u8272\u7684\u7528\u6237\u767b\u5f55 AI \u7b97\u529b\u5e73\u53f0\u3002\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u5e95\u90e8\u7684 \u5168\u5c40\u7ba1\u7406 \u3002
\u70b9\u51fb \u5e73\u53f0\u8bbe\u7f6e \uff0c\u9009\u62e9 \u90ae\u4ef6\u670d\u52a1\u5668\u8bbe\u7f6e \u3002
\u586b\u5199\u4ee5\u4e0b\u5b57\u6bb5\u914d\u7f6e\u90ae\u4ef6\u670d\u52a1\u5668\uff1a
\u5b57\u6bb5 \u63cf\u8ff0 \u4e3e\u4f8b\u503c SMTP \u670d\u52a1\u5668\u5730\u5740 \u80fd\u591f\u63d0\u4f9b\u90ae\u4ef6\u670d\u52a1\u7684 SMTP \u670d\u52a1\u5668\u5730\u5740 smtp.163.com SMTP \u670d\u52a1\u5668\u7aef\u53e3 \u53d1\u9001\u90ae\u4ef6\u7684\u7aef\u53e3 25 \u7528\u6237\u540d SMTP \u7528\u6237\u7684\u540d\u79f0 test@163.com \u5bc6\u7801 SMTP \u8d26\u53f7\u7684\u5bc6\u7801 123456 \u53d1\u4ef6\u4eba\u90ae\u7bb1 \u53d1\u4ef6\u4eba\u7684\u90ae\u7bb1\u5730\u5740 test@163.com \u4f7f\u7528 SSL \u5b89\u5168\u8fde\u63a5 SSL \u53ef\u4ee5\u7528\u4e8e\u52a0\u5bc6\u90ae\u4ef6\uff0c\u4ece\u800c\u63d0\u9ad8\u901a\u8fc7\u90ae\u4ef6\u4f20\u8f93\u7684\u4fe1\u606f\u7684\u5b89\u5168\u6027\uff0c\u901a\u5e38\u9700\u4e3a\u90ae\u4ef6\u670d\u52a1\u5668\u914d\u7f6e\u8bc1\u4e66 \u4e0d\u5f00\u542f\u914d\u7f6e\u5b8c\u6210\u540e\u70b9\u51fb \u4fdd\u5b58 \uff0c\u70b9\u51fb \u6d4b\u8bd5\u90ae\u4ef6\u670d\u52a1\u5668 \u3002
\u5c4f\u5e55\u53f3\u4e0a\u89d2\u51fa\u73b0\u6210\u529f\u53d1\u9001\u90ae\u4ef6\u7684\u63d0\u793a\uff0c\u5219\u8868\u793a\u90ae\u4ef6\u670d\u52a1\u5668\u88ab\u6210\u529f\u8bbe\u7f6e\u3002
\u95ee\uff1a\u90ae\u4ef6\u670d\u52a1\u5668\u8bbe\u7f6e\u540e\u7528\u6237\u4ecd\u65e0\u6cd5\u627e\u56de\u5bc6\u7801\u662f\u4ec0\u4e48\u539f\u56e0\uff1f
\u7b54\uff1a\u7528\u6237\u53ef\u80fd\u672a\u8bbe\u7f6e\u90ae\u7bb1\u6216\u8005\u8bbe\u7f6e\u4e86\u9519\u8bef\u7684\u90ae\u7bb1\u5730\u5740\uff1b\u6b64\u65f6\u53ef\u4ee5\u8ba9 admin \u89d2\u8272\u7684\u7528\u6237\u5728 \u5168\u5c40\u7ba1\u7406 -> \u7528\u6237\u4e0e\u8bbf\u95ee\u63a7\u5236 \u4e2d\u901a\u8fc7\u7528\u6237\u540d\u627e\u5230\u8be5\u7528\u6237\uff0c\u5e76\u5728\u7528\u6237\u8be6\u60c5\u4e2d\u4e3a\u8be5\u7528\u6237\u8bbe\u7f6e\u65b0\u7684\u767b\u5f55\u5bc6\u7801\u3002
\u5982\u679c\u90ae\u4ef6\u670d\u52a1\u5668\u6ca1\u6709\u8fde\u901a\uff0c\u8bf7\u68c0\u67e5\u90ae\u4ef6\u670d\u52a1\u5668\u5730\u5740\u3001\u7528\u6237\u540d\u53ca\u5bc6\u7801\u662f\u5426\u6b63\u786e\u3002
"},{"location":"admin/ghippo/platform-setting/security.html","title":"\u5b89\u5168\u7b56\u7565","text":"\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u5728\u56fe\u5f62\u754c\u9762\u4e0a\u63d0\u4f9b\u4e86\u57fa\u4e8e\u5bc6\u7801\u548c\u8bbf\u95ee\u63a7\u5236\u7684\u5b89\u5168\u7b56\u7565\u3002
\u5bc6\u7801\u7b56\u7565
\u8bbf\u95ee\u63a7\u5236\u7b56\u7565
\u8fdb\u5165\u5168\u5c40\u7ba1\u7406\u540e\uff0c\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u5e73\u53f0\u8bbe\u7f6e -> \u5b89\u5168\u7b56\u7565 \uff0c\u5373\u53ef\u8bbe\u7f6e\u5bc6\u7801\u7b56\u7565\u548c\u8bbf\u95ee\u63a7\u5236\u7b56\u7565\u3002
"},{"location":"admin/ghippo/report-billing/index.html","title":"\u8fd0\u8425\u7ba1\u7406","text":"\u8fd0\u8425\u7ba1\u7406\u901a\u8fc7\u53ef\u89c6\u5316\u7684\u65b9\u5f0f\uff0c\u4e3a\u60a8\u5c55\u793a\u5e73\u53f0\u4e0a\u7edf\u8ba1\u65f6\u95f4\u8303\u56f4\u5185\u96c6\u7fa4\u3001\u8282\u70b9\u3001\u547d\u540d\u7a7a\u95f4\u3001\u5bb9\u5668\u7ec4\u3001\u5de5\u4f5c\u7a7a\u95f4\u7b49\u7ef4\u5ea6\u7684 CPU/\u5185\u5b58/\u5b58\u50a8/GPU \u7684\u4f7f\u7528\u603b\u91cf\u548c\u4f7f\u7528\u7387\u7b49\u4fe1\u606f\u3002 \u4ee5\u53ca\u901a\u8fc7\u4f7f\u7528\u91cf\u3001\u4f7f\u7528\u65f6\u95f4\u53ca\u5355\u4ef7\u7b49\u4fe1\u606f\uff0c\u81ea\u52a8\u8ba1\u7b97\u51fa\u7684\u5e73\u53f0\u6d88\u8d39\u4fe1\u606f\u3002\u8be5\u6a21\u5757\u9ed8\u8ba4\u5f00\u542f\u6240\u6709\u62a5\u8868\u7edf\u8ba1\uff0c\u540c\u65f6\u4e5f\u652f\u6301\u5e73\u53f0\u7ba1\u7406\u5458\u5bf9\u5355\u4e2a\u62a5\u8868\u8fdb\u884c\u624b\u52a8\u5f00\u542f\u6216\u5173\u95ed\uff0c \u5f00\u542f/\u5173\u95ed\u540e\u5c06\u5728\u6700\u957f 20 \u5206\u949f\u5185\uff0c\u5e73\u53f0\u5f00\u59cb/\u505c\u6b62\u91c7\u96c6\u62a5\u8868\u6570\u636e\uff0c\u5f80\u671f\u5df2\u91c7\u96c6\u5230\u7684\u6570\u636e\u8fd8\u5c06\u6b63\u5e38\u5c55\u793a\u3002 \u8fd0\u8425\u7ba1\u7406\u6570\u636e\u6700\u591a\u53ef\u5728\u5e73\u53f0\u4e0a\u4fdd\u7559 365 \u5929\uff0c\u8d85\u8fc7\u4fdd\u7559\u65f6\u95f4\u7684\u7edf\u8ba1\u6570\u636e\u5c06\u88ab\u81ea\u52a8\u5220\u9664\u3002\u60a8\u4e5f\u53ef\u4ee5\u901a\u8fc7 CSV \u6216 Excel \u65b9\u5f0f\u4e0b\u8f7d\u62a5\u8868\u540e\u8fdb\u884c\u8fdb\u4e00\u6b65\u7684\u7edf\u8ba1\u548c\u5206\u6790\u3002
\u62a5\u8868\u7ba1\u7406\u901a\u8fc7 CPU \u5229\u7528\u7387\u3001\u5185\u5b58\u5229\u7528\u7387\u3001\u5b58\u50a8\u5229\u7528\u7387\u3001GPU \u7b97\u529b\u5229\u7528\u7387\u3001GPU \u663e\u5b58\u5229\u7528\u7387 5 \u4e2a\u7ef4\u5ea6\uff0c\u5bf9\u96c6\u7fa4\u3001\u8282\u70b9\u3001\u5bb9\u5668\u7ec4\u3001\u5de5\u4f5c\u7a7a\u95f4\u3001\u547d\u540d\u7a7a\u95f4 5 \u79cd\u8d44\u6e90\u8fdb\u884c\u6570\u636e\u7edf\u8ba1\u3002\u540c\u65f6\u8054\u52a8\u5ba1\u8ba1\u548c\u544a\u8b66\u6a21\u5757\uff0c\u652f\u6301\u5bf9\u5ba1\u8ba1\u6570\u636e\u548c\u544a\u8b66\u6570\u636e\u8fdb\u884c\u7edf\u8ba1\u7ba1\u7406\u3002\u5171\u8ba1\u652f\u6301 7 \u79cd\u7c7b\u578b\u62a5\u8868\u3002
\u8ba1\u91cf\u8ba1\u8d39\u9488\u5bf9\u5e73\u53f0\u4e0a\u7684\u96c6\u7fa4\u3001\u8282\u70b9\u3001\u5bb9\u5668\u7ec4\u3001\u547d\u540d\u7a7a\u95f4\u548c\u5de5\u4f5c\u7a7a\u95f4 5 \u79cd\u8d44\u6e90\u8fdb\u884c\u8ba1\u8d39\u7edf\u8ba1\u3002 \u6839\u636e\u4e0d\u540c\u8d44\u6e90\u4e2d CPU\u3001\u5185\u5b58\u3001\u5b58\u50a8\u548c GPU \u7684\u4f7f\u7528\u91cf\uff0c\u4ee5\u53ca\u7528\u6237\u624b\u52a8\u914d\u7f6e\u7684\u4ef7\u683c\u548c\u8d27\u5e01\u5355\u4f4d\u81ea\u52a8\u8ba1\u7b97\u51fa\u6bcf\u79cd\u8d44\u6e90\u5728\u7edf\u8ba1\u65f6\u95f4\u7684\u6d88\u8d39\u60c5\u51b5\uff0c \u6839\u636e\u6240\u9009\u65f6\u95f4\u8de8\u5ea6\u4e0d\u540c\uff0c\u53ef\u5feb\u901f\u8ba1\u7b97\u51fa\u8be5\u8de8\u5ea6\u5185\u7684\u5b9e\u9645\u6d88\u8d39\u60c5\u51b5\uff0c\u5982\u6708\u5ea6\u3001\u5b63\u5ea6\u3001\u5e74\u5ea6\u7b49\u3002
"},{"location":"admin/ghippo/report-billing/billing.html","title":"\u8ba1\u91cf\u8ba1\u8d39","text":"\u8ba1\u91cf\u8ba1\u8d39\u5728\u62a5\u8868\u7684\u57fa\u7840\u4e0a\uff0c\u5bf9\u8d44\u6e90\u7684\u4f7f\u7528\u6570\u636e\u505a\u4e86\u8fdb\u4e00\u6b65\u7684\u8ba1\u8d39\u5904\u7406\u3002\u652f\u6301\u7528\u6237\u624b\u52a8\u8bbe\u7f6e CPU\u3001\u5185\u5b58\u3001\u5b58\u50a8\u3001GPU \u7684\u5355\u4ef7\u4ee5\u53ca\u8d27\u5e01\u5355\u4f4d\u7b49\uff0c\u8bbe\u7f6e\u540e\u7cfb\u7edf\u5c06\u81ea\u52a8\u7edf\u8ba1\u51fa\u96c6\u7fa4\u3001\u8282\u70b9\u3001\u5bb9\u5668\u7ec4\u3001\u547d\u540d\u7a7a\u95f4\u3001\u5de5\u4f5c\u7a7a\u95f4\u5728\u4e00\u6bb5\u65f6\u95f4\u5185\u7684\u82b1\u8d39\u60c5\u51b5\uff0c\u65f6\u95f4\u6bb5\u7528\u6237\u53ef\u81ea\u7531\u8c03\u6574\uff0c\u53ef\u6309\u7167\u5468\u3001\u6708\u3001\u5b63\u5ea6\u3001\u5e74\u7b5b\u9009\u8c03\u6574\u540e\u5bfc\u51fa Excel \u6216 Csv \u683c\u5f0f\u7684\u8ba1\u8d39\u62a5\u8868\u3002
"},{"location":"admin/ghippo/report-billing/billing.html#_2","title":"\u8ba1\u8d39\u89c4\u5219\u53ca\u751f\u6548\u65f6\u95f4","text":"\u76ee\u524d\u652f\u6301\u4ee5\u4e0b\u51e0\u79cd\u62a5\u8868\uff1a
\u4f7f\u7528\u5177\u6709 admin \u89d2\u8272\u7684\u7528\u6237\u767b\u5f55 AI \u7b97\u529b\u5e73\u53f0\u3002\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u5e95\u90e8\u7684 \u5168\u5c40\u7ba1\u7406 -> \u8fd0\u8425\u7ba1\u7406 \u3002
\u8fdb\u5165 \u8fd0\u8425\u7ba1\u7406 \u540e\u5207\u6362\u4e0d\u540c\u83dc\u5355\u53ef\u67e5\u770b\u96c6\u7fa4\u3001\u8282\u70b9\u3001\u5bb9\u5668\u7ec4\u7b49\u8ba1\u8d39\u62a5\u8868\u3002
\u62a5\u8868\u7ba1\u7406\u4ee5\u53ef\u89c6\u5316\u7684\u65b9\u5f0f\uff0c\u5c55\u793a\u4e86\u96c6\u7fa4\u3001\u8282\u70b9\u3001\u5bb9\u5668\u7ec4\uff08Pod\uff09\u3001\u5de5\u4f5c\u7a7a\u95f4\u3001\u547d\u540d\u7a7a\u95f4\u3001\u5ba1\u8ba1\u53ca\u544a\u8b66\u7ef4\u5ea6\u7684\u7edf\u8ba1\u6570\u636e\uff0c\u4e3a\u5e73\u53f0\u7684\u8ba1\u8d39\u53ca\u4f7f\u7528\u60c5\u51b5\u7684\u8c03\u4f18\u63d0\u4f9b\u4e86\u53ef\u9760\u7684\u57fa\u7840\u6570\u636e\u3002
"},{"location":"admin/ghippo/report-billing/report.html#_2","title":"\u529f\u80fd\u7279\u6027","text":"\u76ee\u524d\u652f\u6301\u4ee5\u4e0b\u51e0\u79cd\u62a5\u8868\uff1a
\u4f7f\u7528\u5177\u6709 Admin \u89d2\u8272\u7684\u7528\u6237\u767b\u5f55 AI \u7b97\u529b\u5e73\u53f0\u3002\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u5e95\u90e8\u7684 \u5168\u5c40\u7ba1\u7406 -> \u8fd0\u8425\u7ba1\u7406 \u3002
\u8fdb\u5165\u8fd0\u8425\u7ba1\u7406\u540e\u5207\u6362\u4e0d\u540c\u83dc\u5355\u53ef\u67e5\u770b\u96c6\u7fa4\u3001\u8282\u70b9\u3001\u5bb9\u5668\u7ec4\u7b49\u62a5\u8868\u3002
\u62a5\u9519\u63d0\u793a\u5982\u4e0b\u56fe\uff1a
\u53ef\u80fd\u539f\u56e0\uff1aRequestAuthentication CR \u7684 jwtsUri \u5730\u5740\u65e0\u6cd5\u8bbf\u95ee\uff0c \u5bfc\u81f4 istiod \u65e0\u6cd5\u4e0b\u53d1\u914d\u7f6e\u7ed9 istio-ingressgateway\uff08Istio 1.15 \u53ef\u4ee5\u89c4\u907f\u8fd9\u4e2a bug\uff1a https://github.com/istio/istio/pull/39341/\uff09
\u89e3\u51b3\u65b9\u6cd5\uff1a
\u5907\u4efd RequestAuthentication ghippo CR\u3002
kubectl get RequestAuthentication ghippo -n istio-system -o yaml > ghippo-ra.yaml \n
\u5220\u9664 RequestAuthentication ghippo CR\u3002
kubectl delete RequestAuthentication ghippo -n istio-system \n
\u91cd\u542f Istio\u3002
kubectl rollout restart deploy/istiod -n istio-system\nkubectl rollout restart deploy/istio-ingressgateway -n istio-system \n
\u91cd\u65b0 apply RequestAuthentication ghippo CR\u3002
kubectl apply -f ghippo-ra.yaml \n
Note
apply RequestAuthentication ghippo CR \u4e4b\u524d\uff0c\u8bf7\u786e\u4fdd ghippo-apiserver \u548c ghippo-keycloak \u5df2\u7ecf\u6b63\u5e38\u542f\u52a8\u3002
\u51fa\u73b0\u8fd9\u4e2a\u95ee\u9898\u539f\u56e0\u4e3a\uff1aghippo-keycloak \u8fde\u63a5\u7684 Mysql \u6570\u636e\u5e93\u51fa\u73b0\u6545\u969c, \u5bfc\u81f4 OIDC Public keys \u88ab\u91cd\u7f6e
\u5728\u5168\u5c40\u7ba1\u7406 0.11.1 \u53ca\u4ee5\u4e0a\u7248\u672c\uff0c\u60a8\u53ef\u4ee5\u53c2\u7167\u4ee5\u4e0b\u6b65\u9aa4\uff0c\u4f7f\u7528 helm \u66f4\u65b0\u5168\u5c40\u7ba1\u7406\u914d\u7f6e\u6587\u4ef6\u5373\u53ef\u6062\u590d\u6b63\u5e38\u3002
# \u66f4\u65b0 helm \u4ed3\u5e93\nhelm repo update ghippo\n\n# \u5907\u4efd ghippo \u53c2\u6570\nhelm get values ghippo -n ghippo-system -o yaml > ghippo-values-bak.yaml\n\n# \u83b7\u53d6\u5f53\u524d\u90e8\u7f72\u7684 ghippo \u7248\u672c\u53f7\nversion=$(helm get notes ghippo -n ghippo-system | grep \"Chart Version\" | awk -F ': ' '{ print $2 }')\n\n# \u6267\u884c\u66f4\u65b0\u64cd\u4f5c, \u4f7f\u914d\u7f6e\u6587\u4ef6\u751f\u6548\nhelm upgrade ghippo ghippo/ghippo \\\n-n ghippo-system \\\n-f ./ghippo-values-bak.yaml \\\n--version ${version}\n
"},{"location":"admin/ghippo/troubleshooting/ghippo03.html","title":"Keycloak \u65e0\u6cd5\u542f\u52a8","text":""},{"location":"admin/ghippo/troubleshooting/ghippo03.html#_1","title":"\u5e38\u89c1\u6545\u969c","text":""},{"location":"admin/ghippo/troubleshooting/ghippo03.html#_2","title":"\u6545\u969c\u8868\u73b0","text":"MySQL \u5df2\u5c31\u7eea\uff0c\u65e0\u62a5\u9519\u3002\u5728\u5b89\u88c5\u5168\u5c40\u7ba1\u7406\u540e keycloak \u65e0\u6cd5\u542f\u52a8\uff08> 10 \u6b21\uff09\u3002
"},{"location":"admin/ghippo/troubleshooting/ghippo03.html#_3","title":"\u68c0\u67e5\u9879","text":"keycloak \u65e0\u6cd5\u6b63\u5e38\u542f\u52a8\uff0ckeycloak pod \u8fd0\u884c\u72b6\u6001\u4e3a CrashLoopBackOff
\u5e76\u4e14 keycloak \u7684 log \u51fa\u73b0\u5982\u4e0b\u56fe\u6240\u793a\u7684\u4fe1\u606f
\u8fd0\u884c\u4e0b\u9762\u7684\u68c0\u67e5\u811a\u672c\uff0c\u67e5\u8be2\u5f53\u524d\u8282\u70b9 cpu \u7684 x86-64\u67b6\u6784\u7684\u7279\u5f81\u7ea7\u522b
cat <<\"EOF\" > detect-cpu.sh\n#!/bin/sh -eu\n\nflags=$(cat /proc/cpuinfo | grep flags | head -n 1 | cut -d: -f2)\n\nsupports_v2='awk \"/cx16/&&/lahf/&&/popcnt/&&/sse4_1/&&/sse4_2/&&/ssse3/ {found=1} END {exit !found}\"'\nsupports_v3='awk \"/avx/&&/avx2/&&/bmi1/&&/bmi2/&&/f16c/&&/fma/&&/abm/&&/movbe/&&/xsave/ {found=1} END {exit !found}\"'\nsupports_v4='awk \"/avx512f/&&/avx512bw/&&/avx512cd/&&/avx512dq/&&/avx512vl/ {found=1} END {exit !found}\"'\n\necho \"$flags\" | eval $supports_v2 || exit 2 && echo \"CPU supports x86-64-v2\"\necho \"$flags\" | eval $supports_v3 || exit 3 && echo \"CPU supports x86-64-v3\"\necho \"$flags\" | eval $supports_v4 || exit 4 && echo \"CPU supports x86-64-v4\"\nEOF\n\nchmod +x detect-cpu.sh\nsh detect-cpu.sh\n
\u6267\u884c\u4e0b\u9762\u547d\u4ee4\u67e5\u770b\u5f53\u524d cpu \u7684\u7279\u6027\uff0c\u5982\u679c\u8f93\u51fa\u4e2d\u5305\u542b sse4_2\uff0c\u5219\u8868\u793a\u4f60\u7684\u5904\u7406\u5668\u652f\u6301SSE 4.2\u3002
lscpu | grep sse4_2\n
"},{"location":"admin/ghippo/troubleshooting/ghippo03.html#_7","title":"\u89e3\u51b3\u65b9\u6cd5","text":"\u9700\u8981\u5347\u7ea7\u4f60\u7684\u4e91\u4e3b\u673a\u6216\u7269\u7406\u673a CPU \u4ee5\u652f\u6301 x86-64-v2 \u53ca\u4ee5\u4e0a\uff0c\u786e\u4fddx86 CPU \u6307\u4ee4\u96c6\u652f\u6301 sse4.2\uff0c\u5982\u4f55\u5347\u7ea7\u9700\u8981\u4f60\u54a8\u8be2\u4e91\u4e3b\u673a\u5e73\u53f0\u63d0\u4f9b\u5546\u6216\u7740\u7269\u7406\u673a\u63d0\u4f9b\u5546\u3002
\u8be6\u89c1\uff1ahttps://github.com/keycloak/keycloak/issues/17290
"},{"location":"admin/ghippo/troubleshooting/ghippo04.html","title":"\u5355\u72ec\u5347\u7ea7\u5168\u5c40\u7ba1\u7406\u65f6\u5347\u7ea7\u5931\u8d25","text":"\u82e5\u5347\u7ea7\u5931\u8d25\u65f6\u5305\u542b\u5982\u4e0b\u4fe1\u606f\uff0c\u53ef\u4ee5\u53c2\u8003\u79bb\u7ebf\u5347\u7ea7\u4e2d\u7684\u66f4\u65b0 ghippo crd \u6b65\u9aa4\u5b8c\u6210 crd \u5b89\u88c5
ensure CRDs are installed first\n
"},{"location":"admin/ghippo/workspace/folder-permission.html","title":"\u6587\u4ef6\u5939\u6743\u9650\u8bf4\u660e","text":"\u6587\u4ef6\u5939\u5177\u6709\u6743\u9650\u6620\u5c04\u80fd\u529b\uff0c\u80fd\u591f\u5c06\u7528\u6237/\u7528\u6237\u7ec4\u5728\u672c\u6587\u4ef6\u5939\u7684\u6743\u9650\u6620\u5c04\u5230\u5176\u4e0b\u7684\u5b50\u6587\u4ef6\u5939\u3001\u5de5\u4f5c\u7a7a\u95f4\u4ee5\u53ca\u8d44\u6e90\u4e0a\u3002
\u82e5\u7528\u6237/\u7528\u6237\u7ec4\u5728\u672c\u6587\u4ef6\u5939\u662f Folder Admin \u89d2\u8272\uff0c\u6620\u5c04\u5230\u5b50\u6587\u4ef6\u5939\u4ecd\u4e3a Folder Admin \u89d2\u8272\uff0c\u6620\u5c04\u5230\u5176\u4e0b\u7684\u5de5\u4f5c\u7a7a\u95f4\u5219\u4e3a Workspace Admin\uff1b \u82e5\u5728 \u5de5\u4f5c\u7a7a\u95f4\u4e0e\u5c42\u7ea7 -> \u8d44\u6e90\u7ec4 \u4e2d\u7ed1\u5b9a\u4e86 Namespace\uff0c\u5219\u6620\u5c04\u540e\u8be5\u7528\u6237/\u7528\u6237\u7ec4\u540c\u65f6\u8fd8\u662f Namespace Admin\u3002
Note
\u6587\u4ef6\u5939\u7684\u6743\u9650\u6620\u5c04\u80fd\u529b\u4e0d\u4f1a\u4f5c\u7528\u5230\u5171\u4eab\u8d44\u6e90\u4e0a\uff0c\u56e0\u4e3a\u5171\u4eab\u662f\u5c06\u96c6\u7fa4\u7684\u4f7f\u7528\u6743\u9650\u5171\u4eab\u7ed9\u591a\u4e2a\u5de5\u4f5c\u7a7a\u95f4\uff0c\u800c\u4e0d\u662f\u5c06\u7ba1\u7406\u6743\u9650\u53d7\u8ba9\u7ed9\u5de5\u4f5c\u7a7a\u95f4\uff0c\u56e0\u6b64\u4e0d\u4f1a\u5b9e\u73b0\u6743\u9650\u7ee7\u627f\u548c\u89d2\u8272\u6620\u5c04\u3002
"},{"location":"admin/ghippo/workspace/folder-permission.html#_2","title":"\u5e94\u7528\u573a\u666f","text":"\u6587\u4ef6\u5939\u5177\u6709\u5c42\u7ea7\u80fd\u529b\uff0c\u56e0\u6b64\u5c06\u6587\u4ef6\u5939\u5bf9\u5e94\u4e8e\u4f01\u4e1a\u4e2d\u7684\u90e8\u95e8/\u4f9b\u5e94\u5546/\u9879\u76ee\u7b49\u5c42\u7ea7\u65f6\uff0c
\u6587\u4ef6\u5939\u5177\u6709\u6743\u9650\u6620\u5c04\u80fd\u529b\uff0c\u80fd\u591f\u5c06\u7528\u6237/\u7528\u6237\u7ec4\u5728\u672c\u6587\u4ef6\u5939\u7684\u6743\u9650\u6620\u5c04\u5230\u5176\u4e0b\u7684\u5b50\u6587\u4ef6\u5939\u3001\u5de5\u4f5c\u7a7a\u95f4\u4ee5\u53ca\u8d44\u6e90\u4e0a\u3002
\u53c2\u7167\u4ee5\u4e0b\u6b65\u9aa4\u521b\u5efa\u4e00\u4e2a\u6587\u4ef6\u5939\u3002
\u4f7f\u7528 admin/folder admin \u89d2\u8272\u7684\u7528\u6237\u767b\u5f55 AI \u7b97\u529b\u5e73\u53f0\uff0c\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u5e95\u90e8\u7684 \u5168\u5c40\u7ba1\u7406 -> \u5de5\u4f5c\u7a7a\u95f4\u4e0e\u5c42\u7ea7 \u3002
\u70b9\u51fb\u53f3\u4e0a\u89d2\u7684 \u521b\u5efa\u6587\u4ef6\u5939 \u6309\u94ae\u3002
\u586b\u5199\u6587\u4ef6\u5939\u540d\u79f0\u3001\u4e0a\u4e00\u7ea7\u6587\u4ef6\u5939\u7b49\u4fe1\u606f\u540e\uff0c\u70b9\u51fb \u786e\u5b9a \uff0c\u5b8c\u6210\u521b\u5efa\u6587\u4ef6\u5939\u3002
Tip
\u521b\u5efa\u6210\u529f\u540e\u6587\u4ef6\u5939\u540d\u79f0\u5c06\u663e\u793a\u5728\u5de6\u4fa7\u7684\u6811\u72b6\u7ed3\u6784\u4e2d\uff0c\u4ee5\u4e0d\u540c\u7684\u56fe\u6807\u8868\u793a\u5de5\u4f5c\u7a7a\u95f4\u548c\u6587\u4ef6\u5939\u3002
Note
\u9009\u4e2d\u67d0\u4e00\u4e2a\u6587\u4ef6\u5939\u6216\u6587\u4ef6\u5939\uff0c\u70b9\u51fb\u53f3\u4fa7\u7684 \u2507 \u53ef\u4ee5\u8fdb\u884c\u7f16\u8f91\u6216\u5220\u9664\u3002
\u5f53\u8be5\u6587\u4ef6\u5939\u4e0b\u8d44\u6e90\u7ec4\u3001\u5171\u4eab\u8d44\u6e90\u4e2d\u5b58\u5728\u8d44\u6e90\u65f6\uff0c\u8be5\u6587\u4ef6\u5939\u65e0\u6cd5\u88ab\u5220\u9664\uff0c\u9700\u8981\u5c06\u6240\u6709\u8d44\u6e90\u89e3\u7ed1\u540e\u518d\u5220\u9664\u3002
\u5f53\u5fae\u670d\u52a1\u5f15\u64ce\u6a21\u5757\u5728\u8be5\u6587\u4ef6\u5939\u4e0b\u5b58\u5728\u63a5\u5165\u6ce8\u518c\u4e2d\u5fc3\u8d44\u6e90\u65f6\uff0c\u8be5\u6587\u4ef6\u5939\u65e0\u6cd5\u88ab\u5220\u9664\uff0c\u9700\u8981\u5c06\u6240\u6709\u63a5\u5165\u6ce8\u518c\u4e2d\u5fc3\u79fb\u9664\u540e\u518d\u5220\u9664\u6587\u4ef6\u5939\u3002
\u5171\u4eab\u8d44\u6e90\u5e76\u975e\u610f\u5473\u7740\u88ab\u5171\u4eab\u8005\u53ef\u4ee5\u65e0\u9650\u5236\u5730\u4f7f\u7528\u88ab\u5171\u4eab\u7684\u8d44\u6e90\u3002 Admin\u3001Kpanda Owner \u548c Workspace Admin \u53ef\u4ee5\u901a\u8fc7\u5171\u4eab\u8d44\u6e90\u4e2d\u7684 \u8d44\u6e90\u914d\u989d \u529f\u80fd\u9650\u5236\u67d0\u4e2a\u7528\u6237\u7684\u6700\u5927\u4f7f\u7528\u989d\u5ea6\u3002 \u82e5\u4e0d\u9650\u5236\uff0c\u5219\u8868\u793a\u53ef\u4ee5\u65e0\u9650\u5236\u4f7f\u7528\u3002
\u4e00\u4e2a\u8d44\u6e90\uff08\u96c6\u7fa4\uff09\u53ef\u4ee5\u88ab\u591a\u4e2a\u5de5\u4f5c\u7a7a\u95f4\u5171\u4eab\uff0c\u4e00\u4e2a\u5de5\u4f5c\u7a7a\u95f4\u4e5f\u53ef\u4ee5\u540c\u65f6\u4f7f\u7528\u591a\u4e2a\u5171\u4eab\u96c6\u7fa4\u4e2d\u7684\u8d44\u6e90\u3002
"},{"location":"admin/ghippo/workspace/quota.html#_1","title":"\u8d44\u6e90\u7ec4\u548c\u5171\u4eab\u8d44\u6e90","text":"\u5171\u4eab\u8d44\u6e90\u548c\u8d44\u6e90\u7ec4\u4e2d\u7684\u96c6\u7fa4\u8d44\u6e90\u5747\u6765\u81ea\u5bb9\u5668\u7ba1\u7406\uff0c\u4f46\u662f\u96c6\u7fa4\u7ed1\u5b9a\u548c\u5171\u4eab\u7ed9\u540c\u4e00\u4e2a\u5de5\u4f5c\u7a7a\u95f4\u5c06\u4f1a\u4ea7\u751f\u4e24\u79cd\u622a\u7136\u4e0d\u540c\u7684\u6548\u679c\u3002
\u7ed1\u5b9a\u8d44\u6e90
\u4f7f\u5de5\u4f5c\u7a7a\u95f4\u4e2d\u7684\u7528\u6237/\u7528\u6237\u7ec4\u5177\u6709\u8be5\u96c6\u7fa4\u7684\u5168\u90e8\u7ba1\u7406\u548c\u4f7f\u7528\u6743\u9650\uff0cWorkspace Admin \u5c06\u88ab\u6620\u5c04\u4e3a Cluster Admin\u3002 Workspace Admin \u80fd\u591f\u8fdb\u5165\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u7ba1\u7406\u8be5\u96c6\u7fa4\u3002
Note
\u5f53\u524d\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u6682\u65e0 Cluster Editor \u548c Cluster Viewer \u89d2\u8272\uff0c\u56e0\u6b64 Workspace Editor\u3001Workspace Viewer \u8fd8\u65e0\u6cd5\u6620\u5c04\u3002
\u65b0\u589e\u5171\u4eab\u8d44\u6e90
\u4f7f\u5de5\u4f5c\u7a7a\u95f4\u4e2d\u7684\u7528\u6237/\u7528\u6237\u7ec4\u5177\u6709\u8be5\u96c6\u7fa4\u8d44\u6e90\u7684\u4f7f\u7528\u6743\u9650\uff0c\u8fd9\u4e9b\u8d44\u6e90\u53ef\u4ee5\u5728\u521b\u5efa\u547d\u540d\u7a7a\u95f4\uff08Namespace\uff09\u65f6\u4f7f\u7528\u3002
\u4e0e\u8d44\u6e90\u7ec4\u4e0d\u540c\uff0c\u5c06\u96c6\u7fa4\u5171\u4eab\u5230\u5de5\u4f5c\u7a7a\u95f4\u65f6\uff0c\u7528\u6237\u5728\u5de5\u4f5c\u7a7a\u95f4\u7684\u89d2\u8272\u4e0d\u4f1a\u6620\u5c04\u5230\u8d44\u6e90\u4e0a\uff0c\u56e0\u6b64 Workspace Admin \u4e0d\u4f1a\u88ab\u6620\u5c04\u4e3a Cluster admin\u3002
\u672c\u8282\u5c55\u793a 3 \u4e2a\u4e0e\u8d44\u6e90\u914d\u989d\u6709\u5173\u7684\u573a\u666f\u3002
"},{"location":"admin/ghippo/workspace/quota.html#_2","title":"\u521b\u5efa\u547d\u540d\u7a7a\u95f4","text":"\u521b\u5efa\u547d\u540d\u7a7a\u95f4\u65f6\u4f1a\u6d89\u53ca\u5230\u8d44\u6e90\u914d\u989d\u3002
\u5728\u5de5\u4f5c\u7a7a\u95f4 ws01 \u65b0\u589e\u4e00\u4e2a\u5171\u4eab\u96c6\u7fa4\u3002
\u5728\u5e94\u7528\u5de5\u4f5c\u53f0\u9009\u62e9\u5de5\u4f5c\u7a7a\u95f4 ws01 \u548c\u5171\u4eab\u96c6\u7fa4\uff0c\u521b\u5efa\u547d\u540d\u7a7a\u95f4 ns01\u3002
\u524d\u63d0\uff1a\u5de5\u4f5c\u7a7a\u95f4 ws01 \u5df2\u65b0\u589e\u5171\u4eab\u96c6\u7fa4\uff0c\u64cd\u4f5c\u8005\u4e3a Workspace Admin + Kpanda Owner \u6216 Admin \u89d2\u8272\u3002
\u4ee5\u4e0b\u4e24\u79cd\u7ed1\u5b9a\u65b9\u5f0f\u7684\u6548\u679c\u76f8\u540c\u3002
\u5728\u5bb9\u5668\u7ba1\u7406\u4e2d\u5c06\u521b\u5efa\u7684\u547d\u540d\u7a7a\u95f4 ns01 \u7ed1\u5b9a\u5230 ws01
\u5728\u5168\u5c40\u7ba1\u7406\u4e2d\uff0c\u5c06\u547d\u540d\u7a7a\u95f4 ns01 \u7ed1\u5b9a\u5230 ws01
\u4ee5\u4e0b\u4e24\u79cd\u89e3\u7ed1\u65b9\u5f0f\u7684\u6548\u679c\u76f8\u540c\u3002
\u5728\u5bb9\u5668\u7ba1\u7406\u4e2d\u5c06\u547d\u540d\u7a7a\u95f4 ns01 \u4ece\u5de5\u4f5c\u7a7a\u95f4 ws01 \u89e3\u7ed1
\u5728\u5168\u5c40\u7ba1\u7406\u4e2d\u5c06\u547d\u540d\u7a7a\u95f4 ns01 \u4ece\u5de5\u4f5c\u7a7a\u95f4 ws01 \u89e3\u7ed1
\u8d44\u6e90\u7ec4\u4e0e\u5171\u4eab\u8d44\u6e90\u5747\u652f\u6301\u7ed1\u5b9a\u96c6\u7fa4\uff0c\u4f46\u4f7f\u7528\u4e0a\u5b58\u5728\u5f88\u5927\u533a\u522b\u3002
"},{"location":"admin/ghippo/workspace/res-gp-and-shared-res.html#_2","title":"\u4f7f\u7528\u573a\u666f\u533a\u522b","text":"\u8bf4\u660e\uff1a\u5728\u8be5\u573a\u666f\u4e2d\uff0c\u9700\u8981\u5e73\u53f0\u7ba1\u7406\u5458\u5bf9\u4e8c\u7ea7\u4f9b\u5e94\u5546\u8fdb\u884c\u8d44\u6e90\u9650\u5236\uff0c\u6682\u65f6\u8fd8\u4e0d\u652f\u6301\u4e00\u7ea7\u4f9b\u5e94\u5546\u9650\u5236\u4e8c\u7ea7\u4f9b\u5e94\u5546\u7684\u96c6\u7fa4\u989d\u5ea6\u3002
"},{"location":"admin/ghippo/workspace/res-gp-and-shared-res.html#_3","title":"\u96c6\u7fa4\u989d\u5ea6\u7684\u4f7f\u7528\u533a\u522b","text":"\u5728\u8d44\u6e90\u7ec4/\u5171\u4eab\u8d44\u6e90\u7ed1\u5b9a\u96c6\u7fa4\u540e\u90fd\u53ef\u4ee5\u524d\u5f80\u5e94\u7528\u5de5\u4f5c\u53f0\u521b\u5efa\u547d\u540d\u7a7a\u95f4\uff0c\u521b\u5efa\u540e\u547d\u540d\u7a7a\u95f4\u5c06\u81ea\u52a8\u7ed1\u5b9a\u5230\u5de5\u4f5c\u7a7a\u95f4\u3002
"},{"location":"admin/ghippo/workspace/workspace.html","title":"\u521b\u5efa/\u5220\u9664\u5de5\u4f5c\u7a7a\u95f4","text":"\u5de5\u4f5c\u7a7a\u95f4\u662f\u4e00\u79cd\u8d44\u6e90\u8303\u7574\uff0c\u4ee3\u8868\u4e00\u79cd\u8d44\u6e90\u5c42\u7ea7\u5173\u7cfb\u3002 \u5de5\u4f5c\u7a7a\u95f4\u53ef\u4ee5\u5305\u542b\u96c6\u7fa4\u3001\u547d\u540d\u7a7a\u95f4\u3001\u6ce8\u518c\u4e2d\u5fc3\u7b49\u8d44\u6e90\u3002 \u901a\u5e38\u4e00\u4e2a\u5de5\u4f5c\u7a7a\u95f4\u5bf9\u5e94\u4e00\u4e2a\u9879\u76ee\uff0c\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u5de5\u4f5c\u7a7a\u95f4\u5206\u914d\u4e0d\u540c\u7684\u8d44\u6e90\uff0c\u6307\u6d3e\u4e0d\u540c\u7684\u7528\u6237\u548c\u7528\u6237\u7ec4\u3002
\u53c2\u7167\u4ee5\u4e0b\u6b65\u9aa4\u521b\u5efa\u4e00\u4e2a\u5de5\u4f5c\u7a7a\u95f4\u3002
\u4f7f\u7528 admin/folder admin \u89d2\u8272\u7684\u7528\u6237\u767b\u5f55 AI \u7b97\u529b\u5e73\u53f0\uff0c\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u5e95\u90e8\u7684 \u5168\u5c40\u7ba1\u7406 -> \u5de5\u4f5c\u7a7a\u95f4\u4e0e\u5c42\u7ea7 \u3002
\u70b9\u51fb\u53f3\u4e0a\u89d2\u7684 \u521b\u5efa\u5de5\u4f5c\u7a7a\u95f4 \u6309\u94ae\u3002
\u586b\u5199\u5de5\u4f5c\u7a7a\u95f4\u540d\u79f0\u3001\u6240\u5c5e\u6587\u4ef6\u5939\u7b49\u4fe1\u606f\u540e\uff0c\u70b9\u51fb \u786e\u5b9a \uff0c\u5b8c\u6210\u521b\u5efa\u5de5\u4f5c\u7a7a\u95f4\u3002
Tip
\u521b\u5efa\u6210\u529f\u540e\u5de5\u4f5c\u7a7a\u95f4\u540d\u79f0\u5c06\u663e\u793a\u5728\u5de6\u4fa7\u7684\u6811\u72b6\u7ed3\u6784\u4e2d\uff0c\u4ee5\u4e0d\u540c\u7684\u56fe\u6807\u8868\u793a\u6587\u4ef6\u5939\u548c\u5de5\u4f5c\u7a7a\u95f4\u3002
Note
\u9009\u4e2d\u67d0\u4e00\u4e2a\u5de5\u4f5c\u7a7a\u95f4\u6216\u6587\u4ef6\u5939\uff0c\u70b9\u51fb\u53f3\u4fa7\u7684 ... \u53ef\u4ee5\u8fdb\u884c\u7f16\u8f91\u6216\u5220\u9664\u3002
\u5de5\u4f5c\u7a7a\u95f4\u4e0e\u5c42\u7ea7 \u662f\u4e00\u4e2a\u5177\u6709\u5c42\u7ea7\u7684\u8d44\u6e90\u9694\u79bb\u548c\u8d44\u6e90\u5206\u7ec4\u7279\u6027\uff0c\u4e3b\u8981\u89e3\u51b3\u8d44\u6e90\u7edf\u4e00\u6388\u6743\u3001\u8d44\u6e90\u5206\u7ec4\u4ee5\u53ca\u8d44\u6e90\u9650\u989d\u95ee\u9898\u3002
\u5de5\u4f5c\u7a7a\u95f4\u4e0e\u5c42\u7ea7 \u6709\u4e24\u4e2a\u6982\u5ff5\uff1a\u5de5\u4f5c\u7a7a\u95f4\u548c\u6587\u4ef6\u5939\u3002
"},{"location":"admin/ghippo/workspace/ws-folder.html#_2","title":"\u5de5\u4f5c\u7a7a\u95f4","text":"\u5de5\u4f5c\u7a7a\u95f4\u53ef\u901a\u8fc7 \u6388\u6743 \u3001 \u8d44\u6e90\u7ec4 \u548c \u5171\u4eab\u8d44\u6e90 \u6765\u7ba1\u7406\u8d44\u6e90\uff0c\u4f7f\u7528\u6237\uff08\u7528\u6237\u7ec4\uff09\u4e4b\u95f4\u80fd\u591f\u5171\u4eab\u5de5\u4f5c\u7a7a\u95f4\u4e2d\u7684\u8d44\u6e90\u3002
\u8d44\u6e90
\u8d44\u6e90\u5904\u4e8e\u8d44\u6e90\u7ba1\u7406\u6a21\u5757\u5c42\u7ea7\u7ed3\u6784\u7684\u6700\u4f4e\u5c42\u7ea7\uff0c\u8d44\u6e90\u5305\u62ec Cluster\u3001Namespace\u3001Pipeline\u3001\u7f51\u5173\u7b49\u3002 \u6240\u6709\u8fd9\u4e9b\u8d44\u6e90\u7684\u7236\u7ea7\u53ea\u80fd\u662f\u5de5\u4f5c\u7a7a\u95f4\uff0c\u800c\u5de5\u4f5c\u7a7a\u95f4\u4f5c\u4e3a\u8d44\u6e90\u5bb9\u5668\u662f\u4e00\u79cd\u8d44\u6e90\u5206\u7ec4\u5355\u4f4d\u3002
\u5de5\u4f5c\u7a7a\u95f4
\u5de5\u4f5c\u7a7a\u95f4\u901a\u5e38\u4ee3\u6307\u4e00\u4e2a\u9879\u76ee\u6216\u73af\u5883\uff0c\u6bcf\u4e2a\u5de5\u4f5c\u7a7a\u95f4\u7684\u8d44\u6e90\u76f8\u5bf9\u4e8e\u5176\u4ed6\u5de5\u4f5c\u7a7a\u95f4\u4e2d\u7684\u8d44\u6e90\u65f6\u903b\u8f91\u9694\u79bb\u7684\u3002 \u60a8\u53ef\u4ee5\u901a\u8fc7\u5de5\u4f5c\u7a7a\u95f4\u4e2d\u7684\u6388\u6743\uff0c\u6388\u4e88\u7528\u6237\uff08\u7528\u6237\u7ec4\uff09\u540c\u4e00\u7ec4\u8d44\u6e90\u7684\u4e0d\u540c\u8bbf\u95ee\u6743\u9650\u3002
\u4ece\u5c42\u6b21\u7ed3\u6784\u7684\u5e95\u5c42\u7b97\u8d77\uff0c\u5de5\u4f5c\u7a7a\u95f4\u4f4d\u4e8e\u7b2c\u4e00\u5c42\uff0c\u4e14\u5305\u542b\u8d44\u6e90\u3002 \u9664\u5171\u4eab\u8d44\u6e90\u5916\uff0c\u6240\u6709\u8d44\u6e90\u6709\u4e14\u4ec5\u6709\u4e00\u4e2a\u7236\u9879\u3002\u6240\u6709\u5de5\u4f5c\u7a7a\u95f4\u4e5f\u6709\u4e14\u4ec5\u6709\u4e00\u4e2a\u7236\u7ea7\u6587\u4ef6\u5939\u3002
\u8d44\u6e90\u901a\u8fc7\u5de5\u4f5c\u7a7a\u95f4\u8fdb\u884c\u5206\u7ec4\uff0c\u800c\u5de5\u4f5c\u7a7a\u95f4\u4e2d\u5b58\u5728\u4e24\u79cd\u5206\u7ec4\u6a21\u5f0f\uff0c\u5206\u522b\u662f \u8d44\u6e90\u7ec4 \u548c \u5171\u4eab\u8d44\u6e90 \u3002
\u8d44\u6e90\u7ec4
\u4e00\u4e2a\u8d44\u6e90\u53ea\u80fd\u52a0\u5165\u4e00\u4e2a\u8d44\u6e90\u7ec4\uff0c\u8d44\u6e90\u7ec4\u4e0e\u5de5\u4f5c\u7a7a\u95f4\u4e00\u4e00\u5bf9\u5e94\u3002 \u8d44\u6e90\u88ab\u52a0\u5165\u5230\u8d44\u6e90\u7ec4\u540e\uff0cWorkspace Admin \u5c06\u83b7\u5f97\u8d44\u6e90\u7684\u7ba1\u7406\u6743\u9650\uff0c\u76f8\u5f53\u4e8e\u8be5\u8d44\u6e90\u7684\u6240\u6709\u8005\u3002
\u5171\u4eab\u8d44\u6e90
\u800c\u5bf9\u4e8e\u5171\u4eab\u8d44\u6e90\u6765\u8bf4\uff0c\u591a\u4e2a\u5de5\u4f5c\u7a7a\u95f4\u53ef\u4ee5\u5171\u4eab\u540c\u4e00\u4e2a\u6216\u8005\u591a\u4e2a\u8d44\u6e90\u3002 \u8d44\u6e90\u7684\u6240\u6709\u8005\uff0c\u53ef\u4ee5\u9009\u62e9\u5c06\u81ea\u5df1\u62e5\u6709\u7684\u8d44\u6e90\u5171\u4eab\u7ed9\u5de5\u4f5c\u7a7a\u95f4\u4f7f\u7528\uff0c\u4e00\u822c\u5171\u4eab\u65f6\u8d44\u6e90\u6240\u6709\u8005\u4f1a\u9650\u5236\u88ab\u5171\u4eab\u5de5\u4f5c\u7a7a\u95f4\u80fd\u591f\u4f7f\u7528\u7684\u8d44\u6e90\u989d\u5ea6\u3002 \u8d44\u6e90\u88ab\u5171\u4eab\u540e\uff0cWorkspace Admin \u4ec5\u5177\u6709\u8d44\u6e90\u9650\u989d\u4e0b\u7684\u8d44\u6e90\u4f7f\u7528\u6743\u9650\uff0c\u65e0\u6cd5\u7ba1\u7406\u8d44\u6e90\u6216\u8005\u8c03\u6574\u5de5\u4f5c\u7a7a\u95f4\u80fd\u591f\u4f7f\u7528\u7684\u8d44\u6e90\u91cf\u3002
\u540c\u65f6\u5171\u4eab\u8d44\u6e90\u5bf9\u4e8e\u8d44\u6e90\u672c\u8eab\u4e5f\u5177\u6709\u4e00\u5b9a\u7684\u8981\u6c42\uff0c\u53ea\u6709 Cluster\uff08\u96c6\u7fa4\uff09\u8d44\u6e90\u53ef\u4ee5\u88ab\u5171\u4eab\u3002 Cluster Admin \u80fd\u591f\u5c06 Cluster \u8d44\u6e90\u5206\u4eab\u7ed9\u4e0d\u540c\u7684\u5de5\u4f5c\u7a7a\u95f4\u4f7f\u7528\uff0c\u5e76\u4e14\u9650\u5236\u5de5\u4f5c\u7a7a\u95f4\u5728\u6b64 Cluster \u4e0a\u7684\u4f7f\u7528\u989d\u5ea6\u3002
Workspace Admin \u5728\u8d44\u6e90\u9650\u989d\u5185\u80fd\u591f\u521b\u5efa\u591a\u4e2a Namespace\uff0c\u4f46\u662f Namespace \u7684\u8d44\u6e90\u989d\u5ea6\u603b\u548c\u4e0d\u80fd\u8d85\u8fc7 Cluster \u5728\u8be5\u5de5\u4f5c\u7a7a\u95f4\u7684\u8d44\u6e90\u9650\u989d\u3002 \u5bf9\u4e8e Kubernetes \u8d44\u6e90\uff0c\u5f53\u524d\u80fd\u591f\u5206\u4eab\u7684\u8d44\u6e90\u7c7b\u578b\u4ec5\u6709 Cluster\u3002
\u6587\u4ef6\u5939\u53ef\u7528\u4e8e\u6784\u5efa\u4f01\u4e1a\u4e1a\u52a1\u5c42\u7ea7\u5173\u7cfb\u3002
\u6587\u4ef6\u5939\u662f\u5728\u5de5\u4f5c\u7a7a\u95f4\u57fa\u7840\u4e4b\u4e0a\u7684\u8fdb\u4e00\u6b65\u5206\u7ec4\u673a\u5236\uff0c\u5177\u6709\u5c42\u7ea7\u7ed3\u6784\u3002 \u4e00\u4e2a\u6587\u4ef6\u5939\u53ef\u4ee5\u5305\u542b\u5de5\u4f5c\u7a7a\u95f4\u3001\u5176\u4ed6\u6587\u4ef6\u5939\u6216\u4e24\u8005\u7684\u7ec4\u5408\uff0c\u80fd\u591f\u5f62\u6210\u6811\u72b6\u7684\u7ec4\u7ec7\u5173\u7cfb\u3002
\u501f\u52a9\u6587\u4ef6\u5939\u60a8\u53ef\u4ee5\u6620\u5c04\u4f01\u4e1a\u4e1a\u52a1\u5c42\u7ea7\u5173\u7cfb\uff0c\u6309\u7167\u90e8\u95e8\u5bf9\u5de5\u4f5c\u7a7a\u95f4\u8fdb\u884c\u5206\u7ec4\u3002 \u6587\u4ef6\u5939\u4e0d\u76f4\u63a5\u4e0e\u8d44\u6e90\u6302\u94a9\uff0c\u800c\u662f\u901a\u8fc7\u5de5\u4f5c\u7a7a\u95f4\u95f4\u63a5\u5b9e\u73b0\u8d44\u6e90\u5206\u7ec4\u3002
\u6587\u4ef6\u5939\u6709\u4e14\u4ec5\u6709\u4e00\u4e2a\u7236\u7ea7\u6587\u4ef6\u5939\uff0c\u800c\u6839\u6587\u4ef6\u5939\u662f\u5c42\u6b21\u7ed3\u6784\u7684\u6700\u9ad8\u5c42\u7ea7\u3002 \u6839\u6587\u4ef6\u5939\u6ca1\u6709\u7236\u7ea7\uff0c\u6587\u4ef6\u5939\u548c\u5de5\u4f5c\u7a7a\u95f4\u5747\u6302\u9760\u5230\u6839\u6587\u4ef6\u5939\u4e0b\u3002
\u53e6\u5916\uff0c\u7528\u6237\uff08\u7528\u6237\u7ec4\uff09\u5728\u6587\u4ef6\u5939\u4e2d\u80fd\u591f\u901a\u8fc7\u5c42\u7ea7\u7ed3\u6784\u7ee7\u627f\u6765\u81ea\u7236\u9879\u7684\u6743\u9650\u3002 \u7528\u6237\u5728\u5c42\u6b21\u7ed3\u6784\u4e2d\u7684\u6743\u9650\u6765\u81ea\u5f53\u524d\u5c42\u7ea7\u7684\u6743\u9650\u4ee5\u53ca\u7ee7\u627f\u5176\u7236\u9879\u6743\u9650\u7684\u7ec4\u5408\u7ed3\u679c\uff0c\u6743\u9650\u4e4b\u95f4\u662f\u52a0\u5408\u5173\u7cfb\u4e0d\u5b58\u5728\u4e92\u65a5\u3002
"},{"location":"admin/ghippo/workspace/ws-permission.html","title":"\u5de5\u4f5c\u7a7a\u95f4\u6743\u9650\u8bf4\u660e","text":"\u5de5\u4f5c\u7a7a\u95f4\u5177\u6709\u6743\u9650\u6620\u5c04\u548c\u8d44\u6e90\u9694\u79bb\u80fd\u529b\uff0c\u80fd\u591f\u5c06\u7528\u6237/\u7528\u6237\u7ec4\u5728\u5de5\u4f5c\u7a7a\u95f4\u7684\u6743\u9650\u6620\u5c04\u5230\u5176\u4e0b\u7684\u8d44\u6e90\u4e0a\u3002 \u82e5\u7528\u6237/\u7528\u6237\u7ec4\u5728\u5de5\u4f5c\u7a7a\u95f4\u662f Workspace Admin \u89d2\u8272\uff0c\u540c\u65f6\u5de5\u4f5c\u7a7a\u95f4-\u8d44\u6e90\u7ec4\u4e2d\u7ed1\u5b9a\u4e86\u8d44\u6e90 Namespace\uff0c\u5219\u6620\u5c04\u540e\u8be5\u7528\u6237/\u7528\u6237\u7ec4\u5c06\u6210\u4e3a Namespace Admin\u3002
Note
\u5de5\u4f5c\u7a7a\u95f4\u7684\u6743\u9650\u6620\u5c04\u80fd\u529b\u4e0d\u4f1a\u4f5c\u7528\u5230\u5171\u4eab\u8d44\u6e90\u4e0a\uff0c\u56e0\u4e3a\u5171\u4eab\u662f\u5c06\u96c6\u7fa4\u7684\u4f7f\u7528\u6743\u9650\u5171\u4eab\u7ed9\u591a\u4e2a\u5de5\u4f5c\u7a7a\u95f4\uff0c\u800c\u4e0d\u662f\u5c06\u7ba1\u7406\u6743\u9650\u53d7\u8ba9\u7ed9\u5de5\u4f5c\u7a7a\u95f4\uff0c\u56e0\u6b64\u4e0d\u4f1a\u5b9e\u73b0\u6743\u9650\u7ee7\u627f\u548c\u89d2\u8272\u6620\u5c04\u3002
"},{"location":"admin/ghippo/workspace/ws-permission.html#_2","title":"\u5e94\u7528\u573a\u666f","text":"\u901a\u8fc7\u5c06\u8d44\u6e90\u7ed1\u5b9a\u5230\u4e0d\u540c\u7684\u5de5\u4f5c\u7a7a\u95f4\u80fd\u591f\u5b9e\u73b0\u8d44\u6e90\u9694\u79bb\u3002 \u56e0\u6b64\u501f\u52a9\u6743\u9650\u6620\u5c04\u3001\u8d44\u6e90\u9694\u79bb\u548c\u5171\u4eab\u8d44\u6e90\u80fd\u529b\u80fd\u591f\u5c06\u8d44\u6e90\u7075\u6d3b\u5206\u914d\u7ed9\u5404\u4e2a\u5de5\u4f5c\u7a7a\u95f4\uff08\u79df\u6237\uff09\u3002
\u901a\u5e38\u9002\u7528\u4e8e\u4ee5\u4e0b\u4e24\u4e2a\u573a\u666f\uff1a
\u96c6\u7fa4\u4e00\u5bf9\u4e00
\u666e\u901a\u96c6\u7fa4 \u90e8\u95e8/\u79df\u6237\uff08\u5de5\u4f5c\u7a7a\u95f4\uff09 \u7528\u9014 \u96c6\u7fa4 01 A \u7ba1\u7406\u548c\u4f7f\u7528 \u96c6\u7fa4 02 B \u7ba1\u7406\u548c\u4f7f\u7528\u96c6\u7fa4\u4e00\u5bf9\u591a
\u96c6\u7fa4 \u90e8\u95e8/\u79df\u6237\uff08\u5de5\u4f5c\u7a7a\u95f4\uff09 \u8d44\u6e90\u9650\u989d \u96c6\u7fa4 01 A 100 \u6838 CPU B 50 \u6838 CPU\u5047\u5982\u7528\u6237\u5c0f\u660e\uff08\u201c\u5c0f\u660e\u201d\u4ee3\u8868\u4efb\u4f55\u6709\u8d44\u6e90\u7ed1\u5b9a\u9700\u6c42\u7684\u7528\u6237\uff09\u5df2\u7ecf\u5177\u5907\u4e86 Workspace Admin \u89d2\u8272\u6216\u5df2\u901a\u8fc7\u81ea\u5b9a\u4e49\u89d2\u8272\u6388\u6743\uff0c \u540c\u65f6\u81ea\u5b9a\u4e49\u89d2\u8272\u4e2d\u5305\u542b\u5de5\u4f5c\u7a7a\u95f4\u7684\u201c\u8d44\u6e90\u7ed1\u5b9a\u201d\u6743\u9650\uff0c\u5e0c\u671b\u5c06\u67d0\u4e2a\u96c6\u7fa4\u6216\u8005\u67d0\u4e2a\u547d\u540d\u7a7a\u95f4\u7ed1\u5b9a\u5230\u5176\u6240\u5728\u7684\u5de5\u4f5c\u7a7a\u95f4\u4e2d\u3002
\u8981\u5c06\u96c6\u7fa4/\u547d\u540d\u7a7a\u95f4\u8d44\u6e90\u7ed1\u5b9a\u5230\u5de5\u4f5c\u7a7a\u95f4\uff0c\u4e0d\u4ec5\u9700\u8981\u8be5\u5de5\u4f5c\u7a7a\u95f4\u7684\u201c\u8d44\u6e90\u7ed1\u5b9a\u201d\u6743\u9650\uff0c\u8fd8\u9700\u8981 Cluster Admin \u7684\u8d44\u6e90\u6743\u9650\u3002
"},{"location":"admin/ghippo/workspace/wsbind-permission.html#_2","title":"\u7ed9\u5c0f\u660e\u6388\u6743","text":"\u4f7f\u7528\u5e73\u53f0 Admin \u89d2\u8272\uff0c \u5728 \u5de5\u4f5c\u7a7a\u95f4 -> \u6388\u6743 \u9875\u9762\u7ed9\u5c0f\u660e\u6388\u4e88 Workspace Admin \u89d2\u8272\u3002
\u7136\u540e\u5728 \u5bb9\u5668\u7ba1\u7406 -> \u6743\u9650\u7ba1\u7406 \u9875\u9762\uff0c\u901a\u8fc7 \u6dfb\u52a0\u6388\u6743 \u5c06\u5c0f\u660e\u6388\u6743\u4e3a Cluster Admin\u3002
\u4f7f\u7528\u5c0f\u660e\u7684\u8d26\u53f7\u767b\u5f55 AI \u7b97\u529b\u5e73\u53f0\uff0c\u5728 \u5bb9\u5668\u7ba1\u7406 -> \u96c6\u7fa4\u5217\u8868 \u9875\u9762\uff0c\u901a\u8fc7 \u7ed1\u5b9a\u5de5\u4f5c\u7a7a\u95f4 \u529f\u80fd\uff0c \u5c0f\u660e\u53ef\u4ee5\u5c06\u6307\u5b9a\u96c6\u7fa4\u7ed1\u5b9a\u5230\u81ea\u5df1\u7684\u5de5\u4f5c\u7a7a\u95f4\u4e2d\u3002
Note
\u5c0f\u660e\u80fd\u4e14\u53ea\u80fd\u5728\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u5c06\u96c6\u7fa4\u6216\u8005\u8be5\u96c6\u7fa4\u4e0b\u7684\u547d\u540d\u7a7a\u95f4\u7ed1\u5b9a\u5230\u67d0\u4e2a\u5de5\u4f5c\u7a7a\u95f4\uff0c\u65e0\u6cd5\u5728\u5168\u5c40\u7ba1\u7406\u6a21\u5757\u5b8c\u6210\u6b64\u64cd\u4f5c\u3002
\u7ed1\u5b9a\u547d\u540d\u7a7a\u95f4\u5230\u5de5\u4f5c\u7a7a\u95f4\u4e5f\u81f3\u5c11\u9700\u8981 Workspace Admin + Cluster Admin \u6743\u9650\u3002
"},{"location":"admin/host/createhost.html","title":"\u521b\u5efa\u548c\u542f\u52a8\u4e91\u4e3b\u673a","text":"\u7528\u6237\u5b8c\u6210\u6ce8\u518c\uff0c\u4e3a\u5176\u5206\u914d\u4e86\u5de5\u4f5c\u7a7a\u95f4\u3001\u547d\u540d\u7a7a\u95f4\u548c\u8d44\u6e90\u540e\uff0c\u5373\u53ef\u4ee5\u521b\u5efa\u5e76\u542f\u52a8\u4e91\u4e3b\u673a\u3002
"},{"location":"admin/host/createhost.html#_2","title":"\u524d\u7f6e\u6761\u4ef6","text":"\u70b9\u51fb \u521b\u5efa\u4e91\u4e3b\u673a -> \u901a\u8fc7\u6a21\u677f\u521b\u5efa
\u5b9a\u4e49\u7684\u4e91\u4e3b\u673a\u5404\u9879\u914d\u7f6e\u540e\u70b9\u51fb \u4e0b\u4e00\u6b65
\u57fa\u672c\u914d\u7f6e\u6a21\u677f\u914d\u7f6e\u5b58\u50a8\u4e0e\u7f51\u7edc\u914d\u7f6e root \u5bc6\u7801\u6216 ssh \u5bc6\u94a5\u540e\u70b9\u51fb \u786e\u5b9a
\u8fd4\u56de\u4e3b\u673a\u5217\u8868\uff0c\u7b49\u5f85\u72b6\u6001\u53d8\u4e3a \u8fd0\u884c\u4e2d \u4e4b\u540e\uff0c\u53ef\u4ee5\u901a\u8fc7\u53f3\u4fa7\u7684 \u2507 \u542f\u52a8\u4e3b\u673a\u3002
\u4e0b\u4e00\u6b65\uff1a\u4f7f\u7528\u4e91\u4e3b\u673a
"},{"location":"admin/host/usehost.html","title":"\u4f7f\u7528\u4e91\u4e3b\u673a","text":"\u521b\u5efa\u5e76\u542f\u52a8\u4e91\u4e3b\u673a\u4e4b\u540e\uff0c\u7528\u6237\u5c31\u53ef\u4ee5\u5f00\u59cb\u4f7f\u7528\u4e91\u4e3b\u673a\u3002
"},{"location":"admin/host/usehost.html#_2","title":"\u524d\u7f6e\u6761\u4ef6","text":"\u5bfc\u822a\u5230 \u5bb9\u5668\u7ba1\u7406 -> \u5bb9\u5668\u7f51\u7edc -> \u670d\u52a1 \uff0c\u70b9\u51fb\u670d\u52a1\u7684\u540d\u79f0\uff0c\u8fdb\u5165\u670d\u52a1\u8be6\u60c5\u9875\uff0c\u5728\u53f3\u4e0a\u89d2\u70b9\u51fb \u66f4\u65b0
\u66f4\u6539\u7aef\u53e3\u8303\u56f4\u4e3a 30900-30999\uff0c\u4f46\u4e0d\u80fd\u51b2\u7a81\u3002
\u4ee5\u7ec8\u7aef\u7528\u6237\u767b\u5f55 AI \u7b97\u529b\u5e73\u53f0\uff0c\u5bfc\u822a\u5230\u5bf9\u5e94\u7684\u670d\u52a1\uff0c\u67e5\u770b\u8bbf\u95ee\u7aef\u53e3\u3002
\u5728\u5916\u7f51\u4f7f\u7528 SSH \u5ba2\u6237\u7aef\u767b\u5f55\u4e91\u4e3b\u673a
\u81f3\u6b64\uff0c\u4f60\u53ef\u4ee5\u5728\u4e91\u4e3b\u673a\u4e0a\u6267\u884c\u5404\u9879\u64cd\u4f5c\u3002
\u4e0b\u4e00\u6b65\uff1a\u4e91\u8d44\u6e90\u5171\u4eab\uff1a\u914d\u989d\u7ba1\u7406
"},{"location":"admin/insight/alert-center/index.html","title":"\u544a\u8b66\u4e2d\u5fc3","text":"\u544a\u8b66\u4e2d\u5fc3\u662f AI \u7b97\u529b\u5e73\u53f0 \u63d0\u4f9b\u7684\u4e00\u4e2a\u91cd\u8981\u529f\u80fd\uff0c\u5b83\u8ba9\u7528\u6237\u53ef\u4ee5\u901a\u8fc7\u56fe\u5f62\u754c\u9762\u65b9\u4fbf\u5730\u6309\u7167\u96c6\u7fa4\u548c\u547d\u540d\u7a7a\u95f4\u67e5\u770b\u6240\u6709\u6d3b\u52a8\u548c\u5386\u53f2\u544a\u8b66\uff0c \u5e76\u6839\u636e\u544a\u8b66\u7ea7\u522b\uff08\u7d27\u6025\u3001\u8b66\u544a\u3001\u63d0\u793a\uff09\u6765\u641c\u7d22\u544a\u8b66\u3002
\u6240\u6709\u544a\u8b66\u90fd\u662f\u57fa\u4e8e\u9884\u8bbe\u7684\u544a\u8b66\u89c4\u5219\u8bbe\u5b9a\u7684\u9608\u503c\u6761\u4ef6\u89e6\u53d1\u7684\u3002\u5728 AI \u7b97\u529b\u5e73\u53f0\u4e2d\uff0c\u5185\u7f6e\u4e86\u4e00\u4e9b\u5168\u5c40\u544a\u8b66\u7b56\u7565\uff0c\u540c\u65f6\u60a8\u4e5f\u53ef\u4ee5\u968f\u65f6\u521b\u5efa\u3001\u5220\u9664\u544a\u8b66\u7b56\u7565\uff0c\u5bf9\u4ee5\u4e0b\u6307\u6807\u8fdb\u884c\u8bbe\u7f6e\uff1a
\u8fd8\u53ef\u4ee5\u4e3a\u544a\u8b66\u89c4\u5219\u6dfb\u52a0\u6807\u7b7e\u548c\u6ce8\u89e3\u3002\u544a\u8b66\u89c4\u5219\u5206\u4e3a\u6d3b\u8dc3\u548c\u8fc7\u671f\u89c4\u5219\uff0c\u652f\u6301\u542f\u7528/\u7981\u7528\u67d0\u4e9b\u89c4\u5219\u6765\u5b9e\u73b0\u544a\u8b66\u9759\u9ed8\u3002
\u5f53\u8fbe\u5230\u9608\u503c\u6761\u4ef6\u540e\uff0c\u53ef\u4ee5\u914d\u7f6e\u544a\u8b66\u901a\u77e5\u65b9\u5f0f\uff0c\u5305\u62ec\u90ae\u4ef6\u3001\u9489\u9489\u3001\u4f01\u4e1a\u5fae\u4fe1\u3001Webhook \u548c\u77ed\u4fe1\u901a\u77e5\u3002 \u6240\u6709\u901a\u77e5\u7684\u6d88\u606f\u6a21\u677f\u90fd\u53ef\u4ee5\u81ea\u5b9a\u4e49\uff0c\u540c\u65f6\u8fd8\u652f\u6301\u6309\u8bbe\u5b9a\u7684\u95f4\u9694\u65f6\u95f4\u53d1\u9001\u901a\u77e5\u3002
\u6b64\u5916\uff0c\u544a\u8b66\u4e2d\u5fc3\u8fd8\u652f\u6301\u901a\u8fc7\u963f\u91cc\u4e91\u3001\u817e\u8baf\u4e91\u7b49\u63d0\u4f9b\u7684\u77ed\u4fe1\u670d\u52a1\u5c06\u544a\u8b66\u6d88\u606f\u53d1\u9001\u7ed9\u6307\u5b9a\u7528\u6237\uff0c\u5b9e\u73b0\u591a\u79cd\u65b9\u5f0f\u7684\u544a\u8b66\u901a\u77e5\u3002
AI \u7b97\u529b\u5e73\u53f0 \u544a\u8b66\u4e2d\u5fc3\u662f\u4e00\u4e2a\u529f\u80fd\u5f3a\u5927\u7684\u544a\u8b66\u7ba1\u7406\u5e73\u53f0\uff0c\u53ef\u5e2e\u52a9\u7528\u6237\u53ca\u65f6\u53d1\u73b0\u548c\u89e3\u51b3\u96c6\u7fa4\u4e2d\u51fa\u73b0\u7684\u95ee\u9898\uff0c \u63d0\u9ad8\u4e1a\u52a1\u7a33\u5b9a\u6027\u548c\u53ef\u7528\u6027\uff0c\u4fbf\u4e8e\u96c6\u7fa4\u5de1\u68c0\u548c\u6545\u969c\u6392\u67e5\u3002
"},{"location":"admin/insight/alert-center/alert-policy.html","title":"\u544a\u8b66\u7b56\u7565","text":"\u544a\u8b66\u7b56\u7565\u662f\u5728\u53ef\u89c2\u6d4b\u6027\u7cfb\u7edf\u4e2d\u5b9a\u4e49\u7684\u4e00\u7ec4\u89c4\u5219\u548c\u6761\u4ef6\uff0c\u7528\u4e8e\u68c0\u6d4b\u548c\u89e6\u53d1\u8b66\u62a5\uff0c\u4ee5\u4fbf\u5728\u7cfb\u7edf\u51fa\u73b0\u5f02\u5e38\u6216\u8fbe\u5230\u9884\u5b9a\u7684\u9608\u503c\u65f6\u53ca\u65f6\u901a\u77e5\u76f8\u5173\u4eba\u5458\u6216\u7cfb\u7edf\u3002
\u6bcf\u6761\u544a\u8b66\u7b56\u7565\u662f\u4e00\u7ec4\u544a\u8b66\u89c4\u5219\u7684\u96c6\u5408\uff0c\u652f\u6301\u5bf9\u96c6\u7fa4\u3001\u8282\u70b9\u3001\u5de5\u4f5c\u8d1f\u8f7d\u7b49\u8d44\u6e90\u3001\u65e5\u5fd7\u3001\u4e8b\u4ef6\u8bbe\u7f6e\u544a\u8b66\u89c4\u5219\u3002\u5f53\u544a\u8b66\u5bf9\u8c61\u8fbe\u5230\u7b56\u7565\u4e0b\u4efb\u4e00\u89c4\u5219\u8bbe\u5b9a\u7684\u9608\u503c\uff0c\u5219\u4f1a\u81ea\u52a8\u89e6\u53d1\u544a\u8b66\u5e76\u53d1\u9001\u901a\u77e5\u3002
"},{"location":"admin/insight/alert-center/alert-policy.html#_2","title":"\u67e5\u770b\u544a\u8b66\u7b56\u7565","text":"\u5de6\u4fa7\u5bfc\u822a\u680f\u4e2d\uff0c\u9009\u62e9 \u544a\u8b66\u4e2d\u5fc3 -> \u544a\u8b66\u7b56\u7565\u3002
\u70b9\u51fb\u544a\u8b66\u7b56\u7565\u540d\u79f0\u53ef\u67e5\u770b\u7b56\u7565\u7684\u57fa\u672c\u4fe1\u606f\u3001\u89c4\u5219\u4ee5\u53ca\u901a\u77e5\u914d\u7f6e\u3002
\u586b\u5199\u57fa\u672c\u4fe1\u606f\uff0c\u9009\u62e9\u4e00\u4e2a\u6216\u591a\u4e2a\u96c6\u7fa4\u3001\u8282\u70b9\u6216\u5de5\u4f5c\u8d1f\u8f7d\u4e3a\u544a\u8b66\u5bf9\u8c61\u540e\u70b9\u51fb \u4e0b\u4e00\u6b65\u3002
Note
\u5168\u90e8\u96c6\u7fa4\u3001\u8282\u70b9\u6216\u5de5\u4f5c\u8d1f\u8f7d
\uff1a\u521b\u5efa\u7684\u544a\u8b66\u89c4\u5219\u5bf9\u6240\u6709\u5df2\u5b89\u88c5 insight-agent \u7684\u96c6\u7fa4\u751f\u6548\u3002\u5728\u521b\u5efa\u544a\u8b66\u7b56\u7565\u7684\u7b2c\u4e8c\u90e8\u4e2d\uff0c\u70b9\u51fb\u5217\u8868\u53f3\u4e0a\u89d2\u7684\u6dfb\u52a0\u89c4\u5219
\u3002
\u5728\u5f39\u7a97\u4e2d\u521b\u5efa\u544a\u8b66\u89c4\u5219\uff0c\u586b\u5199\u5404\u9879\u53c2\u6570\u540e\u70b9\u51fb \u786e\u5b9a\u3002
Info
\u7cfb\u7edf\u5b9a\u4e49\u4e86\u5185\u7f6e\u6807\u7b7e\uff0c\u82e5\u81ea\u5b9a\u4e49\u6807\u7b7e\u4e0e\u5185\u7f6e\u6807\u7b7e\u7684\u952e
\u503c\u76f8\u540c\uff0c\u5219\u81ea\u5b9a\u4e49\u6807\u7b7e\u4e0d\u751f\u6548\u3002 \u5185\u7f6e\u6807\u7b7e\u6709\uff1aseverity
\u3001rule_id
\uff0csource
\u3001cluster_name
\u3001group_id
\u3001 target_type
\u548c target
\u3002
\u5b8c\u6210\u57fa\u672c\u4fe1\u606f\u7684\u586b\u5199\u540e\uff0c\u70b9\u51fb \u6dfb\u52a0\u89c4\u5219\uff0c\u89c4\u5219\u7c7b\u578b\u9009\u62e9 \u65e5\u5fd7\u89c4\u5219\u3002
Note
\u4ec5\u5f53\u8d44\u6e90\u5bf9\u8c61\u9009\u62e9\u8282\u70b9\u6216\u5de5\u4f5c\u8d1f\u8f7d\u65f6\uff0c\u652f\u6301\u521b\u5efa\u65e5\u5fd7\u89c4\u5219\u3002
\u5b57\u6bb5\u8bf4\u660e\uff1a
\u5b8c\u6210\u57fa\u672c\u4fe1\u606f\u7684\u586b\u5199\u540e\uff0c\u70b9\u51fb \u6dfb\u52a0\u89c4\u5219\uff0c\u89c4\u5219\u7c7b\u578b\u9009\u62e9 \u4e8b\u4ef6\u89c4\u5219\u3002
Note
\u4ec5\u5f53\u8d44\u6e90\u5bf9\u8c61\u9009\u62e9\u5de5\u4f5c\u8d1f\u8f7d\u65f6\uff0c\u652f\u6301\u521b\u5efa\u4e8b\u4ef6\u89c4\u5219\u3002
\u5b57\u6bb5\u8bf4\u660e\uff1a
\u53ef\u70b9\u51fb \u6a21\u677f\u5bfc\u5165\uff0c\u9009\u62e9\u5e73\u53f0\u7ba1\u7406\u5458\u5df2\u521b\u5efa\u597d\u7684\u544a\u8b66\u6a21\u677f\u6279\u91cf\u5bfc\u5165\u544a\u8b66\u89c4\u5219\u3002
\u70b9\u51fb \u4e0b\u4e00\u6b65 \u540e\u914d\u7f6e\u901a\u77e5\u3002
\u914d\u7f6e\u5b8c\u6210\u540e\uff0c\u70b9\u51fb \u786e\u5b9a \u6309\u94ae\uff0c\u8fd4\u56de\u544a\u8b66\u7b56\u7565\u5217\u8868\u3002
Tip
\u65b0\u5efa\u7684\u544a\u8b66\u7b56\u7565\u4e3a \u672a\u89e6\u53d1 \u72b6\u6001\u3002\u4e00\u65e6\u6ee1\u8db3\u89c4\u5219\u4e2d\u7684\u9608\u503c\u6761\u4ef6\u548c\u6301\u7eed\u65f6\u95f4\u540e\uff0c\u5c06\u53d8\u4e3a \u89e6\u53d1\u4e2d \u72b6\u6001\u3002
Warning
\u5220\u9664\u540e\u7684\u544a\u8b66\u7b56\u7565\u5c06\u5b8c\u5168\u6d88\u5931\uff0c\u8bf7\u8c28\u614e\u64cd\u4f5c\u3002
"},{"location":"admin/insight/alert-center/alert-policy.html#yaml","title":"\u901a\u8fc7 YAML \u5bfc\u5165\u544a\u8b66\u7b56\u7565","text":"\u8fdb\u5165\u544a\u8b66\u7b56\u7565\u5217\u8868\uff0c\u70b9\u51fb YAML \u521b\u5efa\u3002
\u96c6\u7fa4\u3001\u547d\u540d\u7a7a\u95f4\u7684\u9009\u62e9\u662f\u4e3a\u4e86\u544a\u8b66\u7b56\u7565\u7684\u7ba1\u7406\u6743\u9650\u3002
\u5fc5\u586b\u8868\u8fbe\u5f0f expr\u3002
\u5bfc\u5165 YAML \u6587\u4ef6\u540e\uff0c\u70b9\u51fb \u9884\u89c8\uff0c\u53ef\u4ee5\u5bf9\u5bfc\u5165\u7684 YAML \u683c\u5f0f\u8fdb\u884c\u9a8c\u8bc1\uff0c\u5e76\u5feb\u901f\u786e\u8ba4\u5bfc\u5165\u7684\u544a\u8b66\u89c4\u5219\u3002
\u544a\u8b66\u6a21\u677f\u53ef\u652f\u6301\u5e73\u53f0\u7ba1\u7406\u5458\u521b\u5efa\u544a\u8b66\u6a21\u677f\u53ca\u89c4\u5219\uff0c\u4e1a\u52a1\u4fa7\u53ef\u4ee5\u76f4\u63a5\u4f7f\u7528\u544a\u8b66\u6a21\u677f\u521b\u5efa\u544a\u8b66\u7b56\u7565\u3002 \u8fd9\u4e2a\u529f\u80fd\u53ef\u4ee5\u51cf\u5c11\u4e1a\u52a1\u4eba\u5458\u5bf9\u544a\u8b66\u89c4\u5219\u7684\u7ba1\u7406\uff0c\u4e14\u53ef\u4ee5\u6839\u636e\u73af\u5883\u5b9e\u9645\u60c5\u51b5\u81ea\u884c\u4fee\u6539\u544a\u8b66\u9608\u503c\u3002
"},{"location":"admin/insight/alert-center/alert-template.html#_2","title":"\u521b\u5efa\u544a\u8b66\u6a21\u677f","text":"\u5de6\u4fa7\u5bfc\u822a\u680f\u4e2d\uff0c\u9009\u62e9\u00a0\u544a\u8b66\u4e2d\u5fc3\u00a0->\u00a0\u544a\u8b66\u7b56\u7565\uff0c\u5355\u51fb\u9876\u90e8\u7684 \u544a\u8b66\u6a21\u677f \u3002
\u70b9\u51fb \u521b\u5efa\u544a\u8b66\u6a21\u677f \uff0c\u8bbe\u7f6e\u544a\u8b66\u6a21\u677f\u7684\u540d\u79f0\u3001\u63cf\u8ff0\u7b49\u4fe1\u606f\u3002
\u53c2\u6570 \u8bf4\u660e \u6a21\u677f\u540d\u79f0 \u540d\u79f0\u53ea\u80fd\u5305\u542b\u5c0f\u5199\u5b57\u6bcd\u3001\u6570\u5b57\u548c\u8fde\u5b57\u7b26\uff08-\uff09\uff0c\u5fc5\u987b\u4ee5\u5c0f\u5199\u5b57\u6bcd\u6216\u6570\u5b57\u5f00\u5934\u548c\u7ed3\u5c3e\uff0c\u6700\u957f 63 \u4e2a\u5b57\u7b26\u3002 \u63cf\u8ff0 \u63cf\u8ff0\u53ef\u5305\u542b\u4efb\u610f\u5b57\u7b26\uff0c\u6700\u957f 256 \u4e2a\u5b57\u7b26\u3002 \u8d44\u6e90\u7c7b\u578b \u7528\u4e8e\u6307\u5b9a\u544a\u8b66\u6a21\u677f\u7684\u5339\u914d\u7c7b\u578b\u3002 \u544a\u8b66\u89c4\u5219 \u652f\u6301\u9884\u5b9a\u4e49\u591a\u4e2a\u544a\u8b66\u89c4\u5219\uff0c\u53ef\u6dfb\u52a0\u6a21\u677f\u89c4\u5219\u3001PromQL \u89c4\u5219\u3002\u70b9\u51fb \u786e\u5b9a \u5b8c\u6210\u521b\u5efa\u540e\u8fd4\u56de\u544a\u8b66\u6a21\u677f\u5217\u8868\uff0c\u70b9\u51fb\u6a21\u677f\u540d\u79f0\u540e\u53ef\u67e5\u770b\u6a21\u677f\u8be6\u60c5\u3002
\u70b9\u51fb\u76ee\u6807\u89c4\u5219\u540e\u7684 \u2507 \uff0c\u70b9\u51fb \u7f16\u8f91\uff0c\u8fdb\u5165\u6291\u5236\u89c4\u5219\u7684\u7f16\u8f91\u9875\u3002
"},{"location":"admin/insight/alert-center/alert-template.html#_4","title":"\u5220\u9664\u544a\u8b66\u6a21\u677f","text":"\u70b9\u51fb\u76ee\u6807\u6a21\u677f\u540e\u4fa7\u7684 \u2507 \uff0c\u70b9\u51fb \u5220\u9664\uff0c\u5728\u8f93\u5165\u6846\u4e2d\u8f93\u5165\u544a\u8b66\u6a21\u677f\u7684\u540d\u79f0\u5373\u53ef\u5220\u9664\u3002
"},{"location":"admin/insight/alert-center/inhibition.html","title":"\u544a\u8b66\u6291\u5236","text":"\u544a\u8b66\u6291\u5236\u4e3b\u8981\u662f\u5bf9\u4e8e\u67d0\u4e9b\u4e0d\u9700\u8981\u7acb\u5373\u5173\u6ce8\u7684\u544a\u8b66\u8fdb\u884c\u4e34\u65f6\u9690\u85cf\u6216\u8005\u964d\u4f4e\u5176\u4f18\u5148\u7ea7\u7684\u4e00\u79cd\u673a\u5236\u3002\u8fd9\u4e2a\u529f\u80fd\u7684\u76ee\u7684\u662f\u4e3a\u4e86\u51cf\u5c11\u4e0d\u5fc5\u8981\u7684\u544a\u8b66\u4fe1\u606f\u5bf9\u8fd0\u7ef4\u4eba\u5458\u7684\u5e72\u6270\uff0c\u4f7f\u4ed6\u4eec\u80fd\u591f\u96c6\u4e2d\u7cbe\u529b\u5904\u7406\u66f4\u91cd\u8981\u7684\u95ee\u9898\u3002
\u544a\u8b66\u6291\u5236\u901a\u8fc7\u5b9a\u4e49\u4e00\u7ec4\u89c4\u5219\u6765\u8bc6\u522b\u548c\u5ffd\u7565\u67d0\u4e9b\u544a\u8b66\uff0c\u5f53\u5b83\u4eec\u5728\u7279\u5b9a\u6761\u4ef6\u4e0b\u53d1\u751f\u65f6\u3002\u4e3b\u8981\u6709\u4ee5\u4e0b\u51e0\u79cd\u60c5\u51b5\uff1a
\u5de6\u4fa7\u5bfc\u822a\u680f\u4e2d\uff0c\u9009\u62e9\u00a0\u544a\u8b66\u4e2d\u5fc3\u00a0->\u00a0\u544a\u8b66\u964d\u566a\uff0c\u5355\u51fb\u9876\u90e8\u7684 \u544a\u8b66\u6291\u5236 \u3002
\u70b9\u51fb \u65b0\u5efa\u6291\u5236\u89c4\u5219 \uff0c\u8bbe\u7f6e\u6291\u5236\u89c4\u5219\u7684\u540d\u79f0\u3001\u89c4\u5219\u7b49\u3002
Note
\u901a\u8fc7\u89c4\u5219\u6807\u7b7e\u548c\u544a\u8b66\u6807\u7b7e\u5b9a\u4e49\u4e00\u7ec4\u89c4\u5219\u6765\u8bc6\u522b\u548c\u5ffd\u7565\u67d0\u4e9b\u544a\u8b66\uff0c\u8fbe\u5230\u907f\u514d\u540c\u4e00\u95ee\u9898\u53ef\u80fd\u4f1a\u89e6\u53d1\u591a\u4e2a\u76f8\u4f3c\u6216\u76f8\u5173\u7684\u544a\u8b66\u7684\u95ee\u9898\u3002
\u53c2\u6570\u65f6\u95f4 \u8bf4\u660e \u6291\u5236\u89c4\u5219\u540d\u79f0 \u6291\u5236\u89c4\u5219\u540d\u79f0\u53ea\u80fd\u5305\u542b\u5c0f\u5199\u5b57\u6bcd\u3001\u6570\u5b57\u548c\u8fde\u5b57\u7b26\uff08-\uff09\uff0c\u5fc5\u987b\u4ee5\u5c0f\u5199\u5b57\u6bcd\u6216\u6570\u5b57\u5f00\u5934\u548c\u7ed3\u5c3e\uff0c\u6700\u957f 63 \u4e2a\u5b57\u7b26\u3002 \u63cf\u8ff0 \u63cf\u8ff0\u53ef\u5305\u542b\u4efb\u610f\u5b57\u7b26\uff0c\u6700\u957f 256 \u4e2a\u5b57\u7b26\u3002 \u96c6\u7fa4 \u8be5\u6291\u5236\u89c4\u5219\u4f5c\u7528\u7684\u96c6\u7fa4\u3002 \u547d\u540d\u7a7a\u95f4 \u8be5\u6291\u5236\u89c4\u5219\u4f5c\u7528\u7684\u547d\u540d\u7a7a\u95f4\u3002 \u6839\u6e90\u544a\u8b66 \u901a\u8fc7\u586b\u5199\u7684\u6807\u7b7e\u6761\u4ef6\u5339\u914d\u544a\u8b66\uff0c\u4f1a\u5c06\u7b26\u5408\u6240\u6709\u6807\u7b7e\u6761\u4ef6\u7684\u544a\u8b66\u4e0e\u7b26\u5408\u6291\u5236\u6761\u4ef6\u7684\u8fdb\u884c\u5bf9\u6bd4\uff0c\u4e0d\u7b26\u5408\u6291\u5236\u6761\u4ef6\u7684\u544a\u8b66\u5c06\u7167\u5e38\u53d1\u9001\u6d88\u606f\u7ed9\u7528\u6237\u3002 \u53d6\u503c\u8303\u56f4\u8bf4\u660e\uff1a - \u544a\u8b66\u7ea7\u522b\uff1a\u6307\u6807\u6216\u4e8b\u4ef6\u544a\u8b66\u7684\u7ea7\u522b\uff0c\u53ef\u4ee5\u8bbe\u7f6e\u4e3a\uff1a\u7d27\u6025\u3001\u91cd\u8981\u3001\u63d0\u793a\u3002 - \u8d44\u6e90\u7c7b\u578b\uff1a\u544a\u8b66\u5bf9\u8c61\u6240\u5bf9\u5e94\u7684\u8d44\u6e90\u7c7b\u578b\uff0c\u53ef\u4ee5\u8bbe\u7f6e\u4e3a\uff1a\u96c6\u7fa4\u3001\u8282\u70b9\u3001\u65e0\u72b6\u6001\u8d1f\u8f7d\u3001\u6709\u72b6\u5bb9\u8d1f\u8f7d\u3001\u5b88\u62a4\u8fdb\u7a0b\u3001\u5bb9\u5668\u7ec4\u3002 - \u6807\u7b7e\uff1a\u544a\u8b66\u6807\u8bc6\u5c5e\u6027\uff0c\u7531\u6807\u7b7e\u540d\u548c\u6807\u7b7e\u503c\u6784\u6210\uff0c\u652f\u6301\u7528\u6237\u81ea\u5b9a\u4e49\u3002 \u6291\u5236\u544a\u8b66 \u7528\u4e8e\u6307\u5b9a\u76ee\u6807\u8b66\u62a5\uff08\u5c06\u88ab\u6291\u5236\u7684\u8b66\u62a5\uff09\u7684\u5339\u914d\u6761\u4ef6\uff0c\u7b26\u5408\u6240\u6709\u6807\u7b7e\u6761\u4ef6\u7684\u544a\u8b66\u5c06\u4e0d\u4f1a\u518d\u53d1\u9001\u6d88\u606f\u7ed9\u7528\u6237\u3002 \u5339\u914d\u6807\u7b7e \u7528\u4e8e\u6307\u5b9a\u5e94\u8be5\u6bd4\u8f83\u7684\u6807\u7b7e\u5217\u8868\uff0c\u4ee5\u786e\u5b9a\u6e90\u8b66\u62a5\u548c\u76ee\u6807\u8b66\u62a5\u662f\u5426\u5339\u914d\u3002\u53ea\u6709\u5728\u00a0equal\u00a0\u4e2d\u6307\u5b9a\u7684\u6807\u7b7e\u5728\u6e90\u548c\u76ee\u6807\u8b66\u62a5\u4e2d\u7684\u503c\u5b8c\u5168\u76f8\u540c\u7684\u60c5\u51b5\u4e0b\uff0c\u624d\u4f1a\u89e6\u53d1\u6291\u5236\u3002equal\u00a0\u5b57\u6bb5\u662f\u53ef\u9009\u7684\u3002\u5982\u679c\u7701\u7565\u00a0equal\u00a0\u5b57\u6bb5\uff0c\u5219\u4f1a\u5c06\u6240\u6709\u6807\u7b7e\u7528\u4e8e\u5339\u914d\u70b9\u51fb**\u786e\u5b9a**\u5b8c\u6210\u521b\u5efa\u540e\u8fd4\u56de\u544a\u8b66\u6291\u5236\u5217\u8868\uff0c\u70b9\u51fb\u544a\u8b66\u6291\u5236\u540d\u79f0\u540e\u53ef\u67e5\u770b\u6291\u5236\u89c4\u5219\u8be6\u60c5\u3002
\u70b9\u51fb\u76ee\u6807\u89c4\u5219\u540d\u79f0\uff0c\u67e5\u770b\u89c4\u5219\u8be6\u60c5\uff0c\u67e5\u770b\u5bf9\u5e94\u544a\u8b66\u89c4\u5219\u7684\u6807\u7b7e\u3002
Note
\u5728\u6dfb\u52a0\u89c4\u5219
\u65f6\u53ef\u6dfb\u52a0\u81ea\u5b9a\u4e49\u6807\u7b7e
\u3002
\u70b9\u51fb\u53f3\u4fa7\u5bfc\u822a\u680f\u9009\u62e9\u00a0\u544a\u8b66\u4e2d\u5fc3\u00a0->\u00a0\u544a\u8b66\u5217\u8868 \uff0c\u70b9\u51fb\u544a\u8b66\u6240\u5728\u884c\u67e5\u770b\u544a\u8b66\u8be6\u60c5\u3002
Note
\u544a\u8b66\u6807\u7b7e\u7528\u4e8e\u63cf\u8ff0\u544a\u8b66\u7684\u8be6\u7ec6\u4fe1\u606f\u548c\u5c5e\u6027\uff0c\u53ef\u4ee5\u7528\u6765\u521b\u5efa\u6291\u5236\u89c4\u5219\u3002
\u70b9\u51fb\u76ee\u6807\u89c4\u5219\u540e\u4fa7\u7684 \u2507 \uff0c\u70b9\u51fb \u7f16\u8f91\uff0c\u8fdb\u5165\u6291\u5236\u89c4\u5219\u7684\u7f16\u8f91\u9875\u3002
\u70b9\u51fb\u76ee\u6807\u89c4\u5219\u540e\u4fa7\u7684 \u2507 \uff0c\u70b9\u51fb \u5220\u9664\uff0c\u5728\u8f93\u5165\u6846\u4e2d\u8f93\u5165\u6291\u5236\u89c4\u5219\u7684\u540d\u79f0\u5373\u53ef\u5220\u9664\u3002
"},{"location":"admin/insight/alert-center/message.html","title":"\u901a\u77e5\u914d\u7f6e","text":"\u5728 \u901a\u77e5\u914d\u7f6e \u9875\u9762\uff0c\u53ef\u4ee5\u914d\u7f6e\u901a\u8fc7\u90ae\u4ef6\u3001\u4f01\u4e1a\u5fae\u4fe1\u3001\u9489\u9489\u3001Webhook \u548c\u77ed\u4fe1\u7b49\u65b9\u5f0f\u5411\u7528\u6237\u53d1\u9001\u6d88\u606f\u3002
"},{"location":"admin/insight/alert-center/message.html#_2","title":"\u90ae\u4ef6\u7ec4","text":"\u8fdb\u5165 \u53ef\u89c2\u6d4b\u6027 \u540e\uff0c\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u4e2d\u70b9\u51fb \u544a\u8b66\u4e2d\u5fc3 -> \u901a\u77e5\u914d\u7f6e\uff0c\u9ed8\u8ba4\u4f4d\u4e8e\u90ae\u4ef6\u901a\u77e5\u5bf9\u8c61\u3002
\u70b9\u51fb \u6dfb\u52a0\u90ae\u7bb1\u7ec4\uff0c\u6dfb\u52a0\u4e00\u4e2a\u6216\u591a\u4e2a\u90ae\u4ef6\u5730\u5740\u3002
\u914d\u7f6e\u5b8c\u6210\u540e\u81ea\u52a8\u8fd4\u56de\u901a\u77e5\u5217\u8868\uff0c\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507\uff0c\u53ef\u4ee5\u7f16\u8f91\u6216\u5220\u9664\u90ae\u7bb1\u7ec4\u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u4e2d\u70b9\u51fb \u544a\u8b66\u4e2d\u5fc3 -> \u901a\u77e5\u914d\u7f6e -> \u4f01\u4e1a\u5fae\u4fe1\u3002
\u6709\u5173\u4f01\u4e1a\u5fae\u4fe1\u7fa4\u673a\u5668\u4eba\u7684 URL\uff0c\u8bf7\u53c2\u9605\u4f01\u4e1a\u5fae\u4fe1\u5b98\u65b9\u6587\u6863\uff1a\u5982\u4f55\u4f7f\u7528\u7fa4\u673a\u5668\u4eba\u3002
\u70b9\u51fb \u6dfb\u52a0\u7fa4\u673a\u5668\u4eba\uff0c\u6dfb\u52a0\u4e00\u4e2a\u6216\u591a\u4e2a\u7fa4\u673a\u5668\u4eba\u3002
\u914d\u7f6e\u5b8c\u6210\u540e\u81ea\u52a8\u8fd4\u56de\u901a\u77e5\u5217\u8868\uff0c\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507\uff0c\u9009\u62e9 \u53d1\u9001\u6d4b\u8bd5\u4fe1\u606f\uff0c\u8fd8\u53ef\u4ee5\u7f16\u8f91\u6216\u5220\u9664\u7fa4\u673a\u5668\u4eba\u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u4e2d\u70b9\u51fb \u544a\u8b66\u4e2d\u5fc3 -> \u901a\u77e5\u914d\u7f6e -> \u9489\u9489\uff0c\u70b9\u51fb \u6dfb\u52a0\u7fa4\u673a\u5668\u4eba\uff0c\u6dfb\u52a0\u4e00\u4e2a\u6216\u591a\u4e2a\u7fa4\u673a\u5668\u4eba\u3002
\u6709\u5173\u9489\u9489\u7fa4\u673a\u5668\u4eba\u7684 URL\uff0c\u8bf7\u53c2\u9605\u9489\u9489\u5b98\u65b9\u6587\u6863\uff1a\u81ea\u5b9a\u4e49\u673a\u5668\u4eba\u63a5\u5165\u3002
Note
\u52a0\u7b7e\u7684\u65b9\u5f0f\u662f\u9489\u9489\u673a\u5668\u4eba\u4e0e\u5f00\u53d1\u8005\u53cc\u5411\u8fdb\u884c\u5b89\u5168\u8ba4\u8bc1\uff0c\u82e5\u5728\u521b\u5efa\u9489\u9489\u673a\u5668\u4eba\u65f6\u5f00\u542f\u4e86\u52a0\u7b7e\uff0c\u5219\u9700\u8981\u5728\u6b64\u5904\u8f93\u5165\u9489\u9489\u751f\u6210\u7684\u5bc6\u94a5\u3002 \u53ef\u53c2\u8003\u9489\u9489\u81ea\u5b9a\u4e49\u673a\u5668\u4eba\u5b89\u5168\u8bbe\u7f6e\u3002
\u914d\u7f6e\u5b8c\u6210\u540e\u81ea\u52a8\u8fd4\u56de\u901a\u77e5\u5217\u8868\uff0c\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507\uff0c\u9009\u62e9 \u53d1\u9001\u6d4b\u8bd5\u4fe1\u606f\uff0c\u8fd8\u53ef\u4ee5\u7f16\u8f91\u6216\u5220\u9664\u7fa4\u673a\u5668\u4eba\u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u4e2d\u70b9\u51fb \u544a\u8b66\u4e2d\u5fc3 -> \u901a\u77e5\u914d\u7f6e -> \u98de\u4e66\uff0c\u70b9\u51fb \u6dfb\u52a0\u7fa4\u673a\u5668\u4eba\uff0c\u6dfb\u52a0\u4e00\u4e2a\u6216\u591a\u4e2a\u7fa4\u673a\u5668\u4eba\u3002
Note
\u5f53\u98de\u4e66\u7684\u7fa4\u673a\u5668\u4eba\u5f00\u542f\u7b7e\u540d\u6821\u9a8c\u65f6\uff0c\u6dfb\u52a0\u98de\u4e66\u901a\u77e5\u65f6\u9700\u8981\u586b\u5199\u5bf9\u5e94\u7684\u7b7e\u540d\u5bc6\u94a5\u3002\u8bf7\u67e5\u9605 \u81ea\u5b9a\u4e49\u673a\u5668\u4eba\u4f7f\u7528\u6307\u5357\u3002
\u914d\u7f6e\u5b8c\u6210\u540e\u81ea\u52a8\u8fd4\u56de\u901a\u77e5\u5217\u8868\uff0c\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507\uff0c\u9009\u62e9 \u53d1\u9001\u6d4b\u8bd5\u4fe1\u606f\uff0c\u8fd8\u53ef\u4ee5\u7f16\u8f91\u6216\u5220\u9664\u7fa4\u673a\u5668\u4eba\u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u4e2d\u70b9\u51fb \u544a\u8b66\u4e2d\u5fc3 -> \u901a\u77e5\u914d\u7f6e -> Webhook\u3002
\u6709\u5173 Webhook URL \u53ca\u66f4\u591a\u914d\u7f6e\u65b9\u5f0f\uff0c\u8bf7\u53c2\u9605 webhook \u6587\u6863\u3002
\u70b9\u51fb \u65b0\u5efa Webhook\uff0c\u6dfb\u52a0\u4e00\u4e2a\u6216\u591a\u4e2a Webhook\u3002
HTTP Headers
\uff1a\u975e\u5fc5\u586b\uff0c\u8bbe\u7f6e\u8bf7\u6c42\u5934\u3002\u53ef\u4ee5\u6dfb\u52a0\u591a\u4e2a Headers\u3002
Note
\u6709\u5173 Webhook URL \u53ca\u66f4\u591a\u914d\u7f6e\u65b9\u5f0f\uff0c\u8bf7\u53c2\u9605 webhook \u6587\u6863\u3002
\u914d\u7f6e\u5b8c\u6210\u540e\u81ea\u52a8\u8fd4\u56de\u901a\u77e5\u5217\u8868\uff0c\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507\uff0c\u9009\u62e9 \u53d1\u9001\u6d4b\u8bd5\u4fe1\u606f\uff0c\u8fd8\u53ef\u4ee5\u7f16\u8f91\u6216\u5220\u9664 Webhook\u3002
Note
\u544a\u8b66\u6d88\u606f\u53d1\u9001\u81f3\u7528\u6237\u4e2a\u4eba\u7684\u7ad9\u5185\u4fe1
\uff0c\u70b9\u51fb\u9876\u90e8\u7684 \ud83d\udd14 \u7b26\u53f7\u53ef\u4ee5\u67e5\u770b\u901a\u77e5\u6d88\u606f\u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u4e2d\u70b9\u51fb \u544a\u8b66\u4e2d\u5fc3 -> \u901a\u77e5\u914d\u7f6e -> \u7ad9\u5185\u4fe1\uff0c\u70b9\u51fb\u521b\u5efa\u3002
\u914d\u7f6e\u5b8c\u6210\u540e\u81ea\u52a8\u8fd4\u56de \u7ad9\u5185\u4fe1\u901a\u77e5\u5217\u8868\uff0c\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507\uff0c\u9009\u62e9 \u53d1\u9001\u6d4b\u8bd5\u4fe1\u606f\u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u4e2d\u70b9\u51fb \u544a\u8b66\u4e2d\u5fc3 -> \u901a\u77e5\u914d\u7f6e -> \u77ed\u4fe1\uff0c\u70b9\u51fb \u6dfb\u52a0\u77ed\u4fe1\u7ec4\uff0c\u6dfb\u52a0\u4e00\u4e2a\u6216\u591a\u4e2a\u77ed\u4fe1\u7ec4\u3002
\u5728\u5f39\u7a97\u4e2d\u8f93\u5165\u540d\u79f0\u3001\u63a5\u6536\u77ed\u4fe1\u7684\u5bf9\u8c61\u3001\u624b\u673a\u53f7\u4ee5\u53ca\u901a\u77e5\u670d\u52a1\u5668\u3002
\u901a\u77e5\u670d\u52a1\u5668\u9700\u8981\u9884\u5148\u5728 \u901a\u77e5\u914d\u7f6e -> \u901a\u77e5\u670d\u52a1\u5668 \u4e2d\u6dfb\u52a0\u521b\u5efa\u3002\u76ee\u524d\u652f\u6301\u963f\u91cc\u4e91\u3001\u817e\u8baf\u4e91\u4e24\u79cd\u4e91\u670d\u52a1\u5668\uff0c\u5177\u4f53\u914d\u7f6e\u7684\u53c2\u6570\u8bf7\u53c2\u9605\u81ea\u5df1\u7684\u4e91\u670d\u52a1\u5668\u4fe1\u606f\u3002
\u77ed\u4fe1\u7ec4\u6dfb\u52a0\u6210\u529f\u540e\uff0c\u81ea\u52a8\u8fd4\u56de\u901a\u77e5\u5217\u8868\uff0c\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507\uff0c\u53ef\u4ee5\u7f16\u8f91\u6216\u5220\u9664\u77ed\u4fe1\u7ec4\u3002
\u53ef\u89c2\u6d4b\u6027\u63d0\u4f9b\u81ea\u5b9a\u4e49\u6d88\u606f\u6a21\u677f\u5185\u5bb9\u7684\u80fd\u529b\uff0c\u652f\u6301\u90ae\u4ef6\u3001\u4f01\u4e1a\u5fae\u4fe1\u3001\u9489\u9489\u3001Webhook\u3001\u98de\u4e66\u3001\u7ad9\u5185\u4fe1\u7b49\u4e0d\u540c\u7684\u901a\u77e5\u5bf9\u8c61\u5b9a\u4e49\u4e0d\u540c\u7684\u6d88\u606f\u901a\u77e5\u5185\u5bb9\u3002
"},{"location":"admin/insight/alert-center/msg-template.html#_2","title":"\u521b\u5efa\u6d88\u606f\u6a21\u677f","text":"\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u4e2d\uff0c\u9009\u62e9 \u544a\u8b66\u4e2d\u5fc3 -> \u6d88\u606f\u6a21\u677f\u3002
Insight \u9ed8\u8ba4\u5185\u7f6e\u4e2d\u82f1\u6587\u4e24\u4e2a\u6a21\u677f\uff0c\u4ee5\u4fbf\u7528\u6237\u4f7f\u7528\u3002
\u70b9\u51fb \u65b0\u5efa\u6d88\u606f\u6a21\u677f \u6309\u94ae\uff0c\u586b\u5199\u6a21\u677f\u5185\u5bb9\u3002
Info
\u53ef\u89c2\u6d4b\u6027\u9884\u7f6e\u4e86\u6d88\u606f\u6a21\u677f\u3002\u82e5\u9700\u8981\u5b9a\u4e49\u6a21\u677f\u7684\u5185\u5bb9\uff0c\u8bf7\u53c2\u8003\u914d\u7f6e\u901a\u77e5\u6a21\u677f\u3002
"},{"location":"admin/insight/alert-center/msg-template.html#_3","title":"\u6d88\u606f\u6a21\u677f\u8be6\u60c5","text":"\u70b9\u51fb\u67d0\u4e00\u6d88\u606f\u6a21\u677f\u7684\u540d\u79f0\uff0c\u53f3\u4fa7\u6ed1\u5757\u53ef\u67e5\u770b\u6d88\u606f\u6a21\u677f\u7684\u8be6\u60c5\u3002
\u53c2\u6570 \u53d8\u91cf \u63cf\u8ff0 \u89c4\u5219\u540d\u79f0 {{ .Labels.alertname }} \u89e6\u53d1\u544a\u8b66\u7684\u89c4\u5219\u540d\u79f0 \u7b56\u7565\u540d\u79f0 {{ .Labels.alertgroup }} \u89e6\u53d1\u544a\u8b66\u89c4\u5219\u6240\u5c5e\u7684\u544a\u8b66\u7b56\u7565\u540d\u79f0 \u544a\u8b66\u7ea7\u522b {{ .Labels.severity }} \u89e6\u53d1\u544a\u8b66\u7684\u7ea7\u522b \u96c6\u7fa4 {{ .Labels.cluster }} \u89e6\u53d1\u544a\u8b66\u7684\u8d44\u6e90\u6240\u5728\u7684\u96c6\u7fa4 \u547d\u540d\u7a7a\u95f4 {{ .Labels.namespace }} \u89e6\u53d1\u544a\u8b66\u7684\u8d44\u6e90\u6240\u5728\u7684\u547d\u540d\u7a7a\u95f4 \u8282\u70b9 {{ .Labels.node }} \u89e6\u53d1\u544a\u8b66\u7684\u8d44\u6e90\u6240\u5728\u7684\u8282\u70b9 \u8d44\u6e90\u7c7b\u578b {{ .Labels.target_type }} \u544a\u8b66\u5bf9\u8c61\u7684\u8d44\u6e90\u7c7b\u578b \u8d44\u6e90\u540d\u79f0 {{ .Labels.target }} \u89e6\u53d1\u544a\u8b66\u7684\u5bf9\u8c61\u540d\u79f0 \u89e6\u53d1\u503c {{ .Annotations.value }} \u89e6\u53d1\u544a\u8b66\u901a\u77e5\u65f6\u7684\u6307\u6807\u503c \u53d1\u751f\u65f6\u95f4 {{ .StartsAt }} \u544a\u8b66\u5f00\u59cb\u53d1\u751f\u7684\u65f6\u95f4 \u7ed3\u675f\u65f6\u95f4 {{ .EndsAT }} \u544a\u8b66\u7ed3\u675f\u7684\u65f6\u95f4 \u63cf\u8ff0 {{ .Annotations.description }} \u544a\u8b66\u7684\u8be6\u7ec6\u63cf\u8ff0 \u6807\u7b7e {{ for .labels}} {{end}} \u544a\u8b66\u7684\u6240\u6709\u6807\u7b7e\uff0c\u4f7f\u7528 for \u51fd\u6570\u904d\u5386 labels \u5217\u8868\uff0c\u83b7\u53d6\u544a\u8b66\u7684\u6240\u6709\u6807\u7b7e\u5185\u5bb9\u3002"},{"location":"admin/insight/alert-center/msg-template.html#_4","title":"\u7f16\u8f91\u6216\u5220\u9664\u6d88\u606f\u6a21\u677f","text":"\u5728\u5217\u8868\u53f3\u4fa7\u70b9\u51fb \u2507\uff0c\u5728\u5f39\u51fa\u83dc\u5355\u4e2d\u9009\u62e9 \u7f16\u8f91 \u6216 \u5220\u9664\uff0c\u53ef\u4ee5\u4fee\u6539\u6216\u5220\u9664\u6d88\u606f\u6a21\u677f\u3002
Warning
\u8bf7\u6ce8\u610f\uff0c\u5220\u9664\u6a21\u677f\u540e\u65e0\u6cd5\u6062\u590d\uff0c\u8bf7\u8c28\u614e\u64cd\u4f5c\u3002
"},{"location":"admin/insight/alert-center/silent.html","title":"\u544a\u8b66\u9759\u9ed8","text":"\u544a\u8b66\u9759\u9ed8\u662f\u6307\u5728\u7279\u5b9a\u7684\u65f6\u95f4\u8303\u56f4\u5185\uff0c\u6839\u636e\u5b9a\u4e49\u597d\u7684\u89c4\u5219\u5bf9\u7b26\u5408\u6761\u4ef6\u7684\u544a\u8b66\u4e0d\u518d\u53d1\u9001\u544a\u8b66\u901a\u77e5\u3002\u8be5\u529f\u80fd\u53ef\u4ee5\u5e2e\u52a9\u8fd0\u7ef4\u4eba\u5458\u907f\u514d\u5728\u67d0\u4e9b\u64cd\u4f5c\u6216\u4e8b\u4ef6\u671f\u95f4\u63a5\u6536\u5230\u8fc7\u591a\u7684\u566a\u58f0\u544a\u8b66\uff0c\u540c\u65f6\u4fbf\u4e8e\u66f4\u52a0\u7cbe\u786e\u5730\u5904\u7406\u771f\u6b63\u9700\u8981\u89e3\u51b3\u7684\u95ee\u9898\u3002
\u5728\u544a\u8b66\u9759\u9ed8\u9875\u9762\u4e0a\uff0c\u7528\u6237\u53ef\u4ee5\u770b\u5230\u4e24\u4e2a\u9875\u7b7e\uff1a\u6d3b\u8dc3\u89c4\u5219\u548c\u8fc7\u671f\u89c4\u5219\u3002 \u5176\u4e2d\uff0c\u6d3b\u8dc3\u89c4\u5219\u8868\u793a\u76ee\u524d\u6b63\u5728\u751f\u6548\u7684\u89c4\u5219\uff0c\u800c\u8fc7\u671f\u89c4\u5219\u5219\u662f\u4ee5\u524d\u5b9a\u4e49\u8fc7\u4f46\u5df2\u7ecf\u8fc7\u671f\uff08\u6216\u8005\u7528\u6237\u4e3b\u52a8\u5220\u9664\uff09\u7684\u89c4\u5219\u3002
"},{"location":"admin/insight/alert-center/silent.html#_2","title":"\u64cd\u4f5c\u6b65\u9aa4","text":"\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u4e2d\uff0c\u9009\u62e9 \u544a\u8b66\u4e2d\u5fc3 -> \u544a\u8b66\u9759\u9ed8 ,\u70b9\u51fb \u65b0\u5efa\u9759\u9ed8\u89c4\u5219 \u6309\u94ae\u3002
\u586b\u5199\u9759\u9ed8\u89c4\u5219\u7684\u5404\u9879\u53c2\u6570\uff0c\u5982\u96c6\u7fa4\u3001\u547d\u540d\u7a7a\u95f4\u3001\u6807\u7b7e\u3001\u65f6\u95f4\u7b49\uff0c\u4ee5\u5b9a\u4e49\u8fd9\u6761\u89c4\u5219\u7684\u4f5c\u7528\u8303\u56f4\u548c\u751f\u6548\u65f6\u95f4\u3002
\u8fd4\u56de\u89c4\u5219\u5217\u8868\uff0c\u5728\u5217\u8868\u53f3\u4fa7\u70b9\u51fb \u2507 \uff0c\u53ef\u4ee5\u7f16\u8f91\u6216\u5220\u9664\u9759\u9ed8\u89c4\u5219\u3002
\u901a\u8fc7\u544a\u8b66\u9759\u9ed8\u529f\u80fd\uff0c\u60a8\u53ef\u4ee5\u7075\u6d3b\u5730\u63a7\u5236\u54ea\u4e9b\u544a\u8b66\u9700\u8981\u88ab\u5ffd\u7565\uff0c\u5728\u4ec0\u4e48\u65f6\u95f4\u6bb5\u5185\u751f\u6548\uff0c\u4ece\u800c\u63d0\u9ad8\u8fd0\u7ef4\u6548\u7387\uff0c\u51cf\u5c11\u8bef\u62a5\u7684\u53ef\u80fd\u6027\u3002
"},{"location":"admin/insight/alert-center/sms-provider.html","title":"\u914d\u7f6e\u901a\u77e5\u670d\u52a1\u5668","text":"\u53ef\u89c2\u6d4b\u6027 Insight \u652f\u6301\u77ed\u4fe1\u901a\u77e5\uff0c\u76ee\u524d\u901a\u8fc7\u96c6\u6210\u963f\u91cc\u4e91\u3001\u817e\u8baf\u4e91\u7684\u77ed\u4fe1\u670d\u52a1\u53d1\u9001\u544a\u8b66\u6d88\u606f\u3002\u672c\u6587\u4ecb\u7ecd\u4e86\u5982\u4f55\u5728 insight \u4e2d\u914d\u7f6e\u77ed\u4fe1\u901a\u77e5\u7684\u670d\u52a1\u5668\u3002\u77ed\u4fe1\u7b7e\u540d\u4e2d\u652f\u6301\u7684\u53d8\u91cf\u4e3a\u6d88\u606f\u6a21\u677f\u4e2d\u7684\u9ed8\u8ba4\u53d8\u91cf\uff0c\u540c\u65f6\u7531\u4e8e\u77ed\u4fe1\u5b57\u6570\u6709\u9650\uff0c\u5efa\u8bae\u9009\u62e9\u8f83\u4e3a\u660e\u786e\u7684\u53d8\u91cf\u3002
\u5982\u4f55\u914d\u7f6e\u77ed\u4fe1\u63a5\u6536\u4eba\u53ef\u53c2\u8003\u6587\u6863\uff1a\u914d\u7f6e\u77ed\u4fe1\u901a\u77e5\u7ec4\u3002
"},{"location":"admin/insight/alert-center/sms-provider.html#_2","title":"\u64cd\u4f5c\u6b65\u9aa4","text":"\u8fdb\u5165 \u544a\u8b66\u4e2d\u5fc3 -> \u901a\u77e5\u914d\u7f6e -> \u901a\u77e5\u670d\u52a1\u5668 \u3002
\u70b9\u51fb \u6dfb\u52a0\u901a\u77e5\u670d\u52a1\u5668 \u3002
\u914d\u7f6e\u963f\u91cc\u4e91\u670d\u52a1\u5668\u3002
\u7533\u8bf7\u963f\u91cc\u4e91\u77ed\u4fe1\u670d\u52a1\uff0c\u8bf7\u53c2\u8003\u963f\u91cc\u4e91\u77ed\u4fe1\u670d\u52a1\u3002
\u5b57\u6bb5\u8bf4\u660e\uff1a
\u8bf7\u53c2\u8003\u963f\u91cc\u4e91\u53d8\u91cf\u89c4\u8303\u3002
Note
\u4e3e\u4f8b\uff1a\u5728\u963f\u91cc\u4e91\u5b9a\u4e49\u7684\u6a21\u677f\u5185\u5bb9\u4e3a\uff1a\\({severity}\uff1a\\) \u88ab\u89e6\u53d1\u3002\u53c2\u6570\u6a21\u677f\u4e2d\u7684\u914d\u7f6e\u53c2\u8003\u4e0a\u56fe\u3002} \u5728 ${startat
\u914d\u7f6e\u817e\u8baf\u4e91\u670d\u52a1\u5668\u3002
\u7533\u8bf7\u817e\u8baf\u4e91\u77ed\u4fe1\u670d\u52a1\uff0c\u8bf7\u53c2\u8003\u817e\u8baf\u4e91\u77ed\u4fe1\u3002
\u5b57\u6bb5\u8bf4\u660e\uff1a
Note
\u4e3e\u4f8b\uff1a\u5728\u817e\u8baf\u4e91\u5b9a\u4e49\u7684\u6a21\u677f\u5185\u5bb9\u4e3a\uff1a{1}\uff1a{2} \u5728 {3} \u88ab\u89e6\u53d1\u3002\u53c2\u6570\u6a21\u677f\u4e2d\u7684\u914d\u7f6e\u53c2\u8003\u4e0a\u56fe\u3002
\u5728\u96c6\u7fa4\u4e2d\u5b89\u88c5 insight-agent \u540e\uff0c insight-agent \u4e2d\u7684 Fluent Bit \u4f1a\u9ed8\u8ba4\u91c7\u96c6\u96c6\u7fa4\u4e2d\u7684\u65e5\u5fd7\uff0c\u5305\u62ec Kubernetes \u4e8b\u4ef6\u65e5\u5fd7\u3001\u8282\u70b9\u65e5\u5fd7\u3001\u5bb9\u5668\u65e5\u5fd7\u7b49\u3002 Fluent Bit \u5df2\u914d\u7f6e\u597d\u5404\u79cd\u65e5\u5fd7\u91c7\u96c6\u63d2\u4ef6\u3001\u76f8\u5173\u7684\u8fc7\u6ee4\u5668\u63d2\u4ef6\u53ca\u65e5\u5fd7\u8f93\u51fa\u63d2\u4ef6\u3002 \u8fd9\u4e9b\u63d2\u4ef6\u7684\u5de5\u4f5c\u72b6\u6001\u51b3\u5b9a\u4e86\u65e5\u5fd7\u91c7\u96c6\u662f\u5426\u6b63\u5e38\u3002 \u4e0b\u9762\u662f\u4e00\u4e2a\u9488\u5bf9 Fluent Bit \u7684\u4eea\u8868\u76d8\uff0c\u5b83\u7528\u6765\u76d1\u63a7\u5404\u4e2a\u96c6\u7fa4\u4e2d Fluent Bit \u7684\u5de5\u4f5c\u60c5\u51b5\u548c\u63d2\u4ef6\u7684\u91c7\u96c6\u3001\u5904\u7406\u3001\u5bfc\u51fa\u65e5\u5fd7\u7684\u60c5\u51b5\u3002
\u4f7f\u7528 AI \u7b97\u529b\u4e2d\u5fc3\u5e73\u53f0\uff0c\u8fdb\u5165 \u53ef\u89c2\u6d4b\u6027 \uff0c\u9009\u62e9\u5de6\u4fa7\u5bfc\u822a\u680f\u7684 \u4eea\u8868\u76d8 \u3002
\u70b9\u51fb\u4eea\u8868\u76d8\u6807\u9898 \u6982\u89c8 \u3002
\u5207\u6362\u5230 insight-system -> Fluent Bit \u4eea\u8868\u76d8\u3002
Fluent Bit \u4eea\u8868\u76d8\u4e0a\u65b9\u6709\u51e0\u4e2a\u9009\u9879\u6846\uff0c\u53ef\u4ee5\u9009\u62e9\u65e5\u5fd7\u91c7\u96c6\u63d2\u4ef6\u3001\u65e5\u5fd7\u8fc7\u6ee4\u63d2\u4ef6\u3001\u65e5\u5fd7\u8f93\u51fa\u63d2\u4ef6\u53ca\u6240\u5728\u96c6\u7fa4\u540d\u3002
\u6b64\u5904\u8bf4\u660e Fluent Bit \u7684\u51e0\u4e2a\u63d2\u4ef6\u3002
\u65e5\u5fd7\u91c7\u96c6\u63d2\u4ef6
input plugin \u63d2\u4ef6\u4ecb\u7ecd \u91c7\u96c6\u76ee\u5f55 tail.kube \u91c7\u96c6\u5bb9\u5668\u65e5\u5fd7 /var/log/containers/*.log tail.kubeevent \u91c7\u96c6 Kubernetes \u4e8b\u4ef6\u65e5\u5fd7 /var/log/containers/-kubernetes-event-exporter.log tail.syslog.dmesg \u91c7\u96c6\u4e3b\u673a dmesg \u65e5\u5fd7 /var/log/dmesg tail.syslog.messages \u91c7\u96c6\u4e3b\u673a\u5e38\u7528\u65e5\u5fd7 /var/log/secure, /var/log/messages, /var/log/syslog,/var/log/auth.log syslog.syslog.RSyslog \u91c7\u96c6 RSyslog \u65e5\u5fd7 systemd.syslog.systemd \u91c7\u96c6 Journald daemon \u65e5\u5fd7 tail.audit_log.k8s \u91c7\u96c6 Kubernetes \u5ba1\u8ba1\u65e5\u5fd7 /var/log//audit/.log tail.audit_log.ghippo \u91c7\u96c6\u5168\u5c40\u7ba1\u7406\u5ba1\u8ba1\u65e5\u5fd7 /var/log/containers/_ghippo-system_audit-log.log tail.skoala-gw \u91c7\u96c6\u5fae\u670d\u52a1\u7f51\u5173\u65e5\u5fd7 /var/log/containers/_skoala-gw.log\u65e5\u5fd7\u8fc7\u6ee4\u63d2\u4ef6
filter plugin \u63d2\u4ef6\u4ecb\u7ecd Lua.audit_log.k8s \u4f7f\u7528 lua \u8fc7\u6ee4\u7b26\u5408\u6761\u4ef6\u7684 Kubernetes \u5ba1\u8ba1\u65e5\u5fd7Note
\u8fc7\u6ee4\u5668\u63d2\u4ef6\u4e0d\u6b62 Lua.audit_log.k8s\uff0c\u8fd9\u91cc\u53ea\u4ecb\u7ecd\u4f1a\u4e22\u5f03\u65e5\u5fd7\u7684\u8fc7\u6ee4\u5668\u3002
\u65e5\u5fd7\u8f93\u51fa\u63d2\u4ef6
output plugin \u63d2\u4ef6\u4ecb\u7ecd es.kube.kubeevent.syslog \u628a Kubernetes \u5ba1\u8ba1\u65e5\u5fd7\u3001\u4e8b\u4ef6\u65e5\u5fd7\uff0csyslog \u65e5\u5fd7\u5199\u5165 ElasticSearch \u96c6\u7fa4 forward.audit_log \u628a Kubernetes \u5ba1\u8ba1\u65e5\u5fd7\u548c\u5168\u5c40\u7ba1\u7406\u7684\u5ba1\u8ba1\u65e5\u5fd7\u53d1\u9001\u5230 \u5168\u5c40\u7ba1\u7406"},{"location":"admin/insight/best-practice/debug-trace.html","title":"\u94fe\u8def\u91c7\u96c6\u6392\u969c\u6307\u5357","text":"\u5728\u5c1d\u8bd5\u6392\u67e5\u94fe\u8def\u6570\u636e\u91c7\u96c6\u7684\u95ee\u9898\u524d\uff0c\u9700\u5148\u7406\u89e3\u94fe\u8def\u6570\u636e\u7684\u4f20\u8f93\u8def\u5f84\uff0c\u4e0b\u9762\u662f\u94fe\u8def\u6570\u636e\u4f20\u8f93\u793a\u610f\u56fe\uff1a
graph TB\n\nsdk[Language proble / SDK] --> workload[Workload cluster otel collector]\n--> otel[Global cluster otel collector]\n--> jaeger[Global cluster jaeger collector]\n--> es[Elasticsearch cluster]\n\nclassDef plain fill:#ddd,stroke:#fff,stroke-width:1px,color:#000;\nclassDef k8s fill:#326ce5,stroke:#fff,stroke-width:1px,color:#fff;\nclassDef cluster fill:#fff,stroke:#bbb,stroke-width:1px,color:#326ce5;\n\nclass sdk,workload,otel,jaeger,es cluster
\u5982\u4e0a\u56fe\u6240\u793a\uff0c\u5728\u4efb\u4e00\u6b65\u9aa4\u4f20\u8f93\u5931\u8d25\u90fd\u4f1a\u5bfc\u81f4\u65e0\u6cd5\u67e5\u8be2\u51fa\u94fe\u8def\u6570\u636e\u3002\u5982\u679c\u60a8\u5728\u5b8c\u6210\u5e94\u7528\u94fe\u8def\u589e\u5f3a\u540e\u53d1\u73b0\u6ca1\u6709\u94fe\u8def\u6570\u636e\uff0c\u8bf7\u6267\u884c\u4ee5\u4e0b\u6b65\u9aa4\uff1a
\u4f7f\u7528 AI \u7b97\u529b\u4e2d\u5fc3\u5e73\u53f0\uff0c\u8fdb\u5165 \u53ef\u89c2\u6d4b\u6027 \uff0c\u9009\u62e9\u5de6\u4fa7\u5bfc\u822a\u680f\u7684 \u4eea\u8868\u76d8 \u3002
\u70b9\u51fb\u4eea\u8868\u76d8\u6807\u9898 \u6982\u89c8 \u3002
\u5207\u6362\u5230 insight-system -> insight tracing debug \u4eea\u8868\u76d8\u3002
\u53ef\u4ee5\u770b\u5230\u8be5\u4eea\u8868\u76d8\u7531\u4e09\u4e2a\u533a\u5757\u7ec4\u6210\uff0c\u5206\u522b\u8d1f\u8d23\u76d1\u63a7\u4e0d\u540c\u96c6\u7fa4\u3001\u4e0d\u540c\u7ec4\u4ef6\u4f20\u8f93\u94fe\u8def\u7684\u6570\u636e\u60c5\u51b5\u3002\u901a\u8fc7\u751f\u6210\u7684\u65f6\u5e8f\u56fe\u8868\uff0c\u68c0\u67e5\u94fe\u8def\u6570\u636e\u4f20\u8f93\u662f\u5426\u5b58\u5728\u95ee\u9898\u3002
workload opentelemetry collector
\u5c55\u793a\u4e0d\u540c\u5de5\u4f5c\u96c6\u7fa4\u7684 opentelemetry collector \u5728\u63a5\u53d7 language probe/SDK \u94fe\u8def\u6570\u636e\uff0c\u53d1\u9001\u805a\u5408\u94fe\u8def\u6570\u636e\u60c5\u51b5\u3002\u53ef\u4ee5\u901a\u8fc7\u5de6\u4e0a\u89d2\u7684 Cluster \u9009\u62e9\u6846\u9009\u62e9\u6240\u5728\u7684\u96c6\u7fa4\u3002
Note
\u6839\u636e\u8fd9\u56db\u5f20\u65f6\u5e8f\u56fe\uff0c\u53ef\u4ee5\u5224\u65ad\u51fa\u8be5\u96c6\u7fa4\u7684 opentelemetry collector \u662f\u5426\u6b63\u5e38\u8fd0\u884c\u3002
global opentelemetry collector
\u5c55\u793a \u5168\u5c40\u670d\u52a1\u96c6\u7fa4 \u7684 opentelemetry collector \u5728\u63a5\u6536 \u5de5\u4f5c\u96c6\u7fa4 \u4e2d otel collector \u94fe\u8def\u6570\u636e\u4ee5\u53ca\u53d1\u9001\u805a\u5408\u94fe\u8def\u6570\u636e\u7684\u60c5\u51b5\u3002
Note
\u5168\u5c40\u670d\u52a1\u96c6\u7fa4 \u7684 opentelemetry collector \u8fd8\u8d1f\u8d23\u53d1\u9001\u6240\u6709\u5de5\u4f5c\u96c6\u7fa4\u7684\u5168\u5c40\u7ba1\u7406\u6a21\u5757\u7684\u5ba1\u8ba1\u65e5\u5fd7\u4ee5\u53ca Kubernetes \u5ba1\u8ba1\u65e5\u5fd7\uff08\u9ed8\u8ba4\u4e0d\u91c7\u96c6\uff09\u5230\u5168\u5c40\u7ba1\u7406\u6a21\u5757\u7684 audit server \u7ec4\u4ef6\u3002
global jaeger collector
\u5c55\u793a \u5168\u5c40\u670d\u52a1\u96c6\u7fa4 \u7684 jaeger collector \u5728\u63a5\u6536 \u5168\u5c40\u670d\u52a1\u96c6\u7fa4 \u4e2d otel collector \u7684\u6570\u636e\uff0c\u5e76\u53d1\u9001\u94fe\u8def\u6570\u636e\u5230 ElasticSearch \u96c6\u7fa4\u7684\u60c5\u51b5\u3002
\u672c\u6587\u5c06\u4ee5 AI \u7b97\u529b\u4e2d\u5fc3\u4e2d\u4e3e\u4f8b\uff0c\u8bb2\u89e3\u5982\u4f55\u901a\u8fc7 Insight \u53d1\u73b0 AI \u7b97\u529b\u4e2d\u5fc3\u4e2d\u5f02\u5e38\u7684\u7ec4\u4ef6\u5e76\u5206\u6790\u51fa\u7ec4\u4ef6\u5f02\u5e38\u7684\u6839\u56e0\u3002
\u672c\u6587\u5047\u8bbe\u4f60\u5df2\u7ecf\u4e86\u89e3 Insight \u7684\u4ea7\u54c1\u529f\u80fd\u6216\u613f\u666f\u3002
"},{"location":"admin/insight/best-practice/find_root_cause.html#_1","title":"\u62d3\u6251\u56fe \u2014 \u4ece\u5b8f\u89c2\u5bdf\u89c9\u5f02\u5e38","text":"\u968f\u7740\u4f01\u4e1a\u5bf9\u5fae\u670d\u52a1\u67b6\u6784\u7684\u5b9e\u8df5\uff0c\u4f01\u4e1a\u4e2d\u7684\u670d\u52a1\u6570\u91cf\u53ef\u80fd\u4f1a\u9762\u4e34\u7740\u6570\u91cf\u591a\u3001\u8c03\u7528\u590d\u6742\u7684\u60c5\u51b5\uff0c\u5f00\u53d1\u6216\u8fd0\u7ef4\u4eba\u5458\u5f88\u96be\u7406\u6e05\u670d\u52a1\u4e4b\u95f4\u7684\u5173\u7cfb\uff0c \u56e0\u6b64\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86\u62d3\u6251\u56fe\u76d1\u63a7\u7684\u529f\u80fd\uff0c\u6211\u4eec\u53ef\u4ee5\u901a\u8fc7\u62d3\u6251\u56fe\u5bf9\u5f53\u524d\u7cfb\u7edf\u4e2d\u8fd0\u884c\u7684\u5fae\u670d\u52a1\u72b6\u51b5\u8fdb\u884c\u521d\u6b65\u8bca\u65ad\u3002
\u5982\u4e0b\u56fe\u6240\u793a\uff0c\u6211\u4eec\u901a\u8fc7\u62d3\u6251\u56fe\u53d1\u73b0\u5176\u4e2d Insight-Server \u8fd9\u4e2a\u8282\u70b9\u7684\u989c\u8272\u4e3a \u7ea2\u8272 \uff0c\u5e76\u5c06\u9f20\u6807\u79fb\u5230\u8be5\u8282\u70b9\u4e0a\uff0c \u53d1\u73b0\u8be5\u8282\u70b9\u7684\u9519\u8bef\u7387\u4e3a 2.11% \u3002\u56e0\u6b64\uff0c\u6211\u4eec\u5e0c\u671b\u67e5\u770b\u66f4\u591a\u7ec6\u8282\u53bb\u627e\u5230\u9020\u6210\u8be5\u670d\u52a1\u9519\u8bef\u7387\u4e0d\u4e3a 0 \u7684\u539f\u56e0:
\u5f53\u7136\uff0c\u6211\u4eec\u4e5f\u53ef\u4ee5\u70b9\u51fb\u6700\u9876\u90e8\u7684\u670d\u52a1\u540d\uff0c\u8fdb\u5165\u5230\u8be5\u670d\u52a1\u7684\u603b\u89c8\u754c\u9762\uff1a
"},{"location":"admin/insight/best-practice/find_root_cause.html#_2","title":"\u670d\u52a1\u603b\u89c8 \u2014 \u5177\u4f53\u5206\u6790\u7684\u5f00\u59cb","text":"\u5f53\u4f60\u9700\u8981\u6839\u636e\u670d\u52a1\u7684\u5165\u53e3\u548c\u51fa\u53e3\u6d41\u91cf\u5206\u522b\u5206\u6790\u7684\u65f6\u5019\uff0c\u4f60\u53ef\u4ee5\u5728\u53f3\u4e0a\u89d2\u8fdb\u884c\u7b5b\u9009\u5207\u6362\uff0c\u7b5b\u9009\u6570\u636e\u4e4b\u540e\uff0c\u6211\u4eec\u53d1\u73b0\u8be5\u670d\u52a1\u6709\u5f88\u591a \u64cd\u4f5c \u5bf9\u5e94\u7684\u9519\u8bef\u7387\u90fd\u4e0d\u4e3a 0. \u6b64\u65f6\uff0c\u6211\u4eec\u53ef\u4ee5\u901a\u8fc7\u70b9\u51fb \u67e5\u770b\u94fe\u8def \u5bf9\u8be5 \u64cd\u4f5c \u5728\u8fd9\u6bb5\u65f6\u95f4\u4ea7\u751f\u7684\u5e76\u8bb0\u5f55\u4e0b\u6765\u7684\u94fe\u8def\u8fdb\u884c\u5206\u6790\uff1a
"},{"location":"admin/insight/best-practice/find_root_cause.html#_3","title":"\u94fe\u8def\u8be6\u60c5 \u2014 \u627e\u5230\u9519\u8bef\u6839\u56e0\uff0c\u6d88\u706d\u5b83\u4eec","text":"\u5728\u94fe\u8def\u5217\u8868\u4e2d\uff0c\u6211\u4eec\u53ef\u4ee5\u901a\u8fc7\u754c\u9762\u76f4\u89c2\u5730\u53d1\u73b0\u94fe\u8def\u5217\u8868\u4e2d\u5b58\u5728\u7740 \u9519\u8bef \u7684\u94fe\u8def\uff08\u4e0a\u56fe\u4e2d\u7ea2\u6846\u5708\u8d77\u6765\u7684\uff09\uff0c\u6211\u4eec\u53ef\u4ee5\u70b9\u51fb\u9519\u8bef\u7684\u94fe\u8def\u67e5\u770b\u94fe\u8def\u8be6\u60c5\uff0c\u5982\u4e0b\u56fe\u6240\u793a\uff1a
\u5728\u94fe\u8def\u56fe\u4e2d\u6211\u4eec\u4e5f\u53ef\u4ee5\u4e00\u773c\u5c31\u53d1\u73b0\u94fe\u8def\u7684\u6700\u540e\u4e00\u6761\u6570\u636e\u662f\u5904\u4e8e \u9519\u8bef \u72b6\u6001\uff0c\u5c06\u5176\u53f3\u8fb9 Logs \u5c55\u5f00\uff0c\u6211\u4eec\u5b9a\u4f4d\u5230\u4e86\u9020\u6210\u8fd9\u6b21\u8bf7\u6c42\u9519\u8bef\u7684\u539f\u56e0\uff1a
\u6839\u636e\u4e0a\u9762\u7684\u5206\u6790\u65b9\u6cd5\uff0c\u6211\u4eec\u4e5f\u53ef\u4ee5\u5b9a\u4f4d\u5230\u5176\u4ed6 \u64cd\u4f5c \u9519\u8bef\u7684\u94fe\u8def\uff1a
"},{"location":"admin/insight/best-practice/find_root_cause.html#_4","title":"\u63a5\u4e0b\u6765 \u2014 \u4f60\u6765\u5206\u6790\uff01","text":""},{"location":"admin/insight/best-practice/grafana-use-db.html","title":"Insight Grafana \u6301\u4e45\u5316\u5230\u6570\u636e\u5e93","text":"Insight \u4f7f\u7528\u4e91\u539f\u751f\u7684 GrafanaOperator
+ CRD
\u7684\u65b9\u5f0f\u6765\u4f7f\u7528 Grafana\u3002\u6211\u4eec\u63a8\u8350\u4f7f\u7528 GrafanaDashboard(CRD) \u6765\u63cf\u8ff0\u4eea\u8868\u76d8\u7684 JSON \u6570\u636e\uff0c\u5373\u901a\u8fc7 GrafanaDashboard
\u6765\u589e\u52a0\u3001\u5220\u9664\u3001\u4fee\u6539\u4eea\u8868\u76d8\u3002
\u56e0\u4e3a Grafana \u9ed8\u8ba4\u4f7f\u7528 SQLite3 \u4f5c\u4e3a\u672c\u5730\u6570\u636e\u5e93\u6765\u5b58\u50a8\u914d\u7f6e\u4fe1\u606f\uff0c\u4f8b\u5982\u7528\u6237\u3001\u4eea\u8868\u76d8\u3001\u544a\u8b66\u7b49\u3002 \u5f53\u7528\u6237\u4ee5 \u7ba1\u7406\u5458\u8eab\u4efd\uff0c\u901a\u8fc7 UI \u521b\u5efa\u6216\u8005\u5bfc\u5165\u4eea\u8868\u76d8\u4e4b\u540e\uff0c\u6570\u636e\u5c06\u4e34\u65f6\u5b58\u50a8\u5728 SQLite3 \u4e2d\u3002 \u5f53 Grafana \u91cd\u542f\u4e4b\u540e\uff0c\u5c06\u91cd\u7f6e\u6240\u6709\u7684\u4eea\u8868\u76d8\u7684\u6570\u636e\uff0c\u5c06\u53ea\u5c55\u793a\u901a\u8fc7 GrafanaDashboard CR \u63cf\u8ff0\u7684\u4eea\u8868\u76d8\u6570\u636e\uff0c\u800c\u901a\u8fc7 UI \u521b\u5efa\uff0c\u5220\u9664\uff0c\u4fee\u6539\u4e5f\u90fd\u5c06\u88ab\u5168\u90e8\u91cd\u7f6e\u3002
Grafana \u652f\u6301\u4f7f\u7528\u5916\u90e8\u7684 MySQL\u3001PostgreSQL \u7b49\u6570\u636e\u5e93\u66ff\u4ee3\u5185\u7f6e\u7684 SQLite3 \u4f5c\u4e3a\u5185\u90e8\u5b58\u50a8\u3002\u672c\u6587\u63cf\u8ff0\u4e86\u5982\u679c\u7ed9 Insight \u63d0\u4f9b\u7684 Grafana \u914d\u7f6e\u5916\u7f6e\u7684\u6570\u636e\u5e93\u3002
"},{"location":"admin/insight/best-practice/grafana-use-db.html#_1","title":"\u4f7f\u7528\u5916\u90e8\u6570\u636e\u5e93","text":"\u7ed3\u5408 Grafana\uff08\u5f53\u524d\u955c\u50cf\u7248\u672c 9.3.14\uff09\u7684\u5b98\u65b9\u6587\u6863\u3002\u6839\u636e\u5982\u4e0b\u6b65\u9aa4\u914d\u7f6e\u4f7f\u7528\u5916\u90e8\u7684\u6570\u636e\u5e93\uff0c\u793a\u4f8b\u4ee5 MySQL \u4e3a\u4f8b\uff1a
\u521d\u59cb\u5316\u6570\u636e\u5e93
\u5728\u6570\u636e\u5e93\u4e2d\u521b\u5efa\u4e00\u4e2a\u65b0\u7684 database \u7ed9 Grafana \u4f7f\u7528\uff0c\u5efa\u8bae\u540d\u79f0\u4e3a grafana
\u914d\u7f6e Grafana \u4f7f\u7528 DB
\u5728 insight-system
\u4e0b\uff0c\u540d\u4e3a insight-grafana-operator-grafana \u7684 Grafana \u7684 CR \u91cc\u7684\u914d\u7f6e\uff1a
apiVersion: integreatly.org/v1alpha1\nkind: Grafana\nmetadata:\n name: insight-grafana-operator-grafana\n namespace: insight-system\nspec:\n baseImage: 10.64.40.50/docker.m.daocloud.io/grafana/grafana:9.3.14\n config:\n // \u5728 config \u7684\u5c3e\u90e8\u8ffd\u52a0\n+ database:\n+ type: mysql # \u652f\u6301 mysql, postgres\n+ host: \"10.6.216.101:30782\" # \u6570\u636e\u5e93\u7684 Endpoint\n+ name: \"grafana\" # \u63d0\u524d\u521b\u5efa\u7684 database\n+ user: \"grafana\"\n+ password: \"grafana_password\"\n
\u5982\u4e0b\u662f\u914d\u7f6e\u5b8c\u6210\u540e\u5728 Grafana \u7684\u914d\u7f6e\u6587\u4ef6 grafana-config \u91cc\u7684\u914d\u7f6e\u4fe1\u606f\u3002
[database]\n host = 10.6.216.101:30782\n name = grafana\n password = grafana_password\n type = mysql\n user = grafana\n
\u5728 insight.yaml \u6dfb\u52a0\u5982\u4e0b\u914d\u7f6e\uff1a
grafana-operator:\n grafana:\n config:\n database:\n type: mysql\n host: \"10.6.216.101:30782\"\n name: \"grafana\"\n user: \"grafana\"\n password: \"grafana_password\"\n
\u5347\u7ea7 insight server\uff0c\u5efa\u8bae\u901a\u8fc7 Helm \u5347\u7ea7\u3002
helm upgrade insight insight/insight \\\n -n insight-system \\\n -f ./insight.yaml \\\n --version ${version}\n
\u901a\u8fc7\u547d\u4ee4\u884c\u8fdb\u884c\u5347\u7ea7\u3002
\u83b7\u53d6 insight Helm \u4e2d\u539f\u6765\u7684\u914d\u7f6e\u3002
helm get values insight -n insight-system -o yaml > insight.yaml\n
\u6307\u5b9a\u539f\u6765\u914d\u7f6e\u6587\u4ef6\u5e76\u4fdd\u5b58 grafana \u6570\u636e\u5e93\u7684\u8fde\u63a5\u4fe1\u606f\u3002
helm upgrade --install \\\n --version ${version} \\\n insight insight/insight -n insight-system \\\n -f ./insight.yaml \\\n --set grafana-operator.grafana.config.database.type=mysql \\\n --set grafana-operator.grafana.config.database.host=10.6.216.101:30782 \\\n --set grafana-operator.grafana.config.database.name=grafana \\\n --set grafana-operator.grafana.config.database.user=grafana \\\n --set grafana-operator.grafana.config.database.password=grafana_password \n
\u7528\u6237\u662f\u5426\u4f1a\u8986\u76d6\u5185\u7f6e\u4eea\u8868\u76d8\uff0c\u5bfc\u81f4\u5347\u7ea7\u5931\u8d25\uff1f
\u56de\u590d\uff1a\u4f1a\u3002\u5f53\u7528\u6237\u7f16\u8f91\u4e86 Dashbaord A\uff08v1.1\uff09\uff0c\u4e14 Insight \u4e5f\u5347\u7ea7\u4e86 Dashboard A\uff08v2.0\uff09\uff0c \u5347\u7ea7\u4e4b\u540e\uff08\u5347\u7ea7\u955c\u50cf\uff09\uff1b\u7528\u6237\u770b\u5230\u5185\u5bb9\u8fd8\u662f v1.1\uff0c\u800c v2.0 \u662f\u4e0d\u4f1a\u66f4\u65b0\u5230\u73af\u5883\u91cc\u3002
\u5f53\u4f7f\u7528 MGR \u6a21\u5f0f MySQL \u65f6\u4f1a\u5b58\u5728\u95ee\u9898\uff0c\u5bfc\u81f4 grafana-deployment \u65e0\u6cd5\u6b63\u5e38\u542f\u52a8\u3002
\u539f\u56e0\uff1a\u8868 alert_rule_tag_v1 \u548c annotation_tag_v2 \u4e2d\u6ca1\u6709\u4e3b\u952e\uff0c\u800c mysql mgr \u5fc5\u987b\u6709\u4e3b\u952e
\u89e3\u51b3\u65b9\u6cd5\uff1a\u5411 alert_rule_tag_v1 \u548c annotation_tag_v2 \u4e34\u65f6\u8868\u6dfb\u52a0\u4e3b\u952e\uff1a
alter table alert_rule_tag_v1\n add constraint alert_rule_tag_v1_pk\n primary key (tag_id, alert_id);\n\nalter table annotation_tag_v2\n add constraint annotation_tag_v2_pk\n primary key (tag_id, annotation_id);\n
\u968f\u7740\u4e1a\u52a1\u53d1\u5c55\uff0c\u8d8a\u6765\u8d8a\u591a\u7684\u5e94\u7528\u4ea7\u751f\u7684\u65e5\u5fd7\u6570\u636e\u4f1a\u8d8a\u6765\u8d8a\u591a\uff0c\u4e3a\u4e86\u4fdd\u8bc1\u7cfb\u7edf\u80fd\u591f\u6b63\u5e38\u91c7\u96c6\u5e76\u5206\u6790\u5e9e\u6742\u7684\u65e5\u5fd7\u6570\u636e\u65f6\uff0c \u4e00\u822c\u505a\u6cd5\u662f\u5f15\u5165 Kafka \u7684\u6d41\u5f0f\u67b6\u6784\u6765\u89e3\u51b3\u5927\u91cf\u6570\u636e\u5f02\u6b65\u91c7\u96c6\u7684\u65b9\u6848\u3002\u91c7\u96c6\u5230\u7684\u65e5\u5fd7\u6570\u636e\u4f1a\u7ecf\u8fc7 Kafka \u6d41\u8f6c\uff0c \u7531\u76f8\u5e94\u7684\u6570\u636e\u6d88\u8d39\u7ec4\u4ef6\u5c06\u6570\u636e\u4ece Kafka \u6d88\u8d39\u5b58\u5165\u5230 Elasticsearch \u4e2d\uff0c\u5e76\u901a\u8fc7 Insight \u8fdb\u884c\u53ef\u89c6\u5316\u5c55\u793a\u4e0e\u5206\u6790\u3002
\u672c\u6587\u5c06\u4ecb\u7ecd\u4ee5\u4e0b\u4e24\u79cd\u65b9\u6848\uff1a
\u5f53\u6211\u4eec\u5728\u65e5\u5fd7\u7cfb\u7edf\u4e2d\u5f15\u5165 Kafka \u4e4b\u540e\uff0c\u6570\u636e\u6d41\u56fe\u5982\u4e0b\u56fe\u6240\u793a\uff1a
\u4e0a\u9762\u4e24\u79cd\u65b9\u6848\u4e2d\u6709\u5171\u901a\u7684\u5730\u65b9\uff0c\u4e0d\u540c\u4e4b\u5904\u5728\u4e8e\u6d88\u8d39 Kafka \u6570\u636e\u7684\u7ec4\u4ef6\uff0c\u540c\u65f6\uff0c\u4e3a\u4e86\u4e0d\u5f71\u54cd Insight \u6570\u636e\u5206\u6790\uff0c \u6211\u4eec\u9700\u8981\u5728\u6d88\u8d39 Kafka \u6570\u636e\u5e76\u5199\u5165\u5230 ES \u7684\u6570\u636e\u548c\u539f\u6765 Fluentbit \u76f4\u63a5\u5199\u5165 ES \u7684\u6570\u636e\u7684\u683c\u5f0f\u4e00\u81f4\u3002
\u9996\u5148\u6211\u4eec\u6765\u770b\u770b Fluentbit \u600e\u4e48\u5c06\u65e5\u5fd7\u5199\u5165 Kafka\uff1a
"},{"location":"admin/insight/best-practice/insight-kafka.html#fluentbit-output","title":"\u4fee\u6539 Fluentbit Output \u914d\u7f6e","text":"\u5f53 Kafka \u96c6\u7fa4\u51c6\u5907\u5c31\u7eea\u4e4b\u540e\uff0c\u6211\u4eec\u9700\u8981\u4fee\u6539 insight-system \u547d\u540d\u7a7a\u95f4\u4e0b ConfigMap \u7684\u5185\u5bb9\uff0c \u65b0\u589e\u4ee5\u4e0b\u4e09\u4e2a Kafka Output \u5e76\u6ce8\u91ca\u539f\u6765\u4e09\u4e2a Elasticsearch Output\uff1a
\u5047\u8bbe Kafka Brokers \u5730\u5740\u4e3a\uff1a insight-kafka.insight-system.svc.cluster.local:9092
[OUTPUT]\n Name kafka\n Match_Regex (?:kube|syslog)\\.(.*)\n Brokers insight-kafka.insight-system.svc.cluster.local:9092\n Topics insight-logs\n format json\n timestamp_key @timestamp\n rdkafka.batch.size 65536\n rdkafka.compression.level 6\n rdkafka.compression.type lz4\n rdkafka.linger.ms 0\n rdkafka.log.connection.close false\n rdkafka.message.max.bytes 2.097152e+06\n rdkafka.request.required.acks 1\n [OUTPUT]\n Name kafka\n Match_Regex (?:skoala-gw)\\.(.*)\n Brokers insight-kafka.insight-system.svc.cluster.local:9092\n Topics insight-gw-skoala\n format json\n timestamp_key @timestamp\n rdkafka.batch.size 65536\n rdkafka.compression.level 6\n rdkafka.compression.type lz4\n rdkafka.linger.ms 0\n rdkafka.log.connection.close false\n rdkafka.message.max.bytes 2.097152e+06\n rdkafka.request.required.acks 1\n [OUTPUT]\n Name kafka\n Match_Regex (?:kubeevent)\\.(.*)\n Brokers insight-kafka.insight-system.svc.cluster.local:9092\n Topics insight-event\n format json\n timestamp_key @timestamp\n rdkafka.batch.size 65536\n rdkafka.compression.level 6\n rdkafka.compression.type lz4\n rdkafka.linger.ms 0\n rdkafka.log.connection.close false\n rdkafka.message.max.bytes 2.097152e+06\n rdkafka.request.required.acks 1\n
\u63a5\u4e0b\u6765\u5c31\u662f\u6d88\u8d39 Kafka \u6570\u636e\u4e4b\u540e\u5199\u5230 ES \u7684\u7ec6\u5fae\u5dee\u522b\u3002 \u6b63\u5982\u672c\u6587\u5f00\u59cb\u7684\u63cf\u8ff0\uff0c\u672c\u6587\u5c06\u4ecb\u7ecd Logstash \u4e0e Vector \u4f5c\u4e3a\u6d88\u8d39 Kafka \u7684\u4e24\u79cd\u65b9\u5f0f\u3002
"},{"location":"admin/insight/best-practice/insight-kafka.html#kafka-elasticsearch_1","title":"\u6d88\u8d39 Kafka \u5e76\u5199\u5165 Elasticsearch","text":"\u5047\u8bbe Elasticsearch \u7684\u5730\u5740\u4e3a\uff1ahttps://mcamel-common-es-cluster-es-http.mcamel-system:9200
\u5982\u679c\u4f60\u5bf9 Logstash \u6280\u672f\u6808\u6bd4\u8f83\u719f\u6089\uff0c\u4f60\u53ef\u4ee5\u7ee7\u7eed\u4f7f\u7528\u8be5\u65b9\u5f0f\u3002
\u5f53\u4f60\u901a\u8fc7 Helm \u90e8\u7f72 Logstash \u7684\u65f6\u5019\uff0c \u5728 logstashPipeline \u4e2d\u589e\u52a0\u5982\u4e0b Pipeline \u5373\u53ef\uff1a
replicas: 3\nresources:\n requests:\n cpu: 100m\n memory: 1536Mi\n limits:\n cpu: 1000m\n memory: 1536Mi\nlogstashConfig:\n logstash.yml: |\n http.host: 0.0.0.0\n xpack.monitoring.enabled: false\nlogstashPipeline:\n insight-event.conf: |\n input {\n kafka {\n add_field => {\"kafka_topic\" => \"insight-event\"}\n topics => [\"insight-event\"] \n bootstrap_servers => \"172.30.120.189:32082\" # kafka\u7684ip \u548c\u7aef\u53e3\n enable_auto_commit => true\n consumer_threads => 1 # \u5bf9\u5e94 partition \u7684\u6570\u91cf\n decorate_events => true\n codec => \"plain\"\n }\n }\n\n filter {\n mutate { gsub => [ \"message\", \"@timestamp\", \"_@timestamp\"] }\n json {source => \"message\"}\n date {\n match => [ \"_@timestamp\", \"UNIX\" ]\n remove_field => \"_@timestamp\"\n remove_tag => \"_timestampparsefailure\"\n }\n mutate {\n remove_field => [\"event\", \"message\"]\n }\n }\n\n output {\n if [kafka_topic] == \"insight-event\" {\n elasticsearch {\n hosts => [\"https://172.30.120.201:32427\"] # elasticsearch \u5730\u5740\n user => 'elastic' # elasticsearch \u7528\u6237\u540d\n ssl => 'true'\n password => '0OWj4D54GTH3xK06f9Gg01Zk' # elasticsearch \u5bc6\u7801\n ssl_certificate_verification => 'false'\n action => \"create\"\n index => \"insight-es-k8s-event-logs-alias\"\n data_stream => \"false\"\n }\n }\n }\n insight-gw-skoala.conf: |\n input {\n kafka {\n add_field => {\"kafka_topic\" => \"insight-gw-skoala\"}\n topics => [\"insight-gw-skoala\"] \n bootstrap_servers => \"172.30.120.189:32082\"\n enable_auto_commit => true\n consumer_threads => 1\n decorate_events => true\n codec => \"plain\"\n }\n }\n\n filter {\n mutate { gsub => [ \"message\", \"@timestamp\", \"_@timestamp\"] }\n json {source => \"message\"}\n date {\n match => [ \"_@timestamp\", \"UNIX\" ]\n remove_field => \"_@timestamp\"\n remove_tag => \"_timestampparsefailure\"\n }\n mutate {\n remove_field => [\"event\", \"message\"]\n }\n }\n\n output {\n if [kafka_topic] == \"insight-gw-skoala\" {\n elasticsearch {\n hosts => [\"https://172.30.120.201:32427\"]\n user => 'elastic'\n ssl => 'true'\n password => '0OWj4D54GTH3xK06f9Gg01Zk'\n ssl_certificate_verification => 'false'\n action => \"create\"\n index => \"skoala-gw-alias\"\n data_stream => \"false\"\n }\n }\n }\n insight-logs.conf: |\n input {\n kafka {\n add_field => {\"kafka_topic\" => \"insight-logs\"}\n topics => [\"insight-logs\"] \n bootstrap_servers => \"172.30.120.189:32082\" \n enable_auto_commit => true\n consumer_threads => 1\n decorate_events => true\n codec => \"plain\"\n }\n }\n\n filter {\n mutate { gsub => [ \"message\", \"@timestamp\", \"_@timestamp\"] }\n json {source => \"message\"}\n date {\n match => [ \"_@timestamp\", \"UNIX\" ]\n remove_field => \"_@timestamp\"\n remove_tag => \"_timestampparsefailure\"\n }\n mutate {\n remove_field => [\"event\", \"message\"]\n }\n }\n\n output {\n if [kafka_topic] == \"insight-logs\" {\n elasticsearch {\n hosts => [\"https://172.30.120.201:32427\"]\n user => 'elastic'\n ssl => 'true'\n password => '0OWj4D54GTH3xK06f9Gg01Zk'\n ssl_certificate_verification => 'false'\n action => \"create\"\n index => \"insight-es-k8s-logs-alias\"\n data_stream => \"false\"\n }\n }\n }\n
"},{"location":"admin/insight/best-practice/insight-kafka.html#vector","title":"\u901a\u8fc7 Vector \u6d88\u8d39","text":"\u5982\u679c\u4f60\u5bf9 Vector \u6280\u672f\u6808\u6bd4\u8f83\u719f\u6089\uff0c\u4f60\u53ef\u4ee5\u7ee7\u7eed\u4f7f\u7528\u8be5\u65b9\u5f0f\u3002
\u5f53\u4f60\u901a\u8fc7 Helm \u90e8\u7f72 Vector \u7684\u65f6\u5019\uff0c\u5f15\u7528\u5982\u4e0b\u89c4\u5219\u7684 Configmap \u914d\u7f6e\u6587\u4ef6\u5373\u53ef\uff1a
metadata:\n name: vector\napiVersion: v1\ndata:\n aggregator.yaml: |\n api:\n enabled: true\n address: '0.0.0.0:8686'\n sources:\n insight_logs_kafka:\n type: kafka\n bootstrap_servers: 'insight-kafka.insight-system.svc.cluster.local:9092'\n group_id: consumer-group-insight\n topics:\n - insight-logs\n insight_event_kafka:\n type: kafka\n bootstrap_servers: 'insight-kafka.insight-system.svc.cluster.local:9092'\n group_id: consumer-group-insight\n topics:\n - insight-event\n insight_gw_skoala_kafka:\n type: kafka\n bootstrap_servers: 'insight-kafka.insight-system.svc.cluster.local:9092'\n group_id: consumer-group-insight\n topics:\n - insight-gw-skoala\n transforms:\n insight_logs_remap:\n type: remap\n inputs:\n - insight_logs_kafka\n source: |2\n . = parse_json!(string!(.message))\n .@timestamp = now()\n insight_event_kafka_remap:\n type: remap\n inputs:\n - insight_event_kafka\n - insight_gw_skoala_kafka\n source: |2\n . = parse_json!(string!(.message))\n .@timestamp = now()\n insight_gw_skoala_kafka_remap:\n type: remap\n inputs:\n - insight_gw_skoala_kafka\n source: |2\n . = parse_json!(string!(.message))\n .@timestamp = now()\n sinks:\n insight_es_logs:\n type: elasticsearch\n inputs:\n - insight_logs_remap\n api_version: auto\n auth:\n strategy: basic\n user: elastic\n password: 8QZJ656ax3TXZqQh205l3Ee0\n bulk:\n index: insight-es-k8s-logs-alias-1418\n endpoints:\n - 'https://mcamel-common-es-cluster-es-http.mcamel-system:9200'\n tls:\n verify_certificate: false\n verify_hostname: false\n insight_es_event:\n type: elasticsearch\n inputs:\n - insight_event_kafka_remap\n api_version: auto\n auth:\n strategy: basic\n user: elastic\n password: 8QZJ656ax3TXZqQh205l3Ee0\n bulk:\n index: insight-es-k8s-event-logs-alias-1418\n endpoints:\n - 'https://mcamel-common-es-cluster-es-http.mcamel-system:9200'\n tls:\n verify_certificate: false\n verify_hostname: false\n insight_es_gw_skoala:\n type: elasticsearch\n inputs:\n - insight_gw_skoala_kafka_remap\n api_version: auto\n auth:\n strategy: basic\n user: elastic\n password: 8QZJ656ax3TXZqQh205l3Ee0\n bulk:\n index: skoala-gw-alias-1418\n endpoints:\n - 'https://mcamel-common-es-cluster-es-http.mcamel-system:9200'\n tls:\n verify_certificate: false\n verify_hostname: false\n
"},{"location":"admin/insight/best-practice/insight-kafka.html#_1","title":"\u68c0\u67e5\u662f\u5426\u6b63\u5e38\u5de5\u4f5c","text":"\u4f60\u53ef\u4ee5\u901a\u8fc7\u67e5\u770b Insight \u65e5\u5fd7\u67e5\u8be2\u754c\u9762\u662f\u5426\u6709\u6700\u65b0\u7684\u6570\u636e\uff0c\u6216\u8005\u67e5\u770b\u539f\u672c Elasticsearch \u7684\u7d22\u5f15\u7684\u6570\u91cf\u6709\u6ca1\u6709\u589e\u957f\uff0c\u589e\u957f\u5373\u4ee3\u8868\u914d\u7f6e\u6210\u529f\u3002
"},{"location":"admin/insight/best-practice/insight-kafka.html#_2","title":"\u53c2\u8003","text":"DeepFlow \u662f\u4e00\u6b3e\u57fa\u4e8e eBPF \u7684\u53ef\u89c2\u6d4b\u6027\u4ea7\u54c1\u3002\u5b83\u7684\u793e\u533a\u7248\u5df2\u7ecf\u88ab\u96c6\u6210\u8fdb Insight \u4e2d\uff0c\u4ee5\u4e0b\u662f\u96c6\u6210\u65b9\u5f0f\u3002
"},{"location":"admin/insight/best-practice/integration_deepflow.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u5b89\u88c5 DeepFlow \u7ec4\u4ef6\u9700\u8981\u7528\u5230\u4e24\u4e2a Chart\uff1a
deepflow
\uff1a\u5305\u542b deepflow-app
\u3001deepflow-server
\u3001deepflow-clickhouse
\u3001deepflow-agent
\u7b49\u7ec4\u4ef6\u3002 \u4e00\u822c deepflow
\u4f1a\u90e8\u7f72\u5728\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4e2d\uff0c\u6240\u4ee5\u5b83\u4e5f\u4e00\u5e76\u5b89\u88c5\u4e86 deepflow-agent
deepflow-agent
\uff1a\u53ea\u5305\u542b\u4e86 deepflow-agent
\u7ec4\u4ef6\uff0c\u7528\u4e8e\u91c7\u96c6 eBPF \u6570\u636e\u5e76\u53d1\u9001\u7ed9 deepflow-server
DeepFlow \u9700\u8981\u5b89\u88c5\u5728\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4e2d\u3002
\u8fdb\u5165 kpanda-global-cluster \u96c6\u7fa4\uff0c\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u5185\u70b9\u51fb Helm \u5e94\u7528 -> Helm \u6a21\u677f \uff0c\u4ed3\u5e93\u9009\u62e9 community \uff0c\u641c\u7d22\u6846\u627e\u5230 deepflow
:
\u70b9\u51fb deepflow \u5361\u7247\u8fdb\u5165\u8be6\u60c5\u9875\uff1a
\u70b9\u51fb \u5b89\u88c5 \uff0c\u8fdb\u5165\u5b89\u88c5\u754c\u9762\uff1a
\u5927\u90e8\u5206 values \u90fd\u6709\u9ed8\u8ba4\u503c\u3002\u5176\u4e2d Clickhouse \u548c Mysql \u90fd\u9700\u8981\u7533\u8bf7\u5b58\u50a8\u5377\uff0c\u5b83\u4eec\u7684\u9ed8\u8ba4\u5927\u5c0f\u90fd\u662f 10Gi \uff0c \u53ef\u4ee5\u901a\u8fc7 persistence \u5173\u952e\u5b57\u641c\u7d22\u5230\u76f8\u5173\u914d\u7f6e\u5e76\u4fee\u6539\u3002
\u914d\u7f6e\u597d\u540e\u5c31\u53ef\u4ee5\u70b9\u51fb \u786e\u5b9a \uff0c\u6267\u884c\u5b89\u88c5\u4e86\u3002
\u5728\u5b89\u88c5 DeepFlow \u540e\uff0c\u8fd8\u9700\u8981\u5728 Insight \u4e2d\u5f00\u542f\u76f8\u5173\u7684\u529f\u80fd\u5f00\u5173\u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u5185\u70b9\u51fb \u914d\u7f6e\u4e0e\u5bc6\u94a5 -> \u914d\u7f6e\u9879 \uff0c \u901a\u8fc7\u641c\u7d22\u6846\u627e\u5230 insight-server-config \u5e76\u8fdb\u884c\u7f16\u8f91\uff1a
\u5728 YAML \u914d\u7f6e\u4e2d\u627e\u5230 eBPF Flow feature \u8fd9\u4e2a\u529f\u80fd\u5f00\u5173\u5e76\u5c06\u5b83\u5f00\u542f:
\u4fdd\u5b58\u66f4\u6539\uff0c\u91cd\u542f insight-server \u540e\uff0cInsight \u4e3b\u754c\u9762\u5c31\u4f1a\u51fa\u73b0 \u7f51\u7edc\u89c2\u6d4b :
DeepFlow Agent \u901a\u8fc7 deepflow-agent
Chart \u6765\u5b89\u88c5\u5728\u5b50\u96c6\u7fa4\u4e2d\uff0c\u7528\u4e8e\u91c7\u96c6\u5b50\u96c6\u7fa4\u7684 eBPF \u89c2\u6d4b\u6570\u636e\u5e76\u4e0a\u62a5\u5230\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4e2d\u3002 \u7c7b\u4f3c\u4e8e\u5b89\u88c5 deepflow
\uff0c\u901a\u8fc7 Helm \u5e94\u7528 -> Helm \u6a21\u677f \uff0c\u4ed3\u5e93\u9009\u62e9 community \uff0c \u901a\u8fc7\u641c\u7d22\u6846\u67e5\u8be2 deepflow-agent
\uff0c\u6309\u6d41\u7a0b\u8fdb\u5165\u5b89\u88c5\u754c\u9762\u3002
\u53c2\u6570\u8bf4\u660e\uff1a
daemonset
Asia/Shanghai
30035
\u914d\u7f6e\u597d\u540e\u70b9\u51fb \u786e\u5b9a \uff0c\u5b8c\u6210\u5b89\u88c5\u3002
"},{"location":"admin/insight/best-practice/integration_deepflow.html#_2","title":"\u4f7f\u7528","text":"\u5728\u6b63\u786e\u5b89\u88c5 DeepFlow \u540e\uff0c\u70b9\u51fb \u7f51\u7edc\u89c2\u6d4b \u5c31\u53ef\u4ee5\u8fdb\u5165 DeepFlow Grafana UI\u3002 \u5b83\u5185\u7f6e\u4e86\u5927\u91cf\u7684 Dashboard \u53ef\u4f9b\u67e5\u770b\u4e0e\u5e2e\u52a9\u5206\u6790\u95ee\u9898\uff0c \u70b9\u51fb DeepFlow Templates \uff0c\u53ef\u4ee5\u6d4f\u89c8\u6240\u6709\u53ef\u4ee5\u67e5\u770b\u7684 Dashboard\uff1a
"},{"location":"admin/insight/best-practice/sw-to-otel.html","title":"\u4f7f\u7528 OpenTelemetry \u96f6\u4ee3\u7801\u63a5\u6536 SkyWalking \u94fe\u8def\u6570\u636e","text":"\u53ef\u89c2\u6d4b\u6027 Insight \u901a\u8fc7 OpenTelemetry \u5c06\u5e94\u7528\u6570\u636e\u8fdb\u884c\u4e0a\u62a5\u3002\u82e5\u60a8\u7684\u5e94\u7528\u5df2\u4f7f\u7528 Skywalking \u6765\u91c7\u96c6\u94fe\u8def\uff0c \u53ef\u53c2\u8003\u672c\u6587\u8fdb\u884c\u96f6\u4ee3\u7801\u6539\u9020\u5c06\u94fe\u8def\u6570\u636e\u63a5\u5165 Insight\u3002
"},{"location":"admin/insight/best-practice/sw-to-otel.html#_1","title":"\u4ee3\u7801\u89e3\u8bfb","text":"\u4e3a\u4e86\u80fd\u517c\u5bb9\u4e0d\u540c\u7684\u5206\u5e03\u5f0f\u8ffd\u8e2a\u5b9e\u73b0\uff0cOpenTelemetry \u63d0\u4f9b\u4e86\u7ec4\u4ef6\u690d\u5165\u7684\u65b9\u5f0f\uff0c\u8ba9\u4e0d\u540c\u7684\u5382\u5546\u80fd\u591f\u7ecf\u7531 OpenTelemetry \u6807\u51c6\u5316\u6570\u636e\u5904\u7406\u540e\u8f93\u51fa\u5230\u4e0d\u540c\u7684\u540e\u7aef\u3002Jaeger \u4e0e Zipkin \u5728\u793e\u533a\u4e2d\u5b9e\u73b0\u4e86 JaegerReceiver\u3001ZipkinReceiver\u3002 \u6211\u4eec\u4e5f\u4e3a\u793e\u533a\u8d21\u732e\u4e86 SkyWalkingReceiver\uff0c\u5e76\u8fdb\u884c\u4e86\u6301\u7eed\u7684\u6253\u78e8\uff0c\u73b0\u5728\u5df2\u7ecf\u5177\u5907\u4e86\u5728\u751f\u4ea7\u73af\u5883\u4e2d\u4f7f\u7528\u7684\u6761\u4ef6\uff0c \u800c\u4e14\u65e0\u9700\u4fee\u6539\u4efb\u4f55\u4e00\u884c\u4e1a\u52a1\u4ee3\u7801\u3002
OpenTelemetry \u4e0e SkyWalking \u6709\u4e00\u4e9b\u5171\u540c\u70b9\uff1a\u90fd\u662f\u4f7f\u7528 Trace \u6765\u5b9a\u4e49\u4e00\u6b21\u8ffd\u8e2a\uff0c\u5e76\u4f7f\u7528 Span \u6765\u6807\u8bb0\u8ffd\u8e2a\u91cc\u7684\u6700\u5c0f\u7c92\u5ea6\u3002 \u4f46\u662f\u5728\u4e00\u4e9b\u7ec6\u8282\u548c\u5b9e\u73b0\u4e0a\u8fd8\u662f\u4f1a\u6709\u5dee\u522b\uff1a
- Skywalking OpenTelemetry \u6570\u636e\u7ed3\u6784 span -> Segment -> Trace Span -> Trace \u5c5e\u6027\u4fe1\u606f Tags Attributes \u5e94\u7528\u65f6\u95f4 Logs Events \u5f15\u7528\u5173\u7cfb References Links\u660e\u786e\u4e86\u8fd9\u4e9b\u5dee\u5f02\u540e\uff0c\u5c31\u53ef\u4ee5\u5f00\u59cb\u5b9e\u73b0\u5c06 SkyWalking Trace \u8f6c\u6362\u4e3a OpenTelemetry Trace\u3002\u4e3b\u8981\u5de5\u4f5c\u5305\u62ec\uff1a
\u5982\u4f55\u6784\u9020 OpenTelemetry \u7684 TraceId \u548c SpanId
\u5982\u4f55\u6784\u9020 OpenTelemetry \u7684 ParentSpanId
\u5982\u4f55\u5728 OpenTelemetry Span \u4e2d\u4fdd\u7559 SkyWalking \u7684\u539f\u59cb TraceId\u3001SegmentId\u3001SpanId
\u9996\u5148\uff0c\u6211\u4eec\u6765\u770b\u5982\u4f55\u6784\u9020 OpenTelemetry \u7684 TraceId \u548c SpanId\u3002SkyWalking \u548c OpenTelemetry \u90fd\u662f\u901a\u8fc7 TraceId \u4e32\u8054\u8d77\u5404\u4e2a\u5206\u5e03\u5f0f\u670d\u52a1\u8c03\u7528\uff0c\u5e76\u901a\u8fc7 SpanId \u6765\u6807\u8bb0\u6bcf\u4e00\u4e2a Span\uff0c\u4f46\u662f\u5b9e\u73b0\u89c4\u683c\u6709\u8f83\u5927\u5dee\u5f02\uff1a
Info
\u4ee3\u7801\u5b9e\u73b0\u89c1 GitHub\uff1a
\u5177\u4f53\u6765\u8bb2\uff0cSkyWalking TraceId \u548c SegmentId \u6240\u6709\u53ef\u80fd\u7684\u683c\u5f0f\u5982\u4e0b\uff1a
\u5176\u4e2d\uff0c\u5728 OpenTelemetry \u534f\u8bae\u91cc\uff0cSpan \u5728\u6240\u6709 Trace \u4e2d\u90fd\u662f\u552f\u4e00\u7684\uff0c\u800c\u5728 SkyWalking \u4e2d\uff0c Span \u4ec5\u5728\u6bcf\u4e2a Segment \u91cc\u662f\u552f\u4e00\u7684\uff0c\u8fd9\u8bf4\u660e\u8981\u901a\u8fc7 SegmentId \u4e0e SpanId \u7ed3\u5408\u624d\u80fd\u5728 SkyWalking \u4e2d\u5bf9 Span \u505a\u552f\u4e00\u6807\u8bc6\uff0c\u5e76\u8f6c\u6362\u4e3a OpenTelemetry \u7684 SpanId\u3002
Info
\u4ee3\u7801\u5b9e\u73b0\u89c1 GitHub\uff1a
\u63a5\u4e0b\u6765\uff0c\u6211\u4eec\u6765\u770b\u5982\u4f55\u6784\u9020 OpenTelemetry \u7684 ParentSpanId\u3002\u5728\u4e00\u4e2a Segment \u5185\u90e8\uff0c SkyWalking \u7684 ParentSpanId \u5b57\u6bb5\u53ef\u76f4\u63a5\u7528\u4e8e\u6784\u9020 OpenTelemetry \u7684 ParentSpanId \u5b57\u6bb5\u3002 \u4f46\u5f53\u4e00\u4e2a Trace \u8de8\u591a\u4e2a Segment \u65f6\uff0cSkyWalking \u662f\u901a\u8fc7 Reference \u4e2d\u7684 ParentTraceSegmentId \u548c ParentSpanId \u8868\u793a\u7684\u5173\u8054\u4fe1\u606f\uff0c\u4e8e\u662f\u6b64\u65f6\u9700\u8981\u901a\u8fc7 Reference \u4e2d\u7684\u4fe1\u606f\u6784\u5efa OpenTelemetry \u7684 ParentSpanId\u3002
\u4ee3\u7801\u5b9e\u73b0\u89c1 GitHub\uff1aSkywalking Receiver
\u6700\u540e\uff0c\u6211\u4eec\u6765\u770b\u5982\u4f55\u5728 OpenTelemetry Span \u4e2d\u4fdd\u7559 SkyWalking \u7684\u539f\u59cb TraceId\u3001SegmentId\u3001SpanId\u3002 \u6211\u4eec\u643a\u5e26\u8fd9\u4e9b\u539f\u59cb\u4fe1\u606f\u662f\u4e3a\u4e86\u80fd\u5c06\u5206\u5e03\u5f0f\u8ffd\u8e2a\u540e\u7aef\u5c55\u73b0\u7684 OpenTelemetry TraceId\u3001SpanId \u4e0e\u5e94\u7528\u7a0b\u5e8f\u65e5\u5fd7\u4e2d\u7684 SkyWalking TraceId\u3001SegmentId\u3001SpanId \u8fdb\u884c\u5173\u8054\uff0c\u6253\u901a\u8ffd\u8e2a\u548c\u65e5\u5fd7\u3002\u6211\u4eec\u9009\u62e9\u5c06 SkyWalking \u4e2d\u539f\u6709\u7684 TraceId\u3001SegmentId\u3001ParentSegmentId \u643a\u5e26\u5230 OpenTelemetry Attributes \u4e2d\u3002
Info
\u4ee3\u7801\u5b9e\u73b0\u89c1 GitHub\uff1a
\u7ecf\u8fc7\u4e0a\u8ff0\u4e00\u7cfb\u5217\u8f6c\u6362\u540e\uff0c\u6211\u4eec\u5c06 SkyWalking Segment Object \u5b8c\u6574\u7684\u8f6c\u6362\u4e3a\u4e86 OpenTelmetry Trace\uff0c\u5982\u4e0b\u56fe\uff1a
"},{"location":"admin/insight/best-practice/sw-to-otel.html#demo","title":"\u90e8\u7f72 Demo","text":"\u4e0b\u9762\u6211\u4eec\u4ee5\u4e00\u4e2a Demo \u6765\u5c55\u793a\u4f7f\u7528 OpenTelemetry \u6536\u96c6\u3001\u5c55\u793a SkyWalking \u8ffd\u8e2a\u6570\u636e\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002
\u9996\u5148\uff0c\u5728\u90e8\u7f72 OpenTelemetry Agent \u4e4b\u540e\uff0c\u5f00\u542f\u5982\u4e0b\u914d\u7f6e\uff0c\u5373\u53ef\u5728 OpenTelemetry \u4e2d\u62e5\u6709\u517c\u5bb9 SkyWalking \u534f\u8bae\u7684\u80fd\u529b\uff1a
# otel-agent config\nreceivers:\n # add the following config\n skywalking:\n protocols:\n grpc:\n endpoint: 0.0.0.0:11800 # \u63a5\u6536 SkyWalking Agent \u4e0a\u62a5\u7684 Trace \u6570\u636e\n http: \n endpoint: 0.0.0.0:12800 # \u63a5\u6536\u4ece\u524d\u7aef/ nginx \u7b49 HTTP \u534f\u8bae\u4e0a\u62a5\u7684 Trace \u6570\u636e\nservice: \n pipelines: \n traces: \n # add receiver __skywalking__ \n receivers: [skywalking]\n\n# otel-agent service yaml\nspec:\n ports: \n - name: sw-http\n port: 12800 \n protocol: TCP \n targetPort: 12800 \n - name: sw-grpc \n port: 11800 \n protocol: TCP \n targetPort: 11800\n
\u63a5\u4e0b\u6765\u9700\u8981\u5c06\u4e1a\u52a1\u5e94\u7528\u5bf9\u63a5\u7684 SkyWalking OAP Service\uff08\u5982 oap:11800\uff09\u4fee\u6539\u4e3a OpenTelemetry Agent Service\uff08\u5982 otel-agent:11800\uff09\uff0c \u5c31\u53ef\u4ee5\u5f00\u59cb\u4f7f\u7528 OpenTelemetry \u63a5\u6536 SkyWalking \u63a2\u9488\u7684\u8ffd\u8e2a\u6570\u636e\u4e86\u3002
\u6211\u4eec\u4ee5 SkyWalking-showcase Demo \u4e3a\u4f8b\u5c55\u793a\u6574\u4e2a\u6548\u679c\u3002\u5b83\u4f7f\u7528 SkyWalking Agent \u505a\u8ffd\u8e2a\uff0c\u901a\u8fc7 OpenTelemetry \u6807\u51c6\u5316\u5904\u7406\u540e\u4f7f\u7528 Jaeger \u6765\u5448\u73b0\u6700\u7ec8\u6548\u679c\uff1a
\u901a\u8fc7 SkyWalking Showcase \u7684\u67b6\u6784\u56fe\uff0c\u53ef\u77e5 SkyWalking \u7684\u6570\u636e\u7ecf\u8fc7 OpenTelemetry \u6807\u51c6\u5316\u540e\uff0c\u4f9d\u7136\u5b8c\u6574\u3002\u5728\u8fd9\u4e2a Trace \u91cc\uff0c \u8bf7\u6c42\u4ece app/homepage \u53d1\u8d77\uff0c\u4e4b\u540e\u5728 app \u540c\u65f6\u53d1\u8d77\u4e24\u4e2a\u8bf7\u6c42 /rcmd/\u4e0e/songs/top\uff0c\u5206\u53d1\u5230 recommandation/songs \u4e24\u4e2a\u670d\u52a1\u4e2d\uff0c \u5e76\u6700\u7ec8\u5230\u8fbe\u6570\u636e\u5e93\u8fdb\u884c\u67e5\u8be2\uff0c\u4ece\u800c\u5b8c\u6210\u6574\u4e2a\u8bf7\u6c42\u94fe\u8def\u3002
\u53e6\u5916\uff0c\u6211\u4eec\u4e5f\u53ef\u4ece Jaeger \u9875\u9762\u4e2d\u67e5\u770b\u5230\u539f\u59cb SkyWalking Id \u4fe1\u606f\uff0c\u4fbf\u4e8e\u4e0e\u5e94\u7528\u65e5\u5fd7\u5173\u8054\uff1a
"},{"location":"admin/insight/best-practice/tail-based-sampling.html","title":"\u94fe\u8def\u6570\u636e\u91c7\u6837\u4ecb\u7ecd\u4e0e\u914d\u7f6e","text":"\u4f7f\u7528\u5206\u5e03\u5f0f\u94fe\u8def\u8ddf\u8e2a\uff0c\u53ef\u4ee5\u5728\u5206\u5e03\u5f0f\u7cfb\u7edf\u4e2d\u89c2\u5bdf\u8bf7\u6c42\u5982\u4f55\u5728\u5404\u4e2a\u7cfb\u7edf\u4e2d\u6d41\u8f6c\u3002\u4e0d\u53ef\u5426\u8ba4\uff0c\u5b83\u975e\u5e38\u5b9e\u7528\uff0c\u4f8b\u5982\u4e86\u89e3\u60a8\u7684\u670d\u52a1\u8fde\u63a5\u548c\u8bca\u65ad\u5ef6\u8fdf\u95ee\u9898\uff0c\u4ee5\u53ca\u8bb8\u591a\u5176\u4ed6\u597d\u5904\u3002
\u4f46\u662f\uff0c\u5982\u679c\u60a8\u7684\u5927\u591a\u6570\u8bf7\u6c42\u90fd\u6210\u529f\u4e86\uff0c\u5e76\u4e14\u6ca1\u6709\u51fa\u73b0\u4e0d\u53ef\u63a5\u53d7\u7684\u5ef6\u8fdf\u6216\u9519\u8bef\uff0c\u90a3\u4e48\u60a8\u771f\u7684\u9700\u8981\u6240\u6709\u8fd9\u4e9b\u6570\u636e\u5417\uff1f\u6240\u4ee5\uff0c\u4f60\u5e76\u4e0d\u603b\u662f\u9700\u8981\u5927\u91cf\u6216\u8005\u5168\u91cf\u7684\u6570\u636e\u6765\u627e\u5230\u6b63\u786e\u7684\u89c1\u89e3\u3002\u60a8\u53ea\u9700\u8981\u901a\u8fc7\u6070\u5f53\u7684\u6570\u636e\u91c7\u6837\u5373\u53ef\u3002
\u91c7\u6837\u80cc\u540e\u7684\u60f3\u6cd5\u662f\u63a7\u5236\u53d1\u9001\u5230\u53ef\u89c2\u5bdf\u6027\u6536\u96c6\u5668\u7684\u94fe\u8def\uff0c\u4ece\u800c\u964d\u4f4e\u91c7\u96c6\u6210\u672c\u3002\u4e0d\u540c\u7684\u7ec4\u7ec7\u6709\u4e0d\u540c\u7684\u539f\u56e0\uff0c\u6bd4\u5982\u4e3a\u4ec0\u4e48\u8981\u62bd\u6837\uff0c\u4ee5\u53ca\u60f3\u8981\u62bd\u6837\u4ec0\u4e48\u6768\u7684\u6570\u636e\u3002\u6240\u4ee5\uff0c\u6211\u4eec\u9700\u8981\u81ea\u5b9a\u4e49\u91c7\u6837\u7b56\u7565\uff1a
\u5728\u8ba8\u8bba\u91c7\u6837\u65f6\u4f7f\u7528\u4e00\u81f4\u7684\u672f\u8bed\u662f\u5f88\u91cd\u8981\u7684\u3002Trace \u6216 Span \u88ab\u89c6\u4e3a \u91c7\u6837 \u6216 \u672a\u91c7\u6837\uff1a
\u5934\u90e8\u62bd\u6837\u662f\u4e00\u79cd\u7528\u4e8e\u5c3d\u65e9\u505a\u51fa\u62bd\u6837\u51b3\u5b9a\u7684\u91c7\u6837\u6280\u672f\u3002\u91c7\u6837\u6216\u5220\u9664 Trace/Span \u7684\u51b3\u5b9a\u4e0d\u662f\u901a\u8fc7\u68c0\u67e5\u6574\u4e2a Trace \u6765\u505a\u51fa\u7684\u3002
\u4f8b\u5982\uff0c\u6700\u5e38\u89c1\u7684\u5934\u90e8\u91c7\u6837\u5f62\u5f0f\u662f\u4e00\u81f4\u6982\u7387\u91c7\u6837\u3002\u5b83\u4e5f\u53ef\u4ee5\u79f0\u4e3a\u786e\u5b9a\u6027\u91c7\u6837\u3002\u5728\u8fd9\u79cd\u60c5\u51b5\u4e0b\uff0c\u5c06\u6839\u636e TraceID \u548c\u8981\u91c7\u6837\u7684\u6240\u9700 Trace \u767e\u5206\u6bd4\u505a\u51fa\u91c7\u6837\u51b3\u7b56\u3002\u8fd9\u53ef\u786e\u4fdd\u4ee5\u4e00\u81f4\u7684\u901f\u7387\uff08\u4f8b\u5982\u6240\u6709 Trace\u7684 5%\uff09\u5bf9\u6574\u4e2a Trace \u8fdb\u884c\u91c7\u6837\u5e76\u4e14\u4e0d\u9057\u6f0f Span\u3002
\u5934\u90e8\u91c7\u6837\u7684\u597d\u5904\u662f\uff1a - \u6613\u4e8e\u7406\u89e3 - \u6613\u4e8e\u914d\u7f6e - \u9ad8\u6548 - \u53ef\u4ee5\u5728\u8ddf\u8e2a\u6536\u96c6\u7ba1\u9053\u4e2d\u7684\u4efb\u4f55\u4f4d\u7f6e\u5b8c\u6210
\u5934\u90e8\u91c7\u6837\u7684\u4e3b\u8981\u7f3a\u70b9\u662f\u65e0\u6cd5\u6839\u636e\u6574\u4e2a Trace \u4e2d\u7684\u6570\u636e\u505a\u51fa\u91c7\u6837\u51b3\u7b56\u3002\u8fd9\u610f\u5473\u7740\u5934\u90e8\u62bd\u6837\u4f5c\u4e3a\u4e00\u79cd\u949d\u5668\u662f\u6709\u6548\u7684\uff0c\u4f46\u5bf9\u4e8e\u5fc5\u987b\u8003\u8651\u6574\u4e2a\u7cfb\u7edf\u4fe1\u606f\u7684\u62bd\u6837\u7b56\u7565\u6765\u8bf4\uff0c\u8fd9\u662f\u5b8c\u5168\u4e0d\u591f\u7684\u3002\u4f8b\u5982\uff0c\u65e0\u6cd5\u4f7f\u7528\u5934\u90e8\u91c7\u6837\u6765\u786e\u4fdd\u5bf9\u6240\u6709\u5177\u6709\u8bef\u5dee\u7684\u8ff9\u7ebf\u8fdb\u884c\u91c7\u6837\u3002\u4e3a\u6b64\uff0c\u60a8\u9700\u8981\u5c3e\u90e8\u91c7\u6837\u3002
"},{"location":"admin/insight/best-practice/tail-based-sampling.html#tail-sampling","title":"\u5c3e\u90e8\u91c7\u6837\uff08Tail Sampling\uff09\u2014\u2014 \u63a8\u8350\u65b9\u6848","text":"\u5c3e\u90e8\u91c7\u6837\u662f\u901a\u8fc7\u8003\u8651 Trace \u5185\u7684\u5168\u90e8\u6216\u5927\u90e8\u5206 Span \u6765\u51b3\u5b9a\u5bf9 Trace \u8fdb\u884c\u91c7\u6837\u3002\u5c3e\u90e8\u91c7\u6837\u5141\u8bb8\u60a8\u6839\u636e\u4ece Trace \u7684\u4e0d\u540c\u90e8\u5206\u4f7f\u7528\u7684\u7279\u5b9a\u6761\u4ef6\u5bf9 Trace \u8fdb\u884c\u91c7\u6837\uff0c\u800c\u5934\u90e8\u91c7\u6837\u5219\u4e0d\u5177\u6709\u6b64\u9009\u9879\u3002
\u5982\u4f55\u4f7f\u7528\u5c3e\u90e8\u91c7\u6837\u7684\u4e00\u4e9b\u793a\u4f8b\u5305\u62ec\uff1a
\u6b63\u5982\u4f60\u6240\u770b\u5230\u7684\uff0c\u5c3e\u90e8\u91c7\u6837\u6709\u7740\u66f4\u9ad8\u7a0b\u5ea6\u7684\u590d\u6742\u5ea6\u3002\u5bf9\u4e8e\u5fc5\u987b\u5bf9\u9065\u6d4b\u6570\u636e\u8fdb\u884c\u91c7\u6837\u7684\u5927\u578b\u7cfb\u7edf\uff0c\u51e0\u4e4e\u603b\u662f\u9700\u8981\u4f7f\u7528\u5c3e\u90e8\u91c7\u6837\u6765\u5e73\u8861\u6570\u636e\u91cf\u548c\u6570\u636e\u7684\u6709\u7528\u6027\u3002
\u5982\u4eca\uff0c\u5c3e\u90e8\u91c7\u6837\u6709\u4e09\u4e2a\u4e3b\u8981\u7f3a\u70b9\uff1a
\u6700\u540e\uff0c\u5bf9\u4e8e\u67d0\u4e9b\u7cfb\u7edf\uff0c\u5c3e\u90e8\u91c7\u6837\u53ef\u4ee5\u4e0e\u5934\u90e8\u91c7\u6837\u7ed3\u5408\u4f7f\u7528\u3002\u4f8b\u5982\uff0c\u4e00\u7ec4\u751f\u6210\u5927\u91cf Trace \u6570\u636e\u7684\u670d\u52a1\u53ef\u80fd\u9996\u5148\u4f7f\u7528\u5934\u90e8\u91c7\u6837\u4ec5\u5bf9\u4e00\u5c0f\u90e8\u5206\u8ddf\u8e2a\u8fdb\u884c\u91c7\u6837\uff0c\u7136\u540e\u5728\u9065\u6d4b\u7ba1\u9053\u4e2d\u7a0d\u540e\u4f7f\u7528\u5c3e\u90e8\u91c7\u6837\u5728\u5bfc\u51fa\u5230\u540e\u7aef\u4e4b\u524d\u505a\u51fa\u66f4\u590d\u6742\u7684\u91c7\u6837\u51b3\u7b56\u3002\u8fd9\u6837\u505a\u901a\u5e38\u662f\u4e3a\u4e86\u4fdd\u62a4\u9065\u6d4b\u7ba1\u9053\u514d\u4e8e\u8fc7\u8f7d\u3002
AI \u7b97\u529b\u4e2d\u5fc3 Insight \u76ee\u524d\u63a8\u8350\u4f7f\u7528\u5c3e\u90e8\u91c7\u6837\u5e76\u4f18\u5148\u652f\u6301\u5c3e\u90e8\u91c7\u6837\u3002
\u5c3e\u90e8\u91c7\u6837\u5904\u7406\u5668\u6839\u636e\u4e00\u7ec4\u5b9a\u4e49\u7684\u7b56\u7565\u5bf9\u94fe\u8def\u8fdb\u884c\u91c7\u6837\u3002\u4f46\u662f\uff0c\u94fe\u8def\u7684\u6240\u6709\u8de8\u5ea6\uff08Span\uff09\u5fc5\u987b\u7531\u540c\u4e00\u6536\u96c6\u5668\u5b9e\u4f8b\u63a5\u6536\uff0c\u4ee5\u505a\u51fa\u6709\u6548\u7684\u91c7\u6837\u51b3\u7b56\u3002
\u56e0\u6b64\uff0c\u9700\u8981\u5bf9 Insight \u7684 Global Opentelemetry Collector \u67b6\u6784\u8fdb\u884c\u8c03\u6574\u4ee5\u5b9e\u73b0\u5c3e\u90e8\u91c7\u6837\u7b56\u7565\u3002
"},{"location":"admin/insight/best-practice/tail-based-sampling.html#insight","title":"Insight \u5177\u4f53\u6539\u52a8","text":"\u5728\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4e2d\u7684 insight-opentelemetry-collector
\u524d\u9762\u5f15\u5165\u5177\u6709\u8d1f\u8f7d\u5747\u8861\u80fd\u529b\u7684 Opentelemetry Collector Gateway \u7ec4\u4ef6\uff0c\u4f7f\u5f97\u540c\u4e00\u7ec4 Trace \u80fd\u591f\u6839\u636e TraceID \u8def\u7531\u5230\u540c\u4e00\u4e2a Opentelemetry Collector \u5b9e\u4f8b\u3002
\u90e8\u7f72\u5177\u6709\u8d1f\u8f7d\u5747\u8861\u80fd\u529b\u7684 OTEL COL Gateway \u7ec4\u4ef6
\u5982\u679c\u60a8\u4f7f\u7528\u4e86 Insight 0.25.x \u7248\u672c\uff0c\u53ef\u4ee5\u901a\u8fc7\u5982\u4e0b Helm Upgrade \u53c2\u6570 --set opentelemetry-collector-gateway.enabled=true
\u5feb\u901f\u5f00\u542f\uff0c\u4ee5\u6b64\u8df3\u8fc7\u5982\u4e0b\u90e8\u7f72\u8fc7\u7a0b\u3002
\u53c2\u7167\u4ee5\u4e0b YAML \u914d\u7f6e\u6765\u90e8\u7f72\u3002
\u70b9\u51fb\u67e5\u770b\u90e8\u7f72\u914d\u7f6ekind: ClusterRole\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n name: insight-otel-collector-gateway\nrules:\n- apiGroups: [\"\"]\n resources: [\"endpoints\"]\n verbs: [\"get\", \"watch\", \"list\"]\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: insight-otel-collector-gateway\n namespace: insight-system\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n name: insight-otel-collector-gateway\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: insight-otel-collector-gateway\nsubjects:\n- kind: ServiceAccount\n name: insight-otel-collector-gateway\n namespace: insight-system\n---\nkind: ConfigMap\nmetadata:\n labels:\n app.kubernetes.io/component: opentelemetry-collector\n app.kubernetes.io/instance: insight-otel-collector-gateway\n app.kubernetes.io/name: insight-otel-collector-gateway\n name: insight-otel-collector-gateway-collector\n namespace: insight-system\napiVersion: v1\ndata:\n collector.yaml: |\n receivers:\n otlp:\n protocols:\n grpc:\n http:\n jaeger:\n protocols:\n grpc:\n processors:\n\n extensions:\n health_check:\n pprof:\n endpoint: :1888\n zpages:\n endpoint: :55679\n exporters:\n logging:\n loadbalancing:\n routing_key: \"traceID\"\n protocol:\n otlp:\n # all options from the OTLP exporter are supported\n # except the endpoint\n timeout: 1s\n tls:\n insecure: true\n resolver:\n k8s:\n service: insight-opentelemetry-collector\n ports:\n - 4317\n service:\n extensions: [pprof, zpages, health_check]\n pipelines:\n traces:\n receivers: [otlp, jaeger]\n exporters: [loadbalancing]\n---\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n labels:\n app.kubernetes.io/component: opentelemetry-collector\n app.kubernetes.io/instance: insight-otel-collector-gateway\n app.kubernetes.io/name: insight-otel-collector-gateway\n name: insight-otel-collector-gateway\n namespace: insight-system\nspec:\n replicas: 2\n selector:\n matchLabels:\n app.kubernetes.io/component: opentelemetry-collector\n app.kubernetes.io/instance: insight-otel-collector-gateway\n app.kubernetes.io/name: insight-otel-collector-gateway\n template:\n metadata:\n labels:\n app.kubernetes.io/component: opentelemetry-collector\n app.kubernetes.io/instance: insight-otel-collector-gateway\n app.kubernetes.io/name: insight-otel-collector-gateway\n spec:\n containers:\n - args:\n - --config=/conf/collector.yaml\n env:\n - name: POD_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.name\n image: ghcr.m.daocloud.io/openinsight-proj/opentelemetry-collector-contrib:5baef686672cfe5551e03b5c19d3072c432b6f33\n imagePullPolicy: IfNotPresent\n livenessProbe:\n failureThreshold: 3\n httpGet:\n path: /\n port: 13133\n scheme: HTTP\n periodSeconds: 10\n successThreshold: 1\n timeoutSeconds: 1\n name: otc-container\n resources:\n limits:\n cpu: '1'\n memory: 2Gi\n requests:\n cpu: 100m\n memory: 400Mi\n ports:\n - containerPort: 14250\n name: jaeger-grpc\n protocol: TCP\n - containerPort: 8888\n name: metrics\n protocol: TCP\n - containerPort: 4317\n name: otlp-grpc\n protocol: TCP\n - containerPort: 4318\n name: otlp-http\n protocol: TCP\n - containerPort: 55679\n name: zpages\n protocol: TCP\n\n volumeMounts:\n - mountPath: /conf\n name: otc-internal\n\n serviceAccount: insight-otel-collector-gateway\n serviceAccountName: insight-otel-collector-gateway\n volumes:\n - configMap:\n defaultMode: 420\n items:\n - key: collector.yaml\n path: collector.yaml\n name: insight-otel-collector-gateway-collector\n name: otc-internal\n---\nkind: Service\napiVersion: v1\nmetadata:\n name: insight-opentelemetry-collector-gateway\n namespace: insight-system\n labels:\n app.kubernetes.io/component: opentelemetry-collector\n app.kubernetes.io/instance: insight-otel-collector-gateway\n app.kubernetes.io/name: insight-otel-collector-gateway\nspec:\n ports:\n - name: fluentforward\n protocol: TCP\n port: 8006\n targetPort: 8006\n - name: jaeger-compact\n protocol: UDP\n port: 6831\n targetPort: 6831\n - name: jaeger-grpc\n protocol: TCP\n port: 14250\n targetPort: 14250\n - name: jaeger-thrift\n protocol: TCP\n port: 14268\n targetPort: 14268\n - name: metrics\n protocol: TCP\n port: 8888\n targetPort: 8888\n - name: otlp\n protocol: TCP\n appProtocol: grpc\n port: 4317\n targetPort: 4317\n - name: otlp-http\n protocol: TCP\n port: 4318\n targetPort: 4318\n - name: zipkin\n protocol: TCP\n port: 9411\n targetPort: 9411\n - name: zpages\n protocol: TCP\n port: 55679\n targetPort: 55679\n selector:\n app.kubernetes.io/component: opentelemetry-collector\n app.kubernetes.io/instance: insight-otel-collector-gateway\n app.kubernetes.io/name: insight-otel-collector-gateway\n
\u914d\u7f6e\u5c3e\u90e8\u91c7\u6837\u89c4\u5219
Note
\u9700\u8981\u5728\u539f\u672c insight-otel-collector-config configmap \u914d\u7f6e\u7ec4\u4e2d\u589e\u52a0\u5c3e\u90e8\u91c7\u6837\uff08tail_sampling processors\uff09\u7684\u89c4\u5219\u3002
\u5728 processor
\u4e2d\u589e\u52a0\u5982\u4e0b\u5185\u5bb9\uff0c\u5177\u4f53\u89c4\u5219\u53ef\u8c03\u6574\uff1b\u53c2\u8003 OTel \u5b98\u65b9\u793a\u4f8b\u3002
........\ntail_sampling:\n decision_wait: 10s # \u7b49\u5f85 10 \u79d2\uff0c\u8d85\u8fc7 10 \u79d2\u540e\u7684 traceid \u5c06\u4e0d\u518d\u5904\u7406\n num_traces: 1500000 # \u5185\u5b58\u4e2d\u4fdd\u5b58\u7684 trace \u6570\uff0c\u5047\u8bbe\u6bcf\u79d2 1000 \u6761 trace\uff0c\u6700\u5c0f\u4e0d\u4f4e\u4e8e 1000 * decision_wait * 2\uff1b\n # \u8bbe\u7f6e\u8fc7\u5927\u4f1a\u5360\u7528\u8fc7\u591a\u7684\u5185\u5b58\u8d44\u6e90\uff0c\u8fc7\u5c0f\u4f1a\u5bfc\u81f4\u90e8\u5206 trace \u88ab drop \u6389\n expected_new_traces_per_sec: 10\n policies: # \u4e0a\u62a5\u7b56\u7565\n [\n {\n name: latency-policy,\n type: latency, # \u8017\u65f6\u8d85\u8fc7 500ms \u4e0a\u62a5\n latency: {threshold_ms: 500}\n },\n {\n name: status_code-policy,\n type: status_code, # \u72b6\u6001\u7801\u4e3a ERROR \u7684\u4e0a\u62a5\n status_code: {status_codes: [ ERROR ]}\n }\n ]\n......\ntail_sampling: # \u7ec4\u5408\u91c7\u6837\n decision_wait: 10s # \u7b49\u5f85 10 \u79d2\uff0c\u8d85\u8fc7 10 \u79d2\u540e\u7684 traceid \u5c06\u4e0d\u518d\u5904\u7406\n num_traces: 1500000 # \u5185\u5b58\u4e2d\u4fdd\u5b58\u7684 trace \u6570\uff0c\u5047\u8bbe\u6bcf\u79d2 1000 \u6761 trace\uff0c\u6700\u5c0f\u4e0d\u4f4e\u4e8e 1000 * decision_wait * 2\uff1b\n # \u8bbe\u7f6e\u8fc7\u5927\u4f1a\u5360\u7528\u8fc7\u591a\u7684\u5185\u5b58\u8d44\u6e90\uff0c\u8fc7\u5c0f\u4f1a\u5bfc\u81f4\u90e8\u5206 trace \u88ab drop \u6389\n expected_new_traces_per_sec: 10\n policies: [\n {\n name: debug-worker-cluster-sample-policy,\n type: and,\n and:\n {\n and_sub_policy:\n [\n {\n name: service-name-policy,\n type: string_attribute,\n string_attribute:\n { key: k8s.cluster.id, values: [xxxxxxx] },\n },\n {\n name: trace-status-policy,\n type: status_code,\n status_code: { status_codes: [ERROR] },\n },\n {\n name: probabilistic-policy,\n type: probabilistic,\n probabilistic: { sampling_percentage: 1 },\n }\n ]\n }\n }\n ]\n
\u5728 insight-otel-collector-config
configmap \u4e2d\u7684 otel col pipeline \u4e2d\u6fc0\u6d3b\u8be5 processor
\uff1a
traces:\n exporters:\n - servicegraph\n - otlp/jaeger\n processors:\n - memory_limiter\n - tail_sampling # \ud83d\udc48\n - batch\n receivers:\n - otlp\n
\u91cd\u542f insight-opentelemetry-collector
\u7ec4\u4ef6\u3002
\u90e8\u7f72\u6216\u66f4\u65b0 Insight-agent\uff0c\u5c06\u94fe\u8def\u6570\u636e\u7684\u4e0a\u62a5\u5730\u5740\u4fee\u6539\u4e3a opentelemetry-collector-gateway
LB \u7684 4317
\u7aef\u53e3\u5730\u5740\u3002
....\n exporters:\n otlp/global:\n endpoint: insight-opentelemetry-collector-gateway.insight-system.svc.cluster.local:4317 # \ud83d\udc48 \u4fee\u6539\u4e3a gateway/lb \u5730\u5740\n
\u5728 AI \u7b97\u529b\u5e73\u53f0\u4e2d\u53ef\u89c2\u6d4b\u6027 Insight \u4f5c\u4e3a\u591a\u96c6\u7fa4\u89c2\u6d4b\u4ea7\u54c1\uff0c\u4e3a\u4e86\u5b9e\u73b0\u591a\u96c6\u7fa4\u89c2\u6d4b\u6570\u636e\u7684\u7edf\u4e00\u91c7\u96c6\uff0c\u9700\u8981\u7528\u6237\u5b89\u88c5 Helm \u5e94\u7528 insight-agent \uff08\u9ed8\u8ba4\u5b89\u88c5\u5728 insight-system \u547d\u540d\u7a7a\u95f4\uff09\u3002\u53c2\u9605\u5982\u4f55\u5b89\u88c5 insight-agent \u3002
"},{"location":"admin/insight/collection-manag/agent-status.html#_1","title":"\u72b6\u6001\u8bf4\u660e","text":"\u5728 \u53ef\u89c2\u6d4b\u6027 -> \u91c7\u96c6\u7ba1\u7406 \u90e8\u5206\u53ef\u67e5\u770b\u5404\u96c6\u7fa4\u5b89\u88c5 insight-agent \u7684\u60c5\u51b5\u3002
\u53ef\u901a\u8fc7\u4ee5\u4e0b\u65b9\u5f0f\u6392\u67e5\uff1a
\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\uff0c\u82e5\u72b6\u6001\u4e3a deployed \uff0c\u5219\u6267\u884c\u4e0b\u4e00\u6b65\u3002\u82e5\u4e3a failed \uff0c\u7531\u4e8e\u4f1a\u5f71\u54cd\u5e94\u7528\u7684\u5347\u7ea7\uff0c\u5efa\u8bae\u5728 \u5bb9\u5668\u7ba1\u7406 -> helm \u5e94\u7528 \u5378\u8f7d\u540e\u91cd\u65b0\u5b89\u88c5 :
helm list -n insight-system\n
\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u6216\u5728 \u53ef\u89c2\u6d4b\u6027 -> \u91c7\u96c6\u7ba1\u7406 \u4e2d\u67e5\u770b\u8be5\u96c6\u7fa4\u90e8\u7f72\u7684\u7ec4\u4ef6\u7684\u72b6\u6001\uff0c\u82e5\u5b58\u5728\u975e \u8fd0\u884c\u4e2d \u72b6\u6001\u7684\u5bb9\u5668\u7ec4\uff0c\u8bf7\u91cd\u542f\u5f02\u5e38\u7684\u5bb9\u5668\u7ec4\u3002
kubectl get pods -n insight-system\n
insight-agent \u4e2d\u6307\u6807\u91c7\u96c6\u7ec4\u4ef6 Prometheus \u7684\u8d44\u6e90\u6d88\u8017\u4e0e\u96c6\u7fa4\u4e2d\u8fd0\u884c\u7684\u5bb9\u5668\u7ec4\u6570\u91cf\u5b58\u5728\u6b63\u6bd4\u5173\u7cfb\uff0c \u8bf7\u6839\u636e\u96c6\u7fa4\u89c4\u6a21\u8c03\u6574 Prometheus \u7684\u8d44\u6e90\uff0c\u8bf7\u53c2\u8003\uff1aPrometheus \u8d44\u6e90\u89c4\u5212
\u7531\u4e8e\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4e2d\u6307\u6807\u5b58\u50a8\u7ec4\u4ef6 vmstorage \u7684\u5b58\u50a8\u5bb9\u91cf\u4e0e\u5404\u4e2a\u96c6\u7fa4\u5bb9\u5668\u7ec4\u6570\u91cf\u603b\u548c\u5b58\u5728\u6b63\u6bd4\u5173\u7cfb\u3002
\u91c7\u96c6\u7ba1\u7406 \u4e3b\u8981\u662f\u96c6\u4e2d\u7ba1\u7406\u3001\u5c55\u793a\u96c6\u7fa4\u5b89\u88c5\u91c7\u96c6\u63d2\u4ef6 insight-agent \u7684\u5165\u53e3\uff0c\u5e2e\u52a9\u7528\u6237\u5feb\u901f\u7684\u67e5\u770b\u96c6\u7fa4\u91c7\u96c6\u63d2\u4ef6\u7684\u5065\u5eb7\u72b6\u6001\uff0c\u5e76\u63d0\u4f9b\u4e86\u5feb\u6377\u5165\u53e3\u914d\u7f6e\u91c7\u96c6\u89c4\u5219\u3002
\u5177\u4f53\u64cd\u4f5c\u6b65\u9aa4\u5982\u4e0b\uff1a
\u70b9\u51fb\u5de6\u4e0a\u89d2\u7684\uff0c\u9009\u62e9 \u53ef\u89c2\u6d4b\u6027 \u3002
\u9009\u62e9\u5de6\u4fa7\u5bfc\u822a\u680f\u7684 \u91c7\u96c6\u7ba1\u7406 \uff0c\u67e5\u770b\u5168\u90e8\u96c6\u7fa4\u91c7\u96c6\u63d2\u4ef6\u7684\u72b6\u6001\u3002
\u96c6\u7fa4\u63a5\u5165 insight-agent \u4e14\u5904\u4e8e\u8fd0\u884c\u4e2d\u72b6\u6001\u65f6\uff0c\u70b9\u51fb\u67d0\u4e2a\u96c6\u7fa4\u540d\u79f0\u8fdb\u5165\u8be6\u60c5\u3002
\u5728 \u670d\u52a1\u76d1\u63a7 \u9875\u7b7e\u4e2d\uff0c\u70b9\u51fb\u5feb\u6377\u94fe\u63a5\u8df3\u8f6c\u5230 \u5bb9\u5668\u7ba1\u7406 -> \u81ea\u5b9a\u4e49\u8d44\u6e90 \u6dfb\u52a0\u670d\u52a1\u53d1\u73b0\u89c4\u5219\u3002
Prometheus \u4e3b\u8981\u901a\u8fc7 Pull \u7684\u65b9\u5f0f\u6765\u6293\u53d6\u76ee\u6807\u670d\u52a1\u66b4\u9732\u51fa\u6765\u7684\u76d1\u63a7\u63a5\u53e3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6e\u5bf9\u5e94\u7684\u6293\u53d6\u4efb\u52a1\u6765\u8bf7\u6c42\u76d1\u63a7\u6570\u636e\u5e76\u5199\u5165\u5230 Prometheus \u63d0\u4f9b\u7684\u5b58\u50a8\u4e2d\uff0c\u76ee\u524d Prometheus \u670d\u52a1\u63d0\u4f9b\u4e86\u5982\u4e0b\u51e0\u4e2a\u4efb\u52a1\u7684\u914d\u7f6e\uff1a
Note
[ ]
\u4e2d\u7684\u914d\u7f6e\u9879\u4e3a\u53ef\u9009\u3002
\u76f8\u5e94\u914d\u7f6e\u9879\u8bf4\u660e\u5982\u4e0b\uff1a
# \u6293\u53d6\u4efb\u52a1\u540d\u79f0\uff0c\u540c\u65f6\u4f1a\u5728\u5bf9\u5e94\u6293\u53d6\u7684\u6307\u6807\u4e2d\u52a0\u4e86\u4e00\u4e2a label(job=job_name)\njob_name: <job_name>\n\n# \u6293\u53d6\u4efb\u52a1\u65f6\u95f4\u95f4\u9694\n[ scrape_interval: <duration> | default = <global_config.scrape_interval> ]\n\n# \u6293\u53d6\u8bf7\u6c42\u8d85\u65f6\u65f6\u95f4\n[ scrape_timeout: <duration> | default = <global_config.scrape_timeout> ]\n\n# \u6293\u53d6\u4efb\u52a1\u8bf7\u6c42 URI \u8def\u5f84\n[ metrics_path: <path> | default = /metrics ]\n\n# \u89e3\u51b3\u5f53\u6293\u53d6\u7684 label \u4e0e\u540e\u7aef Prometheus \u6dfb\u52a0 label \u51b2\u7a81\u65f6\u7684\u5904\u7406\u3002\n# true: \u4fdd\u7559\u6293\u53d6\u5230\u7684 label\uff0c\u5ffd\u7565\u4e0e\u540e\u7aef Prometheus \u51b2\u7a81\u7684 label\uff1b\n# false: \u5bf9\u51b2\u7a81\u7684 label\uff0c\u628a\u6293\u53d6\u7684 label \u524d\u52a0\u4e0a exported_<original-label>\uff0c\u6dfb\u52a0\u540e\u7aef Prometheus \u589e\u52a0\u7684 label\uff1b\n[ honor_labels: <boolean> | default = false ]\n\n# \u662f\u5426\u4f7f\u7528\u6293\u53d6\u5230 target \u4e0a\u4ea7\u751f\u7684\u65f6\u95f4\u3002\n# true: \u5982\u679c target \u4e2d\u6709\u65f6\u95f4\uff0c\u4f7f\u7528 target \u4e0a\u7684\u65f6\u95f4\uff1b\n# false: \u76f4\u63a5\u5ffd\u7565 target \u4e0a\u7684\u65f6\u95f4\uff1b\n[ honor_timestamps: <boolean> | default = true ]\n\n# \u6293\u53d6\u534f\u8bae: http \u6216\u8005 https\n[ scheme: <scheme> | default = http ]\n\n# \u6293\u53d6\u8bf7\u6c42\u5bf9\u5e94 URL \u53c2\u6570\nparams:\n [ <string>: [<string>, ...] ]\n\n# \u901a\u8fc7 basic auth \u8bbe\u7f6e\u6293\u53d6\u8bf7\u6c42\u5934\u4e2d `Authorization` \u7684\u503c\uff0cpassword/password_file \u4e92\u65a5\uff0c\u4f18\u5148\u53d6 password_file \u91cc\u9762\u7684\u503c\u3002\nbasic_auth:\n [ username: <string> ]\n [ password: <secret> ]\n [ password_file: <string> ]\n\n# \u901a\u8fc7 bearer token \u8bbe\u7f6e\u6293\u53d6\u8bf7\u6c42\u5934\u4e2d `Authorization` bearer_token/bearer_token_file \u4e92\u65a5\uff0c\u4f18\u5148\u53d6 bearer_token \u91cc\u9762\u7684\u503c\u3002\n[ bearer_token: <secret> ]\n\n# \u901a\u8fc7 bearer token \u8bbe\u7f6e\u6293\u53d6\u8bf7\u6c42\u5934\u4e2d `Authorization` bearer_token/bearer_token_file \u4e92\u65a5\uff0c\u4f18\u5148\u53d6 bearer_token \u91cc\u9762\u7684\u503c\u3002\n[ bearer_token_file: <filename> ]\n\n# \u6293\u53d6\u8fde\u63a5\u662f\u5426\u901a\u8fc7 TLS \u5b89\u5168\u901a\u9053\uff0c\u914d\u7f6e\u5bf9\u5e94\u7684 TLS \u53c2\u6570\ntls_config:\n [ <tls_config> ]\n\n# \u901a\u8fc7\u4ee3\u7406\u670d\u52a1\u6765\u6293\u53d6 target \u4e0a\u7684\u6307\u6807\uff0c\u586b\u5199\u5bf9\u5e94\u7684\u4ee3\u7406\u670d\u52a1\u5730\u5740\u3002\n[ proxy_url: <string> ]\n\n# \u901a\u8fc7\u9759\u6001\u914d\u7f6e\u6765\u6307\u5b9a target\uff0c\u8be6\u89c1\u4e0b\u9762\u7684\u8bf4\u660e\u3002\nstatic_configs:\n [ - <static_config> ... ]\n\n# CVM \u670d\u52a1\u53d1\u73b0\u914d\u7f6e\uff0c\u8be6\u89c1\u4e0b\u9762\u7684\u8bf4\u660e\u3002\ncvm_sd_configs:\n [ - <cvm_sd_config> ... ]\n\n# \u5728\u6293\u53d6\u6570\u636e\u4e4b\u540e\uff0c\u628a target \u4e0a\u5bf9\u5e94\u7684 label \u901a\u8fc7 relabel \u7684\u673a\u5236\u8fdb\u884c\u6539\u5199\uff0c\u6309\u987a\u5e8f\u6267\u884c\u591a\u4e2a relabel \u89c4\u5219\u3002\n# relabel_config \u8be6\u89c1\u4e0b\u6587\u8bf4\u660e\u3002\nrelabel_configs:\n [ - <relabel_config> ... ]\n\n# \u6570\u636e\u6293\u53d6\u5b8c\u6210\u5199\u5165\u4e4b\u524d\uff0c\u901a\u8fc7 relabel \u673a\u5236\u8fdb\u884c\u6539\u5199 label \u5bf9\u5e94\u7684\u503c\uff0c\u6309\u987a\u5e8f\u6267\u884c\u591a\u4e2a relabel \u89c4\u5219\u3002\n# relabel_config \u8be6\u89c1\u4e0b\u6587\u8bf4\u660e\u3002\nmetric_relabel_configs:\n [ - <relabel_config> ... ]\n\n# \u4e00\u6b21\u6293\u53d6\u6570\u636e\u70b9\u9650\u5236\uff0c0\uff1a\u4e0d\u4f5c\u9650\u5236\uff0c\u9ed8\u8ba4\u4e3a 0\n[ sample_limit: <int> | default = 0 ]\n\n# \u4e00\u6b21\u6293\u53d6 Target \u9650\u5236\uff0c0\uff1a\u4e0d\u4f5c\u9650\u5236\uff0c\u9ed8\u8ba4\u4e3a 0\n[ target_limit: <int> | default = 0 ]\n
"},{"location":"admin/insight/collection-manag/metric-collect.html#pod-monitor","title":"Pod Monitor","text":"\u76f8\u5e94\u914d\u7f6e\u9879\u8bf4\u660e\u5982\u4e0b\uff1a
# Prometheus Operator CRD \u7248\u672c\napiVersion: monitoring.coreos.com/v1\n# \u5bf9\u5e94 K8S \u7684\u8d44\u6e90\u7c7b\u578b\uff0c\u8fd9\u91cc\u9762 Pod Monitor\nkind: PodMonitor\n# \u5bf9\u5e94 K8S \u7684 Metadata\uff0c\u8fd9\u91cc\u53ea\u7528\u5173\u5fc3 name\uff0c\u5982\u679c\u6ca1\u6709\u6307\u5b9a jobLabel\uff0c\u5bf9\u5e94\u6293\u53d6\u6307\u6807 label \u4e2d job \u7684\u503c\u4e3a <namespace>/<name>\nmetadata:\n name: redis-exporter # \u586b\u5199\u4e00\u4e2a\u552f\u4e00\u540d\u79f0\n namespace: cm-prometheus # namespace \u56fa\u5b9a\uff0c\u4e0d\u9700\u8981\u4fee\u6539\n# \u63cf\u8ff0\u6293\u53d6\u76ee\u6807 Pod \u7684\u9009\u53d6\u53ca\u6293\u53d6\u4efb\u52a1\u7684\u914d\u7f6e\n label:\n operator.insight.io/managed-by: insight # Insight \u7ba1\u7406\u7684\u6807\u7b7e\u6807\u8bc6\nspec:\n # \u586b\u5199\u5bf9\u5e94 Pod \u7684 label\uff0cpod monitor \u4f1a\u53d6\u5bf9\u5e94\u7684\u503c\u4f5c\u4e3a job label \u7684\u503c\u3002\n # \u5982\u679c\u67e5\u770b\u7684\u662f Pod Yaml\uff0c\u53d6 pod.metadata.labels \u4e2d\u7684\u503c\u3002\n # \u5982\u679c\u67e5\u770b\u7684\u662f Deployment/Daemonset/Statefulset\uff0c\u53d6 spec.template.metadata.labels\u3002\n [ jobLabel: string ]\n # \u628a\u5bf9\u5e94 Pod \u4e0a\u7684 Label \u6dfb\u52a0\u5230 Target \u7684 Label \u4e2d\n [ podTargetLabels: []string ]\n # \u4e00\u6b21\u6293\u53d6\u6570\u636e\u70b9\u9650\u5236\uff0c0\uff1a\u4e0d\u4f5c\u9650\u5236\uff0c\u9ed8\u8ba4\u4e3a 0\n [ sampleLimit: uint64 ]\n # \u4e00\u6b21\u6293\u53d6 Target \u9650\u5236\uff0c0\uff1a\u4e0d\u4f5c\u9650\u5236\uff0c\u9ed8\u8ba4\u4e3a 0\n [ targetLimit: uint64 ]\n # \u914d\u7f6e\u9700\u8981\u6293\u53d6\u66b4\u9732\u7684 Prometheus HTTP \u63a5\u53e3\uff0c\u53ef\u4ee5\u914d\u7f6e\u591a\u4e2a Endpoint\n podMetricsEndpoints:\n [ - <endpoint_config> ... ] # \u8be6\u89c1\u4e0b\u9762 endpoint \u8bf4\u660e\n # \u9009\u62e9\u8981\u76d1\u63a7 Pod \u6240\u5728\u7684 namespace\uff0c\u4e0d\u586b\u4e3a\u9009\u53d6\u6240\u6709 namespace\n [ namespaceSelector: ]\n # \u662f\u5426\u9009\u53d6\u6240\u6709 namespace\n [ any: bool ]\n # \u9700\u8981\u9009\u53d6 namespace \u5217\u8868\n [ matchNames: []string ]\n # \u586b\u5199\u8981\u76d1\u63a7 Pod \u7684 Label \u503c\uff0c\u4ee5\u5b9a\u4f4d\u76ee\u6807 Pod [K8S metav1.LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#labelselector-v1-meta)\n selector:\n [ matchExpressions: array ]\n [ example: - {key: tier, operator: In, values: [cache]} ]\n [ matchLabels: object ]\n [ example: k8s-app: redis-exporter ]\n
"},{"location":"admin/insight/collection-manag/metric-collect.html#1","title":"\u4e3e\u4f8b 1","text":"apiVersion: monitoring.coreos.com/v1\nkind: PodMonitor\nmetadata:\n name: redis-exporter # \u586b\u5199\u4e00\u4e2a\u552f\u4e00\u540d\u79f0\n namespace: cm-prometheus # namespace \u56fa\u5b9a\uff0c\u4e0d\u8981\u4fee\u6539\n label:\n operator.insight.io/managed-by: insight # Insight \u7ba1\u7406\u7684\u6807\u7b7e\u6807\u8bc6\uff0c\u5fc5\u586b\u3002\nspec:\n podMetricsEndpoints:\n - interval: 30s\n port: metric-port # \u586b\u5199 pod yaml \u4e2d Prometheus Exporter \u5bf9\u5e94\u7684 Port \u7684 Name\n path: /metrics # \u586b\u5199 Prometheus Exporter \u5bf9\u5e94\u7684 Path \u7684\u503c\uff0c\u4e0d\u586b\u9ed8\u8ba4 /metrics\n relabelings:\n - action: replace\n sourceLabels:\n - instance\n regex: (.*)\n targetLabel: instance\n replacement: \"crs-xxxxxx\" # \u8c03\u6574\u6210\u5bf9\u5e94\u7684 Redis \u5b9e\u4f8b ID\n - action: replace\n sourceLabels:\n - instance\n regex: (.*)\n targetLabel: ip\n replacement: \"1.x.x.x\" # \u8c03\u6574\u6210\u5bf9\u5e94\u7684 Redis \u5b9e\u4f8b IP\n namespaceSelector: # \u9009\u62e9\u8981\u76d1\u63a7 Pod \u6240\u5728\u7684 namespace\n matchNames:\n - redis-test\n selector: # \u586b\u5199\u8981\u76d1\u63a7 Pod \u7684 Label \u503c\uff0c\u4ee5\u5b9a\u4f4d\u76ee\u6807 pod\n matchLabels:\n k8s-app: redis-exporter\n
"},{"location":"admin/insight/collection-manag/metric-collect.html#2","title":"\u4e3e\u4f8b 2","text":"job_name: prometheus\nscrape_interval: 30s\nstatic_configs:\n- targets:\n - 127.0.0.1:9090\n
"},{"location":"admin/insight/collection-manag/metric-collect.html#service-monitor","title":"Service Monitor","text":"\u76f8\u5e94\u914d\u7f6e\u9879\u8bf4\u660e\u5982\u4e0b\uff1a
# Prometheus Operator CRD \u7248\u672c\napiVersion: monitoring.coreos.com/v1\n# \u5bf9\u5e94 K8S \u7684\u8d44\u6e90\u7c7b\u578b\uff0c\u8fd9\u91cc\u9762 Service Monitor\nkind: ServiceMonitor\n# \u5bf9\u5e94 K8S \u7684 Metadata\uff0c\u8fd9\u91cc\u53ea\u7528\u5173\u5fc3 name\uff0c\u5982\u679c\u6ca1\u6709\u6307\u5b9a jobLabel\uff0c\u5bf9\u5e94\u6293\u53d6\u6307\u6807 label \u4e2d job \u7684\u503c\u4e3a Service \u7684\u540d\u79f0\u3002\nmetadata:\n name: redis-exporter # \u586b\u5199\u4e00\u4e2a\u552f\u4e00\u540d\u79f0\n namespace: cm-prometheus # namespace \u56fa\u5b9a\uff0c\u4e0d\u9700\u8981\u4fee\u6539\n# \u63cf\u8ff0\u6293\u53d6\u76ee\u6807 Pod \u7684\u9009\u53d6\u53ca\u6293\u53d6\u4efb\u52a1\u7684\u914d\u7f6e\n label:\n operator.insight.io/managed-by: insight # Insight \u7ba1\u7406\u7684\u6807\u7b7e\u6807\u8bc6\uff0c\u5fc5\u586b\u3002\nspec:\n # \u586b\u5199\u5bf9\u5e94 Pod \u7684 label(metadata/labels)\uff0cservice monitor \u4f1a\u53d6\u5bf9\u5e94\u7684\u503c\u4f5c\u4e3a job label \u7684\u503c\n [ jobLabel: string ]\n # \u628a\u5bf9\u5e94 service \u4e0a\u7684 Label \u6dfb\u52a0\u5230 Target \u7684 Label \u4e2d\n [ targetLabels: []string ]\n # \u628a\u5bf9\u5e94 Pod \u4e0a\u7684 Label \u6dfb\u52a0\u5230 Target \u7684 Label \u4e2d\n [ podTargetLabels: []string ]\n # \u4e00\u6b21\u6293\u53d6\u6570\u636e\u70b9\u9650\u5236\uff0c0\uff1a\u4e0d\u4f5c\u9650\u5236\uff0c\u9ed8\u8ba4\u4e3a 0\n [ sampleLimit: uint64 ]\n # \u4e00\u6b21\u6293\u53d6 Target \u9650\u5236\uff0c0\uff1a\u4e0d\u4f5c\u9650\u5236\uff0c\u9ed8\u8ba4\u4e3a 0\n [ targetLimit: uint64 ]\n # \u914d\u7f6e\u9700\u8981\u6293\u53d6\u66b4\u9732\u7684 Prometheus HTTP \u63a5\u53e3\uff0c\u53ef\u4ee5\u914d\u7f6e\u591a\u4e2a Endpoint\n endpoints:\n [ - <endpoint_config> ... ] # \u8be6\u89c1\u4e0b\u9762 endpoint \u8bf4\u660e\n # \u9009\u62e9\u8981\u76d1\u63a7 Pod \u6240\u5728\u7684 namespace\uff0c\u4e0d\u586b\u4e3a\u9009\u53d6\u6240\u6709 namespace\n [ namespaceSelector: ]\n # \u662f\u5426\u9009\u53d6\u6240\u6709 namespace\n [ any: bool ]\n # \u9700\u8981\u9009\u53d6 namespace \u5217\u8868\n [ matchNames: []string ]\n # \u586b\u5199\u8981\u76d1\u63a7 Pod \u7684 Label \u503c\uff0c\u4ee5\u5b9a\u4f4d\u76ee\u6807 Pod [K8S metav1.LabelSelector](https://v1-17.docs.kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#labelselector-v1-meta)\n selector:\n [ matchExpressions: array ]\n [ example: - {key: tier, operator: In, values: [cache]} ]\n [ matchLabels: object ]\n [ example: k8s-app: redis-exporter ]\n
"},{"location":"admin/insight/collection-manag/metric-collect.html#_2","title":"\u4e3e\u4f8b","text":"apiVersion: monitoring.coreos.com/v1\nkind: ServiceMonitor\nmetadata:\n name: go-demo # \u586b\u5199\u4e00\u4e2a\u552f\u4e00\u540d\u79f0\n namespace: cm-prometheus # namespace \u56fa\u5b9a\uff0c\u4e0d\u8981\u4fee\u6539\n label:\n operator.insight.io/managed-by: insight # Insight \u7ba1\u7406\u7684\u6807\u7b7e\u6807\u8bc6\uff0c\u5fc5\u586b\u3002\nspec:\n endpoints:\n - interval: 30s\n # \u586b\u5199 service yaml \u4e2d Prometheus Exporter \u5bf9\u5e94\u7684 Port \u7684 Name\n port: 8080-8080-tcp\n # \u586b\u5199 Prometheus Exporter \u5bf9\u5e94\u7684 Path \u7684\u503c\uff0c\u4e0d\u586b\u9ed8\u8ba4 /metrics\n path: /metrics\n relabelings:\n # ** \u5fc5\u987b\u8981\u6709\u4e00\u4e2a label \u4e3a application\uff0c\u8fd9\u91cc\u5047\u8bbe k8s \u6709\u4e00\u4e2a label \u4e3a app\uff0c\n # \u6211\u4eec\u901a\u8fc7 relabel \u7684 replace \u52a8\u4f5c\u628a\u5b83\u66ff\u6362\u6210\u4e86 application\n - action: replace\n sourceLabels: [__meta_kubernetes_pod_label_app]\n targetLabel: application\n # \u9009\u62e9\u8981\u76d1\u63a7 service \u6240\u5728\u7684 namespace\n namespaceSelector:\n matchNames:\n - golang-demo\n # \u586b\u5199\u8981\u76d1\u63a7 service \u7684 Label \u503c\uff0c\u4ee5\u5b9a\u4f4d\u76ee\u6807 service\n selector:\n matchLabels:\n app: golang-app-demo\n
"},{"location":"admin/insight/collection-manag/metric-collect.html#endpoint_config","title":"endpoint_config","text":"\u76f8\u5e94\u914d\u7f6e\u9879\u8bf4\u660e\u5982\u4e0b\uff1a
# \u5bf9\u5e94 port \u7684\u540d\u79f0\uff0c\u8fd9\u91cc\u9700\u8981\u6ce8\u610f\u4e0d\u662f\u5bf9\u5e94\u7684\u7aef\u53e3\uff0c\u9ed8\u8ba4\uff1a80\uff0c\u5bf9\u5e94\u7684\u53d6\u503c\u5982\u4e0b\uff1a\n# ServiceMonitor: \u5bf9\u5e94 Service>spec/ports/name;\n# PodMonitor: \u8bf4\u660e\u5982\u4e0b\uff1a\n# \u5982\u679c\u67e5\u770b\u7684\u662f Pod Yaml\uff0c\u53d6 pod.spec.containers.ports.name \u4e2d\u7684\u503c\u3002\n# \u5982\u679c\u67e5\u770b\u7684\u662f Deployment/Daemonset/Statefulset\uff0c\u53d6\u503c spec.template.spec.containers.ports.name\n[ port: string | default = 80]\n# \u6293\u53d6\u4efb\u52a1\u8bf7\u6c42 URI \u8def\u5f84\n[ path: string | default = /metrics ]\n# \u6293\u53d6\u534f\u8bae: http \u6216\u8005 https\n[ scheme: string | default = http]\n# \u6293\u53d6\u8bf7\u6c42\u5bf9\u5e94 URL \u53c2\u6570\n[ params: map[string][]string]\n# \u6293\u53d6\u4efb\u52a1\u95f4\u9694\u7684\u65f6\u95f4\n[ interval: string | default = 30s ]\n# \u6293\u53d6\u4efb\u52a1\u8d85\u65f6\n[ scrapeTimeout: string | default = 30s]\n# \u6293\u53d6\u8fde\u63a5\u662f\u5426\u901a\u8fc7 TLS \u5b89\u5168\u901a\u9053\uff0c\u914d\u7f6e\u5bf9\u5e94\u7684 TLS \u53c2\u6570\n[ tlsConfig: TLSConfig ]\n# \u901a\u8fc7\u5bf9\u5e94\u7684\u6587\u4ef6\u8bfb\u53d6 bearer token \u5bf9\u5e94\u7684\u503c\uff0c\u653e\u5230\u6293\u53d6\u4efb\u52a1\u7684 header \u4e2d\n[ bearerTokenFile: string ]\n# \u901a\u8fc7\u5bf9\u5e94\u7684 K8S secret key \u8bfb\u53d6\u5bf9\u5e94\u7684 bearer token\uff0c\u6ce8\u610f secret namespace \u9700\u8981\u548c PodMonitor/ServiceMonitor \u76f8\u540c\n[ bearerTokenSecret: string ]\n# \u89e3\u51b3\u5f53\u6293\u53d6\u7684 label \u4e0e\u540e\u7aef Prometheus \u6dfb\u52a0 label \u51b2\u7a81\u65f6\u7684\u5904\u7406\u3002\n# true: \u4fdd\u7559\u6293\u53d6\u5230\u7684 label\uff0c\u5ffd\u7565\u4e0e\u540e\u7aef Prometheus \u51b2\u7a81\u7684 label\uff1b\n# false: \u5bf9\u51b2\u7a81\u7684 label\uff0c\u628a\u6293\u53d6\u7684 label \u524d\u52a0\u4e0a exported_<original-label>\uff0c\u6dfb\u52a0\u540e\u7aef Prometheus \u589e\u52a0\u7684 label\uff1b\n[ honorLabels: bool | default = false ]\n# \u662f\u5426\u4f7f\u7528\u6293\u53d6\u5230 target \u4e0a\u4ea7\u751f\u7684\u65f6\u95f4\u3002\n# true: \u5982\u679c target \u4e2d\u6709\u65f6\u95f4\uff0c\u4f7f\u7528 target \u4e0a\u7684\u65f6\u95f4\uff1b\n# false: \u76f4\u63a5\u5ffd\u7565 target \u4e0a\u7684\u65f6\u95f4\uff1b\n[ honorTimestamps: bool | default = true ]\n# basic auth \u7684\u8ba4\u8bc1\u4fe1\u606f\uff0cusername/password \u586b\u5199\u5bf9\u5e94 K8S secret key \u7684\u503c\uff0c\u6ce8\u610f secret namespace \u9700\u8981\u548c PodMonitor/ServiceMonitor \u76f8\u540c\u3002\n[ basicAuth: BasicAuth ]\n# \u901a\u8fc7\u4ee3\u7406\u670d\u52a1\u6765\u6293\u53d6 target \u4e0a\u7684\u6307\u6807\uff0c\u586b\u5199\u5bf9\u5e94\u7684\u4ee3\u7406\u670d\u52a1\u5730\u5740\n[ proxyUrl: string ]\n# \u5728\u6293\u53d6\u6570\u636e\u4e4b\u540e\uff0c\u628a target \u4e0a\u5bf9\u5e94\u7684 label \u901a\u8fc7 relabel \u7684\u673a\u5236\u8fdb\u884c\u6539\u5199\uff0c\u6309\u987a\u5e8f\u6267\u884c\u591a\u4e2a relabel \u89c4\u5219\u3002\n# relabel_config \u8be6\u89c1\u4e0b\u6587\u8bf4\u660e\nrelabelings:\n[ - <relabel_config> ...]\n# \u6570\u636e\u6293\u53d6\u5b8c\u6210\u5199\u5165\u4e4b\u524d\uff0c\u901a\u8fc7 relabel \u673a\u5236\u8fdb\u884c\u6539\u5199 label \u5bf9\u5e94\u7684\u503c\uff0c\u6309\u987a\u5e8f\u6267\u884c\u591a\u4e2a relabel \u89c4\u5219\u3002\n# relabel_config \u8be6\u89c1\u4e0b\u6587\u8bf4\u660e\nmetricRelabelings:\n[ - <relabel_config> ...]\n
"},{"location":"admin/insight/collection-manag/metric-collect.html#relabel_config","title":"relabel_config","text":"\u76f8\u5e94\u914d\u7f6e\u9879\u8bf4\u660e\u5982\u4e0b\uff1a
# \u4ece\u539f\u59cb labels \u4e2d\u53d6\u54ea\u4e9b label \u7684\u503c\u8fdb\u884c relabel\uff0c\u53d6\u51fa\u6765\u7684\u503c\u901a\u8fc7 separator \u4e2d\u7684\u5b9a\u4e49\u8fdb\u884c\u5b57\u7b26\u62fc\u63a5\u3002\n# \u5982\u679c\u662f PodMonitor/ServiceMonitor \u5bf9\u5e94\u7684\u914d\u7f6e\u9879\u4e3a sourceLabels\n[ source_labels: '[' <labelname> [, ...] ']' ]\n# \u5b9a\u4e49\u9700\u8981 relabel \u7684 label \u503c\u62fc\u63a5\u7684\u5b57\u7b26\uff0c\u9ed8\u8ba4\u4e3a ';'\n[ separator: <string> | default = ; ]\n\n# action \u4e3a replace/hashmod \u65f6\uff0c\u901a\u8fc7 target_label \u6765\u6307\u5b9a\u5bf9\u5e94 label name\u3002\n# \u5982\u679c\u662f PodMonitor/ServiceMonitor \u5bf9\u5e94\u7684\u914d\u7f6e\u9879\u4e3a targetLabel\n[ target_label: <labelname> ]\n\n# \u9700\u8981\u5bf9 source labels \u5bf9\u5e94\u503c\u8fdb\u884c\u6b63\u5219\u5339\u914d\u7684\u8868\u8fbe\u5f0f\n[ regex: <regex> | default = (.*) ]\n\n# action \u4e3a hashmod \u65f6\u7528\u5230\uff0c\u6839\u636e source label \u5bf9\u5e94\u503c md5 \u53d6\u6a21\u503c\n[ modulus: <int> ]\n\n# action \u4e3a replace \u7684\u65f6\u5019\uff0c\u901a\u8fc7 replacement \u6765\u5b9a\u4e49\u5f53 regex \u5339\u914d\u4e4b\u540e\u9700\u8981\u66ff\u6362\u7684\u8868\u8fbe\u5f0f\uff0c\u53ef\u4ee5\u7ed3\u5408 regex \u6b63\u89c4\u5219\u8868\u8fbe\u5f0f\u66ff\u6362\n[ replacement: <string> | default = $1 ]\n\n# \u57fa\u4e8e regex \u5339\u914d\u5230\u7684\u503c\u8fdb\u884c\u76f8\u5173\u7684\u64cd\u4f5c\uff0c\u5bf9\u5e94\u7684 action \u5982\u4e0b\uff0c\u9ed8\u8ba4\u4e3a replace\uff1a\n# replace: \u5982\u679c regex \u5339\u914d\u5230\uff0c\u901a\u8fc7 replacement \u4e2d\u5b9a\u4e49\u7684\u503c\u66ff\u6362\u76f8\u5e94\u7684\u503c\uff0c\u5e76\u901a\u8fc7 target_label \u8bbe\u503c\u5e76\u6dfb\u52a0\u76f8\u5e94\u7684 label\n# keep: \u5982\u679c regex \u6ca1\u6709\u5339\u914d\u5230\uff0c\u4e22\u5f03\n# drop: \u5982\u679c regex \u5339\u914d\u5230\uff0c\u4e22\u5f03\n# hashmod: \u901a\u8fc7 moduels \u6307\u5b9a\u7684\u503c\u628a source label \u5bf9\u5e94\u7684 md5 \u503c\u53d6\u6a21\n# \u5e76\u6dfb\u52a0\u4e00\u4e2a\u65b0\u7684 label\uff0clabel name \u901a\u8fc7 target_label \u6307\u5b9a\n# labelmap: \u5982\u679c regex \u5339\u914d\u5230\uff0c\u4f7f\u7528 replacement \u66ff\u6362\u5bf9\u5c31\u7684 label name\n# labeldrop: \u5982\u679c regex \u5339\u914d\u5230\uff0c\u5220\u9664\u5bf9\u5e94\u7684 label\n# labelkeep: \u5982\u679c regex \u6ca1\u6709\u5339\u914d\u5230\uff0c\u5220\u9664\u5bf9\u5e94\u7684 label\n[ action: <relabel_action> | default = replace ]\n
"},{"location":"admin/insight/collection-manag/probe-module.html","title":"\u81ea\u5b9a\u4e49\u63a2\u6d4b\u65b9\u5f0f","text":"Insight \u4f7f\u7528 Prometheus \u5b98\u65b9\u63d0\u4f9b\u7684 Blackbox Exporter \u4f5c\u4e3a\u9ed1\u76d2\u76d1\u63a7\u89e3\u51b3\u65b9\u6848\uff0c\u53ef\u4ee5\u901a\u8fc7 HTTP\u3001HTTPS\u3001DNS\u3001ICMP\u3001TCP \u548c gRPC \u65b9\u5f0f\u5bf9\u76ee\u6807\u5b9e\u4f8b\u8fdb\u884c\u68c0\u6d4b\u3002\u53ef\u7528\u4e8e\u4ee5\u4e0b\u4f7f\u7528\u573a\u666f\uff1a
\u5728\u672c\u6587\u4e2d\uff0c\u6211\u4eec\u5c06\u4ecb\u7ecd\u5982\u4f55\u5728\u5df2\u6709\u7684 Blackbox ConfigMap \u4e2d\u914d\u7f6e\u81ea\u5b9a\u4e49\u7684\u63a2\u6d4b\u65b9\u5f0f\u3002
Insight \u9ed8\u8ba4\u672a\u5f00\u542f ICMP \u63a2\u6d4b\u65b9\u5f0f\uff0c\u56e0\u4e3a ICMP \u9700\u8981\u66f4\u9ad8\u6743\u9650\uff0c\u56e0\u6b64\uff0c\u6211\u4eec\u5c06\u4ee5 ICMP \u548c HTTP \u63a2\u6d4b\u65b9\u5f0f\u4f5c\u4e3a\u793a\u4f8b\uff0c\u5c55\u793a\u5982\u4f55\u4fee\u6539 ConfigMap \u4ee5\u5b9e\u73b0\u81ea\u5b9a\u4e49\u7684 ICMP \u548c HTTP \u63a2\u6d4b\u3002
"},{"location":"admin/insight/collection-manag/probe-module.html#_2","title":"\u64cd\u4f5c\u6b65\u9aa4","text":"\u627e\u5230\u540d\u4e3a insight-agent-prometheus-blackbox-exporter \u7684\u914d\u7f6e\u9879\uff0c\u70b9\u51fb \u7f16\u8f91 YAML\uff1b
\u5728 modules \u4e0b\u6dfb\u52a0\u81ea\u5b9a\u4e49\u63a2\u6d4b\u65b9\u5f0f\uff1a
module:\n http_2xx:\n prober: http\n timeout: 5s\n http:\n valid_http_versions: [HTTP/1.1, HTTP/2]\n valid_status_codes: [] # Defaults to 2xx\n method: GET\n
module:\n ICMP: # ICMP \u63a2\u6d4b\u914d\u7f6e\u7684\u793a\u4f8b\n prober: icmp\n timeout: 5s\n icmp:\n preferred_ip_protocol: ip4\nicmp_example: # ICMP \u63a2\u6d4b\u914d\u7f6e\u7684\u793a\u4f8b 2\n prober: icmp\n timeout: 5s\n icmp:\n preferred_ip_protocol: \"ip4\"\n source_ip_address: \"127.0.0.1\"\n
\u7531\u4e8e ICMP \u9700\u8981\u66f4\u9ad8\u6743\u9650\uff0c\u56e0\u6b64\uff0c\u6211\u4eec\u8fd8\u9700\u8981\u63d0\u5347 Pod \u6743\u9650\uff0c\u5426\u5219\u4f1a\u51fa\u73b0 operation not permitted
\u7684\u9519\u8bef\u3002\u6709\u4ee5\u4e0b\u4e24\u79cd\u65b9\u5f0f\u63d0\u5347\u6743\u9650\uff1a \u65b9\u5f0f\u4e00\uff1a \u76f4\u63a5\u7f16\u8f91 BlackBox Exporter
\u90e8\u7f72\u6587\u4ef6\u5f00\u542f
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: insight-agent-prometheus-blackbox-exporter\n namespace: insight-system\nspec:\n template:\n spec:\n containers:\n - name: blackbox-exporter\n image: # ... (image, args, ports \u7b49\u4fdd\u6301\u4e0d\u53d8)\n imagePullPolicy: IfNotPresent\n securityContext:\n allowPrivilegeEscalation: false\n capabilities:\n add:\n - NET_RAW\n drop:\n - ALL\n readOnlyRootFilesystem: true\n runAsGroup: 0\n runAsNonRoot: false\n runAsUser: 0\n
\u65b9\u5f0f\u4e8c\uff1a \u901a\u8fc7 Helm Upgrade \u65b9\u5f0f\u63d0\u6743
prometheus-blackbox-exporter:\n enabled: true\n securityContext:\n runAsUser: 0\n runAsGroup: 0\n readOnlyRootFilesystem: true\n runAsNonRoot: false\n allowPrivilegeEscalation: false\n capabilities:\n add: [\"NET_RAW\"]\n
Info
\u66f4\u591a\u63a2\u6d4b\u65b9\u5f0f\u53ef\u53c2\u8003 blackbox_exporter Configuration\u3002
"},{"location":"admin/insight/collection-manag/probe-module.html#_3","title":"\u5176\u4ed6\u53c2\u8003","text":"\u4ee5\u4e0b YAML \u6587\u4ef6\u4e2d\u5305\u542b\u4e86 HTTP\u3001TCP\u3001SMTP\u3001ICMP\u3001DNS \u7b49\u591a\u79cd\u63a2\u6d4b\u65b9\u5f0f\uff0c\u53ef\u6839\u636e\u9700\u6c42\u81ea\u884c\u4fee\u6539 insight-agent-prometheus-blackbox-exporter
\u7684\u914d\u7f6e\u6587\u4ef6\u3002
kind: ConfigMap\napiVersion: v1\nmetadata:\n name: insight-agent-prometheus-blackbox-exporter\n namespace: insight-system\n labels:\n app.kubernetes.io/instance: insight-agent\n app.kubernetes.io/managed-by: Helm\n app.kubernetes.io/name: prometheus-blackbox-exporter\n app.kubernetes.io/version: v0.24.0\n helm.sh/chart: prometheus-blackbox-exporter-8.8.0\n annotations:\n meta.helm.sh/release-name: insight-agent\n meta.helm.sh/release-namespace: insight-system\ndata:\n blackbox.yaml: |\n modules:\n HTTP_GET:\n prober: http\n timeout: 5s\n http:\n method: GET\n valid_http_versions: [\"HTTP/1.1\", \"HTTP/2.0\"]\n follow_redirects: true\n preferred_ip_protocol: \"ip4\"\n HTTP_POST:\n prober: http\n timeout: 5s\n http:\n method: POST\n body_size_limit: 1MB\n TCP:\n prober: tcp\n timeout: 5s\n # \u9ed8\u8ba4\u672a\u5f00\u542f\uff1a\n # ICMP:\n # prober: icmp\n # timeout: 5s\n # icmp:\n # preferred_ip_protocol: ip4\n SSH:\n prober: tcp\n timeout: 5s\n tcp:\n query_response:\n - expect: \"^SSH-2.0-\"\n POP3S:\n prober: tcp\n tcp:\n query_response:\n - expect: \"^+OK\"\n tls: true\n tls_config:\n insecure_skip_verify: false\n http_2xx_example: # http \u63a2\u6d4b\u793a\u4f8b\n prober: http\n timeout: 5s # \u63a2\u6d4b\u7684\u8d85\u65f6\u65f6\u95f4\n http:\n valid_http_versions: [\"HTTP/1.1\", \"HTTP/2.0\"] # \u8fd4\u56de\u4fe1\u606f\u4e2d\u7684 Version\uff0c\u4e00\u822c\u9ed8\u8ba4\u5373\u53ef\n valid_status_codes: [] # Defaults to 2xx # \u6709\u6548\u7684\u8fd4\u56de\u7801\u8303\u56f4\uff0c\u5982\u679c\u8bf7\u6c42\u7684\u8fd4\u56de\u7801\u5728\u8be5\u8303\u56f4\u5185\uff0c\u89c6\u4e3a\u63a2\u6d4b\u6210\u529f\n method: GET # \u8bf7\u6c42\u65b9\u6cd5\n headers: # \u8bf7\u6c42\u7684\u5934\u90e8\n Host: vhost.example.com\n Accept-Language: en-US\n Origin: example.com\n no_follow_redirects: false # \u662f\u5426\u5141\u8bb8\u91cd\u5b9a\u5411\n fail_if_ssl: false \n fail_if_not_ssl: false\n fail_if_body_matches_regexp:\n - \"Could not connect to database\"\n fail_if_body_not_matches_regexp:\n - \"Download the latest version here\"\n fail_if_header_matches: # Verifies that no cookies are set\n - header: Set-Cookie\n allow_missing: true\n regexp: '.*'\n fail_if_header_not_matches:\n - header: Access-Control-Allow-Origin\n regexp: '(\\*|example\\.com)'\n tls_config: # \u9488\u5bf9 https \u8bf7\u6c42\u7684 tls \u7684\u914d\u7f6e\n insecure_skip_verify: false\n preferred_ip_protocol: \"ip4\" # defaults to \"ip6\" # \u9996\u9009\u7684 IP \u534f\u8bae\u7248\u672c\n ip_protocol_fallback: false # no fallback to \"ip6\" \n http_post_2xx: # \u5e26 Body \u7684 http \u63a2\u6d4b\u7684\u793a\u4f8b\n prober: http\n timeout: 5s\n http:\n method: POST # \u63a2\u6d4b\u7684\u8bf7\u6c42\u65b9\u6cd5\n headers:\n Content-Type: application/json\n body: '{\"username\":\"admin\",\"password\":\"123456\"}' # \u63a2\u6d4b\u65f6\u643a\u5e26\u7684 body\n http_basic_auth_example: # \u5e26\u7528\u6237\u540d\u5bc6\u7801\u7684\u63a2\u6d4b\u7684\u793a\u4f8b\n prober: http\n timeout: 5s\n http:\n method: POST\n headers:\n Host: \"login.example.com\"\n basic_auth: # \u63a2\u6d4b\u65f6\u8981\u52a0\u7684\u7528\u6237\u540d\u5bc6\u7801\n username: \"username\"\n password: \"mysecret\"\n http_custom_ca_example:\n prober: http\n http:\n method: GET\n tls_config: # \u6307\u5b9a\u63a2\u6d4b\u65f6\u4f7f\u7528\u7684\u6839\u8bc1\u4e66\n ca_file: \"/certs/my_cert.crt\"\n http_gzip:\n prober: http\n http:\n method: GET\n compression: gzip # \u63a2\u6d4b\u65f6\u4f7f\u7528\u7684\u538b\u7f29\u65b9\u6cd5\n http_gzip_with_accept_encoding:\n prober: http\n http:\n method: GET\n compression: gzip\n headers:\n Accept-Encoding: gzip\n tls_connect: # TCP \u63a2\u6d4b\u7684\u793a\u4f8b\n prober: tcp\n timeout: 5s\n tcp:\n tls: true # \u662f\u5426\u4f7f\u7528 TLS\n tcp_connect_example:\n prober: tcp\n timeout: 5s\n imap_starttls: # \u63a2\u6d4b IMAP \u90ae\u7bb1\u670d\u52a1\u5668\u7684\u914d\u7f6e\u793a\u4f8b\n prober: tcp\n timeout: 5s\n tcp:\n query_response:\n - expect: \"OK.*STARTTLS\"\n - send: \". STARTTLS\"\n - expect: \"OK\"\n - starttls: true\n - send: \". capability\"\n - expect: \"CAPABILITY IMAP4rev1\"\n smtp_starttls: # \u63a2\u6d4b SMTP \u90ae\u7bb1\u670d\u52a1\u5668\u7684\u914d\u7f6e\u793a\u4f8b\n prober: tcp\n timeout: 5s\n tcp:\n query_response:\n - expect: \"^220 ([^ ]+) ESMTP (.+)$\"\n - send: \"EHLO prober\\r\"\n - expect: \"^250-STARTTLS\"\n - send: \"STARTTLS\\r\"\n - expect: \"^220\"\n - starttls: true\n - send: \"EHLO prober\\r\"\n - expect: \"^250-AUTH\"\n - send: \"QUIT\\r\"\n irc_banner_example:\n prober: tcp\n timeout: 5s\n tcp:\n query_response:\n - send: \"NICK prober\"\n - send: \"USER prober prober prober :prober\"\n - expect: \"PING :([^ ]+)\"\n send: \"PONG ${1}\"\n - expect: \"^:[^ ]+ 001\"\n # icmp_example: # ICMP \u63a2\u6d4b\u914d\u7f6e\u7684\u793a\u4f8b\n # prober: icmp\n # timeout: 5s\n # icmp:\n # preferred_ip_protocol: \"ip4\"\n # source_ip_address: \"127.0.0.1\"\n dns_udp_example: # \u4f7f\u7528 UDP \u8fdb\u884c DNS \u67e5\u8be2\u7684\u793a\u4f8b\n prober: dns\n timeout: 5s\n dns:\n query_name: \"www.prometheus.io\" # \u8981\u89e3\u6790\u7684\u57df\u540d\n query_type: \"A\" # \u8be5\u57df\u540d\u5bf9\u5e94\u7684\u7c7b\u578b\n valid_rcodes:\n - NOERROR\n validate_answer_rrs:\n fail_if_matches_regexp:\n - \".*127.0.0.1\"\n fail_if_all_match_regexp:\n - \".*127.0.0.1\"\n fail_if_not_matches_regexp:\n - \"www.prometheus.io.\\t300\\tIN\\tA\\t127.0.0.1\"\n fail_if_none_matches_regexp:\n - \"127.0.0.1\"\n validate_authority_rrs:\n fail_if_matches_regexp:\n - \".*127.0.0.1\"\n validate_additional_rrs:\n fail_if_matches_regexp:\n - \".*127.0.0.1\"\n dns_soa:\n prober: dns\n dns:\n query_name: \"prometheus.io\"\n query_type: \"SOA\"\n dns_tcp_example: # \u4f7f\u7528 TCP \u8fdb\u884c DNS \u67e5\u8be2\u7684\u793a\u4f8b\n prober: dns\n dns:\n transport_protocol: \"tcp\" # defaults to \"udp\"\n preferred_ip_protocol: \"ip4\" # defaults to \"ip6\"\n query_name: \"www.prometheus.io\"\n
"},{"location":"admin/insight/collection-manag/service-monitor.html","title":"\u914d\u7f6e\u670d\u52a1\u53d1\u73b0\u89c4\u5219","text":"\u53ef\u89c2\u6d4b Insight \u652f\u6301\u901a\u8fc7 \u5bb9\u5668\u7ba1\u7406 \u521b\u5efa CRD ServiceMonitor \u7684\u65b9\u5f0f\u6765\u6ee1\u8db3\u60a8\u81ea\u5b9a\u4e49\u670d\u52a1\u53d1\u73b0\u7684\u91c7\u96c6\u9700\u6c42\u3002 \u7528\u6237\u53ef\u4ee5\u901a\u8fc7\u4f7f\u7528 ServiceMonitor \u81ea\u884c\u5b9a\u4e49 Pod \u53d1\u73b0\u7684 Namespace \u8303\u56f4\u4ee5\u53ca\u901a\u8fc7 matchLabel \u6765\u9009\u62e9\u76d1\u542c\u7684 Service\u3002
"},{"location":"admin/insight/collection-manag/service-monitor.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u96c6\u7fa4\u5df2\u5b89\u88c5 Helm \u5e94\u7528 insight-agent \u4e14\u5904\u4e8e \u8fd0\u884c\u4e2d \u72b6\u6001\u3002
"},{"location":"admin/insight/collection-manag/service-monitor.html#_3","title":"\u64cd\u4f5c\u6b65\u9aa4","text":"\u9009\u62e9\u5de6\u4fa7\u5bfc\u822a\u680f\u7684 \u91c7\u96c6\u7ba1\u7406 \uff0c\u67e5\u770b\u5168\u90e8\u96c6\u7fa4\u91c7\u96c6\u63d2\u4ef6\u7684\u72b6\u6001\u3002
\u70b9\u51fb\u5217\u8868\u4e2d\u7684\u67d0\u4e2a\u96c6\u7fa4\u540d\u79f0\u8fdb\u5165\u91c7\u96c6\u914d\u7f6e\u8be6\u60c5\u3002
\u70b9\u51fb\u94fe\u63a5\u8df3\u8f6c\u5230 \u5bb9\u5668\u7ba1\u7406 \u4e2d\u521b\u5efa Service Monitor\u3002
apiVersion: monitoring.coreos.com/v1\nkind: ServiceMonitor\nmetadata:\n name: micrometer-demo # (1)\n namespace: insight-system # (2)\n labels: \n operator.insight.io/managed-by: insight\nspec:\n endpoints: # (3)\n - honorLabels: true\n interval: 15s\n path: /actuator/prometheus\n port: http\n namespaceSelector: # (4)\n matchNames:\n - insight-system # (5)\n selector: # (6)\n matchLabels:\n micrometer-prometheus-discovery: \"true\"\n
\u8fd9\u662f\u670d\u52a1\u7aef\u70b9\uff0c\u4ee3\u8868 Prometheus \u6240\u9700\u7684\u91c7\u96c6 Metrics \u7684\u5730\u5740\u3002 endpoints \u4e3a\u4e00\u4e2a\u6570\u7ec4\uff0c \u540c\u65f6\u53ef\u4ee5\u521b\u5efa\u591a\u4e2a endpoints \u3002\u6bcf\u4e2a endpoints \u5305\u542b\u4e09\u4e2a\u5b57\u6bb5\uff0c\u6bcf\u4e2a\u5b57\u6bb5\u7684\u542b\u4e49\u5982\u4e0b\uff1a
\u8fd9\u662f\u9700\u8981\u53d1\u73b0\u7684 Service \u7684\u8303\u56f4\u3002 namespaceSelector \u5305\u542b\u4e24\u4e2a\u4e92\u65a5\u5b57\u6bb5\uff0c\u5b57\u6bb5\u7684\u542b\u4e49\u5982\u4e0b\uff1a
matchNames \uff1a\u6570\u7ec4\u503c\uff0c\u6307\u5b9a\u9700\u8981\u76d1\u542c\u7684 namespace \u7684\u8303\u56f4\u3002\u4f8b\u5982\uff0c\u53ea\u60f3\u76d1\u542c default \u548c insight-system \u4e24\u4e2a\u547d\u540d\u7a7a\u95f4\u4e2d\u7684 Service\uff0c\u90a3\u4e48 matchNames \u8bbe\u7f6e\u5982\u4e0b\uff1a
namespaceSelector:\n matchNames:\n - default\n - insight-system\n
\u6b64\u5904\u5339\u914d\u7684\u547d\u540d\u7a7a\u95f4\u4e3a\u9700\u8981\u66b4\u9732\u6307\u6807\u7684\u5e94\u7528\u6240\u5728\u7684\u547d\u540d\u7a7a\u95f4
\u2705\uff1a\u6d4b\u8bd5\u901a\u8fc7\uff1b \u274c\uff1a\u6d4b\u8bd5\u672a\u901a\u8fc7\uff1b\u7a7a\uff1a\u672a\u8fdb\u884c\u6d4b\u8bd5\uff1b
"},{"location":"admin/insight/compati-test/k8s-compatibility.html#insight-server-kubernetes","title":"Insight Server \u7684 Kubernetes \u517c\u5bb9\u6027\u6d4b\u8bd5","text":"\u573a\u666f \u6d4b\u8bd5\u65b9\u5f0f K8s 1.31 K8s 1.30 K8s 1.29 K8s 1.28 K8s 1.27 K8s 1.26 k8s 1.25.0 k8s 1.24 k8s 1.23 k8s 1.22 \u57fa\u7ebf\u573a\u666f E2E \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u6307\u6807\u67e5\u8be2 E2E \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u65e5\u5fd7\u67e5\u8be2 E2E \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u94fe\u8def\u67e5\u8be2 E2E \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u544a\u8b66\u4e2d\u5fc3 E2E \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u62d3\u6251\u67e5\u8be2 E2E \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705"},{"location":"admin/insight/compati-test/k8s-compatibility.html#insight-agent-kubernetes","title":"Insight Agent \u7684 Kubernetes \u517c\u5bb9\u6027\u6d4b\u8bd5","text":"\u573a\u666f \u6d4b\u8bd5\u65b9\u5f0f K8s 1.31 K8s 1.30 K8s 1.29 K8s 1.28 K8s 1.27 K8s 1.26 k8s 1.25 k8s 1.24 k8s 1.23 k8s 1.22 k8s 1.21 k8s 1.20 k8s 1.19 k8s 1.18 k8s 1.17 k8s 1.16 \u57fa\u7ebf\u573a\u666f E2E \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u274c \u274c \u274c \u6307\u6807\u67e5\u8be2 E2E \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u274c \u274c \u274c \u65e5\u5fd7\u67e5\u8be2 E2E \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u274c \u274c \u274c \u94fe\u8def\u67e5\u8be2 E2E \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u274c \u274c \u274c \u544a\u8b66\u4e2d\u5fc3 E2E \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u274c \u274c \u274c \u62d3\u6251\u67e5\u8be2 E2E \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u274c \u274c \u274cNote
Insight Agent \u7248\u672c\u517c\u5bb9\u5386\u53f2\uff1a
\u2705\uff1a\u6d4b\u8bd5\u901a\u8fc7\uff1b \u274c\uff1a\u6d4b\u8bd5\u672a\u901a\u8fc7\u3002
Note
\u8868\u683c\u4e2d\u7684\u6d4b\u8bd5\u529f\u80fd\u975e\u5168\u91cf\u3002
case \u6d4b\u8bd5\u65b9\u5f0f ocp4.10(k8s 1.23.0) \u5907\u6ce8 \u91c7\u96c6\u5e76\u67e5\u8be2 web \u5e94\u7528\u7684\u6307\u6807 \u624b\u5de5 \u2705 \u6dfb\u52a0\u81ea\u5b9a\u4e49\u6307\u6807\u91c7\u96c6 \u624b\u5de5 \u2705 \u67e5\u8be2\u5b9e\u65f6\u6307\u6807 \u624b\u5de5 \u2705 \u77ac\u65f6\u6307\u6807\u67e5\u8be2 \u624b\u5de5 \u2705 \u77ac\u65f6\u6307\u6807api\u5b57\u6bb5\u529f\u80fd\u9a8c\u8bc1 \u624b\u5de5 \u2705 \u67e5\u8be2\u4e00\u6bb5\u65f6\u95f4\u5185\u6307\u6807 \u624b\u5de5 \u2705 \u67e5\u8be2\u4e00\u6bb5\u65f6\u95f4\u5185\u6307\u6807 api \u5b57\u6bb5\u529f\u80fd\u9a8c\u8bc1 \u624b\u5de5 \u2705 \u6279\u91cf\u67e5\u8be2\u96c6\u7fa4CPU\u3001\u5185\u5b58\u4f7f\u7528\u7387\u3001\u96c6\u7fa4 CPU \u603b\u91cf\u3001\u96c6\u7fa4\u5185\u5b58\u4f7f\u7528\u91cf\uff0c\u96c6\u7fa4\u8282\u70b9\u603b\u6570 \u624b\u5de5 \u2705 \u6279\u91cf\u67e5\u8be2\u8282\u70b9CPU\u3001\u5185\u5b58\u4f7f\u7528\u7387\u3001\u8282\u70b9 CPU \u603b\u91cf\u3001\u8282\u70b9\u5185\u5b58\u4f7f\u7528\u91cf \u624b\u5de5 \u2705 \u6279\u91cf\u67e5\u8be2\u4e00\u6bb5\u65f6\u95f4\u5185\u7684\u96c6\u7fa4CPU\u3001\u5185\u5b58\u4f7f\u7528\u7387\u3001\u96c6\u7fa4 CPU \u603b\u91cf\u3001\u96c6\u7fa4\u5185\u5b58\u4f7f\u7528\u91cf\uff0c\u96c6\u7fa4\u8282\u70b9\u603b\u6570 \u624b\u5de5 \u2705 \u6279\u91cf\u67e5\u8be2\u67e5\u8be2\u4e00\u6bb5\u65f6\u95f4\u5185\u6307\u6807 api \u5b57\u6bb5\u529f\u80fd\u9a8c\u8bc1 \u624b\u5de5 \u2705 \u67e5\u8be2 Pod \u65e5\u5fd7 \u624b\u5de5 \u2705 \u67e5\u8be2 SVC \u65e5\u5fd7 \u624b\u5de5 \u2705 \u67e5\u8be2 statefulset \u65e5\u5fd7 \u624b\u5de5 \u2705 \u67e5\u8be2 Deployment \u65e5\u5fd7 \u624b\u5de5 \u2705 \u67e5\u8be2 NPD \u65e5\u5fd7 \u624b\u5de5 \u2705 \u65e5\u5fd7\u7b5b\u9009 \u624b\u5de5 \u2705 \u65e5\u5fd7\u6a21\u7cca\u67e5\u8be2-workloadSearch \u624b\u5de5 \u2705 \u65e5\u5fd7\u6a21\u7cca\u67e5\u8be2-podSearch \u624b\u5de5 \u2705 \u65e5\u5fd7\u6a21\u7cca\u67e5\u8be2-containerSearch \u624b\u5de5 \u2705 \u65e5\u5fd7\u7cbe\u786e\u67e5\u8be2-cluster \u624b\u5de5 \u2705 \u65e5\u5fd7\u7cbe\u786e\u67e5\u8be2-namespace \u624b\u5de5 \u2705 \u65e5\u5fd7\u67e5\u8be2 api \u5b57\u6bb5\u529f\u80fd\u9a8c\u8bc1 \u624b\u5de5 \u2705 \u544a\u8b66\u89c4\u5219-\u589e\u5220\u6539\u67e5 \u624b\u5de5 \u2705 \u544a\u8b66\u6a21\u677f-\u589e\u5220\u6539\u67e5 \u624b\u5de5 \u2705 \u901a\u77e5\u65b9\u5f0f-\u589e\u5220\u6539\u67e5 \u624b\u5de5 \u2705 \u94fe\u8def\u67e5\u8be2 \u624b\u5de5 \u2705 \u62d3\u6251\u67e5\u8be2 \u624b\u5de5 \u2705"},{"location":"admin/insight/compati-test/rancher-compatibility.html","title":"Rancher \u96c6\u7fa4\u517c\u5bb9\u6027\u6d4b\u8bd5","text":"\u2705\uff1a\u6d4b\u8bd5\u901a\u8fc7\uff1b \u274c\uff1a\u6d4b\u8bd5\u672a\u901a\u8fc7\u3002
Note
\u8868\u683c\u4e2d\u7684\u6d4b\u8bd5\u529f\u80fd\u975e\u5168\u91cf\u3002
case \u6d4b\u8bd5\u65b9\u5f0f Rancher rke2c1(k8s 1.24.11) \u5907\u6ce8 \u91c7\u96c6\u5e76\u67e5\u8be2 web \u5e94\u7528\u7684\u6307\u6807 \u624b\u5de5 \u2705 \u6dfb\u52a0\u81ea\u5b9a\u4e49\u6307\u6807\u91c7\u96c6 \u624b\u5de5 \u2705 \u67e5\u8be2\u5b9e\u65f6\u6307\u6807 \u624b\u5de5 \u2705 \u67e5\u8be2\u77ac\u65f6\u6307\u6807 \u624b\u5de5 \u2705 \u9a8c\u8bc1\u67e5\u8be2\u77ac\u65f6\u6307\u6807 API \u63a5\u53e3 \u624b\u5de5 \u2705 \u67e5\u8be2\u4e00\u6bb5\u65f6\u95f4\u5185\u6307\u6807 \u624b\u5de5 \u2705 \u9a8c\u8bc1\u67e5\u8be2\u4e00\u6bb5\u65f6\u95f4\u5185\u6307\u6807 API \u63a5\u53e3 \u624b\u5de5 \u2705 \u6279\u91cf\u67e5\u8be2\u96c6\u7fa4 CPU\u3001\u5185\u5b58\u4f7f\u7528\u7387\u3001\u96c6\u7fa4 CPU \u603b\u91cf\u3001\u96c6\u7fa4\u5185\u5b58\u4f7f\u7528\u91cf\uff0c\u96c6\u7fa4\u8282\u70b9\u603b\u6570 \u624b\u5de5 \u2705 \u6279\u91cf\u67e5\u8be2\u8282\u70b9 CPU\u3001\u5185\u5b58\u4f7f\u7528\u7387\u3001\u8282\u70b9 CPU \u603b\u91cf\u3001\u8282\u70b9\u5185\u5b58\u4f7f\u7528\u91cf \u624b\u5de5 \u2705 \u6279\u91cf\u67e5\u8be2\u4e00\u6bb5\u65f6\u95f4\u5185\u7684\u96c6\u7fa4 CPU\u3001\u5185\u5b58\u4f7f\u7528\u7387\u3001\u96c6\u7fa4 CPU \u603b\u91cf\u3001\u96c6\u7fa4\u5185\u5b58\u4f7f\u7528\u91cf\uff0c\u96c6\u7fa4\u8282\u70b9\u603b\u6570 \u624b\u5de5 \u2705 \u9a8c\u8bc1\u6279\u91cf\u67e5\u8be2\u4e00\u6bb5\u65f6\u95f4\u5185\u6307\u6807 API \u63a5\u53e3 \u624b\u5de5 \u2705 \u67e5\u8be2 Pod \u65e5\u5fd7 \u624b\u5de5 \u2705 \u67e5\u8be2 SVC \u65e5\u5fd7 \u624b\u5de5 \u2705 \u67e5\u8be2 statefulset \u65e5\u5fd7 \u624b\u5de5 \u2705 \u67e5\u8be2 Deployment \u65e5\u5fd7 \u624b\u5de5 \u2705 \u67e5\u8be2 NPD \u65e5\u5fd7 \u624b\u5de5 \u2705 \u7b5b\u9009\u65e5\u5fd7 \u624b\u5de5 \u2705 \u6a21\u7cca\u67e5\u8be2\u65e5\u5fd7-workloadSearch \u624b\u5de5 \u2705 \u6a21\u7cca\u67e5\u8be2\u65e5\u5fd7-podSearch \u624b\u5de5 \u2705 \u6a21\u7cca\u67e5\u8be2\u65e5\u5fd7-containerSearch \u624b\u5de5 \u2705 \u7cbe\u786e\u67e5\u8be2\u65e5\u5fd7-cluster \u624b\u5de5 \u2705 \u7cbe\u786e\u67e5\u8be2\u65e5\u5fd7-namespace \u624b\u5de5 \u2705 \u9a8c\u8bc1\u67e5\u8be2\u65e5\u5fd7 API \u63a5\u53e3 \u624b\u5de5 \u2705 \u544a\u8b66\u89c4\u5219 - \u589e\u5220\u6539\u67e5 \u624b\u5de5 \u2705 \u544a\u8b66\u6a21\u677f - \u589e\u5220\u6539\u67e5 \u624b\u5de5 \u2705 \u901a\u77e5\u65b9\u5f0f - \u589e\u5220\u6539\u67e5 \u624b\u5de5 \u2705 \u94fe\u8def\u67e5\u8be2 \u624b\u5de5 \u2705 \u62d3\u6251\u67e5\u8be2 \u624b\u5de5 \u2705"},{"location":"admin/insight/dashboard/dashboard.html","title":"\u4eea\u8868\u76d8","text":"Grafana \u662f\u4e00\u79cd\u5f00\u6e90\u7684\u6570\u636e\u53ef\u89c6\u5316\u548c\u76d1\u63a7\u5e73\u53f0\uff0c\u5b83\u63d0\u4f9b\u4e86\u4e30\u5bcc\u7684\u56fe\u8868\u548c\u9762\u677f\uff0c\u7528\u4e8e\u5b9e\u65f6\u76d1\u63a7\u3001\u5206\u6790\u548c\u53ef\u89c6\u5316\u5404\u79cd\u6570\u636e\u6e90\u7684\u6307\u6807\u548c\u65e5\u5fd7\u3002\u53ef\u89c2\u6d4b\u6027 Insight \u4f7f\u7528\u5f00\u6e90 Grafana \u63d0\u4f9b\u76d1\u63a7\u670d\u52a1\uff0c\u652f\u6301\u4ece\u96c6\u7fa4\u3001\u8282\u70b9\u3001\u547d\u540d\u7a7a\u95f4\u7b49\u591a\u7ef4\u5ea6\u67e5\u770b\u8d44\u6e90\u6d88\u8017\u60c5\u51b5\uff0c
\u5173\u4e8e\u5f00\u6e90 Grafana \u7684\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u89c1 Grafana \u5b98\u65b9\u6587\u6863\u3002
"},{"location":"admin/insight/dashboard/dashboard.html#_2","title":"\u64cd\u4f5c\u6b65\u9aa4","text":"\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u9009\u62e9 \u4eea\u8868\u76d8 \u3002
\u5728 Insight /\u6982\u89c8 \u4eea\u8868\u76d8\u4e2d\uff0c\u53ef\u67e5\u770b\u591a\u9009\u96c6\u7fa4\u7684\u8d44\u6e90\u4f7f\u7528\u60c5\u51b5\uff0c\u5e76\u4ee5\u547d\u540d\u7a7a\u95f4\u3001\u5bb9\u5668\u7ec4\u7b49\u591a\u4e2a\u7ef4\u5ea6\u5206\u6790\u4e86\u8d44\u6e90\u4f7f\u7528\u3001\u7f51\u7edc\u3001\u5b58\u50a8\u7b49\u60c5\u51b5\u3002
\u70b9\u51fb\u4eea\u8868\u76d8\u5de6\u4e0a\u4fa7\u7684\u4e0b\u62c9\u6846\u53ef\u5207\u6362\u96c6\u7fa4\u3002
\u70b9\u51fb\u4eea\u8868\u76d8\u53f3\u4e0b\u4fa7\u53ef\u5207\u6362\u67e5\u8be2\u7684\u65f6\u95f4\u8303\u56f4\u3002
Insight \u7cbe\u9009\u591a\u4e2a\u793e\u533a\u63a8\u8350\u4eea\u8868\u76d8\uff0c\u53ef\u4ece\u8282\u70b9\u3001\u547d\u540d\u7a7a\u95f4\u3001\u5de5\u4f5c\u8d1f\u8f7d\u7b49\u591a\u4e2a\u7ef4\u5ea6\u8fdb\u884c\u76d1\u63a7\u3002\u70b9\u51fb insight-system / Insight /\u6982\u89c8 \u533a\u57df\u5207\u6362\u4eea\u8868\u76d8\u3002
Note
\u8bbf\u95ee Grafana UI \u8bf7\u53c2\u8003\u4ee5\u7ba1\u7406\u5458\u8eab\u4efd\u767b\u5f55 Grafana\u3002
\u5bfc\u5165\u81ea\u5b9a\u4e49\u4eea\u8868\u76d8\u8bf7\u53c2\u8003\u5bfc\u5165\u81ea\u5b9a\u4e49\u4eea\u8868\u76d8\u3002
\u901a\u8fc7\u4f7f\u7528 Grafana CRD\uff0c\u53ef\u4ee5\u5c06\u4eea\u8868\u677f\u7684\u7ba1\u7406\u548c\u90e8\u7f72\u7eb3\u5165\u5230 Kubernetes \u7684\u751f\u547d\u5468\u671f\u7ba1\u7406\u4e2d\uff0c\u5b9e\u73b0\u4eea\u8868\u677f\u7684\u7248\u672c\u63a7\u5236\u3001\u81ea\u52a8\u5316\u90e8\u7f72\u548c\u96c6\u7fa4\u7ea7\u7684\u7ba1\u7406\u3002\u672c\u9875\u4ecb\u7ecd\u5982\u4f55\u901a\u8fc7 CRD \u548c UI \u754c\u9762\u5bfc\u5165\u81ea\u5b9a\u4e49\u7684\u4eea\u8868\u76d8\u3002
"},{"location":"admin/insight/dashboard/import-dashboard.html#_2","title":"\u64cd\u4f5c\u6b65\u9aa4","text":"\u767b\u5f55 AI \u7b97\u529b\u5e73\u53f0 \u5e73\u53f0\uff0c\u8fdb\u5165 \u5bb9\u5668\u7ba1\u7406 \uff0c\u5728\u96c6\u7fa4\u5217\u8868\u4e2d\u9009\u62e9 kpanda-global-cluster \u3002
\u9009\u62e9\u5de6\u4fa7\u5bfc\u822a\u680f\u7684 \u81ea\u5b9a\u4e49\u8d44\u6e90 \uff0c\u5728\u5217\u8868\u4e2d\u67e5\u627e grafanadashboards.integreatly.org \u6587\u4ef6\uff0c\u8fdb\u5165\u8be6\u60c5\u3002
\u70b9\u51fb Yaml \u521b\u5efa \uff0c\u4f7f\u7528\u4ee5\u4e0b\u6a21\u677f\uff0c\u5728 Json \u5b57\u6bb5\u4e2d\u66ff\u6362\u4eea\u8868\u76d8 JSON\u3002
apiVersion: integreatly.org/v1alpha1\nkind: GrafanaDashboard\nmetadata:\n labels:\n app: insight-grafana-operator\n operator.insight.io/managed-by: insight\n name: sample-dashboard\n namespace: insight-system\nspec:\n json: >\n {\n \"id\": null,\n \"title\": \"Simple Dashboard\",\n \"tags\": [],\n \"style\": \"dark\",\n \"timezone\": \"browser\",\n \"editable\": true,\n \"hideControls\": false,\n \"graphTooltip\": 1,\n \"panels\": [],\n \"time\": {\n \"from\": \"now-6h\",\n \"to\": \"now\"\n },\n \"timepicker\": {\n \"time_options\": [],\n \"refresh_intervals\": []\n },\n \"templating\": {\n \"list\": []\n },\n \"annotations\": {\n \"list\": []\n },\n \"refresh\": \"5s\",\n \"schemaVersion\": 17,\n \"version\": 0,\n \"links\": []\n }\n
\u70b9\u51fb \u786e\u8ba4 \u540e\uff0c\u7a0d\u7b49\u7247\u523b\u5373\u53ef\u5728 \u4eea\u8868\u76d8 \u4e2d\u67e5\u770b\u521a\u521a\u5bfc\u5165\u7684\u4eea\u8868\u76d8\u3002
Info
\u81ea\u5b9a\u4e49\u8bbe\u8ba1\u4eea\u8868\u76d8\uff0c\u8bf7\u53c2\u8003\u6dfb\u52a0\u4eea\u8868\u76d8\u9762\u677f\u3002
"},{"location":"admin/insight/dashboard/login-grafana.html","title":"\u8bbf\u95ee\u539f\u751f Grafana","text":"Insight \u501f\u52a9 Grafana \u63d0\u4f9b\u4e86\u4e30\u5bcc\u7684\u53ef\u89c6\u5316\u80fd\u529b\uff0c\u540c\u65f6\u4fdd\u7559\u4e86\u8bbf\u95ee\u539f\u751f Grafana \u7684\u5165\u53e3\u3002
"},{"location":"admin/insight/dashboard/login-grafana.html#_1","title":"\u64cd\u4f5c\u6b65\u9aa4","text":"\u767b\u5f55\u6d4f\u89c8\u5668\uff0c\u5728\u6d4f\u89c8\u5668\u4e2d\u8f93\u5165 Grafana \u5730\u5740\u3002
\u8bbf\u95ee\u5730\u5740\uff1a http://ip:\u8bbf\u95ee\u7aef\u53e3/ui/insight-grafana/login
\u4f8b\u5982\uff1a http://10.6.10.233:30209/ui/insight-grafana/login
\u70b9\u51fb\u53f3\u4e0b\u89d2\u7684\u767b\u5f55\uff0c\u4f7f\u7528\u9ed8\u8ba4\u7528\u6237\u540d\u3001\u5bc6\u7801\uff08admin/admin\uff09\u8fdb\u884c\u767b\u5f55\u3002
\u70b9\u51fb Log in \u5b8c\u6210\u767b\u5f55\u3002
\u6982\u7387 \u4ec5\u7edf\u8ba1\u5df2\u5b89\u88c5 insight-agent \u4e14\u5176\u8fd0\u884c\u72b6\u6001\u4e3a\u6b63\u5e38\u7684\u96c6\u7fa4\u6570\u636e\u3002\u53ef\u5728\u6982\u89c8\u4e2d\u591a\u96c6\u7fa4\u7684\u8d44\u6e90\u6982\u51b5\uff1a
\u5728\u5de6\u8fb9\u5bfc\u822a\u680f\u9009\u62e9 \u6982\u89c8 \u3002
"},{"location":"admin/insight/data-query/log.html","title":"\u65e5\u5fd7\u67e5\u8be2","text":"Insight \u9ed8\u8ba4\u91c7\u96c6\u8282\u70b9\u65e5\u5fd7\u3001\u5bb9\u5668\u65e5\u5fd7\u4ee5\u53ca kubernetes \u5ba1\u8ba1\u65e5\u5fd7\u3002\u5728\u65e5\u5fd7\u67e5\u8be2\u9875\u9762\u4e2d\uff0c\u53ef\u67e5\u8be2\u767b\u5f55\u8d26\u53f7\u6743\u9650\u5185\u7684\u6807\u51c6\u8f93\u51fa (stdout) \u65e5\u5fd7\uff0c\u5305\u62ec\u8282\u70b9\u65e5\u5fd7\u3001\u4ea7\u54c1\u65e5\u5fd7\u3001Kubenetes \u5ba1\u8ba1\u65e5\u5fd7\u7b49\uff0c\u5feb\u901f\u5728\u5927\u91cf\u65e5\u5fd7\u4e2d\u67e5\u8be2\u5230\u6240\u9700\u7684\u65e5\u5fd7\uff0c\u540c\u65f6\u7ed3\u5408\u65e5\u5fd7\u7684\u6765\u6e90\u4fe1\u606f\u548c\u4e0a\u4e0b\u6587\u539f\u59cb\u6570\u636e\u8f85\u52a9\u5b9a\u4f4d\u95ee\u9898\u3002
"},{"location":"admin/insight/data-query/log.html#_2","title":"\u64cd\u4f5c\u6b65\u9aa4","text":"\u5de6\u4fa7\u5bfc\u822a\u680f\u4e2d\uff0c\u9009\u62e9 \u65e5\u5fd7 \u3002
\u9876\u90e8 Tab \u9ed8\u8ba4\u8fdb\u5165 \u666e\u901a\u67e5\u8be2 \u3002
\u65e5\u5fd7\u7c7b\u578b\uff1a
\u652f\u6301\u5bf9\u5355\u4e2a\u5173\u952e\u5b57\u8fdb\u884c\u6a21\u7cca\u641c\u7d22\u3002
\u9876\u90e8\u5207\u6362 Tab \u9009\u62e9 Lucene \u8bed\u6cd5\u67e5\u8be2 \u3002
\u7b2c\u4e00\u6b21\u8fdb\u5165\u65f6\uff0c\u9ed8\u8ba4\u9009\u62e9\u767b\u5f55\u8d26\u53f7\u6743\u9650\u67e5\u8be2\u6709\u6743\u9650\u7684\u96c6\u7fa4\u6216\u547d\u540d\u7a7a\u95f4\u7684\u5bb9\u5668\u65e5\u5fd7\u3002
Lucene \u8bed\u6cd5\u8bf4\u660e\uff1a
\u70b9\u51fb\u65e5\u5fd7\u540e\u7684\u6309\u94ae\uff0c\u5728\u53f3\u4fa7\u5212\u51fa\u9762\u677f\u4e2d\u53ef\u67e5\u770b\u8be5\u6761\u65e5\u5fd7\u7684\u9ed8\u8ba4 100 \u6761\u4e0a\u4e0b\u6587\u3002\u53ef\u5207\u6362 \u663e\u793a\u884c\u6570 \u67e5\u770b\u66f4\u591a\u4e0a\u4e0b\u6587\u5185\u5bb9\u3002
"},{"location":"admin/insight/data-query/log.html#_5","title":"\u5bfc\u51fa\u65e5\u5fd7\u6570\u636e","text":"\u70b9\u51fb\u5217\u8868\u53f3\u4e0a\u4fa7\u7684\u4e0b\u8f7d\u6309\u94ae\u3002
\u6307\u6807\u67e5\u8be2\u652f\u6301\u67e5\u8be2\u5bb9\u5668\u5404\u8d44\u6e90\u7684\u6307\u6807\u6570\u636e\uff0c\u53ef\u67e5\u770b\u76d1\u63a7\u6307\u6807\u7684\u8d8b\u52bf\u53d8\u5316\u3002\u540c\u65f6\uff0c\u9ad8\u7ea7\u67e5\u8be2\u652f\u6301\u539f\u751f PromQL \u8bed\u53e5\u8fdb\u884c\u6307\u6807\u67e5\u8be2\u3002
"},{"location":"admin/insight/data-query/metric.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u70b9\u51fb\u4e00\u7ea7\u5bfc\u822a\u680f\u8fdb\u5165 \u53ef\u89c2\u6d4b\u6027 \u3002
\u5de6\u4fa7\u5bfc\u822a\u680f\u4e2d\uff0c\u9009\u62e9 \u6307\u6807 \u3002
\u9009\u62e9\u96c6\u7fa4\u3001\u7c7b\u578b\u3001\u8282\u70b9\u3001\u6307\u6807\u540d\u79f0\u67e5\u8be2\u6761\u4ef6\u540e\uff0c\u70b9\u51fb \u641c\u7d22 \uff0c\u5c4f\u5e55\u53f3\u4fa7\u5c06\u663e\u793a\u5bf9\u5e94\u6307\u6807\u56fe\u8868\u53ca\u6570\u636e\u8be6\u60c5\u3002
\u652f\u6301\u81ea\u5b9a\u4e49\u65f6\u95f4\u8303\u56f4\u3002\u53ef\u624b\u52a8\u70b9\u51fb \u5237\u65b0 \u56fe\u6807\u6216\u9009\u62e9\u9ed8\u8ba4\u65f6\u95f4\u95f4\u9694\u8fdb\u884c\u5237\u65b0\u3002
\u70b9\u51fb \u9ad8\u7ea7\u67e5\u8be2 \u9875\u7b7e\u901a\u8fc7\u539f\u751f\u7684 PromQL \u67e5\u8be2\u3002
Note
\u53c2\u9605 PromQL \u8bed\u6cd5\u3002
"},{"location":"admin/insight/faq/expand-once-es-full.html","title":"ElasticSearch \u6570\u636e\u585e\u6ee1\u5982\u4f55\u64cd\u4f5c\uff1f","text":"\u5f53 ElasticSearch \u5185\u5b58\u5360\u6ee1\u65f6\uff0c\u53ef\u4ee5\u9009\u62e9\u6269\u5bb9\u6216\u8005\u5220\u9664\u6570\u636e\u6765\u89e3\u51b3\uff1a
\u4f60\u53ef\u4ee5\u8fd0\u884c\u5982\u4e0b\u547d\u4ee4\u67e5\u770b ES \u8282\u70b9\u7684\u8d44\u6e90\u5360\u6bd4\u3002
kubectl get pod -n mcamel-system | grep common-es-cluster-masters-es | awk '{print $1}' | xargs -I {} kubectl exec {} -n mcamel-system -c elasticsearch -- df -h | grep /usr/share/elasticsearch/data\n
"},{"location":"admin/insight/faq/expand-once-es-full.html#_1","title":"\u6269\u5bb9","text":"\u5728\u4e3b\u673a\u8282\u70b9\u8fd8\u6709\u8d44\u6e90\u7684\u60c5\u51b5\u4e0b\uff0c \u6269\u5bb9 \u662f\u4e00\u79cd\u5e38\u89c1\u7684\u65b9\u6848\uff0c\u4e5f\u5c31\u662f\u63d0\u9ad8 PVC \u7684\u5bb9\u91cf\u3002
\u5148\u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\u83b7\u53d6 es-data-0 \u8282\u70b9\u7684 PVC \u914d\u7f6e\uff0c\u8bf7\u4ee5\u5b9e\u9645\u7684\u73af\u5883\u7684 PVC \u4e3a\u51c6\u3002
kubectl edit -n mcamel-system pvc elasticsearch-data-mcamel-common-es-cluster-masters-es-data-0\n
\u7136\u540e\u4fee\u6539\u4ee5\u4e0b storage
\u5b57\u6bb5\uff08\u9700\u8981\u4f7f\u7528\u7684\u5b58\u50a8\u7c7b SC \u53ef\u4ee5\u6269\u5bb9\uff09
spec:\n accessModes:\n - ReadWriteOnce\n resources:\n requests:\n storage: 35Gi # (1)!\n
\u5f53 ElasticSearch \u5185\u5b58\u5360\u6ee1\u65f6\uff0c\u4f60\u8fd8\u53ef\u4ee5\u5220\u9664 index \u6570\u636e\u91ca\u653e\u8d44\u6e90\u3002
\u4f60\u53ef\u4ee5\u53c2\u8003\u4ee5\u4e0b\u6b65\u9aa4\u8fdb\u5165 Kibana \u9875\u9762\uff0c\u624b\u52a8\u6267\u884c\u5220\u9664\u64cd\u4f5c\u3002
\u9996\u5148\u660e\u786e Kibana Pod \u662f\u5426\u5b58\u5728\u5e76\u4e14\u6b63\u5e38\u8fd0\u884c\uff1a
kubectl get po -n mcamel-system |grep mcamel-common-es-cluster-masters-kb\n
\u82e5\u4e0d\u5b58\u5728\uff0c\u5219\u624b\u52a8\u8bbe\u7f6e replica \u4e3a 1\uff0c\u5e76\u4e14\u7b49\u5f85\u670d\u52a1\u6b63\u5e38\u8fd0\u884c\uff1b\u82e5\u5b58\u5728\uff0c\u5219\u8df3\u8fc7\u8be5\u6b65\u9aa4
kubectl scale -n mcamel-system deployment mcamel-common-es-cluster-masters-kb --replicas 1\n
\u4fee\u6539 Kibana \u7684 Service \u4e3a NodePort \u66b4\u9732\u8bbf\u95ee\u65b9\u5f0f
kubectl patch svc -n mcamel-system mcamel-common-es-cluster-masters-kb-http -p '{\"spec\":{\"type\":\"NodePort\"}}'\n\n# \u4fee\u6539\u5b8c\u6210\u540e\u67e5\u770b NodePort\u3002\u6b64\u4f8b\u7684\u7aef\u53e3\u4e3a 30128\uff0c\u5219\u8bbf\u95ee\u65b9\u5f0f\u4e3a https://{\u96c6\u7fa4\u4e2d\u7684\u8282\u70b9IP}:30128\n[root@insight-master1 ~]# kubectl get svc -n mcamel-system |grep mcamel-common-es-cluster-masters-kb-http\nmcamel-common-es-cluster-masters-kb-http NodePort 10.233.51.174 <none> 5601:30128/TCP 108m\n
\u83b7\u53d6 ElasticSearch \u7684 Secret\uff0c\u7528\u4e8e\u767b\u5f55 Kibana\uff08\u7528\u6237\u540d\u4e3a elastic\uff09
kubectl get secrets -n mcamel-system mcamel-common-es-cluster-masters-es-elastic-user -o jsonpath=\"{.data.elastic}\" |base64 -d\n
\u8fdb\u5165 Kibana -> Stack Management -> Index Management \uff0c\u6253\u5f00 Include hidden indices \u9009\u9879\uff0c\u5373\u53ef\u89c1\u6240\u6709\u7684 index\u3002 \u6839\u636e index \u7684\u5e8f\u53f7\u5927\u5c0f\uff0c\u4fdd\u7559\u5e8f\u53f7\u5927\u7684 index\uff0c\u5220\u9664\u5e8f\u53f7\u5c0f\u7684 index\u3002
\u5bf9\u4e8e\u4efb\u610f\u4e00\u4e2a\u4e0d\u9700\u8981\u91c7\u96c6\u5bb9\u5668\u65e5\u5fd7\u7684 Pod, \u5728 Pod \u7684 annotation \u4e2d\u6dfb\u52a0 insight.opentelemetry.io/log-ignore: \"true\"
\u6765\u6307\u5b9a\u4e0d\u9700\u8981\u91c7\u96c6\u7684\u5bb9\u5668\u65e5\u5fd7\uff0c\u4f8b\u5982\uff1a
apiVersion: apps/v1\nkind: Pod\nmetadata:\n name: log-generator\nspec:\n selector:\n matchLabels:\n app.kubernetes.io/name: log-generator\n replicas: 1\n template:\n metadata:\n labels:\n app.kubernetes.io/name: log-generator\n annotations:\n insight.opentelemetry.io/log-ignore: \"true\"\n spec:\n containers:\n - name: nginx\n image: banzaicloud/log-generator:0.3.2\n
\u91cd\u542f Pod\uff0c\u7b49\u5f85 Pod \u6062\u590d\u8fd0\u884c\u72b6\u6001\u4e4b\u540e\uff0cFluenbit \u5c06\u4e0d\u518d\u91c7\u96c6\u8fd9\u4e2a Pod \u5185\u7684\u5bb9\u5668\u7684\u65e5\u5fd7\u3002
\u5728\u4e00\u4e2a\u5206\u5e03\u5f0f\u7cfb\u7edf\u4e2d\uff0c\u7531\u4e8e Clock Skew\uff08\u65f6\u949f\u504f\u659c\u8c03\u6574\uff09\u5f71\u54cd\uff0c \u4e0d\u540c\u4e3b\u673a\u95f4\u5b58\u5728\u65f6\u95f4\u6f02\u79fb\u73b0\u8c61\u3002\u901a\u4fd7\u6765\u8bf4\uff0c\u4e0d\u540c\u4e3b\u673a\u5728\u540c\u4e00\u65f6\u523b\u7684\u7cfb\u7edf\u65f6\u95f4\u662f\u6709\u5fae\u5c0f\u7684\u504f\u5dee\u7684\u3002
\u94fe\u8def\u8ffd\u8e2a\u7cfb\u7edf\u662f\u4e00\u4e2a\u5178\u578b\u7684\u5206\u5e03\u5f0f\u7cfb\u7edf\uff0c\u5b83\u5728\u6d89\u53ca\u65f6\u95f4\u6570\u636e\u91c7\u96c6\u4e0a\u4e5f\u53d7\u8fd9\u79cd\u73b0\u8c61\u5f71\u54cd\uff0c\u6bd4\u5982\u5728\u4e00\u6761\u94fe\u8def\u4e2d\u670d\u52a1\u7aef span \u7684\u5f00\u59cb\u65f6\u95f4\u65e9\u4e8e\u5ba2\u6237\u7aef span\uff0c \u8fd9\u79cd\u73b0\u8c61\u903b\u8f91\u4e0a\u662f\u4e0d\u5b58\u5728\u7684\uff0c\u4f46\u662f\u7531\u4e8e\u65f6\u949f\u504f\u79fb\u5f71\u54cd\uff0c\u94fe\u8def\u6570\u636e\u5728\u5404\u4e2a\u670d\u52a1\u4e2d\u88ab\u91c7\u96c6\u5230\u7684\u90a3\u4e00\u523b\u4e3b\u673a\u95f4\u7684\u7cfb\u7edf\u65f6\u5b58\u5728\u504f\u5dee\uff0c\u6700\u7ec8\u9020\u6210\u5982\u4e0b\u56fe\u6240\u793a\u7684\u73b0\u8c61\uff1a
\u4e0a\u56fe\u4e2d\u51fa\u73b0\u7684\u73b0\u8c61\u7406\u8bba\u4e0a\u65e0\u6cd5\u6d88\u9664\u3002\u4f46\u8be5\u73b0\u8c61\u8f83\u5c11\uff0c\u5373\u4f7f\u51fa\u73b0\u4e5f\u4e0d\u4f1a\u5f71\u54cd\u670d\u52a1\u95f4\u7684\u8c03\u7528\u5173\u7cfb\u3002
\u76ee\u524d Insight \u4f7f\u7528 Jaeger UI \u6765\u5c55\u793a\u94fe\u8def\u6570\u636e\uff0cUI \u5728\u9047\u5230\u8fd9\u79cd\u94fe\u8def\u65f6\u4f1a\u63d0\u9192\uff1a
\u76ee\u524d Jaeger \u7684\u793e\u533a\u6b63\u5728\u5c1d\u8bd5\u901a\u8fc7 UI \u5c42\u9762\u6765\u4f18\u5316\u8fd9\u4e2a\u95ee\u9898\u3002
\u66f4\u591a\u7684\u76f8\u5173\u8d44\u6599\uff0c\u8bf7\u53c2\u8003\uff1a
\u901a\u8fc7\u96c6\u7fa4\u76d1\u63a7\uff0c\u4f60\u53ef\u4ee5\u67e5\u770b\u96c6\u7fa4\u7684\u57fa\u672c\u4fe1\u606f\u3001\u8be5\u96c6\u7fa4\u4e2d\u7684\u8d44\u6e90\u6d88\u8017\u4ee5\u53ca\u4e00\u6bb5\u65f6\u95f4\u7684\u8d44\u6e90\u6d88\u8017\u53d8\u5316\u8d8b\u52bf\u7b49\u3002
"},{"location":"admin/insight/infra/cluster.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u96c6\u7fa4\u4e2d\u5df2\u5b89\u88c5 insight-agent \u4e14\u5e94\u7528\u5904\u4e8e \u8fd0\u884c\u4e2d \u72b6\u6001\u3002
"},{"location":"admin/insight/infra/cluster.html#_3","title":"\u64cd\u4f5c\u6b65\u9aa4","text":"\u8fdb\u5165 \u53ef\u89c2\u6d4b\u6027 \u4ea7\u54c1\u6a21\u5757\u3002
\u5728\u5de6\u8fb9\u5bfc\u822a\u680f\u9009\u62e9 \u57fa\u7840\u8bbe\u65bd -> \u96c6\u7fa4 \u3002\u5728\u8be5\u9875\u9762\u53ef\u67e5\u770b\u4ee5\u4e0b\u4fe1\u606f\uff1a
\u5207\u6362\u5230 \u8d44\u6e90\u6c34\u4f4d\u7ebf\u76d1\u63a7 \u9875\u7b7e\uff0c\u53ef\u67e5\u770b\u5f53\u524d\u96c6\u7fa4\u7684\u66f4\u591a\u76d1\u63a7\u6570\u636e\u3002
\u5bb9\u5668\u76d1\u63a7\u662f\u5bf9\u96c6\u7fa4\u7ba1\u7406\u4e2d\u5de5\u4f5c\u8d1f\u8f7d\u7684\u76d1\u63a7\uff0c\u5728\u5217\u8868\u4e2d\u53ef\u67e5\u770b\u5de5\u4f5c\u8d1f\u8f7d\u7684\u57fa\u672c\u4fe1\u606f\u548c\u72b6\u6001\u3002\u5728\u5de5\u4f5c\u8d1f\u8f7d\u8be6\u60c5\u9875\uff0c\u53ef\u67e5\u770b\u6b63\u5728\u544a\u8b66\u7684\u6570\u91cf\u4ee5\u53ca CPU\u3001\u5185\u5b58\u7b49\u8d44\u6e90\u6d88\u8017\u7684\u53d8\u5316\u8d8b\u52bf\u3002
"},{"location":"admin/insight/infra/container.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u96c6\u7fa4\u5df2\u5b89\u88c5 insight-agent\uff0c\u4e14\u6240\u6709\u7684\u5bb9\u5668\u7ec4\u5904\u4e8e \u8fd0\u884c\u4e2d \u72b6\u6001\u3002
\u8bf7\u6309\u7167\u4ee5\u4e0b\u6b65\u9aa4\u67e5\u770b\u670d\u52a1\u76d1\u63a7\u6307\u6807\uff1a
\u8fdb\u5165 \u53ef\u89c2\u6d4b\u6027 \u4ea7\u54c1\u6a21\u5757\u3002
\u5728\u5de6\u8fb9\u5bfc\u822a\u680f\u9009\u62e9 \u57fa\u7840\u8bbe\u65bd -> \u5de5\u4f5c\u8d1f\u8f7d \u3002
\u5207\u6362\u9876\u90e8 Tab\uff0c\u67e5\u770b\u4e0d\u540c\u7c7b\u578b\u5de5\u4f5c\u8d1f\u8f7d\u7684\u6570\u636e\u3002
\u70b9\u51fb\u76ee\u6807\u5de5\u4f5c\u8d1f\u8f7d\u540d\u79f0\u67e5\u770b\u8be6\u60c5\u3002
\u5207\u6362 Tab \u5230 \u5bb9\u5668\u7ec4\u5217\u8868 \uff0c\u53ef\u67e5\u770b\u5de5\u4f5c\u8d1f\u8f7d\u7684\u5404\u4e2a\u5bb9\u5668\u7ec4\u72b6\u6001\u3001\u6240\u5728\u8282\u70b9\u3001\u91cd\u542f\u6b21\u6570\u7b49\u4fe1\u606f\u3002
\u5207\u6362 Tab \u5230 JVM \u76d1\u63a7 \uff0c\u53ef\u67e5\u770b\u5404\u4e2a\u5bb9\u5668\u7ec4\u7684 JVM \u6307\u6807\u3002
Note
AI \u7b97\u529b\u5e73\u53f0 Insight \u652f\u6301\u6309\u96c6\u7fa4\u3001\u547d\u540d\u7a7a\u95f4\u67e5\u8be2\u4e8b\u4ef6\uff0c\u5e76\u63d0\u4f9b\u4e86\u4e8b\u4ef6\u72b6\u6001\u5206\u5e03\u56fe\uff0c\u5bf9\u91cd\u8981\u4e8b\u4ef6\u8fdb\u884c\u7edf\u8ba1\u3002
"},{"location":"admin/insight/infra/event.html#_2","title":"\u64cd\u4f5c\u6b65\u9aa4","text":"\u5de6\u4fa7\u5bfc\u822a\u680f\u4e2d\uff0c\u9009\u62e9 \u57fa\u7840\u8bbe\u7f6e > \u4e8b\u4ef6 \u3002
\u9ed8\u8ba4\u663e\u793a\u6700\u8fd1 12 \u5c0f\u65f6\u5185\u53d1\u751f\u7684\u4e8b\u4ef6\uff0c\u60a8\u53ef\u4ee5\u5728\u53f3\u4e0a\u89d2\u9009\u62e9\u4e0d\u540c\u7684\u65f6\u95f4\u8303\u56f4\u6765\u67e5\u770b\u8f83\u957f\u6216\u8f83\u77ed\u7684\u65f6\u95f4\u6bb5\u3002 \u60a8\u8fd8\u53ef\u4ee5\u81ea\u5b9a\u4e49\u91c7\u6837\u95f4\u9694\u4e3a 1 \u5206\u949f\u81f3 5 \u5c0f\u65f6\u3002
\u901a\u8fc7\u4e8b\u4ef6\u72b6\u6001\u5206\u5e03\u56fe\uff0c\u60a8\u53ef\u4ee5\u76f4\u89c2\u5730\u4e86\u89e3\u4e8b\u4ef6\u7684\u5bc6\u96c6\u7a0b\u5ea6\u548c\u5206\u6563\u60c5\u51b5\u3002 \u8fd9\u6709\u52a9\u4e8e\u5bf9\u540e\u7eed\u7684\u96c6\u7fa4\u8fd0\u7ef4\u8fdb\u884c\u8bc4\u4f30\uff0c\u5e76\u505a\u597d\u51c6\u5907\u548c\u5b89\u6392\u5de5\u4f5c\u3002 \u5982\u679c\u4e8b\u4ef6\u5bc6\u96c6\u53d1\u751f\u5728\u7279\u5b9a\u65f6\u6bb5\uff0c\u60a8\u53ef\u80fd\u9700\u8981\u8c03\u914d\u66f4\u591a\u7684\u8d44\u6e90\u6216\u91c7\u53d6\u76f8\u5e94\u63aa\u65bd\u6765\u786e\u4fdd\u96c6\u7fa4\u7a33\u5b9a\u6027\u548c\u9ad8\u53ef\u7528\u6027\u3002 \u800c\u5982\u679c\u4e8b\u4ef6\u8f83\u4e3a\u5206\u6563\uff0c\u5728\u6b64\u671f\u95f4\u60a8\u53ef\u4ee5\u5408\u7406\u5b89\u6392\u5176\u4ed6\u8fd0\u7ef4\u5de5\u4f5c\uff0c\u4f8b\u5982\u7cfb\u7edf\u4f18\u5316\u3001\u5347\u7ea7\u6216\u5904\u7406\u5176\u4ed6\u4efb\u52a1\u3002
\u901a\u8fc7\u7efc\u5408\u8003\u8651\u4e8b\u4ef6\u72b6\u6001\u5206\u5e03\u56fe\u548c\u65f6\u95f4\u8303\u56f4\uff0c\u60a8\u80fd\u66f4\u597d\u5730\u89c4\u5212\u548c\u7ba1\u7406\u96c6\u7fa4\u7684\u8fd0\u7ef4\u5de5\u4f5c\uff0c\u786e\u4fdd\u7cfb\u7edf\u7a33\u5b9a\u6027\u548c\u53ef\u9760\u6027\u3002
"},{"location":"admin/insight/infra/event.html#_4","title":"\u4e8b\u4ef6\u603b\u6570\u548c\u7edf\u8ba1","text":"\u901a\u8fc7\u91cd\u8981\u4e8b\u4ef6\u7edf\u8ba1\uff0c\u60a8\u53ef\u4ee5\u65b9\u4fbf\u5730\u4e86\u89e3\u955c\u50cf\u62c9\u53d6\u5931\u8d25\u6b21\u6570\u3001\u5065\u5eb7\u68c0\u67e5\u5931\u8d25\u6b21\u6570\u3001\u5bb9\u5668\u7ec4\uff08Pod\uff09\u8fd0\u884c\u5931\u8d25\u6b21\u6570\u3001 Pod \u8c03\u5ea6\u5931\u8d25\u6b21\u6570\u3001\u5bb9\u5668 OOM \u5185\u5b58\u8017\u5c3d\u6b21\u6570\u3001\u5b58\u50a8\u5377\u6302\u8f7d\u5931\u8d25\u6b21\u6570\u4ee5\u53ca\u6240\u6709\u4e8b\u4ef6\u7684\u603b\u6570\u3002\u8fd9\u4e9b\u4e8b\u4ef6\u901a\u5e38\u5206\u4e3a\u300cWarning\u300d\u548c\u300cNormal\u300d\u4e24\u7c7b\u3002
"},{"location":"admin/insight/infra/event.html#_5","title":"\u4e8b\u4ef6\u5217\u8868","text":"\u4e8b\u4ef6\u5217\u8868\u4ee5\u65f6\u95f4\u4e3a\u8f74\uff0c\u4ee5\u6d41\u6c34\u7684\u5f62\u5f0f\u5c55\u793a\u53d1\u751f\u7684\u4e8b\u4ef6\u3002\u60a8\u53ef\u4ee5\u6839\u636e\u300c\u6700\u8fd1\u53d1\u751f\u65f6\u95f4\u300d\u548c\u300c\u7ea7\u522b\u300d\u8fdb\u884c\u6392\u5e8f\u3002
\u70b9\u51fb\u53f3\u4fa7\u7684 \u2699\ufe0f \u56fe\u6807\uff0c\u60a8\u53ef\u4ee5\u6839\u636e\u81ea\u5df1\u7684\u559c\u597d\u548c\u9700\u6c42\u6765\u81ea\u5b9a\u4e49\u663e\u793a\u7684\u5217\u3002
\u5728\u9700\u8981\u7684\u65f6\u5019\uff0c\u60a8\u8fd8\u53ef\u4ee5\u70b9\u51fb\u5237\u65b0\u56fe\u6807\u6765\u66f4\u65b0\u5f53\u524d\u7684\u4e8b\u4ef6\u5217\u8868\u3002
"},{"location":"admin/insight/infra/event.html#_6","title":"\u5176\u4ed6\u64cd\u4f5c","text":"\u5728\u4e8b\u4ef6\u5217\u8868\u4e2d\u64cd\u4f5c\u5217\u7684\u56fe\u6807\uff0c\u53ef\u67e5\u770b\u67d0\u4e00\u4e8b\u4ef6\u7684\u5143\u6570\u636e\u4fe1\u606f\u3002
\u70b9\u51fb\u9876\u90e8\u9875\u7b7e\u7684 \u4e0a\u4e0b\u6587 \u53ef\u67e5\u770b\u8be5\u4e8b\u4ef6\u5bf9\u5e94\u8d44\u6e90\u7684\u5386\u53f2\u4e8b\u4ef6\u8bb0\u5f55\u3002
\u6709\u5173\u7cfb\u7edf\u81ea\u5e26\u7684 Event \u4e8b\u4ef6\u7684\u8be6\u7ec6\u542b\u4e49\uff0c\u8bf7\u53c2\u9605 Kubenetest API \u4e8b\u4ef6\u5217\u8868\u3002
"},{"location":"admin/insight/infra/namespace.html","title":"\u547d\u540d\u7a7a\u95f4\u76d1\u63a7","text":"\u4ee5\u547d\u540d\u7a7a\u95f4\u4e3a\u7ef4\u5ea6\uff0c\u5feb\u901f\u67e5\u8be2\u547d\u540d\u7a7a\u95f4\u5185\u7684\u8d44\u6e90\u6d88\u8017\u548c\u53d8\u5316\u8d8b\u52bf\u3002
"},{"location":"admin/insight/infra/namespace.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u96c6\u7fa4\u4e2d\u5df2\u5b89\u88c5 insight-agent \u4e14\u5e94\u7528\u5904\u4e8e \u8fd0\u884c\u4e2d \u72b6\u6001\u3002
"},{"location":"admin/insight/infra/namespace.html#_3","title":"\u64cd\u4f5c\u6b65\u9aa4","text":"\u8fdb\u5165 \u53ef\u89c2\u6d4b\u6027 \u4ea7\u54c1\u6a21\u5757\u3002
\u5728\u5de6\u8fb9\u5bfc\u822a\u680f\u9009\u62e9 \u57fa\u7840\u8bbe\u65bd > \u547d\u540d\u7a7a\u95f4 \u3002\u5728\u8be5\u9875\u9762\u53ef\u67e5\u770b\u4ee5\u4e0b\u4fe1\u606f\uff1a
\u901a\u8fc7\u8282\u70b9\u76d1\u63a7\uff0c\u4f60\u53ef\u4ee5\u6982\u89c8\u6240\u9009\u96c6\u7fa4\u4e0b\u8282\u70b9\u7684\u5f53\u524d\u5065\u5eb7\u72b6\u6001\u3001\u5bf9\u5e94\u5bb9\u5668\u7ec4\u7684\u5f02\u5e38\u6570\u91cf\uff1b \u5728\u5f53\u524d\u8282\u70b9\u8be6\u60c5\u9875\uff0c\u4f60\u53ef\u4ee5\u67e5\u770b\u6b63\u5728\u544a\u8b66\u7684\u6570\u91cf\u4ee5\u53ca CPU\u3001\u5185\u5b58\u3001\u78c1\u76d8\u7b49\u8d44\u6e90\u6d88\u8017\u7684\u53d8\u5316\u8d8b\u52bf\u56fe\u3002
"},{"location":"admin/insight/infra/node.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u96c6\u7fa4\u4e2d\u5df2\u5b89\u88c5 insight-agent \u4e14\u5e94\u7528\u5904\u4e8e \u8fd0\u884c\u4e2d \u72b6\u6001\u3002
"},{"location":"admin/insight/infra/node.html#_3","title":"\u64cd\u4f5c\u6b65\u9aa4","text":"\u8fdb\u5165 \u53ef\u89c2\u6d4b\u6027 \u4ea7\u54c1\u6a21\u5757\u3002
\u5728\u5de6\u8fb9\u5bfc\u822a\u680f\u9009\u62e9 \u57fa\u7840\u8bbe\u65bd -> \u8282\u70b9 \u3002\u5728\u8be5\u9875\u9762\u53ef\u67e5\u770b\u4ee5\u4e0b\u4fe1\u606f\uff1a
\u5207\u6362\u5230 \u8d44\u6e90\u6c34\u4f4d\u7ebf\u76d1\u63a7 \u9875\u7b7e\uff0c\u53ef\u67e5\u770b\u5f53\u524d\u8282\u70b9\u7684\u66f4\u591a\u76d1\u63a7\u6570\u636e\u3002
\u62e8\u6d4b\uff08Probe\uff09\u6307\u7684\u662f\u57fa\u4e8e\u9ed1\u76d2\u76d1\u63a7\uff0c\u5b9a\u671f\u901a\u8fc7 HTTP\u3001TCP \u7b49\u65b9\u5f0f\u5bf9\u76ee\u6807\u8fdb\u884c\u8fde\u901a\u6027\u6d4b\u8bd5\uff0c\u5feb\u901f\u53d1\u73b0\u6b63\u5728\u53d1\u751f\u7684\u6545\u969c\u3002
Insight \u57fa\u4e8e Prometheus Blackbox Exporter \u5de5\u5177\u901a\u8fc7 HTTP\u3001HTTPS\u3001DNS\u3001TCP \u548c ICMP \u7b49\u534f\u8bae\uff0c\u5bf9\u7f51\u7edc\u8fdb\u884c\u63a2\u6d4b\u5e76\u8fd4\u56de\u63a2\u6d4b\u7ed3\u679c\u4ee5\u4fbf\u4e86\u89e3\u7f51\u7edc\u72b6\u6001\u3002
"},{"location":"admin/insight/infra/probe.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u76ee\u6807\u96c6\u7fa4\u4e2d\u5df2\u6210\u529f\u90e8\u7f72 insight-agent\uff0c\u4e14\u5904\u4e8e \u8fd0\u884c\u4e2d \u72b6\u6001\u3002
"},{"location":"admin/insight/infra/probe.html#_3","title":"\u67e5\u770b\u62e8\u6d4b\u4efb\u52a1","text":"\u5728\u5de6\u8fb9\u5bfc\u822a\u680f\u9009\u62e9 \u57fa\u7840\u8bbe\u65bd -> \u62e8\u6d4b\u3002
\u586b\u5199\u57fa\u672c\u4fe1\u606f\u540e\u70b9\u51fb \u4e0b\u4e00\u6b65
\u914d\u7f6e\u63a2\u6d4b\u53c2\u6570\u3002
\u914d\u7f6e\u5b8c\u6210\u540e\uff0c\u70b9\u51fb \u786e\u5b9a \u5373\u53ef\u5b8c\u6210\u521b\u5efa\u3002
Warning
\u62e8\u6d4b\u4efb\u52a1\u521b\u5efa\u5b8c\u6210\u540e\uff0c\u9700\u8981\u5927\u6982 3 \u5206\u949f\u7684\u65f6\u95f4\u6765\u540c\u6b65\u914d\u7f6e\u3002\u5728\u6b64\u671f\u95f4\uff0c\u4e0d\u4f1a\u8fdb\u884c\u63a2\u6d4b\uff0c\u65e0\u6cd5\u67e5\u770b\u63a2\u6d4b\u7ed3\u679c\u3002
"},{"location":"admin/insight/infra/probe.html#_5","title":"\u7f16\u8f91\u62e8\u6d4b\u4efb\u52a1","text":"\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507 -> \u7f16\u8f91\uff0c\u5b8c\u6210\u7f16\u8f91\u540e\u70b9\u51fb \u786e\u5b9a\u3002
"},{"location":"admin/insight/infra/probe.html#_6","title":"\u67e5\u770b\u76d1\u63a7\u9762\u677f","text":"\u70b9\u51fb\u62e8\u6d4b\u540d\u79f0
\u67e5\u770b\u62e8\u6d4b\u4efb\u52a1\u4e2d\u6bcf\u4e2a\u76ee\u6807\u7684\u76d1\u63a7\u72b6\u6001\uff0c\u4ee5\u56fe\u8868\u65b9\u5f0f\u663e\u793a\u9488\u5bf9\u7f51\u7edc\u72b6\u51b5\u7684\u63a2\u6d4b\u7ed3\u679c\u3002
\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507 -> \u5220\u9664\uff0c\u786e\u8ba4\u65e0\u8bef\u540e\u70b9\u51fb \u786e\u5b9a\u3002
Caution
\u5220\u9664\u64cd\u4f5c\u4e0d\u53ef\u6062\u590d\uff0c\u8bf7\u8c28\u614e\u64cd\u4f5c\u3002
"},{"location":"admin/insight/quickstart/install/index.html","title":"\u5f00\u59cb\u89c2\u6d4b","text":"AI \u7b97\u529b\u4e2d\u5fc3 \u5e73\u53f0\u5b9e\u73b0\u4e86\u5bf9\u591a\u4e91\u591a\u96c6\u7fa4\u7684\u7eb3\u7ba1\uff0c\u5e76\u652f\u6301\u521b\u5efa\u96c6\u7fa4\u3002\u5728\u6b64\u57fa\u7840\u4e0a\uff0c\u53ef\u89c2\u6d4b\u6027 Insight \u4f5c\u4e3a\u591a\u96c6\u7fa4\u7edf\u4e00\u89c2\u6d4b\u65b9\u6848\uff0c\u901a\u8fc7\u90e8\u7f72 insight-agent \u63d2\u4ef6\u5b9e\u73b0\u5bf9\u591a\u96c6\u7fa4\u89c2\u6d4b\u6570\u636e\u7684\u91c7\u96c6\uff0c\u5e76\u652f\u6301\u901a\u8fc7 AI \u7b97\u529b\u4e2d\u5fc3 \u53ef\u89c2\u6d4b\u6027\u4ea7\u54c1\u5b9e\u73b0\u5bf9\u6307\u6807\u3001\u65e5\u5fd7\u3001\u94fe\u8def\u6570\u636e\u7684\u67e5\u8be2\u3002
insight-agent \u662f\u53ef\u89c2\u6d4b\u6027\u5b9e\u73b0\u5bf9\u591a\u96c6\u7fa4\u6570\u636e\u91c7\u96c6\u7684\u5de5\u5177\uff0c\u5b89\u88c5\u540e\u65e0\u9700\u4efb\u4f55\u4fee\u6539\uff0c\u5373\u53ef\u5b9e\u73b0\u5bf9\u6307\u6807\u3001\u65e5\u5fd7\u4ee5\u53ca\u94fe\u8def\u6570\u636e\u7684\u81ea\u52a8\u5316\u91c7\u96c6\u3002
\u901a\u8fc7 \u5bb9\u5668\u7ba1\u7406 \u521b\u5efa\u7684\u96c6\u7fa4\u9ed8\u8ba4\u4f1a\u5b89\u88c5 insight-agent\uff0c\u6545\u5728\u6b64\u4ec5\u9488\u5bf9\u63a5\u5165\u7684\u96c6\u7fa4\u5982\u4f55\u5f00\u542f\u89c2\u6d4b\u80fd\u529b\u63d0\u4f9b\u6307\u5bfc\u3002
\u53ef\u89c2\u6d4b\u6027 Insight \u4f5c\u4e3a\u591a\u96c6\u7fa4\u7684\u7edf\u4e00\u89c2\u6d4b\u5e73\u53f0\uff0c\u5176\u90e8\u5206\u7ec4\u4ef6\u7684\u8d44\u6e90\u6d88\u8017\u4e0e\u521b\u5efa\u96c6\u7fa4\u7684\u6570\u636e\u3001\u63a5\u5165\u96c6\u7fa4\u7684\u6570\u91cf\u606f\u606f\u76f8\u5173\uff0c\u5728\u5b89\u88c5 insight-agent \u65f6\uff0c\u9700\u8981\u6839\u636e\u96c6\u7fa4\u89c4\u6a21\u5bf9\u76f8\u5e94\u7ec4\u4ef6\u7684\u8d44\u6e90\u8fdb\u884c\u8c03\u6574\u3002
\u6839\u636e\u521b\u5efa\u96c6\u7fa4\u7684\u89c4\u6a21\u6216\u63a5\u5165\u96c6\u7fa4\u7684\u89c4\u6a21\uff0c\u8c03\u6574 insight-agent \u4e2d\u91c7\u96c6\u7ec4\u4ef6 Prometheus \u7684 CPU \u548c\u5185\u5b58\uff0c\u8bf7\u53c2\u8003: Prometheus \u8d44\u6e90\u89c4\u5212
\u7531\u4e8e\u591a\u96c6\u7fa4\u7684\u6307\u6807\u6570\u636e\u4f1a\u7edf\u4e00\u5b58\u50a8\uff0c\u5219\u9700\u8981 AI \u7b97\u529b\u4e2d\u5fc3 \u5e73\u53f0\u7ba1\u7406\u5458\u6839\u636e\u521b\u5efa\u96c6\u7fa4\u7684\u89c4\u6a21\u3001\u63a5\u5165\u96c6\u7fa4\u7684\u89c4\u6a21\u5bf9\u5e94\u8c03\u6574 vmstorage \u7684\u78c1\u76d8\uff0c\u8bf7\u53c2\u8003\uff1avmstorage \u78c1\u76d8\u5bb9\u91cf\u89c4\u5212\u3002
\u5982\u4f55\u8c03\u6574 vmstorage \u7684\u78c1\u76d8\uff0c\u8bf7\u53c2\u8003\uff1avmstorge \u78c1\u76d8\u6269\u5bb9\u3002
\u7531\u4e8e AI \u7b97\u529b\u4e2d\u5fc3 \u652f\u6301\u5bf9\u591a\u4e91\u591a\u96c6\u7fa4\u7684\u7eb3\u7ba1\uff0cinsight-agent \u76ee\u524d\u4e5f\u5b8c\u6210\u4e86\u90e8\u5206\u9a8c\u8bc1\uff0c\u7531\u4e8e\u76d1\u63a7\u7ec4\u4ef6\u51b2\u7a81\u95ee\u9898\u5bfc\u81f4\u5728 Openshift 4.x \u96c6\u7fa4\u4e2d\u5b89\u88c5 insight-agent \u4f1a\u51fa\u73b0\u95ee\u9898\uff0c\u82e5\u60a8\u9047\u5230\u540c\u6837\u95ee\u9898\uff0c\u8bf7\u53c2\u8003\u4ee5\u4e0b\u6587\u6863\uff1a
\u53ef\u89c2\u6d4b\u6027\u6a21\u5757\u4e3a\u4e86\u63d0\u9ad8\u5927\u89c4\u6a21\u73af\u5883\u4e0b\u7684\u6570\u636e\u5199\u5165\u80fd\u529b\uff0c\u652f\u6301\u5c06\u65e5\u5fd7\u5207\u6362\u4e3a \u5927\u65e5\u5fd7 \u6a21\u5f0f\u3001\u5c06\u94fe\u8def\u5207\u6362\u4e3a \u5927\u94fe\u8def \u6a21\u5f0f\u3002\u672c\u6587\u5c06\u4ecb\u7ecd\u4ee5\u4e0b\u51e0\u79cd\u5f00\u542f\u65b9\u5f0f\uff1a
\u672c\u8282\u8bf4\u660e\u666e\u901a\u65e5\u5fd7\u6a21\u5f0f\u548c\u5927\u65e5\u5fd7\u6a21\u5f0f\u7684\u533a\u522b\u3002
"},{"location":"admin/insight/quickstart/install/big-log-and-trace.html#_3","title":"\u65e5\u5fd7\u6a21\u5f0f","text":"\u7ec4\u4ef6\uff1aFluentbit + Elasticsearch
\u8be5\u6a21\u5f0f\u7b80\u79f0\u4e3a ES \u6a21\u5f0f\uff0c\u6570\u636e\u6d41\u56fe\u5982\u4e0b\u6240\u793a\uff1a
"},{"location":"admin/insight/quickstart/install/big-log-and-trace.html#_4","title":"\u5927\u65e5\u5fd7\u6a21\u5f0f","text":"\u7ec4\u4ef6\uff1aFluentbit + Kafka + Vector + Elasticsearch
\u8be5\u6a21\u5f0f\u7b80\u79f0\u4e3a Kafka \u6a21\u5f0f\uff0c\u6570\u636e\u6d41\u56fe\u5982\u4e0b\u6240\u793a\uff1a
"},{"location":"admin/insight/quickstart/install/big-log-and-trace.html#_5","title":"\u94fe\u8def","text":"\u672c\u8282\u8bf4\u660e\u666e\u901a\u94fe\u8def\u6a21\u5f0f\u548c\u5927\u94fe\u8def\u6a21\u5f0f\u7684\u533a\u522b\u3002
"},{"location":"admin/insight/quickstart/install/big-log-and-trace.html#_6","title":"\u94fe\u8def\u6a21\u5f0f","text":"\u7ec4\u4ef6\uff1aAgent opentelemetry-collector + Global opentelemetry-collector + Jaeger-collector + Elasticsearch
\u8be5\u6a21\u5f0f\u7b80\u79f0\u4e3a OTlp \u6a21\u5f0f\uff0c\u6570\u636e\u6d41\u56fe\u5982\u4e0b\u6240\u793a\uff1a
"},{"location":"admin/insight/quickstart/install/big-log-and-trace.html#_7","title":"\u5927\u94fe\u8def\u6a21\u5f0f","text":"\u7ec4\u4ef6\uff1aAgent opentelemetry-collector + Kafka + Global opentelemetry-collector + Jaeger-collector + Elasticsearch
\u8be5\u6a21\u5f0f\u7b80\u79f0\u4e3a Kafka \u6a21\u5f0f\uff0c\u6570\u636e\u6d41\u56fe\u5982\u4e0b\u6240\u793a\uff1a
"},{"location":"admin/insight/quickstart/install/big-log-and-trace.html#_8","title":"\u901a\u8fc7\u5b89\u88c5\u5668\u5f00\u542f","text":"\u901a\u8fc7\u5b89\u88c5\u5668\u90e8\u7f72/\u5347\u7ea7 AI \u7b97\u529b\u4e2d\u5fc3 \u65f6\u4f7f\u7528\u7684 manifest.yaml \u4e2d\u5b58\u5728 infrastructures.kafka \u5b57\u6bb5\uff0c \u5982\u679c\u60f3\u5f00\u542f\u53ef\u89c2\u6d4b\u7684\u5927\u65e5\u5fd7\u548c\u5927\u94fe\u8def\u6a21\u5f0f\uff0c\u5219\u9700\u8981\u542f\u7528 kafka\uff1a
manifest.yamlapiVersion: manifest.daocloud.io/v1alpha1\nkind: DCEManifest\n...\ninfrastructures:\n ...\n kafka:\n enable: true # \u9ed8\u8ba4\u4e3a false\n cpuLimit: 1\n memLimit: 2Gi\n pvcSize: 15Gi\n
"},{"location":"admin/insight/quickstart/install/big-log-and-trace.html#_9","title":"\u5f00\u542f","text":"\u5b89\u88c5\u65f6\u4f7f\u7528\u542f\u7528 kafka
\u7684 manifest.yaml\uff0c\u5219\u4f1a\u9ed8\u8ba4\u5b89\u88c5 kafka \u4e2d\u95f4\u4ef6\uff0c \u5e76\u5728\u5b89\u88c5 Insight \u65f6\u9ed8\u8ba4\u5f00\u542f\u5927\u65e5\u5fd7\u548c\u5927\u94fe\u8def\u6a21\u5f0f\u3002\u5b89\u88c5\u547d\u4ee4\u4e3a\uff1a
./dce5-installer cluster-create -c clusterConfig.yaml -m manifest.yaml\n
"},{"location":"admin/insight/quickstart/install/big-log-and-trace.html#_10","title":"\u5347\u7ea7","text":"\u5347\u7ea7\u540c\u6837\u662f\u4fee\u6539 kafka
\u5b57\u6bb5\u3002\u4f46\u9700\u8981\u6ce8\u610f\u7684\u662f\uff0c\u56e0\u4e3a\u8001\u73af\u5883\u5b89\u88c5\u65f6\u4f7f\u7528\u7684\u662f kafka: false
\uff0c \u6240\u4ee5\u73af\u5883\u4e2d\u65e0 kafka\u3002\u6b64\u65f6\u5347\u7ea7\u9700\u8981\u6307\u5b9a\u5347\u7ea7 middleware
\uff0c\u624d\u4f1a\u540c\u65f6\u5b89\u88c5 kafka \u4e2d\u95f4\u4ef6\u3002\u5347\u7ea7\u547d\u4ee4\u4e3a\uff1a
./dce5-installer cluster-create -c clusterConfig.yaml -m manifest.yaml -u gproduct,middleware\n
Note
\u5728\u5347\u7ea7\u5b8c\u6210\u540e\uff0c\u9700\u8981\u624b\u52a8\u91cd\u542f\u4ee5\u4e0b\u7ec4\u4ef6\uff1a
\u524d\u63d0\u6761\u4ef6\uff1a\u9700\u8981\u4fdd\u8bc1\u5b58\u5728 \u53ef\u7528\u7684 kafka \u4e14\u5730\u5740\u53ef\u6b63\u5e38\u8bbf\u95ee\u3002
\u6839\u636e\u4ee5\u4e0b\u547d\u4ee4\u83b7\u53d6\u8001\u7248\u672c insight \u548c insight-agent \u7684 values\uff08\u5efa\u8bae\u505a\u597d\u5907\u4efd\uff09\uff1a
helm get values insight -n insight-system -o yaml > insight.yaml\nhelm get values insight-agent -n insight-system -o yaml > insight-agent.yaml\n
"},{"location":"admin/insight/quickstart/install/big-log-and-trace.html#_11","title":"\u5f00\u542f\u5927\u65e5\u5fd7","text":"\u6709\u4ee5\u4e0b\u51e0\u79cd\u65b9\u5f0f\u5f00\u542f\u6216\u5347\u7ea7\u81f3\u5927\u65e5\u5fd7\u6a21\u5f0f\uff1a
\u5728helm upgrade
\u547d\u4ee4\u4e2d\u4f7f\u7528 --set\u4fee\u6539 YAML \u540e\u8fd0\u884c helm upgrade\u5bb9\u5668\u7ba1\u7406 UI \u5347\u7ea7 \u5148\u8fd0\u884c\u4ee5\u4e0b insight \u5347\u7ea7\u547d\u4ee4\uff0c\u6ce8\u610f kafka brokers \u5730\u5740\u9700\u6b63\u786e\uff1a
helm upgrade insight insight-release/insight \\\n -n insight-system \\\n -f ./insight.yaml \\\n --set global.kafka.brokers=\"10.6.216.111:30592\" \\\n --set global.kafka.enabled=true \\\n --set vector.enabled=true \\\n --version 0.30.1\n
\u7136\u540e\u8fd0\u884c\u4ee5\u4e0b insight-agent \u5347\u7ea7\u547d\u4ee4\uff0c\u6ce8\u610f kafka brokers \u5730\u5740\u9700\u6b63\u786e\uff1a
helm upgrade insight-agent insight-release/insight-agent \\\n -n insight-system \\\n -f ./insight-agent.yaml \\\n --set global.exporters.logging.kafka.brokers=\"10.6.216.111:30592\" \\\n --set global.exporters.logging.output=kafka \\\n --version 0.30.1\n
\u53c2\u7167\u4ee5\u4e0b\u6b65\u9aa4\u4fee\u6539 YAMl \u540e\u8fd0\u884c helm upgrade
\u547d\u4ee4\uff1a
\u4fee\u6539 insight.yaml
insight.yamlglobal:\n ...\n kafka:\n brokers: 10.6.216.111:30592\n enabled: true\n...\nvector:\n enabled: true\n
\u5347\u7ea7 insight \u7ec4\u4ef6\uff1a
helm upgrade insight insight-release/insight \\\n -n insight-system \\\n -f ./insight.yaml \\\n --version 0.30.1\n
\u4fee\u6539 insight-agent.yaml
insight-agent.yamlglobal:\n ...\n exporters:\n ...\n logging:\n ...\n kafka:\n brokers: 10.6.216.111:30592\n output: kafka\n
\u5347\u7ea7 insight-agent\uff1a
helm upgrade insight-agent insight-release/insight-agent \\\n -n insight-system \\\n -f ./insight-agent.yaml \\\n --version 0.30.1\n
\u5728\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u4e2d\uff0c\u627e\u5230\u5bf9\u5e94\u7684\u96c6\u7fa4\uff0c\u4ece\u5de6\u4fa7\u5bfc\u822a\u680f\u9009\u62e9 Helm \u5e94\u7528 \uff0c\u627e\u5230\u5e76\u66f4\u65b0 insight-agent\u3002
\u5728 Logging Settings \u4e2d\uff0c\u4e3a output \u9009\u62e9 kafka\uff0c\u5e76\u586b\u5199\u6b63\u786e\u7684 brokers \u5730\u5740\u3002
\u9700\u8981\u6ce8\u610f\u7684\u662f\uff0c\u5728\u5347\u7ea7\u5b8c\u6210\u540e\uff0c\u9700\u624b\u52a8\u91cd\u542f insight-agent-fluent-bit \u7ec4\u4ef6\u3002
"},{"location":"admin/insight/quickstart/install/big-log-and-trace.html#_12","title":"\u5f00\u542f\u5927\u94fe\u8def","text":"\u6709\u4ee5\u4e0b\u51e0\u79cd\u65b9\u5f0f\u5f00\u542f\u6216\u5347\u7ea7\u81f3\u5927\u94fe\u8def\u6a21\u5f0f\uff1a
\u5728helm upgrade
\u547d\u4ee4\u4e2d\u4f7f\u7528 --set\u4fee\u6539 YAML \u540e\u8fd0\u884c helm upgrade\u5bb9\u5668\u7ba1\u7406 UI \u5347\u7ea7 \u5148\u8fd0\u884c\u4ee5\u4e0b insight \u5347\u7ea7\u547d\u4ee4\uff0c\u6ce8\u610f kafka brokers \u5730\u5740\u9700\u6b63\u786e\uff1a
helm upgrade insight insight-release/insight \\\n -n insight-system \\\n -f ./insight.yaml \\\n --set global.kafka.brokers=\"10.6.216.111:30592\" \\\n --set global.kafka.enabled=true \\\n --set global.tracing.kafkaReceiver.enabled=true \\\n --version 0.30.1\n
\u7136\u540e\u8fd0\u884c\u4ee5\u4e0b insight-agent \u5347\u7ea7\u547d\u4ee4\uff0c\u6ce8\u610f kafka brokers \u5730\u5740\u9700\u6b63\u786e\uff1a
helm upgrade insight-agent insight-release/insight-agent \\\n -n insight-system \\\n -f ./insight-agent.yaml \\\n --set global.exporters.trace.kafka.brokers=\"10.6.216.111:30592\" \\\n --set global.exporters.trace.output=kafka \\\n --version 0.30.1\n
\u53c2\u7167\u4ee5\u4e0b\u6b65\u9aa4\u4fee\u6539 YAMl \u540e\u8fd0\u884c helm upgrade
\u547d\u4ee4\uff1a
\u4fee\u6539 insight.yaml
insight.yamlglobal:\n ...\n kafka:\n brokers: 10.6.216.111:30592\n enabled: true\n...\ntracing:\n ...\n kafkaReceiver:\n enabled: true\n
\u5347\u7ea7 insight \u7ec4\u4ef6\uff1a
helm upgrade insight insight-release/insight \\\n -n insight-system \\\n -f ./insight.yaml \\\n --version 0.30.1\n
\u4fee\u6539 insight-agent.yaml
insight-agent.yamlglobal:\n ...\n exporters:\n ...\n trace:\n ...\n kafka:\n brokers: 10.6.216.111:30592\n output: kafka\n
\u5347\u7ea7 insight-agent\uff1a
helm upgrade insight-agent insight-release/insight-agent \\\n -n insight-system \\\n -f ./insight-agent.yaml \\\n --version 0.30.1\n
\u5728\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u4e2d\uff0c\u627e\u5230\u5bf9\u5e94\u7684\u96c6\u7fa4\uff0c\u4ece\u5de6\u4fa7\u5bfc\u822a\u680f\u9009\u62e9 Helm \u5e94\u7528 \uff0c\u627e\u5230\u5e76\u66f4\u65b0 insight-agent\u3002
\u5728 Trace Settings \u4e2d\uff0c\u4e3a output \u9009\u62e9 kafka\uff0c\u5e76\u586b\u5199\u6b63\u786e\u7684 brokers \u5730\u5740\u3002
\u9700\u8981\u6ce8\u610f\u7684\u662f\uff0c\u5728\u5347\u7ea7\u5b8c\u6210\u540e\uff0c\u9700\u624b\u52a8 \u91cd\u542f insight-agent-opentelemetry-collector \u548c insight-opentelemetry-collector \u7ec4\u4ef6\u3002
"},{"location":"admin/insight/quickstart/install/component-scheduling.html","title":"\u81ea\u5b9a\u4e49 Insight \u7ec4\u4ef6\u8c03\u5ea6\u7b56\u7565","text":"\u5f53\u90e8\u7f72\u53ef\u89c2\u6d4b\u5e73\u53f0 Insight \u5230 Kubernetes \u73af\u5883\u65f6\uff0c\u6b63\u786e\u7684\u8d44\u6e90\u7ba1\u7406\u548c\u4f18\u5316\u81f3\u5173\u91cd\u8981\u3002 Insight \u5305\u542b\u591a\u4e2a\u6838\u5fc3\u7ec4\u4ef6\uff0c\u5982 Prometheus\u3001OpenTelemetry\u3001FluentBit\u3001Vector\u3001Elasticsearch \u7b49\uff0c \u8fd9\u4e9b\u7ec4\u4ef6\u5728\u8fd0\u884c\u8fc7\u7a0b\u4e2d\u53ef\u80fd\u56e0\u4e3a\u8d44\u6e90\u5360\u7528\u95ee\u9898\u5bf9\u96c6\u7fa4\u5185\u5176\u4ed6 Pod \u7684\u6027\u80fd\u4ea7\u751f\u8d1f\u9762\u5f71\u54cd\u3002 \u4e3a\u4e86\u6709\u6548\u5730\u7ba1\u7406\u8d44\u6e90\u5e76\u4f18\u5316\u96c6\u7fa4\u7684\u8fd0\u884c\uff0c\u8282\u70b9\u4eb2\u548c\u6027\u6210\u4e3a\u4e00\u9879\u91cd\u8981\u7684\u914d\u7f6e\u9009\u9879\u3002
\u672c\u6587\u5c06\u91cd\u70b9\u63a2\u8ba8\u5982\u4f55\u901a\u8fc7\u6c61\u70b9\u548c\u8282\u70b9\u4eb2\u548c\u6027\u7684\u914d\u7f6e\u7b56\u7565\uff0c\u4f7f\u5f97\u6bcf\u4e2a\u7ec4\u4ef6\u80fd\u591f\u5728\u9002\u5f53\u7684\u8282\u70b9\u4e0a\u8fd0\u884c\uff0c \u5e76\u907f\u514d\u8d44\u6e90\u7ade\u4e89\u6216\u4e89\u7528\uff0c\u4ece\u800c\u786e\u4fdd\u6574\u4e2a Kubernetes \u96c6\u7fa4\u7684\u7a33\u5b9a\u6027\u548c\u9ad8\u6548\u6027\u3002
"},{"location":"admin/insight/quickstart/install/component-scheduling.html#insight_1","title":"\u901a\u8fc7\u6c61\u70b9\u4e3a Insight \u914d\u7f6e\u4e13\u6709\u8282\u70b9","text":"\u7531\u4e8e Insight Agent \u5305\u542b\u4e86 DaemonSet \u7ec4\u4ef6\uff0c\u6240\u4ee5\u672c\u8282\u6240\u8ff0\u7684\u914d\u7f6e\u65b9\u5f0f\u662f\u8ba9\u9664\u4e86 Insight DameonSet \u4e4b\u5916\u7684\u5176\u4f59\u7ec4\u4ef6\u5747\u8fd0\u884c\u5728\u4e13\u6709\u8282\u70b9\u4e0a\u3002
\u8be5\u65b9\u5f0f\u662f\u901a\u8fc7\u4e3a\u4e13\u6709\u8282\u70b9\u6dfb\u52a0\u6c61\u70b9\uff08taint\uff09\uff0c\u5e76\u914d\u5408\u6c61\u70b9\u5bb9\u5fcd\u5ea6\uff08tolerations\uff09\u6765\u5b9e\u73b0\u7684\u3002 \u66f4\u591a\u7ec6\u8282\u53ef\u4ee5\u53c2\u8003 Kubernetes \u5b98\u65b9\u6587\u6863\u3002
\u53ef\u4ee5\u53c2\u8003\u5982\u4e0b\u547d\u4ee4\u4e3a\u8282\u70b9\u6dfb\u52a0\u53ca\u79fb\u9664\u6c61\u70b9\uff1a
# \u6dfb\u52a0\u6c61\u70b9\nkubectl taint nodes worker1 node.daocloud.io=insight-only:NoSchedule\n\n# \u79fb\u9664\u6c61\u70b9\nkubectl taint nodes worker1 node.daocloud.io:NoSchedule-\n
\u6709\u4ee5\u4e0b\u4e24\u79cd\u9014\u5f84\u8ba9 Insight \u7ec4\u4ef6\u8c03\u5ea6\u81f3\u4e13\u6709\u8282\u70b9\uff1a
"},{"location":"admin/insight/quickstart/install/component-scheduling.html#1","title":"1. \u4e3a\u6bcf\u4e2a\u7ec4\u4ef6\u6dfb\u52a0\u6c61\u70b9\u5bb9\u5fcd\u5ea6","text":"\u9488\u5bf9 insight-server
\u548c insight-agent
\u4e24\u4e2a Chart \u5206\u522b\u8fdb\u884c\u914d\u7f6e\uff1a
server:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n\nui:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n\nrunbook:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n\n# mysql:\nvictoria-metrics-k8s-stack:\n victoria-metrics-operator:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n vmcluster:\n spec:\n vmstorage:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n vmselect:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n vminsert:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n vmalert:\n spec:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n alertmanager:\n spec:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n\njaeger:\n collector:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n query:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n\nopentelemetry-collector-aggregator:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n\nopentelemetry-collector:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n\ngrafana-operator:\n operator:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n grafana:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\nkibana:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n\nelastic-alert:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n\nvector:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n
kube-prometheus-stack:\n prometheus:\n prometheusSpec:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n prometheus-node-exporter:\n tolerations:\n - effect: NoSchedule\n operator: Exists\n prometheusOperator:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n\nkube-state-metrics:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\nopentelemetry-operator:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\nopentelemetry-collector:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\ntailing-sidecar-operator:\n operator:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\nopentelemetry-kubernetes-collector:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\nprometheus-blackbox-exporter:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\netcd-exporter:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\" \n
"},{"location":"admin/insight/quickstart/install/component-scheduling.html#2","title":"2. \u901a\u8fc7\u547d\u540d\u7a7a\u95f4\u7ea7\u522b\u914d\u7f6e","text":"\u8ba9 insight-system
\u547d\u540d\u7a7a\u95f4\u7684 Pod \u90fd\u5bb9\u5fcd node.daocloud.io=insight-only
\u6c61\u70b9\u3002
\u8c03\u6574 apiserver
\u7684\u914d\u7f6e\u6587\u4ef6 /etc/kubernetes/manifests/kube-apiserver.yaml
\uff0c\u653e\u5f00 PodTolerationRestriction,PodNodeSelector
, \u53c2\u8003\u4e0b\u56fe\uff1a
\u7ed9 insight-system
\u547d\u540d\u7a7a\u95f4\u589e\u52a0\u6ce8\u89e3\uff1a
apiVersion: v1\nkind: Namespace\nmetadata:\n name: insight-system\n annotations:\n scheduler.alpha.kubernetes.io/defaultTolerations: '[{\"operator\": \"Equal\", \"effect\": \"NoSchedule\", \"key\": \"node.daocloud.io\", \"value\": \"insight-only\"}]'\n
\u91cd\u542f insight-system \u547d\u540d\u7a7a\u95f4\u4e0b\u9762\u7684\u7ec4\u4ef6\u5373\u53ef\u6b63\u5e38\u5bb9\u5fcd insight-system \u4e0b\u7684 Pod \u8c03\u5ea6\u3002
"},{"location":"admin/insight/quickstart/install/component-scheduling.html#label","title":"\u4e3a\u8282\u70b9\u6dfb\u52a0 Label \u548c\u8282\u70b9\u4eb2\u548c\u6027\u6765\u7ba1\u7406\u7ec4\u4ef6\u8c03\u5ea6","text":"Info
\u8282\u70b9\u4eb2\u548c\u6027\u6982\u5ff5\u4e0a\u7c7b\u4f3c\u4e8e nodeSelector
\uff0c\u5b83\u4f7f\u4f60\u53ef\u4ee5\u6839\u636e\u8282\u70b9\u4e0a\u7684 \u6807\u7b7e(label) \u6765\u7ea6\u675f Pod \u53ef\u4ee5\u8c03\u5ea6\u5230\u54ea\u4e9b\u8282\u70b9\u4e0a\u3002 \u8282\u70b9\u4eb2\u548c\u6027\u6709\u4e24\u79cd\uff1a
\u66f4\u8fc7\u7ec6\u8282\u8bf7\u53c2\u8003 kubernetes \u5b98\u65b9\u6587\u6863\u3002
\u4e3a\u4e86\u5b9e\u73b0\u4e0d\u540c\u7528\u6237\u5bf9 Insight \u7ec4\u4ef6\u8c03\u5ea6\u7684\u7075\u6d3b\u9700\u6c42\uff0cInsight \u5206\u522b\u63d0\u4f9b\u4e86\u8f83\u4e3a\u7ec6\u7c92\u5ea6\u7684 Label \u6765\u5b9e\u73b0\u4e0d\u540c\u7ec4\u4ef6\u7684\u8c03\u5ea6\u7b56\u7565\uff0c\u4ee5\u4e0b\u662f\u6807\u7b7e\u4e0e\u7ec4\u4ef6\u7684\u5173\u7cfb\u8bf4\u660e\uff1a
\u6807\u7b7e Key \u6807\u7b7e Value \u8bf4\u660enode.daocloud.io/insight-any
\u4efb\u610f\u503c\uff0c\u63a8\u8350\u7528 true
\u4ee3\u8868 Insight \u6240\u6709\u7ec4\u4ef6\u4f18\u5148\u8003\u8651\u5e26\u4e86\u8be5\u6807\u7b7e\u7684\u8282\u70b9 node.daocloud.io/insight-prometheus
\u4efb\u610f\u503c\uff0c\u63a8\u8350\u7528 true
\u7279\u6307 Prometheus \u7ec4\u4ef6 node.daocloud.io/insight-vmstorage
\u4efb\u610f\u503c\uff0c\u63a8\u8350\u7528 true
\u7279\u6307 VictoriaMetrics vmstorage \u7ec4\u4ef6 node.daocloud.io/insight-vector
\u4efb\u610f\u503c\uff0c\u63a8\u8350\u7528 true
\u7279\u6307 Vector \u7ec4\u4ef6 node.daocloud.io/insight-otel-col
\u4efb\u610f\u503c\uff0c\u63a8\u8350\u7528 true
\u7279\u6307 OpenTelemetry \u7ec4\u4ef6 \u53ef\u4ee5\u53c2\u8003\u5982\u4e0b\u547d\u4ee4\u4e3a\u8282\u70b9\u6dfb\u52a0\u53ca\u79fb\u9664\u6807\u7b7e\uff1a
# \u4e3a node8 \u6dfb\u52a0\u6807\u7b7e\uff0c\u5148\u5c06 insight-prometheus \u8c03\u5ea6\u5230 node8 \nkubectl label nodes node8 node.daocloud.io/insight-prometheus=true\n\n# \u79fb\u9664 node8 \u7684 node.daocloud.io/insight-prometheus \u6807\u7b7e\nkubectl label nodes node8 node.daocloud.io/insight-prometheus-\n
\u4ee5\u4e0b\u662f insight-prometheus \u7ec4\u4ef6\u5728\u90e8\u7f72\u65f6\u9ed8\u8ba4\u7684\u4eb2\u548c\u6027\u504f\u597d\uff1a
affinity:\n nodeAffinity:\n preferredDuringSchedulingIgnoredDuringExecution:\n - preference:\n matchExpressions:\n - key: node-role.kubernetes.io/control-plane\n operator: DoesNotExist\n weight: 1\n - preference:\n matchExpressions:\n - key: node.daocloud.io/insight-prometheus # (1)!\n operator: Exists\n weight: 2\n - preference:\n matchExpressions:\n - key: node.daocloud.io/insight-any\n operator: Exists\n weight: 3\n podAntiAffinity:\n preferredDuringSchedulingIgnoredDuringExecution:\n - weight: 1\n podAffinityTerm:\n topologyKey: kubernetes.io/hostname\n labelSelector:\n matchExpressions:\n - key: app.kubernetes.io/instance\n operator: In\n values:\n - insight-agent-kube-prometh-prometheus\n
\u53ef\u89c2\u6d4b\u6027\u662f\u591a\u96c6\u7fa4\u7edf\u4e00\u89c2\u6d4b\u7684\u4ea7\u54c1\uff0c\u4e3a\u5b9e\u73b0\u5bf9\u591a\u96c6\u7fa4\u89c2\u6d4b\u6570\u636e\u7684\u7edf\u4e00\u5b58\u50a8\u3001\u67e5\u8be2\uff0c \u5b50\u96c6\u7fa4\u9700\u8981\u5c06\u91c7\u96c6\u7684\u89c2\u6d4b\u6570\u636e\u4e0a\u62a5\u7ed9\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u8fdb\u884c\u7edf\u4e00\u5b58\u50a8\u3002 \u672c\u6587\u63d0\u4f9b\u4e86\u5728\u5b89\u88c5\u91c7\u96c6\u7ec4\u4ef6 insight-agent \u65f6\u5fc5\u586b\u7684\u5b58\u50a8\u7ec4\u4ef6\u7684\u5730\u5740\u3002
"},{"location":"admin/insight/quickstart/install/gethosturl.html#insight-agent","title":"\u5728\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u5b89\u88c5 insight-agent","text":"\u5982\u679c\u5728\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u5b89\u88c5 insight-agent\uff0c\u63a8\u8350\u901a\u8fc7\u57df\u540d\u6765\u8bbf\u95ee\u96c6\u7fa4\uff1a
export vminsert_host=\"vminsert-insight-victoria-metrics-k8s-stack.insight-system.svc.cluster.local\" # (1)!\nexport es_host=\"insight-es-master.insight-system.svc.cluster.local\" # (2)!\nexport otel_col_host=\"insight-opentelemetry-collector.insight-system.svc.cluster.local\" # (3)!\n
"},{"location":"admin/insight/quickstart/install/gethosturl.html#insight-agent_1","title":"\u5728\u5176\u4ed6\u96c6\u7fa4\u5b89\u88c5 insight-agent","text":""},{"location":"admin/insight/quickstart/install/gethosturl.html#insight-server","title":"\u901a\u8fc7 Insight Server \u63d0\u4f9b\u7684\u63a5\u53e3\u83b7\u53d6\u5730\u5740","text":"\u7ba1\u7406\u96c6\u7fa4\u4f7f\u7528\u9ed8\u8ba4\u7684 LoadBalancer \u65b9\u5f0f\u66b4\u9732
\u767b\u5f55\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u7684\u63a7\u5236\u53f0\uff0c\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a
export INSIGHT_SERVER_IP=$(kubectl get service insight-server -n insight-system --output=jsonpath={.spec.clusterIP})\ncurl --location --request POST 'http://'\"${INSIGHT_SERVER_IP}\"'/apis/insight.io/v1alpha1/agentinstallparam'\n
Note
\u8bf7\u66ff\u6362\u547d\u4ee4\u4e2d\u7684 ${INSIGHT_SERVER_IP}
\u53c2\u6570\u3002
\u83b7\u5f97\u5982\u4e0b\u8fd4\u56de\u503c\uff1a
{\n \"values\": {\n \"global\": {\n \"exporters\": {\n \"logging\": {\n \"host\": \"10.6.182.32\"\n },\n \"metric\": {\n \"host\": \"10.6.182.32\"\n },\n \"auditLog\": {\n \"host\": \"10.6.182.32\"\n },\n \"trace\": {\n \"host\": \"10.6.182.32\"\n }\n }\n },\n \"opentelemetry-operator\": {\n \"enabled\": true\n },\n \"opentelemetry-collector\": {\n \"enabled\": true\n }\n }\n}\n
global.exporters.logging.host
\u662f\u65e5\u5fd7\u670d\u52a1\u5730\u5740\uff0c\u4e0d\u9700\u8981\u518d\u8bbe\u7f6e\u5bf9\u5e94\u670d\u52a1\u7684\u7aef\u53e3\uff0c\u90fd\u4f1a\u4f7f\u7528\u76f8\u5e94\u9ed8\u8ba4\u503cglobal.exporters.metric.host
\u662f\u6307\u6807\u670d\u52a1\u5730\u5740global.exporters.trace.host
\u662f\u94fe\u8def\u670d\u52a1\u5730\u5740global.exporters.auditLog.host
\u662f\u5ba1\u8ba1\u65e5\u5fd7\u670d\u52a1\u5730\u5740\uff08\u548c\u94fe\u8def\u4f7f\u7528\u7684\u540c\u4e00\u4e2a\u670d\u52a1\u4e0d\u540c\u7aef\u53e3\uff09\u7ba1\u7406\u96c6\u7fa4\u7981\u7528 LoadBalancer
\u8c03\u7528\u63a5\u53e3\u65f6\u9700\u8981\u989d\u5916\u4f20\u9012\u96c6\u7fa4\u4e2d\u4efb\u610f\u5916\u90e8\u53ef\u8bbf\u95ee\u7684\u8282\u70b9 IP\uff0c\u4f1a\u4f7f\u7528\u8be5 IP \u62fc\u63a5\u51fa\u5bf9\u5e94\u670d\u52a1\u7684\u5b8c\u6574\u8bbf\u95ee\u5730\u5740\u3002
export INSIGHT_SERVER_IP=$(kubectl get service insight-server -n insight-system --output=jsonpath={.spec.clusterIP})\ncurl --location --request POST 'http://'\"${INSIGHT_SERVER_IP}\"'/apis/insight.io/v1alpha1/agentinstallparam' --data '{\"extra\": {\"EXPORTER_EXTERNAL_IP\": \"10.5.14.51\"}}'\n
\u5c06\u83b7\u5f97\u5982\u4e0b\u7684\u8fd4\u56de\u503c\uff1a
{\n \"values\": {\n \"global\": {\n \"exporters\": {\n \"logging\": {\n \"scheme\": \"https\",\n \"host\": \"10.5.14.51\",\n \"port\": 32007,\n \"user\": \"elastic\",\n \"password\": \"j8V1oVoM1184HvQ1F3C8Pom2\"\n },\n \"metric\": {\n \"host\": \"10.5.14.51\",\n \"port\": 30683\n },\n \"auditLog\": {\n \"host\": \"10.5.14.51\",\n \"port\": 30884\n },\n \"trace\": {\n \"host\": \"10.5.14.51\",\n \"port\": 30274\n }\n }\n },\n \"opentelemetry-operator\": {\n \"enabled\": true\n },\n \"opentelemetry-collector\": {\n \"enabled\": true\n }\n }\n}\n
global.exporters.logging.host
\u662f\u65e5\u5fd7\u670d\u52a1\u5730\u5740global.exporters.logging.port
\u662f\u65e5\u5fd7\u670d\u52a1\u66b4\u9732\u7684 NodePortglobal.exporters.metric.host
\u662f\u6307\u6807\u670d\u52a1\u5730\u5740global.exporters.metric.port
\u662f\u6307\u6807\u670d\u52a1\u66b4\u9732\u7684 NodePortglobal.exporters.trace.host
\u662f\u94fe\u8def\u670d\u52a1\u5730\u5740global.exporters.trace.port
\u662f\u94fe\u8def\u670d\u52a1\u66b4\u9732\u7684 NodePortglobal.exporters.auditLog.host
\u662f\u5ba1\u8ba1\u65e5\u5fd7\u670d\u52a1\u5730\u5740\uff08\u548c\u94fe\u8def\u4f7f\u7528\u7684\u540c\u4e00\u4e2a\u670d\u52a1\u4e0d\u540c\u7aef\u53e3\uff09global.exporters.auditLog.host
\u662f\u5ba1\u8ba1\u65e5\u5fd7\u670d\u52a1\u66b4\u9732\u7684 NodePort\u82e5\u96c6\u7fa4\u4e2d\u5f00\u542f LoadBalancer
\u4e14\u4e3a Insight \u8bbe\u7f6e\u4e86 VIP
\u65f6\uff0c\u60a8\u4e5f\u53ef\u4ee5\u624b\u52a8\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u83b7\u53d6 vminsert
\u4ee5\u53ca opentelemetry-collector
\u7684\u5730\u5740\u4fe1\u606f\uff1a
$ kubectl get service -n insight-system | grep lb\nlb-insight-opentelemetry-collector LoadBalancer 10.233.23.12 <pending> 4317:31286/TCP,8006:31351/TCP 24d\nlb-vminsert-insight-victoria-metrics-k8s-stack LoadBalancer 10.233.63.67 <pending> 8480:31629/TCP 24d\n
lb-vminsert-insight-victoria-metrics-k8s-stack
\u662f\u6307\u6807\u670d\u52a1\u7684\u5730\u5740lb-insight-opentelemetry-collector
\u662f\u94fe\u8def\u670d\u52a1\u7684\u5730\u5740\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u83b7\u53d6 elasticsearch
\u5730\u5740\u4fe1\u606f\uff1a
$ kubectl get service -n mcamel-system | grep es\nmcamel-common-es-cluster-masters-es-http NodePort 10.233.16.120 <none> 9200:30465/TCP 47d\n
mcamel-common-es-cluster-masters-es-http
\u662f\u65e5\u5fd7\u670d\u52a1\u7684\u5730\u5740
\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u7981\u7528 LB \u7279\u6027
\u5728\u8be5\u60c5\u51b5\u4e0b\uff0c\u9ed8\u8ba4\u4e0d\u4f1a\u521b\u5efa\u4e0a\u8ff0\u7684 LoadBalancer \u8d44\u6e90\uff0c\u5bf9\u5e94\u670d\u52a1\u540d\u4e3a\uff1a
\u4e0a\u9762\u4e24\u79cd\u60c5\u51b5\u83b7\u53d6\u5230\u5bf9\u5e94\u670d\u52a1\u7684\u5bf9\u5e94\u7aef\u53e3\u4fe1\u606f\u540e\uff0c\u8fdb\u884c\u5982\u4e0b\u8bbe\u7f6e\uff1a
--set global.exporters.logging.host= # (1)!\n--set global.exporters.logging.port= # (2)!\n--set global.exporters.metric.host= # (3)!\n--set global.exporters.metric.port= # (4)!\n--set global.exporters.trace.host= # (5)!\n--set global.exporters.trace.port= # (6)!\n--set global.exporters.auditLog.host= # (7)!\n
\u672c\u6587\u63cf\u8ff0\u4e86\u5728\u547d\u4ee4\u884c\u4e2d\u901a\u8fc7 Helm \u547d\u4ee4\u5b89\u88c5 Insight Agent \u793e\u533a\u7248\u7684\u64cd\u4f5c\u6b65\u9aa4\u3002
"},{"location":"admin/insight/quickstart/install/helm-installagent.html#insight-agent","title":"\u5b89\u88c5 Insight Agent","text":"\u4f7f\u7528\u4ee5\u4e0b\u547d\u4ee4\u6dfb\u52a0\u955c\u50cf\u4ed3\u5e93\u7684\u5730\u5740
helm repo add insight https://release.daocloud.io/chartrepo/insight\nhelm repo upgrade\nhelm search repo insight/insight-agent --versions\n
\u5b89\u88c5 Insight Agent \u9700\u8981\u786e\u4fdd\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4e2d\u7684 Insight Server \u6b63\u5e38\u8fd0\u884c\uff0c\u6267\u884c\u4ee5\u4e0b\u5b89\u88c5\u547d\u4ee4\u5b89\u88c5 Insight Agent \u793e\u533a\u7248\uff0c\u8be5\u914d\u7f6e\u4e0d\u542f\u7528 Tracing \u529f\u80fd\uff1a
helm upgrade --install --create-namespace --cleanup-on-fail \\\n --version ${version} \\ # \u8bf7\u6307\u5b9a\u90e8\u7f72\u7248\u672c\n insight-agent insight/insight-agent \\\n --set global.exporters.logging.elasticsearch.host=10.10.10.x \\ # \u8bf7\u66ff\u6362\u201c10.10.10.x\" \u4e3a\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u6216\u5916\u7f6e\u7684 Elasticsearch \u7684\u5730\u5740\n --set global.exporters.logging.elasticsearch.port=32517 \\ # \u8bf7\u66ff\u6362\u201c32517\" \u4e3a\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u6216\u5916\u7f6e\u7684 Elasticsearch \u66b4\u9732\u7684\u7aef\u53e3\n --set global.exporters.logging.elasticsearch.user=elastic \\ # \u8bf7\u66ff\u6362\u201celastic\" \u4e3a\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u6216\u5916\u7f6e\u7684 Elasticsearch \u7684\u7528\u6237\u540d\n --set global.exporters.logging.elasticsearch.password=dangerous \\ # \u8bf7\u66ff\u6362\u201cdangerous\" \u4e3a\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u6216\u5916\u7f6e\u7684 Elasticsearch \u7684\u5bc6\u7801\n --set global.exporters.metric.host=${vminsert_address} \\ # \u8bf7\u66ff\u6362\u201c10.10.10.x\" \u4e3a\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4e2d vminsert \u7684\u5730\u5740\n --set global.exporters.metric.port=${vminsert_port} \\ # \u8bf7\u66ff\u6362\u201c32517\" \u4e3a\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4e2d vminsert \u7684\u5730\u5740\n --set global.exporters.auditLog.host=${opentelemetry-collector address} \\ # \u8bf7\u66ff\u6362\u201c32517\" \u4e3a\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4e2d opentelemetry-collector \u7684\u7aef\u53e3\n --set global.exporters.auditLog.port=${otel_col_auditlog_port}\\ # \u8bf7\u66ff\u6362\u201c32517\" \u4e3a\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4e2d opentelemetry-collector \u5bb9\u5668\u7aef\u53e3\u4e3a 8006 \u7684 service \u5bf9\u5916\u8bbf\u95ee\u7684\u5730\u5740\n -n insight-system\n
Info
\u53ef\u53c2\u8003 \u5982\u4f55\u83b7\u53d6\u8fde\u63a5\u5730\u5740 \u83b7\u53d6\u5730\u5740\u4fe1\u606f\u3002
\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u786e\u8ba4\u5b89\u88c5\u72b6\u6001\uff1a
helm list -A\nkubectl get pods -n insight-system\n
\u5982\u679c Agent \u662f\u5b89\u88c5\u5728\u7ba1\u7406\u96c6\u7fa4\uff0c\u63a8\u8350\u901a\u8fc7\u57df\u540d\u6765\u8bbf\u95ee\u96c6\u7fa4\uff1a
export vminsert_host=\"vminsert-insight-victoria-metrics-k8s-stack.insight-system.svc.cluster.local\" # \u6307\u6807\nexport es_host=\"insight-es-master.insight-system.svc.cluster.local\" # \u65e5\u5fd7\nexport otel_col_host=\"insight-opentelemetry-collector.insight-system.svc.cluster.local\" # \u94fe\u8def\n
"},{"location":"admin/insight/quickstart/install/helm-installagent.html#insight-agent_2","title":"\u5728\u5de5\u4f5c\u96c6\u7fa4\u5b89\u88c5 Insight Agent","text":"\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4f7f\u7528\u9ed8\u8ba4\u7684 LoadBalancer\u767b\u5f55\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u7684\u63a7\u5236\u53f0\u64cd\u4f5c\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4f7f\u7528 Nodeport \u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4f7f\u7528\u9ed8\u8ba4\u7684 LoadBalancer \u65b9\u5f0f\u66b4\u9732\u670d\u52a1\u65f6\uff0c\u767b\u5f55\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u7684\u63a7\u5236\u53f0\uff0c\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a
export INSIGHT_SERVER_IP=$(kubectl get service insight-server -n insight-system --output=jsonpath={.spec.clusterIP})\ncurl --location --request POST 'http://'\"${INSIGHT_SERVER_IP}\"'/apis/insight.io/v1alpha1/agentinstallparam'\n
\u5c06\u83b7\u5f97\u5982\u4e0b\u7684\u8fd4\u56de\u503c\uff1a
{\"global\":{\"exporters\":{\"logging\":{\"output\":\"elasticsearch\",\"elasticsearch\":{\"host\":\"10.6.182.32\"},\"kafka\":{},\"host\":\"10.6.182.32\"},\"metric\":{\"host\":\"10.6.182.32\"},\"auditLog\": {\"host\":\"10.6.182.32\"}}},\"opentelemetry-operator\":{\"enabled\":true},\"opentelemetry-collector\":{\"enabled\":true}}\n
\u5176\u4e2d\uff1a
\u767b\u5f55\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u7684\u63a7\u5236\u53f0\uff0c\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a
kubectl get service -n insight-system | grep lb\nkubectl get service -n mcamel-system | grep es\n
\u5176\u4e2d\uff1a
\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4f7f\u7528 Nodeport \u65b9\u5f0f\u66b4\u9732\u670d\u52a1\u65f6\uff0c\u767b\u5f55\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u7684\u63a7\u5236\u53f0\uff0c\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a
kubectl get service -n insight-system\nkubectl get service -n mcamel-system\n
\u5176\u4e2d\uff1a
\u767b\u5f55\u76ee\u6807\u96c6\u7fa4\u7684\u63a7\u5236\u53f0\uff0c\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u5907\u4efd --set
\u53c2\u6570\u3002
helm get values insight-agent -n insight-system -o yaml > insight-agent.yaml\n
\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u66f4\u65b0\u4ed3\u5e93\u3002
helm repo upgrade\n
\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u8fdb\u884c\u5347\u7ea7\u3002
helm upgrade insight-agent insight/insight-agent \\\n-n insight-system \\\n-f ./insight-agent.yaml \\\n--version ${version} # \u6307\u5b9a\u5347\u7ea7\u7248\u672c\n
\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u786e\u8ba4\u5b89\u88c5\u72b6\u6001\uff1a
kubectl get pods -n insight-system\n
helm uninstall insight-agent -n insight-system --timeout 10m\n
"},{"location":"admin/insight/quickstart/install/install-agent.html","title":"\u5728\u7ebf\u5b89\u88c5 insight-agent","text":"insight-agent \u662f\u96c6\u7fa4\u89c2\u6d4b\u6570\u636e\u91c7\u96c6\u7684\u63d2\u4ef6\uff0c\u652f\u6301\u5bf9\u6307\u6807\u3001\u94fe\u8def\u3001\u65e5\u5fd7\u6570\u636e\u7684\u7edf\u4e00\u89c2\u6d4b\u3002\u672c\u6587\u63cf\u8ff0\u4e86\u5982\u4f55\u5728\u5728\u7ebf\u73af\u5883\u4e2d\u4e3a\u63a5\u5165\u96c6\u7fa4\u5b89\u88c5 insight-agent\u3002
"},{"location":"admin/insight/quickstart/install/install-agent.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u8fdb\u5165 \u5bb9\u5668\u7ba1\u7406 \u6a21\u5757\uff0c\u5728 \u96c6\u7fa4\u5217\u8868 \u4e2d\u627e\u5230\u8981\u5b89\u88c5 insight-agent \u7684\u96c6\u7fa4\u540d\u79f0\u3002
\u9009\u62e9 \u7acb\u5373\u5b89\u88c5 \u8df3\u8f6c\uff0c\u6216\u70b9\u51fb\u96c6\u7fa4\uff0c\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u5185\u70b9\u51fb Helm \u5e94\u7528 -> Helm \u6a21\u677f \uff0c\u641c\u7d22\u6846\u67e5\u8be2 insight-agent \uff0c\u70b9\u51fb\u8be5\u5361\u7247\u8fdb\u5165\u8be6\u60c5\u3002
\u67e5\u770b insight-agent \u7684\u5b89\u88c5\u9875\u9762\uff0c\u70b9\u51fb \u5b89\u88c5 \u8fdb\u5165\u4e0b\u4e00\u6b65\u3002
\u9009\u62e9\u5b89\u88c5\u7684\u7248\u672c\u5e76\u5728\u4e0b\u65b9\u8868\u5355\u5206\u522b\u586b\u5199\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4e2d\u5bf9\u5e94\u6570\u636e\u5b58\u50a8\u7ec4\u4ef6\u7684\u5730\u5740\uff0c\u786e\u8ba4\u586b\u5199\u7684\u4fe1\u606f\u65e0\u8bef\u540e\uff0c\u70b9\u51fb \u786e\u5b9a \u3002
\u7cfb\u7edf\u5c06\u81ea\u52a8\u8fd4\u56de\u00a0 Helm \u5e94\u7528 \u5217\u8868\uff0c\u5f53\u5e94\u7528 insight-agent \u7684\u72b6\u6001\u4ece\u00a0 \u672a\u5c31\u7eea \u53d8\u4e3a \u5df2\u90e8\u7f72 \uff0c\u4e14\u6240\u6709\u7684\u7ec4\u4ef6\u72b6\u6001\u4e3a \u8fd0\u884c\u4e2d \u65f6\uff0c\u5219\u5b89\u88c5\u6210\u529f\u3002\u7b49\u5f85\u4e00\u6bb5\u65f6\u95f4\u540e\uff0c\u53ef\u5728 \u53ef\u89c2\u6d4b\u6027 \u6a21\u5757\u67e5\u770b\u8be5\u96c6\u7fa4\u7684\u6570\u636e\u3002
Note
\u672c\u9875\u5217\u51fa\u4e00\u4e9b Insight Agent \u5b89\u88c5\u548c\u5378\u8f7d\u6709\u5173\u7684\u95ee\u9898\u53ca\u5176\u89e3\u51b3\u529e\u6cd5\u3002
"},{"location":"admin/insight/quickstart/install/knownissues.html#v0230","title":"v0.23.0","text":""},{"location":"admin/insight/quickstart/install/knownissues.html#insight-agent","title":"Insight Agent","text":""},{"location":"admin/insight/quickstart/install/knownissues.html#insight-agent_1","title":"Insight Agent \u5378\u8f7d\u5931\u8d25","text":"\u5f53\u4f60\u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\u5378\u8f7d Insight Agent \u65f6\u3002
helm uninstall insight-agent -n insight-system\n
otel-oprator
\u6240\u4f7f\u7528\u7684 tls secret
\u672a\u88ab\u5378\u8f7d\u6389\u3002
otel-operator
\u5b9a\u4e49\u7684\u201c\u91cd\u590d\u5229\u7528 tls secret\u201d\u7684\u903b\u8f91\u4e2d\uff0c\u4f1a\u53bb\u5224\u65ad otel-oprator
\u7684 MutationConfiguration
\u662f\u5426\u5b58\u5728\u5e76\u91cd\u590d\u5229\u7528 MutationConfiguration \u4e2d\u7ed1\u5b9a\u7684 CA cert\u3002\u4f46\u662f\u7531\u4e8e helm uninstall
\u5df2\u5378\u8f7d MutationConfiguration
\uff0c\u5bfc\u81f4\u51fa\u73b0\u7a7a\u503c\u3002
\u7efc\u4e0a\u8bf7\u624b\u52a8\u5220\u9664\u5bf9\u5e94\u7684 secret
\uff0c\u4ee5\u4e0b\u4e24\u79cd\u65b9\u5f0f\u4efb\u9009\u4e00\u79cd\u5373\u53ef\uff1a
\u901a\u8fc7\u547d\u4ee4\u884c\u5220\u9664\uff1a\u767b\u5f55\u76ee\u6807\u96c6\u7fa4\u7684\u63a7\u5236\u53f0\uff0c\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a
kubectl -n insight-system delete secret insight-agent-opentelemetry-operator-controller-manager-service-cert\n
\u901a\u8fc7 UI \u5220\u9664\uff1a\u767b\u5f55 AI \u7b97\u529b\u4e2d\u5fc3 \u5bb9\u5668\u7ba1\u7406\uff0c\u9009\u62e9\u76ee\u6807\u96c6\u7fa4\uff0c\u4ece\u5de6\u4fa7\u5bfc\u822a\u8fdb\u5165\u5bc6\u94a5
\uff0c\u8f93\u5165 insight-agent-opentelemetry-operator-controller-manager-service-cert
\uff0c\u9009\u62e9\u5220\u9664
\u3002
\u66f4\u65b0 insight-agent \u65e5\u5fd7\u914d\u7f6e\u4ece elasticsearch \u6539\u4e3a kafka \u6216\u8005\u4ece kafka \u6539\u4e3a elasticsearch\uff0c\u5b9e\u9645\u4e0a\u90fd\u672a\u751f\u6548\uff0c\u8fd8\u662f\u4f7f\u7528\u66f4\u65b0\u524d\u914d\u7f6e\u3002
\u89e3\u51b3\u65b9\u6848 \uff1a
\u624b\u52a8\u91cd\u542f\u96c6\u7fa4\u4e2d\u7684 fluentbit\u3002
"},{"location":"admin/insight/quickstart/install/knownissues.html#v0210","title":"v0.21.0","text":""},{"location":"admin/insight/quickstart/install/knownissues.html#insight-agent_4","title":"Insight Agent","text":""},{"location":"admin/insight/quickstart/install/knownissues.html#podmonitor-jvm","title":"PodMonitor \u91c7\u96c6\u591a\u4efd JVM \u6307\u6807\u6570\u636e","text":"\u8fd9\u4e2a\u7248\u672c\u7684 PodMonitor/insight-kubernetes-pod \u5b58\u5728\u7f3a\u9677\uff1a\u4f1a\u9519\u8bef\u5730\u521b\u5efa Job \u53bb\u91c7\u96c6\u6807\u8bb0\u4e86 insight.opentelemetry.io/metric-scrape=true
\u7684 Pod \u7684\u6240\u6709 container\uff1b\u800c\u5b9e\u9645\u4e0a\u53ea\u9700\u91c7\u96c6 insight.opentelemetry.io/metric-port
\u6240\u5bf9\u5e94 container \u7684\u7aef\u53e3\u3002
\u56e0\u4e3a PodMonitor \u58f0\u660e\u4e4b\u540e\uff0cPromethuesOperator \u4f1a\u9884\u8bbe\u7f6e\u4e00\u4e9b\u670d\u52a1\u53d1\u73b0\u914d\u7f6e\u3002 \u518d\u8003\u8651\u5230 CRD \u7684\u517c\u5bb9\u6027\u7684\u95ee\u9898\u3002\u56e0\u6b64\uff0c\u653e\u5f03\u901a\u8fc7 PodMonitor \u6765\u914d\u7f6e\u901a\u8fc7 annotation \u521b\u5efa\u91c7\u96c6\u4efb\u52a1\u7684\u673a\u5236\u3002
\u901a\u8fc7 Prometheus \u81ea\u5e26\u7684 additional scrape config \u673a\u5236\uff0c\u5c06\u670d\u52a1\u53d1\u73b0\u89c4\u5219\u914d\u7f6e\u5728 secret \u4e2d\uff0c\u5728\u5f15\u5165 Prometheus \u91cc\u3002
\u7efc\u4e0a\uff1a
\u65b0\u7684\u89c4\u5219\u91cc\u901a\u8fc7 action: keepequal \u6765\u6bd4\u8f83 source_labels \u548c target_label \u7684\u4e00\u81f4\u6027\uff0c \u6765\u5224\u65ad\u662f\u5426\u8981\u7ed9\u67d0\u4e2a container \u7684 port \u521b\u5efa\u91c7\u96c6\u4efb\u52a1\u3002\u9700\u8981\u6ce8\u610f\uff0c\u8fd9\u4e2a\u662f Prometheus 2.41.0\uff082022-12-20\uff09\u548c\u66f4\u9ad8\u7248\u672c\u624d\u5177\u5907\u7684\u529f\u80fd\u3002
+ - source_labels: [__meta_kubernetes_pod_annotation_insight_opentelemetry_io_metric_port]\n+ separator: ;\n+ target_label: __meta_kubernetes_pod_container_port_number\n+ action: keepequal\n
"},{"location":"admin/insight/quickstart/install/upgrade-note.html","title":"\u5347\u7ea7\u6ce8\u610f\u4e8b\u9879","text":"\u672c\u9875\u4ecb\u7ecd\u4e00\u4e9b\u5347\u7ea7 insight-server \u548c insight-agent \u7684\u6ce8\u610f\u4e8b\u9879\u3002
"},{"location":"admin/insight/quickstart/install/upgrade-note.html#insight-agent","title":"insight-agent","text":""},{"location":"admin/insight/quickstart/install/upgrade-note.html#v028x-v029x","title":"\u4ece v0.28.x\uff08\u6216\u66f4\u4f4e\u7248\u672c\uff09\u5347\u7ea7\u5230 v0.29.x","text":"\u7531\u4e8e v0.29.0 \u5347\u7ea7\u4e86 Opentelemetry \u793e\u533a\u7684 operator chart \u7248\u672c\uff0cvalues \u4e2d\u7684 featureGates \u7684\u652f\u6301\u7684\u503c\u6709\u6240\u53d8\u5316\uff0c\u56e0\u6b64\uff0c\u5728 upgrade \u4e4b\u524d\uff0c\u9700\u8981\u5c06 featureGates
\u7684\u503c\u8bbe\u7f6e\u4e3a\u7a7a, \u5373\uff1a
- --set opentelemetry-operator.manager.featureGates=\"+operator.autoinstrumentation.go,+operator.autoinstrumentation.multi-instrumentation,+operator.autoinstrumentation.nginx\" \\\n+ --set opentelemetry-operator.manager.featureGates=\"\"\n
"},{"location":"admin/insight/quickstart/install/upgrade-note.html#insight-server","title":"insight-server","text":""},{"location":"admin/insight/quickstart/install/upgrade-note.html#v026x-v027x","title":"\u4ece v0.26.x\uff08\u6216\u66f4\u4f4e\u7248\u672c\uff09\u5347\u7ea7\u5230 v0.27.x \u6216\u66f4\u9ad8\u7248\u672c","text":"\u5728 v0.27.x \u7248\u672c\u4e2d\u5c06 vector \u7ec4\u4ef6\u7684\u5f00\u5173\u5355\u72ec\u62bd\u51fa\u3002\u6545\u539f\u6709\u73af\u5883\u5f00\u542f\u4e86 vector\uff0c\u90a3\u5728\u5347\u7ea7 insight-server \u65f6\uff0c\u9700\u8981\u6307\u5b9a --set vector.enabled=true
\u3002
\u5728\u5347\u7ea7 Insight \u4e4b\u524d\uff0c\u60a8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u624b\u52a8\u5220\u9664 jaeger-collector \u548c jaeger-query \u90e8\u7f72\uff1a
kubectl -n insight-system delete deployment insight-jaeger-collector\nkubectl -n insight-system delete deployment insight-jaeger-query\n
"},{"location":"admin/insight/quickstart/install/upgrade-note.html#v017x-v018x","title":"\u4ece v0.17.x\uff08\u6216\u66f4\u4f4e\u7248\u672c\uff09\u5347\u7ea7\u5230 v0.18.x","text":"\u7531\u4e8e 0.18.x \u4e2d\u66f4\u65b0\u4e86 Jaeger \u76f8\u5173\u90e8\u7f72\u6587\u4ef6\uff0c\u56e0\u6b64\u9700\u8981\u5728\u5347\u7ea7 insight-server \u524d\u624b\u52a8\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff1a
kubectl -n insight-system delete deployment insight-jaeger-collector\nkubectl -n insight-system delete deployment insight-jaeger-query\n
\u7531\u4e8e 0.18.x \u4e2d\u6307\u6807\u540d\u4ea7\u751f\u4e86\u53d8\u52a8\uff0c\u56e0\u6b64\uff0c\u9700\u8981\u5728\u5347\u7ea7 insight-server \u4e4b\u540e\uff0cinsight-agent \u4e5f\u5e94\u8be5\u505a\u5347\u7ea7\u3002
\u6b64\u5916\uff0c\u8c03\u6574\u4e86\u5f00\u542f\u94fe\u8def\u6a21\u5757\u7684\u53c2\u6570\uff0c\u4ee5\u53ca ElasticSearch \u8fde\u63a5\u8c03\u6574\u3002\u5177\u4f53\u53c2\u8003\u4ee5\u4e0b\u53c2\u6570\uff1a
+ --set global.tracing.enable=true \\\n- --set jaeger.collector.enabled=true \\\n- --set jaeger.query.enabled=true \\\n+ --set global.elasticsearch.scheme=${your-external-elasticsearch-scheme} \\\n+ --set global.elasticsearch.host=${your-external-elasticsearch-host} \\\n+ --set global.elasticsearch.port=${your-external-elasticsearch-port} \\\n+ --set global.elasticsearch.user=${your-external-elasticsearch-username} \\\n+ --set global.elasticsearch.password=${your-external-elasticsearch-password} \\\n- --set jaeger.storage.elasticsearch.scheme=${your-external-elasticsearch-scheme} \\\n- --set jaeger.storage.elasticsearch.host=${your-external-elasticsearch-host} \\\n- --set jaeger.storage.elasticsearch.port=${your-external-elasticsearch-port} \\\n- --set jaeger.storage.elasticsearch.user=${your-external-elasticsearch-username} \\\n- --set jaeger.storage.elasticsearch.password=${your-external-elasticsearch-password} \\\n
"},{"location":"admin/insight/quickstart/install/upgrade-note.html#v015x-v016x","title":"\u4ece v0.15.x\uff08\u6216\u66f4\u4f4e\u7248\u672c\uff09\u5347\u7ea7\u5230 v0.16.x","text":"\u7531\u4e8e 0.16.x \u4e2d\u4f7f\u7528\u4e86 vmalertmanagers CRD \u7684\u65b0\u7279\u6027\u53c2\u6570 disableRouteContinueEnforce\uff0c \u56e0\u6b64\u9700\u8981\u5728\u5347\u7ea7 insight-server \u524d\u624b\u52a8\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u3002
kubectl apply --server-side -f https://raw.githubusercontent.com/VictoriaMetrics/operator/v0.33.0/config/crd/bases/operator.victoriametrics.com_vmalertmanagers.yaml --force-conflicts\n
Note
\u5982\u60a8\u662f\u79bb\u7ebf\u5b89\u88c5\uff0c\u53ef\u4ee5\u5728\u89e3\u538b Insight \u79bb\u7ebf\u5305\u540e\uff0c\u8bf7\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u66f4\u65b0 CRD\u3002
kubectl apply --server-side -f insight/dependency-crds --force-conflicts \n
"},{"location":"admin/insight/quickstart/install/upgrade-note.html#insight-agent_1","title":"insight-agent","text":""},{"location":"admin/insight/quickstart/install/upgrade-note.html#v023x-v024x","title":"\u4ece v0.23.x\uff08\u6216\u66f4\u4f4e\u7248\u672c\uff09\u5347\u7ea7\u5230 v0.24.x","text":"\u7531\u4e8e 0.24.x \u7248\u672c\u4e2d OTEL operator chart
\u4e2d\u65b0\u589e\u4e86 CRD\uff0c\u4f46\u7531\u4e8e Helm Upgrade \u65f6\u5e76\u4e0d\u4f1a\u66f4\u65b0 CRD\uff0c\u56e0\u6b64\uff0c\u9700\u8981\u624b\u52a8\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a
kubectl apply -f https://raw.githubusercontent.com/open-telemetry/opentelemetry-helm-charts/main/charts/opentelemetry-operator/crds/crd-opentelemetry.io_opampbridges.yaml\n
\u5982\u60a8\u662f\u79bb\u7ebf\u5b89\u88c5\uff0c\u53ef\u4ee5\u5728\u89e3\u538b insight-agent \u79bb\u7ebf\u5305\u540e\u53ef\u627e\u5230\u4e0a\u8ff0 CRD \u7684 yaml\uff0c\u89e3\u538b Insight-Agent Chart \u4e4b\u540e\u624b\u52a8\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a
kubectl apply -f charts/agent/crds/crd-opentelemetry.io_opampbridges.yaml\n
"},{"location":"admin/insight/quickstart/install/upgrade-note.html#v019x-v020x","title":"\u4ece v0.19.x\uff08\u6216\u66f4\u4f4e\u7248\u672c\uff09\u5347\u7ea7\u5230 v0.20.x","text":"\u7531\u4e8e 0.20.x \u4e2d\u589e\u52a0\u4e86 Kafka \u65e5\u5fd7\u5bfc\u51fa\u914d\u7f6e\uff0c\u65e5\u5fd7\u5bfc\u51fa\u914d\u7f6e\u505a\u4e86\u4e00\u4e9b\u8c03\u6574\u3002\u5347\u7ea7 insight-agent \u4e4b\u524d\u9700\u8981\u6ce8\u610f\u53c2\u6570\u53d8\u5316\uff0c \u5373\u539f\u6765 logging \u7684\u914d\u7f6e\u5df2\u7ecf\u79fb\u5230\u4e86\u914d\u7f6e\u4e2d logging.elasticsearch\uff1a
- --set global.exporters.logging.host \\\n- --set global.exporters.logging.port \\\n+ --set global.exporters.logging.elasticsearch.host \\\n+ --set global.exporters.logging.elasticsearch.port \\\n
"},{"location":"admin/insight/quickstart/install/upgrade-note.html#v017x-v018x_1","title":"\u4ece v0.17.x\uff08\u6216\u66f4\u4f4e\u7248\u672c\uff09\u5347\u7ea7\u5230 v0.18.x","text":"\u7531\u4e8e 0.18.x \u4e2d\u66f4\u65b0\u4e86 Jaeger \u76f8\u5173\u90e8\u7f72\u6587\u4ef6\uff0c\u56e0\u6b64\u9700\u8981\u5728\u5347\u7ea7 insight-agent \u524d\u9700\u8981\u6ce8\u610f\u53c2\u6570\u7684\u6539\u52a8\u3002
+ --set global.exporters.trace.enable=true \\\n- --set opentelemetry-collector.enabled=true \\\n- --set opentelemetry-operator.enabled=true \\\n
"},{"location":"admin/insight/quickstart/install/upgrade-note.html#v016x-v017x","title":"\u4ece v0.16.x\uff08\u6216\u66f4\u4f4e\u7248\u672c\uff09\u5347\u7ea7\u5230 v0.17.x","text":"\u5728 v0.17.x \u7248\u672c\u4e2d\u5c06 kube-prometheus-stack chart \u7248\u672c\u4ece 41.9.1 \u5347\u7ea7\u81f3 45.28.1, \u5176\u4e2d\u4f7f\u7528\u7684 CRD \u4e5f\u5b58\u5728\u4e00\u4e9b\u5b57\u6bb5\u7684\u5347\u7ea7\uff0c\u5982 servicemonitor \u7684 attachMetadata \u5b57\u6bb5\uff0c\u56e0\u6b64\u9700\u8981\u5728\u5347\u7ea7 insight-agent \u524d\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff1a
kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.65.1/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --force-conflicts\n
\u5982\u60a8\u662f\u79bb\u7ebf\u5b89\u88c5\uff0c\u53ef\u4ee5\u5728\u89e3\u538b insight-agent \u79bb\u7ebf\u5305\u540e\uff0c\u5728 insight-agent/dependency-crds \u4e2d\u627e\u5230\u4e0a\u8ff0 CRD \u7684 yaml\u3002
"},{"location":"admin/insight/quickstart/install/upgrade-note.html#v011x-v012x","title":"\u4ece v0.11.x\uff08\u6216\u66f4\u4f4e\u7248\u672c\uff09\u5347\u7ea7\u5230 v0.12.x","text":"\u5728 v0.12.x \u5c06 kube-prometheus-stack chart \u4ece 39.6.0 \u5347\u7ea7\u5230 41.9.1\uff0c\u5176\u4e2d\u5305\u62ec prometheus-operator \u5347\u7ea7\u5230 v0.60.1, prometheus-node-exporter chart \u5347\u7ea7\u5230 4.3.0 \u7b49\u3002 prometheus-node-exporter \u5347\u7ea7\u540e\u4f7f\u7528\u4e86 Kubernetes \u63a8\u8350 label\uff0c\u56e0\u6b64\u9700\u8981\u5728\u5347\u7ea7\u524d\u5220\u9664 node-exporter \u7684 DaemonSet\u3002 prometheus-operator \u66f4\u65b0\u4e86 CRD\uff0c\u56e0\u6b64\u9700\u8981\u5728\u5347\u7ea7 insight-agent \u524d\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff1a
kubectl delete daemonset insight-agent-prometheus-node-exporter -n insight-system\nkubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml --force-conflicts\nkubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml --force-conflicts\nkubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml --force-conflicts\nkubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml --force-conflicts\nkubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml --force-conflicts\nkubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml --force-conflicts\nkubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --force-conflicts\nkubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml --force-conflicts\n
Note
\u5982\u60a8\u662f\u79bb\u7ebf\u5b89\u88c5\uff0c\u53ef\u4ee5\u5728\u89e3\u538b insight-agent \u79bb\u7ebf\u5305\u540e\uff0c\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u66f4\u65b0 CRD\u3002
kubectl apply --server-side -f insight-agent/dependency-crds --force-conflicts\n
"},{"location":"admin/insight/quickstart/otel/operator.html","title":"\u901a\u8fc7 Operator \u5b9e\u73b0\u5e94\u7528\u7a0b\u5e8f\u65e0\u4fb5\u5165\u589e\u5f3a","text":"\u76ee\u524d\u53ea\u6709 Java\u3001NodeJs\u3001Python\u3001.Net\u3001Golang \u652f\u6301 Operator \u7684\u65b9\u5f0f\u65e0\u4fb5\u5165\u63a5\u5165\u3002
"},{"location":"admin/insight/quickstart/otel/operator.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u8bf7\u786e\u4fdd insight-agent \u5df2\u7ecf\u5c31\u7eea\u3002\u5982\u82e5\u6ca1\u6709\uff0c\u8bf7\u53c2\u8003\u5b89\u88c5 insight-agent \u91c7\u96c6\u6570\u636e\u5e76\u786e\u4fdd\u4ee5\u4e0b\u4e09\u9879\u5c31\u7eea\uff1a
Tip
\u4ece Insight v0.22.0 \u5f00\u59cb\uff0c\u4e0d\u518d\u9700\u8981\u624b\u52a8\u5b89\u88c5 Instrumentation CR\u3002
\u5728 insight-system
\u547d\u540d\u7a7a\u95f4\u4e0b\u5b89\u88c5\uff0c\u4e0d\u540c\u7248\u672c\u4e4b\u95f4\u6709\u4e00\u4e9b\u7ec6\u5c0f\u7684\u5dee\u522b\u3002
K8S_CLUSTER_UID=$(kubectl get namespace kube-system -o jsonpath='{.metadata.uid}')\nkubectl apply -f - <<EOF\napiVersion: opentelemetry.io/v1alpha1\nkind: Instrumentation\nmetadata:\n name: insight-opentelemetry-autoinstrumentation\n namespace: insight-system\nspec:\n # https://github.com/open-telemetry/opentelemetry-operator/blob/main/docs/api.md#instrumentationspecresource\n resource:\n addK8sUIDAttributes: true\n env:\n - name: OTEL_EXPORTER_OTLP_ENDPOINT\n value: http://insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317\n sampler:\n # Enum: always_on, always_off, traceidratio, parentbased_always_on, parentbased_always_off, parentbased_traceidratio, jaeger_remote, xray\n type: always_on\n java:\n image: ghcr.m.daocloud.io/openinsight-proj/autoinstrumentation-java:1.31.0\n env:\n - name: OTEL_JAVAAGENT_DEBUG\n value: \"false\"\n - name: OTEL_INSTRUMENTATION_JDBC_ENABLED\n value: \"true\"\n - name: SPLUNK_PROFILER_ENABLED\n value: \"false\"\n - name: OTEL_METRICS_EXPORTER\n value: \"prometheus\"\n - name: OTEL_METRICS_EXPORTER_PORT\n value: \"9464\"\n - name: OTEL_K8S_CLUSTER_UID\n value: $K8S_CLUSTER_UID\n nodejs:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-nodejs:0.41.1\n python:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-python:0.40b0\n dotnet:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-dotnet:1.0.0\n go:\n # Must set the default value manually for now.\n # See https://github.com/open-telemetry/opentelemetry-operator/issues/1756 for details.\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-go-instrumentation/autoinstrumentation-go:v0.2.2-alpha\nEOF\n
kubectl apply -f - <<EOF\napiVersion: opentelemetry.io/v1alpha1\nkind: Instrumentation\nmetadata:\n name: insight-opentelemetry-autoinstrumentation\n namespace: insight-system\nspec:\n # https://github.com/open-telemetry/opentelemetry-operator/blob/main/docs/api.md#instrumentationspecresource\n resource:\n addK8sUIDAttributes: true\n env:\n - name: OTEL_EXPORTER_OTLP_ENDPOINT\n value: http://insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317\n sampler:\n # Enum: always_on, always_off, traceidratio, parentbased_always_on, parentbased_always_off, parentbased_traceidratio, jaeger_remote, xray\n type: always_on\n java:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-java:1.29.0\n env:\n - name: OTEL_JAVAAGENT_DEBUG\n value: \"false\"\n - name: OTEL_INSTRUMENTATION_JDBC_ENABLED\n value: \"true\"\n - name: SPLUNK_PROFILER_ENABLED\n value: \"false\"\n - name: OTEL_METRICS_EXPORTER\n value: \"prometheus\"\n - name: OTEL_METRICS_EXPORTER_PORT\n value: \"9464\"\n nodejs:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-nodejs:0.41.1\n python:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-python:0.40b0\n dotnet:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-dotnet:1.0.0-rc.2\n go:\n # Must set the default value manually for now.\n # See https://github.com/open-telemetry/opentelemetry-operator/issues/1756 for details.\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-go-instrumentation/autoinstrumentation-go:v0.2.2-alpha\nEOF\n
kubectl apply -f - <<EOF\napiVersion: opentelemetry.io/v1alpha1\nkind: Instrumentation\nmetadata:\n name: insight-opentelemetry-autoinstrumentation\n namespace: insight-system\nspec:\n # https://github.com/open-telemetry/opentelemetry-operator/blob/main/docs/api.md#instrumentationspecresource\n resource:\n addK8sUIDAttributes: true\n env:\n - name: OTEL_EXPORTER_OTLP_ENDPOINT\n value: http://insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317\n sampler:\n # Enum: always_on, always_off, traceidratio, parentbased_always_on, parentbased_always_off, parentbased_traceidratio, jaeger_remote, xray\n type: always_on\n java:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-java:1.25.0\n env:\n - name: OTEL_JAVAAGENT_DEBUG\n value: \"false\"\n - name: OTEL_INSTRUMENTATION_JDBC_ENABLED\n value: \"true\"\n - name: SPLUNK_PROFILER_ENABLED\n value: \"false\"\n - name: OTEL_METRICS_EXPORTER\n value: \"prometheus\"\n - name: OTEL_METRICS_EXPORTER_PORT\n value: \"9464\"\n nodejs:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-nodejs:0.37.0\n python:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-python:0.38b0\n go:\n # Must set the default value manually for now.\n # See https://github.com/open-telemetry/opentelemetry-operator/issues/1756 for details.\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-go-instrumentation/autoinstrumentation-go:v0.2.1-alpha\nEOF\n
kubectl apply -f - <<EOF\napiVersion: opentelemetry.io/v1alpha1\nkind: Instrumentation\nmetadata:\n name: insight-opentelemetry-autoinstrumentation\n namespace: insight-system\nspec:\n # https://github.com/open-telemetry/opentelemetry-operator/blob/main/docs/api.md#instrumentationspecresource\n resource:\n addK8sUIDAttributes: true\n env:\n - name: OTEL_EXPORTER_OTLP_ENDPOINT\n value: http://insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317\n sampler:\n # Enum: always_on, always_off, traceidratio, parentbased_always_on, parentbased_always_off, parentbased_traceidratio, jaeger_remote, xray\n type: always_on\n java:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-java:1.23.0\n env:\n - name: OTEL_JAVAAGENT_DEBUG\n value: \"false\"\n - name: OTEL_INSTRUMENTATION_JDBC_ENABLED\n value: \"true\"\n - name: SPLUNK_PROFILER_ENABLED\n value: \"false\"\n - name: OTEL_METRICS_EXPORTER\n value: \"prometheus\"\n - name: OTEL_METRICS_EXPORTER_PORT\n value: \"9464\"\n nodejs:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-nodejs:0.34.0\n python:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-python:0.33b0\nEOF\n
kubectl apply -f - <<EOF\napiVersion: opentelemetry.io/v1alpha1\nkind: Instrumentation\nmetadata:\n name: insight-opentelemetry-autoinstrumentation\n namespace: insight-system\nspec:\n # https://github.com/open-telemetry/opentelemetry-operator/blob/main/docs/api.md#instrumentationspecresource\n resource:\n addK8sUIDAttributes: true\n env:\n - name: OTEL_EXPORTER_OTLP_ENDPOINT\n value: http://insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317\n sampler:\n # Enum: always_on, always_off, traceidratio, parentbased_always_on, parentbased_always_off, parentbased_traceidratio, jaeger_remote, xray\n type: always_on\n java:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-java:1.23.0\n env:\n - name: OTEL_JAVAAGENT_DEBUG\n value: \"false\"\n - name: OTEL_INSTRUMENTATION_JDBC_ENABLED\n value: \"true\"\n - name: SPLUNK_PROFILER_ENABLED\n value: \"false\"\n - name: OTEL_METRICS_EXPORTER\n value: \"prometheus\"\n - name: OTEL_METRICS_EXPORTER_PORT\n value: \"9464\"\n nodejs:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-nodejs:0.34.0\n python:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-python:0.33b0\nEOF\n
"},{"location":"admin/insight/quickstart/otel/operator.html#_2","title":"\u4e0e\u670d\u52a1\u7f51\u683c\u94fe\u8def\u4e32\u8054\u573a\u666f","text":"\u5982\u679c\u60a8\u5f00\u542f\u4e86\u670d\u52a1\u7f51\u683c\u7684\u94fe\u8def\u8ffd\u8e2a\u80fd\u529b\uff0c\u9700\u8981\u989d\u5916\u589e\u52a0\u4e00\u4e2a\u73af\u5883\u53d8\u91cf\u6ce8\u5165\u7684\u914d\u7f6e\uff1a
"},{"location":"admin/insight/quickstart/otel/operator.html#_3","title":"\u64cd\u4f5c\u6b65\u9aa4\u5982\u4e0b","text":"\u9009\u62e9 insight-system \u547d\u540d\u7a7a\u95f4\u540e\uff0c\u7f16\u8f91 insight-opentelemetry-autoinstrumentation \uff0c\u5728 spec:env: \u4e0b\u6dfb\u52a0\u4ee5\u4e0b\u5185\u5bb9\uff1a
- name: OTEL_SERVICE_NAME\n valueFrom:\n fieldRef:\n fieldPath: metadata.labels['app'] \n
\u5b8c\u6574\u7684\u547d\u4ee4\u5982\u4e0b\uff08For Insight v0.21.x\uff09\uff1a
K8S_CLUSTER_UID=$(kubectl get namespace kube-system -o jsonpath='{.metadata.uid}')\nkubectl apply -f - <<EOF\napiVersion: opentelemetry.io/v1alpha1\nkind: Instrumentation\nmetadata:\n name: insight-opentelemetry-autoinstrumentation\n namespace: insight-system\nspec:\n # https://github.com/open-telemetry/opentelemetry-operator/blob/main/docs/api.md#instrumentationspecresource\n resource:\n addK8sUIDAttributes: true\n env:\n - name: OTEL_EXPORTER_OTLP_ENDPOINT\n value: http://insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317\n - name: OTEL_SERVICE_NAME\n valueFrom:\n fieldRef:\n fieldPath: metadata.labels['app'] \n sampler:\n # Enum: always_on, always_off, traceidratio, parentbased_always_on, parentbased_always_off, parentbased_traceidratio, jaeger_remote, xray\n type: always_on\n java:\n image: ghcr.m.daocloud.io/openinsight-proj/autoinstrumentation-java:1.31.0\n env:\n - name: OTEL_JAVAAGENT_DEBUG\n value: \"false\"\n - name: OTEL_INSTRUMENTATION_JDBC_ENABLED\n value: \"true\"\n - name: SPLUNK_PROFILER_ENABLED\n value: \"false\"\n - name: OTEL_METRICS_EXPORTER\n value: \"prometheus\"\n - name: OTEL_METRICS_EXPORTER_PORT\n value: \"9464\"\n - name: OTEL_K8S_CLUSTER_UID\n value: $K8S_CLUSTER_UID\n nodejs:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-nodejs:0.41.1\n python:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-python:0.40b0\n dotnet:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-dotnet:1.0.0\n go:\n # Must set the default value manually for now.\n # See https://github.com/open-telemetry/opentelemetry-operator/issues/1756 for details.\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-go-instrumentation/autoinstrumentation-go:v0.2.2-alpha\nEOF\n
\u4ee5\u4e0a\u5c31\u7eea\u4e4b\u540e\uff0c\u60a8\u5c31\u53ef\u4ee5\u901a\u8fc7\u6ce8\u89e3\uff08Annotation\uff09\u65b9\u5f0f\u4e3a\u5e94\u7528\u7a0b\u5e8f\u63a5\u5165\u94fe\u8def\u8ffd\u8e2a\u4e86\uff0cOTel \u76ee\u524d\u652f\u6301\u901a\u8fc7\u6ce8\u89e3\u7684\u65b9\u5f0f\u63a5\u5165\u94fe\u8def\u3002 \u6839\u636e\u670d\u52a1\u8bed\u8a00\uff0c\u9700\u8981\u6dfb\u52a0\u4e0a\u4e0d\u540c\u7684 pod annotations\u3002\u6bcf\u4e2a\u670d\u52a1\u53ef\u6dfb\u52a0\u4e24\u7c7b\u6ce8\u89e3\u4e4b\u4e00\uff1a
\u53ea\u6ce8\u5165\u73af\u5883\u53d8\u91cf\u6ce8\u89e3
\u8fd9\u7c7b\u6ce8\u89e3\u53ea\u6709\u4e00\u4e2a\uff0c\u7528\u4e8e\u6dfb\u52a0 otel \u76f8\u5173\u7684\u73af\u5883\u53d8\u91cf\uff0c\u6bd4\u5982\u94fe\u8def\u4e0a\u62a5\u5730\u5740\u3001\u5bb9\u5668\u6240\u5728\u7684\u96c6\u7fa4 id\u3001\u547d\u540d\u7a7a\u95f4\u7b49\uff08\u8fd9\u4e2a\u6ce8\u89e3\u5728\u5e94\u7528\u4e0d\u652f\u6301\u81ea\u52a8\u63a2\u9488\u8bed\u8a00\u65f6\u5341\u5206\u6709\u7528\uff09
instrumentation.opentelemetry.io/inject-sdk: \"insight-system/insight-opentelemetry-autoinstrumentation\"\n
\u5176\u4e2d value \u88ab /
\u5206\u6210\u4e24\u90e8\u5206\uff0c\u7b2c\u4e00\u4e2a\u503c (insight-system) \u662f\u4e0a\u4e00\u6b65\u5b89\u88c5\u7684 CR \u7684\u547d\u540d\u7a7a\u95f4\uff0c \u7b2c\u4e8c\u4e2a\u503c (insight-opentelemetry-autoinstrumentation) \u662f\u8fd9\u4e2a CR \u7684\u540d\u5b57\u3002
\u81ea\u52a8\u63a2\u9488\u6ce8\u5165\u4ee5\u53ca\u73af\u5883\u53d8\u91cf\u6ce8\u5165\u6ce8\u89e3
\u8fd9\u7c7b\u6ce8\u89e3\u76ee\u524d\u6709 4 \u4e2a\uff0c\u5206\u522b\u5bf9\u5e94 4 \u79cd\u4e0d\u540c\u7684\u7f16\u7a0b\u8bed\u8a00\uff1ajava\u3001nodejs\u3001python\u3001dotnet\uff0c \u4f7f\u7528\u5b83\u540e\u5c31\u4f1a\u5bf9 spec.pod \u4e0b\u7684\u7b2c\u4e00\u4e2a\u5bb9\u5668\u6ce8\u5165\u81ea\u52a8\u63a2\u9488\u4ee5\u53ca otel \u9ed8\u8ba4\u73af\u5883\u53d8\u91cf\uff1a
Java \u5e94\u7528NodeJs \u5e94\u7528Python \u5e94\u7528Dotnet \u5e94\u7528Golang \u5e94\u7528instrumentation.opentelemetry.io/inject-java: \"insight-system/insight-opentelemetry-autoinstrumentation\"\n
instrumentation.opentelemetry.io/inject-nodejs: \"insight-system/insight-opentelemetry-autoinstrumentation\"\n
instrumentation.opentelemetry.io/inject-python: \"insight-system/insight-opentelemetry-autoinstrumentation\"\n
instrumentation.opentelemetry.io/inject-dotnet: \"insight-system/insight-opentelemetry-autoinstrumentation\"\n
\u7531\u4e8e Go \u81ea\u52a8\u68c0\u6d4b\u9700\u8981\u8bbe\u7f6e OTEL_GO_AUTO_TARGET_EXE\uff0c \u56e0\u6b64\u60a8\u5fc5\u987b\u901a\u8fc7\u6ce8\u89e3\u6216 Instrumentation \u8d44\u6e90\u63d0\u4f9b\u6709\u6548\u7684\u53ef\u6267\u884c\u8def\u5f84\u3002\u672a\u8bbe\u7f6e\u6b64\u503c\u4f1a\u5bfc\u81f4 Go \u81ea\u52a8\u68c0\u6d4b\u6ce8\u5165\u4e2d\u6b62\uff0c\u4ece\u800c\u5bfc\u81f4\u63a5\u5165\u94fe\u8def\u5931\u8d25\u3002
instrumentation.opentelemetry.io/inject-go: \"insight-system/insight-opentelemetry-autoinstrumentation\"\ninstrumentation.opentelemetry.io/otel-go-auto-target-exe: \"/path/to/container/executable\"\n
Go \u81ea\u52a8\u68c0\u6d4b\u4e5f\u9700\u8981\u63d0\u5347\u6743\u9650\u3002\u4ee5\u4e0b\u6743\u9650\u662f\u81ea\u52a8\u8bbe\u7f6e\u7684\u5e76\u4e14\u662f\u5fc5\u9700\u7684\u3002
securityContext:\n privileged: true\n runAsUser: 0\n
Tip
OpenTelemetry Operator \u5728\u6ce8\u5165\u63a2\u9488\u65f6\u4f1a\u81ea\u52a8\u6dfb\u52a0\u4e00\u4e9b OTel \u76f8\u5173\u73af\u5883\u53d8\u91cf\uff0c\u540c\u65f6\u4e5f\u652f\u6301\u8fd9\u4e9b\u73af\u5883\u53d8\u91cf\u7684\u8986\u76d6\u3002\u8fd9\u4e9b\u73af\u5883\u53d8\u91cf\u7684\u8986\u76d6\u4f18\u5148\u7ea7\uff1a
original container env vars -> language specific env vars -> common env vars -> instrument spec configs' vars\n
\u4f46\u662f\u9700\u8981\u907f\u514d\u624b\u52a8\u8986\u76d6 OTEL_RESOURCE_ATTRIBUTES_NODE_NAME\uff0c\u5b83\u5728 Operator \u5185\u90e8\u4f5c\u4e3a\u4e00\u4e2a Pod \u662f\u5426\u5df2\u7ecf\u6ce8\u5165\u63a2\u9488\u7684\u6807\u8bc6\uff0c\u5982\u679c\u624b\u52a8\u6dfb\u52a0\u4e86\uff0c\u63a2\u9488\u53ef\u80fd\u65e0\u6cd5\u6ce8\u5165\u3002
"},{"location":"admin/insight/quickstart/otel/operator.html#demo","title":"\u81ea\u52a8\u6ce8\u5165\u793a\u4f8b Demo","text":"\u6ce8\u610f\u8fd9\u4e2a annotations
\u662f\u52a0\u5728 spec.annotations \u4e0b\u7684\u3002
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: my-app\n labels:\n app: my-app\nspec:\n selector:\n matchLabels:\n app: my-app\n replicas: 1\n template:\n metadata:\n labels:\n app: my-app\n annotations:\n instrumentation.opentelemetry.io/inject-java: \"insight-system/insight-opentelemetry-autoinstrumentation\"\n spec:\n containers:\n - name: myapp\n image: jaegertracing/vertx-create-span:operator-e2e-tests\n ports:\n - containerPort: 8080\n protocol: TCP\n
\u6700\u7ec8\u751f\u6210\u7684 YAML \u5185\u5bb9\u5982\u4e0b\uff1a
apiVersion: v1\nkind: Pod\nmetadata:\n name: my-deployment-with-sidecar-565bd877dd-nqkk6\n generateName: my-deployment-with-sidecar-565bd877dd-\n namespace: default\n uid: aa89ca0d-620c-4d20-8bc1-37d67bad4ea4\n resourceVersion: '2668986'\n creationTimestamp: '2022-04-08T05:58:48Z'\n labels:\n app: my-pod-with-sidecar\n pod-template-hash: 565bd877dd\n annotations:\n cni.projectcalico.org/containerID: 234eae5e55ea53db2a4bc2c0384b9a1021ed3908f82a675e4a92a49a7e80dd61\n cni.projectcalico.org/podIP: 192.168.134.133/32\n cni.projectcalico.org/podIPs: 192.168.134.133/32\n instrumentation.opentelemetry.io/inject-java: \"insight-system/insight-opentelemetry-autoinstrumentation\"\nspec:\n volumes:\n - name: kube-api-access-sp2mz\n projected:\n sources:\n - serviceAccountToken:\n expirationSeconds: 3607\n path: token\n - configMap:\n name: kube-root-ca.crt\n items:\n - key: ca.crt\n path: ca.crt\n - downwardAPI:\n items:\n - path: namespace\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n defaultMode: 420\n - name: opentelemetry-auto-instrumentation\n emptyDir: {}\n initContainers:\n - name: opentelemetry-auto-instrumentation\n image: >-\n ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-java\n command:\n - cp\n - /javaagent.jar\n - /otel-auto-instrumentation/javaagent.jar\n resources: {}\n volumeMounts:\n - name: opentelemetry-auto-instrumentation\n mountPath: /otel-auto-instrumentation\n - name: kube-api-access-sp2mz\n readOnly: true\n mountPath: /var/run/secrets/kubernetes.io/serviceaccount\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: Always\n containers:\n - name: myapp\n image: ghcr.io/pavolloffay/spring-petclinic:latest\n env:\n - name: OTEL_JAVAAGENT_DEBUG\n value: 'true'\n - name: OTEL_INSTRUMENTATION_JDBC_ENABLED\n value: 'true'\n - name: SPLUNK_PROFILER_ENABLED\n value: 'false'\n - name: JAVA_TOOL_OPTIONS\n value: ' -javaagent:/otel-auto-instrumentation/javaagent.jar'\n - name: OTEL_TRACES_EXPORTER\n value: otlp\n - name: OTEL_EXPORTER_OTLP_ENDPOINT\n value: http://insight-agent-opentelemetry-collector.svc.cluster.local:4317\n - name: OTEL_EXPORTER_OTLP_TIMEOUT\n value: '20'\n - name: OTEL_TRACES_SAMPLER\n value: parentbased_traceidratio\n - name: OTEL_TRACES_SAMPLER_ARG\n value: '0.85'\n - name: SPLUNK_TRACE_RESPONSE_HEADER_ENABLED\n value: 'true'\n - name: OTEL_SERVICE_NAME\n value: my-deployment-with-sidecar\n - name: OTEL_RESOURCE_ATTRIBUTES_POD_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.name\n - name: OTEL_RESOURCE_ATTRIBUTES_POD_UID\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.uid\n - name: OTEL_RESOURCE_ATTRIBUTES_NODE_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: spec.nodeName\n - name: OTEL_RESOURCE_ATTRIBUTES\n value: >-\n k8s.container.name=myapp,k8s.deployment.name=my-deployment-with-sidecar,k8s.deployment.uid=8de6929d-dda0-436c-bca1-604e9ca7ea4e,k8s.namespace.name=default,k8s.node.name=$(OTEL_RESOURCE_ATTRIBUTES_NODE_NAME),k8s.pod.name=$(OTEL_RESOURCE_ATTRIBUTES_POD_NAME),k8s.pod.uid=$(OTEL_RESOURCE_ATTRIBUTES_POD_UID),k8s.replicaset.name=my-deployment-with-sidecar-565bd877dd,k8s.replicaset.uid=190d5f6e-ba7f-4794-b2e6-390b5879a6c4\n - name: OTEL_PROPAGATORS\n value: jaeger,b3\n resources: {}\n volumeMounts:\n - name: kube-api-access-sp2mz\n readOnly: true\n mountPath: /var/run/secrets/kubernetes.io/serviceaccount\n - name: opentelemetry-auto-instrumentation\n mountPath: /otel-auto-instrumentation\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: Always\n restartPolicy: Always\n terminationGracePeriodSeconds: 30\n dnsPolicy: ClusterFirst\n serviceAccountName: default\n serviceAccount: default\n nodeName: k8s-master3\n securityContext:\n runAsUser: 1000\n runAsGroup: 3000\n fsGroup: 2000\n schedulerName: default-scheduler\n tolerations:\n - key: node.kubernetes.io/not-ready\n operator: Exists\n effect: NoExecute\n tolerationSeconds: 300\n - key: node.kubernetes.io/unreachable\n operator: Exists\n effect: NoExecute\n tolerationSeconds: 300\n priority: 0\n enableServiceLinks: true\n preemptionPolicy: PreemptLowerPriority\n
"},{"location":"admin/insight/quickstart/otel/operator.html#_5","title":"\u94fe\u8def\u67e5\u8be2","text":"\u5982\u4f55\u67e5\u8be2\u5df2\u7ecf\u63a5\u5165\u7684\u670d\u52a1\uff0c\u53c2\u8003\u94fe\u8def\u67e5\u8be2\u3002
"},{"location":"admin/insight/quickstart/otel/otel.html","title":"\u4f7f\u7528 OTel \u8d4b\u4e88\u5e94\u7528\u53ef\u89c2\u6d4b\u6027","text":"\u589e\u5f3a\u662f\u4f7f\u5e94\u7528\u7a0b\u5e8f\u4ee3\u7801\u80fd\u591f\u751f\u6210\u9065\u6d4b\u6570\u636e\u7684\u8fc7\u7a0b\u3002\u5373\u4e00\u4e9b\u53ef\u4ee5\u5e2e\u52a9\u60a8\u76d1\u89c6\u6216\u6d4b\u91cf\u5e94\u7528\u7a0b\u5e8f\u7684\u6027\u80fd\u548c\u72b6\u6001\u7684\u4e1c\u897f\u3002
OpenTelemetry \u662f\u9886\u5148\u7684\u5f00\u6e90\u9879\u76ee\uff0c\u4e3a\u4e3b\u8981\u7f16\u7a0b\u8bed\u8a00\u548c\u6d41\u884c\u6846\u67b6\u63d0\u4f9b\u68c0\u6d4b\u5e93\u3002\u5b83\u662f\u4e91\u539f\u751f\u8ba1\u7b97\u57fa\u91d1\u4f1a\u4e0b\u7684\u4e00\u4e2a\u9879\u76ee\uff0c\u5f97\u5230\u4e86\u793e\u533a\u5e9e\u5927\u8d44\u6e90\u7684\u652f\u6301\u3002 \u5b83\u4e3a\u91c7\u96c6\u7684\u6570\u636e\u63d0\u4f9b\u6807\u51c6\u5316\u7684\u6570\u636e\u683c\u5f0f\uff0c\u65e0\u9700\u96c6\u6210\u7279\u5b9a\u7684\u4f9b\u5e94\u5546\u3002
Insight \u652f\u6301\u7528\u4e8e\u68c0\u6d4b\u5e94\u7528\u7a0b\u5e8f\u7684 OpenTelemetry \u6765\u589e\u5f3a\u60a8\u7684\u5e94\u7528\u7a0b\u5e8f\u3002
\u672c\u6307\u5357\u4ecb\u7ecd\u4e86\u4f7f\u7528 OpenTelemetry \u8fdb\u884c\u9065\u6d4b\u589e\u5f3a\u7684\u57fa\u672c\u6982\u5ff5\u3002 OpenTelemetry \u8fd8\u6709\u4e00\u4e2a\u7531\u5e93\u3001\u63d2\u4ef6\u3001\u96c6\u6210\u548c\u5176\u4ed6\u6709\u7528\u5de5\u5177\u7ec4\u6210\u7684\u751f\u6001\u7cfb\u7edf\u6765\u6269\u5c55\u5b83\u3002 \u60a8\u53ef\u4ee5\u5728 Otel Registry \u4e2d\u627e\u5230\u8fd9\u4e9b\u8d44\u6e90\u3002
\u60a8\u53ef\u4ee5\u4f7f\u7528\u4efb\u4f55\u5f00\u653e\u6807\u51c6\u5e93\u8fdb\u884c\u9065\u6d4b\u589e\u5f3a\uff0c\u5e76\u4f7f\u7528 Insight \u4f5c\u4e3a\u53ef\u89c2\u5bdf\u6027\u540e\u7aef\u6765\u6444\u53d6\u3001\u5206\u6790\u548c\u53ef\u89c6\u5316\u6570\u636e\u3002
\u4e3a\u4e86\u589e\u5f3a\u60a8\u7684\u4ee3\u7801\uff0c\u60a8\u53ef\u4ee5\u4f7f\u7528 OpenTelemetry \u4e3a\u7279\u5b9a\u8bed\u8a00\u63d0\u4f9b\u7684\u589e\u5f3a\u64cd\u4f5c\uff1a
Insight \u76ee\u524d\u63d0\u4f9b\u4e86\u4f7f\u7528 OpenTelemetry \u589e\u5f3a .Net NodeJS\u3001Java\u3001Python \u548c Golang \u5e94\u7528\u7a0b\u5e8f\u7684\u7b80\u5355\u65b9\u6cd5\u3002\u8bf7\u9075\u5faa\u4ee5\u4e0b\u6307\u5357\u3002
"},{"location":"admin/insight/quickstart/otel/otel.html#_1","title":"\u94fe\u8def\u589e\u5f3a","text":"\u6b64\u6587\u6863\u4e3b\u8981\u63cf\u8ff0\u5ba2\u6237\u5e94\u7528\u5982\u4f55\u81ea\u884c\u5c06\u94fe\u8def\u6570\u636e\u4e0a\u62a5\u7ed9 Insight\u3002\u4e3b\u8981\u5305\u542b\u5982\u4e0b\u4e24\u79cd\u573a\u666f\uff1a
\u5728\u6bcf\u4e2a\u5df2\u5b89\u88c5 Insight Agent \u7684\u96c6\u7fa4\u4e2d\u90fd\u6709 insight-agent-otel-col \u7ec4\u4ef6\u7528\u4e8e\u7edf\u4e00\u63a5\u6536\u8be5\u96c6\u7fa4\u7684\u94fe\u8def\u6570\u636e\u3002 \u56e0\u6b64\uff0c\u8be5\u7ec4\u4ef6\u4f5c\u4e3a\u7528\u6237\u63a5\u5165\u4fa7\u7684\u5165\u53e3\uff0c\u9700\u8981\u5148\u83b7\u53d6\u8be5\u5730\u5740\u3002\u53ef\u4ee5\u901a\u8fc7 AI \u7b97\u529b\u4e2d\u5fc3 \u754c\u9762\u83b7\u53d6\u8be5\u96c6\u7fa4 Opentelemtry Collector \u7684\u5730\u5740\uff0c \u6bd4\u5982 insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317 \uff1a
\u9664\u6b64\u4e4b\u5916\uff0c\u9488\u5bf9\u4e0d\u540c\u4e0a\u62a5\u65b9\u5f0f\uff0c\u6709\u4e00\u4e9b\u7ec6\u5fae\u5dee\u522b\uff1a
"},{"location":"admin/insight/quickstart/otel/send_tracing_to_insight.html#otel-agentsdk-insight-agent-opentelemtry-collector","title":"\u5ba2\u6237\u5e94\u7528\u901a\u8fc7 OTel Agent/SDK \u4e0a\u62a5\u94fe\u8def\u7ed9 Insight Agent Opentelemtry Collector","text":"\u4e3a\u4e86\u80fd\u591f\u5c06\u94fe\u8def\u6570\u636e\u6b63\u5e38\u4e0a\u62a5\u81f3 Insight \u5e76\u80fd\u591f\u5728 Insight \u6b63\u5e38\u5c55\u793a\uff0c\u9700\u8981\u5e76\u5efa\u8bae\u901a\u8fc7\u5982\u4e0b\u73af\u5883\u53d8\u91cf\u63d0\u4f9b OTLP \u6240\u9700\u7684\u5143\u6570\u636e (Resource Attribute)\uff0c\u6709\u4e24\u79cd\u65b9\u5f0f\u53ef\u5b9e\u73b0\uff1a
\u5728\u90e8\u7f72\u6587\u4ef6 YAML \u4e2d\u624b\u52a8\u6dfb\u52a0\uff0c\u4f8b\u5982\uff1a
...\n- name: OTEL_EXPORTER_OTLP_ENDPOINT\n value: \"http://insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317\"\n- name: \"OTEL_SERVICE_NAME\"\n value: my-java-app-name\n- name: \"OTEL_K8S_NAMESPACE\"\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n- name: OTEL_RESOURCE_ATTRIBUTES_NODE_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: spec.nodeName\n- name: OTEL_RESOURCE_ATTRIBUTES_POD_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.name\n- name: OTEL_RESOURCE_ATTRIBUTES\n value: \"k8s.namespace.name=$(OTEL_K8S_NAMESPACE),k8s.node.name=$(OTEL_RESOURCE_ATTRIBUTES_NODE_NAME),k8s.pod.name=$(OTEL_RESOURCE_ATTRIBUTES_POD_NAME)\"\n
\u5229\u7528 Insight Agent \u81ea\u52a8\u6ce8\u5165\u5982\u4e0a\u5143\u6570\u636e (Resource Attribute) \u80fd\u529b
\u786e\u4fdd Insight Agent \u6b63\u5e38\u5de5\u4f5c\u5e76 \u5b89\u88c5 Instrumentation CR \u4e4b\u540e\uff0c \u53ea\u9700\u8981\u4e3a Pod \u6dfb\u52a0\u5982\u4e0b Annotation \u5373\u53ef\uff1a
instrumentation.opentelemetry.io/inject-sdk: \"insight-system/insight-opentelemetry-autoinstrumentation\"\n
\u4e3e\u4f8b\uff1a
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: my-deployment-with-aotu-instrumentation\nspec:\n selector:\n matchLabels:\n app.kubernetes.io/name: my-deployment-with-aotu-instrumentation-kuberntes\n replicas: 1\n template:\n metadata:\n labels:\n app.kubernetes.io/name: my-deployment-with-aotu-instrumentation-kuberntes\n annotations:\n sidecar.opentelemetry.io/inject: \"false\"\n instrumentation.opentelemetry.io/inject-sdk: \"insight-system/insight-opentelemetry-autoinstrumentation\"\n
\u5728\u4fdd\u8bc1\u5e94\u7528\u6dfb\u52a0\u4e86\u5982\u4e0a\u5143\u6570\u636e\u4e4b\u540e\uff0c\u53ea\u9700\u5728\u5ba2\u6237 Opentelemtry Collector \u91cc\u9762\u65b0\u589e\u4e00\u4e2a OTLP Exporter \u5c06\u94fe\u8def\u6570\u636e\u8f6c\u53d1\u7ed9 Insight Agent Opentelemtry Collector \u5373\u53ef\uff0c\u5982\u4e0b Opentelemtry Collector \u914d\u7f6e\u6587\u4ef6\u6240\u793a\uff1a
...\nexporters:\n otlp/insight:\n endpoint: insight-opentelemetry-collector.insight-system.svc.cluster.local:4317\nservice:\n...\npipelines:\n...\ntraces:\n exporters:\n - otlp/insight\n
"},{"location":"admin/insight/quickstart/otel/send_tracing_to_insight.html#_1","title":"\u53c2\u8003","text":"Golang \u65e0\u4fb5\u5165\u5f0f\u63a5\u5165\u94fe\u8def\u8bf7\u53c2\u8003 \u901a\u8fc7 Operator \u5b9e\u73b0\u5e94\u7528\u7a0b\u5e8f\u65e0\u4fb5\u5165\u589e\u5f3a \u6587\u6863\uff0c\u901a\u8fc7\u6ce8\u89e3\u5b9e\u73b0\u81ea\u52a8\u63a5\u5165\u94fe\u8def\u3002
OpenTelemetry \u4e5f\u7b80\u79f0\u4e3a OTel\uff0c\u662f\u4e00\u4e2a\u5f00\u6e90\u7684\u53ef\u89c2\u6d4b\u6027\u6846\u67b6\uff0c\u53ef\u4ee5\u5e2e\u52a9\u5728 Go \u5e94\u7528\u7a0b\u5e8f\u4e2d\u751f\u6210\u548c\u6536\u96c6\u9065\u6d4b\u6570\u636e\uff1a\u94fe\u8def\u3001\u6307\u6807\u548c\u65e5\u5fd7\u3002
\u672c\u6587\u4e3b\u8981\u8bb2\u89e3\u5982\u4f55\u5728 Go \u5e94\u7528\u7a0b\u5e8f\u4e2d\u901a\u8fc7 OpenTelemetry Go SDK \u589e\u5f3a\u5e76\u63a5\u5165\u94fe\u8def\u76d1\u63a7\u3002
"},{"location":"admin/insight/quickstart/otel/golang/golang.html#otel-sdk-go_1","title":"\u4f7f\u7528 OTel SDK \u589e\u5f3a Go \u5e94\u7528","text":""},{"location":"admin/insight/quickstart/otel/golang/golang.html#_1","title":"\u5b89\u88c5\u76f8\u5173\u4f9d\u8d56","text":"\u5fc5\u987b\u5148\u5b89\u88c5\u4e0e OpenTelemetry exporter \u548c SDK \u76f8\u5173\u7684\u4f9d\u8d56\u9879\u3002\u5982\u679c\u60a8\u6b63\u5728\u4f7f\u7528\u5176\u4ed6\u8bf7\u6c42\u8def\u7531\u5668\uff0c\u8bf7\u53c2\u8003\u8bf7\u6c42\u8def\u7531\u3002 \u5207\u6362/\u8fdb\u5165\u5230\u5e94\u7528\u7a0b\u5e8f\u6e90\u6587\u4ef6\u5939\u540e\u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a
go get go.opentelemetry.io/otel@v1.19.0 \\\n go.opentelemetry.io/otel/trace@v1.19.0 \\\n go.opentelemetry.io/otel/sdk@v1.19.0 \\\n go.opentelemetry.io/contrib/instrumentation/github.com/gin-gonic/gin/otelgin@v0.46.1 \\\n go.opentelemetry.io/otel/exporters/otlp/otlptrace@v1.19.0 \\\n go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@v1.19.0\n
"},{"location":"admin/insight/quickstart/otel/golang/golang.html#otel-sdk","title":"\u4f7f\u7528 OTel SDK \u521b\u5efa\u521d\u59cb\u5316\u51fd\u6570","text":"\u4e3a\u4e86\u8ba9\u5e94\u7528\u7a0b\u5e8f\u80fd\u591f\u53d1\u9001\u6570\u636e\uff0c\u9700\u8981\u4e00\u4e2a\u51fd\u6570\u6765\u521d\u59cb\u5316 OpenTelemetry\u3002\u5728 main.go \u6587\u4ef6\u4e2d\u6dfb\u52a0\u4ee5\u4e0b\u4ee3\u7801\u7247\u6bb5:
import (\n \"context\"\n \"os\"\n \"time\"\n\n \"go.opentelemetry.io/otel\"\n \"go.opentelemetry.io/otel/exporters/otlp/otlptrace\"\n \"go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc\"\n \"go.opentelemetry.io/otel/propagation\"\n \"go.opentelemetry.io/otel/sdk/resource\"\n sdktrace \"go.opentelemetry.io/otel/sdk/trace\"\n semconv \"go.opentelemetry.io/otel/semconv/v1.7.0\"\n \"go.uber.org/zap\"\n \"google.golang.org/grpc\"\n)\n\nvar tracerExp *otlptrace.Exporter\n\nfunc retryInitTracer() func() {\n var shutdown func()\n go func() {\n for {\n // otel will reconnected and re-send spans when otel col recover. so, we don't need to re-init tracer exporter.\n if tracerExp == nil {\n shutdown = initTracer()\n } else {\n break\n }\n time.Sleep(time.Minute * 5)\n }\n }()\n return shutdown\n}\n\nfunc initTracer() func() {\n // temporarily set timeout to 10s\n ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)\n defer cancel()\n\n serviceName, ok := os.LookupEnv(\"OTEL_SERVICE_NAME\")\n if !ok {\n serviceName = \"server_name\"\n os.Setenv(\"OTEL_SERVICE_NAME\", serviceName)\n }\n otelAgentAddr, ok := os.LookupEnv(\"OTEL_EXPORTER_OTLP_ENDPOINT\")\n if !ok {\n otelAgentAddr = \"http://localhost:4317\"\n os.Setenv(\"OTEL_EXPORTER_OTLP_ENDPOINT\", otelAgentAddr)\n }\n zap.S().Infof(\"OTLP Trace connect to: %s with service name: %s\", otelAgentAddr, serviceName)\n\n traceExporter, err := otlptracegrpc.New(ctx, otlptracegrpc.WithInsecure(), otlptracegrpc.WithDialOption(grpc.WithBlock()))\n if err != nil {\n handleErr(err, \"OTLP Trace gRPC Creation\")\n return nil\n }\n\n tracerProvider := sdktrace.NewTracerProvider(\n sdktrace.WithBatcher(traceExporter),\n sdktrace.WithSampler(sdktrace.AlwaysSample()),\n sdktrace.WithResource(resource.NewWithAttributes(semconv.SchemaURL)))\n\n otel.SetTracerProvider(tracerProvider)\n otel.SetTextMapPropagator(propagation.NewCompositeTextMapPropagator(propagation.TraceContext{}, propagation.Baggage{}))\n\n tracerExp = traceExporter\n return func() {\n // Shutdown will flush any remaining spans and shut down the exporter.\n handleErr(tracerProvider.Shutdown(ctx), \"failed to shutdown TracerProvider\")\n }\n}\n\nfunc handleErr(err error, message string) {\n if err != nil {\n zap.S().Errorf(\"%s: %v\", message, err)\n }\n}\n
"},{"location":"admin/insight/quickstart/otel/golang/golang.html#maingo","title":"\u5728 main.go \u4e2d\u521d\u59cb\u5316\u8ddf\u8e2a\u5668","text":"\u4fee\u6539 main \u51fd\u6570\u4ee5\u5728 main.go \u4e2d\u521d\u59cb\u5316\u8ddf\u8e2a\u5668\u3002\u53e6\u5916\u5f53\u60a8\u7684\u670d\u52a1\u5173\u95ed\u65f6\uff0c\u5e94\u8be5\u8c03\u7528 TracerProvider.Shutdown() \u786e\u4fdd\u5bfc\u51fa\u6240\u6709 Span\u3002\u8be5\u670d\u52a1\u5c06\u8be5\u8c03\u7528\u4f5c\u4e3a\u4e3b\u51fd\u6570\u4e2d\u7684\u5ef6\u8fdf\u51fd\u6570\uff1a
func main() {\n // start otel tracing\n if shutdown := retryInitTracer(); shutdown != nil {\n defer shutdown()\n }\n ......\n}\n
"},{"location":"admin/insight/quickstart/otel/golang/golang.html#otel-gin","title":"\u4e3a\u5e94\u7528\u6dfb\u52a0 OTel Gin \u4e2d\u95f4\u4ef6","text":"\u901a\u8fc7\u5728 main.go \u4e2d\u6dfb\u52a0\u4ee5\u4e0b\u884c\u6765\u914d\u7f6e Gin \u4ee5\u4f7f\u7528\u4e2d\u95f4\u4ef6:
import (\n ....\n \"go.opentelemetry.io/contrib/instrumentation/github.com/gin-gonic/gin/otelgin\"\n)\n\nfunc main() {\n ......\n r := gin.Default()\n r.Use(otelgin.Middleware(\"my-app\"))\n ......\n}\n
"},{"location":"admin/insight/quickstart/otel/golang/golang.html#_2","title":"\u8fd0\u884c\u5e94\u7528\u7a0b\u5e8f","text":"\u672c\u5730\u8c03\u8bd5\u8fd0\u884c
\u6ce8\u610f: \u6b64\u6b65\u9aa4\u4ec5\u7528\u4e8e\u672c\u5730\u5f00\u53d1\u8c03\u8bd5\uff0c\u751f\u4ea7\u73af\u5883\u4e2d Operator \u4f1a\u81ea\u52a8\u5b8c\u6210\u4ee5\u4e0b\u73af\u5883\u53d8\u91cf\u7684\u6ce8\u5165\u3002
\u4ee5\u4e0a\u6b65\u9aa4\u5df2\u7ecf\u5b8c\u6210\u4e86\u521d\u59cb\u5316 SDK \u7684\u5de5\u4f5c\uff0c\u73b0\u5728\u5982\u679c\u9700\u8981\u5728\u672c\u5730\u5f00\u53d1\u8fdb\u884c\u8c03\u8bd5\uff0c\u9700\u8981\u63d0\u524d\u83b7\u53d6\u5230 insight-system \u547d\u540d\u7a7a\u95f4\u4e0b insight-agent-opentelemerty-collector \u7684\u5730\u5740\uff0c\u5047\u8bbe\u4e3a\uff1a insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317 \u3002
\u56e0\u6b64\uff0c\u53ef\u4ee5\u5728\u4f60\u672c\u5730\u542f\u52a8\u5e94\u7528\u7a0b\u5e8f\u7684\u65f6\u5019\u6dfb\u52a0\u5982\u4e0b\u73af\u5883\u53d8\u91cf\uff1a
OTEL_SERVICE_NAME=my-golang-app OTEL_EXPORTER_OTLP_ENDPOINT=http://insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317 go run main.go...\n
\u751f\u4ea7\u73af\u5883\u8fd0\u884c
\u8bf7\u53c2\u8003\u901a\u8fc7 Operator \u5b9e\u73b0\u5e94\u7528\u7a0b\u5e8f\u65e0\u4fb5\u5165\u589e\u5f3a \u4e2d \u53ea\u6ce8\u5165\u73af\u5883\u53d8\u91cf\u6ce8\u89e3 \u76f8\u5173\u4ecb\u7ecd\uff0c\u4e3a deployment yaml \u6dfb\u52a0\u6ce8\u89e3\uff1a
instrumentation.opentelemetry.io/inject-sdk: \"insight-system/insight-opentelemetry-autoinstrumentation\"\n
\u5982\u679c\u65e0\u6cd5\u4f7f\u7528\u6ce8\u89e3\u7684\u65b9\u5f0f\uff0c\u60a8\u53ef\u4ee5\u624b\u52a8\u5728 deployment yaml \u6dfb\u52a0\u5982\u4e0b\u73af\u5883\u53d8\u91cf\uff1a
\u00b7\u00b7\u00b7\u00b7\u00b7\u00b7\nenv:\n - name: OTEL_EXPORTER_OTLP_ENDPOINT\n value: 'http://insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317'\n - name: OTEL_SERVICE_NAME\n value: \"your depolyment name\" # (1)!\n - name: OTEL_K8S_NAMESPACE\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n - name: OTEL_RESOURCE_ATTRIBUTES_NODE_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: spec.nodeName\n - name: OTEL_RESOURCE_ATTRIBUTES_POD_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.name\n - name: OTEL_RESOURCE_ATTRIBUTES\n value: 'k8s.namespace.name=$(OTEL_K8S_NAMESPACE),k8s.node.name=$(OTEL_RESOURCE_ATTRIBUTES_NODE_NAME),k8s.pod.name=$(OTEL_RESOURCE_ATTRIBUTES_POD_NAME)'\n\u00b7\u00b7\u00b7\u00b7\u00b7\u00b7\n
# Add one line to your import() stanza depending upon your request router:\nmiddleware \"go.opentelemetry.io/contrib/instrumentation/github.com/gin-gonic/gin/otelgin\"\n
\u7136\u540e\u6ce8\u5165 OpenTelemetry \u4e2d\u95f4\u4ef6\uff1a
router.Use(middleware.Middleware(\"my-app\"))\n
"},{"location":"admin/insight/quickstart/otel/golang/golang.html#opentelemetry-gorillamux","title":"OpenTelemetry gorillamux \u589e\u5f3a","text":"# Add one line to your import() stanza depending upon your request router:\nmiddleware \"go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux\"\n
\u7136\u540e\u6ce8\u5165 OpenTelemetry \u4e2d\u95f4\u4ef6\uff1a
router.Use(middleware.Middleware(\"my-app\"))\n
"},{"location":"admin/insight/quickstart/otel/golang/golang.html#grpc","title":"gRPC \u589e\u5f3a","text":"\u540c\u6837\uff0cOpenTelemetry \u4e5f\u53ef\u4ee5\u5e2e\u52a9\u60a8\u81ea\u52a8\u68c0\u6d4b gRPC \u8bf7\u6c42\u3002\u8981\u68c0\u6d4b\u60a8\u62e5\u6709\u7684\u4efb\u4f55 gRPC \u670d\u52a1\u5668\uff0c\u8bf7\u5c06\u62e6\u622a\u5668\u6dfb\u52a0\u5230\u670d\u52a1\u5668\u7684\u5b9e\u4f8b\u5316\u4e2d\u3002
import (\n grpcotel \"go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc\"\n)\nfunc main() {\n [...]\n\n s := grpc.NewServer(\n grpc.UnaryInterceptor(grpcotel.UnaryServerInterceptor()),\n grpc.StreamInterceptor(grpcotel.StreamServerInterceptor()),\n )\n}\n
\u9700\u8981\u6ce8\u610f\u7684\u662f\uff0c\u5982\u679c\u4f60\u7684\u7a0b\u5e8f\u91cc\u9762\u4f7f\u7528\u5230\u4e86 Grpc Client \u8c03\u7528\u7b2c\u4e09\u65b9\u670d\u52a1\uff0c\u4f60\u8fd8\u9700\u8981\u5bf9 Grpc Client \u6dfb\u52a0\u62e6\u622a\u5668\uff1a
[...]\n\n conn, err := grpc.Dial(addr, grpc.WithTransportCredentials(insecure.NewCredentials()),\n grpc.WithUnaryInterceptor(otelgrpc.UnaryClientInterceptor()),\n grpc.WithStreamInterceptor(otelgrpc.StreamClientInterceptor()),\n )\n
"},{"location":"admin/insight/quickstart/otel/golang/golang.html#_4","title":"\u5982\u679c\u4e0d\u4f7f\u7528\u8bf7\u6c42\u8def\u7531","text":"import (\n \"go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp\"\n)\n
\u5728\u5c06 http.Handler \u4f20\u9012\u7ed9 ServeMux \u7684\u6bcf\u4e2a\u5730\u65b9\uff0c\u60a8\u90fd\u5c06\u5305\u88c5\u5904\u7406\u7a0b\u5e8f\u51fd\u6570\u3002\u4f8b\u5982\uff0c\u5c06\u8fdb\u884c\u4ee5\u4e0b\u66ff\u6362\uff1a
- mux.Handle(\"/path\", h)\n+ mux.Handle(\"/path\", otelhttp.NewHandler(h, \"description of path\"))\n---\n- mux.Handle(\"/path\", http.HandlerFunc(f))\n+ mux.Handle(\"/path\", otelhttp.NewHandler(http.HandlerFunc(f), \"description of path\"))\n
\u901a\u8fc7\u8fd9\u79cd\u65b9\u5f0f\uff0c\u60a8\u53ef\u4ee5\u786e\u4fdd\u4f7f\u7528 othttp \u5305\u88c5\u7684\u6bcf\u4e2a\u51fd\u6570\u90fd\u4f1a\u81ea\u52a8\u6536\u96c6\u5176\u5143\u6570\u636e\u5e76\u542f\u52a8\u76f8\u5e94\u7684\u8ddf\u8e2a\u3002
"},{"location":"admin/insight/quickstart/otel/golang/golang.html#_5","title":"\u6570\u636e\u5e93\u8bbf\u95ee\u589e\u5f3a","text":""},{"location":"admin/insight/quickstart/otel/golang/golang.html#golang-gorm","title":"Golang Gorm","text":"OpenTelemetry \u793e\u533a\u4e5f\u5f00\u53d1\u4e86\u6570\u636e\u5e93\u8bbf\u95ee\u5e93\u7684\u4e2d\u95f4\u4ef6\uff0c\u6bd4\u5982 Gorm:
import (\n \"github.com/uptrace/opentelemetry-go-extra/otelgorm\"\n \"gorm.io/driver/sqlite\"\n \"gorm.io/gorm\"\n)\n\ndb, err := gorm.Open(sqlite.Open(\"file::memory:?cache=shared\"), &gorm.Config{})\nif err != nil {\n panic(err)\n}\n\notelPlugin := otelgorm.NewPlugin(otelgorm.WithDBName(\"mydb\"), # \u7f3a\u5931\u4f1a\u5bfc\u81f4\u6570\u636e\u5e93\u76f8\u5173\u62d3\u6251\u5c55\u793a\u4e0d\u5b8c\u6574\n otelgorm.WithAttributes(semconv.ServerAddress(\"memory\"))) # \u7f3a\u5931\u4f1a\u5bfc\u81f4\u6570\u636e\u5e93\u76f8\u5173\u62d3\u6251\u5c55\u793a\u4e0d\u5b8c\u6574\nif err := db.Use(otelPlugin); err != nil {\n panic(err)\n}\n
"},{"location":"admin/insight/quickstart/otel/golang/golang.html#span","title":"\u81ea\u5b9a\u4e49 Span","text":"\u5f88\u591a\u65f6\u5019\uff0cOpenTelemetry \u63d0\u4f9b\u7684\u4e2d\u95f4\u4ef6\u4e0d\u80fd\u5e2e\u52a9\u6211\u4eec\u8bb0\u5f55\u66f4\u591a\u5185\u90e8\u8c03\u7528\u7684\u51fd\u6570\uff0c\u9700\u8981\u6211\u4eec\u81ea\u5b9a\u4e49 Span \u6765\u8bb0\u5f55
\u00b7\u00b7\u00b7\u00b7\u00b7\u00b7\n _, span := otel.Tracer(\"GetServiceDetail\").Start(ctx,\n \"spanMetricDao.GetServiceDetail\",\n trace.WithSpanKind(trace.SpanKindInternal))\n defer span.End()\n \u00b7\u00b7\u00b7\u00b7\u00b7\u00b7\n
"},{"location":"admin/insight/quickstart/otel/golang/golang.html#span_1","title":"\u5411 span \u6dfb\u52a0\u81ea\u5b9a\u4e49\u5c5e\u6027\u548c\u4e8b\u4ef6","text":"\u4e5f\u53ef\u4ee5\u5c06\u81ea\u5b9a\u4e49\u5c5e\u6027\u6216\u6807\u7b7e\u8bbe\u7f6e\u4e3a Span\u3002\u8981\u6dfb\u52a0\u81ea\u5b9a\u4e49\u5c5e\u6027\u548c\u4e8b\u4ef6\uff0c\u8bf7\u6309\u7167\u4ee5\u4e0b\u6b65\u9aa4\u64cd\u4f5c\uff1a
"},{"location":"admin/insight/quickstart/otel/golang/golang.html#_6","title":"\u5bfc\u5165\u8ddf\u8e2a\u548c\u5c5e\u6027\u5e93","text":"import (\n ...\n \"go.opentelemetry.io/otel/attribute\"\n \"go.opentelemetry.io/otel/trace\"\n)\n
"},{"location":"admin/insight/quickstart/otel/golang/golang.html#span_2","title":"\u4ece\u4e0a\u4e0b\u6587\u4e2d\u83b7\u53d6\u5f53\u524d Span","text":"span := trace.SpanFromContext(c.Request.Context())\n
"},{"location":"admin/insight/quickstart/otel/golang/golang.html#span_3","title":"\u5728\u5f53\u524d Span \u4e2d\u8bbe\u7f6e\u5c5e\u6027","text":"span.SetAttributes(attribute.String(\"controller\", \"books\"))\n
"},{"location":"admin/insight/quickstart/otel/golang/golang.html#span-event","title":"\u4e3a\u5f53\u524d Span \u6dfb\u52a0 Event","text":"\u6dfb\u52a0 span \u4e8b\u4ef6\u662f\u4f7f\u7528 span \u5bf9\u8c61\u4e0a\u7684 AddEvent \u5b8c\u6210\u7684\u3002
span.AddEvent(msg)\n
"},{"location":"admin/insight/quickstart/otel/golang/golang.html#_7","title":"\u8bb0\u5f55\u9519\u8bef\u548c\u5f02\u5e38","text":"import \"go.opentelemetry.io/otel/codes\"\n\n// \u83b7\u53d6\u5f53\u524d span\nspan := trace.SpanFromContext(ctx)\n\n// RecordError \u4f1a\u81ea\u52a8\u5c06\u4e00\u4e2a\u9519\u8bef\u8f6c\u6362\u6210 span even\nspan.RecordError(err)\n\n// \u6807\u8bb0\u8fd9\u4e2a span \u9519\u8bef\nspan.SetStatus(codes.Error, \"internal error\")\n
"},{"location":"admin/insight/quickstart/otel/golang/golang.html#_8","title":"\u53c2\u8003","text":"\u6709\u5173 Demo \u6f14\u793a\u8bf7\u53c2\u8003\uff1a - opentelemetry-demo/productcatalogservice - opentelemetry-collector-contrib/demo
"},{"location":"admin/insight/quickstart/otel/golang/meter.html","title":"\u4f7f\u7528 OTel SDK \u4e3a\u5e94\u7528\u7a0b\u5e8f\u66b4\u9732\u6307\u6807","text":"\u672c\u6587\u4ec5\u4f9b\u5e0c\u671b\u8bc4\u4f30\u6216\u63a2\u7d22\u6b63\u5728\u5f00\u53d1\u7684 OTLP \u6307\u6807\u7684\u7528\u6237\u53c2\u8003\u3002
OpenTelemetry \u9879\u76ee\u8981\u6c42\u4ee5\u5fc5\u987b\u5728 OpenTelemetry \u534f\u8bae (OTLP) \u4e2d\u53d1\u51fa\u6570\u636e\u7684\u8bed\u8a00\u63d0\u4f9b API \u548c SDK\u3002
"},{"location":"admin/insight/quickstart/otel/golang/meter.html#golang","title":"\u9488\u5bf9 Golang \u5e94\u7528\u7a0b\u5e8f","text":"Golang \u53ef\u4ee5\u901a\u8fc7 sdk \u66b4\u9732 runtime \u6307\u6807\uff0c\u5177\u4f53\u6765\u8bf4\uff0c\u5728\u5e94\u7528\u4e2d\u6dfb\u52a0\u4ee5\u4e0b\u65b9\u6cd5\u5f00\u542f metrics \u66b4\u9732\u5668\uff1a
"},{"location":"admin/insight/quickstart/otel/golang/meter.html#_1","title":"\u5b89\u88c5\u76f8\u5173\u4f9d\u8d56","text":"\u5207\u6362/\u8fdb\u5165\u5230\u5e94\u7528\u7a0b\u5e8f\u6e90\u6587\u4ef6\u5939\u540e\u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a
go get go.opentelemetry.io/otel \\\n go.opentelemetry.io/otel/attribute \\\n go.opentelemetry.io/otel/exporters/prometheus \\\n go.opentelemetry.io/otel/metric/global \\\n go.opentelemetry.io/otel/metric/instrument \\\n go.opentelemetry.io/otel/sdk/metric\n
"},{"location":"admin/insight/quickstart/otel/golang/meter.html#otel-sdk_1","title":"\u4f7f\u7528 OTel SDK \u521b\u5efa\u521d\u59cb\u5316\u51fd\u6570","text":"import (\n .....\n\n \"go.opentelemetry.io/otel/attribute\"\n otelPrometheus \"go.opentelemetry.io/otel/exporters/prometheus\"\n \"go.opentelemetry.io/otel/metric/global\"\n \"go.opentelemetry.io/otel/metric/instrument\"\n \"go.opentelemetry.io/otel/sdk/metric/aggregator/histogram\"\n controller \"go.opentelemetry.io/otel/sdk/metric/controller/basic\"\n \"go.opentelemetry.io/otel/sdk/metric/export/aggregation\"\n processor \"go.opentelemetry.io/otel/sdk/metric/processor/basic\"\n selector \"go.opentelemetry.io/otel/sdk/metric/selector/simple\"\n)\nfunc (s *insightServer) initMeter() *otelPrometheus.Exporter {\n s.meter = global.Meter(\"xxx\")\n\n config := otelPrometheus.Config{\n DefaultHistogramBoundaries: []float64{1, 2, 5, 10, 20, 50},\n Gatherer: prometheus.DefaultGatherer,\n Registry: prometheus.NewRegistry(),\n Registerer: prometheus.DefaultRegisterer,\n }\n\n c := controller.New(\n processor.NewFactory(\n selector.NewWithHistogramDistribution(\n histogram.WithExplicitBoundaries(config.DefaultHistogramBoundaries),\n ),\n aggregation.CumulativeTemporalitySelector(),\n processor.WithMemory(true),\n ),\n )\n\n exporter, err := otelPrometheus.New(config, c)\n if err != nil {\n zap.S().Panicf(\"failed to initialize prometheus exporter %v\", err)\n }\n\n global.SetMeterProvider(exporter.MeterProvider())\n\n http.HandleFunc(\"/metrics\", exporter.ServeHTTP)\n\n go func() {\n _ = http.ListenAndServe(fmt.Sprintf(\":%d\", 8888), nil)\n }()\n\n zap.S().Info(\"Prometheus server running on \", fmt.Sprintf(\":%d\", port))\n return exporter\n}\n
\u4ee5\u4e0a\u65b9\u6cd5\u4f1a\u4e3a\u60a8\u7684\u5e94\u7528\u66b4\u9732\u4e00\u4e2a\u6307\u6807\u63a5\u53e3: http://localhost:8888/metrics
\u968f\u540e\uff0c\u5728 main.go \u4e2d\u5bf9\u5176\u8fdb\u884c\u521d\u59cb\u5316\uff1a
func main() {\n\u00b7\u00b7\u00b7\u00b7\u00b7\u00b7\n tp := initMeter()\n\u00b7\u00b7\u00b7\u00b7\u00b7\u00b7\n}\n
\u6b64\u5916\uff0c\u5982\u679c\u60f3\u6dfb\u52a0\u81ea\u5b9a\u4e49\u6307\u6807\uff0c\u53ef\u4ee5\u53c2\u8003\uff1a
// exposeClusterMetric expose metric like \"insight_logging_count{} 1\"\nfunc (s *insightServer) exposeLoggingMetric(lserver *log.LogService) {\n s.meter = global.Meter(\"insight.io/basic\")\n\n var lock sync.Mutex\n logCounter, err := s.meter.AsyncFloat64().Counter(\"insight_log_total\")\n if err != nil {\n zap.S().Panicf(\"failed to initialize instrument: %v\", err)\n }\n\n _ = s.meter.RegisterCallback([]instrument.Asynchronous{logCounter}, func(ctx context.Context) {\n lock.Lock()\n defer lock.Unlock()\n count, err := lserver.Count(ctx)\n if err == nil || count != -1 {\n logCounter.Observe(ctx, float64(count))\n }\n })\n}\n
\u968f\u540e\uff0c\u5728 main.go \u8c03\u7528\u8be5\u65b9\u6cd5\uff1a
\u00b7\u00b7\u00b7\u00b7\u00b7\u00b7\ns.exposeLoggingMetric(lservice)\n\u00b7\u00b7\u00b7\u00b7\u00b7\u00b7\n
\u60a8\u53ef\u4ee5\u901a\u8fc7\u8bbf\u95ee http://localhost:8888/metrics \u6765\u68c0\u67e5\u60a8\u7684\u6307\u6807\u662f\u5426\u6b63\u5e38\u5de5\u4f5c\u3002
"},{"location":"admin/insight/quickstart/otel/golang/meter.html#java","title":"\u9488\u5bf9 Java \u5e94\u7528\u7a0b\u5e8f","text":"Java \u5728\u4f7f\u7528 otel agent \u5728\u5b8c\u6210\u94fe\u8def\u7684\u81ea\u52a8\u63a5\u5165\u7684\u57fa\u7840\u4e0a\uff0c\u901a\u8fc7\u6dfb\u52a0\u73af\u5883\u53d8\u91cf\uff1a
OTEL_METRICS_EXPORTER=prometheus\n
\u5c31\u53ef\u4ee5\u76f4\u63a5\u66b4\u9732 JVM \u76f8\u5173\u6307\u6807\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7\u8bbf\u95ee http://localhost:8888/metrics \u6765\u68c0\u67e5\u60a8\u7684\u6307\u6807\u662f\u5426\u6b63\u5e38\u5de5\u4f5c\u3002
\u968f\u540e\uff0c\u518d\u914d\u5408 prometheus serviceMonitor \u5373\u53ef\u5b8c\u6210\u6307\u6807\u7684\u63a5\u5165\u3002 \u5982\u679c\u60f3\u66b4\u9732\u81ea\u5b9a\u4e49\u6307\u6807\u8bf7\u53c2\u9605 opentelemetry-java-docs/prometheus\u3002
\u4e3b\u8981\u5206\u4ee5\u4e0b\u4e24\u6b65\uff1a
\u521b\u5efa meter provider\uff0c\u5e76\u6307\u5b9a prometheus \u4f5c\u4e3a exporter\u3002
/*\n* Copyright The OpenTelemetry Authors\n* SPDX-License-Identifier: Apache-2.0\n*/\n\npackage io.opentelemetry.example.prometheus;\n\nimport io.opentelemetry.api.metrics.MeterProvider;\nimport io.opentelemetry.exporter.prometheus.PrometheusHttpServer;\nimport io.opentelemetry.sdk.metrics.SdkMeterProvider;\nimport io.opentelemetry.sdk.metrics.export.MetricReader;\n\npublic final class ExampleConfiguration {\n\n /**\n * Initializes the Meter SDK and configures the prometheus collector with all default settings.\n *\n * @param prometheusPort the port to open up for scraping.\n * @return A MeterProvider for use in instrumentation.\n */\n static MeterProvider initializeOpenTelemetry(int prometheusPort) {\n MetricReader prometheusReader = PrometheusHttpServer.builder().setPort(prometheusPort).build();\n\n return SdkMeterProvider.builder().registerMetricReader(prometheusReader).build();\n }\n}\n
\u81ea\u5b9a\u4e49 meter \u5e76\u5f00\u542f http server
package io.opentelemetry.example.prometheus;\n\nimport io.opentelemetry.api.common.Attributes;\nimport io.opentelemetry.api.metrics.Meter;\nimport io.opentelemetry.api.metrics.MeterProvider;\nimport java.util.concurrent.ThreadLocalRandom;\n\n/**\n* Example of using the PrometheusHttpServer to convert OTel metrics to Prometheus format and expose\n* these to a Prometheus instance via a HttpServer exporter.\n*\n* <p>A Gauge is used to periodically measure how many incoming messages are awaiting processing.\n* The Gauge callback gets executed every collection interval.\n*/\npublic final class PrometheusExample {\n private long incomingMessageCount;\n\n public PrometheusExample(MeterProvider meterProvider) {\n Meter meter = meterProvider.get(\"PrometheusExample\");\n meter\n .gaugeBuilder(\"incoming.messages\")\n .setDescription(\"No of incoming messages awaiting processing\")\n .setUnit(\"message\")\n .buildWithCallback(result -> result.record(incomingMessageCount, Attributes.empty()));\n }\n\n void simulate() {\n for (int i = 500; i > 0; i--) {\n try {\n System.out.println(\n i + \" Iterations to go, current incomingMessageCount is: \" + incomingMessageCount);\n incomingMessageCount = ThreadLocalRandom.current().nextLong(100);\n Thread.sleep(1000);\n } catch (InterruptedException e) {\n // ignored here\n }\n }\n }\n\n public static void main(String[] args) {\n int prometheusPort = 8888;\n\n // it is important to initialize the OpenTelemetry SDK as early as possible in your process.\n MeterProvider meterProvider = ExampleConfiguration.initializeOpenTelemetry(prometheusPort);\n\n PrometheusExample prometheusExample = new PrometheusExample(meterProvider);\n\n prometheusExample.simulate();\n\n System.out.println(\"Exiting\");\n }\n}\n
\u968f\u540e\uff0c\u5f85 java \u5e94\u7528\u7a0b\u5e8f\u8fd0\u884c\u4e4b\u540e\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7\u8bbf\u95ee http://localhost:8888/metrics \u6765\u68c0\u67e5\u60a8\u7684\u6307\u6807\u662f\u5426\u6b63\u5e38\u5de5\u4f5c\u3002
"},{"location":"admin/insight/quickstart/otel/golang/meter.html#insight","title":"Insight \u91c7\u96c6\u6307\u6807","text":"\u6700\u540e\u91cd\u8981\u7684\u662f\uff0c\u60a8\u5df2\u7ecf\u5728\u5e94\u7528\u7a0b\u5e8f\u4e2d\u66b4\u9732\u51fa\u4e86\u6307\u6807\uff0c\u73b0\u5728\u9700\u8981 Insight \u6765\u91c7\u96c6\u6307\u6807\u3002
\u63a8\u8350\u7684\u6307\u6807\u66b4\u9732\u65b9\u5f0f\u662f\u901a\u8fc7 servicemonitor \u6216\u8005 podmonitor\u3002
"},{"location":"admin/insight/quickstart/otel/golang/meter.html#servicemonitorpodmonitor","title":"\u521b\u5efa servicemonitor/podmonitor","text":"\u6dfb\u52a0\u7684 servicemonitor/podmonitor \u9700\u8981\u6253\u4e0a label\uff1a\"operator.insight.io/managed-by\": \"insight\" \u624d\u4f1a\u88ab Operator \u8bc6\u522b\uff1a
apiVersion: monitoring.coreos.com/v1\nkind: ServiceMonitor\nmetadata:\n name: example-app\n labels:\n operator.insight.io/managed-by: insight\nspec:\n selector:\n matchLabels:\n app: example-app\n endpoints:\n - port: web\n namespaceSelector:\n any: true\n
"},{"location":"admin/insight/quickstart/otel/java/index.html","title":"\u5f00\u59cb\u76d1\u63a7 Java \u5e94\u7528","text":"Java \u5e94\u7528\u94fe\u8def\u63a5\u5165\u4e0e\u76d1\u63a7\u8bf7\u53c2\u8003 \u901a\u8fc7 Operator \u5b9e\u73b0\u5e94\u7528\u7a0b\u5e8f\u65e0\u4fb5\u5165\u589e\u5f3a \u6587\u6863\uff0c\u901a\u8fc7\u6ce8\u89e3\u5b9e\u73b0\u81ea\u52a8\u63a5\u5165\u94fe\u8def\u3002
Java \u5e94\u7528\u7684 JVM \u8fdb\u884c\u76d1\u63a7\uff1a\u5df2\u7ecf\u66b4\u9732 JVM \u6307\u6807\u548c\u4ecd\u672a\u66b4\u9732 JVM \u6307\u6807\u7684 Java \u5e94\u7528\u5982\u4f55\u4e0e\u53ef\u89c2\u6d4b\u6027 Insight \u5bf9\u63a5\u3002
\u5982\u679c\u60a8\u7684 Java \u5e94\u7528\u672a\u5f00\u59cb\u66b4\u9732 JVM \u6307\u6807\uff0c\u60a8\u53ef\u4ee5\u53c2\u8003\u5982\u4e0b\u6587\u6863\uff1a
\u5982\u679c\u60a8\u7684 Java \u5e94\u7528\u5df2\u7ecf\u66b4\u9732 JVM \u6307\u6807\uff0c\u60a8\u53ef\u4ee5\u53c2\u8003\u5982\u4e0b\u6587\u6863\uff1a
\u5c06 TraceId \u548c SpanId \u5199\u5165 Java \u5e94\u7528\u65e5\u5fd7, \u5b9e\u73b0\u94fe\u8def\u6570\u636e\u4e0e\u65e5\u5fd7\u6570\u636e\u5173\u8054
\u672c\u6587\u4ecb\u7ecd\u5982\u4f55\u4f7f\u7528 OpenTelemetry \u5c06 TraceId \u548c SpanId \u81ea\u52a8\u5199\u5165 Java \u5e94\u7528\u65e5\u5fd7\u3002 TraceId \u4e0e SpanId \u5199\u5165\u65e5\u5fd7\u540e\uff0c\u60a8\u53ef\u4ee5\u5c06\u5206\u5e03\u5f0f\u94fe\u8def\u6570\u636e\u4e0e\u65e5\u5fd7\u6570\u636e\u5173\u8054\u8d77\u6765\uff0c\u5b9e\u73b0\u66f4\u9ad8\u6548\u7684\u6545\u969c\u8bca\u65ad\u548c\u6027\u80fd\u5206\u6790\u3002
"},{"location":"admin/insight/quickstart/otel/java/mdc.html#_1","title":"\u652f\u6301\u7684\u65e5\u5fd7\u5e93","text":"\u66f4\u591a\u4fe1\u606f\uff0c\u8bf7\u53c2\u89c1 Logger MDC auto-instrumentation\u3002
\u65e5\u5fd7\u6846\u67b6 \u652f\u6301\u81ea\u52a8\u57cb\u70b9\u7684\u7248\u672c \u624b\u52a8\u57cb\u70b9\u9700\u8981\u5f15\u5165\u7684\u4f9d\u8d56 Log4j 1 1.2+ \u65e0 Log4j 2 2.7+ opentelemetry-log4j-context-data-2.17-autoconfigure Logback 1.0+ opentelemetry-logback-mdc-1.0"},{"location":"admin/insight/quickstart/otel/java/mdc.html#logbackspringboot","title":"\u4f7f\u7528 Logback\uff08SpringBoot \u9879\u76ee\uff09","text":"Spring Boot \u9879\u76ee\u5185\u7f6e\u4e86\u65e5\u5fd7\u6846\u67b6\uff0c\u5e76\u4e14\u9ed8\u8ba4\u4f7f\u7528 Logback \u4f5c\u4e3a\u5176\u65e5\u5fd7\u5b9e\u73b0\u3002\u5982\u679c\u60a8\u7684 Java \u9879\u76ee\u4e3a SpringBoot \u9879\u76ee\uff0c\u53ea\u9700\u5c11\u91cf\u914d\u7f6e\u5373\u53ef\u5c06 TraceId \u5199\u5165\u65e5\u5fd7\u3002
\u5728 application.properties
\u4e2d\u8bbe\u7f6e logging.pattern.level
\uff0c\u6dfb\u52a0 %mdc{trace_id}
\u4e0e %mdc{span_id}
\u5230\u65e5\u5fd7\u4e2d\u3002
logging.pattern.level=trace_id=%mdc{trace_id} span_id=%mdc{span_id} %5p ....\u7701\u7565...\n
\u4ee5\u4e0b\u4e3a\u65e5\u5fd7\u793a\u4f8b\uff1a
2024-06-26 10:56:31.200 trace_id=8f7ebd8a73f9a8f50e6a00a87a20952a span_id=1b08f18b8858bb9a INFO 53724 --- [nio-8081-exec-1] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring DispatcherServlet 'dispatcherServlet'\n2024-06-26 10:56:31.201 trace_id=8f7ebd8a73f9a8f50e6a00a87a20952a span_id=1b08f18b8858bb9a INFO 53724 --- [nio-8081-exec-1] o.s.web.servlet.DispatcherServlet : Initializing Servlet 'dispatcherServlet'\n2024-06-26 10:56:31.209 trace_id=8f7ebd8a73f9a8f50e6a00a87a20952a span_id=1b08f18b8858bb9a INFO 53724 --- [nio-8081-exec-1] o.s.web.servlet.DispatcherServlet : Completed initialization in 8 ms\n2024-06-26 10:56:31.296 trace_id=8f7ebd8a73f9a8f50e6a00a87a20952a span_id=5743699405074f4e INFO 53724 --- [nio-8081-exec-1] com.example.httpserver.ot.OTServer : hello world\n
"},{"location":"admin/insight/quickstart/otel/java/mdc.html#log4j2","title":"\u4f7f\u7528 Log4j2","text":"\u5728 pom.xml
\u4e2d\u6dfb\u52a0 OpenTelemetry Log4j2
\u4f9d\u8d56:
Tip
\u8bf7\u5c06 OPENTELEMETRY_VERSION
\u66ff\u6362\u4e3a\u6700\u65b0\u7248\u672c
<dependencies>\n <dependency>\n <groupId>io.opentelemetry.instrumentation</groupId>\n <artifactId>opentelemetry-log4j-context-data-2.17-autoconfigure</artifactId>\n <version>OPENTELEMETRY_VERSION</version>\n <scope>runtime</scope>\n </dependency>\n</dependencies>\n
\u4fee\u6539 log4j2.xml
\u914d\u7f6e\uff0c\u5728 pattern
\u4e2d\u6dfb\u52a0 %X{trace_id}
\u4e0e %X{span_id}
\uff0c\u53ef\u4ee5\u5c06 TraceId
\u4e0e SpanId
\u81ea\u52a8\u5199\u5165\u65e5\u5fd7:
<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<Configuration>\n <Appenders>\n <Console name=\"Console\" target=\"SYSTEM_OUT\">\n <PatternLayout\n pattern=\"%d{HH:mm:ss.SSS} [%t] %-5level %logger{36} trace_id=%X{trace_id} span_id=%X{span_id} trace_flags=%X{trace_flags} - %msg%n\"/>\n </Console>\n </Appenders>\n <Loggers>\n <Root>\n <AppenderRef ref=\"Console\" level=\"All\"/>\n </Root>\n </Loggers>\n</Configuration>\n
\u4f7f\u7528 Logback \u5728 pom.xml
\u4e2d\u6dfb\u52a0 OpenTelemetry Logback
\u4f9d\u8d56\u3002
Tip
\u8bf7\u5c06 OPENTELEMETRY_VERSION
\u66ff\u6362\u4e3a\u6700\u65b0\u7248\u672c
<dependencies>\n <dependency>\n <groupId>io.opentelemetry.instrumentation</groupId>\n <artifactId>opentelemetry-logback-mdc-1.0</artifactId>\n <version>OPENTELEMETRY_VERSION</version>\n </dependency>\n</dependencies>\n
\u4fee\u6539 log4j2.xml
\u914d\u7f6e\uff0c\u5728 pattern
\u4e2d\u6dfb\u52a0 %X{trace_id}
\u4e0e %X{span_id}
\uff0c\u53ef\u4ee5\u5c06 TraceId
\u4e0e SpanId
\u81ea\u52a8\u5199\u5165\u65e5\u5fd7:
<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<configuration>\n <appender name=\"CONSOLE\" class=\"ch.qos.logback.core.ConsoleAppender\">\n <encoder>\n <pattern>%d{HH:mm:ss.SSS} trace_id=%X{trace_id} span_id=%X{span_id} trace_flags=%X{trace_flags} %msg%n</pattern>\n </encoder>\n </appender>\n\n <!-- Just wrap your logging appender, for example ConsoleAppender, with OpenTelemetryAppender -->\n <appender name=\"OTEL\" class=\"io.opentelemetry.instrumentation.logback.mdc.v1_0.OpenTelemetryAppender\">\n <appender-ref ref=\"CONSOLE\"/>\n </appender>\n\n <!-- Use the wrapped \"OTEL\" appender instead of the original \"CONSOLE\" one -->\n <root level=\"INFO\">\n <appender-ref ref=\"OTEL\"/>\n </root>\n\n</configuration>\n
JMX-Exporter \u63d0\u4f9b\u4e86\u4e24\u79cd\u7528\u6cd5:
Note
\u5b98\u65b9\u4e0d\u63a8\u8350\u4f7f\u7528\u7b2c\u4e00\u79cd\u65b9\u5f0f\uff0c\u4e00\u65b9\u9762\u914d\u7f6e\u590d\u6742\uff0c\u53e6\u4e00\u65b9\u9762\u56e0\u4e3a\u5b83\u9700\u8981\u4e00\u4e2a\u5355\u72ec\u7684\u8fdb\u7a0b\uff0c\u800c\u8fd9\u4e2a\u8fdb\u7a0b\u672c\u8eab\u7684\u76d1\u63a7\u53c8\u6210\u4e86\u65b0\u7684\u95ee\u9898\uff0c \u6240\u4ee5\u672c\u6587\u91cd\u70b9\u56f4\u7ed5\u7b2c\u4e8c\u79cd\u7528\u6cd5\u8bb2\u5982\u4f55\u5728 Kubernetes \u73af\u5883\u4e0b\u4f7f\u7528 JMX Exporter \u66b4\u9732 JVM \u76d1\u63a7\u6307\u6807\u3002
\u8fd9\u91cc\u4f7f\u7528\u7b2c\u4e8c\u79cd\u7528\u6cd5\uff0c\u542f\u52a8 JVM \u65f6\u9700\u8981\u6307\u5b9a JMX Exporter \u7684 jar \u5305\u6587\u4ef6\u548c\u914d\u7f6e\u6587\u4ef6\u3002 jar \u5305\u662f\u4e8c\u8fdb\u5236\u6587\u4ef6\uff0c\u4e0d\u597d\u901a\u8fc7 configmap \u6302\u8f7d\uff0c\u914d\u7f6e\u6587\u4ef6\u6211\u4eec\u51e0\u4e4e\u4e0d\u9700\u8981\u4fee\u6539\uff0c \u6240\u4ee5\u5efa\u8bae\u662f\u76f4\u63a5\u5c06 JMX Exporter \u7684 jar \u5305\u548c\u914d\u7f6e\u6587\u4ef6\u90fd\u6253\u5305\u5230\u4e1a\u52a1\u5bb9\u5668\u955c\u50cf\u4e2d\u3002
\u5176\u4e2d\uff0c\u7b2c\u4e8c\u79cd\u65b9\u5f0f\u6211\u4eec\u53ef\u4ee5\u9009\u62e9\u5c06 JMX Exporter \u7684 jar \u6587\u4ef6\u653e\u5728\u4e1a\u52a1\u5e94\u7528\u955c\u50cf\u4e2d\uff0c \u4e5f\u53ef\u4ee5\u9009\u62e9\u5728\u90e8\u7f72\u7684\u65f6\u5019\u6302\u8f7d\u8fdb\u53bb\u3002\u8fd9\u91cc\u5206\u522b\u5bf9\u4e24\u79cd\u65b9\u5f0f\u505a\u4e00\u4e2a\u4ecb\u7ecd\uff1a
"},{"location":"admin/insight/quickstart/otel/java/jvm-monitor/jmx-exporter.html#jmx-exporter-jar","title":"\u65b9\u5f0f\u4e00\uff1a\u5c06 JMX Exporter JAR \u6587\u4ef6\u6784\u5efa\u81f3\u4e1a\u52a1\u955c\u50cf\u4e2d","text":"prometheus-jmx-config.yaml \u5185\u5bb9\u5982\u4e0b\uff1a
prometheus-jmx-config.yaml...\nssl: false\nlowercaseOutputName: false\nlowercaseOutputLabelNames: false\nrules:\n- pattern: \".*\"\n
Note
\u66f4\u591a\u914d\u7f6e\u9879\u8bf7\u53c2\u8003\u5e95\u90e8\u4ecb\u7ecd\u6216Prometheus \u5b98\u65b9\u6587\u6863\u3002
\u7136\u540e\u51c6\u5907 jar \u5305\u6587\u4ef6\uff0c\u53ef\u4ee5\u5728 jmx_exporter \u7684 Github \u9875\u9762\u627e\u5230\u6700\u65b0\u7684 jar \u5305\u4e0b\u8f7d\u5730\u5740\u5e76\u53c2\u8003\u5982\u4e0b Dockerfile:
FROM openjdk:11.0.15-jre\nWORKDIR /app/\nCOPY target/my-app.jar ./\nCOPY prometheus-jmx-config.yaml ./\nRUN set -ex; \\\n curl -L -O https://repo1.maven.org/maven2/io/prometheus/jmx/jmx_prometheus_javaagent/0.17.2/jmx_prometheus_javaagent-0.17.2.jar;\nENV JAVA_TOOL_OPTIONS=-javaagent:/app/jmx_prometheus_javaagent-0.17.2.jar=8088:/app/prometheus-jmx-config.yaml\nEXPOSE 8081 8999 8080 8888\nENTRYPOINT java $JAVA_OPTS -jar my-app.jar\n
\u6ce8\u610f\uff1a
\u6211\u4eec\u9700\u8981\u5148\u5c06 JMX exporter \u505a\u6210 Docker \u955c\u50cf, \u4ee5\u4e0b Dockerfile \u4ec5\u4f9b\u53c2\u8003\uff1a
FROM alpine/curl:3.14\nWORKDIR /app/\n# \u5c06\u524d\u9762\u521b\u5efa\u7684 config \u6587\u4ef6\u62f7\u8d1d\u81f3\u955c\u50cf\nCOPY prometheus-jmx-config.yaml ./\n# \u5728\u7ebf\u4e0b\u8f7d jmx prometheus javaagent jar\nRUN set -ex; \\\n curl -L -O https://repo1.maven.org/maven2/io/prometheus/jmx/jmx_prometheus_javaagent/0.17.2/jmx_prometheus_javaagent-0.17.2.jar;\n
\u6839\u636e\u4e0a\u9762 Dockerfile \u6784\u5efa\u955c\u50cf\uff1a docker build -t my-jmx-exporter .
\u5728 Java \u5e94\u7528\u90e8\u7f72 Yaml \u4e2d\u52a0\u5165\u5982\u4e0b init container\uff1a
\u70b9\u51fb\u5c55\u5f00 YAML \u6587\u4ef6apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: my-demo-app\n labels:\n app: my-demo-app\nspec:\n selector:\n matchLabels:\n app: my-demo-app\n template:\n metadata:\n labels:\n app: my-demo-app\n spec:\n imagePullSecrets:\n - name: registry-pull\n initContainers:\n - name: jmx-sidecar\n image: my-jmx-exporter\n command: [\"cp\", \"-r\", \"/app/jmx_prometheus_javaagent-0.17.2.jar\", \"/target/jmx_prometheus_javaagent-0.17.2.jar\"] \u278a\n volumeMounts:\n - name: sidecar\n mountPath: /target\n containers:\n - image: my-demo-app-image\n name: my-demo-app\n resources:\n requests:\n memory: \"1000Mi\"\n cpu: \"500m\"\n limits:\n memory: \"1000Mi\"\n cpu: \"500m\"\n ports:\n - containerPort: 18083\n env:\n - name: JAVA_TOOL_OPTIONS\n value: \"-javaagent:/app/jmx_prometheus_javaagent-0.17.2.jar=8088:/app/prometheus-jmx-config.yaml\" \u278b\n volumeMounts:\n - name: host-time\n mountPath: /etc/localtime\n readOnly: true\n - name: sidecar\n mountPath: /sidecar\n volumes:\n - name: host-time\n hostPath:\n path: /etc/localtime\n - name: sidecar #\u5171\u4eab agent \u6587\u4ef6\u5939\n emptyDir: {}\n restartPolicy: Always\n
\u7ecf\u8fc7\u5982\u4e0a\u7684\u6539\u9020\u4e4b\u540e\uff0c\u793a\u4f8b\u5e94\u7528 my-demo-app \u5177\u5907\u4e86\u66b4\u9732 JVM \u6307\u6807\u7684\u80fd\u529b\u3002 \u8fd0\u884c\u670d\u52a1\u4e4b\u540e\uff0c\u6211\u4eec\u53ef\u4ee5\u901a\u8fc7 http://lcoalhost:8088
\u8bbf\u95ee\u670d\u52a1\u66b4\u9732\u51fa\u6765\u7684 prometheus \u683c\u5f0f\u7684\u6307\u6807\u3002
\u63a5\u7740\uff0c\u60a8\u53ef\u4ee5\u53c2\u8003 \u5df2\u6709 JVM \u6307\u6807\u7684 Java \u5e94\u7528\u5bf9\u63a5\u53ef\u89c2\u6d4b\u6027\u3002
"},{"location":"admin/insight/quickstart/otel/java/jvm-monitor/legacy-jvm.html","title":"\u5df2\u6709 JVM \u6307\u6807\u7684 Java \u5e94\u7528\u5bf9\u63a5\u53ef\u89c2\u6d4b\u6027","text":"\u5982\u679c\u60a8\u7684 Java \u5e94\u7528\u901a\u8fc7\u5176\u4ed6\u65b9\u5f0f\uff08\u6bd4\u5982 Spring Boot Actuator\uff09\u66b4\u9732\u4e86 JVM \u7684\u76d1\u63a7\u6307\u6807\uff0c \u6211\u4eec\u9700\u8981\u8ba9\u76d1\u63a7\u6570\u636e\u88ab\u91c7\u96c6\u5230\u3002\u60a8\u53ef\u4ee5\u901a\u8fc7\u5728\u5de5\u4f5c\u8d1f\u8f7d\u4e2d\u6dfb\u52a0\u6ce8\u89e3\uff08Kubernetes Annotations\uff09\u7684\u65b9\u5f0f\u8ba9 Insight \u6765\u91c7\u96c6\u5df2\u6709\u7684 JVM \u6307\u6807\uff1a
annatation: \n insight.opentelemetry.io/metric-scrape: \"true\" # \u662f\u5426\u91c7\u96c6\n insight.opentelemetry.io/metric-path: \"/\" # \u91c7\u96c6\u6307\u6807\u7684\u8def\u5f84\n insight.opentelemetry.io/metric-port: \"9464\" # \u91c7\u96c6\u6307\u6807\u7684\u7aef\u53e3\n
\u4f8b\u5982\u4e3a my-deployment-app \u6dfb\u52a0\u6ce8\u89e3\uff1a
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: my-deployment-app\nspec:\n selector:\n matchLabels:\n app: my-deployment-app\n app.kubernetes.io/name: my-deployment-app\n replicas: 1\n template:\n metadata:\n labels:\n app: my-deployment-app\n app.kubernetes.io/name: my-deployment-app\n annotations:\n insight.opentelemetry.io/metric-scrape: \"true\" # \u662f\u5426\u91c7\u96c6\n insight.opentelemetry.io/metric-path: \"/\" # \u91c7\u96c6\u6307\u6807\u7684\u8def\u5f84\n insight.opentelemetry.io/metric-port: \"9464\" # \u91c7\u96c6\u6307\u6807\u7684\u7aef\u53e3\n
\u4ee5\u4e0b\u662f\u5b8c\u6574\u793a\u4f8b\uff1a
---\napiVersion: v1\nkind: Service\nmetadata:\n name: spring-boot-actuator-prometheus-metrics-demo\nspec:\n type: NodePort\n selector:\n #app: my-deployment-with-aotu-instrumentation-app\n app.kubernetes.io/name: spring-boot-actuator-prometheus-metrics-demo\n ports:\n - name: http\n port: 8080\n---\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: spring-boot-actuator-prometheus-metrics-demo\nspec:\n selector:\n matchLabels:\n #app: my-deployment-with-aotu-instrumentation-app\n app.kubernetes.io/name: spring-boot-actuator-prometheus-metrics-demo\n replicas: 1\n template:\n metadata:\n labels:\n app.kubernetes.io/name: spring-boot-actuator-prometheus-metrics-demo\n annotations:\n insight.opentelemetry.io/metric-scrape: \"true\" # \u662f\u5426\u91c7\u96c6\n insight.opentelemetry.io/metric-path: \"/actuator/prometheus\" # \u91c7\u96c6\u6307\u6807\u7684\u8def\u5f84\n insight.opentelemetry.io/metric-port: \"8080\" # \u91c7\u96c6\u6307\u6807\u7684\u7aef\u53e3\n spec:\n containers:\n - name: myapp\n image: docker.m.daocloud.io/wutang/spring-boot-actuator-prometheus-metrics-demo\n ports:\n - name: http\n containerPort: 8080\n resources:\n limits:\n cpu: 500m\n memory: 800Mi\n requests:\n cpu: 200m\n memory: 400Mi\n
\u4ee5\u4e0a\u793a\u4f8b\u4e2d\uff0cInsight \u4f1a\u901a\u8fc7 :8080//actuator/prometheus \u6293\u53d6\u901a\u8fc7 Spring Boot Actuator \u66b4\u9732\u51fa\u6765\u7684 Prometheus \u6307\u6807\u3002
"},{"location":"admin/insight/quickstart/otel/java/jvm-monitor/otel-java-agent.html","title":"\u4f7f\u7528 OpenTelemetry Java Agent \u66b4\u9732 JVM \u76d1\u63a7\u6307\u6807","text":"\u5728 Opentelemetry Agent v1.20.0 \u53ca\u4ee5\u4e0a\u7248\u672c\u4e2d\uff0cOpentelemetry Agent \u65b0\u589e\u4e86 JMX Metric Insight \u6a21\u5757\uff0c\u5982\u679c\u4f60\u7684\u5e94\u7528\u5df2\u7ecf\u96c6\u6210\u4e86 Opentelemetry Agent \u53bb\u91c7\u96c6\u5e94\u7528\u94fe\u8def\uff0c\u90a3\u4e48\u4f60\u4e0d\u518d\u9700\u8981\u53e6\u5916\u5f15\u5165\u5176\u4ed6 Agent \u53bb\u4e3a\u6211\u4eec\u7684\u5e94\u7528\u66b4\u9732 JMX \u6307\u6807\u3002Opentelemetry Agent \u4e5f\u662f\u901a\u8fc7\u68c0\u6d4b\u5e94\u7528\u7a0b\u5e8f\u4e2d\u672c\u5730\u53ef\u7528\u7684 MBean \u516c\u5f00\u7684\u6307\u6807\uff0c\u5bf9\u5176\u8fdb\u884c\u6536\u96c6\u5e76\u66b4\u9732\u6307\u6807\u3002
Opentelemetry Agent \u4e5f\u9488\u5bf9\u5e38\u89c1\u7684 Java Server \u6216\u6846\u67b6\u5185\u7f6e\u4e86\u4e00\u4e9b\u76d1\u63a7\u7684\u6837\u4f8b\uff0c\u8bf7\u53c2\u8003\u9884\u5b9a\u4e49\u7684\u6307\u6807\u3002
\u4f7f\u7528 OpenTelemetry Java Agent \u540c\u6837\u9700\u8981\u8003\u8651\u5982\u4f55\u5c06 JAR \u6302\u8f7d\u8fdb\u5bb9\u5668\uff0c\u9664\u4e86\u53ef\u4ee5\u53c2\u8003\u4e0a\u9762 JMX Exporter \u6302\u8f7d JAR \u6587\u4ef6\u7684\u65b9\u5f0f\u5916\uff0c\u6211\u4eec\u8fd8\u53ef\u4ee5\u501f\u52a9 Opentelemetry \u63d0\u4f9b\u7684 Operator \u7684\u80fd\u529b\u6765\u5b9e\u73b0\u81ea\u52a8\u4e3a\u6211\u4eec\u7684\u5e94\u7528\u5f00\u542f JVM \u6307\u6807\u66b4\u9732\uff1a
\u5982\u679c\u4f60\u7684\u5e94\u7528\u5df2\u7ecf\u96c6\u6210\u4e86 Opentelemetry Agent \u53bb\u91c7\u96c6\u5e94\u7528\u94fe\u8def\uff0c\u90a3\u4e48\u4f60\u4e0d\u518d\u9700\u8981\u53e6\u5916\u5f15\u5165\u5176\u4ed6 Agent \u53bb\u4e3a\u6211\u4eec\u7684\u5e94\u7528\u66b4\u9732 JMX \u6307\u6807\u3002Opentelemetry Agent \u901a\u8fc7\u68c0\u6d4b\u5e94\u7528\u7a0b\u5e8f\u4e2d\u672c\u5730\u53ef\u7528\u7684 MBean \u516c\u5f00\u7684\u6307\u6807\uff0c\u73b0\u5728\u53ef\u4ee5\u672c\u5730\u6536\u96c6\u5e76\u66b4\u9732\u6307\u6807\u63a5\u53e3\u3002
\u4f46\u662f\uff0c\u622a\u81f3\u76ee\u524d\u7248\u672c\uff0c\u4f60\u4ecd\u7136\u9700\u8981\u624b\u52a8\u4e3a\u5e94\u7528\u52a0\u4e0a\u76f8\u5e94\u6ce8\u89e3\u4e4b\u540e\uff0cJVM \u6570\u636e\u624d\u4f1a\u88ab Insight \u91c7\u96c6\u5230\uff0c\u5177\u4f53\u6ce8\u89e3\u5185\u5bb9\u8bf7\u53c2\u8003 \u5df2\u6709 JVM \u6307\u6807\u7684 Java \u5e94\u7528\u5bf9\u63a5\u53ef\u89c2\u6d4b\u6027\u3002
"},{"location":"admin/insight/quickstart/otel/java/jvm-monitor/otel-java-agent.html#java","title":"\u4e3a Java \u4e2d\u95f4\u4ef6\u66b4\u9732\u6307\u6807","text":"Opentelemetry Agent \u4e5f\u5185\u7f6e\u4e86\u4e00\u4e9b\u4e2d\u95f4\u4ef6\u76d1\u63a7\u7684\u6837\u4f8b\uff0c\u8bf7\u53c2\u8003 \u9884\u5b9a\u4e49\u6307\u6807\u3002
\u9ed8\u8ba4\u6ca1\u6709\u6307\u5b9a\u4efb\u4f55\u7c7b\u578b\uff0c\u9700\u8981\u901a\u8fc7 -Dotel.jmx.target.system JVM Options \u6307\u5b9a,\u6bd4\u5982 -Dotel.jmx.target.system=jetty,kafka-broker \u3002
"},{"location":"admin/insight/quickstart/otel/java/jvm-monitor/otel-java-agent.html#_1","title":"\u53c2\u8003","text":"Gaining JMX Metric Insights with the OpenTelemetry Java Agent
Otel jmx metrics
\u867d\u7136 OpenShift \u7cfb\u7edf\u81ea\u5e26\u4e86\u4e00\u5957\u76d1\u63a7\u7cfb\u7edf\uff0c\u56e0\u4e3a\u6570\u636e\u91c7\u96c6\u7ea6\u5b9a\u7684\u4e00\u4e9b\u89c4\u5219\uff0c\u6211\u4eec\u8fd8\u662f\u4f1a\u5b89\u88c5 Insight Agent\u3002
\u5176\u4e2d\uff0c\u5b89\u9664\u4e86\u57fa\u7840\u7684\u5b89\u88c5\u914d\u7f6e\u4e4b\u5916\uff0chelm install \u7684\u65f6\u5019\u8fd8\u9700\u8981\u589e\u52a0\u5982\u4e0b\u7684\u53c2\u6570\uff1a
## \u9488\u5bf9 fluentbit \u76f8\u5173\u7684\u53c2\u6570\uff1b\n--set fluent-bit.ocp.enabled=true \\\n--set fluent-bit.serviceAccount.create=false \\\n--set fluent-bit.securityContext.runAsUser=0 \\\n--set fluent-bit.securityContext.seLinuxOptions.type=spc_t \\\n--set fluent-bit.securityContext.readOnlyRootFilesystem=false \\\n--set fluent-bit.securityContext.allowPrivilegeEscalation=false \\\n\n## \u542f\u7528\u9002\u914d OpenShift4.x \u7684 Prometheus(CR)\n--set compatibility.openshift.prometheus.enabled=true \\\n\n## \u5173\u95ed\u9ad8\u7248\u672c\u7684 Prometheus \u5b9e\u4f8b\n--set kube-prometheus-stack.prometheus.enabled=false \\\n--set kube-prometheus-stack.kubeApiServer.enabled=false \\\n--set kube-prometheus-stack.kubelet.enabled=false \\\n--set kube-prometheus-stack.kubeControllerManager.enabled=false \\\n--set kube-prometheus-stack.coreDns.enabled=false \\\n--set kube-prometheus-stack.kubeDns.enabled=false \\\n--set kube-prometheus-stack.kubeEtcd.enabled=false \\\n--set kube-prometheus-stack.kubeEtcd.enabled=false \\\n--set kube-prometheus-stack.kubeScheduler.enabled=false \\\n--set kube-prometheus-stack.kubeStateMetrics.enabled=false \\\n--set kube-prometheus-stack.nodeExporter.enabled=false \\\n\n## \u9650\u5236 PrometheusOperator \u5904\u7406\u7684 namespace\uff0c\u907f\u514d\u4e0e OpenShift \u81ea\u5e26\u7684 PrometheusOperator \u76f8\u4e92\u7ade\u4e89\n--set kube-prometheus-stack.prometheusOperator.kubeletService.namespace=\"insight-system\" \\\n--set kube-prometheus-stack.prometheusOperator.prometheusInstanceNamespaces=\"insight-system\" \\\n--set kube-prometheus-stack.prometheusOperator.denyNamespaces[0]=\"openshift-monitoring\" \\\n--set kube-prometheus-stack.prometheusOperator.denyNamespaces[1]=\"openshift-user-workload-monitoring\" \\\n--set kube-prometheus-stack.prometheusOperator.denyNamespaces[2]=\"openshift-customer-monitoring\" \\\n--set kube-prometheus-stack.prometheusOperator.denyNamespaces[3]=\"openshift-route-monitor-operator\" \\\n
"},{"location":"admin/insight/quickstart/other/install-agent-on-ocp.html#openshift-prometheus","title":"\u901a\u8fc7 OpenShift \u81ea\u8eab\u673a\u5236\uff0c\u5c06\u7cfb\u7edf\u76d1\u63a7\u6570\u636e\u5199\u5165 Prometheus \u4e2d","text":"apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: cluster-monitoring-config\n namespace: openshift-monitoring\ndata:\n config.yaml: |\n prometheusK8s:\n remoteWrite:\n - queueConfig:\n batchSendDeadline: 60s\n maxBackoff: 5s\n minBackoff: 30ms\n minShards: 1\n capacity: 5000\n maxSamplesPerSend: 1000\n maxShards: 100\n remoteTimeout: 30s\n url: http://insight-agent-prometheus.insight-system.svc.cluster.local:9090/api/v1/write\n writeRelabelConfigs:\n - action: keep\n regex: etcd|kubelet|node-exporter|apiserver|kube-state-metrics\n sourceLabels:\n - job\n
"},{"location":"admin/insight/quickstart/res-plan/index.html","title":"\u90e8\u7f72\u5bb9\u91cf\u89c4\u5212","text":"\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u53ef\u89c2\u6d4b\u6027\u6a21\u5757\u4e3a\u4e86\u907f\u514d\u6d88\u8017\u8fc7\u591a\u8d44\u6e90\uff0c\u5df2\u7ecf\u8bbe\u7f6e\u4e86\u8d44\u6e90\u4e0a\u7ebf\uff08resource limit\uff09\uff0c\u53ef\u89c2\u6d4b\u7cfb\u7edf\u9700\u8981\u5904\u7406\u5927\u91cf\u7684\u6570\u636e\uff0c\u5982\u679c\u5bb9\u91cf\u89c4\u5212\u4e0d\u5408\u7406\uff0c\u53ef\u80fd\u4f1a\u5bfc\u81f4\u7cfb\u7edf\u8d1f\u8f7d\u8fc7\u9ad8\uff0c\u5f71\u54cd\u7a33\u5b9a\u6027\u548c\u53ef\u9760\u6027\u3002
"},{"location":"admin/insight/quickstart/res-plan/index.html#_2","title":"\u89c2\u6d4b\u7ec4\u4ef6\u7684\u8d44\u6e90\u89c4\u5212","text":"\u53ef\u89c2\u6d4b\u6027\u6a21\u5757\u5305\u542b Insight \u548c Insight Agent\u3002\u5176\u4e2d\uff0cInsight \u4e3b\u8981\u8d1f\u8d23\u89c2\u6d4b\u6570\u636e\u7684\u5b58\u50a8\uff0c\u5206\u6790\u4e0e\u5c55\u793a\u3002\u800c Insight Agent \u5305\u542b\u4e86\u6570\u636e\u91c7\u96c6\u3001\u6570\u636e\u5904\u7406\u3001\u6570\u636e\u4e0a\u4f20\u7b49\u529f\u80fd\u3002
"},{"location":"admin/insight/quickstart/res-plan/index.html#_3","title":"\u5b58\u50a8\u7ec4\u4ef6\u7684\u5bb9\u91cf\u89c4\u5212","text":"Insight \u7684\u5b58\u50a8\u7ec4\u4ef6\u4e3b\u8981\u5305\u62ec ElasticSearch \u548c VictoriaMetrics. \u5176\u4e2d\uff0cElasticSearch \u4e3b\u8981\u8d1f\u8d23\u5b58\u50a8\u548c\u67e5\u8be2\u65e5\u5fd7\u4e0e\u94fe\u8def\u6570\u636e\uff0cVictoriaMetrics \u4e3b\u8981\u8d1f\u8d23\u5b58\u50a8\u548c\u67e5\u8be2\u6307\u6807\u6570\u636e\u3002
Insight Agent \u7684\u91c7\u96c6\u5668\u4e2d\u5305\u542b Proemtheus\uff0c\u867d\u7136 Prometheus \u672c\u8eab\u662f\u4e00\u4e2a\u72ec\u7acb\u7684\u7ec4\u4ef6\uff0c\u4f46\u662f\u5728 Insight Agent \u4e2d\uff0cPrometheus \u4f1a\u88ab\u7528\u4e8e\u91c7\u96c6\u6570\u636e\uff0c\u56e0\u6b64\u9700\u8981\u5bf9 Prometheus \u7684\u8d44\u6e90\u8fdb\u884c\u89c4\u5212\u3002
\u672c\u6587\u63cf\u8ff0\u4e86 vmstorge \u78c1\u76d8\u6269\u5bb9\u7684\u65b9\u6cd5\uff0c vmstorge \u78c1\u76d8\u89c4\u8303\u8bf7\u53c2\u8003 vmstorage \u78c1\u76d8\u5bb9\u91cf\u89c4\u5212\u3002
"},{"location":"admin/insight/quickstart/res-plan/modify-vms-disk.html#_1","title":"\u64cd\u4f5c\u6b65\u9aa4","text":""},{"location":"admin/insight/quickstart/res-plan/modify-vms-disk.html#_2","title":"\u5f00\u542f\u5b58\u50a8\u6c60\u6269\u5bb9","text":"\u4ee5\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u7ba1\u7406\u5458\u6743\u9650\u767b\u5f55 AI \u7b97\u529b\u4e2d\u5fc3 \u5e73\u53f0\uff0c\u70b9\u51fb \u5bb9\u5668\u7ba1\u7406 -> \u96c6\u7fa4\u5217\u8868 \uff0c\u70b9\u51fb kpanda-global-cluster \u96c6\u7fa4\u3002
\u9009\u62e9\u5de6\u4fa7\u5bfc\u822a \u5bb9\u5668\u5b58\u50a8 -> \u6570\u636e\u5377\u58f0\u660e(PVC) \uff0c\u627e\u5230 vmstorage \u7ed1\u5b9a\u7684\u6570\u636e\u5377\u58f0\u660e\u3002
\u70b9\u51fb\u67d0\u4e2a vmstorage PVC\uff0c\u8fdb\u5165 vmstorage \u7684\u6570\u636e\u5377\u58f0\u660e\u8be6\u60c5\uff0c\u786e\u8ba4\u8be5 PVC \u7ed1\u5b9a\u7684\u5b58\u50a8\u6c60\u3002
\u9009\u62e9\u5de6\u4fa7\u5bfc\u822a \u5bb9\u5668\u5b58\u50a8 -> \u5b58\u50a8\u6c60(SC) \uff0c\u627e\u5230 local-path \uff0c\u70b9\u51fb\u76ee\u6807\u53f3\u4fa7\u7684 \u2507 \uff0c\u5728\u5f39\u51fa\u83dc\u5355\u4e2d\u9009\u62e9 \u7f16\u8f91 \u3002
\u5f00\u542f \u6269\u5bb9 \u540e\u70b9\u51fb \u786e\u5b9a \u3002
\u4ee5\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u7ba1\u7406\u5458\u6743\u9650\u767b\u5f55 AI \u7b97\u529b\u4e2d\u5fc3 \u5e73\u53f0\uff0c\u8fdb\u5165 kpanda-global-cluster \u96c6\u7fa4\u8be6\u60c5\u3002
\u9009\u62e9\u5de6\u4fa7\u5bfc\u822a \u81ea\u5b9a\u4e49\u8d44\u6e90 \uff0c\u627e\u5230 vmcluster \u7684\u81ea\u5b9a\u4e49\u8d44\u6e90\u3002
\u70b9\u51fb\u8be5 vmcluster \u81ea\u5b9a\u4e49\u8d44\u6e90\u8fdb\u5165\u8be6\u60c5\u9875\uff0c\u5207\u6362\u5230 insight-system \u547d\u540d\u7a7a\u95f4\u4e0b\uff0c\u4ece insight-victoria-metrics-k8s-stack \u53f3\u4fa7\u83dc\u5355\u9009\u62e9 \u7f16\u8f91 YAML \u3002
\u6839\u636e\u56fe\u4f8b\u4fee\u6539\u540e\u70b9\u51fb \u786e\u5b9a \u3002
\u518d\u6b21\u9009\u62e9\u5de6\u4fa7\u5bfc\u822a \u5bb9\u5668\u5b58\u50a8 -> \u6570\u636e\u5377\u58f0\u660e(PVC) \uff0c\u627e\u5230 vmstorage \u7ed1\u5b9a\u7684\u6570\u636e\u5377\u58f0\u660e\u786e\u8ba4\u4fee\u6539\u5df2\u751f\u6548\u3002\u5728\u67d0\u4e2a PVC \u8be6\u60c5\u9875\uff0c\u70b9\u51fb\u5173\u8054\u5b58\u50a8\u6e90 (PV)\u3002
\u6253\u5f00\u6570\u636e\u5377\u8be6\u60c5\u9875\uff0c\u70b9\u51fb\u53f3\u4e0a\u89d2 \u66f4\u65b0 \u6309\u94ae\u3002
\u4fee\u6539 \u5bb9\u91cf \u540e\u70b9\u51fb \u786e\u5b9a \uff0c\u7a0d\u7b49\u7247\u523b\u7b49\u5230\u6269\u5bb9\u6210\u529f\u3002
\u82e5\u5b58\u50a8\u5377\u6269\u5bb9\u5931\u8d25\uff0c\u53ef\u53c2\u8003\u4ee5\u4e0b\u65b9\u6cd5\u514b\u9686\u5b58\u50a8\u5377\u3002
\u4ee5\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u7ba1\u7406\u5458\u6743\u9650\u767b\u5f55 AI \u7b97\u529b\u4e2d\u5fc3 \u5e73\u53f0\uff0c\u8fdb\u5165 kpanda-global-cluster \u96c6\u7fa4\u8be6\u60c5\u3002
\u9009\u62e9\u5de6\u4fa7\u5bfc\u822a \u5de5\u4f5c\u8d1f\u8f7d -> \u6709\u72b6\u6001\u8d1f\u8f7d \uff0c\u627e\u5230 vmstorage \u7684\u6709\u72b6\u6001\u8d1f\u8f7d\uff0c\u70b9\u51fb\u76ee\u6807\u53f3\u4fa7\u7684 \u2507 \uff0c\u5728\u5f39\u51fa\u83dc\u5355\u4e2d\u9009\u62e9 \u72b6\u6001 -> \u505c\u6b62 -> \u786e\u5b9a \u3002
\u5728\u547d\u4ee4\u884c\u4e2d\u767b\u5f55 kpanda-global-cluster \u96c6\u7fa4\u7684 master \u8282\u70b9\u540e\uff0c\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u590d\u5236 vmstorage \u5bb9\u5668\u4e2d\u7684 vm-data \u76ee\u5f55\u5c06\u6307\u6807\u4fe1\u606f\u5b58\u50a8\u5728\u672c\u5730\uff1a
kubectl cp -n insight-system vmstorage-insight-victoria-metrics-k8s-stack-1:vm-data ./vm-data\n
\u767b\u5f55 AI \u7b97\u529b\u4e2d\u5fc3 \u5e73\u53f0\u8fdb\u5165 kpanda-global-cluster \u96c6\u7fa4\u8be6\u60c5\uff0c\u9009\u62e9\u5de6\u4fa7\u5bfc\u822a \u5bb9\u5668\u5b58\u50a8 -> \u6570\u636e\u5377(PV) \uff0c\u70b9\u51fb\u53f3\u4e0a\u89d2\u7684 \u514b\u9686 \uff0c\u5e76\u4fee\u6539\u6570\u636e\u5377\u7684\u5bb9\u91cf\u3002
\u5220\u9664\u4e4b\u524d vmstorage \u7684\u6570\u636e\u5377\u3002
\u7a0d\u7b49\u7247\u523b\uff0c\u5f85\u5b58\u50a8\u5377\u58f0\u660e\u8ddf\u514b\u9686\u7684\u6570\u636e\u5377\u7ed1\u5b9a\u540e\uff0c\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u5c06\u7b2c 3 \u6b65\u4e2d\u5bfc\u51fa\u7684\u6570\u636e\u5bfc\u5165\u5230\u5bf9\u5e94\u7684\u5bb9\u5668\u4e2d\uff0c\u7136\u540e\u5f00\u542f\u4e4b\u524d\u6682\u505c\u7684 vmstorage \u3002
kubectl cp -n insight-system ./vm-data vmstorage-insight-victoria-metrics-k8s-stack-1:vm-data\n
Prometheus \u5728\u5b9e\u9645\u4f7f\u7528\u8fc7\u7a0b\u4e2d\uff0c\u53d7\u5230\u96c6\u7fa4\u5bb9\u5668\u6570\u91cf\u4ee5\u53ca\u5f00\u542f Istio \u7684\u5f71\u54cd\uff0c\u4f1a\u5bfc\u81f4 Prometheus \u7684 CPU\u3001\u5185\u5b58\u7b49\u8d44\u6e90\u4f7f\u7528\u91cf\u8d85\u51fa\u8bbe\u5b9a\u7684\u8d44\u6e90\u3002
\u4e3a\u4e86\u4fdd\u8bc1\u4e0d\u540c\u89c4\u6a21\u96c6\u7fa4\u4e0b Prometheus \u7684\u6b63\u5e38\u8fd0\u884c\uff0c\u9700\u8981\u6839\u636e\u96c6\u7fa4\u7684\u5b9e\u9645\u89c4\u6a21\u5bf9 Prometheus \u8fdb\u884c\u8d44\u6e90\u8c03\u6574\u3002
"},{"location":"admin/insight/quickstart/res-plan/prometheus-res.html#_1","title":"\u53c2\u8003\u8d44\u6e90\u89c4\u5212","text":"\u5728\u672a\u5f00\u542f\u7f51\u683c\u60c5\u51b5\u4e0b\uff0c\u6d4b\u8bd5\u60c5\u51b5\u7edf\u8ba1\u51fa\u7cfb\u7edf Job \u6307\u6807\u91cf\u4e0e Pod \u7684\u5173\u7cfb\u4e3a Series \u6570\u91cf = 800 * Pod \u6570\u91cf
\u5728\u5f00\u542f\u670d\u52a1\u7f51\u683c\u65f6\uff0c\u5f00\u542f\u529f\u80fd\u540e Pod \u4ea7\u751f\u7684 Istio \u76f8\u5173\u6307\u6807\u6570\u91cf\u7ea7\u4e3a Series \u6570\u91cf = 768 * Pod \u6570\u91cf
"},{"location":"admin/insight/quickstart/res-plan/prometheus-res.html#_2","title":"\u5f53\u672a\u5f00\u542f\u670d\u52a1\u7f51\u683c\u65f6","text":"\u4ee5\u4e0b\u8d44\u6e90\u89c4\u5212\u4e3a \u672a\u5f00\u542f\u670d\u52a1\u7f51\u683c \u573a\u666f\u4e0b\uff0cPrometheus \u7684\u8d44\u6e90\u89c4\u5212\u63a8\u8350\uff1a
\u96c6\u7fa4\u89c4\u6a21(Pod \u6570) \u6307\u6807\u91cf(\u672a\u5f00\u542f\u670d\u52a1\u7f51\u683c) CPU(core) \u5185\u5b58(GB) 100 8w Request: 0.5Limit\uff1a1 Request\uff1a2GBLimit\uff1a4GB 200 16w Request\uff1a1Limit\uff1a1.5 Request\uff1a3GBLimit\uff1a6GB 300 24w Request\uff1a1Limit\uff1a2 Request\uff1a3GBLimit\uff1a6GB 400 32w Request\uff1a1Limit\uff1a2 Request\uff1a4GBLimit\uff1a8GB 500 40w Request\uff1a1.5Limit\uff1a3 Request\uff1a5GBLimit\uff1a10GB 800 64w Request\uff1a2Limit\uff1a4 Request\uff1a8GBLimit\uff1a16GB 1000 80w Request\uff1a2.5Limit\uff1a5 Request\uff1a9GBLimit\uff1a18GB 2000 160w Request\uff1a3.5Limit\uff1a7 Request\uff1a20GBLimit\uff1a40GB 3000 240w Request\uff1a4Limit\uff1a8 Request\uff1a33GBLimit\uff1a66GB"},{"location":"admin/insight/quickstart/res-plan/prometheus-res.html#_3","title":"\u5f53\u5f00\u542f\u670d\u52a1\u7f51\u683c\u529f\u80fd\u65f6","text":"\u4ee5\u4e0b\u8d44\u6e90\u89c4\u5212\u4e3a \u5f00\u542f\u670d\u52a1\u7f51\u683c \u573a\u666f\u4e0b\uff0cPrometheus \u7684\u8d44\u6e90\u89c4\u5212\u63a8\u8350\uff1a
\u96c6\u7fa4\u89c4\u6a21(Pod \u6570) \u6307\u6807\u91cf(\u5df2\u5f00\u542f\u670d\u52a1\u7f51\u683c) CPU(core) \u5185\u5b58(GB) 100 15w Request: 1Limit\uff1a2 Request\uff1a3GBLimit\uff1a6GB 200 31w Request\uff1a2Limit\uff1a3 Request\uff1a5GBLimit\uff1a10GB 300 46w Request\uff1a2Limit\uff1a4 Request\uff1a6GBLimit\uff1a12GB 400 62w Request\uff1a2Limit\uff1a4 Request\uff1a8GBLimit\uff1a16GB 500 78w Request\uff1a3Limit\uff1a6 Request\uff1a10GBLimit\uff1a20GB 800 125w Request\uff1a4Limit\uff1a8 Request\uff1a15GBLimit\uff1a30GB 1000 156w Request\uff1a5Limit\uff1a10 Request\uff1a18GBLimit\uff1a36GB 2000 312w Request\uff1a7Limit\uff1a14 Request\uff1a40GBLimit\uff1a80GB 3000 468w Request\uff1a8Limit\uff1a16 Request\uff1a65GBLimit\uff1a130GBNote
vmstorage \u662f\u8d1f\u8d23\u5b58\u50a8\u53ef\u89c2\u6d4b\u6027\u591a\u96c6\u7fa4\u6307\u6807\u3002 \u4e3a\u4fdd\u8bc1 vmstorage \u7684\u7a33\u5b9a\u6027\uff0c\u9700\u8981\u6839\u636e\u96c6\u7fa4\u6570\u91cf\u53ca\u96c6\u7fa4\u89c4\u6a21\u8c03\u6574 vmstorage \u7684\u78c1\u76d8\u5bb9\u91cf\u3002 \u66f4\u591a\u8d44\u6599\u8bf7\u53c2\u8003\uff1avmstorage \u4fdd\u7559\u671f\u4e0e\u78c1\u76d8\u7a7a\u95f4\u3002
"},{"location":"admin/insight/quickstart/res-plan/vms-res-plan.html#_1","title":"\u6d4b\u8bd5\u7ed3\u679c","text":"\u7ecf\u8fc7 14 \u5929\u5bf9\u4e0d\u540c\u89c4\u6a21\u7684\u96c6\u7fa4\u7684 vmstorage \u7684\u78c1\u76d8\u89c2\u6d4b\uff0c \u6211\u4eec\u53d1\u73b0 vmstorage \u7684\u78c1\u76d8\u7528\u91cf\u4e0e\u5176\u5b58\u50a8\u7684\u6307\u6807\u91cf\u548c\u5355\u4e2a\u6570\u636e\u70b9\u5360\u7528\u78c1\u76d8\u6b63\u76f8\u5173\u3002
\u78c1\u76d8\u7528\u91cf = \u77ac\u65f6\u6307\u6807\u91cf x 2 x \u5355\u4e2a\u6570\u636e\u70b9\u7684\u5360\u7528\u78c1\u76d8 x 60 x 24 x \u5b58\u50a8\u65f6\u95f4 (\u5929)
\u53c2\u6570\u8bf4\u660e\uff1a
Warning
\u8be5\u516c\u5f0f\u4e3a\u901a\u7528\u65b9\u6848\uff0c\u5efa\u8bae\u5728\u8ba1\u7b97\u7ed3\u679c\u4e0a\u9884\u7559\u5197\u4f59\u78c1\u76d8\u5bb9\u91cf\u4ee5\u4fdd\u8bc1 vmstorage \u7684\u6b63\u5e38\u8fd0\u884c\u3002
"},{"location":"admin/insight/quickstart/res-plan/vms-res-plan.html#_3","title":"\u53c2\u8003\u5bb9\u91cf","text":"\u8868\u683c\u4e2d\u6570\u636e\u662f\u6839\u636e\u9ed8\u8ba4\u5b58\u50a8\u65f6\u95f4\u4e3a\u4e00\u4e2a\u6708 (30 \u5929)\uff0c\u5355\u4e2a\u6570\u636e\u70b9 (datapoint) \u7684\u5360\u7528\u78c1\u76d8\u53d6 0.9 \u8ba1\u7b97\u6240\u5f97\u7ed3\u679c\u3002 \u591a\u96c6\u7fa4\u573a\u666f\u4e0b\uff0cPod \u6570\u91cf\u8868\u793a\u591a\u96c6\u7fa4 Pod \u6570\u91cf\u7684\u603b\u548c\u3002
"},{"location":"admin/insight/quickstart/res-plan/vms-res-plan.html#_4","title":"\u5f53\u672a\u5f00\u542f\u670d\u52a1\u7f51\u683c\u65f6","text":"\u96c6\u7fa4\u89c4\u6a21 (Pod \u6570) \u6307\u6807\u91cf \u78c1\u76d8\u5bb9\u91cf 100 8w 6 GiB 200 16w 12 GiB 300 24w 18 GiB 400 32w 24 GiB 500 40w 30 GiB 800 64w 48 GiB 1000 80w 60 GiB 2000 160w 120 GiB 3000 240w 180 GiB"},{"location":"admin/insight/quickstart/res-plan/vms-res-plan.html#_5","title":"\u5f53\u5f00\u542f\u670d\u52a1\u7f51\u683c\u65f6","text":"\u96c6\u7fa4\u89c4\u6a21 (Pod \u6570) \u6307\u6807\u91cf \u78c1\u76d8\u5bb9\u91cf 100 15w 12 GiB 200 31w 24 GiB 300 46w 36 GiB 400 62w 48 GiB 500 78w 60 GiB 800 125w 94 GiB 1000 156w 120 GiB 2000 312w 235 GiB 3000 468w 350 GiB"},{"location":"admin/insight/quickstart/res-plan/vms-res-plan.html#_6","title":"\u4e3e\u4f8b\u8bf4\u660e","text":"AI \u7b97\u529b\u4e2d\u5fc3 \u5e73\u53f0\u4e2d\u6709\u4e24\u4e2a\u96c6\u7fa4\uff0c\u5176\u4e2d\u5168\u5c40\u670d\u52a1\u96c6\u7fa4(\u5f00\u542f\u670d\u52a1\u7f51\u683c)\u4e2d\u8fd0\u884c 500 \u4e2a Pod\uff0c\u5de5\u4f5c\u96c6\u7fa4(\u672a\u5f00\u542f\u670d\u52a1\u7f51\u683c)\u8fd0\u884c\u4e86 1000 \u4e2a Pod\uff0c\u9884\u671f\u6307\u6807\u5b58 30 \u5929\u3002
\u5219\u5f53\u524d vmstorage \u78c1\u76d8\u7528\u91cf\u5e94\u8bbe\u7f6e\u4e3a (784000+80000)x2x0.9x60x24x31 = 124384896000 byte = 116 GiB
Note
\u96c6\u7fa4\u4e2d\u6307\u6807\u91cf\u4e0e Pod \u6570\u91cf\u7684\u5173\u7cfb\u53ef\u53c2\u8003Prometheus \u8d44\u6e90\u89c4\u5212\u3002
"},{"location":"admin/insight/reference/alertnotification.html","title":"\u544a\u8b66\u901a\u77e5\u6d41\u7a0b\u8bf4\u660e","text":"\u5728\u521b\u5efa\u544a\u8b66\u7b56\u7565\u65f6\uff0c\u53ef\u89c2\u6d4b\u6027 Insight \u652f\u6301\u4e3a\u540c\u7b56\u7565\u4e0b\u4e0d\u540c\u7ea7\u522b\u89e6\u53d1\u7684\u544a\u8b66\u914d\u7f6e\u4e0d\u540c\u7684\u901a\u77e5\u53d1\u9001\u95f4\u9694\uff0c\u4f46\u7531\u4e8e\u5728 Alertmanager \u539f\u751f\u914d\u7f6e\u4e2d\u5b58\u5728 group_interval \u548c repeat_interval \u4e24\u4e2a\u53c2\u6570\uff0c\u4f1a\u5bfc\u81f4\u544a\u8b66\u901a\u77e5\u7684\u5b9e\u9645\u53d1\u9001\u95f4\u9694\u5b58\u5728\u504f\u5dee\u3002
"},{"location":"admin/insight/reference/alertnotification.html#_2","title":"\u53c2\u6570\u914d\u7f6e","text":"\u5728 Alertmanager \u914d\u7f6e\u5982\u4e0b\uff1a
route: \n group_by: [\"rulename\"]\n group_wait: 30s\n group_interval: 5m\n repeat_interval: 1h\n
\u53c2\u6570\u8bf4\u660e\uff1a
group_wait \uff1a\u7528\u4e8e\u8bbe\u7f6e\u544a\u8b66\u901a\u77e5\u7684\u7b49\u5f85\u65f6\u95f4\u3002\u5f53 Alertmanager \u63a5\u6536\u5230\u4e00\u7ec4\u544a\u8b66\u65f6\uff0c\u5982\u679c\u5728 group_wait \u6307\u5b9a\u7684\u65f6\u95f4\u5185\u6ca1\u6709\u66f4\u591a\u7684\u544a\u8b66\uff0c\u5219 Alertmanager \u5c06\u7b49\u5f85\u4e00\u6bb5\u65f6\u95f4\u4ee5\u4fbf\u6536\u96c6\u5230\u66f4\u591a\u76f8\u540c\u6807\u7b7e\u548c\u5185\u5bb9\u7684\u544a\u8b66\uff0c\u5e76\u5c06\u6240\u6709\u7b26\u5408\u6761\u4ef6\u7684\u544a\u8b66\u6dfb\u52a0\u5230\u540c\u4e00\u901a\u77e5\u4e2d\u3002
group_interval \uff1a\u7528\u4e8e\u8bbe\u7f6e\u4e00\u7ec4\u544a\u8b66\u5728\u88ab\u5408\u5e76\u6210\u5355\u4e00\u901a\u77e5\u524d\u7b49\u5f85\u7684\u65f6\u95f4\u3002\u5982\u679c\u5728\u8fd9\u4e2a\u65f6\u95f4\u5185\u6ca1\u6709\u6536\u5230\u66f4\u591a\u7684\u6765\u81ea\u540c\u4e00\u7ec4\u7684\u544a\u8b66\uff0c\u5219 Alertmanager \u5c06\u53d1\u9001\u4e00\u4e2a\u5305\u542b\u6240\u6709\u5df2\u63a5\u6536\u544a\u8b66\u7684\u901a\u77e5\u3002
repeat_interval \uff1a\u7528\u4e8e\u8bbe\u7f6e\u544a\u8b66\u901a\u77e5\u7684\u91cd\u590d\u53d1\u9001\u95f4\u9694\u3002\u5f53 Alertmanager \u53d1\u9001\u544a\u8b66\u901a\u77e5\u5230\u63a5\u6536\u5668\u540e\uff0c\u5982\u679c\u5728 repeat_interval \u53c2\u6570\u6307\u5b9a\u7684\u65f6\u95f4\u5185\u6301\u7eed\u6536\u5230\u76f8\u540c\u6807\u7b7e\u548c\u5185\u5bb9\u7684\u544a\u8b66\uff0c\u5219 Alertmanager \u5c06\u91cd\u590d\u53d1\u9001\u544a\u8b66\u901a\u77e5\u3002
\u5f53\u540c\u65f6\u8bbe\u7f6e\u4e86 group_wait \u3001 group_interval \u548c repeat_interval \u53c2\u6570\u65f6\uff0cAlertmanager \u5c06\u6309\u7167\u4ee5\u4e0b\u65b9\u5f0f\u5904\u7406\u540c\u4e00 group \u4e0b\u7684\u544a\u8b66\u901a\u77e5\uff1a
\u5f53 Alertmanager \u63a5\u6536\u5230\u7b26\u5408\u6761\u4ef6\u7684\u544a\u8b66\u65f6\uff0c\u5b83\u5c06\u7b49\u5f85\u81f3\u5c11 group_wait \u53c2\u6570\u4e2d\u6307\u5b9a\u7684\u65f6\u95f4\u4ee5\u4fbf\u6536\u96c6\u66f4\u591a\u76f8\u540c\u6807\u7b7e\u548c\u5185\u5bb9\u7684\u544a\u8b66\uff0c\u5e76\u5c06\u6240\u6709\u7b26\u5408\u6761\u4ef6\u7684\u544a\u8b66\u6dfb\u52a0\u5230\u540c\u4e00\u901a\u77e5\u4e2d\u3002
\u5982\u679c\u5728 group_wait \u65f6\u95f4\u5185\u6ca1\u6709\u63a5\u6536\u5230\u66f4\u591a\u7684\u544a\u8b66\uff0c\u5219\u5728\u8be5\u65f6\u95f4\u4e4b\u540e\uff0cAlertmanager \u4f1a\u5c06\u6240\u6536\u5230\u7684\u6240\u6709\u6b64\u7c7b\u8b66\u62a5\u53d1\u9001\u5230\u63a5\u6536\u5668\u3002\u5982\u679c\u6709\u5176\u4ed6\u7b26\u5408\u6761\u4ef6\u7684\u544a\u8b66\u5728\u6b64\u671f\u95f4\u5185\u5230\u8fbe\uff0c\u5219 Alertmanager \u5c06\u7ee7\u7eed\u7b49\u5f85\uff0c\u76f4\u5230\u6536\u96c6\u5230\u6240\u6709\u544a\u8b66\u6216\u8d85\u65f6\u3002
\u5982\u679c\u5728 group_interval \u53c2\u6570\u4e2d\u6307\u5b9a\u7684\u65f6\u95f4\u5185\u63a5\u6536\u5230\u4e86\u66f4\u591a\u7684\u76f8\u540c\u6807\u7b7e\u548c\u5185\u5bb9\u7684\u544a\u8b66\uff0c\u5219\u8fd9\u4e9b\u65b0\u544a\u8b66\u4e5f\u5c06\u88ab\u6dfb\u52a0\u5230\u5148\u524d\u7684\u901a\u77e5\u4e2d\u5e76\u4e00\u8d77\u53d1\u9001\u3002\u5982\u679c\u5728 group_interval \u65f6\u95f4\u7ed3\u675f\u540e\u4ecd\u7136\u6709\u672a\u53d1\u9001\u7684\u544a\u8b66\uff0cAlertmanager \u5c06\u4f1a\u91cd\u65b0\u5f00\u59cb\u4e00\u4e2a\u65b0\u7684\u8ba1\u65f6\u5468\u671f\uff0c\u5e76\u7b49\u5f85\u66f4\u591a\u7684\u544a\u8b66\uff0c\u76f4\u5230\u518d\u6b21\u8fbe\u5230 group_interval \u65f6\u95f4\u6216\u6536\u5230\u65b0\u7684\u544a\u8b66\u3002
\u5982\u679c\u5728 repeat_interval \u53c2\u6570\u4e2d\u6307\u5b9a\u7684\u65f6\u95f4\u5185\u6301\u7eed\u6536\u5230\u76f8\u540c\u6807\u7b7e\u548c\u5185\u5bb9\u7684\u544a\u8b66\uff0c\u5219 Alertmanager \u5c06\u91cd\u590d\u53d1\u9001\u4e4b\u524d\u5df2\u7ecf\u53d1\u9001\u8fc7\u7684\u8b66\u62a5\u901a\u77e5\u3002\u5728\u91cd\u590d\u53d1\u9001\u8b66\u62a5\u901a\u77e5\u65f6\uff0cAlertmanager \u4e0d\u518d\u7b49\u5f85 group_wait \u6216 group_interval \uff0c\u800c\u662f\u6839\u636e repeat_interval \u6307\u5b9a\u7684\u65f6\u95f4\u95f4\u9694\u8fdb\u884c\u91cd\u590d\u901a\u77e5\u3002
\u5982\u679c\u5728 repeat_interval \u65f6\u95f4\u7ed3\u675f\u540e\u4ecd\u6709\u672a\u53d1\u9001\u7684\u544a\u8b66\uff0c\u5219 Alertmanager \u5c06\u91cd\u65b0\u5f00\u59cb\u4e00\u4e2a\u65b0\u7684\u8ba1\u65f6\u5468\u671f\uff0c\u5e76\u7ee7\u7eed\u7b49\u5f85\u76f8\u540c\u6807\u7b7e\u548c\u5185\u5bb9\u7684\u65b0\u544a\u8b66\u3002\u8fd9\u4e2a\u8fc7\u7a0b\u5c06\u4e00\u76f4\u6301\u7eed\u4e0b\u53bb\uff0c\u76f4\u5230\u6ca1\u6709\u65b0\u544a\u8b66\u4e3a\u6b62\u6216 Alertmanager \u88ab\u505c\u6b62\u3002
\u5728\u4e0b\u8ff0\u793a\u4f8b\u4e2d\uff0cAlertmanager \u5c06\u6240\u6709 CPU \u4f7f\u7528\u7387\u9ad8\u4e8e\u9608\u503c\u7684\u544a\u8b66\u5206\u914d\u5230\u4e00\u4e2a\u540d\u4e3a\u201ccritical_alerts\u201d\u7684\u7b56\u7565\u4e2d\u3002
groups:\n- name: critical_alerts\n rules:\n - alert: HighCPUUsage\n expr: node_cpu_seconds_total{mode=\"idle\"} < 50\n for: 5m\n labels:\n severity: critical\n annotations:\n summary: \"High CPU usage detected on instance {{ $labels.instance }}\"\n group_by: [rulename]\n group_wait: 30s\n group_interval: 5m\n repeat_interval: 1h\n
\u5728\u8fd9\u79cd\u60c5\u51b5\u4e0b\uff1a
\u5982\u679c\u5728 1 \u5c0f\u65f6\u5185\u6301\u7eed\u6536\u5230\u76f8\u540c\u6807\u7b7e\u548c\u5185\u5bb9\u7684\u544a\u8b66\uff0c\u5219 Alertmanager \u5c06\u91cd\u590d\u53d1\u9001\u4e4b\u524d\u5df2\u7ecf\u53d1\u9001\u8fc7\u7684\u8b66\u62a5\u901a\u77e5\u3002
Lucene \u662f Apache \u8f6f\u4ef6\u57fa\u91d1\u4f1a 4 jakarta \u9879\u76ee\u7ec4\u7684\u4e00\u4e2a\u5b50\u9879\u76ee\uff0c\u662f\u4e00\u4e2a\u5f00\u653e\u6e90\u4ee3\u7801\u7684\u5168\u6587\u68c0\u7d22\u5f15\u64ce\u5de5\u5177\u5305\u3002 Lucene \u7684\u76ee\u7684\u662f\u4e3a\u8f6f\u4ef6\u5f00\u53d1\u4eba\u5458\u63d0\u4f9b\u4e00\u4e2a\u7b80\u5355\u6613\u7528\u7684\u5de5\u5177\u5305\uff0c\u4ee5\u65b9\u4fbf\u7684\u5728\u76ee\u6807\u7cfb\u7edf\u4e2d\u5b9e\u73b0\u5168\u6587\u68c0\u7d22\u7684\u529f\u80fd\u3002
"},{"location":"admin/insight/reference/lucene.html#lucene_2","title":"Lucene \u8bed\u6cd5","text":"Lucene \u7684\u8bed\u6cd5\u641c\u7d22\u683c\u5f0f\u5141\u8bb8\u60a8\u4ee5\u7075\u6d3b\u7684\u65b9\u5f0f\u6784\u5efa\u641c\u7d22\u67e5\u8be2\uff0c\u4ee5\u6ee1\u8db3\u4e0d\u540c\u7684\u641c\u7d22\u9700\u6c42\u3002\u4ee5\u4e0b\u662f Lucene \u7684\u8bed\u6cd5\u641c\u7d22\u683c\u5f0f\u7684\u8be6\u7ec6\u8bf4\u660e\uff1a
"},{"location":"admin/insight/reference/lucene.html#_1","title":"\u5173\u952e\u5b57\u67e5\u8be2","text":"\u8981\u901a\u8fc7 Lucene \u8bed\u6cd5\u5b9e\u73b0\u591a\u4e2a\u5173\u952e\u5b57\u7684\u67e5\u8be2\uff0c\u60a8\u53ef\u4ee5\u4f7f\u7528\u5e03\u5c14\u903b\u8f91\u64cd\u4f5c\u7b26\u6765\u7ec4\u5408\u591a\u4e2a\u5173\u952e\u5b57\u3002Lucene \u652f\u6301\u4ee5\u4e0b\u51e0\u79cd\u64cd\u4f5c\u7b26\uff1a
AND \u64cd\u4f5c\u7b26
OR \u64cd\u4f5c\u7b26
NOT \u64cd\u4f5c\u7b26
\u5f15\u53f7
\u6307\u5b9a\u5b57\u6bb5
field1:keyword1 AND (field2:keyword2 OR field3:keyword3) NOT field4:keyword4\n
\u89e3\u91ca\u5982\u4e0b\uff1a
\u4e0d\u6307\u5b9a\u5b57\u6bb5
keyword1 AND (keyword2 OR keyword3) NOT keyword4\n
\u89e3\u91ca\u5982\u4e0b\uff1a
\u5728 Lucene \u4e2d\uff0c\u6a21\u7cca\u67e5\u8be2\u53ef\u4ee5\u901a\u8fc7\u6ce2\u6d6a\u53f7 ~ \u6765\u5b9e\u73b0\u8fd1\u4f3c\u5339\u914d\u3002\u60a8\u53ef\u4ee5\u6307\u5b9a\u4e00\u4e2a\u7f16\u8f91\u8ddd\u79bb\u6765\u9650\u5236\u5339\u914d\u7684\u76f8\u4f3c\u5ea6\u7a0b\u5ea6\u3002
term~\n
\u5728\u4e0a\u8ff0\u793a\u4f8b\u4e2d\uff0c term \u662f\u8981\u8fdb\u884c\u6a21\u7cca\u5339\u914d\u7684\u5173\u952e\u5b57\u3002
\u8bf7\u6ce8\u610f\u4ee5\u4e0b\u51e0\u70b9\uff1a
Lucene \u652f\u6301\u4ee5\u4e0b\u4e24\u79cd\u901a\u914d\u7b26\u67e5\u8be2\uff1a
*
\u901a\u914d\u7b26\uff1a *
\u7528\u4e8e\u5339\u914d\u96f6\u4e2a\u6216\u591a\u4e2a\u5b57\u7b26\u3002
\u4f8b\u5982\uff0c te*t \u00a0\u53ef\u4ee5\u5339\u914d \"test\"\u3001\"text\"\u3001\"tempest\" \u7b49\u3002
?
\u901a\u914d\u7b26\uff1a ?
\u7528\u4e8e\u5339\u914d\u5355\u4e2a\u5b57\u7b26\u3002
\u4f8b\u5982\uff0c te?t \u00a0\u53ef\u4ee5\u5339\u914d \"test\"\u3001\"text\" \u7b49\u3002
te?t\n
\u5728\u4e0a\u8ff0\u793a\u4f8b\u4e2d\uff0c te?t \u8868\u793a\u5339\u914d\u4ee5 \"te\" \u5f00\u5934\uff0c\u63a5\u7740\u662f\u4e00\u4e2a\u4efb\u610f\u5b57\u7b26\uff0c\u7136\u540e\u4ee5 \"t\" \u7ed3\u5c3e\u7684\u8bcd\u3002\u8fd9\u79cd\u67e5\u8be2\u53ef\u4ee5\u5339\u914d\u4f8b\u5982 \"test\"\u3001\"text\"\u3001\"tent\" \u7b49\u3002
\u9700\u8981\u6ce8\u610f\u7684\u662f\uff0c\u95ee\u53f7\u53ea\u80fd\u4ee3\u8868\u4e00\u4e2a\u5b57\u7b26\uff0c\u5982\u679c\u60f3\u8981\u5339\u914d\u591a\u4e2a\u5b57\u7b26\u6216\u8005\u662f\u53ef\u53d8\u957f\u5ea6\u7684\u5b57\u7b26\uff0c\u53ef\u4ee5\u4f7f\u7528\u661f\u53f7 *
\u8fdb\u884c\u591a\u5b57\u7b26\u901a\u914d\u7b26\u5339\u914d\u3002 \u53e6\u5916\uff0c\u95ee\u53f7\u4e0d\u4f1a\u5339\u914d\u7a7a\u5b57\u7b26\u4e32\u3002
\u603b\u7ed3\u4e00\u4e0b\uff0cLucene \u8bed\u6cd5\u4e2d\u7684\u95ee\u53f7 ?
\u7528\u4f5c\u5355\u5b57\u7b26\u901a\u914d\u7b26\uff0c\u8868\u793a\u5339\u914d\u4efb\u610f\u4e00\u4e2a\u5b57\u7b26\u3002\u901a\u8fc7\u5728\u641c\u7d22\u5173\u952e\u5b57\u4e2d\u4f7f\u7528\u95ee\u53f7\uff0c\u60a8\u53ef\u4ee5\u8fdb\u884c\u66f4\u7075\u6d3b\u548c\u5177\u4f53\u7684\u6a21\u5f0f\u5339\u914d\u3002
Lucene \u8bed\u6cd5\u652f\u6301\u8303\u56f4\u67e5\u8be2\uff0c\u60a8\u53ef\u4ee5\u4f7f\u7528\u65b9\u62ec\u53f7 [ ] \u6216\u82b1\u62ec\u53f7 { } \u6765\u8868\u793a\u8303\u56f4\u3002\u4ee5\u4e0b\u662f\u8303\u56f4\u67e5\u8be2\u7684\u793a\u4f8b\uff1a
\u5305\u542b\u8fb9\u754c\u7684\u8303\u56f4\u67e5\u8be2\uff1a
\u6392\u9664\u8fb9\u754c\u7684\u8303\u56f4\u67e5\u8be2\uff1a
\u7701\u7565\u8fb9\u754c\u7684\u8303\u56f4\u67e5\u8be2\uff1a
Note
\u8bf7\u6ce8\u610f\uff0c\u8303\u56f4\u67e5\u8be2\u53ea\u9002\u7528\u4e8e\u80fd\u591f\u8fdb\u884c\u6392\u5e8f\u7684\u5b57\u6bb5\u7c7b\u578b\uff0c\u5982\u6570\u5b57\u3001\u65e5\u671f\u7b49\u3002\u540c\u65f6\uff0c\u786e\u4fdd\u5728\u67e5\u8be2\u65f6\u5c06\u8fb9\u754c\u503c\u6b63\u786e\u5730\u6307\u5b9a\u4e3a\u5b57\u6bb5\u7684\u5b9e\u9645\u503c\u7c7b\u578b\u3002 \u5982\u679c\u60a8\u5e0c\u671b\u5728\u6574\u4e2a\u7d22\u5f15\u4e2d\u8fdb\u884c\u8303\u56f4\u67e5\u8be2\u800c\u4e0d\u6307\u5b9a\u7279\u5b9a\u5b57\u6bb5\uff0c\u53ef\u4ee5\u4f7f\u7528\u901a\u914d\u7b26\u67e5\u8be2 *
\u6765\u4ee3\u66ff\u5b57\u6bb5\u540d\u3002
\u6307\u5b9a\u5b57\u6bb5
timestamp:[2022-01-01 TO 2022-01-31]\n
\u8fd9\u5c06\u68c0\u7d22 timestamp \u5b57\u6bb5\u5728 2022 \u5e74 1 \u6708 1 \u65e5\u5230 2022 \u5e74 1 \u6708 31 \u65e5\u4e4b\u95f4\u7684\u6570\u636e\u3002
\u4e0d\u6307\u5b9a\u5b57\u6bb5
*:[value1 TO value2]\n
\u8fd9\u5c06\u5728\u6574\u4e2a\u7d22\u5f15\u4e2d\u641c\u7d22\u53d6\u503c\u8303\u56f4\u4ece value1 \u5230 value2 \u7684\u6587\u6863\u3002
\u5982\u679c\u4f60\u60f3\u8981\u7cbe\u786e\u5339\u914d\u67d0\u4e2a\u7279\u5b9a\u7684\u503c\uff0c\u53ef\u4ee5\u5728\u5173\u952e\u5b57\u540e\u52a0\u5165 .keyword
\u540e\u7f00\uff0c\u4f8b\u5982 kubernetes.container_name.keyword
\u3002
\u67e5\u8be2\u6307\u5b9a Pod \u4e2d\u6307\u5b9a\u5bb9\u5668\u7684\u65e5\u5fd7
kubernetes.pod_name.keyword:nginx-pod AND kubernetes.container_name.keyword:nginx\n
2. \u67e5\u8be2 Pod \u540d\u79f0\u4e2d\u5305\u542b nginx-pod
\u7684\u5bb9\u5668\u65e5\u5fd7 kubernetes.pod_name:nginx-pod\n
\u544a\u8b66\u901a\u77e5\u6a21\u677f\u91c7\u7528\u4e86 Go Template \u8bed\u6cd5\u6765\u6e32\u67d3\u6a21\u677f\u3002
\u6a21\u677f\u4f1a\u57fa\u4e8e\u4e0b\u9762\u7684\u6570\u636e\u8fdb\u884c\u6e32\u67d3\u3002
{\n \"status\": \"firing\",\n \"labels\": {\n \"alertgroup\": \"test-group\", // \u544a\u8b66\u7b56\u7565\u540d\u79f0\n \"alertname\": \"test-rule\", // \u544a\u8b66\u89c4\u5219\u540d\u79f0\n \"cluster\": \"35b54a48-b66c-467b-a8dc-503c40826330\",\n \"customlabel1\": \"v1\",\n \"customlabel2\": \"v2\",\n \"endpoint\": \"https\",\n \"group_id\": \"01gypg06fcdf7rmqc4ksv97646\",\n \"instance\": \"10.6.152.85:6443\",\n \"job\": \"apiserver\",\n \"namespace\": \"default\",\n \"prometheus\": \"insight-system/insight-agent-kube-prometh-prometheus\",\n \"prometheus_replica\": \"prometheus-insight-agent-kube-prometh-prometheus-0\",\n \"rule_id\": \"01gypg06fcyn2g9zyehbrvcdfn\",\n \"service\": \"kubernetes\",\n \"severity\": \"critical\",\n \"target\": \"35b54a48-b66c-467b-a8dc-503c40826330\",\n \"target_type\": \"cluster\"\n },\n \"annotations\": {\n \"customanno1\": \"v1\",\n \"customanno2\": \"v2\",\n \"description\": \"\u8fd9\u662f\u4e00\u6761\u6d4b\u8bd5\u89c4\u5219\uff0c10.6.152.85:6443 down\",\n \"value\": \"1\"\n },\n \"startsAt\": \"2023-04-20T07:53:54.637363473Z\",\n \"endsAt\": \"0001-01-01T00:00:00Z\",\n \"generatorURL\": \"http://vmalert-insight-victoria-metrics-k8s-stack-df987997b-npsl9:8080/vmalert/alert?group_id=16797738747470868115&alert_id=10071735367745833597\",\n \"fingerprint\": \"25c8d93d5bf58ac4\"\n}\n
"},{"location":"admin/insight/reference/notify-helper.html#_2","title":"\u4f7f\u7528\u8bf4\u660e","text":".
\u5b57\u7b26
\u5728\u5f53\u524d\u4f5c\u7528\u57df\u4e0b\u6e32\u67d3\u6307\u5b9a\u5bf9\u8c61\u3002
\u793a\u4f8b 1: \u53d6\u9876\u7ea7\u4f5c\u7528\u57df\u4e0b\u7684\u6240\u6709\u5185\u5bb9\uff0c\u5373\u793a\u4f8b\u4ee3\u7801\u4e2d\u4e0a\u4e0b\u6587\u6570\u636e\u7684\u5168\u90e8\u5185\u5bb9\u3002
{{ . }}\n
\u5224\u65ad\u8bed\u53e5 if / else
\u4f7f\u7528 if \u68c0\u67e5\u6570\u636e\uff0c\u5982\u679c\u4e0d\u6ee1\u8db3\u53ef\u4ee5\u6267\u884c else\u3002
{{if .Labels.namespace }}\u547d\u540d\u7a7a\u95f4\uff1a{{ .Labels.namespace }} \\n{{ end }}\n
\u5faa\u73af\u51fd\u6570 for
for \u51fd\u6570\u7528\u4e8e\u91cd\u590d\u6267\u884c\u4ee3\u7801\u5185\u5bb9\u3002
\u793a\u4f8b 1: \u904d\u5386 labels \u5217\u8868\uff0c\u83b7\u53d6\u544a\u8b66\u7684\u6240\u6709 label \u5185\u5bb9\u3002
{{ for .Labels}} \\n {{end}}\n
Insight \u7684\u201d\u901a\u77e5\u6a21\u677f\u201c\u548c\u201d\u77ed\u4fe1\u6a21\u677f\u201c\u652f\u6301 70 \u591a\u4e2a sprig \u51fd\u6570\uff0c\u4ee5\u53ca\u81ea\u7814\u7684\u51fd\u6570\u3002
"},{"location":"admin/insight/reference/notify-helper.html#sprig","title":"Sprig \u51fd\u6570","text":"Sprig \u5185\u7f6e\u4e86 70 \u591a\u79cd\u5e38\u89c1\u7684\u6a21\u677f\u51fd\u6570\u5e2e\u52a9\u6e32\u67d3\u6570\u636e\u3002\u4ee5\u4e0b\u5217\u4e3e\u5e38\u89c1\u51fd\u6570\uff1a
\u66f4\u591a\u7ec6\u8282\u53ef\u4ee5\u67e5\u770b\u5b98\u65b9\u6587\u6863\u3002
"},{"location":"admin/insight/reference/notify-helper.html#_3","title":"\u81ea\u7814\u51fd\u6570","text":""},{"location":"admin/insight/reference/notify-helper.html#toclustername","title":"toClusterName","text":"toClusterName \u51fd\u6570\u6839\u636e\u201c\u96c6\u7fa4\u552f\u4e00\u6807\u793a Id\u201d\u67e5\u8be2\u201c\u96c6\u7fa4\u540d\u201d\uff1b\u5982\u679c\u67e5\u8be2\u4e0d\u5230\u5bf9\u5e94\u7684\u96c6\u7fa4\uff0c\u5c06\u76f4\u63a5\u8fd4\u56de\u4f20\u5165\u7684\u96c6\u7fa4\u7684\u552f\u4e00\u6807\u793a\u3002
func toClusterName(id string) (string, error)\n
\u793a\u4f8b\uff1a
{{ toClusterName \"clusterId\" }}\n{{ \"clusterId\" | toClusterName }}\n
"},{"location":"admin/insight/reference/notify-helper.html#toclusterid","title":"toClusterId","text":"toClusterId \u51fd\u6570\u6839\u636e\u201c\u96c6\u7fa4\u540d\u201d\u67e5\u8be2\u201c\u96c6\u7fa4\u552f\u4e00\u6807\u793a Id\u201d\uff1b\u5982\u679c\u67e5\u8be2\u4e0d\u5230\u5bf9\u5e94\u7684\u96c6\u7fa4\uff0c\u5c06\u76f4\u63a5\u8fd4\u56de\u4f20\u5165\u7684\u96c6\u7fa4\u540d\u3002
func toClusterId(name string) (string, error)\n
\u793a\u4f8b\uff1a
{{ toClusterId \"clusterName\" }}\n{{ \"clusterName\" | toClusterId }}\n
"},{"location":"admin/insight/reference/notify-helper.html#todateinzone","title":"toDateInZone","text":"toDateInZone \u6839\u636e\u5b57\u7b26\u4e32\u65f6\u95f4\u8f6c\u6362\u6210\u6240\u9700\u7684\u65f6\u95f4\uff0c\u5e76\u8fdb\u884c\u683c\u5f0f\u5316\u3002
func toDateInZone(fmt string, date interface{}, zone string) string\n
\u793a\u4f8b 1\uff1a
{{ toDateInZone \"2006-01-02T15:04:05\" \"2022-08-15T05:59:08.064449533Z\" \"Asia/Shanghai\" }}\n
\u5c06\u83b7\u5f97\u8fd4\u56de\u503c 2022-08-15T13:59:08 \u3002\u6b64\u5916\uff0c\u4e5f\u53ef\u4ee5\u901a\u8fc7 sprig \u5185\u7f6e\u7684\u51fd\u6570\u8fbe\u5230 toDateInZone \u7684\u6548\u679c\uff1a
{{ dateInZone \"2006-01-02T15:04:05\" (toDate \"2006-01-02T15:04:05Z07:00\" .StartsAt) \"Asia/Shanghai\" }}\n
\u793a\u4f8b 2\uff1a
{{ toDateInZone \"2006-01-02T15:04:05\" .StartsAt \"Asia/Shanghai\" }}\n\n## \u9608\u503c\u6a21\u677f\u8bf4\u660e\n\nInsight \u5185\u7f6e Webhook \u544a\u8b66\u6a21\u677f\u5982\u4e0b\uff0c\u5176\u4ed6\u5982\u90ae\u4ef6\u3001\u4f01\u4e1a\u5fae\u4fe1\u7b49\u5185\u5bb9\u76f8\u540c\uff0c\u53ea\u662f\u5bf9\u6362\u884c\u8fdb\u884c\u76f8\u5e94\u8c03\u6574\u3002\n\n```text\n\u89c4\u5219\u540d\u79f0\uff1a{{ .Labels.alertname }} \\n\n\u7b56\u7565\u540d\u79f0\uff1a{{ .Labels.alertgroup }} \\n\n\u544a\u8b66\u7ea7\u522b\uff1a{{ .Labels.severity }} \\n\n\u96c6\u7fa4\uff1a{{ .Labels.cluster }} \\n\n{{if .Labels.namespace }}\u547d\u540d\u7a7a\u95f4\uff1a{{ .Labels.namespace }} \\n{{ end }}\n{{if .Labels.node }}\u8282\u70b9\uff1a{{ .Labels.node }} \\n{{ end }}\n\u8d44\u6e90\u7c7b\u578b\uff1a{{ .Labels.target_type }} \\n\n{{if .Labels.target }}\u8d44\u6e90\u540d\u79f0\uff1a{{ .Labels.target }} \\n{{ end }}\n\u89e6\u53d1\u503c\uff1a{{ .Annotations.value }} \\n\n\u53d1\u751f\u65f6\u95f4\uff1a{{ .StartsAt }} \\n\n{{if ne \"0001-01-01T00:00:00Z\" .EndsAt }}\u7ed3\u675f\u65f6\u95f4\uff1a{{ .EndsAt }} \\n{{ end }}\n\u63cf\u8ff0\uff1a{{ .Annotations.description }} \\n\n
"},{"location":"admin/insight/reference/notify-helper.html#_4","title":"\u90ae\u7bb1\u4e3b\u9898\u53c2\u6570","text":"\u7531\u4e8e Insight \u5728\u53d1\u9001\u544a\u8b66\u6d88\u606f\u65f6\uff0c\u4f1a\u5bf9\u540c\u4e00\u65f6\u95f4\u540c\u4e00\u6761\u89c4\u5219\u4ea7\u751f\u7684\u6d88\u606f\u8fdb\u884c\u5408\u5e76\u53d1\u9001\uff0c \u6240\u4ee5 email \u4e3b\u9898\u4e0d\u540c\u4e8e\u4e0a\u9762\u56db\u79cd\u6a21\u677f\uff0c\u53ea\u4f1a\u4f7f\u7528\u544a\u8b66\u6d88\u606f\u4e2d\u7684 commonLabels \u5185\u5bb9\u5bf9\u6a21\u677f\u8fdb\u884c\u6e32\u67d3\u3002\u9ed8\u8ba4\u6a21\u677f\u5982\u4e0b:
[{{ .status }}] [{{ .severity }}] \u544a\u8b66\uff1a{{ .alertname }}\n
\u5176\u4ed6\u53ef\u4f5c\u4e3a\u90ae\u7bb1\u4e3b\u9898\u7684\u5b57\u6bb5\u5982\u4e0b:
{{ .status }} \u544a\u8b66\u6d88\u606f\u7684\u89e6\u53d1\u72b6\u6001\n{{ .alertgroup }} \u544a\u8b66\u6240\u5c5e\u7684\u7b56\u7565\u540d\u79f0\n{{ .alertname }} \u544a\u8b66\u6240\u5c5e\u7684\u89c4\u5219\u540d\u79f0\n{{ .severity }} \u544a\u8b66\u7ea7\u522b\n{{ .target_type }} \u544a\u8b66\u8d44\u6e90\u7c7b\u578b\n{{ .target }} \u544a\u8b66\u8d44\u6e90\u5bf9\u8c61\n{{ .\u89c4\u5219\u5176\u4ed6\u81ea\u5b9a\u4e49 label key }}\n
"},{"location":"admin/insight/reference/tailing-sidecar.html","title":"\u901a\u8fc7 Sidecar \u91c7\u96c6\u5bb9\u5668\u65e5\u5fd7","text":"Tailing Sidecar \u662f\u4e00\u4e2a\u6d41\u5f0f Sidecar \u5bb9\u5668\uff0c \u662f Kubernetes \u96c6\u7fa4\u7ea7\u7684\u65e5\u5fd7\u4ee3\u7406\u3002Tailing Sidercar \u53ef\u4ee5\u5728\u5bb9\u5668\u65e0\u6cd5\u5199\u5165\u6807\u51c6\u8f93\u51fa\u6216\u6807\u51c6\u9519\u8bef\u6d41\u65f6\uff0c\u65e0\u9700\u66f4\u6539\uff0c\u5373\u53ef\u81ea\u52a8\u6536\u53d6\u548c\u6c47\u603b\u5bb9\u5668\u5185\u65e5\u5fd7\u6587\u4ef6\u3002
Insight \u652f\u6301\u901a\u8fc7 Sidercar \u6a21\u5f0f\u91c7\u96c6\u65e5\u5fd7\uff0c\u5373\u5728\u6bcf\u4e2a Pod \u4e2d\u8fd0\u884c\u4e00\u4e2a Sidecar \u5bb9\u5668\u5c06\u65e5\u5fd7\u6570\u636e\u8f93\u51fa\u5230\u6807\u51c6\u8f93\u51fa\u6d41\uff0c\u4ee5\u4fbf FluentBit \u6536\u96c6\u5bb9\u5668\u65e5\u5fd7\u3002
Insight Agent \u4e2d\u9ed8\u8ba4\u5b89\u88c5\u4e86 tailing-sidecar operator \u3002 \u82e5\u60a8\u60f3\u5f00\u542f\u91c7\u96c6\u5bb9\u5668\u5185\u6587\u4ef6\u65e5\u5fd7\uff0c\u8bf7\u901a\u8fc7\u7ed9 Pod \u6dfb\u52a0\u6ce8\u89e3\u8fdb\u884c\u6807\u8bb0\uff0c tailing-sidecar operator \u5c06\u81ea\u52a8\u6ce8\u5165 Tailing Sidecar \u5bb9\u5668\uff0c \u88ab\u6ce8\u5165\u7684 Sidecar \u5bb9\u5668\u8bfb\u53d6\u4e1a\u52a1\u5bb9\u5668\u5185\u7684\u6587\u4ef6\uff0c\u5e76\u8f93\u51fa\u5230\u6807\u51c6\u8f93\u51fa\u6d41\u3002
\u5177\u4f53\u64cd\u4f5c\u6b65\u9aa4\u5982\u4e0b\uff1a
\u4fee\u6539 Pod \u7684 YAML \u6587\u4ef6\uff0c\u5728 annotation \u5b57\u6bb5\u589e\u52a0\u5982\u4e0b\u53c2\u6570\uff1a
metadata:\n annotations:\n tailing-sidecar: <sidecar-name-0>:<volume-name-0>:<path-to-tail-0>;<sidecar-name-1>:<volume-name-1>:<path-to-tail-1>\n
\u5b57\u6bb5\u8bf4\u660e\uff1a
Note
\u6bcf\u4e2a Pod \u53ef\u8fd0\u884c\u591a\u4e2a Sidecar \u5bb9\u5668\uff0c\u53ef\u4ee5\u901a\u8fc7 ; \u9694\u79bb\uff0c\u5b9e\u73b0\u4e0d\u540c Sidecar \u5bb9\u5668\u91c7\u96c6\u591a\u4e2a\u6587\u4ef6\u5230\u591a\u4e2a\u5b58\u50a8\u5377\u3002
\u91cd\u542f Pod\uff0c\u5f85 Pod \u72b6\u6001\u53d8\u6210 \u8fd0\u884c\u4e2d \u540e\uff0c\u5219\u53ef\u901a\u8fc7 \u65e5\u5fd7\u67e5\u8be2 \u754c\u9762\uff0c\u67e5\u627e\u8be5 Pod \u7684\u5bb9\u5668\u5185\u65e5\u5fd7\u3002
\u672c\u6587\u4e2d\u7684\u6307\u6807\u662f\u57fa\u4e8e\u793e\u533a\u7684 kube-prometheus \u7684\u57fa\u7840\u4e4b\u4e0a\u6574\u7406\u800c\u6210\u3002 \u76ee\u524d\u6db5\u76d6\u4e86 Cluster\u3001Node\u3001Namespace\u3001Workload \u7b49\u591a\u4e2a\u5c42\u9762\u7684\u6307\u6807\u3002 \u672c\u6587\u679a\u4e3e\u4e86\u4e00\u4e9b\u5e38\u7528\u7684\u6307\u6807\u540d\u3001\u4e2d\u6587\u63cf\u8ff0\u548c\u5355\u4f4d\uff0c\u4ee5\u4fbf\u7d22\u5f15\u3002
"},{"location":"admin/insight/reference/used-metric-in-insight.html#cluster","title":"\u96c6\u7fa4\uff08Cluster\uff09","text":"\u6307\u6807\u540d \u4e2d\u6587\u63cf\u8ff0 \u5355\u4f4d cluster_cpu_utilization \u96c6\u7fa4 CPU \u4f7f\u7528\u7387 cluster_cpu_total \u96c6\u7fa4 CPU \u603b\u91cf Core cluster_cpu_usage \u96c6\u7fa4 CPU \u7528\u91cf Core cluster_cpu_requests_commitment \u96c6\u7fa4 CPU \u5206\u914d\u7387 cluster_memory_utilization \u96c6\u7fa4\u5185\u5b58\u4f7f\u7528\u7387 cluster_memory_usage \u96c6\u7fa4\u5185\u5b58\u4f7f\u7528\u91cf Byte cluster_memory_available \u96c6\u7fa4\u53ef\u7528\u5185\u5b58 Byte cluster_memory_requests_commitment \u96c6\u7fa4\u5185\u5b58\u5206\u914d\u7387 cluster_memory_total \u96c6\u7fa4\u5185\u5b58\u53ef\u7528\u91cf Byte cluster_net_utilization \u96c6\u7fa4\u7f51\u7edc\u6570\u636e\u4f20\u8f93\u901f\u7387 Byte/s cluster_net_bytes_transmitted \u96c6\u7fa4\u7f51\u7edc\u6570\u636e\u53d1\u9001 (\u4e0a\u884c) \u901f\u7387 Byte/s cluster_net_bytes_received \u96c6\u7fa4\u7f51\u7edc\u6570\u636e\u63a5\u53d7 (\u4e0b\u884c) \u901f\u7387 Byte/s cluster_disk_read_iops \u96c6\u7fa4\u78c1\u76d8\u6bcf\u79d2\u8bfb\u6b21\u6570 \u6b21/s cluster_disk_write_iops \u96c6\u7fa4\u78c1\u76d8\u6bcf\u79d2\u5199\u6b21\u6570 \u6b21/s cluster_disk_read_throughput \u96c6\u7fa4\u78c1\u76d8\u6bcf\u79d2\u8bfb\u53d6\u6570\u636e\u91cf Byte/s cluster_disk_write_throughput \u96c6\u7fa4\u78c1\u76d8\u6bcf\u79d2\u5199\u5165\u6570\u636e\u91cf Byte/s cluster_disk_size_capacity \u96c6\u7fa4\u78c1\u76d8\u603b\u5bb9\u91cf Byte cluster_disk_size_available \u96c6\u7fa4\u78c1\u76d8\u53ef\u7528\u5927\u5c0f Byte cluster_disk_size_usage \u96c6\u7fa4\u78c1\u76d8\u4f7f\u7528\u91cf Byte cluster_disk_size_utilization \u96c6\u7fa4\u78c1\u76d8\u4f7f\u7528\u7387 cluster_node_total \u96c6\u7fa4\u8282\u70b9\u603b\u6570 \u4e2a cluster_node_online \u96c6\u7fa4\u8282\u70b9\u603b\u6570 \u4e2a cluster_node_offline_count \u96c6\u7fa4\u5931\u8054\u7684\u8282\u70b9\u4e2a\u6570 \u4e2a cluster_pod_count \u96c6\u7fa4 Pod \u603b\u6570 \u4e2a cluster_pod_running_count \u96c6\u7fa4\u6b63\u5e38\u8fd0\u884c Pod \u4e2a\u6570 \u4e2a cluster_pod_abnormal_count \u96c6\u7fa4\u5f02\u5e38\u8fd0\u884c Pod \u4e2a\u6570 \u4e2a cluster_deployment_count \u96c6\u7fa4 Deployment \u603b\u6570 \u4e2a cluster_deployment_normal_count \u96c6\u7fa4\u6b63\u5e38\u7684 Deployment \u603b\u6570 \u4e2a cluster_deployment_abnormal_count \u96c6\u7fa4\u5f02\u5e38\u7684 Deployment \u603b\u6570 \u4e2a cluster_statefulset_count \u96c6\u7fa4 StatefulSet \u4e2a\u6570 \u4e2a cluster_statefulset_normal_count \u96c6\u7fa4\u6b63\u5e38\u8fd0\u884c StatefulSet \u4e2a\u6570 \u4e2a cluster_statefulset_abnormal_count \u96c6\u7fa4\u5f02\u5e38\u8fd0\u884c StatefulSet \u4e2a\u6570 \u4e2a cluster_daemonset_count \u96c6\u7fa4 DaemonSet \u4e2a\u6570 \u4e2a cluster_daemonset_normal_count \u96c6\u7fa4\u6b63\u5e38\u8fd0\u884c DaemonSet \u4e2a\u6570 \u4e2a cluster_daemonset_abnormal_count \u96c6\u7fa4\u5f02\u5e38\u8fd0\u884c DaemonSet \u4e2a\u6570 \u4e2a cluster_job_count \u96c6\u7fa4 Job \u603b\u6570 \u4e2a cluster_job_normal_count \u96c6\u7fa4\u6b63\u5e38\u8fd0\u884c Job \u4e2a\u6570 \u4e2a cluster_job_abnormal_count \u96c6\u7fa4\u5f02\u5e38\u8fd0\u884c Job \u4e2a\u6570 \u4e2aTip
\u4f7f\u7528\u7387\u4e00\u822c\u662f\uff080,1] \u533a\u95f4\u7684\u6570\u5b57\uff08\u4f8b\u5982\uff1a0.21\uff0c\u800c\u4e0d\u662f 21%\uff09
"},{"location":"admin/insight/reference/used-metric-in-insight.html#node","title":"\u8282\u70b9\uff08Node\uff09","text":"\u6307\u6807\u540d \u4e2d\u6587\u63cf\u8ff0 \u5355\u4f4d node_cpu_utilization \u8282\u70b9 CPU \u4f7f\u7528\u7387 node_cpu_total \u8282\u70b9 CPU \u603b\u91cf Core node_cpu_usage \u8282\u70b9 CPU \u7528\u91cf Core node_cpu_requests_commitment \u8282\u70b9 CPU \u5206\u914d\u7387 node_memory_utilization \u8282\u70b9\u5185\u5b58\u4f7f\u7528\u7387 node_memory_usage \u8282\u70b9\u5185\u5b58\u4f7f\u7528\u91cf Byte node_memory_requests_commitment \u8282\u70b9\u5185\u5b58\u5206\u914d\u7387 node_memory_available \u8282\u70b9\u53ef\u7528\u5185\u5b58 Byte node_memory_total \u8282\u70b9\u5185\u5b58\u53ef\u7528\u91cf Byte node_net_utilization \u8282\u70b9\u7f51\u7edc\u6570\u636e\u4f20\u8f93\u901f\u7387 Byte/s node_net_bytes_transmitted \u8282\u70b9\u7f51\u7edc\u6570\u636e\u53d1\u9001 (\u4e0a\u884c) \u901f\u7387 Byte/s node_net_bytes_received \u8282\u70b9\u7f51\u7edc\u6570\u636e\u63a5\u53d7 (\u4e0b\u884c) \u901f\u7387 Byte/s node_disk_read_iops \u8282\u70b9\u78c1\u76d8\u6bcf\u79d2\u8bfb\u6b21\u6570 \u6b21/s node_disk_write_iops \u8282\u70b9\u78c1\u76d8\u6bcf\u79d2\u5199\u6b21\u6570 \u6b21/s node_disk_read_throughput \u8282\u70b9\u78c1\u76d8\u6bcf\u79d2\u8bfb\u53d6\u6570\u636e\u91cf Byte/s node_disk_write_throughput \u8282\u70b9\u78c1\u76d8\u6bcf\u79d2\u5199\u5165\u6570\u636e\u91cf Byte/s node_disk_size_capacity \u8282\u70b9\u78c1\u76d8\u603b\u5bb9\u91cf Byte node_disk_size_available \u8282\u70b9\u78c1\u76d8\u53ef\u7528\u5927\u5c0f Byte node_disk_size_usage \u8282\u70b9\u78c1\u76d8\u4f7f\u7528\u91cf Byte node_disk_size_utilization \u8282\u70b9\u78c1\u76d8\u4f7f\u7528\u7387"},{"location":"admin/insight/reference/used-metric-in-insight.html#workload","title":"\u5de5\u4f5c\u8d1f\u8f7d\uff08Workload\uff09","text":"\u76ee\u524d\u652f\u6301\u7684\u5de5\u4f5c\u8d1f\u8f7d\u7c7b\u578b\u5305\u62ec\uff1aDeployment\u3001StatefulSet\u3001DaemonSet\u3001Job \u548c CronJob\u3002
\u6307\u6807\u540d \u4e2d\u6587\u63cf\u8ff0 \u5355\u4f4d workload_cpu_usage \u5de5\u4f5c\u8d1f\u8f7d CPU \u7528\u91cf Core workload_cpu_limits \u5de5\u4f5c\u8d1f\u8f7d CPU \u9650\u5236\u91cf Core workload_cpu_requests \u5de5\u4f5c\u8d1f\u8f7d CPU \u8bf7\u6c42\u91cf Core workload_cpu_utilization \u5de5\u4f5c\u8d1f\u8f7d CPU \u4f7f\u7528\u7387 workload_memory_usage \u5de5\u4f5c\u8d1f\u8f7d\u5185\u5b58\u4f7f\u7528\u91cf Byte workload_memory_limits \u5de5\u4f5c\u8d1f\u8f7d \u5185\u5b58 \u9650\u5236\u91cf Byte workload_memory_requests \u5de5\u4f5c\u8d1f\u8f7d \u5185\u5b58 \u8bf7\u6c42\u91cf Byte workload_memory_utilization \u5de5\u4f5c\u8d1f\u8f7d\u5185\u5b58\u4f7f\u7528\u7387 workload_memory_usage_cached \u5de5\u4f5c\u8d1f\u8f7d\u5185\u5b58\u4f7f\u7528\u91cf\uff08\u5305\u542b\u7f13\u5b58\uff09 Byte workload_net_bytes_transmitted \u5de5\u4f5c\u8d1f\u8f7d\u7f51\u7edc\u6570\u636e\u53d1\u9001\u901f\u7387 Byte/s workload_net_bytes_received \u5de5\u4f5c\u8d1f\u8f7d\u7f51\u7edc\u6570\u636e\u63a5\u53d7\u901f\u7387 Byte/s workload_disk_read_throughput \u5de5\u4f5c\u8d1f\u8f7d\u78c1\u76d8\u6bcf\u79d2\u8bfb\u53d6\u6570\u636e\u91cf Byte/s workload_disk_write_throughput \u5de5\u4f5c\u8d1f\u8f7d\u78c1\u76d8\u6bcf\u79d2\u5199\u5165\u6570\u636e\u91cf Byte/sworkload_cpu_usage{workload_type=\"deployment\", workload=\"prometheus\"}
\u7684\u65b9\u5f0f\u83b7\u53d6\u6307\u6807workload_pod_utilization
\u8ba1\u7b97\u89c4\u5219\uff1a workload_pod_usage / workload_pod_request
\u901a\u8fc7 pod_cpu_usage{workload_type=\"deployment\", workload=\"prometheus\"}
\u83b7\u53d6\u540d\u4e3a prometheus \u7684 Deployment \u6240\u62e5\u6709\u7684\u6240\u6709 Pod \u7684 CPU \u4f7f\u7528\u7387\u3002
\u53ef\u89c2\u6d4b\u6027\u4f1a\u9ed8\u8ba4\u6301\u4e45\u5316\u4fdd\u5b58\u6307\u6807\u3001\u65e5\u5fd7\u3001\u94fe\u8def\u7684\u6570\u636e\uff0c\u60a8\u53ef\u53c2\u9605\u672c\u6587\u4fee\u6539\u7cfb\u7edf\u914d\u7f6e\u3002\u8be5\u6587\u6863\u4ec5\u9002\u7528\u4e8e\u5185\u7f6e\u90e8\u7f72\u7684 Elasticsearch\uff0c\u82e5\u4f7f\u7528\u5916\u90e8 Elasticsearch \u53ef\u81ea\u884c\u8c03\u6574\u3002
"},{"location":"admin/insight/system-config/modify-config.html#_2","title":"\u5982\u4f55\u4fee\u6539\u6307\u6807\u6570\u636e\u4fdd\u7559\u671f\u9650","text":"\u5148 ssh \u767b\u5f55\u5230\u5bf9\u5e94\u7684\u8282\u70b9\uff0c\u53c2\u8003\u4ee5\u4e0b\u6b65\u9aa4\u4fee\u6539\u6307\u6807\u6570\u636e\u4fdd\u7559\u671f\u9650\u3002
\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a
kubectl edit vmcluster insight-victoria-metrics-k8s-stack -n insight-system\n
\u5728 Yaml \u6587\u4ef6\u4e2d\uff0c retentionPeriod \u7684\u9ed8\u8ba4\u503c\u4e3a 14 \uff0c\u5355\u4f4d\u4e3a \u5929 \u3002\u60a8\u53ef\u6839\u636e\u9700\u6c42\u4fee\u6539\u53c2\u6570\u3002
apiVersion: operator.victoriametrics.com/v1beta1\nkind: VMCluster\nmetadata:\n annotations:\n meta.helm.sh/release-name: insight\n meta.helm.sh/release-namespace: insight-system\n creationTimestamp: \"2022-08-25T04:31:02Z\"\n finalizers:\n - apps.victoriametrics.com/finalizer\n generation: 2\n labels:\n app.kubernetes.io/instance: insight\n app.kubernetes.io/managed-by: Helm\n app.kubernetes.io/name: victoria-metrics-k8s-stack\n app.kubernetes.io/version: 1.77.2\n helm.sh/chart: victoria-metrics-k8s-stack-0.9.3\n name: insight-victoria-metrics-k8s-stack\n namespace: insight-system\n resourceVersion: \"123007381\"\n uid: 55cee8d6-c651-404b-b2c9-50603b405b54\nspec:\n replicationFactor: 1\n retentionPeriod: \"14\"\n vminsert:\n extraArgs:\n maxLabelsPerTimeseries: \"45\"\n image:\n repository: docker.m.daocloud.io/victoriametrics/vminsert\n tag: v1.80.0-cluster\n replicaCount: 1\n
\u4fdd\u5b58\u4fee\u6539\u540e\uff0c\u8d1f\u8d23\u5b58\u50a8\u6307\u6807\u7684\u7ec4\u4ef6\u7684\u5bb9\u5668\u7ec4\u4f1a\u81ea\u52a8\u91cd\u542f\uff0c\u7a0d\u7b49\u7247\u523b\u5373\u53ef\u3002
\u5148 ssh \u767b\u5f55\u5230\u5bf9\u5e94\u7684\u8282\u70b9\uff0c\u53c2\u8003\u4ee5\u4e0b\u6b65\u9aa4\u4fee\u6539\u65e5\u5fd7\u6570\u636e\u4fdd\u7559\u671f\u9650\uff1a
"},{"location":"admin/insight/system-config/modify-config.html#json","title":"\u65b9\u6cd5\u4e00\uff1a\u4fee\u6539 Json \u6587\u4ef6","text":"\u4fee\u6539\u4ee5\u4e0b\u6587\u4ef6\u4e2d rollover \u5b57\u6bb5\u4e2d\u7684 max_age \u53c2\u6570\uff0c\u5e76\u8bbe\u7f6e\u4fdd\u7559\u671f\u9650\uff0c\u9ed8\u8ba4\u5b58\u50a8\u65f6\u957f\u4e3a 7d \u3002\u6ce8\u610f\u9700\u8981\u4fee\u6539\u7b2c\u4e00\u884c\u4e2d\u7684 Elastic \u7528\u6237\u540d\u548c\u5bc6\u7801\u3001IP \u5730\u5740\u548c\u7d22\u5f15\u3002
curl --insecure --location -u\"elastic:amyVt4o826e322TUVi13Ezw6\" -X PUT \"https://172.30.47.112:30468/_ilm/policy/insight-es-k8s-logs-policy?pretty\" -H 'Content-Type: application/json' -d'\n{\n \"policy\": {\n \"phases\": {\n \"hot\": {\n \"min_age\": \"0ms\",\n \"actions\": {\n \"set_priority\": {\n \"priority\": 100\n },\n \"rollover\": {\n \"max_age\": \"8d\",\n \"max_size\": \"10gb\"\n }\n }\n },\n \"warm\": {\n \"min_age\": \"10d\",\n \"actions\": {\n \"forcemerge\": {\n \"max_num_segments\": 1\n }\n }\n },\n \"delete\": {\n \"min_age\": \"30d\",\n \"actions\": {\n \"delete\": {}\n }\n }\n }\n }\n}'\n
\u4fee\u6539\u5b8c\u540e\uff0c\u6267\u884c\u4ee5\u4e0a\u547d\u4ee4\u3002\u5b83\u4f1a\u6253\u5370\u51fa\u5982\u4e0b\u6240\u793a\u5185\u5bb9\uff0c\u5219\u4fee\u6539\u6210\u529f\u3002
{\n\"acknowledged\" : true\n}\n
\u767b\u5f55 kibana \uff0c\u9009\u62e9\u5de6\u4fa7\u5bfc\u822a\u680f Stack Management \u3002
\u9009\u62e9\u5de6\u4fa7\u5bfc\u822a Index Lifecycle Polices \uff0c\u5e76\u627e\u5230\u7d22\u5f15 insight-es-k8s-logs-policy \uff0c\u70b9\u51fb\u8fdb\u5165\u8be6\u60c5\u3002
\u5c55\u5f00 Hot phase \u914d\u7f6e\u9762\u677f\uff0c\u4fee\u6539 Maximum age \u53c2\u6570\uff0c\u5e76\u8bbe\u7f6e\u4fdd\u7559\u671f\u9650\uff0c\u9ed8\u8ba4\u5b58\u50a8\u65f6\u957f\u4e3a 7d \u3002
\u4fee\u6539\u5b8c\u540e\uff0c\u70b9\u51fb\u9875\u9762\u5e95\u90e8\u7684 Save policy \u5373\u4fee\u6539\u6210\u529f\u3002
\u5148 ssh \u767b\u5f55\u5230\u5bf9\u5e94\u7684\u8282\u70b9\uff0c\u53c2\u8003\u4ee5\u4e0b\u6b65\u9aa4\u4fee\u6539\u94fe\u8def\u6570\u636e\u4fdd\u7559\u671f\u9650\uff1a
"},{"location":"admin/insight/system-config/modify-config.html#json_1","title":"\u65b9\u6cd5\u4e00\uff1a\u4fee\u6539 Json \u6587\u4ef6","text":"\u4fee\u6539\u4ee5\u4e0b\u6587\u4ef6\u4e2d rollover \u5b57\u6bb5\u4e2d\u7684 max_age \u53c2\u6570\uff0c\u5e76\u8bbe\u7f6e\u4fdd\u7559\u671f\u9650\uff0c\u9ed8\u8ba4\u5b58\u50a8\u65f6\u957f\u4e3a 7d \u3002\u6ce8\u610f\u9700\u8981\u4fee\u6539\u7b2c\u4e00\u884c\u4e2d\u7684 Elastic \u7528\u6237\u540d\u548c\u5bc6\u7801\u3001IP \u5730\u5740\u548c\u7d22\u5f15\u3002
curl --insecure --location -u\"elastic:amyVt4o826e322TUVi13Ezw6\" -X PUT \"https://172.30.47.112:30468/_ilm/policy/jaeger-ilm-policy?pretty\" -H 'Content-Type: application/json' -d'\n{\n \"policy\": {\n \"phases\": {\n \"hot\": {\n \"min_age\": \"0ms\",\n \"actions\": {\n \"set_priority\": {\n \"priority\": 100\n },\n \"rollover\": {\n \"max_age\": \"6d\",\n \"max_size\": \"10gb\"\n }\n }\n },\n \"warm\": {\n \"min_age\": \"10d\",\n \"actions\": {\n \"forcemerge\": {\n \"max_num_segments\": 1\n }\n }\n },\n \"delete\": {\n \"min_age\": \"30d\",\n \"actions\": {\n \"delete\": {}\n }\n }\n }\n }\n}'\n
\u4fee\u6539\u5b8c\u540e\uff0c\u5728\u63a7\u5236\u53f0\u6267\u884c\u4ee5\u4e0a\u547d\u4ee4\u3002\u5b83\u4f1a\u6253\u5370\u51fa\u5982\u4e0b\u6240\u793a\u5185\u5bb9\uff0c\u5219\u4fee\u6539\u6210\u529f\u3002
{\n\"acknowledged\" : true\n}\n
\u767b\u5f55 kibana \uff0c\u9009\u62e9\u5de6\u4fa7\u5bfc\u822a\u680f Stack Management \u3002
\u9009\u62e9\u5de6\u4fa7\u5bfc\u822a Index Lifecycle Polices \uff0c\u5e76\u627e\u5230\u7d22\u5f15 jaeger-ilm-policy \uff0c\u70b9\u51fb\u8fdb\u5165\u8be6\u60c5\u3002
\u5c55\u5f00 Hot phase \u914d\u7f6e\u9762\u677f\uff0c\u4fee\u6539 Maximum age \u53c2\u6570\uff0c\u5e76\u8bbe\u7f6e\u4fdd\u7559\u671f\u9650\uff0c\u9ed8\u8ba4\u5b58\u50a8\u65f6\u957f\u4e3a 7d \u3002
\u4fee\u6539\u5b8c\u540e\uff0c\u70b9\u51fb\u9875\u9762\u5e95\u90e8\u7684 Save policy \u5373\u4fee\u6539\u6210\u529f\u3002
\u5728\u7cfb\u7edf\u7ec4\u4ef6\u9875\u9762\u53ef\u5feb\u901f\u7684\u67e5\u770b\u53ef\u89c2\u6d4b\u6027\u6a21\u5757\u4e2d\u7cfb\u7edf\u7ec4\u4ef6\u7684\u8fd0\u884c\u72b6\u6001\uff0c\u5f53\u7cfb\u7528\u7ec4\u4ef6\u53d1\u751f\u6545\u969c\u65f6\uff0c\u4f1a\u5bfc\u81f4\u53ef\u89c2\u6d4b\u6a21\u5757\u4e2d\u7684\u90e8\u5206\u529f\u80fd\u4e0d\u53ef\u7528\u3002
\u5728\u5de6\u8fb9\u5bfc\u822a\u680f\u9009\u62e9 \u7cfb\u7edf\u7ba1\u7406 -> \u7cfb\u7edf\u7ec4\u4ef6 \u3002
Note
\u82e5\u4f7f\u7528\u5916\u90e8 Elasticsearch \u53ef\u80fd\u65e0\u6cd5\u83b7\u53d6\u90e8\u5206\u6570\u636e\u4ee5\u81f4\u4e8e Elasticsearch \u7684\u4fe1\u606f\u4e3a\u7a7a\u3002
"},{"location":"admin/insight/system-config/system-config.html","title":"\u7cfb\u7edf\u914d\u7f6e","text":"\u7cfb\u7edf\u914d\u7f6e \u5c55\u793a\u6307\u6807\u3001\u65e5\u5fd7\u3001\u94fe\u8def\u9ed8\u8ba4\u7684\u4fdd\u5b58\u65f6\u957f\u4ee5\u53ca\u9ed8\u8ba4\u7684 Apdex \u9608\u503c\u3002
\u70b9\u51fb\u53f3\u4fa7\u5bfc\u822a\u680f\uff0c\u9009\u62e9 \u7cfb\u7edf\u914d\u7f6e\u3002
\u4fee\u6539\u5386\u53f2\u544a\u8b66\u5b58\u50a8\u65f6\u957f\uff0c\u70b9\u51fb \u7f16\u8f91 \u8f93\u5165\u76ee\u6807\u65f6\u957f\u3002
\u5f53\u5b58\u50a8\u65f6\u957f\u8bbe\u7f6e\u4e3a \"0\" \u5c06\u4e0d\u6e05\u9664\u5386\u53f2\u544a\u8b66\u3002
\u4fee\u6539\u62d3\u6251\u56fe\u6e32\u67d3\u9ed8\u8ba4\u914d\u7f6e\uff0c\u70b9\u51fb \u7f16\u8f91 \u6839\u636e\u9700\u6c42\u5b9a\u4e49\u7cfb\u7edf\u4e2d\u62d3\u6251\u56fe\u9608\u503c\u3002
\u9608\u503c\u8bbe\u7f6e\u5fc5\u987b\u5927\u4e8e 0\uff0c\u524d\u9762\u586b\u5199\u7684\u9608\u503c\u5fc5\u987b\u5c0f\u4e8e\u540e\u9762\u586b\u5199\u7684\u3002\u4e14\u586b\u5199\u7684\u9608\u503c\u5fc5\u987b\u5728\u6700\u5927\u548c\u6700\u5c0f\u7684\u8303\u56f4\u4e4b\u95f4\u3002
Note
\u4fee\u6539\u5176\u4ed6\u914d\u7f6e\uff0c\u8bf7\u70b9\u51fb\u67e5\u770b\u5982\u4f55\u4fee\u6539\u7cfb\u7edf\u914d\u7f6e\uff1f
"},{"location":"admin/insight/trace/service.html","title":"\u670d\u52a1\u76d1\u63a7","text":"\u5728 \u53ef\u89c2\u6d4b\u6027 Insight \u4e2d\u670d\u52a1\u662f\u6307\u4f7f\u7528 Opentelemtry SDK \u63a5\u5165\u94fe\u8def\u6570\u636e\uff0c\u670d\u52a1\u76d1\u63a7\u80fd\u591f\u8f85\u52a9\u8fd0\u7ef4\u8fc7\u7a0b\u4e2d\u89c2\u5bdf\u5e94\u7528\u7a0b\u5e8f\u7684\u6027\u80fd\u548c\u72b6\u6001\u3002
\u5982\u4f55\u4f7f\u7528 OpenTelemetry \u8bf7\u53c2\u8003\u4f7f\u7528 OTel \u8d4b\u4e88\u5e94\u7528\u53ef\u89c2\u6d4b\u6027\u3002
"},{"location":"admin/insight/trace/service.html#_2","title":"\u540d\u8bcd\u89e3\u91ca","text":"\u670d\u52a1\u5217\u8868\u9875\u9762\u5c55\u793a\u4e86\u96c6\u7fa4\u4e2d\u6240\u6709\u5df2\u63a5\u5165\u94fe\u8def\u6570\u636e\u7684\u670d\u52a1\u7684\u541e\u5410\u7387\u3001\u9519\u8bef\u7387\u3001\u8bf7\u6c42\u5ef6\u65f6\u7b49\u5173\u952e\u6307\u6807\u3002 \u60a8\u53ef\u4ee5\u6839\u636e\u96c6\u7fa4\u3001\u547d\u540d\u7a7a\u95f4\u5bf9\u670d\u52a1\u8fdb\u884c\u8fc7\u6ee4\uff0c\u4e5f\u53ef\u4ee5\u6309\u7167\u541e\u5410\u7387\u3001\u9519\u8bef\u7387\u3001\u8bf7\u6c42\u5ef6\u65f6\u5bf9\u8be5\u5217\u8868\u8fdb\u884c\u6392\u5e8f\u3002\u5217\u8868\u4e2d\u7684\u6307\u6807\u6570\u636e\u9ed8\u8ba4\u65f6\u95f4\u4e3a 1 \u5c0f\u65f6\uff0c\u60a8\u53ef\u4ee5\u81ea\u5b9a\u4e49\u65f6\u95f4\u8303\u56f4\u3002
\u8bf7\u6309\u7167\u4ee5\u4e0b\u6b65\u9aa4\u67e5\u770b\u670d\u52a1\u76d1\u63a7\u6307\u6807\uff1a
\u8fdb\u5165 \u53ef\u89c2\u6d4b\u6027 \u4ea7\u54c1\u6a21\u5757\u3002
\u5728\u5de6\u8fb9\u5bfc\u822a\u680f\u9009\u62e9 \u94fe\u8def\u8ffd\u8e2a -> \u670d\u52a1 \u3002
Attention
\u70b9\u51fb\u670d\u52a1\u540d (\u4ee5 insight-server \u4e3a\u4f8b)\uff0c\u70b9\u51fb\u8fdb\u5165\u670d\u52a1\u8be6\u60c5\u9875\uff0c\u67e5\u770b\u670d\u52a1\u7684\u8be6\u7ec6\u6307\u6807\u548c\u8be5\u670d\u52a1\u7684\u64cd\u4f5c\u6307\u6807\u3002
\u70b9\u51fb Tab \u5207\u6362\u5230 \u64cd\u4f5c\u6307\u6807 \uff0c\u53ef\u67e5\u8be2\u591a\u9009\u670d\u52a1\u76f8\u540c\u64cd\u4f5c\u7684\u805a\u5408\u8d77\u6765\u7684\u6d41\u91cf\u6307\u6807\u3002
\u670d\u52a1\u62d3\u6251\u56fe\u662f\u5bf9\u670d\u52a1\u4e4b\u95f4\u8fde\u63a5\u3001\u901a\u4fe1\u548c\u4f9d\u8d56\u5173\u7cfb\u7684\u53ef\u89c6\u5316\u8868\u793a\u3002\u901a\u8fc7\u53ef\u89c6\u5316\u62d3\u6251\u4e86\u89e3\u670d\u52a1\u95f4\u7684\u8c03\u7528\u5173\u7cfb\uff0c \u67e5\u770b\u670d\u52a1\u5728\u6307\u5b9a\u65f6\u95f4\u5185\u7684\u8c03\u7528\u53ca\u5176\u6027\u80fd\u72b6\u51b5\u3002\u62d3\u6251\u56fe\u7684\u8282\u70b9\u4e4b\u95f4\u7684\u8054\u7cfb\u4ee3\u8868\u4e24\u4e2a\u670d\u52a1\u5728\u67e5\u8be2\u65f6\u95f4\u8303\u56f4\u5185\u670d\u52a1\u4e4b\u95f4\u7684\u5b58\u5728\u8c03\u7528\u5173\u7cfb\u3002
"},{"location":"admin/insight/trace/topology.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u5728\u62d3\u6251\u56fe\u4e2d\uff0c\u60a8\u53ef\u6309\u9700\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\uff1a
\u70b9\u51fb\u53f3\u4e0b\u89d2 \u56fe\u4f8b \uff0c\u53ef\u901a\u8fc7 \u4e34\u65f6\u914d\u7f6e \u4fee\u6539\u5f53\u524d\u7684\u62d3\u6251\u56fe\u5b9a\u4e49\u7684\u6e32\u67d3\u9608\u503c\uff0c\u8df3\u51fa\u6216\u5173\u95ed\u8be5\u9875\u9762\u5373\u4f1a\u4e22\u5931\u8be5\u914d\u7f6e\u3002
\u9608\u503c\u8bbe\u7f6e\u5fc5\u987b\u5927\u4e8e 0\uff0c\u524d\u9762\u586b\u5199\u7684\u9608\u503c\u5fc5\u987b\u5c0f\u4e8e\u540e\u9762\u586b\u5199\u7684\u3002\u4e14\u586b\u5199\u7684\u9608\u503c\u5fc5\u987b\u5728\u6700\u5927\u548c\u6700\u5c0f\u7684\u8303\u56f4\u4e4b\u95f4\u3002
\u5728\u670d\u52a1\u62d3\u6251\u4e2d\u4f1a\u5b58\u5728\u6e38\u79bb\u5728\u96c6\u7fa4\u4e4b\u5916\u7684\u8282\u70b9\uff0c\u8fd9\u4e9b\u6e38\u79bb\u5728\u5916\u7684\u8282\u70b9\u53ef\u5206\u6210\u4e09\u7c7b\uff1a
\u865a\u62df\u8282\u70b9
\u82e5\u670d\u52a1\u53d1\u8d77\u8bf7\u6c42\u5230\u6570\u636e\u5e93
\u6216\u6d88\u606f\u961f\u5217
\u65f6\uff0c\u62d3\u6251\u56fe\u4e2d\u4f1a\u9ed8\u8ba4\u5c55\u793a\u8fd9\u4e24\u7c7b\u8282\u70b9\u3002 \u800c\u865a\u62df\u670d\u52a1
\u8868\u793a\u96c6\u7fa4\u5185\u670d\u52a1\u8bf7\u6c42\u4e86\u96c6\u7fa4\u5916\u7684\u8282\u70b9\u6216\u8005\u672a\u63a5\u5165\u94fe\u8def\u7684\u670d\u52a1\uff0c\u62d3\u6251\u56fe\u4e2d\u9ed8\u8ba4\u4e0d\u4f1a\u5c55\u793a \u865a\u62df\u670d\u52a1
\u3002
\u5f53\u670d\u52a1\u8bf7\u6c42\u5230 MySQL\u3001PostgreSQL\u3001Oracle Database \u8fd9\u4e09\u79cd\u6570\u636e\u5e93\u65f6\uff0c\u5728\u62d3\u6251\u56fe\u4e2d\u53ef\u4ee5\u770b\u5230\u8bf7\u6c42\u7684\u8be6\u7ec6\u6570\u636e\u5e93\u7c7b\u578b\u3002
\u66f4\u65b0 insight-server chart \u7684 values\uff0c\u627e\u5230\u4e0b\u56fe\u6240\u793a\u53c2\u6570\uff0c\u5c06 false
\u6539\u4e3a true
\u3002
\u5728\u670d\u52a1\u62d3\u6251\u7684\u663e\u793a\u8bbe\u7f6e\u4e2d\u52fe\u9009 \u865a\u62df\u670d\u52a1 \u3002
\u5728\u94fe\u8def\u67e5\u8be2\u9875\u9762\uff0c\u60a8\u53ef\u4ee5\u8fc7 TraceID \u6216\u7cbe\u786e\u67e5\u8be2\u8c03\u7528\u94fe\u8def\u8be6\u7ec6\u60c5\u51b5\u6216\u7ed3\u5408\u591a\u79cd\u6761\u4ef6\u7b5b\u9009\u67e5\u8be2\u8c03\u7528\u94fe\u8def\u3002
"},{"location":"admin/insight/trace/trace.html#_2","title":"\u540d\u8bcd\u89e3\u91ca","text":"\u8bf7\u6309\u7167\u4ee5\u4e0b\u6b65\u9aa4\u67e5\u8be2\u94fe\u8def\uff1a
\u5728\u5de6\u8fb9\u5bfc\u822a\u680f\u9009\u62e9 \u94fe\u8def\u8ffd\u8e2a -> \u8c03\u7528\u94fe\u3002
Note
\u5217\u8868\u4e2d\u652f\u6301\u5bf9 Span \u6570\u3001\u5ef6\u65f6\u3001\u53d1\u751f\u65f6\u95f4\u8fdb\u884c\u6392\u5e8f\u3002
\u70b9\u51fb\u7b5b\u9009\u680f\u4e2d\u7684 TraceID \u641c\u7d22 \u5207\u6362\u4f7f\u7528 TraceID \u641c\u7d22\u94fe\u8def\u3002
\u4f7f\u7528 TraceID \u641c\u7d22\u8bf7\u8f93\u5165\u5b8c\u6574\u7684 TraceID\u3002
\u70b9\u51fb\u94fe\u8def\u5217\u8868\u4e2d\u7684\u67d0\u4e00\u94fe\u8def\u7684 TraceID\uff0c\u53ef\u67e5\u770b\u8be5\u94fe\u8def\u7684\u8be6\u60c5\u8c03\u7528\u60c5\u51b5\u3002
\u70b9\u51fb\u94fe\u8def\u6570\u636e\u53f3\u4fa7\u7684\u56fe\u6807\uff0c\u53ef\u67e5\u8be2\u8be5\u94fe\u8def\u7684\u5173\u8054\u65e5\u5fd7\u3002
\u70b9\u51fb \u67e5\u770b\u66f4\u591a \u540e\u53ef\u5e26\u6761\u4ef6\u8df3\u8f6c\u5230 \u65e5\u5fd7\u67e5\u8be2 \u7684\u9875\u9762\u3002
\u9ed8\u8ba4\u641c\u7d22\u5168\u90e8\u65e5\u5fd7\uff0c\u4f46\u53ef\u4e0b\u62c9\u6839\u636e\u94fe\u8def\u7684 TraceID \u6216\u94fe\u8def\u8c03\u7528\u8fc7\u7a0b\u4e2d\u76f8\u5173\u7684\u5bb9\u5668\u65e5\u5fd7\u8fdb\u884c\u8fc7\u6ee4\u3002
Note
\u7531\u4e8e\u94fe\u8def\u4f1a\u8de8\u96c6\u7fa4\u6216\u8de8\u547d\u540d\u7a7a\u95f4\uff0c\u82e5\u7528\u6237\u6743\u9650\u4e0d\u8db3\uff0c\u5219\u65e0\u6cd5\u67e5\u8be2\u8be5\u94fe\u8def\u7684\u5173\u8054\u65e5\u5fd7\u3002
\u5982\u679c\u8282\u70b9\u4e0d\u591f\u7528\u4e86\uff0c\u53ef\u4ee5\u6dfb\u52a0\u66f4\u591a\u8282\u70b9\u5230\u96c6\u7fa4\u4e2d\u3002
"},{"location":"admin/k8s/add-node.html#_2","title":"\u524d\u7f6e\u6761\u4ef6","text":"\u5bfc\u822a\u81f3 \u5bb9\u5668\u7ba1\u7406 -> \u96c6\u7fa4\u5217\u8868 \uff0c\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0
\u8fdb\u5165\u96c6\u7fa4\u6982\u89c8\u9875\uff0c\u70b9\u51fb \u8282\u70b9\u7ba1\u7406 \uff0c\u70b9\u51fb\u53f3\u4fa7\u7684 \u63a5\u5165\u8282\u70b9 \u6309\u94ae
\u6309\u7167\u5411\u5bfc\uff0c\u586b\u5199\u5404\u9879\u53c2\u6570\u540e\u70b9\u51fb \u786e\u5b9a
\u57fa\u672c\u4fe1\u606f\u53c2\u6570\u914d\u7f6e\u5728\u5f39\u7a97\u4e2d\u70b9\u51fb \u786e\u5b9a
\u8fd4\u56de\u8282\u70b9\u5217\u8868\uff0c\u65b0\u63a5\u5165\u7684\u8282\u70b9\u72b6\u6001\u4e3a \u63a5\u5165\u4e2d \uff0c\u7b49\u5f85\u51e0\u5206\u949f\u540e\u72b6\u6001\u53d8\u4e3a \u5065\u5eb7 \u5219\u8868\u793a\u63a5\u5165\u6210\u529f\u3002
Tip
\u5bf9\u4e8e\u521a\u63a5\u5165\u6210\u529f\u7684\u8282\u70b9\uff0c\u53ef\u80fd\u8fd8\u8981\u7b49 2-3 \u5206\u949f\u624d\u80fd\u8bc6\u522b\u51fa GPU\u3002
"},{"location":"admin/k8s/create-k8s.html","title":"\u521b\u5efa\u4e91\u4e0a Kubernetes \u96c6\u7fa4","text":"\u90e8\u7f72 Kubernetes \u96c6\u7fa4\u662f\u4e3a\u4e86\u652f\u6301\u9ad8\u6548\u7684 AI \u7b97\u529b\u8c03\u5ea6\u548c\u7ba1\u7406\uff0c\u5b9e\u73b0\u5f39\u6027\u4f38\u7f29\uff0c\u63d0\u4f9b\u9ad8\u53ef\u7528\u6027\uff0c\u4ece\u800c\u4f18\u5316\u6a21\u578b\u8bad\u7ec3\u548c\u63a8\u7406\u8fc7\u7a0b\u3002
"},{"location":"admin/k8s/create-k8s.html#_1","title":"\u524d\u7f6e\u6761\u4ef6","text":"\u521b\u5efa\u5e76\u542f\u52a8 3 \u53f0\u4e0d\u5e26 GPU \u7684\u4e91\u4e3b\u673a\u7528\u4f5c\u96c6\u7fa4\u7684 Master \u8282\u70b9
\u5bfc\u822a\u81f3 \u5bb9\u5668\u7ba1\u7406 -> \u96c6\u7fa4\u5217\u8868 \uff0c\u70b9\u51fb\u53f3\u4fa7\u7684 \u521b\u5efa\u96c6\u7fa4 \u6309\u94ae
\u6309\u7167\u5411\u5bfc\uff0c\u914d\u7f6e\u96c6\u7fa4\u7684\u5404\u9879\u53c2\u6570
\u57fa\u672c\u4fe1\u606f\u8282\u70b9\u914d\u7f6e\u7f51\u7edc\u914d\u7f6eAddon \u914d\u7f6e\u9ad8\u7ea7\u914d\u7f6e\u914d\u7f6e\u5b8c\u8282\u70b9\u4fe1\u606f\u540e\uff0c\u70b9\u51fb \u5f00\u59cb\u68c0\u67e5 \uff0c
\u6bcf\u4e2a\u8282\u70b9\u9ed8\u8ba4\u53ef\u8fd0\u884c 110 \u4e2a Pod\uff08\u5bb9\u5668\u7ec4\uff09\uff0c\u5982\u679c\u8282\u70b9\u914d\u7f6e\u6bd4\u8f83\u9ad8\uff0c\u53ef\u4ee5\u8c03\u6574\u5230 200 \u6216 300 \u4e2a Pod\u3002
\u7b49\u5f85\u96c6\u7fa4\u521b\u5efa\u5b8c\u6210\u3002
\u5728\u96c6\u7fa4\u5217\u8868\u4e2d\uff0c\u627e\u5230\u521a\u521b\u5efa\u7684\u96c6\u7fa4\uff0c\u70b9\u51fb\u96c6\u7fa4\u540d\u79f0\uff0c\u5bfc\u822a\u5230 Helm \u5e94\u7528 -> Helm \u6a21\u677f \uff0c\u5728\u641c\u7d22\u6846\u5185\u641c\u7d22 metax-gpu-extensions\uff0c\u70b9\u51fb\u5361\u7247
\u70b9\u51fb\u53f3\u4fa7\u7684 \u5b89\u88c5 \u6309\u94ae\uff0c\u5f00\u59cb\u5b89\u88c5 GPU \u63d2\u4ef6
\u5e94\u7528\u8bbe\u7f6eKubernetes \u7f16\u6392\u786e\u8ba4\u8f93\u5165\u540d\u79f0\uff0c\u9009\u62e9\u547d\u540d\u7a7a\u95f4\uff0c\u5728 YAMl \u4e2d\u4fee\u6539\u955c\u50cf\u5730\u5740\uff1a
\u81ea\u52a8\u8fd4\u56de Helm \u5e94\u7528\u5217\u8868\uff0c\u7b49\u5f85 metax-gpu-extensions \u72b6\u6001\u53d8\u4e3a \u5df2\u90e8\u7f72
\u5230\u6b64\u96c6\u7fa4\u521b\u5efa\u6210\u529f\uff0c\u53ef\u4ee5\u53bb\u67e5\u770b\u96c6\u7fa4\u6240\u5305\u542b\u7684\u8282\u70b9\u3002\u4f60\u53ef\u4ee5\u53bb\u521b\u5efa AI \u5de5\u4f5c\u8d1f\u8f7d\u5e76\u4f7f\u7528 GPU \u4e86\u3002
\u4e0b\u4e00\u6b65\uff1a\u521b\u5efa AI \u5de5\u4f5c\u8d1f\u8f7d
"},{"location":"admin/k8s/remove-node.html","title":"\u79fb\u9664 GPU \u5de5\u4f5c\u8282\u70b9","text":"GPU \u8d44\u6e90\u7684\u6210\u672c\u76f8\u5bf9\u8f83\u9ad8\uff0c\u5982\u679c\u6682\u65f6\u7528\u4e0d\u5230 GPU\uff0c\u53ef\u4ee5\u5c06\u5e26 GPU \u7684\u5de5\u4f5c\u8282\u70b9\u79fb\u9664\u3002 \u4ee5\u4e0b\u6b65\u9aa4\u4e5f\u540c\u6837\u9002\u7528\u4e8e\u79fb\u9664\u666e\u901a\u5de5\u4f5c\u8282\u70b9\u3002
"},{"location":"admin/k8s/remove-node.html#_1","title":"\u524d\u7f6e\u6761\u4ef6","text":"\u5bfc\u822a\u81f3 \u5bb9\u5668\u7ba1\u7406 -> \u96c6\u7fa4\u5217\u8868 \uff0c\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0
\u8fdb\u5165\u96c6\u7fa4\u6982\u89c8\u9875\uff0c\u70b9\u51fb \u8282\u70b9\u7ba1\u7406 \uff0c\u627e\u5230\u8981\u79fb\u9664\u7684\u8282\u70b9\uff0c\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507 \uff0c\u5728\u5f39\u51fa\u83dc\u5355\u4e2d\u9009\u62e9 \u79fb\u9664\u8282\u70b9
\u5728\u5f39\u6846\u4e2d\u8f93\u5165\u8282\u70b9\u540d\u79f0\uff0c\u786e\u8ba4\u65e0\u8bef\u540e\u70b9\u51fb \u5220\u9664
\u81ea\u52a8\u8fd4\u56de\u8282\u70b9\u5217\u8868\uff0c\u72b6\u6001\u4e3a \u79fb\u9664\u4e2d \uff0c\u51e0\u5206\u949f\u540e\u5237\u65b0\u9875\u9762\uff0c\u8282\u70b9\u4e0d\u5728\u4e86\uff0c\u8bf4\u660e\u8282\u70b9\u88ab\u6210\u529f\u79fb\u9664
\u4ece UI \u5217\u8868\u79fb\u9664\u8282\u70b9\u540e\uff0c\u901a\u8fc7 SSH \u767b\u5f55\u5230\u5df2\u79fb\u9664\u7684\u8282\u70b9\u4e3b\u673a\uff0c\u6267\u884c\u5173\u673a\u547d\u4ee4\u3002
Tip
\u5728 UI \u4e0a\u79fb\u9664\u8282\u70b9\u5e76\u5c06\u5176\u5173\u673a\u540e\uff0c\u8282\u70b9\u4e0a\u7684\u6570\u636e\u5e76\u672a\u88ab\u7acb\u5373\u5220\u9664\uff0c\u8282\u70b9\u6570\u636e\u4f1a\u88ab\u4fdd\u7559\u4e00\u6bb5\u65f6\u95f4\u3002
"},{"location":"admin/kpanda/backup/index.html","title":"\u5907\u4efd\u6062\u590d","text":"\u5907\u4efd\u6062\u590d\u5206\u4e3a\u5907\u4efd\u548c\u6062\u590d\u4e24\u65b9\u9762\uff0c\u5b9e\u9645\u5e94\u7528\u65f6\u9700\u8981\u5148\u5907\u4efd\u7cfb\u7edf\u5728\u67d0\u4e00\u65f6\u70b9\u7684\u6570\u636e\uff0c\u7136\u540e\u5b89\u5168\u5b58\u50a8\u5730\u5907\u4efd\u6570\u636e\u3002\u540e\u7eed\u5982\u679c\u51fa\u73b0\u6570\u636e\u635f\u574f\u3001\u4e22\u5931\u3001\u8bef\u5220\u7b49\u4e8b\u6545\uff0c\u5c31\u53ef\u4ee5\u57fa\u4e8e\u4e4b\u524d\u7684\u6570\u636e\u5907\u4efd\u5feb\u901f\u8fd8\u539f\u7cfb\u7edf\uff0c\u7f29\u77ed\u6545\u969c\u65f6\u95f4\uff0c\u51cf\u5c11\u635f\u5931\u3002
\u56e0\u6b64\uff0c\u5907\u4efd\u6062\u590d\u975e\u5e38\u91cd\u8981\uff0c\u53ef\u4ee5\u89c6\u4e4b\u4e3a\u7ef4\u62a4\u7cfb\u7edf\u7a33\u5b9a\u548c\u6570\u636e\u5b89\u5168\u7684\u6700\u540e\u4e00\u9053\u4fdd\u9669\u3002
\u5907\u4efd\u901a\u5e38\u5206\u4e3a\u5168\u91cf\u5907\u4efd\u3001\u589e\u91cf\u5907\u4efd\u3001\u5dee\u5f02\u5907\u4efd\u4e09\u79cd\u3002\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u76ee\u524d\u652f\u6301\u5168\u91cf\u5907\u4efd\u548c\u589e\u91cf\u5907\u4efd\u3002
\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u63d0\u4f9b\u7684\u5907\u4efd\u6062\u590d\u53ef\u4ee5\u5206\u4e3a \u5e94\u7528\u5907\u4efd \u548c ETCD \u5907\u4efd \u4e24\u79cd\uff0c\u652f\u6301\u624b\u52a8\u5907\u4efd\uff0c\u6216\u57fa\u4e8e CronJob \u5b9a\u65f6\u81ea\u52a8\u5907\u4efd\u3002
\u5e94\u7528\u5907\u4efd
\u5e94\u7528\u5907\u4efd\u6307\uff0c\u5907\u4efd\u96c6\u7fa4\u4e2d\u7684\u67d0\u4e2a\u5de5\u4f5c\u8d1f\u8f7d\u7684\u6570\u636e\uff0c\u7136\u540e\u5c06\u8be5\u5de5\u4f5c\u8d1f\u8f7d\u7684\u6570\u636e\u6062\u590d\u5230\u672c\u96c6\u7fa4\u6216\u8005\u5176\u4ed6\u96c6\u7fa4\u3002\u652f\u6301\u5907\u4efd\u6574\u4e2a\u547d\u540d\u7a7a\u95f4\u4e0b\u7684\u6240\u6709\u8d44\u6e90\uff0c\u4e5f\u652f\u6301\u901a\u8fc7\u6807\u7b7e\u9009\u62e9\u5668\u8fc7\u6ee4\uff0c\u4ec5\u5907\u4efd\u5e26\u6709\u7279\u5b9a\u6807\u7b7e\u7684\u8d44\u6e90\u3002
\u5e94\u7528\u5907\u4efd\u652f\u6301\u8de8\u96c6\u7fa4\u5907\u4efd\u6709\u72b6\u6001\u5e94\u7528\uff0c\u5177\u4f53\u6b65\u9aa4\u53ef\u53c2\u8003MySQL \u5e94\u7528\u53ca\u6570\u636e\u7684\u8de8\u96c6\u7fa4\u5907\u4efd\u6062\u590d\u3002
ETCD \u5907\u4efd
etcd \u662f Kubernetes \u7684\u6570\u636e\u5b58\u50a8\u7ec4\u4ef6\uff0cKubernetes \u5c06\u81ea\u8eab\u7684\u7ec4\u4ef6\u6570\u636e\u548c\u5176\u4e2d\u7684\u5e94\u7528\u6570\u636e\u90fd\u5b58\u50a8\u5728 etcd \u4e2d\u3002\u56e0\u6b64\uff0c\u5907\u4efd etcd \u5c31\u76f8\u5f53\u4e8e\u5907\u4efd\u6574\u4e2a\u96c6\u7fa4\u7684\u6570\u636e\uff0c\u53ef\u4ee5\u5728\u6545\u969c\u65f6\u5feb\u901f\u5c06\u96c6\u7fa4\u6062\u590d\u5230\u4e4b\u524d\u67d0\u4e00\u65f6\u70b9\u7684\u72b6\u6001\u3002
\u9700\u8981\u6ce8\u610f\u7684\u662f\uff0c\u76ee\u524d\u4ec5\u652f\u6301\u5c06 etcd \u5907\u4efd\u6570\u636e\u6062\u590d\u5230\u540c\u4e00\u96c6\u7fa4\uff08\u539f\u96c6\u7fa4\uff09\u3002
\u672c\u6587\u4ecb\u7ecd\u5982\u4f55\u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4e2d\u4e3a\u5e94\u7528\u505a\u5907\u4efd\uff0c\u672c\u6559\u7a0b\u4e2d\u4f7f\u7528\u7684\u6f14\u793a\u5e94\u7528\u540d\u4e3a dao-2048 \uff0c\u5c5e\u4e8e\u65e0\u72b6\u6001\u5de5\u4f5c\u8d1f\u8f7d\u3002
"},{"location":"admin/kpanda/backup/deployment.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u5728\u5bf9\u65e0\u72b6\u6001\u5de5\u4f5c\u8d1f\u8f7d\u8fdb\u884c\u5907\u4efd\u524d\uff0c\u9700\u8981\u6ee1\u8db3\u4ee5\u4e0b\u524d\u63d0\u6761\u4ef6\uff1a
\u5728\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u4e2d\u63a5\u5165 Kubernetes \u96c6\u7fa4\u6216\u8005\u521b\u5efa Kubernetes \u96c6\u7fa4\uff0c\u4e14\u80fd\u591f\u8bbf\u95ee\u96c6\u7fa4\u7684 UI \u754c\u9762\u3002
\u521b\u5efa\u4e00\u4e2a\u547d\u540d\u7a7a\u95f4\u548c\u7528\u6237\u3002
\u5f53\u524d\u64cd\u4f5c\u7528\u6237\u5e94\u5177\u6709 NS Editor \u6216\u66f4\u9ad8\u6743\u9650\uff0c\u8be6\u60c5\u53ef\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u6388\u6743\u3002
\u5b89\u88c5 velero \u7ec4\u4ef6\uff0c\u4e14 velero \u7ec4\u4ef6\u8fd0\u884c\u6b63\u5e38\u3002
\u521b\u5efa\u4e00\u4e2a\u65e0\u72b6\u6001\u5de5\u4f5c\u8d1f\u8f7d\uff08\u672c\u6559\u7a0b\u4e2d\u7684\u8d1f\u8f7d\u540d\u4e3a dao-2048 \uff09\uff0c\u5e76\u4e3a\u65e0\u72b6\u6001\u5de5\u4f5c\u8d1f\u8f7d\u6253\u4e0a app: dao-2048 \u7684\u6807\u7b7e\u3002
\u53c2\u8003\u4ee5\u4e0b\u6b65\u9aa4\uff0c\u5907\u4efd\u65e0\u72b6\u6001\u5de5\u4f5c\u8d1f\u8f7d dao-2048 \u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\uff0c \u70b9\u51fb \u5bb9\u5668\u7ba1\u7406 -> \u5907\u4efd\u6062\u590d \u3002
\u8fdb\u5165 \u5e94\u7528\u5907\u4efd \u5217\u8868\u9875\u9762\uff0c\u4ece\u96c6\u7fa4\u4e0b\u62c9\u5217\u8868\u4e2d\u9009\u62e9\u5df2\u5b89\u88c5\u4e86 velero \u548c dao-2048 \u7684\u96c6\u7fa4\u3002 \u70b9\u51fb\u53f3\u4fa7\u7684 \u521b\u5efa\u5907\u4efd\u8ba1\u5212 \u6309\u94ae\u3002
\u53c2\u8003\u4e0b\u65b9\u8bf4\u660e\u586b\u5199\u5907\u4efd\u914d\u7f6e\u3002
\u53c2\u8003\u4e0b\u65b9\u8bf4\u660e\u8bbe\u7f6e\u5907\u4efd\u6267\u884c\u9891\u7387\uff0c\u7136\u540e\u70b9\u51fb \u4e0b\u4e00\u6b65 \u3002
*
\u81ea\u5b9a\u4e49 Cron \u8868\u8fbe\u5f0f\uff0c\u8f93\u5165\u8868\u8fbe\u5f0f\u540e\u4e0b\u65b9\u4f1a\u63d0\u793a\u5f53\u524d\u8868\u8fbe\u5f0f\u7684\u542b\u4e49\u3002\u6709\u5173\u8be6\u7ec6\u7684\u8868\u8fbe\u5f0f\u8bed\u6cd5\u89c4\u5219\uff0c\u53ef\u53c2\u8003 Cron \u65f6\u95f4\u8868\u8bed\u6cd5\u3002\u70b9\u51fb \u786e\u5b9a \uff0c\u9875\u9762\u4f1a\u81ea\u52a8\u8fd4\u56de\u5e94\u7528\u5907\u4efd\u8ba1\u5212\u5217\u8868\u3002\u60a8\u53ef\u4ee5\u627e\u5230\u65b0\u5efa\u7684 dao-2048 \u5907\u4efd\u8ba1\u5212\uff0c\u5728\u53f3\u4fa7\u70b9\u51fb \u2507 \uff0c\u9009\u62e9 \u7acb\u5373\u6267\u884c \u5f00\u59cb\u5907\u4efd\u3002
\u6b64\u65f6\u96c6\u7fa4\u7684 \u4e0a\u4e00\u6b21\u6267\u884c\u72b6\u6001 \u5c06\u8f6c\u53d8\u4e3a \u5907\u4efd\u4e2d \u3002\u7b49\u5f85\u5907\u4efd\u5b8c\u6210\u540e\u53ef\u4ee5\u70b9\u51fb\u5907\u4efd\u8ba1\u5212\u7684\u540d\u79f0\uff0c\u67e5\u770b\u5907\u4efd\u8ba1\u5212\u8be6\u60c5\u3002
Note
\u5982\u679c Job \u7c7b\u578b\u7684\u5de5\u4f5c\u8d1f\u8f7d\u72b6\u6001\u4e3a \u6267\u884c\u5b8c\u6210 \uff0c\u5219\u4e0d\u652f\u6301\u5907\u4efd\u3002
"},{"location":"admin/kpanda/backup/etcd-backup.html","title":"etcd \u5907\u4efd","text":"etcd \u5907\u4efd\u662f\u4ee5\u96c6\u7fa4\u6570\u636e\u4e3a\u6838\u5fc3\u7684\u5907\u4efd\u3002\u5728\u786c\u4ef6\u8bbe\u5907\u635f\u574f\uff0c\u5f00\u53d1\u6d4b\u8bd5\u914d\u7f6e\u9519\u8bef\u7b49\u573a\u666f\u4e2d\uff0c\u53ef\u4ee5\u901a\u8fc7 etcd \u5907\u4efd\u6062\u590d\u96c6\u7fa4\u6570\u636e\u3002
\u672c\u6587\u4ecb\u7ecd\u5982\u4f55\u4e3a\u96c6\u7fa4\u5236\u4f5c etcd \u5907\u4efd\u3002
"},{"location":"admin/kpanda/backup/etcd-backup.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u63a5\u5165\u6216\u8005\u521b\u5efa Kubernetes \u96c6\u7fa4\uff0c\u4e14\u80fd\u591f\u8bbf\u95ee\u96c6\u7fa4\u7684 UI \u754c\u9762\u3002
\u521b\u5efa\u547d\u540d\u7a7a\u95f4\u548c\u7528\u6237\uff0c\u5e76\u4e3a\u7528\u6237\u6388\u4e88 NS Admin \u6216\u66f4\u9ad8\u6743\u9650\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u6388\u6743\u3002
\u51c6\u5907\u4e00\u4e2a MinIO \u5b9e\u4f8b\u3002
\u53c2\u7167\u4ee5\u4e0b\u6b65\u9aa4\u521b\u5efa etcd \u5907\u4efd\u3002
\u8fdb\u5165 \u5bb9\u5668\u7ba1\u7406 -> \u5907\u4efd\u6062\u590d -> etcd \u5907\u4efd \uff0c\u70b9\u51fb \u5907\u4efd\u7b56\u7565 \u9875\u7b7e\uff0c\u7136\u540e\u5728\u53f3\u4fa7\u70b9\u51fb \u521b\u5efa\u5907\u4efd\u7b56\u7565 \u3002
\u53c2\u8003\u4ee5\u4e0b\u8bf4\u660e\u586b\u5199 \u57fa\u672c\u4fe1\u606f \u3002\u586b\u5199\u5b8c\u6bd5\u540e\u70b9\u51fb \u4e0b\u4e00\u6b65 \uff0c\u7cfb\u7edf\u5c06\u81ea\u52a8\u6821\u9a8c etcd \u7684\u8054\u901a\u6027\uff0c\u6821\u9a8c\u901a\u8fc7\u4e4b\u540e\u53ef\u4ee5\u8fdb\u884c\u4e0b\u4e00\u6b65\u3002
etcd \u5730\u5740\uff1a\u683c\u5f0f\u4e3a https://${\u8282\u70b9IP}:${\u7aef\u53e3\u53f7}
\u5728 kube-system \u547d\u540d\u7a7a\u95f4\u4e0b\u67e5\u627e etcd Pod
kubectl get po -n kube-system | grep etcd\n
\u83b7\u53d6 etcd Pod \u7684 listen-client-urls \u4e2d\u7684\u7aef\u53e3\u53f7
kubectl get po -n kube-system ${etcd_pod_name} -oyaml | grep listen-client-urls # (1)!\n
\u9884\u671f\u8f93\u51fa\u7ed3\u679c\u5982\u4e0b\uff0c\u8282\u70b9 IP \u540e\u7684\u6570\u5b57\u5373\u4e3a\u7aef\u53e3\u53f7:
- --listen-client-urls=https://127.0.0.1:2379,https://10.6.229.191:2379\n
CA \u8bc1\u4e66\uff1a\u53ef\u901a\u8fc7\u5982\u4e0b\u547d\u4ee4\u67e5\u770b\u8bc1\u4e66\uff0c\u7136\u540e\u5c06\u8bc1\u4e66\u5185\u5bb9\u590d\u5236\u7c98\u8d34\u5230\u5bf9\u5e94\u4f4d\u7f6e\uff1a
cat /etc/kubernetes/ssl/etcd/ca.crt\n
Cert \u8bc1\u4e66\uff1a\u53ef\u901a\u8fc7\u5982\u4e0b\u547d\u4ee4\u67e5\u770b\u8bc1\u4e66\uff0c\u7136\u540e\u5c06\u8bc1\u4e66\u5185\u5bb9\u590d\u5236\u7c98\u8d34\u5230\u5bf9\u5e94\u4f4d\u7f6e\uff1a
cat /etc/kubernetes/ssl/apiserver-etcd-client.crt\n
Key\uff1a\u53ef\u901a\u8fc7\u5982\u4e0b\u547d\u4ee4\u67e5\u770b\u8bc1\u4e66\uff0c\u7136\u540e\u5c06\u8bc1\u4e66\u5185\u5bb9\u590d\u5236\u7c98\u8d34\u5230\u5bf9\u5e94\u4f4d\u7f6e\uff1a
cat /etc/kubernetes/ssl/apiserver-etcd-client.key\n
Note
\u70b9\u51fb\u8f93\u5165\u6846\u4e0b\u65b9\u7684 \u5982\u4f55\u83b7\u53d6 \u53ef\u4ee5\u5728 UI \u9875\u9762\u67e5\u770b\u83b7\u53d6\u5bf9\u5e94\u4fe1\u606f\u7684\u65b9\u5f0f\u3002
\u53c2\u8003\u4ee5\u4e0b\u4fe1\u606f\u586b\u5199 \u5907\u4efd\u7b56\u7565 \u3002
\u5907\u4efd\u65b9\u5f0f\uff1a\u9009\u62e9\u624b\u52a8\u5907\u4efd\u6216\u5b9a\u65f6\u5907\u4efd
\u5907\u4efd\u94fe\u957f\u5ea6\uff1a\u6700\u591a\u4fdd\u7559\u591a\u5c11\u6761\u5907\u4efd\u6570\u636e\u3002\u9ed8\u8ba4\u4e3a 30 \u6761\u3002
\u53c2\u8003\u4ee5\u4e0b\u4fe1\u606f\u586b\u5199 \u5b58\u50a8\u4f4d\u7f6e \u3002
\u70b9\u51fb \u786e\u5b9a \u540e\u9875\u9762\u81ea\u52a8\u8df3\u8f6c\u5230\u5907\u4efd\u7b56\u7565\u5217\u8868\uff0c\u53ef\u4ee5\u67e5\u770b\u76ee\u524d\u521b\u5efa\u597d\u7684\u6240\u6709\u7b56\u7565\u3002
\u70b9\u51fb \u65e5\u5fd7 \u53ef\u4ee5\u67e5\u770b\u65e5\u5fd7\u5185\u5bb9\uff0c\u9ed8\u8ba4\u5c55\u793a 100 \u884c\u3002\u82e5\u60f3\u67e5\u770b\u66f4\u591a\u65e5\u5fd7\u4fe1\u606f\u6216\u8005\u4e0b\u8f7d\u65e5\u5fd7\uff0c\u53ef\u5728\u65e5\u5fd7\u4e0a\u65b9\u6839\u636e\u63d0\u793a\u524d\u5f80\u53ef\u89c2\u6d4b\u6027\u6a21\u5757\u3002
"},{"location":"admin/kpanda/backup/etcd-backup.html#_3","title":"\u67e5\u770b\u5907\u4efd\u7b56\u7565\u8be6\u60c5","text":"\u8fdb\u5165 \u5bb9\u5668\u7ba1\u7406 -> \u5907\u4efd\u6062\u590d -> etcd \u5907\u4efd \uff0c\u70b9\u51fb \u5907\u4efd\u7b56\u7565 \u9875\u7b7e\uff0c\u63a5\u7740\u70b9\u51fb\u7b56\u7565\u540d\u79f0\u53ef\u4ee5\u67e5\u770b\u7b56\u7565\u8be6\u60c5\u3002
"},{"location":"admin/kpanda/backup/etcd-backup.html#_4","title":"\u67e5\u770b\u5907\u4efd\u70b9","text":"\u9009\u62e9\u76ee\u6807\u96c6\u7fa4\u540e\uff0c\u53ef\u4ee5\u67e5\u770b\u8be5\u96c6\u7fa4\u4e0b\u6240\u6709\u5907\u4efd\u4fe1\u606f\u3002
\u6bcf\u6267\u884c\u4e00\u6b21\u5907\u4efd\uff0c\u5bf9\u5e94\u751f\u6210\u4e00\u4e2a\u5907\u4efd\u70b9\uff0c\u53ef\u901a\u8fc7\u6210\u529f\u72b6\u6001\u7684\u5907\u4efd\u70b9\u5feb\u901f\u6062\u590d\u5e94\u7528\u3002
velero \u662f\u4e00\u4e2a\u5907\u4efd\u548c\u6062\u590d Kubernetes \u96c6\u7fa4\u8d44\u6e90\u7684\u5f00\u6e90\u5de5\u5177\u3002\u5b83\u53ef\u4ee5\u5c06 Kubernetes \u96c6\u7fa4\u4e2d\u7684\u8d44\u6e90\u5907\u4efd\u5230\u4e91\u5b58\u50a8\u670d\u52a1\u3001\u672c\u5730\u5b58\u50a8\u6216\u5176\u4ed6\u4f4d\u7f6e\uff0c\u5e76\u4e14\u53ef\u4ee5\u5728\u9700\u8981\u65f6\u5c06\u8fd9\u4e9b\u8d44\u6e90\u6062\u590d\u5230\u540c\u4e00\u6216\u4e0d\u540c\u7684\u96c6\u7fa4\u4e2d\u3002
\u672c\u8282\u4ecb\u7ecd\u5982\u4f55\u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4e2d\u4f7f\u7528 Helm \u5e94\u7528 \u90e8\u7f72 velero \u63d2\u4ef6\u3002
"},{"location":"admin/kpanda/backup/install-velero.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u5b89\u88c5 velero \u63d2\u4ef6\u524d\uff0c\u9700\u8981\u6ee1\u8db3\u4ee5\u4e0b\u524d\u63d0\u6761\u4ef6\uff1a
\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u5df2\u63a5\u5165 Kubernetes \u96c6\u7fa4\u6216\u8005\u5df2\u521b\u5efa Kubernetes \u96c6\u7fa4\uff0c\u4e14\u80fd\u591f\u8bbf\u95ee\u96c6\u7fa4\u7684 UI \u754c\u9762\u3002
\u521b\u5efa velero \u547d\u540d\u7a7a\u95f4\u3002
\u5f53\u524d\u64cd\u4f5c\u7528\u6237\u5e94\u5177\u6709 NS Editor \u6216\u66f4\u9ad8\u6743\u9650\uff0c\u8be6\u60c5\u53ef\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u6388\u6743\u3002
\u8bf7\u6267\u884c\u5982\u4e0b\u6b65\u9aa4\u4e3a\u96c6\u7fa4\u5b89\u88c5 velero \u63d2\u4ef6\u3002
\u5728\u96c6\u7fa4\u5217\u8868\u9875\u9762\u627e\u5230\u9700\u8981\u5b89\u88c5 velero \u63d2\u4ef6\u7684\u76ee\u6807\u96c6\u7fa4\uff0c\u70b9\u51fb\u96c6\u7fa4\u540d\u79f0\uff0c\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u4f9d\u6b21\u70b9\u51fb Helm \u5e94\u7528 -> Helm \u6a21\u677f \uff0c\u5728\u641c\u7d22\u680f\u8f93\u5165 velero \u8fdb\u884c\u641c\u7d22\u3002
\u9605\u8bfb velero \u63d2\u4ef6\u76f8\u5173\u4ecb\u7ecd\uff0c\u9009\u62e9\u7248\u672c\u540e\u70b9\u51fb \u5b89\u88c5 \u6309\u94ae\u3002\u672c\u6587\u5c06\u4ee5 4.0.2 \u7248\u672c\u4e3a\u4f8b\u8fdb\u884c\u5b89\u88c5\uff0c\u63a8\u8350\u5b89\u88c5 4.0.2 \u6216\u66f4\u9ad8\u7248\u672c\u3002
\u586b\u5199\u548c\u914d\u7f6e\u53c2\u6570\u540e\u70b9\u51fb \u4e0b\u4e00\u6b65
\u57fa\u672c\u53c2\u6570\u53c2\u6570\u914d\u7f6eNote
\u5f00\u542f \u5c31\u7eea\u7b49\u5f85 \u548c/\u6216 \u5931\u8d25\u5220\u9664 \u540e\uff0c\u5e94\u7528\u9700\u8981\u7ecf\u8fc7\u8f83\u957f\u65f6\u95f4\u624d\u4f1a\u88ab\u6807\u8bb0\u4e3a \u8fd0\u884c\u4e2d \u72b6\u6001\u3002
S3 Credentials\uff1a
SecretContents.aws_secret_access_key = \uff1a\u914d\u7f6e\u8bbf\u95ee\u5bf9\u8c61\u5b58\u50a8\u7684\u5bc6\u7801\uff0c\u66ff\u6362 \u4e3a\u771f\u5b9e\u53c2\u6570\u3002
config \"SecretContents \u6837\u4f8b\" [default] aws_access_key_id = minio aws_secret_access_key = minio123
Velero Configuration\uff1a
Note
\u8bf7\u786e\u4fdd s3 \u5b58\u50a8\u670d\u52a1\u65f6\u95f4\u8ddf\u5907\u4efd\u8fd8\u539f\u96c6\u7fa4\u65f6\u95f4\u5dee\u572810\u5206\u949f\u4ee5\u5185\uff0c\u6700\u597d\u662f\u65f6\u95f4\u4fdd\u6301\u540c\u6b65\uff0c\u5426\u5219\u5c06\u65e0\u6cd5\u6267\u884c\u5907\u4efd\u64cd\u4f5c\u3002
migration plugin configuration\uff1a\u542f\u7528\u4e4b\u540e\uff0c\u5c06\u5728\u4e0b\u4e00\u6b65\u7684 YAML \u4ee3\u7801\u6bb5\u4e2d\u65b0\u589e\uff1a
...\ninitContainers:\n - image: 'release.daocloud.io/kcoral/velero-plugin-for-migration:v0.3.0'\n imagePullPolicy: IfNotPresent\n name: velero-plugin-for-migration\n volumeMounts:\n - mountPath: /target\n name: plugins\n - image: 'docker.m.daocloud.io/velero/velero-plugin-for-csi:v0.7.0'\n imagePullPolicy: IfNotPresent\n name: velero-plugin-for-csi\n volumeMounts:\n - mountPath: /target\n name: plugins\n - image: 'docker.m.daocloud.io/velero/velero-plugin-for-aws:v1.9.0'\n imagePullPolicy: IfNotPresent\n name: velero-plugin-for-aws\n volumeMounts:\n - mountPath: /target\n name: plugins\n...\n
\u786e\u8ba4 YAML \u65e0\u8bef\u540e\u70b9\u51fb \u786e\u5b9a \uff0c\u5b8c\u6210 velero \u63d2\u4ef6\u7684\u5b89\u88c5\u3002 \u4e4b\u540e\u7cfb\u7edf\u5c06\u81ea\u52a8\u8df3\u8f6c\u81f3 Helm \u5e94\u7528 \u5217\u8868\u9875\u9762\uff0c\u7a0d\u7b49\u51e0\u5206\u949f\u540e\uff0c\u4e3a\u9875\u9762\u6267\u884c\u5237\u65b0\u64cd\u4f5c\uff0c\u5373\u53ef\u770b\u5230\u521a\u521a\u5b89\u88c5\u7684\u5e94\u7528\u3002
\u672c\u6587\u5c06\u4ee5\u4e00\u4e2a\u5355\u63a7\u5236\u8282\u70b9\u7684\u5de5\u4f5c\u96c6\u7fa4\u4e3a\u4f8b\uff0c\u4ecb\u7ecd\u5982\u4f55\u624b\u52a8\u4e3a\u5de5\u4f5c\u96c6\u7fa4\u7684\u63a7\u5236\u8282\u70b9\u8fdb\u884c\u6269\u5bb9\uff0c\u4ee5\u5b9e\u73b0\u81ea\u5efa\u5de5\u4f5c\u96c6\u7fa4\u7684\u9ad8\u53ef\u7528\u3002
Note
Note
\u88ab\u7eb3\u7ba1\u96c6\u7fa4\uff1a\u5728\u754c\u9762\u521b\u5efa\u96c6\u7fa4\u65f6\u6307\u5b9a\u7684\u7528\u6765\u7ba1\u7406\u5f53\u524d\u96c6\u7fa4\uff0c\u5e76\u4e3a\u5f53\u524d\u96c6\u7fa4\u63d0\u4f9b kubernetes \u7248\u672c\u5347\u7ea7\u3001\u8282\u70b9\u6269\u7f29\u5bb9\u3001\u5378\u8f7d\u3001\u64cd\u4f5c\u8bb0\u5f55\u7b49\u80fd\u529b\u7684\u96c6\u7fa4\u3002
"},{"location":"admin/kpanda/best-practice/add-master-node.html#_3","title":"\u4fee\u6539\u4e3b\u673a\u6e05\u5355\u6587\u4ef6","text":"\u767b\u5f55\u5230\u5bb9\u5668\u7ba1\u7406\u5e73\u53f0\uff0c\u8fdb\u5165\u9700\u8981\u8fdb\u884c\u63a7\u5236\u8282\u70b9\u6269\u5bb9\u7684\u96c6\u7fa4\u6982\u89c8\u9875\u9762\uff0c\u5728 \u57fa\u672c\u4fe1\u606f \u5904\uff0c\u627e\u5230\u5f53\u524d\u96c6\u7fa4\u7684 \u88ab\u7eb3\u7ba1\u96c6\u7fa4 \uff0c \u70b9\u51fb\u88ab\u7eb3\u7ba1\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u8fdb\u5165\u88ab\u7eb3\u7ba1\u96c6\u7fa4\u7684\u6982\u89c8\u754c\u9762\u3002
\u5728\u88ab\u7eb3\u7ba1\u96c6\u7fa4\u7684\u6982\u89c8\u754c\u9762\uff0c\u70b9\u51fb \u63a7\u5236\u53f0\uff0c\u6253\u5f00\u4e91\u7ec8\u7aef\u63a7\u5236\u53f0\uff0c\u5e76\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u627e\u5230\u5f85\u6269\u5bb9\u5de5\u4f5c\u96c6\u7fa4\u7684\u4e3b\u673a\u6e05\u5355\u6587\u4ef6\u3002
kubectl get cm -n kubean-system ${ClusterName}-hosts-conf -oyaml\n
${ClusterName}
\uff1a\u4e3a\u5f85\u6269\u5bb9\u5de5\u4f5c\u96c6\u7fa4\u7684\u540d\u79f0\u3002
\u53c2\u8003\u4e0b\u65b9\u793a\u4f8b\u4fee\u6539\u4e3b\u673a\u6e05\u5355\u6587\u4ef6\uff0c\u65b0\u589e\u63a7\u5236\u8282\u70b9\u4fe1\u606f\u3002
\u4fee\u6539\u524d\u4fee\u6539\u540eapiVersion: v1\nkind: ConfigMap\nmetadata:\n name: tanghai-dev-hosts-conf\n namespace: kubean-system\ndata:\n hosts.yml: |\n all:\n hosts:\n node1:\n ip: 10.6.175.10 \n access_ip: 10.6.175.10\n ansible_host: 10.6.175.10 \n ansible_connection: ssh\n ansible_user: root\n ansible_password: password01\n children:\n kube_control_plane:\n hosts:\n node1:\n kube_node:\n hosts:\n node1:\n etcd:\n hosts:\n node1:\n k8s_cluster:\n children:\n kube_control_plane:\n kube_node:\n calico_rr:\n hosts: {}\n......\n
apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: tanghai-dev-hosts-conf\n namespace: kubean-system\ndata:\n hosts.yml: |\n all:\n hosts:\n node1: # \u539f\u96c6\u7fa4\u4e2d\u5df2\u5b58\u5728\u7684\u4e3b\u8282\u70b9\n ip: 10.6.175.10\n access_ip: 10.6.175.10 \n ansible_host: 10.6.175.10\n ansible_connection: ssh\n ansible_user: root\n ansible_password: password01\n node2: # \u96c6\u7fa4\u6269\u5bb9\u5f85\u65b0\u589e\u7684\u63a7\u5236\u8282\u70b9\n ip: 10.6.175.20\n access_ip: 10.6.175.20\n ansible_host: 10.6.175.20\n ansible_connection: ssh\n ansible_user: root\n ansible_password: password01\n node3: # \u96c6\u7fa4\u6269\u5bb9\u5f85\u65b0\u589e\u7684\u63a7\u5236\u8282\u70b9\n ip: 10.6.175.30 \n access_ip: 10.6.175.30\n ansible_host: 10.6.175.30 \n ansible_connection: ssh\n ansible_user: root\n ansible_password: password01\n children:\n kube_control_plane:\n hosts: # \u96c6\u7fa4\u4e2d\u7684\u63a7\u5236\u8282\u70b9\u7ec4\n node1:\n node2: # \u65b0\u589e\u63a7\u5236\u8282\u70b9 node2 \u5185\u5bb9 \n node3: # \u65b0\u589e\u63a7\u5236\u8282\u70b9 node3 \u5185\u5bb9 \n kube_node:\n hosts: # \u96c6\u7fa4\u4e2d\u7684\u5de5\u4f5c\u8282\u70b9\u7ec4\n node1:\n node2: # \u65b0\u589e\u63a7\u5236\u8282\u70b9 node2 \u5185\u5bb9 \n node3: # \u65b0\u589e\u63a7\u5236\u8282\u70b9 node3 \u5185\u5bb9 \n etcd:\n hosts: # \u96c6\u7fa4\u4e2d\u7684 ETCD \u8282\u70b9\u7ec4\n node1:\n node2: # \u65b0\u589e\u63a7\u5236\u8282\u70b9 node2 \u5185\u5bb9 \n node3: # \u65b0\u589e\u63a7\u5236\u8282\u70b9 node3 \u5185\u5bb9 \n k8s_cluster:\n children:\n kube_control_plane:\n kube_node:\n calico_rr:\n hosts: {}\n
\u4f7f\u7528\u57fa\u4e8e\u4e0b\u9762\u7684 ClusterOperation.yml \u6a21\u677f\uff0c\u65b0\u589e\u4e00\u4e2a\u96c6\u7fa4\u63a7\u5236\u8282\u70b9\u6269\u5bb9\u4efb\u52a1 scale-master-node-ops.yaml \u3002
ClusterOperation.ymlapiVersion: kubean.io/v1alpha1\nkind: ClusterOperation\nmetadata:\n name: cluster1-online-install-ops\nspec:\n cluster: ${cluster-name} # (1)!\n image: ghcr.m.daocloud.io/kubean-io/spray-job:v0.18.0 # (2)!\n actionType: playbook\n action: cluster.yml # (3)!\n extraArgs: --limit=etcd,kube_control_plane -e ignore_assert_errors=yes\n preHook:\n - actionType: playbook\n action: ping.yml\n - actionType: playbook\n action: disable-firewalld.yml\n - actionType: playbook\n action: enable-repo.yml # (4)!\n extraArgs: | # \u5982\u679c\u662f\u79bb\u7ebf\u73af\u5883\uff0c\u9700\u8981\u6dfb\u52a0 enable-repo.yml\uff0c\u5e76\u4e14 extraArgs \u53c2\u6570\u586b\u5199\u76f8\u5173 OS \u7684\u6b63\u786e repo_list\n -e \"{repo_list: ['http://172.30.41.0:9000/kubean/centos/\\$releasever/os/\\$basearch','http://172.30.41.0:9000/kubean/centos-iso/\\$releasever/os/\\$basearch']}\"\n postHook:\n - actionType: playbook\n action: upgrade-cluster.yml\n extraArgs: --limit=etcd,kube_control_plane -e ignore_assert_errors=yes\n - actionType: playbook\n action: kubeconfig.yml\n - actionType: playbook\n action: cluster-info.yml\n
-e etcd_retries=10
\u4ee5\u589e\u5927 etcd node join \u91cd\u8bd5\u6b21\u6570\u7136\u540e\u521b\u5efa\u5e76\u90e8\u7f72 scale-master-node-ops.yaml\u3002
vi scale-master-node-ops.yaml\nkubectl apply -f scale-master-node-ops.yaml -n kubean-system\n
\u6267\u884c\u5b8c\u4e0a\u8ff0\u6b65\u9aa4\uff0c\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u9a8c\u8bc1\uff1a
kubectl get node\n
"},{"location":"admin/kpanda/best-practice/add-worker-node-on-global.html","title":"\u4e3a\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u7684\u5de5\u4f5c\u8282\u70b9\u6269\u5bb9","text":"\u672c\u6587\u5c06\u4ecb\u7ecd\u79bb\u7ebf\u6a21\u5f0f\u4e0b\uff0c\u5982\u4f55\u624b\u52a8\u4e3a\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u7684\u5de5\u4f5c\u8282\u70b9\u8fdb\u884c\u6269\u5bb9\u3002 \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e0d\u5efa\u8bae\u5728\u90e8\u7f72 AI \u7b97\u529b\u4e2d\u5fc3\u540e\u5bf9\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u8fdb\u884c\u6269\u5bb9\uff0c\u8bf7\u5728\u90e8\u7f72 AI \u7b97\u529b\u4e2d\u5fc3\u524d\u505a\u597d\u8d44\u6e90\u89c4\u5212\u3002
Note
\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u7684\u63a7\u5236\u8282\u70b9\u4e0d\u652f\u6301\u6269\u5bb9\u3002
"},{"location":"admin/kpanda/best-practice/add-worker-node-on-global.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u767b\u5f55\u706b\u79cd\u8282\u70b9\uff1a
ssh root@\u706b\u79cd\u8282\u70b9 IP \u5730\u5740\n
\u5728\u706b\u79cd\u8282\u70b9\u4e0a\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u83b7\u53d6 kind \u96c6\u7fa4\u7684 CONTAINER ID
\uff1a
[root@localhost ~]# podman ps\n\n# \u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a\nCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES\n220d662b1b6a docker.m.daocloud.io/kindest/node:v1.26.2 2 weeks ago Up 2 weeks 0.0.0.0:443->30443/tcp, 0.0.0.0:8081->30081/tcp, 0.0.0.0:9000-9001->32000-32001/tcp, 0.0.0.0:36674->6443/tcp my-cluster-installer-control-plane\n
\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u8fdb\u5165 kind \u96c6\u7fa4\u5bb9\u5668\u5185\uff1a
podman exec -it {CONTAINER ID} bash\n
{CONTAINER ID}
\u66ff\u6362\u4e3a\u60a8\u771f\u5b9e\u7684\u5bb9\u5668 ID
\u5728 kind \u96c6\u7fa4\u5bb9\u5668\u5185\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u83b7\u53d6 kind \u96c6\u7fa4\u7684 kubeconfig \u914d\u7f6e\u4fe1\u606f\uff1a
kubectl config view --minify --flatten --raw\n
\u5f85\u63a7\u5236\u53f0\u8f93\u51fa\u540e\uff0c\u590d\u5236 kind \u96c6\u7fa4\u7684 kubeconfig \u914d\u7f6e\u4fe1\u606f\uff0c\u4e3a\u4e0b\u4e00\u6b65\u505a\u51c6\u5907\u3002
"},{"location":"admin/kpanda/best-practice/add-worker-node-on-global.html#kind-clusterkubeanio","title":"\u5728\u706b\u79cd\u8282\u70b9\u4e0a kind \u96c6\u7fa4\u5185\u521b\u5efacluster.kubean.io
\u8d44\u6e90","text":"\u4f7f\u7528 podman exec -it {CONTAINER ID} bash
\u547d\u4ee4\u8fdb\u5165 kind \u96c6\u7fa4\u5bb9\u5668\u5185\u3002
\u5728 kind \u96c6\u7fa4\u5bb9\u5668\u5185\uff0c\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u83b7\u53d6 kind \u96c6\u7fa4\u540d\u79f0 \uff1a
kubectl get clusters\n
\u590d\u5236\u5e76\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5728 kind \u96c6\u7fa4\u5185\u6267\u884c\uff0c\u4ee5\u521b\u5efa cluster.kubean.io
\u8d44\u6e90\uff1a
kubectl apply -f - <<EOF\napiVersion: kubean.io/v1alpha1\nkind: Cluster\nmetadata:\n labels:\n clusterName: kpanda-global-cluster\n name: kpanda-global-cluster\nspec:\n hostsConfRef:\n name: my-cluster-hosts-conf\n namespace: kubean-system\n kubeconfRef:\n name: my-cluster-kubeconf\n namespace: kubean-system\n varsConfRef:\n name: my-cluster-vars-conf\n namespace: kubean-system\nEOF\n
Note
spec.hostsConfRef.name
\u3001spec.kubeconfRef.name
\u3001spec.varsConfRef.name
\u4e2d\u96c6\u7fa4\u540d\u79f0\u9ed8\u8ba4\u4e3a my-cluster
\uff0c \u9700\u66ff\u6362\u6210\u4e0a\u4e00\u6b65\u9aa4\u4e2d\u83b7\u53d6\u7684 kind \u96c6\u7fa4\u540d\u79f0 \u3002
\u5728 kind \u96c6\u7fa4\u5185\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u68c0\u9a8c cluster.kubean.io` \u8d44\u6e90\u662f\u5426\u6b63\u5e38\u521b\u5efa\uff1a
kubectl get clusters\n
\u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a
NAME AGE\nkpanda-global-cluster 3s\nmy-cluster 16d\n
\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u767b\u5f55\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u7684\u5176\u4e2d\u4e00\u4e2a\u63a7\u5236\u8282\u70b9\uff1a
ssh root@\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u63a7\u5236\u8282\u70b9 IP \u5730\u5740\n
\u5728\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u63a7\u5236\u8282\u70b9\u4e0a\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5c06\u63a7\u5236\u8282\u70b9\u7684 containerd \u914d\u7f6e\u6587\u4ef6 config.toml \u590d\u5236\u5230\u706b\u79cd\u8282\u70b9\u4e0a\uff1a
scp /etc/containerd/config.toml root@{\u706b\u79cd\u8282\u70b9 IP}:/root\n
\u5728\u706b\u79cd\u8282\u70b9\u4e0a\uff0c\u4ece\u63a7\u5236\u8282\u70b9\u62f7\u8d1d\u8fc7\u6765\u7684 containerd \u914d\u7f6e\u6587\u4ef6 config.toml \u4e2d\u9009\u53d6 \u975e\u5b89\u5168\u955c\u50cf registry \u7684\u90e8\u5206 \u52a0\u5165\u5230 kind \u96c6\u7fa4\u5185 config.toml
\u975e\u5b89\u5168\u955c\u50cfregistry \u90e8\u5206\u793a\u4f8b\u5982\u4e0b\uff1a
[plugins.\"io.containerd.grpc.v1.cri\".registry]\n [plugins.\"io.containerd.grpc.v1.cri\".registry.mirrors]\n [plugins.\"io.containerd.grpc.v1.cri\".registry.mirrors.\"10.6.202.20\"]\n endpoint = [\"https://10.6.202.20\"]\n [plugins.\"io.containerd.grpc.v1.cri\".registry.configs.\"10.6.202.20\".tls]\n insecure_skip_verify = true\n
Note
\u7531\u4e8e kind \u96c6\u7fa4\u5185\u4e0d\u80fd\u76f4\u63a5\u4fee\u6539 config.toml \u6587\u4ef6\uff0c\u6545\u53ef\u4ee5\u5148\u590d\u5236\u4e00\u4efd\u6587\u4ef6\u51fa\u6765\u4fee\u6539\uff0c\u518d\u62f7\u8d1d\u5230 kind \u96c6\u7fa4\uff0c\u6b65\u9aa4\u5982\u4e0b\uff1a
\u5728\u706b\u79cd\u8282\u70b9\u4e0a\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\uff0c\u5c06\u6587\u4ef6\u62f7\u8d1d\u51fa\u6765
podman cp {CONTAINER ID}:/etc/containerd/config.toml ./config.toml.kind\n
\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u7f16\u8f91 config.toml \u6587\u4ef6
vim ./config.toml.kind\n
\u5c06\u4fee\u6539\u597d\u7684\u6587\u4ef6\u518d\u590d\u5236\u5230 kind \u96c6\u7fa4\uff0c\u6267\u884c\u5982\u4e0b\u547d\u4ee4
podman cp ./config.toml.kind {CONTAINER ID}:/etc/containerd/config.toml\n
{CONTAINER ID} \u66ff\u6362\u4e3a\u60a8\u771f\u5b9e\u7684\u5bb9\u5668 ID
\u5728 kind \u96c6\u7fa4\u5185\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u91cd\u542f containerd \u670d\u52a1
systemctl restart containerd\n
\u767b\u5f55 AI \u7b97\u529b\u4e2d\u5fc3\uff0c\u8fdb\u5165\u5bb9\u5668\u7ba1\u7406\uff0c\u5728\u96c6\u7fa4\u5217\u8868\u9875\u53f3\u4fa7\u70b9\u51fb \u63a5\u5165\u96c6\u7fa4 \u6309\u94ae\uff0c\u8fdb\u5165\u63a5\u5165\u96c6\u7fa4\u9875\u9762\u3002
\u5728\u63a5\u5165\u914d\u7f6e\u5904\uff0c\u586b\u5165\u5e76\u7f16\u8f91\u521a\u521a\u590d\u5236\u7684 kind \u96c6\u7fa4\u7684 kubeconfig \u914d\u7f6e\u3002
apiVersion: v1\nclusters:\n- cluster:\n insecure-skip-tls-verify: true # (1)!\n certificate-authority-data: LS0TLSCFDFWEFEWFEWFGGEWGFWFEWGWEGFEWGEWGSDGFSDSD\n server: https://my-cluster-installer-control-plane:6443 # (2)!\nname: my-cluster-installer\ncontexts:\n- context:\n cluster: my-cluster-installer\n user: kubernetes-admin\nname: kubernetes-admin@my-cluster-installer\ncurrent-context: kubernetes-admin@my-cluster-installer\nkind: Config\npreferences: {}\nusers:\n
\u70b9\u51fb \u786e\u8ba4 \u6309\u94ae\uff0c\u5b8c\u6210 kind \u96c6\u7fa4\u7684\u63a5\u5165\u3002
\u767b\u5f55 AI \u7b97\u529b\u4e2d\u5fc3\uff0c\u8fdb\u5165\u5bb9\u5668\u7ba1\u7406\uff0c\u627e\u5230 kapnda-glabal-cluster \u96c6\u7fa4\uff0c\u5728\u53f3\u4fa7\u64cd\u4f5c\u5217\u8868\u627e\u5230 \u57fa\u7840\u914d\u7f6e \u83dc\u5355\u9879\u5e76\u8fdb\u5165\u57fa\u7840\u914d\u7f6e\u754c\u9762\u3002
\u5728\u57fa\u7840\u914d\u7f6e\u9875\u9762\uff0c\u4e3a\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u6dfb\u52a0\u7684\u6807\u7b7e kpanda.io/managed-by=my-cluster
\uff1a
Note
\u6807\u7b7e kpanda.io/managed-by=my-cluster
\u4e2d\u7684 vaule \u503c\u4e3a\u63a5\u5165\u96c6\u7fa4\u65f6\u6307\u5b9a\u7684\u96c6\u7fa4\u540d\u79f0\uff0c\u9ed8\u8ba4\u4e3a my-cluster
\uff0c\u5177\u4f53\u4f9d\u636e\u60a8\u7684\u5b9e\u9645\u60c5\u51b5\u3002
\u8fdb\u5165\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u8282\u70b9\u5217\u8868\u9875\uff0c\u70b9\u51fb\u53f3\u4fa7\u7684 \u63a5\u5165\u8282\u70b9 \u6309\u94ae\u3002
\u586b\u5165\u5f85\u63a5\u5165\u8282\u70b9\u7684 IP \u548c\u8ba4\u8bc1\u4fe1\u606f\u540e\u70b9\u51fb \u5f00\u59cb\u68c0\u67e5 \uff0c\u901a\u8fc7\u8282\u70b9\u68c0\u67e5\u540e\u70b9\u51fb \u4e0b\u4e00\u6b65 \u3002
\u5728 \u81ea\u5b9a\u4e49\u53c2\u6570 \u5904\u6dfb\u52a0\u5982\u4e0b\u81ea\u5b9a\u4e49\u53c2\u6570\uff1a
download_run_once: false\ndownload_container: false\ndownload_force_cache: false\ndownload_localhost: false\n
\u70b9\u51fb \u786e\u5b9a \u7b49\u5f85\u8282\u70b9\u6dfb\u52a0\u5b8c\u6210\u3002
\u672c\u6b21\u6f14\u793a\u5c06\u57fa\u4e8e AI \u7b97\u529b\u4e2d\u5fc3\u7684\u5e94\u7528\u5907\u4efd\u529f\u80fd\uff0c\u5b9e\u73b0\u4e00\u4e2a\u6709\u72b6\u6001\u5e94\u7528\u7684\u8de8\u96c6\u7fa4\u5907\u4efd\u8fc1\u79fb\u3002
Note
\u5f53\u524d\u64cd\u4f5c\u8005\u5e94\u5177\u6709 AI \u7b97\u529b\u4e2d\u5fc3\u5e73\u53f0\u7ba1\u7406\u5458\u7684\u6743\u9650\u3002
"},{"location":"admin/kpanda/best-practice/backup-mysql-on-nfs.html#_1","title":"\u51c6\u5907\u6f14\u793a\u73af\u5883","text":""},{"location":"admin/kpanda/best-practice/backup-mysql-on-nfs.html#_2","title":"\u51c6\u5907\u4e24\u4e2a\u96c6\u7fa4","text":"main-cluster \u4f5c\u4e3a\u5907\u4efd\u6570\u636e\u7684\u6e90\u96c6\u7fa4\uff0c recovery-cluster \u96c6\u7fa4\u4f5c\u4e3a\u9700\u8981\u6062\u590d\u6570\u636e\u7684\u76ee\u6807\u96c6\u7fa4\u3002
\u96c6\u7fa4 IP \u8282\u70b9 main-cluster 10.6.175.100 1 \u8282\u70b9 recovery-cluster 10.6.175.110 1 \u8282\u70b9"},{"location":"admin/kpanda/best-practice/backup-mysql-on-nfs.html#minio","title":"\u642d\u5efa MinIO \u914d\u7f6e","text":"MinIO \u670d\u52a1\u5668\u8bbf\u95ee\u5730\u5740 \u5b58\u50a8\u6876 \u7528\u6237\u540d \u5bc6\u7801 http://10.7.209.110:9000 mysql-demo root dangerous"},{"location":"admin/kpanda/best-practice/backup-mysql-on-nfs.html#nfs","title":"\u5728\u4e24\u4e2a\u96c6\u7fa4\u90e8\u7f72 NFS \u5b58\u50a8\u670d\u52a1","text":"Note
\u9700\u8981\u5728 \u6e90\u96c6\u7fa4\u548c\u76ee\u6807\u96c6\u7fa4 \u4e0a\u7684\u6240\u6709\u8282\u70b9\u4e0a\u90e8\u7f72 NFS \u5b58\u50a8\u670d\u52a1\u3002
\u5728\u4e24\u4e2a\u96c6\u7fa4\u4e2d\u7684\u6240\u6709\u8282\u70b9\u5b89\u88c5 NFS \u6240\u9700\u7684\u4f9d\u8d56\u3002
yum install nfs-utils iscsi-initiator-utils nfs-utils iscsi-initiator-utils nfs-utils iscsi-initiator-utils -y\n
\u9884\u671f\u8f93\u51fa\u4e3a\uff1a
[root@g-master1 ~]# kubectl apply -f nfs.yaml\nclusterrole.rbac.authorization.k8s.io/nfs-provisioner-runner created\nclusterrolebinding.rbac.authorization.k8s.io/run-nfs-provisioner created\nrole.rbac.authorization.k8s.io/leader-locking-nfs-provisioner created\nrolebinding.rbac.authorization.k8s.io/leader-locking-nfs-provisioner created\nserviceaccount/nfs-provisioner created\nservice/nfs-provisioner created\ndeployment.apps/nfs-provisioner created\nstorageclass.storage.k8s.io/nfs created\n
\u4e3a MySQL \u5e94\u7528\u51c6\u5907 NFS \u5b58\u50a8\u670d\u52a1\u3002
\u767b\u5f55 main-cluster \u96c6\u7fa4\u548c recovery-cluster \u96c6\u7fa4\u7684\u4efb\u4e00\u63a7\u5236\u8282\u70b9\uff0c\u4f7f\u7528 vi nfs.yaml \u547d\u4ee4\u5728\u8282\u70b9\u4e0a\u521b\u5efa\u4e00\u4e2a \u540d\u4e3a nfs.yaml \u7684\u6587\u4ef6\uff0c\u5c06\u4e0b\u9762\u7684 YAML \u5185\u5bb9\u590d\u5236\u5230 nfs.yaml \u6587\u4ef6\u3002
\u70b9\u51fb\u67e5\u770b\u5b8c\u6574\u7684 nfs.yaml nfs.yaml
kind: ClusterRole\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\nname: nfs-provisioner-runner\nnamespace: nfs-system\nrules:\n- apiGroups: [\"\"]\n resources: [\"persistentvolumes\"]\n verbs: [\"get\", \"list\", \"watch\", \"create\", \"delete\"]\n- apiGroups: [\"\"]\n resources: [\"persistentvolumeclaims\"]\n verbs: [\"get\", \"list\", \"watch\", \"update\"]\n- apiGroups: [\"storage.k8s.io\"]\n resources: [\"storageclasses\"]\n verbs: [\"get\", \"list\", \"watch\"]\n- apiGroups: [\"\"]\n resources: [\"events\"]\n verbs: [\"create\", \"update\", \"patch\"]\n- apiGroups: [\"\"]\n resources: [\"services\", \"endpoints\"]\n verbs: [\"get\"]\n- apiGroups: [\"extensions\"]\n resources: [\"podsecuritypolicies\"]\n resourceNames: [\"nfs-provisioner\"]\n verbs: [\"use\"]\n---\nkind: ClusterRoleBinding\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\nname: run-nfs-provisioner\nsubjects:\n- kind: ServiceAccount\n name: nfs-provisioner\n # replace with namespace where provisioner is deployed\n namespace: default\nroleRef:\nkind: ClusterRole\nname: nfs-provisioner-runner\napiGroup: rbac.authorization.k8s.io\n---\nkind: Role\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\nname: leader-locking-nfs-provisioner\nrules:\n- apiGroups: [\"\"]\n resources: [\"endpoints\"]\n verbs: [\"get\", \"list\", \"watch\", \"create\", \"update\", \"patch\"]\n---\nkind: RoleBinding\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\nname: leader-locking-nfs-provisioner\nsubjects:\n- kind: ServiceAccount\n name: nfs-provisioner\n # replace with namespace where provisioner is deployed\n namespace: default\nroleRef:\nkind: Role\nname: leader-locking-nfs-provisioner\napiGroup: rbac.authorization.k8s.io\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\nname: nfs-provisioner\n---\nkind: Service\napiVersion: v1\nmetadata:\nname: nfs-provisioner\nlabels:\n app: nfs-provisioner\nspec:\nports:\n - name: nfs\n port: 2049\n - name: nfs-udp\n port: 2049\n protocol: UDP\n - name: nlockmgr\n port: 32803\n - name: nlockmgr-udp\n port: 32803\n protocol: UDP\n - name: mountd\n port: 20048\n - name: mountd-udp\n port: 20048\n protocol: UDP\n - name: rquotad\n port: 875\n - name: rquotad-udp\n port: 875\n protocol: UDP\n - name: rpcbind\n port: 111\n - name: rpcbind-udp\n port: 111\n protocol: UDP\n - name: statd\n port: 662\n - name: statd-udp\n port: 662\n protocol: UDP\nselector:\n app: nfs-provisioner\n---\nkind: Deployment\napiVersion: apps/v1\nmetadata:\nname: nfs-provisioner\nspec:\nselector:\n matchLabels:\n app: nfs-provisioner\nreplicas: 1\nstrategy:\n type: Recreate\ntemplate:\n metadata:\n labels:\n app: nfs-provisioner\n spec:\n serviceAccount: nfs-provisioner\n containers:\n - name: nfs-provisioner\n resources:\n limits:\n cpu: \"1\"\n memory: \"4294967296\"\n image: release.daocloud.io/velero/nfs-provisioner:v3.0.0\n ports:\n - name: nfs\n containerPort: 2049\n - name: nfs-udp\n containerPort: 2049\n protocol: UDP\n - name: nlockmgr\n containerPort: 32803\n - name: nlockmgr-udp\n containerPort: 32803\n protocol: UDP\n - name: mountd\n containerPort: 20048\n - name: mountd-udp\n containerPort: 20048\n protocol: UDP\n - name: rquotad\n containerPort: 875\n - name: rquotad-udp\n containerPort: 875\n protocol: UDP\n - name: rpcbind\n containerPort: 111\n - name: rpcbind-udp\n containerPort: 111\n protocol: UDP\n - name: statd\n containerPort: 662\n - name: statd-udp\n containerPort: 662\n protocol: UDP\n securityContext:\n capabilities:\n add:\n - DAC_READ_SEARCH\n - SYS_RESOURCE\n args:\n - \"-provisioner=example.com/nfs\"\n env:\n - name: POD_IP\n valueFrom:\n fieldRef:\n fieldPath: status.podIP\n - name: SERVICE_NAME\n value: nfs-provisioner\n - name: POD_NAMESPACE\n valueFrom:\n fieldRef:\n fieldPath: metadata.namespace\n imagePullPolicy: \"IfNotPresent\"\n volumeMounts:\n - name: export-volume\n mountPath: /export\n volumes:\n - name: export-volume\n hostPath:\n path: /data\n---\nkind: StorageClass\napiVersion: storage.k8s.io/v1\nmetadata:\nname: nfs\nprovisioner: example.com/nfs\nmountOptions:\n- vers=4.1\n
\u5728\u4e24\u4e2a\u96c6\u7fa4\u7684\u63a7\u5236\u8282\u70b9\u4e0a\u6267\u884c nfs.yaml \u6587\u4ef6\u3002
kubectl apply -f nfs.yaml\n
\u67e5\u770b NFS Pod \u72b6\u6001\uff0c\u7b49\u5f85\u5176\u72b6\u6001\u53d8\u4e3a running \uff08\u5927\u7ea6\u9700\u8981 2 \u5206\u949f\uff09\u3002
kubectl get pod -n nfs-system -owide\n
\u9884\u671f\u8f93\u51fa\u4e3a\uff1a
[root@g-master1 ~]# kubectl get pod -owide\nNAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES\nnfs-provisioner-7dfb9bcc45-74ws2 1/1 Running 0 4m45s 10.6.175.100 g-master1 <none> <none>\n
\u4e3a MySQL \u5e94\u7528\u51c6\u5907\u57fa\u4e8e NFS \u5b58\u50a8\u7684 PVC\uff0c\u7528\u6765\u5b58\u50a8 MySQL \u670d\u52a1\u5185\u7684\u6570\u636e\u3002
\u4f7f\u7528 vi pvc.yaml \u547d\u4ee4\u5728\u8282\u70b9\u4e0a\u521b\u5efa\u540d\u4e3a pvc.yaml \u7684\u6587\u4ef6\uff0c\u5c06\u4e0b\u9762\u7684 YAML \u5185\u5bb9\u590d\u5236\u5230 pvc.yaml \u6587\u4ef6\u5185\u3002
pvc.yaml
apiVersion: v1\nkind: PersistentVolumeClaim\nmetadata:\n name: mydata\n namespace: default\nspec:\n accessModes:\n - ReadWriteOnce\n resources:\n requests:\n storage: \"1Gi\"\n storageClassName: nfs\n volumeMode: Filesystem\n
\u5728\u8282\u70b9\u4e0a\u4f7f\u7528 kubectl \u5de5\u5177\u6267\u884c pvc.yaml \u6587\u4ef6\u3002
kubectl apply -f pvc.yaml\n
\u9884\u671f\u8f93\u51fa\u4e3a\uff1a
[root@g-master1 ~]# kubectl apply -f pvc.yaml\npersistentvolumeclaim/mydata created\n
\u90e8\u7f72 MySQL \u5e94\u7528\u3002
\u4f7f\u7528 vi mysql.yaml \u547d\u4ee4\u5728\u8282\u70b9\u4e0a\u521b\u5efa\u540d\u4e3a mysql.yaml \u7684\u6587\u4ef6\uff0c\u5c06\u4e0b\u9762\u7684 YAML \u5185\u5bb9\u590d\u5236\u5230 mysql.yaml \u6587\u4ef6\u3002
\u70b9\u51fb\u67e5\u770b\u5b8c\u6574\u7684 mysql.yaml nfs.yaml
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n labels:\n app: mysql-deploy\n name: mysql-deploy\n namespace: default\nspec:\n progressDeadlineSeconds: 600\n replicas: 1\n revisionHistoryLimit: 10\n selector:\n matchLabels:\n app: mysql-deploy\n strategy:\n rollingUpdate:\n maxSurge: 25%\n maxUnavailable: 25%\n type: RollingUpdate\n template:\n metadata:\n creationTimestamp: null\n labels:\n app: mysql-deploy\n name: mysql-deploy\n spec:\n containers:\n - args:\n - --ignore-db-dir=lost+found\n env:\n - name: MYSQL_ROOT_PASSWORD\n value: dangerous\n image: release.daocloud.io/velero/mysql:5\n imagePullPolicy: IfNotPresent\n name: mysql-deploy\n ports:\n - containerPort: 3306\n protocol: TCP\n resources:\n limits:\n cpu: \"1\"\n memory: \"4294967296\"\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n volumeMounts:\n - mountPath: /var/lib/mysql\n name: data\n dnsPolicy: ClusterFirst\n restartPolicy: Always\n schedulerName: default-scheduler\n securityContext:\n fsGroup: 999\n terminationGracePeriodSeconds: 30\n volumes:\n - name: data\n persistentVolumeClaim:\n claimName: mydata\n
\u5728\u8282\u70b9\u4e0a\u4f7f\u7528 kubectl \u5de5\u5177\u6267\u884c mysql.yaml \u6587\u4ef6\u3002
kubectl apply -f mysql.yaml\n
\u9884\u671f\u8f93\u51fa\u4e3a\uff1a
[root@g-master1 ~]# kubectl apply -f mysql.yaml\ndeployment.apps/mysql-deploy created\n
\u67e5\u770b MySQL Pod \u72b6\u6001\u3002
\u6267\u884c kubectl get pod | grep mysql \u67e5\u770b MySQL Pod \u72b6\u6001\uff0c\u7b49\u5f85\u5176\u72b6\u6001\u53d8\u4e3a running \uff08\u5927\u7ea6\u9700\u8981 2 \u5206\u949f\uff09\u3002
\u9884\u671f\u8f93\u51fa\u4e3a\uff1a
[root@g-master1 ~]# kubectl get pod |grep mysql\nmysql-deploy-5d6f94cb5c-gkrks 1/1 Running 0 2m53s\n
Note
\u5411 MySQL \u5e94\u7528\u5199\u5165\u6570\u636e\u3002
\u4e3a\u4e86\u4fbf\u4e8e\u540e\u671f\u9a8c\u8bc1\u8fc1\u79fb\u6570\u636e\u662f\u5426\u6210\u529f\uff0c\u53ef\u4ee5\u4f7f\u7528\u811a\u672c\u5411 MySQL \u5e94\u7528\u4e2d\u5199\u5165\u6d4b\u8bd5\u6570\u636e\u3002
\u4f7f\u7528 vi insert.sh \u547d\u4ee4\u5728\u8282\u70b9\u4e0a\u521b\u5efa\u540d\u4e3a insert.sh \u7684\u811a\u672c\uff0c\u5c06\u4e0b\u9762\u7684 YAML \u5185\u5bb9\u590d\u5236\u5230\u8be5\u811a\u672c\u3002
insert.sh#!/bin/bash\n\nfunction rand(){\n min=$1\n max=$(($2-$min+1))\n num=$(date +%s%N)\n echo $(($num%$max+$min))\n}\n\nfunction insert(){\n user=$(date +%s%N | md5sum | cut -c 1-9)\n age=$(rand 1 100)\n\n sql=\"INSERT INTO test.users(user_name, age)VALUES('${user}', ${age});\"\n echo -e ${sql}\n\n kubectl exec deploy/mysql-deploy -- mysql -uroot -pdangerous -e \"${sql}\"\n\n}\n\nkubectl exec deploy/mysql-deploy -- mysql -uroot -pdangerous -e \"CREATE DATABASE IF NOT EXISTS test;\"\nkubectl exec deploy/mysql-deploy -- mysql -uroot -pdangerous -e \"CREATE TABLE IF NOT EXISTS test.users(user_name VARCHAR(10) NOT NULL,age INT UNSIGNED)ENGINE=InnoDB DEFAULT CHARSET=utf8;\"\n\nwhile true;do\n insert\n sleep 1\ndone\n
\u4e3a insert.sh \u811a\u672c\u6dfb\u52a0\u6743\u9650\u5e76\u8fd0\u884c\u8be5\u811a\u672c\u3002
[root@g-master1 ~]# chmod +x insert.sh\n[root@g-master1 ~]# ./insert.sh\n
\u9884\u671f\u8f93\u51fa\u4e3a\uff1a
mysql: [Warning] Using a password on the command line interface can be insecure.\nmysql: [Warning] Using a password on the command line interface can be insecure.\nINSERT INTO test.users(user_name, age)VALUES('dc09195ba', 10);\nmysql: [Warning] Using a password on the command line interface can be insecure.\nINSERT INTO test.users(user_name, age)VALUES('80ab6aa28', 70);\nmysql: [Warning] Using a password on the command line interface can be insecure.\nINSERT INTO test.users(user_name, age)VALUES('f488e3d46', 23);\nmysql: [Warning] Using a password on the command line interface can be insecure.\nINSERT INTO test.users(user_name, age)VALUES('e6098695c', 93);\nmysql: [Warning] Using a password on the command line interface can be insecure.\nINSERT INTO test.users(user_name, age)VALUES('eda563e7d', 63);\nmysql: [Warning] Using a password on the command line interface can be insecure.\nINSERT INTO test.users(user_name, age)VALUES('a4d1b8d68', 17);\nmysql: [Warning] Using a password on the command line interface can be insecure.\n
\u5728\u952e\u76d8\u4e0a\u540c\u65f6\u6309\u4e0b control \u548c c \u6682\u505c\u811a\u672c\u7684\u6267\u884c\u3002
\u524d\u5f80 MySQL Pod \u67e5\u770b MySQL \u4e2d\u5199\u5165\u7684\u6570\u636e\u3002
kubectl exec deploy/mysql-deploy -- mysql -uroot -pdangerous -e \"SELECT * FROM test.users;\"\n
\u9884\u671f\u8f93\u51fa\u4e3a\uff1a
mysql: [Warning] Using a password on the command line interface can be insecure.\nuser_name age\ndc09195ba 10\n80ab6aa28 70\nf488e3d46 23\ne6098695c 93\neda563e7d 63\na4d1b8d68 17\nea47546d9 86\na34311f2e 47\n740cefe17 33\nede85ea28 65\nb6d0d6a0e 46\nf0eb38e50 44\nc9d2f28f5 72\n8ddaafc6f 31\n3ae078d0e 23\n6e041631e 96\n
Note
\u9700\u8981\u5728 \u6e90\u96c6\u7fa4\u548c\u76ee\u6807\u96c6\u7fa4 \u4e0a\u5747\u5b89\u88c5 velero \u63d2\u4ef6\u3002
\u53c2\u8003\u5b89\u88c5 velero \u63d2\u4ef6\u6587\u6863\u548c\u4e0b\u65b9\u7684 MinIO \u914d\u7f6e\uff0c\u5728 main-cluster \u96c6\u7fa4\u548c recovery-cluster \u96c6\u7fa4\u4e0a\u5b89\u88c5 velero \u63d2\u4ef6\u3002
minio \u670d\u52a1\u5668\u8bbf\u95ee\u5730\u5740 \u5b58\u50a8\u6876 \u7528\u6237\u540d \u5bc6\u7801http://10.7.209.110:9000
mysql-demo root dangerous Note
\u5b89\u88c5\u63d2\u4ef6\u65f6\u9700\u8981\u5c06 S3url \u66ff\u6362\u4e3a\u6b64\u6b21\u6f14\u793a\u51c6\u5907\u7684 MinIO \u670d\u52a1\u5668\u8bbf\u95ee\u5730\u5740\uff0c\u5b58\u50a8\u6876\u66ff\u6362\u4e3a MinIO \u4e2d\u771f\u5b9e\u5b58\u5728\u7684\u5b58\u50a8\u6876\u3002
"},{"location":"admin/kpanda/best-practice/backup-mysql-on-nfs.html#mysql_2","title":"\u5907\u4efd MySQL \u5e94\u7528\u53ca\u6570\u636e","text":"\u5728\u5907\u4efd\u524d\u6211\u4eec\u9700\u8981\u5148\u4fdd\u8bc1\u6570\u636e\u5e93\u4e0d\u80fd\u6709\u65b0\u6570\u636e\u8fdb\u6765\uff0c\u6240\u4ee5\u8981\u8bbe\u7f6e\u4e3a\u53ea\u8bfb\u6a21\u5f0f\uff1a
mysql> set global read_only=1; #1\u662f\u53ea\u8bfb\uff0c0\u662f\u8bfb\u5199\nmysql> show global variables like \"%read_only%\"; #\u67e5\u8be2\u72b6\u6001\n
\u4e3a MySQL \u5e94\u7528\u53ca PVC \u6570\u636e\u6dfb\u52a0\u72ec\u6709\u7684\u6807\u7b7e\uff1a backup=mysql \uff0c\u4fbf\u4e8e\u5907\u4efd\u65f6\u9009\u62e9\u8d44\u6e90\u3002
kubectl label deploy mysql-deploy backup=mysql # \u4e3a __mysql-deploy__ \u8d1f\u8f7d\u6dfb\u52a0\u6807\u7b7e\nkubectl label pod mysql-deploy-5d6f94cb5c-gkrks backup=mysql # \u4e3a mysql pod \u6dfb\u52a0\u6807\u7b7e\nkubectl label pvc mydata backup=mysql # \u4e3a mysql \u7684 pvc \u6dfb\u52a0\u6807\u7b7e\n
\u53c2\u8003\u5e94\u7528\u5907\u4efd\u4e2d\u4ecb\u7ecd\u7684\u6b65\u9aa4\uff0c\u4ee5\u53ca\u4e0b\u65b9\u7684\u53c2\u6570\u521b\u5efa\u5e94\u7528\u5907\u4efd\u3002
\u521b\u5efa\u597d\u5907\u4efd\u8ba1\u5212\u4e4b\u540e\u9875\u9762\u4f1a\u81ea\u52a8\u8fd4\u56de\u5907\u4efd\u8ba1\u5212\u5217\u8868\uff0c\u627e\u5230\u65b0\u5efa\u7684\u5907\u4efd\u8ba1\u5212 backup-mysq \uff0c\u70b9\u51fb\u66f4\u591a\u64cd\u4f5c\u6309\u94ae ... \uff0c\u9009\u62e9 \u7acb\u5373\u6267\u884c \u6267\u884c\u65b0\u5efa\u7684\u5907\u4efd\u8ba1\u5212\u3002
\u7b49\u5f85\u5907\u4efd\u8ba1\u5212\u6267\u884c\u5b8c\u6210\u540e\uff0c\u5373\u53ef\u6267\u884c\u540e\u7eed\u64cd\u4f5c\u3002
\u767b\u5f55 AI \u7b97\u529b\u4e2d\u5fc3\u5e73\u53f0\uff0c\u5728\u5de6\u4fa7\u5bfc\u822a\u9009\u62e9 \u5bb9\u5668\u7ba1\u7406 -> \u5907\u4efd\u6062\u590d -> \u5e94\u7528\u5907\u4efd \u3002
\u5728\u5de6\u4fa7\u529f\u80fd\u680f\u9009\u62e9 \u6062\u590d \uff0c\u7136\u540e\u5728\u53f3\u4fa7\u70b9\u51fb \u6062\u590d\u5907\u4efd \u3002
\u67e5\u770b\u4ee5\u4e0b\u8bf4\u660e\u586b\u5199\u53c2\u6570\uff1a
\u5237\u65b0\u5907\u4efd\u8ba1\u5212\u5217\u8868\uff0c\u7b49\u5f85\u5907\u4efd\u8ba1\u5212\u6267\u884c\u5b8c\u6210\u3002
\u767b\u5f55 recovery-cluster \u96c6\u7fa4\u7684\u63a7\u5236\u8282\u70b9\uff0c\u67e5\u770b mysql-deploy \u8d1f\u8f7d\u662f\u5426\u5df2\u7ecf\u6210\u529f\u5907\u4efd\u5230\u5f53\u524d\u96c6\u7fa4\u3002
kubectl get pod\n
\u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a
NAME READY STATUS RESTARTS AGE\nmysql-deploy-5798f5d4b8-62k6c 1/1 Running 0 24h\n
\u68c0\u67e5 MySQL \u6570\u636e\u8868\u4e2d\u7684\u6570\u636e\u662f\u5426\u6062\u590d\u6210\u529f\u3002
kubectl exec deploy/mysql-deploy -- mysql -uroot -pdangerous -e \"SELECT * FROM test.users;\"\n
\u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a
mysql: [Warning] Using a password on the command line interface can be insecure.\nuser_name age\ndc09195ba 10\n80ab6aa28 70\nf488e3d46 23\ne6098695c 93\neda563e7d 63\na4d1b8d68 17\nea47546d9 86\na34311f2e 47\n740cefe17 33\nede85ea28 65\nb6d0d6a0e 46\nf0eb38e50 44\nc9d2f28f5 72\n8ddaafc6f 31\n3ae078d0e 23\n6e041631e 96\n
Success
\u53ef\u4ee5\u770b\u5230\uff0cPod \u4e2d\u7684\u6570\u636e\u548c main-cluster \u96c6\u7fa4\u4e2d Pod \u91cc\u9762\u7684\u6570\u636e\u4e00\u81f4\u3002\u8fd9\u8bf4\u660e\u5df2\u7ecf\u6210\u529f\u5730\u5c06 main-cluster \u4e2d\u7684 MySQL \u5e94\u7528\u53ca\u5176\u6570\u636e\u8de8\u96c6\u7fa4\u6062\u590d\u5230\u4e86 recovery-cluster \u96c6\u7fa4\u3002
\u672c\u6587\u4ecb\u7ecd\u5982\u4f55\u5728\u5df2\u6709\u7684 CentOS \u7ba1\u7406\u5e73\u53f0\u4e0a\u521b\u5efa RedHat 9.2 \u5de5\u4f5c\u96c6\u7fa4\u3002
Note
\u672c\u6587\u4ec5\u9488\u5bf9\u79bb\u7ebf\u6a21\u5f0f\u4e0b\uff0c\u4f7f\u7528 AI \u7b97\u529b\u4e2d\u5fc3\u5e73\u53f0\u521b\u5efa\u5de5\u4f5c\u96c6\u7fa4\uff0c\u7ba1\u7406\u5e73\u53f0\u548c\u5f85\u5efa\u5de5\u4f5c\u96c6\u7fa4\u7684\u67b6\u6784\u5747\u4e3a AMD\u3002 \u521b\u5efa\u96c6\u7fa4\u65f6\u4e0d\u652f\u6301\u5f02\u6784\uff08AMD \u548c ARM \u6df7\u5408\uff09\u90e8\u7f72\uff0c\u60a8\u53ef\u4ee5\u5728\u96c6\u7fa4\u521b\u5efa\u5b8c\u6210\u540e\uff0c\u901a\u8fc7\u63a5\u5165\u5f02\u6784\u8282\u70b9\u7684\u65b9\u5f0f\u8fdb\u884c\u96c6\u7fa4\u6df7\u5408\u90e8\u7f72\u7ba1\u7406\u3002
"},{"location":"admin/kpanda/best-practice/create-redhat9.2-on-centos-platform.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u5df2\u7ecf\u90e8\u7f72\u597d\u4e00\u4e2a AI \u7b97\u529b\u4e2d\u5fc3\u5168\u6a21\u5f0f\uff0c\u5e76\u4e14\u706b\u79cd\u8282\u70b9\u8fd8\u5b58\u6d3b\u3002
"},{"location":"admin/kpanda/best-practice/create-redhat9.2-on-centos-platform.html#redhat","title":"\u4e0b\u8f7d\u5e76\u5bfc\u5165 RedHat \u76f8\u5173\u79bb\u7ebf\u5305","text":"\u8bf7\u786e\u4fdd\u5df2\u7ecf\u767b\u5f55\u5230\u706b\u79cd\u8282\u70b9\uff01\u5e76\u4e14\u4e4b\u524d\u90e8\u7f72 AI \u7b97\u529b\u4e2d\u5fc3\u65f6\u4f7f\u7528\u7684 clusterConfig.yaml
\u6587\u4ef6\u8fd8\u5728\u3002
\u4e0b\u8f7d\u6240\u9700\u7684 RedHat OS package \u5305\u548c ISO \u79bb\u7ebf\u5305\uff1a
\u8d44\u6e90\u540d \u8bf4\u660e \u4e0b\u8f7d\u5730\u5740 os-pkgs-redhat9-v0.9.3.tar.gz RedHat9.2 OS-package \u5305 https://github.com/kubean-io/kubean/releases/download/v0.9.3/os-pkgs-redhat9-v0.9.3.tar.gz ISO \u79bb\u7ebf\u5305 ISO \u5305\u5bfc\u5165\u706b\u79cd\u8282\u70b9\u811a\u672c \u524d\u5f80 RedHat \u5b98\u65b9\u5730\u5740\u767b\u5f55\u4e0b\u8f7d import-iso ISO \u5bfc\u5165\u706b\u79cd\u8282\u70b9\u811a\u672c https://github.com/kubean-io/kubean/releases/download/v0.9.3/import_iso.sh"},{"location":"admin/kpanda/best-practice/create-redhat9.2-on-centos-platform.html#os-pckage-minio","title":"\u5bfc\u5165 os pckage \u79bb\u7ebf\u5305\u81f3\u706b\u79cd\u8282\u70b9\u7684 minio","text":"\u89e3\u538b RedHat os pckage \u79bb\u7ebf\u5305
\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u89e3\u538b\u4e0b\u8f7d\u7684 os pckage \u79bb\u7ebf\u5305\u3002\u6b64\u5904\u6211\u4eec\u4e0b\u8f7d\u7684 RedHat os pckage \u79bb\u7ebf\u5305\u3002
tar -xvf os-pkgs-redhat9-v0.9.3.tar.gz \n
os package \u89e3\u538b\u540e\u7684\u6587\u4ef6\u5185\u5bb9\u5982\u4e0b\uff1a
os-pkgs\n \u251c\u2500\u2500 import_ospkgs.sh # \u8be5\u811a\u672c\u7528\u4e8e\u5bfc\u5165 os packages \u5230 MinIO \u6587\u4ef6\u670d\u52a1\n \u251c\u2500\u2500 os-pkgs-amd64.tar.gz # amd64 \u67b6\u6784\u7684 os packages \u5305\n \u251c\u2500\u2500 os-pkgs-arm64.tar.gz # arm64 \u67b6\u6784\u7684 os packages \u5305\n \u2514\u2500\u2500 os-pkgs.sha256sum.txt # os packages \u5305\u7684 sha256sum \u6548\u9a8c\u6587\u4ef6\n
\u5bfc\u5165 OS Package \u81f3\u706b\u79cd\u8282\u70b9\u7684 MinIO
\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5c06 os packages \u5305\u5230 MinIO \u6587\u4ef6\u670d\u52a1\u4e2d\uff1a
MINIO_USER=rootuser MINIO_PASS=rootpass123 ./import_ospkgs.sh http://127.0.0.1:9000 os-pkgs-redhat9-v0.9.3.tar.gz\n
Note
\u4e0a\u8ff0\u547d\u4ee4\u4ec5\u4ec5\u9002\u7528\u4e8e\u706b\u79cd\u8282\u70b9\u5185\u7f6e\u7684 MinIO \u670d\u52a1\uff0c\u5982\u679c\u4f7f\u7528\u5916\u90e8 MinIO \u8bf7\u5c06 http://127.0.0.1:9000
\u66ff\u6362\u4e3a\u5916\u90e8 MinIO \u7684\u8bbf\u95ee\u5730\u5740\u3002 \u201crootuser\u201d \u548c \u201crootpass123\u201d \u662f\u706b\u79cd\u8282\u70b9\u5185\u7f6e\u7684 MinIO \u670d\u52a1\u7684\u9ed8\u8ba4\u8d26\u6237\u548c\u5bc6\u7801\u3002\u201cos-pkgs-redhat9-v0.9.3.tar.gz\u201c \u4e3a\u6240\u4e0b\u8f7d\u7684 os package \u79bb\u7ebf\u5305\u7684\u540d\u79f0\u3002
\u6267\u884c\u5982\u4e0b\u547d\u4ee4, \u5c06 ISO \u5305\u5230 MinIO \u6587\u4ef6\u670d\u52a1\u4e2d:
MINIO_USER=rootuser MINIO_PASS=rootpass123 ./import_iso.sh http://127.0.0.1:9000 rhel-9.2-x86_64-dvd.iso\n
Note
\u4e0a\u8ff0\u547d\u4ee4\u4ec5\u4ec5\u9002\u7528\u4e8e\u706b\u79cd\u8282\u70b9\u5185\u7f6e\u7684 MinIO \u670d\u52a1\uff0c\u5982\u679c\u4f7f\u7528\u5916\u90e8 MinIO \u8bf7\u5c06 http://127.0.0.1:9000
\u66ff\u6362\u4e3a\u5916\u90e8 MinIO \u7684\u8bbf\u95ee\u5730\u5740\u3002 \u201crootuser\u201d \u548c \u201crootpass123\u201d \u662f\u706b\u79cd\u8282\u70b9\u5185\u7f6e\u7684 MinIO \u670d\u52a1\u7684\u9ed8\u8ba4\u8d26\u6237\u548c\u5bc6\u7801\u3002 \u201crhel-9.2-x86_64-dvd.iso\u201c \u4e3a\u6240\u4e0b\u8f7d\u7684 ISO \u79bb\u7ebf\u5305\u3002
\u53c2\u8003\u6587\u6863\u521b\u5efa\u5de5\u4f5c\u96c6\u7fa4\uff0c\u521b\u5efa RedHat 9.2 \u96c6\u7fa4\u3002
"},{"location":"admin/kpanda/best-practice/create-ubuntu-on-centos-platform.html","title":"\u5728 CentOS \u7ba1\u7406\u5e73\u53f0\u4e0a\u521b\u5efa Ubuntu \u5de5\u4f5c\u96c6\u7fa4","text":"\u672c\u6587\u4ecb\u7ecd\u5982\u4f55\u5728\u5df2\u6709\u7684 CentOS \u7ba1\u7406\u5e73\u53f0\u4e0a\u521b\u5efa Ubuntu \u5de5\u4f5c\u96c6\u7fa4\u3002
Note
\u672c\u6587\u4ec5\u9488\u5bf9\u79bb\u7ebf\u6a21\u5f0f\u4e0b\uff0c\u4f7f\u7528 AI \u7b97\u529b\u4e2d\u5fc3\u5e73\u53f0\u521b\u5efa\u5de5\u4f5c\u96c6\u7fa4\uff0c\u7ba1\u7406\u5e73\u53f0\u548c\u5f85\u5efa\u5de5\u4f5c\u96c6\u7fa4\u7684\u67b6\u6784\u5747\u4e3a AMD\u3002 \u521b\u5efa\u96c6\u7fa4\u65f6\u4e0d\u652f\u6301\u5f02\u6784\uff08AMD \u548c ARM \u6df7\u5408\uff09\u90e8\u7f72\uff0c\u60a8\u53ef\u4ee5\u5728\u96c6\u7fa4\u521b\u5efa\u5b8c\u6210\u540e\uff0c\u901a\u8fc7\u63a5\u5165\u5f02\u6784\u8282\u70b9\u7684\u65b9\u5f0f\u8fdb\u884c\u96c6\u7fa4\u6df7\u5408\u90e8\u7f72\u7ba1\u7406\u3002
"},{"location":"admin/kpanda/best-practice/create-ubuntu-on-centos-platform.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u8bf7\u786e\u4fdd\u5df2\u7ecf\u767b\u5f55\u5230\u706b\u79cd\u8282\u70b9\uff01\u5e76\u4e14\u4e4b\u524d\u90e8\u7f72 AI \u7b97\u529b\u4e2d\u5fc3\u65f6\u4f7f\u7528\u7684 clusterConfig.yaml \u6587\u4ef6\u8fd8\u5728\u3002
"},{"location":"admin/kpanda/best-practice/create-ubuntu-on-centos-platform.html#ubuntu_1","title":"\u4e0b\u8f7d Ubuntu \u76f8\u5173\u79bb\u7ebf\u5305","text":"\u4e0b\u8f7d\u6240\u9700\u7684 Ubuntu OS package \u5305\u548c ISO \u79bb\u7ebf\u5305\uff1a
\u8d44\u6e90\u540d \u8bf4\u660e \u4e0b\u8f7d\u5730\u5740 os-pkgs-ubuntu2204-v0.18.2.tar.gz Ubuntu1804 OS-package \u5305 https://github.com/kubean-io/kubean/releases/download/v0.18.2/os-pkgs-ubuntu2204-v0.18.2.tar.gz ISO \u79bb\u7ebf\u5305 ISO \u5305 http://mirrors.melbourne.co.uk/ubuntu-releases/"},{"location":"admin/kpanda/best-practice/create-ubuntu-on-centos-platform.html#ui","title":"\u524d\u5f80 UI \u754c\u9762\u521b\u5efa\u96c6\u7fa4","text":"\u53c2\u8003\u6587\u6863\u521b\u5efa\u5de5\u4f5c\u96c6\u7fa4\uff0c\u521b\u5efa Ubuntu \u96c6\u7fa4\u3002
"},{"location":"admin/kpanda/best-practice/etcd-backup.html","title":"ETCD \u5907\u4efd\u8fd8\u539f","text":"\u4f7f\u7528 ETCD \u5907\u4efd\u529f\u80fd\u521b\u5efa\u5907\u4efd\u7b56\u7565\uff0c\u53ef\u4ee5\u5c06\u6307\u5b9a\u96c6\u7fa4\u7684 etcd \u6570\u636e\u5b9a\u65f6\u5907\u4efd\u5230 S3 \u5b58\u50a8\u4e2d\u3002\u672c\u6587\u4e3b\u8981\u4ecb\u7ecd\u5982\u4f55\u5c06\u5df2\u7ecf\u5907\u4efd\u7684\u6570\u636e\u8fd8\u539f\u5230\u5f53\u524d\u96c6\u7fa4\u4e2d\u3002
Note
\u4e0b\u9762\u901a\u8fc7\u5177\u4f53\u7684\u6848\u4f8b\u6765\u8bf4\u660e\u5907\u4efd\u8fd8\u539f\u7684\u6574\u4e2a\u8fc7\u7a0b\u3002
"},{"location":"admin/kpanda/best-practice/etcd-backup.html#_1","title":"\u73af\u5883\u4fe1\u606f","text":"\u9996\u5148\u4ecb\u7ecd\u8fd8\u539f\u7684\u76ee\u6807\u96c6\u7fa4\u548c S3 \u5b58\u50a8\u7684\u57fa\u672c\u4fe1\u606f\u3002\u8fd9\u91cc\u4ee5 MinIo \u4f5c\u4e3a S3 \u5b58\u50a8\uff0c\u6574\u4e2a\u96c6\u7fa4\u6709 3 \u4e2a\u63a7\u5236\u9762\uff083 \u4e2a etcd \u526f\u672c\uff09\u3002
IP \u4e3b\u673a \u89d2\u8272 \u5907\u6ce8 10.6.212.10 host01 k8s-master01 k8s \u8282\u70b9 1 10.6.212.11 host02 k8s-master02 k8s \u8282\u70b9 2 10.6.212.12 host03 k8s-master03 k8s \u8282\u70b9 3 10.6.212.13 host04 minio minio \u670d\u52a1"},{"location":"admin/kpanda/best-practice/etcd-backup.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":""},{"location":"admin/kpanda/best-practice/etcd-backup.html#etcdbrctl","title":"\u5b89\u88c5 etcdbrctl \u5de5\u5177","text":"\u4e3a\u4e86\u5b9e\u73b0 ETCD \u6570\u636e\u5907\u4efd\u8fd8\u539f\uff0c\u9700\u8981\u5728\u4e0a\u8ff0\u4efb\u610f\u4e00\u4e2a Kubernetes \u8282\u70b9\u4e0a\u5b89\u88c5 etcdbrctl \u5f00\u6e90\u5de5\u5177\u3002 \u6b64\u5de5\u5177\u6682\u65f6\u6ca1\u6709\u4e8c\u8fdb\u5236\u6587\u4ef6\uff0c\u9700\u8981\u81ea\u884c\u7f16\u8bd1\u3002\u7f16\u8bd1\u65b9\u5f0f\u8bf7\u53c2\u8003 Gardener / etcd-backup-restore \u672c\u5730\u5f00\u53d1\u6587\u6863\u3002
\u5b89\u88c5\u5b8c\u6210\u540e\u7528\u5982\u4e0b\u547d\u4ee4\u68c0\u67e5\u5de5\u5177\u662f\u5426\u53ef\u7528\uff1a
etcdbrctl -v\n
\u9884\u671f\u8f93\u51fa\u5982\u4e0b:
INFO[0000] etcd-backup-restore Version: v0.23.0-dev\nINFO[0000] Git SHA: b980beec\nINFO[0000] Go Version: go1.19.3\nINFO[0000] Go OS/Arch: linux/amd64\n
"},{"location":"admin/kpanda/best-practice/etcd-backup.html#_3","title":"\u68c0\u67e5\u5907\u4efd\u6570\u636e","text":"\u8fd8\u539f\u4e4b\u524d\u9700\u8981\u68c0\u67e5\u4e0b\u5217\u4e8b\u9879\uff1a
Note
AI \u7b97\u529b\u4e2d\u5fc3\u7684\u5907\u4efd\u662f\u5168\u91cf\u6570\u636e\u5907\u4efd\uff0c\u8fd8\u539f\u65f6\u5c06\u8fd8\u539f\u6700\u540e\u4e00\u6b21\u5907\u4efd\u7684\u5168\u91cf\u6570\u636e\u3002
"},{"location":"admin/kpanda/best-practice/etcd-backup.html#_4","title":"\u5173\u95ed\u96c6\u7fa4","text":"\u5728\u5907\u4efd\u4e4b\u524d\uff0c\u5fc5\u987b\u8981\u5148\u5173\u95ed\u96c6\u7fa4\u3002\u9ed8\u8ba4\u96c6\u7fa4 etcd \u548c kube-apiserver \u90fd\u662f\u4ee5\u9759\u6001 Pod \u7684\u5f62\u5f0f\u542f\u52a8\u7684\u3002 \u8fd9\u91cc\u7684\u5173\u95ed\u96c6\u7fa4\u662f\u6307\u5c06\u9759\u6001 Pod manifest \u6587\u4ef6\u79fb\u52a8\u5230 /etc/kubernetes/manifest \u76ee\u5f55\u5916\uff0c\u96c6\u7fa4\u5c31\u4f1a\u79fb\u9664\u5bf9\u5e94 Pod\uff0c\u8fbe\u5230\u5173\u95ed\u670d\u52a1\u7684\u4f5c\u7528\u3002
\u9996\u5148\u5220\u9664\u4e4b\u524d\u7684\u5907\u4efd\u6570\u636e\uff0c\u79fb\u9664\u6570\u636e\u5e76\u975e\u5c06\u73b0\u6709 etcd \u6570\u636e\u5220\u9664\uff0c\u800c\u662f\u6307\u4fee\u6539 etcd \u6570\u636e\u76ee\u5f55\u7684\u540d\u79f0\u3002 \u7b49\u5907\u4efd\u8fd8\u539f\u6210\u529f\u4e4b\u540e\u518d\u5220\u9664\u6b64\u76ee\u5f55\u3002\u8fd9\u6837\u505a\u7684\u76ee\u7684\u662f\uff0c\u5982\u679c etcd \u5907\u4efd\u8fd8\u539f\u5931\u8d25\uff0c\u8fd8\u53ef\u4ee5\u5c1d\u8bd5\u8fd8\u539f\u5f53\u524d\u96c6\u7fa4\u3002\u6b64\u6b65\u9aa4\u6bcf\u4e2a\u8282\u70b9\u5747\u9700\u6267\u884c\u3002
rm -rf /var/lib/etcd_bak\n
\u7136\u540e\u9700\u8981\u5173\u95ed kube-apiserver \u7684\u670d\u52a1\uff0c\u786e\u4fdd etcd \u7684\u6570\u636e\u6ca1\u6709\u65b0\u53d8\u5316\u3002\u6b64\u6b65\u9aa4\u6bcf\u4e2a\u8282\u70b9\u5747\u9700\u6267\u884c\u3002
mv /etc/kubernetes/manifests/kube-apiserver.yaml /tmp/kube-apiserver.yaml\n
\u540c\u65f6\u8fd8\u9700\u8981\u5173\u95ed etcd \u7684\u670d\u52a1\u3002\u6b64\u6b65\u9aa4\u6bcf\u4e2a\u8282\u70b9\u5747\u9700\u6267\u884c\u3002
mv /etc/kubernetes/manifests/etcd.yaml /tmp/etcd.yaml\n
\u786e\u4fdd\u6240\u6709\u63a7\u5236\u5e73\u9762\u7684 kube-apiserver \u548c etcd \u670d\u52a1\u90fd\u5df2\u7ecf\u5173\u95ed\u3002
\u5173\u95ed\u6240\u6709\u7684\u8282\u70b9\u540e\uff0c\u4f7f\u7528\u5982\u4e0b\u547d\u4ee4\u68c0\u67e5 etcd \u96c6\u7fa4\u72b6\u6001\u3002\u6b64\u547d\u4ee4\u5728\u4efb\u610f\u4e00\u4e2a\u8282\u70b9\u6267\u884c\u5373\u53ef\u3002
endpoints \u7684\u503c\u9700\u8981\u66ff\u6362\u4e3a\u5b9e\u9645\u8282\u70b9\u540d\u79f0
etcdctl endpoint status --endpoints=controller-node-1:2379,controller-node-2:2379,controller-node-3:2379 -w table \\\n --cacert=\"/etc/kubernetes/ssl/etcd/ca.crt\" \\\n --cert=\"/etc/kubernetes/ssl/apiserver-etcd-client.crt\" \\\n --key=\"/etc/kubernetes/ssl/apiserver-etcd-client.key\"\n
\u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff0c\u8868\u793a\u6240\u6709\u7684 etcd \u8282\u70b9\u90fd\u88ab\u9500\u6bc1\uff1a
{\"level\":\"warn\",\"ts\":\"2023-03-29T17:51:50.817+0800\",\"logger\":\"etcd-client\",\"caller\":\"v3@v3.5.6/retry_interceptor.go:62\",\"msg\":\"retrying of unary invoker failed\",\"target\":\"etcd-endpoints://0xc0001ba000/controller-node-1:2379\",\"attempt\":0,\"error\":\"rpc error: code = DeadlineExceeded desc = latest balancer error: last connection error: connection error: desc = \\\"transport: Error while dialing dial tcp 10.5.14.31:2379: connect: connection refused\\\"\"}\nFailed to get the status of endpoint controller-node-1:2379 (context deadline exceeded)\n{\"level\":\"warn\",\"ts\":\"2023-03-29T17:51:55.818+0800\",\"logger\":\"etcd-client\",\"caller\":\"v3@v3.5.6/retry_interceptor.go:62\",\"msg\":\"retrying of unary invoker failed\",\"target\":\"etcd-endpoints://0xc0001ba000/controller-node-2:2379\",\"attempt\":0,\"error\":\"rpc error: code = DeadlineExceeded desc = latest balancer error: last connection error: connection error: desc = \\\"transport: Error while dialing dial tcp 10.5.14.32:2379: connect: connection refused\\\"\"}\nFailed to get the status of endpoint controller-node-2:2379 (context deadline exceeded)\n{\"level\":\"warn\",\"ts\":\"2023-03-29T17:52:00.820+0800\",\"logger\":\"etcd-client\",\"caller\":\"v3@v3.5.6/retry_interceptor.go:62\",\"msg\":\"retrying of unary invoker failed\",\"target\":\"etcd-endpoints://0xc0001ba000/controller-node-1:2379\",\"attempt\":0,\"error\":\"rpc error: code = DeadlineExceeded desc = latest balancer error: last connection error: connection error: desc = \\\"transport: Error while dialing dial tcp 10.5.14.33:2379: connect: connection refused\\\"\"}\nFailed to get the status of endpoint controller-node-3:2379 (context deadline exceeded)\n+----------+----+---------+---------+-----------+------------+-----------+------------+--------------------+--------+\n| ENDPOINT | ID | VERSION | DB SIZE | IS LEADER | IS LEARNER | RAFT TERM | RAFT INDEX | RAFT APPLIED INDEX | ERRORS |\n+----------+----+---------+---------+-----------+------------+-----------+------------+--------------------+--------+\n+----------+----+---------+---------+-----------+------------+-----------+------------+--------------------+--------+\n
\u53ea\u9700\u8981\u8fd8\u539f\u4e00\u4e2a\u8282\u70b9\u7684\u6570\u636e\uff0c\u5176\u4ed6\u8282\u70b9\u7684 etcd \u6570\u636e\u5c31\u4f1a\u81ea\u52a8\u8fdb\u884c\u540c\u6b65\u3002
\u8bbe\u7f6e\u73af\u5883\u53d8\u91cf
\u4f7f\u7528 etcdbrctl \u8fd8\u539f\u6570\u636e\u4e4b\u524d\uff0c\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u5c06\u8fde\u63a5 S3 \u7684\u8ba4\u8bc1\u4fe1\u606f\u8bbe\u7f6e\u4e3a\u73af\u5883\u53d8\u91cf\uff1a
export ECS_ENDPOINT=http://10.6.212.13:9000 # (1)!\nexport ECS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE # (2)!\nexport ECS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY # (3)!\n
\u6267\u884c\u8fd8\u539f\u64cd\u4f5c
\u6267\u884c etcdbrctl \u547d\u4ee4\u884c\u5de5\u5177\u6267\u884c\u8fd8\u539f\uff0c\u8fd9\u662f\u6700\u5173\u952e\u7684\u4e00\u6b65\u3002
etcdbrctl restore --data-dir /var/lib/etcd/ --store-container=\"etcd-backup\" \\ \n --storage-provider=ECS \\\n --initial-cluster=controller-node1=https://10.6.212.10:2380 \\\n --initial-advertise-peer-urls=https://10.6.212.10:2380 \n
\u53c2\u6570\u8bf4\u660e\u5982\u4e0b\uff1a
\u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a
INFO[0000] Finding latest set of snapshot to recover from...\nINFO[0000] Restoring from base snapshot: Full-00000000-00111147-1679991074 actor=restorer\nINFO[0001] successfully fetched data of base snapshot in 1.241380207 seconds actor=restorer\n{\"level\":\"info\",\"ts\":1680011221.2511616,\"caller\":\"mvcc/kvstore.go:380\",\"msg\":\"restored last compact revision\",\"meta-bucket-name\":\"meta\",\"meta-bucket-name-key\":\"finishedCompactRev\",\"restored-compact-revision\":110327}\n{\"level\":\"info\",\"ts\":1680011221.3045986,\"caller\":\"membership/cluster.go:392\",\"msg\":\"added member\",\"cluster-id\":\"66638454b9dd7b8a\",\"local-member-id\":\"0\",\"added-peer-id\":\"123c2503a378fc46\",\"added-peer-peer-urls\":[\"https://10.6.212.10:2380\"]}\nINFO[0001] Starting embedded etcd server... actor=restorer\n....\n\n{\"level\":\"info\",\"ts\":\"2023-03-28T13:47:02.922Z\",\"caller\":\"embed/etcd.go:565\",\"msg\":\"stopped serving peer traffic\",\"address\":\"127.0.0.1:37161\"}\n{\"level\":\"info\",\"ts\":\"2023-03-28T13:47:02.922Z\",\"caller\":\"embed/etcd.go:367\",\"msg\":\"closed etcd server\",\"name\":\"default\",\"data-dir\":\"/var/lib/etcd\",\"advertise-peer-urls\":[\"http://localhost:0\"],\"advertise-client-urls\":[\"http://localhost:0\"]}\nINFO[0003] Successfully restored the etcd data directory.\n
\u53ef\u4ee5\u67e5\u770b etcd \u7684 YAML \u6587\u4ef6\u8fdb\u884c\u5bf9\u7167\uff0c\u4ee5\u514d\u914d\u7f6e\u9519\u8bef
cat /tmp/etcd.yaml | grep initial-\n- --experimental-initial-corrupt-check=true\n- --initial-advertise-peer-urls=https://10.6.212.10:2380\n- --initial-cluster=controller-node-1=https://10.6.212.10:2380\n
\u4ee5\u4e0b\u547d\u4ee4\u5728\u8282\u70b9 01 \u4e0a\u6267\u884c\uff0c\u4e3a\u4e86\u6062\u590d\u8282\u70b9 01 \u7684 etcd \u670d\u52a1\u3002
\u9996\u5148\u5c06 etcd \u9759\u6001 Pod \u7684 manifest \u6587\u4ef6\u79fb\u52a8\u5230 /etc/kubernetes/manifests \u76ee\u5f55\u4e0b\uff0ckubelet \u5c06\u4f1a\u91cd\u542f etcd\uff1a
mv /tmp/etcd.yaml /etc/kubernetes/manifests/etcd.yaml\n
\u7136\u540e\u7b49\u5f85 etcd \u670d\u52a1\u542f\u52a8\u5b8c\u6210\u4ee5\u540e\uff0c\u68c0\u67e5 etcd \u7684\u72b6\u6001\uff0cetcd \u76f8\u5173\u8bc1\u4e66\u9ed8\u8ba4\u76ee\u5f55\uff1a /etc/kubernetes/ssl \u3002\u5982\u679c\u96c6\u7fa4\u8bc1\u4e66\u5b58\u653e\u5728\u5176\u4ed6\u4f4d\u7f6e\uff0c\u8bf7\u6307\u5b9a\u5bf9\u5e94\u8def\u5f84\u3002
\u68c0\u67e5 etcd \u96c6\u7fa4\u5217\u8868:
etcdctl member list -w table \\\n--cacert=\"/etc/kubernetes/ssl/etcd/ca.crt\" \\\n--cert=\"/etc/kubernetes/ssl/apiserver-etcd-client.crt\" \\\n--key=\"/etc/kubernetes/ssl/apiserver-etcd-client.key\" \n
\u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a
+------------------+---------+-------------------+--------------------------+--------------------------+------------+\n| ID | STATUS | NAME | PEER ADDRS | CLIENT ADDRS | IS LEARNER |\n+------------------+---------+-------------------+--------------------------+--------------------------+------------+\n| 123c2503a378fc46 | started | controller-node-1 | https://10.6.212.10:2380 | https://10.6.212.10:2379 | false |\n+------------------+---------+-------------------+--------------------------+--------------------------+------------+\n
\u67e5\u770b controller-node-1 \u72b6\u6001:
etcdctl endpoint status --endpoints=controller-node-1:2379 -w table \\\n--cacert=\"/etc/kubernetes/ssl/etcd/ca.crt\" \\\n--cert=\"/etc/kubernetes/ssl/apiserver-etcd-client.crt\" \\\n--key=\"/etc/kubernetes/ssl/apiserver-etcd-client.key\"\n
\u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a
+------------------------+------------------+---------+---------+-----------+------------+-----------+------------+--------------------+--------+\n| ENDPOINT | ID | VERSION | DB SIZE | IS LEADER | IS LEARNER | RAFT TERM | RAFT INDEX | RAFT APPLIED INDEX | ERRORS |\n+------------------------+------------------+---------+---------+-----------+------------+-----------+------------+--------------------+--------+\n| controller-node-1:2379 | 123c2503a378fc46 | 3.5.6 | 15 MB | true | false | 3 | 1200 | 1199 | |\n+------------------------+------------------+---------+---------+-----------+------------+-----------+------------+--------------------+--------+\n
\u6062\u590d\u5176\u4ed6\u8282\u70b9\u6570\u636e
\u4e0a\u8ff0\u6b65\u9aa4\u5df2\u7ecf\u8fd8\u539f\u4e86\u8282\u70b9 01 \u7684\u6570\u636e\uff0c\u82e5\u60f3\u8981\u8fd8\u539f\u5176\u4ed6\u8282\u70b9\u6570\u636e\uff0c\u53ea\u9700\u8981\u5c06 etcd \u7684 Pod \u542f\u52a8\u8d77\u6765\uff0c\u8ba9 etcd \u81ea\u5df1\u5b8c\u6210\u6570\u636e\u540c\u6b65\u3002
\u5728\u8282\u70b9 02 \u548c\u8282\u70b9 03 \u90fd\u6267\u884c\u76f8\u540c\u7684\u64cd\u4f5c\uff1a
mv /tmp/etcd.yaml /etc/kubernetes/manifests/etcd.yaml\n
etcd member \u96c6\u7fa4\u4e4b\u95f4\u7684\u6570\u636e\u540c\u6b65\u9700\u8981\u4e00\u5b9a\u7684\u65f6\u95f4\uff0c\u53ef\u4ee5\u67e5\u770b etcd \u96c6\u7fa4\u72b6\u6001\uff0c\u786e\u4fdd\u6240\u6709 etcd \u96c6\u7fa4\u6b63\u5e38\uff1a
\u68c0\u67e5 etcd \u96c6\u7fa4\u72b6\u6001\u662f\u5426\u6b63\u5e38:
etcdctl member list -w table \\\n--cacert=\"/etc/kubernetes/ssl/etcd/ca.crt\" \\\n--cert=\"/etc/kubernetes/ssl/apiserver-etcd-client.crt\" \\\n--key=\"/etc/kubernetes/ssl/apiserver-etcd-client.key\"\n
\u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a
+------------------+---------+-------------------+-------------------------+-------------------------+------------+\n| ID | STATUS | NAME | PEER ADDRS | CLIENT ADDRS | IS LEARNER |\n+------------------+---------+-------------------+-------------------------+-------------------------+------------+\n| 6ea47110c5a87c03 | started | controller-node-1 | https://10.5.14.31:2380 | https://10.5.14.31:2379 | false |\n| e222e199f1e318c4 | started | controller-node-2 | https://10.5.14.32:2380 | https://10.5.14.32:2379 | false |\n| f64eeda321aabe2d | started | controller-node-3 | https://10.5.14.33:2380 | https://10.5.14.33:2379 | false |\n+------------------+---------+-------------------+-------------------------+-------------------------+------------+\n
\u68c0\u67e5 3 \u4e2a member \u8282\u70b9\u662f\u5426\u6b63\u5e38:
etcdctl endpoint status --endpoints=controller-node-1:2379,controller-node-2:2379,controller-node-3:2379 -w table \\\n--cacert=\"/etc/kubernetes/ssl/etcd/ca.crt\" \\\n--cert=\"/etc/kubernetes/ssl/apiserver-etcd-client.crt\" \\\n--key=\"/etc/kubernetes/ssl/apiserver-etcd-client.key\"\n
\u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a
+------------------------+------------------+---------+---------+-----------+------------+-----------+------------+--------------------+--------+\n| ENDPOINT | ID | VERSION | DB SIZE | IS LEADER | IS LEARNER | RAFT TERM | RAFT INDEX | RAFT APPLIED INDEX | ERRORS |\n+------------------------+------------------+---------+---------+-----------+------------+-----------+------------+--------------------+--------+\n| controller-node-1:2379 | 6ea47110c5a87c03 | 3.5.6 | 88 MB | true | false | 6 | 199008 | 199008 | |\n| controller-node-2:2379 | e222e199f1e318c4 | 3.5.6 | 88 MB | false | false | 6 | 199114 | 199114 | |\n| controller-node-3:2379 | f64eeda321aabe2d | 3.5.6 | 88 MB | false | false | 6 | 199316 | 199316 | |\n+------------------------+------------------+---------+---------+-----------+------------+-----------+------------+--------------------+--------+\n
\u7b49\u6240\u6709\u8282\u70b9\u7684 etcd \u6570\u636e\u540c\u6b65\u5b8c\u6210\u540e\uff0c\u5219\u53ef\u4ee5\u5c06 kube-apiserver \u8fdb\u884c\u91cd\u65b0\u542f\u52a8\uff0c\u5c06\u6574\u4e2a\u96c6\u7fa4\u6062\u590d\u5230\u53ef\u8bbf\u95ee\u72b6\u6001\uff1a
\u91cd\u65b0\u542f\u52a8 node1 \u7684 kube-apiserver \u670d\u52a1
mv /tmp/kube-apiserver.yaml /etc/kubernetes/manifests/kube-apiserver.yaml\n
\u91cd\u65b0\u542f\u52a8 node2 \u7684 kube-apiserver \u670d\u52a1
mv /tmp/kube-apiserver.yaml /etc/kubernetes/manifests/kube-apiserver.yaml\n
\u91cd\u65b0\u542f\u52a8 node3 \u7684 kube-apiserver \u670d\u52a1
mv /tmp/kube-apiserver.yaml /etc/kubernetes/manifests/kube-apiserver.yaml\n
\u7b49\u5f85 kubelet \u5c06 kube-apiserver \u542f\u52a8\u540e\uff0c\u68c0\u67e5\u8fd8\u539f\u7684 k8s \u6570\u636e\u662f\u5426\u6b63\u5e38\uff1a
kubectl get nodes\n
\u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a
NAME STATUS ROLES AGE VERSION\ncontroller-node-1 Ready <none> 3h30m v1.25.4\ncontroller-node-3 Ready control-plane 3h29m v1.25.4\ncontroller-node-3 Ready control-plane 3h28m v1.25.4\n
\u5728 AI \u7b97\u529b\u4e2d\u5fc3\u4e2d\uff0c\u4f7f\u7528 CIS Benchmark (CIS) \u626b\u63cf\u4f7f\u7528\u754c\u9762\u521b\u5efa\u7684\u5de5\u4f5c\u96c6\u7fa4\uff0c\u6709\u4e00\u4e9b\u626b\u63cf\u9879\u5e76\u6ca1\u6709\u901a\u8fc7\u626b\u63cf\u3002 \u672c\u6587\u5c06\u57fa\u4e8e\u4e0d\u540c\u7684 CIS Benchmark \u7248\u672c\u8fdb\u884c\u52a0\u56fa\u8bf4\u660e\u3002
"},{"location":"admin/kpanda/best-practice/hardening-cluster.html#cis-benchmark-127","title":"CIS Benchmark 1.27","text":"\u626b\u63cf\u73af\u5883\u8bf4\u660e\uff1a
[FAIL] 1.2.5 Ensure that the --kubelet-certificate-authority argument is set as appropriate (Automated)
\u539f\u56e0\uff1a CIS \u8981\u6c42 kube-apiserver \u5fc5\u987b\u6307\u5b9a kubelet \u7684 CA \u8bc1\u4e66\u8def\u5f84\uff1a
[FAIL] 1.3.7 Ensure that the --bind-address argument is set to 127.0.0.1 (Automated)
\u539f\u56e0\uff1a CIS \u8981\u6c42 kube-controller-manager \u7684 --bing-address=127.0.0.1
[FAIL] 1.4.1 Ensure that the --profiling argument is set to false (Automated)
\u539f\u56e0\uff1a CIS \u8981\u6c42 kube-scheduler \u8bbe\u7f6e --profiling=false
[FAIL] 1.4.2 Ensure that the --bind-address argument is set to 127.0.0.1 (Automated)
\u539f\u56e0\uff1a CIS \u8981\u6c42 \u8bbe\u7f6e kube-scheduler \u7684 --bind-address=127.0.0.1
kubespray \u5b98\u65b9\u4e3a\u4e86\u89e3\u51b3\u8fd9\u4e9b\u5b89\u5168\u626b\u63cf\u95ee\u9898\uff0c\u5728 v2.22 \u4e2d\u6dfb\u52a0\u9ed8\u8ba4\u503c\u89e3\u51b3\u4e86\u4e00\u90e8\u5206\u95ee\u9898\uff0c \u66f4\u591a\u7ec6\u8282\u8bf7\u53c2\u8003 kubespray \u52a0\u56fa\u6587\u6863\u3002
\u901a\u8fc7\u4fee\u6539 kubean var-config \u914d\u7f6e\u6587\u4ef6\u6765\u6dfb\u52a0\u53c2\u6570\uff1a
kubernetes_audit: true\nkube_controller_manager_bind_address: 127.0.0.1\nkube_scheduler_bind_address: 127.0.0.1\nkube_kubeadm_scheduler_extra_args:\n profiling: false\nkubelet_rotate_server_certificates: true\n
\u5728 AI \u7b97\u529b\u4e2d\u5fc3\u4e2d\uff0c\u4e5f\u63d0\u4f9b\u4e86\u901a\u8fc7 UI \u6765\u914d\u7f6e\u9ad8\u7ea7\u53c2\u6570\u7684\u529f\u80fd\uff0c\u5728\u521b\u5efa\u96c6\u7fa4\u6700\u540e\u4e00\u6b65\u6dfb\u52a0\u81ea\u5b9a\u4e49\u53c2\u6570\uff1a
\u8bbe\u7f6e\u81ea\u5b9a\u4e49\u53c2\u6570\u540e\uff0c\u5728 kubean \u7684 var-config \u7684 configmap \u4e2d\u6dfb\u52a0\u4e86\u5982\u4e0b\u53c2\u6570\uff1a
\u5b89\u88c5\u96c6\u7fa4\u540e\u8fdb\u884c\u626b\u63cf\uff1a
\u626b\u63cf\u540e\u6240\u6709\u7684\u626b\u63cf\u9879\u90fd\u901a\u8fc7\u4e86\u626b\u63cf\uff08WARN \u548c INFO \u8ba1\u7b97\u4e3a PASS\uff09\uff0c \u7531\u4e8e CIS Benchmark \u4f1a\u4e0d\u65ad\u66f4\u65b0\uff0c\u6b64\u6587\u6863\u7684\u5185\u5bb9\u53ea\u9002\u7528\u4e8e CIS Benchmark 1.27\u3002
"},{"location":"admin/kpanda/best-practice/k3s-lcm.html","title":"\u8fb9\u7f18\u96c6\u7fa4\u90e8\u7f72\u548c\u7ba1\u7406\u5b9e\u8df5","text":"\u5bf9\u4e8e\u8d44\u6e90\u53d7\u9650\u7684\u8fb9\u7f18\u6216\u7269\u8054\u7f51\u573a\u666f\uff0cKubernetes \u65e0\u6cd5\u5f88\u597d\u7684\u6ee1\u8db3\u8d44\u6e90\u8981\u6c42\uff0c\u4e3a\u6b64\u9700\u8981\u4e00\u4e2a\u8f7b\u91cf\u5316 Kubernetes \u65b9\u6848\uff0c \u65e2\u80fd\u5b9e\u73b0\u5bb9\u5668\u7ba1\u7406\u548c\u7f16\u6392\u80fd\u529b\uff0c\u53c8\u80fd\u7ed9\u4e1a\u52a1\u5e94\u7528\u9884\u7559\u66f4\u591a\u8d44\u6e90\u7a7a\u95f4\u3002\u672c\u6587\u4ecb\u7ecd\u8fb9\u7f18\u96c6\u7fa4 k3s \u7684\u90e8\u7f72\u548c\u5168\u751f\u547d\u5468\u671f\u7ba1\u7406\u5b9e\u8df5\u3002
"},{"location":"admin/kpanda/best-practice/k3s-lcm.html#_2","title":"\u8282\u70b9\u89c4\u5212","text":"\u67b6\u6784
\u64cd\u4f5c\u7cfb\u7edf
CPU/\u5185\u5b58
\u5355\u8282\u70b9 K3s \u96c6\u7fa4
\u6700\u5c0f CPU \u63a8\u8350 CPU \u6700\u5c0f\u5185\u5b58 \u63a8\u8350\u5185\u5b58 K3s cluster 1 core 2 cores 1.5 GB 2 GB\u591a\u8282\u70b9 K3s \u96c6\u7fa4
\u6700\u5c0f CPU \u63a8\u8350 CPU \u6700\u5c0f\u5185\u5b58 \u63a8\u8350\u5185\u5b58 K3s server 1 core 2 cores 1 GB 1.5 GB K3s agent 1 core 2 cores 512 MB 1 GB\u8282\u70b9\u5165\u7ad9\u89c4\u5219
\u8282\u70b9\u89d2\u8272
\u767b\u5f55\u7528\u6237\u9700\u5177\u5907 root \u6743\u9650
server node agent node \u63cf\u8ff0 1 0 \u4e00\u53f0 server \u8282\u70b9 1 2 \u4e00\u53f0 server \u8282\u70b9\u3001\u4e24\u53f0 agent \u8282\u70b9 3 0 \u4e09\u53f0 server \u8282\u70b9\u4fdd\u5b58\u5b89\u88c5\u811a\u672c\u5230\u5b89\u88c5\u8282\u70b9\uff08\u4efb\u610f\u53ef\u4ee5\u8bbf\u95ee\u5230\u96c6\u7fa4\u8282\u70b9\u7684\u8282\u70b9\uff09
$ cat > k3slcm <<'EOF'\n#!/bin/bash\nset -e\n\nairgap_image=${K3S_AIRGAP_IMAGE:-}\nk3s_bin=${K3S_BINARY:-}\ninstall_script=${K3S_INSTALL_SCRIPT:-}\n\nservers=${K3S_SERVERS:-}\nagents=${K3S_AGENTS:-}\nssh_user=${SSH_USER:-root}\nssh_password=${SSH_PASSWORD:-}\nssh_privatekey_path=${SSH_PRIVATEKEY_PATH:-}\nextra_server_args=${EXTRA_SERVER_ARGS:-}\nextra_agent_args=${EXTRA_AGENT_ARGS:-}\nfirst_server=$(cut -d, -f1 <<<\"$servers,\")\nother_servers=$(cut -d, -f2- <<<\"$servers,\")\n\ninstall_script_env=\"INSTALL_K3S_SKIP_SELINUX_RPM=true INSTALL_K3S_SELINUX_WARN=true \"\n[ -n \"$K3S_VERSION\" ] && install_script_env+=\"INSTALL_K3S_VERSION=$K3S_VERSION \"\n\nssh_opts=\"-q -o StrictHostkeyChecking=no -o UserKnownHostsFile=/dev/null -o ControlPath=/tmp/ssh_mux_%h_%p_%r -o ControlMaster=auto -o ControlPersist=10m\"\n\nif [ -n \"$ssh_privatekey_path\" ]; then\n ssh_opts+=\" -i $ssh_privatekey_path\"\nelif [ -n \"$ssh_password\" ]; then\n askpass=$(mktemp)\n echo \"echo -n $ssh_password\" > $askpass\n chmod 0755 $askpass\n export SSH_ASKPASS=$askpass SSH_ASKPASS_REQUIRE=force\nelse\n echo \"SSH_PASSWORD or SSH_PRIVATEKEY_PATH must be provided\" && exit 1\nfi\n\nlog_info() { echo -e \"\\033[36m* $*\\033[0m\"; }\nclean() { rm -f $askpass; }\ntrap clean EXIT\n\nIFS=',' read -ra all_nodes <<< \"$servers,$agents\"\nif [ -n \"$k3s_bin\" ]; then\n for node in ${all_nodes[@]}; do\n chmod +x \"$k3s_bin\" \"$install_script\"\n ssh $ssh_opts \"$ssh_user@$node\" \"mkdir -p /usr/local/bin /var/lib/rancher/k3s/agent/images\"\n log_info \"Copying $airgap_image to $node\"\n scp -O $ssh_opts \"$airgap_image\" \"$ssh_user@$node:/var/lib/rancher/k3s/agent/images\"\n log_info \"Copying $k3s_bin to $node\"\n scp -O $ssh_opts \"$k3s_bin\" \"$ssh_user@$node:/usr/local/bin/k3s\"\n log_info \"Copying $install_script to $node\"\n scp -O $ssh_opts \"$install_script\" \"$ssh_user@$node:/usr/local/bin/k3s-install.sh\"\n done\n install_script_env+=\"INSTALL_K3S_SKIP_DOWNLOAD=true \"\nelse\n for node in ${all_nodes[@]}; do\n log_info \"Downloading install script for $node\"\n ssh $ssh_opts \"$ssh_user@$node\" \"curl -sSLo /usr/local/bin/k3s-install.sh https://get.k3s.io/ && chmod +x /usr/local/bin/k3s-install.sh\"\n done\nfi\n\nrestart_k3s() {\n local node=$1\n previous_k3s_version=$(ssh $ssh_opts \"$ssh_user@$first_server\" \"kubectl get no -o wide | awk '\\$6==\\\"$node\\\" {print \\$5}'\")\n [ -n \"$previous_k3s_version\" -a \"$previous_k3s_version\" != \"$K3S_VERSION\" -a -n \"$k3s_bin\" ] && return 0 || return 1\n}\n\ntoken=mynodetoken\ninstall_script_env+=${K3S_INSTALL_SCRIPT_ENV:-}\nif [ -z \"$other_servers\" ]; then\n log_info \"Installing on server node [$first_server]\"\n ssh $ssh_opts \"$ssh_user@$first_server\" \"env $install_script_env /usr/local/bin/k3s-install.sh server --token $token $extra_server_args\"\n ! restart_k3s \"$first_server\" || ssh $ssh_opts \"$ssh_user@$first_server\" \"systemctl restart k3s.service\"\nelse\n log_info \"Installing on first server node [$first_server]\"\n ssh $ssh_opts \"$ssh_user@$first_server\" \"env $install_script_env /usr/local/bin/k3s-install.sh server --cluster-init --token $token $extra_server_args\"\n ! restart_k3s \"$first_server\" || ssh $ssh_opts \"$ssh_user@$first_server\" \"systemctl restart k3s.service\"\n IFS=',' read -ra other_server_nodes <<< \"$other_servers\"\n for node in ${other_server_nodes[@]}; do\n log_info \"Installing on other server node [$node]\"\n ssh $ssh_opts \"$ssh_user@$node\" \"env $install_script_env /usr/local/bin/k3s-install.sh server --server https://$first_server:6443 --token $token $extra_server_args\"\n ! restart_k3s \"$node\" || ssh $ssh_opts \"$ssh_user@$node\" \"systemctl restart k3s.service\"\n done\nfi\n\nif [ -n \"$agents\" ]; then\n IFS=',' read -ra agent_nodes <<< \"$agents\"\n for node in ${agent_nodes[@]}; do\n log_info \"Installing on agent node [$node]\"\n ssh $ssh_opts \"$ssh_user@$node\" \"env $install_script_env K3S_TOKEN=$token K3S_URL=https://$first_server:6443 /usr/local/bin/k3s-install.sh agent --token $token $extra_agent_args\"\n ! restart_k3s \"$node\" || ssh $ssh_opts \"$ssh_user@$node\" \"systemctl restart k3s-agent.service\"\n done\nfi\nEOF\n
\uff08\u53ef\u9009\uff09\u79bb\u7ebf\u73af\u5883\u4e0b\uff0c\u5728\u4e00\u53f0\u53ef\u8054\u7f51\u8282\u70b9\u4e0b\u8f7d K3s \u76f8\u5173\u79bb\u7ebf\u8d44\u6e90\uff0c\u5e76\u62f7\u8d1d\u5230\u5b89\u88c5\u8282\u70b9
## [\u8054\u7f51\u8282\u70b9\u6267\u884c]\n\n# \u8bbe\u7f6e K3s \u7248\u672c\u4e3a v1.30.2+k3s1\n$ export k3s_version=v1.30.2+k3s1\n\n# \u79bb\u7ebf\u955c\u50cf\u5305\n# arm64\u94fe\u63a5\u4e3a https://github.com/k3s-io/k3s/releases/download/$k3s_version/k3s-airgap-images-arm64.tar.zst\n$ curl -LO https://github.com/k3s-io/k3s/releases/download/$k3s_version/k3s-airgap-images-amd64.tar.zst\n\n# k3s \u4e8c\u8fdb\u5236\u6587\u4ef6\n# arm64\u94fe\u63a5\u4e3a https://github.com/k3s-io/k3s/releases/download/$k3s_version/k3s-arm64\n$ curl -LO https://github.com/k3s-io/k3s/releases/download/$k3s_version/k3s\n\n# \u5b89\u88c5\u90e8\u7f72\u811a\u672c\n$ curl -Lo k3s-install.sh https://get.k3s.io/\n\n## \u4e0a\u8ff0\u8d44\u6e90\u62f7\u8d1d\u5230\u5b89\u88c5\u8282\u70b9\u6587\u4ef6\u7cfb\u7edf\u4e0a\n\n## [\u5b89\u88c5\u8282\u70b9\u6267\u884c]\n$ export K3S_AIRGAP_IMAGE=<\u8d44\u6e90\u5b58\u653e\u76ee\u5f55>/k3s-airgap-images-amd64.tar.zst \n$ export K3S_BINARY=<\u8d44\u6e90\u5b58\u653e\u76ee\u5f55>/k3s \n$ export K3S_INSTALL_SCRIPT=<\u8d44\u6e90\u5b58\u653e\u76ee\u5f55>/k3s-install.sh\n
\u5173\u95ed\u9632\u706b\u5899\u548c swap\uff08\u82e5\u9632\u706b\u5899\u65e0\u6cd5\u5173\u95ed\uff0c\u53ef\u653e\u884c\u4e0a\u8ff0\u5165\u7ad9\u7aef\u53e3\uff09
# Ubuntu \u5173\u95ed\u9632\u706b\u5899\u65b9\u6cd5\n$ sudo ufw disable\n# RHEL / CentOS / Fedora / SUSE \u5173\u95ed\u9632\u706b\u5899\u65b9\u6cd5\n$ systemctl disable firewalld --now\n$ sudo swapoff -a\n$ sudo sed -i '/swap/s/^/#/' /etc/fstab\n
\u4e0b\u6587\u6d4b\u8bd5\u73af\u5883\u4fe1\u606f\u4e3a Ubuntu 22.04 LTS, amd64\uff0c\u79bb\u7ebf\u5b89\u88c5
\u5728\u5b89\u88c5\u8282\u70b9\u6839\u636e\u90e8\u7f72\u89c4\u5212\u8bbe\u7f6e\u8282\u70b9\u4fe1\u606f\uff0c\u5e76\u5bfc\u51fa\u73af\u5883\u53d8\u91cf\uff0c\u591a\u4e2a\u8282\u70b9\u4ee5\u534a\u89d2\u9017\u53f7 ,
\u5206\u9694
export K3S_SERVERS=172.30.41.5 $ export SSH_USER=root\n# \u82e5\u4f7f\u7528 public key \u65b9\u5f0f\u767b\u5f55\uff0c\u786e\u4fdd\u5df2\u5c06\u516c\u94a5\u6dfb\u52a0\u5230\u5404\u8282\u70b9\u7684 ~/.ssh/authorized_keys\n\nexport SSH_PRIVATEKEY_PATH=<\u79c1\u94a5\u8def\u5f84>\nexport SSH_PASSWORD=<SSH\u5bc6\u7801>\n
export K3S_SERVERS=172.30.41.5\nexport K3S_AGENTS=172.30.41.6,172.30.41.7\nexport SSH_USER=root\n\n# \u82e5\u4f7f\u7528 public key \u65b9\u5f0f\u767b\u5f55\uff0c\u786e\u4fdd\u5df2\u5c06\u516c\u94a5\u6dfb\u52a0\u5230\u5404\u8282\u70b9\u7684 ~/.ssh/authorized_keys\nexport SSH_PRIVATEKEY_PATH=<\u79c1\u94a5\u8def\u5f84>\nexport SSH_PASSWORD=<SSH\u5bc6\u7801>\n
export K3S_SERVERS=172.30.41.5,172.30.41.6,172.30.41.7\nexport SSH_USER=root\n\n# \u82e5\u4f7f\u7528 public key \u65b9\u5f0f\u767b\u5f55\uff0c\u786e\u4fdd\u5df2\u5c06\u516c\u94a5\u6dfb\u52a0\u5230\u5404\u8282\u70b9\u7684 ~/.ssh/authorized_keys\nexport SSH_PRIVATEKEY_PATH=<\u79c1\u94a5\u8def\u5f84>\nexport SSH_PASSWORD=<SSH\u5bc6\u7801>\n
\u6267\u884c\u90e8\u7f72\u64cd\u4f5c
\u4ee5 3 server / 0 agent \u6a21\u5f0f\u4e3a\u4f8b\uff0c\u6bcf\u53f0\u673a\u5668\u5fc5\u987b\u6709\u4e00\u4e2a\u552f\u4e00\u7684\u4e3b\u673a\u540d
# \u82e5\u6709\u66f4\u591a K3s \u5b89\u88c5\u811a\u672c\u73af\u5883\u53d8\u91cf\u8bbe\u7f6e\u9700\u6c42\uff0c\u8bf7\u8bbe\u7f6e K3S_INSTALL_SCRIPT_ENV\uff0c\u5176\u503c\u53c2\u8003 https://docs.k3s.io/reference/env-variables\n# \u82e5\u9700\u5bf9 server \u6216 agent \u8282\u70b9\u4f5c\u51fa\u989d\u5916\u914d\u7f6e\uff0c\u8bf7\u8bbe\u7f6e EXTRA_SERVER_ARGS \u6216 EXTRA_AGENT_ARGS\uff0c\u5176\u503c\u53c2\u8003 https://docs.k3s.io/cli/server https://docs.k3s.io/cli/agent\n$ bash k3slcm\n* Copying ./v1.30.2/k3s-airgap-images-amd64.tar.zst to 172.30.41.5\n* Copying ./v1.30.2/k3s to 172.30.41.5\n* Copying ./v1.30.2/k3s-install.sh to 172.30.41.5\n* Copying ./v1.30.2/k3s-airgap-images-amd64.tar.zst to 172.30.41.6\n* Copying ./v1.30.2/k3s to 172.30.41.6\n* Copying ./v1.30.2/k3s-install.sh to 172.30.41.6\n* Copying ./v1.30.2/k3s-airgap-images-amd64.tar.zst to 172.30.41.7\n* Copying ./v1.30.2/k3s to 172.30.41.7\n* Copying ./v1.30.2/k3s-install.sh to 172.30.41.7\n* Installing on first server node [172.30.41.5]\n[INFO] Skipping k3s download and verify\n[INFO] Skipping installation of SELinux RPM\n[INFO] Creating /usr/local/bin/kubectl symlink to k3s\n[INFO] Creating /usr/local/bin/crictl symlink to k3s\n[INFO] Creating /usr/local/bin/ctr symlink to k3s\n[INFO] Creating killall script /usr/local/bin/k3s-killall.sh\n[INFO] Creating uninstall script /usr/local/bin/k3s-uninstall.sh\n[INFO] env: Creating environment file /etc/systemd/system/k3s.service.env\n[INFO] systemd: Creating service file /etc/systemd/system/k3s.service\n[INFO] systemd: Enabling k3s unit\nCreated symlink /etc/systemd/system/multi-user.target.wants/k3s.service \u2192 /etc/systemd/system/k3s.service.\n[INFO] systemd: Starting k3s\n* Installing on other server node [172.30.41.6]\n......\n
\u68c0\u67e5\u96c6\u7fa4\u72b6\u6001
$ kubectl get no -owide\nNAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME\nserver1 Ready control-plane,etcd,master 3m51s v1.30.2+k3s1 172.30.41.5 <none> Ubuntu 22.04.3 LTS 5.15.0-78-generic containerd://1.7.17-k3s1\nserver2 Ready control-plane,etcd,master 3m18s v1.30.2+k3s1 172.30.41.6 <none> Ubuntu 22.04.3 LTS 5.15.0-78-generic containerd://1.7.17-k3s1\nserver3 Ready control-plane,etcd,master 3m7s v1.30.2+k3s1 172.30.41.7 <none> Ubuntu 22.04.3 LTS 5.15.0-78-generic containerd://1.7.17-k3s1\n\n$ kubectl get pod --all-namespaces -owide\nNAMESPACE NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES\nkube-system coredns-576bfc4dc7-z4x2s 1/1 Running 0 8m31s 10.42.0.3 server1 <none> <none>\nkube-system helm-install-traefik-98kh5 0/1 Completed 1 8m31s 10.42.0.4 server1 <none> <none>\nkube-system helm-install-traefik-crd-9xtfd 0/1 Completed 0 8m31s 10.42.0.5 server1 <none> <none>\nkube-system local-path-provisioner-86f46b7bf7-qt995 1/1 Running 0 8m31s 10.42.0.6 server1 <none> <none>\nkube-system metrics-server-557ff575fb-kptsh 1/1 Running 0 8m31s 10.42.0.2 server1 <none> <none>\nkube-system svclb-traefik-f95cc81c-mgcjh 2/2 Running 0 6m28s 10.42.1.3 server2 <none> <none>\nkube-system svclb-traefik-f95cc81c-xtb8f 2/2 Running 0 6m28s 10.42.2.2 server3 <none> <none>\nkube-system svclb-traefik-f95cc81c-zcsxl 2/2 Running 0 6m28s 10.42.0.7 server1 <none> <none>\nkube-system traefik-5fb479b77-6pbh5 1/1 Running 0 6m28s 10.42.1.2 server2 <none> <none>\n
v1.30.3+k3s1
\u7248\u672c\uff0c\u6309\u7167 \u524d\u7f6e\u51c6\u5907
\u6b65\u9aa4 2 \u91cd\u65b0\u4e0b\u8f7d\u79bb\u7ebf\u8d44\u6e90\u5e76\u62f7\u8d1d\u5230\u5b89\u88c5\u8282\u70b9\uff0c\u540c\u65f6\u5728\u5b89\u88c5\u8282\u70b9\u5bfc\u51fa\u79bb\u7ebf\u8d44\u6e90\u8def\u5f84\u73af\u5883\u53d8\u91cf\u3002\uff08\u82e5\u4e3a\u8054\u7f51\u5347\u7ea7\uff0c\u5219\u8df3\u8fc7\u6b64\u64cd\u4f5c\uff09\u6267\u884c\u5347\u7ea7\u64cd\u4f5c
$ export K3S_VERSION=v1.30.3+k3s1\n$ bash k3slcm\n* Copying ./v1.30.3/k3s-airgap-images-amd64.tar.zst to 172.30.41.5\n* Copying ./v1.30.3/k3s to 172.30.41.5\n* Copying ./v1.30.3/k3s-install.sh to 172.30.41.5\n* Copying ./v1.30.3/k3s-airgap-images-amd64.tar.zst to 172.30.41.6\n* Copying ./v1.30.3/k3s to 172.30.41.6\n* Copying ./v1.30.3/k3s-install.sh to 172.30.41.6\n* Copying ./v1.30.3/k3s-airgap-images-amd64.tar.zst to 172.30.41.7\n* Copying ./v1.30.3/k3s to 172.30.41.7\n* Copying ./v1.30.3/k3s-install.sh to 172.30.41.7\n* Installing on first server node [172.30.41.5]\n[INFO] Skipping k3s download and verify\n[INFO] Skipping installation of SELinux RPM\n[INFO] Skipping /usr/local/bin/kubectl symlink to k3s, already exists\n[INFO] Skipping /usr/local/bin/crictl symlink to k3s, already exists\n[INFO] Skipping /usr/local/bin/ctr symlink to k3s, already exists\n[INFO] Creating killall script /usr/local/bin/k3s-killall.sh\n[INFO] Creating uninstall script /usr/local/bin/k3s-uninstall.sh\n[INFO] env: Creating environment file /etc/systemd/system/k3s.service.env\n[INFO] systemd: Creating service file /etc/systemd/system/k3s.service\n[INFO] systemd: Enabling k3s unit\nCreated symlink /etc/systemd/system/multi-user.target.wants/k3s.service \u2192 /etc/systemd/system/k3s.service.\n[INFO] No change detected so skipping service start\n* Installing on other server node [172.30.41.6]\n......\n
\u68c0\u67e5\u96c6\u7fa4\u72b6\u6001
$ kubectl get node -owide\nNAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME\nserver1 Ready control-plane,etcd,master 18m v1.30.3+k3s1 172.30.41.5 <none> Ubuntu 22.04.3 LTS 5.15.0-78-generic containerd://1.7.17-k3s1\nserver2 Ready control-plane,etcd,master 17m v1.30.3+k3s1 172.30.41.6 <none> Ubuntu 22.04.3 LTS 5.15.0-78-generic containerd://1.7.17-k3s1\nserver3 Ready control-plane,etcd,master 17m v1.30.3+k3s1 172.30.41.7 <none> Ubuntu 22.04.3 LTS 5.15.0-78-generic containerd://1.7.17-k3s1\n\n$ kubectl get po --all-namespaces -owide\nNAMESPACE NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES\nkube-system coredns-576bfc4dc7-z4x2s 1/1 Running 0 18m 10.42.0.3 server1 <none> <none>\nkube-system helm-install-traefik-98kh5 0/1 Completed 1 18m <none> server1 <none> <none>\nkube-system helm-install-traefik-crd-9xtfd 0/1 Completed 0 18m <none> server1 <none> <none>\nkube-system local-path-provisioner-6795b5f9d8-t4rvm 1/1 Running 0 2m49s 10.42.2.3 server3 <none> <none>\nkube-system metrics-server-557ff575fb-kptsh 1/1 Running 0 18m 10.42.0.2 server1 <none> <none>\nkube-system svclb-traefik-f95cc81c-mgcjh 2/2 Running 0 16m 10.42.1.3 server2 <none> <none>\nkube-system svclb-traefik-f95cc81c-xtb8f 2/2 Running 0 16m 10.42.2.2 server3 <none> <none>\nkube-system svclb-traefik-f95cc81c-zcsxl 2/2 Running 0 16m 10.42.0.7 server1 <none> <none>\nkube-system traefik-5fb479b77-6pbh5 1/1 Running 0 16m 10.42.1.2 server2 <none> <none>\n
\u5982\u6dfb\u52a0\u65b0\u7684 agent \u8282\u70b9\uff1a
export K3S_AGENTS=172.30.41.8\n
\u6dfb\u52a0\u65b0\u7684 server \u8282\u70b9\u5982\u4e0b\uff1a
< export K3S_SERVERS=172.30.41.5,172.30.41.6,172.30.41.7\n---\n> export K3S_SERVERS=172.30.41.5,172.30.41.6,172.30.41.7,172.30.41.8,172.30.41.9\n
\u6267\u884c\u6269\u5bb9\u64cd\u4f5c\uff08\u4ee5\u6dfb\u52a0 agent \u8282\u70b9\u4e3a\u4f8b\uff09
$ bash k3slcm\n* Copying ./v1.30.3/k3s-airgap-images-amd64.tar.zst to 172.30.41.5\n* Copying ./v1.30.3/k3s to 172.30.41.5\n* Copying ./v1.30.3/k3s-install.sh to 172.30.41.5\n* Copying ./v1.30.3/k3s-airgap-images-amd64.tar.zst to 172.30.41.6\n* Copying ./v1.30.3/k3s to 172.30.41.6\n* Copying ./v1.30.3/k3s-install.sh to 172.30.41.6\n* Copying ./v1.30.3/k3s-airgap-images-amd64.tar.zst to 172.30.41.7\n* Copying ./v1.30.3/k3s to 172.30.41.7\n* Copying ./v1.30.3/k3s-install.sh to 172.30.41.7\n* Copying ./v1.30.3/k3s-airgap-images-amd64.tar.zst to 172.30.41.8\n* Copying ./v1.30.3/k3s to 172.30.41.8\n* Copying ./v1.30.3/k3s-install.sh to 172.30.41.8\n* Installing on first server node [172.30.41.5]\n[INFO] Skipping k3s download and verify\n[INFO] Skipping installation of SELinux RPM\n[INFO] Skipping /usr/local/bin/kubectl symlink to k3s, already exists\n[INFO] Skipping /usr/local/bin/crictl symlink to k3s, already exists\n[INFO] Skipping /usr/local/bin/ctr symlink to k3s, already exists\n[INFO] Creating killall script /usr/local/bin/k3s-killall.sh\n[INFO] Creating uninstall script /usr/local/bin/k3s-uninstall.sh\n[INFO] env: Creating environment file /etc/systemd/system/k3s.service.env\n[INFO] systemd: Creating service file /etc/systemd/system/k3s.service\n[INFO] systemd: Enabling k3s unit\nCreated symlink /etc/systemd/system/multi-user.target.wants/k3s.service \u2192 /etc/systemd/system/k3s.service.\n[INFO] No change detected so skipping service start\n......\n* Installing on agent node [172.30.41.8]\n[INFO] Skipping k3s download and verify\n[INFO] Skipping installation of SELinux RPM\n[INFO] Creating /usr/local/bin/kubectl symlink to k3s\n[INFO] Creating /usr/local/bin/crictl symlink to k3s\n[INFO] Creating /usr/local/bin/ctr symlink to k3s\n[INFO] Creating killall script /usr/local/bin/k3s-killall.sh\n[INFO] Creating uninstall script /usr/local/bin/k3s-agent-uninstall.sh\n[INFO] env: Creating environment file /etc/systemd/system/k3s-agent.service.env\n[INFO] systemd: Creating service file /etc/systemd/system/k3s-agent.service\n[INFO] systemd: Enabling k3s-agent unit\nCreated symlink /etc/systemd/system/multi-user.target.wants/k3s-agent.service \u2192 /etc/systemd/system/k3s-agent.service.\n[INFO] systemd: Starting k3s-agent\n
\u68c0\u67e5\u96c6\u7fa4\u72b6\u6001
$ kubectl get node -owide\nNAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME\nagent1 Ready <none> 57s v1.30.3+k3s1 172.30.41.8 <none> Ubuntu 22.04.3 LTS 5.15.0-78-generic containerd://1.7.17-k3s1\nserver1 Ready control-plane,etcd,master 12m v1.30.3+k3s1 172.30.41.5 <none> Ubuntu 22.04.3 LTS 5.15.0-78-generic containerd://1.7.17-k3s1\nserver2 Ready control-plane,etcd,master 11m v1.30.3+k3s1 172.30.41.6 <none> Ubuntu 22.04.3 LTS 5.15.0-78-generic containerd://1.7.17-k3s1\nserver3 Ready control-plane,etcd,master 11m v1.30.3+k3s1 172.30.41.7 <none> Ubuntu 22.04.3 LTS 5.15.0-78-generic containerd://1.7.17-k3s1\n
k3s-uninstall.sh
\u6216 k3s-agent-uninstall.sh
\u5728\u4efb\u610f server \u8282\u70b9\u4e0a\u6267\u884c\uff1a
kubectl delete node <\u8282\u70b9\u540d\u79f0>\n
k3s-uninstall.sh
k3s-agent-uninstall.sh
\u4e3a\u4e86\u6ee1\u8db3\u5ba2\u6237\u5bf9\u4f4e\u7248\u672c\u7684 K8s \u96c6\u7fa4\u7684\u642d\u5efa\uff0cKubean \u63d0\u4f9b\u4e86\u5411\u4e0b\u517c\u5bb9\u5e76\u521b\u5efa\u4f4e\u7248\u672c\u7684 K8s \u96c6\u7fa4\u80fd\u529b\uff0c\u7b80\u79f0\u5411\u4e0b\u517c\u5bb9\u7248\u672c\u7684\u80fd\u529b\u3002
\u76ee\u524d\u652f\u6301\u81ea\u5efa\u5de5\u4f5c\u96c6\u7fa4\u7248\u672c\u8303\u56f4\u5728 v1.26-v1.28
\uff0c\u53ef\u4ee5\u53c2\u9605 AI \u7b97\u529b\u4e2d\u5fc3\u96c6\u7fa4\u7248\u672c\u652f\u6301\u4f53\u7cfb\u3002
\u672c\u6587\u5c06\u6f14\u793a\u5982\u4f55\u90e8\u7f72\u4f4e\u7248\u672c\u7684 K8s \u96c6\u7fa4\u3002
Note
\u672c\u6587\u6f14\u793a\u7684\u8282\u70b9\u73af\u5883\u4e3a\uff1a
\u51c6\u5907\u4e00\u4e2a Kubean \u6240\u5728\u7684\u7ba1\u7406\u96c6\u7fa4\uff0c\u5e76\u4e14\u5f53\u524d\u73af\u5883\u5df2\u7ecf\u90e8\u7f72\u652f\u6301 podman
\u3001skopeo
\u3001minio client
\u547d\u4ee4\u3002 \u5982\u679c\u4e0d\u652f\u6301\uff0c\u53ef\u901a\u8fc7\u811a\u672c\u8fdb\u884c\u5b89\u88c5\u4f9d\u8d56\u7ec4\u4ef6\u3002
\u524d\u5f80 kubean \u67e5\u770b\u53d1\u5e03\u7684\u5236\u54c1\uff0c \u5e76\u6839\u636e\u5b9e\u9645\u60c5\u51b5\u9009\u62e9\u5177\u4f53\u7684\u5236\u54c1\u7248\u672c\u3002\u76ee\u524d\u652f\u6301\u7684\u5236\u54c1\u7248\u672c\u53ca\u5bf9\u5e94\u7684\u96c6\u7fa4\u7248\u672c\u8303\u56f4\u5982\u4e0b\uff1a
\u5236\u54c1\u5305\u7248\u672c \u652f\u6301\u96c6\u7fa4\u8303\u56f4 AI \u7b97\u529b\u4e2d\u5fc3\u652f\u6301\u60c5\u51b5 release-2.21 v1.23.0 ~ v1.25.6 \u5b89\u88c5\u5668 v0.14.0+ \u5df2\u652f\u6301 release-2.22 v1.24.0 ~ v1.26.13 \u5b89\u88c5\u5668 v0.15.0+ \u5df2\u652f\u6301 release-2.23 v1.25.0 ~ v1.27.10 \u5b89\u88c5\u5668 v0.16.0+ \u5df2\u652f\u6301 release-2.24 v1.26.0 ~ v1.29.1 \u5b89\u88c5\u5668 v0.17.0+ \u5df2\u652f\u6301 release-2.25 v1.27.0 ~ v1.29.5 \u5b89\u88c5\u5668 v0.20.0+ \u5df2\u652f\u6301Tip
\u5728\u9009\u62e9\u5236\u54c1\u7248\u672c\u65f6\uff0c\u4e0d\u4ec5\u9700\u8981\u53c2\u8003\u96c6\u7fa4\u7248\u672c\u8303\u56f4\uff0c\u8fd8\u9700\u5224\u65ad\u8be5\u5236\u54c1 manifest \u8d44\u6e90\u4e2d\u76f8\u5e94\u7ec4\u4ef6(\u5982 calico\u3001containerd)\u7248\u672c\u8303\u56f4\u662f\u5426\u8986\u76d6\u5f53\u524d\u96c6\u7fa4\u8be5\u7ec4\u4ef6\u7248\u672c\uff01
\u672c\u6587\u6f14\u793a\u79bb\u7ebf\u90e8\u7f72 K8s \u96c6\u7fa4\u5230 1.23.0 \u7248\u672c\u53ca\u79bb\u7ebf\u5347\u7ea7 K8s \u96c6\u7fa4\u4ece 1.23.0 \u7248\u672c\u5230 1.24.0 \u7248\u672c\uff0c\u6240\u4ee5\u9009\u62e9 release-2.21
\u7684\u5236\u54c1\u3002
\u5c06 spray-job \u955c\u50cf\u5bfc\u5165\u5230\u79bb\u7ebf\u73af\u5883\u7684 Registry\uff08\u955c\u50cf\u4ed3\u5e93\uff09\u4e2d\u3002
# \u5047\u8bbe\u706b\u79cd\u96c6\u7fa4\u4e2d\u7684 registry \u5730\u5740\u4e3a 172.30.41.200\nREGISTRY_ADDR=\"172.30.41.200\"\n\n# \u955c\u50cf spray-job \u8fd9\u91cc\u53ef\u4ee5\u91c7\u7528\u52a0\u901f\u5668\u5730\u5740\uff0c\u955c\u50cf\u5730\u5740\u6839\u636e\u9009\u62e9\u5236\u54c1\u7248\u672c\u6765\u51b3\u5b9a\nSPRAY_IMG_ADDR=\"ghcr.m.daocloud.io/kubean-io/spray-job:2.21-d6f688f\"\n\n# skopeo \u53c2\u6570\nSKOPEO_PARAMS=\" --insecure-policy -a --dest-tls-verify=false --retry-times=3 \"\n\n# \u5728\u7ebf\u73af\u5883\uff1a\u5bfc\u51fa release-2.21 \u7248\u672c\u7684 spray-job \u955c\u50cf\uff0c\u5e76\u5c06\u5176\u8f6c\u79fb\u5230\u79bb\u7ebf\u73af\u5883\nskopeo copy docker://${SPRAY_IMG_ADDR} docker-archive:spray-job-2.21.tar\n\n# \u79bb\u7ebf\u73af\u5883\uff1a\u5bfc\u5165 release-2.21 \u7248\u672c\u7684 spray-job \u955c\u50cf\u5230\u706b\u79cd registry\nskopeo copy ${SKOPEO_PARAMS} docker-archive:spray-job-2.21.tar docker://${REGISTRY_ADDR}/${SPRAY_IMG_ADDR/.m.daocloud/}\n
"},{"location":"admin/kpanda/best-practice/kubean-low-version.html#k8s","title":"\u5236\u4f5c\u4f4e\u7248\u672c K8s \u79bb\u7ebf\u8d44\u6e90","text":"\u51c6\u5907 manifest.yml \u6587\u4ef6\u3002
cat > \"manifest.yml\" <<EOF\nimage_arch:\n - \"amd64\" ## \"arm64\"\nkube_version: ## \u6839\u636e\u5b9e\u9645\u573a\u666f\u586b\u5199\u96c6\u7fa4\u7248\u672c\n - \"v1.23.0\"\n - \"v1.24.0\"\nEOF\n
\u5236\u4f5c\u79bb\u7ebf\u589e\u91cf\u5305\u3002
# \u521b\u5efa data \u76ee\u5f55\nmkdir data\n# \u5236\u4f5c\u79bb\u7ebf\u5305\uff0c\nAIRGAP_IMG_ADDR=\"ghcr.m.daocloud.io/kubean-io/airgap-patch:2.21-d6f688f\" # (1)!\npodman run --rm -v $(pwd)/manifest.yml:/manifest.yml -v $(pwd)/data:/data -e ZONE=CN -e MODE=FULL ${AIRGAP_IMG_ADDR}\n
\u5bfc\u5165\u5bf9\u5e94 k8s \u7248\u672c\u7684\u79bb\u7ebf\u955c\u50cf\u4e0e\u4e8c\u8fdb\u5236\u5305
# \u5c06\u4e0a\u4e00\u6b65 data \u76ee\u5f55\u4e2d\u7684\u4e8c\u8fdb\u5236\u5bfc\u5165\u4e8c\u8fdb\u5236\u5305\u81f3\u706b\u79cd\u8282\u70b9\u7684 MinIO \u4e2d\ncd ./data/amd64/files/\nMINIO_ADDR=\"http://127.0.0.1:9000\" # (1)!\nMINIO_USER=rootuser MINIO_PASS=rootpass123 ./import_files.sh ${MINIO_ADDR}\n\n# \u5c06\u4e0a\u4e00\u6b65 data \u76ee\u5f55\u4e2d\u7684\u955c\u50cf\u5bfc\u5165\u4e8c\u8fdb\u5236\u5305\u81f3\u706b\u79cd\u8282\u70b9\u7684\u955c\u50cf\u4ed3\u5e93\u4e2d\ncd ./data/amd64/images/\nREGISTRY_ADDR=\"127.0.0.1\" ./import_images.sh # (2)!\n
\u5c06 manifest
\u3001localartifactset.cr.yaml
\u81ea\u5b9a\u4e49\u8d44\u6e90\u90e8\u7f72\u5230 Kubean \u6240\u5728\u7684\u7ba1\u7406\u96c6\u7fa4\u6216\u8005\u5168\u5c40\u670d\u52a1\u96c6\u7fa4 \u5f53\u4e2d\uff0c\u672c\u4f8b\u4f7f\u7528\u7684\u662f\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u3002
# \u90e8\u7f72 data \u6587\u4ef6\u76ee\u5f55\u4e0b\u7684 localArtifactSet \u8d44\u6e90\ncd ./data\nkubectl apply -f localartifactset.cr.yaml\n\n# \u4e0b\u8f7d release-2.21 \u7248\u672c\u7684 manifest \u8d44\u6e90\nwget https://raw.githubusercontent.com/kubean-io/kubean-manifest/main/manifests/manifest-2.21-d6f688f.yml\n\n# \u90e8\u7f72 release-2.21 \u5bf9\u5e94\u7684 manifest \u8d44\u6e90\nkubectl apply -f manifest-2.21-d6f688f.yml\n
\u524d\u5f80 \u5bb9\u5668\u7ba1\u7406 \uff0c\u5728 \u96c6\u7fa4\u5217\u8868 \u9875\u9762\u4e2d\uff0c\u70b9\u51fb \u521b\u5efa\u96c6\u7fa4 \u6309\u94ae\u3002
\u88ab\u7eb3\u7ba1
\u53c2\u6570\u9009\u62e9 manifest
\u3001localartifactset.cr.yaml
\u81ea\u5b9a\u4e49\u8d44\u6e90\u90e8\u7f72\u7684\u96c6\u7fa4\uff0c\u672c\u4f8b\u4f7f\u7528\u7684\u662f\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u3002
\u5176\u4f59\u53c2\u6570\u53c2\u8003\u521b\u5efa\u96c6\u7fa4\u3002
\u9009\u62e9\u65b0\u521b\u5efa\u7684\u96c6\u7fa4\uff0c\u8fdb\u53bb\u8be6\u60c5\u754c\u9762\u3002
\u7136\u540e\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u96c6\u7fa4\u8fd0\u7ef4 -> \u96c6\u7fa4\u5347\u7ea7 \uff0c\u5728\u9875\u9762\u53f3\u4e0a\u89d2\u70b9\u51fb \u7248\u672c\u5347\u7ea7
\u9009\u62e9\u53ef\u7528\u7684\u96c6\u7fa4\u8fdb\u884c\u5347\u7ea7\u3002
Docker \u5728 17.07.0-ce \u7248\u672c\u4e2d\u5f15\u5165 overlay2.zize\uff0c\u672c\u6587\u4ecb\u7ecd\u5982\u4f55\u4f7f\u7528 overlay2.zize \u6765\u9650\u5236 docker \u5355\u5bb9\u5668\u53ef\u5360\u7528\u7684\u78c1\u76d8\u7a7a\u95f4\u3002
"},{"location":"admin/kpanda/best-practice/limit-disk-usage-docker.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u5728\u914d\u7f6e docker overlay2.size \u4e4b\u524d\uff0c\u9700\u8981\u8c03\u6574\u64cd\u4f5c\u7cfb\u7edf\u4e2d\u6587\u4ef6\u7cfb\u7edf\u7c7b\u578b\u4e3a xfs \u5e76\u4f7f\u7528 pquota \u65b9\u5f0f\u8fdb\u884c\u8bbe\u5907\u6302\u8f7d\u3002
\u683c\u5f0f\u5316\u8bbe\u5907\u4e3a XFS \u6587\u4ef6\u7cfb\u7edf\uff0c\u53ef\u4ee5\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a
mkfs.xfs -f /dev/xxx\n
Note
pquota \u9650\u5236\u7684\u662f\u9879\u76ee\uff08project\uff09\u78c1\u76d8\u914d\u989d\u3002
"},{"location":"admin/kpanda/best-practice/limit-disk-usage-docker.html#_2","title":"\u8bbe\u7f6e\u5355\u5bb9\u5668\u78c1\u76d8\u53ef\u5360\u7528\u7a7a\u95f4","text":"\u6ee1\u8db3\u4ee5\u4e0a\u6761\u4ef6\u540e\uff0c\u7528\u6237\u53ef\u4ee5\u901a\u8fc7\u8bbe\u7f6e docker overlay2.size \u6765\u9650\u5236\u5355\u5bb9\u5668\u78c1\u76d8\u5360\u7528\u7a7a\u95f4\u5927\u5c0f\u3002\u547d\u4ee4\u884c\u793a\u4f8b\u5982\u4e0b\uff1a
sudo dockerd -s overlay2 --storage-opt overlay2.size=1G\n
"},{"location":"admin/kpanda/best-practice/limit-disk-usage-docker.html#_3","title":"\u573a\u666f\u6f14\u7ec3","text":"\u63a5\u4e0b\u6765\u4ee5\u4e00\u4e2a\u5b9e\u9645\u7684\u4f8b\u5b50\u6765\u6f14\u7ec3\u4e00\u4e0b\u9650\u5236 docker \u5355\u5bb9\u5668\u53ef\u5360\u7528\u7684\u78c1\u76d8\u7a7a\u95f4\u6574\u4f53\u5b9e\u73b0\u6d41\u7a0b\u3002
"},{"location":"admin/kpanda/best-practice/limit-disk-usage-docker.html#_4","title":"\u76ee\u6807","text":"\u90e8\u7f72\u4e00\u4e2a Kubernetes \u96c6\u7fa4\uff0c\u5e76\u9650\u5236 docker \u5355\u5bb9\u5668\u53ef\u5360\u7528\u7684\u78c1\u76d8\u7a7a\u95f4\u5927\u5c0f\u4e3a1G\uff0c\u8d85\u51fa1G\u5c06\u65e0\u6cd5\u4f7f\u7528\u3002
"},{"location":"admin/kpanda/best-practice/limit-disk-usage-docker.html#_5","title":"\u64cd\u4f5c\u6d41\u7a0b","text":"\u767b\u5f55\u76ee\u6807\u8282\u70b9\uff0c\u67e5\u770b fstab \u6587\u4ef6\uff0c\u83b7\u53d6\u5f53\u524d\u8bbe\u5907\u7684\u6302\u8f7d\u60c5\u51b5\u3002
$ cat /etc/fstab\n\n# /etc/fstab\n# Created by anaconda on Thu Mar 19 11:32:59 2020\n#\n# Accessible filesystems, by reference, are maintained under '/dev/disk'\n# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info\n#\n/dev/mapper/centos-root / xfs defaults 0 0\nUUID=3ed01f0e-67a1-4083-943a-343b7fed1708 /boot xfs defaults 0 0\n/dev/mapper/centos-swap swap swap defaults 0 0\n
\u4ee5\u56fe\u793a\u8282\u70b9\u8bbe\u5907\u4e3a\u4f8b\uff0c\u53ef\u4ee5\u770b\u5230 XFS \u683c\u5f0f\u8bbe\u5907 /dev/mapper/centos-root \u4ee5\u9ed8\u8ba4\u65b9\u5f0f defauls \u6302\u8f7d\u5230 / \u6839\u76ee\u5f55.
\u914d\u7f6e xfs \u6587\u4ef6\u7cfb\u7edf\u4f7f\u7528 pquota \u65b9\u5f0f\u6302\u8f7d\u3002
\u4fee\u6539 fstab \u6587\u4ef6\uff0c\u5c06\u6302\u8f7d\u65b9\u5f0f\u4ece defaults \u66f4\u65b0\u4e3a rw,pquota\uff1b
# \u4fee\u6539 fstab \u914d\u7f6e\n$ vi /etc/fstab\n- /dev/mapper/centos-root / xfs defaults 0 0\n+ /dev/mapper/centos-root / xfs rw,pquota 0 0\n\n# \u9a8c\u8bc1\u914d\u7f6e\u662f\u5426\u6709\u8bef\n$ mount -a\n
\u67e5\u770b pquota \u662f\u5426\u751f\u6548
xfs_quota -x -c print\n
Note
\u5982\u679c pquota \u672a\u751f\u6548\uff0c\u8bf7\u68c0\u67e5\u64cd\u4f5c\u7cfb\u7edf\u662f\u5426\u5f00\u542f pquota \u9009\u9879\uff0c\u5982\u679c\u672a\u5f00\u542f\uff0c\u9700\u8981\u5728\u7cfb\u7edf\u5f15\u5bfc\u914d\u7f6e /etc/grub2.cfg \u4e2d\u6dfb\u52a0 rootflags=pquota
\u53c2\u6570\uff0c\u914d\u7f6e\u5b8c\u6210\u540e\uff0c\u9700\u8981 reboot \u91cd\u542f\u64cd\u4f5c\u7cfb\u7edf\u3002
\u521b\u5efa\u96c6\u7fa4 -> \u9ad8\u7ea7\u914d\u7f6e -> \u81ea\u5b9a\u4e49\u53c2\u6570 \u4e2d\u6dfb\u52a0 docker_storage_options \u53c2\u6570\uff0c\u8bbe\u7f6e\u5355\u5bb9\u5668\u78c1\u76d8\u53ef\u5360\u7528\u7a7a\u95f4\u3002
Note
\u4e5f\u53ef\u4ee5\u57fa\u4e8e kubean manifest \u64cd\u4f5c\uff0c\u5728 vars conf \u91cc\u6dfb\u52a0 docker_storage_options
\u53c2\u6570\u3002
apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: sample-vars-conf\n namespace: kubean-system\ndata:\n group_vars.yml: |\n unsafe_show_logs: true\n container_manager: docker\n+ docker_storage_options: -s overlay2 --storage-opt overlay2.size=1G # \u65b0\u589e docker_storage_options \u53c2\u6570\n kube_network_plugin: calico\n kube_network_plugin_multus: false\n kube_proxy_mode: iptables\n etcd_deployment_type: kubeadm\n override_system_hostname: true\n ...\n
\u67e5\u770b dockerd \u670d\u52a1\u8fd0\u884c\u914d\u7f6e\uff0c\u68c0\u67e5\u78c1\u76d8\u9650\u5236\u662f\u5426\u8bbe\u7f6e\u6210\u529f\u3002
\u4ee5\u4e0a\uff0c\u5b8c\u6210\u9650\u5236 docker \u5355\u5bb9\u5668\u53ef\u5360\u7528\u7684\u78c1\u76d8\u7a7a\u95f4\u6574\u4f53\u5b9e\u73b0\u6d41\u7a0b\u3002
"},{"location":"admin/kpanda/best-practice/multi-arch.html","title":"\u4e3a\u5de5\u4f5c\u96c6\u7fa4\u6dfb\u52a0\u5f02\u6784\u8282\u70b9","text":"\u672c\u6587\u4ecb\u7ecd\u5982\u4f55\u4e3a AMD \u67b6\u6784\uff0c\u64cd\u4f5c\u7cfb\u7edf\u4e3a CentOS 7.9 \u7684\u5de5\u4f5c\u96c6\u7fa4\u6dfb\u52a0 ARM \u67b6\u6784\uff0c\u64cd\u4f5c\u7cfb\u7edf\u4e3a Kylin v10 sp2 \u7684\u5de5\u4f5c\u8282\u70b9
Note
\u672c\u6587\u4ec5\u9488\u5bf9\u79bb\u7ebf\u6a21\u5f0f\u4e0b\uff0c\u4f7f\u7528 AI \u7b97\u529b\u4e2d\u5fc3\u5e73\u53f0\u6240\u521b\u5efa\u7684\u5de5\u4f5c\u96c6\u7fa4\u8fdb\u884c\u5f02\u6784\u8282\u70b9\u7684\u6dfb\u52a0\uff0c\u4e0d\u5305\u62ec\u63a5\u5165\u7684\u96c6\u7fa4\u3002
"},{"location":"admin/kpanda/best-practice/multi-arch.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u4ee5 ARM \u67b6\u6784\u3001\u64cd\u4f5c\u7cfb\u7edf Kylin v10 sp2 \u4e3a\u4f8b\u3002
\u8bf7\u786e\u4fdd\u5df2\u7ecf\u767b\u5f55\u5230\u706b\u79cd\u8282\u70b9\uff01\u5e76\u4e14\u4e4b\u524d\u90e8\u7f72 AI \u7b97\u529b\u4e2d\u5fc3\u65f6\u4f7f\u7528\u7684 clusterConfig.yaml \u6587\u4ef6\u8fd8\u5728\u3002
"},{"location":"admin/kpanda/best-practice/multi-arch.html#_5","title":"\u79bb\u7ebf\u955c\u50cf\u5305","text":"Note
\u8bf7\u786e\u4fdd\u5728\u5bb9\u5668\u7ba1\u7406 v0.31 \u53ca\u4ee5\u4e0a\u7248\u672c\u4f7f\u7528\u8be5\u80fd\u529b\uff0c\u5bf9\u5e94\u5b89\u88c5\u5668 v0.21.0 \u53ca\u4ee5\u4e0a\u7248\u672c
CPU \u67b6\u6784 \u7248\u672c \u4e0b\u8f7d\u5730\u5740 AMD64 v0.21.0 https://qiniu-download-public.daocloud.io/DaoCloud_Enterprise/dce5/offline-v0.21.0-amd64.tar ARM64 v0.21.0 https://qiniu-download-public.daocloud.io/DaoCloud_Enterprise/dce5/offline-v0.21.0-arm64.tar\u4e0b\u8f7d\u5b8c\u6bd5\u540e\u89e3\u538b\u79bb\u7ebf\u5305\u3002\u6b64\u5904\u6211\u4eec\u4e0b\u8f7d arm64 \u67b6\u6784\u7684\u79bb\u7ebf\u5305\uff1a
tar -xvf offline-v0.21.0-arm64.tar\n
"},{"location":"admin/kpanda/best-practice/multi-arch.html#iso-kylin-v10-sp2","title":"ISO \u79bb\u7ebf\u5305\uff08Kylin v10 sp2\uff09","text":"CPU \u67b6\u6784 \u64cd\u4f5c\u7cfb\u7edf\u7248\u672c \u4e0b\u8f7d\u5730\u5740 ARM64 Kylin Linux Advanced Server release V10 (Sword) SP2 \u7533\u8bf7\u5730\u5740\uff1ahttps://www.kylinos.cn/support/trial.html Note
\u9e92\u9e9f\u64cd\u4f5c\u7cfb\u7edf\u9700\u8981\u63d0\u4f9b\u4e2a\u4eba\u4fe1\u606f\u624d\u80fd\u4e0b\u8f7d\u4f7f\u7528\uff0c\u4e0b\u8f7d\u65f6\u8bf7\u9009\u62e9 V10 (Sword) SP2\u3002
"},{"location":"admin/kpanda/best-practice/multi-arch.html#ospackage-kylin-v10-sp2","title":"osPackage \u79bb\u7ebf\u5305 \uff08Kylin v10 sp2\uff09","text":"\u5176\u4e2d Kubean \u63d0\u4f9b\u4e86\u4e0d\u540c\u64cd\u4f5c\u7cfb\u7edf\u7684osPackage \u79bb\u7ebf\u5305\uff0c\u53ef\u4ee5\u524d\u5f80 https://github.com/kubean-io/kubean/releases \u67e5\u770b\u3002
\u64cd\u4f5c\u7cfb\u7edf\u7248\u672c \u4e0b\u8f7d\u5730\u5740 Kylin Linux Advanced Server release V10 (Sword) SP2 https://github.com/kubean-io/kubean/releases/download/v0.18.5/os-pkgs-kylin-v10sp2-v0.18.5.tar.gzNote
osPackage \u79bb\u7ebf\u5305\u7684\u5177\u4f53\u5bf9\u5e94\u7248\u672c\u8bf7\u67e5\u770b\u79bb\u7ebf\u955c\u50cf\u5305\u4e2d offline/sample/clusterConfig.yaml \u4e2d\u5bf9\u5e94\u7684 kubean \u7248\u672c
"},{"location":"admin/kpanda/best-practice/multi-arch.html#_6","title":"\u5bfc\u5165\u79bb\u7ebf\u5305\u81f3\u706b\u79cd\u8282\u70b9","text":"\u6267\u884c import-artifact \u547d\u4ee4\uff1a
./offline/dce5-installer import-artifact -c clusterConfig.yaml \\\n --offline-path=/root/offline \\\n --iso-path=/root/Kylin-Server-10-SP2-aarch64-Release-Build09-20210524.iso \\\n --os-pkgs-path=/root/os-pkgs-kylin-v10sp2-v0.18.5.tar.gz\n
Note
\u53c2\u6570\u8bf4\u660e\uff1a
\u5bfc\u5165\u547d\u4ee4\u6267\u884c\u6210\u529f\u540e\uff0c\u4f1a\u5c06\u79bb\u7ebf\u5305\u4e0a\u4f20\u5230\u706b\u79cd\u8282\u70b9\u7684 Minio \u4e2d\u3002
"},{"location":"admin/kpanda/best-practice/multi-arch.html#_7","title":"\u6dfb\u52a0\u5f02\u6784\u5de5\u4f5c\u8282\u70b9","text":"\u8bf7\u786e\u4fdd\u5df2\u7ecf\u767b\u5f55\u5230 AI \u7b97\u529b\u4e2d\u5fc3\u7ba1\u7406\u96c6\u7fa4\u7684\u7ba1\u7406\u8282\u70b9\u4e0a\u3002
"},{"location":"admin/kpanda/best-practice/multi-arch.html#_8","title":"\u4fee\u6539\u4e3b\u673a\u6e05\u5355\u6587\u4ef6","text":"\u4e3b\u673a\u6e05\u5355\u6587\u4ef6\u793a\u4f8b\uff1a
\u65b0\u589e\u8282\u70b9\u524d\u65b0\u589e\u8282\u70b9\u540eapiVersion: v1\nkind: ConfigMap\nmetadata:\n name: ${cluster-name}-hosts-conf\n namespace: kubean-system\ndata:\n hosts.yml: |\n all:\n children:\n etcd:\n hosts:\n centos-master:\n k8s_cluster:\n children:\n kube_control_plane:\n kube_node:\n kube_control_plane:\n hosts:\n centos-master:\n kube_node:\n hosts:\n centos-master:\n hosts:\n centos-master:\n ip: 10.5.10.183\n access_ip: 10.5.10.183\n ansible_host: 10.5.10.183\n ansible_connection: ssh\n ansible_user: root\n ansible_ssh_pass: ******\n ansible_password: ******\n ansible_become_password: ******\n
apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: ${cluster-name}-hosts-conf\n namespace: kubean-system\ndata:\n hosts.yml: |\n all:\n hosts:\n centos-master:\n ip: 10.5.10.183\n access_ip: 10.5.10.183\n ansible_host: 10.5.10.183\n ansible_connection: ssh\n ansible_user: root\n ansible_ssh_pass: ******\n ansible_password: ******\n ansible_become_password: ******\n # \u6dfb\u52a0\u5f02\u6784\u8282\u70b9\u4fe1\u606f\n kylin-worker:\n ip: 10.5.10.181\n access_ip: 10.5.10.181\n ansible_host: 10.5.10.181\n ansible_connection: ssh\n ansible_user: root\n ansible_ssh_pass: ******\n ansible_password: ******\n ansible_become_password: ******\n children:\n kube_control_plane:\n hosts:\n - centos-master\n kube_node:\n hosts:\n - centos-master\n - kylin-worker # \u6dfb\u52a0\u65b0\u589e\u7684\u5f02\u6784\u8282\u70b9\u540d\u79f0\n etcd:\n hosts:\n - centos-master\n k8s_cluster:\n children:\n - kube_control_plane\n - kube_node\n
\u6309\u7167\u4e0a\u8ff0\u7684\u914d\u7f6e\u6ce8\u91ca\uff0c\u6dfb\u52a0\u65b0\u589e\u7684\u5de5\u4f5c\u8282\u70b9\u4fe1\u606f\u3002
kubectl edit cm ${cluster-name}-hosts-conf -n kubean-system\n
cluster-name \u4e3a\u5de5\u4f5c\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u901a\u8fc7\u5bb9\u5668\u7ba1\u7406\u521b\u5efa\u96c6\u7fa4\u65f6\u4f1a\u9ed8\u8ba4\u751f\u6210\u3002
"},{"location":"admin/kpanda/best-practice/multi-arch.html#clusteroperationyml","title":"\u901a\u8fc7 ClusterOperation.yml \u65b0\u589e\u6269\u5bb9\u4efb\u52a1","text":"\u793a\u4f8b\uff1a
ClusterOperation.ymlapiVersion: kubean.io/v1alpha1\nkind: ClusterOperation\nmetadata:\n name: add-worker-node\nspec:\n cluster: ${cluster-name} # \u6307\u5b9a cluster name\n image: 10.5.14.30/ghcr.m.daocloud.io/kubean-io/spray-job:v0.18.5\n actionType: playbook\n action: scale.yml\n extraArgs: --limit=kylin-worker\n preHook:\n - actionType: playbook\n action: ping.yml\n - actionType: playbook\n action: disable-firewalld.yml\n - actionType: playbook\n action: enable-repo.yml\n extraArgs: |\n -e \"{repo_list: [\"http://10.5.14.30:9000/kubean/kylin-iso/\\$releasever/sp2/os/\\$basearch\",\"http://10.5.14.30:9000/kubean/kylin/\\$releasever/sp2/os/\\$basearch\"]}\" --limit=kylin-worker\n postHook:\n - actionType: playbook\n action: cluster-info.yml\n
Note
\u6309\u7167\u4e0a\u8ff0\u7684\u914d\u7f6e\uff0c\u521b\u5efa\u5e76\u90e8\u7f72 join-node-ops.yaml\uff1a
vi join-node-ops.yaml\nkubectl apply -f join-node-ops.yaml -n kubean-system\n
"},{"location":"admin/kpanda/best-practice/multi-arch.html#_9","title":"\u68c0\u67e5\u4efb\u52a1\u6267\u884c\u72b6\u6001","text":"kubectl -n kubean-system get pod | grep add-worker-node\n
\u4e86\u89e3\u7f29\u5bb9\u4efb\u52a1\u6267\u884c\u8fdb\u5ea6\uff0c\u53ef\u67e5\u770b\u8be5 Pod \u65e5\u5fd7\u3002
"},{"location":"admin/kpanda/best-practice/multi-arch.html#_10","title":"\u524d\u5f80\u754c\u9762\u9a8c\u8bc1","text":"\u524d\u5f80 \u5bb9\u5668\u7ba1\u7406 -> \u96c6\u7fa4 -> \u8282\u70b9\u7ba1\u7406
\u70b9\u51fb\u65b0\u589e\u7684\u8282\u70b9\uff0c\u67e5\u770b\u8be6\u60c5
\u672c\u6587\u5c06\u4ee5\u4e00\u4e2a\u9ad8\u53ef\u7528\u4e09\u63a7\u5236\u8282\u70b9\u7684\u5de5\u4f5c\u96c6\u7fa4\u4e3a\u4f8b\u3002 \u5f53\u5de5\u4f5c\u96c6\u7fa4\u7684\u9996\u4e2a\u63a7\u5236\u8282\u70b9\u6545\u969c\u6216\u5f02\u5e38\u65f6\uff0c\u5982\u4f55\u66ff\u6362\u6216\u91cd\u65b0\u63a5\u5165\u9996\u4e2a\u63a7\u5236\u8282\u70b9\u3002
\u672c\u6587\u7684\u9ad8\u53ef\u7528\u96c6\u7fa4\u6709 3 \u4e2a Master \u8282\u70b9\uff1a
\u5047\u8bbe node1 \u5b95\u673a\uff0c\u63a5\u4e0b\u6765\u4ecb\u7ecd\u5982\u4f55\u5c06\u5b95\u673a\u540e\u6062\u590d\u7684 node1 \u91cd\u65b0\u63a5\u5165\u5de5\u4f5c\u96c6\u7fa4\u3002
"},{"location":"admin/kpanda/best-practice/replace-first-master-node.html#_2","title":"\u51c6\u5907\u5de5\u4f5c","text":"\u5728\u6267\u884c\u66ff\u6362\u64cd\u4f5c\u4e4b\u524d\uff0c\u5148\u83b7\u53d6\u96c6\u7fa4\u8d44\u6e90\u57fa\u672c\u4fe1\u606f\uff0c\u4fee\u6539\u76f8\u5173\u914d\u7f6e\u65f6\u4f1a\u7528\u5230\u3002
Note
\u4ee5\u4e0b\u83b7\u53d6\u96c6\u7fa4\u8d44\u6e90\u4fe1\u606f\u7684\u547d\u4ee4\u5747\u5728\u7ba1\u7406\u96c6\u7fa4\u4e2d\u6267\u884c\u3002
\u83b7\u53d6\u96c6\u7fa4\u540d\u79f0
\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u627e\u5230\u96c6\u7fa4\u5bf9\u5e94\u7684 clusters.kubean.io
\u8d44\u6e90\uff1a
# \u6bd4\u5982 clusters.kubean.io \u7684\u8d44\u6e90\u540d\u79f0\u4e3a cluster-mini-1\n# \u5219\u83b7\u53d6\u96c6\u7fa4\u7684\u540d\u79f0\nCLUSTER_NAME=$(kubectl get clusters.kubean.io cluster-mini-1 -o=jsonpath=\"{.metadata.name}{'\\n'}\")\n
\u83b7\u53d6\u96c6\u7fa4\u7684\u4e3b\u673a\u6e05\u5355 configmap
kubectl get clusters.kubean.io cluster-mini-1 -o=jsonpath=\"{.spec.hostsConfRef}{'\\n'}\"\n{\"name\":\"mini-1-hosts-conf\",\"namespace\":\"kubean-system\"}\n
\u83b7\u53d6\u96c6\u7fa4\u7684\u914d\u7f6e\u53c2\u6570 configmap
kubectl get clusters.kubean.io cluster-mini-1 -o=jsonpath=\"{.spec.varsConfRef}{'\\n'}\"\n{\"name\":\"mini-1-vars-conf\",\"namespace\":\"kubean-system\"}\n
\u8c03\u6574\u63a7\u5236\u5e73\u9762\u8282\u70b9\u987a\u5e8f
\u91cd\u7f6e node1 \u8282\u70b9\u4f7f\u5176\u6062\u590d\u5230\u5b89\u88c5\u96c6\u7fa4\u4e4b\u524d\u7684\u72b6\u6001\uff08\u6216\u4f7f\u7528\u65b0\u7684\u8282\u70b9\uff09\uff0c\u4fdd\u6301 node1 \u8282\u70b9\u7684\u7f51\u7edc\u8fde\u901a\u6027\u3002
\u8c03\u6574\u4e3b\u673a\u6e05\u5355\u4e2d node1 \u8282\u70b9\u5728 kube_control_plane \u3001kube_node\u3001etcd \u4e2d\u7684\u987a\u5e8f \uff08node1/node2/node3 -> node2/node3/node1\uff09\uff1a
function change_control_plane_order() {\n cat << EOF | kubectl apply -f -\n---\napiVersion: v1\nkind: ConfigMap\nmetadata:\n name: mini-1-hosts-conf\n namespace: kubean-system\ndata:\n hosts.yml: |\n all:\n hosts:\n node1:\n ip: \"172.30.41.161\"\n access_ip: \"172.30.41.161\"\n ansible_host: \"172.30.41.161\"\n ansible_connection: ssh\n ansible_user: root\n ansible_password: dangerous\n node2:\n ip: \"172.30.41.162\"\n access_ip: \"172.30.41.162\"\n ansible_host: \"172.30.41.162\"\n ansible_connection: ssh\n ansible_user: root\n ansible_password: dangerous\n node3:\n ip: \"172.30.41.163\"\n access_ip: \"172.30.41.163\"\n ansible_host: \"172.30.41.163\"\n ansible_connection: ssh\n ansible_user: root\n ansible_password: dangerous\n children:\n kube_control_plane:\n hosts:\n node2:\n node3:\n node1:\n kube_node:\n hosts:\n node2:\n node3:\n node1:\n etcd:\n hosts:\n node2:\n node3:\n node1:\n k8s_cluster:\n children:\n kube_control_plane:\n kube_node:\n calico_rr:\n hosts: {}\nEOF\n}\n\nchange_control_plane_order\n
\u79fb\u9664\u5f02\u5e38\u72b6\u6001\u7684\u9996\u4e2a master \u8282\u70b9
\u8c03\u6574\u4e3b\u673a\u6e05\u5355\u7684\u8282\u70b9\u987a\u5e8f\u540e\uff0c\u79fb\u9664 K8s \u63a7\u5236\u5e73\u9762\u5f02\u5e38\u72b6\u6001\u7684 node1\u3002
Note
\u5982\u679c node1 \u79bb\u7ebf\u6216\u6545\u969c\uff0c\u5219 extraArgs \u987b\u6dfb\u52a0\u4ee5\u4e0b\u914d\u7f6e\u9879\uff0cnode1 \u5728\u7ebf\u65f6\u4e0d\u9700\u8981\u6dfb\u52a0\u3002
reset_nodes=false # \u8df3\u8fc7\u91cd\u7f6e\u8282\u70b9\u64cd\u4f5c\nallow_ungraceful_removal=true # \u5141\u8bb8\u975e\u4f18\u96c5\u7684\u79fb\u9664\u64cd\u4f5c\n
# \u955c\u50cf spray-job \u8fd9\u91cc\u53ef\u4ee5\u91c7\u7528\u52a0\u901f\u5668\u5730\u5740\n\nSPRAY_IMG_ADDR=\"ghcr.m.daocloud.io/kubean-io/spray-job\"\nSPRAY_RLS_2_22_TAG=\"2.22-336b323\"\nKUBE_VERSION=\"v1.24.14\"\nCLUSTER_NAME=\"cluster-mini-1\"\nREMOVE_NODE_NAME=\"node1\"\n\ncat << EOF | kubectl apply -f -\n---\napiVersion: kubean.io/v1alpha1\nkind: ClusterOperation\nmetadata:\n name: cluster-mini-1-remove-node-ops\nspec:\n cluster: ${CLUSTER_NAME}\n image: ${SPRAY_IMG_ADDR}:${SPRAY_RLS_2_22_TAG}\n actionType: playbook\n action: remove-node.yml\n extraArgs: -e node=${REMOVE_NODE_NAME} -e reset_nodes=false -e allow_ungraceful_removal=true -e kube_version=${KUBE_VERSION}\n postHook:\n - actionType: playbook\n action: cluster-info.yml\nEOF\n
\u624b\u52a8\u4fee\u6539\u96c6\u7fa4\u914d\u7f6e\uff0c\u7f16\u8f91\u66f4\u65b0 cluster-info
# \u7f16\u8f91 cluster-info\nkubectl -n kube-public edit cm cluster-info\n\n# 1. \u82e5 ca.crt \u8bc1\u4e66\u66f4\u65b0\uff0c\u5219\u9700\u8981\u66f4\u65b0 certificate-authority-data \u5b57\u6bb5\u7684\u5185\u5bb9\n# \u67e5\u770b ca \u8bc1\u4e66\u7684 base64 \u7f16\u7801\uff1a\ncat /etc/kubernetes/ssl/ca.crt | base64 | tr -d '\\n'\n\n# 2. \u9700\u6539 server \u5b57\u6bb5\u7684 IP \u5730\u5740\u4e3a\u65b0 first master IP, \u672c\u6587\u6863\u573a\u666f\u5c06\u4f7f\u7528 node2 \u7684 IP \u5730\u5740 172.30.41.162\n
\u624b\u52a8\u4fee\u6539\u96c6\u7fa4\u914d\u7f6e\uff0c\u7f16\u8f91\u66f4\u65b0 kubeadm-config
# \u7f16\u8f91 kubeadm-config\nkubectl -n kube-system edit cm kubeadm-config\n\n# \u4fee\u6539 controlPlaneEndpoint \u4e3a\u65b0 first master IP, \u672c\u6587\u6863\u573a\u666f\u5c06\u4f7f\u7528 node2 \u7684 IP \u5730\u5740 172.30.41.162\n
\u91cd\u65b0\u6269\u5bb9 master \u8282\u70b9\u5e76\u66f4\u65b0\u96c6\u7fa4
Note
--limit
\u9650\u5236\u66f4\u65b0\u64cd\u4f5c\u4ec5\u4f5c\u7528\u4e8e etcd \u548c kube_control_plane \u8282\u70b9\u7ec4\u3002cat << EOF | kubectl apply -f -\n---\napiVersion: kubean.io/v1alpha1\nkind: ClusterOperation\nmetadata:\n name: cluster-mini-1-update-cluster-ops\nspec:\n cluster: ${CLUSTER_NAME}\n image: ${SPRAY_IMG_ADDR}:${SPRAY_RLS_2_22_TAG}\n actionType: playbook\n action: cluster.yml\n extraArgs: --limit=etcd,kube_control_plane -e kube_version=${KUBE_VERSION}\n preHook:\n - actionType: playbook\n action: enable-repo.yml # \u79bb\u7ebf\u73af\u5883\u4e0b\u9700\u8981\u6dfb\u52a0\u6b64 yaml\uff0c\u5e76\u4e14\u8bbe\u7f6e\u6b63\u786e\u7684 repo-list(\u5b89\u88c5\u64cd\u4f5c\u7cfb\u7edf\u8f6f\u4ef6\u5305)\uff0c\u4ee5\u4e0b\u53c2\u6570\u503c\u4ec5\u4f9b\u53c2\u8003\n extraArgs: |\n -e \"{repo_list: ['http://172.30.41.0:9000/kubean/centos/\\$releasever/os/\\$basearch','http://172.30.41.0:9000/kubean/centos-iso/\\$releasever/os/\\$basearch']}\"\n postHook:\n - actionType: playbook\n action: cluster-info.yml\nEOF\n
\u81f3\u6b64\uff0c\u5b8c\u6210\u4e86\u9996\u4e2a Master \u8282\u70b9\u7684\u66ff\u6362\u3002
"},{"location":"admin/kpanda/best-practice/update-offline-cluster.html","title":"\u5de5\u4f5c\u96c6\u7fa4\u79bb\u7ebf\u90e8\u7f72/\u5347\u7ea7\u6307\u5357","text":"Note
\u672c\u6587\u4ec5\u9488\u5bf9\u79bb\u7ebf\u6a21\u5f0f\u4e0b\uff0c\u4f7f\u7528 AI \u7b97\u529b\u4e2d\u5fc3\u5e73\u53f0\u6240\u521b\u5efa\u7684\u5de5\u4f5c\u96c6\u7fa4\u7684 kubernetes \u7684\u7248\u672c\u8fdb\u884c\u90e8\u7f72\u6216\u5347\u7ea7\uff0c \u4e0d\u5305\u62ec\u5176\u5b83 kubeneters \u7ec4\u4ef6\u7684\u90e8\u7f72\u6216\u5347\u7ea7\u3002
\u672c\u6587\u9002\u7528\u4ee5\u4e0b\u79bb\u7ebf\u573a\u666f\uff1a
\u6574\u4f53\u7684\u601d\u8def\u4e3a\uff1a
Note
\u76ee\u524d\u652f\u6301\u6784\u5efa\u7684\u79bb\u7ebf kubernetes \u7248\u672c\uff0c\u8bf7\u53c2\u8003 kubean \u652f\u6301\u7684 kubernetes \u7248\u672c\u5217\u8868\u3002
"},{"location":"admin/kpanda/best-practice/update-offline-cluster.html#_2","title":"\u5728\u8054\u7f51\u8282\u70b9\u6784\u5efa\u79bb\u7ebf\u5305","text":"\u7531\u4e8e\u79bb\u7ebf\u73af\u5883\u65e0\u6cd5\u8054\u7f51\uff0c\u7528\u6237\u9700\u8981\u4e8b\u5148\u51c6\u5907\u4e00\u53f0\u80fd\u591f \u8054\u7f51\u7684\u8282\u70b9 \u6765\u8fdb\u884c\u589e\u91cf\u79bb\u7ebf\u5305\u7684\u6784\u5efa\uff0c\u5e76\u4e14\u5728\u8fd9\u4e2a\u8282\u70b9\u4e0a\u542f\u52a8 Docker \u6216\u8005 podman \u670d\u52a1\u3002
\u68c0\u67e5\u8054\u7f51\u8282\u70b9\u7684 Docker \u670d\u52a1\u8fd0\u884c\u72b6\u6001
ps aux|grep docker\n
\u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a
root 12341 0.5 0.2 654372 26736 ? Ssl 23:45 0:00 /usr/bin/docked\nroot 12351 0.2 0.1 625080 13740 ? Ssl 23:45 0:00 docker-containerd --config /var/run/docker/containerd/containerd.toml\nroot 13024 0.0 0.0 112824 980 pts/0 S+ 23:45 0:00 grep --color=auto docker\n
\u5728\u8054\u7f51\u8282\u70b9\u7684 /root \u76ee\u5f55\u4e0b\u521b\u5efa\u4e00\u4e2a\u540d\u4e3a manifest.yaml \u7684\u6587\u4ef6\uff0c\u547d\u4ee4\u5982\u4e0b\uff1a
vi manifest.yaml\n
manifest.yaml \u5185\u5bb9\u5982\u4e0b\uff1a
manifest.yamlimage_arch:\n- \"amd64\"\nkube_version: # \u586b\u5199\u5f85\u5347\u7ea7\u7684\u96c6\u7fa4\u7248\u672c\n- \"v1.28.0\"\n
\u5728 /root \u76ee\u5f55\u4e0b\u65b0\u5efa\u4e00\u4e2a\u540d\u4e3a /data \u7684\u6587\u4ef6\u5939\u6765\u5b58\u50a8\u589e\u91cf\u79bb\u7ebf\u5305\u3002
mkdir data\n
\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u4f7f\u7528 kubean airgap-patch
\u955c\u50cf\u751f\u6210\u79bb\u7ebf\u5305\u3002 airgap-patch
\u955c\u50cf tag \u4e0e Kubean \u7248\u672c\u4e00\u81f4\uff0c\u9700\u786e\u4fdd Kubean \u7248\u672c\u8986\u76d6\u9700\u8981\u5347\u7ea7\u7684 Kubernetes \u7248\u672c\u3002
# \u5047\u8bbe kubean \u7248\u672c\u4e3a v0.13.9\ndocker run --rm -v $(pwd)/manifest.yml:/manifest.yml -v $(pwd)/data:/data ghcr.m.daocloud.io/kubean-io/airgap-patch:v0.13.9\n
\u7b49\u5f85 Docker \u670d\u52a1\u8fd0\u884c\u5b8c\u6210\u540e\uff0c\u68c0\u67e5 /data \u6587\u4ef6\u5939\u4e0b\u7684\u6587\u4ef6\uff0c\u6587\u4ef6\u76ee\u5f55\u5982\u4e0b\uff1a
data\n\u251c\u2500\u2500 amd64\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 files\n\u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 import_files.sh\n\u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u2514\u2500\u2500 offline-files.tar.gz\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 images\n\u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 import_images.sh\n\u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u2514\u2500\u2500 offline-images.tar.gz\n\u2502\u00a0\u00a0 \u2514\u2500\u2500 os-pkgs\n\u2502\u00a0\u00a0 \u2514\u2500\u2500 import_ospkgs.sh\n\u2514\u2500\u2500 localartifactset.cr.yaml\n
\u5c06\u8054\u7f51\u8282\u70b9\u7684 /data \u6587\u4ef6\u62f7\u8d1d\u81f3\u706b\u79cd\u8282\u70b9\u7684 /root \u76ee\u5f55\u4e0b\uff0c\u5728 \u8054\u7f51\u8282\u70b9 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff1a
scp -r data root@x.x.x.x:/root\n
x.x.x.x
\u4e3a\u706b\u79cd\u8282\u70b9 IP \u5730\u5740
\u5728\u706b\u79cd\u8282\u70b9\u4e0a\u5c06 /data \u6587\u4ef6\u5185\u7684\u955c\u50cf\u6587\u4ef6\u62f7\u8d1d\u81f3\u706b\u79cd\u8282\u70b9\u5185\u7f6e\u7684 docker resgitry \u4ed3\u5e93\u3002\u767b\u5f55\u706b\u79cd\u8282\u70b9\u540e\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff1a
\u8fdb\u5165\u955c\u50cf\u6587\u4ef6\u6240\u5728\u7684\u76ee\u5f55
cd data/amd64/images\n
\u6267\u884c import_images.sh \u811a\u672c\u5c06\u955c\u50cf\u5bfc\u5165\u706b\u79cd\u8282\u70b9\u5185\u7f6e\u7684 Docker Resgitry \u4ed3\u5e93\u3002
REGISTRY_ADDR=\"127.0.0.1\" ./import_images.sh\n
Note
\u4e0a\u8ff0\u547d\u4ee4\u4ec5\u4ec5\u9002\u7528\u4e8e\u706b\u79cd\u8282\u70b9\u5185\u7f6e\u7684 Docker Resgitry \u4ed3\u5e93\uff0c\u5982\u679c\u4f7f\u7528\u5916\u90e8\u4ed3\u5e93\u8bf7\u4f7f\u7528\u5982\u4e0b\u547d\u4ee4\uff1a
REGISTRY_SCHEME=https REGISTRY_ADDR=${registry_address} REGISTRY_USER=${username} REGISTRY_PASS=${password} ./import_images.sh\n
\u5728\u706b\u79cd\u8282\u70b9\u4e0a\u5c06 /data \u6587\u4ef6\u5185\u7684\u4e8c\u8fdb\u5236\u6587\u4ef6\u62f7\u8d1d\u81f3\u706b\u79cd\u8282\u70b9\u5185\u7f6e\u7684 Minio \u670d\u52a1\u4e0a\u3002
\u8fdb\u5165\u4e8c\u8fdb\u5236\u6587\u4ef6\u6240\u5728\u7684\u76ee\u5f55
cd data/amd64/files/\n
\u6267\u884c import_files.sh \u811a\u672c\u5c06\u4e8c\u8fdb\u5236\u6587\u4ef6\u5bfc\u5165\u706b\u79cd\u8282\u70b9\u5185\u7f6e\u7684 Minio \u670d\u52a1\u4e0a\u3002
MINIO_USER=rootuser MINIO_PASS=rootpass123 ./import_files.sh http://127.0.0.1:9000\n
Note
\u4e0a\u8ff0\u547d\u4ee4\u4ec5\u4ec5\u9002\u7528\u4e8e\u706b\u79cd\u8282\u70b9\u5185\u7f6e\u7684 Minio \u670d\u52a1\uff0c\u5982\u679c\u4f7f\u7528\u5916\u90e8 Minio \u8bf7\u5c06 http://127.0.0.1:9000
\u66ff\u6362\u4e3a\u5916\u90e8 Minio \u7684\u8bbf\u95ee\u5730\u5740\u3002 \u201crootuser\u201d \u548c \u201crootpass123\u201d\u662f\u706b\u79cd\u8282\u70b9\u5185\u7f6e\u7684 Minio \u670d\u52a1\u7684\u9ed8\u8ba4\u8d26\u6237\u548c\u5bc6\u7801\u3002
\u706b\u79cd\u8282\u70b9\u4e0a\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5c06 localartifactset
\u8d44\u6e90\u90e8\u7f72\u5230\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\uff1a
kubectl apply -f data/kubeanofflineversion.cr.patch.yaml\n
"},{"location":"admin/kpanda/best-practice/update-offline-cluster.html#_4","title":"\u4e0b\u4e00\u6b65","text":"\u767b\u5f55 AI \u7b97\u529b\u4e2d\u5fc3\u7684 UI \u7ba1\u7406\u754c\u9762\uff0c\u60a8\u53ef\u4ee5\u7ee7\u7eed\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\uff1a
\u53c2\u7167\u521b\u5efa\u96c6\u7fa4\u7684\u6587\u6863\u8fdb\u884c\u5de5\u4f5c\u96c6\u7fa4\u521b\u5efa\uff0c\u6b64\u65f6\u53ef\u4ee5\u9009\u62e9 Kubernetes \u589e\u91cf\u7248\u672c\u3002
\u53c2\u7167\u5347\u7ea7\u96c6\u7fa4\u7684\u6587\u6863\u5bf9\u81ea\u5efa\u7684\u5de5\u4f5c\u96c6\u7fa4\u8fdb\u884c\u5347\u7ea7\u3002
\u672c\u6587\u4ecb\u7ecd\u79bb\u7ebf\u6a21\u5f0f\u4e0b\u5982\u4f55\u5728 \u672a\u58f0\u660e\u652f\u6301\u7684 OS \u4e0a\u521b\u5efa\u5de5\u4f5c\u96c6\u7fa4\u3002
\u79bb\u7ebf\u6a21\u5f0f\u4e0b\u5728\u672a\u58f0\u660e\u652f\u6301\u7684 OS \u4e0a\u521b\u5efa\u5de5\u4f5c\u96c6\u7fa4\uff0c\u4e3b\u8981\u7684\u6d41\u7a0b\u5982\u4e0b\u56fe\uff1a
\u63a5\u4e0b\u6765\uff0c\u672c\u6587\u5c06\u4ee5 openAnolis \u64cd\u4f5c\u7cfb\u7edf\u4e3a\u4f8b\uff0c\u4ecb\u7ecd\u5982\u4f55\u5728\u975e\u4e3b\u6d41\u64cd\u4f5c\u7cfb\u7edf\u4e0a\u521b\u5efa\u96c6\u7fa4\u3002
"},{"location":"admin/kpanda/best-practice/use-otherlinux-create-custer.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u627e\u5230\u4e00\u4e2a\u548c\u5f85\u5efa\u96c6\u7fa4\u8282\u70b9\u67b6\u6784\u548c OS \u5747\u4e00\u81f4\u7684\u5728\u7ebf\u73af\u5883\uff0c\u672c\u6587\u4ee5 AnolisOS 8.8 GA \u4e3a\u4f8b\u3002\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u751f\u6210\u79bb\u7ebf os-pkgs \u5305\u3002
# \u4e0b\u8f7d\u76f8\u5173\u811a\u672c\u5e76\u6784\u5efa os packages \u5305\ncurl -Lo ./pkgs.yml https://raw.githubusercontent.com/kubean-io/kubean/main/build/os-packages/others/pkgs.yml\ncurl -Lo ./other_os_pkgs.sh https://raw.githubusercontent.com/kubean-io/kubean/main/build/os-packages/others/other_os_pkgs.sh && chmod +x other_os_pkgs.sh\n./other_os_pkgs.sh build # \u6784\u5efa\u79bb\u7ebf\u5305\n
\u6267\u884c\u5b8c\u4e0a\u8ff0\u547d\u4ee4\u540e\uff0c\u9884\u671f\u5c06\u5728\u5f53\u524d\u8def\u5f84\u4e0b\u751f\u6210\u4e00\u4e2a\u540d\u4e3a os-pkgs-anolis-8.8.tar.gz \u7684\u538b\u7f29\u5305\u3002\u5f53\u524d\u8def\u5f84\u4e0b\u6587\u4ef6\u76ee\u5f55\u5927\u6982\u5982\u4e0b\uff1a
.\n \u251c\u2500\u2500 other_os_pkgs.sh\n \u251c\u2500\u2500 pkgs.yml\n \u2514\u2500\u2500 os-pkgs-anolis-8.8.tar.gz\n
"},{"location":"admin/kpanda/best-practice/use-otherlinux-create-custer.html#_4","title":"\u79bb\u7ebf\u8282\u70b9\u5b89\u88c5\u79bb\u7ebf\u5305","text":"\u5c06\u5728\u7ebf\u8282\u70b9\u4e2d\u751f\u6210\u7684 other_os_pkgs.sh \u3001 pkgs.yml \u3001 os-pkgs-anolis-8.8.tar.gz \u4e09\u4e2a\u6587\u4ef6\u62f7\u8d1d\u81f3\u79bb\u7ebf\u73af\u5883\u4e2d\u7684\u5f85\u5efa\u96c6\u7fa4\u7684**\u6240\u6709**\u8282\u70b9\u4e0a\u3002
\u767b\u5f55\u79bb\u7ebf\u73af\u5883\u4e2d\uff0c\u4efb\u4e00\u5f85\u5efa\u96c6\u7fa4\u7684\u5176\u4e2d\u4e00\u4e2a\u8282\u70b9\u4e0a\uff0c\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u4e3a\u8282\u70b9\u5b89\u88c5 os-pkg \u5305\u3002
# \u914d\u7f6e\u73af\u5883\u53d8\u91cf\nexport PKGS_YML_PATH=/root/workspace/os-pkgs/pkgs.yml # \u5f53\u524d\u79bb\u7ebf\u8282\u70b9 pkgs.yml \u6587\u4ef6\u7684\u8def\u5f84\nexport PKGS_TAR_PATH=/root/workspace/os-pkgs/os-pkgs-anolis-8.8.tar.gz # \u5f53\u524d\u79bb\u7ebf\u8282\u70b9 os-pkgs-anolis-8.8.tar.gz \u7684\u8def\u5f84\nexport SSH_USER=root # \u5f53\u524d\u79bb\u7ebf\u8282\u70b9\u7684\u7528\u6237\u540d\nexport SSH_PASS=dangerous # \u5f53\u524d\u79bb\u7ebf\u8282\u70b9\u7684\u5bc6\u7801\nexport HOST_IPS='172.30.41.168' # \u5f53\u524d\u79bb\u7ebf\u8282\u70b9\u7684 IP\n./other_os_pkgs.sh install #\u5b89\u88c5\u79bb\u7ebf\u5305\n
\u6267\u884c\u5b8c\u6210\u4e0a\u8ff0\u547d\u4ee4\u540e\uff0c\u7b49\u5f85\u754c\u9762\u63d0\u793a\uff1a All packages for node (X.X.X.X) have been installed \u5373\u8868\u793a\u5b89\u88c5\u5b8c\u6210\u3002
"},{"location":"admin/kpanda/best-practice/use-otherlinux-create-custer.html#_5","title":"\u4e0b\u4e00\u6b65","text":"\u53c2\u8003\u6587\u6863\u521b\u5efa\u5de5\u4f5c\u96c6\u7fa4\uff0c\u5728 UI \u754c\u9762\u4e0a\u521b\u5efa openAnolis \u96c6\u7fa4\u3002
"},{"location":"admin/kpanda/best-practice/co-located/index.html","title":"\u5728\u79bb\u7ebf\u6df7\u90e8","text":"\u4f01\u4e1a\u4e2d\u4e00\u822c\u5b58\u5728\u4e24\u79cd\u7c7b\u578b\u7684\u5de5\u4f5c\u8d1f\u8f7d\uff1a\u5728\u7ebf\u670d\u52a1\uff08latency-sensitive service\uff09\u548c\u79bb\u7ebf\u4efb\u52a1\uff08batch job\uff09\u3002 \u5728\u7ebf\u670d\u52a1\u5982\u641c\u7d22/\u652f\u4ed8/\u63a8\u8350\u7b49\uff0c\u5177\u6709\u5904\u7406\u4f18\u5148\u7ea7\u9ad8\u3001\u65f6\u5ef6\u654f\u611f\u6027\u9ad8\u3001\u9519\u8bef\u5bb9\u5fcd\u5ea6\u4f4e\u4ee5\u53ca\u767d\u5929\u8d1f\u8f7d\u9ad8\u665a\u4e0a\u8d1f\u8f7d\u4f4e\u7b49\u7279\u70b9\u3002 \u800c\u79bb\u7ebf\u4efb\u52a1\u5982 AI \u8bad\u7ec3/\u5927\u6570\u636e\u5904\u7406\u7b49\uff0c\u5177\u6709\u5904\u7406\u4f18\u5148\u7ea7\u4f4e\u3001\u65f6\u5ef6\u654f\u611f\u6027\u4f4e\u3001\u9519\u8bef\u5bb9\u5fcd\u5ea6\u9ad8\u4ee5\u53ca\u8fd0\u884c\u65f6\u8d1f\u8f7d\u4e00\u76f4\u8f83\u9ad8\u7b49\u7279\u70b9\u3002 \u7531\u4e8e\u5728\u7ebf\u670d\u52a1\u4e0e\u79bb\u7ebf\u4efb\u52a1\u8fd9\u4e24\u7c7b\u5de5\u4f5c\u8d1f\u8f7d\u5929\u7136\u5b58\u5728\u4e92\u8865\u6027\uff0c\u5c06\u5728/\u79bb\u7ebf\u4e1a\u52a1\u6df7\u5408\u90e8\u7f72\u662f\u63d0\u9ad8\u670d\u52a1\u5668\u8d44\u6e90\u5229\u7528\u7387\u7684\u6709\u6548\u9014\u5f84\u3002
\u53ef\u4ee5\u5c06\u79bb\u7ebf\u4e1a\u52a1\u6df7\u90e8\u5230\u5728\u7ebf\u4e1a\u52a1\u7684\u670d\u52a1\u5668\u4e0a\uff0c\u8ba9\u79bb\u7ebf\u4e1a\u52a1\u80fd\u591f\u5145\u5206\u5229\u7528\u5728\u7ebf\u4e1a\u52a1\u670d\u52a1\u5668\u7684\u7a7a\u95f2\u8d44\u6e90\uff0c\u63d0\u9ad8\u5728\u7ebf\u4e1a\u52a1\u670d\u52a1\u5668\u8d44\u6e90\u5229\u7528\u7387\uff0c\u5b9e\u73b0\u964d\u672c\u589e\u6548\u3002
\u5f53\u4e1a\u52a1\u4e2d\u4e34\u65f6\u9700\u8981\u5927\u91cf\u7684\u8d44\u6e90\uff0c\u8fd9\u4e2a\u65f6\u5019\u53ef\u4ee5\u5c06\u5728\u7ebf\u4e1a\u52a1\u5f39\u6027\u6df7\u90e8\u5230\u79bb\u7ebf\u4e1a\u52a1\u7684\u670d\u52a1\u5668\u4e0a\uff0c\u4f18\u5148\u4fdd\u8bc1\u5728\u7ebf\u4e1a\u52a1\u7684\u8d44\u6e90\u9700\u6c42\uff0c\u4e34\u65f6\u9700\u6c42\u7ed3\u675f\u540e\u518d\u628a\u8d44\u6e90\u5f52\u8fd8\u7ed9\u79bb\u7ebf\u4e1a\u52a1\u3002
\u5f53\u524d\u4f7f\u7528\u5f00\u6e90\u9879\u76ee Koordinator \u4f5c\u4e3a\u5728\u79bb\u7ebf\u6df7\u90e8\u7684\u89e3\u51b3\u65b9\u6848\u3002
Koordinator \u662f\u4e00\u4e2a\u57fa\u4e8e QoS \u7684 Kubernetes \u6df7\u5408\u5de5\u4f5c\u8d1f\u8f7d\u8c03\u5ea6\u7cfb\u7edf\u3002 \u5b83\u65e8\u5728\u63d0\u9ad8\u5bf9\u5ef6\u8fdf\u654f\u611f\u7684\u5de5\u4f5c\u8d1f\u8f7d\u548c\u6279\u5904\u7406\u4f5c\u4e1a\u7684\u8fd0\u884c\u65f6\u6548\u7387\u548c\u53ef\u9760\u6027\uff0c\u7b80\u5316\u4e0e\u8d44\u6e90\u76f8\u5173\u7684\u914d\u7f6e\u8c03\u6574\u7684\u590d\u6742\u6027\uff0c\u5e76\u589e\u52a0 Pod \u90e8\u7f72\u5bc6\u5ea6\u4ee5\u63d0\u9ad8\u8d44\u6e90\u5229\u7528\u7387\u3002
"},{"location":"admin/kpanda/best-practice/co-located/index.html#koordinator-qos","title":"Koordinator QoS","text":"Koordinator \u8c03\u5ea6\u7cfb\u7edf\u652f\u6301\u7684 QoS \u6709\u4e94\u79cd\u7c7b\u578b:
QoS \u7279\u70b9 \u8bf4\u660e SYSTEM \u7cfb\u7edf\u8fdb\u7a0b\uff0c\u8d44\u6e90\u53d7\u9650 \u5bf9\u4e8e DaemonSets \u7b49\u7cfb\u7edf\u670d\u52a1\uff0c\u867d\u7136\u9700\u8981\u4fdd\u8bc1\u7cfb\u7edf\u670d\u52a1\u7684\u5ef6\u8fdf\uff0c\u4f46\u4e5f\u9700\u8981\u9650\u5236\u8282\u70b9\u4e0a\u8fd9\u4e9b\u7cfb\u7edf\u670d\u52a1\u5bb9\u5668\u7684\u8d44\u6e90\u4f7f\u7528\uff0c\u4ee5\u786e\u4fdd\u5176\u4e0d\u5360\u7528\u8fc7\u591a\u7684\u8d44\u6e90 LSE(Latency Sensitive Exclusive) \u4fdd\u7559\u8d44\u6e90\u5e76\u7ec4\u7ec7\u540c QoS \u7684 Pod \u5171\u4eab\u8d44\u6e90 \u5f88\u5c11\u4f7f\u7528\uff0c\u5e38\u89c1\u4e8e\u4e2d\u95f4\u4ef6\u7c7b\u5e94\u7528\uff0c\u4e00\u822c\u5728\u72ec\u7acb\u7684\u8d44\u6e90\u6c60\u4e2d\u4f7f\u7528 LSR(Latency Sensitive Reserved) \u9884\u7559\u8d44\u6e90\u4ee5\u83b7\u5f97\u66f4\u597d\u7684\u786e\u5b9a\u6027 \u7c7b\u4f3c\u4e8e\u793e\u533a\u7684 Guaranteed\uff0cCPU \u6838\u88ab\u7ed1\u5b9a LS(Latency Sensitive) \u5171\u4eab\u8d44\u6e90\uff0c\u5bf9\u7a81\u53d1\u6d41\u91cf\u6709\u66f4\u597d\u7684\u5f39\u6027 \u5fae\u670d\u52a1\u5de5\u4f5c\u8d1f\u8f7d\u7684\u5178\u578bQoS\u7ea7\u522b\uff0c\u5b9e\u73b0\u66f4\u597d\u7684\u8d44\u6e90\u5f39\u6027\u548c\u66f4\u7075\u6d3b\u7684\u8d44\u6e90\u8c03\u6574\u80fd\u529b BE(Best Effort) \u5171\u4eab\u4e0d\u5305\u62ec LSE \u7684\u8d44\u6e90\uff0c\u8d44\u6e90\u8fd0\u884c\u8d28\u91cf\u6709\u9650\uff0c\u751a\u81f3\u5728\u6781\u7aef\u60c5\u51b5\u4e0b\u88ab\u6740\u6b7b \u6279\u91cf\u4f5c\u4e1a\u7684\u5178\u578b QoS \u6c34\u5e73\uff0c\u5728\u4e00\u5b9a\u65f6\u671f\u5185\u7a33\u5b9a\u7684\u8ba1\u7b97\u541e\u5410\u91cf\uff0c\u4f4e\u6210\u672c\u8d44\u6e90"},{"location":"admin/kpanda/best-practice/co-located/index.html#koordinator-qos-cpu","title":"Koordinator QoS CPU \u7f16\u6392\u539f\u5219","text":"\u4ee5\u4e0b\u793a\u4f8b\u4e2d\u521b\u5efa4\u4e2a\u526f\u672c\u6570\u4e3a1\u7684 deployment, \u8bbe\u7f6e QoS \u7c7b\u522b\u4e3a LSE, LSR, LS, BE, \u5f85 pod \u521b\u5efa\u5b8c\u6210\u540e\uff0c\u89c2\u5bdf\u5404 pod \u7684 CPU \u5206\u914d\u60c5\u51b5\u3002
\u521b\u5efa\u540d\u79f0\u4e3a nginx-lse \u7684 deployment\uff0cQoS \u7c7b\u522b\u4e3a LSE, yaml \u6587\u4ef6\u5982\u4e0b\u3002
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: nginx-lse\n labels:\n app: nginx-lse\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: nginx-lse\n template:\n metadata:\n name: nginx-lse\n labels:\n app: nginx-lse\n koordinator.sh/qosClass: LSE # \u8bbe\u7f6e QoS \u7c7b\u522b\u4e3a LSE\n # \u8c03\u5ea6\u5668\u5c06\u5728\u7269\u7406\u5185\u6838\u4e4b\u95f4\u5747\u5300\u7684\u5206\u914d\u903b\u8f91 CPU\n annotations:\n scheduling.koordinator.sh/resource-spec: '{\"preferredCPUBindPolicy\": \"SpreadByPCPUs\"}'\n spec:\n schedulerName: koord-scheduler # \u4f7f\u7528 koord-scheduler \u8c03\u5ea6\u5668\n containers:\n - name: nginx\n image: release.daocloud.io/kpanda/nginx:1.25.3-alpine\n resources:\n limits:\n cpu: '2'\n requests:\n cpu: '2'\n priorityClassName: koord-prod\n
\u521b\u5efa\u540d\u79f0\u4e3a nginx-lsr \u7684 deployment\uff0cQoS \u7c7b\u522b\u4e3a LSR, yaml \u6587\u4ef6\u5982\u4e0b\u3002
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: nginx-lsr\n labels:\n app: nginx-lsr\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: nginx-lsr\n template:\n metadata:\n name: nginx-lsr\n labels:\n app: nginx-lsr\n koordinator.sh/qosClass: LSR # \u8bbe\u7f6e QoS \u7c7b\u522b\u4e3a LSR\n # \u8c03\u5ea6\u5668\u5c06\u5728\u7269\u7406\u5185\u6838\u4e4b\u95f4\u5747\u5300\u7684\u5206\u914d\u903b\u8f91 CPU\n annotations:\n scheduling.koordinator.sh/resource-spec: '{\"preferredCPUBindPolicy\": \"SpreadByPCPUs\"}'\n spec:\n schedulerName: koord-scheduler # \u4f7f\u7528 koord-scheduler \u8c03\u5ea6\u5668\n containers:\n - name: nginx\n image: release.daocloud.io/kpanda/nginx:1.25.3-alpine\n resources:\n limits:\n cpu: '2'\n requests:\n cpu: '2'\n priorityClassName: koord-prod\n
\u521b\u5efa\u540d\u79f0\u4e3a nginx-ls \u7684 deployment\uff0cQoS \u7c7b\u522b\u4e3a LS, yaml \u6587\u4ef6\u5982\u4e0b\u3002
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: nginx-ls\n labels:\n app: nginx-ls\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: nginx-ls\n template:\n metadata:\n name: nginx-ls\n labels:\n app: nginx-ls\n koordinator.sh/qosClass: LS # \u8bbe\u7f6e QoS \u7c7b\u522b\u4e3a LS\n # \u8c03\u5ea6\u5668\u5c06\u5728\u7269\u7406\u5185\u6838\u4e4b\u95f4\u5747\u5300\u7684\u5206\u914d\u903b\u8f91 CPU\n annotations:\n scheduling.koordinator.sh/resource-spec: '{\"preferredCPUBindPolicy\": \"SpreadByPCPUs\"}'\n spec:\n schedulerName: koord-scheduler \n containers:\n - name: nginx\n image: release.daocloud.io/kpanda/nginx:1.25.3-alpine\n resources:\n limits:\n cpu: '2'\n requests:\n cpu: '2'\n priorityClassName: koord-prod\n
\u521b\u5efa\u540d\u79f0\u4e3a nginx-be \u7684 deployment\uff0cQoS \u7c7b\u522b\u4e3a BE, yaml \u6587\u4ef6\u5982\u4e0b\u3002
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: nginx-be\n labels:\n app: nginx-be\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: nginx-be\n template:\n metadata:\n name: nginx-be\n labels:\n app: nginx-be\n koordinator.sh/qosClass: BE # \u8bbe\u7f6e QoS \u7c7b\u522b\u4e3a BE\n # \u8c03\u5ea6\u5668\u5c06\u5728\u7269\u7406\u5185\u6838\u4e4b\u95f4\u5747\u5300\u7684\u5206\u914d\u903b\u8f91 CPU\n annotations:\n scheduling.koordinator.sh/resource-spec: '{\"preferredCPUBindPolicy\": \"SpreadByPCPUs\"}'\n spec:\n schedulerName: koord-scheduler # \u4f7f\u7528 koord-scheduler \u8c03\u5ea6\u5668\n containers:\n - name: nginx\n image: release.daocloud.io/kpanda/nginx:1.25.3-alpine\n resources:\n limits:\n kubernetes.io/batch-cpu: 2k\n requests:\n kubernetes.io/batch-cpu: 2k\n priorityClassName: koord-batch\n
\u67e5\u770b pod \u72b6\u6001\uff0c\u5f53 pod \u5904\u4e8e running \u540e\uff0c\u67e5\u770b\u5404 pod \u7684 CPU \u5206\u914d\u60c5\u51b5\u3002
[root@controller-node-1 ~]# kubectl get pod\nNAME READY STATUS RESTARTS AGE\nnginx-be-577c946b89-js2qn 1/1 Running 0 4h41m\nnginx-ls-54746c8cf8-rh4b7 1/1 Running 0 4h51m\nnginx-lse-56c9cd77f5-cdqbd 1/1 Running 0 4h41m\nnginx-lsr-c7fdb97d8-b58h8 1/1 Running 0 4h51m\n
\u672c\u793a\u4f8b\u4e2d\u4f7f\u7528 get_cpuset.sh \u811a\u672c\u67e5\u770b Pod \u7684 cpuset \u4fe1\u606f\uff0c\u811a\u672c\u5185\u5bb9\u5982\u4e0b\u3002
#!/bin/bash\n\n# \u83b7\u53d6Pod\u7684\u540d\u79f0\u548c\u547d\u540d\u7a7a\u95f4\u4f5c\u4e3a\u8f93\u5165\u53c2\u6570\nPOD_NAME=$1\nNAMESPACE=${2-default}\n\n# \u786e\u4fdd\u63d0\u4f9b\u4e86Pod\u540d\u79f0\u548c\u547d\u540d\u7a7a\u95f4\nif [ -z \"$POD_NAME\" ] || [ -z \"$NAMESPACE\" ]; then\n echo \"Usage: $0 <pod_name> <namespace>\"\n exit 1\nfi\n\n# \u4f7f\u7528kubectl\u83b7\u53d6Pod\u7684UID\u548cQoS\u7c7b\u522b\nPOD_INFO=$(kubectl get pod \"$POD_NAME\" -n \"$NAMESPACE\" -o jsonpath=\"{.metadata.uid} {.status.qosClass} {.status.containerStatuses[0].containerID}\")\nread -r POD_UID POD_QOS CONTAINER_ID <<< \"$POD_INFO\"\n\n# \u68c0\u67e5UID\u548cQoS\u7c7b\u522b\u662f\u5426\u6210\u529f\u83b7\u53d6\nif [ -z \"$POD_UID\" ] || [ -z \"$POD_QOS\" ]; then\n echo \"Failed to get UID or QoS Class for Pod $POD_NAME in namespace $NAMESPACE.\"\n exit 1\nfi\n\nPOD_UID=\"${POD_UID//-/_}\"\nCONTAINER_ID=\"${CONTAINER_ID//containerd:\\/\\//cri-containerd-}\".scope\n\n# \u6839\u636eQoS\u7c7b\u522b\u6784\u5efacgroup\u8def\u5f84\ncase \"$POD_QOS\" in\n Guaranteed)\n QOS_PATH=\"kubepods-pod.slice/$POD_UID.slice\"\n ;;\n Burstable)\n QOS_PATH=\"kubepods-burstable.slice/kubepods-burstable-pod$POD_UID.slice\"\n ;;\n BestEffort)\n QOS_PATH=\"kubepods-besteffort.slice/kubepods-besteffort-pod$POD_UID.slice\"\n ;;\n *)\n echo \"Unknown QoS Class: $POD_QOS\"\n exit 1\n ;;\nesac\n\nCPUGROUP_PATH=\"/sys/fs/cgroup/kubepods.slice/$QOS_PATH\"\n\n# \u68c0\u67e5\u8def\u5f84\u662f\u5426\u5b58\u5728\nif [ ! -d \"$CPUGROUP_PATH\" ]; then\n echo \"CPUs cgroup path for Pod $POD_NAME does not exist: $CPUGROUP_PATH\"\n exit 1\nfi\n\n# \u8bfb\u53d6\u5e76\u6253\u5370cpuset\u503c\nCPUSET=$(cat \"$CPUGROUP_PATH/$CONTAINER_ID/cpuset.cpus\")\necho \"CPU set for Pod $POD_NAME ($POD_QOS QoS): $CPUSET\"\n
\u67e5\u770b\u5404 Pod \u7684 cpuset \u5206\u914d\u60c5\u51b5\u3002
QoS \u7c7b\u578b\u4e3a LSE \u7684 Pod, \u72ec\u5360 0-1 \u6838\uff0c\u4e0d\u4e0e\u5176\u4ed6\u7c7b\u578b\u7684 Pod \u5171\u4eab CPU\u3002
[root@controller-node-1 ~]# ./get_cpuset.sh nginx-lse-56c9cd77f5-cdqbd\nCPU set for Pod nginx-lse-56c9cd77f5-cdqbd (Burstable QoS): 0-1\n
QoS \u7c7b\u578b\u4e3a LSR \u7684 Pod, \u7ed1\u5b9a CPU 2-3 \u6838\uff0c\u53ef\u4e0e BE \u7c7b\u578b\u7684 Pod \u5171\u4eab\u3002
[root@controller-node-1 ~]# ./get_cpuset.sh nginx-lsr-c7fdb97d8-b58h8\nCPU set for Pod nginx-lsr-c7fdb97d8-b58h8 (Burstable QoS): 2-3\n
QoS \u7c7b\u578b\u4e3a LS \u7684 Pod, \u4f7f\u7528 CPU 4-15 \u6838\uff0c\u7ed1\u5b9a\u4e86\u4e0e LSE/LSR Pod \u72ec\u5360\u4e4b\u5916\u7684\u5171\u4eab CPU \u6c60\u3002
[root@controller-node-1 ~]# ./get_cpuset.sh nginx-ls-54746c8cf8-rh4b7\nCPU set for Pod nginx-ls-54746c8cf8-rh4b7 (Burstable QoS): 4-15\n
QoS \u7c7b\u578b\u4e3a BE \u7684 pod, \u53ef\u4f7f\u7528 LSE Pod \u72ec\u5360\u4e4b\u5916\u7684 CPU\u3002
[root@controller-node-1 ~]# ./get_cpuset.sh nginx-be-577c946b89-js2qn\nCPU set for Pod nginx-be-577c946b89-js2qn (BestEffort QoS): 2,4-12\n
Koordinator \u662f\u4e00\u4e2a\u57fa\u4e8e QoS \u7684 Kubernetes \u6df7\u5408\u5de5\u4f5c\u8d1f\u8f7d\u8c03\u5ea6\u7cfb\u7edf\u3002\u5b83\u65e8\u5728\u63d0\u9ad8\u5bf9\u5ef6\u8fdf\u654f\u611f\u7684\u5de5\u4f5c\u8d1f\u8f7d\u548c\u6279\u5904\u7406\u4f5c\u4e1a\u7684\u8fd0\u884c\u65f6\u6548\u7387\u548c\u53ef\u9760\u6027\uff0c \u7b80\u5316\u4e0e\u8d44\u6e90\u76f8\u5173\u7684\u914d\u7f6e\u8c03\u6574\u7684\u590d\u6742\u6027\uff0c\u5e76\u589e\u52a0 Pod \u90e8\u7f72\u5bc6\u5ea6\u4ee5\u63d0\u9ad8\u8d44\u6e90\u5229\u7528\u7387\u3002
AI \u7b97\u529b\u4e2d\u5fc3\u9884\u7f6e\u4e86 Koordinator v1.5.0 \u79bb\u7ebf\u5305\u3002
\u672c\u6587\u4ecb\u7ecd\u5982\u4f55\u79bb\u7ebf\u90e8\u7f72 Koordinator\u3002
"},{"location":"admin/kpanda/best-practice/co-located/install.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u53c2\u8003\u5982\u4e0b\u6b65\u9aa4\u4e3a\u96c6\u7fa4\u5b89\u88c5 Koordinator \u63d2\u4ef6\u3002
\u767b\u5f55\u5e73\u53f0\uff0c\u8fdb\u5165 \u5bb9\u5668\u7ba1\u7406 -> \u5f85\u5b89\u88c5 Koordinator \u7684\u96c6\u7fa4 -> \u8fdb\u5165\u96c6\u7fa4\u8be6\u60c5\u3002
\u5728 Helm \u6a21\u677f \u9875\u9762\uff0c\u9009\u62e9 \u5168\u90e8\u4ed3\u5e93 \uff0c\u641c\u7d22 koordinator \u3002
\u9009\u62e9 koordinator \uff0c\u70b9\u51fb \u5b89\u88c5 \u3002
\u8fdb\u5165 koordinator \u5b89\u88c5\u9875\u9762\uff0c\u70b9\u51fb \u786e\u5b9a\uff0c\u4f7f\u7528\u9ed8\u8ba4\u914d\u7f6e\u5b89\u88c5 koordinator\u3002
\u67e5\u770b koordinator-system \u547d\u540d\u7a7a\u95f4\u4e0b\u7684 Pod \u662f\u5426\u6b63\u5e38\u8fd0\u884c
\u76ee\u524d\uff0c\u8bb8\u591a\u4e1a\u52a1\u5b58\u5728\u5cf0\u503c\u548c\u4f4e\u8c37\u7684\u73b0\u8c61\u3002\u4e3a\u4e86\u786e\u4fdd\u670d\u52a1\u7684\u6027\u80fd\u548c\u7a33\u5b9a\u6027\uff0c\u5728\u90e8\u7f72\u670d\u52a1\u65f6\uff0c\u901a\u5e38\u4f1a\u6839\u636e\u5cf0\u503c\u9700\u6c42\u6765\u7533\u8bf7\u8d44\u6e90\u3002 \u7136\u800c\uff0c\u5cf0\u503c\u671f\u53ef\u80fd\u975e\u5e38\u77ed\u6682\uff0c\u5bfc\u81f4\u5728\u975e\u5cf0\u503c\u671f\u65f6\u8d44\u6e90\u88ab\u6d6a\u8d39\u3002 \u96c6\u7fa4\u8d44\u6e90\u8d85\u5356 \u5c31\u662f\u5c06\u8fd9\u4e9b\u7533\u8bf7\u4e86\u800c\u672a\u4f7f\u7528\u7684\u8d44\u6e90\uff08\u5373\u7533\u8bf7\u91cf\u4e0e\u4f7f\u7528\u91cf\u7684\u5dee\u503c\uff09\u5229\u7528\u8d77\u6765\uff0c\u4ece\u800c\u63d0\u5347\u96c6\u7fa4\u8d44\u6e90\u5229\u7528\u7387\uff0c\u51cf\u5c11\u8d44\u6e90\u6d6a\u8d39\u3002
\u672c\u6587\u4e3b\u8981\u4ecb\u7ecd\u5982\u4f55\u4f7f\u7528\u96c6\u7fa4\u52a8\u6001\u8d44\u6e90\u8d85\u5356\u529f\u80fd\u3002
"},{"location":"admin/kpanda/clusterops/cluster-oversold.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u4e0a\u7684 \u96c6\u7fa4\u5217\u8868 \uff0c\u7136\u540e\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u9875\u9762
\u5728\u96c6\u7fa4\u8be6\u60c5\u9875\u9762\uff0c\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u7684 \u96c6\u7fa4\u8fd0\u7ef4 -> \u96c6\u7fa4\u8bbe\u7f6e \uff0c\u7136\u540e\u9009\u62e9 \u9ad8\u7ea7\u914d\u7f6e \u9875\u7b7e
\u6253\u5f00\u96c6\u7fa4\u8d85\u5356\uff0c\u8bbe\u7f6e\u8d85\u5356\u6bd4
Note
\u9700\u8981\u5728\u96c6\u7fa4\u4e0b\u5bf9\u5e94\u7684 namespace \u6253\u4e0a\u5982\u4e0b\u6807\u7b7e\uff0c\u96c6\u7fa4\u8d85\u5356\u7b56\u7565\u624d\u80fd\u751f\u6548\u3002
clusterresourceoverrides.admission.autoscaling.openshift.io/enabled: \"true\"\n
\u8bbe\u7f6e\u597d\u96c6\u7fa4\u52a8\u6001\u8d44\u6e90\u8d85\u5356\u6bd4\u540e\uff0c\u4f1a\u5728\u5de5\u4f5c\u8d1f\u8f7d\u8fd0\u884c\u65f6\u751f\u6548\u3002\u4e0b\u6587\u4ee5 niginx \u4e3a\u4f8b\uff0c\u9a8c\u8bc1\u4f7f\u7528\u8d44\u6e90\u8d85\u5356\u80fd\u529b\u3002
\u521b\u5efa\u5de5\u4f5c\u8d1f\u8f7d nginx \u5e76\u8bbe\u7f6e\u5bf9\u5e94\u7684\u8d44\u6e90\u9650\u5236\u503c\uff0c\u521b\u5efa\u6d41\u7a0b\u53c2\u8003\u521b\u5efa\u65e0\u72b6\u6001\u8d1f\u8f7d\uff08Deployment\uff09
\u67e5\u770b\u5de5\u4f5c\u8d1f\u8f7d\u7684 Pod \u8d44\u6e90\u7533\u8bf7\u503c\u4e0e\u9650\u5236\u503c\u7684\u6bd4\u503c\u662f\u5426\u7b26\u5408\u8d85\u552e\u6bd4
\u96c6\u7fa4\u8bbe\u7f6e\u7528\u4e8e\u4e3a\u60a8\u7684\u96c6\u7fa4\u81ea\u5b9a\u4e49\u9ad8\u7ea7\u7279\u6027\u8bbe\u7f6e\uff0c\u5305\u62ec\u662f\u5426\u542f\u7528 GPU\u3001Helm \u4ed3\u5e93\u5237\u65b0\u5468\u671f\u3001Helm \u64cd\u4f5c\u8bb0\u5f55\u4fdd\u7559\u7b49\u3002
\u542f\u7528 GPU\uff1a\u9700\u8981\u9884\u5148\u5728\u96c6\u7fa4\u4e0a\u5b89\u88c5 GPU \u5361\u53ca\u5bf9\u5e94\u9a71\u52a8\u63d2\u4ef6\u3002
\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u6700\u8fd1\u64cd\u4f5c -> \u96c6\u7fa4\u8bbe\u7f6e -> Addon \u63d2\u4ef6 \u3002
Helm \u64cd\u4f5c\u57fa\u7840\u955c\u50cf\u3001\u4ed3\u5e93\u5237\u65b0\u5468\u671f\u3001\u64cd\u4f5c\u8bb0\u5f55\u4fdd\u7559\u6761\u6570\u3001\u662f\u5426\u5f00\u542f\u96c6\u7fa4\u5220\u9664\u4fdd\u62a4\uff08\u5f00\u542f\u540e\u96c6\u7fa4\u5c06\u4e0d\u80fd\u76f4\u63a5\u5378\u8f7d\uff09
\u5728\u8be5\u9875\u9762\u53ef\u4ee5\u67e5\u770b\u6700\u8fd1\u7684\u96c6\u7fa4\u64cd\u4f5c\u8bb0\u5f55\u548c Helm \u64cd\u4f5c\u8bb0\u5f55\uff0c\u4ee5\u53ca\u5404\u9879\u64cd\u4f5c\u7684 YAML \u6587\u4ef6\u548c\u65e5\u5fd7\uff0c\u4e5f\u53ef\u4ee5\u5220\u9664\u67d0\u4e00\u6761\u8bb0\u5f55\u3002
\u8bbe\u7f6e Helm \u64cd\u4f5c\u7684\u4fdd\u7559\u6761\u6570\uff1a
\u7cfb\u7edf\u9ed8\u8ba4\u4fdd\u7559\u6700\u8fd1 100 \u6761 Helm \u64cd\u4f5c\u8bb0\u5f55\u3002\u82e5\u4fdd\u7559\u6761\u6570\u592a\u591a\uff0c\u53ef\u80fd\u4f1a\u9020\u6210\u6570\u636e\u5197\u4f59\uff0c\u4fdd\u7559\u6761\u6570\u592a\u5c11\u53ef\u80fd\u4f1a\u9020\u6210\u60a8\u6240\u9700\u8981\u7684\u5173\u952e\u64cd\u4f5c\u8bb0\u5f55\u7684\u7f3a\u5931\u3002\u9700\u8981\u6839\u636e\u5b9e\u9645\u60c5\u51b5\u8bbe\u7f6e\u5408\u7406\u7684\u4fdd\u7559\u6570\u91cf\u3002\u5177\u4f53\u6b65\u9aa4\u5982\u4e0b\uff1a
\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u6700\u8fd1\u64cd\u4f5c -> Helm \u64cd\u4f5c -> \u8bbe\u7f6e\u4fdd\u7559\u6761\u6570 \u3002
\u8bbe\u7f6e\u9700\u8981\u4fdd\u7559\u591a\u5c11\u6761 Helm \u64cd\u4f5c\u8bb0\u5f55\uff0c\u5e76\u70b9\u51fb \u786e\u5b9a \u3002
\u4f7f\u7528\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u5bb9\u5668\u7ba1\u7406\u5e73\u53f0\u63a5\u5165\u6216\u521b\u5efa\u7684\u96c6\u7fa4\uff0c\u4e0d\u4ec5\u53ef\u4ee5\u901a\u8fc7 UI \u754c\u9762\u76f4\u63a5\u8bbf\u95ee\uff0c\u4e5f\u53ef\u4ee5\u901a\u8fc7\u5176\u4ed6\u4e24\u79cd\u65b9\u5f0f\u8fdb\u884c\u8bbf\u95ee\u63a7\u5236\uff1a
Note
\u8bbf\u95ee\u96c6\u7fa4\u65f6\uff0c\u7528\u6237\u5e94\u5177\u6709 Cluster Admin \u6743\u9650\u6216\u66f4\u9ad8\u6743\u9650\u3002
"},{"location":"admin/kpanda/clusters/access-cluster.html#cloudshell","title":"\u901a\u8fc7 CloudShell \u8bbf\u95ee","text":"\u5728 \u96c6\u7fa4\u5217\u8868 \u9875\u9009\u62e9\u9700\u8981\u901a\u8fc7 CloudShell \u8bbf\u95ee\u7684\u96c6\u7fa4\uff0c\u70b9\u51fb\u53f3\u4fa7\u7684 \u2507 \u64cd\u4f5c\u56fe\u6807\u5e76\u5728\u4e0b\u62c9\u5217\u8868\u4e2d\u70b9\u51fb \u63a7\u5236\u53f0 \u3002
\u5728 CloudShell \u63a7\u5236\u53f0\u6267\u884c kubectl get node \u547d\u4ee4\uff0c\u9a8c\u8bc1 CloudShell \u4e0e\u96c6\u7fa4\u7684\u8fde\u901a\u6027\u3002\u5982\u56fe\uff0c\u63a7\u5236\u53f0\u5c06\u8fd4\u56de\u96c6\u7fa4\u4e0b\u7684\u8282\u70b9\u4fe1\u606f\u3002
\u73b0\u5728\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7 CloudShell \u6765\u8bbf\u95ee\u5e76\u7ba1\u7406\u8be5\u96c6\u7fa4\u4e86\u3002
"},{"location":"admin/kpanda/clusters/access-cluster.html#kubectl","title":"\u901a\u8fc7 kubectl \u8bbf\u95ee","text":"\u901a\u8fc7\u672c\u5730\u8282\u70b9\u8bbf\u95ee\u5e76\u7ba1\u7406\u4e91\u7aef\u96c6\u7fa4\u65f6\uff0c\u9700\u8981\u6ee1\u8db3\u4ee5\u4e0b\u6761\u4ef6\uff1a
\u6ee1\u8db3\u4e0a\u8ff0\u6761\u4ef6\u540e\uff0c\u6309\u7167\u4e0b\u65b9\u6b65\u9aa4\u4ece\u672c\u5730\u8bbf\u95ee\u4e91\u7aef\u96c6\u7fa4\uff1a
\u5728 \u96c6\u7fa4\u5217\u8868 \u9875\u9009\u62e9\u9700\u8981\u4e0b\u8f7d\u8bc1\u4e66\u7684\u96c6\u7fa4\uff0c\u70b9\u51fb\u53f3\u4fa7\u7684 \u2507 \uff0c\u5e76\u5728\u5f39\u51fa\u83dc\u5355\u4e2d\u70b9\u51fb \u8bc1\u4e66\u83b7\u53d6 \u3002
\u9009\u62e9\u8bc1\u4e66\u6709\u6548\u671f\u5e76\u70b9\u51fb \u4e0b\u8f7d\u8bc1\u4e66 \u3002
\u6253\u5f00\u4e0b\u8f7d\u597d\u7684\u96c6\u7fa4\u8bc1\u4e66\uff0c\u5c06\u8bc1\u4e66\u5185\u5bb9\u590d\u5236\u81f3\u672c\u5730\u8282\u70b9\u7684 config \u6587\u4ef6\u3002
kubectl \u5de5\u5177\u9ed8\u8ba4\u4f1a\u4ece\u672c\u5730\u8282\u70b9\u7684 $HOME/.kube \u76ee\u5f55\u4e0b\u67e5\u627e\u540d\u4e3a config \u7684\u6587\u4ef6\u3002\u8be5\u6587\u4ef6\u5b58\u50a8\u4e86\u76f8\u5173\u96c6\u7fa4\u7684\u8bbf\u95ee\u51ed\u8bc1\uff0ckubectl \u53ef\u4ee5\u51ed\u8be5\u914d\u7f6e\u6587\u4ef6\u8fde\u63a5\u81f3\u96c6\u7fa4\u3002
\u5728\u672c\u5730\u8282\u70b9\u4e0a\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u9a8c\u8bc1\u96c6\u7fa4\u7684\u8fde\u901a\u6027\uff1a
kubectl get pod -n default\n
\u9884\u671f\u7684\u8f93\u51fa\u7c7b\u4f3c\u4e8e:
NAME READY STATUS RESTARTS AGE\ndao-2048-2048-58c7f7fc5-mq7h4 1/1 Running 0 30h\n
\u73b0\u5728\u60a8\u53ef\u4ee5\u5728\u672c\u5730\u901a\u8fc7 kubectl \u8bbf\u95ee\u5e76\u7ba1\u7406\u8be5\u96c6\u7fa4\u4e86\u3002
"},{"location":"admin/kpanda/clusters/cluster-role.html","title":"\u96c6\u7fa4\u89d2\u8272","text":"\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u57fa\u4e8e\u96c6\u7fa4\u7684\u4e0d\u540c\u529f\u80fd\u5b9a\u4f4d\u5bf9\u96c6\u7fa4\u8fdb\u884c\u4e86\u89d2\u8272\u5206\u7c7b\uff0c\u5e2e\u52a9\u7528\u6237\u66f4\u597d\u5730\u7ba1\u7406 IT \u57fa\u7840\u8bbe\u65bd\u3002
"},{"location":"admin/kpanda/clusters/cluster-role.html#_2","title":"\u5168\u5c40\u670d\u52a1\u96c6\u7fa4","text":"\u6b64\u96c6\u7fa4\u7528\u4e8e\u8fd0\u884c\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u7ec4\u4ef6\uff0c\u4f8b\u5982\u5bb9\u5668\u7ba1\u7406\u3001\u5168\u5c40\u7ba1\u7406\u3001\u53ef\u89c2\u6d4b\u6027\u3001\u955c\u50cf\u4ed3\u5e93\u7b49\u3002 \u4e00\u822c\u4e0d\u627f\u8f7d\u4e1a\u52a1\u8d1f\u8f7d\u3002
\u652f\u6301\u7684\u529f\u80fd \u63cf\u8ff0 K8s \u7248\u672c 1.22+ \u64cd\u4f5c\u7cfb\u7edf RedHat 7.6 x86/ARM, RedHat 7.9 x86, RedHat 8.4 x86/ARM, RedHat 8.6 x86\uff1bUbuntu 18.04 x86, Ubuntu 20.04 x86\uff1bCentOS 7.6 x86/AMD, CentOS 7.9 x86/AMD \u96c6\u7fa4\u5168\u751f\u547d\u5468\u671f\u7ba1\u7406 \u652f\u6301 K8s \u8d44\u6e90\u7ba1\u7406 \u652f\u6301 \u4e91\u539f\u751f\u5b58\u50a8 \u652f\u6301 \u4e91\u539f\u751f\u7f51\u7edc Calico\u3001Cillium\u3001Multus \u548c\u5176\u5b83 CNI \u7b56\u7565\u7ba1\u7406 \u652f\u6301\u7f51\u7edc\u7b56\u7565\u3001\u914d\u989d\u7b56\u7565\u3001\u8d44\u6e90\u9650\u5236\u3001\u707e\u5907\u7b56\u7565\u3001\u5b89\u5168\u7b56\u7565"},{"location":"admin/kpanda/clusters/cluster-role.html#_3","title":"\u7ba1\u7406\u96c6\u7fa4","text":"\u6b64\u96c6\u7fa4\u7528\u4e8e\u7ba1\u7406\u5de5\u4f5c\u96c6\u7fa4\uff0c\u4e00\u822c\u4e0d\u627f\u8f7d\u4e1a\u52a1\u8d1f\u8f7d\u3002
\u652f\u6301\u7684\u529f\u80fd \u63cf\u8ff0 K8s \u7248\u672c 1.22+ \u64cd\u4f5c\u7cfb\u7edf RedHat 7.6 x86/ARM, RedHat 7.9 x86, RedHat 8.4 x86/ARM, RedHat 8.6 x86\uff1bUbuntu 18.04 x86, Ubuntu 20.04 x86\uff1bCentOS 7.6 x86/AMD, CentOS 7.9 x86/AMD \u96c6\u7fa4\u5168\u751f\u547d\u5468\u671f\u7ba1\u7406 \u652f\u6301 K8s \u8d44\u6e90\u7ba1\u7406 \u652f\u6301 \u4e91\u539f\u751f\u5b58\u50a8 \u652f\u6301 \u4e91\u539f\u751f\u7f51\u7edc Calico\u3001Cillium\u3001Multus \u548c\u5176\u5b83 CNI \u7b56\u7565\u7ba1\u7406 \u652f\u6301\u7f51\u7edc\u7b56\u7565\u3001\u914d\u989d\u7b56\u7565\u3001\u8d44\u6e90\u9650\u5236\u3001\u707e\u5907\u7b56\u7565\u3001\u5b89\u5168\u7b56\u7565"},{"location":"admin/kpanda/clusters/cluster-role.html#_4","title":"\u5de5\u4f5c\u96c6\u7fa4","text":"\u8fd9\u662f\u4f7f\u7528\u5bb9\u5668\u7ba1\u7406\u521b\u5efa\u7684\u96c6\u7fa4\uff0c\u4e3b\u8981\u7528\u4e8e\u627f\u8f7d\u4e1a\u52a1\u8d1f\u8f7d\u3002\u8be5\u96c6\u7fa4\u7531\u7ba1\u7406\u96c6\u7fa4\u8fdb\u884c\u7ba1\u7406\u3002
\u652f\u6301\u7684\u529f\u80fd \u63cf\u8ff0 K8s \u7248\u672c \u652f\u6301 K8s 1.22 \u53ca\u4ee5\u4e0a\u7248\u672c \u64cd\u4f5c\u7cfb\u7edf RedHat 7.6 x86/ARM, RedHat 7.9 x86, RedHat 8.4 x86/ARM, RedHat 8.6 x86\uff1bUbuntu 18.04 x86, Ubuntu 20.04 x86\uff1bCentOS 7.6 x86/AMD, CentOS 7.9 x86/AMD \u96c6\u7fa4\u5168\u751f\u547d\u5468\u671f\u7ba1\u7406 \u652f\u6301 K8s \u8d44\u6e90\u7ba1\u7406 \u652f\u6301 \u4e91\u539f\u751f\u5b58\u50a8 \u652f\u6301 \u4e91\u539f\u751f\u7f51\u7edc Calico\u3001Cillium\u3001Multus \u548c\u5176\u5b83 CNI \u7b56\u7565\u7ba1\u7406 \u652f\u6301\u7f51\u7edc\u7b56\u7565\u3001\u914d\u989d\u7b56\u7565\u3001\u8d44\u6e90\u9650\u5236\u3001\u707e\u5907\u7b56\u7565\u3001\u5b89\u5168\u7b56\u7565"},{"location":"admin/kpanda/clusters/cluster-role.html#_5","title":"\u63a5\u5165\u96c6\u7fa4","text":"\u6b64\u96c6\u7fa4\u7528\u4e8e\u63a5\u5165\u5df2\u6709\u7684\u6807\u51c6 K8s \u96c6\u7fa4\uff0c\u5305\u62ec\u4f46\u4e0d\u9650\u4e8e\u672c\u5730\u6570\u636e\u4e2d\u5fc3\u81ea\u5efa\u96c6\u7fa4\u3001\u516c\u6709\u4e91\u5382\u5546\u63d0\u4f9b\u7684\u96c6\u7fa4\u3001\u79c1\u6709\u4e91\u5382\u5546\u63d0\u4f9b\u7684\u96c6\u7fa4\u3001\u8fb9\u7f18\u96c6\u7fa4\u3001\u4fe1\u521b\u96c6\u7fa4\u3001\u5f02\u6784\u96c6\u7fa4\u3002\u4e3b\u8981\u7528\u4e8e\u627f\u62c5\u4e1a\u52a1\u8d1f\u8f7d\u3002
\u652f\u6301\u7684\u529f\u80fd \u63cf\u8ff0 K8s \u7248\u672c 1.18+ \u652f\u6301\u53cb\u5546 Vmware Tanzu\u3001Amazon EKS\u3001Redhat Openshift\u3001SUSE Rancher\u3001\u963f\u91cc ACK\u3001\u534e\u4e3a CCE\u3001\u817e\u8baf TKE\u3001\u6807\u51c6 K8s \u96c6\u7fa4\u3001\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0 \u96c6\u7fa4\u5168\u751f\u547d\u5468\u671f\u7ba1\u7406 \u4e0d\u652f\u6301 K8s \u8d44\u6e90\u7ba1\u7406 \u652f\u6301 \u4e91\u539f\u751f\u5b58\u50a8 \u652f\u6301 \u4e91\u539f\u751f\u7f51\u7edc \u4f9d\u8d56\u4e8e\u63a5\u5165\u96c6\u7fa4\u53d1\u884c\u7248\u7f51\u7edc\u6a21\u5f0f \u7b56\u7565\u7ba1\u7406 \u652f\u6301\u7f51\u7edc\u7b56\u7565\u3001\u914d\u989d\u7b56\u7565\u3001\u8d44\u6e90\u9650\u5236\u3001\u707e\u5907\u7b56\u7565\u3001\u5b89\u5168\u7b56\u7565Note
\u4e00\u4e2a\u96c6\u7fa4\u53ef\u4ee5\u6709\u591a\u4e2a\u96c6\u7fa4\u89d2\u8272\uff0c\u4f8b\u5982\u4e00\u4e2a\u96c6\u7fa4\u65e2\u53ef\u4ee5\u662f\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\uff0c\u4e5f\u53ef\u4ee5\u662f\u7ba1\u7406\u96c6\u7fa4\u6216\u5de5\u4f5c\u96c6\u7fa4\u3002
"},{"location":"admin/kpanda/clusters/cluster-scheduler-plugin.html","title":"\u5982\u4f55\u5728\u96c6\u7fa4\u4e2d\u90e8\u7f72\u7b2c\u4e8c\u8c03\u5ea6\u5668 scheduler-plugins","text":"\u672c\u6587\u4ecb\u7ecd\u5982\u4f55\u5728\u96c6\u7fa4\u4e2d\u90e8\u7f72\u7b2c\u4e8c\u4e2a\u8c03\u5ea6\u5668 scheduler-plugins\u3002
"},{"location":"admin/kpanda/clusters/cluster-scheduler-plugin.html#scheduler-plugins_1","title":"\u4e3a\u4ec0\u4e48\u9700\u8981 scheduler-plugins\uff1f","text":"\u901a\u8fc7\u5e73\u53f0\u521b\u5efa\u7684\u96c6\u7fa4\u4e2d\u4f1a\u5b89\u88c5 K8s \u539f\u751f\u7684\u8c03\u5ea6\u5668\uff0c\u4f46\u662f\u539f\u751f\u7684\u8c03\u5ea6\u5668\u5b58\u5728\u5f88\u591a\u7684\u5c40\u9650\u6027\uff1a
\u672c\u6587\u4ee5\u4f7f\u7528 vgpu \u8c03\u5ea6\u5668\u7684\u540c\u65f6\uff0c\u60f3\u7ed3\u5408 scheduler-plugins \u7684 coscheduling \u63d2\u4ef6\u80fd\u529b\u7684\u573a\u666f\u4e3a\u793a\u4f8b\uff0c\u4ecb\u7ecd\u5982\u4f55\u5b89\u88c5\u5e76\u4f7f\u7528 scheduler-plugins\u3002
"},{"location":"admin/kpanda/clusters/cluster-scheduler-plugin.html#scheduler-plugins_2","title":"\u5b89\u88c5 scheduler-plugins","text":""},{"location":"admin/kpanda/clusters/cluster-scheduler-plugin.html#_1","title":"\u524d\u7f6e\u6761\u4ef6","text":"\u5728 \u521b\u5efa\u96c6\u7fa4 -> \u9ad8\u7ea7\u914d\u7f6e -> \u81ea\u5b9a\u4e49\u53c2\u6570 \u4e2d\u6dfb\u52a0 scheduler-plugins \u53c2\u6570
scheduler_plugins_enabled:true\nscheduler_plugins_plugin_config:\n - name: Coscheduling\n args:\n permitWaitingTimeSeconds: 10 # default is 60\n
\u53c2\u6570\u8bf4\u660e\uff1a
scheduler_plugins_enabled
\u8bbe\u7f6e\u4e3a true \u65f6\uff0c\u5f00\u542f scheduler-plugins \u63d2\u4ef6\u80fd\u529b\u3002scheduler_plugins_enabled_plugins
\u6216 scheduler_plugins_disabled_plugins
\u9009\u9879\u6765\u542f\u7528\u6216\u7981\u7528\u67d0\u4e9b\u63d2\u4ef6\u3002 \u53c2\u9605 K8s \u5b98\u65b9\u63d2\u4ef6\u540d\u79f0\u3002\u96c6\u7fa4\u521b\u5efa\u6210\u529f\u540e\u7cfb\u7edf\u4f1a\u81ea\u52a8\u5b89\u88c5 scheduler-plugins \u548c controller \u7ec4\u4ef6\u8d1f\u8f7d\uff0c\u53ef\u4ee5\u5728\u5bf9\u5e94\u96c6\u7fa4\u7684\u65e0\u72b6\u6001\u8d1f\u8f7d\u4e2d\u67e5\u770b\u8d1f\u8f7d\u72b6\u6001\u3002
\u4ee5\u4e0b\u4ee5\u4f7f\u7528 vgpu \u8c03\u5ea6\u5668\u7684\u540c\u65f6\uff0c\u60f3\u7ed3\u5408 scheduler-plugins \u7684 coscheduling \u63d2\u4ef6\u80fd\u529b\u573a\u666f\u4e3a\u793a\u4f8b\uff0c\u4ecb\u7ecd\u5982\u4f55\u4f7f\u7528 scheduler-plugins\u3002
\u5728 Helm \u6a21\u677f\u4e2d\u5b89\u88c5 vgpu\uff0c\u8bbe\u7f6e values.yaml \u53c2\u6570\u3002
schedulerName: scheduler-plugins-scheduler
\uff0c\u8fd9\u662f kubean \u9ed8\u8ba4\u5b89\u88c5\u7684 scheduler-plugins \u7684 scheduler \u540d\u79f0\uff0c\u76ee\u524d\u4e0d\u80fd\u4fee\u6539\u3002scheduler.kubeScheduler.enabled: false
\uff0c\u4e0d\u5b89\u88c5 kube-scheduler\uff0c\u5c06 vgpu-scheduler \u4f5c\u4e3a\u5355\u72ec\u7684 extender\u3002\u5728 scheduler-plugins \u4e0a\u6269\u5c55 vgpu-scheduler\u3002
[root@master01 charts]# kubectl get cm -n scheduler-plugins scheduler-config -ojsonpath=\"{.data.scheduler-config\\.yaml}\"\n
apiVersion: kubescheduler.config.k8s.io/v1\nkind: KubeSchedulerConfiguration\nleaderElection:\n leaderElect: false\nprofiles:\n # Compose all plugins in one profile\n - schedulerName: scheduler-plugins-scheduler\n plugins:\n multiPoint:\n enabled:\n - name: Coscheduling\n - name: CapacityScheduling\n - name: NodeResourceTopologyMatch\n - name: NodeResourcesAllocatable\n disabled:\n - name: PrioritySort\npluginConfig:\n - args:\n permitWaitingTimeSeconds: 10\n name: Coscheduling\n
\u4fee\u6539 scheduler-plugins \u7684 scheduler-config \u7684 configmap \u53c2\u6570\uff0c\u5982\u4e0b\uff1a
[root@master01 charts]# kubectl get cm -n scheduler-plugins scheduler-config -ojsonpath=\"{.data.scheduler-config\\.yaml}\"\n
apiVersion: kubescheduler.config.k8s.io/v1\nkind: KubeSchedulerConfiguration\nleaderElection:\n leaderElect: false\nprofiles:\n # Compose all plugins in one profile\n - schedulerName: scheduler-plugins-scheduler\n plugins:\n multiPoint:\n enabled:\n - name: Coscheduling\n - name: CapacityScheduling\n - name: NodeResourceTopologyMatch\n - name: NodeResourcesAllocatable\n disabled:\n - name: PrioritySort\npluginConfig:\n - args:\n permitWaitingTimeSeconds: 10\n name: Coscheduling\nextenders:\n - urlPrefix: \"${urlPrefix}\"\n filterVerb: filter\n bindVerb: bind\n nodeCacheCapable: true\n ignorable: true\n httpTimeout: 30s\n weight: 1\n enableHTTPS: true\n tlsConfig:\n insecure: true\n managedResources:\n - name: nvidia.com/vgpu\n ignoredByScheduler: true\n - name: nvidia.com/gpumem\n ignoredByScheduler: true\n - name: nvidia.com/gpucores\n ignoredByScheduler: true\n - name: nvidia.com/gpumem-percentage\n ignoredByScheduler: true\n - name: nvidia.com/priority\n ignoredByScheduler: true\n - name: cambricon.com/mlunum\n ignoredByScheduler: true\n
\u5b89\u88c5\u5b8c vgpu-scheduler \u540e\uff0c\u7cfb\u7edf\u4f1a\u81ea\u52a8\u521b\u5efa svc\uff0curlPrefix \u6307\u5b9a svc \u7684 URL\u3002
Note
svc \u6307 pod \u670d\u52a1\u8d1f\u8f7d\uff0c\u60a8\u53ef\u4ee5\u5230\u5b89\u88c5\u4e86 nvidia-vgpu \u63d2\u4ef6\u7684\u547d\u540d\u7a7a\u95f4\u4e0b\u901a\u8fc7\u4ee5\u4e0b\u547d\u4ee4\u62ff\u5230 443 \u7aef\u53e3\u5bf9\u5e94\u7684\u5916\u90e8\u8bbf\u95ee\u4fe1\u606f\u3002
kubectl get svc -n ${namespace} \n
urlprifix \u683c\u5f0f\u4e3a https://${ip \u5730\u5740}:${\u7aef\u53e3}
\u5c06 scheduler-plugins \u7684 scheduler Pod \u91cd\u542f\uff0c\u52a0\u8f7d\u65b0\u7684\u914d\u7f6e\u6587\u4ef6\u3002
Note
\u5728\u521b\u5efa vgpu \u5e94\u7528\u65f6\u4e0d\u9700\u8981\u6307\u5b9a\u8c03\u5ea6\u5668\u540d\u79f0\uff0cvgpu-scheduler \u7684 Webhook \u4f1a\u81ea\u52a8\u5c06 Scheduler \u7684\u540d\u79f0\u4fee\u6539\u4e3a scheduler-plugins-scheduler\uff0c\u4e0d\u7528\u624b\u52a8\u6307\u5b9a\u3002
\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u652f\u6301\u7eb3\u7ba1\u4e24\u79cd\u7c7b\u578b\u7684\u96c6\u7fa4\uff1a\u63a5\u5165\u96c6\u7fa4\u548c\u81ea\u5efa\u96c6\u7fa4\u3002 \u5173\u4e8e\u96c6\u7fa4\u7eb3\u7ba1\u7c7b\u578b\u7684\u66f4\u591a\u4fe1\u606f\uff0c\u8bf7\u53c2\u89c1\u96c6\u7fa4\u89d2\u8272\u3002
\u8fd9\u4e24\u79cd\u96c6\u7fa4\u7684\u72b6\u6001\u5982\u4e0b\u6240\u8ff0\u3002
"},{"location":"admin/kpanda/clusters/cluster-status.html#_2","title":"\u63a5\u5165\u96c6\u7fa4","text":"\u72b6\u6001 \u63cf\u8ff0 \u63a5\u5165\u4e2d\uff08Joining\uff09 \u96c6\u7fa4\u6b63\u5728\u63a5\u5165 \u89e3\u9664\u63a5\u5165\u4e2d\uff08Removing\uff09 \u96c6\u7fa4\u6b63\u5728\u89e3\u9664\u63a5\u5165 \u8fd0\u884c\u4e2d\uff08Running\uff09 \u96c6\u7fa4\u6b63\u5e38\u8fd0\u884c \u672a\u77e5\uff08Unknown\uff09 \u96c6\u7fa4\u5df2\u5931\u8054\uff0c\u7cfb\u7edf\u5c55\u793a\u6570\u636e\u4e3a\u5931\u8054\u524d\u7f13\u5b58\u6570\u636e\uff0c\u4e0d\u4ee3\u8868\u771f\u5b9e\u6570\u636e\uff0c\u540c\u65f6\u5931\u8054\u72b6\u6001\u4e0b\u6267\u884c\u7684\u4efb\u4f55\u64cd\u4f5c\u90fd\u5c06\u4e0d\u751f\u6548\uff0c\u8bf7\u68c0\u67e5\u96c6\u7fa4\u7f51\u7edc\u8fde\u901a\u6027\u6216\u4e3b\u673a\u72b6\u6001\u3002"},{"location":"admin/kpanda/clusters/cluster-status.html#_3","title":"\u81ea\u5efa\u96c6\u7fa4","text":"\u72b6\u6001 \u63cf\u8ff0 \u521b\u5efa\u4e2d\uff08Creating\uff09 \u96c6\u7fa4\u6b63\u5728\u521b\u5efa \u66f4\u65b0\u4e2d\uff08Updating\uff09 \u66f4\u65b0\u96c6\u7fa4 Kubernetes \u7248\u672c \u5220\u9664\u4e2d\uff08Deleting\uff09 \u96c6\u7fa4\u6b63\u5728\u5220\u9664 \u8fd0\u884c\u4e2d\uff08Running\uff09 \u96c6\u7fa4\u6b63\u5e38\u8fd0\u884c \u672a\u77e5\uff08Unknown\uff09 \u96c6\u7fa4\u5df2\u5931\u8054\uff0c\u7cfb\u7edf\u5c55\u793a\u6570\u636e\u4e3a\u5931\u8054\u524d\u7f13\u5b58\u6570\u636e\uff0c\u4e0d\u4ee3\u8868\u771f\u5b9e\u6570\u636e\uff0c\u540c\u65f6\u5931\u8054\u72b6\u6001\u4e0b\u6267\u884c\u7684\u4efb\u4f55\u64cd\u4f5c\u90fd\u5c06\u4e0d\u751f\u6548\uff0c\u8bf7\u68c0\u67e5\u96c6\u7fa4\u7f51\u7edc\u8fde\u901a\u6027\u6216\u4e3b\u673a\u72b6\u6001\u3002 \u521b\u5efa\u5931\u8d25\uff08Failed\uff09 \u96c6\u7fa4\u521b\u5efa\u5931\u8d25\uff0c\u8bf7\u67e5\u770b\u65e5\u5fd7\u4ee5\u83b7\u53d6\u8be6\u7ec6\u5931\u8d25\u539f\u56e0"},{"location":"admin/kpanda/clusters/cluster-version.html","title":"\u96c6\u7fa4\u7248\u672c\u652f\u6301\u8303\u56f4","text":"\u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4e2d\uff0c\u63a5\u5165\u578b\u96c6\u7fa4\u548c\u81ea\u5efa\u96c6\u7fa4\u91c7\u53d6\u4e0d\u540c\u7684\u7248\u672c\u652f\u6301\u673a\u5236\u3002
\u672c\u6587\u4e3b\u8981\u4ecb\u7ecd\u81ea\u5efa\u96c6\u7fa4\u7684\u7248\u672c\u652f\u6301\u673a\u5236\u3002
Kubernetes \u793e\u533a\u652f\u6301 3 \u4e2a\u7248\u672c\u8303\u56f4\uff0c\u5982 1.26\u30011.27\u30011.28\u3002\u5f53\u793e\u533a\u65b0\u7248\u672c\u53d1\u5e03\u4e4b\u540e\uff0c\u652f\u6301\u7684\u7248\u672c\u8303\u56f4\u5c06\u4f1a\u8fdb\u884c\u9012\u589e\u3002 \u5982\u793e\u533a\u6700\u65b0\u7684 1.29 \u7248\u672c\u5df2\u7ecf\u53d1\u5e03\uff0c\u6b64\u65f6\u793e\u533a\u652f\u6301\u7684\u7248\u672c\u8303\u56f4\u662f 1.27\u30011.28\u30011.29\u3002
\u4f8b\u5982\uff0c\u793e\u533a\u652f\u6301\u7684\u7248\u672c\u8303\u56f4\u662f 1.25\u30011.26\u30011.27\uff0c\u5219\u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4e2d\u4f7f\u7528\u754c\u9762\u521b\u5efa\u5de5\u4f5c\u96c6\u7fa4\u7684\u7248\u672c\u8303\u56f4\u662f 1.24\u30011.25\u30011.26\uff0c\u5e76\u4e14\u4f1a\u4e3a\u7528\u6237\u63a8\u8350\u4e00\u4e2a\u7a33\u5b9a\u7684\u7248\u672c\uff0c\u5982 1.24.7\u3002
\u9664\u6b64\u4e4b\u5916\uff0c\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4e2d\u4f7f\u7528\u754c\u9762\u521b\u5efa\u5de5\u4f5c\u96c6\u7fa4\u7684\u7248\u672c\u8303\u56f4\u4e0e\u793e\u533a\u4fdd\u6301\u9ad8\u5ea6\u540c\u6b65\uff0c\u5f53\u793e\u533a\u7248\u672c\u8fdb\u884c\u9012\u589e\u540e\uff0c\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4e2d\u4f7f\u7528\u754c\u9762\u521b\u5efa\u5de5\u4f5c\u96c6\u7fa4\u7684\u7248\u672c\u8303\u56f4\u4e5f\u4f1a\u540c\u6b65\u9012\u589e\u4e00\u4e2a\u7248\u672c\u3002
"},{"location":"admin/kpanda/clusters/cluster-version.html#kubernetes","title":"Kubernetes \u7248\u672c\u652f\u6301\u8303\u56f4","text":"Kubernetes \u793e\u533a\u7248\u672c\u8303\u56f4 \u81ea\u5efa\u5de5\u4f5c\u96c6\u7fa4\u7248\u672c\u8303\u56f4 \u81ea\u5efa\u5de5\u4f5c\u96c6\u7fa4\u63a8\u8350\u7248\u672c \u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u5b89\u88c5\u5668 \u53d1\u5e03\u65f6\u95f4\u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u4e2d\uff0c\u96c6\u7fa4\u89d2\u8272\u5206\u56db\u7c7b\uff1a\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u3001\u7ba1\u7406\u96c6\u7fa4\u3001\u5de5\u4f5c\u96c6\u7fa4\u3001\u63a5\u5165\u96c6\u7fa4\u3002 \u5176\u4e2d\uff0c\u63a5\u5165\u96c6\u7fa4\u53ea\u80fd\u4ece\u7b2c\u4e09\u65b9\u5382\u5546\u63a5\u5165\uff0c\u53c2\u89c1\u63a5\u5165\u96c6\u7fa4\u3002
\u672c\u9875\u4ecb\u7ecd\u5982\u4f55\u521b\u5efa\u5de5\u4f5c\u96c6\u7fa4\uff0c\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u65b0\u5efa\u5de5\u4f5c\u96c6\u7fa4\u7684\u5de5\u4f5c\u8282\u70b9 OS \u7c7b\u578b\u548c CPU \u67b6\u6784\u9700\u8981\u4e0e\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4fdd\u6301\u4e00\u81f4\u3002 \u5982\u9700\u4f7f\u7528\u533a\u522b\u4e8e\u5168\u5c40\u670d\u52a1\u96c6\u7fa4 OS \u6216\u67b6\u6784\u7684\u8282\u70b9\u521b\u5efa\u96c6\u7fa4\uff0c\u53c2\u9605\u5728 centos \u7ba1\u7406\u5e73\u53f0\u4e0a\u521b\u5efa ubuntu \u5de5\u4f5c\u96c6\u7fa4\u8fdb\u884c\u521b\u5efa\u3002
\u63a8\u8350\u4f7f\u7528 \u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u652f\u6301\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002 \u5982\u60a8\u672c\u5730\u8282\u70b9\u4e0d\u5728\u4e0a\u8ff0\u652f\u6301\u8303\u56f4\uff0c\u53ef\u53c2\u8003\u5728\u975e\u4e3b\u6d41\u64cd\u4f5c\u7cfb\u7edf\u4e0a\u521b\u5efa\u96c6\u7fa4\u8fdb\u884c\u521b\u5efa\u3002
"},{"location":"admin/kpanda/clusters/create-cluster.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u521b\u5efa\u96c6\u7fa4\u4e4b\u524d\u9700\u8981\u6ee1\u8db3\u4e00\u5b9a\u7684\u524d\u63d0\u6761\u4ef6\uff1a
v1.28.0-v1.30.2
\u3002\u5982\u9700\u521b\u5efa\u4f4e\u7248\u672c\u7684\u96c6\u7fa4\uff0c\u8bf7\u53c2\u8003\u96c6\u7fa4\u7248\u672c\u652f\u6301\u8303\u56f4\u3001\u90e8\u7f72\u4e0e\u5347\u7ea7 Kubean \u5411\u4e0b\u517c\u5bb9\u7248\u672c\u3002\u5728 \u96c6\u7fa4\u5217\u8868 \u9875\u9762\u4e2d\uff0c\u70b9\u51fb \u521b\u5efa\u96c6\u7fa4 \u6309\u94ae\u3002
\u53c2\u8003\u4e0b\u5217\u8981\u6c42\u586b\u5199\u96c6\u7fa4\u57fa\u672c\u4fe1\u606f\uff0c\u5e76\u70b9\u51fb \u4e0b\u4e00\u6b65 \u3002
\u586b\u5199\u8282\u70b9\u914d\u7f6e\u4fe1\u606f\uff0c\u5e76\u70b9\u51fb \u4e0b\u4e00\u6b65 \u3002
\u9ad8\u53ef\u7528\uff1a\u5f00\u542f\u540e\u9700\u8981\u63d0\u4f9b\u81f3\u5c11 3 \u4e2a\u63a7\u5236\u5668\u8282\u70b9\u3002\u5173\u95ed\u540e\uff0c\u53ea\u63d0\u4f9b 1 \u4e2a\u63a7\u5236\u5668\u8282\u70b9\u5373\u53ef\u3002
\u751f\u4ea7\u73af\u5883\u4e2d\u5efa\u8bae\u4f7f\u7528\u9ad8\u53ef\u7528\u6a21\u5f0f\u3002
\u8ba4\u8bc1\u65b9\u5f0f\uff1a\u9009\u62e9\u901a\u8fc7\u7528\u6237\u540d/\u5bc6\u7801\u8fd8\u662f\u516c\u79c1\u94a5\u8bbf\u95ee\u8282\u70b9\u3002
\u5982\u679c\u4f7f\u7528\u516c\u79c1\u94a5\u65b9\u5f0f\u8bbf\u95ee\u8282\u70b9\uff0c\u9700\u8981\u9884\u5148\u914d\u7f6e\u8282\u70b9\u7684 SSH \u5bc6\u94a5\u3002\u53c2\u9605\u4f7f\u7528 SSH \u5bc6\u94a5\u8ba4\u8bc1\u8282\u70b9\u3002
\u4f7f\u7528\u7edf\u4e00\u7684\u5bc6\u7801\uff1a\u5f00\u542f\u540e\u96c6\u7fa4\u4e2d\u6240\u6709\u8282\u70b9\u7684\u8bbf\u95ee\u5bc6\u7801\u90fd\u76f8\u540c\uff0c\u9700\u8981\u5728\u4e0b\u65b9\u8f93\u5165\u8bbf\u95ee\u6240\u6709\u8282\u70b9\u7684\u7edf\u4e00\u5bc6\u7801\u3002\u5982\u679c\u5173\u95ed\uff0c\u5219\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u8282\u70b9\u8bbe\u7f6e\u5355\u72ec\u7684\u7528\u6237\u540d\u548c\u5bc6\u7801\u3002
\u8282\u70b9\u4fe1\u606f\uff1a\u586b\u5199\u8282\u70b9\u540d\u79f0\u548c IP \u5730\u5740\u3002
\u5728\u9875\u9762\u5e95\u90e8\u70b9\u51fb\u8282\u70b9\u68c0\u67e5\u3002\u5982\u679c\u68c0\u67e5\u901a\u8fc7\u5219\u7ee7\u7eed\u4e0b\u4e00\u6b65\u64cd\u4f5c\u3002\u5982\u679c\u68c0\u67e5\u672a\u901a\u8fc7\uff0c\u5219\u66f4\u65b0 \u8282\u70b9\u4fe1\u606f \u5e76\u518d\u6b21\u6267\u884c\u68c0\u67e5\u3002
\u586b\u5199\u7f51\u7edc\u914d\u7f6e\u4fe1\u606f\uff0c\u5e76\u70b9\u51fb \u4e0b\u4e00\u6b65 \u3002
\u7f51\u7edc\u63d2\u4ef6\uff1a\u8d1f\u8d23\u4e3a\u96c6\u7fa4\u5185\u7684 Pod \u63d0\u4f9b\u7f51\u7edc\u670d\u52a1\uff0c\u521b\u5efa\u96c6\u7fa4\u540e\u4e0d\u53ef\u66f4\u6539\u7f51\u7edc\u63d2\u4ef6\u3002\u652f\u6301 cilium \u548c calico\u3002\u9009\u62e9 none \u8868\u793a\u6682\u4e0d\u5b89\u88c5\u7f51\u7edc\u63d2\u4ef6\u3002
\u5bb9\u5668\u7f51\u6bb5\uff1a\u96c6\u7fa4\u4e0b\u5bb9\u5668\u4f7f\u7528\u7684\u7f51\u6bb5\uff0c\u51b3\u5b9a\u96c6\u7fa4\u4e0b\u5bb9\u5668\u7684\u6570\u91cf\u4e0a\u9650\u3002\u521b\u5efa\u540e\u4e0d\u53ef\u4fee\u6539\u3002
\u586b\u5199\u63d2\u4ef6\u914d\u7f6e\u4fe1\u606f\uff0c\u5e76\u70b9\u51fb \u4e0b\u4e00\u6b65 \u3002
\u586b\u5199\u9ad8\u7ea7\u914d\u7f6e\u4fe1\u606f\uff0c\u5e76\u70b9\u51fb \u786e\u5b9a \u3002
Success
Note
\u901a\u8fc7\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u5bb9\u5668\u7ba1\u7406\u5e73\u53f0 \u521b\u5efa\u7684\u96c6\u7fa4 \u652f\u6301 \u5378\u8f7d\u96c6\u7fa4 \u6216 \u89e3\u9664\u63a5\u5165 \u64cd\u4f5c\uff0c\u4ece\u5176\u4ed6\u73af\u5883\u76f4\u63a5 \u63a5\u5165\u7684\u96c6\u7fa4 \u4ec5\u652f\u6301 \u89e3\u9664\u63a5\u5165 \u64cd\u4f5c\u3002
Info
\u5982\u679c\u60f3\u5f7b\u5e95\u5220\u9664\u4e00\u4e2a\u63a5\u5165\u7684\u96c6\u7fa4\uff0c\u9700\u8981\u524d\u5f80\u521b\u5efa\u8be5\u96c6\u7fa4\u7684\u539f\u59cb\u5e73\u53f0\u64cd\u4f5c\u3002\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4e0d\u652f\u6301\u5220\u9664\u63a5\u5165\u7684\u96c6\u7fa4\u3002
\u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4e2d\uff0c \u5378\u8f7d\u96c6\u7fa4 \u548c \u89e3\u9664\u63a5\u5165 \u7684\u533a\u522b\u5728\u4e8e\uff1a
Note
\u5728 \u96c6\u7fa4\u5217\u8868 \u9875\u627e\u5230\u9700\u8981\u5378\u8f7d\u96c6\u7fa4\uff0c\u70b9\u51fb\u53f3\u4fa7\u7684 \u2507 \u5e76\u5728\u4e0b\u62c9\u5217\u8868\u4e2d\u70b9\u51fb \u5378\u8f7d\u96c6\u7fa4 \u3002
\u8f93\u5165\u96c6\u7fa4\u540d\u79f0\u8fdb\u884c\u786e\u8ba4\uff0c\u7136\u540e\u70b9\u51fb \u5220\u9664 \u3002
\u5982\u679c\u63d0\u793a\u96c6\u7fa4\u4e2d\u8fd8\u6709\u4e00\u4e9b\u6b8b\u7559\u7684\u8d44\u6e90\uff0c\u5219\u9700\u8981\u6309\u63d0\u793a\u5220\u9664\u76f8\u5173\u8d44\u6e90\u540e\u624d\u80fd\u6267\u884c\u5378\u8f7d\u64cd\u4f5c\u3002
\u8fd4\u56de \u96c6\u7fa4\u5217\u8868 \u9875\u53ef\u4ee5\u770b\u5230\u8be5\u96c6\u7fa4\u7684\u72b6\u6001\u5df2\u7ecf\u53d8\u6210 \u5220\u9664\u4e2d \u3002\u5378\u8f7d\u96c6\u7fa4\u53ef\u80fd\u9700\u8981\u4e00\u6bb5\u65f6\u95f4\uff0c\u8bf7\u60a8\u8010\u5fc3\u7b49\u5019\u3002
Note
\u5728 \u96c6\u7fa4\u5217\u8868 \u9875\u627e\u5230\u9700\u8981\u5378\u8f7d\u96c6\u7fa4\uff0c\u70b9\u51fb\u53f3\u4fa7\u7684 \u2507 \u5e76\u5728\u4e0b\u62c9\u5217\u8868\u4e2d\u70b9\u51fb \u89e3\u9664\u63a5\u5165 \u3002
\u8f93\u5165\u96c6\u7fa4\u540d\u79f0\u8fdb\u884c\u786e\u8ba4\uff0c\u7136\u540e\u70b9\u51fb \u89e3\u9664\u63a5\u5165 \u3002
\u5982\u679c\u63d0\u793a\u96c6\u7fa4\u4e2d\u8fd8\u6709\u4e00\u4e9b\u6b8b\u7559\u7684\u8d44\u6e90\uff0c\u5219\u9700\u8981\u6309\u63d0\u793a\u5220\u9664\u76f8\u5173\u8d44\u6e90\u540e\u624d\u80fd\u89e3\u9664\u63a5\u5165\u3002
\u96c6\u7fa4\u88ab\u79fb\u9664\u540e\uff0c\u96c6\u7fa4\u4e2d\u539f\u6709\u7684\u7ba1\u7406\u5e73\u53f0\u6570\u636e\u4e0d\u4f1a\u88ab\u81ea\u52a8\u6e05\u9664\uff0c\u5982\u9700\u5c06\u96c6\u7fa4\u63a5\u5165\u81f3\u65b0\u7ba1\u7406\u5e73\u53f0\u5219\u9700\u8981\u624b\u52a8\u6267\u884c\u5982\u4e0b\u64cd\u4f5c\uff1a
\u5220\u9664 kpanda-system\u3001insight-system \u547d\u540d\u7a7a\u95f4
kubectl delete ns kpanda-system insight-system\n
"},{"location":"admin/kpanda/clusters/integrate-cluster.html","title":"\u63a5\u5165\u96c6\u7fa4","text":"\u901a\u8fc7\u63a5\u5165\u96c6\u7fa4\u64cd\u4f5c\uff0c\u80fd\u591f\u5bf9\u4f17\u591a\u4e91\u670d\u52a1\u5e73\u53f0\u96c6\u7fa4\u548c\u672c\u5730\u79c1\u6709\u7269\u7406\u96c6\u7fa4\u8fdb\u884c\u7edf\u4e00\u7eb3\u7ba1\uff0c\u5f62\u6210\u7edf\u4e00\u6cbb\u7406\u5e73\u53f0\uff0c\u6709\u6548\u907f\u514d\u4e86\u88ab\u5382\u5546\u9501\u5b9a\u98ce\u9669\uff0c\u52a9\u529b\u4f01\u4e1a\u4e1a\u52a1\u5b89\u5168\u4e0a\u4e91\u3002
\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u652f\u6301\u63a5\u5165\u591a\u79cd\u4e3b\u6d41\u7684\u5bb9\u5668\u96c6\u7fa4\uff0c\u4f8b\u5982 Redhat Openshift, SUSE Rancher, VMware Tanzu, Amazon EKS, Aliyun ACK, Huawei CCE, Tencent TKE, \u6807\u51c6 Kubernetes \u96c6\u7fa4\u3002
"},{"location":"admin/kpanda/clusters/integrate-cluster.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u8fdb\u5165 \u96c6\u7fa4\u5217\u8868 \u9875\u9762\uff0c\u70b9\u51fb\u53f3\u4e0a\u89d2\u7684 \u63a5\u5165\u96c6\u7fa4 \u6309\u94ae\u3002
\u586b\u5199\u57fa\u672c\u4fe1\u606f\u3002
\u586b\u5199\u76ee\u6807\u96c6\u7fa4\u7684 KubeConfig\uff0c\u70b9\u51fb \u9a8c\u8bc1 Config \uff0c\u9a8c\u8bc1\u901a\u8fc7\u540e\u624d\u80fd\u6210\u529f\u63a5\u5165\u96c6\u7fa4\u3002
\u5982\u679c\u4e0d\u77e5\u9053\u5982\u4f55\u83b7\u53d6\u96c6\u7fa4\u7684 KubeConfig \u6587\u4ef6\uff0c\u53ef\u4ee5\u5728\u8f93\u5165\u6846\u53f3\u4e0a\u89d2\u70b9\u51fb \u5982\u4f55\u83b7\u53d6 kubeConfig \u67e5\u770b\u5bf9\u5e94\u6b65\u9aa4\u3002
\u786e\u8ba4\u6240\u6709\u53c2\u6570\u586b\u5199\u6b63\u786e\uff0c\u5728\u9875\u9762\u53f3\u4e0b\u89d2\u70b9\u51fb \u786e\u5b9a \u3002
Note
\u672c\u6587\u4ecb\u7ecd\u5982\u4f55\u63a5\u5165 rancher \u96c6\u7fa4\u3002
"},{"location":"admin/kpanda/clusters/integrate-rancher-cluster.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u4f7f\u7528\u5177\u6709\u7ba1\u7406\u5458\u6743\u9650\u7684\u89d2\u8272\u8fdb\u5165 rancher \u96c6\u7fa4\uff0c\u5e76\u4f7f\u7528\u7ec8\u7aef\u65b0\u5efa\u4e00\u4e2a\u540d\u4e3a sa.yaml \u7684\u6587\u4ef6\u3002
vi sa.yaml\n
\u7136\u540e\u6309\u4e0b i \u952e\u8fdb\u5165\u63d2\u5165\u6a21\u5f0f\uff0c\u8f93\u5165\u4ee5\u4e0b\u5185\u5bb9\uff1a
sa.yamlapiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n name: rancher-rke\nrules:\n - apiGroups:\n - '*'\n resources:\n - '*'\n verbs:\n - '*'\n - nonResourceURLs:\n - '*'\n verbs:\n - '*'\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n name: rancher-rke\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: rancher-rke\n subjects:\n - kind: ServiceAccount\n name: rancher-rke\n namespace: kube-system\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: rancher-rke\n namespace: kube-system\n
\u6309\u4e0b esc \u952e\u9000\u51fa\u63d2\u5165\u6a21\u5f0f\uff0c\u7136\u540e\u8f93\u5165 __ :wq__ \u4fdd\u5b58\u5e76\u9000\u51fa\u3002
\u5728\u5f53\u524d\u8def\u5f84\u4e0b\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u65b0\u5efa\u540d\u4e3a rancher-rke \u7684 ServiceAccount\uff08\u4ee5\u4e0b\u7b80\u79f0\u4e3a SA \uff09\uff1a
kubectl apply -f sa.yaml\n
\u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a
clusterrole.rbac.authorization.k8s.io/rancher-rke created\nclusterrolebinding.rbac.authorization.k8s.io/rancher-rke created\nserviceaccount/rancher-rke created\n
\u521b\u5efa\u540d\u4e3a rancher-rke-secret \u7684\u5bc6\u94a5\uff0c\u5e76\u5c06\u5bc6\u94a5\u548c rancher-rke SA \u7ed1\u5b9a\u3002
kubectl apply -f - <<EOF\napiVersion: v1\nkind: Secret\nmetadata:\n name: rancher-rke-secret\n namespace: kube-system\n annotations:\n kubernetes.io/service-account.name: rancher-rke\n type: kubernetes.io/service-account-token\nEOF\n
\u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a
secret/rancher-rke-secret created\n
Note
\u5982\u679c\u60a8\u7684\u96c6\u7fa4\u7248\u672c\u4f4e\u4e8e 1.24\uff0c\u8bf7\u5ffd\u7565\u6b64\u6b65\u9aa4\uff0c\u76f4\u63a5\u524d\u5f80\u4e0b\u4e00\u6b65\u3002
\u67e5\u627e rancher-rke SA \u7684\u5bc6\u94a5\uff1a
kubectl -n kube-system get secret | grep rancher-rke | awk '{print $1}'\n
\u9884\u671f\u8f93\u51fa\uff1a
rancher-rke-secret\n
\u67e5\u770b\u5bc6\u94a5 rancher-rke-secret \u7684\u8be6\u60c5\uff1a
kubectl -n kube-system describe secret rancher-rke-secret\n
\u9884\u671f\u8f93\u51fa\uff1a
Name: rancher-rke-secret\nNamespace: kube-system\nLabels: <none>\nAnnotations: kubernetes.io/service-account.name: rancher-rke\n kubernetes.io/service-account.uid: d83df5d9-bd7d-488d-a046-b740618a0174\n\nType: kubernetes.io/service-account-token\n\nData\n====\nca.crt: 570 bytes\nnamespace: 11 bytes\ntoken: eyJhbGciOiJSUzI1NiIsImtpZCI6IjUtNE9nUWZLRzVpbEJORkZaNmtCQXhqVzRsZHU4MHhHcDBfb0VCaUo0V1kifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJyYW5jaGVyLXJrZS1zZWNyZXQiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoicmFuY2hlci1ya2UiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJkODNkZjVkOS1iZDdkLTQ4OGQtYTA0Ni1iNzQwNjE4YTAxNzQiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06cmFuY2hlci1ya2UifQ.VNsMtPEFOdDDeGt_8VHblcMRvjOwPXMM-79o9UooHx6q-VkHOcIOp3FOT2hnEdNnIsyODZVKCpEdCgyozX-3y5x2cZSZpocnkMcBbQm-qfTyUcUhAY7N5gcYUtHUhvRAsNWJcsDCn6d96gT_qo-ddo_cT8Ri39Lc123FDYOnYG-YGFKSgRQVy7Vyv34HIajZCCjZzy7i--eE_7o4DXeTjNqAFMFstUxxHBOXI3Rdn1zKQKqh5Jhg4ES7X-edSviSUfJUX-QV_LlAw5DuAyGPH7bDH4QaQ5k-p6cIctmpWZE-9wRDlKA4LYRblKE7MJcI6OmM4ldlMM0Jc8N-gCtl4w\n
\u5728\u4efb\u610f\u4e00\u53f0\u5b89\u88c5\u4e86 kubelet \u7684\u672c\u5730\u8282\u70b9\u6267\u884c\u5982\u4e0b\u64cd\u4f5c\uff1a
\u914d\u7f6e kubelet token\uff1a
kubectl config set-credentials rancher-rke --token=`rancher-rke-secret` \u91cc\u9762\u7684 token \u4fe1\u606f\n
\u4f8b\u5982\uff1a
kubectl config set-credentials eks-admin --token=eyJhbGciOiJSUzI1NiIsImtpZCI6IjUtNE9nUWZLRzVpbEJORkZaNmtCQXhqVzRsZHU4MHhHcDBfb0VCaUo0V1kifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJyYW5jaGVyLXJrZS1zZWNyZXQiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoicmFuY2hlci1ya2UiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJkODNkZjVkOS1iZDdkLTQ4OGQtYTA0Ni1iNzQwNjE4YTAxNzQiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06cmFuY2hlci1ya2UifQ.VNsMtPEFOdDDeGt_8VHblcMRvjOwPXMM-79o9UooHx6q-VkHOcIOp3FOT2hnEdNnIsyODZVKCpEdCgyozX-3y5x2cZSZpocnkMcBbQm-qfTyUcUhAY7N5gcYUtHUhvRAsNWJcsDCn6d96gT_qo-ddo_cT8Ri39Lc123FDYOnYG-YGFKSgRQVy7Vyv34HIajZCCjZzy7i--eE_7o4DXeTjNqAFMFstUxxHBOXI3Rdn1zKQKqh5Jhg4ES7X-edSviSUfJUX-QV_LlAw5DuAyGPH7bDH4QaQ5k-p6cIctmpWZE-9wRDlKA4LYRblKE7MJcI6OmM4ldlMM0Jc8N-gCtl4w\n
\u914d\u7f6e kubelet APIServer \u4fe1\u606f\uff1a
kubectl config set-cluster {\u96c6\u7fa4\u540d} --insecure-skip-tls-verify=true --server={APIServer}\n
https://10.X.X.X:6443
\u4f8b\u5982\uff1a
kubectl config set-cluster rancher-rke --insecure-skip-tls-verify=true --server=https://10.X.X.X:6443\n
\u914d\u7f6e kubelet \u4e0a\u4e0b\u6587\u4fe1\u606f\uff1a
kubectl config set-context {\u4e0a\u4e0b\u6587\u540d\u79f0} --cluster={\u96c6\u7fa4\u540d} --user={SA \u7528\u6237\u540d}\n
\u4f8b\u5982\uff1a
kubectl config set-context rancher-rke-context --cluster=rancher-rke --user=rancher-rke\n
\u5728 kubelet \u4e2d\u6307\u5b9a\u6211\u4eec\u521a\u521a\u65b0\u5efa\u7684\u4e0a\u4e0b\u6587 rancher-rke-context \uff1a
kubectl config use-context rancher-rke-context\n
\u83b7\u53d6\u4e0a\u4e0b\u6587 rancher-rke-context \u4e2d\u7684 kubeconfig \u4fe1\u606f\u3002
kubectl config view --minify --flatten --raw\n
\u9884\u671f\u8f93\u51fa\uff1a
apiVersion: v1\n clusters:\n - cluster:\n insecure-skip-tls-verify: true\n server: https://77C321BCF072682C70C8665ED4BFA10D.gr7.ap-southeast-1.eks.amazonaws.com\n name: joincluster\n contexts:\n - context:\n cluster: joincluster\n user: eks-admin\n name: ekscontext\n current-context: ekscontext\n kind: Config\n preferences: {}\n users:\n - name: eks-admin\n user:\n token: eyJhbGciOiJSUzI1NiIsImtpZCI6ImcxTjJwNkktWm5IbmRJU1RFRExvdWY1TGFWVUtGQ3VIejFtNlFQcUNFalEifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2V\n
\u4f7f\u7528\u521a\u521a\u83b7\u53d6\u7684 kubeconfig \u6587\u4ef6\uff0c\u53c2\u8003\u63a5\u5165\u96c6\u7fa4\u6587\u6863\uff0c\u5c06 rancher \u96c6\u7fa4\u63a5\u5165\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u3002
"},{"location":"admin/kpanda/clusters/k8s-cert.html","title":"Kubernetes \u96c6\u7fa4\u8bc1\u4e66\u66f4\u65b0","text":"\u4e3a\u4fdd\u8bc1 Kubernetes \u5404\u7ec4\u4ef6\u4e4b\u95f4\u7684\u901a\u4fe1\u5b89\u5168\uff0c\u7ec4\u4ef6\u4e4b\u95f4\u7684\u8c03\u7528\u4f1a\u8fdb\u884c TLS \u8eab\u4efd\u9a8c\u8bc1\uff0c\u6267\u884c\u9a8c\u8bc1\u64cd\u4f5c\u9700\u8981\u914d\u7f6e\u96c6\u7fa4 PKI \u8bc1\u4e66\u3002
\u96c6\u7fa4\u8bc1\u4e66\u6709\u6548\u671f\u4e3a1\u5e74\uff0c\u4e3a\u907f\u514d\u8bc1\u4e66\u8fc7\u671f\u5bfc\u81f4\u4e1a\u52a1\u65e0\u6cd5\u4f7f\u7528\uff0c\u8bf7\u53ca\u65f6\u66f4\u65b0\u8bc1\u4e66\u3002
\u672c\u6587\u4ecb\u7ecd\u5982\u4f55\u624b\u52a8\u8fdb\u884c\u8bc1\u4e66\u66f4\u65b0\u3002
"},{"location":"admin/kpanda/clusters/k8s-cert.html#_1","title":"\u68c0\u67e5\u8bc1\u4e66\u662f\u5426\u8fc7\u671f","text":"\u60a8\u53ef\u4ee5\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u67e5\u770b\u8bc1\u4e66\u662f\u5426\u8fc7\u671f\uff1a
kubeadm certs check-expiration\n
\u8f93\u51fa\u7c7b\u4f3c\u4e8e\u4ee5\u4e0b\u5185\u5bb9\uff1a
CERTIFICATE EXPIRES RESIDUAL TIME CERTIFICATE AUTHORITY EXTERNALLY MANAGED\nadmin.conf Dec 14, 2024 07:26 UTC 204d no \napiserver Dec 14, 2024 07:26 UTC 204d ca no \napiserver-etcd-client Dec 14, 2024 07:26 UTC 204d etcd-ca no \napiserver-kubelet-client Dec 14, 2024 07:26 UTC 204d ca no \ncontroller-manager.conf Dec 14, 2024 07:26 UTC 204d no \netcd-healthcheck-client Dec 14, 2024 07:26 UTC 204d etcd-ca no \netcd-peer Dec 14, 2024 07:26 UTC 204d etcd-ca no \netcd-server Dec 14, 2024 07:26 UTC 204d etcd-ca no \nfront-proxy-client Dec 14, 2024 07:26 UTC 204d front-proxy-ca no \nscheduler.conf Dec 14, 2024 07:26 UTC 204d no \n\nCERTIFICATE AUTHORITY EXPIRES RESIDUAL TIME EXTERNALLY MANAGED\nca Dec 12, 2033 07:26 UTC 9y no \netcd-ca Dec 12, 2033 07:26 UTC 9y no \nfront-proxy-ca Dec 12, 2033 07:26 UTC 9y no \n
"},{"location":"admin/kpanda/clusters/k8s-cert.html#_2","title":"\u624b\u52a8\u66f4\u65b0\u8bc1\u4e66","text":"\u60a8\u53ef\u4ee5\u901a\u8fc7\u4ee5\u4e0b\u547d\u4ee4\u624b\u52a8\u66f4\u65b0\u8bc1\u4e66\uff0c\u53ea\u9700\u5e26\u4e0a\u5408\u9002\u7684\u547d\u4ee4\u884c\u9009\u9879\u3002\u66f4\u65b0\u8bc1\u4e66\u524d\u8bf7\u5148\u5907\u4efd\u5f53\u524d\u8bc1\u4e66\u3002
\u66f4\u65b0\u6307\u5b9a\u8bc1\u4e66\uff1a
kubeadm certs renew\n
\u66f4\u65b0\u5168\u90e8\u8bc1\u4e66\uff1a
kubeadm certs renew all\n
\u66f4\u65b0\u540e\u7684\u8bc1\u4e66\u53ef\u4ee5\u5728 /etc/kubernetes/pki
\u76ee\u5f55\u4e0b\u67e5\u770b\uff0c\u6709\u6548\u671f\u5ef6\u7eed 1 \u5e74\u3002 \u4ee5\u4e0b\u5bf9\u5e94\u7684\u51e0\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e5f\u4f1a\u540c\u6b65\u66f4\u65b0\uff1a
Note
/etc/kubernetes/pki
\u4e2d\u7684\u5bc6\u94a5\u6267\u884c\u66f4\u65b0\u3002\u6267\u884c\u66f4\u65b0\u64cd\u4f5c\u4e4b\u540e\uff0c\u4f60\u9700\u8981\u91cd\u542f\u63a7\u5236\u9762 Pod\u3002\u56e0\u4e3a\u52a8\u6001\u8bc1\u4e66\u91cd\u8f7d\u76ee\u524d\u8fd8\u4e0d\u88ab\u6240\u6709\u7ec4\u4ef6\u548c\u8bc1\u4e66\u652f\u6301\uff0c\u6240\u6709\u8fd9\u9879\u64cd\u4f5c\u662f\u5fc5\u987b\u7684\u3002
\u9759\u6001 Pod \u662f\u88ab\u672c\u5730 kubelet \u800c\u4e0d\u662f API \u670d\u52a1\u5668\u7ba1\u7406\uff0c\u6240\u4ee5 kubectl \u4e0d\u80fd\u7528\u6765\u5220\u9664\u6216\u91cd\u542f\u4ed6\u4eec\u3002
\u8981\u91cd\u542f\u9759\u6001 Pod\uff0c\u4f60\u53ef\u4ee5\u4e34\u65f6\u5c06\u6e05\u5355\u6587\u4ef6\u4ece /etc/kubernetes/manifests/
\u79fb\u9664\u5e76\u7b49\u5f85 20 \u79d2\u3002 \u53c2\u8003 KubeletConfiguration \u7ed3\u6784\u4e2d\u7684 fileCheckFrequency \u503c\u3002
\u5982\u679c Pod \u4e0d\u5728\u6e05\u5355\u76ee\u5f55\u91cc\uff0ckubelet \u5c06\u4f1a\u7ec8\u6b62\u5b83\u3002 \u5728\u53e6\u4e00\u4e2a fileCheckFrequency \u5468\u671f\u4e4b\u540e\u4f60\u53ef\u4ee5\u5c06\u6587\u4ef6\u79fb\u56de\u53bb\uff0ckubelet \u53ef\u4ee5\u5b8c\u6210 Pod \u7684\u91cd\u5efa\uff0c\u800c\u7ec4\u4ef6\u7684\u8bc1\u4e66\u66f4\u65b0\u64cd\u4f5c\u4e5f\u5f97\u4ee5\u5b8c\u6210\u3002
mv ./manifests/* ./temp/\nmv ./temp/* ./manifests/\n
Note
\u5982\u679c\u5bb9\u5668\u670d\u52a1\u4f7f\u7528\u7684\u662f Docker\uff0c\u4e3a\u4e86\u8ba9\u8bc1\u4e66\u751f\u6548\uff0c\u53ef\u4ee5\u4f7f\u7528\u4ee5\u4e0b\u547d\u4ee4\u5bf9\u6d89\u53ca\u5230\u8bc1\u4e66\u4f7f\u7528\u7684\u51e0\u4e2a\u670d\u52a1\u8fdb\u884c\u91cd\u542f\uff1a
docker ps | grep -E 'k8s_kube-apiserver|k8s_kube-controller-manager|k8s_kube-scheduler|k8s_etcd_etcd' | awk -F ' ' '{print $1}' | xargs docker restart\n
"},{"location":"admin/kpanda/clusters/k8s-cert.html#kubeconfig","title":"\u66f4\u65b0 KubeConfig","text":"\u6784\u5efa\u96c6\u7fa4\u65f6\u901a\u5e38\u4f1a\u5c06 admin.conf \u8bc1\u4e66\u590d\u5236\u5230 $HOME/.kube/config \u4e2d\uff0c\u4e3a\u4e86\u5728\u66f4\u65b0 admin.conf \u540e\u66f4\u65b0 $HOME/.kube/config \u7684\u5185\u5bb9\uff0c \u5fc5\u987b\u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config\nsudo chown $(id -u):$(id -g) $HOME/.kube/config\n
"},{"location":"admin/kpanda/clusters/k8s-cert.html#kubelet","title":"\u4e3a kubelet \u914d\u7f6e\u8bc1\u4e66\u8f6e\u6362","text":"\u5b8c\u6210\u4ee5\u4e0a\u64cd\u4f5c\u540e\uff0c\u57fa\u672c\u5b8c\u6210\u4e86\u96c6\u7fa4\u6240\u6709\u8bc1\u4e66\u7684\u66f4\u65b0\uff0c\u4f46\u4e0d\u5305\u62ec kubelet\u3002
\u56e0\u4e3a kubernetes \u5305\u542b\u7279\u6027 kubelet \u8bc1\u4e66\u8f6e\u6362\uff0c \u5728\u5f53\u524d\u8bc1\u4e66\u5373\u5c06\u8fc7\u671f\u65f6\uff0c \u5c06\u81ea\u52a8\u751f\u6210\u65b0\u7684\u79d8\u94a5\uff0c\u5e76\u4ece Kubernetes API \u7533\u8bf7\u65b0\u7684\u8bc1\u4e66\u3002 \u4e00\u65e6\u65b0\u7684\u8bc1\u4e66\u53ef\u7528\uff0c\u5b83\u5c06\u88ab\u7528\u4e8e\u4e0e Kubernetes API \u95f4\u7684\u8fde\u63a5\u8ba4\u8bc1\u3002
Note
\u6b64\u7279\u6027\u9002\u7528\u4e8e Kubernetes 1.8.0 \u6216\u66f4\u9ad8\u7684\u7248\u672c\u3002
\u542f\u7528\u5ba2\u6237\u7aef\u8bc1\u4e66\u8f6e\u6362\uff0c\u914d\u7f6e\u53c2\u6570\u5982\u4e0b\uff1a
kubelet \u8fdb\u7a0b\u63a5\u6536 --rotate-certificates \u53c2\u6570\uff0c\u8be5\u53c2\u6570\u51b3\u5b9a kubelet \u5728\u5f53\u524d\u4f7f\u7528\u7684 \u8bc1\u4e66\u5373\u5c06\u5230\u671f\u65f6\uff0c\u662f\u5426\u4f1a\u81ea\u52a8\u7533\u8bf7\u65b0\u7684\u8bc1\u4e66\u3002
kube-controller-manager \u8fdb\u7a0b\u63a5\u6536 --cluster-signing-duration \u53c2\u6570 \uff08\u5728 1.19 \u7248\u672c\u4e4b\u524d\u4e3a --experimental-cluster-signing-duration\uff09\uff0c\u7528\u6765\u63a7\u5236\u7b7e\u53d1\u8bc1\u4e66\u7684\u6709\u6548\u671f\u9650\u3002
\u66f4\u591a\u8be6\u60c5\u53c2\u8003\u4e3a kubelet \u914d\u7f6e\u8bc1\u4e66\u8f6e\u6362\u3002
"},{"location":"admin/kpanda/clusters/k8s-cert.html#_4","title":"\u81ea\u52a8\u66f4\u65b0\u8bc1\u4e66","text":"\u4e3a\u4e86\u66f4\u9ad8\u6548\u4fbf\u6377\u5904\u7406\u5df2\u8fc7\u671f\u6216\u8005\u5373\u5c06\u8fc7\u671f\u7684 kubernetes \u96c6\u7fa4\u8bc1\u4e66\uff0c\u53ef\u53c2\u8003 k8s \u7248\u672c\u96c6\u7fa4\u8bc1\u4e66\u66f4\u65b0\u3002
"},{"location":"admin/kpanda/clusters/runtime.html","title":"\u5982\u4f55\u9009\u62e9\u5bb9\u5668\u8fd0\u884c\u65f6","text":"\u5bb9\u5668\u8fd0\u884c\u65f6\u662f kubernetes \u4e2d\u5bf9\u5bb9\u5668\u548c\u5bb9\u5668\u955c\u50cf\u751f\u547d\u5468\u671f\u8fdb\u884c\u7ba1\u7406\u7684\u91cd\u8981\u7ec4\u4ef6\u3002 kubernetes \u5728 1.19 \u7248\u672c\u4e2d\u5c06 containerd \u8bbe\u4e3a\u9ed8\u8ba4\u7684\u5bb9\u5668\u8fd0\u884c\u65f6\uff0c\u5e76\u5728 1.24 \u7248\u672c\u4e2d\u79fb\u9664\u4e86 Dockershim \u7ec4\u4ef6\u7684\u652f\u6301\u3002
\u56e0\u6b64\u76f8\u8f83\u4e8e Docker \u8fd0\u884c\u65f6\uff0c\u6211\u4eec\u66f4\u52a0 \u63a8\u8350\u60a8\u4f7f\u7528\u8f7b\u91cf\u7684 containerd \u4f5c\u4e3a\u60a8\u7684\u5bb9\u5668\u8fd0\u884c\u65f6\uff0c\u56e0\u4e3a\u8fd9\u5df2\u7ecf\u6210\u4e3a\u5f53\u524d\u4e3b\u6d41\u7684\u8fd0\u884c\u65f6\u9009\u62e9\u3002
\u9664\u6b64\u4e4b\u5916\uff0c\u4e00\u4e9b\u64cd\u4f5c\u7cfb\u7edf\u53d1\u884c\u5382\u5546\u5bf9 Docker \u8fd0\u884c\u65f6\u7684\u517c\u5bb9\u4e5f\u4e0d\u591f\u53cb\u597d\uff0c\u4e0d\u540c\u64cd\u4f5c\u7cfb\u7edf\u5bf9\u8fd0\u884c\u65f6\u7684\u652f\u6301\u5982\u4e0b\u8868\uff1a
"},{"location":"admin/kpanda/clusters/runtime.html#_2","title":"\u4e0d\u540c\u64cd\u4f5c\u7cfb\u7edf\u548c\u63a8\u8350\u7684\u8fd0\u884c\u65f6\u7248\u672c\u5bf9\u5e94\u5173\u7cfb","text":"\u64cd\u4f5c\u7cfb\u7edf \u63a8\u8350\u7684 containerd \u7248\u672c \u63a8\u8350\u7684 Docker \u7248\u672c CentOS 1.7.5 20.10 RedHatOS 1.7.5 20.10 KylinOS 1.7.5 19.03\uff08\u4ec5 ARM \u67b6\u6784\u652f\u6301 \uff0c\u5728 x86 \u67b6\u6784\u4e0b\u4e0d\u652f\u6301\u4f7f\u7528 Docker \u4f5c\u4e3a\u8fd0\u884c\u65f6\uff09\u66f4\u591a\u652f\u6301\u7684\u8fd0\u884c\u65f6\u7248\u672c\u4fe1\u606f\uff0c\u8bf7\u53c2\u8003 RedHatOS \u652f\u6301\u7684\u8fd0\u884c\u65f6\u7248\u672c \u548c KylinOS \u652f\u6301\u7684\u8fd0\u884c\u65f6\u7248\u672c
Note
\u5728\u79bb\u7ebf\u5b89\u88c5\u6a21\u5f0f\u4e0b\uff0c\u9700\u8981\u63d0\u524d\u51c6\u5907\u76f8\u5173\u64cd\u4f5c\u7cfb\u7edf\u7684\u8fd0\u884c\u65f6\u79bb\u7ebf\u5305\u3002
"},{"location":"admin/kpanda/clusters/upgrade-cluster.html","title":"\u96c6\u7fa4\u5347\u7ea7","text":"Kubernetes \u793e\u533a\u6bcf\u4e2a\u5b63\u5ea6\u90fd\u4f1a\u53d1\u5e03\u4e00\u6b21\u5c0f\u7248\u672c\uff0c\u6bcf\u4e2a\u7248\u672c\u7684\u7ef4\u62a4\u5468\u671f\u5927\u6982\u53ea\u6709 9 \u4e2a\u6708\u3002 \u7248\u672c\u505c\u6b62\u7ef4\u62a4\u540e\u5c31\u4e0d\u4f1a\u518d\u66f4\u65b0\u4e00\u4e9b\u91cd\u5927\u6f0f\u6d1e\u6216\u5b89\u5168\u6f0f\u6d1e\u3002\u624b\u52a8\u5347\u7ea7\u96c6\u7fa4\u64cd\u4f5c\u8f83\u4e3a\u7e41\u7410\uff0c\u7ed9\u7ba1\u7406\u4eba\u5458\u5e26\u6765\u4e86\u6781\u5927\u7684\u5de5\u4f5c\u8d1f\u62c5\u3002
\u672c\u8282\u5c06\u4ecb\u7ecd\u5982\u4f55\u5728\u901a\u8fc7 Web UI \u754c\u9762\u4e00\u952e\u5f0f\u5728\u7ebf\u5347\u7ea7\u5de5\u4f5c\u96c6\u7fa4 Kubernetes \u7248\u672c\uff0c \u5982\u9700\u79bb\u7ebf\u5347\u7ea7\u5de5\u4f5c\u96c6\u7fa4\u7684 kubernetes \u7248\u672c\uff0c\u8bf7\u53c2\u9605\u5de5\u4f5c\u96c6\u7fa4\u79bb\u7ebf\u5347\u7ea7\u6307\u5357\u8fdb\u884c\u5347\u7ea7\u3002
Danger
\u7248\u672c\u5347\u7ea7\u540e\u5c06\u65e0\u6cd5\u56de\u9000\u5230\u4e4b\u524d\u7684\u7248\u672c\uff0c\u8bf7\u8c28\u614e\u64cd\u4f5c\u3002
Note
\u5728\u96c6\u7fa4\u5217\u8868\u4e2d\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\u3002
\u7136\u540e\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u96c6\u7fa4\u8fd0\u7ef4 -> \u96c6\u7fa4\u5347\u7ea7 \uff0c\u5728\u9875\u9762\u53f3\u4e0a\u89d2\u70b9\u51fb \u7248\u672c\u5347\u7ea7 \u3002
\u9009\u62e9\u53ef\u5347\u7ea7\u7684\u7248\u672c\uff0c\u8f93\u5165\u96c6\u7fa4\u540d\u79f0\u8fdb\u884c\u786e\u8ba4\u3002
Note
\u5982\u679c\u60a8\u662f\u60f3\u901a\u8fc7\u5347\u7ea7\u65b9\u5f0f\u6765\u4fee\u6539\u96c6\u7fa4\u53c2\u6570\uff0c\u8bf7\u53c2\u8003\u4ee5\u4e0b\u6b65\u9aa4\uff1a
\u627e\u5230\u96c6\u7fa4\u5bf9\u5e94\u7684 ConfigMap\uff0c\u60a8\u53ef\u4ee5\u767b\u5f55\u63a7\u5236\u8282\u70b9\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u627e\u5230 varsConfRef \u4e2d\u7684 ConfigMap \u540d\u79f0\u3002
kubectl get cluster.kubean.io <clustername> -o yaml\n
\u6839\u636e\u9700\u8981\uff0c\u4fee\u6539 ConfigMap \u4e2d\u7684\u53c2\u6570\u4fe1\u606f\u3002
\u5728\u6b64\u5904\u9009\u62e9\u76f8\u540c\u7248\u672c\u8fdb\u884c\u5347\u7ea7\u64cd\u4f5c\uff0c\u5347\u7ea7\u5b8c\u6210\u5373\u53ef\u6210\u529f\u66f4\u65b0\u5bf9\u5e94\u7684\u96c6\u7fa4\u53c2\u6570\u3002
\u70b9\u51fb \u786e\u5b9a \u540e\uff0c\u53ef\u4ee5\u770b\u5230\u96c6\u7fa4\u7684\u5347\u7ea7\u8fdb\u5ea6\u3002
\u96c6\u7fa4\u5347\u7ea7\u9884\u8ba1\u9700\u8981 30 \u5206\u949f\uff0c\u53ef\u4ee5\u70b9\u51fb \u5b9e\u65f6\u65e5\u5fd7 \u6309\u94ae\u67e5\u770b\u96c6\u7fa4\u5347\u7ea7\u7684\u8be6\u7ec6\u65e5\u5fd7\u3002
configmap/secret \u70ed\u52a0\u8f7d\u662f\u6307\u5c06 configmap/secret \u4f5c\u4e3a\u6570\u636e\u5377\u6302\u8f7d\u5728\u5bb9\u5668\u4e2d\u6302\u8f7d\u65f6\uff0c\u5f53\u914d\u7f6e\u53d1\u751f\u6539\u53d8\u65f6\uff0c\u5bb9\u5668\u5c06\u81ea\u52a8\u8bfb\u53d6 configmap/secret \u66f4\u65b0\u540e\u7684\u914d\u7f6e\uff0c\u800c\u65e0\u9700\u91cd\u542f Pod\u3002
"},{"location":"admin/kpanda/configmaps-secrets/configmap-hot-loading.html#_1","title":"\u64cd\u4f5c\u6b65\u9aa4","text":"\u53c2\u8003\u521b\u5efa\u5de5\u4f5c\u8d1f\u8f7d - \u5bb9\u5668\u914d\u7f6e\uff0c\u914d\u7f6e\u5bb9\u5668\u6570\u636e\u5b58\u50a8\uff0c\u9009\u62e9 Configmap \u3001 Configmap Key \u3001 Secret \u3001 Secret Key \u4f5c\u4e3a\u6570\u636e\u5377\u6302\u8f7d\u81f3\u5bb9\u5668\u3002
Note
\u4f7f\u7528\u5b50\u8def\u5f84\uff08SubPath\uff09\u65b9\u5f0f\u6302\u8f7d\u7684\u914d\u7f6e\u6587\u4ef6\u4e0d\u652f\u6301\u70ed\u52a0\u8f7d\u3002
\u8fdb\u5165\u3010\u914d\u7f6e\u4e0e\u5bc6\u94a5\u3011\u9875\u9762\uff0c\u8fdb\u5165\u914d\u7f6e\u9879\u8be6\u60c5\u9875\u9762\uff0c\u5728\u3010\u5173\u8054\u8d44\u6e90\u3011\u4e2d\u627e\u5230\u5bf9\u5e94\u7684 container \u8d44\u6e90\uff0c\u70b9\u51fb \u7acb\u5373\u52a0\u8f7d \u6309\u94ae\uff0c\u8fdb\u5165\u914d\u7f6e\u70ed\u52a0\u8f7d\u9875\u9762\u3002
Note
\u5982\u679c\u60a8\u7684\u5e94\u7528\u652f\u6301\u81ea\u52a8\u8bfb\u53d6 configmap/secret \u66f4\u65b0\u540e\u7684\u914d\u7f6e\uff0c\u5219\u65e0\u9700\u624b\u52a8\u6267\u884c\u70ed\u52a0\u8f7d\u64cd\u4f5c\u3002
\u5728\u70ed\u52a0\u8f7d\u914d\u7f6e\u5f39\u7a97\u4e2d\uff0c\u8f93\u5165\u8fdb\u5165\u5bb9\u5668\u5185\u7684 \u6267\u884c\u547d\u4ee4 \u5e76\u70b9\u51fb \u786e\u5b9a \u6309\u94ae\uff0c\u4ee5\u91cd\u8f7d\u914d\u7f6e\u3002\u4f8b\u5982\uff0c\u5728 nginx \u5bb9\u5668\u4e2d\uff0c\u4ee5 root \u7528\u6237\u6743\u9650\uff0c\u6267\u884c nginx -s reload \u547d\u4ee4\u6765\u91cd\u8f7d\u914d\u7f6e\u3002
\u5728\u754c\u9762\u5f39\u51fa\u7684 web \u7ec8\u7aef\u4e2d\u67e5\u770b\u5e94\u7528\u91cd\u8f7d\u60c5\u51b5\u3002
\u914d\u7f6e\u9879\uff08ConfigMap\uff09\u4ee5\u952e\u503c\u5bf9\u7684\u5f62\u5f0f\u5b58\u50a8\u975e\u673a\u5bc6\u6027\u6570\u636e\uff0c\u5b9e\u73b0\u914d\u7f6e\u6570\u636e\u548c\u5e94\u7528\u4ee3\u7801\u76f8\u4e92\u89e3\u8026\u7684\u6548\u679c\u3002\u914d\u7f6e\u9879\u53ef\u7528\u4f5c\u5bb9\u5668\u7684\u73af\u5883\u53d8\u91cf\u3001\u547d\u4ee4\u884c\u53c2\u6570\u6216\u8005\u5b58\u50a8\u5377\u4e2d\u7684\u914d\u7f6e\u6587\u4ef6\u3002
Note
\u5728\u914d\u7f6e\u9879\u4e2d\u4fdd\u5b58\u7684\u6570\u636e\u4e0d\u53ef\u8d85\u8fc7 1 MiB\u3002\u5982\u679c\u9700\u8981\u5b58\u50a8\u4f53\u79ef\u66f4\u5927\u7684\u6570\u636e\uff0c\u5efa\u8bae\u6302\u8f7d\u5b58\u50a8\u5377\u6216\u8005\u4f7f\u7528\u72ec\u7acb\u7684\u6570\u636e\u5e93\u6216\u8005\u6587\u4ef6\u670d\u52a1\u3002
\u914d\u7f6e\u9879\u4e0d\u63d0\u4f9b\u4fdd\u5bc6\u6216\u8005\u52a0\u5bc6\u529f\u80fd\u3002\u5982\u679c\u8981\u5b58\u50a8\u52a0\u5bc6\u6570\u636e\uff0c\u5efa\u8bae\u4f7f\u7528\u5bc6\u94a5\uff0c\u6216\u8005\u5176\u4ed6\u7b2c\u4e09\u65b9\u5de5\u5177\u6765\u4fdd\u8bc1\u6570\u636e\u7684\u79c1\u5bc6\u6027\u3002
\u652f\u6301\u4e24\u79cd\u521b\u5efa\u65b9\u5f0f\uff1a
\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u5df2\u63a5\u5165 Kubernetes \u96c6\u7fa4\u6216\u8005\u5df2\u521b\u5efa Kubernetes \u96c6\u7fa4\uff0c\u4e14\u80fd\u591f\u8bbf\u95ee\u96c6\u7fa4\u7684 UI \u754c\u9762
\u5df2\u5b8c\u6210\u4e00\u4e2a\u547d\u540d\u7a7a\u95f4\u7684\u521b\u5efa\u3001\u7528\u6237\u7684\u521b\u5efa\uff0c\u5e76\u5c06\u7528\u6237\u6388\u6743\u4e3a NS Editor \u89d2\u8272 \uff0c\u8be6\u60c5\u53ef\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u6388\u6743\u3002
\u5728 \u96c6\u7fa4\u5217\u8868 \u9875\u9762\u70b9\u51fb\u67d0\u4e2a\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\uff0c\u70b9\u51fb \u914d\u7f6e\u4e0e\u5bc6\u94a5 -> \u914d\u7f6e\u9879 \uff0c\u70b9\u51fb\u53f3\u4e0a\u89d2 \u521b\u5efa\u914d\u7f6e\u9879 \u6309\u94ae\u3002
\u5728 \u521b\u5efa\u914d\u7f6e\u9879 \u9875\u9762\u4e2d\u586b\u5199\u914d\u7f6e\u4fe1\u606f\uff0c\u70b9\u51fb \u786e\u5b9a \u3002
Note
\u70b9\u51fb \u4e0a\u4f20\u6587\u4ef6 \u53ef\u4ee5\u4ece\u672c\u5730\u5bfc\u5165\u5df2\u6709\u7684\u6587\u4ef6\uff0c\u5feb\u901f\u521b\u5efa\u914d\u7f6e\u9879\u3002
\u521b\u5efa\u5b8c\u6210\u540e\u5728\u914d\u7f6e\u9879\u53f3\u4fa7\u70b9\u51fb\u66f4\u591a\u53ef\u4ee5\uff0c\u53ef\u4ee5\u7f16\u8f91 YAML\u3001\u66f4\u65b0\u3001\u5bfc\u51fa\u3001\u5220\u9664\u7b49\u64cd\u4f5c\u3002
\u5728 \u96c6\u7fa4\u5217\u8868 \u9875\u9762\u70b9\u51fb\u67d0\u4e2a\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\uff0c\u70b9\u51fb \u914d\u7f6e\u4e0e\u5bc6\u94a5 -> \u914d\u7f6e\u9879 \uff0c\u70b9\u51fb\u53f3\u4e0a\u89d2 YAML \u521b\u5efa \u6309\u94ae\u3002
\u586b\u5199\u6216\u7c98\u8d34\u4e8b\u5148\u51c6\u5907\u597d\u7684\u914d\u7f6e\u6587\u4ef6\uff0c\u7136\u540e\u5728\u5f39\u6846\u53f3\u4e0b\u89d2\u70b9\u51fb \u786e\u5b9a \u3002
Note
\u521b\u5efa\u5b8c\u6210\u540e\u5728\u914d\u7f6e\u9879\u53f3\u4fa7\u70b9\u51fb\u66f4\u591a\u53ef\u4ee5\uff0c\u53ef\u4ee5\u7f16\u8f91 YAML\u3001\u66f4\u65b0\u3001\u5bfc\u51fa\u3001\u5220\u9664\u7b49\u64cd\u4f5c\u3002
```yaml\nkind: ConfigMap\napiVersion: v1\nmetadata:\n name: kube-root-ca.crt\n namespace: default\n annotations:\ndata:\n version: '1.0'\n```\n
\u4e0b\u4e00\u6b65\uff1a\u4f7f\u7528\u914d\u7f6e\u9879
"},{"location":"admin/kpanda/configmaps-secrets/create-secret.html","title":"\u521b\u5efa\u5bc6\u94a5","text":"\u5bc6\u94a5\u662f\u4e00\u79cd\u7528\u4e8e\u5b58\u50a8\u548c\u7ba1\u7406\u5bc6\u7801\u3001OAuth \u4ee4\u724c\u3001SSH\u3001TLS \u51ed\u636e\u7b49\u654f\u611f\u4fe1\u606f\u7684\u8d44\u6e90\u5bf9\u8c61\u3002\u4f7f\u7528\u5bc6\u94a5\u610f\u5473\u7740\u60a8\u4e0d\u9700\u8981\u5728\u5e94\u7528\u7a0b\u5e8f\u4ee3\u7801\u4e2d\u5305\u542b\u654f\u611f\u7684\u673a\u5bc6\u6570\u636e\u3002
\u5bc6\u94a5\u4f7f\u7528\u573a\u666f\uff1a
\u652f\u6301\u4e24\u79cd\u521b\u5efa\u65b9\u5f0f\uff1a
\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u5df2\u63a5\u5165 Kubernetes \u96c6\u7fa4\u6216\u8005\u5df2\u521b\u5efa Kubernetes \u96c6\u7fa4\uff0c\u4e14\u80fd\u591f\u8bbf\u95ee\u96c6\u7fa4\u7684 UI \u754c\u9762
\u5df2\u5b8c\u6210\u4e00\u4e2a\u547d\u540d\u7a7a\u95f4\u7684\u521b\u5efa\u3001\u7528\u6237\u7684\u521b\u5efa\uff0c\u5e76\u5c06\u7528\u6237\u6388\u6743\u4e3a NS Editor \uff0c\u8be6\u60c5\u53ef\u53c2\u8003\u96c6\u7fa4\u548c\u547d\u540d\u7a7a\u95f4\u6388\u6743\u3002
\u5728 \u96c6\u7fa4\u5217\u8868 \u9875\u9762\u70b9\u51fb\u67d0\u4e2a\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\uff0c\u70b9\u51fb \u914d\u7f6e\u4e0e\u5bc6\u94a5 -> \u5bc6\u94a5 \uff0c\u70b9\u51fb\u53f3\u4e0a\u89d2 \u521b\u5efa\u5bc6\u94a5 \u6309\u94ae\u3002
\u5728 \u521b\u5efa\u5bc6\u94a5 \u9875\u9762\u4e2d\u586b\u5199\u914d\u7f6e\u4fe1\u606f\uff0c\u70b9\u51fb \u786e\u5b9a \u3002
\u586b\u5199\u914d\u7f6e\u65f6\u9700\u8981\u6ce8\u610f\uff1a
\u5728 \u96c6\u7fa4\u5217\u8868 \u9875\u9762\u70b9\u51fb\u67d0\u4e2a\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\uff0c\u70b9\u51fb \u914d\u7f6e\u4e0e\u5bc6\u94a5 -> \u5bc6\u94a5 \uff0c\u70b9\u51fb\u53f3\u4e0a\u89d2 YAML \u521b\u5efa \u6309\u94ae\u3002
\u5728 YAML \u521b\u5efa \u9875\u9762\u4e2d\u586b\u5199 YAML \u914d\u7f6e\uff0c\u70b9\u51fb \u786e\u5b9a \u3002
\u652f\u6301\u4ece\u672c\u5730\u5bfc\u5165 YAML \u6587\u4ef6\u6216\u5c06\u586b\u5199\u597d\u7684\u6587\u4ef6\u4e0b\u8f7d\u4fdd\u5b58\u5230\u672c\u5730\u3002
```yaml\napiVersion: v1\nkind: Secret\nmetadata:\n name: secretdemo\ntype: Opaque\ndata:\n username: ******\n password: ******\n```\n
\u4e0b\u4e00\u6b65\uff1a\u4f7f\u7528\u5bc6\u94a5
"},{"location":"admin/kpanda/configmaps-secrets/use-configmap.html","title":"\u4f7f\u7528\u914d\u7f6e\u9879","text":"\u914d\u7f6e\u9879\uff08ConfigMap\uff09\u662f Kubernetes \u7684\u4e00\u79cd API \u5bf9\u8c61\uff0c\u7528\u6765\u5c06\u975e\u673a\u5bc6\u6027\u7684\u6570\u636e\u4fdd\u5b58\u5230\u952e\u503c\u5bf9\u4e2d\uff0c\u53ef\u4ee5\u5b58\u50a8\u5176\u4ed6\u5bf9\u8c61\u6240\u9700\u8981\u4f7f\u7528\u7684\u914d\u7f6e\u3002 \u4f7f\u7528\u65f6\uff0c \u5bb9\u5668\u53ef\u4ee5\u5c06\u5176\u7528\u4f5c\u73af\u5883\u53d8\u91cf\u3001\u547d\u4ee4\u884c\u53c2\u6570\u6216\u8005\u5b58\u50a8\u5377\u4e2d\u7684\u914d\u7f6e\u6587\u4ef6\u3002\u901a\u8fc7\u4f7f\u7528\u914d\u7f6e\u9879\uff0c\u80fd\u591f\u5c06\u914d\u7f6e\u6570\u636e\u548c\u5e94\u7528\u7a0b\u5e8f\u4ee3\u7801\u5206\u5f00\uff0c\u4e3a\u5e94\u7528\u914d\u7f6e\u7684\u4fee\u6539\u63d0\u4f9b\u66f4\u52a0\u7075\u6d3b\u7684\u9014\u5f84\u3002
Note
\u914d\u7f6e\u9879\u5e76\u4e0d\u63d0\u4f9b\u4fdd\u5bc6\u6216\u8005\u52a0\u5bc6\u529f\u80fd\u3002\u5982\u679c\u8981\u5b58\u50a8\u7684\u6570\u636e\u662f\u673a\u5bc6\u7684\uff0c\u8bf7\u4f7f\u7528\u5bc6\u94a5\uff0c\u6216\u8005\u4f7f\u7528\u5176\u4ed6\u7b2c\u4e09\u65b9\u5de5\u5177\u6765\u4fdd\u8bc1\u6570\u636e\u7684\u79c1\u5bc6\u6027\uff0c\u800c\u4e0d\u662f\u7528\u914d\u7f6e\u9879\u3002 \u6b64\u5916\u5728\u5bb9\u5668\u91cc\u4f7f\u7528\u914d\u7f6e\u9879\u65f6\uff0c\u5bb9\u5668\u548c\u914d\u7f6e\u9879\u5fc5\u987b\u5904\u4e8e\u540c\u4e00\u96c6\u7fa4\u7684\u547d\u540d\u7a7a\u95f4\u4e2d\u3002
"},{"location":"admin/kpanda/configmaps-secrets/use-configmap.html#_2","title":"\u4f7f\u7528\u573a\u666f","text":"\u60a8\u53ef\u4ee5\u5728 Pod \u4e2d\u4f7f\u7528\u914d\u7f6e\u9879\uff0c\u6709\u591a\u79cd\u4f7f\u7528\u573a\u666f\uff0c\u4e3b\u8981\u5305\u62ec\uff1a
\u4f7f\u7528\u914d\u7f6e\u9879\u8bbe\u7f6e\u5bb9\u5668\u7684\u73af\u5883\u53d8\u91cf
\u4f7f\u7528\u914d\u7f6e\u9879\u8bbe\u7f6e\u5bb9\u5668\u7684\u547d\u4ee4\u884c\u53c2\u6570
\u4f7f\u7528\u914d\u7f6e\u9879\u4f5c\u4e3a\u5bb9\u5668\u7684\u6570\u636e\u5377
\u60a8\u53ef\u4ee5\u901a\u8fc7\u56fe\u5f62\u5316\u754c\u9762\u6216\u8005\u7ec8\u7aef\u547d\u4ee4\u884c\u6765\u4f7f\u7528\u914d\u7f6e\u9879\u4f5c\u4e3a\u5bb9\u5668\u7684\u73af\u5883\u53d8\u91cf\u3002
Note
\u914d\u7f6e\u9879\u5bfc\u5165\u662f\u5c06\u914d\u7f6e\u9879\u4f5c\u4e3a\u73af\u5883\u53d8\u91cf\u7684\u503c\uff1b\u914d\u7f6e\u9879\u952e\u503c\u5bfc\u5165\u662f\u5c06\u914d\u7f6e\u9879\u4e2d\u67d0\u4e00\u53c2\u6570\u4f5c\u4e3a\u73af\u5883\u53d8\u91cf\u7684\u503c\u3002
"},{"location":"admin/kpanda/configmaps-secrets/use-configmap.html#_4","title":"\u56fe\u5f62\u5316\u754c\u9762\u64cd\u4f5c","text":"\u901a\u8fc7\u955c\u50cf\u521b\u5efa\u5de5\u4f5c\u8d1f\u8f7d\u65f6\uff0c\u53ef\u4ee5\u5728 \u73af\u5883\u53d8\u91cf \u754c\u9762\u901a\u8fc7\u9009\u62e9 \u914d\u7f6e\u9879\u5bfc\u5165 \u6216 \u914d\u7f6e\u9879\u952e\u503c\u5bfc\u5165 \u4e3a\u5bb9\u5668\u8bbe\u7f6e\u73af\u5883\u53d8\u91cf\u3002
\u8fdb\u5165\u955c\u50cf\u521b\u5efa\u5de5\u4f5c\u8d1f\u8f7d\u9875\u9762\u4e2d\uff0c\u5728 \u5bb9\u5668\u914d\u7f6e \u8fd9\u4e00\u6b65\u4e2d\uff0c\u9009\u62e9 \u73af\u5883\u53d8\u91cf \u914d\u7f6e\uff0c\u70b9\u51fb \u6dfb\u52a0\u73af\u5883\u53d8\u91cf \u6309\u94ae\u3002
\u5728\u73af\u5883\u53d8\u91cf\u7c7b\u578b\u5904\u9009\u62e9 \u914d\u7f6e\u9879\u5bfc\u5165 \u6216 \u914d\u7f6e\u9879\u952e\u503c\u5bfc\u5165 \u3002
\u5f53\u73af\u5883\u53d8\u91cf\u7c7b\u578b\u9009\u62e9\u4e3a \u914d\u7f6e\u9879\u5bfc\u5165 \u65f6\uff0c\u4f9d\u6b21\u8f93\u5165 \u53d8\u91cf\u540d \u3001 \u524d\u7f00 \u540d\u79f0\u3001 \u914d\u7f6e\u9879 \u7684\u540d\u79f0\u3002
\u5f53\u73af\u5883\u53d8\u91cf\u7c7b\u578b\u9009\u62e9\u4e3a \u914d\u7f6e\u9879\u952e\u503c\u5bfc\u5165 \u65f6\uff0c\u4f9d\u6b21\u8f93\u5165 \u53d8\u91cf\u540d \u3001 \u914d\u7f6e\u9879 \u540d\u79f0\u3001 \u952e \u7684\u540d\u79f0\u3002
\u60a8\u53ef\u4ee5\u5728\u521b\u5efa\u5de5\u4f5c\u8d1f\u8f7d\u65f6\u5c06\u914d\u7f6e\u9879\u8bbe\u7f6e\u4e3a\u73af\u5883\u53d8\u91cf\uff0c\u4f7f\u7528 valueFrom \u53c2\u6570\u5f15\u7528 ConfigMap \u4e2d\u7684 Key/Value\u3002
apiVersion: v1\nkind: Pod\nmetadata:\n name: configmap-pod-1\nspec:\n containers:\n - name: test-container\n image: busybox\n command: [ \"/bin/sh\", \"-c\", \"env\" ]\n env:\n - name: SPECIAL_LEVEL_KEY\n valueFrom: # (1)!\n configMapKeyRef:\n name: kpanda-configmap # (2)!\n key: SPECIAL_LEVEL # (3)!\n restartPolicy: Never\n
\u60a8\u53ef\u4ee5\u4f7f\u7528\u914d\u7f6e\u9879\u8bbe\u7f6e\u5bb9\u5668\u4e2d\u7684\u547d\u4ee4\u6216\u8005\u53c2\u6570\u503c\uff0c\u4f7f\u7528\u73af\u5883\u53d8\u91cf\u66ff\u6362\u8bed\u6cd5 $(VAR_NAME) \u6765\u8fdb\u884c\u3002\u5982\u4e0b\u6240\u793a\u3002
apiVersion: v1\nkind: Pod\nmetadata:\n name: configmap-pod-3\nspec:\n containers:\n - name: test-container\n image: busybox\n command: [ \"/bin/sh\", \"-c\", \"echo $(SPECIAL_LEVEL_KEY) $(SPECIAL_TYPE_KEY)\" ]\n env:\n - name: SPECIAL_LEVEL_KEY\n valueFrom:\n configMapKeyRef:\n name: kpanda-configmap\n key: SPECIAL_LEVEL\n - name: SPECIAL_TYPE_KEY\n valueFrom:\n configMapKeyRef:\n name: kpanda-configmap\n key: SPECIAL_TYPE\n restartPolicy: Never\n
\u8fd9\u4e2a Pod \u8fd0\u884c\u540e\uff0c\u8f93\u51fa\u5982\u4e0b\u5185\u5bb9\u3002
Hello Kpanda\n
"},{"location":"admin/kpanda/configmaps-secrets/use-configmap.html#_7","title":"\u7528\u4f5c\u5bb9\u5668\u6570\u636e\u5377","text":"\u60a8\u53ef\u4ee5\u901a\u8fc7\u56fe\u5f62\u5316\u754c\u9762\u6216\u8005\u7ec8\u7aef\u547d\u4ee4\u884c\u6765\u4f7f\u7528\u914d\u7f6e\u9879\u4f5c\u4e3a\u5bb9\u5668\u7684\u73af\u5883\u53d8\u91cf\u3002
"},{"location":"admin/kpanda/configmaps-secrets/use-configmap.html#_8","title":"\u56fe\u5f62\u5316\u64cd\u4f5c","text":"\u5728\u901a\u8fc7\u955c\u50cf\u521b\u5efa\u5de5\u4f5c\u8d1f\u8f7d\u65f6\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7\u5728 \u6570\u636e\u5b58\u50a8 \u754c\u9762\u9009\u62e9\u5b58\u50a8\u7c7b\u578b\u4e3a \u914d\u7f6e\u9879 \uff0c\u5c06\u914d\u7f6e\u9879\u4f5c\u4e3a\u5bb9\u5668\u7684\u6570\u636e\u5377\u3002
\u8fdb\u5165\u955c\u50cf\u521b\u5efa\u5de5\u4f5c\u8d1f\u8f7d\u9875\u9762\u4e2d\uff0c\u5728 \u5bb9\u5668\u914d\u7f6e \u8fd9\u4e00\u6b65\u4e2d\uff0c\u9009\u62e9 \u6570\u636e\u5b58\u50a8 \u914d\u7f6e\uff0c\u5728 \u8282\u70b9\u8def\u5f84\u6620\u5c04 \u5217\u8868\u70b9\u51fb \u6dfb\u52a0 \u6309\u94ae\u3002
\u5728\u5b58\u50a8\u7c7b\u578b\u5904\u9009\u62e9 \u914d\u7f6e\u9879 \uff0c\u5e76\u4f9d\u6b21\u8f93\u5165 \u5bb9\u5668\u8def\u5f84 \u3001 \u5b50\u8def\u5f84 \u7b49\u4fe1\u606f\u3002
\u8981\u5728\u4e00\u4e2a Pod \u7684\u5b58\u50a8\u5377\u4e2d\u4f7f\u7528 ConfigMap\u3002
\u4e0b\u9762\u662f\u4e00\u4e2a\u5c06 ConfigMap \u4ee5\u5377\u7684\u5f62\u5f0f\u8fdb\u884c\u6302\u8f7d\u7684 Pod \u793a\u4f8b\uff1a
apiVersion: v1\nkind: Pod\nmetadata:\n name: mypod\nspec:\n containers:\n - name: mypod\n image: redis\n volumeMounts:\n - name: foo\n mountPath: \"/etc/foo\"\n readOnly: true\n volumes:\n - name: foo\n configMap:\n name: myconfigmap\n
\u5982\u679c Pod \u4e2d\u6709\u591a\u4e2a\u5bb9\u5668\uff0c\u5219\u6bcf\u4e2a\u5bb9\u5668\u90fd\u9700\u8981\u81ea\u5df1\u7684 volumeMounts \u5757\uff0c\u4f46\u9488\u5bf9\u6bcf\u4e2a ConfigMap\uff0c\u60a8\u53ea\u9700\u8981\u8bbe\u7f6e\u4e00\u4e2a spec.volumes \u5757\u3002
Note
\u5c06\u914d\u7f6e\u9879\u4f5c\u4e3a\u5bb9\u5668\u6302\u8f7d\u7684\u6570\u636e\u5377\u65f6\uff0c\u914d\u7f6e\u9879\u53ea\u80fd\u4f5c\u4e3a\u53ea\u8bfb\u6587\u4ef6\u8fdb\u884c\u8bfb\u53d6\u3002
"},{"location":"admin/kpanda/configmaps-secrets/use-secret.html","title":"\u4f7f\u7528\u5bc6\u94a5","text":"\u5bc6\u94a5\u662f\u4e00\u79cd\u7528\u4e8e\u5b58\u50a8\u548c\u7ba1\u7406\u5bc6\u7801\u3001OAuth \u4ee4\u724c\u3001SSH\u3001TLS \u51ed\u636e\u7b49\u654f\u611f\u4fe1\u606f\u7684\u8d44\u6e90\u5bf9\u8c61\u3002\u4f7f\u7528\u5bc6\u94a5\u610f\u5473\u7740\u60a8\u4e0d\u9700\u8981\u5728\u5e94\u7528\u7a0b\u5e8f\u4ee3\u7801\u4e2d\u5305\u542b\u654f\u611f\u7684\u673a\u5bc6\u6570\u636e\u3002
"},{"location":"admin/kpanda/configmaps-secrets/use-secret.html#_2","title":"\u4f7f\u7528\u573a\u666f","text":"\u60a8\u53ef\u4ee5\u5728 Pod \u4e2d\u4f7f\u7528\u5bc6\u94a5\uff0c\u6709\u591a\u79cd\u4f7f\u7528\u573a\u666f\uff0c\u4e3b\u8981\u5305\u62ec\uff1a
\u60a8\u53ef\u4ee5\u901a\u8fc7\u56fe\u5f62\u5316\u754c\u9762\u6216\u8005\u7ec8\u7aef\u547d\u4ee4\u884c\u6765\u4f7f\u7528\u5bc6\u94a5\u4f5c\u4e3a\u5bb9\u5668\u7684\u73af\u5883\u53d8\u91cf\u3002
Note
\u5bc6\u94a5\u5bfc\u5165\u662f\u5c06\u5bc6\u94a5\u4f5c\u4e3a\u73af\u5883\u53d8\u91cf\u7684\u503c\uff1b\u5bc6\u94a5\u952e\u503c\u5bfc\u5165\u662f\u5c06\u5bc6\u94a5\u4e2d\u67d0\u4e00\u53c2\u6570\u4f5c\u4e3a\u73af\u5883\u53d8\u91cf\u7684\u503c\u3002
"},{"location":"admin/kpanda/configmaps-secrets/use-secret.html#_4","title":"\u56fe\u5f62\u754c\u9762\u64cd\u4f5c","text":"\u5728\u901a\u8fc7\u955c\u50cf\u521b\u5efa\u5de5\u4f5c\u8d1f\u8f7d\u65f6\uff0c\u60a8\u53ef\u4ee5\u5728 \u73af\u5883\u53d8\u91cf \u754c\u9762\u901a\u8fc7\u9009\u62e9 \u5bc6\u94a5\u5bfc\u5165 \u6216 \u5bc6\u94a5\u952e\u503c\u5bfc\u5165 \u4e3a\u5bb9\u5668\u8bbe\u7f6e\u73af\u5883\u53d8\u91cf\u3002
\u8fdb\u5165\u955c\u50cf\u521b\u5efa\u5de5\u4f5c\u8d1f\u8f7d\u9875\u9762\u3002
\u5728 \u5bb9\u5668\u914d\u7f6e \u9009\u62e9 \u73af\u5883\u53d8\u91cf \u914d\u7f6e\uff0c\u70b9\u51fb \u6dfb\u52a0\u73af\u5883\u53d8\u91cf \u6309\u94ae\u3002
\u5728\u73af\u5883\u53d8\u91cf\u7c7b\u578b\u5904\u9009\u62e9 \u5bc6\u94a5\u5bfc\u5165 \u6216 \u5bc6\u94a5\u952e\u503c\u5bfc\u5165 \u3002
\u5f53\u73af\u5883\u53d8\u91cf\u7c7b\u578b\u9009\u62e9\u4e3a \u5bc6\u94a5\u5bfc\u5165 \u65f6\uff0c\u4f9d\u6b21\u8f93\u5165 \u53d8\u91cf\u540d \u3001 \u524d\u7f00 \u3001 \u5bc6\u94a5 \u7684\u540d\u79f0\u3002
\u5f53\u73af\u5883\u53d8\u91cf\u7c7b\u578b\u9009\u62e9\u4e3a \u5bc6\u94a5\u952e\u503c\u5bfc\u5165 \u65f6\uff0c\u4f9d\u6b21\u8f93\u5165 \u53d8\u91cf\u540d \u3001 \u5bc6\u94a5 \u3001 \u952e \u7684\u540d\u79f0\u3002
\u5982\u4e0b\u4f8b\u6240\u793a\uff0c\u60a8\u53ef\u4ee5\u5728\u521b\u5efa\u5de5\u4f5c\u8d1f\u8f7d\u65f6\u5c06\u5bc6\u94a5\u8bbe\u7f6e\u4e3a\u73af\u5883\u53d8\u91cf\uff0c\u4f7f\u7528 valueFrom \u53c2\u6570\u5f15\u7528 Secret \u4e2d\u7684 Key/Value\u3002
apiVersion: v1\nkind: Pod\nmetadata:\n name: secret-env-pod\nspec:\n containers:\n - name: mycontainer\n image: redis\n env:\n - name: SECRET_USERNAME\n valueFrom:\n secretKeyRef:\n name: mysecret\n key: username\n optional: false # (1)!\n - name: SECRET_PASSWORD\n valueFrom:\n secretKeyRef:\n name: mysecret\n key: password\n optional: false # (2)!\n
\u5728\u901a\u8fc7\u955c\u50cf\u521b\u5efa\u5de5\u4f5c\u8d1f\u8f7d\u65f6\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7\u5728 \u6570\u636e\u5b58\u50a8 \u754c\u9762\u9009\u62e9\u5b58\u50a8\u7c7b\u578b\u4e3a \u5bc6\u94a5 \uff0c\u5c06\u5bc6\u94a5\u4f5c\u4e3a\u5bb9\u5668\u7684\u6570\u636e\u5377\u3002
\u8fdb\u5165\u955c\u50cf\u521b\u5efa\u5de5\u4f5c\u8d1f\u8f7d\u9875\u9762\u3002
\u5728 \u5bb9\u5668\u914d\u7f6e \u9009\u62e9 \u6570\u636e\u5b58\u50a8 \u914d\u7f6e\uff0c\u5728 \u8282\u70b9\u8def\u5f84\u6620\u5c04 \u5217\u8868\u70b9\u51fb \u6dfb\u52a0 \u6309\u94ae\u3002
\u5728\u5b58\u50a8\u7c7b\u578b\u5904\u9009\u62e9 \u5bc6\u94a5 \uff0c\u5e76\u4f9d\u6b21\u8f93\u5165 \u5bb9\u5668\u8def\u5f84 \u3001 \u5b50\u8def\u5f84 \u7b49\u4fe1\u606f\u3002
\u4e0b\u9762\u662f\u4e00\u4e2a\u901a\u8fc7\u6570\u636e\u5377\u6765\u6302\u8f7d\u540d\u4e3a mysecret \u7684 Secret \u7684 Pod \u793a\u4f8b\uff1a
apiVersion: v1\nkind: Pod\nmetadata:\n name: mypod\nspec:\n containers:\n - name: mypod\n image: redis\n volumeMounts:\n - name: foo\n mountPath: \"/etc/foo\"\n readOnly: true\n volumes:\n - name: foo\n secret:\n secretName: mysecret\n optional: false # (1)!\n
\u5982\u679c Pod \u4e2d\u5305\u542b\u591a\u4e2a\u5bb9\u5668\uff0c\u5219\u6bcf\u4e2a\u5bb9\u5668\u9700\u8981\u81ea\u5df1\u7684 volumeMounts \u5757\uff0c\u4e0d\u8fc7\u9488\u5bf9\u6bcf\u4e2a Secret \u800c\u8a00\uff0c\u53ea\u9700\u8981\u4e00\u4efd .spec.volumes
\u8bbe\u7f6e\u3002
\u60a8\u53ef\u4ee5\u901a\u8fc7\u56fe\u5f62\u5316\u754c\u9762\u6216\u8005\u7ec8\u7aef\u547d\u4ee4\u884c\u6765\u4f7f\u7528\u5bc6\u94a5\u4f5c\u4e3a\u955c\u50cf\u4ed3\u5e93\u8eab\u4efd\u8ba4\u8bc1\u51ed\u8bc1\u3002
"},{"location":"admin/kpanda/configmaps-secrets/use-secret.html#_8","title":"\u56fe\u5f62\u5316\u64cd\u4f5c","text":"\u5728\u901a\u8fc7\u955c\u50cf\u521b\u5efa\u5de5\u4f5c\u8d1f\u8f7d\u65f6\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7\u5728 \u6570\u636e\u5b58\u50a8 \u754c\u9762\u9009\u62e9\u5b58\u50a8\u7c7b\u578b\u4e3a \u5bc6\u94a5 \uff0c\u5c06\u5bc6\u94a5\u4f5c\u4e3a\u5bb9\u5668\u7684\u6570\u636e\u5377\u3002
\u8fdb\u5165\u955c\u50cf\u521b\u5efa\u5de5\u4f5c\u8d1f\u8f7d\u9875\u9762\u3002
\u5728\u7b2c\u4e8c\u6b65 \u5bb9\u5668\u914d\u7f6e \u65f6\u9009\u62e9 \u57fa\u672c\u4fe1\u606f \u914d\u7f6e\uff0c\u70b9\u51fb \u9009\u62e9\u955c\u50cf \u6309\u94ae\u3002
\u5728\u5f39\u6846\u7684 \u955c\u50cf\u4ed3\u5e93 \u4e0b\u62c9\u9009\u62e9\u79c1\u6709\u955c\u50cf\u4ed3\u5e93\u540d\u79f0\u3002\u5173\u4e8e\u79c1\u6709\u955c\u50cf\u5bc6\u94a5\u521b\u5efa\u8bf7\u67e5\u770b\u521b\u5efa\u5bc6\u94a5\u4e86\u89e3\u8be6\u60c5\u3002
\u8f93\u5165\u79c1\u6709\u4ed3\u5e93\u5185\u7684\u955c\u50cf\u540d\u79f0\uff0c\u70b9\u51fb \u786e\u5b9a \uff0c\u5b8c\u6210\u955c\u50cf\u9009\u62e9\u3002
Note
\u521b\u5efa\u5bc6\u94a5\u65f6\uff0c\u9700\u8981\u786e\u4fdd\u8f93\u5165\u6b63\u786e\u7684\u955c\u50cf\u4ed3\u5e93\u5730\u5740\u3001\u7528\u6237\u540d\u79f0\u3001\u5bc6\u7801\u5e76\u9009\u62e9\u6b63\u786e\u7684\u955c\u50cf\u540d\u79f0\uff0c\u5426\u5219\u5c06\u65e0\u6cd5\u83b7\u53d6\u955c\u50cf\u4ed3\u5e93\u4e2d\u7684\u955c\u50cf\u3002
"},{"location":"admin/kpanda/custom-resources/create.html","title":"\u521b\u5efa\u81ea\u5b9a\u4e49\u8d44\u6e90 (CRD)","text":"\u5728 Kubernetes \u4e2d\u4e00\u5207\u5bf9\u8c61\u90fd\u88ab\u62bd\u8c61\u4e3a\u8d44\u6e90\uff0c\u5982 Pod\u3001Deployment\u3001Service\u3001Volume \u7b49\u662f Kubernetes \u63d0\u4f9b\u7684\u9ed8\u8ba4\u8d44\u6e90\uff0c \u8fd9\u4e3a\u6211\u4eec\u7684\u65e5\u5e38\u8fd0\u7ef4\u548c\u7ba1\u7406\u5de5\u4f5c\u63d0\u4f9b\u4e86\u91cd\u8981\u652f\u6491\uff0c\u4f46\u662f\u5728\u4e00\u4e9b\u7279\u6b8a\u7684\u573a\u666f\u4e2d\uff0c\u73b0\u6709\u7684\u9884\u7f6e\u8d44\u6e90\u5e76\u4e0d\u80fd\u6ee1\u8db3\u4e1a\u52a1\u7684\u9700\u8981\uff0c \u56e0\u6b64\u6211\u4eec\u5e0c\u671b\u53bb\u6269\u5c55 Kubernetes API \u7684\u80fd\u529b\uff0c\u81ea\u5b9a\u4e49\u8d44\u6e90\uff08CustomResourceDefinition, CRD\uff09\u6b63\u662f\u57fa\u4e8e\u8fd9\u6837\u7684\u9700\u6c42\u5e94\u8fd0\u800c\u751f\u3002
\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u652f\u6301\u5bf9\u81ea\u5b9a\u4e49\u8d44\u6e90\u7684\u754c\u9762\u5316\u7ba1\u7406\uff0c\u4e3b\u8981\u529f\u80fd\u5982\u4e0b\uff1a
\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u5df2\u63a5\u5165 Kubernetes \u96c6\u7fa4\u6216\u8005\u5df2\u521b\u5efa Kubernetes\uff0c\u4e14\u80fd\u591f\u8bbf\u95ee\u96c6\u7fa4\u7684 UI \u754c\u9762
\u5df2\u5b8c\u6210\u4e00\u4e2a\u547d\u540d\u7a7a\u95f4\u7684\u521b\u5efa\u3001\u7528\u6237\u7684\u521b\u5efa\uff0c\u5e76\u5c06\u7528\u6237\u6388\u6743\u4e3a Cluster Admin \u89d2\u8272 \uff0c\u8be6\u60c5\u53ef\u53c2\u8003\u96c6\u7fa4\u548c\u547d\u540d\u7a7a\u95f4\u6388\u6743
\u70b9\u51fb\u4e00\u4e2a\u96c6\u7fa4\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\uff0c\u70b9\u51fb \u81ea\u5b9a\u4e49\u8d44\u6e90 \uff0c\u70b9\u51fb\u53f3\u4e0a\u89d2 YAML \u521b\u5efa \u6309\u94ae\u3002
\u5728 YAML \u521b\u5efa \u9875\u9762\u4e2d\uff0c\u586b\u5199 YAML \u8bed\u53e5\u540e\uff0c\u70b9\u51fb \u786e\u5b9a \u3002
\u8fd4\u56de\u81ea\u5b9a\u4e49\u8d44\u6e90\u5217\u8868\u9875\uff0c\u5373\u53ef\u67e5\u770b\u521a\u521a\u521b\u5efa\u7684\u540d\u4e3a crontabs.stable.example.com
\u7684\u81ea\u5b9a\u4e49\u8d44\u6e90\u3002
\u81ea\u5b9a\u4e49\u8d44\u6e90\u793a\u4f8b\uff1a
CRD exampleapiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: crontabs.stable.example.com\nspec:\n group: stable.example.com\n versions:\n - name: v1\n served: true\n storage: true\n schema:\n openAPIV3Schema:\n type: object\n properties:\n spec:\n type: object\n properties:\n cronSpec:\n type: string\n image:\n type: string\n replicas:\n type: integer\n scope: Namespaced\n names:\n plural: crontabs\n singular: crontab\n kind: CronTab\n shortNames:\n - ct\n
"},{"location":"admin/kpanda/custom-resources/create.html#yaml_1","title":"\u901a\u8fc7 YAML \u521b\u5efa\u81ea\u5b9a\u4e49\u8d44\u6e90\u793a\u4f8b","text":"\u70b9\u51fb\u4e00\u4e2a\u96c6\u7fa4\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\uff0c\u70b9\u51fb \u81ea\u5b9a\u4e49\u8d44\u6e90 \uff0c\u8fdb\u5165\u81ea\u5b9a\u4e49\u8d44\u6e90\u5217\u8868\u9875\u9762\u3002
\u70b9\u51fb\u540d\u4e3a crontabs.stable.example.com
\u7684\u81ea\u5b9a\u4e49\u8d44\u6e90\uff0c\u8fdb\u5165\u8be6\u60c5\uff0c\u70b9\u51fb\u53f3\u4e0a\u89d2 YAML \u521b\u5efa \u6309\u94ae\u3002
\u5728 YAML \u521b\u5efa \u9875\u9762\u4e2d\uff0c\u586b\u5199 YAML \u8bed\u53e5\u540e\uff0c\u70b9\u51fb \u786e\u5b9a \u3002
\u8fd4\u56de crontabs.stable.example.com
\u7684\u8be6\u60c5\u9875\u9762\uff0c\u5373\u53ef\u67e5\u770b\u521a\u521a\u521b\u5efa\u7684\u540d\u4e3a my-new-cron-object \u7684\u81ea\u5b9a\u4e49\u8d44\u6e90\u3002
CR \u793a\u4f8b\uff1a
CR exampleapiVersion: \"stable.example.com/v1\"\nkind: CronTab\nmetadata:\n name: my-new-cron-object\nspec:\n cronSpec: \"* * * * */5\"\n image: my-awesome-cron-image\n
"},{"location":"admin/kpanda/gpu/index.html","title":"GPU \u7ba1\u7406\u6982\u8ff0","text":"\u672c\u6587\u4ecb\u7ecd \u7b97\u4e30 AI \u7b97\u529b\u5bb9\u5668\u7ba1\u7406\u5e73\u53f0\u5bf9 GPU\u4e3a\u4ee3\u8868\u7684\u5f02\u6784\u8d44\u6e90\u7edf\u4e00\u8fd0\u7ef4\u7ba1\u7406\u80fd\u529b\u3002
"},{"location":"admin/kpanda/gpu/index.html#_1","title":"\u80cc\u666f","text":"\u968f\u7740 AI \u5e94\u7528\u3001\u5927\u6a21\u578b\u3001\u4eba\u5de5\u667a\u80fd\u3001\u81ea\u52a8\u9a7e\u9a76\u7b49\u65b0\u5174\u6280\u672f\u7684\u5feb\u901f\u53d1\u5c55\uff0c\u4f01\u4e1a\u9762\u4e34\u7740\u8d8a\u6765\u8d8a\u591a\u7684\u8ba1\u7b97\u5bc6\u96c6\u578b\u4efb\u52a1\u548c\u6570\u636e\u5904\u7406\u9700\u6c42\u3002 \u4ee5 CPU \u4e3a\u4ee3\u8868\u7684\u4f20\u7edf\u8ba1\u7b97\u67b6\u6784\u5df2\u65e0\u6cd5\u6ee1\u8db3\u4f01\u4e1a\u65e5\u76ca\u589e\u957f\u7684\u8ba1\u7b97\u9700\u6c42\u3002\u6b64\u65f6\uff0c\u4ee5 GPU \u4e3a\u4ee3\u8868\u7684\u5f02\u6784\u8ba1\u7b97\u56e0\u5728\u5904\u7406\u5927\u89c4\u6a21\u6570\u636e\u3001\u8fdb\u884c\u590d\u6742\u8ba1\u7b97\u548c\u5b9e\u65f6\u56fe\u5f62\u6e32\u67d3\u65b9\u9762\u5177\u6709\u72ec\u7279\u7684\u4f18\u52bf\u88ab\u5e7f\u6cdb\u5e94\u7528\u3002
\u4e0e\u6b64\u540c\u65f6\uff0c\u7531\u4e8e\u7f3a\u4e4f\u5f02\u6784\u8d44\u6e90\u8c03\u5ea6\u7ba1\u7406\u7b49\u65b9\u9762\u7684\u7ecf\u9a8c\u548c\u4e13\u4e1a\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u5bfc\u81f4\u4e86 GPU \u8bbe\u5907\u7684\u8d44\u6e90\u5229\u7528\u7387\u6781\u4f4e\uff0c\u7ed9\u4f01\u4e1a\u5e26\u6765\u4e86\u9ad8\u6602\u7684 AI \u751f\u4ea7\u6210\u672c\u3002 \u5982\u4f55\u964d\u672c\u589e\u6548\uff0c\u63d0\u9ad8 GPU \u7b49\u5f02\u6784\u8d44\u6e90\u7684\u5229\u7528\u6548\u7387\uff0c\u6210\u4e3a\u4e86\u5f53\u524d\u4f17\u591a\u4f01\u4e1a\u4e9f\u9700\u8de8\u8d8a\u7684\u4e00\u9053\u96be\u9898\u3002
"},{"location":"admin/kpanda/gpu/index.html#gpu_1","title":"GPU \u80fd\u529b\u4ecb\u7ecd","text":"\u7b97\u4e30 AI \u7b97\u529b\u5bb9\u5668\u7ba1\u7406\u5e73\u53f0\u652f\u6301\u5bf9 GPU\u3001NPU \u7b49\u5f02\u6784\u8d44\u6e90\u8fdb\u884c\u7edf\u4e00\u8c03\u5ea6\u548c\u8fd0\u7ef4\u7ba1\u7406\uff0c\u5145\u5206\u91ca\u653e GPU \u8d44\u6e90\u7b97\u529b\uff0c\u52a0\u901f\u4f01\u4e1a AI \u7b49\u65b0\u5174\u5e94\u7528\u53d1\u5c55\u3002GPU \u7ba1\u7406\u80fd\u529b\u5982\u4e0b\uff1a
\u540c\u666e\u901a\u8ba1\u7b97\u673a\u786c\u4ef6\u4e00\u6837\uff0cNVIDIA GPU \u5361\u4f5c\u4e3a\u7269\u7406\u786c\u4ef6\uff0c\u5fc5\u987b\u5b89\u88c5 NVIDIA GPU \u9a71\u52a8\u540e\u624d\u80fd\u4f7f\u7528\u3002 \u4e3a\u4e86\u964d\u4f4e\u7528\u6237\u5728 kuberneets \u4e0a\u4f7f\u7528 GPU \u7684\u6210\u672c\uff0cNVIDIA \u5b98\u65b9\u63d0\u4f9b\u4e86 NVIDIA GPU Operator \u7ec4\u4ef6\u6765\u7ba1\u7406\u4f7f\u7528 NVIDIA GPU \u6240\u4f9d\u8d56\u7684\u5404\u79cd\u7ec4\u4ef6\u3002 \u8fd9\u4e9b\u7ec4\u4ef6\u5305\u62ec NVIDIA \u9a71\u52a8\u7a0b\u5e8f\uff08\u7528\u4e8e\u542f\u7528 CUDA\uff09\u3001NVIDIA \u5bb9\u5668\u8fd0\u884c\u65f6\u3001GPU \u8282\u70b9\u6807\u8bb0\u3001\u57fa\u4e8e DCGM \u7684\u76d1\u63a7\u7b49\u3002 \u7406\u8bba\u4e0a\u6765\u8bf4\u7528\u6237\u53ea\u9700\u8981\u5c06 GPU \u5361\u63d2\u5728\u5df2\u7ecf\u88ab kubernetes \u6240\u7eb3\u7ba1\u7684\u8ba1\u7b97\u8bbe\u5907\u4e0a\uff0c\u7136\u540e\u901a\u8fc7 GPU Operator \u5c31\u80fd\u4f7f\u7528 NVIDIA GPU \u7684\u6240\u6709\u80fd\u529b\u4e86\u3002 \u4e86\u89e3\u66f4\u591a NVIDIA GPU Operator \u76f8\u5173\u4fe1\u606f\uff0c\u8bf7\u53c2\u8003 NVIDIA \u5b98\u65b9\u6587\u6863\u3002 \u5982\u4f55\u90e8\u7f72\u8bf7\u53c2\u8003 GPU Operator \u79bb\u7ebf\u5b89\u88c5
NVIDIA GPU Operator \u67b6\u6784\u56fe\uff1a
"},{"location":"admin/kpanda/gpu/FAQ.html","title":"GPU \u76f8\u5173 FAQ","text":""},{"location":"admin/kpanda/gpu/FAQ.html#pod-nvidia-smi-gpu","title":"Pod \u5185 nvidia-smi \u770b\u4e0d\u5230 GPU \u8fdb\u7a0b","text":"Q: \u5728\u4f7f\u7528 GPU \u7684 Pod \u5185\u6267\u884c nvidia-smi
\u547d\u4ee4\u770b\u4e0d\u5230\u4f7f\u7528 GPU \u7684\u8fdb\u7a0b\u4fe1\u606f\uff0c\u5305\u62ec\u6574\u5361\u6a21\u5f0f\u3001vGPU \u6a21\u5f0f\u7b49\u3002
A: \u56e0\u4e3a\u6709 PID namespace
\u9694\u79bb\uff0c\u5bfc\u81f4\u5728 Pod \u5185\u67e5\u770b\u4e0d\u5230 GPU \u8fdb\u7a0b\uff0c\u5982\u679c\u8981\u67e5\u770b GPU \u8fdb\u7a0b\u6709\u5982\u4e0b\u51e0\u79cd\u65b9\u6cd5\uff1a
hostPID: true
\uff0c\u4f7f\u5176\u53ef\u4ee5\u67e5\u770b\u5230\u5bbf\u4e3b\u673a\u4e0a\u7684 PIDnvidia-smi
\u547d\u4ee4\u67e5\u770b\u8fdb\u7a0bchroot /run/nvidia/driver nvidia-smi
\u547d\u4ee4\u67e5\u770b\u8fdb\u7a0b\u672c\u8282\u4ecb\u7ecd\u5982\u4f55\u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4f7f\u7528\u5929\u6570\u667a\u82af\u865a\u62df GPU\u3002
"},{"location":"admin/kpanda/gpu/Iluvatar_usage.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u786e\u8ba4\u96c6\u7fa4\u662f\u5426\u5df2\u68c0\u6d4b GPU \u5361\u3002\u70b9\u51fb\u5bf9\u5e94 \u96c6\u7fa4 -> \u96c6\u7fa4\u8bbe\u7f6e -> Addon \u63d2\u4ef6 \uff0c\u67e5\u770b\u662f\u5426\u5df2\u81ea\u52a8\u542f\u7528\u5e76\u81ea\u52a8\u68c0\u6d4b\u5bf9\u5e94 GPU \u7c7b\u578b\u3002 \u76ee\u524d\u96c6\u7fa4\u4f1a\u81ea\u52a8\u542f\u7528 GPU \uff0c\u5e76\u4e14\u8bbe\u7f6e GPU \u7c7b\u578b\u4e3a Iluvatar \u3002
\u90e8\u7f72\u5de5\u4f5c\u8d1f\u8f7d\u3002\u70b9\u51fb\u5bf9\u5e94 \u96c6\u7fa4 -> \u5de5\u4f5c\u8d1f\u8f7d \uff0c\u901a\u8fc7\u955c\u50cf\u65b9\u5f0f\u90e8\u7f72\u5de5\u4f5c\u8d1f\u8f7d\uff0c\u9009\u62e9\u7c7b\u578b\uff08Iluvatar\uff09\u4e4b\u540e\uff0c\u9700\u8981\u914d\u7f6e App \u4f7f\u7528\u7684 GPU \u8d44\u6e90\uff1a
\u5982\u679c\u4e0a\u8ff0\u503c\u914d\u7f6e\u7684\u6709\u95ee\u9898\u5219\u4f1a\u51fa\u73b0\u8c03\u5ea6\u5931\u8d25\uff0c\u8d44\u6e90\u5206\u914d\u4e0d\u4e86\u7684\u60c5\u51b5\u3002
\u521b\u5efa\u5de5\u4f5c\u8d1f\u8f7d\u7533\u8bf7 GPU \u8d44\u6e90\uff0c\u5728\u8d44\u6e90\u7533\u8bf7\u548c\u9650\u5236\u914d\u7f6e\u4e2d\u589e\u52a0iluvatar.ai/vcuda-core: 1
\u3001iluvatar.ai/vcuda-memory: 200
\u53c2\u6570\uff0c\u914d\u7f6e App \u4f7f\u7528\u7269\u7406\u5361\u7684\u8d44\u6e90\u3002
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: full-iluvatar-gpu-demo\n namespace: default\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: full-iluvatar-gpu-demo\n template:\n metadata:\n labels:\n app: full-iluvatar-gpu-demo\n spec:\n containers:\n - image: nginx:perl\n name: container-0\n resources:\n limits:\n cpu: 250m\n iluvatar.ai/vcuda-core: '1'\n iluvatar.ai/vcuda-memory: '200'\n memory: 512Mi\n requests:\n cpu: 250m\n memory: 512Mi\n imagePullSecrets:\n - name: default-secret\n
"},{"location":"admin/kpanda/gpu/dynamic-regulation.html","title":"GPU \u8d44\u6e90\u52a8\u6001\u8c03\u8282","text":"\u63d0\u4f9b GPU \u8d44\u6e90\u52a8\u6001\u8c03\u6574\u529f\u80fd\uff0c\u5141\u8bb8\u60a8\u5728\u65e0\u9700\u91cd\u65b0\u52a0\u8f7d\u3001\u91cd\u7f6e\u6216\u91cd\u542f\u6574\u4e2a\u8fd0\u884c\u73af\u5883\u7684\u60c5\u51b5\u4e0b\uff0c\u5bf9\u5df2\u7ecf\u5206\u914d\u7684 vGPU \u8d44\u6e90\u8fdb\u884c\u5b9e\u65f6\u3001\u52a8\u6001\u7684\u8c03\u6574\u3002 \u8fd9\u4e00\u529f\u80fd\u65e8\u5728\u6700\u5927\u7a0b\u5ea6\u5730\u51cf\u5c11\u5bf9\u4e1a\u52a1\u8fd0\u884c\u7684\u5f71\u54cd\uff0c\u786e\u4fdd\u60a8\u7684\u4e1a\u52a1\u80fd\u591f\u6301\u7eed\u7a33\u5b9a\u5730\u8fd0\u884c\uff0c\u540c\u65f6\u6839\u636e\u5b9e\u9645\u9700\u6c42\u7075\u6d3b\u8c03\u6574 GPU \u8d44\u6e90\u3002
"},{"location":"admin/kpanda/gpu/dynamic-regulation.html#_1","title":"\u4f7f\u7528\u573a\u666f","text":"\u4ee5\u4e0b\u662f\u4e00\u4e2a\u5177\u4f53\u7684\u64cd\u4f5c\u793a\u4f8b\uff0c\u5c55\u793a\u5982\u4f55\u5728\u4e0d\u91cd\u542f vGPU Pod \u7684\u60c5\u51b5\u4e0b\u52a8\u6001\u8c03\u6574 vGPU \u7684\u7b97\u529b\u548c\u663e\u5b58\u8d44\u6e90\uff1a
"},{"location":"admin/kpanda/gpu/dynamic-regulation.html#vgpu-pod","title":"\u521b\u5efa\u4e00\u4e2a vGPU Pod","text":"\u9996\u5148\uff0c\u6211\u4eec\u4f7f\u7528\u4ee5\u4e0b YAML \u521b\u5efa\u4e00\u4e2a vGPU Pod\uff0c\u5176\u7b97\u529b\u521d\u59cb\u4e0d\u9650\u5236\uff0c\u663e\u5b58\u9650\u5236\u4e3a 200Mb\u3002
kind: Deployment\napiVersion: apps/v1\nmetadata:\n name: gpu-burn-test\n namespace: default\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: gpu-burn-test\n template:\n metadata:\n creationTimestamp: null\n labels:\n app: gpu-burn-test\n spec:\n containers:\n - name: container-1\n image: docker.io/chrstnhntschl/gpu_burn:latest\n command:\n - sleep\n - '100000'\n resources:\n limits:\n cpu: 1m\n memory: 1Gi\n nvidia.com/gpucores: '0'\n nvidia.com/gpumem: '200'\n nvidia.com/vgpu: '1'\n
\u8c03\u6574\u524d\u67e5\u770b Pod
\u4e2d\u7684\u8d44\u6e90 GPU
\u5206\u914d\u8d44\u6e90\uff1a
\u5982\u679c\u9700\u8981\u4fee\u6539\u7b97\u529b\u4e3a 10%\uff0c\u53ef\u4ee5\u6309\u7167\u4ee5\u4e0b\u6b65\u9aa4\u64cd\u4f5c\uff1a
\u8fdb\u5165\u5bb9\u5668\uff1a
kubectl exec -it <pod-name> -- /bin/bash\n
\u6267\u884c\uff1a
export CUDA_DEVICE_SM_LIMIT=10\n
\u5728\u5f53\u524d\u7ec8\u7aef\u76f4\u63a5\u8fd0\u884c\uff1a
./gpu_burn 60\n
\u7a0b\u5e8f\u5373\u53ef\u751f\u6548\u3002\u6ce8\u610f\uff0c\u4e0d\u80fd\u9000\u51fa\u5f53\u524d Bash \u7ec8\u7aef\u3002
\u5982\u679c\u9700\u8981\u4fee\u6539\u663e\u5b58\u4e3a 300 MB\uff0c\u53ef\u4ee5\u6309\u7167\u4ee5\u4e0b\u6b65\u9aa4\u64cd\u4f5c\uff1a
\u8fdb\u5165\u5bb9\u5668\uff1a
kubectl exec -it <pod-name> -- /bin/bash\n
\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u6765\u8bbe\u7f6e\u663e\u5b58\u9650\u5236\uff1a
export CUDA_DEVICE_MEMORY_LIMIT_0=300m\nexport CUDA_DEVICE_MEMORY_SHARED_CACHE=/usr/local/vgpu/d.cache\n
Note
\u6bcf\u6b21\u4fee\u6539\u663e\u5b58\u5927\u5c0f\u65f6\uff0cd.cache
\u8fd9\u4e2a\u6587\u4ef6\u540d\u5b57\u90fd\u9700\u8981\u4fee\u6539\uff0c\u6bd4\u5982\u6539\u4e3a a.cache
\u30011.cache
\u7b49\uff0c\u4ee5\u907f\u514d\u7f13\u5b58\u51b2\u7a81\u3002
\u5728\u5f53\u524d\u7ec8\u7aef\u76f4\u63a5\u8fd0\u884c\uff1a
./gpu_burn 60\n
\u7a0b\u5e8f\u5373\u53ef\u751f\u6548\u3002\u540c\u6837\u5730\uff0c\u4e0d\u80fd\u9000\u51fa\u5f53\u524d Bash \u7ec8\u7aef\u3002
\u8c03\u6574\u540e\u67e5\u770b Pod
\u4e2d\u7684\u8d44\u6e90 GPU
\u5206\u914d\u8d44\u6e90\uff1a
\u901a\u8fc7\u4e0a\u8ff0\u6b65\u9aa4\uff0c\u60a8\u53ef\u4ee5\u5728\u4e0d\u91cd\u542f vGPU Pod \u7684\u60c5\u51b5\u4e0b\u52a8\u6001\u5730\u8c03\u6574\u5176\u7b97\u529b\u548c\u663e\u5b58\u8d44\u6e90\uff0c\u4ece\u800c\u66f4\u7075\u6d3b\u5730\u6ee1\u8db3\u4e1a\u52a1\u9700\u6c42\u5e76\u4f18\u5316\u8d44\u6e90\u5229\u7528\u3002
"},{"location":"admin/kpanda/gpu/gpu_matrix.html","title":"GPU \u652f\u6301\u77e9\u9635","text":"\u672c\u9875\u8bf4\u660e\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u652f\u6301\u7684 GPU \u53ca\u64cd\u4f5c\u7cfb\u7edf\u6240\u5bf9\u5e94\u7684\u77e9\u9635\u3002
"},{"location":"admin/kpanda/gpu/gpu_matrix.html#nvidia-gpu","title":"NVIDIA GPU","text":"GPU \u5382\u5546\u53ca\u7c7b\u578b \u652f\u6301 GPU \u578b\u53f7 \u9002\u914d\u7684\u64cd\u4f5c\u7cfb\u7edf\uff08\u5728\u7ebf\uff09 \u63a8\u8350\u5185\u6838 \u63a8\u8350\u7684\u64cd\u4f5c\u7cfb\u7edf\u53ca\u5185\u6838 \u5b89\u88c5\u6587\u6863 NVIDIA GPU\uff08\u6574\u5361/vGPU\uff09 NVIDIA Fermi (2.1) \u67b6\u6784 CentOS 7 Kernel 3.10.0-123 ~ 3.10.0-1160\u5185\u6838\u53c2\u8003\u6587\u6863\u5efa\u8bae\u4f7f\u7528\u64cd\u4f5c\u7cfb\u7edf\u5bf9\u5e94 Kernel \u7248\u672c \u64cd\u4f5c\u7cfb\u7edf\uff1aCentOS 7.9\uff1b\u5185\u6838\u7248\u672c\uff1a 3.10.0-1160 GPU Operator \u79bb\u7ebf\u5b89\u88c5 NVIDIA GeForce 400 \u7cfb\u5217 CentOS 8 Kernel 4.18.0-80 ~ 4.18.0-348 NVIDIA Quadro 4000 \u7cfb\u5217 Ubuntu 20.04 Kernel 5.4 NVIDIA Tesla 20 \u7cfb\u5217 Ubuntu 22.04 Kernel 5.19 NVIDIA Ampere \u67b6\u6784\u7cfb\u5217(A100;A800;H100) RHEL 7 Kernel 3.10.0-123 ~ 3.10.0-1160 RHEL 8 Kernel 4.18.0-80 ~ 4.18.0-348 NVIDIA MIG NVIDIA Ampere \u67b6\u6784\u7cfb\u5217\uff08A100\u3001A800\u3001H100\uff09 CentOS 7 Kernel 3.10.0-123 ~ 3.10.0-1160 \u64cd\u4f5c\u7cfb\u7edf\uff1aCentOS 7.9\uff1b\u5185\u6838\u7248\u672c\uff1a3.10.0-1160 GPU Operator \u79bb\u7ebf\u5b89\u88c5 CentOS 8 Kernel 4.18.0-80 ~ 4.18.0-348 Ubuntu 20.04 Kernel 5.4 Ubuntu 22.04 Kernel 5.19 RHEL 7 Kernel 3.10.0-123 ~ 3.10.0-1160 RHEL 8 Kernel 4.18.0-80 ~ 4.18.0-348"},{"location":"admin/kpanda/gpu/gpu_matrix.html#ascendnpu","title":"\u6607\u817e\uff08Ascend\uff09NPU","text":"GPU \u5382\u5546\u53ca\u7c7b\u578b \u652f\u6301 NPU \u578b\u53f7 \u9002\u914d\u7684\u64cd\u4f5c\u7cfb\u7edf\uff08\u5728\u7ebf\uff09 \u63a8\u8350\u5185\u6838 \u63a8\u8350\u7684\u64cd\u4f5c\u7cfb\u7edf\u53ca\u5185\u6838 \u5b89\u88c5\u6587\u6863 \u6607\u817e\uff08Ascend 310\uff09 Ascend 310 Ubuntu 20.04 \u8be6\u60c5\u53c2\u8003\uff1a\u5185\u6838\u7248\u672c\u8981\u6c42 \u64cd\u4f5c\u7cfb\u7edf\uff1aCentOS 7.9\uff1b\u5185\u6838\u7248\u672c\uff1a3.10.0-1160 300 \u548c 310P \u9a71\u52a8\u6587\u6863 Ascend 310P\uff1b CentOS 7.6 CentOS 8.2 KylinV10SP1 \u64cd\u4f5c\u7cfb\u7edf openEuler \u64cd\u4f5c\u7cfb\u7edf \u6607\u817e\uff08Ascend 910\uff09 Ascend 910B Ubuntu 20.04 \u8be6\u60c5\u53c2\u8003\u5185\u6838\u7248\u672c\u8981\u6c42 \u64cd\u4f5c\u7cfb\u7edf\uff1aCentOS 7.9\uff1b\u5185\u6838\u7248\u672c\uff1a3.10.0-1160 910 \u9a71\u52a8\u6587\u6863 CentOS 7.6 CentOS 8.2 KylinV10SP1 \u64cd\u4f5c\u7cfb\u7edf openEuler \u64cd\u4f5c\u7cfb\u7edf"},{"location":"admin/kpanda/gpu/gpu_matrix.html#iluvatargpu","title":"\u5929\u6570\u667a\u82af\uff08Iluvatar\uff09GPU","text":"GPU \u5382\u5546\u53ca\u7c7b\u578b \u652f\u6301\u7684 GPU \u578b\u53f7 \u9002\u914d\u7684\u64cd\u4f5c\u7cfb\u7edf\uff08\u5728\u7ebf\uff09 \u63a8\u8350\u5185\u6838 \u63a8\u8350\u7684\u64cd\u4f5c\u7cfb\u7edf\u53ca\u5185\u6838 \u5b89\u88c5\u6587\u6863 \u5929\u6570\u667a\u82af(Iluvatar vGPU) BI100 CentOS 7 Kernel 3.10.0-957.el7.x86_64 ~ 3.10.0-1160.42.2.el7.x86_64 \u64cd\u4f5c\u7cfb\u7edf\uff1aCentOS 7.9\uff1b\u5185\u6838\u7248\u672c\uff1a 3.10.0-1160 \u8865\u5145\u4e2d MR100\uff1b CentOS 8 Kernel 4.18.0-80.el8.x86_64 ~ 4.18.0-305.19.1.el8_4.x86_64 Ubuntu 20.04 Kernel 4.15.0-20-generic ~ 4.15.0-160-generic Kernel 5.4.0-26-generic ~ 5.4.0-89-generic Kernel 5.8.0-23-generic ~ 5.8.0-63-generic Ubuntu 21.04 Kernel 4.15.0-20-generic ~ 4.15.0-160-generic Kernel 5.4.0-26-generic ~ 5.4.0-89-generic Kernel 5.8.0-23-generic ~ 5.8.0-63-generic openEuler 22.03 LTS Kernel \u7248\u672c\u5927\u4e8e\u7b49\u4e8e 5.1 \u4e14\u5c0f\u4e8e\u7b49\u4e8e 5.10"},{"location":"admin/kpanda/gpu/gpu_matrix.html#metaxgpu","title":"\u6c90\u66e6\uff08Metax\uff09GPU","text":"GPU \u5382\u5546\u53ca\u7c7b\u578b \u652f\u6301\u7684 GPU \u578b\u53f7 \u9002\u914d\u7684\u64cd\u4f5c\u7cfb\u7edf\uff08\u5728\u7ebf\uff09 \u63a8\u8350\u5185\u6838 \u63a8\u8350\u7684\u64cd\u4f5c\u7cfb\u7edf\u53ca\u5185\u6838 \u5b89\u88c5\u6587\u6863 \u6c90\u66e6Metax\uff08\u6574\u5361/vGPU\uff09 \u66e6\u4e91 C500 \u6c90\u66e6 GPU \u5b89\u88c5\u4f7f\u7528"},{"location":"admin/kpanda/gpu/gpu_scheduler_config.html","title":"GPU \u8c03\u5ea6\u914d\u7f6e\uff08Binpack \u548c Spread \uff09","text":"\u672c\u6587\u4ecb\u7ecd\u4f7f\u7528 NVIDIA vGPU \u65f6\uff0c\u5982\u4f55\u901a\u8fc7 Binpack \u548c Spread \u7684 GPU \u8c03\u5ea6\u914d\u7f6e\u51cf\u5c11 GPU \u8d44\u6e90\u788e\u7247\u3001\u9632\u6b62\u5355\u70b9\u6545\u969c\u7b49\uff0c\u5b9e\u73b0 vGPU \u7684\u9ad8\u7ea7\u8c03\u5ea6\u3002 \u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u63d0\u4f9b\u4e86\u96c6\u7fa4\u548c\u5de5\u4f5c\u8d1f\u8f7d\u4e24\u79cd\u7ef4\u5ea6\u7684 Binpack \u548c Spread \u8c03\u5ea6\u7b56\u7565\uff0c\u5206\u522b\u6ee1\u8db3\u4e0d\u540c\u573a\u666f\u4e0b\u7684\u4f7f\u7528\u9700\u6c42\u3002
"},{"location":"admin/kpanda/gpu/gpu_scheduler_config.html#_1","title":"\u524d\u7f6e\u6761\u4ef6","text":"\u57fa\u4e8e GPU \u5361\u7ef4\u5ea6\u8c03\u5ea6\u7b56\u7565
\u57fa\u4e8e\u8282\u70b9\u7ef4\u5ea6\u7684\u8c03\u5ea6\u7b56\u7565
Note
\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u5de5\u4f5c\u8d1f\u8f7d\u4f1a\u9075\u5faa\u96c6\u7fa4\u7ea7\u522b\u7684 Binpack \u548c Spread \u8c03\u5ea6\u914d\u7f6e\u3002 \u82e5\u5de5\u4f5c\u8d1f\u8f7d\u5355\u72ec\u8bbe\u7f6e\u4e86\u4e0e\u96c6\u7fa4\u4e0d\u4e00\u81f4\u7684 Binpack \u548c Spread \u8c03\u5ea6\u7b56\u7565\uff0c\u5219\u8be5\u5de5\u4f5c\u8d1f\u8f7d\u4f18\u5148\u9075\u5faa\u5176\u672c\u8eab\u7684\u8c03\u5ea6\u7b56\u7565\u3002
\u5728 \u96c6\u7fa4\u5217\u8868 \u9875\u9009\u62e9\u9700\u8981\u8c03\u6574 Binpack \u548c Spread \u8c03\u5ea6\u7b56\u7565\u7684\u96c6\u7fa4\uff0c\u70b9\u51fb\u53f3\u4fa7\u7684 \u2507 \u64cd\u4f5c\u56fe\u6807\u5e76\u5728\u4e0b\u62c9\u5217\u8868\u4e2d\u70b9\u51fb GPU \u8c03\u5ea6\u914d\u7f6e \u3002
\u6839\u636e\u4e1a\u52a1\u573a\u666f\u8c03\u6574 GPU \u8c03\u5ea6\u914d\u7f6e\uff0c\u5e76\u70b9\u51fb \u786e\u5b9a \u540e\u4fdd\u5b58\u3002
Note
\u5f53\u5de5\u4f5c\u8d1f\u8f7d\u7ef4\u5ea6\u7684 Binpack \u548c Spread \u8c03\u5ea6\u7b56\u7565\u4e0e\u96c6\u7fa4\u7ea7\u522b\u7684\u914d\u7f6e\u51b2\u7a81\u65f6\uff0c\u4f18\u5148\u9075\u5faa\u5de5\u4f5c\u8d1f\u8f7d\u7ef4\u5ea6\u7684\u914d\u7f6e\u3002
\u53c2\u8003\u4ee5\u4e0b\u6b65\u9aa4\uff0c\u4f7f\u7528\u955c\u50cf\u521b\u5efa\u4e00\u4e2a\u65e0\u72b6\u6001\u8d1f\u8f7d\uff0c\u5e76\u5728\u5de5\u4f5c\u8d1f\u8f7d\u4e2d\u914d\u7f6e Binpack \u548c Spread \u8c03\u5ea6\u7b56\u7565 \u3002
\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u4e0a\u7684 \u96c6\u7fa4\u5217\u8868 \uff0c\u7136\u540e\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u9875\u9762\u3002
\u5728\u96c6\u7fa4\u8be6\u60c5\u9875\u9762\uff0c\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u7684 \u5de5\u4f5c\u8d1f\u8f7d -> \u65e0\u72b6\u6001\u8d1f\u8f7d \uff0c\u7136\u540e\u70b9\u51fb\u9875\u9762\u53f3\u4e0a\u89d2\u7684 \u955c\u50cf\u521b\u5efa \u6309\u94ae\u3002
\u4f9d\u6b21\u586b\u5199\u57fa\u672c\u4fe1\u606f\u3001\u5bb9\u5668\u914d\u7f6e\uff0c\u5e76\u5728 \u5bb9\u5668\u914d\u7f6e \u4e2d\u542f\u7528 GPU \u914d\u7f6e\uff0c\u9009\u62e9 GPU \u7c7b\u578b\u4e3a NVIDIA vGPU\uff0c \u70b9\u51fb \u9ad8\u7ea7\u8bbe\u7f6e \uff0c\u542f\u7528 Binpack / Spread \u8c03\u5ea6\u7b56\u7565\uff0c\u6839\u636e\u4e1a\u52a1\u573a\u666f\u8c03\u6574 GPU \u8c03\u5ea6\u914d\u7f6e\u3002\u914d\u7f6e\u5b8c\u6210\u540e\u70b9\u51fb \u4e0b\u4e00\u6b65 \uff0c \u8fdb\u5165 \u670d\u52a1\u914d\u7f6e\u3001\u9ad8\u7ea7\u914d\u7f6e\u540e\uff0c\u5728\u9875\u9762\u53f3\u4e0b\u89d2\u70b9\u51fb \u786e\u5b9a \u5b8c\u6210\u521b\u5efa\u3002
\u672c\u8282\u4ecb\u7ecd\u5982\u4f55\u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4f7f\u7528 vGPU \u80fd\u529b\u3002
"},{"location":"admin/kpanda/gpu/vgpu_quota.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u5f53\u524d\u96c6\u7fa4\u5df2\u901a\u8fc7 Operator \u6216\u624b\u52a8\u65b9\u5f0f\u90e8\u7f72\u5bf9\u5e94\u7c7b\u578b GPU \u9a71\u52a8\uff08NVIDIA GPU\u3001NVIDIA MIG\u3001\u5929\u6570\u3001\u6607\u817e\uff09
"},{"location":"admin/kpanda/gpu/vgpu_quota.html#_2","title":"\u64cd\u4f5c\u6b65\u9aa4","text":"\u8fdb\u5165 Namespaces \u4e2d\uff0c\u70b9\u51fb \u914d\u989d\u7ba1\u7406 \u53ef\u4ee5\u914d\u7f6e\u5f53\u524d Namespace \u53ef\u4ee5\u4f7f\u7528\u7684 GPU \u8d44\u6e90\u3002
\u5f53\u524d\u547d\u540d\u7a7a\u95f4\u914d\u989d\u7ba1\u7406\u8986\u76d6\u7684\u5361\u7c7b\u578b\u4e3a\uff1aNVIDIA vGPU\u3001NVIDIA MIG\u3001\u5929\u6570\u3001\u6607\u817e\u3002
NVIDIA vGPU \u914d\u989d\u7ba1\u7406 \uff1a\u914d\u7f6e\u5177\u4f53\u53ef\u4ee5\u4f7f\u7528\u7684\u914d\u989d\uff0c\u4f1a\u521b\u5efa ResourcesQuota CR\uff1a
\u672c\u7ae0\u8282\u63d0\u4f9b\u6607\u817e NPU \u9a71\u52a8\u3001Device Plugin\u3001NPU-Exporter \u7b49\u7ec4\u4ef6\u7684\u5b89\u88c5\u6307\u5bfc\u3002
"},{"location":"admin/kpanda/gpu/ascend/ascend_driver_install.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u4f7f\u7528 NPU \u8d44\u6e90\u4e4b\u524d\uff0c\u9700\u8981\u5b8c\u6210\u56fa\u4ef6\u5b89\u88c5\u3001NPU \u9a71\u52a8\u5b89\u88c5\u3001 Docker Runtime \u5b89\u88c5\u3001\u7528\u6237\u521b\u5efa\u3001\u65e5\u5fd7\u76ee\u5f55\u521b\u5efa\u4ee5\u53ca NPU Device Plugin \u5b89\u88c5\uff0c\u8be6\u60c5\u53c2\u8003\u5982\u4e0b\u6b65\u9aa4\u3002
"},{"location":"admin/kpanda/gpu/ascend/ascend_driver_install.html#_3","title":"\u5b89\u88c5\u56fa\u4ef6","text":"\u4e0b\u8f7d Ascend Docker Runtime
\u793e\u533a\u7248\u4e0b\u8f7d\u5730\u5740\uff1ahttps://www.hiascend.com/zh/software/mindx-dl/community
wget -c https://mindx.obs.cn-south-1.myhuaweicloud.com/OpenSource/MindX/MindX%205.0.RC2/MindX%20DL%205.0.RC2/Ascend-docker-runtime_5.0.RC2_linux-x86_64.run\n
\u5b89\u88c5\u5230\u6307\u5b9a\u8def\u5f84\u4e0b\uff0c\u4f9d\u6b21\u6267\u884c\u4ee5\u4e0b\u4e24\u6761\u547d\u4ee4\uff0c\u53c2\u6570\u4e3a\u6307\u5b9a\u7684\u5b89\u88c5\u8def\u5f84:
chmod u+x Ascend-docker-runtime_5.0.RC2_linux-x86_64.run \n./Ascend-docker-runtime_{version}_linux-{arch}.run --install --install-path=<path>\n
\u4fee\u6539 containerd \u914d\u7f6e\u6587\u4ef6
containerd \u65e0\u9ed8\u8ba4\u914d\u7f6e\u6587\u4ef6\u65f6\uff0c\u4f9d\u6b21\u6267\u884c\u4ee5\u4e0b3\u6761\u547d\u4ee4\uff0c\u521b\u5efa\u914d\u7f6e\u6587\u4ef6\uff1a
mkdir /etc/containerd \ncontainerd config default > /etc/containerd/config.toml \nvim /etc/containerd/config.toml\n
containerd \u6709\u914d\u7f6e\u6587\u4ef6\u65f6\uff1a
vim /etc/containerd/config.toml\n
\u6839\u636e\u5b9e\u9645\u60c5\u51b5\u4fee\u6539 runtime \u7684\u5b89\u88c5\u8def\u5f84\uff0c\u4e3b\u8981\u4fee\u6539 runtime \u5b57\u6bb5\uff1a
... \n[plugins.\"io.containerd.monitor.v1.cgroups\"]\n no_prometheus = false \n[plugins.\"io.containerd.runtime.v1.linux\"]\n shim = \"containerd-shim\"\n runtime = \"/usr/local/Ascend/Ascend-Docker-Runtime/ascend-docker-runtime\"\n runtime_root = \"\"\n no_shim = false\n shim_debug = false\n [plugins.\"io.containerd.runtime.v2.task\"]\n platforms = [\"linux/amd64\"]\n...\n
\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\uff0c\u91cd\u542f containerd\uff1a
systemctl restart containerd\n
\u5728\u5bf9\u5e94\u7ec4\u4ef6\u5b89\u88c5\u7684\u8282\u70b9\u4e0a\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u521b\u5efa\u7528\u6237\u3002
# Ubuntu \u64cd\u4f5c\u7cfb\u7edf\nuseradd -d /home/hwMindX -u 9000 -m -s /usr/sbin/nologin hwMindX\nusermod -a -G HwHiAiUser hwMindX\n# Centos \u64cd\u4f5c\u7cfb\u7edf\nuseradd -d /home/hwMindX -u 9000 -m -s /sbin/nologin hwMindX\nusermod -a -G HwHiAiUser hwMindX\n
"},{"location":"admin/kpanda/gpu/ascend/ascend_driver_install.html#_5","title":"\u65e5\u5fd7\u76ee\u5f55\u521b\u5efa","text":"\u5728\u5bf9\u5e94\u8282\u70b9\u521b\u5efa\u7ec4\u4ef6\u65e5\u5fd7\u7236\u76ee\u5f55\u548c\u5404\u7ec4\u4ef6\u7684\u65e5\u5fd7\u76ee\u5f55\uff0c\u5e76\u8bbe\u7f6e\u76ee\u5f55\u5bf9\u5e94\u5c5e\u4e3b\u548c\u6743\u9650\u3002\u6267\u884c\u4e0b\u8ff0\u547d\u4ee4\uff0c\u521b\u5efa\u7ec4\u4ef6\u65e5\u5fd7\u7236\u76ee\u5f55\u3002
mkdir -m 755 /var/log/mindx-dl\nchown root:root /var/log/mindx-dl\n
\u6267\u884c\u4e0b\u8ff0\u547d\u4ee4\uff0c\u521b\u5efa Device Plugin \u7ec4\u4ef6\u65e5\u5fd7\u76ee\u5f55\u3002
mkdir -m 750 /var/log/mindx-dl/devicePlugin\nchown root:root /var/log/mindx-dl/devicePlugin\n
Note
\u8bf7\u5206\u522b\u4e3a\u6240\u9700\u7ec4\u4ef6\u521b\u5efa\u5bf9\u5e94\u7684\u65e5\u5fd7\u76ee\u5f55\uff0c\u5f53\u524d\u6848\u4f8b\u4e2d\u53ea\u9700\u8981 Device Plugin \u7ec4\u4ef6\u3002 \u5982\u679c\u6709\u5176\u4ed6\u7ec4\u4ef6\u9700\u6c42\u8bf7\u53c2\u8003\u5b98\u65b9\u6587\u6863
"},{"location":"admin/kpanda/gpu/ascend/ascend_driver_install.html#label","title":"\u521b\u5efa\u8282\u70b9 Label","text":"\u53c2\u8003\u4e0b\u8ff0\u547d\u4ee4\u5728\u5bf9\u5e94\u8282\u70b9\u4e0a\u521b\u5efa Label\uff1a
# \u5728\u5b89\u88c5\u4e86\u9a71\u52a8\u7684\u8ba1\u7b97\u8282\u70b9\u521b\u5efa\u6b64\u6807\u7b7e\nkubectl label node {nodename} huawei.com.ascend/Driver=installed\nkubectl label node {nodename} node-role.kubernetes.io/worker=worker\nkubectl label node {nodename} workerselector=dls-worker-node\nkubectl label node {nodename} host-arch=huawei-arm //\u6216\u8005host-arch=huawei-x86 \uff0c\u6839\u636e\u5b9e\u9645\u60c5\u51b5\u9009\u62e9\nkubectl label node {nodename} accelerator=huawei-Ascend910 //\u6839\u636e\u5b9e\u9645\u60c5\u51b5\u8fdb\u884c\u9009\u62e9\n# \u5728\u63a7\u5236\u8282\u70b9\u521b\u5efa\u6b64\u6807\u7b7e\nkubectl label node {nodename} masterselector=dls-master-node\n
"},{"location":"admin/kpanda/gpu/ascend/ascend_driver_install.html#device-plugin-npuexporter","title":"\u5b89\u88c5 Device Plugin \u548c NpuExporter","text":"\u529f\u80fd\u6a21\u5757\u8def\u5f84\uff1a \u5bb9\u5668\u7ba1\u7406 -> \u96c6\u7fa4\u7ba1\u7406 \uff0c\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u4ece\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb Helm \u5e94\u7528 -> Helm \u6a21\u677f -> \u641c\u7d22 ascend-mindxdl \u3002
\u5b89\u88c5\u6210\u529f\u540e\uff0c\u5bf9\u5e94\u547d\u540d\u7a7a\u95f4\u4e0b\u4f1a\u51fa\u73b0\u4e24\u4e2a\u7ec4\u4ef6\uff0c\u5982\u4e0b\u56fe\uff1a
\u540c\u65f6\u8282\u70b9\u4fe1\u606f\u4e0a\u4e5f\u4f1a\u51fa\u73b0\u5bf9\u5e94 NPU \u7684\u4fe1\u606f\uff1a
\u4e00\u5207\u5c31\u7eea\u540e\uff0c\u6211\u4eec\u901a\u8fc7\u9875\u9762\u521b\u5efa\u5de5\u4f5c\u8d1f\u8f7d\u65f6\uff0c\u5c31\u80fd\u591f\u9009\u62e9\u5230\u5bf9\u5e94\u7684 NPU \u8bbe\u5907\uff0c\u5982\u4e0b\u56fe\uff1a
Note
\u6709\u5173\u8be6\u7ec6\u4f7f\u7528\u6b65\u9aa4\uff0c\u8bf7\u53c2\u7167\u5e94\u7528\u4f7f\u7528\u6607\u817e\uff08Ascend\uff09NPU\u3002
"},{"location":"admin/kpanda/gpu/ascend/ascend_usage.html","title":"\u5e94\u7528\u4f7f\u7528\u6607\u817e\uff08Ascend\uff09NPU","text":"\u672c\u8282\u4ecb\u7ecd\u5982\u4f55\u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4f7f\u7528\u6607\u817e GPU\u3002
"},{"location":"admin/kpanda/gpu/ascend/ascend_usage.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u8bf7\u53c2\u8003\u6607\u817e NPU \u7ec4\u4ef6\u5b89\u88c5\u6587\u6863\u5b89\u88c5\u57fa\u7840\u73af\u5883\u3002
"},{"location":"admin/kpanda/gpu/ascend/ascend_usage.html#_2","title":"\u5feb\u901f\u4f7f\u7528","text":"\u672c\u6587\u4f7f\u7528\u6607\u817e\u793a\u4f8b\u5e93\u4e2d\u7684 AscentCL \u56fe\u7247\u5206\u7c7b\u5e94\u7528\u793a\u4f8b\u3002
\u4e0b\u8f7d\u6607\u817e\u4ee3\u7801\u5e93
\u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\u4e0b\u8f7d\u6607\u817e Demo \u793a\u4f8b\u4ee3\u7801\u5e93\uff0c\u5e76\u4e14\u8bf7\u8bb0\u4f4f\u4ee3\u7801\u5b58\u653e\u7684\u4f4d\u7f6e\uff0c\u540e\u7eed\u9700\u8981\u4f7f\u7528\u3002
git clone https://gitee.com/ascend/samples.git\n
\u51c6\u5907\u57fa\u7840\u955c\u50cf
\u6b64\u4f8b\u4f7f\u7528 Ascent-pytorch \u57fa\u7840\u955c\u50cf\uff0c\u53ef\u8bbf\u95ee\u6607\u817e\u955c\u50cf\u4ed3\u5e93\u83b7\u53d6\u3002
\u51c6\u5907 YAML
ascend-demo.yamlapiVersion: batch/v1\nkind: Job\nmetadata:\n name: resnetinfer1-1-1usoc\nspec:\n template:\n spec:\n containers:\n - image: ascendhub.huawei.com/public-ascendhub/ascend-pytorch:23.0.RC2-ubuntu18.04 # Inference image name\n imagePullPolicy: IfNotPresent\n name: resnet50infer\n securityContext:\n runAsUser: 0\n command:\n - \"/bin/bash\"\n - \"-c\"\n - |\n source /usr/local/Ascend/ascend-toolkit/set_env.sh &&\n TEMP_DIR=/root/samples_copy_$(date '+%Y%m%d_%H%M%S_%N') &&\n cp -r /root/samples \"$TEMP_DIR\" &&\n cd \"$TEMP_DIR\"/inference/modelInference/sampleResnetQuickStart/python/model &&\n wget https://obs-9be7.obs.cn-east-2.myhuaweicloud.com/003_Atc_Models/resnet50/resnet50.onnx &&\n atc --model=resnet50.onnx --framework=5 --output=resnet50 --input_shape=\"actual_input_1:1,3,224,224\" --soc_version=Ascend910 &&\n cd ../data &&\n wget https://obs-9be7.obs.cn-east-2.myhuaweicloud.com/models/aclsample/dog1_1024_683.jpg &&\n cd ../scripts &&\n bash sample_run.sh\n resources:\n requests:\n huawei.com/Ascend910: 1 # Number of the Ascend 910 Processors\n limits:\n huawei.com/Ascend910: 1 # The value should be the same as that of requests\n volumeMounts:\n - name: hiai-driver\n mountPath: /usr/local/Ascend/driver\n readOnly: true\n - name: slog\n mountPath: /var/log/npu/conf/slog/slog.conf\n - name: localtime # The container time must be the same as the host time\n mountPath: /etc/localtime\n - name: dmp\n mountPath: /var/dmp_daemon\n - name: slogd\n mountPath: /var/slogd\n - name: hbasic\n mountPath: /etc/hdcBasic.cfg\n - name: sys-version\n mountPath: /etc/sys_version.conf\n - name: aicpu\n mountPath: /usr/lib64/aicpu_kernels\n - name: tfso\n mountPath: /usr/lib64/libtensorflow.so\n - name: sample-path\n mountPath: /root/samples\n volumes:\n - name: hiai-driver\n hostPath:\n path: /usr/local/Ascend/driver\n - name: slog\n hostPath:\n path: /var/log/npu/conf/slog/slog.conf\n - name: localtime\n hostPath:\n path: /etc/localtime\n - name: dmp\n hostPath:\n path: /var/dmp_daemon\n - name: slogd\n hostPath:\n path: /var/slogd\n - name: hbasic\n hostPath:\n path: /etc/hdcBasic.cfg\n - name: sys-version\n hostPath:\n path: /etc/sys_version.conf\n - name: aicpu\n hostPath:\n path: /usr/lib64/aicpu_kernels\n - name: tfso\n hostPath:\n path: /usr/lib64/libtensorflow.so\n - name: sample-path\n hostPath:\n path: /root/samples\n restartPolicy: OnFailure\n
\u4ee5\u4e0a YAML \u4e2d\u6709\u4e00\u4e9b\u5b57\u6bb5\u9700\u8981\u6839\u636e\u5b9e\u9645\u60c5\u51b5\u8fdb\u884c\u4fee\u6539\uff1a
\u90e8\u7f72 Job \u5e76\u67e5\u770b\u7ed3\u679c
\u4f7f\u7528\u5982\u4e0b\u547d\u4ee4\u521b\u5efa Job\uff1a
kubectl apply -f ascend-demo.yaml\n
\u67e5\u770b Pod \u8fd0\u884c\u72b6\u6001\uff1a
Pod \u6210\u529f\u8fd0\u884c\u540e\uff0c\u67e5\u770b\u65e5\u5fd7\u7ed3\u679c\u3002\u5728\u5c4f\u5e55\u4e0a\u7684\u5173\u952e\u63d0\u793a\u4fe1\u606f\u793a\u4f8b\u5982\u4e0b\u56fe\uff0c\u63d0\u793a\u4fe1\u606f\u4e2d\u7684 Label \u8868\u793a\u7c7b\u522b\u6807\u8bc6\uff0c Conf \u8868\u793a\u8be5\u5206\u7c7b\u7684\u6700\u5927\u7f6e\u4fe1\u5ea6\uff0cClass \u8868\u793a\u6240\u5c5e\u7c7b\u522b\u3002\u8fd9\u4e9b\u503c\u53ef\u80fd\u4f1a\u6839\u636e\u7248\u672c\u3001\u73af\u5883\u6709\u6240\u4e0d\u540c\uff0c\u8bf7\u4ee5\u5b9e\u9645\u60c5\u51b5\u4e3a\u51c6\uff1a
\u7ed3\u679c\u56fe\u7247\u5c55\u793a\uff1a
\u786e\u8ba4\u96c6\u7fa4\u662f\u5426\u5df2\u68c0\u6d4b GPU \u5361\u3002\u70b9\u51fb\u5bf9\u5e94 \u96c6\u7fa4 -> \u96c6\u7fa4\u8bbe\u7f6e -> Addon \u63d2\u4ef6 \uff0c\u67e5\u770b\u662f\u5426\u5df2\u81ea\u52a8\u542f\u7528\u5e76\u81ea\u52a8\u68c0\u6d4b\u5bf9\u5e94 GPU \u7c7b\u578b\u3002 \u76ee\u524d\u96c6\u7fa4\u4f1a\u81ea\u52a8\u542f\u7528 GPU \uff0c\u5e76\u4e14\u8bbe\u7f6e GPU \u7c7b\u578b\u4e3a Ascend \u3002
\u90e8\u7f72\u5de5\u4f5c\u8d1f\u8f7d\uff0c\u70b9\u51fb\u5bf9\u5e94 \u96c6\u7fa4 -> \u5de5\u4f5c\u8d1f\u8f7d \uff0c\u901a\u8fc7\u955c\u50cf\u65b9\u5f0f\u90e8\u7f72\u5de5\u4f5c\u8d1f\u8f7d\uff0c\u9009\u62e9\u7c7b\u578b\uff08Ascend\uff09\u4e4b\u540e\uff0c\u9700\u8981\u914d\u7f6e\u5e94\u7528\u4f7f\u7528\u7684\u7269\u7406\u5361\u6570\u91cf\uff1a
\u7269\u7406\u5361\u6570\u91cf\uff08huawei.com/Ascend910\uff09 \uff1a\u8868\u793a\u5f53\u524d Pod \u9700\u8981\u6302\u8f7d\u51e0\u5f20\u7269\u7406\u5361\uff0c\u8f93\u5165\u503c\u5fc5\u987b\u4e3a\u6574\u6570\u4e14**\u5c0f\u4e8e\u7b49\u4e8e**\u5bbf\u4e3b\u673a\u4e0a\u7684\u5361\u6570\u91cf\u3002
\u5982\u679c\u4e0a\u8ff0\u503c\u914d\u7f6e\u7684\u6709\u95ee\u9898\u5219\u4f1a\u51fa\u73b0\u8c03\u5ea6\u5931\u8d25\uff0c\u8d44\u6e90\u5206\u914d\u4e0d\u4e86\u7684\u60c5\u51b5\u3002
\u6607\u817e\u865a\u62df\u5316\u5206\u4e3a\u52a8\u6001\u865a\u62df\u5316\u548c\u9759\u6001\u865a\u62df\u5316\uff0c\u672c\u6587\u4ecb\u7ecd\u5982\u4f55\u5f00\u542f\u5e76\u4f7f\u7528\u6607\u817e\u9759\u6001\u865a\u62df\u5316\u80fd\u529b\u3002
"},{"location":"admin/kpanda/gpu/ascend/vnpu.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u652f\u6301\u7684 NPU \u5361\u578b\u53f7\uff1a
\u66f4\u591a\u7ec6\u8282\u53c2\u9605\u5b98\u65b9\u865a\u62df\u5316\u786c\u4ef6\u8bf4\u660e\u3002
\u8bf7\u53c2\u8003\u6607\u817e NPU \u7ec4\u4ef6\u5b89\u88c5\u6587\u6863\u5b89\u88c5\u57fa\u7840\u73af\u5883\u3002
"},{"location":"admin/kpanda/gpu/ascend/vnpu.html#_3","title":"\u5f00\u542f\u865a\u62df\u5316\u80fd\u529b","text":"\u5f00\u542f\u865a\u62df\u5316\u80fd\u529b\u9700\u8981\u624b\u52a8\u4fee\u6539\u00a0ascend-device-plugin-daemonset \u7ec4\u4ef6\u7684\u542f\u52a8\u53c2\u6570\uff0c\u53c2\u8003\u4e0b\u8ff0\u547d\u4ee4\uff1a
- device-plugin -useAscendDocker=true -volcanoType=false -presetVirtualDevice=true\n- logFile=/var/log/mindx-dl/devicePlugin/devicePlugin.log -logLevel=0\n
"},{"location":"admin/kpanda/gpu/ascend/vnpu.html#vnpu","title":"\u5207\u5206 VNPU \u5b9e\u4f8b","text":"\u9759\u6001\u865a\u62df\u5316\u9700\u8981\u624b\u52a8\u5bf9 VNPU \u5b9e\u4f8b\u7684\u5207\u5206\uff0c\u8bf7\u53c2\u8003\u4e0b\u8ff0\u547d\u4ee4\uff1a
npu-smi set -t create-vnpu -i 13 -c 0 -f vir02\n
i
\u6307\u7684\u662f card idc
\u6307\u7684\u662f chip idvir02
\u6307\u7684\u662f\u5207\u5206\u89c4\u683c\u6a21\u677f\u5173\u4e8e card id \u548c chip id\uff0c\u53ef\u4ee5\u901a\u8fc7 npu-smi info \u67e5\u8be2\uff0c\u5207\u5206\u89c4\u683c\u53ef\u901a\u8fc7 ascend \u5b98\u65b9\u6a21\u677f\u8fdb\u884c\u67e5\u8be2\u3002
\u5207\u5206\u5b9e\u4f8b\u8fc7\u540e\u53ef\u901a\u8fc7\u4e0b\u8ff0\u547d\u4ee4\u67e5\u8be2\u5207\u5206\u7ed3\u679c\uff1a
npu-smi info -t info-vnpu -i 13 -c 0\n
\u67e5\u8be2\u7ed3\u679c\u5982\u4e0b\uff1a
"},{"location":"admin/kpanda/gpu/ascend/vnpu.html#ascend-device-plugin-daemonset","title":"\u91cd\u542f\u00a0ascend-device-plugin-daemonset","text":"\u5207\u5206\u5b9e\u4f8b\u540e\u624b\u52a8\u91cd\u542f device-plugin pod\uff0c\u7136\u540e\u4f7f\u7528 kubectl describe
\u547d\u4ee4\u67e5\u770b\u5df2\u6ce8\u518c node \u7684\u8d44\u6e90\uff1a
kubectl describe node {{nodename}}\n
"},{"location":"admin/kpanda/gpu/ascend/vnpu.html#_4","title":"\u5982\u4f55\u4f7f\u7528\u8bbe\u5907","text":"\u5728\u521b\u5efa\u5e94\u7528\u65f6\uff0c\u6307\u5b9a\u8d44\u6e90 key\uff0c\u53c2\u8003\u4e0b\u8ff0 YAML\uff1a
......\nresources:\n requests:\n huawei.com/Ascend310P-2c: 1\n limits:\n huawei.com/Ascend310P-2c: 1\n......\n
"},{"location":"admin/kpanda/gpu/metax/usemetax.html","title":"\u6c90\u66e6 GPU \u7ec4\u4ef6\u5b89\u88c5\u4e0e\u4f7f\u7528","text":"\u672c\u7ae0\u8282\u63d0\u4f9b\u6c90\u66e6 gpu-extensions\u3001gpu-operator \u7b49\u7ec4\u4ef6\u7684\u5b89\u88c5\u6307\u5bfc\u548c\u6c90\u66e6 GPU \u6574\u5361\u548c vGPU \u4e24\u79cd\u6a21\u5f0f\u7684\u4f7f\u7528\u65b9\u6cd5\u3002
"},{"location":"admin/kpanda/gpu/metax/usemetax.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"Metax \u63d0\u4f9b\u4e86\u4e24\u4e2a helm-chart \u5305\uff0c\u4e00\u4e2a\u662f metax-extensions\uff0c\u4e00\u4e2a\u662f gpu-operator\uff0c\u6839\u636e\u4f7f\u7528\u573a\u666f\u53ef\u9009\u62e9\u5b89\u88c5\u4e0d\u540c\u7684\u7ec4\u4ef6\u3002
\u4ece /home/metax/metax-docs/k8s/metax-gpu-k8s-package.0.7.10.tar.gz
\u6587\u4ef6\u4e2d\u89e3\u538b\u51fa
\u67e5\u770b\u7cfb\u7edf\u662f\u5426\u5b89\u88c5\u9a71\u52a8
$ lsmod | grep metax \nmetax 1605632 0 \nttm 86016 3 drm_vram_helper,metax,drm_ttm_helper \ndrm 618496 7 drm_kms_helper,drm_vram_helper,ast,metax,drm_ttm_helper,ttm\n
\u5b89\u88c5\u9a71\u52a8
\u63a8\u9001\u955c\u50cf
tar -xf metax-gpu-k8s-package.0.7.10.tar.gz\n./metax-k8s-images.0.7.10.run push {registry}/metax\n
\u63a8\u9001 Helm Chart
helm plugin install https://github.com/chartmuseum/helm-push\nhelm repo add --username rootuser --password rootpass123 metax http://172.16.16.5:8081\nhelm cm-push metax-operator-0.7.10.tgz metax\nhelm cm-push metax-gpu-extensions-0.7.10.tgz metax\n
\u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4e0a\u5b89\u88c5 metax-gpu-extensions
\u90e8\u7f72\u6210\u529f\u4e4b\u540e\uff0c\u53ef\u4ee5\u5728\u8282\u70b9\u4e0a\u67e5\u770b\u5230\u8d44\u6e90\u3002
\u4fee\u6539\u6210\u529f\u4e4b\u540e\u5c31\u53ef\u4ee5\u5728\u8282\u70b9\u4e0a\u770b\u5230\u5e26\u6709 Metax GPU
\u7684\u6807\u7b7e
\u5b89\u88c5 gpu-opeartor
\u65f6\u7684\u5df2\u77e5\u95ee\u9898\uff1a
metax-operator
\u3001gpu-label
\u3001gpu-device
\u3001container-runtime
\u8fd9\u51e0\u4e2a\u7ec4\u4ef6\u955c\u50cf\u8981\u5e26\u6709 amd64
\u540e\u7f00\u3002
metax-maca
\u7ec4\u4ef6\u7684\u955c\u50cf\u4e0d\u5728 metax-k8s-images.0.7.13.run
\u5305\u91cc\u9762\uff0c\u9700\u8981\u5355\u72ec\u4e0b\u8f7d maca-mxc500-2.23.0.23-ubuntu20.04-x86_64.tar.xz
\u8fd9\u7c7b\u955c\u50cf\uff0cload
\u4e4b\u540e\u91cd\u65b0\u4fee\u6539 metax-maca
\u7ec4\u4ef6\u7684\u955c\u50cf\u3002
metax-driver
\u7ec4\u4ef6\u7684\u955c\u50cf\u9700\u8981\u4ece https://pub-docstore.metax-tech.com:7001
\u8fd9\u4e2a\u7f51\u7ad9\u4e0b\u8f7d k8s-driver-image.2.23.0.25.run
\u6587\u4ef6\uff0c\u7136\u540e\u6267\u884c k8s-driver-image.2.23.0.25.run push {registry}/metax
\u547d\u4ee4\u628a\u955c\u50cf\u63a8\u9001\u5230\u955c\u50cf\u4ed3\u5e93\u3002\u63a8\u9001\u4e4b\u540e\u4fee\u6539 metax-driver
\u7ec4\u4ef6\u7684\u955c\u50cf\u5730\u5740\u3002
\u5b89\u88c5\u540e\u53ef\u5728\u5de5\u4f5c\u8d1f\u8f7d\u4e2d\u4f7f\u7528\u6c90\u66e6 GPU\u3002\u6ce8\u610f\u542f\u7528 GPU \u540e\uff0c\u9700\u9009\u62e9GPU\u7c7b\u578b\u4e3a Metax GPU
\u8fdb\u5165\u5bb9\u5668\uff0c\u6267\u884c mx-smi \u53ef\u67e5\u770b GPU \u7684\u4f7f\u7528\u60c5\u51b5.
"},{"location":"admin/kpanda/gpu/mlu/use-mlu.html","title":"\u4f7f\u7528\u5bd2\u6b66\u7eaa GPU","text":"\u672c\u6587\u4ecb\u7ecd\u5982\u4f55\u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4e2d\u4f7f\u7528\u5bd2\u6b66\u7eaa GPU\u3002
"},{"location":"admin/kpanda/gpu/mlu/use-mlu.html#_1","title":"\u524d\u7f6e\u6761\u4ef6","text":"\u5728\u5b89\u88c5 DevicePlugin \u65f6\u8bf7\u5173\u95ed --enable-device-type \u53c2\u6570\uff0c\u5426\u5219\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u5c06\u65e0\u6cd5\u6b63\u786e\u8bc6\u522b\u5bd2\u6b66\u7eaa GPU\u3002
"},{"location":"admin/kpanda/gpu/mlu/use-mlu.html#gpu_1","title":"\u5bd2\u6b66\u7eaa GPU \u6a21\u5f0f\u4ecb\u7ecd","text":"\u5bd2\u6b66\u7eaa GPU \u6709\u4ee5\u4e0b\u51e0\u79cd\u6a21\u5f0f\uff1a
\u8fd9\u91cc\u4ee5 Dynamic smlu \u6a21\u5f0f\u4e3a\u4f8b\uff1a
\u5728\u6b63\u786e\u5b89\u88c5 DevicePlugin \u7b49\u7ec4\u4ef6\u540e\uff0c\u70b9\u51fb\u5bf9\u5e94 \u96c6\u7fa4 -> \u96c6\u7fa4\u8fd0\u7ef4-> \u96c6\u7fa4\u8bbe\u7f6e -> Addon \u63d2\u4ef6 \uff0c\u67e5\u770b\u662f\u5426\u5df2\u81ea\u52a8\u542f\u7528\u5e76\u81ea\u52a8\u68c0\u6d4b\u5bf9\u5e94 GPU \u7c7b\u578b\u3002
\u70b9\u51fb\u8282\u70b9\u7ba1\u7406\u9875\u9762\uff0c\u67e5\u770b\u8282\u70b9\u662f\u5426\u5df2\u7ecf\u6b63\u786e\u8bc6\u522b\u5230\u5bf9\u5e94\u7684GPU\u7c7b\u578b\u3002
\u90e8\u7f72\u5de5\u4f5c\u8d1f\u8f7d\u3002\u70b9\u51fb\u5bf9\u5e94 \u96c6\u7fa4 -> \u5de5\u4f5c\u8d1f\u8f7d \uff0c\u901a\u8fc7\u955c\u50cf\u65b9\u5f0f\u90e8\u7f72\u5de5\u4f5c\u8d1f\u8f7d\uff0c\u9009\u62e9\u7c7b\u578b\uff08MLU VGPU\uff09\u4e4b\u540e\uff0c\u9700\u8981\u914d\u7f6e App \u4f7f\u7528\u7684 GPU \u8d44\u6e90\uff1a
\u53c2\u8003 YAML \u6587\u4ef6\u5982\u4e0b\uff1a
apiVersion: v1 \nkind: Pod \nmetadata: \n name: pod1 \nspec: \n restartPolicy: OnFailure \n containers: \n - image: ubuntu:16.04 \n name: pod1-ctr \n command: [\"sleep\"] \n args: [\"100000\"] \n resources: \n limits: \n cambricon.com/mlu: \"1\" # use this when device type is not enabled, else delete this line. \n #cambricon.com/mlu: \"1\" #uncomment to use when device type is enabled \n #cambricon.com/mlu.share: \"1\" #uncomment to use device with env-share mode \n #cambricon.com/mlu.mim-2m.8gb: \"1\" #uncomment to use device with mim mode \n #cambricon.com/mlu.smlu.vcore: \"100\" #uncomment to use device with mim mode \n #cambricon.com/mlu.smlu.vmemory: \"1024\" #uncomment to use device with mim mode\n
"},{"location":"admin/kpanda/gpu/nvidia/index.html","title":"NVIDIA GPU \u5361\u4f7f\u7528\u6a21\u5f0f","text":"NVIDIA \u4f5c\u4e3a\u4e1a\u5185\u77e5\u540d\u7684\u56fe\u5f62\u8ba1\u7b97\u4f9b\u5e94\u5546\uff0c\u4e3a\u7b97\u529b\u7684\u63d0\u5347\u63d0\u4f9b\u4e86\u8bf8\u591a\u8f6f\u786c\u4ef6\u89e3\u51b3\u65b9\u6848\uff0c\u5176\u4e2d NVIDIA \u5728 GPU \u7684\u4f7f\u7528\u65b9\u5f0f\u4e0a\u63d0\u4f9b\u4e86\u5982\u4e0b\u4e09\u79cd\u89e3\u51b3\u65b9\u6848\uff1a
"},{"location":"admin/kpanda/gpu/nvidia/index.html#full-gpu","title":"\u6574\u5361\uff08Full GPU\uff09","text":"\u6574\u5361\u662f\u6307\u5c06\u6574\u4e2a NVIDIA GPU \u5206\u914d\u7ed9\u5355\u4e2a\u7528\u6237\u6216\u5e94\u7528\u7a0b\u5e8f\u3002\u5728\u8fd9\u79cd\u914d\u7f6e\u4e0b\uff0c\u5e94\u7528\u53ef\u4ee5\u5b8c\u5168\u5360\u7528 GPU \u7684\u6240\u6709\u8d44\u6e90\uff0c \u5e76\u83b7\u5f97\u6700\u5927\u7684\u8ba1\u7b97\u6027\u80fd\u3002\u6574\u5361\u9002\u7528\u4e8e\u9700\u8981\u5927\u91cf\u8ba1\u7b97\u8d44\u6e90\u548c\u5185\u5b58\u7684\u5de5\u4f5c\u8d1f\u8f7d\uff0c\u5982\u6df1\u5ea6\u5b66\u4e60\u8bad\u7ec3\u3001\u79d1\u5b66\u8ba1\u7b97\u7b49\u3002
"},{"location":"admin/kpanda/gpu/nvidia/index.html#vgpuvirtual-gpu","title":"vGPU\uff08Virtual GPU\uff09","text":"vGPU \u662f\u4e00\u79cd\u865a\u62df\u5316\u6280\u672f\uff0c\u5141\u8bb8\u5c06\u4e00\u4e2a\u7269\u7406 GPU \u5212\u5206\u4e3a\u591a\u4e2a\u865a\u62df GPU\uff0c\u6bcf\u4e2a\u865a\u62df GPU \u5206\u914d\u7ed9\u4e0d\u540c\u7684\u4e91\u4e3b\u673a\u6216\u7528\u6237\u3002 vGPU \u4f7f\u591a\u4e2a\u7528\u6237\u53ef\u4ee5\u5171\u4eab\u540c\u4e00\u53f0\u7269\u7406 GPU\uff0c\u5e76\u5728\u5404\u81ea\u7684\u865a\u62df\u73af\u5883\u4e2d\u72ec\u7acb\u4f7f\u7528 GPU \u8d44\u6e90\u3002 \u6bcf\u4e2a\u865a\u62df GPU \u53ef\u4ee5\u83b7\u5f97\u4e00\u5b9a\u7684\u8ba1\u7b97\u80fd\u529b\u548c\u663e\u5b58\u5bb9\u91cf\u3002vGPU \u9002\u7528\u4e8e\u865a\u62df\u5316\u73af\u5883\u548c\u4e91\u8ba1\u7b97\u573a\u666f\uff0c\u53ef\u4ee5\u63d0\u4f9b\u66f4\u9ad8\u7684\u8d44\u6e90\u5229\u7528\u7387\u548c\u7075\u6d3b\u6027\u3002
"},{"location":"admin/kpanda/gpu/nvidia/index.html#migmulti-instance-gpu","title":"MIG\uff08Multi-Instance GPU\uff09","text":"MIG \u662f NVIDIA Ampere \u67b6\u6784\u5f15\u5165\u7684\u4e00\u9879\u529f\u80fd\uff0c\u5b83\u5141\u8bb8\u5c06\u4e00\u4e2a\u7269\u7406 GPU \u5212\u5206\u4e3a\u591a\u4e2a\u7269\u7406 GPU \u5b9e\u4f8b\uff0c\u6bcf\u4e2a\u5b9e\u4f8b\u53ef\u4ee5\u72ec\u7acb\u5206\u914d\u7ed9\u4e0d\u540c\u7684\u7528\u6237\u6216\u5de5\u4f5c\u8d1f\u8f7d\u3002 \u6bcf\u4e2a MIG \u5b9e\u4f8b\u5177\u6709\u81ea\u5df1\u7684\u8ba1\u7b97\u8d44\u6e90\u3001\u663e\u5b58\u548c PCIe \u5e26\u5bbd\uff0c\u5c31\u50cf\u4e00\u4e2a\u72ec\u7acb\u7684\u865a\u62df GPU\u3002 MIG \u63d0\u4f9b\u4e86\u66f4\u7ec6\u7c92\u5ea6\u7684 GPU \u8d44\u6e90\u5206\u914d\u548c\u7ba1\u7406\uff0c\u53ef\u4ee5\u6839\u636e\u9700\u6c42\u52a8\u6001\u8c03\u6574\u5b9e\u4f8b\u7684\u6570\u91cf\u548c\u5927\u5c0f\u3002 MIG \u9002\u7528\u4e8e\u591a\u79df\u6237\u73af\u5883\u3001\u5bb9\u5668\u5316\u5e94\u7528\u7a0b\u5e8f\u548c\u6279\u5904\u7406\u4f5c\u4e1a\u7b49\u573a\u666f\u3002
\u65e0\u8bba\u662f\u5728\u865a\u62df\u5316\u73af\u5883\u4e2d\u4f7f\u7528 vGPU\uff0c\u8fd8\u662f\u5728\u7269\u7406 GPU \u4e0a\u4f7f\u7528 MIG\uff0cNVIDIA \u4e3a\u7528\u6237\u63d0\u4f9b\u4e86\u66f4\u591a\u7684\u9009\u62e9\u548c\u4f18\u5316 GPU \u8d44\u6e90\u7684\u65b9\u5f0f\u3002 \u7b97\u4e30 AI \u7b97\u529b\u5bb9\u5668\u7ba1\u7406\u5e73\u53f0\u5168\u9762\u517c\u5bb9\u4e86\u4e0a\u8ff0 NVIDIA \u7684\u80fd\u529b\u7279\u6027\uff0c\u7528\u6237\u53ea\u9700\u901a\u8fc7\u7b80\u5355\u7684\u754c\u9762\u64cd\u4f5c\uff0c\u5c31\u80fd\u591f\u83b7\u5f97\u5168\u90e8 NVIDIA GPU \u7684\u8ba1\u7b97\u80fd\u529b\uff0c\u4ece\u800c\u63d0\u9ad8\u8d44\u6e90\u5229\u7528\u7387\u5e76\u964d\u4f4e\u6210\u672c\u3002
\u5f00\u542f\u914d\u7f6e\u8be6\u60c5\u53c2\u8003 GPU Operator \u79bb\u7ebf\u5b89\u88c5\u3002
"},{"location":"admin/kpanda/gpu/nvidia/index.html#_1","title":"\u5982\u4f55\u4f7f\u7528","text":"\u60a8\u53ef\u4ee5\u53c2\u8003\u4ee5\u4e0b\u94fe\u63a5\uff0c\u5feb\u901f\u4f7f\u7528\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u5173\u4e8e NVIDIA GPU \u5361\u7684\u7ba1\u7406\u80fd\u529b\u3002
\u672c\u8282\u4ecb\u7ecd\u5982\u4f55\u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u5c06\u6574\u4e2a NVIDIA GPU \u5361\u5206\u914d\u7ed9\u5355\u4e2a\u5e94\u7528\u3002
"},{"location":"admin/kpanda/gpu/nvidia/full_gpu_userguide.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u786e\u8ba4\u96c6\u7fa4\u662f\u5426\u5df2\u68c0\u6d4b GPU \u5361\u3002\u70b9\u51fb\u5bf9\u5e94 \u96c6\u7fa4 -> \u96c6\u7fa4\u8bbe\u7f6e -> Addon \u63d2\u4ef6 \uff0c\u67e5\u770b\u662f\u5426\u5df2\u81ea\u52a8\u542f\u7528\u5e76\u81ea\u52a8\u68c0\u6d4b\u5bf9\u5e94 GPU \u7c7b\u578b\u3002 \u76ee\u524d\u96c6\u7fa4\u4f1a\u81ea\u52a8\u542f\u7528 GPU \uff0c\u5e76\u4e14\u8bbe\u7f6e GPU \u7c7b\u578b\u4e3a Nvidia GPU \u3002
\u90e8\u7f72\u5de5\u4f5c\u8d1f\u8f7d\uff0c\u70b9\u51fb\u5bf9\u5e94 \u96c6\u7fa4 -> \u5de5\u4f5c\u8d1f\u8f7d \uff0c\u901a\u8fc7\u955c\u50cf\u65b9\u5f0f\u90e8\u7f72\u5de5\u4f5c\u8d1f\u8f7d\uff0c\u9009\u62e9\u7c7b\u578b\uff08Nvidia GPU\uff09\u4e4b\u540e\uff0c\u9700\u8981\u914d\u7f6e\u5e94\u7528\u4f7f\u7528\u7684\u7269\u7406\u5361\u6570\u91cf\uff1a
\u7269\u7406\u5361\u6570\u91cf\uff08nvidia.com/gpu\uff09 \uff1a\u8868\u793a\u5f53\u524d Pod \u9700\u8981\u6302\u8f7d\u51e0\u5f20\u7269\u7406\u5361\uff0c\u8f93\u5165\u503c\u5fc5\u987b\u4e3a\u6574\u6570\u4e14 \u5c0f\u4e8e\u7b49\u4e8e \u5bbf\u4e3b\u673a\u4e0a\u7684\u5361\u6570\u91cf\u3002
\u5982\u679c\u4e0a\u8ff0\u503c\u914d\u7f6e\u7684\u6709\u95ee\u9898\u5219\u4f1a\u51fa\u73b0\u8c03\u5ea6\u5931\u8d25\uff0c\u8d44\u6e90\u5206\u914d\u4e0d\u4e86\u7684\u60c5\u51b5\u3002
\u521b\u5efa\u5de5\u4f5c\u8d1f\u8f7d\u7533\u8bf7 GPU \u8d44\u6e90\uff0c\u5728\u8d44\u6e90\u7533\u8bf7\u548c\u9650\u5236\u914d\u7f6e\u4e2d\u589e\u52a0 nvidia.com/gpu: 1 \u53c2\u6570\u914d\u7f6e\u5e94\u7528\u4f7f\u7528\u7269\u7406\u5361\u7684\u6570\u91cf\u3002
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: full-gpu-demo\n namespace: default\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: full-gpu-demo\n template:\n metadata:\n labels:\n app: full-gpu-demo\n spec:\n containers:\n - image: chrstnhntschl/gpu_burn\n name: container-0\n resources:\n requests:\n cpu: 250m\n memory: 512Mi\n nvidia.com/gpu: 1 # \u7533\u8bf7 GPU \u7684\u6570\u91cf\n limits:\n cpu: 250m\n memory: 512Mi\n nvidia.com/gpu: 1 # GPU \u6570\u91cf\u7684\u4f7f\u7528\u4e0a\u9650\n imagePullSecrets:\n - name: default-secret\n
Note
\u4f7f\u7528 nvidia.com/gpu \u53c2\u6570\u6307\u5b9a GPU \u6570\u91cf\u65f6\uff0crequests \u548c limits \u503c\u9700\u8981\u4fdd\u6301\u4e00\u81f4\u3002
"},{"location":"admin/kpanda/gpu/nvidia/install_nvidia_driver_of_operator.html","title":"GPU Operator \u79bb\u7ebf\u5b89\u88c5","text":"\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u9884\u7f6e\u4e86 Ubuntu22.04\u3001Ubuntu20.04\u3001CentOS 7.9 \u8fd9\u4e09\u4e2a\u64cd\u4f5c\u7cfb\u7edf\u7684 Driver \u955c\u50cf\uff0c\u9a71\u52a8\u7248\u672c\u662f 535.104.12\uff1b \u5e76\u4e14\u5185\u7f6e\u4e86\u5404\u64cd\u4f5c\u7cfb\u7edf\u6240\u9700\u7684 Toolkit \u955c\u50cf\uff0c\u7528\u6237\u4e0d\u518d\u9700\u8981\u624b\u52a8\u79bb\u7ebf Toolkit \u955c\u50cf\u3002
\u672c\u6587\u4f7f\u7528 AMD \u67b6\u6784\u7684 CentOS 7.9\uff083.10.0-1160\uff09\u8fdb\u884c\u6f14\u793a\u3002\u5982\u9700\u4f7f\u7528 Red Hat 8.4 \u90e8\u7f72\uff0c \u8bf7\u53c2\u8003\u5411\u706b\u79cd\u8282\u70b9\u4ed3\u5e93\u4e0a\u4f20 Red Hat GPU Opreator \u79bb\u7ebf\u955c\u50cf\u548c\u6784\u5efa Red Hat 8.4 \u79bb\u7ebf yum \u6e90\u3002
"},{"location":"admin/kpanda/gpu/nvidia/install_nvidia_driver_of_operator.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u53c2\u8003\u5982\u4e0b\u6b65\u9aa4\u4e3a\u96c6\u7fa4\u5b89\u88c5 gpu-operator \u63d2\u4ef6\u3002
\u767b\u5f55\u5e73\u53f0\uff0c\u8fdb\u5165 \u5bb9\u5668\u7ba1\u7406 -> \u5f85\u5b89\u88c5 gpu-operator \u7684\u96c6\u7fa4 -> \u8fdb\u5165\u96c6\u7fa4\u8be6\u60c5\u3002
\u5728 Helm \u6a21\u677f \u9875\u9762\uff0c\u9009\u62e9 \u5168\u90e8\u4ed3\u5e93 \uff0c\u641c\u7d22 gpu-operator \u3002
\u9009\u62e9 gpu-operator \uff0c\u70b9\u51fb \u5b89\u88c5 \u3002
\u53c2\u8003\u4e0b\u6587\u53c2\u6570\u914d\u7f6e\uff0c\u914d\u7f6e gpu-operator \u5b89\u88c5\u53c2\u6570\uff0c\u5b8c\u6210 gpu-operator \u7684\u5b89\u88c5\u3002
Ubuntu 22.04
\u3001Ubuntu20.04
\u3001Centos7.9
\u3001other
\u56db\u4e2a\u9009\u9879\uff0c\u8bf7\u6b63\u786e\u7684\u9009\u62e9\u64cd\u4f5c\u7cfb\u7edf\u3002Driver.version \uff1aGPU \u9a71\u52a8\u955c\u50cf\u7684\u7248\u672c\uff0c\u79bb\u7ebf\u90e8\u7f72\u8bf7\u4f7f\u7528\u9ed8\u8ba4\u53c2\u6570\uff0c\u4ec5\u5728\u7ebf\u5b89\u88c5\u65f6\u9700\u914d\u7f6e\u3002\u4e0d\u540c\u7c7b\u578b\u64cd\u4f5c\u7cfb\u7edf\u7684 Driver \u955c\u50cf\u7684\u7248\u672c\u5b58\u5728\u5982\u4e0b\u5dee\u5f02\uff0c \u8be6\u60c5\u53ef\u53c2\u8003\uff1aNvidia GPU Driver \u7248\u672c\u3002 \u5982\u4e0b\u4e0d\u540c\u64cd\u4f5c\u7cfb\u7edf\u7684 Driver Version
\u793a\u4f8b\uff1a
Note
\u4f7f\u7528\u5185\u7f6e\u7684\u64cd\u4f5c\u7cfb\u7edf\u7248\u672c\u65e0\u9700\u4fee\u6539\u955c\u50cf\u7248\u672c\uff0c\u5176\u4ed6\u64cd\u4f5c\u7cfb\u7edf\u7248\u672c\u8bf7\u53c2\u8003\u5411\u706b\u79cd\u8282\u70b9\u4ed3\u5e93\u4e0a\u4f20\u955c\u50cf\u3002 \u6ce8\u610f\u7248\u672c\u53f7\u540e\u65e0\u9700\u586b\u5199 Ubuntu\u3001CentOS\u3001Red Hat \u7b49\u64cd\u4f5c\u7cfb\u7edf\u540d\u79f0\uff0c\u82e5\u5b98\u65b9\u955c\u50cf\u542b\u6709\u64cd\u4f5c\u7cfb\u7edf\u540e\u7f00\uff0c\u8bf7\u624b\u52a8\u79fb\u9664\u3002
525.105.17
535-5.15.0-1043-nvidia
525.147.05
Driver.RepoConfig.ConfigMapName \uff1a\u7528\u6765\u8bb0\u5f55 GPU Operator \u7684\u79bb\u7ebf yum \u6e90\u914d\u7f6e\u6587\u4ef6\u540d\u79f0\uff0c \u5f53\u4f7f\u7528\u9884\u7f6e\u7684\u79bb\u7ebf\u5305\u65f6\uff0c\u5404\u7c7b\u578b\u7684\u64cd\u4f5c\u7cfb\u7edf\u8bf7\u53c2\u8003\u5982\u4e0b\u7684\u6587\u6863\u3002
Toolkit.enable \uff1a\u9ed8\u8ba4\u5f00\u542f\uff0c\u8be5\u7ec4\u4ef6\u8ba9 conatainerd/docker \u652f\u6301\u8fd0\u884c\u9700\u8981 GPU \u7684\u5bb9\u5668\u3002
"},{"location":"admin/kpanda/gpu/nvidia/install_nvidia_driver_of_operator.html#mig","title":"MIG \u914d\u7f6e\u53c2\u6570","text":"\u8be6\u7ec6\u914d\u7f6e\u65b9\u5f0f\u8bf7\u53c2\u8003\u5f00\u542f MIG \u529f\u80fd
MigManager.Config.name \uff1aMIG \u7684\u5207\u5206\u914d\u7f6e\u6587\u4ef6\u540d\uff0c\u7528\u4e8e\u5b9a\u4e49 MIG \u7684\uff08GI, CI\uff09\u5207\u5206\u7b56\u7565\u3002 \u9ed8\u8ba4\u4e3a default-mig-parted-config \u3002\u81ea\u5b9a\u4e49\u53c2\u6570\u53c2\u8003\u5f00\u542f MIG \u529f\u80fd\u3002
"},{"location":"admin/kpanda/gpu/nvidia/install_nvidia_driver_of_operator.html#_6","title":"\u4e0b\u4e00\u6b65\u64cd\u4f5c","text":"\u5b8c\u6210\u4e0a\u8ff0\u76f8\u5173\u53c2\u6570\u914d\u7f6e\u548c\u521b\u5efa\u540e\uff1a
\u5982\u679c\u4f7f\u7528 \u6574\u5361\u6a21\u5f0f\uff0c\u5e94\u7528\u521b\u5efa\u65f6\u53ef\u4f7f\u7528 GPU \u8d44\u6e90
\u5982\u679c\u4f7f\u7528 vGPU \u6a21\u5f0f \uff0c\u5b8c\u6210\u4e0a\u8ff0\u76f8\u5173\u53c2\u6570\u914d\u7f6e\u548c\u521b\u5efa\u540e\uff0c\u4e0b\u4e00\u6b65\u8bf7\u5b8c\u6210 vGPU Addon \u5b89\u88c5
\u5982\u679c\u4f7f\u7528 MIG \u6a21\u5f0f\uff0c\u5e76\u4e14\u9700\u8981\u7ed9\u4e2a\u522b GPU \u8282\u70b9\u6309\u7167\u67d0\u79cd\u5207\u5206\u89c4\u683c\u8fdb\u884c\u4f7f\u7528\uff0c \u5426\u5219\u6309\u7167 MigManager.Config
\u4e2d\u7684 default \u503c\u8fdb\u884c\u5207\u5206\u3002
single \u6a21\u5f0f\u8bf7\u7ed9\u5bf9\u5e94\u8282\u70b9\u6253\u4e0a\u5982\u4e0b Label\uff1a
kubectl label nodes {node} nvidia.com/mig.config=\"all-1g.10gb\" --overwrite\n
mixed \u6a21\u5f0f\u8bf7\u7ed9\u5bf9\u5e94\u8282\u70b9\u6253\u4e0a\u5982\u4e0b Label\uff1a
kubectl label nodes {node} nvidia.com/mig.config=\"custom-config\" --overwrite\n
\u200b \u5207\u5206\u540e\uff0c\u5e94\u7528\u53ef\u4f7f\u7528 MIG GPU \u8d44\u6e90\u3002
"},{"location":"admin/kpanda/gpu/nvidia/push_image_to_repo.html","title":"\u5411\u706b\u79cd\u8282\u70b9\u4ed3\u5e93\u4e0a\u4f20 Red Hat GPU Opreator \u79bb\u7ebf\u955c\u50cf","text":"\u672c\u6587\u4ee5 Red Hat 8.4 \u7684 nvcr.io/nvidia/driver:525.105.17-rhel8.4
\u79bb\u7ebf\u9a71\u52a8\u955c\u50cf\u4e3a\u4f8b\uff0c\u4ecb\u7ecd\u5982\u4f55\u5411\u706b\u79cd\u8282\u70b9\u4ed3\u5e93\u4e0a\u4f20\u79bb\u7ebf\u955c\u50cf\u3002
\u4ee5\u4e0b\u64cd\u4f5c\u5728\u8054\u7f51\u8282\u70b9\u4e0a\u8fdb\u884c\u3002
\u5728\u8054\u7f51\u673a\u5668\u4e0a\u62c9\u53d6 nvcr.io/nvidia/driver:525.105.17-rhel8.4
\u79bb\u7ebf\u9a71\u52a8\u955c\u50cf\uff1a
docker pull nvcr.io/nvidia/driver:525.105.17-rhel8.4\n
\u955c\u50cf\u62c9\u53d6\u5b8c\u6210\u540e\uff0c\u6253\u5305\u955c\u50cf\u4e3a nvidia-driver.tar
\u538b\u7f29\u5305\uff1a
docker save nvcr.io/nvidia/driver:525.105.17-rhel8.4 > nvidia-driver.tar\n
\u62f7\u8d1d nvidia-driver.tar
\u955c\u50cf\u538b\u7f29\u5305\u5230\u706b\u79cd\u8282\u70b9\uff1a
scp nvidia-driver.tar user@ip:/root\n
\u4f8b\u5982\uff1a
scp nvidia-driver.tar root@10.6.175.10:/root\n
\u4ee5\u4e0b\u64cd\u4f5c\u5728\u706b\u79cd\u8282\u70b9\u4e0a\u8fdb\u884c\u3002
\u767b\u5f55\u706b\u79cd\u8282\u70b9\uff0c\u5c06\u8054\u7f51\u8282\u70b9\u62f7\u8d1d\u7684\u955c\u50cf\u538b\u7f29\u5305 nvidia-driver.tar
\u5bfc\u5165\u672c\u5730\uff1a
docker load -i nvidia-driver.tar\n
\u67e5\u770b\u521a\u521a\u5bfc\u5165\u7684\u955c\u50cf\uff1a
docker images -a |grep nvidia\n
\u9884\u671f\u8f93\u51fa\uff1a
nvcr.io/nvidia/driver e3ed7dee73e9 1 days ago 1.02GB\n
\u91cd\u65b0\u6807\u8bb0\u955c\u50cf\uff0c\u4f7f\u5176\u4e0e\u8fdc\u7a0b Registry \u4ed3\u5e93\u4e2d\u7684\u76ee\u6807\u4ed3\u5e93\u5bf9\u5e94\uff1a
docker tag <image-name> <registry-url>/<repository-name>:<tag>\n
<image-name>
\u662f\u4e0a\u4e00\u6b65 nvidia \u955c\u50cf\u7684\u540d\u79f0\uff0c<registry-url>
\u662f\u706b\u79cd\u8282\u70b9\u4e0a Registry \u670d\u52a1\u7684\u5730\u5740\uff0c<repository-name>
\u662f\u60a8\u8981\u63a8\u9001\u5230\u7684\u4ed3\u5e93\u540d\u79f0\uff0c<tag>
\u662f\u60a8\u4e3a\u955c\u50cf\u6307\u5b9a\u7684\u6807\u7b7e\u3002\u4f8b\u5982\uff1a
registry\uff1adocker tag nvcr.io/nvidia/driver 10.6.10.5/nvcr.io/nvidia/driver:525.105.17-rhel8.4\n
\u5c06\u955c\u50cf\u63a8\u9001\u5230\u706b\u79cd\u8282\u70b9\u955c\u50cf\u4ed3\u5e93\uff1a
docker push {ip}/nvcr.io/nvidia/driver:525.105.17-rhel8.4\n
\u53c2\u8003\u6784\u5efa Red Hat 8.4 \u79bb\u7ebf yum \u6e90\u548c GPU Operator \u79bb\u7ebf\u5b89\u88c5\u6765\u4e3a\u96c6\u7fa4\u90e8\u7f72 GPU Operator\u3002
"},{"location":"admin/kpanda/gpu/nvidia/rhel9.2_offline_install_driver.html","title":"RHEL 9.2 \u79bb\u7ebf\u5b89\u88c5 gpu-operator \u9a71\u52a8","text":"\u524d\u63d0\u6761\u4ef6\uff1a\u5df2\u5b89\u88c5 gpu-operator v23.9.0+2 \u53ca\u66f4\u9ad8\u7248\u672c
RHEL 9.2 \u9a71\u52a8\u955c\u50cf\u4e0d\u80fd\u76f4\u63a5\u5b89\u88c5\uff0c\u5b98\u65b9\u7684\u9a71\u52a8\u811a\u672c\u5b58\u5728\u4e00\u70b9\u95ee\u9898\uff0c\u5728\u5b98\u65b9\u4fee\u590d\u4e4b\u524d\uff0c\u63d0\u4f9b\u5982\u4e0b\u7684\u6b65\u9aa4\u6765\u5b9e\u73b0\u79bb\u7ebf\u5b89\u88c5\u9a71\u52a8\u3002
"},{"location":"admin/kpanda/gpu/nvidia/rhel9.2_offline_install_driver.html#nouveau","title":"\u7981\u7528nouveau\u9a71\u52a8","text":"\u5728 RHEL 9.2 \u4e2d\u5b58\u5728 nouveau
\u975e\u5b98\u65b9\u7684 Nvidia
\u9a71\u52a8\uff0c\u56e0\u6b64\u9700\u8981\u5148\u7981\u7528\u3002
# \u521b\u5efa\u4e00\u4e2a\u65b0\u7684\u6587\u4ef6\nsudo vi /etc/modprobe.d/blacklist-nouveau.conf\n# \u6dfb\u52a0\u4ee5\u4e0b\u4e24\u884c\u5185\u5bb9:\nblacklist nouveau\noptions nouveau modeset=0\n# \u7981\u7528Nouveau\nsudo dracut --force\n# \u91cd\u542fvm\nsudo reboot\n# \u68c0\u67e5\u662f\u5426\u5df2\u7ecf\u6210\u529f\u7981\u7528\nlsmod | grep nouveau\n
"},{"location":"admin/kpanda/gpu/nvidia/rhel9.2_offline_install_driver.html#_1","title":"\u81ea\u5b9a\u4e49\u9a71\u52a8\u955c\u50cf","text":"\u5148\u5728\u672c\u5730\u521b\u5efa nvidia-driver
\u6587\u4ef6\uff1a
#! /bin/bash -x\n# Copyright (c) 2018-2020, NVIDIA CORPORATION. All rights reserved.\n\nset -eu\n\nRUN_DIR=/run/nvidia\nPID_FILE=${RUN_DIR}/${0##*/}.pid\nDRIVER_VERSION=${DRIVER_VERSION:?\"Missing DRIVER_VERSION env\"}\nKERNEL_UPDATE_HOOK=/run/kernel/postinst.d/update-nvidia-driver\nNUM_VGPU_DEVICES=0\nNVIDIA_MODULE_PARAMS=()\nNVIDIA_UVM_MODULE_PARAMS=()\nNVIDIA_MODESET_MODULE_PARAMS=()\nNVIDIA_PEERMEM_MODULE_PARAMS=()\nTARGETARCH=${TARGETARCH:?\"Missing TARGETARCH env\"}\nUSE_HOST_MOFED=\"${USE_HOST_MOFED:-false}\"\nDNF_RELEASEVER=${DNF_RELEASEVER:-\"\"}\nRHEL_VERSION=${RHEL_VERSION:-\"\"}\nRHEL_MAJOR_VERSION=9\n\nOPEN_KERNEL_MODULES_ENABLED=${OPEN_KERNEL_MODULES_ENABLED:-false}\n[[ \"${OPEN_KERNEL_MODULES_ENABLED}\" == \"true\" ]] && KERNEL_TYPE=kernel-open || KERNEL_TYPE=kernel\n\nDRIVER_ARCH=${TARGETARCH/amd64/x86_64} && DRIVER_ARCH=${DRIVER_ARCH/arm64/aarch64}\necho \"DRIVER_ARCH is $DRIVER_ARCH\"\n\nSCRIPT_DIR=$( cd -- \"$( dirname -- \"${BASH_SOURCE[0]}\" )\" &> /dev/null && pwd )\nsource $SCRIPT_DIR/common.sh\n\n_update_package_cache() {\n if [ \"${PACKAGE_TAG:-}\" != \"builtin\" ]; then\n echo \"Updating the package cache...\"\n if ! yum -q makecache; then\n echo \"FATAL: failed to reach RHEL package repositories. \"\\\n \"Ensure that the cluster can access the proper networks.\"\n exit 1\n fi\n fi\n}\n\n_cleanup_package_cache() {\n if [ \"${PACKAGE_TAG:-}\" != \"builtin\" ]; then\n echo \"Cleaning up the package cache...\"\n rm -rf /var/cache/yum/*\n fi\n}\n\n_get_rhel_version_from_kernel() {\n local rhel_version_underscore rhel_version_arr\n rhel_version_underscore=$(echo \"${KERNEL_VERSION}\" | sed 's/.*el\\([0-9]\\+_[0-9]\\+\\).*/\\1/g')\n # For e.g. :- from the kernel version 4.18.0-513.9.1.el8_9, we expect to extract the string \"8_9\"\n if [[ ! ${rhel_version_underscore} =~ ^[0-9]+_[0-9]+$ ]]; then\n echo \"Unable to resolve RHEL version from kernel version\" >&2\n return 1\n fi\n IFS='_' read -r -a rhel_version_arr <<< \"$rhel_version_underscore\"\n if [[ ${#rhel_version_arr[@]} -ne 2 ]]; then\n echo \"Unable to resolve RHEL version from kernel version\" >&2\n return 1\n fi\n RHEL_VERSION=\"${rhel_version_arr[0]}.${rhel_version_arr[1]}\"\n echo \"RHEL VERSION successfully resolved from kernel: ${RHEL_VERSION}\"\n return 0\n}\n\n_resolve_rhel_version() {\n _get_rhel_version_from_kernel || RHEL_VERSION=\"${RHEL_MAJOR_VERSION}\"\n # set dnf release version as rhel version by default\n if [[ -z \"${DNF_RELEASEVER}\" ]]; then\n DNF_RELEASEVER=\"${RHEL_VERSION}\"\n fi\n return 0\n}\n\n# Resolve the kernel version to the form major.minor.patch-revision.\n_resolve_kernel_version() {\n echo \"Resolving Linux kernel version...\"\n local version=$(yum -q list available --showduplicates kernel-headers |\n awk -v arch=$(uname -m) 'NR>1 {print $2\".\"arch}' | tac | grep -E -m1 \"^${KERNEL_VERSION/latest/.*}\")\n\n if [ -z \"${version}\" ]; then\n echo \"Could not resolve Linux kernel version\" >&2\n return 1\n fi\n KERNEL_VERSION=\"${version}\"\n echo \"Proceeding with Linux kernel version ${KERNEL_VERSION}\"\n return 0\n}\n\n# Install the kernel modules header/builtin/order files and generate the kernel version string.\n_install_prerequisites() (\n local tmp_dir=$(mktemp -d)\n\n trap \"rm -rf ${tmp_dir}\" EXIT\n cd ${tmp_dir}\n\n echo \"Installing elfutils...\"\n if ! dnf install -q -y elfutils-libelf.$DRIVER_ARCH; then\n echo \"FATAL: failed to install elfutils packages. RHEL entitlement may be improperly deployed.\"\n exit 1\n fi\n if ! dnf install -q -y elfutils-libelf-devel.$DRIVER_ARCH; then\n echo \"FATAL: failed to install elfutils packages. RHEL entitlement may be improperly deployed.\"\n exit 1\n fi \n\n rm -rf /lib/modules/${KERNEL_VERSION}\n mkdir -p /lib/modules/${KERNEL_VERSION}/proc\n\n echo \"Enabling RHOCP and EUS RPM repos...\"\n if [ -n \"${OPENSHIFT_VERSION:-}\" ]; then\n dnf config-manager --set-enabled rhocp-${OPENSHIFT_VERSION}-for-rhel-9-$DRIVER_ARCH-rpms || true\n if ! dnf makecache --releasever=${DNF_RELEASEVER}; then\n dnf config-manager --set-disabled rhocp-${OPENSHIFT_VERSION}-for-rhel-9-$DRIVER_ARCH-rpms || true\n fi\n fi\n\n dnf config-manager --set-enabled rhel-9-for-$DRIVER_ARCH-baseos-eus-rpms || true\n if ! dnf makecache --releasever=${DNF_RELEASEVER}; then\n dnf config-manager --set-disabled rhel-9-for-$DRIVER_ARCH-baseos-eus-rpms || true\n fi\n\n # try with EUS disabled, if it does not work, then try just major version\n if ! dnf makecache --releasever=${DNF_RELEASEVER}; then\n # If pointing to DNF_RELEASEVER does not work, we point to the RHEL_MAJOR_VERSION as a last resort\n if ! dnf makecache --releasever=${RHEL_MAJOR_VERSION}; then\n echo \"FATAL: failed to update the dnf metadata cache after multiple attempts with releasevers ${DNF_RELEASEVER}, ${RHEL_MAJOR_VERSION}\"\n exit 1\n else\n DNF_RELEASEVER=${RHEL_MAJOR_VERSION}\n fi\n fi\n\n echo \"Installing Linux kernel headers...\"\n dnf -q -y --releasever=${DNF_RELEASEVER} install kernel-headers-${KERNEL_VERSION} kernel-devel-${KERNEL_VERSION} --allowerasing > /dev/null\n ln -s /usr/src/kernels/${KERNEL_VERSION} /lib/modules/${KERNEL_VERSION}/build\n\n echo \"Installing Linux kernel module files...\"\n dnf -q -y --releasever=${DNF_RELEASEVER} install kernel-core-${KERNEL_VERSION} > /dev/null\n\n # Prevent depmod from giving a WARNING about missing files\n touch /lib/modules/${KERNEL_VERSION}/modules.order\n touch /lib/modules/${KERNEL_VERSION}/modules.builtin\n\n depmod ${KERNEL_VERSION}\n\n echo \"Generating Linux kernel version string...\"\n if [ \"$TARGETARCH\" = \"arm64\" ]; then\n gunzip -c /lib/modules/${KERNEL_VERSION}/vmlinuz | strings | grep -E '^Linux version' | sed 's/^\\(.*\\)\\s\\+(.*)$/\\1/' > version\n else\n extract-vmlinux /lib/modules/${KERNEL_VERSION}/vmlinuz | strings | grep -E '^Linux version' | sed 's/^\\(.*\\)\\s\\+(.*)$/\\1/' > version\n fi\n if [ -z \"$(<version)\" ]; then\n echo \"Could not locate Linux kernel version string\" >&2\n return 1\n fi\n mv version /lib/modules/${KERNEL_VERSION}/proc\n\n # Parse gcc version\n # gcc_version is expected to match x.y.z\n # current_gcc is expected to match 'gcc-x.y.z-rel.el8.x86_64\n local gcc_version=$(cat /lib/modules/${KERNEL_VERSION}/proc/version | grep -Eo \"gcc \\(GCC\\) ([0-9\\.]+)\" | grep -Eo \"([0-9\\.]+)\")\n local current_gcc=$(rpm -qa gcc)\n echo \"kernel requires gcc version: 'gcc-${gcc_version}', current gcc version is '${current_gcc}'\"\n\n if ! [[ \"${current_gcc}\" =~ \"gcc-${gcc_version}\"-.* ]]; then\n dnf install -q -y --releasever=${DNF_RELEASEVER} \"gcc-${gcc_version}\"\n fi\n)\n\n# Cleanup the prerequisites installed above.\n_remove_prerequisites() {\n true\n if [ \"${PACKAGE_TAG:-}\" != \"builtin\" ]; then\n dnf -q -y remove kernel-headers-${KERNEL_VERSION} kernel-devel-${KERNEL_VERSION} > /dev/null\n # TODO remove module files not matching an existing driver package.\n fi\n}\n\n# Check if the kernel version requires a new precompiled driver packages.\n_kernel_requires_package() {\n local proc_mount_arg=\"\"\n\n echo \"Checking NVIDIA driver packages...\"\n\n [[ ! -d /usr/src/nvidia-${DRIVER_VERSION}/${KERNEL_TYPE} ]] && return 0\n cd /usr/src/nvidia-${DRIVER_VERSION}/${KERNEL_TYPE}\n\n proc_mount_arg=\"--proc-mount-point /lib/modules/${KERNEL_VERSION}/proc\"\n for pkg_name in $(ls -d -1 precompiled/** 2> /dev/null); do\n is_match=$(../mkprecompiled --match ${pkg_name} ${proc_mount_arg})\n if [ \"${is_match}\" == \"kernel interface matches.\" ]; then\n echo \"Found NVIDIA driver package ${pkg_name##*/}\"\n return 1\n fi\n done\n return 0\n}\n\n# Compile the kernel modules, optionally sign them, and generate a precompiled package for use by the nvidia-installer.\n_create_driver_package() (\n local pkg_name=\"nvidia-modules-${KERNEL_VERSION%%-*}${PACKAGE_TAG:+-${PACKAGE_TAG}}\"\n local nvidia_sign_args=\"\"\n local nvidia_modeset_sign_args=\"\"\n local nvidia_uvm_sign_args=\"\"\n\n trap \"make -s -j ${MAX_THREADS} SYSSRC=/lib/modules/${KERNEL_VERSION}/build clean > /dev/null\" EXIT\n\n echo \"Compiling NVIDIA driver kernel modules...\"\n cd /usr/src/nvidia-${DRIVER_VERSION}/${KERNEL_TYPE}\n\n if _gpu_direct_rdma_enabled; then\n ln -s /run/mellanox/drivers/usr/src/ofa_kernel /usr/src/\n # if arch directory exists(MOFED >=5.5) then create a symlink as expected by GPU driver installer\n # This is required as currently GPU driver installer doesn't expect headers in x86_64 folder, but only in either default or kernel-version folder.\n # ls -ltr /usr/src/ofa_kernel/\n # lrwxrwxrwx 1 root root 36 Dec 8 20:10 default -> /etc/alternatives/ofa_kernel_headers\n # drwxr-xr-x 4 root root 4096 Dec 8 20:14 x86_64\n # lrwxrwxrwx 1 root root 44 Dec 9 19:05 5.4.0-90-generic -> /usr/src/ofa_kernel/x86_64/5.4.0-90-generic/\n if [[ -d \"/run/mellanox/drivers/usr/src/ofa_kernel/$(uname -m)/$(uname -r)\" ]]; then\n if [[ ! -e \"/usr/src/ofa_kernel/$(uname -r)\" ]]; then\n ln -s \"/run/mellanox/drivers/usr/src/ofa_kernel/$(uname -m)/$(uname -r)\" /usr/src/ofa_kernel/\n fi\n fi\n fi\n\n make -s -j ${MAX_THREADS} SYSSRC=/lib/modules/${KERNEL_VERSION}/build nv-linux.o nv-modeset-linux.o > /dev/null\n\n echo \"Relinking NVIDIA driver kernel modules...\"\n rm -f nvidia.ko nvidia-modeset.ko\n ld -d -r -o nvidia.ko ./nv-linux.o ./nvidia/nv-kernel.o_binary\n ld -d -r -o nvidia-modeset.ko ./nv-modeset-linux.o ./nvidia-modeset/nv-modeset-kernel.o_binary\n\n if [ -n \"${PRIVATE_KEY}\" ]; then\n echo \"Signing NVIDIA driver kernel modules...\"\n donkey get ${PRIVATE_KEY} sh -c \"PATH=${PATH}:/usr/src/linux-headers-${KERNEL_VERSION}/scripts && \\\n sign-file sha512 \\$DONKEY_FILE pubkey.x509 nvidia.ko nvidia.ko.sign && \\\n sign-file sha512 \\$DONKEY_FILE pubkey.x509 nvidia-modeset.ko nvidia-modeset.ko.sign && \\\n sign-file sha512 \\$DONKEY_FILE pubkey.x509 nvidia-uvm.ko\"\n nvidia_sign_args=\"--linked-module nvidia.ko --signed-module nvidia.ko.sign\"\n nvidia_modeset_sign_args=\"--linked-module nvidia-modeset.ko --signed-module nvidia-modeset.ko.sign\"\n nvidia_uvm_sign_args=\"--signed\"\n fi\n\n echo \"Building NVIDIA driver package ${pkg_name}...\"\n ../mkprecompiled --pack ${pkg_name} --description ${KERNEL_VERSION} \\\n --proc-mount-point /lib/modules/${KERNEL_VERSION}/proc \\\n --driver-version ${DRIVER_VERSION} \\\n --kernel-interface nv-linux.o \\\n --linked-module-name nvidia.ko \\\n --core-object-name nvidia/nv-kernel.o_binary \\\n ${nvidia_sign_args} \\\n --target-directory . \\\n --kernel-interface nv-modeset-linux.o \\\n --linked-module-name nvidia-modeset.ko \\\n --core-object-name nvidia-modeset/nv-modeset-kernel.o_binary \\\n ${nvidia_modeset_sign_args} \\\n --target-directory . \\\n --kernel-module nvidia-uvm.ko \\\n ${nvidia_uvm_sign_args} \\\n --target-directory .\n mkdir -p precompiled\n mv ${pkg_name} precompiled\n)\n\n_assert_nvswitch_system() {\n [ -d /proc/driver/nvidia-nvswitch ] || return 1\n entries=$(ls -1 /proc/driver/nvidia-nvswitch/devices/*)\n if [ -z \"${entries}\" ]; then\n return 1\n fi\n return 0\n}\n\n# For each kernel module configuration file mounted into the container,\n# parse the file contents and extract the custom module parameters that\n# are to be passed as input to 'modprobe'.\n#\n# Assumptions:\n# - Configuration files are named <module-name>.conf (i.e. nvidia.conf, nvidia-uvm.conf).\n# - Configuration files are mounted inside the container at /drivers.\n# - Each line in the file contains at least one parameter, where parameters on the same line\n# are space delimited. It is up to the user to properly format the file to ensure\n# the correct set of parameters are passed to 'modprobe'.\n_get_module_params() {\n local base_path=\"/drivers\"\n # nvidia\n if [ -f \"${base_path}/nvidia.conf\" ]; then\n while IFS=\"\" read -r param || [ -n \"$param\" ]; do\n NVIDIA_MODULE_PARAMS+=(\"$param\")\n done <\"${base_path}/nvidia.conf\"\n echo \"Module parameters provided for nvidia: ${NVIDIA_MODULE_PARAMS[@]}\"\n fi\n # nvidia-uvm\n if [ -f \"${base_path}/nvidia-uvm.conf\" ]; then\n while IFS=\"\" read -r param || [ -n \"$param\" ]; do\n NVIDIA_UVM_MODULE_PARAMS+=(\"$param\")\n done <\"${base_path}/nvidia-uvm.conf\"\n echo \"Module parameters provided for nvidia-uvm: ${NVIDIA_UVM_MODULE_PARAMS[@]}\"\n fi\n # nvidia-modeset\n if [ -f \"${base_path}/nvidia-modeset.conf\" ]; then\n while IFS=\"\" read -r param || [ -n \"$param\" ]; do\n NVIDIA_MODESET_MODULE_PARAMS+=(\"$param\")\n done <\"${base_path}/nvidia-modeset.conf\"\n echo \"Module parameters provided for nvidia-modeset: ${NVIDIA_MODESET_MODULE_PARAMS[@]}\"\n fi\n # nvidia-peermem\n if [ -f \"${base_path}/nvidia-peermem.conf\" ]; then\n while IFS=\"\" read -r param || [ -n \"$param\" ]; do\n NVIDIA_PEERMEM_MODULE_PARAMS+=(\"$param\")\n done <\"${base_path}/nvidia-peermem.conf\"\n echo \"Module parameters provided for nvidia-peermem: ${NVIDIA_PEERMEM_MODULE_PARAMS[@]}\"\n fi\n}\n\n# Load the kernel modules and start persistenced.\n_load_driver() {\n echo \"Parsing kernel module parameters...\"\n _get_module_params\n\n local nv_fw_search_path=\"$RUN_DIR/driver/lib/firmware\"\n local set_fw_path=\"true\"\n local fw_path_config_file=\"/sys/module/firmware_class/parameters/path\"\n for param in \"${NVIDIA_MODULE_PARAMS[@]}\"; do\n if [[ \"$param\" == \"NVreg_EnableGpuFirmware=0\" ]]; then\n set_fw_path=\"false\"\n fi\n done\n\n if [[ \"$set_fw_path\" == \"true\" ]]; then\n echo \"Configuring the following firmware search path in '$fw_path_config_file': $nv_fw_search_path\"\n if [[ ! -z $(grep '[^[:space:]]' $fw_path_config_file) ]]; then\n echo \"WARNING: A search path is already configured in $fw_path_config_file\"\n echo \" Retaining the current configuration\"\n else\n echo -n \"$nv_fw_search_path\" > $fw_path_config_file || echo \"WARNING: Failed to configure the firmware search path\"\n fi\n fi\n\n echo \"Loading ipmi and i2c_core kernel modules...\"\n modprobe -a i2c_core ipmi_msghandler ipmi_devintf\n\n echo \"Loading NVIDIA driver kernel modules...\"\n set -o xtrace +o nounset\n modprobe nvidia \"${NVIDIA_MODULE_PARAMS[@]}\"\n modprobe nvidia-uvm \"${NVIDIA_UVM_MODULE_PARAMS[@]}\"\n modprobe nvidia-modeset \"${NVIDIA_MODESET_MODULE_PARAMS[@]}\"\n set +o xtrace -o nounset\n\n if _gpu_direct_rdma_enabled; then\n echo \"Loading NVIDIA Peer Memory kernel module...\"\n set -o xtrace +o nounset\n modprobe -a nvidia-peermem \"${NVIDIA_PEERMEM_MODULE_PARAMS[@]}\"\n set +o xtrace -o nounset\n fi\n\n echo \"Starting NVIDIA persistence daemon...\"\n nvidia-persistenced --persistence-mode\n\n if [ \"${DRIVER_TYPE}\" = \"vgpu\" ]; then\n echo \"Copying gridd.conf...\"\n cp /drivers/gridd.conf /etc/nvidia/gridd.conf\n if [ \"${VGPU_LICENSE_SERVER_TYPE}\" = \"NLS\" ]; then\n echo \"Copying ClientConfigToken...\"\n mkdir -p /etc/nvidia/ClientConfigToken/\n cp /drivers/ClientConfigToken/* /etc/nvidia/ClientConfigToken/\n fi\n\n echo \"Starting nvidia-gridd..\"\n LD_LIBRARY_PATH=/usr/lib64/nvidia/gridd nvidia-gridd\n\n # Start virtual topology daemon\n _start_vgpu_topology_daemon\n fi\n\n if _assert_nvswitch_system; then\n echo \"Starting NVIDIA fabric manager daemon...\"\n nv-fabricmanager -c /usr/share/nvidia/nvswitch/fabricmanager.cfg\n fi\n}\n\n# Stop persistenced and unload the kernel modules if they are currently loaded.\n_unload_driver() {\n local rmmod_args=()\n local nvidia_deps=0\n local nvidia_refs=0\n local nvidia_uvm_refs=0\n local nvidia_modeset_refs=0\n local nvidia_peermem_refs=0\n\n echo \"Stopping NVIDIA persistence daemon...\"\n if [ -f /var/run/nvidia-persistenced/nvidia-persistenced.pid ]; then\n local pid=$(< /var/run/nvidia-persistenced/nvidia-persistenced.pid)\n\n kill -SIGTERM \"${pid}\"\n for i in $(seq 1 50); do\n kill -0 \"${pid}\" 2> /dev/null || break\n sleep 0.1\n done\n if [ $i -eq 50 ]; then\n echo \"Could not stop NVIDIA persistence daemon\" >&2\n return 1\n fi\n fi\n\n if [ -f /var/run/nvidia-gridd/nvidia-gridd.pid ]; then\n echo \"Stopping NVIDIA grid daemon...\"\n local pid=$(< /var/run/nvidia-gridd/nvidia-gridd.pid)\n\n kill -SIGTERM \"${pid}\"\n for i in $(seq 1 10); do\n kill -0 \"${pid}\" 2> /dev/null || break\n sleep 0.1\n done\n if [ $i -eq 10 ]; then\n echo \"Could not stop NVIDIA Grid daemon\" >&2\n return 1\n fi\n fi\n\n if [ -f /var/run/nvidia-fabricmanager/nv-fabricmanager.pid ]; then\n echo \"Stopping NVIDIA fabric manager daemon...\"\n local pid=$(< /var/run/nvidia-fabricmanager/nv-fabricmanager.pid)\n\n kill -SIGTERM \"${pid}\"\n for i in $(seq 1 50); do\n kill -0 \"${pid}\" 2> /dev/null || break\n sleep 0.1\n done\n if [ $i -eq 50 ]; then\n echo \"Could not stop NVIDIA fabric manager daemon\" >&2\n return 1\n fi\n fi\n\n echo \"Unloading NVIDIA driver kernel modules...\"\n if [ -f /sys/module/nvidia_modeset/refcnt ]; then\n nvidia_modeset_refs=$(< /sys/module/nvidia_modeset/refcnt)\n rmmod_args+=(\"nvidia-modeset\")\n ((++nvidia_deps))\n fi\n if [ -f /sys/module/nvidia_uvm/refcnt ]; then\n nvidia_uvm_refs=$(< /sys/module/nvidia_uvm/refcnt)\n rmmod_args+=(\"nvidia-uvm\")\n ((++nvidia_deps))\n fi\n if [ -f /sys/module/nvidia/refcnt ]; then\n nvidia_refs=$(< /sys/module/nvidia/refcnt)\n rmmod_args+=(\"nvidia\")\n fi\n if [ -f /sys/module/nvidia_peermem/refcnt ]; then\n nvidia_peermem_refs=$(< /sys/module/nvidia_peermem/refcnt)\n rmmod_args+=(\"nvidia-peermem\")\n ((++nvidia_deps))\n fi\n if [ ${nvidia_refs} -gt ${nvidia_deps} ] || [ ${nvidia_uvm_refs} -gt 0 ] || [ ${nvidia_modeset_refs} -gt 0 ] || [ ${nvidia_peermem_refs} -gt 0 ]; then\n echo \"Could not unload NVIDIA driver kernel modules, driver is in use\" >&2\n return 1\n fi\n\n if [ ${#rmmod_args[@]} -gt 0 ]; then\n rmmod ${rmmod_args[@]}\n fi\n return 0\n}\n\n# Link and install the kernel modules from a precompiled package using the nvidia-installer.\n_install_driver() {\n local install_args=()\n\n echo \"Installing NVIDIA driver kernel modules...\"\n cd /usr/src/nvidia-${DRIVER_VERSION}\n rm -rf /lib/modules/${KERNEL_VERSION}/video\n\n if [ \"${ACCEPT_LICENSE}\" = \"yes\" ]; then\n install_args+=(\"--accept-license\")\n fi\n IGNORE_CC_MISMATCH=1 nvidia-installer --kernel-module-only --no-drm --ui=none --no-nouveau-check -m=${KERNEL_TYPE} ${install_args[@]+\"${install_args[@]}\"}\n # May need to add no-cc-check for Rhel, otherwise it complains about cc missing in path\n # /proc/version and lib/modules/KERNEL_VERSION/proc are different, by default installer looks at /proc/ so, added the proc-mount-point\n # TODO: remove the -a flag. its not needed. in the new driver version, license-acceptance is implicit\n #nvidia-installer --kernel-module-only --no-drm --ui=none --no-nouveau-check --no-cc-version-check --proc-mount-point /lib/modules/${KERNEL_VERSION}/proc ${install_args[@]+\"${install_args[@]}\"}\n}\n\n# Mount the driver rootfs into the run directory with the exception of sysfs.\n_mount_rootfs() {\n echo \"Mounting NVIDIA driver rootfs...\"\n mount --make-runbindable /sys\n mount --make-private /sys\n mkdir -p ${RUN_DIR}/driver\n mount --rbind / ${RUN_DIR}/driver\n\n echo \"Check SELinux status\"\n if [ -e /sys/fs/selinux ]; then\n echo \"SELinux is enabled\"\n echo \"Change device files security context for selinux compatibility\"\n chcon -R -t container_file_t ${RUN_DIR}/driver/dev\n else\n echo \"SELinux is disabled, skipping...\"\n fi\n}\n\n# Unmount the driver rootfs from the run directory.\n_unmount_rootfs() {\n echo \"Unmounting NVIDIA driver rootfs...\"\n if findmnt -r -o TARGET | grep \"${RUN_DIR}/driver\" > /dev/null; then\n umount -l -R ${RUN_DIR}/driver\n fi\n}\n\n# Write a kernel postinst.d script to automatically precompile packages on kernel update (similar to DKMS).\n_write_kernel_update_hook() {\n if [ ! -d ${KERNEL_UPDATE_HOOK%/*} ]; then\n return\n fi\n\n echo \"Writing kernel update hook...\"\n cat > ${KERNEL_UPDATE_HOOK} <<'EOF'\n#!/bin/bash\n\nset -eu\ntrap 'echo \"ERROR: Failed to update the NVIDIA driver\" >&2; exit 0' ERR\n\nNVIDIA_DRIVER_PID=$(< /run/nvidia/nvidia-driver.pid)\n\nexport \"$(grep -z DRIVER_VERSION /proc/${NVIDIA_DRIVER_PID}/environ)\"\nnsenter -t \"${NVIDIA_DRIVER_PID}\" -m -- nvidia-driver update --kernel \"$1\"\nEOF\n chmod +x ${KERNEL_UPDATE_HOOK}\n}\n\n_shutdown() {\n if _unload_driver; then\n _unmount_rootfs\n rm -f ${PID_FILE} ${KERNEL_UPDATE_HOOK}\n return 0\n fi\n return 1\n}\n\n_find_vgpu_driver_version() {\n local count=\"\"\n local version=\"\"\n local drivers_path=\"/drivers\"\n\n if [ \"${DISABLE_VGPU_VERSION_CHECK}\" = \"true\" ]; then\n echo \"vgpu version compatibility check is disabled\"\n return 0\n fi\n # check if vgpu devices are present\n count=$(vgpu-util count)\n if [ $? -ne 0 ]; then\n echo \"cannot find vgpu devices on host, pleae check /var/log/vgpu-util.log for more details...\"\n return 0\n fi\n NUM_VGPU_DEVICES=$(echo \"$count\" | awk -F= '{print $2}')\n if [ $NUM_VGPU_DEVICES -eq 0 ]; then\n # no vgpu devices found, treat as passthrough\n return 0\n fi\n echo \"found $NUM_VGPU_DEVICES vgpu devices on host\"\n\n # find compatible guest driver using driver catalog\n if [ -d \"/mnt/shared-nvidia-driver-toolkit/drivers\" ]; then\n drivers_path=\"/mnt/shared-nvidia-driver-toolkit/drivers\"\n fi\n version=$(vgpu-util match -i \"${drivers_path}\" -c \"${drivers_path}/vgpuDriverCatalog.yaml\")\n if [ $? -ne 0 ]; then\n echo \"cannot find match for compatible vgpu driver from available list, please check /var/log/vgpu-util.log for more details...\"\n return 1\n fi\n DRIVER_VERSION=$(echo \"$version\" | awk -F= '{print $2}')\n echo \"vgpu driver version selected: ${DRIVER_VERSION}\"\n return 0\n}\n\n_start_vgpu_topology_daemon() {\n type nvidia-topologyd > /dev/null 2>&1 || return 0\n echo \"Starting nvidia-topologyd..\"\n nvidia-topologyd\n}\n\n_prepare() {\n if [ \"${DRIVER_TYPE}\" = \"vgpu\" ]; then\n _find_vgpu_driver_version || exit 1\n fi\n\n # Install the userspace components and copy the kernel module sources.\n sh NVIDIA-Linux-$DRIVER_ARCH-$DRIVER_VERSION.run -x && \\\n cd NVIDIA-Linux-$DRIVER_ARCH-$DRIVER_VERSION && \\\n sh /tmp/install.sh nvinstall && \\\n mkdir -p /usr/src/nvidia-$DRIVER_VERSION && \\\n mv LICENSE mkprecompiled ${KERNEL_TYPE} /usr/src/nvidia-$DRIVER_VERSION && \\\n sed '9,${/^\\(kernel\\|LICENSE\\)/!d}' .manifest > /usr/src/nvidia-$DRIVER_VERSION/.manifest\n\n echo -e \"\\n========== NVIDIA Software Installer ==========\\n\"\n echo -e \"Starting installation of NVIDIA driver version ${DRIVER_VERSION} for Linux kernel version ${KERNEL_VERSION}\\n\"\n}\n\n_prepare_exclusive() {\n _prepare\n\n exec 3> ${PID_FILE}\n if ! flock -n 3; then\n echo \"An instance of the NVIDIA driver is already running, aborting\"\n exit 1\n fi\n echo $$ >&3\n\n trap \"echo 'Caught signal'; exit 1\" HUP INT QUIT PIPE TERM\n trap \"_shutdown\" EXIT\n\n _unload_driver || exit 1\n _unmount_rootfs\n}\n\n_build() {\n # Install dependencies\n if _kernel_requires_package; then\n _update_package_cache\n _install_prerequisites\n _create_driver_package\n #_remove_prerequisites\n _cleanup_package_cache\n fi\n\n # Build the driver\n _install_driver\n}\n\n_load() {\n _load_driver\n _mount_rootfs\n _write_kernel_update_hook\n\n echo \"Done, now waiting for signal\"\n sleep infinity &\n trap \"echo 'Caught signal'; _shutdown && { kill $!; exit 0; }\" HUP INT QUIT PIPE TERM\n trap - EXIT\n while true; do wait $! || continue; done\n exit 0\n}\n\ninit() {\n _prepare_exclusive\n\n _build\n\n _load\n}\n\nbuild() {\n _prepare\n\n _build\n}\n\nload() {\n _prepare_exclusive\n\n _load\n}\n\nupdate() {\n exec 3>&2\n if exec 2> /dev/null 4< ${PID_FILE}; then\n if ! flock -n 4 && read pid <&4 && kill -0 \"${pid}\"; then\n exec > >(tee -a \"/proc/${pid}/fd/1\")\n exec 2> >(tee -a \"/proc/${pid}/fd/2\" >&3)\n else\n exec 2>&3\n fi\n exec 4>&-\n fi\n exec 3>&-\n\n # vgpu driver version is chosen dynamically during runtime, so pre-compile modules for\n # only non-vgpu driver types\n if [ \"${DRIVER_TYPE}\" != \"vgpu\" ]; then\n # Install the userspace components and copy the kernel module sources.\n if [ ! -e /usr/src/nvidia-${DRIVER_VERSION}/mkprecompiled ]; then\n sh NVIDIA-Linux-$DRIVER_ARCH-$DRIVER_VERSION.run -x && \\\n cd NVIDIA-Linux-$DRIVER_ARCH-$DRIVER_VERSION && \\\n sh /tmp/install.sh nvinstall && \\\n mkdir -p /usr/src/nvidia-$DRIVER_VERSION && \\\n mv LICENSE mkprecompiled ${KERNEL_TYPE} /usr/src/nvidia-$DRIVER_VERSION && \\\n sed '9,${/^\\(kernel\\|LICENSE\\)/!d}' .manifest > /usr/src/nvidia-$DRIVER_VERSION/.manifest\n fi\n fi\n\n echo -e \"\\n========== NVIDIA Software Updater ==========\\n\"\n echo -e \"Starting update of NVIDIA driver version ${DRIVER_VERSION} for Linux kernel version ${KERNEL_VERSION}\\n\"\n\n trap \"echo 'Caught signal'; exit 1\" HUP INT QUIT PIPE TERM\n\n _update_package_cache\n _resolve_kernel_version || exit 1\n _install_prerequisites\n if _kernel_requires_package; then\n _create_driver_package\n fi\n _remove_prerequisites\n _cleanup_package_cache\n\n echo \"Done\"\n exit 0\n}\n\n# Wait for MOFED drivers to be loaded and load nvidia-peermem whenever it gets unloaded during MOFED driver updates\nreload_nvidia_peermem() {\n if [ \"$USE_HOST_MOFED\" = \"true\" ]; then\n until lsmod | grep mlx5_core > /dev/null 2>&1 && [ -f /run/nvidia/validations/.driver-ctr-ready ];\n do\n echo \"waiting for mellanox ofed and nvidia drivers to be installed\"\n sleep 10\n done\n else\n # use driver readiness flag created by MOFED container\n until [ -f /run/mellanox/drivers/.driver-ready ] && [ -f /run/nvidia/validations/.driver-ctr-ready ];\n do\n echo \"waiting for mellanox ofed and nvidia drivers to be installed\"\n sleep 10\n done\n fi\n # get any parameters provided for nvidia-peermem\n _get_module_params && set +o nounset\n if chroot /run/nvidia/driver modprobe nvidia-peermem \"${NVIDIA_PEERMEM_MODULE_PARAMS[@]}\"; then\n if [ -f /sys/module/nvidia_peermem/refcnt ]; then\n echo \"successfully loaded nvidia-peermem module, now waiting for signal\"\n sleep inf\n trap \"echo 'Caught signal'; exit 1\" HUP INT QUIT PIPE TERM\n fi\n fi\n echo \"failed to load nvidia-peermem module\"\n exit 1\n}\n\n# probe by gpu-operator for liveness/startup checks for nvidia-peermem module to be loaded when MOFED drivers are ready\nprobe_nvidia_peermem() {\n if lsmod | grep mlx5_core > /dev/null 2>&1; then\n if [ ! -f /sys/module/nvidia_peermem/refcnt ]; then\n echo \"nvidia-peermem module is not loaded\"\n return 1\n fi\n else\n echo \"MOFED drivers are not ready, skipping probe to avoid container restarts...\"\n fi\n return 0\n}\n\nusage() {\n cat >&2 <<EOF\nUsage: $0 COMMAND [ARG...]\n\nCommands:\n init [-a | --accept-license] [-m | --max-threads MAX_THREADS]\n build [-a | --accept-license] [-m | --max-threads MAX_THREADS]\n load\n update [-k | --kernel VERSION] [-s | --sign KEYID] [-t | --tag TAG] [-m | --max-threads MAX_THREADS]\nEOF\n exit 1\n}\n\nif [ $# -eq 0 ]; then\n usage\nfi\ncommand=$1; shift\ncase \"${command}\" in\n init) options=$(getopt -l accept-license,max-threads: -o am: -- \"$@\") ;;\n build) options=$(getopt -l accept-license,tag:,max-threads: -o a:t:m: -- \"$@\") ;;\n load) options=\"\" ;;\n update) options=$(getopt -l kernel:,sign:,tag:,max-threads: -o k:s:t:m: -- \"$@\") ;;\n reload_nvidia_peermem) options=\"\" ;;\n probe_nvidia_peermem) options=\"\" ;;\n *) usage ;;\nesac\nif [ $? -ne 0 ]; then\n usage\nfi\neval set -- \"${options}\"\n\nACCEPT_LICENSE=\"\"\nMAX_THREADS=\"\"\nKERNEL_VERSION=$(uname -r)\nPRIVATE_KEY=\"\"\nPACKAGE_TAG=\"\"\n\nfor opt in ${options}; do\n case \"$opt\" in\n -a | --accept-license) ACCEPT_LICENSE=\"yes\"; shift 1 ;;\n -k | --kernel) KERNEL_VERSION=$2; shift 2 ;;\n -m | --max-threads) MAX_THREADS=$2; shift 2 ;;\n -s | --sign) PRIVATE_KEY=$2; shift 2 ;;\n -t | --tag) PACKAGE_TAG=$2; shift 2 ;;\n --) shift; break ;;\n esac\ndone\nif [ $# -ne 0 ]; then\n usage\nfi\n\n_resolve_rhel_version || exit 1\n\n$command\n
\u4f7f\u7528\u5b98\u65b9\u7684\u955c\u50cf\u6765\u4e8c\u6b21\u6784\u5efa\u81ea\u5b9a\u4e49\u955c\u50cf\uff0c\u5982\u4e0b\u662f\u4e00\u4e2a Dockerfile
\u6587\u4ef6\u7684\u5185\u5bb9\uff1a
FROM nvcr.io/nvidia/driver:535.183.06-rhel9.2\nCOPY nvidia-driver /usr/local/bin\nRUN chmod +x /usr/local/bin/nvidia-driver\nCMD [\"/bin/bash\", \"-c\"]\n
\u6784\u5efa\u547d\u4ee4\u5e76\u63a8\u9001\u5230\u706b\u79cd\u96c6\u7fa4\uff1a
docker build -t {\u706b\u79cdregistry}/nvcr.m.daocloud.io/nvidia/driver:535.183.06-01-rhel9.2 -f Dockerfile .\ndocker push {\u706b\u79cdregistry}/nvcr.m.daocloud.io/nvidia/driver:535.183.06-01-rhel9.2\n
"},{"location":"admin/kpanda/gpu/nvidia/rhel9.2_offline_install_driver.html#_2","title":"\u5b89\u88c5\u9a71\u52a8","text":"driver.version=535.183.06-01
\u524d\u63d0\u6761\u4ef6\uff1a\u5df2\u5b89\u88c5 gpu-operator v23.9.0+2 \u53ca\u66f4\u9ad8\u7248\u672c
"},{"location":"admin/kpanda/gpu/nvidia/ubuntu22.04_offline_install_driver.html#_1","title":"\u51c6\u5907\u79bb\u7ebf\u955c\u50cf","text":"\u67e5\u770b\u5185\u6838\u7248\u672c
$ uname -r\n5.15.0-78-generic\n
\u67e5\u770b\u5185\u6838\u5bf9\u5e94\u7684 GPU Driver \u955c\u50cf\u7248\u672c\uff0c https://catalog.ngc.nvidia.com/orgs/nvidia/containers/driver/tags
\u3002 \u4f7f\u7528\u5185\u6838\u67e5\u8be2\u955c\u50cf\u7248\u672c\uff0c\u901a\u8fc7 ctr export
\u4fdd\u5b58\u955c\u50cf\u3002
ctr i pull nvcr.io/nvidia/driver:535-5.15.0-78-generic-ubuntu22.04\nctr i export --all-platforms driver.tar.gz nvcr.io/nvidia/driver:535-5.15.0-78-generic-ubuntu22.04 \n
\u628a\u955c\u50cf\u5bfc\u5165\u5230\u706b\u79cd\u96c6\u7fa4\u7684\u955c\u50cf\u4ed3\u5e93\u4e2d
ctr i import driver.tar.gz\nctr i tag nvcr.io/nvidia/driver:535-5.15.0-78-generic-ubuntu22.04 {\u706b\u79cdregistry}/nvcr.m.daocloud.io/nvidia/driver:535-5.15.0-78-generic-ubuntu22.04\nctr i push {\u706b\u79cdregistry}/nvcr.m.daocloud.io/nvidia/driver:535-5.15.0-78-generic-ubuntu22.04 --skip-verify=true\n
driver.usePrecompiled=true
,\u5e76\u8bbe\u7f6e driver.version=535
\uff0c\u8fd9\u91cc\u8981\u6ce8\u610f\uff0c\u5199\u7684\u662f 535\uff0c\u4e0d\u662f 535.104.12\u3002\uff08\u975e\u9884\u7f16\u8bd1\u6a21\u5f0f\u8df3\u8fc7\u6b64\u6b65\uff0c\u76f4\u63a5\u5b89\u88c5\u5373\u53ef\uff09\u5f53\u5de5\u4f5c\u8282\u70b9\u7684\u5185\u6838\u7248\u672c\u4e0e\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u7684\u63a7\u5236\u8282\u70b9\u5185\u6838\u7248\u672c\u6216 OS \u7c7b\u578b\u4e0d\u4e00\u81f4\u65f6\uff0c\u9700\u8981\u7528\u6237\u624b\u52a8\u6784\u5efa\u79bb\u7ebf yum \u6e90\u3002
\u672c\u6587\u4ecb\u7ecd\u5982\u4f55\u6784\u5efa\u79bb\u7ebf yum \u6e90\uff0c \u5e76\u5728\u5b89\u88c5 Gpu Operator \u65f6\uff0c\u901a\u8fc7 RepoConfig.ConfigMapName
\u53c2\u6570\u6765\u4f7f\u7528\u3002
\u672c\u6587\u4ee5\u5185\u6838\u7248\u672c\u4e3a 3.10.0-1160.95.1.el7.x86_64
\u7684 CentOS 7.9 \u8282\u70b9\u4e3a\u4f8b\uff0c\u4ecb\u7ecd\u5982\u4f55\u6784\u5efa GPU operator \u79bb\u7ebf\u5305\u7684 yum \u6e90\u3002
\u5206\u522b\u5728\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u7684\u63a7\u5236\u8282\u70b9\u548c\u5f85\u90e8\u7f72 GPU Operator \u7684\u8282\u70b9\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u82e5\u4e24\u4e2a\u8282\u70b9\u7684 OS \u548c\u5185\u6838\u7248\u672c\u4e00\u81f4\u5219\u65e0\u9700\u6784\u5efa yum \u6e90\uff0c \u53ef\u53c2\u8003\u79bb\u7ebf\u5b89\u88c5 GPU Operator \u6587\u6863\u76f4\u63a5\u5b89\u88c5\uff1b\u82e5\u4e24\u4e2a\u8282\u70b9\u7684 OS \u6216\u5185\u6838\u7248\u672c\u4e0d\u4e00\u81f4\uff0c\u8bf7\u6267\u884c\u4e0b\u4e00\u6b65\u3002
\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u67e5\u770b\u96c6\u7fa4\u4e0b\u5f85\u90e8\u7f72 GPU Operator \u8282\u70b9\u7684\u53d1\u884c\u7248\u540d\u79f0\u548c\u7248\u672c\u53f7\u3002
cat /etc/redhat-release\n
\u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a
CentOS Linux release 7.9 (Core)\n
\u8f93\u51fa\u7ed3\u679c\u4e3a\u5f53\u524d\u8282\u70b9\u5185\u6838\u7248\u672c CentOS 7.9
\u3002
\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u67e5\u770b\u96c6\u7fa4\u4e0b\u5f85\u90e8\u7f72 GPU Operator \u8282\u70b9\u7684\u5185\u6838\u7248\u672c\u3002
uname -a\n
\u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a
Linux localhost.localdomain 3.10.0-1160.95.1.el7.x86_64 #1 SMP Mon Oct 19 16:18:59 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux\n
\u8f93\u51fa\u7ed3\u679c\u4e3a\u5f53\u524d\u8282\u70b9\u5185\u6838\u7248\u672c 3.10.0-1160.el7.x86_64
\u3002
\u5728\u4e00\u4e2a\u80fd\u591f\u8bbf\u95ee\u4e92\u8054\u7f51\u548c\u6587\u4ef6\u670d\u52a1\u5668\u7684\u8282\u70b9\u4e0a\u8fdb\u884c\u64cd\u4f5c\u3002
\u5728\u4e00\u4e2a\u80fd\u591f\u8bbf\u95ee\u4e92\u8054\u7f51\u548c\u6587\u4ef6\u670d\u52a1\u5668\u7684\u8282\u70b9\u4e0a\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u65b0\u5efa\u4e00\u4e2a\u540d\u4e3a yum.sh \u7684\u811a\u672c\u6587\u4ef6\u3002
vi yum.sh\n
\u7136\u540e\u6309\u4e0b i \u952e\u8fdb\u5165\u63d2\u5165\u6a21\u5f0f\uff0c\u8f93\u5165\u4ee5\u4e0b\u5185\u5bb9\uff1a
export TARGET_KERNEL_VERSION=$1\n\ncat >> run.sh << \\EOF\n#! /bin/bash\necho \"start install kernel repo\"\necho ${KERNEL_VERSION}\nmkdir centos-base\n\nif [ \"$OS\" -eq 7 ]; then\n yum install --downloadonly --downloaddir=./centos-base perl\n yum install --downloadonly --downloaddir=./centos-base elfutils-libelf.x86_64\n yum install --downloadonly --downloaddir=./redhat-base elfutils-libelf-devel.x86_64\n yum install --downloadonly --downloaddir=./centos-base kernel-headers-${KERNEL_VERSION}.el7.x86_64\n yum install --downloadonly --downloaddir=./centos-base kernel-devel-${KERNEL_VERSION}.el7.x86_64\n yum install --downloadonly --downloaddir=./centos-base kernel-${KERNEL_VERSION}.el7.x86_64\n yum install -y --downloadonly --downloaddir=./centos-base groff-base\nelif [ \"$OS\" -eq 8 ]; then\n yum install --downloadonly --downloaddir=./centos-base perl\n yum install --downloadonly --downloaddir=./centos-base elfutils-libelf.x86_64\n yum install --downloadonly --downloaddir=./redhat-base elfutils-libelf-devel.x86_64\n yum install --downloadonly --downloaddir=./centos-base kernel-headers-${KERNEL_VERSION}.el8.x86_64\n yum install --downloadonly --downloaddir=./centos-base kernel-devel-${KERNEL_VERSION}.el8.x86_64\n yum install --downloadonly --downloaddir=./centos-base kernel-${KERNEL_VERSION}.el8.x86_64\n yum install -y --downloadonly --downloaddir=./centos-base groff-base\nelse\n echo \"Error os version\"\nfi\n\ncreaterepo centos-base/\nls -lh centos-base/\ntar -zcf centos-base.tar.gz centos-base/\necho \"end install kernel repo\"\nEOF\n\ncat >> Dockerfile << EOF\nFROM centos:7\nENV KERNEL_VERSION=\"\"\nENV OS=7\nRUN yum install -y createrepo\nCOPY run.sh .\nENTRYPOINT [\"/bin/bash\",\"run.sh\"]\nEOF\n\ndocker build -t test:v1 -f Dockerfile .\ndocker run -e KERNEL_VERSION=$TARGET_KERNEL_VERSION --name centos7.9 test:v1\ndocker cp centos7.9:/centos-base.tar.gz .\ntar -xzf centos-base.tar.gz\n
\u6309\u4e0b esc \u952e\u9000\u51fa\u63d2\u5165\u6a21\u5f0f\uff0c\u7136\u540e\u8f93\u5165 __ :wq__ \u4fdd\u5b58\u5e76\u9000\u51fa\u3002
\u8fd0\u884c yum.sh \u6587\u4ef6\uff1a
bash -x yum.sh TARGET_KERNEL_VERSION\n
TARGET_KERNEL_VERSION
\u53c2\u6570\u7528\u4e8e\u6307\u5b9a\u96c6\u7fa4\u8282\u70b9\u7684\u5185\u6838\u7248\u672c\uff0c\u6ce8\u610f\uff1a\u53d1\u884c\u7248\u6807\u8bc6\u7b26\uff08\u5982 __ .el7.x86_64 __ \uff09\u65e0\u9700\u8f93\u5165\u3002 \u4f8b\u5982\uff1a
bash -x yum.sh 3.10.0-1160.95.1\n
\u81f3\u6b64\uff0c\u60a8\u5df2\u7ecf\u751f\u6210\u4e86\u5185\u6838\u4e3a 3.10.0-1160.95.1.el7.x86_64 \u7684\u79bb\u7ebf\u7684 yum \u6e90\uff1a centos-base \u3002
"},{"location":"admin/kpanda/gpu/nvidia/upgrade_yum_source_centos7_9.html#yum_1","title":"\u4e0a\u4f20\u79bb\u7ebf yum \u6e90\u5230\u6587\u4ef6\u670d\u52a1\u5668","text":"\u5728\u4e00\u4e2a\u80fd\u591f\u8bbf\u95ee\u4e92\u8054\u7f51\u548c\u6587\u4ef6\u670d\u52a1\u5668\u7684\u8282\u70b9\u4e0a\u8fdb\u884c\u64cd\u4f5c\u3002\u4e3b\u8981\u7528\u4e8e\u5c06\u4e0a\u4e00\u6b65\u4e2d\u751f\u6210\u7684 yum \u6e90\u4e0a\u4f20\u5230\u53ef\u4ee5\u88ab\u5f85\u90e8\u7f72 GPU Operator \u7684\u96c6\u7fa4\u8fdb\u884c\u8bbf\u95ee\u7684\u6587\u4ef6\u670d\u52a1\u5668\u4e2d\u3002 \u6587\u4ef6\u670d\u52a1\u5668\u53ef\u4ee5\u4e3a Nginx \u3001 Minio \u6216\u5176\u5b83\u652f\u6301 Http \u534f\u8bae\u7684\u6587\u4ef6\u670d\u52a1\u5668\u3002
\u672c\u64cd\u4f5c\u793a\u4f8b\u91c7\u7528\u7684\u662f\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u706b\u79cd\u8282\u70b9\u5185\u7f6e\u7684 Minio \u4f5c\u4e3a\u6587\u4ef6\u670d\u52a1\u5668\uff0cMinio \u76f8\u5173\u4fe1\u606f\u5982\u4e0b\uff1a
http://10.5.14.200:9000\uff08\u4e00\u822c\u4e3a{\u706b\u79cd\u8282\u70b9 IP} + {9000 \u7aef\u53e3}\uff09
\u767b\u5f55\u5bc6\u7801\uff1arootpass123
\u5728\u8282\u70b9\u5f53\u524d\u8def\u5f84\u4e0b\uff0c\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u5c06\u8282\u70b9\u672c\u5730 mc \u547d\u4ee4\u884c\u5de5\u5177\u548c minio \u670d\u52a1\u5668\u5efa\u7acb\u94fe\u63a5\u3002
mc config host add minio http://10.5.14.200:9000 rootuser rootpass123\n
\u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a
Added `minio` successfully.\n
mc \u547d\u4ee4\u884c\u5de5\u5177\u662f Minio \u6587\u4ef6\u670d\u52a1\u5668\u63d0\u4f9b\u7684\u5ba2\u6237\u7aef\u547d\u4ee4\u884c\u5de5\u5177\uff0c\u8be6\u60c5\u8bf7\u53c2\u8003\uff1a MinIO Client\u3002
\u5728\u8282\u70b9\u5f53\u524d\u8def\u5f84\u4e0b\uff0c\u65b0\u5efa\u4e00\u4e2a\u540d\u4e3a centos-base \u7684\u5b58\u50a8\u6876\uff08bucket\uff09\u3002
mc mb -p minio/centos-base\n
\u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a
Bucket created successfully __minio/centos-base__ .\n
\u5c06\u5b58\u50a8\u6876 centos-base \u7684\u8bbf\u95ee\u7b56\u7565\u8bbe\u7f6e\u4e3a\u5141\u8bb8\u516c\u5f00\u4e0b\u8f7d\u3002\u4ee5\u4fbf\u5728\u540e\u671f\u5b89\u88c5 GPU-operator \u65f6\u80fd\u591f\u88ab\u8bbf\u95ee\u3002
mc anonymous set download minio/centos-base\n
\u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a
Access permission for `minio/centos-base` is set to `download` \n
\u5728\u8282\u70b9\u5f53\u524d\u8def\u5f84\u4e0b\uff0c\u5c06\u6b65\u9aa4\u4e8c\u751f\u6210\u7684\u79bb\u7ebf yum \u6e90\u6587\u4ef6 centos-base \u590d\u5236\u5230 minio \u670d\u52a1\u5668\u7684 minio/centos-base \u5b58\u50a8\u6876\u4e2d\u3002
mc cp centos-base minio/centos-base --recursive\n
\u5728\u5f85\u90e8\u7f72 GPU Operator \u96c6\u7fa4\u7684\u63a7\u5236\u8282\u70b9\u4e0a\u8fdb\u884c\u64cd\u4f5c\u3002
\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u521b\u5efa\u540d\u4e3a CentOS-Base.repo \u7684\u6587\u4ef6\uff0c\u7528\u6765\u6307\u5b9a yum \u6e90\u5b58\u50a8\u7684\u914d\u7f6e\u4fe1\u606f\u3002
# \u6587\u4ef6\u540d\u79f0\u5fc5\u987b\u4e3a CentOS-Base.repo\uff0c\u5426\u5219\u5b89\u88c5 gpu-operator \u65f6\u65e0\u6cd5\u88ab\u8bc6\u522b\ncat > CentOS-Base.repo << EOF\n[extension-0]\nbaseurl = http://10.5.14.200:9000/centos-base/centos-base #\u6b65\u9aa4\u4e09\u4e2d\uff0c\u653e\u7f6e yum \u6e90\u7684\u6587\u4ef6\u670d\u52a1\u5668\u5730\u5740\ngpgcheck = 0\nname = kubean extension 0\n\n[extension-1]\nbaseurl = http://10.5.14.200:9000/centos-base/centos-base #\u6b65\u9aa4\u4e09\u4e2d\uff0c\u653e\u7f6e yum \u6e90\u7684\u6587\u4ef6\u670d\u52a1\u5668\u5730\u5740\ngpgcheck = 0\nname = kubean extension 1\nEOF\n
\u57fa\u4e8e\u521b\u5efa\u7684 CentOS-Base.repo \u6587\u4ef6\uff0c\u5728 gpu-operator \u547d\u540d\u7a7a\u95f4\u4e0b\uff0c\u521b\u5efa\u540d\u4e3a local-repo-config \u7684\u914d\u7f6e\u6587\u4ef6\uff1a
kubectl create configmap local-repo-config -n gpu-operator --from-file=CentOS-Base.repo=/etc/yum.repos.d/extension.repo\n
\u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a
configmap/local-repo-config created\n
local-repo-config \u914d\u7f6e\u6587\u4ef6\u7528\u4e8e\u5728\u5b89\u88c5 gpu-operator \u65f6\uff0c\u63d0\u4f9b RepoConfig.ConfigMapName
\u53c2\u6570\u7684\u503c\uff0c\u914d\u7f6e\u6587\u4ef6\u540d\u79f0\u7528\u6237\u53ef\u81ea\u5b9a\u4e49\u3002
\u67e5\u770b local-repo-config \u7684\u914d\u7f6e\u6587\u4ef6\u7684\u5185\u5bb9\uff1a
kubectl get configmap local-repo-config -n gpu-operator -oyaml\n
\u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a
apiVersion: v1\ndata:\nCentOS-Base.repo: \"[extension-0]\\nbaseurl = http://10.6.232.5:32618/centos-base#\u6b65\u9aa4\u4e8c\u4e2d\uff0c\u653e\u7f6e yum \u6e90\u7684\u6587\u4ef6\u670d\u52a1\u5668\u8def\u5f84\\ngpgcheck = 0\\nname = kubean extension 0\\n \\n[extension-1]\\nbaseurl\n = http://10.6.232.5:32618/centos-base #\u6b65\u9aa4\u4e8c\u4e2d\uff0c\u653e\u7f6e yum \u6e90\u7684\u6587\u4ef6\u670d\u52a1\u5668\u8def\u5f84\\ngpgcheck = 0\\nname\n = kubean extension 1\\n\"\nkind: ConfigMap\nmetadata:\ncreationTimestamp: \"2023-10-18T01:59:02Z\"\nname: local-repo-config\nnamespace: gpu-operator\nresourceVersion: \"59445080\"\nuid: c5f0ebab-046f-442c-b932-f9003e014387\n
\u81f3\u6b64\uff0c\u60a8\u5df2\u6210\u529f\u4e3a\u5f85\u90e8\u7f72 GPU Operator \u7684\u96c6\u7fa4\u521b\u5efa\u4e86\u79bb\u7ebf yum \u6e90\u914d\u7f6e\u6587\u4ef6\u3002 \u901a\u8fc7\u5728\u79bb\u7ebf\u5b89\u88c5 GPU Operator \u65f6\u901a\u8fc7 RepoConfig.ConfigMapName
\u53c2\u6570\u6765\u4f7f\u7528\u3002
\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u9884\u7f6e\u4e86 CentOS 7.9\uff0c\u5185\u6838\u4e3a 3.10.0-1160 \u7684 GPU operator \u79bb\u7ebf\u5305\u3002\u5176\u5b83 OS \u7c7b\u578b\u7684\u8282\u70b9\u6216\u5185\u6838\u9700\u8981\u7528\u6237\u624b\u52a8\u6784\u5efa\u79bb\u7ebf yum \u6e90\u3002
\u672c\u6587\u4ecb\u7ecd\u5982\u4f55\u57fa\u4e8e\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4efb\u610f\u8282\u70b9\u6784\u5efa Red Hat 8.4 \u79bb\u7ebf yum \u6e90\u5305\uff0c\u5e76\u5728\u5b89\u88c5 Gpu Operator \u65f6\uff0c\u901a\u8fc7 RepoConfig.ConfigMapName
\u53c2\u6570\u6765\u4f7f\u7528\u3002
\u672c\u6587\u4ee5 Red Hat 8.4 4.18.0-305.el8.x86_64 \u8282\u70b9\u4e3a\u4f8b\uff0c\u4ecb\u7ecd\u5982\u4f55\u57fa\u4e8e\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4efb\u610f\u8282\u70b9\u6784\u5efa Red Hat 8.4 \u79bb\u7ebf yum \u6e90\u5305\uff0c \u5e76\u5728\u5b89\u88c5 Gpu Operator \u65f6\uff0c\u901a\u8fc7 RepoConfig.ConfigMapName
\u53c2\u6570\u6765\u4f7f\u7528\u3002
\u4ee5\u4e0b\u64cd\u4f5c\u5728\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u7684 master \u8282\u70b9\u4e0a\u6267\u884c\u3002
\u4f7f\u7528 ssh \u6216\u5176\u5b83\u65b9\u5f0f\u8fdb\u5165\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u5185\u4efb\u4e00\u8282\u70b9\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff1a
cat /etc/yum.repos.d/extension.repo #\u67e5\u770b extension.repo \u4e2d\u7684\u5185\u5bb9\n
\u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a
[extension-0]\nbaseurl = http://10.5.14.200:9000/kubean/redhat/$releasever/os/$basearch\ngpgcheck = 0\nname = kubean extension 0\n\n[extension-1]\nbaseurl = http://10.5.14.200:9000/kubean/redhat-iso/$releasever/os/$basearch/AppStream\ngpgcheck = 0\nname = kubean extension 1\n\n[extension-2]\nbaseurl = http://10.5.14.200:9000/kubean/redhat-iso/$releasever/os/$basearch/BaseOS\ngpgcheck = 0\nname = kubean extension 2\n
\u5728 root \u8def\u5f84\u4e0b\u65b0\u5efa\u4e00\u4e2a\u540d\u4e3a redhat-base-repo \u7684\u6587\u4ef6\u5939
mkdir redhat-base-repo\n
\u4e0b\u8f7d yum \u6e90\u4e2d\u7684 rpm \u5305\u5230\u672c\u5730\uff1a
yum install yum-utils\n
\u4e0b\u8f7d extension-1 \u4e2d\u7684 rpm \u5305\uff1a
reposync -p redhat-base-repo -n --repoid=extension-1\n
\u4e0b\u8f7d extension-2 \u4e2d\u7684 rpm \u5305\uff1a
reposync -p redhat-base-repo -n --repoid=extension-2\n
\u4ee5\u4e0b\u64cd\u4f5c\u5728\u8054\u7f51\u8282\u70b9\u6267\u884c\u64cd\u4f5c\uff0c\u5728\u64cd\u4f5c\u524d\uff0c\u60a8\u9700\u8981\u4fdd\u8bc1\u8054\u7f51\u8282\u70b9\u548c\u5168\u5c40\u670d\u52a1\u96c6\u7fa4 master \u8282\u70b9\u95f4\u7684\u7f51\u7edc\u8054\u901a\u6027\u3002
\u5728\u8054\u7f51\u8282\u70b9\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u4e0b\u8f7d elfutils-libelf-devel-0.187-4.el8.x86_64.rpm \u5305\uff1a
wget https://rpmfind.net/linux/centos/8-stream/BaseOS/x86_64/os/Packages/elfutils-libelf-devel-0.187-4.el8.x86_64.rpm\n
\u5728\u5f53\u524d\u76ee\u5f55\u4e0b\u5c06 elfutils-libelf-devel-0.187-4.el8.x86_64.rpm \u5305\u4f20\u8f93\u81f3\u6b65\u9aa4\u4e00\u4e2d\u7684\u8282\u70b9\u4e0a\uff1a
scp elfutils-libelf-devel-0.187-4.el8.x86_64.rpm user@ip:~/redhat-base-repo/extension-2/Packages/\n
\u4f8b\u5982\uff1a
scp elfutils-libelf-devel-0.187-4.el8.x86_64.rpm root@10.6.175.10:~/redhat-base-repo/extension-2/Packages/\n
\u4ee5\u4e0b\u64cd\u4f5c\u5728\u6b65\u9aa4\u4e00\u4e2d\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u7684 master \u8282\u70b9\u4e0a\u6267\u884c\u3002
\u8fdb\u5165 yum repo \u76ee\u5f55\uff1a
cd ~/redhat-base-repo/extension-1/Packages\ncd ~/redhat-base-repo/extension-2/Packages\n
\u751f\u6210\u76ee\u5f55 repo \u7d22\u5f15\uff1a
yum install createrepo -y # \u82e5\u5df2\u5b89\u88c5 createrepo \u53ef\u7701\u7565\u6b64\u6b65\u9aa4\ncreaterepo_c ./\n
\u81f3\u6b64\uff0c\u60a8\u5df2\u7ecf\u751f\u6210\u4e86\u5185\u6838\u4e3a 4.18.0-305.el8.x86_64
\u7684\u79bb\u7ebf\u7684 yum \u6e90\uff1a redhat-base-repo \u3002
\u672c\u64cd\u4f5c\u793a\u4f8b\u91c7\u7528\u7684\u662f\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u706b\u79cd\u8282\u70b9\u5185\u7f6e\u7684 Minio \u4f5c\u4e3a\u6587\u4ef6\u670d\u52a1\u5668\uff0c\u7528\u6237\u53ef\u57fa\u4e8e\u81ea\u8eab\u60c5\u51b5\u9009\u62e9\u6587\u4ef6\u670d\u52a1\u5668\u3002Minio \u76f8\u5173\u4fe1\u606f\u5982\u4e0b\uff1a
http://10.5.14.200:9000\uff08\u4e00\u822c\u4e3a{\u706b\u79cd\u8282\u70b9 IP} + {9000 \u7aef\u53e3}\uff09
\u767b\u5f55\u5bc6\u7801\uff1arootpass123
\u5728\u8282\u70b9\u5f53\u524d\u8def\u5f84\u4e0b\uff0c\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u5c06\u8282\u70b9\u672c\u5730 mc \u547d\u4ee4\u884c\u5de5\u5177\u548c minio \u670d\u52a1\u5668\u5efa\u7acb\u94fe\u63a5\u3002
mc config host add minio \u6587\u4ef6\u670d\u52a1\u5668\u8bbf\u95ee\u5730\u5740 \u7528\u6237\u540d \u5bc6\u7801\n
\u4f8b\u5982\uff1a
mc config host add minio http://10.5.14.200:9000 rootuser rootpass123\n
\u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a
Added `minio` successfully.\n
mc \u547d\u4ee4\u884c\u5de5\u5177\u662f Minio \u6587\u4ef6\u670d\u52a1\u5668\u63d0\u4f9b\u7684\u5ba2\u6237\u7aef\u547d\u4ee4\u884c\u5de5\u5177\uff0c\u8be6\u60c5\u8bf7\u53c2\u8003\uff1a MinIO Client\u3002
\u5728\u8282\u70b9\u5f53\u524d\u8def\u5f84\u4e0b\uff0c\u65b0\u5efa\u4e00\u4e2a\u540d\u4e3a redhat-base \u7684\u5b58\u50a8\u6876(bucket)\u3002
mc mb -p minio/redhat-base\n
\u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a
Bucket created successfully `minio/redhat-base`.\n
\u5c06\u5b58\u50a8\u6876 redhat-base \u7684\u8bbf\u95ee\u7b56\u7565\u8bbe\u7f6e\u4e3a\u5141\u8bb8\u516c\u5f00\u4e0b\u8f7d\u3002\u4ee5\u4fbf\u5728\u540e\u671f\u5b89\u88c5 GPU-operator \u65f6\u80fd\u591f\u88ab\u8bbf\u95ee\u3002
mc anonymous set download minio/redhat-base\n
\u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a
Access permission for `minio/redhat-base` is set to `download` \n
\u5728\u8282\u70b9\u5f53\u524d\u8def\u5f84\u4e0b\uff0c\u5c06\u6b65\u9aa4\u4e8c\u751f\u6210\u7684\u79bb\u7ebf yum \u6e90\u6587\u4ef6 redhat-base-repo \u590d\u5236\u5230 minio \u670d\u52a1\u5668\u7684 minio/redhat-base \u5b58\u50a8\u6876\u4e2d\u3002
mc cp redhat-base-repo minio/redhat-base --recursive\n
\u672c\u6b65\u9aa4\u5728\u5f85\u90e8\u7f72 GPU Operator \u96c6\u7fa4\u7684\u63a7\u5236\u8282\u70b9\u4e0a\u8fdb\u884c\u64cd\u4f5c\u3002
\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u521b\u5efa\u540d\u4e3a redhat.repo \u7684\u6587\u4ef6\uff0c\u7528\u6765\u6307\u5b9a yum \u6e90\u5b58\u50a8\u7684\u914d\u7f6e\u4fe1\u606f\u3002
# \u6587\u4ef6\u540d\u79f0\u5fc5\u987b\u4e3a redhat.repo\uff0c\u5426\u5219\u5b89\u88c5 gpu-operator \u65f6\u65e0\u6cd5\u88ab\u8bc6\u522b\ncat > redhat.repo << EOF\n[extension-0]\nbaseurl = http://10.5.14.200:9000/redhat-base/redhat-base-repo/Packages #\u6b65\u9aa4\u4e00\u4e2d\uff0c\u653e\u7f6e yum \u6e90\u7684\u6587\u4ef6\u670d\u52a1\u5668\u5730\u5740\ngpgcheck = 0\nname = kubean extension 0\n\n[extension-1]\nbaseurl = http://10.5.14.200:9000/redhat-base/redhat-base-repo/Packages #\u6b65\u9aa4\u4e00\u4e2d\uff0c\u653e\u7f6e yum \u6e90\u7684\u6587\u4ef6\u670d\u52a1\u5668\u5730\u5740\ngpgcheck = 0\nname = kubean extension 1\nEOF\n
\u57fa\u4e8e\u521b\u5efa\u7684 redhat.repo \u6587\u4ef6\uff0c\u5728 gpu-operator \u547d\u540d\u7a7a\u95f4\u4e0b\uff0c\u521b\u5efa\u540d\u4e3a local-repo-config \u7684\u914d\u7f6e\u6587\u4ef6\uff1a
kubectl create configmap local-repo-config -n gpu-operator --from-file=./redhat.repo \n
\u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a
configmap/local-repo-config created\n
local-repo-config \u914d\u7f6e\u6587\u4ef6\u7528\u4e8e\u5728\u5b89\u88c5 gpu-operator \u65f6\uff0c\u63d0\u4f9b RepoConfig.ConfigMapName
\u53c2\u6570\u7684\u503c\uff0c\u914d\u7f6e\u6587\u4ef6\u540d\u79f0\u7528\u6237\u53ef\u81ea\u5b9a\u4e49\u3002
\u67e5\u770b local-repo-config \u7684\u914d\u7f6e\u6587\u4ef6\u7684\u5185\u5bb9\uff1a
kubectl get configmap local-repo-config -n gpu-operator -oyaml\n
\u81f3\u6b64\uff0c\u60a8\u5df2\u6210\u529f\u4e3a\u5f85\u90e8\u7f72 GPU Operator \u7684\u96c6\u7fa4\u521b\u5efa\u4e86\u79bb\u7ebf yum \u6e90\u914d\u7f6e\u6587\u4ef6\u3002 \u901a\u8fc7\u5728\u79bb\u7ebf\u5b89\u88c5 GPU Operator \u65f6\u901a\u8fc7 RepoConfig.ConfigMapName
\u53c2\u6570\u6765\u4f7f\u7528\u3002
\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u9884\u7f6e\u4e86 CentOS 7.9\uff0c\u5185\u6838\u4e3a 3.10.0-1160 \u7684 GPU Operator \u79bb\u7ebf\u5305\u3002\u5176\u5b83 OS \u7c7b\u578b\u7684\u8282\u70b9\u6216\u5185\u6838\u9700\u8981\u7528\u6237\u624b\u52a8\u6784\u5efa\u79bb\u7ebf yum \u6e90\u3002
\u672c\u6587\u4ecb\u7ecd\u5982\u4f55\u57fa\u4e8e\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4efb\u610f\u8282\u70b9\u6784\u5efa Red Hat 7.9 \u79bb\u7ebf yum \u6e90\u5305\uff0c\u5e76\u5728\u5b89\u88c5 Gpu Operator \u65f6\u4f7f\u7528 RepoConfig.ConfigMapName
\u53c2\u6570\u3002
\u4e0b\u8f7d rhel7.9 ISO
\u4e0b\u8f7d\u4e0e Kubean \u7248\u672c\u5bf9\u5e94\u7684\u7684 rhel7.9 ospackage
\u5728 \u5bb9\u5668\u7ba1\u7406 \u7684\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4e2d\u627e\u5230 Helm \u5e94\u7528 \uff0c\u641c\u7d22 kubean\uff0c\u53ef\u67e5\u770b kubean \u7684\u7248\u672c\u53f7\u3002
\u5728 kubean\u7684\u4ee3\u7801\u4ed3\u5e93 \u4e2d\u4e0b\u8f7d\u8be5\u7248\u672c\u7684 rhel7.9 ospackage\u3002
\u901a\u8fc7\u5b89\u88c5\u5668\u5bfc\u5165\u79bb\u7ebf\u8d44\u6e90
\u70b9\u51fb\u67e5\u770b\u4e0b\u8f7d\u5730\u5740\u3002
"},{"location":"admin/kpanda/gpu/nvidia/yum_source_redhat7_9.html#3-red-hat-gpu-opreator","title":"3. \u5411\u706b\u79cd\u8282\u70b9\u4ed3\u5e93\u4e0a\u4f20 Red Hat GPU Opreator \u79bb\u7ebf\u955c\u50cf","text":"\u53c2\u8003\u5411\u706b\u79cd\u8282\u70b9\u4ed3\u5e93\u4e0a\u4f20 Red Hat GPU Opreator \u79bb\u7ebf\u955c\u50cf\u3002
Note
\u6b64\u53c2\u8003\u4ee5 rhel8.4 \u4e3a\u4f8b\uff0c\u8bf7\u6ce8\u610f\u4fee\u6539\u6210 rhel7.9\u3002
"},{"location":"admin/kpanda/gpu/nvidia/yum_source_redhat7_9.html#4-yum","title":"4. \u5728\u96c6\u7fa4\u521b\u5efa\u914d\u7f6e\u9879\u7528\u6765\u4fdd\u5b58 Yum \u6e90\u4fe1\u606f","text":"\u5728\u5f85\u90e8\u7f72 GPU Operator \u96c6\u7fa4\u7684\u63a7\u5236\u8282\u70b9\u4e0a\u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\u3002
\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u521b\u5efa\u540d\u4e3a CentOS-Base.repo \u7684\u6587\u4ef6\uff0c\u7528\u6765\u6307\u5b9a yum \u6e90\u5b58\u50a8\u7684\u914d\u7f6e\u4fe1\u606f\u3002
# \u6587\u4ef6\u540d\u79f0\u5fc5\u987b\u4e3a CentOS-Base.repo\uff0c\u5426\u5219\u5b89\u88c5 gpu-operator \u65f6\u65e0\u6cd5\u88ab\u8bc6\u522b\ncat > CentOS-Base.repo << EOF\n[extension-0]\nbaseurl = http://10.5.14.200:9000/centos-base/centos-base # \u706b\u79cd\u8282\u70b9\u7684\u7684\u6587\u4ef6\u670d\u52a1\u5668\u5730\u5740\uff0c\u4e00\u822c\u4e3a{\u706b\u79cd\u8282\u70b9 IP} + {9000 \u7aef\u53e3}\ngpgcheck = 0\nname = kubean extension 0\n\n[extension-1]\nbaseurl = http://10.5.14.200:9000/centos-base/centos-base # \u706b\u79cd\u8282\u70b9\u7684\u7684\u6587\u4ef6\u670d\u52a1\u5668\u5730\u5740\uff0c\u4e00\u822c\u4e3a{\u706b\u79cd\u8282\u70b9 IP} + {9000 \u7aef\u53e3}\ngpgcheck = 0\nname = kubean extension 1\nEOF\n
\u57fa\u4e8e\u521b\u5efa\u7684 CentOS-Base.repo \u6587\u4ef6\uff0c\u5728 gpu-operator \u547d\u540d\u7a7a\u95f4\u4e0b\uff0c\u521b\u5efa\u540d\u4e3a local-repo-config \u7684\u914d\u7f6e\u6587\u4ef6\uff1a
kubectl create configmap local-repo-config -n gpu-operator --from-file=CentOS-Base.repo=/etc/yum.repos.d/extension.repo\n
\u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a
configmap/local-repo-config created\n
local-repo-config \u914d\u7f6e\u6587\u4ef6\u7528\u4e8e\u5728\u5b89\u88c5 gpu-operator \u65f6\uff0c\u63d0\u4f9b RepoConfig.ConfigMapName
\u53c2\u6570\u7684\u503c\uff0c\u914d\u7f6e\u6587\u4ef6\u540d\u79f0\u7528\u6237\u53ef\u81ea\u5b9a\u4e49\u3002
\u67e5\u770b local-repo-config \u7684\u914d\u7f6e\u6587\u4ef6\u7684\u5185\u5bb9\uff1a
kubectl get configmap local-repo-config -n gpu-operator -oyaml\n
\u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a
local-repo-config.yamlapiVersion: v1\ndata:\n CentOS-Base.repo: \"[extension-0]\\nbaseurl = http://10.6.232.5:32618/centos-base # \u6b65\u9aa4 2 \u4e2d\uff0c\u653e\u7f6e yum \u6e90\u7684\u6587\u4ef6\u670d\u52a1\u5668\u8def\u5f84 \\ngpgcheck = 0\\nname = kubean extension 0\\n \\n[extension-1]\\nbaseurl\n = http://10.6.232.5:32618/centos-base # \u6b65\u9aa4 2 \u4e2d\uff0c\u653e\u7f6e yum \u6e90\u7684\u6587\u4ef6\u670d\u52a1\u5668\u8def\u5f84 \\ngpgcheck = 0\\nname\n = kubean extension 1\\n\"\nkind: ConfigMap\nmetadata:\n creationTimestamp: \"2023-10-18T01:59:02Z\"\n name: local-repo-config\n namespace: gpu-operator\n resourceVersion: \"59445080\"\n uid: c5f0ebab-046f-442c-b932-f9003e014387\n
\u81f3\u6b64\uff0c\u60a8\u5df2\u6210\u529f\u4e3a\u5f85\u90e8\u7f72 GPU Operator \u7684\u96c6\u7fa4\u521b\u5efa\u4e86\u79bb\u7ebf yum \u6e90\u914d\u7f6e\u6587\u4ef6\u3002 \u5176\u4e2d\u5728\u79bb\u7ebf\u5b89\u88c5 GPU Operator \u65f6\u4f7f\u7528\u4e86 RepoConfig.ConfigMapName
\u53c2\u6570\u3002
\u672c\u6587\u4ecb\u7ecd\u5982\u4f55\u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u8bbe\u7f6e GPU \u76f8\u5173\u7684\u544a\u8b66\u89c4\u5219\u3002
"},{"location":"admin/kpanda/gpu/nvidia/gpu-monitoring-alarm/gpu-alarm.html#_1","title":"\u524d\u7f6e\u6761\u4ef6","text":"\u672c\u8282\u4ecb\u7ecd GPU \u544a\u8b66\u5e38\u7528\u7684\u6307\u6807\uff0c\u5206\u4e3a\u4e24\u4e2a\u90e8\u5206\uff1a
\u8fd9\u91cc\u4f1a\u4ecb\u7ecd\u5982\u4f55\u8bbe\u7f6e GPU \u544a\u8b66\u89c4\u5219\uff0c\u4f7f\u7528 GPU \u5361\u5229\u7528\u7387\u6307\u6807\u4f5c\u4e3a\u6848\u4f8b\uff0c\u8bf7\u7528\u6237\u6839\u636e\u5b9e\u9645\u7684\u4e1a\u52a1\u573a\u666f\u9009\u62e9\u6307\u6807\u4ee5\u53ca\u7f16\u5199 promql\u3002
\u76ee\u6807\uff1a\u5f53GPU\u5361\u5229\u7528\u7387\u5728\u4e94\u79d2\u949f\u5185\u4e00\u76f4\u4fdd\u6301 80% \u7684\u5229\u7528\u7387\u65f6\u53d1\u51fa\u544a\u8b66
\u5728\u53ef\u89c2\u6d4b\u9875\u9762\uff0c\u70b9\u51fb \u544a\u8b66 -> \u544a\u8b66\u7b56\u7565 -> \u521b\u5efa\u544a\u8b66\u7b56\u7565
\u586b\u5199\u57fa\u672c\u4fe1\u606f
\u6dfb\u52a0\u89c4\u5219
\u9009\u62e9\u901a\u77e5\u65b9\u5f0f
\u8bbe\u7f6e\u5b8c\u6210\u540e\uff0c\u5f53\u4e00\u4e2a GPU \u5728 5s \u5185\u4e00\u76f4\u4fdd\u6301 80% \u7684\u5229\u7528\u7387\uff0c\u4f1a\u6536\u5230\u5982\u4e0b\u7684\u544a\u8b66\u4fe1\u606f\u3002
\u672c\u9875\u5217\u51fa\u4e00\u4e9b\u5e38\u7528\u7684 GPU \u76d1\u63a7\u6307\u6807\u3002
"},{"location":"admin/kpanda/gpu/nvidia/gpu-monitoring-alarm/gpu-metrics.html#_1","title":"\u96c6\u7fa4\u7ef4\u5ea6","text":"\u6307\u6807\u540d\u79f0 \u63cf\u8ff0 GPU \u5361\u6570 \u96c6\u7fa4\u4e0b\u6240\u6709\u7684 GPU \u5361\u6570\u91cf GPU \u5e73\u5747\u4f7f\u7528\u7387 \u96c6\u7fa4\u4e0b\u6240\u6709 GPU \u5361\u7684\u5e73\u5747\u7b97\u529b\u4f7f\u7528\u7387 GPU \u5e73\u5747\u663e\u5b58\u4f7f\u7528\u7387 \u96c6\u7fa4\u4e0b\u6240\u6709 GPU \u5361\u7684\u5e73\u5747\u663e\u5b58\u4f7f\u7528\u7387 GPU \u5361\u529f\u7387 \u96c6\u7fa4\u4e0b\u6240\u6709 GPU \u5361\u7684\u529f\u7387 GPU \u5361\u6e29\u5ea6 \u96c6\u7fa4\u4e0b\u6240\u6709 GPU \u5361\u7684\u6e29\u5ea6 GPU \u7b97\u529b\u4f7f\u7528\u7387\u7ec6\u8282 24 \u5c0f\u65f6\u5185\uff0c\u96c6\u7fa4\u4e0b\u6240\u6709 GPU \u5361\u7684\u4f7f\u7528\u7387\u7ec6\u8282\uff08\u5305\u542b max\u3001avg\u3001current\uff09 GPU \u663e\u5b58\u4f7f\u7528\u91cf\u7ec6\u8282 24 \u5c0f\u65f6\u5185\uff0c\u96c6\u7fa4\u4e0b\u6240\u6709 GPU \u5361\u7684\u663e\u5b58\u4f7f\u7528\u91cf\u7ec6\u8282\uff08\u5305\u542b min\u3001max\u3001avg\u3001current\uff09 GPU \u663e\u5b58\u5e26\u5bbd\u4f7f\u7528\u7387 \u8868\u793a\u5185\u5b58\u5e26\u5bbd\u5229\u7528\u7387\u3002\u4ee5 Nvidia GPU V100 \u4e3a\u4f8b\uff0c\u5176\u6700\u5927\u5185\u5b58\u5e26\u5bbd\u4e3a 900 GB/sec\uff0c\u5982\u679c\u5f53\u524d\u7684\u5185\u5b58\u5e26\u5bbd\u4e3a 450 GB/sec\uff0c\u5219\u5185\u5b58\u5e26\u5bbd\u5229\u7528\u7387\u4e3a 50%"},{"location":"admin/kpanda/gpu/nvidia/gpu-monitoring-alarm/gpu-metrics.html#_2","title":"\u8282\u70b9\u7ef4\u5ea6","text":"\u6307\u6807\u540d\u79f0 \u63cf\u8ff0 GPU \u6a21\u5f0f \u8282\u70b9\u4e0a GPU \u5361\u7684\u4f7f\u7528\u6a21\u5f0f\uff0c\u5305\u542b\u6574\u5361\u6a21\u5f0f\u3001MIG \u6a21\u5f0f\u3001vGPU \u6a21\u5f0f GPU \u7269\u7406\u5361\u6570 \u8282\u70b9\u4e0a\u6240\u6709\u7684 GPU \u5361\u6570\u91cf GPU \u865a\u62df\u5361\u6570 \u8282\u70b9\u4e0a\u5df2\u7ecf\u88ab\u521b\u5efa\u51fa\u6765\u7684 vGPU \u8bbe\u5907\u6570\u91cf GPU MIG \u5b9e\u4f8b\u6570 \u8282\u70b9\u4e0a\u5df2\u7ecf\u88ab\u521b\u5efa\u51fa\u6765\u7684 MIG \u5b9e\u4f8b\u6570 GPU \u663e\u5b58\u5206\u914d\u7387 \u8282\u70b9\u4e0a\u6240\u6709 GPU \u5361\u7684\u663e\u5b58\u5206\u914d\u7387 GPU \u7b97\u529b\u5e73\u5747\u4f7f\u7528\u7387 \u8282\u70b9\u4e0a\u6240\u6709 GPU \u5361\u7684\u7b97\u529b\u5e73\u5747\u4f7f\u7528\u7387 GPU \u663e\u5b58\u5e73\u5747\u4f7f\u7528\u7387 \u8282\u70b9\u4e0a\u6240\u6709 GPU \u5361\u7684\u5e73\u5747\u663e\u5b58\u4f7f\u7528\u7387 GPU \u9a71\u52a8\u7248\u672c \u8282\u70b9\u4e0a GPU \u5361\u9a71\u52a8\u7684\u7248\u672c\u4fe1\u606f GPU \u7b97\u529b\u4f7f\u7528\u7387\u7ec6\u8282 24 \u5c0f\u65f6\u5185\uff0c\u8282\u70b9\u4e0a\u6bcf\u5f20 GPU \u5361\u7684\u7b97\u529b\u4f7f\u7528\u7387\u7ec6\u8282\uff08\u5305\u542b max\u3001avg\u3001current\uff09 GPU \u663e\u5b58\u4f7f\u7528\u91cf 24 \u5c0f\u65f6\u5185\uff0c\u8282\u70b9\u4e0a\u6bcf\u5f20 GPU \u5361\u7684\u663e\u5b58\u4f7f\u7528\u91cf\u7ec6\u8282\uff08\u5305\u542b min\u3001max\u3001avg\u3001current\uff09\u6839\u636e XID \u72b6\u6001\u6392\u67e5 GPU \u76f8\u5173\u95ee\u9898
XID \u6d88\u606f\u662f NVIDIA \u9a71\u52a8\u7a0b\u5e8f\u5411\u64cd\u4f5c\u7cfb\u7edf\u7684\u5185\u6838\u65e5\u5fd7\u6216\u4e8b\u4ef6\u65e5\u5fd7\u6253\u5370\u7684\u9519\u8bef\u62a5\u544a\u3002XID \u6d88\u606f\u7528\u4e8e\u6807\u8bc6 GPU \u9519\u8bef\u4e8b\u4ef6\uff0c \u63d0\u4f9b GPU \u786c\u4ef6\u3001NVIDIA \u8f6f\u4ef6\u6216\u5e94\u7528\u4e2d\u7684\u9519\u8bef\u7c7b\u578b\u3001\u9519\u8bef\u4f4d\u7f6e\u3001\u9519\u8bef\u4ee3\u7801\u7b49\u4fe1\u606f\u3002 \u5982\u68c0\u67e5\u9879 GPU \u8282\u70b9\u4e0a\u7684 XID \u5f02\u5e38\u4e3a\u7a7a\uff0c\u8868\u660e\u65e0 XID \u6d88\u606f\uff1b\u5982\u6709\uff0c\u60a8\u53ef\u6309\u7167\u4e0b\u8868\u81ea\u52a9\u6392\u67e5\u5e76\u89e3\u51b3\u95ee\u9898\uff0c \u6216\u67e5\u770b\u66f4\u591a XID \u6d88\u606f\u3002
XID \u6d88\u606f \u8bf4\u660e 13 Graphics Engine Exception. \u901a\u5e38\u662f\u6570\u7ec4\u8d8a\u754c\u3001\u6307\u4ee4\u9519\u8bef\uff0c\u5c0f\u6982\u7387\u662f\u786c\u4ef6\u95ee\u9898\u3002 31 GPU memory page fault. \u901a\u5e38\u662f\u5e94\u7528\u7a0b\u5e8f\u7684\u975e\u6cd5\u5730\u5740\u8bbf\u95ee\uff0c\u6781\u5c0f\u6982\u7387\u662f\u9a71\u52a8\u6216\u8005\u786c\u4ef6\u95ee\u9898\u3002 32 Invalid or corrupted push buffer stream. \u4e8b\u4ef6\u7531 PCIE \u603b\u7ebf\u4e0a\u7ba1\u7406 NVIDIA \u9a71\u52a8\u548c GPU \u4e4b\u95f4\u901a\u4fe1\u7684 DMA \u63a7\u5236\u5668\u4e0a\u62a5\uff0c\u901a\u5e38\u662f PCI \u8d28\u91cf\u95ee\u9898\u5bfc\u81f4\uff0c\u800c\u975e\u60a8\u7684\u7a0b\u5e8f\u4ea7\u751f\u3002 38 Driver firmware error. \u901a\u5e38\u662f\u9a71\u52a8\u56fa\u4ef6\u9519\u8bef\u800c\u975e\u786c\u4ef6\u95ee\u9898\u3002 43 GPU stopped processing. \u901a\u5e38\u662f\u60a8\u5e94\u7528\u81ea\u8eab\u9519\u8bef\uff0c\u800c\u975e\u786c\u4ef6\u95ee\u9898\u3002 45 Preemptive cleanup, due to previous errors -- Most likely to see when running multiple cuda applications and hitting a DBE. \u901a\u5e38\u662f\u60a8\u624b\u52a8\u9000\u51fa\u6216\u8005\u5176\u4ed6\u6545\u969c\uff08\u786c\u4ef6\u3001\u8d44\u6e90\u9650\u5236\u7b49\uff09\u5bfc\u81f4\u7684 GPU \u5e94\u7528\u9000\u51fa\uff0cXID 45 \u53ea\u63d0\u4f9b\u4e00\u4e2a\u7ed3\u679c\uff0c\u5177\u4f53\u539f\u56e0\u901a\u5e38\u9700\u8981\u8fdb\u4e00\u6b65\u5206\u6790\u65e5\u5fd7\u3002 48 Double Bit ECC Error (DBE). \u5f53 GPU \u53d1\u751f\u4e0d\u53ef\u7ea0\u6b63\u7684\u9519\u8bef\u65f6\uff0c\u4f1a\u4e0a\u62a5\u6b64\u4e8b\u4ef6\uff0c\u8be5\u9519\u8bef\u4e5f\u4f1a\u540c\u65f6\u53cd\u9988\u7ed9\u60a8\u7684\u5e94\u7528\u7a0b\u5e8f\u3002\u901a\u5e38\u9700\u8981\u91cd\u7f6e GPU \u6216\u91cd\u542f\u8282\u70b9\u6765\u6e05\u9664\u8fd9\u4e2a\u9519\u8bef\u3002 61 Internal micro-controller breakpoint/warning. GPU \u5185\u90e8\u5f15\u64ce\u505c\u6b62\u5de5\u4f5c\uff0c\u60a8\u7684\u4e1a\u52a1\u5df2\u7ecf\u53d7\u5230\u5f71\u54cd\u3002 62 Internal micro-controller halt. \u4e0e XID 61 \u7684\u89e6\u53d1\u573a\u666f\u7c7b\u4f3c\u3002 63 ECC page retirement or row remapping recording event. \u5f53\u5e94\u7528\u7a0b\u5e8f\u906d\u9047\u5230 GPU \u663e\u5b58\u786c\u4ef6\u9519\u8bef\u65f6\uff0cNVIDIA \u81ea\u7ea0\u9519\u673a\u5236\u4f1a\u5c06\u9519\u8bef\u7684\u5185\u5b58\u533a\u57df retire \u6216\u8005 remap\uff0cretirement \u548c remapped \u4fe1\u606f\u9700\u8bb0\u5f55\u5230 infoROM \u4e2d\u624d\u80fd\u6c38\u4e45\u751f\u6548\u3002Volt \u67b6\u6784\uff1a\u6210\u529f\u8bb0\u5f55 ECC page retirement \u4e8b\u4ef6\u5230 infoROM\u3002Ampere \u67b6\u6784\uff1a\u6210\u529f\u8bb0\u5f55 row remapping \u4e8b\u4ef6\u5230 infoROM\u3002 64 ECC page retirement or row remapper recording failure. \u4e0e XID 63 \u7684\u89e6\u53d1\u573a\u666f\u7c7b\u4f3c\u3002\u4f46 XID 63 \u4ee3\u8868 retirement \u548c remapped \u4fe1\u606f\u6210\u529f\u8bb0\u5f55\u5230\u4e86 infoROM\uff0cXID 64 \u4ee3\u8868\u8be5\u8bb0\u5f55\u64cd\u4f5c\u5931\u8d25\u3002 68 NVDEC0 Exception. \u901a\u5e38\u662f\u786c\u4ef6\u6216\u9a71\u52a8\u95ee\u9898\u3002 74 NVLINK Error. NVLink \u786c\u4ef6\u9519\u8bef\u4ea7\u751f\u7684 XID\uff0c\u8868\u660e GPU \u5df2\u7ecf\u51fa\u73b0\u4e25\u91cd\u786c\u4ef6\u6545\u969c\uff0c\u9700\u8981\u4e0b\u7ebf\u7ef4\u4fee\u3002 79 GPU has fallen off the bus. GPU \u786c\u4ef6\u68c0\u6d4b\u5230\u6389\u5361\uff0c\u603b\u7ebf\u4e0a\u65e0\u6cd5\u68c0\u6d4b\u8be5 GPU\uff0c\u8868\u660e\u8be5 GPU \u5df2\u7ecf\u51fa\u73b0\u4e25\u91cd\u786c\u4ef6\u6545\u969c\uff0c\u9700\u8981\u4e0b\u7ebf\u7ef4\u4fee\u3002 92 High single-bit ECC error rate. \u786c\u4ef6\u6216\u9a71\u52a8\u6545\u969c\u3002 94 Contained ECC error. \u5f53\u5e94\u7528\u7a0b\u5e8f\u906d\u9047\u5230 GPU \u4e0d\u53ef\u7ea0\u6b63\u7684\u663e\u5b58 ECC \u9519\u8bef\u65f6\uff0cNVIDIA \u9519\u8bef\u6291\u5236\u673a\u5236\u4f1a\u5c1d\u8bd5\u5c06\u9519\u8bef\u6291\u5236\u5728\u53d1\u751f\u786c\u4ef6\u6545\u969c\u7684\u5e94\u7528\u7a0b\u5e8f\uff0c\u907f\u514d\u8be5\u9519\u8bef\u5f71\u54cd GPU \u8282\u70b9\u4e0a\u8fd0\u884c\u7684\u5176\u4ed6\u5e94\u7528\u7a0b\u5e8f\u3002\u5f53\u6291\u5236\u673a\u5236\u6210\u529f\u6291\u5236\u9519\u8bef\u65f6\uff0c\u4f1a\u4ea7\u751f\u8be5\u4e8b\u4ef6\uff0c\u4ec5\u51fa\u73b0\u4e0d\u53ef\u7ea0\u6b63 ECC \u9519\u8bef\u7684\u5e94\u7528\u7a0b\u5e8f\u53d7\u5230\u5f71\u54cd\u3002 95 Uncontained ECC error. \u4e0e XID 94 \u7684\u89e6\u53d1\u573a\u666f\u7c7b\u4f3c\u3002\u4f46 XID 94 \u4ee3\u8868\u6291\u5236\u6210\u529f\uff0c\u800c XID 95 \u4ee3\u8868\u6291\u5236\u5931\u8d25\uff0c\u8868\u660e\u8fd0\u884c\u5728\u8be5 GPU \u4e0a\u7684\u6240\u6709\u5e94\u7528\u7a0b\u5e8f\u90fd\u5df2\u53d7\u5230\u5f71\u54cd\u3002"},{"location":"admin/kpanda/gpu/nvidia/gpu-monitoring-alarm/gpu-metrics.html#pod","title":"Pod \u7ef4\u5ea6","text":"\u5206\u7c7b \u6307\u6807\u540d\u79f0 \u63cf\u8ff0 \u5e94\u7528\u6982\u89c8 GPU \u5361 - \u7b97\u529b & \u663e\u5b58 Pod GPU \u7b97\u529b\u4f7f\u7528\u7387 \u5f53\u524d Pod \u6240\u4f7f\u7528\u5230\u7684 GPU \u5361\u7684\u7b97\u529b\u4f7f\u7528\u7387 Pod GPU \u663e\u5b58\u4f7f\u7528\u7387 \u5f53\u524d Pod \u6240\u4f7f\u7528\u5230\u7684 GPU \u5361\u7684\u663e\u5b58\u4f7f\u7528\u7387 Pod \u663e\u5b58\u4f7f\u7528\u91cf \u5f53\u524d Pod \u6240\u4f7f\u7528\u5230\u7684 GPU \u5361\u7684\u663e\u5b58\u4f7f\u7528\u91cf \u663e\u5b58\u5206\u914d\u91cf \u5f53\u524d Pod \u6240\u4f7f\u7528\u5230\u7684 GPU \u5361\u7684\u663e\u5b58\u5206\u914d\u91cf Pod GPU \u663e\u5b58\u590d\u5236\u4f7f\u7528\u7387 \u5f53\u524d Pod \u6240\u4f7f\u7528\u5230\u7684 GPU \u5361\u7684\u663e\u5b58\u663e\u5b58\u590d\u5236\u6bd4\u7387 GPU \u5361 - \u5f15\u64ce\u6982\u89c8 GPU \u56fe\u5f62\u5f15\u64ce\u6d3b\u52a8\u767e\u5206\u6bd4 \u8868\u793a\u5728\u4e00\u4e2a\u76d1\u63a7\u5468\u671f\u5185\uff0cGraphics \u6216 Compute \u5f15\u64ce\u5904\u4e8e Active \u7684\u65f6\u95f4\u5360\u603b\u7684\u65f6\u95f4\u7684\u6bd4\u4f8b GPU \u5185\u5b58\u5e26\u5bbd\u5229\u7528\u7387 \u8868\u793a\u5185\u5b58\u5e26\u5bbd\u5229\u7528\u7387\uff08Memory BW Utilization\uff09\u5c06\u6570\u636e\u53d1\u9001\u5230\u8bbe\u5907\u5185\u5b58\u6216\u4ece\u8bbe\u5907\u5185\u5b58\u63a5\u6536\u6570\u636e\u7684\u5468\u671f\u5206\u6570\u3002\u8be5\u503c\u8868\u793a\u65f6\u95f4\u95f4\u9694\u5185\u7684\u5e73\u5747\u503c\uff0c\u800c\u4e0d\u662f\u77ac\u65f6\u503c\u3002\u8f83\u9ad8\u7684\u503c\u8868\u793a\u8bbe\u5907\u5185\u5b58\u7684\u5229\u7528\u7387\u8f83\u9ad8\u3002\u8be5\u503c\u4e3a 1\uff08100%\uff09\u8868\u793a\u5728\u6574\u4e2a\u65f6\u95f4\u95f4\u9694\u5185\u7684\u6bcf\u4e2a\u5468\u671f\u6267\u884c\u4e00\u6761 DRAM \u6307\u4ee4\uff08\u5b9e\u9645\u4e0a\uff0c\u5cf0\u503c\u7ea6\u4e3a 0.8 (80%) \u662f\u53ef\u5b9e\u73b0\u7684\u6700\u5927\u503c\uff09\u3002\u5047\u8bbe\u8be5\u503c\u4e3a 0.2\uff0820%\uff09\uff0c\u8868\u793a 20% \u7684\u5468\u671f\u5728\u65f6\u95f4\u95f4\u9694\u5185\u8bfb\u53d6\u6216\u5199\u5165\u8bbe\u5907\u5185\u5b58\u3002 Tensor \u6838\u5fc3\u5f15\u64ce\u4f7f\u7528\u7387 \u8868\u793a\u5728\u4e00\u4e2a\u76d1\u63a7\u5468\u671f\u5185\uff0cTensor Core \u7ba1\u9053\uff08Pipe\uff09\u5904\u4e8e Active \u65f6\u95f4\u5360\u603b\u65f6\u95f4\u7684\u6bd4\u4f8b FP16 \u5f15\u64ce\u4f7f\u7528\u7387 \u8868\u793a\u5728\u4e00\u4e2a\u76d1\u63a7\u5468\u671f\u5185\uff0cFP16 \u7ba1\u9053\u5904\u4e8e Active \u7684\u65f6\u95f4\u5360\u603b\u7684\u65f6\u95f4\u7684\u6bd4\u4f8b FP32 \u5f15\u64ce\u4f7f\u7528\u7387 \u8868\u793a\u5728\u4e00\u4e2a\u76d1\u63a7\u5468\u671f\u5185\uff0cFP32 \u7ba1\u9053\u5904\u4e8e Active \u7684\u65f6\u95f4\u5360\u603b\u7684\u65f6\u95f4\u7684\u6bd4\u4f8b FP64 \u5f15\u64ce\u4f7f\u7528\u7387 \u8868\u793a\u5728\u4e00\u4e2a\u76d1\u63a7\u5468\u671f\u5185\uff0cFP64 \u7ba1\u9053\u5904\u4e8e Active \u7684\u65f6\u95f4\u5360\u603b\u7684\u65f6\u95f4\u7684\u6bd4\u4f8b GPU \u89e3\u7801\u4f7f\u7528\u7387 GPU \u5361\u89e3\u7801\u5f15\u64ce\u6bd4\u7387 GPU \u7f16\u7801\u4f7f\u7528\u7387 GPU \u5361\u7f16\u7801\u5f15\u64ce\u6bd4\u7387 GPU \u5361 - \u6e29\u5ea6 & \u529f\u8017 GPU \u5361\u6e29\u5ea6 \u96c6\u7fa4\u4e0b\u6240\u6709 GPU \u5361\u7684\u6e29\u5ea6 GPU \u5361\u529f\u7387 \u96c6\u7fa4\u4e0b\u6240\u6709 GPU \u5361\u7684\u529f\u7387 GPU \u5361 - \u603b\u8017\u80fd GPU \u5361\u603b\u5171\u6d88\u8017\u7684\u80fd\u91cf GPU \u5361 - Clock GPU \u5361\u5185\u5b58\u9891\u7387 \u5185\u5b58\u9891\u7387 GPU \u5361\u5e94\u7528SM \u65f6\u949f\u9891\u7387 \u5e94\u7528\u7684 SM \u65f6\u949f\u9891\u7387 GPU \u5361\u5e94\u7528\u5185\u5b58\u9891\u7387 \u5e94\u7528\u5185\u5b58\u9891\u7387 GPU \u5361\u89c6\u9891\u5f15\u64ce\u9891\u7387 \u89c6\u9891\u5f15\u64ce\u9891\u7387 GPU \u5361\u964d\u9891\u539f\u56e0 \u964d\u9891\u539f\u56e0 GPU \u5361 - \u5176\u4ed6\u7ec6\u8282 \u56fe\u5f62\u5f15\u64ce\u6d3b\u52a8 \u56fe\u5f62\u6216\u8ba1\u7b97\u5f15\u64ce\u7684\u4efb\u4f55\u90e8\u5206\u5904\u4e8e\u6d3b\u52a8\u72b6\u6001\u7684\u65f6\u95f4\u6bd4\u4f8b\u3002\u5982\u679c\u56fe\u5f62/\u8ba1\u7b97\u4e0a\u4e0b\u6587\u5df2\u7ed1\u5b9a\u4e14\u56fe\u5f62/\u8ba1\u7b97\u7ba1\u9053\u7e41\u5fd9\uff0c\u5219\u56fe\u5f62\u5f15\u64ce\u5904\u4e8e\u6d3b\u52a8\u72b6\u6001\u3002\u8be5\u503c\u8868\u793a\u65f6\u95f4\u95f4\u9694\u5185\u7684\u5e73\u5747\u503c\uff0c\u800c\u4e0d\u662f\u77ac\u65f6\u503c\u3002 SM\u6d3b\u52a8 \u591a\u5904\u7406\u5668\u4e0a\u81f3\u5c11\u4e00\u4e2a Warp \u5904\u4e8e\u6d3b\u52a8\u72b6\u6001\u7684\u65f6\u95f4\u6bd4\u4f8b\uff0c\u6240\u6709\u591a\u5904\u7406\u5668\u7684\u5e73\u5747\u503c\u3002\u8bf7\u6ce8\u610f\uff0c\u201c\u6d3b\u52a8\u201d\u5e76\u4e0d\u4e00\u5b9a\u610f\u5473\u7740 Warp \u6b63\u5728\u79ef\u6781\u8ba1\u7b97\u3002\u4f8b\u5982\uff0c\u7b49\u5f85\u5185\u5b58\u8bf7\u6c42\u7684 Warp \u88ab\u89c6\u4e3a\u6d3b\u52a8\u72b6\u6001\u3002\u8be5\u503c\u8868\u793a\u65f6\u95f4\u95f4\u9694\u5185\u7684\u5e73\u5747\u503c\uff0c\u800c\u4e0d\u662f\u77ac\u65f6\u503c\u30020.8 \u6216\u66f4\u5927\u7684\u503c\u662f\u6709\u6548\u4f7f\u7528 GPU \u7684\u5fc5\u8981\u6761\u4ef6\uff0c\u4f46\u8fd8\u4e0d\u591f\u3002\u5c0f\u4e8e 0.5 \u7684\u503c\u53ef\u80fd\u8868\u793a GPU \u4f7f\u7528\u6548\u7387\u4f4e\u4e0b\u3002\u7ed9\u51fa\u4e00\u4e2a\u7b80\u5316\u7684 GPU \u67b6\u6784\u89c6\u56fe\uff0c\u5982\u679c GPU \u6709 N \u4e2a SM\uff0c\u5219\u4f7f\u7528 N \u4e2a\u5757\u5e76\u5728\u6574\u4e2a\u65f6\u95f4\u95f4\u9694\u5185\u8fd0\u884c\u7684\u5185\u6838\u5c06\u5bf9\u5e94\u4e8e\u6d3b\u52a8 1\uff08100%\uff09\u3002\u4f7f\u7528 N/5 \u4e2a\u5757\u5e76\u5728\u6574\u4e2a\u65f6\u95f4\u95f4\u9694\u5185\u8fd0\u884c\u7684\u5185\u6838\u5c06\u5bf9\u5e94\u4e8e\u6d3b\u52a8 0.2\uff0820%\uff09\u3002\u4f7f\u7528 N \u4e2a\u5757\u5e76\u8fd0\u884c\u4e94\u5206\u4e4b\u4e00\u65f6\u95f4\u95f4\u9694\u7684\u5185\u6838\uff0c\u5982\u679c SM \u5904\u4e8e\u7a7a\u95f2\u72b6\u6001\uff0c\u5219\u6d3b\u52a8\u4e5f\u5c06\u4e3a 0.2\uff0820%\uff09\u3002\u8be5\u503c\u4e0e\u6bcf\u4e2a\u5757\u7684\u7ebf\u7a0b\u6570\u65e0\u5173\uff08\u53c2\u89c1DCGM_FI_PROF_SM_OCCUPANCY\uff09\u3002 SM \u5165\u4f4f\u7387 \u591a\u5904\u7406\u5668\u4e0a\u9a7b\u7559 Warp \u7684\u6bd4\u4f8b\uff0c\u76f8\u5bf9\u4e8e\u591a\u5904\u7406\u5668\u4e0a\u652f\u6301\u7684\u6700\u5927\u5e76\u53d1 Warp \u6570\u3002\u8be5\u503c\u8868\u793a\u65f6\u95f4\u95f4\u9694\u5185\u7684\u5e73\u5747\u503c\uff0c\u800c\u4e0d\u662f\u77ac\u65f6\u503c\u3002\u5360\u7528\u7387\u8d8a\u9ad8\u5e76\u4e0d\u4e00\u5b9a\u8868\u793a GPU \u4f7f\u7528\u7387\u8d8a\u9ad8\u3002\u5bf9\u4e8e GPU \u5185\u5b58\u5e26\u5bbd\u53d7\u9650\u7684\u5de5\u4f5c\u8d1f\u8f7d\uff08\u53c2\u89c1DCGM_FI_PROF_DRAM_ACTIVE\uff09\uff0c\u5360\u7528\u7387\u8d8a\u9ad8\u8868\u660e GPU \u4f7f\u7528\u7387\u8d8a\u9ad8\u3002\u4f46\u662f\uff0c\u5982\u679c\u5de5\u4f5c\u8d1f\u8f7d\u662f\u8ba1\u7b97\u53d7\u9650\u7684\uff08\u5373\u4e0d\u53d7 GPU \u5185\u5b58\u5e26\u5bbd\u6216\u5ef6\u8fdf\u9650\u5236\uff09\uff0c\u5219\u5360\u7528\u7387\u8d8a\u9ad8\u5e76\u4e0d\u4e00\u5b9a\u4e0e GPU \u4f7f\u7528\u7387\u8d8a\u9ad8\u76f8\u5173\u3002\u8ba1\u7b97\u5360\u7528\u7387\u5e76\u4e0d\u7b80\u5355\uff0c\u5b83\u53d6\u51b3\u4e8e GPU \u5c5e\u6027\u3001\u6bcf\u4e2a\u5757\u7684\u7ebf\u7a0b\u6570\u3001\u6bcf\u4e2a\u7ebf\u7a0b\u7684\u5bc4\u5b58\u5668\u4ee5\u53ca\u6bcf\u4e2a\u5757\u7684\u5171\u4eab\u5185\u5b58\u7b49\u56e0\u7d20\u3002\u4f7f\u7528CUDA \u5360\u7528\u7387\u8ba1\u7b97\u5668 \u63a2\u7d22\u5404\u79cd\u5360\u7528\u7387\u573a\u666f\u3002 \u5f20\u91cf\u6d3b\u52a8 \u5f20\u91cf (HMMA / IMMA) \u7ba1\u9053\u5904\u4e8e\u6d3b\u52a8\u72b6\u6001\u7684\u5468\u671f\u5206\u6570\u3002\u8be5\u503c\u8868\u793a\u65f6\u95f4\u95f4\u9694\u5185\u7684\u5e73\u5747\u503c\uff0c\u800c\u4e0d\u662f\u77ac\u65f6\u503c\u3002\u503c\u8d8a\u9ad8\uff0c\u5f20\u91cf\u6838\u5fc3\u7684\u5229\u7528\u7387\u8d8a\u9ad8\u3002\u6d3b\u52a8 1 (100%) \u76f8\u5f53\u4e8e\u5728\u6574\u4e2a\u65f6\u95f4\u95f4\u9694\u5185\u6bcf\u9694\u4e00\u4e2a\u5468\u671f\u53d1\u51fa\u4e00\u4e2a\u5f20\u91cf\u6307\u4ee4\u3002\u6d3b\u52a8 0.2 (20%) \u53ef\u80fd\u8868\u793a 20% \u7684 SM \u5728\u6574\u4e2a\u65f6\u95f4\u6bb5\u5185\u7684\u5229\u7528\u7387\u4e3a 100%\uff0c100% \u7684 SM \u5728\u6574\u4e2a\u65f6\u95f4\u6bb5\u5185\u7684\u5229\u7528\u7387\u4e3a 20%\uff0c100% \u7684 SM \u5728 20% \u7684\u65f6\u95f4\u6bb5\u5185\u7684\u5229\u7528\u7387\u4e3a 100%\uff0c\u6216\u8005\u4ecb\u4e8e\u4e24\u8005\u4e4b\u95f4\u7684\u4efb\u4f55\u7ec4\u5408\uff08\u8bf7\u53c2\u9605DCGM_FI_PROF_SM_ACTIVE\u4ee5\u5e2e\u52a9\u6d88\u9664\u8fd9\u4e9b\u53ef\u80fd\u6027\u7684\u6b67\u4e49\uff09\u3002 FP64 \u5f15\u64ce\u6d3b\u52a8 FP64\uff08\u53cc\u7cbe\u5ea6\uff09\u7ba1\u9053\u5904\u4e8e\u6d3b\u52a8\u72b6\u6001\u7684\u5468\u671f\u5206\u6570\u3002\u8be5\u503c\u8868\u793a\u65f6\u95f4\u95f4\u9694\u5185\u7684\u5e73\u5747\u503c\uff0c\u800c\u4e0d\u662f\u77ac\u65f6\u503c\u3002\u503c\u8d8a\u9ad8\uff0cFP64 \u6838\u5fc3\u7684\u5229\u7528\u7387\u8d8a\u9ad8\u3002\u6d3b\u52a8\u91cf 1\uff08100%\uff09\u76f8\u5f53\u4e8e\u6574\u4e2a\u65f6\u95f4\u95f4\u9694\u5185 Volta \u4e0a\u6bcf\u56db\u4e2a\u5468\u671f\u7684\u6bcf\u4e2a SM\u4e0a\u6267\u884c\u4e00\u6761 FP64 \u6307\u4ee4 \u3002\u6d3b\u52a8\u91cf 0.2\uff0820%\uff09\u53ef\u80fd\u8868\u793a 20% \u7684 SM \u5728\u6574\u4e2a\u65f6\u95f4\u6bb5\u5185\u5229\u7528\u7387\u4e3a 100%\uff0c100% \u7684 SM \u5728\u6574\u4e2a\u65f6\u95f4\u6bb5\u5185\u5229\u7528\u7387\u4e3a 20%\uff0c100% \u7684 SM \u5728 20% \u7684\u65f6\u95f4\u6bb5\u5185\u5229\u7528\u7387\u4e3a 100%\uff0c\u6216\u8005\u4ecb\u4e8e\u4e24\u8005\u4e4b\u95f4\u7684\u4efb\u4f55\u7ec4\u5408\uff08\u8bf7\u53c2\u9605 DCGM_FI_PROF_SM_ACTIVE \u4ee5\u5e2e\u52a9\u6d88\u9664\u8fd9\u4e9b\u53ef\u80fd\u6027\u7684\u6b67\u4e49\uff09\u3002 FP32 \u5f15\u64ce\u6d3b\u52a8 FMA\uff08FP32\uff08\u5355\u7cbe\u5ea6\uff09\u548c\u6574\u6570\uff09\u7ba1\u9053\u5904\u4e8e\u6d3b\u52a8\u72b6\u6001\u7684\u5468\u671f\u5206\u6570\u3002\u8be5\u503c\u8868\u793a\u65f6\u95f4\u95f4\u9694\u5185\u7684\u5e73\u5747\u503c\uff0c\u800c\u4e0d\u662f\u77ac\u65f6\u503c\u3002\u503c\u8d8a\u9ad8\uff0cFP32 \u6838\u5fc3\u7684\u5229\u7528\u7387\u8d8a\u9ad8\u3002\u6d3b\u52a8\u91cf 1\uff08100%\uff09\u76f8\u5f53\u4e8e\u6574\u4e2a\u65f6\u95f4\u95f4\u9694\u5185\u6bcf\u9694\u4e00\u4e2a\u5468\u671f\u6267\u884c\u4e00\u6b21 FP32 \u6307\u4ee4\u3002\u6d3b\u52a8\u91cf 0.2\uff0820%\uff09\u53ef\u80fd\u8868\u793a 20% \u7684 SM \u5728\u6574\u4e2a\u65f6\u95f4\u6bb5\u5185\u5229\u7528\u7387\u4e3a 100%\uff0c100% \u7684 SM \u5728\u6574\u4e2a\u65f6\u95f4\u6bb5\u5185\u5229\u7528\u7387\u4e3a 20%\uff0c100% \u7684 SM \u5728 20% \u7684\u65f6\u95f4\u6bb5\u5185\u5229\u7528\u7387\u4e3a 100%\uff0c\u6216\u8005\u4e24\u8005\u4e4b\u95f4\u7684\u4efb\u4f55\u7ec4\u5408\uff08\u8bf7\u53c2\u9605DCGM_FI_PROF_SM_ACTIVE\u4ee5\u5e2e\u52a9\u6d88\u9664\u8fd9\u4e9b\u53ef\u80fd\u6027\u7684\u6b67\u4e49\uff09\u3002 FP16 \u5f15\u64ce\u6d3b\u52a8 FP16\uff08\u534a\u7cbe\u5ea6\uff09\u7ba1\u9053\u5904\u4e8e\u6d3b\u52a8\u72b6\u6001\u7684\u5468\u671f\u5206\u6570\u3002\u8be5\u503c\u8868\u793a\u65f6\u95f4\u95f4\u9694\u5185\u7684\u5e73\u5747\u503c\uff0c\u800c\u4e0d\u662f\u77ac\u65f6\u503c\u3002\u503c\u8d8a\u9ad8\uff0cFP16 \u6838\u5fc3\u7684\u5229\u7528\u7387\u8d8a\u9ad8\u3002\u6d3b\u52a8\u91cf 1\uff08100%\uff09\u76f8\u5f53\u4e8e\u6574\u4e2a\u65f6\u95f4\u95f4\u9694\u5185\u6bcf\u9694\u4e00\u4e2a\u5468\u671f\u6267\u884c\u4e00\u6b21 FP16 \u6307\u4ee4\u3002\u6d3b\u52a8\u91cf 0.2\uff0820%\uff09\u53ef\u80fd\u8868\u793a 20% \u7684 SM \u5728\u6574\u4e2a\u65f6\u95f4\u6bb5\u5185\u5229\u7528\u7387\u4e3a 100%\uff0c100% \u7684 SM \u5728\u6574\u4e2a\u65f6\u95f4\u6bb5\u5185\u5229\u7528\u7387\u4e3a 20%\uff0c100% \u7684 SM \u5728 20% \u7684\u65f6\u95f4\u6bb5\u5185\u5229\u7528\u7387\u4e3a 100%\uff0c\u6216\u8005\u4ecb\u4e8e\u4e24\u8005\u4e4b\u95f4\u7684\u4efb\u4f55\u7ec4\u5408\uff08\u8bf7\u53c2\u9605DCGM_FI_PROF_SM_ACTIVE\u4ee5\u5e2e\u52a9\u6d88\u9664\u8fd9\u4e9b\u53ef\u80fd\u6027\u7684\u6b67\u4e49\uff09\u3002 \u5185\u5b58\u5e26\u5bbd\u5229\u7528\u7387 \u5411\u8bbe\u5907\u5185\u5b58\u53d1\u9001\u6570\u636e\u6216\u4ece\u8bbe\u5907\u5185\u5b58\u63a5\u6536\u6570\u636e\u7684\u5468\u671f\u6bd4\u4f8b\u3002\u8be5\u503c\u8868\u793a\u65f6\u95f4\u95f4\u9694\u5185\u7684\u5e73\u5747\u503c\uff0c\u800c\u4e0d\u662f\u77ac\u65f6\u503c\u3002\u503c\u8d8a\u9ad8\uff0c\u8bbe\u5907\u5185\u5b58\u7684\u5229\u7528\u7387\u8d8a\u9ad8\u3002\u6d3b\u52a8\u7387\u4e3a 1 (100%) \u76f8\u5f53\u4e8e\u6574\u4e2a\u65f6\u95f4\u95f4\u9694\u5185\u6bcf\u4e2a\u5468\u671f\u6267\u884c\u4e00\u6761 DRAM \u6307\u4ee4\uff08\u5b9e\u9645\u4e0a\uff0c\u5cf0\u503c\u7ea6\u4e3a 0.8 (80%) \u662f\u53ef\u5b9e\u73b0\u7684\u6700\u5927\u503c\uff09\u3002\u6d3b\u52a8\u7387\u4e3a 0.2 (20%) \u8868\u793a\u5728\u65f6\u95f4\u95f4\u9694\u5185\u6709 20% \u7684\u5468\u671f\u6b63\u5728\u8bfb\u53d6\u6216\u5199\u5165\u8bbe\u5907\u5185\u5b58\u3002 NVLink \u5e26\u5bbd \u901a\u8fc7 NVLink \u4f20\u8f93/\u63a5\u6536\u7684\u6570\u636e\u901f\u7387\uff08\u4e0d\u5305\u62ec\u534f\u8bae\u6807\u5934\uff09\uff0c\u4ee5\u6bcf\u79d2\u5b57\u8282\u6570\u4e3a\u5355\u4f4d\u3002\u8be5\u503c\u8868\u793a\u4e00\u6bb5\u65f6\u95f4\u5185\u7684\u5e73\u5747\u503c\uff0c\u800c\u4e0d\u662f\u77ac\u65f6\u503c\u3002\u901f\u7387\u662f\u4e00\u6bb5\u65f6\u95f4\u5185\u7684\u5e73\u5747\u503c\u3002\u4f8b\u5982\uff0c\u5982\u679c 1 \u79d2\u5185\u4f20\u8f93\u4e86 1 GB \u7684\u6570\u636e\uff0c\u5219\u65e0\u8bba\u6570\u636e\u662f\u4ee5\u6052\u5b9a\u901f\u7387\u8fd8\u662f\u7a81\u53d1\u901f\u7387\u4f20\u8f93\uff0c\u901f\u7387\u90fd\u662f 1 GB/s\u3002\u7406\u8bba\u4e0a\uff0c\u6bcf\u4e2a\u94fe\u8def\u6bcf\u4e2a\u65b9\u5411\u7684\u6700\u5927 NVLink Gen2 \u5e26\u5bbd\u4e3a 25 GB/s\u3002 PCIe \u5e26\u5bbd \u901a\u8fc7 PCIe \u603b\u7ebf\u4f20\u8f93/\u63a5\u6536\u7684\u6570\u636e\u901f\u7387\uff0c\u5305\u62ec\u534f\u8bae\u6807\u5934\u548c\u6570\u636e\u6709\u6548\u8d1f\u8f7d\uff0c\u4ee5\u5b57\u8282/\u79d2\u4e3a\u5355\u4f4d\u3002\u8be5\u503c\u8868\u793a\u4e00\u6bb5\u65f6\u95f4\u5185\u7684\u5e73\u5747\u503c\uff0c\u800c\u4e0d\u662f\u77ac\u65f6\u503c\u3002\u8be5\u901f\u7387\u662f\u4e00\u6bb5\u65f6\u95f4\u5185\u7684\u5e73\u5747\u503c\u3002\u4f8b\u5982\uff0c\u5982\u679c 1 \u79d2\u5185\u4f20\u8f93\u4e86 1 GB \u7684\u6570\u636e\uff0c\u5219\u65e0\u8bba\u6570\u636e\u662f\u4ee5\u6052\u5b9a\u901f\u7387\u8fd8\u662f\u7a81\u53d1\u901f\u7387\u4f20\u8f93\uff0c\u901f\u7387\u90fd\u662f 1 GB/s\u3002\u7406\u8bba\u4e0a\u6700\u5927 PCIe Gen3 \u5e26\u5bbd\u4e3a\u6bcf\u901a\u9053 985 MB/s\u3002 PCIe \u4f20\u8f93\u901f\u7387 \u8282\u70b9 GPU \u5361\u901a\u8fc7 PCIe \u603b\u7ebf\u4f20\u8f93\u7684\u6570\u636e\u901f\u7387 PCIe \u63a5\u6536\u901f\u7387 \u8282\u70b9 GPU \u5361\u901a\u8fc7 PCIe \u603b\u7ebf\u63a5\u6536\u7684\u6570\u636e\u901f\u7387"},{"location":"admin/kpanda/gpu/nvidia/mig/index.html","title":"NVIDIA \u591a\u5b9e\u4f8b GPU(MIG) \u6982\u8ff0","text":""},{"location":"admin/kpanda/gpu/nvidia/mig/index.html#mig","title":"MIG \u573a\u666f","text":"\u591a\u79df\u6237\u4e91\u73af\u5883
MIG \u5141\u8bb8\u4e91\u670d\u52a1\u63d0\u4f9b\u5546\u5c06\u4e00\u5757\u7269\u7406 GPU \u5212\u5206\u4e3a\u591a\u4e2a\u72ec\u7acb\u7684 GPU \u5b9e\u4f8b\uff0c\u6bcf\u4e2a\u5b9e\u4f8b\u53ef\u4ee5\u72ec\u7acb\u5206\u914d\u7ed9\u4e0d\u540c\u7684\u79df\u6237\u3002\u8fd9\u6837\u53ef\u4ee5\u5b9e\u73b0\u8d44\u6e90\u7684\u9694\u79bb\u548c\u72ec\u7acb\u6027\uff0c\u6ee1\u8db3\u591a\u4e2a\u79df\u6237\u5bf9 GPU \u8ba1\u7b97\u80fd\u529b\u7684\u9700\u6c42\u3002
\u5bb9\u5668\u5316\u5e94\u7528\u7a0b\u5e8f
MIG \u53ef\u4ee5\u5728\u5bb9\u5668\u5316\u73af\u5883\u4e2d\u5b9e\u73b0\u66f4\u7ec6\u7c92\u5ea6\u7684 GPU \u8d44\u6e90\u7ba1\u7406\u3002\u901a\u8fc7\u5c06\u7269\u7406 GPU \u5212\u5206\u4e3a\u591a\u4e2a MIG \u5b9e\u4f8b\uff0c\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u5bb9\u5668\u5206\u914d\u72ec\u7acb\u7684 GPU \u8ba1\u7b97\u8d44\u6e90\uff0c\u63d0\u4f9b\u66f4\u597d\u7684\u6027\u80fd\u9694\u79bb\u548c\u8d44\u6e90\u5229\u7528\u3002
\u6279\u5904\u7406\u4f5c\u4e1a
\u5bf9\u4e8e\u9700\u8981\u5927\u89c4\u6a21\u5e76\u884c\u8ba1\u7b97\u7684\u6279\u5904\u7406\u4f5c\u4e1a\uff0cMIG \u53ef\u4ee5\u63d0\u4f9b\u66f4\u9ad8\u7684\u8ba1\u7b97\u6027\u80fd\u548c\u66f4\u5927\u7684\u663e\u5b58\u5bb9\u91cf\u3002\u6bcf\u4e2a MIG \u5b9e\u4f8b\u53ef\u4ee5\u5229\u7528\u7269\u7406 GPU \u7684\u4e00\u90e8\u5206\u8ba1\u7b97\u8d44\u6e90\uff0c\u4ece\u800c\u52a0\u901f\u5927\u89c4\u6a21\u8ba1\u7b97\u4efb\u52a1\u7684\u5904\u7406\u3002
AI/\u673a\u5668\u5b66\u4e60\u8bad\u7ec3
MIG \u53ef\u4ee5\u5728\u8bad\u7ec3\u5927\u89c4\u6a21\u6df1\u5ea6\u5b66\u4e60\u6a21\u578b\u65f6\u63d0\u4f9b\u66f4\u5927\u7684\u8ba1\u7b97\u80fd\u529b\u548c\u663e\u5b58\u5bb9\u91cf\u3002\u5c06\u7269\u7406 GPU \u5212\u5206\u4e3a\u591a\u4e2a MIG \u5b9e\u4f8b\uff0c\u6bcf\u4e2a\u5b9e\u4f8b\u53ef\u4ee5\u72ec\u7acb\u8fdb\u884c\u6a21\u578b\u8bad\u7ec3\uff0c\u63d0\u9ad8\u8bad\u7ec3\u6548\u7387\u548c\u541e\u5410\u91cf\u3002
\u603b\u4f53\u800c\u8a00\uff0cNVIDIA MIG \u9002\u7528\u4e8e\u9700\u8981\u66f4\u7ec6\u7c92\u5ea6\u7684GPU\u8d44\u6e90\u5206\u914d\u548c\u7ba1\u7406\u7684\u573a\u666f\uff0c\u53ef\u4ee5\u5b9e\u73b0\u8d44\u6e90\u7684\u9694\u79bb\u3001\u63d0\u9ad8\u6027\u80fd\u5229\u7528\u7387\uff0c\u5e76\u4e14\u6ee1\u8db3\u591a\u4e2a\u7528\u6237\u6216\u5e94\u7528\u7a0b\u5e8f\u5bf9 GPU \u8ba1\u7b97\u80fd\u529b\u7684\u9700\u6c42\u3002
"},{"location":"admin/kpanda/gpu/nvidia/mig/index.html#mig_1","title":"MIG \u6982\u8ff0","text":"NVIDIA \u591a\u5b9e\u4f8b GPU\uff08Multi-Instance GPU\uff0c\u7b80\u79f0 MIG\uff09\u662f NVIDIA \u5728 H100\uff0cA100\uff0cA30 \u7cfb\u5217 GPU \u5361\u4e0a\u63a8\u51fa\u7684\u4e00\u9879\u65b0\u7279\u6027\uff0c \u65e8\u5728\u5c06\u4e00\u5757\u7269\u7406 GPU \u5206\u5272\u4e3a\u591a\u4e2a GPU \u5b9e\u4f8b\uff0c\u4ee5\u63d0\u4f9b\u66f4\u7ec6\u7c92\u5ea6\u7684\u8d44\u6e90\u5171\u4eab\u548c\u9694\u79bb\u3002MIG \u6700\u591a\u53ef\u5c06\u4e00\u5757 GPU \u5212\u5206\u6210\u4e03\u4e2a GPU \u5b9e\u4f8b\uff0c \u4f7f\u5f97\u4e00\u4e2a \u7269\u7406 GPU \u5361\u53ef\u4e3a\u591a\u4e2a\u7528\u6237\u63d0\u4f9b\u5355\u72ec\u7684 GPU \u8d44\u6e90\uff0c\u4ee5\u5b9e\u73b0\u6700\u4f73 GPU \u5229\u7528\u7387\u3002
\u8fd9\u4e2a\u529f\u80fd\u4f7f\u5f97\u591a\u4e2a\u5e94\u7528\u7a0b\u5e8f\u6216\u7528\u6237\u53ef\u4ee5\u540c\u65f6\u5171\u4eabGPU\u8d44\u6e90\uff0c\u63d0\u9ad8\u4e86\u8ba1\u7b97\u8d44\u6e90\u7684\u5229\u7528\u7387\uff0c\u5e76\u589e\u52a0\u4e86\u7cfb\u7edf\u7684\u53ef\u6269\u5c55\u6027\u3002
\u901a\u8fc7 MIG\uff0c\u6bcf\u4e2a GPU \u5b9e\u4f8b\u7684\u5904\u7406\u5668\u5728\u6574\u4e2a\u5185\u5b58\u7cfb\u7edf\u4e2d\u5177\u6709\u72ec\u7acb\u4e14\u9694\u79bb\u7684\u8def\u5f84\u2014\u2014\u82af\u7247\u4e0a\u7684\u4ea4\u53c9\u5f00\u5173\u7aef\u53e3\u3001L2 \u9ad8\u901f\u7f13\u5b58\u7ec4\u3001\u5185\u5b58\u63a7\u5236\u5668\u548c DRAM \u5730\u5740\u603b\u7ebf\u90fd\u552f\u4e00\u5206\u914d\u7ed9\u5355\u4e2a\u5b9e\u4f8b\u3002
\u8fd9\u786e\u4fdd\u4e86\u5355\u4e2a\u7528\u6237\u7684\u5de5\u4f5c\u8d1f\u8f7d\u80fd\u591f\u4ee5\u53ef\u9884\u6d4b\u7684\u541e\u5410\u91cf\u548c\u5ef6\u8fdf\u8fd0\u884c\uff0c\u5e76\u5177\u6709\u76f8\u540c\u7684\u4e8c\u7ea7\u7f13\u5b58\u5206\u914d\u548c DRAM \u5e26\u5bbd\u3002 MIG \u53ef\u4ee5\u5212\u5206\u53ef\u7528\u7684 GPU \u8ba1\u7b97\u8d44\u6e90\uff08\u5305\u62ec\u6d41\u591a\u5904\u7406\u5668\u6216 SM \u548c GPU \u5f15\u64ce\uff0c\u5982\u590d\u5236\u5f15\u64ce\u6216\u89e3\u7801\u5668\uff09\u8fdb\u884c\u5206\u533a\uff0c \u4ee5\u4fbf\u4e3a\u4e0d\u540c\u7684\u5ba2\u6237\u7aef\uff08\u5982\u4e91\u4e3b\u673a\u3001\u5bb9\u5668\u6216\u8fdb\u7a0b\uff09\u63d0\u4f9b\u5b9a\u4e49\u7684\u670d\u52a1\u8d28\u91cf\uff08QoS\uff09\u548c\u6545\u969c\u9694\u79bb\uff09\u3002 MIG \u4f7f\u591a\u4e2a GPU \u5b9e\u4f8b\u80fd\u591f\u5728\u5355\u4e2a\u7269\u7406 GPU \u4e0a\u5e76\u884c\u8fd0\u884c\u3002
MIG \u5141\u8bb8\u591a\u4e2a vGPU\uff08\u4ee5\u53ca\u4e91\u4e3b\u673a\uff09\u5728\u5355\u4e2a GPU \u5b9e\u4f8b\u4e0a\u5e76\u884c\u8fd0\u884c\uff0c\u540c\u65f6\u4fdd\u7559 vGPU \u63d0\u4f9b\u7684\u9694\u79bb\u4fdd\u8bc1\u3002 \u6709\u5173\u4f7f\u7528 vGPU \u548c MIG \u8fdb\u884c GPU \u5206\u533a\u7684\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 NVIDIA Multi-Instance GPU and NVIDIA Virtual Compute Server\u3002
"},{"location":"admin/kpanda/gpu/nvidia/mig/index.html#mig_2","title":"MIG \u67b6\u6784","text":"\u5982\u4e0b\u662f\u4e00\u4e2a MIG \u7684\u6982\u8ff0\u56fe\uff0c\u53ef\u4ee5\u770b\u51fa MIG \u5c06\u4e00\u5f20\u7269\u7406 GPU \u5361\u865a\u62df\u5316\u6210\u4e86 7 \u4e2a GPU \u5b9e\u4f8b\uff0c\u8fd9\u4e9b GPU \u5b9e\u4f8b\u80fd\u591f\u53ef\u4ee5\u88ab\u591a\u4e2a User \u4f7f\u7528\u3002
"},{"location":"admin/kpanda/gpu/nvidia/mig/index.html#_1","title":"\u91cd\u8981\u6982\u5ff5","text":"\u672c\u8282\u4ecb\u7ecd\u5982\u4f55\u5728 GPU \u4e0a\u521b\u5efa\u5404\u79cd\u5206\u533a\u3002\u5c06\u4f7f\u7528 A100-40GB \u4f5c\u4e3a\u793a\u4f8b\u6f14\u793a\u5982\u4f55\u5bf9\u5355\u4e2a GPU \u7269\u7406\u5361\u4e0a\u8fdb\u884c\u5206\u533a\u3002
GPU \u7684\u5206\u533a\u662f\u4f7f\u7528\u5185\u5b58\u5207\u7247\u8fdb\u884c\u7684\uff0c\u56e0\u6b64\u53ef\u4ee5\u8ba4\u4e3a A100-40GB GPU \u5177\u6709 8x5GB \u5185\u5b58\u5207\u7247\u548c 7 \u4e2a GPU SM \u5207\u7247\uff0c\u5982\u4e0b\u56fe\u6240\u793a\uff0c\u5c55\u793a\u4e86 A100 \u4e0a\u53ef\u7528\u7684\u5185\u5b58\u5207\u7247\u3002
\u5982\u4e0a\u6240\u8ff0\uff0c\u521b\u5efa GPU \u5b9e\u4f8b \uff08GI\uff09 \u9700\u8981\u5c06\u4e00\u5b9a\u6570\u91cf\u7684\u5185\u5b58\u5207\u7247\u4e0e\u4e00\u5b9a\u6570\u91cf\u7684\u8ba1\u7b97\u5207\u7247\u76f8\u7ed3\u5408\u3002 \u5728\u4e0b\u56fe\u4e2d\uff0c\u4e00\u4e2a 5GB \u5185\u5b58\u5207\u7247\u4e0e 1 \u4e2a\u8ba1\u7b97\u5207\u7247\u76f8\u7ed3\u5408\uff0c\u4ee5\u521b\u5efa 1g.5gb GI \u914d\u7f6e\u6587\u4ef6\uff1a
\u540c\u6837\uff0c4x5GB \u5185\u5b58\u5207\u7247\u53ef\u4ee5\u4e0e 4x1 \u8ba1\u7b97\u5207\u7247\u7ed3\u5408\u4f7f\u7528\u4ee5\u521b\u5efa 4g.20gb \u7684 GI \u914d\u7f6e\u6587\u4ef6\uff1a
"},{"location":"admin/kpanda/gpu/nvidia/mig/index.html#ci","title":"\u8ba1\u7b97\u5b9e\u4f8b\uff08CI\uff09","text":"GPU \u5b9e\u4f8b\u7684\u8ba1\u7b97\u5207\u7247(GI)\u53ef\u4ee5\u8fdb\u4e00\u6b65\u7ec6\u5206\u4e3a\u591a\u4e2a\u8ba1\u7b97\u5b9e\u4f8b\uff08CI\uff09\uff0c\u5176\u4e2d CI \u5171\u4eab\u7236 GI \u7684\u5f15\u64ce\u548c\u5185\u5b58\uff0c \u4f46\u6bcf\u4e2a CI \u90fd\u6709\u4e13\u7528\u7684 SM \u8d44\u6e90\u3002\u4f7f\u7528\u4e0a\u9762\u7684\u76f8\u540c 4g.20gb \u793a\u4f8b\uff0c\u53ef\u4ee5\u521b\u5efa\u4e00\u4e2a CI \u4ee5\u4ec5\u4f7f\u7528\u7b2c\u4e00\u4e2a\u8ba1\u7b97\u5207\u7247\u7684 1c.4g.20gb \u8ba1\u7b97\u914d\u7f6e\uff0c\u5982\u4e0b\u56fe\u84dd\u8272\u90e8\u5206\u6240\u793a\uff1a
\u5728\u8fd9\u79cd\u60c5\u51b5\u4e0b\uff0c\u53ef\u4ee5\u901a\u8fc7\u9009\u62e9\u4efb\u4f55\u8ba1\u7b97\u5207\u7247\u6765\u521b\u5efa 4 \u4e2a\u4e0d\u540c\u7684 CI\u3002\u8fd8\u53ef\u4ee5\u5c06\u4e24\u4e2a\u8ba1\u7b97\u5207\u7247\u7ec4\u5408\u5728\u4e00\u8d77\u4ee5\u521b\u5efa 2c.4g.20gb \u7684\u8ba1\u7b97\u914d\u7f6e\uff09\uff1a
\u9664\u6b64\u4e4b\u5916\uff0c\u8fd8\u53ef\u4ee5\u7ec4\u5408 3 \u4e2a\u8ba1\u7b97\u5207\u7247\u4ee5\u521b\u5efa\u8ba1\u7b97\u914d\u7f6e\u6587\u4ef6\uff0c\u6216\u8005\u53ef\u4ee5\u7ec4\u5408\u6240\u6709 4 \u4e2a\u8ba1\u7b97\u5207\u7247\u4ee5\u521b\u5efa 3c.4g.20gb \u3001 4c.4g.20gb \u8ba1\u7b97\u914d\u7f6e\u6587\u4ef6\u3002 \u5408\u5e76\u6240\u6709 4 \u4e2a\u8ba1\u7b97\u5207\u7247\u65f6\uff0c\u914d\u7f6e\u6587\u4ef6\u7b80\u79f0\u4e3a 4g.20gb \u3002
"},{"location":"admin/kpanda/gpu/nvidia/mig/create_mig.html","title":"\u5f00\u542f MIG \u529f\u80fd","text":"\u672c\u7ae0\u8282\u4ecb\u7ecd\u5982\u4f55\u5f00\u542f NVIDIA MIG \u529f\u80fd\u65b9\u5f0f\uff0cNVIDIA \u5f53\u524d\u63d0\u4f9b\u4e24\u79cd\u5728 Kubernetes \u8282\u70b9\u4e0a\u516c\u5f00 MIG \u8bbe\u5907\u7684\u7b56\u7565\uff1a
\u8be6\u60c5\u53c2\u8003 NVIDIA GPU \u5361\u4f7f\u7528\u6a21\u5f0f\u3002
"},{"location":"admin/kpanda/gpu/nvidia/mig/create_mig.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u5b89\u88c5 Operator \u65f6\u9700\u8981\u5bf9\u5e94\u8bbe\u7f6e MigManager Config \u53c2\u6570\uff0c \u9ed8\u8ba4\u4e3a default-mig-parted-config \uff0c\u540c\u65f6\u4e5f\u53ef\u4ee5\u81ea\u5b9a\u4e49\u5207\u5206\u7b56\u7565\u914d\u7f6e\u6587\u4ef6\uff1a
"},{"location":"admin/kpanda/gpu/nvidia/mig/create_mig.html#_3","title":"\u81ea\u5b9a\u4e49\u5207\u5206\u7b56\u7565","text":" ## \u81ea\u5b9a\u4e49\u5207\u5206 GI \u5b9e\u4f8b\u914d\u7f6e\n all-disabled:\n - devices: all\n mig-enabled: false\n all-enabled:\n - devices: all\n mig-enabled: true\n mig-devices: {}\n all-1g.10gb:\n - devices: all\n mig-enabled: true\n mig-devices:\n 1g.5gb: 7\n all-1g.10gb.me:\n - devices: all\n mig-enabled: true\n mig-devices:\n 1g.10gb+me: 1\n all-1g.20gb:\n - devices: all\n mig-enabled: true\n mig-devices:\n 1g.20gb: 4\n all-2g.20gb:\n - devices: all\n mig-enabled: true\n mig-devices:\n 2g.20gb: 3\n all-3g.40gb:\n - devices: all\n mig-enabled: true\n mig-devices:\n 3g.40gb: 2\n all-4g.40gb:\n - devices: all\n mig-enabled: true\n mig-devices:\n 4g.40gb: 1\n all-7g.80gb:\n - devices: all\n mig-enabled: true\n mig-devices:\n 7g.80gb: 1\n all-balanced:\n - device-filter: [\"0x233110DE\", \"0x232210DE\", \"0x20B210DE\", \"0x20B510DE\", \"0x20F310DE\", \"0x20F510DE\"]\n devices: all\n mig-enabled: true\n mig-devices:\n 1g.10gb: 2\n 2g.20gb: 1\n 3g.40gb: 1\n # \u8bbe\u7f6e\u540e\u4f1a\u6309\u7167\u8bbe\u7f6e\u89c4\u683c\u5207\u5206 CI \u5b9e\u4f8b\n custom-config:\n - devices: all\n mig-enabled: true\n mig-devices:\n 3g.40gb: 2\n
\u5728\u4e0a\u8ff0\u7684 YAML \u4e2d\u8bbe\u7f6e custom-config \uff0c\u8bbe\u7f6e\u540e\u4f1a\u6309\u7167\u89c4\u683c\u5207\u5206 CI \u5b9e\u4f8b\u3002
custom-config:\n - devices: all\n mig-enabled: true\n mig-devices:\n 1c.3g.40gb: 6\n
\u8bbe\u7f6e\u5b8c\u6210\u540e\uff0c\u5728\u786e\u8ba4\u90e8\u7f72\u5e94\u7528\u65f6\u5373\u53ef\u4f7f\u7528 GPU MIG \u8d44\u6e90\u3002
"},{"location":"admin/kpanda/gpu/nvidia/mig/create_mig.html#gpu","title":"\u5207\u6362\u8282\u70b9 GPU \u6a21\u5f0f","text":"Note
\u5207\u6362 GPU \u6a21\u5f0f\u6216\u8005\u4fee\u6539\u5207\u5206\u89c4\u683c\u540e\u9700\u8981\u91cd\u542f nvidia-mig-manager\u3002
\u5f53\u6211\u4eec\u6210\u529f\u5b89\u88c5 gpu-operator \u4e4b\u540e\uff0c\u8282\u70b9\u9ed8\u8ba4\u662f\u6574\u5361\u6a21\u5f0f\uff0c\u5728\u8282\u70b9\u7ba1\u7406\u9875\u9762\u4f1a\u6709\u6807\u8bc6\uff0c\u5982\u4e0b\u56fe\u6240\u793a\uff1a
\u70b9\u51fb\u8282\u70b9\u5217\u8868\u53f3\u4fa7\u7684 \u2507 \uff0c\u9009\u62e9 GPU \u6a21\u5f0f\u5207\u6362 \uff0c\u7136\u540e\u9009\u62e9\u5bf9\u5e94\u7684 MIG \u6a21\u5f0f\u4ee5\u53ca\u5207\u5206\u7684\u7b56\u7565\uff0c\u8fd9\u91cc\u4ee5 MIXED \u6a21\u5f0f\u4e3a\u4f8b\uff1a
\u8fd9\u91cc\u4e00\u5171\u6709\u4e24\u4e2a\u914d\u7f6e\uff1a
\u70b9\u51fb \u786e\u5b9a \u6309\u94ae\u540e\uff0c\u7b49\u5f85\u7ea6\u4e00\u5206\u949f\u5de6\u53f3\u5237\u65b0\u9875\u9762\uff0cMIG \u6a21\u5f0f\u5207\u6362\u6210\uff1a
"},{"location":"admin/kpanda/gpu/nvidia/mig/mig_command.html","title":"MIG \u76f8\u5173\u547d\u4ee4","text":"GI \u76f8\u5173\u547d\u540d\uff1a
\u5b50\u547d\u4ee4 \u8bf4\u660e nvidia-smi mig -lgi \u67e5\u770b\u521b\u5efa GI \u5b9e\u4f8b\u5217\u8868 nvidia-smi mig -dgi -gi \u5220\u9664\u6307\u5b9a\u7684 GI \u5b9e\u4f8b nvidia-smi mig -lgip \u67e5\u770b GI \u7684 profile nvidia-smi mig -cgi \u901a\u8fc7\u6307\u5b9a profile \u7684 ID \u521b\u5efa GICI \u76f8\u5173\u547d\u4ee4\uff1a
\u5b50\u547d\u4ee4 \u8bf4\u660e nvidia-smi mig -lcip { -gi {gi Instance ID}} \u67e5\u770b CI \u7684 profile \uff0c\u6307\u5b9a -gi \u53ef\u4ee5\u67e5\u770b\u7279\u5b9a GI \u5b9e\u4f8b\u53ef\u4ee5\u521b\u5efa\u7684 CI nvidia-smi mig -lci \u67e5\u770b\u521b\u5efa\u7684 CI \u5b9e\u4f8b\u5217\u8868 nvidia-smi mig -cci {profile id} -gi {gi instance id} \u6307\u5b9a\u7684 GI \u521b\u5efa CI \u5b9e\u4f8b nvidia-smi mig -dci -ci \u5220\u9664\u6307\u5b9a CI \u5b9e\u4f8bGI+CI \u76f8\u5173\u547d\u4ee4\uff1a
\u5b50\u547d\u4ee4 \u8bf4\u660e nvidia-smi mig -i 0 -cgi {gi profile id} -C {ci profile id} \u76f4\u63a5\u521b\u5efa GI + CI \u5b9e\u4f8b"},{"location":"admin/kpanda/gpu/nvidia/mig/mig_usage.html","title":"\u4f7f\u7528 MIG GPU \u8d44\u6e90","text":"\u672c\u8282\u4ecb\u7ecd\u5e94\u7528\u5982\u4f55\u4f7f\u7528 MIG GPU \u8d44\u6e90\u3002
"},{"location":"admin/kpanda/gpu/nvidia/mig/mig_usage.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u786e\u8ba4\u96c6\u7fa4\u662f\u5426\u5df2\u8bc6\u522b GPU \u5361\u7c7b\u578b
\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 -> \u8282\u70b9\u7ba1\u7406 \uff0c\u67e5\u770b\u662f\u5426\u5df2\u6b63\u786e\u8bc6\u522b\u4e3a MIG \u6a21\u5f0f\u3002
\u901a\u8fc7\u955c\u50cf\u90e8\u7f72\u5e94\u7528\uff0c\u53ef\u9009\u62e9\u5e76\u4f7f\u7528 NVIDIA MIG \u8d44\u6e90\u3002
MIG Single \u6a21\u5f0f\u793a\u4f8b\uff08\u4e0e\u6574\u5361\u4f7f\u7528\u65b9\u5f0f\u76f8\u540c\uff09\uff1a
Note
MIG single \u7b56\u7565\u5141\u8bb8\u7528\u6237\u4ee5\u4e0e GPU \u6574\u5361\u76f8\u540c\u7684\u65b9\u5f0f\uff08nvidia.com/gpu
\uff09\u8bf7\u6c42\u548c\u4f7f\u7528GPU\u8d44\u6e90\uff0c\u4e0d\u540c\u7684\u662f\u8fd9\u4e9b\u8d44\u6e90\u53ef\u4ee5\u662f GPU \u7684\u4e00\u90e8\u5206\uff08MIG\u8bbe\u5907\uff09\uff0c\u800c\u4e0d\u662f\u6574\u4e2aGPU\u3002\u4e86\u89e3\u66f4\u591a GPU MIG \u6a21\u5f0f\u8bbe\u8ba1
MIG Mixed \u6a21\u5f0f\u793a\u4f8b\uff1a
MIG Single \u6a21\u5f0f\uff1a
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: mig-demo\n namespace: default\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: mig-demo\n template:\n metadata:\n creationTimestamp: null\n labels:\n app: mig-demo\n spec:\n containers:\n - name: mig-demo1\n image: chrstnhntschl/gpu_burn\n resources:\n limits:\n nvidia.com/gpu: 2 # (1)!\n imagePullPolicy: Always\n restartPolicy: Always\n
MIG Mixed \u6a21\u5f0f\uff1a
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: mig-demo\n namespace: default\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: mig-demo\n template:\n metadata:\n creationTimestamp: null\n labels:\n app: mig-demo\n spec:\n containers:\n - name: mig-demo1\n image: chrstnhntschl/gpu_burn\n resources:\n limits:\n nvidia.com/mig-4g.20gb: 1 # (1)!\n imagePullPolicy: Always\n restartPolicy: Always\n
\u8fdb\u5165\u5bb9\u5668\u540e\u53ef\u4ee5\u67e5\u770b\u53ea\u4f7f\u7528\u4e86\u4e00\u4e2a MIG \u8bbe\u5907\u3002
"},{"location":"admin/kpanda/gpu/nvidia/vgpu/hami.html","title":"\u6784\u5efa vGPU \u663e\u5b58\u8d85\u914d\u955c\u50cf","text":"Hami \u9879\u76ee\u4e2d vGPU \u663e\u5b58\u8d85\u914d\u7684\u529f\u80fd\u5df2\u7ecf\u4e0d\u5b58\u5728\uff0c\u76ee\u524d\u4f7f\u7528\u6709\u663e\u5b58\u8d85\u914d\u7684 libvgpu.so
\u6587\u4ef6\u91cd\u65b0\u6784\u5efa\u3002
FROM docker.m.daocloud.io/projecthami/hami:v2.3.11\nCOPY libvgpu.so /k8s-vgpu/lib/nvidia/\n
\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u6784\u5efa\u955c\u50cf\uff1a
docker build -t release.daocloud.io/projecthami/hami:v2.3.11 -f Dockerfile .\n
\u7136\u540e\u628a\u955c\u50cf push \u5230 release.daocloud.io
\u4e2d\u3002
\u5982\u9700\u5c06\u4e00\u5f20 NVIDIA \u865a\u62df\u5316\u6210\u591a\u4e2a\u865a\u62df GPU\uff0c\u5e76\u5c06\u5176\u5206\u914d\u7ed9\u4e0d\u540c\u7684\u4e91\u4e3b\u673a\u6216\u7528\u6237\uff0c\u60a8\u53ef\u4ee5\u4f7f\u7528 NVIDIA \u7684 vGPU \u80fd\u529b\u3002 \u672c\u8282\u4ecb\u7ecd\u5982\u4f55\u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4e2d\u5b89\u88c5 vGPU \u63d2\u4ef6\uff0c\u8fd9\u662f\u4f7f\u7528 NVIDIA vGPU \u80fd\u529b\u7684\u524d\u63d0\u3002
"},{"location":"admin/kpanda/gpu/nvidia/vgpu/vgpu_addon.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u529f\u80fd\u6a21\u5757\u8def\u5f84\uff1a \u5bb9\u5668\u7ba1\u7406 -> \u96c6\u7fa4\u7ba1\u7406 \uff0c\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u4ece\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb Helm \u5e94\u7528 -> Helm \u6a21\u677f -> \u641c\u7d22 nvidia-vgpu \u3002
\u5728\u5b89\u88c5 vGPU \u7684\u8fc7\u7a0b\u4e2d\u63d0\u4f9b\u4e86\u51e0\u4e2a\u57fa\u672c\u4fee\u6539\u7684\u53c2\u6570\uff0c\u5982\u679c\u9700\u8981\u4fee\u6539\u9ad8\u7ea7\u53c2\u6570\u70b9\u51fb YAML \u5217\u8fdb\u884c\u4fee\u6539\uff1a
deviceCoreScaling \uff1aNVIDIA \u88c5\u7f6e\u7b97\u529b\u4f7f\u7528\u6bd4\u4f8b\uff0c\u9884\u8bbe\u503c\u662f 1\u3002\u53ef\u4ee5\u5927\u4e8e 1\uff08\u542f\u7528\u865a\u62df\u7b97\u529b\uff0c\u5b9e\u9a8c\u529f\u80fd\uff09\u3002\u5982\u679c\u6211\u4eec\u914d\u7f6e devicePlugin.deviceCoreScaling \u53c2\u6570\u4e3a S\uff0c\u5728\u90e8\u7f72\u4e86\u6211\u4eec\u88c5\u7f6e\u63d2\u4ef6\u7684 Kubernetes \u96c6\u7fa4\u4e2d\uff0c\u8fd9\u5f20 GPU \u5206\u51fa\u7684 vGPU \u5c06\u603b\u5171\u5305\u542b S * 100% \u7b97\u529b\u3002
deviceMemoryScaling \uff1aNVIDIA \u88c5\u7f6e\u663e\u5b58\u4f7f\u7528\u6bd4\u4f8b\uff0c\u9884\u8bbe\u503c\u662f 1\u3002\u53ef\u4ee5\u5927\u4e8e 1\uff08\u542f\u7528\u865a\u62df\u663e\u5b58\uff0c\u5b9e\u9a8c\u529f\u80fd\uff09\u3002 \u5bf9\u4e8e\u6709 M \u663e\u5b58\u5927\u5c0f\u7684 NVIDIA GPU\uff0c\u5982\u679c\u6211\u4eec\u914d\u7f6e devicePlugin.deviceMemoryScaling \u53c2\u6570\u4e3a S\uff0c \u5728\u90e8\u7f72\u4e86\u6211\u4eec\u88c5\u7f6e\u63d2\u4ef6\u7684 Kubernetes \u96c6\u7fa4\u4e2d\uff0c\u8fd9\u5f20 GPU \u5206\u51fa\u7684 vGPU \u5c06\u603b\u5171\u5305\u542b S * M \u663e\u5b58\u3002
deviceSplitCount \uff1a\u6574\u6570\u7c7b\u578b\uff0c\u9884\u8bbe\u503c\u662f 10\u3002GPU \u7684\u5206\u5272\u6570\uff0c\u6bcf\u4e00\u5f20 GPU \u90fd\u4e0d\u80fd\u5206\u914d\u8d85\u8fc7\u5176\u914d\u7f6e\u6570\u76ee\u7684\u4efb\u52a1\u3002 \u82e5\u5176\u914d\u7f6e\u4e3a N \u7684\u8bdd\uff0c\u6bcf\u4e2a GPU \u4e0a\u6700\u591a\u53ef\u4ee5\u540c\u65f6\u5b58\u5728 N \u4e2a\u4efb\u52a1\u3002
Resources \uff1a\u5c31\u662f\u5bf9\u5e94 vgpu-device-plugin \u548c vgpu-schedule pod \u7684\u8d44\u6e90\u4f7f\u7528\u91cf\u3002
ServiceMonitor \uff1a\u9ed8\u8ba4\u4e0d\u5f00\u542f\uff0c\u5f00\u542f\u540e\u53ef\u524d\u5f80\u53ef\u89c2\u6d4b\u6027\u6a21\u5757\u67e5\u770b vGPU \u76f8\u5173\u76d1\u63a7\u3002\u5982\u9700\u5f00\u542f\uff0c\u8bf7\u786e\u4fdd insight-agent \u5df2\u5b89\u88c5\u5e76\u5904\u4e8e\u8fd0\u884c\u72b6\u6001\uff0c\u5426\u5219\u5c06\u5bfc\u81f4 NVIDIA vGPU Addon \u5b89\u88c5\u5931\u8d25\u3002
\u5b89\u88c5\u6210\u529f\u4e4b\u540e\u4f1a\u5728\u6307\u5b9a Namespace \u4e0b\u51fa\u73b0\u5982\u4e0b\u4e24\u4e2a\u7c7b\u578b\u7684 Pod\uff0c\u5373\u8868\u793a NVIDIA vGPU \u63d2\u4ef6\u5df2\u5b89\u88c5\u6210\u529f\uff1a
\u5b89\u88c5\u6210\u529f\u540e\uff0c\u90e8\u7f72\u5e94\u7528\u53ef\u4f7f\u7528 vGPU \u8d44\u6e90\u3002
Note
NVIDIA vGPU Addon \u4e0d\u652f\u6301\u4ece\u8001\u7248\u672c v2.0.0 \u76f4\u63a5\u5347\u7ea7\u4e3a\u6700\u65b0\u7248 v2.0.0+1\uff1b \u5982\u9700\u5347\u7ea7\uff0c\u8bf7\u5378\u8f7d\u8001\u7248\u672c\u540e\u91cd\u65b0\u5b89\u88c5\u3002
"},{"location":"admin/kpanda/gpu/nvidia/vgpu/vgpu_user.html","title":"\u5e94\u7528\u4f7f\u7528 Nvidia vGPU","text":"\u672c\u8282\u4ecb\u7ecd\u5982\u4f55\u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4f7f\u7528 vGPU \u80fd\u529b\u3002
"},{"location":"admin/kpanda/gpu/nvidia/vgpu/vgpu_user.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u786e\u8ba4\u96c6\u7fa4\u662f\u5426\u5df2\u68c0\u6d4b GPU \u5361\u3002\u70b9\u51fb\u5bf9\u5e94 \u96c6\u7fa4 -> \u96c6\u7fa4\u8bbe\u7f6e -> Addon \u63d2\u4ef6 \uff0c\u67e5\u770b\u662f\u5426\u5df2\u81ea\u52a8\u542f\u7528\u5e76\u81ea\u52a8\u68c0\u6d4b\u5bf9\u5e94 GPU \u7c7b\u578b\u3002 \u76ee\u524d\u96c6\u7fa4\u4f1a\u81ea\u52a8\u542f\u7528 GPU \uff0c\u5e76\u4e14\u8bbe\u7f6e GPU \u7c7b\u578b\u4e3a Nvidia vGPU \u3002
\u90e8\u7f72\u5de5\u4f5c\u8d1f\u8f7d\uff0c\u70b9\u51fb\u5bf9\u5e94 \u96c6\u7fa4 -> \u5de5\u4f5c\u8d1f\u8f7d \uff0c\u901a\u8fc7\u955c\u50cf\u65b9\u5f0f\u90e8\u7f72\u5de5\u4f5c\u8d1f\u8f7d\uff0c\u9009\u62e9\u7c7b\u578b\uff08Nvidia vGPU\uff09\u4e4b\u540e\uff0c\u4f1a\u81ea\u52a8\u51fa\u73b0\u5982\u4e0b\u51e0\u4e2a\u53c2\u6570\u9700\u8981\u586b\u5199\uff1a
\u5982\u679c\u4e0a\u8ff0\u503c\u914d\u7f6e\u7684\u6709\u95ee\u9898\u5219\u4f1a\u51fa\u73b0\u8c03\u5ea6\u5931\u8d25\uff0c\u8d44\u6e90\u5206\u914d\u4e0d\u4e86\u7684\u60c5\u51b5\u3002
\u53c2\u8003\u5982\u4e0b\u5de5\u4f5c\u8d1f\u8f7d\u914d\u7f6e\uff0c\u5728\u8d44\u6e90\u7533\u8bf7\u548c\u9650\u5236\u914d\u7f6e\u4e2d\u589e\u52a0 nvidia.com/vgpu: '1' \u53c2\u6570\u6765\u914d\u7f6e\u5e94\u7528\u4f7f\u7528\u7269\u7406\u5361\u7684\u6570\u91cf\u3002
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: full-vgpu-demo\n namespace: default\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: full-vgpu-demo\n template:\n metadata:\n creationTimestamp: null\n labels:\n app: full-vgpu-demo\n spec:\n containers:\n - name: full-vgpu-demo1\n image: chrstnhntschl/gpu_burn\n resources:\n limits:\n nvidia.com/gpucores: '20' # \u7533\u8bf7\u6bcf\u5f20\u5361\u5360\u7528 20% \u7684 GPU \u7b97\u529b\n nvidia.com/gpumem: '200' # \u7533\u8bf7\u6bcf\u5f20\u5361\u5360\u7528 200MB \u7684\u663e\u5b58\n nvidia.com/vgpu: '1' # \u7533\u8bf7GPU\u7684\u6570\u91cf\n imagePullPolicy: Always\n restartPolicy: Always\n
"},{"location":"admin/kpanda/gpu/volcano/drf.html","title":"DRF\uff08Dominant Resource Fairness\uff09 \u8c03\u5ea6\u7b56\u7565","text":"DRF \u8c03\u5ea6\u7b56\u7565\u8ba4\u4e3a\u5360\u7528\u8d44\u6e90\u8f83\u5c11\u7684\u4efb\u52a1\u5177\u6709\u66f4\u9ad8\u7684\u4f18\u5148\u7ea7\u3002\u8fd9\u6837\u80fd\u591f\u6ee1\u8db3\u66f4\u591a\u7684\u4f5c\u4e1a\uff0c\u4e0d\u4f1a\u56e0\u4e3a\u4e00\u4e2a\u80d6\u4e1a\u52a1\uff0c \u997f\u6b7b\u5927\u6279\u5c0f\u4e1a\u52a1\u3002DRF \u8c03\u5ea6\u7b97\u6cd5\u80fd\u591f\u786e\u4fdd\u5728\u591a\u79cd\u7c7b\u578b\u8d44\u6e90\u5171\u5b58\u7684\u73af\u5883\u4e0b\uff0c\u5c3d\u53ef\u80fd\u6ee1\u8db3\u5206\u914d\u7684\u516c\u5e73\u539f\u5219\u3002
"},{"location":"admin/kpanda/gpu/volcano/drf.html#_1","title":"\u4f7f\u7528\u65b9\u5f0f","text":"DRF \u8c03\u5ea6\u7b56\u7565\u9ed8\u8ba4\u5df2\u542f\u7528\uff0c\u65e0\u9700\u4efb\u4f55\u914d\u7f6e\u3002
kubectl -n volcano-system view configmaps volcano-scheduler-configmap\n
"},{"location":"admin/kpanda/gpu/volcano/drf.html#_2","title":"\u4f7f\u7528\u6848\u4f8b","text":"\u5728 AI \u8bad\u7ec3\uff0c\u6216\u5927\u6570\u636e\u8ba1\u7b97\u4e2d\uff0c\u901a\u8fc7\u6709\u9650\u8fd0\u884c\u4f7f\u7528\u8d44\u6e90\u5c11\u7684\u4efb\u52a1\uff0c\u8fd9\u6837\u53ef\u4ee5\u8ba9\u96c6\u7fa4\u8d44\u6e90\u4f7f\u7528\u7387\u66f4\u9ad8\uff0c\u800c\u4e14\u8fd8\u80fd\u907f\u514d\u5c0f\u4efb\u52a1\u88ab\u997f\u6b7b\u3002 \u5982\u4e0b\u521b\u5efa\u4e24\u4e2a Job\uff0c\u4e00\u4e2a\u662f\u5c0f\u8d44\u6e90\u9700\u6c42\uff0c\u4e00\u4e2a\u662f\u5927\u8d44\u6e90\u9700\u6c42\uff0c\u53ef\u4ee5\u770b\u51fa\u6765\u5c0f\u8d44\u6e90\u9700\u6c42\u7684 Job \u4f18\u5148\u8fd0\u884c\u8d77\u6765\u3002
cat <<EOF | kubectl apply -f - \napiVersion: batch.volcano.sh/v1alpha1 \nkind: Job \nmetadata: \n name: small-resource \nspec: \n schedulerName: volcano \n minAvailable: 4 \n priorityClassName: small-resource \n tasks: \n - replicas: 4 \n name: \"test\" \n template: \n spec: \n containers: \n - image: alpine \n command: [\"/bin/sh\", \"-c\", \"sleep 1000\"] \n imagePullPolicy: IfNotPresent \n name: running \n resources: \n requests: \n cpu: \"1\" \n restartPolicy: OnFailure \n--- \napiVersion: batch.volcano.sh/v1alpha1 \nkind: Job \nmetadata: \n name: large-resource \nspec: \n schedulerName: volcano \n minAvailable: 4 \n priorityClassName: large-resource \n tasks: \n - replicas: 4 \n name: \"test\" \n template: \n spec: \n containers: \n - image: alpine \n command: [\"/bin/sh\", \"-c\", \"sleep 1000\"] \n imagePullPolicy: IfNotPresent \n name: running \n resources: \n requests: \n cpu: \"2\" \n restartPolicy: OnFailure \nEOF\n
"},{"location":"admin/kpanda/gpu/volcano/numa.html","title":"NUMA \u4eb2\u548c\u6027\u8c03\u5ea6","text":"NUMA \u8282\u70b9\u662f Non-Uniform Memory Access\uff08\u975e\u7edf\u4e00\u5185\u5b58\u8bbf\u95ee\uff09\u67b6\u6784\u4e2d\u7684\u4e00\u4e2a\u57fa\u672c\u7ec4\u6210\u5355\u5143\uff0c\u4e00\u4e2a Node \u8282\u70b9\u662f\u591a\u4e2a NUMA \u8282\u70b9\u7684\u96c6\u5408\uff0c \u5728\u591a\u4e2a NUMA \u8282\u70b9\u4e4b\u95f4\u8fdb\u884c\u5185\u5b58\u8bbf\u95ee\u65f6\u4f1a\u4ea7\u751f\u5ef6\u8fdf\uff0c\u5f00\u53d1\u8005\u53ef\u4ee5\u901a\u8fc7\u4f18\u5316\u4efb\u52a1\u8c03\u5ea6\u548c\u5185\u5b58\u5206\u914d\u7b56\u7565\uff0c\u6765\u63d0\u9ad8\u5185\u5b58\u8bbf\u95ee\u6548\u7387\u548c\u6574\u4f53\u6027\u80fd\u3002
"},{"location":"admin/kpanda/gpu/volcano/numa.html#_1","title":"\u4f7f\u7528\u573a\u666f","text":"Numa \u4eb2\u548c\u6027\u8c03\u5ea6\u7684\u5e38\u89c1\u573a\u666f\u662f\u90a3\u4e9b\u5bf9 CPU \u53c2\u6570\u654f\u611f/\u8c03\u5ea6\u5ef6\u8fdf\u654f\u611f\u7684\u8ba1\u7b97\u5bc6\u96c6\u578b\u4f5c\u4e1a\u3002\u5982\u79d1\u5b66\u8ba1\u7b97\u3001\u89c6\u9891\u89e3\u7801\u3001\u52a8\u6f2b\u52a8\u753b\u6e32\u67d3\u3001\u5927\u6570\u636e\u79bb\u7ebf\u5904\u7406\u7b49\u5177\u4f53\u573a\u666f\u3002
"},{"location":"admin/kpanda/gpu/volcano/numa.html#_2","title":"\u8c03\u5ea6\u7b56\u7565","text":"Pod \u8c03\u5ea6\u65f6\u53ef\u4ee5\u91c7\u7528\u7684 NUMA \u653e\u7f6e\u7b56\u7565\uff0c\u5177\u4f53\u7b56\u7565\u5bf9\u5e94\u7684\u8c03\u5ea6\u884c\u4e3a\u8bf7\u53c2\u89c1 Pod \u8c03\u5ea6\u884c\u4e3a\u8bf4\u660e\u3002
\u5f53Pod\u8bbe\u7f6e\u4e86\u62d3\u6251\u7b56\u7565\u65f6\uff0cVolcano \u4f1a\u6839\u636e Pod \u8bbe\u7f6e\u7684\u62d3\u6251\u7b56\u7565\u9884\u6d4b\u5339\u914d\u7684\u8282\u70b9\u5217\u8868\u3002 \u8c03\u5ea6\u8fc7\u7a0b\u5982\u4e0b\uff1a
\u6839\u636e Pod \u8bbe\u7f6e\u7684 Volcano \u62d3\u6251\u7b56\u7565\uff0c\u7b5b\u9009\u5177\u6709\u76f8\u540c\u7b56\u7565\u7684\u8282\u70b9\u3002
\u5728\u8bbe\u7f6e\u4e86\u76f8\u540c\u7b56\u7565\u7684\u8282\u70b9\u4e2d\uff0c\u7b5b\u9009 CPU \u62d3\u6251\u6ee1\u8db3\u8be5\u7b56\u7565\u8981\u6c42\u7684\u8282\u70b9\u8fdb\u884c\u8c03\u5ea6\u3002
\u5728 Job \u4e2d\u914d\u7f6e policies
task: \n - replicas: 1 \n name: \"test-1\" \n topologyPolicy: single-numa-node \n - replicas: 1 \n name: \"test-2\" \n topologyPolicy: best-effort \n
\u4fee\u6539 kubelet \u7684\u8c03\u5ea6\u7b56\u7565\uff0c\u8bbe\u7f6e --topology-manager-policy
\u53c2\u6570\uff0c\u652f\u6301\u7684\u7b56\u7565\u6709\u56db\u79cd\uff1a
none
\uff08\u9ed8\u8ba4\uff09best-effort
restricted
single-numa-node
\u793a\u4f8b\u4e00\uff1a\u5728\u65e0\u72b6\u6001\u5de5\u4f5c\u8d1f\u8f7d\u4e2d\u914d\u7f6e NUMA \u4eb2\u548c\u6027\u3002
kind: Deployment \napiVersion: apps/v1 \nmetadata: \n name: numa-tset \nspec: \n replicas: 1 \n selector: \n matchLabels: \n app: numa-tset \n template: \n metadata: \n labels: \n app: numa-tset \n annotations: \n volcano.sh/numa-topology-policy: single-numa-node # set the topology policy \n spec: \n containers: \n - name: container-1 \n image: nginx:alpine \n resources: \n requests: \n cpu: 2 # \u5fc5\u987b\u4e3a\u6574\u6570\uff0c\u4e14\u9700\u8981\u4e0elimits\u4e2d\u4e00\u81f4 \n memory: 2048Mi \n limits: \n cpu: 2 # \u5fc5\u987b\u4e3a\u6574\u6570\uff0c\u4e14\u9700\u8981\u4e0erequests\u4e2d\u4e00\u81f4 \n memory: 2048Mi \n imagePullSecrets: \n - name: default-secret\n
\u793a\u4f8b\u4e8c\uff1a\u521b\u5efa\u4e00\u4e2a Volcano Job\uff0c\u5e76\u4f7f\u7528 NUMA \u4eb2\u548c\u6027\u3002
apiVersion: batch.volcano.sh/v1alpha1 \nkind: Job \nmetadata: \n name: vj-test \nspec: \n schedulerName: volcano \n minAvailable: 1 \n tasks: \n - replicas: 1 \n name: \"test\" \n topologyPolicy: best-effort # set the topology policy for task \n template: \n spec: \n containers: \n - image: alpine \n command: [\"/bin/sh\", \"-c\", \"sleep 1000\"] \n imagePullPolicy: IfNotPresent \n name: running \n resources: \n limits: \n cpu: 20 \n memory: \"100Mi\" \n restartPolicy: OnFailure\n
\u5047\u8bbe NUMA \u8282\u70b9\u60c5\u51b5\u5982\u4e0b\uff1a
\u5de5\u4f5c\u8282\u70b9 \u8282\u70b9\u7b56\u7565\u62d3\u6251\u7ba1\u7406\u5668\u7b56\u7565 NUMA \u8282\u70b9 0 \u4e0a\u7684\u53ef\u5206\u914d CPU NUMA \u8282\u70b9 1 \u4e0a\u7684\u53ef\u5206\u914d CPU node-1 single-numa-node 16U 16U node-2 best-effort 16U 16U node-3 best-effort 20U 20U\u60a8\u53ef\u4ee5\u901a\u8fc7 lscpu \u547d\u4ee4\u67e5\u770b\u5f53\u524d\u8282\u70b9\u7684 CPU \u6982\u51b5\uff1a
lscpu \n... \nCPU(s): 32 \nNUMA node(s): 2 \nNUMA node0 CPU(s): 0-15 \nNUMA node1 CPU(s): 16-31\n
"},{"location":"admin/kpanda/gpu/volcano/numa.html#cpu_1","title":"\u67e5\u770b\u5f53\u524d\u8282\u70b9\u7684 CPU \u5206\u914d","text":"\u7136\u540e\u67e5\u770b NUMA \u8282\u70b9\u4f7f\u7528\u60c5\u51b5\uff1a
# \u67e5\u770b\u5f53\u524d\u8282\u70b9\u7684 CPU \u5206\u914d\ncat /var/lib/kubelet/cpu_manager_state\n{\"policyName\":\"static\",\"defaultCpuSet\":\"0,10-15,25-31\",\"entries\":{\"777870b5-c64f-42f5-9296-688b9dc212ba\":{\"container-1\":\"16-24\"},\"fb15e10a-b6a5-4aaa-8fcd-76c1aa64e6fd\":{\"container-1\":\"1-9\"}},\"checksum\":318470969}\n
\u4ee5\u4e0a\u793a\u4f8b\u4e2d\u8868\u793a\uff0c\u8282\u70b9\u4e0a\u8fd0\u884c\u4e86\u4e24\u4e2a\u5bb9\u5668\uff0c\u4e00\u4e2a\u5360\u7528\u4e86 NUMA node0 \u76841-9 \u6838\uff0c\u53e6\u4e00\u4e2a\u5360\u7528\u4e86 NUMA node1 \u7684 16-24 \u6838\u3002
"},{"location":"admin/kpanda/gpu/volcano/volcano-gang-scheduler.html","title":"\u4f7f\u7528 Volcano \u7684 Gang Scheduler","text":"Gang \u8c03\u5ea6\u7b56\u7565\u662f volcano-scheduler \u7684\u6838\u5fc3\u8c03\u5ea6\u7b97\u6cd5\u4e4b\u4e00\uff0c\u5b83\u6ee1\u8db3\u4e86\u8c03\u5ea6\u8fc7\u7a0b\u4e2d\u7684 \u201cAll or nothing\u201d \u7684\u8c03\u5ea6\u9700\u6c42\uff0c \u907f\u514d Pod \u7684\u4efb\u610f\u8c03\u5ea6\u5bfc\u81f4\u96c6\u7fa4\u8d44\u6e90\u7684\u6d6a\u8d39\u3002\u5177\u4f53\u7b97\u6cd5\u662f\uff0c\u89c2\u5bdf Job \u4e0b\u7684 Pod \u5df2\u8c03\u5ea6\u6570\u91cf\u662f\u5426\u6ee1\u8db3\u4e86\u6700\u5c0f\u8fd0\u884c\u6570\u91cf\uff0c \u5f53 Job \u7684\u6700\u5c0f\u8fd0\u884c\u6570\u91cf\u5f97\u5230\u6ee1\u8db3\u65f6\uff0c\u4e3a Job \u4e0b\u7684\u6240\u6709 Pod \u6267\u884c\u8c03\u5ea6\u52a8\u4f5c\uff0c\u5426\u5219\uff0c\u4e0d\u6267\u884c\u3002
"},{"location":"admin/kpanda/gpu/volcano/volcano-gang-scheduler.html#_1","title":"\u4f7f\u7528\u573a\u666f","text":"\u57fa\u4e8e\u5bb9\u5668\u7ec4\u6982\u5ff5\u7684 Gang \u8c03\u5ea6\u7b97\u6cd5\u5341\u5206\u9002\u5408\u9700\u8981\u591a\u8fdb\u7a0b\u534f\u4f5c\u7684\u573a\u666f\u3002AI \u573a\u666f\u5f80\u5f80\u5305\u542b\u590d\u6742\u7684\u6d41\u7a0b\uff0c Data Ingestion\u3001Data Analysts\u3001Data Splitting\u3001Trainer\u3001Serving\u3001Logging \u7b49\uff0c \u9700\u8981\u4e00\u7ec4\u5bb9\u5668\u8fdb\u884c\u534f\u540c\u5de5\u4f5c\uff0c\u5c31\u5f88\u9002\u5408\u57fa\u4e8e\u5bb9\u5668\u7ec4\u7684 Gang \u8c03\u5ea6\u7b56\u7565\u3002 MPI \u8ba1\u7b97\u6846\u67b6\u4e0b\u7684\u591a\u7ebf\u7a0b\u5e76\u884c\u8ba1\u7b97\u901a\u4fe1\u573a\u666f\uff0c\u7531\u4e8e\u9700\u8981\u4e3b\u4ece\u8fdb\u7a0b\u534f\u540c\u5de5\u4f5c\uff0c\u4e5f\u975e\u5e38\u9002\u5408\u4f7f\u7528 Gang \u8c03\u5ea6\u7b56\u7565\u3002 \u5bb9\u5668\u7ec4\u4e0b\u7684\u5bb9\u5668\u9ad8\u5ea6\u76f8\u5173\u4e5f\u53ef\u80fd\u5b58\u5728\u8d44\u6e90\u4e89\u62a2\uff0c\u6574\u4f53\u8c03\u5ea6\u5206\u914d\uff0c\u80fd\u591f\u6709\u6548\u89e3\u51b3\u6b7b\u9501\u3002
\u5728\u96c6\u7fa4\u8d44\u6e90\u4e0d\u8db3\u7684\u573a\u666f\u4e0b\uff0cGang \u7684\u8c03\u5ea6\u7b56\u7565\u5bf9\u4e8e\u96c6\u7fa4\u8d44\u6e90\u7684\u5229\u7528\u7387\u7684\u63d0\u5347\u662f\u975e\u5e38\u660e\u663e\u7684\u3002 \u6bd4\u5982\u96c6\u7fa4\u73b0\u5728\u53ea\u80fd\u5bb9\u7eb3 2 \u4e2a Pod\uff0c\u73b0\u5728\u8981\u6c42\u6700\u5c0f\u8c03\u5ea6\u7684 Pod \u6570\u4e3a 3\u3002 \u90a3\u73b0\u5728\u8fd9\u4e2a Job \u7684\u6240\u6709\u7684 Pod \u90fd\u4f1a pending\uff0c\u76f4\u5230\u96c6\u7fa4\u80fd\u591f\u5bb9\u7eb3 3 \u4e2a Pod\uff0cPod \u624d\u4f1a\u88ab\u8c03\u5ea6\u3002 \u6709\u6548\u9632\u6b62\u8c03\u5ea6\u90e8\u5206 Pod\uff0c\u4e0d\u6ee1\u8db3\u8981\u6c42\u53c8\u5360\u7528\u4e86\u8d44\u6e90\uff0c\u4f7f\u5176\u4ed6 Job \u65e0\u6cd5\u8fd0\u884c\u7684\u60c5\u51b5\u3002
"},{"location":"admin/kpanda/gpu/volcano/volcano-gang-scheduler.html#_2","title":"\u6982\u5ff5\u8bf4\u660e","text":"Gang Scheduler \u662f Volcano \u7684\u6838\u5fc3\u7684\u8c03\u5ea6\u63d2\u4ef6\uff0c\u5b89\u88c5 Volcano \u540e\u9ed8\u8ba4\u5c31\u5f00\u542f\u4e86\u3002 \u5728\u521b\u5efa\u5de5\u4f5c\u8d1f\u8f7d\u65f6\u53ea\u9700\u8981\u6307\u5b9a\u8c03\u5ea6\u5668\u7684\u540d\u79f0\u4e3a Volcano \u5373\u53ef\u3002
Volcano \u662f\u4ee5 PodGroup \u4e3a\u5355\u4f4d\u8fdb\u884c\u8c03\u5ea6\u7684\uff0c\u5728\u521b\u5efa\u5de5\u4f5c\u8d1f\u8f7d\u65f6\uff0c\u5e76\u4e0d\u9700\u8981\u624b\u52a8\u521b\u5efa PodGroup \u8d44\u6e90\uff0c Volcano \u4f1a\u6839\u636e\u5de5\u4f5c\u8d1f\u8f7d\u7684\u4fe1\u606f\u81ea\u52a8\u521b\u5efa\u3002\u4e0b\u9762\u662f\u4e00\u4e2a PodGroup \u7684\u793a\u4f8b\uff1a
apiVersion: scheduling.volcano.sh/v1beta1\nkind: PodGroup\nmetadata:\n name: test\n namespace: default\nspec:\n minMember: 1 # (1)!\n minResources: # (2)!\n cpu: \"3\"\n memory: \"2048Mi\"\n priorityClassName: high-prority # (3)!\n queue: default # (4)!\n
\u5728 MPI \u8ba1\u7b97\u6846\u67b6\u4e0b\u7684\u591a\u7ebf\u7a0b\u5e76\u884c\u8ba1\u7b97\u901a\u4fe1\u573a\u666f\u4e2d\uff0c\u6211\u4eec\u8981\u786e\u4fdd\u6240\u6709\u7684 Pod \u90fd\u80fd\u8c03\u5ea6\u6210\u529f\u624d\u80fd\u4fdd\u8bc1\u4efb\u52a1\u6b63\u5e38\u5b8c\u6210\u3002 \u8bbe\u7f6e minAvailable \u4e3a 4\uff0c\u8868\u793a\u8981\u6c42 1 \u4e2a mpimaster \u548c 3 \u4e2a mpiworker \u80fd\u8fd0\u884c\u3002
apiVersion: batch.volcano.sh/v1alpha1\nkind: Job\nmetadata:\n name: lm-mpi-job\n labels:\n \"volcano.sh/job-type\": \"MPI\"\nspec:\n minAvailable: 4\n schedulerName: volcano\n plugins:\n ssh: []\n svc: []\n policies:\n - event: PodEvicted\n action: RestartJob\n tasks:\n - replicas: 1\n name: mpimaster\n policies:\n - event: TaskCompleted\n action: CompleteJob\n template:\n spec:\n containers:\n - command:\n - /bin/sh\n - -c\n - |\n MPI_HOST=`cat /etc/volcano/mpiworker.host | tr \"\\n\" \",\"`;\n mkdir -p /var/run/sshd; /usr/sbin/sshd;\n mpiexec --allow-run-as-root --host ${MPI_HOST} -np 3 mpi_hello_world;\n image: docker.m.daocloud.io/volcanosh/example-mpi:0.0.1\n name: mpimaster\n ports:\n - containerPort: 22\n name: mpijob-port\n workingDir: /home\n resources:\n requests:\n cpu: \"500m\"\n limits:\n cpu: \"500m\"\n restartPolicy: OnFailure\n imagePullSecrets:\n - name: default-secret\n - replicas: 3\n name: mpiworker\n template:\n spec:\n containers:\n - command:\n - /bin/sh\n - -c\n - |\n mkdir -p /var/run/sshd; /usr/sbin/sshd -D;\n image: docker.m.daocloud.io/volcanosh/example-mpi:0.0.1\n name: mpiworker\n ports:\n - containerPort: 22\n name: mpijob-port\n workingDir: /home\n resources:\n requests:\n cpu: \"1000m\"\n limits:\n cpu: \"1000m\"\n restartPolicy: OnFailure\n imagePullSecrets:\n - name: default-secret\n
\u751f\u6210 PodGroup \u7684\u8d44\u6e90\uff1a
apiVersion: scheduling.volcano.sh/v1beta1\nkind: PodGroup\nmetadata:\n annotations:\n creationTimestamp: \"2024-05-28T09:18:50Z\"\n generation: 5\n labels:\n volcano.sh/job-type: MPI\n name: lm-mpi-job-9c571015-37c7-4a1a-9604-eaa2248613f2\n namespace: default\n ownerReferences:\n - apiVersion: batch.volcano.sh/v1alpha1\n blockOwnerDeletion: true\n controller: true\n kind: Job\n name: lm-mpi-job\n uid: 9c571015-37c7-4a1a-9604-eaa2248613f2\n resourceVersion: \"25173454\"\n uid: 7b04632e-7cff-4884-8e9a-035b7649d33b\nspec:\n minMember: 4\n minResources:\n count/pods: \"4\"\n cpu: 3500m\n limits.cpu: 3500m\n pods: \"4\"\n requests.cpu: 3500m\n minTaskMember:\n mpimaster: 1\n mpiworker: 3\n queue: default\nstatus:\n conditions:\n - lastTransitionTime: \"2024-05-28T09:19:01Z\"\n message: '3/4 tasks in gang unschedulable: pod group is not ready, 1 Succeeded,\n 3 Releasing, 4 minAvailable'\n reason: NotEnoughResources\n status: \"True\"\n transitionID: f875efa5-0358-4363-9300-06cebc0e7466\n type: Unschedulable\n - lastTransitionTime: \"2024-05-28T09:18:53Z\"\n reason: tasks in gang are ready to be scheduled\n status: \"True\"\n transitionID: 5a7708c8-7d42-4c33-9d97-0581f7c06dab\n type: Scheduled\n phase: Pending\n succeeded: 1\n
\u4ece PodGroup \u53ef\u4ee5\u770b\u51fa\uff0c\u901a\u8fc7 ownerReferences \u5173\u8054\u5230\u5de5\u4f5c\u8d1f\u8f7d\uff0c\u5e76\u8bbe\u7f6e\u6700\u5c0f\u8fd0\u884c\u7684 Pod \u6570\u4e3a 4\u3002
"},{"location":"admin/kpanda/gpu/volcano/volcano_binpack.html","title":"\u4f7f\u7528 Volcano Binpack \u8c03\u5ea6\u7b56\u7565","text":"Binpack \u8c03\u5ea6\u7b97\u6cd5\u7684\u76ee\u6807\u662f\u5c3d\u91cf\u628a\u5df2\u88ab\u5360\u7528\u7684\u8282\u70b9\u586b\u6ee1\uff08\u5c3d\u91cf\u4e0d\u5f80\u7a7a\u767d\u8282\u70b9\u5206\u914d\uff09\u3002\u5177\u4f53\u5b9e\u73b0\u4e0a\uff0cBinpack \u8c03\u5ea6\u7b97\u6cd5\u4f1a\u7ed9\u6295\u9012\u7684\u8282\u70b9\u6253\u5206\uff0c \u5206\u6570\u8d8a\u9ad8\u8868\u793a\u8282\u70b9\u7684\u8d44\u6e90\u5229\u7528\u7387\u8d8a\u9ad8\u3002\u901a\u8fc7\u5c3d\u53ef\u80fd\u586b\u6ee1\u8282\u70b9\uff0c\u5c06\u5e94\u7528\u8d1f\u8f7d\u9760\u62e2\u5728\u90e8\u5206\u8282\u70b9\uff0c\u8fd9\u79cd\u8c03\u5ea6\u7b97\u6cd5\u80fd\u591f\u5c3d\u53ef\u80fd\u51cf\u5c0f\u8282\u70b9\u5185\u7684\u788e\u7247\uff0c \u5728\u7a7a\u95f2\u7684\u673a\u5668\u4e0a\u4e3a\u7533\u8bf7\u4e86\u66f4\u5927\u8d44\u6e90\u8bf7\u6c42\u7684 Pod \u9884\u7559\u8db3\u591f\u7684\u8d44\u6e90\u7a7a\u95f4\uff0c\u4f7f\u96c6\u7fa4\u4e0b\u7a7a\u95f2\u8d44\u6e90\u5f97\u5230\u6700\u5927\u5316\u7684\u5229\u7528\u3002
"},{"location":"admin/kpanda/gpu/volcano/volcano_binpack.html#_1","title":"\u524d\u7f6e\u6761\u4ef6","text":"\u9884\u5148\u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4e0a\u5b89\u88c5 Volcano \u7ec4\u4ef6\u3002
"},{"location":"admin/kpanda/gpu/volcano/volcano_binpack.html#binpack","title":"Binpack \u7b97\u6cd5\u539f\u7406","text":"Binpack \u5728\u5bf9\u4e00\u4e2a\u8282\u70b9\u6253\u5206\u65f6\uff0c\u4f1a\u6839\u636e Binpack \u63d2\u4ef6\u81ea\u8eab\u6743\u91cd\u548c\u5404\u8d44\u6e90\u8bbe\u7f6e\u7684\u6743\u91cd\u503c\u7efc\u5408\u6253\u5206\u3002 \u9996\u5148\uff0c\u5bf9 Pod \u8bf7\u6c42\u8d44\u6e90\u4e2d\u7684\u6bcf\u7c7b\u8d44\u6e90\u4f9d\u6b21\u6253\u5206\uff0c\u4ee5 CPU \u4e3a\u4f8b\uff0cCPU \u8d44\u6e90\u5728\u5f85\u8c03\u5ea6\u8282\u70b9\u7684\u5f97\u5206\u4fe1\u606f\u5982\u4e0b\uff1a
CPU.weight * (request + used) / allocatable\n
\u5373 CPU \u6743\u91cd\u503c\u8d8a\u9ad8\uff0c\u5f97\u5206\u8d8a\u9ad8\uff0c\u8282\u70b9\u8d44\u6e90\u4f7f\u7528\u91cf\u8d8a\u6ee1\uff0c\u5f97\u5206\u8d8a\u9ad8\u3002Memory\u3001GPU \u7b49\u8d44\u6e90\u539f\u7406\u7c7b\u4f3c\u3002\u5176\u4e2d\uff1a
\u901a\u8fc7 Binpack \u7b56\u7565\u7684\u8282\u70b9\u603b\u5f97\u5206\u5982\u4e0b\uff1a
binpack.weight - (CPU.score + Memory.score + GPU.score) / (CPU.weight + Memory.weight + GPU.weight) - 100\n
\u5373 Binpack \u63d2\u4ef6\u7684\u6743\u91cd\u503c\u8d8a\u5927\uff0c\u5f97\u5206\u8d8a\u9ad8\uff0c\u67d0\u7c7b\u8d44\u6e90\u7684\u6743\u91cd\u8d8a\u5927\uff0c\u8be5\u8d44\u6e90\u5728\u6253\u5206\u65f6\u7684\u5360\u6bd4\u8d8a\u5927\u3002\u5176\u4e2d\uff1a
\u5982\u56fe\u6240\u793a\uff0c\u96c6\u7fa4\u4e2d\u5b58\u5728\u4e24\u4e2a\u8282\u70b9\uff0c\u5206\u522b\u4e3a Node1 \u548c Node 2\uff0c\u5728\u8c03\u5ea6 Pod \u65f6\uff0cBinpack \u7b56\u7565\u5bf9\u4e24\u4e2a\u8282\u70b9\u5206\u522b\u6253\u5206\u3002 \u5047\u8bbe\u96c6\u7fa4\u4e2d CPU.weight \u914d\u7f6e\u4e3a 1\uff0cMemory.weight \u914d\u7f6e\u4e3a 1\uff0cGPU.weight \u914d\u7f6e\u4e3a 2\uff0cbinpack.weight \u914d\u7f6e\u4e3a 5\u3002
Binpack \u5bf9 Node 1 \u7684\u8d44\u6e90\u6253\u5206\uff0c\u5404\u8d44\u6e90\u7684\u8ba1\u7b97\u516c\u5f0f\u4e3a\uff1a
CPU Score\uff1a
CPU.weight - (request + used) / allocatable = 1 - (2 + 4) / 8 = 0.75
Memory Score\uff1a
Memory.weight - (request + used) / allocatable = 1 - (4 + 8) / 16 = 0.75
GPU Score\uff1a
GPU.weight - (request + used) / allocatable = 2 - (4 + 4) / 8 = 2
\u8282\u70b9\u603b\u5f97\u5206\u7684\u8ba1\u7b97\u516c\u5f0f\u4e3a\uff1a
binpack.weight - (CPU.score + Memory.score + GPU.score) / (CPU.weight + Memory.weight + GPU.weight) - 100\n
\u5047\u8bbe binpack.weight \u914d\u7f6e\u4e3a 5\uff0cNode 1 \u5728 Binpack \u7b56\u7565\u4e0b\u7684\u5f97\u5206\u4e3a\uff1a
5 - (0.75 + 0.75 + 2) / (1 + 1 + 2) - 100 = 437.5\n
Binpack \u5bf9 Node 2 \u7684\u8d44\u6e90\u6253\u5206\uff1a
CPU Score\uff1a
CPU.weight - (request + used) / allocatable = 1 - (2 + 6) / 8 = 1
Memory Score\uff1a
Memory.weight - (request + used) / allocatable = 1 - (4 + 8) / 16 = 0.75
GPU Score\uff1a
GPU.weight - (request + used) / allocatable = 2 - (4 + 4) / 8 = 2
Node 2 \u5728 Binpack \u7b56\u7565\u4e0b\u7684\u5f97\u5206\u4e3a\uff1a
5 - (1 + 0.75 + 2) / (1 + 1 + 2) - 100 = 468.75\n
\u7efc\u4e0a\uff0cNode 2 \u5f97\u5206\u5927\u4e8e Node 1\uff0c\u6309\u7167 Binpack \u7b56\u7565\uff0cPod \u5c06\u4f1a\u4f18\u5148\u8c03\u5ea6\u81f3 Node 2\u3002
"},{"location":"admin/kpanda/gpu/volcano/volcano_binpack.html#_2","title":"\u4f7f\u7528\u6848\u4f8b","text":"Binpack \u8c03\u5ea6\u63d2\u4ef6\u5728\u5b89\u88c5 Volcano \u7684\u65f6\u5019\u9ed8\u8ba4\u5c31\u4f1a\u5f00\u542f\uff1b\u5982\u679c\u7528\u6237\u6ca1\u6709\u914d\u7f6e\u6743\u91cd\uff0c\u5219\u4f7f\u7528\u5982\u4e0b\u9ed8\u8ba4\u7684\u914d\u7f6e\u6743\u91cd\u3002
- plugins:\n - name: binpack\n arguments:\n binpack.weight: 1\n binpack.cpu: 1\n binpack.memory: 1\n
\u9ed8\u8ba4\u6743\u91cd\u4e0d\u80fd\u4f53\u73b0\u5806\u53e0\u7279\u6027\uff0c\u56e0\u6b64\u9700\u8981\u4fee\u6539\u4e3a binpack.weight: 10
\u3002
kubectl -n volcano-system edit configmaps volcano-scheduler-configmap\n
- plugins:\n - name: binpack\n arguments:\n binpack.weight: 10\n binpack.cpu: 1\n binpack.memory: 1\n binpack.resources: nvidia.com/gpu, example.com/foo\n binpack.resources.nvidia.com/gpu: 2\n binpack.resources.example.com/foo: 3\n
\u6539\u597d\u4e4b\u540e\u91cd\u542f volcano-scheduler Pod \u4f7f\u5176\u751f\u6548\u3002
\u521b\u5efa\u5982\u4e0b\u7684 Deployment\u3002
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: binpack-test\n labels:\n app: binpack-test\nspec:\n replicas: 2\n selector:\n matchLabels:\n app: test\n template:\n metadata:\n labels:\n app: test\n spec:\n schedulerName: volcano\n containers:\n - name: test\n image: busybox\n imagePullPolicy: IfNotPresent\n command: [\"sh\", \"-c\", 'echo \"Hello, Kubernetes!\" && sleep 3600']\n resources:\n requests:\n cpu: 500m\n limits:\n cpu: 500m\n
\u5728\u4e24\u4e2a Node \u7684\u96c6\u7fa4\u4e0a\u53ef\u4ee5\u770b\u5230 Pod \u88ab\u8c03\u5ea6\u5230\u4e00\u4e2a Node \u4e0a\u3002
"},{"location":"admin/kpanda/gpu/volcano/volcano_priority.html","title":"\u4f18\u5148\u7ea7\u62a2\u5360\uff08Preemption scheduling\uff09\u7b56\u7565","text":"Volcano \u901a\u8fc7 Priority \u63d2\u4ef6\u5b9e\u73b0\u4e86\u4f18\u5148\u7ea7\u62a2\u5360\u7b56\u7565\uff0c\u5373 Preemption scheduling \u7b56\u7565\u3002\u5728\u96c6\u7fa4\u8d44\u6e90\u6709\u9650\u4e14\u591a\u4e2a Job \u7b49\u5f85\u8c03\u5ea6\u65f6\uff0c \u5982\u679c\u4f7f\u7528 Kubernetes \u9ed8\u8ba4\u8c03\u5ea6\u5668\uff0c\u53ef\u80fd\u4f1a\u5bfc\u81f4\u5177\u6709\u66f4\u591a Pod \u6570\u91cf\u7684 Job \u5206\u5f97\u66f4\u591a\u8d44\u6e90\u3002\u800c Volcano-scheduler \u63d0\u4f9b\u4e86\u7b97\u6cd5\uff0c\u652f\u6301\u4e0d\u540c\u7684 Job \u4ee5 fair-share \u7684\u5f62\u5f0f\u5171\u4eab\u96c6\u7fa4\u8d44\u6e90\u3002
Priority \u63d2\u4ef6\u5141\u8bb8\u7528\u6237\u81ea\u5b9a\u4e49 Job \u548c Task \u7684\u4f18\u5148\u7ea7\uff0c\u5e76\u6839\u636e\u9700\u6c42\u5728\u4e0d\u540c\u5c42\u6b21\u4e0a\u5b9a\u5236\u8c03\u5ea6\u7b56\u7565\u3002 \u4f8b\u5982\uff0c\u5bf9\u4e8e\u91d1\u878d\u573a\u666f\u3001\u7269\u8054\u7f51\u76d1\u63a7\u573a\u666f\u7b49\u9700\u8981\u8f83\u9ad8\u5b9e\u65f6\u6027\u7684\u5e94\u7528\uff0cPriority \u63d2\u4ef6\u80fd\u591f\u786e\u4fdd\u5176\u4f18\u5148\u5f97\u5230\u8c03\u5ea6\u3002
"},{"location":"admin/kpanda/gpu/volcano/volcano_priority.html#_1","title":"\u4f7f\u7528\u65b9\u5f0f","text":"\u4f18\u5148\u7ea7\u7684\u51b3\u5b9a\u57fa\u4e8e\u914d\u7f6e\u7684 PriorityClass \u4e2d\u7684 Value \u503c\uff0c\u503c\u8d8a\u5927\u4f18\u5148\u7ea7\u8d8a\u9ad8\u3002\u9ed8\u8ba4\u5df2\u542f\u7528\uff0c\u65e0\u9700\u4fee\u6539\u3002\u53ef\u901a\u8fc7\u4ee5\u4e0b\u547d\u4ee4\u786e\u8ba4\u6216\u4fee\u6539\u3002
kubectl -n volcano-system edit configmaps volcano-scheduler-configmap\n
"},{"location":"admin/kpanda/gpu/volcano/volcano_priority.html#_2","title":"\u4f7f\u7528\u6848\u4f8b","text":"\u5047\u8bbe\u96c6\u7fa4\u4e2d\u5b58\u5728\u4e24\u4e2a\u7a7a\u95f2\u8282\u70b9\uff0c\u5e76\u6709\u4e09\u4e2a\u4f18\u5148\u7ea7\u4e0d\u540c\u7684\u5de5\u4f5c\u8d1f\u8f7d\uff1ahigh-priority\u3001med-priority \u548c low-priority\u3002 \u5f53 high-priority \u5de5\u4f5c\u8d1f\u8f7d\u8fd0\u884c\u5e76\u5360\u6ee1\u96c6\u7fa4\u8d44\u6e90\u540e\uff0c\u518d\u63d0\u4ea4 med-priority \u548c low-priority \u5de5\u4f5c\u8d1f\u8f7d\u3002 \u7531\u4e8e\u96c6\u7fa4\u8d44\u6e90\u5168\u90e8\u88ab\u66f4\u9ad8\u4f18\u5148\u7ea7\u7684\u5de5\u4f5c\u8d1f\u8f7d\u5360\u7528\uff0cmed-priority \u548c low-priority \u5de5\u4f5c\u8d1f\u8f7d\u5c06\u5904\u4e8e pending \u72b6\u6001\u3002 \u5f53 high-priority \u5de5\u4f5c\u8d1f\u8f7d\u7ed3\u675f\u540e\uff0c\u6839\u636e\u4f18\u5148\u7ea7\u8c03\u5ea6\u539f\u5219\uff0cmed-priority \u5de5\u4f5c\u8d1f\u8f7d\u5c06\u4f18\u5148\u88ab\u8c03\u5ea6\u3002
\u901a\u8fc7 priority.yaml \u521b\u5efa 3 \u4e2a\u4f18\u5148\u7ea7\u5b9a\u4e49\uff0c\u5206\u522b\u4e3a\uff1ahigh-priority\uff0cmed-priority\uff0clow-priority\u3002
\u67e5\u770b priority.yaml
cat <<EOF | kubectl apply -f - \napiVersion: scheduling.k8s.io/v1 \nkind: PriorityClass \nitems: \n - metadata: \n name: high-priority \n value: 100 \n globalDefault: false \n description: \"This priority class should be used for volcano job only.\" \n - metadata: \n name: med-priority \n value: 50 \n globalDefault: false \n description: \"This priority class should be used for volcano job only.\" \n - metadata: \n name: low-priority \n value: 10 \n globalDefault: false \n description: \"This priority class should be used for volcano job only.\" \nEOF\n
2. \u67e5\u770b\u4f18\u5148\u7ea7\u5b9a\u4e49\u4fe1\u606f\u3002 kubectl get PriorityClass\n
NAME VALUE GLOBAL-DEFAULT AGE \nhigh-priority 100 false 97s \nlow-priority 10 false 97s \nmed-priority 50 false 97s \nsystem-cluster-critical 2000000000 false 6d6h \nsystem-node-critical 2000001000 false 6d6h\n
\u521b\u5efa\u9ad8\u4f18\u5148\u7ea7\u5de5\u4f5c\u8d1f\u8f7d high-priority-job\uff0c\u5360\u7528\u96c6\u7fa4\u7684\u5168\u90e8\u8d44\u6e90\u3002
\u67e5\u770b high-priority-jobcat <<EOF | kubectl apply -f - \napiVersion: batch.volcano.sh/v1alpha1 \nkind: Job \nmetadata: \n name: priority-high \nspec: \n schedulerName: volcano \n minAvailable: 4 \n priorityClassName: high-priority \n tasks: \n - replicas: 4 \n name: \"test\" \n template: \n spec: \n containers: \n - image: alpine \n command: [\"/bin/sh\", \"-c\", \"sleep 1000\"] \n imagePullPolicy: IfNotPresent \n name: running \n resources: \n requests: \n cpu: \"4\" \n restartPolicy: OnFailure \nEOF\n
\u901a\u8fc7 kubectl get pod
\u67e5\u770b Pod\u8fd0\u884c \u4fe1\u606f\uff1a
kubectl get pods\n
NAME READY STATUS RESTARTS AGE \npriority-high-test-0 1/1 Running 0 3s \npriority-high-test-1 1/1 Running 0 3s \npriority-high-test-2 1/1 Running 0 3s \npriority-high-test-3 1/1 Running 0 3s\n
\u6b64\u65f6\uff0c\u96c6\u7fa4\u8282\u70b9\u8d44\u6e90\u5df2\u5168\u90e8\u88ab\u5360\u7528\u3002
\u521b\u5efa\u4e2d\u4f18\u5148\u7ea7\u5de5\u4f5c\u8d1f\u8f7d med-priority-job \u548c\u4f4e\u4f18\u5148\u7ea7\u5de5\u4f5c\u8d1f\u8f7d low-priority-job\u3002
med-priority-jobcat <<EOF | kubectl apply -f - \napiVersion: batch.volcano.sh/v1alpha1 \nkind: Job \nmetadata: \n name: priority-medium \nspec: \n schedulerName: volcano \n minAvailable: 4 \n priorityClassName: med-priority \n tasks: \n - replicas: 4 \n name: \"test\" \n template: \n spec: \n containers: \n - image: alpine \n command: [\"/bin/sh\", \"-c\", \"sleep 1000\"] \n imagePullPolicy: IfNotPresent \n name: running \n resources: \n requests: \n cpu: \"4\" \n restartPolicy: OnFailure \nEOF\n
low-priority-jobcat <<EOF | kubectl apply -f - \napiVersion: batch.volcano.sh/v1alpha1 \nkind: Job \nmetadata: \n name: priority-low \nspec: \n schedulerName: volcano \n minAvailable: 4 \n priorityClassName: low-priority \n tasks: \n - replicas: 4 \n name: \"test\" \n template: \n spec: \n containers: \n - image: alpine \n command: [\"/bin/sh\", \"-c\", \"sleep 1000\"] \n imagePullPolicy: IfNotPresent \n name: running \n resources: \n requests: \n cpu: \"4\" \n restartPolicy: OnFailure \nEOF\n
\u901a\u8fc7 kubectl get pod
\u67e5\u770b Pod \u8fd0\u884c\u4fe1\u606f\uff0c\u96c6\u7fa4\u8d44\u6e90\u4e0d\u8db3\uff0cPod \u5904\u4e8e Pending \u72b6\u6001\uff1a
kubectl get pods\n
NAME READY STATUS RESTARTS AGE \npriority-high-test-0 1/1 Running 0 3m29s \npriority-high-test-1 1/1 Running 0 3m29s \npriority-high-test-2 1/1 Running 0 3m29s \npriority-high-test-3 1/1 Running 0 3m29s \npriority-low-test-0 0/1 Pending 0 2m26s \npriority-low-test-1 0/1 Pending 0 2m26s \npriority-low-test-2 0/1 Pending 0 2m26s \npriority-low-test-3 0/1 Pending 0 2m26s \npriority-medium-test-0 0/1 Pending 0 2m36s \npriority-medium-test-1 0/1 Pending 0 2m36s \npriority-medium-test-2 0/1 Pending 0 2m36s \npriority-medium-test-3 0/1 Pending 0 2m36s\n
\u5220\u9664 high_priority_job \u5de5\u4f5c\u8d1f\u8f7d\uff0c\u91ca\u653e\u96c6\u7fa4\u8d44\u6e90\uff0cmed_priority_job \u4f1a\u88ab\u4f18\u5148\u8c03\u5ea6\u3002 \u6267\u884c kubectl delete -f high_priority_job.yaml
\u91ca\u653e\u96c6\u7fa4\u8d44\u6e90\uff0c\u67e5\u770b Pod \u7684\u8c03\u5ea6\u4fe1\u606f\uff1a
kubectl get pods\n
NAME READY STATUS RESTARTS AGE \npriority-low-test-0 0/1 Pending 0 5m18s \npriority-low-test-1 0/1 Pending 0 5m18s \npriority-low-test-2 0/1 Pending 0 5m18s \npriority-low-test-3 0/1 Pending 0 5m18s \npriority-medium-test-0 1/1 Running 0 5m28s \npriority-medium-test-1 1/1 Running 0 5m28s \npriority-medium-test-2 1/1 Running 0 5m28s \npriority-medium-test-3 1/1 Running 0 5m28s\n
\u968f\u7740 Kubernetes\uff08K8s\uff09\u6210\u4e3a\u4e91\u539f\u751f\u5e94\u7528\u7f16\u6392\u4e0e\u7ba1\u7406\u7684\u9996\u9009\u5e73\u53f0\uff0c\u4f17\u591a\u5e94\u7528\u6b63\u79ef\u6781\u5411 K8s \u8fc1\u79fb\u3002 \u5728\u4eba\u5de5\u667a\u80fd\u4e0e\u673a\u5668\u5b66\u4e60\u9886\u57df\uff0c\u7531\u4e8e\u8fd9\u4e9b\u4efb\u52a1\u901a\u5e38\u6d89\u53ca\u5927\u91cf\u8ba1\u7b97\uff0c\u5f00\u53d1\u8005\u503e\u5411\u4e8e\u5728 Kubernetes \u4e0a\u6784\u5efa AI \u5e73\u53f0\uff0c \u4ee5\u5145\u5206\u5229\u7528\u5176\u5728\u8d44\u6e90\u7ba1\u7406\u3001\u5e94\u7528\u7f16\u6392\u53ca\u8fd0\u7ef4\u76d1\u63a7\u65b9\u9762\u7684\u4f18\u52bf\u3002
\u7136\u800c\uff0cKubernetes \u7684\u9ed8\u8ba4\u8c03\u5ea6\u5668\u4e3b\u8981\u9488\u5bf9\u957f\u671f\u8fd0\u884c\u7684\u670d\u52a1\u8bbe\u8ba1\uff0c\u5bf9\u4e8e AI\u3001\u5927\u6570\u636e\u7b49\u9700\u8981\u6279\u91cf\u548c\u5f39\u6027\u8c03\u5ea6\u7684\u4efb\u52a1\u5b58\u5728\u8bf8\u591a\u4e0d\u8db3\u3002 \u4f8b\u5982\uff0c\u5728\u8d44\u6e90\u7ade\u4e89\u6fc0\u70c8\u7684\u60c5\u51b5\u4e0b\uff0c\u9ed8\u8ba4\u8c03\u5ea6\u5668\u53ef\u80fd\u5bfc\u81f4\u8d44\u6e90\u5206\u914d\u4e0d\u5747\uff0c\u8fdb\u800c\u5f71\u54cd\u4efb\u52a1\u7684\u6b63\u5e38\u6267\u884c\u3002
\u4ee5 TensorFlow \u4f5c\u4e1a\u4e3a\u4f8b\uff0c\u5176\u5305\u542b PS\uff08\u53c2\u6570\u670d\u52a1\u5668\uff09\u548c Worker \u4e24\u79cd\u89d2\u8272\uff0c\u4e24\u8005\u9700\u534f\u540c\u5de5\u4f5c\u624d\u80fd\u5b8c\u6210\u4efb\u52a1\u3002 \u82e5\u4ec5\u90e8\u7f72\u5355\u4e00\u89d2\u8272\uff0c\u4f5c\u4e1a\u5c06\u65e0\u6cd5\u8fd0\u884c\u3002\u800c\u9ed8\u8ba4\u8c03\u5ea6\u5668\u5bf9 Pod \u7684\u8c03\u5ea6\u662f\u9010\u4e2a\u8fdb\u884c\u7684\uff0c\u65e0\u6cd5\u611f\u77e5 TFJob \u4e2d PS \u548c Worker \u7684\u4f9d\u8d56\u5173\u7cfb\u3002 \u5728\u9ad8\u8d1f\u8f7d\u60c5\u51b5\u4e0b\uff0c\u8fd9\u53ef\u80fd\u5bfc\u81f4\u591a\u4e2a\u4f5c\u4e1a\u5404\u81ea\u5206\u914d\u5230\u90e8\u5206\u8d44\u6e90\uff0c\u4f46\u5747\u65e0\u6cd5\u5b8c\u6210\uff0c\u4ece\u800c\u9020\u6210\u8d44\u6e90\u6d6a\u8d39\u3002
"},{"location":"admin/kpanda/gpu/volcano/volcano_user_guide.html#volcano_1","title":"Volcano \u7684\u8c03\u5ea6\u7b56\u7565\u4f18\u52bf","text":"Volcano \u63d0\u4f9b\u4e86\u591a\u79cd\u8c03\u5ea6\u7b56\u7565\uff0c\u4ee5\u5e94\u5bf9\u4e0a\u8ff0\u6311\u6218\u3002\u5176\u4e2d\uff0cGang-scheduling \u7b56\u7565\u80fd\u786e\u4fdd\u5206\u5e03\u5f0f\u673a\u5668\u5b66\u4e60\u8bad\u7ec3\u8fc7\u7a0b\u4e2d\u591a\u4e2a\u4efb\u52a1\uff08Pod\uff09\u540c\u65f6\u542f\u52a8\uff0c \u907f\u514d\u6b7b\u9501\uff1bPreemption scheduling \u7b56\u7565\u5219\u5141\u8bb8\u9ad8\u4f18\u5148\u7ea7\u4f5c\u4e1a\u5728\u8d44\u6e90\u4e0d\u8db3\u65f6\u62a2\u5360\u4f4e\u4f18\u5148\u7ea7\u4f5c\u4e1a\u7684\u8d44\u6e90\uff0c\u786e\u4fdd\u5173\u952e\u4efb\u52a1\u4f18\u5148\u5b8c\u6210\u3002
\u6b64\u5916\uff0cVolcano \u4e0e Spark\u3001TensorFlow\u3001PyTorch \u7b49\u4e3b\u6d41\u8ba1\u7b97\u6846\u67b6\u65e0\u7f1d\u5bf9\u63a5\uff0c\u5e76\u652f\u6301 CPU \u548c GPU \u7b49\u5f02\u6784\u8bbe\u5907\u7684\u6df7\u5408\u8c03\u5ea6\uff0c\u4e3a AI \u8ba1\u7b97\u4efb\u52a1\u63d0\u4f9b\u4e86\u5168\u9762\u7684\u4f18\u5316\u652f\u6301\u3002
\u63a5\u4e0b\u6765\uff0c\u6211\u4eec\u5c06\u4ecb\u7ecd\u5982\u4f55\u5b89\u88c5\u548c\u4f7f\u7528 Volcano\uff0c\u4ee5\u4fbf\u60a8\u80fd\u591f\u5145\u5206\u5229\u7528\u5176\u8c03\u5ea6\u7b56\u7565\u4f18\u52bf\uff0c\u4f18\u5316 AI \u8ba1\u7b97\u4efb\u52a1\u3002
"},{"location":"admin/kpanda/gpu/volcano/volcano_user_guide.html#volcano_2","title":"\u5b89\u88c5 Volcano","text":"\u5728 \u96c6\u7fa4\u8be6\u60c5 -> Helm \u5e94\u7528 -> Helm \u6a21\u677f \u4e2d\u627e\u5230 Volcano \u5e76\u5b89\u88c5\u3002
\u68c0\u67e5\u5e76\u786e\u8ba4 Volcano \u662f\u5426\u5b89\u88c5\u5b8c\u6210\uff0c\u5373 volcano-admission\u3001volcano-controllers\u3001volcano-scheduler \u7ec4\u4ef6\u662f\u5426\u6b63\u5e38\u8fd0\u884c\u3002
\u901a\u5e38 Volcano \u4f1a\u548c AI Lab \u5e73\u53f0\u914d\u5408\u4f7f\u7528\uff0c\u4ee5\u5b9e\u73b0\u6570\u636e\u96c6\u3001Notebook\u3001\u4efb\u52a1\u8bad\u7ec3\u7684\u6574\u4e2a\u5f00\u53d1\u3001\u8bad\u7ec3\u6d41\u7a0b\u7684\u6709\u6548\u95ed\u73af\u3002
"},{"location":"admin/kpanda/helm/index.html","title":"Helm \u6a21\u677f","text":"Helm \u662f Kubernetes \u7684\u5305\u7ba1\u7406\u5de5\u5177\uff0c\u65b9\u4fbf\u7528\u6237\u5feb\u901f\u53d1\u73b0\u3001\u5171\u4eab\u548c\u4f7f\u7528 Kubernetes \u6784\u5efa\u7684\u5e94\u7528\u3002\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u63d0\u4f9b\u4e86\u4e0a\u767e\u4e2a Helm \u6a21\u677f\uff0c\u6db5\u76d6\u5b58\u50a8\u3001\u7f51\u7edc\u3001\u76d1\u63a7\u3001\u6570\u636e\u5e93\u7b49\u4e3b\u8981\u573a\u666f\u3002\u501f\u52a9\u8fd9\u4e9b\u6a21\u677f\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7 UI \u754c\u9762\u5feb\u901f\u90e8\u7f72\u3001\u4fbf\u6377\u7ba1\u7406 Helm \u5e94\u7528\u3002\u6b64\u5916\uff0c\u652f\u6301\u901a\u8fc7\u6dfb\u52a0 Helm \u4ed3\u5e93 \u6dfb\u52a0\u66f4\u591a\u7684\u4e2a\u6027\u5316\u6a21\u677f\uff0c\u6ee1\u8db3\u591a\u6837\u9700\u6c42\u3002
\u5173\u952e\u6982\u5ff5\uff1a
\u4f7f\u7528 Helm \u65f6\u9700\u8981\u4e86\u89e3\u4ee5\u4e0b\u51e0\u4e2a\u5173\u952e\u6982\u5ff5\uff1a
Chart\uff1a\u4e00\u4e2a Helm \u5b89\u88c5\u5305\uff0c\u5176\u4e2d\u5305\u542b\u4e86\u8fd0\u884c\u4e00\u4e2a\u5e94\u7528\u6240\u9700\u8981\u7684\u955c\u50cf\u3001\u4f9d\u8d56\u548c\u8d44\u6e90\u5b9a\u4e49\u7b49\uff0c\u8fd8\u53ef\u80fd\u5305\u542b Kubernetes \u96c6\u7fa4\u4e2d\u7684\u670d\u52a1\u5b9a\u4e49\uff0c\u7c7b\u4f3c Homebrew \u4e2d\u7684 formula\u3001APT \u7684 dpkg \u6216\u8005 Yum \u7684 rpm \u6587\u4ef6\u3002Chart \u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4e2d\u79f0\u4e3a Helm \u6a21\u677f \u3002
Release\uff1a\u5728 Kubernetes \u96c6\u7fa4\u4e0a\u8fd0\u884c\u7684\u4e00\u4e2a Chart \u5b9e\u4f8b\u3002\u4e00\u4e2a Chart \u53ef\u4ee5\u5728\u540c\u4e00\u4e2a\u96c6\u7fa4\u5185\u591a\u6b21\u5b89\u88c5\uff0c\u6bcf\u6b21\u5b89\u88c5\u90fd\u4f1a\u521b\u5efa\u4e00\u4e2a\u65b0\u7684 Release\u3002Release \u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4e2d\u79f0\u4e3a Helm \u5e94\u7528 \u3002
Repository\uff1a\u7528\u4e8e\u53d1\u5e03\u548c\u5b58\u50a8 Chart \u7684\u5b58\u50a8\u5e93\u3002Repository \u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4e2d\u79f0\u4e3a Helm \u4ed3\u5e93\u3002
\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u524d\u5f80 Helm \u5b98\u7f51\u67e5\u770b\u3002
\u76f8\u5173\u64cd\u4f5c\uff1a
\u672c\u6587\u4ece\u79bb\u7ebf\u548c\u5728\u7ebf\u4e24\u79cd\u73af\u5883\u8bf4\u660e\u5982\u4f55\u5c06 Helm \u5e94\u7528\u5bfc\u5165\u5230\u7cfb\u7edf\u5185\u7f6e\u7684 Addon \u4e2d\u3002
"},{"location":"admin/kpanda/helm/Import-addon.html#_1","title":"\u79bb\u7ebf\u73af\u5883","text":"\u79bb\u7ebf\u73af\u5883\u6307\u7684\u662f\u65e0\u6cd5\u8fde\u901a\u4e92\u8054\u7f51\u6216\u5c01\u95ed\u7684\u79c1\u6709\u7f51\u7edc\u73af\u5883\u3002
"},{"location":"admin/kpanda/helm/Import-addon.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":".relok8s-images.yaml
\u6587\u4ef6\u3002\u8be5\u6587\u4ef6\u9700\u8981\u5305\u542b Chart \u4e2d\u6240\u6709\u4f7f\u7528\u5230\u955c\u50cf\uff0c \u4e5f\u53ef\u4ee5\u5305\u542b Chart \u4e2d\u672a\u76f4\u63a5\u4f7f\u7528\u7684\u955c\u50cf\uff0c\u7c7b\u4f3c Operator \u4e2d\u4f7f\u7528\u7684\u955c\u50cf\u3002Note
\u5bb9\u5668\u7ba1\u7406
-> Helm \u5e94\u7528
-> Helm \u4ed3\u5e93
\uff0c\u641c\u7d22 addon\uff0c\u83b7\u53d6\u5185\u7f6e\u4ed3\u5e93\u5730\u5740\u548c\u7528\u6237\u540d/\u5bc6\u7801\uff08\u7cfb\u7edf\u5185\u7f6e\u4ed3\u5e93\u9ed8\u8ba4\u7528\u6237\u540d/\u5bc6\u7801\u4e3a rootuser/rootpass123\uff09\u3002\u540c\u6b65 Helm Chart \u5230\u5bb9\u5668\u7ba1\u7406\u5185\u7f6e\u4ed3\u5e93 Addon
\u7f16\u5199\u5982\u4e0b\u914d\u7f6e\u6587\u4ef6\uff0c\u53ef\u4ee5\u6839\u636e\u5177\u4f53\u914d\u7f6e\u4fee\u6539\uff0c\u5e76\u4fdd\u5b58\u4e3a sync-dao-2048.yaml
\u3002
source: # helm charts \u6e90\u4fe1\u606f\n repo:\n kind: HARBOR # \u4e5f\u53ef\u4ee5\u662f\u4efb\u4f55\u5176\u4ed6\u652f\u6301\u7684 Helm Chart \u4ed3\u5e93\u7c7b\u522b\uff0c\u6bd4\u5982 CHARTMUSEUM\n url: https://release-ci.daocloud.io/chartrepo/community # \u9700\u66f4\u6539\u4e3a chart repo url\n #auth: # \u7528\u6237\u540d/\u5bc6\u7801,\u82e5\u6ca1\u6709\u8bbe\u7f6e\u5bc6\u7801\u53ef\u4ee5\u4e0d\u586b\u5199\n #username: \"admin\"\n #password: \"Harbor12345\"\ncharts: # \u9700\u8981\u540c\u6b65\n - name: dao-2048 # helm charts \u4fe1\u606f\uff0c\u82e5\u4e0d\u586b\u5199\u5219\u540c\u6b65\u6e90 helm repo \u5185\u6240\u6709 charts\n versions:\n - 1.4.1\ntarget: # helm charts \u76ee\u6807\u4fe1\u606f\n containerRegistry: 10.5.14.40 # \u955c\u50cf\u4ed3\u5e93 url\n repo:\n kind: CHARTMUSEUM # \u4e5f\u53ef\u4ee5\u662f\u4efb\u4f55\u5176\u4ed6\u652f\u6301\u7684 Helm Chart \u4ed3\u5e93\u7c7b\u522b\uff0c\u6bd4\u5982 HARBOR\n url: http://10.5.14.40:8081 # \u9700\u66f4\u6539\u4e3a\u6b63\u786e chart repo url\uff0c\u53ef\u4ee5\u901a\u8fc7 helm repo add $HELM-REPO \u9a8c\u8bc1\u5730\u5740\u662f\u5426\u6b63\u786e\n auth: # \u7528\u6237\u540d/\u5bc6\u7801\uff0c\u82e5\u6ca1\u6709\u8bbe\u7f6e\u5bc6\u7801\u53ef\u4ee5\u4e0d\u586b\u5199\n username: \"rootuser\"\n password: \"rootpass123\"\n containers:\n # kind: HARBOR # \u82e5\u955c\u50cf\u4ed3\u5e93\u4e3a HARBOR \u4e14\u5e0c\u671b charts-syncer \u81ea\u52a8\u521b\u5efa\u955c\u50cf Repository \u5219\u586b\u5199\u8be5\u5b57\u6bb5 \n # auth: # \u7528\u6237\u540d/\u5bc6\u7801\uff0c\u82e5\u6ca1\u6709\u8bbe\u7f6e\u5bc6\u7801\u53ef\u4ee5\u4e0d\u586b\u5199 \n # username: \"admin\"\n # password: \"Harbor12345\"\n\n# leverage .relok8s-images.yaml file inside the Charts to move the container images too\nrelocateContainerImages: true\n
\u6267\u884c charts-syncer \u547d\u4ee4\u540c\u6b65 Chart \u53ca\u5176\u5305\u542b\u7684\u955c\u50cf
charts-syncer sync --config sync-dao-2048.yaml --insecure --auto-create-repository\n
\u9884\u671f\u8f93\u51fa\u4e3a\uff1a
I1222 15:01:47.119777 8743 sync.go:45] Using config file: \"examples/sync-dao-2048.yaml\"\nW1222 15:01:47.234238 8743 syncer.go:263] Ignoring skipDependencies option as dependency sync is not supported if container image relocation is true or syncing from/to intermediate directory\nI1222 15:01:47.234685 8743 sync.go:58] There is 1 chart out of sync!\nI1222 15:01:47.234706 8743 sync.go:66] Syncing \"dao-2048_1.4.1\" chart...\n.relok8s-images.yaml hints file found\nComputing relocation...\n\nRelocating dao-2048@1.4.1...\nPushing 10.5.14.40/daocloud/dao-2048:v1.4.1...\nDone\nDone moving /var/folders/vm/08vw0t3j68z9z_4lcqyhg8nm0000gn/T/charts-syncer869598676/dao-2048-1.4.1.tgz\n
\u5f85\u4e0a\u4e00\u6b65\u6267\u884c\u5b8c\u6210\u540e\uff0c\u8fdb\u5165\u5bb9\u5668\u7ba1\u7406
-> Helm \u5e94\u7528
-> Helm \u4ed3\u5e93
\uff0c\u627e\u5230\u5bf9\u5e94 Addon\uff0c \u5728\u64cd\u4f5c\u680f\u70b9\u51fb\u540c\u6b65\u4ed3\u5e93
\uff0c\u56de\u5230 Helm \u6a21\u677f\u5c31\u53ef\u4ee5\u770b\u5230\u4e0a\u4f20\u7684 Helm \u5e94\u7528
\u540e\u7eed\u53ef\u6b63\u5e38\u8fdb\u884c\u5b89\u88c5\u3001\u5347\u7ea7\u3001\u5378\u8f7d
\u5728\u7ebf\u73af\u5883\u7684 Helm Repo \u5730\u5740\u4e3a release.daocloud.io
\u3002 \u5982\u679c\u7528\u6237\u65e0\u6743\u9650\u6dfb\u52a0 Helm Repo\uff0c\u5219\u65e0\u6cd5\u5c06\u81ea\u5b9a\u4e49 Helm \u5e94\u7528\u5bfc\u5165\u7cfb\u7edf\u5185\u7f6e Addon\u3002 \u60a8\u53ef\u4ee5\u6dfb\u52a0\u81ea\u5df1\u642d\u5efa\u7684 Helm \u4ed3\u5e93\uff0c\u7136\u540e\u6309\u7167\u79bb\u7ebf\u73af\u5883\u4e2d\u540c\u6b65 Helm Chart \u7684\u6b65\u9aa4\u5c06\u60a8\u7684 Helm \u4ed3\u5e93\u96c6\u6210\u5230\u5e73\u53f0\u4f7f\u7528\u3002
\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u652f\u6301\u5bf9 Helm \u8fdb\u884c\u754c\u9762\u5316\u7ba1\u7406\uff0c\u5305\u62ec\u4f7f\u7528 Helm \u6a21\u677f\u521b\u5efa Helm \u5b9e\u4f8b\u3001\u81ea\u5b9a\u4e49 Helm \u5b9e\u4f8b\u53c2\u6570\u3001\u5bf9 Helm \u5b9e\u4f8b\u8fdb\u884c\u5168\u751f\u547d\u5468\u671f\u7ba1\u7406\u7b49\u529f\u80fd\u3002
\u672c\u8282\u5c06\u4ee5 cert-manager \u4e3a\u4f8b\uff0c\u4ecb\u7ecd\u5982\u4f55\u901a\u8fc7\u5bb9\u5668\u7ba1\u7406\u754c\u9762\u521b\u5efa\u5e76\u7ba1\u7406 Helm \u5e94\u7528\u3002
"},{"location":"admin/kpanda/helm/helm-app.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u5df2\u63a5\u5165 Kubernetes \u96c6\u7fa4\u6216\u8005\u5df2\u521b\u5efa Kubernetes \u96c6\u7fa4\uff0c\u4e14\u80fd\u591f\u8bbf\u95ee\u96c6\u7fa4\u7684 UI \u754c\u9762\u3002
\u5df2\u5b8c\u6210\u4e00\u4e2a\u547d\u540d\u7a7a\u95f4\u7684\u521b\u5efa\u3001\u7528\u6237\u7684\u521b\u5efa\uff0c\u5e76\u4e3a\u7528\u6237\u6388\u4e88 NS Admin \u6216\u66f4\u9ad8\u6743\u9650\uff0c\u8be6\u60c5\u53ef\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u6388\u6743\u3002
\u53c2\u7167\u4ee5\u4e0b\u6b65\u9aa4\u5b89\u88c5 Helm \u5e94\u7528\u3002
\u70b9\u51fb\u4e00\u4e2a\u96c6\u7fa4\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\uff0c\u4f9d\u6b21\u70b9\u51fb Helm \u5e94\u7528 -> Helm \u6a21\u677f \uff0c\u8fdb\u5165 Helm \u6a21\u677f\u9875\u9762\u3002
\u5728 Helm \u6a21\u677f\u9875\u9762\u9009\u62e9\u540d\u4e3a addon \u7684 Helm \u4ed3\u5e93\uff0c\u6b64\u65f6\u754c\u9762\u4e0a\u5c06\u5448\u73b0 addon \u4ed3\u5e93\u4e0b\u6240\u6709\u7684 Helm chart \u6a21\u677f\u3002 \u70b9\u51fb\u540d\u79f0\u4e3a cert-manager \u7684 Chart\u3002
\u5728\u5b89\u88c5\u9875\u9762\uff0c\u80fd\u591f\u770b\u5230 Chart \u7684\u76f8\u5173\u8be6\u7ec6\u4fe1\u606f\uff0c\u5728\u754c\u9762\u53f3\u4e0a\u89d2\u9009\u62e9\u9700\u8981\u5b89\u88c5\u7684\u7248\u672c\uff0c\u70b9\u51fb \u5b89\u88c5 \u6309\u94ae\u3002\u6b64\u5904\u9009\u62e9 v1.9.1 \u7248\u672c\u8fdb\u884c\u5b89\u88c5\u3002
\u914d\u7f6e \u540d\u79f0 \u3001 \u547d\u540d\u7a7a\u95f4 \u53ca \u7248\u672c\u4fe1\u606f \uff0c\u4e5f\u53ef\u4ee5\u5728\u4e0b\u65b9\u7684 \u53c2\u6570\u914d\u7f6e \u533a\u57df\u901a\u8fc7\u4fee\u6539 YAML \u6765\u81ea\u5b9a\u4e49\u53c2\u6570\u3002\u70b9\u51fb \u786e\u5b9a \u3002
\u7cfb\u7edf\u5c06\u81ea\u52a8\u8fd4\u56de Helm \u5e94\u7528\u5217\u8868\uff0c\u65b0\u521b\u5efa\u7684 Helm \u5e94\u7528\u72b6\u6001\u4e3a \u5b89\u88c5\u4e2d \uff0c\u7b49\u5f85\u4e00\u6bb5\u65f6\u95f4\u540e\u72b6\u6001\u53d8\u4e3a \u8fd0\u884c\u4e2d \u3002
\u5f53\u6211\u4eec\u901a\u8fc7\u754c\u9762\u5b8c\u6210\u4e00\u4e2a Helm \u5e94\u7528\u7684\u5b89\u88c5\u540e\uff0c\u6211\u4eec\u53ef\u4ee5\u5bf9 Helm \u5e94\u7528\u6267\u884c\u66f4\u65b0\u64cd\u4f5c\u3002\u6ce8\u610f\uff1a\u53ea\u6709\u901a\u8fc7\u754c\u9762\u5b89\u88c5\u7684 Helm \u5e94\u7528\u624d\u652f\u6301\u4f7f\u7528\u754c\u9762\u8fdb\u884c\u66f4\u65b0\u64cd\u4f5c\u3002
\u53c2\u7167\u4ee5\u4e0b\u6b65\u9aa4\u66f4\u65b0 Helm \u5e94\u7528\u3002
\u70b9\u51fb\u4e00\u4e2a\u96c6\u7fa4\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\uff0c\u70b9\u51fb Helm \u5e94\u7528 \uff0c\u8fdb\u5165 Helm \u5e94\u7528\u5217\u8868\u9875\u9762\u3002
\u5728 Helm \u5e94\u7528\u5217\u8868\u9875\u9009\u62e9\u9700\u8981\u66f4\u65b0\u7684 Helm \u5e94\u7528\uff0c\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507 \u64cd\u4f5c\u6309\u94ae\uff0c\u5728\u4e0b\u62c9\u9009\u62e9\u4e2d\u9009\u62e9 \u66f4\u65b0 \u64cd\u4f5c\u3002
\u70b9\u51fb \u66f4\u65b0 \u6309\u94ae\u540e\uff0c\u7cfb\u7edf\u5c06\u8df3\u8f6c\u81f3\u66f4\u65b0\u754c\u9762\uff0c\u60a8\u53ef\u4ee5\u6839\u636e\u9700\u8981\u5bf9 Helm \u5e94\u7528\u8fdb\u884c\u66f4\u65b0\uff0c\u6b64\u5904\u6211\u4eec\u4ee5\u66f4\u65b0 dao-2048 \u8fd9\u4e2a\u5e94\u7528\u7684 http \u7aef\u53e3\u4e3a\u4f8b\u3002
\u4fee\u6539\u5b8c\u76f8\u5e94\u53c2\u6570\u540e\u3002\u60a8\u53ef\u4ee5\u5728\u53c2\u6570\u914d\u7f6e\u4e0b\u70b9\u51fb \u53d8\u5316 \u6309\u94ae\uff0c\u5bf9\u6bd4\u4fee\u6539\u524d\u540e\u7684\u6587\u4ef6\uff0c\u786e\u5b9a\u65e0\u8bef\u540e\uff0c\u70b9\u51fb\u5e95\u90e8 \u786e\u5b9a \u6309\u94ae\uff0c\u5b8c\u6210 Helm \u5e94\u7528\u7684\u66f4\u65b0\u3002
\u7cfb\u7edf\u5c06\u81ea\u52a8\u8fd4\u56de Helm \u5e94\u7528\u5217\u8868\uff0c\u53f3\u4e0a\u89d2\u5f39\u7a97\u63d0\u793a \u66f4\u65b0\u6210\u529f \u3002
Helm \u5e94\u7528\u7684\u6bcf\u6b21\u5b89\u88c5\u3001\u66f4\u65b0\u3001\u5220\u9664\u90fd\u6709\u8be6\u7ec6\u7684\u64cd\u4f5c\u8bb0\u5f55\u548c\u65e5\u5fd7\u53ef\u4f9b\u67e5\u770b\u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\uff0c\u4f9d\u6b21\u70b9\u51fb \u96c6\u7fa4\u8fd0\u7ef4 -> \u6700\u8fd1\u64cd\u4f5c \uff0c\u7136\u540e\u5728\u9875\u9762\u4e0a\u65b9\u9009\u62e9 Helm \u64cd\u4f5c \u6807\u7b7e\u9875\u3002\u6bcf\u4e00\u6761\u8bb0\u5f55\u5bf9\u5e94\u4e00\u6b21\u5b89\u88c5/\u66f4\u65b0/\u5220\u9664\u64cd\u4f5c\u3002
\u5982\u9700\u67e5\u770b\u6bcf\u4e00\u6b21\u64cd\u4f5c\u7684\u8be6\u7ec6\u65e5\u5fd7\uff1a\u5728\u5217\u8868\u53f3\u4fa7\u70b9\u51fb \u2507 \uff0c\u5728\u5f39\u51fa\u83dc\u5355\u4e2d\u9009\u62e9 \u65e5\u5fd7 \u3002
\u6b64\u65f6\u9875\u9762\u4e0b\u65b9\u5c06\u4ee5\u63a7\u5236\u53f0\u7684\u5f62\u5f0f\u5c55\u793a\u8be6\u7ec6\u7684\u8fd0\u884c\u65e5\u5fd7\u3002
\u53c2\u7167\u4ee5\u4e0b\u6b65\u9aa4\u5220\u9664 Helm \u5e94\u7528\u3002
\u627e\u5230\u5f85\u5220\u9664\u7684 Helm \u5e94\u7528\u6240\u5728\u7684\u96c6\u7fa4\uff0c\u70b9\u51fb\u96c6\u7fa4\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\uff0c\u70b9\u51fb Helm \u5e94\u7528 \uff0c\u8fdb\u5165 Helm \u5e94\u7528\u5217\u8868\u9875\u9762\u3002
\u5728 Helm \u5e94\u7528\u5217\u8868\u9875\u9009\u62e9\u60a8\u9700\u8981\u5220\u9664\u7684 Helm \u5e94\u7528\uff0c\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507 \u64cd\u4f5c\u6309\u94ae\uff0c\u5728\u4e0b\u62c9\u9009\u62e9\u4e2d\u9009\u62e9 \u5220\u9664 \u3002
\u5728\u5f39\u7a97\u5185\u8f93\u5165 Helm \u5e94\u7528\u7684\u540d\u79f0\u8fdb\u884c\u786e\u8ba4\uff0c\u7136\u540e\u70b9\u51fb \u5220\u9664 \u6309\u94ae\u3002
Helm \u4ed3\u5e93\u662f\u7528\u6765\u5b58\u50a8\u548c\u53d1\u5e03 Chart \u7684\u5b58\u50a8\u5e93\u3002Helm \u5e94\u7528\u6a21\u5757\u652f\u6301\u901a\u8fc7 HTTP(s) \u534f\u8bae\u6765\u8bbf\u95ee\u5b58\u50a8\u5e93\u4e2d\u7684 Chart \u5305\u3002\u7cfb\u7edf\u9ed8\u8ba4\u5185\u7f6e\u4e86\u4e0b\u8868\u6240\u793a\u7684 4 \u4e2a Helm \u4ed3\u5e93\u4ee5\u6ee1\u8db3\u4f01\u4e1a\u751f\u4ea7\u8fc7\u7a0b\u4e2d\u7684\u5e38\u89c1\u9700\u6c42\u3002
\u4ed3\u5e93 \u63cf\u8ff0 \u793a\u4f8b partner \u7531\u751f\u6001\u5408\u4f5c\u4f19\u4f34\u6240\u63d0\u4f9b\u7684\u5404\u7c7b\u4f18\u8d28\u7279\u8272 Chart tidb system \u7cfb\u7edf\u6838\u5fc3\u529f\u80fd\u7ec4\u4ef6\u53ca\u90e8\u5206\u9ad8\u7ea7\u529f\u80fd\u6240\u5fc5\u9700\u4f9d\u8d56\u7684 Chart\uff0c\u5982\u5fc5\u9700\u5b89\u88c5 insight-agent \u624d\u80fd\u591f\u83b7\u53d6\u96c6\u7fa4\u7684\u76d1\u63a7\u4fe1\u606f Insight addon \u4e1a\u52a1\u573a\u666f\u4e2d\u5e38\u89c1\u7684 Chart cert-manager community Kubernetes \u793e\u533a\u8f83\u4e3a\u70ed\u95e8\u7684\u5f00\u6e90\u7ec4\u4ef6 Chart Istio\u9664\u4e0a\u8ff0\u9884\u7f6e\u4ed3\u5e93\u5916\uff0c\u60a8\u4e5f\u53ef\u4ee5\u81ea\u884c\u6dfb\u52a0\u7b2c\u4e09\u65b9 Helm \u4ed3\u5e93\u3002\u672c\u6587\u5c06\u4ecb\u7ecd\u5982\u4f55\u6dfb\u52a0\u3001\u66f4\u65b0\u7b2c\u4e09\u65b9 Helm \u4ed3\u5e93\u3002
"},{"location":"admin/kpanda/helm/helm-repo.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u5df2\u63a5\u5165 Kubernetes \u96c6\u7fa4\u6216\u8005\u5df2\u521b\u5efa Kubernetes \u96c6\u7fa4\uff0c\u4e14\u80fd\u591f\u8bbf\u95ee\u96c6\u7fa4\u7684 UI \u754c\u9762
\u5df2\u5b8c\u6210\u4e00\u4e2a\u547d\u540d\u7a7a\u95f4\u7684\u521b\u5efa\u3001\u7528\u6237\u7684\u521b\u5efa\uff0c\u5e76\u4e3a\u7528\u6237\u6388\u4e88 NS Admin \u6216\u66f4\u9ad8\u6743\u9650 \uff0c\u8be6\u60c5\u53ef\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u6388\u6743\u3002
\u5982\u679c\u4f7f\u7528\u79c1\u6709\u4ed3\u5e93\uff0c\u5f53\u524d\u64cd\u4f5c\u7528\u6237\u5e94\u62e5\u6709\u5bf9\u8be5\u79c1\u6709\u4ed3\u5e93\u7684\u8bfb\u5199\u6743\u9650\u3002
\u4e0b\u9762\u4ee5 Kubevela \u516c\u5f00\u7684\u955c\u50cf\u4ed3\u5e93\u4e3a\u4f8b\uff0c\u5f15\u5165 Helm \u4ed3\u5e93\u5e76\u7ba1\u7406\u3002
\u627e\u5230\u9700\u8981\u5f15\u5165\u7b2c\u4e09\u65b9 Helm \u4ed3\u5e93\u7684\u96c6\u7fa4\uff0c\u70b9\u51fb\u96c6\u7fa4\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\uff0c\u4f9d\u6b21\u70b9\u51fb Helm \u5e94\u7528 -> Helm \u4ed3\u5e93 \uff0c\u8fdb\u5165 Helm \u4ed3\u5e93\u9875\u9762\u3002
\u5728 Helm \u4ed3\u5e93\u9875\u9762\u70b9\u51fb \u521b\u5efa\u4ed3\u5e93 \u6309\u94ae\uff0c\u8fdb\u5165\u521b\u5efa\u4ed3\u5e93\u9875\u9762\uff0c\u6309\u7167\u4e0b\u8868\u914d\u7f6e\u76f8\u5173\u53c2\u6570\u3002
\u70b9\u51fb \u786e\u5b9a \uff0c\u5b8c\u6210 Helm \u4ed3\u5e93\u7684\u521b\u5efa\u3002\u9875\u9762\u4f1a\u81ea\u52a8\u8df3\u8f6c\u81f3 Helm \u4ed3\u5e93\u5217\u8868\u3002
\u5f53 Helm \u4ed3\u5e93\u7684\u5730\u5740\u4fe1\u606f\u53d1\u751f\u53d8\u5316\u65f6\uff0c\u53ef\u4ee5\u66f4\u65b0 Helm \u4ed3\u5e93\u7684\u5730\u5740\u3001\u8ba4\u8bc1\u65b9\u5f0f\u3001\u6807\u7b7e\u3001\u6ce8\u89e3\u53ca\u63cf\u8ff0\u4fe1\u606f\u3002
\u627e\u5230\u5f85\u66f4\u65b0\u4ed3\u5e93\u6240\u5728\u7684\u96c6\u7fa4\uff0c\u70b9\u51fb\u96c6\u7fa4\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\uff0c\u4f9d\u6b21\u70b9\u51fb Helm \u5e94\u7528 -> Helm \u4ed3\u5e93 \uff0c\u8fdb\u5165 Helm \u4ed3\u5e93\u5217\u8868\u9875\u9762\u3002
\u5728\u4ed3\u5e93\u5217\u8868\u9875\u9762\u627e\u5230\u9700\u8981\u66f4\u65b0\u7684 Helm \u4ed3\u5e93\uff0c\u5728\u5217\u8868\u53f3\u4fa7\u70b9\u51fb \u2507 \u6309\u94ae\uff0c\u5728\u5f39\u51fa\u83dc\u5355\u4e2d\u70b9\u51fb \u66f4\u65b0 \u3002
\u5728 \u7f16\u8f91 Helm \u4ed3\u5e93 \u9875\u9762\u8fdb\u884c\u66f4\u65b0\uff0c\u5b8c\u6210\u540e\u70b9\u51fb \u786e\u5b9a \u3002
\u8fd4\u56de Helm \u4ed3\u5e93\u5217\u8868\uff0c\u5c4f\u5e55\u63d0\u793a\u66f4\u65b0\u6210\u529f\u3002
\u9664\u4e86\u5f15\u5165\u3001\u66f4\u65b0\u4ed3\u5e93\u5916\uff0c\u60a8\u4e5f\u53ef\u4ee5\u5c06\u4e0d\u9700\u8981\u7684\u4ed3\u5e93\u5220\u9664\uff0c\u5305\u62ec\u7cfb\u7edf\u9884\u7f6e\u4ed3\u5e93\u548c\u7b2c\u4e09\u65b9\u4ed3\u5e93\u3002
\u627e\u5230\u5f85\u5220\u9664\u4ed3\u5e93\u6240\u5728\u7684\u96c6\u7fa4\uff0c\u70b9\u51fb\u96c6\u7fa4\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\uff0c\u4f9d\u6b21\u70b9\u51fb Helm \u5e94\u7528 -> Helm \u4ed3\u5e93 \uff0c\u8fdb\u5165 Helm \u4ed3\u5e93\u5217\u8868\u9875\u9762\u3002
\u5728\u4ed3\u5e93\u5217\u8868\u9875\u9762\u627e\u5230\u9700\u8981\u66f4\u65b0\u7684 Helm \u4ed3\u5e93\uff0c\u5728\u5217\u8868\u53f3\u4fa7\u70b9\u51fb \u2507 \u6309\u94ae\uff0c\u5728\u5f39\u51fa\u83dc\u5355\u4e2d\u70b9\u51fb \u5220\u9664 \u3002
\u8f93\u5165\u4ed3\u5e93\u540d\u79f0\u8fdb\u884c\u786e\u8ba4\uff0c\u70b9\u51fb \u5220\u9664 \u3002
\u8fd4\u56de Helm \u4ed3\u5e93\u5217\u8868\uff0c\u5c4f\u5e55\u63d0\u793a\u5220\u9664\u6210\u529f\u3002
\u901a\u5e38\u5728\u591a\u67b6\u6784\u96c6\u7fa4\u4e2d\uff0c\u4e5f\u4f1a\u4f7f\u7528\u591a\u67b6\u6784\u7684 Helm \u5305\u6765\u90e8\u7f72\u5e94\u7528\uff0c\u4ee5\u89e3\u51b3\u67b6\u6784\u5dee\u5f02\u5e26\u6765\u7684\u90e8\u7f72\u95ee\u9898\u3002 \u672c\u6587\u5c06\u4ecb\u7ecd\u5982\u4f55\u5c06\u5355\u67b6\u6784 Helm \u5e94\u7528\u878d\u5408\u4e3a\u591a\u67b6\u6784\uff0c\u4ee5\u53ca\u591a\u67b6\u6784\u4e0e\u591a\u67b6\u6784 Helm \u5e94\u7528\u7684\u76f8\u4e92\u878d\u5408\u3002
"},{"location":"admin/kpanda/helm/multi-archi-helm.html#_1","title":"\u5bfc\u5165","text":""},{"location":"admin/kpanda/helm/multi-archi-helm.html#_2","title":"\u5355\u67b6\u6784\u5bfc\u5165","text":"\u51c6\u5907\u597d\u5f85\u5bfc\u5165\u7684\u79bb\u7ebf\u5305 addon-offline-full-package-${version}-${arch}.tar.gz
\u3002 \u628a\u8def\u5f84\u586b\u5199\u81f3 clusterConfig.yml \u914d\u7f6e\u6587\u4ef6\uff0c\u4f8b\u5982\uff1a
addonPackage:\n path: \"/home/addon-offline-full-package-v0.9.0-amd64.tar.gz\"\n
\u7136\u540e\u6267\u884c\u5bfc\u5165\u547d\u4ee4\uff1a
~/dce5-installer cluster-create -c /home/dce5/sample/clusterConfig.yaml -m /home/dce5/sample/manifest.yaml -d -j13\n
"},{"location":"admin/kpanda/helm/multi-archi-helm.html#_3","title":"\u591a\u67b6\u6784\u878d\u5408","text":"\u51c6\u5907\u597d\u5f85\u878d\u5408\u7684\u79bb\u7ebf\u5305 addon-offline-full-package-${version}-${arch}.tar.gz
\u3002
\u4ee5 addon-offline-full-package-v0.9.0-arm64.tar.gz \u4e3a\u4f8b\uff0c\u6267\u884c\u5bfc\u5165\u547d\u4ee4\uff1a
~/dce5-installer import-addon -c /home/dce5/sample/clusterConfig.yaml --addon-path=/home/addon-offline-full-package-v0.9.0-arm64.tar.gz\n
"},{"location":"admin/kpanda/helm/multi-archi-helm.html#_4","title":"\u5347\u7ea7","text":""},{"location":"admin/kpanda/helm/multi-archi-helm.html#_5","title":"\u5355\u67b6\u6784\u5347\u7ea7","text":"\u51c6\u5907\u597d\u5f85\u5bfc\u5165\u7684\u79bb\u7ebf\u5305 addon-offline-full-package-${version}-${arch}.tar.gz
\u3002
\u628a\u8def\u5f84\u586b\u5199\u81f3 clusterConfig.yml \u914d\u7f6e\u6587\u4ef6\uff0c\u4f8b\u5982\uff1a
addonPackage:\n path: \"/home/addon-offline-full-package-v0.11.0-amd64.tar.gz\"\n
\u7136\u540e\u6267\u884c\u5bfc\u5165\u547d\u4ee4\uff1a
~/dce5-installer cluster-create -c /home/dce5/sample/clusterConfig.yaml -m /home/dce5/sample/manifest.yaml -d -j13\n
"},{"location":"admin/kpanda/helm/multi-archi-helm.html#_6","title":"\u591a\u67b6\u6784\u878d\u5408","text":"\u51c6\u5907\u597d\u5f85\u878d\u5408\u7684\u79bb\u7ebf\u5305 addon-offline-full-package-${version}-${arch}.tar.gz
\u3002
\u4ee5 addon-offline-full-package-v0.11.0-arm64.tar.gz \u4e3a\u4f8b\uff0c\u6267\u884c\u5bfc\u5165\u547d\u4ee4\uff1a
~/dce5-installer import-addon -c /home/dce5/sample/clusterConfig.yaml --addon-path=/home/addon-offline-full-package-v0.11.0-arm64.tar.gz\n
"},{"location":"admin/kpanda/helm/multi-archi-helm.html#_7","title":"\u6ce8\u610f\u4e8b\u9879","text":""},{"location":"admin/kpanda/helm/multi-archi-helm.html#_8","title":"\u78c1\u76d8\u7a7a\u95f4","text":"\u79bb\u7ebf\u5305\u6bd4\u8f83\u5927\uff0c\u4e14\u8fc7\u7a0b\u4e2d\u9700\u8981\u89e3\u538b\u548c load \u955c\u50cf\uff0c\u9700\u8981\u9884\u7559\u5145\u8db3\u7684\u7a7a\u95f4\uff0c\u5426\u5219\u53ef\u80fd\u5728\u8fc7\u7a0b\u4e2d\u62a5 \u201cno space left\u201d \u800c\u4e2d\u65ad\u3002
"},{"location":"admin/kpanda/helm/multi-archi-helm.html#_9","title":"\u5931\u8d25\u540e\u91cd\u8bd5","text":"\u5982\u679c\u5728\u591a\u67b6\u6784\u878d\u5408\u6b65\u9aa4\u6267\u884c\u5931\u8d25\uff0c\u91cd\u8bd5\u524d\u9700\u8981\u6e05\u7406\u4e00\u4e0b\u6b8b\u7559\uff1a
rm -rf addon-offline-target-package\n
"},{"location":"admin/kpanda/helm/multi-archi-helm.html#_10","title":"\u955c\u50cf\u7a7a\u95f4","text":"\u5982\u679c\u878d\u5408\u7684\u79bb\u7ebf\u5305\u4e2d\u5305\u542b\u4e86\u4e0e\u5bfc\u5165\u7684\u79bb\u7ebf\u5305\u4e0d\u4e00\u81f4\u7684\u955c\u50cf\u7a7a\u95f4\uff0c\u53ef\u80fd\u4f1a\u5728\u878d\u5408\u8fc7\u7a0b\u4e2d\u56e0\u4e3a\u955c\u50cf\u7a7a\u95f4\u4e0d\u5b58\u5728\u800c\u62a5\u9519\uff1a
\u89e3\u51b3\u529e\u6cd5\uff1a\u53ea\u9700\u8981\u5728\u878d\u5408\u4e4b\u524d\u521b\u5efa\u597d\u8be5\u955c\u50cf\u7a7a\u95f4\u5373\u53ef\uff0c\u4f8b\u5982\u4e0a\u56fe\u62a5\u9519\u53ef\u901a\u8fc7\u521b\u5efa\u955c\u50cf\u7a7a\u95f4 localhost \u63d0\u524d\u907f\u514d\u3002
"},{"location":"admin/kpanda/helm/multi-archi-helm.html#_11","title":"\u67b6\u6784\u51b2\u7a81","text":"\u5347\u7ea7\u81f3\u4f4e\u4e8e 0.12.0 \u7248\u672c\u7684 addon \u65f6\uff0c\u7531\u4e8e\u76ee\u6807\u79bb\u7ebf\u5305\u91cc\u7684 charts-syncer \u6ca1\u6709\u68c0\u67e5\u955c\u50cf\u5b58\u5728\u5219\u4e0d\u63a8\u9001\u529f\u80fd\uff0c\u56e0\u6b64\u4f1a\u5728\u5347\u7ea7\u7684\u8fc7\u7a0b\u4e2d\u4f1a\u91cd\u65b0\u628a\u591a\u67b6\u6784\u51b2\u6210\u5355\u67b6\u6784\u3002 \u4f8b\u5982\uff1a\u5728 v0.10 \u7248\u672c\u5c06 addon \u5b9e\u73b0\u4e3a\u591a\u67b6\u6784\uff0c\u6b64\u65f6\u82e5\u5347\u7ea7\u4e3a v0.11 \u7248\u672c\uff0c\u5219\u591a\u67b6\u6784 addon \u4f1a\u88ab\u8986\u76d6\u4e3a\u5355\u67b6\u6784\uff1b\u82e5\u5347\u7ea7\u4e3a 0.12.0 \u53ca\u4ee5\u4e0a\u7248\u672c\u5219\u4ecd\u80fd\u591f\u4fdd\u6301\u591a\u67b6\u6784\u3002
"},{"location":"admin/kpanda/helm/upload-helm.html","title":"\u4e0a\u4f20 Helm \u6a21\u677f","text":"\u672c\u6587\u4ecb\u7ecd\u5982\u4f55\u4e0a\u4f20 Helm \u6a21\u677f\uff0c\u64cd\u4f5c\u6b65\u9aa4\u89c1\u4e0b\u6587\u3002
\u5f15\u5165 Helm \u4ed3\u5e93\uff0c\u64cd\u4f5c\u6b65\u9aa4\u53c2\u8003\u5f15\u5165\u7b2c\u4e09\u65b9 Helm \u4ed3\u5e93\u3002
\u4e0a\u4f20 Helm Chart \u5230 Helm \u4ed3\u5e93\u3002
\u5ba2\u6237\u7aef\u4e0a\u4f20\u9875\u9762\u4e0a\u4f20Note
\u6b64\u65b9\u5f0f\u9002\u7528\u4e8e Harbor\u3001ChartMuseum\u3001JFrog \u7c7b\u578b\u4ed3\u5e93\u3002
\u767b\u5f55\u4e00\u4e2a\u53ef\u4ee5\u8bbf\u95ee\u5230 Helm \u4ed3\u5e93\u7684\u8282\u70b9\uff0c\u5c06 Helm \u4e8c\u8fdb\u5236\u6587\u4ef6\u4e0a\u4f20\u5230\u8282\u70b9\uff0c\u5e76\u5b89\u88c5 cm-push \u63d2\u4ef6\uff08\u9700\u8981\u8fde\u901a\u5916\u7f51\u5e76\u63d0\u524d\u5b89\u88c5 Git\uff09\u3002
\u5b89\u88c5\u63d2\u4ef6\u6d41\u7a0b\u53c2\u8003\u5b89\u88c5 cm-push \u63d2\u4ef6\u3002
\u63a8\u9001 Helm Chart \u5230 Helm \u4ed3\u5e93\uff0c\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff1b
helm cm-push ${charts-dir} ${HELM_REPO_URL} --username ${username} --password ${password}\n
\u5b57\u6bb5\u8bf4\u660e\uff1a
charts-dir
\uff1aHelm Chart \u7684\u76ee\u5f55\uff0c\u6216\u8005\u662f\u6253\u5305\u597d\u7684 Chart\uff08\u5373 .tgz \u6587\u4ef6\uff09\u3002HELM_REPO_URL
\uff1aHelm \u4ed3\u5e93\u7684 URL\u3002username
/password
\uff1a\u6709\u63a8\u9001\u6743\u9650\u7684 Helm \u4ed3\u5e93\u7528\u6237\u540d\u548c\u5bc6\u7801\u3002--insecure
Note
\u6b64\u65b9\u5f0f\u4ec5\u9002\u7528\u4e8e Harbor \u7c7b\u578b\u4ed3\u5e93\u3002
\u767b\u5f55\u7f51\u9875 Harbor \u4ed3\u5e93\uff0c\u8bf7\u786e\u4fdd\u767b\u5f55\u7528\u6237\u6709\u63a8\u9001\u6743\u9650\uff1b
\u8fdb\u5165\u5230\u5bf9\u5e94\u9879\u76ee\uff0c\u9009\u62e9 Helm Charts \u9875\u7b7e\uff0c\u70b9\u51fb\u9875\u9762 \u4e0a\u4f20 \u6309\u94ae\uff0c\u5b8c\u6210 Helm Chart \u4e0a\u4f20\u3002
\u540c\u6b65\u8fdc\u7aef\u4ed3\u5e93\u6570\u636e
\u624b\u52a8\u540c\u6b65\u81ea\u52a8\u540c\u6b65\u9ed8\u8ba4\u96c6\u7fa4\u672a\u5f00\u542f Helm \u4ed3\u5e93\u81ea\u52a8\u5237\u65b0 \uff0c\u9700\u8981\u6267\u884c\u624b\u52a8\u540c\u6b65\u64cd\u4f5c\uff0c\u5927\u81f4\u6b65\u9aa4\u4e3a\uff1a
\u8fdb\u5165 Helm \u5e94\u7528 -> Helm \u4ed3\u5e93 \uff0c\u70b9\u51fb\u4ed3\u5e93\u5217\u8868\u53f3\u4fa7\u7684 \u2507 \u6309\u94ae\uff0c\u9009\u62e9 \u540c\u6b65\u4ed3\u5e93 \uff0c\u5b8c\u6210\u4ed3\u5e93\u6570\u636e\u540c\u6b65\u3002
\u5982\u9700\u5f00\u542f Helm \u4ed3\u5e93\u81ea\u52a8\u540c\u6b65\u529f\u80fd\uff0c\u53ef\u8fdb\u5165 \u96c6\u7fa4\u8fd0\u7ef4 -> \u96c6\u7fa4\u8bbe\u7f6e -> \u9ad8\u7ea7\u914d\u7f6e \uff0c\u5f00\u542f Helm \u4ed3\u5e93\u81ea\u52a8\u5237\u65b0\u5f00\u5173\u3002
\u96c6\u7fa4\u5de1\u68c0\u53ef\u4ee5\u901a\u8fc7\u81ea\u52a8\u6216\u624b\u52a8\u65b9\u5f0f\uff0c\u5b9a\u671f\u6216\u968f\u65f6\u68c0\u67e5\u96c6\u7fa4\u7684\u6574\u4f53\u5065\u5eb7\u72b6\u6001\uff0c\u8ba9\u7ba1\u7406\u5458\u83b7\u5f97\u4fdd\u969c\u96c6\u7fa4\u5b89\u5168\u7684\u4e3b\u52a8\u6743\u3002 \u57fa\u4e8e\u5408\u7406\u7684\u5de1\u68c0\u8ba1\u5212\uff0c\u8fd9\u79cd\u4e3b\u52a8\u81ea\u53d1\u7684\u96c6\u7fa4\u68c0\u67e5\u53ef\u4ee5\u8ba9\u7ba1\u7406\u5458\u968f\u65f6\u638c\u63e1\u96c6\u7fa4\u72b6\u6001\uff0c\u6446\u8131\u4e4b\u524d\u51fa\u73b0\u6545\u969c\u65f6\u53ea\u80fd\u88ab\u52a8\u6392\u67e5\u95ee\u9898\u7684\u56f0\u5883\uff0c\u505a\u5230\u4e8b\u5148\u76d1\u63a7\u3001\u63d0\u524d\u9632\u8303\u3002
\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u63d0\u4f9b\u7684\u96c6\u7fa4\u5de1\u68c0\u529f\u80fd\uff0c\u652f\u6301\u4ece\u96c6\u7fa4\u3001\u8282\u70b9\u3001\u5bb9\u5668\u7ec4\uff08Pod\uff09\u4e09\u4e2a\u7ef4\u5ea6\u8fdb\u884c\u81ea\u5b9a\u4e49\u5de1\u68c0\u9879\uff0c\u5de1\u68c0\u7ed3\u675f\u540e\u4f1a\u81ea\u52a8\u751f\u6210\u53ef\u89c6\u5316\u7684\u5de1\u68c0\u62a5\u544a\u3002
\u5982\u9700\u4e86\u89e3\u6216\u6267\u884c\u5b89\u5168\u65b9\u9762\u7684\u5de1\u68c0\uff0c\u53ef\u53c2\u8003\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u652f\u6301\u7684\u5b89\u5168\u626b\u63cf\u7c7b\u578b\u3002
"},{"location":"admin/kpanda/inspect/config.html","title":"\u521b\u5efa\u5de1\u68c0\u914d\u7f6e","text":"\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u63d0\u4f9b\u96c6\u7fa4\u5de1\u68c0\u529f\u80fd\uff0c\u652f\u6301\u4ece\u96c6\u7fa4\u7ef4\u5ea6\u3001\u8282\u70b9\u7ef4\u5ea6\u3001\u5bb9\u5668\u7ec4\u7ef4\u5ea6\u8fdb\u884c\u5de1\u68c0\u3002
\u4e0b\u9762\u4ecb\u7ecd\u5982\u4f55\u521b\u5efa\u5de1\u68c0\u914d\u7f6e\u3002
"},{"location":"admin/kpanda/inspect/config.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u96c6\u7fa4\u5de1\u68c0 \u3002
\u5728\u9875\u9762\u53f3\u4fa7\u70b9\u51fb \u5de1\u68c0\u914d\u7f6e \u3002
\u53c2\u8003\u4ee5\u4e0b\u8bf4\u660e\u586b\u5199\u5de1\u68c0\u914d\u7f6e\uff0c\u7136\u540e\u5728\u9875\u9762\u5e95\u90e8\u70b9\u51fb \u786e\u5b9a \u5373\u53ef\u3002
\u53c2\u6570\u914d\u7f6e\uff1a\u53c2\u6570\u914d\u7f6e\u5206\u4e3a\u96c6\u7fa4\u7ef4\u5ea6\u3001\u8282\u70b9\u7ef4\u5ea6\u3001\u5bb9\u5668\u7ec4\u7ef4\u5ea6\u4e09\u90e8\u5206\uff0c\u53ef\u4ee5\u6839\u636e\u573a\u666f\u9700\u6c42\u542f\u7528\u6216\u7981\u7528\u67d0\u4e9b\u5de1\u68c0\u9879\u3002
\u5de1\u68c0\u914d\u7f6e\u521b\u5efa\u5b8c\u6210\u540e\uff0c\u4f1a\u81ea\u52a8\u663e\u793a\u5728\u5de1\u68c0\u914d\u7f6e\u5217\u8868\u4e2d\u3002\u5728\u914d\u7f6e\u53f3\u4fa7\u70b9\u51fb\u66f4\u591a\u64cd\u4f5c\u6309\u94ae\u53ef\u4ee5\u7acb\u5373\u6267\u884c\u5de1\u68c0\u3001\u4fee\u6539\u5de1\u68c0\u914d\u7f6e\u3001\u5220\u9664\u5de1\u68c0\u914d\u7f6e\u548c\u5de1\u68c0\u8bb0\u5f55\u3002
\u70b9\u51fb \u5220\u9664 \u53ef\u4ee5\u5220\u9664\u8be5\u5de1\u68c0\u914d\u7f6e\u548c\u5386\u53f2\u7684\u5de1\u68c0\u8bb0\u5f55
Note
\u5de1\u68c0\u914d\u7f6e\u521b\u5efa\u5b8c\u6210\u540e\uff0c\u5982\u679c\u542f\u7528\u4e86 \u5b9a\u65f6\u5de1\u68c0 \u914d\u7f6e\uff0c\u5219\u4f1a\u5728\u6307\u5b9a\u65f6\u95f4\u81ea\u52a8\u6267\u884c\u5de1\u68c0\u3002\u5982\u672a\u542f\u7528 \u5b9a\u65f6\u5de1\u68c0 \u914d\u7f6e\uff0c\u5219\u9700\u8981\u624b\u52a8\u89e6\u53d1\u5de1\u68c0\u3002
\u6b64\u9875\u4ecb\u7ecd\u5982\u4f55\u624b\u52a8\u6267\u884c\u96c6\u7fa4\u5de1\u68c0\u3002
"},{"location":"admin/kpanda/inspect/inspect.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u6267\u884c\u5de1\u68c0\u65f6\uff0c\u652f\u6301\u52fe\u9009\u591a\u4e2a\u96c6\u7fa4\u8fdb\u884c\u6279\u91cf\u5de1\u68c0\uff0c\u6216\u8005\u4ec5\u5bf9\u67d0\u4e00\u4e2a\u96c6\u7fa4\u8fdb\u884c\u5355\u72ec\u5de1\u68c0\u3002
\u6279\u91cf\u5de1\u68c0\u5355\u72ec\u5de1\u68c0\u5728\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u7684\u4e00\u7ea7\u5bfc\u822a\u680f\u70b9\u51fb \u96c6\u7fa4\u5de1\u68c0 \uff0c\u7136\u540e\u5728\u9875\u9762\u53f3\u4fa7\u70b9\u51fb \u5de1\u68c0 \u3002
\u52fe\u9009\u9700\u8981\u5de1\u68c0\u7684\u96c6\u7fa4\uff0c\u7136\u540e\u5728\u9875\u9762\u5e95\u90e8\u70b9\u51fb \u786e\u5b9a \u5373\u53ef\u3002
\u5982\u672a\u8bbe\u7f6e\u96c6\u7fa4\u5de1\u68c0\u914d\u7f6e\uff0c\u5c06\u4f7f\u7528\u7cfb\u7edf\u9ed8\u8ba4\u914d\u7f6e\u3002
\u5728\u5bf9\u5e94\u5de1\u68c0\u914d\u7f6e\u7684\u53f3\u4fa7\u70b9\u51fb \u2507 \u66f4\u591a\u64cd\u4f5c\u6309\u94ae\uff0c\u7136\u540e\u5728\u5f39\u51fa\u7684\u83dc\u5355\u4e2d\u9009\u62e9 \u5de1\u68c0 \u5373\u53ef\u3002
\u5de1\u68c0\u6267\u884c\u5b8c\u6210\u540e\uff0c\u53ef\u4ee5\u67e5\u770b\u5de1\u68c0\u8bb0\u5f55\u548c\u8be6\u7ec6\u7684\u5de1\u68c0\u62a5\u544a\u3002
"},{"location":"admin/kpanda/inspect/report.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u8fdb\u5165\u96c6\u7fa4\u5de1\u68c0\u9875\u9762\uff0c\u70b9\u51fb\u76ee\u6807\u5de1\u68c0\u96c6\u7fa4\u7684\u540d\u79f0\u3002
\u70b9\u51fb\u60f3\u8981\u67e5\u770b\u7684\u5de1\u68c0\u8bb0\u5f55\u540d\u79f0\u3002
\u67e5\u770b\u5de1\u68c0\u7684\u8be6\u7ec6\u4fe1\u606f\uff0c\u6839\u636e\u5de1\u68c0\u914d\u7f6e\u53ef\u80fd\u5305\u62ec\u96c6\u7fa4\u8d44\u6e90\u6982\u89c8\u3001\u7cfb\u7edf\u7ec4\u4ef6\u7684\u8fd0\u884c\u60c5\u51b5\u7b49\u3002
\u5728\u9875\u9762\u53f3\u4e0a\u89d2\u53ef\u4ee5\u4e0b\u8f7d\u5de1\u68c0\u62a5\u544a\u6216\u5220\u9664\u8be5\u9879\u5de1\u68c0\u62a5\u544a\u3002
\u547d\u540d\u7a7a\u95f4\u662f Kubernetes \u4e2d\u7528\u6765\u8fdb\u884c\u8d44\u6e90\u9694\u79bb\u7684\u4e00\u79cd\u62bd\u8c61\u3002\u4e00\u4e2a\u96c6\u7fa4\u4e0b\u53ef\u4ee5\u5305\u542b\u591a\u4e2a\u4e0d\u91cd\u540d\u7684\u547d\u540d\u7a7a\u95f4\uff0c\u6bcf\u4e2a\u547d\u540d\u7a7a\u95f4\u4e2d\u7684\u8d44\u6e90\u76f8\u4e92\u9694\u79bb\u3002\u6709\u5173\u547d\u540d\u7a7a\u95f4\u7684\u8be6\u7ec6\u4ecb\u7ecd\uff0c\u53ef\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u3002
\u672c\u6587\u5c06\u4ecb\u7ecd\u547d\u540d\u7a7a\u95f4\u7684\u76f8\u5173\u64cd\u4f5c\u3002
"},{"location":"admin/kpanda/namespaces/createns.html#_2","title":"\u521b\u5efa\u547d\u540d\u7a7a\u95f4","text":"\u652f\u6301\u901a\u8fc7\u8868\u5355\u8f7b\u677e\u521b\u5efa\u547d\u540d\u7a7a\u95f4\uff0c\u4e5f\u652f\u6301\u901a\u8fc7\u7f16\u5199\u6216\u5bfc\u5165 YAML \u6587\u4ef6\u5feb\u901f\u521b\u5efa\u547d\u540d\u7a7a\u95f4\u3002
Note
\u5728 \u96c6\u7fa4\u5217\u8868 \u9875\u9762\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u547d\u540d\u7a7a\u95f4 \uff0c\u7136\u540e\u70b9\u51fb\u9875\u9762\u53f3\u4fa7\u7684 \u521b\u5efa \u6309\u94ae\u3002
\u586b\u5199\u547d\u540d\u7a7a\u95f4\u7684\u540d\u79f0\uff0c\u914d\u7f6e\u5de5\u4f5c\u7a7a\u95f4\u548c\u6807\u7b7e\uff08\u53ef\u9009\u8bbe\u7f6e\uff09\uff0c\u7136\u540e\u70b9\u51fb \u786e\u5b9a \u3002
Info
\u547d\u540d\u7a7a\u95f4\u7ed1\u5b9a\u5de5\u4f5c\u7a7a\u95f4\u4e4b\u540e\uff0c\u8be5\u547d\u540d\u7a7a\u95f4\u7684\u8d44\u6e90\u5c31\u4f1a\u5171\u4eab\u7ed9\u6240\u7ed1\u5b9a\u7684\u5de5\u4f5c\u7a7a\u95f4\u3002\u6709\u5173\u5de5\u4f5c\u7a7a\u95f4\u7684\u8be6\u7ec6\u8bf4\u660e\uff0c\u53ef\u53c2\u8003\u5de5\u4f5c\u7a7a\u95f4\u4e0e\u5c42\u7ea7\u3002
\u547d\u540d\u7a7a\u95f4\u521b\u5efa\u5b8c\u6210\u540e\uff0c\u4ecd\u7136\u53ef\u4ee5\u7ed1\u5b9a/\u89e3\u7ed1\u5de5\u4f5c\u7a7a\u95f4\u3002
\u70b9\u51fb \u786e\u5b9a \uff0c\u5b8c\u6210\u547d\u540d\u7a7a\u95f4\u7684\u521b\u5efa\u3002\u5728\u547d\u540d\u7a7a\u95f4\u5217\u8868\u53f3\u4fa7\uff0c\u70b9\u51fb \u2507 \uff0c\u53ef\u4ee5\u4ece\u5f39\u51fa\u83dc\u5355\u4e2d\u9009\u62e9\u67e5\u770b YAML\u3001\u4fee\u6539\u6807\u7b7e\u3001\u7ed1\u5b9a/\u89e3\u7ed1\u5de5\u4f5c\u7a7a\u95f4\u3001\u914d\u989d\u7ba1\u7406\u3001\u5220\u9664\u7b49\u66f4\u591a\u64cd\u4f5c\u3002
\u5728 \u96c6\u7fa4\u5217\u8868 \u9875\u9762\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u547d\u540d\u7a7a\u95f4 \uff0c\u7136\u540e\u70b9\u51fb\u9875\u9762\u53f3\u4fa7\u7684 YAML \u521b\u5efa \u6309\u94ae\u3002
\u8f93\u5165\u6216\u7c98\u8d34\u4e8b\u5148\u51c6\u5907\u597d\u7684 YAML \u5185\u5bb9\uff0c\u6216\u8005\u4ece\u672c\u5730\u76f4\u63a5\u5bfc\u5165\u5df2\u6709\u7684 YAML \u6587\u4ef6\u3002
\u8f93\u5165 YAML \u5185\u5bb9\u540e\uff0c\u70b9\u51fb \u4e0b\u8f7d \u53ef\u4ee5\u5c06\u8be5 YAML \u6587\u4ef6\u4fdd\u5b58\u5230\u672c\u5730\u3002
\u6700\u540e\u5728\u5f39\u6846\u53f3\u4e0b\u89d2\u70b9\u51fb \u786e\u5b9a \u5373\u53ef\u3002
\u547d\u540d\u7a7a\u95f4\u72ec\u4eab\u8282\u70b9\u6307\u5728 kubernetes \u96c6\u7fa4\u4e2d\uff0c\u901a\u8fc7\u6c61\u70b9\u548c\u6c61\u70b9\u5bb9\u5fcd\u7684\u65b9\u5f0f\u5b9e\u73b0\u7279\u5b9a\u547d\u540d\u7a7a\u95f4\u5bf9\u4e00\u4e2a\u6216\u591a\u4e2a\u8282\u70b9 CPU\u3001\u5185\u5b58\u7b49\u8d44\u6e90\u7684\u72ec\u4eab\u3002\u4e3a\u7279\u5b9a\u547d\u540d\u7a7a\u95f4\u914d\u7f6e\u72ec\u4eab\u8282\u70b9\u540e\uff0c\u5176\u5b83\u975e\u6b64\u547d\u540d\u7a7a\u95f4\u7684\u5e94\u7528\u548c\u670d\u52a1\u5747\u4e0d\u80fd\u8fd0\u884c\u5728\u88ab\u72ec\u4eab\u7684\u8282\u70b9\u4e0a\u3002\u4f7f\u7528\u72ec\u4eab\u8282\u70b9\u53ef\u4ee5\u8ba9\u91cd\u8981\u5e94\u7528\u72ec\u4eab\u4e00\u90e8\u5206\u8ba1\u7b97\u8d44\u6e90\uff0c\u4ece\u800c\u548c\u5176\u4ed6\u5e94\u7528\u5b9e\u73b0\u7269\u7406\u9694\u79bb\u3002
Note
\u5728\u8282\u70b9\u88ab\u8bbe\u7f6e\u4e3a\u72ec\u4eab\u8282\u70b9\u524d\u5df2\u7ecf\u8fd0\u884c\u5728\u6b64\u8282\u70b9\u4e0a\u7684\u5e94\u7528\u548c\u670d\u52a1\u5c06\u4e0d\u4f1a\u53d7\u5f71\u54cd\uff0c\u4f9d\u7136\u4f1a\u6b63\u5e38\u8fd0\u884c\u5728\u8be5\u8282\u70b9\u4e0a\uff0c\u4ec5\u5f53\u8fd9\u4e9b Pod \u88ab\u5220\u9664\u6216\u91cd\u5efa\u65f6\uff0c\u624d\u4f1a\u8c03\u5ea6\u5230\u5176\u5b83\u975e\u72ec\u4eab\u8282\u70b9\u4e0a\u3002
"},{"location":"admin/kpanda/namespaces/exclusive.html#_2","title":"\u51c6\u5907\u5de5\u4f5c","text":"\u68c0\u67e5\u5f53\u524d\u96c6\u7fa4\u7684 kube-apiserver \u662f\u5426\u542f\u7528\u4e86 PodNodeSelector \u548c PodTolerationRestriction \u51c6\u5165\u63a7\u5236\u5668\u3002
\u4f7f\u7528\u547d\u540d\u7a7a\u95f4\u72ec\u4eab\u8282\u70b9\u529f\u80fd\u9700\u8981\u7528\u6237\u542f\u7528 kube-apiserver \u4e0a\u7684 PodNodeSelector \u548c PodTolerationRestriction \u4e24\u4e2a\u7279\u6027\u51c6\u5165\u63a7\u5236\u5668\uff08Admission Controllers\uff09\uff0c\u5173\u4e8e\u51c6\u5165\u63a7\u5236\u5668\u66f4\u591a\u8bf4\u660e\u8bf7\u53c2\u9605 kubernetes Admission Controllers Reference\u3002
\u60a8\u53ef\u4ee5\u524d\u5f80\u5f53\u524d\u96c6\u7fa4\u4e0b\u4efb\u610f\u4e00\u4e2a Master \u8282\u70b9\u4e0a\u68c0\u67e5 kube-apiserver.yaml \u6587\u4ef6\u5185\u662f\u5426\u542f\u7528\u4e86\u8fd9\u4e24\u4e2a\u7279\u6027\uff0c\u4e5f\u53ef\u4ee5\u5728 Master \u8282\u70b9\u4e0a\u6267\u884c\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u5feb\u901f\u68c0\u67e5\uff1a
```bash\n[root@g-master1 ~]# cat /etc/kubernetes/manifests/kube-apiserver.yaml | grep enable-admission-plugins\n\n# \u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a\n- --enable-admission-plugins=NodeRestriction,PodNodeSelector,PodTolerationRestriction\n```\n
"},{"location":"admin/kpanda/namespaces/exclusive.html#_3","title":"\u5728\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4e0a\u542f\u7528\u547d\u540d\u7a7a\u95f4\u72ec\u4eab\u8282\u70b9","text":"\u7531\u4e8e\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4e0a\u8fd0\u884c\u7740 kpanda\u3001ghippo\u3001insight \u7b49\u5e73\u53f0\u57fa\u7840\u7ec4\u4ef6\uff0c\u5728 Global \u542f\u7528\u547d\u540d\u7a7a\u95f4\u72ec\u4eab\u8282\u70b9\u5c06\u53ef\u80fd\u5bfc\u81f4\u5f53\u7cfb\u7edf\u7ec4\u4ef6\u91cd\u542f\u540e\uff0c\u7cfb\u7edf\u7ec4\u4ef6\u65e0\u6cd5\u8c03\u5ea6\u5230\u88ab\u72ec\u4eab\u7684\u8282\u70b9\u4e0a\uff0c\u5f71\u54cd\u7cfb\u7edf\u7684\u6574\u4f53\u9ad8\u53ef\u7528\u80fd\u529b\u3002\u56e0\u6b64\uff0c\u901a\u5e38\u60c5\u51b5\u4e0b\uff0c\u6211\u4eec\u4e0d\u63a8\u8350\u7528\u6237\u5728\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4e0a\u542f\u7528\u547d\u540d\u7a7a\u95f4\u72ec\u4eab\u8282\u70b9\u7279\u6027\u3002
\u5982\u679c\u60a8\u786e\u5b9e\u9700\u8981\u5728\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4e0a\u542f\u7528\u547d\u540d\u7a7a\u95f4\u72ec\u4eab\u8282\u70b9\uff0c\u8bf7\u53c2\u8003\u4ee5\u4e0b\u6b65\u9aa4\u8fdb\u884c\u5f00\u542f\uff1a
\u4e3a\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u7684 kube-apiserver \u542f\u7528\u4e86 PodNodeSelector \u548c PodTolerationRestriction \u51c6\u5165\u63a7\u5236\u5668
Note
\u5982\u679c\u96c6\u7fa4\u5df2\u542f\u7528\u4e86\u4e0a\u8ff0\u7684\u4e24\u4e2a\u51c6\u5165\u63a7\u5236\u5668\uff0c\u8bf7\u8df3\u8fc7\u6b64\u6b65\uff0c\u76f4\u63a5\u524d\u5f80\u914d\u7f6e\u7cfb\u7edf\u7ec4\u4ef6\u5bb9\u5fcd\u3002
\u524d\u5f80\u5f53\u524d\u96c6\u7fa4\u4e0b\u4efb\u610f\u4e00\u4e2a Master \u8282\u70b9\u4e0a\u4fee\u6539 kube-apiserver.yaml \u914d\u7f6e\u6587\u4ef6\uff0c\u4e5f\u53ef\u4ee5\u5728 Master \u8282\u70b9\u4e0a\u6267\u884c\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u914d\u7f6e\uff1a
[root@g-master1 ~]# vi /etc/kubernetes/manifests/kube-apiserver.yaml\n\n# \u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a\napiVersion: v1\nkind: Pod\nmetadata:\n ......\nspec:\ncontainers:\n- command:\n - kube-apiserver\n ......\n - --default-not-ready-toleration-seconds=300\n - --default-unreachable-toleration-seconds=300\n - --enable-admission-plugins=NodeRestriction #\u542f\u7528\u7684\u51c6\u5165\u63a7\u5236\u5668\u5217\u8868\n - --enable-aggregator-routing=False\n - --enable-bootstrap-token-auth=true\n - --endpoint-reconciler-type=lease\n - --etcd-cafile=/etc/kubernetes/ssl/etcd/ca.crt\n ......\n
\u627e\u5230 --enable-admission-plugins \u53c2\u6570\uff0c\u52a0\u5165\uff08\u4ee5\u82f1\u6587\u9017\u53f7\u5206\u9694\u7684\uff09 PodNodeSelector \u548c PodTolerationRestriction \u51c6\u5165\u63a7\u5236\u5668\u3002\u53c2\u8003\u5982\u4e0b\uff1a
# \u52a0\u5165 __ ,PodNodeSelector,PodTolerationRestriction__ \n- --enable-admission-plugins=NodeRestriction,PodNodeSelector,PodTolerationRestriction \n
\u4e3a\u5e73\u53f0\u7ec4\u4ef6\u6240\u5728\u7684\u547d\u540d\u7a7a\u95f4\u6dfb\u52a0\u5bb9\u5fcd\u6ce8\u89e3
\u5b8c\u6210\u51c6\u5165\u63a7\u5236\u5668\u7684\u5f00\u542f\u540e\uff0c\u60a8\u9700\u8981\u4e3a\u5e73\u53f0\u7ec4\u4ef6\u6240\u5728\u7684\u547d\u540d\u7a7a\u95f4\u6dfb\u52a0\u5bb9\u5fcd\u6ce8\u89e3\uff0c\u4ee5\u4fdd\u8bc1\u5e73\u53f0\u7ec4\u4ef6\u7684\u9ad8\u53ef\u7528\u3002
\u76ee\u524d\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u7684\u7cfb\u7edf\u7ec4\u4ef6\u547d\u540d\u7a7a\u95f4\u5982\u4e0b\u8868\uff1a
\u547d\u540d\u7a7a\u95f4 \u6240\u5305\u542b\u7684\u7cfb\u7edf\u7ec4\u4ef6 kpanda-system kpanda hwameiStor-system hwameiStor istio-system istio metallb-system metallb cert-manager-system cert-manager contour-system contour kubean-system kubean ghippo-system ghippo kcoral-system kcoral kcollie-system kcollie insight-system insight\u3001insight-agent: ipavo-system ipavo kairship-system kairship karmada-system karmada amamba-system amamba\u3001jenkins skoala-system skoala mspider-system mspider mcamel-system mcamel-rabbitmq\u3001mcamel-elasticsearch\u3001mcamel-mysql\u3001mcamel-redis\u3001mcamel-kafka\u3001mcamel-minio\u3001mcamel-postgresql spidernet-system spidernet kangaroo-system kangaroo gmagpie-system gmagpie dowl-system dowl\u68c0\u67e5\u5f53\u524d\u96c6\u7fa4\u4e2d\u6240\u6709\u547d\u540d\u7a7a\u95f4\u662f\u5426\u5b58\u5728\u4e0a\u8ff0\u7684\u547d\u540d\u7a7a\u95f4\uff0c\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5206\u522b\u4e3a\u6bcf\u4e2a\u547d\u540d\u7a7a\u95f4\u6dfb\u52a0\u6ce8\u89e3\uff1a scheduler.alpha.kubernetes.io/defaultTolerations: '[{\"operator\": \"Exists\", \"effect\": \"NoSchedule\", \"key\": \"ExclusiveNamespace\"}]'
\u3002
kubectl annotate ns <namespace-name> scheduler.alpha.kubernetes.io/defaultTolerations: '[{\"operator\": \"Exists\", \"effect\": \n\"NoSchedule\", \"key\": \"ExclusiveNamespace\"}]'\n
\u8bf7\u786e\u4fdd\u5c06 <namespace-name>
\u66ff\u6362\u4e3a\u8981\u6dfb\u52a0\u6ce8\u89e3\u7684\u5e73\u53f0\u547d\u540d\u7a7a\u95f4\u540d\u79f0\u3002 \u4f7f\u7528\u754c\u9762\u4e3a\u547d\u540d\u7a7a\u95f4\u8bbe\u7f6e\u72ec\u4eab\u8282\u70b9
\u5f53\u60a8\u786e\u8ba4\u96c6\u7fa4 API \u670d\u52a1\u5668\u4e0a\u7684 PodNodeSelector \u548c PodTolerationRestriction \u4e24\u4e2a\u7279\u6027\u51c6\u5165\u63a7\u5236\u5668\u5df2\u7ecf\u5f00\u542f\u540e\uff0c\u8bf7\u53c2\u8003\u5982\u4e0b\u6b65\u9aa4\u4f7f\u7528\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u7684 UI \u7ba1\u7406\u754c\u9762\u4e3a\u547d\u540d\u7a7a\u95f4\u8bbe\u7f6e\u72ec\u4eab\u8282\u70b9\u4e86\u3002
\u5728\u96c6\u7fa4\u5217\u8868\u9875\u9762\u70b9\u51fb\u96c6\u7fa4\u540d\u79f0\uff0c\u7136\u540e\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u547d\u540d\u7a7a\u95f4 \u3002
\u70b9\u51fb\u547d\u540d\u7a7a\u95f4\u540d\u79f0\uff0c\u7136\u540e\u70b9\u51fb \u72ec\u4eab\u8282\u70b9 \u9875\u7b7e\uff0c\u5728\u4e0b\u65b9\u53f3\u4fa7\u70b9\u51fb \u6dfb\u52a0\u8282\u70b9 \u3002
\u5728\u9875\u9762\u5de6\u4fa7\u9009\u62e9\u8ba9\u8be5\u547d\u540d\u7a7a\u95f4\u72ec\u4eab\u54ea\u4e9b\u8282\u70b9\uff0c\u5728\u53f3\u4fa7\u53ef\u4ee5\u6e05\u7a7a\u6216\u5220\u9664\u67d0\u4e2a\u5df2\u9009\u8282\u70b9\uff0c\u6700\u540e\u5728\u5e95\u90e8\u70b9\u51fb \u786e\u5b9a \u3002
\u53ef\u4ee5\u5728\u5217\u8868\u4e2d\u67e5\u770b\u6b64\u547d\u540d\u7a7a\u95f4\u7684\u5df2\u6709\u7684\u72ec\u4eab\u8282\u70b9\uff0c\u5728\u8282\u70b9\u53f3\u4fa7\u53ef\u4ee5\u9009\u62e9 \u53d6\u6d88\u72ec\u4eab \u3002
\u53d6\u6d88\u72ec\u4eab\u4e4b\u540e\uff0c\u5176\u4ed6\u547d\u540d\u7a7a\u95f4\u4e0b\u7684 Pod \u4e5f\u53ef\u4ee5\u88ab\u8c03\u5ea6\u5230\u8be5\u8282\u70b9\u4e0a\u3002
\u5728 \u975e\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4e0a\u542f\u7528\u547d\u540d\u7a7a\u95f4\u72ec\u4eab\u8282\u70b9\uff0c\u8bf7\u53c2\u8003\u4ee5\u4e0b\u6b65\u9aa4\u8fdb\u884c\u5f00\u542f\uff1a
\u4e3a\u5f53\u524d\u96c6\u7fa4\u7684 kube-apiserver \u542f\u7528\u4e86 PodNodeSelector \u548c PodTolerationRestriction \u51c6\u5165\u63a7\u5236\u5668
Note
\u5982\u679c\u96c6\u7fa4\u5df2\u542f\u7528\u4e86\u4e0a\u8ff0\u7684\u4e24\u4e2a\u51c6\u5165\u63a7\u5236\u5668\uff0c\u8bf7\u8df3\u8fc7\u6b64\u6b65\uff0c\u76f4\u63a5\u524d\u5f80\u754c\u9762\u4e3a\u547d\u540d\u7a7a\u95f4\u8bbe\u7f6e\u72ec\u4eab\u8282\u70b9
\u524d\u5f80\u5f53\u524d\u96c6\u7fa4\u4e0b\u4efb\u610f\u4e00\u4e2a Master \u8282\u70b9\u4e0a\u4fee\u6539 kube-apiserver.yaml \u914d\u7f6e\u6587\u4ef6\uff0c\u4e5f\u53ef\u4ee5\u5728 Master \u8282\u70b9\u4e0a\u6267\u884c\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u914d\u7f6e\uff1a
[root@g-master1 ~]# vi /etc/kubernetes/manifests/kube-apiserver.yaml\n\n# \u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a\napiVersion: v1\nkind: Pod\nmetadata:\n ......\nspec:\ncontainers:\n- command:\n - kube-apiserver\n ......\n - --default-not-ready-toleration-seconds=300\n - --default-unreachable-toleration-seconds=300\n - --enable-admission-plugins=NodeRestriction #\u542f\u7528\u7684\u51c6\u5165\u63a7\u5236\u5668\u5217\u8868\n - --enable-aggregator-routing=False\n - --enable-bootstrap-token-auth=true\n - --endpoint-reconciler-type=lease\n - --etcd-cafile=/etc/kubernetes/ssl/etcd/ca.crt\n ......\n
\u627e\u5230 --enable-admission-plugins \u53c2\u6570\uff0c\u52a0\u5165\uff08\u4ee5\u82f1\u6587\u9017\u53f7\u5206\u9694\u7684\uff09 PodNodeSelector \u548c PodTolerationRestriction \u51c6\u5165\u63a7\u5236\u5668\u3002\u53c2\u8003\u5982\u4e0b\uff1a
# \u52a0\u5165 __ ,PodNodeSelector,PodTolerationRestriction__ \n- --enable-admission-plugins=NodeRestriction,PodNodeSelector,PodTolerationRestriction \n
\u4f7f\u7528\u754c\u9762\u4e3a\u547d\u540d\u7a7a\u95f4\u8bbe\u7f6e\u72ec\u4eab\u8282\u70b9
\u5f53\u60a8\u786e\u8ba4\u96c6\u7fa4 API \u670d\u52a1\u5668\u4e0a\u7684 PodNodeSelector \u548c PodTolerationRestriction \u4e24\u4e2a\u7279\u6027\u51c6\u5165\u63a7\u5236\u5668\u5df2\u7ecf\u5f00\u542f\u540e\uff0c\u8bf7\u53c2\u8003\u5982\u4e0b\u6b65\u9aa4\u4f7f\u7528\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u7684 UI \u7ba1\u7406\u754c\u9762\u4e3a\u547d\u540d\u7a7a\u95f4\u8bbe\u7f6e\u72ec\u4eab\u8282\u70b9\u4e86\u3002
\u5728\u96c6\u7fa4\u5217\u8868\u9875\u9762\u70b9\u51fb\u96c6\u7fa4\u540d\u79f0\uff0c\u7136\u540e\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u547d\u540d\u7a7a\u95f4 \u3002
\u70b9\u51fb\u547d\u540d\u7a7a\u95f4\u540d\u79f0\uff0c\u7136\u540e\u70b9\u51fb \u72ec\u4eab\u8282\u70b9 \u9875\u7b7e\uff0c\u5728\u4e0b\u65b9\u53f3\u4fa7\u70b9\u51fb \u6dfb\u52a0\u8282\u70b9 \u3002
\u5728\u9875\u9762\u5de6\u4fa7\u9009\u62e9\u8ba9\u8be5\u547d\u540d\u7a7a\u95f4\u72ec\u4eab\u54ea\u4e9b\u8282\u70b9\uff0c\u5728\u53f3\u4fa7\u53ef\u4ee5\u6e05\u7a7a\u6216\u5220\u9664\u67d0\u4e2a\u5df2\u9009\u8282\u70b9\uff0c\u6700\u540e\u5728\u5e95\u90e8\u70b9\u51fb \u786e\u5b9a \u3002
\u53ef\u4ee5\u5728\u5217\u8868\u4e2d\u67e5\u770b\u6b64\u547d\u540d\u7a7a\u95f4\u7684\u5df2\u6709\u7684\u72ec\u4eab\u8282\u70b9\uff0c\u5728\u8282\u70b9\u53f3\u4fa7\u53ef\u4ee5\u9009\u62e9 \u53d6\u6d88\u72ec\u4eab \u3002
\u53d6\u6d88\u72ec\u4eab\u4e4b\u540e\uff0c\u5176\u4ed6\u547d\u540d\u7a7a\u95f4\u4e0b\u7684 Pod \u4e5f\u53ef\u4ee5\u88ab\u8c03\u5ea6\u5230\u8be5\u8282\u70b9\u4e0a\u3002
\u4e3a\u9700\u8981\u9ad8\u53ef\u7528\u7684\u7ec4\u4ef6\u6240\u5728\u7684\u547d\u540d\u7a7a\u95f4\u6dfb\u52a0\u5bb9\u5fcd\u6ce8\u89e3\uff08\u53ef\u9009\uff09
\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u9700\u8981\u9ad8\u53ef\u7528\u7684\u7ec4\u4ef6\u6240\u5728\u7684\u547d\u540d\u7a7a\u95f4\u6dfb\u52a0\u6ce8\u89e3\uff1ascheduler.alpha.kubernetes.io/defaultTolerations: '[{\"operator\": \"Exists\", \"effect\": \"NoSchedule\", \"key\": \"ExclusiveNamespace\"}]'
\u3002
kubectl annotate ns <namespace-name> scheduler.alpha.kubernetes.io/defaultTolerations: '[{\"operator\": \"Exists\", \"effect\": \n\"NoSchedule\", \"key\": \"ExclusiveNamespace\"}]'\n
\u8bf7\u786e\u4fdd\u5c06 <namespace-name>
\u66ff\u6362\u4e3a\u8981\u6dfb\u52a0\u6ce8\u89e3\u7684\u5e73\u53f0\u547d\u540d\u7a7a\u95f4\u540d\u79f0\u3002
\u5bb9\u5668\u7ec4\u5b89\u5168\u7b56\u7565\u6307\u5728 kubernetes \u96c6\u7fa4\u4e2d\uff0c\u901a\u8fc7\u4e3a\u6307\u5b9a\u547d\u540d\u7a7a\u95f4\u914d\u7f6e\u4e0d\u540c\u7684\u7b49\u7ea7\u548c\u6a21\u5f0f\uff0c\u5b9e\u73b0\u5728\u5b89\u5168\u7684\u5404\u4e2a\u65b9\u9762\u63a7\u5236 Pod \u7684\u884c\u4e3a\uff0c\u53ea\u6709\u6ee1\u8db3\u4e00\u5b9a\u7684\u6761\u4ef6\u7684 Pod \u624d\u4f1a\u88ab\u7cfb\u7edf\u63a5\u53d7\u3002\u5b83\u8bbe\u7f6e\u4e09\u4e2a\u7b49\u7ea7\u548c\u4e09\u79cd\u6a21\u5f0f\uff0c\u7528\u6237\u53ef\u4ee5\u6839\u636e\u81ea\u5df1\u7684\u9700\u6c42\u9009\u62e9\u66f4\u52a0\u5408\u9002\u7684\u65b9\u6848\u6765\u8bbe\u7f6e\u9650\u5236\u7b56\u7565\u3002
Note
\u4e00\u6761\u5b89\u5168\u6a21\u5f0f\u4ec5\u80fd\u914d\u7f6e\u4e00\u6761\u5b89\u5168\u7b56\u7565\u3002\u540c\u65f6\u8bf7\u8c28\u614e\u4e3a\u547d\u540d\u7a7a\u95f4\u914d\u7f6e enforce \u7684\u5b89\u5168\u6a21\u5f0f\uff0c\u8fdd\u53cd\u540e\u5c06\u4f1a\u5bfc\u81f4 Pod \u65e0\u6cd5\u521b\u5efa\u3002
\u672c\u8282\u5c06\u4ecb\u7ecd\u5982\u4f55\u901a\u8fc7\u5bb9\u5668\u7ba1\u7406\u754c\u9762\u4e3a\u547d\u540d\u7a7a\u95f4\u914d\u7f6e\u5bb9\u5668\u7ec4\u5b89\u5168\u7b56\u7565\u3002
"},{"location":"admin/kpanda/namespaces/podsecurity.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u5df2\u63a5\u5165 Kubernetes \u96c6\u7fa4\u6216\u8005\u5df2\u521b\u5efa Kubernetes \u96c6\u7fa4\uff0c\u96c6\u7fa4\u7684\u7248\u672c\u9700\u8981\u5728 v1.22 \u4ee5\u4e0a\uff0c\u4e14\u80fd\u591f\u8bbf\u95ee\u96c6\u7fa4\u7684 UI \u754c\u9762\u3002
\u5df2\u5b8c\u6210\u4e00\u4e2a\u547d\u540d\u7a7a\u95f4\u7684\u521b\u5efa\u3001\u7528\u6237\u7684\u521b\u5efa\uff0c\u5e76\u4e3a\u7528\u6237\u6388\u4e88 NS Admin \u6216\u66f4\u9ad8\u6743\u9650\uff0c\u8be6\u60c5\u53ef\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u6388\u6743\u3002
\u9009\u62e9\u9700\u8981\u914d\u7f6e\u5bb9\u5668\u7ec4\u5b89\u5168\u7b56\u7565\u7684\u547d\u540d\u7a7a\u95f4\uff0c\u8fdb\u5165\u8be6\u60c5\u9875\u3002\u5728 \u5bb9\u5668\u7ec4\u5b89\u5168\u7b56\u7565 \u9875\u9762\u70b9\u51fb \u914d\u7f6e\u7b56\u7565 \uff0c\u8fdb\u5165\u914d\u7f6e\u9875\u3002
\u5728\u914d\u7f6e\u9875\u70b9\u51fb \u6dfb\u52a0\u7b56\u7565 \uff0c\u5219\u4f1a\u51fa\u73b0\u4e00\u6761\u7b56\u7565\uff0c\u5305\u62ec\u5b89\u5168\u7ea7\u522b\u548c\u5b89\u5168\u6a21\u5f0f\uff0c\u4ee5\u4e0b\u662f\u5bf9\u5b89\u5168\u7ea7\u522b\u548c\u5b89\u5168\u7b56\u7565\u7684\u8be6\u7ec6\u4ecb\u7ecd\u3002
\u5b89\u5168\u7ea7\u522b \u63cf\u8ff0 Privileged \u4e0d\u53d7\u9650\u5236\u7684\u7b56\u7565\uff0c\u63d0\u4f9b\u6700\u5927\u53ef\u80fd\u8303\u56f4\u7684\u6743\u9650\u8bb8\u53ef\u3002\u6b64\u7b56\u7565\u5141\u8bb8\u5df2\u77e5\u7684\u7279\u6743\u63d0\u5347\u3002 Baseline \u9650\u5236\u6027\u6700\u5f31\u7684\u7b56\u7565\uff0c\u7981\u6b62\u5df2\u77e5\u7684\u7b56\u7565\u63d0\u5347\u3002\u5141\u8bb8\u4f7f\u7528\u9ed8\u8ba4\u7684\uff08\u89c4\u5b9a\u6700\u5c11\uff09Pod \u914d\u7f6e\u3002 Restricted \u9650\u5236\u6027\u975e\u5e38\u5f3a\u7684\u7b56\u7565\uff0c\u9075\u5faa\u5f53\u524d\u7684\u4fdd\u62a4 Pod \u7684\u6700\u4f73\u5b9e\u8df5\u3002 \u5b89\u5168\u6a21\u5f0f \u63cf\u8ff0 Audit \u8fdd\u53cd\u6307\u5b9a\u7b56\u7565\u4f1a\u5728\u5ba1\u8ba1\u65e5\u5fd7\u4e2d\u6dfb\u52a0\u65b0\u7684\u5ba1\u8ba1\u4e8b\u4ef6\uff0cPod \u53ef\u4ee5\u88ab\u521b\u5efa\u3002 Warn \u8fdd\u53cd\u6307\u5b9a\u7b56\u7565\u4f1a\u8fd4\u56de\u7528\u6237\u53ef\u89c1\u7684\u544a\u8b66\u4fe1\u606f\uff0cPod \u53ef\u4ee5\u88ab\u521b\u5efa\u3002 Enforce \u8fdd\u53cd\u6307\u5b9a\u7b56\u7565\u4f1a\u5bfc\u81f4 Pod \u65e0\u6cd5\u521b\u5efa\u3002\u4e0d\u540c\u7684\u5b89\u5168\u7ea7\u522b\u5bf9\u5e94\u4e0d\u540c\u7684\u68c0\u67e5\u9879\uff0c\u82e5\u60a8\u4e0d\u77e5\u9053\u8be5\u5982\u4f55\u4e3a\u60a8\u7684\u547d\u540d\u7a7a\u95f4\u914d\u7f6e\uff0c\u53ef\u4ee5\u70b9\u51fb\u9875\u9762\u53f3\u4e0a\u89d2\u7684 \u7b56\u7565\u914d\u7f6e\u9879\u8bf4\u660e \u67e5\u770b\u8be6\u7ec6\u4fe1\u606f\u3002
\u70b9\u51fb\u786e\u5b9a\uff0c\u82e5\u521b\u5efa\u6210\u529f\uff0c\u5219\u9875\u9762\u4e0a\u5c06\u51fa\u73b0\u60a8\u914d\u7f6e\u7684\u5b89\u5168\u7b56\u7565\u3002
\u70b9\u51fb \u2507 \u8fd8\u53ef\u4ee5\u7f16\u8f91\u6216\u8005\u5220\u9664\u60a8\u914d\u7f6e\u7684\u5b89\u5168\u7b56\u7565\u3002
\u5728 Kubernetes \u96c6\u7fa4\u4e2d\uff0cIngress \u516c\u5f00\u4ece\u96c6\u7fa4\u5916\u90e8\u5230\u96c6\u7fa4\u5185\u670d\u52a1\u7684 HTTP \u548c HTTPS \u8def\u7531\u3002 \u6d41\u91cf\u8def\u7531\u7531 Ingress \u8d44\u6e90\u4e0a\u5b9a\u4e49\u7684\u89c4\u5219\u63a7\u5236\u3002\u4e0b\u9762\u662f\u4e00\u4e2a\u5c06\u6240\u6709\u6d41\u91cf\u90fd\u53d1\u9001\u5230\u540c\u4e00 Service \u7684\u7b80\u5355 Ingress \u793a\u4f8b\uff1a
Ingress \u662f\u5bf9\u96c6\u7fa4\u4e2d\u670d\u52a1\u7684\u5916\u90e8\u8bbf\u95ee\u8fdb\u884c\u7ba1\u7406\u7684 API \u5bf9\u8c61\uff0c\u5178\u578b\u7684\u8bbf\u95ee\u65b9\u5f0f\u662f HTTP\u3002Ingress \u53ef\u4ee5\u63d0\u4f9b\u8d1f\u8f7d\u5747\u8861\u3001SSL \u7ec8\u7ed3\u548c\u57fa\u4e8e\u540d\u79f0\u7684\u865a\u62df\u6258\u7ba1\u3002
"},{"location":"admin/kpanda/network/create-ingress.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u4ee5 NS Editor \u7528\u6237\u6210\u529f\u767b\u5f55\u540e\uff0c\u70b9\u51fb\u5de6\u4e0a\u89d2\u7684 \u96c6\u7fa4\u5217\u8868 \u8fdb\u5165 \u96c6\u7fa4\u5217\u8868 \u9875\u9762\u3002\u5728\u96c6\u7fa4\u5217\u8868\u4e2d\uff0c\u70b9\u51fb\u4e00\u4e2a\u96c6\u7fa4\u540d\u79f0\u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u4e2d\uff0c\u70b9\u51fb \u5bb9\u5668\u7f51\u7edc -> \u8def\u7531 \u8fdb\u5165\u670d\u52a1\u5217\u8868\uff0c\u70b9\u51fb\u53f3\u4e0a\u89d2 \u521b\u5efa\u8def\u7531 \u6309\u94ae\u3002
Note
\u4e5f\u53ef\u4ee5\u901a\u8fc7 YAML \u521b\u5efa \u4e00\u4e2a\u8def\u7531\u3002
\u6253\u5f00 \u521b\u5efa\u8def\u7531 \u9875\u9762\uff0c\u8fdb\u884c\u914d\u7f6e\u3002\u53ef\u9009\u62e9\u4e24\u79cd\u534f\u8bae\u7c7b\u578b\uff0c\u53c2\u8003\u4ee5\u4e0b\u4e24\u4e2a\u53c2\u6570\u8868\u8fdb\u884c\u914d\u7f6e\u3002
\u8f93\u5165\u5982\u4e0b\u53c2\u6570\uff1a
nginx.ingress.kubernetes.io/upstream-hash-by: \"$binary_remote_addr\"
nginx.ingress.kubernetes.io/affinity: \"cookie\"\u3002nginx.ingress.kubernetes.io/affinity-mode: persistent
nginx.ingress.kubernetes.io/upstream-hash-by: \"$http_x_forwarded_for\"
\u8f93\u5165\u5982\u4e0b\u53c2\u6570\uff1a
Note
\u6ce8\u610f\uff1a\u4e0e HTTP \u534f\u8bae \u8bbe\u7f6e\u8def\u7531\u89c4\u5219 \u4e0d\u540c\uff0c\u589e\u52a0\u5bc6\u94a5\u9009\u62e9\u8bc1\u4e66\uff0c\u5176\u4ed6\u57fa\u672c\u4e00\u81f4\u3002
\u914d\u7f6e\u5b8c\u6240\u6709\u53c2\u6570\u540e\uff0c\u70b9\u51fb \u786e\u5b9a \u6309\u94ae\uff0c\u81ea\u52a8\u8fd4\u56de\u8def\u7531\u5217\u8868\u3002\u5728\u5217\u8868\u53f3\u4fa7\uff0c\u70b9\u51fb \u2507 \uff0c\u53ef\u4ee5\u4fee\u6539\u6216\u5220\u9664\u6240\u9009\u8def\u7531\u3002
"},{"location":"admin/kpanda/network/create-services.html","title":"\u521b\u5efa\u670d\u52a1\uff08Service\uff09","text":"\u5728 Kubernetes \u96c6\u7fa4\u4e2d\uff0c\u6bcf\u4e2a Pod \u90fd\u6709\u4e00\u4e2a\u5185\u90e8\u72ec\u7acb\u7684 IP \u5730\u5740\uff0c\u4f46\u662f\u5de5\u4f5c\u8d1f\u8f7d\u4e2d\u7684 Pod \u53ef\u80fd\u4f1a\u88ab\u968f\u65f6\u521b\u5efa\u548c\u5220\u9664\uff0c\u76f4\u63a5\u4f7f\u7528 Pod IP \u5730\u5740\u5e76\u4e0d\u80fd\u5bf9\u5916\u63d0\u4f9b\u670d\u52a1\u3002
\u8fd9\u5c31\u9700\u8981\u521b\u5efa\u670d\u52a1\uff0c\u901a\u8fc7\u670d\u52a1\u60a8\u4f1a\u83b7\u5f97\u4e00\u4e2a\u56fa\u5b9a\u7684 IP \u5730\u5740\uff0c\u4ece\u800c\u5b9e\u73b0\u5de5\u4f5c\u8d1f\u8f7d\u524d\u7aef\u548c\u540e\u7aef\u7684\u89e3\u8026\uff0c\u8ba9\u5916\u90e8\u7528\u6237\u80fd\u591f\u8bbf\u95ee\u670d\u52a1\u3002\u540c\u65f6\uff0c\u670d\u52a1\u8fd8\u63d0\u4f9b\u4e86\u8d1f\u8f7d\u5747\u8861\uff08LoadBalancer\uff09\u529f\u80fd\uff0c\u4f7f\u7528\u6237\u80fd\u4ece\u516c\u7f51\u8bbf\u95ee\u5230\u5de5\u4f5c\u8d1f\u8f7d\u3002
"},{"location":"admin/kpanda/network/create-services.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u5df2\u63a5\u5165 Kubernetes \u96c6\u7fa4\u6216\u8005\u5df2\u521b\u5efa Kubernetes\uff0c\u4e14\u80fd\u591f\u8bbf\u95ee\u96c6\u7fa4\u7684 UI \u754c\u9762\u3002
\u5df2\u5b8c\u6210\u4e00\u4e2a\u547d\u540d\u7a7a\u95f4\u7684\u521b\u5efa\u3001\u7528\u6237\u7684\u521b\u5efa\uff0c\u5e76\u5c06\u7528\u6237\u6388\u6743\u4e3a NS Editor \u89d2\u8272 \uff0c\u8be6\u60c5\u53ef\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u6388\u6743\u3002
\u5355\u4e2a\u5b9e\u4f8b\u4e2d\u6709\u591a\u4e2a\u5bb9\u5668\u65f6\uff0c\u8bf7\u786e\u4fdd\u5bb9\u5668\u4f7f\u7528\u7684\u7aef\u53e3\u4e0d\u51b2\u7a81\uff0c\u5426\u5219\u90e8\u7f72\u4f1a\u5931\u6548\u3002
\u4ee5 NS Editor \u7528\u6237\u6210\u529f\u767b\u5f55\u540e\uff0c\u70b9\u51fb\u5de6\u4e0a\u89d2\u7684 \u96c6\u7fa4\u5217\u8868 \u8fdb\u5165 \u96c6\u7fa4\u5217\u8868 \u9875\u9762\u3002\u5728\u96c6\u7fa4\u5217\u8868\u4e2d\uff0c\u70b9\u51fb\u4e00\u4e2a\u96c6\u7fa4\u540d\u79f0\u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u4e2d\uff0c\u70b9\u51fb \u5bb9\u5668\u7f51\u7edc -> \u670d\u52a1 \u8fdb\u5165\u670d\u52a1\u5217\u8868\uff0c\u70b9\u51fb\u53f3\u4e0a\u89d2 \u521b\u5efa\u670d\u52a1 \u6309\u94ae\u3002
Tip
\u4e5f\u53ef\u4ee5\u901a\u8fc7 YAML \u521b\u5efa \u4e00\u4e2a\u670d\u52a1\u3002
\u6253\u5f00 \u521b\u5efa\u670d\u52a1 \u9875\u9762\uff0c\u9009\u62e9\u4e00\u79cd\u8bbf\u95ee\u7c7b\u578b\uff0c\u53c2\u8003\u4ee5\u4e0b\u51e0\u4e2a\u53c2\u6570\u8868\u8fdb\u884c\u914d\u7f6e\u3002
\u70b9\u9009 \u96c6\u7fa4\u5185\u8bbf\u95ee\uff08ClusterIP\uff09 \uff0c\u8fd9\u662f\u6307\u901a\u8fc7\u96c6\u7fa4\u7684\u5185\u90e8 IP \u66b4\u9732\u670d\u52a1\uff0c\u9009\u62e9\u6b64\u9879\u7684\u670d\u52a1\u53ea\u80fd\u5728\u96c6\u7fa4\u5185\u90e8\u8bbf\u95ee\u3002\u8fd9\u662f\u9ed8\u8ba4\u7684\u670d\u52a1\u7c7b\u578b\u3002\u53c2\u8003\u4e0b\u8868\u914d\u7f6e\u53c2\u6570\u3002
\u53c2\u6570 \u8bf4\u660e \u4e3e\u4f8b\u503c \u8bbf\u95ee\u7c7b\u578b \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u6307\u5b9a Pod \u670d\u52a1\u53d1\u73b0\u7684\u65b9\u5f0f\uff0c\u8fd9\u91cc\u9009\u62e9\u96c6\u7fa4\u5185\u8bbf\u95ee\uff08ClusterIP\uff09\u3002 ClusterIP \u670d\u52a1\u540d\u79f0 \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u8f93\u5165\u65b0\u5efa\u670d\u52a1\u7684\u540d\u79f0\u3002\u3010\u6ce8\u610f\u3011\u8bf7\u8f93\u5165 4 \u5230 63 \u4e2a\u5b57\u7b26\u7684\u5b57\u7b26\u4e32\uff0c\u53ef\u4ee5\u5305\u542b\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u3001\u6570\u5b57\u548c\u4e2d\u5212\u7ebf\uff08-\uff09\uff0c\u5e76\u4ee5\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u5f00\u5934\uff0c\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u6216\u6570\u5b57\u7ed3\u5c3e\u3002 Svc-01 \u547d\u540d\u7a7a\u95f4 \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u9009\u62e9\u65b0\u5efa\u670d\u52a1\u6240\u5728\u7684\u547d\u540d\u7a7a\u95f4\u3002\u5173\u4e8e\u547d\u540d\u7a7a\u95f4\u66f4\u591a\u4fe1\u606f\u8bf7\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u6982\u8ff0\u3002\u3010\u6ce8\u610f\u3011\u8bf7\u8f93\u5165 4 \u5230 63 \u4e2a\u5b57\u7b26\u7684\u5b57\u7b26\u4e32\uff0c\u53ef\u4ee5\u5305\u542b\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u3001\u6570\u5b57\u548c\u4e2d\u5212\u7ebf\uff08-\uff09\uff0c\u5e76\u4ee5\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u5f00\u5934\uff0c\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u6216\u6570\u5b57\u7ed3\u5c3e\u3002 default \u6807\u7b7e\u9009\u62e9\u5668 \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u6dfb\u52a0\u6807\u7b7e\uff0cService \u6839\u636e\u6807\u7b7e\u9009\u62e9 Pod\uff0c\u586b\u5199\u540e\u70b9\u51fb\u201c\u6dfb\u52a0\u201d\u3002\u4e5f\u53ef\u4ee5\u5f15\u7528\u5df2\u6709\u5de5\u4f5c\u8d1f\u8f7d\u7684\u6807\u7b7e\uff0c\u70b9\u51fb \u5f15\u7528\u8d1f\u8f7d\u6807\u7b7e \uff0c\u5728\u5f39\u51fa\u7684\u7a97\u53e3\u4e2d\u9009\u62e9\u8d1f\u8f7d\uff0c\u7cfb\u7edf\u4f1a\u9ed8\u8ba4\u5c06\u6240\u9009\u7684\u8d1f\u8f7d\u6807\u7b7e\u4f5c\u4e3a\u9009\u62e9\u5668\u3002 app:job01 \u7aef\u53e3\u914d\u7f6e \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u4e3a\u670d\u52a1\u6dfb\u52a0\u534f\u8bae\u7aef\u53e3\uff0c\u9700\u8981\u5148\u9009\u62e9\u7aef\u53e3\u534f\u8bae\u7c7b\u578b\uff0c\u76ee\u524d\u652f\u6301 TCP\u3001UDP \u4e24\u79cd\u4f20\u8f93\u534f\u8bae\u3002\u7aef\u53e3\u540d\u79f0\uff1a\u8f93\u5165\u81ea\u5b9a\u4e49\u7684\u7aef\u53e3\u7684\u540d\u79f0\u3002\u670d\u52a1\u7aef\u53e3\uff08port\uff09\uff1aPod \u5bf9\u5916\u63d0\u4f9b\u670d\u52a1\u7684\u8bbf\u95ee\u7aef\u53e3\u3002\u5bb9\u5668\u7aef\u53e3\uff08targetport\uff09\uff1a\u5de5\u4f5c\u8d1f\u8f7d\u5b9e\u9645\u76d1\u542c\u7684\u5bb9\u5668\u7aef\u53e3\uff0c\u7528\u6765\u5bf9\u96c6\u7fa4\u5185\u66b4\u9732\u670d\u52a1\u3002 \u4f1a\u8bdd\u4fdd\u6301 \u3010\u7c7b\u578b\u3011\u9009\u586b\u3010\u542b\u4e49\u3011\u5f00\u542f\u540e\uff0c\u76f8\u540c\u5ba2\u6237\u7aef\u7684\u8bf7\u6c42\u5c06\u8f6c\u53d1\u81f3\u540c\u4e00 Pod \u5f00\u542f \u4f1a\u8bdd\u4fdd\u6301\u6700\u5927\u65f6\u957f \u3010\u7c7b\u578b\u3011\u9009\u586b\u3010\u542b\u4e49\u3011\u5f00\u542f\u4f1a\u8bdd\u4fdd\u6301\u540e\uff0c\u4fdd\u6301\u7684\u6700\u5927\u65f6\u957f\uff0c\u9ed8\u8ba4\u4e3a 30 \u79d2 30 \u79d2 \u6ce8\u89e3 \u3010\u7c7b\u578b\u3011\u9009\u586b\u3010\u542b\u4e49\u3011\u4e3a\u670d\u52a1\u6dfb\u52a0\u6ce8\u89e3"},{"location":"admin/kpanda/network/create-services.html#nodeport","title":"\u521b\u5efa NodePort \u670d\u52a1","text":"\u70b9\u9009 \u8282\u70b9\u8bbf\u95ee\uff08NodePort\uff09 \uff0c\u8fd9\u662f\u6307\u901a\u8fc7\u6bcf\u4e2a\u8282\u70b9\u4e0a\u7684 IP \u548c\u9759\u6001\u7aef\u53e3\uff08 NodePort \uff09\u66b4\u9732\u670d\u52a1\u3002 NodePort \u670d\u52a1\u4f1a\u8def\u7531\u5230\u81ea\u52a8\u521b\u5efa\u7684 ClusterIP \u670d\u52a1\u3002\u901a\u8fc7\u8bf7\u6c42 <\u8282\u70b9 IP>:<\u8282\u70b9\u7aef\u53e3> \uff0c\u60a8\u53ef\u4ee5\u4ece\u96c6\u7fa4\u7684\u5916\u90e8\u8bbf\u95ee\u4e00\u4e2a NodePort \u670d\u52a1\u3002\u53c2\u8003\u4e0b\u8868\u914d\u7f6e\u53c2\u6570\u3002
\u53c2\u6570 \u8bf4\u660e \u4e3e\u4f8b\u503c \u8bbf\u95ee\u7c7b\u578b \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u6307\u5b9a Pod \u670d\u52a1\u53d1\u73b0\u7684\u65b9\u5f0f\uff0c\u8fd9\u91cc\u9009\u62e9\u8282\u70b9\u8bbf\u95ee\uff08NodePort\uff09\u3002 NodePort \u670d\u52a1\u540d\u79f0 \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u8f93\u5165\u65b0\u5efa\u670d\u52a1\u7684\u540d\u79f0\u3002\u3010\u6ce8\u610f\u3011\u8bf7\u8f93\u5165 4 \u5230 63 \u4e2a\u5b57\u7b26\u7684\u5b57\u7b26\u4e32\uff0c\u53ef\u4ee5\u5305\u542b\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u3001\u6570\u5b57\u548c\u4e2d\u5212\u7ebf\uff08-\uff09\uff0c\u5e76\u4ee5\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u5f00\u5934\uff0c\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u6216\u6570\u5b57\u7ed3\u5c3e\u3002 Svc-01 \u547d\u540d\u7a7a\u95f4 \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u9009\u62e9\u65b0\u5efa\u670d\u52a1\u6240\u5728\u7684\u547d\u540d\u7a7a\u95f4\u3002\u5173\u4e8e\u547d\u540d\u7a7a\u95f4\u66f4\u591a\u4fe1\u606f\u8bf7\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u6982\u8ff0\u3002\u3010\u6ce8\u610f\u3011\u8bf7\u8f93\u5165 4 \u5230 63 \u4e2a\u5b57\u7b26\u7684\u5b57\u7b26\u4e32\uff0c\u53ef\u4ee5\u5305\u542b\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u3001\u6570\u5b57\u548c\u4e2d\u5212\u7ebf\uff08-\uff09\uff0c\u5e76\u4ee5\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u5f00\u5934\uff0c\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u6216\u6570\u5b57\u7ed3\u5c3e\u3002 default \u6807\u7b7e\u9009\u62e9\u5668 \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u6dfb\u52a0\u6807\u7b7e\uff0cService \u6839\u636e\u6807\u7b7e\u9009\u62e9 Pod\uff0c\u586b\u5199\u540e\u70b9\u51fb\u201c\u6dfb\u52a0\u201d\u3002\u4e5f\u53ef\u4ee5\u5f15\u7528\u5df2\u6709\u5de5\u4f5c\u8d1f\u8f7d\u7684\u6807\u7b7e\uff0c\u70b9\u51fb \u5f15\u7528\u8d1f\u8f7d\u6807\u7b7e \uff0c\u5728\u5f39\u51fa\u7684\u7a97\u53e3\u4e2d\u9009\u62e9\u8d1f\u8f7d\uff0c\u7cfb\u7edf\u4f1a\u9ed8\u8ba4\u5c06\u6240\u9009\u7684\u8d1f\u8f7d\u6807\u7b7e\u4f5c\u4e3a\u9009\u62e9\u5668\u3002 \u7aef\u53e3\u914d\u7f6e \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u4e3a\u670d\u52a1\u6dfb\u52a0\u534f\u8bae\u7aef\u53e3\uff0c\u9700\u8981\u5148\u9009\u62e9\u7aef\u53e3\u534f\u8bae\u7c7b\u578b\uff0c\u76ee\u524d\u652f\u6301 TCP\u3001UDP \u4e24\u79cd\u4f20\u8f93\u534f\u8bae\u3002\u7aef\u53e3\u540d\u79f0\uff1a\u8f93\u5165\u81ea\u5b9a\u4e49\u7684\u7aef\u53e3\u7684\u540d\u79f0\u3002\u670d\u52a1\u7aef\u53e3\uff08port\uff09\uff1aPod \u5bf9\u5916\u63d0\u4f9b\u670d\u52a1\u7684\u8bbf\u95ee\u7aef\u53e3\u3002\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u65b9\u4fbf\u8d77\u89c1\uff0c\u670d\u52a1\u7aef\u53e3\u88ab\u8bbe\u7f6e\u4e3a\u4e0e\u5bb9\u5668\u7aef\u53e3\u5b57\u6bb5\u76f8\u540c\u7684\u503c\u3002\u5bb9\u5668\u7aef\u53e3\uff08targetport\uff09\uff1a\u5de5\u4f5c\u8d1f\u8f7d\u5b9e\u9645\u76d1\u542c\u7684\u5bb9\u5668\u7aef\u53e3\u3002\u8282\u70b9\u7aef\u53e3\uff08nodeport\uff09\uff1a\u8282\u70b9\u7684\u7aef\u53e3\uff0c\u63a5\u6536\u6765\u81ea ClusterIP \u4f20\u8f93\u7684\u6d41\u91cf\u3002\u7528\u6765\u505a\u5916\u90e8\u6d41\u91cf\u8bbf\u95ee\u7684\u5165\u53e3\u3002 \u4f1a\u8bdd\u4fdd\u6301 \u3010\u7c7b\u578b\u3011\u9009\u586b\u3010\u542b\u4e49\u3011\u5f00\u542f\u540e\uff0c\u76f8\u540c\u5ba2\u6237\u7aef\u7684\u8bf7\u6c42\u5c06\u8f6c\u53d1\u81f3\u540c\u4e00 Pod\u5f00\u542f\u540e Service \u7684.spec.sessionAffinity
\u4e3a ClientIP \uff0c\u8be6\u60c5\u8bf7\u53c2\u8003\uff1aService \u7684\u4f1a\u8bdd\u4eb2\u548c\u6027 \u5f00\u542f \u4f1a\u8bdd\u4fdd\u6301\u6700\u5927\u65f6\u957f \u3010\u7c7b\u578b\u3011\u9009\u586b\u3010\u542b\u4e49\u3011\u5f00\u542f\u4f1a\u8bdd\u4fdd\u6301\u540e\uff0c\u4fdd\u6301\u7684\u6700\u5927\u65f6\u957f\uff0c\u9ed8\u8ba4\u8d85\u65f6\u65f6\u957f\u4e3a 30 \u79d2.spec.sessionAffinityConfig.clientIP.timeoutSeconds \u9ed8\u8ba4\u8bbe\u7f6e\u4e3a 30 \u79d2 30 \u79d2 \u6ce8\u89e3 \u3010\u7c7b\u578b\u3011\u9009\u586b\u3010\u542b\u4e49\u3011\u4e3a\u670d\u52a1\u6dfb\u52a0\u6ce8\u89e3"},{"location":"admin/kpanda/network/create-services.html#loadbalancer","title":"\u521b\u5efa LoadBalancer \u670d\u52a1","text":"\u70b9\u9009 \u8d1f\u8f7d\u5747\u8861\uff08LoadBalancer\uff09 \uff0c\u8fd9\u662f\u6307\u4f7f\u7528\u4e91\u63d0\u4f9b\u5546\u7684\u8d1f\u8f7d\u5747\u8861\u5668\u5411\u5916\u90e8\u66b4\u9732\u670d\u52a1\u3002 \u5916\u90e8\u8d1f\u8f7d\u5747\u8861\u5668\u53ef\u4ee5\u5c06\u6d41\u91cf\u8def\u7531\u5230\u81ea\u52a8\u521b\u5efa\u7684 NodePort \u670d\u52a1\u548c ClusterIP \u670d\u52a1\u4e0a\u3002\u53c2\u8003\u4e0b\u8868\u914d\u7f6e\u53c2\u6570\u3002
\u53c2\u6570 \u8bf4\u660e \u4e3e\u4f8b\u503c \u8bbf\u95ee\u7c7b\u578b \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u6307\u5b9a Pod \u670d\u52a1\u53d1\u73b0\u7684\u65b9\u5f0f\uff0c\u8fd9\u91cc\u9009\u62e9\u8d1f\u8f7d\u5747\u8861\uff08LoadBalancer\uff09\u3002 LoadBalancer \u670d\u52a1\u540d\u79f0 \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u8f93\u5165\u65b0\u5efa\u670d\u52a1\u7684\u540d\u79f0\u3002\u3010\u6ce8\u610f\u3011\u8bf7\u8f93\u5165 4 \u5230 63 \u4e2a\u5b57\u7b26\u7684\u5b57\u7b26\u4e32\uff0c\u53ef\u4ee5\u5305\u542b\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u3001\u6570\u5b57\u548c\u4e2d\u5212\u7ebf\uff08-\uff09\uff0c\u5e76\u4ee5\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u5f00\u5934\uff0c\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u6216\u6570\u5b57\u7ed3\u5c3e\u3002 Svc-01 \u547d\u540d\u7a7a\u95f4 \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u9009\u62e9\u65b0\u5efa\u670d\u52a1\u6240\u5728\u7684\u547d\u540d\u7a7a\u95f4\u3002\u5173\u4e8e\u547d\u540d\u7a7a\u95f4\u66f4\u591a\u4fe1\u606f\u8bf7\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u6982\u8ff0\u3002\u3010\u6ce8\u610f\u3011\u8bf7\u8f93\u5165 4 \u5230 63 \u4e2a\u5b57\u7b26\u7684\u5b57\u7b26\u4e32\uff0c\u53ef\u4ee5\u5305\u542b\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u3001\u6570\u5b57\u548c\u4e2d\u5212\u7ebf\uff08-\uff09\uff0c\u5e76\u4ee5\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u5f00\u5934\uff0c\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u6216\u6570\u5b57\u7ed3\u5c3e\u3002 default \u5916\u90e8\u6d41\u91cf\u7b56\u7565 \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u8bbe\u7f6e\u5916\u90e8\u6d41\u91cf\u7b56\u7565\u3002Cluster\uff1a\u6d41\u91cf\u53ef\u4ee5\u8f6c\u53d1\u5230\u96c6\u7fa4\u4e2d\u6240\u6709\u8282\u70b9\u4e0a\u7684 Pod\u3002Local\uff1a\u6d41\u91cf\u53ea\u53d1\u7ed9\u672c\u8282\u70b9\u4e0a\u7684 Pod\u3002\u3010\u6ce8\u610f\u3011\u8bf7\u8f93\u5165 4 \u5230 63 \u4e2a\u5b57\u7b26\u7684\u5b57\u7b26\u4e32\uff0c\u53ef\u4ee5\u5305\u542b\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u3001\u6570\u5b57\u548c\u4e2d\u5212\u7ebf\uff08-\uff09\uff0c\u5e76\u4ee5\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u5f00\u5934\uff0c\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u6216\u6570\u5b57\u7ed3\u5c3e\u3002 \u6807\u7b7e\u9009\u62e9\u5668 \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u6dfb\u52a0\u6807\u7b7e\uff0cService \u6839\u636e\u6807\u7b7e\u9009\u62e9 Pod\uff0c\u586b\u5199\u540e\u70b9\u51fb\u201c\u6dfb\u52a0\u201d\u3002\u4e5f\u53ef\u4ee5\u5f15\u7528\u5df2\u6709\u5de5\u4f5c\u8d1f\u8f7d\u7684\u6807\u7b7e\uff0c\u70b9\u51fb \u5f15\u7528\u8d1f\u8f7d\u6807\u7b7e \uff0c\u5728\u5f39\u51fa\u7684\u7a97\u53e3\u4e2d\u9009\u62e9\u8d1f\u8f7d\uff0c\u7cfb\u7edf\u4f1a\u9ed8\u8ba4\u5c06\u6240\u9009\u7684\u8d1f\u8f7d\u6807\u7b7e\u4f5c\u4e3a\u9009\u62e9\u5668\u3002 \u8d1f\u8f7d\u5747\u8861\u7c7b\u578b \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u4f7f\u7528\u7684\u8d1f\u8f7d\u5747\u8861\u7c7b\u578b\uff0c\u5f53\u524d\u652f\u6301 MetalLB \u548c\u5176\u4ed6\u3002 MetalLB IP \u6c60 \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u9009\u62e9\u7684 \u8d1f\u8f7d\u5747\u8861\u7c7b\u578b\u4e3a MetalLB \u65f6\uff0cLoadBalancer Service\u9ed8\u8ba4\u4f1a\u4ece\u8fd9\u4e2a\u6c60\u4e2d\u5206\u914d IP \u5730\u5740, \u5e76\u4e14\u901a\u8fc7 APR \u5ba3\u544a\u8fd9\u4e2a\u6c60\u4e2d\u7684\u6240\u6709 IP \u5730\u5740 \u8d1f\u8f7d\u5747\u8861\u5730\u5740 \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u30111.\u5982\u4f7f\u7528\u7684\u662f\u516c\u6709\u4e91 CloudProvider\uff0c\u6b64\u5904\u586b\u5199\u7684\u4e3a\u4e91\u5382\u5546\u63d0\u4f9b\u7684\u8d1f\u8f7d\u5747\u8861\u5730\u5740\uff1b2.\u5982\u679c\u4e0a\u8ff0\u8d1f\u8f7d\u5747\u8861\u7c7b\u578b\u9009\u62e9\u4e3a MetalLB \uff0c\u9ed8\u8ba4\u4ece\u4e0a\u8ff0 IP \u6c60\u4e2d\u83b7\u53d6 IP \uff0c\u5982\u679c\u4e0d\u586b\u5219\u81ea\u52a8\u83b7\u53d6\u3002 \u7aef\u53e3\u914d\u7f6e \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u4e3a\u670d\u52a1\u6dfb\u52a0\u534f\u8bae\u7aef\u53e3\uff0c\u9700\u8981\u5148\u9009\u62e9\u7aef\u53e3\u534f\u8bae\u7c7b\u578b\uff0c\u76ee\u524d\u652f\u6301 TCP\u3001UDP \u4e24\u79cd\u4f20\u8f93\u534f\u8bae\u3002\u7aef\u53e3\u540d\u79f0\uff1a\u8f93\u5165\u81ea\u5b9a\u4e49\u7684\u7aef\u53e3\u7684\u540d\u79f0\u3002\u670d\u52a1\u7aef\u53e3\uff08port\uff09\uff1aPod \u5bf9\u5916\u63d0\u4f9b\u670d\u52a1\u7684\u8bbf\u95ee\u7aef\u53e3\u3002\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u65b9\u4fbf\u8d77\u89c1\uff0c\u670d\u52a1\u7aef\u53e3\u88ab\u8bbe\u7f6e\u4e3a\u4e0e\u5bb9\u5668\u7aef\u53e3\u5b57\u6bb5\u76f8\u540c\u7684\u503c\u3002\u5bb9\u5668\u7aef\u53e3\uff08targetport\uff09\uff1a\u5de5\u4f5c\u8d1f\u8f7d\u5b9e\u9645\u76d1\u542c\u7684\u5bb9\u5668\u7aef\u53e3\u3002\u8282\u70b9\u7aef\u53e3\uff08nodeport\uff09\uff1a\u8282\u70b9\u7684\u7aef\u53e3\uff0c\u63a5\u6536\u6765\u81ea ClusterIP \u4f20\u8f93\u7684\u6d41\u91cf\u3002\u7528\u6765\u505a\u5916\u90e8\u6d41\u91cf\u8bbf\u95ee\u7684\u5165\u53e3\u3002 \u6ce8\u89e3 \u3010\u7c7b\u578b\u3011\u9009\u586b\u3010\u542b\u4e49\u3011\u4e3a\u670d\u52a1\u6dfb\u52a0\u6ce8\u89e3"},{"location":"admin/kpanda/network/create-services.html#externalname","title":"\u521b\u5efa ExternalName \u670d\u52a1","text":"\u70b9\u9009 \u5916\u90e8\u670d\u52a1\uff08ExternalName\uff09 \uff0c\u8fd9\u662f\u6307\u901a\u8fc7\u5c06\u670d\u52a1\u6620\u5c04\u5230\u5916\u90e8\u57df\u540d\u6765\u66b4\u9732\u670d\u52a1\u3002\u9009\u62e9\u6b64\u9879\u7684\u670d\u52a1\u4e0d\u4f1a\u521b\u5efa\u5178\u578b\u7684 ClusterIP \u6216 NodePort\uff0c\u800c\u662f\u901a\u8fc7 DNS \u540d\u79f0\u89e3\u6790\u5c06\u8bf7\u6c42\u91cd\u5b9a\u5411\u5230\u5916\u90e8\u7684\u670d\u52a1\u5730\u5740\u3002\u53c2\u8003\u4e0b\u8868\u914d\u7f6e\u53c2\u6570\u3002
\u53c2\u6570 \u8bf4\u660e \u4e3e\u4f8b\u503c \u8bbf\u95ee\u7c7b\u578b \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u6307\u5b9a Pod \u670d\u52a1\u53d1\u73b0\u7684\u65b9\u5f0f\uff0c\u8fd9\u91cc\u9009\u62e9\u5916\u90e8\u670d\u52a1\uff08ExternalName\uff09\u3002 ExternalName \u670d\u52a1\u540d\u79f0 \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u8f93\u5165\u65b0\u5efa\u670d\u52a1\u7684\u540d\u79f0\u3002\u3010\u6ce8\u610f\u3011\u8bf7\u8f93\u5165 4 \u5230 63 \u4e2a\u5b57\u7b26\u7684\u5b57\u7b26\u4e32\uff0c\u53ef\u4ee5\u5305\u542b\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u3001\u6570\u5b57\u548c\u4e2d\u5212\u7ebf\uff08-\uff09\uff0c\u5e76\u4ee5\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u5f00\u5934\uff0c\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u6216\u6570\u5b57\u7ed3\u5c3e\u3002 Svc-01 \u547d\u540d\u7a7a\u95f4 \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u9009\u62e9\u65b0\u5efa\u670d\u52a1\u6240\u5728\u7684\u547d\u540d\u7a7a\u95f4\u3002\u5173\u4e8e\u547d\u540d\u7a7a\u95f4\u66f4\u591a\u4fe1\u606f\u8bf7\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u6982\u8ff0\u3002\u3010\u6ce8\u610f\u3011\u8bf7\u8f93\u5165 4 \u5230 63 \u4e2a\u5b57\u7b26\u7684\u5b57\u7b26\u4e32\uff0c\u53ef\u4ee5\u5305\u542b\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u3001\u6570\u5b57\u548c\u4e2d\u5212\u7ebf\uff08-\uff09\uff0c\u5e76\u4ee5\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u5f00\u5934\uff0c\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u6216\u6570\u5b57\u7ed3\u5c3e\u3002 default \u57df\u540d \u3010\u7c7b\u578b\u3011\u5fc5\u586b"},{"location":"admin/kpanda/network/create-services.html#_3","title":"\u5b8c\u6210\u670d\u52a1\u521b\u5efa","text":"\u914d\u7f6e\u5b8c\u6240\u6709\u53c2\u6570\u540e\uff0c\u70b9\u51fb \u786e\u5b9a \u6309\u94ae\uff0c\u81ea\u52a8\u8fd4\u56de\u670d\u52a1\u5217\u8868\u3002\u5728\u5217\u8868\u53f3\u4fa7\uff0c\u70b9\u51fb \u2507 \uff0c\u53ef\u4ee5\u4fee\u6539\u6216\u5220\u9664\u6240\u9009\u670d\u52a1\u3002
"},{"location":"admin/kpanda/network/network-policy.html","title":"\u7f51\u7edc\u7b56\u7565","text":"\u7f51\u7edc\u7b56\u7565\uff08NetworkPolicy\uff09\u53ef\u4ee5\u5728 IP \u5730\u5740\u6216\u7aef\u53e3\u5c42\u9762\uff08OSI \u7b2c 3 \u5c42\u6216\u7b2c 4 \u5c42\uff09\u63a7\u5236\u7f51\u7edc\u6d41\u91cf\u3002\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u76ee\u524d\u652f\u6301\u521b\u5efa\u57fa\u4e8e Pod \u6216\u547d\u540d\u7a7a\u95f4\u7684\u7f51\u7edc\u7b56\u7565\uff0c\u652f\u6301\u901a\u8fc7\u6807\u7b7e\u9009\u62e9\u5668\u6765\u8bbe\u5b9a\u54ea\u4e9b\u6d41\u91cf\u53ef\u4ee5\u8fdb\u5165\u6216\u79bb\u5f00\u5e26\u6709\u7279\u5b9a\u6807\u7b7e\u7684 Pod\u3002
\u6709\u5173\u7f51\u7edc\u7b56\u7565\u7684\u66f4\u591a\u8be6\u60c5\uff0c\u53ef\u53c2\u8003 Kubernetes \u5b98\u65b9\u6587\u6863\u7f51\u7edc\u7b56\u7565\u3002
"},{"location":"admin/kpanda/network/network-policy.html#_2","title":"\u521b\u5efa\u7f51\u7edc\u7b56\u7565","text":"\u76ee\u524d\u652f\u6301\u901a\u8fc7 YAML \u548c\u8868\u5355\u4e24\u79cd\u65b9\u5f0f\u521b\u5efa\u7f51\u7edc\u7b56\u7565\uff0c\u8fd9\u4e24\u79cd\u65b9\u5f0f\u5404\u6709\u4f18\u52a3\uff0c\u53ef\u4ee5\u6ee1\u8db3\u4e0d\u540c\u7528\u6237\u7684\u4f7f\u7528\u9700\u6c42\u3002
\u901a\u8fc7 YAML \u521b\u5efa\u6b65\u9aa4\u66f4\u5c11\u3001\u66f4\u9ad8\u6548\uff0c\u4f46\u95e8\u69db\u8981\u6c42\u8f83\u9ad8\uff0c\u9700\u8981\u719f\u6089\u7f51\u7edc\u7b56\u7565\u7684 YAML \u6587\u4ef6\u914d\u7f6e\u3002
\u901a\u8fc7\u8868\u5355\u521b\u5efa\u66f4\u76f4\u89c2\u66f4\u7b80\u5355\uff0c\u6839\u636e\u63d0\u793a\u586b\u5199\u5bf9\u5e94\u7684\u503c\u5373\u53ef\uff0c\u4f46\u6b65\u9aa4\u66f4\u52a0\u7e41\u7410\u3002
"},{"location":"admin/kpanda/network/network-policy.html#yaml","title":"YAML \u521b\u5efa","text":"\u5728\u96c6\u7fa4\u5217\u8868\u4e2d\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u7136\u540e\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u5bb9\u5668\u7f51\u7edc -> \u7f51\u7edc\u7b56\u7565 -> YAML \u521b\u5efa \u3002
\u5728\u5f39\u6846\u4e2d\u8f93\u5165\u6216\u7c98\u8d34\u4e8b\u5148\u51c6\u5907\u597d\u7684 YAML \u6587\u4ef6\uff0c\u7136\u540e\u5728\u5f39\u6846\u5e95\u90e8\u70b9\u51fb \u786e\u5b9a \u3002
\u5728\u96c6\u7fa4\u5217\u8868\u4e2d\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u7136\u540e\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u5bb9\u5668\u7f51\u7edc -> \u7f51\u7edc\u7b56\u7565 -> \u521b\u5efa\u7b56\u7565 \u3002
\u586b\u5199\u57fa\u672c\u4fe1\u606f\u3002
\u540d\u79f0\u548c\u547d\u540d\u7a7a\u95f4\u5728\u521b\u5efa\u4e4b\u540e\u4e0d\u53ef\u66f4\u6539\u3002
\u586b\u5199\u7b56\u7565\u914d\u7f6e\u3002
\u7b56\u7565\u914d\u7f6e\u5206\u4e3a\u5165\u6d41\u91cf\u7b56\u7565\u548c\u51fa\u6d41\u91cf\u7b56\u7565\u3002\u5982\u679c\u6e90 Pod \u60f3\u8981\u6210\u529f\u8fde\u63a5\u5230\u76ee\u6807 Pod\uff0c\u6e90 Pod \u7684\u51fa\u6d41\u91cf\u7b56\u7565\u548c\u76ee\u6807 Pod \u7684\u5165\u6d41\u91cf\u7b56\u7565\u90fd\u9700\u8981\u5141\u8bb8\u8fde\u63a5\u3002\u5982\u679c\u4efb\u4f55\u4e00\u65b9\u4e0d\u5141\u8bb8\u8fde\u63a5\uff0c\u90fd\u4f1a\u5bfc\u81f4\u8fde\u63a5\u5931\u8d25\u3002
\u5165\u6d41\u91cf\u7b56\u7565\uff1a\u70b9\u51fb \u2795 \u5f00\u59cb\u914d\u7f6e\u7b56\u7565\uff0c\u652f\u6301\u914d\u7f6e\u591a\u6761\u7b56\u7565\u3002\u591a\u6761\u7f51\u7edc\u7b56\u7565\u7684\u6548\u679c\u76f8\u4e92\u53e0\u52a0\uff0c\u53ea\u6709\u540c\u65f6\u6ee1\u8db3\u6240\u6709\u7f51\u7edc\u7b56\u7565\uff0c\u624d\u80fd\u6210\u529f\u5efa\u7acb\u8fde\u63a5\u3002
\u51fa\u6d41\u91cf\u7b56\u7565
\u5728\u96c6\u7fa4\u5217\u8868\u4e2d\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u7136\u540e\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u5bb9\u5668\u7f51\u7edc -> \u7f51\u7edc\u7b56\u7565 \uff0c\u70b9\u51fb\u7f51\u7edc\u7b56\u7565\u7684\u540d\u79f0\u3002
\u67e5\u770b\u8be5\u7b56\u7565\u7684\u57fa\u672c\u914d\u7f6e\u3001\u5173\u8054\u5b9e\u4f8b\u4fe1\u606f\u3001\u5165\u6d41\u91cf\u7b56\u7565\u3001\u51fa\u6d41\u91cf\u7b56\u7565\u3002
Info
\u5728\u5173\u8054\u5b9e\u4f8b\u9875\u7b7e\u4e0b\uff0c\u652f\u6301\u67e5\u770b\u5b9e\u4f8b\u76d1\u63a7\u3001\u65e5\u5fd7\u3001\u5bb9\u5668\u5217\u8868\u3001YAML \u6587\u4ef6\u3001\u4e8b\u4ef6\u7b49\u3002
"},{"location":"admin/kpanda/network/network-policy.html#_5","title":"\u66f4\u65b0\u7f51\u7edc\u7b56\u7565","text":"\u6709\u4e24\u79cd\u9014\u5f84\u53ef\u4ee5\u66f4\u65b0\u7f51\u7edc\u7b56\u7565\u3002\u652f\u6301\u901a\u8fc7\u8868\u5355\u6216 YAML \u6587\u4ef6\u66f4\u65b0\u7f51\u7edc\u7b56\u7565\u3002
\u5728\u7f51\u7edc\u7b56\u7565\u5217\u8868\u9875\u9762\uff0c\u627e\u5230\u9700\u8981\u66f4\u65b0\u7684\u7b56\u7565\uff0c\u5728\u53f3\u4fa7\u7684\u64cd\u4f5c\u680f\u4e0b\u9009\u62e9 \u66f4\u65b0 \u5373\u53ef\u901a\u8fc7\u8868\u5355\u66f4\u65b0\uff0c\u9009\u62e9 \u7f16\u8f91 YAML \u5373\u53ef\u901a\u8fc7 YAML \u66f4\u65b0\u3002
\u70b9\u51fb\u7f51\u7edc\u7b56\u7565\u7684\u540d\u79f0\uff0c\u8fdb\u5165\u7f51\u7edc\u7b56\u7565\u7684\u8be6\u60c5\u9875\u9762\u540e\uff0c\u5728\u9875\u9762\u53f3\u4e0a\u89d2\u9009\u62e9 \u66f4\u65b0 \u5373\u53ef\u901a\u8fc7\u8868\u5355\u66f4\u65b0\uff0c\u9009\u62e9 \u7f16\u8f91 YAML \u5373\u53ef\u901a\u8fc7 YAML \u66f4\u65b0\u3002
\u6709\u4e24\u79cd\u9014\u5f84\u53ef\u4ee5\u5220\u9664\u7f51\u7edc\u7b56\u7565\u3002\u652f\u6301\u901a\u8fc7\u8868\u5355\u6216 YAML \u6587\u4ef6\u66f4\u65b0\u7f51\u7edc\u7b56\u7565\u3002
\u5728\u7f51\u7edc\u7b56\u7565\u5217\u8868\u9875\u9762\uff0c\u627e\u5230\u9700\u8981\u66f4\u65b0\u7684\u7b56\u7565\uff0c\u5728\u53f3\u4fa7\u7684\u64cd\u4f5c\u680f\u4e0b\u9009\u62e9 \u66f4\u65b0 \u5373\u53ef\u901a\u8fc7\u8868\u5355\u66f4\u65b0\uff0c\u9009\u62e9 \u7f16\u8f91 YAML \u5373\u53ef\u901a\u8fc7 YAML \u5220\u9664\u3002
\u70b9\u51fb\u7f51\u7edc\u7b56\u7565\u7684\u540d\u79f0\uff0c\u8fdb\u5165\u7f51\u7edc\u7b56\u7565\u7684\u8be6\u60c5\u9875\u9762\u540e\uff0c\u5728\u9875\u9762\u53f3\u4e0a\u89d2\u9009\u62e9 \u66f4\u65b0 \u5373\u53ef\u901a\u8fc7\u8868\u5355\u66f4\u65b0\uff0c\u9009\u62e9 \u7f16\u8f91 YAML \u5373\u53ef\u901a\u8fc7 YAML \u5220\u9664\u3002
\u968f\u7740\u4e1a\u52a1\u5e94\u7528\u4e0d\u65ad\u589e\u957f\uff0c\u96c6\u7fa4\u8d44\u6e90\u65e5\u8d8b\u7d27\u5f20\uff0c\u8fd9\u65f6\u53ef\u4ee5\u57fa\u4e8e kubean \u5bf9\u96c6\u7fa4\u8282\u70b9\u8fdb\u884c\u6269\u5bb9\u3002\u6269\u5bb9\u540e\uff0c\u5e94\u7528\u53ef\u4ee5\u8fd0\u884c\u5728\u65b0\u589e\u7684\u8282\u70b9\u4e0a\uff0c\u7f13\u89e3\u8d44\u6e90\u538b\u529b\u3002
\u53ea\u6709\u901a\u8fc7\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u521b\u5efa\u7684\u96c6\u7fa4\u624d\u652f\u6301\u8282\u70b9\u6269\u7f29\u5bb9\uff0c\u4ece\u5916\u90e8\u63a5\u5165\u7684\u96c6\u7fa4\u4e0d\u652f\u6301\u6b64\u64cd\u4f5c\u3002\u672c\u6587\u4e3b\u8981\u4ecb\u7ecd\u540c\u79cd\u67b6\u6784\u4e0b\u5de5\u4f5c\u96c6\u7fa4\u7684 \u5de5\u4f5c\u8282\u70b9 \u6269\u5bb9\u3002
\u5728 \u96c6\u7fa4\u5217\u8868 \u9875\u9762\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\u3002
\u82e5 \u96c6\u7fa4\u89d2\u8272 \u4e2d\u5e26\u6709 \u63a5\u5165\u96c6\u7fa4 \u7684\u6807\u7b7e\uff0c\u5219\u8bf4\u660e\u8be5\u96c6\u7fa4\u4e0d\u652f\u6301\u8282\u70b9\u6269\u7f29\u5bb9\u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u8282\u70b9\u7ba1\u7406 \uff0c\u7136\u540e\u5728\u9875\u9762\u53f3\u4e0a\u89d2\u70b9\u51fb \u63a5\u5165\u8282\u70b9 \u3002
\u8f93\u5165\u4e3b\u673a\u540d\u79f0\u548c\u8282\u70b9 IP \u5e76\u70b9\u51fb \u786e\u5b9a \u3002
\u70b9\u51fb \u2795 \u6dfb\u52a0\u5de5\u4f5c\u8282\u70b9 \u53ef\u4ee5\u7ee7\u7eed\u63a5\u5165\u66f4\u591a\u8282\u70b9\u3002
Note
\u63a5\u5165\u8282\u70b9\u5927\u7ea6\u9700\u8981 20 \u5206\u949f\uff0c\u8bf7\u60a8\u8010\u5fc3\u7b49\u5f85\u3002
"},{"location":"admin/kpanda/nodes/add-node.html#_2","title":"\u53c2\u8003\u6587\u6863","text":"\u5f53\u4e1a\u52a1\u9ad8\u5cf0\u671f\u7ed3\u675f\u4e4b\u540e\uff0c\u4e3a\u4e86\u8282\u7701\u8d44\u6e90\u6210\u672c\uff0c\u53ef\u4ee5\u7f29\u5c0f\u96c6\u7fa4\u89c4\u6a21\uff0c\u5378\u8f7d\u5197\u4f59\u7684\u8282\u70b9\uff0c\u5373\u8282\u70b9\u7f29\u5bb9\u3002\u8282\u70b9\u5378\u8f7d\u540e\uff0c\u5e94\u7528\u65e0\u6cd5\u7ee7\u7eed\u8fd0\u884c\u5728\u8be5\u8282\u70b9\u4e0a\u3002
"},{"location":"admin/kpanda/nodes/delete-node.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u96c6\u7fa4\u8282\u70b9\u7f29\u5bb9\u65f6\uff0c\u53ea\u80fd\u9010\u4e2a\u8fdb\u884c\u5378\u8f7d\uff0c\u65e0\u6cd5\u6279\u91cf\u5378\u8f7d\u3002
\u5982\u9700\u5378\u8f7d\u96c6\u7fa4\u63a7\u5236\u5668\u8282\u70b9\uff0c\u9700\u8981\u786e\u4fdd\u6700\u7ec8\u63a7\u5236\u5668\u8282\u70b9\u6570\u4e3a \u5947\u6570\u3002
\u96c6\u7fa4\u8282\u70b9\u7f29\u5bb9\u65f6\u4e0d\u53ef\u4e0b\u7ebf \u7b2c\u4e00\u4e2a\u63a7\u5236\u5668 \u8282\u70b9\u3002\u5982\u679c\u5fc5\u987b\u6267\u884c\u6b64\u64cd\u4f5c\uff0c\u8bf7\u8054\u7cfb\u552e\u540e\u5de5\u7a0b\u5e08\u3002
\u5728 \u96c6\u7fa4\u5217\u8868 \u9875\u9762\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\u3002
\u82e5 \u96c6\u7fa4\u89d2\u8272 \u4e2d\u5e26\u6709 \u63a5\u5165\u96c6\u7fa4 \u7684\u6807\u7b7e\uff0c\u5219\u8bf4\u660e\u8be5\u96c6\u7fa4\u4e0d\u652f\u6301\u8282\u70b9\u6269\u7f29\u5bb9\u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u8282\u70b9\u7ba1\u7406 \uff0c\u627e\u5230\u9700\u8981\u5378\u8f7d\u7684\u8282\u70b9\uff0c\u70b9\u51fb \u2507 \u9009\u62e9 \u79fb\u9664\u8282\u70b9 \u3002
\u8f93\u5165\u8282\u70b9\u540d\u79f0\uff0c\u5e76\u70b9\u51fb \u5220\u9664 \u8fdb\u884c\u786e\u8ba4\u3002
\u6807\u7b7e\uff08Labels\uff09\u662f\u4e3a Pod\u3001\u8282\u70b9\u3001\u96c6\u7fa4\u7b49 Kubernetes \u5bf9\u8c61\u6dfb\u52a0\u7684\u6807\u8bc6\u6027\u952e\u503c\u5bf9\uff0c\u53ef\u7ed3\u5408\u6807\u7b7e\u9009\u62e9\u5668\u67e5\u627e\u5e76\u7b5b\u9009\u6ee1\u8db3\u67d0\u4e9b\u6761\u4ef6\u7684 Kubernetes \u5bf9\u8c61\u3002\u6bcf\u4e2a\u952e\u5bf9\u4e8e\u7ed9\u5b9a\u5bf9\u8c61\u5fc5\u987b\u662f\u552f\u4e00\u7684\u3002
\u6ce8\u89e3\uff08Annotations\uff09\u548c\u6807\u7b7e\u4e00\u6837\uff0c\u4e5f\u662f\u952e/\u503c\u5bf9\uff0c\u4f46\u4e0d\u5177\u5907\u6807\u8bc6\u6216\u7b5b\u9009\u529f\u80fd\u3002 \u4f7f\u7528\u6ce8\u89e3\u53ef\u4ee5\u4e3a\u8282\u70b9\u6dfb\u52a0\u4efb\u610f\u7684\u5143\u6570\u636e\u3002 \u6ce8\u89e3\u7684\u952e\u901a\u5e38\u4f7f\u7528\u7684\u683c\u5f0f\u4e3a \u524d\u7f00\uff08\u53ef\u9009\uff09/\u540d\u79f0\uff08\u5fc5\u586b\uff09 \uff0c\u4f8b\u5982 nfd.node.kubernetes.io/extended-resources \u3002 \u5982\u679c\u7701\u7565\u524d\u7f00\uff0c\u8868\u793a\u8be5\u6ce8\u89e3\u952e\u662f\u7528\u6237\u79c1\u6709\u7684\u3002
\u6709\u5173\u6807\u7b7e\u548c\u6ce8\u89e3\u7684\u66f4\u591a\u4fe1\u606f\uff0c\u53ef\u53c2\u8003 Kubernetes \u7684\u5b98\u65b9\u6587\u6863\u6807\u7b7e\u548c\u9009\u62e9\u7b97\u7b26\u6216\u6ce8\u89e3\u3002
\u6dfb\u52a0/\u5220\u9664\u6807\u7b7e\u4e0e\u6ce8\u89e3\u7684\u6b65\u9aa4\u5982\u4e0b\uff1a
\u5728 \u96c6\u7fa4\u5217\u8868 \u9875\u9762\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u8282\u70b9\u7ba1\u7406 \uff0c\u5728\u8282\u70b9\u53f3\u4fa7\u70b9\u51fb \u2507 \u64cd\u4f5c\u56fe\u6807\uff0c\u70b9\u51fb \u4fee\u6539\u6807\u7b7e \u6216 \u4fee\u6539\u6ce8\u89e3 \u3002
\u70b9\u51fb \u2795 \u6dfb\u52a0 \u53ef\u4ee5\u6dfb\u52a0\u6807\u7b7e\u6216\u6ce8\u89e3\uff0c\u70b9\u51fb X \u53ef\u4ee5\u5220\u9664\u6807\u7b7e\u6216\u6ce8\u89e3\uff0c\u6700\u540e\u70b9\u51fb \u786e\u5b9a \u3002
\u5982\u679c\u60a8\u9009\u62e9\u4f7f\u7528 SSH \u5bc6\u94a5\u4f5c\u4e3a\u5f85\u521b\u5efa\u96c6\u7fa4\u7684\u8282\u70b9\u8ba4\u8bc1\u65b9\u5f0f\uff0c\u60a8\u9700\u8981\u6309\u7167\u5982\u4e0b\u8bf4\u660e\u914d\u7f6e\u516c\u79c1\u94a5\u3002
\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5728 \u5f85\u5efa\u96c6\u7fa4\u7684\u7ba1\u7406\u96c6\u7fa4\u4e2d\u7684\u4efb\u610f\u8282\u70b9 \u4e0a\u751f\u6210\u516c\u79c1\u94a5\u3002
cd /root/.ssh\nssh-keygen -t rsa\n
\u6267\u884c ls \u547d\u4ee4\u67e5\u770b\u7ba1\u7406\u96c6\u7fa4\u4e0a\u7684\u5bc6\u94a5\u662f\u5426\u521b\u5efa\u6210\u529f\uff0c\u6b63\u786e\u53cd\u9988\u5982\u4e0b\uff1a
ls\nid_rsa id_rsa.pub known_hosts\n
\u5176\u4e2d\u540d\u4e3a id_rsa \u7684\u6587\u4ef6\u662f\u79c1\u94a5\uff0c\u540d\u4e3a id_rsa.pub \u7684\u6587\u4ef6\u662f\u516c\u94a5\u3002
\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5206\u522b\u5c06\u516c\u94a5\u6587\u4ef6 id_rsa.pub \u52a0\u8f7d\u5230\u5f85\u521b\u5efa\u96c6\u7fa4\u7684\u6240\u6709\u8282\u70b9\u4e0a\u3002
ssh-copy-id -i /root/.ssh/id_rsa.pub root@10.0.0.0\n
\u5c06\u4e0a\u9762\u547d\u4ee4\u4e2d\u7684 root@10.0.0.0 \u7528\u6237\u8d26\u53f7\u548c\u8282\u70b9 IP \u66ff\u6362\u4e3a\u5f85\u521b\u5efa\u96c6\u7fa4\u7684\u8282\u70b9\u7528\u6237\u540d\u548c IP\u3002** \u9700\u8981\u5728\u5f85\u521b\u5efa\u96c6\u7fa4\u7684\u6bcf\u53f0\u8282\u70b9\u90fd\u6267\u884c\u76f8\u540c\u7684\u64cd\u4f5c **\u3002
\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u67e5\u770b\u6b65\u9aa4 1 \u6240\u521b\u5efa\u7684\u79c1\u94a5\u6587\u4ef6 id_rsa \u3002
cat /root/.ssh/id_rsa\n
\u8f93\u51fa\u5982\u4e0b\u5185\u5bb9\uff1a
-----BEGIN RSA PRIVATE KEY-----\nMIIEpQIBAAKCAQEA3UvyKINzY5BFuemQ+uJ6q+GqgfvnWwNC8HzZhpcMSjJy26MM\nUtBEBJxy8fMi57XcjYxPibXW/wnd+32ICCycqCwByUmuXeCC1cjlCQDqjcAvXae7\nY54IXGF7wm2IsMNwf0kjFEXjuS48FLDA0mGRaN3BG+Up5geXcHckg3K5LD8kXFFx\ndEmSIjdyw55NaUitmEdHzN7cIdfi6Z56jcV8dcFBgWKUx+ebiyPmZBkXToz6GnMF\nrswzzZCl+G6Jb2xTGy7g7ozb4BoZd1IpSD5EhDanRrESVE0C5YuJ5zUAC0CvVd1l\nv67AK8Ko6MXToHp01/bcsvlM6cqgwUFXZKVeOwIDAQABAoIBAQCO36GQlo3BEjxy\nM2HvGJmqrx+unDxafliRe4nVY2AD515Qf4xNSzke4QM1QoyenMOwf446krQkJPK0\nk+9nl6Xszby5gGCbK4BNFk8I6RaGPjZWeRx6zGUJf8avWJiPxx6yjz2esSC9RiR0\nF0nmiiefVMyAfgv2/5++dK2WUFNNRKLgSRRpP5bRaD5wMzzxtSSXrUon6217HO8p\n3RoWsI51MbVzhdVgpHUNABcoa0rpr9svT6XLKZxY8mxpKFYjM0Wv2JIDABg3kBvh\nQbJ7kStCO3naZjKMU9UuSqVJs06cflGYw7Or8/tABR3LErNQKPjkhAQqt0DXw7Iw\n3tKdTAJBAoGBAP687U7JAOqQkcphek2E/A/sbO/d37ix7Z3vNOy065STrA+ZWMZn\npZ6Ui1B/oJpoZssnfvIoz9sn559X0j67TljFALFd2ZGS0Fqh9KVCqDvfk+Vst1dq\n+3r/yZdTOyswoccxkJiC/GDwZGK0amJWqvob39JCZhDAKIGLbGMmjdAHAoGBAN5k\nm1WGnni1nZ+3dryIwgB6z1hWcnLTamzSET6KhSuo946ET0IRG9xtlheCx6dqICbr\nVk1Y4NtRZjK/p/YGx59rDWf7E3I8ZMgR7mjieOcUZ4lUlA4l7ZIlW/2WZHW+nUXO\nTi20fqJ8qSp4BUvOvuth1pz2GLUHe2/Fxjf7HIstAoGBAPHpPr9r+TfIlPsJeRj2\n6lzA3G8qWFRQfGRYjv0fjv0pA+RIb1rzgP/I90g5+63G6Z+R4WdcxI/OJJNY1iuG\nuw9n/pFxm7U4JC990BPE6nj5iLz+clpNGYckNDBF9VG9vFSrSDLdaYkxoVNvG/xJ\na9Na90H4lm7f3VewrPy310KvAoGAZr+mwNoEh5Kpc6xo8Gxi7aPP/mlaUVD6X7Ki\ngvmu02AqmC7rC4QqEiqTaONkaSXwGusqIWxJ3yp5hELmUBYLzszAEeV/s4zRp1oZ\ng133LBRSTbHFAdBmNdqK6Nu+KGRb92980UMOKvZbliKDl+W6cbfvVu+gtKrzTc3b\naevb4TUCgYEAnJAxyVYDP1nJf7bjBSHXQu1E/DMwbtrqw7dylRJ8cAzI7IxfSCez\n7BYWq41PqVd9/zrb3Pbh2phiVzKe783igAIMqummcjo/kZyCwFsYBzK77max1jF5\naPQsLbRS2aDz8kIH6jHPZ/R+15EROmdtLmA7vIJZGerWWQR0dUU+XXA=\n
\u5c06\u79c1\u94a5\u5185\u5bb9\u590d\u5236\u540e\u586b\u81f3\u754c\u9762\u5bc6\u94a5\u8f93\u5165\u6846\u3002
\u5728\u521b\u5efa\u96c6\u7fa4\u6216\u4e3a\u5df2\u6709\u96c6\u7fa4\u6dfb\u52a0\u8282\u70b9\u65f6\uff0c\u8bf7\u53c2\u9605\u4e0b\u8868\uff0c\u68c0\u67e5\u8282\u70b9\u914d\u7f6e\uff0c\u4ee5\u907f\u514d\u56e0\u8282\u70b9\u914d\u7f6e\u9519\u8bef\u5bfc\u81f4\u96c6\u7fa4\u521b\u5efa\u6216\u6269\u5bb9\u5931\u8d25\u3002
\u68c0\u67e5\u9879 \u63cf\u8ff0 \u64cd\u4f5c\u7cfb\u7edf \u53c2\u8003\u652f\u6301\u7684\u67b6\u6784\u53ca\u64cd\u4f5c\u7cfb\u7edf SELinux \u5173\u95ed \u9632\u706b\u5899 \u5173\u95ed \u67b6\u6784\u4e00\u81f4\u6027 \u8282\u70b9\u95f4 CPU \u67b6\u6784\u4e00\u81f4\uff08\u5982\u5747\u4e3a ARM \u6216 x86\uff09 \u4e3b\u673a\u65f6\u95f4 \u6240\u6709\u4e3b\u673a\u95f4\u540c\u6b65\u8bef\u5dee\u5c0f\u4e8e 10 \u79d2\u3002 \u7f51\u7edc\u8054\u901a\u6027 \u8282\u70b9\u53ca\u5176 SSH \u7aef\u53e3\u80fd\u591f\u6b63\u5e38\u88ab\u5e73\u53f0\u8bbf\u95ee\u3002 CPU \u53ef\u7528 CPU \u8d44\u6e90\u5927\u4e8e 4 Core \u5185\u5b58 \u53ef\u7528\u5185\u5b58\u8d44\u6e90\u5927\u4e8e 8 GB"},{"location":"admin/kpanda/nodes/node-check.html#_2","title":"\u652f\u6301\u7684\u67b6\u6784\u53ca\u64cd\u4f5c\u7cfb\u7edf","text":"\u67b6\u6784 \u64cd\u4f5c\u7cfb\u7edf \u5907\u6ce8 ARM Kylin Linux Advanced Server release V10 (Sword) SP2 \u63a8\u8350 ARM UOS Linux ARM openEuler x86 CentOS 7.x \u63a8\u8350 x86 Redhat 7.x \u63a8\u8350 x86 Redhat 8.x \u63a8\u8350 x86 Flatcar Container Linux by Kinvolk x86 Debian Bullseye, Buster, Jessie, Stretch x86 Ubuntu 16.04, 18.04, 20.04, 22.04 x86 Fedora 35, 36 x86 Fedora CoreOS x86 openSUSE Leap 15.x/Tumbleweed x86 Oracle Linux 7, 8, 9 x86 Alma Linux 8, 9 x86 Rocky Linux 8, 9 x86 Amazon Linux 2 x86 Kylin Linux Advanced Server release V10 (Sword) - SP2 \u6d77\u5149 x86 UOS Linux x86 openEuler"},{"location":"admin/kpanda/nodes/node-details.html","title":"\u8282\u70b9\u8be6\u60c5","text":"\u63a5\u5165\u6216\u521b\u5efa\u96c6\u7fa4\u4e4b\u540e\uff0c\u53ef\u4ee5\u67e5\u770b\u96c6\u7fa4\u4e2d\u5404\u4e2a\u8282\u70b9\u7684\u4fe1\u606f\uff0c\u5305\u62ec\u8282\u70b9\u72b6\u6001\u3001\u6807\u7b7e\u3001\u8d44\u6e90\u7528\u91cf\u3001Pod\u3001\u76d1\u63a7\u4fe1\u606f\u7b49\u3002
\u5728 \u96c6\u7fa4\u5217\u8868 \u9875\u9762\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u8282\u70b9\u7ba1\u7406 \uff0c\u53ef\u4ee5\u67e5\u770b\u8282\u70b9\u72b6\u6001\u3001\u89d2\u8272\u3001\u6807\u7b7e\u3001CPU/\u5185\u5b58\u4f7f\u7528\u60c5\u51b5\u3001IP \u5730\u5740\u3001\u521b\u5efa\u65f6\u95f4\u3002
\u70b9\u51fb\u8282\u70b9\u540d\u79f0\uff0c\u53ef\u4ee5\u8fdb\u5165\u8282\u70b9\u8be6\u60c5\u9875\u9762\u67e5\u770b\u66f4\u591a\u4fe1\u606f\uff0c\u5305\u62ec\u6982\u89c8\u4fe1\u606f\u3001\u5bb9\u5668\u7ec4\u4fe1\u606f\u3001\u6807\u7b7e\u6ce8\u89e3\u4fe1\u606f\u3001\u4e8b\u4ef6\u5217\u8868\u3001\u72b6\u6001\u7b49\u3002
\u6b64\u5916\uff0c\u8fd8\u53ef\u4ee5\u67e5\u770b\u8282\u70b9\u7684 YAML \u6587\u4ef6\u3001\u76d1\u63a7\u4fe1\u606f\u3001\u6807\u7b7e\u548c\u6ce8\u89e3\u7b49\u3002
\u652f\u6301\u5c06\u8282\u70b9\u6682\u505c\u8c03\u5ea6\u6216\u6062\u590d\u8c03\u5ea6\u3002\u6682\u505c\u8c03\u5ea6\u6307\uff0c\u505c\u6b62\u5c06 Pod \u8c03\u5ea6\u5230\u8be5\u8282\u70b9\u3002\u6062\u590d\u8c03\u5ea6\u6307\uff0c\u53ef\u4ee5\u5c06 Pod \u8c03\u5ea6\u5230\u8be5\u8282\u70b9\u3002
\u5728 \u96c6\u7fa4\u5217\u8868 \u9875\u9762\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u8282\u70b9\u7ba1\u7406 \uff0c\u5728\u8282\u70b9\u53f3\u4fa7\u70b9\u51fb \u2507 \u64cd\u4f5c\u56fe\u6807\uff0c\u70b9\u51fb \u6682\u505c\u8c03\u5ea6 \u6309\u94ae\u5373\u53ef\u6682\u505c\u8c03\u5ea6\u8be5\u8282\u70b9\u3002
\u5728\u8282\u70b9\u53f3\u4fa7\u70b9\u51fb \u2507 \u64cd\u4f5c\u56fe\u6807\uff0c\u70b9\u51fb \u6062\u590d\u8c03\u5ea6 \u6309\u94ae\u5373\u53ef\u6062\u590d\u8c03\u5ea6\u8be5\u8282\u70b9\u3002
\u8282\u70b9\u8c03\u5ea6\u72b6\u6001\u53ef\u80fd\u56e0\u7f51\u7edc\u60c5\u51b5\u6709\u6240\u5ef6\u8fdf\uff0c\u70b9\u51fb\u641c\u7d22\u6846\u53f3\u4fa7\u7684\u5237\u65b0\u56fe\u6807\u53ef\u4ee5\u5237\u65b0\u8282\u70b9\u8c03\u5ea6\u72b6\u6001\u3002
"},{"location":"admin/kpanda/nodes/taints.html","title":"\u8282\u70b9\u6c61\u70b9\u7ba1\u7406","text":"\u6c61\u70b9 (Taint) \u80fd\u591f\u4f7f\u8282\u70b9\u6392\u65a5\u67d0\u4e00\u7c7b Pod\uff0c\u907f\u514d Pod \u88ab\u8c03\u5ea6\u5230\u8be5\u8282\u70b9\u4e0a\u3002 \u6bcf\u4e2a\u8282\u70b9\u4e0a\u53ef\u4ee5\u5e94\u7528\u4e00\u4e2a\u6216\u591a\u4e2a\u6c61\u70b9\uff0c\u4e0d\u80fd\u5bb9\u5fcd\u8fd9\u4e9b\u6c61\u70b9\u7684 Pod \u5219\u4e0d\u4f1a\u88ab\u8c03\u5ea6\u8be5\u8282\u70b9\u4e0a\u3002
"},{"location":"admin/kpanda/nodes/taints.html#_2","title":"\u6ce8\u610f\u4e8b\u9879","text":"\u5728 \u96c6\u7fa4\u5217\u8868 \u9875\u627e\u5230\u76ee\u6807\u96c6\u7fa4\uff0c\u70b9\u51fb\u96c6\u7fa4\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u6982\u89c8 \u9875\u9762\u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\uff0c\u70b9\u51fb \u8282\u70b9\u7ba1\u7406 \uff0c\u627e\u5230\u9700\u8981\u4fee\u6539\u6c61\u70b9\u7684\u8282\u70b9\uff0c\u70b9\u51fb\u53f3\u4fa7\u7684 \u2507 \u64cd\u4f5c\u56fe\u6807\u5e76\u70b9\u51fb \u4fee\u6539\u6c61\u70b9 \u6309\u94ae\u3002
\u5728\u5f39\u6846\u5185\u8f93\u5165\u6c61\u70b9\u7684\u952e\u503c\u4fe1\u606f\uff0c\u9009\u62e9\u6c61\u70b9\u6548\u679c\uff0c\u70b9\u51fb \u786e\u5b9a \u3002
\u70b9\u51fb \u2795 \u6dfb\u52a0 \u53ef\u4ee5\u4e3a\u8282\u70b9\u6dfb\u52a0\u591a\u4e2a\u6c61\u70b9\uff0c\u70b9\u51fb\u6c61\u70b9\u6548\u679c\u53f3\u4fa7\u7684 X \u53ef\u4ee5\u5220\u9664\u6c61\u70b9\u3002
\u76ee\u524d\u652f\u6301\u4e09\u79cd\u6c61\u70b9\u6548\u679c\uff1a
NoSchedule
\uff1a\u65b0\u7684 Pod \u4e0d\u4f1a\u88ab\u8c03\u5ea6\u5230\u5e26\u6709\u6b64\u6c61\u70b9\u7684\u8282\u70b9\u4e0a\uff0c\u9664\u975e\u65b0\u7684 Pod \u5177\u6709\u76f8\u5339\u914d\u7684\u5bb9\u5fcd\u5ea6\u3002\u5f53\u524d\u6b63\u5728\u8282\u70b9\u4e0a\u8fd0\u884c\u7684 Pod \u4e0d\u4f1a \u88ab\u9a71\u9010\u3002NoExecute
\uff1a\u8fd9\u4f1a\u5f71\u54cd\u5df2\u5728\u8282\u70b9\u4e0a\u8fd0\u884c\u7684 Pod\uff1atolerationSeconds
\uff0c\u5219 Pod \u8fd8\u4f1a\u4e00\u76f4\u5728\u8fd9\u4e2a\u8282\u70b9\u4e0a\u8fd0\u884c\u3002tolerationSeconds
\uff0c\u5219 Pod \u8fd8\u80fd\u5728\u8fd9\u4e2a\u8282\u70b9\u4e0a\u7ee7\u7eed\u8fd0\u884c\u6307\u5b9a\u7684\u65f6\u957f\u3002\u8fd9\u6bb5\u65f6\u95f4\u8fc7\u53bb\u540e\uff0c\u518d\u4ece\u8282\u70b9\u4e0a\u9a71\u9664\u8fd9\u4e9b Pod\u3002PreferNoSchedule
\uff1a\u8fd9\u662f\u201c\u8f6f\u6027\u201d\u7684 NoSchedule
\u3002\u63a7\u5236\u5e73\u9762\u5c06**\u5c1d\u8bd5**\u907f\u514d\u5c06\u4e0d\u5bb9\u5fcd\u6b64\u6c61\u70b9\u7684 Pod \u8c03\u5ea6\u5230\u8282\u70b9\u4e0a\uff0c\u4f46\u4e0d\u80fd\u4fdd\u8bc1\u5b8c\u5168\u907f\u514d\u3002\u6240\u4ee5\u8981\u5c3d\u91cf\u907f\u514d\u4f7f\u7528\u6b64\u6c61\u70b9\u3002\u6709\u5173\u6c61\u70b9\u7684\u66f4\u591a\u8be6\u60c5\uff0c\u8bf7\u53c2\u9605 Kubernetes \u5b98\u65b9\u6587\u6863\uff1a\u6c61\u70b9\u548c\u5bb9\u5fcd\u5ea6\u3002
"},{"location":"admin/kpanda/olm/import-miniooperator.html","title":"\u5bfc\u5165\u79bb\u7ebf MinIo Operator","text":"\u672c\u6587\u5c06\u4ecb\u7ecd\u5728\u79bb\u7ebf\u73af\u5883\u4e0b\u5982\u4f55\u5bfc\u5165 MinIo Operator\u3002
"},{"location":"admin/kpanda/olm/import-miniooperator.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u5728\u6267\u884c\u73af\u5883\u4e2d\u8bbe\u7f6e\u73af\u5883\u53d8\u91cf\u5e76\u5728\u540e\u7eed\u6b65\u9aa4\u4f7f\u7528\uff0c\u6267\u884c\u547d\u4ee4\uff1a
export OPM_IMG=10.5.14.200/quay.m.daocloud.io/operator-framework/opm:v1.29.0 \nexport BUNDLE_IMG=10.5.14.200/quay.m.daocloud.io/operatorhubio/minio-operator:v5.0.3 \n
\u5982\u4f55\u83b7\u53d6\u4e0a\u8ff0\u955c\u50cf\u5730\u5740\uff1a
\u524d\u5f80 \u5bb9\u5668\u7ba1\u7406 -> \u9009\u62e9\u5f53\u524d\u96c6\u7fa4 -> helm \u5e94\u7528 -> \u67e5\u770b olm \u7ec4\u4ef6 -> \u63d2\u4ef6\u8bbe\u7f6e \uff0c\u627e\u5230\u540e\u7eed\u6b65\u9aa4\u6240\u9700 opm\uff0cminio\uff0cminio bundle\uff0cminio operator \u7684\u955c\u50cf\u3002
\u4ee5\u4e0a\u8bc9\u622a\u56fe\u4e3a\u4f8b\uff0c\u5219\u56db\u4e2a\u955c\u50cf\u5730\u5740\u5982\u4e0b\n\n# opm \u955c\u50cf \n10.5.14.200/quay.m.daocloud.io/operator-framework/opm:v1.29.0\n\n# minio \u955c\u50cf\n10.5.14.200/quay.m.daocloud.io/minio/minio:RELEASE.2023-03-24T21-41-23Z\n\n# minio bundle \u955c\u50cf\n10.5.14.200/quay.m.daocloud.io/operatorhubio/minio-operator:v5.0.3\n\n# minio operator \u955c\u50cf \n10.5.14.200/quay.m.daocloud.io/minio/operator:v5.0.3\n
\u6267\u884c opm \u547d\u4ee4\u83b7\u53d6\u79bb\u7ebf bundle \u955c\u50cf\u5305\u542b\u7684 operator\u3002
# \u521b\u5efa operator \u5b58\u653e\u76ee\u5f55\n$ mkdir minio-operator && cd minio-operator \n\n# \u83b7\u53d6 operator yaml \n$ docker run --user root -v $PWD/minio-operator:/minio-operator ${OPM_IMG} alpha bundle unpack --skip-tls-verify -v -d ${BUNDLE_IMG} -o ./minio-operator\n\n# \u9884\u671f\u7ed3\u679c\n.\n\u2514\u2500\u2500 minio-operator\n \u251c\u2500\u2500 manifests\n \u2502\u00a0\u00a0 \u251c\u2500\u2500 console-env_v1_configmap.yaml\n \u2502\u00a0\u00a0 \u251c\u2500\u2500 console-sa-secret_v1_secret.yaml\n \u2502\u00a0\u00a0 \u251c\u2500\u2500 console_v1_service.yaml\n \u2502\u00a0\u00a0 \u251c\u2500\u2500 minio-operator.clusterserviceversion.yaml\n \u2502\u00a0\u00a0 \u251c\u2500\u2500 minio.min.io_tenants.yaml\n \u2502\u00a0\u00a0 \u251c\u2500\u2500 operator_v1_service.yaml\n \u2502\u00a0\u00a0 \u251c\u2500\u2500 sts.min.io_policybindings.yaml\n \u2502\u00a0\u00a0 \u2514\u2500\u2500 sts_v1_service.yaml\n \u2514\u2500\u2500 metadata\n \u2514\u2500\u2500 annotations.yaml\n\n3 directories, 9 files\n
\u66ff\u6362\u00a0 minio-operator/manifests/minio-operator.clusterserviceversion.yaml\u00a0 \u6587\u4ef6\u4e2d\u7684\u6240\u6709\u955c\u50cf\u5730\u5740\u4e3a\u79bb\u7ebf\u955c\u50cf\u4ed3\u5e93\u5730\u5740\u955c\u50cf\u3002
\u66ff\u6362\u524d\uff1a
\u66ff\u6362\u540e\uff1a
\u751f\u6210\u6784\u5efa bundle \u955c\u50cf\u7684 Dockerfile
$ docker run --user root -v $PWD:/minio-operator -w /minio-operator ${OPM_IMG} alpha bundle generate --channels stable,beta -d /minio-operator/minio-operator/manifests -e stable -p minio-operator \u00a0\n\n# \u9884\u671f\u7ed3\u679c\n.\n\u251c\u2500\u2500 bundle.Dockerfile\n\u2514\u2500\u2500 minio-operator\n \u251c\u2500\u2500 manifests\n \u2502\u00a0\u00a0 \u251c\u2500\u2500 console-env_v1_configmap.yaml\n \u2502\u00a0\u00a0 \u251c\u2500\u2500 console-sa-secret_v1_secret.yaml\n \u2502\u00a0\u00a0 \u251c\u2500\u2500 console_v1_service.yaml\n \u2502\u00a0\u00a0 \u251c\u2500\u2500 minio-operator.clusterserviceversion.yaml\n \u2502\u00a0\u00a0 \u251c\u2500\u2500 minio.min.io_tenants.yaml\n \u2502\u00a0\u00a0 \u251c\u2500\u2500 operator_v1_service.yaml\n \u2502\u00a0\u00a0 \u251c\u2500\u2500 sts.min.io_policybindings.yaml\n \u2502\u00a0\u00a0 \u2514\u2500\u2500 sts_v1_service.yaml\n \u2514\u2500\u2500 metadata\n \u2514\u2500\u2500 annotations.yaml\n\n3 directories, 10 files\n
\u6267\u884c\u6784\u5efa\u547d\u4ee4\uff0c\u6784\u5efa bundle \u955c\u50cf\u4e14\u63a8\u9001\u5230\u79bb\u7ebf registry\u3002
# \u8bbe\u7f6e\u65b0\u7684 bundle image \nexport OFFLINE_BUNDLE_IMG=10.5.14.200/quay.m.daocloud.io/operatorhubio/minio-operator:v5.0.3-offline \n\n$ docker build . -f bundle.Dockerfile -t ${OFFLINE_BUNDLE_IMG} \u00a0\n\n$ docker push ${OFFLINE_BUNDLE_IMG}\n
\u751f\u6210\u6784\u5efa catalog \u955c\u50cf\u7684 Dockerfile\u3002
$ docker run --user root -v $PWD:/minio-operator -w /minio-operator ${OPM_IMG} index add --bundles ${OFFLINE_BUNDLE_IMG} --generate --binary-image ${OPM_IMG} --skip-tls-verify\n\n# \u9884\u671f\u7ed3\u679c\n.\n\u251c\u2500\u2500 bundle.Dockerfile\n\u251c\u2500\u2500 database\n\u2502\u00a0\u00a0 \u2514\u2500\u2500 index.db\n\u251c\u2500\u2500 index.Dockerfile\n\u2514\u2500\u2500 minio-operator\n \u251c\u2500\u2500 manifests\n \u2502\u00a0\u00a0 \u251c\u2500\u2500 console-env_v1_configmap.yaml\n \u2502\u00a0\u00a0 \u251c\u2500\u2500 console-sa-secret_v1_secret.yaml\n \u2502\u00a0\u00a0 \u251c\u2500\u2500 console_v1_service.yaml\n \u2502\u00a0\u00a0 \u251c\u2500\u2500 minio.min.io_tenants.yaml\n \u2502\u00a0\u00a0 \u251c\u2500\u2500 minio-operator.clusterserviceversion.yaml\n \u2502\u00a0\u00a0 \u251c\u2500\u2500 operator_v1_service.yaml\n \u2502\u00a0\u00a0 \u251c\u2500\u2500 sts.min.io_policybindings.yaml\n \u2502\u00a0\u00a0 \u2514\u2500\u2500 sts_v1_service.yaml\n \u2514\u2500\u2500 metadata\n \u2514\u2500\u2500 annotations.yaml\n\n4 directories, 12 files\n
\u6784\u5efa catalog \u955c\u50cf
# \u8bbe\u7f6e\u65b0\u7684 catalog image \nexport OFFLINE_CATALOG_IMG=10.5.14.200/release.daocloud.io/operator-framework/system-operator-index:v0.1.0-offline\n\n$ docker build . -f index.Dockerfile -t ${OFFLINE_CATALOG_IMG} \n\n$ docker push ${OFFLINE_CATALOG_IMG}\n
\u524d\u5f80\u5bb9\u5668\u7ba1\u7406\uff0c\u66f4\u65b0 helm \u5e94\u7528 olm \u7684\u5185\u7f6e catsrc \u955c\u50cf\uff08\u586b\u5199\u6784\u5efa catalog \u955c\u50cf\u6307\u5b9a\u7684 ${catalog-image} \u5373\u53ef\uff09
\u66f4\u65b0\u6210\u529f\u540e\uff0cOperator Hub \u4e2d\u4f1a\u51fa\u73b0 minio-operator \u7ec4\u4ef6
\u5bb9\u5668\u7ba1\u7406\u57fa\u4e8e\u5168\u5c40\u6743\u9650\u7ba1\u7406\u53ca\u5168\u5c40\u7528\u6237/\u7528\u6237\u7ec4\u7ba1\u7406\u5b9e\u73b0\u6388\u6743\uff0c\u5982\u9700\u4e3a\u7528\u6237\u6388\u4e88\u5bb9\u5668\u7ba1\u7406\u7684\u6700\u9ad8\u6743\u9650\uff08\u53ef\u4ee5\u521b\u5efa\u3001\u7ba1\u7406\u3001\u5220\u9664\u6240\u6709\u96c6\u7fa4\uff09\uff0c\u8bf7\u53c2\u89c1\u4ec0\u4e48\u662f\u7528\u6237\u4e0e\u8bbf\u95ee\u63a7\u5236\u3002
"},{"location":"admin/kpanda/permissions/cluster-ns-auth.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u7ed9\u7528\u6237/\u7528\u6237\u7ec4\u6388\u6743\u4e4b\u524d\uff0c\u8bf7\u5b8c\u6210\u5982\u4e0b\u51c6\u5907\uff1a
\u5df2\u5728\u5168\u5c40\u7ba1\u7406\u4e2d\u521b\u5efa\u4e86\u5f85\u6388\u6743\u7684\u7528\u6237/\u7528\u6237\u7ec4\uff0c\u8bf7\u53c2\u8003\u7528\u6237\u3002
\u4ec5 Kpanda Owner \u53ca\u5f53\u524d\u96c6\u7fa4\u7684 Cluster Admin \u5177\u5907\u96c6\u7fa4\u6388\u6743\u80fd\u529b\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u6743\u9650\u8bf4\u660e\u3002
\u4ec5 Kpanda Owner\u3001\u5f53\u524d\u96c6\u7fa4\u7684 Cluster Admin\uff0c\u5f53\u524d\u547d\u540d\u7a7a\u95f4\u7684 NS Admin \u5177\u5907\u547d\u540d\u7a7a\u95f4\u6388\u6743\u80fd\u529b\u3002
\u7528\u6237\u767b\u5f55\u5e73\u53f0\u540e\uff0c\u70b9\u51fb\u5de6\u4fa7\u83dc\u5355\u680f \u5bb9\u5668\u7ba1\u7406 \u4e0b\u7684 \u6743\u9650\u7ba1\u7406 \uff0c\u9ed8\u8ba4\u4f4d\u4e8e \u96c6\u7fa4\u6743\u9650 \u9875\u7b7e\u3002
\u70b9\u51fb \u6dfb\u52a0\u6388\u6743 \u6309\u94ae\u3002
\u5728 \u6dfb\u52a0\u96c6\u7fa4\u6743\u9650 \u9875\u9762\u4e2d\uff0c\u9009\u62e9\u76ee\u6807\u96c6\u7fa4\u3001\u5f85\u6388\u6743\u7684\u7528\u6237/\u7528\u6237\u7ec4\u540e\uff0c\u70b9\u51fb \u786e\u5b9a \u3002
\u76ee\u524d\u4ec5\u652f\u6301\u7684\u96c6\u7fa4\u89d2\u8272\u4e3a Cluster Admin \uff0c\u8be6\u60c5\u6743\u9650\u53ef\u53c2\u8003\u6743\u9650\u8bf4\u660e\u3002\u5982\u9700\u8981\u7ed9\u591a\u4e2a\u7528\u6237/\u7528\u6237\u7ec4\u540c\u65f6\u8fdb\u884c\u6388\u6743\uff0c \u53ef\u70b9\u51fb \u6dfb\u52a0\u7528\u6237\u6743\u9650 \u8fdb\u884c\u591a\u6b21\u6dfb\u52a0\u3002
\u8fd4\u56de\u96c6\u7fa4\u6743\u9650\u7ba1\u7406\u9875\u9762\uff0c\u5c4f\u5e55\u51fa\u73b0\u6d88\u606f\uff1a \u6dfb\u52a0\u96c6\u7fa4\u6743\u9650\u6210\u529f \u3002
\u7528\u6237\u767b\u5f55\u5e73\u53f0\u540e\uff0c\u70b9\u51fb\u5de6\u4fa7\u83dc\u5355\u680f \u5bb9\u5668\u7ba1\u7406 \u4e0b\u7684 \u6743\u9650\u7ba1\u7406 \uff0c\u70b9\u51fb \u547d\u540d\u7a7a\u95f4\u6743\u9650 \u9875\u7b7e\u3002
\u70b9\u51fb \u6dfb\u52a0\u6388\u6743 \u6309\u94ae\u3002\u5728 \u6dfb\u52a0\u547d\u540d\u7a7a\u95f4\u6743\u9650 \u9875\u9762\u4e2d\uff0c\u9009\u62e9\u76ee\u6807\u96c6\u7fa4\u3001\u76ee\u6807\u547d\u540d\u7a7a\u95f4\uff0c\u4ee5\u53ca\u5f85\u6388\u6743\u7684\u7528\u6237/\u7528\u6237\u7ec4\u540e\uff0c\u70b9\u51fb \u786e\u5b9a \u3002
\u76ee\u524d\u652f\u6301\u7684\u547d\u540d\u7a7a\u95f4\u89d2\u8272\u4e3a NS Admin\u3001NS Editor\u3001NS Viewer\uff0c\u8be6\u60c5\u6743\u9650\u53ef\u53c2\u8003\u6743\u9650\u8bf4\u660e\u3002\u5982\u9700\u7ed9\u591a\u4e2a\u7528\u6237/\u7528\u6237\u7ec4\u540c\u65f6\u8fdb\u884c\u6388\u6743\uff0c\u53ef\u70b9\u51fb \u6dfb\u52a0\u7528\u6237\u6743\u9650 \u8fdb\u884c\u591a\u6b21\u6dfb\u52a0\u3002\u70b9\u51fb \u786e\u5b9a \u5b8c\u6210\u6743\u9650\u6388\u6743\u3002
\u8fd4\u56de\u547d\u540d\u7a7a\u95f4\u6743\u9650\u7ba1\u7406\u9875\u9762\uff0c\u5c4f\u5e55\u51fa\u73b0\u6d88\u606f\uff1a \u6dfb\u52a0\u96c6\u7fa4\u6743\u9650\u6210\u529f \u3002
Tip
\u540e\u7eed\u5982\u9700\u5220\u9664\u6216\u7f16\u8f91\u6743\u9650\uff0c\u53ef\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507 \uff0c\u9009\u62e9 \u7f16\u8f91 \u6216 \u5220\u9664 \u3002
\u8fc7\u53bb Kpanda \u5185\u7f6e\u89d2\u8272\u7684\u6743\u9650\u70b9\uff08rbac rules\uff09\u90fd\u662f\u63d0\u524d\u9884\u5b9a\u4e49\u597d\u7684\u4e14\u7528\u6237\u65e0\u6cd5\u4fee\u6539\uff0c\u56e0\u4e3a\u4ee5\u524d\u4fee\u6539\u5185\u7f6e\u89d2\u8272\u7684\u6743\u9650\u70b9\u4e4b\u540e\u4e5f\u4f1a\u88ab Kpanda \u63a7\u5236\u5668\u8fd8\u539f\u6210\u9884\u5b9a\u4e49\u7684\u6743\u9650\u70b9\u3002 \u4e3a\u4e86\u652f\u6301\u66f4\u52a0\u7075\u6d3b\u7684\u6743\u9650\u914d\u7f6e\uff0c\u6ee1\u8db3\u5bf9\u7cfb\u7edf\u89d2\u8272\u7684\u81ea\u5b9a\u4e49\u9700\u6c42\uff0c\u76ee\u524d Kpanda \u652f\u6301\u4e3a\u5185\u7f6e\u7cfb\u7edf\u89d2\u8272\uff08cluster admin\u3001ns admin\u3001ns editor\u3001ns viewer\uff09\u4fee\u6539\u6743\u9650\u70b9\u3002 \u4ee5\u4e0b\u793a\u4f8b\u6f14\u793a\u5982\u4f55\u65b0\u589e ns-viewer \u6743\u9650\u70b9\uff0c\u5c1d\u8bd5\u589e\u52a0\u53ef\u4ee5\u5220\u9664 Deployment \u7684\u6743\u9650\u3002\u5176\u4ed6\u6743\u9650\u70b9\u64cd\u4f5c\u7c7b\u4f3c\u3002
"},{"location":"admin/kpanda/permissions/custom-kpanda-role.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"Note
\u53ea\u652f\u6301\u4f7f\u7528\u56fa\u5b9a Label \u7684 ClusterRole \u8ffd\u52a0\u6743\u9650\uff0c\u4e0d\u652f\u6301\u66ff\u6362\u6216\u8005\u5220\u9664\u6743\u9650\uff0c\u4e5f\u4e0d\u80fd\u4f7f\u7528 role \u8ffd\u52a0\u6743\u9650\uff0c\u5185\u7f6e\u89d2\u8272\u8ddf\u7528\u6237\u521b\u5efa\u7684 ClusterRole Label \u5bf9\u5e94\u5173\u7cfb\u5982\u4e0b
cluster-admin: rbac.kpanda.io/role-template-cluster-admin: \"true\"\ncluster-edit: rbac.kpanda.io/role-template-cluster-edit: \"true\"\ncluster-view: rbac.kpanda.io/role-template-cluster-view: \"true\"\nns-admin: rbac.kpanda.io/role-template-ns-admin: \"true\"\nns-edit: rbac.kpanda.io/role-template-ns-edit: \"true\"\nns-view: rbac.kpanda.io/role-template-ns-view: \"true\"\n
\u4f7f\u7528 admin \u6216\u8005 cluster admin \u6743\u9650\u7684\u7528\u6237\u521b\u5efa\u65e0\u72b6\u6001\u8d1f\u8f7d
\u6388\u6743 ns-viewer\uff0c\u7528\u6237\u6709\u8be5 namespace ns-view \u6743\u9650
\u5207\u6362\u767b\u5f55\u7528\u6237\u4e3a ns-viewer\uff0c\u6253\u5f00\u63a7\u5236\u53f0\u83b7\u53d6 ns-viewer \u7528\u6237\u5bf9\u5e94\u7684 token\uff0c\u4f7f\u7528 curl \u8bf7\u6c42\u5220\u9664\u4e0a\u8ff0\u7684 deployment nginx\uff0c\u53d1\u73b0\u65e0\u5220\u9664\u6743\u9650
[root@master-01 ~]# curl -k -X DELETE 'https://${URL}/apis/kpanda.io/v1alpha1/clusters/cluster-member/namespaces/default/deployments/nginx' -H 'authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJOU044MG9BclBRMzUwZ2VVU2ZyNy1xMEREVWY4MmEtZmJqR05uRE1sd1lFIn0.eyJleHAiOjE3MTU3NjY1NzksImlhdCI6MTcxNTY4MDE3OSwiYXV0aF90aW1lIjoxNzE1NjgwMTc3LCJqdGkiOiIxZjI3MzJlNC1jYjFhLTQ4OTktYjBiZC1iN2IxZWY1MzAxNDEiLCJpc3MiOiJodHRwczovLzEwLjYuMjAxLjIwMTozMDE0Ny9hdXRoL3JlYWxtcy9naGlwcG8iLCJhdWQiOiJfX2ludGVybmFsLWdoaXBwbyIsInN1YiI6ImMxZmMxM2ViLTAwZGUtNDFiYS05ZTllLWE5OGU2OGM0MmVmMCIsInR5cCI6IklEIiwiYXpwIjoiX19pbnRlcm5hbC1naGlwcG8iLCJzZXNzaW9uX3N0YXRlIjoiMGJjZWRjZTctMTliYS00NmU1LTkwYmUtOTliMWY2MWEyNzI0IiwiYXRfaGFzaCI6IlJhTHoyQjlKQ2FNc1RrbGVMR3V6blEiLCJhY3IiOiIwIiwic2lkIjoiMGJjZWRjZTctMTliYS00NmU1LTkwYmUtOTliMWY2MWEyNzI0IiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJncm91cHMiOltdLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJucy12aWV3ZXIiLCJsb2NhbGUiOiIifQ.As2ipMjfvzvgONAGlc9RnqOd3zMwAj82VXlcqcR74ZK9tAq3Q4ruQ1a6WuIfqiq8Kq4F77ljwwzYUuunfBli2zhU2II8zyxVhLoCEBu4pBVBd_oJyUycXuNa6HfQGnl36E1M7-_QG8b-_T51wFxxVb5b7SEDE1AvIf54NAlAr-rhDmGRdOK1c9CohQcS00ab52MD3IPiFFZ8_Iljnii-RpXKZoTjdcULJVn_uZNk_SzSUK-7MVWmPBK15m6sNktOMSf0pCObKWRqHd15JSe-2aA2PKBo1jBH3tHbOgZyMPdsLI0QdmEnKB5FiiOeMpwn_oHnT6IjT-BZlB18VkW8rA'\n{\"code\":7,\"message\":\"[RBAC] delete resources(deployments: nginx) is forbidden for user(ns-viewer) in cluster(cluster-member)\",\"details\":[]}[root@master-01 ~]#\n[root@master-01 ~]#\n
\u5728\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4e0a\u521b\u5efa\u5982\u4e0b ClusterRole\uff1a
apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n name: append-ns-view # (1)!\n labels:\n rbac.kpanda.io/role-template-ns-view: \"true\" # (2)!\nrules:\n - apiGroups: [ \"apps\" ]\n resources: [ \"deployments\" ]\n verbs: [ \"delete\" ]\n
\u7b49\u5f85 Kpanda \u63a7\u5236\u5668\u6dfb\u52a0\u7528\u6237\u521b\u5efa\u6743\u9650\u5230\u5185\u7f6e\u89d2\u8272 ns-viewer \u4e2d\uff0c\u53ef\u67e5\u770b\u5bf9\u5e94\u5185\u7f6e\u89d2\u8272\u5982\u662f\u5426\u6709\u4e0a\u4e00\u6b65\u65b0\u589e\u7684\u6743\u9650\u70b9
[root@master-01 ~]# kubectl get clusterrole role-template-ns-view -oyaml|grep deployments -C 10|tail -n 6\n
- apiGroups:\n - apps\n resources:\n - deployments\n verbs:\n - delete\n
\u518d\u6b21\u4f7f\u7528 curl \u8bf7\u6c42\u5220\u9664\u4e0a\u8ff0\u7684 deployment nginx\uff0c\u8fd9\u6b21\u6210\u529f\u5220\u9664\u4e86\u3002\u4e5f\u5c31\u662f\u8bf4\uff0cns-viewer \u6210\u529f\u65b0\u589e\u4e86\u5220\u9664 Deployment \u7684\u6743\u9650\u3002
[root@master-01 ~]# curl -k -X DELETE 'https://${URL}/apis/kpanda.io/v1alpha1/clusters/cluster-member/namespaces/default/deployments/nginx' -H 'authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJOU044MG9BclBRMzUwZ2VVU2ZyNy1xMEREVWY4MmEtZmJqR05uRE1sd1lFIn0.eyJleHAiOjE3MTU3NjY1NzksImlhdCI6MTcxNTY4MDE3OSwiYXV0aF90aW1lIjoxNzE1NjgwMTc3LCJqdGkiOiIxZjI3MzJlNC1jYjFhLTQ4OTktYjBiZC1iN2IxZWY1MzAxNDEiLCJpc3MiOiJodHRwczovLzEwLjYuMjAxLjIwMTozMDE0Ny9hdXRoL3JlYWxtcy9naGlwcG8iLCJhdWQiOiJfX2ludGVybmFsLWdoaXBwbyIsInN1YiI6ImMxZmMxM2ViLTAwZGUtNDFiYS05ZTllLWE5OGU2OGM0MmVmMCIsInR5cCI6IklEIiwiYXpwIjoiX19pbnRlcm5hbC1naGlwcG8iLCJzZXNzaW9uX3N0YXRlIjoiMGJjZWRjZTctMTliYS00NmU1LTkwYmUtOTliMWY2MWEyNzI0IiwiYXRfaGFzaCI6IlJhTHoyQjlKQ2FNc1RrbGVMR3V6blEiLCJhY3IiOiIwIiwic2lkIjoiMGJjZWRjZTctMTliYS00NmU1LTkwYmUtOTliMWY2MWEyNzI0IiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJncm91cHMiOltdLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJucy12aWV3ZXIiLCJsb2NhbGUiOiIifQ.As2ipMjfvzvgONAGlc9RnqOd3zMwAj82VXlcqcR74ZK9tAq3Q4ruQ1a6WuIfqiq8Kq4F77ljwwzYUuunfBli2zhU2II8zyxVhLoCEBu4pBVBd_oJyUycXuNa6HfQGnl36E1M7-_QG8b-_T51wFxxVb5b7SEDE1AvIf54NAlAr-rhDmGRdOK1c9CohQcS00ab52MD3IPiFFZ8_Iljnii-RpXKZoTjdcULJVn_uZNk_SzSUK-7MVWmPBK15m6sNktOMSf0pCObKWRqHd15JSe-2aA2PKBo1jBH3tHbOgZyMPdsLI0QdmEnKB5FiiOeMpwn_oHnT6IjT-BZlB18VkW8rA'\n
\u5bb9\u5668\u7ba1\u7406\u6743\u9650\u57fa\u4e8e\u5168\u5c40\u6743\u9650\u7ba1\u7406\u4ee5\u53ca Kubernetes RBAC \u6743\u9650\u7ba1\u7406\u6253\u9020\u7684\u591a\u7ef4\u5ea6\u6743\u9650\u7ba1\u7406\u4f53\u7cfb\u3002 \u652f\u6301\u96c6\u7fa4\u7ea7\u3001\u547d\u540d\u7a7a\u95f4\u7ea7\u7684\u6743\u9650\u63a7\u5236\uff0c\u5e2e\u52a9\u7528\u6237\u4fbf\u6377\u7075\u6d3b\u5730\u5bf9\u79df\u6237\u4e0b\u7684 IAM \u7528\u6237\u3001\u7528\u6237\u7ec4\uff08\u7528\u6237\u7684\u96c6\u5408\uff09\u8bbe\u5b9a\u4e0d\u540c\u7684\u64cd\u4f5c\u6743\u9650\u3002
"},{"location":"admin/kpanda/permissions/permission-brief.html#_2","title":"\u96c6\u7fa4\u6743\u9650","text":"\u96c6\u7fa4\u6743\u9650\u57fa\u4e8e Kubernetes RBAC \u7684 ClusterRolebinding \u6388\u6743\uff0c\u96c6\u7fa4\u6743\u9650\u8bbe\u7f6e\u53ef\u8ba9\u7528\u6237/\u7528\u6237\u7ec4\u5177\u5907\u96c6\u7fa4\u76f8\u5173\u6743\u9650\u3002 \u76ee\u524d\u7684\u9ed8\u8ba4\u96c6\u7fa4\u89d2\u8272\u4e3a Cluster Admin \uff08\u4e0d\u5177\u5907\u96c6\u7fa4\u7684\u521b\u5efa\u3001\u5220\u9664\u6743\u9650\uff09\u3002
"},{"location":"admin/kpanda/permissions/permission-brief.html#cluster-admin","title":"Cluster Admin","text":"Cluster Admin \u5177\u6709\u4ee5\u4e0b\u6743\u9650\uff1a
\u53ef\u7ba1\u7406\u3001\u7f16\u8f91\u3001\u67e5\u770b\u5bf9\u5e94\u96c6\u7fa4
\u7ba1\u7406\u3001\u7f16\u8f91\u3001\u67e5\u770b \u547d\u540d\u7a7a\u95f4\u4e0b\u7684\u6240\u6709\u5de5\u4f5c\u8d1f\u8f7d\u53ca\u96c6\u7fa4\u5185\u6240\u6709\u8d44\u6e90
\u53ef\u6388\u6743\u7528\u6237\u4e3a\u96c6\u7fa4\u5185\u89d2\u8272 (Cluster Admin\u3001NS Admin\u3001NS Editor\u3001NS Viewer)
\u8be5\u96c6\u7fa4\u89d2\u8272\u7684 YAML \u793a\u4f8b\u5982\u4e0b\uff1a
apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n annotations:\n kpanda.io/creator: system\n creationTimestamp: \"2022-06-16T09:42:49Z\"\n labels:\n iam.kpanda.io/role-template: \"true\"\n name: role-template-cluster-admin\n resourceVersion: \"15168\"\n uid: f8f86d42-d5ef-47aa-b284-097615795076\nrules:\n- apiGroups:\n - '*'\n resources:\n - '*'\n verbs:\n - '*'\n- nonResourceURLs:\n - '*'\n verbs:\n - '*'\n
"},{"location":"admin/kpanda/permissions/permission-brief.html#_3","title":"\u547d\u540d\u7a7a\u95f4\u6743\u9650","text":"\u547d\u540d\u7a7a\u95f4\u6743\u9650\u662f\u57fa\u4e8e Kubernetes RBAC \u80fd\u529b\u7684\u6388\u6743\uff0c\u53ef\u4ee5\u5b9e\u73b0\u4e0d\u540c\u7684\u7528\u6237/\u7528\u6237\u7ec4\u5bf9\u547d\u540d\u7a7a\u95f4\u4e0b\u7684\u8d44\u6e90\u5177\u6709\u4e0d\u540c\u7684\u64cd\u4f5c\u6743\u9650(\u5305\u62ec Kubernetes API \u6743\u9650)\uff0c\u8be6\u60c5\u53ef\u53c2\u8003\uff1aKubernetes RBAC\u3002\u76ee\u524d\u5bb9\u5668\u7ba1\u7406\u7684\u9ed8\u8ba4\u89d2\u8272\u4e3a\uff1aNS Admin\u3001NS Editor\u3001NS Viewer\u3002
"},{"location":"admin/kpanda/permissions/permission-brief.html#ns-admin","title":"NS Admin","text":"NS Admin \u5177\u6709\u4ee5\u4e0b\u6743\u9650\uff1a
\u8be5\u96c6\u7fa4\u89d2\u8272\u7684 YAML \u793a\u4f8b\u5982\u4e0b\uff1a
apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n annotations:\n kpanda.io/creator: system\n creationTimestamp: \"2022-06-16T09:42:49Z\"\n labels:\n iam.kpanda.io/role-template: \"true\"\n name: role-template-ns-admin\n resourceVersion: \"15173\"\n uid: 69f64c7e-70e7-4c7c-a3e0-053f507f2bc3\nrules:\n- apiGroups:\n - '*'\n resources:\n - '*'\n verbs:\n - '*'\n- nonResourceURLs:\n - '*'\n verbs:\n - '*' \n
"},{"location":"admin/kpanda/permissions/permission-brief.html#ns-editor","title":"NS Editor","text":"NS Editor \u5177\u6709\u4ee5\u4e0b\u6743\u9650\uff1a
apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n annotations:\n kpanda.io/creator: system\n creationTimestamp: \"2022-06-16T09:42:50Z\"\n labels:\n iam.kpanda.io/role-template: \"true\"\n name: role-template-ns-edit\n resourceVersion: \"15175\"\n uid: ca9e690e-96c0-4978-8915-6e4c00c748fe\nrules:\n- apiGroups:\n - \"\"\n resources:\n - configmaps\n - endpoints\n - persistentvolumeclaims\n - persistentvolumeclaims/status\n - pods\n - replicationcontrollers\n - replicationcontrollers/scale\n - serviceaccounts\n - services\n - services/status\n verbs:\n - '*'\n- apiGroups:\n - \"\"\n resources:\n - bindings\n - events\n - limitranges\n - namespaces/status\n - pods/log\n - pods/status\n - replicationcontrollers/status\n - resourcequotas\n - resourcequotas/status\n verbs:\n - '*'\n- apiGroups:\n - \"\"\n resources:\n - namespaces\n verbs:\n - '*'\n- apiGroups:\n - apps\n resources:\n - controllerrevisions\n - daemonsets\n - daemonsets/status\n - deployments\n - deployments/scale\n - deployments/status\n - replicasets\n - replicasets/scale\n - replicasets/status\n - statefulsets\n - statefulsets/scale\n - statefulsets/status\n verbs:\n - '*'\n- apiGroups:\n - autoscaling\n resources:\n - horizontalpodautoscalers\n - horizontalpodautoscalers/status\n verbs:\n - '*'\n- apiGroups:\n - batch\n resources:\n - cronjobs\n - cronjobs/status\n - jobs\n - jobs/status\n verbs:\n - '*'\n- apiGroups:\n - extensions\n resources:\n - daemonsets\n - daemonsets/status\n - deployments\n - deployments/scale\n - deployments/status\n - ingresses\n - ingresses/status\n - networkpolicies\n - replicasets\n - replicasets/scale\n - replicasets/status\n - replicationcontrollers/scale\n verbs:\n - '*'\n- apiGroups:\n - policy\n resources:\n - poddisruptionbudgets\n - poddisruptionbudgets/status\n verbs:\n - '*'\n- apiGroups:\n - networking.k8s.io\n resources:\n - ingresses\n - ingresses/status\n - networkpolicies\n verbs:\n - '*' \n
"},{"location":"admin/kpanda/permissions/permission-brief.html#ns-viewer","title":"NS Viewer","text":"NS Viewer \u5177\u6709\u4ee5\u4e0b\u6743\u9650\uff1a
apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n annotations:\n kpanda.io/creator: system\n creationTimestamp: \"2022-06-16T09:42:50Z\"\n labels:\n iam.kpanda.io/role-template: \"true\"\n name: role-template-ns-view\n resourceVersion: \"15183\"\n uid: 853888fd-6ee8-42ac-b91e-63923918baf8\nrules:\n- apiGroups:\n - \"\"\n resources:\n - configmaps\n - endpoints\n - persistentvolumeclaims\n - persistentvolumeclaims/status\n - pods\n - replicationcontrollers\n - replicationcontrollers/scale\n - serviceaccounts\n - services\n - services/status\n verbs:\n - get\n - list\n - watch\n- apiGroups:\n - \"\"\n resources:\n - bindings\n - events\n - limitranges\n - namespaces/status\n - pods/log\n - pods/status\n - replicationcontrollers/status\n - resourcequotas\n - resourcequotas/status\n verbs:\n - get\n - list\n - watch\n- apiGroups:\n - \"\"\n resources:\n - namespaces\n verbs:\n - get\n - list\n - watch\n- apiGroups:\n - apps\n resources:\n - controllerrevisions\n - daemonsets\n - daemonsets/status\n - deployments\n - deployments/scale\n - deployments/status\n - replicasets\n - replicasets/scale\n - replicasets/status\n - statefulsets\n - statefulsets/scale\n - statefulsets/status\n verbs:\n - get\n - list\n - watch\n- apiGroups:\n - autoscaling\n resources:\n - horizontalpodautoscalers\n - horizontalpodautoscalers/status\n verbs:\n - get\n - list\n - watch\n- apiGroups:\n - batch\n resources:\n - cronjobs\n - cronjobs/status\n - jobs\n - jobs/status\n verbs:\n - get\n - list\n - watch\n- apiGroups:\n - extensions\n resources:\n - daemonsets\n - daemonsets/status\n - deployments\n - deployments/scale\n - deployments/status\n - ingresses\n - ingresses/status\n - networkpolicies\n - replicasets\n - replicasets/scale\n - replicasets/status\n - replicationcontrollers/scale\n verbs:\n - get\n - list\n - watch\n- apiGroups:\n - policy\n resources:\n - poddisruptionbudgets\n - poddisruptionbudgets/status\n verbs:\n - get\n - list\n - watch\n- apiGroups:\n - networking.k8s.io\n resources:\n - ingresses\n - ingresses/status\n - networkpolicies\n verbs:\n - get\n - list\n - watch \n
"},{"location":"admin/kpanda/permissions/permission-brief.html#faq","title":"\u6743\u9650 FAQ","text":"\u5168\u5c40\u6743\u9650\u548c\u5bb9\u5668\u7ba1\u7406\u6743\u9650\u7ba1\u7406\u7684\u5173\u7cfb\uff1f
\u7b54\uff1a\u5168\u5c40\u6743\u9650\u4ec5\u6388\u6743\u4e3a\u7c97\u7c92\u5ea6\u6743\u9650\uff0c\u53ef\u7ba1\u7406\u6240\u6709\u96c6\u7fa4\u7684\u521b\u5efa\u3001\u7f16\u8f91\u3001\u5220\u9664\uff1b\u800c\u5bf9\u4e8e\u7ec6\u7c92\u5ea6\u7684\u6743\u9650\uff0c\u5982\u5355\u4e2a\u96c6\u7fa4\u7684\u7ba1\u7406\u6743\u9650\uff0c\u5355\u4e2a\u547d\u540d\u7a7a\u95f4\u7684\u7ba1\u7406\u3001\u7f16\u8f91\u3001\u5220\u9664\u6743\u9650\uff0c\u9700\u8981\u57fa\u4e8e Kubernetes RBAC \u7684\u5bb9\u5668\u7ba1\u7406\u6743\u9650\u8fdb\u884c\u5b9e\u73b0\u3002 \u4e00\u822c\u6743\u9650\u7684\u7528\u6237\u4ec5\u9700\u8981\u5728\u5bb9\u5668\u7ba1\u7406\u4e2d\u8fdb\u884c\u6388\u6743\u5373\u53ef\u3002
\u76ee\u524d\u4ec5\u652f\u6301\u56db\u4e2a\u9ed8\u8ba4\u89d2\u8272\uff0c\u540e\u53f0\u81ea\u5b9a\u4e49\u89d2\u8272\u7684 RoleBinding \u4ee5\u53ca ClusterRoleBinding \uff08Kubernetes \u7ec6\u7c92\u5ea6\u7684 RBAC\uff09\u662f\u5426\u4e5f\u80fd\u751f\u6548\uff1f
\u7b54\uff1a\u76ee\u524d\u81ea\u5b9a\u4e49\u6743\u9650\u6682\u65f6\u65e0\u6cd5\u901a\u8fc7\u56fe\u5f62\u754c\u9762\u8fdb\u884c\u7ba1\u7406\uff0c\u4f46\u662f\u901a\u8fc7 kubectl \u521b\u5efa\u7684\u6743\u9650\u89c4\u5219\u540c\u6837\u80fd\u751f\u6548\u3002
\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u652f\u6301 Pod \u8d44\u6e90\u57fa\u4e8e\u6307\u6807\u8fdb\u884c\u5f39\u6027\u4f38\u7f29\uff08Horizontal Pod Autoscaling, HPA\uff09\u3002 \u7528\u6237\u53ef\u4ee5\u901a\u8fc7\u8bbe\u7f6e CPU \u5229\u7528\u7387\u3001\u5185\u5b58\u7528\u91cf\u53ca\u81ea\u5b9a\u4e49\u6307\u6807\u6307\u6807\u6765\u52a8\u6001\u8c03\u6574 Pod \u8d44\u6e90\u7684\u526f\u672c\u6570\u91cf\u3002 \u4f8b\u5982\uff0c\u4e3a\u5de5\u4f5c\u8d1f\u8f7d\u8bbe\u7f6e\u57fa\u4e8e CPU \u5229\u7528\u7387\u6307\u6807\u5f39\u6027\u4f38\u7f29\u7b56\u7565\u540e\uff0c\u5f53 Pod \u7684 CPU \u5229\u7528\u7387\u8d85\u8fc7/\u4f4e\u4e8e\u60a8\u8bbe\u7f6e\u7684\u6307\u6807\u9600\u503c\uff0c\u5de5\u4f5c\u8d1f\u8f7d\u63a7\u5236\u5668\u5c06\u4f1a\u81ea\u52a8\u589e\u52a0/\u8f83\u5c11 Pod \u526f\u672c\u6570\u3002
\u672c\u6587\u5c06\u4ecb\u7ecd\u5982\u4f55\u4e3a\u5de5\u4f5c\u8d1f\u8f7d\u914d\u7f6e\u57fa\u4e8e\u5185\u7f6e\u6307\u6807\u7684\u5f39\u6027\u4f38\u7f29\u3002
Note
\u7cfb\u7edf\u5185\u7f6e\u4e86 CPU \u548c\u5185\u5b58\u4e24\u79cd\u5f39\u6027\u4f38\u7f29\u6307\u6807\u4ee5\u6ee1\u8db3\u7528\u6237\u7684\u57fa\u7840\u4e1a\u52a1\u4f7f\u7528\u573a\u666f\u3002
"},{"location":"admin/kpanda/scale/create-hpa.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u5728\u4e3a\u5de5\u4f5c\u8d1f\u8f7d\u914d\u7f6e\u5185\u7f6e\u6307\u6807\u5f39\u6027\u4f38\u7f29\u7b56\u7565\u4e4b\u524d\uff0c\u9700\u8981\u6ee1\u8db3\u4ee5\u4e0b\u524d\u63d0\u6761\u4ef6\uff1a
\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u5df2\u63a5\u5165 Kubernetes \u96c6\u7fa4\u6216\u8005\u5df2\u521b\u5efa Kubernetes \u96c6\u7fa4\uff0c\u4e14\u80fd\u591f\u8bbf\u95ee\u96c6\u7fa4\u7684 UI \u754c\u9762\u3002
\u5df2\u5b8c\u6210\u4e00\u4e2a\u547d\u540d\u7a7a\u95f4\u7684\u521b\u5efa\u3001\u65e0\u72b6\u6001\u5de5\u4f5c\u8d1f\u8f7d\u7684\u521b\u5efa\u6216\u6709\u72b6\u6001\u5de5\u4f5c\u8d1f\u8f7d\u7684\u521b\u5efa\u3002
\u5f53\u524d\u64cd\u4f5c\u7528\u6237\u5e94\u5177\u6709 NS Editor \u6216\u66f4\u9ad8\u6743\u9650\uff0c\u8be6\u60c5\u53ef\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u6388\u6743\u3002
\u5df2\u5b8c\u6210 metrics-server \u63d2\u4ef6\u5b89\u88c5 \u3002
\u53c2\u8003\u4ee5\u4e0b\u6b65\u9aa4\uff0c\u4e3a\u5de5\u4f5c\u8d1f\u8f7d\u914d\u7f6e\u5185\u7f6e\u6307\u6807\u5f39\u6027\u4f38\u7f29\u7b56\u7565\u3002
\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u4e0a\u7684 \u96c6\u7fa4\u5217\u8868 \u8fdb\u5165\u96c6\u7fa4\u5217\u8868\u9875\u9762\u3002\u70b9\u51fb\u4e00\u4e2a\u96c6\u7fa4\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u9875\u9762\u3002
\u5728\u96c6\u7fa4\u8be6\u60c5\u9875\u9762\uff0c\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u7684 \u5de5\u4f5c\u8d1f\u8f7d \u8fdb\u5165\u5de5\u4f5c\u8d1f\u8f7d\u5217\u8868\u540e\uff0c\u70b9\u51fb\u4e00\u4e2a\u8d1f\u8f7d\u540d\u79f0\uff0c\u8fdb\u5165 \u5de5\u4f5c\u8d1f\u8f7d\u8be6\u60c5 \u9875\u9762\u3002
\u70b9\u51fb \u5f39\u6027\u4f38\u7f29 \u9875\u7b7e\uff0c\u67e5\u770b\u5f53\u524d\u96c6\u7fa4\u7684\u5f39\u6027\u4f38\u7f29\u914d\u7f6e\u60c5\u51b5\u3002
\u786e\u8ba4\u96c6\u7fa4\u5df2\u5b89\u88c5\u4e86 metrics-server \u63d2\u4ef6\uff0c\u4e14\u63d2\u4ef6\u8fd0\u884c\u72b6\u6001\u4e3a\u6b63\u5e38\u540e\uff0c\u5373\u53ef\u70b9\u51fb \u65b0\u5efa\u4f38\u7f29 \u6309\u94ae\u3002
\u521b\u5efa\u81ea\u5b9a\u4e49\u6307\u6807\u5f39\u6027\u4f38\u7f29\u7b56\u7565\u53c2\u6570\u3002
\u5b8c\u6210\u53c2\u6570\u914d\u7f6e\u540e\uff0c\u70b9\u51fb \u786e\u5b9a \u6309\u94ae\uff0c\u81ea\u52a8\u8fd4\u56de\u5f39\u6027\u4f38\u7f29\u8be6\u60c5\u9875\u9762\u3002\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507 \uff0c\u53ef\u4ee5\u6267\u884c\u7f16\u8f91\u3001\u5220\u9664\u64cd\u4f5c\uff0c\u8fd8\u53ef\u4ee5\u67e5\u770b\u76f8\u5173\u4e8b\u4ef6\u3002
\u5bb9\u5668\u5782\u76f4\u6269\u7f29\u5bb9\u7b56\u7565\uff08Vertical Pod Autoscaler, VPA\uff09\u901a\u8fc7\u76d1\u63a7 Pod \u5728\u4e00\u6bb5\u65f6\u95f4\u5185\u7684\u8d44\u6e90\u7533\u8bf7\u548c\u7528\u91cf\uff0c \u8ba1\u7b97\u51fa\u5bf9\u8be5 Pod \u800c\u8a00\u6700\u9002\u5408\u7684 CPU \u548c\u5185\u5b58\u8bf7\u6c42\u503c\u3002\u4f7f\u7528 VPA \u53ef\u4ee5\u66f4\u52a0\u5408\u7406\u5730\u4e3a\u96c6\u7fa4\u4e0b\u6bcf\u4e2a Pod \u5206\u914d\u8d44\u6e90\uff0c\u63d0\u9ad8\u96c6\u7fa4\u7684\u6574\u4f53\u8d44\u6e90\u5229\u7528\u7387\uff0c\u907f\u514d\u96c6\u7fa4\u8d44\u6e90\u6d6a\u8d39\u3002
\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u652f\u6301\u901a\u8fc7\u5bb9\u5668\u5782\u76f4\u6269\u7f29\u5bb9\u7b56\u7565\uff08Vertical Pod Autoscaler, VPA\uff09\uff0c\u57fa\u4e8e\u6b64\u529f\u80fd\u53ef\u4ee5\u6839\u636e\u5bb9\u5668\u8d44\u6e90\u7684\u4f7f\u7528\u60c5\u51b5\u52a8\u6001\u8c03\u6574 Pod \u8bf7\u6c42\u503c\u3002 \u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u652f\u6301\u901a\u8fc7\u624b\u52a8\u548c\u81ea\u52a8\u4e24\u79cd\u65b9\u5f0f\u6765\u4fee\u6539\u8d44\u6e90\u8bf7\u6c42\u503c\uff0c\u60a8\u53ef\u4ee5\u6839\u636e\u5b9e\u9645\u9700\u8981\u8fdb\u884c\u914d\u7f6e\u3002
\u672c\u6587\u5c06\u4ecb\u7ecd\u5982\u4f55\u4e3a\u5de5\u4f5c\u8d1f\u8f7d\u914d\u7f6e Pod \u5782\u76f4\u4f38\u7f29\u3002
Warning
\u4f7f\u7528 VPA \u4fee\u6539 Pod \u8d44\u6e90\u8bf7\u6c42\u4f1a\u89e6\u53d1 Pod \u91cd\u542f\u3002\u7531\u4e8e Kubernetes \u672c\u8eab\u7684\u9650\u5236\uff0c Pod \u91cd\u542f\u540e\u53ef\u80fd\u4f1a\u88ab\u8c03\u5ea6\u5230\u5176\u5b83\u8282\u70b9\u4e0a\u3002
"},{"location":"admin/kpanda/scale/create-vpa.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u4e3a\u5de5\u4f5c\u8d1f\u8f7d\u914d\u7f6e\u5782\u76f4\u4f38\u7f29\u7b56\u7565\u4e4b\u524d\uff0c\u9700\u8981\u6ee1\u8db3\u4ee5\u4e0b\u524d\u63d0\u6761\u4ef6\uff1a
\u5728\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u4e2d\u63a5\u5165 Kubernetes \u96c6\u7fa4\u6216\u8005\u521b\u5efa Kubernetes \u96c6\u7fa4\uff0c\u4e14\u80fd\u591f\u8bbf\u95ee\u96c6\u7fa4\u7684 UI \u754c\u9762\u3002
\u521b\u5efa\u4e00\u4e2a\u547d\u540d\u7a7a\u95f4\u3001\u7528\u6237\u3001\u65e0\u72b6\u6001\u5de5\u4f5c\u8d1f\u8f7d\u6216\u6709\u72b6\u6001\u5de5\u4f5c\u8d1f\u8f7d\u3002
\u5f53\u524d\u64cd\u4f5c\u7528\u6237\u5e94\u5177\u6709 NS Editor \u6216\u66f4\u9ad8\u6743\u9650\uff0c\u8be6\u60c5\u53ef\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u6388\u6743\u3002
\u5f53\u524d\u96c6\u7fa4\u5df2\u7ecf\u5b89\u88c5 metrics-server \u548c VPA \u63d2\u4ef6\u3002
\u53c2\u8003\u4ee5\u4e0b\u6b65\u9aa4\uff0c\u4e3a\u5de5\u4f5c\u8d1f\u8f7d\u914d\u7f6e\u5185\u7f6e\u6307\u6807\u5f39\u6027\u4f38\u7f29\u7b56\u7565\u3002
\u5728 \u96c6\u7fa4\u5217\u8868 \u4e2d\u627e\u5230\u76ee\u524d\u96c6\u7fa4\uff0c\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u5de5\u4f5c\u8d1f\u8f7d \uff0c\u627e\u5230\u9700\u8981\u521b\u5efa VPA \u7684\u8d1f\u8f7d\uff0c\u70b9\u51fb\u8be5\u8d1f\u8f7d\u7684\u540d\u79f0\u3002
3. \u70b9\u51fb \u5f39\u6027\u4f38\u7f29 \u9875\u7b7e\uff0c\u67e5\u770b\u5f53\u524d\u96c6\u7fa4\u7684\u5f39\u6027\u4f38\u7f29\u914d\u7f6e\uff0c\u786e\u8ba4\u5df2\u7ecf\u5b89\u88c5\u4e86\u76f8\u5173\u63d2\u4ef6\u5e76\u4e14\u63d2\u4ef6\u662f\u5426\u8fd0\u884c\u6b63\u5e38\u3002
\u70b9\u51fb \u65b0\u5efa\u4f38\u7f29 \u6309\u94ae\uff0c\u5e76\u914d\u7f6e VPA \u5782\u76f4\u4f38\u7f29\u7b56\u7565\u53c2\u6570\u3002
\u5b8c\u6210\u53c2\u6570\u914d\u7f6e\u540e\uff0c\u70b9\u51fb \u786e\u5b9a \u6309\u94ae\uff0c\u81ea\u52a8\u8fd4\u56de\u5f39\u6027\u4f38\u7f29\u8be6\u60c5\u9875\u9762\u3002\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507 \uff0c\u53ef\u4ee5\u6267\u884c\u7f16\u8f91\u3001\u5220\u9664\u64cd\u4f5c\u3002
Note
\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c--min-replicas \u7684\u503c\u4e3a 2\u3002\u8868\u793a\u5f53\u526f\u672c\u6570\u5927\u4e8e 1 \u65f6\uff0cVPA \u624d\u4f1a\u751f\u6548\uff0c \u53ef\u4ee5\u901a\u8fc7\u4fee\u6539 updater \u7684 --min-replicas \u53c2\u6570\u503c\u6765\u6539\u53d8\u8fd9\u4e00\u9ed8\u8ba4\u884c\u4e3a\u3002
spec: \n containers: \n - name: updater \n args: \n - \"--min-replicas=2\"\n
"},{"location":"admin/kpanda/scale/custom-hpa.html","title":"\u57fa\u4e8e\u81ea\u5b9a\u4e49\u6307\u6807\u521b\u5efa HPA","text":"\u5f53\u7cfb\u7edf\u5185\u7f6e\u7684 CPU \u548c\u5185\u5b58\u4e24\u79cd\u6307\u6807\u4e0d\u80fd\u6ee1\u8db3\u60a8\u4e1a\u52a1\u7684\u5b9e\u9645\u9700\u6c42\u65f6\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7\u914d\u7f6e ServiceMonitoring \u6765\u6dfb\u52a0\u81ea\u5b9a\u4e49\u6307\u6807\uff0c \u5e76\u57fa\u4e8e\u81ea\u5b9a\u4e49\u6307\u6807\u5b9e\u73b0\u5f39\u6027\u4f38\u7f29\u3002\u672c\u6587\u5c06\u4ecb\u7ecd\u5982\u4f55\u4e3a\u5de5\u4f5c\u8d1f\u8f7d\u914d\u7f6e\u57fa\u4e8e\u81ea\u5b9a\u4e49\u6307\u6807\u8fdb\u884c\u5f39\u6027\u4f38\u7f29\u3002
Note
\u5728\u4e3a\u5de5\u4f5c\u8d1f\u8f7d\u914d\u7f6e\u81ea\u5b9a\u4e49\u6307\u6807\u5f39\u6027\u4f38\u7f29\u7b56\u7565\u4e4b\u524d\uff0c\u9700\u8981\u6ee1\u8db3\u4ee5\u4e0b\u524d\u63d0\u6761\u4ef6\uff1a
\u53c2\u8003\u4ee5\u4e0b\u6b65\u9aa4\uff0c\u4e3a\u5de5\u4f5c\u8d1f\u8f7d\u914d\u7f6e\u6307\u6807\u5f39\u6027\u4f38\u7f29\u7b56\u7565\u3002
\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u4e0a\u7684 \u96c6\u7fa4\u5217\u8868 \u8fdb\u5165\u96c6\u7fa4\u5217\u8868\u9875\u9762\u3002\u70b9\u51fb\u4e00\u4e2a\u96c6\u7fa4\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u9875\u9762\u3002
\u5728\u96c6\u7fa4\u8be6\u60c5\u9875\u9762\uff0c\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u7684 \u5de5\u4f5c\u8d1f\u8f7d \u8fdb\u5165\u5de5\u4f5c\u8d1f\u8f7d\u5217\u8868\u540e\uff0c\u70b9\u51fb\u4e00\u4e2a\u8d1f\u8f7d\u540d\u79f0\uff0c\u8fdb\u5165 \u5de5\u4f5c\u8d1f\u8f7d\u8be6\u60c5 \u9875\u9762\u3002
\u70b9\u51fb \u5f39\u6027\u4f38\u7f29 \u9875\u7b7e\uff0c\u67e5\u770b\u5f53\u524d\u96c6\u7fa4\u7684\u5f39\u6027\u4f38\u7f29\u914d\u7f6e\u60c5\u51b5\u3002
\u786e\u8ba4\u96c6\u7fa4\u5df2\u5b89\u88c5\u4e86 metrics-server \u3001Insight\u3001Prometheus-adapter \u63d2\u4ef6\u4e14\u63d2\u4ef6\u8fd0\u884c\u72b6\u6001\u4e3a\u6b63\u5e38\u540e\uff0c\u5373\u53ef\u70b9\u51fb \u65b0\u5efa\u4f38\u7f29 \u6309\u94ae\u3002
Note
\u5982\u679c\u76f8\u5173\u63d2\u4ef6\u672a\u5b89\u88c5\u6216\u63d2\u4ef6\u5904\u4e8e\u5f02\u5e38\u72b6\u6001\uff0c\u60a8\u5728\u9875\u9762\u4e0a\u5c06\u65e0\u6cd5\u770b\u89c1\u521b\u5efa\u81ea\u5b9a\u4e49\u6307\u6807\u5f39\u6027\u4f38\u7f29\u5165\u53e3\u3002
\u521b\u5efa\u81ea\u5b9a\u4e49\u6307\u6807\u5f39\u6027\u4f38\u7f29\u7b56\u7565\u53c2\u6570\u3002
\u672c\u6848\u4f8b\u4ee5 Golang \u4e1a\u52a1\u7a0b\u5e8f\u4e3a\u4f8b\uff0c\u8be5\u793a\u4f8b\u7a0b\u5e8f\u66b4\u9732\u4e86 httpserver_requests_total
\u6307\u6807\uff0c\u5e76\u8bb0\u5f55 HTTP \u7684\u8bf7\u6c42\uff0c\u901a\u8fc7\u8be5\u6307\u6807\u53ef\u4ee5\u8ba1\u7b97\u51fa\u4e1a\u52a1\u7a0b\u5e8f\u7684 QPS \u503c\u3002
\u4f7f\u7528 Deployment \u90e8\u7f72\u4e1a\u52a1\u7a0b\u5e8f\uff1a
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: httpserver\n namespace: httpserver\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: httpserver\n template:\n metadata:\n labels:\n app: httpserver\n spec:\n containers:\n - name: httpserver\n image: registry.imroc.cc/test/httpserver:custom-metrics\n imagePullPolicy: Always\n---\n\napiVersion: v1\nkind: Service\nmetadata:\n name: httpserver\n namespace: httpserver\n labels:\n app: httpserver\n annotations:\n prometheus.io/scrape: \"true\"\n prometheus.io/path: \"/metrics\"\n prometheus.io/port: \"http\"\nspec:\n type: ClusterIP\n ports:\n - port: 80\n protocol: TCP\n name: http\n selector:\n app: httpserver\n
"},{"location":"admin/kpanda/scale/custom-hpa.html#prometheus","title":"Prometheus \u91c7\u96c6\u4e1a\u52a1\u76d1\u63a7","text":"\u82e5\u5df2\u5b89\u88c5 insight-agent\uff0c\u53ef\u4ee5\u901a\u8fc7\u521b\u5efa ServiceMonitor \u7684 CRD \u5bf9\u8c61\u914d\u7f6e Prometheus\u3002
\u64cd\u4f5c\u6b65\u9aa4\uff1a\u5728 \u96c6\u7fa4\u8be6\u60c5 -> \u81ea\u5b9a\u4e49\u8d44\u6e90 \u641c\u7d22\u201cservicemonitors.monitoring.coreos.com\"\uff0c\u70b9\u51fb\u540d\u79f0\u8fdb\u5165\u8be6\u60c5\u3002 \u901a\u8fc7\u521b\u5efa YAML\uff0c\u5728\u547d\u540d\u7a7a\u95f4 httpserver \u4e0b\u521b\u5efa\u5982\u4e0b\u793a\u4f8b\u7684 CRD\uff1a
apiVersion: monitoring.coreos.com/v1\nkind: ServiceMonitor\nmetadata:\n name: httpserver\n namespace: httpserver\n labels:\n operator.insight.io/managed-by: insight\nspec:\n endpoints:\n - port: http\n interval: 5s\n namespaceSelector:\n matchNames:\n - httpserver\n selector:\n matchLabels:\n app: httpserver\n
Note
\u82e5\u901a\u8fc7 insight \u5b89\u88c5 Prometheus\uff0c\u5219 serviceMonitor \u4e0a\u5fc5\u987b\u6253\u4e0a operator.insight.io/managed-by: insight
\u8fd9\u4e2a label\uff0c\u901a\u8fc7\u5176\u4ed6\u65b9\u5f0f\u5b89\u88c5\u5219\u65e0\u9700\u6b64 label\u3002
\u64cd\u4f5c\u6b65\u9aa4\uff1a\u5728 \u96c6\u7fa4\u8be6\u60c5 -> Helm \u5e94\u7528 \u641c\u7d22 \u201cprometheus-adapter\"\uff0c\u901a\u8fc7\u64cd\u4f5c\u680f\u8fdb\u5165\u66f4\u65b0\u9875\u9762\uff0c\u5728 YAML \u4e2d\u914d\u7f6e\u81ea\u5b9a\u4e49\u6307\u6807\uff0c\u793a\u4f8b\u5982\u4e0b\uff1a
rules:\n custom:\n - metricsQuery: sum(rate(<<.Series>>{<<.LabelMatchers>>}[1m])) by (<<.GroupBy>>)\n name:\n as: httpserver_requests_qps\n matches: httpserver_requests_total\n resources:\n template: <<.Resource>>\n seriesQuery: httpserver_requests_total\n
"},{"location":"admin/kpanda/scale/custom-hpa.html#_5","title":"\u521b\u5efa\u81ea\u5b9a\u4e49\u6307\u6807\u5f39\u6027\u4f38\u7f29\u7b56\u7565\u53c2\u6570","text":"\u6309\u7167\u4e0a\u8ff0\u6b65\u9aa4\u5728 Deployment \u4e2d\u627e\u5230\u5e94\u7528\u7a0b\u5e8f httpserver \u5e76\u901a\u8fc7\u81ea\u5b9a\u4e49\u6307\u6807\u521b\u5efa\u5f39\u6027\u4f38\u7f29\u3002
"},{"location":"admin/kpanda/scale/hpa-cronhpa-compatibility-rules.html","title":"HPA \u548c CronHPA \u517c\u5bb9\u89c4\u5219","text":"HPA \u5168\u79f0\u4e3a HorizontalPodAutoscaler\uff0c\u5373 Pod \u6c34\u5e73\u81ea\u52a8\u4f38\u7f29\u3002
CronHPA \u5168\u79f0\u4e3a Cron HorizontalPodAutoscaler\uff0c\u5373 Pod \u5b9a\u65f6\u7684\u6c34\u5e73\u81ea\u52a8\u4f38\u7f29\u3002
"},{"location":"admin/kpanda/scale/hpa-cronhpa-compatibility-rules.html#cronhpa-hpa","title":"CronHPA \u548c HPA \u517c\u5bb9\u51b2\u7a81","text":"\u5b9a\u65f6\u4f38\u7f29 CronHPA \u901a\u8fc7\u8bbe\u7f6e\u5b9a\u65f6\u7684\u65b9\u5f0f\u89e6\u53d1\u5bb9\u5668\u7684\u6c34\u5e73\u526f\u672c\u4f38\u7f29\u3002\u4e3a\u4e86\u9632\u6b62\u7a81\u53d1\u7684\u6d41\u91cf\u51b2\u51fb\u7b49\u72b6\u51b5\uff0c \u60a8\u53ef\u80fd\u5df2\u7ecf\u914d\u7f6e HPA \u4fdd\u969c\u5e94\u7528\u7684\u6b63\u5e38\u8fd0\u884c\u3002\u5982\u679c\u540c\u65f6\u68c0\u6d4b\u5230\u4e86 HPA \u548c CronHPA \u7684\u5b58\u5728\uff0c \u7531\u4e8e CronHPA \u548c HPA \u76f8\u4e92\u72ec\u7acb\u65e0\u6cd5\u611f\u77e5\uff0c\u5c31\u4f1a\u51fa\u73b0\u4e24\u4e2a\u63a7\u5236\u5668\u5404\u81ea\u5de5\u4f5c\uff0c\u540e\u6267\u884c\u7684\u64cd\u4f5c\u4f1a\u8986\u76d6\u5148\u6267\u884c\u7684\u64cd\u4f5c\u3002
\u5bf9\u6bd4 CronHPA \u548c HPA \u7684\u5b9a\u4e49\u6a21\u677f\uff0c\u53ef\u4ee5\u89c2\u5bdf\u5230\u4ee5\u4e0b\u51e0\u70b9\uff1a
Note
\u5982\u679c\u540c\u65f6\u8bbe\u7f6e CronHPA \u548c HPA\uff0c\u4f1a\u51fa\u73b0 CronHPA \u548c HPA \u540c\u65f6\u64cd\u4f5c\u4e00\u4e2a scaleTargetRef \u7684\u573a\u666f\u3002
"},{"location":"admin/kpanda/scale/hpa-cronhpa-compatibility-rules.html#cronhpa-hpa_1","title":"CronHPA \u548c HPA \u517c\u5bb9\u65b9\u6848","text":"\u4ece\u4e0a\u6587\u53ef\u77e5\uff0cCronHPA \u548c HPA \u540c\u65f6\u4f7f\u7528\u4f1a\u5bfc\u81f4\u540e\u6267\u884c\u7684\u64cd\u4f5c\u8986\u76d6\u5148\u6267\u884c\u64cd\u4f5c\u7684\u672c\u8d28\u539f\u56e0\u662f\u4e24\u4e2a\u63a7\u5236\u5668\u65e0\u6cd5\u76f8\u4e92\u611f\u77e5\uff0c \u90a3\u4e48\u53ea\u9700\u8981\u8ba9 CronHPA \u611f\u77e5 HPA \u7684\u5f53\u524d\u72b6\u6001\u5c31\u80fd\u89e3\u51b3\u51b2\u7a81\u95ee\u9898\u3002
\u7cfb\u7edf\u4f1a\u5c06 HPA \u4f5c\u4e3a\u5b9a\u65f6\u4f38\u7f29 CronHPA \u7684\u6269\u7f29\u5bb9\u5bf9\u8c61\uff0c\u4ece\u800c\u5b9e\u73b0\u5bf9\u8be5 HPA \u5b9a\u4e49\u7684 Deployment \u5bf9\u8c61\u7684\u5b9a\u65f6\u6269\u7f29\u5bb9\u3002
HPA \u7684\u5b9a\u4e49\u5c06 Deployment \u914d\u7f6e\u5728 scaleTargetRef \u5b57\u6bb5\u4e0b\uff0c\u7136\u540e Deployment \u901a\u8fc7\u81ea\u8eab\u5b9a\u4e49\u67e5\u627e ReplicaSet\uff0c\u6700\u540e\u901a\u8fc7 ReplicaSet \u8c03\u6574\u771f\u5b9e\u7684\u526f\u672c\u6570\u76ee\u3002
\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u5c06 CronHPA \u4e2d\u7684 scaleTargetRef \u8bbe\u7f6e\u4e3a HPA \u5bf9\u8c61\uff0c\u7136\u540e\u901a\u8fc7 HPA \u5bf9\u8c61\u6765\u5bfb\u627e\u771f\u5b9e\u7684 scaleTargetRef\uff0c\u4ece\u800c\u8ba9 CronHPA \u611f\u77e5 HPA \u7684\u5f53\u524d\u72b6\u6001\u3002
CronHPA \u4f1a\u901a\u8fc7\u8c03\u6574 HPA \u7684\u65b9\u5f0f\u611f\u77e5 HPA\u3002CronHPA \u901a\u8fc7\u8bc6\u522b\u8981\u8fbe\u5230\u7684\u526f\u672c\u6570\u4e0e\u5f53\u524d\u526f\u672c\u6570\u4e24\u8005\u95f4\u7684\u8f83\u5927\u503c\uff0c \u5224\u65ad\u662f\u5426\u9700\u8981\u6269\u7f29\u5bb9\u53ca\u4fee\u6539 HPA \u7684\u4e0a\u9650\uff1bCronHPA \u901a\u8fc7\u8bc6\u522b CronHPA \u8981\u8fbe\u5230\u7684\u526f\u672c\u6570\u4e0e HPA \u7684\u914d\u7f6e\u95f4\u7684\u8f83\u5c0f\u503c\uff0c\u5224\u65ad\u662f\u5426\u9700\u8981\u4fee\u6539 HPA \u7684\u4e0b\u9650\u3002
"},{"location":"admin/kpanda/scale/install-cronhpa.html","title":"\u5b89\u88c5 kubernetes-cronhpa-controller \u63d2\u4ef6","text":"\u5bb9\u5668\u526f\u672c\u5b9a\u65f6\u6c34\u5e73\u6269\u7f29\u5bb9\u7b56\u7565\uff08CronHPA\uff09\u80fd\u591f\u4e3a\u5468\u671f\u6027\u9ad8\u5e76\u53d1\u5e94\u7528\u63d0\u4f9b\u7a33\u5b9a\u7684\u8ba1\u7b97\u8d44\u6e90\u4fdd\u969c\uff0c kubernetes-cronhpa-controller \u5219\u662f\u5b9e\u73b0 CronHPA \u7684\u5173\u952e\u7ec4\u4ef6\u3002
\u672c\u8282\u4ecb\u7ecd\u5982\u4f55\u5b89\u88c5 kubernetes-cronhpa-controller \u63d2\u4ef6\u3002
Note
\u4e3a\u4e86\u4f7f\u7528 CornHPA\uff0c\u4e0d\u4ec5\u9700\u8981\u5b89\u88c5 kubernetes-cronhpa-controller \u63d2\u4ef6\uff0c\u8fd8\u8981\u5b89\u88c5 metrics-server \u63d2\u4ef6\u3002
"},{"location":"admin/kpanda/scale/install-cronhpa.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u5b89\u88c5 kubernetes-cronhpa-controller \u63d2\u4ef6\u4e4b\u524d\uff0c\u9700\u8981\u6ee1\u8db3\u4ee5\u4e0b\u524d\u63d0\u6761\u4ef6\uff1a
\u5728\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u4e2d\u63a5\u5165 Kubernetes \u96c6\u7fa4\u6216\u8005\u521b\u5efa Kubernetes \u96c6\u7fa4\uff0c\u4e14\u80fd\u591f\u8bbf\u95ee\u96c6\u7fa4\u7684 UI \u754c\u9762\u3002
\u521b\u5efa\u4e00\u4e2a\u547d\u540d\u7a7a\u95f4\u3002
\u5f53\u524d\u64cd\u4f5c\u7528\u6237\u5e94\u5177\u6709 NS Editor \u6216\u66f4\u9ad8\u6743\u9650\uff0c\u8be6\u60c5\u53ef\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u6388\u6743\u3002
\u53c2\u8003\u5982\u4e0b\u6b65\u9aa4\u4e3a\u96c6\u7fa4\u5b89\u88c5 kubernetes-cronhpa-controller \u63d2\u4ef6\u3002
\u5728 \u96c6\u7fa4\u5217\u8868 \u9875\u9762\u627e\u5230\u9700\u8981\u5b89\u88c5\u6b64\u63d2\u4ef6\u7684\u76ee\u6807\u96c6\u7fa4\uff0c\u70b9\u51fb\u8be5\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u7136\u540e\u5728\u5de6\u4fa7\u70b9\u51fb \u5de5\u4f5c\u8d1f\u8f7d -> \u65e0\u72b6\u6001\u5de5\u4f5c\u8d1f\u8f7d \uff0c\u70b9\u51fb\u76ee\u6807\u5de5\u4f5c\u8d1f\u8f7d\u7684\u540d\u79f0\u3002
\u5728\u5de5\u4f5c\u8d1f\u8f7d\u8be6\u60c5\u9875\u9762\uff0c\u70b9\u51fb \u5f39\u6027\u4f38\u7f29 \u9875\u7b7e\uff0c\u5728 CronHPA \u53f3\u4fa7\u70b9\u51fb \u5b89\u88c5 \u3002
\u9605\u8bfb\u8be5\u63d2\u4ef6\u7684\u76f8\u5173\u4ecb\u7ecd\uff0c\u9009\u62e9\u7248\u672c\u540e\u70b9\u51fb \u5b89\u88c5 \u6309\u94ae\u3002\u63a8\u8350\u5b89\u88c5 1.3.0 \u6216\u66f4\u9ad8\u7248\u672c\u3002
\u53c2\u8003\u4ee5\u4e0b\u8bf4\u660e\u914d\u7f6e\u53c2\u6570\u3002
Note
\u5f00\u542f \u5c31\u7eea\u7b49\u5f85 \u548c/\u6216 \u5931\u8d25\u5220\u9664 \u540e\uff0c\u5e94\u7528\u9700\u8981\u8f83\u957f\u65f6\u95f4\u624d\u4f1a\u88ab\u6807\u8bb0\u4e3a\u201c\u8fd0\u884c\u4e2d\u201d\u72b6\u6001\u3002
\u5728\u9875\u9762\u53f3\u4e0b\u89d2\u70b9\u51fb \u786e\u5b9a \uff0c\u7cfb\u7edf\u5c06\u81ea\u52a8\u8df3\u8f6c\u81f3 Helm \u5e94\u7528 \u5217\u8868\u9875\u9762\u3002\u7a0d\u7b49\u51e0\u5206\u949f\u540e\u5237\u65b0\u9875\u9762\u4f5c\uff0c\u5373\u53ef\u770b\u5230\u521a\u521a\u5b89\u88c5\u7684\u5e94\u7528\u3002
Warning
\u5982\u9700\u5220\u9664 kubernetes-cronhpa-controller \u63d2\u4ef6\uff0c\u5e94\u5728 Helm \u5e94\u7528 \u5217\u8868\u9875\u9762\u624d\u80fd\u5c06\u5176\u5f7b\u5e95\u5220\u9664\u3002
\u5982\u679c\u5728\u5de5\u4f5c\u8d1f\u8f7d\u7684 \u5f39\u6027\u4f38\u7f29 \u9875\u7b7e\u4e0b\u5220\u9664\u63d2\u4ef6\uff0c\u8fd9\u53ea\u662f\u5220\u9664\u4e86\u8be5\u63d2\u4ef6\u7684\u5de5\u4f5c\u8d1f\u8f7d\u526f\u672c\uff0c\u63d2\u4ef6\u672c\u8eab\u4ecd\u672a\u5220\u9664\uff0c\u540e\u7eed\u91cd\u65b0\u5b89\u88c5\u8be5\u63d2\u4ef6\u65f6\u4e5f\u4f1a\u63d0\u793a\u9519\u8bef\u3002
\u56de\u5230\u5de5\u4f5c\u8d1f\u8f7d\u8be6\u60c5\u9875\u9762\u4e0b\u7684 \u5f39\u6027\u4f38\u7f29 \u9875\u7b7e\uff0c\u53ef\u4ee5\u770b\u5230\u754c\u9762\u663e\u793a \u63d2\u4ef6\u5df2\u5b89\u88c5 \u3002\u73b0\u5728\u53ef\u4ee5\u5f00\u59cb\u521b\u5efa CronHPA \u7b56\u7565\u4e86\u3002
metrics-server \u662f Kubernetes \u5185\u7f6e\u7684\u8d44\u6e90\u4f7f\u7528\u6307\u6807\u91c7\u96c6\u7ec4\u4ef6\u3002 \u60a8\u53ef\u4ee5\u901a\u8fc7\u914d\u7f6e\u5f39\u6027\u4f38\u7f29\uff08HPA\uff09\u7b56\u7565\u6765\u5b9e\u73b0\u5de5\u4f5c\u8d1f\u8f7d\u8d44\u6e90\u81ea\u52a8\u6c34\u5e73\u4f38\u7f29 Pod \u526f\u672c\u3002
\u672c\u8282\u4ecb\u7ecd\u5982\u4f55\u5b89\u88c5 metrics-server \u3002
"},{"location":"admin/kpanda/scale/install-metrics-server.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u5b89\u88c5 metrics-server \u63d2\u4ef6\u524d\uff0c\u9700\u8981\u6ee1\u8db3\u4ee5\u4e0b\u524d\u63d0\u6761\u4ef6\uff1a
\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u5df2\u63a5\u5165 Kubernetes \u96c6\u7fa4\u6216\u8005\u5df2\u521b\u5efa Kubernetes \u96c6\u7fa4\uff0c\u4e14\u80fd\u591f\u8bbf\u95ee\u96c6\u7fa4\u7684 UI \u754c\u9762\u3002
\u5df2\u5b8c\u6210\u4e00\u4e2a\u547d\u540d\u7a7a\u95f4\u7684\u521b\u5efa\u3002
\u5f53\u524d\u64cd\u4f5c\u7528\u6237\u5e94\u5177\u6709 NS Editor \u6216\u66f4\u9ad8\u6743\u9650\uff0c\u8be6\u60c5\u53ef\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u6388\u6743\u3002
\u8bf7\u6267\u884c\u5982\u4e0b\u6b65\u9aa4\u4e3a\u96c6\u7fa4\u5b89\u88c5 metrics-server \u63d2\u4ef6\u3002
\u5728\u5de5\u4f5c\u8d1f\u8f7d\u8be6\u60c5\u4e0b\u7684\u5f39\u6027\u4f38\u7f29\u9875\u9762\uff0c\u70b9\u51fb \u53bb\u5b89\u88c5 \uff0c\u8fdb\u5165 metrics-server \u63d2\u4ef6\u5b89\u88c5\u754c\u9762\u3002
\u9605\u8bfb metrics-server \u63d2\u4ef6\u76f8\u5173\u4ecb\u7ecd\uff0c\u9009\u62e9\u7248\u672c\u540e\u70b9\u51fb \u5b89\u88c5 \u6309\u94ae\u3002\u672c\u6587\u5c06\u4ee5 3.8.2 \u7248\u672c\u4e3a\u4f8b\u8fdb\u884c\u5b89\u88c5\uff0c\u63a8\u8350\u60a8\u5b89\u88c5 3.8.2 \u53ca\u66f4\u9ad8\u7248\u672c\u3002
\u5728\u5b89\u88c5\u914d\u7f6e\u754c\u9762\u914d\u7f6e\u57fa\u672c\u53c2\u6570\u3002
Note
\u5f00\u542f \u5c31\u7eea\u7b49\u5f85 \u548c/\u6216 \u5931\u8d25\u5220\u9664 \u540e\uff0c\u5e94\u7528\u9700\u8981\u7ecf\u8fc7\u8f83\u957f\u65f6\u95f4\u624d\u4f1a\u88ab\u6807\u8bb0\u4e3a \u8fd0\u884c\u4e2d \u72b6\u6001\u3002
\u9ad8\u7ea7\u53c2\u6570\u914d\u7f6e
\u5982\u679c\u96c6\u7fa4\u7f51\u7edc\u65e0\u6cd5\u8bbf\u95ee k8s.gcr.io
\u4ed3\u5e93\uff0c\u8bf7\u5c1d\u8bd5\u4fee\u6539 repositort
\u53c2\u6570\u4e3a repository: k8s.m.daocloud.io/metrics-server/metrics-server
\u5b89\u88c5 metrics-server \u63d2\u4ef6\u8fd8\u9700\u63d0\u4f9b SSL \u8bc1\u4e66\u3002\u5982\u9700\u7ed5\u8fc7\u8bc1\u4e66\u6821\u9a8c\uff0c\u9700\u8981\u5728 defaultArgs:
\u5904\u6dfb\u52a0 - --kubelet-insecure-tls
\u53c2\u6570\u3002
image:\n repository: k8s.m.daocloud.io/metrics-server/metrics-server # \u5c06\u4ed3\u5e93\u6e90\u5730\u5740\u4fee\u6539\u4e3a k8s.m.daocloud.io\n tag: ''\n pullPolicy: IfNotPresent\nimagePullSecrets: []\nnameOverride: ''\nfullnameOverride: ''\nserviceAccount:\n create: true\n annotations: {}\n name: ''\nrbac:\n create: true\n pspEnabled: false\napiService:\n create: true\npodLabels: {}\npodAnnotations: {}\npodSecurityContext: {}\nsecurityContext:\n allowPrivilegeEscalation: false\n readOnlyRootFilesystem: true\n runAsNonRoot: true\n runAsUser: 1000\npriorityClassName: system-cluster-critical\ncontainerPort: 4443\nhostNetwork:\n enabled: false\nreplicas: 1\nupdateStrategy: {}\npodDisruptionBudget:\n enabled: false\n minAvailable: null\n maxUnavailable: null\ndefaultArgs:\n - '--cert-dir=/tmp'\n - '--kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname'\n - '--kubelet-use-node-status-port'\n - '--metric-resolution=15s'\n - --kubelet-insecure-tls # \u7ed5\u8fc7\u8bc1\u4e66\u6821\u9a8c\nargs: []\nlivenessProbe:\n httpGet:\n path: /livez\n port: https\n scheme: HTTPS\n initialDelaySeconds: 0\n periodSeconds: 10\n failureThreshold: 3\nreadinessProbe:\n httpGet:\n path: /readyz\n port: https\n scheme: HTTPS\n initialDelaySeconds: 20\n periodSeconds: 10\n failureThreshold: 3\nservice:\n type: ClusterIP\n port: 443\n annotations: {}\n labels: {}\nmetrics:\n enabled: false\nserviceMonitor:\n enabled: false\n additionalLabels: {}\n interval: 1m\n scrapeTimeout: 10s\nresources: {}\nextraVolumeMounts: []\nextraVolumes: []\nnodeSelector: {}\ntolerations: []\naffinity: {}\n
\u70b9\u51fb \u786e\u5b9a \u6309\u94ae\uff0c\u5b8c\u6210 metrics-server \u63d2\u4ef6\u7684\u5b89\u88c5\uff0c\u4e4b\u540e\u7cfb\u7edf\u5c06\u81ea\u52a8\u8df3\u8f6c\u81f3 Helm \u5e94\u7528 \u5217\u8868\u9875\u9762\uff0c \u7a0d\u7b49\u51e0\u5206\u949f\u540e\uff0c\u4e3a\u9875\u9762\u6267\u884c\u5237\u65b0\u64cd\u4f5c\uff0c\u5373\u53ef\u770b\u5230\u521a\u521a\u5b89\u88c5\u7684\u5e94\u7528\u3002
Note
\u5220\u9664 metrics-server \u63d2\u4ef6\u65f6\uff0c\u5728 Helm \u5e94\u7528 \u5217\u8868\u9875\u9762\u624d\u80fd\u5f7b\u5e95\u5220\u9664\u8be5\u63d2\u4ef6\u3002\u5982\u679c\u4ec5\u5728\u5de5\u4f5c\u8d1f\u8f7d\u9875\u9762\u5220\u9664 metrics-server \uff0c \u8fd9\u53ea\u662f\u5220\u9664\u4e86\u8be5\u5e94\u7528\u7684\u5de5\u4f5c\u8d1f\u8f7d\u526f\u672c\uff0c\u5e94\u7528\u672c\u8eab\u4ecd\u672a\u5220\u9664\uff0c\u540e\u7eed\u91cd\u65b0\u5b89\u88c5\u8be5\u63d2\u4ef6\u65f6\u4e5f\u4f1a\u63d0\u793a\u9519\u8bef\u3002
"},{"location":"admin/kpanda/scale/install-vpa.html","title":"\u5b89\u88c5 vpa \u63d2\u4ef6","text":"\u5bb9\u5668\u5782\u76f4\u6269\u7f29\u5bb9\u7b56\u7565\uff08Vertical Pod Autoscaler, VPA\uff09\u80fd\u591f\u8ba9\u96c6\u7fa4\u7684\u8d44\u6e90\u914d\u7f6e\u66f4\u52a0\u5408\u7406\uff0c\u907f\u514d\u96c6\u7fa4\u8d44\u6e90\u6d6a\u8d39\u3002 vpa \u5219\u662f\u5b9e\u73b0\u5bb9\u5668\u5782\u76f4\u6269\u7f29\u5bb9\u7684\u5173\u952e\u7ec4\u4ef6\u3002
\u672c\u8282\u4ecb\u7ecd\u5982\u4f55\u5b89\u88c5 vpa \u63d2\u4ef6\u3002
\u4e3a\u4e86\u4f7f\u7528 VPA \u7b56\u7565\uff0c\u4e0d\u4ec5\u9700\u8981\u5b89\u88c5 __vpa__ \u63d2\u4ef6\uff0c\u8fd8\u8981[\u5b89\u88c5 __metrics-server__ \u63d2\u4ef6](install-metrics-server.md)\u3002\n
"},{"location":"admin/kpanda/scale/install-vpa.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u5b89\u88c5 vpa \u63d2\u4ef6\u4e4b\u524d\uff0c\u9700\u8981\u6ee1\u8db3\u4ee5\u4e0b\u524d\u63d0\u6761\u4ef6\uff1a
\u5728\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u4e2d\u63a5\u5165 Kubernetes \u96c6\u7fa4\u6216\u8005\u521b\u5efa Kubernetes \u96c6\u7fa4\uff0c\u4e14\u80fd\u591f\u8bbf\u95ee\u96c6\u7fa4\u7684 UI \u754c\u9762\u3002
\u521b\u5efa\u4e00\u4e2a\u547d\u540d\u7a7a\u95f4\u3002
\u5f53\u524d\u64cd\u4f5c\u7528\u6237\u5e94\u5177\u6709 NS Editor \u6216\u66f4\u9ad8\u6743\u9650\uff0c\u8be6\u60c5\u53ef\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u6388\u6743\u3002
\u53c2\u8003\u5982\u4e0b\u6b65\u9aa4\u4e3a\u96c6\u7fa4\u5b89\u88c5 vpa \u63d2\u4ef6\u3002
\u5728 \u96c6\u7fa4\u5217\u8868 \u9875\u9762\u627e\u5230\u9700\u8981\u5b89\u88c5\u6b64\u63d2\u4ef6\u7684\u76ee\u6807\u96c6\u7fa4\uff0c\u70b9\u51fb\u8be5\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u7136\u540e\u5728\u5de6\u4fa7\u70b9\u51fb \u5de5\u4f5c\u8d1f\u8f7d -> \u65e0\u72b6\u6001\u5de5\u4f5c\u8d1f\u8f7d \uff0c\u70b9\u51fb\u76ee\u6807\u5de5\u4f5c\u8d1f\u8f7d\u7684\u540d\u79f0\u3002
\u5728\u5de5\u4f5c\u8d1f\u8f7d\u8be6\u60c5\u9875\u9762\uff0c\u70b9\u51fb \u5f39\u6027\u4f38\u7f29 \u9875\u7b7e\uff0c\u5728 VPA \u53f3\u4fa7\u70b9\u51fb \u5b89\u88c5 \u3002
3. \u9605\u8bfb\u8be5\u63d2\u4ef6\u7684\u76f8\u5173\u4ecb\u7ecd\uff0c\u9009\u62e9\u7248\u672c\u540e\u70b9\u51fb \u5b89\u88c5 \u6309\u94ae\u3002\u63a8\u8350\u5b89\u88c5 1.5.0 \u6216\u66f4\u9ad8\u7248\u672c\u3002
4. \u67e5\u770b\u4ee5\u4e0b\u8bf4\u660e\u914d\u7f6e\u53c2\u6570\u3002
- \u540d\u79f0\uff1a\u8f93\u5165\u63d2\u4ef6\u540d\u79f0\uff0c\u8bf7\u6ce8\u610f\u540d\u79f0\u6700\u957f 63 \u4e2a\u5b57\u7b26\uff0c\u53ea\u80fd\u5305\u542b\u5c0f\u5199\u5b57\u6bcd\u3001\u6570\u5b57\u53ca\u5206\u9694\u7b26\uff08\u201c-\u201d\uff09\uff0c\u4e14\u5fc5\u987b\u4ee5\u5c0f\u5199\u5b57\u6bcd\u6216\u6570\u5b57\u5f00\u5934\u53ca\u7ed3\u5c3e\uff0c\u4f8b\u5982 kubernetes-cronhpa-controller\u3002 - \u547d\u540d\u7a7a\u95f4\uff1a\u9009\u62e9\u5c06\u63d2\u4ef6\u5b89\u88c5\u5728\u54ea\u4e2a\u547d\u540d\u7a7a\u95f4\uff0c\u6b64\u5904\u4ee5 default \u4e3a\u4f8b\u3002 - \u7248\u672c\uff1a\u63d2\u4ef6\u7684\u7248\u672c\uff0c\u6b64\u5904\u4ee5 4.5.0 \u7248\u672c\u4e3a\u4f8b\u3002 - \u5c31\u7eea\u7b49\u5f85\uff1a\u542f\u7528\u540e\uff0c\u5c06\u7b49\u5f85\u5e94\u7528\u4e0b\u7684\u6240\u6709\u5173\u8054\u8d44\u6e90\u90fd\u5904\u4e8e\u5c31\u7eea\u72b6\u6001\uff0c\u624d\u4f1a\u6807\u8bb0\u5e94\u7528\u5b89\u88c5\u6210\u529f\u3002 - \u5931\u8d25\u5220\u9664\uff1a\u5982\u679c\u63d2\u4ef6\u5b89\u88c5\u5931\u8d25\uff0c\u5219\u5220\u9664\u5df2\u7ecf\u5b89\u88c5\u7684\u5173\u8054\u8d44\u6e90\u3002\u5f00\u542f\u540e\uff0c\u5c06\u9ed8\u8ba4\u540c\u6b65\u5f00\u542f \u5c31\u7eea\u7b49\u5f85 \u3002 - \u8be6\u60c5\u65e5\u5fd7\uff1a\u5f00\u542f\u540e\uff0c\u5c06\u8bb0\u5f55\u5b89\u88c5\u8fc7\u7a0b\u7684\u8be6\u7ec6\u65e5\u5fd7\u3002
Note
\u5f00\u542f \u5c31\u7eea\u7b49\u5f85 \u548c/\u6216 \u5931\u8d25\u5220\u9664 \u540e\uff0c\u5e94\u7528\u9700\u8981\u7ecf\u8fc7\u8f83\u957f\u65f6\u95f4\u624d\u4f1a\u88ab\u6807\u8bb0\u4e3a\u201c\u8fd0\u884c\u4e2d\u201d\u72b6\u6001\u3002
\u5728\u9875\u9762\u53f3\u4e0b\u89d2\u70b9\u51fb \u786e\u5b9a \uff0c\u7cfb\u7edf\u5c06\u81ea\u52a8\u8df3\u8f6c\u81f3 Helm \u5e94\u7528 \u5217\u8868\u9875\u9762\u3002\u7a0d\u7b49\u51e0\u5206\u949f\u540e\u5237\u65b0\u9875\u9762\u4f5c\uff0c\u5373\u53ef\u770b\u5230\u521a\u521a\u5b89\u88c5\u7684\u5e94\u7528\u3002
Warning
\u5982\u9700\u5220\u9664 vpa \u63d2\u4ef6\uff0c\u5e94\u5728 Helm \u5e94\u7528 \u5217\u8868\u9875\u9762\u624d\u80fd\u5c06\u5176\u5f7b\u5e95\u5220\u9664\u3002
\u5982\u679c\u5728\u5de5\u4f5c\u8d1f\u8f7d\u7684 \u5f39\u6027\u4f38\u7f29 \u9875\u7b7e\u4e0b\u5220\u9664\u63d2\u4ef6\uff0c\u8fd9\u53ea\u662f\u5220\u9664\u4e86\u8be5\u63d2\u4ef6\u7684\u5de5\u4f5c\u8d1f\u8f7d\u526f\u672c\uff0c\u63d2\u4ef6\u672c\u8eab\u4ecd\u672a\u5220\u9664\uff0c\u540e\u7eed\u91cd\u65b0\u5b89\u88c5\u8be5\u63d2\u4ef6\u65f6\u4e5f\u4f1a\u63d0\u793a\u9519\u8bef\u3002
\u56de\u5230\u5de5\u4f5c\u8d1f\u8f7d\u8be6\u60c5\u9875\u9762\u4e0b\u7684 \u5f39\u6027\u4f38\u7f29 \u9875\u7b7e\uff0c\u53ef\u4ee5\u770b\u5230\u754c\u9762\u663e\u793a \u63d2\u4ef6\u5df2\u5b89\u88c5 \u3002\u73b0\u5728\u53ef\u4ee5\u5f00\u59cb\u521b\u5efa VPA \u7b56\u7565\u4e86\u3002
Knative \u662f\u4e00\u4e2a\u9762\u5411\u65e0\u670d\u52a1\u5668\u90e8\u7f72\u7684\u8de8\u5e73\u53f0\u89e3\u51b3\u65b9\u6848\u3002
\u767b\u5f55\u96c6\u7fa4\uff0c\u70b9\u51fb\u4fa7\u8fb9\u680f Helm \u5e94\u7528 -> Helm \u6a21\u677f \uff0c\u5728\u53f3\u4fa7\u4e0a\u65b9\u641c\u7d22\u6846\u8f93\u5165 knative \uff0c\u7136\u540e\u6309\u56de\u8f66\u952e\u641c\u7d22\u3002
\u70b9\u51fb\u641c\u7d22\u51fa\u7684 knative-operator \uff0c\u8fdb\u5165\u5b89\u88c5\u914d\u7f6e\u754c\u9762\u3002\u4f60\u53ef\u4ee5\u5728\u8be5\u754c\u9762\u67e5\u770b\u53ef\u7528\u7248\u672c\u4ee5\u53ca Helm values \u7684 Parameters \u53ef\u9009\u9879\u3002
\u70b9\u51fb\u5b89\u88c5\u6309\u94ae\u540e\uff0c\u8fdb\u5165\u5b89\u88c5\u914d\u7f6e\u754c\u9762\u3002
\u8f93\u5165\u540d\u79f0\uff0c\u5b89\u88c5\u79df\u6237\uff0c\u5efa\u8bae\u52fe\u9009 \u5c31\u7eea\u7b49\u5f85 \u548c \u8be6\u7ec6\u65e5\u5fd7 \u3002
\u5728\u4e0b\u65b9\u8bbe\u7f6e\uff0c\u53ef\u4ee5\u52fe\u9009 Serving \uff0c\u5e76\u8f93\u5165 Knative Serving \u7ec4\u4ef6\u7684\u5b89\u88c5\u79df\u6237\uff0c\u4f1a\u5728\u5b89\u88c5\u540e\u90e8\u7f72 Knative Serving \u7ec4\u4ef6\uff0c\u8be5\u7ec4\u4ef6\u7531 Knative Operator \u7ba1\u7406\u3002
Knative \u63d0\u4f9b\u4e86\u4e00\u79cd\u66f4\u9ad8\u5c42\u6b21\u7684\u62bd\u8c61\uff0c\u7b80\u5316\u5e76\u52a0\u901f\u4e86\u5728 Kubernetes \u4e0a\u6784\u5efa\u3001\u90e8\u7f72\u548c\u7ba1\u7406\u5e94\u7528\u7684\u8fc7\u7a0b\u3002\u5b83\u4f7f\u5f97\u5f00\u53d1\u4eba\u5458\u80fd\u591f\u66f4\u4e13\u6ce8\u4e8e\u4e1a\u52a1\u903b\u8f91\u7684\u5b9e\u73b0\uff0c\u800c\u5c06\u5927\u90e8\u5206\u57fa\u7840\u8bbe\u65bd\u548c\u8fd0\u7ef4\u5de5\u4f5c\u4ea4\u7ed9 Knative \u53bb\u5904\u7406\uff0c\u4ece\u800c\u663e\u8457\u63d0\u9ad8\u751f\u4ea7\u529b\u3002
"},{"location":"admin/kpanda/scale/knative/knative.html#_1","title":"\u7ec4\u4ef6","text":"knative-operator \u8fd0\u884c\u7ec4\u4ef6\u5982\u4e0b\u3002
knative-operator knative-operator-58f7d7db5c-7f6r5 1/1 Running 0 6m55s\nknative-operator operator-webhook-667dc67bc-qvrv4 1/1 Running 0 6m55s\n
knative-serving \u7ec4\u4ef6\u5982\u4e0b\u3002
knative-serving 3scale-kourier-gateway-d69fbfbd-bd8d8 1/1 Running 0 7m13s\nknative-serving activator-7c6fddd698-wdlng 1/1 Running 0 7m3s\nknative-serving autoscaler-8f4b876bb-kd25p 1/1 Running 0 7m17s\nknative-serving autoscaler-hpa-5f7f74679c-vkc7p 1/1 Running 0 7m15s\nknative-serving controller-789c896c46-tfvsv 1/1 Running 0 7m17s\nknative-serving net-kourier-controller-7db578c889-7gd5l 1/1 Running 0 7m14s\nknative-serving webhook-5c88b94c5-78x7m 1/1 Running 0 7m1s\nknative-serving storage-version-migration-serving-serving-1.12.2-t7zvd 0/1 Completed 0 7m15s\n
\u7ec4\u4ef6 \u4f5c\u7528 Activator \u5bf9\u8bf7\u6c42\u6392\u961f\uff08\u5982\u679c\u4e00\u4e2a Knative Service \u5df2\u7ecf\u7f29\u51cf\u5230\u96f6\uff09\u3002\u8c03\u7528 autoscaler\uff0c\u5c06\u7f29\u51cf\u5230 0 \u7684\u670d\u52a1\u6062\u590d\u5e76\u8f6c\u53d1\u6392\u961f\u7684\u8bf7\u6c42\u3002Activator \u8fd8\u53ef\u4ee5\u5145\u5f53\u8bf7\u6c42\u7f13\u51b2\u5668\uff0c\u5904\u7406\u7a81\u53d1\u6d41\u91cf\u3002 Autoscaler Autoscaler \u8d1f\u8d23\u6839\u636e\u914d\u7f6e\u3001\u6307\u6807\u548c\u8fdb\u5165\u7684\u8bf7\u6c42\u6765\u7f29\u653e Knative \u670d\u52a1\u3002 Controller \u7ba1\u7406 Knative CR \u7684\u72b6\u6001\u3002\u5b83\u4f1a\u76d1\u89c6\u591a\u4e2a\u5bf9\u8c61\uff0c\u7ba1\u7406\u4f9d\u8d56\u8d44\u6e90\u7684\u751f\u547d\u5468\u671f\uff0c\u5e76\u66f4\u65b0\u8d44\u6e90\u72b6\u6001\u3002 Queue-Proxy Sidecar \u5bb9\u5668\uff0c\u6bcf\u4e2a Knative Service \u90fd\u4f1a\u6ce8\u5165\u4e00\u4e2a\u3002\u8d1f\u8d23\u6536\u96c6\u6d41\u91cf\u6570\u636e\u5e76\u62a5\u544a\u7ed9 Autoscaler\uff0cAutoscaler \u6839\u636e\u8fd9\u4e9b\u6570\u636e\u548c\u9884\u8bbe\u7684\u89c4\u5219\u6765\u53d1\u8d77\u6269\u5bb9\u6216\u7f29\u5bb9\u8bf7\u6c42\u3002 Webhooks Knative Serving \u6709\u51e0\u4e2a Webhooks \u8d1f\u8d23\u9a8c\u8bc1\u548c\u53d8\u66f4 Knative \u8d44\u6e90\u3002"},{"location":"admin/kpanda/scale/knative/knative.html#ingress","title":"Ingress \u6d41\u91cf\u5165\u53e3\u65b9\u6848","text":"\u65b9\u6848 \u9002\u7528\u573a\u666f Istio \u5982\u679c\u5df2\u7ecf\u7528\u4e86 Istio\uff0c\u53ef\u4ee5\u9009\u62e9 Istio \u4f5c\u4e3a\u6d41\u91cf\u5165\u53e3\u65b9\u6848\u3002 Contour \u5982\u679c\u96c6\u7fa4\u4e2d\u5df2\u7ecf\u542f\u7528\u4e86 Contour\uff0c\u53ef\u4ee5\u9009\u62e9 Contour \u4f5c\u4e3a\u6d41\u91cf\u5165\u53e3\u65b9\u6848\u3002 Kourier \u5982\u679c\u5728\u6ca1\u6709\u4e0a\u8ff0 2 \u79cd Ingress \u7ec4\u4ef6\u65f6\uff0c\u53ef\u4ee5\u4f7f\u7528 Knative \u57fa\u4e8e Envoy \u5b9e\u73b0\u7684 Kourier Ingress \u4f5c\u4e3a\u6d41\u91cf\u5165\u53e3\u3002"},{"location":"admin/kpanda/scale/knative/knative.html#autoscaler","title":"Autoscaler \u65b9\u6848\u5bf9\u6bd4","text":"Autoscaler \u7c7b\u578b \u662f\u5426\u4e3a Knative Serving \u6838\u5fc3\u90e8\u5206 \u9ed8\u8ba4\u542f\u7528 Scale to Zero \u652f\u6301 \u57fa\u4e8e CPU \u7684 Autoscaling \u652f\u6301 Knative Pod Autoscaler (KPA) \u662f \u662f \u662f \u5426 Horizontal Pod Autoscaler (HPA) \u5426 \u9700\u5b89\u88c5 Knative Serving \u540e\u542f\u7528 \u5426 \u662f"},{"location":"admin/kpanda/scale/knative/knative.html#crd","title":"CRD","text":"\u8d44\u6e90\u7c7b\u578b API \u540d\u79f0 \u63cf\u8ff0 Services service.serving.knative.dev \u81ea\u52a8\u7ba1\u7406 Workload \u7684\u6574\u4e2a\u751f\u547d\u5468\u671f\uff0c\u63a7\u5236\u5176\u4ed6\u5bf9\u8c61\u7684\u521b\u5efa\uff0c\u786e\u4fdd\u5e94\u7528\u5177\u6709 Routes\u3001Configurations \u4ee5\u53ca\u6bcf\u6b21\u66f4\u65b0\u65f6\u7684\u65b0 revision\u3002 Routes route.serving.knative.dev \u5c06\u7f51\u7edc\u7aef\u70b9\u6620\u5c04\u5230\u4e00\u4e2a\u6216\u591a\u4e2a\u4fee\u8ba2\u7248\u672c\uff0c\u652f\u6301\u6d41\u91cf\u5206\u914d\u548c\u7248\u672c\u8def\u7531\u3002 Configurations configuration.serving.knative.dev \u7ef4\u62a4\u90e8\u7f72\u7684\u671f\u671b\u72b6\u6001\uff0c\u63d0\u4f9b\u4ee3\u7801\u548c\u914d\u7f6e\u4e4b\u95f4\u7684\u5206\u79bb\uff0c\u9075\u5faa Twelve-Factor \u5e94\u7528\u7a0b\u5e8f\u65b9\u6cd5\u8bba\uff0c\u4fee\u6539\u914d\u7f6e\u4f1a\u521b\u5efa\u65b0\u7684 revision\u3002 Revisions revision.serving.knative.dev \u6bcf\u6b21\u5bf9\u5de5\u4f5c\u8d1f\u8f7d\u4fee\u6539\u7684\u65f6\u95f4\u70b9\u5feb\u7167\uff0c\u662f\u4e0d\u53ef\u53d8\u5bf9\u8c61\uff0c\u53ef\u6839\u636e\u6d41\u91cf\u81ea\u52a8\u6269\u5bb9\u548c\u7f29\u5bb9\u3002"},{"location":"admin/kpanda/scale/knative/playground.html","title":"Knative \u4f7f\u7528\u5b9e\u8df5","text":"\u5728\u672c\u8282\u4e2d\uff0c\u6211\u4eec\u5c06\u901a\u8fc7\u51e0\u4e2a\u5b9e\u8df5\u6765\u6df1\u5165\u4e86\u89e3\u5b66\u4e60 Knative\u3002
"},{"location":"admin/kpanda/scale/knative/playground.html#case-1-hello-world","title":"case 1 - Hello World","text":"apiVersion: serving.knative.dev/v1\nkind: Service\nmetadata:\n name: hello\nspec:\n template:\n spec:\n containers:\n - image: m.daocloud.io/ghcr.io/knative/helloworld-go:latest\n ports:\n - containerPort: 8080\n env:\n - name: TARGET\n value: \"World\"\n
\u53ef\u4ee5\u4f7f\u7528 kubectl \u5df2\u90e8\u7f72\u7684\u5e94\u7528\u7684\u72b6\u6001\uff0c\u8fd9\u4e2a\u5e94\u7528\u7531 knative \u81ea\u52a8\u914d\u7f6e\u4e86 ingress \u548c\u4f38\u7f29\u5668\u3002
~ kubectl get service.serving.knative.dev/hello\nNAME URL LATESTCREATED LATESTREADY READY REASON\nhello http://hello.knative-serving.knative.loulan.me hello-00001 hello-00001 True\n
\u90e8\u7f72\u51fa\u7684 Pod YAML \u5982\u4e0b\uff0c\u7531 2 \u4e2a Pod \u7ec4\u6210\uff1auser-container \u548c queue-proxy\u3002
apiVersion: v1\nkind: Pod\nmetadata:\n name: hello-00003-deployment-5fcb8ccbf-7qjfk\nspec:\n containers:\n - name: user-container\n - name: queue-proxy\n
\u8bf7\u6c42\u6d41\uff1a
case3 \u6d41\u91cf\u518d\u53d8\u5c0f\u65f6\uff0c\u6d41\u91cf\u4f4e\u4e8e current_demand + target-burst-capacity > (pods * concurrency-target) \u65f6\u5c06\u518d\u6b21\u8def\u7531\u5230 activator
\u5f85\u5904\u7406\u7684\u8bf7\u6c42\u603b\u6570 + \u80fd\u63a5\u53d7\u7684\u8d85\u8fc7\u76ee\u6807\u5e76\u53d1\u6570\u7684\u8bf7\u6c42\u6570\u91cf > \u6bcf\u4e2a Pod \u7684\u76ee\u6807\u5e76\u53d1\u6570 * Pod \u6570\u91cf
\u6211\u4eec\u9996\u5148\u5728\u96c6\u7fa4\u5e94\u7528\u4e0b\u9762 YAML \u5b9a\u4e49\u3002
apiVersion: serving.knative.dev/v1\nkind: Service\nmetadata:\n name: hello\nspec:\n template:\n metadata:\n annotations:\n autoscaling.knative.dev/target: \"1\"\n autoscaling.knative.dev/class: \"kpa.autoscaling.knative.dev\"\n spec:\n containers:\n - image: m.daocloud.io/ghcr.io/knative/helloworld-go:latest\n ports:\n - containerPort: 8080\n env:\n - name: TARGET\n value: \"World\"\n
\u6267\u884c\u4e0b\u9762\u547d\u4ee4\u6d4b\u8bd5\uff0c\u5e76\u53ef\u4ee5\u901a\u8fc7 kubectl get pods -A -w
\u6765\u89c2\u5bdf\u6269\u5bb9\u7684 Pod\u3002
wrk -t2 -c4 -d6s http://hello.knative-serving.knative.daocloud.io/\n
"},{"location":"admin/kpanda/scale/knative/playground.html#case-3-","title":"case 3 - \u57fa\u4e8e\u5e76\u53d1\u5f39\u6027\u4f38\u7f29\uff0c\u8fbe\u5230\u7279\u5b9a\u6bd4\u4f8b\u63d0\u524d\u6269\u5bb9","text":"\u6211\u4eec\u53ef\u4ee5\u5f88\u8f7b\u677e\u7684\u5b9e\u73b0\uff0c\u4f8b\u5982\u9650\u5236\u6bcf\u4e2a\u5bb9\u5668\u5e76\u53d1\u4e3a 10\uff0c\u53ef\u4ee5\u901a\u8fc7 autoscaling.knative.dev/target-utilization-percentage: 70
\u6765\u5b9e\u73b0\uff0c\u8fbe\u5230 70% \u5c31\u5f00\u59cb\u6269\u5bb9 Pod\u3002
apiVersion: serving.knative.dev/v1\nkind: Service\nmetadata:\n name: hello\nspec:\n template:\n metadata:\n annotations:\n autoscaling.knative.dev/target: \"10\"\n autoscaling.knative.dev/class: \"kpa.autoscaling.knative.dev\"\n \u00a0 \u00a0 \u00a0 \u00a0autoscaling.knative.dev/target-utilization-percentage: \"70\" \n \u00a0 \u00a0 \u00a0 \u00a0autoscaling.knative.dev/metric: \"concurrency\"\n \u00a0 \u00a0 spec:\n containers:\n - image: m.daocloud.io/ghcr.io/knative/helloworld-go:latest\n ports:\n - containerPort: 8080\n env:\n - name: TARGET\n value: \"World\"\n
"},{"location":"admin/kpanda/scale/knative/playground.html#case-4-","title":"case 4 - \u7070\u5ea6\u53d1\u5e03/\u6d41\u91cf\u767e\u5206\u6bd4","text":"\u6211\u4eec\u53ef\u4ee5\u901a\u8fc7 spec.traffic
\u5b9e\u73b0\u5230\u6bcf\u4e2a\u7248\u672c\u6d41\u91cf\u7684\u63a7\u5236\u3002
apiVersion: serving.knative.dev/v1\nkind: Service\nmetadata:\n name: hello\nspec:\n template:\n metadata:\n annotations:\n autoscaling.knative.dev/target: \"1\" \n autoscaling.knative.dev/class: \"kpa.autoscaling.knative.dev\" \n spec:\n containers:\n - image: m.daocloud.io/ghcr.io/knative/helloworld-go:latest\n ports:\n - containerPort: 8080\n env:\n - name: TARGET\n value: \"World\"\n traffic:\n - latestRevision: true\n percent: 50\n - latestRevision: false\n percent: 50\n revisionName: hello-00001\n
"},{"location":"admin/kpanda/scale/knative/scene.html","title":"\u4f7f\u7528\u573a\u666f","text":""},{"location":"admin/kpanda/scale/knative/scene.html#_2","title":"\u9002\u5408\u7684\u573a\u666f","text":"Tip
\u77ed\u8fde\u63a5\u9ad8\u5e76\u53d1\u4e1a\u52a1\u4ee5\u53ca\u9700\u8981\u5f39\u6027\u4f38\u7f29\u7684\u4e1a\u52a1\uff0c\u63a8\u8350\u4f7f\u7528 HPA \u548c VPA \u80fd\u529b\u3002
"},{"location":"admin/kpanda/scale/knative/scene.html#_3","title":"\u4e0d\u9002\u5408\u7684\u573a\u666f","text":"\u5728Kubernetes\uff08\u7b80\u79f0K8s\uff09\u73af\u5883\u4e2d\uff0c\u5b89\u5168\u626b\u63cf\u662f\u786e\u4fdd\u96c6\u7fa4\u5b89\u5168\u6027\u7684\u5173\u952e\u63aa\u65bd\u4e4b\u4e00\u3002\u5176\u4e2d\uff0c\u5408\u89c4\u6027\u626b\u63cf\uff08\u57fa\u4e8eCIS Benchmark\uff09\u3001\u6743\u9650\u626b\u63cf\uff08\u57fa\u4e8ekube-audit\u5ba1\u8ba1\u529f\u80fd\uff09\u3001\u6f0f\u6d1e\u626b\u63cf\uff08\u57fa\u4e8e kube-hunter\uff09\u662f\u4e09\u79cd\u5e38\u89c1\u4e14\u91cd\u8981\u7684\u5b89\u5168\u626b\u63cf\u624b\u6bb5\uff1a
\u5408\u89c4\u6027\u626b\u63cf\uff1a\u57fa\u4e8e CIS Benchmark \u5bf9\u96c6\u7fa4\u8282\u70b9\u8fdb\u884c\u5b89\u5168\u626b\u63cf\u3002CIS Benchmark \u662f\u4e00\u5957\u5168\u7403\u516c\u8ba4\u7684\u6700\u4f73\u5b9e\u8df5\u6807\u51c6\uff0c\u4e3a Kubernetes \u96c6\u7fa4\u63d0\u4f9b\u4e86\u8be6\u7ec6\u7684\u5b89\u5168\u914d\u7f6e\u6307\u5357\u548c\u81ea\u52a8\u5316\u68c0\u67e5\u5de5\u5177\uff08\u5982Kube-Bench\uff09\uff0c\u5e2e\u52a9\u7ec4\u7ec7\u786e\u4fdd\u5176K8s\u96c6\u7fa4\u7b26\u5408\u5b89\u5168\u57fa\u7ebf\u8981\u6c42\uff0c\u4fdd\u62a4\u7cfb\u7edf\u548c\u6570\u636e\u514d\u53d7\u5a01\u80c1\u3002
\u6743\u9650\u626b\u63cf\uff1a\u57fa\u4e8ekube-audit\u5ba1\u8ba1\u529f\u80fd\u3002\u6743\u9650\u626b\u63cf\u4e3b\u8981\u89e3\u51b3\u96c6\u7fa4\u8bbf\u95ee\u63a7\u5236\u548c\u64cd\u4f5c\u900f\u660e\u5ea6\u7684\u95ee\u9898\u3002\u901a\u8fc7\u5ba1\u8ba1\u65e5\u5fd7\uff0c\u96c6\u7fa4\u7ba1\u7406\u5458\u80fd\u591f\u8ffd\u6eaf\u96c6\u7fa4\u8d44\u6e90\u7684\u8bbf\u95ee\u5386\u53f2\uff0c\u8bc6\u522b\u5f02\u5e38\u884c\u4e3a\uff0c\u5982\u672a\u7ecf\u6388\u6743\u7684\u8bbf\u95ee\u3001\u654f\u611f\u6570\u636e\u7684\u6cc4\u9732\u3001\u6709\u5b89\u5168\u6f0f\u6d1e\u7684\u64cd\u4f5c\u8bb0\u5f55\u7b49\u3002\u8fd9\u5bf9\u4e8e\u6545\u969c\u6392\u67e5\u3001\u5b89\u5168\u4e8b\u4ef6\u54cd\u5e94\u4ee5\u53ca\u6ee1\u8db3\u5408\u89c4\u6027\u8981\u6c42\u81f3\u5173\u91cd\u8981\u3002\u6b64\u5916\uff0c\u6743\u9650\u626b\u63cf\u8fd8\u53ef\u4ee5\u5e2e\u52a9\u7ec4\u7ec7\u53d1\u73b0\u6f5c\u5728\u7684\u6743\u9650\u6ee5\u7528\u95ee\u9898\uff0c\u53ca\u65f6\u91c7\u53d6\u63aa\u65bd\u9632\u6b62\u5b89\u5168\u4e8b\u4ef6\u7684\u53d1\u751f\u3002
\u6f0f\u6d1e\u626b\u63cf\uff1a\u57fa\u4e8e kube-hunter\uff0c\u4e3b\u8981\u89e3\u51b3 Kubernetes \u96c6\u7fa4\u4e2d\u5b58\u5728\u7684\u5df2\u77e5\u6f0f\u6d1e\u548c\u914d\u7f6e\u9519\u8bef\u95ee\u9898\u3002kube-hunter \u901a\u8fc7\u6a21\u62df\u653b\u51fb\u884c\u4e3a\uff0c\u80fd\u591f\u8bc6\u522b\u96c6\u7fa4\u4e2d\u53ef\u88ab\u6076\u610f\u5229\u7528\u7684\u6f0f\u6d1e\uff0c\u5982\u672a\u6388\u6743\u8bbf\u95ee\u3001\u66b4\u9732\u7684\u670d\u52a1\u548cAPI\u7aef\u70b9\u3001\u914d\u7f6e\u9519\u8bef\u7684\u89d2\u8272\u548c\u7ed1\u5b9a\u7b56\u7565\u7b49\u3002\u7279\u522b\u5730\uff0ckube-hunter\u80fd\u591f\u8bc6\u522b\u5e76\u62a5\u544a CVE \u6f0f\u6d1e\uff0c\u8fd9\u4e9b\u6f0f\u6d1e\u5982\u679c\u88ab\u6076\u610f\u5229\u7528\uff0c\u53ef\u80fd\u5bfc\u81f4\u6570\u636e\u6cc4\u9732\u3001\u670d\u52a1\u4e2d\u65ad\u7b49\u4e25\u91cd\u540e\u679c\u3002CVE \u6f0f\u6d1e\u662f\u7531\u56fd\u9645\u77e5\u540d\u7684\u5b89\u5168\u7ec4\u7ec7\u5982MITRE\u6240\u5b9a\u4e49\u548c\u7ef4\u62a4\u7684\uff0cCVE\u6570\u636e\u5e93\u4e3a\u8f6f\u4ef6\u548c\u56fa\u4ef6\u4e2d\u7684\u5df2\u77e5\u6f0f\u6d1e\u63d0\u4f9b\u4e86\u552f\u4e00\u6807\u8bc6\u7b26\uff0c\u6210\u4e3a\u5168\u7403\u5b89\u5168\u793e\u533a\u5171\u540c\u9075\u5faa\u7684\u6807\u51c6\u3002kube-hunter \u901a\u8fc7\u5229\u7528 CVE \u6570\u636e\u5e93\u4e2d\u7684\u4fe1\u606f\uff0c\u80fd\u591f\u5e2e\u52a9\u7528\u6237\u5feb\u901f\u8bc6\u522b\u5e76\u54cd\u5e94Kubernetes\u96c6\u7fa4\u4e2d\u7684\u5b89\u5168\u5a01\u80c1\u3002
\u5408\u89c4\u6027\u626b\u63cf\u7684\u5bf9\u8c61\u662f\u96c6\u7fa4\u8282\u70b9\u3002\u626b\u63cf\u7ed3\u679c\u4e2d\u4f1a\u5217\u51fa\u626b\u63cf\u9879\u4ee5\u53ca\u626b\u63cf\u7ed3\u679c\uff0c\u5e76\u9488\u5bf9\u672a\u901a\u8fc7\u7684\u626b\u63cf\u9879\u7ed9\u51fa\u4fee\u590d\u5efa\u8bae\u3002\u6709\u5173\u626b\u63cf\u65f6\u7528\u5230\u7684\u5177\u4f53\u5b89\u5168\u89c4\u5219\uff0c\u53ef\u53c2\u8003 CIS Kubernetes Benchmark
\u68c0\u67e5\u4e0d\u540c\u7c7b\u578b\u7684\u8282\u70b9\u65f6\uff0c\u626b\u63cf\u7684\u4fa7\u91cd\u70b9\u6709\u6240\u4e0d\u540c\u3002
\u626b\u63cf\u63a7\u5236\u5e73\u9762\u8282\u70b9\uff08Controller\uff09
\u626b\u63cf\u5de5\u4f5c\u8282\u70b9\uff08Worker\uff09
Tip
\u4f7f\u7528\u5408\u89c4\u6027\u626b\u63cf\u65f6\uff0c\u9700\u8981\u5148\u521b\u5efa\u626b\u63cf\u914d\u7f6e\uff0c\u7136\u540e\u57fa\u4e8e\u8be5\u914d\u7f6e\u521b\u5efa\u626b\u63cf\u7b56\u7565\u3002\u6267\u884c\u626b\u63cf\u7b56\u7565\u4e4b\u540e\uff0c\u53ef\u4ee5\u67e5\u770b\u626b\u63cf\u62a5\u544a\u3002
"},{"location":"admin/kpanda/security/index.html#_3","title":"\u6743\u9650\u626b\u63cf","text":"\u6743\u9650\u626b\u63cf\u4fa7\u91cd\u4e8e\u6743\u9650\u95ee\u9898\u5f15\u53d1\u7684\u5b89\u5168\u6f0f\u6d1e\u3002\u6743\u9650\u626b\u63cf\u53ef\u4ee5\u5e2e\u52a9\u7528\u6237\u8bc6\u522b Kubernetes \u96c6\u7fa4\u4e2d\u7684\u5b89\u5168\u5a01\u80c1\uff0c\u6807\u8bc6\u54ea\u4e9b\u8d44\u6e90\u9700\u8981\u8fdb\u884c\u8fdb\u4e00\u6b65\u7684\u5ba1\u67e5\u548c\u4fdd\u62a4\u63aa\u65bd\u3002\u901a\u8fc7\u6267\u884c\u8fd9\u4e9b\u68c0\u67e5\u9879\uff0c\u7528\u6237\u53ef\u4ee5\u66f4\u6e05\u695a\u3001\u66f4\u5168\u9762\u5730\u4e86\u89e3\u81ea\u5df1\u7684 Kubernetes \u73af\u5883\uff0c\u786e\u4fdd\u96c6\u7fa4\u73af\u5883\u7b26\u5408 Kubernetes \u7684\u6700\u4f73\u5b9e\u8df5\u548c\u5b89\u5168\u6807\u51c6\u3002
\u5177\u4f53\u800c\u8a00\uff0c\u6743\u9650\u626b\u63cf\u652f\u6301\u4ee5\u4e0b\u64cd\u4f5c\uff1a
\u626b\u63cf\u96c6\u7fa4\u4e2d\u7684\u6240\u6709\u8282\u70b9\u7684\u5065\u5eb7\u72b6\u6001\u3002
\u626b\u63cf\u96c6\u7fa4\u7ec4\u4ef6\u7684\u8fd0\u884c\u72b6\u51b5\uff0c\u5982 kube-apiserver \u3001 kube-controller-manager \u3001 kube-scheduler \u7b49\u3002
\u626b\u63cf\u5b89\u5168\u914d\u7f6e\uff1a\u68c0\u67e5 Kubernetes \u7684\u5b89\u5168\u914d\u7f6e
\u63d0\u4f9b\u8b66\u544a\u548c\u5efa\u8bae\uff1a\u5efa\u8bae\u96c6\u7fa4\u7ba1\u7406\u5458\u6267\u884c\u7684\u5b89\u5168\u6700\u4f73\u5b9e\u8df5\uff0c\u4f8b\u5982\u5b9a\u671f\u8f6e\u6362\u8bc1\u4e66\u3001\u4f7f\u7528\u5f3a\u5bc6\u7801\u3001\u9650\u5236\u7f51\u7edc\u8bbf\u95ee\u7b49\u3002
Tip
\u4f7f\u7528\u5408\u89c4\u6027\u626b\u63cf\u65f6\uff0c\u9700\u8981\u5148\u521b\u5efa\u626b\u63cf\u7b56\u7565\u3002\u6267\u884c\u626b\u63cf\u7b56\u7565\u4e4b\u540e\uff0c\u53ef\u4ee5\u67e5\u770b\u626b\u63cf\u62a5\u544a\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u5b89\u5168\u626b\u63cf\u3002
"},{"location":"admin/kpanda/security/index.html#_4","title":"\u6f0f\u6d1e\u626b\u63cf","text":"\u6f0f\u6d1e\u626b\u63cf\u4fa7\u91cd\u4e8e\u626b\u63cf\u6f5c\u5728\u7684\u6076\u610f\u653b\u51fb\u548c\u5b89\u5168\u6f0f\u6d1e\uff0c\u4f8b\u5982\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u3001SQL \u6ce8\u5165\u3001XSS \u653b\u51fb\u7b49\uff0c\u4ee5\u53ca\u4e00\u4e9b\u9488\u5bf9 Kubernetes \u7279\u5b9a\u7684\u653b\u51fb\u3002\u6700\u7ec8\u7684\u626b\u63cf\u62a5\u544a\u4f1a\u5217\u51fa\u96c6\u7fa4\u4e2d\u5b58\u5728\u7684\u5b89\u5168\u6f0f\u6d1e\uff0c\u5e76\u63d0\u51fa\u4fee\u590d\u5efa\u8bae\u3002
Tip
\u4f7f\u7528\u5408\u89c4\u6027\u626b\u63cf\u65f6\uff0c\u9700\u8981\u5148\u521b\u5efa\u626b\u63cf\u7b56\u7565\u3002\u6267\u884c\u626b\u63cf\u7b56\u7565\u4e4b\u540e\uff0c\u53ef\u4ee5\u67e5\u770b\u626b\u63cf\u62a5\u544a\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u6f0f\u6d1e\u626b\u63cf\u3002
"},{"location":"admin/kpanda/security/audit.html","title":"\u6743\u9650\u626b\u63cf","text":"\u4e3a\u4e86\u4f7f\u7528\u6743\u9650\u626b\u63cf\u529f\u80fd\uff0c\u9700\u8981\u5148\u521b\u5efa\u626b\u63cf\u7b56\u7565\uff0c\u6267\u884c\u8be5\u7b56\u7565\u4e4b\u540e\u4f1a\u81ea\u52a8\u751f\u6210\u626b\u63cf\u62a5\u544a\u4ee5\u4f9b\u67e5\u770b\u3002
"},{"location":"admin/kpanda/security/audit.html#_2","title":"\u521b\u5efa\u626b\u63cf\u7b56\u7565","text":"\u5728\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u7684\u9996\u9875\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u5b89\u5168\u7ba1\u7406 \u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u6743\u9650\u626b\u63cf \uff0c\u70b9\u51fb \u626b\u63cf\u7b56\u7565 \u9875\u7b7e\uff0c\u5728\u53f3\u4fa7\u70b9\u51fb \u521b\u5efa\u626b\u63cf\u7b56\u7565 \u3002
\u53c2\u8003\u4e0b\u5217\u8bf4\u660e\u586b\u5199\u914d\u7f6e\uff0c\u6700\u540e\u70b9\u51fb \u786e\u5b9a \u5373\u53ef\u3002
\u626b\u63cf\u7c7b\u578b\uff1a
\u626b\u63cf\u62a5\u544a\u4fdd\u7559\u6570\u91cf\uff1a\u8bbe\u7f6e\u6700\u591a\u4fdd\u7559\u591a\u5c11\u626b\u63cf\u62a5\u544a\u3002\u8d85\u8fc7\u6307\u5b9a\u7684\u4fdd\u7559\u6570\u91cf\u65f6\uff0c\u4ece\u6700\u65e9\u7684\u62a5\u544a\u5f00\u59cb\u5220\u9664\u3002
\u521b\u5efa\u626b\u63cf\u7b56\u7565\u4e4b\u540e\uff0c\u53ef\u4ee5\u6839\u636e\u9700\u8981\u66f4\u65b0\u6216\u5220\u9664\u626b\u63cf\u7b56\u7565\u3002
\u5728 \u626b\u63cf\u7b56\u7565 \u9875\u7b7e\u4e0b\uff0c\u70b9\u51fb\u914d\u7f6e\u53f3\u4fa7\u7684 \u2507 \u64cd\u4f5c\u6309\u94ae\uff1a
\u5bf9\u4e8e\u5468\u671f\u6027\u7684\u626b\u63cf\u7b56\u7565\uff1a
\u5bf9\u4e8e\u4e00\u6b21\u6027\u7684\u626b\u63cf\u7b56\u7565\uff1a\u4ec5\u652f\u6301 \u5220\u9664 \u64cd\u4f5c\u3002
\u5728 \u5b89\u5168\u7ba1\u7406 -> \u6743\u9650\u626b\u63cf -> \u626b\u63cf\u62a5\u544a \u9875\u7b7e\u4e0b\uff0c\u70b9\u51fb\u62a5\u544a\u540d\u79f0
\u5728\u62a5\u544a\u53f3\u4fa7\u70b9\u51fb \u5220\u9664 \u53ef\u4ee5\u624b\u52a8\u5220\u9664\u62a5\u544a\u3002
\u67e5\u770b\u626b\u63cf\u62a5\u544a\u5185\u5bb9\uff0c\u5305\u62ec\uff1a
\u68c0\u67e5\u8be6\u60c5\uff0c\u4f8b\u5982\u88ab\u68c0\u67e5\u7684\u8d44\u6e90\u3001\u8d44\u6e90\u7c7b\u578b\u3001\u626b\u63cf\u7ed3\u679c\u3001\u9519\u8bef\u7c7b\u578b\u3001\u9519\u8bef\u8be6\u60c5
\u4e3a\u4e86\u4f7f\u7528\u6f0f\u6d1e\u626b\u63cf\u529f\u80fd\uff0c\u9700\u8981\u5148\u521b\u5efa\u626b\u63cf\u7b56\u7565\uff0c\u6267\u884c\u8be5\u7b56\u7565\u4e4b\u540e\u4f1a\u81ea\u52a8\u751f\u6210\u626b\u63cf\u62a5\u544a\u4ee5\u4f9b\u67e5\u770b\u3002
"},{"location":"admin/kpanda/security/hunter.html#_2","title":"\u521b\u5efa\u626b\u63cf\u7b56\u7565","text":"\u5728\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u7684\u9996\u9875\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u5b89\u5168\u7ba1\u7406 \u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u6f0f\u6d1e\u626b\u63cf \uff0c\u70b9\u51fb \u626b\u63cf\u7b56\u7565 \u9875\u7b7e\uff0c\u5728\u53f3\u4fa7\u70b9\u51fb \u521b\u5efa\u626b\u63cf\u7b56\u7565 \u3002
\u53c2\u8003\u4e0b\u5217\u8bf4\u660e\u586b\u5199\u914d\u7f6e\uff0c\u6700\u540e\u70b9\u51fb \u786e\u5b9a \u5373\u53ef\u3002
\u626b\u63cf\u7c7b\u578b\uff1a
\u626b\u63cf\u62a5\u544a\u4fdd\u7559\u6570\u91cf\uff1a\u8bbe\u7f6e\u6700\u591a\u4fdd\u7559\u591a\u5c11\u626b\u63cf\u62a5\u544a\u3002\u8d85\u8fc7\u6307\u5b9a\u7684\u4fdd\u7559\u6570\u91cf\u65f6\uff0c\u4ece\u6700\u65e9\u7684\u62a5\u544a\u5f00\u59cb\u5220\u9664\u3002
\u521b\u5efa\u626b\u63cf\u7b56\u7565\u4e4b\u540e\uff0c\u53ef\u4ee5\u6839\u636e\u9700\u8981\u66f4\u65b0\u6216\u5220\u9664\u626b\u63cf\u7b56\u7565\u3002
\u5728 \u626b\u63cf\u7b56\u7565 \u9875\u7b7e\u4e0b\uff0c\u70b9\u51fb\u914d\u7f6e\u53f3\u4fa7\u7684 \u2507 \u64cd\u4f5c\u6309\u94ae\uff1a
\u5bf9\u4e8e\u5468\u671f\u6027\u7684\u626b\u63cf\u7b56\u7565\uff1a
\u5bf9\u4e8e\u4e00\u6b21\u6027\u7684\u626b\u63cf\u7b56\u7565\uff1a\u4ec5\u652f\u6301 \u5220\u9664 \u64cd\u4f5c\u3002
\u5728 \u5b89\u5168\u7ba1\u7406 -> \u6743\u9650\u626b\u63cf -> \u626b\u63cf\u62a5\u544a \u9875\u7b7e\u4e0b\uff0c\u70b9\u51fb\u62a5\u544a\u540d\u79f0
\u5728\u62a5\u544a\u53f3\u4fa7\u70b9\u51fb \u5220\u9664 \u53ef\u4ee5\u624b\u52a8\u5220\u9664\u62a5\u544a\u3002
\u67e5\u770b\u626b\u63cf\u62a5\u544a\u5185\u5bb9\uff0c\u5305\u62ec\uff1a
\u68c0\u67e5\u8be6\u60c5\uff0c\u4f8b\u5982\u6f0f\u6d1e ID\u3001\u6f0f\u6d1e\u7c7b\u578b\u3001\u6f0f\u6d1e\u540d\u79f0\u3001\u6f0f\u6d1e\u63cf\u8ff0\u7b49
\u4f7f\u7528\u5408\u89c4\u6027\u626b\u63cf\u7684\u7b2c\u4e00\u6b65\uff0c\u5c31\u662f\u5148\u521b\u5efa\u626b\u63cf\u914d\u7f6e\u3002\u57fa\u4e8e\u626b\u63cf\u914d\u7f6e\u518d\u521b\u5efa\u626b\u63cf\u7b56\u7565\u3001\u6267\u884c\u626b\u63cf\u7b56\u7565\uff0c\u6700\u540e\u67e5\u770b\u626b\u63cf\u7ed3\u679c\u3002
"},{"location":"admin/kpanda/security/cis/config.html#_2","title":"\u521b\u5efa\u626b\u63cf\u914d\u7f6e","text":"\u521b\u5efa\u626b\u63cf\u914d\u7f6e\u7684\u6b65\u9aa4\u5982\u4e0b\uff1a
\u5728\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u7684\u9996\u9875\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u5b89\u5168\u7ba1\u7406 \u3002
\u9ed8\u8ba4\u8fdb\u5165 \u5408\u89c4\u6027\u626b\u63cf \u9875\u9762\uff0c\u70b9\u51fb \u626b\u63cf\u914d\u7f6e \u9875\u7b7e\uff0c\u7136\u540e\u5728\u53f3\u4e0a\u89d2\u70b9\u51fb \u521b\u5efa\u626b\u63cf\u914d\u7f6e \u3002
\u586b\u5199\u914d\u7f6e\u540d\u79f0\u3001\u9009\u62e9\u914d\u7f6e\u6a21\u677f\u3001\u6309\u9700\u52fe\u9009\u626b\u63cf\u9879\uff0c\u6700\u540e\u70b9\u51fb \u786e\u5b9a \u3002
\u626b\u63cf\u6a21\u677f\uff1a\u76ee\u524d\u63d0\u4f9b\u4e86\u4e24\u4e2a\u6a21\u677f\u3002 kubeadm \u6a21\u677f\u9002\u7528\u4e8e\u4e00\u822c\u60c5\u51b5\u4e0b\u7684 Kubernetes \u96c6\u7fa4\u3002 \u6211\u4eec\u5728 kubeadm \u6a21\u677f\u57fa\u7840\u4e0a\uff0c\u7ed3\u5408\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u7684\u5e73\u53f0\u8bbe\u8ba1\u5ffd\u7565\u4e86\u4e0d\u9002\u7528\u4e8e\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u7684\u626b\u63cf\u9879\u3002
\u5728\u626b\u63cf\u914d\u7f6e\u9875\u7b7e\u4e0b\uff0c\u70b9\u51fb\u626b\u63cf\u914d\u7f6e\u7684\u540d\u79f0\uff0c\u53ef\u4ee5\u67e5\u770b\u8be5\u914d\u7f6e\u7684\u7c7b\u578b\u3001\u626b\u63cf\u9879\u6570\u91cf\u3001\u521b\u5efa\u65f6\u95f4\u3001\u914d\u7f6e\u6a21\u677f\uff0c\u4ee5\u53ca\u8be5\u914d\u7f6e\u542f\u7528\u7684\u5177\u4f53\u626b\u63cf\u9879\u3002
"},{"location":"admin/kpanda/security/cis/config.html#_4","title":"\u66f4\u65b0/\u5220\u9664\u626b\u63cf\u914d\u7f6e","text":"\u626b\u63cf\u914d\u7f6e\u521b\u5efa\u6210\u529f\u4e4b\u540e\uff0c\u53ef\u4ee5\u6839\u636e\u9700\u6c42\u66f4\u65b0\u914d\u7f6e\u6216\u5220\u9664\u8be5\u914d\u7f6e\u3002
\u5728\u626b\u63cf\u914d\u7f6e\u9875\u7b7e\u4e0b\uff0c\u70b9\u51fb\u914d\u7f6e\u53f3\u4fa7\u7684 \u2507 \u64cd\u4f5c\u6309\u94ae\uff1a
\u9009\u62e9 \u5220\u9664 \u53ef\u4ee5\u5220\u9664\u8be5\u914d\u7f6e\u3002
\u521b\u5efa\u626b\u63cf\u914d\u7f6e\u4e4b\u540e\uff0c\u53ef\u4ee5\u57fa\u4e8e\u914d\u7f6e\u521b\u5efa\u626b\u63cf\u7b56\u7565\u3002
\u5728 \u5b89\u5168\u7ba1\u7406 -> \u5408\u89c4\u6027\u626b\u63cf \u9875\u9762\u7684 \u626b\u63cf\u7b56\u7565 \u9875\u7b7e\u4e0b\uff0c\u5728\u53f3\u4fa7\u70b9\u51fb\u521b\u5efa\u626b\u63cf\u7b56\u7565\u3002
\u53c2\u8003\u4e0b\u5217\u8bf4\u660e\u586b\u5199\u914d\u7f6e\u540e\uff0c\u70b9\u51fb \u786e\u5b9a \u3002
\u626b\u63cf\u7c7b\u578b\uff1a
\u626b\u63cf\u62a5\u544a\u4fdd\u7559\u6570\u91cf\uff1a\u8bbe\u7f6e\u6700\u591a\u4fdd\u7559\u591a\u5c11\u626b\u63cf\u62a5\u544a\u3002\u8d85\u8fc7\u6307\u5b9a\u7684\u4fdd\u7559\u6570\u91cf\u65f6\uff0c\u4ece\u6700\u65e9\u7684\u62a5\u544a\u5f00\u59cb\u5220\u9664\u3002
\u521b\u5efa\u626b\u63cf\u7b56\u7565\u4e4b\u540e\uff0c\u53ef\u4ee5\u6839\u636e\u9700\u8981\u66f4\u65b0\u6216\u5220\u9664\u626b\u63cf\u7b56\u7565\u3002
\u5728 \u626b\u63cf\u7b56\u7565 \u9875\u7b7e\u4e0b\uff0c\u70b9\u51fb\u914d\u7f6e\u53f3\u4fa7\u7684 \u2507 \u64cd\u4f5c\u6309\u94ae\uff1a
\u5bf9\u4e8e\u5468\u671f\u6027\u7684\u626b\u63cf\u7b56\u7565\uff1a
\u5bf9\u4e8e\u4e00\u6b21\u6027\u7684\u626b\u63cf\u7b56\u7565\uff1a\u4ec5\u652f\u6301 \u5220\u9664 \u64cd\u4f5c\u3002
hide\uff1a - toc
"},{"location":"admin/kpanda/security/cis/report.html#_1","title":"\u626b\u63cf\u62a5\u544a","text":"\u6267\u884c\u626b\u63cf\u7b56\u7565\u4e4b\u540e\u4f1a\u81ea\u52a8\u751f\u6210\u626b\u63cf\u62a5\u544a\u3002\u60a8\u53ef\u4ee5\u5728\u7ebf\u67e5\u770b\u626b\u63cf\u62a5\u544a\u6216\u5c06\u5176\u4e0b\u8f7d\u5230\u672c\u5730\u67e5\u770b\u3002
\u4e0b\u8f7d\u67e5\u770b\u626b\u63cf\u62a5\u544a
\u5b89\u5168\u7ba1\u7406 -> \u5408\u89c4\u6027\u626b\u63cf \u9875\u9762\u7684 \u626b\u63cf\u62a5\u544a \u9875\u7b7e\u70b9\u51fb\u62a5\u544a\u53f3\u4fa7\u7684 \u2507 \u64cd\u4f5c\u6309\u94ae\u9009\u62e9 \u4e0b\u8f7d \u3002
\u5728\u7ebf\u67e5\u770b\u626b\u63cf\u62a5\u544a
\u70b9\u51fb\u67d0\u4e2a\u62a5\u544a\u7684\u540d\u79f0\uff0c\u60a8\u53ef\u4ee5\u5728\u7ebf\u67e5\u770b CIS \u5408\u89c4\u6027\u626b\u63cf\u7684\u62a5\u544a\u5185\u5bb9\u3002\u5177\u4f53\u5305\u62ec\uff1a
\u6570\u636e\u5377\uff08PersistentVolume\uff0cPV\uff09\u662f\u96c6\u7fa4\u4e2d\u7684\u4e00\u5757\u5b58\u50a8\uff0c\u53ef\u7531\u7ba1\u7406\u5458\u4e8b\u5148\u5236\u5907\uff0c\u6216\u4f7f\u7528\u5b58\u50a8\u7c7b\uff08Storage Class\uff09\u6765\u52a8\u6001\u5236\u5907\u3002PV \u662f\u96c6\u7fa4\u8d44\u6e90\uff0c\u4f46\u62e5\u6709\u72ec\u7acb\u7684\u751f\u547d\u5468\u671f\uff0c\u4e0d\u4f1a\u968f\u7740 Pod \u8fdb\u7a0b\u7ed3\u675f\u800c\u88ab\u5220\u9664\u3002\u5c06 PV \u6302\u8f7d\u5230\u5de5\u4f5c\u8d1f\u8f7d\u53ef\u4ee5\u5b9e\u73b0\u5de5\u4f5c\u8d1f\u8f7d\u7684\u6570\u636e\u6301\u4e45\u5316\u3002PV \u4e2d\u4fdd\u5b58\u4e86\u53ef\u88ab Pod \u4e2d\u5bb9\u5668\u8bbf\u95ee\u7684\u6570\u636e\u76ee\u5f55\u3002
"},{"location":"admin/kpanda/storage/pv.html#_1","title":"\u521b\u5efa\u6570\u636e\u5377","text":"\u76ee\u524d\u652f\u6301\u901a\u8fc7 YAML \u548c\u8868\u5355\u4e24\u79cd\u65b9\u5f0f\u521b\u5efa\u6570\u636e\u5377\uff0c\u8fd9\u4e24\u79cd\u65b9\u5f0f\u5404\u6709\u4f18\u52a3\uff0c\u53ef\u4ee5\u6ee1\u8db3\u4e0d\u540c\u7528\u6237\u7684\u4f7f\u7528\u9700\u6c42\u3002
\u901a\u8fc7 YAML \u521b\u5efa\u6b65\u9aa4\u66f4\u5c11\u3001\u66f4\u9ad8\u6548\uff0c\u4f46\u95e8\u69db\u8981\u6c42\u8f83\u9ad8\uff0c\u9700\u8981\u719f\u6089\u6570\u636e\u5377\u7684 YAML \u6587\u4ef6\u914d\u7f6e\u3002
\u901a\u8fc7\u8868\u5355\u521b\u5efa\u66f4\u76f4\u89c2\u66f4\u7b80\u5355\uff0c\u6839\u636e\u63d0\u793a\u586b\u5199\u5bf9\u5e94\u7684\u503c\u5373\u53ef\uff0c\u4f46\u6b65\u9aa4\u66f4\u52a0\u7e41\u7410\u3002
\u5728\u96c6\u7fa4\u5217\u8868\u4e2d\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u7136\u540e\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u5bb9\u5668\u5b58\u50a8 -> \u6570\u636e\u5377(PV) -> YAML \u521b\u5efa \u3002
\u5728\u5f39\u6846\u4e2d\u8f93\u5165\u6216\u7c98\u8d34\u4e8b\u5148\u51c6\u5907\u597d\u7684 YAML \u6587\u4ef6\uff0c\u7136\u540e\u5728\u5f39\u6846\u5e95\u90e8\u70b9\u51fb \u786e\u5b9a \u3002
\u652f\u6301\u4ece\u672c\u5730\u5bfc\u5165 YAML \u6587\u4ef6\u6216\u5c06\u586b\u5199\u597d\u7684\u6587\u4ef6\u4e0b\u8f7d\u4fdd\u5b58\u5230\u672c\u5730\u3002
\u5728\u96c6\u7fa4\u5217\u8868\u4e2d\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u7136\u540e\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u5bb9\u5668\u5b58\u50a8 -> \u6570\u636e\u5377(PV) -> \u521b\u5efa\u6570\u636e\u5377(PV) \u3002
\u586b\u5199\u57fa\u672c\u4fe1\u606f\u3002
\u6570\u636e\u5377\u7c7b\u578b\uff1a\u6709\u5173\u5377\u7c7b\u578b\u7684\u8be6\u7ec6\u4ecb\u7ecd\uff0c\u53ef\u53c2\u8003 Kubernetes \u5b98\u65b9\u6587\u6863\u5377\u3002
Local\uff1a\u5c06 Node \u8282\u70b9\u7684\u672c\u5730\u5b58\u50a8\u5305\u88c5\u6210 PVC \u63a5\u53e3\uff0c\u5bb9\u5668\u76f4\u63a5\u4f7f\u7528 PVC \u800c\u65e0\u9700\u5173\u6ce8\u5e95\u5c42\u7684\u5b58\u50a8\u7c7b\u578b\u3002Local \u5377\u4e0d\u652f\u6301\u52a8\u6001\u914d\u7f6e\u6570\u636e\u5377\uff0c\u4f46\u652f\u6301\u914d\u7f6e\u8282\u70b9\u4eb2\u548c\u6027\uff0c\u53ef\u4ee5\u9650\u5236\u80fd\u4ece\u54ea\u4e9b\u8282\u70b9\u4e0a\u8bbf\u95ee\u8be5\u6570\u636e\u5377\u3002
HostPath\uff1a\u4f7f\u7528 Node \u8282\u70b9\u7684\u6587\u4ef6\u7cfb\u7edf\u4e0a\u7684\u6587\u4ef6\u6216\u76ee\u5f55\u4f5c\u4e3a\u6570\u636e\u5377\uff0c\u4e0d\u652f\u6301\u57fa\u4e8e\u8282\u70b9\u4eb2\u548c\u6027\u7684 Pod \u8c03\u5ea6\u3002
\u6302\u8f7d\u8def\u5f84\uff1a\u5c06\u6570\u636e\u5377\u6302\u8f7d\u5230\u5bb9\u5668\u4e2d\u7684\u67d0\u4e2a\u5177\u4f53\u76ee\u5f55\u4e0b\u3002
\u8bbf\u95ee\u6a21\u5f0f\uff1a
\u56de\u6536\u7b56\u7565\uff1a
\u5377\u6a21\u5f0f\uff1a
\u8282\u70b9\u4eb2\u548c\u6027\uff1a
\u5728\u96c6\u7fa4\u5217\u8868\u4e2d\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u7136\u540e\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u5bb9\u5668\u5b58\u50a8 -> \u6570\u636e\u5377(PV) \u3002
\u8be5\u9875\u9762\u53ef\u4ee5\u67e5\u770b\u5f53\u524d\u96c6\u7fa4\u4e2d\u7684\u6240\u6709\u6570\u636e\u5377\uff0c\u4ee5\u53ca\u5404\u4e2a\u6570\u636e\u5377\u7684\u72b6\u6001\u3001\u5bb9\u91cf\u3001\u547d\u540d\u7a7a\u95f4\u7b49\u4fe1\u606f\u3002
\u652f\u6301\u6309\u7167\u6570\u636e\u5377\u7684\u540d\u79f0\u3001\u72b6\u6001\u3001\u547d\u540d\u7a7a\u95f4\u3001\u521b\u5efa\u65f6\u95f4\u8fdb\u884c\u987a\u5e8f\u6216\u9006\u5e8f\u6392\u5e8f\u3002
\u70b9\u51fb\u6570\u636e\u5377\u7684\u540d\u79f0\uff0c\u53ef\u4ee5\u67e5\u770b\u8be5\u6570\u636e\u5377\u7684\u57fa\u672c\u914d\u7f6e\u3001\u5b58\u50a8\u6c60\u4fe1\u606f\u3001\u6807\u7b7e\u3001\u6ce8\u89e3\u7b49\u4fe1\u606f\u3002
\u901a\u8fc7\u514b\u9686\u6570\u636e\u5377\uff0c\u53ef\u4ee5\u57fa\u4e8e\u88ab\u514b\u9686\u6570\u636e\u5377\u7684\u914d\u7f6e\uff0c\u91cd\u65b0\u521b\u5efa\u4e00\u4e2a\u65b0\u7684\u6570\u636e\u5377\u3002
\u8fdb\u5165\u514b\u9686\u9875\u9762
\u5728\u6570\u636e\u5377\u5217\u8868\u9875\u9762\uff0c\u627e\u5230\u9700\u8981\u514b\u9686\u7684\u6570\u636e\u5377\uff0c\u5728\u53f3\u4fa7\u7684\u64cd\u4f5c\u680f\u4e0b\u9009\u62e9 \u514b\u9686 \u3002
\u4e5f\u53ef\u4ee5\u70b9\u51fb\u6570\u636e\u5377\u7684\u540d\u79f0\uff0c\u5728\u8be6\u60c5\u9875\u9762\u7684\u53f3\u4e0a\u89d2\u70b9\u51fb\u64cd\u4f5c\u6309\u94ae\u9009\u62e9 \u514b\u9686 \u3002
\u76f4\u63a5\u4f7f\u7528\u539f\u914d\u7f6e\uff0c\u6216\u8005\u6309\u9700\u8fdb\u884c\u4fee\u6539\uff0c\u7136\u540e\u5728\u9875\u9762\u5e95\u90e8\u70b9\u51fb \u786e\u5b9a \u3002
\u6709\u4e24\u79cd\u9014\u5f84\u53ef\u4ee5\u66f4\u65b0\u6570\u636e\u5377\u3002\u652f\u6301\u901a\u8fc7\u8868\u5355\u6216 YAML \u6587\u4ef6\u66f4\u65b0\u6570\u636e\u5377\u3002
Note
\u4ec5\u652f\u6301\u66f4\u65b0\u6570\u636e\u5377\u7684\u522b\u540d\u3001\u5bb9\u91cf\u3001\u8bbf\u95ee\u6a21\u5f0f\u3001\u56de\u6536\u7b56\u7565\u3001\u6807\u7b7e\u548c\u6ce8\u89e3\u3002
\u5728\u6570\u636e\u5377\u5217\u8868\u9875\u9762\uff0c\u627e\u5230\u9700\u8981\u66f4\u65b0\u7684\u6570\u636e\u5377\uff0c\u5728\u53f3\u4fa7\u7684\u64cd\u4f5c\u680f\u4e0b\u9009\u62e9 \u66f4\u65b0 \u5373\u53ef\u901a\u8fc7\u8868\u5355\u66f4\u65b0\uff0c\u9009\u62e9 \u7f16\u8f91 YAML \u5373\u53ef\u901a\u8fc7 YAML \u66f4\u65b0\u3002
\u70b9\u51fb\u6570\u636e\u5377\u7684\u540d\u79f0\uff0c\u8fdb\u5165\u6570\u636e\u5377\u7684\u8be6\u60c5\u9875\u9762\u540e\uff0c\u5728\u9875\u9762\u53f3\u4e0a\u89d2\u9009\u62e9 \u66f4\u65b0 \u5373\u53ef\u901a\u8fc7\u8868\u5355\u66f4\u65b0\uff0c\u9009\u62e9 \u7f16\u8f91 YAML \u5373\u53ef\u901a\u8fc7 YAML \u66f4\u65b0\u3002
\u5728\u6570\u636e\u5377\u5217\u8868\u9875\u9762\uff0c\u627e\u5230\u9700\u8981\u5220\u9664\u7684\u6570\u636e\uff0c\u5728\u53f3\u4fa7\u7684\u64cd\u4f5c\u680f\u4e0b\u9009\u62e9 \u5220\u9664 \u3002
\u4e5f\u53ef\u4ee5\u70b9\u51fb\u6570\u636e\u5377\u7684\u540d\u79f0\uff0c\u5728\u8be6\u60c5\u9875\u9762\u7684\u53f3\u4e0a\u89d2\u70b9\u51fb\u64cd\u4f5c\u6309\u94ae\u9009\u62e9 \u5220\u9664 \u3002
"},{"location":"admin/kpanda/storage/pvc.html","title":"\u6570\u636e\u5377\u58f0\u660e(PVC)","text":"\u6301\u4e45\u5377\u58f0\u660e\uff08PersistentVolumeClaim\uff0cPVC\uff09\u8868\u8fbe\u7684\u662f\u7528\u6237\u5bf9\u5b58\u50a8\u7684\u8bf7\u6c42\u3002PVC \u6d88\u8017 PV \u8d44\u6e90\uff0c\u7533\u9886\u4f7f\u7528\u7279\u5b9a\u5927\u5c0f\u3001\u7279\u5b9a\u8bbf\u95ee\u6a21\u5f0f\u7684\u6570\u636e\u5377\uff0c\u4f8b\u5982\u8981\u6c42 PV \u5377\u4ee5 ReadWriteOnce\u3001ReadOnlyMany \u6216 ReadWriteMany \u7b49\u6a21\u5f0f\u6765\u6302\u8f7d\u3002
"},{"location":"admin/kpanda/storage/pvc.html#_1","title":"\u521b\u5efa\u6570\u636e\u5377\u58f0\u660e","text":"\u76ee\u524d\u652f\u6301\u901a\u8fc7 YAML \u548c\u8868\u5355\u4e24\u79cd\u65b9\u5f0f\u521b\u5efa\u6570\u636e\u5377\u58f0\u660e\uff0c\u8fd9\u4e24\u79cd\u65b9\u5f0f\u5404\u6709\u4f18\u52a3\uff0c\u53ef\u4ee5\u6ee1\u8db3\u4e0d\u540c\u7528\u6237\u7684\u4f7f\u7528\u9700\u6c42\u3002
\u901a\u8fc7 YAML \u521b\u5efa\u6b65\u9aa4\u66f4\u5c11\u3001\u66f4\u9ad8\u6548\uff0c\u4f46\u95e8\u69db\u8981\u6c42\u8f83\u9ad8\uff0c\u9700\u8981\u719f\u6089\u6570\u636e\u5377\u58f0\u660e\u7684 YAML \u6587\u4ef6\u914d\u7f6e\u3002
\u901a\u8fc7\u8868\u5355\u521b\u5efa\u66f4\u76f4\u89c2\u66f4\u7b80\u5355\uff0c\u6839\u636e\u63d0\u793a\u586b\u5199\u5bf9\u5e94\u7684\u503c\u5373\u53ef\uff0c\u4f46\u6b65\u9aa4\u66f4\u52a0\u7e41\u7410\u3002
\u5728\u96c6\u7fa4\u5217\u8868\u4e2d\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u7136\u540e\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u5bb9\u5668\u5b58\u50a8 -> \u6570\u636e\u5377\u58f0\u660e (PVC) -> YAML \u521b\u5efa \u3002
\u5728\u5f39\u6846\u4e2d\u8f93\u5165\u6216\u7c98\u8d34\u4e8b\u5148\u51c6\u5907\u597d\u7684 YAML \u6587\u4ef6\uff0c\u7136\u540e\u5728\u5f39\u6846\u5e95\u90e8\u70b9\u51fb \u786e\u5b9a \u3002
\u652f\u6301\u4ece\u672c\u5730\u5bfc\u5165 YAML \u6587\u4ef6\u6216\u5c06\u586b\u5199\u597d\u7684\u6587\u4ef6\u4e0b\u8f7d\u4fdd\u5b58\u5230\u672c\u5730\u3002
\u5728\u96c6\u7fa4\u5217\u8868\u4e2d\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u7136\u540e\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u5bb9\u5668\u5b58\u50a8 -> \u6570\u636e\u5377\u58f0\u660e (PVC) -> \u521b\u5efa\u6570\u636e\u5377\u58f0\u660e (PVC) \u3002
\u586b\u5199\u57fa\u672c\u4fe1\u606f\u3002
\u521b\u5efa\u65b9\u5f0f\uff1a\u5728\u5df2\u6709\u7684\u5b58\u50a8\u6c60\u6216\u8005\u6570\u636e\u5377\u4e2d\u52a8\u6001\u521b\u5efa\u65b0\u7684\u6570\u636e\u5377\u58f0\u660e\uff0c\u6216\u8005\u57fa\u4e8e\u6570\u636e\u5377\u58f0\u660e\u7684\u5feb\u7167\u521b\u5efa\u65b0\u7684\u6570\u636e\u5377\u58f0\u660e\u3002
\u57fa\u4e8e\u5feb\u7167\u521b\u5efa\u65f6\u65e0\u6cd5\u4fee\u6539\u6570\u636e\u5377\u58f0\u660e\u7684\u5bb9\u91cf\uff0c\u53ef\u4ee5\u5728\u521b\u5efa\u5b8c\u6210\u540e\u518d\u8fdb\u884c\u4fee\u6539\u3002
\u9009\u62e9\u521b\u5efa\u65b9\u5f0f\u4e4b\u540e\uff0c\u5728\u4e0b\u62c9\u5217\u8868\u4e2d\u9009\u62e9\u60f3\u8981\u4f7f\u7528\u7684\u5b58\u50a8\u6c60/\u6570\u636e\u5377/\u5feb\u7167\u3002
\u8bbf\u95ee\u6a21\u5f0f\uff1a
ReadWriteOnce\uff0c\u6570\u636e\u5377\u58f0\u660e\u53ef\u4ee5\u88ab\u4e00\u4e2a\u8282\u70b9\u4ee5\u8bfb\u5199\u65b9\u5f0f\u6302\u8f7d\u3002
ReadWriteOncePod\uff0c\u6570\u636e\u5377\u58f0\u660e\u53ef\u4ee5\u88ab\u5355\u4e2a Pod \u4ee5\u8bfb\u5199\u65b9\u5f0f\u6302\u8f7d\u3002
\u5728\u96c6\u7fa4\u5217\u8868\u4e2d\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u7136\u540e\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u5bb9\u5668\u5b58\u50a8 -> \u6570\u636e\u5377\u58f0\u660e(PVC) \u3002
\u8be5\u9875\u9762\u53ef\u4ee5\u67e5\u770b\u5f53\u524d\u96c6\u7fa4\u4e2d\u7684\u6240\u6709\u6570\u636e\u5377\u58f0\u660e\uff0c\u4ee5\u53ca\u5404\u4e2a\u6570\u636e\u5377\u58f0\u660e\u7684\u72b6\u6001\u3001\u5bb9\u91cf\u3001\u547d\u540d\u7a7a\u95f4\u7b49\u4fe1\u606f\u3002
\u652f\u6301\u6309\u7167\u6570\u636e\u5377\u58f0\u660e\u7684\u540d\u79f0\u3001\u72b6\u6001\u3001\u547d\u540d\u7a7a\u95f4\u3001\u521b\u5efa\u65f6\u95f4\u8fdb\u884c\u987a\u5e8f\u6216\u9006\u5e8f\u6392\u5e8f\u3002
\u70b9\u51fb\u6570\u636e\u5377\u58f0\u660e\u7684\u540d\u79f0\uff0c\u53ef\u4ee5\u67e5\u770b\u8be5\u6570\u636e\u5377\u58f0\u660e\u7684\u57fa\u672c\u914d\u7f6e\u3001\u5b58\u50a8\u6c60\u4fe1\u606f\u3001\u6807\u7b7e\u3001\u6ce8\u89e3\u7b49\u4fe1\u606f\u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u5bb9\u5668\u5b58\u50a8 -> \u6570\u636e\u5377\u58f0\u660e(PVC) \uff0c\u627e\u5230\u60f3\u8981\u8c03\u6574\u5bb9\u91cf\u7684\u6570\u636e\u5377\u58f0\u660e\u3002
\u70b9\u51fb\u6570\u636e\u5377\u58f0\u660e\u7684\u540d\u79f0\uff0c\u7136\u540e\u5728\u9875\u9762\u53f3\u4e0a\u89d2\u70b9\u51fb\u64cd\u4f5c\u6309\u94ae\u9009\u62e9 \u6269\u5bb9 \u3002
\u8f93\u5165\u76ee\u6807\u5bb9\u91cf\uff0c\u7136\u540e\u70b9\u51fb \u786e\u5b9a \u3002
\u901a\u8fc7\u514b\u9686\u6570\u636e\u5377\u58f0\u660e\uff0c\u53ef\u4ee5\u57fa\u4e8e\u88ab\u514b\u9686\u6570\u636e\u5377\u58f0\u660e\u7684\u914d\u7f6e\uff0c\u91cd\u65b0\u521b\u5efa\u4e00\u4e2a\u65b0\u7684\u6570\u636e\u5377\u58f0\u660e\u3002
\u8fdb\u5165\u514b\u9686\u9875\u9762
\u5728\u6570\u636e\u5377\u58f0\u660e\u5217\u8868\u9875\u9762\uff0c\u627e\u5230\u9700\u8981\u514b\u9686\u7684\u6570\u636e\u5377\u58f0\u660e\uff0c\u5728\u53f3\u4fa7\u7684\u64cd\u4f5c\u680f\u4e0b\u9009\u62e9 \u514b\u9686 \u3002
\u4e5f\u53ef\u4ee5\u70b9\u51fb\u6570\u636e\u5377\u58f0\u660e\u7684\u540d\u79f0\uff0c\u5728\u8be6\u60c5\u9875\u9762\u7684\u53f3\u4e0a\u89d2\u70b9\u51fb\u64cd\u4f5c\u6309\u94ae\u9009\u62e9 \u514b\u9686 \u3002
\u76f4\u63a5\u4f7f\u7528\u539f\u914d\u7f6e\uff0c\u6216\u8005\u6309\u9700\u8fdb\u884c\u4fee\u6539\uff0c\u7136\u540e\u5728\u9875\u9762\u5e95\u90e8\u70b9\u51fb \u786e\u5b9a \u3002
\u6709\u4e24\u79cd\u9014\u5f84\u53ef\u4ee5\u66f4\u65b0\u6570\u636e\u5377\u58f0\u660e\u3002\u652f\u6301\u901a\u8fc7\u8868\u5355\u6216 YAML \u6587\u4ef6\u66f4\u65b0\u6570\u636e\u5377\u58f0\u660e\u3002
Note
\u4ec5\u652f\u6301\u66f4\u65b0\u6570\u636e\u5377\u58f0\u660e\u7684\u522b\u540d\u3001\u6807\u7b7e\u548c\u6ce8\u89e3\u3002
\u5728\u6570\u636e\u5377\u5217\u8868\u9875\u9762\uff0c\u627e\u5230\u9700\u8981\u66f4\u65b0\u7684\u6570\u636e\u5377\u58f0\u660e\uff0c\u5728\u53f3\u4fa7\u7684\u64cd\u4f5c\u680f\u4e0b\u9009\u62e9 \u66f4\u65b0 \u5373\u53ef\u901a\u8fc7\u8868\u5355\u66f4\u65b0\uff0c\u9009\u62e9 \u7f16\u8f91 YAML \u5373\u53ef\u901a\u8fc7 YAML \u66f4\u65b0\u3002
\u70b9\u51fb\u6570\u636e\u5377\u58f0\u660e\u7684\u540d\u79f0\uff0c\u8fdb\u5165\u6570\u636e\u5377\u58f0\u660e\u7684\u8be6\u60c5\u9875\u9762\u540e\uff0c\u5728\u9875\u9762\u53f3\u4e0a\u89d2\u9009\u62e9 \u66f4\u65b0 \u5373\u53ef\u901a\u8fc7\u8868\u5355\u66f4\u65b0\uff0c\u9009\u62e9 \u7f16\u8f91 YAML \u5373\u53ef\u901a\u8fc7 YAML \u66f4\u65b0\u3002
\u5728\u6570\u636e\u5377\u58f0\u660e\u5217\u8868\u9875\u9762\uff0c\u627e\u5230\u9700\u8981\u5220\u9664\u7684\u6570\u636e\uff0c\u5728\u53f3\u4fa7\u7684\u64cd\u4f5c\u680f\u4e0b\u9009\u62e9 \u5220\u9664 \u3002
\u4e5f\u53ef\u4ee5\u70b9\u51fb\u6570\u636e\u5377\u58f0\u660e\u7684\u540d\u79f0\uff0c\u5728\u8be6\u60c5\u9875\u9762\u7684\u53f3\u4e0a\u89d2\u70b9\u51fb\u64cd\u4f5c\u6309\u94ae\u9009\u62e9 \u5220\u9664 \u3002
"},{"location":"admin/kpanda/storage/pvc.html#_8","title":"\u5e38\u89c1\u95ee\u9898","text":"\u5982\u679c\u5217\u8868\u4e2d\u6ca1\u6709\u53ef\u9009\u7684\u5b58\u50a8\u6c60\u6216\u6570\u636e\u5377\uff0c\u53ef\u4ee5\u521b\u5efa\u5b58\u50a8\u6c60\u6216\u521b\u5efa\u6570\u636e\u5377\u3002
\u5982\u679c\u5217\u8868\u4e2d\u6ca1\u6709\u53ef\u9009\u7684\u5feb\u7167\uff0c\u53ef\u4ee5\u8fdb\u5165\u6570\u636e\u5377\u58f0\u660e\u7684\u8be6\u60c5\u9875\uff0c\u5728\u53f3\u4e0a\u89d2\u5236\u4f5c\u5feb\u7167\u3002
\u5982\u679c\u6570\u636e\u5377\u58f0\u660e\u6240\u4f7f\u7528\u7684\u5b58\u50a8\u6c60 (SC) \u6ca1\u6709\u542f\u7528\u5feb\u7167\uff0c\u5219\u65e0\u6cd5\u5236\u4f5c\u5feb\u7167\uff0c\u9875\u9762\u4e0d\u4f1a\u663e\u793a\u201c\u5236\u4f5c\u5feb\u7167\u201d\u9009\u9879\u3002
\u5982\u679c\u6570\u636e\u5377\u58f0\u660e\u6240\u4f7f\u7528\u7684\u5b58\u50a8\u6c60 (SC) \u6ca1\u6709\u5f00\u542f\u6269\u5bb9\u529f\u80fd\uff0c\u5219\u8be5\u6570\u636e\u5377\u4e0d\u652f\u6301\u6269\u5bb9\uff0c\u9875\u9762\u4e0d\u4f1a\u663e\u793a\u6269\u5bb9\u9009\u9879\u3002
\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u652f\u6301\u5c06\u4e00\u4e2a\u5b58\u50a8\u6c60\u5171\u4eab\u7ed9\u591a\u4e2a\u547d\u540d\u7a7a\u95f4\u4f7f\u7528\uff0c\u4ee5\u4fbf\u63d0\u9ad8\u8d44\u6e90\u5229\u7528\u6548\u7387\u3002
\u5728\u5b58\u50a8\u6c60\u5217\u8868\u4e2d\u627e\u5230\u9700\u8981\u5171\u4eab\u7684\u5b58\u50a8\u6c60\uff0c\u5728\u53f3\u4fa7\u64cd\u4f5c\u680f\u4e0b\u70b9\u51fb \u6388\u6743\u547d\u540d\u7a7a\u95f4 \u3002
\u70b9\u51fb \u81ea\u5b9a\u4e49\u547d\u540d\u7a7a\u95f4 \u53ef\u4ee5\u9010\u4e00\u9009\u62e9\u9700\u8981\u5c06\u6b64\u5b58\u50a8\u6c60\u5171\u4eab\u5230\u54ea\u4e9b\u547d\u540d\u7a7a\u95f4\u3002
\u5728\u5217\u8868\u53f3\u4fa7\u7684\u64cd\u4f5c\u680f\u4e0b\u65b9\u70b9\u51fb \u79fb\u9664\u6388\u6743 \uff0c\u53ef\u4ee5\u89e3\u9664\u6388\u6743\uff0c\u505c\u6b62\u5c06\u6b64\u5b58\u50a8\u6c60\u5171\u4eab\u5230\u8be5\u547d\u540d\u7a7a\u95f4\u3002
\u5b58\u50a8\u6c60\u6307\u5c06\u8bb8\u591a\u7269\u7406\u78c1\u76d8\u7ec4\u6210\u4e00\u4e2a\u5927\u578b\u5b58\u50a8\u8d44\u6e90\u6c60\uff0c\u672c\u5e73\u53f0\u652f\u6301\u63a5\u5165\u5404\u7c7b\u5b58\u50a8\u5382\u5546\u540e\u521b\u5efa\u5757\u5b58\u50a8\u6c60\u3001\u672c\u5730\u5b58\u50a8\u6c60\u3001\u81ea\u5b9a\u4e49\u5b58\u50a8\u6c60\uff0c\u7136\u540e\u4e3a\u5de5\u4f5c\u8d1f\u8f7d\u52a8\u6001\u914d\u7f6e\u6570\u636e\u5377\u3002
"},{"location":"admin/kpanda/storage/sc.html#sc_1","title":"\u521b\u5efa\u5b58\u50a8\u6c60(SC)","text":"\u76ee\u524d\u652f\u6301\u901a\u8fc7 YAML \u548c\u8868\u5355\u4e24\u79cd\u65b9\u5f0f\u521b\u5efa\u5b58\u50a8\u6c60\uff0c\u8fd9\u4e24\u79cd\u65b9\u5f0f\u5404\u6709\u4f18\u52a3\uff0c\u53ef\u4ee5\u6ee1\u8db3\u4e0d\u540c\u7528\u6237\u7684\u4f7f\u7528\u9700\u6c42\u3002
\u901a\u8fc7 YAML \u521b\u5efa\u6b65\u9aa4\u66f4\u5c11\u3001\u66f4\u9ad8\u6548\uff0c\u4f46\u95e8\u69db\u8981\u6c42\u8f83\u9ad8\uff0c\u9700\u8981\u719f\u6089\u5b58\u50a8\u6c60\u7684 YAML \u6587\u4ef6\u914d\u7f6e\u3002
\u901a\u8fc7\u8868\u5355\u521b\u5efa\u66f4\u76f4\u89c2\u66f4\u7b80\u5355\uff0c\u6839\u636e\u63d0\u793a\u586b\u5199\u5bf9\u5e94\u7684\u503c\u5373\u53ef\uff0c\u4f46\u6b65\u9aa4\u66f4\u52a0\u7e41\u7410\u3002
\u5728\u96c6\u7fa4\u5217\u8868\u4e2d\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u7136\u540e\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u5bb9\u5668\u5b58\u50a8 -> \u5b58\u50a8\u6c60(SC) -> YAML \u521b\u5efa \u3002
\u5728\u5f39\u6846\u4e2d\u8f93\u5165\u6216\u7c98\u8d34\u4e8b\u5148\u51c6\u5907\u597d\u7684 YAML \u6587\u4ef6\uff0c\u7136\u540e\u5728\u5f39\u6846\u5e95\u90e8\u70b9\u51fb \u786e\u5b9a \u3002
\u652f\u6301\u4ece\u672c\u5730\u5bfc\u5165 YAML \u6587\u4ef6\u6216\u5c06\u586b\u5199\u597d\u7684\u6587\u4ef6\u4e0b\u8f7d\u4fdd\u5b58\u5230\u672c\u5730\u3002
\u5728\u96c6\u7fa4\u5217\u8868\u4e2d\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u7136\u540e\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u5bb9\u5668\u5b58\u50a8 -> \u5b58\u50a8\u6c60(SC) -> \u521b\u5efa\u5b58\u50a8\u6c60(SC) \u3002
\u586b\u5199\u57fa\u672c\u4fe1\u606f\uff0c\u7136\u540e\u5728\u5e95\u90e8\u70b9\u51fb \u786e\u5b9a \u3002
\u81ea\u5b9a\u4e49\u5b58\u50a8\u7cfb\u7edf
CSI \u5b58\u50a8\u9a71\u52a8\uff1a\u57fa\u4e8e\u6807\u51c6 Kubernetes \u7684\u5bb9\u5668\u5b58\u50a8\u63a5\u53e3\u63d2\u4ef6\uff0c\u9700\u9075\u5b88\u5b58\u50a8\u5382\u5546\u89c4\u5b9a\u7684\u683c\u5f0f\uff0c\u4f8b\u5982 rancher.io/local-path \u3002
HwameiStor \u5b58\u50a8\u7cfb\u7edf
lvm.hwameistor.io
\u3002hdd.hwameistor.io
Note
\u76ee\u524d HwameiStor xfs\u3001ext4 \u4e24\u79cd\u6587\u4ef6\u7cfb\u7edf\uff0c\u5176\u4e2d\u9ed8\u8ba4\u4f7f\u7528\u7684\u662f xfs \u6587\u4ef6\u7cfb\u7edf\uff0c\u5982\u679c\u60f3\u8981\u66ff\u6362\u4e3a ext4\uff0c\u53ef\u4ee5\u5728\u81ea\u5b9a\u4e49\u53c2\u6570\u6dfb\u52a0 csi.storage.k8s.io/fstype: ext4
\u5728\u5b58\u50a8\u6c60\u5217\u8868\u9875\u9762\uff0c\u627e\u5230\u9700\u8981\u66f4\u65b0\u7684\u5b58\u50a8\u6c60\uff0c\u5728\u53f3\u4fa7\u7684\u64cd\u4f5c\u680f\u4e0b\u9009\u62e9 \u7f16\u8f91 \u5373\u53ef\u901a\u8fc7\u66f4\u65b0\u5b58\u50a8\u6c60\u3002
Info
\u9009\u62e9 \u67e5\u770b YAML \u53ef\u4ee5\u67e5\u770b\u8be5\u5b58\u50a8\u6c60\u7684 YAML \u6587\u4ef6\uff0c\u4f46\u4e0d\u652f\u6301\u7f16\u8f91\u3002
"},{"location":"admin/kpanda/storage/sc.html#sc_3","title":"\u5220\u9664\u5b58\u50a8\u6c60(SC)","text":"\u5728\u5b58\u50a8\u6c60\u5217\u8868\u9875\u9762\uff0c\u627e\u5230\u9700\u8981\u5220\u9664\u7684\u5b58\u50a8\u6c60\uff0c\u5728\u53f3\u4fa7\u7684\u64cd\u4f5c\u680f\u4e0b\u9009\u62e9 \u5220\u9664 \u3002
"},{"location":"admin/kpanda/workloads/create-cronjob.html","title":"\u521b\u5efa\u5b9a\u65f6\u4efb\u52a1\uff08CronJob\uff09","text":"\u672c\u6587\u4ecb\u7ecd\u5982\u4f55\u901a\u8fc7\u955c\u50cf\u548c YAML \u6587\u4ef6\u4e24\u79cd\u65b9\u5f0f\u521b\u5efa\u5b9a\u65f6\u4efb\u52a1\uff08CronJob\uff09\u3002
\u5b9a\u65f6\u4efb\u52a1\uff08CronJob\uff09\u9002\u7528\u4e8e\u4e8e\u6267\u884c\u5468\u671f\u6027\u7684\u64cd\u4f5c\uff0c\u4f8b\u5982\u5907\u4efd\u3001\u62a5\u544a\u751f\u6210\u7b49\u3002\u8fd9\u4e9b\u4efb\u52a1\u53ef\u4ee5\u914d\u7f6e\u4e3a\u5468\u671f\u6027\u91cd\u590d\u7684\uff08\u4f8b\u5982\uff1a\u6bcf\u5929/\u6bcf\u5468/\u6bcf\u6708\u4e00\u6b21\uff09\uff0c\u53ef\u4ee5\u5b9a\u4e49\u4efb\u52a1\u5f00\u59cb\u6267\u884c\u7684\u65f6\u95f4\u95f4\u9694\u3002
"},{"location":"admin/kpanda/workloads/create-cronjob.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u521b\u5efa\u5b9a\u65f6\u4efb\u52a1\uff08CronJob\uff09\u4e4b\u524d\uff0c\u9700\u8981\u6ee1\u8db3\u4ee5\u4e0b\u524d\u63d0\u6761\u4ef6\uff1a
\u5728\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u4e2d\u63a5\u5165 Kubernetes \u96c6\u7fa4\u6216\u8005\u521b\u5efa Kubernetes \u96c6\u7fa4\uff0c\u4e14\u80fd\u591f\u8bbf\u95ee\u96c6\u7fa4\u7684 UI \u754c\u9762\u3002
\u521b\u5efa\u4e00\u4e2a\u547d\u540d\u7a7a\u95f4\u548c\u7528\u6237\u3002
\u5f53\u524d\u64cd\u4f5c\u7528\u6237\u5e94\u5177\u6709 NS Editor \u6216\u66f4\u9ad8\u6743\u9650\uff0c\u8be6\u60c5\u53ef\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u6388\u6743\u3002
\u5355\u4e2a\u5b9e\u4f8b\u4e2d\u6709\u591a\u4e2a\u5bb9\u5668\u65f6\uff0c\u8bf7\u786e\u4fdd\u5bb9\u5668\u4f7f\u7528\u7684\u7aef\u53e3\u4e0d\u51b2\u7a81\uff0c\u5426\u5219\u90e8\u7f72\u4f1a\u5931\u6548\u3002
\u53c2\u8003\u4ee5\u4e0b\u6b65\u9aa4\uff0c\u4f7f\u7528\u955c\u50cf\u521b\u5efa\u4e00\u4e2a\u5b9a\u65f6\u4efb\u52a1\u3002
\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u4e0a\u7684 \u96c6\u7fa4\u5217\u8868 \uff0c\u7136\u540e\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u9875\u9762\u3002
\u5728\u96c6\u7fa4\u8be6\u60c5\u9875\u9762\uff0c\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u7684 \u5de5\u4f5c\u8d1f\u8f7d -> \u5b9a\u65f6\u4efb\u52a1 \uff0c\u7136\u540e\u70b9\u51fb\u9875\u9762\u53f3\u4e0a\u89d2\u7684 \u955c\u50cf\u521b\u5efa \u6309\u94ae\u3002
\u4f9d\u6b21\u586b\u5199\u57fa\u672c\u4fe1\u606f\u3001\u5bb9\u5668\u914d\u7f6e\u3001\u5b9a\u65f6\u4efb\u52a1\u914d\u7f6e\u3001\u9ad8\u7ea7\u914d\u7f6e\u540e\uff0c\u5728\u9875\u9762\u53f3\u4e0b\u89d2\u70b9\u51fb \u786e\u5b9a \u5b8c\u6210\u521b\u5efa\u3002
\u7cfb\u7edf\u5c06\u81ea\u52a8\u8fd4\u56de \u5b9a\u65f6\u4efb\u52a1 \u5217\u8868\u3002\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507 \uff0c\u53ef\u4ee5\u5bf9\u5b9a\u65f6\u4efb\u52a1\u6267\u884c\u6267\u884c\u66f4\u65b0\u3001\u5220\u9664\u3001\u91cd\u542f\u7b49\u64cd\u4f5c\u3002
\u5728 \u521b\u5efa\u5b9a\u65f6\u4efb\u52a1 \u9875\u9762\u4e2d\uff0c\u6839\u636e\u4e0b\u8868\u8f93\u5165\u4fe1\u606f\u540e\uff0c\u70b9\u51fb \u4e0b\u4e00\u6b65 \u3002
\u5bb9\u5668\u914d\u7f6e\u5206\u4e3a\u57fa\u672c\u4fe1\u606f\u3001\u751f\u547d\u5468\u671f\u3001\u5065\u5eb7\u68c0\u67e5\u3001\u73af\u5883\u53d8\u91cf\u3001\u6570\u636e\u5b58\u50a8\u3001\u5b89\u5168\u8bbe\u7f6e\u516d\u90e8\u5206\uff0c\u70b9\u51fb\u4e0b\u65b9\u7684\u76f8\u5e94\u9875\u7b7e\u53ef\u67e5\u770b\u5404\u90e8\u5206\u7684\u914d\u7f6e\u8981\u6c42\u3002
\u5bb9\u5668\u914d\u7f6e\u4ec5\u9488\u5bf9\u5355\u4e2a\u5bb9\u5668\u8fdb\u884c\u914d\u7f6e\uff0c\u5982\u9700\u5728\u4e00\u4e2a\u5bb9\u5668\u7ec4\u4e2d\u6dfb\u52a0\u591a\u4e2a\u5bb9\u5668\uff0c\u53ef\u70b9\u51fb\u53f3\u4fa7\u7684 + \u6dfb\u52a0\u591a\u4e2a\u5bb9\u5668\u3002
\u57fa\u672c\u4fe1\u606f\uff08\u5fc5\u586b\uff09\u751f\u547d\u5468\u671f\uff08\u9009\u586b\uff09\u5065\u5eb7\u68c0\u67e5\uff08\u9009\u586b\uff09\u73af\u5883\u53d8\u91cf\uff08\u9009\u586b\uff09\u6570\u636e\u5b58\u50a8\uff08\u9009\u586b\uff09\u5b89\u5168\u8bbe\u7f6e\uff08\u9009\u586b\uff09\u5728\u914d\u7f6e\u5bb9\u5668\u76f8\u5173\u53c2\u6570\u65f6\uff0c\u5fc5\u987b\u6b63\u786e\u586b\u5199\u5bb9\u5668\u7684\u540d\u79f0\u3001\u955c\u50cf\u53c2\u6570\uff0c\u5426\u5219\u5c06\u65e0\u6cd5\u8fdb\u5165\u4e0b\u4e00\u6b65\u3002\u53c2\u8003\u4ee5\u4e0b\u8981\u6c42\u586b\u5199\u914d\u7f6e\u540e\uff0c\u70b9\u51fb \u786e\u8ba4 \u3002
\u5de5\u4f5c\u5bb9\u5668
\u3002\u6709\u5173\u521d\u59cb\u5316\u5bb9\u5668\uff0c\u53c2\u89c1 k8s \u5b98\u65b9\u6587\u6863\u3002\u8bbe\u7f6e GPU \u4e4b\u524d\uff0c\u9700\u8981\u7ba1\u7406\u5458\u9884\u5148\u5728\u96c6\u7fa4\u4e0a\u5b89\u88c5 GPU Operator \u548c nvidia-vgpu\uff08\u4ec5 vGPU \u6a21\u5f0f\u9700\u8981\u5b89\u88c5\uff09\uff0c\u5e76\u5728\u96c6\u7fa4\u8bbe\u7f6e\u4e2d\u5f00\u542f GPU \u7279\u6027\u3002
\u8bbe\u7f6e\u5bb9\u5668\u542f\u52a8\u65f6\u3001\u542f\u52a8\u540e\u3001\u505c\u6b62\u524d\u9700\u8981\u6267\u884c\u7684\u547d\u4ee4\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u5bb9\u5668\u751f\u547d\u5468\u671f\u914d\u7f6e\u3002
\u7528\u4e8e\u5224\u65ad\u5bb9\u5668\u548c\u5e94\u7528\u7684\u5065\u5eb7\u72b6\u6001\uff0c\u6709\u52a9\u4e8e\u63d0\u9ad8\u5e94\u7528\u7684\u53ef\u7528\u6027\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u5bb9\u5668\u5065\u5eb7\u68c0\u67e5\u914d\u7f6e\u3002
\u914d\u7f6e Pod \u5185\u7684\u5bb9\u5668\u53c2\u6570\uff0c\u4e3a Pod \u6dfb\u52a0\u73af\u5883\u53d8\u91cf\u6216\u4f20\u9012\u914d\u7f6e\u7b49\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u5bb9\u5668\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002
\u914d\u7f6e\u5bb9\u5668\u6302\u8f7d\u6570\u636e\u5377\u548c\u6570\u636e\u6301\u4e45\u5316\u7684\u8bbe\u7f6e\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u5bb9\u5668\u6570\u636e\u5b58\u50a8\u914d\u7f6e\u3002
\u901a\u8fc7 Linux \u5185\u7f6e\u7684\u8d26\u53f7\u6743\u9650\u9694\u79bb\u673a\u5236\u6765\u5bf9\u5bb9\u5668\u8fdb\u884c\u5b89\u5168\u9694\u79bb\u3002\u60a8\u53ef\u4ee5\u901a\u8fc7\u4f7f\u7528\u4e0d\u540c\u6743\u9650\u7684\u8d26\u53f7 UID\uff08\u6570\u5b57\u8eab\u4efd\u6807\u8bb0\uff09\u6765\u9650\u5236\u5bb9\u5668\u7684\u6743\u9650\u3002\u4f8b\u5982\uff0c\u8f93\u5165 0 \u8868\u793a\u4f7f\u7528 root \u8d26\u53f7\u7684\u6743\u9650\u3002
"},{"location":"admin/kpanda/workloads/create-cronjob.html#_5","title":"\u5b9a\u65f6\u4efb\u52a1\u914d\u7f6e","text":"\u5e76\u53d1\u7b56\u7565\uff1a\u662f\u5426\u5141\u8bb8\u591a\u4e2a Job \u4efb\u52a1\u5e76\u884c\u6267\u884c\u3002
\u4e0a\u8ff0\u89c4\u5219\u4ec5\u9002\u7528\u4e8e\u540c\u4e00\u4e2a CronJob \u521b\u5efa\u7684\u591a\u4e2a\u4efb\u52a1\u3002\u591a\u4e2a CronJob \u521b\u5efa\u7684\u591a\u4e2a\u4efb\u52a1\u603b\u662f\u5141\u8bb8\u5e76\u53d1\u6267\u884c\u3002
\u5b9a\u65f6\u89c4\u5219\uff1a\u57fa\u4e8e\u5206\u949f\u3001\u5c0f\u65f6\u3001\u5929\u3001\u5468\u3001\u6708\u8bbe\u7f6e\u4efb\u52a1\u6267\u884c\u7684\u65f6\u95f4\u5468\u671f\u3002\u652f\u6301\u7528\u6570\u5b57\u548c *
\u81ea\u5b9a\u4e49 Cron \u8868\u8fbe\u5f0f\uff0c\u8f93\u5165\u8868\u8fbe\u5f0f\u540e\u4e0b\u65b9\u4f1a\u63d0\u793a\u5f53\u524d\u8868\u8fbe\u5f0f\u7684\u542b\u4e49\u3002\u6709\u5173\u8be6\u7ec6\u7684\u8868\u8fbe\u5f0f\u8bed\u6cd5\u89c4\u5219\uff0c\u53ef\u53c2\u8003 Cron \u65f6\u95f4\u8868\u8bed\u6cd5\u3002
\u4e3a\u6709\u72b6\u6001\u8d1f\u8f7d\u914d\u7f6e\u670d\u52a1\uff08Service\uff09\uff0c\u4f7f\u6709\u72b6\u6001\u8d1f\u8f7d\u80fd\u591f\u88ab\u5916\u90e8\u8bbf\u95ee\u3002
\u70b9\u51fb \u521b\u5efa\u670d\u52a1 \u6309\u94ae\u3002
\u53c2\u8003\u521b\u5efa\u670d\u52a1\uff0c\u914d\u7f6e\u670d\u52a1\u53c2\u6570\u3002
\u70b9\u51fb \u786e\u5b9a \uff0c\u70b9\u51fb \u4e0b\u4e00\u6b65 \u3002
\u5b9a\u65f6\u4efb\u52a1\u7684\u9ad8\u7ea7\u914d\u7f6e\u4e3b\u8981\u6d89\u53ca\u6807\u7b7e\u4e0e\u6ce8\u89e3\u3002
\u53ef\u4ee5\u70b9\u51fb \u6dfb\u52a0 \u6309\u94ae\u4e3a\u5de5\u4f5c\u8d1f\u8f7d\u5b9e\u4f8b Pod \u6dfb\u52a0\u6807\u7b7e\u548c\u6ce8\u89e3\u3002
"},{"location":"admin/kpanda/workloads/create-cronjob.html#yaml","title":"YAML \u521b\u5efa","text":"\u9664\u4e86\u901a\u8fc7\u955c\u50cf\u65b9\u5f0f\u5916\uff0c\u8fd8\u53ef\u4ee5\u901a\u8fc7 YAML \u6587\u4ef6\u66f4\u5feb\u901f\u5730\u521b\u5efa\u521b\u5efa\u5b9a\u65f6\u4efb\u52a1\u3002
\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u4e0a\u7684 \u96c6\u7fa4\u5217\u8868 \uff0c\u7136\u540e\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u9875\u9762\u3002
\u5728\u96c6\u7fa4\u8be6\u60c5\u9875\u9762\uff0c\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u7684 \u5de5\u4f5c\u8d1f\u8f7d -> \u5b9a\u65f6\u4efb\u52a1 \uff0c\u7136\u540e\u70b9\u51fb\u9875\u9762\u53f3\u4e0a\u89d2\u7684 YAML \u521b\u5efa \u6309\u94ae\u3002
\u8f93\u5165\u6216\u7c98\u8d34\u4e8b\u5148\u51c6\u5907\u597d\u7684 YAML \u6587\u4ef6\uff0c\u70b9\u51fb \u786e\u5b9a \u5373\u53ef\u5b8c\u6210\u521b\u5efa\u3002
apiVersion: batch/v1\nkind: CronJob\nmetadata:\n creationTimestamp: '2022-12-26T09:45:47Z'\n generation: 1\n name: demo\n namespace: default\n resourceVersion: '92726617'\n uid: d030d8d7-a405-4dcd-b09a-176942ef36c9\nspec:\n concurrencyPolicy: Allow\n failedJobsHistoryLimit: 1\n jobTemplate:\n metadata:\n creationTimestamp: null\n spec:\n activeDeadlineSeconds: 360\n backoffLimit: 6\n template:\n metadata:\n creationTimestamp: null\n spec:\n containers:\n - image: nginx\n imagePullPolicy: IfNotPresent\n lifecycle: {}\n name: container-3\n resources:\n limits:\n cpu: 250m\n memory: 512Mi\n requests:\n cpu: 250m\n memory: 512Mi\n securityContext:\n privileged: false\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n dnsPolicy: ClusterFirst\n restartPolicy: Never\n schedulerName: default-scheduler\n securityContext: {}\n terminationGracePeriodSeconds: 30\n schedule: 0 0 13 * 5\n successfulJobsHistoryLimit: 3\n suspend: false\nstatus: {}\n
"},{"location":"admin/kpanda/workloads/create-daemonset.html","title":"\u521b\u5efa\u5b88\u62a4\u8fdb\u7a0b(DaemonSet)","text":"\u672c\u6587\u4ecb\u7ecd\u5982\u4f55\u901a\u8fc7\u955c\u50cf\u548c YAML \u6587\u4ef6\u4e24\u79cd\u65b9\u5f0f\u521b\u5efa\u5b88\u62a4\u8fdb\u7a0b\uff08DaemonSet\uff09\u3002
\u5b88\u62a4\u8fdb\u7a0b\uff08DaemonSet\uff09\u901a\u8fc7\u8282\u70b9\u4eb2\u548c\u6027\u4e0e\u6c61\u70b9\u529f\u80fd\u786e\u4fdd\u5728\u5168\u90e8\u6216\u90e8\u5206\u8282\u70b9\u4e0a\u8fd0\u884c\u4e00\u4e2a Pod \u7684\u526f\u672c\u3002\u5bf9\u4e8e\u65b0\u52a0\u5165\u96c6\u7fa4\u7684\u8282\u70b9\uff0cDaemonSet \u81ea\u52a8\u5728\u65b0\u8282\u70b9\u4e0a\u90e8\u7f72\u76f8\u5e94\u7684 Pod\uff0c\u5e76\u8ddf\u8e2a Pod \u7684\u8fd0\u884c\u72b6\u6001\u3002\u5f53\u8282\u70b9\u88ab\u79fb\u9664\u65f6\uff0cDaemonSet \u5219\u5220\u9664\u5176\u521b\u5efa\u7684\u6240\u6709 Pod\u3002
\u5b88\u62a4\u8fdb\u7a0b\u7684\u5e38\u89c1\u7528\u4f8b\u5305\u62ec\uff1a
\u5728\u6bcf\u4e2a\u8282\u70b9\u4e0a\u8fd0\u884c\u96c6\u7fa4\u5b88\u62a4\u8fdb\u7a0b\u3002
\u5728\u6bcf\u4e2a\u8282\u70b9\u4e0a\u8fd0\u884c\u65e5\u5fd7\u6536\u96c6\u5b88\u62a4\u8fdb\u7a0b\u3002
\u5728\u6bcf\u4e2a\u8282\u70b9\u4e0a\u8fd0\u884c\u76d1\u63a7\u5b88\u62a4\u8fdb\u7a0b\u3002
\u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5728\u6bcf\u4e2a\u8282\u70b9\u4e0a\u4e3a\u6bcf\u79cd\u7c7b\u578b\u7684\u5b88\u62a4\u8fdb\u7a0b\u90fd\u542f\u52a8\u4e00\u4e2a DaemonSet\u3002\u5982\u9700\u66f4\u7cbe\u7ec6\u3001\u66f4\u9ad8\u7ea7\u5730\u7ba1\u7406\u5b88\u62a4\u8fdb\u7a0b\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u540c\u4e00\u79cd\u5b88\u62a4\u8fdb\u7a0b\u90e8\u7f72\u591a\u4e2a DaemonSet\u3002\u6bcf\u4e2a DaemonSet \u5177\u6709\u4e0d\u540c\u7684\u6807\u5fd7\uff0c\u5e76\u4e14\u5bf9\u4e0d\u540c\u786c\u4ef6\u7c7b\u578b\u5177\u6709\u4e0d\u540c\u7684\u5185\u5b58\u3001CPU \u8981\u6c42\u3002
"},{"location":"admin/kpanda/workloads/create-daemonset.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u521b\u5efa DaemonSet \u4e4b\u524d\uff0c\u9700\u8981\u6ee1\u8db3\u4ee5\u4e0b\u524d\u63d0\u6761\u4ef6\uff1a
\u5728\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u4e2d\u63a5\u5165 Kubernetes \u96c6\u7fa4\u6216\u8005\u521b\u5efa Kubernetes \u96c6\u7fa4\uff0c\u4e14\u80fd\u591f\u8bbf\u95ee\u96c6\u7fa4\u7684 UI \u754c\u9762\u3002
\u521b\u5efa\u4e00\u4e2a\u547d\u540d\u7a7a\u95f4\u548c\u7528\u6237\u3002
\u5f53\u524d\u64cd\u4f5c\u7528\u6237\u5e94\u5177\u6709 NS Editor \u6216\u66f4\u9ad8\u6743\u9650\uff0c\u8be6\u60c5\u53ef\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u6388\u6743\u3002
\u5355\u4e2a\u5b9e\u4f8b\u4e2d\u6709\u591a\u4e2a\u5bb9\u5668\u65f6\uff0c\u8bf7\u786e\u4fdd\u5bb9\u5668\u4f7f\u7528\u7684\u7aef\u53e3\u4e0d\u51b2\u7a81\uff0c\u5426\u5219\u90e8\u7f72\u4f1a\u5931\u6548\u3002
\u53c2\u8003\u4ee5\u4e0b\u6b65\u9aa4\uff0c\u4f7f\u7528\u955c\u50cf\u521b\u5efa\u4e00\u4e2a\u5b88\u62a4\u8fdb\u7a0b\u3002
\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u4e0a\u7684 \u96c6\u7fa4\u5217\u8868 \uff0c\u7136\u540e\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u9875\u9762\u3002
\u5728\u96c6\u7fa4\u8be6\u60c5\u9875\u9762\uff0c\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u7684 \u5de5\u4f5c\u8d1f\u8f7d -> \u5b88\u62a4\u8fdb\u7a0b \uff0c\u7136\u540e\u70b9\u51fb\u9875\u9762\u53f3\u4e0a\u89d2\u7684 \u955c\u50cf\u521b\u5efa \u6309\u94ae\u3002
\u4f9d\u6b21\u586b\u5199\u57fa\u672c\u4fe1\u606f\u3001\u5bb9\u5668\u914d\u7f6e\u3001\u670d\u52a1\u914d\u7f6e\u3001\u9ad8\u7ea7\u914d\u7f6e\u540e\uff0c\u5728\u9875\u9762\u53f3\u4e0b\u89d2\u70b9\u51fb \u786e\u5b9a \u5b8c\u6210\u521b\u5efa\u3002
\u7cfb\u7edf\u5c06\u81ea\u52a8\u8fd4\u56de \u5b88\u62a4\u8fdb\u7a0b \u5217\u8868\u3002\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507 \uff0c\u53ef\u4ee5\u5bf9\u5b88\u62a4\u8fdb\u7a0b\u6267\u884c\u6267\u884c\u66f4\u65b0\u3001\u5220\u9664\u3001\u91cd\u542f\u7b49\u64cd\u4f5c\u3002
\u5728 \u521b\u5efa\u5b88\u62a4\u8fdb\u7a0b \u9875\u9762\u4e2d\uff0c\u6839\u636e\u4e0b\u8868\u8f93\u5165\u4fe1\u606f\u540e\uff0c\u70b9\u51fb \u4e0b\u4e00\u6b65 \u3002
\u5bb9\u5668\u914d\u7f6e\u5206\u4e3a\u57fa\u672c\u4fe1\u606f\u3001\u751f\u547d\u5468\u671f\u3001\u5065\u5eb7\u68c0\u67e5\u3001\u73af\u5883\u53d8\u91cf\u3001\u6570\u636e\u5b58\u50a8\u3001\u5b89\u5168\u8bbe\u7f6e\u516d\u90e8\u5206\uff0c\u70b9\u51fb\u4e0b\u65b9\u7684\u76f8\u5e94\u9875\u7b7e\u53ef\u67e5\u770b\u5404\u90e8\u5206\u7684\u914d\u7f6e\u8981\u6c42\u3002
\u5bb9\u5668\u914d\u7f6e\u4ec5\u9488\u5bf9\u5355\u4e2a\u5bb9\u5668\u8fdb\u884c\u914d\u7f6e\uff0c\u5982\u9700\u5728\u4e00\u4e2a\u5bb9\u5668\u7ec4\u4e2d\u6dfb\u52a0\u591a\u4e2a\u5bb9\u5668\uff0c\u53ef\u70b9\u51fb\u53f3\u4fa7\u7684 + \u6dfb\u52a0\u591a\u4e2a\u5bb9\u5668\u3002
\u57fa\u672c\u4fe1\u606f\uff08\u5fc5\u586b\uff09\u751f\u547d\u5468\u671f\uff08\u9009\u586b\uff09\u5065\u5eb7\u68c0\u67e5\uff08\u9009\u586b\uff09\u73af\u5883\u53d8\u91cf\uff08\u9009\u586b\uff09\u6570\u636e\u5b58\u50a8\uff08\u9009\u586b\uff09\u5b89\u5168\u8bbe\u7f6e\uff08\u9009\u586b\uff09\u5728\u914d\u7f6e\u5bb9\u5668\u76f8\u5173\u53c2\u6570\u65f6\uff0c\u5fc5\u987b\u6b63\u786e\u586b\u5199\u5bb9\u5668\u7684\u540d\u79f0\u3001\u955c\u50cf\u53c2\u6570\uff0c\u5426\u5219\u5c06\u65e0\u6cd5\u8fdb\u5165\u4e0b\u4e00\u6b65\u3002\u53c2\u8003\u4ee5\u4e0b\u8981\u6c42\u586b\u5199\u914d\u7f6e\u540e\uff0c\u70b9\u51fb \u786e\u8ba4 \u3002
\u5de5\u4f5c\u5bb9\u5668
\u3002\u6709\u5173\u521d\u59cb\u5316\u5bb9\u5668\uff0c\u53c2\u89c1 k8s \u5b98\u65b9\u6587\u6863\u3002\u8bbe\u7f6e GPU \u4e4b\u524d\uff0c\u9700\u8981\u7ba1\u7406\u5458\u9884\u5148\u5728\u96c6\u7fa4\u4e0a\u5b89\u88c5 GPU Operator \u548c nvidia-vgpu\uff08\u4ec5 vGPU \u6a21\u5f0f\u9700\u8981\u5b89\u88c5\uff09\uff0c\u5e76\u5728\u96c6\u7fa4\u8bbe\u7f6e\u4e2d\u5f00\u542f GPU \u7279\u6027\u3002
\u8bbe\u7f6e\u5bb9\u5668\u542f\u52a8\u65f6\u3001\u542f\u52a8\u540e\u3001\u505c\u6b62\u524d\u9700\u8981\u6267\u884c\u7684\u547d\u4ee4\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u5bb9\u5668\u751f\u547d\u5468\u671f\u914d\u7f6e\u3002
\u7528\u4e8e\u5224\u65ad\u5bb9\u5668\u548c\u5e94\u7528\u7684\u5065\u5eb7\u72b6\u6001\uff0c\u6709\u52a9\u4e8e\u63d0\u9ad8\u5e94\u7528\u7684\u53ef\u7528\u6027\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u5bb9\u5668\u5065\u5eb7\u68c0\u67e5\u914d\u7f6e\u3002
\u914d\u7f6e Pod \u5185\u7684\u5bb9\u5668\u53c2\u6570\uff0c\u4e3a Pod \u6dfb\u52a0\u73af\u5883\u53d8\u91cf\u6216\u4f20\u9012\u914d\u7f6e\u7b49\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u5bb9\u5668\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002
\u914d\u7f6e\u5bb9\u5668\u6302\u8f7d\u6570\u636e\u5377\u548c\u6570\u636e\u6301\u4e45\u5316\u7684\u8bbe\u7f6e\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u5bb9\u5668\u6570\u636e\u5b58\u50a8\u914d\u7f6e\u3002
\u901a\u8fc7 Linux \u5185\u7f6e\u7684\u8d26\u53f7\u6743\u9650\u9694\u79bb\u673a\u5236\u6765\u5bf9\u5bb9\u5668\u8fdb\u884c\u5b89\u5168\u9694\u79bb\u3002\u60a8\u53ef\u4ee5\u901a\u8fc7\u4f7f\u7528\u4e0d\u540c\u6743\u9650\u7684\u8d26\u53f7 UID\uff08\u6570\u5b57\u8eab\u4efd\u6807\u8bb0\uff09\u6765\u9650\u5236\u5bb9\u5668\u7684\u6743\u9650\u3002\u4f8b\u5982\uff0c\u8f93\u5165 0 \u8868\u793a\u4f7f\u7528 root \u8d26\u53f7\u7684\u6743\u9650\u3002
"},{"location":"admin/kpanda/workloads/create-daemonset.html#_5","title":"\u670d\u52a1\u914d\u7f6e","text":"\u4e3a\u5b88\u62a4\u8fdb\u7a0b\u521b\u5efa\u670d\u52a1\uff08Service\uff09\uff0c\u4f7f\u5b88\u62a4\u8fdb\u7a0b\u80fd\u591f\u88ab\u5916\u90e8\u8bbf\u95ee\u3002
\u70b9\u51fb \u521b\u5efa\u670d\u52a1 \u6309\u94ae\u3002
\u914d\u7f6e\u670d\u52a1\u53c2\u6570\uff0c\u8be6\u60c5\u8bf7\u53c2\u8003\u521b\u5efa\u670d\u52a1\u3002
\u70b9\u51fb \u786e\u5b9a \uff0c\u70b9\u51fb \u4e0b\u4e00\u6b65 \u3002
\u9ad8\u7ea7\u914d\u7f6e\u5305\u62ec\u8d1f\u8f7d\u7684\u7f51\u7edc\u914d\u7f6e\u3001\u5347\u7ea7\u7b56\u7565\u3001\u8c03\u5ea6\u7b56\u7565\u3001\u6807\u7b7e\u4e0e\u6ce8\u89e3\u56db\u90e8\u5206\uff0c\u53ef\u70b9\u51fb\u4e0b\u65b9\u7684\u9875\u7b7e\u67e5\u770b\u5404\u90e8\u5206\u7684\u914d\u7f6e\u8981\u6c42\u3002
\u7f51\u7edc\u914d\u7f6e\u5347\u7ea7\u7b56\u7565\u8c03\u5ea6\u7b56\u7565\u6807\u7b7e\u4e0e\u6ce8\u89e3\u5e94\u7528\u5728\u67d0\u4e9b\u573a\u666f\u4e0b\u4f1a\u51fa\u73b0\u5197\u4f59\u7684 DNS \u67e5\u8be2\u3002Kubernetes \u4e3a\u5e94\u7528\u63d0\u4f9b\u4e86\u4e0e DNS \u76f8\u5173\u7684\u914d\u7f6e\u9009\u9879\uff0c\u80fd\u591f\u5728\u67d0\u4e9b\u573a\u666f\u4e0b\u6709\u6548\u5730\u51cf\u5c11\u5197\u4f59\u7684 DNS \u67e5\u8be2\uff0c\u63d0\u5347\u4e1a\u52a1\u5e76\u53d1\u91cf\u3002
DNS \u7b56\u7565
\u57df\u540d\u670d\u52a1\u5668\uff1a\u586b\u5199\u57df\u540d\u670d\u52a1\u5668\u7684\u5730\u5740\uff0c\u4f8b\u5982 10.6.175.20 \u3002
\u5177\u4f53\u8be6\u60c5\u8bf7\u53c2\u8003\u8c03\u5ea6\u7b56\u7565\u3002
\u53ef\u4ee5\u70b9\u51fb \u6dfb\u52a0 \u6309\u94ae\u4e3a\u5de5\u4f5c\u8d1f\u8f7d\u548c\u5bb9\u5668\u7ec4\u6dfb\u52a0\u6807\u7b7e\u548c\u6ce8\u89e3\u3002
"},{"location":"admin/kpanda/workloads/create-daemonset.html#yaml","title":"YAML \u521b\u5efa","text":"\u9664\u4e86\u901a\u8fc7\u955c\u50cf\u65b9\u5f0f\u5916\uff0c\u8fd8\u53ef\u4ee5\u901a\u8fc7 YAML \u6587\u4ef6\u66f4\u5feb\u901f\u5730\u521b\u5efa\u521b\u5efa\u5b88\u62a4\u8fdb\u7a0b\u3002
\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u4e0a\u7684 \u96c6\u7fa4\u5217\u8868 \uff0c\u7136\u540e\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u9875\u9762\u3002
\u5728\u96c6\u7fa4\u8be6\u60c5\u9875\u9762\uff0c\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u7684 \u5de5\u4f5c\u8d1f\u8f7d -> \u5b88\u62a4\u8fdb\u7a0b \uff0c\u7136\u540e\u70b9\u51fb\u9875\u9762\u53f3\u4e0a\u89d2\u7684 YAML \u521b\u5efa \u6309\u94ae\u3002
\u8f93\u5165\u6216\u7c98\u8d34\u4e8b\u5148\u51c6\u5907\u597d\u7684 YAML \u6587\u4ef6\uff0c\u70b9\u51fb \u786e\u5b9a \u5373\u53ef\u5b8c\u6210\u521b\u5efa\u3002
kind: DaemonSet\napiVersion: apps/v1\nmetadata:\n name: hwameistor-local-disk-manager\n namespace: hwameistor\n uid: ccbdc098-7de3-4a8a-96dd-d1cee159c92b\n resourceVersion: '90999552'\n generation: 1\n creationTimestamp: '2022-12-15T09:03:44Z'\n labels:\n app.kubernetes.io/managed-by: Helm\n annotations:\n deprecated.daemonset.template.generation: '1'\n meta.helm.sh/release-name: hwameistor\n meta.helm.sh/release-namespace: hwameistor\nspec:\n selector:\n matchLabels:\n app: hwameistor-local-disk-manager\n template:\n metadata:\n creationTimestamp: null\n labels:\n app: hwameistor-local-disk-manager\n spec:\n volumes:\n - name: udev\n hostPath:\n path: /run/udev\n type: Directory\n - name: procmount\n hostPath:\n path: /proc\n type: Directory\n - name: devmount\n hostPath:\n path: /dev\n type: Directory\n - name: socket-dir\n hostPath:\n path: /var/lib/kubelet/plugins/disk.hwameistor.io\n type: DirectoryOrCreate\n - name: registration-dir\n hostPath:\n path: /var/lib/kubelet/plugins_registry/\n type: Directory\n - name: plugin-dir\n hostPath:\n path: /var/lib/kubelet/plugins\n type: DirectoryOrCreate\n - name: pods-mount-dir\n hostPath:\n path: /var/lib/kubelet/pods\n type: DirectoryOrCreate\n containers:\n - name: registrar\n image: k8s-gcr.m.daocloud.io/sig-storage/csi-node-driver-registrar:v2.5.0\n args:\n - '--v=5'\n - '--csi-address=/csi/csi.sock'\n - >-\n --kubelet-registration-path=/var/lib/kubelet/plugins/disk.hwameistor.io/csi.sock\n env:\n - name: KUBE_NODE_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: spec.nodeName\n resources: {}\n volumeMounts:\n - name: socket-dir\n mountPath: /csi\n - name: registration-dir\n mountPath: /registration\n lifecycle:\n preStop:\n exec:\n command:\n - /bin/sh\n - '-c'\n - >-\n rm -rf /registration/disk.hwameistor.io \n /registration/disk.hwameistor.io-reg.sock\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: IfNotPresent\n - name: manager\n image: ghcr.m.daocloud.io/hwameistor/local-disk-manager:v0.6.1\n command:\n - /local-disk-manager\n args:\n - '--endpoint=$(CSI_ENDPOINT)'\n - '--nodeid=$(NODENAME)'\n - '--csi-enable=true'\n env:\n - name: CSI_ENDPOINT\n value: unix://var/lib/kubelet/plugins/disk.hwameistor.io/csi.sock\n - name: NAMESPACE\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n - name: WATCH_NAMESPACE\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n - name: POD_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.name\n - name: NODENAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: spec.nodeName\n - name: OPERATOR_NAME\n value: local-disk-manager\n resources: {}\n volumeMounts:\n - name: udev\n mountPath: /run/udev\n - name: procmount\n readOnly: true\n mountPath: /host/proc\n - name: devmount\n mountPath: /dev\n - name: registration-dir\n mountPath: /var/lib/kubelet/plugins_registry\n - name: plugin-dir\n mountPath: /var/lib/kubelet/plugins\n mountPropagation: Bidirectional\n - name: pods-mount-dir\n mountPath: /var/lib/kubelet/pods\n mountPropagation: Bidirectional\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: IfNotPresent\n securityContext:\n privileged: true\n restartPolicy: Always\n terminationGracePeriodSeconds: 30\n dnsPolicy: ClusterFirst\n serviceAccountName: hwameistor-admin\n serviceAccount: hwameistor-admin\n hostNetwork: true\n hostPID: true\n securityContext: {}\n schedulerName: default-scheduler\n tolerations:\n - key: CriticalAddonsOnly\n operator: Exists\n - key: node.kubernetes.io/not-ready\n operator: Exists\n effect: NoSchedule\n - key: node-role.kubernetes.io/master\n operator: Exists\n effect: NoSchedule\n - key: node-role.kubernetes.io/control-plane\n operator: Exists\n effect: NoSchedule\n - key: node.cloudprovider.kubernetes.io/uninitialized\n operator: Exists\n effect: NoSchedule\n updateStrategy:\n type: RollingUpdate\n rollingUpdate:\n maxUnavailable: 1\n maxSurge: 0\n revisionHistoryLimit: 10\nstatus:\n currentNumberScheduled: 4\n numberMisscheduled: 0\n desiredNumberScheduled: 4\n numberReady: 4\n observedGeneration: 1\n updatedNumberScheduled: 4\n numberAvailable: 4\n
"},{"location":"admin/kpanda/workloads/create-deployment.html","title":"\u521b\u5efa\u65e0\u72b6\u6001\u8d1f\u8f7d\uff08Deployment\uff09","text":"\u672c\u6587\u4ecb\u7ecd\u5982\u4f55\u901a\u8fc7\u955c\u50cf\u548c YAML \u6587\u4ef6\u4e24\u79cd\u65b9\u5f0f\u521b\u5efa\u65e0\u72b6\u6001\u8d1f\u8f7d\u3002
\u65e0\u72b6\u6001\u8d1f\u8f7d\uff08Deployment\uff09\u662f Kubernetes \u4e2d\u7684\u4e00\u79cd\u5e38\u89c1\u8d44\u6e90\uff0c\u4e3b\u8981\u4e3a Pod \u548c ReplicaSet \u63d0\u4f9b\u58f0\u660e\u5f0f\u66f4\u65b0\uff0c\u652f\u6301\u5f39\u6027\u4f38\u7f29\u3001\u6eda\u52a8\u5347\u7ea7\u3001\u7248\u672c\u56de\u9000\u7b49\u529f\u80fd\u3002\u5728 Deployment \u4e2d\u58f0\u660e\u671f\u671b\u7684 Pod \u72b6\u6001\uff0cDeployment Controller \u4f1a\u901a\u8fc7 ReplicaSet \u4fee\u6539\u5f53\u524d\u72b6\u6001\uff0c\u4f7f\u5176\u8fbe\u5230\u9884\u5148\u58f0\u660e\u7684\u671f\u671b\u72b6\u6001\u3002Deployment \u662f\u65e0\u72b6\u6001\u7684\uff0c\u4e0d\u652f\u6301\u6570\u636e\u6301\u4e45\u5316\uff0c\u9002\u7528\u4e8e\u90e8\u7f72\u65e0\u72b6\u6001\u7684\u3001\u4e0d\u9700\u8981\u4fdd\u5b58\u6570\u636e\u3001\u968f\u65f6\u53ef\u4ee5\u91cd\u542f\u56de\u6eda\u7684\u5e94\u7528\u3002
\u901a\u8fc7\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u7684\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\uff0c\u53ef\u4ee5\u57fa\u4e8e\u76f8\u5e94\u7684\u89d2\u8272\u6743\u9650\u8f7b\u677e\u7ba1\u7406\u591a\u4e91\u591a\u96c6\u7fa4\u4e0a\u7684\u5de5\u4f5c\u8d1f\u8f7d\uff0c\u5305\u62ec\u5bf9\u65e0\u72b6\u6001\u8d1f\u8f7d\u7684\u521b\u5efa\u3001\u66f4\u65b0\u3001\u5220\u9664\u3001\u5f39\u6027\u6269\u7f29\u3001\u91cd\u542f\u3001\u7248\u672c\u56de\u9000\u7b49\u5168\u751f\u547d\u5468\u671f\u7ba1\u7406\u3002
"},{"location":"admin/kpanda/workloads/create-deployment.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u5728\u4f7f\u7528\u955c\u50cf\u521b\u5efa\u65e0\u72b6\u6001\u8d1f\u8f7d\u4e4b\u524d\uff0c\u9700\u8981\u6ee1\u8db3\u4ee5\u4e0b\u524d\u63d0\u6761\u4ef6\uff1a
\u5728\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u4e2d\u63a5\u5165 Kubernetes \u96c6\u7fa4\u6216\u8005\u521b\u5efa Kubernetes \u96c6\u7fa4\uff0c\u4e14\u80fd\u591f\u8bbf\u95ee\u96c6\u7fa4\u7684 UI \u754c\u9762\u3002
\u521b\u5efa\u4e00\u4e2a\u547d\u540d\u7a7a\u95f4\u548c\u7528\u6237\u3002
\u5f53\u524d\u64cd\u4f5c\u7528\u6237\u5e94\u5177\u6709 NS Editor \u6216\u66f4\u9ad8\u6743\u9650\uff0c\u8be6\u60c5\u53ef\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u6388\u6743\u3002
\u5355\u4e2a\u5b9e\u4f8b\u4e2d\u6709\u591a\u4e2a\u5bb9\u5668\u65f6\uff0c\u8bf7\u786e\u4fdd\u5bb9\u5668\u4f7f\u7528\u7684\u7aef\u53e3\u4e0d\u51b2\u7a81\uff0c\u5426\u5219\u90e8\u7f72\u4f1a\u5931\u6548\u3002
\u53c2\u8003\u4ee5\u4e0b\u6b65\u9aa4\uff0c\u4f7f\u7528\u955c\u50cf\u521b\u5efa\u4e00\u4e2a\u65e0\u72b6\u6001\u8d1f\u8f7d\u3002
\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u4e0a\u7684 \u96c6\u7fa4\u5217\u8868 \uff0c\u7136\u540e\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u9875\u9762\u3002
\u5728\u96c6\u7fa4\u8be6\u60c5\u9875\u9762\uff0c\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u7684 \u5de5\u4f5c\u8d1f\u8f7d -> \u65e0\u72b6\u6001\u8d1f\u8f7d \uff0c\u7136\u540e\u70b9\u51fb\u9875\u9762\u53f3\u4e0a\u89d2\u7684 \u955c\u50cf\u521b\u5efa \u6309\u94ae\u3002
\u4f9d\u6b21\u586b\u5199\u57fa\u672c\u4fe1\u606f\u3001\u5bb9\u5668\u914d\u7f6e\u3001\u670d\u52a1\u914d\u7f6e\u3001\u9ad8\u7ea7\u914d\u7f6e\u540e\uff0c\u5728\u9875\u9762\u53f3\u4e0b\u89d2\u70b9\u51fb \u786e\u5b9a \u5b8c\u6210\u521b\u5efa\u3002
\u7cfb\u7edf\u5c06\u81ea\u52a8\u8fd4\u56de \u65e0\u72b6\u6001\u8d1f\u8f7d \u5217\u8868\u3002\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507 \uff0c\u53ef\u4ee5\u5bf9\u8d1f\u8f7d\u6267\u884c\u6267\u884c\u66f4\u65b0\u3001\u5220\u9664\u3001\u5f39\u6027\u6269\u7f29\u3001\u91cd\u542f\u3001\u7248\u672c\u56de\u9000\u7b49\u64cd\u4f5c\u3002\u5982\u679c\u8d1f\u8f7d\u72b6\u6001\u51fa\u73b0\u5f02\u5e38\uff0c\u8bf7\u67e5\u770b\u5177\u4f53\u5f02\u5e38\u4fe1\u606f\uff0c\u53ef\u53c2\u8003\u5de5\u4f5c\u8d1f\u8f7d\u72b6\u6001\u3002
\u63cf\u8ff0\uff1a\u8f93\u5165\u8d1f\u8f7d\u7684\u63cf\u8ff0\u4fe1\u606f\uff0c\u5185\u5bb9\u81ea\u5b9a\u4e49\u3002\u5b57\u7b26\u6570\u4e0d\u8d85\u8fc7 512\u3002
\u5bb9\u5668\u914d\u7f6e\u5206\u4e3a\u57fa\u672c\u4fe1\u606f\u3001\u751f\u547d\u5468\u671f\u3001\u5065\u5eb7\u68c0\u67e5\u3001\u73af\u5883\u53d8\u91cf\u3001\u6570\u636e\u5b58\u50a8\u3001\u5b89\u5168\u8bbe\u7f6e\u516d\u90e8\u5206\uff0c\u70b9\u51fb\u4e0b\u65b9\u7684\u76f8\u5e94\u9875\u7b7e\u53ef\u67e5\u770b\u5404\u90e8\u5206\u7684\u914d\u7f6e\u8981\u6c42\u3002
\u5bb9\u5668\u914d\u7f6e\u4ec5\u9488\u5bf9\u5355\u4e2a\u5bb9\u5668\u8fdb\u884c\u914d\u7f6e\uff0c\u5982\u9700\u5728\u4e00\u4e2a\u5bb9\u5668\u7ec4\u4e2d\u6dfb\u52a0\u591a\u4e2a\u5bb9\u5668\uff0c\u53ef\u70b9\u51fb\u53f3\u4fa7\u7684 + \u6dfb\u52a0\u591a\u4e2a\u5bb9\u5668\u3002
\u57fa\u672c\u4fe1\u606f\uff08\u5fc5\u586b\uff09\u751f\u547d\u5468\u671f\uff08\u9009\u586b\uff09\u5065\u5eb7\u68c0\u67e5\uff08\u9009\u586b\uff09\u73af\u5883\u53d8\u91cf\uff08\u9009\u586b\uff09\u6570\u636e\u5b58\u50a8\uff08\u9009\u586b\uff09\u5b89\u5168\u8bbe\u7f6e\uff08\u9009\u586b\uff09\u5728\u914d\u7f6e\u5bb9\u5668\u76f8\u5173\u53c2\u6570\u65f6\uff0c\u5fc5\u987b\u6b63\u786e\u586b\u5199\u5bb9\u5668\u7684\u540d\u79f0\u3001\u955c\u50cf\u53c2\u6570\uff0c\u5426\u5219\u5c06\u65e0\u6cd5\u8fdb\u5165\u4e0b\u4e00\u6b65\u3002\u53c2\u8003\u4ee5\u4e0b\u8981\u6c42\u586b\u5199\u914d\u7f6e\u540e\uff0c\u70b9\u51fb \u786e\u8ba4 \u3002
\u5de5\u4f5c\u5bb9\u5668
\u3002\u6709\u5173\u521d\u59cb\u5316\u5bb9\u5668\uff0c\u53c2\u89c1 k8s \u5b98\u65b9\u6587\u6863\u3002\u8bbe\u7f6e GPU \u4e4b\u524d\uff0c\u9700\u8981\u7ba1\u7406\u5458\u9884\u5148\u5728\u96c6\u7fa4\u4e0a\u5b89\u88c5 GPU Operator \u548c nvidia-vgpu\uff08\u4ec5 vGPU \u6a21\u5f0f\u9700\u8981\u5b89\u88c5\uff09\uff0c\u5e76\u5728\u96c6\u7fa4\u8bbe\u7f6e\u4e2d\u5f00\u542f GPU \u7279\u6027\u3002
\u8bbe\u7f6e\u5bb9\u5668\u542f\u52a8\u65f6\u3001\u542f\u52a8\u540e\u3001\u505c\u6b62\u524d\u9700\u8981\u6267\u884c\u7684\u547d\u4ee4\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u5bb9\u5668\u751f\u547d\u5468\u671f\u914d\u7f6e\u3002
\u7528\u4e8e\u5224\u65ad\u5bb9\u5668\u548c\u5e94\u7528\u7684\u5065\u5eb7\u72b6\u6001\uff0c\u6709\u52a9\u4e8e\u63d0\u9ad8\u5e94\u7528\u7684\u53ef\u7528\u6027\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u5bb9\u5668\u5065\u5eb7\u68c0\u67e5\u914d\u7f6e\u3002
\u914d\u7f6e Pod \u5185\u7684\u5bb9\u5668\u53c2\u6570\uff0c\u4e3a Pod \u6dfb\u52a0\u73af\u5883\u53d8\u91cf\u6216\u4f20\u9012\u914d\u7f6e\u7b49\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u5bb9\u5668\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002
\u914d\u7f6e\u5bb9\u5668\u6302\u8f7d\u6570\u636e\u5377\u548c\u6570\u636e\u6301\u4e45\u5316\u7684\u8bbe\u7f6e\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u5bb9\u5668\u6570\u636e\u5b58\u50a8\u914d\u7f6e\u3002
\u901a\u8fc7 Linux \u5185\u7f6e\u7684\u8d26\u53f7\u6743\u9650\u9694\u79bb\u673a\u5236\u6765\u5bf9\u5bb9\u5668\u8fdb\u884c\u5b89\u5168\u9694\u79bb\u3002\u60a8\u53ef\u4ee5\u901a\u8fc7\u4f7f\u7528\u4e0d\u540c\u6743\u9650\u7684\u8d26\u53f7 UID\uff08\u6570\u5b57\u8eab\u4efd\u6807\u8bb0\uff09\u6765\u9650\u5236\u5bb9\u5668\u7684\u6743\u9650\u3002\u4f8b\u5982\uff0c\u8f93\u5165 0 \u8868\u793a\u4f7f\u7528 root \u8d26\u53f7\u7684\u6743\u9650\u3002
"},{"location":"admin/kpanda/workloads/create-deployment.html#_5","title":"\u670d\u52a1\u914d\u7f6e","text":"\u4e3a\u65e0\u72b6\u6001\u8d1f\u8f7d\u914d\u7f6e\u670d\u52a1\uff08Service\uff09\uff0c\u4f7f\u65e0\u72b6\u6001\u8d1f\u8f7d\u80fd\u591f\u88ab\u5916\u90e8\u8bbf\u95ee\u3002
\u70b9\u51fb \u521b\u5efa\u670d\u52a1 \u6309\u94ae\u3002
\u53c2\u8003\u521b\u5efa\u670d\u52a1\uff0c\u914d\u7f6e\u670d\u52a1\u53c2\u6570\u3002
\u70b9\u51fb \u786e\u5b9a \uff0c\u70b9\u51fb \u4e0b\u4e00\u6b65 \u3002
\u9ad8\u7ea7\u914d\u7f6e\u5305\u62ec\u8d1f\u8f7d\u7684\u7f51\u7edc\u914d\u7f6e\u3001\u5347\u7ea7\u7b56\u7565\u3001\u8c03\u5ea6\u7b56\u7565\u3001\u6807\u7b7e\u4e0e\u6ce8\u89e3\u56db\u90e8\u5206\uff0c\u53ef\u70b9\u51fb\u4e0b\u65b9\u7684\u9875\u7b7e\u67e5\u770b\u5404\u90e8\u5206\u7684\u914d\u7f6e\u8981\u6c42\u3002
\u7f51\u7edc\u914d\u7f6e\u5347\u7ea7\u7b56\u7565\u8c03\u5ea6\u7b56\u7565\u6807\u7b7e\u4e0e\u6ce8\u89e3\u5982\u5728\u96c6\u7fa4\u4e2d\u90e8\u7f72\u4e86 SpiderPool \u548c Multus \u7ec4\u4ef6\uff0c\u5219\u53ef\u4ee5\u5728\u7f51\u7edc\u914d\u7f6e\u4e2d\u914d\u7f6e\u5bb9\u5668\u7f51\u5361\u3002
DNS \u914d\u7f6e\uff1a\u5e94\u7528\u5728\u67d0\u4e9b\u573a\u666f\u4e0b\u4f1a\u51fa\u73b0\u5197\u4f59\u7684 DNS \u67e5\u8be2\u3002Kubernetes \u4e3a\u5e94\u7528\u63d0\u4f9b\u4e86\u4e0e DNS \u76f8\u5173\u7684\u914d\u7f6e\u9009\u9879\uff0c\u80fd\u591f\u5728\u67d0\u4e9b\u573a\u666f\u4e0b\u6709\u6548\u5730\u51cf\u5c11\u5197\u4f59\u7684 DNS \u67e5\u8be2\uff0c\u63d0\u5347\u4e1a\u52a1\u5e76\u53d1\u91cf\u3002
DNS \u7b56\u7565
\u57df\u540d\u670d\u52a1\u5668\uff1a\u586b\u5199\u57df\u540d\u670d\u52a1\u5668\u7684\u5730\u5740\uff0c\u4f8b\u5982 10.6.175.20 \u3002
\u4e3b\u673a\u522b\u540d\uff1a\u4e3a\u4e3b\u673a\u8bbe\u7f6e\u7684\u522b\u540d\u3002
\u7f29\u5bb9\u65f6\u95f4\u7a97\uff1a\u8d1f\u8f7d\u505c\u6b62\u524d\u547d\u4ee4\u7684\u6267\u884c\u65f6\u95f4\u7a97\uff080-9,999\u79d2\uff09\uff0c\u9ed8\u8ba4 30 \u79d2\u3002
\u5177\u4f53\u8be6\u60c5\u8bf7\u53c2\u8003\u8c03\u5ea6\u7b56\u7565\u3002
\u53ef\u4ee5\u70b9\u51fb \u6dfb\u52a0 \u6309\u94ae\u4e3a\u5de5\u4f5c\u8d1f\u8f7d\u548c\u5bb9\u5668\u7ec4\u6dfb\u52a0\u6807\u7b7e\u548c\u6ce8\u89e3\u3002
"},{"location":"admin/kpanda/workloads/create-deployment.html#yaml","title":"YAML \u521b\u5efa","text":"\u9664\u4e86\u901a\u8fc7\u955c\u50cf\u65b9\u5f0f\u5916\uff0c\u8fd8\u53ef\u4ee5\u901a\u8fc7 YAML \u6587\u4ef6\u66f4\u5feb\u901f\u5730\u521b\u5efa\u521b\u5efa\u65e0\u72b6\u6001\u8d1f\u8f7d\u3002
\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u4e0a\u7684 \u96c6\u7fa4\u5217\u8868 \uff0c\u7136\u540e\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u9875\u9762\u3002
\u5728\u96c6\u7fa4\u8be6\u60c5\u9875\u9762\uff0c\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u7684 \u5de5\u4f5c\u8d1f\u8f7d -> \u65e0\u72b6\u6001\u8d1f\u8f7d \uff0c\u7136\u540e\u70b9\u51fb\u9875\u9762\u53f3\u4e0a\u89d2\u7684 YAML \u521b\u5efa \u6309\u94ae\u3002
\u8f93\u5165\u6216\u7c98\u8d34\u4e8b\u5148\u51c6\u5907\u597d\u7684 YAML \u6587\u4ef6\uff0c\u70b9\u51fb \u786e\u5b9a \u5373\u53ef\u5b8c\u6210\u521b\u5efa\u3002
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: nginx-deployment\nspec:\n selector:\n matchLabels:\n app: nginx\n replicas: 2 # \u544a\u77e5 Deployment \u8fd0\u884c 2 \u4e2a\u4e0e\u8be5\u6a21\u677f\u5339\u914d\u7684 Pod\n template:\n metadata:\n labels:\n app: nginx\n spec:\n containers:\n - name: nginx\n image: nginx:1.14.2\n ports:\n - containerPort: 80\n
"},{"location":"admin/kpanda/workloads/create-job.html","title":"\u521b\u5efa\u4efb\u52a1\uff08Job\uff09","text":"\u672c\u6587\u4ecb\u7ecd\u5982\u4f55\u901a\u8fc7\u955c\u50cf\u548c YAML \u6587\u4ef6\u4e24\u79cd\u65b9\u5f0f\u521b\u5efa\u4efb\u52a1\uff08Job\uff09\u3002
\u4efb\u52a1\uff08Job\uff09\u9002\u7528\u4e8e\u6267\u884c\u4e00\u6b21\u6027\u4efb\u52a1\u3002Job \u4f1a\u521b\u5efa\u4e00\u4e2a\u6216\u591a\u4e2a Pod\uff0cJob \u4f1a\u4e00\u76f4\u91cd\u65b0\u5c1d\u8bd5\u6267\u884c Pod\uff0c\u76f4\u5230\u6210\u529f\u7ec8\u6b62\u7684 Pod \u8fbe\u5230\u4e00\u5b9a\u6570\u91cf\u3002\u6210\u529f\u7ec8\u6b62\u7684 Pod \u8fbe\u5230\u6307\u5b9a\u7684\u6570\u91cf\u540e\uff0cJob \u4e5f\u968f\u4e4b\u7ed3\u675f\u3002\u5220\u9664 Job \u65f6\u4f1a\u4e00\u540c\u6e05\u9664\u8be5 Job \u521b\u5efa\u7684\u6240\u6709 Pod\u3002\u6682\u505c Job \u65f6\u5220\u9664\u8be5 Job \u4e2d\u7684\u6240\u6709\u6d3b\u8dc3 Pod\uff0c\u76f4\u5230 Job \u88ab\u7ee7\u7eed\u6267\u884c\u3002\u6709\u5173\u4efb\u52a1\uff08Job\uff09\u7684\u66f4\u591a\u4ecb\u7ecd\uff0c\u53ef\u53c2\u8003Job\u3002
"},{"location":"admin/kpanda/workloads/create-job.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u5728\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u4e2d\u63a5\u5165 Kubernetes \u96c6\u7fa4\u6216\u8005\u521b\u5efa Kubernetes \u96c6\u7fa4\uff0c\u4e14\u80fd\u591f\u8bbf\u95ee\u96c6\u7fa4\u7684 UI \u754c\u9762\u3002
\u521b\u5efa\u4e00\u4e2a\u547d\u540d\u7a7a\u95f4\u548c\u7528\u6237\u3002
\u5f53\u524d\u64cd\u4f5c\u7528\u6237\u5e94\u5177\u6709 NS Editor \u6216\u66f4\u9ad8\u6743\u9650\uff0c\u8be6\u60c5\u53ef\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u6388\u6743\u3002
\u5355\u4e2a\u5b9e\u4f8b\u4e2d\u6709\u591a\u4e2a\u5bb9\u5668\u65f6\uff0c\u8bf7\u786e\u4fdd\u5bb9\u5668\u4f7f\u7528\u7684\u7aef\u53e3\u4e0d\u51b2\u7a81\uff0c\u5426\u5219\u90e8\u7f72\u4f1a\u5931\u6548\u3002
\u53c2\u8003\u4ee5\u4e0b\u6b65\u9aa4\uff0c\u4f7f\u7528\u955c\u50cf\u521b\u5efa\u4e00\u4e2a\u4efb\u52a1\u3002
\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u4e0a\u7684 \u96c6\u7fa4\u5217\u8868 \uff0c\u7136\u540e\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u9875\u9762\u3002
\u5728\u96c6\u7fa4\u8be6\u60c5\u9875\u9762\uff0c\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u7684 \u5de5\u4f5c\u8d1f\u8f7d -> \u4efb\u52a1 \uff0c\u7136\u540e\u70b9\u51fb\u9875\u9762\u53f3\u4e0a\u89d2\u7684 \u955c\u50cf\u521b\u5efa \u6309\u94ae\u3002
\u4f9d\u6b21\u586b\u5199\u57fa\u672c\u4fe1\u606f\u3001\u5bb9\u5668\u914d\u7f6e\u3001\u670d\u52a1\u914d\u7f6e\u3001\u9ad8\u7ea7\u914d\u7f6e\u540e\uff0c\u5728\u9875\u9762\u53f3\u4e0b\u89d2\u70b9\u51fb \u786e\u5b9a \u5b8c\u6210\u521b\u5efa\u3002
\u7cfb\u7edf\u5c06\u81ea\u52a8\u8fd4\u56de \u4efb\u52a1 \u5217\u8868\u3002\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507 \uff0c\u53ef\u4ee5\u5bf9\u4efb\u52a1\u6267\u884c\u6267\u884c\u66f4\u65b0\u3001\u5220\u9664\u3001\u91cd\u542f\u7b49\u64cd\u4f5c\u3002
\u5728 \u521b\u5efa\u4efb\u52a1 \u9875\u9762\u4e2d\uff0c\u6839\u636e\u4e0b\u8868\u8f93\u5165\u57fa\u672c\u4fe1\u606f\u540e\uff0c\u70b9\u51fb \u4e0b\u4e00\u6b65 \u3002
\u5bb9\u5668\u914d\u7f6e\u5206\u4e3a\u57fa\u672c\u4fe1\u606f\u3001\u751f\u547d\u5468\u671f\u3001\u5065\u5eb7\u68c0\u67e5\u3001\u73af\u5883\u53d8\u91cf\u3001\u6570\u636e\u5b58\u50a8\u3001\u5b89\u5168\u8bbe\u7f6e\u516d\u90e8\u5206\uff0c\u70b9\u51fb\u4e0b\u65b9\u7684\u76f8\u5e94\u9875\u7b7e\u53ef\u67e5\u770b\u5404\u90e8\u5206\u7684\u914d\u7f6e\u8981\u6c42\u3002
\u5bb9\u5668\u914d\u7f6e\u4ec5\u9488\u5bf9\u5355\u4e2a\u5bb9\u5668\u8fdb\u884c\u914d\u7f6e\uff0c\u5982\u9700\u5728\u4e00\u4e2a\u5bb9\u5668\u7ec4\u4e2d\u6dfb\u52a0\u591a\u4e2a\u5bb9\u5668\uff0c\u53ef\u70b9\u51fb\u53f3\u4fa7\u7684 + \u6dfb\u52a0\u591a\u4e2a\u5bb9\u5668\u3002
\u57fa\u672c\u4fe1\u606f\uff08\u5fc5\u586b\uff09\u751f\u547d\u5468\u671f\uff08\u9009\u586b\uff09\u5065\u5eb7\u68c0\u67e5\uff08\u9009\u586b\uff09\u73af\u5883\u53d8\u91cf\uff08\u9009\u586b\uff09\u6570\u636e\u5b58\u50a8\uff08\u9009\u586b\uff09\u5b89\u5168\u8bbe\u7f6e\uff08\u9009\u586b\uff09\u5728\u914d\u7f6e\u5bb9\u5668\u76f8\u5173\u53c2\u6570\u65f6\uff0c\u5fc5\u987b\u6b63\u786e\u586b\u5199\u5bb9\u5668\u7684\u540d\u79f0\u3001\u955c\u50cf\u53c2\u6570\uff0c\u5426\u5219\u5c06\u65e0\u6cd5\u8fdb\u5165\u4e0b\u4e00\u6b65\u3002\u53c2\u8003\u4ee5\u4e0b\u8981\u6c42\u586b\u5199\u914d\u7f6e\u540e\uff0c\u70b9\u51fb \u786e\u8ba4 \u3002
\u5de5\u4f5c\u5bb9\u5668
\u3002\u6709\u5173\u521d\u59cb\u5316\u5bb9\u5668\uff0c\u53c2\u89c1 k8s \u5b98\u65b9\u6587\u6863\u3002\u8bbe\u7f6e GPU \u4e4b\u524d\uff0c\u9700\u8981\u7ba1\u7406\u5458\u9884\u5148\u5728\u96c6\u7fa4\u4e0a\u5b89\u88c5 GPU Operator \u548c nvidia-vgpu\uff08\u4ec5 vGPU \u6a21\u5f0f\u9700\u8981\u5b89\u88c5\uff09\uff0c\u5e76\u5728\u96c6\u7fa4\u8bbe\u7f6e\u4e2d\u5f00\u542f GPU \u7279\u6027\u3002
\u8bbe\u7f6e\u5bb9\u5668\u542f\u52a8\u65f6\u3001\u542f\u52a8\u540e\u3001\u505c\u6b62\u524d\u9700\u8981\u6267\u884c\u7684\u547d\u4ee4\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u5bb9\u5668\u751f\u547d\u5468\u671f\u914d\u7f6e\u3002
\u7528\u4e8e\u5224\u65ad\u5bb9\u5668\u548c\u5e94\u7528\u7684\u5065\u5eb7\u72b6\u6001\uff0c\u6709\u52a9\u4e8e\u63d0\u9ad8\u5e94\u7528\u7684\u53ef\u7528\u6027\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u5bb9\u5668\u5065\u5eb7\u68c0\u67e5\u914d\u7f6e\u3002
\u914d\u7f6e Pod \u5185\u7684\u5bb9\u5668\u53c2\u6570\uff0c\u4e3a Pod \u6dfb\u52a0\u73af\u5883\u53d8\u91cf\u6216\u4f20\u9012\u914d\u7f6e\u7b49\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u5bb9\u5668\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002
\u914d\u7f6e\u5bb9\u5668\u6302\u8f7d\u6570\u636e\u5377\u548c\u6570\u636e\u6301\u4e45\u5316\u7684\u8bbe\u7f6e\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u5bb9\u5668\u6570\u636e\u5b58\u50a8\u914d\u7f6e\u3002
\u901a\u8fc7 Linux \u5185\u7f6e\u7684\u8d26\u53f7\u6743\u9650\u9694\u79bb\u673a\u5236\u6765\u5bf9\u5bb9\u5668\u8fdb\u884c\u5b89\u5168\u9694\u79bb\u3002\u60a8\u53ef\u4ee5\u901a\u8fc7\u4f7f\u7528\u4e0d\u540c\u6743\u9650\u7684\u8d26\u53f7 UID\uff08\u6570\u5b57\u8eab\u4efd\u6807\u8bb0\uff09\u6765\u9650\u5236\u5bb9\u5668\u7684\u6743\u9650\u3002\u4f8b\u5982\uff0c\u8f93\u5165 0 \u8868\u793a\u4f7f\u7528 root \u8d26\u53f7\u7684\u6743\u9650\u3002
"},{"location":"admin/kpanda/workloads/create-job.html#_5","title":"\u9ad8\u7ea7\u914d\u7f6e","text":"\u9ad8\u7ea7\u914d\u7f6e\u5305\u62ec\u4efb\u52a1\u8bbe\u7f6e\u3001\u6807\u7b7e\u4e0e\u6ce8\u89e3\u4e24\u90e8\u5206\u3002
\u4efb\u52a1\u8bbe\u7f6e\u6807\u7b7e\u4e0e\u6ce8\u89e3\u53ef\u4ee5\u70b9\u51fb \u6dfb\u52a0 \u6309\u94ae\u4e3a\u5de5\u4f5c\u8d1f\u8f7d\u5b9e\u4f8b Pod \u6dfb\u52a0\u6807\u7b7e\u548c\u6ce8\u89e3\u3002
"},{"location":"admin/kpanda/workloads/create-job.html#yaml","title":"YAML \u521b\u5efa","text":"\u9664\u4e86\u901a\u8fc7\u955c\u50cf\u65b9\u5f0f\u5916\uff0c\u8fd8\u53ef\u4ee5\u901a\u8fc7 YAML \u6587\u4ef6\u66f4\u5feb\u901f\u5730\u521b\u5efa\u521b\u5efa\u4efb\u52a1\u3002
\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u4e0a\u7684 \u96c6\u7fa4\u5217\u8868 \uff0c\u7136\u540e\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u9875\u9762\u3002
\u5728\u96c6\u7fa4\u8be6\u60c5\u9875\u9762\uff0c\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u7684 \u5de5\u4f5c\u8d1f\u8f7d -> \u4efb\u52a1 \uff0c\u7136\u540e\u70b9\u51fb\u9875\u9762\u53f3\u4e0a\u89d2\u7684 YAML \u521b\u5efa \u6309\u94ae\u3002
\u8f93\u5165\u6216\u7c98\u8d34\u4e8b\u5148\u51c6\u5907\u597d\u7684 YAML \u6587\u4ef6\uff0c\u70b9\u51fb \u786e\u5b9a \u5373\u53ef\u5b8c\u6210\u521b\u5efa\u3002
kind: Job\napiVersion: batch/v1\nmetadata:\n name: demo\n namespace: default\n uid: a9708239-0358-4aa1-87d3-a092c080836e\n resourceVersion: '92751876'\n generation: 1\n creationTimestamp: '2022-12-26T10:52:22Z'\n labels:\n app: demo\n controller-uid: a9708239-0358-4aa1-87d3-a092c080836e\n job-name: demo\n annotations:\n revisions: >-\n {\"1\":{\"status\":\"running\",\"uid\":\"a9708239-0358-4aa1-87d3-a092c080836e\",\"start-time\":\"2022-12-26T10:52:22Z\",\"completion-time\":\"0001-01-01T00:00:00Z\"}}\nspec:\n parallelism: 1\n backoffLimit: 6\n selector:\n matchLabels:\n controller-uid: a9708239-0358-4aa1-87d3-a092c080836e\n template:\n metadata:\n creationTimestamp: null\n labels:\n app: demo\n controller-uid: a9708239-0358-4aa1-87d3-a092c080836e\n job-name: demo\n spec:\n containers:\n - name: container-4\n image: nginx\n resources:\n limits:\n cpu: 250m\n memory: 512Mi\n requests:\n cpu: 250m\n memory: 512Mi\n lifecycle: {}\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: IfNotPresent\n securityContext:\n privileged: false\n restartPolicy: Never\n terminationGracePeriodSeconds: 30\n dnsPolicy: ClusterFirst\n securityContext: {}\n schedulerName: default-scheduler\n completionMode: NonIndexed\n suspend: false\nstatus:\n startTime: '2022-12-26T10:52:22Z'\n active: 1\n
"},{"location":"admin/kpanda/workloads/create-statefulset.html","title":"\u521b\u5efa\u6709\u72b6\u6001\u8d1f\u8f7d\uff08StatefulSet\uff09","text":"\u672c\u6587\u4ecb\u7ecd\u5982\u4f55\u901a\u8fc7\u955c\u50cf\u548c YAML \u6587\u4ef6\u4e24\u79cd\u65b9\u5f0f\u521b\u5efa\u6709\u72b6\u6001\u8d1f\u8f7d\uff08StatefulSet\uff09\u3002
\u6709\u72b6\u6001\u8d1f\u8f7d\uff08StatefulSet\uff09\u662f Kubernetes \u4e2d\u7684\u4e00\u79cd\u5e38\u89c1\u8d44\u6e90\uff0c\u548c\u65e0\u72b6\u6001\u8d1f\u8f7d\uff08Deployment\uff09\u7c7b\u4f3c\uff0c\u4e3b\u8981\u7528\u4e8e\u7ba1\u7406 Pod \u96c6\u5408\u7684\u90e8\u7f72\u548c\u4f38\u7f29\u3002\u4e8c\u8005\u7684\u4e3b\u8981\u533a\u522b\u5728\u4e8e\uff0cDeployment \u662f\u65e0\u72b6\u6001\u7684\uff0c\u4e0d\u4fdd\u5b58\u6570\u636e\uff0c\u800c StatefulSet \u662f\u6709\u72b6\u6001\u7684\uff0c\u4e3b\u8981\u7528\u4e8e\u7ba1\u7406\u6709\u72b6\u6001\u5e94\u7528\u3002\u6b64\u5916\uff0cStatefulSet \u4e2d\u7684 Pod \u5177\u6709\u6c38\u4e45\u4e0d\u53d8\u7684 ID\uff0c\u4fbf\u4e8e\u5728\u5339\u914d\u5b58\u50a8\u5377\u65f6\u8bc6\u522b\u5bf9\u5e94\u7684 Pod\u3002
\u901a\u8fc7\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u7684\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\uff0c\u53ef\u4ee5\u57fa\u4e8e\u76f8\u5e94\u7684\u89d2\u8272\u6743\u9650\u8f7b\u677e\u7ba1\u7406\u591a\u4e91\u591a\u96c6\u7fa4\u4e0a\u7684\u5de5\u4f5c\u8d1f\u8f7d\uff0c\u5305\u62ec\u5bf9\u6709\u72b6\u6001\u5de5\u4f5c\u8d1f\u8f7d\u7684\u521b\u5efa\u3001\u66f4\u65b0\u3001\u5220\u9664\u3001\u5f39\u6027\u6269\u7f29\u3001\u91cd\u542f\u3001\u7248\u672c\u56de\u9000\u7b49\u5168\u751f\u547d\u5468\u671f\u7ba1\u7406\u3002
"},{"location":"admin/kpanda/workloads/create-statefulset.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u5728\u4f7f\u7528\u955c\u50cf\u521b\u5efa\u6709\u72b6\u6001\u8d1f\u8f7d\u4e4b\u524d\uff0c\u9700\u8981\u6ee1\u8db3\u4ee5\u4e0b\u524d\u63d0\u6761\u4ef6\uff1a
\u5728\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u4e2d\u63a5\u5165 Kubernetes \u96c6\u7fa4\u6216\u8005\u521b\u5efa Kubernetes \u96c6\u7fa4\uff0c\u4e14\u80fd\u591f\u8bbf\u95ee\u96c6\u7fa4\u7684 UI \u754c\u9762\u3002
\u521b\u5efa\u4e00\u4e2a\u547d\u540d\u7a7a\u95f4\u548c\u7528\u6237\u3002
\u5f53\u524d\u64cd\u4f5c\u7528\u6237\u5e94\u5177\u6709 NS Editor \u6216\u66f4\u9ad8\u6743\u9650\uff0c\u8be6\u60c5\u53ef\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u6388\u6743\u3002
\u5355\u4e2a\u5b9e\u4f8b\u4e2d\u6709\u591a\u4e2a\u5bb9\u5668\u65f6\uff0c\u8bf7\u786e\u4fdd\u5bb9\u5668\u4f7f\u7528\u7684\u7aef\u53e3\u4e0d\u51b2\u7a81\uff0c\u5426\u5219\u90e8\u7f72\u4f1a\u5931\u6548\u3002
\u53c2\u8003\u4ee5\u4e0b\u6b65\u9aa4\uff0c\u4f7f\u7528\u955c\u50cf\u521b\u5efa\u4e00\u4e2a\u6709\u72b6\u6001\u8d1f\u8f7d\u3002
\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u4e0a\u7684 \u96c6\u7fa4\u5217\u8868 \uff0c\u7136\u540e\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u3002
\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u7684 \u5de5\u4f5c\u8d1f\u8f7d -> \u6709\u72b6\u6001\u8d1f\u8f7d \uff0c\u7136\u540e\u70b9\u51fb\u53f3\u4e0a\u89d2 \u955c\u50cf\u521b\u5efa \u6309\u94ae\u3002
\u4f9d\u6b21\u586b\u5199\u57fa\u672c\u4fe1\u606f\u3001\u5bb9\u5668\u914d\u7f6e\u3001\u670d\u52a1\u914d\u7f6e\u3001\u9ad8\u7ea7\u914d\u7f6e\u540e\uff0c\u5728\u9875\u9762\u53f3\u4e0b\u89d2\u70b9\u51fb \u786e\u5b9a \u5b8c\u6210\u521b\u5efa\u3002
\u7cfb\u7edf\u5c06\u81ea\u52a8\u8fd4\u56de \u6709\u72b6\u6001\u5de5\u4f5c\u8d1f\u8f7d \u5217\u8868\uff0c\u7b49\u5f85\u5de5\u4f5c\u8d1f\u8f7d\u72b6\u6001\u53d8\u4e3a \u8fd0\u884c\u4e2d \u3002\u5982\u679c\u5de5\u4f5c\u8d1f\u8f7d\u72b6\u6001\u51fa\u73b0\u5f02\u5e38\uff0c\u8bf7\u67e5\u770b\u5177\u4f53\u5f02\u5e38\u4fe1\u606f\uff0c\u53ef\u53c2\u8003\u5de5\u4f5c\u8d1f\u8f7d\u72b6\u6001\u3002
\u70b9\u51fb\u65b0\u5efa\u5de5\u4f5c\u8d1f\u8f7d\u5217\u53f3\u4fa7\u7684 \u2507 \uff0c\u53ef\u4ee5\u5bf9\u5de5\u4f5c\u8d1f\u8f7d\u6267\u884c\u6267\u884c\u66f4\u65b0\u3001\u5220\u9664\u3001\u5f39\u6027\u6269\u7f29\u3001\u91cd\u542f\u3001\u7248\u672c\u56de\u9000\u7b49\u64cd\u4f5c\u3002
\u63cf\u8ff0\uff1a\u8f93\u5165\u8d1f\u8f7d\u7684\u63cf\u8ff0\u4fe1\u606f\uff0c\u5185\u5bb9\u81ea\u5b9a\u4e49\u3002\u5b57\u7b26\u6570\u4e0d\u8d85\u8fc7 512\u3002
\u5bb9\u5668\u914d\u7f6e\u5206\u4e3a\u57fa\u672c\u4fe1\u606f\u3001\u751f\u547d\u5468\u671f\u3001\u5065\u5eb7\u68c0\u67e5\u3001\u73af\u5883\u53d8\u91cf\u3001\u6570\u636e\u5b58\u50a8\u3001\u5b89\u5168\u8bbe\u7f6e\u516d\u90e8\u5206\uff0c\u70b9\u51fb\u4e0b\u65b9\u7684\u76f8\u5e94\u9875\u7b7e\u53ef\u67e5\u770b\u5404\u90e8\u5206\u7684\u914d\u7f6e\u8981\u6c42\u3002
\u5bb9\u5668\u914d\u7f6e\u4ec5\u9488\u5bf9\u5355\u4e2a\u5bb9\u5668\u8fdb\u884c\u914d\u7f6e\uff0c\u5982\u9700\u5728\u4e00\u4e2a\u5bb9\u5668\u7ec4\u4e2d\u6dfb\u52a0\u591a\u4e2a\u5bb9\u5668\uff0c\u53ef\u70b9\u51fb\u53f3\u4fa7\u7684 + \u6dfb\u52a0\u591a\u4e2a\u5bb9\u5668\u3002
\u57fa\u672c\u4fe1\u606f\uff08\u5fc5\u586b\uff09\u751f\u547d\u5468\u671f\uff08\u9009\u586b\uff09\u5065\u5eb7\u68c0\u67e5\uff08\u9009\u586b\uff09\u73af\u5883\u53d8\u91cf\uff08\u9009\u586b\uff09\u6570\u636e\u5b58\u50a8\uff08\u9009\u586b\uff09\u5b89\u5168\u8bbe\u7f6e\uff08\u9009\u586b\uff09\u5728\u914d\u7f6e\u5bb9\u5668\u76f8\u5173\u53c2\u6570\u65f6\uff0c\u5fc5\u987b\u6b63\u786e\u586b\u5199\u5bb9\u5668\u7684\u540d\u79f0\u3001\u955c\u50cf\u53c2\u6570\uff0c\u5426\u5219\u5c06\u65e0\u6cd5\u8fdb\u5165\u4e0b\u4e00\u6b65\u3002\u53c2\u8003\u4ee5\u4e0b\u8981\u6c42\u586b\u5199\u914d\u7f6e\u540e\uff0c\u70b9\u51fb \u786e\u8ba4 \u3002
\u5de5\u4f5c\u5bb9\u5668
\u3002\u6709\u5173\u521d\u59cb\u5316\u5bb9\u5668\uff0c\u53c2\u89c1 k8s \u5b98\u65b9\u6587\u6863\u3002\u8bbe\u7f6e GPU \u4e4b\u524d\uff0c\u9700\u8981\u7ba1\u7406\u5458\u9884\u5148\u5728\u96c6\u7fa4\u4e0a\u5b89\u88c5 GPU Operator \u548c nvidia-vgpu\uff08\u4ec5 vGPU \u6a21\u5f0f\u9700\u8981\u5b89\u88c5\uff09\uff0c\u5e76\u5728\u96c6\u7fa4\u8bbe\u7f6e\u4e2d\u5f00\u542f GPU \u7279\u6027\u3002
\u8bbe\u7f6e\u5bb9\u5668\u542f\u52a8\u65f6\u3001\u542f\u52a8\u540e\u3001\u505c\u6b62\u524d\u9700\u8981\u6267\u884c\u7684\u547d\u4ee4\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u5bb9\u5668\u751f\u547d\u5468\u671f\u914d\u7f6e\u3002
\u7528\u4e8e\u5224\u65ad\u5bb9\u5668\u548c\u5e94\u7528\u7684\u5065\u5eb7\u72b6\u6001\u3002\u6709\u52a9\u4e8e\u63d0\u9ad8\u5e94\u7528\u7684\u53ef\u7528\u6027\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u5bb9\u5668\u5065\u5eb7\u68c0\u67e5\u914d\u7f6e\u3002
\u914d\u7f6e Pod \u5185\u7684\u5bb9\u5668\u53c2\u6570\uff0c\u4e3a Pod \u6dfb\u52a0\u73af\u5883\u53d8\u91cf\u6216\u4f20\u9012\u914d\u7f6e\u7b49\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u5bb9\u5668\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002
\u914d\u7f6e\u5bb9\u5668\u6302\u8f7d\u6570\u636e\u5377\u548c\u6570\u636e\u6301\u4e45\u5316\u7684\u8bbe\u7f6e\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u5bb9\u5668\u6570\u636e\u5b58\u50a8\u914d\u7f6e\u3002
\u901a\u8fc7 Linux \u5185\u7f6e\u7684\u8d26\u53f7\u6743\u9650\u9694\u79bb\u673a\u5236\u6765\u5bf9\u5bb9\u5668\u8fdb\u884c\u5b89\u5168\u9694\u79bb\u3002\u60a8\u53ef\u4ee5\u901a\u8fc7\u4f7f\u7528\u4e0d\u540c\u6743\u9650\u7684\u8d26\u53f7 UID\uff08\u6570\u5b57\u8eab\u4efd\u6807\u8bb0\uff09\u6765\u9650\u5236\u5bb9\u5668\u7684\u6743\u9650\u3002\u4f8b\u5982\uff0c\u8f93\u5165 0 \u8868\u793a\u4f7f\u7528 root \u8d26\u53f7\u7684\u6743\u9650\u3002
"},{"location":"admin/kpanda/workloads/create-statefulset.html#_5","title":"\u670d\u52a1\u914d\u7f6e","text":"\u4e3a\u6709\u72b6\u6001\u8d1f\u8f7d\u914d\u7f6e\u670d\u52a1\uff08Service\uff09\uff0c\u4f7f\u6709\u72b6\u6001\u8d1f\u8f7d\u80fd\u591f\u88ab\u5916\u90e8\u8bbf\u95ee\u3002
\u70b9\u51fb \u521b\u5efa\u670d\u52a1 \u6309\u94ae\u3002
\u53c2\u8003\u521b\u5efa\u670d\u52a1\uff0c\u914d\u7f6e\u670d\u52a1\u53c2\u6570\u3002
\u70b9\u51fb \u786e\u5b9a \uff0c\u70b9\u51fb \u4e0b\u4e00\u6b65 \u3002
\u9ad8\u7ea7\u914d\u7f6e\u5305\u62ec\u8d1f\u8f7d\u7684\u7f51\u7edc\u914d\u7f6e\u3001\u5347\u7ea7\u7b56\u7565\u3001\u8c03\u5ea6\u7b56\u7565\u3001\u6807\u7b7e\u4e0e\u6ce8\u89e3\u56db\u90e8\u5206\uff0c\u53ef\u70b9\u51fb\u4e0b\u65b9\u7684\u9875\u7b7e\u67e5\u770b\u5404\u90e8\u5206\u7684\u914d\u7f6e\u8981\u6c42\u3002
\u7f51\u7edc\u914d\u7f6e\u5347\u7ea7\u7b56\u7565\u5bb9\u5668\u7ba1\u7406\u7b56\u7565\u8c03\u5ea6\u7b56\u7565\u6807\u7b7e\u4e0e\u6ce8\u89e3\u5982\u5728\u96c6\u7fa4\u4e2d\u90e8\u7f72\u4e86 SpiderPool \u548c Multus \u7ec4\u4ef6\uff0c\u5219\u53ef\u4ee5\u5728\u7f51\u7edc\u914d\u7f6e\u4e2d\u914d\u7f6e\u5bb9\u5668\u7f51\u5361\u3002
DNS \u914d\u7f6e\uff1a\u5e94\u7528\u5728\u67d0\u4e9b\u573a\u666f\u4e0b\u4f1a\u51fa\u73b0\u5197\u4f59\u7684 DNS \u67e5\u8be2\u3002Kubernetes \u4e3a\u5e94\u7528\u63d0\u4f9b\u4e86\u4e0e DNS \u76f8\u5173\u7684\u914d\u7f6e\u9009\u9879\uff0c\u80fd\u591f\u5728\u67d0\u4e9b\u573a\u666f\u4e0b\u6709\u6548\u5730\u51cf\u5c11\u5197\u4f59\u7684 DNS \u67e5\u8be2\uff0c\u63d0\u5347\u4e1a\u52a1\u5e76\u53d1\u91cf\u3002
DNS \u7b56\u7565
\u57df\u540d\u670d\u52a1\u5668\uff1a\u586b\u5199\u57df\u540d\u670d\u52a1\u5668\u7684\u5730\u5740\uff0c\u4f8b\u5982 10.6.175.20 \u3002
\u4e3b\u673a\u522b\u540d\uff1a\u4e3a\u4e3b\u673a\u8bbe\u7f6e\u7684\u522b\u540d\u3002
\u7f29\u5bb9\u65f6\u95f4\u7a97\uff1a\u8d1f\u8f7d\u505c\u6b62\u524d\u547d\u4ee4\u7684\u6267\u884c\u65f6\u95f4\u7a97\uff080-9,999\u79d2\uff09\uff0c\u9ed8\u8ba4 30 \u79d2\u3002
Kubernetes v1.7 \u53ca\u5176\u4e4b\u540e\u7684\u7248\u672c\u53ef\u4ee5\u901a\u8fc7 .spec.podManagementPolicy \u8bbe\u7f6e Pod \u7684\u7ba1\u7406\u7b56\u7565\uff0c\u652f\u6301\u4ee5\u4e0b\u4e24\u79cd\u65b9\u5f0f\uff1a
\u6309\u5e8f\u7b56\u7565\uff08OrderedReady\uff09 \uff1a\u9ed8\u8ba4\u7684 Pod \u7ba1\u7406\u7b56\u7565\uff0c\u8868\u793a\u6309\u987a\u5e8f\u90e8\u7f72 Pod\uff0c\u53ea\u6709\u524d\u4e00\u4e2a Pod \u90e8\u7f72 \u6210\u529f\u5b8c\u6210\u540e\uff0c\u6709\u72b6\u6001\u8d1f\u8f7d\u624d\u4f1a\u5f00\u59cb\u90e8\u7f72\u4e0b\u4e00\u4e2a Pod\u3002\u5220\u9664 Pod \u65f6\u5219\u91c7\u7528\u9006\u5e8f\uff0c\u6700\u540e\u521b\u5efa\u7684\u6700\u5148\u88ab\u5220\u9664\u3002
\u5e76\u884c\u7b56\u7565\uff08Parallel\uff09 \uff1a\u5e76\u884c\u521b\u5efa\u6216\u5220\u9664\u5bb9\u5668\uff0c\u548c Deployment \u7c7b\u578b\u7684 Pod \u4e00\u6837\u3002StatefulSet \u63a7\u5236\u5668\u5e76\u884c\u5730\u542f\u52a8\u6216\u7ec8\u6b62\u6240\u6709\u7684\u5bb9\u5668\u3002\u542f\u52a8\u6216\u8005\u7ec8\u6b62\u5176\u4ed6 Pod \u524d\uff0c\u65e0\u9700\u7b49\u5f85 Pod \u8fdb\u5165 Running \u548c ready \u6216\u8005\u5b8c\u5168\u505c\u6b62\u72b6\u6001\u3002 \u8fd9\u4e2a\u9009\u9879\u53ea\u4f1a\u5f71\u54cd\u6269\u7f29\u64cd\u4f5c\u7684\u884c\u4e3a\uff0c\u4e0d\u5f71\u54cd\u66f4\u65b0\u65f6\u7684\u987a\u5e8f\u3002
\u5177\u4f53\u8be6\u60c5\u8bf7\u53c2\u8003\u8c03\u5ea6\u7b56\u7565\u3002
![\u8c03\u5ea6\u7b56\u7565](../../../images/deploy15_1.png)\n
\u53ef\u4ee5\u70b9\u51fb \u6dfb\u52a0 \u6309\u94ae\u4e3a\u5de5\u4f5c\u8d1f\u8f7d\u548c\u5bb9\u5668\u7ec4\u6dfb\u52a0\u6807\u7b7e\u548c\u6ce8\u89e3\u3002
"},{"location":"admin/kpanda/workloads/create-statefulset.html#yaml","title":"YAML \u521b\u5efa","text":"\u9664\u4e86\u901a\u8fc7\u955c\u50cf\u65b9\u5f0f\u5916\uff0c\u8fd8\u53ef\u4ee5\u901a\u8fc7 YAML \u6587\u4ef6\u66f4\u5feb\u901f\u5730\u521b\u5efa\u521b\u5efa\u6709\u72b6\u6001\u8d1f\u8f7d\u3002
\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u4e0a\u7684 \u96c6\u7fa4\u5217\u8868 \uff0c\u7136\u540e\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u9875\u9762\u3002
\u5728\u96c6\u7fa4\u8be6\u60c5\u9875\u9762\uff0c\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u7684 \u5de5\u4f5c\u8d1f\u8f7d -> \u6709\u72b6\u6001\u8d1f\u8f7d \uff0c\u7136\u540e\u70b9\u51fb\u9875\u9762\u53f3\u4e0a\u89d2\u7684 YAML \u521b\u5efa \u6309\u94ae\u3002
\u8f93\u5165\u6216\u7c98\u8d34\u4e8b\u5148\u51c6\u5907\u597d\u7684 YAML \u6587\u4ef6\uff0c\u70b9\u51fb \u786e\u5b9a \u5373\u53ef\u5b8c\u6210\u521b\u5efa\u3002
kind: StatefulSet\napiVersion: apps/v1\nmetadata:\n name: test-mysql-123-mysql\n namespace: default\n uid: d3f45527-a0ab-4b22-9013-5842a06f4e0e\n resourceVersion: '20504385'\n generation: 1\n creationTimestamp: '2022-09-22T09:34:10Z'\n ownerReferences:\n - apiVersion: mysql.presslabs.org/v1alpha1\n kind: MysqlCluster\n name: test-mysql-123\n uid: 5e877cc3-5167-49da-904e-820940cf1a6d\n controller: true\n blockOwnerDeletion: true\nspec:\n replicas: 1\n selector:\n matchLabels:\n app.kubernetes.io/managed-by: mysql.presslabs.org\n app.kubernetes.io/name: mysql\n mysql.presslabs.org/cluster: test-mysql-123\n template:\n metadata:\n creationTimestamp: null\n labels:\n app.kubernetes.io/component: database\n app.kubernetes.io/instance: test-mysql-123\n app.kubernetes.io/managed-by: mysql.presslabs.org\n app.kubernetes.io/name: mysql\n app.kubernetes.io/version: 5.7.31\n mysql.presslabs.org/cluster: test-mysql-123\n annotations:\n config_rev: '13941099'\n prometheus.io/port: '9125'\n prometheus.io/scrape: 'true'\n secret_rev: '13941101'\n spec:\n volumes:\n - name: conf\n emptyDir: {}\n - name: init-scripts\n emptyDir: {}\n - name: config-map\n configMap:\n name: test-mysql-123-mysql\n defaultMode: 420\n - name: data\n persistentVolumeClaim:\n claimName: data\n initContainers:\n - name: init\n image: docker.m.daocloud.io/bitpoke/mysql-operator-sidecar-5.7:v0.6.1\n args:\n - clone-and-init\n envFrom:\n - secretRef:\n name: test-mysql-123-mysql-operated\n env:\n - name: MY_NAMESPACE\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n - name: MY_POD_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.name\n - name: MY_POD_IP\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: status.podIP\n - name: MY_SERVICE_NAME\n value: mysql\n - name: MY_CLUSTER_NAME\n value: test-mysql-123\n - name: MY_FQDN\n value: $(MY_POD_NAME).$(MY_SERVICE_NAME).$(MY_NAMESPACE)\n - name: MY_MYSQL_VERSION\n value: 5.7.31\n - name: BACKUP_USER\n valueFrom:\n secretKeyRef:\n name: test-mysql-123-mysql-operated\n key: BACKUP_USER\n optional: true\n - name: BACKUP_PASSWORD\n valueFrom:\n secretKeyRef:\n name: test-mysql-123-mysql-operated\n key: BACKUP_PASSWORD\n optional: true\n resources: {}\n volumeMounts:\n - name: conf\n mountPath: /etc/mysql\n - name: config-map\n mountPath: /mnt/conf\n - name: data\n mountPath: /var/lib/mysql\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: IfNotPresent\n containers:\n - name: mysql\n image: docker.m.daocloud.io/mysql:5.7.31\n ports:\n - name: mysql\n containerPort: 3306\n protocol: TCP\n env:\n - name: MY_NAMESPACE\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n - name: MY_POD_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.name\n - name: MY_POD_IP\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: status.podIP\n - name: MY_SERVICE_NAME\n value: mysql\n - name: MY_CLUSTER_NAME\n value: test-mysql-123\n - name: MY_FQDN\n value: $(MY_POD_NAME).$(MY_SERVICE_NAME).$(MY_NAMESPACE)\n - name: MY_MYSQL_VERSION\n value: 5.7.31\n - name: ORCH_CLUSTER_ALIAS\n value: test-mysql-123.default\n - name: ORCH_HTTP_API\n value: http://mysql-operator.mcamel-system/api\n - name: MYSQL_ROOT_PASSWORD\n valueFrom:\n secretKeyRef:\n name: test-mysql-123-secret\n key: ROOT_PASSWORD\n optional: false\n - name: MYSQL_USER\n valueFrom:\n secretKeyRef:\n name: test-mysql-123-secret\n key: USER\n optional: true\n - name: MYSQL_PASSWORD\n valueFrom:\n secretKeyRef:\n name: test-mysql-123-secret\n key: PASSWORD\n optional: true\n - name: MYSQL_DATABASE\n valueFrom:\n secretKeyRef:\n name: test-mysql-123-secret\n key: DATABASE\n optional: true\n resources:\n limits:\n cpu: '1'\n memory: 1Gi\n requests:\n cpu: 100m\n memory: 512Mi\n volumeMounts:\n - name: conf\n mountPath: /etc/mysql\n - name: data\n mountPath: /var/lib/mysql\n livenessProbe:\n exec:\n command:\n - mysqladmin\n - '--defaults-file=/etc/mysql/client.conf'\n - ping\n initialDelaySeconds: 60\n timeoutSeconds: 5\n periodSeconds: 5\n successThreshold: 1\n failureThreshold: 3\n readinessProbe:\n exec:\n command:\n - /bin/sh\n - '-c'\n - >-\n test $(mysql --defaults-file=/etc/mysql/client.conf -NB -e\n 'SELECT COUNT(*) FROM sys_operator.status WHERE\n name=\"configured\" AND value=\"1\"') -eq 1\n initialDelaySeconds: 5\n timeoutSeconds: 5\n periodSeconds: 2\n successThreshold: 1\n failureThreshold: 3\n lifecycle:\n preStop:\n exec:\n command:\n - bash\n - /etc/mysql/pre-shutdown-ha.sh\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: IfNotPresent\n - name: sidecar\n image: docker.m.daocloud.io/bitpoke/mysql-operator-sidecar-5.7:v0.6.1\n args:\n - config-and-serve\n ports:\n - name: sidecar-http\n containerPort: 8080\n protocol: TCP\n envFrom:\n - secretRef:\n name: test-mysql-123-mysql-operated\n env:\n - name: MY_NAMESPACE\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n - name: MY_POD_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.name\n - name: MY_POD_IP\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: status.podIP\n - name: MY_SERVICE_NAME\n value: mysql\n - name: MY_CLUSTER_NAME\n value: test-mysql-123\n - name: MY_FQDN\n value: $(MY_POD_NAME).$(MY_SERVICE_NAME).$(MY_NAMESPACE)\n - name: MY_MYSQL_VERSION\n value: 5.7.31\n - name: XTRABACKUP_TARGET_DIR\n value: /tmp/xtrabackup_backupfiles/\n resources:\n limits:\n cpu: '1'\n memory: 1Gi\n requests:\n cpu: 10m\n memory: 64Mi\n volumeMounts:\n - name: conf\n mountPath: /etc/mysql\n - name: data\n mountPath: /var/lib/mysql\n readinessProbe:\n httpGet:\n path: /health\n port: 8080\n scheme: HTTP\n initialDelaySeconds: 30\n timeoutSeconds: 5\n periodSeconds: 5\n successThreshold: 1\n failureThreshold: 3\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: IfNotPresent\n - name: metrics-exporter\n image: prom/mysqld-exporter:v0.13.0\n args:\n - '--web.listen-address=0.0.0.0:9125'\n - '--web.telemetry-path=/metrics'\n - '--collect.heartbeat'\n - '--collect.heartbeat.database=sys_operator'\n ports:\n - name: prometheus\n containerPort: 9125\n protocol: TCP\n env:\n - name: MY_NAMESPACE\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n - name: MY_POD_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.name\n - name: MY_POD_IP\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: status.podIP\n - name: MY_SERVICE_NAME\n value: mysql\n - name: MY_CLUSTER_NAME\n value: test-mysql-123\n - name: MY_FQDN\n value: $(MY_POD_NAME).$(MY_SERVICE_NAME).$(MY_NAMESPACE)\n - name: MY_MYSQL_VERSION\n value: 5.7.31\n - name: USER\n valueFrom:\n secretKeyRef:\n name: test-mysql-123-mysql-operated\n key: METRICS_EXPORTER_USER\n optional: false\n - name: PASSWORD\n valueFrom:\n secretKeyRef:\n name: test-mysql-123-mysql-operated\n key: METRICS_EXPORTER_PASSWORD\n optional: false\n - name: DATA_SOURCE_NAME\n value: $(USER):$(PASSWORD)@(127.0.0.1:3306)/\n resources:\n limits:\n cpu: 100m\n memory: 128Mi\n requests:\n cpu: 10m\n memory: 32Mi\n livenessProbe:\n httpGet:\n path: /metrics\n port: 9125\n scheme: HTTP\n initialDelaySeconds: 30\n timeoutSeconds: 30\n periodSeconds: 30\n successThreshold: 1\n failureThreshold: 3\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: IfNotPresent\n - name: pt-heartbeat\n image: docker.m.daocloud.io/bitpoke/mysql-operator-sidecar-5.7:v0.6.1\n args:\n - pt-heartbeat\n - '--update'\n - '--replace'\n - '--check-read-only'\n - '--create-table'\n - '--database'\n - sys_operator\n - '--table'\n - heartbeat\n - '--utc'\n - '--defaults-file'\n - /etc/mysql/heartbeat.conf\n - '--fail-successive-errors=20'\n env:\n - name: MY_NAMESPACE\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n - name: MY_POD_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.name\n - name: MY_POD_IP\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: status.podIP\n - name: MY_SERVICE_NAME\n value: mysql\n - name: MY_CLUSTER_NAME\n value: test-mysql-123\n - name: MY_FQDN\n value: $(MY_POD_NAME).$(MY_SERVICE_NAME).$(MY_NAMESPACE)\n - name: MY_MYSQL_VERSION\n value: 5.7.31\n resources:\n limits:\n cpu: 100m\n memory: 64Mi\n requests:\n cpu: 10m\n memory: 32Mi\n volumeMounts:\n - name: conf\n mountPath: /etc/mysql\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: IfNotPresent\n restartPolicy: Always\n terminationGracePeriodSeconds: 30\n dnsPolicy: ClusterFirst\n securityContext:\n runAsUser: 999\n fsGroup: 999\n affinity:\n podAntiAffinity:\n preferredDuringSchedulingIgnoredDuringExecution:\n - weight: 100\n podAffinityTerm:\n labelSelector:\n matchLabels:\n app.kubernetes.io/component: database\n app.kubernetes.io/instance: test-mysql-123\n app.kubernetes.io/managed-by: mysql.presslabs.org\n app.kubernetes.io/name: mysql\n app.kubernetes.io/version: 5.7.31\n mysql.presslabs.org/cluster: test-mysql-123\n topologyKey: kubernetes.io/hostname\n schedulerName: default-scheduler\n volumeClaimTemplates:\n - kind: PersistentVolumeClaim\n apiVersion: v1\n metadata:\n name: data\n creationTimestamp: null\n ownerReferences:\n - apiVersion: mysql.presslabs.org/v1alpha1\n kind: MysqlCluster\n name: test-mysql-123\n uid: 5e877cc3-5167-49da-904e-820940cf1a6d\n controller: true\n spec:\n accessModes:\n - ReadWriteOnce\n resources:\n limits:\n storage: 1Gi\n requests:\n storage: 1Gi\n storageClassName: local-path\n volumeMode: Filesystem\n status:\n phase: Pending\n serviceName: mysql\n podManagementPolicy: OrderedReady\n updateStrategy:\n type: RollingUpdate\n rollingUpdate:\n partition: 0\n revisionHistoryLimit: 10\nstatus:\n observedGeneration: 1\n replicas: 1\n readyReplicas: 1\n currentReplicas: 1\n updatedReplicas: 1\n currentRevision: test-mysql-123-mysql-6b8f5577c7\n updateRevision: test-mysql-123-mysql-6b8f5577c7\n collisionCount: 0\n availableReplicas: 1\n
"},{"location":"admin/kpanda/workloads/pod-config/env-variables.html","title":"\u914d\u7f6e\u73af\u5883\u53d8\u91cf","text":"\u73af\u5883\u53d8\u91cf\u662f\u6307\u5bb9\u5668\u8fd0\u884c\u73af\u5883\u4e2d\u8bbe\u5b9a\u7684\u4e00\u4e2a\u53d8\u91cf\uff0c\u7528\u4e8e\u7ed9 Pod \u6dfb\u52a0\u73af\u5883\u6807\u5fd7\u6216\u4f20\u9012\u914d\u7f6e\u7b49\uff0c\u652f\u6301\u901a\u8fc7\u952e\u503c\u5bf9\u7684\u5f62\u5f0f\u4e3a Pod \u914d\u7f6e\u73af\u5883\u53d8\u91cf\u3002
\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u5bb9\u5668\u7ba1\u7406\u5728\u539f\u751f Kubernetes \u7684\u57fa\u7840\u4e0a\u589e\u52a0\u4e86\u56fe\u5f62\u5316\u754c\u9762\u4e3a Pod \u914d\u7f6e\u73af\u5883\u53d8\u91cf\uff0c\u652f\u6301\u4ee5\u4e0b\u51e0\u79cd\u914d\u7f6e\u65b9\u5f0f\uff1a
\u5bb9\u5668\u5065\u5eb7\u68c0\u67e5\u6839\u636e\u7528\u6237\u9700\u6c42\uff0c\u68c0\u67e5\u5bb9\u5668\u7684\u5065\u5eb7\u72b6\u51b5\u3002\u914d\u7f6e\u540e\uff0c\u5bb9\u5668\u5185\u7684\u5e94\u7528\u7a0b\u5e8f\u5165\u5982\u679c\u5f02\u5e38\uff0c\u5bb9\u5668\u4f1a\u81ea\u52a8\u8fdb\u884c\u91cd\u542f\u6062\u590d\u3002Kubernetes \u63d0\u4f9b\u4e86\u5b58\u6d3b\uff08Liveness\uff09\u68c0\u67e5\u3001\u5c31\u7eea\uff08Readiness\uff09\u68c0\u67e5\u548c\u542f\u52a8\uff08Startup\uff09\u68c0\u67e5\u3002
\u5b58\u6d3b\u68c0\u67e5\uff08LivenessProbe\uff09 \u53ef\u63a2\u6d4b\u5230\u5e94\u7528\u6b7b\u9501\uff08\u5e94\u7528\u7a0b\u5e8f\u5728\u8fd0\u884c\uff0c\u4f46\u662f\u65e0\u6cd5\u7ee7\u7eed\u6267\u884c\u540e\u9762\u7684\u6b65\u9aa4\uff09\u60c5\u51b5\u3002 \u91cd\u542f\u8fd9\u79cd\u72b6\u6001\u4e0b\u7684\u5bb9\u5668\u6709\u52a9\u4e8e\u63d0\u9ad8\u5e94\u7528\u7684\u53ef\u7528\u6027\uff0c\u5373\u4f7f\u5176\u4e2d\u5b58\u5728\u7f3a\u9677\u3002
\u5c31\u7eea\u68c0\u67e5\uff08ReadinessProbe\uff09 \u53ef\u63a2\u77e5\u5bb9\u5668\u4f55\u65f6\u51c6\u5907\u597d\u63a5\u53d7\u8bf7\u6c42\u6d41\u91cf\uff0c\u5f53\u4e00\u4e2a Pod \u5185\u7684\u6240\u6709\u5bb9\u5668\u90fd\u5c31\u7eea\u65f6\uff0c\u624d\u80fd\u8ba4\u4e3a\u8be5 Pod \u5c31\u7eea\u3002 \u8fd9\u79cd\u4fe1\u53f7\u7684\u4e00\u4e2a\u7528\u9014\u5c31\u662f\u63a7\u5236\u54ea\u4e2a Pod \u4f5c\u4e3a Service \u7684\u540e\u7aef\u3002 \u82e5 Pod \u5c1a\u672a\u5c31\u7eea\uff0c\u4f1a\u88ab\u4ece Service \u7684\u8d1f\u8f7d\u5747\u8861\u5668\u4e2d\u5254\u9664\u3002
\u542f\u52a8\u68c0\u67e5\uff08StartupProbe\uff09 \u53ef\u4ee5\u4e86\u89e3\u5e94\u7528\u5bb9\u5668\u4f55\u65f6\u542f\u52a8\uff0c\u914d\u7f6e\u540e\uff0c\u53ef\u63a7\u5236\u5bb9\u5668\u5728\u542f\u52a8\u6210\u529f\u540e\u518d\u8fdb\u884c\u5b58\u6d3b\u6027\u548c\u5c31\u7eea\u6001\u68c0\u67e5\uff0c \u786e\u4fdd\u8fd9\u4e9b\u5b58\u6d3b\u3001\u5c31\u7eea\u63a2\u6d4b\u5668\u4e0d\u4f1a\u5f71\u54cd\u5e94\u7528\u7684\u542f\u52a8\u3002 \u542f\u52a8\u63a2\u6d4b\u53ef\u4ee5\u7528\u4e8e\u5bf9\u6162\u542f\u52a8\u5bb9\u5668\u8fdb\u884c\u5b58\u6d3b\u6027\u68c0\u6d4b\uff0c\u907f\u514d\u5b83\u4eec\u5728\u542f\u52a8\u8fd0\u884c\u4e4b\u524d\u5c31\u88ab\u6740\u6389\u3002
\u5b58\u6d3b\u68c0\u67e5\uff08LivenessProbe\uff09\u7684\u914d\u7f6e\u548c\u5c31\u7eea\u68c0\u67e5\uff08ReadinessProbe\uff09\u7684\u914d\u7f6e\u53c2\u6570\u76f8\u4f3c\uff0c \u552f\u4e00\u533a\u522b\u662f\u8981\u4f7f\u7528 readinessProbe \u5b57\u6bb5\uff0c\u800c\u4e0d\u662f livenessProbe \u5b57\u6bb5\u3002
HTTP GET \u53c2\u6570\u8bf4\u660e\uff1a
\u53c2\u6570 \u53c2\u6570\u8bf4\u660e \u8def\u5f84\uff08 Path\uff09 \u8bbf\u95ee\u7684\u8bf7\u6c42\u8def\u5f84\u3002\u5982\uff1a \u793a\u4f8b\u4e2d\u7684 /healthz \u8def\u5f84 \u7aef\u53e3(Port) \u670d\u52a1\u76d1\u542c\u7aef\u53e3\u3002 \u5982\uff1a \u793a\u4f8b\u4e2d\u7684 8080 \u7aef\u53e3 \u534f\u8bae \u8bbf\u95ee\u534f\u8bae\uff0cHttp \u6216\u8005Https \u5ef6\u8fdf\u65f6\u95f4\uff08initialDelaySeconds\uff09 \u5ef6\u8fdf\u68c0\u67e5\u65f6\u95f4\uff0c\u5355\u4f4d\u4e3a\u79d2\uff0c\u6b64\u8bbe\u7f6e\u4e0e\u4e1a\u52a1\u7a0b\u5e8f\u6b63\u5e38\u542f\u52a8\u65f6\u95f4\u76f8\u5173\u3002\u4f8b\u5982\uff0c\u8bbe\u7f6e\u4e3a30\uff0c\u8868\u660e\u5bb9\u5668\u542f\u52a8\u540e30\u79d2\u624d\u5f00\u59cb\u5065\u5eb7\u68c0\u67e5\uff0c\u8be5\u65f6\u95f4\u662f\u9884\u7559\u7ed9\u4e1a\u52a1\u7a0b\u5e8f\u542f\u52a8\u7684\u65f6\u95f4\u3002 \u8d85\u65f6\u65f6\u95f4\uff08timeoutSeconds\uff09 \u8d85\u65f6\u65f6\u95f4\uff0c\u5355\u4f4d\u4e3a\u79d2\u3002\u4f8b\u5982\uff0c\u8bbe\u7f6e\u4e3a10\uff0c\u8868\u660e\u6267\u884c\u5065\u5eb7\u68c0\u67e5\u7684\u8d85\u65f6\u7b49\u5f85\u65f6\u95f4\u4e3a10\u79d2\uff0c\u5982\u679c\u8d85\u8fc7\u8fd9\u4e2a\u65f6\u95f4\uff0c\u672c\u6b21\u5065\u5eb7\u68c0\u67e5\u5c31\u88ab\u89c6\u4e3a\u5931\u8d25\u3002\u82e5\u8bbe\u7f6e\u4e3a0\u6216\u4e0d\u8bbe\u7f6e\uff0c\u9ed8\u8ba4\u8d85\u65f6\u7b49\u5f85\u65f6\u95f4\u4e3a1\u79d2\u3002 \u8d85\u65f6\u65f6\u95f4\uff08timeoutSeconds\uff09 \u8d85\u65f6\u65f6\u95f4\uff0c\u5355\u4f4d\u4e3a\u79d2\u3002\u4f8b\u5982\uff0c\u8bbe\u7f6e\u4e3a10\uff0c\u8868\u660e\u6267\u884c\u5065\u5eb7\u68c0\u67e5\u7684\u8d85\u65f6\u7b49\u5f85\u65f6\u95f4\u4e3a10\u79d2\uff0c\u5982\u679c\u8d85\u8fc7\u8fd9\u4e2a\u65f6\u95f4\uff0c\u672c\u6b21\u5065\u5eb7\u68c0\u67e5\u5c31\u88ab\u89c6\u4e3a\u5931\u8d25\u3002\u82e5\u8bbe\u7f6e\u4e3a0\u6216\u4e0d\u8bbe\u7f6e\uff0c\u9ed8\u8ba4\u8d85\u65f6\u7b49\u5f85\u65f6\u95f4\u4e3a1\u79d2\u3002 \u6210\u529f\u9608\u503c\uff08successThreshold\uff09 \u63a2\u6d4b\u5931\u8d25\u540e\uff0c\u88ab\u89c6\u4e3a\u6210\u529f\u7684\u6700\u5c0f\u8fde\u7eed\u6210\u529f\u6570\u3002\u9ed8\u8ba4\u503c\u662f 1\uff0c\u6700\u5c0f\u503c\u662f 1\u3002\u5b58\u6d3b\u548c\u542f\u52a8\u63a2\u6d4b\u7684\u8fd9\u4e2a\u503c\u5fc5\u987b\u662f 1\u3002 \u6700\u5927\u5931\u8d25\u6b21\u6570\uff08failureThreshold\uff09 \u5f53\u63a2\u6d4b\u5931\u8d25\u65f6\u91cd\u8bd5\u7684\u6b21\u6570\u3002\u5b58\u6d3b\u63a2\u6d4b\u60c5\u51b5\u4e0b\u7684\u653e\u5f03\u5c31\u610f\u5473\u7740\u91cd\u65b0\u542f\u52a8\u5bb9\u5668\u3002\u5c31\u7eea\u63a2\u6d4b\u60c5\u51b5\u4e0b\u7684\u653e\u5f03 Pod \u4f1a\u88ab\u6253\u4e0a\u672a\u5c31\u7eea\u7684\u6807\u7b7e\u3002\u9ed8\u8ba4\u503c\u662f 3\u3002\u6700\u5c0f\u503c\u662f 1\u3002"},{"location":"admin/kpanda/workloads/pod-config/health-check.html#http-get","title":"\u4f7f\u7528 HTTP GET \u8bf7\u6c42\u68c0\u67e5","text":"YAML \u793a\u4f8b\uff1a
apiVersion: v1\nkind: Pod\nmetadata:\n labels:\n test: liveness\n name: liveness-http\nspec:\n containers:\n - name: liveness\n image: k8s.gcr.io/liveness\n args:\n - /server\n livenessProbe:\n httpGet:\n path: /healthz # \u8bbf\u95ee\u7684\u8bf7\u6c42\u8def\u5f84\n port: 8080 # \u670d\u52a1\u76d1\u542c\u7aef\u53e3\n httpHeaders:\n - name: Custom-Header\n value: Awesome\n initialDelaySeconds: 3 # kubelet \u5728\u6267\u884c\u7b2c\u4e00\u6b21\u63a2\u6d4b\u524d\u5e94\u8be5\u7b49\u5f85 3 \u79d2\n periodSeconds: 3 # kubelet \u6bcf\u9694 3 \u79d2\u6267\u884c\u4e00\u6b21\u5b58\u6d3b\u63a2\u6d4b\n
\u6309\u7167\u8bbe\u5b9a\u7684\u89c4\u5219\uff0ckubelet \u5411\u5bb9\u5668\u5185\u8fd0\u884c\u7684\u670d\u52a1\uff08\u670d\u52a1\u5728\u76d1\u542c 8080 \u7aef\u53e3\uff09\u53d1\u9001\u4e00\u4e2a HTTP GET \u8bf7\u6c42\u6765\u6267\u884c\u63a2\u6d4b\u3002\u5982\u679c\u670d\u52a1\u5668\u4e0a /healthz \u8def\u5f84\u4e0b\u7684\u5904\u7406\u7a0b\u5e8f\u8fd4\u56de\u6210\u529f\u4ee3\u7801\uff0c\u5219 kubelet \u8ba4\u4e3a\u5bb9\u5668\u662f\u5065\u5eb7\u5b58\u6d3b\u7684\u3002 \u5982\u679c\u5904\u7406\u7a0b\u5e8f\u8fd4\u56de\u5931\u8d25\u4ee3\u7801\uff0c\u5219 kubelet \u4f1a\u6740\u6b7b\u8fd9\u4e2a\u5bb9\u5668\u5e76\u5c06\u5176\u91cd\u542f\u3002\u8fd4\u56de\u5927\u4e8e\u6216\u7b49\u4e8e 200 \u5e76\u4e14\u5c0f\u4e8e 400 \u7684\u4efb\u4f55\u4ee3\u7801\u90fd\u6807\u793a\u6210\u529f\uff0c\u5176\u5b83\u8fd4\u56de\u4ee3\u7801\u90fd\u6807\u793a\u5931\u8d25\u3002 \u5bb9\u5668\u5b58\u6d3b\u671f\u95f4\u7684\u6700\u5f00\u59cb 10 \u79d2\u4e2d\uff0c /healthz \u5904\u7406\u7a0b\u5e8f\u8fd4\u56de 200 \u7684\u72b6\u6001\u7801\u3002 \u4e4b\u540e\u5904\u7406\u7a0b\u5e8f\u8fd4\u56de 500 \u7684\u72b6\u6001\u7801\u3002
"},{"location":"admin/kpanda/workloads/pod-config/health-check.html#tcp","title":"\u4f7f\u7528 TCP \u7aef\u53e3\u68c0\u67e5","text":"TCP \u7aef\u53e3\u53c2\u6570\u8bf4\u660e\uff1a
\u53c2\u6570 \u53c2\u6570\u8bf4\u660e \u7aef\u53e3(Port) \u670d\u52a1\u76d1\u542c\u7aef\u53e3\u3002 \u5982\uff1a \u793a\u4f8b\u4e2d\u7684 8080 \u7aef\u53e3 \u5ef6\u8fdf\u65f6\u95f4\uff08initialDelaySeconds\uff09 \u5ef6\u8fdf\u68c0\u67e5\u65f6\u95f4\uff0c\u5355\u4f4d\u4e3a\u79d2\uff0c\u6b64\u8bbe\u7f6e\u4e0e\u4e1a\u52a1\u7a0b\u5e8f\u6b63\u5e38\u542f\u52a8\u65f6\u95f4\u76f8\u5173\u3002\u4f8b\u5982\uff0c\u8bbe\u7f6e\u4e3a30\uff0c\u8868\u660e\u5bb9\u5668\u542f\u52a8\u540e30\u79d2\u624d\u5f00\u59cb\u5065\u5eb7\u68c0\u67e5\uff0c\u8be5\u65f6\u95f4\u662f\u9884\u7559\u7ed9\u4e1a\u52a1\u7a0b\u5e8f\u542f\u52a8\u7684\u65f6\u95f4\u3002 \u8d85\u65f6\u65f6\u95f4\uff08timeoutSeconds\uff09 \u8d85\u65f6\u65f6\u95f4\uff0c\u5355\u4f4d\u4e3a\u79d2\u3002\u4f8b\u5982\uff0c\u8bbe\u7f6e\u4e3a10\uff0c\u8868\u660e\u6267\u884c\u5065\u5eb7\u68c0\u67e5\u7684\u8d85\u65f6\u7b49\u5f85\u65f6\u95f4\u4e3a10\u79d2\uff0c\u5982\u679c\u8d85\u8fc7\u8fd9\u4e2a\u65f6\u95f4\uff0c\u672c\u6b21\u5065\u5eb7\u68c0\u67e5\u5c31\u88ab\u89c6\u4e3a\u5931\u8d25\u3002\u82e5\u8bbe\u7f6e\u4e3a0\u6216\u4e0d\u8bbe\u7f6e\uff0c\u9ed8\u8ba4\u8d85\u65f6\u7b49\u5f85\u65f6\u95f4\u4e3a1\u79d2\u3002\u5bf9\u4e8e\u63d0\u4f9bTCP\u901a\u4fe1\u670d\u52a1\u7684\u5bb9\u5668\uff0c\u57fa\u4e8e\u6b64\u914d\u7f6e\uff0c\u6309\u7167\u8bbe\u5b9a\u89c4\u5219\u96c6\u7fa4\u5bf9\u8be5\u5bb9\u5668\u5efa\u7acbTCP\u8fde\u63a5\uff0c\u5982\u679c\u8fde\u63a5\u6210\u529f\uff0c\u5219\u8bc1\u660e\u63a2\u6d4b\u6210\u529f\uff0c\u5426\u5219\u63a2\u6d4b\u5931\u8d25\u3002\u9009\u62e9TCP\u7aef\u53e3\u63a2\u6d4b\u65b9\u5f0f\uff0c\u5fc5\u987b\u6307\u5b9a\u5bb9\u5668\u76d1\u542c\u7684\u7aef\u53e3\u3002
YAML \u793a\u4f8b\uff1a
apiVersion: v1\nkind: Pod\nmetadata:\n name: goproxy\n labels:\n app: goproxy\nspec:\n containers:\n - name: goproxy\n image: k8s.gcr.io/goproxy:0.1\n ports:\n - containerPort: 8080\n readinessProbe:\n tcpSocket:\n port: 8080\n initialDelaySeconds: 5\n periodSeconds: 10\n livenessProbe:\n tcpSocket:\n port: 8080\n initialDelaySeconds: 15\n periodSeconds: 20\n
\u6b64\u793a\u4f8b\u540c\u65f6\u4f7f\u7528\u5c31\u7eea\u548c\u5b58\u6d3b\u63a2\u9488\u3002kubelet \u5728\u5bb9\u5668\u542f\u52a8 5 \u79d2\u540e\u53d1\u9001\u7b2c\u4e00\u4e2a\u5c31\u7eea\u63a2\u6d4b\u3002 \u5c1d\u8bd5\u8fde\u63a5 goproxy \u5bb9\u5668\u7684 8080 \u7aef\u53e3\uff0c \u5982\u679c\u63a2\u6d4b\u6210\u529f\uff0c\u8fd9\u4e2a Pod \u4f1a\u88ab\u6807\u8bb0\u4e3a\u5c31\u7eea\u72b6\u6001\uff0ckubelet \u5c06\u7ee7\u7eed\u6bcf\u9694 10 \u79d2\u8fd0\u884c\u4e00\u6b21\u68c0\u6d4b\u3002
\u9664\u4e86\u5c31\u7eea\u63a2\u6d4b\uff0c\u8fd9\u4e2a\u914d\u7f6e\u5305\u62ec\u4e86\u4e00\u4e2a\u5b58\u6d3b\u63a2\u6d4b\u3002 kubelet \u4f1a\u5728\u5bb9\u5668\u542f\u52a8 15 \u79d2\u540e\u8fdb\u884c\u7b2c\u4e00\u6b21\u5b58\u6d3b\u63a2\u6d4b\u3002 \u5c31\u7eea\u63a2\u6d4b\u4f1a\u5c1d\u8bd5\u8fde\u63a5 goproxy \u5bb9\u5668\u7684 8080 \u7aef\u53e3\u3002 \u5982\u679c\u5b58\u6d3b\u63a2\u6d4b\u5931\u8d25\uff0c\u5bb9\u5668\u4f1a\u88ab\u91cd\u65b0\u542f\u52a8\u3002
"},{"location":"admin/kpanda/workloads/pod-config/health-check.html#_3","title":"\u6267\u884c\u547d\u4ee4\u68c0\u67e5","text":"YAML \u793a\u4f8b:
apiVersion: v1\nkind: Pod\nmetadata:\n labels:\n test: liveness\n name: liveness-exec\nspec:\n containers:\n - name: liveness\n image: k8s.gcr.io/busybox\n args:\n - /bin/sh\n - -c\n - touch /tmp/healthy; sleep 30; rm -f /tmp/healthy; sleep 600\n livenessProbe:\n exec:\n command:\n - cat\n - /tmp/healthy\n initialDelaySeconds: 5 # kubelet \u5728\u6267\u884c\u7b2c\u4e00\u6b21\u63a2\u6d4b\u524d\u7b49\u5f85 5 \u79d2\n periodSeconds: 5 #kubelet \u6bcf 5 \u79d2\u6267\u884c\u4e00\u6b21\u5b58\u6d3b\u63a2\u6d4b\n
periodSeconds \u5b57\u6bb5\u6307\u5b9a\u4e86 kubelet \u6bcf 5 \u79d2\u6267\u884c\u4e00\u6b21\u5b58\u6d3b\u63a2\u6d4b\uff0c initialDelaySeconds \u5b57\u6bb5\u6307\u5b9a kubelet \u5728\u6267\u884c\u7b2c\u4e00\u6b21\u63a2\u6d4b\u524d\u7b49\u5f85 5 \u79d2\u3002\u6309\u7167\u8bbe\u5b9a\u89c4\u5219\uff0c\u96c6\u7fa4\u5468\u671f\u6027\u7684\u901a\u8fc7 kubelet \u5728\u5bb9\u5668\u5185\u6267\u884c\u547d\u4ee4 cat /tmp/healthy \u6765\u8fdb\u884c\u63a2\u6d4b\u3002 \u5982\u679c\u547d\u4ee4\u6267\u884c\u6210\u529f\u5e76\u4e14\u8fd4\u56de\u503c\u4e3a 0\uff0ckubelet \u5c31\u4f1a\u8ba4\u4e3a\u8fd9\u4e2a\u5bb9\u5668\u662f\u5065\u5eb7\u5b58\u6d3b\u7684\u3002 \u5982\u679c\u8fd9\u4e2a\u547d\u4ee4\u8fd4\u56de\u975e 0 \u503c\uff0ckubelet \u4f1a\u6740\u6b7b\u8fd9\u4e2a\u5bb9\u5668\u5e76\u91cd\u65b0\u542f\u52a8\u5b83\u3002
"},{"location":"admin/kpanda/workloads/pod-config/health-check.html#_4","title":"\u4f7f\u7528\u542f\u52a8\u524d\u68c0\u67e5\u4fdd\u62a4\u6162\u542f\u52a8\u5bb9\u5668","text":"\u6709\u4e9b\u5e94\u7528\u5728\u542f\u52a8\u65f6\u9700\u8981\u8f83\u957f\u7684\u521d\u59cb\u5316\u65f6\u95f4\uff0c\u9700\u8981\u4f7f\u7528\u76f8\u540c\u7684\u547d\u4ee4\u6765\u8bbe\u7f6e\u542f\u52a8\u63a2\u6d4b\uff0c\u9488\u5bf9 HTTP \u6216 TCP \u68c0\u6d4b\uff0c\u53ef\u4ee5\u901a\u8fc7\u5c06 failureThreshold * periodSeconds \u53c2\u6570\u8bbe\u7f6e\u4e3a\u8db3\u591f\u957f\u7684\u65f6\u95f4\u6765\u5e94\u5bf9\u542f\u52a8\u9700\u8981\u8f83\u957f\u65f6\u95f4\u7684\u573a\u666f\u3002
YAML \u793a\u4f8b\uff1a
ports:\n- name: liveness-port\n containerPort: 8080\n hostPort: 8080\n\nlivenessProbe:\n httpGet:\n path: /healthz\n port: liveness-port\n failureThreshold: 1\n periodSeconds: 10\n\nstartupProbe:\n httpGet:\n path: /healthz\n port: liveness-port\n failureThreshold: 30\n periodSeconds: 10\n
\u5982\u4e0a\u8bbe\u7f6e\uff0c\u5e94\u7528\u5c06\u6709\u6700\u591a 5 \u5206\u949f\uff0830 * 10 = 300s\uff09\u7684\u65f6\u95f4\u6765\u5b8c\u6210\u542f\u52a8\u8fc7\u7a0b\uff0c \u4e00\u65e6\u542f\u52a8\u63a2\u6d4b\u6210\u529f\uff0c\u5b58\u6d3b\u63a2\u6d4b\u4efb\u52a1\u5c31\u4f1a\u63a5\u7ba1\u5bf9\u5bb9\u5668\u7684\u63a2\u6d4b\uff0c\u5bf9\u5bb9\u5668\u6b7b\u9501\u4f5c\u51fa\u5feb\u901f\u54cd\u5e94\u3002 \u5982\u679c\u542f\u52a8\u63a2\u6d4b\u4e00\u76f4\u6ca1\u6709\u6210\u529f\uff0c\u5bb9\u5668\u4f1a\u5728 300 \u79d2\u540e\u88ab\u6740\u6b7b\uff0c\u5e76\u4e14\u6839\u636e restartPolicy \u6765 \u6267\u884c\u8fdb\u4e00\u6b65\u5904\u7f6e\u3002
"},{"location":"admin/kpanda/workloads/pod-config/job-parameters.html","title":"\u4efb\u52a1\u53c2\u6570\u8bf4\u660e","text":"\u6839\u636e .spec.completions \u548c .spec.Parallelism \u7684\u8bbe\u7f6e\uff0c\u53ef\u4ee5\u5c06\u4efb\u52a1\uff08Job\uff09\u5212\u5206\u4e3a\u4ee5\u4e0b\u51e0\u79cd\u7c7b\u578b:
Job \u7c7b\u578b \u8bf4\u660e \u975e\u5e76\u884c Job \u521b\u5efa\u4e00\u4e2a Pod \u76f4\u81f3\u5176 Job \u6210\u529f\u7ed3\u675f \u5177\u6709\u786e\u5b9a\u5b8c\u6210\u8ba1\u6570\u7684\u5e76\u884c Job \u5f53\u6210\u529f\u7684 Pod \u4e2a\u6570\u8fbe\u5230 .spec.completions \u65f6\uff0cJob \u88ab\u89c6\u4e3a\u5b8c\u6210 \u5e76\u884c Job \u521b\u5efa\u4e00\u4e2a\u6216\u591a\u4e2a Pod \u76f4\u81f3\u6709\u4e00\u4e2a\u6210\u529f\u7ed3\u675f\u53c2\u6570\u8bf4\u660e
RestartPolicy \u521b\u5efa\u4e00\u4e2a Pod \u76f4\u81f3\u5176\u6210\u529f\u7ed3\u675f .spec.completions \u8868\u793a Job \u7ed3\u675f\u9700\u8981\u6210\u529f\u8fd0\u884c\u7684 Pod \u4e2a\u6570\uff0c\u9ed8\u8ba4\u4e3a 1 .spec.parallelism \u8868\u793a\u5e76\u884c\u8fd0\u884c\u7684 Pod \u7684\u4e2a\u6570\uff0c\u9ed8\u8ba4\u4e3a 1 spec.backoffLimit \u8868\u793a\u5931\u8d25 Pod \u7684\u91cd\u8bd5\u6700\u5927\u6b21\u6570\uff0c\u8d85\u8fc7\u8fd9\u4e2a\u6b21\u6570\u4e0d\u4f1a\u7ee7\u7eed\u91cd\u8bd5\u3002 .spec.activeDeadlineSeconds \u8868\u793a Pod \u8fd0\u884c\u65f6\u95f4\uff0c\u4e00\u65e6\u8fbe\u5230\u8fd9\u4e2a\u65f6\u95f4\uff0cJob \u5373\u5176\u6240\u6709\u7684 Pod \u90fd\u4f1a\u505c\u6b62\u3002\u4e14activeDeadlineSeconds \u4f18\u5148\u7ea7\u9ad8\u4e8e backoffLimit\uff0c\u5373\u5230\u8fbe activeDeadlineSeconds \u7684 Job \u4f1a\u5ffd\u7565backoffLimit \u7684\u8bbe\u7f6e\u3002\u4ee5\u4e0b\u662f\u4e00\u4e2a Job \u914d\u7f6e\u793a\u4f8b\uff0c\u4fdd\u5b58\u5728 myjob.yaml \u4e2d\uff0c\u5176\u8ba1\u7b97 \u03c0 \u5230 2000 \u4f4d\u5e76\u6253\u5370\u8f93\u51fa\u3002
apiVersion: batch/v1\nkind: Job #\u5f53\u524d\u8d44\u6e90\u7684\u7c7b\u578b\nmetadata:\n name: myjob\nspec:\n completions: 50 # Job\u7ed3\u675f\u9700\u8981\u8fd0\u884c50\u4e2aPod\uff0c\u8fd9\u4e2a\u793a\u4f8b\u4e2d\u5c31\u662f\u6253\u5370\u03c0 50\u6b21\n parallelism: 5 # \u5e76\u884c5\u4e2aPod\n backoffLimit: 5 # \u6700\u591a\u91cd\u8bd55\u6b21\n template:\n spec:\n containers:\n - name: pi\n image: perl\n command: [\"perl\", \"-Mbignum=bpi\", \"-wle\", \"print bpi(2000)\"]\n restartPolicy: Never #\u91cd\u542f\u7b56\u7565\n
\u76f8\u5173\u547d\u4ee4
kubectl apply -f myjob.yaml #\u542f\u52a8 job\nkubectl get job #\u67e5\u770b\u8fd9\u4e2ajob\nkubectl logs myjob-1122dswzs \u67e5\u770bJob Pod \u7684\u65e5\u5fd7\n
"},{"location":"admin/kpanda/workloads/pod-config/lifecycle.html","title":"\u914d\u7f6e\u5bb9\u5668\u751f\u547d\u5468\u671f","text":"Pod \u9075\u5faa\u4e00\u4e2a\u9884\u5b9a\u4e49\u7684\u751f\u547d\u5468\u671f\uff0c\u8d77\u59cb\u4e8e Pending \u9636\u6bb5\uff0c\u5982\u679c Pod \u5185\u81f3\u5c11\u6709\u4e00\u4e2a\u5bb9\u5668\u6b63\u5e38\u542f\u52a8\uff0c\u5219\u8fdb\u5165 Running \u72b6\u6001\u3002\u5982\u679c Pod \u4e2d\u6709\u5bb9\u5668\u4ee5\u5931\u8d25\u72b6\u6001\u7ed3\u675f\uff0c\u5219\u72b6\u6001\u53d8\u4e3a Failed \u3002\u4ee5\u4e0b phase \u5b57\u6bb5\u503c\u8868\u660e\u4e86\u4e00\u4e2a Pod \u5904\u4e8e\u751f\u547d\u5468\u671f\u7684\u54ea\u4e2a\u9636\u6bb5\u3002
\u503c \u63cf\u8ff0 Pending \uff08\u60ac\u51b3\uff09 Pod \u5df2\u88ab\u7cfb\u7edf\u63a5\u53d7\uff0c\u4f46\u6709\u4e00\u4e2a\u6216\u8005\u591a\u4e2a\u5bb9\u5668\u5c1a\u672a\u521b\u5efa\u4ea6\u672a\u8fd0\u884c\u3002\u8fd9\u4e2a\u9636\u6bb5\u5305\u62ec\u7b49\u5f85 Pod \u88ab\u8c03\u5ea6\u7684\u65f6\u95f4\u548c\u901a\u8fc7\u7f51\u7edc\u4e0b\u8f7d\u955c\u50cf\u7684\u65f6\u95f4\u3002 Running \uff08\u8fd0\u884c\u4e2d\uff09 Pod \u5df2\u7ecf\u7ed1\u5b9a\u5230\u4e86\u67d0\u4e2a\u8282\u70b9\uff0cPod \u4e2d\u7684\u6240\u6709\u5bb9\u5668\u90fd\u5df2\u88ab\u521b\u5efa\u3002\u81f3\u5c11\u6709\u4e00\u4e2a\u5bb9\u5668\u4ecd\u5728\u8fd0\u884c\uff0c\u6216\u8005\u6b63\u5904\u4e8e\u542f\u52a8\u6216\u91cd\u542f\u72b6\u6001\u3002 Succeeded \uff08\u6210\u529f\uff09 Pod \u4e2d\u7684\u6240\u6709\u5bb9\u5668\u90fd\u5df2\u6210\u529f\u7ec8\u6b62\uff0c\u5e76\u4e14\u4e0d\u4f1a\u518d\u91cd\u542f\u3002 Failed \uff08\u5931\u8d25\uff09 Pod \u4e2d\u7684\u6240\u6709\u5bb9\u5668\u90fd\u5df2\u7ec8\u6b62\uff0c\u5e76\u4e14\u81f3\u5c11\u6709\u4e00\u4e2a\u5bb9\u5668\u662f\u56e0\u4e3a\u5931\u8d25\u800c\u7ec8\u6b62\u3002\u4e5f\u5c31\u662f\u8bf4\uff0c\u5bb9\u5668\u4ee5\u975e 0 \u72b6\u6001\u9000\u51fa\u6216\u8005\u88ab\u7cfb\u7edf\u7ec8\u6b62\u3002 Unknown \uff08\u672a\u77e5\uff09 \u56e0\u4e3a\u67d0\u4e9b\u539f\u56e0\u65e0\u6cd5\u53d6\u5f97 Pod \u7684\u72b6\u6001\uff0c\u8fd9\u79cd\u60c5\u51b5\u901a\u5e38\u662f\u56e0\u4e3a\u4e0e Pod \u6240\u5728\u4e3b\u673a\u901a\u4fe1\u5931\u8d25\u6240\u81f4\u3002\u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u5bb9\u5668\u7ba1\u7406\u4e2d\u521b\u5efa\u4e00\u4e2a\u5de5\u4f5c\u8d1f\u8f7d\u65f6\uff0c\u901a\u5e38\u4f7f\u7528\u955c\u50cf\u6765\u6307\u5b9a\u5bb9\u5668\u4e2d\u7684\u8fd0\u884c\u73af\u5883\u3002\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u5728\u6784\u5efa\u955c\u50cf\u65f6\uff0c\u53ef\u4ee5\u901a\u8fc7 Entrypoint \u548c CMD \u4e24\u4e2a\u5b57\u6bb5\u6765\u5b9a\u4e49\u5bb9\u5668\u8fd0\u884c\u65f6\u6267\u884c\u7684\u547d\u4ee4\u548c\u53c2\u6570\u3002\u5982\u679c\u9700\u8981\u66f4\u6539\u5bb9\u5668\u955c\u50cf\u542f\u52a8\u524d\u3001\u542f\u52a8\u540e\u3001\u505c\u6b62\u524d\u7684\u547d\u4ee4\u548c\u53c2\u6570\uff0c\u53ef\u4ee5\u901a\u8fc7\u8bbe\u7f6e\u5bb9\u5668\u7684\u751f\u547d\u5468\u671f\u4e8b\u4ef6\u547d\u4ee4\u548c\u53c2\u6570\uff0c\u6765\u8986\u76d6\u955c\u50cf\u4e2d\u9ed8\u8ba4\u7684\u547d\u4ee4\u548c\u53c2\u6570\u3002
"},{"location":"admin/kpanda/workloads/pod-config/lifecycle.html#_2","title":"\u751f\u547d\u5468\u671f\u914d\u7f6e","text":"\u6839\u636e\u4e1a\u52a1\u9700\u8981\u5bf9\u5bb9\u5668\u7684\u542f\u52a8\u547d\u4ee4\u3001\u542f\u52a8\u540e\u547d\u4ee4\u3001\u505c\u6b62\u524d\u547d\u4ee4\u8fdb\u884c\u914d\u7f6e\u3002
\u53c2\u6570 \u8bf4\u660e \u4e3e\u4f8b\u503c \u542f\u52a8\u547d\u4ee4 \u3010\u7c7b\u578b\u3011\u9009\u586b\u3010\u542b\u4e49\u3011\u5bb9\u5668\u5c06\u6309\u7167\u542f\u52a8\u547d\u4ee4\u8fdb\u884c\u542f\u52a8\u3002 \u542f\u52a8\u540e\u547d\u4ee4 \u3010\u7c7b\u578b\u3011\u9009\u586b\u3010\u542b\u4e49\u3011\u5bb9\u5668\u542f\u52a8\u540e\u51fa\u53d1\u7684\u547d\u4ee4 \u505c\u6b62\u524d\u547d\u4ee4 \u3010\u7c7b\u578b\u3011\u9009\u586b\u3010\u542b\u4e49\u3011\u5bb9\u5668\u5728\u6536\u5230\u505c\u6b62\u547d\u4ee4\u540e\u6267\u884c\u7684\u547d\u4ee4\u3002\u786e\u4fdd\u5347\u7ea7\u6216\u5b9e\u4f8b\u5220\u9664\u65f6\u53ef\u63d0\u524d\u5c06\u5b9e\u4f8b\u4e2d\u8fd0\u884c\u7684\u4e1a\u52a1\u6392\u6c34\u3002 --"},{"location":"admin/kpanda/workloads/pod-config/lifecycle.html#_3","title":"\u542f\u52a8\u547d\u4ee4","text":"\u6839\u636e\u4e0b\u8868\u5bf9\u542f\u52a8\u547d\u4ee4\u8fdb\u884c\u914d\u7f6e\u3002
\u53c2\u6570 \u8bf4\u660e \u4e3e\u4f8b\u503c \u8fd0\u884c\u547d\u4ee4 \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u8f93\u5165\u53ef\u6267\u884c\u7684\u547d\u4ee4\uff0c\u591a\u4e2a\u547d\u4ee4\u4e4b\u95f4\u7528\u7a7a\u683c\u8fdb\u884c\u5206\u5272\uff0c\u5982\u547d\u4ee4\u672c\u8eab\u5e26\u7a7a\u683c\uff0c\u5219\u9700\u8981\u52a0\uff08\u201c\u201d\uff09\u3002\u3010\u542b\u4e49\u3011\u591a\u547d\u4ee4\u65f6\uff0c\u8fd0\u884c\u547d\u4ee4\u5efa\u8bae\u7528/bin/sh\u6216\u5176\u4ed6\u7684shell\uff0c\u5176\u4ed6\u5168\u90e8\u547d\u4ee4\u4f5c\u4e3a\u53c2\u6570\u6765\u4f20\u5165\u3002 /run/server \u8fd0\u884c\u53c2\u6570 \u3010\u7c7b\u578b\u3011\u9009\u586b\u3010\u542b\u4e49\u3011\u8f93\u5165\u63a7\u5236\u5bb9\u5668\u8fd0\u884c\u547d\u4ee4\u53c2\u6570\u3002 port=8080"},{"location":"admin/kpanda/workloads/pod-config/lifecycle.html#_4","title":"\u542f\u52a8\u540e\u547d\u4ee4","text":"\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u63d0\u4f9b\u547d\u4ee4\u884c\u811a\u672c\u548c HTTP \u8bf7\u6c42\u4e24\u79cd\u5904\u7406\u7c7b\u578b\u5bf9\u542f\u52a8\u540e\u547d\u4ee4\u8fdb\u884c\u914d\u7f6e\u3002\u60a8\u53ef\u4ee5\u6839\u636e\u4e0b\u8868\u9009\u62e9\u9002\u5408\u60a8\u7684\u914d\u7f6e\u65b9\u5f0f\u3002
\u547d\u4ee4\u884c\u811a\u672c\u914d\u7f6e
\u53c2\u6570 \u8bf4\u660e \u4e3e\u4f8b\u503c \u8fd0\u884c\u547d\u4ee4 \u3010\u7c7b\u578b\u3011\u9009\u586b\u3010\u542b\u4e49\u3011\u8f93\u5165\u53ef\u6267\u884c\u7684\u547d\u4ee4\uff0c\u591a\u4e2a\u547d\u4ee4\u4e4b\u95f4\u7528\u7a7a\u683c\u8fdb\u884c\u5206\u5272\uff0c\u5982\u547d\u4ee4\u672c\u8eab\u5e26\u7a7a\u683c\uff0c\u5219\u9700\u8981\u52a0\uff08\u201c\u201d\uff09\u3002\u3010\u542b\u4e49\u3011\u591a\u547d\u4ee4\u65f6\uff0c\u8fd0\u884c\u547d\u4ee4\u5efa\u8bae\u7528/bin/sh\u6216\u5176\u4ed6\u7684shell\uff0c\u5176\u4ed6\u5168\u90e8\u547d\u4ee4\u4f5c\u4e3a\u53c2\u6570\u6765\u4f20\u5165\u3002 /run/server \u8fd0\u884c\u53c2\u6570 \u3010\u7c7b\u578b\u3011\u9009\u586b\u3010\u542b\u4e49\u3011\u8f93\u5165\u63a7\u5236\u5bb9\u5668\u8fd0\u884c\u547d\u4ee4\u53c2\u6570\u3002 port=8080"},{"location":"admin/kpanda/workloads/pod-config/lifecycle.html#_5","title":"\u505c\u6b62\u524d\u547d\u4ee4","text":"\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u63d0\u4f9b\u547d\u4ee4\u884c\u811a\u672c\u548c HTTP \u8bf7\u6c42\u4e24\u79cd\u5904\u7406\u7c7b\u578b\u5bf9\u505c\u6b62\u524d\u547d\u4ee4\u8fdb\u884c\u914d\u7f6e\u3002\u60a8\u53ef\u4ee5\u6839\u636e\u4e0b\u8868\u9009\u62e9\u9002\u5408\u60a8\u7684\u914d\u7f6e\u65b9\u5f0f\u3002
HTTP \u8bf7\u6c42\u914d\u7f6e
\u53c2\u6570 \u8bf4\u660e \u4e3e\u4f8b\u503c URL \u8def\u5f84 \u3010\u7c7b\u578b\u3011\u9009\u586b\u3010\u542b\u4e49\u3011\u8bf7\u6c42\u7684URL\u8def\u5f84\u3002\u3010\u542b\u4e49\u3011\u591a\u547d\u4ee4\u65f6\uff0c\u8fd0\u884c\u547d\u4ee4\u5efa\u8bae\u7528/bin/sh\u6216\u5176\u4ed6\u7684shell\uff0c\u5176\u4ed6\u5168\u90e8\u547d\u4ee4\u4f5c\u4e3a\u53c2\u6570\u6765\u4f20\u5165\u3002 /run/server \u7aef\u53e3 \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u8bf7\u6c42\u7684\u7aef\u53e3\u3002 port=8080 \u8282\u70b9\u5730\u5740 \u3010\u7c7b\u578b\u3011\u9009\u586b\u3010\u542b\u4e49\u3011\u8bf7\u6c42\u7684 IP \u5730\u5740\uff0c\u9ed8\u8ba4\u662f\u5bb9\u5668\u6240\u5728\u7684\u8282\u70b9 IP\u3002 --"},{"location":"admin/kpanda/workloads/pod-config/scheduling-policy.html","title":"\u8c03\u5ea6\u7b56\u7565","text":"\u5728 Kubernetes \u96c6\u7fa4\u4e2d\uff0c\u8282\u70b9\u4e5f\u6709\u6807\u7b7e\u3002\u60a8\u53ef\u4ee5\u624b\u52a8\u6dfb\u52a0\u6807\u7b7e\u3002 Kubernetes \u4e5f\u4f1a\u4e3a\u96c6\u7fa4\u4e2d\u6240\u6709\u8282\u70b9\u6dfb\u52a0\u4e00\u4e9b\u6807\u51c6\u7684\u6807\u7b7e\u3002\u53c2\u89c1\u5e38\u7528\u7684\u6807\u7b7e\u3001\u6ce8\u89e3\u548c\u6c61\u70b9\u4ee5\u4e86\u89e3\u5e38\u89c1\u7684\u8282\u70b9\u6807\u7b7e\u3002\u901a\u8fc7\u4e3a\u8282\u70b9\u6dfb\u52a0\u6807\u7b7e\uff0c\u60a8\u53ef\u4ee5\u8ba9 Pod \u8c03\u5ea6\u5230\u7279\u5b9a\u8282\u70b9\u6216\u8282\u70b9\u7ec4\u4e0a\u3002\u60a8\u53ef\u4ee5\u4f7f\u7528\u8fd9\u4e2a\u529f\u80fd\u6765\u786e\u4fdd\u7279\u5b9a\u7684 Pod \u53ea\u80fd\u8fd0\u884c\u5728\u5177\u6709\u4e00\u5b9a\u9694\u79bb\u6027\uff0c\u5b89\u5168\u6027\u6216\u76d1\u7ba1\u5c5e\u6027\u7684\u8282\u70b9\u4e0a\u3002
nodeSelector \u662f\u8282\u70b9\u9009\u62e9\u7ea6\u675f\u7684\u6700\u7b80\u5355\u63a8\u8350\u5f62\u5f0f\u3002\u60a8\u53ef\u4ee5\u5c06 nodeSelector \u5b57\u6bb5\u6dfb\u52a0\u5230 Pod \u7684\u89c4\u7ea6\u4e2d\u8bbe\u7f6e\u60a8\u5e0c\u671b\u76ee\u6807\u8282\u70b9\u6240\u5177\u6709\u7684\u8282\u70b9\u6807\u7b7e\u3002Kubernetes \u53ea\u4f1a\u5c06 Pod \u8c03\u5ea6\u5230\u62e5\u6709\u6307\u5b9a\u6bcf\u4e2a\u6807\u7b7e\u7684\u8282\u70b9\u4e0a\u3002 nodeSelector \u63d0\u4f9b\u4e86\u4e00\u79cd\u6700\u7b80\u5355\u7684\u65b9\u6cd5\u6765\u5c06 Pod \u7ea6\u675f\u5230\u5177\u6709\u7279\u5b9a\u6807\u7b7e\u7684\u8282\u70b9\u4e0a\u3002\u4eb2\u548c\u6027\u548c\u53cd\u4eb2\u548c\u6027\u6269\u5c55\u4e86\u60a8\u53ef\u4ee5\u5b9a\u4e49\u7684\u7ea6\u675f\u7c7b\u578b\u3002\u4f7f\u7528\u4eb2\u548c\u6027\u4e0e\u53cd\u4eb2\u548c\u6027\u7684\u4e00\u4e9b\u597d\u5904\u6709\uff1a
\u4eb2\u548c\u6027\u3001\u53cd\u4eb2\u548c\u6027\u8bed\u8a00\u7684\u8868\u8fbe\u80fd\u529b\u66f4\u5f3a\u3002 nodeSelector \u53ea\u80fd\u9009\u62e9\u62e5\u6709\u6240\u6709\u6307\u5b9a\u6807\u7b7e\u7684\u8282\u70b9\u3002\u4eb2\u548c\u6027\u3001\u53cd\u4eb2\u548c\u6027\u4e3a\u60a8\u63d0\u4f9b\u5bf9\u9009\u62e9\u903b\u8f91\u7684\u66f4\u5f3a\u63a7\u5236\u80fd\u529b\u3002
\u60a8\u53ef\u4ee5\u6807\u660e\u67d0\u89c4\u5219\u662f\u201c\u8f6f\u9700\u6c42\u201d\u6216\u8005\u201c\u504f\u597d\u201d\uff0c\u8fd9\u6837\u8c03\u5ea6\u5668\u5728\u65e0\u6cd5\u627e\u5230\u5339\u914d\u8282\u70b9\u65f6\uff0c\u4f1a\u5ffd\u7565\u4eb2\u548c\u6027/\u53cd\u4eb2\u548c\u6027\u89c4\u5219\uff0c\u786e\u4fdd Pod \u8c03\u5ea6\u6210\u529f\u3002
\u60a8\u53ef\u4ee5\u4f7f\u7528\u8282\u70b9\u4e0a\uff08\u6216\u5176\u4ed6\u62d3\u6251\u57df\u4e2d\uff09\u8fd0\u884c\u7684\u5176\u4ed6 Pod \u7684\u6807\u7b7e\u6765\u5b9e\u65bd\u8c03\u5ea6\u7ea6\u675f\uff0c\u800c\u4e0d\u662f\u53ea\u80fd\u4f7f\u7528\u8282\u70b9\u672c\u8eab\u7684\u6807\u7b7e\u3002\u8fd9\u4e2a\u80fd\u529b\u8ba9\u60a8\u80fd\u591f\u5b9a\u4e49\u89c4\u5219\u5141\u8bb8\u54ea\u4e9b Pod \u53ef\u4ee5\u88ab\u653e\u7f6e\u5728\u4e00\u8d77\u3002
\u60a8\u53ef\u4ee5\u901a\u8fc7\u8bbe\u7f6e\u4eb2\u548c\uff08affinity\uff09\u4e0e\u53cd\u4eb2\u548c\uff08anti-affinity\uff09\u6765\u9009\u62e9 Pod \u8981\u90e8\u7f72\u7684\u8282\u70b9\u3002
"},{"location":"admin/kpanda/workloads/pod-config/scheduling-policy.html#_2","title":"\u5bb9\u5fcd\u65f6\u95f4","text":"\u5f53\u5de5\u4f5c\u8d1f\u8f7d\u5b9e\u4f8b\u6240\u5728\u7684\u8282\u70b9\u4e0d\u53ef\u7528\u65f6\uff0c\u7cfb\u7edf\u5c06\u5b9e\u4f8b\u91cd\u65b0\u8c03\u5ea6\u5230\u5176\u5b83\u53ef\u7528\u8282\u70b9\u7684\u65f6\u95f4\u7a97\u3002\u9ed8\u8ba4\u4e3a 300 \u79d2\u3002
"},{"location":"admin/kpanda/workloads/pod-config/scheduling-policy.html#nodeaffinity","title":"\u8282\u70b9\u4eb2\u548c\u6027\uff08nodeAffinity\uff09","text":"\u8282\u70b9\u4eb2\u548c\u6027\u6982\u5ff5\u4e0a\u7c7b\u4f3c\u4e8e nodeSelector \uff0c \u5b83\u4f7f\u60a8\u53ef\u4ee5\u6839\u636e\u8282\u70b9\u4e0a\u7684\u6807\u7b7e\u6765\u7ea6\u675f Pod \u53ef\u4ee5\u8c03\u5ea6\u5230\u54ea\u4e9b\u8282\u70b9\u4e0a\u3002 \u8282\u70b9\u4eb2\u548c\u6027\u6709\u4e24\u79cd\uff1a
\u5fc5\u987b\u6ee1\u8db3\uff1a\uff08 requiredDuringSchedulingIgnoredDuringExecution \uff09 \u8c03\u5ea6\u5668\u53ea\u6709\u5728\u89c4\u5219\u88ab\u6ee1\u8db3\u7684\u65f6\u5019\u624d\u80fd\u6267\u884c\u8c03\u5ea6\u3002\u6b64\u529f\u80fd\u7c7b\u4f3c\u4e8e nodeSelector \uff0c \u4f46\u5176\u8bed\u6cd5\u8868\u8fbe\u80fd\u529b\u66f4\u5f3a\u3002\u60a8\u53ef\u4ee5\u5b9a\u4e49\u591a\u6761\u786c\u7ea6\u675f\u89c4\u5219\uff0c\u4f46\u53ea\u9700\u6ee1\u8db3\u5176\u4e2d\u4e00\u6761\u3002
\u5c3d\u91cf\u6ee1\u8db3\uff1a\uff08 preferredDuringSchedulingIgnoredDuringExecution \uff09 \u8c03\u5ea6\u5668\u4f1a\u5c1d\u8bd5\u5bfb\u627e\u6ee1\u8db3\u5bf9\u5e94\u89c4\u5219\u7684\u8282\u70b9\u3002\u5982\u679c\u627e\u4e0d\u5230\u5339\u914d\u7684\u8282\u70b9\uff0c\u8c03\u5ea6\u5668\u4ecd\u7136\u4f1a\u8c03\u5ea6\u8be5 Pod\u3002\u60a8\u8fd8\u53ef\u4e3a\u8f6f\u7ea6\u675f\u89c4\u5219\u8bbe\u5b9a\u6743\u91cd\uff0c\u5177\u4f53\u8c03\u5ea6\u65f6\uff0c\u82e5\u5b58\u5728\u591a\u4e2a\u7b26\u5408\u6761\u4ef6\u7684\u8282\u70b9\uff0c\u6743\u91cd\u6700\u5927\u7684\u8282\u70b9\u4f1a\u88ab\u4f18\u5148\u8c03\u5ea6\u3002\u540c\u65f6\u60a8\u8fd8\u53ef\u4ee5\u5b9a\u4e49\u591a\u6761\u786c\u7ea6\u675f\u89c4\u5219\uff0c\u4f46\u53ea\u9700\u6ee1\u8db3\u5176\u4e2d\u4e00\u6761\u3002
\u5bf9\u5e94\u8282\u70b9\u7684\u6807\u7b7e\uff0c\u53ef\u4ee5\u4f7f\u7528\u9ed8\u8ba4\u7684\u6807\u7b7e\u4e5f\u53ef\u4ee5\u7528\u6237\u81ea\u5b9a\u4e49\u6807\u7b7e\u3002
"},{"location":"admin/kpanda/workloads/pod-config/scheduling-policy.html#_4","title":"\u64cd\u4f5c\u7b26","text":"\u4ec5\u652f\u6301\u5728\u201c\u5c3d\u91cf\u6ee1\u8db3\u201d\u7b56\u7565\u4e2d\u6dfb\u52a0\uff0c\u53ef\u4ee5\u7406\u89e3\u4e3a\u8c03\u5ea6\u7684\u4f18\u5148\u7ea7\uff0c\u6743\u91cd\u5927\u7684\u4f1a\u88ab\u4f18\u5148\u8c03\u5ea6\u3002\u53d6\u503c\u8303\u56f4\u662f 1 \u5230 100\u3002
"},{"location":"admin/kpanda/workloads/pod-config/scheduling-policy.html#_6","title":"\u5de5\u4f5c\u8d1f\u8f7d\u4eb2\u548c\u6027","text":"\u4e0e\u8282\u70b9\u4eb2\u548c\u6027\u7c7b\u4f3c\uff0c\u5de5\u4f5c\u8d1f\u8f7d\u7684\u4eb2\u548c\u6027\u4e5f\u6709\u4e24\u79cd\u7c7b\u578b\uff1a
\u5de5\u4f5c\u8d1f\u8f7d\u7684\u4eb2\u548c\u6027\u4e3b\u8981\u7528\u6765\u51b3\u5b9a\u5de5\u4f5c\u8d1f\u8f7d\u7684 Pod \u53ef\u4ee5\u548c\u54ea\u4e9b Pod\u90e8 \u7f72\u5728\u540c\u4e00\u62d3\u6251\u57df\u3002\u4f8b\u5982\uff0c\u5bf9\u4e8e\u76f8\u4e92\u901a\u4fe1\u7684\u670d\u52a1\uff0c\u53ef\u901a\u8fc7\u5e94\u7528\u4eb2\u548c\u6027\u8c03\u5ea6\uff0c\u5c06\u5176\u90e8\u7f72\u5230\u540c\u4e00\u62d3\u6251\u57df\uff08\u5982\u540c\u4e00\u53ef\u7528\u533a\uff09\u4e2d\uff0c\u51cf\u5c11\u5b83\u4eec\u4e4b\u95f4\u7684\u7f51\u7edc\u5ef6\u8fdf\u3002
"},{"location":"admin/kpanda/workloads/pod-config/scheduling-policy.html#_7","title":"\u6807\u7b7e\u540d","text":"\u5bf9\u5e94\u8282\u70b9\u7684\u6807\u7b7e\uff0c\u53ef\u4ee5\u4f7f\u7528\u9ed8\u8ba4\u7684\u6807\u7b7e\u4e5f\u53ef\u4ee5\u7528\u6237\u81ea\u5b9a\u4e49\u6807\u7b7e\u3002
"},{"location":"admin/kpanda/workloads/pod-config/scheduling-policy.html#_8","title":"\u547d\u540d\u7a7a\u95f4","text":"\u6307\u5b9a\u8c03\u5ea6\u7b56\u7565\u751f\u6548\u7684\u547d\u540d\u7a7a\u95f4\u3002
"},{"location":"admin/kpanda/workloads/pod-config/scheduling-policy.html#_9","title":"\u64cd\u4f5c\u7b26","text":"\u6307\u5b9a\u8c03\u5ea6\u65f6\u7684\u5f71\u54cd\u8303\u56f4\u3002\u4f8b\u5982\uff0c\u5982\u679c\u6307\u5b9a\u4e3a kubernetes.io/Clustername \u8868\u793a\u4ee5 Node \u8282\u70b9\u4e3a\u533a\u5206\u8303\u56f4\u3002
"},{"location":"admin/kpanda/workloads/pod-config/scheduling-policy.html#_11","title":"\u5de5\u4f5c\u8d1f\u8f7d\u53cd\u4eb2\u548c\u6027","text":"\u4e0e\u8282\u70b9\u4eb2\u548c\u6027\u7c7b\u4f3c\uff0c\u5de5\u4f5c\u8d1f\u8f7d\u7684\u53cd\u4eb2\u548c\u6027\u4e5f\u6709\u4e24\u79cd\u7c7b\u578b\uff1a
\u5de5\u4f5c\u8d1f\u8f7d\u7684\u53cd\u4eb2\u548c\u6027\u4e3b\u8981\u7528\u6765\u51b3\u5b9a\u5de5\u4f5c\u8d1f\u8f7d\u7684 Pod \u4e0d\u53ef\u4ee5\u548c\u54ea\u4e9b Pod \u90e8\u7f72\u5728\u540c\u4e00\u62d3\u6251\u57df\u3002\u4f8b\u5982\uff0c\u5c06\u4e00\u4e2a\u8d1f\u8f7d\u7684\u76f8\u540c Pod \u5206\u6563\u90e8\u7f72\u5230\u4e0d\u540c\u7684\u62d3\u6251\u57df\uff08\u4f8b\u5982\u4e0d\u540c\u4e3b\u673a\uff09\u4e2d\uff0c\u63d0\u9ad8\u8d1f\u8f7d\u672c\u8eab\u7684\u7a33\u5b9a\u6027\u3002
"},{"location":"admin/kpanda/workloads/pod-config/scheduling-policy.html#_12","title":"\u6807\u7b7e\u540d","text":"\u5bf9\u5e94\u8282\u70b9\u7684\u6807\u7b7e\uff0c\u53ef\u4ee5\u4f7f\u7528\u9ed8\u8ba4\u7684\u6807\u7b7e\u4e5f\u53ef\u4ee5\u7528\u6237\u81ea\u5b9a\u4e49\u6807\u7b7e\u3002
"},{"location":"admin/kpanda/workloads/pod-config/scheduling-policy.html#_13","title":"\u547d\u540d\u7a7a\u95f4","text":"\u6307\u5b9a\u8c03\u5ea6\u7b56\u7565\u751f\u6548\u7684\u547d\u540d\u7a7a\u95f4\u3002
"},{"location":"admin/kpanda/workloads/pod-config/scheduling-policy.html#_14","title":"\u64cd\u4f5c\u7b26","text":"\u6307\u5b9a\u8c03\u5ea6\u65f6\u7684\u5f71\u54cd\u8303\u56f4\u3002\u4f8b\u5982\uff0c\u5982\u679c\u6307\u5b9a\u4e3a kubernetes.io/Clustername \u8868\u793a\u4ee5 Node \u8282\u70b9\u4e3a\u533a\u5206\u8303\u56f4\u3002
"},{"location":"admin/kpanda/workloads/pod-config/workload-status.html","title":"\u5de5\u4f5c\u8d1f\u8f7d\u72b6\u6001","text":"\u5de5\u4f5c\u8d1f\u8f7d\u662f\u8fd0\u884c\u5728 Kubernetes \u4e0a\u7684\u4e00\u4e2a\u5e94\u7528\u7a0b\u5e8f\uff0c\u5728 Kubernetes \u4e2d\uff0c\u65e0\u8bba\u60a8\u7684\u5e94\u7528\u7a0b\u5e8f\u662f\u7531\u5355\u4e2a\u540c\u4e00\u7ec4\u4ef6\u6216\u662f\u7531\u591a\u4e2a\u4e0d\u540c\u7684\u7ec4\u4ef6\u6784\u6210\uff0c\u90fd\u53ef\u4ee5\u4f7f\u7528\u4e00\u7ec4 Pod \u6765\u8fd0\u884c\u5b83\u3002Kubernetes \u63d0\u4f9b\u4e86\u4e94\u79cd\u5185\u7f6e\u7684\u5de5\u4f5c\u8d1f\u8f7d\u8d44\u6e90\u6765\u7ba1\u7406 Pod\uff1a
\u60a8\u4e5f\u53ef\u4ee5\u901a\u8fc7\u8bbe\u7f6e\u81ea\u5b9a\u4e49\u8d44\u6e90 CRD \u6765\u5b9e\u73b0\u5bf9\u5de5\u4f5c\u8d1f\u8f7d\u8d44\u6e90\u7684\u6269\u5c55\u3002\u5728\u7b2c\u4e94\u4ee3\u5bb9\u5668\u7ba1\u7406\u4e2d\uff0c\u652f\u6301\u5bf9\u5de5\u4f5c\u8d1f\u8f7d\u8fdb\u884c\u521b\u5efa\u3001\u66f4\u65b0\u3001\u6269\u5bb9\u3001\u76d1\u63a7\u3001\u65e5\u5fd7\u3001\u5220\u9664\u3001\u7248\u672c\u7ba1\u7406\u7b49\u5168\u751f\u547d\u5468\u671f\u7ba1\u7406\u3002
"},{"location":"admin/kpanda/workloads/pod-config/workload-status.html#pod","title":"Pod \u72b6\u6001","text":"Pod \u662f Kuberneters \u4e2d\u521b\u5efa\u548c\u7ba1\u7406\u7684\u3001\u6700\u5c0f\u7684\u8ba1\u7b97\u5355\u5143\uff0c\u5373\u4e00\u7ec4\u5bb9\u5668\u7684\u96c6\u5408\u3002\u8fd9\u4e9b\u5bb9\u5668\u5171\u4eab\u5b58\u50a8\u3001\u7f51\u7edc\u4ee5\u53ca\u7ba1\u7406\u63a7\u5236\u5bb9\u5668\u8fd0\u884c\u65b9\u5f0f\u7684\u7b56\u7565\u3002 Pod \u901a\u5e38\u4e0d\u7531\u7528\u6237\u76f4\u63a5\u521b\u5efa\uff0c\u800c\u662f\u901a\u8fc7\u5de5\u4f5c\u8d1f\u8f7d\u8d44\u6e90\u6765\u521b\u5efa\u3002 Pod \u9075\u5faa\u4e00\u4e2a\u9884\u5b9a\u4e49\u7684\u751f\u547d\u5468\u671f\uff0c\u8d77\u59cb\u4e8e Pending \u9636\u6bb5\uff0c\u5982\u679c\u81f3\u5c11\u5176\u4e2d\u6709\u4e00\u4e2a\u4e3b\u8981\u5bb9\u5668\u6b63\u5e38\u542f\u52a8\uff0c\u5219\u8fdb\u5165 Running \uff0c\u4e4b\u540e\u53d6\u51b3\u4e8e Pod \u4e2d\u662f\u5426\u6709\u5bb9\u5668\u4ee5\u5931\u8d25\u72b6\u6001\u7ed3\u675f\u800c\u8fdb\u5165 Succeeded \u6216\u8005 Failed \u9636\u6bb5\u3002
"},{"location":"admin/kpanda/workloads/pod-config/workload-status.html#_2","title":"\u5de5\u4f5c\u8d1f\u8f7d\u72b6\u6001","text":"\u7b2c\u4e94\u4ee3\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u4f9d\u636e Pod \u7684\u72b6\u6001\u3001\u526f\u672c\u6570\u7b49\u56e0\u7d20\uff0c\u8bbe\u8ba1\u4e86\u4e00\u79cd\u5185\u7f6e\u7684\u5de5\u4f5c\u8d1f\u8f7d\u751f\u547d\u5468\u671f\u7684\u72b6\u6001\u96c6\uff0c\u4ee5\u8ba9\u7528\u6237\u80fd\u591f\u66f4\u52a0\u771f\u5b9e\u7684\u611f\u77e5\u5de5\u4f5c\u8d1f\u8f7d\u8fd0\u884c\u60c5\u51b5\u3002 \u7531\u4e8e\u4e0d\u540c\u7684\u5de5\u4f5c\u8d1f\u8f7d\u7c7b\u578b\uff08\u6bd4\u5982\u65e0\u72b6\u6001\u5de5\u4f5c\u8d1f\u8f7d\u548c\u4efb\u52a1\uff09\u5bf9 Pod \u7684\u7ba1\u7406\u673a\u5236\u4e0d\u4e00\u81f4\uff0c\u56e0\u6b64\uff0c\u4e0d\u540c\u7684\u5de5\u4f5c\u8d1f\u8f7d\u5728\u8fd0\u884c\u8fc7\u7a0b\u4e2d\u4f1a\u5448\u73b0\u4e0d\u540c\u7684\u751f\u547d\u5468\u671f\u72b6\u6001\uff0c\u5177\u4f53\u5982\u4e0b\u8868\uff1a
"},{"location":"admin/kpanda/workloads/pod-config/workload-status.html#_3","title":"\u65e0\u72b6\u6001\u8d1f\u8f7d\u3001\u6709\u72b6\u6001\u8d1f\u8f7d\u3001\u5b88\u62a4\u8fdb\u7a0b\u72b6\u6001","text":"\u72b6\u6001 \u63cf\u8ff0 \u7b49\u5f85\u4e2d 1. \u5de5\u4f5c\u8d1f\u8f7d\u521b\u5efa\u6b63\u5728\u8fdb\u884c\u4e2d\uff0c\u5de5\u4f5c\u8d1f\u8f7d\u5904\u4e8e\u6b64\u72b6\u6001\u30022. \u89e6\u53d1\u5347\u7ea7\u6216\u8005\u56de\u6eda\u52a8\u4f5c\u540e\uff0c\u5de5\u4f5c\u8d1f\u8f7d\u5904\u4e8e\u6b64\u72b6\u6001\u30023. \u89e6\u53d1\u6682\u505c/\u6269\u7f29\u5bb9\u7b49\u64cd\u4f5c\uff0c\u5de5\u4f5c\u8d1f\u8f7d\u5904\u5728\u6b64\u72b6\u6001\u3002 \u8fd0\u884c\u4e2d \u8d1f\u8f7d\u4e0b\u7684\u6240\u6709\u5b9e\u4f8b\u90fd\u5728\u8fd0\u884c\u4e2d\u4e14\u526f\u672c\u6570\u4e0e\u7528\u6237\u9884\u5b9a\u4e49\u7684\u6570\u91cf\u4e00\u81f4\u65f6\u5904\u4e8e\u6b64\u72b6\u6001\u3002 \u5220\u9664\u4e2d \u6267\u884c\u5220\u9664\u64cd\u4f5c\u65f6\uff0c\u8d1f\u8f7d\u5904\u4e8e\u6b64\u72b6\u6001\uff0c\u76f4\u5230\u5220\u9664\u5b8c\u6210\u3002 \u5f02\u5e38 \u56e0\u4e3a\u67d0\u4e9b\u539f\u56e0\u65e0\u6cd5\u53d6\u5f97\u5de5\u4f5c\u8d1f\u8f7d\u7684\u72b6\u6001\u3002\u8fd9\u79cd\u60c5\u51b5\u901a\u5e38\u662f\u56e0\u4e3a\u4e0e Pod \u6240\u5728\u4e3b\u673a\u901a\u4fe1\u5931\u8d25\u3002 \u672a\u5c31\u7eea \u5bb9\u5668\u5904\u4e8e\u5f02\u5e38\uff0cpending \u72b6\u6001\u65f6\uff0c\u56e0\u672a\u77e5\u9519\u8bef\u5bfc\u81f4\u8d1f\u8f7d\u65e0\u6cd5\u542f\u52a8\u65f6\u663e\u793a\u6b64\u72b6\u6001"},{"location":"admin/kpanda/workloads/pod-config/workload-status.html#_4","title":"\u4efb\u52a1\u72b6\u6001","text":"\u72b6\u6001 \u63cf\u8ff0 \u7b49\u5f85\u4e2d \u4efb\u52a1\u521b\u5efa\u6b63\u5728\u8fdb\u884c\u4e2d\uff0c\u5de5\u4f5c\u8d1f\u8f7d\u5904\u4e8e\u6b64\u72b6\u6001\u3002 \u6267\u884c\u4e2d \u4efb\u52a1\u6b63\u5728\u6267\u884c\u4e2d\uff0c\u5de5\u4f5c\u8d1f\u8f7d\u5904\u4e8e\u6b64\u72b6\u6001\u3002 \u6267\u884c\u5b8c\u6210 \u4efb\u52a1\u6267\u884c\u5b8c\u6210\uff0c\u5de5\u4f5c\u8d1f\u8f7d\u5904\u4e8e\u6b64\u72b6\u6001\u3002 \u5220\u9664\u4e2d \u89e6\u53d1\u5220\u9664\u64cd\u4f5c\uff0c\u5de5\u4f5c\u8d1f\u8f7d\u5904\u5728\u6b64\u72b6\u6001\u3002 \u5f02\u5e38 \u56e0\u4e3a\u67d0\u4e9b\u539f\u56e0\u65e0\u6cd5\u53d6\u5f97 Pod \u7684\u72b6\u6001\u3002\u8fd9\u79cd\u60c5\u51b5\u901a\u5e38\u662f\u56e0\u4e3a\u4e0e Pod \u6240\u5728\u4e3b\u673a\u901a\u4fe1\u5931\u8d25\u3002"},{"location":"admin/kpanda/workloads/pod-config/workload-status.html#_5","title":"\u5b9a\u65f6\u4efb\u52a1\u72b6\u6001","text":"\u72b6\u6001 \u63cf\u8ff0 \u7b49\u5f85\u4e2d \u5b9a\u65f6\u4efb\u52a1\u521b\u5efa\u6b63\u5728\u8fdb\u884c\u4e2d\uff0c\u5b9a\u65f6\u4efb\u52a1\u5904\u4e8e\u6b64\u72b6\u6001\u3002 \u5df2\u542f\u52a8 \u521b\u5efa\u5b9a\u65f6\u4efb\u52a1\u6210\u529f\u540e\uff0c\u6b63\u5e38\u8fd0\u884c\u6216\u5c06\u5df2\u6682\u505c\u7684\u4efb\u52a1\u542f\u52a8\u65f6\u5b9a\u65f6\u4efb\u52a1\u5904\u4e8e\u6b64\u72b6\u6001\u3002 \u5df2\u505c\u6b62 \u6267\u884c\u505c\u6b62\u4efb\u52a1\u64cd\u4f5c\u65f6\uff0c\u5b9a\u65f6\u4efb\u52a1\u5904\u4e8e\u6b64\u72b6\u6001\u3002 \u5220\u9664\u4e2d \u89e6\u53d1\u5220\u9664\u64cd\u4f5c\uff0c\u5b9a\u65f6\u4efb\u52a1\u5904\u5728\u6b64\u72b6\u6001\u3002\u5f53\u5de5\u4f5c\u8d1f\u8f7d\u5904\u4e8e\u5f02\u5e38\u6216\u672a\u5c31\u7eea\u72b6\u6001\u65f6\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7\u5c06\u9f20\u6807\u79fb\u52a8\u5230\u8d1f\u8f7d\u7684\u72b6\u6001\u503c\u4e0a\uff0c\u7cfb\u7edf\u5c06\u901a\u8fc7\u63d0\u793a\u6846\u5c55\u793a\u66f4\u52a0\u8be6\u7ec6\u7684\u9519\u8bef\u4fe1\u606f\u3002\u60a8\u4e5f\u53ef\u4ee5\u901a\u8fc7\u67e5\u770b\u65e5\u5fd7\u6216\u4e8b\u4ef6\u6765\u83b7\u53d6\u5de5\u4f5c\u8d1f\u8f7d\u7684\u76f8\u5173\u8fd0\u884c\u4fe1\u606f\u3002
"},{"location":"admin/register/index.html","title":"\u7528\u6237\u6ce8\u518c","text":"\u65b0\u7528\u6237\u9996\u6b21\u4f7f\u7528 AI \u7b97\u529b\u5e73\u53f0\u9700\u8981\u8fdb\u884c\u6ce8\u518c\u3002
"},{"location":"admin/register/index.html#_2","title":"\u524d\u7f6e\u6761\u4ef6","text":"\u6253\u5f00 AI \u7b97\u529b\u5e73\u53f0\u9996\u9875 https://ai.isuanova.com/\uff0c\u70b9\u51fb \u6ce8\u518c
\u952e\u5165\u7528\u6237\u540d\u3001\u5bc6\u7801\u3001\u90ae\u7bb1\u540e\u70b9\u51fb \u6ce8\u518c
\u7cfb\u7edf\u63d0\u793a\u53d1\u9001\u4e86\u4e00\u5c01\u90ae\u4ef6\u5230\u60a8\u7684\u90ae\u7bb1\u3002
\u767b\u5f55\u81ea\u5df1\u7684\u90ae\u7bb1\uff0c\u627e\u5230\u90ae\u4ef6\uff0c\u70b9\u51fb\u94fe\u63a5\u3002
\u606d\u559c\uff0c\u60a8\u6210\u529f\u8fdb\u5165\u4e86 AI \u7b97\u529b\u5e73\u53f0\uff0c\u73b0\u5728\u53ef\u4ee5\u5f00\u59cb\u60a8\u7684 AI \u4e4b\u65c5\u4e86\u3002
\u4e0b\u4e00\u6b65\uff1a\u4e3a\u7528\u6237\u7ed1\u5b9a\u5de5\u4f5c\u7a7a\u95f4
"},{"location":"admin/register/bindws.html","title":"\u4e3a\u7528\u6237\u7ed1\u5b9a\u5de5\u4f5c\u7a7a\u95f4","text":"\u7528\u6237\u6210\u529f\u6ce8\u518c\u4e4b\u540e\uff0c\u9700\u8981\u4e3a\u5176\u7ed1\u5b9a\u4e00\u4e2a\u5de5\u4f5c\u7a7a\u95f4\u3002
"},{"location":"admin/register/bindws.html#_2","title":"\u524d\u7f6e\u6761\u4ef6","text":"\u5bfc\u822a\u5207\u6362\u81f3 \u5168\u5c40\u7ba1\u7406 -> \u5de5\u4f5c\u7a7a\u95f4\u4e0e\u5c42\u7ea7 \uff0c\u70b9\u51fb \u521b\u5efa\u5de5\u4f5c\u7a7a\u95f4
\u8f93\u5165\u540d\u79f0\uff0c\u9009\u62e9\u6587\u4ef6\u5939\u540e\u70b9\u51fb \u786e\u5b9a \uff0c\u521b\u5efa\u4e00\u4e2a\u5de5\u4f5c\u7a7a\u95f4
\u7ed9\u5de5\u4f5c\u7a7a\u95f4\u7ed1\u5b9a\u8d44\u6e90
\u53ef\u4ee5\u5728\u8fd9\u4e2a\u754c\u9762\u4e0a\u70b9\u51fb \u521b\u5efa\u96c6\u7fa4-\u547d\u540d\u7a7a\u95f4 \u6765\u521b\u5efa\u4e00\u4e2a\u547d\u540d\u7a7a\u95f4\u3002
\u6dfb\u52a0\u6388\u6743\uff1a\u5c06\u7528\u6237\u5206\u914d\u81f3\u5de5\u4f5c\u7a7a\u95f4
\u7528\u6237\u767b\u5f55 AI \u7b97\u529b\u5e73\u53f0\uff0c\u67e5\u770b\u662f\u5426\u5177\u6709\u5de5\u4f5c\u7a7a\u95f4\u53ca\u547d\u540d\u7a7a\u95f4\u7684\u6743\u9650\u3002 \u7ba1\u7406\u5458\u53ef\u4ee5\u901a\u8fc7\u53f3\u4fa7\u7684 \u2507 \u6267\u884c\u66f4\u591a\u64cd\u4f5c\u3002
\u4e0b\u4e00\u6b65\uff1a\u4e3a\u5de5\u4f5c\u7a7a\u95f4\u5206\u914d\u8d44\u6e90
"},{"location":"admin/register/wsres.html","title":"\u4e3a\u5de5\u4f5c\u7a7a\u95f4\u5206\u914d\u8d44\u6e90","text":"\u5c06\u7528\u6237\u7ed1\u5b9a\u5230\u5de5\u4f5c\u7a7a\u95f4\u540e\uff0c\u9700\u8981\u7ed9\u5de5\u4f5c\u7a7a\u95f4\u5206\u914d\u5408\u9002\u7684\u8d44\u6e90\u3002
"},{"location":"admin/register/wsres.html#_2","title":"\u524d\u7f6e\u6761\u4ef6","text":"\u5bfc\u822a\u5230 \u5168\u5c40\u7ba1\u7406 -> \u5de5\u4f5c\u7a7a\u95f4\u4e0e\u5c42\u7ea7\uff0c\u627e\u5230\u8981\u6dfb\u52a0\u8d44\u6e90\u7684\u5de5\u4f5c\u7a7a\u95f4\uff0c\u70b9\u51fb \u65b0\u589e\u5171\u4eab\u8d44\u6e90
\u9009\u62e9\u96c6\u7fa4\uff0c\u8bbe\u7f6e\u5408\u9002\u7684\u8d44\u6e90\u914d\u989d\u540e\uff0c\u70b9\u51fb \u786e\u5b9a
\u8fd4\u56de\u5171\u4eab\u8d44\u6e90\u9875\uff0c\u4e3a\u5de5\u4f5c\u7a7a\u95f4\u6210\u529f\u5206\u914d\u4e86\u8d44\u6e90\uff0c\u7ba1\u7406\u5458\u53ef\u4ee5\u901a\u8fc7\u53f3\u4fa7\u7684 \u2507 \u968f\u65f6\u4fee\u6539\u3002
\u4e0b\u4e00\u6b65\uff1a\u521b\u5efa\u4e91\u4e3b\u673a
"},{"location":"admin/security/index.html","title":"\u4e91\u539f\u751f\u5b89\u5168","text":"\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u9488\u5bf9\u5bb9\u5668\u3001Pod\u3001\u955c\u50cf\u3001\u8fd0\u884c\u65f6\u3001\u5fae\u670d\u52a1\u63d0\u4f9b\u4e86\u5168\u9762\u81ea\u52a8\u5316\u7684\u5b89\u5168\u5b9e\u73b0\u3002 \u4e0b\u8868\u5217\u51fa\u4e86\u4e00\u4e9b\u5df2\u5b9e\u73b0\u6216\u6b63\u5728\u5b9e\u73b0\u4e2d\u7684\u5b89\u5168\u7279\u6027\u3002
\u5b89\u5168\u7279\u6027 \u7ec6\u76ee \u63cf\u8ff0 \u955c\u50cf\u5b89\u5168 \u53ef\u4fe1\u955c\u50cf\u5206\u53d1 \u4e3a\u5b9e\u73b0\u955c\u50cf\u7684\u5b89\u5168\u4f20\u8f93\uff0c\u9700\u5177\u5907\u5bc6\u94a5\u5bf9\u548c\u7b7e\u540d\u4fe1\u606f\uff0c\u4fdd\u8bc1\u4f20\u8f93\u5b89\u5168\u3002\u5728\u4f20\u8f93\u955c\u50cf\u65f6\u5177\u5907\u9009\u62e9\u5bc6\u94a5\u8fdb\u884c\u955c\u50cf\u7b7e\u540d\u80fd\u529b\u3002 \u8fd0\u884c\u65f6\u5b89\u5168 \u4e8b\u4ef6\u5173\u8054\u5206\u6790 \u652f\u6301\u5bf9\u8fd0\u884c\u65f6\u68c0\u6d4b\u51fa\u7684\u5b89\u5168\u4e8b\u4ef6\u505a\u5173\u8054\u4e0e\u98ce\u9669\u5206\u6790\uff0c\u589e\u52a0\u653b\u51fb\u6eaf\u6e90\u80fd\u529b\uff0c\u6536\u655b\u544a\u8b66\uff0c\u964d\u4f4e\u65e0\u6548\u544a\u8b66\uff0c\u63d0\u9ad8\u4e8b\u4ef6\u54cd\u5e94\u6548\u7387\u3002 - \u5bb9\u5668\u8bf1\u9975\u4ed3\u5e93 \u5177\u5907\u5bb9\u5668\u8bf1\u9975\u4ed3\u5e93\uff0c\u5e38\u89c1\u8bf1\u9975\u5305\u62ec\u4f46\u4e0d\u9650\u4e8e\uff1a\u672a\u6388\u6743\u8bbf\u95ee\u6f0f\u6d1e\u3001\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u3001\u672c\u5730\u6587\u4ef6\u8bfb\u53d6\u6f0f\u6d1e\u3001\u8fdc\u7a0b\u547d\u4ee4\u6267\u884c RCE \u6f0f\u6d1e\u7b49\u5bb9\u5668\u8bf1\u9975\u3002 - \u5bb9\u5668\u8bf1\u9975\u90e8\u7f72 \u652f\u6301\u81ea\u5b9a\u4e49\u65b0\u589e\u8bf1\u9975\u5bb9\u5668\uff0c\u53ef\u4ee5\u81ea\u5b9a\u4e49\u670d\u52a1\u540d\u79f0\u3001\u670d\u52a1\u4f4d\u7f6e\u7b49\u3002 - \u5bb9\u5668\u8bf1\u9975\u544a\u8b66 \u652f\u6301\u5bf9\u5bb9\u5668\u8bf1\u9975\u4e2d\u53ef\u7591\u884c\u4e3a\u8fdb\u884c\u544a\u8b66\u3002 - \u504f\u79fb\u68c0\u6d4b \u5728\u626b\u63cf\u955c\u50cf\u540c\u65f6\uff0c\u5b66\u4e60\u955c\u50cf\u4e2d\u5168\u90e8\u4e8c\u8fdb\u5236\u6587\u4ef6\u4fe1\u606f\uff0c\u5e76\u5f62\u6210\u201c\u767d\u540d\u5355\u201d\uff0c\u5bb9\u5668\u4e0a\u7ebf\u540e\u4ec5\u5141\u8bb8\u201c\u767d\u540d\u5355\u201d\u4e2d\u4e8c\u8fdb\u5236\u6587\u4ef6\u8fd0\u884c\uff0c\u786e\u4fdd\u5bb9\u5668\u5185\u4e0d\u80fd\u8fd0\u884c\u4e0d\u6388\u4fe1\uff08\u5982\u975e\u6cd5\u4e0b\u8f7d\uff09\u7684\u53ef\u6267\u884c\u6587\u4ef6\u3002 \u5fae\u9694\u79bb \u9694\u79bb\u7b56\u7565\u667a\u80fd\u63a8\u8350 \u652f\u6301\u8bb0\u5f55\u8d44\u6e90\u5386\u53f2\u8bbf\u95ee\u6d41\u91cf\uff0c\u5e76\u5728\u5bf9\u8d44\u6e90\u8fdb\u884c\u9694\u79bb\u7b56\u7565\u914d\u7f6e\u65f6\u80fd\u591f\u667a\u80fd\u4f9d\u636e\u5386\u53f2\u8bbf\u95ee\u6d41\u91cf\u8fdb\u884c\u7b56\u7565\u63a8\u8350\u3002 - \u79df\u6237\u9694\u79bb \u652f\u6301\u5bf9 Kubernetes \u96c6\u7fa4\u5185\u79df\u6237\u8fdb\u884c\u9694\u79bb\u63a7\u5236\uff0c\u5177\u5907\u5bf9\u4e0d\u540c\u7684\u79df\u6237\u8bbe\u7f6e\u4e0d\u540c\u7684\u7f51\u7edc\u5b89\u5168\u7ec4\u7684\u80fd\u529b\uff0c\u652f\u6301\u79df\u6237\u7ea7\u522b\u7684\u5b89\u5168\u7b56\u7565\u8bbe\u7f6e\u529f\u80fd\uff0c\u901a\u8fc7\u4e0d\u540c\u5b89\u5168\u7ec4\u548c\u8bbe\u7f6e\u7684\u5b89\u5168\u7b56\u7565\u5b9e\u73b0\u79df\u6237\u95f4\u7f51\u7edc\u7684\u8bbf\u95ee\u4e0e\u9694\u79bb\u3002 \u5fae\u670d\u52a1\u5b89\u5168 \u670d\u52a1\u53ca API \u5b89\u5168\u626b\u63cf \u5bf9\u96c6\u7fa4\u5185\u7684\u670d\u52a1\u53ca API \u652f\u6301\u81ea\u52a8\u626b\u63cf\u3001\u624b\u52a8\u626b\u63cf\u53ca\u5468\u671f\u6027\u626b\u63cf\u7684\u5b89\u5168\u626b\u63cf\u65b9\u5f0f\uff0c\u652f\u6301\u5168\u90e8\u7684\u4f20\u7edf web \u626b\u63cf\u9879\u76ee\u5305\u62ec XSS \u6f0f\u6d1e\u3001SQL \u6ce8\u5165\u3001\u547d\u4ee4/\u4ee3\u7801\u6ce8\u5165\u3001\u76ee\u5f55\u679a\u4e3e\u3001\u8def\u5f84\u7a7f\u8d8a\u3001XML \u5b9e\u4f53\u6ce8\u5165\u3001poc\u3001\u6587\u4ef6\u4e0a\u4f20\u3001\u5f31\u53e3\u4ee4\u3001jsonp\u3001ssrf\u3001\u4efb\u610f\u8df3\u8f6c\u3001CRLF \u6ce8\u5165\u7b49\u98ce\u9669\uff0c\u4ee5\u53ca\u5bb9\u5668\u73af\u5883\u7279\u6709\u7684\u9879\uff0c\u9488\u5bf9\u53d1\u73b0\u7684\u6f0f\u6d1e\u652f\u6301\u6f0f\u6d1e\u7c7b\u578b\u5c55\u793a\u3001url \u5c55\u793a\u3001\u53c2\u6570\u5c55\u793a\u3001\u5371\u9669\u7ea7\u522b\u5c55\u793a\u3001\u6d4b\u8bd5\u65b9\u6cd5\u5c55\u793a\u7b49\u3002"},{"location":"admin/security/falco-exporter.html","title":"Falco-exporter","text":"Falco-exporter \u662f\u4e00\u4e2a Falco \u8f93\u51fa\u4e8b\u4ef6\u7684 Prometheus Metrics \u5bfc\u51fa\u5668\u3002
Falco-exporter \u4f1a\u90e8\u7f72\u4e3a Kubernetes \u96c6\u7fa4\u4e0a\u7684\u5b88\u62a4\u8fdb\u7a0b\u96c6\u3002\u5982\u679c\u96c6\u7fa4\u4e2d\u5df2\u5b89\u88c5\u5e76\u8fd0\u884c Prometheus\uff0cPrometheus \u5c06\u81ea\u52a8\u53d1\u73b0 Falco-exporter \u63d0\u4f9b\u7684\u6307\u6807\u3002
"},{"location":"admin/security/falco-exporter.html#falco-exporter_1","title":"\u5b89\u88c5 Falco-exporter","text":"\u672c\u9875\u4ecb\u7ecd\u5982\u4f55\u5b89\u88c5 Falco-exporter \u7ec4\u4ef6\u3002
Note
\u5728\u5b89\u88c5\u4f7f\u7528 Falco-exporter \u4e4b\u524d\uff0c\u9700\u8981\u5b89\u88c5\u5e76\u8fd0\u884c Falco\uff0c\u5e76\u542f\u7528 gRPC \u8f93\u51fa\uff08\u9ed8\u8ba4\u901a\u8fc7 Unix \u5957\u63a5\u5b57\u542f\u7528\uff09\u3002 \u5173\u4e8e\u542f\u7528 gRPC \u8f93\u51fa\u7684\u66f4\u591a\u4fe1\u606f\uff0c\u53ef\u53c2\u9605\u5728 Falco Helm Chart \u4e2d\u542f\u7528 gRPC \u8f93\u51fa\u3002
\u8bf7\u786e\u8ba4\u60a8\u7684\u96c6\u7fa4\u5df2\u6210\u529f\u63a5\u5165\u5bb9\u5668\u7ba1\u7406
\u5e73\u53f0\uff0c\u7136\u540e\u6267\u884c\u4ee5\u4e0b\u6b65\u9aa4\u5b89\u88c5 Falco-exporter\u3002
\u4ece\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb\u5bb9\u5668\u7ba1\u7406
\u2014>\u96c6\u7fa4\u5217\u8868
\uff0c\u7136\u540e\u627e\u5230\u51c6\u5907\u5b89\u88c5 Falco-exporter \u7684\u96c6\u7fa4\u540d\u79f0\u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u4e2d\u9009\u62e9 Helm \u5e94\u7528
-> Helm \u6a21\u677f
\uff0c\u627e\u5230\u5e76\u70b9\u51fb falco-exporter
\u3002
\u5728\u7248\u672c\u9009\u62e9
\u4e2d\u9009\u62e9\u5e0c\u671b\u5b89\u88c5\u7684\u7248\u672c\uff0c\u70b9\u51fb\u5b89\u88c5
\u3002
\u5728\u5b89\u88c5\u754c\u9762\uff0c\u586b\u5199\u6240\u9700\u7684\u5b89\u88c5\u53c2\u6570\u3002
\u5728\u5982\u4e0a\u754c\u9762\u4e2d\uff0c\u586b\u5199\u5e94\u7528\u540d\u79f0
\u3001\u547d\u540d\u7a7a\u95f4
\u3001\u7248\u672c
\u7b49\u3002
\u5728\u5982\u4e0a\u754c\u9762\u4e2d\uff0c\u586b\u5199\u4ee5\u4e0b\u53c2\u6570:
Falco Prometheus Exporter
-> Image Settings
-> Registry
\uff1a\u8bbe\u7f6e falco-exporter \u955c\u50cf\u7684\u4ed3\u5e93\u5730\u5740\uff0c\u5df2\u7ecf\u9ed8\u8ba4\u586b\u5199\u53ef\u7528\u7684\u5728\u7ebf\u4ed3\u5e93\u3002\u5982\u679c\u662f\u79c1\u6709\u5316\u73af\u5883\uff0c\u53ef\u4fee\u6539\u4e3a\u79c1\u6709\u4ed3\u5e93\u5730\u5740\u3002Falco Prometheus Exporter
-> Prometheus ServiceMonitor Settings
-> Repository
\uff1a\u8bbe\u7f6e falco-exporter \u955c\u50cf\u540d\u3002Falco Prometheus Exporter
-> Prometheus ServiceMonitor Settings
-> Install ServiceMonitor
\uff1a\u5b89\u88c5 Prometheus Operator \u670d\u52a1\u76d1\u89c6\u5668\uff0c\u9ed8\u8ba4\u5f00\u542f\u3002Falco Prometheus Exporter
-> Prometheus ServiceMonitor Settings
-> Scrape Interval
\uff1a\u7528\u6237\u81ea\u5b9a\u4e49\u7684\u95f4\u9694\uff1b\u5982\u679c\u672a\u6307\u5b9a\uff0c\u5219\u4f7f\u7528 Prometheus \u9ed8\u8ba4\u95f4\u9694\u3002Falco Prometheus Exporter
-> Prometheus ServiceMonitor Settings
-> Scrape Timeout
\uff1a\u7528\u6237\u81ea\u5b9a\u4e49\u7684\u6293\u53d6\u8d85\u65f6\u65f6\u95f4\uff1b\u5982\u679c\u672a\u6307\u5b9a\uff0c\u5219\u4f7f\u7528 Prometheus \u9ed8\u8ba4\u7684\u6293\u53d6\u8d85\u65f6\u65f6\u95f4\u3002\u5728\u5982\u4e0a\u754c\u9762\u4e2d\uff0c\u586b\u5199\u4ee5\u4e0b\u53c2\u6570:
Falco Prometheus Exporter
-> Prometheus prometheusRules
-> Install prometheusRules
\uff1a\u521b\u5efa PrometheusRules\uff0c\u5bf9\u4f18\u5148\u4e8b\u4ef6\u53d1\u51fa\u8b66\u62a5\uff0c\u9ed8\u8ba4\u5f00\u542f\u3002Falco Prometheus Exporter
-> Prometheus prometheusRules
-> Alerts settings
\uff1a\u8b66\u62a5\u8bbe\u7f6e\uff0c\u4e3a\u4e0d\u540c\u7ea7\u522b\u7684\u65e5\u5fd7\u4e8b\u4ef6\u8bbe\u7f6e\u8b66\u62a5\u662f\u5426\u542f\u7528\u3001\u8b66\u62a5\u7684\u95f4\u9694\u65f6\u95f4\u3001\u8b66\u62a5\u7684\u9608\u503c\u3002\u70b9\u51fb\u53f3\u4e0b\u89d2\u786e\u5b9a
\u6309\u94ae\u5373\u53ef\u5b8c\u6210\u5b89\u88c5\u3002
\u8bf7\u786e\u8ba4\u60a8\u7684\u96c6\u7fa4\u5df2\u6210\u529f\u63a5\u5165\u5bb9\u5668\u7ba1\u7406
\u5e73\u53f0\uff0c\u7136\u540e\u6267\u884c\u4ee5\u4e0b\u6b65\u9aa4\u5b89\u88c5 Falco\u3002
\u4ece\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb\u5bb9\u5668\u7ba1\u7406
\u2014>\u96c6\u7fa4\u5217\u8868
\uff0c\u7136\u540e\u627e\u5230\u51c6\u5907\u5b89\u88c5 Falco \u7684\u96c6\u7fa4\u540d\u79f0\u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u4e2d\u9009\u62e9 Helm \u5e94\u7528
-> Helm \u6a21\u677f
\uff0c\u627e\u5230\u5e76\u70b9\u51fb Falco
\u3002
\u5728\u7248\u672c\u9009\u62e9
\u4e2d\u9009\u62e9\u5e0c\u671b\u5b89\u88c5\u7684\u7248\u672c\uff0c\u70b9\u51fb\u5b89\u88c5
\u3002
\u5728\u5b89\u88c5\u754c\u9762\uff0c\u586b\u5199\u6240\u9700\u7684\u5b89\u88c5\u53c2\u6570\u3002
\u5728\u5982\u4e0a\u754c\u9762\u4e2d\uff0c\u586b\u5199\u5e94\u7528\u540d\u79f0
\u3001\u547d\u540d\u7a7a\u95f4
\u3001\u7248\u672c
\u7b49\u3002
\u5728\u5982\u4e0a\u754c\u9762\u4e2d\uff0c\u586b\u5199\u4ee5\u4e0b\u53c2\u6570\uff1a
Falco
-> Image Settings
-> Registry
\uff1a\u8bbe\u7f6e Falco \u955c\u50cf\u7684\u4ed3\u5e93\u5730\u5740\uff0c\u5df2\u7ecf\u9ed8\u8ba4\u586b\u5199\u53ef\u7528\u7684\u5728\u7ebf\u4ed3\u5e93\u3002\u5982\u679c\u662f\u79c1\u6709\u5316\u73af\u5883\uff0c\u53ef\u4fee\u6539\u4e3a\u79c1\u6709\u4ed3\u5e93\u5730\u5740\u3002
Falco
-> Image Settings
-> Repository
\uff1a\u8bbe\u7f6e Falco \u955c\u50cf\u540d\u3002
Falco
-> Falco Driver
-> Image Settings
-> Registry
\uff1a\u8bbe\u7f6e Falco Driver \u955c\u50cf\u7684\u4ed3\u5e93\u5730\u5740\uff0c\u5df2\u7ecf\u9ed8\u8ba4\u586b\u5199\u53ef\u7528\u7684\u5728\u7ebf\u4ed3\u5e93\u3002\u5982\u679c\u662f\u79c1\u6709\u5316\u73af\u5883\uff0c\u53ef\u4fee\u6539\u4e3a\u79c1\u6709\u4ed3\u5e93\u5730\u5740\u3002
Falco
-> Falco Driver
-> Image Settings
-> Repository
\uff1a\u8bbe\u7f6e Falco Driver \u955c\u50cf\u540d\u3002
Falco
-> Falco Driver
-> Image Settings
-> Driver Kind
\uff1a\u8bbe\u7f6e Driver Kind\uff0c\u63d0\u4f9b\u4ee5\u4e0b\u4e24\u79cd\u9009\u62e9\uff1a
ebpf\uff1a\u4f7f\u7528 ebpf \u6765\u68c0\u6d4b\u4e8b\u4ef6\uff0c\u8fd9\u9700\u8981 Linux \u5185\u6838\u652f\u6301 ebpf\uff0c\u5e76\u542f\u7528 CONFIG_BPF_JIT \u548c sysctl net.core.bpf_jit_enable=1\u3002
module\uff1a\u4f7f\u7528\u5185\u6838\u6a21\u5757\u68c0\u6d4b\uff0c\u652f\u6301\u6709\u9650\u7684\u64cd\u4f5c\u7cfb\u7edf\u7248\u672c\uff0c\u53c2\u8003 module \u652f\u6301\u7cfb\u7edf\u7248\u672c\u3002
Falco
-> Falco Driver
-> Image Settings
-> Log Level
\uff1a\u8981\u5305\u542b\u5728\u65e5\u5fd7\u4e2d\u7684\u6700\u5c0f\u65e5\u5fd7\u7ea7\u522b\u3002
\u53ef\u9009\u62e9\u503c\u4e3a\uff1aemergency
, alert
, critical
, error
, warning
, notice
, info
, debug
\u3002
Falco
-> Falco Driver
-> Image Settings
-> Registry
\uff1a\u8bbe\u7f6e Falco Driver \u955c\u50cf\u7684\u4ed3\u5e93\u5730\u5740\uff0c\u5df2\u7ecf\u9ed8\u8ba4\u586b\u5199\u53ef\u7528\u7684\u5728\u7ebf\u4ed3\u5e93\u3002\u5982\u679c\u662f\u79c1\u6709\u5316\u73af\u5883\uff0c\u53ef\u4fee\u6539\u4e3a\u79c1\u6709\u4ed3\u5e93\u5730\u5740\u3002
Falco
-> Falco Driver
-> Image Settings
-> Repository
\uff1a\u8bbe\u7f6e Falco Driver \u955c\u50cf\u540d\u3002
Falco
-> Falco Driver
-> Image Settings
-> Driver Kind
\uff1a\u8bbe\u7f6e Driver Kind\uff0c\u63d0\u4f9b\u4ee5\u4e0b\u4e24\u79cd\u9009\u62e9\uff1a
Falco
-> Falco Driver
-> Image Settings
-> Log Level
\uff1a\u8981\u5305\u542b\u5728\u65e5\u5fd7\u4e2d\u7684\u6700\u5c0f\u65e5\u5fd7\u7ea7\u522b\u3002
\u53ef\u9009\u62e9\u503c\u4e3a\uff1aemergency
\u3001alert
\u3001critical
\u3001error
\u3001warning
\u3001notice
\u3001info
\u3001debug
\u3002
\u70b9\u51fb\u53f3\u4e0b\u89d2\u786e\u5b9a
\u6309\u94ae\u5373\u53ef\u5b8c\u6210\u5b89\u88c5\u3002
Falco \u662f\u4e00\u4e2a\u4e91\u539f\u751f\u8fd0\u884c\u65f6\u5b89\u5168
\u5de5\u5177\uff0c\u65e8\u5728\u68c0\u6d4b\u5e94\u7528\u7a0b\u5e8f\u4e2d\u7684\u5f02\u5e38\u6d3b\u52a8\uff0c\u53ef\u7528\u4e8e\u76d1\u63a7 Kubernetes \u5e94\u7528\u7a0b\u5e8f\u548c\u5185\u90e8\u7ec4\u4ef6\u7684\u8fd0\u884c\u65f6\u5b89\u5168\u6027\u3002\u4ec5\u9700\u4e3a Falco \u64b0\u5199\u4e00\u5957\u89c4\u5219\uff0c\u5373\u53ef\u6301\u7eed\u76d1\u6d4b\u5e76\u76d1\u63a7\u5bb9\u5668\u3001\u5e94\u7528\u3001\u4e3b\u673a\u53ca\u7f51\u7edc\u7684\u5f02\u5e38\u6d3b\u52a8\u3002
Falco \u53ef\u5bf9\u4efb\u4f55\u6d89\u53ca Linux \u7cfb\u7edf\u8c03\u7528\u7684\u884c\u4e3a\u8fdb\u884c\u68c0\u6d4b\u548c\u62a5\u8b66\u3002Falco \u7684\u8b66\u62a5\u53ef\u4ee5\u901a\u8fc7\u4f7f\u7528\u7279\u5b9a\u7684\u7cfb\u7edf\u8c03\u7528\u3001\u53c2\u6570\u4ee5\u53ca\u8c03\u7528\u8fdb\u7a0b\u7684\u5c5e\u6027\u6765\u89e6\u53d1\u3002\u4f8b\u5982\uff0cFalco \u53ef\u4ee5\u8f7b\u677e\u68c0\u6d4b\u5230\u5305\u62ec\u4f46\u4e0d\u9650\u4e8e\u4ee5\u4e0b\u4e8b\u4ef6\uff1a
\u5173\u4e8e Falco \u9644\u5e26\u7684\u66f4\u591a\u9ed8\u8ba4\u89c4\u5219\uff0c\u8bf7\u53c2\u8003 Rules \u6587\u6863\u3002
"},{"location":"admin/security/falco.html#falco_2","title":"\u4ec0\u4e48\u662f Falco \u89c4\u5219\uff1f","text":"Falco \u89c4\u5219\u5b9a\u4e49 Falco \u5e94\u76d1\u89c6\u7684\u884c\u4e3a\u53ca\u4e8b\u4ef6\uff1b\u53ef\u4ee5\u5728 Falco \u89c4\u5219\u6587\u4ef6\u6216\u901a\u7528\u914d\u7f6e\u6587\u4ef6\u64b0\u5199\u89c4\u5219\u3002\u6709\u5173\u7f16\u5199\u3001\u7ba1\u7406\u548c\u90e8\u7f72\u89c4\u5219\u7684\u66f4\u591a\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 Falco Rules\u3002
"},{"location":"admin/security/falco.html#falco_3","title":"\u4ec0\u4e48\u662f Falco \u8b66\u62a5\uff1f","text":"\u8b66\u62a5\u662f\u53ef\u914d\u7f6e\u7684\u4e0b\u6e38\u64cd\u4f5c\uff0c\u53ef\u4ee5\u50cf\u8bb0\u5f55\u65e5\u5fd7\u4e00\u6837\u7b80\u5355\uff0c\u4e5f\u53ef\u4ee5\u50cf STDOUT \u5411\u5ba2\u6237\u7aef\u4f20\u9012 gRPC \u8c03\u7528\u4e00\u6837\u590d\u6742\u3002\u6709\u5173\u914d\u7f6e\u3001\u7406\u89e3\u548c\u5f00\u53d1\u8b66\u62a5\u7684\u66f4\u591a\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605Falco \u8b66\u62a5\u3002Falco \u53ef\u4ee5\u5c06\u8b66\u62a5\u53d1\u9001\u81f3\uff1a
Falco \u7531\u4ee5\u4e0b\u51e0\u4e2a\u4e3b\u8981\u7ec4\u4ef6\u7ec4\u6210\uff1a
\u7528\u6237\u7a7a\u95f4\u7a0b\u5e8f\uff1aCLI \u5de5\u5177\uff0c\u53ef\u7528\u4e8e\u4e0e Falco \u4ea4\u4e92\u3002\u7528\u6237\u7a7a\u95f4\u7a0b\u5e8f\u5904\u7406\u4fe1\u53f7\uff0c\u89e3\u6790\u6765\u81ea Falco \u9a71\u52a8\u7684\u4fe1\u606f\uff0c\u5e76\u53d1\u9001\u8b66\u62a5\u3002
\u914d\u7f6e\uff1a\u5b9a\u4e49 Falco \u7684\u8fd0\u884c\u65b9\u5f0f\u3001\u8981\u65ad\u8a00\u7684\u89c4\u5219\u4ee5\u53ca\u5982\u4f55\u6267\u884c\u8b66\u62a5\u3002\u6709\u5173\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u914d\u7f6e\u3002
Driver\uff1a\u4e00\u6b3e\u9075\u5faa Falco \u9a71\u52a8\u89c4\u8303\u5e76\u53d1\u9001\u7cfb\u7edf\u8c03\u7528\u4fe1\u606f\u6d41\u7684\u8f6f\u4ef6\u3002\u5982\u679c\u4e0d\u5b89\u88c5\u9a71\u52a8\u7a0b\u5e8f\uff0c\u5c06\u65e0\u6cd5\u8fd0\u884c Falco\u3002\u76ee\u524d\uff0cFalco \u652f\u6301\u4ee5\u4e0b\u9a71\u52a8\u7a0b\u5e8f\uff1a
\u7528\u6237\u7a7a\u95f4\u68c0\u6d4b
\u6709\u5173\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 Falco \u9a71\u52a8\u7a0b\u5e8f\u3002
\u63d2\u4ef6\uff1a\u53ef\u7528\u4e8e\u6269\u5c55 falco libraries/falco \u53ef\u6267\u884c\u6587\u4ef6\u7684\u529f\u80fd\uff0c\u6269\u5c55\u65b9\u5f0f\u662f\u901a\u8fc7\u6dfb\u52a0\u65b0\u7684\u4e8b\u4ef6\u6e90\u548c\u4ece\u4e8b\u4ef6\u4e2d\u63d0\u53d6\u4fe1\u606f\u7684\u65b0\u5b57\u6bb5\u3002 \u6709\u5173\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u63d2\u4ef6\u3002
Notebook \u901a\u5e38\u6307\u7684\u662f Jupyter Notebook \u6216\u7c7b\u4f3c\u7684\u4ea4\u4e92\u5f0f\u8ba1\u7b97\u73af\u5883\u3002 \u8fd9\u662f\u4e00\u79cd\u975e\u5e38\u6d41\u884c\u7684\u5de5\u5177\uff0c\u5e7f\u6cdb\u7528\u4e8e\u6570\u636e\u79d1\u5b66\u3001\u673a\u5668\u5b66\u4e60\u548c\u6df1\u5ea6\u5b66\u4e60\u7b49\u9886\u57df\u3002 \u672c\u9875\u8bf4\u660e\u5982\u4f55\u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4e2d\u4f7f\u7528 Notebook\u3002
"},{"location":"admin/share/notebook.html#_1","title":"\u524d\u7f6e\u6761\u4ef6","text":"\u5bfc\u822a\u81f3 AI Lab -> \u8fd0\u7ef4\u7ba1\u7406 -> \u961f\u5217\u7ba1\u7406 \uff0c\u70b9\u51fb\u53f3\u4fa7\u7684 \u521b\u5efa \u6309\u94ae
\u952e\u5165\u540d\u79f0\uff0c\u9009\u62e9\u96c6\u7fa4\u3001\u5de5\u4f5c\u7a7a\u95f4\u548c\u914d\u989d\u540e\uff0c\u70b9\u51fb \u786e\u5b9a
\u4ee5 \u7528\u6237\u8eab\u4efd \u767b\u5f55 AI \u7b97\u529b\u5e73\u53f0\uff0c\u5bfc\u822a\u81f3 AI Lab -> Notebook \uff0c\u70b9\u51fb\u53f3\u4fa7\u7684 \u521b\u5efa \u6309\u94ae
\u914d\u7f6e\u5404\u9879\u53c2\u6570\u540e\u70b9\u51fb \u786e\u5b9a
\u57fa\u672c\u4fe1\u606f\u8d44\u6e90\u914d\u7f6e\u9ad8\u7ea7\u914d\u7f6e\u952e\u5165\u540d\u79f0\uff0c\u9009\u62e9\u96c6\u7fa4\u3001\u547d\u540d\u7a7a\u95f4\uff0c\u9009\u62e9\u521a\u521b\u5efa\u7684\u961f\u5217\uff0c\u70b9\u51fb \u4e00\u952e\u521d\u59cb\u5316
\u9009\u62e9 Notebook \u7c7b\u578b\uff0c\u914d\u7f6e\u5185\u5b58\u3001CPU\uff0c\u5f00\u542f GPU\uff0c\u521b\u5efa\u548c\u914d\u7f6e PVC\uff1a
\u5f00\u542f SSH \u5916\u7f51\u8bbf\u95ee\uff1a
\u81ea\u52a8\u8df3\u8f6c\u5230 Notebook \u5b9e\u4f8b\u5217\u8868\uff0c\u70b9\u51fb\u5b9e\u4f8b\u540d\u79f0
\u8fdb\u5165 Notebook \u5b9e\u4f8b\u8be6\u60c5\u9875\uff0c\u70b9\u51fb\u53f3\u4e0a\u89d2\u7684 \u6253\u5f00 \u6309\u94ae
\u8fdb\u5165\u4e86 Notebook \u5f00\u53d1\u73af\u5883\uff0c\u6bd4\u5982\u5728 /home/jovyan
\u76ee\u5f55\u6302\u8f7d\u4e86\u6301\u4e45\u5377\uff0c\u53ef\u4ee5\u901a\u8fc7 git \u514b\u9686\u4ee3\u7801\uff0c\u901a\u8fc7 SSH \u8fde\u63a5\u540e\u4e0a\u4f20\u6570\u636e\u7b49\u3002
\u5728\u81ea\u5df1\u7684\u7535\u8111\u4e0a\u751f\u6210 SSH \u5bc6\u94a5\u5bf9
\u5728\u81ea\u5df1\u7535\u8111\u4e0a\u6253\u5f00\u547d\u4ee4\u884c\uff0c\u6bd4\u5982\u5728 Windows \u4e0a\u6253\u5f00 git bash\uff0c\u8f93\u5165 ssh-keygen.exe -t rsa
\uff0c\u7136\u540e\u4e00\u8def\u56de\u8f66\u3002
\u901a\u8fc7 cat ~/.ssh/id_rsa.pub
\u7b49\u547d\u4ee4\u67e5\u770b\u5e76\u590d\u5236\u516c\u94a5
\u4ee5\u7528\u6237\u8eab\u4efd\u767b\u5f55 AI \u7b97\u529b\u5e73\u53f0\uff0c\u5728\u53f3\u4e0a\u89d2\u70b9\u51fb \u4e2a\u4eba\u4e2d\u5fc3 -> SSH \u516c\u94a5 -> \u5bfc\u5165 SSH \u516c\u94a5
\u8fdb\u5165 Notebook \u5b9e\u4f8b\u7684\u8be6\u60c5\u9875\uff0c\u590d\u5236 SSH \u7684\u94fe\u63a5
\u5728\u5ba2\u6237\u7aef\u4f7f\u7528 SSH \u8bbf\u95ee Notebook \u5b9e\u4f8b
\u4e0b\u4e00\u6b65\uff1a\u521b\u5efa\u8bad\u7ec3\u4efb\u52a1
"},{"location":"admin/share/quota.html","title":"\u914d\u989d\u7ba1\u7406","text":"\u7528\u6237\u88ab\u7ed1\u5b9a\u5230\u5de5\u4f5c\u7a7a\u95f4\u540e\uff0c\u5373\u53ef\u4e3a\u5de5\u4f5c\u7a7a\u95f4\u5206\u914d\u8d44\u6e90\uff0c\u7ba1\u7406\u8d44\u6e90\u914d\u989d\u3002
"},{"location":"admin/share/quota.html#_2","title":"\u524d\u7f6e\u6761\u4ef6","text":"\u4e3a\u5de5\u4f5c\u7a7a\u95f4\u5206\u914d\u8d44\u6e90\u914d\u989d
\u7ba1\u7406\u547d\u540d\u7a7a\u95f4 test-ns-1
\u7684\u8d44\u6e90\u914d\u989d\uff0c\u5176\u6570\u503c\u4e0d\u80fd\u8d85\u8fc7\u5de5\u4f5c\u7a7a\u95f4\u7684\u914d\u989d\u3002
\u4ee5 \u7528\u6237\u8eab\u4efd \u767b\u5f55 AI \u7b97\u529b\u5e73\u53f0\uff0c\u67e5\u770b\u5176\u662f\u5426\u88ab\u5206\u914d\u4e86 test-ns-1
\u547d\u540d\u7a7a\u95f4\u3002
\u4e0b\u4e00\u6b65\uff1a\u521b\u5efa AI \u8d1f\u8f7d\u4f7f\u7528 GPU \u8d44\u6e90
"},{"location":"admin/share/workload.html","title":"\u521b\u5efa AI \u8d1f\u8f7d\u4f7f\u7528 GPU \u8d44\u6e90","text":"\u7ba1\u7406\u5458\u4e3a\u5de5\u4f5c\u7a7a\u95f4\u5206\u914d\u8d44\u6e90\u914d\u989d\u540e\uff0c\u7528\u6237\u5c31\u53ef\u4ee5\u521b\u5efa AI \u5de5\u4f5c\u8d1f\u8f7d\u6765\u4f7f\u7528 GPU \u7b97\u529b\u8d44\u6e90\u3002
"},{"location":"admin/share/workload.html#_1","title":"\u524d\u7f6e\u6761\u4ef6","text":"\u5bfc\u822a\u81f3 \u5bb9\u5668\u7ba1\u7406 \uff0c\u9009\u62e9\u4e00\u4e2a\u547d\u540d\u7a7a\u95f4\uff0c\u70b9\u51fb \u5de5\u4f5c\u8d1f\u8f7d -> \u65e0\u72b6\u6001\u8d1f\u8f7d \uff0c \u70b9\u51fb\u53f3\u4fa7\u7684 \u955c\u50cf\u521b\u5efa \u6309\u94ae
\u914d\u7f6e\u5404\u9879\u53c2\u6570\u540e\u70b9\u51fb \u786e\u5b9a
\u57fa\u672c\u4fe1\u606f\u5bb9\u5668\u914d\u7f6e\u5176\u4ed6\u9009\u62e9\u81ea\u5df1\u7684\u547d\u540d\u7a7a\u95f4\u3002
\u8bbe\u7f6e\u955c\u50cf\uff0c\u914d\u7f6e CPU\u3001\u5185\u5b58\u3001GPU \u7b49\u8d44\u6e90\uff0c\u8bbe\u7f6e\u542f\u52a8\u547d\u4ee4\u3002
\u670d\u52a1\u914d\u7f6e\u548c\u9ad8\u7ea7\u914d\u7f6e\u53ef\u4ee5\u4f7f\u7528\u9ed8\u8ba4\u914d\u7f6e\u3002
\u81ea\u52a8\u8fd4\u56de\u65e0\u72b6\u6001\u8d1f\u8f7d\u5217\u8868\uff0c\u70b9\u51fb\u8d1f\u8f7d\u540d\u79f0
\u8fdb\u5165\u8be6\u60c5\u9875\uff0c\u53ef\u4ee5\u770b\u5230 GPU \u914d\u989d
\u4f60\u8fd8\u53ef\u4ee5\u8fdb\u5165\u63a7\u5236\u53f0\uff0c\u8fd0\u884c mx-smi
\u547d\u4ee4\u67e5\u770b GPU \u8d44\u6e90
\u4e0b\u4e00\u6b65\uff1a\u4f7f\u7528 Notebook
"},{"location":"admin/virtnest/best-practice/import-ubuntu.html","title":"\u5982\u4f55\u4ece VMWare \u5bfc\u5165\u4f20\u7edf Linux \u4e91\u4e3b\u673a\u5230\u4e91\u539f\u751f\u4e91\u4e3b\u673a\u5e73\u53f0","text":"\u672c\u6587\u5c06\u8be6\u7ec6\u4ecb\u7ecd\u5982\u4f55\u901a\u8fc7\u547d\u4ee4\u884c\u5c06\u5916\u90e8\u5e73\u53f0 VMware \u4e0a\u7684 Linux \u4e91\u4e3b\u673a\u5bfc\u5165\u5230 AI \u7b97\u529b\u4e2d\u5fc3\u7684\u4e91\u4e3b\u673a\u4e2d\u3002
Info
\u672c\u6587\u6863\u5916\u90e8\u865a\u62df\u5e73\u53f0\u662f VMware vSphere Client\uff0c\u540e\u7eed\u7b80\u5199\u4e3a vSphere\u3002 \u6280\u672f\u4e0a\u662f\u4f9d\u9760 kubevirt cdi \u6765\u5b9e\u73b0\u7684\u3002\u64cd\u4f5c\u524d\uff0cvSphere \u4e0a\u88ab\u5bfc\u5165\u7684\u4e91\u4e3b\u673a\u9700\u8981\u5173\u673a\u3002 \u4ee5 Ubuntu \u64cd\u4f5c\u7cfb\u7edf\u7684\u4e91\u4e3b\u673a\u4e3a\u4f8b\u3002
"},{"location":"admin/virtnest/best-practice/import-ubuntu.html#vsphere","title":"\u83b7\u53d6 vSphere \u7684\u4e91\u4e3b\u673a\u57fa\u7840\u4fe1\u606f","text":"vSphere URL\uff1a\u76ee\u6807\u5e73\u53f0\u7684 URL \u5730\u5740\u4fe1\u606f
vSphere SSL \u8bc1\u4e66\u6307\u7eb9 thumbprint\uff1a\u9700\u8981\u901a\u8fc7 openssl \u83b7\u53d6
openssl s_client -connect 10.64.56.11:443 </dev/null | openssl x509 -in /dev/stdin -fingerprint -sha1 -noout\n
\u8f93\u51fa\u7c7b\u4f3c\u4e8e\uff1a
Can't use SSL_get_servername\ndepth=0 CN = vcsa.daocloud.io\nverify error:num=20:unable to get local issuer certificate\nverify return:1\ndepth=0 CN = vcsa.daocloud.io\nverify error:num=21:unable to verify the first certificate\nverify return:1\ndepth=0 CN = vcsa.daocloud.io\nverify return:1\nDONE\nsha1 Fingerprint=C3:9D:D7:55:6A:43:11:2B:DE:BA:27:EA:3B:C2:13:AF:E4:12:62:4D # \u6240\u9700\u503c\n
vSphere \u8d26\u53f7\uff1a\u83b7\u53d6 vSphere \u7684\u8d26\u53f7\u4fe1\u606f\uff0c\u6ce8\u610f\u6743\u9650\u95ee\u9898
vSphere \u5bc6\u7801\uff1a\u83b7\u53d6 vSphere \u7684\u5bc6\u7801\u4fe1\u606f
\u9700\u8981\u5bfc\u5165\u4e91\u4e3b\u673a\u7684 UUID\uff08\u9700\u8981\u5728 vSphere \u7684 web \u9875\u9762\u83b7\u53d6\uff09
\u8fdb\u5165 Vsphere \u9875\u9762\u4e2d\uff0c\u8fdb\u5165\u88ab\u5bfc\u5165\u4e91\u4e3b\u673a\u7684\u8be6\u60c5\u9875\u9762\uff0c\u70b9\u51fb \u7f16\u8f91\u914d\u7f6e \uff0c\u6b64\u65f6\u6253\u5f00\u6d4f\u89c8\u5668\u7684\u5f00\u53d1\u8005\u63a7\u5236\u53f0\uff0c \u70b9\u51fb \u7f51\u7edc \u2014> \u6807\u5934 \u627e\u5230\u5982\u4e0b\u56fe\u6240\u793a\u7684 URL\u3002
\u70b9\u51fb \u54cd\u5e94 \uff0c\u5b9a\u4f4d\u5230 vmConfigContext \u2014> config \uff0c\u6700\u7ec8\u627e\u5230\u76ee\u6807\u503c uuid \u3002
\u9700\u8981\u5bfc\u5165\u4e91\u4e3b\u673a\u7684 vmdk \u6587\u4ef6 path
\u9700\u8981\u6839\u636e\u7f51\u7edc\u6a21\u5f0f\u7684\u4e0d\u540c\u914d\u7f6e\u4e0d\u540c\u7684\u4fe1\u606f\uff0c\u82e5\u6709\u56fa\u5b9a IP \u7684\u9700\u6c42\uff0c\u9700\u8981\u9009\u62e9 Bridge \u7f51\u7edc\u6a21\u5f0f
\u521b\u5efa\u5b50\u7f51\u53ca IP \u6c60\uff0c\u53c2\u8003\u521b\u5efa\u5b50\u7f51\u548c IP \u6c60
apiVersion: spiderpool.spidernet.io/v2beta1\nkind: SpiderIPPool\nmetadata:\n name: test2\nspec:\n ips:\n - 10.20.3.90\n subnet: 10.20.0.0/16\n gateway: 10.20.0.1\n\n---\napiVersion: spiderpool.spidernet.io/v2beta1\nkind: SpiderIPPool\nmetadata:\n name: test3\nspec:\n ips:\n - 10.20.240.1\n subnet: 10.20.0.0/16\n gateway: 10.20.0.1\n\n---\napiVersion: spiderpool.spidernet.io/v2beta1\nkind: SpiderMultusConfig\nmetadata:\n name: test1\n namespace: kube-system\nspec:\n cniType: ovs\n coordinator:\n detectGateway: false\n detectIPConflict: false\n mode: auto\n tunePodRoutes: true\n disableIPAM: false\n enableCoordinator: true\n ovs:\n bridge: br-1\n ippools:\n ipv4:\n - test1\n - test2\n
apiVersion: v1\nkind: Secret\nmetadata:\n name: vsphere # \u53ef\u66f4\u6539\n labels:\n app: containerized-data-importer # \u8bf7\u52ff\u66f4\u6539\ntype: Opaque\ndata:\n accessKeyId: \"username-base64\"\n secretKey: \"password-base64\"\n
"},{"location":"admin/virtnest/best-practice/import-ubuntu.html#kubevirt-vm-yaml-vm","title":"\u7f16\u5199 kubevirt vm yaml \u521b\u5efa vm","text":"Tip
\u82e5\u6709\u56fa\u5b9aIP\u9700\u6c42\uff0c\u5219\u8be5 yaml \u4e0e\u4f7f\u7528\u9ed8\u8ba4\u7f51\u7edc\u7684 yaml \u6709\u4e00\u4e9b\u533a\u522b\uff0c\u5df2\u6807\u6ce8\u3002
apiVersion: kubevirt.io/v1\nkind: VirtualMachine\nmetadata:\n annotations:\n kubevirt.io/latest-observed-api-version: v1\n kubevirt.io/storage-observed-api-version: v1\n virtnest.io/alias-name: \"\"\n virtnest.io/image-secret: \"\"\n creationTimestamp: \"2024-05-23T06:46:28Z\"\n finalizers:\n - kubevirt.io/virtualMachineControllerFinalize\n generation: 1\n labels:\n virtnest.io/os-family: Ubuntu\n virtnest.io/os-version: \"22.04\"\n name: export-ubuntu\n namespace: default\nspec:\n dataVolumeTemplates:\n - metadata:\n creationTimestamp: null\n name: export-ubuntu-rootdisk\n namespace: default\n spec:\n pvc:\n accessModes:\n - ReadWriteOnce\n resources:\n requests:\n storage: 10Gi\n storageClassName: local-path\n source:\n vddk:\n backingFile: \"[A05-09-ShangPu-Local-DataStore] virtnest-export-ubuntu/virtnest-export-ubuntu.vmdk\" \n url: \"https://10.64.56.21\" \n uuid: \"421d6135-4edb-df80-ee54-8c5b10cc4e78\" \n thumbprint: \"D7:C4:22:E3:6F:69:DA:72:50:81:12:FA:42:18:3F:29:5C:7F:41:CA\" \n secretRef: \"vsphere\"\n initImageURL: \"release.daocloud.io/virtnest/vddk:v8\"\n runStrategy: Manual\n template:\n metadata:\n annotations:\n ipam.spidernet.io/ippools: '[{\"cleangateway\":false,\"ipv4\":[\"test2\"]}]' // \u8fd9\u91cc\u6dfb\u52a0 spiderpool \u7f51\u7edc\n creationTimestamp: null\n spec:\n architecture: amd64\n domain:\n devices:\n disks:\n - bootOrder: 1\n disk:\n bus: virtio\n name: rootdisk\n interfaces: // \u4fee\u6539\u8fd9\u91cc\u7684\u7f51\u7edc\u914d\u7f6e\n - bridge: {}\n name: ovs-bridge0\n machine:\n type: q35\n resources:\n requests:\n memory: 4Gi\n networks: // \u4fee\u6539\u8fd9\u91cc\u7684\u7f51\u7edc\u914d\u7f6e\n - multus:\n default: true\n networkName: kube-system/test1\n name: ovs-bridge0\n volumes:\n - dataVolume:\n name: export-ubuntu-rootdisk\n name: rootdisk\n
"},{"location":"admin/virtnest/best-practice/import-ubuntu.html#vnc","title":"\u8fdb\u5165 VNC \u68c0\u67e5\u662f\u5426\u6210\u529f\u8fd0\u884c","text":"\u4fee\u6539\u4e91\u4e3b\u673a\u7684\u7f51\u7edc\u914d\u7f6e
\u67e5\u770b\u5f53\u524d\u7f51\u7edc
\u5728\u5b9e\u9645\u5bfc\u5165\u5b8c\u6210\u65f6\uff0c\u5982\u4e0b\u56fe\u6240\u793a\u7684\u914d\u7f6e\u5df2\u7ecf\u5b8c\u6210\u3002\u7136\u800c\uff0c\u9700\u8981\u6ce8\u610f\u7684\u662f\uff0cenp1s0\u63a5\u53e3\u5e76\u6ca1\u6709\u5305\u542binet\u5b57\u6bb5\uff0c\u56e0\u6b64\u65e0\u6cd5\u8fde\u63a5\u5230\u5916\u90e8\u7f51\u7edc\u3002
\u914d\u7f6e netplan
\u5728\u4e0a\u56fe\u6240\u793a\u7684\u914d\u7f6e\u4e2d\uff0c\u5c06 ethernets \u4e2d\u7684\u5bf9\u8c61\u66f4\u6539\u4e3a enp1s0\uff0c\u5e76\u4f7f\u7528 DHCP \u83b7\u5f97 IP \u5730\u5740\u3002
\u5c06 netplan \u914d\u7f6e\u5e94\u7528\u5230\u7cfb\u7edf\u7f51\u7edc\u914d\u7f6e\u4e2d
sudo netplan apply\n
\u5bf9\u5916\u90e8\u7f51\u7edc\u8fdb\u884c ping \u6d4b\u8bd5
\u901a\u8fc7 SSH \u5728\u8282\u70b9\u4e0a\u8bbf\u95ee\u4e91\u4e3b\u673a\u3002
\u672c\u6587\u5c06\u8be6\u7ec6\u4ecb\u7ecd\u5982\u4f55\u901a\u8fc7\u547d\u4ee4\u884c\u5c06\u5916\u90e8\u5e73\u53f0 VMware \u4e0a\u7684\u4e91\u4e3b\u673a\u5bfc\u5165\u5230 AI \u7b97\u529b\u4e2d\u5fc3\u7684\u4e91\u4e3b\u673a\u4e2d\u3002
Info
\u672c\u6587\u6863\u5916\u90e8\u865a\u62df\u5e73\u53f0\u662f VMware vSphere Client\uff0c\u540e\u7eed\u7b80\u5199\u4e3a vSphere\u3002 \u6280\u672f\u4e0a\u662f\u4f9d\u9760 kubevirt cdi \u6765\u5b9e\u73b0\u7684\u3002\u64cd\u4f5c\u524d\uff0cvSphere \u4e0a\u88ab\u5bfc\u5165\u7684\u4e91\u4e3b\u673a\u9700\u8981\u5173\u673a\u3002 \u4ee5 Windows \u64cd\u4f5c\u7cfb\u7edf\u7684\u4e91\u4e3b\u673a\u4e3a\u4f8b\u3002
"},{"location":"admin/virtnest/best-practice/import-windows.html#_1","title":"\u73af\u5883\u51c6\u5907","text":"\u5bfc\u5165\u524d\uff0c\u9700\u8981\u53c2\u8003\u7f51\u7edc\u914d\u7f6e\u51c6\u5907\u73af\u5883\u3002
"},{"location":"admin/virtnest/best-practice/import-windows.html#windows","title":"\u83b7\u53d6 Windows \u4e91\u4e3b\u673a\u7684\u4fe1\u606f","text":"\u4e0e\u5bfc\u5165 Linux \u64cd\u4f5c\u7cfb\u7edf\u7684\u4e91\u4e3b\u673a\u7c7b\u4f3c\uff0c\u53ef\u53c2\u8003\u5982\u4f55\u4ece VMWare \u5bfc\u5165\u4f20\u7edf Linuxs \u4e91\u4e3b\u673a\u5230\u4e91\u539f\u751f\u4e91\u4e3b\u673a\u5e73\u53f0\u83b7\u53d6\u4ee5\u4e0b\u4fe1\u606f\uff1a
\u5c06\u5916\u90e8\u5e73\u53f0\u7684\u4e91\u4e3b\u673a\u5bfc\u5165\u5230 AI \u7b97\u529b\u4e2d\u5fc3\u7684\u865a\u62df\u5316\u5e73\u53f0\u4e2d\u65f6\uff0c\u9700\u8981\u6839\u636e\u4e91\u4e3b\u673a\u7684\u542f\u52a8\u7c7b\u578b\uff08BIOS \u6216 UEFI\uff09\u8fdb\u884c\u76f8\u5e94\u7684\u914d\u7f6e\uff0c\u4ee5\u786e\u4fdd\u4e91\u4e3b\u673a\u80fd\u591f\u6b63\u786e\u542f\u52a8\u548c\u8fd0\u884c\u3002
\u53ef\u4ee5\u901a\u8fc7\"\u7cfb\u7edf\u4fe1\u606f\"\u68c0\u67e5 Windows \u662f BIOS \u8fd8\u662f UEFI \u5f15\u5bfc\u3002\u5982\u679c\u662f UEFI \u5219\u9700\u8981\u5728 YAML \u6587\u4ef6\u4e2d\u6dfb\u52a0\u76f8\u5173\u4fe1\u606f\u3002
"},{"location":"admin/virtnest/best-practice/import-windows.html#_2","title":"\u5bfc\u5165\u8fc7\u7a0b","text":"\u51c6\u5907 window.yaml
\u6587\u4ef6\uff0c\u6ce8\u610f\u4ee5\u4e0b\u914d\u7f6e\u9879
apiVersion: kubevirt.io/v1\nkind: VirtualMachine\nmetadata:\n labels:\n virtnest.io/os-family: windows\n virtnest.io/os-version: \"server2019\"\n name: export-window-21\n namespace: default\nspec:\n dataVolumeTemplates:\n - metadata:\n name: export-window-21-rootdisk\n spec:\n pvc:\n accessModes:\n - ReadWriteOnce\n resources:\n requests:\n storage: 22Gi\n storageClassName: local-path\n source:\n vddk:\n backingFile: \"[A05-09-ShangPu-Local-DataStore] virtnest-export-window/virtnest-export-window.vmdk\"\n url: \"https://10.64.56.21\"\n uuid: \"421d40f2-21a2-cfeb-d5c9-e7f8abfc2faa\"\n thumbprint: \"D7:C4:22:E3:6F:69:DA:72:50:81:12:FA:42:18:3F:29:5C:7F:41:CA\"\n secretRef: \"vsphere21\"\n initImageURL: \"release.daocloud.io/virtnest/vddk:v8\"\n - metadata:\n name: export-window-21-datadisk\n spec:\n pvc:\n accessModes:\n - ReadWriteOnce\n resources:\n requests:\n storage: 1Gi\n storageClassName: local-path\n source:\n vddk:\n backingFile: \"[A05-09-ShangPu-Local-DataStore] virtnest-export-window/virtnest-export-window_1.vmdk\"\n url: \"https://10.64.56.21\"\n uuid: \"421d40f2-21a2-cfeb-d5c9-e7f8abfc2faa\"\n thumbprint: \"D7:C4:22:E3:6F:69:DA:72:50:81:12:FA:42:18:3F:29:5C:7F:41:CA\"\n secretRef: \"vsphere21\"\n initImageURL: \"release.daocloud.io/virtnest/vddk:v8\"\n # <1>. \u5f15\u5bfc virtio \u9a71\u52a8\u7684 pvc\n # \u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\n - metadata:\n name: virtio-disk\n spec:\n pvc:\n accessModes:\n - ReadWriteOnce\n resources:\n requests:\n storage: 10Mi\n storageClassName: local-path\n source:\n blank: {}\n # \u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\n running: true\n template:\n metadata:\n annotations:\n ipam.spidernet.io/ippools: '[{\"cleangateway\":false,\"ipv4\":[\"test86\"]}]'\n spec:\n dnsConfig:\n nameservers:\n - 223.5.5.5\n domain:\n cpu:\n cores: 2\n memory:\n guest: 4Gi\n devices:\n disks:\n - bootOrder: 1\n disk:\n bus: sata # <2> \u78c1\u76d8\u603b\u7ebf\u7c7b\u578b\uff0c\u6839\u636e\u5f15\u5bfc\u7c7b\u578b\u8bbe\u7f6e\u4e3a sata \u6216 virtio\n name: rootdisk\n - bootOrder: 2\n disk:\n bus: sata # <2> \u78c1\u76d8\u603b\u7ebf\u7c7b\u578b\uff0c\u6839\u636e\u5f15\u5bfc\u7c7b\u578b\u8bbe\u7f6e\u4e3a sata \u6216 virtio\n name: datadisk\n # <1>. \u5f15\u5bfc virtio \u9a71\u52a8\u7684 disk\n # \u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\n - bootOrder: 3\n disk:\n bus: virtio\n name: virtdisk\n - bootOrder: 4\n cdrom:\n bus: sata\n name: virtiocontainerdisk\n # \u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\n interfaces:\n - bridge: {}\n name: ovs-bridge0\n # <3> \u5728\u4e0a\u6587\u201c\u67e5\u770b window \u5f15\u5bfc\u662f BIOS \u8fd8\u662f UEFI\u201d\n # \u5982\u679c\u4f7f\u7528\u4e86 UEFI \u9700\u8981\u6dfb\u52a0\u7684\u4fe1\u606f\n # \u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\n features:\n smm:\n enabled: true\n firmware:\n bootloader:\n efi:\n secureBoot: false\n # \u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\n machine:\n type: q35\n resources:\n requests:\n memory: 4Gi\n networks:\n - multus:\n default: true\n networkName: kube-system/test1\n name: ovs-bridge0\n volumes:\n - dataVolume:\n name: export-window-21-rootdisk\n name: rootdisk\n - dataVolume:\n name: export-window-21-datadisk\n name: datadisk \n # <1> \u5f15\u5bfc virtio \u9a71\u52a8\u7684 volumes\n # \u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\n - dataVolume:\n name: virtio-disk\n name: virtdisk\n - containerDisk:\n image: release-ci.daocloud.io/virtnest/kubevirt/virtio-win:v4.12.12-5\n name: virtiocontainerdisk\n # \u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\n
"},{"location":"admin/virtnest/best-practice/import-windows.html#vnc-virtio","title":"\u901a\u8fc7 VNC \u5b89\u88c5 VirtIO \u9a71\u52a8","text":"# \u5220\u9664 \u6807\u53f7 <1> \u76f8\u5173\u5b57\u6bb5\uff0c\u4fee\u6539\u6807\u53f7 <2> \u5b57\u6bb5\uff1asata \u6539\u6210 virtio\napiVersion: kubevirt.io/v1\nkind: VirtualMachine\nmetadata:\n labels:\n virtnest.io/os-family: windows\n virtnest.io/os-version: \"server2019\"\n name: export-window-21\n namespace: default\nspec:\n dataVolumeTemplates:\n - metadata:\n name: export-window-21-rootdisk\n spec:\n pvc:\n accessModes:\n - ReadWriteOnce\n resources:\n requests:\n storage: 22Gi\n storageClassName: local-path\n source:\n vddk:\n backingFile: \"[A05-09-ShangPu-Local-DataStore] virtnest-export-window/virtnest-export-window.vmdk\"\n url: \"https://10.64.56.21\"\n uuid: \"421d40f2-21a2-cfeb-d5c9-e7f8abfc2faa\"\n thumbprint: \"D7:C4:22:E3:6F:69:DA:72:50:81:12:FA:42:18:3F:29:5C:7F:41:CA\"\n secretRef: \"vsphere21\"\n initImageURL: \"release.daocloud.io/virtnest/vddk:v8\"\n - metadata:\n name: export-window-21-datadisk\n spec:\n pvc:\n accessModes:\n - ReadWriteOnce\n resources:\n requests:\n storage: 1Gi\n storageClassName: local-path\n source:\n vddk:\n backingFile: \"[A05-09-ShangPu-Local-DataStore] virtnest-export-window/virtnest-export-window_1.vmdk\"\n url: \"https://10.64.56.21\"\n uuid: \"421d40f2-21a2-cfeb-d5c9-e7f8abfc2faa\"\n thumbprint: \"D7:C4:22:E3:6F:69:DA:72:50:81:12:FA:42:18:3F:29:5C:7F:41:CA\"\n secretRef: \"vsphere21\"\n initImageURL: \"release.daocloud.io/virtnest/vddk:v8\"\n running: true\n template:\n metadata:\n annotations:\n ipam.spidernet.io/ippools: '[{\"cleangateway\":false,\"ipv4\":[\"test86\"]}]'\n spec:\n dnsConfig:\n nameservers:\n - 223.5.5.5\n domain:\n cpu:\n cores: 2\n memory:\n guest: 4Gi\n devices:\n disks:\n - bootOrder: 1\n disk:\n bus: virtio # <2>\n name: rootdisk\n - bootOrder: 2\n disk:\n bus: virtio # <2>\n name: datadisk\n interfaces:\n - bridge: {}\n name: ovs-bridge0\n # <3> \u5728\u4e0a\u6587\u201c\u67e5\u770b window \u5f15\u5bfc\u662f BIOS \u8fd8\u662f UEFI\u201d\n # \u5982\u679c\u4f7f\u7528\u4e86 UEFI \u9700\u8981\u6dfb\u52a0\u7684\u4fe1\u606f\n # \u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\n features:\n smm:\n enabled: true\n firmware:\n bootloader:\n efi:\n secureBoot: false\n # \u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\n machine:\n type: q35\n resources:\n requests:\n memory: 4Gi\n networks:\n - multus:\n default: true\n networkName: kube-system/test1\n name: ovs-bridge0\n volumes:\n - dataVolume:\n name: export-window-21-rootdisk\n name: rootdisk\n - dataVolume:\n name: export-window-21-datadisk\n name: datadisk\n
"},{"location":"admin/virtnest/best-practice/import-windows.html#rdp","title":"RDP \u8bbf\u95ee\u548c\u9a8c\u8bc1","text":"\u4f7f\u7528 RDP \u5ba2\u6237\u7aef\u8fde\u63a5\u5230\u4e91\u4e3b\u673a\u3002\u8f93\u5165\u9ed8\u8ba4\u8d26\u53f7 admin
\u548c\u5bc6\u7801 dangerous!123
\u8fdb\u884c\u767b\u5f55\u3002
\u9a8c\u8bc1\u7f51\u7edc\u8bbf\u95ee\u548c\u6570\u636e\u76d8\u6570\u636e
\u672c\u6587\u5c06\u4ecb\u7ecd\u5982\u4f55\u901a\u8fc7\u547d\u4ee4\u884c\u521b\u5efa Windows \u4e91\u4e3b\u673a\u3002
"},{"location":"admin/virtnest/best-practice/vm-windows.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u200b\u521b\u5efa Windows \u4e91\u4e3b\u673a\u9700\u8981\u5bfc\u5165 ISO \u955c\u50cf\u7684\u4e3b\u8981\u539f\u56e0\u662f\u4e3a\u4e86\u5b89\u88c5 Windows \u64cd\u4f5c\u7cfb\u7edf\u3002 \u4e0e Linux \u64cd\u4f5c\u7cfb\u7edf\u4e0d\u540c\uff0cWindows \u64cd\u4f5c\u7cfb\u7edf\u5b89\u88c5\u8fc7\u7a0b\u901a\u5e38\u9700\u8981\u4ece\u5b89\u88c5\u5149\u76d8\u6216 ISO \u955c\u50cf\u6587\u4ef6\u4e2d\u5f15\u5bfc\u3002 \u56e0\u6b64\uff0c\u5728\u521b\u5efa Windows \u4e91\u4e3b\u673a\u65f6\uff0c\u9700\u8981\u5148\u5bfc\u5165 Windows \u64cd\u4f5c\u7cfb\u7edf\u7684\u5b89\u88c5 ISO \u955c\u50cf\u6587\u4ef6\uff0c\u4ee5\u4fbf\u4e91\u4e3b\u673a\u80fd\u591f\u6b63\u5e38\u5b89\u88c5\u3002
\u4ee5\u4e0b\u4ecb\u7ecd\u4e24\u4e2a\u5bfc\u5165 ISO \u955c\u50cf\u7684\u529e\u6cd5\uff1a
\uff08\u63a8\u8350\uff09\u5236\u4f5c Docker \u955c\u50cf\uff0c\u5efa\u8bae\u53c2\u8003 \u6784\u5efa\u955c\u50cf
\uff08\u4e0d\u63a8\u8350\uff09\u4f7f\u7528 virtctl \u5c06\u955c\u50cf\u5bfc\u5165\u5230 PVC \u4e2d
\u53ef\u53c2\u8003\u5982\u4e0b\u547d\u4ee4
virtctl image-upload -n <\u547d\u540d\u7a7a\u95f4> pvc <PVC \u540d\u79f0> \\ \n --image-path=<IOS \u6587\u4ef6\u8def\u5f84> \\ \n --access-mode=ReadWriteOnce \\ \n --size=6G \\ --uploadproxy-url=<https://cdi-uploadproxy ClusterIP \u548c\u7aef\u53e3> \\ \n --force-bind \\ \n --insecure \\ \n --wait-secs=240 \\ \n --storage-class=<SC>\n
\u4f8b\u5982\uff1a
virtctl image-upload -n <\u547d\u540d\u7a7a\u95f4> pvc <PVC \u540d\u79f0> \\ \n --image-path=<IOS \u6587\u4ef6\u8def\u5f84> \\ \n --access-mode=ReadWriteOnce \\ \n --size=6G \\ --uploadproxy-url=<https://cdi-uploadproxy ClusterIP \u548c\u7aef\u53e3> \\ \n --force-bind \\ \n --insecure \\ \n --wait-secs=240 \\ \n --storage-class=<SC>\n
\u4f7f\u7528 yaml \u521b\u5efa Windows \u4e91\u4e3b\u673a\uff0c\u66f4\u52a0\u7075\u6d3b\u5e76\u4e14\u66f4\u6613\u7f16\u5199\u559d\u7ef4\u62a4\u3002\u4ee5\u4e0b\u4ecb\u7ecd\u4e09\u79cd\u53c2\u8003\u7684 yaml\uff1a
\u63a8\u8350\u4f7f\u7528 Virtio \u9a71\u52a8 + Docker \u955c\u50cf\u7684\u65b9\u5f0f
apiVersion: kubevirt.io/v1\nkind: VirtualMachine\nmetadata:\n annotations:\n kubevirt.io/latest-observed-api-version: v1\n kubevirt.io/storage-observed-api-version: v1\n labels:\n virtnest.io/os-family: Windows\n virtnest.io/os-version: '10'\n name: windows10-virtio\n namespace: default\nspec:\n dataVolumeTemplates:\n - metadata:\n name: win10-system-virtio\n namespace: default\n spec:\n pvc:\n accessModes:\n - ReadWriteOnce\n resources:\n requests:\n storage: 32Gi\n storageClassName: local-path\n source:\n blank: {}\n running: true\n template:\n metadata:\n labels:\n app: windows10-virtio\n version: v1\n kubevirt.io/domain: windows10-virtio\n spec:\n architecture: amd64\n domain:\n cpu:\n cores: 8\n sockets: 1\n threads: 1\n devices:\n disks:\n - bootOrder: 1\n disk:\n bus: virtio # \u4f7f\u7528 virtio\n name: win10-system-virtio\n - bootOrder: 2\n cdrom:\n bus: sata # \u5bf9\u4e8e ISO \u955c\u50cf\uff0c\u4f7f\u7528 sata\n name: iso-win10\n - bootOrder: 3\n cdrom:\n bus: sata # \u5bf9\u4e8e containerdisk\uff0c\u4f7f\u7528 sata\n name: virtiocontainerdisk\n interfaces:\n - name: default\n masquerade: {}\n machine:\n type: q35\n resources:\n requests:\n memory: 8G\n networks:\n - name: default\n pod: {}\n volumes:\n - name: iso-win10\n persistentVolumeClaim:\n claimName: iso-win10\n - name: win10-system-virtio\n persistentVolumeClaim:\n claimName: win10-system-virtio\n - containerDisk:\n image: kubevirt/virtio-container-disk\n name: virtiocontainerdisk\n
\uff08\u4e0d\u63a8\u8350\uff09\u4f7f\u7528 Virtio \u9a71\u52a8\u548c virtctl \u5de5\u5177\u7684\u7ec4\u5408\u65b9\u5f0f\uff0c\u5c06\u955c\u50cf\u5bfc\u5165\u5230 Persistent Volume Claim\uff08PVC\uff09\u4e2d\u3002
apiVersion: kubevirt.io/v1\nkind: VirtualMachine\nmetadata:\n annotations:\n kubevirt.io/latest-observed-api-version: v1\n kubevirt.io/storage-observed-api-version: v1\n labels:\n virtnest.io/os-family: Windows\n virtnest.io/os-version: '10'\n name: windows10-virtio\n namespace: default\nspec:\n dataVolumeTemplates:\n - metadata:\n name: win10-system-virtio\n namespace: default\n spec:\n pvc:\n accessModes:\n - ReadWriteOnce\n resources:\n requests:\n storage: 32Gi\n storageClassName: local-path\n source:\n blank: {}\n running: true\n template:\n metadata:\n labels:\n app: windows10-virtio\n version: v1\n kubevirt.io/domain: windows10-virtio\n spec:\n architecture: amd64\n domain:\n cpu:\n cores: 8\n sockets: 1\n threads: 1\n devices:\n disks:\n - bootOrder: 1\n # \u8bf7\u4f7f\u7528 virtio\n disk:\n bus: virtio\n name: win10-system-virtio\n # ISO \u955c\u50cf\u8bf7\u4f7f\u7528 sata\n - bootOrder: 2\n cdrom:\n bus: sata\n name: iso-win10\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 # containerdisk \u8bf7\u4f7f\u7528 sata\n - bootOrder: 3\n cdrom:\n bus: sata\n name: virtiocontainerdisk\n interfaces:\n - name: default\n masquerade: {}\n machine:\n type: q35\n resources:\n requests:\n memory: 8G\n networks:\n - name: default\n pod: {}\n volumes:\n - name: iso-win10\n persistentVolumeClaim:\n claimName: iso-win10\n - name: win10-system-virtio\n persistentVolumeClaim:\n claimName: win10-system-virtio\n - containerDisk:\n image: kubevirt/virtio-container-disk\n name: virtiocontainerdisk\n
\uff08\u4e0d\u63a8\u8350\uff09\u4e0d\u4f7f\u7528 Virtio \u9a71\u52a8\u7684\u60c5\u51b5\u4e0b\uff0c\u4f7f\u7528 virtctl \u5de5\u5177\u5c06\u955c\u50cf\u5bfc\u5165\u5230 Persistent Volume Claim\uff08PVC\uff09\u4e2d\u3002\u4e91\u4e3b\u673a\u53ef\u80fd\u4f7f\u7528\u5176\u4ed6\u7c7b\u578b\u7684\u9a71\u52a8\u6216\u9ed8\u8ba4\u9a71\u52a8\u6765\u64cd\u4f5c\u78c1\u76d8\u548c\u7f51\u7edc\u8bbe\u5907\u3002
apiVersion: kubevirt.io/v1\nkind: VirtualMachine\nmetadata:\n annotations:\n kubevirt.io/latest-observed-api-version: v1\n kubevirt.io/storage-observed-api-version: v1\n labels:\n virtnest.io/os-family: Windows\n virtnest.io/os-version: '10'\n name: windows10\n namespace: default\nspec:\n dataVolumeTemplates:\n # \u521b\u5efa\u7cfb\u7edf\u76d8\uff0c\u4f60\u521b\u5efa\u591a\u4e2a PVC\uff08\u78c1\u76d8\uff09\n - metadata:\n name: win10-system\n namespace: default\n spec:\n pvc:\n accessModes:\n - ReadWriteOnce\n resources:\n requests:\n storage: 32Gi\n storageClassName: local-path\n source:\n blank: {}\n running: true\n template:\n metadata:\n labels:\n app: windows10\n version: v1\n kubevirt.io/domain: windows10\n spec:\n architecture: amd64\n domain:\n cpu:\n cores: 8\n sockets: 1\n threads: 1\n devices:\n disks:\n - bootOrder: 1\n # \u65e0 virtio \u9a71\u52a8\uff0c\u8bf7\u4f7f\u7528 sata\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0cdrom:\n bus: sata\n name: win10-system\n # ISO \u955c\u50cf\uff0c\u8bf7\u4f7f\u7528 sata\n - bootOrder: 2\n cdrom:\n bus: sata\n name: iso-win10\n interfaces:\n - name: default\n masquerade: {}\n machine:\n type: q35\n resources:\n requests:\n memory: 8G\n networks:\n - name: default\n pod: {}\n volumes:\n - name: iso-win10\n persistentVolumeClaim:\n claimName: iso-win10\n - name: win10-system\n persistentVolumeClaim:\n claimName: win10-system\n
Windows \u7248\u672c\u7684\u4e91\u4e3b\u673a\u5927\u591a\u6570\u60c5\u51b5\u662f\u9700\u8981\u8fdc\u7a0b\u684c\u9762\u63a7\u5236\u8bbf\u95ee\u7684\uff0c\u5efa\u8bae\u4f7f\u7528 Microsoft \u8fdc\u7a0b\u684c\u9762\u63a7\u5236\u60a8\u7684\u4e91\u4e3b\u673a\u3002
Note
Windows \u4e91\u4e3b\u673a\u6dfb\u52a0\u6570\u636e\u76d8\u7684\u65b9\u5f0f\u548c Linux \u4e91\u4e3b\u673a\u4e00\u81f4\u3002\u4f60\u53ef\u4ee5\u53c2\u8003\u4e0b\u9762\u7684 YAML \u793a\u4f8b\uff1a
apiVersion: kubevirt.io/v1\n kind: VirtualMachine\n <...>\n spec:\n dataVolumeTemplates:\n # \u6dfb\u52a0\u4e00\u5757\u6570\u636e\u76d8\n - metadata:\n name: win10-disk\n namespace: default\n spec:\n pvc:\n accessModes:\n - ReadWriteOnce\n resources:\n requests:\n storage: 16Gi\n storageClassName: hwameistor-storage-lvm-hdd\n source:\n blank: {}\n template:\n spec:\n domain:\n devices:\n disks:\n - bootOrder: 1\n disk:\n bus: virtio\n name: win10-system\n # \u6dfb\u52a0\u4e00\u5757\u6570\u636e\u76d8\n - bootOrder: 2\n disk:\n bus: virtio\n name: win10-disk\n <....>\n volumes:\n <....>\n # \u6dfb\u52a0\u4e00\u5757\u6570\u636e\u76d8\n - name: win10-disk\n persistentVolumeClaim:\n claimName: win10-disk\n
"},{"location":"admin/virtnest/best-practice/vm-windows.html#_4","title":"\u5feb\u7167\u3001\u514b\u9686\u3001\u5b9e\u65f6\u8fc1\u79fb","text":"\u8fd9\u4e9b\u80fd\u529b\u548c Linux \u4e91\u4e3b\u673a\u4e00\u81f4\uff0c\u53ef\u76f4\u63a5\u53c2\u8003\u914d\u7f6e Linux \u4e91\u4e3b\u673a\u7684\u65b9\u5f0f\u3002
"},{"location":"admin/virtnest/best-practice/vm-windows.html#windows_1","title":"\u8bbf\u95ee Windows \u4e91\u4e3b\u673a","text":"\u521b\u5efa\u6210\u529f\u540e\uff0c\u8fdb\u5165\u4e91\u4e3b\u673a\u5217\u8868\u9875\u9762\uff0c\u53d1\u73b0\u4e91\u4e3b\u673a\u6b63\u5e38\u8fd0\u884c\u3002
\u70b9\u51fb\u63a7\u5236\u53f0\u8bbf\u95ee\uff08VNC\uff09\uff0c\u53ef\u4ee5\u6b63\u5e38\u8bbf\u95ee\u3002
\u672c\u6587\u5c06\u4ecb\u7ecd\u5982\u4f55\u5728\u521b\u5efa\u4e91\u4e3b\u673a\u65f6\uff0c\u914d\u7f6e GPU \u7684\u524d\u63d0\u6761\u4ef6\u3002
\u914d\u7f6e\u4e91\u4e3b\u673a\u7684 GPU \u7684\u91cd\u70b9\u662f\u5bf9 GPU Operator \u8fdb\u884c\u914d\u7f6e\uff0c\u4ee5\u4fbf\u5728\u5de5\u4f5c\u8282\u70b9\u4e0a\u90e8\u7f72\u4e0d\u540c\u7684\u8f6f\u4ef6\u7ec4\u4ef6\uff0c \u5177\u4f53\u53d6\u51b3\u4e8e\u8fd9\u4e9b\u8282\u70b9\u4e0a\u914d\u7f6e\u8fd0\u884c\u7684 GPU \u5de5\u4f5c\u8d1f\u8f7d\u3002\u4ee5\u4e0b\u4e09\u4e2a\u8282\u70b9\u4e3a\u4f8b\uff1a
\u5de5\u4f5c\u8282\u70b9\u53ef\u4ee5\u8fd0\u884c GPU \u52a0\u901f\u5bb9\u5668\uff0c\u4e5f\u53ef\u4ee5\u8fd0\u884c\u5177\u6709 GPU \u76f4\u901a\u7684 GPU \u52a0\u901f VM\uff0c\u6216\u8005\u5177\u6709 vGPU \u7684 GPU \u52a0\u901f VM\uff0c\u4f46\u4e0d\u80fd\u8fd0\u884c\u5176\u4e2d\u4efb\u4f55\u4e00\u4e2a\u7684\u7ec4\u5408\u3002
\u4e3a\u4e86\u542f\u7528GPU\u76f4\u901a\u529f\u80fd\uff0c\u96c6\u7fa4\u8282\u70b9\u9700\u8981\u5f00\u542fIOMMU\u3002\u8bf7\u53c2\u8003\u5982\u4f55\u5f00\u542f IOMMU\u3002 \u5982\u679c\u60a8\u7684\u96c6\u7fa4\u662f\u5728\u4e91\u4e3b\u673a\u4e0a\u8fd0\u884c\uff0c\u8bf7\u54a8\u8be2\u60a8\u7684\u4e91\u4e3b\u673a\u5e73\u53f0\u63d0\u4f9b\u5546\u3002
"},{"location":"admin/virtnest/gpu/vm-gpu.html#_2","title":"\u6807\u8bb0\u96c6\u7fa4\u8282\u70b9","text":"\u8fdb\u5165 \u5bb9\u5668\u7ba1\u7406 \uff0c\u9009\u53d6\u60a8\u7684\u5de5\u4f5c\u96c6\u7fa4\uff0c\u70b9\u51fb \u8282\u70b9\u7ba1\u7406 \u7684\u64cd\u4f5c\u680f \u4fee\u6539\u6807\u7b7e \uff0c\u4e3a\u8282\u70b9\u6dfb\u52a0\u6807\u7b7e\uff0c\u6bcf\u4e2a\u8282\u70b9\u53ea\u80fd\u6709\u4e00\u79cd\u6807\u7b7e\u3002
\u60a8\u53ef\u4ee5\u4e3a\u6807\u7b7e\u5206\u914d\u4ee5\u4e0b\u503c\uff1acontainer\u3001vm-passthrough \u548c vm-vgpu\u3002
"},{"location":"admin/virtnest/gpu/vm-gpu.html#nvidia-operator","title":"\u5b89\u88c5 Nvidia Operator","text":"\u8fdb\u5165 \u5bb9\u5668\u7ba1\u7406 \uff0c\u9009\u53d6\u60a8\u7684\u5de5\u4f5c\u96c6\u7fa4\uff0c\u70b9\u51fb Helm \u5e94\u7528 -> Helm \u6a21\u677f \uff0c\u9009\u62e9\u5e76\u5b89\u88c5 gpu-operator\u3002 \u9700\u8981\u4fee\u6539\u4e00\u4e9b yaml \u4e2d\u7684\u76f8\u5173\u5b57\u6bb5\u3002
gpu-operator.sandboxWorkloads.enabled=true\ngpu-operator.vfioManager.enabled=true\ngpu-operator.sandboxDevicePlugin.enabled=true\ngpu-operator.sandboxDevicePlugin.version=v1.2.4 # (1)!\ngpu-operator.toolkit.version=v1.14.3-ubuntu20.04\n
\u7b49\u5f85\u5b89\u88c5\u6210\u529f\uff0c\u5982\u4e0b\u56fe\u6240\u793a\uff1a
\u5b89\u88c5 virtnest-agent\uff0c\u53c2\u8003\u5b89\u88c5 virtnest-agent\u3002
\u5c06 vGPU \u548c GPU \u76f4\u901a\u52a0\u5165 Virtnest Kubevirt CR\uff0c\u4ee5\u4e0b\u793a\u4f8b\u662f\u6dfb\u52a0 vGPU \u548c GPU \u76f4\u901a\u540e\u7684 \u90e8\u5206\u5173\u952e yaml\uff1a
spec:\n configuration:\n developerConfiguration:\n featureGates:\n - GPU\n - DisableMDEVConfiguration\n permittedHostDevices: # (1)!\n mediatedDevices: # (2)!\n - mdevNameSelector: GRID P4-1Q\n resourceName: nvidia.com /GRID_P4-1Q\n pciHostDevices: # (3)!\n - externalResourceProvider: true\n pciVendorSelector: 10DE:1BB3\n resourceName: nvidia.com /GP104GL_TESLA_P4\n
\u5728 kubevirt CR yaml \u4e2d\uff0cpermittedHostDevices
\u7528\u4e8e\u5bfc\u5165 VM \u8bbe\u5907\uff0cvGPU \u9700\u5728\u5176\u4e2d\u6dfb\u52a0 mediatedDevices\uff0c\u5177\u4f53\u7ed3\u6784\u5982\u4e0b\uff1a
mediatedDevices: \n- mdevNameSelector: GRID P4-1Q # (1)!\n resourceName: nvidia.com/GRID_P4-1Q # (2)!\n
GPU \u76f4\u901a\u9700\u8981\u5728 permittedHostDevices
\u4e0b\u6dfb\u52a0 pciHostDevices\uff0c\u5177\u4f53\u7ed3\u6784\u5982\u4e0b\uff1a
pciHostDevices: \n- externalResourceProvider: true # (1)!\n pciVendorSelector: 10DE:1BB3 # (2)!\n resourceName: nvidia.com/GP104GL_TESLA_P4 # (3)!\n
\u83b7\u53d6 vGPU \u4fe1\u606f\u793a\u4f8b\uff08\u4ec5\u9002\u7528\u4e8e vGPU\uff09\uff1a\u5728\u6807\u8bb0\u4e3a nvidia.com/gpu.workload.config=vm-gpu
\u7684\u8282\u70b9\uff08\u4f8b\u5982 work-node-2
\uff09\u4e0a\u67e5\u770b\u8282\u70b9\u4fe1\u606f\uff0c Capacity \u4e2d\u7684 nvidia.com/GRID_P4-1Q: 8
\u8868\u793a\u53ef\u7528 vGPU\uff1a
kubectl describe node work-node-2\n
Capacity:\n cpu: 64\n devices.kubevirt.io/kvm: 1k\n devices.kubevirt.io/tun: 1k\n devices.kubevirt.io/vhost-net: 1k\n ephemeral-storage: 102626232Ki\n hugepages-1Gi: 0\n hugepages-2Mi: 0\n memory: 264010840Ki\n nvidia.com/GRID_P4-1Q : 8\n pods: 110\nAllocatable:\n cpu: 64\n devices.kubevirt.io/kvm: 1k\n devices.kubevirt.io/tun: 1k\n devices.kubevirt.io/vhost-net: 1k\n ephemeral-storage: 94580335255\n hugepages-1Gi: 0\n hugepages-2Mi: 0\n memory: 263908440Ki\n nvidia.com/GRID_P4-1Q: 8\n pods: 110\n
\u90a3\u4e48 mdevNameSelector \u5e94\u8be5\u662f \u201cGRID P4-1Q\u201d\uff0cresourceName \u5e94\u8be5\u662f \u201cGRID_P4-1Q\u201d
\u83b7\u53d6 GPU \u76f4\u901a\u4fe1\u606f\uff1a\u5728\u6807\u8bb0 nvidia.com/gpu.workload.config=vm-passthrough
\u7684 node \u4e0a\uff08\u672c\u6587\u6863\u793a\u4f8b node \u4e3a work-node-1\uff09\uff0c \u67e5\u770b node \u4fe1\u606f\uff0cCapacity \u4e2d nvidia.com/GP104GL_TESLA_P4: 2
\u5c31\u662f\u53ef\u7528 vGPU\uff1a
kubectl describe node work-node-1\n
Capacity:\n cpu: 64\n devices.kubevirt.io/kvm: 1k\n devices.kubevirt.io/tun: 1k\n devices.kubevirt.io/vhost-net: 1k\n ephemeral-storage: 102626232Ki\n hugepages-1Gi: 0\n hugepages-2Mi: 0\n memory: 264010840Ki\n nvidia.com/GP104GL_TESLA_P4: 2\n pods: 110\nAllocatable:\n cpu: 64\n devices.kubevirt.io/kvm: 1k\n devices.kubevirt.io/tun: 1k\n devices.kubevirt.io/vhost-net: 1k\n ephemeral-storage: 94580335255\n hugepages-1Gi: 0\n hugepages-2Mi: 0\n memory: 263908440Ki\n nvidia.com/GP104GL_TESLA_P4: 2\n pods: 110\n
\u90a3\u4e48 resourceName \u5e94\u8be5\u662f \u201cGRID_P4-1Q\u201d, \u5982\u4f55\u83b7\u53d6 pciVendorSelector \u5462\uff1f\u901a\u8fc7 ssh \u767b\u5f55\u5230 work-node-1 \u76ee\u6807\u8282\u70b9\uff0c \u901a\u8fc7 lspci -nnk -d 10de:
\u547d\u4ee4\u83b7\u53d6 Nvidia GPU PCI \u4fe1\u606f\uff0c\u5982\u4e0b\u6240\u793a\uff1a\u7ea2\u6846\u6240\u793a\u5373\u662f pciVendorSelector \u4fe1\u606f\u3002
\u7f16\u8f91 kubevirt CR \u63d0\u793a\uff1a\u5982\u679c\u540c\u4e00\u578b\u53f7 GPU \u6709\u591a\u4e2a\uff0c\u53ea\u9700\u5728 CR \u4e2d\u5199\u5165\u4e00\u4e2a\u5373\u53ef\uff0c\u65e0\u9700\u5217\u51fa\u6bcf\u4e2a GPU\u3002
kubectl -n virtnest-system edit kubevirt kubevirt\n
spec:\n configuration:\n developerConfiguration:\n featureGates:\n - GPU\n - DisableMDEVConfiguration\n permittedHostDevices: # (1)!\n mediatedDevices: # (2)!\n - mdevNameSelector: GRID P4-1Q\n resourceName: nvidia.com/GRID_P4-1Q\n pciHostDevices: # (3)!\n - externalResourceProvider: true\n pciVendorSelector: 10DE:1BB3\n resourceName: nvidia.com/GP104GL_TESLA_P4 \n
\u4e0e\u666e\u901a\u4e91\u4e3b\u673a\u552f\u4e00\u7684\u533a\u522b\u662f\u5728 devices \u4e2d\u6dfb\u52a0 GPU \u76f8\u5173\u4fe1\u606f\u3002
\u70b9\u51fb\u67e5\u770b\u5b8c\u6574 YAMLapiVersion: kubevirt.io/v1\nkind: VirtualMachine\nmetadata:\n name: testvm-gpu1\n namespace: default\nspec:\n dataVolumeTemplates:\n - metadata:\n creationTimestamp: null\n name: systemdisk-testvm-gpu1\n namespace: default\n spec:\n pvc:\n accessModes:\n - ReadWriteOnce\n resources:\n requests:\n storage: 10Gi\n storageClassName: www\n source:\n registry:\n url: docker://release-ci.daocloud.io/virtnest/system-images/debian-12-x86_64:v1\nrunStrategy: Manual\ntemplate:\n metadata:\n creationTimestamp: null\n spec:\n domain:\n cpu:\n cores: 1\n sockets: 1\n threads: 1\n devices:\n disks:\n - bootOrder: 1\n disk:\n bus: virtio\n name: systemdisk-testvm-gpu1\n - disk:\n bus: virtio\n name: cloudinitdisk\n gpus:\n - deviceName: nvidia.com/GP104GL_TESLA_P4\n name: gpu-0-0\n - deviceName: nvidia.com/GP104GL_TESLA_P4\n name: gpu-0-1\n interfaces:\n - masquerade: {}\n name: default\n machine:\n type: q35\n resources:\n requests:\n memory: 2Gi\n networks:\n - name: default\n pod: {}\n volumes:\n - dataVolume:\n name: systemdisk-testvm-gpu1\n name: systemdisk-testvm-gpu1\n - cloudInitNoCloud:\n userDataBase64: I2Nsb3VkLWNvbmZpZwpzc2hfcHdhdXRoOiB0cnVlCmRpc2FibGVfcm9vdDogZmFsc2UKY2hwYXNzd2Q6IHsibGlzdCI6ICJyb290OmRhbmdlcm91cyIsIGV4cGlyZTogRmFsc2V9CgoKcnVuY21kOgogIC0gc2VkIC1pICIvI1w/UGVybWl0Um9vdExvZ2luL3MvXi4qJC9QZXJtaXRSb290TG9naW4geWVzL2ciIC9ldGMvc3NoL3NzaGRfY29uZmlnCiAgLSBzeXN0ZW1jdGwgcmVzdGFydCBzc2guc2VydmljZQ==\n name: cloudinitdisk\n
"},{"location":"admin/virtnest/gpu/vm-vgpu.html","title":"\u4e91\u4e3b\u673a\u914d\u7f6e GPU\uff08vGPU\uff09","text":"\u672c\u6587\u5c06\u4ecb\u7ecd\u5982\u4f55\u5728\u521b\u5efa\u4e91\u4e3b\u673a\u65f6\uff0c\u914d\u7f6e GPU \u7684\u524d\u63d0\u6761\u4ef6\u3002
\u914d\u7f6e\u4e91\u4e3b\u673a\u7684 GPU \u7684\u91cd\u70b9\u662f\u5bf9 GPU Operator \u8fdb\u884c\u914d\u7f6e\uff0c\u4ee5\u4fbf\u5728\u5de5\u4f5c\u8282\u70b9\u4e0a\u90e8\u7f72\u4e0d\u540c\u7684\u8f6f\u4ef6\u7ec4\u4ef6\uff0c \u5177\u4f53\u53d6\u51b3\u4e8e\u8fd9\u4e9b\u8282\u70b9\u4e0a\u914d\u7f6e\u8fd0\u884c\u7684 GPU \u5de5\u4f5c\u8d1f\u8f7d\u3002\u4ee5\u4e0b\u4e09\u4e2a\u8282\u70b9\u4e3a\u4f8b\uff1a
\u5de5\u4f5c\u8282\u70b9\u53ef\u4ee5\u8fd0\u884c GPU \u52a0\u901f\u5bb9\u5668\uff0c\u4e5f\u53ef\u4ee5\u8fd0\u884c\u5177\u6709 GPU \u76f4\u901a\u7684 GPU \u52a0\u901f VM\uff0c\u6216\u8005\u5177\u6709 vGPU \u7684 GPU \u52a0\u901f VM\uff0c\u4f46\u4e0d\u80fd\u8fd0\u884c\u5176\u4e2d\u4efb\u4f55\u4e00\u4e2a\u7684\u7ec4\u5408\u3002
\u4e3a\u4e86\u542f\u7528GPU\u76f4\u901a\u529f\u80fd\uff0c\u96c6\u7fa4\u8282\u70b9\u9700\u8981\u5f00\u542fIOMMU\u3002\u8bf7\u53c2\u8003\u5982\u4f55\u5f00\u542fIOMMU\u3002 \u5982\u679c\u60a8\u7684\u96c6\u7fa4\u662f\u5728\u4e91\u4e3b\u673a\u4e0a\u8fd0\u884c\uff0c\u8bf7\u54a8\u8be2\u60a8\u7684\u4e91\u4e3b\u673a\u5e73\u53f0\u63d0\u4f9b\u5546\u3002
"},{"location":"admin/virtnest/gpu/vm-vgpu.html#vgpu-manager","title":"\u6784\u5efa vGPU Manager \u955c\u50cf","text":"\u6ce8\u610f\uff1a\u4ec5\u5f53\u4f7f\u7528 NVIDIA vGPU \u65f6\u624d\u9700\u8981\u6784\u5efa vGPU Manager \u955c\u50cf\u3002\u5982\u679c\u60a8\u8ba1\u5212\u4ec5\u4f7f\u7528 GPU \u76f4\u901a\uff0c\u8bf7\u8df3\u8fc7\u6b64\u90e8\u5206\u3002
\u4ee5\u4e0b\u662f\u6784\u5efa vGPU Manager \u955c\u50cf\u5e76\u5c06\u5176\u63a8\u9001\u5230\u955c\u50cf\u4ed3\u5e93\u4e2d\u7684\u6b65\u9aa4\uff1a
\u4ece NVIDIA Licensing Portal \u4e0b\u8f7d vGPU \u8f6f\u4ef6\u3002
NVIDIA-Linux-x86_64-<version>-vgpu-kvm.run
\uff09\u3002\u6253\u5f00\u7ec8\u7aef\u514b\u9686 container-images/driver \u4ed3\u5e93
git clone https://gitlab.com/nvidia/container-images/driver cd driver\n
\u5207\u6362\u5230\u60a8\u7684\u64cd\u4f5c\u7cfb\u7edf\u5bf9\u5e94 vgpu-manager \u76ee\u5f55
cd vgpu-manager/<your-os>\n
\u5c06\u6b65\u9aa4 1 \u4e2d\u63d0\u53d6\u7684 .run \u6587\u4ef6 copy \u5230\u5f53\u524d\u76ee\u5f55
cp <local-driver-download-directory>/*-vgpu-kvm.run ./\n
\u8bbe\u7f6e\u73af\u5883\u53d8\u91cf
export PRIVATE_REGISTRY=my/private/registry VERSION=510.73.06 OS_TAG=ubuntu22.04 CUDA_VERSION=12.2.0\n
\u6784\u5efa NVIDIA vGPU Manager Image
docker build \\\n --build-arg DRIVER_VERSION=${VERSION} \\\n --build-arg CUDA_VERSION=${CUDA_VERSION} \\\n -t ${PRIVATE_REGISTRY}/vgpu-manager:${VERSION}-${OS_TAG} .\n
\u5c06 NVIDIA vGPU Manager \u6620\u50cf\u63a8\u9001\u5230\u60a8\u7684\u955c\u50cf\u4ed3\u5e93
docker push ${PRIVATE_REGISTRY}/vgpu-manager:${VERSION}-${OS_TAG}\n
\u8fdb\u5165 \u5bb9\u5668\u7ba1\u7406 \uff0c\u9009\u53d6\u60a8\u7684\u5de5\u4f5c\u96c6\u7fa4\uff0c\u7136\u540e\u70b9\u51fb \u8282\u70b9\u7ba1\u7406 , \u8fdb\u5165\u5217\u8868\u9875\u9762\u3002\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507 \uff0c\u9009\u62e9 \u4fee\u6539\u6807\u7b7e \uff0c\u4e3a\u8282\u70b9\u6dfb\u52a0\u6807\u7b7e\uff0c\u6bcf\u4e2a\u8282\u70b9\u53ea\u80fd\u6709\u4e00\u79cd\u6807\u7b7e\u3002
\u60a8\u53ef\u4ee5\u4e3a\u6807\u7b7e\u5206\u914d\u4ee5\u4e0b\u503c\uff1acontainer\u3001vm-passthrough \u548c vm-vgpu\u3002
"},{"location":"admin/virtnest/gpu/vm-vgpu.html#nvidia-operator","title":"\u5b89\u88c5 Nvidia Operator","text":"\u8fdb\u5165 \u5bb9\u5668\u7ba1\u7406 \uff0c\u9009\u53d6\u60a8\u7684\u5de5\u4f5c\u96c6\u7fa4\uff0c\u70b9\u51fb Helm \u5e94\u7528 -> Helm \u6a21\u677f \uff0c\u9009\u62e9\u5e76\u5b89\u88c5 gpu-operator\u3002\u9700\u8981\u4fee\u6539\u4e00\u4e9b yaml \u4e2d\u7684\u76f8\u5173\u5b57\u6bb5\u3002
gpu-operator.sandboxWorkloads.enabled=true\ngpu-operator.vgpuManager.enabled=true\ngpu-operator.vgpuManager.repository=<your-register-url> # (1)!\ngpu-operator.vgpuManager.image=vgpu-manager\ngpu-operator.vgpuManager.version=<your-vgpu-manager-version> # (2)!\ngpu-operator.vgpuDeviceManager.enabled=true\n
\u7b49\u5f85\u5b89\u88c5\u6210\u529f\uff0c\u5982\u4e0b\u56fe\u6240\u793a\uff1a
\u5b89\u88c5 virtnest-agent\uff0c\u53c2\u8003\u5b89\u88c5 virtnest-agent\u3002
\u5c06 vGPU \u548c GPU \u76f4\u901a\u52a0\u5165 Virtnest Kubevirt CR\uff0c\u4ee5\u4e0b\u793a\u4f8b\u662f\u6dfb\u52a0 vGPU \u548c GPU \u76f4\u901a\u540e\u7684 \u90e8\u5206\u5173\u952e yaml\uff1a
spec:\n configuration:\n developerConfiguration:\n featureGates:\n - GPU\n - DisableMDEVConfiguration\n permittedHostDevices: # (1)!\n mediatedDevices: # (2)!\n - mdevNameSelector: GRID P4-1Q\n resourceName: nvidia.com /GRID_P4-1Q\n pciHostDevices: # (3)!\n - externalResourceProvider: true\n pciVendorSelector: 10DE:1BB3\n resourceName: nvidia.com /GP104GL_TESLA_P4\n
\u5728 kubevirt CR yaml \u4e2d\uff0cpermittedHostDevices
\u7528\u4e8e\u5bfc\u5165 VM \u8bbe\u5907\uff0cvGPU \u9700\u5728\u5176\u4e2d\u6dfb\u52a0 mediatedDevices\uff0c\u5177\u4f53\u7ed3\u6784\u5982\u4e0b\uff1a
mediatedDevices: \n- mdevNameSelector: GRID P4-1Q # (1)!\n resourceName: nvidia.com/GRID_P4-1Q # (2)!\n
GPU \u76f4\u901a\u9700\u8981\u5728 permittedHostDevices
\u4e0b\u6dfb\u52a0 pciHostDevices\uff0c\u5177\u4f53\u7ed3\u6784\u5982\u4e0b\uff1a
pciHostDevices: \n- externalResourceProvider: true # (1)!\n pciVendorSelector: 10DE:1BB3 # (2)!\n resourceName: nvidia.com/GP104GL_TESLA_P4 # (3)!\n
\u83b7\u53d6 vGPU \u4fe1\u606f\u793a\u4f8b\uff08\u4ec5\u9002\u7528\u4e8e vGPU\uff09\uff1a\u5728\u6807\u8bb0\u4e3a nvidia.com/gpu.workload.config=vm-gpu
\u7684\u8282\u70b9\uff08\u4f8b\u5982 work-node-2\uff09\u4e0a\u67e5\u770b\u8282\u70b9\u4fe1\u606f\uff0c Capacity \u4e2d\u7684 nvidia.com/GRID_P4-1Q: 8
\u8868\u793a\u53ef\u7528 vGPU\uff1a
kubectl describe node work-node-2\n
Capacity:\n cpu: 64\n devices.kubevirt.io/kvm: 1k\n devices.kubevirt.io/tun: 1k\n devices.kubevirt.io/vhost-net: 1k\n ephemeral-storage: 102626232Ki\n hugepages-1Gi: 0\n hugepages-2Mi: 0\n memory: 264010840Ki\n nvidia.com/GRID_P4-1Q : 8\n pods: 110\nAllocatable:\n cpu: 64\n devices.kubevirt.io/kvm: 1k\n devices.kubevirt.io/tun: 1k\n devices.kubevirt.io/vhost-net: 1k\n ephemeral-storage: 94580335255\n hugepages-1Gi: 0\n hugepages-2Mi: 0\n memory: 263908440Ki\n nvidia.com/GRID_P4-1Q: 8\n pods: 110\n
\u90a3\u4e48 mdevNameSelector \u5e94\u8be5\u662f \u201cGRID P4-1Q\u201d\uff0cresourceName \u5e94\u8be5\u662f \u201cGRID_P4-1Q\u201d
\u83b7\u53d6 GPU \u76f4\u901a\u4fe1\u606f\uff1a\u5728\u6807\u8bb0 nvidia.com/gpu.workload.config=vm-passthrough
\u7684 node \u4e0a\uff08\u672c\u6587\u6863\u793a\u4f8b node \u4e3a work-node-1\uff09\uff0c \u67e5\u770b node \u4fe1\u606f\uff0cCapacity \u4e2d nvidia.com/GP104GL_TESLA_P4: 2
\u5c31\u662f\u53ef\u7528 vGPU\uff1a
kubectl describe node work-node-1\n
Capacity:\n cpu: 64\n devices.kubevirt.io/kvm: 1k\n devices.kubevirt.io/tun: 1k\n devices.kubevirt.io/vhost-net: 1k\n ephemeral-storage: 102626232Ki\n hugepages-1Gi: 0\n hugepages-2Mi: 0\n memory: 264010840Ki\n nvidia.com/GP104GL_TESLA_P4: 2\n pods: 110\nAllocatable:\n cpu: 64\n devices.kubevirt.io/kvm: 1k\n devices.kubevirt.io/tun: 1k\n devices.kubevirt.io/vhost-net: 1k\n ephemeral-storage: 94580335255\n hugepages-1Gi: 0\n hugepages-2Mi: 0\n memory: 263908440Ki\n nvidia.com/GP104GL_TESLA_P4: 2\n pods: 110\n
\u90a3\u4e48 resourceName \u5e94\u8be5\u662f \u201cGRID_P4-1Q\u201d, \u5982\u4f55\u83b7\u53d6 pciVendorSelector \u5462\uff1f\u901a\u8fc7 ssh \u767b\u5f55\u5230 work-node-1 \u76ee\u6807\u8282\u70b9\uff0c \u901a\u8fc7 lspci -nnk -d 10de:
\u547d\u4ee4\u83b7\u53d6 Nvidia GPU PCI \u4fe1\u606f\uff0c\u5982\u4e0b\u6240\u793a\uff1a\u7ea2\u6846\u6240\u793a\u5373\u662f pciVendorSelector \u4fe1\u606f\u3002
\u7f16\u8f91 kubevirt CR \u63d0\u793a\uff1a\u5982\u679c\u540c\u4e00\u578b\u53f7 GPU \u6709\u591a\u4e2a\uff0c\u53ea\u9700\u5728 CR \u4e2d\u5199\u5165\u4e00\u4e2a\u5373\u53ef\uff0c\u65e0\u9700\u5217\u51fa\u6bcf\u4e2a GPU\u3002
kubectl -n virtnest-system edit kubevirt kubevirt\n
spec:\n configuration:\n developerConfiguration:\n featureGates:\n - GPU\n - DisableMDEVConfiguration\n permittedHostDevices: # (1)!\n mediatedDevices: # (2)!\n - mdevNameSelector: GRID P4-1Q\n resourceName: nvidia.com/GRID_P4-1Q\n pciHostDevices: # (3)!\n - externalResourceProvider: true\n pciVendorSelector: 10DE:1BB3\n resourceName: nvidia.com/GP104GL_TESLA_P4 \n
\u4e0e\u666e\u901a\u4e91\u4e3b\u673a\u552f\u4e00\u7684\u533a\u522b\u662f\u5728 devices \u4e2d\u6dfb\u52a0 gpu \u76f8\u5173\u4fe1\u606f\u3002
\u70b9\u51fb\u67e5\u770b\u5b8c\u6574 YAMLapiVersion: kubevirt.io/v1\nkind: VirtualMachine\nmetadata:\n name: testvm-gpu1\n namespace: default\nspec:\n dataVolumeTemplates:\n - metadata:\n creationTimestamp: null\n name: systemdisk-testvm-gpu1\n namespace: default\n spec:\n pvc:\n accessModes:\n - ReadWriteOnce\n resources:\n requests:\n storage: 10Gi\n storageClassName: www\n source:\n registry:\n url: docker://release-ci.daocloud.io/virtnest/system-images/debian-12-x86_64:v1\nrunStrategy: Manual\ntemplate:\n metadata:\n creationTimestamp: null\n spec:\n domain:\n cpu:\n cores: 1\n sockets: 1\n threads: 1\n devices:\n disks:\n - bootOrder: 1\n disk:\n bus: virtio\n name: systemdisk-testvm-gpu1\n - disk:\n bus: virtio\n name: cloudinitdisk\n gpus:\n - deviceName: nvidia.com/GP104GL_TESLA_P4\n name: gpu-0-0\n - deviceName: nvidia.com/GP104GL_TESLA_P4\n name: gpu-0-1\n interfaces:\n - masquerade: {}\n name: default\n machine:\n type: q35\n resources:\n requests:\n memory: 2Gi\n networks:\n - name: default\n pod: {}\n volumes:\n - dataVolume:\n name: systemdisk-testvm-gpu1\n name: systemdisk-testvm-gpu1\n - cloudInitNoCloud:\n userDataBase64: I2Nsb3VkLWNvbmZpZwpzc2hfcHdhdXRoOiB0cnVlCmRpc2FibGVfcm9vdDogZmFsc2UKY2hwYXNzd2Q6IHsibGlzdCI6ICJyb290OmRhbmdlcm91cyIsIGV4cGlyZTogRmFsc2V9CgoKcnVuY21kOgogIC0gc2VkIC1pICIvI1w/UGVybWl0Um9vdExvZ2luL3MvXi4qJC9QZXJtaXRSb290TG9naW4geWVzL2ciIC9ldGMvc3NoL3NzaGRfY29uZmlnCiAgLSBzeXN0ZW1jdGwgcmVzdGFydCBzc2guc2VydmljZQ==\n name: cloudinitdisk\n
"},{"location":"admin/virtnest/install/index.html","title":"\u5b89\u88c5\u4e91\u4e3b\u673a\u6a21\u5757","text":"\u672c\u9875\u8bf4\u660e\u5982\u4f55\u5b89\u88c5\u4e91\u4e3b\u673a\u6a21\u5757\u3002
Info
\u4e0b\u8ff0\u547d\u4ee4\u6216\u811a\u672c\u5185\u51fa\u73b0\u7684 virtnest \u5b57\u6837\u662f\u4e91\u4e3b\u673a\u6a21\u5757\u7684\u5185\u90e8\u5f00\u53d1\u4ee3\u53f7\u3002
"},{"location":"admin/virtnest/install/index.html#virtnest-helm","title":"\u914d\u7f6e virtnest helm \u4ed3\u5e93","text":"helm-charts \u4ed3\u5e93\u5730\u5740\uff1ahttps://release.daocloud.io/harbor/projects/10/helm-charts/virtnest/versions
helm repo add virtnest-release https://release.daocloud.io/chartrepo/virtnest\nhelm repo update virtnest-release\n
\u5982\u679c\u60a8\u60f3\u4f53\u9a8c\u6700\u65b0\u5f00\u53d1\u7248\u7684 virtnest\uff0c\u90a3\u4e48\u8bf7\u6dfb\u52a0\u5982\u4e0b\u4ed3\u5e93\u5730\u5740\uff08\u5f00\u53d1\u7248\u672c\u7684 virtnest \u6781\u5176\u4e0d\u7a33\u5b9a\uff09
helm repo add virtnest-release-ci https://release-ci.daocloud.io/chartrepo/virtnest\nhelm repo update virtnest-release-ci\n
"},{"location":"admin/virtnest/install/index.html#virtnest","title":"\u9009\u62e9\u60a8\u60f3\u5b89\u88c5\u7684 virtnest \u7248\u672c","text":"\u5efa\u8bae\u5b89\u88c5\u6700\u65b0\u7248\u672c\u3002
[root@master ~]# helm search repo virtnest-release/virtnest --versions\nNAME CHART VERSION APP VERSION DESCRIPTION\nvirtnest-release/virtnest 0.6.0 v0.6.0 A Helm chart for virtnest\n
"},{"location":"admin/virtnest/install/index.html#namespace","title":"\u521b\u5efa namespace","text":"kubectl create namespace virtnest-system\n
"},{"location":"admin/virtnest/install/index.html#_2","title":"\u6267\u884c\u5b89\u88c5\u6b65\u9aa4","text":"helm install virtnest virtnest-release/virtnest -n virtnest-system --version 0.6.0\n
"},{"location":"admin/virtnest/install/index.html#_3","title":"\u5347\u7ea7","text":""},{"location":"admin/virtnest/install/index.html#virtnest-helm_1","title":"\u66f4\u65b0 virtnest helm \u4ed3\u5e93","text":"helm repo update virtnest-release\n
"},{"location":"admin/virtnest/install/index.html#-set","title":"\u5907\u4efd --set \u53c2\u6570","text":"\u5728\u5347\u7ea7 virtnest \u7248\u672c\u4e4b\u524d\uff0c\u6211\u4eec\u5efa\u8bae\u60a8\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5907\u4efd\u4e0a\u4e00\u4e2a\u7248\u672c\u7684 --set \u53c2\u6570
helm get values virtnest -n virtnest-system -o yaml > bak.yaml\n
"},{"location":"admin/virtnest/install/index.html#helm-upgrade","title":"\u6267\u884c helm upgrade","text":"helm upgrade virtnest virtnest-release/virtnest \\\n -n virtnest-system \\\n -f ./bak.yaml \\\n --version 0.6.0\n
"},{"location":"admin/virtnest/install/index.html#_4","title":"\u5378\u8f7d","text":"helm delete virtnest -n virtnest-system\n
"},{"location":"admin/virtnest/install/install-dependency.html","title":"\u5b89\u88c5\u4f9d\u8d56\u548c\u524d\u63d0\u6761\u4ef6","text":"\u672c\u9875\u8bf4\u660e\u5b89\u88c5\u4e91\u4e3b\u673a\u6a21\u5757\u7684\u4f9d\u8d56\u548c\u524d\u63d0\u6761\u4ef6\u3002
Info
\u4e0b\u8ff0\u547d\u4ee4\u6216\u811a\u672c\u5185\u51fa\u73b0\u7684 virtnest \u5b57\u6837\u662f\u5168\u5c40\u7ba1\u7406\u6a21\u5757\u7684\u5185\u90e8\u5f00\u53d1\u4ee3\u53f7\u3002
"},{"location":"admin/virtnest/install/install-dependency.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":""},{"location":"admin/virtnest/install/install-dependency.html#411","title":"\u64cd\u4f5c\u7cfb\u7edf\u5185\u6838\u7248\u672c\u9700\u8981\u5728 4.11 \u4ee5\u4e0a","text":"\u76ee\u6807\u96c6\u7fa4\u6240\u6709\u8282\u70b9\u7684\u64cd\u4f5c\u7cfb\u7edf\u5185\u6838\u7248\u672c\u9700\u8981\u5927\u4e8e 4.11\uff08\u8be6\u89c1 kubevirt issue\uff09\u3002 \u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\u67e5\u770b\u5185\u6838\u7248\u672c\uff1a
uname -a\n
\u793a\u4f8b\u8f93\u51fa\uff1a
Linux master 6.5.3-1.el7.elrepo.x86_64 #1 SMP PREEMPT_DYNAMIC Wed Sep 13 11:46:28 EDT 2023 x86_64 x86_64 x86_64 GNU/Linux\n
"},{"location":"admin/virtnest/install/install-dependency.html#cpu-x86-64-v2","title":"CPU \u9700\u652f\u6301 x86-64-v2 \u53ca\u4ee5\u4e0a\u7684\u6307\u4ee4\u96c6","text":"\u4f7f\u7528\u4ee5\u4e0b\u811a\u672c\u68c0\u67e5\u5f53\u524d\u8282\u70b9\u7684 CPU \u662f\u5426\u652f\u6301\uff1a
Note
\u82e5\u51fa\u73b0\u4e0e\u8f93\u51fa\u4fe1\u606f\u65e0\u5173\u7684\u62a5\u9519\uff08\u5982\u4e0b\u6240\u793a\uff09\uff0c\u53ef\u65e0\u9700\u5173\u6ce8\uff0c\u4e0d\u5f71\u54cd\u6700\u7ec8\u7ed3\u679c\u3002
\u793a\u4f8b$ sh detect-cpu.sh\ndetect-cpu.sh: line 3: fpu: command not found\n
cat <<EOF > detect-cpu.sh\n#!/bin/sh -eu\n\nflags=$(cat /proc/cpuinfo | grep flags | head -n 1 | cut -d: -f2)\n\nsupports_v2='awk \"/cx16/&&/lahf/&&/popcnt/&&/sse4_1/&&/sse4_2/&&/ssse3/ {found=1} END {exit !found}\"'\nsupports_v3='awk \"/avx/&&/avx2/&&/bmi1/&&/bmi2/&&/f16c/&&/fma/&&/abm/&&/movbe/&&/xsave/ {found=1} END {exit !found}\"'\nsupports_v4='awk \"/avx512f/&&/avx512bw/&&/avx512cd/&&/avx512dq/&&/avx512vl/ {found=1} END {exit !found}\"'\n\necho \"$flags\" | eval $supports_v2 || exit 2 && echo \"CPU supports x86-64-v2\"\necho \"$flags\" | eval $supports_v3 || exit 3 && echo \"CPU supports x86-64-v3\"\necho \"$flags\" | eval $supports_v4 || exit 4 && echo \"CPU supports x86-64-v4\"\nEOF\nchmod +x detect-cpu.sh\nsh detect-cpu.sh\n
"},{"location":"admin/virtnest/install/install-dependency.html#_3","title":"\u6240\u6709\u8282\u70b9\u5fc5\u987b\u542f\u7528\u786c\u4ef6\u865a\u62df\u5316\uff08\u5d4c\u5957\u865a\u62df\u5316\uff09","text":"\u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\u68c0\u67e5\uff1a
virt-host-validate qemu\n
# \u6210\u529f\u7684\u60c5\u51b5\nQEMU: Checking for hardware virtualization : PASS\nQEMU: Checking if device /dev/kvm exists : PASS\nQEMU: Checking if device /dev/kvm is accessible : PASS\nQEMU: Checking if device /dev/vhost-net exists : PASS\nQEMU: Checking if device /dev/net/tun exists : PASS\nQEMU: Checking for cgroup 'cpu' controller support : PASS\nQEMU: Checking for cgroup 'cpuacct' controller support : PASS\nQEMU: Checking for cgroup 'cpuset' controller support : PASS\nQEMU: Checking for cgroup 'memory' controller support : PASS\nQEMU: Checking for cgroup 'devices' controller support : PASS\nQEMU: Checking for cgroup 'blkio' controller support : PASS\nQEMU: Checking for device assignment IOMMU support : PASS\nQEMU: Checking if IOMMU is enabled by kernel : PASS\nQEMU: Checking for secure guest support : WARN (Unknown if this platform has Secure Guest support)\n\n# \u5931\u8d25\u7684\u60c5\u51b5\nQEMU: Checking for hardware virtualization : FAIL (Only emulated CPUs are available, performance will be significantly limited)\nQEMU: Checking if device /dev/vhost-net exists : PASS\nQEMU: Checking if device /dev/net/tun exists : PASS\nQEMU: Checking for cgroup 'memory' controller support : PASS\nQEMU: Checking for cgroup 'memory' controller mount-point : PASS\nQEMU: Checking for cgroup 'cpu' controller support : PASS\nQEMU: Checking for cgroup 'cpu' controller mount-point : PASS\nQEMU: Checking for cgroup 'cpuacct' controller support : PASS\nQEMU: Checking for cgroup 'cpuacct' controller mount-point : PASS\nQEMU: Checking for cgroup 'cpuset' controller support : PASS\nQEMU: Checking for cgroup 'cpuset' controller mount-point : PASS\nQEMU: Checking for cgroup 'devices' controller support : PASS\nQEMU: Checking for cgroup 'devices' controller mount-point : PASS\nQEMU: Checking for cgroup 'blkio' controller support : PASS\nQEMU: Checking for cgroup 'blkio' controller mount-point : PASS\nWARN (Unknown if this platform has IOMMU support)\n
\u5b89\u88c5 virt-host-validate\uff1a
\u5728 CentOS \u4e0a\u5b89\u88c5\u5728 Ubuntu \u4e0a\u5b89\u88c5yum install -y qemu-kvm libvirt virt-install bridge-utils\n
apt install qemu-kvm libvirt-daemon-system libvirt-clients bridge-utils\n
\u786c\u4ef6\u865a\u62df\u5316\u542f\u7528\u65b9\u6cd5\uff1a
\u4e0d\u540c\u5e73\u53f0\u542f\u7528\u786c\u4ef6\u865a\u62df\u5316\u7684\u65b9\u6cd5\u4e5f\u4e0d\u4e00\u6837\uff0c\u4ee5 vsphere \u4e3a\u4f8b\uff0c \u65b9\u6cd5\u8bf7\u53c2\u7167 vmware \u5b98\u7f51\u6587\u6863\u3002
\u5982\u679c\u96c6\u7fa4\u4f7f\u7528 Docker Engine \u4f5c\u4e3a\u5bb9\u5668\u8fd0\u884c\u65f6\uff0c\u5219 Docker Engine \u7248\u672c\u9700\u8981\u5927\u4e8e 20.10.10
"},{"location":"admin/virtnest/install/install-dependency.html#iommu","title":"\u5efa\u8bae\u5f00\u542f IOMMU","text":"\u4e3a\u4e86\u540e\u7eed\u529f\u80fd\u505a\u51c6\u5907\uff0c\u5efa\u8bae\u5f00\u542f IOMMU\u3002
"},{"location":"admin/virtnest/install/offline-install.html","title":"\u79bb\u7ebf\u5347\u7ea7","text":"\u672c\u9875\u8bf4\u660e\u60a8\u5728\u4e0b\u8f7d\u4e91\u4e3b\u673a\u6a21\u5757\u7684\u79bb\u7ebf\u5305\u540e\uff0c\u5e94\u8be5\u5982\u4f55\u5b89\u88c5\u6216\u5347\u7ea7\u3002
Info
\u4e0b\u8ff0\u547d\u4ee4\u6216\u811a\u672c\u5185\u51fa\u73b0\u7684 virtnest \u5b57\u6837\u662f\u4e91\u4e3b\u673a\u6a21\u5757\u7684\u5185\u90e8\u5f00\u53d1\u4ee3\u53f7\u3002
"},{"location":"admin/virtnest/install/offline-install.html#_2","title":"\u4ece\u5b89\u88c5\u5305\u4e2d\u52a0\u8f7d\u955c\u50cf","text":"\u60a8\u53ef\u4ee5\u6839\u636e\u4e0b\u9762\u4e24\u79cd\u65b9\u5f0f\u4e4b\u4e00\u52a0\u8f7d\u955c\u50cf\uff0c\u5f53\u73af\u5883\u4e2d\u5b58\u5728\u955c\u50cf\u4ed3\u5e93\u65f6\uff0c\u5efa\u8bae\u9009\u62e9chart-syncer\u540c\u6b65\u955c\u50cf\u5230\u955c\u50cf\u4ed3\u5e93\uff0c\u8be5\u65b9\u6cd5\u66f4\u52a0\u9ad8\u6548\u4fbf\u6377\u3002
"},{"location":"admin/virtnest/install/offline-install.html#chart-syncer","title":"chart-syncer \u540c\u6b65\u955c\u50cf\u5230\u955c\u50cf\u4ed3\u5e93","text":"\u521b\u5efa load-image.yaml
Note
\u8be5 YAML \u6587\u4ef6\u4e2d\u7684\u5404\u9879\u53c2\u6570\u5747\u4e3a\u5fc5\u586b\u9879\u3002\u60a8\u9700\u8981\u4e00\u4e2a\u79c1\u6709\u7684\u955c\u50cf\u4ed3\u5e93\uff0c\u5e76\u4fee\u6539\u76f8\u5173\u914d\u7f6e\u3002
\u5df2\u5b89\u88c5 chart repo\u672a\u5b89\u88c5 chart repo\u82e5\u5f53\u524d\u73af\u5883\u5df2\u5b89\u88c5 chart repo\uff0cchart-syncer \u4e5f\u652f\u6301\u5c06 chart \u5bfc\u51fa\u4e3a tgz \u6587\u4ef6\u3002
load-image.yamlsource:\n intermediateBundlesPath: virtnest-offline # \u5230\u6267\u884c charts-syncer \u547d\u4ee4\u7684\u76f8\u5bf9\u8def\u5f84\uff0c\u800c\u4e0d\u662f\u6b64 YAML \u6587\u4ef6\u548c\u79bb\u7ebf\u5305\u4e4b\u95f4\u7684\u76f8\u5bf9\u8def\u5f84\ntarget:\n containerRegistry: 10.16.10.111 # \u9700\u66f4\u6539\u4e3a\u4f60\u7684\u955c\u50cf\u4ed3\u5e93 url\n containerRepository: release.daocloud.io/virtnest # \u9700\u66f4\u6539\u4e3a\u4f60\u7684\u955c\u50cf\u4ed3\u5e93\n repo:\n kind: HARBOR # \u4e5f\u53ef\u4ee5\u662f\u4efb\u4f55\u5176\u4ed6\u652f\u6301\u7684 Helm Chart \u4ed3\u5e93\u7c7b\u522b\n url: http://10.16.10.111/chartrepo/release.daocloud.io # \u9700\u66f4\u6539\u4e3a chart repo url\n auth:\n username: \"admin\" # \u4f60\u7684\u955c\u50cf\u4ed3\u5e93\u7528\u6237\u540d\n password: \"Harbor12345\" # \u4f60\u7684\u955c\u50cf\u4ed3\u5e93\u5bc6\u7801\n containers:\n auth:\n username: \"admin\" # \u4f60\u7684\u955c\u50cf\u4ed3\u5e93\u7528\u6237\u540d\n password: \"Harbor12345\" # \u4f60\u7684\u955c\u50cf\u4ed3\u5e93\u5bc6\u7801\n
\u82e5\u5f53\u524d\u73af\u5883\u672a\u5b89\u88c5 chart repo\uff0cchart-syncer \u4e5f\u652f\u6301\u5c06 chart \u5bfc\u51fa\u4e3a tgz \u6587\u4ef6\uff0c\u5e76\u5b58\u653e\u5728\u6307\u5b9a\u8def\u5f84\u3002
load-image.yamlsource:\n intermediateBundlesPath: virtnest-offline # \u5230\u6267\u884c charts-syncer \u547d\u4ee4\u7684\u76f8\u5bf9\u8def\u5f84\uff0c\u800c\u4e0d\u662f\u6b64 YAML \u6587\u4ef6\u548c\u79bb\u7ebf\u5305\u4e4b\u95f4\u7684\u76f8\u5bf9\u8def\u5f84\ntarget:\n containerRegistry: 10.16.10.111 # \u9700\u66f4\u6539\u4e3a\u4f60\u7684\u955c\u50cf\u4ed3\u5e93 url\n containerRepository: release.daocloud.io/virtnest # \u9700\u66f4\u6539\u4e3a\u4f60\u7684\u955c\u50cf\u4ed3\u5e93\n repo:\n kind: LOCAL\n path: ./local-repo # chart \u672c\u5730\u8def\u5f84\n containers:\n auth:\n username: \"admin\" # \u4f60\u7684\u955c\u50cf\u4ed3\u5e93\u7528\u6237\u540d\n password: \"Harbor12345\" # \u4f60\u7684\u955c\u50cf\u4ed3\u5e93\u5bc6\u7801\n
\u6267\u884c\u540c\u6b65\u955c\u50cf\u547d\u4ee4\u3002
charts-syncer sync --config load-image.yaml\n
\u89e3\u538b\u5e76\u52a0\u8f7d\u955c\u50cf\u6587\u4ef6\u3002
\u89e3\u538b tar \u538b\u7f29\u5305\u3002
tar xvf virtnest.bundle.tar\n
\u89e3\u538b\u6210\u529f\u540e\u4f1a\u5f97\u5230 3 \u4e2a\u6587\u4ef6\uff1a
\u4ece\u672c\u5730\u52a0\u8f7d\u955c\u50cf\u5230 Docker \u6216 containerd\u3002
Dockercontainerddocker load -i images.tar\n
ctr -n k8s.io image import images.tar\n
Note
\u6bcf\u4e2a node \u90fd\u9700\u8981\u505a Docker \u6216 containerd \u52a0\u8f7d\u955c\u50cf\u64cd\u4f5c\uff0c \u52a0\u8f7d\u5b8c\u6210\u540e\u9700\u8981 tag \u955c\u50cf\uff0c\u4fdd\u6301 Registry\u3001Repository \u4e0e\u5b89\u88c5\u65f6\u4e00\u81f4\u3002
"},{"location":"admin/virtnest/install/offline-install.html#_3","title":"\u5347\u7ea7","text":"\u6709\u4e24\u79cd\u5347\u7ea7\u65b9\u5f0f\u3002\u60a8\u53ef\u4ee5\u6839\u636e\u524d\u7f6e\u64cd\u4f5c\uff0c\u9009\u62e9\u5bf9\u5e94\u7684\u5347\u7ea7\u65b9\u6848\uff1a
\u901a\u8fc7 helm repo \u5347\u7ea7\u901a\u8fc7 chart \u5305\u5347\u7ea7\u68c0\u67e5\u4e91\u4e3b\u673a helm \u4ed3\u5e93\u662f\u5426\u5b58\u5728\u3002
helm repo list | grep virtnest\n
\u82e5\u8fd4\u56de\u7ed3\u679c\u4e3a\u7a7a\u6216\u5982\u4e0b\u63d0\u793a\uff0c\u5219\u8fdb\u884c\u4e0b\u4e00\u6b65\uff1b\u53cd\u4e4b\u5219\u8df3\u8fc7\u4e0b\u4e00\u6b65\u3002
Error: no repositories to show\n
\u6dfb\u52a0\u4e91\u4e3b\u673a\u7684 helm \u4ed3\u5e93\u3002
helm repo add virtnest http://{harbor url}/chartrepo/{project}\n
\u66f4\u65b0\u4e91\u4e3b\u673a\u7684 helm \u4ed3\u5e93\u3002
helm repo update virtnest # (1)\n
\u9009\u62e9\u60a8\u60f3\u5b89\u88c5\u7684\u4e91\u4e3b\u673a\u7248\u672c\uff08\u5efa\u8bae\u5b89\u88c5\u6700\u65b0\u7248\u672c\uff09\u3002
helm search repo virtnest/virtnest --versions\n
[root@master ~]# helm search repo virtnest/virtnest --versions\nNAME CHART VERSION APP VERSION DESCRIPTION\nvirtnest/virtnest 0.2.0 v0.2.0 A Helm chart for virtnest\n...\n
\u5907\u4efd --set
\u53c2\u6570\u3002
\u5728\u5347\u7ea7\u4e91\u4e3b\u673a\u7248\u672c\u4e4b\u524d\uff0c\u5efa\u8bae\u60a8\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5907\u4efd\u8001\u7248\u672c\u7684 --set
\u53c2\u6570\u3002
helm get values virtnest -n virtnest-system -o yaml > bak.yaml\n
\u66f4\u65b0 virtnest crds
helm pull virtnest/virtnest --version 0.2.0 && tar -zxf virtnest-0.2.0.tgz\nkubectl apply -f virtnest/crds\n
\u6267\u884c helm upgrade
\u3002
\u5347\u7ea7\u524d\u5efa\u8bae\u60a8\u8986\u76d6 bak.yaml \u4e2d\u7684 global.imageRegistry
\u5b57\u6bb5\u4e3a\u5f53\u524d\u4f7f\u7528\u7684\u955c\u50cf\u4ed3\u5e93\u5730\u5740\u3002
export imageRegistry={\u4f60\u7684\u955c\u50cf\u4ed3\u5e93}\n
helm upgrade virtnest virtnest/virtnest \\\n -n virtnest-system \\\n -f ./bak.yaml \\\n --set global.imageRegistry=$imageRegistry \\\n --version 0.2.0\n
\u5907\u4efd --set
\u53c2\u6570\u3002
\u5728\u5347\u7ea7\u4e91\u4e3b\u673a\u7248\u672c\u4e4b\u524d\uff0c\u5efa\u8bae\u60a8\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5907\u4efd\u8001\u7248\u672c\u7684 --set
\u53c2\u6570\u3002
helm get values virtnest -n virtnest-system -o yaml > bak.yaml\n
\u66f4\u65b0 virtnest crds
kubectl apply -f ./crds\n
\u6267\u884c helm upgrade
\u3002
\u5347\u7ea7\u524d\u5efa\u8bae\u60a8\u8986\u76d6 bak.yaml \u4e2d\u7684 global.imageRegistry
\u4e3a\u5f53\u524d\u4f7f\u7528\u7684\u955c\u50cf\u4ed3\u5e93\u5730\u5740\u3002
export imageRegistry={\u4f60\u7684\u955c\u50cf\u4ed3\u5e93}\n
helm upgrade virtnest . \\\n -n virtnest-system \\\n -f ./bak.yaml \\\n --set global.imageRegistry=$imageRegistry\n
\u672c\u6587\u5c06\u4ecb\u7ecd\u5982\u4f55\u5728\u6307\u5b9a\u96c6\u7fa4\u5185\u5b89\u88c5 virtnest-agent\u3002
"},{"location":"admin/virtnest/install/virtnest-agent.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u5b89\u88c5 virtnest-agent \u4e4b\u524d\uff0c\u9700\u8981\u6ee1\u8db3\u4ee5\u4e0b\u524d\u63d0\u6761\u4ef6\uff1a
\u521d\u59cb\u96c6\u7fa4\u9700\u8981\u5728 Helm \u4e2d\u5b89\u88c5 virtnest-agent \u7ec4\u4ef6\u540e\u65b9\u53ef\u4f7f\u7528\u4e91\u4e3b\u673a\u7684\u76f8\u5173\u80fd\u529b\u3002
\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u4e0a\u7684 \u5bb9\u5668\u7ba1\u7406 \uff0c\u7136\u540e\u70b9\u51fb \u4e91\u4e3b\u673a \uff0c\u82e5\u672a\u5b89\u88c5 virtnest-agent \u7ec4\u4ef6\uff0c\u5219\u65e0\u6cd5\u6b63\u5e38\u4f7f\u7528\u4e91\u4e3b\u673a\u80fd\u529b\u3002\u5c06\u63d0\u9192\u7528\u6237\u5728\u6240\u9700\u96c6\u7fa4\u5185\u8fdb\u884c\u5b89\u88c5\u3002
\u9009\u62e9\u6240\u9700\u96c6\u7fa4\uff0c\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u7684 Helm \u5e94\u7528 \uff0c\u7136\u540e\u70b9\u51fb Helm \u6a21\u677f \uff0c\u67e5\u770b\u6a21\u677f\u5217\u8868\u3002
\u641c\u7d22 virtnest-agent \u7ec4\u4ef6\uff0c\u8fdb\u5165\u7ec4\u4ef6\u8be6\u60c5\uff0c\u9009\u62e9\u5408\u9002\u7248\u672c\uff0c\u70b9\u51fb \u5b89\u88c5 \u6309\u94ae\uff0c\u8fdb\u884c\u5b89\u88c5\u3002
\u8fdb\u5165\u5b89\u88c5\u8868\u5355\u9875\u9762\uff0c\u586b\u5199\u57fa\u672c\u4fe1\u606f\u540e\uff0c\u70b9\u51fb \u786e\u5b9a \uff0c\u5b89\u88c5\u5b8c\u6210\u3002
\u91cd\u65b0\u70b9\u51fb \u4e91\u4e3b\u673a \u5bfc\u822a\u680f\uff0c\u6210\u529f\u51fa\u73b0\u4e91\u4e3b\u673a\u5217\u8868\uff0c\u53ef\u4ee5\u6b63\u5e38\u4f7f\u7528\u4e91\u4e3b\u673a\u80fd\u529b\u3002
\u672c\u6587\u5c06\u4ecb\u7ecd\u5982\u4f55\u901a\u8fc7\u955c\u50cf\u548c YAML \u6587\u4ef6\u4e24\u79cd\u65b9\u5f0f\u521b\u5efa\u4e91\u4e3b\u673a\u3002
\u4e91\u4e3b\u673a\u57fa\u4e8e KubeVirt \u6280\u672f\u5c06\u4e91\u4e3b\u673a\u4f5c\u4e3a\u4e91\u539f\u751f\u5e94\u7528\u8fdb\u884c\u7ba1\u7406\uff0c\u4e0e\u5bb9\u5668\u65e0\u7f1d\u5730\u8854\u63a5\u5728\u4e00\u8d77\uff0c \u4f7f\u7528\u6237\u80fd\u591f\u8f7b\u677e\u5730\u90e8\u7f72\u4e91\u4e3b\u673a\u5e94\u7528\uff0c\u4eab\u53d7\u4e0e\u5bb9\u5668\u5e94\u7528\u4e00\u81f4\u7684\u4e1d\u6ed1\u4f53\u9a8c\u3002
"},{"location":"admin/virtnest/quickstart/index.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u521b\u5efa\u4e91\u4e3b\u673a\u4e4b\u524d\uff0c\u9700\u8981\u6ee1\u8db3\u4ee5\u4e0b\u524d\u63d0\u6761\u4ef6\uff1a
\u53c2\u8003\u4ee5\u4e0b\u6b65\u9aa4\uff0c\u4f7f\u7528\u955c\u50cf\u521b\u5efa\u4e00\u4e2a\u4e91\u4e3b\u673a\u3002
\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u4e0a\u7684 \u5bb9\u5668\u7ba1\u7406 \uff0c\u7136\u540e\u70b9\u51fb \u4e91\u4e3b\u673a \uff0c\u8fdb\u5165 \u4e91\u4e3b\u673a \u9875\u9762\u3002
\u5728\u4e91\u4e3b\u673a\u5217\u8868\u9875\u9762\uff0c\u70b9\u51fb \u521b\u5efa\u4e91\u4e3b\u673a -> \u9009\u62e9 \u901a\u8fc7\u955c\u50cf\u521b\u5efa \u3002
\u8fdb\u5165\u955c\u50cf\u521b\u5efa\u9875\u9762\uff0c\u4f9d\u6b21\u586b\u5199\u57fa\u672c\u4fe1\u606f\u3001\u955c\u50cf\u914d\u7f6e\u3001\u5b58\u50a8\u4e0e\u7f51\u7edc\u3001\u767b\u5f55\u8bbe\u7f6e\u540e\uff0c\u5728\u9875\u9762\u53f3\u4e0b\u89d2\u70b9\u51fb \u786e\u5b9a \u5b8c\u6210\u521b\u5efa\u3002
\u7cfb\u7edf\u5c06\u81ea\u52a8\u8fd4\u56de\u4e91\u4e3b\u673a\u5217\u8868\u3002\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507 \uff0c\u53ef\u4ee5\u5bf9\u4e91\u4e3b\u673a\u6267\u884c\u5173\u673a/\u5f00\u542f\u3001\u91cd\u542f\u3001\u514b\u9686\u3001\u66f4\u65b0\u3001\u521b\u5efa\u5feb\u7167\u3001\u63a7\u5236\u53f0\u8bbf\u95ee\uff08VNC\uff09\u3001\u5220\u9664\u7b49\u64cd\u4f5c\u3002 \u514b\u9686\u548c\u5feb\u7167\u80fd\u529b\u4f9d\u8d56\u4e8e\u5b58\u50a8\u6c60\u7684\u9009\u62e9\u3002
\u5728 \u521b\u5efa\u4e91\u4e3b\u673a \u9875\u9762\u4e2d\uff0c\u6839\u636e\u4e0b\u8868\u8f93\u5165\u4fe1\u606f\u540e\uff0c\u70b9\u51fb \u4e0b\u4e00\u6b65 \u3002
\u6839\u636e\u4e0b\u8868\u586b\u5199\u955c\u50cf\u76f8\u5173\u4fe1\u606f\u540e\uff0c\u70b9\u51fb \u4e0b\u4e00\u6b65
\u955c\u50cf\u6765\u6e90\uff1a\u652f\u6301\u4e09\u79cd\u7c7b\u578b\u7684\u6765\u6e90\u3002
\u4ee5\u4e0b\u662f\u5e73\u53f0\u5185\u7f6e\u7684\u955c\u50cf\u4fe1\u606f\uff0c\u5305\u62ec\u64cd\u4f5c\u7cfb\u7edf\u548c\u7248\u672c\u3001\u955c\u50cf\u5730\u5740\u3002\u540c\u65f6\u4e5f\u652f\u6301\u81ea\u5b9a\u4e49\u4e91\u4e3b\u673a\u955c\u50cf\u3002
\u64cd\u4f5c\u7cfb\u7edf \u5bf9\u5e94\u7248\u672c \u955c\u50cf\u5730\u5740 CentOS CentOS 7.9 release-ci.daocloud.io/virtnest/system-images/centos-7.9-x86_64:v1 Ubuntu Ubuntu 22.04 release-ci.daocloud.io/virtnest/system-images/ubuntu-22.04-x86_64:v1 Debian Debian 12 release-ci.daocloud.io/virtnest/system-images/debian-12-x86_64:v1\u955c\u50cf\u5bc6\u94a5\uff1a\u4ec5\u652f\u6301\u9ed8\u8ba4\uff08Opaque\uff09\u7c7b\u578b\u5bc6\u94a5\uff0c\u5177\u4f53\u683c\u5f0f\u8bf7\u53c2\u8003\u521b\u5efa\u5bc6\u94a5\u3002
\u5e73\u53f0\u5185\u7f6e\u955c\u50cf\u5b58\u50a8\u5728\u70b9\u706b\u96c6\u7fa4\u4e2d\uff0c\u800c\u70b9\u706b\u96c6\u7fa4\u7684\u955c\u50cf\u4ed3\u5e93\u672a\u52a0\u5bc6\uff0c\u56e0\u6b64\u5f53\u9009\u62e9\u5185\u7f6e\u955c\u50cf\u65f6\uff0c\u65e0\u9700\u9009\u62e9\u5bc6\u94a5\u3002
Note
CPU \u548c\u5185\u5b58\u7684\u70ed\u52a0\u8f7d\u914d\u7f6e\u8981\u6c42\uff1avirtnest \u7684\u7248\u672c\u4e0d\u4f4e\u4e8e v0.10.0\uff0c\u5e76\u4e14 virtnest-agent \u7248\u672c\u4e0d\u4f4e\u4e8e v0.7.0\uff1b\u652f\u6301\u5b9e\u65f6\u8fc1\u79fb\uff08\u786e\u4fdd PVC \u8bbf\u95ee\u6a21\u5f0f\u4e3a ReadWriteMany\uff09\u3002
\u8d44\u6e90\u914d\u7f6e\uff1aCPU \u5efa\u8bae\u4f7f\u7528\u6574\u6570\uff0c\u82e5\u586b\u5199\u5c0f\u6570\u5219\u4f1a\u5411\u4e0a\u53d6\u6574\u3002\u652f\u6301 CPU\u3001\u5185\u5b58\u7684\u70ed\u52a0\u8f7d\u3002
GPU \u914d\u7f6e\uff1a\u542f\u7528 GPU \u529f\u80fd\u9700\u8981\u9700\u8981\u6ee1\u8db3\u524d\u63d0\u6761\u4ef6\uff0c\u5177\u4f53\u53ef\u53c2\u8003 \u4e91\u4e3b\u673a\u914d\u7f6e GPU\uff08Nvidia)\u3002 \u4e91\u4e3b\u673a\u652f\u6301 Nvidia\u2014GPU \u548c Nvidia\u2014vGPU \u4e24\u79cd\u7c7b\u578b\uff0c\u9009\u62e9\u6240\u9700\u7c7b\u578b\u540e\uff0c\u9700\u8981\u9009\u62e9\u5bf9\u5e94\u7684 GPU \u578b\u53f7\u548c\u5361\u7684\u6570\u91cf\u3002
\u5b58\u50a8\uff1a
\u5b58\u50a8\u548c\u4e91\u4e3b\u673a\u7684\u529f\u80fd\u606f\u606f\u76f8\u5173\uff0c\u4e3b\u8981\u662f\u901a\u8fc7\u4f7f\u7528 Kubernetes \u7684\u6301\u4e45\u5377\u548c\u5b58\u50a8\u7c7b\uff0c\u63d0\u4f9b\u4e86\u7075\u6d3b\u4e14\u53ef\u6269\u5c55\u7684\u4e91\u4e3b\u673a\u5b58\u50a8\u80fd\u529b\u3002\u6bd4\u5982\u4e91\u4e3b\u673a\u955c\u50cf\u5b58\u50a8\u5728 pvc \u91cc\uff0c\u652f\u6301\u548c\u5176\u4ed6\u6570\u636e\u4e00\u8d77\u514b\u9686\u3001\u5feb\u7167\u7b49\u3002
\u7cfb\u7edf\u76d8\uff1a\u7cfb\u7edf\u9ed8\u8ba4\u521b\u5efa\u4e00\u4e2a VirtIO \u7c7b\u578b\u7684 rootfs \u7cfb\u7edf\u76d8\uff0c\u7528\u4e8e\u5b58\u653e\u64cd\u4f5c\u7cfb\u7edf\u548c\u6570\u636e\u3002
\u6570\u636e\u76d8\uff1a\u6570\u636e\u76d8\u662f\u4e91\u4e3b\u673a\u4e2d\u7528\u4e8e\u5b58\u50a8\u7528\u6237\u6570\u636e\u3001\u5e94\u7528\u7a0b\u5e8f\u6570\u636e\u6216\u5176\u4ed6\u975e\u64cd\u4f5c\u7cfb\u7edf\u76f8\u5173\u6587\u4ef6\u7684\u5b58\u50a8\u8bbe\u5907\u3002\u4e0e\u7cfb\u7edf\u76d8\u76f8\u6bd4\uff0c\u6570\u636e\u76d8\u662f\u975e\u5fc5\u9009\u7684\uff0c\u53ef\u4ee5\u6839\u636e\u9700\u8981\u52a8\u6001\u6dfb\u52a0\u6216\u79fb\u9664\u3002\u6570\u636e\u76d8\u7684\u5bb9\u91cf\u4e5f\u53ef\u4ee5\u6839\u636e\u9700\u6c42\u8fdb\u884c\u7075\u6d3b\u914d\u7f6e\u3002
\u9ed8\u8ba4\u4f7f\u7528\u5757\u5b58\u50a8\u3002\u5982\u679c\u9700\u8981\u4f7f\u7528\u514b\u9686\u548c\u5feb\u7167\u529f\u80fd\uff0c\u8bf7\u786e\u4fdd\u60a8\u7684\u5b58\u50a8\u6c60\u5df2\u7ecf\u521b\u5efa\u4e86\u5bf9\u5e94\u7684 VolumeSnapshotClass\uff0c \u53ef\u4ee5\u53c2\u8003\u4ee5\u4e0b\u793a\u4f8b\u3002\u5982\u679c\u9700\u8981\u4f7f\u7528\u5b9e\u65f6\u8fc1\u79fb\u529f\u80fd\uff0c\u8bf7\u786e\u4fdd\u60a8\u7684\u5b58\u50a8\u652f\u6301\u5e76\u9009\u62e9\u4e86 ReadWriteMany \u7684\u8bbf\u95ee\u6a21\u5f0f \u3002
\u5927\u591a\u6570\u60c5\u51b5\u4e0b\uff0c\u5b58\u50a8\u5728\u5b89\u88c5\u8fc7\u7a0b\u4e2d\u4e0d\u4f1a\u81ea\u52a8\u521b\u5efa\u8fd9\u6837\u7684 VolumeSnapshotClass\uff0c\u56e0\u6b64\u60a8\u9700\u8981\u624b\u52a8\u521b\u5efa VolumeSnapshotClass\u3002 \u4ee5\u4e0b\u662f\u4e00\u4e2a HwameiStor \u521b\u5efa VolumeSnapshotClass \u7684\u793a\u4f8b\uff1a
kind: VolumeSnapshotClass\napiVersion: snapshot.storage.k8s.io/v1\nmetadata:\n name: hwameistor-storage-lvm-snapshot\n annotations:\n snapshot.storage.kubernetes.io/is-default-class: \"true\"\nparameters:\n snapsize: \"1073741824\"\ndriver: lvm.hwameistor.io\ndeletionPolicy: Delete\n
\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u68c0\u67e5 VolumeSnapshotClass \u662f\u5426\u521b\u5efa\u6210\u529f\u3002
kubectl get VolumeSnapshotClass\n
\u67e5\u770b\u5df2\u521b\u5efa\u7684 Snapshotclass\uff0c\u5e76\u4e14\u786e\u8ba4 provisioner \u5c5e\u6027\u540c\u5b58\u50a8\u6c60\u4e2d\u7684 Driver \u5c5e\u6027\u4e00\u81f4\u3002
\u7f51\u7edc\uff1a
\u7f51\u7edc\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u8868\u683c\u4fe1\u606f\u6309\u9700\u7ec4\u5408\u3002
\u7f51\u7edc\u6a21\u5f0f CNI \u662f\u5426\u5b89\u88c5 Spiderpool \u7f51\u5361\u6a21\u5f0f \u56fa\u5b9a IP \u5b9e\u65f6\u8fc1\u79fb Masquerade\uff08NAT\uff09 Calico \u274c \u5355\u7f51\u5361 \u274c \u2705 Cilium \u274c \u5355\u7f51\u5361 \u274c \u2705 Flannel \u274c \u5355\u7f51\u5361 \u274c \u2705 Bridge\uff08\u6865\u63a5\uff09 OVS \u2705 \u591a\u7f51\u5361 \u2705 \u2705\u7f51\u7edc\u6a21\u5f0f\u5206\u4e3a Masquerade\uff08NAT\uff09\u548c Bridge\uff08\u6865\u63a5\uff09\uff0cBridge\uff08\u6865\u63a5\uff09\u6a21\u5f0f\u9700\u8981\u5b89\u88c5\u4e86 Spiderpool \u7ec4\u4ef6\u540e\u65b9\u53ef\u4f7f\u7528\u3002
\u6dfb\u52a0\u7f51\u5361
\u9664\u4e86\u901a\u8fc7\u955c\u50cf\u65b9\u5f0f\u5916\uff0c\u8fd8\u53ef\u4ee5\u901a\u8fc7 YAML \u6587\u4ef6\u66f4\u5feb\u901f\u5730\u521b\u5efa\u521b\u5efa\u4e91\u4e3b\u673a\u3002
\u8fdb\u5165\u4e91\u4e3b\u673a\u5217\u8868\u9875\uff0c\u70b9\u51fb \u901a\u8fc7 YAML \u521b\u5efa \u6309\u94ae\u3002
\u70b9\u51fb\u67e5\u770b\u521b\u5efa\u4e91\u4e3b\u673a\u7684 YAML \u793a\u4f8bapiVersion: kubevirt.io/v1\nkind: VirtualMachine\nmetadata:\n name: demo\n namespace: default\nspec:\n dataVolumeTemplates:\n - metadata:\n name: systemdisk-demo\n namespace: default\n spec:\n pvc:\n accessModes:\n - ReadWriteOnce\n resources:\n requests:\n storage: 10Gi\n storageClassName: hwameistor-storage-lvm-hdd\n source:\n registry:\n url: >-\n docker://release-ci.daocloud.io/virtnest/system-images/ubuntu-22.04-x86_64:v1\n runStrategy: Always\n template:\n spec:\n architecture: amd64\n domain:\n cpu:\n cores: 1\n sockets: 1\n threads: 1\n devices:\n disks:\n - bootOrder: 1\n disk:\n bus: virtio\n name: systemdisk-demo\n - disk:\n bus: virtio\n name: cloudinitdisk\n interfaces:\n - masquerade: {}\n name: default\n machine:\n type: q35\n resources:\n requests:\n memory: 2Gi\n networks:\n - name: default\n pod: {}\n volumes:\n - dataVolume:\n name: systemdisk-demo\n name: systemdisk-demo\n - cloudInitNoCloud:\n userDataBase64: >-\n I2Nsb3VkLWNvbmZpZwpzc2hfcHdhdXRoOiB0cnVlCmRpc2FibGVfcm9vdDogZmFsc2UKY2hwYXNzd2Q6IHsibGlzdCI6ICJyb290OjEyMzQ1NiIsIGV4cGlyZTogRmFsc2V9CgoKcnVuY21kOgogIC0gc2VkIC1pICIvI1w/UGVybWl0Um9vdExvZ2luL3MvXi4qJC9QZXJtaXRSb290TG9naW4geWVzL2ciIC9ldGMvc3NoL3NzaGRfY29uZmlnCiAgLSBzeXN0ZW1jdGwgcmVzdGFydCBzc2guc2VydmljZQ==\n name: cloudinitdisk\n
"},{"location":"admin/virtnest/quickstart/access.html","title":"\u8fde\u63a5\u4e91\u4e3b\u673a","text":"\u672c\u6587\u5c06\u4ecb\u7ecd\u4e24\u79cd\u8fde\u63a5\u4e91\u4e3b\u673a\u7684\u65b9\u5f0f\uff0c\u5206\u522b\u4e3a \u63a7\u5236\u53f0\u8bbf\u95ee\uff08VNC\uff09\u548c\u7ec8\u7aef\u65b9\u5f0f\u3002
"},{"location":"admin/virtnest/quickstart/access.html#_2","title":"\u7ec8\u7aef","text":"\u901a\u8fc7\u7ec8\u7aef\u8bbf\u95ee\u4e91\u4e3b\u673a\u7684\u65b9\u5f0f\u66f4\u52a0\u7075\u6d3b\u548c\u8f7b\u91cf\uff0c\u4f46\u662f\u65e0\u6cd5\u76f4\u63a5\u5c55\u793a\u56fe\u5f62\u754c\u9762\uff0c\u4ea4\u4e92\u6027\u8f83\u5dee\uff0c\u4e14\u65e0\u6cd5\u591a\u7ec8\u7aef\u540c\u65f6\u5728\u7ebf\u3002
\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u4e0a\u7684 \u5bb9\u5668\u7ba1\u7406 \uff0c\u7136\u540e\u70b9\u51fb \u4e91\u4e3b\u673a \uff0c\u8fdb\u5165\u5217\u8868\u9875\u9762\uff0c\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507 \uff0c\u652f\u6301\u901a\u8fc7\u7ec8\u7aef\u65b9\u5f0f\u8bbf\u95ee\u4e91\u4e3b\u673a\u3002
"},{"location":"admin/virtnest/quickstart/access.html#vnc","title":"\u63a7\u5236\u53f0\u8bbf\u95ee\uff08VNC\uff09","text":"\u901a\u8fc7 VNC \u8bbf\u95ee\u4e91\u4e3b\u673a\u7684\u65b9\u5f0f\u53ef\u4ee5\u5b9e\u73b0\u5bf9\u8fdc\u7a0b\u8ba1\u7b97\u673a\u7684\u5b8c\u6574\u56fe\u5f62\u754c\u9762\u7684\u8bbf\u95ee\u548c\u63a7\u5236\uff0c\u80fd\u591f\u76f4\u89c2\u5730\u64cd\u4f5c\u8fdc\u7a0b\u8bbe\u5907\uff0c\u4ea4\u4e92\u6027\u66f4\u52a0\u597d\uff0c\u4f46\u662f\u6027\u80fd\u4f1a\u53d7\u5230\u4e00\u5b9a\u5f71\u54cd\uff0c\u4e14\u65e0\u6cd5\u591a\u7ec8\u7aef\u540c\u65f6\u5728\u7ebf\u3002
Windows \u7cfb\u7edf\u9009\u62e9 VNC\u3002
\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u4e0a\u7684 \u5bb9\u5668\u7ba1\u7406 \uff0c\u7136\u540e\u70b9\u51fb \u4e91\u4e3b\u673a \uff0c\u8fdb\u5165\u5217\u8868\u9875\u9762\uff0c\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507 \uff0c\u652f\u6301\u901a\u8fc7\u63a7\u5236\u53f0\u8bbf\u95ee\uff08VNC\uff09\u7684\u65b9\u5f0f\u8bbf\u95ee\u4e91\u4e3b\u673a\u3002
"},{"location":"admin/virtnest/quickstart/detail.html","title":"\u4e91\u4e3b\u673a\u8be6\u60c5","text":"\u6210\u529f\u521b\u5efa\u4e91\u4e3b\u673a\u540e\uff0c\u53ef\u8fdb\u5165\u4e91\u4e3b\u673a\u8be6\u60c5\u9875\u9762\uff0c\u652f\u6301\u67e5\u770b\u57fa\u672c\u4fe1\u606f\u3001\u914d\u7f6e\u4fe1\u606f\u3001GPU \u4fe1\u606f\u3001\u6982\u89c8\u3001\u5b58\u50a8\u3001\u7f51\u7edc\u3001\u5feb\u7167\u3001\u4e8b\u4ef6\u7b49\u3002
\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u4e0a\u7684 \u5bb9\u5668\u7ba1\u7406 \uff0c\u7136\u540e\u70b9\u51fb \u96c6\u7fa4\u5217\u8868 \uff0c\u8fdb\u5165\u4e91\u4e3b\u673a\u6240\u5728\u96c6\u7fa4\u8be6\u60c5\uff0c\u70b9\u51fb\u4e91\u4e3b\u673a\u540d\u79f0\u67e5\u770b\u4e91\u4e3b\u673a\u8be6\u60c5\u3002
"},{"location":"admin/virtnest/quickstart/detail.html#_2","title":"\u57fa\u672c\u4fe1\u606f","text":"\u4e91\u4e3b\u673a\u57fa\u672c\u4fe1\u606f\u5305\u542b\u72b6\u6001\u3001\u522b\u540d\u3001\u96c6\u7fa4\u3001\u547d\u540d\u7a7a\u95f4\u3001IP\u3001\u6807\u7b7e\u3001\u8282\u70b9\u3001\u7528\u6237\u540d\u3001\u5bc6\u7801\u3001\u521b\u5efa\u65f6\u95f4\u7b49\u3002\u5176\u4e2d\uff0c
\u4e91\u4e3b\u673a\u914d\u7f6e\u4fe1\u606f\u5305\u62ec\uff1a
GPU \u914d\u7f6e\u4fe1\u606f\u5305\u542b GPU \u7c7b\u578b\u3001GPU \u578b\u53f7\u4ee5\u53ca\u5361\u6570\u91cf\u3002
"},{"location":"admin/virtnest/quickstart/detail.html#_3","title":"\u5176\u4ed6\u4fe1\u606f","text":"\u6982\u89c8\u50a8\u5b58\u7f51\u7edc\u5feb\u7167\u4e8b\u4ef6\u5217\u8868\u4e91\u4e3b\u673a\u6982\u89c8\u9875\u53ef\u67e5\u770b\u4e91\u4e3b\u673a\u7684\u76d1\u63a7\u5185\u5bb9\u3002\u8bf7\u6ce8\u610f\uff0c\u82e5\u672a\u5b89\u88c5 insight-agent \u7ec4\u4ef6\uff0c\u5219\u65e0\u6cd5\u83b7\u53d6\u76d1\u63a7\u4fe1\u606f\u3002
\u5c55\u793a\u4e91\u4e3b\u673a\u6240\u7528\u7684\u5b58\u50a8\uff0c\u5305\u62ec\u7cfb\u7edf\u76d8\u548c\u6570\u636e\u76d8\u7684\u4fe1\u606f\u3002
\u5c55\u793a\u4e91\u4e3b\u673a\u7684\u7f51\u7edc\u914d\u7f6e\uff0c\u5305\u62ec Multus CR\u3001\u7f51\u5361\u540d\u79f0\u3001IP \u5730\u5740\u7b49\u4fe1\u606f\u3002
\u82e5\u5df2\u7ecf\u521b\u5efa\u5feb\u7167\uff0c\u672c\u9875\u5c06\u5c55\u793a\u4e91\u4e3b\u673a\u7684\u5feb\u7167\u4fe1\u606f\uff0c\u652f\u6301\u901a\u8fc7\u5feb\u7167\u6062\u590d\u4e91\u4e3b\u673a\u3002
\u4e8b\u4ef6\u5217\u8868\u5305\u542b\u4e91\u4e3b\u673a\u7684\u751f\u547d\u5468\u671f\u4e2d\u53d1\u751f\u7684\u5404\u79cd\u72b6\u6001\u53d8\u5316\u3001\u64cd\u4f5c\u8bb0\u5f55\u548c\u7cfb\u7edf\u6d88\u606f\u7b49\u3002
"},{"location":"admin/virtnest/quickstart/nodeport.html","title":"\u901a\u8fc7 NodePort \u8bbf\u95ee\u4e91\u4e3b\u673a","text":"\u672c\u6587\u5c06\u4ecb\u7ecd\u5982\u4f55\u901a\u8fc7 NodePort \u8bbf\u95ee\u4e91\u4e3b\u673a\u3002
"},{"location":"admin/virtnest/quickstart/nodeport.html#_1","title":"\u73b0\u6709\u8bbf\u95ee\u65b9\u5f0f\u7684\u7f3a\u9677","text":"\u4e91\u4e3b\u673a\u652f\u6301\u901a\u8fc7 VNC \u6216\u8005 console \u8bbf\u95ee\uff0c\u4f46\u8fd9\u4e24\u79cd\u8bbf\u95ee\u65b9\u5f0f\u90fd\u6709\u4e00\u4e2a\u5f0a\u7aef\uff0c\u65e0\u6cd5\u591a\u7ec8\u7aef\u540c\u65f6\u5728\u7ebf\u3002
\u901a\u8fc7 NodePort \u5f62\u5f0f\u7684 Service\uff0c\u53ef\u4ee5\u5e2e\u52a9\u89e3\u51b3\u8fd9\u4e2a\u95ee\u9898\u3002
\u901a\u8fc7\u5bb9\u5668\u7ba1\u7406\u9875\u9762
vm.kubevirt.io/name: you-vm-name
\u521b\u5efa\u6210\u529f\u540e\uff0c\u5c31\u53ef\u4ee5\u901a\u8fc7 ssh username@nodeip -p port
\u6765\u8bbf\u95ee\u4e91\u4e3b\u673a
\u7f16\u5199 YAML \u6587\u4ef6\uff0c\u793a\u4f8b\u5982\u4e0b\uff1a
apiVersion: v1\nkind: Service\n metadata:\n name: test-ssh\nspec:\n ports:\n - name: tcp-ssh\n nodePort: 32090\n protocol: TCP\n // 22 \u7aef\u53e3\uff0c\u4e0d\u8981\u66f4\u6539\n port: 22 \n targetPort: 22\n selector:\n // \u4e91\u4e3b\u673a\u7684 name\n\u00a0 \u00a0vm.kubevirt.io/name: test-image-s3\n type: NodePort\n
\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4
kubectl apply -f you-svc.yaml\n
\u521b\u5efa\u6210\u529f\u540e\uff0c\u5c31\u53ef\u4ee5\u901a\u8fc7 ssh username@nodeip -p 32090
\u6765\u8bbf\u95ee\u4e91\u4e3b\u673a
\u672c\u6587\u5c06\u4ecb\u7ecd\u5982\u4f55\u901a\u8fc7\u8868\u5355\u548c YAML \u6587\u4ef6\u4e24\u79cd\u65b9\u5f0f\u66f4\u65b0\u4e91\u4e3b\u673a\u3002
"},{"location":"admin/virtnest/quickstart/update.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u5f00\u673a\u72b6\u6001\u4e0b\u66f4\u65b0\u4e91\u4e3b\u673a CPU\u3001\u5185\u5b58\u3001\u6570\u636e\u76d8\u4e4b\u524d\uff0c\u9700\u8981\u6ee1\u8db3\u4ee5\u4e0b\u524d\u63d0\u6761\u4ef6\uff1a
\u5728\u4e91\u4e3b\u673a\u5217\u8868\u9875\u9762\uff0c\u70b9\u51fb \u66f4\u65b0 \u8fdb\u5165\u4e91\u4e3b\u673a\u66f4\u65b0\u9875\u9762\u3002
\u57fa\u672c\u4fe1\u606f\u955c\u50cf\u914d\u7f6e\u5b58\u50a8\u4e0e\u7f51\u7edc\u767b\u5f55\u8bbe\u7f6e\u57fa\u672c\u4fe1\u606f\u9875\u9762\u4e2d\uff0c \u522b\u540d \u4e0e \u6807\u7b7e\u6ce8\u89e3 \u652f\u6301\u66f4\u65b0\uff0c\u5176\u4ed6\u4fe1\u606f\u65e0\u6cd5\u66f4\u6539\u3002\u5b8c\u6210\u66f4\u65b0\u540e\u70b9\u51fb \u4e0b\u4e00\u6b65 \u8fdb\u5165\u955c\u50cf\u914d\u7f6e\u7684\u754c\u9762\u3002
\u5728\u955c\u50cf\u914d\u7f6e\u9875\u9762\u4e2d\uff0c\u955c\u50cf\u6765\u6e90\u3001\u64cd\u4f5c\u7cfb\u7edf\u3001\u7248\u672c\u7b49\u53c2\u6570\u4e00\u65e6\u9009\u62e9\u540e\u65e0\u6cd5\u66f4\u6539\uff0c\u5141\u8bb8\u7528\u6237\u66f4\u65b0 GPU \u914d\u7f6e \uff0c \u5305\u62ec\u542f\u7528\u6216\u7981\u7528 GPU \u652f\u6301\uff0c\u9009\u62e9 GPU \u7684\u7c7b\u578b\uff0c\u6307\u5b9a\u6240\u9700\u7684\u578b\u53f7\uff0c\u4ee5\u53ca\u914d\u7f6e GPU \u5361\u7684\u6570\u91cf\uff0c\u66f4\u65b0\u540e\u9700\u8981\u91cd\u542f\u624d\u80fd\u751f\u6548\u3002 \u5b8c\u6210\u66f4\u65b0\u540e\u70b9\u51fb \u4e0b\u4e00\u6b65 \u8fdb\u5165\u5b58\u50a8\u4e0e\u7f51\u7edc\u7684\u754c\u9762\u3002
\u5728\u5b58\u50a8\u4e0e\u7f51\u7edc\u9875\u9762\u4e2d\uff0c\u7cfb\u7edf\u76d8\u7684\u5b58\u50a8\u6c60\u548c PVC \u8bbf\u95ee\u6a21\u5f0f\u4e00\u65e6\u9009\u62e9\u540e\u65e0\u6cd5\u66f4\u6539\uff0c\u652f\u6301\u589e\u52a0\u78c1\u76d8\u5bb9\u91cf\uff0c\u4e0d\u53ef\u51cf\u5c11\u3002 \u6b64\u5916\uff0c\u7528\u6237\u53ef\u4ee5\u81ea\u7531\u6dfb\u52a0\u6216\u8005\u79fb\u9664\u6570\u636e\u76d8\u3002\u4e0d\u652f\u6301\u66f4\u65b0\u7f51\u7edc\u914d\u7f6e\u3002\u5b8c\u6210\u66f4\u65b0\u540e\u70b9\u51fb \u4e0b\u4e00\u6b65 \u8fdb\u5165\u767b\u5f55\u8bbe\u7f6e\u7684\u754c\u9762\u3002
Note
\u5efa\u8bae\u5728\u4fee\u6539\u5b58\u50a8\u5bb9\u91cf\u6216\u589e\u52a0\u6570\u636e\u76d8\u540e\u91cd\u542f\u4e91\u4e3b\u673a\uff0c\u4ee5\u786e\u4fdd\u914d\u7f6e\u751f\u6548\u3002
\u5728\u767b\u5f55\u8bbe\u7f6e\u9875\u9762\u4e2d\uff0c\u7528\u6237\u540d\u3001\u5bc6\u7801\u4ee5\u53ca SSH \u5bc6\u94a5\u914d\u7f6e\u4e00\u65e6\u8bbe\u7f6e\uff0c\u4e0d\u5141\u8bb8\u66f4\u6539\u3002\u786e\u8ba4\u60a8\u7684\u767b\u5f55\u4fe1\u606f\u65e0\u8bef\u540e\uff0c\u70b9\u51fb\u786e\u5b9a\u6309\u94ae\u4ee5\u5b8c\u6210\u66f4\u65b0\u6d41\u7a0b\u3002
"},{"location":"admin/virtnest/quickstart/update.html#yaml","title":"\u7f16\u8f91 YAML","text":"\u9664\u4e86\u901a\u8fc7\u8868\u5355\u65b9\u5f0f\u66f4\u65b0\u4e91\u4e3b\u673a\u5916\uff0c\u8fd8\u53ef\u4ee5\u901a\u8fc7 YAML \u6587\u4ef6\u66f4\u5feb\u901f\u5730\u66f4\u65b0\u4e91\u4e3b\u673a\u3002
\u8fdb\u5165\u4e91\u4e3b\u673a\u5217\u8868\u9875\uff0c\u70b9\u51fb \u7f16\u8f91 YAML \u6309\u94ae\u3002
"},{"location":"admin/virtnest/template/index.html","title":"\u901a\u8fc7\u6a21\u677f\u521b\u5efa\u4e91\u4e3b\u673a","text":"\u672c\u6587\u5c06\u4ecb\u7ecd\u5982\u4f55\u901a\u8fc7\u6a21\u677f\u521b\u5efa\u4e91\u4e3b\u673a\u3002
\u901a\u8fc7\u5185\u7f6e\u6a21\u677f\u548c\u81ea\u5b9a\u4e49\u6a21\u677f\uff0c\u7528\u6237\u53ef\u4ee5\u8f7b\u677e\u521b\u5efa\u65b0\u7684\u4e91\u4e3b\u673a\u3002\u6b64\u5916\uff0c\u6211\u4eec\u8fd8\u63d0\u4f9b\u5c06\u73b0\u6709\u4e91\u4e3b\u673a\u8f6c\u6362\u4e3a\u4e91\u4e3b\u673a\u6a21\u677f\u7684\u529f\u80fd\uff0c\u8ba9\u7528\u6237\u80fd\u591f\u66f4\u52a0\u7075\u6d3b\u5730\u7ba1\u7406\u548c\u4f7f\u7528\u8d44\u6e90\u3002
"},{"location":"admin/virtnest/template/index.html#_2","title":"\u6a21\u677f\u521b\u5efa","text":"\u53c2\u8003\u4ee5\u4e0b\u6b65\u9aa4\uff0c\u4f7f\u7528\u6a21\u677f\u521b\u5efa\u4e00\u4e2a\u4e91\u4e3b\u673a\u3002
\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u4e0a\u7684 \u5bb9\u5668\u7ba1\u7406 \uff0c\u7136\u540e\u70b9\u51fb \u4e91\u4e3b\u673a \uff0c\u8fdb\u5165 \u4e91\u4e3b\u673a\u7ba1\u7406 \u9875\u9762\u3002\u5728\u4e91\u4e3b\u673a\u5217\u8868\u9875\u9762\uff0c\u70b9\u51fb\u521b\u5efa\u4e91\u4e3b\u673a-\u9009\u62e9\u6a21\u677f\u521b\u5efa\u4e91\u4e3b\u673a\u3002
\u8fdb\u5165\u955c\u50cf\u521b\u5efa\u9875\u9762\uff0c\u4f9d\u6b21\u586b\u5199\u57fa\u672c\u4fe1\u606f\u3001\u6a21\u677f\u914d\u7f6e\u3001\u5b58\u50a8\u4e0e\u7f51\u7edc\u3001\u767b\u5f55\u8bbe\u7f6e\u540e\uff0c\u5728\u9875\u9762\u53f3\u4e0b\u89d2\u70b9\u51fb \u786e\u5b9a \u5b8c\u6210\u521b\u5efa\u3002
\u7cfb\u7edf\u5c06\u81ea\u52a8\u8fd4\u56de\u4e91\u4e3b\u673a\u5217\u8868\u3002\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507 \uff0c\u53ef\u4ee5\u5bf9\u4e91\u4e3b\u673a\u6267\u884c\u5173\u673a/\u5f00\u542f\u3001\u91cd\u542f\u3001\u514b\u9686\u3001\u66f4\u65b0\u3001\u521b\u5efa\u5feb\u7167\u3001\u914d\u7f6e\u8f6c\u6362\u4e3a\u6a21\u677f\u3001\u63a7\u5236\u53f0\u8bbf\u95ee\uff08VNC\uff09\u3001\u5220\u9664\u7b49\u64cd\u4f5c\u3002 \u514b\u9686\u548c\u5feb\u7167\u80fd\u529b\u4f9d\u8d56\u4e8e\u5b58\u50a8\u6c60\u7684\u9009\u62e9\u3002
\u5728\u521b\u5efa\u4e91\u4e3b\u673a\u9875\u9762\u4e2d\uff0c\u6839\u636e\u4e0b\u8868\u8f93\u5165\u4fe1\u606f\u540e\uff0c\u70b9\u51fb \u4e0b\u4e00\u6b65 \u3002
\u51fa\u73b0\u6a21\u677f\u5217\u8868\uff0c\u6309\u9700\u9009\u62e9\u5185\u7f6e\u6a21\u677f/\u81ea\u5b9a\u4e49\u6a21\u677f\u3002
\u9009\u62e9\u5185\u7f6e\u6a21\u677f\uff1a\u5e73\u53f0\u5185\u7f6e\u4e862\u4e2a\u6807\u51c6\u6a21\u677f\uff0c\u4e0d\u5141\u8bb8\u7f16\u8f91\u548c\u5220\u9664\u3002\u9009\u62e9\u5185\u7f6e\u6a21\u677f\u540e\uff0c\u955c\u50cf\u6765\u6e90\u3001\u64cd\u4f5c\u7cfb\u7edf\u3001\u955c\u50cf\u5730\u5740\u7b49\u5c06\u4f7f\u7528\u6a21\u677f\u5185\u7684\u4fe1\u606f\uff0c\u65e0\u6cd5\u4fee\u6539\uff1b\u8d44\u6e90\u914d\u989d\u4e5f\u5c06\u4f7f\u7528\u6a21\u677f\u5185\u7684\u4fe1\u606f\uff0c\u5141\u8bb8\u4fee\u6539\u3002
\u9009\u62e9\u81ea\u5b9a\u4e49\u6a21\u677f\uff1a\u7531\u4e91\u4e3b\u673a\u914d\u7f6e\u8f6c\u5316\u800c\u6765\u7684\u6a21\u677f\uff0c\u652f\u6301\u7f16\u8f91\u548c\u5220\u9664\u3002\u4f7f\u7528\u81ea\u5b9a\u4e49\u6a21\u677f\u5219\u6839\u636e\u5177\u4f53\u60c5\u51b5\u652f\u6301\u4fee\u6539\u955c\u50cf\u6765\u6e90\u7b49\u4fe1\u606f\u3002
\u5b58\u50a8\uff1a\u7cfb\u7edf\u9ed8\u8ba4\u521b\u5efa\u4e00\u4e2a VirtIO \u7c7b\u578b\u7684 rootfs \u7cfb\u7edf\u76d8\uff0c\u7528\u4e8e\u5b58\u653e\u64cd\u4f5c\u7cfb\u7edf\u548c\u6570\u636e\u3002 \u9ed8\u8ba4\u4f7f\u7528\u5757\u5b58\u50a8\u3002\u5982\u679c\u9700\u8981\u4f7f\u7528\u514b\u9686\u548c\u5feb\u7167\u529f\u80fd\uff0c\u8bf7\u786e\u4fdd\u60a8\u7684\u5b58\u50a8\u6c60\u652f\u6301 VolumeSnapshots \u529f\u80fd\uff0c \u5e76\u5728\u5b58\u50a8\u6c60\uff08SC\uff09\u4e2d\u8fdb\u884c\u521b\u5efa\u3002\u8bf7\u6ce8\u610f\uff0c\u5b58\u50a8\u6c60\uff08SC\uff09\u8fd8\u6709\u5176\u4ed6\u4e00\u4e9b\u5148\u51b3\u6761\u4ef6\u9700\u8981\u6ee1\u8db3\u3002
\u5148\u51b3\u6761\u4ef6\uff1a
\u652f\u6301\u6dfb\u52a0\u4e00\u5757\u7cfb\u7edf\u76d8\u548c\u591a\u5757\u6570\u636e\u76d8\u3002
\u7f51\u7edc\uff1a\u82e5\u60a8\u4e0d\u505a\u4efb\u4f55\u914d\u7f6e\uff0c\u7cfb\u7edf\u5c06\u9ed8\u8ba4\u521b\u5efa\u4e00\u4e2a VirtIO \u7c7b\u578b\u7684\u7f51\u7edc\u3002
\u672c\u6587\u5c06\u4ecb\u7ecd\u5185\u7f6e\u4e91\u4e3b\u673a\u6a21\u677f\u548c\u81ea\u5b9a\u4e49\u4e91\u4e3b\u673a\u6a21\u677f\u3002
\u901a\u8fc7\u5185\u7f6e\u6a21\u677f\u548c\u81ea\u5b9a\u4e49\u6a21\u677f\uff0c\u7528\u6237\u53ef\u4ee5\u8f7b\u677e\u521b\u5efa\u65b0\u7684\u4e91\u4e3b\u673a\u3002\u6b64\u5916\uff0c\u6211\u4eec\u8fd8\u63d0\u4f9b\u5c06\u73b0\u6709\u4e91\u4e3b\u673a\u8f6c\u6362\u4e3a\u4e91\u4e3b\u673a\u6a21\u677f\u7684\u529f\u80fd\uff0c\u8ba9\u7528\u6237\u80fd\u591f\u66f4\u52a0\u7075\u6d3b\u5730\u7ba1\u7406\u548c\u4f7f\u7528\u8d44\u6e90\u3002
"},{"location":"admin/virtnest/template/tep.html#_2","title":"\u4e91\u4e3b\u673a\u6a21\u677f","text":"\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u4e0a\u7684 \u5bb9\u5668\u7ba1\u7406 \uff0c\u7136\u540e\u70b9\u51fb \u4e91\u4e3b\u673a\u6a21\u677f \uff0c\u8fdb\u5165 \u4e91\u4e3b\u673a\u6a21\u677f \u9875\u9762\uff0c\u82e5\u8be5\u6a21\u677f\u662f\u7531\u914d\u7f6e\u4e86 GPU \u7684\u4e91\u4e3b\u673a\u8f6c\u6362\u800c\u6765\uff0c\u6a21\u677f\u4e5f\u4f1a\u5e26\u6709 GPU \u7684\u4fe1\u606f\uff0c\u5c06\u5728\u6a21\u677f\u5217\u8868\u4e2d\u5c55\u793a\u3002
\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507 \uff0c\u53ef\u4ee5\u5bf9\u5185\u7f6e\u6a21\u677f\u6267\u884c\u521b\u5efa\u4e91\u4e3b\u673a\u548c\u67e5\u770b YAML \u64cd\u4f5c\uff1b\u5bf9\u81ea\u5b9a\u4e49\u6a21\u677f\u652f\u6301\u521b\u5efa\u4e91\u4e3b\u673a\u3001\u7f16\u8f91 YAML \u548c\u5220\u9664\u64cd\u4f5c\u3002
\u5e73\u53f0\u5185\u5185\u7f6e\u4e24\u79cd\u6a21\u677f\uff0c\u5206\u522b\u662f CentOS \u548c Ubuntu\u3002
\u81ea\u5b9a\u4e49\u6a21\u677f\u662f\u7531\u4e91\u4e3b\u673a\u914d\u7f6e\u8f6c\u5316\u800c\u6765\u7684\u6a21\u677f\u3002\u4ee5\u4e0b\u4ecb\u7ecd\u5982\u4f55\u4ece\u4e91\u4e3b\u673a\u914d\u7f6e\u8f6c\u6362\u4e3a\u6a21\u677f\u3002
\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u4e0a\u7684 \u5bb9\u5668\u7ba1\u7406 \uff0c\u7136\u540e\u70b9\u51fb \u4e91\u4e3b\u673a \uff0c\u8fdb\u5165\u5217\u8868\u9875\u9762\uff0c\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507 \u652f\u6301\u5c06\u914d\u7f6e\u8f6c\u6362\u4e3a\u6a21\u677f\u3002\u53ea\u6709\u8fd0\u884c\u4e2d/\u5173\u95ed\u72b6\u6001\u4e0b\u7684\u4e91\u4e3b\u673a\u652f\u6301\u8f6c\u5316\u3002
\u586b\u5199\u65b0\u6a21\u677f\u7684\u540d\u79f0\uff0c\u63d0\u793a\u539f\u59cb\u4e91\u4e3b\u673a\u5c06\u4f1a\u4fdd\u7559\u5e76\u4e14\u53ef\u7528\u3002\u8f6c\u6362\u6210\u529f\u540e\uff0c\u5c06\u4f1a\u5728\u6a21\u677f\u5217\u8868\u65b0\u589e\u4e00\u6761\u6570\u636e\u3002
\u6210\u529f\u521b\u5efa\u51fa\u6765\u4e00\u4e2a\u6a21\u677f\u540e\uff0c\u70b9\u51fb\u6a21\u677f\u540d\u79f0\uff0c\u53ef\u4ee5\u67e5\u770b\u4e91\u4e3b\u673a\u8be6\u60c5\uff0c\u5305\u62ec\u57fa\u672c\u4fe1\u606f\u3001GPU \u4fe1\u606f\u3001\u5b58\u50a8\u3001\u7f51\u7edc\u7b49\u3002\u5982\u679c\u9700\u8981\u5feb\u901f\u57fa\u4e8e\u8be5\u6a21\u677f\u90e8\u7f72\u65b0\u7684\u4e91\u4e3b\u673a\uff0c\u53ea\u9700\u70b9\u51fb\u9875\u9762\u53f3\u4e0a\u89d2\u7684 \u521b\u5efa\u4e91\u4e3b\u673a \u6309\u94ae\u5373\u53ef\u4fbf\u6377\u64cd\u4f5c\u3002
"},{"location":"admin/virtnest/vm/auto-migrate.html","title":"\u4e91\u4e3b\u673a\u81ea\u52a8\u6f02\u79fb","text":"\u672c\u6587\u5c06\u4ecb\u7ecd\u5f53\u96c6\u7fa4\u5185\u67d0\u4e2a\u8282\u70b9\u56e0\u4e3a\u65ad\u7535\u6216\u7f51\u7edc\u6545\u969c\uff0c\u5bfc\u81f4\u8be5\u8282\u70b9\u4e0a\u7684\u4e91\u4e3b\u673a\u65e0\u6cd5\u8bbf\u95ee\u65f6\uff0c \u5982\u4f55\u5c06\u6b63\u5728\u8fd0\u884c\u7684\u4e91\u4e3b\u673a\u65e0\u7f1d\u8fc1\u79fb\u5230\u5176\u4ed6\u7684\u8282\u70b9\u4e0a\uff0c\u540c\u65f6\u4fdd\u8bc1\u4e1a\u52a1\u7684\u8fde\u7eed\u6027\u548c\u6570\u636e\u7684\u5b89\u5168\u6027\u3002
\u4e0e\u5b9e\u65f6\u8fc1\u79fb\u76f8\u6bd4\uff0c\u81ea\u52a8\u6f02\u79fb\u4e0d\u9700\u8981\u60a8\u5728\u754c\u9762\u4e2d\u4e3b\u52a8\u64cd\u4f5c\uff0c\u800c\u662f\u7cfb\u7edf\u81ea\u52a8\u89e6\u53d1\u8fc1\u79fb\u8fc7\u7a0b\u3002
"},{"location":"admin/virtnest/vm/auto-migrate.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u5b9e\u73b0\u81ea\u52a8\u6f02\u79fb\u4e4b\u524d\uff0c\u9700\u8981\u6ee1\u8db3\u4ee5\u4e0b\u524d\u63d0\u6761\u4ef6\uff1a
\u68c0\u67e5\u4e91\u4e3b\u673a launcher pod \u72b6\u6001\uff1a
kubectl get pod\n
\u67e5\u770b launcher pod \u662f\u5426\u5904\u4e8e Terminating \u72b6\u6001\u3002
\u5f3a\u5236\u5220\u9664 launcher pod\uff1a
\u5982\u679c launcher pod \u72b6\u6001\u4e3a Terminating\uff0c\u53ef\u4ee5\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u8fdb\u884c\u5f3a\u5236\u5220\u9664\uff1a
kubectl delete <launcher pod> --force\n
\u66ff\u6362 <launcher pod>
\u4e3a\u4f60\u7684 launcher pod \u540d\u79f0\u3002
\u7b49\u5f85\u91cd\u65b0\u521b\u5efa\u5e76\u68c0\u67e5\u72b6\u6001\uff1a
\u5220\u9664\u540e\uff0c\u7cfb\u7edf\u5c06\u81ea\u52a8\u91cd\u65b0\u521b\u5efa launcher pod\u3002 \u7b49\u5f85\u5176\u72b6\u6001\u53d8\u4e3a running\uff0c\u7136\u540e\u5237\u65b0\u4e91\u4e3b\u673a\u5217\u8868\uff0c\u89c2\u5bdf\u4e91\u4e3b\u673a\u662f\u5426\u6210\u529f\u8fc1\u79fb\u5230\u65b0\u8282\u70b9\u3002
\u5982\u679c\u4f7f\u7528 rook-ceph \u4f5c\u4e3a\u5b58\u50a8\uff0c\u9700\u8981\u914d\u7f6e\u4e3a ReadWriteOnce \u6a21\u5f0f\uff1a
\u5f3a\u5236\u5220\u9664 pod \u540e\uff0c\u9700\u8981\u7b49\u5f85\u5927\u7ea6\u516d\u5206\u949f\u4ee5\u8ba9 launcher pod \u542f\u52a8\uff0c\u6216\u8005\u53ef\u4ee5\u901a\u8fc7\u4ee5\u4e0b\u547d\u4ee4\u7acb\u5373\u542f\u52a8 pod\uff1a
kubectl get pv | grep <vm name>\nkubectl get VolumeAttachment | grep <pv name>\n
\u66ff\u6362 <vm name>
\u548c <pv name>
\u4e3a\u4f60\u7684\u4e91\u4e3b\u673a\u540d\u79f0\u548c\u6301\u4e45\u5377\u540d\u79f0\u3002
\u7136\u540e\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u5220\u9664\u5bf9\u5e94\u7684 VolumeAttachment\uff1a
kubectl delete VolumeAttachment <vm>\n
\u66ff\u6362 <vm>
\u4e3a\u4f60\u7684\u4e91\u4e3b\u673a\u540d\u79f0\u3002
\u672c\u6587\u5c06\u4ecb\u7ecd\u5982\u4f55\u514b\u9686\u4e00\u53f0\u65b0\u7684\u4e91\u4e3b\u673a\u3002
\u7528\u6237\u53ef\u4ee5\u514b\u9686\u4e00\u53f0\u65b0\u7684\u4e91\u4e3b\u673a\uff0c\u514b\u9686\u540e\u7684\u4e91\u4e3b\u673a\u5c06\u5177\u6709\u4e0e\u539f\u59cb\u4e91\u4e3b\u673a\u76f8\u540c\u7684\u64cd\u4f5c\u7cfb\u7edf\u548c\u7cfb\u7edf\u914d\u7f6e\uff0c\u80fd\u591f\u5b9e\u73b0\u5feb\u901f\u90e8\u7f72\u548c\u6269\u5c55\uff0c\u5feb\u901f\u521b\u5efa\u76f8\u4f3c\u914d\u7f6e\u7684\u65b0\u4e91\u4e3b\u673a\uff0c\u800c\u65e0\u9700\u4ece\u5934\u5f00\u59cb\u5b89\u88c5\u3002
"},{"location":"admin/virtnest/vm/clone.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u4f7f\u7528\u514b\u9686\u529f\u80fd\u4e4b\u524d\uff0c\u9700\u8981\u6ee1\u8db3\u4ee5\u4e0b\u524d\u63d0\u6761\u4ef6\uff08\u548c\u5feb\u7167\u529f\u80fd\u7684\u524d\u63d0\u6761\u4ef6\u4e00\u81f4\uff09\uff1a
\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u4e0a\u7684 \u5bb9\u5668\u7ba1\u7406 \uff0c\u7136\u540e\u70b9\u51fb \u4e91\u4e3b\u673a \uff0c\u8fdb\u5165\u5217\u8868\u9875\u9762\uff0c\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507 \uff0c\u53ef\u4ee5\u5bf9\u975e\u9519\u8bef\u72b6\u6001\u4e0b\u7684\u4e91\u4e3b\u673a\u6267\u884c\u5feb\u7167\u64cd\u4f5c\u3002
\u5f39\u51fa\u5f39\u6846\uff0c\u9700\u8981\u586b\u5199\u514b\u9686\u65b0\u7684\u4e91\u4e3b\u673a\u7684\u540d\u79f0\u548c\u63cf\u8ff0\uff0c\u514b\u9686\u64cd\u4f5c\u53ef\u80fd\u9700\u8981\u4e00\u4e9b\u65f6\u95f4\uff0c\u5177\u4f53\u53d6\u51b3\u4e8e\u4e91\u4e3b\u673a\u7684\u5927\u5c0f\u548c\u5b58\u50a8\u6027\u80fd\u3002
\u514b\u9686\u6210\u529f\u540e\u53ef\u4ee5\u5728\u4e91\u4e3b\u673a\u5217\u8868\u5185\u67e5\u770b\u5230\u65b0\u7684\u4e91\u4e3b\u673a\uff0c\u65b0\u521b\u5efa\u51fa\u6765\u7684\u4e91\u4e3b\u673a\u5904\u4e8e\u5173\u673a\u72b6\u6001\uff0c\u82e5\u9700\u8981\u5f00\u673a\u9700\u8981\u624b\u52a8\u64cd\u4f5c\u3002
\u514b\u9686\u524d\u5efa\u8bae\u5bf9\u539f\u6709\u4e91\u4e3b\u673a\u8fdb\u884c\u5feb\u7167\uff0c\u5982\u679c\u514b\u9686\u8fc7\u7a0b\u4e2d\u9047\u5230\u95ee\u9898\uff0c\u8bf7\u68c0\u67e5\u5148\u51b3\u6761\u4ef6\u662f\u5426\u6ee1\u8db3\uff0c\u5e76\u5c1d\u8bd5\u91cd\u65b0\u6267\u884c\u514b\u9686\u64cd\u4f5c\u3002
\u5f53\u521b\u5efa\u4e91\u4e3b\u673a\u4f7f\u7528\u5bf9\u8c61\u5b58\u50a8\uff08S3\uff09\u4f5c\u4e3a\u955c\u50cf\u6765\u6e90\u65f6\uff0c\u6709\u65f6\u5019\u9700\u8981\u586b\u5199\u5bc6\u94a5\u6765\u83b7\u53d6\u901a\u8fc7 S3 \u7684\u9a8c\u8bc1\u3002\u4ee5\u4e0b\u5c06\u4ecb\u7ecd\u5982\u4f55\u521b\u5efa\u7b26\u5408\u4e91\u4e3b\u673a\u8981\u6c42\u7684\u5bc6\u94a5\u3002
\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u4e0a\u7684 \u5bb9\u5668\u7ba1\u7406 \uff0c\u7136\u540e\u70b9\u51fb \u96c6\u7fa4\u5217\u8868 \uff0c\u8fdb\u5165\u4e91\u4e3b\u673a\u6240\u5728\u96c6\u7fa4\u8be6\u60c5\uff0c\u70b9\u51fb \u914d\u7f6e\u4e0e\u5bc6\u94a5 \uff0c\u9009\u62e9 \u5bc6\u94a5 \uff0c\u70b9\u51fb \u521b\u5efa\u5bc6\u94a5 \u3002
\u8fdb\u5165\u521b\u5efa\u9875\u9762\uff0c\u586b\u5199\u5bc6\u94a5\u540d\u79f0\uff0c\u9009\u62e9\u548c\u4e91\u4e3b\u673a\u76f8\u540c\u7684\u547d\u540d\u7a7a\u95f4\uff0c\u6ce8\u610f\u9700\u8981\u9009\u62e9 \u9ed8\u8ba4\uff08Opaque\uff09 \u7c7b\u578b\u3002\u5bc6\u94a5\u6570\u636e\u9700\u8981\u9075\u5faa\u4ee5\u4e0b\u539f\u5219
\u521b\u5efa\u6210\u529f\u540e\u53ef\u4ee5\u5728\u521b\u5efa\u4e91\u4e3b\u673a\u65f6\u4f7f\u7528\u6240\u9700\u5bc6\u94a5\uff0c\u6700\u540e\u901a\u8fc7\u9a8c\u8bc1\u3002
\u672c\u529f\u80fd\u6682\u672a\u505a UI \u754c\u9762\u80fd\u529b\uff0c\u8bf7\u53c2\u8003\u6587\u6863\u7684\u64cd\u4f5c\u6b65\u9aa4\u6267\u884c\u3002
"},{"location":"admin/virtnest/vm/cross-cluster-migrate.html#_2","title":"\u4f7f\u7528\u573a\u666f","text":"\u5b9e\u73b0\u4e91\u4e3b\u673a\u8de8\u96c6\u7fa4\u8fc1\u79fb\u4e4b\u524d\uff0c\u9700\u8981\u6ee1\u8db3\u4ee5\u4e0b\u524d\u63d0\u6761\u4ef6\uff1a
\u6fc0\u6d3b VMExport Feature Gate\uff0c\u5728\u539f\u6709\u96c6\u7fa4\u5185\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c \u53ef\u53c2\u8003How to activate a feature gate
kubectl edit kubevirt kubevirt -n virtnest-system\n
\u8fd9\u6761\u547d\u4ee4\u5c06\u4fee\u6539 featureGates
\uff0c\u589e\u52a0 VMExport
\u3002
apiVersion: kubevirt.io/v1\nkind: KubeVirt\nmetadata:\n name: kubevirt\n namespace: virtnest-system\nspec:\n configuration:\n developerConfiguration:\n featureGates:\n - DataVolumes\n - LiveMigration\n - VMExport\n
"},{"location":"admin/virtnest/vm/cross-cluster-migrate.html#ingress","title":"\u914d\u7f6e\u539f\u6709\u96c6\u7fa4\u7684 Ingress","text":"\u4ee5 Nginx Ingress \u4e3a\u4f8b\uff0c\u914d\u7f6e Ingress \u4ee5\u6307\u5411 virt-exportproxy
Service\uff1a
apiVersion: networking.k8s.io/v1\nkind: Ingress\nmetadata:\n name: ingress-vm-export\n namespace: virtnest-system\nspec:\n tls:\n - hosts:\n - upgrade-test.com\n secretName: nginx-tls\n rules:\n - host: upgrade-test.com\n http:\n paths:\n - path: /\n pathType: Prefix\n backend:\n service:\n name: virt-exportproxy\n port:\n number: 8443\n ingressClassName: nginx\n
"},{"location":"admin/virtnest/vm/cross-cluster-migrate.html#_4","title":"\u8fc1\u79fb\u6b65\u9aa4","text":"\u521b\u5efa VirtualMachineExport CR
\u5982\u679c \u4e91\u4e3b\u673a\u5173\u673a\u72b6\u6001 \u4e0b\u8fdb\u884c\u8fc1\u79fb\uff08\u51b7\u8fc1\u79fb\uff09\uff1a
apiVersion: v1\nkind: Secret\nmetadata:\n name: example-token # \u5bfc\u51fa\u4e91\u4e3b\u673a\u6240\u7528 token\n namespace: default # \u4e91\u4e3b\u673a\u6240\u5728\u547d\u540d\u7a7a\u95f4\nstringData:\n token: 1234567890ab # \u5bfc\u51fa\u4f7f\u7528\u7684 token,\u53ef\u4fee\u6539\n\n---\napiVersion: export.kubevirt.io/v1alpha1\nkind: VirtualMachineExport\nmetadata:\n name: example-export # \u5bfc\u51fa\u540d\u79f0, \u53ef\u81ea\u884c\u4fee\u6539\n namespace: default # \u4e91\u4e3b\u673a\u6240\u5728\u547d\u540d\u7a7a\u95f4\nspec:\n tokenSecretRef: example-token # \u548c\u4e0a\u9762\u521b\u5efa\u7684token\u540d\u79f0\u4fdd\u6301\u4e00\u81f4\n source:\n apiGroup: \"kubevirt.io\"\n kind: VirtualMachine\n name: testvm # \u4e91\u4e3b\u673a\u540d\u79f0\n
\u5982\u679c\u8981\u5728 \u4e91\u4e3b\u673a\u4e0d\u5173\u673a \u7684\u72b6\u6001\u4e0b\uff0c\u4f7f\u7528\u4e91\u4e3b\u673a\u5feb\u7167\u8fdb\u884c\u8fc1\u79fb\uff08\u70ed\u8fc1\u79fb\uff09\uff1a
apiVersion: v1\nkind: Secret\nmetadata:\n name: example-token # \u5bfc\u51fa\u4e91\u4e3b\u673a\u6240\u7528 token\n namespace: default # \u4e91\u4e3b\u673a\u6240\u5728\u547d\u540d\u7a7a\u95f4\nstringData:\n token: 1234567890ab # \u5bfc\u51fa\u4f7f\u7528\u7684 token ,\u53ef\u4fee\u6539\n\n---\napiVersion: export.kubevirt.io/v1alpha1\nkind: VirtualMachineExport\nmetadata:\n name: export-snapshot # \u5bfc\u51fa\u540d\u79f0, \u53ef\u81ea\u884c\u4fee\u6539\n namespace: default # \u4e91\u4e3b\u673a\u6240\u5728\u547d\u540d\u7a7a\u95f4\nspec:\n tokenSecretRef: export-token # \u548c\u4e0a\u9762\u521b\u5efa\u7684token\u540d\u79f0\u4fdd\u6301\u4e00\u81f4\n source:\n apiGroup: \"snapshot.kubevirt.io\"\n kind: VirtualMachineSnapshot\n name: export-snap-202407191524 # \u5bf9\u5e94\u7684\u4e91\u4e3b\u673a\u5feb\u7167\u540d\u79f0\n
\u68c0\u67e5 VirtualMachineExport \u662f\u5426\u51c6\u5907\u5c31\u7eea\uff1a
# \u8fd9\u91cc\u7684 example-export \u9700\u8981\u66ff\u6362\u4e3a\u521b\u5efa\u7684 VirtualMachineExport \u540d\u79f0\nkubectl get VirtualMachineExport example-export -n default\n\nNAME SOURCEKIND SOURCENAME PHASE\nexample-export VirtualMachine testvm Ready\n
\u5f53 VirtualMachineExport \u51c6\u5907\u5c31\u7eea\u540e\uff0c\u5bfc\u51fa\u4e91\u4e3b\u673a YAML\u3002
\u5982\u679c\u5df2\u5b89\u88c5 virtctl \uff0c\u4f7f\u7528\u4ee5\u4e0b\u547d\u4ee4\u5bfc\u51fa\u4e91\u4e3b\u673a\u7684 YAML\uff1a
# \u81ea\u884c\u5c06 example-export\u66ff\u6362\u4e3a\u521b\u5efa\u7684 VirtualMachineExport \u540d\u79f0\n# \u81ea\u884c\u901a\u8fc7 -n \u6307\u5b9a\u547d\u540d\u7a7a\u95f4\nvirtctl vmexport download example-export --manifest --include-secret --output=manifest.yaml\n
\u5982\u679c\u6ca1\u6709\u5b89\u88c5 virtctl \uff0c\u4f7f\u7528\u4ee5\u4e0b\u547d\u4ee4\u5bfc\u51fa\u4e91\u4e3b\u673a YAML\uff1a
# \u81ea\u884c\u66ff\u6362 example-export \u66ff\u6362\u4e3a\u521b\u5efa\u7684 VirtualMachineExport \u540d\u79f0 \u548c\u547d\u540d\u7a7a\u95f4\nmanifesturl=$(kubectl get VirtualMachineExport example-export -n default -o=jsonpath='{.status.links.internal.manifests[0].url}')\nsecreturl=$(kubectl get VirtualMachineExport example-export -n default -o=jsonpath='{.status.links.internal.manifests[1].url}')\n# \u81ea\u884c\u66ff\u6362 secert \u540d\u79f0\u548c\u547d\u540d\u7a7a\u95f4\ntoken=$(kubectl get secret example-token -n default -o=jsonpath='{.data.token}' | base64 -d)\n\ncurl -H \"Accept: application/yaml\" -H \"x-kubevirt-export-token: $token\" --insecure $secreturl > manifest.yaml\ncurl -H \"Accept: application/yaml\" -H \"x-kubevirt-export-token: $token\" --insecure $manifesturl >> manifest.yaml\n
\u5bfc\u5165\u4e91\u4e3b\u673a
\u5c06\u5bfc\u51fa\u7684 manifest.yaml
\u590d\u5236\u5230\u76ee\u6807\u8fc1\u79fb\u96c6\u7fa4\u5e76\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\uff08\u5982\u679c\u547d\u540d\u7a7a\u95f4\u4e0d\u5b58\u5728\u5219\u9700\u8981\u63d0\u524d\u521b\u5efa\uff09\uff1a
kubectl apply -f manifest.yaml\n
\u521b\u5efa\u6210\u529f\u540e\uff0c\u91cd\u542f\u4e91\u4e3b\u673a\uff0c\u4e91\u4e3b\u673a\u6210\u529f\u8fd0\u884c\u540e\uff0c\u5728\u539f\u6709\u96c6\u7fa4\u5185\u5220\u9664\u539f\u4e91\u4e3b\u673a\uff08\u4e91\u4e3b\u673a\u672a\u542f\u52a8\u6210\u529f\u65f6\uff0c\u8bf7\u52ff\u5220\u9664\u539f\u4e91\u4e3b\u673a\uff09\u3002 \u5f53\u914d\u7f6e\u4e91\u4e3b\u673a\u7684\u5b58\u6d3b\uff08Liveness\uff09\u548c\u5c31\u7eea\uff08Readiness\uff09\u63a2\u9488\u65f6\uff0c\u4e0e Kubernetes \u7684\u914d\u7f6e\u8fc7\u7a0b\u76f8\u4f3c\u3002\u672c\u6587\u5c06\u4ecb\u7ecd\u5982\u4f55\u901a\u8fc7 YAML \u4e3a\u4e91\u4e3b\u673a\u914d\u7f6e\u5065\u5eb7\u68c0\u67e5\u53c2\u6570\u3002
\u4f46\u662f\u9700\u8981\u6ce8\u610f\uff1a\u9700\u8981\u5728\u4e91\u4e3b\u673a\u521b\u5efa\u6210\u529f\u5e76\u4e14\u5904\u4e8e\u5173\u673a\u72b6\u6001\u4e0b\uff0c\u4fee\u6539 YAML \u8fdb\u884c\u914d\u7f6e\u3002
"},{"location":"admin/virtnest/vm/health-check.html#http-liveness-probe","title":"\u914d\u7f6e HTTP Liveness Probe","text":"\u4fee\u6539 cloudInitNoCloud \u4ee5\u542f\u52a8\u4e00\u4e2a HTTP \u670d\u52a1\u5668\u3002
\u70b9\u51fb\u67e5\u770b YAML \u793a\u4f8b\u914d\u7f6eapiVersion: kubevirt.io/v1\nkind: VirtualMachine\nmetadata:\n annotations:\n kubevirt.io/latest-observed-api-version: v1\n kubevirt.io/storage-observed-api-version: v1\n virtnest.io/alias-name: ''\n virtnest.io/image-secret: ''\n virtnest.io/image-source: docker\n virtnest.io/os-image: release-ci.daocloud.io/virtnest/system-images/ubuntu-22.04-x86_64:v1\n creationTimestamp: '2024-10-15T02:39:45Z'\n finalizers:\n - kubevirt.io/virtualMachineControllerFinalize\n generation: 1\n labels:\n virtnest.io/os-family: Ubuntu\n virtnest.io/os-version: '22.04'\n name: test-probe\n namespace: amamba-team\n resourceVersion: '254032135'\n uid: 6d92779d-7415-4721-8c7b-a2dde163d758\nspec:\n dataVolumeTemplates:\n - metadata:\n creationTimestamp: null\n name: test-probe-rootdisk\n namespace: amamba-team\n spec:\n pvc:\n accessModes:\n - ReadWriteOnce\n resources:\n requests:\n storage: 10Gi\n storageClassName: hwameistor-storage-lvm-hdd\n source:\n registry:\n url: >-\n docker://release-ci.daocloud.io/virtnest/system-images/ubuntu-22.04-x86_64:v1\n runStrategy: Halted\n template:\n metadata:\n creationTimestamp: null\n spec:\n architecture: amd64\n domain:\n cpu:\n cores: 1\n sockets: 1\n threads: 1\n devices:\n disks:\n - bootOrder: 1\n disk:\n bus: virtio\n name: rootdisk\n - disk:\n bus: virtio\n name: cloudinitdisk\n interfaces:\n - masquerade: {}\n name: default\n machine:\n type: q35\n memory:\n guest: 2Gi\n resources:\n requests:\n memory: 2Gi\n networks:\n - name: default\n pod: {}\n livenessProbe:\n initialDelaySeconds: 120\n periodSeconds: 20\n httpGet:\n port: 1500\n timeoutSeconds: 10\n volumes:\n - dataVolume:\n name: test-probe-rootdisk\n name: rootdisk\n - cloudInitNoCloud:\n userData: |\n #cloud-config\n ssh_pwauth: true\n disable_root: false\n chpasswd: {\"list\": \"root:dangerous\", expire: False}\n runcmd:\n - sed -i \"/#\\?PermitRootLogin/s/^.*$/PermitRootLogin yes/g\" /etc/ssh/sshd_config\n - systemctl restart ssh.service\n - dhclient -r && dhclient\n - apt-get update && apt-get install -y ncat\n - [\"systemd-run\", \"--unit=httpserver\", \"ncat\", \"-klp\", \"1500\", \"-e\", '/usr/bin/echo -e HTTP/1.1 200 OK\\nContent-Length: 12\\n\\nHello World!']\n name: cloudinitdisk\n
\u6839\u636e\u64cd\u4f5c\u7cfb\u7edf\uff08\u5982 Ubuntu/Debian \u6216 CentOS\uff09\uff0cuserData \u7684\u914d\u7f6e\u53ef\u80fd\u6709\u6240\u4e0d\u540c\u3002\u4e3b\u8981\u533a\u522b\uff1a
\u5305\u7ba1\u7406\u5668\uff1a
Ubuntu/Debian \u4f7f\u7528 apt-get \u4f5c\u4e3a\u5305\u7ba1\u7406\u5668\u3002 CentOS \u4f7f\u7528 yum \u4f5c\u4e3a\u5305\u7ba1\u7406\u5668\u3002
SSH \u670d\u52a1\u91cd\u542f\u547d\u4ee4\uff1a
Ubuntu/Debian \u4f7f\u7528 systemctl restart ssh.service\u3002 CentOS \u4f7f\u7528 systemctl restart sshd.service\uff08\u6ce8\u610f CentOS 7 \u53ca\u4e4b\u524d\u7248\u672c\u4f7f\u7528 service sshd restart\uff09\u3002
\u5b89\u88c5\u7684\u8f6f\u4ef6\u5305\uff1a
Ubuntu/Debian \u5b89\u88c5 ncat\u3002 CentOS \u5b89\u88c5 nmap-ncat\uff08\u56e0\u4e3a ncat \u5728 CentOS \u7684\u9ed8\u8ba4\u4ed3\u5e93\u4e2d\u53ef\u80fd\u4e0d\u53ef\u7528\uff09\u3002
\u5728 spec.template.spec \u4e2d\u914d\u7f6e livenessProbe.tcpSocket\u3002
\u70b9\u51fb\u67e5\u770b YAML \u793a\u4f8b\u914d\u7f6eapiVersion: kubevirt.io/v1\nkind: VirtualMachine\nmetadata:\n annotations:\n kubevirt.io/latest-observed-api-version: v1\n kubevirt.io/storage-observed-api-version: v1\n virtnest.io/alias-name: ''\n virtnest.io/image-secret: ''\n virtnest.io/image-source: docker\n virtnest.io/os-image: release-ci.daocloud.io/virtnest/system-images/ubuntu-22.04-x86_64:v1\n creationTimestamp: '2024-10-15T02:39:45Z'\n finalizers:\n - kubevirt.io/virtualMachineControllerFinalize\n generation: 1\n labels:\n virtnest.io/os-family: Ubuntu\n virtnest.io/os-version: '22.04'\n name: test-probe\n namespace: amamba-team\n resourceVersion: '254032135'\n uid: 6d92779d-7415-4721-8c7b-a2dde163d758\nspec:\n dataVolumeTemplates:\n - metadata:\n creationTimestamp: null\n name: test-probe-rootdisk\n namespace: amamba-team\n spec:\n pvc:\n accessModes:\n - ReadWriteOnce\n resources:\n requests:\n storage: 10Gi\n storageClassName: hwameistor-storage-lvm-hdd\n source:\n registry:\n url: >-\n docker://release-ci.daocloud.io/virtnest/system-images/ubuntu-22.04-x86_64:v1\n runStrategy: Halted\n template:\n metadata:\n creationTimestamp: null\n spec:\n architecture: amd64\n domain:\n cpu:\n cores: 1\n sockets: 1\n threads: 1\n devices:\n disks:\n - bootOrder: 1\n disk:\n bus: virtio\n name: rootdisk\n - disk:\n bus: virtio\n name: cloudinitdisk\n interfaces:\n - masquerade: {}\n name: default\n machine:\n type: q35\n memory:\n guest: 2Gi\n resources:\n requests:\n memory: 2Gi\n networks:\n - name: default\n pod: {}\n livenessProbe:\n initialDelaySeconds: 120\n periodSeconds: 20\n tcpSocket:\n port: 1500\n timeoutSeconds: 10\n volumes:\n - dataVolume:\n name: test-probe-rootdisk\n name: rootdisk\n - cloudInitNoCloud:\n userData: |\n #cloud-config\n ssh_pwauth: true\n disable_root: false\n chpasswd: {\"list\": \"root:dangerous\", expire: False}\n runcmd:\n - sed -i \"/#\\?PermitRootLogin/s/^.*$/PermitRootLogin yes/g\" /etc/ssh/sshd_config\n - systemctl restart ssh.service\n - dhclient -r && dhclient\n - apt-get update && apt-get install -y ncat\n - [\"systemd-run\", \"--unit=httpserver\", \"ncat\", \"-klp\", \"1500\", \"-e\", '/usr/bin/echo -e HTTP/1.1 200 OK\\nContent-Length: 12\\n\\nHello World!']\n name: cloudinitdisk\n
"},{"location":"admin/virtnest/vm/health-check.html#readiness-probes","title":"\u914d\u7f6e Readiness Probes","text":"\u5728 spec.template.spec \u4e2d\u914d\u7f6e readiness\u3002
\u70b9\u51fb\u67e5\u770b YAML \u793a\u4f8b\u914d\u7f6eapiVersion: kubevirt.io/v1\nkind: VirtualMachine\nmetadata:\n annotations:\n kubevirt.io/latest-observed-api-version: v1\n kubevirt.io/storage-observed-api-version: v1\n virtnest.io/alias-name: ''\n virtnest.io/image-secret: ''\n virtnest.io/image-source: docker\n virtnest.io/os-image: release-ci.daocloud.io/virtnest/system-images/ubuntu-22.04-x86_64:v1\n creationTimestamp: '2024-10-15T02:39:45Z'\n finalizers:\n - kubevirt.io/virtualMachineControllerFinalize\n generation: 1\n labels:\n virtnest.io/os-family: Ubuntu\n virtnest.io/os-version: '22.04'\n name: test-probe\n namespace: amamba-team\n resourceVersion: '254032135'\n uid: 6d92779d-7415-4721-8c7b-a2dde163d758\nspec:\n dataVolumeTemplates:\n - metadata:\n creationTimestamp: null\n name: test-probe-rootdisk\n namespace: amamba-team\n spec:\n pvc:\n accessModes:\n - ReadWriteOnce\n resources:\n requests:\n storage: 10Gi\n storageClassName: hwameistor-storage-lvm-hdd\n source:\n registry:\n url: >-\n docker://release-ci.daocloud.io/virtnest/system-images/ubuntu-22.04-x86_64:v1\n runStrategy: Halted\n template:\n metadata:\n creationTimestamp: null\n spec:\n architecture: amd64\n domain:\n cpu:\n cores: 1\n sockets: 1\n threads: 1\n devices:\n disks:\n - bootOrder: 1\n disk:\n bus: virtio\n name: rootdisk\n - disk:\n bus: virtio\n name: cloudinitdisk\n interfaces:\n - masquerade: {}\n name: default\n machine:\n type: q35\n memory:\n guest: 2Gi\n resources:\n requests:\n memory: 2Gi\n networks:\n - name: default\n pod: {}\n readiness:\n initialDelaySeconds: 120\n periodSeconds: 20\n httpGet:\n port: 1500\n timeoutSeconds: 10\n volumes:\n - dataVolume:\n name: test-probe-rootdisk\n name: rootdisk\n - cloudInitNoCloud:\n userData: |\n #cloud-config\n ssh_pwauth: true\n disable_root: false\n chpasswd: {\"list\": \"root:dangerous\", expire: False}\n runcmd:\n - sed -i \"/#\\?PermitRootLogin/s/^.*$/PermitRootLogin yes/g\" /etc/ssh/sshd_config\n - systemctl restart ssh.service\n - dhclient -r && dhclient\n - apt-get update && apt-get install -y ncat\n - [\"systemd-run\", \"--unit=httpserver\", \"ncat\", \"-klp\", \"1500\", \"-e\", '/usr/bin/echo -e HTTP/1.1 200 OK\\nContent-Length: 12\\n\\nHello World!']\n name: cloudinitdisk\n
"},{"location":"admin/virtnest/vm/live-migration.html","title":"\u5b9e\u65f6\u8fc1\u79fb","text":"\u672c\u6587\u5c06\u4ecb\u7ecd\u5982\u4f55\u5c06\u4e91\u4e3b\u673a\u4ece\u4e00\u4e2a\u8282\u70b9\u79fb\u52a8\u5230\u53e6\u4e00\u4e2a\u8282\u70b9\u3002
\u5f53\u8282\u70b9\u7ef4\u62a4\u6216\u8005\u5347\u7ea7\u65f6\uff0c\u7528\u6237\u53ef\u4ee5\u5c06\u6b63\u5728\u8fd0\u884c\u7684\u4e91\u4e3b\u673a\u65e0\u7f1d\u8fc1\u79fb\u5230\u5176\u4ed6\u7684\u8282\u70b9\u4e0a\uff0c\u540c\u65f6\u53ef\u4ee5\u4fdd\u8bc1\u4e1a\u52a1\u7684\u8fde\u7eed\u6027\u548c\u6570\u636e\u7684\u5b89\u5168\u6027\u3002
"},{"location":"admin/virtnest/vm/live-migration.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u4f7f\u7528\u5b9e\u65f6\u8fc1\u79fb\u4e4b\u524d\uff0c\u9700\u8981\u6ee1\u8db3\u4ee5\u4e0b\u524d\u63d0\u6761\u4ef6\uff1a
\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u4e0a\u7684 \u5bb9\u5668\u7ba1\u7406 \uff0c\u7136\u540e\u70b9\u51fb \u4e91\u4e3b\u673a \uff0c\u8fdb\u5165\u5217\u8868\u9875\u9762\uff0c\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507 \uff0c\u53ef\u4ee5\u5bf9\u8fd0\u884c\u72b6\u6001\u4e0b\u7684\u4e91\u4e3b\u673a\u8fdb\u884c\u8fc1\u79fb\u52a8\u4f5c\u3002\u76ee\u524d\u4e91\u4e3b\u673a\u6240\u5728\u8282\u70b9\u4e3a controller-node-3 \u3002
\u5f39\u51fa\u5f39\u6846\uff0c\u63d0\u793a\u5728\u5b9e\u65f6\u8fc1\u79fb\u671f\u95f4\uff0c\u6b63\u5728\u8fd0\u884c\u7684\u4e91\u4e3b\u673a\u5b9e\u4f8b\u4f1a\u79fb\u52a8\u5230\u53e6\u4e00\u4e2a\u8282\u70b9\uff0c\u53ef\u4ee5\u9009\u62e9\u6307\u5b9a\u8282\u70b9\u8fc1\u79fb\uff0c\u4e5f\u53ef\u4ee5\u968f\u673a\u8fc1\u79fb\uff0c\u8bf7\u786e\u4fdd\u5176\u4ed6\u8282\u70b9\u8d44\u6e90\u5145\u8db3\u3002
\u8fc1\u79fb\u9700\u8981\u4e00\u6bb5\u65f6\u95f4\uff0c\u8bf7\u8010\u5fc3\u7b49\u5f85\uff0c\u6210\u529f\u540e\u53ef\u4ee5\u5728\u4e91\u4e3b\u673a\u5217\u8868\u5185\u67e5\u770b\u8282\u70b9\u4fe1\u606f\uff0c\u6b64\u65f6\u8282\u70b9\u8fc1\u79fb\u5230 controller-node-1 \u3002
\u672c\u6587\u5c06\u4ecb\u7ecd\u5728\u5173\u673a\u72b6\u6001\u4e0b\u5982\u4f55\u5c06\u4e91\u4e3b\u673a\u5728\u540c\u4e00\u96c6\u7fa4\u5185\u4ece\u4e00\u4e2a\u8282\u70b9\u79fb\u52a8\u5230\u53e6\u4e00\u4e2a\u8282\u70b9\u3002
\u51b7\u8fc1\u79fb\u7684\u4e3b\u8981\u7279\u70b9\u662f\uff0c\u4e91\u4e3b\u673a\u5728\u8fc1\u79fb\u8fc7\u7a0b\u4e2d\u4f1a\u5904\u4e8e\u79bb\u7ebf\u72b6\u6001\uff0c\u8fd9\u53ef\u80fd\u4f1a\u5bf9\u4e1a\u52a1\u8fde\u7eed\u6027\u4ea7\u751f\u5f71\u54cd\u3002\u56e0\u6b64\uff0c \u5728\u5b9e\u65bd\u51b7\u8fc1\u79fb\u65f6\u9700\u8981\u4ed4\u7ec6\u89c4\u5212\u8fc1\u79fb\u65f6\u95f4\u7a97\u53e3\uff0c\u5e76\u8003\u8651\u4e1a\u52a1\u9700\u6c42\u548c\u7cfb\u7edf\u53ef\u7528\u6027\u3002\u901a\u5e38\uff0c\u51b7\u8fc1\u79fb\u9002\u7528\u4e8e\u5bf9\u505c\u673a\u65f6\u95f4\u8981\u6c42\u4e0d\u662f\u975e\u5e38\u4e25\u683c\u7684\u573a\u666f\u3002
"},{"location":"admin/virtnest/vm/migratiom.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u4f7f\u7528\u51b7\u8fc1\u79fb\u4e4b\u524d\uff0c\u9700\u8981\u6ee1\u8db3\u4ee5\u4e0b\u524d\u63d0\u6761\u4ef6\uff1a
\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u4e0a\u7684 \u5bb9\u5668\u7ba1\u7406 \uff0c\u7136\u540e\u70b9\u51fb \u4e91\u4e3b\u673a \uff0c\u8fdb\u5165\u5217\u8868\u9875\u9762\uff0c\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507 \uff0c \u53ef\u4ee5\u5bf9\u5173\u673a\u72b6\u6001\u4e0b\u7684\u4e91\u4e3b\u673a\u8fdb\u884c\u8fc1\u79fb\u52a8\u4f5c\u3002\u4e91\u4e3b\u673a\u5728\u5173\u673a\u72b6\u6001\u4e0b\u65f6\u65e0\u6cd5\u67e5\u770b\u6240\u5728\u8282\u70b9\uff0c\u9700\u8981\u63d0\u524d\u89c4\u5212\u6216\u8005\u5f00\u673a\u67e5\u8be2\u3002
Note
\u5982\u679c\u60a8\u5728\u539f\u59cb\u8282\u70b9\u7684\u5b58\u50a8\u6c60\u4e2d\u4f7f\u7528\u4e86 local-path\uff0c\u8de8\u8282\u70b9\u8fc1\u79fb\u65f6\u53ef\u80fd\u51fa\u73b0\u95ee\u9898\uff0c\u8bf7\u8c28\u614e\u9009\u62e9\u3002
\u70b9\u51fb\u8fc1\u79fb\u540e\uff0c\u63d0\u793a\u5728\u8fc1\u79fb\u671f\u95f4\uff0c\u53ef\u4ee5\u9009\u62e9\u6307\u5b9a\u8282\u70b9\u8fc1\u79fb\uff0c\u4e5f\u53ef\u4ee5\u968f\u673a\u8fc1\u79fb\uff0c\u82e5\u9700\u8981\u4fee\u6539\u5b58\u50a8\u6c60\uff0c \u9700\u8981\u786e\u4fdd\u76ee\u6807\u8282\u70b9\u5185\u6709\u53ef\u7528\u5b58\u50a8\u6c60\u3002\u540c\u65f6\u9700\u8981\u76ee\u6807\u8282\u70b9\u8d44\u6e90\u5145\u8db3\uff0c\u8fc1\u79fb\u8fc7\u7a0b\u8017\u8d39\u65f6\u95f4\u8f83\u957f\uff0c\u8bf7\u8010\u5fc3\u7b49\u5f85\u3002
\u8fc1\u79fb\u9700\u8981\u4e00\u6bb5\u65f6\u95f4\uff0c\u8bf7\u8010\u5fc3\u7b49\u5f85\uff0c\u6210\u529f\u540e\u9700\u8981\u91cd\u542f\u67e5\u770b\u662f\u5426\u8fc1\u79fb\u6210\u529f\u3002\u672c\u793a\u4f8b\u5df2\u7ecf\u5f00\u673a\u67e5\u770b\u8fc1\u79fb\u6548\u679c\u3002
\u4e91\u4e3b\u673a\u57fa\u4e8e Kubevirt \u5f00\u6e90\u7684 Grafana Dashboard\uff0c\u4e3a\u4e86\u6bcf\u4e00\u4e2a\u4e91\u4e3b\u673a\u751f\u6210\u4e86\u76d1\u63a7\u770b\u677f
\u4e91\u4e3b\u673a\u7684\u76d1\u63a7\u4fe1\u606f\u53ef\u4ee5\u66f4\u597d\u7684\u4e86\u89e3\u4e91\u4e3b\u673a\u7684\u8d44\u6e90\u6d88\u8017\u60c5\u51b5\uff0c\u6bd4\u5982 CPU\u3001\u5185\u5b58\u3001\u5b58\u50a8\u548c\u7f51\u7edc\u7b49\u8d44\u6e90\u7684\u4f7f\u7528\u60c5\u51b5\uff0c \u4ece\u800c\u8fdb\u884c\u8d44\u6e90\u7684\u4f18\u5316\u548c\u89c4\u5212\uff0c\u63d0\u5347\u6574\u4f53\u7684\u8d44\u6e90\u5229\u7528\u6548\u7387\u3002
"},{"location":"admin/virtnest/vm/monitor.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u67e5\u770b\u4e91\u4e3b\u673a\u76d1\u63a7\u7684\u76f8\u5173\u4fe1\u606f\u4e4b\u524d\uff0c\u9700\u8981\u6ee1\u8db3\u4ee5\u4e0b\u524d\u63d0\u6761\u4ef6\uff1a
\u8fdb\u5165\u4e91\u4e3b\u673a\u7684\u8be6\u7ec6\u4fe1\u606f\u5e76\u70b9\u51fb \u6982\u89c8 \uff0c\u5373\u53ef\u67e5\u770b\u4e91\u4e3b\u673a\u7684\u76d1\u63a7\u5185\u5bb9\u3002\u8bf7\u6ce8\u610f\uff0c\u82e5\u672a\u5b89\u88c5 Insight-agent \u7ec4\u4ef6\uff0c\u5219\u65e0\u6cd5\u83b7\u53d6\u76d1\u63a7\u4fe1\u606f\u3002\u4ee5\u4e0b\u662f\u8be6\u7ec6\u4fe1\u606f\uff1a
CPU \u603b\u91cf\u3001CPU \u4f7f\u7528\u91cf\u3001\u5185\u5b58\u603b\u91cf\u3001\u5185\u5b58\u4f7f\u7528\u91cf\u3002
CPU \u4f7f\u7528\u7387\uff1a\u6307\u5f53\u524d\u4e91\u4e3b\u673a\u6b63\u5728\u4f7f\u7528\u7684 CPU \u8d44\u6e90\u7684\u767e\u5206\u6bd4\uff1b
\u5185\u5b58\u4f7f\u7528\u7387\uff1a\u6307\u5f53\u524d\u4e91\u4e3b\u673a\u6b63\u5728\u4f7f\u7528\u7684\u5185\u5b58\u8d44\u6e90\u5360\u603b\u53ef\u7528\u5185\u5b58\u7684\u767e\u5206\u6bd4\u3002
\u7f51\u7edc\u6d41\u91cf\uff1a\u6307\u4e91\u4e3b\u673a\u5728\u7279\u5b9a\u65f6\u95f4\u6bb5\u5185\u53d1\u9001\u548c\u63a5\u6536\u7684\u7f51\u7edc\u6570\u636e\u91cf\uff1b
\u7f51\u7edc\u4e22\u5305\u7387\uff1a\u6307\u5728\u6570\u636e\u4f20\u8f93\u8fc7\u7a0b\u4e2d\u4e22\u5931\u7684\u6570\u636e\u5305\u5360\u603b\u53d1\u9001\u6570\u636e\u5305\u6570\u91cf\u7684\u6bd4\u4f8b\u3002
\u7f51\u7edc\u9519\u8bef\u7387\uff1a\u6307\u5728\u7f51\u7edc\u4f20\u8f93\u8fc7\u7a0b\u4e2d\u53d1\u751f\u7684\u9519\u8bef\u7684\u6bd4\u7387\uff1b
\u78c1\u76d8\u541e\u5410\uff1a\u6307\u4e91\u4e3b\u673a\u7cfb\u7edf\u5728\u4e00\u5b9a\u65f6\u95f4\u5185\u8bfb\u53d6\u548c\u5199\u5165\u78c1\u76d8\u7684\u901f\u5ea6\u548c\u80fd\u529b\u3002
IOPS\uff1a\u6307\u7684\u662f\u5728\u4e00\u79d2\u949f\u5185\u4e91\u4e3b\u673a\u7cfb\u7edf\u8fdb\u884c\u7684\u8f93\u5165/\u8f93\u51fa\u64cd\u4f5c\u7684\u6b21\u6570\u3002\u78c1\u76d8\u5ef6\u8fdf\uff1a\u6307\u4e91\u4e3b\u673a\u7cfb\u7edf\u5728\u8fdb\u884c\u78c1\u76d8\u8bfb\u5199\u64cd\u4f5c\u65f6\u6240\u7ecf\u5386\u7684\u65f6\u95f4\u5ef6\u8fdf\u3002
\u672c\u6587\u5c06\u4ecb\u7ecd\u5982\u4f55\u4e3a\u4e91\u4e3b\u673a\u5b9a\u65f6\u521b\u5efa\u5feb\u7167\u3002
\u7528\u6237\u53ef\u4ee5\u4e3a\u4e91\u4e3b\u673a\u5b9a\u65f6\u521b\u5efa\u5feb\u7167\uff0c\u80fd\u591f\u4e3a\u6570\u636e\u63d0\u4f9b\u6301\u7eed\u7684\u4fdd\u62a4\uff0c\u786e\u4fdd\u5728\u53d1\u751f\u6570\u636e\u4e22\u5931\u3001\u635f\u574f\u6216\u5220\u9664\u7684\u60c5\u51b5\u4e0b\u53ef\u4ee5\u8fdb\u884c\u6709\u6548\u7684\u6570\u636e\u6062\u590d\u3002
"},{"location":"admin/virtnest/vm/scheduled-snapshot.html#_2","title":"\u5b9a\u65f6\u5feb\u7167\u6b65\u9aa4","text":"\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u4e0a\u7684 \u5bb9\u5668\u7ba1\u7406 -> \u96c6\u7fa4\u5217\u8868 \uff0c\u5728\u5217\u8868\u9875\u9762\uff0c\u9009\u62e9\u76ee\u6807\u4e91\u4e3b\u673a\u6240\u5728\u7684\u96c6\u7fa4\u3002 \u8fdb\u5165\u96c6\u7fa4\u540e\uff0c\u70b9\u51fb \u5de5\u4f5c\u8d1f\u8f7d -> \u5b9a\u65f6\u4efb\u52a1 \uff0c\u9009\u62e9 YAML \u521b\u5efa \u5b9a\u65f6\u4efb\u52a1\uff0c\u53c2\u8003\u4ee5\u4e0b YAML \u793a\u4f8b\u53ef\u4e3a\u6307\u5b9a\u4e91\u4e3b\u673a\u5b9a\u65f6\u521b\u5efa\u5feb\u7167\u3002
\u70b9\u51fb\u67e5\u770b\u521b\u5efa\u5b9a\u65f6\u4efb\u52a1\u7684 YAML \u793a\u4f8bapiVersion: batch/v1\nkind: CronJob\nmetadata:\n name: xxxxx-xxxxx-cronjob # \u5b9a\u65f6\u4efb\u52a1\u540d\u79f0, \u53ef\u81ea\u5b9a\u4e49\n namespace: virtnest-system # \u8bf7\u52ff\u4fee\u6539\u6b64namespace\nspec:\n schedule: \"5 * * * *\" # \u6309\u9700\u4fee\u6539\u5b9a\u65f6\u4efb\u52a1\u6267\u884c\u95f4\u9694\n concurrencyPolicy: Allow\n suspend: false\n successfulJobsHistoryLimit: 10\n failedJobsHistoryLimit: 3\n startingDeadlineSeconds: 60\n jobTemplate:\n spec:\n template:\n metadata:\n labels:\n virtnest.io/vm: xxxx # \u4fee\u6539\u4e3a\u9700\u8981\u5feb\u7167\u7684\u4e91\u4e3b\u673a\u540d\u79f0\n virtnest.io/namespace: xxxx # \u4fee\u6539\u4e3a\u4e91\u4e3b\u673a\u6240\u5728\u7684\u547d\u540d\u7a7a\u95f4\n spec:\n serviceAccountName: kubevirt-operator\n containers:\n - name: snapshot-job\n image: release.daocloud.io/virtnest/tools:v0.1.5 # \u79bb\u7ebf\u73af\u5883\u4e0b,\u4ed3\u5e93\u5730\u5740\u4fee\u6539\u4e3a\u5bf9\u5e94\u706b\u79cd\u96c6\u7fa4\u4ed3\u5e93\u5730\u5740\n imagePullPolicy: IfNotPresent\n env:\n - name: NS\n valueFrom:\n fieldRef:\n fieldPath: metadata.labels['virtnest.io/namespace']\n - name: VM\n valueFrom:\n fieldRef:\n fieldPath: metadata.labels['virtnest.io/vm']\n command:\n - /bin/sh\n - -c\n - |\n export SUFFIX=$(date +\"%Y%m%d-%H%M%S\")\n cat <<EOF | kubectl apply -f -\n apiVersion: snapshot.kubevirt.io/v1alpha1\n kind: VirtualMachineSnapshot\n metadata:\n name: $(VM)-snapshot-$SUFFIX\n namespace: $(NS)\n spec:\n source:\n apiGroup: kubevirt.io\n kind: VirtualMachine\n name: $(VM)\n EOF\n restartPolicy: OnFailure\n
\u521b\u5efa\u5b9a\u65f6\u4efb\u52a1\u5e76\u6210\u529f\u8fd0\u884c\u540e\uff0c\u53ef\u70b9\u51fb \u4e91\u4e3b\u673a \u5728\u5217\u8868\u9875\u9762\u9009\u62e9\u76ee\u6807\u4e91\u4e3b\u673a\uff0c\u8fdb\u5165\u8be6\u60c5\u540e\u53ef\u67e5\u770b\u5feb\u7167\u5217\u8868\u3002
\u672c\u6587\u5c06\u4ecb\u7ecd\u5982\u4f55\u4e3a\u4e91\u4e3b\u673a\u521b\u5efa\u5feb\u7167\uff0c\u5e76\u4ece\u5feb\u7167\u4e2d\u6062\u590d\u7684\u3002
\u7528\u6237\u53ef\u4ee5\u4e3a\u4e91\u4e3b\u673a\u521b\u5efa\u5feb\u7167\uff0c\u4fdd\u5b58\u4e91\u4e3b\u673a\u5f53\u4e0b\u7684\u72b6\u6001\uff0c\u4e00\u4e2a\u5feb\u7167\u53ef\u4ee5\u652f\u6301\u591a\u6b21\u6062\u590d\uff0c\u6bcf\u6b21\u6062\u590d\u65f6\uff0c \u4e91\u4e3b\u673a\u5c06\u88ab\u8fd8\u539f\u5230\u5feb\u7167\u521b\u5efa\u65f6\u7684\u72b6\u6001\u3002\u901a\u5e38\u53ef\u4ee5\u7528\u4e8e\u5907\u4efd\u3001\u6062\u590d\u3001\u56de\u6eda\u7b49\u573a\u666f\u3002
"},{"location":"admin/virtnest/vm/snapshot.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u4f7f\u7528\u5feb\u7167\u529f\u80fd\u4e4b\u524d\uff0c\u9700\u8981\u6ee1\u8db3\u4ee5\u4e0b\u524d\u63d0\u6761\u4ef6\uff1a
\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u4e0a\u7684 \u5bb9\u5668\u7ba1\u7406 \uff0c\u7136\u540e\u70b9\u51fb \u4e91\u4e3b\u673a \uff0c\u8fdb\u5165\u5217\u8868\u9875\u9762\uff0c\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507 \uff0c\u53ef\u4ee5\u5bf9\u975e\u9519\u8bef\u72b6\u6001\u4e0b\u7684\u4e91\u4e3b\u673a\u6267\u884c\u5feb\u7167\u64cd\u4f5c\u3002
\u5f39\u51fa\u5f39\u6846\uff0c\u9700\u8981\u586b\u5199\u5feb\u7167\u7684\u540d\u79f0\u548c\u63cf\u8ff0\uff0c\u521b\u5efa\u5feb\u7167\u5927\u6982\u9700\u8981\u51e0\u5206\u949f\u7684\u65f6\u95f4\uff0c\u5728\u6b64\u671f\u95f4\u65e0\u6cd5\u5bf9\u4e91\u4e3b\u673a\u505a\u4efb\u4f55\u64cd\u4f5c\u3002
\u521b\u5efa\u6210\u529f\u540e\u53ef\u4ee5\u5728\u4e91\u4e3b\u673a\u8be6\u60c5\u5185\u67e5\u770b\u5feb\u7167\u4fe1\u606f\uff0c\u652f\u6301\u7f16\u8f91\u63cf\u8ff0\u3001\u4ece\u5feb\u7167\u4e2d\u6062\u590d\u3001\u5220\u9664\u7b49\u64cd\u4f5c\u3002
\u70b9\u51fb \u4ece\u5feb\u7167\u6062\u590d \uff0c\u9700\u8981\u586b\u5199\u4e91\u4e3b\u673a\u6062\u590d\u8bb0\u5f55\u7684\u540d\u79f0\uff0c\u540c\u65f6\u6062\u590d\u64cd\u4f5c\u53ef\u80fd\u9700\u8981\u4e00\u4e9b\u65f6\u95f4\u6765\u5b8c\u6210\uff0c\u5177\u4f53\u53d6\u51b3\u4e8e\u5feb\u7167\u7684\u5927\u5c0f\u548c\u5176\u4ed6\u56e0\u7d20\u3002\u6062\u590d\u6210\u529f\u540e\uff0c\u4e91\u4e3b\u673a\u5c06\u56de\u5230\u5feb\u7167\u521b\u5efa\u65f6\u7684\u72b6\u6001\u3002
\u4e00\u6bb5\u65f6\u95f4\u540e\uff0c\u4e0b\u62c9\u5feb\u7167\u4fe1\u606f\uff0c\u53ef\u4ee5\u67e5\u770b\u5f53\u524d\u5feb\u7167\u7684\u6240\u6709\u6062\u590d\u8bb0\u5f55\uff0c\u5e76\u4e14\u652f\u6301\u5c55\u793a\u5b9a\u4f4d\u6062\u590d\u7684\u4f4d\u7f6e\u3002
\u672c\u6587\u5c06\u4ecb\u7ecd\u5982\u4f55\u5728\u521b\u5efa\u4e91\u4e3b\u673a\u65f6\uff0c\u914d\u7f6e\u7f51\u7edc\u4fe1\u606f\u3002
\u5728\u4e91\u4e3b\u673a\u4e2d\uff0c\u7f51\u7edc\u7ba1\u7406\u662f\u4e00\u4e2a\u5173\u952e\u7684\u90e8\u5206\uff0c\u5b83\u4f7f\u5f97\u6211\u4eec\u80fd\u591f\u5728 Kubernetes \u73af\u5883\u4e2d\u7ba1\u7406\u548c\u914d\u7f6e\u4e91\u4e3b\u673a\u7684\u7f51\u7edc\u8fde\u63a5\uff0c\u53ef\u4ee5\u6839\u636e\u4e0d\u540c\u7684\u9700\u6c42\u548c\u573a\u666f\u6765\u8fdb\u884c\u914d\u7f6e\uff0c\u5b9e\u73b0\u66f4\u7075\u6d3b\u548c\u591a\u6837\u5316\u7684\u7f51\u7edc\u67b6\u6784\u3002
\u5728\u4f7f\u7528\u4e91\u4e3b\u673a\u7f51\u7edc\u529f\u80fd\u4e4b\u524d\uff0c\u9700\u8981\u6839\u636e\u7f51\u7edc\u6a21\u5f0f\u7684\u4e0d\u540c\u914d\u7f6e\u4e0d\u540c\u7684\u4fe1\u606f\uff1a
\u9009\u62e9 Bridge \u7f51\u7edc\u6a21\u5f0f\u65f6\u9700\u8981\u63d0\u524d\u914d\u7f6e\u4e00\u4e9b\u4fe1\u606f\uff1a
\u914d\u7f6e\u4e91\u4e3b\u673a\u7684\u7f51\u7edc\u914d\u7f6e\uff0c\u53ef\u4ee5\u6839\u636e\u8868\u683c\u4fe1\u606f\u6309\u9700\u7ec4\u5408\u3002
\u7f51\u7edc\u6a21\u5f0f CNI \u662f\u5426\u5b89\u88c5 Spiderpool \u7f51\u5361\u6a21\u5f0f \u56fa\u5b9a IP \u5b9e\u65f6\u8fc1\u79fb Masquerade\uff08NAT\uff09 Calico \u274c \u5355\u7f51\u5361 \u274c \u2705 Cilium \u274c \u5355\u7f51\u5361 \u274c \u2705 Flannel \u274c \u5355\u7f51\u5361 \u274c \u2705 Bridge\uff08\u6865\u63a5\uff09 OVS \u2705 \u591a\u7f51\u5361 \u2705 \u2705\u7f51\u7edc\u6a21\u5f0f\uff1a\u5206\u4e3a Masquerade\uff08NAT\uff09\u3001Bridge\uff08\u6865\u63a5\uff09\u4e24\u79cd\uff0cBridge\uff08\u6865\u63a5\uff09\u6a21\u5f0f\u9700\u8981\u5b89\u88c5\u4e86 spiderpool \u7ec4\u4ef6\u540e\u65b9\u53ef\u4f7f\u7528\u3002
\u9ed8\u8ba4\u9009\u62e9 Masquerade\uff08NAT\uff09\u7684\u7f51\u7edc\u6a21\u5f0f\uff0c\u4f7f\u7528 eth0 \u9ed8\u8ba4\u7f51\u5361\u3002
\u82e5\u96c6\u7fa4\u5185\u5b89\u88c5\u4e86 spiderpool \u7ec4\u4ef6\uff0c\u5219\u652f\u6301\u9009\u62e9 Bridge\uff08\u6865\u63a5\uff09\u6a21\u5f0f\uff0c\u652f\u6301\u591a\u7f51\u5361\u5f62\u5f0f\u3002
\u9009\u62e9 Bridge \u6a21\u5f0f\u65f6\uff0c\u9700\u8981\u6709\u4e00\u4e9b\u524d\u63d0\u6761\u4ef6
\u6dfb\u52a0\u7f51\u5361
Bridge\uff08\u6865\u63a5\uff09\u6a21\u5f0f\u4e0b\u652f\u6301\u624b\u52a8\u6dfb\u52a0\u7f51\u5361\u3002\u70b9\u51fb \u6dfb\u52a0\u7f51\u5361 \uff0c\u8fdb\u884c\u7f51\u5361 IP \u6c60\u7684\u914d\u7f6e\u3002\u9009\u62e9\u548c\u7f51\u7edc\u6a21\u5f0f\u5339\u914d\u7684 Multus CR\uff0c\u82e5\u6ca1\u6709\u5219\u9700\u8981\u81ea\u884c\u521b\u5efa\u3002
\u82e5\u6253\u5f00 \u4f7f\u7528\u9ed8\u8ba4 IP \u6c60 \u5f00\u5173\uff0c\u5219\u4f7f\u7528 multus CR \u914d\u7f6e\u4e2d\u7684\u9ed8\u8ba4 IP \u6c60\u3002\u82e5\u5173\u95ed\u5f00\u5173\uff0c\u5219\u624b\u52a8\u9009\u62e9 IP \u6c60\u3002
\u672c\u6587\u5c06\u4ecb\u7ecd\u5982\u4f55\u5728\u521b\u5efa\u4e91\u4e3b\u673a\u65f6\uff0c\u914d\u7f6e\u5b58\u50a8\u4fe1\u606f\u3002
\u5b58\u50a8\u548c\u4e91\u4e3b\u673a\u7684\u529f\u80fd\u606f\u606f\u76f8\u5173\uff0c\u4e3b\u8981\u662f\u901a\u8fc7\u4f7f\u7528 Kubernetes \u7684\u6301\u4e45\u5377\u548c\u5b58\u50a8\u7c7b\uff0c\u63d0\u4f9b\u4e86\u7075\u6d3b\u4e14\u53ef\u6269\u5c55\u7684\u4e91\u4e3b\u673a\u5b58\u50a8\u80fd\u529b\u3002 \u6bd4\u5982\u4e91\u4e3b\u673a\u955c\u50cf\u5b58\u50a8\u5728 PVC \u91cc\uff0c\u652f\u6301\u548c\u5176\u4ed6\u6570\u636e\u4e00\u8d77\u514b\u9686\u3001\u5feb\u7167\u7b49
"},{"location":"admin/virtnest/vm/vm-sc.html#_2","title":"\u90e8\u7f72\u4e0d\u540c\u7684\u5b58\u50a8","text":"\u5728\u4f7f\u7528\u4e91\u4e3b\u673a\u5b58\u50a8\u529f\u80fd\u4e4b\u524d\uff0c\u9700\u8981\u6839\u636e\u9700\u8981\u90e8\u7f72\u4e0d\u540c\u7684\u5b58\u50a8\uff1a
kubectl apply -f
\u521b\u5efa\u4ee5\u4e0b YAML\uff1a---\napiVersion: v1\nkind: Namespace\nmetadata:\n name: local-path-storage\n\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: local-path-provisioner-service-account\n namespace: local-path-storage\n\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n name: local-path-provisioner-role\nrules:\n- apiGroups: [\"\"]\n resources: [\"nodes\", \"persistentvolumeclaims\", \"configmaps\"]\n verbs: [\"get\", \"list\", \"watch\"]\n- apiGroups: [\"\"]\n resources: [\"endpoints\", \"persistentvolumes\", \"pods\"]\n verbs: [\"*\"]\n- apiGroups: [\"\"]\n resources: [\"events\"]\n verbs: [\"create\", \"patch\"]\n- apiGroups: [\"storage.k8s.io\"]\n resources: [\"storageclasses\"]\n verbs: [\"get\", \"list\", \"watch\"]\n\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n name: local-path-provisioner-bind\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: local-path-provisioner-role\nsubjects:\n- kind: ServiceAccount\n name: local-path-provisioner-service-account\n namespace: local-path-storage\n\n---\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: local-path-provisioner\n namespace: local-path-storage\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: local-path-provisioner\n template:\n metadata:\n labels:\n app: local-path-provisioner\n spec:\n serviceAccountName: local-path-provisioner-service-account\n containers:\n - name: local-path-provisioner\n image: rancher/local-path-provisioner:v0.0.22\n imagePullPolicy: IfNotPresent\n command:\n - local-path-provisioner\n - --debug\n - start\n - --config\n - /etc/config/config.json\n volumeMounts:\n - name: config-volume\n mountPath: /etc/config/\n env:\n - name: POD_NAMESPACE\n valueFrom:\n fieldRef:\n fieldPath: metadata.namespace\n volumes:\n - name: config-volume\n configMap:\n name: local-path-config\n\n---\napiVersion: storage.k8s.io/v1\nkind: StorageClass\nmetadata:\n name: local-path\nprovisioner: rancher.io/local-path\nvolumeBindingMode: WaitForFirstConsumer\nreclaimPolicy: Delete\n\n---\nkind: ConfigMap\napiVersion: v1\nmetadata:\n name: local-path-config\n namespace: local-path-storage\ndata:\n config.json: |-\n {\n \"nodePathMap\": [\n {\n \"node\": \"DEFAULT_PATH_FOR_NON_LISTED_NODES\",\n \"paths\": [\"/opt/local-path-provisioner\"]\n }\n ]\n }\n setup: |-\n #!/bin/sh\n set -eu\n mkdir -m 0777 -p \"$VOL_DIR\"\n teardown: |-\n #!/bin/sh\n set -eu\n rm -rf \"$VOL_DIR\"\n helperPod.yaml: |-\n apiVersion: v1\n kind: Pod\n metadata:\n name: helper-pod\n spec:\n containers:\n - name: helper-pod\n image: busybox\n imagePullPolicy: IfNotPresent\n
"},{"location":"admin/virtnest/vm/vm-sc.html#_3","title":"\u4e91\u4e3b\u673a\u5b58\u50a8","text":"\u7cfb\u7edf\u76d8\uff1a\u7cfb\u7edf\u9ed8\u8ba4\u521b\u5efa\u4e00\u4e2a VirtIO \u7c7b\u578b\u7684 rootfs \u7cfb\u7edf\u76d8\uff0c\u7528\u4e8e\u5b58\u653e\u64cd\u4f5c\u7cfb\u7edf\u548c\u6570\u636e\u3002
\u6570\u636e\u76d8\uff1a\u6570\u636e\u76d8\u662f\u4e91\u4e3b\u673a\u4e2d\u7528\u4e8e\u5b58\u50a8\u7528\u6237\u6570\u636e\u3001\u5e94\u7528\u7a0b\u5e8f\u6570\u636e\u6216\u5176\u4ed6\u975e\u64cd\u4f5c\u7cfb\u7edf\u76f8\u5173\u6587\u4ef6\u7684\u5b58\u50a8\u8bbe\u5907\u3002\u4e0e\u7cfb\u7edf\u76d8\u76f8\u6bd4\uff0c\u6570\u636e\u76d8\u662f\u975e\u5fc5\u9009\u7684\uff0c\u53ef\u4ee5\u6839\u636e\u9700\u8981\u52a8\u6001\u6dfb\u52a0\u6216\u79fb\u9664\u3002\u6570\u636e\u76d8\u7684\u5bb9\u91cf\u4e5f\u53ef\u4ee5\u6839\u636e\u9700\u6c42\u8fdb\u884c\u7075\u6d3b\u914d\u7f6e\u3002
\u9ed8\u8ba4\u4f7f\u7528\u5757\u5b58\u50a8\u3002\u5982\u679c\u9700\u8981\u4f7f\u7528\u514b\u9686\u548c\u5feb\u7167\u529f\u80fd\uff0c\u8bf7\u786e\u4fdd\u60a8\u7684\u5b58\u50a8\u6c60\u5df2\u7ecf\u521b\u5efa\u4e86\u5bf9\u5e94\u7684 VolumeSnapshotClass\uff0c \u53ef\u4ee5\u53c2\u8003\u4ee5\u4e0b\u793a\u4f8b\u3002\u5982\u679c\u9700\u8981\u4f7f\u7528\u5b9e\u65f6\u8fc1\u79fb\u529f\u80fd\uff0c\u8bf7\u786e\u4fdd\u60a8\u7684\u5b58\u50a8\u652f\u6301\u5e76\u9009\u62e9\u4e86 ReadWriteMany \u7684\u8bbf\u95ee\u6a21\u5f0f \u3002
\u5927\u591a\u6570\u60c5\u51b5\u4e0b\uff0c\u5b58\u50a8\u5728\u5b89\u88c5\u8fc7\u7a0b\u4e2d\u4e0d\u4f1a\u81ea\u52a8\u521b\u5efa\u8fd9\u6837\u7684 VolumeSnapshotClass\uff0c\u56e0\u6b64\u60a8\u9700\u8981\u624b\u52a8\u521b\u5efa VolumeSnapshotClass\u3002 \u4ee5\u4e0b\u662f\u4e00\u4e2a HwameiStor \u521b\u5efa VolumeSnapshotClass \u7684\u793a\u4f8b\uff1a
kind: VolumeSnapshotClass\napiVersion: snapshot.storage.k8s.io/v1\nmetadata:\n name: hwameistor-storage-lvm-snapshot\n annotations:\n snapshot.storage.kubernetes.io/is-default-class: \"true\"\nparameters:\n snapsize: \"1073741824\"\ndriver: lvm.hwameistor.io\ndeletionPolicy: Delete\n
\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u68c0\u67e5 VolumeSnapshotClass \u662f\u5426\u521b\u5efa\u6210\u529f\u3002
kubectl get VolumeSnapshotClass\n
\u67e5\u770b\u5df2\u521b\u5efa\u7684 Snapshotclass\uff0c\u5e76\u4e14\u786e\u8ba4 Provisioner \u5c5e\u6027\u540c\u5b58\u50a8\u6c60\u4e2d\u7684 Driver \u5c5e\u6027\u4e00\u81f4\u3002
\u672c\u6587\u5c06\u4ecb\u7ecd\u5982\u4f55\u6784\u5efa\u9700\u8981\u7684\u4e91\u4e3b\u673a\u955c\u50cf\u3002
\u4e91\u4e3b\u673a\u955c\u50cf\u5176\u5b9e\u5c31\u662f\u526f\u672c\u6587\u4ef6\uff0c\u662f\u5b89\u88c5\u6709\u64cd\u4f5c\u7cfb\u7edf\u7684\u4e00\u4e2a\u78c1\u76d8\u5206\u533a\u3002\u5e38\u89c1\u7684\u955c\u50cf\u6587\u4ef6\u683c\u5f0f\u5305\u62ec raw\u3001qcow2\u3001vmdk\u7b49\u3002
"},{"location":"admin/virtnest/vm-image/index.html#_2","title":"\u6784\u5efa\u955c\u50cf","text":"\u4e0b\u9762\u662f\u6784\u5efa\u4e91\u4e3b\u673a\u955c\u50cf\u7684\u4e00\u4e9b\u8be6\u7ec6\u6b65\u9aa4\uff1a
\u4e0b\u8f7d\u7cfb\u7edf\u955c\u50cf
\u5728\u6784\u5efa\u4e91\u4e3b\u673a\u955c\u50cf\u4e4b\u524d\uff0c\u60a8\u9700\u8981\u4e0b\u8f7d\u6240\u9700\u7684\u7cfb\u7edf\u955c\u50cf\u3002\u6211\u4eec\u63a8\u8350\u4f7f\u7528 qcow2\u3001raw \u6216 vmdk \u683c\u5f0f\u7684\u955c\u50cf\u3002\u53ef\u4ee5\u8bbf\u95ee\u4ee5\u4e0b\u94fe\u63a5\u83b7\u53d6 CentOS \u548c Fedora \u7684\u955c\u50cf\uff1a
\u6784\u5efa Docker \u955c\u50cf\u5e76\u63a8\u9001\u5230\u5bb9\u5668\u955c\u50cf\u4ed3\u5e93
\u5728\u6b64\u6b65\u9aa4\u4e2d\uff0c\u6211\u4eec\u5c06\u4f7f\u7528 Docker \u6784\u5efa\u4e00\u4e2a\u955c\u50cf\uff0c\u5e76\u5c06\u5176\u63a8\u9001\u5230\u5bb9\u5668\u955c\u50cf\u4ed3\u5e93\uff0c\u4ee5\u4fbf\u5728\u9700\u8981\u65f6\u80fd\u591f\u65b9\u4fbf\u5730\u90e8\u7f72\u548c\u4f7f\u7528\u3002
\u521b\u5efa Dockerfile \u6587\u4ef6
FROM scratch\nADD --chown=107:107 CentOS-7-x86_64-GenericCloud.qcow2 /disk/\n
\u5411\u57fa\u4e8e\u7a7a\u767d\u955c\u50cf\u6784\u5efa\u7684\u955c\u50cf\u4e2d\u6dfb\u52a0\u540d\u4e3a CentOS-7-x86_64-GenericCloud.qcow2
\u7684\u6587\u4ef6\uff0c\u5e76\u5c06\u5176\u653e\u7f6e\u5728\u955c\u50cf\u4e2d\u7684 /disk/ \u76ee\u5f55\u4e0b\u3002\u901a\u8fc7\u8fd9\u4e2a\u64cd\u4f5c\uff0c\u955c\u50cf\u5c31\u5305\u542b\u4e86\u8fd9\u4e2a\u6587\u4ef6\uff0c\u53ef\u4ee5\u5728\u521b\u5efa\u4e91\u4e3b\u673a\u65f6\u4f7f\u7528\u5b83\u6765\u63d0\u4f9b CentOS 7 x86_64 \u7684\u64cd\u4f5c\u7cfb\u7edf\u73af\u5883\u3002
\u6784\u5efa\u955c\u50cf
docker build -t release-ci.daocloud.io/ghippo/kubevirt-demo/centos7:v1 .\n
\u4e0a\u8ff0\u547d\u4ee4\u5c06\u4f7f\u7528 Dockerfile \u4e2d\u7684\u6307\u4ee4\u6784\u5efa\u4e00\u4e2a\u540d\u4e3a release-ci.daocloud.io/ghippo/kubevirt-demo/centos7:v1
\u7684\u955c\u50cf\u3002\u60a8\u53ef\u4ee5\u6839\u636e\u9879\u76ee\u9700\u6c42\u4fee\u6539\u955c\u50cf\u540d\u79f0\u3002
\u63a8\u9001\u955c\u50cf\u81f3\u5bb9\u5668\u955c\u50cf\u4ed3\u5e93
\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u5c06\u6784\u5efa\u597d\u7684\u955c\u50cf\u63a8\u9001\u5230\u540d\u4e3a release-ci.daocloud.io
\u7684\u955c\u50cf\u4ed3\u5e93\uff0c\u60a8\u8fd8\u53ef\u4ee5\u6839\u636e\u9700\u8981\u4fee\u6539\u955c\u50cf\u4ed3\u5e93\u7684\u540d\u79f0\u548c\u5730\u5740\u3002
docker push release-ci.daocloud.io/ghippo/kubevirt-demo/centos7:v1\n
\u4ee5\u4e0a\u662f\u6784\u5efa\u4e91\u4e3b\u673a\u955c\u50cf\u7684\u8be6\u7ec6\u6b65\u9aa4\u548c\u8bf4\u660e\u3002\u901a\u8fc7\u6309\u7167\u8fd9\u4e9b\u6b65\u9aa4\u64cd\u4f5c\uff0c\u60a8\u5c06\u80fd\u591f\u6210\u529f\u6784\u5efa\u5e76\u63a8\u9001\u7528\u4e8e\u4e91\u4e3b\u673a\u7684\u955c\u50cf\uff0c\u4ee5\u6ee1\u8db3\u60a8\u7684\u4f7f\u7528\u9700\u6c42\u3002
"},{"location":"end-user/index.html","title":"\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0 - \u7ec8\u7aef\u7528\u6237","text":"\u8fd9\u662f\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u9762\u5411\u7ec8\u7aef\u7528\u6237\u7684\u4f7f\u7528\u6587\u6863\u3002
\u7528\u6237\u6ce8\u518c
\u7528\u6237\u6ce8\u518c\u662f\u4f7f\u7528 AI \u7b97\u529b\u5e73\u53f0\u7684\u7b2c\u4e00\u6b65\u3002
\u4e91\u4e3b\u673a
\u4e91\u4e3b\u673a\u662f\u90e8\u7f72\u5728\u4e91\u7aef\u7684\u865a\u62df\u673a\u3002
\u5bb9\u5668\u7ba1\u7406
\u5bb9\u5668\u7ba1\u7406\u662f AI \u7b97\u529b\u4e2d\u5fc3\u7684\u6838\u5fc3\u6a21\u5757\u3002
\u7b97\u6cd5\u5f00\u53d1
\u7ba1\u7406\u6570\u636e\u96c6\uff0c\u6267\u884c AI \u8bad\u7ec3\u548c\u63a8\u7406\u4efb\u52a1\u3002
\u53ef\u89c2\u6d4b\u6027
\u901a\u8fc7\u4eea\u8868\u76d8\u76d1\u63a7\u96c6\u7fa4\u3001\u8282\u70b9\u3001\u5de5\u4f5c\u8d1f\u8f7d\u72b6\u51b5\u3002
\u4e2a\u4eba\u4e2d\u5fc3
\u5728\u4e2a\u4eba\u4e2d\u5fc3\u8bbe\u7f6e\u5bc6\u7801\u3001\u5bc6\u94a5\u548c\u8bed\u8a00\u3002
\u672c\u6587\u63d0\u4f9b\u4e86\u7b80\u5355\u7684\u64cd\u4f5c\u624b\u518c\u4ee5\u4fbf\u7528\u6237\u4f7f\u7528 AI Lab \u8fdb\u884c\u6570\u636e\u96c6\u3001Notebook\u3001\u4efb\u52a1\u8bad\u7ec3\u7684\u6574\u4e2a\u5f00\u53d1\u3001\u8bad\u7ec3\u6d41\u7a0b\u3002
"},{"location":"end-user/baize/quick-start.html#_2","title":"\u51c6\u5907\u6570\u636e\u96c6","text":"\u70b9\u51fb \u6570\u636e\u7ba1\u7406 -> \u6570\u636e\u96c6 \uff0c\u9009\u62e9 \u521b\u5efa \u6309\u94ae\uff0c\u5206\u522b\u521b\u5efa\u4ee5\u4e0b\u4e09\u4e2a\u6570\u636e\u96c6\u3002
"},{"location":"end-user/baize/quick-start.html#_3","title":"\u6570\u636e\u96c6\uff1a\u8bad\u7ec3\u4ee3\u7801","text":"tensorflow/tf-fashion-mnist-sample
Note
\u76ee\u524d\u4ec5\u652f\u6301\u8bfb\u5199\u6a21\u5f0f\u4e3a ReadWriteMany
\u7684 StorageClass
\uff0c\u8bf7\u4f7f\u7528 NFS \u6216\u8005\u63a8\u8350\u7684 JuiceFS\u3002
\u672c\u6b21\u8bad\u7ec3\u4f7f\u7528\u7684\u6570\u636e\u4e3a https://github.com/zalandoresearch/fashion-mnist.git\uff0c \u8fd9\u662f Fashion-MNIST \u6570\u636e\u96c6\u3002
\u5982\u679c\u662f\u4e2d\u56fd\u5883\u5185\u7684\u7528\u6237\uff0c\u53ef\u4ee5\u4f7f\u7528 Gitee \u52a0\u901f\uff1ahttps://gitee.com/samzong_lu/fashion-mnist.git
Note
\u5982\u679c\u672a\u521b\u5efa\u8bad\u7ec3\u6570\u636e\u7684\u6570\u636e\u96c6\uff0c\u901a\u8fc7\u8bad\u7ec3\u811a\u672c\u4e5f\u4f1a\u81ea\u52a8\u4e0b\u8f7d\uff1b\u63d0\u524d\u51c6\u5907\u8bad\u7ec3\u6570\u636e\u53ef\u4ee5\u63d0\u9ad8\u8bad\u7ec3\u901f\u5ea6\u3002
"},{"location":"end-user/baize/quick-start.html#_5","title":"\u6570\u636e\u96c6\uff1a\u7a7a\u6570\u636e\u96c6","text":"AI Lab \u652f\u6301\u5c06 PVC
\u4f5c\u4e3a\u6570\u636e\u96c6\u7684\u6570\u636e\u6e90\u7c7b\u578b\uff0c\u6240\u4ee5\u521b\u5efa\u4e00\u4e2a\u7a7a PVC \u7ed1\u5b9a\u5230\u6570\u636e\u96c6\u540e\uff0c\u53ef\u5c06\u7a7a\u6570\u636e\u96c6\u4f5c\u4e3a\u5b58\u653e\u540e\u7eed\u8bad\u7ec3\u4efb\u52a1\u7684\u8f93\u51fa\u6570\u636e\u96c6\uff0c\u5b58\u653e\u6a21\u578b\u548c\u65e5\u5fd7\u3002
\u811a\u672c\u5728\u8fd0\u884c\u65f6\uff0c\u9700\u8981\u4f9d\u8d56 Tensorflow
\u7684 Python \u5e93\uff0c\u53ef\u4ee5\u4f7f\u7528 AI Lab \u7684\u73af\u5883\u4f9d\u8d56\u7ba1\u7406\u529f\u80fd\uff0c\u63d0\u524d\u5c06\u9700\u8981\u7684 Python \u5e93\u4e0b\u8f7d\u548c\u51c6\u5907\u5b8c\u6210\uff0c\u65e0\u9700\u4f9d\u8d56\u955c\u50cf\u6784\u5efa
\u53c2\u8003\u73af\u5883\u4f9d\u8d56 \u7684\u64cd\u4f5c\u65b9\u5f0f\uff0c\u6dfb\u52a0\u4e00\u4e2a CONDA
\u73af\u5883.
name: tensorflow\nchannels:\n - defaults\n - conda-forge\ndependencies:\n - python=3.12\n - tensorflow\nprefix: /opt/conda/envs/tensorflow\n
Note
\u7b49\u5f85\u73af\u5883\u9884\u70ed\u6210\u529f\u540e\uff0c\u53ea\u9700\u8981\u5c06\u6b64\u73af\u5883\u6302\u8f7d\u5230 Notebook\u3001\u8bad\u7ec3\u4efb\u52a1\u4e2d\uff0c\u4f7f\u7528 AI Lab \u63d0\u4f9b\u7684\u57fa\u7840\u955c\u50cf\u5c31\u53ef\u4ee5
"},{"location":"end-user/baize/quick-start.html#notebook","title":"\u4f7f\u7528 Notebook \u8c03\u8bd5\u811a\u672c","text":"\u51c6\u5907\u5f00\u53d1\u73af\u5883\uff0c\u70b9\u51fb\u5bfc\u822a\u680f\u7684 Notebooks \uff0c\u70b9\u51fb \u521b\u5efa \u3002
\u5c06\u51c6\u5907\u597d\u7684\u4e09\u4e2a\u6570\u636e\u96c6\u8fdb\u884c\u5173\u8054\uff0c\u6302\u8f7d\u8def\u5f84\u8bf7\u53c2\u7167\u4e0b\u56fe\u586b\u5199\uff0c\u6ce8\u610f\u5c06\u9700\u8981\u4f7f\u7528\u7684\u7a7a\u6570\u636e\u96c6\u5728 \u8f93\u51fa\u6570\u636e\u96c6\u4f4d\u7f6e\u914d\u7f6e
\u9009\u62e9\u5e76\u7ed1\u5b9a\u73af\u5883\u4f9d\u8d56\u5305
\u7b49\u5f85 Notebook \u521b\u5efa\u6210\u529f\uff0c\u70b9\u51fb\u5217\u8868\u4e2d\u7684\u8bbf\u95ee\u5730\u5740\uff0c\u8fdb\u5165 Notebook\u3002\u5e76\u5728 Notebook \u7684\u7ec8\u7aef\u4e2d\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u8fdb\u884c\u4efb\u52a1\u8bad\u7ec3\u3002
Note
\u811a\u672c\u4f7f\u7528 Tensorflow\uff0c\u5982\u679c\u5fd8\u8bb0\u5173\u8054\u4f9d\u8d56\u5e93\uff0c\u4e5f\u53ef\u4ee5\u4e34\u65f6\u7528 pip install tensorflow
\u5b89\u88c5\u3002
python /home/jovyan/code/tensorflow/tf-fashion-mnist-sample/train.py\n
Tensorflow
\u5355\u673a\u4efb\u52a1\u5728\u4efb\u52a1\u8d44\u6e90\u914d\u7f6e\u4e2d\uff0c\u6b63\u786e\u914d\u7f6e\u4efb\u52a1\u8d44\u6e90\u540e\uff0c\u70b9\u51fb \u4e0b\u4e00\u6b65
tensorflow
\u7684 Python \u5e93bash
\u5373\u53ef\u542f\u7528\u547d\u4ee4\uff1a
python /home/jovyan/code/tensorflow/tf-fashion-mnist-sample/train.py\n
\u5728\u9ad8\u7ea7\u914d\u7f6e\u4e2d\uff0c\u542f\u7528 \u4efb\u52a1\u5206\u6790\uff08Tensorboard\uff09 \uff0c\u70b9\u51fb \u786e\u5b9a \u3002
Note
\u65e5\u5fd7\u6240\u5728\u4f4d\u7f6e\u4e3a\u8f93\u51fa\u6570\u636e\u96c6\u7684 /home/jovyan/model/train/logs/
\u8fd4\u56de\u8bad\u7ec3\u4efb\u52a1\u5217\u8868\uff0c\u7b49\u5230\u72b6\u6001\u53d8\u4e3a \u6210\u529f \u3002\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507 \uff0c\u53ef\u4ee5\u67e5\u770b\u8be6\u60c5\u3001\u514b\u9686\u4efb\u52a1\u3001\u66f4\u65b0\u4f18\u5148\u7ea7\u3001\u67e5\u770b\u65e5\u5fd7\u548c\u5220\u9664\u7b49\u64cd\u4f5c\u3002
\u6210\u529f\u521b\u5efa\u4efb\u52a1\u540e\uff0c\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u4efb\u52a1\u5206\u6790 \uff0c\u53ef\u4ee5\u67e5\u770b\u4efb\u52a1\u72b6\u6001\u5e76\u5bf9\u4efb\u52a1\u8bad\u7ec3\u8fdb\u884c\u8c03\u4f18\u3002
AI Lab \u63d0\u4f9b\u6a21\u578b\u5f00\u53d1\u3001\u8bad\u7ec3\u4ee5\u53ca\u63a8\u7406\u8fc7\u7a0b\u6240\u6709\u9700\u8981\u7684\u6570\u636e\u96c6\u7ba1\u7406\u529f\u80fd\u3002\u76ee\u524d\u652f\u6301\u5c06\u591a\u79cd\u6570\u636e\u6e90\u7edf\u4e00\u63a5\u5165\u80fd\u529b\u3002
\u901a\u8fc7\u7b80\u5355\u914d\u7f6e\u5373\u53ef\u5c06\u6570\u636e\u6e90\u63a5\u5165\u5230 AI Lab \u4e2d\uff0c\u5b9e\u73b0\u6570\u636e\u7684\u7edf\u4e00\u7eb3\u7ba1\u3001\u9884\u70ed\u3001\u6570\u636e\u96c6\u7ba1\u7406\u7b49\u529f\u80fd\u3002
"},{"location":"end-user/baize/dataset/create-use-delete.html#_2","title":"\u521b\u5efa\u6570\u636e\u96c6","text":"\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u4e2d\u70b9\u51fb \u6570\u636e\u7ba1\u7406 -> \u6570\u636e\u96c6\u5217\u8868 \uff0c\u70b9\u51fb\u53f3\u4fa7\u7684 \u521b\u5efa \u6309\u94ae\u3002
\u9009\u62e9\u6570\u636e\u96c6\u5f52\u5c5e\u7684\u5de5\u4f5c\u96c6\u7fa4\u3001\u547d\u540d\u7a7a\u95f4 \u4e0b\u4e00\u6b65 \u3002
\u914d\u7f6e\u76ee\u6807\u6570\u636e\u7684\u6570\u636e\u6e90\u7c7b\u578b\uff0c\u7136\u540e\u70b9\u51fb \u786e\u5b9a \u3002
\u76ee\u524d\u652f\u6301\u8fd9\u51e0\u79cd\u6570\u636e\u6e90\uff1a
\u6570\u636e\u96c6\u521b\u5efa\u6210\u529f\u5c06\u8fd4\u56de\u6570\u636e\u96c6\u5217\u8868\u3002\u4f60\u53ef\u4ee5\u901a\u8fc7\u53f3\u4fa7\u7684 \u2507 \u6267\u884c\u66f4\u591a\u64cd\u4f5c\u3002
Info
\u7cfb\u7edf\u81ea\u52a8\u4f1a\u5728\u6570\u636e\u96c6\u521b\u5efa\u6210\u529f\u540e\uff0c\u7acb\u5373\u8fdb\u884c\u4e00\u6b21\u6027\u7684\u6570\u636e\u9884\u52a0\u8f7d\uff1b\u5728\u9884\u52a0\u8f7d\u5b8c\u6210\u4e4b\u524d\uff0c\u6570\u636e\u96c6\u4e0d\u53ef\u4ee5\u4f7f\u7528\u3002
"},{"location":"end-user/baize/dataset/create-use-delete.html#_3","title":"\u6570\u636e\u96c6\u4f7f\u7528","text":"\u6570\u636e\u96c6\u521b\u5efa\u6210\u529f\u540e\uff0c\u53ef\u4ee5\u5728\u6a21\u578b\u8bad\u7ec3\u3001\u63a8\u7406\u7b49\u4efb\u52a1\u4e2d\u4f7f\u7528\u3002
"},{"location":"end-user/baize/dataset/create-use-delete.html#notebook","title":"\u5728 Notebook \u4e2d\u4f7f\u7528","text":"\u5728\u521b\u5efa Notebook \u4e2d\uff0c\u53ef\u4ee5\u76f4\u63a5\u4f7f\u7528\u6570\u636e\u96c6\uff1b\u4f7f\u7528\u65b9\u5f0f\u5982\u4e0b\uff1a
\u5982\u679c\u53d1\u73b0\u6570\u636e\u96c6\u5197\u4f59\u3001\u8fc7\u671f\u6216\u56e0\u5176\u4ed6\u7f18\u6545\u4e0d\u518d\u9700\u8981\uff0c\u53ef\u4ee5\u4ece\u6570\u636e\u96c6\u5217\u8868\u4e2d\u5220\u9664\u3002
\u5728\u6570\u636e\u96c6\u5217\u8868\u53f3\u4fa7\u70b9\u51fb \u2507 \uff0c\u5728\u5f39\u51fa\u83dc\u5355\u4e2d\u9009\u62e9 \u5220\u9664 \u3002
\u5728\u5f39\u7a97\u4e2d\u786e\u8ba4\u8981\u5220\u9664\u7684\u6570\u636e\u96c6\uff0c\u8f93\u5165\u6570\u636e\u96c6\u540d\u79f0\u540e\u70b9\u51fb \u5220\u9664 \u3002
\u5c4f\u5e55\u63d0\u793a\u5220\u9664\u6210\u529f\uff0c\u8be5\u6570\u636e\u96c6\u4ece\u5217\u8868\u4e2d\u6d88\u5931\u3002
Caution
\u6570\u636e\u96c6\u4e00\u65e6\u5220\u9664\u5c06\u4e0d\u53ef\u6062\u590d\uff0c\u8bf7\u8c28\u614e\u64cd\u4f5c\u3002
"},{"location":"end-user/baize/dataset/environments.html","title":"\u7ba1\u7406\u73af\u5883","text":"\u672c\u6587\u8bf4\u660e\u5982\u4f55\u5728 AI Lab \u4e2d\u7ba1\u7406\u4f60\u7684\u73af\u5883\u4f9d\u8d56\u5e93\uff0c\u4ee5\u4e0b\u662f\u5177\u4f53\u64cd\u4f5c\u6b65\u9aa4\u548c\u6ce8\u610f\u4e8b\u9879\u3002
\u4f20\u7edf\u65b9\u5f0f\uff0c\u4e00\u822c\u4f1a\u5c06 Python \u73af\u5883\u4f9d\u8d56\u5728\u955c\u50cf\u4e2d\u6784\u5efa\uff0c\u955c\u50cf\u5e26\u6709 Python \u7248\u672c\u548c\u4f9d\u8d56\u5305\u7684\u955c\u50cf\uff0c\u7ef4\u62a4\u6210\u672c\u8f83\u9ad8\u4e14\u66f4\u65b0\u4e0d\u65b9\u4fbf\uff0c\u5f80\u5f80\u9700\u8981\u91cd\u65b0\u6784\u5efa\u955c\u50cf\u3002
\u800c\u5728 AI Lab \u4e2d\uff0c\u7528\u6237\u53ef\u4ee5\u901a\u8fc7 \u73af\u5883\u7ba1\u7406 \u6a21\u5757\u6765\u7ba1\u7406\u7eaf\u7cb9\u7684\u73af\u5883\u4f9d\u8d56\uff0c\u5c06\u8fd9\u90e8\u5206\u4ece\u955c\u50cf\u4e2d\u89e3\u8026\uff0c\u5e26\u6765\u7684\u4f18\u52bf\u6709\uff1a
\u4ee5\u4e0b\u4e3a\u73af\u5883\u7ba1\u7406\u7684\u4e3b\u8981\u7ec4\u6210\u90e8\u5206\uff1a
\u5728 \u73af\u5883\u7ba1\u7406 \u754c\u9762\uff0c\u70b9\u51fb\u53f3\u4e0a\u89d2\u7684 \u521b\u5efa \u6309\u94ae\uff0c\u8fdb\u5165\u521b\u5efa\u73af\u5883\u7684\u6d41\u7a0b\u3002
\u5b57\u6bb5 \u63cf\u8ff0 \u4e3e\u4f8b\u503c \u540d\u79f0 \u8f93\u5165\u73af\u5883\u7684\u540d\u79f0\uff0c\u957f\u5ea6\u4e3a 2-63 \u4e2a\u5b57\u7b26\uff0c\u5fc5\u987b\u4ee5\u5c0f\u5199\u5b57\u6bcd\u3001\u6570\u5b57\u5f00\u5934\u548c\u7ed3\u5c3e\u3002 my-environment \u90e8\u7f72\u4f4d\u7f6e \u96c6\u7fa4 \uff1a\u9009\u62e9\u9700\u8981\u90e8\u7f72\u7684\u96c6\u7fa4gpu-cluster
\u547d\u540d\u7a7a\u95f4 \uff1a\u9009\u62e9\u547d\u540d\u7a7a\u95f4 default
\u5907\u6ce8 \u586b\u5199\u5907\u6ce8\u4fe1\u606f\u3002 \u8fd9\u662f\u4e00\u4e2a\u6d4b\u8bd5\u73af\u5883 \u6807\u7b7e \u4e3a\u73af\u5883\u6dfb\u52a0\u6807\u7b7e\u3002 env:test \u6ce8\u89e3 \u4e3a\u73af\u5883\u6dfb\u52a0\u6ce8\u89e3\u3002\u586b\u5199\u5b8c\u6210\u540e\uff0c\u70b9\u51fb \u4e0b\u4e00\u6b65 \u8fdb\u5165\u73af\u5883\u914d\u7f6e\u3002 \u6ce8\u89e3\u793a\u4f8b"},{"location":"end-user/baize/dataset/environments.html#_4","title":"\u914d\u7f6e\u73af\u5883","text":"\u5728\u73af\u5883\u914d\u7f6e\u6b65\u9aa4\u4e2d\uff0c\u7528\u6237\u9700\u8981\u914d\u7f6e Python \u7248\u672c\u548c\u4f9d\u8d56\u5305\u7ba1\u7406\u5de5\u5177\u3002
\u5b57\u6bb5 \u63cf\u8ff0 \u4e3e\u4f8b\u503c Python \u7248\u672c \u9009\u62e9\u6240\u9700\u7684 Python \u7248\u672c 3.12.3 \u5305\u7ba1\u7406\u5668 \u9009\u62e9\u5305\u7ba1\u7406\u5de5\u5177\uff0c\u53ef\u9009PIP
\u6216 CONDA
PIP Environment Data \u5982\u679c\u9009\u62e9 PIP
\uff1a\u5728\u4e0b\u65b9\u7f16\u8f91\u5668\u4e2d\u8f93\u5165 requirements.txt
\u683c\u5f0f\u7684\u4f9d\u8d56\u5305\u5217\u8868\u3002 numpy==1.21.0 \u5982\u679c\u9009\u62e9 CONDA
\uff1a\u5728\u4e0b\u65b9\u7f16\u8f91\u5668\u4e2d\u8f93\u5165 environment.yaml
\u683c\u5f0f\u7684\u4f9d\u8d56\u5305\u5217\u8868\u3002 \u5176\u4ed6\u9009\u9879 pip \u989d\u5916\u7d22\u5f15\u5730\u5740 \uff1a\u914d\u7f6e pip \u989d\u5916\u7684\u7d22\u5f15\u5730\u5740\uff1b\u9002\u7528\u4e8e\u4f01\u4e1a\u5185\u90e8\u6709\u81ea\u5df1\u7684\u79c1\u6709\u4ed3\u5e93\u6216\u8005 PIP \u52a0\u901f\u7ad9\u70b9\u3002 https://pypi.example.com
GPU \u914d\u7f6e \uff1a\u542f\u7528\u6216\u7981\u7528 GPU \u914d\u7f6e\uff1b\u90e8\u5206\u6d89\u53ca\u5230 GPU \u7684\u4f9d\u8d56\u5305\u9700\u8981\u5728\u9884\u52a0\u8f7d\u65f6\u914d\u7f6e GPU \u8d44\u6e90\u3002 \u542f\u7528 \u5173\u8054\u5b58\u50a8 \uff1a\u9009\u62e9\u5173\u8054\u7684\u5b58\u50a8\u914d\u7f6e\uff1b\u73af\u5883\u4f9d\u8d56\u5305\u4f1a\u5b58\u50a8\u5728\u5173\u8054\u5b58\u50a8\u4e2d\u3002\u6ce8\u610f\uff1a\u9700\u8981\u4f7f\u7528\u652f\u6301 ReadWriteMany
\u7684\u5b58\u50a8\u3002 my-storage-config \u914d\u7f6e\u5b8c\u6210\u540e\uff0c\u70b9\u51fb \u521b\u5efa \u6309\u94ae\uff0c\u7cfb\u7edf\u4f1a\u81ea\u52a8\u521b\u5efa\u5e76\u914d\u7f6e\u65b0\u7684 Python \u73af\u5883\u3002
"},{"location":"end-user/baize/dataset/environments.html#_5","title":"\u6545\u969c\u6392\u9664","text":"\u5982\u679c\u73af\u5883\u521b\u5efa\u5931\u8d25\uff1a
\u5982\u679c\u4f9d\u8d56\u9884\u70ed\u5931\u8d25\uff1a
requirements.txt
\u6216 environment.yaml
\u6587\u4ef6\u683c\u5f0f\u662f\u5426\u6b63\u786e\u3002 \u4ee5\u4e0a\u5373\u4e3a\u5728 AI Lab \u4e2d\u7ba1\u7406 Python \u4f9d\u8d56\u5e93\u7684\u57fa\u672c\u64cd\u4f5c\u6b65\u9aa4\u548c\u6ce8\u610f\u4e8b\u9879\u3002
"},{"location":"end-user/baize/inference/models.html","title":"\u4e86\u89e3\u6a21\u578b\u652f\u6301\u60c5\u51b5","text":"\u968f\u7740 AI Lab \u7684\u5feb\u901f\u8fed\u4ee3\uff0c\u6211\u4eec\u5df2\u7ecf\u652f\u6301\u4e86\u591a\u79cd\u6a21\u578b\u7684\u63a8\u7406\u670d\u52a1\uff0c\u60a8\u53ef\u4ee5\u5728\u8fd9\u91cc\u770b\u5230\u6240\u652f\u6301\u7684\u6a21\u578b\u4fe1\u606f\u3002
LLama
\u3001Qwen
\u3001ChatGLM
\u7b49\u3002\u60a8\u53ef\u4ee5\u5728 AI Lab \u4e2d\u4f7f\u7528\u7ecf\u8fc7\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u9a8c\u8bc1\u8fc7\u7684 GPU \u7c7b\u578b\uff1b \u66f4\u591a\u7ec6\u8282\u53c2\u9605 GPU \u652f\u6301\u77e9\u9635\u3002
"},{"location":"end-user/baize/inference/models.html#triton-inference-server","title":"Triton Inference Server","text":"\u901a\u8fc7 Triton Inference Server \u53ef\u4ee5\u5f88\u597d\u7684\u652f\u6301\u4f20\u7edf\u7684\u6df1\u5ea6\u5b66\u4e60\u6a21\u578b\uff0c\u6211\u4eec\u76ee\u524d\u652f\u6301\u4e3b\u6d41\u7684\u63a8\u7406\u540e\u7aef\u670d\u52a1\uff1a
Backend \u652f\u6301\u6a21\u578b\u683c\u5f0f \u4ecb\u7ecd pytorch TorchScript\u3001PyTorch 2.0 \u683c\u5f0f\u7684\u6a21\u578b triton-inference-server/pytorch_backend tensorflow TensorFlow 2.x triton-inference-server/tensorflow_backend vLLM(Deprecated) \u4e0e vLLM \u4e00\u81f4 \u652f\u6301\u7684\u6a21\u578b\u548c vLLM support Model \u4e00\u81f4Danger
\u4f7f\u7528 Triton \u7684 Backend vLLM \u7684\u65b9\u5f0f\u5df2\u88ab\u5f03\u7528\uff0c\u63a8\u8350\u4f7f\u7528\u6700\u65b0\u652f\u6301 vLLM \u6765\u90e8\u7f72\u60a8\u7684\u5927\u8bed\u8a00\u6a21\u578b\u3002
"},{"location":"end-user/baize/inference/models.html#vllm","title":"vLLM","text":"\u901a\u8fc7 vLLM \u6211\u4eec\u53ef\u4ee5\u5f88\u5feb\u7684\u4f7f\u7528\u5927\u8bed\u8a00\u6a21\u578b\uff0c\u60a8\u53ef\u4ee5\u5728\u8fd9\u91cc\u770b\u5230\u6211\u4eec\u652f\u6301\u7684\u6a21\u578b\u5217\u8868\uff0c\u8fd9\u901a\u5e38\u548c vLLM Support Models
\u4fdd\u6301\u4e00\u81f4\u3002
\u76ee\u524d\uff0cAI Lab \u8fd8\u652f\u6301\u5728\u4f7f\u7528 vLLM \u4f5c\u4e3a\u63a8\u7406\u5de5\u5177\u65f6\u7684\u4e00\u4e9b\u65b0\u7279\u6027\uff1a
Lora Adapter
\u6765\u4f18\u5316\u6a21\u578b\u63a8\u7406\u670d\u52a1OpenAI
\u7684 OpenAPI
\u63a5\u53e3\uff0c\u65b9\u4fbf\u7528\u6237\u5207\u6362\u5230\u672c\u5730\u63a8\u7406\u670d\u52a1\u65f6\uff0c\u53ef\u4ee5\u4f4e\u6210\u672c\u7684\u5feb\u901f\u5207\u6362AI Lab \u76ee\u524d\u63d0\u4f9b\u4ee5 Triton\u3001vLLM \u4f5c\u4e3a\u63a8\u7406\u6846\u67b6\uff0c\u7528\u6237\u53ea\u9700\u7b80\u5355\u914d\u7f6e\u5373\u53ef\u5feb\u901f\u542f\u52a8\u4e00\u4e2a\u9ad8\u6027\u80fd\u7684\u63a8\u7406\u670d\u52a1\u3002
Danger
\u4f7f\u7528 Triton \u7684 Backend vLLM \u7684\u65b9\u5f0f\u5df2\u88ab\u5f03\u7528\uff0c\u63a8\u8350\u4f7f\u7528\u6700\u65b0\u652f\u6301 vLLM \u6765\u90e8\u7f72\u60a8\u7684\u5927\u8bed\u8a00\u6a21\u578b\u3002
"},{"location":"end-user/baize/inference/triton-inference.html#triton_1","title":"Triton\u4ecb\u7ecd","text":"Triton \u662f\u7531 NVIDIA \u5f00\u53d1\u7684\u4e00\u4e2a\u5f00\u6e90\u63a8\u7406\u670d\u52a1\u5668\uff0c\u65e8\u5728\u7b80\u5316\u673a\u5668\u5b66\u4e60\u6a21\u578b\u7684\u90e8\u7f72\u548c\u63a8\u7406\u670d\u52a1\u3002\u5b83\u652f\u6301\u591a\u79cd\u6df1\u5ea6\u5b66\u4e60\u6846\u67b6\uff0c\u5305\u62ec TensorFlow\u3001PyTorch \u7b49\uff0c\u4f7f\u5f97\u7528\u6237\u80fd\u591f\u8f7b\u677e\u7ba1\u7406\u548c\u90e8\u7f72\u4e0d\u540c\u7c7b\u578b\u7684\u6a21\u578b\u3002
"},{"location":"end-user/baize/inference/triton-inference.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u51c6\u5907\u6a21\u578b\u6570\u636e\uff1a\u5728\u6570\u636e\u96c6\u7ba1\u7406\u4e2d\u7eb3\u7ba1\u6a21\u578b\u4ee3\u7801\uff0c\u5e76\u4fdd\u8bc1\u6570\u636e\u6210\u529f\u9884\u52a0\u8f7d\uff0c\u4e0b\u9762\u4ee5 mnist \u624b\u5199\u6570\u5b57\u8bc6\u522b\u7684 PyTorch \u6a21\u578b\u4e3a\u4f8b\u3002
Note
\u5f85\u63a8\u7406\u7684\u6a21\u578b\u5728\u6570\u636e\u96c6\u4e2d\u9700\u8981\u9075\u4ee5\u4e0b\u76ee\u5f55\u683c\u5f0f\uff1a
<model-repository-name>\n \u2514\u2500\u2500 <model-name>\n \u2514\u2500\u2500 <version>\n \u2514\u2500\u2500 <model-definition-file>\n
\u672c\u4f8b\u4e2d\u7684\u76ee\u5f55\u683c\u5f0f\u4e3a\uff1a
model-repo\n \u2514\u2500\u2500 mnist-cnn\n \u2514\u2500\u2500 1\n \u2514\u2500\u2500 model.pt\n
"},{"location":"end-user/baize/inference/triton-inference.html#_2","title":"\u521b\u5efa\u63a8\u7406\u670d\u52a1","text":"\u76ee\u524d\u5df2\u7ecf\u652f\u6301\u8868\u5355\u521b\u5efa\uff0c\u53ef\u4ee5\u754c\u9762\u5b57\u6bb5\u63d0\u793a\uff0c\u8fdb\u884c\u670d\u52a1\u521b\u5efa\u3002
"},{"location":"end-user/baize/inference/triton-inference.html#_3","title":"\u914d\u7f6e\u6a21\u578b\u8def\u5f84","text":"\u6a21\u578b\u8def\u5f84 model-repo/mnist-cnn/1/model.pt
\u9700\u8981\u548c\u6570\u636e\u96c6\u4e2d\u7684\u6a21\u578b\u76ee\u5f55\u683c\u5f0f\u4e00\u81f4\u3002
Note
\u8f93\u5165\u548c\u8f93\u51fa\u53c2\u6570\u7684\u7b2c\u4e00\u4e2a\u7ef4\u5ea6\u9ed8\u8ba4\u4e3a batchsize
\u7684\u5927\u5c0f\uff0c\u8bbe\u7f6e\u4e3a -1
\u53ef\u4ee5\u6839\u636e\u8f93\u5165\u7684\u63a8\u7406\u6570\u636e\u81ea\u52a8\u8ba1\u7b97 batchsize\u3002\u53c2\u6570\u5176\u4f59\u7ef4\u5ea6\u548c\u6570\u636e\u7c7b\u578b\u9700\u8981\u4e0e\u6a21\u578b\u8f93\u5165\u5339\u914d\u3002
\u53ef\u4ee5\u5bfc\u5165 \u73af\u5883\u7ba1\u7406 \u4e2d\u521b\u5efa\u7684\u73af\u5883\u4f5c\u4e3a\u63a8\u7406\u65f6\u7684\u8fd0\u884c\u73af\u5883\u3002
"},{"location":"end-user/baize/inference/triton-inference.html#_7","title":"\u9ad8\u7ea7\u914d\u7f6e","text":""},{"location":"end-user/baize/inference/triton-inference.html#_8","title":"\u914d\u7f6e\u8ba4\u8bc1\u7b56\u7565","text":"\u652f\u6301 API key
\u7684\u8bf7\u6c42\u65b9\u5f0f\u8ba4\u8bc1\uff0c\u7528\u6237\u53ef\u4ee5\u81ea\u5b9a\u4e49\u589e\u52a0\u8ba4\u8bc1\u53c2\u6570\u3002
\u652f\u6301 \u6839\u636e GPU \u8d44\u6e90\u7b49\u8282\u70b9\u914d\u7f6e\u5b9e\u73b0\u81ea\u52a8\u5316\u7684\u4eb2\u548c\u6027\u8c03\u5ea6\uff0c\u540c\u65f6\u4e5f\u65b9\u4fbf\u7528\u6237\u81ea\u5b9a\u4e49\u8c03\u5ea6\u7b56\u7565\u3002
"},{"location":"end-user/baize/inference/triton-inference.html#_10","title":"\u8bbf\u95ee","text":""},{"location":"end-user/baize/inference/triton-inference.html#api","title":"API \u8bbf\u95ee","text":"\u53d1\u9001 HTTP POST \u8bf7\u6c42\uff1a\u4f7f\u7528\u5de5\u5177\u5982 curl
\u6216 HTTP \u5ba2\u6237\u7aef\u5e93\uff08\u5982 Python \u7684 requests
\u5e93\uff09\u5411 Triton Server \u53d1\u9001 POST \u8bf7\u6c42\u3002
\u8bbe\u7f6e HTTP \u5934\uff1a\u6839\u636e\u7528\u6237\u914d\u7f6e\u9879\u81ea\u52a8\u751f\u6210\u7684\u914d\u7f6e\uff0c\u5305\u542b\u6a21\u578b\u8f93\u5165\u548c\u8f93\u51fa\u7684\u5143\u6570\u636e\u3002
\u6784\u5efa\u8bf7\u6c42\u4f53\uff1a\u8bf7\u6c42\u4f53\u901a\u5e38\u5305\u542b\u8981\u8fdb\u884c\u63a8\u7406\u7684\u8f93\u5165\u6570\u636e\uff0c\u4ee5\u53ca\u6a21\u578b\u7279\u5b9a\u7684\u5143\u6570\u636e\u3002
curl -X POST \"http://<ip>:<port>/v2/models/<inference-name>/infer\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"inputs\": [\n {\n \"name\": \"model_input\", \n \"shape\": [1, 1, 32, 32], \n \"datatype\": \"FP32\", \n \"data\": [\n [0.1234, 0.5678, 0.9101, ... ] \n ]\n }\n ]\n }'\n
<ip>
\u662f Triton Inference Server \u8fd0\u884c\u7684\u4e3b\u673a\u5730\u5740\u3002<port>
\u662f Triton Inference Server \u8fd0\u884c\u7684\u4e3b\u673a\u7aef\u53e3\u53f7\u3002<inference-name>
\u662f\u6240\u521b\u5efa\u7684\u63a8\u7406\u670d\u52a1\u7684\u540d\u79f0\u3002\"name\"
\u8981\u4e0e\u6a21\u578b\u914d\u7f6e\u4e2d\u7684\u8f93\u5165\u53c2\u6570\u7684 name
\u4e00\u81f4\u3002\"shape\"
\u8981\u4e0e\u6a21\u578b\u914d\u7f6e\u4e2d\u7684\u8f93\u5165\u53c2\u6570\u7684 dims
\u4e00\u81f4\u3002\"datatype\"
\u8981\u4e0e\u6a21\u578b\u914d\u7f6e\u4e2d\u7684\u8f93\u5165\u53c2\u6570\u7684 Data Type
\u4e00\u81f4\u3002\"data\"
\u66ff\u6362\u4e3a\u5b9e\u9645\u7684\u63a8\u7406\u6570\u636e\u3002\u8bf7\u6ce8\u610f\uff0c\u4e0a\u8ff0\u793a\u4f8b\u4ee3\u7801\u9700\u8981\u6839\u636e\u4f60\u7684\u5177\u4f53\u6a21\u578b\u548c\u73af\u5883\u8fdb\u884c\u8c03\u6574\uff0c\u8f93\u5165\u6570\u636e\u7684\u683c\u5f0f\u548c\u5185\u5bb9\u4e5f\u9700\u8981\u7b26\u5408\u6a21\u578b\u7684\u8981\u6c42\u3002
"},{"location":"end-user/baize/inference/vllm-inference.html","title":"\u521b\u5efa vLLM \u63a8\u7406\u670d\u52a1","text":"AI Lab \u652f\u6301\u4ee5 vLLM \u4f5c\u4e3a\u63a8\u7406\u670d\u52a1\uff0c\u63d0\u4f9b\u5168\u90e8 vLLM \u7684\u80fd\u529b\uff0c\u540c\u65f6\u63d0\u4f9b\u4e86\u5b8c\u5168\u9002\u914d OpenAI \u63a5\u53e3\u5b9a\u4e49\u3002
"},{"location":"end-user/baize/inference/vllm-inference.html#vllm_1","title":"vLLM \u4ecb\u7ecd","text":"vLLM \u662f\u4e00\u4e2a\u5feb\u901f\u4e14\u6613\u4e8e\u4f7f\u7528\u7684\u7528\u4e8e\u63a8\u7406\u548c\u670d\u52a1\u7684\u5e93\uff0cvLLM \u65e8\u5728\u6781\u5927\u5730\u63d0\u5347\u5b9e\u65f6\u573a\u666f\u4e0b\u7684\u8bed\u8a00\u6a21\u578b\u670d\u52a1\u7684\u541e\u5410\u4e0e\u5185\u5b58\u4f7f\u7528\u6548\u7387\u3002vLLM \u5728\u901f\u5ea6\u3001\u7075\u6d3b\u6027\u65b9\u9762\u5177\u6709\u4ee5\u4e0b\u90e8\u5206\u7279\u70b9\uff1a
\u51c6\u5907\u6a21\u578b\u6570\u636e\uff1a\u5728\u6570\u636e\u96c6\u7ba1\u7406\u4e2d\u7eb3\u7ba1\u6a21\u578b\u4ee3\u7801\uff0c\u5e76\u4fdd\u8bc1\u6570\u636e\u6210\u529f\u9884\u52a0\u8f7d\u3002
"},{"location":"end-user/baize/inference/vllm-inference.html#_2","title":"\u521b\u5efa\u63a8\u7406\u670d\u52a1","text":"\u9009\u62e9 vLLM
\u63a8\u7406\u6846\u67b6\uff0c\u5e76\u5728\u9009\u62e9\u6a21\u578b\u6a21\u5757\u9009\u62e9\u63d0\u524d\u521b\u5efa\u597d\u7684\u6a21\u578b\u6570\u636e\u96c6 hdd-models
\u5e76\u586b\u5199\u6570\u636e\u96c6\u4e2d\u6a21\u578b\u6240\u5728\u7684\u8def\u5f84
\u4fe1\u606f\u3002
\u672c\u6587\u63a8\u7406\u670d\u52a1\u7684\u521b\u5efa\u4f7f\u7528 ChatGLM3 \u6a21\u578b\u3002
\u914d\u7f6e\u63a8\u7406\u670d\u52a1\u7684\u8d44\u6e90\uff0c\u5e76\u8c03\u6574\u63a8\u7406\u670d\u52a1\u8fd0\u884c\u7684\u53c2\u6570\u3002
\u53c2\u6570\u540d \u63cf\u8ff0 GPU \u8d44\u6e90 \u6839\u636e\u6a21\u578b\u89c4\u6a21\u4ee5\u53ca\u96c6\u7fa4\u8d44\u6e90\u53ef\u4ee5\u4e3a\u63a8\u7406\u914d\u7f6e GPU \u8d44\u6e90\u3002 \u5141\u8bb8\u8fdc\u7a0b\u4ee3\u7801 \u63a7\u5236 vLLM \u662f\u5426\u4fe1\u4efb\u5e76\u6267\u884c\u6765\u81ea\u8fdc\u7a0b\u6e90\u7684\u4ee3\u7801 LoRA LoRA \u662f\u4e00\u79cd\u9488\u5bf9\u6df1\u5ea6\u5b66\u4e60\u6a21\u578b\u7684\u53c2\u6570\u9ad8\u6548\u8c03\u6574\u6280\u672f\u3002\u5b83\u901a\u8fc7\u5c06\u539f\u59cb\u6a21\u578b\u53c2\u6570\u77e9\u9635\u5206\u89e3\u4e3a\u4f4e\u79e9\u77e9\u9635\uff0c\u4ece\u800c\u51cf\u5c11\u53c2\u6570\u6570\u91cf\u548c\u8ba1\u7b97\u590d\u6742\u5ea6\u3002 1.--lora-modules
\uff1a\u7528\u6765\u6307\u5b9a\u7279\u5b9a\u6a21\u5757\u6216\u5c42\u8fdb\u884c\u4f4e\u79e9\u8fd1\u4f3c 2. max_loras_rank
\uff1a\u7528\u6765\u6307\u5b9a LoRA \u6a21\u578b\u4e2d\u6bcf\u4e2a\u9002\u914d\u5c42\u7684\u6700\u5927\u79e9\uff0c\u5bf9\u4e8e\u7b80\u5355\u7684\u4efb\u52a1\uff0c\u53ef\u4ee5\u9009\u62e9\u8f83\u5c0f\u7684\u79e9\u503c\uff0c\u800c\u5bf9\u4e8e\u590d\u6742\u4efb\u52a1\uff0c\u53ef\u80fd\u9700\u8981\u8f83\u5927\u7684\u79e9\u503c\u6765\u4fdd\u8bc1\u6a21\u578b\u6027\u80fd\u3002 3. max_loras
\uff1a\u8868\u793a\u6a21\u578b\u4e2d\u53ef\u4ee5\u5305\u542b\u7684 LoRA \u5c42\u7684\u6700\u5927\u6570\u91cf\uff0c\u6839\u636e\u6a21\u578b\u5927\u5c0f\u3001\u63a8\u7406\u590d\u6742\u5ea6\u7b49\u56e0\u7d20\u81ea\u5b9a 4. max_cpu_loras
\uff1a\u7528\u4e8e\u6307\u5b9a\u5728 CPU \u73af\u5883\u4e2d\u53ef\u4ee5\u5904\u7406\u7684 LoRA \u5c42\u7684\u6700\u5927\u6570\u3002 \u5173\u8054\u73af\u5883 \u901a\u8fc7\u9009\u62e9\u73af\u5883\u9884\u5b9a\u4e49\u63a8\u7406\u65f6\u6240\u9700\u7684\u73af\u5883\u4f9d\u8d56\u3002 Info
\u652f\u6301\u914d\u7f6e LoRA \u53c2\u6570\u7684\u6a21\u578b\u53ef\u53c2\u8003 vLLM \u652f\u6301\u7684\u6a21\u578b\u3002
\u5728 \u9ad8\u7ea7\u914d\u7f6e \u4e2d\uff0c\u652f\u6301\u6839\u636e GPU \u8d44\u6e90\u7b49\u8282\u70b9\u914d\u7f6e\u5b9e\u73b0\u81ea\u52a8\u5316\u7684\u4eb2\u548c\u6027\u8c03\u5ea6\uff0c\u540c\u65f6\u4e5f\u65b9\u4fbf\u7528\u6237\u81ea\u5b9a\u4e49\u8c03\u5ea6\u7b56\u7565\u3002
\u63a8\u7406\u670d\u52a1\u521b\u5efa\u5b8c\u6210\u4e4b\u540e\uff0c\u70b9\u51fb\u63a8\u7406\u670d\u52a1\u540d\u79f0\u8fdb\u5165\u8be6\u60c5\uff0c\u67e5\u770b API \u8c03\u7528\u65b9\u6cd5\u3002\u901a\u8fc7\u4f7f\u7528 Curl\u3001Python\u3001Nodejs \u7b49\u65b9\u5f0f\u9a8c\u8bc1\u6267\u884c\u7ed3\u679c\u3002
\u62f7\u8d1d\u8be6\u60c5\u4e2d\u7684 curl
\u547d\u4ee4\uff0c\u5e76\u5728\u7ec8\u7aef\u4e2d\u6267\u884c\u547d\u4ee4\u53d1\u9001\u4e00\u6761\u6a21\u578b\u63a8\u7406\u8bf7\u6c42\uff0c\u9884\u671f\u8f93\u51fa\uff1a
\u4efb\u52a1\u7ba1\u7406\u662f\u6307\u901a\u8fc7\u4f5c\u4e1a\u8c03\u5ea6\u548c\u7ba1\u63a7\u7ec4\u4ef6\u6765\u521b\u5efa\u548c\u7ba1\u7406\u4efb\u52a1\u751f\u547d\u5468\u671f\u7684\u529f\u80fd\u3002
AI Lab \u91c7\u7528 Kubernetes \u7684 Job \u673a\u5236\u6765\u8c03\u5ea6\u5404\u9879 AI \u63a8\u7406\u3001\u8bad\u7ec3\u4efb\u52a1\u3002
"},{"location":"end-user/baize/jobs/create.html#_1","title":"\u901a\u7528\u6b65\u9aa4","text":"\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u4e2d\u70b9\u51fb \u4efb\u52a1\u4e2d\u5fc3 -> \u8bad\u7ec3\u4efb\u52a1 \uff0c\u70b9\u51fb\u53f3\u4fa7\u7684 \u521b\u5efa \u6309\u94ae\u3002
\u7cfb\u7edf\u4f1a\u9884\u5148\u586b\u5145\u57fa\u7840\u914d\u7f6e\u6570\u636e\uff0c\u5305\u62ec\u8981\u90e8\u7f72\u7684\u96c6\u7fa4\u3001\u547d\u540d\u7a7a\u95f4\u3001\u4efb\u52a1\u7c7b\u578b\u3001\u961f\u5217\u3001\u4f18\u5148\u7ea7\u7b49\u3002 \u8c03\u6574\u8fd9\u4e9b\u53c2\u6570\u540e\u70b9\u51fb \u4e0b\u4e00\u6b65 \u3002
\u914d\u7f6e\u955c\u50cf\u5730\u5740\u3001\u8fd0\u884c\u53c2\u6570\u4ee5\u53ca\u5173\u8054\u7684\u6570\u636e\u96c6\u3001\u73af\u5883\u548c\u8d44\u6e90\u540e\uff0c\u70b9\u51fb \u4e0b\u4e00\u6b65 \u3002
\u6309\u9700\u6dfb\u52a0\u6807\u7b7e\u3001\u6ce8\u89e3\u3001\u73af\u5883\u53d8\u91cf\u7b49\u4efb\u52a1\u53c2\u6570\uff0c\u9009\u62e9\u8c03\u5ea6\u7b56\u7565\u540e\u70b9\u51fb \u786e\u5b9a \u3002
\u4efb\u52a1\u521b\u5efa\u6210\u529f\u540e\uff0c\u4f1a\u6709\u51e0\u79cd\u8fd0\u884c\u72b6\u6001\uff1a
\u5982\u679c\u53d1\u73b0\u4efb\u52a1\u5197\u4f59\u3001\u8fc7\u671f\u6216\u56e0\u5176\u4ed6\u7f18\u6545\u4e0d\u518d\u9700\u8981\uff0c\u53ef\u4ee5\u4ece\u8bad\u7ec3\u4efb\u52a1\u5217\u8868\u4e2d\u5220\u9664\u3002
\u5728\u8bad\u7ec3\u4efb\u52a1\u5217\u8868\u53f3\u4fa7\u70b9\u51fb \u2507 \uff0c\u5728\u5f39\u51fa\u83dc\u5355\u4e2d\u9009\u62e9 \u5220\u9664 \u3002
\u5728\u5f39\u7a97\u4e2d\u786e\u8ba4\u8981\u5220\u9664\u7684\u4efb\u52a1\uff0c\u8f93\u5165\u4efb\u52a1\u540d\u79f0\u540e\u70b9\u51fb \u5220\u9664 \u3002
\u5c4f\u5e55\u63d0\u793a\u5220\u9664\u6210\u529f\uff0c\u8be5\u4efb\u52a1\u4ece\u5217\u8868\u4e2d\u6d88\u5931\u3002
Caution
\u4efb\u52a1\u4e00\u65e6\u5220\u9664\u5c06\u4e0d\u53ef\u6062\u590d\uff0c\u8bf7\u8c28\u614e\u64cd\u4f5c\u3002
"},{"location":"end-user/baize/jobs/mpi.html","title":"MPI \u4efb\u52a1","text":"MPI\uff08Message Passing Interface\uff09\u662f\u4e00\u79cd\u7528\u4e8e\u5e76\u884c\u8ba1\u7b97\u7684\u901a\u4fe1\u534f\u8bae\uff0c\u5b83\u5141\u8bb8\u591a\u4e2a\u8ba1\u7b97\u8282\u70b9\u4e4b\u95f4\u8fdb\u884c\u6d88\u606f\u4f20\u9012\u548c\u534f\u4f5c\u3002 MPI \u4efb\u52a1\u662f\u4f7f\u7528 MPI \u534f\u8bae\u8fdb\u884c\u5e76\u884c\u8ba1\u7b97\u7684\u4efb\u52a1\uff0c\u9002\u7528\u4e8e\u9700\u8981\u5927\u89c4\u6a21\u5e76\u884c\u5904\u7406\u7684\u5e94\u7528\u573a\u666f\uff0c\u4f8b\u5982\u5206\u5e03\u5f0f\u8bad\u7ec3\u3001\u79d1\u5b66\u8ba1\u7b97\u7b49\u3002
\u5728 AI Lab \u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86 MPI \u4efb\u52a1\u7684\u652f\u6301\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7\u754c\u9762\u5316\u64cd\u4f5c\uff0c\u5feb\u901f\u521b\u5efa MPI \u4efb\u52a1\uff0c\u8fdb\u884c\u9ad8\u6027\u80fd\u7684\u5e76\u884c\u8ba1\u7b97\u3002 \u672c\u6559\u7a0b\u5c06\u6307\u5bfc\u60a8\u5982\u4f55\u5728 AI Lab \u4e2d\u521b\u5efa\u548c\u8fd0\u884c\u4e00\u4e2a MPI \u4efb\u52a1\u3002
"},{"location":"end-user/baize/jobs/mpi.html#_1","title":"\u4efb\u52a1\u914d\u7f6e\u4ecb\u7ecd","text":"MPI
\uff0c\u7528\u4e8e\u8fd0\u884c\u5e76\u884c\u8ba1\u7b97\u4efb\u52a1\u3002\u5728\u8fd9\u91cc\u6211\u4eec\u4f7f\u7528 baize-notebook
\u57fa\u7840\u955c\u50cf\u548c \u5173\u8054\u73af\u5883 \u7684\u65b9\u5f0f\u6765\u4f5c\u4e3a\u4efb\u52a1\u7684\u57fa\u7840\u8fd0\u884c\u73af\u5883\u3002 \u786e\u4fdd\u8fd0\u884c\u73af\u5883\u4e2d\u5305\u542b MPI \u53ca\u76f8\u5173\u5e93\uff0c\u5982 OpenMPI\u3001mpi4py
\u7b49\u3002
\u6ce8\u610f \uff1a\u4e86\u89e3\u5982\u4f55\u521b\u5efa\u73af\u5883\uff0c\u8bf7\u53c2\u8003\u73af\u5883\u5217\u8868\u3002
"},{"location":"end-user/baize/jobs/mpi.html#mpi_1","title":"\u521b\u5efa MPI \u4efb\u52a1","text":""},{"location":"end-user/baize/jobs/mpi.html#mpi_2","title":"MPI \u4efb\u52a1\u521b\u5efa\u6b65\u9aa4","text":"MPI
\uff0c\u7136\u540e\u70b9\u51fb \u4e0b\u4e00\u6b65\u3002mpirun
\uff0c\u8fd9\u662f\u8fd0\u884c MPI \u7a0b\u5e8f\u7684\u547d\u4ee4\u3002\u793a\u4f8b\uff1a\u8fd0\u884c TensorFlow Benchmarks
\u5728\u672c\u793a\u4f8b\u4e2d\uff0c\u6211\u4eec\u5c06\u8fd0\u884c\u4e00\u4e2a TensorFlow \u7684\u57fa\u51c6\u6d4b\u8bd5\u7a0b\u5e8f\uff0c\u4f7f\u7528 Horovod \u8fdb\u884c\u5206\u5e03\u5f0f\u8bad\u7ec3\u3002 \u9996\u5148\uff0c\u786e\u4fdd\u60a8\u4f7f\u7528\u7684\u955c\u50cf\u4e2d\u5305\u542b\u6240\u9700\u7684\u4f9d\u8d56\u9879\uff0c\u4f8b\u5982 TensorFlow\u3001Horovod\u3001Open MPI \u7b49\u3002
\u955c\u50cf\u9009\u62e9 \uff1a\u4f7f\u7528\u5305\u542b TensorFlow \u548c MPI \u7684\u955c\u50cf\uff0c\u4f8b\u5982 mai.daocloud.io/docker.io/mpioperator/tensorflow-benchmarks:latest
\u3002
\u547d\u4ee4\u53c2\u6570 \uff1a
mpirun --allow-run-as-root -np 2 -bind-to none -map-by slot \\\n -x NCCL_DEBUG=INFO -x LD_LIBRARY_PATH -x PATH \\\n -mca pml ob1 -mca btl ^openib \\\n python scripts/tf_cnn_benchmarks/tf_cnn_benchmarks.py \\\n --model=resnet101 --batch_size=64 --variable_update=horovod\n
\u8bf4\u660e \uff1a
mpirun
\uff1aMPI \u7684\u542f\u52a8\u547d\u4ee4\u3002--allow-run-as-root
\uff1a\u5141\u8bb8\u4ee5 root \u7528\u6237\u8fd0\u884c\uff08\u5728\u5bb9\u5668\u4e2d\u901a\u5e38\u662f root \u7528\u6237\uff09\u3002-np 2
\uff1a\u6307\u5b9a\u8fd0\u884c\u7684\u8fdb\u7a0b\u6570\u4e3a 2\u3002-bind-to none
\uff0c-map-by slot
\uff1aMPI \u8fdb\u7a0b\u7ed1\u5b9a\u548c\u6620\u5c04\u7684\u914d\u7f6e\u3002-x NCCL_DEBUG=INFO
\uff1a\u8bbe\u7f6e NCCL\uff08NVIDIA Collective Communication Library\uff09\u7684\u8c03\u8bd5\u4fe1\u606f\u7ea7\u522b\u3002-x LD_LIBRARY_PATH
\uff0c-x PATH
\uff1a\u5728 MPI \u73af\u5883\u4e2d\u4f20\u9012\u5fc5\u8981\u7684\u73af\u5883\u53d8\u91cf\u3002-mca pml ob1 -mca btl ^openib
\uff1aMPI \u7684\u914d\u7f6e\u53c2\u6570\uff0c\u6307\u5b9a\u4f20\u8f93\u5c42\u548c\u6d88\u606f\u5c42\u534f\u8bae\u3002python scripts/tf_cnn_benchmarks/tf_cnn_benchmarks.py
\uff1a\u8fd0\u884c TensorFlow \u57fa\u51c6\u6d4b\u8bd5\u811a\u672c\u3002--model=resnet101
\uff0c--batch_size=64
\uff0c--variable_update=horovod
\uff1aTensorFlow \u811a\u672c\u7684\u53c2\u6570\uff0c\u6307\u5b9a\u6a21\u578b\u3001\u6279\u91cf\u5927\u5c0f\u548c\u4f7f\u7528 Horovod \u8fdb\u884c\u53c2\u6570\u66f4\u65b0\u3002\u5728\u4efb\u52a1\u914d\u7f6e\u4e2d\uff0c\u9700\u8981\u4e3a\u6bcf\u4e2a\u8282\u70b9\uff08Launcher \u548c Worker\uff09\u5206\u914d\u9002\u5f53\u7684\u8d44\u6e90\uff0c\u4f8b\u5982 CPU\u3001\u5185\u5b58\u548c GPU\u3002
\u8d44\u6e90\u793a\u4f8b \uff1a
Launcher\uff08\u542f\u52a8\u5668\uff09 \uff1a
Worker\uff08\u5de5\u4f5c\u8282\u70b9\uff09 \uff1a
\u4ee5\u4e0b\u662f\u5b8c\u6574\u7684 MPIJob \u914d\u7f6e\u793a\u4f8b\uff0c\u4f9b\u60a8\u53c2\u8003\u3002
apiVersion: kubeflow.org/v1\nkind: MPIJob\nmetadata:\n name: tensorflow-benchmarks\nspec:\n slotsPerWorker: 1\n runPolicy:\n cleanPodPolicy: Running\n mpiReplicaSpecs:\n Launcher:\n replicas: 1\n template:\n spec:\n containers:\n - name: tensorflow-benchmarks\n image: mai.daocloud.io/docker.io/mpioperator/tensorflow-benchmarks:latest\n command:\n - mpirun\n - --allow-run-as-root\n - -np\n - \"2\"\n - -bind-to\n - none\n - -map-by\n - slot\n - -x\n - NCCL_DEBUG=INFO\n - -x\n - LD_LIBRARY_PATH\n - -x\n - PATH\n - -mca\n - pml\n - ob1\n - -mca\n - btl\n - ^openib\n - python\n - scripts/tf_cnn_benchmarks/tf_cnn_benchmarks.py\n - --model=resnet101\n - --batch_size=64\n - --variable_update=horovod\n resources:\n limits:\n cpu: \"2\"\n memory: 4Gi\n requests:\n cpu: \"2\"\n memory: 4Gi\n Worker:\n replicas: 2\n template:\n spec:\n containers:\n - name: tensorflow-benchmarks\n image: mai.daocloud.io/docker.io/mpioperator/tensorflow-benchmarks:latest\n resources:\n limits:\n cpu: \"2\"\n memory: 4Gi\n nvidia.com/gpumem: 1k\n nvidia.com/vgpu: \"1\"\n requests:\n cpu: \"2\"\n memory: 4Gi\n
\u914d\u7f6e\u89e3\u6790 \uff1a
apiVersion
\u548c kind
\uff1a\u8868\u793a\u8d44\u6e90\u7684 API \u7248\u672c\u548c\u7c7b\u578b\uff0cMPIJob
\u662f Kubeflow \u5b9a\u4e49\u7684\u81ea\u5b9a\u4e49\u8d44\u6e90\uff0c\u7528\u4e8e\u521b\u5efa MPI \u7c7b\u578b\u7684\u4efb\u52a1\u3002metadata
\uff1a\u5143\u6570\u636e\uff0c\u5305\u542b\u4efb\u52a1\u7684\u540d\u79f0\u7b49\u4fe1\u606f\u3002spec
\uff1a\u4efb\u52a1\u7684\u8be6\u7ec6\u914d\u7f6e\u3002slotsPerWorker
\uff1a\u6bcf\u4e2a Worker \u8282\u70b9\u7684\u69fd\u4f4d\u6570\u91cf\uff0c\u901a\u5e38\u8bbe\u7f6e\u4e3a 1\u3002runPolicy
\uff1a\u8fd0\u884c\u7b56\u7565\uff0c\u4f8b\u5982\u4efb\u52a1\u5b8c\u6210\u540e\u662f\u5426\u6e05\u7406 Pod\u3002mpiReplicaSpecs
\uff1aMPI \u4efb\u52a1\u7684\u526f\u672c\u914d\u7f6e\u3002Launcher
\uff1a\u542f\u52a8\u5668\uff0c\u8d1f\u8d23\u542f\u52a8 MPI \u4efb\u52a1\u3002replicas
\uff1a\u526f\u672c\u6570\uff0c\u901a\u5e38\u4e3a 1\u3002template
\uff1aPod \u6a21\u677f\uff0c\u5b9a\u4e49\u5bb9\u5668\u8fd0\u884c\u7684\u955c\u50cf\u3001\u547d\u4ee4\u3001\u8d44\u6e90\u7b49\u3002Worker
\uff1a\u5de5\u4f5c\u8282\u70b9\uff0c\u5b9e\u9645\u6267\u884c\u4efb\u52a1\u7684\u8ba1\u7b97\u8282\u70b9\u3002replicas
\uff1a\u526f\u672c\u6570\uff0c\u6839\u636e\u5e76\u884c\u9700\u6c42\u8bbe\u7f6e\uff0c\u8fd9\u91cc\u8bbe\u7f6e\u4e3a 2\u3002template
\uff1aPod \u6a21\u677f\uff0c\u540c\u6837\u5b9a\u4e49\u5bb9\u5668\u7684\u8fd0\u884c\u73af\u5883\u548c\u8d44\u6e90\u3002\u5728\u521b\u5efa MPI \u4efb\u52a1\u65f6\uff0c\u9700\u8981\u6839\u636e mpiReplicaSpecs
\u4e2d\u914d\u7f6e\u7684\u526f\u672c\u6570\uff0c\u6b63\u786e\u8bbe\u7f6e \u4efb\u52a1\u526f\u672c\u6570\u3002
Launcher
\u526f\u672c\u6570 + Worker
\u526f\u672c\u6570\u672c\u793a\u4f8b\u4e2d\uff1a
Launcher
\u526f\u672c\u6570\uff1a1Worker
\u526f\u672c\u6570\uff1a2\u56e0\u6b64\uff0c\u5728\u4efb\u52a1\u914d\u7f6e\u4e2d\uff0c\u60a8\u9700\u8981\u5c06 \u4efb\u52a1\u526f\u672c\u6570 \u8bbe\u7f6e\u4e3a 3\u3002
"},{"location":"end-user/baize/jobs/mpi.html#_6","title":"\u63d0\u4ea4\u4efb\u52a1","text":"\u914d\u7f6e\u5b8c\u6210\u540e\uff0c\u70b9\u51fb \u63d0\u4ea4 \u6309\u94ae\uff0c\u5f00\u59cb\u8fd0\u884c MPI \u4efb\u52a1\u3002
"},{"location":"end-user/baize/jobs/mpi.html#_7","title":"\u67e5\u770b\u8fd0\u884c\u7ed3\u679c","text":"\u4efb\u52a1\u63d0\u4ea4\u6210\u529f\u540e\uff0c\u60a8\u53ef\u4ee5\u8fdb\u5165 \u4efb\u52a1\u8be6\u60c5 \u9875\u9762\uff0c\u67e5\u770b\u8d44\u6e90\u7684\u4f7f\u7528\u60c5\u51b5\u548c\u4efb\u52a1\u7684\u8fd0\u884c\u72b6\u6001\u3002 \u4ece\u53f3\u4e0a\u89d2\u8fdb\u5165 \u5de5\u4f5c\u8d1f\u8f7d\u8be6\u60c5\uff0c\u53ef\u4ee5\u67e5\u770b\u8fd0\u884c\u8fc7\u7a0b\u4e2d\u6bcf\u4e2a\u8282\u70b9\u7684\u65e5\u5fd7\u8f93\u51fa\u3002
\u793a\u4f8b\u8f93\u51fa\uff1a
TensorFlow: 1.13\nModel: resnet101\nMode: training\nBatch size: 64\n...\n\nTotal images/sec: 125.67\n
\u8fd9\u8868\u793a MPI \u4efb\u52a1\u6210\u529f\u8fd0\u884c\uff0cTensorFlow \u57fa\u51c6\u6d4b\u8bd5\u7a0b\u5e8f\u5b8c\u6210\u4e86\u5206\u5e03\u5f0f\u8bad\u7ec3\u3002
"},{"location":"end-user/baize/jobs/mpi.html#_8","title":"\u5c0f\u7ed3","text":"\u901a\u8fc7\u672c\u6559\u7a0b\uff0c\u60a8\u5b66\u4e60\u4e86\u5982\u4f55\u5728 AI Lab \u5e73\u53f0\u4e0a\u521b\u5efa\u548c\u8fd0\u884c\u4e00\u4e2a MPI \u4efb\u52a1\u3002\u6211\u4eec\u8be6\u7ec6\u4ecb\u7ecd\u4e86 MPIJob \u7684\u914d\u7f6e\u65b9\u5f0f\uff0c \u4ee5\u53ca\u5982\u4f55\u5728\u4efb\u52a1\u4e2d\u6307\u5b9a\u8fd0\u884c\u7684\u547d\u4ee4\u548c\u8d44\u6e90\u9700\u6c42\u3002\u5e0c\u671b\u672c\u6559\u7a0b\u5bf9\u60a8\u6709\u6240\u5e2e\u52a9\uff0c\u5982\u6709\u4efb\u4f55\u95ee\u9898\uff0c\u8bf7\u53c2\u8003\u5e73\u53f0\u63d0\u4f9b\u7684\u5176\u4ed6\u6587\u6863\u6216\u8054\u7cfb\u6280\u672f\u652f\u6301\u3002
\u9644\u5f55 \uff1a
mpi4py
\u3001Horovod \u7b49\uff09\uff0c\u8bf7\u5728\u4efb\u52a1\u4e2d\u6dfb\u52a0\u5b89\u88c5\u547d\u4ee4\uff0c\u6216\u8005\u4f7f\u7528\u9884\u88c5\u4e86\u76f8\u5173\u4f9d\u8d56\u7684\u955c\u50cf\u3002Warning
\u7531\u4e8e Apache MXNet \u9879\u76ee\u5df2\u5b58\u6863\uff0c\u56e0\u6b64 Kubeflow MXJob \u5c06\u5728\u672a\u6765\u7684 Training Operator 1.9 \u7248\u672c\u4e2d\u5f03\u7528\u548c\u5220\u9664\u3002
Apache MXNet \u662f\u4e00\u4e2a\u9ad8\u6027\u80fd\u7684\u6df1\u5ea6\u5b66\u4e60\u6846\u67b6\uff0c\u652f\u6301\u591a\u79cd\u7f16\u7a0b\u8bed\u8a00\u3002MXNet \u4efb\u52a1\u53ef\u4ee5\u4f7f\u7528\u591a\u79cd\u65b9\u5f0f\u8fdb\u884c\u8bad\u7ec3\uff0c\u5305\u62ec\u5355\u673a\u6a21\u5f0f\u548c\u5206\u5e03\u5f0f\u6a21\u5f0f\u3002\u5728 AI Lab \u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86\u5bf9 MXNet \u4efb\u52a1\u7684\u652f\u6301\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7\u754c\u9762\u5316\u64cd\u4f5c\uff0c\u5feb\u901f\u521b\u5efa MXNet \u4efb\u52a1\uff0c\u8fdb\u884c\u6a21\u578b\u8bad\u7ec3\u3002
\u672c\u6559\u7a0b\u5c06\u6307\u5bfc\u60a8\u5982\u4f55\u5728 AI Lab \u5e73\u53f0\u4e0a\u521b\u5efa\u548c\u8fd0\u884c MXNet \u7684\u5355\u673a\u548c\u5206\u5e03\u5f0f\u4efb\u52a1\u3002
"},{"location":"end-user/baize/jobs/mxnet.html#_1","title":"\u4efb\u52a1\u914d\u7f6e\u4ecb\u7ecd","text":"MXNet
\uff0c\u652f\u6301\u5355\u673a\u548c\u5206\u5e03\u5f0f\u4e24\u79cd\u6a21\u5f0f\u3002\u6211\u4eec\u4f7f\u7528 release-ci.daocloud.io/baize/kubeflow/mxnet-gpu:latest
\u955c\u50cf\u4f5c\u4e3a\u4efb\u52a1\u7684\u57fa\u7840\u8fd0\u884c\u73af\u5883\u3002\u8be5\u955c\u50cf\u9884\u88c5\u4e86 MXNet \u53ca\u5176\u76f8\u5173\u4f9d\u8d56\uff0c\u652f\u6301 GPU \u52a0\u901f\u3002
\u6ce8\u610f\uff1a\u4e86\u89e3\u5982\u4f55\u521b\u5efa\u548c\u7ba1\u7406\u73af\u5883\uff0c\u8bf7\u53c2\u8003 \u73af\u5883\u5217\u8868\u3002
"},{"location":"end-user/baize/jobs/mxnet.html#mxnet_1","title":"\u521b\u5efa MXNet \u4efb\u52a1","text":""},{"location":"end-user/baize/jobs/mxnet.html#mxnet_2","title":"MXNet \u5355\u673a\u4efb\u52a1","text":""},{"location":"end-user/baize/jobs/mxnet.html#_3","title":"\u521b\u5efa\u6b65\u9aa4","text":"MXNet
\uff0c\u7136\u540e\u70b9\u51fb \u4e0b\u4e00\u6b65\u3002python3
\u547d\u4ee4\u53c2\u6570\uff1a
/mxnet/mxnet/example/gluon/mnist/mnist.py --epochs 10 --cuda\n
\u8bf4\u660e\uff1a
/mxnet/mxnet/example/gluon/mnist/mnist.py
\uff1aMXNet \u63d0\u4f9b\u7684 MNIST \u624b\u5199\u6570\u5b57\u8bc6\u522b\u793a\u4f8b\u811a\u672c\u3002--epochs 10
\uff1a\u8bbe\u7f6e\u8bad\u7ec3\u8f6e\u6570\u4e3a 10\u3002--cuda
\uff1a\u4f7f\u7528 CUDA \u8fdb\u884c GPU \u52a0\u901f\u3002\u4ee5\u4e0b\u662f\u5355\u673a MXJob \u7684 YAML \u914d\u7f6e\uff1a
apiVersion: \"kubeflow.org/v1\"\nkind: \"MXJob\"\nmetadata:\n name: \"mxnet-single-job\"\nspec:\n jobMode: MXTrain\n mxReplicaSpecs:\n Worker:\n replicas: 1\n restartPolicy: Never\n template:\n spec:\n containers:\n - name: mxnet\n image: release-ci.daocloud.io/baize/kubeflow/mxnet-gpu:latest\n command: [\"python3\"]\n args:\n [\n \"/mxnet/mxnet/example/gluon/mnist/mnist.py\",\n \"--epochs\",\n \"10\",\n \"--cuda\",\n ]\n ports:\n - containerPort: 9991\n name: mxjob-port\n resources:\n limits:\n cpu: \"2\"\n memory: 4Gi\n nvidia.com/gpu: 1\n requests:\n cpu: \"2\"\n memory: 4Gi\n nvidia.com/gpu: 1\n
\u914d\u7f6e\u89e3\u6790\uff1a
apiVersion
\u548c kind
\uff1a\u6307\u5b9a\u8d44\u6e90\u7684 API \u7248\u672c\u548c\u7c7b\u578b\uff0c\u8fd9\u91cc\u662f MXJob
\u3002metadata
\uff1a\u5143\u6570\u636e\uff0c\u5305\u62ec\u4efb\u52a1\u540d\u79f0\u7b49\u4fe1\u606f\u3002spec
\uff1a\u4efb\u52a1\u7684\u8be6\u7ec6\u914d\u7f6e\u3002jobMode
\uff1a\u8bbe\u7f6e\u4e3a MXTrain
\uff0c\u8868\u793a\u8bad\u7ec3\u4efb\u52a1\u3002mxReplicaSpecs
\uff1aMXNet \u4efb\u52a1\u7684\u526f\u672c\u914d\u7f6e\u3002Worker
\uff1a\u6307\u5b9a\u5de5\u4f5c\u8282\u70b9\u7684\u914d\u7f6e\u3002replicas
\uff1a\u526f\u672c\u6570\uff0c\u8fd9\u91cc\u4e3a 1\u3002restartPolicy
\uff1a\u91cd\u542f\u7b56\u7565\uff0c\u8bbe\u4e3a Never
\uff0c\u8868\u793a\u4efb\u52a1\u5931\u8d25\u65f6\u4e0d\u91cd\u542f\u3002template
\uff1aPod \u6a21\u677f\uff0c\u5b9a\u4e49\u5bb9\u5668\u7684\u8fd0\u884c\u73af\u5883\u548c\u8d44\u6e90\u3002containers
\uff1a\u5bb9\u5668\u5217\u8868\u3002name
\uff1a\u5bb9\u5668\u540d\u79f0\u3002image
\uff1a\u4f7f\u7528\u7684\u955c\u50cf\u3002command
\u548c args
\uff1a\u542f\u52a8\u547d\u4ee4\u548c\u53c2\u6570\u3002ports
\uff1a\u5bb9\u5668\u7aef\u53e3\u914d\u7f6e\u3002resources
\uff1a\u8d44\u6e90\u8bf7\u6c42\u548c\u9650\u5236\u3002\u914d\u7f6e\u5b8c\u6210\u540e\uff0c\u70b9\u51fb \u63d0\u4ea4 \u6309\u94ae\uff0c\u5f00\u59cb\u8fd0\u884c MXNet \u5355\u673a\u4efb\u52a1\u3002
"},{"location":"end-user/baize/jobs/mxnet.html#_7","title":"\u67e5\u770b\u8fd0\u884c\u7ed3\u679c","text":"\u4efb\u52a1\u63d0\u4ea4\u6210\u529f\u540e\uff0c\u60a8\u53ef\u4ee5\u8fdb\u5165 \u4efb\u52a1\u8be6\u60c5 \u9875\u9762\uff0c\u67e5\u770b\u8d44\u6e90\u7684\u4f7f\u7528\u60c5\u51b5\u548c\u4efb\u52a1\u7684\u8fd0\u884c\u72b6\u6001\u3002\u4ece\u53f3\u4e0a\u89d2\u8fdb\u5165 \u5de5\u4f5c\u8d1f\u8f7d\u8be6\u60c5\uff0c\u53ef\u4ee5\u67e5\u770b\u8fd0\u884c\u8fc7\u7a0b\u4e2d\u7684\u65e5\u5fd7\u8f93\u51fa\u3002
\u793a\u4f8b\u8f93\u51fa\uff1a
Epoch 1: accuracy=0.95\nEpoch 2: accuracy=0.97\n...\nEpoch 10: accuracy=0.98\nTraining completed.\n
\u8fd9\u8868\u793a MXNet \u5355\u673a\u4efb\u52a1\u6210\u529f\u8fd0\u884c\uff0c\u6a21\u578b\u8bad\u7ec3\u5b8c\u6210\u3002
"},{"location":"end-user/baize/jobs/mxnet.html#mxnet_3","title":"MXNet \u5206\u5e03\u5f0f\u4efb\u52a1","text":"\u5728\u5206\u5e03\u5f0f\u6a21\u5f0f\u4e0b\uff0cMXNet \u4efb\u52a1\u53ef\u4ee5\u4f7f\u7528\u591a\u53f0\u8ba1\u7b97\u8282\u70b9\u5171\u540c\u5b8c\u6210\u8bad\u7ec3\uff0c\u63d0\u9ad8\u8bad\u7ec3\u6548\u7387\u3002
"},{"location":"end-user/baize/jobs/mxnet.html#_8","title":"\u521b\u5efa\u6b65\u9aa4","text":"MXNet
\uff0c\u7136\u540e\u70b9\u51fb \u4e0b\u4e00\u6b65\u3002python3
\u547d\u4ee4\u53c2\u6570\uff1a
/mxnet/mxnet/example/image-classification/train_mnist.py --num-epochs 10 --num-layers 2 --kv-store dist_device_sync --gpus 0\n
\u8bf4\u660e\uff1a
/mxnet/mxnet/example/image-classification/train_mnist.py
\uff1aMXNet \u63d0\u4f9b\u7684\u56fe\u50cf\u5206\u7c7b\u793a\u4f8b\u811a\u672c\u3002--num-epochs 10
\uff1a\u8bad\u7ec3\u8f6e\u6570\u4e3a 10\u3002--num-layers 2
\uff1a\u6a21\u578b\u7684\u5c42\u6570\u4e3a 2\u3002--kv-store dist_device_sync
\uff1a\u4f7f\u7528\u5206\u5e03\u5f0f\u8bbe\u5907\u540c\u6b65\u6a21\u5f0f\u3002--gpus 0
\uff1a\u4f7f\u7528 GPU \u8fdb\u884c\u52a0\u901f\u3002\u4ee5\u4e0b\u662f\u5206\u5e03\u5f0f MXJob \u7684 YAML \u914d\u7f6e\uff1a
apiVersion: \"kubeflow.org/v1\"\nkind: \"MXJob\"\nmetadata:\n name: \"mxnet-job\"\nspec:\n jobMode: MXTrain\n mxReplicaSpecs:\n Scheduler:\n replicas: 1\n restartPolicy: Never\n template:\n spec:\n containers:\n - name: mxnet\n image: release-ci.daocloud.io/baize/kubeflow/mxnet-gpu:latest\n ports:\n - containerPort: 9991\n name: mxjob-port\n resources:\n limits:\n cpu: \"2\"\n memory: 4Gi\n nvidia.com/gpu: 1\n requests:\n cpu: \"2\"\n memory: 4Gi\n Server:\n replicas: 1\n restartPolicy: Never\n template:\n spec:\n containers:\n - name: mxnet\n image: release-ci.daocloud.io/baize/kubeflow/mxnet-gpu:latest\n ports:\n - containerPort: 9991\n name: mxjob-port\n resources:\n limits:\n cpu: \"2\"\n memory: 4Gi\n nvidia.com/gpu: 1\n requests:\n cpu: \"2\"\n memory: 4Gi\n Worker:\n replicas: 1\n restartPolicy: Never\n template:\n spec:\n containers:\n - name: mxnet\n image: release-ci.daocloud.io/baize/kubeflow/mxnet-gpu:latest\n command: [\"python3\"]\n args:\n [\n \"/mxnet/mxnet/example/image-classification/train_mnist.py\",\n \"--num-epochs\",\n \"10\",\n \"--num-layers\",\n \"2\",\n \"--kv-store\",\n \"dist_device_sync\",\n \"--gpus\",\n \"0\",\n ]\n ports:\n - containerPort: 9991\n name: mxjob-port\n resources:\n limits:\n cpu: \"2\"\n memory: 4Gi\n nvidia.com/gpu: 1\n requests:\n cpu: \"2\"\n memory: 4Gi\n
\u914d\u7f6e\u89e3\u6790\uff1a
\u5728\u521b\u5efa MXNet \u5206\u5e03\u5f0f\u4efb\u52a1\u65f6\uff0c\u9700\u8981\u6839\u636e mxReplicaSpecs
\u4e2d\u914d\u7f6e\u7684\u526f\u672c\u6570\uff0c\u6b63\u786e\u8bbe\u7f6e \u4efb\u52a1\u526f\u672c\u6570\u3002
\u56e0\u6b64\uff0c\u5728\u4efb\u52a1\u914d\u7f6e\u4e2d\uff0c\u9700\u8981\u5c06 \u4efb\u52a1\u526f\u672c\u6570 \u8bbe\u7f6e\u4e3a 3\u3002
"},{"location":"end-user/baize/jobs/mxnet.html#_12","title":"\u63d0\u4ea4\u4efb\u52a1","text":"\u914d\u7f6e\u5b8c\u6210\u540e\uff0c\u70b9\u51fb \u63d0\u4ea4 \u6309\u94ae\uff0c\u5f00\u59cb\u8fd0\u884c MXNet \u5206\u5e03\u5f0f\u4efb\u52a1\u3002
"},{"location":"end-user/baize/jobs/mxnet.html#_13","title":"\u67e5\u770b\u8fd0\u884c\u7ed3\u679c","text":"\u8fdb\u5165 \u4efb\u52a1\u8be6\u60c5 \u9875\u9762\uff0c\u67e5\u770b\u4efb\u52a1\u7684\u8fd0\u884c\u72b6\u6001\u548c\u8d44\u6e90\u4f7f\u7528\u60c5\u51b5\u3002\u60a8\u53ef\u4ee5\u67e5\u770b\u6bcf\u4e2a\u89d2\u8272\uff08Scheduler\u3001Server\u3001Worker\uff09\u7684\u65e5\u5fd7\u8f93\u51fa\u3002
\u793a\u4f8b\u8f93\u51fa\uff1a
INFO:root:Epoch[0] Batch [50] Speed: 1000 samples/sec accuracy=0.85\nINFO:root:Epoch[0] Batch [100] Speed: 1200 samples/sec accuracy=0.87\n...\nINFO:root:Epoch[9] Batch [100] Speed: 1300 samples/sec accuracy=0.98\nTraining completed.\n
\u8fd9\u8868\u793a MXNet \u5206\u5e03\u5f0f\u4efb\u52a1\u6210\u529f\u8fd0\u884c\uff0c\u6a21\u578b\u8bad\u7ec3\u5b8c\u6210\u3002
"},{"location":"end-user/baize/jobs/mxnet.html#_14","title":"\u5c0f\u7ed3","text":"\u901a\u8fc7\u672c\u6559\u7a0b\uff0c\u60a8\u5b66\u4e60\u4e86\u5982\u4f55\u5728 AI Lab \u5e73\u53f0\u4e0a\u521b\u5efa\u548c\u8fd0\u884c MXNet \u7684\u5355\u673a\u548c\u5206\u5e03\u5f0f\u4efb\u52a1\u3002\u6211\u4eec\u8be6\u7ec6\u4ecb\u7ecd\u4e86 MXJob \u7684\u914d\u7f6e\u65b9\u5f0f\uff0c\u4ee5\u53ca\u5982\u4f55\u5728\u4efb\u52a1\u4e2d\u6307\u5b9a\u8fd0\u884c\u7684\u547d\u4ee4\u548c\u8d44\u6e90\u9700\u6c42\u3002\u5e0c\u671b\u672c\u6559\u7a0b\u5bf9\u60a8\u6709\u6240\u5e2e\u52a9\uff0c\u5982\u6709\u4efb\u4f55\u95ee\u9898\uff0c\u8bf7\u53c2\u8003\u5e73\u53f0\u63d0\u4f9b\u7684\u5176\u4ed6\u6587\u6863\u6216\u8054\u7cfb\u6280\u672f\u652f\u6301\u3002
"},{"location":"end-user/baize/jobs/mxnet.html#_15","title":"\u9644\u5f55","text":"\u6ce8\u610f\u4e8b\u9879\uff1a
\u53c2\u8003\u6587\u6863\uff1a
PaddlePaddle\uff08\u98de\u6868\uff09\u662f\u767e\u5ea6\u5f00\u6e90\u7684\u6df1\u5ea6\u5b66\u4e60\u5e73\u53f0\uff0c\u652f\u6301\u4e30\u5bcc\u7684\u795e\u7ecf\u7f51\u7edc\u6a21\u578b\u548c\u5206\u5e03\u5f0f\u8bad\u7ec3\u65b9\u5f0f\u3002PaddlePaddle \u4efb\u52a1\u53ef\u4ee5\u901a\u8fc7\u5355\u673a\u6216\u5206\u5e03\u5f0f\u6a21\u5f0f\u8fdb\u884c\u8bad\u7ec3\u3002\u5728 AI Lab \u5e73\u53f0\u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86\u5bf9 PaddlePaddle \u4efb\u52a1\u7684\u652f\u6301\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7\u754c\u9762\u5316\u64cd\u4f5c\uff0c\u5feb\u901f\u521b\u5efa PaddlePaddle \u4efb\u52a1\uff0c\u8fdb\u884c\u6a21\u578b\u8bad\u7ec3\u3002
\u672c\u6559\u7a0b\u5c06\u6307\u5bfc\u60a8\u5982\u4f55\u5728 AI Lab \u5e73\u53f0\u4e0a\u521b\u5efa\u548c\u8fd0\u884c PaddlePaddle \u7684\u5355\u673a\u548c\u5206\u5e03\u5f0f\u4efb\u52a1\u3002
"},{"location":"end-user/baize/jobs/paddle.html#_1","title":"\u4efb\u52a1\u914d\u7f6e\u4ecb\u7ecd","text":"PaddlePaddle
\uff0c\u652f\u6301\u5355\u673a\u548c\u5206\u5e03\u5f0f\u4e24\u79cd\u6a21\u5f0f\u3002\u6211\u4eec\u4f7f\u7528 registry.baidubce.com/paddlepaddle/paddle:2.4.0rc0-cpu
\u955c\u50cf\u4f5c\u4e3a\u4efb\u52a1\u7684\u57fa\u7840\u8fd0\u884c\u73af\u5883\u3002\u8be5\u955c\u50cf\u9884\u88c5\u4e86 PaddlePaddle \u6846\u67b6\uff0c\u9002\u7528\u4e8e CPU \u8ba1\u7b97\u3002\u5982\u679c\u9700\u8981\u4f7f\u7528 GPU\uff0c\u8bf7\u9009\u62e9\u5bf9\u5e94\u7684 GPU \u7248\u672c\u955c\u50cf\u3002
\u6ce8\u610f\uff1a\u4e86\u89e3\u5982\u4f55\u521b\u5efa\u548c\u7ba1\u7406\u73af\u5883\uff0c\u8bf7\u53c2\u8003 \u73af\u5883\u5217\u8868\u3002
"},{"location":"end-user/baize/jobs/paddle.html#paddlepaddle_1","title":"\u521b\u5efa PaddlePaddle \u4efb\u52a1","text":""},{"location":"end-user/baize/jobs/paddle.html#paddlepaddle_2","title":"PaddlePaddle \u5355\u673a\u8bad\u7ec3\u4efb\u52a1","text":""},{"location":"end-user/baize/jobs/paddle.html#_3","title":"\u521b\u5efa\u6b65\u9aa4","text":"PaddlePaddle
\uff0c\u7136\u540e\u70b9\u51fb \u4e0b\u4e00\u6b65\u3002python
\u547d\u4ee4\u53c2\u6570\uff1a
-m paddle.distributed.launch run_check\n
\u8bf4\u660e\uff1a
-m paddle.distributed.launch
\uff1a\u4f7f\u7528 PaddlePaddle \u63d0\u4f9b\u7684\u5206\u5e03\u5f0f\u542f\u52a8\u6a21\u5757\uff0c\u5373\u4f7f\u5728\u5355\u673a\u6a21\u5f0f\u4e0b\u4e5f\u53ef\u4ee5\u4f7f\u7528\uff0c\u65b9\u4fbf\u5c06\u6765\u8fc1\u79fb\u5230\u5206\u5e03\u5f0f\u3002run_check
\uff1aPaddlePaddle \u63d0\u4f9b\u7684\u6d4b\u8bd5\u811a\u672c\uff0c\u7528\u4e8e\u68c0\u67e5\u5206\u5e03\u5f0f\u73af\u5883\u662f\u5426\u6b63\u5e38\u3002\u4ee5\u4e0b\u662f\u5355\u673a PaddleJob \u7684 YAML \u914d\u7f6e\uff1a
apiVersion: kubeflow.org/v1\nkind: PaddleJob\nmetadata:\n name: paddle-simple-cpu\n namespace: kubeflow\nspec:\n paddleReplicaSpecs:\n Worker:\n replicas: 1\n restartPolicy: OnFailure\n template:\n spec:\n containers:\n - name: paddle\n image: registry.baidubce.com/paddlepaddle/paddle:2.4.0rc0-cpu\n command:\n [\n 'python',\n '-m',\n 'paddle.distributed.launch',\n 'run_check',\n ]\n
\u914d\u7f6e\u89e3\u6790\uff1a
apiVersion
\u548c kind
\uff1a\u6307\u5b9a\u8d44\u6e90\u7684 API \u7248\u672c\u548c\u7c7b\u578b\uff0c\u8fd9\u91cc\u662f PaddleJob
\u3002metadata
\uff1a\u5143\u6570\u636e\uff0c\u5305\u62ec\u4efb\u52a1\u540d\u79f0\u548c\u547d\u540d\u7a7a\u95f4\u3002spec
\uff1a\u4efb\u52a1\u7684\u8be6\u7ec6\u914d\u7f6e\u3002paddleReplicaSpecs
\uff1aPaddlePaddle \u4efb\u52a1\u7684\u526f\u672c\u914d\u7f6e\u3002Worker
\uff1a\u6307\u5b9a\u5de5\u4f5c\u8282\u70b9\u7684\u914d\u7f6e\u3002replicas
\uff1a\u526f\u672c\u6570\uff0c\u8fd9\u91cc\u4e3a 1\uff0c\u8868\u793a\u5355\u673a\u8bad\u7ec3\u3002restartPolicy
\uff1a\u91cd\u542f\u7b56\u7565\uff0c\u8bbe\u4e3a OnFailure
\uff0c\u8868\u793a\u4efb\u52a1\u5931\u8d25\u65f6\u81ea\u52a8\u91cd\u542f\u3002template
\uff1aPod \u6a21\u677f\uff0c\u5b9a\u4e49\u5bb9\u5668\u7684\u8fd0\u884c\u73af\u5883\u548c\u8d44\u6e90\u3002containers
\uff1a\u5bb9\u5668\u5217\u8868\u3002name
\uff1a\u5bb9\u5668\u540d\u79f0\u3002image
\uff1a\u4f7f\u7528\u7684\u955c\u50cf\u3002command
\uff1a\u542f\u52a8\u547d\u4ee4\u548c\u53c2\u6570\u3002\u914d\u7f6e\u5b8c\u6210\u540e\uff0c\u70b9\u51fb \u63d0\u4ea4 \u6309\u94ae\uff0c\u5f00\u59cb\u8fd0\u884c PaddlePaddle \u5355\u673a\u4efb\u52a1\u3002
"},{"location":"end-user/baize/jobs/paddle.html#_7","title":"\u67e5\u770b\u8fd0\u884c\u7ed3\u679c","text":"\u4efb\u52a1\u63d0\u4ea4\u6210\u529f\u540e\uff0c\u60a8\u53ef\u4ee5\u8fdb\u5165 \u4efb\u52a1\u8be6\u60c5 \u9875\u9762\uff0c\u67e5\u770b\u8d44\u6e90\u7684\u4f7f\u7528\u60c5\u51b5\u548c\u4efb\u52a1\u7684\u8fd0\u884c\u72b6\u6001\u3002\u4ece\u53f3\u4e0a\u89d2\u8fdb\u5165 \u5de5\u4f5c\u8d1f\u8f7d\u8be6\u60c5\uff0c\u53ef\u4ee5\u67e5\u770b\u8fd0\u884c\u8fc7\u7a0b\u4e2d\u7684\u65e5\u5fd7\u8f93\u51fa\u3002
\u793a\u4f8b\u8f93\u51fa\uff1a
run check success, PaddlePaddle is installed correctly on this node :)\n
\u8fd9\u8868\u793a PaddlePaddle \u5355\u673a\u4efb\u52a1\u6210\u529f\u8fd0\u884c\uff0c\u73af\u5883\u914d\u7f6e\u6b63\u5e38\u3002
"},{"location":"end-user/baize/jobs/paddle.html#paddlepaddle_3","title":"PaddlePaddle \u5206\u5e03\u5f0f\u8bad\u7ec3\u4efb\u52a1","text":"\u5728\u5206\u5e03\u5f0f\u6a21\u5f0f\u4e0b\uff0cPaddlePaddle \u4efb\u52a1\u53ef\u4ee5\u4f7f\u7528\u591a\u53f0\u8ba1\u7b97\u8282\u70b9\u5171\u540c\u5b8c\u6210\u8bad\u7ec3\uff0c\u63d0\u9ad8\u8bad\u7ec3\u6548\u7387\u3002
"},{"location":"end-user/baize/jobs/paddle.html#_8","title":"\u521b\u5efa\u6b65\u9aa4","text":"PaddlePaddle
\uff0c\u7136\u540e\u70b9\u51fb \u4e0b\u4e00\u6b65\u3002python
\u547d\u4ee4\u53c2\u6570\uff1a
-m paddle.distributed.launch train.py --epochs=10\n
\u8bf4\u660e\uff1a
-m paddle.distributed.launch
\uff1a\u4f7f\u7528 PaddlePaddle \u63d0\u4f9b\u7684\u5206\u5e03\u5f0f\u542f\u52a8\u6a21\u5757\u3002train.py
\uff1a\u60a8\u7684\u8bad\u7ec3\u811a\u672c\uff0c\u9700\u8981\u653e\u5728\u955c\u50cf\u4e2d\u6216\u6302\u8f7d\u5230\u5bb9\u5668\u5185\u3002--epochs=10
\uff1a\u8bad\u7ec3\u7684\u8f6e\u6570\uff0c\u8fd9\u91cc\u8bbe\u7f6e\u4e3a 10\u3002Worker
\u526f\u672c\u6570\u8bbe\u7f6e\uff0c\u8fd9\u91cc\u4e3a 2\u3002\u4ee5\u4e0b\u662f\u5206\u5e03\u5f0f PaddleJob \u7684 YAML \u914d\u7f6e\uff1a
apiVersion: kubeflow.org/v1\nkind: PaddleJob\nmetadata:\n name: paddle-distributed-job\n namespace: kubeflow\nspec:\n paddleReplicaSpecs:\n Worker:\n replicas: 2\n restartPolicy: OnFailure\n template:\n spec:\n containers:\n - name: paddle\n image: registry.baidubce.com/paddlepaddle/paddle:2.4.0rc0-cpu\n command:\n [\n 'python',\n '-m',\n 'paddle.distributed.launch',\n 'train.py',\n ]\n args:\n - '--epochs=10'\n
\u914d\u7f6e\u89e3\u6790\uff1a
Worker
\uff1areplicas
\uff1a\u526f\u672c\u6570\uff0c\u8bbe\u7f6e\u4e3a 2\uff0c\u8868\u793a\u4f7f\u7528 2 \u4e2a\u5de5\u4f5c\u8282\u70b9\u8fdb\u884c\u5206\u5e03\u5f0f\u8bad\u7ec3\u3002\u5728\u521b\u5efa PaddlePaddle \u5206\u5e03\u5f0f\u4efb\u52a1\u65f6\uff0c\u9700\u8981\u6839\u636e paddleReplicaSpecs
\u4e2d\u914d\u7f6e\u7684\u526f\u672c\u6570\uff0c\u6b63\u786e\u8bbe\u7f6e \u4efb\u52a1\u526f\u672c\u6570\u3002
Worker
\u526f\u672c\u6570Worker
\u526f\u672c\u6570\uff1a2\u56e0\u6b64\uff0c\u5728\u4efb\u52a1\u914d\u7f6e\u4e2d\uff0c\u9700\u8981\u5c06 \u4efb\u52a1\u526f\u672c\u6570 \u8bbe\u7f6e\u4e3a 2\u3002
"},{"location":"end-user/baize/jobs/paddle.html#_12","title":"\u63d0\u4ea4\u4efb\u52a1","text":"\u914d\u7f6e\u5b8c\u6210\u540e\uff0c\u70b9\u51fb \u63d0\u4ea4 \u6309\u94ae\uff0c\u5f00\u59cb\u8fd0\u884c PaddlePaddle \u5206\u5e03\u5f0f\u4efb\u52a1\u3002
"},{"location":"end-user/baize/jobs/paddle.html#_13","title":"\u67e5\u770b\u8fd0\u884c\u7ed3\u679c","text":"\u8fdb\u5165 \u4efb\u52a1\u8be6\u60c5 \u9875\u9762\uff0c\u67e5\u770b\u4efb\u52a1\u7684\u8fd0\u884c\u72b6\u6001\u548c\u8d44\u6e90\u4f7f\u7528\u60c5\u51b5\u3002\u60a8\u53ef\u4ee5\u67e5\u770b\u6bcf\u4e2a\u5de5\u4f5c\u8282\u70b9\u7684\u65e5\u5fd7\u8f93\u51fa\uff0c\u786e\u8ba4\u5206\u5e03\u5f0f\u8bad\u7ec3\u662f\u5426\u6b63\u5e38\u8fd0\u884c\u3002
\u793a\u4f8b\u8f93\u51fa\uff1a
Worker 0: Epoch 1, Batch 100, Loss 0.5\nWorker 1: Epoch 1, Batch 100, Loss 0.6\n...\nTraining completed.\n
\u8fd9\u8868\u793a PaddlePaddle \u5206\u5e03\u5f0f\u4efb\u52a1\u6210\u529f\u8fd0\u884c\uff0c\u6a21\u578b\u8bad\u7ec3\u5b8c\u6210\u3002
"},{"location":"end-user/baize/jobs/paddle.html#_14","title":"\u5c0f\u7ed3","text":"\u901a\u8fc7\u672c\u6559\u7a0b\uff0c\u60a8\u5b66\u4e60\u4e86\u5982\u4f55\u5728 AI Lab \u5e73\u53f0\u4e0a\u521b\u5efa\u548c\u8fd0\u884c PaddlePaddle \u7684\u5355\u673a\u548c\u5206\u5e03\u5f0f\u4efb\u52a1\u3002\u6211\u4eec\u8be6\u7ec6\u4ecb\u7ecd\u4e86 PaddleJob \u7684\u914d\u7f6e\u65b9\u5f0f\uff0c\u4ee5\u53ca\u5982\u4f55\u5728\u4efb\u52a1\u4e2d\u6307\u5b9a\u8fd0\u884c\u7684\u547d\u4ee4\u548c\u8d44\u6e90\u9700\u6c42\u3002\u5e0c\u671b\u672c\u6559\u7a0b\u5bf9\u60a8\u6709\u6240\u5e2e\u52a9\uff0c\u5982\u6709\u4efb\u4f55\u95ee\u9898\uff0c\u8bf7\u53c2\u8003\u5e73\u53f0\u63d0\u4f9b\u7684\u5176\u4ed6\u6587\u6863\u6216\u8054\u7cfb\u6280\u672f\u652f\u6301\u3002
"},{"location":"end-user/baize/jobs/paddle.html#_15","title":"\u9644\u5f55","text":"\u6ce8\u610f\u4e8b\u9879\uff1a
train.py
\uff08\u6216\u5176\u4ed6\u8bad\u7ec3\u811a\u672c\uff09\u5728\u5bb9\u5668\u5185\u5b58\u5728\u3002\u60a8\u53ef\u4ee5\u901a\u8fc7\u81ea\u5b9a\u4e49\u955c\u50cf\u3001\u6302\u8f7d\u6301\u4e45\u5316\u5b58\u50a8\u7b49\u65b9\u5f0f\u5c06\u811a\u672c\u653e\u5165\u5bb9\u5668\u3002paddle:2.4.0rc0-gpu
\u7b49\u3002command
\u548c args
\u6765\u4f20\u9012\u4e0d\u540c\u7684\u8bad\u7ec3\u53c2\u6570\u3002\u53c2\u8003\u6587\u6863\uff1a
Pytorch \u662f\u4e00\u4e2a\u5f00\u6e90\u7684\u6df1\u5ea6\u5b66\u4e60\u6846\u67b6\uff0c\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u7075\u6d3b\u7684\u8bad\u7ec3\u548c\u90e8\u7f72\u73af\u5883\u3002 Pytorch \u4efb\u52a1\u662f\u4e00\u4e2a\u4f7f\u7528 Pytorch \u6846\u67b6\u7684\u4efb\u52a1\u3002
\u5728 AI Lab \u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86 Pytorch \u4efb\u52a1\u652f\u6301\u548c\u9002\u914d\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7\u754c\u9762\u5316\u64cd\u4f5c\uff0c \u5feb\u901f\u521b\u5efa Pytorch \u4efb\u52a1\uff0c\u8fdb\u884c\u6a21\u578b\u8bad\u7ec3\u3002
"},{"location":"end-user/baize/jobs/pytorch.html#_1","title":"\u4efb\u52a1\u914d\u7f6e\u4ecb\u7ecd","text":"Pytorch \u5355\u673a
\u548c Pytorch \u5206\u5e03\u5f0f
\u4e24\u79cd\u6a21\u5f0f\u3002\u5728\u8fd9\u91cc\u6211\u4eec\u4f7f\u7528 baize-notebook
\u57fa\u7840\u955c\u50cf \u548c \u5173\u8054\u73af\u5883
\u7684\u65b9\u5f0f\u6765\u4f5c\u4e3a\u4efb\u52a1\u57fa\u7840\u8fd0\u884c\u73af\u5883\u3002
\u4e86\u89e3\u5982\u4f55\u521b\u5efa\u73af\u5883\uff0c\u8bf7\u53c2\u8003\u73af\u5883\u5217\u8868\u3002
"},{"location":"end-user/baize/jobs/pytorch.html#_3","title":"\u521b\u5efa\u4efb\u52a1","text":""},{"location":"end-user/baize/jobs/pytorch.html#pytorch_1","title":"Pytorch \u5355\u673a\u4efb\u52a1","text":"Pytorch \u5355\u673a
\uff0c\u70b9\u51fb \u4e0b\u4e00\u6b65 \u3002bash
import torch\nimport torch.nn as nn\nimport torch.optim as optim\n\n# \u5b9a\u4e49\u4e00\u4e2a\u7b80\u5355\u7684\u795e\u7ecf\u7f51\u7edc\nclass SimpleNet(nn.Module):\n def __init__(self):\n super(SimpleNet, self).__init__()\n self.fc = nn.Linear(10, 1)\n\n def forward(self, x):\n return self.fc(x)\n\n# \u521b\u5efa\u6a21\u578b\u3001\u635f\u5931\u51fd\u6570\u548c\u4f18\u5316\u5668\nmodel = SimpleNet()\ncriterion = nn.MSELoss()\noptimizer = optim.SGD(model.parameters(), lr=0.01)\n\n# \u751f\u6210\u4e00\u4e9b\u968f\u673a\u6570\u636e\nx = torch.randn(100, 10)\ny = torch.randn(100, 1)\n\n# \u8bad\u7ec3\u6a21\u578b\nfor epoch in range(100):\n # \u524d\u5411\u4f20\u64ad\n outputs = model(x)\n loss = criterion(outputs, y)\n\n # \u53cd\u5411\u4f20\u64ad\u548c\u4f18\u5316\n optimizer.zero_grad()\n loss.backward()\n optimizer.step()\n\n if (epoch + 1) % 10 == 0:\n print(f'Epoch [{epoch+1}/100], Loss: {loss.item():.4f}')\n\nprint('Training finished.')\n
"},{"location":"end-user/baize/jobs/pytorch.html#_5","title":"\u8fd0\u884c\u7ed3\u679c","text":"\u4efb\u52a1\u63d0\u4ea4\u6210\u529f\uff0c\u6211\u4eec\u53ef\u4ee5\u8fdb\u5165\u4efb\u52a1\u8be6\u60c5\u67e5\u770b\u5230\u8d44\u6e90\u7684\u4f7f\u7528\u60c5\u51b5\uff0c\u4ece\u53f3\u4e0a\u89d2\u53bb\u5f80 \u5de5\u4f5c\u8d1f\u8f7d\u8be6\u60c5 \uff0c\u53ef\u4ee5\u67e5\u770b\u8bad\u7ec3\u8fc7\u7a0b\u4e2d\u7684\u65e5\u5fd7\u8f93\u51fa
[HAMI-core Warn(1:140244541377408:utils.c:183)]: get default cuda from (null)\n[HAMI-core Msg(1:140244541377408:libvgpu.c:855)]: Initialized\nEpoch [10/100], Loss: 1.1248\nEpoch [20/100], Loss: 1.0486\nEpoch [30/100], Loss: 0.9969\nEpoch [40/100], Loss: 0.9611\nEpoch [50/100], Loss: 0.9360\nEpoch [60/100], Loss: 0.9182\nEpoch [70/100], Loss: 0.9053\nEpoch [80/100], Loss: 0.8960\nEpoch [90/100], Loss: 0.8891\nEpoch [100/100], Loss: 0.8841\nTraining finished.\n[HAMI-core Msg(1:140244541377408:multiprocess_memory_limit.c:468)]: Calling exit handler 1\n
"},{"location":"end-user/baize/jobs/pytorch.html#pytorch_2","title":"Pytorch \u5206\u5e03\u5f0f\u4efb\u52a1","text":"Pytorch \u5206\u5e03\u5f0f
\uff0c\u70b9\u51fb \u4e0b\u4e00\u6b65 \u3002bash
import os\nimport torch\nimport torch.distributed as dist\nimport torch.nn as nn\nimport torch.optim as optim\nfrom torch.nn.parallel import DistributedDataParallel as DDP\n\nclass SimpleModel(nn.Module):\n def __init__(self):\n super(SimpleModel, self).__init__()\n self.fc = nn.Linear(10, 1)\n\n def forward(self, x):\n return self.fc(x)\n\ndef train():\n # \u6253\u5370\u73af\u5883\u4fe1\u606f\n print(f'PyTorch version: {torch.__version__}')\n print(f'CUDA available: {torch.cuda.is_available()}')\n if torch.cuda.is_available():\n print(f'CUDA version: {torch.version.cuda}')\n print(f'CUDA device count: {torch.cuda.device_count()}')\n\n rank = int(os.environ.get('RANK', '0'))\n world_size = int(os.environ.get('WORLD_SIZE', '1'))\n\n print(f'Rank: {rank}, World Size: {world_size}')\n\n # \u521d\u59cb\u5316\u5206\u5e03\u5f0f\u73af\u5883\n try:\n if world_size > 1:\n dist.init_process_group('nccl')\n print('Distributed process group initialized successfully')\n else:\n print('Running in non-distributed mode')\n except Exception as e:\n print(f'Error initializing process group: {e}')\n return\n\n # \u8bbe\u7f6e\u8bbe\u5907\n try:\n if torch.cuda.is_available():\n device = torch.device(f'cuda:{rank % torch.cuda.device_count()}')\n print(f'Using CUDA device: {device}')\n else:\n device = torch.device('cpu')\n print('CUDA not available, using CPU')\n except Exception as e:\n print(f'Error setting device: {e}')\n device = torch.device('cpu')\n print('Falling back to CPU')\n\n try:\n model = SimpleModel().to(device)\n print('Model moved to device successfully')\n except Exception as e:\n print(f'Error moving model to device: {e}')\n return\n\n try:\n if world_size > 1:\n ddp_model = DDP(model, device_ids=[rank % torch.cuda.device_count()] if torch.cuda.is_available() else None)\n print('DDP model created successfully')\n else:\n ddp_model = model\n print('Using non-distributed model')\n except Exception as e:\n print(f'Error creating DDP model: {e}')\n return\n\n loss_fn = nn.MSELoss()\n optimizer = optim.SGD(ddp_model.parameters(), lr=0.001)\n\n # \u751f\u6210\u4e00\u4e9b\u968f\u673a\u6570\u636e\n try:\n data = torch.randn(100, 10, device=device)\n labels = torch.randn(100, 1, device=device)\n print('Data generated and moved to device successfully')\n except Exception as e:\n print(f'Error generating or moving data to device: {e}')\n return\n\n for epoch in range(10):\n try:\n ddp_model.train()\n outputs = ddp_model(data)\n loss = loss_fn(outputs, labels)\n optimizer.zero_grad()\n loss.backward()\n optimizer.step()\n\n if rank == 0:\n print(f'Epoch {epoch}, Loss: {loss.item():.4f}')\n except Exception as e:\n print(f'Error during training epoch {epoch}: {e}')\n break\n\n if world_size > 1:\n dist.destroy_process_group()\n\nif __name__ == '__main__':\n train()\n
"},{"location":"end-user/baize/jobs/pytorch.html#_7","title":"\u4efb\u52a1\u526f\u672c\u6570","text":"\u6ce8\u610f Pytorch \u5206\u5e03\u5f0f
\u8bad\u7ec3\u4efb\u52a1\u4f1a\u521b\u5efa\u4e00\u7ec4 Master
\u548c Worker
\u7684\u8bad\u7ec3 Pod\uff0c Master
\u8d1f\u8d23\u534f\u8c03\u8bad\u7ec3\u4efb\u52a1\uff0cWorker
\u8d1f\u8d23\u5b9e\u9645\u7684\u8bad\u7ec3\u5de5\u4f5c\u3002
Note
\u672c\u6b21\u6f14\u793a\u4e2d\uff1aMaster
\u526f\u672c\u6570\u4e3a 1\uff0cWorker
\u526f\u672c\u6570\u4e3a 2\uff1b \u6240\u4ee5\u6211\u4eec\u9700\u8981\u5728 \u4efb\u52a1\u914d\u7f6e \u4e2d\u8bbe\u7f6e\u526f\u672c\u6570\u4e3a 3\uff0c\u5373 Master
\u526f\u672c\u6570 + Worker
\u526f\u672c\u6570\u3002 Pytorch \u4f1a\u81ea\u52a8\u8c03\u8c10 Master
\u548c Worker
\u7684\u89d2\u8272\u3002
\u540c\u6837\uff0c\u6211\u4eec\u53ef\u4ee5\u8fdb\u5165\u4efb\u52a1\u8be6\u60c5\uff0c\u67e5\u770b\u8d44\u6e90\u7684\u4f7f\u7528\u60c5\u51b5\uff0c\u4ee5\u53ca\u6bcf\u4e2a Pod \u7684\u65e5\u5fd7\u8f93\u51fa\u3002
"},{"location":"end-user/baize/jobs/tensorboard.html","title":"\u4efb\u52a1\u5206\u6790\u4ecb\u7ecd","text":"\u5728 AI Lab \u6a21\u5757\u4e2d\uff0c\u63d0\u4f9b\u4e86\u6a21\u578b\u5f00\u53d1\u8fc7\u7a0b\u91cd\u8981\u7684\u53ef\u89c6\u5316\u5206\u6790\u5de5\u5177\uff0c\u7528\u4e8e\u5c55\u793a\u673a\u5668\u5b66\u4e60\u6a21\u578b\u7684\u8bad\u7ec3\u8fc7\u7a0b\u548c\u7ed3\u679c\u3002 \u672c\u6587\u5c06\u4ecb\u7ecd \u4efb\u52a1\u5206\u6790\uff08Tensorboard\uff09\u7684\u57fa\u672c\u6982\u5ff5\u3001\u5728 AI Lab \u7cfb\u7edf\u4e2d\u7684\u4f7f\u7528\u65b9\u6cd5\uff0c\u4ee5\u53ca\u5982\u4f55\u914d\u7f6e\u6570\u636e\u96c6\u7684\u65e5\u5fd7\u5185\u5bb9\u3002
Note
Tensorboard \u662f TensorFlow \u63d0\u4f9b\u7684\u4e00\u4e2a\u53ef\u89c6\u5316\u5de5\u5177\uff0c\u7528\u4e8e\u5c55\u793a\u673a\u5668\u5b66\u4e60\u6a21\u578b\u7684\u8bad\u7ec3\u8fc7\u7a0b\u548c\u7ed3\u679c\u3002 \u5b83\u53ef\u4ee5\u5e2e\u52a9\u5f00\u53d1\u8005\u66f4\u76f4\u89c2\u5730\u7406\u89e3\u6a21\u578b\u7684\u8bad\u7ec3\u52a8\u6001\uff0c\u5206\u6790\u6a21\u578b\u6027\u80fd\uff0c\u8c03\u8bd5\u6a21\u578b\u95ee\u9898\u7b49\u3002
Tensorboard \u5728\u6a21\u578b\u5f00\u53d1\u8fc7\u7a0b\u4e2d\u7684\u4f5c\u7528\u53ca\u4f18\u52bf\uff1a
\u5728 AI Lab \u7cfb\u7edf\u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86\u4fbf\u6377\u7684\u65b9\u5f0f\u6765\u521b\u5efa\u548c\u7ba1\u7406 Tensorboard\u3002\u4ee5\u4e0b\u662f\u5177\u4f53\u6b65\u9aa4\uff1a
"},{"location":"end-user/baize/jobs/tensorboard.html#notebook-tensorboard","title":"\u5728\u521b\u5efa\u65f6 Notebook \u542f\u7528 Tensorboard","text":"\u542f\u7528 Tensorboard\uff1a\u5728\u521b\u5efa Notebook \u7684\u9875\u9762\u4e2d\uff0c\u542f\u7528 Tensorboard \u9009\u9879\uff0c\u5e76\u6307\u5b9a\u6570\u636e\u96c6\u548c\u65e5\u5fd7\u8def\u5f84\u3002
\u4efb\u52a1\u5b8c\u6210\u540e\u67e5\u770b Tensorboard\uff1a\u4efb\u52a1\u5b8c\u6210\u540e\uff0c\u53ef\u4ee5\u5728\u4efb\u52a1\u8be6\u60c5\u9875\u9762\u4e2d\u67e5\u770b Tensorboard \u7684\u94fe\u63a5\uff0c\u70b9\u51fb\u94fe\u63a5\u5373\u53ef\u67e5\u770b\u8bad\u7ec3\u8fc7\u7a0b\u7684\u53ef\u89c6\u5316\u7ed3\u679c\u3002
\u5728 Notebook \u4e2d\uff0c\u53ef\u4ee5\u901a\u8fc7\u4ee3\u7801\u76f4\u63a5\u542f\u52a8 Tensorboard\u3002\u4ee5\u4e0b\u662f\u4e00\u4e2a\u793a\u4f8b\u4ee3\u7801\uff1a
# \u5bfc\u5165\u5fc5\u8981\u7684\u5e93\nimport tensorflow as tf\nimport datetime\n\n# \u5b9a\u4e49\u65e5\u5fd7\u76ee\u5f55\nlog_dir = \"logs/fit/\" + datetime.datetime.now().strftime(\"%Y%m%d-%H%M%S\")\n\n# \u521b\u5efa Tensorboard \u56de\u8c03\ntensorboard_callback = tf.keras.callbacks.TensorBoard(log_dir=log_dir, histogram_freq=1)\n\n# \u6784\u5efa\u5e76\u7f16\u8bd1\u6a21\u578b\nmodel = tf.keras.models.Sequential([\n tf.keras.layers.Flatten(input_shape=(28, 28)),\n tf.keras.layers.Dense(512, activation='relu'),\n tf.keras.layers.Dropout(0.2),\n tf.keras.layers.Dense(10, activation='softmax')\n])\n\nmodel.compile(optimizer='adam',\n loss='sparse_categorical_crossentropy',\n metrics=['accuracy'])\n\n# \u8bad\u7ec3\u6a21\u578b\u5e76\u542f\u7528 Tensorboard \u56de\u8c03\nmodel.fit(x_train, y_train, epochs=5, validation_data=(x_test, y_test), callbacks=[tensorboard_callback])\n
"},{"location":"end-user/baize/jobs/tensorboard.html#_2","title":"\u5982\u4f55\u914d\u7f6e\u6570\u636e\u96c6\u7684\u65e5\u5fd7\u5185\u5bb9","text":"\u5728\u4f7f\u7528 Tensorboard \u65f6\uff0c\u53ef\u4ee5\u8bb0\u5f55\u548c\u914d\u7f6e\u4e0d\u540c\u7684\u6570\u636e\u96c6\u548c\u65e5\u5fd7\u5185\u5bb9\u3002\u4ee5\u4e0b\u662f\u4e00\u4e9b\u5e38\u89c1\u7684\u914d\u7f6e\u65b9\u5f0f\uff1a
"},{"location":"end-user/baize/jobs/tensorboard.html#_3","title":"\u914d\u7f6e\u8bad\u7ec3\u548c\u9a8c\u8bc1\u6570\u636e\u96c6\u7684\u65e5\u5fd7","text":"\u5728\u8bad\u7ec3\u6a21\u578b\u65f6\uff0c\u53ef\u4ee5\u901a\u8fc7 TensorFlow \u7684 tf.summary
API \u6765\u8bb0\u5f55\u8bad\u7ec3\u548c\u9a8c\u8bc1\u6570\u636e\u96c6\u7684\u65e5\u5fd7\u3002\u4ee5\u4e0b\u662f\u4e00\u4e2a\u793a\u4f8b\u4ee3\u7801\uff1a
# \u5bfc\u5165\u5fc5\u8981\u7684\u5e93\nimport tensorflow as tf\n\n# \u521b\u5efa\u65e5\u5fd7\u76ee\u5f55\ntrain_log_dir = 'logs/gradient_tape/train'\nval_log_dir = 'logs/gradient_tape/val'\ntrain_summary_writer = tf.summary.create_file_writer(train_log_dir)\nval_summary_writer = tf.summary.create_file_writer(val_log_dir)\n\n# \u8bad\u7ec3\u6a21\u578b\u5e76\u8bb0\u5f55\u65e5\u5fd7\nfor epoch in range(EPOCHS):\n for (x_train, y_train) in train_dataset:\n # \u8bad\u7ec3\u6b65\u9aa4\n train_step(x_train, y_train)\n with train_summary_writer.as_default():\n tf.summary.scalar('loss', train_loss.result(), step=epoch)\n tf.summary.scalar('accuracy', train_accuracy.result(), step=epoch)\n\n for (x_val, y_val) in val_dataset:\n # \u9a8c\u8bc1\u6b65\u9aa4\n val_step(x_val, y_val)\n with val_summary_writer.as_default():\n tf.summary.scalar('loss', val_loss.result(), step=epoch)\n tf.summary.scalar('accuracy', val_accuracy.result(), step=epoch)\n
"},{"location":"end-user/baize/jobs/tensorboard.html#_4","title":"\u914d\u7f6e\u81ea\u5b9a\u4e49\u65e5\u5fd7","text":"\u9664\u4e86\u8bad\u7ec3\u548c\u9a8c\u8bc1\u6570\u636e\u96c6\u7684\u65e5\u5fd7\u5916\uff0c\u8fd8\u53ef\u4ee5\u8bb0\u5f55\u5176\u4ed6\u81ea\u5b9a\u4e49\u7684\u65e5\u5fd7\u5185\u5bb9\uff0c\u4f8b\u5982\u5b66\u4e60\u7387\u3001\u68af\u5ea6\u5206\u5e03\u7b49\u3002\u4ee5\u4e0b\u662f\u4e00\u4e2a\u793a\u4f8b\u4ee3\u7801\uff1a
# \u8bb0\u5f55\u81ea\u5b9a\u4e49\u65e5\u5fd7\nwith train_summary_writer.as_default():\n tf.summary.scalar('learning_rate', learning_rate, step=epoch)\n tf.summary.histogram('gradients', gradients, step=epoch)\n
"},{"location":"end-user/baize/jobs/tensorboard.html#tensorboard_2","title":"Tensorboard \u7ba1\u7406","text":"\u5728 AI Lab \u4e2d\uff0c\u901a\u8fc7\u5404\u79cd\u65b9\u5f0f\u521b\u5efa\u51fa\u6765\u7684 Tensorboard \u4f1a\u7edf\u4e00\u5c55\u793a\u5728\u4efb\u52a1\u5206\u6790\u7684\u9875\u9762\u4e2d\uff0c\u65b9\u4fbf\u7528\u6237\u67e5\u770b\u548c\u7ba1\u7406\u3002
\u7528\u6237\u53ef\u4ee5\u5728\u4efb\u52a1\u5206\u6790\u9875\u9762\u4e2d\u67e5\u770b Tensorboard \u7684\u94fe\u63a5\u3001\u72b6\u6001\u3001\u521b\u5efa\u65f6\u95f4\u7b49\u4fe1\u606f\uff0c\u5e76\u901a\u8fc7\u94fe\u63a5\u76f4\u63a5\u8bbf\u95ee Tensorboard \u7684\u53ef\u89c6\u5316\u7ed3\u679c\u3002
"},{"location":"end-user/baize/jobs/tensorflow.html","title":"Tensorflow \u4efb\u52a1","text":"Tensorflow \u662f\u9664\u4e86 Pytorch \u53e6\u5916\u4e00\u4e2a\u975e\u5e38\u6d3b\u8dc3\u7684\u5f00\u6e90\u7684\u6df1\u5ea6\u5b66\u4e60\u6846\u67b6\uff0c\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u7075\u6d3b\u7684\u8bad\u7ec3\u548c\u90e8\u7f72\u73af\u5883\u3002
\u5728 AI Lab \u4e2d\uff0c\u6211\u4eec\u540c\u6837\u63d0\u4f9b\u4e86 Tensorflow \u6846\u67b6\u7684\u652f\u6301\u548c\u9002\u914d\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7\u754c\u9762\u5316\u64cd\u4f5c\uff0c\u5feb\u901f\u521b\u5efa Tensorflow \u4efb\u52a1\uff0c\u8fdb\u884c\u6a21\u578b\u8bad\u7ec3\u3002
"},{"location":"end-user/baize/jobs/tensorflow.html#_1","title":"\u4efb\u52a1\u914d\u7f6e\u4ecb\u7ecd","text":"Tensorflow \u5355\u673a
\u548c Tensorflow \u5206\u5e03\u5f0f
\u4e24\u79cd\u6a21\u5f0f\u3002\u5728\u8fd9\u91cc\u6211\u4eec\u4f7f\u7528 baize-notebook
\u57fa\u7840\u955c\u50cf \u548c \u5173\u8054\u73af\u5883
\u7684\u65b9\u5f0f\u6765\u4f5c\u4e3a\u4efb\u52a1\u57fa\u7840\u8fd0\u884c\u73af\u5883\u3002
\u4e86\u89e3\u5982\u4f55\u521b\u5efa\u73af\u5883\uff0c\u8bf7\u53c2\u8003\u73af\u5883\u5217\u8868\u3002
"},{"location":"end-user/baize/jobs/tensorflow.html#_3","title":"\u521b\u5efa\u4efb\u52a1","text":""},{"location":"end-user/baize/jobs/tensorflow.html#tfjob","title":"\u793a\u4f8b TFJob \u5355\u673a\u4efb\u52a1","text":"Tensorflow \u5355\u673a
\uff0c\u70b9\u51fb \u4e0b\u4e00\u6b65 \u3002\u4f7f\u7528 AI Lab -> \u6570\u636e\u96c6\u5217\u8868 \uff0c\u521b\u5efa\u4e00\u4e2a\u6570\u636e\u96c6\uff0c\u5e76\u5c06\u8fdc\u7aef Github \u7684\u4ee3\u7801\u62c9\u53d6\u5230\u6570\u636e\u96c6\u4e2d\uff0c \u8fd9\u6837\u5728\u521b\u5efa\u4efb\u52a1\u65f6\uff0c\u53ef\u4ee5\u76f4\u63a5\u9009\u62e9\u6570\u636e\u96c6\uff0c\u5c06\u4ee3\u7801\u6302\u8f7d\u5230\u4efb\u52a1\u4e2d\u3002
\u6f14\u793a\u4ee3\u7801\u4ed3\u5e93\u5730\u5740\uff1ahttps://github.com/d-run/training-sample-code/
"},{"location":"end-user/baize/jobs/tensorflow.html#_5","title":"\u8fd0\u884c\u53c2\u6570","text":"bash
python /code/tensorflow/tf-single.py
\"\"\"\n pip install tensorflow numpy\n\"\"\"\n\nimport tensorflow as tf\nimport numpy as np\n\n# \u521b\u5efa\u4e00\u4e9b\u968f\u673a\u6570\u636e\nx = np.random.rand(100, 1)\ny = 2 * x + 1 + np.random.rand(100, 1) * 0.1\n\n# \u521b\u5efa\u4e00\u4e2a\u7b80\u5355\u7684\u6a21\u578b\nmodel = tf.keras.Sequential([\n tf.keras.layers.Dense(1, input_shape=(1,))\n])\n\n# \u7f16\u8bd1\u6a21\u578b\nmodel.compile(optimizer='adam', loss='mse')\n\n# \u8bad\u7ec3\u6a21\u578b\uff0c\u5c06 epochs \u6539\u4e3a 10\nhistory = model.fit(x, y, epochs=10, verbose=1)\n\n# \u6253\u5370\u6700\u7ec8\u635f\u5931\nprint('Final loss: {' + str(history.history['loss'][-1]) +'}')\n\n# \u4f7f\u7528\u6a21\u578b\u8fdb\u884c\u9884\u6d4b\ntest_x = np.array([[0.5]])\nprediction = model.predict(test_x)\nprint(f'Prediction for x=0.5: {prediction[0][0]}')\n
"},{"location":"end-user/baize/jobs/tensorflow.html#_6","title":"\u8fd0\u884c\u7ed3\u679c","text":"\u4efb\u52a1\u63d0\u4ea4\u6210\u529f\u540e\uff0c\u53ef\u4ee5\u8fdb\u5165\u4efb\u52a1\u8be6\u60c5\u67e5\u770b\u5230\u8d44\u6e90\u7684\u4f7f\u7528\u60c5\u51b5\uff0c\u4ece\u53f3\u4e0a\u89d2\u53bb\u5f80 \u5de5\u4f5c\u8d1f\u8f7d\u8be6\u60c5 \uff0c\u53ef\u4ee5\u67e5\u770b\u8bad\u7ec3\u8fc7\u7a0b\u4e2d\u7684\u65e5\u5fd7\u8f93\u51fa\u3002
"},{"location":"end-user/baize/jobs/tensorflow.html#tfjob_1","title":"TFJob \u5206\u5e03\u5f0f\u4efb\u52a1","text":"Tensorflow \u5206\u5e03\u5f0f
\uff0c\u70b9\u51fb \u4e0b\u4e00\u6b65 \u3002\u672c\u6b21\u5305\u542b\u4e86\u4e09\u79cd\u89d2\u8272\uff1aChief
\u3001Worker
\u548c Parameter Server (PS)
\u3002
\u4e3a\u4e0d\u540c\u7684\u89d2\u8272\u5206\u914d\u4e86\u4e0d\u540c\u7684\u8d44\u6e90\u3002Chief
\u548c Worker
\u4f7f\u7528 GPU\uff0c\u800c PS
\u4f7f\u7528 CPU \u548c\u8f83\u5927\u7684\u5185\u5b58\u3002
bash
python /code/tensorflow/tensorflow-distributed.py
import os\nimport json\nimport tensorflow as tf\n\nclass SimpleModel(tf.keras.Model):\n def __init__(self):\n super(SimpleModel, self).__init__()\n self.fc = tf.keras.layers.Dense(1, input_shape=(10,))\n\n def call(self, x):\n return self.fc(x)\n\ndef train():\n # \u6253\u5370\u73af\u5883\u4fe1\u606f\n print(f\"TensorFlow version: {tf.__version__}\")\n print(f\"GPU available: {tf.test.is_gpu_available()}\")\n if tf.test.is_gpu_available():\n print(f\"GPU device count: {len(tf.config.list_physical_devices('GPU'))}\")\n\n # \u83b7\u53d6\u5206\u5e03\u5f0f\u8bad\u7ec3\u4fe1\u606f\n tf_config = json.loads(os.environ.get('TF_CONFIG') or '{}')\n task_type = tf_config.get('task', {}).get('type')\n task_id = tf_config.get('task', {}).get('index')\n\n print(f\"Task type: {task_type}, Task ID: {task_id}\")\n\n # \u8bbe\u7f6e\u5206\u5e03\u5f0f\u7b56\u7565\n strategy = tf.distribute.experimental.MultiWorkerMirroredStrategy()\n\n with strategy.scope():\n model = SimpleModel()\n loss_fn = tf.keras.losses.MeanSquaredError()\n optimizer = tf.keras.optimizers.SGD(learning_rate=0.001)\n\n # \u751f\u6210\u4e00\u4e9b\u968f\u673a\u6570\u636e\n data = tf.random.normal((100, 10))\n labels = tf.random.normal((100, 1))\n\n @tf.function\n def train_step(inputs, labels):\n with tf.GradientTape() as tape:\n predictions = model(inputs)\n loss = loss_fn(labels, predictions)\n gradients = tape.gradient(loss, model.trainable_variables)\n optimizer.apply_gradients(zip(gradients, model.trainable_variables))\n return loss\n\n for epoch in range(10):\n loss = train_step(data, labels)\n if task_type == 'chief':\n print(f'Epoch {epoch}, Loss: {loss.numpy():.4f}')\n\nif __name__ == '__main__':\n train()\n
"},{"location":"end-user/baize/jobs/tensorflow.html#_9","title":"\u8fd0\u884c\u7ed3\u679c","text":"\u540c\u6837\uff0c\u6211\u4eec\u53ef\u4ee5\u8fdb\u5165\u4efb\u52a1\u8be6\u60c5\uff0c\u67e5\u770b\u8d44\u6e90\u7684\u4f7f\u7528\u60c5\u51b5\uff0c\u4ee5\u53ca\u6bcf\u4e2a Pod \u7684\u65e5\u5fd7\u8f93\u51fa\u3002
"},{"location":"end-user/baize/jobs/view.html","title":"\u67e5\u770b\u4efb\u52a1\uff08Job\uff09\u5de5\u4f5c\u8d1f\u8f7d","text":"\u4efb\u52a1\u521b\u5efa\u597d\u540e\uff0c\u90fd\u4f1a\u663e\u793a\u5728\u8bad\u7ec3\u4efb\u52a1\u5217\u8868\u4e2d\u3002
\u5728\u8bad\u7ec3\u8bad\u7ec3\u4efb\u52a1\u5217\u8868\u4e2d\uff0c\u70b9\u51fb\u67d0\u4e2a\u4efb\u52a1\u53f3\u4fa7\u7684 \u2507 -> \u4efb\u52a1\u8d1f\u8f7d\u8be6\u60c5 \u3002
\u51fa\u73b0\u4e00\u4e2a\u5f39\u7a97\u9009\u62e9\u8981\u67e5\u770b\u54ea\u4e2a Pod \u540e\uff0c\u70b9\u51fb \u8fdb\u5165 \u3002
\u8df3\u8f6c\u5230\u5bb9\u5668\u7ba1\u7406\u754c\u9762\uff0c\u53ef\u4ee5\u67e5\u770b\u5bb9\u5668\u7684\u5de5\u4f5c\u72b6\u6001\u3001\u6807\u7b7e\u4e0e\u6ce8\u89e3\u4ee5\u53ca\u53d1\u751f\u7684\u4e8b\u4ef6\u3002
\u4f60\u8fd8\u53ef\u4ee5\u67e5\u770b\u5f53\u524d Pod \u6700\u8fd1\u4e00\u6bb5\u65f6\u95f4\u7684\u8be6\u7ec6\u65e5\u5fd7\u3002 \u6b64\u5904\u9ed8\u8ba4\u5c55\u793a 100 \u884c\u65e5\u5fd7\uff0c\u5982\u679c\u8981\u67e5\u770b\u66f4\u8be6\u7ec6\u7684\u65e5\u5fd7\u6d3b\u4e0b\u8f7d\u65e5\u5fd7\uff0c\u8bf7\u70b9\u51fb\u9876\u90e8\u7684\u84dd\u8272 \u53ef\u89c2\u6d4b\u6027 \u6587\u5b57\u3002
\u5f53\u7136\u4f60\u8fd8\u53ef\u4ee5\u901a\u8fc7\u53f3\u4e0a\u89d2\u7684 ... \uff0c\u67e5\u770b\u5f53\u524d Pod \u7684 YAML\u3001\u4e0a\u4f20\u548c\u4e0b\u8f7d\u6587\u4ef6\u3002 \u4ee5\u4e0b\u662f\u4e00\u4e2a Pod \u7684 YAML \u793a\u4f8b\u3002
kind: Pod\napiVersion: v1\nmetadata:\n name: neko-tensorboard-job-test-202404181843-skxivllb-worker-0\n namespace: default\n uid: ddedb6ff-c278-47eb-ae1e-0de9b7c62f8c\n resourceVersion: '41092552'\n creationTimestamp: '2024-04-18T10:43:36Z'\n labels:\n training.kubeflow.org/job-name: neko-tensorboard-job-test-202404181843-skxivllb\n training.kubeflow.org/operator-name: pytorchjob-controller\n training.kubeflow.org/replica-index: '0'\n training.kubeflow.org/replica-type: worker\n annotations:\n cni.projectcalico.org/containerID: 0cfbb9af257d5e69027c603c6cb2d3890a17c4ae1a145748d5aef73a10d7fbe1\n cni.projectcalico.org/podIP: ''\n cni.projectcalico.org/podIPs: ''\n hami.io/bind-phase: success\n hami.io/bind-time: '1713437016'\n hami.io/vgpu-devices-allocated: GPU-29d5fa0d-935b-2966-aff8-483a174d61d1,NVIDIA,1024,20:;\n hami.io/vgpu-devices-to-allocate: ;\n hami.io/vgpu-node: worker-a800-1\n hami.io/vgpu-time: '1713437016'\n k8s.v1.cni.cncf.io/network-status: |-\n [{\n \"name\": \"kube-system/calico\",\n \"ips\": [\n \"10.233.97.184\"\n ],\n \"default\": true,\n \"dns\": {}\n }]\n k8s.v1.cni.cncf.io/networks-status: |-\n [{\n \"name\": \"kube-system/calico\",\n \"ips\": [\n \"10.233.97.184\"\n ],\n \"default\": true,\n \"dns\": {}\n }]\n ownerReferences:\n - apiVersion: kubeflow.org/v1\n kind: PyTorchJob\n name: neko-tensorboard-job-test-202404181843-skxivllb\n uid: e5a8b05d-1f03-4717-8e1c-4ec928014b7b\n controller: true\n blockOwnerDeletion: true\nspec:\n volumes:\n - name: 0-dataset-pytorch-examples\n persistentVolumeClaim:\n claimName: pytorch-examples\n - name: kube-api-access-wh9rh\n projected:\n sources:\n - serviceAccountToken:\n expirationSeconds: 3607\n path: token\n - configMap:\n name: kube-root-ca.crt\n items:\n - key: ca.crt\n path: ca.crt\n - downwardAPI:\n items:\n - path: namespace\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n defaultMode: 420\n containers:\n - name: pytorch\n image: m.daocloud.io/docker.io/pytorch/pytorch\n command:\n - bash\n args:\n - '-c'\n - >-\n ls -la /root && which pip && pip install pytorch_lightning tensorboard\n && python /root/Git/pytorch/examples/mnist/main.py\n ports:\n - name: pytorchjob-port\n containerPort: 23456\n protocol: TCP\n env:\n - name: PYTHONUNBUFFERED\n value: '1'\n - name: PET_NNODES\n value: '1'\n resources:\n limits:\n cpu: '4'\n memory: 8Gi\n nvidia.com/gpucores: '20'\n nvidia.com/gpumem: '1024'\n nvidia.com/vgpu: '1'\n requests:\n cpu: '4'\n memory: 8Gi\n nvidia.com/gpucores: '20'\n nvidia.com/gpumem: '1024'\n nvidia.com/vgpu: '1'\n volumeMounts:\n - name: 0-dataset-pytorch-examples\n mountPath: /root/Git/pytorch/examples\n - name: kube-api-access-wh9rh\n readOnly: true\n mountPath: /var/run/secrets/kubernetes.io/serviceaccount\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: Always\n restartPolicy: Never\n terminationGracePeriodSeconds: 30\n dnsPolicy: ClusterFirst\n serviceAccountName: default\n serviceAccount: default\n nodeName: worker-a800-1\n securityContext: {}\n affinity: {}\n schedulerName: hami-scheduler\n tolerations:\n - key: node.kubernetes.io/not-ready\n operator: Exists\n effect: NoExecute\n tolerationSeconds: 300\n - key: node.kubernetes.io/unreachable\n operator: Exists\n effect: NoExecute\n tolerationSeconds: 300\n priorityClassName: baize-high-priority\n priority: 100000\n enableServiceLinks: true\n preemptionPolicy: PreemptLowerPriority\nstatus:\n phase: Succeeded\n conditions:\n - type: Initialized\n status: 'True'\n lastProbeTime: null\n lastTransitionTime: '2024-04-18T10:43:36Z'\n reason: PodCompleted\n - type: Ready\n status: 'False'\n lastProbeTime: null\n lastTransitionTime: '2024-04-18T10:46:34Z'\n reason: PodCompleted\n - type: ContainersReady\n status: 'False'\n lastProbeTime: null\n lastTransitionTime: '2024-04-18T10:46:34Z'\n reason: PodCompleted\n - type: PodScheduled\n status: 'True'\n lastProbeTime: null\n lastTransitionTime: '2024-04-18T10:43:36Z'\n hostIP: 10.20.100.211\n podIP: 10.233.97.184\n podIPs:\n - ip: 10.233.97.184\n startTime: '2024-04-18T10:43:36Z'\n containerStatuses:\n - name: pytorch\n state:\n terminated:\n exitCode: 0\n reason: Completed\n startedAt: '2024-04-18T10:43:39Z'\n finishedAt: '2024-04-18T10:46:34Z'\n containerID: >-\n containerd://09010214bcf3315e81d38fba50de3943c9d2b48f50a6cc2e83f8ef0e5c6eeec1\n lastState: {}\n ready: false\n restartCount: 0\n image: m.daocloud.io/docker.io/pytorch/pytorch:latest\n imageID: >-\n m.daocloud.io/docker.io/pytorch/pytorch@sha256:11691e035a3651d25a87116b4f6adc113a27a29d8f5a6a583f8569e0ee5ff897\n containerID: >-\n containerd://09010214bcf3315e81d38fba50de3943c9d2b48f50a6cc2e83f8ef0e5c6eeec1\n started: false\n qosClass: Guaranteed\n
"},{"location":"end-user/ghippo/personal-center/accesstoken.html","title":"\u8bbf\u95ee\u5bc6\u94a5","text":"\u8bbf\u95ee\u5bc6\u94a5\uff08Access Key\uff09\u53ef\u7528\u4e8e\u8bbf\u95ee\u5f00\u653e API \u548c\u6301\u7eed\u53d1\u5e03\uff0c\u7528\u6237\u53ef\u5728\u4e2a\u4eba\u4e2d\u5fc3\u53c2\u7167\u4ee5\u4e0b\u6b65\u9aa4\u83b7\u53d6\u5bc6\u94a5\u5e76\u8bbf\u95ee API\u3002
"},{"location":"end-user/ghippo/personal-center/accesstoken.html#_2","title":"\u83b7\u53d6\u5bc6\u94a5","text":"\u767b\u5f55 AI \u7b97\u529b\u5e73\u53f0\uff0c\u5728\u53f3\u4e0a\u89d2\u7684\u4e0b\u62c9\u83dc\u5355\u4e2d\u627e\u5230 \u4e2a\u4eba\u4e2d\u5fc3 \uff0c\u53ef\u4ee5\u5728 \u8bbf\u95ee\u5bc6\u94a5 \u9875\u9762\u7ba1\u7406\u8d26\u53f7\u7684\u8bbf\u95ee\u5bc6\u94a5\u3002
Info
\u8bbf\u95ee\u5bc6\u94a5\u4fe1\u606f\u4ec5\u663e\u793a\u4e00\u6b21\u3002\u5982\u679c\u60a8\u5fd8\u8bb0\u4e86\u8bbf\u95ee\u5bc6\u94a5\u4fe1\u606f\uff0c\u60a8\u9700\u8981\u91cd\u65b0\u521b\u5efa\u65b0\u7684\u8bbf\u95ee\u5bc6\u94a5\u3002
"},{"location":"end-user/ghippo/personal-center/accesstoken.html#api","title":"\u4f7f\u7528\u5bc6\u94a5\u8bbf\u95ee API","text":"\u5728\u8bbf\u95ee\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0openAPI \u65f6\uff0c\u5728\u8bf7\u6c42\u4e2d\u52a0\u4e0a\u8bf7\u6c42\u5934 Authorization:Bearer ${token}
\u4ee5\u6807\u8bc6\u8bbf\u95ee\u8005\u7684\u8eab\u4efd\uff0c \u5176\u4e2d ${token}
\u662f\u4e0a\u4e00\u6b65\u4e2d\u83b7\u53d6\u5230\u7684\u5bc6\u94a5\uff0c\u5177\u4f53\u63a5\u53e3\u4fe1\u606f\u53c2\u89c1 OpenAPI \u63a5\u53e3\u6587\u6863\u3002
\u8bf7\u6c42\u793a\u4f8b
curl -X GET -H 'Authorization:Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IkRKVjlBTHRBLXZ4MmtQUC1TQnVGS0dCSWc1cnBfdkxiQVVqM2U3RVByWnMiLCJ0eXAiOiJKV1QifQ.eyJleHAiOjE2NjE0MTU5NjksImlhdCI6MTY2MDgxMTE2OSwiaXNzIjoiZ2hpcHBvLmlvIiwic3ViIjoiZjdjOGIxZjUtMTc2MS00NjYwLTg2MWQtOWI3MmI0MzJmNGViIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiYWRtaW4iLCJncm91cHMiOltdfQ.RsUcrAYkQQ7C6BxMOrdD3qbBRUt0VVxynIGeq4wyIgye6R8Ma4cjxG5CbU1WyiHKpvIKJDJbeFQHro2euQyVde3ygA672ozkwLTnx3Tu-_mB1BubvWCBsDdUjIhCQfT39rk6EQozMjb-1X1sbLwzkfzKMls-oxkjagI_RFrYlTVPwT3Oaw-qOyulRSw7Dxd7jb0vINPq84vmlQIsI3UuTZSNO5BCgHpubcWwBss-Aon_DmYA-Et_-QtmPBA3k8E2hzDSzc7eqK0I68P25r9rwQ3DeKwD1dbRyndqWORRnz8TLEXSiCFXdZT2oiMrcJtO188Ph4eLGut1-4PzKhwgrQ' https://demo-dev.daocloud.io/apis/ghippo.io/v1alpha1/users?page=1&pageSize=10 -k\n
\u8bf7\u6c42\u7ed3\u679c
{\n \"items\": [\n {\n \"id\": \"a7cfd010-ebbe-4601-987f-d098d9ef766e\",\n \"name\": \"a\",\n \"email\": \"\",\n \"description\": \"\",\n \"firstname\": \"\",\n \"lastname\": \"\",\n \"source\": \"locale\",\n \"enabled\": true,\n \"createdAt\": \"1660632794800\",\n \"updatedAt\": \"0\",\n \"lastLoginAt\": \"\"\n }\n ],\n \"pagination\": {\n \"page\": 1,\n \"pageSize\": 10,\n \"total\": 1\n }\n}\n
"},{"location":"end-user/ghippo/personal-center/language.html","title":"\u8bed\u8a00\u8bbe\u7f6e","text":"\u672c\u8282\u8bf4\u660e\u5982\u4f55\u8bbe\u7f6e\u754c\u9762\u8bed\u8a00\u3002\u76ee\u524d\u652f\u6301\u4e2d\u6587\u3001English \u4e24\u4e2a\u8bed\u8a00\u3002
\u8bed\u8a00\u8bbe\u7f6e\u662f\u5e73\u53f0\u63d0\u4f9b\u591a\u8bed\u8a00\u670d\u52a1\u7684\u5165\u53e3\uff0c\u5e73\u53f0\u9ed8\u8ba4\u663e\u793a\u4e3a\u4e2d\u6587\uff0c\u7528\u6237\u53ef\u6839\u636e\u9700\u8981\u9009\u62e9\u82f1\u8bed\u6216\u81ea\u52a8\u68c0\u6d4b\u6d4f\u89c8\u5668\u8bed\u8a00\u9996\u9009\u9879\u7684\u65b9\u5f0f\u6765\u5207\u6362\u5e73\u53f0\u8bed\u8a00\u3002 \u6bcf\u4e2a\u7528\u6237\u7684\u591a\u8bed\u8a00\u670d\u52a1\u662f\u76f8\u4e92\u72ec\u7acb\u7684\uff0c\u5207\u6362\u540e\u4e0d\u4f1a\u5f71\u54cd\u5176\u4ed6\u7528\u6237\u3002
\u5e73\u53f0\u63d0\u4f9b\u4e09\u79cd\u5207\u6362\u8bed\u8a00\u65b9\u5f0f\uff1a\u4e2d\u6587\u3001\u82f1\u8bed-English\u3001\u81ea\u52a8\u68c0\u6d4b\u60a8\u7684\u6d4f\u89c8\u5668\u8bed\u8a00\u9996\u9009\u9879\u3002
\u64cd\u4f5c\u6b65\u9aa4\u5982\u4e0b\u3002
\u4f7f\u7528\u60a8\u7684\u7528\u6237\u540d/\u5bc6\u7801\u767b\u5f55 AI \u7b97\u529b\u5e73\u53f0\u3002\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u5e95\u90e8\u7684 \u5168\u5c40\u7ba1\u7406 \u3002
\u70b9\u51fb\u53f3\u4e0a\u89d2\u7684\u7528\u6237\u540d\u4f4d\u7f6e\uff0c\u9009\u62e9 \u4e2a\u4eba\u4e2d\u5fc3 \u3002
\u70b9\u51fb \u8bed\u8a00\u8bbe\u7f6e \u9875\u7b7e\u3002
\u5207\u6362\u8bed\u8a00\u9009\u9879\u3002
\u529f\u80fd\u8bf4\u660e\uff1a\u7528\u4e8e\u586b\u5199\u90ae\u7bb1\u5730\u5740\u548c\u4fee\u6539\u767b\u5f55\u5bc6\u7801\u3002
\u5177\u4f53\u64cd\u4f5c\u6b65\u9aa4\u5982\u4e0b\uff1a
\u70b9\u51fb\u53f3\u4e0a\u89d2\u7684\u7528\u6237\u540d\u4f4d\u7f6e\uff0c\u9009\u62e9 \u4e2a\u4eba\u4e2d\u5fc3 \u3002
\u70b9\u51fb \u5b89\u5168\u8bbe\u7f6e \u9875\u7b7e\u3002\u586b\u5199\u60a8\u7684\u90ae\u7bb1\u5730\u5740\u6216\u4fee\u6539\u767b\u5f55\u5bc6\u7801\u3002
\u672c\u6587\u8bf4\u660e\u5982\u4f55\u914d\u7f6e SSH \u516c\u94a5\u3002
"},{"location":"end-user/ghippo/personal-center/ssh-key.html#1-ssh","title":"\u6b65\u9aa4 1\uff1a\u67e5\u770b\u5df2\u5b58\u5728\u7684 SSH \u5bc6\u94a5","text":"\u5728\u751f\u6210\u65b0\u7684 SSH \u5bc6\u94a5\u524d\uff0c\u8bf7\u5148\u786e\u8ba4\u662f\u5426\u9700\u8981\u4f7f\u7528\u672c\u5730\u5df2\u751f\u6210\u7684 SSH \u5bc6\u94a5\uff0cSSH \u5bc6\u94a5\u5bf9\u4e00\u822c\u5b58\u653e\u5728\u672c\u5730\u7528\u6237\u7684\u6839\u76ee\u5f55\u4e0b\u3002 Linux\u3001Mac \u8bf7\u76f4\u63a5\u4f7f\u7528\u4ee5\u4e0b\u547d\u4ee4\u67e5\u770b\u5df2\u5b58\u5728\u7684\u516c\u94a5\uff0cWindows \u7528\u6237\u5728 WSL\uff08\u9700\u8981 Windows 10 \u6216\u4ee5\u4e0a\uff09\u6216 Git Bash \u4e0b\u4f7f\u7528\u4ee5\u4e0b\u547d\u4ee4\u67e5\u770b\u5df2\u751f\u6210\u7684\u516c\u94a5\u3002
ED25519 \u7b97\u6cd5\uff1a
cat ~/.ssh/id_ed25519.pub\n
RSA \u7b97\u6cd5\uff1a
cat ~/.ssh/id_rsa.pub\n
\u5982\u679c\u8fd4\u56de\u4e00\u957f\u4e32\u4ee5 ssh-ed25519 \u6216 ssh-rsa \u5f00\u5934\u7684\u5b57\u7b26\u4e32\uff0c\u8bf4\u660e\u5df2\u5b58\u5728\u672c\u5730\u516c\u94a5\uff0c \u60a8\u53ef\u4ee5\u8df3\u8fc7\u6b65\u9aa4 2 \u751f\u6210 SSH \u5bc6\u94a5\uff0c\u76f4\u63a5\u64cd\u4f5c\u6b65\u9aa4 3\u3002
"},{"location":"end-user/ghippo/personal-center/ssh-key.html#2-ssh","title":"\u6b65\u9aa4 2\uff1a\u751f\u6210 SSH \u5bc6\u94a5","text":"\u82e5\u6b65\u9aa4 1 \u672a\u8fd4\u56de\u6307\u5b9a\u7684\u5185\u5bb9\u5b57\u7b26\u4e32\uff0c\u8868\u793a\u672c\u5730\u6682\u65e0\u53ef\u7528 SSH \u5bc6\u94a5\uff0c\u9700\u8981\u751f\u6210\u65b0\u7684 SSH \u5bc6\u94a5\uff0c\u8bf7\u6309\u5982\u4e0b\u6b65\u9aa4\u64cd\u4f5c\uff1a
\u8bbf\u95ee\u7ec8\u7aef\uff08Windows \u8bf7\u4f7f\u7528 WSL \u6216 Git Bash\uff09\uff0c \u8fd0\u884c ssh-keygen -t
\u3002
\u8f93\u5165\u5bc6\u94a5\u7b97\u6cd5\u7c7b\u578b\u548c\u53ef\u9009\u7684\u6ce8\u91ca\u3002
\u6ce8\u91ca\u4f1a\u51fa\u73b0\u5728 .pub \u6587\u4ef6\u4e2d\uff0c\u4e00\u822c\u53ef\u4f7f\u7528\u90ae\u7bb1\u4f5c\u4e3a\u6ce8\u91ca\u5185\u5bb9\u3002
\u57fa\u4e8e ED25519
\u7b97\u6cd5\uff0c\u751f\u6210\u5bc6\u94a5\u5bf9\u547d\u4ee4\u5982\u4e0b\uff1a
ssh-keygen -t ed25519 -C \"<\u6ce8\u91ca\u5185\u5bb9>\"\n
\u57fa\u4e8e RSA
\u7b97\u6cd5\uff0c\u751f\u6210\u5bc6\u94a5\u5bf9\u547d\u4ee4\u5982\u4e0b\uff1a
ssh-keygen -t rsa -C \"<\u6ce8\u91ca\u5185\u5bb9>\"\n
\u70b9\u51fb\u56de\u8f66\uff0c\u9009\u62e9 SSH \u5bc6\u94a5\u751f\u6210\u8def\u5f84\u3002
\u4ee5 ED25519 \u7b97\u6cd5\u4e3a\u4f8b\uff0c\u9ed8\u8ba4\u8def\u5f84\u5982\u4e0b\uff1a
Generating public/private ed25519 key pair.\nEnter file in which to save the key (/home/user/.ssh/id_ed25519):\n
\u5bc6\u94a5\u9ed8\u8ba4\u751f\u6210\u8def\u5f84\uff1a/home/user/.ssh/id_ed25519
\uff0c\u516c\u94a5\u4e0e\u4e4b\u5bf9\u5e94\u4e3a\uff1a/home/user/.ssh/id_ed25519.pub
\u3002
\u8bbe\u7f6e\u4e00\u4e2a\u5bc6\u94a5\u53e3\u4ee4\u3002
Enter passphrase (empty for no passphrase):\nEnter same passphrase again:\n
\u53e3\u4ee4\u9ed8\u8ba4\u4e3a\u7a7a\uff0c\u60a8\u53ef\u4ee5\u9009\u62e9\u4f7f\u7528\u53e3\u4ee4\u4fdd\u62a4\u79c1\u94a5\u6587\u4ef6\u3002 \u5982\u679c\u60a8\u4e0d\u60f3\u5728\u6bcf\u6b21\u4f7f\u7528 SSH \u534f\u8bae\u8bbf\u95ee\u4ed3\u5e93\u65f6\uff0c\u90fd\u8981\u8f93\u5165\u7528\u4e8e\u4fdd\u62a4\u79c1\u94a5\u6587\u4ef6\u7684\u53e3\u4ee4\uff0c\u53ef\u4ee5\u5728\u521b\u5efa\u5bc6\u94a5\u65f6\uff0c\u8f93\u5165\u7a7a\u53e3\u4ee4\u3002
\u70b9\u51fb\u56de\u8f66\uff0c\u5b8c\u6210\u5bc6\u94a5\u5bf9\u521b\u5efa\u3002
\u9664\u4e86\u5728\u547d\u4ee4\u884c\u6253\u5370\u51fa\u5df2\u751f\u6210\u7684\u516c\u94a5\u4fe1\u606f\u624b\u52a8\u590d\u5236\u5916\uff0c\u53ef\u4ee5\u4f7f\u7528\u547d\u4ee4\u62f7\u8d1d\u516c\u94a5\u5230\u7c98\u8d34\u677f\u4e0b\uff0c\u8bf7\u53c2\u8003\u64cd\u4f5c\u7cfb\u7edf\u4f7f\u7528\u4ee5\u4e0b\u547d\u4ee4\u8fdb\u884c\u62f7\u8d1d\u3002
Windows\uff08\u5728 WSL \u6216 Git Bash \u4e0b\uff09\uff1a
cat ~/.ssh/id_ed25519.pub | clip\n
Mac\uff1a
tr -d '\\n'< ~/.ssh/id_ed25519.pub | pbcopy\n
GNU/Linux (requires xclip):
xclip -sel clip < ~/.ssh/id_ed25519.pub\n
\u767b\u5f55\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0UI \u9875\u9762\uff0c\u5728\u9875\u9762\u53f3\u4e0a\u89d2\u9009\u62e9 \u4e2a\u4eba\u4e2d\u5fc3 -> SSH \u516c\u94a5 \u3002
\u6dfb\u52a0\u751f\u6210\u7684 SSH \u516c\u94a5\u4fe1\u606f\u3002
SSH \u516c\u94a5\u5185\u5bb9\u3002
\u516c\u94a5\u6807\u9898\uff1a\u652f\u6301\u81ea\u5b9a\u4e49\u516c\u94a5\u540d\u79f0\uff0c\u7528\u4e8e\u533a\u5206\u7ba1\u7406\u3002
\u8fc7\u671f\u65f6\u95f4\uff1a\u8bbe\u7f6e\u516c\u94a5\u8fc7\u671f\u65f6\u95f4\uff0c\u5230\u671f\u540e\u516c\u94a5\u5c06\u81ea\u52a8\u5931\u6548\uff0c\u4e0d\u53ef\u4f7f\u7528\uff1b\u5982\u679c\u4e0d\u8bbe\u7f6e\uff0c\u5219\u6c38\u4e45\u6709\u6548\u3002
\u6587\u4ef6\u5939\u5177\u6709\u6743\u9650\u6620\u5c04\u80fd\u529b\uff0c\u80fd\u591f\u5c06\u7528\u6237/\u7528\u6237\u7ec4\u5728\u672c\u6587\u4ef6\u5939\u7684\u6743\u9650\u6620\u5c04\u5230\u5176\u4e0b\u7684\u5b50\u6587\u4ef6\u5939\u3001\u5de5\u4f5c\u7a7a\u95f4\u4ee5\u53ca\u8d44\u6e90\u4e0a\u3002
\u82e5\u7528\u6237/\u7528\u6237\u7ec4\u5728\u672c\u6587\u4ef6\u5939\u662f Folder Admin \u89d2\u8272\uff0c\u6620\u5c04\u5230\u5b50\u6587\u4ef6\u5939\u4ecd\u4e3a Folder Admin \u89d2\u8272\uff0c\u6620\u5c04\u5230\u5176\u4e0b\u7684\u5de5\u4f5c\u7a7a\u95f4\u5219\u4e3a Workspace Admin\uff1b \u82e5\u5728 \u5de5\u4f5c\u7a7a\u95f4\u4e0e\u5c42\u7ea7 -> \u8d44\u6e90\u7ec4 \u4e2d\u7ed1\u5b9a\u4e86 Namespace\uff0c\u5219\u6620\u5c04\u540e\u8be5\u7528\u6237/\u7528\u6237\u7ec4\u540c\u65f6\u8fd8\u662f Namespace Admin\u3002
Note
\u6587\u4ef6\u5939\u7684\u6743\u9650\u6620\u5c04\u80fd\u529b\u4e0d\u4f1a\u4f5c\u7528\u5230\u5171\u4eab\u8d44\u6e90\u4e0a\uff0c\u56e0\u4e3a\u5171\u4eab\u662f\u5c06\u96c6\u7fa4\u7684\u4f7f\u7528\u6743\u9650\u5171\u4eab\u7ed9\u591a\u4e2a\u5de5\u4f5c\u7a7a\u95f4\uff0c\u800c\u4e0d\u662f\u5c06\u7ba1\u7406\u6743\u9650\u53d7\u8ba9\u7ed9\u5de5\u4f5c\u7a7a\u95f4\uff0c\u56e0\u6b64\u4e0d\u4f1a\u5b9e\u73b0\u6743\u9650\u7ee7\u627f\u548c\u89d2\u8272\u6620\u5c04\u3002
"},{"location":"end-user/ghippo/workspace/folder-permission.html#_2","title":"\u5e94\u7528\u573a\u666f","text":"\u6587\u4ef6\u5939\u5177\u6709\u5c42\u7ea7\u80fd\u529b\uff0c\u56e0\u6b64\u5c06\u6587\u4ef6\u5939\u5bf9\u5e94\u4e8e\u4f01\u4e1a\u4e2d\u7684\u90e8\u95e8/\u4f9b\u5e94\u5546/\u9879\u76ee\u7b49\u5c42\u7ea7\u65f6\uff0c
\u6587\u4ef6\u5939\u5177\u6709\u6743\u9650\u6620\u5c04\u80fd\u529b\uff0c\u80fd\u591f\u5c06\u7528\u6237/\u7528\u6237\u7ec4\u5728\u672c\u6587\u4ef6\u5939\u7684\u6743\u9650\u6620\u5c04\u5230\u5176\u4e0b\u7684\u5b50\u6587\u4ef6\u5939\u3001\u5de5\u4f5c\u7a7a\u95f4\u4ee5\u53ca\u8d44\u6e90\u4e0a\u3002
\u53c2\u7167\u4ee5\u4e0b\u6b65\u9aa4\u521b\u5efa\u4e00\u4e2a\u6587\u4ef6\u5939\u3002
\u4f7f\u7528 admin/folder admin \u89d2\u8272\u7684\u7528\u6237\u767b\u5f55 AI \u7b97\u529b\u5e73\u53f0\uff0c\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u5e95\u90e8\u7684 \u5168\u5c40\u7ba1\u7406 -> \u5de5\u4f5c\u7a7a\u95f4\u4e0e\u5c42\u7ea7 \u3002
\u70b9\u51fb\u53f3\u4e0a\u89d2\u7684 \u521b\u5efa\u6587\u4ef6\u5939 \u6309\u94ae\u3002
\u586b\u5199\u6587\u4ef6\u5939\u540d\u79f0\u3001\u4e0a\u4e00\u7ea7\u6587\u4ef6\u5939\u7b49\u4fe1\u606f\u540e\uff0c\u70b9\u51fb \u786e\u5b9a \uff0c\u5b8c\u6210\u521b\u5efa\u6587\u4ef6\u5939\u3002
Tip
\u521b\u5efa\u6210\u529f\u540e\u6587\u4ef6\u5939\u540d\u79f0\u5c06\u663e\u793a\u5728\u5de6\u4fa7\u7684\u6811\u72b6\u7ed3\u6784\u4e2d\uff0c\u4ee5\u4e0d\u540c\u7684\u56fe\u6807\u8868\u793a\u5de5\u4f5c\u7a7a\u95f4\u548c\u6587\u4ef6\u5939\u3002
Note
\u9009\u4e2d\u67d0\u4e00\u4e2a\u6587\u4ef6\u5939\u6216\u6587\u4ef6\u5939\uff0c\u70b9\u51fb\u53f3\u4fa7\u7684 \u2507 \u53ef\u4ee5\u8fdb\u884c\u7f16\u8f91\u6216\u5220\u9664\u3002
\u5f53\u8be5\u6587\u4ef6\u5939\u4e0b\u8d44\u6e90\u7ec4\u3001\u5171\u4eab\u8d44\u6e90\u4e2d\u5b58\u5728\u8d44\u6e90\u65f6\uff0c\u8be5\u6587\u4ef6\u5939\u65e0\u6cd5\u88ab\u5220\u9664\uff0c\u9700\u8981\u5c06\u6240\u6709\u8d44\u6e90\u89e3\u7ed1\u540e\u518d\u5220\u9664\u3002
\u5f53\u5fae\u670d\u52a1\u5f15\u64ce\u6a21\u5757\u5728\u8be5\u6587\u4ef6\u5939\u4e0b\u5b58\u5728\u63a5\u5165\u6ce8\u518c\u4e2d\u5fc3\u8d44\u6e90\u65f6\uff0c\u8be5\u6587\u4ef6\u5939\u65e0\u6cd5\u88ab\u5220\u9664\uff0c\u9700\u8981\u5c06\u6240\u6709\u63a5\u5165\u6ce8\u518c\u4e2d\u5fc3\u79fb\u9664\u540e\u518d\u5220\u9664\u6587\u4ef6\u5939\u3002
\u5171\u4eab\u8d44\u6e90\u5e76\u975e\u610f\u5473\u7740\u88ab\u5171\u4eab\u8005\u53ef\u4ee5\u65e0\u9650\u5236\u5730\u4f7f\u7528\u88ab\u5171\u4eab\u7684\u8d44\u6e90\u3002 Admin\u3001Kpanda Owner \u548c Workspace Admin \u53ef\u4ee5\u901a\u8fc7\u5171\u4eab\u8d44\u6e90\u4e2d\u7684 \u8d44\u6e90\u914d\u989d \u529f\u80fd\u9650\u5236\u67d0\u4e2a\u7528\u6237\u7684\u6700\u5927\u4f7f\u7528\u989d\u5ea6\u3002 \u82e5\u4e0d\u9650\u5236\uff0c\u5219\u8868\u793a\u53ef\u4ee5\u65e0\u9650\u5236\u4f7f\u7528\u3002
\u4e00\u4e2a\u8d44\u6e90\uff08\u96c6\u7fa4\uff09\u53ef\u4ee5\u88ab\u591a\u4e2a\u5de5\u4f5c\u7a7a\u95f4\u5171\u4eab\uff0c\u4e00\u4e2a\u5de5\u4f5c\u7a7a\u95f4\u4e5f\u53ef\u4ee5\u540c\u65f6\u4f7f\u7528\u591a\u4e2a\u5171\u4eab\u96c6\u7fa4\u4e2d\u7684\u8d44\u6e90\u3002
"},{"location":"end-user/ghippo/workspace/quota.html#_1","title":"\u8d44\u6e90\u7ec4\u548c\u5171\u4eab\u8d44\u6e90","text":"\u5171\u4eab\u8d44\u6e90\u548c\u8d44\u6e90\u7ec4\u4e2d\u7684\u96c6\u7fa4\u8d44\u6e90\u5747\u6765\u81ea\u5bb9\u5668\u7ba1\u7406\uff0c\u4f46\u662f\u96c6\u7fa4\u7ed1\u5b9a\u548c\u5171\u4eab\u7ed9\u540c\u4e00\u4e2a\u5de5\u4f5c\u7a7a\u95f4\u5c06\u4f1a\u4ea7\u751f\u4e24\u79cd\u622a\u7136\u4e0d\u540c\u7684\u6548\u679c\u3002
\u7ed1\u5b9a\u8d44\u6e90
\u4f7f\u5de5\u4f5c\u7a7a\u95f4\u4e2d\u7684\u7528\u6237/\u7528\u6237\u7ec4\u5177\u6709\u8be5\u96c6\u7fa4\u7684\u5168\u90e8\u7ba1\u7406\u548c\u4f7f\u7528\u6743\u9650\uff0cWorkspace Admin \u5c06\u88ab\u6620\u5c04\u4e3a Cluster Admin\u3002 Workspace Admin \u80fd\u591f\u8fdb\u5165\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u7ba1\u7406\u8be5\u96c6\u7fa4\u3002
Note
\u5f53\u524d\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u6682\u65e0 Cluster Editor \u548c Cluster Viewer \u89d2\u8272\uff0c\u56e0\u6b64 Workspace Editor\u3001Workspace Viewer \u8fd8\u65e0\u6cd5\u6620\u5c04\u3002
\u65b0\u589e\u5171\u4eab\u8d44\u6e90
\u4f7f\u5de5\u4f5c\u7a7a\u95f4\u4e2d\u7684\u7528\u6237/\u7528\u6237\u7ec4\u5177\u6709\u8be5\u96c6\u7fa4\u8d44\u6e90\u7684\u4f7f\u7528\u6743\u9650\uff0c\u8fd9\u4e9b\u8d44\u6e90\u53ef\u4ee5\u5728\u521b\u5efa\u547d\u540d\u7a7a\u95f4\uff08Namespace\uff09\u65f6\u4f7f\u7528\u3002
\u4e0e\u8d44\u6e90\u7ec4\u4e0d\u540c\uff0c\u5c06\u96c6\u7fa4\u5171\u4eab\u5230\u5de5\u4f5c\u7a7a\u95f4\u65f6\uff0c\u7528\u6237\u5728\u5de5\u4f5c\u7a7a\u95f4\u7684\u89d2\u8272\u4e0d\u4f1a\u6620\u5c04\u5230\u8d44\u6e90\u4e0a\uff0c\u56e0\u6b64 Workspace Admin \u4e0d\u4f1a\u88ab\u6620\u5c04\u4e3a Cluster admin\u3002
\u672c\u8282\u5c55\u793a 3 \u4e2a\u4e0e\u8d44\u6e90\u914d\u989d\u6709\u5173\u7684\u573a\u666f\u3002
"},{"location":"end-user/ghippo/workspace/quota.html#_2","title":"\u521b\u5efa\u547d\u540d\u7a7a\u95f4","text":"\u521b\u5efa\u547d\u540d\u7a7a\u95f4\u65f6\u4f1a\u6d89\u53ca\u5230\u8d44\u6e90\u914d\u989d\u3002
\u5728\u5de5\u4f5c\u7a7a\u95f4 ws01 \u65b0\u589e\u4e00\u4e2a\u5171\u4eab\u96c6\u7fa4\u3002
\u5728\u5e94\u7528\u5de5\u4f5c\u53f0\u9009\u62e9\u5de5\u4f5c\u7a7a\u95f4 ws01 \u548c\u5171\u4eab\u96c6\u7fa4\uff0c\u521b\u5efa\u547d\u540d\u7a7a\u95f4 ns01\u3002
\u524d\u63d0\uff1a\u5de5\u4f5c\u7a7a\u95f4 ws01 \u5df2\u65b0\u589e\u5171\u4eab\u96c6\u7fa4\uff0c\u64cd\u4f5c\u8005\u4e3a Workspace Admin + Kpanda Owner \u6216 Admin \u89d2\u8272\u3002
\u4ee5\u4e0b\u4e24\u79cd\u7ed1\u5b9a\u65b9\u5f0f\u7684\u6548\u679c\u76f8\u540c\u3002
\u5728\u5bb9\u5668\u7ba1\u7406\u4e2d\u5c06\u521b\u5efa\u7684\u547d\u540d\u7a7a\u95f4 ns01 \u7ed1\u5b9a\u5230 ws01
\u5728\u5168\u5c40\u7ba1\u7406\u4e2d\uff0c\u5c06\u547d\u540d\u7a7a\u95f4 ns01 \u7ed1\u5b9a\u5230 ws01
\u4ee5\u4e0b\u4e24\u79cd\u89e3\u7ed1\u65b9\u5f0f\u7684\u6548\u679c\u76f8\u540c\u3002
\u5728\u5bb9\u5668\u7ba1\u7406\u4e2d\u5c06\u547d\u540d\u7a7a\u95f4 ns01 \u4ece\u5de5\u4f5c\u7a7a\u95f4 ws01 \u89e3\u7ed1
\u5728\u5168\u5c40\u7ba1\u7406\u4e2d\u5c06\u547d\u540d\u7a7a\u95f4 ns01 \u4ece\u5de5\u4f5c\u7a7a\u95f4 ws01 \u89e3\u7ed1
\u8d44\u6e90\u7ec4\u4e0e\u5171\u4eab\u8d44\u6e90\u5747\u652f\u6301\u7ed1\u5b9a\u96c6\u7fa4\uff0c\u4f46\u4f7f\u7528\u4e0a\u5b58\u5728\u5f88\u5927\u533a\u522b\u3002
"},{"location":"end-user/ghippo/workspace/res-gp-and-shared-res.html#_2","title":"\u4f7f\u7528\u573a\u666f\u533a\u522b","text":"\u8bf4\u660e\uff1a\u5728\u8be5\u573a\u666f\u4e2d\uff0c\u9700\u8981\u5e73\u53f0\u7ba1\u7406\u5458\u5bf9\u4e8c\u7ea7\u4f9b\u5e94\u5546\u8fdb\u884c\u8d44\u6e90\u9650\u5236\uff0c\u6682\u65f6\u8fd8\u4e0d\u652f\u6301\u4e00\u7ea7\u4f9b\u5e94\u5546\u9650\u5236\u4e8c\u7ea7\u4f9b\u5e94\u5546\u7684\u96c6\u7fa4\u989d\u5ea6\u3002
"},{"location":"end-user/ghippo/workspace/res-gp-and-shared-res.html#_3","title":"\u96c6\u7fa4\u989d\u5ea6\u7684\u4f7f\u7528\u533a\u522b","text":"\u5728\u8d44\u6e90\u7ec4/\u5171\u4eab\u8d44\u6e90\u7ed1\u5b9a\u96c6\u7fa4\u540e\u90fd\u53ef\u4ee5\u524d\u5f80\u5e94\u7528\u5de5\u4f5c\u53f0\u521b\u5efa\u547d\u540d\u7a7a\u95f4\uff0c\u521b\u5efa\u540e\u547d\u540d\u7a7a\u95f4\u5c06\u81ea\u52a8\u7ed1\u5b9a\u5230\u5de5\u4f5c\u7a7a\u95f4\u3002
"},{"location":"end-user/ghippo/workspace/workspace.html","title":"\u521b\u5efa/\u5220\u9664\u5de5\u4f5c\u7a7a\u95f4","text":"\u5de5\u4f5c\u7a7a\u95f4\u662f\u4e00\u79cd\u8d44\u6e90\u8303\u7574\uff0c\u4ee3\u8868\u4e00\u79cd\u8d44\u6e90\u5c42\u7ea7\u5173\u7cfb\u3002 \u5de5\u4f5c\u7a7a\u95f4\u53ef\u4ee5\u5305\u542b\u96c6\u7fa4\u3001\u547d\u540d\u7a7a\u95f4\u3001\u6ce8\u518c\u4e2d\u5fc3\u7b49\u8d44\u6e90\u3002 \u901a\u5e38\u4e00\u4e2a\u5de5\u4f5c\u7a7a\u95f4\u5bf9\u5e94\u4e00\u4e2a\u9879\u76ee\uff0c\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u5de5\u4f5c\u7a7a\u95f4\u5206\u914d\u4e0d\u540c\u7684\u8d44\u6e90\uff0c\u6307\u6d3e\u4e0d\u540c\u7684\u7528\u6237\u548c\u7528\u6237\u7ec4\u3002
\u53c2\u7167\u4ee5\u4e0b\u6b65\u9aa4\u521b\u5efa\u4e00\u4e2a\u5de5\u4f5c\u7a7a\u95f4\u3002
\u4f7f\u7528 admin/folder admin \u89d2\u8272\u7684\u7528\u6237\u767b\u5f55 AI \u7b97\u529b\u5e73\u53f0\uff0c\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u5e95\u90e8\u7684 \u5168\u5c40\u7ba1\u7406 -> \u5de5\u4f5c\u7a7a\u95f4\u4e0e\u5c42\u7ea7 \u3002
\u70b9\u51fb\u53f3\u4e0a\u89d2\u7684 \u521b\u5efa\u5de5\u4f5c\u7a7a\u95f4 \u6309\u94ae\u3002
\u586b\u5199\u5de5\u4f5c\u7a7a\u95f4\u540d\u79f0\u3001\u6240\u5c5e\u6587\u4ef6\u5939\u7b49\u4fe1\u606f\u540e\uff0c\u70b9\u51fb \u786e\u5b9a \uff0c\u5b8c\u6210\u521b\u5efa\u5de5\u4f5c\u7a7a\u95f4\u3002
Tip
\u521b\u5efa\u6210\u529f\u540e\u5de5\u4f5c\u7a7a\u95f4\u540d\u79f0\u5c06\u663e\u793a\u5728\u5de6\u4fa7\u7684\u6811\u72b6\u7ed3\u6784\u4e2d\uff0c\u4ee5\u4e0d\u540c\u7684\u56fe\u6807\u8868\u793a\u6587\u4ef6\u5939\u548c\u5de5\u4f5c\u7a7a\u95f4\u3002
Note
\u9009\u4e2d\u67d0\u4e00\u4e2a\u5de5\u4f5c\u7a7a\u95f4\u6216\u6587\u4ef6\u5939\uff0c\u70b9\u51fb\u53f3\u4fa7\u7684 ... \u53ef\u4ee5\u8fdb\u884c\u7f16\u8f91\u6216\u5220\u9664\u3002
\u5de5\u4f5c\u7a7a\u95f4\u4e0e\u5c42\u7ea7 \u662f\u4e00\u4e2a\u5177\u6709\u5c42\u7ea7\u7684\u8d44\u6e90\u9694\u79bb\u548c\u8d44\u6e90\u5206\u7ec4\u7279\u6027\uff0c\u4e3b\u8981\u89e3\u51b3\u8d44\u6e90\u7edf\u4e00\u6388\u6743\u3001\u8d44\u6e90\u5206\u7ec4\u4ee5\u53ca\u8d44\u6e90\u9650\u989d\u95ee\u9898\u3002
\u5de5\u4f5c\u7a7a\u95f4\u4e0e\u5c42\u7ea7 \u6709\u4e24\u4e2a\u6982\u5ff5\uff1a\u5de5\u4f5c\u7a7a\u95f4\u548c\u6587\u4ef6\u5939\u3002
"},{"location":"end-user/ghippo/workspace/ws-folder.html#_2","title":"\u5de5\u4f5c\u7a7a\u95f4","text":"\u5de5\u4f5c\u7a7a\u95f4\u53ef\u901a\u8fc7 \u6388\u6743 \u3001 \u8d44\u6e90\u7ec4 \u548c \u5171\u4eab\u8d44\u6e90 \u6765\u7ba1\u7406\u8d44\u6e90\uff0c\u4f7f\u7528\u6237\uff08\u7528\u6237\u7ec4\uff09\u4e4b\u95f4\u80fd\u591f\u5171\u4eab\u5de5\u4f5c\u7a7a\u95f4\u4e2d\u7684\u8d44\u6e90\u3002
\u8d44\u6e90
\u8d44\u6e90\u5904\u4e8e\u8d44\u6e90\u7ba1\u7406\u6a21\u5757\u5c42\u7ea7\u7ed3\u6784\u7684\u6700\u4f4e\u5c42\u7ea7\uff0c\u8d44\u6e90\u5305\u62ec Cluster\u3001Namespace\u3001Pipeline\u3001\u7f51\u5173\u7b49\u3002 \u6240\u6709\u8fd9\u4e9b\u8d44\u6e90\u7684\u7236\u7ea7\u53ea\u80fd\u662f\u5de5\u4f5c\u7a7a\u95f4\uff0c\u800c\u5de5\u4f5c\u7a7a\u95f4\u4f5c\u4e3a\u8d44\u6e90\u5bb9\u5668\u662f\u4e00\u79cd\u8d44\u6e90\u5206\u7ec4\u5355\u4f4d\u3002
\u5de5\u4f5c\u7a7a\u95f4
\u5de5\u4f5c\u7a7a\u95f4\u901a\u5e38\u4ee3\u6307\u4e00\u4e2a\u9879\u76ee\u6216\u73af\u5883\uff0c\u6bcf\u4e2a\u5de5\u4f5c\u7a7a\u95f4\u7684\u8d44\u6e90\u76f8\u5bf9\u4e8e\u5176\u4ed6\u5de5\u4f5c\u7a7a\u95f4\u4e2d\u7684\u8d44\u6e90\u65f6\u903b\u8f91\u9694\u79bb\u7684\u3002 \u60a8\u53ef\u4ee5\u901a\u8fc7\u5de5\u4f5c\u7a7a\u95f4\u4e2d\u7684\u6388\u6743\uff0c\u6388\u4e88\u7528\u6237\uff08\u7528\u6237\u7ec4\uff09\u540c\u4e00\u7ec4\u8d44\u6e90\u7684\u4e0d\u540c\u8bbf\u95ee\u6743\u9650\u3002
\u4ece\u5c42\u6b21\u7ed3\u6784\u7684\u5e95\u5c42\u7b97\u8d77\uff0c\u5de5\u4f5c\u7a7a\u95f4\u4f4d\u4e8e\u7b2c\u4e00\u5c42\uff0c\u4e14\u5305\u542b\u8d44\u6e90\u3002 \u9664\u5171\u4eab\u8d44\u6e90\u5916\uff0c\u6240\u6709\u8d44\u6e90\u6709\u4e14\u4ec5\u6709\u4e00\u4e2a\u7236\u9879\u3002\u6240\u6709\u5de5\u4f5c\u7a7a\u95f4\u4e5f\u6709\u4e14\u4ec5\u6709\u4e00\u4e2a\u7236\u7ea7\u6587\u4ef6\u5939\u3002
\u8d44\u6e90\u901a\u8fc7\u5de5\u4f5c\u7a7a\u95f4\u8fdb\u884c\u5206\u7ec4\uff0c\u800c\u5de5\u4f5c\u7a7a\u95f4\u4e2d\u5b58\u5728\u4e24\u79cd\u5206\u7ec4\u6a21\u5f0f\uff0c\u5206\u522b\u662f \u8d44\u6e90\u7ec4 \u548c \u5171\u4eab\u8d44\u6e90 \u3002
\u8d44\u6e90\u7ec4
\u4e00\u4e2a\u8d44\u6e90\u53ea\u80fd\u52a0\u5165\u4e00\u4e2a\u8d44\u6e90\u7ec4\uff0c\u8d44\u6e90\u7ec4\u4e0e\u5de5\u4f5c\u7a7a\u95f4\u4e00\u4e00\u5bf9\u5e94\u3002 \u8d44\u6e90\u88ab\u52a0\u5165\u5230\u8d44\u6e90\u7ec4\u540e\uff0cWorkspace Admin \u5c06\u83b7\u5f97\u8d44\u6e90\u7684\u7ba1\u7406\u6743\u9650\uff0c\u76f8\u5f53\u4e8e\u8be5\u8d44\u6e90\u7684\u6240\u6709\u8005\u3002
\u5171\u4eab\u8d44\u6e90
\u800c\u5bf9\u4e8e\u5171\u4eab\u8d44\u6e90\u6765\u8bf4\uff0c\u591a\u4e2a\u5de5\u4f5c\u7a7a\u95f4\u53ef\u4ee5\u5171\u4eab\u540c\u4e00\u4e2a\u6216\u8005\u591a\u4e2a\u8d44\u6e90\u3002 \u8d44\u6e90\u7684\u6240\u6709\u8005\uff0c\u53ef\u4ee5\u9009\u62e9\u5c06\u81ea\u5df1\u62e5\u6709\u7684\u8d44\u6e90\u5171\u4eab\u7ed9\u5de5\u4f5c\u7a7a\u95f4\u4f7f\u7528\uff0c\u4e00\u822c\u5171\u4eab\u65f6\u8d44\u6e90\u6240\u6709\u8005\u4f1a\u9650\u5236\u88ab\u5171\u4eab\u5de5\u4f5c\u7a7a\u95f4\u80fd\u591f\u4f7f\u7528\u7684\u8d44\u6e90\u989d\u5ea6\u3002 \u8d44\u6e90\u88ab\u5171\u4eab\u540e\uff0cWorkspace Admin \u4ec5\u5177\u6709\u8d44\u6e90\u9650\u989d\u4e0b\u7684\u8d44\u6e90\u4f7f\u7528\u6743\u9650\uff0c\u65e0\u6cd5\u7ba1\u7406\u8d44\u6e90\u6216\u8005\u8c03\u6574\u5de5\u4f5c\u7a7a\u95f4\u80fd\u591f\u4f7f\u7528\u7684\u8d44\u6e90\u91cf\u3002
\u540c\u65f6\u5171\u4eab\u8d44\u6e90\u5bf9\u4e8e\u8d44\u6e90\u672c\u8eab\u4e5f\u5177\u6709\u4e00\u5b9a\u7684\u8981\u6c42\uff0c\u53ea\u6709 Cluster\uff08\u96c6\u7fa4\uff09\u8d44\u6e90\u53ef\u4ee5\u88ab\u5171\u4eab\u3002 Cluster Admin \u80fd\u591f\u5c06 Cluster \u8d44\u6e90\u5206\u4eab\u7ed9\u4e0d\u540c\u7684\u5de5\u4f5c\u7a7a\u95f4\u4f7f\u7528\uff0c\u5e76\u4e14\u9650\u5236\u5de5\u4f5c\u7a7a\u95f4\u5728\u6b64 Cluster \u4e0a\u7684\u4f7f\u7528\u989d\u5ea6\u3002
Workspace Admin \u5728\u8d44\u6e90\u9650\u989d\u5185\u80fd\u591f\u521b\u5efa\u591a\u4e2a Namespace\uff0c\u4f46\u662f Namespace \u7684\u8d44\u6e90\u989d\u5ea6\u603b\u548c\u4e0d\u80fd\u8d85\u8fc7 Cluster \u5728\u8be5\u5de5\u4f5c\u7a7a\u95f4\u7684\u8d44\u6e90\u9650\u989d\u3002 \u5bf9\u4e8e Kubernetes \u8d44\u6e90\uff0c\u5f53\u524d\u80fd\u591f\u5206\u4eab\u7684\u8d44\u6e90\u7c7b\u578b\u4ec5\u6709 Cluster\u3002
\u6587\u4ef6\u5939\u53ef\u7528\u4e8e\u6784\u5efa\u4f01\u4e1a\u4e1a\u52a1\u5c42\u7ea7\u5173\u7cfb\u3002
\u6587\u4ef6\u5939\u662f\u5728\u5de5\u4f5c\u7a7a\u95f4\u57fa\u7840\u4e4b\u4e0a\u7684\u8fdb\u4e00\u6b65\u5206\u7ec4\u673a\u5236\uff0c\u5177\u6709\u5c42\u7ea7\u7ed3\u6784\u3002 \u4e00\u4e2a\u6587\u4ef6\u5939\u53ef\u4ee5\u5305\u542b\u5de5\u4f5c\u7a7a\u95f4\u3001\u5176\u4ed6\u6587\u4ef6\u5939\u6216\u4e24\u8005\u7684\u7ec4\u5408\uff0c\u80fd\u591f\u5f62\u6210\u6811\u72b6\u7684\u7ec4\u7ec7\u5173\u7cfb\u3002
\u501f\u52a9\u6587\u4ef6\u5939\u60a8\u53ef\u4ee5\u6620\u5c04\u4f01\u4e1a\u4e1a\u52a1\u5c42\u7ea7\u5173\u7cfb\uff0c\u6309\u7167\u90e8\u95e8\u5bf9\u5de5\u4f5c\u7a7a\u95f4\u8fdb\u884c\u5206\u7ec4\u3002 \u6587\u4ef6\u5939\u4e0d\u76f4\u63a5\u4e0e\u8d44\u6e90\u6302\u94a9\uff0c\u800c\u662f\u901a\u8fc7\u5de5\u4f5c\u7a7a\u95f4\u95f4\u63a5\u5b9e\u73b0\u8d44\u6e90\u5206\u7ec4\u3002
\u6587\u4ef6\u5939\u6709\u4e14\u4ec5\u6709\u4e00\u4e2a\u7236\u7ea7\u6587\u4ef6\u5939\uff0c\u800c\u6839\u6587\u4ef6\u5939\u662f\u5c42\u6b21\u7ed3\u6784\u7684\u6700\u9ad8\u5c42\u7ea7\u3002 \u6839\u6587\u4ef6\u5939\u6ca1\u6709\u7236\u7ea7\uff0c\u6587\u4ef6\u5939\u548c\u5de5\u4f5c\u7a7a\u95f4\u5747\u6302\u9760\u5230\u6839\u6587\u4ef6\u5939\u4e0b\u3002
\u53e6\u5916\uff0c\u7528\u6237\uff08\u7528\u6237\u7ec4\uff09\u5728\u6587\u4ef6\u5939\u4e2d\u80fd\u591f\u901a\u8fc7\u5c42\u7ea7\u7ed3\u6784\u7ee7\u627f\u6765\u81ea\u7236\u9879\u7684\u6743\u9650\u3002 \u7528\u6237\u5728\u5c42\u6b21\u7ed3\u6784\u4e2d\u7684\u6743\u9650\u6765\u81ea\u5f53\u524d\u5c42\u7ea7\u7684\u6743\u9650\u4ee5\u53ca\u7ee7\u627f\u5176\u7236\u9879\u6743\u9650\u7684\u7ec4\u5408\u7ed3\u679c\uff0c\u6743\u9650\u4e4b\u95f4\u662f\u52a0\u5408\u5173\u7cfb\u4e0d\u5b58\u5728\u4e92\u65a5\u3002
"},{"location":"end-user/ghippo/workspace/ws-permission.html","title":"\u5de5\u4f5c\u7a7a\u95f4\u6743\u9650\u8bf4\u660e","text":"\u5de5\u4f5c\u7a7a\u95f4\u5177\u6709\u6743\u9650\u6620\u5c04\u548c\u8d44\u6e90\u9694\u79bb\u80fd\u529b\uff0c\u80fd\u591f\u5c06\u7528\u6237/\u7528\u6237\u7ec4\u5728\u5de5\u4f5c\u7a7a\u95f4\u7684\u6743\u9650\u6620\u5c04\u5230\u5176\u4e0b\u7684\u8d44\u6e90\u4e0a\u3002 \u82e5\u7528\u6237/\u7528\u6237\u7ec4\u5728\u5de5\u4f5c\u7a7a\u95f4\u662f Workspace Admin \u89d2\u8272\uff0c\u540c\u65f6\u5de5\u4f5c\u7a7a\u95f4-\u8d44\u6e90\u7ec4\u4e2d\u7ed1\u5b9a\u4e86\u8d44\u6e90 Namespace\uff0c\u5219\u6620\u5c04\u540e\u8be5\u7528\u6237/\u7528\u6237\u7ec4\u5c06\u6210\u4e3a Namespace Admin\u3002
Note
\u5de5\u4f5c\u7a7a\u95f4\u7684\u6743\u9650\u6620\u5c04\u80fd\u529b\u4e0d\u4f1a\u4f5c\u7528\u5230\u5171\u4eab\u8d44\u6e90\u4e0a\uff0c\u56e0\u4e3a\u5171\u4eab\u662f\u5c06\u96c6\u7fa4\u7684\u4f7f\u7528\u6743\u9650\u5171\u4eab\u7ed9\u591a\u4e2a\u5de5\u4f5c\u7a7a\u95f4\uff0c\u800c\u4e0d\u662f\u5c06\u7ba1\u7406\u6743\u9650\u53d7\u8ba9\u7ed9\u5de5\u4f5c\u7a7a\u95f4\uff0c\u56e0\u6b64\u4e0d\u4f1a\u5b9e\u73b0\u6743\u9650\u7ee7\u627f\u548c\u89d2\u8272\u6620\u5c04\u3002
"},{"location":"end-user/ghippo/workspace/ws-permission.html#_2","title":"\u5e94\u7528\u573a\u666f","text":"\u901a\u8fc7\u5c06\u8d44\u6e90\u7ed1\u5b9a\u5230\u4e0d\u540c\u7684\u5de5\u4f5c\u7a7a\u95f4\u80fd\u591f\u5b9e\u73b0\u8d44\u6e90\u9694\u79bb\u3002 \u56e0\u6b64\u501f\u52a9\u6743\u9650\u6620\u5c04\u3001\u8d44\u6e90\u9694\u79bb\u548c\u5171\u4eab\u8d44\u6e90\u80fd\u529b\u80fd\u591f\u5c06\u8d44\u6e90\u7075\u6d3b\u5206\u914d\u7ed9\u5404\u4e2a\u5de5\u4f5c\u7a7a\u95f4\uff08\u79df\u6237\uff09\u3002
\u901a\u5e38\u9002\u7528\u4e8e\u4ee5\u4e0b\u4e24\u4e2a\u573a\u666f\uff1a
\u96c6\u7fa4\u4e00\u5bf9\u4e00
\u666e\u901a\u96c6\u7fa4 \u90e8\u95e8/\u79df\u6237\uff08\u5de5\u4f5c\u7a7a\u95f4\uff09 \u7528\u9014 \u96c6\u7fa4 01 A \u7ba1\u7406\u548c\u4f7f\u7528 \u96c6\u7fa4 02 B \u7ba1\u7406\u548c\u4f7f\u7528\u96c6\u7fa4\u4e00\u5bf9\u591a
\u96c6\u7fa4 \u90e8\u95e8/\u79df\u6237\uff08\u5de5\u4f5c\u7a7a\u95f4\uff09 \u8d44\u6e90\u9650\u989d \u96c6\u7fa4 01 A 100 \u6838 CPU B 50 \u6838 CPU\u6388\u6743\u7528\u6237\u53ef\u524d\u5f80\u5e94\u7528\u5de5\u4f5c\u53f0\u3001\u5fae\u670d\u52a1\u5f15\u64ce\u3001\u4e2d\u95f4\u4ef6\u3001\u591a\u4e91\u7f16\u6392\u3001\u670d\u52a1\u7f51\u683c\u7b49\u6a21\u5757\u4f7f\u7528\u5de5\u4f5c\u7a7a\u95f4\u4e2d\u7684\u8d44\u6e90\u3002 \u6709\u5173 Workspace Admin\u3001Workspace Editor\u3001Workspace Viewer \u89d2\u8272\u5728\u5404\u4ea7\u54c1\u6a21\u5757\u7684\u64cd\u4f5c\u8303\u56f4\uff0c\u8bf7\u67e5\u9605\u5404\u6a21\u5757\u7684\u6743\u9650\u8bf4\u660e\uff1a
\u21a9
\u5047\u5982\u7528\u6237\u5c0f\u660e\uff08\u201c\u5c0f\u660e\u201d\u4ee3\u8868\u4efb\u4f55\u6709\u8d44\u6e90\u7ed1\u5b9a\u9700\u6c42\u7684\u7528\u6237\uff09\u5df2\u7ecf\u5177\u5907\u4e86 Workspace Admin \u89d2\u8272\u6216\u5df2\u901a\u8fc7\u81ea\u5b9a\u4e49\u89d2\u8272\u6388\u6743\uff0c \u540c\u65f6\u81ea\u5b9a\u4e49\u89d2\u8272\u4e2d\u5305\u542b\u5de5\u4f5c\u7a7a\u95f4\u7684\u201c\u8d44\u6e90\u7ed1\u5b9a\u201d\u6743\u9650\uff0c\u5e0c\u671b\u5c06\u67d0\u4e2a\u96c6\u7fa4\u6216\u8005\u67d0\u4e2a\u547d\u540d\u7a7a\u95f4\u7ed1\u5b9a\u5230\u5176\u6240\u5728\u7684\u5de5\u4f5c\u7a7a\u95f4\u4e2d\u3002
\u8981\u5c06\u96c6\u7fa4/\u547d\u540d\u7a7a\u95f4\u8d44\u6e90\u7ed1\u5b9a\u5230\u5de5\u4f5c\u7a7a\u95f4\uff0c\u4e0d\u4ec5\u9700\u8981\u8be5\u5de5\u4f5c\u7a7a\u95f4\u7684\u201c\u8d44\u6e90\u7ed1\u5b9a\u201d\u6743\u9650\uff0c\u8fd8\u9700\u8981 Cluster Admin \u7684\u8d44\u6e90\u6743\u9650\u3002
"},{"location":"end-user/ghippo/workspace/wsbind-permission.html#_2","title":"\u7ed9\u5c0f\u660e\u6388\u6743","text":"\u4f7f\u7528\u5e73\u53f0 Admin \u89d2\u8272\uff0c \u5728 \u5de5\u4f5c\u7a7a\u95f4 -> \u6388\u6743 \u9875\u9762\u7ed9\u5c0f\u660e\u6388\u4e88 Workspace Admin \u89d2\u8272\u3002
\u7136\u540e\u5728 \u5bb9\u5668\u7ba1\u7406 -> \u6743\u9650\u7ba1\u7406 \u9875\u9762\uff0c\u901a\u8fc7 \u6dfb\u52a0\u6388\u6743 \u5c06\u5c0f\u660e\u6388\u6743\u4e3a Cluster Admin\u3002
\u4f7f\u7528\u5c0f\u660e\u7684\u8d26\u53f7\u767b\u5f55 AI \u7b97\u529b\u5e73\u53f0\uff0c\u5728 \u5bb9\u5668\u7ba1\u7406 -> \u96c6\u7fa4\u5217\u8868 \u9875\u9762\uff0c\u901a\u8fc7 \u7ed1\u5b9a\u5de5\u4f5c\u7a7a\u95f4 \u529f\u80fd\uff0c \u5c0f\u660e\u53ef\u4ee5\u5c06\u6307\u5b9a\u96c6\u7fa4\u7ed1\u5b9a\u5230\u81ea\u5df1\u7684\u5de5\u4f5c\u7a7a\u95f4\u4e2d\u3002
Note
\u5c0f\u660e\u80fd\u4e14\u53ea\u80fd\u5728\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u5c06\u96c6\u7fa4\u6216\u8005\u8be5\u96c6\u7fa4\u4e0b\u7684\u547d\u540d\u7a7a\u95f4\u7ed1\u5b9a\u5230\u67d0\u4e2a\u5de5\u4f5c\u7a7a\u95f4\uff0c\u65e0\u6cd5\u5728\u5168\u5c40\u7ba1\u7406\u6a21\u5757\u5b8c\u6210\u6b64\u64cd\u4f5c\u3002
\u7ed1\u5b9a\u547d\u540d\u7a7a\u95f4\u5230\u5de5\u4f5c\u7a7a\u95f4\u4e5f\u81f3\u5c11\u9700\u8981 Workspace Admin + Cluster Admin \u6743\u9650\u3002
"},{"location":"end-user/host/createhost.html","title":"\u521b\u5efa\u548c\u542f\u52a8\u4e91\u4e3b\u673a","text":"\u7528\u6237\u5b8c\u6210\u6ce8\u518c\uff0c\u4e3a\u5176\u5206\u914d\u4e86\u5de5\u4f5c\u7a7a\u95f4\u3001\u547d\u540d\u7a7a\u95f4\u548c\u8d44\u6e90\u540e\uff0c\u5373\u53ef\u4ee5\u521b\u5efa\u5e76\u542f\u52a8\u4e91\u4e3b\u673a\u3002
"},{"location":"end-user/host/createhost.html#_2","title":"\u524d\u7f6e\u6761\u4ef6","text":"\u70b9\u51fb \u521b\u5efa\u4e91\u4e3b\u673a -> \u901a\u8fc7\u6a21\u677f\u521b\u5efa
\u5b9a\u4e49\u7684\u4e91\u4e3b\u673a\u5404\u9879\u914d\u7f6e\u540e\u70b9\u51fb \u4e0b\u4e00\u6b65
\u57fa\u672c\u914d\u7f6e\u6a21\u677f\u914d\u7f6e\u5b58\u50a8\u4e0e\u7f51\u7edc\u914d\u7f6e root \u5bc6\u7801\u6216 ssh \u5bc6\u94a5\u540e\u70b9\u51fb \u786e\u5b9a
\u8fd4\u56de\u4e3b\u673a\u5217\u8868\uff0c\u7b49\u5f85\u72b6\u6001\u53d8\u4e3a \u8fd0\u884c\u4e2d \u4e4b\u540e\uff0c\u53ef\u4ee5\u901a\u8fc7\u53f3\u4fa7\u7684 \u2507 \u542f\u52a8\u4e3b\u673a\u3002
\u4e0b\u4e00\u6b65\uff1a\u4f7f\u7528\u4e91\u4e3b\u673a
"},{"location":"end-user/host/usehost.html","title":"\u4f7f\u7528\u4e91\u4e3b\u673a","text":"\u521b\u5efa\u5e76\u542f\u52a8\u4e91\u4e3b\u673a\u4e4b\u540e\uff0c\u7528\u6237\u5c31\u53ef\u4ee5\u5f00\u59cb\u4f7f\u7528\u4e91\u4e3b\u673a\u3002
"},{"location":"end-user/host/usehost.html#_2","title":"\u524d\u7f6e\u6761\u4ef6","text":"\u5bfc\u822a\u5230 \u5bb9\u5668\u7ba1\u7406 -> \u5bb9\u5668\u7f51\u7edc -> \u670d\u52a1 \uff0c\u70b9\u51fb\u670d\u52a1\u7684\u540d\u79f0\uff0c\u8fdb\u5165\u670d\u52a1\u8be6\u60c5\u9875\uff0c\u5728\u53f3\u4e0a\u89d2\u70b9\u51fb \u66f4\u65b0
\u66f4\u6539\u7aef\u53e3\u8303\u56f4\u4e3a 30900-30999\uff0c\u4f46\u4e0d\u80fd\u51b2\u7a81\u3002
\u4ee5\u7ec8\u7aef\u7528\u6237\u767b\u5f55 AI \u7b97\u529b\u5e73\u53f0\uff0c\u5bfc\u822a\u5230\u5bf9\u5e94\u7684\u670d\u52a1\uff0c\u67e5\u770b\u8bbf\u95ee\u7aef\u53e3\u3002
\u5728\u5916\u7f51\u4f7f\u7528 SSH \u5ba2\u6237\u7aef\u767b\u5f55\u4e91\u4e3b\u673a
\u81f3\u6b64\uff0c\u4f60\u53ef\u4ee5\u5728\u4e91\u4e3b\u673a\u4e0a\u6267\u884c\u5404\u9879\u64cd\u4f5c\u3002
\u4e0b\u4e00\u6b65\uff1a\u4f7f\u7528 Notebook
"},{"location":"end-user/insight/alert-center/index.html","title":"\u544a\u8b66\u4e2d\u5fc3","text":"\u544a\u8b66\u4e2d\u5fc3\u662f AI \u7b97\u529b\u5e73\u53f0 \u63d0\u4f9b\u7684\u4e00\u4e2a\u91cd\u8981\u529f\u80fd\uff0c\u5b83\u8ba9\u7528\u6237\u53ef\u4ee5\u901a\u8fc7\u56fe\u5f62\u754c\u9762\u65b9\u4fbf\u5730\u6309\u7167\u96c6\u7fa4\u548c\u547d\u540d\u7a7a\u95f4\u67e5\u770b\u6240\u6709\u6d3b\u52a8\u548c\u5386\u53f2\u544a\u8b66\uff0c \u5e76\u6839\u636e\u544a\u8b66\u7ea7\u522b\uff08\u7d27\u6025\u3001\u8b66\u544a\u3001\u63d0\u793a\uff09\u6765\u641c\u7d22\u544a\u8b66\u3002
\u6240\u6709\u544a\u8b66\u90fd\u662f\u57fa\u4e8e\u9884\u8bbe\u7684\u544a\u8b66\u89c4\u5219\u8bbe\u5b9a\u7684\u9608\u503c\u6761\u4ef6\u89e6\u53d1\u7684\u3002\u5728 AI \u7b97\u529b\u5e73\u53f0\u4e2d\uff0c\u5185\u7f6e\u4e86\u4e00\u4e9b\u5168\u5c40\u544a\u8b66\u7b56\u7565\uff0c\u540c\u65f6\u60a8\u4e5f\u53ef\u4ee5\u968f\u65f6\u521b\u5efa\u3001\u5220\u9664\u544a\u8b66\u7b56\u7565\uff0c\u5bf9\u4ee5\u4e0b\u6307\u6807\u8fdb\u884c\u8bbe\u7f6e\uff1a
\u8fd8\u53ef\u4ee5\u4e3a\u544a\u8b66\u89c4\u5219\u6dfb\u52a0\u6807\u7b7e\u548c\u6ce8\u89e3\u3002\u544a\u8b66\u89c4\u5219\u5206\u4e3a\u6d3b\u8dc3\u548c\u8fc7\u671f\u89c4\u5219\uff0c\u652f\u6301\u542f\u7528/\u7981\u7528\u67d0\u4e9b\u89c4\u5219\u6765\u5b9e\u73b0\u544a\u8b66\u9759\u9ed8\u3002
\u5f53\u8fbe\u5230\u9608\u503c\u6761\u4ef6\u540e\uff0c\u53ef\u4ee5\u914d\u7f6e\u544a\u8b66\u901a\u77e5\u65b9\u5f0f\uff0c\u5305\u62ec\u90ae\u4ef6\u3001\u9489\u9489\u3001\u4f01\u4e1a\u5fae\u4fe1\u3001Webhook \u548c\u77ed\u4fe1\u901a\u77e5\u3002 \u6240\u6709\u901a\u77e5\u7684\u6d88\u606f\u6a21\u677f\u90fd\u53ef\u4ee5\u81ea\u5b9a\u4e49\uff0c\u540c\u65f6\u8fd8\u652f\u6301\u6309\u8bbe\u5b9a\u7684\u95f4\u9694\u65f6\u95f4\u53d1\u9001\u901a\u77e5\u3002
\u6b64\u5916\uff0c\u544a\u8b66\u4e2d\u5fc3\u8fd8\u652f\u6301\u901a\u8fc7\u963f\u91cc\u4e91\u3001\u817e\u8baf\u4e91\u7b49\u63d0\u4f9b\u7684\u77ed\u4fe1\u670d\u52a1\u5c06\u544a\u8b66\u6d88\u606f\u53d1\u9001\u7ed9\u6307\u5b9a\u7528\u6237\uff0c\u5b9e\u73b0\u591a\u79cd\u65b9\u5f0f\u7684\u544a\u8b66\u901a\u77e5\u3002
AI \u7b97\u529b\u5e73\u53f0 \u544a\u8b66\u4e2d\u5fc3\u662f\u4e00\u4e2a\u529f\u80fd\u5f3a\u5927\u7684\u544a\u8b66\u7ba1\u7406\u5e73\u53f0\uff0c\u53ef\u5e2e\u52a9\u7528\u6237\u53ca\u65f6\u53d1\u73b0\u548c\u89e3\u51b3\u96c6\u7fa4\u4e2d\u51fa\u73b0\u7684\u95ee\u9898\uff0c \u63d0\u9ad8\u4e1a\u52a1\u7a33\u5b9a\u6027\u548c\u53ef\u7528\u6027\uff0c\u4fbf\u4e8e\u96c6\u7fa4\u5de1\u68c0\u548c\u6545\u969c\u6392\u67e5\u3002
"},{"location":"end-user/insight/alert-center/alert-policy.html","title":"\u544a\u8b66\u7b56\u7565","text":"\u544a\u8b66\u7b56\u7565\u662f\u5728\u53ef\u89c2\u6d4b\u6027\u7cfb\u7edf\u4e2d\u5b9a\u4e49\u7684\u4e00\u7ec4\u89c4\u5219\u548c\u6761\u4ef6\uff0c\u7528\u4e8e\u68c0\u6d4b\u548c\u89e6\u53d1\u8b66\u62a5\uff0c\u4ee5\u4fbf\u5728\u7cfb\u7edf\u51fa\u73b0\u5f02\u5e38\u6216\u8fbe\u5230\u9884\u5b9a\u7684\u9608\u503c\u65f6\u53ca\u65f6\u901a\u77e5\u76f8\u5173\u4eba\u5458\u6216\u7cfb\u7edf\u3002
\u6bcf\u6761\u544a\u8b66\u7b56\u7565\u662f\u4e00\u7ec4\u544a\u8b66\u89c4\u5219\u7684\u96c6\u5408\uff0c\u652f\u6301\u5bf9\u96c6\u7fa4\u3001\u8282\u70b9\u3001\u5de5\u4f5c\u8d1f\u8f7d\u7b49\u8d44\u6e90\u3001\u65e5\u5fd7\u3001\u4e8b\u4ef6\u8bbe\u7f6e\u544a\u8b66\u89c4\u5219\u3002\u5f53\u544a\u8b66\u5bf9\u8c61\u8fbe\u5230\u7b56\u7565\u4e0b\u4efb\u4e00\u89c4\u5219\u8bbe\u5b9a\u7684\u9608\u503c\uff0c\u5219\u4f1a\u81ea\u52a8\u89e6\u53d1\u544a\u8b66\u5e76\u53d1\u9001\u901a\u77e5\u3002
"},{"location":"end-user/insight/alert-center/alert-policy.html#_2","title":"\u67e5\u770b\u544a\u8b66\u7b56\u7565","text":"\u5de6\u4fa7\u5bfc\u822a\u680f\u4e2d\uff0c\u9009\u62e9 \u544a\u8b66\u4e2d\u5fc3 -> \u544a\u8b66\u7b56\u7565\u3002
\u70b9\u51fb\u544a\u8b66\u7b56\u7565\u540d\u79f0\u53ef\u67e5\u770b\u7b56\u7565\u7684\u57fa\u672c\u4fe1\u606f\u3001\u89c4\u5219\u4ee5\u53ca\u901a\u77e5\u914d\u7f6e\u3002
\u586b\u5199\u57fa\u672c\u4fe1\u606f\uff0c\u9009\u62e9\u4e00\u4e2a\u6216\u591a\u4e2a\u96c6\u7fa4\u3001\u8282\u70b9\u6216\u5de5\u4f5c\u8d1f\u8f7d\u4e3a\u544a\u8b66\u5bf9\u8c61\u540e\u70b9\u51fb \u4e0b\u4e00\u6b65\u3002
Note
\u5168\u90e8\u96c6\u7fa4\u3001\u8282\u70b9\u6216\u5de5\u4f5c\u8d1f\u8f7d
\uff1a\u521b\u5efa\u7684\u544a\u8b66\u89c4\u5219\u5bf9\u6240\u6709\u5df2\u5b89\u88c5 insight-agent \u7684\u96c6\u7fa4\u751f\u6548\u3002\u5728\u521b\u5efa\u544a\u8b66\u7b56\u7565\u7684\u7b2c\u4e8c\u90e8\u4e2d\uff0c\u70b9\u51fb\u5217\u8868\u53f3\u4e0a\u89d2\u7684\u6dfb\u52a0\u89c4\u5219
\u3002
\u5728\u5f39\u7a97\u4e2d\u521b\u5efa\u544a\u8b66\u89c4\u5219\uff0c\u586b\u5199\u5404\u9879\u53c2\u6570\u540e\u70b9\u51fb \u786e\u5b9a\u3002
Info
\u7cfb\u7edf\u5b9a\u4e49\u4e86\u5185\u7f6e\u6807\u7b7e\uff0c\u82e5\u81ea\u5b9a\u4e49\u6807\u7b7e\u4e0e\u5185\u7f6e\u6807\u7b7e\u7684\u952e
\u503c\u76f8\u540c\uff0c\u5219\u81ea\u5b9a\u4e49\u6807\u7b7e\u4e0d\u751f\u6548\u3002 \u5185\u7f6e\u6807\u7b7e\u6709\uff1aseverity
\u3001rule_id
\uff0csource
\u3001cluster_name
\u3001group_id
\u3001 target_type
\u548c target
\u3002
\u5b8c\u6210\u57fa\u672c\u4fe1\u606f\u7684\u586b\u5199\u540e\uff0c\u70b9\u51fb \u6dfb\u52a0\u89c4\u5219\uff0c\u89c4\u5219\u7c7b\u578b\u9009\u62e9 \u65e5\u5fd7\u89c4\u5219\u3002
Note
\u4ec5\u5f53\u8d44\u6e90\u5bf9\u8c61\u9009\u62e9\u8282\u70b9\u6216\u5de5\u4f5c\u8d1f\u8f7d\u65f6\uff0c\u652f\u6301\u521b\u5efa\u65e5\u5fd7\u89c4\u5219\u3002
\u5b57\u6bb5\u8bf4\u660e\uff1a
\u5b8c\u6210\u57fa\u672c\u4fe1\u606f\u7684\u586b\u5199\u540e\uff0c\u70b9\u51fb \u6dfb\u52a0\u89c4\u5219\uff0c\u89c4\u5219\u7c7b\u578b\u9009\u62e9 \u4e8b\u4ef6\u89c4\u5219\u3002
Note
\u4ec5\u5f53\u8d44\u6e90\u5bf9\u8c61\u9009\u62e9\u5de5\u4f5c\u8d1f\u8f7d\u65f6\uff0c\u652f\u6301\u521b\u5efa\u4e8b\u4ef6\u89c4\u5219\u3002
\u5b57\u6bb5\u8bf4\u660e\uff1a
\u53ef\u70b9\u51fb \u6a21\u677f\u5bfc\u5165\uff0c\u9009\u62e9\u5e73\u53f0\u7ba1\u7406\u5458\u5df2\u521b\u5efa\u597d\u7684\u544a\u8b66\u6a21\u677f\u6279\u91cf\u5bfc\u5165\u544a\u8b66\u89c4\u5219\u3002
\u70b9\u51fb \u4e0b\u4e00\u6b65 \u540e\u914d\u7f6e\u901a\u77e5\u3002
\u914d\u7f6e\u5b8c\u6210\u540e\uff0c\u70b9\u51fb \u786e\u5b9a \u6309\u94ae\uff0c\u8fd4\u56de\u544a\u8b66\u7b56\u7565\u5217\u8868\u3002
Tip
\u65b0\u5efa\u7684\u544a\u8b66\u7b56\u7565\u4e3a \u672a\u89e6\u53d1 \u72b6\u6001\u3002\u4e00\u65e6\u6ee1\u8db3\u89c4\u5219\u4e2d\u7684\u9608\u503c\u6761\u4ef6\u548c\u6301\u7eed\u65f6\u95f4\u540e\uff0c\u5c06\u53d8\u4e3a \u89e6\u53d1\u4e2d \u72b6\u6001\u3002
Warning
\u5220\u9664\u540e\u7684\u544a\u8b66\u7b56\u7565\u5c06\u5b8c\u5168\u6d88\u5931\uff0c\u8bf7\u8c28\u614e\u64cd\u4f5c\u3002
"},{"location":"end-user/insight/alert-center/alert-policy.html#yaml","title":"\u901a\u8fc7 YAML \u5bfc\u5165\u544a\u8b66\u7b56\u7565","text":"\u8fdb\u5165\u544a\u8b66\u7b56\u7565\u5217\u8868\uff0c\u70b9\u51fb YAML \u521b\u5efa\u3002
\u96c6\u7fa4\u3001\u547d\u540d\u7a7a\u95f4\u7684\u9009\u62e9\u662f\u4e3a\u4e86\u544a\u8b66\u7b56\u7565\u7684\u7ba1\u7406\u6743\u9650\u3002
\u5fc5\u586b\u8868\u8fbe\u5f0f expr\u3002
\u5bfc\u5165 YAML \u6587\u4ef6\u540e\uff0c\u70b9\u51fb \u9884\u89c8\uff0c\u53ef\u4ee5\u5bf9\u5bfc\u5165\u7684 YAML \u683c\u5f0f\u8fdb\u884c\u9a8c\u8bc1\uff0c\u5e76\u5feb\u901f\u786e\u8ba4\u5bfc\u5165\u7684\u544a\u8b66\u89c4\u5219\u3002
\u544a\u8b66\u6a21\u677f\u53ef\u652f\u6301\u5e73\u53f0\u7ba1\u7406\u5458\u521b\u5efa\u544a\u8b66\u6a21\u677f\u53ca\u89c4\u5219\uff0c\u4e1a\u52a1\u4fa7\u53ef\u4ee5\u76f4\u63a5\u4f7f\u7528\u544a\u8b66\u6a21\u677f\u521b\u5efa\u544a\u8b66\u7b56\u7565\u3002 \u8fd9\u4e2a\u529f\u80fd\u53ef\u4ee5\u51cf\u5c11\u4e1a\u52a1\u4eba\u5458\u5bf9\u544a\u8b66\u89c4\u5219\u7684\u7ba1\u7406\uff0c\u4e14\u53ef\u4ee5\u6839\u636e\u73af\u5883\u5b9e\u9645\u60c5\u51b5\u81ea\u884c\u4fee\u6539\u544a\u8b66\u9608\u503c\u3002
"},{"location":"end-user/insight/alert-center/alert-template.html#_2","title":"\u521b\u5efa\u544a\u8b66\u6a21\u677f","text":"\u5de6\u4fa7\u5bfc\u822a\u680f\u4e2d\uff0c\u9009\u62e9\u00a0\u544a\u8b66\u4e2d\u5fc3\u00a0->\u00a0\u544a\u8b66\u7b56\u7565\uff0c\u5355\u51fb\u9876\u90e8\u7684 \u544a\u8b66\u6a21\u677f \u3002
\u70b9\u51fb \u521b\u5efa\u544a\u8b66\u6a21\u677f \uff0c\u8bbe\u7f6e\u544a\u8b66\u6a21\u677f\u7684\u540d\u79f0\u3001\u63cf\u8ff0\u7b49\u4fe1\u606f\u3002
\u53c2\u6570 \u8bf4\u660e \u6a21\u677f\u540d\u79f0 \u540d\u79f0\u53ea\u80fd\u5305\u542b\u5c0f\u5199\u5b57\u6bcd\u3001\u6570\u5b57\u548c\u8fde\u5b57\u7b26\uff08-\uff09\uff0c\u5fc5\u987b\u4ee5\u5c0f\u5199\u5b57\u6bcd\u6216\u6570\u5b57\u5f00\u5934\u548c\u7ed3\u5c3e\uff0c\u6700\u957f 63 \u4e2a\u5b57\u7b26\u3002 \u63cf\u8ff0 \u63cf\u8ff0\u53ef\u5305\u542b\u4efb\u610f\u5b57\u7b26\uff0c\u6700\u957f 256 \u4e2a\u5b57\u7b26\u3002 \u8d44\u6e90\u7c7b\u578b \u7528\u4e8e\u6307\u5b9a\u544a\u8b66\u6a21\u677f\u7684\u5339\u914d\u7c7b\u578b\u3002 \u544a\u8b66\u89c4\u5219 \u652f\u6301\u9884\u5b9a\u4e49\u591a\u4e2a\u544a\u8b66\u89c4\u5219\uff0c\u53ef\u6dfb\u52a0\u6a21\u677f\u89c4\u5219\u3001PromQL \u89c4\u5219\u3002\u70b9\u51fb \u786e\u5b9a \u5b8c\u6210\u521b\u5efa\u540e\u8fd4\u56de\u544a\u8b66\u6a21\u677f\u5217\u8868\uff0c\u70b9\u51fb\u6a21\u677f\u540d\u79f0\u540e\u53ef\u67e5\u770b\u6a21\u677f\u8be6\u60c5\u3002
\u70b9\u51fb\u76ee\u6807\u89c4\u5219\u540e\u7684 \u2507 \uff0c\u70b9\u51fb \u7f16\u8f91\uff0c\u8fdb\u5165\u6291\u5236\u89c4\u5219\u7684\u7f16\u8f91\u9875\u3002
"},{"location":"end-user/insight/alert-center/alert-template.html#_4","title":"\u5220\u9664\u544a\u8b66\u6a21\u677f","text":"\u70b9\u51fb\u76ee\u6807\u6a21\u677f\u540e\u4fa7\u7684 \u2507 \uff0c\u70b9\u51fb \u5220\u9664\uff0c\u5728\u8f93\u5165\u6846\u4e2d\u8f93\u5165\u544a\u8b66\u6a21\u677f\u7684\u540d\u79f0\u5373\u53ef\u5220\u9664\u3002
"},{"location":"end-user/insight/alert-center/inhibition.html","title":"\u544a\u8b66\u6291\u5236","text":"\u544a\u8b66\u6291\u5236\u4e3b\u8981\u662f\u5bf9\u4e8e\u67d0\u4e9b\u4e0d\u9700\u8981\u7acb\u5373\u5173\u6ce8\u7684\u544a\u8b66\u8fdb\u884c\u4e34\u65f6\u9690\u85cf\u6216\u8005\u964d\u4f4e\u5176\u4f18\u5148\u7ea7\u7684\u4e00\u79cd\u673a\u5236\u3002\u8fd9\u4e2a\u529f\u80fd\u7684\u76ee\u7684\u662f\u4e3a\u4e86\u51cf\u5c11\u4e0d\u5fc5\u8981\u7684\u544a\u8b66\u4fe1\u606f\u5bf9\u8fd0\u7ef4\u4eba\u5458\u7684\u5e72\u6270\uff0c\u4f7f\u4ed6\u4eec\u80fd\u591f\u96c6\u4e2d\u7cbe\u529b\u5904\u7406\u66f4\u91cd\u8981\u7684\u95ee\u9898\u3002
\u544a\u8b66\u6291\u5236\u901a\u8fc7\u5b9a\u4e49\u4e00\u7ec4\u89c4\u5219\u6765\u8bc6\u522b\u548c\u5ffd\u7565\u67d0\u4e9b\u544a\u8b66\uff0c\u5f53\u5b83\u4eec\u5728\u7279\u5b9a\u6761\u4ef6\u4e0b\u53d1\u751f\u65f6\u3002\u4e3b\u8981\u6709\u4ee5\u4e0b\u51e0\u79cd\u60c5\u51b5\uff1a
\u5de6\u4fa7\u5bfc\u822a\u680f\u4e2d\uff0c\u9009\u62e9\u00a0\u544a\u8b66\u4e2d\u5fc3\u00a0->\u00a0\u544a\u8b66\u964d\u566a\uff0c\u5355\u51fb\u9876\u90e8\u7684 \u544a\u8b66\u6291\u5236 \u3002
\u70b9\u51fb \u65b0\u5efa\u6291\u5236\u89c4\u5219 \uff0c\u8bbe\u7f6e\u6291\u5236\u89c4\u5219\u7684\u540d\u79f0\u3001\u89c4\u5219\u7b49\u3002
Note
\u901a\u8fc7\u89c4\u5219\u6807\u7b7e\u548c\u544a\u8b66\u6807\u7b7e\u5b9a\u4e49\u4e00\u7ec4\u89c4\u5219\u6765\u8bc6\u522b\u548c\u5ffd\u7565\u67d0\u4e9b\u544a\u8b66\uff0c\u8fbe\u5230\u907f\u514d\u540c\u4e00\u95ee\u9898\u53ef\u80fd\u4f1a\u89e6\u53d1\u591a\u4e2a\u76f8\u4f3c\u6216\u76f8\u5173\u7684\u544a\u8b66\u7684\u95ee\u9898\u3002
\u53c2\u6570\u65f6\u95f4 \u8bf4\u660e \u6291\u5236\u89c4\u5219\u540d\u79f0 \u6291\u5236\u89c4\u5219\u540d\u79f0\u53ea\u80fd\u5305\u542b\u5c0f\u5199\u5b57\u6bcd\u3001\u6570\u5b57\u548c\u8fde\u5b57\u7b26\uff08-\uff09\uff0c\u5fc5\u987b\u4ee5\u5c0f\u5199\u5b57\u6bcd\u6216\u6570\u5b57\u5f00\u5934\u548c\u7ed3\u5c3e\uff0c\u6700\u957f 63 \u4e2a\u5b57\u7b26\u3002 \u63cf\u8ff0 \u63cf\u8ff0\u53ef\u5305\u542b\u4efb\u610f\u5b57\u7b26\uff0c\u6700\u957f 256 \u4e2a\u5b57\u7b26\u3002 \u96c6\u7fa4 \u8be5\u6291\u5236\u89c4\u5219\u4f5c\u7528\u7684\u96c6\u7fa4\u3002 \u547d\u540d\u7a7a\u95f4 \u8be5\u6291\u5236\u89c4\u5219\u4f5c\u7528\u7684\u547d\u540d\u7a7a\u95f4\u3002 \u6839\u6e90\u544a\u8b66 \u901a\u8fc7\u586b\u5199\u7684\u6807\u7b7e\u6761\u4ef6\u5339\u914d\u544a\u8b66\uff0c\u4f1a\u5c06\u7b26\u5408\u6240\u6709\u6807\u7b7e\u6761\u4ef6\u7684\u544a\u8b66\u4e0e\u7b26\u5408\u6291\u5236\u6761\u4ef6\u7684\u8fdb\u884c\u5bf9\u6bd4\uff0c\u4e0d\u7b26\u5408\u6291\u5236\u6761\u4ef6\u7684\u544a\u8b66\u5c06\u7167\u5e38\u53d1\u9001\u6d88\u606f\u7ed9\u7528\u6237\u3002 \u53d6\u503c\u8303\u56f4\u8bf4\u660e\uff1a - \u544a\u8b66\u7ea7\u522b\uff1a\u6307\u6807\u6216\u4e8b\u4ef6\u544a\u8b66\u7684\u7ea7\u522b\uff0c\u53ef\u4ee5\u8bbe\u7f6e\u4e3a\uff1a\u7d27\u6025\u3001\u91cd\u8981\u3001\u63d0\u793a\u3002 - \u8d44\u6e90\u7c7b\u578b\uff1a\u544a\u8b66\u5bf9\u8c61\u6240\u5bf9\u5e94\u7684\u8d44\u6e90\u7c7b\u578b\uff0c\u53ef\u4ee5\u8bbe\u7f6e\u4e3a\uff1a\u96c6\u7fa4\u3001\u8282\u70b9\u3001\u65e0\u72b6\u6001\u8d1f\u8f7d\u3001\u6709\u72b6\u5bb9\u8d1f\u8f7d\u3001\u5b88\u62a4\u8fdb\u7a0b\u3001\u5bb9\u5668\u7ec4\u3002 - \u6807\u7b7e\uff1a\u544a\u8b66\u6807\u8bc6\u5c5e\u6027\uff0c\u7531\u6807\u7b7e\u540d\u548c\u6807\u7b7e\u503c\u6784\u6210\uff0c\u652f\u6301\u7528\u6237\u81ea\u5b9a\u4e49\u3002 \u6291\u5236\u544a\u8b66 \u7528\u4e8e\u6307\u5b9a\u76ee\u6807\u8b66\u62a5\uff08\u5c06\u88ab\u6291\u5236\u7684\u8b66\u62a5\uff09\u7684\u5339\u914d\u6761\u4ef6\uff0c\u7b26\u5408\u6240\u6709\u6807\u7b7e\u6761\u4ef6\u7684\u544a\u8b66\u5c06\u4e0d\u4f1a\u518d\u53d1\u9001\u6d88\u606f\u7ed9\u7528\u6237\u3002 \u5339\u914d\u6807\u7b7e \u7528\u4e8e\u6307\u5b9a\u5e94\u8be5\u6bd4\u8f83\u7684\u6807\u7b7e\u5217\u8868\uff0c\u4ee5\u786e\u5b9a\u6e90\u8b66\u62a5\u548c\u76ee\u6807\u8b66\u62a5\u662f\u5426\u5339\u914d\u3002\u53ea\u6709\u5728\u00a0equal\u00a0\u4e2d\u6307\u5b9a\u7684\u6807\u7b7e\u5728\u6e90\u548c\u76ee\u6807\u8b66\u62a5\u4e2d\u7684\u503c\u5b8c\u5168\u76f8\u540c\u7684\u60c5\u51b5\u4e0b\uff0c\u624d\u4f1a\u89e6\u53d1\u6291\u5236\u3002equal\u00a0\u5b57\u6bb5\u662f\u53ef\u9009\u7684\u3002\u5982\u679c\u7701\u7565\u00a0equal\u00a0\u5b57\u6bb5\uff0c\u5219\u4f1a\u5c06\u6240\u6709\u6807\u7b7e\u7528\u4e8e\u5339\u914d\u70b9\u51fb**\u786e\u5b9a**\u5b8c\u6210\u521b\u5efa\u540e\u8fd4\u56de\u544a\u8b66\u6291\u5236\u5217\u8868\uff0c\u70b9\u51fb\u544a\u8b66\u6291\u5236\u540d\u79f0\u540e\u53ef\u67e5\u770b\u6291\u5236\u89c4\u5219\u8be6\u60c5\u3002
\u70b9\u51fb\u76ee\u6807\u89c4\u5219\u540d\u79f0\uff0c\u67e5\u770b\u89c4\u5219\u8be6\u60c5\uff0c\u67e5\u770b\u5bf9\u5e94\u544a\u8b66\u89c4\u5219\u7684\u6807\u7b7e\u3002
Note
\u5728\u6dfb\u52a0\u89c4\u5219
\u65f6\u53ef\u6dfb\u52a0\u81ea\u5b9a\u4e49\u6807\u7b7e
\u3002
\u70b9\u51fb\u53f3\u4fa7\u5bfc\u822a\u680f\u9009\u62e9\u00a0\u544a\u8b66\u4e2d\u5fc3\u00a0->\u00a0\u544a\u8b66\u5217\u8868 \uff0c\u70b9\u51fb\u544a\u8b66\u6240\u5728\u884c\u67e5\u770b\u544a\u8b66\u8be6\u60c5\u3002
Note
\u544a\u8b66\u6807\u7b7e\u7528\u4e8e\u63cf\u8ff0\u544a\u8b66\u7684\u8be6\u7ec6\u4fe1\u606f\u548c\u5c5e\u6027\uff0c\u53ef\u4ee5\u7528\u6765\u521b\u5efa\u6291\u5236\u89c4\u5219\u3002
\u70b9\u51fb\u76ee\u6807\u89c4\u5219\u540e\u4fa7\u7684 \u2507 \uff0c\u70b9\u51fb \u7f16\u8f91\uff0c\u8fdb\u5165\u6291\u5236\u89c4\u5219\u7684\u7f16\u8f91\u9875\u3002
\u70b9\u51fb\u76ee\u6807\u89c4\u5219\u540e\u4fa7\u7684 \u2507 \uff0c\u70b9\u51fb \u5220\u9664\uff0c\u5728\u8f93\u5165\u6846\u4e2d\u8f93\u5165\u6291\u5236\u89c4\u5219\u7684\u540d\u79f0\u5373\u53ef\u5220\u9664\u3002
"},{"location":"end-user/insight/alert-center/message.html","title":"\u901a\u77e5\u914d\u7f6e","text":"\u5728 \u901a\u77e5\u914d\u7f6e \u9875\u9762\uff0c\u53ef\u4ee5\u914d\u7f6e\u901a\u8fc7\u90ae\u4ef6\u3001\u4f01\u4e1a\u5fae\u4fe1\u3001\u9489\u9489\u3001Webhook \u548c\u77ed\u4fe1\u7b49\u65b9\u5f0f\u5411\u7528\u6237\u53d1\u9001\u6d88\u606f\u3002
"},{"location":"end-user/insight/alert-center/message.html#_2","title":"\u90ae\u4ef6\u7ec4","text":"\u8fdb\u5165 \u53ef\u89c2\u6d4b\u6027 \u540e\uff0c\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u4e2d\u70b9\u51fb \u544a\u8b66\u4e2d\u5fc3 -> \u901a\u77e5\u914d\u7f6e\uff0c\u9ed8\u8ba4\u4f4d\u4e8e\u90ae\u4ef6\u901a\u77e5\u5bf9\u8c61\u3002
\u70b9\u51fb \u6dfb\u52a0\u90ae\u7bb1\u7ec4\uff0c\u6dfb\u52a0\u4e00\u4e2a\u6216\u591a\u4e2a\u90ae\u4ef6\u5730\u5740\u3002
\u914d\u7f6e\u5b8c\u6210\u540e\u81ea\u52a8\u8fd4\u56de\u901a\u77e5\u5217\u8868\uff0c\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507\uff0c\u53ef\u4ee5\u7f16\u8f91\u6216\u5220\u9664\u90ae\u7bb1\u7ec4\u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u4e2d\u70b9\u51fb \u544a\u8b66\u4e2d\u5fc3 -> \u901a\u77e5\u914d\u7f6e -> \u4f01\u4e1a\u5fae\u4fe1\u3002
\u6709\u5173\u4f01\u4e1a\u5fae\u4fe1\u7fa4\u673a\u5668\u4eba\u7684 URL\uff0c\u8bf7\u53c2\u9605\u4f01\u4e1a\u5fae\u4fe1\u5b98\u65b9\u6587\u6863\uff1a\u5982\u4f55\u4f7f\u7528\u7fa4\u673a\u5668\u4eba\u3002
\u70b9\u51fb \u6dfb\u52a0\u7fa4\u673a\u5668\u4eba\uff0c\u6dfb\u52a0\u4e00\u4e2a\u6216\u591a\u4e2a\u7fa4\u673a\u5668\u4eba\u3002
\u914d\u7f6e\u5b8c\u6210\u540e\u81ea\u52a8\u8fd4\u56de\u901a\u77e5\u5217\u8868\uff0c\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507\uff0c\u9009\u62e9 \u53d1\u9001\u6d4b\u8bd5\u4fe1\u606f\uff0c\u8fd8\u53ef\u4ee5\u7f16\u8f91\u6216\u5220\u9664\u7fa4\u673a\u5668\u4eba\u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u4e2d\u70b9\u51fb \u544a\u8b66\u4e2d\u5fc3 -> \u901a\u77e5\u914d\u7f6e -> \u9489\u9489\uff0c\u70b9\u51fb \u6dfb\u52a0\u7fa4\u673a\u5668\u4eba\uff0c\u6dfb\u52a0\u4e00\u4e2a\u6216\u591a\u4e2a\u7fa4\u673a\u5668\u4eba\u3002
\u6709\u5173\u9489\u9489\u7fa4\u673a\u5668\u4eba\u7684 URL\uff0c\u8bf7\u53c2\u9605\u9489\u9489\u5b98\u65b9\u6587\u6863\uff1a\u81ea\u5b9a\u4e49\u673a\u5668\u4eba\u63a5\u5165\u3002
Note
\u52a0\u7b7e\u7684\u65b9\u5f0f\u662f\u9489\u9489\u673a\u5668\u4eba\u4e0e\u5f00\u53d1\u8005\u53cc\u5411\u8fdb\u884c\u5b89\u5168\u8ba4\u8bc1\uff0c\u82e5\u5728\u521b\u5efa\u9489\u9489\u673a\u5668\u4eba\u65f6\u5f00\u542f\u4e86\u52a0\u7b7e\uff0c\u5219\u9700\u8981\u5728\u6b64\u5904\u8f93\u5165\u9489\u9489\u751f\u6210\u7684\u5bc6\u94a5\u3002 \u53ef\u53c2\u8003\u9489\u9489\u81ea\u5b9a\u4e49\u673a\u5668\u4eba\u5b89\u5168\u8bbe\u7f6e\u3002
\u914d\u7f6e\u5b8c\u6210\u540e\u81ea\u52a8\u8fd4\u56de\u901a\u77e5\u5217\u8868\uff0c\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507\uff0c\u9009\u62e9 \u53d1\u9001\u6d4b\u8bd5\u4fe1\u606f\uff0c\u8fd8\u53ef\u4ee5\u7f16\u8f91\u6216\u5220\u9664\u7fa4\u673a\u5668\u4eba\u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u4e2d\u70b9\u51fb \u544a\u8b66\u4e2d\u5fc3 -> \u901a\u77e5\u914d\u7f6e -> \u98de\u4e66\uff0c\u70b9\u51fb \u6dfb\u52a0\u7fa4\u673a\u5668\u4eba\uff0c\u6dfb\u52a0\u4e00\u4e2a\u6216\u591a\u4e2a\u7fa4\u673a\u5668\u4eba\u3002
Note
\u5f53\u98de\u4e66\u7684\u7fa4\u673a\u5668\u4eba\u5f00\u542f\u7b7e\u540d\u6821\u9a8c\u65f6\uff0c\u6dfb\u52a0\u98de\u4e66\u901a\u77e5\u65f6\u9700\u8981\u586b\u5199\u5bf9\u5e94\u7684\u7b7e\u540d\u5bc6\u94a5\u3002\u8bf7\u67e5\u9605 \u81ea\u5b9a\u4e49\u673a\u5668\u4eba\u4f7f\u7528\u6307\u5357\u3002
\u914d\u7f6e\u5b8c\u6210\u540e\u81ea\u52a8\u8fd4\u56de\u901a\u77e5\u5217\u8868\uff0c\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507\uff0c\u9009\u62e9 \u53d1\u9001\u6d4b\u8bd5\u4fe1\u606f\uff0c\u8fd8\u53ef\u4ee5\u7f16\u8f91\u6216\u5220\u9664\u7fa4\u673a\u5668\u4eba\u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u4e2d\u70b9\u51fb \u544a\u8b66\u4e2d\u5fc3 -> \u901a\u77e5\u914d\u7f6e -> Webhook\u3002
\u6709\u5173 Webhook URL \u53ca\u66f4\u591a\u914d\u7f6e\u65b9\u5f0f\uff0c\u8bf7\u53c2\u9605 webhook \u6587\u6863\u3002
\u70b9\u51fb \u65b0\u5efa Webhook\uff0c\u6dfb\u52a0\u4e00\u4e2a\u6216\u591a\u4e2a Webhook\u3002
HTTP Headers
\uff1a\u975e\u5fc5\u586b\uff0c\u8bbe\u7f6e\u8bf7\u6c42\u5934\u3002\u53ef\u4ee5\u6dfb\u52a0\u591a\u4e2a Headers\u3002
Note
\u6709\u5173 Webhook URL \u53ca\u66f4\u591a\u914d\u7f6e\u65b9\u5f0f\uff0c\u8bf7\u53c2\u9605 webhook \u6587\u6863\u3002
\u914d\u7f6e\u5b8c\u6210\u540e\u81ea\u52a8\u8fd4\u56de\u901a\u77e5\u5217\u8868\uff0c\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507\uff0c\u9009\u62e9 \u53d1\u9001\u6d4b\u8bd5\u4fe1\u606f\uff0c\u8fd8\u53ef\u4ee5\u7f16\u8f91\u6216\u5220\u9664 Webhook\u3002
Note
\u544a\u8b66\u6d88\u606f\u53d1\u9001\u81f3\u7528\u6237\u4e2a\u4eba\u7684\u7ad9\u5185\u4fe1
\uff0c\u70b9\u51fb\u9876\u90e8\u7684 \ud83d\udd14 \u7b26\u53f7\u53ef\u4ee5\u67e5\u770b\u901a\u77e5\u6d88\u606f\u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u4e2d\u70b9\u51fb \u544a\u8b66\u4e2d\u5fc3 -> \u901a\u77e5\u914d\u7f6e -> \u7ad9\u5185\u4fe1\uff0c\u70b9\u51fb\u521b\u5efa\u3002
\u914d\u7f6e\u5b8c\u6210\u540e\u81ea\u52a8\u8fd4\u56de \u7ad9\u5185\u4fe1\u901a\u77e5\u5217\u8868\uff0c\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507\uff0c\u9009\u62e9 \u53d1\u9001\u6d4b\u8bd5\u4fe1\u606f\u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u4e2d\u70b9\u51fb \u544a\u8b66\u4e2d\u5fc3 -> \u901a\u77e5\u914d\u7f6e -> \u77ed\u4fe1\uff0c\u70b9\u51fb \u6dfb\u52a0\u77ed\u4fe1\u7ec4\uff0c\u6dfb\u52a0\u4e00\u4e2a\u6216\u591a\u4e2a\u77ed\u4fe1\u7ec4\u3002
\u5728\u5f39\u7a97\u4e2d\u8f93\u5165\u540d\u79f0\u3001\u63a5\u6536\u77ed\u4fe1\u7684\u5bf9\u8c61\u3001\u624b\u673a\u53f7\u4ee5\u53ca\u901a\u77e5\u670d\u52a1\u5668\u3002
\u901a\u77e5\u670d\u52a1\u5668\u9700\u8981\u9884\u5148\u5728 \u901a\u77e5\u914d\u7f6e -> \u901a\u77e5\u670d\u52a1\u5668 \u4e2d\u6dfb\u52a0\u521b\u5efa\u3002\u76ee\u524d\u652f\u6301\u963f\u91cc\u4e91\u3001\u817e\u8baf\u4e91\u4e24\u79cd\u4e91\u670d\u52a1\u5668\uff0c\u5177\u4f53\u914d\u7f6e\u7684\u53c2\u6570\u8bf7\u53c2\u9605\u81ea\u5df1\u7684\u4e91\u670d\u52a1\u5668\u4fe1\u606f\u3002
\u77ed\u4fe1\u7ec4\u6dfb\u52a0\u6210\u529f\u540e\uff0c\u81ea\u52a8\u8fd4\u56de\u901a\u77e5\u5217\u8868\uff0c\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507\uff0c\u53ef\u4ee5\u7f16\u8f91\u6216\u5220\u9664\u77ed\u4fe1\u7ec4\u3002
\u53ef\u89c2\u6d4b\u6027\u63d0\u4f9b\u81ea\u5b9a\u4e49\u6d88\u606f\u6a21\u677f\u5185\u5bb9\u7684\u80fd\u529b\uff0c\u652f\u6301\u90ae\u4ef6\u3001\u4f01\u4e1a\u5fae\u4fe1\u3001\u9489\u9489\u3001Webhook\u3001\u98de\u4e66\u3001\u7ad9\u5185\u4fe1\u7b49\u4e0d\u540c\u7684\u901a\u77e5\u5bf9\u8c61\u5b9a\u4e49\u4e0d\u540c\u7684\u6d88\u606f\u901a\u77e5\u5185\u5bb9\u3002
"},{"location":"end-user/insight/alert-center/msg-template.html#_2","title":"\u521b\u5efa\u6d88\u606f\u6a21\u677f","text":"\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u4e2d\uff0c\u9009\u62e9 \u544a\u8b66\u4e2d\u5fc3 -> \u6d88\u606f\u6a21\u677f\u3002
Insight \u9ed8\u8ba4\u5185\u7f6e\u4e2d\u82f1\u6587\u4e24\u4e2a\u6a21\u677f\uff0c\u4ee5\u4fbf\u7528\u6237\u4f7f\u7528\u3002
\u70b9\u51fb \u65b0\u5efa\u6d88\u606f\u6a21\u677f \u6309\u94ae\uff0c\u586b\u5199\u6a21\u677f\u5185\u5bb9\u3002
Info
\u53ef\u89c2\u6d4b\u6027\u9884\u7f6e\u4e86\u6d88\u606f\u6a21\u677f\u3002\u82e5\u9700\u8981\u5b9a\u4e49\u6a21\u677f\u7684\u5185\u5bb9\uff0c\u8bf7\u53c2\u8003\u914d\u7f6e\u901a\u77e5\u6a21\u677f\u3002
"},{"location":"end-user/insight/alert-center/msg-template.html#_3","title":"\u6d88\u606f\u6a21\u677f\u8be6\u60c5","text":"\u70b9\u51fb\u67d0\u4e00\u6d88\u606f\u6a21\u677f\u7684\u540d\u79f0\uff0c\u53f3\u4fa7\u6ed1\u5757\u53ef\u67e5\u770b\u6d88\u606f\u6a21\u677f\u7684\u8be6\u60c5\u3002
\u53c2\u6570 \u53d8\u91cf \u63cf\u8ff0 \u89c4\u5219\u540d\u79f0 {{ .Labels.alertname }} \u89e6\u53d1\u544a\u8b66\u7684\u89c4\u5219\u540d\u79f0 \u7b56\u7565\u540d\u79f0 {{ .Labels.alertgroup }} \u89e6\u53d1\u544a\u8b66\u89c4\u5219\u6240\u5c5e\u7684\u544a\u8b66\u7b56\u7565\u540d\u79f0 \u544a\u8b66\u7ea7\u522b {{ .Labels.severity }} \u89e6\u53d1\u544a\u8b66\u7684\u7ea7\u522b \u96c6\u7fa4 {{ .Labels.cluster }} \u89e6\u53d1\u544a\u8b66\u7684\u8d44\u6e90\u6240\u5728\u7684\u96c6\u7fa4 \u547d\u540d\u7a7a\u95f4 {{ .Labels.namespace }} \u89e6\u53d1\u544a\u8b66\u7684\u8d44\u6e90\u6240\u5728\u7684\u547d\u540d\u7a7a\u95f4 \u8282\u70b9 {{ .Labels.node }} \u89e6\u53d1\u544a\u8b66\u7684\u8d44\u6e90\u6240\u5728\u7684\u8282\u70b9 \u8d44\u6e90\u7c7b\u578b {{ .Labels.target_type }} \u544a\u8b66\u5bf9\u8c61\u7684\u8d44\u6e90\u7c7b\u578b \u8d44\u6e90\u540d\u79f0 {{ .Labels.target }} \u89e6\u53d1\u544a\u8b66\u7684\u5bf9\u8c61\u540d\u79f0 \u89e6\u53d1\u503c {{ .Annotations.value }} \u89e6\u53d1\u544a\u8b66\u901a\u77e5\u65f6\u7684\u6307\u6807\u503c \u53d1\u751f\u65f6\u95f4 {{ .StartsAt }} \u544a\u8b66\u5f00\u59cb\u53d1\u751f\u7684\u65f6\u95f4 \u7ed3\u675f\u65f6\u95f4 {{ .EndsAT }} \u544a\u8b66\u7ed3\u675f\u7684\u65f6\u95f4 \u63cf\u8ff0 {{ .Annotations.description }} \u544a\u8b66\u7684\u8be6\u7ec6\u63cf\u8ff0 \u6807\u7b7e {{ for .labels}} {{end}} \u544a\u8b66\u7684\u6240\u6709\u6807\u7b7e\uff0c\u4f7f\u7528 for \u51fd\u6570\u904d\u5386 labels \u5217\u8868\uff0c\u83b7\u53d6\u544a\u8b66\u7684\u6240\u6709\u6807\u7b7e\u5185\u5bb9\u3002"},{"location":"end-user/insight/alert-center/msg-template.html#_4","title":"\u7f16\u8f91\u6216\u5220\u9664\u6d88\u606f\u6a21\u677f","text":"\u5728\u5217\u8868\u53f3\u4fa7\u70b9\u51fb \u2507\uff0c\u5728\u5f39\u51fa\u83dc\u5355\u4e2d\u9009\u62e9 \u7f16\u8f91 \u6216 \u5220\u9664\uff0c\u53ef\u4ee5\u4fee\u6539\u6216\u5220\u9664\u6d88\u606f\u6a21\u677f\u3002
Warning
\u8bf7\u6ce8\u610f\uff0c\u5220\u9664\u6a21\u677f\u540e\u65e0\u6cd5\u6062\u590d\uff0c\u8bf7\u8c28\u614e\u64cd\u4f5c\u3002
"},{"location":"end-user/insight/alert-center/silent.html","title":"\u544a\u8b66\u9759\u9ed8","text":"\u544a\u8b66\u9759\u9ed8\u662f\u6307\u5728\u7279\u5b9a\u7684\u65f6\u95f4\u8303\u56f4\u5185\uff0c\u6839\u636e\u5b9a\u4e49\u597d\u7684\u89c4\u5219\u5bf9\u7b26\u5408\u6761\u4ef6\u7684\u544a\u8b66\u4e0d\u518d\u53d1\u9001\u544a\u8b66\u901a\u77e5\u3002\u8be5\u529f\u80fd\u53ef\u4ee5\u5e2e\u52a9\u8fd0\u7ef4\u4eba\u5458\u907f\u514d\u5728\u67d0\u4e9b\u64cd\u4f5c\u6216\u4e8b\u4ef6\u671f\u95f4\u63a5\u6536\u5230\u8fc7\u591a\u7684\u566a\u58f0\u544a\u8b66\uff0c\u540c\u65f6\u4fbf\u4e8e\u66f4\u52a0\u7cbe\u786e\u5730\u5904\u7406\u771f\u6b63\u9700\u8981\u89e3\u51b3\u7684\u95ee\u9898\u3002
\u5728\u544a\u8b66\u9759\u9ed8\u9875\u9762\u4e0a\uff0c\u7528\u6237\u53ef\u4ee5\u770b\u5230\u4e24\u4e2a\u9875\u7b7e\uff1a\u6d3b\u8dc3\u89c4\u5219\u548c\u8fc7\u671f\u89c4\u5219\u3002 \u5176\u4e2d\uff0c\u6d3b\u8dc3\u89c4\u5219\u8868\u793a\u76ee\u524d\u6b63\u5728\u751f\u6548\u7684\u89c4\u5219\uff0c\u800c\u8fc7\u671f\u89c4\u5219\u5219\u662f\u4ee5\u524d\u5b9a\u4e49\u8fc7\u4f46\u5df2\u7ecf\u8fc7\u671f\uff08\u6216\u8005\u7528\u6237\u4e3b\u52a8\u5220\u9664\uff09\u7684\u89c4\u5219\u3002
"},{"location":"end-user/insight/alert-center/silent.html#_2","title":"\u64cd\u4f5c\u6b65\u9aa4","text":"\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u4e2d\uff0c\u9009\u62e9 \u544a\u8b66\u4e2d\u5fc3 -> \u544a\u8b66\u9759\u9ed8 ,\u70b9\u51fb \u65b0\u5efa\u9759\u9ed8\u89c4\u5219 \u6309\u94ae\u3002
\u586b\u5199\u9759\u9ed8\u89c4\u5219\u7684\u5404\u9879\u53c2\u6570\uff0c\u5982\u96c6\u7fa4\u3001\u547d\u540d\u7a7a\u95f4\u3001\u6807\u7b7e\u3001\u65f6\u95f4\u7b49\uff0c\u4ee5\u5b9a\u4e49\u8fd9\u6761\u89c4\u5219\u7684\u4f5c\u7528\u8303\u56f4\u548c\u751f\u6548\u65f6\u95f4\u3002
\u8fd4\u56de\u89c4\u5219\u5217\u8868\uff0c\u5728\u5217\u8868\u53f3\u4fa7\u70b9\u51fb \u2507 \uff0c\u53ef\u4ee5\u7f16\u8f91\u6216\u5220\u9664\u9759\u9ed8\u89c4\u5219\u3002
\u901a\u8fc7\u544a\u8b66\u9759\u9ed8\u529f\u80fd\uff0c\u60a8\u53ef\u4ee5\u7075\u6d3b\u5730\u63a7\u5236\u54ea\u4e9b\u544a\u8b66\u9700\u8981\u88ab\u5ffd\u7565\uff0c\u5728\u4ec0\u4e48\u65f6\u95f4\u6bb5\u5185\u751f\u6548\uff0c\u4ece\u800c\u63d0\u9ad8\u8fd0\u7ef4\u6548\u7387\uff0c\u51cf\u5c11\u8bef\u62a5\u7684\u53ef\u80fd\u6027\u3002
"},{"location":"end-user/insight/alert-center/sms-provider.html","title":"\u914d\u7f6e\u901a\u77e5\u670d\u52a1\u5668","text":"\u53ef\u89c2\u6d4b\u6027 Insight \u652f\u6301\u77ed\u4fe1\u901a\u77e5\uff0c\u76ee\u524d\u901a\u8fc7\u96c6\u6210\u963f\u91cc\u4e91\u3001\u817e\u8baf\u4e91\u7684\u77ed\u4fe1\u670d\u52a1\u53d1\u9001\u544a\u8b66\u6d88\u606f\u3002\u672c\u6587\u4ecb\u7ecd\u4e86\u5982\u4f55\u5728 insight \u4e2d\u914d\u7f6e\u77ed\u4fe1\u901a\u77e5\u7684\u670d\u52a1\u5668\u3002\u77ed\u4fe1\u7b7e\u540d\u4e2d\u652f\u6301\u7684\u53d8\u91cf\u4e3a\u6d88\u606f\u6a21\u677f\u4e2d\u7684\u9ed8\u8ba4\u53d8\u91cf\uff0c\u540c\u65f6\u7531\u4e8e\u77ed\u4fe1\u5b57\u6570\u6709\u9650\uff0c\u5efa\u8bae\u9009\u62e9\u8f83\u4e3a\u660e\u786e\u7684\u53d8\u91cf\u3002
\u5982\u4f55\u914d\u7f6e\u77ed\u4fe1\u63a5\u6536\u4eba\u53ef\u53c2\u8003\u6587\u6863\uff1a\u914d\u7f6e\u77ed\u4fe1\u901a\u77e5\u7ec4\u3002
"},{"location":"end-user/insight/alert-center/sms-provider.html#_2","title":"\u64cd\u4f5c\u6b65\u9aa4","text":"\u8fdb\u5165 \u544a\u8b66\u4e2d\u5fc3 -> \u901a\u77e5\u914d\u7f6e -> \u901a\u77e5\u670d\u52a1\u5668 \u3002
\u70b9\u51fb \u6dfb\u52a0\u901a\u77e5\u670d\u52a1\u5668 \u3002
\u914d\u7f6e\u963f\u91cc\u4e91\u670d\u52a1\u5668\u3002
\u7533\u8bf7\u963f\u91cc\u4e91\u77ed\u4fe1\u670d\u52a1\uff0c\u8bf7\u53c2\u8003\u963f\u91cc\u4e91\u77ed\u4fe1\u670d\u52a1\u3002
\u5b57\u6bb5\u8bf4\u660e\uff1a
\u8bf7\u53c2\u8003\u963f\u91cc\u4e91\u53d8\u91cf\u89c4\u8303\u3002
Note
\u4e3e\u4f8b\uff1a\u5728\u963f\u91cc\u4e91\u5b9a\u4e49\u7684\u6a21\u677f\u5185\u5bb9\u4e3a\uff1a\\({severity}\uff1a\\) \u88ab\u89e6\u53d1\u3002\u53c2\u6570\u6a21\u677f\u4e2d\u7684\u914d\u7f6e\u53c2\u8003\u4e0a\u56fe\u3002} \u5728 ${startat
\u914d\u7f6e\u817e\u8baf\u4e91\u670d\u52a1\u5668\u3002
\u7533\u8bf7\u817e\u8baf\u4e91\u77ed\u4fe1\u670d\u52a1\uff0c\u8bf7\u53c2\u8003\u817e\u8baf\u4e91\u77ed\u4fe1\u3002
\u5b57\u6bb5\u8bf4\u660e\uff1a
Note
\u4e3e\u4f8b\uff1a\u5728\u817e\u8baf\u4e91\u5b9a\u4e49\u7684\u6a21\u677f\u5185\u5bb9\u4e3a\uff1a{1}\uff1a{2} \u5728 {3} \u88ab\u89e6\u53d1\u3002\u53c2\u6570\u6a21\u677f\u4e2d\u7684\u914d\u7f6e\u53c2\u8003\u4e0a\u56fe\u3002
\u5728 AI \u7b97\u529b\u5e73\u53f0\u4e2d\u53ef\u89c2\u6d4b\u6027 Insight \u4f5c\u4e3a\u591a\u96c6\u7fa4\u89c2\u6d4b\u4ea7\u54c1\uff0c\u4e3a\u4e86\u5b9e\u73b0\u591a\u96c6\u7fa4\u89c2\u6d4b\u6570\u636e\u7684\u7edf\u4e00\u91c7\u96c6\uff0c\u9700\u8981\u7528\u6237\u5b89\u88c5 Helm \u5e94\u7528 insight-agent \uff08\u9ed8\u8ba4\u5b89\u88c5\u5728 insight-system \u547d\u540d\u7a7a\u95f4\uff09\u3002\u53c2\u9605\u5982\u4f55\u5b89\u88c5 insight-agent \u3002
"},{"location":"end-user/insight/collection-manag/agent-status.html#_1","title":"\u72b6\u6001\u8bf4\u660e","text":"\u5728 \u53ef\u89c2\u6d4b\u6027 -> \u91c7\u96c6\u7ba1\u7406 \u90e8\u5206\u53ef\u67e5\u770b\u5404\u96c6\u7fa4\u5b89\u88c5 insight-agent \u7684\u60c5\u51b5\u3002
\u53ef\u901a\u8fc7\u4ee5\u4e0b\u65b9\u5f0f\u6392\u67e5\uff1a
\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\uff0c\u82e5\u72b6\u6001\u4e3a deployed \uff0c\u5219\u6267\u884c\u4e0b\u4e00\u6b65\u3002\u82e5\u4e3a failed \uff0c\u7531\u4e8e\u4f1a\u5f71\u54cd\u5e94\u7528\u7684\u5347\u7ea7\uff0c\u5efa\u8bae\u5728 \u5bb9\u5668\u7ba1\u7406 -> helm \u5e94\u7528 \u5378\u8f7d\u540e\u91cd\u65b0\u5b89\u88c5 :
helm list -n insight-system\n
\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u6216\u5728 \u53ef\u89c2\u6d4b\u6027 -> \u91c7\u96c6\u7ba1\u7406 \u4e2d\u67e5\u770b\u8be5\u96c6\u7fa4\u90e8\u7f72\u7684\u7ec4\u4ef6\u7684\u72b6\u6001\uff0c\u82e5\u5b58\u5728\u975e \u8fd0\u884c\u4e2d \u72b6\u6001\u7684\u5bb9\u5668\u7ec4\uff0c\u8bf7\u91cd\u542f\u5f02\u5e38\u7684\u5bb9\u5668\u7ec4\u3002
kubectl get pods -n insight-system\n
insight-agent \u4e2d\u6307\u6807\u91c7\u96c6\u7ec4\u4ef6 Prometheus \u7684\u8d44\u6e90\u6d88\u8017\u4e0e\u96c6\u7fa4\u4e2d\u8fd0\u884c\u7684\u5bb9\u5668\u7ec4\u6570\u91cf\u5b58\u5728\u6b63\u6bd4\u5173\u7cfb\uff0c \u8bf7\u6839\u636e\u96c6\u7fa4\u89c4\u6a21\u8c03\u6574 Prometheus \u7684\u8d44\u6e90\uff0c\u8bf7\u53c2\u8003\uff1aPrometheus \u8d44\u6e90\u89c4\u5212
\u7531\u4e8e\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4e2d\u6307\u6807\u5b58\u50a8\u7ec4\u4ef6 vmstorage \u7684\u5b58\u50a8\u5bb9\u91cf\u4e0e\u5404\u4e2a\u96c6\u7fa4\u5bb9\u5668\u7ec4\u6570\u91cf\u603b\u548c\u5b58\u5728\u6b63\u6bd4\u5173\u7cfb\u3002
\u91c7\u96c6\u7ba1\u7406 \u4e3b\u8981\u662f\u96c6\u4e2d\u7ba1\u7406\u3001\u5c55\u793a\u96c6\u7fa4\u5b89\u88c5\u91c7\u96c6\u63d2\u4ef6 insight-agent \u7684\u5165\u53e3\uff0c\u5e2e\u52a9\u7528\u6237\u5feb\u901f\u7684\u67e5\u770b\u96c6\u7fa4\u91c7\u96c6\u63d2\u4ef6\u7684\u5065\u5eb7\u72b6\u6001\uff0c\u5e76\u63d0\u4f9b\u4e86\u5feb\u6377\u5165\u53e3\u914d\u7f6e\u91c7\u96c6\u89c4\u5219\u3002
\u5177\u4f53\u64cd\u4f5c\u6b65\u9aa4\u5982\u4e0b\uff1a
\u70b9\u51fb\u5de6\u4e0a\u89d2\u7684\uff0c\u9009\u62e9 \u53ef\u89c2\u6d4b\u6027 \u3002
\u9009\u62e9\u5de6\u4fa7\u5bfc\u822a\u680f\u7684 \u91c7\u96c6\u7ba1\u7406 \uff0c\u67e5\u770b\u5168\u90e8\u96c6\u7fa4\u91c7\u96c6\u63d2\u4ef6\u7684\u72b6\u6001\u3002
\u96c6\u7fa4\u63a5\u5165 insight-agent \u4e14\u5904\u4e8e\u8fd0\u884c\u4e2d\u72b6\u6001\u65f6\uff0c\u70b9\u51fb\u67d0\u4e2a\u96c6\u7fa4\u540d\u79f0\u8fdb\u5165\u8be6\u60c5\u3002
\u5728 \u670d\u52a1\u76d1\u63a7 \u9875\u7b7e\u4e2d\uff0c\u70b9\u51fb\u5feb\u6377\u94fe\u63a5\u8df3\u8f6c\u5230 \u5bb9\u5668\u7ba1\u7406 -> \u81ea\u5b9a\u4e49\u8d44\u6e90 \u6dfb\u52a0\u670d\u52a1\u53d1\u73b0\u89c4\u5219\u3002
Prometheus \u4e3b\u8981\u901a\u8fc7 Pull \u7684\u65b9\u5f0f\u6765\u6293\u53d6\u76ee\u6807\u670d\u52a1\u66b4\u9732\u51fa\u6765\u7684\u76d1\u63a7\u63a5\u53e3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6e\u5bf9\u5e94\u7684\u6293\u53d6\u4efb\u52a1\u6765\u8bf7\u6c42\u76d1\u63a7\u6570\u636e\u5e76\u5199\u5165\u5230 Prometheus \u63d0\u4f9b\u7684\u5b58\u50a8\u4e2d\uff0c\u76ee\u524d Prometheus \u670d\u52a1\u63d0\u4f9b\u4e86\u5982\u4e0b\u51e0\u4e2a\u4efb\u52a1\u7684\u914d\u7f6e\uff1a
Note
[ ]
\u4e2d\u7684\u914d\u7f6e\u9879\u4e3a\u53ef\u9009\u3002
\u76f8\u5e94\u914d\u7f6e\u9879\u8bf4\u660e\u5982\u4e0b\uff1a
# \u6293\u53d6\u4efb\u52a1\u540d\u79f0\uff0c\u540c\u65f6\u4f1a\u5728\u5bf9\u5e94\u6293\u53d6\u7684\u6307\u6807\u4e2d\u52a0\u4e86\u4e00\u4e2a label(job=job_name)\njob_name: <job_name>\n\n# \u6293\u53d6\u4efb\u52a1\u65f6\u95f4\u95f4\u9694\n[ scrape_interval: <duration> | default = <global_config.scrape_interval> ]\n\n# \u6293\u53d6\u8bf7\u6c42\u8d85\u65f6\u65f6\u95f4\n[ scrape_timeout: <duration> | default = <global_config.scrape_timeout> ]\n\n# \u6293\u53d6\u4efb\u52a1\u8bf7\u6c42 URI \u8def\u5f84\n[ metrics_path: <path> | default = /metrics ]\n\n# \u89e3\u51b3\u5f53\u6293\u53d6\u7684 label \u4e0e\u540e\u7aef Prometheus \u6dfb\u52a0 label \u51b2\u7a81\u65f6\u7684\u5904\u7406\u3002\n# true: \u4fdd\u7559\u6293\u53d6\u5230\u7684 label\uff0c\u5ffd\u7565\u4e0e\u540e\u7aef Prometheus \u51b2\u7a81\u7684 label\uff1b\n# false: \u5bf9\u51b2\u7a81\u7684 label\uff0c\u628a\u6293\u53d6\u7684 label \u524d\u52a0\u4e0a exported_<original-label>\uff0c\u6dfb\u52a0\u540e\u7aef Prometheus \u589e\u52a0\u7684 label\uff1b\n[ honor_labels: <boolean> | default = false ]\n\n# \u662f\u5426\u4f7f\u7528\u6293\u53d6\u5230 target \u4e0a\u4ea7\u751f\u7684\u65f6\u95f4\u3002\n# true: \u5982\u679c target \u4e2d\u6709\u65f6\u95f4\uff0c\u4f7f\u7528 target \u4e0a\u7684\u65f6\u95f4\uff1b\n# false: \u76f4\u63a5\u5ffd\u7565 target \u4e0a\u7684\u65f6\u95f4\uff1b\n[ honor_timestamps: <boolean> | default = true ]\n\n# \u6293\u53d6\u534f\u8bae: http \u6216\u8005 https\n[ scheme: <scheme> | default = http ]\n\n# \u6293\u53d6\u8bf7\u6c42\u5bf9\u5e94 URL \u53c2\u6570\nparams:\n [ <string>: [<string>, ...] ]\n\n# \u901a\u8fc7 basic auth \u8bbe\u7f6e\u6293\u53d6\u8bf7\u6c42\u5934\u4e2d `Authorization` \u7684\u503c\uff0cpassword/password_file \u4e92\u65a5\uff0c\u4f18\u5148\u53d6 password_file \u91cc\u9762\u7684\u503c\u3002\nbasic_auth:\n [ username: <string> ]\n [ password: <secret> ]\n [ password_file: <string> ]\n\n# \u901a\u8fc7 bearer token \u8bbe\u7f6e\u6293\u53d6\u8bf7\u6c42\u5934\u4e2d `Authorization` bearer_token/bearer_token_file \u4e92\u65a5\uff0c\u4f18\u5148\u53d6 bearer_token \u91cc\u9762\u7684\u503c\u3002\n[ bearer_token: <secret> ]\n\n# \u901a\u8fc7 bearer token \u8bbe\u7f6e\u6293\u53d6\u8bf7\u6c42\u5934\u4e2d `Authorization` bearer_token/bearer_token_file \u4e92\u65a5\uff0c\u4f18\u5148\u53d6 bearer_token \u91cc\u9762\u7684\u503c\u3002\n[ bearer_token_file: <filename> ]\n\n# \u6293\u53d6\u8fde\u63a5\u662f\u5426\u901a\u8fc7 TLS \u5b89\u5168\u901a\u9053\uff0c\u914d\u7f6e\u5bf9\u5e94\u7684 TLS \u53c2\u6570\ntls_config:\n [ <tls_config> ]\n\n# \u901a\u8fc7\u4ee3\u7406\u670d\u52a1\u6765\u6293\u53d6 target \u4e0a\u7684\u6307\u6807\uff0c\u586b\u5199\u5bf9\u5e94\u7684\u4ee3\u7406\u670d\u52a1\u5730\u5740\u3002\n[ proxy_url: <string> ]\n\n# \u901a\u8fc7\u9759\u6001\u914d\u7f6e\u6765\u6307\u5b9a target\uff0c\u8be6\u89c1\u4e0b\u9762\u7684\u8bf4\u660e\u3002\nstatic_configs:\n [ - <static_config> ... ]\n\n# CVM \u670d\u52a1\u53d1\u73b0\u914d\u7f6e\uff0c\u8be6\u89c1\u4e0b\u9762\u7684\u8bf4\u660e\u3002\ncvm_sd_configs:\n [ - <cvm_sd_config> ... ]\n\n# \u5728\u6293\u53d6\u6570\u636e\u4e4b\u540e\uff0c\u628a target \u4e0a\u5bf9\u5e94\u7684 label \u901a\u8fc7 relabel \u7684\u673a\u5236\u8fdb\u884c\u6539\u5199\uff0c\u6309\u987a\u5e8f\u6267\u884c\u591a\u4e2a relabel \u89c4\u5219\u3002\n# relabel_config \u8be6\u89c1\u4e0b\u6587\u8bf4\u660e\u3002\nrelabel_configs:\n [ - <relabel_config> ... ]\n\n# \u6570\u636e\u6293\u53d6\u5b8c\u6210\u5199\u5165\u4e4b\u524d\uff0c\u901a\u8fc7 relabel \u673a\u5236\u8fdb\u884c\u6539\u5199 label \u5bf9\u5e94\u7684\u503c\uff0c\u6309\u987a\u5e8f\u6267\u884c\u591a\u4e2a relabel \u89c4\u5219\u3002\n# relabel_config \u8be6\u89c1\u4e0b\u6587\u8bf4\u660e\u3002\nmetric_relabel_configs:\n [ - <relabel_config> ... ]\n\n# \u4e00\u6b21\u6293\u53d6\u6570\u636e\u70b9\u9650\u5236\uff0c0\uff1a\u4e0d\u4f5c\u9650\u5236\uff0c\u9ed8\u8ba4\u4e3a 0\n[ sample_limit: <int> | default = 0 ]\n\n# \u4e00\u6b21\u6293\u53d6 Target \u9650\u5236\uff0c0\uff1a\u4e0d\u4f5c\u9650\u5236\uff0c\u9ed8\u8ba4\u4e3a 0\n[ target_limit: <int> | default = 0 ]\n
"},{"location":"end-user/insight/collection-manag/metric-collect.html#pod-monitor","title":"Pod Monitor","text":"\u76f8\u5e94\u914d\u7f6e\u9879\u8bf4\u660e\u5982\u4e0b\uff1a
# Prometheus Operator CRD \u7248\u672c\napiVersion: monitoring.coreos.com/v1\n# \u5bf9\u5e94 K8S \u7684\u8d44\u6e90\u7c7b\u578b\uff0c\u8fd9\u91cc\u9762 Pod Monitor\nkind: PodMonitor\n# \u5bf9\u5e94 K8S \u7684 Metadata\uff0c\u8fd9\u91cc\u53ea\u7528\u5173\u5fc3 name\uff0c\u5982\u679c\u6ca1\u6709\u6307\u5b9a jobLabel\uff0c\u5bf9\u5e94\u6293\u53d6\u6307\u6807 label \u4e2d job \u7684\u503c\u4e3a <namespace>/<name>\nmetadata:\n name: redis-exporter # \u586b\u5199\u4e00\u4e2a\u552f\u4e00\u540d\u79f0\n namespace: cm-prometheus # namespace \u56fa\u5b9a\uff0c\u4e0d\u9700\u8981\u4fee\u6539\n# \u63cf\u8ff0\u6293\u53d6\u76ee\u6807 Pod \u7684\u9009\u53d6\u53ca\u6293\u53d6\u4efb\u52a1\u7684\u914d\u7f6e\n label:\n operator.insight.io/managed-by: insight # Insight \u7ba1\u7406\u7684\u6807\u7b7e\u6807\u8bc6\nspec:\n # \u586b\u5199\u5bf9\u5e94 Pod \u7684 label\uff0cpod monitor \u4f1a\u53d6\u5bf9\u5e94\u7684\u503c\u4f5c\u4e3a job label \u7684\u503c\u3002\n # \u5982\u679c\u67e5\u770b\u7684\u662f Pod Yaml\uff0c\u53d6 pod.metadata.labels \u4e2d\u7684\u503c\u3002\n # \u5982\u679c\u67e5\u770b\u7684\u662f Deployment/Daemonset/Statefulset\uff0c\u53d6 spec.template.metadata.labels\u3002\n [ jobLabel: string ]\n # \u628a\u5bf9\u5e94 Pod \u4e0a\u7684 Label \u6dfb\u52a0\u5230 Target \u7684 Label \u4e2d\n [ podTargetLabels: []string ]\n # \u4e00\u6b21\u6293\u53d6\u6570\u636e\u70b9\u9650\u5236\uff0c0\uff1a\u4e0d\u4f5c\u9650\u5236\uff0c\u9ed8\u8ba4\u4e3a 0\n [ sampleLimit: uint64 ]\n # \u4e00\u6b21\u6293\u53d6 Target \u9650\u5236\uff0c0\uff1a\u4e0d\u4f5c\u9650\u5236\uff0c\u9ed8\u8ba4\u4e3a 0\n [ targetLimit: uint64 ]\n # \u914d\u7f6e\u9700\u8981\u6293\u53d6\u66b4\u9732\u7684 Prometheus HTTP \u63a5\u53e3\uff0c\u53ef\u4ee5\u914d\u7f6e\u591a\u4e2a Endpoint\n podMetricsEndpoints:\n [ - <endpoint_config> ... ] # \u8be6\u89c1\u4e0b\u9762 endpoint \u8bf4\u660e\n # \u9009\u62e9\u8981\u76d1\u63a7 Pod \u6240\u5728\u7684 namespace\uff0c\u4e0d\u586b\u4e3a\u9009\u53d6\u6240\u6709 namespace\n [ namespaceSelector: ]\n # \u662f\u5426\u9009\u53d6\u6240\u6709 namespace\n [ any: bool ]\n # \u9700\u8981\u9009\u53d6 namespace \u5217\u8868\n [ matchNames: []string ]\n # \u586b\u5199\u8981\u76d1\u63a7 Pod \u7684 Label \u503c\uff0c\u4ee5\u5b9a\u4f4d\u76ee\u6807 Pod [K8S metav1.LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#labelselector-v1-meta)\n selector:\n [ matchExpressions: array ]\n [ example: - {key: tier, operator: In, values: [cache]} ]\n [ matchLabels: object ]\n [ example: k8s-app: redis-exporter ]\n
"},{"location":"end-user/insight/collection-manag/metric-collect.html#1","title":"\u4e3e\u4f8b 1","text":"apiVersion: monitoring.coreos.com/v1\nkind: PodMonitor\nmetadata:\n name: redis-exporter # \u586b\u5199\u4e00\u4e2a\u552f\u4e00\u540d\u79f0\n namespace: cm-prometheus # namespace \u56fa\u5b9a\uff0c\u4e0d\u8981\u4fee\u6539\n label:\n operator.insight.io/managed-by: insight # Insight \u7ba1\u7406\u7684\u6807\u7b7e\u6807\u8bc6\uff0c\u5fc5\u586b\u3002\nspec:\n podMetricsEndpoints:\n - interval: 30s\n port: metric-port # \u586b\u5199 pod yaml \u4e2d Prometheus Exporter \u5bf9\u5e94\u7684 Port \u7684 Name\n path: /metrics # \u586b\u5199 Prometheus Exporter \u5bf9\u5e94\u7684 Path \u7684\u503c\uff0c\u4e0d\u586b\u9ed8\u8ba4 /metrics\n relabelings:\n - action: replace\n sourceLabels:\n - instance\n regex: (.*)\n targetLabel: instance\n replacement: \"crs-xxxxxx\" # \u8c03\u6574\u6210\u5bf9\u5e94\u7684 Redis \u5b9e\u4f8b ID\n - action: replace\n sourceLabels:\n - instance\n regex: (.*)\n targetLabel: ip\n replacement: \"1.x.x.x\" # \u8c03\u6574\u6210\u5bf9\u5e94\u7684 Redis \u5b9e\u4f8b IP\n namespaceSelector: # \u9009\u62e9\u8981\u76d1\u63a7 Pod \u6240\u5728\u7684 namespace\n matchNames:\n - redis-test\n selector: # \u586b\u5199\u8981\u76d1\u63a7 Pod \u7684 Label \u503c\uff0c\u4ee5\u5b9a\u4f4d\u76ee\u6807 pod\n matchLabels:\n k8s-app: redis-exporter\n
"},{"location":"end-user/insight/collection-manag/metric-collect.html#2","title":"\u4e3e\u4f8b 2","text":"job_name: prometheus\nscrape_interval: 30s\nstatic_configs:\n- targets:\n - 127.0.0.1:9090\n
"},{"location":"end-user/insight/collection-manag/metric-collect.html#service-monitor","title":"Service Monitor","text":"\u76f8\u5e94\u914d\u7f6e\u9879\u8bf4\u660e\u5982\u4e0b\uff1a
# Prometheus Operator CRD \u7248\u672c\napiVersion: monitoring.coreos.com/v1\n# \u5bf9\u5e94 K8S \u7684\u8d44\u6e90\u7c7b\u578b\uff0c\u8fd9\u91cc\u9762 Service Monitor\nkind: ServiceMonitor\n# \u5bf9\u5e94 K8S \u7684 Metadata\uff0c\u8fd9\u91cc\u53ea\u7528\u5173\u5fc3 name\uff0c\u5982\u679c\u6ca1\u6709\u6307\u5b9a jobLabel\uff0c\u5bf9\u5e94\u6293\u53d6\u6307\u6807 label \u4e2d job \u7684\u503c\u4e3a Service \u7684\u540d\u79f0\u3002\nmetadata:\n name: redis-exporter # \u586b\u5199\u4e00\u4e2a\u552f\u4e00\u540d\u79f0\n namespace: cm-prometheus # namespace \u56fa\u5b9a\uff0c\u4e0d\u9700\u8981\u4fee\u6539\n# \u63cf\u8ff0\u6293\u53d6\u76ee\u6807 Pod \u7684\u9009\u53d6\u53ca\u6293\u53d6\u4efb\u52a1\u7684\u914d\u7f6e\n label:\n operator.insight.io/managed-by: insight # Insight \u7ba1\u7406\u7684\u6807\u7b7e\u6807\u8bc6\uff0c\u5fc5\u586b\u3002\nspec:\n # \u586b\u5199\u5bf9\u5e94 Pod \u7684 label(metadata/labels)\uff0cservice monitor \u4f1a\u53d6\u5bf9\u5e94\u7684\u503c\u4f5c\u4e3a job label \u7684\u503c\n [ jobLabel: string ]\n # \u628a\u5bf9\u5e94 service \u4e0a\u7684 Label \u6dfb\u52a0\u5230 Target \u7684 Label \u4e2d\n [ targetLabels: []string ]\n # \u628a\u5bf9\u5e94 Pod \u4e0a\u7684 Label \u6dfb\u52a0\u5230 Target \u7684 Label \u4e2d\n [ podTargetLabels: []string ]\n # \u4e00\u6b21\u6293\u53d6\u6570\u636e\u70b9\u9650\u5236\uff0c0\uff1a\u4e0d\u4f5c\u9650\u5236\uff0c\u9ed8\u8ba4\u4e3a 0\n [ sampleLimit: uint64 ]\n # \u4e00\u6b21\u6293\u53d6 Target \u9650\u5236\uff0c0\uff1a\u4e0d\u4f5c\u9650\u5236\uff0c\u9ed8\u8ba4\u4e3a 0\n [ targetLimit: uint64 ]\n # \u914d\u7f6e\u9700\u8981\u6293\u53d6\u66b4\u9732\u7684 Prometheus HTTP \u63a5\u53e3\uff0c\u53ef\u4ee5\u914d\u7f6e\u591a\u4e2a Endpoint\n endpoints:\n [ - <endpoint_config> ... ] # \u8be6\u89c1\u4e0b\u9762 endpoint \u8bf4\u660e\n # \u9009\u62e9\u8981\u76d1\u63a7 Pod \u6240\u5728\u7684 namespace\uff0c\u4e0d\u586b\u4e3a\u9009\u53d6\u6240\u6709 namespace\n [ namespaceSelector: ]\n # \u662f\u5426\u9009\u53d6\u6240\u6709 namespace\n [ any: bool ]\n # \u9700\u8981\u9009\u53d6 namespace \u5217\u8868\n [ matchNames: []string ]\n # \u586b\u5199\u8981\u76d1\u63a7 Pod \u7684 Label \u503c\uff0c\u4ee5\u5b9a\u4f4d\u76ee\u6807 Pod [K8S metav1.LabelSelector](https://v1-17.docs.kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#labelselector-v1-meta)\n selector:\n [ matchExpressions: array ]\n [ example: - {key: tier, operator: In, values: [cache]} ]\n [ matchLabels: object ]\n [ example: k8s-app: redis-exporter ]\n
"},{"location":"end-user/insight/collection-manag/metric-collect.html#_2","title":"\u4e3e\u4f8b","text":"apiVersion: monitoring.coreos.com/v1\nkind: ServiceMonitor\nmetadata:\n name: go-demo # \u586b\u5199\u4e00\u4e2a\u552f\u4e00\u540d\u79f0\n namespace: cm-prometheus # namespace \u56fa\u5b9a\uff0c\u4e0d\u8981\u4fee\u6539\n label:\n operator.insight.io/managed-by: insight # Insight \u7ba1\u7406\u7684\u6807\u7b7e\u6807\u8bc6\uff0c\u5fc5\u586b\u3002\nspec:\n endpoints:\n - interval: 30s\n # \u586b\u5199 service yaml \u4e2d Prometheus Exporter \u5bf9\u5e94\u7684 Port \u7684 Name\n port: 8080-8080-tcp\n # \u586b\u5199 Prometheus Exporter \u5bf9\u5e94\u7684 Path \u7684\u503c\uff0c\u4e0d\u586b\u9ed8\u8ba4 /metrics\n path: /metrics\n relabelings:\n # ** \u5fc5\u987b\u8981\u6709\u4e00\u4e2a label \u4e3a application\uff0c\u8fd9\u91cc\u5047\u8bbe k8s \u6709\u4e00\u4e2a label \u4e3a app\uff0c\n # \u6211\u4eec\u901a\u8fc7 relabel \u7684 replace \u52a8\u4f5c\u628a\u5b83\u66ff\u6362\u6210\u4e86 application\n - action: replace\n sourceLabels: [__meta_kubernetes_pod_label_app]\n targetLabel: application\n # \u9009\u62e9\u8981\u76d1\u63a7 service \u6240\u5728\u7684 namespace\n namespaceSelector:\n matchNames:\n - golang-demo\n # \u586b\u5199\u8981\u76d1\u63a7 service \u7684 Label \u503c\uff0c\u4ee5\u5b9a\u4f4d\u76ee\u6807 service\n selector:\n matchLabels:\n app: golang-app-demo\n
"},{"location":"end-user/insight/collection-manag/metric-collect.html#endpoint_config","title":"endpoint_config","text":"\u76f8\u5e94\u914d\u7f6e\u9879\u8bf4\u660e\u5982\u4e0b\uff1a
# \u5bf9\u5e94 port \u7684\u540d\u79f0\uff0c\u8fd9\u91cc\u9700\u8981\u6ce8\u610f\u4e0d\u662f\u5bf9\u5e94\u7684\u7aef\u53e3\uff0c\u9ed8\u8ba4\uff1a80\uff0c\u5bf9\u5e94\u7684\u53d6\u503c\u5982\u4e0b\uff1a\n# ServiceMonitor: \u5bf9\u5e94 Service>spec/ports/name;\n# PodMonitor: \u8bf4\u660e\u5982\u4e0b\uff1a\n# \u5982\u679c\u67e5\u770b\u7684\u662f Pod Yaml\uff0c\u53d6 pod.spec.containers.ports.name \u4e2d\u7684\u503c\u3002\n# \u5982\u679c\u67e5\u770b\u7684\u662f Deployment/Daemonset/Statefulset\uff0c\u53d6\u503c spec.template.spec.containers.ports.name\n[ port: string | default = 80]\n# \u6293\u53d6\u4efb\u52a1\u8bf7\u6c42 URI \u8def\u5f84\n[ path: string | default = /metrics ]\n# \u6293\u53d6\u534f\u8bae: http \u6216\u8005 https\n[ scheme: string | default = http]\n# \u6293\u53d6\u8bf7\u6c42\u5bf9\u5e94 URL \u53c2\u6570\n[ params: map[string][]string]\n# \u6293\u53d6\u4efb\u52a1\u95f4\u9694\u7684\u65f6\u95f4\n[ interval: string | default = 30s ]\n# \u6293\u53d6\u4efb\u52a1\u8d85\u65f6\n[ scrapeTimeout: string | default = 30s]\n# \u6293\u53d6\u8fde\u63a5\u662f\u5426\u901a\u8fc7 TLS \u5b89\u5168\u901a\u9053\uff0c\u914d\u7f6e\u5bf9\u5e94\u7684 TLS \u53c2\u6570\n[ tlsConfig: TLSConfig ]\n# \u901a\u8fc7\u5bf9\u5e94\u7684\u6587\u4ef6\u8bfb\u53d6 bearer token \u5bf9\u5e94\u7684\u503c\uff0c\u653e\u5230\u6293\u53d6\u4efb\u52a1\u7684 header \u4e2d\n[ bearerTokenFile: string ]\n# \u901a\u8fc7\u5bf9\u5e94\u7684 K8S secret key \u8bfb\u53d6\u5bf9\u5e94\u7684 bearer token\uff0c\u6ce8\u610f secret namespace \u9700\u8981\u548c PodMonitor/ServiceMonitor \u76f8\u540c\n[ bearerTokenSecret: string ]\n# \u89e3\u51b3\u5f53\u6293\u53d6\u7684 label \u4e0e\u540e\u7aef Prometheus \u6dfb\u52a0 label \u51b2\u7a81\u65f6\u7684\u5904\u7406\u3002\n# true: \u4fdd\u7559\u6293\u53d6\u5230\u7684 label\uff0c\u5ffd\u7565\u4e0e\u540e\u7aef Prometheus \u51b2\u7a81\u7684 label\uff1b\n# false: \u5bf9\u51b2\u7a81\u7684 label\uff0c\u628a\u6293\u53d6\u7684 label \u524d\u52a0\u4e0a exported_<original-label>\uff0c\u6dfb\u52a0\u540e\u7aef Prometheus \u589e\u52a0\u7684 label\uff1b\n[ honorLabels: bool | default = false ]\n# \u662f\u5426\u4f7f\u7528\u6293\u53d6\u5230 target \u4e0a\u4ea7\u751f\u7684\u65f6\u95f4\u3002\n# true: \u5982\u679c target \u4e2d\u6709\u65f6\u95f4\uff0c\u4f7f\u7528 target \u4e0a\u7684\u65f6\u95f4\uff1b\n# false: \u76f4\u63a5\u5ffd\u7565 target \u4e0a\u7684\u65f6\u95f4\uff1b\n[ honorTimestamps: bool | default = true ]\n# basic auth \u7684\u8ba4\u8bc1\u4fe1\u606f\uff0cusername/password \u586b\u5199\u5bf9\u5e94 K8S secret key \u7684\u503c\uff0c\u6ce8\u610f secret namespace \u9700\u8981\u548c PodMonitor/ServiceMonitor \u76f8\u540c\u3002\n[ basicAuth: BasicAuth ]\n# \u901a\u8fc7\u4ee3\u7406\u670d\u52a1\u6765\u6293\u53d6 target \u4e0a\u7684\u6307\u6807\uff0c\u586b\u5199\u5bf9\u5e94\u7684\u4ee3\u7406\u670d\u52a1\u5730\u5740\n[ proxyUrl: string ]\n# \u5728\u6293\u53d6\u6570\u636e\u4e4b\u540e\uff0c\u628a target \u4e0a\u5bf9\u5e94\u7684 label \u901a\u8fc7 relabel \u7684\u673a\u5236\u8fdb\u884c\u6539\u5199\uff0c\u6309\u987a\u5e8f\u6267\u884c\u591a\u4e2a relabel \u89c4\u5219\u3002\n# relabel_config \u8be6\u89c1\u4e0b\u6587\u8bf4\u660e\nrelabelings:\n[ - <relabel_config> ...]\n# \u6570\u636e\u6293\u53d6\u5b8c\u6210\u5199\u5165\u4e4b\u524d\uff0c\u901a\u8fc7 relabel \u673a\u5236\u8fdb\u884c\u6539\u5199 label \u5bf9\u5e94\u7684\u503c\uff0c\u6309\u987a\u5e8f\u6267\u884c\u591a\u4e2a relabel \u89c4\u5219\u3002\n# relabel_config \u8be6\u89c1\u4e0b\u6587\u8bf4\u660e\nmetricRelabelings:\n[ - <relabel_config> ...]\n
"},{"location":"end-user/insight/collection-manag/metric-collect.html#relabel_config","title":"relabel_config","text":"\u76f8\u5e94\u914d\u7f6e\u9879\u8bf4\u660e\u5982\u4e0b\uff1a
# \u4ece\u539f\u59cb labels \u4e2d\u53d6\u54ea\u4e9b label \u7684\u503c\u8fdb\u884c relabel\uff0c\u53d6\u51fa\u6765\u7684\u503c\u901a\u8fc7 separator \u4e2d\u7684\u5b9a\u4e49\u8fdb\u884c\u5b57\u7b26\u62fc\u63a5\u3002\n# \u5982\u679c\u662f PodMonitor/ServiceMonitor \u5bf9\u5e94\u7684\u914d\u7f6e\u9879\u4e3a sourceLabels\n[ source_labels: '[' <labelname> [, ...] ']' ]\n# \u5b9a\u4e49\u9700\u8981 relabel \u7684 label \u503c\u62fc\u63a5\u7684\u5b57\u7b26\uff0c\u9ed8\u8ba4\u4e3a ';'\n[ separator: <string> | default = ; ]\n\n# action \u4e3a replace/hashmod \u65f6\uff0c\u901a\u8fc7 target_label \u6765\u6307\u5b9a\u5bf9\u5e94 label name\u3002\n# \u5982\u679c\u662f PodMonitor/ServiceMonitor \u5bf9\u5e94\u7684\u914d\u7f6e\u9879\u4e3a targetLabel\n[ target_label: <labelname> ]\n\n# \u9700\u8981\u5bf9 source labels \u5bf9\u5e94\u503c\u8fdb\u884c\u6b63\u5219\u5339\u914d\u7684\u8868\u8fbe\u5f0f\n[ regex: <regex> | default = (.*) ]\n\n# action \u4e3a hashmod \u65f6\u7528\u5230\uff0c\u6839\u636e source label \u5bf9\u5e94\u503c md5 \u53d6\u6a21\u503c\n[ modulus: <int> ]\n\n# action \u4e3a replace \u7684\u65f6\u5019\uff0c\u901a\u8fc7 replacement \u6765\u5b9a\u4e49\u5f53 regex \u5339\u914d\u4e4b\u540e\u9700\u8981\u66ff\u6362\u7684\u8868\u8fbe\u5f0f\uff0c\u53ef\u4ee5\u7ed3\u5408 regex \u6b63\u89c4\u5219\u8868\u8fbe\u5f0f\u66ff\u6362\n[ replacement: <string> | default = $1 ]\n\n# \u57fa\u4e8e regex \u5339\u914d\u5230\u7684\u503c\u8fdb\u884c\u76f8\u5173\u7684\u64cd\u4f5c\uff0c\u5bf9\u5e94\u7684 action \u5982\u4e0b\uff0c\u9ed8\u8ba4\u4e3a replace\uff1a\n# replace: \u5982\u679c regex \u5339\u914d\u5230\uff0c\u901a\u8fc7 replacement \u4e2d\u5b9a\u4e49\u7684\u503c\u66ff\u6362\u76f8\u5e94\u7684\u503c\uff0c\u5e76\u901a\u8fc7 target_label \u8bbe\u503c\u5e76\u6dfb\u52a0\u76f8\u5e94\u7684 label\n# keep: \u5982\u679c regex \u6ca1\u6709\u5339\u914d\u5230\uff0c\u4e22\u5f03\n# drop: \u5982\u679c regex \u5339\u914d\u5230\uff0c\u4e22\u5f03\n# hashmod: \u901a\u8fc7 moduels \u6307\u5b9a\u7684\u503c\u628a source label \u5bf9\u5e94\u7684 md5 \u503c\u53d6\u6a21\n# \u5e76\u6dfb\u52a0\u4e00\u4e2a\u65b0\u7684 label\uff0clabel name \u901a\u8fc7 target_label \u6307\u5b9a\n# labelmap: \u5982\u679c regex \u5339\u914d\u5230\uff0c\u4f7f\u7528 replacement \u66ff\u6362\u5bf9\u5c31\u7684 label name\n# labeldrop: \u5982\u679c regex \u5339\u914d\u5230\uff0c\u5220\u9664\u5bf9\u5e94\u7684 label\n# labelkeep: \u5982\u679c regex \u6ca1\u6709\u5339\u914d\u5230\uff0c\u5220\u9664\u5bf9\u5e94\u7684 label\n[ action: <relabel_action> | default = replace ]\n
"},{"location":"end-user/insight/collection-manag/probe-module.html","title":"\u81ea\u5b9a\u4e49\u63a2\u6d4b\u65b9\u5f0f","text":"Insight \u4f7f\u7528 Prometheus \u5b98\u65b9\u63d0\u4f9b\u7684 Blackbox Exporter \u4f5c\u4e3a\u9ed1\u76d2\u76d1\u63a7\u89e3\u51b3\u65b9\u6848\uff0c\u53ef\u4ee5\u901a\u8fc7 HTTP\u3001HTTPS\u3001DNS\u3001ICMP\u3001TCP \u548c gRPC \u65b9\u5f0f\u5bf9\u76ee\u6807\u5b9e\u4f8b\u8fdb\u884c\u68c0\u6d4b\u3002\u53ef\u7528\u4e8e\u4ee5\u4e0b\u4f7f\u7528\u573a\u666f\uff1a
\u5728\u672c\u6587\u4e2d\uff0c\u6211\u4eec\u5c06\u4ecb\u7ecd\u5982\u4f55\u5728\u5df2\u6709\u7684 Blackbox ConfigMap \u4e2d\u914d\u7f6e\u81ea\u5b9a\u4e49\u7684\u63a2\u6d4b\u65b9\u5f0f\u3002
Insight \u9ed8\u8ba4\u672a\u5f00\u542f ICMP \u63a2\u6d4b\u65b9\u5f0f\uff0c\u56e0\u4e3a ICMP \u9700\u8981\u66f4\u9ad8\u6743\u9650\uff0c\u56e0\u6b64\uff0c\u6211\u4eec\u5c06\u4ee5 ICMP \u548c HTTP \u63a2\u6d4b\u65b9\u5f0f\u4f5c\u4e3a\u793a\u4f8b\uff0c\u5c55\u793a\u5982\u4f55\u4fee\u6539 ConfigMap \u4ee5\u5b9e\u73b0\u81ea\u5b9a\u4e49\u7684 ICMP \u548c HTTP \u63a2\u6d4b\u3002
"},{"location":"end-user/insight/collection-manag/probe-module.html#_2","title":"\u64cd\u4f5c\u6b65\u9aa4","text":"\u627e\u5230\u540d\u4e3a insight-agent-prometheus-blackbox-exporter \u7684\u914d\u7f6e\u9879\uff0c\u70b9\u51fb \u7f16\u8f91 YAML\uff1b
\u5728 modules \u4e0b\u6dfb\u52a0\u81ea\u5b9a\u4e49\u63a2\u6d4b\u65b9\u5f0f\uff1a
module:\n http_2xx:\n prober: http\n timeout: 5s\n http:\n valid_http_versions: [HTTP/1.1, HTTP/2]\n valid_status_codes: [] # Defaults to 2xx\n method: GET\n
module:\n ICMP: # ICMP \u63a2\u6d4b\u914d\u7f6e\u7684\u793a\u4f8b\n prober: icmp\n timeout: 5s\n icmp:\n preferred_ip_protocol: ip4\nicmp_example: # ICMP \u63a2\u6d4b\u914d\u7f6e\u7684\u793a\u4f8b 2\n prober: icmp\n timeout: 5s\n icmp:\n preferred_ip_protocol: \"ip4\"\n source_ip_address: \"127.0.0.1\"\n
\u7531\u4e8e ICMP \u9700\u8981\u66f4\u9ad8\u6743\u9650\uff0c\u56e0\u6b64\uff0c\u6211\u4eec\u8fd8\u9700\u8981\u63d0\u5347 Pod \u6743\u9650\uff0c\u5426\u5219\u4f1a\u51fa\u73b0 operation not permitted
\u7684\u9519\u8bef\u3002\u6709\u4ee5\u4e0b\u4e24\u79cd\u65b9\u5f0f\u63d0\u5347\u6743\u9650\uff1a \u65b9\u5f0f\u4e00\uff1a \u76f4\u63a5\u7f16\u8f91 BlackBox Exporter
\u90e8\u7f72\u6587\u4ef6\u5f00\u542f
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: insight-agent-prometheus-blackbox-exporter\n namespace: insight-system\nspec:\n template:\n spec:\n containers:\n - name: blackbox-exporter\n image: # ... (image, args, ports \u7b49\u4fdd\u6301\u4e0d\u53d8)\n imagePullPolicy: IfNotPresent\n securityContext:\n allowPrivilegeEscalation: false\n capabilities:\n add:\n - NET_RAW\n drop:\n - ALL\n readOnlyRootFilesystem: true\n runAsGroup: 0\n runAsNonRoot: false\n runAsUser: 0\n
\u65b9\u5f0f\u4e8c\uff1a \u901a\u8fc7 Helm Upgrade \u65b9\u5f0f\u63d0\u6743
prometheus-blackbox-exporter:\n enabled: true\n securityContext:\n runAsUser: 0\n runAsGroup: 0\n readOnlyRootFilesystem: true\n runAsNonRoot: false\n allowPrivilegeEscalation: false\n capabilities:\n add: [\"NET_RAW\"]\n
Info
\u66f4\u591a\u63a2\u6d4b\u65b9\u5f0f\u53ef\u53c2\u8003 blackbox_exporter Configuration\u3002
"},{"location":"end-user/insight/collection-manag/probe-module.html#_3","title":"\u5176\u4ed6\u53c2\u8003","text":"\u4ee5\u4e0b YAML \u6587\u4ef6\u4e2d\u5305\u542b\u4e86 HTTP\u3001TCP\u3001SMTP\u3001ICMP\u3001DNS \u7b49\u591a\u79cd\u63a2\u6d4b\u65b9\u5f0f\uff0c\u53ef\u6839\u636e\u9700\u6c42\u81ea\u884c\u4fee\u6539 insight-agent-prometheus-blackbox-exporter
\u7684\u914d\u7f6e\u6587\u4ef6\u3002
kind: ConfigMap\napiVersion: v1\nmetadata:\n name: insight-agent-prometheus-blackbox-exporter\n namespace: insight-system\n labels:\n app.kubernetes.io/instance: insight-agent\n app.kubernetes.io/managed-by: Helm\n app.kubernetes.io/name: prometheus-blackbox-exporter\n app.kubernetes.io/version: v0.24.0\n helm.sh/chart: prometheus-blackbox-exporter-8.8.0\n annotations:\n meta.helm.sh/release-name: insight-agent\n meta.helm.sh/release-namespace: insight-system\ndata:\n blackbox.yaml: |\n modules:\n HTTP_GET:\n prober: http\n timeout: 5s\n http:\n method: GET\n valid_http_versions: [\"HTTP/1.1\", \"HTTP/2.0\"]\n follow_redirects: true\n preferred_ip_protocol: \"ip4\"\n HTTP_POST:\n prober: http\n timeout: 5s\n http:\n method: POST\n body_size_limit: 1MB\n TCP:\n prober: tcp\n timeout: 5s\n # \u9ed8\u8ba4\u672a\u5f00\u542f\uff1a\n # ICMP:\n # prober: icmp\n # timeout: 5s\n # icmp:\n # preferred_ip_protocol: ip4\n SSH:\n prober: tcp\n timeout: 5s\n tcp:\n query_response:\n - expect: \"^SSH-2.0-\"\n POP3S:\n prober: tcp\n tcp:\n query_response:\n - expect: \"^+OK\"\n tls: true\n tls_config:\n insecure_skip_verify: false\n http_2xx_example: # http \u63a2\u6d4b\u793a\u4f8b\n prober: http\n timeout: 5s # \u63a2\u6d4b\u7684\u8d85\u65f6\u65f6\u95f4\n http:\n valid_http_versions: [\"HTTP/1.1\", \"HTTP/2.0\"] # \u8fd4\u56de\u4fe1\u606f\u4e2d\u7684 Version\uff0c\u4e00\u822c\u9ed8\u8ba4\u5373\u53ef\n valid_status_codes: [] # Defaults to 2xx # \u6709\u6548\u7684\u8fd4\u56de\u7801\u8303\u56f4\uff0c\u5982\u679c\u8bf7\u6c42\u7684\u8fd4\u56de\u7801\u5728\u8be5\u8303\u56f4\u5185\uff0c\u89c6\u4e3a\u63a2\u6d4b\u6210\u529f\n method: GET # \u8bf7\u6c42\u65b9\u6cd5\n headers: # \u8bf7\u6c42\u7684\u5934\u90e8\n Host: vhost.example.com\n Accept-Language: en-US\n Origin: example.com\n no_follow_redirects: false # \u662f\u5426\u5141\u8bb8\u91cd\u5b9a\u5411\n fail_if_ssl: false \n fail_if_not_ssl: false\n fail_if_body_matches_regexp:\n - \"Could not connect to database\"\n fail_if_body_not_matches_regexp:\n - \"Download the latest version here\"\n fail_if_header_matches: # Verifies that no cookies are set\n - header: Set-Cookie\n allow_missing: true\n regexp: '.*'\n fail_if_header_not_matches:\n - header: Access-Control-Allow-Origin\n regexp: '(\\*|example\\.com)'\n tls_config: # \u9488\u5bf9 https \u8bf7\u6c42\u7684 tls \u7684\u914d\u7f6e\n insecure_skip_verify: false\n preferred_ip_protocol: \"ip4\" # defaults to \"ip6\" # \u9996\u9009\u7684 IP \u534f\u8bae\u7248\u672c\n ip_protocol_fallback: false # no fallback to \"ip6\" \n http_post_2xx: # \u5e26 Body \u7684 http \u63a2\u6d4b\u7684\u793a\u4f8b\n prober: http\n timeout: 5s\n http:\n method: POST # \u63a2\u6d4b\u7684\u8bf7\u6c42\u65b9\u6cd5\n headers:\n Content-Type: application/json\n body: '{\"username\":\"admin\",\"password\":\"123456\"}' # \u63a2\u6d4b\u65f6\u643a\u5e26\u7684 body\n http_basic_auth_example: # \u5e26\u7528\u6237\u540d\u5bc6\u7801\u7684\u63a2\u6d4b\u7684\u793a\u4f8b\n prober: http\n timeout: 5s\n http:\n method: POST\n headers:\n Host: \"login.example.com\"\n basic_auth: # \u63a2\u6d4b\u65f6\u8981\u52a0\u7684\u7528\u6237\u540d\u5bc6\u7801\n username: \"username\"\n password: \"mysecret\"\n http_custom_ca_example:\n prober: http\n http:\n method: GET\n tls_config: # \u6307\u5b9a\u63a2\u6d4b\u65f6\u4f7f\u7528\u7684\u6839\u8bc1\u4e66\n ca_file: \"/certs/my_cert.crt\"\n http_gzip:\n prober: http\n http:\n method: GET\n compression: gzip # \u63a2\u6d4b\u65f6\u4f7f\u7528\u7684\u538b\u7f29\u65b9\u6cd5\n http_gzip_with_accept_encoding:\n prober: http\n http:\n method: GET\n compression: gzip\n headers:\n Accept-Encoding: gzip\n tls_connect: # TCP \u63a2\u6d4b\u7684\u793a\u4f8b\n prober: tcp\n timeout: 5s\n tcp:\n tls: true # \u662f\u5426\u4f7f\u7528 TLS\n tcp_connect_example:\n prober: tcp\n timeout: 5s\n imap_starttls: # \u63a2\u6d4b IMAP \u90ae\u7bb1\u670d\u52a1\u5668\u7684\u914d\u7f6e\u793a\u4f8b\n prober: tcp\n timeout: 5s\n tcp:\n query_response:\n - expect: \"OK.*STARTTLS\"\n - send: \". STARTTLS\"\n - expect: \"OK\"\n - starttls: true\n - send: \". capability\"\n - expect: \"CAPABILITY IMAP4rev1\"\n smtp_starttls: # \u63a2\u6d4b SMTP \u90ae\u7bb1\u670d\u52a1\u5668\u7684\u914d\u7f6e\u793a\u4f8b\n prober: tcp\n timeout: 5s\n tcp:\n query_response:\n - expect: \"^220 ([^ ]+) ESMTP (.+)$\"\n - send: \"EHLO prober\\r\"\n - expect: \"^250-STARTTLS\"\n - send: \"STARTTLS\\r\"\n - expect: \"^220\"\n - starttls: true\n - send: \"EHLO prober\\r\"\n - expect: \"^250-AUTH\"\n - send: \"QUIT\\r\"\n irc_banner_example:\n prober: tcp\n timeout: 5s\n tcp:\n query_response:\n - send: \"NICK prober\"\n - send: \"USER prober prober prober :prober\"\n - expect: \"PING :([^ ]+)\"\n send: \"PONG ${1}\"\n - expect: \"^:[^ ]+ 001\"\n # icmp_example: # ICMP \u63a2\u6d4b\u914d\u7f6e\u7684\u793a\u4f8b\n # prober: icmp\n # timeout: 5s\n # icmp:\n # preferred_ip_protocol: \"ip4\"\n # source_ip_address: \"127.0.0.1\"\n dns_udp_example: # \u4f7f\u7528 UDP \u8fdb\u884c DNS \u67e5\u8be2\u7684\u793a\u4f8b\n prober: dns\n timeout: 5s\n dns:\n query_name: \"www.prometheus.io\" # \u8981\u89e3\u6790\u7684\u57df\u540d\n query_type: \"A\" # \u8be5\u57df\u540d\u5bf9\u5e94\u7684\u7c7b\u578b\n valid_rcodes:\n - NOERROR\n validate_answer_rrs:\n fail_if_matches_regexp:\n - \".*127.0.0.1\"\n fail_if_all_match_regexp:\n - \".*127.0.0.1\"\n fail_if_not_matches_regexp:\n - \"www.prometheus.io.\\t300\\tIN\\tA\\t127.0.0.1\"\n fail_if_none_matches_regexp:\n - \"127.0.0.1\"\n validate_authority_rrs:\n fail_if_matches_regexp:\n - \".*127.0.0.1\"\n validate_additional_rrs:\n fail_if_matches_regexp:\n - \".*127.0.0.1\"\n dns_soa:\n prober: dns\n dns:\n query_name: \"prometheus.io\"\n query_type: \"SOA\"\n dns_tcp_example: # \u4f7f\u7528 TCP \u8fdb\u884c DNS \u67e5\u8be2\u7684\u793a\u4f8b\n prober: dns\n dns:\n transport_protocol: \"tcp\" # defaults to \"udp\"\n preferred_ip_protocol: \"ip4\" # defaults to \"ip6\"\n query_name: \"www.prometheus.io\"\n
"},{"location":"end-user/insight/collection-manag/service-monitor.html","title":"\u914d\u7f6e\u670d\u52a1\u53d1\u73b0\u89c4\u5219","text":"\u53ef\u89c2\u6d4b Insight \u652f\u6301\u901a\u8fc7 \u5bb9\u5668\u7ba1\u7406 \u521b\u5efa CRD ServiceMonitor \u7684\u65b9\u5f0f\u6765\u6ee1\u8db3\u60a8\u81ea\u5b9a\u4e49\u670d\u52a1\u53d1\u73b0\u7684\u91c7\u96c6\u9700\u6c42\u3002 \u7528\u6237\u53ef\u4ee5\u901a\u8fc7\u4f7f\u7528 ServiceMonitor \u81ea\u884c\u5b9a\u4e49 Pod \u53d1\u73b0\u7684 Namespace \u8303\u56f4\u4ee5\u53ca\u901a\u8fc7 matchLabel \u6765\u9009\u62e9\u76d1\u542c\u7684 Service\u3002
"},{"location":"end-user/insight/collection-manag/service-monitor.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u96c6\u7fa4\u5df2\u5b89\u88c5 Helm \u5e94\u7528 insight-agent \u4e14\u5904\u4e8e \u8fd0\u884c\u4e2d \u72b6\u6001\u3002
"},{"location":"end-user/insight/collection-manag/service-monitor.html#_3","title":"\u64cd\u4f5c\u6b65\u9aa4","text":"\u9009\u62e9\u5de6\u4fa7\u5bfc\u822a\u680f\u7684 \u91c7\u96c6\u7ba1\u7406 \uff0c\u67e5\u770b\u5168\u90e8\u96c6\u7fa4\u91c7\u96c6\u63d2\u4ef6\u7684\u72b6\u6001\u3002
\u70b9\u51fb\u5217\u8868\u4e2d\u7684\u67d0\u4e2a\u96c6\u7fa4\u540d\u79f0\u8fdb\u5165\u91c7\u96c6\u914d\u7f6e\u8be6\u60c5\u3002
\u70b9\u51fb\u94fe\u63a5\u8df3\u8f6c\u5230 \u5bb9\u5668\u7ba1\u7406 \u4e2d\u521b\u5efa Service Monitor\u3002
apiVersion: monitoring.coreos.com/v1\nkind: ServiceMonitor\nmetadata:\n name: micrometer-demo # (1)\n namespace: insight-system # (2)\n labels: \n operator.insight.io/managed-by: insight\nspec:\n endpoints: # (3)\n - honorLabels: true\n interval: 15s\n path: /actuator/prometheus\n port: http\n namespaceSelector: # (4)\n matchNames:\n - insight-system # (5)\n selector: # (6)\n matchLabels:\n micrometer-prometheus-discovery: \"true\"\n
\u8fd9\u662f\u670d\u52a1\u7aef\u70b9\uff0c\u4ee3\u8868 Prometheus \u6240\u9700\u7684\u91c7\u96c6 Metrics \u7684\u5730\u5740\u3002 endpoints \u4e3a\u4e00\u4e2a\u6570\u7ec4\uff0c \u540c\u65f6\u53ef\u4ee5\u521b\u5efa\u591a\u4e2a endpoints \u3002\u6bcf\u4e2a endpoints \u5305\u542b\u4e09\u4e2a\u5b57\u6bb5\uff0c\u6bcf\u4e2a\u5b57\u6bb5\u7684\u542b\u4e49\u5982\u4e0b\uff1a
\u8fd9\u662f\u9700\u8981\u53d1\u73b0\u7684 Service \u7684\u8303\u56f4\u3002 namespaceSelector \u5305\u542b\u4e24\u4e2a\u4e92\u65a5\u5b57\u6bb5\uff0c\u5b57\u6bb5\u7684\u542b\u4e49\u5982\u4e0b\uff1a
matchNames \uff1a\u6570\u7ec4\u503c\uff0c\u6307\u5b9a\u9700\u8981\u76d1\u542c\u7684 namespace \u7684\u8303\u56f4\u3002\u4f8b\u5982\uff0c\u53ea\u60f3\u76d1\u542c default \u548c insight-system \u4e24\u4e2a\u547d\u540d\u7a7a\u95f4\u4e2d\u7684 Service\uff0c\u90a3\u4e48 matchNames \u8bbe\u7f6e\u5982\u4e0b\uff1a
namespaceSelector:\n matchNames:\n - default\n - insight-system\n
\u6b64\u5904\u5339\u914d\u7684\u547d\u540d\u7a7a\u95f4\u4e3a\u9700\u8981\u66b4\u9732\u6307\u6807\u7684\u5e94\u7528\u6240\u5728\u7684\u547d\u540d\u7a7a\u95f4
Grafana \u662f\u4e00\u79cd\u5f00\u6e90\u7684\u6570\u636e\u53ef\u89c6\u5316\u548c\u76d1\u63a7\u5e73\u53f0\uff0c\u5b83\u63d0\u4f9b\u4e86\u4e30\u5bcc\u7684\u56fe\u8868\u548c\u9762\u677f\uff0c\u7528\u4e8e\u5b9e\u65f6\u76d1\u63a7\u3001\u5206\u6790\u548c\u53ef\u89c6\u5316\u5404\u79cd\u6570\u636e\u6e90\u7684\u6307\u6807\u548c\u65e5\u5fd7\u3002\u53ef\u89c2\u6d4b\u6027 Insight \u4f7f\u7528\u5f00\u6e90 Grafana \u63d0\u4f9b\u76d1\u63a7\u670d\u52a1\uff0c\u652f\u6301\u4ece\u96c6\u7fa4\u3001\u8282\u70b9\u3001\u547d\u540d\u7a7a\u95f4\u7b49\u591a\u7ef4\u5ea6\u67e5\u770b\u8d44\u6e90\u6d88\u8017\u60c5\u51b5\uff0c
\u5173\u4e8e\u5f00\u6e90 Grafana \u7684\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u89c1 Grafana \u5b98\u65b9\u6587\u6863\u3002
"},{"location":"end-user/insight/dashboard/dashboard.html#_2","title":"\u64cd\u4f5c\u6b65\u9aa4","text":"\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u9009\u62e9 \u4eea\u8868\u76d8 \u3002
\u5728 Insight /\u6982\u89c8 \u4eea\u8868\u76d8\u4e2d\uff0c\u53ef\u67e5\u770b\u591a\u9009\u96c6\u7fa4\u7684\u8d44\u6e90\u4f7f\u7528\u60c5\u51b5\uff0c\u5e76\u4ee5\u547d\u540d\u7a7a\u95f4\u3001\u5bb9\u5668\u7ec4\u7b49\u591a\u4e2a\u7ef4\u5ea6\u5206\u6790\u4e86\u8d44\u6e90\u4f7f\u7528\u3001\u7f51\u7edc\u3001\u5b58\u50a8\u7b49\u60c5\u51b5\u3002
\u70b9\u51fb\u4eea\u8868\u76d8\u5de6\u4e0a\u4fa7\u7684\u4e0b\u62c9\u6846\u53ef\u5207\u6362\u96c6\u7fa4\u3002
\u70b9\u51fb\u4eea\u8868\u76d8\u53f3\u4e0b\u4fa7\u53ef\u5207\u6362\u67e5\u8be2\u7684\u65f6\u95f4\u8303\u56f4\u3002
Insight \u7cbe\u9009\u591a\u4e2a\u793e\u533a\u63a8\u8350\u4eea\u8868\u76d8\uff0c\u53ef\u4ece\u8282\u70b9\u3001\u547d\u540d\u7a7a\u95f4\u3001\u5de5\u4f5c\u8d1f\u8f7d\u7b49\u591a\u4e2a\u7ef4\u5ea6\u8fdb\u884c\u76d1\u63a7\u3002\u70b9\u51fb insight-system / Insight /\u6982\u89c8 \u533a\u57df\u5207\u6362\u4eea\u8868\u76d8\u3002
Note
\u8bbf\u95ee Grafana UI \u8bf7\u53c2\u8003\u4ee5\u7ba1\u7406\u5458\u8eab\u4efd\u767b\u5f55 Grafana\u3002
\u5bfc\u5165\u81ea\u5b9a\u4e49\u4eea\u8868\u76d8\u8bf7\u53c2\u8003\u5bfc\u5165\u81ea\u5b9a\u4e49\u4eea\u8868\u76d8\u3002
\u901a\u8fc7\u4f7f\u7528 Grafana CRD\uff0c\u53ef\u4ee5\u5c06\u4eea\u8868\u677f\u7684\u7ba1\u7406\u548c\u90e8\u7f72\u7eb3\u5165\u5230 Kubernetes \u7684\u751f\u547d\u5468\u671f\u7ba1\u7406\u4e2d\uff0c\u5b9e\u73b0\u4eea\u8868\u677f\u7684\u7248\u672c\u63a7\u5236\u3001\u81ea\u52a8\u5316\u90e8\u7f72\u548c\u96c6\u7fa4\u7ea7\u7684\u7ba1\u7406\u3002\u672c\u9875\u4ecb\u7ecd\u5982\u4f55\u901a\u8fc7 CRD \u548c UI \u754c\u9762\u5bfc\u5165\u81ea\u5b9a\u4e49\u7684\u4eea\u8868\u76d8\u3002
"},{"location":"end-user/insight/dashboard/import-dashboard.html#_2","title":"\u64cd\u4f5c\u6b65\u9aa4","text":"\u767b\u5f55 AI \u7b97\u529b\u5e73\u53f0 \u5e73\u53f0\uff0c\u8fdb\u5165 \u5bb9\u5668\u7ba1\u7406 \uff0c\u5728\u96c6\u7fa4\u5217\u8868\u4e2d\u9009\u62e9 kpanda-global-cluster \u3002
\u9009\u62e9\u5de6\u4fa7\u5bfc\u822a\u680f\u7684 \u81ea\u5b9a\u4e49\u8d44\u6e90 \uff0c\u5728\u5217\u8868\u4e2d\u67e5\u627e grafanadashboards.integreatly.org \u6587\u4ef6\uff0c\u8fdb\u5165\u8be6\u60c5\u3002
\u70b9\u51fb Yaml \u521b\u5efa \uff0c\u4f7f\u7528\u4ee5\u4e0b\u6a21\u677f\uff0c\u5728 Json \u5b57\u6bb5\u4e2d\u66ff\u6362\u4eea\u8868\u76d8 JSON\u3002
apiVersion: integreatly.org/v1alpha1\nkind: GrafanaDashboard\nmetadata:\n labels:\n app: insight-grafana-operator\n operator.insight.io/managed-by: insight\n name: sample-dashboard\n namespace: insight-system\nspec:\n json: >\n {\n \"id\": null,\n \"title\": \"Simple Dashboard\",\n \"tags\": [],\n \"style\": \"dark\",\n \"timezone\": \"browser\",\n \"editable\": true,\n \"hideControls\": false,\n \"graphTooltip\": 1,\n \"panels\": [],\n \"time\": {\n \"from\": \"now-6h\",\n \"to\": \"now\"\n },\n \"timepicker\": {\n \"time_options\": [],\n \"refresh_intervals\": []\n },\n \"templating\": {\n \"list\": []\n },\n \"annotations\": {\n \"list\": []\n },\n \"refresh\": \"5s\",\n \"schemaVersion\": 17,\n \"version\": 0,\n \"links\": []\n }\n
\u70b9\u51fb \u786e\u8ba4 \u540e\uff0c\u7a0d\u7b49\u7247\u523b\u5373\u53ef\u5728 \u4eea\u8868\u76d8 \u4e2d\u67e5\u770b\u521a\u521a\u5bfc\u5165\u7684\u4eea\u8868\u76d8\u3002
Info
\u81ea\u5b9a\u4e49\u8bbe\u8ba1\u4eea\u8868\u76d8\uff0c\u8bf7\u53c2\u8003\u6dfb\u52a0\u4eea\u8868\u76d8\u9762\u677f\u3002
"},{"location":"end-user/insight/dashboard/login-grafana.html","title":"\u8bbf\u95ee\u539f\u751f Grafana","text":"Insight \u501f\u52a9 Grafana \u63d0\u4f9b\u4e86\u4e30\u5bcc\u7684\u53ef\u89c6\u5316\u80fd\u529b\uff0c\u540c\u65f6\u4fdd\u7559\u4e86\u8bbf\u95ee\u539f\u751f Grafana \u7684\u5165\u53e3\u3002
"},{"location":"end-user/insight/dashboard/login-grafana.html#_1","title":"\u64cd\u4f5c\u6b65\u9aa4","text":"\u767b\u5f55\u6d4f\u89c8\u5668\uff0c\u5728\u6d4f\u89c8\u5668\u4e2d\u8f93\u5165 Grafana \u5730\u5740\u3002
\u8bbf\u95ee\u5730\u5740\uff1a http://ip:\u8bbf\u95ee\u7aef\u53e3/ui/insight-grafana/login
\u4f8b\u5982\uff1a http://10.6.10.233:30209/ui/insight-grafana/login
\u70b9\u51fb\u53f3\u4e0b\u89d2\u7684\u767b\u5f55\uff0c\u4f7f\u7528\u9ed8\u8ba4\u7528\u6237\u540d\u3001\u5bc6\u7801\uff08admin/admin\uff09\u8fdb\u884c\u767b\u5f55\u3002
\u70b9\u51fb Log in \u5b8c\u6210\u767b\u5f55\u3002
\u6982\u7387 \u4ec5\u7edf\u8ba1\u5df2\u5b89\u88c5 insight-agent \u4e14\u5176\u8fd0\u884c\u72b6\u6001\u4e3a\u6b63\u5e38\u7684\u96c6\u7fa4\u6570\u636e\u3002\u53ef\u5728\u6982\u89c8\u4e2d\u591a\u96c6\u7fa4\u7684\u8d44\u6e90\u6982\u51b5\uff1a
\u5728\u5de6\u8fb9\u5bfc\u822a\u680f\u9009\u62e9 \u6982\u89c8 \u3002
"},{"location":"end-user/insight/data-query/log.html","title":"\u65e5\u5fd7\u67e5\u8be2","text":"Insight \u9ed8\u8ba4\u91c7\u96c6\u8282\u70b9\u65e5\u5fd7\u3001\u5bb9\u5668\u65e5\u5fd7\u4ee5\u53ca kubernetes \u5ba1\u8ba1\u65e5\u5fd7\u3002\u5728\u65e5\u5fd7\u67e5\u8be2\u9875\u9762\u4e2d\uff0c\u53ef\u67e5\u8be2\u767b\u5f55\u8d26\u53f7\u6743\u9650\u5185\u7684\u6807\u51c6\u8f93\u51fa (stdout) \u65e5\u5fd7\uff0c\u5305\u62ec\u8282\u70b9\u65e5\u5fd7\u3001\u4ea7\u54c1\u65e5\u5fd7\u3001Kubenetes \u5ba1\u8ba1\u65e5\u5fd7\u7b49\uff0c\u5feb\u901f\u5728\u5927\u91cf\u65e5\u5fd7\u4e2d\u67e5\u8be2\u5230\u6240\u9700\u7684\u65e5\u5fd7\uff0c\u540c\u65f6\u7ed3\u5408\u65e5\u5fd7\u7684\u6765\u6e90\u4fe1\u606f\u548c\u4e0a\u4e0b\u6587\u539f\u59cb\u6570\u636e\u8f85\u52a9\u5b9a\u4f4d\u95ee\u9898\u3002
"},{"location":"end-user/insight/data-query/log.html#_2","title":"\u64cd\u4f5c\u6b65\u9aa4","text":"\u5de6\u4fa7\u5bfc\u822a\u680f\u4e2d\uff0c\u9009\u62e9 \u65e5\u5fd7
\u9876\u90e8 Tab \u9ed8\u8ba4\u8fdb\u5165 \u666e\u901a\u67e5\u8be2
\u65e5\u5fd7\u7c7b\u578b\uff1a
\u652f\u6301\u5bf9\u5355\u4e2a\u5173\u952e\u5b57\u8fdb\u884c\u6a21\u7cca\u641c\u7d22\u3002
\u9876\u90e8\u5207\u6362 Tab \u9009\u62e9 Lucene \u8bed\u6cd5\u67e5\u8be2
\u7b2c\u4e00\u6b21\u8fdb\u5165\u65f6\uff0c\u9ed8\u8ba4\u9009\u62e9\u767b\u5f55\u8d26\u53f7\u6743\u9650\u67e5\u8be2\u6709\u6743\u9650\u7684\u96c6\u7fa4\u6216\u547d\u540d\u7a7a\u95f4\u7684\u5bb9\u5668\u65e5\u5fd7\u3002
Lucene \u8bed\u6cd5\u8bf4\u660e\uff1a
\u70b9\u51fb\u65e5\u5fd7\u540e\u7684\u6309\u94ae\uff0c\u5728\u53f3\u4fa7\u5212\u51fa\u9762\u677f\u4e2d\u53ef\u67e5\u770b\u8be5\u6761\u65e5\u5fd7\u7684\u9ed8\u8ba4 100 \u6761\u4e0a\u4e0b\u6587\u3002\u53ef\u5207\u6362 \u663e\u793a\u884c\u6570 \u67e5\u770b\u66f4\u591a\u4e0a\u4e0b\u6587\u5185\u5bb9\u3002
"},{"location":"end-user/insight/data-query/log.html#_5","title":"\u5bfc\u51fa\u65e5\u5fd7\u6570\u636e","text":"\u70b9\u51fb\u5217\u8868\u53f3\u4e0a\u4fa7\u7684\u4e0b\u8f7d\u6309\u94ae\u3002
\u6307\u6807\u67e5\u8be2\u652f\u6301\u67e5\u8be2\u5bb9\u5668\u5404\u8d44\u6e90\u7684\u6307\u6807\u6570\u636e\uff0c\u53ef\u67e5\u770b\u76d1\u63a7\u6307\u6807\u7684\u8d8b\u52bf\u53d8\u5316\u3002\u540c\u65f6\uff0c\u9ad8\u7ea7\u67e5\u8be2\u652f\u6301\u539f\u751f PromQL \u8bed\u53e5\u8fdb\u884c\u6307\u6807\u67e5\u8be2\u3002
"},{"location":"end-user/insight/data-query/metric.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u70b9\u51fb\u4e00\u7ea7\u5bfc\u822a\u680f\u8fdb\u5165 \u53ef\u89c2\u6d4b\u6027 \u3002
\u5de6\u4fa7\u5bfc\u822a\u680f\u4e2d\uff0c\u9009\u62e9 \u6307\u6807 \u3002
\u9009\u62e9\u96c6\u7fa4\u3001\u7c7b\u578b\u3001\u8282\u70b9\u3001\u6307\u6807\u540d\u79f0\u67e5\u8be2\u6761\u4ef6\u540e\uff0c\u70b9\u51fb \u641c\u7d22 \uff0c\u5c4f\u5e55\u53f3\u4fa7\u5c06\u663e\u793a\u5bf9\u5e94\u6307\u6807\u56fe\u8868\u53ca\u6570\u636e\u8be6\u60c5\u3002
\u652f\u6301\u81ea\u5b9a\u4e49\u65f6\u95f4\u8303\u56f4\u3002\u53ef\u624b\u52a8\u70b9\u51fb \u5237\u65b0 \u56fe\u6807\u6216\u9009\u62e9\u9ed8\u8ba4\u65f6\u95f4\u95f4\u9694\u8fdb\u884c\u5237\u65b0\u3002
\u70b9\u51fb \u9ad8\u7ea7\u67e5\u8be2 \u9875\u7b7e\u901a\u8fc7\u539f\u751f\u7684 PromQL \u67e5\u8be2\u3002
Note
\u53c2\u9605 PromQL \u8bed\u6cd5\u3002
"},{"location":"end-user/insight/infra/cluster.html","title":"\u96c6\u7fa4\u76d1\u63a7","text":"\u901a\u8fc7\u96c6\u7fa4\u76d1\u63a7\uff0c\u4f60\u53ef\u4ee5\u67e5\u770b\u96c6\u7fa4\u7684\u57fa\u672c\u4fe1\u606f\u3001\u8be5\u96c6\u7fa4\u4e2d\u7684\u8d44\u6e90\u6d88\u8017\u4ee5\u53ca\u4e00\u6bb5\u65f6\u95f4\u7684\u8d44\u6e90\u6d88\u8017\u53d8\u5316\u8d8b\u52bf\u7b49\u3002
"},{"location":"end-user/insight/infra/cluster.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u96c6\u7fa4\u4e2d\u5df2\u5b89\u88c5 insight-agent \u4e14\u5e94\u7528\u5904\u4e8e \u8fd0\u884c\u4e2d \u72b6\u6001\u3002
"},{"location":"end-user/insight/infra/cluster.html#_3","title":"\u64cd\u4f5c\u6b65\u9aa4","text":"\u8fdb\u5165 \u53ef\u89c2\u6d4b\u6027 \u4ea7\u54c1\u6a21\u5757\u3002
\u5728\u5de6\u8fb9\u5bfc\u822a\u680f\u9009\u62e9 \u57fa\u7840\u8bbe\u65bd -> \u96c6\u7fa4 \u3002\u5728\u8be5\u9875\u9762\u53ef\u67e5\u770b\u4ee5\u4e0b\u4fe1\u606f\uff1a
\u5207\u6362\u5230 \u8d44\u6e90\u6c34\u4f4d\u7ebf\u76d1\u63a7 \u9875\u7b7e\uff0c\u53ef\u67e5\u770b\u5f53\u524d\u96c6\u7fa4\u7684\u66f4\u591a\u76d1\u63a7\u6570\u636e\u3002
\u5bb9\u5668\u76d1\u63a7\u662f\u5bf9\u96c6\u7fa4\u7ba1\u7406\u4e2d\u5de5\u4f5c\u8d1f\u8f7d\u7684\u76d1\u63a7\uff0c\u5728\u5217\u8868\u4e2d\u53ef\u67e5\u770b\u5de5\u4f5c\u8d1f\u8f7d\u7684\u57fa\u672c\u4fe1\u606f\u548c\u72b6\u6001\u3002\u5728\u5de5\u4f5c\u8d1f\u8f7d\u8be6\u60c5\u9875\uff0c\u53ef\u67e5\u770b\u6b63\u5728\u544a\u8b66\u7684\u6570\u91cf\u4ee5\u53ca CPU\u3001\u5185\u5b58\u7b49\u8d44\u6e90\u6d88\u8017\u7684\u53d8\u5316\u8d8b\u52bf\u3002
"},{"location":"end-user/insight/infra/container.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u96c6\u7fa4\u5df2\u5b89\u88c5 insight-agent\uff0c\u4e14\u6240\u6709\u7684\u5bb9\u5668\u7ec4\u5904\u4e8e \u8fd0\u884c\u4e2d \u72b6\u6001\u3002
\u8bf7\u6309\u7167\u4ee5\u4e0b\u6b65\u9aa4\u67e5\u770b\u670d\u52a1\u76d1\u63a7\u6307\u6807\uff1a
\u8fdb\u5165 \u53ef\u89c2\u6d4b\u6027 \u4ea7\u54c1\u6a21\u5757\u3002
\u5728\u5de6\u8fb9\u5bfc\u822a\u680f\u9009\u62e9 \u57fa\u7840\u8bbe\u65bd -> \u5de5\u4f5c\u8d1f\u8f7d \u3002
\u5207\u6362\u9876\u90e8 Tab\uff0c\u67e5\u770b\u4e0d\u540c\u7c7b\u578b\u5de5\u4f5c\u8d1f\u8f7d\u7684\u6570\u636e\u3002
\u70b9\u51fb\u76ee\u6807\u5de5\u4f5c\u8d1f\u8f7d\u540d\u79f0\u67e5\u770b\u8be6\u60c5\u3002
\u5207\u6362 Tab \u5230 \u5bb9\u5668\u7ec4\u5217\u8868 \uff0c\u53ef\u67e5\u770b\u5de5\u4f5c\u8d1f\u8f7d\u7684\u5404\u4e2a\u5bb9\u5668\u7ec4\u72b6\u6001\u3001\u6240\u5728\u8282\u70b9\u3001\u91cd\u542f\u6b21\u6570\u7b49\u4fe1\u606f\u3002
\u5207\u6362 Tab \u5230 JVM \u76d1\u63a7 \uff0c\u53ef\u67e5\u770b\u5404\u4e2a\u5bb9\u5668\u7ec4\u7684 JVM \u6307\u6807\u3002
Note
AI \u7b97\u529b\u5e73\u53f0 Insight \u652f\u6301\u6309\u96c6\u7fa4\u3001\u547d\u540d\u7a7a\u95f4\u67e5\u8be2\u4e8b\u4ef6\uff0c\u5e76\u63d0\u4f9b\u4e86\u4e8b\u4ef6\u72b6\u6001\u5206\u5e03\u56fe\uff0c\u5bf9\u91cd\u8981\u4e8b\u4ef6\u8fdb\u884c\u7edf\u8ba1\u3002
"},{"location":"end-user/insight/infra/event.html#_2","title":"\u64cd\u4f5c\u6b65\u9aa4","text":"\u5de6\u4fa7\u5bfc\u822a\u680f\u4e2d\uff0c\u9009\u62e9 \u57fa\u7840\u8bbe\u7f6e > \u4e8b\u4ef6 \u3002
\u9ed8\u8ba4\u663e\u793a\u6700\u8fd1 12 \u5c0f\u65f6\u5185\u53d1\u751f\u7684\u4e8b\u4ef6\uff0c\u60a8\u53ef\u4ee5\u5728\u53f3\u4e0a\u89d2\u9009\u62e9\u4e0d\u540c\u7684\u65f6\u95f4\u8303\u56f4\u6765\u67e5\u770b\u8f83\u957f\u6216\u8f83\u77ed\u7684\u65f6\u95f4\u6bb5\u3002 \u60a8\u8fd8\u53ef\u4ee5\u81ea\u5b9a\u4e49\u91c7\u6837\u95f4\u9694\u4e3a 1 \u5206\u949f\u81f3 5 \u5c0f\u65f6\u3002
\u901a\u8fc7\u4e8b\u4ef6\u72b6\u6001\u5206\u5e03\u56fe\uff0c\u60a8\u53ef\u4ee5\u76f4\u89c2\u5730\u4e86\u89e3\u4e8b\u4ef6\u7684\u5bc6\u96c6\u7a0b\u5ea6\u548c\u5206\u6563\u60c5\u51b5\u3002 \u8fd9\u6709\u52a9\u4e8e\u5bf9\u540e\u7eed\u7684\u96c6\u7fa4\u8fd0\u7ef4\u8fdb\u884c\u8bc4\u4f30\uff0c\u5e76\u505a\u597d\u51c6\u5907\u548c\u5b89\u6392\u5de5\u4f5c\u3002 \u5982\u679c\u4e8b\u4ef6\u5bc6\u96c6\u53d1\u751f\u5728\u7279\u5b9a\u65f6\u6bb5\uff0c\u60a8\u53ef\u80fd\u9700\u8981\u8c03\u914d\u66f4\u591a\u7684\u8d44\u6e90\u6216\u91c7\u53d6\u76f8\u5e94\u63aa\u65bd\u6765\u786e\u4fdd\u96c6\u7fa4\u7a33\u5b9a\u6027\u548c\u9ad8\u53ef\u7528\u6027\u3002 \u800c\u5982\u679c\u4e8b\u4ef6\u8f83\u4e3a\u5206\u6563\uff0c\u5728\u6b64\u671f\u95f4\u60a8\u53ef\u4ee5\u5408\u7406\u5b89\u6392\u5176\u4ed6\u8fd0\u7ef4\u5de5\u4f5c\uff0c\u4f8b\u5982\u7cfb\u7edf\u4f18\u5316\u3001\u5347\u7ea7\u6216\u5904\u7406\u5176\u4ed6\u4efb\u52a1\u3002
\u901a\u8fc7\u7efc\u5408\u8003\u8651\u4e8b\u4ef6\u72b6\u6001\u5206\u5e03\u56fe\u548c\u65f6\u95f4\u8303\u56f4\uff0c\u60a8\u80fd\u66f4\u597d\u5730\u89c4\u5212\u548c\u7ba1\u7406\u96c6\u7fa4\u7684\u8fd0\u7ef4\u5de5\u4f5c\uff0c\u786e\u4fdd\u7cfb\u7edf\u7a33\u5b9a\u6027\u548c\u53ef\u9760\u6027\u3002
"},{"location":"end-user/insight/infra/event.html#_4","title":"\u4e8b\u4ef6\u603b\u6570\u548c\u7edf\u8ba1","text":"\u901a\u8fc7\u91cd\u8981\u4e8b\u4ef6\u7edf\u8ba1\uff0c\u60a8\u53ef\u4ee5\u65b9\u4fbf\u5730\u4e86\u89e3\u955c\u50cf\u62c9\u53d6\u5931\u8d25\u6b21\u6570\u3001\u5065\u5eb7\u68c0\u67e5\u5931\u8d25\u6b21\u6570\u3001\u5bb9\u5668\u7ec4\uff08Pod\uff09\u8fd0\u884c\u5931\u8d25\u6b21\u6570\u3001 Pod \u8c03\u5ea6\u5931\u8d25\u6b21\u6570\u3001\u5bb9\u5668 OOM \u5185\u5b58\u8017\u5c3d\u6b21\u6570\u3001\u5b58\u50a8\u5377\u6302\u8f7d\u5931\u8d25\u6b21\u6570\u4ee5\u53ca\u6240\u6709\u4e8b\u4ef6\u7684\u603b\u6570\u3002\u8fd9\u4e9b\u4e8b\u4ef6\u901a\u5e38\u5206\u4e3a\u300cWarning\u300d\u548c\u300cNormal\u300d\u4e24\u7c7b\u3002
"},{"location":"end-user/insight/infra/event.html#_5","title":"\u4e8b\u4ef6\u5217\u8868","text":"\u4e8b\u4ef6\u5217\u8868\u4ee5\u65f6\u95f4\u4e3a\u8f74\uff0c\u4ee5\u6d41\u6c34\u7684\u5f62\u5f0f\u5c55\u793a\u53d1\u751f\u7684\u4e8b\u4ef6\u3002\u60a8\u53ef\u4ee5\u6839\u636e\u300c\u6700\u8fd1\u53d1\u751f\u65f6\u95f4\u300d\u548c\u300c\u7ea7\u522b\u300d\u8fdb\u884c\u6392\u5e8f\u3002
\u70b9\u51fb\u53f3\u4fa7\u7684 \u2699\ufe0f \u56fe\u6807\uff0c\u60a8\u53ef\u4ee5\u6839\u636e\u81ea\u5df1\u7684\u559c\u597d\u548c\u9700\u6c42\u6765\u81ea\u5b9a\u4e49\u663e\u793a\u7684\u5217\u3002
\u5728\u9700\u8981\u7684\u65f6\u5019\uff0c\u60a8\u8fd8\u53ef\u4ee5\u70b9\u51fb\u5237\u65b0\u56fe\u6807\u6765\u66f4\u65b0\u5f53\u524d\u7684\u4e8b\u4ef6\u5217\u8868\u3002
"},{"location":"end-user/insight/infra/event.html#_6","title":"\u5176\u4ed6\u64cd\u4f5c","text":"\u5728\u4e8b\u4ef6\u5217\u8868\u4e2d\u64cd\u4f5c\u5217\u7684\u56fe\u6807\uff0c\u53ef\u67e5\u770b\u67d0\u4e00\u4e8b\u4ef6\u7684\u5143\u6570\u636e\u4fe1\u606f\u3002
\u70b9\u51fb\u9876\u90e8\u9875\u7b7e\u7684 \u4e0a\u4e0b\u6587 \u53ef\u67e5\u770b\u8be5\u4e8b\u4ef6\u5bf9\u5e94\u8d44\u6e90\u7684\u5386\u53f2\u4e8b\u4ef6\u8bb0\u5f55\u3002
\u6709\u5173\u7cfb\u7edf\u81ea\u5e26\u7684 Event \u4e8b\u4ef6\u7684\u8be6\u7ec6\u542b\u4e49\uff0c\u8bf7\u53c2\u9605 Kubenetest API \u4e8b\u4ef6\u5217\u8868\u3002
"},{"location":"end-user/insight/infra/namespace.html","title":"\u547d\u540d\u7a7a\u95f4\u76d1\u63a7","text":"\u4ee5\u547d\u540d\u7a7a\u95f4\u4e3a\u7ef4\u5ea6\uff0c\u5feb\u901f\u67e5\u8be2\u547d\u540d\u7a7a\u95f4\u5185\u7684\u8d44\u6e90\u6d88\u8017\u548c\u53d8\u5316\u8d8b\u52bf\u3002
"},{"location":"end-user/insight/infra/namespace.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u96c6\u7fa4\u4e2d\u5df2\u5b89\u88c5 insight-agent \u4e14\u5e94\u7528\u5904\u4e8e \u8fd0\u884c\u4e2d \u72b6\u6001\u3002
"},{"location":"end-user/insight/infra/namespace.html#_3","title":"\u64cd\u4f5c\u6b65\u9aa4","text":"\u8fdb\u5165 \u53ef\u89c2\u6d4b\u6027 \u4ea7\u54c1\u6a21\u5757\u3002
\u5728\u5de6\u8fb9\u5bfc\u822a\u680f\u9009\u62e9 \u57fa\u7840\u8bbe\u65bd > \u547d\u540d\u7a7a\u95f4 \u3002\u5728\u8be5\u9875\u9762\u53ef\u67e5\u770b\u4ee5\u4e0b\u4fe1\u606f\uff1a
\u901a\u8fc7\u8282\u70b9\u76d1\u63a7\uff0c\u4f60\u53ef\u4ee5\u6982\u89c8\u6240\u9009\u96c6\u7fa4\u4e0b\u8282\u70b9\u7684\u5f53\u524d\u5065\u5eb7\u72b6\u6001\u3001\u5bf9\u5e94\u5bb9\u5668\u7ec4\u7684\u5f02\u5e38\u6570\u91cf\uff1b \u5728\u5f53\u524d\u8282\u70b9\u8be6\u60c5\u9875\uff0c\u4f60\u53ef\u4ee5\u67e5\u770b\u6b63\u5728\u544a\u8b66\u7684\u6570\u91cf\u4ee5\u53ca CPU\u3001\u5185\u5b58\u3001\u78c1\u76d8\u7b49\u8d44\u6e90\u6d88\u8017\u7684\u53d8\u5316\u8d8b\u52bf\u56fe\u3002
"},{"location":"end-user/insight/infra/node.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u96c6\u7fa4\u4e2d\u5df2\u5b89\u88c5 insight-agent \u4e14\u5e94\u7528\u5904\u4e8e \u8fd0\u884c\u4e2d \u72b6\u6001\u3002
"},{"location":"end-user/insight/infra/node.html#_3","title":"\u64cd\u4f5c\u6b65\u9aa4","text":"\u8fdb\u5165 \u53ef\u89c2\u6d4b\u6027 \u4ea7\u54c1\u6a21\u5757\u3002
\u5728\u5de6\u8fb9\u5bfc\u822a\u680f\u9009\u62e9 \u57fa\u7840\u8bbe\u65bd -> \u8282\u70b9 \u3002\u5728\u8be5\u9875\u9762\u53ef\u67e5\u770b\u4ee5\u4e0b\u4fe1\u606f\uff1a
\u5207\u6362\u5230 \u8d44\u6e90\u6c34\u4f4d\u7ebf\u76d1\u63a7 \u9875\u7b7e\uff0c\u53ef\u67e5\u770b\u5f53\u524d\u8282\u70b9\u7684\u66f4\u591a\u76d1\u63a7\u6570\u636e\u3002
\u62e8\u6d4b\uff08Probe\uff09\u6307\u7684\u662f\u57fa\u4e8e\u9ed1\u76d2\u76d1\u63a7\uff0c\u5b9a\u671f\u901a\u8fc7 HTTP\u3001TCP \u7b49\u65b9\u5f0f\u5bf9\u76ee\u6807\u8fdb\u884c\u8fde\u901a\u6027\u6d4b\u8bd5\uff0c\u5feb\u901f\u53d1\u73b0\u6b63\u5728\u53d1\u751f\u7684\u6545\u969c\u3002
Insight \u57fa\u4e8e Prometheus Blackbox Exporter \u5de5\u5177\u901a\u8fc7 HTTP\u3001HTTPS\u3001DNS\u3001TCP \u548c ICMP \u7b49\u534f\u8bae\uff0c\u5bf9\u7f51\u7edc\u8fdb\u884c\u63a2\u6d4b\u5e76\u8fd4\u56de\u63a2\u6d4b\u7ed3\u679c\u4ee5\u4fbf\u4e86\u89e3\u7f51\u7edc\u72b6\u6001\u3002
"},{"location":"end-user/insight/infra/probe.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u76ee\u6807\u96c6\u7fa4\u4e2d\u5df2\u6210\u529f\u90e8\u7f72 insight-agent\uff0c\u4e14\u5904\u4e8e \u8fd0\u884c\u4e2d \u72b6\u6001\u3002
"},{"location":"end-user/insight/infra/probe.html#_3","title":"\u67e5\u770b\u62e8\u6d4b\u4efb\u52a1","text":"\u5728\u5de6\u8fb9\u5bfc\u822a\u680f\u9009\u62e9 \u57fa\u7840\u8bbe\u65bd -> \u62e8\u6d4b\u3002
\u586b\u5199\u57fa\u672c\u4fe1\u606f\u540e\u70b9\u51fb \u4e0b\u4e00\u6b65
\u914d\u7f6e\u63a2\u6d4b\u53c2\u6570\u3002
\u914d\u7f6e\u5b8c\u6210\u540e\uff0c\u70b9\u51fb \u786e\u5b9a \u5373\u53ef\u5b8c\u6210\u521b\u5efa\u3002
Warning
\u62e8\u6d4b\u4efb\u52a1\u521b\u5efa\u5b8c\u6210\u540e\uff0c\u9700\u8981\u5927\u6982 3 \u5206\u949f\u7684\u65f6\u95f4\u6765\u540c\u6b65\u914d\u7f6e\u3002\u5728\u6b64\u671f\u95f4\uff0c\u4e0d\u4f1a\u8fdb\u884c\u63a2\u6d4b\uff0c\u65e0\u6cd5\u67e5\u770b\u63a2\u6d4b\u7ed3\u679c\u3002
"},{"location":"end-user/insight/infra/probe.html#_5","title":"\u7f16\u8f91\u62e8\u6d4b\u4efb\u52a1","text":"\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507 -> \u7f16\u8f91\uff0c\u5b8c\u6210\u7f16\u8f91\u540e\u70b9\u51fb \u786e\u5b9a\u3002
"},{"location":"end-user/insight/infra/probe.html#_6","title":"\u67e5\u770b\u76d1\u63a7\u9762\u677f","text":"\u70b9\u51fb\u62e8\u6d4b\u540d\u79f0
\u67e5\u770b\u62e8\u6d4b\u4efb\u52a1\u4e2d\u6bcf\u4e2a\u76ee\u6807\u7684\u76d1\u63a7\u72b6\u6001\uff0c\u4ee5\u56fe\u8868\u65b9\u5f0f\u663e\u793a\u9488\u5bf9\u7f51\u7edc\u72b6\u51b5\u7684\u63a2\u6d4b\u7ed3\u679c\u3002
\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507 -> \u5220\u9664\uff0c\u786e\u8ba4\u65e0\u8bef\u540e\u70b9\u51fb \u786e\u5b9a\u3002
Caution
\u5220\u9664\u64cd\u4f5c\u4e0d\u53ef\u6062\u590d\uff0c\u8bf7\u8c28\u614e\u64cd\u4f5c\u3002
"},{"location":"end-user/insight/quickstart/install/index.html","title":"\u5f00\u59cb\u89c2\u6d4b","text":"AI \u7b97\u529b\u4e2d\u5fc3 \u5e73\u53f0\u5b9e\u73b0\u4e86\u5bf9\u591a\u4e91\u591a\u96c6\u7fa4\u7684\u7eb3\u7ba1\uff0c\u5e76\u652f\u6301\u521b\u5efa\u96c6\u7fa4\u3002\u5728\u6b64\u57fa\u7840\u4e0a\uff0c\u53ef\u89c2\u6d4b\u6027 Insight \u4f5c\u4e3a\u591a\u96c6\u7fa4\u7edf\u4e00\u89c2\u6d4b\u65b9\u6848\uff0c\u901a\u8fc7\u90e8\u7f72 insight-agent \u63d2\u4ef6\u5b9e\u73b0\u5bf9\u591a\u96c6\u7fa4\u89c2\u6d4b\u6570\u636e\u7684\u91c7\u96c6\uff0c\u5e76\u652f\u6301\u901a\u8fc7 AI \u7b97\u529b\u4e2d\u5fc3 \u53ef\u89c2\u6d4b\u6027\u4ea7\u54c1\u5b9e\u73b0\u5bf9\u6307\u6807\u3001\u65e5\u5fd7\u3001\u94fe\u8def\u6570\u636e\u7684\u67e5\u8be2\u3002
insight-agent \u662f\u53ef\u89c2\u6d4b\u6027\u5b9e\u73b0\u5bf9\u591a\u96c6\u7fa4\u6570\u636e\u91c7\u96c6\u7684\u5de5\u5177\uff0c\u5b89\u88c5\u540e\u65e0\u9700\u4efb\u4f55\u4fee\u6539\uff0c\u5373\u53ef\u5b9e\u73b0\u5bf9\u6307\u6807\u3001\u65e5\u5fd7\u4ee5\u53ca\u94fe\u8def\u6570\u636e\u7684\u81ea\u52a8\u5316\u91c7\u96c6\u3002
\u901a\u8fc7 \u5bb9\u5668\u7ba1\u7406 \u521b\u5efa\u7684\u96c6\u7fa4\u9ed8\u8ba4\u4f1a\u5b89\u88c5 insight-agent\uff0c\u6545\u5728\u6b64\u4ec5\u9488\u5bf9\u63a5\u5165\u7684\u96c6\u7fa4\u5982\u4f55\u5f00\u542f\u89c2\u6d4b\u80fd\u529b\u63d0\u4f9b\u6307\u5bfc\u3002
\u53ef\u89c2\u6d4b\u6027 Insight \u4f5c\u4e3a\u591a\u96c6\u7fa4\u7684\u7edf\u4e00\u89c2\u6d4b\u5e73\u53f0\uff0c\u5176\u90e8\u5206\u7ec4\u4ef6\u7684\u8d44\u6e90\u6d88\u8017\u4e0e\u521b\u5efa\u96c6\u7fa4\u7684\u6570\u636e\u3001\u63a5\u5165\u96c6\u7fa4\u7684\u6570\u91cf\u606f\u606f\u76f8\u5173\uff0c\u5728\u5b89\u88c5 insight-agent \u65f6\uff0c\u9700\u8981\u6839\u636e\u96c6\u7fa4\u89c4\u6a21\u5bf9\u76f8\u5e94\u7ec4\u4ef6\u7684\u8d44\u6e90\u8fdb\u884c\u8c03\u6574\u3002
\u6839\u636e\u521b\u5efa\u96c6\u7fa4\u7684\u89c4\u6a21\u6216\u63a5\u5165\u96c6\u7fa4\u7684\u89c4\u6a21\uff0c\u8c03\u6574 insight-agent \u4e2d\u91c7\u96c6\u7ec4\u4ef6 Prometheus \u7684 CPU \u548c\u5185\u5b58\uff0c\u8bf7\u53c2\u8003: Prometheus \u8d44\u6e90\u89c4\u5212
\u7531\u4e8e\u591a\u96c6\u7fa4\u7684\u6307\u6807\u6570\u636e\u4f1a\u7edf\u4e00\u5b58\u50a8\uff0c\u5219\u9700\u8981 AI \u7b97\u529b\u4e2d\u5fc3 \u5e73\u53f0\u7ba1\u7406\u5458\u6839\u636e\u521b\u5efa\u96c6\u7fa4\u7684\u89c4\u6a21\u3001\u63a5\u5165\u96c6\u7fa4\u7684\u89c4\u6a21\u5bf9\u5e94\u8c03\u6574 vmstorage \u7684\u78c1\u76d8\uff0c\u8bf7\u53c2\u8003\uff1avmstorage \u78c1\u76d8\u5bb9\u91cf\u89c4\u5212\u3002
\u5982\u4f55\u8c03\u6574 vmstorage \u7684\u78c1\u76d8\uff0c\u8bf7\u53c2\u8003\uff1avmstorge \u78c1\u76d8\u6269\u5bb9\u3002
\u7531\u4e8e AI \u7b97\u529b\u4e2d\u5fc3 \u652f\u6301\u5bf9\u591a\u4e91\u591a\u96c6\u7fa4\u7684\u7eb3\u7ba1\uff0cinsight-agent \u76ee\u524d\u4e5f\u5b8c\u6210\u4e86\u90e8\u5206\u9a8c\u8bc1\uff0c\u7531\u4e8e\u76d1\u63a7\u7ec4\u4ef6\u51b2\u7a81\u95ee\u9898\u5bfc\u81f4\u5728 AI \u7b97\u529b\u4e2d\u5fc34.0 \u96c6\u7fa4\u548c Openshift 4.x \u96c6\u7fa4\u4e2d\u5b89\u88c5 insight-agent \u4f1a\u51fa\u73b0\u95ee\u9898\uff0c\u82e5\u60a8\u9047\u5230\u540c\u6837\u95ee\u9898\uff0c\u8bf7\u53c2\u8003\u4ee5\u4e0b\u6587\u6863\uff1a
\u53ef\u89c2\u6d4b\u6027\u6a21\u5757\u4e3a\u4e86\u63d0\u9ad8\u5927\u89c4\u6a21\u73af\u5883\u4e0b\u7684\u6570\u636e\u5199\u5165\u80fd\u529b\uff0c\u652f\u6301\u5c06\u65e5\u5fd7\u5207\u6362\u4e3a \u5927\u65e5\u5fd7 \u6a21\u5f0f\u3001\u5c06\u94fe\u8def\u5207\u6362\u4e3a \u5927\u94fe\u8def \u6a21\u5f0f\u3002\u672c\u6587\u5c06\u4ecb\u7ecd\u4ee5\u4e0b\u51e0\u79cd\u5f00\u542f\u65b9\u5f0f\uff1a
\u672c\u8282\u8bf4\u660e\u666e\u901a\u65e5\u5fd7\u6a21\u5f0f\u548c\u5927\u65e5\u5fd7\u6a21\u5f0f\u7684\u533a\u522b\u3002
"},{"location":"end-user/insight/quickstart/install/big-log-and-trace.html#_3","title":"\u65e5\u5fd7\u6a21\u5f0f","text":"\u7ec4\u4ef6\uff1aFluentbit + Elasticsearch
\u8be5\u6a21\u5f0f\u7b80\u79f0\u4e3a ES \u6a21\u5f0f\uff0c\u6570\u636e\u6d41\u56fe\u5982\u4e0b\u6240\u793a\uff1a
"},{"location":"end-user/insight/quickstart/install/big-log-and-trace.html#_4","title":"\u5927\u65e5\u5fd7\u6a21\u5f0f","text":"\u7ec4\u4ef6\uff1aFluentbit + Kafka + Vector + Elasticsearch
\u8be5\u6a21\u5f0f\u7b80\u79f0\u4e3a Kafka \u6a21\u5f0f\uff0c\u6570\u636e\u6d41\u56fe\u5982\u4e0b\u6240\u793a\uff1a
"},{"location":"end-user/insight/quickstart/install/big-log-and-trace.html#_5","title":"\u94fe\u8def","text":"\u672c\u8282\u8bf4\u660e\u666e\u901a\u94fe\u8def\u6a21\u5f0f\u548c\u5927\u94fe\u8def\u6a21\u5f0f\u7684\u533a\u522b\u3002
"},{"location":"end-user/insight/quickstart/install/big-log-and-trace.html#_6","title":"\u94fe\u8def\u6a21\u5f0f","text":"\u7ec4\u4ef6\uff1aAgent opentelemetry-collector + Global opentelemetry-collector + Jaeger-collector + Elasticsearch
\u8be5\u6a21\u5f0f\u7b80\u79f0\u4e3a OTlp \u6a21\u5f0f\uff0c\u6570\u636e\u6d41\u56fe\u5982\u4e0b\u6240\u793a\uff1a
"},{"location":"end-user/insight/quickstart/install/big-log-and-trace.html#_7","title":"\u5927\u94fe\u8def\u6a21\u5f0f","text":"\u7ec4\u4ef6\uff1aAgent opentelemetry-collector + Kafka + Global opentelemetry-collector + Jaeger-collector + Elasticsearch
\u8be5\u6a21\u5f0f\u7b80\u79f0\u4e3a Kafka \u6a21\u5f0f\uff0c\u6570\u636e\u6d41\u56fe\u5982\u4e0b\u6240\u793a\uff1a
"},{"location":"end-user/insight/quickstart/install/big-log-and-trace.html#_8","title":"\u901a\u8fc7\u5b89\u88c5\u5668\u5f00\u542f","text":"\u901a\u8fc7\u5b89\u88c5\u5668\u90e8\u7f72/\u5347\u7ea7 AI \u7b97\u529b\u4e2d\u5fc3 \u65f6\u4f7f\u7528\u7684 manifest.yaml \u4e2d\u5b58\u5728 infrastructures.kafka \u5b57\u6bb5\uff0c \u5982\u679c\u60f3\u5f00\u542f\u53ef\u89c2\u6d4b\u7684\u5927\u65e5\u5fd7\u548c\u5927\u94fe\u8def\u6a21\u5f0f\uff0c\u5219\u9700\u8981\u542f\u7528 kafka\uff1a
manifest.yamlapiVersion: manifest.daocloud.io/v1alpha1\nkind: DCEManifest\n...\ninfrastructures:\n ...\n kafka:\n enable: true # \u9ed8\u8ba4\u4e3a false\n cpuLimit: 1\n memLimit: 2Gi\n pvcSize: 15Gi\n
"},{"location":"end-user/insight/quickstart/install/big-log-and-trace.html#_9","title":"\u5f00\u542f","text":"\u5b89\u88c5\u65f6\u4f7f\u7528\u542f\u7528 kafka
\u7684 manifest.yaml\uff0c\u5219\u4f1a\u9ed8\u8ba4\u5b89\u88c5 kafka \u4e2d\u95f4\u4ef6\uff0c \u5e76\u5728\u5b89\u88c5 Insight \u65f6\u9ed8\u8ba4\u5f00\u542f\u5927\u65e5\u5fd7\u548c\u5927\u94fe\u8def\u6a21\u5f0f\u3002\u5b89\u88c5\u547d\u4ee4\u4e3a\uff1a
./dce5-installer cluster-create -c clusterConfig.yaml -m manifest.yaml\n
"},{"location":"end-user/insight/quickstart/install/big-log-and-trace.html#_10","title":"\u5347\u7ea7","text":"\u5347\u7ea7\u540c\u6837\u662f\u4fee\u6539 kafka
\u5b57\u6bb5\u3002\u4f46\u9700\u8981\u6ce8\u610f\u7684\u662f\uff0c\u56e0\u4e3a\u8001\u73af\u5883\u5b89\u88c5\u65f6\u4f7f\u7528\u7684\u662f kafka: false
\uff0c \u6240\u4ee5\u73af\u5883\u4e2d\u65e0 kafka\u3002\u6b64\u65f6\u5347\u7ea7\u9700\u8981\u6307\u5b9a\u5347\u7ea7 middleware
\uff0c\u624d\u4f1a\u540c\u65f6\u5b89\u88c5 kafka \u4e2d\u95f4\u4ef6\u3002\u5347\u7ea7\u547d\u4ee4\u4e3a\uff1a
./dce5-installer cluster-create -c clusterConfig.yaml -m manifest.yaml -u gproduct,middleware\n
Note
\u5728\u5347\u7ea7\u5b8c\u6210\u540e\uff0c\u9700\u8981\u624b\u52a8\u91cd\u542f\u4ee5\u4e0b\u7ec4\u4ef6\uff1a
\u524d\u63d0\u6761\u4ef6\uff1a\u9700\u8981\u4fdd\u8bc1\u5b58\u5728 \u53ef\u7528\u7684 kafka \u4e14\u5730\u5740\u53ef\u6b63\u5e38\u8bbf\u95ee\u3002
\u6839\u636e\u4ee5\u4e0b\u547d\u4ee4\u83b7\u53d6\u8001\u7248\u672c insight \u548c insight-agent \u7684 values\uff08\u5efa\u8bae\u505a\u597d\u5907\u4efd\uff09\uff1a
helm get values insight -n insight-system -o yaml > insight.yaml\nhelm get values insight-agent -n insight-system -o yaml > insight-agent.yaml\n
"},{"location":"end-user/insight/quickstart/install/big-log-and-trace.html#_11","title":"\u5f00\u542f\u5927\u65e5\u5fd7","text":"\u6709\u4ee5\u4e0b\u51e0\u79cd\u65b9\u5f0f\u5f00\u542f\u6216\u5347\u7ea7\u81f3\u5927\u65e5\u5fd7\u6a21\u5f0f\uff1a
\u5728helm upgrade
\u547d\u4ee4\u4e2d\u4f7f\u7528 --set\u4fee\u6539 YAML \u540e\u8fd0\u884c helm upgrade\u5bb9\u5668\u7ba1\u7406 UI \u5347\u7ea7 \u5148\u8fd0\u884c\u4ee5\u4e0b insight \u5347\u7ea7\u547d\u4ee4\uff0c\u6ce8\u610f kafka brokers \u5730\u5740\u9700\u6b63\u786e\uff1a
helm upgrade insight insight-release/insight \\\n -n insight-system \\\n -f ./insight.yaml \\\n --set global.kafka.brokers=\"10.6.216.111:30592\" \\\n --set global.kafka.enabled=true \\\n --set vector.enabled=true \\\n --version 0.30.1\n
\u7136\u540e\u8fd0\u884c\u4ee5\u4e0b insight-agent \u5347\u7ea7\u547d\u4ee4\uff0c\u6ce8\u610f kafka brokers \u5730\u5740\u9700\u6b63\u786e\uff1a
helm upgrade insight-agent insight-release/insight-agent \\\n -n insight-system \\\n -f ./insight-agent.yaml \\\n --set global.exporters.logging.kafka.brokers=\"10.6.216.111:30592\" \\\n --set global.exporters.logging.output=kafka \\\n --version 0.30.1\n
\u53c2\u7167\u4ee5\u4e0b\u6b65\u9aa4\u4fee\u6539 YAMl \u540e\u8fd0\u884c helm upgrade
\u547d\u4ee4\uff1a
\u4fee\u6539 insight.yaml
insight.yamlglobal:\n ...\n kafka:\n brokers: 10.6.216.111:30592\n enabled: true\n...\nvector:\n enabled: true\n
\u5347\u7ea7 insight \u7ec4\u4ef6\uff1a
helm upgrade insight insight-release/insight \\\n -n insight-system \\\n -f ./insight.yaml \\\n --version 0.30.1\n
\u4fee\u6539 insight-agent.yaml
insight-agent.yamlglobal:\n ...\n exporters:\n ...\n logging:\n ...\n kafka:\n brokers: 10.6.216.111:30592\n output: kafka\n
\u5347\u7ea7 insight-agent\uff1a
helm upgrade insight-agent insight-release/insight-agent \\\n -n insight-system \\\n -f ./insight-agent.yaml \\\n --version 0.30.1\n
\u5728\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u4e2d\uff0c\u627e\u5230\u5bf9\u5e94\u7684\u96c6\u7fa4\uff0c\u4ece\u5de6\u4fa7\u5bfc\u822a\u680f\u9009\u62e9 Helm \u5e94\u7528 \uff0c\u627e\u5230\u5e76\u66f4\u65b0 insight-agent\u3002
\u5728 Logging Settings \u4e2d\uff0c\u4e3a output \u9009\u62e9 kafka\uff0c\u5e76\u586b\u5199\u6b63\u786e\u7684 brokers \u5730\u5740\u3002
\u9700\u8981\u6ce8\u610f\u7684\u662f\uff0c\u5728\u5347\u7ea7\u5b8c\u6210\u540e\uff0c\u9700\u624b\u52a8\u91cd\u542f insight-agent-fluent-bit \u7ec4\u4ef6\u3002
"},{"location":"end-user/insight/quickstart/install/big-log-and-trace.html#_12","title":"\u5f00\u542f\u5927\u94fe\u8def","text":"\u6709\u4ee5\u4e0b\u51e0\u79cd\u65b9\u5f0f\u5f00\u542f\u6216\u5347\u7ea7\u81f3\u5927\u94fe\u8def\u6a21\u5f0f\uff1a
\u5728helm upgrade
\u547d\u4ee4\u4e2d\u4f7f\u7528 --set\u4fee\u6539 YAML \u540e\u8fd0\u884c helm upgrade\u5bb9\u5668\u7ba1\u7406 UI \u5347\u7ea7 \u5148\u8fd0\u884c\u4ee5\u4e0b insight \u5347\u7ea7\u547d\u4ee4\uff0c\u6ce8\u610f kafka brokers \u5730\u5740\u9700\u6b63\u786e\uff1a
helm upgrade insight insight-release/insight \\\n -n insight-system \\\n -f ./insight.yaml \\\n --set global.kafka.brokers=\"10.6.216.111:30592\" \\\n --set global.kafka.enabled=true \\\n --set global.tracing.kafkaReceiver.enabled=true \\\n --version 0.30.1\n
\u7136\u540e\u8fd0\u884c\u4ee5\u4e0b insight-agent \u5347\u7ea7\u547d\u4ee4\uff0c\u6ce8\u610f kafka brokers \u5730\u5740\u9700\u6b63\u786e\uff1a
helm upgrade insight-agent insight-release/insight-agent \\\n -n insight-system \\\n -f ./insight-agent.yaml \\\n --set global.exporters.trace.kafka.brokers=\"10.6.216.111:30592\" \\\n --set global.exporters.trace.output=kafka \\\n --version 0.30.1\n
\u53c2\u7167\u4ee5\u4e0b\u6b65\u9aa4\u4fee\u6539 YAMl \u540e\u8fd0\u884c helm upgrade
\u547d\u4ee4\uff1a
\u4fee\u6539 insight.yaml
insight.yamlglobal:\n ...\n kafka:\n brokers: 10.6.216.111:30592\n enabled: true\n...\ntracing:\n ...\n kafkaReceiver:\n enabled: true\n
\u5347\u7ea7 insight \u7ec4\u4ef6\uff1a
helm upgrade insight insight-release/insight \\\n -n insight-system \\\n -f ./insight.yaml \\\n --version 0.30.1\n
\u4fee\u6539 insight-agent.yaml
insight-agent.yamlglobal:\n ...\n exporters:\n ...\n trace:\n ...\n kafka:\n brokers: 10.6.216.111:30592\n output: kafka\n
\u5347\u7ea7 insight-agent\uff1a
helm upgrade insight-agent insight-release/insight-agent \\\n -n insight-system \\\n -f ./insight-agent.yaml \\\n --version 0.30.1\n
\u5728\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u4e2d\uff0c\u627e\u5230\u5bf9\u5e94\u7684\u96c6\u7fa4\uff0c\u4ece\u5de6\u4fa7\u5bfc\u822a\u680f\u9009\u62e9 Helm \u5e94\u7528 \uff0c\u627e\u5230\u5e76\u66f4\u65b0 insight-agent\u3002
\u5728 Trace Settings \u4e2d\uff0c\u4e3a output \u9009\u62e9 kafka\uff0c\u5e76\u586b\u5199\u6b63\u786e\u7684 brokers \u5730\u5740\u3002
\u9700\u8981\u6ce8\u610f\u7684\u662f\uff0c\u5728\u5347\u7ea7\u5b8c\u6210\u540e\uff0c\u9700\u624b\u52a8 \u91cd\u542f insight-agent-opentelemetry-collector \u548c insight-opentelemetry-collector \u7ec4\u4ef6\u3002
"},{"location":"end-user/insight/quickstart/install/component-scheduling.html","title":"\u81ea\u5b9a\u4e49 Insight \u7ec4\u4ef6\u8c03\u5ea6\u7b56\u7565","text":"\u5f53\u90e8\u7f72\u53ef\u89c2\u6d4b\u5e73\u53f0 Insight \u5230 Kubernetes \u73af\u5883\u65f6\uff0c\u6b63\u786e\u7684\u8d44\u6e90\u7ba1\u7406\u548c\u4f18\u5316\u81f3\u5173\u91cd\u8981\u3002 Insight \u5305\u542b\u591a\u4e2a\u6838\u5fc3\u7ec4\u4ef6\uff0c\u5982 Prometheus\u3001OpenTelemetry\u3001FluentBit\u3001Vector\u3001Elasticsearch \u7b49\uff0c \u8fd9\u4e9b\u7ec4\u4ef6\u5728\u8fd0\u884c\u8fc7\u7a0b\u4e2d\u53ef\u80fd\u56e0\u4e3a\u8d44\u6e90\u5360\u7528\u95ee\u9898\u5bf9\u96c6\u7fa4\u5185\u5176\u4ed6 Pod \u7684\u6027\u80fd\u4ea7\u751f\u8d1f\u9762\u5f71\u54cd\u3002 \u4e3a\u4e86\u6709\u6548\u5730\u7ba1\u7406\u8d44\u6e90\u5e76\u4f18\u5316\u96c6\u7fa4\u7684\u8fd0\u884c\uff0c\u8282\u70b9\u4eb2\u548c\u6027\u6210\u4e3a\u4e00\u9879\u91cd\u8981\u7684\u914d\u7f6e\u9009\u9879\u3002
\u672c\u6587\u5c06\u91cd\u70b9\u63a2\u8ba8\u5982\u4f55\u901a\u8fc7\u6c61\u70b9\u548c\u8282\u70b9\u4eb2\u548c\u6027\u7684\u914d\u7f6e\u7b56\u7565\uff0c\u4f7f\u5f97\u6bcf\u4e2a\u7ec4\u4ef6\u80fd\u591f\u5728\u9002\u5f53\u7684\u8282\u70b9\u4e0a\u8fd0\u884c\uff0c \u5e76\u907f\u514d\u8d44\u6e90\u7ade\u4e89\u6216\u4e89\u7528\uff0c\u4ece\u800c\u786e\u4fdd\u6574\u4e2a Kubernetes \u96c6\u7fa4\u7684\u7a33\u5b9a\u6027\u548c\u9ad8\u6548\u6027\u3002
"},{"location":"end-user/insight/quickstart/install/component-scheduling.html#insight_1","title":"\u901a\u8fc7\u6c61\u70b9\u4e3a Insight \u914d\u7f6e\u4e13\u6709\u8282\u70b9","text":"\u7531\u4e8e Insight Agent \u5305\u542b\u4e86 DaemonSet \u7ec4\u4ef6\uff0c\u6240\u4ee5\u672c\u8282\u6240\u8ff0\u7684\u914d\u7f6e\u65b9\u5f0f\u662f\u8ba9\u9664\u4e86 Insight DameonSet \u4e4b\u5916\u7684\u5176\u4f59\u7ec4\u4ef6\u5747\u8fd0\u884c\u5728\u4e13\u6709\u8282\u70b9\u4e0a\u3002
\u8be5\u65b9\u5f0f\u662f\u901a\u8fc7\u4e3a\u4e13\u6709\u8282\u70b9\u6dfb\u52a0\u6c61\u70b9\uff08taint\uff09\uff0c\u5e76\u914d\u5408\u6c61\u70b9\u5bb9\u5fcd\u5ea6\uff08tolerations\uff09\u6765\u5b9e\u73b0\u7684\u3002 \u66f4\u591a\u7ec6\u8282\u53ef\u4ee5\u53c2\u8003 Kubernetes \u5b98\u65b9\u6587\u6863\u3002
\u53ef\u4ee5\u53c2\u8003\u5982\u4e0b\u547d\u4ee4\u4e3a\u8282\u70b9\u6dfb\u52a0\u53ca\u79fb\u9664\u6c61\u70b9\uff1a
# \u6dfb\u52a0\u6c61\u70b9\nkubectl taint nodes worker1 node.daocloud.io=insight-only:NoSchedule\n\n# \u79fb\u9664\u6c61\u70b9\nkubectl taint nodes worker1 node.daocloud.io:NoSchedule-\n
\u6709\u4ee5\u4e0b\u4e24\u79cd\u9014\u5f84\u8ba9 Insight \u7ec4\u4ef6\u8c03\u5ea6\u81f3\u4e13\u6709\u8282\u70b9\uff1a
"},{"location":"end-user/insight/quickstart/install/component-scheduling.html#1","title":"1. \u4e3a\u6bcf\u4e2a\u7ec4\u4ef6\u6dfb\u52a0\u6c61\u70b9\u5bb9\u5fcd\u5ea6","text":"\u9488\u5bf9 insight-server
\u548c insight-agent
\u4e24\u4e2a Chart \u5206\u522b\u8fdb\u884c\u914d\u7f6e\uff1a
server:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n\nui:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n\nrunbook:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n\n# mysql:\nvictoria-metrics-k8s-stack:\n victoria-metrics-operator:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n vmcluster:\n spec:\n vmstorage:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n vmselect:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n vminsert:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n vmalert:\n spec:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n alertmanager:\n spec:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n\njaeger:\n collector:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n query:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n\nopentelemetry-collector-aggregator:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n\nopentelemetry-collector:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n\ngrafana-operator:\n operator:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n grafana:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\nkibana:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n\nelastic-alert:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n\nvector:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n
kube-prometheus-stack:\n prometheus:\n prometheusSpec:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n prometheus-node-exporter:\n tolerations:\n - effect: NoSchedule\n operator: Exists\n prometheusOperator:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n\nkube-state-metrics:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\nopentelemetry-operator:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\nopentelemetry-collector:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\ntailing-sidecar-operator:\n operator:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\nopentelemetry-kubernetes-collector:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\nprometheus-blackbox-exporter:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\netcd-exporter:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\" \n
"},{"location":"end-user/insight/quickstart/install/component-scheduling.html#2","title":"2. \u901a\u8fc7\u547d\u540d\u7a7a\u95f4\u7ea7\u522b\u914d\u7f6e","text":"\u8ba9 insight-system
\u547d\u540d\u7a7a\u95f4\u7684 Pod \u90fd\u5bb9\u5fcd node.daocloud.io=insight-only
\u6c61\u70b9\u3002
\u8c03\u6574 apiserver
\u7684\u914d\u7f6e\u6587\u4ef6 /etc/kubernetes/manifests/kube-apiserver.yaml
\uff0c\u653e\u5f00 PodTolerationRestriction,PodNodeSelector
, \u53c2\u8003\u4e0b\u56fe\uff1a
\u7ed9 insight-system
\u547d\u540d\u7a7a\u95f4\u589e\u52a0\u6ce8\u89e3\uff1a
apiVersion: v1\nkind: Namespace\nmetadata:\n name: insight-system\n annotations:\n scheduler.alpha.kubernetes.io/defaultTolerations: '[{\"operator\": \"Equal\", \"effect\": \"NoSchedule\", \"key\": \"node.daocloud.io\", \"value\": \"insight-only\"}]'\n
\u91cd\u542f insight-system \u547d\u540d\u7a7a\u95f4\u4e0b\u9762\u7684\u7ec4\u4ef6\u5373\u53ef\u6b63\u5e38\u5bb9\u5fcd insight-system \u4e0b\u7684 Pod \u8c03\u5ea6\u3002
"},{"location":"end-user/insight/quickstart/install/component-scheduling.html#label","title":"\u4e3a\u8282\u70b9\u6dfb\u52a0 Label \u548c\u8282\u70b9\u4eb2\u548c\u6027\u6765\u7ba1\u7406\u7ec4\u4ef6\u8c03\u5ea6","text":"Info
\u8282\u70b9\u4eb2\u548c\u6027\u6982\u5ff5\u4e0a\u7c7b\u4f3c\u4e8e nodeSelector
\uff0c\u5b83\u4f7f\u4f60\u53ef\u4ee5\u6839\u636e\u8282\u70b9\u4e0a\u7684 \u6807\u7b7e(label) \u6765\u7ea6\u675f Pod \u53ef\u4ee5\u8c03\u5ea6\u5230\u54ea\u4e9b\u8282\u70b9\u4e0a\u3002 \u8282\u70b9\u4eb2\u548c\u6027\u6709\u4e24\u79cd\uff1a
\u66f4\u8fc7\u7ec6\u8282\u8bf7\u53c2\u8003 kubernetes \u5b98\u65b9\u6587\u6863\u3002
\u4e3a\u4e86\u5b9e\u73b0\u4e0d\u540c\u7528\u6237\u5bf9 Insight \u7ec4\u4ef6\u8c03\u5ea6\u7684\u7075\u6d3b\u9700\u6c42\uff0cInsight \u5206\u522b\u63d0\u4f9b\u4e86\u8f83\u4e3a\u7ec6\u7c92\u5ea6\u7684 Label \u6765\u5b9e\u73b0\u4e0d\u540c\u7ec4\u4ef6\u7684\u8c03\u5ea6\u7b56\u7565\uff0c\u4ee5\u4e0b\u662f\u6807\u7b7e\u4e0e\u7ec4\u4ef6\u7684\u5173\u7cfb\u8bf4\u660e\uff1a
\u6807\u7b7e Key \u6807\u7b7e Value \u8bf4\u660enode.daocloud.io/insight-any
\u4efb\u610f\u503c\uff0c\u63a8\u8350\u7528 true
\u4ee3\u8868 Insight \u6240\u6709\u7ec4\u4ef6\u4f18\u5148\u8003\u8651\u5e26\u4e86\u8be5\u6807\u7b7e\u7684\u8282\u70b9 node.daocloud.io/insight-prometheus
\u4efb\u610f\u503c\uff0c\u63a8\u8350\u7528 true
\u7279\u6307 Prometheus \u7ec4\u4ef6 node.daocloud.io/insight-vmstorage
\u4efb\u610f\u503c\uff0c\u63a8\u8350\u7528 true
\u7279\u6307 VictoriaMetrics vmstorage \u7ec4\u4ef6 node.daocloud.io/insight-vector
\u4efb\u610f\u503c\uff0c\u63a8\u8350\u7528 true
\u7279\u6307 Vector \u7ec4\u4ef6 node.daocloud.io/insight-otel-col
\u4efb\u610f\u503c\uff0c\u63a8\u8350\u7528 true
\u7279\u6307 OpenTelemetry \u7ec4\u4ef6 \u53ef\u4ee5\u53c2\u8003\u5982\u4e0b\u547d\u4ee4\u4e3a\u8282\u70b9\u6dfb\u52a0\u53ca\u79fb\u9664\u6807\u7b7e\uff1a
# \u4e3a node8 \u6dfb\u52a0\u6807\u7b7e\uff0c\u5148\u5c06 insight-prometheus \u8c03\u5ea6\u5230 node8 \nkubectl label nodes node8 node.daocloud.io/insight-prometheus=true\n\n# \u79fb\u9664 node8 \u7684 node.daocloud.io/insight-prometheus \u6807\u7b7e\nkubectl label nodes node8 node.daocloud.io/insight-prometheus-\n
\u4ee5\u4e0b\u662f insight-prometheus \u7ec4\u4ef6\u5728\u90e8\u7f72\u65f6\u9ed8\u8ba4\u7684\u4eb2\u548c\u6027\u504f\u597d\uff1a
affinity:\n nodeAffinity:\n preferredDuringSchedulingIgnoredDuringExecution:\n - preference:\n matchExpressions:\n - key: node-role.kubernetes.io/control-plane\n operator: DoesNotExist\n weight: 1\n - preference:\n matchExpressions:\n - key: node.daocloud.io/insight-prometheus # (1)!\n operator: Exists\n weight: 2\n - preference:\n matchExpressions:\n - key: node.daocloud.io/insight-any\n operator: Exists\n weight: 3\n podAntiAffinity:\n preferredDuringSchedulingIgnoredDuringExecution:\n - weight: 1\n podAffinityTerm:\n topologyKey: kubernetes.io/hostname\n labelSelector:\n matchExpressions:\n - key: app.kubernetes.io/instance\n operator: In\n values:\n - insight-agent-kube-prometh-prometheus\n
\u53ef\u89c2\u6d4b\u6027\u662f\u591a\u96c6\u7fa4\u7edf\u4e00\u89c2\u6d4b\u7684\u4ea7\u54c1\uff0c\u4e3a\u5b9e\u73b0\u5bf9\u591a\u96c6\u7fa4\u89c2\u6d4b\u6570\u636e\u7684\u7edf\u4e00\u5b58\u50a8\u3001\u67e5\u8be2\uff0c \u5b50\u96c6\u7fa4\u9700\u8981\u5c06\u91c7\u96c6\u7684\u89c2\u6d4b\u6570\u636e\u4e0a\u62a5\u7ed9\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u8fdb\u884c\u7edf\u4e00\u5b58\u50a8\u3002 \u672c\u6587\u63d0\u4f9b\u4e86\u5728\u5b89\u88c5\u91c7\u96c6\u7ec4\u4ef6 insight-agent \u65f6\u5fc5\u586b\u7684\u5b58\u50a8\u7ec4\u4ef6\u7684\u5730\u5740\u3002
"},{"location":"end-user/insight/quickstart/install/gethosturl.html#insight-agent","title":"\u5728\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u5b89\u88c5 insight-agent","text":"\u5982\u679c\u5728\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u5b89\u88c5 insight-agent\uff0c\u63a8\u8350\u901a\u8fc7\u57df\u540d\u6765\u8bbf\u95ee\u96c6\u7fa4\uff1a
export vminsert_host=\"vminsert-insight-victoria-metrics-k8s-stack.insight-system.svc.cluster.local\" # (1)!\nexport es_host=\"insight-es-master.insight-system.svc.cluster.local\" # (2)!\nexport otel_col_host=\"insight-opentelemetry-collector.insight-system.svc.cluster.local\" # (3)!\n
"},{"location":"end-user/insight/quickstart/install/gethosturl.html#insight-agent_1","title":"\u5728\u5176\u4ed6\u96c6\u7fa4\u5b89\u88c5 insight-agent","text":""},{"location":"end-user/insight/quickstart/install/gethosturl.html#insight-server","title":"\u901a\u8fc7 Insight Server \u63d0\u4f9b\u7684\u63a5\u53e3\u83b7\u53d6\u5730\u5740","text":"\u7ba1\u7406\u96c6\u7fa4\u4f7f\u7528\u9ed8\u8ba4\u7684 LoadBalancer \u65b9\u5f0f\u66b4\u9732
\u767b\u5f55\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u7684\u63a7\u5236\u53f0\uff0c\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a
export INSIGHT_SERVER_IP=$(kubectl get service insight-server -n insight-system --output=jsonpath={.spec.clusterIP})\ncurl --location --request POST 'http://'\"${INSIGHT_SERVER_IP}\"'/apis/insight.io/v1alpha1/agentinstallparam'\n
Note
\u8bf7\u66ff\u6362\u547d\u4ee4\u4e2d\u7684 ${INSIGHT_SERVER_IP}
\u53c2\u6570\u3002
\u83b7\u5f97\u5982\u4e0b\u8fd4\u56de\u503c\uff1a
{\n \"values\": {\n \"global\": {\n \"exporters\": {\n \"logging\": {\n \"host\": \"10.6.182.32\"\n },\n \"metric\": {\n \"host\": \"10.6.182.32\"\n },\n \"auditLog\": {\n \"host\": \"10.6.182.32\"\n },\n \"trace\": {\n \"host\": \"10.6.182.32\"\n }\n }\n },\n \"opentelemetry-operator\": {\n \"enabled\": true\n },\n \"opentelemetry-collector\": {\n \"enabled\": true\n }\n }\n}\n
global.exporters.logging.host
\u662f\u65e5\u5fd7\u670d\u52a1\u5730\u5740\uff0c\u4e0d\u9700\u8981\u518d\u8bbe\u7f6e\u5bf9\u5e94\u670d\u52a1\u7684\u7aef\u53e3\uff0c\u90fd\u4f1a\u4f7f\u7528\u76f8\u5e94\u9ed8\u8ba4\u503cglobal.exporters.metric.host
\u662f\u6307\u6807\u670d\u52a1\u5730\u5740global.exporters.trace.host
\u662f\u94fe\u8def\u670d\u52a1\u5730\u5740global.exporters.auditLog.host
\u662f\u5ba1\u8ba1\u65e5\u5fd7\u670d\u52a1\u5730\u5740\uff08\u548c\u94fe\u8def\u4f7f\u7528\u7684\u540c\u4e00\u4e2a\u670d\u52a1\u4e0d\u540c\u7aef\u53e3\uff09\u7ba1\u7406\u96c6\u7fa4\u7981\u7528 LoadBalancer
\u8c03\u7528\u63a5\u53e3\u65f6\u9700\u8981\u989d\u5916\u4f20\u9012\u96c6\u7fa4\u4e2d\u4efb\u610f\u5916\u90e8\u53ef\u8bbf\u95ee\u7684\u8282\u70b9 IP\uff0c\u4f1a\u4f7f\u7528\u8be5 IP \u62fc\u63a5\u51fa\u5bf9\u5e94\u670d\u52a1\u7684\u5b8c\u6574\u8bbf\u95ee\u5730\u5740\u3002
export INSIGHT_SERVER_IP=$(kubectl get service insight-server -n insight-system --output=jsonpath={.spec.clusterIP})\ncurl --location --request POST 'http://'\"${INSIGHT_SERVER_IP}\"'/apis/insight.io/v1alpha1/agentinstallparam' --data '{\"extra\": {\"EXPORTER_EXTERNAL_IP\": \"10.5.14.51\"}}'\n
\u5c06\u83b7\u5f97\u5982\u4e0b\u7684\u8fd4\u56de\u503c\uff1a
{\n \"values\": {\n \"global\": {\n \"exporters\": {\n \"logging\": {\n \"scheme\": \"https\",\n \"host\": \"10.5.14.51\",\n \"port\": 32007,\n \"user\": \"elastic\",\n \"password\": \"j8V1oVoM1184HvQ1F3C8Pom2\"\n },\n \"metric\": {\n \"host\": \"10.5.14.51\",\n \"port\": 30683\n },\n \"auditLog\": {\n \"host\": \"10.5.14.51\",\n \"port\": 30884\n },\n \"trace\": {\n \"host\": \"10.5.14.51\",\n \"port\": 30274\n }\n }\n },\n \"opentelemetry-operator\": {\n \"enabled\": true\n },\n \"opentelemetry-collector\": {\n \"enabled\": true\n }\n }\n}\n
global.exporters.logging.host
\u662f\u65e5\u5fd7\u670d\u52a1\u5730\u5740global.exporters.logging.port
\u662f\u65e5\u5fd7\u670d\u52a1\u66b4\u9732\u7684 NodePortglobal.exporters.metric.host
\u662f\u6307\u6807\u670d\u52a1\u5730\u5740global.exporters.metric.port
\u662f\u6307\u6807\u670d\u52a1\u66b4\u9732\u7684 NodePortglobal.exporters.trace.host
\u662f\u94fe\u8def\u670d\u52a1\u5730\u5740global.exporters.trace.port
\u662f\u94fe\u8def\u670d\u52a1\u66b4\u9732\u7684 NodePortglobal.exporters.auditLog.host
\u662f\u5ba1\u8ba1\u65e5\u5fd7\u670d\u52a1\u5730\u5740\uff08\u548c\u94fe\u8def\u4f7f\u7528\u7684\u540c\u4e00\u4e2a\u670d\u52a1\u4e0d\u540c\u7aef\u53e3\uff09global.exporters.auditLog.host
\u662f\u5ba1\u8ba1\u65e5\u5fd7\u670d\u52a1\u66b4\u9732\u7684 NodePort\u82e5\u96c6\u7fa4\u4e2d\u5f00\u542f LoadBalancer
\u4e14\u4e3a Insight \u8bbe\u7f6e\u4e86 VIP
\u65f6\uff0c\u60a8\u4e5f\u53ef\u4ee5\u624b\u52a8\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u83b7\u53d6 vminsert
\u4ee5\u53ca opentelemetry-collector
\u7684\u5730\u5740\u4fe1\u606f\uff1a
$ kubectl get service -n insight-system | grep lb\nlb-insight-opentelemetry-collector LoadBalancer 10.233.23.12 <pending> 4317:31286/TCP,8006:31351/TCP 24d\nlb-vminsert-insight-victoria-metrics-k8s-stack LoadBalancer 10.233.63.67 <pending> 8480:31629/TCP 24d\n
lb-vminsert-insight-victoria-metrics-k8s-stack
\u662f\u6307\u6807\u670d\u52a1\u7684\u5730\u5740lb-insight-opentelemetry-collector
\u662f\u94fe\u8def\u670d\u52a1\u7684\u5730\u5740\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u83b7\u53d6 elasticsearch
\u5730\u5740\u4fe1\u606f\uff1a
$ kubectl get service -n mcamel-system | grep es\nmcamel-common-es-cluster-masters-es-http NodePort 10.233.16.120 <none> 9200:30465/TCP 47d\n
mcamel-common-es-cluster-masters-es-http
\u662f\u65e5\u5fd7\u670d\u52a1\u7684\u5730\u5740
\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u7981\u7528 LB \u7279\u6027
\u5728\u8be5\u60c5\u51b5\u4e0b\uff0c\u9ed8\u8ba4\u4e0d\u4f1a\u521b\u5efa\u4e0a\u8ff0\u7684 LoadBalancer \u8d44\u6e90\uff0c\u5bf9\u5e94\u670d\u52a1\u540d\u4e3a\uff1a
\u4e0a\u9762\u4e24\u79cd\u60c5\u51b5\u83b7\u53d6\u5230\u5bf9\u5e94\u670d\u52a1\u7684\u5bf9\u5e94\u7aef\u53e3\u4fe1\u606f\u540e\uff0c\u8fdb\u884c\u5982\u4e0b\u8bbe\u7f6e\uff1a
--set global.exporters.logging.host= # (1)!\n--set global.exporters.logging.port= # (2)!\n--set global.exporters.metric.host= # (3)!\n--set global.exporters.metric.port= # (4)!\n--set global.exporters.trace.host= # (5)!\n--set global.exporters.trace.port= # (6)!\n--set global.exporters.auditLog.host= # (7)!\n
\u672c\u6587\u63cf\u8ff0\u4e86\u5728\u547d\u4ee4\u884c\u4e2d\u901a\u8fc7 Helm \u547d\u4ee4\u5b89\u88c5 Insight Agent \u793e\u533a\u7248\u7684\u64cd\u4f5c\u6b65\u9aa4\u3002
"},{"location":"end-user/insight/quickstart/install/helm-installagent.html#insight-agent","title":"\u5b89\u88c5 Insight Agent","text":"\u4f7f\u7528\u4ee5\u4e0b\u547d\u4ee4\u6dfb\u52a0\u955c\u50cf\u4ed3\u5e93\u7684\u5730\u5740
helm repo add insight https://release.daocloud.io/chartrepo/insight\nhelm repo upgrade\nhelm search repo insight/insight-agent --versions\n
\u5b89\u88c5 Insight Agent \u9700\u8981\u786e\u4fdd\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4e2d\u7684 Insight Server \u6b63\u5e38\u8fd0\u884c\uff0c\u6267\u884c\u4ee5\u4e0b\u5b89\u88c5\u547d\u4ee4\u5b89\u88c5 Insight Agent \u793e\u533a\u7248\uff0c\u8be5\u914d\u7f6e\u4e0d\u542f\u7528 Tracing \u529f\u80fd\uff1a
helm upgrade --install --create-namespace --cleanup-on-fail \\\n --version ${version} \\ # \u8bf7\u6307\u5b9a\u90e8\u7f72\u7248\u672c\n insight-agent insight/insight-agent \\\n --set global.exporters.logging.elasticsearch.host=10.10.10.x \\ # \u8bf7\u66ff\u6362\u201c10.10.10.x\" \u4e3a\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u6216\u5916\u7f6e\u7684 Elasticsearch \u7684\u5730\u5740\n --set global.exporters.logging.elasticsearch.port=32517 \\ # \u8bf7\u66ff\u6362\u201c32517\" \u4e3a\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u6216\u5916\u7f6e\u7684 Elasticsearch \u66b4\u9732\u7684\u7aef\u53e3\n --set global.exporters.logging.elasticsearch.user=elastic \\ # \u8bf7\u66ff\u6362\u201celastic\" \u4e3a\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u6216\u5916\u7f6e\u7684 Elasticsearch \u7684\u7528\u6237\u540d\n --set global.exporters.logging.elasticsearch.password=dangerous \\ # \u8bf7\u66ff\u6362\u201cdangerous\" \u4e3a\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u6216\u5916\u7f6e\u7684 Elasticsearch \u7684\u5bc6\u7801\n --set global.exporters.metric.host=${vminsert_address} \\ # \u8bf7\u66ff\u6362\u201c10.10.10.x\" \u4e3a\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4e2d vminsert \u7684\u5730\u5740\n --set global.exporters.metric.port=${vminsert_port} \\ # \u8bf7\u66ff\u6362\u201c32517\" \u4e3a\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4e2d vminsert \u7684\u5730\u5740\n --set global.exporters.auditLog.host=${opentelemetry-collector address} \\ # \u8bf7\u66ff\u6362\u201c32517\" \u4e3a\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4e2d opentelemetry-collector \u7684\u7aef\u53e3\n --set global.exporters.auditLog.port=${otel_col_auditlog_port}\\ # \u8bf7\u66ff\u6362\u201c32517\" \u4e3a\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4e2d opentelemetry-collector \u5bb9\u5668\u7aef\u53e3\u4e3a 8006 \u7684 service \u5bf9\u5916\u8bbf\u95ee\u7684\u5730\u5740\n -n insight-system\n
Info
\u53ef\u53c2\u8003 \u5982\u4f55\u83b7\u53d6\u8fde\u63a5\u5730\u5740 \u83b7\u53d6\u5730\u5740\u4fe1\u606f\u3002
\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u786e\u8ba4\u5b89\u88c5\u72b6\u6001\uff1a
helm list -A\nkubectl get pods -n insight-system\n
\u5982\u679c Agent \u662f\u5b89\u88c5\u5728\u7ba1\u7406\u96c6\u7fa4\uff0c\u63a8\u8350\u901a\u8fc7\u57df\u540d\u6765\u8bbf\u95ee\u96c6\u7fa4\uff1a
export vminsert_host=\"vminsert-insight-victoria-metrics-k8s-stack.insight-system.svc.cluster.local\" # \u6307\u6807\nexport es_host=\"insight-es-master.insight-system.svc.cluster.local\" # \u65e5\u5fd7\nexport otel_col_host=\"insight-opentelemetry-collector.insight-system.svc.cluster.local\" # \u94fe\u8def\n
"},{"location":"end-user/insight/quickstart/install/helm-installagent.html#insight-agent_2","title":"\u5728\u5de5\u4f5c\u96c6\u7fa4\u5b89\u88c5 Insight Agent","text":"\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4f7f\u7528\u9ed8\u8ba4\u7684 LoadBalancer\u767b\u5f55\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u7684\u63a7\u5236\u53f0\u64cd\u4f5c\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4f7f\u7528 Nodeport \u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4f7f\u7528\u9ed8\u8ba4\u7684 LoadBalancer \u65b9\u5f0f\u66b4\u9732\u670d\u52a1\u65f6\uff0c\u767b\u5f55\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u7684\u63a7\u5236\u53f0\uff0c\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a
export INSIGHT_SERVER_IP=$(kubectl get service insight-server -n insight-system --output=jsonpath={.spec.clusterIP})\ncurl --location --request POST 'http://'\"${INSIGHT_SERVER_IP}\"'/apis/insight.io/v1alpha1/agentinstallparam'\n
\u5c06\u83b7\u5f97\u5982\u4e0b\u7684\u8fd4\u56de\u503c\uff1a
{\"global\":{\"exporters\":{\"logging\":{\"output\":\"elasticsearch\",\"elasticsearch\":{\"host\":\"10.6.182.32\"},\"kafka\":{},\"host\":\"10.6.182.32\"},\"metric\":{\"host\":\"10.6.182.32\"},\"auditLog\": {\"host\":\"10.6.182.32\"}}},\"opentelemetry-operator\":{\"enabled\":true},\"opentelemetry-collector\":{\"enabled\":true}}\n
\u5176\u4e2d\uff1a
\u767b\u5f55\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u7684\u63a7\u5236\u53f0\uff0c\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a
kubectl get service -n insight-system | grep lb\nkubectl get service -n mcamel-system | grep es\n
\u5176\u4e2d\uff1a
\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4f7f\u7528 Nodeport \u65b9\u5f0f\u66b4\u9732\u670d\u52a1\u65f6\uff0c\u767b\u5f55\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u7684\u63a7\u5236\u53f0\uff0c\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a
kubectl get service -n insight-system\nkubectl get service -n mcamel-system\n
\u5176\u4e2d\uff1a
\u767b\u5f55\u76ee\u6807\u96c6\u7fa4\u7684\u63a7\u5236\u53f0\uff0c\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u5907\u4efd --set
\u53c2\u6570\u3002
helm get values insight-agent -n insight-system -o yaml > insight-agent.yaml\n
\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u66f4\u65b0\u4ed3\u5e93\u3002
helm repo upgrade\n
\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u8fdb\u884c\u5347\u7ea7\u3002
helm upgrade insight-agent insight/insight-agent \\\n-n insight-system \\\n-f ./insight-agent.yaml \\\n--version ${version} # \u6307\u5b9a\u5347\u7ea7\u7248\u672c\n
\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u786e\u8ba4\u5b89\u88c5\u72b6\u6001\uff1a
kubectl get pods -n insight-system\n
helm uninstall insight-agent -n insight-system --timeout 10m\n
"},{"location":"end-user/insight/quickstart/install/install-agent.html","title":"\u5728\u7ebf\u5b89\u88c5 insight-agent","text":"insight-agent \u662f\u96c6\u7fa4\u89c2\u6d4b\u6570\u636e\u91c7\u96c6\u7684\u63d2\u4ef6\uff0c\u652f\u6301\u5bf9\u6307\u6807\u3001\u94fe\u8def\u3001\u65e5\u5fd7\u6570\u636e\u7684\u7edf\u4e00\u89c2\u6d4b\u3002\u672c\u6587\u63cf\u8ff0\u4e86\u5982\u4f55\u5728\u5728\u7ebf\u73af\u5883\u4e2d\u4e3a\u63a5\u5165\u96c6\u7fa4\u5b89\u88c5 insight-agent\u3002
"},{"location":"end-user/insight/quickstart/install/install-agent.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u8fdb\u5165 \u5bb9\u5668\u7ba1\u7406 \u6a21\u5757\uff0c\u5728 \u96c6\u7fa4\u5217\u8868 \u4e2d\u627e\u5230\u8981\u5b89\u88c5 insight-agent \u7684\u96c6\u7fa4\u540d\u79f0\u3002
\u9009\u62e9 \u7acb\u5373\u5b89\u88c5 \u8df3\u8f6c\uff0c\u6216\u70b9\u51fb\u96c6\u7fa4\uff0c\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u5185\u70b9\u51fb Helm \u5e94\u7528 -> Helm \u6a21\u677f \uff0c\u641c\u7d22\u6846\u67e5\u8be2 insight-agent \uff0c\u70b9\u51fb\u8be5\u5361\u7247\u8fdb\u5165\u8be6\u60c5\u3002
\u67e5\u770b insight-agent \u7684\u5b89\u88c5\u9875\u9762\uff0c\u70b9\u51fb \u5b89\u88c5 \u8fdb\u5165\u4e0b\u4e00\u6b65\u3002
\u9009\u62e9\u5b89\u88c5\u7684\u7248\u672c\u5e76\u5728\u4e0b\u65b9\u8868\u5355\u5206\u522b\u586b\u5199\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4e2d\u5bf9\u5e94\u6570\u636e\u5b58\u50a8\u7ec4\u4ef6\u7684\u5730\u5740\uff0c\u786e\u8ba4\u586b\u5199\u7684\u4fe1\u606f\u65e0\u8bef\u540e\uff0c\u70b9\u51fb \u786e\u5b9a \u3002
\u7cfb\u7edf\u5c06\u81ea\u52a8\u8fd4\u56de\u00a0 Helm \u5e94\u7528 \u5217\u8868\uff0c\u5f53\u5e94\u7528 insight-agent \u7684\u72b6\u6001\u4ece\u00a0 \u672a\u5c31\u7eea \u53d8\u4e3a \u5df2\u90e8\u7f72 \uff0c\u4e14\u6240\u6709\u7684\u7ec4\u4ef6\u72b6\u6001\u4e3a \u8fd0\u884c\u4e2d \u65f6\uff0c\u5219\u5b89\u88c5\u6210\u529f\u3002\u7b49\u5f85\u4e00\u6bb5\u65f6\u95f4\u540e\uff0c\u53ef\u5728 \u53ef\u89c2\u6d4b\u6027 \u6a21\u5757\u67e5\u770b\u8be5\u96c6\u7fa4\u7684\u6570\u636e\u3002
Note
\u672c\u9875\u5217\u51fa\u4e00\u4e9b Insight Agent \u5b89\u88c5\u548c\u5378\u8f7d\u6709\u5173\u7684\u95ee\u9898\u53ca\u5176\u89e3\u51b3\u529e\u6cd5\u3002
"},{"location":"end-user/insight/quickstart/install/knownissues.html#v0230","title":"v0.23.0","text":""},{"location":"end-user/insight/quickstart/install/knownissues.html#insight-agent","title":"Insight Agent","text":""},{"location":"end-user/insight/quickstart/install/knownissues.html#insight-agent_1","title":"Insight Agent \u5378\u8f7d\u5931\u8d25","text":"\u5f53\u4f60\u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\u5378\u8f7d Insight Agent \u65f6\u3002
helm uninstall insight-agent -n insight-system\n
otel-oprator
\u6240\u4f7f\u7528\u7684 tls secret
\u672a\u88ab\u5378\u8f7d\u6389\u3002
otel-operator
\u5b9a\u4e49\u7684\u201c\u91cd\u590d\u5229\u7528 tls secret\u201d\u7684\u903b\u8f91\u4e2d\uff0c\u4f1a\u53bb\u5224\u65ad otel-oprator
\u7684 MutationConfiguration
\u662f\u5426\u5b58\u5728\u5e76\u91cd\u590d\u5229\u7528 MutationConfiguration \u4e2d\u7ed1\u5b9a\u7684 CA cert\u3002\u4f46\u662f\u7531\u4e8e helm uninstall
\u5df2\u5378\u8f7d MutationConfiguration
\uff0c\u5bfc\u81f4\u51fa\u73b0\u7a7a\u503c\u3002
\u7efc\u4e0a\u8bf7\u624b\u52a8\u5220\u9664\u5bf9\u5e94\u7684 secret
\uff0c\u4ee5\u4e0b\u4e24\u79cd\u65b9\u5f0f\u4efb\u9009\u4e00\u79cd\u5373\u53ef\uff1a
\u901a\u8fc7\u547d\u4ee4\u884c\u5220\u9664\uff1a\u767b\u5f55\u76ee\u6807\u96c6\u7fa4\u7684\u63a7\u5236\u53f0\uff0c\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a
kubectl -n insight-system delete secret insight-agent-opentelemetry-operator-controller-manager-service-cert\n
\u901a\u8fc7 UI \u5220\u9664\uff1a\u767b\u5f55 AI \u7b97\u529b\u4e2d\u5fc3 \u5bb9\u5668\u7ba1\u7406\uff0c\u9009\u62e9\u76ee\u6807\u96c6\u7fa4\uff0c\u4ece\u5de6\u4fa7\u5bfc\u822a\u8fdb\u5165\u5bc6\u94a5
\uff0c\u8f93\u5165 insight-agent-opentelemetry-operator-controller-manager-service-cert
\uff0c\u9009\u62e9\u5220\u9664
\u3002
\u66f4\u65b0 insight-agent \u65e5\u5fd7\u914d\u7f6e\u4ece elasticsearch \u6539\u4e3a kafka \u6216\u8005\u4ece kafka \u6539\u4e3a elasticsearch\uff0c\u5b9e\u9645\u4e0a\u90fd\u672a\u751f\u6548\uff0c\u8fd8\u662f\u4f7f\u7528\u66f4\u65b0\u524d\u914d\u7f6e\u3002
\u89e3\u51b3\u65b9\u6848 \uff1a
\u624b\u52a8\u91cd\u542f\u96c6\u7fa4\u4e2d\u7684 fluentbit\u3002
"},{"location":"end-user/insight/quickstart/install/knownissues.html#v0210","title":"v0.21.0","text":""},{"location":"end-user/insight/quickstart/install/knownissues.html#insight-agent_4","title":"Insight Agent","text":""},{"location":"end-user/insight/quickstart/install/knownissues.html#podmonitor-jvm","title":"PodMonitor \u91c7\u96c6\u591a\u4efd JVM \u6307\u6807\u6570\u636e","text":"\u8fd9\u4e2a\u7248\u672c\u7684 PodMonitor/insight-kubernetes-pod \u5b58\u5728\u7f3a\u9677\uff1a\u4f1a\u9519\u8bef\u5730\u521b\u5efa Job \u53bb\u91c7\u96c6\u6807\u8bb0\u4e86 insight.opentelemetry.io/metric-scrape=true
\u7684 Pod \u7684\u6240\u6709 container\uff1b\u800c\u5b9e\u9645\u4e0a\u53ea\u9700\u91c7\u96c6 insight.opentelemetry.io/metric-port
\u6240\u5bf9\u5e94 container \u7684\u7aef\u53e3\u3002
\u56e0\u4e3a PodMonitor \u58f0\u660e\u4e4b\u540e\uff0cPromethuesOperator \u4f1a\u9884\u8bbe\u7f6e\u4e00\u4e9b\u670d\u52a1\u53d1\u73b0\u914d\u7f6e\u3002 \u518d\u8003\u8651\u5230 CRD \u7684\u517c\u5bb9\u6027\u7684\u95ee\u9898\u3002\u56e0\u6b64\uff0c\u653e\u5f03\u901a\u8fc7 PodMonitor \u6765\u914d\u7f6e\u901a\u8fc7 annotation \u521b\u5efa\u91c7\u96c6\u4efb\u52a1\u7684\u673a\u5236\u3002
\u901a\u8fc7 Prometheus \u81ea\u5e26\u7684 additional scrape config \u673a\u5236\uff0c\u5c06\u670d\u52a1\u53d1\u73b0\u89c4\u5219\u914d\u7f6e\u5728 secret \u4e2d\uff0c\u5728\u5f15\u5165 Prometheus \u91cc\u3002
\u7efc\u4e0a\uff1a
\u65b0\u7684\u89c4\u5219\u91cc\u901a\u8fc7 action: keepequal \u6765\u6bd4\u8f83 source_labels \u548c target_label \u7684\u4e00\u81f4\u6027\uff0c \u6765\u5224\u65ad\u662f\u5426\u8981\u7ed9\u67d0\u4e2a container \u7684 port \u521b\u5efa\u91c7\u96c6\u4efb\u52a1\u3002\u9700\u8981\u6ce8\u610f\uff0c\u8fd9\u4e2a\u662f Prometheus 2.41.0\uff082022-12-20\uff09\u548c\u66f4\u9ad8\u7248\u672c\u624d\u5177\u5907\u7684\u529f\u80fd\u3002
+ - source_labels: [__meta_kubernetes_pod_annotation_insight_opentelemetry_io_metric_port]\n+ separator: ;\n+ target_label: __meta_kubernetes_pod_container_port_number\n+ action: keepequal\n
"},{"location":"end-user/insight/quickstart/install/upgrade-note.html","title":"\u5347\u7ea7\u6ce8\u610f\u4e8b\u9879","text":"\u672c\u9875\u4ecb\u7ecd\u4e00\u4e9b\u5347\u7ea7 insight-server \u548c insight-agent \u7684\u6ce8\u610f\u4e8b\u9879\u3002
"},{"location":"end-user/insight/quickstart/install/upgrade-note.html#insight-agent","title":"insight-agent","text":""},{"location":"end-user/insight/quickstart/install/upgrade-note.html#v028x-v029x","title":"\u4ece v0.28.x\uff08\u6216\u66f4\u4f4e\u7248\u672c\uff09\u5347\u7ea7\u5230 v0.29.x","text":"\u7531\u4e8e v0.29.0 \u5347\u7ea7\u4e86 Opentelemetry \u793e\u533a\u7684 operator chart \u7248\u672c\uff0cvalues \u4e2d\u7684 featureGates \u7684\u652f\u6301\u7684\u503c\u6709\u6240\u53d8\u5316\uff0c\u56e0\u6b64\uff0c\u5728 upgrade \u4e4b\u524d\uff0c\u9700\u8981\u5c06 featureGates
\u7684\u503c\u8bbe\u7f6e\u4e3a\u7a7a, \u5373\uff1a
- --set opentelemetry-operator.manager.featureGates=\"+operator.autoinstrumentation.go,+operator.autoinstrumentation.multi-instrumentation,+operator.autoinstrumentation.nginx\" \\\n+ --set opentelemetry-operator.manager.featureGates=\"\"\n
"},{"location":"end-user/insight/quickstart/install/upgrade-note.html#insight-server","title":"insight-server","text":""},{"location":"end-user/insight/quickstart/install/upgrade-note.html#v026x-v027x","title":"\u4ece v0.26.x\uff08\u6216\u66f4\u4f4e\u7248\u672c\uff09\u5347\u7ea7\u5230 v0.27.x \u6216\u66f4\u9ad8\u7248\u672c","text":"\u5728 v0.27.x \u7248\u672c\u4e2d\u5c06 vector \u7ec4\u4ef6\u7684\u5f00\u5173\u5355\u72ec\u62bd\u51fa\u3002\u6545\u539f\u6709\u73af\u5883\u5f00\u542f\u4e86 vector\uff0c\u90a3\u5728\u5347\u7ea7 insight-server \u65f6\uff0c\u9700\u8981\u6307\u5b9a --set vector.enabled=true
\u3002
\u5728\u5347\u7ea7 Insight \u4e4b\u524d\uff0c\u60a8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u624b\u52a8\u5220\u9664 jaeger-collector \u548c jaeger-query \u90e8\u7f72\uff1a
kubectl -n insight-system delete deployment insight-jaeger-collector\nkubectl -n insight-system delete deployment insight-jaeger-query\n
"},{"location":"end-user/insight/quickstart/install/upgrade-note.html#v017x-v018x","title":"\u4ece v0.17.x\uff08\u6216\u66f4\u4f4e\u7248\u672c\uff09\u5347\u7ea7\u5230 v0.18.x","text":"\u7531\u4e8e 0.18.x \u4e2d\u66f4\u65b0\u4e86 Jaeger \u76f8\u5173\u90e8\u7f72\u6587\u4ef6\uff0c\u56e0\u6b64\u9700\u8981\u5728\u5347\u7ea7 insight-server \u524d\u624b\u52a8\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff1a
kubectl -n insight-system delete deployment insight-jaeger-collector\nkubectl -n insight-system delete deployment insight-jaeger-query\n
\u7531\u4e8e 0.18.x \u4e2d\u6307\u6807\u540d\u4ea7\u751f\u4e86\u53d8\u52a8\uff0c\u56e0\u6b64\uff0c\u9700\u8981\u5728\u5347\u7ea7 insight-server \u4e4b\u540e\uff0cinsight-agent \u4e5f\u5e94\u8be5\u505a\u5347\u7ea7\u3002
\u6b64\u5916\uff0c\u8c03\u6574\u4e86\u5f00\u542f\u94fe\u8def\u6a21\u5757\u7684\u53c2\u6570\uff0c\u4ee5\u53ca ElasticSearch \u8fde\u63a5\u8c03\u6574\u3002\u5177\u4f53\u53c2\u8003\u4ee5\u4e0b\u53c2\u6570\uff1a
+ --set global.tracing.enable=true \\\n- --set jaeger.collector.enabled=true \\\n- --set jaeger.query.enabled=true \\\n+ --set global.elasticsearch.scheme=${your-external-elasticsearch-scheme} \\\n+ --set global.elasticsearch.host=${your-external-elasticsearch-host} \\\n+ --set global.elasticsearch.port=${your-external-elasticsearch-port} \\\n+ --set global.elasticsearch.user=${your-external-elasticsearch-username} \\\n+ --set global.elasticsearch.password=${your-external-elasticsearch-password} \\\n- --set jaeger.storage.elasticsearch.scheme=${your-external-elasticsearch-scheme} \\\n- --set jaeger.storage.elasticsearch.host=${your-external-elasticsearch-host} \\\n- --set jaeger.storage.elasticsearch.port=${your-external-elasticsearch-port} \\\n- --set jaeger.storage.elasticsearch.user=${your-external-elasticsearch-username} \\\n- --set jaeger.storage.elasticsearch.password=${your-external-elasticsearch-password} \\\n
"},{"location":"end-user/insight/quickstart/install/upgrade-note.html#v015x-v016x","title":"\u4ece v0.15.x\uff08\u6216\u66f4\u4f4e\u7248\u672c\uff09\u5347\u7ea7\u5230 v0.16.x","text":"\u7531\u4e8e 0.16.x \u4e2d\u4f7f\u7528\u4e86 vmalertmanagers CRD \u7684\u65b0\u7279\u6027\u53c2\u6570 disableRouteContinueEnforce\uff0c \u56e0\u6b64\u9700\u8981\u5728\u5347\u7ea7 insight-server \u524d\u624b\u52a8\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u3002
kubectl apply --server-side -f https://raw.githubusercontent.com/VictoriaMetrics/operator/v0.33.0/config/crd/bases/operator.victoriametrics.com_vmalertmanagers.yaml --force-conflicts\n
Note
\u5982\u60a8\u662f\u79bb\u7ebf\u5b89\u88c5\uff0c\u53ef\u4ee5\u5728\u89e3\u538b Insight \u79bb\u7ebf\u5305\u540e\uff0c\u8bf7\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u66f4\u65b0 CRD\u3002
kubectl apply --server-side -f insight/dependency-crds --force-conflicts \n
"},{"location":"end-user/insight/quickstart/install/upgrade-note.html#insight-agent_1","title":"insight-agent","text":""},{"location":"end-user/insight/quickstart/install/upgrade-note.html#v023x-v024x","title":"\u4ece v0.23.x\uff08\u6216\u66f4\u4f4e\u7248\u672c\uff09\u5347\u7ea7\u5230 v0.24.x","text":"\u7531\u4e8e 0.24.x \u7248\u672c\u4e2d OTEL operator chart
\u4e2d\u65b0\u589e\u4e86 CRD\uff0c\u4f46\u7531\u4e8e Helm Upgrade \u65f6\u5e76\u4e0d\u4f1a\u66f4\u65b0 CRD\uff0c\u56e0\u6b64\uff0c\u9700\u8981\u624b\u52a8\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a
kubectl apply -f https://raw.githubusercontent.com/open-telemetry/opentelemetry-helm-charts/main/charts/opentelemetry-operator/crds/crd-opentelemetry.io_opampbridges.yaml\n
\u5982\u60a8\u662f\u79bb\u7ebf\u5b89\u88c5\uff0c\u53ef\u4ee5\u5728\u89e3\u538b insight-agent \u79bb\u7ebf\u5305\u540e\u53ef\u627e\u5230\u4e0a\u8ff0 CRD \u7684 yaml\uff0c\u89e3\u538b Insight-Agent Chart \u4e4b\u540e\u624b\u52a8\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a
kubectl apply -f charts/agent/crds/crd-opentelemetry.io_opampbridges.yaml\n
"},{"location":"end-user/insight/quickstart/install/upgrade-note.html#v019x-v020x","title":"\u4ece v0.19.x\uff08\u6216\u66f4\u4f4e\u7248\u672c\uff09\u5347\u7ea7\u5230 v0.20.x","text":"\u7531\u4e8e 0.20.x \u4e2d\u589e\u52a0\u4e86 Kafka \u65e5\u5fd7\u5bfc\u51fa\u914d\u7f6e\uff0c\u65e5\u5fd7\u5bfc\u51fa\u914d\u7f6e\u505a\u4e86\u4e00\u4e9b\u8c03\u6574\u3002\u5347\u7ea7 insight-agent \u4e4b\u524d\u9700\u8981\u6ce8\u610f\u53c2\u6570\u53d8\u5316\uff0c \u5373\u539f\u6765 logging \u7684\u914d\u7f6e\u5df2\u7ecf\u79fb\u5230\u4e86\u914d\u7f6e\u4e2d logging.elasticsearch\uff1a
- --set global.exporters.logging.host \\\n- --set global.exporters.logging.port \\\n+ --set global.exporters.logging.elasticsearch.host \\\n+ --set global.exporters.logging.elasticsearch.port \\\n
"},{"location":"end-user/insight/quickstart/install/upgrade-note.html#v017x-v018x_1","title":"\u4ece v0.17.x\uff08\u6216\u66f4\u4f4e\u7248\u672c\uff09\u5347\u7ea7\u5230 v0.18.x","text":"\u7531\u4e8e 0.18.x \u4e2d\u66f4\u65b0\u4e86 Jaeger \u76f8\u5173\u90e8\u7f72\u6587\u4ef6\uff0c\u56e0\u6b64\u9700\u8981\u5728\u5347\u7ea7 insight-agent \u524d\u9700\u8981\u6ce8\u610f\u53c2\u6570\u7684\u6539\u52a8\u3002
+ --set global.exporters.trace.enable=true \\\n- --set opentelemetry-collector.enabled=true \\\n- --set opentelemetry-operator.enabled=true \\\n
"},{"location":"end-user/insight/quickstart/install/upgrade-note.html#v016x-v017x","title":"\u4ece v0.16.x\uff08\u6216\u66f4\u4f4e\u7248\u672c\uff09\u5347\u7ea7\u5230 v0.17.x","text":"\u5728 v0.17.x \u7248\u672c\u4e2d\u5c06 kube-prometheus-stack chart \u7248\u672c\u4ece 41.9.1 \u5347\u7ea7\u81f3 45.28.1, \u5176\u4e2d\u4f7f\u7528\u7684 CRD \u4e5f\u5b58\u5728\u4e00\u4e9b\u5b57\u6bb5\u7684\u5347\u7ea7\uff0c\u5982 servicemonitor \u7684 attachMetadata \u5b57\u6bb5\uff0c\u56e0\u6b64\u9700\u8981\u5728\u5347\u7ea7 insight-agent \u524d\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff1a
kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.65.1/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --force-conflicts\n
\u5982\u60a8\u662f\u79bb\u7ebf\u5b89\u88c5\uff0c\u53ef\u4ee5\u5728\u89e3\u538b insight-agent \u79bb\u7ebf\u5305\u540e\uff0c\u5728 insight-agent/dependency-crds \u4e2d\u627e\u5230\u4e0a\u8ff0 CRD \u7684 yaml\u3002
"},{"location":"end-user/insight/quickstart/install/upgrade-note.html#v011x-v012x","title":"\u4ece v0.11.x\uff08\u6216\u66f4\u4f4e\u7248\u672c\uff09\u5347\u7ea7\u5230 v0.12.x","text":"\u5728 v0.12.x \u5c06 kube-prometheus-stack chart \u4ece 39.6.0 \u5347\u7ea7\u5230 41.9.1\uff0c\u5176\u4e2d\u5305\u62ec prometheus-operator \u5347\u7ea7\u5230 v0.60.1, prometheus-node-exporter chart \u5347\u7ea7\u5230 4.3.0 \u7b49\u3002 prometheus-node-exporter \u5347\u7ea7\u540e\u4f7f\u7528\u4e86 Kubernetes \u63a8\u8350 label\uff0c\u56e0\u6b64\u9700\u8981\u5728\u5347\u7ea7\u524d\u5220\u9664 node-exporter \u7684 DaemonSet\u3002 prometheus-operator \u66f4\u65b0\u4e86 CRD\uff0c\u56e0\u6b64\u9700\u8981\u5728\u5347\u7ea7 insight-agent \u524d\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff1a
kubectl delete daemonset insight-agent-prometheus-node-exporter -n insight-system\nkubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml --force-conflicts\nkubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml --force-conflicts\nkubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml --force-conflicts\nkubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml --force-conflicts\nkubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml --force-conflicts\nkubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml --force-conflicts\nkubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --force-conflicts\nkubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml --force-conflicts\n
Note
\u5982\u60a8\u662f\u79bb\u7ebf\u5b89\u88c5\uff0c\u53ef\u4ee5\u5728\u89e3\u538b insight-agent \u79bb\u7ebf\u5305\u540e\uff0c\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u66f4\u65b0 CRD\u3002
kubectl apply --server-side -f insight-agent/dependency-crds --force-conflicts\n
"},{"location":"end-user/insight/quickstart/otel/operator.html","title":"\u901a\u8fc7 Operator \u5b9e\u73b0\u5e94\u7528\u7a0b\u5e8f\u65e0\u4fb5\u5165\u589e\u5f3a","text":"\u76ee\u524d\u53ea\u6709 Java\u3001NodeJs\u3001Python\u3001.Net\u3001Golang \u652f\u6301 Operator \u7684\u65b9\u5f0f\u65e0\u4fb5\u5165\u63a5\u5165\u3002
"},{"location":"end-user/insight/quickstart/otel/operator.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u8bf7\u786e\u4fdd insight-agent \u5df2\u7ecf\u5c31\u7eea\u3002\u5982\u82e5\u6ca1\u6709\uff0c\u8bf7\u53c2\u8003\u5b89\u88c5 insight-agent \u91c7\u96c6\u6570\u636e\u5e76\u786e\u4fdd\u4ee5\u4e0b\u4e09\u9879\u5c31\u7eea\uff1a
Tip
\u4ece Insight v0.22.0 \u5f00\u59cb\uff0c\u4e0d\u518d\u9700\u8981\u624b\u52a8\u5b89\u88c5 Instrumentation CR\u3002
\u5728 insight-system
\u547d\u540d\u7a7a\u95f4\u4e0b\u5b89\u88c5\uff0c\u4e0d\u540c\u7248\u672c\u4e4b\u95f4\u6709\u4e00\u4e9b\u7ec6\u5c0f\u7684\u5dee\u522b\u3002
K8S_CLUSTER_UID=$(kubectl get namespace kube-system -o jsonpath='{.metadata.uid}')\nkubectl apply -f - <<EOF\napiVersion: opentelemetry.io/v1alpha1\nkind: Instrumentation\nmetadata:\n name: insight-opentelemetry-autoinstrumentation\n namespace: insight-system\nspec:\n # https://github.com/open-telemetry/opentelemetry-operator/blob/main/docs/api.md#instrumentationspecresource\n resource:\n addK8sUIDAttributes: true\n env:\n - name: OTEL_EXPORTER_OTLP_ENDPOINT\n value: http://insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317\n sampler:\n # Enum: always_on, always_off, traceidratio, parentbased_always_on, parentbased_always_off, parentbased_traceidratio, jaeger_remote, xray\n type: always_on\n java:\n image: ghcr.m.daocloud.io/openinsight-proj/autoinstrumentation-java:1.31.0\n env:\n - name: OTEL_JAVAAGENT_DEBUG\n value: \"false\"\n - name: OTEL_INSTRUMENTATION_JDBC_ENABLED\n value: \"true\"\n - name: SPLUNK_PROFILER_ENABLED\n value: \"false\"\n - name: OTEL_METRICS_EXPORTER\n value: \"prometheus\"\n - name: OTEL_METRICS_EXPORTER_PORT\n value: \"9464\"\n - name: OTEL_K8S_CLUSTER_UID\n value: $K8S_CLUSTER_UID\n nodejs:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-nodejs:0.41.1\n python:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-python:0.40b0\n dotnet:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-dotnet:1.0.0\n go:\n # Must set the default value manually for now.\n # See https://github.com/open-telemetry/opentelemetry-operator/issues/1756 for details.\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-go-instrumentation/autoinstrumentation-go:v0.2.2-alpha\nEOF\n
kubectl apply -f - <<EOF\napiVersion: opentelemetry.io/v1alpha1\nkind: Instrumentation\nmetadata:\n name: insight-opentelemetry-autoinstrumentation\n namespace: insight-system\nspec:\n # https://github.com/open-telemetry/opentelemetry-operator/blob/main/docs/api.md#instrumentationspecresource\n resource:\n addK8sUIDAttributes: true\n env:\n - name: OTEL_EXPORTER_OTLP_ENDPOINT\n value: http://insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317\n sampler:\n # Enum: always_on, always_off, traceidratio, parentbased_always_on, parentbased_always_off, parentbased_traceidratio, jaeger_remote, xray\n type: always_on\n java:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-java:1.29.0\n env:\n - name: OTEL_JAVAAGENT_DEBUG\n value: \"false\"\n - name: OTEL_INSTRUMENTATION_JDBC_ENABLED\n value: \"true\"\n - name: SPLUNK_PROFILER_ENABLED\n value: \"false\"\n - name: OTEL_METRICS_EXPORTER\n value: \"prometheus\"\n - name: OTEL_METRICS_EXPORTER_PORT\n value: \"9464\"\n nodejs:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-nodejs:0.41.1\n python:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-python:0.40b0\n dotnet:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-dotnet:1.0.0-rc.2\n go:\n # Must set the default value manually for now.\n # See https://github.com/open-telemetry/opentelemetry-operator/issues/1756 for details.\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-go-instrumentation/autoinstrumentation-go:v0.2.2-alpha\nEOF\n
kubectl apply -f - <<EOF\napiVersion: opentelemetry.io/v1alpha1\nkind: Instrumentation\nmetadata:\n name: insight-opentelemetry-autoinstrumentation\n namespace: insight-system\nspec:\n # https://github.com/open-telemetry/opentelemetry-operator/blob/main/docs/api.md#instrumentationspecresource\n resource:\n addK8sUIDAttributes: true\n env:\n - name: OTEL_EXPORTER_OTLP_ENDPOINT\n value: http://insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317\n sampler:\n # Enum: always_on, always_off, traceidratio, parentbased_always_on, parentbased_always_off, parentbased_traceidratio, jaeger_remote, xray\n type: always_on\n java:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-java:1.25.0\n env:\n - name: OTEL_JAVAAGENT_DEBUG\n value: \"false\"\n - name: OTEL_INSTRUMENTATION_JDBC_ENABLED\n value: \"true\"\n - name: SPLUNK_PROFILER_ENABLED\n value: \"false\"\n - name: OTEL_METRICS_EXPORTER\n value: \"prometheus\"\n - name: OTEL_METRICS_EXPORTER_PORT\n value: \"9464\"\n nodejs:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-nodejs:0.37.0\n python:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-python:0.38b0\n go:\n # Must set the default value manually for now.\n # See https://github.com/open-telemetry/opentelemetry-operator/issues/1756 for details.\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-go-instrumentation/autoinstrumentation-go:v0.2.1-alpha\nEOF\n
kubectl apply -f - <<EOF\napiVersion: opentelemetry.io/v1alpha1\nkind: Instrumentation\nmetadata:\n name: insight-opentelemetry-autoinstrumentation\n namespace: insight-system\nspec:\n # https://github.com/open-telemetry/opentelemetry-operator/blob/main/docs/api.md#instrumentationspecresource\n resource:\n addK8sUIDAttributes: true\n env:\n - name: OTEL_EXPORTER_OTLP_ENDPOINT\n value: http://insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317\n sampler:\n # Enum: always_on, always_off, traceidratio, parentbased_always_on, parentbased_always_off, parentbased_traceidratio, jaeger_remote, xray\n type: always_on\n java:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-java:1.23.0\n env:\n - name: OTEL_JAVAAGENT_DEBUG\n value: \"false\"\n - name: OTEL_INSTRUMENTATION_JDBC_ENABLED\n value: \"true\"\n - name: SPLUNK_PROFILER_ENABLED\n value: \"false\"\n - name: OTEL_METRICS_EXPORTER\n value: \"prometheus\"\n - name: OTEL_METRICS_EXPORTER_PORT\n value: \"9464\"\n nodejs:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-nodejs:0.34.0\n python:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-python:0.33b0\nEOF\n
kubectl apply -f - <<EOF\napiVersion: opentelemetry.io/v1alpha1\nkind: Instrumentation\nmetadata:\n name: insight-opentelemetry-autoinstrumentation\n namespace: insight-system\nspec:\n # https://github.com/open-telemetry/opentelemetry-operator/blob/main/docs/api.md#instrumentationspecresource\n resource:\n addK8sUIDAttributes: true\n env:\n - name: OTEL_EXPORTER_OTLP_ENDPOINT\n value: http://insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317\n sampler:\n # Enum: always_on, always_off, traceidratio, parentbased_always_on, parentbased_always_off, parentbased_traceidratio, jaeger_remote, xray\n type: always_on\n java:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-java:1.23.0\n env:\n - name: OTEL_JAVAAGENT_DEBUG\n value: \"false\"\n - name: OTEL_INSTRUMENTATION_JDBC_ENABLED\n value: \"true\"\n - name: SPLUNK_PROFILER_ENABLED\n value: \"false\"\n - name: OTEL_METRICS_EXPORTER\n value: \"prometheus\"\n - name: OTEL_METRICS_EXPORTER_PORT\n value: \"9464\"\n nodejs:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-nodejs:0.34.0\n python:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-python:0.33b0\nEOF\n
"},{"location":"end-user/insight/quickstart/otel/operator.html#_2","title":"\u4e0e\u670d\u52a1\u7f51\u683c\u94fe\u8def\u4e32\u8054\u573a\u666f","text":"\u5982\u679c\u60a8\u5f00\u542f\u4e86\u670d\u52a1\u7f51\u683c\u7684\u94fe\u8def\u8ffd\u8e2a\u80fd\u529b\uff0c\u9700\u8981\u989d\u5916\u589e\u52a0\u4e00\u4e2a\u73af\u5883\u53d8\u91cf\u6ce8\u5165\u7684\u914d\u7f6e\uff1a
"},{"location":"end-user/insight/quickstart/otel/operator.html#_3","title":"\u64cd\u4f5c\u6b65\u9aa4\u5982\u4e0b","text":"\u9009\u62e9 insight-system \u547d\u540d\u7a7a\u95f4\u540e\uff0c\u7f16\u8f91 insight-opentelemetry-autoinstrumentation \uff0c\u5728 spec:env: \u4e0b\u6dfb\u52a0\u4ee5\u4e0b\u5185\u5bb9\uff1a
- name: OTEL_SERVICE_NAME\n valueFrom:\n fieldRef:\n fieldPath: metadata.labels['app'] \n
\u5b8c\u6574\u7684\u547d\u4ee4\u5982\u4e0b\uff08For Insight v0.21.x\uff09\uff1a
K8S_CLUSTER_UID=$(kubectl get namespace kube-system -o jsonpath='{.metadata.uid}')\nkubectl apply -f - <<EOF\napiVersion: opentelemetry.io/v1alpha1\nkind: Instrumentation\nmetadata:\n name: insight-opentelemetry-autoinstrumentation\n namespace: insight-system\nspec:\n # https://github.com/open-telemetry/opentelemetry-operator/blob/main/docs/api.md#instrumentationspecresource\n resource:\n addK8sUIDAttributes: true\n env:\n - name: OTEL_EXPORTER_OTLP_ENDPOINT\n value: http://insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317\n - name: OTEL_SERVICE_NAME\n valueFrom:\n fieldRef:\n fieldPath: metadata.labels['app'] \n sampler:\n # Enum: always_on, always_off, traceidratio, parentbased_always_on, parentbased_always_off, parentbased_traceidratio, jaeger_remote, xray\n type: always_on\n java:\n image: ghcr.m.daocloud.io/openinsight-proj/autoinstrumentation-java:1.31.0\n env:\n - name: OTEL_JAVAAGENT_DEBUG\n value: \"false\"\n - name: OTEL_INSTRUMENTATION_JDBC_ENABLED\n value: \"true\"\n - name: SPLUNK_PROFILER_ENABLED\n value: \"false\"\n - name: OTEL_METRICS_EXPORTER\n value: \"prometheus\"\n - name: OTEL_METRICS_EXPORTER_PORT\n value: \"9464\"\n - name: OTEL_K8S_CLUSTER_UID\n value: $K8S_CLUSTER_UID\n nodejs:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-nodejs:0.41.1\n python:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-python:0.40b0\n dotnet:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-dotnet:1.0.0\n go:\n # Must set the default value manually for now.\n # See https://github.com/open-telemetry/opentelemetry-operator/issues/1756 for details.\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-go-instrumentation/autoinstrumentation-go:v0.2.2-alpha\nEOF\n
\u4ee5\u4e0a\u5c31\u7eea\u4e4b\u540e\uff0c\u60a8\u5c31\u53ef\u4ee5\u901a\u8fc7\u6ce8\u89e3\uff08Annotation\uff09\u65b9\u5f0f\u4e3a\u5e94\u7528\u7a0b\u5e8f\u63a5\u5165\u94fe\u8def\u8ffd\u8e2a\u4e86\uff0cOTel \u76ee\u524d\u652f\u6301\u901a\u8fc7\u6ce8\u89e3\u7684\u65b9\u5f0f\u63a5\u5165\u94fe\u8def\u3002 \u6839\u636e\u670d\u52a1\u8bed\u8a00\uff0c\u9700\u8981\u6dfb\u52a0\u4e0a\u4e0d\u540c\u7684 pod annotations\u3002\u6bcf\u4e2a\u670d\u52a1\u53ef\u6dfb\u52a0\u4e24\u7c7b\u6ce8\u89e3\u4e4b\u4e00\uff1a
\u53ea\u6ce8\u5165\u73af\u5883\u53d8\u91cf\u6ce8\u89e3
\u8fd9\u7c7b\u6ce8\u89e3\u53ea\u6709\u4e00\u4e2a\uff0c\u7528\u4e8e\u6dfb\u52a0 otel \u76f8\u5173\u7684\u73af\u5883\u53d8\u91cf\uff0c\u6bd4\u5982\u94fe\u8def\u4e0a\u62a5\u5730\u5740\u3001\u5bb9\u5668\u6240\u5728\u7684\u96c6\u7fa4 id\u3001\u547d\u540d\u7a7a\u95f4\u7b49\uff08\u8fd9\u4e2a\u6ce8\u89e3\u5728\u5e94\u7528\u4e0d\u652f\u6301\u81ea\u52a8\u63a2\u9488\u8bed\u8a00\u65f6\u5341\u5206\u6709\u7528\uff09
instrumentation.opentelemetry.io/inject-sdk: \"insight-system/insight-opentelemetry-autoinstrumentation\"\n
\u5176\u4e2d value \u88ab /
\u5206\u6210\u4e24\u90e8\u5206\uff0c\u7b2c\u4e00\u4e2a\u503c (insight-system) \u662f\u4e0a\u4e00\u6b65\u5b89\u88c5\u7684 CR \u7684\u547d\u540d\u7a7a\u95f4\uff0c \u7b2c\u4e8c\u4e2a\u503c (insight-opentelemetry-autoinstrumentation) \u662f\u8fd9\u4e2a CR \u7684\u540d\u5b57\u3002
\u81ea\u52a8\u63a2\u9488\u6ce8\u5165\u4ee5\u53ca\u73af\u5883\u53d8\u91cf\u6ce8\u5165\u6ce8\u89e3
\u8fd9\u7c7b\u6ce8\u89e3\u76ee\u524d\u6709 4 \u4e2a\uff0c\u5206\u522b\u5bf9\u5e94 4 \u79cd\u4e0d\u540c\u7684\u7f16\u7a0b\u8bed\u8a00\uff1ajava\u3001nodejs\u3001python\u3001dotnet\uff0c \u4f7f\u7528\u5b83\u540e\u5c31\u4f1a\u5bf9 spec.pod \u4e0b\u7684\u7b2c\u4e00\u4e2a\u5bb9\u5668\u6ce8\u5165\u81ea\u52a8\u63a2\u9488\u4ee5\u53ca otel \u9ed8\u8ba4\u73af\u5883\u53d8\u91cf\uff1a
Java \u5e94\u7528NodeJs \u5e94\u7528Python \u5e94\u7528Dotnet \u5e94\u7528Golang \u5e94\u7528instrumentation.opentelemetry.io/inject-java: \"insight-system/insight-opentelemetry-autoinstrumentation\"\n
instrumentation.opentelemetry.io/inject-nodejs: \"insight-system/insight-opentelemetry-autoinstrumentation\"\n
instrumentation.opentelemetry.io/inject-python: \"insight-system/insight-opentelemetry-autoinstrumentation\"\n
instrumentation.opentelemetry.io/inject-dotnet: \"insight-system/insight-opentelemetry-autoinstrumentation\"\n
\u7531\u4e8e Go \u81ea\u52a8\u68c0\u6d4b\u9700\u8981\u8bbe\u7f6e OTEL_GO_AUTO_TARGET_EXE\uff0c \u56e0\u6b64\u60a8\u5fc5\u987b\u901a\u8fc7\u6ce8\u89e3\u6216 Instrumentation \u8d44\u6e90\u63d0\u4f9b\u6709\u6548\u7684\u53ef\u6267\u884c\u8def\u5f84\u3002\u672a\u8bbe\u7f6e\u6b64\u503c\u4f1a\u5bfc\u81f4 Go \u81ea\u52a8\u68c0\u6d4b\u6ce8\u5165\u4e2d\u6b62\uff0c\u4ece\u800c\u5bfc\u81f4\u63a5\u5165\u94fe\u8def\u5931\u8d25\u3002
instrumentation.opentelemetry.io/inject-go: \"insight-system/insight-opentelemetry-autoinstrumentation\"\ninstrumentation.opentelemetry.io/otel-go-auto-target-exe: \"/path/to/container/executable\"\n
Go \u81ea\u52a8\u68c0\u6d4b\u4e5f\u9700\u8981\u63d0\u5347\u6743\u9650\u3002\u4ee5\u4e0b\u6743\u9650\u662f\u81ea\u52a8\u8bbe\u7f6e\u7684\u5e76\u4e14\u662f\u5fc5\u9700\u7684\u3002
securityContext:\n privileged: true\n runAsUser: 0\n
Tip
OpenTelemetry Operator \u5728\u6ce8\u5165\u63a2\u9488\u65f6\u4f1a\u81ea\u52a8\u6dfb\u52a0\u4e00\u4e9b OTel \u76f8\u5173\u73af\u5883\u53d8\u91cf\uff0c\u540c\u65f6\u4e5f\u652f\u6301\u8fd9\u4e9b\u73af\u5883\u53d8\u91cf\u7684\u8986\u76d6\u3002\u8fd9\u4e9b\u73af\u5883\u53d8\u91cf\u7684\u8986\u76d6\u4f18\u5148\u7ea7\uff1a
original container env vars -> language specific env vars -> common env vars -> instrument spec configs' vars\n
\u4f46\u662f\u9700\u8981\u907f\u514d\u624b\u52a8\u8986\u76d6 OTEL_RESOURCE_ATTRIBUTES_NODE_NAME\uff0c\u5b83\u5728 Operator \u5185\u90e8\u4f5c\u4e3a\u4e00\u4e2a Pod \u662f\u5426\u5df2\u7ecf\u6ce8\u5165\u63a2\u9488\u7684\u6807\u8bc6\uff0c\u5982\u679c\u624b\u52a8\u6dfb\u52a0\u4e86\uff0c\u63a2\u9488\u53ef\u80fd\u65e0\u6cd5\u6ce8\u5165\u3002
"},{"location":"end-user/insight/quickstart/otel/operator.html#demo","title":"\u81ea\u52a8\u6ce8\u5165\u793a\u4f8b Demo","text":"\u6ce8\u610f\u8fd9\u4e2a annotations
\u662f\u52a0\u5728 spec.annotations \u4e0b\u7684\u3002
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: my-app\n labels:\n app: my-app\nspec:\n selector:\n matchLabels:\n app: my-app\n replicas: 1\n template:\n metadata:\n labels:\n app: my-app\n annotations:\n instrumentation.opentelemetry.io/inject-java: \"insight-system/insight-opentelemetry-autoinstrumentation\"\n spec:\n containers:\n - name: myapp\n image: jaegertracing/vertx-create-span:operator-e2e-tests\n ports:\n - containerPort: 8080\n protocol: TCP\n
\u6700\u7ec8\u751f\u6210\u7684 YAML \u5185\u5bb9\u5982\u4e0b\uff1a
apiVersion: v1\nkind: Pod\nmetadata:\n name: my-deployment-with-sidecar-565bd877dd-nqkk6\n generateName: my-deployment-with-sidecar-565bd877dd-\n namespace: default\n uid: aa89ca0d-620c-4d20-8bc1-37d67bad4ea4\n resourceVersion: '2668986'\n creationTimestamp: '2022-04-08T05:58:48Z'\n labels:\n app: my-pod-with-sidecar\n pod-template-hash: 565bd877dd\n annotations:\n cni.projectcalico.org/containerID: 234eae5e55ea53db2a4bc2c0384b9a1021ed3908f82a675e4a92a49a7e80dd61\n cni.projectcalico.org/podIP: 192.168.134.133/32\n cni.projectcalico.org/podIPs: 192.168.134.133/32\n instrumentation.opentelemetry.io/inject-java: \"insight-system/insight-opentelemetry-autoinstrumentation\"\nspec:\n volumes:\n - name: kube-api-access-sp2mz\n projected:\n sources:\n - serviceAccountToken:\n expirationSeconds: 3607\n path: token\n - configMap:\n name: kube-root-ca.crt\n items:\n - key: ca.crt\n path: ca.crt\n - downwardAPI:\n items:\n - path: namespace\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n defaultMode: 420\n - name: opentelemetry-auto-instrumentation\n emptyDir: {}\n initContainers:\n - name: opentelemetry-auto-instrumentation\n image: >-\n ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-java\n command:\n - cp\n - /javaagent.jar\n - /otel-auto-instrumentation/javaagent.jar\n resources: {}\n volumeMounts:\n - name: opentelemetry-auto-instrumentation\n mountPath: /otel-auto-instrumentation\n - name: kube-api-access-sp2mz\n readOnly: true\n mountPath: /var/run/secrets/kubernetes.io/serviceaccount\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: Always\n containers:\n - name: myapp\n image: ghcr.io/pavolloffay/spring-petclinic:latest\n env:\n - name: OTEL_JAVAAGENT_DEBUG\n value: 'true'\n - name: OTEL_INSTRUMENTATION_JDBC_ENABLED\n value: 'true'\n - name: SPLUNK_PROFILER_ENABLED\n value: 'false'\n - name: JAVA_TOOL_OPTIONS\n value: ' -javaagent:/otel-auto-instrumentation/javaagent.jar'\n - name: OTEL_TRACES_EXPORTER\n value: otlp\n - name: OTEL_EXPORTER_OTLP_ENDPOINT\n value: http://insight-agent-opentelemetry-collector.svc.cluster.local:4317\n - name: OTEL_EXPORTER_OTLP_TIMEOUT\n value: '20'\n - name: OTEL_TRACES_SAMPLER\n value: parentbased_traceidratio\n - name: OTEL_TRACES_SAMPLER_ARG\n value: '0.85'\n - name: SPLUNK_TRACE_RESPONSE_HEADER_ENABLED\n value: 'true'\n - name: OTEL_SERVICE_NAME\n value: my-deployment-with-sidecar\n - name: OTEL_RESOURCE_ATTRIBUTES_POD_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.name\n - name: OTEL_RESOURCE_ATTRIBUTES_POD_UID\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.uid\n - name: OTEL_RESOURCE_ATTRIBUTES_NODE_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: spec.nodeName\n - name: OTEL_RESOURCE_ATTRIBUTES\n value: >-\n k8s.container.name=myapp,k8s.deployment.name=my-deployment-with-sidecar,k8s.deployment.uid=8de6929d-dda0-436c-bca1-604e9ca7ea4e,k8s.namespace.name=default,k8s.node.name=$(OTEL_RESOURCE_ATTRIBUTES_NODE_NAME),k8s.pod.name=$(OTEL_RESOURCE_ATTRIBUTES_POD_NAME),k8s.pod.uid=$(OTEL_RESOURCE_ATTRIBUTES_POD_UID),k8s.replicaset.name=my-deployment-with-sidecar-565bd877dd,k8s.replicaset.uid=190d5f6e-ba7f-4794-b2e6-390b5879a6c4\n - name: OTEL_PROPAGATORS\n value: jaeger,b3\n resources: {}\n volumeMounts:\n - name: kube-api-access-sp2mz\n readOnly: true\n mountPath: /var/run/secrets/kubernetes.io/serviceaccount\n - name: opentelemetry-auto-instrumentation\n mountPath: /otel-auto-instrumentation\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: Always\n restartPolicy: Always\n terminationGracePeriodSeconds: 30\n dnsPolicy: ClusterFirst\n serviceAccountName: default\n serviceAccount: default\n nodeName: k8s-master3\n securityContext:\n runAsUser: 1000\n runAsGroup: 3000\n fsGroup: 2000\n schedulerName: default-scheduler\n tolerations:\n - key: node.kubernetes.io/not-ready\n operator: Exists\n effect: NoExecute\n tolerationSeconds: 300\n - key: node.kubernetes.io/unreachable\n operator: Exists\n effect: NoExecute\n tolerationSeconds: 300\n priority: 0\n enableServiceLinks: true\n preemptionPolicy: PreemptLowerPriority\n
"},{"location":"end-user/insight/quickstart/otel/operator.html#_5","title":"\u94fe\u8def\u67e5\u8be2","text":"\u5982\u4f55\u67e5\u8be2\u5df2\u7ecf\u63a5\u5165\u7684\u670d\u52a1\uff0c\u53c2\u8003\u94fe\u8def\u67e5\u8be2\u3002
"},{"location":"end-user/insight/quickstart/otel/otel.html","title":"\u4f7f\u7528 OTel \u8d4b\u4e88\u5e94\u7528\u53ef\u89c2\u6d4b\u6027","text":"\u589e\u5f3a\u662f\u4f7f\u5e94\u7528\u7a0b\u5e8f\u4ee3\u7801\u80fd\u591f\u751f\u6210\u9065\u6d4b\u6570\u636e\u7684\u8fc7\u7a0b\u3002\u5373\u4e00\u4e9b\u53ef\u4ee5\u5e2e\u52a9\u60a8\u76d1\u89c6\u6216\u6d4b\u91cf\u5e94\u7528\u7a0b\u5e8f\u7684\u6027\u80fd\u548c\u72b6\u6001\u7684\u4e1c\u897f\u3002
OpenTelemetry \u662f\u9886\u5148\u7684\u5f00\u6e90\u9879\u76ee\uff0c\u4e3a\u4e3b\u8981\u7f16\u7a0b\u8bed\u8a00\u548c\u6d41\u884c\u6846\u67b6\u63d0\u4f9b\u68c0\u6d4b\u5e93\u3002\u5b83\u662f\u4e91\u539f\u751f\u8ba1\u7b97\u57fa\u91d1\u4f1a\u4e0b\u7684\u4e00\u4e2a\u9879\u76ee\uff0c\u5f97\u5230\u4e86\u793e\u533a\u5e9e\u5927\u8d44\u6e90\u7684\u652f\u6301\u3002 \u5b83\u4e3a\u91c7\u96c6\u7684\u6570\u636e\u63d0\u4f9b\u6807\u51c6\u5316\u7684\u6570\u636e\u683c\u5f0f\uff0c\u65e0\u9700\u96c6\u6210\u7279\u5b9a\u7684\u4f9b\u5e94\u5546\u3002
Insight \u652f\u6301\u7528\u4e8e\u68c0\u6d4b\u5e94\u7528\u7a0b\u5e8f\u7684 OpenTelemetry \u6765\u589e\u5f3a\u60a8\u7684\u5e94\u7528\u7a0b\u5e8f\u3002
\u672c\u6307\u5357\u4ecb\u7ecd\u4e86\u4f7f\u7528 OpenTelemetry \u8fdb\u884c\u9065\u6d4b\u589e\u5f3a\u7684\u57fa\u672c\u6982\u5ff5\u3002 OpenTelemetry \u8fd8\u6709\u4e00\u4e2a\u7531\u5e93\u3001\u63d2\u4ef6\u3001\u96c6\u6210\u548c\u5176\u4ed6\u6709\u7528\u5de5\u5177\u7ec4\u6210\u7684\u751f\u6001\u7cfb\u7edf\u6765\u6269\u5c55\u5b83\u3002 \u60a8\u53ef\u4ee5\u5728 Otel Registry \u4e2d\u627e\u5230\u8fd9\u4e9b\u8d44\u6e90\u3002
\u60a8\u53ef\u4ee5\u4f7f\u7528\u4efb\u4f55\u5f00\u653e\u6807\u51c6\u5e93\u8fdb\u884c\u9065\u6d4b\u589e\u5f3a\uff0c\u5e76\u4f7f\u7528 Insight \u4f5c\u4e3a\u53ef\u89c2\u5bdf\u6027\u540e\u7aef\u6765\u6444\u53d6\u3001\u5206\u6790\u548c\u53ef\u89c6\u5316\u6570\u636e\u3002
\u4e3a\u4e86\u589e\u5f3a\u60a8\u7684\u4ee3\u7801\uff0c\u60a8\u53ef\u4ee5\u4f7f\u7528 OpenTelemetry \u4e3a\u7279\u5b9a\u8bed\u8a00\u63d0\u4f9b\u7684\u589e\u5f3a\u64cd\u4f5c\uff1a
Insight \u76ee\u524d\u63d0\u4f9b\u4e86\u4f7f\u7528 OpenTelemetry \u589e\u5f3a .Net NodeJS\u3001Java\u3001Python \u548c Golang \u5e94\u7528\u7a0b\u5e8f\u7684\u7b80\u5355\u65b9\u6cd5\u3002\u8bf7\u9075\u5faa\u4ee5\u4e0b\u6307\u5357\u3002
"},{"location":"end-user/insight/quickstart/otel/otel.html#_1","title":"\u94fe\u8def\u589e\u5f3a","text":"\u6b64\u6587\u6863\u4e3b\u8981\u63cf\u8ff0\u5ba2\u6237\u5e94\u7528\u5982\u4f55\u81ea\u884c\u5c06\u94fe\u8def\u6570\u636e\u4e0a\u62a5\u7ed9 Insight\u3002\u4e3b\u8981\u5305\u542b\u5982\u4e0b\u4e24\u79cd\u573a\u666f\uff1a
\u5728\u6bcf\u4e2a\u5df2\u5b89\u88c5 Insight Agent \u7684\u96c6\u7fa4\u4e2d\u90fd\u6709 insight-agent-otel-col \u7ec4\u4ef6\u7528\u4e8e\u7edf\u4e00\u63a5\u6536\u8be5\u96c6\u7fa4\u7684\u94fe\u8def\u6570\u636e\u3002 \u56e0\u6b64\uff0c\u8be5\u7ec4\u4ef6\u4f5c\u4e3a\u7528\u6237\u63a5\u5165\u4fa7\u7684\u5165\u53e3\uff0c\u9700\u8981\u5148\u83b7\u53d6\u8be5\u5730\u5740\u3002\u53ef\u4ee5\u901a\u8fc7 AI \u7b97\u529b\u4e2d\u5fc3 \u754c\u9762\u83b7\u53d6\u8be5\u96c6\u7fa4 Opentelemtry Collector \u7684\u5730\u5740\uff0c \u6bd4\u5982 insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317 \uff1a
\u9664\u6b64\u4e4b\u5916\uff0c\u9488\u5bf9\u4e0d\u540c\u4e0a\u62a5\u65b9\u5f0f\uff0c\u6709\u4e00\u4e9b\u7ec6\u5fae\u5dee\u522b\uff1a
"},{"location":"end-user/insight/quickstart/otel/send_tracing_to_insight.html#otel-agentsdk-insight-agent-opentelemtry-collector","title":"\u5ba2\u6237\u5e94\u7528\u901a\u8fc7 OTel Agent/SDK \u4e0a\u62a5\u94fe\u8def\u7ed9 Insight Agent Opentelemtry Collector","text":"\u4e3a\u4e86\u80fd\u591f\u5c06\u94fe\u8def\u6570\u636e\u6b63\u5e38\u4e0a\u62a5\u81f3 Insight \u5e76\u80fd\u591f\u5728 Insight \u6b63\u5e38\u5c55\u793a\uff0c\u9700\u8981\u5e76\u5efa\u8bae\u901a\u8fc7\u5982\u4e0b\u73af\u5883\u53d8\u91cf\u63d0\u4f9b OTLP \u6240\u9700\u7684\u5143\u6570\u636e (Resource Attribute)\uff0c\u6709\u4e24\u79cd\u65b9\u5f0f\u53ef\u5b9e\u73b0\uff1a
\u5728\u90e8\u7f72\u6587\u4ef6 YAML \u4e2d\u624b\u52a8\u6dfb\u52a0\uff0c\u4f8b\u5982\uff1a
...\n- name: OTEL_EXPORTER_OTLP_ENDPOINT\n value: \"http://insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317\"\n- name: \"OTEL_SERVICE_NAME\"\n value: my-java-app-name\n- name: \"OTEL_K8S_NAMESPACE\"\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n- name: OTEL_RESOURCE_ATTRIBUTES_NODE_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: spec.nodeName\n- name: OTEL_RESOURCE_ATTRIBUTES_POD_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.name\n- name: OTEL_RESOURCE_ATTRIBUTES\n value: \"k8s.namespace.name=$(OTEL_K8S_NAMESPACE),k8s.node.name=$(OTEL_RESOURCE_ATTRIBUTES_NODE_NAME),k8s.pod.name=$(OTEL_RESOURCE_ATTRIBUTES_POD_NAME)\"\n
\u5229\u7528 Insight Agent \u81ea\u52a8\u6ce8\u5165\u5982\u4e0a\u5143\u6570\u636e (Resource Attribute) \u80fd\u529b
\u786e\u4fdd Insight Agent \u6b63\u5e38\u5de5\u4f5c\u5e76 \u5b89\u88c5 Instrumentation CR \u4e4b\u540e\uff0c \u53ea\u9700\u8981\u4e3a Pod \u6dfb\u52a0\u5982\u4e0b Annotation \u5373\u53ef\uff1a
instrumentation.opentelemetry.io/inject-sdk: \"insight-system/insight-opentelemetry-autoinstrumentation\"\n
\u4e3e\u4f8b\uff1a
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: my-deployment-with-aotu-instrumentation\nspec:\n selector:\n matchLabels:\n app.kubernetes.io/name: my-deployment-with-aotu-instrumentation-kuberntes\n replicas: 1\n template:\n metadata:\n labels:\n app.kubernetes.io/name: my-deployment-with-aotu-instrumentation-kuberntes\n annotations:\n sidecar.opentelemetry.io/inject: \"false\"\n instrumentation.opentelemetry.io/inject-sdk: \"insight-system/insight-opentelemetry-autoinstrumentation\"\n
\u5728\u4fdd\u8bc1\u5e94\u7528\u6dfb\u52a0\u4e86\u5982\u4e0a\u5143\u6570\u636e\u4e4b\u540e\uff0c\u53ea\u9700\u5728\u5ba2\u6237 Opentelemtry Collector \u91cc\u9762\u65b0\u589e\u4e00\u4e2a OTLP Exporter \u5c06\u94fe\u8def\u6570\u636e\u8f6c\u53d1\u7ed9 Insight Agent Opentelemtry Collector \u5373\u53ef\uff0c\u5982\u4e0b Opentelemtry Collector \u914d\u7f6e\u6587\u4ef6\u6240\u793a\uff1a
...\nexporters:\n otlp/insight:\n endpoint: insight-opentelemetry-collector.insight-system.svc.cluster.local:4317\nservice:\n...\npipelines:\n...\ntraces:\n exporters:\n - otlp/insight\n
"},{"location":"end-user/insight/quickstart/otel/send_tracing_to_insight.html#_1","title":"\u53c2\u8003","text":"Golang \u65e0\u4fb5\u5165\u5f0f\u63a5\u5165\u94fe\u8def\u8bf7\u53c2\u8003 \u901a\u8fc7 Operator \u5b9e\u73b0\u5e94\u7528\u7a0b\u5e8f\u65e0\u4fb5\u5165\u589e\u5f3a \u6587\u6863\uff0c\u901a\u8fc7\u6ce8\u89e3\u5b9e\u73b0\u81ea\u52a8\u63a5\u5165\u94fe\u8def\u3002
OpenTelemetry \u4e5f\u7b80\u79f0\u4e3a OTel\uff0c\u662f\u4e00\u4e2a\u5f00\u6e90\u7684\u53ef\u89c2\u6d4b\u6027\u6846\u67b6\uff0c\u53ef\u4ee5\u5e2e\u52a9\u5728 Go \u5e94\u7528\u7a0b\u5e8f\u4e2d\u751f\u6210\u548c\u6536\u96c6\u9065\u6d4b\u6570\u636e\uff1a\u94fe\u8def\u3001\u6307\u6807\u548c\u65e5\u5fd7\u3002
\u672c\u6587\u4e3b\u8981\u8bb2\u89e3\u5982\u4f55\u5728 Go \u5e94\u7528\u7a0b\u5e8f\u4e2d\u901a\u8fc7 OpenTelemetry Go SDK \u589e\u5f3a\u5e76\u63a5\u5165\u94fe\u8def\u76d1\u63a7\u3002
"},{"location":"end-user/insight/quickstart/otel/golang/golang.html#otel-sdk-go_1","title":"\u4f7f\u7528 OTel SDK \u589e\u5f3a Go \u5e94\u7528","text":""},{"location":"end-user/insight/quickstart/otel/golang/golang.html#_1","title":"\u5b89\u88c5\u76f8\u5173\u4f9d\u8d56","text":"\u5fc5\u987b\u5148\u5b89\u88c5\u4e0e OpenTelemetry exporter \u548c SDK \u76f8\u5173\u7684\u4f9d\u8d56\u9879\u3002\u5982\u679c\u60a8\u6b63\u5728\u4f7f\u7528\u5176\u4ed6\u8bf7\u6c42\u8def\u7531\u5668\uff0c\u8bf7\u53c2\u8003\u8bf7\u6c42\u8def\u7531\u3002 \u5207\u6362/\u8fdb\u5165\u5230\u5e94\u7528\u7a0b\u5e8f\u6e90\u6587\u4ef6\u5939\u540e\u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a
go get go.opentelemetry.io/otel@v1.19.0 \\\n go.opentelemetry.io/otel/trace@v1.19.0 \\\n go.opentelemetry.io/otel/sdk@v1.19.0 \\\n go.opentelemetry.io/contrib/instrumentation/github.com/gin-gonic/gin/otelgin@v0.46.1 \\\n go.opentelemetry.io/otel/exporters/otlp/otlptrace@v1.19.0 \\\n go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@v1.19.0\n
"},{"location":"end-user/insight/quickstart/otel/golang/golang.html#otel-sdk","title":"\u4f7f\u7528 OTel SDK \u521b\u5efa\u521d\u59cb\u5316\u51fd\u6570","text":"\u4e3a\u4e86\u8ba9\u5e94\u7528\u7a0b\u5e8f\u80fd\u591f\u53d1\u9001\u6570\u636e\uff0c\u9700\u8981\u4e00\u4e2a\u51fd\u6570\u6765\u521d\u59cb\u5316 OpenTelemetry\u3002\u5728 main.go \u6587\u4ef6\u4e2d\u6dfb\u52a0\u4ee5\u4e0b\u4ee3\u7801\u7247\u6bb5:
import (\n \"context\"\n \"os\"\n \"time\"\n\n \"go.opentelemetry.io/otel\"\n \"go.opentelemetry.io/otel/exporters/otlp/otlptrace\"\n \"go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc\"\n \"go.opentelemetry.io/otel/propagation\"\n \"go.opentelemetry.io/otel/sdk/resource\"\n sdktrace \"go.opentelemetry.io/otel/sdk/trace\"\n semconv \"go.opentelemetry.io/otel/semconv/v1.7.0\"\n \"go.uber.org/zap\"\n \"google.golang.org/grpc\"\n)\n\nvar tracerExp *otlptrace.Exporter\n\nfunc retryInitTracer() func() {\n var shutdown func()\n go func() {\n for {\n // otel will reconnected and re-send spans when otel col recover. so, we don't need to re-init tracer exporter.\n if tracerExp == nil {\n shutdown = initTracer()\n } else {\n break\n }\n time.Sleep(time.Minute * 5)\n }\n }()\n return shutdown\n}\n\nfunc initTracer() func() {\n // temporarily set timeout to 10s\n ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)\n defer cancel()\n\n serviceName, ok := os.LookupEnv(\"OTEL_SERVICE_NAME\")\n if !ok {\n serviceName = \"server_name\"\n os.Setenv(\"OTEL_SERVICE_NAME\", serviceName)\n }\n otelAgentAddr, ok := os.LookupEnv(\"OTEL_EXPORTER_OTLP_ENDPOINT\")\n if !ok {\n otelAgentAddr = \"http://localhost:4317\"\n os.Setenv(\"OTEL_EXPORTER_OTLP_ENDPOINT\", otelAgentAddr)\n }\n zap.S().Infof(\"OTLP Trace connect to: %s with service name: %s\", otelAgentAddr, serviceName)\n\n traceExporter, err := otlptracegrpc.New(ctx, otlptracegrpc.WithInsecure(), otlptracegrpc.WithDialOption(grpc.WithBlock()))\n if err != nil {\n handleErr(err, \"OTLP Trace gRPC Creation\")\n return nil\n }\n\n tracerProvider := sdktrace.NewTracerProvider(\n sdktrace.WithBatcher(traceExporter),\n sdktrace.WithSampler(sdktrace.AlwaysSample()),\n sdktrace.WithResource(resource.NewWithAttributes(semconv.SchemaURL)))\n\n otel.SetTracerProvider(tracerProvider)\n otel.SetTextMapPropagator(propagation.NewCompositeTextMapPropagator(propagation.TraceContext{}, propagation.Baggage{}))\n\n tracerExp = traceExporter\n return func() {\n // Shutdown will flush any remaining spans and shut down the exporter.\n handleErr(tracerProvider.Shutdown(ctx), \"failed to shutdown TracerProvider\")\n }\n}\n\nfunc handleErr(err error, message string) {\n if err != nil {\n zap.S().Errorf(\"%s: %v\", message, err)\n }\n}\n
"},{"location":"end-user/insight/quickstart/otel/golang/golang.html#maingo","title":"\u5728 main.go \u4e2d\u521d\u59cb\u5316\u8ddf\u8e2a\u5668","text":"\u4fee\u6539 main \u51fd\u6570\u4ee5\u5728 main.go \u4e2d\u521d\u59cb\u5316\u8ddf\u8e2a\u5668\u3002\u53e6\u5916\u5f53\u60a8\u7684\u670d\u52a1\u5173\u95ed\u65f6\uff0c\u5e94\u8be5\u8c03\u7528 TracerProvider.Shutdown() \u786e\u4fdd\u5bfc\u51fa\u6240\u6709 Span\u3002\u8be5\u670d\u52a1\u5c06\u8be5\u8c03\u7528\u4f5c\u4e3a\u4e3b\u51fd\u6570\u4e2d\u7684\u5ef6\u8fdf\u51fd\u6570\uff1a
func main() {\n // start otel tracing\n if shutdown := retryInitTracer(); shutdown != nil {\n defer shutdown()\n }\n ......\n}\n
"},{"location":"end-user/insight/quickstart/otel/golang/golang.html#otel-gin","title":"\u4e3a\u5e94\u7528\u6dfb\u52a0 OTel Gin \u4e2d\u95f4\u4ef6","text":"\u901a\u8fc7\u5728 main.go \u4e2d\u6dfb\u52a0\u4ee5\u4e0b\u884c\u6765\u914d\u7f6e Gin \u4ee5\u4f7f\u7528\u4e2d\u95f4\u4ef6:
import (\n ....\n \"go.opentelemetry.io/contrib/instrumentation/github.com/gin-gonic/gin/otelgin\"\n)\n\nfunc main() {\n ......\n r := gin.Default()\n r.Use(otelgin.Middleware(\"my-app\"))\n ......\n}\n
"},{"location":"end-user/insight/quickstart/otel/golang/golang.html#_2","title":"\u8fd0\u884c\u5e94\u7528\u7a0b\u5e8f","text":"\u672c\u5730\u8c03\u8bd5\u8fd0\u884c
\u6ce8\u610f: \u6b64\u6b65\u9aa4\u4ec5\u7528\u4e8e\u672c\u5730\u5f00\u53d1\u8c03\u8bd5\uff0c\u751f\u4ea7\u73af\u5883\u4e2d Operator \u4f1a\u81ea\u52a8\u5b8c\u6210\u4ee5\u4e0b\u73af\u5883\u53d8\u91cf\u7684\u6ce8\u5165\u3002
\u4ee5\u4e0a\u6b65\u9aa4\u5df2\u7ecf\u5b8c\u6210\u4e86\u521d\u59cb\u5316 SDK \u7684\u5de5\u4f5c\uff0c\u73b0\u5728\u5982\u679c\u9700\u8981\u5728\u672c\u5730\u5f00\u53d1\u8fdb\u884c\u8c03\u8bd5\uff0c\u9700\u8981\u63d0\u524d\u83b7\u53d6\u5230 insight-system \u547d\u540d\u7a7a\u95f4\u4e0b insight-agent-opentelemerty-collector \u7684\u5730\u5740\uff0c\u5047\u8bbe\u4e3a\uff1a insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317 \u3002
\u56e0\u6b64\uff0c\u53ef\u4ee5\u5728\u4f60\u672c\u5730\u542f\u52a8\u5e94\u7528\u7a0b\u5e8f\u7684\u65f6\u5019\u6dfb\u52a0\u5982\u4e0b\u73af\u5883\u53d8\u91cf\uff1a
OTEL_SERVICE_NAME=my-golang-app OTEL_EXPORTER_OTLP_ENDPOINT=http://insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317 go run main.go...\n
\u751f\u4ea7\u73af\u5883\u8fd0\u884c
\u8bf7\u53c2\u8003\u901a\u8fc7 Operator \u5b9e\u73b0\u5e94\u7528\u7a0b\u5e8f\u65e0\u4fb5\u5165\u589e\u5f3a \u4e2d \u53ea\u6ce8\u5165\u73af\u5883\u53d8\u91cf\u6ce8\u89e3 \u76f8\u5173\u4ecb\u7ecd\uff0c\u4e3a deployment yaml \u6dfb\u52a0\u6ce8\u89e3\uff1a
instrumentation.opentelemetry.io/inject-sdk: \"insight-system/insight-opentelemetry-autoinstrumentation\"\n
\u5982\u679c\u65e0\u6cd5\u4f7f\u7528\u6ce8\u89e3\u7684\u65b9\u5f0f\uff0c\u60a8\u53ef\u4ee5\u624b\u52a8\u5728 deployment yaml \u6dfb\u52a0\u5982\u4e0b\u73af\u5883\u53d8\u91cf\uff1a
\u00b7\u00b7\u00b7\u00b7\u00b7\u00b7\nenv:\n - name: OTEL_EXPORTER_OTLP_ENDPOINT\n value: 'http://insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317'\n - name: OTEL_SERVICE_NAME\n value: \"your depolyment name\" # (1)!\n - name: OTEL_K8S_NAMESPACE\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n - name: OTEL_RESOURCE_ATTRIBUTES_NODE_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: spec.nodeName\n - name: OTEL_RESOURCE_ATTRIBUTES_POD_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.name\n - name: OTEL_RESOURCE_ATTRIBUTES\n value: 'k8s.namespace.name=$(OTEL_K8S_NAMESPACE),k8s.node.name=$(OTEL_RESOURCE_ATTRIBUTES_NODE_NAME),k8s.pod.name=$(OTEL_RESOURCE_ATTRIBUTES_POD_NAME)'\n\u00b7\u00b7\u00b7\u00b7\u00b7\u00b7\n
# Add one line to your import() stanza depending upon your request router:\nmiddleware \"go.opentelemetry.io/contrib/instrumentation/github.com/gin-gonic/gin/otelgin\"\n
\u7136\u540e\u6ce8\u5165 OpenTelemetry \u4e2d\u95f4\u4ef6\uff1a
router.Use(middleware.Middleware(\"my-app\"))\n
"},{"location":"end-user/insight/quickstart/otel/golang/golang.html#opentelemetry-gorillamux","title":"OpenTelemetry gorillamux \u589e\u5f3a","text":"# Add one line to your import() stanza depending upon your request router:\nmiddleware \"go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux\"\n
\u7136\u540e\u6ce8\u5165 OpenTelemetry \u4e2d\u95f4\u4ef6\uff1a
router.Use(middleware.Middleware(\"my-app\"))\n
"},{"location":"end-user/insight/quickstart/otel/golang/golang.html#grpc","title":"gRPC \u589e\u5f3a","text":"\u540c\u6837\uff0cOpenTelemetry \u4e5f\u53ef\u4ee5\u5e2e\u52a9\u60a8\u81ea\u52a8\u68c0\u6d4b gRPC \u8bf7\u6c42\u3002\u8981\u68c0\u6d4b\u60a8\u62e5\u6709\u7684\u4efb\u4f55 gRPC \u670d\u52a1\u5668\uff0c\u8bf7\u5c06\u62e6\u622a\u5668\u6dfb\u52a0\u5230\u670d\u52a1\u5668\u7684\u5b9e\u4f8b\u5316\u4e2d\u3002
import (\n grpcotel \"go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc\"\n)\nfunc main() {\n [...]\n\n s := grpc.NewServer(\n grpc.UnaryInterceptor(grpcotel.UnaryServerInterceptor()),\n grpc.StreamInterceptor(grpcotel.StreamServerInterceptor()),\n )\n}\n
\u9700\u8981\u6ce8\u610f\u7684\u662f\uff0c\u5982\u679c\u4f60\u7684\u7a0b\u5e8f\u91cc\u9762\u4f7f\u7528\u5230\u4e86 Grpc Client \u8c03\u7528\u7b2c\u4e09\u65b9\u670d\u52a1\uff0c\u4f60\u8fd8\u9700\u8981\u5bf9 Grpc Client \u6dfb\u52a0\u62e6\u622a\u5668\uff1a
[...]\n\n conn, err := grpc.Dial(addr, grpc.WithTransportCredentials(insecure.NewCredentials()),\n grpc.WithUnaryInterceptor(otelgrpc.UnaryClientInterceptor()),\n grpc.WithStreamInterceptor(otelgrpc.StreamClientInterceptor()),\n )\n
"},{"location":"end-user/insight/quickstart/otel/golang/golang.html#_4","title":"\u5982\u679c\u4e0d\u4f7f\u7528\u8bf7\u6c42\u8def\u7531","text":"import (\n \"go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp\"\n)\n
\u5728\u5c06 http.Handler \u4f20\u9012\u7ed9 ServeMux \u7684\u6bcf\u4e2a\u5730\u65b9\uff0c\u60a8\u90fd\u5c06\u5305\u88c5\u5904\u7406\u7a0b\u5e8f\u51fd\u6570\u3002\u4f8b\u5982\uff0c\u5c06\u8fdb\u884c\u4ee5\u4e0b\u66ff\u6362\uff1a
- mux.Handle(\"/path\", h)\n+ mux.Handle(\"/path\", otelhttp.NewHandler(h, \"description of path\"))\n---\n- mux.Handle(\"/path\", http.HandlerFunc(f))\n+ mux.Handle(\"/path\", otelhttp.NewHandler(http.HandlerFunc(f), \"description of path\"))\n
\u901a\u8fc7\u8fd9\u79cd\u65b9\u5f0f\uff0c\u60a8\u53ef\u4ee5\u786e\u4fdd\u4f7f\u7528 othttp \u5305\u88c5\u7684\u6bcf\u4e2a\u51fd\u6570\u90fd\u4f1a\u81ea\u52a8\u6536\u96c6\u5176\u5143\u6570\u636e\u5e76\u542f\u52a8\u76f8\u5e94\u7684\u8ddf\u8e2a\u3002
"},{"location":"end-user/insight/quickstart/otel/golang/golang.html#_5","title":"\u6570\u636e\u5e93\u8bbf\u95ee\u589e\u5f3a","text":""},{"location":"end-user/insight/quickstart/otel/golang/golang.html#golang-gorm","title":"Golang Gorm","text":"OpenTelemetry \u793e\u533a\u4e5f\u5f00\u53d1\u4e86\u6570\u636e\u5e93\u8bbf\u95ee\u5e93\u7684\u4e2d\u95f4\u4ef6\uff0c\u6bd4\u5982 Gorm:
import (\n \"github.com/uptrace/opentelemetry-go-extra/otelgorm\"\n \"gorm.io/driver/sqlite\"\n \"gorm.io/gorm\"\n)\n\ndb, err := gorm.Open(sqlite.Open(\"file::memory:?cache=shared\"), &gorm.Config{})\nif err != nil {\n panic(err)\n}\n\notelPlugin := otelgorm.NewPlugin(otelgorm.WithDBName(\"mydb\"), # \u7f3a\u5931\u4f1a\u5bfc\u81f4\u6570\u636e\u5e93\u76f8\u5173\u62d3\u6251\u5c55\u793a\u4e0d\u5b8c\u6574\n otelgorm.WithAttributes(semconv.ServerAddress(\"memory\"))) # \u7f3a\u5931\u4f1a\u5bfc\u81f4\u6570\u636e\u5e93\u76f8\u5173\u62d3\u6251\u5c55\u793a\u4e0d\u5b8c\u6574\nif err := db.Use(otelPlugin); err != nil {\n panic(err)\n}\n
"},{"location":"end-user/insight/quickstart/otel/golang/golang.html#span","title":"\u81ea\u5b9a\u4e49 Span","text":"\u5f88\u591a\u65f6\u5019\uff0cOpenTelemetry \u63d0\u4f9b\u7684\u4e2d\u95f4\u4ef6\u4e0d\u80fd\u5e2e\u52a9\u6211\u4eec\u8bb0\u5f55\u66f4\u591a\u5185\u90e8\u8c03\u7528\u7684\u51fd\u6570\uff0c\u9700\u8981\u6211\u4eec\u81ea\u5b9a\u4e49 Span \u6765\u8bb0\u5f55
\u00b7\u00b7\u00b7\u00b7\u00b7\u00b7\n _, span := otel.Tracer(\"GetServiceDetail\").Start(ctx,\n \"spanMetricDao.GetServiceDetail\",\n trace.WithSpanKind(trace.SpanKindInternal))\n defer span.End()\n \u00b7\u00b7\u00b7\u00b7\u00b7\u00b7\n
"},{"location":"end-user/insight/quickstart/otel/golang/golang.html#span_1","title":"\u5411 span \u6dfb\u52a0\u81ea\u5b9a\u4e49\u5c5e\u6027\u548c\u4e8b\u4ef6","text":"\u4e5f\u53ef\u4ee5\u5c06\u81ea\u5b9a\u4e49\u5c5e\u6027\u6216\u6807\u7b7e\u8bbe\u7f6e\u4e3a Span\u3002\u8981\u6dfb\u52a0\u81ea\u5b9a\u4e49\u5c5e\u6027\u548c\u4e8b\u4ef6\uff0c\u8bf7\u6309\u7167\u4ee5\u4e0b\u6b65\u9aa4\u64cd\u4f5c\uff1a
"},{"location":"end-user/insight/quickstart/otel/golang/golang.html#_6","title":"\u5bfc\u5165\u8ddf\u8e2a\u548c\u5c5e\u6027\u5e93","text":"import (\n ...\n \"go.opentelemetry.io/otel/attribute\"\n \"go.opentelemetry.io/otel/trace\"\n)\n
"},{"location":"end-user/insight/quickstart/otel/golang/golang.html#span_2","title":"\u4ece\u4e0a\u4e0b\u6587\u4e2d\u83b7\u53d6\u5f53\u524d Span","text":"span := trace.SpanFromContext(c.Request.Context())\n
"},{"location":"end-user/insight/quickstart/otel/golang/golang.html#span_3","title":"\u5728\u5f53\u524d Span \u4e2d\u8bbe\u7f6e\u5c5e\u6027","text":"span.SetAttributes(attribute.String(\"controller\", \"books\"))\n
"},{"location":"end-user/insight/quickstart/otel/golang/golang.html#span-event","title":"\u4e3a\u5f53\u524d Span \u6dfb\u52a0 Event","text":"\u6dfb\u52a0 span \u4e8b\u4ef6\u662f\u4f7f\u7528 span \u5bf9\u8c61\u4e0a\u7684 AddEvent \u5b8c\u6210\u7684\u3002
span.AddEvent(msg)\n
"},{"location":"end-user/insight/quickstart/otel/golang/golang.html#_7","title":"\u8bb0\u5f55\u9519\u8bef\u548c\u5f02\u5e38","text":"import \"go.opentelemetry.io/otel/codes\"\n\n// \u83b7\u53d6\u5f53\u524d span\nspan := trace.SpanFromContext(ctx)\n\n// RecordError \u4f1a\u81ea\u52a8\u5c06\u4e00\u4e2a\u9519\u8bef\u8f6c\u6362\u6210 span even\nspan.RecordError(err)\n\n// \u6807\u8bb0\u8fd9\u4e2a span \u9519\u8bef\nspan.SetStatus(codes.Error, \"internal error\")\n
"},{"location":"end-user/insight/quickstart/otel/golang/golang.html#_8","title":"\u53c2\u8003","text":"\u6709\u5173 Demo \u6f14\u793a\u8bf7\u53c2\u8003\uff1a - opentelemetry-demo/productcatalogservice - opentelemetry-collector-contrib/demo
"},{"location":"end-user/insight/quickstart/otel/golang/meter.html","title":"\u4f7f\u7528 OTel SDK \u4e3a\u5e94\u7528\u7a0b\u5e8f\u66b4\u9732\u6307\u6807","text":"\u672c\u6587\u4ec5\u4f9b\u5e0c\u671b\u8bc4\u4f30\u6216\u63a2\u7d22\u6b63\u5728\u5f00\u53d1\u7684 OTLP \u6307\u6807\u7684\u7528\u6237\u53c2\u8003\u3002
OpenTelemetry \u9879\u76ee\u8981\u6c42\u4ee5\u5fc5\u987b\u5728 OpenTelemetry \u534f\u8bae (OTLP) \u4e2d\u53d1\u51fa\u6570\u636e\u7684\u8bed\u8a00\u63d0\u4f9b API \u548c SDK\u3002
"},{"location":"end-user/insight/quickstart/otel/golang/meter.html#golang","title":"\u9488\u5bf9 Golang \u5e94\u7528\u7a0b\u5e8f","text":"Golang \u53ef\u4ee5\u901a\u8fc7 sdk \u66b4\u9732 runtime \u6307\u6807\uff0c\u5177\u4f53\u6765\u8bf4\uff0c\u5728\u5e94\u7528\u4e2d\u6dfb\u52a0\u4ee5\u4e0b\u65b9\u6cd5\u5f00\u542f metrics \u66b4\u9732\u5668\uff1a
"},{"location":"end-user/insight/quickstart/otel/golang/meter.html#_1","title":"\u5b89\u88c5\u76f8\u5173\u4f9d\u8d56","text":"\u5207\u6362/\u8fdb\u5165\u5230\u5e94\u7528\u7a0b\u5e8f\u6e90\u6587\u4ef6\u5939\u540e\u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a
go get go.opentelemetry.io/otel \\\n go.opentelemetry.io/otel/attribute \\\n go.opentelemetry.io/otel/exporters/prometheus \\\n go.opentelemetry.io/otel/metric/global \\\n go.opentelemetry.io/otel/metric/instrument \\\n go.opentelemetry.io/otel/sdk/metric\n
"},{"location":"end-user/insight/quickstart/otel/golang/meter.html#otel-sdk_1","title":"\u4f7f\u7528 OTel SDK \u521b\u5efa\u521d\u59cb\u5316\u51fd\u6570","text":"import (\n .....\n\n \"go.opentelemetry.io/otel/attribute\"\n otelPrometheus \"go.opentelemetry.io/otel/exporters/prometheus\"\n \"go.opentelemetry.io/otel/metric/global\"\n \"go.opentelemetry.io/otel/metric/instrument\"\n \"go.opentelemetry.io/otel/sdk/metric/aggregator/histogram\"\n controller \"go.opentelemetry.io/otel/sdk/metric/controller/basic\"\n \"go.opentelemetry.io/otel/sdk/metric/export/aggregation\"\n processor \"go.opentelemetry.io/otel/sdk/metric/processor/basic\"\n selector \"go.opentelemetry.io/otel/sdk/metric/selector/simple\"\n)\nfunc (s *insightServer) initMeter() *otelPrometheus.Exporter {\n s.meter = global.Meter(\"xxx\")\n\n config := otelPrometheus.Config{\n DefaultHistogramBoundaries: []float64{1, 2, 5, 10, 20, 50},\n Gatherer: prometheus.DefaultGatherer,\n Registry: prometheus.NewRegistry(),\n Registerer: prometheus.DefaultRegisterer,\n }\n\n c := controller.New(\n processor.NewFactory(\n selector.NewWithHistogramDistribution(\n histogram.WithExplicitBoundaries(config.DefaultHistogramBoundaries),\n ),\n aggregation.CumulativeTemporalitySelector(),\n processor.WithMemory(true),\n ),\n )\n\n exporter, err := otelPrometheus.New(config, c)\n if err != nil {\n zap.S().Panicf(\"failed to initialize prometheus exporter %v\", err)\n }\n\n global.SetMeterProvider(exporter.MeterProvider())\n\n http.HandleFunc(\"/metrics\", exporter.ServeHTTP)\n\n go func() {\n _ = http.ListenAndServe(fmt.Sprintf(\":%d\", 8888), nil)\n }()\n\n zap.S().Info(\"Prometheus server running on \", fmt.Sprintf(\":%d\", port))\n return exporter\n}\n
\u4ee5\u4e0a\u65b9\u6cd5\u4f1a\u4e3a\u60a8\u7684\u5e94\u7528\u66b4\u9732\u4e00\u4e2a\u6307\u6807\u63a5\u53e3: http://localhost:8888/metrics
\u968f\u540e\uff0c\u5728 main.go \u4e2d\u5bf9\u5176\u8fdb\u884c\u521d\u59cb\u5316\uff1a
func main() {\n\u00b7\u00b7\u00b7\u00b7\u00b7\u00b7\n tp := initMeter()\n\u00b7\u00b7\u00b7\u00b7\u00b7\u00b7\n}\n
\u6b64\u5916\uff0c\u5982\u679c\u60f3\u6dfb\u52a0\u81ea\u5b9a\u4e49\u6307\u6807\uff0c\u53ef\u4ee5\u53c2\u8003\uff1a
// exposeClusterMetric expose metric like \"insight_logging_count{} 1\"\nfunc (s *insightServer) exposeLoggingMetric(lserver *log.LogService) {\n s.meter = global.Meter(\"insight.io/basic\")\n\n var lock sync.Mutex\n logCounter, err := s.meter.AsyncFloat64().Counter(\"insight_log_total\")\n if err != nil {\n zap.S().Panicf(\"failed to initialize instrument: %v\", err)\n }\n\n _ = s.meter.RegisterCallback([]instrument.Asynchronous{logCounter}, func(ctx context.Context) {\n lock.Lock()\n defer lock.Unlock()\n count, err := lserver.Count(ctx)\n if err == nil || count != -1 {\n logCounter.Observe(ctx, float64(count))\n }\n })\n}\n
\u968f\u540e\uff0c\u5728 main.go \u8c03\u7528\u8be5\u65b9\u6cd5\uff1a
\u00b7\u00b7\u00b7\u00b7\u00b7\u00b7\ns.exposeLoggingMetric(lservice)\n\u00b7\u00b7\u00b7\u00b7\u00b7\u00b7\n
\u60a8\u53ef\u4ee5\u901a\u8fc7\u8bbf\u95ee http://localhost:8888/metrics \u6765\u68c0\u67e5\u60a8\u7684\u6307\u6807\u662f\u5426\u6b63\u5e38\u5de5\u4f5c\u3002
"},{"location":"end-user/insight/quickstart/otel/golang/meter.html#java","title":"\u9488\u5bf9 Java \u5e94\u7528\u7a0b\u5e8f","text":"Java \u5728\u4f7f\u7528 otel agent \u5728\u5b8c\u6210\u94fe\u8def\u7684\u81ea\u52a8\u63a5\u5165\u7684\u57fa\u7840\u4e0a\uff0c\u901a\u8fc7\u6dfb\u52a0\u73af\u5883\u53d8\u91cf\uff1a
OTEL_METRICS_EXPORTER=prometheus\n
\u5c31\u53ef\u4ee5\u76f4\u63a5\u66b4\u9732 JVM \u76f8\u5173\u6307\u6807\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7\u8bbf\u95ee http://localhost:8888/metrics \u6765\u68c0\u67e5\u60a8\u7684\u6307\u6807\u662f\u5426\u6b63\u5e38\u5de5\u4f5c\u3002
\u968f\u540e\uff0c\u518d\u914d\u5408 prometheus serviceMonitor \u5373\u53ef\u5b8c\u6210\u6307\u6807\u7684\u63a5\u5165\u3002 \u5982\u679c\u60f3\u66b4\u9732\u81ea\u5b9a\u4e49\u6307\u6807\u8bf7\u53c2\u9605 opentelemetry-java-docs/prometheus\u3002
\u4e3b\u8981\u5206\u4ee5\u4e0b\u4e24\u6b65\uff1a
\u521b\u5efa meter provider\uff0c\u5e76\u6307\u5b9a prometheus \u4f5c\u4e3a exporter\u3002
/*\n* Copyright The OpenTelemetry Authors\n* SPDX-License-Identifier: Apache-2.0\n*/\n\npackage io.opentelemetry.example.prometheus;\n\nimport io.opentelemetry.api.metrics.MeterProvider;\nimport io.opentelemetry.exporter.prometheus.PrometheusHttpServer;\nimport io.opentelemetry.sdk.metrics.SdkMeterProvider;\nimport io.opentelemetry.sdk.metrics.export.MetricReader;\n\npublic final class ExampleConfiguration {\n\n /**\n * Initializes the Meter SDK and configures the prometheus collector with all default settings.\n *\n * @param prometheusPort the port to open up for scraping.\n * @return A MeterProvider for use in instrumentation.\n */\n static MeterProvider initializeOpenTelemetry(int prometheusPort) {\n MetricReader prometheusReader = PrometheusHttpServer.builder().setPort(prometheusPort).build();\n\n return SdkMeterProvider.builder().registerMetricReader(prometheusReader).build();\n }\n}\n
\u81ea\u5b9a\u4e49 meter \u5e76\u5f00\u542f http server
package io.opentelemetry.example.prometheus;\n\nimport io.opentelemetry.api.common.Attributes;\nimport io.opentelemetry.api.metrics.Meter;\nimport io.opentelemetry.api.metrics.MeterProvider;\nimport java.util.concurrent.ThreadLocalRandom;\n\n/**\n* Example of using the PrometheusHttpServer to convert OTel metrics to Prometheus format and expose\n* these to a Prometheus instance via a HttpServer exporter.\n*\n* <p>A Gauge is used to periodically measure how many incoming messages are awaiting processing.\n* The Gauge callback gets executed every collection interval.\n*/\npublic final class PrometheusExample {\n private long incomingMessageCount;\n\n public PrometheusExample(MeterProvider meterProvider) {\n Meter meter = meterProvider.get(\"PrometheusExample\");\n meter\n .gaugeBuilder(\"incoming.messages\")\n .setDescription(\"No of incoming messages awaiting processing\")\n .setUnit(\"message\")\n .buildWithCallback(result -> result.record(incomingMessageCount, Attributes.empty()));\n }\n\n void simulate() {\n for (int i = 500; i > 0; i--) {\n try {\n System.out.println(\n i + \" Iterations to go, current incomingMessageCount is: \" + incomingMessageCount);\n incomingMessageCount = ThreadLocalRandom.current().nextLong(100);\n Thread.sleep(1000);\n } catch (InterruptedException e) {\n // ignored here\n }\n }\n }\n\n public static void main(String[] args) {\n int prometheusPort = 8888;\n\n // it is important to initialize the OpenTelemetry SDK as early as possible in your process.\n MeterProvider meterProvider = ExampleConfiguration.initializeOpenTelemetry(prometheusPort);\n\n PrometheusExample prometheusExample = new PrometheusExample(meterProvider);\n\n prometheusExample.simulate();\n\n System.out.println(\"Exiting\");\n }\n}\n
\u968f\u540e\uff0c\u5f85 java \u5e94\u7528\u7a0b\u5e8f\u8fd0\u884c\u4e4b\u540e\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7\u8bbf\u95ee http://localhost:8888/metrics \u6765\u68c0\u67e5\u60a8\u7684\u6307\u6807\u662f\u5426\u6b63\u5e38\u5de5\u4f5c\u3002
"},{"location":"end-user/insight/quickstart/otel/golang/meter.html#insight","title":"Insight \u91c7\u96c6\u6307\u6807","text":"\u6700\u540e\u91cd\u8981\u7684\u662f\uff0c\u60a8\u5df2\u7ecf\u5728\u5e94\u7528\u7a0b\u5e8f\u4e2d\u66b4\u9732\u51fa\u4e86\u6307\u6807\uff0c\u73b0\u5728\u9700\u8981 Insight \u6765\u91c7\u96c6\u6307\u6807\u3002
\u63a8\u8350\u7684\u6307\u6807\u66b4\u9732\u65b9\u5f0f\u662f\u901a\u8fc7 servicemonitor \u6216\u8005 podmonitor\u3002
"},{"location":"end-user/insight/quickstart/otel/golang/meter.html#servicemonitorpodmonitor","title":"\u521b\u5efa servicemonitor/podmonitor","text":"\u6dfb\u52a0\u7684 servicemonitor/podmonitor \u9700\u8981\u6253\u4e0a label\uff1a\"operator.insight.io/managed-by\": \"insight\" \u624d\u4f1a\u88ab Operator \u8bc6\u522b\uff1a
apiVersion: monitoring.coreos.com/v1\nkind: ServiceMonitor\nmetadata:\n name: example-app\n labels:\n operator.insight.io/managed-by: insight\nspec:\n selector:\n matchLabels:\n app: example-app\n endpoints:\n - port: web\n namespaceSelector:\n any: true\n
"},{"location":"end-user/insight/quickstart/otel/java/index.html","title":"\u5f00\u59cb\u76d1\u63a7 Java \u5e94\u7528","text":"Java \u5e94\u7528\u94fe\u8def\u63a5\u5165\u4e0e\u76d1\u63a7\u8bf7\u53c2\u8003\u901a\u8fc7 Operator \u5b9e\u73b0\u5e94\u7528\u7a0b\u5e8f\u65e0\u4fb5\u5165\u589e\u5f3a \u6587\u6863\uff0c\u901a\u8fc7\u6ce8\u89e3\u5b9e\u73b0\u81ea\u52a8\u63a5\u5165\u94fe\u8def\u3002
Java \u5e94\u7528\u7684 JVM \u8fdb\u884c\u76d1\u63a7\uff1a\u5df2\u7ecf\u66b4\u9732 JVM \u6307\u6807\u548c\u4ecd\u672a\u66b4\u9732 JVM \u6307\u6807\u7684 Java \u5e94\u7528\u5982\u4f55\u4e0e\u53ef\u89c2\u6d4b\u6027 Insight \u5bf9\u63a5\u3002
\u5982\u679c\u60a8\u7684 Java \u5e94\u7528\u672a\u5f00\u59cb\u66b4\u9732 JVM \u6307\u6807\uff0c\u60a8\u53ef\u4ee5\u53c2\u8003\u5982\u4e0b\u6587\u6863\uff1a
\u5982\u679c\u60a8\u7684 Java \u5e94\u7528\u5df2\u7ecf\u66b4\u9732 JVM \u6307\u6807\uff0c\u60a8\u53ef\u4ee5\u53c2\u8003\u5982\u4e0b\u6587\u6863\uff1a
\u5c06 TraceId \u548c SpanId \u5199\u5165 Java \u5e94\u7528\u65e5\u5fd7, \u5b9e\u73b0\u94fe\u8def\u6570\u636e\u4e0e\u65e5\u5fd7\u6570\u636e\u5173\u8054
\u672c\u6587\u4ecb\u7ecd\u5982\u4f55\u4f7f\u7528 OpenTelemetry \u5c06 TraceId \u548c SpanId \u81ea\u52a8\u5199\u5165 Java \u5e94\u7528\u65e5\u5fd7\u3002 TraceId \u4e0e SpanId \u5199\u5165\u65e5\u5fd7\u540e\uff0c\u60a8\u53ef\u4ee5\u5c06\u5206\u5e03\u5f0f\u94fe\u8def\u6570\u636e\u4e0e\u65e5\u5fd7\u6570\u636e\u5173\u8054\u8d77\u6765\uff0c\u5b9e\u73b0\u66f4\u9ad8\u6548\u7684\u6545\u969c\u8bca\u65ad\u548c\u6027\u80fd\u5206\u6790\u3002
"},{"location":"end-user/insight/quickstart/otel/java/mdc.html#_1","title":"\u652f\u6301\u7684\u65e5\u5fd7\u5e93","text":"\u66f4\u591a\u4fe1\u606f\uff0c\u8bf7\u53c2\u89c1 Logger MDC auto-instrumentation\u3002
\u65e5\u5fd7\u6846\u67b6 \u652f\u6301\u81ea\u52a8\u57cb\u70b9\u7684\u7248\u672c \u624b\u52a8\u57cb\u70b9\u9700\u8981\u5f15\u5165\u7684\u4f9d\u8d56 Log4j 1 1.2+ \u65e0 Log4j 2 2.7+ opentelemetry-log4j-context-data-2.17-autoconfigure Logback 1.0+ opentelemetry-logback-mdc-1.0"},{"location":"end-user/insight/quickstart/otel/java/mdc.html#logbackspringboot","title":"\u4f7f\u7528 Logback\uff08SpringBoot \u9879\u76ee\uff09","text":"Spring Boot \u9879\u76ee\u5185\u7f6e\u4e86\u65e5\u5fd7\u6846\u67b6\uff0c\u5e76\u4e14\u9ed8\u8ba4\u4f7f\u7528 Logback \u4f5c\u4e3a\u5176\u65e5\u5fd7\u5b9e\u73b0\u3002\u5982\u679c\u60a8\u7684 Java \u9879\u76ee\u4e3a SpringBoot \u9879\u76ee\uff0c\u53ea\u9700\u5c11\u91cf\u914d\u7f6e\u5373\u53ef\u5c06 TraceId \u5199\u5165\u65e5\u5fd7\u3002
\u5728 application.properties
\u4e2d\u8bbe\u7f6e logging.pattern.level
\uff0c\u6dfb\u52a0 %mdc{trace_id}
\u4e0e %mdc{span_id}
\u5230\u65e5\u5fd7\u4e2d\u3002
logging.pattern.level=trace_id=%mdc{trace_id} span_id=%mdc{span_id} %5p ....\u7701\u7565...\n
\u4ee5\u4e0b\u4e3a\u65e5\u5fd7\u793a\u4f8b\uff1a
2024-06-26 10:56:31.200 trace_id=8f7ebd8a73f9a8f50e6a00a87a20952a span_id=1b08f18b8858bb9a INFO 53724 --- [nio-8081-exec-1] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring DispatcherServlet 'dispatcherServlet'\n2024-06-26 10:56:31.201 trace_id=8f7ebd8a73f9a8f50e6a00a87a20952a span_id=1b08f18b8858bb9a INFO 53724 --- [nio-8081-exec-1] o.s.web.servlet.DispatcherServlet : Initializing Servlet 'dispatcherServlet'\n2024-06-26 10:56:31.209 trace_id=8f7ebd8a73f9a8f50e6a00a87a20952a span_id=1b08f18b8858bb9a INFO 53724 --- [nio-8081-exec-1] o.s.web.servlet.DispatcherServlet : Completed initialization in 8 ms\n2024-06-26 10:56:31.296 trace_id=8f7ebd8a73f9a8f50e6a00a87a20952a span_id=5743699405074f4e INFO 53724 --- [nio-8081-exec-1] com.example.httpserver.ot.OTServer : hello world\n
"},{"location":"end-user/insight/quickstart/otel/java/mdc.html#log4j2","title":"\u4f7f\u7528 Log4j2","text":"\u5728 pom.xml
\u4e2d\u6dfb\u52a0 OpenTelemetry Log4j2
\u4f9d\u8d56:
Tip
\u8bf7\u5c06 OPENTELEMETRY_VERSION
\u66ff\u6362\u4e3a\u6700\u65b0\u7248\u672c
<dependencies>\n <dependency>\n <groupId>io.opentelemetry.instrumentation</groupId>\n <artifactId>opentelemetry-log4j-context-data-2.17-autoconfigure</artifactId>\n <version>OPENTELEMETRY_VERSION</version>\n <scope>runtime</scope>\n </dependency>\n</dependencies>\n
\u4fee\u6539 log4j2.xml
\u914d\u7f6e\uff0c\u5728 pattern
\u4e2d\u6dfb\u52a0 %X{trace_id}
\u4e0e %X{span_id}
\uff0c\u53ef\u4ee5\u5c06 TraceId
\u4e0e SpanId
\u81ea\u52a8\u5199\u5165\u65e5\u5fd7:
<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<Configuration>\n <Appenders>\n <Console name=\"Console\" target=\"SYSTEM_OUT\">\n <PatternLayout\n pattern=\"%d{HH:mm:ss.SSS} [%t] %-5level %logger{36} trace_id=%X{trace_id} span_id=%X{span_id} trace_flags=%X{trace_flags} - %msg%n\"/>\n </Console>\n </Appenders>\n <Loggers>\n <Root>\n <AppenderRef ref=\"Console\" level=\"All\"/>\n </Root>\n </Loggers>\n</Configuration>\n
\u4f7f\u7528 Logback \u5728 pom.xml
\u4e2d\u6dfb\u52a0 OpenTelemetry Logback
\u4f9d\u8d56\u3002
Tip
\u8bf7\u5c06 OPENTELEMETRY_VERSION
\u66ff\u6362\u4e3a\u6700\u65b0\u7248\u672c
<dependencies>\n <dependency>\n <groupId>io.opentelemetry.instrumentation</groupId>\n <artifactId>opentelemetry-logback-mdc-1.0</artifactId>\n <version>OPENTELEMETRY_VERSION</version>\n </dependency>\n</dependencies>\n
\u4fee\u6539 log4j2.xml
\u914d\u7f6e\uff0c\u5728 pattern
\u4e2d\u6dfb\u52a0 %X{trace_id}
\u4e0e %X{span_id}
\uff0c\u53ef\u4ee5\u5c06 TraceId
\u4e0e SpanId
\u81ea\u52a8\u5199\u5165\u65e5\u5fd7:
<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<configuration>\n <appender name=\"CONSOLE\" class=\"ch.qos.logback.core.ConsoleAppender\">\n <encoder>\n <pattern>%d{HH:mm:ss.SSS} trace_id=%X{trace_id} span_id=%X{span_id} trace_flags=%X{trace_flags} %msg%n</pattern>\n </encoder>\n </appender>\n\n <!-- Just wrap your logging appender, for example ConsoleAppender, with OpenTelemetryAppender -->\n <appender name=\"OTEL\" class=\"io.opentelemetry.instrumentation.logback.mdc.v1_0.OpenTelemetryAppender\">\n <appender-ref ref=\"CONSOLE\"/>\n </appender>\n\n <!-- Use the wrapped \"OTEL\" appender instead of the original \"CONSOLE\" one -->\n <root level=\"INFO\">\n <appender-ref ref=\"OTEL\"/>\n </root>\n\n</configuration>\n
JMX-Exporter \u63d0\u4f9b\u4e86\u4e24\u79cd\u7528\u6cd5:
Note
\u5b98\u65b9\u4e0d\u63a8\u8350\u4f7f\u7528\u7b2c\u4e00\u79cd\u65b9\u5f0f\uff0c\u4e00\u65b9\u9762\u914d\u7f6e\u590d\u6742\uff0c\u53e6\u4e00\u65b9\u9762\u56e0\u4e3a\u5b83\u9700\u8981\u4e00\u4e2a\u5355\u72ec\u7684\u8fdb\u7a0b\uff0c\u800c\u8fd9\u4e2a\u8fdb\u7a0b\u672c\u8eab\u7684\u76d1\u63a7\u53c8\u6210\u4e86\u65b0\u7684\u95ee\u9898\uff0c \u6240\u4ee5\u672c\u6587\u91cd\u70b9\u56f4\u7ed5\u7b2c\u4e8c\u79cd\u7528\u6cd5\u8bb2\u5982\u4f55\u5728 Kubernetes \u73af\u5883\u4e0b\u4f7f\u7528 JMX Exporter \u66b4\u9732 JVM \u76d1\u63a7\u6307\u6807\u3002
\u8fd9\u91cc\u4f7f\u7528\u7b2c\u4e8c\u79cd\u7528\u6cd5\uff0c\u542f\u52a8 JVM \u65f6\u9700\u8981\u6307\u5b9a JMX Exporter \u7684 jar \u5305\u6587\u4ef6\u548c\u914d\u7f6e\u6587\u4ef6\u3002 jar \u5305\u662f\u4e8c\u8fdb\u5236\u6587\u4ef6\uff0c\u4e0d\u597d\u901a\u8fc7 configmap \u6302\u8f7d\uff0c\u914d\u7f6e\u6587\u4ef6\u6211\u4eec\u51e0\u4e4e\u4e0d\u9700\u8981\u4fee\u6539\uff0c \u6240\u4ee5\u5efa\u8bae\u662f\u76f4\u63a5\u5c06 JMX Exporter \u7684 jar \u5305\u548c\u914d\u7f6e\u6587\u4ef6\u90fd\u6253\u5305\u5230\u4e1a\u52a1\u5bb9\u5668\u955c\u50cf\u4e2d\u3002
\u5176\u4e2d\uff0c\u7b2c\u4e8c\u79cd\u65b9\u5f0f\u6211\u4eec\u53ef\u4ee5\u9009\u62e9\u5c06 JMX Exporter \u7684 jar \u6587\u4ef6\u653e\u5728\u4e1a\u52a1\u5e94\u7528\u955c\u50cf\u4e2d\uff0c \u4e5f\u53ef\u4ee5\u9009\u62e9\u5728\u90e8\u7f72\u7684\u65f6\u5019\u6302\u8f7d\u8fdb\u53bb\u3002\u8fd9\u91cc\u5206\u522b\u5bf9\u4e24\u79cd\u65b9\u5f0f\u505a\u4e00\u4e2a\u4ecb\u7ecd\uff1a
"},{"location":"end-user/insight/quickstart/otel/java/jvm-monitor/jmx-exporter.html#jmx-exporter-jar","title":"\u65b9\u5f0f\u4e00\uff1a\u5c06 JMX Exporter JAR \u6587\u4ef6\u6784\u5efa\u81f3\u4e1a\u52a1\u955c\u50cf\u4e2d","text":"prometheus-jmx-config.yaml \u5185\u5bb9\u5982\u4e0b\uff1a
prometheus-jmx-config.yaml...\nssl: false\nlowercaseOutputName: false\nlowercaseOutputLabelNames: false\nrules:\n- pattern: \".*\"\n
Note
\u66f4\u591a\u914d\u7f6e\u9879\u8bf7\u53c2\u8003\u5e95\u90e8\u4ecb\u7ecd\u6216Prometheus \u5b98\u65b9\u6587\u6863\u3002
\u7136\u540e\u51c6\u5907 jar \u5305\u6587\u4ef6\uff0c\u53ef\u4ee5\u5728 jmx_exporter \u7684 Github \u9875\u9762\u627e\u5230\u6700\u65b0\u7684 jar \u5305\u4e0b\u8f7d\u5730\u5740\u5e76\u53c2\u8003\u5982\u4e0b Dockerfile:
FROM openjdk:11.0.15-jre\nWORKDIR /app/\nCOPY target/my-app.jar ./\nCOPY prometheus-jmx-config.yaml ./\nRUN set -ex; \\\n curl -L -O https://repo1.maven.org/maven2/io/prometheus/jmx/jmx_prometheus_javaagent/0.17.2/jmx_prometheus_javaagent-0.17.2.jar;\nENV JAVA_TOOL_OPTIONS=-javaagent:/app/jmx_prometheus_javaagent-0.17.2.jar=8088:/app/prometheus-jmx-config.yaml\nEXPOSE 8081 8999 8080 8888\nENTRYPOINT java $JAVA_OPTS -jar my-app.jar\n
\u6ce8\u610f\uff1a
\u6211\u4eec\u9700\u8981\u5148\u5c06 JMX exporter \u505a\u6210 Docker \u955c\u50cf, \u4ee5\u4e0b Dockerfile \u4ec5\u4f9b\u53c2\u8003\uff1a
FROM alpine/curl:3.14\nWORKDIR /app/\n# \u5c06\u524d\u9762\u521b\u5efa\u7684 config \u6587\u4ef6\u62f7\u8d1d\u81f3\u955c\u50cf\nCOPY prometheus-jmx-config.yaml ./\n# \u5728\u7ebf\u4e0b\u8f7d jmx prometheus javaagent jar\nRUN set -ex; \\\n curl -L -O https://repo1.maven.org/maven2/io/prometheus/jmx/jmx_prometheus_javaagent/0.17.2/jmx_prometheus_javaagent-0.17.2.jar;\n
\u6839\u636e\u4e0a\u9762 Dockerfile \u6784\u5efa\u955c\u50cf\uff1a docker build -t my-jmx-exporter .
\u5728 Java \u5e94\u7528\u90e8\u7f72 Yaml \u4e2d\u52a0\u5165\u5982\u4e0b init container\uff1a
\u70b9\u51fb\u5c55\u5f00 YAML \u6587\u4ef6apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: my-demo-app\n labels:\n app: my-demo-app\nspec:\n selector:\n matchLabels:\n app: my-demo-app\n template:\n metadata:\n labels:\n app: my-demo-app\n spec:\n imagePullSecrets:\n - name: registry-pull\n initContainers:\n - name: jmx-sidecar\n image: my-jmx-exporter\n command: [\"cp\", \"-r\", \"/app/jmx_prometheus_javaagent-0.17.2.jar\", \"/target/jmx_prometheus_javaagent-0.17.2.jar\"] \u278a\n volumeMounts:\n - name: sidecar\n mountPath: /target\n containers:\n - image: my-demo-app-image\n name: my-demo-app\n resources:\n requests:\n memory: \"1000Mi\"\n cpu: \"500m\"\n limits:\n memory: \"1000Mi\"\n cpu: \"500m\"\n ports:\n - containerPort: 18083\n env:\n - name: JAVA_TOOL_OPTIONS\n value: \"-javaagent:/app/jmx_prometheus_javaagent-0.17.2.jar=8088:/app/prometheus-jmx-config.yaml\" \u278b\n volumeMounts:\n - name: host-time\n mountPath: /etc/localtime\n readOnly: true\n - name: sidecar\n mountPath: /sidecar\n volumes:\n - name: host-time\n hostPath:\n path: /etc/localtime\n - name: sidecar #\u5171\u4eab agent \u6587\u4ef6\u5939\n emptyDir: {}\n restartPolicy: Always\n
\u7ecf\u8fc7\u5982\u4e0a\u7684\u6539\u9020\u4e4b\u540e\uff0c\u793a\u4f8b\u5e94\u7528 my-demo-app \u5177\u5907\u4e86\u66b4\u9732 JVM \u6307\u6807\u7684\u80fd\u529b\u3002 \u8fd0\u884c\u670d\u52a1\u4e4b\u540e\uff0c\u6211\u4eec\u53ef\u4ee5\u901a\u8fc7 http://lcoalhost:8088
\u8bbf\u95ee\u670d\u52a1\u66b4\u9732\u51fa\u6765\u7684 prometheus \u683c\u5f0f\u7684\u6307\u6807\u3002
\u63a5\u7740\uff0c\u60a8\u53ef\u4ee5\u53c2\u8003 \u5df2\u6709 JVM \u6307\u6807\u7684 Java \u5e94\u7528\u5bf9\u63a5\u53ef\u89c2\u6d4b\u6027\u3002
"},{"location":"end-user/insight/quickstart/otel/java/jvm-monitor/legacy-jvm.html","title":"\u5df2\u6709 JVM \u6307\u6807\u7684 Java \u5e94\u7528\u5bf9\u63a5\u53ef\u89c2\u6d4b\u6027","text":"\u5982\u679c\u60a8\u7684 Java \u5e94\u7528\u901a\u8fc7\u5176\u4ed6\u65b9\u5f0f\uff08\u6bd4\u5982 Spring Boot Actuator\uff09\u66b4\u9732\u4e86 JVM \u7684\u76d1\u63a7\u6307\u6807\uff0c \u6211\u4eec\u9700\u8981\u8ba9\u76d1\u63a7\u6570\u636e\u88ab\u91c7\u96c6\u5230\u3002\u60a8\u53ef\u4ee5\u901a\u8fc7\u5728\u5de5\u4f5c\u8d1f\u8f7d\u4e2d\u6dfb\u52a0\u6ce8\u89e3\uff08Kubernetes Annotations\uff09\u7684\u65b9\u5f0f\u8ba9 Insight \u6765\u91c7\u96c6\u5df2\u6709\u7684 JVM \u6307\u6807\uff1a
annatation: \n insight.opentelemetry.io/metric-scrape: \"true\" # \u662f\u5426\u91c7\u96c6\n insight.opentelemetry.io/metric-path: \"/\" # \u91c7\u96c6\u6307\u6807\u7684\u8def\u5f84\n insight.opentelemetry.io/metric-port: \"9464\" # \u91c7\u96c6\u6307\u6807\u7684\u7aef\u53e3\n
\u4f8b\u5982\u4e3a my-deployment-app \u6dfb\u52a0\u6ce8\u89e3\uff1a
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: my-deployment-app\nspec:\n selector:\n matchLabels:\n app: my-deployment-app\n app.kubernetes.io/name: my-deployment-app\n replicas: 1\n template:\n metadata:\n labels:\n app: my-deployment-app\n app.kubernetes.io/name: my-deployment-app\n annotations:\n insight.opentelemetry.io/metric-scrape: \"true\" # \u662f\u5426\u91c7\u96c6\n insight.opentelemetry.io/metric-path: \"/\" # \u91c7\u96c6\u6307\u6807\u7684\u8def\u5f84\n insight.opentelemetry.io/metric-port: \"9464\" # \u91c7\u96c6\u6307\u6807\u7684\u7aef\u53e3\n
\u4ee5\u4e0b\u662f\u5b8c\u6574\u793a\u4f8b\uff1a
---\napiVersion: v1\nkind: Service\nmetadata:\n name: spring-boot-actuator-prometheus-metrics-demo\nspec:\n type: NodePort\n selector:\n #app: my-deployment-with-aotu-instrumentation-app\n app.kubernetes.io/name: spring-boot-actuator-prometheus-metrics-demo\n ports:\n - name: http\n port: 8080\n---\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: spring-boot-actuator-prometheus-metrics-demo\nspec:\n selector:\n matchLabels:\n #app: my-deployment-with-aotu-instrumentation-app\n app.kubernetes.io/name: spring-boot-actuator-prometheus-metrics-demo\n replicas: 1\n template:\n metadata:\n labels:\n app.kubernetes.io/name: spring-boot-actuator-prometheus-metrics-demo\n annotations:\n insight.opentelemetry.io/metric-scrape: \"true\" # \u662f\u5426\u91c7\u96c6\n insight.opentelemetry.io/metric-path: \"/actuator/prometheus\" # \u91c7\u96c6\u6307\u6807\u7684\u8def\u5f84\n insight.opentelemetry.io/metric-port: \"8080\" # \u91c7\u96c6\u6307\u6807\u7684\u7aef\u53e3\n spec:\n containers:\n - name: myapp\n image: docker.m.daocloud.io/wutang/spring-boot-actuator-prometheus-metrics-demo\n ports:\n - name: http\n containerPort: 8080\n resources:\n limits:\n cpu: 500m\n memory: 800Mi\n requests:\n cpu: 200m\n memory: 400Mi\n
\u4ee5\u4e0a\u793a\u4f8b\u4e2d\uff0cInsight \u4f1a\u901a\u8fc7 :8080//actuator/prometheus \u6293\u53d6\u901a\u8fc7 Spring Boot Actuator \u66b4\u9732\u51fa\u6765\u7684 Prometheus \u6307\u6807\u3002
"},{"location":"end-user/insight/quickstart/otel/java/jvm-monitor/otel-java-agent.html","title":"\u4f7f\u7528 OpenTelemetry Java Agent \u66b4\u9732 JVM \u76d1\u63a7\u6307\u6807","text":"\u5728 Opentelemetry Agent v1.20.0 \u53ca\u4ee5\u4e0a\u7248\u672c\u4e2d\uff0cOpentelemetry Agent \u65b0\u589e\u4e86 JMX Metric Insight \u6a21\u5757\uff0c\u5982\u679c\u4f60\u7684\u5e94\u7528\u5df2\u7ecf\u96c6\u6210\u4e86 Opentelemetry Agent \u53bb\u91c7\u96c6\u5e94\u7528\u94fe\u8def\uff0c\u90a3\u4e48\u4f60\u4e0d\u518d\u9700\u8981\u53e6\u5916\u5f15\u5165\u5176\u4ed6 Agent \u53bb\u4e3a\u6211\u4eec\u7684\u5e94\u7528\u66b4\u9732 JMX \u6307\u6807\u3002Opentelemetry Agent \u4e5f\u662f\u901a\u8fc7\u68c0\u6d4b\u5e94\u7528\u7a0b\u5e8f\u4e2d\u672c\u5730\u53ef\u7528\u7684 MBean \u516c\u5f00\u7684\u6307\u6807\uff0c\u5bf9\u5176\u8fdb\u884c\u6536\u96c6\u5e76\u66b4\u9732\u6307\u6807\u3002
Opentelemetry Agent \u4e5f\u9488\u5bf9\u5e38\u89c1\u7684 Java Server \u6216\u6846\u67b6\u5185\u7f6e\u4e86\u4e00\u4e9b\u76d1\u63a7\u7684\u6837\u4f8b\uff0c\u8bf7\u53c2\u8003\u9884\u5b9a\u4e49\u7684\u6307\u6807\u3002
\u4f7f\u7528 OpenTelemetry Java Agent \u540c\u6837\u9700\u8981\u8003\u8651\u5982\u4f55\u5c06 JAR \u6302\u8f7d\u8fdb\u5bb9\u5668\uff0c\u9664\u4e86\u53ef\u4ee5\u53c2\u8003\u4e0a\u9762 JMX Exporter \u6302\u8f7d JAR \u6587\u4ef6\u7684\u65b9\u5f0f\u5916\uff0c\u6211\u4eec\u8fd8\u53ef\u4ee5\u501f\u52a9 Opentelemetry \u63d0\u4f9b\u7684 Operator \u7684\u80fd\u529b\u6765\u5b9e\u73b0\u81ea\u52a8\u4e3a\u6211\u4eec\u7684\u5e94\u7528\u5f00\u542f JVM \u6307\u6807\u66b4\u9732\uff1a
\u5982\u679c\u4f60\u7684\u5e94\u7528\u5df2\u7ecf\u96c6\u6210\u4e86 Opentelemetry Agent \u53bb\u91c7\u96c6\u5e94\u7528\u94fe\u8def\uff0c\u90a3\u4e48\u4f60\u4e0d\u518d\u9700\u8981\u53e6\u5916\u5f15\u5165\u5176\u4ed6 Agent \u53bb\u4e3a\u6211\u4eec\u7684\u5e94\u7528\u66b4\u9732 JMX \u6307\u6807\u3002Opentelemetry Agent \u901a\u8fc7\u68c0\u6d4b\u5e94\u7528\u7a0b\u5e8f\u4e2d\u672c\u5730\u53ef\u7528\u7684 MBean \u516c\u5f00\u7684\u6307\u6807\uff0c\u73b0\u5728\u53ef\u4ee5\u672c\u5730\u6536\u96c6\u5e76\u66b4\u9732\u6307\u6807\u63a5\u53e3\u3002
\u4f46\u662f\uff0c\u622a\u81f3\u76ee\u524d\u7248\u672c\uff0c\u4f60\u4ecd\u7136\u9700\u8981\u624b\u52a8\u4e3a\u5e94\u7528\u52a0\u4e0a\u76f8\u5e94\u6ce8\u89e3\u4e4b\u540e\uff0cJVM \u6570\u636e\u624d\u4f1a\u88ab Insight \u91c7\u96c6\u5230\uff0c\u5177\u4f53\u6ce8\u89e3\u5185\u5bb9\u8bf7\u53c2\u8003 \u5df2\u6709 JVM \u6307\u6807\u7684 Java \u5e94\u7528\u5bf9\u63a5\u53ef\u89c2\u6d4b\u6027\u3002
"},{"location":"end-user/insight/quickstart/otel/java/jvm-monitor/otel-java-agent.html#java","title":"\u4e3a Java \u4e2d\u95f4\u4ef6\u66b4\u9732\u6307\u6807","text":"Opentelemetry Agent \u4e5f\u5185\u7f6e\u4e86\u4e00\u4e9b\u4e2d\u95f4\u4ef6\u76d1\u63a7\u7684\u6837\u4f8b\uff0c\u8bf7\u53c2\u8003 \u9884\u5b9a\u4e49\u6307\u6807\u3002
\u9ed8\u8ba4\u6ca1\u6709\u6307\u5b9a\u4efb\u4f55\u7c7b\u578b\uff0c\u9700\u8981\u901a\u8fc7 -Dotel.jmx.target.system JVM Options \u6307\u5b9a,\u6bd4\u5982 -Dotel.jmx.target.system=jetty,kafka-broker \u3002
"},{"location":"end-user/insight/quickstart/otel/java/jvm-monitor/otel-java-agent.html#_1","title":"\u53c2\u8003","text":"Gaining JMX Metric Insights with the OpenTelemetry Java Agent
Otel jmx metrics
\u867d\u7136 OpenShift \u7cfb\u7edf\u81ea\u5e26\u4e86\u4e00\u5957\u76d1\u63a7\u7cfb\u7edf\uff0c\u56e0\u4e3a\u6570\u636e\u91c7\u96c6\u7ea6\u5b9a\u7684\u4e00\u4e9b\u89c4\u5219\uff0c\u6211\u4eec\u8fd8\u662f\u4f1a\u5b89\u88c5 Insight Agent\u3002
\u5176\u4e2d\uff0c\u5b89\u9664\u4e86\u57fa\u7840\u7684\u5b89\u88c5\u914d\u7f6e\u4e4b\u5916\uff0chelm install \u7684\u65f6\u5019\u8fd8\u9700\u8981\u589e\u52a0\u5982\u4e0b\u7684\u53c2\u6570\uff1a
## \u9488\u5bf9 fluentbit \u76f8\u5173\u7684\u53c2\u6570\uff1b\n--set fluent-bit.ocp.enabled=true \\\n--set fluent-bit.serviceAccount.create=false \\\n--set fluent-bit.securityContext.runAsUser=0 \\\n--set fluent-bit.securityContext.seLinuxOptions.type=spc_t \\\n--set fluent-bit.securityContext.readOnlyRootFilesystem=false \\\n--set fluent-bit.securityContext.allowPrivilegeEscalation=false \\\n\n## \u542f\u7528\u9002\u914d OpenShift4.x \u7684 Prometheus(CR)\n--set compatibility.openshift.prometheus.enabled=true \\\n\n## \u5173\u95ed\u9ad8\u7248\u672c\u7684 Prometheus \u5b9e\u4f8b\n--set kube-prometheus-stack.prometheus.enabled=false \\\n--set kube-prometheus-stack.kubeApiServer.enabled=false \\\n--set kube-prometheus-stack.kubelet.enabled=false \\\n--set kube-prometheus-stack.kubeControllerManager.enabled=false \\\n--set kube-prometheus-stack.coreDns.enabled=false \\\n--set kube-prometheus-stack.kubeDns.enabled=false \\\n--set kube-prometheus-stack.kubeEtcd.enabled=false \\\n--set kube-prometheus-stack.kubeEtcd.enabled=false \\\n--set kube-prometheus-stack.kubeScheduler.enabled=false \\\n--set kube-prometheus-stack.kubeStateMetrics.enabled=false \\\n--set kube-prometheus-stack.nodeExporter.enabled=false \\\n\n## \u9650\u5236 PrometheusOperator \u5904\u7406\u7684 namespace\uff0c\u907f\u514d\u4e0e OpenShift \u81ea\u5e26\u7684 PrometheusOperator \u76f8\u4e92\u7ade\u4e89\n--set kube-prometheus-stack.prometheusOperator.kubeletService.namespace=\"insight-system\" \\\n--set kube-prometheus-stack.prometheusOperator.prometheusInstanceNamespaces=\"insight-system\" \\\n--set kube-prometheus-stack.prometheusOperator.denyNamespaces[0]=\"openshift-monitoring\" \\\n--set kube-prometheus-stack.prometheusOperator.denyNamespaces[1]=\"openshift-user-workload-monitoring\" \\\n--set kube-prometheus-stack.prometheusOperator.denyNamespaces[2]=\"openshift-customer-monitoring\" \\\n--set kube-prometheus-stack.prometheusOperator.denyNamespaces[3]=\"openshift-route-monitor-operator\" \\\n
"},{"location":"end-user/insight/quickstart/other/install-agent-on-ocp.html#openshift-prometheus","title":"\u901a\u8fc7 OpenShift \u81ea\u8eab\u673a\u5236\uff0c\u5c06\u7cfb\u7edf\u76d1\u63a7\u6570\u636e\u5199\u5165 Prometheus \u4e2d","text":"apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: cluster-monitoring-config\n namespace: openshift-monitoring\ndata:\n config.yaml: |\n prometheusK8s:\n remoteWrite:\n - queueConfig:\n batchSendDeadline: 60s\n maxBackoff: 5s\n minBackoff: 30ms\n minShards: 1\n capacity: 5000\n maxSamplesPerSend: 1000\n maxShards: 100\n remoteTimeout: 30s\n url: http://insight-agent-prometheus.insight-system.svc.cluster.local:9090/api/v1/write\n writeRelabelConfigs:\n - action: keep\n regex: etcd|kubelet|node-exporter|apiserver|kube-state-metrics\n sourceLabels:\n - job\n
"},{"location":"end-user/insight/quickstart/res-plan/index.html","title":"\u90e8\u7f72\u5bb9\u91cf\u89c4\u5212","text":"\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u53ef\u89c2\u6d4b\u6027\u6a21\u5757\u4e3a\u4e86\u907f\u514d\u6d88\u8017\u8fc7\u591a\u8d44\u6e90\uff0c\u5df2\u7ecf\u8bbe\u7f6e\u4e86\u8d44\u6e90\u4e0a\u7ebf\uff08resource limit\uff09\uff0c\u53ef\u89c2\u6d4b\u7cfb\u7edf\u9700\u8981\u5904\u7406\u5927\u91cf\u7684\u6570\u636e\uff0c\u5982\u679c\u5bb9\u91cf\u89c4\u5212\u4e0d\u5408\u7406\uff0c\u53ef\u80fd\u4f1a\u5bfc\u81f4\u7cfb\u7edf\u8d1f\u8f7d\u8fc7\u9ad8\uff0c\u5f71\u54cd\u7a33\u5b9a\u6027\u548c\u53ef\u9760\u6027\u3002
"},{"location":"end-user/insight/quickstart/res-plan/index.html#_2","title":"\u89c2\u6d4b\u7ec4\u4ef6\u7684\u8d44\u6e90\u89c4\u5212","text":"\u53ef\u89c2\u6d4b\u6027\u6a21\u5757\u5305\u542b Insight \u548c Insight Agent\u3002\u5176\u4e2d\uff0cInsight \u4e3b\u8981\u8d1f\u8d23\u89c2\u6d4b\u6570\u636e\u7684\u5b58\u50a8\uff0c\u5206\u6790\u4e0e\u5c55\u793a\u3002\u800c Insight Agent \u5305\u542b\u4e86\u6570\u636e\u91c7\u96c6\u3001\u6570\u636e\u5904\u7406\u3001\u6570\u636e\u4e0a\u4f20\u7b49\u529f\u80fd\u3002
"},{"location":"end-user/insight/quickstart/res-plan/index.html#_3","title":"\u5b58\u50a8\u7ec4\u4ef6\u7684\u5bb9\u91cf\u89c4\u5212","text":"Insight \u7684\u5b58\u50a8\u7ec4\u4ef6\u4e3b\u8981\u5305\u62ec ElasticSearch \u548c VictoriaMetrics. \u5176\u4e2d\uff0cElasticSearch \u4e3b\u8981\u8d1f\u8d23\u5b58\u50a8\u548c\u67e5\u8be2\u65e5\u5fd7\u4e0e\u94fe\u8def\u6570\u636e\uff0cVictoriaMetrics \u4e3b\u8981\u8d1f\u8d23\u5b58\u50a8\u548c\u67e5\u8be2\u6307\u6807\u6570\u636e\u3002
Insight Agent \u7684\u91c7\u96c6\u5668\u4e2d\u5305\u542b Proemtheus\uff0c\u867d\u7136 Prometheus \u672c\u8eab\u662f\u4e00\u4e2a\u72ec\u7acb\u7684\u7ec4\u4ef6\uff0c\u4f46\u662f\u5728 Insight Agent \u4e2d\uff0cPrometheus \u4f1a\u88ab\u7528\u4e8e\u91c7\u96c6\u6570\u636e\uff0c\u56e0\u6b64\u9700\u8981\u5bf9 Prometheus \u7684\u8d44\u6e90\u8fdb\u884c\u89c4\u5212\u3002
\u672c\u6587\u63cf\u8ff0\u4e86 vmstorge \u78c1\u76d8\u6269\u5bb9\u7684\u65b9\u6cd5\uff0c vmstorge \u78c1\u76d8\u89c4\u8303\u8bf7\u53c2\u8003 vmstorage \u78c1\u76d8\u5bb9\u91cf\u89c4\u5212\u3002
"},{"location":"end-user/insight/quickstart/res-plan/modify-vms-disk.html#_1","title":"\u64cd\u4f5c\u6b65\u9aa4","text":""},{"location":"end-user/insight/quickstart/res-plan/modify-vms-disk.html#_2","title":"\u5f00\u542f\u5b58\u50a8\u6c60\u6269\u5bb9","text":"\u4ee5\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u7ba1\u7406\u5458\u6743\u9650\u767b\u5f55 AI \u7b97\u529b\u4e2d\u5fc3 \u5e73\u53f0\uff0c\u70b9\u51fb \u5bb9\u5668\u7ba1\u7406 -> \u96c6\u7fa4\u5217\u8868 \uff0c\u70b9\u51fb kpanda-global-cluster \u96c6\u7fa4\u3002
\u9009\u62e9\u5de6\u4fa7\u5bfc\u822a \u5bb9\u5668\u5b58\u50a8 -> \u6570\u636e\u5377\u58f0\u660e(PVC) \uff0c\u627e\u5230 vmstorage \u7ed1\u5b9a\u7684\u6570\u636e\u5377\u58f0\u660e\u3002
\u70b9\u51fb\u67d0\u4e2a vmstorage PVC\uff0c\u8fdb\u5165 vmstorage \u7684\u6570\u636e\u5377\u58f0\u660e\u8be6\u60c5\uff0c\u786e\u8ba4\u8be5 PVC \u7ed1\u5b9a\u7684\u5b58\u50a8\u6c60\u3002
\u9009\u62e9\u5de6\u4fa7\u5bfc\u822a \u5bb9\u5668\u5b58\u50a8 -> \u5b58\u50a8\u6c60(SC) \uff0c\u627e\u5230 local-path \uff0c\u70b9\u51fb\u76ee\u6807\u53f3\u4fa7\u7684 \u2507 \uff0c\u5728\u5f39\u51fa\u83dc\u5355\u4e2d\u9009\u62e9 \u7f16\u8f91 \u3002
\u5f00\u542f \u6269\u5bb9 \u540e\u70b9\u51fb \u786e\u5b9a \u3002
\u4ee5\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u7ba1\u7406\u5458\u6743\u9650\u767b\u5f55 AI \u7b97\u529b\u4e2d\u5fc3 \u5e73\u53f0\uff0c\u8fdb\u5165 kpanda-global-cluster \u96c6\u7fa4\u8be6\u60c5\u3002
\u9009\u62e9\u5de6\u4fa7\u5bfc\u822a \u81ea\u5b9a\u4e49\u8d44\u6e90 \uff0c\u627e\u5230 vmcluster \u7684\u81ea\u5b9a\u4e49\u8d44\u6e90\u3002
\u70b9\u51fb\u8be5 vmcluster \u81ea\u5b9a\u4e49\u8d44\u6e90\u8fdb\u5165\u8be6\u60c5\u9875\uff0c\u5207\u6362\u5230 insight-system \u547d\u540d\u7a7a\u95f4\u4e0b\uff0c\u4ece insight-victoria-metrics-k8s-stack \u53f3\u4fa7\u83dc\u5355\u9009\u62e9 \u7f16\u8f91 YAML \u3002
\u6839\u636e\u56fe\u4f8b\u4fee\u6539\u540e\u70b9\u51fb \u786e\u5b9a \u3002
\u518d\u6b21\u9009\u62e9\u5de6\u4fa7\u5bfc\u822a \u5bb9\u5668\u5b58\u50a8 -> \u6570\u636e\u5377\u58f0\u660e(PVC) \uff0c\u627e\u5230 vmstorage \u7ed1\u5b9a\u7684\u6570\u636e\u5377\u58f0\u660e\u786e\u8ba4\u4fee\u6539\u5df2\u751f\u6548\u3002\u5728\u67d0\u4e2a PVC \u8be6\u60c5\u9875\uff0c\u70b9\u51fb\u5173\u8054\u5b58\u50a8\u6e90 (PV)\u3002
\u6253\u5f00\u6570\u636e\u5377\u8be6\u60c5\u9875\uff0c\u70b9\u51fb\u53f3\u4e0a\u89d2 \u66f4\u65b0 \u6309\u94ae\u3002
\u4fee\u6539 \u5bb9\u91cf \u540e\u70b9\u51fb \u786e\u5b9a \uff0c\u7a0d\u7b49\u7247\u523b\u7b49\u5230\u6269\u5bb9\u6210\u529f\u3002
\u82e5\u5b58\u50a8\u5377\u6269\u5bb9\u5931\u8d25\uff0c\u53ef\u53c2\u8003\u4ee5\u4e0b\u65b9\u6cd5\u514b\u9686\u5b58\u50a8\u5377\u3002
\u4ee5\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u7ba1\u7406\u5458\u6743\u9650\u767b\u5f55 AI \u7b97\u529b\u4e2d\u5fc3 \u5e73\u53f0\uff0c\u8fdb\u5165 kpanda-global-cluster \u96c6\u7fa4\u8be6\u60c5\u3002
\u9009\u62e9\u5de6\u4fa7\u5bfc\u822a \u5de5\u4f5c\u8d1f\u8f7d -> \u6709\u72b6\u6001\u8d1f\u8f7d \uff0c\u627e\u5230 vmstorage \u7684\u6709\u72b6\u6001\u8d1f\u8f7d\uff0c\u70b9\u51fb\u76ee\u6807\u53f3\u4fa7\u7684 \u2507 \uff0c\u5728\u5f39\u51fa\u83dc\u5355\u4e2d\u9009\u62e9 \u72b6\u6001 -> \u505c\u6b62 -> \u786e\u5b9a \u3002
\u5728\u547d\u4ee4\u884c\u4e2d\u767b\u5f55 kpanda-global-cluster \u96c6\u7fa4\u7684 master \u8282\u70b9\u540e\uff0c\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u590d\u5236 vmstorage \u5bb9\u5668\u4e2d\u7684 vm-data \u76ee\u5f55\u5c06\u6307\u6807\u4fe1\u606f\u5b58\u50a8\u5728\u672c\u5730\uff1a
kubectl cp -n insight-system vmstorage-insight-victoria-metrics-k8s-stack-1:vm-data ./vm-data\n
\u767b\u5f55 AI \u7b97\u529b\u4e2d\u5fc3 \u5e73\u53f0\u8fdb\u5165 kpanda-global-cluster \u96c6\u7fa4\u8be6\u60c5\uff0c\u9009\u62e9\u5de6\u4fa7\u5bfc\u822a \u5bb9\u5668\u5b58\u50a8 -> \u6570\u636e\u5377(PV) \uff0c\u70b9\u51fb\u53f3\u4e0a\u89d2\u7684 \u514b\u9686 \uff0c\u5e76\u4fee\u6539\u6570\u636e\u5377\u7684\u5bb9\u91cf\u3002
\u5220\u9664\u4e4b\u524d vmstorage \u7684\u6570\u636e\u5377\u3002
\u7a0d\u7b49\u7247\u523b\uff0c\u5f85\u5b58\u50a8\u5377\u58f0\u660e\u8ddf\u514b\u9686\u7684\u6570\u636e\u5377\u7ed1\u5b9a\u540e\uff0c\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u5c06\u7b2c 3 \u6b65\u4e2d\u5bfc\u51fa\u7684\u6570\u636e\u5bfc\u5165\u5230\u5bf9\u5e94\u7684\u5bb9\u5668\u4e2d\uff0c\u7136\u540e\u5f00\u542f\u4e4b\u524d\u6682\u505c\u7684 vmstorage \u3002
kubectl cp -n insight-system ./vm-data vmstorage-insight-victoria-metrics-k8s-stack-1:vm-data\n
Prometheus \u5728\u5b9e\u9645\u4f7f\u7528\u8fc7\u7a0b\u4e2d\uff0c\u53d7\u5230\u96c6\u7fa4\u5bb9\u5668\u6570\u91cf\u4ee5\u53ca\u5f00\u542f Istio \u7684\u5f71\u54cd\uff0c\u4f1a\u5bfc\u81f4 Prometheus \u7684 CPU\u3001\u5185\u5b58\u7b49\u8d44\u6e90\u4f7f\u7528\u91cf\u8d85\u51fa\u8bbe\u5b9a\u7684\u8d44\u6e90\u3002
\u4e3a\u4e86\u4fdd\u8bc1\u4e0d\u540c\u89c4\u6a21\u96c6\u7fa4\u4e0b Prometheus \u7684\u6b63\u5e38\u8fd0\u884c\uff0c\u9700\u8981\u6839\u636e\u96c6\u7fa4\u7684\u5b9e\u9645\u89c4\u6a21\u5bf9 Prometheus \u8fdb\u884c\u8d44\u6e90\u8c03\u6574\u3002
"},{"location":"end-user/insight/quickstart/res-plan/prometheus-res.html#_1","title":"\u53c2\u8003\u8d44\u6e90\u89c4\u5212","text":"\u5728\u672a\u5f00\u542f\u7f51\u683c\u60c5\u51b5\u4e0b\uff0c\u6d4b\u8bd5\u60c5\u51b5\u7edf\u8ba1\u51fa\u7cfb\u7edf Job \u6307\u6807\u91cf\u4e0e Pod \u7684\u5173\u7cfb\u4e3a Series \u6570\u91cf = 800 * Pod \u6570\u91cf
\u5728\u5f00\u542f\u670d\u52a1\u7f51\u683c\u65f6\uff0c\u5f00\u542f\u529f\u80fd\u540e Pod \u4ea7\u751f\u7684 Istio \u76f8\u5173\u6307\u6807\u6570\u91cf\u7ea7\u4e3a Series \u6570\u91cf = 768 * Pod \u6570\u91cf
"},{"location":"end-user/insight/quickstart/res-plan/prometheus-res.html#_2","title":"\u5f53\u672a\u5f00\u542f\u670d\u52a1\u7f51\u683c\u65f6","text":"\u4ee5\u4e0b\u8d44\u6e90\u89c4\u5212\u4e3a \u672a\u5f00\u542f\u670d\u52a1\u7f51\u683c \u573a\u666f\u4e0b\uff0cPrometheus \u7684\u8d44\u6e90\u89c4\u5212\u63a8\u8350\uff1a
\u96c6\u7fa4\u89c4\u6a21(Pod \u6570) \u6307\u6807\u91cf(\u672a\u5f00\u542f\u670d\u52a1\u7f51\u683c) CPU(core) \u5185\u5b58(GB) 100 8w Request: 0.5Limit\uff1a1 Request\uff1a2GBLimit\uff1a4GB 200 16w Request\uff1a1Limit\uff1a1.5 Request\uff1a3GBLimit\uff1a6GB 300 24w Request\uff1a1Limit\uff1a2 Request\uff1a3GBLimit\uff1a6GB 400 32w Request\uff1a1Limit\uff1a2 Request\uff1a4GBLimit\uff1a8GB 500 40w Request\uff1a1.5Limit\uff1a3 Request\uff1a5GBLimit\uff1a10GB 800 64w Request\uff1a2Limit\uff1a4 Request\uff1a8GBLimit\uff1a16GB 1000 80w Request\uff1a2.5Limit\uff1a5 Request\uff1a9GBLimit\uff1a18GB 2000 160w Request\uff1a3.5Limit\uff1a7 Request\uff1a20GBLimit\uff1a40GB 3000 240w Request\uff1a4Limit\uff1a8 Request\uff1a33GBLimit\uff1a66GB"},{"location":"end-user/insight/quickstart/res-plan/prometheus-res.html#_3","title":"\u5f53\u5f00\u542f\u670d\u52a1\u7f51\u683c\u529f\u80fd\u65f6","text":"\u4ee5\u4e0b\u8d44\u6e90\u89c4\u5212\u4e3a \u5f00\u542f\u670d\u52a1\u7f51\u683c \u573a\u666f\u4e0b\uff0cPrometheus \u7684\u8d44\u6e90\u89c4\u5212\u63a8\u8350\uff1a
\u96c6\u7fa4\u89c4\u6a21(Pod \u6570) \u6307\u6807\u91cf(\u5df2\u5f00\u542f\u670d\u52a1\u7f51\u683c) CPU(core) \u5185\u5b58(GB) 100 15w Request: 1Limit\uff1a2 Request\uff1a3GBLimit\uff1a6GB 200 31w Request\uff1a2Limit\uff1a3 Request\uff1a5GBLimit\uff1a10GB 300 46w Request\uff1a2Limit\uff1a4 Request\uff1a6GBLimit\uff1a12GB 400 62w Request\uff1a2Limit\uff1a4 Request\uff1a8GBLimit\uff1a16GB 500 78w Request\uff1a3Limit\uff1a6 Request\uff1a10GBLimit\uff1a20GB 800 125w Request\uff1a4Limit\uff1a8 Request\uff1a15GBLimit\uff1a30GB 1000 156w Request\uff1a5Limit\uff1a10 Request\uff1a18GBLimit\uff1a36GB 2000 312w Request\uff1a7Limit\uff1a14 Request\uff1a40GBLimit\uff1a80GB 3000 468w Request\uff1a8Limit\uff1a16 Request\uff1a65GBLimit\uff1a130GBNote
vmstorage \u662f\u8d1f\u8d23\u5b58\u50a8\u53ef\u89c2\u6d4b\u6027\u591a\u96c6\u7fa4\u6307\u6807\u3002 \u4e3a\u4fdd\u8bc1 vmstorage \u7684\u7a33\u5b9a\u6027\uff0c\u9700\u8981\u6839\u636e\u96c6\u7fa4\u6570\u91cf\u53ca\u96c6\u7fa4\u89c4\u6a21\u8c03\u6574 vmstorage \u7684\u78c1\u76d8\u5bb9\u91cf\u3002 \u66f4\u591a\u8d44\u6599\u8bf7\u53c2\u8003 vmstorage \u4fdd\u7559\u671f\u4e0e\u78c1\u76d8\u7a7a\u95f4\u3002
"},{"location":"end-user/insight/quickstart/res-plan/vms-res-plan.html#_1","title":"\u6d4b\u8bd5\u7ed3\u679c","text":"\u7ecf\u8fc7 14 \u5929\u5bf9\u4e0d\u540c\u89c4\u6a21\u7684\u96c6\u7fa4\u7684 vmstorage \u7684\u78c1\u76d8\u89c2\u6d4b\uff0c \u6211\u4eec\u53d1\u73b0 vmstorage \u7684\u78c1\u76d8\u7528\u91cf\u4e0e\u5176\u5b58\u50a8\u7684\u6307\u6807\u91cf\u548c\u5355\u4e2a\u6570\u636e\u70b9\u5360\u7528\u78c1\u76d8\u6b63\u76f8\u5173\u3002
\u78c1\u76d8\u7528\u91cf = \u77ac\u65f6\u6307\u6807\u91cf x 2 x \u5355\u4e2a\u6570\u636e\u70b9\u7684\u5360\u7528\u78c1\u76d8 x 60 x 24 x \u5b58\u50a8\u65f6\u95f4 (\u5929)
\u53c2\u6570\u8bf4\u660e\uff1a
Warning
\u8be5\u516c\u5f0f\u4e3a\u901a\u7528\u65b9\u6848\uff0c\u5efa\u8bae\u5728\u8ba1\u7b97\u7ed3\u679c\u4e0a\u9884\u7559\u5197\u4f59\u78c1\u76d8\u5bb9\u91cf\u4ee5\u4fdd\u8bc1 vmstorage \u7684\u6b63\u5e38\u8fd0\u884c\u3002
"},{"location":"end-user/insight/quickstart/res-plan/vms-res-plan.html#_3","title":"\u53c2\u8003\u5bb9\u91cf","text":"\u8868\u683c\u4e2d\u6570\u636e\u662f\u6839\u636e\u9ed8\u8ba4\u5b58\u50a8\u65f6\u95f4\u4e3a\u4e00\u4e2a\u6708 (30 \u5929)\uff0c\u5355\u4e2a\u6570\u636e\u70b9 (datapoint) \u7684\u5360\u7528\u78c1\u76d8\u53d6 0.9 \u8ba1\u7b97\u6240\u5f97\u7ed3\u679c\u3002 \u591a\u96c6\u7fa4\u573a\u666f\u4e0b\uff0cPod \u6570\u91cf\u8868\u793a\u591a\u96c6\u7fa4 Pod \u6570\u91cf\u7684\u603b\u548c\u3002
"},{"location":"end-user/insight/quickstart/res-plan/vms-res-plan.html#_4","title":"\u5f53\u672a\u5f00\u542f\u670d\u52a1\u7f51\u683c\u65f6","text":"\u96c6\u7fa4\u89c4\u6a21 (Pod \u6570) \u6307\u6807\u91cf \u78c1\u76d8\u5bb9\u91cf 100 8w 6 GiB 200 16w 12 GiB 300 24w 18 GiB 400 32w 24 GiB 500 40w 30 GiB 800 64w 48 GiB 1000 80w 60 GiB 2000 160w 120 GiB 3000 240w 180 GiB"},{"location":"end-user/insight/quickstart/res-plan/vms-res-plan.html#_5","title":"\u5f53\u5f00\u542f\u670d\u52a1\u7f51\u683c\u65f6","text":"\u96c6\u7fa4\u89c4\u6a21 (Pod \u6570) \u6307\u6807\u91cf \u78c1\u76d8\u5bb9\u91cf 100 15w 12 GiB 200 31w 24 GiB 300 46w 36 GiB 400 62w 48 GiB 500 78w 60 GiB 800 125w 94 GiB 1000 156w 120 GiB 2000 312w 235 GiB 3000 468w 350 GiB"},{"location":"end-user/insight/quickstart/res-plan/vms-res-plan.html#_6","title":"\u4e3e\u4f8b\u8bf4\u660e","text":"AI \u7b97\u529b\u4e2d\u5fc3 \u5e73\u53f0\u4e2d\u6709\u4e24\u4e2a\u96c6\u7fa4\uff0c\u5176\u4e2d\u5168\u5c40\u670d\u52a1\u96c6\u7fa4(\u5f00\u542f\u670d\u52a1\u7f51\u683c)\u4e2d\u8fd0\u884c 500 \u4e2a Pod\uff0c\u5de5\u4f5c\u96c6\u7fa4(\u672a\u5f00\u542f\u670d\u52a1\u7f51\u683c)\u8fd0\u884c\u4e86 1000 \u4e2a Pod\uff0c\u9884\u671f\u6307\u6807\u5b58 30 \u5929\u3002
\u5219\u5f53\u524d vmstorage \u78c1\u76d8\u7528\u91cf\u5e94\u8bbe\u7f6e\u4e3a (784000+80000)x2x0.9x60x24x31 = 124384896000 byte = 116 GiB
Note
\u96c6\u7fa4\u4e2d\u6307\u6807\u91cf\u4e0e Pod \u6570\u91cf\u7684\u5173\u7cfb\u53ef\u53c2\u8003 Prometheus \u8d44\u6e90\u89c4\u5212\u3002
"},{"location":"end-user/insight/system-config/modify-config.html","title":"\u4fee\u6539\u7cfb\u7edf\u914d\u7f6e","text":"\u53ef\u89c2\u6d4b\u6027\u4f1a\u9ed8\u8ba4\u6301\u4e45\u5316\u4fdd\u5b58\u6307\u6807\u3001\u65e5\u5fd7\u3001\u94fe\u8def\u7684\u6570\u636e\uff0c\u60a8\u53ef\u53c2\u9605\u672c\u6587\u4fee\u6539\u7cfb\u7edf\u914d\u7f6e\u3002\u8be5\u6587\u6863\u4ec5\u9002\u7528\u4e8e\u5185\u7f6e\u90e8\u7f72\u7684 Elasticsearch\uff0c\u82e5\u4f7f\u7528\u5916\u90e8 Elasticsearch \u53ef\u81ea\u884c\u8c03\u6574\u3002
"},{"location":"end-user/insight/system-config/modify-config.html#_2","title":"\u5982\u4f55\u4fee\u6539\u6307\u6807\u6570\u636e\u4fdd\u7559\u671f\u9650","text":"\u5148 ssh \u767b\u5f55\u5230\u5bf9\u5e94\u7684\u8282\u70b9\uff0c\u53c2\u8003\u4ee5\u4e0b\u6b65\u9aa4\u4fee\u6539\u6307\u6807\u6570\u636e\u4fdd\u7559\u671f\u9650\u3002
\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a
kubectl edit vmcluster insight-victoria-metrics-k8s-stack -n insight-system\n
\u5728 Yaml \u6587\u4ef6\u4e2d\uff0c retentionPeriod \u7684\u9ed8\u8ba4\u503c\u4e3a 14 \uff0c\u5355\u4f4d\u4e3a \u5929 \u3002\u60a8\u53ef\u6839\u636e\u9700\u6c42\u4fee\u6539\u53c2\u6570\u3002
apiVersion: operator.victoriametrics.com/v1beta1\nkind: VMCluster\nmetadata:\n annotations:\n meta.helm.sh/release-name: insight\n meta.helm.sh/release-namespace: insight-system\n creationTimestamp: \"2022-08-25T04:31:02Z\"\n finalizers:\n - apps.victoriametrics.com/finalizer\n generation: 2\n labels:\n app.kubernetes.io/instance: insight\n app.kubernetes.io/managed-by: Helm\n app.kubernetes.io/name: victoria-metrics-k8s-stack\n app.kubernetes.io/version: 1.77.2\n helm.sh/chart: victoria-metrics-k8s-stack-0.9.3\n name: insight-victoria-metrics-k8s-stack\n namespace: insight-system\n resourceVersion: \"123007381\"\n uid: 55cee8d6-c651-404b-b2c9-50603b405b54\nspec:\n replicationFactor: 1\n retentionPeriod: \"14\"\n vminsert:\n extraArgs:\n maxLabelsPerTimeseries: \"45\"\n image:\n repository: docker.m.daocloud.io/victoriametrics/vminsert\n tag: v1.80.0-cluster\n replicaCount: 1\n
\u4fdd\u5b58\u4fee\u6539\u540e\uff0c\u8d1f\u8d23\u5b58\u50a8\u6307\u6807\u7684\u7ec4\u4ef6\u7684\u5bb9\u5668\u7ec4\u4f1a\u81ea\u52a8\u91cd\u542f\uff0c\u7a0d\u7b49\u7247\u523b\u5373\u53ef\u3002
\u5148 ssh \u767b\u5f55\u5230\u5bf9\u5e94\u7684\u8282\u70b9\uff0c\u53c2\u8003\u4ee5\u4e0b\u6b65\u9aa4\u4fee\u6539\u65e5\u5fd7\u6570\u636e\u4fdd\u7559\u671f\u9650\uff1a
"},{"location":"end-user/insight/system-config/modify-config.html#json","title":"\u65b9\u6cd5\u4e00\uff1a\u4fee\u6539 Json \u6587\u4ef6","text":"\u4fee\u6539\u4ee5\u4e0b\u6587\u4ef6\u4e2d rollover \u5b57\u6bb5\u4e2d\u7684 max_age \u53c2\u6570\uff0c\u5e76\u8bbe\u7f6e\u4fdd\u7559\u671f\u9650\uff0c\u9ed8\u8ba4\u5b58\u50a8\u65f6\u957f\u4e3a 7d \u3002\u6ce8\u610f\u9700\u8981\u4fee\u6539\u7b2c\u4e00\u884c\u4e2d\u7684 Elastic \u7528\u6237\u540d\u548c\u5bc6\u7801\u3001IP \u5730\u5740\u548c\u7d22\u5f15\u3002
curl --insecure --location -u\"elastic:amyVt4o826e322TUVi13Ezw6\" -X PUT \"https://172.30.47.112:30468/_ilm/policy/insight-es-k8s-logs-policy?pretty\" -H 'Content-Type: application/json' -d'\n{\n \"policy\": {\n \"phases\": {\n \"hot\": {\n \"min_age\": \"0ms\",\n \"actions\": {\n \"set_priority\": {\n \"priority\": 100\n },\n \"rollover\": {\n \"max_age\": \"8d\",\n \"max_size\": \"10gb\"\n }\n }\n },\n \"warm\": {\n \"min_age\": \"10d\",\n \"actions\": {\n \"forcemerge\": {\n \"max_num_segments\": 1\n }\n }\n },\n \"delete\": {\n \"min_age\": \"30d\",\n \"actions\": {\n \"delete\": {}\n }\n }\n }\n }\n}'\n
\u4fee\u6539\u5b8c\u540e\uff0c\u6267\u884c\u4ee5\u4e0a\u547d\u4ee4\u3002\u5b83\u4f1a\u6253\u5370\u51fa\u5982\u4e0b\u6240\u793a\u5185\u5bb9\uff0c\u5219\u4fee\u6539\u6210\u529f\u3002
{\n\"acknowledged\" : true\n}\n
\u767b\u5f55 kibana \uff0c\u9009\u62e9\u5de6\u4fa7\u5bfc\u822a\u680f Stack Management \u3002
\u9009\u62e9\u5de6\u4fa7\u5bfc\u822a Index Lifecycle Polices \uff0c\u5e76\u627e\u5230\u7d22\u5f15 insight-es-k8s-logs-policy \uff0c\u70b9\u51fb\u8fdb\u5165\u8be6\u60c5\u3002
\u5c55\u5f00 Hot phase \u914d\u7f6e\u9762\u677f\uff0c\u4fee\u6539 Maximum age \u53c2\u6570\uff0c\u5e76\u8bbe\u7f6e\u4fdd\u7559\u671f\u9650\uff0c\u9ed8\u8ba4\u5b58\u50a8\u65f6\u957f\u4e3a 7d \u3002
\u4fee\u6539\u5b8c\u540e\uff0c\u70b9\u51fb\u9875\u9762\u5e95\u90e8\u7684 Save policy \u5373\u4fee\u6539\u6210\u529f\u3002
\u5148 ssh \u767b\u5f55\u5230\u5bf9\u5e94\u7684\u8282\u70b9\uff0c\u53c2\u8003\u4ee5\u4e0b\u6b65\u9aa4\u4fee\u6539\u94fe\u8def\u6570\u636e\u4fdd\u7559\u671f\u9650\uff1a
"},{"location":"end-user/insight/system-config/modify-config.html#json_1","title":"\u65b9\u6cd5\u4e00\uff1a\u4fee\u6539 Json \u6587\u4ef6","text":"\u4fee\u6539\u4ee5\u4e0b\u6587\u4ef6\u4e2d rollover \u5b57\u6bb5\u4e2d\u7684 max_age \u53c2\u6570\uff0c\u5e76\u8bbe\u7f6e\u4fdd\u7559\u671f\u9650\uff0c\u9ed8\u8ba4\u5b58\u50a8\u65f6\u957f\u4e3a 7d \u3002\u6ce8\u610f\u9700\u8981\u4fee\u6539\u7b2c\u4e00\u884c\u4e2d\u7684 Elastic \u7528\u6237\u540d\u548c\u5bc6\u7801\u3001IP \u5730\u5740\u548c\u7d22\u5f15\u3002
curl --insecure --location -u\"elastic:amyVt4o826e322TUVi13Ezw6\" -X PUT \"https://172.30.47.112:30468/_ilm/policy/jaeger-ilm-policy?pretty\" -H 'Content-Type: application/json' -d'\n{\n \"policy\": {\n \"phases\": {\n \"hot\": {\n \"min_age\": \"0ms\",\n \"actions\": {\n \"set_priority\": {\n \"priority\": 100\n },\n \"rollover\": {\n \"max_age\": \"6d\",\n \"max_size\": \"10gb\"\n }\n }\n },\n \"warm\": {\n \"min_age\": \"10d\",\n \"actions\": {\n \"forcemerge\": {\n \"max_num_segments\": 1\n }\n }\n },\n \"delete\": {\n \"min_age\": \"30d\",\n \"actions\": {\n \"delete\": {}\n }\n }\n }\n }\n}'\n
\u4fee\u6539\u5b8c\u540e\uff0c\u5728\u63a7\u5236\u53f0\u6267\u884c\u4ee5\u4e0a\u547d\u4ee4\u3002\u5b83\u4f1a\u6253\u5370\u51fa\u5982\u4e0b\u6240\u793a\u5185\u5bb9\uff0c\u5219\u4fee\u6539\u6210\u529f\u3002
{\n\"acknowledged\" : true\n}\n
\u767b\u5f55 kibana \uff0c\u9009\u62e9\u5de6\u4fa7\u5bfc\u822a\u680f Stack Management \u3002
\u9009\u62e9\u5de6\u4fa7\u5bfc\u822a Index Lifecycle Polices \uff0c\u5e76\u627e\u5230\u7d22\u5f15 jaeger-ilm-policy \uff0c\u70b9\u51fb\u8fdb\u5165\u8be6\u60c5\u3002
\u5c55\u5f00 Hot phase \u914d\u7f6e\u9762\u677f\uff0c\u4fee\u6539 Maximum age \u53c2\u6570\uff0c\u5e76\u8bbe\u7f6e\u4fdd\u7559\u671f\u9650\uff0c\u9ed8\u8ba4\u5b58\u50a8\u65f6\u957f\u4e3a 7d \u3002
\u4fee\u6539\u5b8c\u540e\uff0c\u70b9\u51fb\u9875\u9762\u5e95\u90e8\u7684 Save policy \u5373\u4fee\u6539\u6210\u529f\u3002
\u5728\u7cfb\u7edf\u7ec4\u4ef6\u9875\u9762\u53ef\u5feb\u901f\u7684\u67e5\u770b\u53ef\u89c2\u6d4b\u6027\u6a21\u5757\u4e2d\u7cfb\u7edf\u7ec4\u4ef6\u7684\u8fd0\u884c\u72b6\u6001\uff0c\u5f53\u7cfb\u7528\u7ec4\u4ef6\u53d1\u751f\u6545\u969c\u65f6\uff0c\u4f1a\u5bfc\u81f4\u53ef\u89c2\u6d4b\u6a21\u5757\u4e2d\u7684\u90e8\u5206\u529f\u80fd\u4e0d\u53ef\u7528\u3002
\u5728\u5de6\u8fb9\u5bfc\u822a\u680f\u9009\u62e9 \u7cfb\u7edf\u7ba1\u7406 -> \u7cfb\u7edf\u7ec4\u4ef6 \u3002
Note
\u82e5\u4f7f\u7528\u5916\u90e8 Elasticsearch \u53ef\u80fd\u65e0\u6cd5\u83b7\u53d6\u90e8\u5206\u6570\u636e\u4ee5\u81f4\u4e8e Elasticsearch \u7684\u4fe1\u606f\u4e3a\u7a7a\u3002
"},{"location":"end-user/insight/system-config/system-config.html","title":"\u7cfb\u7edf\u914d\u7f6e","text":"\u7cfb\u7edf\u914d\u7f6e \u5c55\u793a\u6307\u6807\u3001\u65e5\u5fd7\u3001\u94fe\u8def\u9ed8\u8ba4\u7684\u4fdd\u5b58\u65f6\u957f\u4ee5\u53ca\u9ed8\u8ba4\u7684 Apdex \u9608\u503c\u3002
\u70b9\u51fb\u53f3\u4fa7\u5bfc\u822a\u680f\uff0c\u9009\u62e9 \u7cfb\u7edf\u914d\u7f6e\u3002
\u4fee\u6539\u5386\u53f2\u544a\u8b66\u5b58\u50a8\u65f6\u957f\uff0c\u70b9\u51fb \u7f16\u8f91 \u8f93\u5165\u76ee\u6807\u65f6\u957f\u3002
\u5f53\u5b58\u50a8\u65f6\u957f\u8bbe\u7f6e\u4e3a \"0\" \u5c06\u4e0d\u6e05\u9664\u5386\u53f2\u544a\u8b66\u3002
\u4fee\u6539\u62d3\u6251\u56fe\u6e32\u67d3\u9ed8\u8ba4\u914d\u7f6e\uff0c\u70b9\u51fb \u7f16\u8f91 \u6839\u636e\u9700\u6c42\u5b9a\u4e49\u7cfb\u7edf\u4e2d\u62d3\u6251\u56fe\u9608\u503c\u3002
\u9608\u503c\u8bbe\u7f6e\u5fc5\u987b\u5927\u4e8e 0\uff0c\u524d\u9762\u586b\u5199\u7684\u9608\u503c\u5fc5\u987b\u5c0f\u4e8e\u540e\u9762\u586b\u5199\u7684\u3002\u4e14\u586b\u5199\u7684\u9608\u503c\u5fc5\u987b\u5728\u6700\u5927\u548c\u6700\u5c0f\u7684\u8303\u56f4\u4e4b\u95f4\u3002
Note
\u4fee\u6539\u5176\u4ed6\u914d\u7f6e\uff0c\u8bf7\u70b9\u51fb\u67e5\u770b\u5982\u4f55\u4fee\u6539\u7cfb\u7edf\u914d\u7f6e\uff1f
"},{"location":"end-user/insight/trace/service.html","title":"\u670d\u52a1\u76d1\u63a7","text":"\u5728 \u53ef\u89c2\u6d4b\u6027 Insight \u4e2d\u670d\u52a1\u662f\u6307\u4f7f\u7528 Opentelemtry SDK \u63a5\u5165\u94fe\u8def\u6570\u636e\uff0c\u670d\u52a1\u76d1\u63a7\u80fd\u591f\u8f85\u52a9\u8fd0\u7ef4\u8fc7\u7a0b\u4e2d\u89c2\u5bdf\u5e94\u7528\u7a0b\u5e8f\u7684\u6027\u80fd\u548c\u72b6\u6001\u3002
\u5982\u4f55\u4f7f\u7528 OpenTelemetry \u8bf7\u53c2\u8003\u4f7f\u7528 OTel \u8d4b\u4e88\u5e94\u7528\u53ef\u89c2\u6d4b\u6027\u3002
"},{"location":"end-user/insight/trace/service.html#_2","title":"\u540d\u8bcd\u89e3\u91ca","text":"\u670d\u52a1\u5217\u8868\u9875\u9762\u5c55\u793a\u4e86\u96c6\u7fa4\u4e2d\u6240\u6709\u5df2\u63a5\u5165\u94fe\u8def\u6570\u636e\u7684\u670d\u52a1\u7684\u541e\u5410\u7387\u3001\u9519\u8bef\u7387\u3001\u8bf7\u6c42\u5ef6\u65f6\u7b49\u5173\u952e\u6307\u6807\u3002 \u60a8\u53ef\u4ee5\u6839\u636e\u96c6\u7fa4\u3001\u547d\u540d\u7a7a\u95f4\u5bf9\u670d\u52a1\u8fdb\u884c\u8fc7\u6ee4\uff0c\u4e5f\u53ef\u4ee5\u6309\u7167\u541e\u5410\u7387\u3001\u9519\u8bef\u7387\u3001\u8bf7\u6c42\u5ef6\u65f6\u5bf9\u8be5\u5217\u8868\u8fdb\u884c\u6392\u5e8f\u3002\u5217\u8868\u4e2d\u7684\u6307\u6807\u6570\u636e\u9ed8\u8ba4\u65f6\u95f4\u4e3a 1 \u5c0f\u65f6\uff0c\u60a8\u53ef\u4ee5\u81ea\u5b9a\u4e49\u65f6\u95f4\u8303\u56f4\u3002
\u8bf7\u6309\u7167\u4ee5\u4e0b\u6b65\u9aa4\u67e5\u770b\u670d\u52a1\u76d1\u63a7\u6307\u6807\uff1a
\u8fdb\u5165 \u53ef\u89c2\u6d4b\u6027 \u4ea7\u54c1\u6a21\u5757\u3002
\u5728\u5de6\u8fb9\u5bfc\u822a\u680f\u9009\u62e9 \u94fe\u8def\u8ffd\u8e2a -> \u670d\u52a1 \u3002
Attention
\u70b9\u51fb\u670d\u52a1\u540d (\u4ee5 insight-server \u4e3a\u4f8b)\uff0c\u70b9\u51fb\u8fdb\u5165\u670d\u52a1\u8be6\u60c5\u9875\uff0c\u67e5\u770b\u670d\u52a1\u7684\u8be6\u7ec6\u6307\u6807\u548c\u8be5\u670d\u52a1\u7684\u64cd\u4f5c\u6307\u6807\u3002
\u70b9\u51fb Tab \u5207\u6362\u5230 \u64cd\u4f5c\u6307\u6807 \uff0c\u53ef\u67e5\u8be2\u591a\u9009\u670d\u52a1\u76f8\u540c\u64cd\u4f5c\u7684\u805a\u5408\u8d77\u6765\u7684\u6d41\u91cf\u6307\u6807\u3002
\u670d\u52a1\u62d3\u6251\u56fe\u662f\u5bf9\u670d\u52a1\u4e4b\u95f4\u8fde\u63a5\u3001\u901a\u4fe1\u548c\u4f9d\u8d56\u5173\u7cfb\u7684\u53ef\u89c6\u5316\u8868\u793a\u3002\u901a\u8fc7\u53ef\u89c6\u5316\u62d3\u6251\u4e86\u89e3\u670d\u52a1\u95f4\u7684\u8c03\u7528\u5173\u7cfb\uff0c \u67e5\u770b\u670d\u52a1\u5728\u6307\u5b9a\u65f6\u95f4\u5185\u7684\u8c03\u7528\u53ca\u5176\u6027\u80fd\u72b6\u51b5\u3002\u62d3\u6251\u56fe\u7684\u8282\u70b9\u4e4b\u95f4\u7684\u8054\u7cfb\u4ee3\u8868\u4e24\u4e2a\u670d\u52a1\u5728\u67e5\u8be2\u65f6\u95f4\u8303\u56f4\u5185\u670d\u52a1\u4e4b\u95f4\u7684\u5b58\u5728\u8c03\u7528\u5173\u7cfb\u3002
"},{"location":"end-user/insight/trace/topology.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u5728\u62d3\u6251\u56fe\u4e2d\uff0c\u60a8\u53ef\u6309\u9700\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\uff1a
\u70b9\u51fb\u53f3\u4e0b\u89d2 \u56fe\u4f8b \uff0c\u53ef\u901a\u8fc7 \u4e34\u65f6\u914d\u7f6e \u4fee\u6539\u5f53\u524d\u7684\u62d3\u6251\u56fe\u5b9a\u4e49\u7684\u6e32\u67d3\u9608\u503c\uff0c\u8df3\u51fa\u6216\u5173\u95ed\u8be5\u9875\u9762\u5373\u4f1a\u4e22\u5931\u8be5\u914d\u7f6e\u3002
\u9608\u503c\u8bbe\u7f6e\u5fc5\u987b\u5927\u4e8e 0\uff0c\u524d\u9762\u586b\u5199\u7684\u9608\u503c\u5fc5\u987b\u5c0f\u4e8e\u540e\u9762\u586b\u5199\u7684\u3002\u4e14\u586b\u5199\u7684\u9608\u503c\u5fc5\u987b\u5728\u6700\u5927\u548c\u6700\u5c0f\u7684\u8303\u56f4\u4e4b\u95f4\u3002
\u5728\u670d\u52a1\u62d3\u6251\u4e2d\u4f1a\u5b58\u5728\u6e38\u79bb\u5728\u96c6\u7fa4\u4e4b\u5916\u7684\u8282\u70b9\uff0c\u8fd9\u4e9b\u6e38\u79bb\u5728\u5916\u7684\u8282\u70b9\u53ef\u5206\u6210\u4e09\u7c7b\uff1a
\u865a\u62df\u8282\u70b9
\u82e5\u670d\u52a1\u53d1\u8d77\u8bf7\u6c42\u5230\u6570\u636e\u5e93
\u6216\u6d88\u606f\u961f\u5217
\u65f6\uff0c\u62d3\u6251\u56fe\u4e2d\u4f1a\u9ed8\u8ba4\u5c55\u793a\u8fd9\u4e24\u7c7b\u8282\u70b9\u3002 \u800c\u865a\u62df\u670d\u52a1
\u8868\u793a\u96c6\u7fa4\u5185\u670d\u52a1\u8bf7\u6c42\u4e86\u96c6\u7fa4\u5916\u7684\u8282\u70b9\u6216\u8005\u672a\u63a5\u5165\u94fe\u8def\u7684\u670d\u52a1\uff0c\u62d3\u6251\u56fe\u4e2d\u9ed8\u8ba4\u4e0d\u4f1a\u5c55\u793a \u865a\u62df\u670d\u52a1
\u3002
\u5f53\u670d\u52a1\u8bf7\u6c42\u5230 MySQL\u3001PostgreSQL\u3001Oracle Database \u8fd9\u4e09\u79cd\u6570\u636e\u5e93\u65f6\uff0c\u5728\u62d3\u6251\u56fe\u4e2d\u53ef\u4ee5\u770b\u5230\u8bf7\u6c42\u7684\u8be6\u7ec6\u6570\u636e\u5e93\u7c7b\u578b\u3002
\u66f4\u65b0 insight-server chart \u7684 values\uff0c\u627e\u5230\u4e0b\u56fe\u6240\u793a\u53c2\u6570\uff0c\u5c06 false
\u6539\u4e3a true
\u3002
\u5728\u670d\u52a1\u62d3\u6251\u7684\u663e\u793a\u8bbe\u7f6e\u4e2d\u52fe\u9009 \u865a\u62df\u670d\u52a1 \u3002
\u5728\u94fe\u8def\u67e5\u8be2\u9875\u9762\uff0c\u60a8\u53ef\u4ee5\u8fc7 TraceID \u6216\u7cbe\u786e\u67e5\u8be2\u8c03\u7528\u94fe\u8def\u8be6\u7ec6\u60c5\u51b5\u6216\u7ed3\u5408\u591a\u79cd\u6761\u4ef6\u7b5b\u9009\u67e5\u8be2\u8c03\u7528\u94fe\u8def\u3002
"},{"location":"end-user/insight/trace/trace.html#_2","title":"\u540d\u8bcd\u89e3\u91ca","text":"\u8bf7\u6309\u7167\u4ee5\u4e0b\u6b65\u9aa4\u67e5\u8be2\u94fe\u8def\uff1a
\u5728\u5de6\u8fb9\u5bfc\u822a\u680f\u9009\u62e9 \u94fe\u8def\u8ffd\u8e2a -> \u8c03\u7528\u94fe\u3002
Note
\u5217\u8868\u4e2d\u652f\u6301\u5bf9 Span \u6570\u3001\u5ef6\u65f6\u3001\u53d1\u751f\u65f6\u95f4\u8fdb\u884c\u6392\u5e8f\u3002
\u70b9\u51fb\u7b5b\u9009\u680f\u4e2d\u7684 TraceID \u641c\u7d22 \u5207\u6362\u4f7f\u7528 TraceID \u641c\u7d22\u94fe\u8def\u3002
\u4f7f\u7528 TraceID \u641c\u7d22\u8bf7\u8f93\u5165\u5b8c\u6574\u7684 TraceID\u3002
\u70b9\u51fb\u94fe\u8def\u5217\u8868\u4e2d\u7684\u67d0\u4e00\u94fe\u8def\u7684 TraceID\uff0c\u53ef\u67e5\u770b\u8be5\u94fe\u8def\u7684\u8be6\u60c5\u8c03\u7528\u60c5\u51b5\u3002
\u70b9\u51fb\u94fe\u8def\u6570\u636e\u53f3\u4fa7\u7684\u56fe\u6807\uff0c\u53ef\u67e5\u8be2\u8be5\u94fe\u8def\u7684\u5173\u8054\u65e5\u5fd7\u3002
\u70b9\u51fb \u67e5\u770b\u66f4\u591a \u540e\u53ef\u5e26\u6761\u4ef6\u8df3\u8f6c\u5230 \u65e5\u5fd7\u67e5\u8be2 \u7684\u9875\u9762\u3002
\u9ed8\u8ba4\u641c\u7d22\u5168\u90e8\u65e5\u5fd7\uff0c\u4f46\u53ef\u4e0b\u62c9\u6839\u636e\u94fe\u8def\u7684 TraceID \u6216\u94fe\u8def\u8c03\u7528\u8fc7\u7a0b\u4e2d\u76f8\u5173\u7684\u5bb9\u5668\u65e5\u5fd7\u8fdb\u884c\u8fc7\u6ee4\u3002
Note
\u7531\u4e8e\u94fe\u8def\u4f1a\u8de8\u96c6\u7fa4\u6216\u8de8\u547d\u540d\u7a7a\u95f4\uff0c\u82e5\u7528\u6237\u6743\u9650\u4e0d\u8db3\uff0c\u5219\u65e0\u6cd5\u67e5\u8be2\u8be5\u94fe\u8def\u7684\u5173\u8054\u65e5\u5fd7\u3002
\u5982\u679c\u8282\u70b9\u4e0d\u591f\u7528\u4e86\uff0c\u53ef\u4ee5\u6dfb\u52a0\u66f4\u591a\u8282\u70b9\u5230\u96c6\u7fa4\u4e2d\u3002
"},{"location":"end-user/k8s/add-node.html#_2","title":"\u524d\u7f6e\u6761\u4ef6","text":"\u5bfc\u822a\u81f3 \u5bb9\u5668\u7ba1\u7406 -> \u96c6\u7fa4\u5217\u8868 \uff0c\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0
\u8fdb\u5165\u96c6\u7fa4\u6982\u89c8\u9875\uff0c\u70b9\u51fb \u8282\u70b9\u7ba1\u7406 \uff0c\u70b9\u51fb\u53f3\u4fa7\u7684 \u63a5\u5165\u8282\u70b9 \u6309\u94ae
\u6309\u7167\u5411\u5bfc\uff0c\u586b\u5199\u5404\u9879\u53c2\u6570\u540e\u70b9\u51fb \u786e\u5b9a
\u57fa\u672c\u4fe1\u606f\u53c2\u6570\u914d\u7f6e\u5728\u5f39\u7a97\u4e2d\u70b9\u51fb \u786e\u5b9a
\u8fd4\u56de\u8282\u70b9\u5217\u8868\uff0c\u65b0\u63a5\u5165\u7684\u8282\u70b9\u72b6\u6001\u4e3a \u63a5\u5165\u4e2d \uff0c\u7b49\u5f85\u51e0\u5206\u949f\u540e\u72b6\u6001\u53d8\u4e3a \u5065\u5eb7 \u5219\u8868\u793a\u63a5\u5165\u6210\u529f\u3002
Tip
\u5bf9\u4e8e\u521a\u63a5\u5165\u6210\u529f\u7684\u8282\u70b9\uff0c\u53ef\u80fd\u8fd8\u8981\u7b49 2-3 \u5206\u949f\u624d\u80fd\u8bc6\u522b\u51fa GPU\u3002
"},{"location":"end-user/k8s/create-k8s.html","title":"\u521b\u5efa\u4e91\u4e0a Kubernetes \u96c6\u7fa4","text":"\u90e8\u7f72 Kubernetes \u96c6\u7fa4\u662f\u4e3a\u4e86\u652f\u6301\u9ad8\u6548\u7684 AI \u7b97\u529b\u8c03\u5ea6\u548c\u7ba1\u7406\uff0c\u5b9e\u73b0\u5f39\u6027\u4f38\u7f29\uff0c\u63d0\u4f9b\u9ad8\u53ef\u7528\u6027\uff0c\u4ece\u800c\u4f18\u5316\u6a21\u578b\u8bad\u7ec3\u548c\u63a8\u7406\u8fc7\u7a0b\u3002
"},{"location":"end-user/k8s/create-k8s.html#_1","title":"\u524d\u7f6e\u6761\u4ef6","text":"\u521b\u5efa\u5e76\u542f\u52a8 3 \u53f0\u4e0d\u5e26 GPU \u7684\u4e91\u4e3b\u673a\u7528\u4f5c\u96c6\u7fa4\u7684 Master \u8282\u70b9
\u5bfc\u822a\u81f3 \u5bb9\u5668\u7ba1\u7406 -> \u96c6\u7fa4\u5217\u8868 \uff0c\u70b9\u51fb\u53f3\u4fa7\u7684 \u521b\u5efa\u96c6\u7fa4 \u6309\u94ae
\u6309\u7167\u5411\u5bfc\uff0c\u914d\u7f6e\u96c6\u7fa4\u7684\u5404\u9879\u53c2\u6570
\u57fa\u672c\u4fe1\u606f\u8282\u70b9\u914d\u7f6e\u7f51\u7edc\u914d\u7f6eAddon \u914d\u7f6e\u9ad8\u7ea7\u914d\u7f6e\u914d\u7f6e\u5b8c\u8282\u70b9\u4fe1\u606f\u540e\uff0c\u70b9\u51fb \u5f00\u59cb\u68c0\u67e5 \uff0c
\u6bcf\u4e2a\u8282\u70b9\u9ed8\u8ba4\u53ef\u8fd0\u884c 110 \u4e2a Pod\uff08\u5bb9\u5668\u7ec4\uff09\uff0c\u5982\u679c\u8282\u70b9\u914d\u7f6e\u6bd4\u8f83\u9ad8\uff0c\u53ef\u4ee5\u8c03\u6574\u5230 200 \u6216 300 \u4e2a Pod\u3002
\u7b49\u5f85\u96c6\u7fa4\u521b\u5efa\u5b8c\u6210\u3002
\u5728\u96c6\u7fa4\u5217\u8868\u4e2d\uff0c\u627e\u5230\u521a\u521b\u5efa\u7684\u96c6\u7fa4\uff0c\u70b9\u51fb\u96c6\u7fa4\u540d\u79f0\uff0c\u5bfc\u822a\u5230 Helm \u5e94\u7528 -> Helm \u6a21\u677f \uff0c\u5728\u641c\u7d22\u6846\u5185\u641c\u7d22 metax-gpu-extensions\uff0c\u70b9\u51fb\u5361\u7247
\u70b9\u51fb\u53f3\u4fa7\u7684 \u5b89\u88c5 \u6309\u94ae\uff0c\u5f00\u59cb\u5b89\u88c5 GPU \u63d2\u4ef6
\u5e94\u7528\u8bbe\u7f6eKubernetes \u7f16\u6392\u786e\u8ba4\u8f93\u5165\u540d\u79f0\uff0c\u9009\u62e9\u547d\u540d\u7a7a\u95f4\uff0c\u5728 YAMl \u4e2d\u4fee\u6539\u955c\u50cf\u5730\u5740\uff1a
\u81ea\u52a8\u8fd4\u56de Helm \u5e94\u7528\u5217\u8868\uff0c\u7b49\u5f85 metax-gpu-extensions \u72b6\u6001\u53d8\u4e3a \u5df2\u90e8\u7f72
\u5230\u6b64\u96c6\u7fa4\u521b\u5efa\u6210\u529f\uff0c\u53ef\u4ee5\u53bb\u67e5\u770b\u96c6\u7fa4\u6240\u5305\u542b\u7684\u8282\u70b9\u3002\u4f60\u53ef\u4ee5\u53bb\u521b\u5efa AI \u5de5\u4f5c\u8d1f\u8f7d\u5e76\u4f7f\u7528 GPU \u4e86\u3002
\u4e0b\u4e00\u6b65\uff1a\u521b\u5efa AI \u5de5\u4f5c\u8d1f\u8f7d
"},{"location":"end-user/k8s/remove-node.html","title":"\u79fb\u9664 GPU \u5de5\u4f5c\u8282\u70b9","text":"GPU \u8d44\u6e90\u7684\u6210\u672c\u76f8\u5bf9\u8f83\u9ad8\uff0c\u5982\u679c\u6682\u65f6\u7528\u4e0d\u5230 GPU\uff0c\u53ef\u4ee5\u5c06\u5e26 GPU \u7684\u5de5\u4f5c\u8282\u70b9\u79fb\u9664\u3002 \u4ee5\u4e0b\u6b65\u9aa4\u4e5f\u540c\u6837\u9002\u7528\u4e8e\u79fb\u9664\u666e\u901a\u5de5\u4f5c\u8282\u70b9\u3002
"},{"location":"end-user/k8s/remove-node.html#_1","title":"\u524d\u7f6e\u6761\u4ef6","text":"\u5bfc\u822a\u81f3 \u5bb9\u5668\u7ba1\u7406 -> \u96c6\u7fa4\u5217\u8868 \uff0c\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0
\u8fdb\u5165\u96c6\u7fa4\u6982\u89c8\u9875\uff0c\u70b9\u51fb \u8282\u70b9\u7ba1\u7406 \uff0c\u627e\u5230\u8981\u79fb\u9664\u7684\u8282\u70b9\uff0c\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507 \uff0c\u5728\u5f39\u51fa\u83dc\u5355\u4e2d\u9009\u62e9 \u79fb\u9664\u8282\u70b9
\u5728\u5f39\u6846\u4e2d\u8f93\u5165\u8282\u70b9\u540d\u79f0\uff0c\u786e\u8ba4\u65e0\u8bef\u540e\u70b9\u51fb \u5220\u9664
\u81ea\u52a8\u8fd4\u56de\u8282\u70b9\u5217\u8868\uff0c\u72b6\u6001\u4e3a \u79fb\u9664\u4e2d \uff0c\u51e0\u5206\u949f\u540e\u5237\u65b0\u9875\u9762\uff0c\u8282\u70b9\u4e0d\u5728\u4e86\uff0c\u8bf4\u660e\u8282\u70b9\u88ab\u6210\u529f\u79fb\u9664
\u4ece UI \u5217\u8868\u79fb\u9664\u8282\u70b9\u540e\uff0c\u901a\u8fc7 SSH \u767b\u5f55\u5230\u5df2\u79fb\u9664\u7684\u8282\u70b9\u4e3b\u673a\uff0c\u6267\u884c\u5173\u673a\u547d\u4ee4\u3002
Tip
\u5728 UI \u4e0a\u79fb\u9664\u8282\u70b9\u5e76\u5c06\u5176\u5173\u673a\u540e\uff0c\u8282\u70b9\u4e0a\u7684\u6570\u636e\u5e76\u672a\u88ab\u7acb\u5373\u5220\u9664\uff0c\u8282\u70b9\u6570\u636e\u4f1a\u88ab\u4fdd\u7559\u4e00\u6bb5\u65f6\u95f4\u3002
"},{"location":"end-user/kpanda/backup/index.html","title":"\u5907\u4efd\u6062\u590d","text":"\u5907\u4efd\u6062\u590d\u5206\u4e3a\u5907\u4efd\u548c\u6062\u590d\u4e24\u65b9\u9762\uff0c\u5b9e\u9645\u5e94\u7528\u65f6\u9700\u8981\u5148\u5907\u4efd\u7cfb\u7edf\u5728\u67d0\u4e00\u65f6\u70b9\u7684\u6570\u636e\uff0c\u7136\u540e\u5b89\u5168\u5b58\u50a8\u5730\u5907\u4efd\u6570\u636e\u3002\u540e\u7eed\u5982\u679c\u51fa\u73b0\u6570\u636e\u635f\u574f\u3001\u4e22\u5931\u3001\u8bef\u5220\u7b49\u4e8b\u6545\uff0c\u5c31\u53ef\u4ee5\u57fa\u4e8e\u4e4b\u524d\u7684\u6570\u636e\u5907\u4efd\u5feb\u901f\u8fd8\u539f\u7cfb\u7edf\uff0c\u7f29\u77ed\u6545\u969c\u65f6\u95f4\uff0c\u51cf\u5c11\u635f\u5931\u3002
\u56e0\u6b64\uff0c\u5907\u4efd\u6062\u590d\u975e\u5e38\u91cd\u8981\uff0c\u53ef\u4ee5\u89c6\u4e4b\u4e3a\u7ef4\u62a4\u7cfb\u7edf\u7a33\u5b9a\u548c\u6570\u636e\u5b89\u5168\u7684\u6700\u540e\u4e00\u9053\u4fdd\u9669\u3002
\u5907\u4efd\u901a\u5e38\u5206\u4e3a\u5168\u91cf\u5907\u4efd\u3001\u589e\u91cf\u5907\u4efd\u3001\u5dee\u5f02\u5907\u4efd\u4e09\u79cd\u3002\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u76ee\u524d\u652f\u6301\u5168\u91cf\u5907\u4efd\u548c\u589e\u91cf\u5907\u4efd\u3002
\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u63d0\u4f9b\u7684\u5907\u4efd\u6062\u590d\u53ef\u4ee5\u5206\u4e3a \u5e94\u7528\u5907\u4efd \u548c ETCD \u5907\u4efd \u4e24\u79cd\uff0c\u652f\u6301\u624b\u52a8\u5907\u4efd\uff0c\u6216\u57fa\u4e8e CronJob \u5b9a\u65f6\u81ea\u52a8\u5907\u4efd\u3002
\u5e94\u7528\u5907\u4efd
\u5e94\u7528\u5907\u4efd\u6307\uff0c\u5907\u4efd\u96c6\u7fa4\u4e2d\u7684\u67d0\u4e2a\u5de5\u4f5c\u8d1f\u8f7d\u7684\u6570\u636e\uff0c\u7136\u540e\u5c06\u8be5\u5de5\u4f5c\u8d1f\u8f7d\u7684\u6570\u636e\u6062\u590d\u5230\u672c\u96c6\u7fa4\u6216\u8005\u5176\u4ed6\u96c6\u7fa4\u3002\u652f\u6301\u5907\u4efd\u6574\u4e2a\u547d\u540d\u7a7a\u95f4\u4e0b\u7684\u6240\u6709\u8d44\u6e90\uff0c\u4e5f\u652f\u6301\u901a\u8fc7\u6807\u7b7e\u9009\u62e9\u5668\u8fc7\u6ee4\uff0c\u4ec5\u5907\u4efd\u5e26\u6709\u7279\u5b9a\u6807\u7b7e\u7684\u8d44\u6e90\u3002
\u5e94\u7528\u5907\u4efd\u652f\u6301\u8de8\u96c6\u7fa4\u5907\u4efd\u6709\u72b6\u6001\u5e94\u7528\uff0c\u5177\u4f53\u6b65\u9aa4\u53ef\u53c2\u8003MySQL \u5e94\u7528\u53ca\u6570\u636e\u7684\u8de8\u96c6\u7fa4\u5907\u4efd\u6062\u590d\u3002
ETCD \u5907\u4efd
etcd \u662f Kubernetes \u7684\u6570\u636e\u5b58\u50a8\u7ec4\u4ef6\uff0cKubernetes \u5c06\u81ea\u8eab\u7684\u7ec4\u4ef6\u6570\u636e\u548c\u5176\u4e2d\u7684\u5e94\u7528\u6570\u636e\u90fd\u5b58\u50a8\u5728 etcd \u4e2d\u3002\u56e0\u6b64\uff0c\u5907\u4efd etcd \u5c31\u76f8\u5f53\u4e8e\u5907\u4efd\u6574\u4e2a\u96c6\u7fa4\u7684\u6570\u636e\uff0c\u53ef\u4ee5\u5728\u6545\u969c\u65f6\u5feb\u901f\u5c06\u96c6\u7fa4\u6062\u590d\u5230\u4e4b\u524d\u67d0\u4e00\u65f6\u70b9\u7684\u72b6\u6001\u3002
\u9700\u8981\u6ce8\u610f\u7684\u662f\uff0c\u76ee\u524d\u4ec5\u652f\u6301\u5c06 etcd \u5907\u4efd\u6570\u636e\u6062\u590d\u5230\u540c\u4e00\u96c6\u7fa4\uff08\u539f\u96c6\u7fa4\uff09\u3002
\u672c\u6587\u4ecb\u7ecd\u5982\u4f55\u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4e2d\u4e3a\u5e94\u7528\u505a\u5907\u4efd\uff0c\u672c\u6559\u7a0b\u4e2d\u4f7f\u7528\u7684\u6f14\u793a\u5e94\u7528\u540d\u4e3a dao-2048 \uff0c\u5c5e\u4e8e\u65e0\u72b6\u6001\u5de5\u4f5c\u8d1f\u8f7d\u3002
"},{"location":"end-user/kpanda/backup/deployment.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u5728\u5bf9\u65e0\u72b6\u6001\u5de5\u4f5c\u8d1f\u8f7d\u8fdb\u884c\u5907\u4efd\u524d\uff0c\u9700\u8981\u6ee1\u8db3\u4ee5\u4e0b\u524d\u63d0\u6761\u4ef6\uff1a
\u5728\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u4e2d\u63a5\u5165 Kubernetes \u96c6\u7fa4\u6216\u8005\u7ba1\u7406\u5458\u5df2\u4e3a\u7528\u6237\u521b\u5efa\u4e86\u96c6\u7fa4\uff0c\u4e14\u80fd\u591f\u8bbf\u95ee\u96c6\u7fa4\u7684 UI \u754c\u9762\u3002
\u521b\u5efa\u4e00\u4e2a\u547d\u540d\u7a7a\u95f4\u548c\u7528\u6237\u3002
\u5f53\u524d\u64cd\u4f5c\u7528\u6237\u5e94\u5177\u6709 NS Editor \u6216\u66f4\u9ad8\u6743\u9650\uff0c\u8be6\u60c5\u53ef\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u6388\u6743\u3002
\u5b89\u88c5 velero \u7ec4\u4ef6\uff0c\u4e14 velero \u7ec4\u4ef6\u8fd0\u884c\u6b63\u5e38\u3002
\u521b\u5efa\u4e00\u4e2a\u65e0\u72b6\u6001\u5de5\u4f5c\u8d1f\u8f7d\uff08\u672c\u6559\u7a0b\u4e2d\u7684\u8d1f\u8f7d\u540d\u4e3a dao-2048 \uff09\uff0c\u5e76\u4e3a\u65e0\u72b6\u6001\u5de5\u4f5c\u8d1f\u8f7d\u6253\u4e0a app: dao-2048 \u7684\u6807\u7b7e\u3002
\u53c2\u8003\u4ee5\u4e0b\u6b65\u9aa4\uff0c\u5907\u4efd\u65e0\u72b6\u6001\u5de5\u4f5c\u8d1f\u8f7d dao-2048 \u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\uff0c \u70b9\u51fb \u5bb9\u5668\u7ba1\u7406 -> \u5907\u4efd\u6062\u590d \u3002
\u8fdb\u5165 \u5e94\u7528\u5907\u4efd \u5217\u8868\u9875\u9762\uff0c\u4ece\u96c6\u7fa4\u4e0b\u62c9\u5217\u8868\u4e2d\u9009\u62e9\u5df2\u5b89\u88c5\u4e86 velero \u548c dao-2048 \u7684\u96c6\u7fa4\u3002 \u70b9\u51fb\u53f3\u4fa7\u7684 \u521b\u5efa\u5907\u4efd\u8ba1\u5212 \u6309\u94ae\u3002
\u53c2\u8003\u4e0b\u65b9\u8bf4\u660e\u586b\u5199\u5907\u4efd\u914d\u7f6e\u3002
\u53c2\u8003\u4e0b\u65b9\u8bf4\u660e\u8bbe\u7f6e\u5907\u4efd\u6267\u884c\u9891\u7387\uff0c\u7136\u540e\u70b9\u51fb \u4e0b\u4e00\u6b65 \u3002
*
\u81ea\u5b9a\u4e49 Cron \u8868\u8fbe\u5f0f\uff0c\u8f93\u5165\u8868\u8fbe\u5f0f\u540e\u4e0b\u65b9\u4f1a\u63d0\u793a\u5f53\u524d\u8868\u8fbe\u5f0f\u7684\u542b\u4e49 \u3002\u6709\u5173\u8be6\u7ec6\u7684\u8868\u8fbe\u5f0f\u8bed\u6cd5\u89c4\u5219\uff0c\u53ef\u53c2\u8003 Cron \u65f6\u95f4\u8868\u8bed\u6cd5\u3002\u70b9\u51fb \u786e\u5b9a \uff0c\u9875\u9762\u4f1a\u81ea\u52a8\u8fd4\u56de\u5e94\u7528\u5907\u4efd\u8ba1\u5212\u5217\u8868\u3002\u60a8\u53ef\u4ee5\u627e\u5230\u65b0\u5efa\u7684 dao-2048 \u5907\u4efd\u8ba1\u5212\uff0c\u5728\u53f3\u4fa7\u70b9\u51fb \u2507 \uff0c\u9009\u62e9 \u7acb\u5373\u6267\u884c \u5f00\u59cb\u5907\u4efd\u3002
\u6b64\u65f6\u96c6\u7fa4\u7684 \u4e0a\u4e00\u6b21\u6267\u884c\u72b6\u6001 \u5c06\u8f6c\u53d8\u4e3a \u5907\u4efd\u4e2d \u3002\u7b49\u5f85\u5907\u4efd\u5b8c\u6210\u540e\u53ef\u4ee5\u70b9\u51fb\u5907\u4efd\u8ba1\u5212\u7684\u540d\u79f0\uff0c\u67e5\u770b\u5907\u4efd\u8ba1\u5212\u8be6\u60c5\u3002
Note
\u5982\u679c Job \u7c7b\u578b\u7684\u5de5\u4f5c\u8d1f\u8f7d\u72b6\u6001\u4e3a \u6267\u884c\u5b8c\u6210 \uff0c\u5219\u4e0d\u652f\u6301\u5907\u4efd\u3002
"},{"location":"end-user/kpanda/backup/etcd-backup.html","title":"etcd \u5907\u4efd","text":"etcd \u5907\u4efd\u662f\u4ee5\u96c6\u7fa4\u6570\u636e\u4e3a\u6838\u5fc3\u7684\u5907\u4efd\u3002\u5728\u786c\u4ef6\u8bbe\u5907\u635f\u574f\uff0c\u5f00\u53d1\u6d4b\u8bd5\u914d\u7f6e\u9519\u8bef\u7b49\u573a\u666f\u4e2d\uff0c\u53ef\u4ee5\u901a\u8fc7 etcd \u5907\u4efd\u6062\u590d\u96c6\u7fa4\u6570\u636e\u3002
\u672c\u6587\u4ecb\u7ecd\u5982\u4f55\u4e3a\u96c6\u7fa4\u5236\u4f5c etcd \u5907\u4efd\u3002
"},{"location":"end-user/kpanda/backup/etcd-backup.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u63a5\u5165\u6216\u8005\u7ba1\u7406\u5458\u5df2\u4e3a\u7528\u6237\u521b\u5efa\u4e86\u96c6\u7fa4\uff0c\u4e14\u80fd\u591f\u8bbf\u95ee\u96c6\u7fa4\u7684 UI \u754c\u9762\u3002
\u521b\u5efa\u547d\u540d\u7a7a\u95f4\u548c\u7528\u6237\uff0c\u5e76\u4e3a\u7528\u6237\u6388\u4e88 NS Admin \u6216\u66f4\u9ad8\u6743\u9650\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u6388\u6743\u3002
\u51c6\u5907\u4e00\u4e2a MinIO \u5b9e\u4f8b\u3002
\u53c2\u7167\u4ee5\u4e0b\u6b65\u9aa4\u521b\u5efa etcd \u5907\u4efd\u3002
\u8fdb\u5165 \u5bb9\u5668\u7ba1\u7406 -> \u5907\u4efd\u6062\u590d -> etcd \u5907\u4efd \uff0c\u70b9\u51fb \u5907\u4efd\u7b56\u7565 \u9875\u7b7e\uff0c\u7136\u540e\u5728\u53f3\u4fa7\u70b9\u51fb \u521b\u5efa\u5907\u4efd\u7b56\u7565 \u3002
\u53c2\u8003\u4ee5\u4e0b\u8bf4\u660e\u586b\u5199 \u57fa\u672c\u4fe1\u606f \u3002\u586b\u5199\u5b8c\u6bd5\u540e\u70b9\u51fb \u4e0b\u4e00\u6b65 \uff0c\u7cfb\u7edf\u5c06\u81ea\u52a8\u6821\u9a8c etcd \u7684\u8054\u901a\u6027\uff0c\u6821\u9a8c\u901a\u8fc7\u4e4b\u540e\u53ef\u4ee5\u8fdb\u884c\u4e0b\u4e00\u6b65\u3002
etcd \u5730\u5740\uff1a\u683c\u5f0f\u4e3a https://${\u8282\u70b9IP}:${\u7aef\u53e3\u53f7}
\u5728 kube-system \u547d\u540d\u7a7a\u95f4\u4e0b\u67e5\u627e etcd Pod
kubectl get po -n kube-system | grep etcd\n
\u83b7\u53d6 etcd Pod \u7684 listen-client-urls \u4e2d\u7684\u7aef\u53e3\u53f7
kubectl get po -n kube-system ${etcd_pod_name} -oyaml | grep listen-client-urls # (1)!\n
\u9884\u671f\u8f93\u51fa\u7ed3\u679c\u5982\u4e0b\uff0c\u8282\u70b9 IP \u540e\u7684\u6570\u5b57\u5373\u4e3a\u7aef\u53e3\u53f7:
- --listen-client-urls=https://127.0.0.1:2379,https://10.6.229.191:2379\n
CA \u8bc1\u4e66\uff1a\u53ef\u901a\u8fc7\u5982\u4e0b\u547d\u4ee4\u67e5\u770b\u8bc1\u4e66\uff0c\u7136\u540e\u5c06\u8bc1\u4e66\u5185\u5bb9\u590d\u5236\u7c98\u8d34\u5230\u5bf9\u5e94\u4f4d\u7f6e\uff1a
cat /etc/kubernetes/ssl/etcd/ca.crt\n
Cert \u8bc1\u4e66\uff1a\u53ef\u901a\u8fc7\u5982\u4e0b\u547d\u4ee4\u67e5\u770b\u8bc1\u4e66\uff0c\u7136\u540e\u5c06\u8bc1\u4e66\u5185\u5bb9\u590d\u5236\u7c98\u8d34\u5230\u5bf9\u5e94\u4f4d\u7f6e\uff1a
cat /etc/kubernetes/ssl/apiserver-etcd-client.crt\n
Key\uff1a\u53ef\u901a\u8fc7\u5982\u4e0b\u547d\u4ee4\u67e5\u770b\u8bc1\u4e66\uff0c\u7136\u540e\u5c06\u8bc1\u4e66\u5185\u5bb9\u590d\u5236\u7c98\u8d34\u5230\u5bf9\u5e94\u4f4d\u7f6e\uff1a
cat /etc/kubernetes/ssl/apiserver-etcd-client.key\n
Note
\u70b9\u51fb\u8f93\u5165\u6846\u4e0b\u65b9\u7684 \u5982\u4f55\u83b7\u53d6 \u53ef\u4ee5\u5728 UI \u9875\u9762\u67e5\u770b\u83b7\u53d6\u5bf9\u5e94\u4fe1\u606f\u7684\u65b9\u5f0f\u3002
\u53c2\u8003\u4ee5\u4e0b\u4fe1\u606f\u586b\u5199 \u5907\u4efd\u7b56\u7565 \u3002
\u5907\u4efd\u65b9\u5f0f\uff1a\u9009\u62e9\u624b\u52a8\u5907\u4efd\u6216\u5b9a\u65f6\u5907\u4efd
\u5907\u4efd\u94fe\u957f\u5ea6\uff1a\u6700\u591a\u4fdd\u7559\u591a\u5c11\u6761\u5907\u4efd\u6570\u636e\u3002\u9ed8\u8ba4\u4e3a 30 \u6761\u3002
\u53c2\u8003\u4ee5\u4e0b\u4fe1\u606f\u586b\u5199 \u5b58\u50a8\u4f4d\u7f6e \u3002
\u70b9\u51fb \u786e\u5b9a \u540e\u9875\u9762\u81ea\u52a8\u8df3\u8f6c\u5230\u5907\u4efd\u7b56\u7565\u5217\u8868\uff0c\u53ef\u4ee5\u67e5\u770b\u76ee\u524d\u521b\u5efa\u597d\u7684\u6240\u6709\u7b56\u7565\u3002
\u70b9\u51fb \u65e5\u5fd7 \u53ef\u4ee5\u67e5\u770b\u65e5\u5fd7\u5185\u5bb9\uff0c\u9ed8\u8ba4\u5c55\u793a 100 \u884c\u3002\u82e5\u60f3\u67e5\u770b\u66f4\u591a\u65e5\u5fd7\u4fe1\u606f\u6216\u8005\u4e0b\u8f7d\u65e5\u5fd7\uff0c\u53ef\u5728\u65e5\u5fd7\u4e0a\u65b9\u6839\u636e\u63d0\u793a\u524d\u5f80\u53ef\u89c2\u6d4b\u6027\u6a21\u5757\u3002
"},{"location":"end-user/kpanda/backup/etcd-backup.html#_3","title":"\u67e5\u770b\u5907\u4efd\u7b56\u7565\u8be6\u60c5","text":"\u8fdb\u5165 \u5bb9\u5668\u7ba1\u7406 -> \u5907\u4efd\u6062\u590d -> etcd \u5907\u4efd \uff0c\u70b9\u51fb \u5907\u4efd\u7b56\u7565 \u9875\u7b7e\uff0c\u63a5\u7740\u70b9\u51fb\u7b56\u7565\u540d\u79f0\u53ef\u4ee5\u67e5\u770b\u7b56\u7565\u8be6\u60c5\u3002
"},{"location":"end-user/kpanda/backup/etcd-backup.html#_4","title":"\u67e5\u770b\u5907\u4efd\u70b9","text":"\u9009\u62e9\u76ee\u6807\u96c6\u7fa4\u540e\uff0c\u53ef\u4ee5\u67e5\u770b\u8be5\u96c6\u7fa4\u4e0b\u6240\u6709\u5907\u4efd\u4fe1\u606f\u3002
\u6bcf\u6267\u884c\u4e00\u6b21\u5907\u4efd\uff0c\u5bf9\u5e94\u751f\u6210\u4e00\u4e2a\u5907\u4efd\u70b9\uff0c\u53ef\u901a\u8fc7\u6210\u529f\u72b6\u6001\u7684\u5907\u4efd\u70b9\u5feb\u901f\u6062\u590d\u5e94\u7528\u3002
velero \u662f\u4e00\u4e2a\u5907\u4efd\u548c\u6062\u590d Kubernetes \u96c6\u7fa4\u8d44\u6e90\u7684\u5f00\u6e90\u5de5\u5177\u3002\u5b83\u53ef\u4ee5\u5c06 Kubernetes \u96c6\u7fa4\u4e2d\u7684\u8d44\u6e90\u5907\u4efd\u5230\u4e91\u5b58\u50a8\u670d\u52a1\u3001\u672c\u5730\u5b58\u50a8\u6216\u5176\u4ed6\u4f4d\u7f6e\uff0c\u5e76\u4e14\u53ef\u4ee5\u5728\u9700\u8981\u65f6\u5c06\u8fd9\u4e9b\u8d44\u6e90\u6062\u590d\u5230\u540c\u4e00\u6216\u4e0d\u540c\u7684\u96c6\u7fa4\u4e2d\u3002
\u672c\u8282\u4ecb\u7ecd\u5982\u4f55\u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4e2d\u4f7f\u7528 Helm \u5e94\u7528 \u90e8\u7f72 velero \u63d2\u4ef6\u3002
"},{"location":"end-user/kpanda/backup/install-velero.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u5b89\u88c5 velero \u63d2\u4ef6\u524d\uff0c\u9700\u8981\u6ee1\u8db3\u4ee5\u4e0b\u524d\u63d0\u6761\u4ef6\uff1a
\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u5df2\u63a5\u5165 Kubernetes \u96c6\u7fa4\u6216\u8005\u5df2\u521b\u5efa Kubernetes \u96c6\u7fa4\uff0c\u4e14\u80fd\u591f\u8bbf\u95ee\u96c6\u7fa4\u7684 UI \u754c\u9762\u3002
\u521b\u5efa velero \u547d\u540d\u7a7a\u95f4\u3002
\u5f53\u524d\u64cd\u4f5c\u7528\u6237\u5e94\u5177\u6709 NS Editor \u6216\u66f4\u9ad8\u6743\u9650\uff0c\u8be6\u60c5\u53ef\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u6388\u6743\u3002
\u8bf7\u6267\u884c\u5982\u4e0b\u6b65\u9aa4\u4e3a\u96c6\u7fa4\u5b89\u88c5 velero \u63d2\u4ef6\u3002
\u5728\u96c6\u7fa4\u5217\u8868\u9875\u9762\u627e\u5230\u9700\u8981\u5b89\u88c5 velero \u63d2\u4ef6\u7684\u76ee\u6807\u96c6\u7fa4\uff0c\u70b9\u51fb\u96c6\u7fa4\u540d\u79f0\uff0c\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u4f9d\u6b21\u70b9\u51fb Helm \u5e94\u7528 -> Helm \u6a21\u677f \uff0c\u5728\u641c\u7d22\u680f\u8f93\u5165 velero \u8fdb\u884c\u641c\u7d22\u3002
\u9605\u8bfb velero \u63d2\u4ef6\u76f8\u5173\u4ecb\u7ecd\uff0c\u9009\u62e9\u7248\u672c\u540e\u70b9\u51fb \u5b89\u88c5 \u6309\u94ae\u3002\u672c\u6587\u5c06\u4ee5 4.0.2 \u7248\u672c\u4e3a\u4f8b\u8fdb\u884c\u5b89\u88c5\uff0c\u63a8\u8350\u5b89\u88c5 4.0.2 \u6216\u66f4\u9ad8\u7248\u672c\u3002
\u586b\u5199\u548c\u914d\u7f6e\u53c2\u6570\u540e\u70b9\u51fb \u4e0b\u4e00\u6b65
\u57fa\u672c\u53c2\u6570\u53c2\u6570\u914d\u7f6eNote
\u5f00\u542f \u5c31\u7eea\u7b49\u5f85 \u548c/\u6216 \u5931\u8d25\u5220\u9664 \u540e\uff0c\u5e94\u7528\u9700\u8981\u7ecf\u8fc7\u8f83\u957f\u65f6\u95f4\u624d\u4f1a\u88ab\u6807\u8bb0\u4e3a \u8fd0\u884c\u4e2d \u72b6\u6001\u3002
S3 Credentials\uff1a
SecretContents.aws_secret_access_key = \uff1a\u914d\u7f6e\u8bbf\u95ee\u5bf9\u8c61\u5b58\u50a8\u7684\u5bc6\u7801\uff0c\u66ff\u6362 \u4e3a\u771f\u5b9e\u53c2\u6570\u3002
config \"SecretContents \u6837\u4f8b\" [default] aws_access_key_id = minio aws_secret_access_key = minio123
Velero Configuration\uff1a
Note
\u8bf7\u786e\u4fdd s3 \u5b58\u50a8\u670d\u52a1\u65f6\u95f4\u8ddf\u5907\u4efd\u8fd8\u539f\u96c6\u7fa4\u65f6\u95f4\u5dee\u572810\u5206\u949f\u4ee5\u5185\uff0c\u6700\u597d\u662f\u65f6\u95f4\u4fdd\u6301\u540c\u6b65\uff0c\u5426\u5219\u5c06\u65e0\u6cd5\u6267\u884c\u5907\u4efd\u64cd\u4f5c\u3002
migration plugin configuration\uff1a\u542f\u7528\u4e4b\u540e\uff0c\u5c06\u5728\u4e0b\u4e00\u6b65\u7684 YAML \u4ee3\u7801\u6bb5\u4e2d\u65b0\u589e\uff1a
...\ninitContainers:\n - image: 'release.daocloud.io/kcoral/velero-plugin-for-migration:v0.3.0'\n imagePullPolicy: IfNotPresent\n name: velero-plugin-for-migration\n volumeMounts:\n - mountPath: /target\n name: plugins\n - image: 'docker.m.daocloud.io/velero/velero-plugin-for-csi:v0.7.0'\n imagePullPolicy: IfNotPresent\n name: velero-plugin-for-csi\n volumeMounts:\n - mountPath: /target\n name: plugins\n - image: 'docker.m.daocloud.io/velero/velero-plugin-for-aws:v1.9.0'\n imagePullPolicy: IfNotPresent\n name: velero-plugin-for-aws\n volumeMounts:\n - mountPath: /target\n name: plugins\n...\n
\u786e\u8ba4 YAML \u65e0\u8bef\u540e\u70b9\u51fb \u786e\u5b9a \uff0c\u5b8c\u6210 velero \u63d2\u4ef6\u7684\u5b89\u88c5\u3002 \u4e4b\u540e\u7cfb\u7edf\u5c06\u81ea\u52a8\u8df3\u8f6c\u81f3 Helm \u5e94\u7528 \u5217\u8868\u9875\u9762\uff0c\u7a0d\u7b49\u51e0\u5206\u949f\u540e\uff0c\u4e3a\u9875\u9762\u6267\u884c\u5237\u65b0\u64cd\u4f5c\uff0c\u5373\u53ef\u770b\u5230\u521a\u521a\u5b89\u88c5\u7684\u5e94\u7528\u3002
\u76ee\u524d\uff0c\u8bb8\u591a\u4e1a\u52a1\u5b58\u5728\u5cf0\u503c\u548c\u4f4e\u8c37\u7684\u73b0\u8c61\u3002\u4e3a\u4e86\u786e\u4fdd\u670d\u52a1\u7684\u6027\u80fd\u548c\u7a33\u5b9a\u6027\uff0c\u5728\u90e8\u7f72\u670d\u52a1\u65f6\uff0c\u901a\u5e38\u4f1a\u6839\u636e\u5cf0\u503c\u9700\u6c42\u6765\u7533\u8bf7\u8d44\u6e90\u3002 \u7136\u800c\uff0c\u5cf0\u503c\u671f\u53ef\u80fd\u975e\u5e38\u77ed\u6682\uff0c\u5bfc\u81f4\u5728\u975e\u5cf0\u503c\u671f\u65f6\u8d44\u6e90\u88ab\u6d6a\u8d39\u3002 \u96c6\u7fa4\u8d44\u6e90\u8d85\u5356 \u5c31\u662f\u5c06\u8fd9\u4e9b\u7533\u8bf7\u4e86\u800c\u672a\u4f7f\u7528\u7684\u8d44\u6e90\uff08\u5373\u7533\u8bf7\u91cf\u4e0e\u4f7f\u7528\u91cf\u7684\u5dee\u503c\uff09\u5229\u7528\u8d77\u6765\uff0c\u4ece\u800c\u63d0\u5347\u96c6\u7fa4\u8d44\u6e90\u5229\u7528\u7387\uff0c\u51cf\u5c11\u8d44\u6e90\u6d6a\u8d39\u3002
\u672c\u6587\u4e3b\u8981\u4ecb\u7ecd\u5982\u4f55\u4f7f\u7528\u96c6\u7fa4\u52a8\u6001\u8d44\u6e90\u8d85\u5356\u529f\u80fd\u3002
"},{"location":"end-user/kpanda/clusterops/cluster-oversold.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u4e0a\u7684 \u96c6\u7fa4\u5217\u8868 \uff0c\u7136\u540e\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u9875\u9762
\u5728\u96c6\u7fa4\u8be6\u60c5\u9875\u9762\uff0c\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u7684 \u96c6\u7fa4\u8fd0\u7ef4 -> \u96c6\u7fa4\u8bbe\u7f6e \uff0c\u7136\u540e\u9009\u62e9 \u9ad8\u7ea7\u914d\u7f6e \u9875\u7b7e
\u6253\u5f00\u96c6\u7fa4\u8d85\u5356\uff0c\u8bbe\u7f6e\u8d85\u5356\u6bd4
Note
\u9700\u8981\u5728\u96c6\u7fa4\u4e0b\u5bf9\u5e94\u7684 namespace \u6253\u4e0a\u5982\u4e0b\u6807\u7b7e\uff0c\u96c6\u7fa4\u8d85\u5356\u7b56\u7565\u624d\u80fd\u751f\u6548\u3002
clusterresourceoverrides.admission.autoscaling.openshift.io/enabled: \"true\"\n
\u8bbe\u7f6e\u597d\u96c6\u7fa4\u52a8\u6001\u8d44\u6e90\u8d85\u5356\u6bd4\u540e\uff0c\u4f1a\u5728\u5de5\u4f5c\u8d1f\u8f7d\u8fd0\u884c\u65f6\u751f\u6548\u3002\u4e0b\u6587\u4ee5 niginx \u4e3a\u4f8b\uff0c\u9a8c\u8bc1\u4f7f\u7528\u8d44\u6e90\u8d85\u5356\u80fd\u529b\u3002
\u521b\u5efa\u5de5\u4f5c\u8d1f\u8f7d nginx \u5e76\u8bbe\u7f6e\u5bf9\u5e94\u7684\u8d44\u6e90\u9650\u5236\u503c\uff0c\u521b\u5efa\u6d41\u7a0b\u53c2\u8003\u521b\u5efa\u65e0\u72b6\u6001\u8d1f\u8f7d\uff08Deployment\uff09
\u67e5\u770b\u5de5\u4f5c\u8d1f\u8f7d\u7684 Pod \u8d44\u6e90\u7533\u8bf7\u503c\u4e0e\u9650\u5236\u503c\u7684\u6bd4\u503c\u662f\u5426\u7b26\u5408\u8d85\u552e\u6bd4
\u96c6\u7fa4\u8bbe\u7f6e\u7528\u4e8e\u4e3a\u60a8\u7684\u96c6\u7fa4\u81ea\u5b9a\u4e49\u9ad8\u7ea7\u7279\u6027\u8bbe\u7f6e\uff0c\u5305\u62ec\u662f\u5426\u542f\u7528 GPU\u3001Helm \u4ed3\u5e93\u5237\u65b0\u5468\u671f\u3001Helm \u64cd\u4f5c\u8bb0\u5f55\u4fdd\u7559\u7b49\u3002
\u542f\u7528 GPU\uff1a\u9700\u8981\u9884\u5148\u5728\u96c6\u7fa4\u4e0a\u5b89\u88c5 GPU \u5361\u53ca\u5bf9\u5e94\u9a71\u52a8\u63d2\u4ef6\u3002
\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u6700\u8fd1\u64cd\u4f5c -> \u96c6\u7fa4\u8bbe\u7f6e -> Addon \u63d2\u4ef6 \u3002
Helm \u64cd\u4f5c\u57fa\u7840\u955c\u50cf\u3001\u4ed3\u5e93\u5237\u65b0\u5468\u671f\u3001\u64cd\u4f5c\u8bb0\u5f55\u4fdd\u7559\u6761\u6570\u3001\u662f\u5426\u5f00\u542f\u96c6\u7fa4\u5220\u9664\u4fdd\u62a4\uff08\u5f00\u542f\u540e\u96c6\u7fa4\u5c06\u4e0d\u80fd\u76f4\u63a5\u5378\u8f7d\uff09
\u5728\u8be5\u9875\u9762\u53ef\u4ee5\u67e5\u770b\u6700\u8fd1\u7684\u96c6\u7fa4\u64cd\u4f5c\u8bb0\u5f55\u548c Helm \u64cd\u4f5c\u8bb0\u5f55\uff0c\u4ee5\u53ca\u5404\u9879\u64cd\u4f5c\u7684 YAML \u6587\u4ef6\u548c\u65e5\u5fd7\uff0c\u4e5f\u53ef\u4ee5\u5220\u9664\u67d0\u4e00\u6761\u8bb0\u5f55\u3002
\u8bbe\u7f6e Helm \u64cd\u4f5c\u7684\u4fdd\u7559\u6761\u6570\uff1a
\u7cfb\u7edf\u9ed8\u8ba4\u4fdd\u7559\u6700\u8fd1 100 \u6761 Helm \u64cd\u4f5c\u8bb0\u5f55\u3002\u82e5\u4fdd\u7559\u6761\u6570\u592a\u591a\uff0c\u53ef\u80fd\u4f1a\u9020\u6210\u6570\u636e\u5197\u4f59\uff0c\u4fdd\u7559\u6761\u6570\u592a\u5c11\u53ef\u80fd\u4f1a\u9020\u6210\u60a8\u6240\u9700\u8981\u7684\u5173\u952e\u64cd\u4f5c\u8bb0\u5f55\u7684\u7f3a\u5931\u3002\u9700\u8981\u6839\u636e\u5b9e\u9645\u60c5\u51b5\u8bbe\u7f6e\u5408\u7406\u7684\u4fdd\u7559\u6570\u91cf\u3002\u5177\u4f53\u6b65\u9aa4\u5982\u4e0b\uff1a
\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u6700\u8fd1\u64cd\u4f5c -> Helm \u64cd\u4f5c -> \u8bbe\u7f6e\u4fdd\u7559\u6761\u6570 \u3002
\u8bbe\u7f6e\u9700\u8981\u4fdd\u7559\u591a\u5c11\u6761 Helm \u64cd\u4f5c\u8bb0\u5f55\uff0c\u5e76\u70b9\u51fb \u786e\u5b9a \u3002
\u4f7f\u7528\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u5bb9\u5668\u7ba1\u7406\u5e73\u53f0\u63a5\u5165\u6216\u521b\u5efa\u7684\u96c6\u7fa4\uff0c\u4e0d\u4ec5\u53ef\u4ee5\u901a\u8fc7 UI \u754c\u9762\u76f4\u63a5\u8bbf\u95ee\uff0c\u4e5f\u53ef\u4ee5\u901a\u8fc7\u5176\u4ed6\u4e24\u79cd\u65b9\u5f0f\u8fdb\u884c\u8bbf\u95ee\u63a7\u5236\uff1a
Note
\u8bbf\u95ee\u96c6\u7fa4\u65f6\uff0c\u7528\u6237\u5e94\u5177\u6709 Cluster Admin \u6743\u9650\u6216\u66f4\u9ad8\u6743\u9650\u3002
"},{"location":"end-user/kpanda/clusters/access-cluster.html#cloudshell","title":"\u901a\u8fc7 CloudShell \u8bbf\u95ee","text":"\u5728 \u96c6\u7fa4\u5217\u8868 \u9875\u9009\u62e9\u9700\u8981\u901a\u8fc7 CloudShell \u8bbf\u95ee\u7684\u96c6\u7fa4\uff0c\u70b9\u51fb\u53f3\u4fa7\u7684 \u2507 \u64cd\u4f5c\u56fe\u6807\u5e76\u5728\u4e0b\u62c9\u5217\u8868\u4e2d\u70b9\u51fb \u63a7\u5236\u53f0 \u3002
\u5728 CloudShell \u63a7\u5236\u53f0\u6267\u884c kubectl get node \u547d\u4ee4\uff0c\u9a8c\u8bc1 CloudShell \u4e0e\u96c6\u7fa4\u7684\u8fde\u901a\u6027\u3002\u5982\u56fe\uff0c\u63a7\u5236\u53f0\u5c06\u8fd4\u56de\u96c6\u7fa4\u4e0b\u7684\u8282\u70b9\u4fe1\u606f\u3002
\u73b0\u5728\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7 CloudShell \u6765\u8bbf\u95ee\u5e76\u7ba1\u7406\u8be5\u96c6\u7fa4\u4e86\u3002
"},{"location":"end-user/kpanda/clusters/access-cluster.html#kubectl","title":"\u901a\u8fc7 kubectl \u8bbf\u95ee","text":"\u901a\u8fc7\u672c\u5730\u8282\u70b9\u8bbf\u95ee\u5e76\u7ba1\u7406\u4e91\u7aef\u96c6\u7fa4\u65f6\uff0c\u9700\u8981\u6ee1\u8db3\u4ee5\u4e0b\u6761\u4ef6\uff1a
\u6ee1\u8db3\u4e0a\u8ff0\u6761\u4ef6\u540e\uff0c\u6309\u7167\u4e0b\u65b9\u6b65\u9aa4\u4ece\u672c\u5730\u8bbf\u95ee\u4e91\u7aef\u96c6\u7fa4\uff1a
\u5728 \u96c6\u7fa4\u5217\u8868 \u9875\u9009\u62e9\u9700\u8981\u4e0b\u8f7d\u8bc1\u4e66\u7684\u96c6\u7fa4\uff0c\u70b9\u51fb\u53f3\u4fa7\u7684 \u2507 \uff0c\u5e76\u5728\u5f39\u51fa\u83dc\u5355\u4e2d\u70b9\u51fb \u8bc1\u4e66\u83b7\u53d6 \u3002
\u9009\u62e9\u8bc1\u4e66\u6709\u6548\u671f\u5e76\u70b9\u51fb \u4e0b\u8f7d\u8bc1\u4e66 \u3002
\u6253\u5f00\u4e0b\u8f7d\u597d\u7684\u96c6\u7fa4\u8bc1\u4e66\uff0c\u5c06\u8bc1\u4e66\u5185\u5bb9\u590d\u5236\u81f3\u672c\u5730\u8282\u70b9\u7684 config \u6587\u4ef6\u3002
kubectl \u5de5\u5177\u9ed8\u8ba4\u4f1a\u4ece\u672c\u5730\u8282\u70b9\u7684 $HOME/.kube \u76ee\u5f55\u4e0b\u67e5\u627e\u540d\u4e3a config \u7684\u6587\u4ef6\u3002\u8be5\u6587\u4ef6\u5b58\u50a8\u4e86\u76f8\u5173\u96c6\u7fa4\u7684\u8bbf\u95ee\u51ed\u8bc1\uff0ckubectl \u53ef\u4ee5\u51ed\u8be5\u914d\u7f6e\u6587\u4ef6\u8fde\u63a5\u81f3\u96c6\u7fa4\u3002
\u5728\u672c\u5730\u8282\u70b9\u4e0a\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u9a8c\u8bc1\u96c6\u7fa4\u7684\u8fde\u901a\u6027\uff1a
kubectl get pod -n default\n
\u9884\u671f\u7684\u8f93\u51fa\u7c7b\u4f3c\u4e8e:
NAME READY STATUS RESTARTS AGE\ndao-2048-2048-58c7f7fc5-mq7h4 1/1 Running 0 30h\n
\u73b0\u5728\u60a8\u53ef\u4ee5\u5728\u672c\u5730\u901a\u8fc7 kubectl \u8bbf\u95ee\u5e76\u7ba1\u7406\u8be5\u96c6\u7fa4\u4e86\u3002
"},{"location":"end-user/kpanda/clusters/cluster-role.html","title":"\u96c6\u7fa4\u89d2\u8272","text":"\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u57fa\u4e8e\u96c6\u7fa4\u7684\u4e0d\u540c\u529f\u80fd\u5b9a\u4f4d\u5bf9\u96c6\u7fa4\u8fdb\u884c\u4e86\u89d2\u8272\u5206\u7c7b\uff0c\u5e2e\u52a9\u7528\u6237\u66f4\u597d\u5730\u7ba1\u7406 IT \u57fa\u7840\u8bbe\u65bd\u3002
"},{"location":"end-user/kpanda/clusters/cluster-role.html#_2","title":"\u5168\u5c40\u670d\u52a1\u96c6\u7fa4","text":"\u6b64\u96c6\u7fa4\u7528\u4e8e\u8fd0\u884c\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u7ec4\u4ef6\uff0c\u4f8b\u5982\u5bb9\u5668\u7ba1\u7406\u3001\u5168\u5c40\u7ba1\u7406\u3001\u53ef\u89c2\u6d4b\u6027\u3001\u955c\u50cf\u4ed3\u5e93\u7b49\u3002 \u4e00\u822c\u4e0d\u627f\u8f7d\u4e1a\u52a1\u8d1f\u8f7d\u3002
\u652f\u6301\u7684\u529f\u80fd \u63cf\u8ff0 K8s \u7248\u672c 1.22+ \u64cd\u4f5c\u7cfb\u7edf RedHat 7.6 x86/ARM, RedHat 7.9 x86, RedHat 8.4 x86/ARM, RedHat 8.6 x86\uff1bUbuntu 18.04 x86, Ubuntu 20.04 x86\uff1bCentOS 7.6 x86/AMD, CentOS 7.9 x86/AMD \u96c6\u7fa4\u5168\u751f\u547d\u5468\u671f\u7ba1\u7406 \u652f\u6301 K8s \u8d44\u6e90\u7ba1\u7406 \u652f\u6301 \u4e91\u539f\u751f\u5b58\u50a8 \u652f\u6301 \u4e91\u539f\u751f\u7f51\u7edc Calico\u3001Cillium\u3001Multus \u548c\u5176\u5b83 CNI \u7b56\u7565\u7ba1\u7406 \u652f\u6301\u7f51\u7edc\u7b56\u7565\u3001\u914d\u989d\u7b56\u7565\u3001\u8d44\u6e90\u9650\u5236\u3001\u707e\u5907\u7b56\u7565\u3001\u5b89\u5168\u7b56\u7565"},{"location":"end-user/kpanda/clusters/cluster-role.html#_3","title":"\u7ba1\u7406\u96c6\u7fa4","text":"\u6b64\u96c6\u7fa4\u7528\u4e8e\u7ba1\u7406\u5de5\u4f5c\u96c6\u7fa4\uff0c\u4e00\u822c\u4e0d\u627f\u8f7d\u4e1a\u52a1\u8d1f\u8f7d\u3002
\u8fd9\u662f\u4f7f\u7528\u5bb9\u5668\u7ba1\u7406\u521b\u5efa\u7684\u96c6\u7fa4\uff0c\u4e3b\u8981\u7528\u4e8e\u627f\u8f7d\u4e1a\u52a1\u8d1f\u8f7d\u3002\u8be5\u96c6\u7fa4\u7531\u7ba1\u7406\u96c6\u7fa4\u8fdb\u884c\u7ba1\u7406\u3002
\u652f\u6301\u7684\u529f\u80fd \u63cf\u8ff0 K8s \u7248\u672c \u652f\u6301 K8s 1.22 \u53ca\u4ee5\u4e0a\u7248\u672c \u64cd\u4f5c\u7cfb\u7edf RedHat 7.6 x86/ARM, RedHat 7.9 x86, RedHat 8.4 x86/ARM, RedHat 8.6 x86\uff1bUbuntu 18.04 x86, Ubuntu 20.04 x86\uff1bCentOS 7.6 x86/AMD, CentOS 7.9 x86/AMD \u96c6\u7fa4\u5168\u751f\u547d\u5468\u671f\u7ba1\u7406 \u652f\u6301 K8s \u8d44\u6e90\u7ba1\u7406 \u652f\u6301 \u4e91\u539f\u751f\u5b58\u50a8 \u652f\u6301 \u4e91\u539f\u751f\u7f51\u7edc Calico\u3001Cillium\u3001Multus \u548c\u5176\u5b83 CNI \u7b56\u7565\u7ba1\u7406 \u652f\u6301\u7f51\u7edc\u7b56\u7565\u3001\u914d\u989d\u7b56\u7565\u3001\u8d44\u6e90\u9650\u5236\u3001\u707e\u5907\u7b56\u7565\u3001\u5b89\u5168\u7b56\u7565"},{"location":"end-user/kpanda/clusters/cluster-role.html#_5","title":"\u63a5\u5165\u96c6\u7fa4","text":"\u6b64\u96c6\u7fa4\u7528\u4e8e\u63a5\u5165\u5df2\u6709\u7684\u6807\u51c6 K8s \u96c6\u7fa4\uff0c\u5305\u62ec\u4f46\u4e0d\u9650\u4e8e\u672c\u5730\u6570\u636e\u4e2d\u5fc3\u81ea\u5efa\u96c6\u7fa4\u3001\u516c\u6709\u4e91\u5382\u5546\u63d0\u4f9b\u7684\u96c6\u7fa4\u3001\u79c1\u6709\u4e91\u5382\u5546\u63d0\u4f9b\u7684\u96c6\u7fa4\u3001\u8fb9\u7f18\u96c6\u7fa4\u3001\u4fe1\u521b\u96c6\u7fa4\u3001\u5f02\u6784\u96c6\u7fa4\u3002\u4e3b\u8981\u7528\u4e8e\u627f\u62c5\u4e1a\u52a1\u8d1f\u8f7d\u3002
\u652f\u6301\u7684\u529f\u80fd \u63cf\u8ff0 K8s \u7248\u672c 1.18+ \u652f\u6301\u53cb\u5546 Vmware Tanzu\u3001Amazon EKS\u3001Redhat Openshift\u3001SUSE Rancher\u3001\u963f\u91cc ACK\u3001\u534e\u4e3a CCE\u3001\u817e\u8baf TKE\u3001\u6807\u51c6 K8s \u96c6\u7fa4\u3001\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0 \u96c6\u7fa4\u5168\u751f\u547d\u5468\u671f\u7ba1\u7406 \u4e0d\u652f\u6301 K8s \u8d44\u6e90\u7ba1\u7406 \u652f\u6301 \u4e91\u539f\u751f\u5b58\u50a8 \u652f\u6301 \u4e91\u539f\u751f\u7f51\u7edc \u4f9d\u8d56\u4e8e\u63a5\u5165\u96c6\u7fa4\u53d1\u884c\u7248\u7f51\u7edc\u6a21\u5f0f \u7b56\u7565\u7ba1\u7406 \u652f\u6301\u7f51\u7edc\u7b56\u7565\u3001\u914d\u989d\u7b56\u7565\u3001\u8d44\u6e90\u9650\u5236\u3001\u707e\u5907\u7b56\u7565\u3001\u5b89\u5168\u7b56\u7565Note
\u4e00\u4e2a\u96c6\u7fa4\u53ef\u4ee5\u6709\u591a\u4e2a\u96c6\u7fa4\u89d2\u8272\uff0c\u4f8b\u5982\u4e00\u4e2a\u96c6\u7fa4\u65e2\u53ef\u4ee5\u662f\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\uff0c\u4e5f\u53ef\u4ee5\u662f\u7ba1\u7406\u96c6\u7fa4\u6216\u5de5\u4f5c\u96c6\u7fa4\u3002
"},{"location":"end-user/kpanda/clusters/cluster-scheduler-plugin.html","title":"\u5982\u4f55\u5728\u96c6\u7fa4\u4e2d\u90e8\u7f72\u7b2c\u4e8c\u8c03\u5ea6\u5668 scheduler-plugins","text":"\u672c\u6587\u4ecb\u7ecd\u5982\u4f55\u5728\u96c6\u7fa4\u4e2d\u90e8\u7f72\u7b2c\u4e8c\u4e2a\u8c03\u5ea6\u5668 scheduler-plugins\u3002
"},{"location":"end-user/kpanda/clusters/cluster-scheduler-plugin.html#scheduler-plugins_1","title":"\u4e3a\u4ec0\u4e48\u9700\u8981 scheduler-plugins\uff1f","text":"\u901a\u8fc7\u5e73\u53f0\u521b\u5efa\u7684\u96c6\u7fa4\u4e2d\u4f1a\u5b89\u88c5 K8s \u539f\u751f\u7684\u8c03\u5ea6\u5668\uff0c\u4f46\u662f\u539f\u751f\u7684\u8c03\u5ea6\u5668\u5b58\u5728\u5f88\u591a\u7684\u5c40\u9650\u6027\uff1a
\u672c\u6587\u4ee5\u4f7f\u7528 vgpu \u8c03\u5ea6\u5668\u7684\u540c\u65f6\uff0c\u60f3\u7ed3\u5408 scheduler-plugins \u7684 coscheduling \u63d2\u4ef6\u80fd\u529b\u7684\u573a\u666f\u4e3a\u793a\u4f8b\uff0c\u4ecb\u7ecd\u5982\u4f55\u5b89\u88c5\u5e76\u4f7f\u7528 scheduler-plugins\u3002
"},{"location":"end-user/kpanda/clusters/cluster-scheduler-plugin.html#scheduler-plugins_2","title":"\u5b89\u88c5 scheduler-plugins","text":""},{"location":"end-user/kpanda/clusters/cluster-scheduler-plugin.html#_1","title":"\u524d\u7f6e\u6761\u4ef6","text":"\u5728 \u521b\u5efa\u96c6\u7fa4 -> \u9ad8\u7ea7\u914d\u7f6e -> \u81ea\u5b9a\u4e49\u53c2\u6570 \u4e2d\u6dfb\u52a0 scheduler-plugins \u53c2\u6570
scheduler_plugins_enabled:true\nscheduler_plugins_plugin_config:\n - name: Coscheduling\n args:\n permitWaitingTimeSeconds: 10 # default is 60\n
\u53c2\u6570\u8bf4\u660e\uff1a
scheduler_plugins_enabled
\u8bbe\u7f6e\u4e3a true \u65f6\uff0c\u5f00\u542f scheduler-plugins \u63d2\u4ef6\u80fd\u529b\u3002scheduler_plugins_enabled_plugins
\u6216 scheduler_plugins_disabled_plugins
\u9009\u9879\u6765\u542f\u7528\u6216\u7981\u7528\u67d0\u4e9b\u63d2\u4ef6\u3002 \u53c2\u9605 K8s \u5b98\u65b9\u63d2\u4ef6\u540d\u79f0\u3002\u96c6\u7fa4\u521b\u5efa\u6210\u529f\u540e\u7cfb\u7edf\u4f1a\u81ea\u52a8\u5b89\u88c5 scheduler-plugins \u548c controller \u7ec4\u4ef6\u8d1f\u8f7d\uff0c\u53ef\u4ee5\u5728\u5bf9\u5e94\u96c6\u7fa4\u7684\u65e0\u72b6\u6001\u8d1f\u8f7d\u4e2d\u67e5\u770b\u8d1f\u8f7d\u72b6\u6001\u3002
\u4ee5\u4e0b\u4ee5\u4f7f\u7528 vgpu \u8c03\u5ea6\u5668\u7684\u540c\u65f6\uff0c\u60f3\u7ed3\u5408 scheduler-plugins \u7684 coscheduling \u63d2\u4ef6\u80fd\u529b\u573a\u666f\u4e3a\u793a\u4f8b\uff0c\u4ecb\u7ecd\u5982\u4f55\u4f7f\u7528 scheduler-plugins\u3002
\u5728 Helm \u6a21\u677f\u4e2d\u5b89\u88c5 vgpu\uff0c\u8bbe\u7f6e values.yaml \u53c2\u6570\u3002
schedulerName: scheduler-plugins-scheduler
\uff0c\u8fd9\u662f kubean \u9ed8\u8ba4\u5b89\u88c5\u7684 scheduler-plugins \u7684 scheduler \u540d\u79f0\uff0c\u76ee\u524d\u4e0d\u80fd\u4fee\u6539\u3002scheduler.kubeScheduler.enabled: false
\uff0c\u4e0d\u5b89\u88c5 kube-scheduler\uff0c\u5c06 vgpu-scheduler \u4f5c\u4e3a\u5355\u72ec\u7684 extender\u3002\u5728 scheduler-plugins \u4e0a\u6269\u5c55 vgpu-scheduler\u3002
[root@master01 charts]# kubectl get cm -n scheduler-plugins scheduler-config -ojsonpath=\"{.data.scheduler-config\\.yaml}\"\n
apiVersion: kubescheduler.config.k8s.io/v1\nkind: KubeSchedulerConfiguration\nleaderElection:\n leaderElect: false\nprofiles:\n # Compose all plugins in one profile\n - schedulerName: scheduler-plugins-scheduler\n plugins:\n multiPoint:\n enabled:\n - name: Coscheduling\n - name: CapacityScheduling\n - name: NodeResourceTopologyMatch\n - name: NodeResourcesAllocatable\n disabled:\n - name: PrioritySort\npluginConfig:\n - args:\n permitWaitingTimeSeconds: 10\n name: Coscheduling\n
\u4fee\u6539 scheduler-plugins \u7684 scheduler-config \u7684 configmap \u53c2\u6570\uff0c\u5982\u4e0b\uff1a
[root@master01 charts]# kubectl get cm -n scheduler-plugins scheduler-config -ojsonpath=\"{.data.scheduler-config\\.yaml}\"\n
apiVersion: kubescheduler.config.k8s.io/v1\nkind: KubeSchedulerConfiguration\nleaderElection:\n leaderElect: false\nprofiles:\n # Compose all plugins in one profile\n - schedulerName: scheduler-plugins-scheduler\n plugins:\n multiPoint:\n enabled:\n - name: Coscheduling\n - name: CapacityScheduling\n - name: NodeResourceTopologyMatch\n - name: NodeResourcesAllocatable\n disabled:\n - name: PrioritySort\npluginConfig:\n - args:\n permitWaitingTimeSeconds: 10\n name: Coscheduling\nextenders:\n - urlPrefix: \"${urlPrefix}\"\n filterVerb: filter\n bindVerb: bind\n nodeCacheCapable: true\n ignorable: true\n httpTimeout: 30s\n weight: 1\n enableHTTPS: true\n tlsConfig:\n insecure: true\n managedResources:\n - name: nvidia.com/vgpu\n ignoredByScheduler: true\n - name: nvidia.com/gpumem\n ignoredByScheduler: true\n - name: nvidia.com/gpucores\n ignoredByScheduler: true\n - name: nvidia.com/gpumem-percentage\n ignoredByScheduler: true\n - name: nvidia.com/priority\n ignoredByScheduler: true\n - name: cambricon.com/mlunum\n ignoredByScheduler: true\n
\u5b89\u88c5\u5b8c vgpu-scheduler \u540e\uff0c\u7cfb\u7edf\u4f1a\u81ea\u52a8\u521b\u5efa svc\uff0curlPrefix \u6307\u5b9a svc \u7684 URL\u3002
Note
svc \u6307 pod \u670d\u52a1\u8d1f\u8f7d\uff0c\u60a8\u53ef\u4ee5\u5230\u5b89\u88c5\u4e86 nvidia-vgpu \u63d2\u4ef6\u7684\u547d\u540d\u7a7a\u95f4\u4e0b\u901a\u8fc7\u4ee5\u4e0b\u547d\u4ee4\u62ff\u5230 443 \u7aef\u53e3\u5bf9\u5e94\u7684\u5916\u90e8\u8bbf\u95ee\u4fe1\u606f\u3002
kubectl get svc -n ${namespace} \n
urlprifix \u683c\u5f0f\u4e3a https://${ip \u5730\u5740}:${\u7aef\u53e3}
\u5c06 scheduler-plugins \u7684 scheduler Pod \u91cd\u542f\uff0c\u52a0\u8f7d\u65b0\u7684\u914d\u7f6e\u6587\u4ef6\u3002
Note
\u5728\u521b\u5efa vgpu \u5e94\u7528\u65f6\u4e0d\u9700\u8981\u6307\u5b9a\u8c03\u5ea6\u5668\u540d\u79f0\uff0cvgpu-scheduler \u7684 Webhook \u4f1a\u81ea\u52a8\u5c06 Scheduler \u7684\u540d\u79f0\u4fee\u6539\u4e3a scheduler-plugins-scheduler\uff0c\u4e0d\u7528\u624b\u52a8\u6307\u5b9a\u3002
\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u652f\u6301\u7eb3\u7ba1\u4e24\u79cd\u7c7b\u578b\u7684\u96c6\u7fa4\uff1a\u63a5\u5165\u96c6\u7fa4\u548c\u81ea\u5efa\u96c6\u7fa4\u3002 \u5173\u4e8e\u96c6\u7fa4\u7eb3\u7ba1\u7c7b\u578b\u7684\u66f4\u591a\u4fe1\u606f\uff0c\u8bf7\u53c2\u89c1\u96c6\u7fa4\u89d2\u8272\u3002
\u8fd9\u4e24\u79cd\u96c6\u7fa4\u7684\u72b6\u6001\u5982\u4e0b\u6240\u8ff0\u3002
"},{"location":"end-user/kpanda/clusters/cluster-status.html#_2","title":"\u63a5\u5165\u96c6\u7fa4","text":"\u72b6\u6001 \u63cf\u8ff0 \u63a5\u5165\u4e2d\uff08Joining\uff09 \u96c6\u7fa4\u6b63\u5728\u63a5\u5165 \u89e3\u9664\u63a5\u5165\u4e2d\uff08Removing\uff09 \u96c6\u7fa4\u6b63\u5728\u89e3\u9664\u63a5\u5165 \u8fd0\u884c\u4e2d\uff08Running\uff09 \u96c6\u7fa4\u6b63\u5e38\u8fd0\u884c \u672a\u77e5\uff08Unknown\uff09 \u96c6\u7fa4\u5df2\u5931\u8054\uff0c\u7cfb\u7edf\u5c55\u793a\u6570\u636e\u4e3a\u5931\u8054\u524d\u7f13\u5b58\u6570\u636e\uff0c\u4e0d\u4ee3\u8868\u771f\u5b9e\u6570\u636e\uff0c\u540c\u65f6\u5931\u8054\u72b6\u6001\u4e0b\u6267\u884c\u7684\u4efb\u4f55\u64cd\u4f5c\u90fd\u5c06\u4e0d\u751f\u6548\uff0c\u8bf7\u68c0\u67e5\u96c6\u7fa4\u7f51\u7edc\u8fde\u901a\u6027\u6216\u4e3b\u673a\u72b6\u6001\u3002"},{"location":"end-user/kpanda/clusters/cluster-status.html#_3","title":"\u81ea\u5efa\u96c6\u7fa4","text":"\u72b6\u6001 \u63cf\u8ff0 \u521b\u5efa\u4e2d\uff08Creating\uff09 \u96c6\u7fa4\u6b63\u5728\u521b\u5efa \u66f4\u65b0\u4e2d\uff08Updating\uff09 \u66f4\u65b0\u96c6\u7fa4 Kubernetes \u7248\u672c \u5220\u9664\u4e2d\uff08Deleting\uff09 \u96c6\u7fa4\u6b63\u5728\u5220\u9664 \u8fd0\u884c\u4e2d\uff08Running\uff09 \u96c6\u7fa4\u6b63\u5e38\u8fd0\u884c \u672a\u77e5\uff08Unknown\uff09 \u96c6\u7fa4\u5df2\u5931\u8054\uff0c\u7cfb\u7edf\u5c55\u793a\u6570\u636e\u4e3a\u5931\u8054\u524d\u7f13\u5b58\u6570\u636e\uff0c\u4e0d\u4ee3\u8868\u771f\u5b9e\u6570\u636e\uff0c\u540c\u65f6\u5931\u8054\u72b6\u6001\u4e0b\u6267\u884c\u7684\u4efb\u4f55\u64cd\u4f5c\u90fd\u5c06\u4e0d\u751f\u6548\uff0c\u8bf7\u68c0\u67e5\u96c6\u7fa4\u7f51\u7edc\u8fde\u901a\u6027\u6216\u4e3b\u673a\u72b6\u6001\u3002 \u521b\u5efa\u5931\u8d25\uff08Failed\uff09 \u96c6\u7fa4\u521b\u5efa\u5931\u8d25\uff0c\u8bf7\u67e5\u770b\u65e5\u5fd7\u4ee5\u83b7\u53d6\u8be6\u7ec6\u5931\u8d25\u539f\u56e0"},{"location":"end-user/kpanda/clusters/cluster-version.html","title":"\u96c6\u7fa4\u7248\u672c\u652f\u6301\u8303\u56f4","text":"\u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4e2d\uff0c\u63a5\u5165\u578b\u96c6\u7fa4\u548c\u81ea\u5efa\u96c6\u7fa4\u91c7\u53d6\u4e0d\u540c\u7684\u7248\u672c\u652f\u6301\u673a\u5236\u3002
\u672c\u6587\u4e3b\u8981\u4ecb\u7ecd\u81ea\u5efa\u96c6\u7fa4\u7684\u7248\u672c\u652f\u6301\u673a\u5236\u3002
Kubernetes \u793e\u533a\u652f\u6301 3 \u4e2a\u7248\u672c\u8303\u56f4\uff0c\u5982 1.26\u30011.27\u30011.28\u3002\u5f53\u793e\u533a\u65b0\u7248\u672c\u53d1\u5e03\u4e4b\u540e\uff0c\u652f\u6301\u7684\u7248\u672c\u8303\u56f4\u5c06\u4f1a\u8fdb\u884c\u9012\u589e\u3002 \u5982\u793e\u533a\u6700\u65b0\u7684 1.29 \u7248\u672c\u5df2\u7ecf\u53d1\u5e03\uff0c\u6b64\u65f6\u793e\u533a\u652f\u6301\u7684\u7248\u672c\u8303\u56f4\u662f 1.27\u30011.28\u30011.29\u3002
\u4f8b\u5982\uff0c\u793e\u533a\u652f\u6301\u7684\u7248\u672c\u8303\u56f4\u662f 1.25\u30011.26\u30011.27\uff0c\u5219\u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4e2d\u4f7f\u7528\u754c\u9762\u521b\u5efa\u5de5\u4f5c\u96c6\u7fa4\u7684\u7248\u672c\u8303\u56f4\u662f 1.24\u30011.25\u30011.26\uff0c\u5e76\u4e14\u4f1a\u4e3a\u7528\u6237\u63a8\u8350\u4e00\u4e2a\u7a33\u5b9a\u7684\u7248\u672c\uff0c\u5982 1.24.7\u3002
\u9664\u6b64\u4e4b\u5916\uff0c\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4e2d\u4f7f\u7528\u754c\u9762\u521b\u5efa\u5de5\u4f5c\u96c6\u7fa4\u7684\u7248\u672c\u8303\u56f4\u4e0e\u793e\u533a\u4fdd\u6301\u9ad8\u5ea6\u540c\u6b65\uff0c\u5f53\u793e\u533a\u7248\u672c\u8fdb\u884c\u9012\u589e\u540e\uff0c\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4e2d\u4f7f\u7528\u754c\u9762\u521b\u5efa\u5de5\u4f5c\u96c6\u7fa4\u7684\u7248\u672c\u8303\u56f4\u4e5f\u4f1a\u540c\u6b65\u9012\u589e\u4e00\u4e2a\u7248\u672c\u3002
"},{"location":"end-user/kpanda/clusters/cluster-version.html#kubernetes","title":"Kubernetes \u7248\u672c\u652f\u6301\u8303\u56f4","text":"Kubernetes \u793e\u533a\u7248\u672c\u8303\u56f4 \u81ea\u5efa\u5de5\u4f5c\u96c6\u7fa4\u7248\u672c\u8303\u56f4 \u81ea\u5efa\u5de5\u4f5c\u96c6\u7fa4\u63a8\u8350\u7248\u672c \u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u5b89\u88c5\u5668 \u53d1\u5e03\u65f6\u95f4\u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u4e2d\uff0c\u96c6\u7fa4\u89d2\u8272\u5206\u56db\u7c7b\uff1a\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u3001\u7ba1\u7406\u96c6\u7fa4\u3001\u5de5\u4f5c\u96c6\u7fa4\u3001\u63a5\u5165\u96c6\u7fa4\u3002 \u5176\u4e2d\uff0c\u63a5\u5165\u96c6\u7fa4\u53ea\u80fd\u4ece\u7b2c\u4e09\u65b9\u5382\u5546\u63a5\u5165\uff0c\u53c2\u89c1\u63a5\u5165\u96c6\u7fa4\u3002
\u672c\u9875\u4ecb\u7ecd\u5982\u4f55\u521b\u5efa\u5de5\u4f5c\u96c6\u7fa4\uff0c\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u65b0\u5efa\u5de5\u4f5c\u96c6\u7fa4\u7684\u5de5\u4f5c\u8282\u70b9 OS \u7c7b\u578b\u548c CPU \u67b6\u6784\u9700\u8981\u4e0e\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4fdd\u6301\u4e00\u81f4\u3002 \u63a8\u8350\u4f7f\u7528\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u652f\u6301\u7684\u64cd\u4f5c\u7cfb\u7edf\u6765\u521b\u5efa\u96c6\u7fa4\u3002
"},{"location":"end-user/kpanda/clusters/create-cluster.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u521b\u5efa\u96c6\u7fa4\u4e4b\u524d\u9700\u8981\u6ee1\u8db3\u4e00\u5b9a\u7684\u524d\u63d0\u6761\u4ef6\uff1a
v1.28.0-v1.30.2
\u3002\u5982\u9700\u521b\u5efa\u4f4e\u7248\u672c\u7684\u96c6\u7fa4\uff0c\u8bf7\u53c2\u8003\u96c6\u7fa4\u7248\u672c\u652f\u6301\u8303\u56f4\u3002\u5728 \u96c6\u7fa4\u5217\u8868 \u9875\u9762\u4e2d\uff0c\u70b9\u51fb \u521b\u5efa\u96c6\u7fa4 \u6309\u94ae\u3002
\u53c2\u8003\u4e0b\u5217\u8981\u6c42\u586b\u5199\u96c6\u7fa4\u57fa\u672c\u4fe1\u606f\uff0c\u5e76\u70b9\u51fb \u4e0b\u4e00\u6b65 \u3002
\u586b\u5199\u8282\u70b9\u914d\u7f6e\u4fe1\u606f\uff0c\u5e76\u70b9\u51fb \u4e0b\u4e00\u6b65 \u3002
\u9ad8\u53ef\u7528\uff1a\u5f00\u542f\u540e\u9700\u8981\u63d0\u4f9b\u81f3\u5c11 3 \u4e2a\u63a7\u5236\u5668\u8282\u70b9\u3002\u5173\u95ed\u540e\uff0c\u53ea\u63d0\u4f9b 1 \u4e2a\u63a7\u5236\u5668\u8282\u70b9\u5373\u53ef\u3002
\u751f\u4ea7\u73af\u5883\u4e2d\u5efa\u8bae\u4f7f\u7528\u9ad8\u53ef\u7528\u6a21\u5f0f\u3002
\u8ba4\u8bc1\u65b9\u5f0f\uff1a\u9009\u62e9\u901a\u8fc7\u7528\u6237\u540d/\u5bc6\u7801\u8fd8\u662f\u516c\u79c1\u94a5\u8bbf\u95ee\u8282\u70b9\u3002
\u5982\u679c\u4f7f\u7528\u516c\u79c1\u94a5\u65b9\u5f0f\u8bbf\u95ee\u8282\u70b9\uff0c\u9700\u8981\u9884\u5148\u914d\u7f6e\u8282\u70b9\u7684 SSH \u5bc6\u94a5\u3002\u53c2\u9605\u4f7f\u7528 SSH \u5bc6\u94a5\u8ba4\u8bc1\u8282\u70b9\u3002
\u4f7f\u7528\u7edf\u4e00\u7684\u5bc6\u7801\uff1a\u5f00\u542f\u540e\u96c6\u7fa4\u4e2d\u6240\u6709\u8282\u70b9\u7684\u8bbf\u95ee\u5bc6\u7801\u90fd\u76f8\u540c\uff0c\u9700\u8981\u5728\u4e0b\u65b9\u8f93\u5165\u8bbf\u95ee\u6240\u6709\u8282\u70b9\u7684\u7edf\u4e00\u5bc6\u7801\u3002\u5982\u679c\u5173\u95ed\uff0c\u5219\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u8282\u70b9\u8bbe\u7f6e\u5355\u72ec\u7684\u7528\u6237\u540d\u548c\u5bc6\u7801\u3002
\u8282\u70b9\u4fe1\u606f\uff1a\u586b\u5199\u8282\u70b9\u540d\u79f0\u548c IP \u5730\u5740\u3002
\u5728\u9875\u9762\u5e95\u90e8\u70b9\u51fb\u8282\u70b9\u68c0\u67e5\u3002\u5982\u679c\u68c0\u67e5\u901a\u8fc7\u5219\u7ee7\u7eed\u4e0b\u4e00\u6b65\u64cd\u4f5c\u3002\u5982\u679c\u68c0\u67e5\u672a\u901a\u8fc7\uff0c\u5219\u66f4\u65b0 \u8282\u70b9\u4fe1\u606f \u5e76\u518d\u6b21\u6267\u884c\u68c0\u67e5\u3002
\u586b\u5199\u7f51\u7edc\u914d\u7f6e\u4fe1\u606f\uff0c\u5e76\u70b9\u51fb \u4e0b\u4e00\u6b65 \u3002
\u7f51\u7edc\u63d2\u4ef6\uff1a\u8d1f\u8d23\u4e3a\u96c6\u7fa4\u5185\u7684 Pod \u63d0\u4f9b\u7f51\u7edc\u670d\u52a1\uff0c\u521b\u5efa\u96c6\u7fa4\u540e\u4e0d\u53ef\u66f4\u6539\u7f51\u7edc\u63d2\u4ef6\u3002\u652f\u6301 cilium \u548c calico\u3002\u9009\u62e9 none \u8868\u793a\u6682\u4e0d\u5b89\u88c5\u7f51\u7edc\u63d2\u4ef6\u3002
\u5bb9\u5668\u7f51\u6bb5\uff1a\u96c6\u7fa4\u4e0b\u5bb9\u5668\u4f7f\u7528\u7684\u7f51\u6bb5\uff0c\u51b3\u5b9a\u96c6\u7fa4\u4e0b\u5bb9\u5668\u7684\u6570\u91cf\u4e0a\u9650\u3002\u521b\u5efa\u540e\u4e0d\u53ef\u4fee\u6539\u3002
\u586b\u5199\u63d2\u4ef6\u914d\u7f6e\u4fe1\u606f\uff0c\u5e76\u70b9\u51fb \u4e0b\u4e00\u6b65 \u3002
\u586b\u5199\u9ad8\u7ea7\u914d\u7f6e\u4fe1\u606f\uff0c\u5e76\u70b9\u51fb \u786e\u5b9a \u3002
Success
Note
\u901a\u8fc7\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u5bb9\u5668\u7ba1\u7406\u5e73\u53f0 \u521b\u5efa\u7684\u96c6\u7fa4 \u652f\u6301 \u5378\u8f7d\u96c6\u7fa4 \u6216 \u89e3\u9664\u63a5\u5165 \u64cd\u4f5c\uff0c\u4ece\u5176\u4ed6\u73af\u5883\u76f4\u63a5 \u63a5\u5165\u7684\u96c6\u7fa4 \u4ec5\u652f\u6301 \u89e3\u9664\u63a5\u5165 \u64cd\u4f5c\u3002
Info
\u5982\u679c\u60f3\u5f7b\u5e95\u5220\u9664\u4e00\u4e2a\u63a5\u5165\u7684\u96c6\u7fa4\uff0c\u9700\u8981\u524d\u5f80\u521b\u5efa\u8be5\u96c6\u7fa4\u7684\u539f\u59cb\u5e73\u53f0\u64cd\u4f5c\u3002\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4e0d\u652f\u6301\u5220\u9664\u63a5\u5165\u7684\u96c6\u7fa4\u3002
\u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4e2d\uff0c \u5378\u8f7d\u96c6\u7fa4 \u548c \u89e3\u9664\u63a5\u5165 \u7684\u533a\u522b\u5728\u4e8e\uff1a
Note
\u5728 \u96c6\u7fa4\u5217\u8868 \u9875\u627e\u5230\u9700\u8981\u5378\u8f7d\u96c6\u7fa4\uff0c\u70b9\u51fb\u53f3\u4fa7\u7684 \u2507 \u5e76\u5728\u4e0b\u62c9\u5217\u8868\u4e2d\u70b9\u51fb \u5378\u8f7d\u96c6\u7fa4 \u3002
\u8f93\u5165\u96c6\u7fa4\u540d\u79f0\u8fdb\u884c\u786e\u8ba4\uff0c\u7136\u540e\u70b9\u51fb \u5220\u9664 \u3002
\u5982\u679c\u63d0\u793a\u96c6\u7fa4\u4e2d\u8fd8\u6709\u4e00\u4e9b\u6b8b\u7559\u7684\u8d44\u6e90\uff0c\u5219\u9700\u8981\u6309\u63d0\u793a\u5220\u9664\u76f8\u5173\u8d44\u6e90\u540e\u624d\u80fd\u6267\u884c\u5378\u8f7d\u64cd\u4f5c\u3002
\u8fd4\u56de \u96c6\u7fa4\u5217\u8868 \u9875\u53ef\u4ee5\u770b\u5230\u8be5\u96c6\u7fa4\u7684\u72b6\u6001\u5df2\u7ecf\u53d8\u6210 \u5220\u9664\u4e2d \u3002\u5378\u8f7d\u96c6\u7fa4\u53ef\u80fd\u9700\u8981\u4e00\u6bb5\u65f6\u95f4\uff0c\u8bf7\u60a8\u8010\u5fc3\u7b49\u5019\u3002
Note
\u5728 \u96c6\u7fa4\u5217\u8868 \u9875\u627e\u5230\u9700\u8981\u5378\u8f7d\u96c6\u7fa4\uff0c\u70b9\u51fb\u53f3\u4fa7\u7684 \u2507 \u5e76\u5728\u4e0b\u62c9\u5217\u8868\u4e2d\u70b9\u51fb \u89e3\u9664\u63a5\u5165 \u3002
\u8f93\u5165\u96c6\u7fa4\u540d\u79f0\u8fdb\u884c\u786e\u8ba4\uff0c\u7136\u540e\u70b9\u51fb \u89e3\u9664\u63a5\u5165 \u3002
\u5982\u679c\u63d0\u793a\u96c6\u7fa4\u4e2d\u8fd8\u6709\u4e00\u4e9b\u6b8b\u7559\u7684\u8d44\u6e90\uff0c\u5219\u9700\u8981\u6309\u63d0\u793a\u5220\u9664\u76f8\u5173\u8d44\u6e90\u540e\u624d\u80fd\u89e3\u9664\u63a5\u5165\u3002
\u96c6\u7fa4\u88ab\u79fb\u9664\u540e\uff0c\u96c6\u7fa4\u4e2d\u539f\u6709\u7684\u7ba1\u7406\u5e73\u53f0\u6570\u636e\u4e0d\u4f1a\u88ab\u81ea\u52a8\u6e05\u9664\uff0c\u5982\u9700\u5c06\u96c6\u7fa4\u63a5\u5165\u81f3\u65b0\u7ba1\u7406\u5e73\u53f0\u5219\u9700\u8981\u624b\u52a8\u6267\u884c\u5982\u4e0b\u64cd\u4f5c\uff1a
\u5220\u9664 kpanda-system\u3001insight-system \u547d\u540d\u7a7a\u95f4
kubectl delete ns kpanda-system insight-system\n
"},{"location":"end-user/kpanda/clusters/integrate-cluster.html","title":"\u63a5\u5165\u96c6\u7fa4","text":"\u901a\u8fc7\u63a5\u5165\u96c6\u7fa4\u64cd\u4f5c\uff0c\u80fd\u591f\u5bf9\u4f17\u591a\u4e91\u670d\u52a1\u5e73\u53f0\u96c6\u7fa4\u548c\u672c\u5730\u79c1\u6709\u7269\u7406\u96c6\u7fa4\u8fdb\u884c\u7edf\u4e00\u7eb3\u7ba1\uff0c\u5f62\u6210\u7edf\u4e00\u6cbb\u7406\u5e73\u53f0\uff0c\u6709\u6548\u907f\u514d\u4e86\u88ab\u5382\u5546\u9501\u5b9a\u98ce\u9669\uff0c\u52a9\u529b\u4f01\u4e1a\u4e1a\u52a1\u5b89\u5168\u4e0a\u4e91\u3002
\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u652f\u6301\u63a5\u5165\u591a\u79cd\u4e3b\u6d41\u7684\u5bb9\u5668\u96c6\u7fa4\uff0c\u4f8b\u5982 Redhat Openshift, SUSE Rancher, VMware Tanzu, Amazon EKS, Aliyun ACK, Huawei CCE, Tencent TKE, \u6807\u51c6 Kubernetes \u96c6\u7fa4\u3002
"},{"location":"end-user/kpanda/clusters/integrate-cluster.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u8fdb\u5165 \u96c6\u7fa4\u5217\u8868 \u9875\u9762\uff0c\u70b9\u51fb\u53f3\u4e0a\u89d2\u7684 \u63a5\u5165\u96c6\u7fa4 \u6309\u94ae\u3002
\u586b\u5199\u57fa\u672c\u4fe1\u606f\u3002
\u586b\u5199\u76ee\u6807\u96c6\u7fa4\u7684 KubeConfig\uff0c\u70b9\u51fb \u9a8c\u8bc1 Config \uff0c\u9a8c\u8bc1\u901a\u8fc7\u540e\u624d\u80fd\u6210\u529f\u63a5\u5165\u96c6\u7fa4\u3002
\u5982\u679c\u4e0d\u77e5\u9053\u5982\u4f55\u83b7\u53d6\u96c6\u7fa4\u7684 KubeConfig \u6587\u4ef6\uff0c\u53ef\u4ee5\u5728\u8f93\u5165\u6846\u53f3\u4e0a\u89d2\u70b9\u51fb \u5982\u4f55\u83b7\u53d6 kubeConfig \u67e5\u770b\u5bf9\u5e94\u6b65\u9aa4\u3002
\u786e\u8ba4\u6240\u6709\u53c2\u6570\u586b\u5199\u6b63\u786e\uff0c\u5728\u9875\u9762\u53f3\u4e0b\u89d2\u70b9\u51fb \u786e\u5b9a \u3002
Note
\u672c\u6587\u4ecb\u7ecd\u5982\u4f55\u63a5\u5165 rancher \u96c6\u7fa4\u3002
"},{"location":"end-user/kpanda/clusters/integrate-rancher-cluster.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u4f7f\u7528\u5177\u6709\u7ba1\u7406\u5458\u6743\u9650\u7684\u89d2\u8272\u8fdb\u5165 rancher \u96c6\u7fa4\uff0c\u5e76\u4f7f\u7528\u7ec8\u7aef\u65b0\u5efa\u4e00\u4e2a\u540d\u4e3a sa.yaml \u7684\u6587\u4ef6\u3002
vi sa.yaml\n
\u7136\u540e\u6309\u4e0b i \u952e\u8fdb\u5165\u63d2\u5165\u6a21\u5f0f\uff0c\u8f93\u5165\u4ee5\u4e0b\u5185\u5bb9\uff1a
sa.yamlapiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n name: rancher-rke\nrules:\n - apiGroups:\n - '*'\n resources:\n - '*'\n verbs:\n - '*'\n - nonResourceURLs:\n - '*'\n verbs:\n - '*'\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n name: rancher-rke\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: rancher-rke\n subjects:\n - kind: ServiceAccount\n name: rancher-rke\n namespace: kube-system\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: rancher-rke\n namespace: kube-system\n
\u6309\u4e0b esc \u952e\u9000\u51fa\u63d2\u5165\u6a21\u5f0f\uff0c\u7136\u540e\u8f93\u5165 __ :wq__ \u4fdd\u5b58\u5e76\u9000\u51fa\u3002
\u5728\u5f53\u524d\u8def\u5f84\u4e0b\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u65b0\u5efa\u540d\u4e3a rancher-rke \u7684 ServiceAccount\uff08\u4ee5\u4e0b\u7b80\u79f0\u4e3a SA \uff09\uff1a
kubectl apply -f sa.yaml\n
\u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a
clusterrole.rbac.authorization.k8s.io/rancher-rke created\nclusterrolebinding.rbac.authorization.k8s.io/rancher-rke created\nserviceaccount/rancher-rke created\n
\u521b\u5efa\u540d\u4e3a rancher-rke-secret \u7684\u5bc6\u94a5\uff0c\u5e76\u5c06\u5bc6\u94a5\u548c rancher-rke SA \u7ed1\u5b9a\u3002
kubectl apply -f - <<EOF\napiVersion: v1\nkind: Secret\nmetadata:\n name: rancher-rke-secret\n namespace: kube-system\n annotations:\n kubernetes.io/service-account.name: rancher-rke\n type: kubernetes.io/service-account-token\nEOF\n
\u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a
secret/rancher-rke-secret created\n
Note
\u5982\u679c\u60a8\u7684\u96c6\u7fa4\u7248\u672c\u4f4e\u4e8e 1.24\uff0c\u8bf7\u5ffd\u7565\u6b64\u6b65\u9aa4\uff0c\u76f4\u63a5\u524d\u5f80\u4e0b\u4e00\u6b65\u3002
\u67e5\u627e rancher-rke SA \u7684\u5bc6\u94a5\uff1a
kubectl -n kube-system get secret | grep rancher-rke | awk '{print $1}'\n
\u9884\u671f\u8f93\u51fa\uff1a
rancher-rke-secret\n
\u67e5\u770b\u5bc6\u94a5 rancher-rke-secret \u7684\u8be6\u60c5\uff1a
kubectl -n kube-system describe secret rancher-rke-secret\n
\u9884\u671f\u8f93\u51fa\uff1a
Name: rancher-rke-secret\nNamespace: kube-system\nLabels: <none>\nAnnotations: kubernetes.io/service-account.name: rancher-rke\n kubernetes.io/service-account.uid: d83df5d9-bd7d-488d-a046-b740618a0174\n\nType: kubernetes.io/service-account-token\n\nData\n====\nca.crt: 570 bytes\nnamespace: 11 bytes\ntoken: eyJhbGciOiJSUzI1NiIsImtpZCI6IjUtNE9nUWZLRzVpbEJORkZaNmtCQXhqVzRsZHU4MHhHcDBfb0VCaUo0V1kifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJyYW5jaGVyLXJrZS1zZWNyZXQiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoicmFuY2hlci1ya2UiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJkODNkZjVkOS1iZDdkLTQ4OGQtYTA0Ni1iNzQwNjE4YTAxNzQiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06cmFuY2hlci1ya2UifQ.VNsMtPEFOdDDeGt_8VHblcMRvjOwPXMM-79o9UooHx6q-VkHOcIOp3FOT2hnEdNnIsyODZVKCpEdCgyozX-3y5x2cZSZpocnkMcBbQm-qfTyUcUhAY7N5gcYUtHUhvRAsNWJcsDCn6d96gT_qo-ddo_cT8Ri39Lc123FDYOnYG-YGFKSgRQVy7Vyv34HIajZCCjZzy7i--eE_7o4DXeTjNqAFMFstUxxHBOXI3Rdn1zKQKqh5Jhg4ES7X-edSviSUfJUX-QV_LlAw5DuAyGPH7bDH4QaQ5k-p6cIctmpWZE-9wRDlKA4LYRblKE7MJcI6OmM4ldlMM0Jc8N-gCtl4w\n
\u5728\u4efb\u610f\u4e00\u53f0\u5b89\u88c5\u4e86 kubelet \u7684\u672c\u5730\u8282\u70b9\u6267\u884c\u5982\u4e0b\u64cd\u4f5c\uff1a
\u914d\u7f6e kubelet token\uff1a
kubectl config set-credentials rancher-rke --token=`rancher-rke-secret` \u91cc\u9762\u7684 token \u4fe1\u606f\n
\u4f8b\u5982\uff1a
kubectl config set-credentials eks-admin --token=eyJhbGciOiJSUzI1NiIsImtpZCI6IjUtNE9nUWZLRzVpbEJORkZaNmtCQXhqVzRsZHU4MHhHcDBfb0VCaUo0V1kifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJyYW5jaGVyLXJrZS1zZWNyZXQiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoicmFuY2hlci1ya2UiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJkODNkZjVkOS1iZDdkLTQ4OGQtYTA0Ni1iNzQwNjE4YTAxNzQiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06cmFuY2hlci1ya2UifQ.VNsMtPEFOdDDeGt_8VHblcMRvjOwPXMM-79o9UooHx6q-VkHOcIOp3FOT2hnEdNnIsyODZVKCpEdCgyozX-3y5x2cZSZpocnkMcBbQm-qfTyUcUhAY7N5gcYUtHUhvRAsNWJcsDCn6d96gT_qo-ddo_cT8Ri39Lc123FDYOnYG-YGFKSgRQVy7Vyv34HIajZCCjZzy7i--eE_7o4DXeTjNqAFMFstUxxHBOXI3Rdn1zKQKqh5Jhg4ES7X-edSviSUfJUX-QV_LlAw5DuAyGPH7bDH4QaQ5k-p6cIctmpWZE-9wRDlKA4LYRblKE7MJcI6OmM4ldlMM0Jc8N-gCtl4w\n
\u914d\u7f6e kubelet APIServer \u4fe1\u606f\uff1a
kubectl config set-cluster {\u96c6\u7fa4\u540d} --insecure-skip-tls-verify=true --server={APIServer}\n
https://10.X.X.X:6443
\u4f8b\u5982\uff1a
kubectl config set-cluster rancher-rke --insecure-skip-tls-verify=true --server=https://10.X.X.X:6443\n
\u914d\u7f6e kubelet \u4e0a\u4e0b\u6587\u4fe1\u606f\uff1a
kubectl config set-context {\u4e0a\u4e0b\u6587\u540d\u79f0} --cluster={\u96c6\u7fa4\u540d} --user={SA \u7528\u6237\u540d}\n
\u4f8b\u5982\uff1a
kubectl config set-context rancher-rke-context --cluster=rancher-rke --user=rancher-rke\n
\u5728 kubelet \u4e2d\u6307\u5b9a\u6211\u4eec\u521a\u521a\u65b0\u5efa\u7684\u4e0a\u4e0b\u6587 rancher-rke-context \uff1a
kubectl config use-context rancher-rke-context\n
\u83b7\u53d6\u4e0a\u4e0b\u6587 rancher-rke-context \u4e2d\u7684 kubeconfig \u4fe1\u606f\u3002
kubectl config view --minify --flatten --raw\n
\u9884\u671f\u8f93\u51fa\uff1a
apiVersion: v1\n clusters:\n - cluster:\n insecure-skip-tls-verify: true\n server: https://77C321BCF072682C70C8665ED4BFA10D.gr7.ap-southeast-1.eks.amazonaws.com\n name: joincluster\n contexts:\n - context:\n cluster: joincluster\n user: eks-admin\n name: ekscontext\n current-context: ekscontext\n kind: Config\n preferences: {}\n users:\n - name: eks-admin\n user:\n token: eyJhbGciOiJSUzI1NiIsImtpZCI6ImcxTjJwNkktWm5IbmRJU1RFRExvdWY1TGFWVUtGQ3VIejFtNlFQcUNFalEifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2V\n
\u4f7f\u7528\u521a\u521a\u83b7\u53d6\u7684 kubeconfig \u6587\u4ef6\uff0c\u53c2\u8003\u63a5\u5165\u96c6\u7fa4\u6587\u6863\uff0c\u5c06 rancher \u96c6\u7fa4\u63a5\u5165\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u3002
"},{"location":"end-user/kpanda/clusters/k8s-cert.html","title":"Kubernetes \u96c6\u7fa4\u8bc1\u4e66\u66f4\u65b0","text":"\u4e3a\u4fdd\u8bc1 Kubernetes \u5404\u7ec4\u4ef6\u4e4b\u95f4\u7684\u901a\u4fe1\u5b89\u5168\uff0c\u7ec4\u4ef6\u4e4b\u95f4\u7684\u8c03\u7528\u4f1a\u8fdb\u884c TLS \u8eab\u4efd\u9a8c\u8bc1\uff0c\u6267\u884c\u9a8c\u8bc1\u64cd\u4f5c\u9700\u8981\u914d\u7f6e\u96c6\u7fa4 PKI \u8bc1\u4e66\u3002
\u96c6\u7fa4\u8bc1\u4e66\u6709\u6548\u671f\u4e3a1\u5e74\uff0c\u4e3a\u907f\u514d\u8bc1\u4e66\u8fc7\u671f\u5bfc\u81f4\u4e1a\u52a1\u65e0\u6cd5\u4f7f\u7528\uff0c\u8bf7\u53ca\u65f6\u66f4\u65b0\u8bc1\u4e66\u3002
\u672c\u6587\u4ecb\u7ecd\u5982\u4f55\u624b\u52a8\u8fdb\u884c\u8bc1\u4e66\u66f4\u65b0\u3002
"},{"location":"end-user/kpanda/clusters/k8s-cert.html#_1","title":"\u68c0\u67e5\u8bc1\u4e66\u662f\u5426\u8fc7\u671f","text":"\u60a8\u53ef\u4ee5\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u67e5\u770b\u8bc1\u4e66\u662f\u5426\u8fc7\u671f\uff1a
kubeadm certs check-expiration\n
\u8f93\u51fa\u7c7b\u4f3c\u4e8e\u4ee5\u4e0b\u5185\u5bb9\uff1a
CERTIFICATE EXPIRES RESIDUAL TIME CERTIFICATE AUTHORITY EXTERNALLY MANAGED\nadmin.conf Dec 14, 2024 07:26 UTC 204d no \napiserver Dec 14, 2024 07:26 UTC 204d ca no \napiserver-etcd-client Dec 14, 2024 07:26 UTC 204d etcd-ca no \napiserver-kubelet-client Dec 14, 2024 07:26 UTC 204d ca no \ncontroller-manager.conf Dec 14, 2024 07:26 UTC 204d no \netcd-healthcheck-client Dec 14, 2024 07:26 UTC 204d etcd-ca no \netcd-peer Dec 14, 2024 07:26 UTC 204d etcd-ca no \netcd-server Dec 14, 2024 07:26 UTC 204d etcd-ca no \nfront-proxy-client Dec 14, 2024 07:26 UTC 204d front-proxy-ca no \nscheduler.conf Dec 14, 2024 07:26 UTC 204d no \n\nCERTIFICATE AUTHORITY EXPIRES RESIDUAL TIME EXTERNALLY MANAGED\nca Dec 12, 2033 07:26 UTC 9y no \netcd-ca Dec 12, 2033 07:26 UTC 9y no \nfront-proxy-ca Dec 12, 2033 07:26 UTC 9y no \n
"},{"location":"end-user/kpanda/clusters/k8s-cert.html#_2","title":"\u624b\u52a8\u66f4\u65b0\u8bc1\u4e66","text":"\u60a8\u53ef\u4ee5\u901a\u8fc7\u4ee5\u4e0b\u547d\u4ee4\u624b\u52a8\u66f4\u65b0\u8bc1\u4e66\uff0c\u53ea\u9700\u5e26\u4e0a\u5408\u9002\u7684\u547d\u4ee4\u884c\u9009\u9879\u3002\u66f4\u65b0\u8bc1\u4e66\u524d\u8bf7\u5148\u5907\u4efd\u5f53\u524d\u8bc1\u4e66\u3002
\u66f4\u65b0\u6307\u5b9a\u8bc1\u4e66\uff1a
kubeadm certs renew\n
\u66f4\u65b0\u5168\u90e8\u8bc1\u4e66\uff1a
kubeadm certs renew all\n
\u66f4\u65b0\u540e\u7684\u8bc1\u4e66\u53ef\u4ee5\u5728 /etc/kubernetes/pki
\u76ee\u5f55\u4e0b\u67e5\u770b\uff0c\u6709\u6548\u671f\u5ef6\u7eed 1 \u5e74\u3002 \u4ee5\u4e0b\u5bf9\u5e94\u7684\u51e0\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e5f\u4f1a\u540c\u6b65\u66f4\u65b0\uff1a
Note
/etc/kubernetes/pki
\u4e2d\u7684\u5bc6\u94a5\u6267\u884c\u66f4\u65b0\u3002\u6267\u884c\u66f4\u65b0\u64cd\u4f5c\u4e4b\u540e\uff0c\u4f60\u9700\u8981\u91cd\u542f\u63a7\u5236\u9762 Pod\u3002\u56e0\u4e3a\u52a8\u6001\u8bc1\u4e66\u91cd\u8f7d\u76ee\u524d\u8fd8\u4e0d\u88ab\u6240\u6709\u7ec4\u4ef6\u548c\u8bc1\u4e66\u652f\u6301\uff0c\u6240\u6709\u8fd9\u9879\u64cd\u4f5c\u662f\u5fc5\u987b\u7684\u3002
\u9759\u6001 Pod \u662f\u88ab\u672c\u5730 kubelet \u800c\u4e0d\u662f API \u670d\u52a1\u5668\u7ba1\u7406\uff0c\u6240\u4ee5 kubectl \u4e0d\u80fd\u7528\u6765\u5220\u9664\u6216\u91cd\u542f\u4ed6\u4eec\u3002
\u8981\u91cd\u542f\u9759\u6001 Pod\uff0c\u4f60\u53ef\u4ee5\u4e34\u65f6\u5c06\u6e05\u5355\u6587\u4ef6\u4ece /etc/kubernetes/manifests/
\u79fb\u9664\u5e76\u7b49\u5f85 20 \u79d2\u3002 \u53c2\u8003 KubeletConfiguration \u7ed3\u6784\u4e2d\u7684 fileCheckFrequency \u503c\u3002
\u5982\u679c Pod \u4e0d\u5728\u6e05\u5355\u76ee\u5f55\u91cc\uff0ckubelet \u5c06\u4f1a\u7ec8\u6b62\u5b83\u3002 \u5728\u53e6\u4e00\u4e2a fileCheckFrequency \u5468\u671f\u4e4b\u540e\u4f60\u53ef\u4ee5\u5c06\u6587\u4ef6\u79fb\u56de\u53bb\uff0ckubelet \u53ef\u4ee5\u5b8c\u6210 Pod \u7684\u91cd\u5efa\uff0c\u800c\u7ec4\u4ef6\u7684\u8bc1\u4e66\u66f4\u65b0\u64cd\u4f5c\u4e5f\u5f97\u4ee5\u5b8c\u6210\u3002
mv ./manifests/* ./temp/\nmv ./temp/* ./manifests/\n
Note
\u5982\u679c\u5bb9\u5668\u670d\u52a1\u4f7f\u7528\u7684\u662f Docker\uff0c\u4e3a\u4e86\u8ba9\u8bc1\u4e66\u751f\u6548\uff0c\u53ef\u4ee5\u4f7f\u7528\u4ee5\u4e0b\u547d\u4ee4\u5bf9\u6d89\u53ca\u5230\u8bc1\u4e66\u4f7f\u7528\u7684\u51e0\u4e2a\u670d\u52a1\u8fdb\u884c\u91cd\u542f\uff1a
docker ps | grep -E 'k8s_kube-apiserver|k8s_kube-controller-manager|k8s_kube-scheduler|k8s_etcd_etcd' | awk -F ' ' '{print $1}' | xargs docker restart\n
"},{"location":"end-user/kpanda/clusters/k8s-cert.html#kubeconfig","title":"\u66f4\u65b0 KubeConfig","text":"\u6784\u5efa\u96c6\u7fa4\u65f6\u901a\u5e38\u4f1a\u5c06 admin.conf \u8bc1\u4e66\u590d\u5236\u5230 $HOME/.kube/config \u4e2d\uff0c\u4e3a\u4e86\u5728\u66f4\u65b0 admin.conf \u540e\u66f4\u65b0 $HOME/.kube/config \u7684\u5185\u5bb9\uff0c \u5fc5\u987b\u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config\nsudo chown $(id -u):$(id -g) $HOME/.kube/config\n
"},{"location":"end-user/kpanda/clusters/k8s-cert.html#kubelet","title":"\u4e3a kubelet \u914d\u7f6e\u8bc1\u4e66\u8f6e\u6362","text":"\u5b8c\u6210\u4ee5\u4e0a\u64cd\u4f5c\u540e\uff0c\u57fa\u672c\u5b8c\u6210\u4e86\u96c6\u7fa4\u6240\u6709\u8bc1\u4e66\u7684\u66f4\u65b0\uff0c\u4f46\u4e0d\u5305\u62ec kubelet\u3002
\u56e0\u4e3a kubernetes \u5305\u542b\u7279\u6027 kubelet \u8bc1\u4e66\u8f6e\u6362\uff0c \u5728\u5f53\u524d\u8bc1\u4e66\u5373\u5c06\u8fc7\u671f\u65f6\uff0c \u5c06\u81ea\u52a8\u751f\u6210\u65b0\u7684\u79d8\u94a5\uff0c\u5e76\u4ece Kubernetes API \u7533\u8bf7\u65b0\u7684\u8bc1\u4e66\u3002 \u4e00\u65e6\u65b0\u7684\u8bc1\u4e66\u53ef\u7528\uff0c\u5b83\u5c06\u88ab\u7528\u4e8e\u4e0e Kubernetes API \u95f4\u7684\u8fde\u63a5\u8ba4\u8bc1\u3002
Note
\u6b64\u7279\u6027\u9002\u7528\u4e8e Kubernetes 1.8.0 \u6216\u66f4\u9ad8\u7684\u7248\u672c\u3002
\u542f\u7528\u5ba2\u6237\u7aef\u8bc1\u4e66\u8f6e\u6362\uff0c\u914d\u7f6e\u53c2\u6570\u5982\u4e0b\uff1a
kubelet \u8fdb\u7a0b\u63a5\u6536 --rotate-certificates \u53c2\u6570\uff0c\u8be5\u53c2\u6570\u51b3\u5b9a kubelet \u5728\u5f53\u524d\u4f7f\u7528\u7684 \u8bc1\u4e66\u5373\u5c06\u5230\u671f\u65f6\uff0c\u662f\u5426\u4f1a\u81ea\u52a8\u7533\u8bf7\u65b0\u7684\u8bc1\u4e66\u3002
kube-controller-manager \u8fdb\u7a0b\u63a5\u6536 --cluster-signing-duration \u53c2\u6570 \uff08\u5728 1.19 \u7248\u672c\u4e4b\u524d\u4e3a --experimental-cluster-signing-duration\uff09\uff0c\u7528\u6765\u63a7\u5236\u7b7e\u53d1\u8bc1\u4e66\u7684\u6709\u6548\u671f\u9650\u3002
\u66f4\u591a\u8be6\u60c5\u53c2\u8003\u4e3a kubelet \u914d\u7f6e\u8bc1\u4e66\u8f6e\u6362\u3002
"},{"location":"end-user/kpanda/clusters/k8s-cert.html#_4","title":"\u81ea\u52a8\u66f4\u65b0\u8bc1\u4e66","text":"\u4e3a\u4e86\u66f4\u9ad8\u6548\u4fbf\u6377\u5904\u7406\u5df2\u8fc7\u671f\u6216\u8005\u5373\u5c06\u8fc7\u671f\u7684 kubernetes \u96c6\u7fa4\u8bc1\u4e66\uff0c\u53ef\u53c2\u8003 k8s \u7248\u672c\u96c6\u7fa4\u8bc1\u4e66\u66f4\u65b0\u3002
"},{"location":"end-user/kpanda/clusters/runtime.html","title":"\u5982\u4f55\u9009\u62e9\u5bb9\u5668\u8fd0\u884c\u65f6","text":"\u5bb9\u5668\u8fd0\u884c\u65f6\u662f kubernetes \u4e2d\u5bf9\u5bb9\u5668\u548c\u5bb9\u5668\u955c\u50cf\u751f\u547d\u5468\u671f\u8fdb\u884c\u7ba1\u7406\u7684\u91cd\u8981\u7ec4\u4ef6\u3002 kubernetes \u5728 1.19 \u7248\u672c\u4e2d\u5c06 containerd \u8bbe\u4e3a\u9ed8\u8ba4\u7684\u5bb9\u5668\u8fd0\u884c\u65f6\uff0c\u5e76\u5728 1.24 \u7248\u672c\u4e2d\u79fb\u9664\u4e86 Dockershim \u7ec4\u4ef6\u7684\u652f\u6301\u3002
\u56e0\u6b64\u76f8\u8f83\u4e8e Docker \u8fd0\u884c\u65f6\uff0c\u6211\u4eec\u66f4\u52a0 \u63a8\u8350\u60a8\u4f7f\u7528\u8f7b\u91cf\u7684 containerd \u4f5c\u4e3a\u60a8\u7684\u5bb9\u5668\u8fd0\u884c\u65f6\uff0c\u56e0\u4e3a\u8fd9\u5df2\u7ecf\u6210\u4e3a\u5f53\u524d\u4e3b\u6d41\u7684\u8fd0\u884c\u65f6\u9009\u62e9\u3002
\u9664\u6b64\u4e4b\u5916\uff0c\u4e00\u4e9b\u64cd\u4f5c\u7cfb\u7edf\u53d1\u884c\u5382\u5546\u5bf9 Docker \u8fd0\u884c\u65f6\u7684\u517c\u5bb9\u4e5f\u4e0d\u591f\u53cb\u597d\uff0c\u4e0d\u540c\u64cd\u4f5c\u7cfb\u7edf\u5bf9\u8fd0\u884c\u65f6\u7684\u652f\u6301\u5982\u4e0b\u8868\uff1a
"},{"location":"end-user/kpanda/clusters/runtime.html#_2","title":"\u4e0d\u540c\u64cd\u4f5c\u7cfb\u7edf\u548c\u63a8\u8350\u7684\u8fd0\u884c\u65f6\u7248\u672c\u5bf9\u5e94\u5173\u7cfb","text":"\u64cd\u4f5c\u7cfb\u7edf \u63a8\u8350\u7684 containerd \u7248\u672c \u63a8\u8350\u7684 Docker \u7248\u672c CentOS 1.7.5 20.10 RedHatOS 1.7.5 20.10 KylinOS 1.7.5 19.03\uff08\u4ec5 ARM \u67b6\u6784\u652f\u6301 \uff0c\u5728 x86 \u67b6\u6784\u4e0b\u4e0d\u652f\u6301\u4f7f\u7528 Docker \u4f5c\u4e3a\u8fd0\u884c\u65f6\uff09\u66f4\u591a\u652f\u6301\u7684\u8fd0\u884c\u65f6\u7248\u672c\u4fe1\u606f\uff0c\u8bf7\u53c2\u8003 RedHatOS \u652f\u6301\u7684\u8fd0\u884c\u65f6\u7248\u672c \u548c KylinOS \u652f\u6301\u7684\u8fd0\u884c\u65f6\u7248\u672c
Note
\u5728\u79bb\u7ebf\u5b89\u88c5\u6a21\u5f0f\u4e0b\uff0c\u9700\u8981\u63d0\u524d\u51c6\u5907\u76f8\u5173\u64cd\u4f5c\u7cfb\u7edf\u7684\u8fd0\u884c\u65f6\u79bb\u7ebf\u5305\u3002
"},{"location":"end-user/kpanda/clusters/upgrade-cluster.html","title":"\u96c6\u7fa4\u5347\u7ea7","text":"Kubernetes \u793e\u533a\u6bcf\u4e2a\u5b63\u5ea6\u90fd\u4f1a\u53d1\u5e03\u4e00\u6b21\u5c0f\u7248\u672c\uff0c\u6bcf\u4e2a\u7248\u672c\u7684\u7ef4\u62a4\u5468\u671f\u5927\u6982\u53ea\u6709 9 \u4e2a\u6708\u3002 \u7248\u672c\u505c\u6b62\u7ef4\u62a4\u540e\u5c31\u4e0d\u4f1a\u518d\u66f4\u65b0\u4e00\u4e9b\u91cd\u5927\u6f0f\u6d1e\u6216\u5b89\u5168\u6f0f\u6d1e\u3002\u624b\u52a8\u5347\u7ea7\u96c6\u7fa4\u64cd\u4f5c\u8f83\u4e3a\u7e41\u7410\uff0c\u7ed9\u7ba1\u7406\u4eba\u5458\u5e26\u6765\u4e86\u6781\u5927\u7684\u5de5\u4f5c\u8d1f\u62c5\u3002
\u672c\u8282\u5c06\u4ecb\u7ecd\u5982\u4f55\u5728\u901a\u8fc7 Web UI \u754c\u9762\u4e00\u952e\u5f0f\u5728\u7ebf\u5347\u7ea7\u5de5\u4f5c\u96c6\u7fa4 Kubernetes \u7248\u672c\uff0c \u5982\u9700\u79bb\u7ebf\u5347\u7ea7\u5de5\u4f5c\u96c6\u7fa4\u7684 kubernetes \u7248\u672c\uff0c\u8bf7\u53c2\u9605\u5de5\u4f5c\u96c6\u7fa4\u79bb\u7ebf\u5347\u7ea7\u6307\u5357\u8fdb\u884c\u5347\u7ea7\u3002
Danger
\u7248\u672c\u5347\u7ea7\u540e\u5c06\u65e0\u6cd5\u56de\u9000\u5230\u4e4b\u524d\u7684\u7248\u672c\uff0c\u8bf7\u8c28\u614e\u64cd\u4f5c\u3002
Note
\u5728\u96c6\u7fa4\u5217\u8868\u4e2d\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\u3002
\u7136\u540e\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u96c6\u7fa4\u8fd0\u7ef4 -> \u96c6\u7fa4\u5347\u7ea7 \uff0c\u5728\u9875\u9762\u53f3\u4e0a\u89d2\u70b9\u51fb \u7248\u672c\u5347\u7ea7 \u3002
\u9009\u62e9\u53ef\u5347\u7ea7\u7684\u7248\u672c\uff0c\u8f93\u5165\u96c6\u7fa4\u540d\u79f0\u8fdb\u884c\u786e\u8ba4\u3002
Note
\u5982\u679c\u60a8\u662f\u60f3\u901a\u8fc7\u5347\u7ea7\u65b9\u5f0f\u6765\u4fee\u6539\u96c6\u7fa4\u53c2\u6570\uff0c\u8bf7\u53c2\u8003\u4ee5\u4e0b\u6b65\u9aa4\uff1a
\u627e\u5230\u96c6\u7fa4\u5bf9\u5e94\u7684 ConfigMap\uff0c\u60a8\u53ef\u4ee5\u767b\u5f55\u63a7\u5236\u8282\u70b9\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u627e\u5230 varsConfRef \u4e2d\u7684 ConfigMap \u540d\u79f0\u3002
kubectl get cluster.kubean.io <clustername> -o yaml\n
\u6839\u636e\u9700\u8981\uff0c\u4fee\u6539 ConfigMap \u4e2d\u7684\u53c2\u6570\u4fe1\u606f\u3002
\u5728\u6b64\u5904\u9009\u62e9\u76f8\u540c\u7248\u672c\u8fdb\u884c\u5347\u7ea7\u64cd\u4f5c\uff0c\u5347\u7ea7\u5b8c\u6210\u5373\u53ef\u6210\u529f\u66f4\u65b0\u5bf9\u5e94\u7684\u96c6\u7fa4\u53c2\u6570\u3002
\u70b9\u51fb \u786e\u5b9a \u540e\uff0c\u53ef\u4ee5\u770b\u5230\u96c6\u7fa4\u7684\u5347\u7ea7\u8fdb\u5ea6\u3002
\u96c6\u7fa4\u5347\u7ea7\u9884\u8ba1\u9700\u8981 30 \u5206\u949f\uff0c\u53ef\u4ee5\u70b9\u51fb \u5b9e\u65f6\u65e5\u5fd7 \u6309\u94ae\u67e5\u770b\u96c6\u7fa4\u5347\u7ea7\u7684\u8be6\u7ec6\u65e5\u5fd7\u3002
configmap/secret \u70ed\u52a0\u8f7d\u662f\u6307\u5c06 configmap/secret \u4f5c\u4e3a\u6570\u636e\u5377\u6302\u8f7d\u5728\u5bb9\u5668\u4e2d\u6302\u8f7d\u65f6\uff0c\u5f53\u914d\u7f6e\u53d1\u751f\u6539\u53d8\u65f6\uff0c\u5bb9\u5668\u5c06\u81ea\u52a8\u8bfb\u53d6 configmap/secret \u66f4\u65b0\u540e\u7684\u914d\u7f6e\uff0c\u800c\u65e0\u9700\u91cd\u542f Pod\u3002
"},{"location":"end-user/kpanda/configmaps-secrets/configmap-hot-loading.html#_1","title":"\u64cd\u4f5c\u6b65\u9aa4","text":"\u53c2\u8003\u521b\u5efa\u5de5\u4f5c\u8d1f\u8f7d - \u5bb9\u5668\u914d\u7f6e\uff0c\u914d\u7f6e\u5bb9\u5668\u6570\u636e\u5b58\u50a8\uff0c\u9009\u62e9 Configmap \u3001 Configmap Key \u3001 Secret \u3001 Secret Key \u4f5c\u4e3a\u6570\u636e\u5377\u6302\u8f7d\u81f3\u5bb9\u5668\u3002
Note
\u4f7f\u7528\u5b50\u8def\u5f84\uff08SubPath\uff09\u65b9\u5f0f\u6302\u8f7d\u7684\u914d\u7f6e\u6587\u4ef6\u4e0d\u652f\u6301\u70ed\u52a0\u8f7d\u3002
\u8fdb\u5165\u3010\u914d\u7f6e\u4e0e\u5bc6\u94a5\u3011\u9875\u9762\uff0c\u8fdb\u5165\u914d\u7f6e\u9879\u8be6\u60c5\u9875\u9762\uff0c\u5728\u3010\u5173\u8054\u8d44\u6e90\u3011\u4e2d\u627e\u5230\u5bf9\u5e94\u7684 container \u8d44\u6e90\uff0c\u70b9\u51fb \u7acb\u5373\u52a0\u8f7d \u6309\u94ae\uff0c\u8fdb\u5165\u914d\u7f6e\u70ed\u52a0\u8f7d\u9875\u9762\u3002
Note
\u5982\u679c\u60a8\u7684\u5e94\u7528\u652f\u6301\u81ea\u52a8\u8bfb\u53d6 configmap/secret \u66f4\u65b0\u540e\u7684\u914d\u7f6e\uff0c\u5219\u65e0\u9700\u624b\u52a8\u6267\u884c\u70ed\u52a0\u8f7d\u64cd\u4f5c\u3002
\u5728\u70ed\u52a0\u8f7d\u914d\u7f6e\u5f39\u7a97\u4e2d\uff0c\u8f93\u5165\u8fdb\u5165\u5bb9\u5668\u5185\u7684 \u6267\u884c\u547d\u4ee4 \u5e76\u70b9\u51fb \u786e\u5b9a \u6309\u94ae\uff0c\u4ee5\u91cd\u8f7d\u914d\u7f6e\u3002\u4f8b\u5982\uff0c\u5728 nginx \u5bb9\u5668\u4e2d\uff0c\u4ee5 root \u7528\u6237\u6743\u9650\uff0c\u6267\u884c nginx -s reload \u547d\u4ee4\u6765\u91cd\u8f7d\u914d\u7f6e\u3002
\u5728\u754c\u9762\u5f39\u51fa\u7684 web \u7ec8\u7aef\u4e2d\u67e5\u770b\u5e94\u7528\u91cd\u8f7d\u60c5\u51b5\u3002
\u914d\u7f6e\u9879\uff08ConfigMap\uff09\u4ee5\u952e\u503c\u5bf9\u7684\u5f62\u5f0f\u5b58\u50a8\u975e\u673a\u5bc6\u6027\u6570\u636e\uff0c\u5b9e\u73b0\u914d\u7f6e\u6570\u636e\u548c\u5e94\u7528\u4ee3\u7801\u76f8\u4e92\u89e3\u8026\u7684\u6548\u679c\u3002\u914d\u7f6e\u9879\u53ef\u7528\u4f5c\u5bb9\u5668\u7684\u73af\u5883\u53d8\u91cf\u3001\u547d\u4ee4\u884c\u53c2\u6570\u6216\u8005\u5b58\u50a8\u5377\u4e2d\u7684\u914d\u7f6e\u6587\u4ef6\u3002
Note
\u5728\u914d\u7f6e\u9879\u4e2d\u4fdd\u5b58\u7684\u6570\u636e\u4e0d\u53ef\u8d85\u8fc7 1 MiB\u3002\u5982\u679c\u9700\u8981\u5b58\u50a8\u4f53\u79ef\u66f4\u5927\u7684\u6570\u636e\uff0c\u5efa\u8bae\u6302\u8f7d\u5b58\u50a8\u5377\u6216\u8005\u4f7f\u7528\u72ec\u7acb\u7684\u6570\u636e\u5e93\u6216\u8005\u6587\u4ef6\u670d\u52a1\u3002
\u914d\u7f6e\u9879\u4e0d\u63d0\u4f9b\u4fdd\u5bc6\u6216\u8005\u52a0\u5bc6\u529f\u80fd\u3002\u5982\u679c\u8981\u5b58\u50a8\u52a0\u5bc6\u6570\u636e\uff0c\u5efa\u8bae\u4f7f\u7528\u5bc6\u94a5\uff0c\u6216\u8005\u5176\u4ed6\u7b2c\u4e09\u65b9\u5de5\u5177\u6765\u4fdd\u8bc1\u6570\u636e\u7684\u79c1\u5bc6\u6027\u3002
\u652f\u6301\u4e24\u79cd\u521b\u5efa\u65b9\u5f0f\uff1a
\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u5df2\u63a5\u5165 Kubernetes \u96c6\u7fa4\u6216\u8005\u5df2\u521b\u5efa Kubernetes \u96c6\u7fa4\uff0c\u4e14\u80fd\u591f\u8bbf\u95ee\u96c6\u7fa4\u7684 UI \u754c\u9762
\u5df2\u5b8c\u6210\u4e00\u4e2a\u547d\u540d\u7a7a\u95f4\u7684\u521b\u5efa\u3001\u7528\u6237\u7684\u521b\u5efa\uff0c\u5e76\u5c06\u7528\u6237\u6388\u6743\u4e3a NS Editor \u89d2\u8272 \uff0c\u8be6\u60c5\u53ef\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u6388\u6743\u3002
\u5728 \u96c6\u7fa4\u5217\u8868 \u9875\u9762\u70b9\u51fb\u67d0\u4e2a\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\uff0c\u70b9\u51fb \u914d\u7f6e\u4e0e\u5bc6\u94a5 -> \u914d\u7f6e\u9879 \uff0c\u70b9\u51fb\u53f3\u4e0a\u89d2 \u521b\u5efa\u914d\u7f6e\u9879 \u6309\u94ae\u3002
\u5728 \u521b\u5efa\u914d\u7f6e\u9879 \u9875\u9762\u4e2d\u586b\u5199\u914d\u7f6e\u4fe1\u606f\uff0c\u70b9\u51fb \u786e\u5b9a \u3002
Note
\u70b9\u51fb \u4e0a\u4f20\u6587\u4ef6 \u53ef\u4ee5\u4ece\u672c\u5730\u5bfc\u5165\u5df2\u6709\u7684\u6587\u4ef6\uff0c\u5feb\u901f\u521b\u5efa\u914d\u7f6e\u9879\u3002
\u521b\u5efa\u5b8c\u6210\u540e\u5728\u914d\u7f6e\u9879\u53f3\u4fa7\u70b9\u51fb\u66f4\u591a\u53ef\u4ee5\uff0c\u53ef\u4ee5\u7f16\u8f91 YAML\u3001\u66f4\u65b0\u3001\u5bfc\u51fa\u3001\u5220\u9664\u7b49\u64cd\u4f5c\u3002
\u5728 \u96c6\u7fa4\u5217\u8868 \u9875\u9762\u70b9\u51fb\u67d0\u4e2a\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\uff0c\u70b9\u51fb \u914d\u7f6e\u4e0e\u5bc6\u94a5 -> \u914d\u7f6e\u9879 \uff0c\u70b9\u51fb\u53f3\u4e0a\u89d2 YAML \u521b\u5efa \u6309\u94ae\u3002
\u586b\u5199\u6216\u7c98\u8d34\u4e8b\u5148\u51c6\u5907\u597d\u7684\u914d\u7f6e\u6587\u4ef6\uff0c\u7136\u540e\u5728\u5f39\u6846\u53f3\u4e0b\u89d2\u70b9\u51fb \u786e\u5b9a \u3002
Note
\u521b\u5efa\u5b8c\u6210\u540e\u5728\u914d\u7f6e\u9879\u53f3\u4fa7\u70b9\u51fb\u66f4\u591a\u53ef\u4ee5\uff0c\u53ef\u4ee5\u7f16\u8f91 YAML\u3001\u66f4\u65b0\u3001\u5bfc\u51fa\u3001\u5220\u9664\u7b49\u64cd\u4f5c\u3002
```yaml\nkind: ConfigMap\napiVersion: v1\nmetadata:\n name: kube-root-ca.crt\n namespace: default\n annotations:\ndata:\n version: '1.0'\n```\n
\u4e0b\u4e00\u6b65\uff1a\u4f7f\u7528\u914d\u7f6e\u9879
"},{"location":"end-user/kpanda/configmaps-secrets/create-secret.html","title":"\u521b\u5efa\u5bc6\u94a5","text":"\u5bc6\u94a5\u662f\u4e00\u79cd\u7528\u4e8e\u5b58\u50a8\u548c\u7ba1\u7406\u5bc6\u7801\u3001OAuth \u4ee4\u724c\u3001SSH\u3001TLS \u51ed\u636e\u7b49\u654f\u611f\u4fe1\u606f\u7684\u8d44\u6e90\u5bf9\u8c61\u3002\u4f7f\u7528\u5bc6\u94a5\u610f\u5473\u7740\u60a8\u4e0d\u9700\u8981\u5728\u5e94\u7528\u7a0b\u5e8f\u4ee3\u7801\u4e2d\u5305\u542b\u654f\u611f\u7684\u673a\u5bc6\u6570\u636e\u3002
\u5bc6\u94a5\u4f7f\u7528\u573a\u666f\uff1a
\u652f\u6301\u4e24\u79cd\u521b\u5efa\u65b9\u5f0f\uff1a
\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u5df2\u63a5\u5165 Kubernetes \u96c6\u7fa4\u6216\u8005\u5df2\u521b\u5efa Kubernetes \u96c6\u7fa4\uff0c\u4e14\u80fd\u591f\u8bbf\u95ee\u96c6\u7fa4\u7684 UI \u754c\u9762
\u5df2\u5b8c\u6210\u4e00\u4e2a\u547d\u540d\u7a7a\u95f4\u7684\u521b\u5efa\u3001\u7528\u6237\u7684\u521b\u5efa\uff0c\u5e76\u5c06\u7528\u6237\u6388\u6743\u4e3a NS Editor \uff0c\u8be6\u60c5\u53ef\u53c2\u8003\u96c6\u7fa4\u548c\u547d\u540d\u7a7a\u95f4\u6388\u6743\u3002
\u5728 \u96c6\u7fa4\u5217\u8868 \u9875\u9762\u70b9\u51fb\u67d0\u4e2a\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\uff0c\u70b9\u51fb \u914d\u7f6e\u4e0e\u5bc6\u94a5 -> \u5bc6\u94a5 \uff0c\u70b9\u51fb\u53f3\u4e0a\u89d2 \u521b\u5efa\u5bc6\u94a5 \u6309\u94ae\u3002
\u5728 \u521b\u5efa\u5bc6\u94a5 \u9875\u9762\u4e2d\u586b\u5199\u914d\u7f6e\u4fe1\u606f\uff0c\u70b9\u51fb \u786e\u5b9a \u3002
\u586b\u5199\u914d\u7f6e\u65f6\u9700\u8981\u6ce8\u610f\uff1a
\u5728 \u96c6\u7fa4\u5217\u8868 \u9875\u9762\u70b9\u51fb\u67d0\u4e2a\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\uff0c\u70b9\u51fb \u914d\u7f6e\u4e0e\u5bc6\u94a5 -> \u5bc6\u94a5 \uff0c\u70b9\u51fb\u53f3\u4e0a\u89d2 YAML \u521b\u5efa \u6309\u94ae\u3002
\u5728 YAML \u521b\u5efa \u9875\u9762\u4e2d\u586b\u5199 YAML \u914d\u7f6e\uff0c\u70b9\u51fb \u786e\u5b9a \u3002
\u652f\u6301\u4ece\u672c\u5730\u5bfc\u5165 YAML \u6587\u4ef6\u6216\u5c06\u586b\u5199\u597d\u7684\u6587\u4ef6\u4e0b\u8f7d\u4fdd\u5b58\u5230\u672c\u5730\u3002
```yaml\napiVersion: v1\nkind: Secret\nmetadata:\n name: secretdemo\ntype: Opaque\ndata:\n username: ******\n password: ******\n```\n
\u4e0b\u4e00\u6b65\uff1a\u4f7f\u7528\u5bc6\u94a5
"},{"location":"end-user/kpanda/configmaps-secrets/use-configmap.html","title":"\u4f7f\u7528\u914d\u7f6e\u9879","text":"\u914d\u7f6e\u9879\uff08ConfigMap\uff09\u662f Kubernetes \u7684\u4e00\u79cd API \u5bf9\u8c61\uff0c\u7528\u6765\u5c06\u975e\u673a\u5bc6\u6027\u7684\u6570\u636e\u4fdd\u5b58\u5230\u952e\u503c\u5bf9\u4e2d\uff0c\u53ef\u4ee5\u5b58\u50a8\u5176\u4ed6\u5bf9\u8c61\u6240\u9700\u8981\u4f7f\u7528\u7684\u914d\u7f6e\u3002 \u4f7f\u7528\u65f6\uff0c \u5bb9\u5668\u53ef\u4ee5\u5c06\u5176\u7528\u4f5c\u73af\u5883\u53d8\u91cf\u3001\u547d\u4ee4\u884c\u53c2\u6570\u6216\u8005\u5b58\u50a8\u5377\u4e2d\u7684\u914d\u7f6e\u6587\u4ef6\u3002\u901a\u8fc7\u4f7f\u7528\u914d\u7f6e\u9879\uff0c\u80fd\u591f\u5c06\u914d\u7f6e\u6570\u636e\u548c\u5e94\u7528\u7a0b\u5e8f\u4ee3\u7801\u5206\u5f00\uff0c\u4e3a\u5e94\u7528\u914d\u7f6e\u7684\u4fee\u6539\u63d0\u4f9b\u66f4\u52a0\u7075\u6d3b\u7684\u9014\u5f84\u3002
Note
\u914d\u7f6e\u9879\u5e76\u4e0d\u63d0\u4f9b\u4fdd\u5bc6\u6216\u8005\u52a0\u5bc6\u529f\u80fd\u3002\u5982\u679c\u8981\u5b58\u50a8\u7684\u6570\u636e\u662f\u673a\u5bc6\u7684\uff0c\u8bf7\u4f7f\u7528\u5bc6\u94a5\uff0c\u6216\u8005\u4f7f\u7528\u5176\u4ed6\u7b2c\u4e09\u65b9\u5de5\u5177\u6765\u4fdd\u8bc1\u6570\u636e\u7684\u79c1\u5bc6\u6027\uff0c\u800c\u4e0d\u662f\u7528\u914d\u7f6e\u9879\u3002 \u6b64\u5916\u5728\u5bb9\u5668\u91cc\u4f7f\u7528\u914d\u7f6e\u9879\u65f6\uff0c\u5bb9\u5668\u548c\u914d\u7f6e\u9879\u5fc5\u987b\u5904\u4e8e\u540c\u4e00\u96c6\u7fa4\u7684\u547d\u540d\u7a7a\u95f4\u4e2d\u3002
"},{"location":"end-user/kpanda/configmaps-secrets/use-configmap.html#_2","title":"\u4f7f\u7528\u573a\u666f","text":"\u60a8\u53ef\u4ee5\u5728 Pod \u4e2d\u4f7f\u7528\u914d\u7f6e\u9879\uff0c\u6709\u591a\u79cd\u4f7f\u7528\u573a\u666f\uff0c\u4e3b\u8981\u5305\u62ec\uff1a
\u4f7f\u7528\u914d\u7f6e\u9879\u8bbe\u7f6e\u5bb9\u5668\u7684\u73af\u5883\u53d8\u91cf
\u4f7f\u7528\u914d\u7f6e\u9879\u8bbe\u7f6e\u5bb9\u5668\u7684\u547d\u4ee4\u884c\u53c2\u6570
\u4f7f\u7528\u914d\u7f6e\u9879\u4f5c\u4e3a\u5bb9\u5668\u7684\u6570\u636e\u5377
\u60a8\u53ef\u4ee5\u901a\u8fc7\u56fe\u5f62\u5316\u754c\u9762\u6216\u8005\u7ec8\u7aef\u547d\u4ee4\u884c\u6765\u4f7f\u7528\u914d\u7f6e\u9879\u4f5c\u4e3a\u5bb9\u5668\u7684\u73af\u5883\u53d8\u91cf\u3002
Note
\u914d\u7f6e\u9879\u5bfc\u5165\u662f\u5c06\u914d\u7f6e\u9879\u4f5c\u4e3a\u73af\u5883\u53d8\u91cf\u7684\u503c\uff1b\u914d\u7f6e\u9879\u952e\u503c\u5bfc\u5165\u662f\u5c06\u914d\u7f6e\u9879\u4e2d\u67d0\u4e00\u53c2\u6570\u4f5c\u4e3a\u73af\u5883\u53d8\u91cf\u7684\u503c\u3002
"},{"location":"end-user/kpanda/configmaps-secrets/use-configmap.html#_4","title":"\u56fe\u5f62\u5316\u754c\u9762\u64cd\u4f5c","text":"\u901a\u8fc7\u955c\u50cf\u521b\u5efa\u5de5\u4f5c\u8d1f\u8f7d\u65f6\uff0c\u53ef\u4ee5\u5728 \u73af\u5883\u53d8\u91cf \u754c\u9762\u901a\u8fc7\u9009\u62e9 \u914d\u7f6e\u9879\u5bfc\u5165 \u6216 \u914d\u7f6e\u9879\u952e\u503c\u5bfc\u5165 \u4e3a\u5bb9\u5668\u8bbe\u7f6e\u73af\u5883\u53d8\u91cf\u3002
\u8fdb\u5165\u955c\u50cf\u521b\u5efa\u5de5\u4f5c\u8d1f\u8f7d\u9875\u9762\u4e2d\uff0c\u5728 \u5bb9\u5668\u914d\u7f6e \u8fd9\u4e00\u6b65\u4e2d\uff0c\u9009\u62e9 \u73af\u5883\u53d8\u91cf \u914d\u7f6e\uff0c\u70b9\u51fb \u6dfb\u52a0\u73af\u5883\u53d8\u91cf \u6309\u94ae\u3002
\u5728\u73af\u5883\u53d8\u91cf\u7c7b\u578b\u5904\u9009\u62e9 \u914d\u7f6e\u9879\u5bfc\u5165 \u6216 \u914d\u7f6e\u9879\u952e\u503c\u5bfc\u5165 \u3002
\u5f53\u73af\u5883\u53d8\u91cf\u7c7b\u578b\u9009\u62e9\u4e3a \u914d\u7f6e\u9879\u5bfc\u5165 \u65f6\uff0c\u4f9d\u6b21\u8f93\u5165 \u53d8\u91cf\u540d \u3001 \u524d\u7f00 \u540d\u79f0\u3001 \u914d\u7f6e\u9879 \u7684\u540d\u79f0\u3002
\u5f53\u73af\u5883\u53d8\u91cf\u7c7b\u578b\u9009\u62e9\u4e3a \u914d\u7f6e\u9879\u952e\u503c\u5bfc\u5165 \u65f6\uff0c\u4f9d\u6b21\u8f93\u5165 \u53d8\u91cf\u540d \u3001 \u914d\u7f6e\u9879 \u540d\u79f0\u3001 \u952e \u7684\u540d\u79f0\u3002
\u60a8\u53ef\u4ee5\u5728\u521b\u5efa\u5de5\u4f5c\u8d1f\u8f7d\u65f6\u5c06\u914d\u7f6e\u9879\u8bbe\u7f6e\u4e3a\u73af\u5883\u53d8\u91cf\uff0c\u4f7f\u7528 valueFrom \u53c2\u6570\u5f15\u7528 ConfigMap \u4e2d\u7684 Key/Value\u3002
apiVersion: v1\nkind: Pod\nmetadata:\n name: configmap-pod-1\nspec:\n containers:\n - name: test-container\n image: busybox\n command: [ \"/bin/sh\", \"-c\", \"env\" ]\n env:\n - name: SPECIAL_LEVEL_KEY\n valueFrom: # (1)!\n configMapKeyRef:\n name: kpanda-configmap # (2)!\n key: SPECIAL_LEVEL # (3)!\n restartPolicy: Never\n
\u60a8\u53ef\u4ee5\u4f7f\u7528\u914d\u7f6e\u9879\u8bbe\u7f6e\u5bb9\u5668\u4e2d\u7684\u547d\u4ee4\u6216\u8005\u53c2\u6570\u503c\uff0c\u4f7f\u7528\u73af\u5883\u53d8\u91cf\u66ff\u6362\u8bed\u6cd5 $(VAR_NAME) \u6765\u8fdb\u884c\u3002\u5982\u4e0b\u6240\u793a\u3002
apiVersion: v1\nkind: Pod\nmetadata:\n name: configmap-pod-3\nspec:\n containers:\n - name: test-container\n image: busybox\n command: [ \"/bin/sh\", \"-c\", \"echo $(SPECIAL_LEVEL_KEY) $(SPECIAL_TYPE_KEY)\" ]\n env:\n - name: SPECIAL_LEVEL_KEY\n valueFrom:\n configMapKeyRef:\n name: kpanda-configmap\n key: SPECIAL_LEVEL\n - name: SPECIAL_TYPE_KEY\n valueFrom:\n configMapKeyRef:\n name: kpanda-configmap\n key: SPECIAL_TYPE\n restartPolicy: Never\n
\u8fd9\u4e2a Pod \u8fd0\u884c\u540e\uff0c\u8f93\u51fa\u5982\u4e0b\u5185\u5bb9\u3002
Hello Kpanda\n
"},{"location":"end-user/kpanda/configmaps-secrets/use-configmap.html#_7","title":"\u7528\u4f5c\u5bb9\u5668\u6570\u636e\u5377","text":"\u60a8\u53ef\u4ee5\u901a\u8fc7\u56fe\u5f62\u5316\u754c\u9762\u6216\u8005\u7ec8\u7aef\u547d\u4ee4\u884c\u6765\u4f7f\u7528\u914d\u7f6e\u9879\u4f5c\u4e3a\u5bb9\u5668\u7684\u73af\u5883\u53d8\u91cf\u3002
"},{"location":"end-user/kpanda/configmaps-secrets/use-configmap.html#_8","title":"\u56fe\u5f62\u5316\u64cd\u4f5c","text":"\u5728\u901a\u8fc7\u955c\u50cf\u521b\u5efa\u5de5\u4f5c\u8d1f\u8f7d\u65f6\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7\u5728 \u6570\u636e\u5b58\u50a8 \u754c\u9762\u9009\u62e9\u5b58\u50a8\u7c7b\u578b\u4e3a \u914d\u7f6e\u9879 \uff0c\u5c06\u914d\u7f6e\u9879\u4f5c\u4e3a\u5bb9\u5668\u7684\u6570\u636e\u5377\u3002
\u8fdb\u5165\u955c\u50cf\u521b\u5efa\u5de5\u4f5c\u8d1f\u8f7d\u9875\u9762\u4e2d\uff0c\u5728 \u5bb9\u5668\u914d\u7f6e \u8fd9\u4e00\u6b65\u4e2d\uff0c\u9009\u62e9 \u6570\u636e\u5b58\u50a8 \u914d\u7f6e\uff0c\u5728 \u8282\u70b9\u8def\u5f84\u6620\u5c04 \u5217\u8868\u70b9\u51fb \u6dfb\u52a0 \u6309\u94ae\u3002
\u5728\u5b58\u50a8\u7c7b\u578b\u5904\u9009\u62e9 \u914d\u7f6e\u9879 \uff0c\u5e76\u4f9d\u6b21\u8f93\u5165 \u5bb9\u5668\u8def\u5f84 \u3001 \u5b50\u8def\u5f84 \u7b49\u4fe1\u606f\u3002
\u8981\u5728\u4e00\u4e2a Pod \u7684\u5b58\u50a8\u5377\u4e2d\u4f7f\u7528 ConfigMap\u3002
\u4e0b\u9762\u662f\u4e00\u4e2a\u5c06 ConfigMap \u4ee5\u5377\u7684\u5f62\u5f0f\u8fdb\u884c\u6302\u8f7d\u7684 Pod \u793a\u4f8b\uff1a
apiVersion: v1\nkind: Pod\nmetadata:\n name: mypod\nspec:\n containers:\n - name: mypod\n image: redis\n volumeMounts:\n - name: foo\n mountPath: \"/etc/foo\"\n readOnly: true\n volumes:\n - name: foo\n configMap:\n name: myconfigmap\n
\u5982\u679c Pod \u4e2d\u6709\u591a\u4e2a\u5bb9\u5668\uff0c\u5219\u6bcf\u4e2a\u5bb9\u5668\u90fd\u9700\u8981\u81ea\u5df1\u7684 volumeMounts \u5757\uff0c\u4f46\u9488\u5bf9\u6bcf\u4e2a ConfigMap\uff0c\u60a8\u53ea\u9700\u8981\u8bbe\u7f6e\u4e00\u4e2a spec.volumes \u5757\u3002
Note
\u5c06\u914d\u7f6e\u9879\u4f5c\u4e3a\u5bb9\u5668\u6302\u8f7d\u7684\u6570\u636e\u5377\u65f6\uff0c\u914d\u7f6e\u9879\u53ea\u80fd\u4f5c\u4e3a\u53ea\u8bfb\u6587\u4ef6\u8fdb\u884c\u8bfb\u53d6\u3002
"},{"location":"end-user/kpanda/configmaps-secrets/use-secret.html","title":"\u4f7f\u7528\u5bc6\u94a5","text":"\u5bc6\u94a5\u662f\u4e00\u79cd\u7528\u4e8e\u5b58\u50a8\u548c\u7ba1\u7406\u5bc6\u7801\u3001OAuth \u4ee4\u724c\u3001SSH\u3001TLS \u51ed\u636e\u7b49\u654f\u611f\u4fe1\u606f\u7684\u8d44\u6e90\u5bf9\u8c61\u3002\u4f7f\u7528\u5bc6\u94a5\u610f\u5473\u7740\u60a8\u4e0d\u9700\u8981\u5728\u5e94\u7528\u7a0b\u5e8f\u4ee3\u7801\u4e2d\u5305\u542b\u654f\u611f\u7684\u673a\u5bc6\u6570\u636e\u3002
"},{"location":"end-user/kpanda/configmaps-secrets/use-secret.html#_2","title":"\u4f7f\u7528\u573a\u666f","text":"\u60a8\u53ef\u4ee5\u5728 Pod \u4e2d\u4f7f\u7528\u5bc6\u94a5\uff0c\u6709\u591a\u79cd\u4f7f\u7528\u573a\u666f\uff0c\u4e3b\u8981\u5305\u62ec\uff1a
\u60a8\u53ef\u4ee5\u901a\u8fc7\u56fe\u5f62\u5316\u754c\u9762\u6216\u8005\u7ec8\u7aef\u547d\u4ee4\u884c\u6765\u4f7f\u7528\u5bc6\u94a5\u4f5c\u4e3a\u5bb9\u5668\u7684\u73af\u5883\u53d8\u91cf\u3002
Note
\u5bc6\u94a5\u5bfc\u5165\u662f\u5c06\u5bc6\u94a5\u4f5c\u4e3a\u73af\u5883\u53d8\u91cf\u7684\u503c\uff1b\u5bc6\u94a5\u952e\u503c\u5bfc\u5165\u662f\u5c06\u5bc6\u94a5\u4e2d\u67d0\u4e00\u53c2\u6570\u4f5c\u4e3a\u73af\u5883\u53d8\u91cf\u7684\u503c\u3002
"},{"location":"end-user/kpanda/configmaps-secrets/use-secret.html#_4","title":"\u56fe\u5f62\u754c\u9762\u64cd\u4f5c","text":"\u5728\u901a\u8fc7\u955c\u50cf\u521b\u5efa\u5de5\u4f5c\u8d1f\u8f7d\u65f6\uff0c\u60a8\u53ef\u4ee5\u5728 \u73af\u5883\u53d8\u91cf \u754c\u9762\u901a\u8fc7\u9009\u62e9 \u5bc6\u94a5\u5bfc\u5165 \u6216 \u5bc6\u94a5\u952e\u503c\u5bfc\u5165 \u4e3a\u5bb9\u5668\u8bbe\u7f6e\u73af\u5883\u53d8\u91cf\u3002
\u8fdb\u5165\u955c\u50cf\u521b\u5efa\u5de5\u4f5c\u8d1f\u8f7d\u9875\u9762\u3002
\u5728 \u5bb9\u5668\u914d\u7f6e \u9009\u62e9 \u73af\u5883\u53d8\u91cf \u914d\u7f6e\uff0c\u70b9\u51fb \u6dfb\u52a0\u73af\u5883\u53d8\u91cf \u6309\u94ae\u3002
\u5728\u73af\u5883\u53d8\u91cf\u7c7b\u578b\u5904\u9009\u62e9 \u5bc6\u94a5\u5bfc\u5165 \u6216 \u5bc6\u94a5\u952e\u503c\u5bfc\u5165 \u3002
\u5f53\u73af\u5883\u53d8\u91cf\u7c7b\u578b\u9009\u62e9\u4e3a \u5bc6\u94a5\u5bfc\u5165 \u65f6\uff0c\u4f9d\u6b21\u8f93\u5165 \u53d8\u91cf\u540d \u3001 \u524d\u7f00 \u3001 \u5bc6\u94a5 \u7684\u540d\u79f0\u3002
\u5f53\u73af\u5883\u53d8\u91cf\u7c7b\u578b\u9009\u62e9\u4e3a \u5bc6\u94a5\u952e\u503c\u5bfc\u5165 \u65f6\uff0c\u4f9d\u6b21\u8f93\u5165 \u53d8\u91cf\u540d \u3001 \u5bc6\u94a5 \u3001 \u952e \u7684\u540d\u79f0\u3002
\u5982\u4e0b\u4f8b\u6240\u793a\uff0c\u60a8\u53ef\u4ee5\u5728\u521b\u5efa\u5de5\u4f5c\u8d1f\u8f7d\u65f6\u5c06\u5bc6\u94a5\u8bbe\u7f6e\u4e3a\u73af\u5883\u53d8\u91cf\uff0c\u4f7f\u7528 valueFrom \u53c2\u6570\u5f15\u7528 Secret \u4e2d\u7684 Key/Value\u3002
apiVersion: v1\nkind: Pod\nmetadata:\n name: secret-env-pod\nspec:\n containers:\n - name: mycontainer\n image: redis\n env:\n - name: SECRET_USERNAME\n valueFrom:\n secretKeyRef:\n name: mysecret\n key: username\n optional: false # (1)!\n - name: SECRET_PASSWORD\n valueFrom:\n secretKeyRef:\n name: mysecret\n key: password\n optional: false # (2)!\n
\u5728\u901a\u8fc7\u955c\u50cf\u521b\u5efa\u5de5\u4f5c\u8d1f\u8f7d\u65f6\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7\u5728 \u6570\u636e\u5b58\u50a8 \u754c\u9762\u9009\u62e9\u5b58\u50a8\u7c7b\u578b\u4e3a \u5bc6\u94a5 \uff0c\u5c06\u5bc6\u94a5\u4f5c\u4e3a\u5bb9\u5668\u7684\u6570\u636e\u5377\u3002
\u8fdb\u5165\u955c\u50cf\u521b\u5efa\u5de5\u4f5c\u8d1f\u8f7d\u9875\u9762\u3002
\u5728 \u5bb9\u5668\u914d\u7f6e \u9009\u62e9 \u6570\u636e\u5b58\u50a8 \u914d\u7f6e\uff0c\u5728 \u8282\u70b9\u8def\u5f84\u6620\u5c04 \u5217\u8868\u70b9\u51fb \u6dfb\u52a0 \u6309\u94ae\u3002
\u5728\u5b58\u50a8\u7c7b\u578b\u5904\u9009\u62e9 \u5bc6\u94a5 \uff0c\u5e76\u4f9d\u6b21\u8f93\u5165 \u5bb9\u5668\u8def\u5f84 \u3001 \u5b50\u8def\u5f84 \u7b49\u4fe1\u606f\u3002
\u4e0b\u9762\u662f\u4e00\u4e2a\u901a\u8fc7\u6570\u636e\u5377\u6765\u6302\u8f7d\u540d\u4e3a mysecret \u7684 Secret \u7684 Pod \u793a\u4f8b\uff1a
apiVersion: v1\nkind: Pod\nmetadata:\n name: mypod\nspec:\n containers:\n - name: mypod\n image: redis\n volumeMounts:\n - name: foo\n mountPath: \"/etc/foo\"\n readOnly: true\n volumes:\n - name: foo\n secret:\n secretName: mysecret\n optional: false # (1)!\n
\u5982\u679c Pod \u4e2d\u5305\u542b\u591a\u4e2a\u5bb9\u5668\uff0c\u5219\u6bcf\u4e2a\u5bb9\u5668\u9700\u8981\u81ea\u5df1\u7684 volumeMounts \u5757\uff0c\u4e0d\u8fc7\u9488\u5bf9\u6bcf\u4e2a Secret \u800c\u8a00\uff0c\u53ea\u9700\u8981\u4e00\u4efd .spec.volumes
\u8bbe\u7f6e\u3002
\u60a8\u53ef\u4ee5\u901a\u8fc7\u56fe\u5f62\u5316\u754c\u9762\u6216\u8005\u7ec8\u7aef\u547d\u4ee4\u884c\u6765\u4f7f\u7528\u5bc6\u94a5\u4f5c\u4e3a\u955c\u50cf\u4ed3\u5e93\u8eab\u4efd\u8ba4\u8bc1\u51ed\u8bc1\u3002
"},{"location":"end-user/kpanda/configmaps-secrets/use-secret.html#_8","title":"\u56fe\u5f62\u5316\u64cd\u4f5c","text":"\u5728\u901a\u8fc7\u955c\u50cf\u521b\u5efa\u5de5\u4f5c\u8d1f\u8f7d\u65f6\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7\u5728 \u6570\u636e\u5b58\u50a8 \u754c\u9762\u9009\u62e9\u5b58\u50a8\u7c7b\u578b\u4e3a \u5bc6\u94a5 \uff0c\u5c06\u5bc6\u94a5\u4f5c\u4e3a\u5bb9\u5668\u7684\u6570\u636e\u5377\u3002
\u8fdb\u5165\u955c\u50cf\u521b\u5efa\u5de5\u4f5c\u8d1f\u8f7d\u9875\u9762\u3002
\u5728\u7b2c\u4e8c\u6b65 \u5bb9\u5668\u914d\u7f6e \u65f6\u9009\u62e9 \u57fa\u672c\u4fe1\u606f \u914d\u7f6e\uff0c\u70b9\u51fb \u9009\u62e9\u955c\u50cf \u6309\u94ae\u3002
\u5728\u5f39\u6846\u7684 \u955c\u50cf\u4ed3\u5e93 \u4e0b\u62c9\u9009\u62e9\u79c1\u6709\u955c\u50cf\u4ed3\u5e93\u540d\u79f0\u3002\u5173\u4e8e\u79c1\u6709\u955c\u50cf\u5bc6\u94a5\u521b\u5efa\u8bf7\u67e5\u770b\u521b\u5efa\u5bc6\u94a5\u4e86\u89e3\u8be6\u60c5\u3002
\u8f93\u5165\u79c1\u6709\u4ed3\u5e93\u5185\u7684\u955c\u50cf\u540d\u79f0\uff0c\u70b9\u51fb \u786e\u5b9a \uff0c\u5b8c\u6210\u955c\u50cf\u9009\u62e9\u3002
Note
\u521b\u5efa\u5bc6\u94a5\u65f6\uff0c\u9700\u8981\u786e\u4fdd\u8f93\u5165\u6b63\u786e\u7684\u955c\u50cf\u4ed3\u5e93\u5730\u5740\u3001\u7528\u6237\u540d\u79f0\u3001\u5bc6\u7801\u5e76\u9009\u62e9\u6b63\u786e\u7684\u955c\u50cf\u540d\u79f0\uff0c\u5426\u5219\u5c06\u65e0\u6cd5\u83b7\u53d6\u955c\u50cf\u4ed3\u5e93\u4e2d\u7684\u955c\u50cf\u3002
"},{"location":"end-user/kpanda/custom-resources/create.html","title":"\u521b\u5efa\u81ea\u5b9a\u4e49\u8d44\u6e90 (CRD)","text":"\u5728 Kubernetes \u4e2d\u4e00\u5207\u5bf9\u8c61\u90fd\u88ab\u62bd\u8c61\u4e3a\u8d44\u6e90\uff0c\u5982 Pod\u3001Deployment\u3001Service\u3001Volume \u7b49\u662f Kubernetes \u63d0\u4f9b\u7684\u9ed8\u8ba4\u8d44\u6e90\uff0c \u8fd9\u4e3a\u6211\u4eec\u7684\u65e5\u5e38\u8fd0\u7ef4\u548c\u7ba1\u7406\u5de5\u4f5c\u63d0\u4f9b\u4e86\u91cd\u8981\u652f\u6491\uff0c\u4f46\u662f\u5728\u4e00\u4e9b\u7279\u6b8a\u7684\u573a\u666f\u4e2d\uff0c\u73b0\u6709\u7684\u9884\u7f6e\u8d44\u6e90\u5e76\u4e0d\u80fd\u6ee1\u8db3\u4e1a\u52a1\u7684\u9700\u8981\uff0c \u56e0\u6b64\u6211\u4eec\u5e0c\u671b\u53bb\u6269\u5c55 Kubernetes API \u7684\u80fd\u529b\uff0c\u81ea\u5b9a\u4e49\u8d44\u6e90\uff08CustomResourceDefinition, CRD\uff09\u6b63\u662f\u57fa\u4e8e\u8fd9\u6837\u7684\u9700\u6c42\u5e94\u8fd0\u800c\u751f\u3002
\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u652f\u6301\u5bf9\u81ea\u5b9a\u4e49\u8d44\u6e90\u7684\u754c\u9762\u5316\u7ba1\u7406\uff0c\u4e3b\u8981\u529f\u80fd\u5982\u4e0b\uff1a
\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u5df2\u63a5\u5165 Kubernetes \u96c6\u7fa4\u6216\u8005\u5df2\u521b\u5efa Kubernetes\uff0c\u4e14\u80fd\u591f\u8bbf\u95ee\u96c6\u7fa4\u7684 UI \u754c\u9762
\u5df2\u5b8c\u6210\u4e00\u4e2a\u547d\u540d\u7a7a\u95f4\u7684\u521b\u5efa\u3001\u7528\u6237\u7684\u521b\u5efa\uff0c\u5e76\u5c06\u7528\u6237\u6388\u6743\u4e3a Cluster Admin \u89d2\u8272 \uff0c\u8be6\u60c5\u53ef\u53c2\u8003\u96c6\u7fa4\u548c\u547d\u540d\u7a7a\u95f4\u6388\u6743
\u70b9\u51fb\u4e00\u4e2a\u96c6\u7fa4\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\uff0c\u70b9\u51fb \u81ea\u5b9a\u4e49\u8d44\u6e90 \uff0c\u70b9\u51fb\u53f3\u4e0a\u89d2 YAML \u521b\u5efa \u6309\u94ae\u3002
\u5728 YAML \u521b\u5efa \u9875\u9762\u4e2d\uff0c\u586b\u5199 YAML \u8bed\u53e5\u540e\uff0c\u70b9\u51fb \u786e\u5b9a \u3002
\u8fd4\u56de\u81ea\u5b9a\u4e49\u8d44\u6e90\u5217\u8868\u9875\uff0c\u5373\u53ef\u67e5\u770b\u521a\u521a\u521b\u5efa\u7684\u540d\u4e3a crontabs.stable.example.com
\u7684\u81ea\u5b9a\u4e49\u8d44\u6e90\u3002
\u81ea\u5b9a\u4e49\u8d44\u6e90\u793a\u4f8b\uff1a
CRD exampleapiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: crontabs.stable.example.com\nspec:\n group: stable.example.com\n versions:\n - name: v1\n served: true\n storage: true\n schema:\n openAPIV3Schema:\n type: object\n properties:\n spec:\n type: object\n properties:\n cronSpec:\n type: string\n image:\n type: string\n replicas:\n type: integer\n scope: Namespaced\n names:\n plural: crontabs\n singular: crontab\n kind: CronTab\n shortNames:\n - ct\n
"},{"location":"end-user/kpanda/custom-resources/create.html#yaml_1","title":"\u901a\u8fc7 YAML \u521b\u5efa\u81ea\u5b9a\u4e49\u8d44\u6e90\u793a\u4f8b","text":"\u70b9\u51fb\u4e00\u4e2a\u96c6\u7fa4\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\uff0c\u70b9\u51fb \u81ea\u5b9a\u4e49\u8d44\u6e90 \uff0c\u8fdb\u5165\u81ea\u5b9a\u4e49\u8d44\u6e90\u5217\u8868\u9875\u9762\u3002
\u70b9\u51fb\u540d\u4e3a crontabs.stable.example.com
\u7684\u81ea\u5b9a\u4e49\u8d44\u6e90\uff0c\u8fdb\u5165\u8be6\u60c5\uff0c\u70b9\u51fb\u53f3\u4e0a\u89d2 YAML \u521b\u5efa \u6309\u94ae\u3002
\u5728 YAML \u521b\u5efa \u9875\u9762\u4e2d\uff0c\u586b\u5199 YAML \u8bed\u53e5\u540e\uff0c\u70b9\u51fb \u786e\u5b9a \u3002
\u8fd4\u56de crontabs.stable.example.com
\u7684\u8be6\u60c5\u9875\u9762\uff0c\u5373\u53ef\u67e5\u770b\u521a\u521a\u521b\u5efa\u7684\u540d\u4e3a my-new-cron-object \u7684\u81ea\u5b9a\u4e49\u8d44\u6e90\u3002
CR \u793a\u4f8b\uff1a
CR exampleapiVersion: \"stable.example.com/v1\"\nkind: CronTab\nmetadata:\n name: my-new-cron-object\nspec:\n cronSpec: \"* * * * */5\"\n image: my-awesome-cron-image\n
"},{"location":"end-user/kpanda/gpu/index.html","title":"GPU \u7ba1\u7406\u6982\u8ff0","text":"\u672c\u6587\u4ecb\u7ecd \u7b97\u4e30 AI \u7b97\u529b\u5bb9\u5668\u7ba1\u7406\u5e73\u53f0\u5bf9 GPU\u4e3a\u4ee3\u8868\u7684\u5f02\u6784\u8d44\u6e90\u7edf\u4e00\u8fd0\u7ef4\u7ba1\u7406\u80fd\u529b\u3002
"},{"location":"end-user/kpanda/gpu/index.html#_1","title":"\u80cc\u666f","text":"\u968f\u7740 AI \u5e94\u7528\u3001\u5927\u6a21\u578b\u3001\u4eba\u5de5\u667a\u80fd\u3001\u81ea\u52a8\u9a7e\u9a76\u7b49\u65b0\u5174\u6280\u672f\u7684\u5feb\u901f\u53d1\u5c55\uff0c\u4f01\u4e1a\u9762\u4e34\u7740\u8d8a\u6765\u8d8a\u591a\u7684\u8ba1\u7b97\u5bc6\u96c6\u578b\u4efb\u52a1\u548c\u6570\u636e\u5904\u7406\u9700\u6c42\u3002 \u4ee5 CPU \u4e3a\u4ee3\u8868\u7684\u4f20\u7edf\u8ba1\u7b97\u67b6\u6784\u5df2\u65e0\u6cd5\u6ee1\u8db3\u4f01\u4e1a\u65e5\u76ca\u589e\u957f\u7684\u8ba1\u7b97\u9700\u6c42\u3002\u6b64\u65f6\uff0c\u4ee5 GPU \u4e3a\u4ee3\u8868\u7684\u5f02\u6784\u8ba1\u7b97\u56e0\u5728\u5904\u7406\u5927\u89c4\u6a21\u6570\u636e\u3001\u8fdb\u884c\u590d\u6742\u8ba1\u7b97\u548c\u5b9e\u65f6\u56fe\u5f62\u6e32\u67d3\u65b9\u9762\u5177\u6709\u72ec\u7279\u7684\u4f18\u52bf\u88ab\u5e7f\u6cdb\u5e94\u7528\u3002
\u4e0e\u6b64\u540c\u65f6\uff0c\u7531\u4e8e\u7f3a\u4e4f\u5f02\u6784\u8d44\u6e90\u8c03\u5ea6\u7ba1\u7406\u7b49\u65b9\u9762\u7684\u7ecf\u9a8c\u548c\u4e13\u4e1a\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u5bfc\u81f4\u4e86 GPU \u8bbe\u5907\u7684\u8d44\u6e90\u5229\u7528\u7387\u6781\u4f4e\uff0c\u7ed9\u4f01\u4e1a\u5e26\u6765\u4e86\u9ad8\u6602\u7684 AI \u751f\u4ea7\u6210\u672c\u3002 \u5982\u4f55\u964d\u672c\u589e\u6548\uff0c\u63d0\u9ad8 GPU \u7b49\u5f02\u6784\u8d44\u6e90\u7684\u5229\u7528\u6548\u7387\uff0c\u6210\u4e3a\u4e86\u5f53\u524d\u4f17\u591a\u4f01\u4e1a\u4e9f\u9700\u8de8\u8d8a\u7684\u4e00\u9053\u96be\u9898\u3002
"},{"location":"end-user/kpanda/gpu/index.html#gpu_1","title":"GPU \u80fd\u529b\u4ecb\u7ecd","text":"\u7b97\u4e30 AI \u7b97\u529b\u5bb9\u5668\u7ba1\u7406\u5e73\u53f0\u652f\u6301\u5bf9 GPU\u3001NPU \u7b49\u5f02\u6784\u8d44\u6e90\u8fdb\u884c\u7edf\u4e00\u8c03\u5ea6\u548c\u8fd0\u7ef4\u7ba1\u7406\uff0c\u5145\u5206\u91ca\u653e GPU \u8d44\u6e90\u7b97\u529b\uff0c\u52a0\u901f\u4f01\u4e1a AI \u7b49\u65b0\u5174\u5e94\u7528\u53d1\u5c55\u3002GPU \u7ba1\u7406\u80fd\u529b\u5982\u4e0b\uff1a
\u540c\u666e\u901a\u8ba1\u7b97\u673a\u786c\u4ef6\u4e00\u6837\uff0cNVIDIA GPU \u5361\u4f5c\u4e3a\u7269\u7406\u786c\u4ef6\uff0c\u5fc5\u987b\u5b89\u88c5 NVIDIA GPU \u9a71\u52a8\u540e\u624d\u80fd\u4f7f\u7528\u3002 \u4e3a\u4e86\u964d\u4f4e\u7528\u6237\u5728 kuberneets \u4e0a\u4f7f\u7528 GPU \u7684\u6210\u672c\uff0cNVIDIA \u5b98\u65b9\u63d0\u4f9b\u4e86 NVIDIA GPU Operator \u7ec4\u4ef6\u6765\u7ba1\u7406\u4f7f\u7528 NVIDIA GPU \u6240\u4f9d\u8d56\u7684\u5404\u79cd\u7ec4\u4ef6\u3002 \u8fd9\u4e9b\u7ec4\u4ef6\u5305\u62ec NVIDIA \u9a71\u52a8\u7a0b\u5e8f\uff08\u7528\u4e8e\u542f\u7528 CUDA\uff09\u3001NVIDIA \u5bb9\u5668\u8fd0\u884c\u65f6\u3001GPU \u8282\u70b9\u6807\u8bb0\u3001\u57fa\u4e8e DCGM \u7684\u76d1\u63a7\u7b49\u3002 \u7406\u8bba\u4e0a\u6765\u8bf4\u7528\u6237\u53ea\u9700\u8981\u5c06 GPU \u5361\u63d2\u5728\u5df2\u7ecf\u88ab kubernetes \u6240\u7eb3\u7ba1\u7684\u8ba1\u7b97\u8bbe\u5907\u4e0a\uff0c\u7136\u540e\u901a\u8fc7 GPU Operator \u5c31\u80fd\u4f7f\u7528 NVIDIA GPU \u7684\u6240\u6709\u80fd\u529b\u4e86\u3002 \u4e86\u89e3\u66f4\u591a NVIDIA GPU Operator \u76f8\u5173\u4fe1\u606f\uff0c\u8bf7\u53c2\u8003 NVIDIA \u5b98\u65b9\u6587\u6863\u3002 \u5982\u4f55\u90e8\u7f72\u8bf7\u53c2\u8003 GPU Operator \u79bb\u7ebf\u5b89\u88c5
NVIDIA GPU Operator \u67b6\u6784\u56fe\uff1a
"},{"location":"end-user/kpanda/gpu/FAQ.html","title":"GPU \u76f8\u5173 FAQ","text":""},{"location":"end-user/kpanda/gpu/FAQ.html#pod-nvidia-smi-gpu","title":"Pod \u5185 nvidia-smi \u770b\u4e0d\u5230 GPU \u8fdb\u7a0b","text":"Q: \u5728\u4f7f\u7528 GPU \u7684 Pod \u5185\u6267\u884c nvidia-smi
\u547d\u4ee4\u770b\u4e0d\u5230\u4f7f\u7528 GPU \u7684\u8fdb\u7a0b\u4fe1\u606f\uff0c\u5305\u62ec\u6574\u5361\u6a21\u5f0f\u3001vGPU \u6a21\u5f0f\u7b49\u3002
A: \u56e0\u4e3a\u6709 PID namespace
\u9694\u79bb\uff0c\u5bfc\u81f4\u5728 Pod \u5185\u67e5\u770b\u4e0d\u5230 GPU \u8fdb\u7a0b\uff0c\u5982\u679c\u8981\u67e5\u770b GPU \u8fdb\u7a0b\u6709\u5982\u4e0b\u51e0\u79cd\u65b9\u6cd5\uff1a
hostPID: true
\uff0c\u4f7f\u5176\u53ef\u4ee5\u67e5\u770b\u5230\u5bbf\u4e3b\u673a\u4e0a\u7684 PIDnvidia-smi
\u547d\u4ee4\u67e5\u770b\u8fdb\u7a0bchroot /run/nvidia/driver nvidia-smi
\u547d\u4ee4\u67e5\u770b\u8fdb\u7a0b\u672c\u8282\u4ecb\u7ecd\u5982\u4f55\u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4f7f\u7528\u5929\u6570\u667a\u82af\u865a\u62df GPU\u3002
"},{"location":"end-user/kpanda/gpu/Iluvatar_usage.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u786e\u8ba4\u96c6\u7fa4\u662f\u5426\u5df2\u68c0\u6d4b GPU \u5361\u3002\u70b9\u51fb\u5bf9\u5e94 \u96c6\u7fa4 -> \u96c6\u7fa4\u8bbe\u7f6e -> Addon \u63d2\u4ef6 \uff0c\u67e5\u770b\u662f\u5426\u5df2\u81ea\u52a8\u542f\u7528\u5e76\u81ea\u52a8\u68c0\u6d4b\u5bf9\u5e94 GPU \u7c7b\u578b\u3002 \u76ee\u524d\u96c6\u7fa4\u4f1a\u81ea\u52a8\u542f\u7528 GPU \uff0c\u5e76\u4e14\u8bbe\u7f6e GPU \u7c7b\u578b\u4e3a Iluvatar \u3002
\u90e8\u7f72\u5de5\u4f5c\u8d1f\u8f7d\u3002\u70b9\u51fb\u5bf9\u5e94 \u96c6\u7fa4 -> \u5de5\u4f5c\u8d1f\u8f7d \uff0c\u901a\u8fc7\u955c\u50cf\u65b9\u5f0f\u90e8\u7f72\u5de5\u4f5c\u8d1f\u8f7d\uff0c\u9009\u62e9\u7c7b\u578b\uff08Iluvatar\uff09\u4e4b\u540e\uff0c\u9700\u8981\u914d\u7f6e App \u4f7f\u7528\u7684 GPU \u8d44\u6e90\uff1a
\u5982\u679c\u4e0a\u8ff0\u503c\u914d\u7f6e\u7684\u6709\u95ee\u9898\u5219\u4f1a\u51fa\u73b0\u8c03\u5ea6\u5931\u8d25\uff0c\u8d44\u6e90\u5206\u914d\u4e0d\u4e86\u7684\u60c5\u51b5\u3002
\u521b\u5efa\u5de5\u4f5c\u8d1f\u8f7d\u7533\u8bf7 GPU \u8d44\u6e90\uff0c\u5728\u8d44\u6e90\u7533\u8bf7\u548c\u9650\u5236\u914d\u7f6e\u4e2d\u589e\u52a0iluvatar.ai/vcuda-core: 1
\u3001iluvatar.ai/vcuda-memory: 200
\u53c2\u6570\uff0c\u914d\u7f6e App \u4f7f\u7528\u7269\u7406\u5361\u7684\u8d44\u6e90\u3002
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: full-iluvatar-gpu-demo\n namespace: default\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: full-iluvatar-gpu-demo\n template:\n metadata:\n labels:\n app: full-iluvatar-gpu-demo\n spec:\n containers:\n - image: nginx:perl\n name: container-0\n resources:\n limits:\n cpu: 250m\n iluvatar.ai/vcuda-core: '1'\n iluvatar.ai/vcuda-memory: '200'\n memory: 512Mi\n requests:\n cpu: 250m\n memory: 512Mi\n imagePullSecrets:\n - name: default-secret\n
"},{"location":"end-user/kpanda/gpu/dynamic-regulation.html","title":"GPU \u8d44\u6e90\u52a8\u6001\u8c03\u8282","text":"\u63d0\u4f9b GPU \u8d44\u6e90\u52a8\u6001\u8c03\u6574\u529f\u80fd\uff0c\u5141\u8bb8\u60a8\u5728\u65e0\u9700\u91cd\u65b0\u52a0\u8f7d\u3001\u91cd\u7f6e\u6216\u91cd\u542f\u6574\u4e2a\u8fd0\u884c\u73af\u5883\u7684\u60c5\u51b5\u4e0b\uff0c\u5bf9\u5df2\u7ecf\u5206\u914d\u7684 vGPU \u8d44\u6e90\u8fdb\u884c\u5b9e\u65f6\u3001\u52a8\u6001\u7684\u8c03\u6574\u3002 \u8fd9\u4e00\u529f\u80fd\u65e8\u5728\u6700\u5927\u7a0b\u5ea6\u5730\u51cf\u5c11\u5bf9\u4e1a\u52a1\u8fd0\u884c\u7684\u5f71\u54cd\uff0c\u786e\u4fdd\u60a8\u7684\u4e1a\u52a1\u80fd\u591f\u6301\u7eed\u7a33\u5b9a\u5730\u8fd0\u884c\uff0c\u540c\u65f6\u6839\u636e\u5b9e\u9645\u9700\u6c42\u7075\u6d3b\u8c03\u6574 GPU \u8d44\u6e90\u3002
"},{"location":"end-user/kpanda/gpu/dynamic-regulation.html#_1","title":"\u4f7f\u7528\u573a\u666f","text":"\u4ee5\u4e0b\u662f\u4e00\u4e2a\u5177\u4f53\u7684\u64cd\u4f5c\u793a\u4f8b\uff0c\u5c55\u793a\u5982\u4f55\u5728\u4e0d\u91cd\u542f vGPU Pod \u7684\u60c5\u51b5\u4e0b\u52a8\u6001\u8c03\u6574 vGPU \u7684\u7b97\u529b\u548c\u663e\u5b58\u8d44\u6e90\uff1a
"},{"location":"end-user/kpanda/gpu/dynamic-regulation.html#vgpu-pod","title":"\u521b\u5efa\u4e00\u4e2a vGPU Pod","text":"\u9996\u5148\uff0c\u6211\u4eec\u4f7f\u7528\u4ee5\u4e0b YAML \u521b\u5efa\u4e00\u4e2a vGPU Pod\uff0c\u5176\u7b97\u529b\u521d\u59cb\u4e0d\u9650\u5236\uff0c\u663e\u5b58\u9650\u5236\u4e3a 200Mb\u3002
kind: Deployment\napiVersion: apps/v1\nmetadata:\n name: gpu-burn-test\n namespace: default\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: gpu-burn-test\n template:\n metadata:\n creationTimestamp: null\n labels:\n app: gpu-burn-test\n spec:\n containers:\n - name: container-1\n image: docker.io/chrstnhntschl/gpu_burn:latest\n command:\n - sleep\n - '100000'\n resources:\n limits:\n cpu: 1m\n memory: 1Gi\n nvidia.com/gpucores: '0'\n nvidia.com/gpumem: '200'\n nvidia.com/vgpu: '1'\n
\u8c03\u6574\u524d\u67e5\u770b Pod
\u4e2d\u7684\u8d44\u6e90 GPU
\u5206\u914d\u8d44\u6e90\uff1a
\u5982\u679c\u9700\u8981\u4fee\u6539\u7b97\u529b\u4e3a 10%\uff0c\u53ef\u4ee5\u6309\u7167\u4ee5\u4e0b\u6b65\u9aa4\u64cd\u4f5c\uff1a
\u8fdb\u5165\u5bb9\u5668\uff1a
kubectl exec -it <pod-name> -- /bin/bash\n
\u6267\u884c\uff1a
export CUDA_DEVICE_SM_LIMIT=10\n
\u5728\u5f53\u524d\u7ec8\u7aef\u76f4\u63a5\u8fd0\u884c\uff1a
./gpu_burn 60\n
\u7a0b\u5e8f\u5373\u53ef\u751f\u6548\u3002\u6ce8\u610f\uff0c\u4e0d\u80fd\u9000\u51fa\u5f53\u524d Bash \u7ec8\u7aef\u3002
\u5982\u679c\u9700\u8981\u4fee\u6539\u663e\u5b58\u4e3a 300 MB\uff0c\u53ef\u4ee5\u6309\u7167\u4ee5\u4e0b\u6b65\u9aa4\u64cd\u4f5c\uff1a
\u8fdb\u5165\u5bb9\u5668\uff1a
kubectl exec -it <pod-name> -- /bin/bash\n
\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u6765\u8bbe\u7f6e\u663e\u5b58\u9650\u5236\uff1a
export CUDA_DEVICE_MEMORY_LIMIT_0=300m\nexport CUDA_DEVICE_MEMORY_SHARED_CACHE=/usr/local/vgpu/d.cache\n
Note
\u6bcf\u6b21\u4fee\u6539\u663e\u5b58\u5927\u5c0f\u65f6\uff0cd.cache
\u8fd9\u4e2a\u6587\u4ef6\u540d\u5b57\u90fd\u9700\u8981\u4fee\u6539\uff0c\u6bd4\u5982\u6539\u4e3a a.cache
\u30011.cache
\u7b49\uff0c\u4ee5\u907f\u514d\u7f13\u5b58\u51b2\u7a81\u3002
\u5728\u5f53\u524d\u7ec8\u7aef\u76f4\u63a5\u8fd0\u884c\uff1a
./gpu_burn 60\n
\u7a0b\u5e8f\u5373\u53ef\u751f\u6548\u3002\u540c\u6837\u5730\uff0c\u4e0d\u80fd\u9000\u51fa\u5f53\u524d Bash \u7ec8\u7aef\u3002
\u8c03\u6574\u540e\u67e5\u770b Pod
\u4e2d\u7684\u8d44\u6e90 GPU
\u5206\u914d\u8d44\u6e90\uff1a
\u901a\u8fc7\u4e0a\u8ff0\u6b65\u9aa4\uff0c\u60a8\u53ef\u4ee5\u5728\u4e0d\u91cd\u542f vGPU Pod \u7684\u60c5\u51b5\u4e0b\u52a8\u6001\u5730\u8c03\u6574\u5176\u7b97\u529b\u548c\u663e\u5b58\u8d44\u6e90\uff0c\u4ece\u800c\u66f4\u7075\u6d3b\u5730\u6ee1\u8db3\u4e1a\u52a1\u9700\u6c42\u5e76\u4f18\u5316\u8d44\u6e90\u5229\u7528\u3002
"},{"location":"end-user/kpanda/gpu/gpu_matrix.html","title":"GPU \u652f\u6301\u77e9\u9635","text":"\u672c\u9875\u8bf4\u660e\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u652f\u6301\u7684 GPU \u53ca\u64cd\u4f5c\u7cfb\u7edf\u6240\u5bf9\u5e94\u7684\u77e9\u9635\u3002
"},{"location":"end-user/kpanda/gpu/gpu_matrix.html#nvidia-gpu","title":"NVIDIA GPU","text":"GPU \u5382\u5546\u53ca\u7c7b\u578b \u652f\u6301 GPU \u578b\u53f7 \u9002\u914d\u7684\u64cd\u4f5c\u7cfb\u7edf\uff08\u5728\u7ebf\uff09 \u63a8\u8350\u5185\u6838 \u63a8\u8350\u7684\u64cd\u4f5c\u7cfb\u7edf\u53ca\u5185\u6838 \u5b89\u88c5\u6587\u6863 NVIDIA GPU\uff08\u6574\u5361/vGPU\uff09 NVIDIA Fermi (2.1) \u67b6\u6784 CentOS 7 Kernel 3.10.0-123 ~ 3.10.0-1160\u5185\u6838\u53c2\u8003\u6587\u6863\u5efa\u8bae\u4f7f\u7528\u64cd\u4f5c\u7cfb\u7edf\u5bf9\u5e94 Kernel \u7248\u672c \u64cd\u4f5c\u7cfb\u7edf\uff1aCentOS 7.9\uff1b\u5185\u6838\u7248\u672c\uff1a 3.10.0-1160 GPU Operator \u79bb\u7ebf\u5b89\u88c5 NVIDIA GeForce 400 \u7cfb\u5217 CentOS 8 Kernel 4.18.0-80 ~ 4.18.0-348 NVIDIA Quadro 4000 \u7cfb\u5217 Ubuntu 20.04 Kernel 5.4 NVIDIA Tesla 20 \u7cfb\u5217 Ubuntu 22.04 Kernel 5.19 NVIDIA Ampere \u67b6\u6784\u7cfb\u5217(A100;A800;H100) RHEL 7 Kernel 3.10.0-123 ~ 3.10.0-1160 RHEL 8 Kernel 4.18.0-80 ~ 4.18.0-348 NVIDIA MIG NVIDIA Ampere \u67b6\u6784\u7cfb\u5217\uff08A100\u3001A800\u3001H100\uff09 CentOS 7 Kernel 3.10.0-123 ~ 3.10.0-1160 \u64cd\u4f5c\u7cfb\u7edf\uff1aCentOS 7.9\uff1b\u5185\u6838\u7248\u672c\uff1a3.10.0-1160 GPU Operator \u79bb\u7ebf\u5b89\u88c5 CentOS 8 Kernel 4.18.0-80 ~ 4.18.0-348 Ubuntu 20.04 Kernel 5.4 Ubuntu 22.04 Kernel 5.19 RHEL 7 Kernel 3.10.0-123 ~ 3.10.0-1160 RHEL 8 Kernel 4.18.0-80 ~ 4.18.0-348"},{"location":"end-user/kpanda/gpu/gpu_matrix.html#ascendnpu","title":"\u6607\u817e\uff08Ascend\uff09NPU","text":"GPU \u5382\u5546\u53ca\u7c7b\u578b \u652f\u6301 NPU \u578b\u53f7 \u9002\u914d\u7684\u64cd\u4f5c\u7cfb\u7edf\uff08\u5728\u7ebf\uff09 \u63a8\u8350\u5185\u6838 \u63a8\u8350\u7684\u64cd\u4f5c\u7cfb\u7edf\u53ca\u5185\u6838 \u5b89\u88c5\u6587\u6863 \u6607\u817e\uff08Ascend 310\uff09 Ascend 310 Ubuntu 20.04 \u8be6\u60c5\u53c2\u8003\uff1a\u5185\u6838\u7248\u672c\u8981\u6c42 \u64cd\u4f5c\u7cfb\u7edf\uff1aCentOS 7.9\uff1b\u5185\u6838\u7248\u672c\uff1a3.10.0-1160 300 \u548c 310P \u9a71\u52a8\u6587\u6863 Ascend 310P\uff1b CentOS 7.6 CentOS 8.2 KylinV10SP1 \u64cd\u4f5c\u7cfb\u7edf openEuler \u64cd\u4f5c\u7cfb\u7edf \u6607\u817e\uff08Ascend 910\uff09 Ascend 910B Ubuntu 20.04 \u8be6\u60c5\u53c2\u8003\u5185\u6838\u7248\u672c\u8981\u6c42 \u64cd\u4f5c\u7cfb\u7edf\uff1aCentOS 7.9\uff1b\u5185\u6838\u7248\u672c\uff1a3.10.0-1160 910 \u9a71\u52a8\u6587\u6863 CentOS 7.6 CentOS 8.2 KylinV10SP1 \u64cd\u4f5c\u7cfb\u7edf openEuler \u64cd\u4f5c\u7cfb\u7edf"},{"location":"end-user/kpanda/gpu/gpu_matrix.html#iluvatargpu","title":"\u5929\u6570\u667a\u82af\uff08Iluvatar\uff09GPU","text":"GPU \u5382\u5546\u53ca\u7c7b\u578b \u652f\u6301\u7684 GPU \u578b\u53f7 \u9002\u914d\u7684\u64cd\u4f5c\u7cfb\u7edf\uff08\u5728\u7ebf\uff09 \u63a8\u8350\u5185\u6838 \u63a8\u8350\u7684\u64cd\u4f5c\u7cfb\u7edf\u53ca\u5185\u6838 \u5b89\u88c5\u6587\u6863 \u5929\u6570\u667a\u82af(Iluvatar vGPU) BI100 CentOS 7 Kernel 3.10.0-957.el7.x86_64 ~ 3.10.0-1160.42.2.el7.x86_64 \u64cd\u4f5c\u7cfb\u7edf\uff1aCentOS 7.9\uff1b\u5185\u6838\u7248\u672c\uff1a 3.10.0-1160 \u8865\u5145\u4e2d MR100\uff1b CentOS 8 Kernel 4.18.0-80.el8.x86_64 ~ 4.18.0-305.19.1.el8_4.x86_64 Ubuntu 20.04 Kernel 4.15.0-20-generic ~ 4.15.0-160-generic Kernel 5.4.0-26-generic ~ 5.4.0-89-generic Kernel 5.8.0-23-generic ~ 5.8.0-63-generic Ubuntu 21.04 Kernel 4.15.0-20-generic ~ 4.15.0-160-generic Kernel 5.4.0-26-generic ~ 5.4.0-89-generic Kernel 5.8.0-23-generic ~ 5.8.0-63-generic openEuler 22.03 LTS Kernel \u7248\u672c\u5927\u4e8e\u7b49\u4e8e 5.1 \u4e14\u5c0f\u4e8e\u7b49\u4e8e 5.10"},{"location":"end-user/kpanda/gpu/gpu_matrix.html#metaxgpu","title":"\u6c90\u66e6\uff08Metax\uff09GPU","text":"GPU \u5382\u5546\u53ca\u7c7b\u578b \u652f\u6301\u7684 GPU \u578b\u53f7 \u9002\u914d\u7684\u64cd\u4f5c\u7cfb\u7edf\uff08\u5728\u7ebf\uff09 \u63a8\u8350\u5185\u6838 \u63a8\u8350\u7684\u64cd\u4f5c\u7cfb\u7edf\u53ca\u5185\u6838 \u5b89\u88c5\u6587\u6863 \u6c90\u66e6Metax\uff08\u6574\u5361/vGPU\uff09 \u66e6\u4e91 C500 \u6c90\u66e6 GPU \u5b89\u88c5\u4f7f\u7528"},{"location":"end-user/kpanda/gpu/gpu_scheduler_config.html","title":"GPU \u8c03\u5ea6\u914d\u7f6e\uff08Binpack \u548c Spread \uff09","text":"\u672c\u6587\u4ecb\u7ecd\u4f7f\u7528 NVIDIA vGPU \u65f6\uff0c\u5982\u4f55\u901a\u8fc7 Binpack \u548c Spread \u7684 GPU \u8c03\u5ea6\u914d\u7f6e\u51cf\u5c11 GPU \u8d44\u6e90\u788e\u7247\u3001\u9632\u6b62\u5355\u70b9\u6545\u969c\u7b49\uff0c\u5b9e\u73b0 vGPU \u7684\u9ad8\u7ea7\u8c03\u5ea6\u3002 \u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u63d0\u4f9b\u4e86\u96c6\u7fa4\u548c\u5de5\u4f5c\u8d1f\u8f7d\u4e24\u79cd\u7ef4\u5ea6\u7684 Binpack \u548c Spread \u8c03\u5ea6\u7b56\u7565\uff0c\u5206\u522b\u6ee1\u8db3\u4e0d\u540c\u573a\u666f\u4e0b\u7684\u4f7f\u7528\u9700\u6c42\u3002
"},{"location":"end-user/kpanda/gpu/gpu_scheduler_config.html#_1","title":"\u524d\u7f6e\u6761\u4ef6","text":"\u57fa\u4e8e GPU \u5361\u7ef4\u5ea6\u8c03\u5ea6\u7b56\u7565
\u57fa\u4e8e\u8282\u70b9\u7ef4\u5ea6\u7684\u8c03\u5ea6\u7b56\u7565
Note
\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u5de5\u4f5c\u8d1f\u8f7d\u4f1a\u9075\u5faa\u96c6\u7fa4\u7ea7\u522b\u7684 Binpack \u548c Spread \u8c03\u5ea6\u914d\u7f6e\u3002 \u82e5\u5de5\u4f5c\u8d1f\u8f7d\u5355\u72ec\u8bbe\u7f6e\u4e86\u4e0e\u96c6\u7fa4\u4e0d\u4e00\u81f4\u7684 Binpack \u548c Spread \u8c03\u5ea6\u7b56\u7565\uff0c\u5219\u8be5\u5de5\u4f5c\u8d1f\u8f7d\u4f18\u5148\u9075\u5faa\u5176\u672c\u8eab\u7684\u8c03\u5ea6\u7b56\u7565\u3002
\u5728 \u96c6\u7fa4\u5217\u8868 \u9875\u9009\u62e9\u9700\u8981\u8c03\u6574 Binpack \u548c Spread \u8c03\u5ea6\u7b56\u7565\u7684\u96c6\u7fa4\uff0c\u70b9\u51fb\u53f3\u4fa7\u7684 \u2507 \u64cd\u4f5c\u56fe\u6807\u5e76\u5728\u4e0b\u62c9\u5217\u8868\u4e2d\u70b9\u51fb GPU \u8c03\u5ea6\u914d\u7f6e \u3002
\u6839\u636e\u4e1a\u52a1\u573a\u666f\u8c03\u6574 GPU \u8c03\u5ea6\u914d\u7f6e\uff0c\u5e76\u70b9\u51fb \u786e\u5b9a \u540e\u4fdd\u5b58\u3002
Note
\u5f53\u5de5\u4f5c\u8d1f\u8f7d\u7ef4\u5ea6\u7684 Binpack \u548c Spread \u8c03\u5ea6\u7b56\u7565\u4e0e\u96c6\u7fa4\u7ea7\u522b\u7684\u914d\u7f6e\u51b2\u7a81\u65f6\uff0c\u4f18\u5148\u9075\u5faa\u5de5\u4f5c\u8d1f\u8f7d\u7ef4\u5ea6\u7684\u914d\u7f6e\u3002
\u53c2\u8003\u4ee5\u4e0b\u6b65\u9aa4\uff0c\u4f7f\u7528\u955c\u50cf\u521b\u5efa\u4e00\u4e2a\u65e0\u72b6\u6001\u8d1f\u8f7d\uff0c\u5e76\u5728\u5de5\u4f5c\u8d1f\u8f7d\u4e2d\u914d\u7f6e Binpack \u548c Spread \u8c03\u5ea6\u7b56\u7565 \u3002
\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u4e0a\u7684 \u96c6\u7fa4\u5217\u8868 \uff0c\u7136\u540e\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u9875\u9762\u3002
\u5728\u96c6\u7fa4\u8be6\u60c5\u9875\u9762\uff0c\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u7684 \u5de5\u4f5c\u8d1f\u8f7d -> \u65e0\u72b6\u6001\u8d1f\u8f7d \uff0c\u7136\u540e\u70b9\u51fb\u9875\u9762\u53f3\u4e0a\u89d2\u7684 \u955c\u50cf\u521b\u5efa \u6309\u94ae\u3002
\u4f9d\u6b21\u586b\u5199\u57fa\u672c\u4fe1\u606f\u3001\u5bb9\u5668\u914d\u7f6e\uff0c\u5e76\u5728 \u5bb9\u5668\u914d\u7f6e \u4e2d\u542f\u7528 GPU \u914d\u7f6e\uff0c\u9009\u62e9 GPU \u7c7b\u578b\u4e3a NVIDIA vGPU\uff0c \u70b9\u51fb \u9ad8\u7ea7\u8bbe\u7f6e \uff0c\u542f\u7528 Binpack / Spread \u8c03\u5ea6\u7b56\u7565\uff0c\u6839\u636e\u4e1a\u52a1\u573a\u666f\u8c03\u6574 GPU \u8c03\u5ea6\u914d\u7f6e\u3002\u914d\u7f6e\u5b8c\u6210\u540e\u70b9\u51fb \u4e0b\u4e00\u6b65 \uff0c \u8fdb\u5165 \u670d\u52a1\u914d\u7f6e\u3001\u9ad8\u7ea7\u914d\u7f6e\u540e\uff0c\u5728\u9875\u9762\u53f3\u4e0b\u89d2\u70b9\u51fb \u786e\u5b9a \u5b8c\u6210\u521b\u5efa\u3002
\u672c\u8282\u4ecb\u7ecd\u5982\u4f55\u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4f7f\u7528 vGPU \u80fd\u529b\u3002
"},{"location":"end-user/kpanda/gpu/vgpu_quota.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u5f53\u524d\u96c6\u7fa4\u5df2\u901a\u8fc7 Operator \u6216\u624b\u52a8\u65b9\u5f0f\u90e8\u7f72\u5bf9\u5e94\u7c7b\u578b GPU \u9a71\u52a8\uff08NVIDIA GPU\u3001NVIDIA MIG\u3001\u5929\u6570\u3001\u6607\u817e\uff09
"},{"location":"end-user/kpanda/gpu/vgpu_quota.html#_2","title":"\u64cd\u4f5c\u6b65\u9aa4","text":"\u8fdb\u5165 Namespaces \u4e2d\uff0c\u70b9\u51fb \u914d\u989d\u7ba1\u7406 \u53ef\u4ee5\u914d\u7f6e\u5f53\u524d Namespace \u53ef\u4ee5\u4f7f\u7528\u7684 GPU \u8d44\u6e90\u3002
\u5f53\u524d\u547d\u540d\u7a7a\u95f4\u914d\u989d\u7ba1\u7406\u8986\u76d6\u7684\u5361\u7c7b\u578b\u4e3a\uff1aNVIDIA vGPU\u3001NVIDIA MIG\u3001\u5929\u6570\u3001\u6607\u817e\u3002
NVIDIA vGPU \u914d\u989d\u7ba1\u7406 \uff1a\u914d\u7f6e\u5177\u4f53\u53ef\u4ee5\u4f7f\u7528\u7684\u914d\u989d\uff0c\u4f1a\u521b\u5efa ResourcesQuota CR\uff1a
\u672c\u7ae0\u8282\u63d0\u4f9b\u6607\u817e NPU \u9a71\u52a8\u3001Device Plugin\u3001NPU-Exporter \u7b49\u7ec4\u4ef6\u7684\u5b89\u88c5\u6307\u5bfc\u3002
"},{"location":"end-user/kpanda/gpu/ascend/ascend_driver_install.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u4f7f\u7528 NPU \u8d44\u6e90\u4e4b\u524d\uff0c\u9700\u8981\u5b8c\u6210\u56fa\u4ef6\u5b89\u88c5\u3001NPU \u9a71\u52a8\u5b89\u88c5\u3001 Docker Runtime \u5b89\u88c5\u3001\u7528\u6237\u521b\u5efa\u3001\u65e5\u5fd7\u76ee\u5f55\u521b\u5efa\u4ee5\u53ca NPU Device Plugin \u5b89\u88c5\uff0c\u8be6\u60c5\u53c2\u8003\u5982\u4e0b\u6b65\u9aa4\u3002
"},{"location":"end-user/kpanda/gpu/ascend/ascend_driver_install.html#_3","title":"\u5b89\u88c5\u56fa\u4ef6","text":"\u4e0b\u8f7d Ascend Docker Runtime
\u793e\u533a\u7248\u4e0b\u8f7d\u5730\u5740\uff1ahttps://www.hiascend.com/zh/software/mindx-dl/community
wget -c https://mindx.obs.cn-south-1.myhuaweicloud.com/OpenSource/MindX/MindX%205.0.RC2/MindX%20DL%205.0.RC2/Ascend-docker-runtime_5.0.RC2_linux-x86_64.run\n
\u5b89\u88c5\u5230\u6307\u5b9a\u8def\u5f84\u4e0b\uff0c\u4f9d\u6b21\u6267\u884c\u4ee5\u4e0b\u4e24\u6761\u547d\u4ee4\uff0c\u53c2\u6570\u4e3a\u6307\u5b9a\u7684\u5b89\u88c5\u8def\u5f84:
chmod u+x Ascend-docker-runtime_5.0.RC2_linux-x86_64.run \n./Ascend-docker-runtime_{version}_linux-{arch}.run --install --install-path=<path>\n
\u4fee\u6539 containerd \u914d\u7f6e\u6587\u4ef6
containerd \u65e0\u9ed8\u8ba4\u914d\u7f6e\u6587\u4ef6\u65f6\uff0c\u4f9d\u6b21\u6267\u884c\u4ee5\u4e0b3\u6761\u547d\u4ee4\uff0c\u521b\u5efa\u914d\u7f6e\u6587\u4ef6\uff1a
mkdir /etc/containerd \ncontainerd config default > /etc/containerd/config.toml \nvim /etc/containerd/config.toml\n
containerd \u6709\u914d\u7f6e\u6587\u4ef6\u65f6\uff1a
vim /etc/containerd/config.toml\n
\u6839\u636e\u5b9e\u9645\u60c5\u51b5\u4fee\u6539 runtime \u7684\u5b89\u88c5\u8def\u5f84\uff0c\u4e3b\u8981\u4fee\u6539 runtime \u5b57\u6bb5\uff1a
... \n[plugins.\"io.containerd.monitor.v1.cgroups\"]\n no_prometheus = false \n[plugins.\"io.containerd.runtime.v1.linux\"]\n shim = \"containerd-shim\"\n runtime = \"/usr/local/Ascend/Ascend-Docker-Runtime/ascend-docker-runtime\"\n runtime_root = \"\"\n no_shim = false\n shim_debug = false\n [plugins.\"io.containerd.runtime.v2.task\"]\n platforms = [\"linux/amd64\"]\n...\n
\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\uff0c\u91cd\u542f containerd\uff1a
systemctl restart containerd\n
\u5728\u5bf9\u5e94\u7ec4\u4ef6\u5b89\u88c5\u7684\u8282\u70b9\u4e0a\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u521b\u5efa\u7528\u6237\u3002
# Ubuntu \u64cd\u4f5c\u7cfb\u7edf\nuseradd -d /home/hwMindX -u 9000 -m -s /usr/sbin/nologin hwMindX\nusermod -a -G HwHiAiUser hwMindX\n# Centos \u64cd\u4f5c\u7cfb\u7edf\nuseradd -d /home/hwMindX -u 9000 -m -s /sbin/nologin hwMindX\nusermod -a -G HwHiAiUser hwMindX\n
"},{"location":"end-user/kpanda/gpu/ascend/ascend_driver_install.html#_5","title":"\u65e5\u5fd7\u76ee\u5f55\u521b\u5efa","text":"\u5728\u5bf9\u5e94\u8282\u70b9\u521b\u5efa\u7ec4\u4ef6\u65e5\u5fd7\u7236\u76ee\u5f55\u548c\u5404\u7ec4\u4ef6\u7684\u65e5\u5fd7\u76ee\u5f55\uff0c\u5e76\u8bbe\u7f6e\u76ee\u5f55\u5bf9\u5e94\u5c5e\u4e3b\u548c\u6743\u9650\u3002\u6267\u884c\u4e0b\u8ff0\u547d\u4ee4\uff0c\u521b\u5efa\u7ec4\u4ef6\u65e5\u5fd7\u7236\u76ee\u5f55\u3002
mkdir -m 755 /var/log/mindx-dl\nchown root:root /var/log/mindx-dl\n
\u6267\u884c\u4e0b\u8ff0\u547d\u4ee4\uff0c\u521b\u5efa Device Plugin \u7ec4\u4ef6\u65e5\u5fd7\u76ee\u5f55\u3002
mkdir -m 750 /var/log/mindx-dl/devicePlugin\nchown root:root /var/log/mindx-dl/devicePlugin\n
Note
\u8bf7\u5206\u522b\u4e3a\u6240\u9700\u7ec4\u4ef6\u521b\u5efa\u5bf9\u5e94\u7684\u65e5\u5fd7\u76ee\u5f55\uff0c\u5f53\u524d\u6848\u4f8b\u4e2d\u53ea\u9700\u8981 Device Plugin \u7ec4\u4ef6\u3002 \u5982\u679c\u6709\u5176\u4ed6\u7ec4\u4ef6\u9700\u6c42\u8bf7\u53c2\u8003\u5b98\u65b9\u6587\u6863
"},{"location":"end-user/kpanda/gpu/ascend/ascend_driver_install.html#label","title":"\u521b\u5efa\u8282\u70b9 Label","text":"\u53c2\u8003\u4e0b\u8ff0\u547d\u4ee4\u5728\u5bf9\u5e94\u8282\u70b9\u4e0a\u521b\u5efa Label\uff1a
# \u5728\u5b89\u88c5\u4e86\u9a71\u52a8\u7684\u8ba1\u7b97\u8282\u70b9\u521b\u5efa\u6b64\u6807\u7b7e\nkubectl label node {nodename} huawei.com.ascend/Driver=installed\nkubectl label node {nodename} node-role.kubernetes.io/worker=worker\nkubectl label node {nodename} workerselector=dls-worker-node\nkubectl label node {nodename} host-arch=huawei-arm //\u6216\u8005host-arch=huawei-x86 \uff0c\u6839\u636e\u5b9e\u9645\u60c5\u51b5\u9009\u62e9\nkubectl label node {nodename} accelerator=huawei-Ascend910 //\u6839\u636e\u5b9e\u9645\u60c5\u51b5\u8fdb\u884c\u9009\u62e9\n# \u5728\u63a7\u5236\u8282\u70b9\u521b\u5efa\u6b64\u6807\u7b7e\nkubectl label node {nodename} masterselector=dls-master-node\n
"},{"location":"end-user/kpanda/gpu/ascend/ascend_driver_install.html#device-plugin-npuexporter","title":"\u5b89\u88c5 Device Plugin \u548c NpuExporter","text":"\u529f\u80fd\u6a21\u5757\u8def\u5f84\uff1a \u5bb9\u5668\u7ba1\u7406 -> \u96c6\u7fa4\u7ba1\u7406 \uff0c\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u4ece\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb Helm \u5e94\u7528 -> Helm \u6a21\u677f -> \u641c\u7d22 ascend-mindxdl \u3002
\u5b89\u88c5\u6210\u529f\u540e\uff0c\u5bf9\u5e94\u547d\u540d\u7a7a\u95f4\u4e0b\u4f1a\u51fa\u73b0\u4e24\u4e2a\u7ec4\u4ef6\uff0c\u5982\u4e0b\u56fe\uff1a
\u540c\u65f6\u8282\u70b9\u4fe1\u606f\u4e0a\u4e5f\u4f1a\u51fa\u73b0\u5bf9\u5e94 NPU \u7684\u4fe1\u606f\uff1a
\u4e00\u5207\u5c31\u7eea\u540e\uff0c\u6211\u4eec\u901a\u8fc7\u9875\u9762\u521b\u5efa\u5de5\u4f5c\u8d1f\u8f7d\u65f6\uff0c\u5c31\u80fd\u591f\u9009\u62e9\u5230\u5bf9\u5e94\u7684 NPU \u8bbe\u5907\uff0c\u5982\u4e0b\u56fe\uff1a
Note
\u6709\u5173\u8be6\u7ec6\u4f7f\u7528\u6b65\u9aa4\uff0c\u8bf7\u53c2\u7167\u5e94\u7528\u4f7f\u7528\u6607\u817e\uff08Ascend\uff09NPU\u3002
"},{"location":"end-user/kpanda/gpu/ascend/ascend_usage.html","title":"\u5e94\u7528\u4f7f\u7528\u6607\u817e\uff08Ascend\uff09NPU","text":"\u672c\u8282\u4ecb\u7ecd\u5982\u4f55\u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4f7f\u7528\u6607\u817e GPU\u3002
"},{"location":"end-user/kpanda/gpu/ascend/ascend_usage.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u8bf7\u53c2\u8003\u6607\u817e NPU \u7ec4\u4ef6\u5b89\u88c5\u6587\u6863\u5b89\u88c5\u57fa\u7840\u73af\u5883\u3002
"},{"location":"end-user/kpanda/gpu/ascend/ascend_usage.html#_2","title":"\u5feb\u901f\u4f7f\u7528","text":"\u672c\u6587\u4f7f\u7528\u6607\u817e\u793a\u4f8b\u5e93\u4e2d\u7684 AscentCL \u56fe\u7247\u5206\u7c7b\u5e94\u7528\u793a\u4f8b\u3002
\u4e0b\u8f7d\u6607\u817e\u4ee3\u7801\u5e93
\u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\u4e0b\u8f7d\u6607\u817e Demo \u793a\u4f8b\u4ee3\u7801\u5e93\uff0c\u5e76\u4e14\u8bf7\u8bb0\u4f4f\u4ee3\u7801\u5b58\u653e\u7684\u4f4d\u7f6e\uff0c\u540e\u7eed\u9700\u8981\u4f7f\u7528\u3002
git clone https://gitee.com/ascend/samples.git\n
\u51c6\u5907\u57fa\u7840\u955c\u50cf
\u6b64\u4f8b\u4f7f\u7528 Ascent-pytorch \u57fa\u7840\u955c\u50cf\uff0c\u53ef\u8bbf\u95ee\u6607\u817e\u955c\u50cf\u4ed3\u5e93\u83b7\u53d6\u3002
\u51c6\u5907 YAML
ascend-demo.yamlapiVersion: batch/v1\nkind: Job\nmetadata:\n name: resnetinfer1-1-1usoc\nspec:\n template:\n spec:\n containers:\n - image: ascendhub.huawei.com/public-ascendhub/ascend-pytorch:23.0.RC2-ubuntu18.04 # Inference image name\n imagePullPolicy: IfNotPresent\n name: resnet50infer\n securityContext:\n runAsUser: 0\n command:\n - \"/bin/bash\"\n - \"-c\"\n - |\n source /usr/local/Ascend/ascend-toolkit/set_env.sh &&\n TEMP_DIR=/root/samples_copy_$(date '+%Y%m%d_%H%M%S_%N') &&\n cp -r /root/samples \"$TEMP_DIR\" &&\n cd \"$TEMP_DIR\"/inference/modelInference/sampleResnetQuickStart/python/model &&\n wget https://obs-9be7.obs.cn-east-2.myhuaweicloud.com/003_Atc_Models/resnet50/resnet50.onnx &&\n atc --model=resnet50.onnx --framework=5 --output=resnet50 --input_shape=\"actual_input_1:1,3,224,224\" --soc_version=Ascend910 &&\n cd ../data &&\n wget https://obs-9be7.obs.cn-east-2.myhuaweicloud.com/models/aclsample/dog1_1024_683.jpg &&\n cd ../scripts &&\n bash sample_run.sh\n resources:\n requests:\n huawei.com/Ascend910: 1 # Number of the Ascend 910 Processors\n limits:\n huawei.com/Ascend910: 1 # The value should be the same as that of requests\n volumeMounts:\n - name: hiai-driver\n mountPath: /usr/local/Ascend/driver\n readOnly: true\n - name: slog\n mountPath: /var/log/npu/conf/slog/slog.conf\n - name: localtime # The container time must be the same as the host time\n mountPath: /etc/localtime\n - name: dmp\n mountPath: /var/dmp_daemon\n - name: slogd\n mountPath: /var/slogd\n - name: hbasic\n mountPath: /etc/hdcBasic.cfg\n - name: sys-version\n mountPath: /etc/sys_version.conf\n - name: aicpu\n mountPath: /usr/lib64/aicpu_kernels\n - name: tfso\n mountPath: /usr/lib64/libtensorflow.so\n - name: sample-path\n mountPath: /root/samples\n volumes:\n - name: hiai-driver\n hostPath:\n path: /usr/local/Ascend/driver\n - name: slog\n hostPath:\n path: /var/log/npu/conf/slog/slog.conf\n - name: localtime\n hostPath:\n path: /etc/localtime\n - name: dmp\n hostPath:\n path: /var/dmp_daemon\n - name: slogd\n hostPath:\n path: /var/slogd\n - name: hbasic\n hostPath:\n path: /etc/hdcBasic.cfg\n - name: sys-version\n hostPath:\n path: /etc/sys_version.conf\n - name: aicpu\n hostPath:\n path: /usr/lib64/aicpu_kernels\n - name: tfso\n hostPath:\n path: /usr/lib64/libtensorflow.so\n - name: sample-path\n hostPath:\n path: /root/samples\n restartPolicy: OnFailure\n
\u4ee5\u4e0a YAML \u4e2d\u6709\u4e00\u4e9b\u5b57\u6bb5\u9700\u8981\u6839\u636e\u5b9e\u9645\u60c5\u51b5\u8fdb\u884c\u4fee\u6539\uff1a
\u90e8\u7f72 Job \u5e76\u67e5\u770b\u7ed3\u679c
\u4f7f\u7528\u5982\u4e0b\u547d\u4ee4\u521b\u5efa Job\uff1a
kubectl apply -f ascend-demo.yaml\n
\u67e5\u770b Pod \u8fd0\u884c\u72b6\u6001\uff1a
Pod \u6210\u529f\u8fd0\u884c\u540e\uff0c\u67e5\u770b\u65e5\u5fd7\u7ed3\u679c\u3002\u5728\u5c4f\u5e55\u4e0a\u7684\u5173\u952e\u63d0\u793a\u4fe1\u606f\u793a\u4f8b\u5982\u4e0b\u56fe\uff0c\u63d0\u793a\u4fe1\u606f\u4e2d\u7684 Label \u8868\u793a\u7c7b\u522b\u6807\u8bc6\uff0c Conf \u8868\u793a\u8be5\u5206\u7c7b\u7684\u6700\u5927\u7f6e\u4fe1\u5ea6\uff0cClass \u8868\u793a\u6240\u5c5e\u7c7b\u522b\u3002\u8fd9\u4e9b\u503c\u53ef\u80fd\u4f1a\u6839\u636e\u7248\u672c\u3001\u73af\u5883\u6709\u6240\u4e0d\u540c\uff0c\u8bf7\u4ee5\u5b9e\u9645\u60c5\u51b5\u4e3a\u51c6\uff1a
\u7ed3\u679c\u56fe\u7247\u5c55\u793a\uff1a
\u786e\u8ba4\u96c6\u7fa4\u662f\u5426\u5df2\u68c0\u6d4b GPU \u5361\u3002\u70b9\u51fb\u5bf9\u5e94 \u96c6\u7fa4 -> \u96c6\u7fa4\u8bbe\u7f6e -> Addon \u63d2\u4ef6 \uff0c\u67e5\u770b\u662f\u5426\u5df2\u81ea\u52a8\u542f\u7528\u5e76\u81ea\u52a8\u68c0\u6d4b\u5bf9\u5e94 GPU \u7c7b\u578b\u3002 \u76ee\u524d\u96c6\u7fa4\u4f1a\u81ea\u52a8\u542f\u7528 GPU \uff0c\u5e76\u4e14\u8bbe\u7f6e GPU \u7c7b\u578b\u4e3a Ascend \u3002
\u90e8\u7f72\u5de5\u4f5c\u8d1f\u8f7d\uff0c\u70b9\u51fb\u5bf9\u5e94 \u96c6\u7fa4 -> \u5de5\u4f5c\u8d1f\u8f7d \uff0c\u901a\u8fc7\u955c\u50cf\u65b9\u5f0f\u90e8\u7f72\u5de5\u4f5c\u8d1f\u8f7d\uff0c\u9009\u62e9\u7c7b\u578b\uff08Ascend\uff09\u4e4b\u540e\uff0c\u9700\u8981\u914d\u7f6e\u5e94\u7528\u4f7f\u7528\u7684\u7269\u7406\u5361\u6570\u91cf\uff1a
\u7269\u7406\u5361\u6570\u91cf\uff08huawei.com/Ascend910\uff09 \uff1a\u8868\u793a\u5f53\u524d Pod \u9700\u8981\u6302\u8f7d\u51e0\u5f20\u7269\u7406\u5361\uff0c\u8f93\u5165\u503c\u5fc5\u987b\u4e3a\u6574\u6570\u4e14**\u5c0f\u4e8e\u7b49\u4e8e**\u5bbf\u4e3b\u673a\u4e0a\u7684\u5361\u6570\u91cf\u3002
\u5982\u679c\u4e0a\u8ff0\u503c\u914d\u7f6e\u7684\u6709\u95ee\u9898\u5219\u4f1a\u51fa\u73b0\u8c03\u5ea6\u5931\u8d25\uff0c\u8d44\u6e90\u5206\u914d\u4e0d\u4e86\u7684\u60c5\u51b5\u3002
\u6607\u817e\u865a\u62df\u5316\u5206\u4e3a\u52a8\u6001\u865a\u62df\u5316\u548c\u9759\u6001\u865a\u62df\u5316\uff0c\u672c\u6587\u4ecb\u7ecd\u5982\u4f55\u5f00\u542f\u5e76\u4f7f\u7528\u6607\u817e\u9759\u6001\u865a\u62df\u5316\u80fd\u529b\u3002
"},{"location":"end-user/kpanda/gpu/ascend/vnpu.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u652f\u6301\u7684 NPU \u5361\u578b\u53f7\uff1a
\u66f4\u591a\u7ec6\u8282\u53c2\u9605\u5b98\u65b9\u865a\u62df\u5316\u786c\u4ef6\u8bf4\u660e\u3002
\u8bf7\u53c2\u8003\u6607\u817e NPU \u7ec4\u4ef6\u5b89\u88c5\u6587\u6863\u5b89\u88c5\u57fa\u7840\u73af\u5883\u3002
"},{"location":"end-user/kpanda/gpu/ascend/vnpu.html#_3","title":"\u5f00\u542f\u865a\u62df\u5316\u80fd\u529b","text":"\u5f00\u542f\u865a\u62df\u5316\u80fd\u529b\u9700\u8981\u624b\u52a8\u4fee\u6539\u00a0ascend-device-plugin-daemonset \u7ec4\u4ef6\u7684\u542f\u52a8\u53c2\u6570\uff0c\u53c2\u8003\u4e0b\u8ff0\u547d\u4ee4\uff1a
- device-plugin -useAscendDocker=true -volcanoType=false -presetVirtualDevice=true\n- logFile=/var/log/mindx-dl/devicePlugin/devicePlugin.log -logLevel=0\n
"},{"location":"end-user/kpanda/gpu/ascend/vnpu.html#vnpu","title":"\u5207\u5206 VNPU \u5b9e\u4f8b","text":"\u9759\u6001\u865a\u62df\u5316\u9700\u8981\u624b\u52a8\u5bf9 VNPU \u5b9e\u4f8b\u7684\u5207\u5206\uff0c\u8bf7\u53c2\u8003\u4e0b\u8ff0\u547d\u4ee4\uff1a
npu-smi set -t create-vnpu -i 13 -c 0 -f vir02\n
i
\u6307\u7684\u662f card idc
\u6307\u7684\u662f chip idvir02
\u6307\u7684\u662f\u5207\u5206\u89c4\u683c\u6a21\u677f\u5173\u4e8e card id \u548c chip id\uff0c\u53ef\u4ee5\u901a\u8fc7 npu-smi info \u67e5\u8be2\uff0c\u5207\u5206\u89c4\u683c\u53ef\u901a\u8fc7 ascend \u5b98\u65b9\u6a21\u677f\u8fdb\u884c\u67e5\u8be2\u3002
\u5207\u5206\u5b9e\u4f8b\u8fc7\u540e\u53ef\u901a\u8fc7\u4e0b\u8ff0\u547d\u4ee4\u67e5\u8be2\u5207\u5206\u7ed3\u679c\uff1a
npu-smi info -t info-vnpu -i 13 -c 0\n
\u67e5\u8be2\u7ed3\u679c\u5982\u4e0b\uff1a
"},{"location":"end-user/kpanda/gpu/ascend/vnpu.html#ascend-device-plugin-daemonset","title":"\u91cd\u542f\u00a0ascend-device-plugin-daemonset","text":"\u5207\u5206\u5b9e\u4f8b\u540e\u624b\u52a8\u91cd\u542f device-plugin pod\uff0c\u7136\u540e\u4f7f\u7528 kubectl describe
\u547d\u4ee4\u67e5\u770b\u5df2\u6ce8\u518c node \u7684\u8d44\u6e90\uff1a
kubectl describe node {{nodename}}\n
"},{"location":"end-user/kpanda/gpu/ascend/vnpu.html#_4","title":"\u5982\u4f55\u4f7f\u7528\u8bbe\u5907","text":"\u5728\u521b\u5efa\u5e94\u7528\u65f6\uff0c\u6307\u5b9a\u8d44\u6e90 key\uff0c\u53c2\u8003\u4e0b\u8ff0 YAML\uff1a
......\nresources:\n requests:\n huawei.com/Ascend310P-2c: 1\n limits:\n huawei.com/Ascend310P-2c: 1\n......\n
"},{"location":"end-user/kpanda/gpu/metax/usemetax.html","title":"\u6c90\u66e6 GPU \u7ec4\u4ef6\u5b89\u88c5\u4e0e\u4f7f\u7528","text":"\u672c\u7ae0\u8282\u63d0\u4f9b\u6c90\u66e6 gpu-extensions\u3001gpu-operator \u7b49\u7ec4\u4ef6\u7684\u5b89\u88c5\u6307\u5bfc\u548c\u6c90\u66e6 GPU \u6574\u5361\u548c vGPU \u4e24\u79cd\u6a21\u5f0f\u7684\u4f7f\u7528\u65b9\u6cd5\u3002
"},{"location":"end-user/kpanda/gpu/metax/usemetax.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"Metax \u63d0\u4f9b\u4e86\u4e24\u4e2a helm-chart \u5305\uff0c\u4e00\u4e2a\u662f metax-extensions\uff0c\u4e00\u4e2a\u662f gpu-operator\uff0c\u6839\u636e\u4f7f\u7528\u573a\u666f\u53ef\u9009\u62e9\u5b89\u88c5\u4e0d\u540c\u7684\u7ec4\u4ef6\u3002
\u4ece /home/metax/metax-docs/k8s/metax-gpu-k8s-package.0.7.10.tar.gz
\u6587\u4ef6\u4e2d\u89e3\u538b\u51fa
\u67e5\u770b\u7cfb\u7edf\u662f\u5426\u5b89\u88c5\u9a71\u52a8
$ lsmod | grep metax \nmetax 1605632 0 \nttm 86016 3 drm_vram_helper,metax,drm_ttm_helper \ndrm 618496 7 drm_kms_helper,drm_vram_helper,ast,metax,drm_ttm_helper,ttm\n
\u5b89\u88c5\u9a71\u52a8
\u63a8\u9001\u955c\u50cf
tar -xf metax-gpu-k8s-package.0.7.10.tar.gz\n./metax-k8s-images.0.7.10.run push {registry}/metax\n
\u63a8\u9001 Helm Chart
helm plugin install https://github.com/chartmuseum/helm-push\nhelm repo add --username rootuser --password rootpass123 metax http://172.16.16.5:8081\nhelm cm-push metax-operator-0.7.10.tgz metax\nhelm cm-push metax-gpu-extensions-0.7.10.tgz metax\n
\u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4e0a\u5b89\u88c5 metax-gpu-extensions
\u90e8\u7f72\u6210\u529f\u4e4b\u540e\uff0c\u53ef\u4ee5\u5728\u8282\u70b9\u4e0a\u67e5\u770b\u5230\u8d44\u6e90\u3002
\u4fee\u6539\u6210\u529f\u4e4b\u540e\u5c31\u53ef\u4ee5\u5728\u8282\u70b9\u4e0a\u770b\u5230\u5e26\u6709 Metax GPU
\u7684\u6807\u7b7e
\u5b89\u88c5 gpu-opeartor
\u65f6\u7684\u5df2\u77e5\u95ee\u9898\uff1a
metax-operator
\u3001gpu-label
\u3001gpu-device
\u3001container-runtime
\u8fd9\u51e0\u4e2a\u7ec4\u4ef6\u955c\u50cf\u8981\u5e26\u6709 amd64
\u540e\u7f00\u3002
metax-maca
\u7ec4\u4ef6\u7684\u955c\u50cf\u4e0d\u5728 metax-k8s-images.0.7.13.run
\u5305\u91cc\u9762\uff0c\u9700\u8981\u5355\u72ec\u4e0b\u8f7d maca-mxc500-2.23.0.23-ubuntu20.04-x86_64.tar.xz
\u8fd9\u7c7b\u955c\u50cf\uff0cload
\u4e4b\u540e\u91cd\u65b0\u4fee\u6539 metax-maca
\u7ec4\u4ef6\u7684\u955c\u50cf\u3002
metax-driver
\u7ec4\u4ef6\u7684\u955c\u50cf\u9700\u8981\u4ece https://pub-docstore.metax-tech.com:7001
\u8fd9\u4e2a\u7f51\u7ad9\u4e0b\u8f7d k8s-driver-image.2.23.0.25.run
\u6587\u4ef6\uff0c\u7136\u540e\u6267\u884c k8s-driver-image.2.23.0.25.run push {registry}/metax
\u547d\u4ee4\u628a\u955c\u50cf\u63a8\u9001\u5230\u955c\u50cf\u4ed3\u5e93\u3002\u63a8\u9001\u4e4b\u540e\u4fee\u6539 metax-driver
\u7ec4\u4ef6\u7684\u955c\u50cf\u5730\u5740\u3002
\u5b89\u88c5\u540e\u53ef\u5728\u5de5\u4f5c\u8d1f\u8f7d\u4e2d\u4f7f\u7528\u6c90\u66e6 GPU\u3002\u6ce8\u610f\u542f\u7528 GPU \u540e\uff0c\u9700\u9009\u62e9GPU\u7c7b\u578b\u4e3a Metax GPU
\u8fdb\u5165\u5bb9\u5668\uff0c\u6267\u884c mx-smi \u53ef\u67e5\u770b GPU \u7684\u4f7f\u7528\u60c5\u51b5.
"},{"location":"end-user/kpanda/gpu/mlu/use-mlu.html","title":"\u4f7f\u7528\u5bd2\u6b66\u7eaa GPU","text":"\u672c\u6587\u4ecb\u7ecd\u5982\u4f55\u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4e2d\u4f7f\u7528\u5bd2\u6b66\u7eaa GPU\u3002
"},{"location":"end-user/kpanda/gpu/mlu/use-mlu.html#_1","title":"\u524d\u7f6e\u6761\u4ef6","text":"\u5728\u5b89\u88c5 DevicePlugin \u65f6\u8bf7\u5173\u95ed --enable-device-type \u53c2\u6570\uff0c\u5426\u5219\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u5c06\u65e0\u6cd5\u6b63\u786e\u8bc6\u522b\u5bd2\u6b66\u7eaa GPU\u3002
"},{"location":"end-user/kpanda/gpu/mlu/use-mlu.html#gpu_1","title":"\u5bd2\u6b66\u7eaa GPU \u6a21\u5f0f\u4ecb\u7ecd","text":"\u5bd2\u6b66\u7eaa GPU \u6709\u4ee5\u4e0b\u51e0\u79cd\u6a21\u5f0f\uff1a
\u8fd9\u91cc\u4ee5 Dynamic smlu \u6a21\u5f0f\u4e3a\u4f8b\uff1a
\u5728\u6b63\u786e\u5b89\u88c5 DevicePlugin \u7b49\u7ec4\u4ef6\u540e\uff0c\u70b9\u51fb\u5bf9\u5e94 \u96c6\u7fa4 -> \u96c6\u7fa4\u8fd0\u7ef4-> \u96c6\u7fa4\u8bbe\u7f6e -> Addon \u63d2\u4ef6 \uff0c\u67e5\u770b\u662f\u5426\u5df2\u81ea\u52a8\u542f\u7528\u5e76\u81ea\u52a8\u68c0\u6d4b\u5bf9\u5e94 GPU \u7c7b\u578b\u3002
\u70b9\u51fb\u8282\u70b9\u7ba1\u7406\u9875\u9762\uff0c\u67e5\u770b\u8282\u70b9\u662f\u5426\u5df2\u7ecf\u6b63\u786e\u8bc6\u522b\u5230\u5bf9\u5e94\u7684GPU\u7c7b\u578b\u3002
\u90e8\u7f72\u5de5\u4f5c\u8d1f\u8f7d\u3002\u70b9\u51fb\u5bf9\u5e94 \u96c6\u7fa4 -> \u5de5\u4f5c\u8d1f\u8f7d \uff0c\u901a\u8fc7\u955c\u50cf\u65b9\u5f0f\u90e8\u7f72\u5de5\u4f5c\u8d1f\u8f7d\uff0c\u9009\u62e9\u7c7b\u578b\uff08MLU VGPU\uff09\u4e4b\u540e\uff0c\u9700\u8981\u914d\u7f6e App \u4f7f\u7528\u7684 GPU \u8d44\u6e90\uff1a
\u53c2\u8003 YAML \u6587\u4ef6\u5982\u4e0b\uff1a
apiVersion: v1 \nkind: Pod \nmetadata: \n name: pod1 \nspec: \n restartPolicy: OnFailure \n containers: \n - image: ubuntu:16.04 \n name: pod1-ctr \n command: [\"sleep\"] \n args: [\"100000\"] \n resources: \n limits: \n cambricon.com/mlu: \"1\" # use this when device type is not enabled, else delete this line. \n #cambricon.com/mlu: \"1\" #uncomment to use when device type is enabled \n #cambricon.com/mlu.share: \"1\" #uncomment to use device with env-share mode \n #cambricon.com/mlu.mim-2m.8gb: \"1\" #uncomment to use device with mim mode \n #cambricon.com/mlu.smlu.vcore: \"100\" #uncomment to use device with mim mode \n #cambricon.com/mlu.smlu.vmemory: \"1024\" #uncomment to use device with mim mode\n
"},{"location":"end-user/kpanda/gpu/nvidia/index.html","title":"NVIDIA GPU \u5361\u4f7f\u7528\u6a21\u5f0f","text":"NVIDIA \u4f5c\u4e3a\u4e1a\u5185\u77e5\u540d\u7684\u56fe\u5f62\u8ba1\u7b97\u4f9b\u5e94\u5546\uff0c\u4e3a\u7b97\u529b\u7684\u63d0\u5347\u63d0\u4f9b\u4e86\u8bf8\u591a\u8f6f\u786c\u4ef6\u89e3\u51b3\u65b9\u6848\uff0c\u5176\u4e2d NVIDIA \u5728 GPU \u7684\u4f7f\u7528\u65b9\u5f0f\u4e0a\u63d0\u4f9b\u4e86\u5982\u4e0b\u4e09\u79cd\u89e3\u51b3\u65b9\u6848\uff1a
"},{"location":"end-user/kpanda/gpu/nvidia/index.html#full-gpu","title":"\u6574\u5361\uff08Full GPU\uff09","text":"\u6574\u5361\u662f\u6307\u5c06\u6574\u4e2a NVIDIA GPU \u5206\u914d\u7ed9\u5355\u4e2a\u7528\u6237\u6216\u5e94\u7528\u7a0b\u5e8f\u3002\u5728\u8fd9\u79cd\u914d\u7f6e\u4e0b\uff0c\u5e94\u7528\u53ef\u4ee5\u5b8c\u5168\u5360\u7528 GPU \u7684\u6240\u6709\u8d44\u6e90\uff0c \u5e76\u83b7\u5f97\u6700\u5927\u7684\u8ba1\u7b97\u6027\u80fd\u3002\u6574\u5361\u9002\u7528\u4e8e\u9700\u8981\u5927\u91cf\u8ba1\u7b97\u8d44\u6e90\u548c\u5185\u5b58\u7684\u5de5\u4f5c\u8d1f\u8f7d\uff0c\u5982\u6df1\u5ea6\u5b66\u4e60\u8bad\u7ec3\u3001\u79d1\u5b66\u8ba1\u7b97\u7b49\u3002
"},{"location":"end-user/kpanda/gpu/nvidia/index.html#vgpuvirtual-gpu","title":"vGPU\uff08Virtual GPU\uff09","text":"vGPU \u662f\u4e00\u79cd\u865a\u62df\u5316\u6280\u672f\uff0c\u5141\u8bb8\u5c06\u4e00\u4e2a\u7269\u7406 GPU \u5212\u5206\u4e3a\u591a\u4e2a\u865a\u62df GPU\uff0c\u6bcf\u4e2a\u865a\u62df GPU \u5206\u914d\u7ed9\u4e0d\u540c\u7684\u4e91\u4e3b\u673a\u6216\u7528\u6237\u3002 vGPU \u4f7f\u591a\u4e2a\u7528\u6237\u53ef\u4ee5\u5171\u4eab\u540c\u4e00\u53f0\u7269\u7406 GPU\uff0c\u5e76\u5728\u5404\u81ea\u7684\u865a\u62df\u73af\u5883\u4e2d\u72ec\u7acb\u4f7f\u7528 GPU \u8d44\u6e90\u3002 \u6bcf\u4e2a\u865a\u62df GPU \u53ef\u4ee5\u83b7\u5f97\u4e00\u5b9a\u7684\u8ba1\u7b97\u80fd\u529b\u548c\u663e\u5b58\u5bb9\u91cf\u3002vGPU \u9002\u7528\u4e8e\u865a\u62df\u5316\u73af\u5883\u548c\u4e91\u8ba1\u7b97\u573a\u666f\uff0c\u53ef\u4ee5\u63d0\u4f9b\u66f4\u9ad8\u7684\u8d44\u6e90\u5229\u7528\u7387\u548c\u7075\u6d3b\u6027\u3002
"},{"location":"end-user/kpanda/gpu/nvidia/index.html#migmulti-instance-gpu","title":"MIG\uff08Multi-Instance GPU\uff09","text":"MIG \u662f NVIDIA Ampere \u67b6\u6784\u5f15\u5165\u7684\u4e00\u9879\u529f\u80fd\uff0c\u5b83\u5141\u8bb8\u5c06\u4e00\u4e2a\u7269\u7406 GPU \u5212\u5206\u4e3a\u591a\u4e2a\u7269\u7406 GPU \u5b9e\u4f8b\uff0c\u6bcf\u4e2a\u5b9e\u4f8b\u53ef\u4ee5\u72ec\u7acb\u5206\u914d\u7ed9\u4e0d\u540c\u7684\u7528\u6237\u6216\u5de5\u4f5c\u8d1f\u8f7d\u3002 \u6bcf\u4e2a MIG \u5b9e\u4f8b\u5177\u6709\u81ea\u5df1\u7684\u8ba1\u7b97\u8d44\u6e90\u3001\u663e\u5b58\u548c PCIe \u5e26\u5bbd\uff0c\u5c31\u50cf\u4e00\u4e2a\u72ec\u7acb\u7684\u865a\u62df GPU\u3002 MIG \u63d0\u4f9b\u4e86\u66f4\u7ec6\u7c92\u5ea6\u7684 GPU \u8d44\u6e90\u5206\u914d\u548c\u7ba1\u7406\uff0c\u53ef\u4ee5\u6839\u636e\u9700\u6c42\u52a8\u6001\u8c03\u6574\u5b9e\u4f8b\u7684\u6570\u91cf\u548c\u5927\u5c0f\u3002 MIG \u9002\u7528\u4e8e\u591a\u79df\u6237\u73af\u5883\u3001\u5bb9\u5668\u5316\u5e94\u7528\u7a0b\u5e8f\u548c\u6279\u5904\u7406\u4f5c\u4e1a\u7b49\u573a\u666f\u3002
\u65e0\u8bba\u662f\u5728\u865a\u62df\u5316\u73af\u5883\u4e2d\u4f7f\u7528 vGPU\uff0c\u8fd8\u662f\u5728\u7269\u7406 GPU \u4e0a\u4f7f\u7528 MIG\uff0cNVIDIA \u4e3a\u7528\u6237\u63d0\u4f9b\u4e86\u66f4\u591a\u7684\u9009\u62e9\u548c\u4f18\u5316 GPU \u8d44\u6e90\u7684\u65b9\u5f0f\u3002 \u7b97\u4e30 AI \u7b97\u529b\u5bb9\u5668\u7ba1\u7406\u5e73\u53f0\u5168\u9762\u517c\u5bb9\u4e86\u4e0a\u8ff0 NVIDIA \u7684\u80fd\u529b\u7279\u6027\uff0c\u7528\u6237\u53ea\u9700\u901a\u8fc7\u7b80\u5355\u7684\u754c\u9762\u64cd\u4f5c\uff0c\u5c31\u80fd\u591f\u83b7\u5f97\u5168\u90e8 NVIDIA GPU \u7684\u8ba1\u7b97\u80fd\u529b\uff0c\u4ece\u800c\u63d0\u9ad8\u8d44\u6e90\u5229\u7528\u7387\u5e76\u964d\u4f4e\u6210\u672c\u3002
\u5f00\u542f\u914d\u7f6e\u8be6\u60c5\u53c2\u8003 GPU Operator \u79bb\u7ebf\u5b89\u88c5\u3002
"},{"location":"end-user/kpanda/gpu/nvidia/index.html#_1","title":"\u5982\u4f55\u4f7f\u7528","text":"\u60a8\u53ef\u4ee5\u53c2\u8003\u4ee5\u4e0b\u94fe\u63a5\uff0c\u5feb\u901f\u4f7f\u7528\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u5173\u4e8e NVIDIA GPU \u5361\u7684\u7ba1\u7406\u80fd\u529b\u3002
\u672c\u8282\u4ecb\u7ecd\u5982\u4f55\u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u5c06\u6574\u4e2a NVIDIA GPU \u5361\u5206\u914d\u7ed9\u5355\u4e2a\u5e94\u7528\u3002
"},{"location":"end-user/kpanda/gpu/nvidia/full_gpu_userguide.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u786e\u8ba4\u96c6\u7fa4\u662f\u5426\u5df2\u68c0\u6d4b GPU \u5361\u3002\u70b9\u51fb\u5bf9\u5e94 \u96c6\u7fa4 -> \u96c6\u7fa4\u8bbe\u7f6e -> Addon \u63d2\u4ef6 \uff0c\u67e5\u770b\u662f\u5426\u5df2\u81ea\u52a8\u542f\u7528\u5e76\u81ea\u52a8\u68c0\u6d4b\u5bf9\u5e94 GPU \u7c7b\u578b\u3002 \u76ee\u524d\u96c6\u7fa4\u4f1a\u81ea\u52a8\u542f\u7528 GPU \uff0c\u5e76\u4e14\u8bbe\u7f6e GPU \u7c7b\u578b\u4e3a Nvidia GPU \u3002
\u90e8\u7f72\u5de5\u4f5c\u8d1f\u8f7d\uff0c\u70b9\u51fb\u5bf9\u5e94 \u96c6\u7fa4 -> \u5de5\u4f5c\u8d1f\u8f7d \uff0c\u901a\u8fc7\u955c\u50cf\u65b9\u5f0f\u90e8\u7f72\u5de5\u4f5c\u8d1f\u8f7d\uff0c\u9009\u62e9\u7c7b\u578b\uff08Nvidia GPU\uff09\u4e4b\u540e\uff0c\u9700\u8981\u914d\u7f6e\u5e94\u7528\u4f7f\u7528\u7684\u7269\u7406\u5361\u6570\u91cf\uff1a
\u7269\u7406\u5361\u6570\u91cf\uff08nvidia.com/gpu\uff09 \uff1a\u8868\u793a\u5f53\u524d Pod \u9700\u8981\u6302\u8f7d\u51e0\u5f20\u7269\u7406\u5361\uff0c\u8f93\u5165\u503c\u5fc5\u987b\u4e3a\u6574\u6570\u4e14 \u5c0f\u4e8e\u7b49\u4e8e \u5bbf\u4e3b\u673a\u4e0a\u7684\u5361\u6570\u91cf\u3002
\u5982\u679c\u4e0a\u8ff0\u503c\u914d\u7f6e\u7684\u6709\u95ee\u9898\u5219\u4f1a\u51fa\u73b0\u8c03\u5ea6\u5931\u8d25\uff0c\u8d44\u6e90\u5206\u914d\u4e0d\u4e86\u7684\u60c5\u51b5\u3002
\u521b\u5efa\u5de5\u4f5c\u8d1f\u8f7d\u7533\u8bf7 GPU \u8d44\u6e90\uff0c\u5728\u8d44\u6e90\u7533\u8bf7\u548c\u9650\u5236\u914d\u7f6e\u4e2d\u589e\u52a0 nvidia.com/gpu: 1 \u53c2\u6570\u914d\u7f6e\u5e94\u7528\u4f7f\u7528\u7269\u7406\u5361\u7684\u6570\u91cf\u3002
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: full-gpu-demo\n namespace: default\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: full-gpu-demo\n template:\n metadata:\n labels:\n app: full-gpu-demo\n spec:\n containers:\n - image: chrstnhntschl/gpu_burn\n name: container-0\n resources:\n requests:\n cpu: 250m\n memory: 512Mi\n nvidia.com/gpu: 1 # \u7533\u8bf7 GPU \u7684\u6570\u91cf\n limits:\n cpu: 250m\n memory: 512Mi\n nvidia.com/gpu: 1 # GPU \u6570\u91cf\u7684\u4f7f\u7528\u4e0a\u9650\n imagePullSecrets:\n - name: default-secret\n
Note
\u4f7f\u7528 nvidia.com/gpu \u53c2\u6570\u6307\u5b9a GPU \u6570\u91cf\u65f6\uff0crequests \u548c limits \u503c\u9700\u8981\u4fdd\u6301\u4e00\u81f4\u3002
"},{"location":"end-user/kpanda/gpu/nvidia/install_nvidia_driver_of_operator.html","title":"GPU Operator \u79bb\u7ebf\u5b89\u88c5","text":"\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u9884\u7f6e\u4e86 Ubuntu22.04\u3001Ubuntu20.04\u3001CentOS 7.9 \u8fd9\u4e09\u4e2a\u64cd\u4f5c\u7cfb\u7edf\u7684 Driver \u955c\u50cf\uff0c\u9a71\u52a8\u7248\u672c\u662f 535.104.12\uff1b \u5e76\u4e14\u5185\u7f6e\u4e86\u5404\u64cd\u4f5c\u7cfb\u7edf\u6240\u9700\u7684 Toolkit \u955c\u50cf\uff0c\u7528\u6237\u4e0d\u518d\u9700\u8981\u624b\u52a8\u79bb\u7ebf Toolkit \u955c\u50cf\u3002
\u672c\u6587\u4f7f\u7528 AMD \u67b6\u6784\u7684 CentOS 7.9\uff083.10.0-1160\uff09\u8fdb\u884c\u6f14\u793a\u3002\u5982\u9700\u4f7f\u7528 Red Hat 8.4 \u90e8\u7f72\uff0c \u8bf7\u53c2\u8003\u5411\u706b\u79cd\u8282\u70b9\u4ed3\u5e93\u4e0a\u4f20 Red Hat GPU Opreator \u79bb\u7ebf\u955c\u50cf\u548c\u6784\u5efa Red Hat 8.4 \u79bb\u7ebf yum \u6e90\u3002
"},{"location":"end-user/kpanda/gpu/nvidia/install_nvidia_driver_of_operator.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u53c2\u8003\u5982\u4e0b\u6b65\u9aa4\u4e3a\u96c6\u7fa4\u5b89\u88c5 gpu-operator \u63d2\u4ef6\u3002
\u767b\u5f55\u5e73\u53f0\uff0c\u8fdb\u5165 \u5bb9\u5668\u7ba1\u7406 -> \u5f85\u5b89\u88c5 gpu-operator \u7684\u96c6\u7fa4 -> \u8fdb\u5165\u96c6\u7fa4\u8be6\u60c5\u3002
\u5728 Helm \u6a21\u677f \u9875\u9762\uff0c\u9009\u62e9 \u5168\u90e8\u4ed3\u5e93 \uff0c\u641c\u7d22 gpu-operator \u3002
\u9009\u62e9 gpu-operator \uff0c\u70b9\u51fb \u5b89\u88c5 \u3002
\u53c2\u8003\u4e0b\u6587\u53c2\u6570\u914d\u7f6e\uff0c\u914d\u7f6e gpu-operator \u5b89\u88c5\u53c2\u6570\uff0c\u5b8c\u6210 gpu-operator \u7684\u5b89\u88c5\u3002
Ubuntu 22.04
\u3001Ubuntu20.04
\u3001Centos7.9
\u3001other
\u56db\u4e2a\u9009\u9879\uff0c\u8bf7\u6b63\u786e\u7684\u9009\u62e9\u64cd\u4f5c\u7cfb\u7edf\u3002Driver.version \uff1aGPU \u9a71\u52a8\u955c\u50cf\u7684\u7248\u672c\uff0c\u79bb\u7ebf\u90e8\u7f72\u8bf7\u4f7f\u7528\u9ed8\u8ba4\u53c2\u6570\uff0c\u4ec5\u5728\u7ebf\u5b89\u88c5\u65f6\u9700\u914d\u7f6e\u3002\u4e0d\u540c\u7c7b\u578b\u64cd\u4f5c\u7cfb\u7edf\u7684 Driver \u955c\u50cf\u7684\u7248\u672c\u5b58\u5728\u5982\u4e0b\u5dee\u5f02\uff0c \u8be6\u60c5\u53ef\u53c2\u8003\uff1aNvidia GPU Driver \u7248\u672c\u3002 \u5982\u4e0b\u4e0d\u540c\u64cd\u4f5c\u7cfb\u7edf\u7684 Driver Version
\u793a\u4f8b\uff1a
Note
\u4f7f\u7528\u5185\u7f6e\u7684\u64cd\u4f5c\u7cfb\u7edf\u7248\u672c\u65e0\u9700\u4fee\u6539\u955c\u50cf\u7248\u672c\uff0c\u5176\u4ed6\u64cd\u4f5c\u7cfb\u7edf\u7248\u672c\u8bf7\u53c2\u8003\u5411\u706b\u79cd\u8282\u70b9\u4ed3\u5e93\u4e0a\u4f20\u955c\u50cf\u3002 \u6ce8\u610f\u7248\u672c\u53f7\u540e\u65e0\u9700\u586b\u5199 Ubuntu\u3001CentOS\u3001Red Hat \u7b49\u64cd\u4f5c\u7cfb\u7edf\u540d\u79f0\uff0c\u82e5\u5b98\u65b9\u955c\u50cf\u542b\u6709\u64cd\u4f5c\u7cfb\u7edf\u540e\u7f00\uff0c\u8bf7\u624b\u52a8\u79fb\u9664\u3002
525.105.17
535-5.15.0-1043-nvidia
525.147.05
Driver.RepoConfig.ConfigMapName \uff1a\u7528\u6765\u8bb0\u5f55 GPU Operator \u7684\u79bb\u7ebf yum \u6e90\u914d\u7f6e\u6587\u4ef6\u540d\u79f0\uff0c \u5f53\u4f7f\u7528\u9884\u7f6e\u7684\u79bb\u7ebf\u5305\u65f6\uff0c\u5404\u7c7b\u578b\u7684\u64cd\u4f5c\u7cfb\u7edf\u8bf7\u53c2\u8003\u5982\u4e0b\u7684\u6587\u6863\u3002
Toolkit.enable \uff1a\u9ed8\u8ba4\u5f00\u542f\uff0c\u8be5\u7ec4\u4ef6\u8ba9 conatainerd/docker \u652f\u6301\u8fd0\u884c\u9700\u8981 GPU \u7684\u5bb9\u5668\u3002
"},{"location":"end-user/kpanda/gpu/nvidia/install_nvidia_driver_of_operator.html#mig","title":"MIG \u914d\u7f6e\u53c2\u6570","text":"\u8be6\u7ec6\u914d\u7f6e\u65b9\u5f0f\u8bf7\u53c2\u8003\u5f00\u542f MIG \u529f\u80fd
MigManager.Config.name \uff1aMIG \u7684\u5207\u5206\u914d\u7f6e\u6587\u4ef6\u540d\uff0c\u7528\u4e8e\u5b9a\u4e49 MIG \u7684\uff08GI, CI\uff09\u5207\u5206\u7b56\u7565\u3002 \u9ed8\u8ba4\u4e3a default-mig-parted-config \u3002\u81ea\u5b9a\u4e49\u53c2\u6570\u53c2\u8003\u5f00\u542f MIG \u529f\u80fd\u3002
"},{"location":"end-user/kpanda/gpu/nvidia/install_nvidia_driver_of_operator.html#_6","title":"\u4e0b\u4e00\u6b65\u64cd\u4f5c","text":"\u5b8c\u6210\u4e0a\u8ff0\u76f8\u5173\u53c2\u6570\u914d\u7f6e\u548c\u521b\u5efa\u540e\uff1a
\u5982\u679c\u4f7f\u7528 \u6574\u5361\u6a21\u5f0f\uff0c\u5e94\u7528\u521b\u5efa\u65f6\u53ef\u4f7f\u7528 GPU \u8d44\u6e90
\u5982\u679c\u4f7f\u7528 vGPU \u6a21\u5f0f \uff0c\u5b8c\u6210\u4e0a\u8ff0\u76f8\u5173\u53c2\u6570\u914d\u7f6e\u548c\u521b\u5efa\u540e\uff0c\u4e0b\u4e00\u6b65\u8bf7\u5b8c\u6210 vGPU Addon \u5b89\u88c5
\u5982\u679c\u4f7f\u7528 MIG \u6a21\u5f0f\uff0c\u5e76\u4e14\u9700\u8981\u7ed9\u4e2a\u522b GPU \u8282\u70b9\u6309\u7167\u67d0\u79cd\u5207\u5206\u89c4\u683c\u8fdb\u884c\u4f7f\u7528\uff0c \u5426\u5219\u6309\u7167 MigManager.Config
\u4e2d\u7684 default \u503c\u8fdb\u884c\u5207\u5206\u3002
single \u6a21\u5f0f\u8bf7\u7ed9\u5bf9\u5e94\u8282\u70b9\u6253\u4e0a\u5982\u4e0b Label\uff1a
kubectl label nodes {node} nvidia.com/mig.config=\"all-1g.10gb\" --overwrite\n
mixed \u6a21\u5f0f\u8bf7\u7ed9\u5bf9\u5e94\u8282\u70b9\u6253\u4e0a\u5982\u4e0b Label\uff1a
kubectl label nodes {node} nvidia.com/mig.config=\"custom-config\" --overwrite\n
\u200b \u5207\u5206\u540e\uff0c\u5e94\u7528\u53ef\u4f7f\u7528 MIG GPU \u8d44\u6e90\u3002
"},{"location":"end-user/kpanda/gpu/nvidia/push_image_to_repo.html","title":"\u5411\u706b\u79cd\u8282\u70b9\u4ed3\u5e93\u4e0a\u4f20 Red Hat GPU Opreator \u79bb\u7ebf\u955c\u50cf","text":"\u672c\u6587\u4ee5 Red Hat 8.4 \u7684 nvcr.io/nvidia/driver:525.105.17-rhel8.4
\u79bb\u7ebf\u9a71\u52a8\u955c\u50cf\u4e3a\u4f8b\uff0c\u4ecb\u7ecd\u5982\u4f55\u5411\u706b\u79cd\u8282\u70b9\u4ed3\u5e93\u4e0a\u4f20\u79bb\u7ebf\u955c\u50cf\u3002
\u4ee5\u4e0b\u64cd\u4f5c\u5728\u8054\u7f51\u8282\u70b9\u4e0a\u8fdb\u884c\u3002
\u5728\u8054\u7f51\u673a\u5668\u4e0a\u62c9\u53d6 nvcr.io/nvidia/driver:525.105.17-rhel8.4
\u79bb\u7ebf\u9a71\u52a8\u955c\u50cf\uff1a
docker pull nvcr.io/nvidia/driver:525.105.17-rhel8.4\n
\u955c\u50cf\u62c9\u53d6\u5b8c\u6210\u540e\uff0c\u6253\u5305\u955c\u50cf\u4e3a nvidia-driver.tar
\u538b\u7f29\u5305\uff1a
docker save nvcr.io/nvidia/driver:525.105.17-rhel8.4 > nvidia-driver.tar\n
\u62f7\u8d1d nvidia-driver.tar
\u955c\u50cf\u538b\u7f29\u5305\u5230\u706b\u79cd\u8282\u70b9\uff1a
scp nvidia-driver.tar user@ip:/root\n
\u4f8b\u5982\uff1a
scp nvidia-driver.tar root@10.6.175.10:/root\n
\u4ee5\u4e0b\u64cd\u4f5c\u5728\u706b\u79cd\u8282\u70b9\u4e0a\u8fdb\u884c\u3002
\u767b\u5f55\u706b\u79cd\u8282\u70b9\uff0c\u5c06\u8054\u7f51\u8282\u70b9\u62f7\u8d1d\u7684\u955c\u50cf\u538b\u7f29\u5305 nvidia-driver.tar
\u5bfc\u5165\u672c\u5730\uff1a
docker load -i nvidia-driver.tar\n
\u67e5\u770b\u521a\u521a\u5bfc\u5165\u7684\u955c\u50cf\uff1a
docker images -a |grep nvidia\n
\u9884\u671f\u8f93\u51fa\uff1a
nvcr.io/nvidia/driver e3ed7dee73e9 1 days ago 1.02GB\n
\u91cd\u65b0\u6807\u8bb0\u955c\u50cf\uff0c\u4f7f\u5176\u4e0e\u8fdc\u7a0b Registry \u4ed3\u5e93\u4e2d\u7684\u76ee\u6807\u4ed3\u5e93\u5bf9\u5e94\uff1a
docker tag <image-name> <registry-url>/<repository-name>:<tag>\n
<image-name>
\u662f\u4e0a\u4e00\u6b65 nvidia \u955c\u50cf\u7684\u540d\u79f0\uff0c<registry-url>
\u662f\u706b\u79cd\u8282\u70b9\u4e0a Registry \u670d\u52a1\u7684\u5730\u5740\uff0c<repository-name>
\u662f\u60a8\u8981\u63a8\u9001\u5230\u7684\u4ed3\u5e93\u540d\u79f0\uff0c<tag>
\u662f\u60a8\u4e3a\u955c\u50cf\u6307\u5b9a\u7684\u6807\u7b7e\u3002\u4f8b\u5982\uff1a
registry\uff1adocker tag nvcr.io/nvidia/driver 10.6.10.5/nvcr.io/nvidia/driver:525.105.17-rhel8.4\n
\u5c06\u955c\u50cf\u63a8\u9001\u5230\u706b\u79cd\u8282\u70b9\u955c\u50cf\u4ed3\u5e93\uff1a
docker push {ip}/nvcr.io/nvidia/driver:525.105.17-rhel8.4\n
\u53c2\u8003\u6784\u5efa Red Hat 8.4 \u79bb\u7ebf yum \u6e90\u548c GPU Operator \u79bb\u7ebf\u5b89\u88c5\u6765\u4e3a\u96c6\u7fa4\u90e8\u7f72 GPU Operator\u3002
"},{"location":"end-user/kpanda/gpu/nvidia/rhel9.2_offline_install_driver.html","title":"RHEL 9.2 \u79bb\u7ebf\u5b89\u88c5 gpu-operator \u9a71\u52a8","text":"\u524d\u63d0\u6761\u4ef6\uff1a\u5df2\u5b89\u88c5 gpu-operator v23.9.0+2 \u53ca\u66f4\u9ad8\u7248\u672c
RHEL 9.2 \u9a71\u52a8\u955c\u50cf\u4e0d\u80fd\u76f4\u63a5\u5b89\u88c5\uff0c\u5b98\u65b9\u7684\u9a71\u52a8\u811a\u672c\u5b58\u5728\u4e00\u70b9\u95ee\u9898\uff0c\u5728\u5b98\u65b9\u4fee\u590d\u4e4b\u524d\uff0c\u63d0\u4f9b\u5982\u4e0b\u7684\u6b65\u9aa4\u6765\u5b9e\u73b0\u79bb\u7ebf\u5b89\u88c5\u9a71\u52a8\u3002
"},{"location":"end-user/kpanda/gpu/nvidia/rhel9.2_offline_install_driver.html#nouveau","title":"\u7981\u7528nouveau\u9a71\u52a8","text":"\u5728 RHEL 9.2 \u4e2d\u5b58\u5728 nouveau
\u975e\u5b98\u65b9\u7684 Nvidia
\u9a71\u52a8\uff0c\u56e0\u6b64\u9700\u8981\u5148\u7981\u7528\u3002
# \u521b\u5efa\u4e00\u4e2a\u65b0\u7684\u6587\u4ef6\nsudo vi /etc/modprobe.d/blacklist-nouveau.conf\n# \u6dfb\u52a0\u4ee5\u4e0b\u4e24\u884c\u5185\u5bb9:\nblacklist nouveau\noptions nouveau modeset=0\n# \u7981\u7528Nouveau\nsudo dracut --force\n# \u91cd\u542fvm\nsudo reboot\n# \u68c0\u67e5\u662f\u5426\u5df2\u7ecf\u6210\u529f\u7981\u7528\nlsmod | grep nouveau\n
"},{"location":"end-user/kpanda/gpu/nvidia/rhel9.2_offline_install_driver.html#_1","title":"\u81ea\u5b9a\u4e49\u9a71\u52a8\u955c\u50cf","text":"\u5148\u5728\u672c\u5730\u521b\u5efa nvidia-driver
\u6587\u4ef6\uff1a
#! /bin/bash -x\n# Copyright (c) 2018-2020, NVIDIA CORPORATION. All rights reserved.\n\nset -eu\n\nRUN_DIR=/run/nvidia\nPID_FILE=${RUN_DIR}/${0##*/}.pid\nDRIVER_VERSION=${DRIVER_VERSION:?\"Missing DRIVER_VERSION env\"}\nKERNEL_UPDATE_HOOK=/run/kernel/postinst.d/update-nvidia-driver\nNUM_VGPU_DEVICES=0\nNVIDIA_MODULE_PARAMS=()\nNVIDIA_UVM_MODULE_PARAMS=()\nNVIDIA_MODESET_MODULE_PARAMS=()\nNVIDIA_PEERMEM_MODULE_PARAMS=()\nTARGETARCH=${TARGETARCH:?\"Missing TARGETARCH env\"}\nUSE_HOST_MOFED=\"${USE_HOST_MOFED:-false}\"\nDNF_RELEASEVER=${DNF_RELEASEVER:-\"\"}\nRHEL_VERSION=${RHEL_VERSION:-\"\"}\nRHEL_MAJOR_VERSION=9\n\nOPEN_KERNEL_MODULES_ENABLED=${OPEN_KERNEL_MODULES_ENABLED:-false}\n[[ \"${OPEN_KERNEL_MODULES_ENABLED}\" == \"true\" ]] && KERNEL_TYPE=kernel-open || KERNEL_TYPE=kernel\n\nDRIVER_ARCH=${TARGETARCH/amd64/x86_64} && DRIVER_ARCH=${DRIVER_ARCH/arm64/aarch64}\necho \"DRIVER_ARCH is $DRIVER_ARCH\"\n\nSCRIPT_DIR=$( cd -- \"$( dirname -- \"${BASH_SOURCE[0]}\" )\" &> /dev/null && pwd )\nsource $SCRIPT_DIR/common.sh\n\n_update_package_cache() {\n if [ \"${PACKAGE_TAG:-}\" != \"builtin\" ]; then\n echo \"Updating the package cache...\"\n if ! yum -q makecache; then\n echo \"FATAL: failed to reach RHEL package repositories. \"\\\n \"Ensure that the cluster can access the proper networks.\"\n exit 1\n fi\n fi\n}\n\n_cleanup_package_cache() {\n if [ \"${PACKAGE_TAG:-}\" != \"builtin\" ]; then\n echo \"Cleaning up the package cache...\"\n rm -rf /var/cache/yum/*\n fi\n}\n\n_get_rhel_version_from_kernel() {\n local rhel_version_underscore rhel_version_arr\n rhel_version_underscore=$(echo \"${KERNEL_VERSION}\" | sed 's/.*el\\([0-9]\\+_[0-9]\\+\\).*/\\1/g')\n # For e.g. :- from the kernel version 4.18.0-513.9.1.el8_9, we expect to extract the string \"8_9\"\n if [[ ! ${rhel_version_underscore} =~ ^[0-9]+_[0-9]+$ ]]; then\n echo \"Unable to resolve RHEL version from kernel version\" >&2\n return 1\n fi\n IFS='_' read -r -a rhel_version_arr <<< \"$rhel_version_underscore\"\n if [[ ${#rhel_version_arr[@]} -ne 2 ]]; then\n echo \"Unable to resolve RHEL version from kernel version\" >&2\n return 1\n fi\n RHEL_VERSION=\"${rhel_version_arr[0]}.${rhel_version_arr[1]}\"\n echo \"RHEL VERSION successfully resolved from kernel: ${RHEL_VERSION}\"\n return 0\n}\n\n_resolve_rhel_version() {\n _get_rhel_version_from_kernel || RHEL_VERSION=\"${RHEL_MAJOR_VERSION}\"\n # set dnf release version as rhel version by default\n if [[ -z \"${DNF_RELEASEVER}\" ]]; then\n DNF_RELEASEVER=\"${RHEL_VERSION}\"\n fi\n return 0\n}\n\n# Resolve the kernel version to the form major.minor.patch-revision.\n_resolve_kernel_version() {\n echo \"Resolving Linux kernel version...\"\n local version=$(yum -q list available --showduplicates kernel-headers |\n awk -v arch=$(uname -m) 'NR>1 {print $2\".\"arch}' | tac | grep -E -m1 \"^${KERNEL_VERSION/latest/.*}\")\n\n if [ -z \"${version}\" ]; then\n echo \"Could not resolve Linux kernel version\" >&2\n return 1\n fi\n KERNEL_VERSION=\"${version}\"\n echo \"Proceeding with Linux kernel version ${KERNEL_VERSION}\"\n return 0\n}\n\n# Install the kernel modules header/builtin/order files and generate the kernel version string.\n_install_prerequisites() (\n local tmp_dir=$(mktemp -d)\n\n trap \"rm -rf ${tmp_dir}\" EXIT\n cd ${tmp_dir}\n\n echo \"Installing elfutils...\"\n if ! dnf install -q -y elfutils-libelf.$DRIVER_ARCH; then\n echo \"FATAL: failed to install elfutils packages. RHEL entitlement may be improperly deployed.\"\n exit 1\n fi\n if ! dnf install -q -y elfutils-libelf-devel.$DRIVER_ARCH; then\n echo \"FATAL: failed to install elfutils packages. RHEL entitlement may be improperly deployed.\"\n exit 1\n fi \n\n rm -rf /lib/modules/${KERNEL_VERSION}\n mkdir -p /lib/modules/${KERNEL_VERSION}/proc\n\n echo \"Enabling RHOCP and EUS RPM repos...\"\n if [ -n \"${OPENSHIFT_VERSION:-}\" ]; then\n dnf config-manager --set-enabled rhocp-${OPENSHIFT_VERSION}-for-rhel-9-$DRIVER_ARCH-rpms || true\n if ! dnf makecache --releasever=${DNF_RELEASEVER}; then\n dnf config-manager --set-disabled rhocp-${OPENSHIFT_VERSION}-for-rhel-9-$DRIVER_ARCH-rpms || true\n fi\n fi\n\n dnf config-manager --set-enabled rhel-9-for-$DRIVER_ARCH-baseos-eus-rpms || true\n if ! dnf makecache --releasever=${DNF_RELEASEVER}; then\n dnf config-manager --set-disabled rhel-9-for-$DRIVER_ARCH-baseos-eus-rpms || true\n fi\n\n # try with EUS disabled, if it does not work, then try just major version\n if ! dnf makecache --releasever=${DNF_RELEASEVER}; then\n # If pointing to DNF_RELEASEVER does not work, we point to the RHEL_MAJOR_VERSION as a last resort\n if ! dnf makecache --releasever=${RHEL_MAJOR_VERSION}; then\n echo \"FATAL: failed to update the dnf metadata cache after multiple attempts with releasevers ${DNF_RELEASEVER}, ${RHEL_MAJOR_VERSION}\"\n exit 1\n else\n DNF_RELEASEVER=${RHEL_MAJOR_VERSION}\n fi\n fi\n\n echo \"Installing Linux kernel headers...\"\n dnf -q -y --releasever=${DNF_RELEASEVER} install kernel-headers-${KERNEL_VERSION} kernel-devel-${KERNEL_VERSION} --allowerasing > /dev/null\n ln -s /usr/src/kernels/${KERNEL_VERSION} /lib/modules/${KERNEL_VERSION}/build\n\n echo \"Installing Linux kernel module files...\"\n dnf -q -y --releasever=${DNF_RELEASEVER} install kernel-core-${KERNEL_VERSION} > /dev/null\n\n # Prevent depmod from giving a WARNING about missing files\n touch /lib/modules/${KERNEL_VERSION}/modules.order\n touch /lib/modules/${KERNEL_VERSION}/modules.builtin\n\n depmod ${KERNEL_VERSION}\n\n echo \"Generating Linux kernel version string...\"\n if [ \"$TARGETARCH\" = \"arm64\" ]; then\n gunzip -c /lib/modules/${KERNEL_VERSION}/vmlinuz | strings | grep -E '^Linux version' | sed 's/^\\(.*\\)\\s\\+(.*)$/\\1/' > version\n else\n extract-vmlinux /lib/modules/${KERNEL_VERSION}/vmlinuz | strings | grep -E '^Linux version' | sed 's/^\\(.*\\)\\s\\+(.*)$/\\1/' > version\n fi\n if [ -z \"$(<version)\" ]; then\n echo \"Could not locate Linux kernel version string\" >&2\n return 1\n fi\n mv version /lib/modules/${KERNEL_VERSION}/proc\n\n # Parse gcc version\n # gcc_version is expected to match x.y.z\n # current_gcc is expected to match 'gcc-x.y.z-rel.el8.x86_64\n local gcc_version=$(cat /lib/modules/${KERNEL_VERSION}/proc/version | grep -Eo \"gcc \\(GCC\\) ([0-9\\.]+)\" | grep -Eo \"([0-9\\.]+)\")\n local current_gcc=$(rpm -qa gcc)\n echo \"kernel requires gcc version: 'gcc-${gcc_version}', current gcc version is '${current_gcc}'\"\n\n if ! [[ \"${current_gcc}\" =~ \"gcc-${gcc_version}\"-.* ]]; then\n dnf install -q -y --releasever=${DNF_RELEASEVER} \"gcc-${gcc_version}\"\n fi\n)\n\n# Cleanup the prerequisites installed above.\n_remove_prerequisites() {\n true\n if [ \"${PACKAGE_TAG:-}\" != \"builtin\" ]; then\n dnf -q -y remove kernel-headers-${KERNEL_VERSION} kernel-devel-${KERNEL_VERSION} > /dev/null\n # TODO remove module files not matching an existing driver package.\n fi\n}\n\n# Check if the kernel version requires a new precompiled driver packages.\n_kernel_requires_package() {\n local proc_mount_arg=\"\"\n\n echo \"Checking NVIDIA driver packages...\"\n\n [[ ! -d /usr/src/nvidia-${DRIVER_VERSION}/${KERNEL_TYPE} ]] && return 0\n cd /usr/src/nvidia-${DRIVER_VERSION}/${KERNEL_TYPE}\n\n proc_mount_arg=\"--proc-mount-point /lib/modules/${KERNEL_VERSION}/proc\"\n for pkg_name in $(ls -d -1 precompiled/** 2> /dev/null); do\n is_match=$(../mkprecompiled --match ${pkg_name} ${proc_mount_arg})\n if [ \"${is_match}\" == \"kernel interface matches.\" ]; then\n echo \"Found NVIDIA driver package ${pkg_name##*/}\"\n return 1\n fi\n done\n return 0\n}\n\n# Compile the kernel modules, optionally sign them, and generate a precompiled package for use by the nvidia-installer.\n_create_driver_package() (\n local pkg_name=\"nvidia-modules-${KERNEL_VERSION%%-*}${PACKAGE_TAG:+-${PACKAGE_TAG}}\"\n local nvidia_sign_args=\"\"\n local nvidia_modeset_sign_args=\"\"\n local nvidia_uvm_sign_args=\"\"\n\n trap \"make -s -j ${MAX_THREADS} SYSSRC=/lib/modules/${KERNEL_VERSION}/build clean > /dev/null\" EXIT\n\n echo \"Compiling NVIDIA driver kernel modules...\"\n cd /usr/src/nvidia-${DRIVER_VERSION}/${KERNEL_TYPE}\n\n if _gpu_direct_rdma_enabled; then\n ln -s /run/mellanox/drivers/usr/src/ofa_kernel /usr/src/\n # if arch directory exists(MOFED >=5.5) then create a symlink as expected by GPU driver installer\n # This is required as currently GPU driver installer doesn't expect headers in x86_64 folder, but only in either default or kernel-version folder.\n # ls -ltr /usr/src/ofa_kernel/\n # lrwxrwxrwx 1 root root 36 Dec 8 20:10 default -> /etc/alternatives/ofa_kernel_headers\n # drwxr-xr-x 4 root root 4096 Dec 8 20:14 x86_64\n # lrwxrwxrwx 1 root root 44 Dec 9 19:05 5.4.0-90-generic -> /usr/src/ofa_kernel/x86_64/5.4.0-90-generic/\n if [[ -d \"/run/mellanox/drivers/usr/src/ofa_kernel/$(uname -m)/$(uname -r)\" ]]; then\n if [[ ! -e \"/usr/src/ofa_kernel/$(uname -r)\" ]]; then\n ln -s \"/run/mellanox/drivers/usr/src/ofa_kernel/$(uname -m)/$(uname -r)\" /usr/src/ofa_kernel/\n fi\n fi\n fi\n\n make -s -j ${MAX_THREADS} SYSSRC=/lib/modules/${KERNEL_VERSION}/build nv-linux.o nv-modeset-linux.o > /dev/null\n\n echo \"Relinking NVIDIA driver kernel modules...\"\n rm -f nvidia.ko nvidia-modeset.ko\n ld -d -r -o nvidia.ko ./nv-linux.o ./nvidia/nv-kernel.o_binary\n ld -d -r -o nvidia-modeset.ko ./nv-modeset-linux.o ./nvidia-modeset/nv-modeset-kernel.o_binary\n\n if [ -n \"${PRIVATE_KEY}\" ]; then\n echo \"Signing NVIDIA driver kernel modules...\"\n donkey get ${PRIVATE_KEY} sh -c \"PATH=${PATH}:/usr/src/linux-headers-${KERNEL_VERSION}/scripts && \\\n sign-file sha512 \\$DONKEY_FILE pubkey.x509 nvidia.ko nvidia.ko.sign && \\\n sign-file sha512 \\$DONKEY_FILE pubkey.x509 nvidia-modeset.ko nvidia-modeset.ko.sign && \\\n sign-file sha512 \\$DONKEY_FILE pubkey.x509 nvidia-uvm.ko\"\n nvidia_sign_args=\"--linked-module nvidia.ko --signed-module nvidia.ko.sign\"\n nvidia_modeset_sign_args=\"--linked-module nvidia-modeset.ko --signed-module nvidia-modeset.ko.sign\"\n nvidia_uvm_sign_args=\"--signed\"\n fi\n\n echo \"Building NVIDIA driver package ${pkg_name}...\"\n ../mkprecompiled --pack ${pkg_name} --description ${KERNEL_VERSION} \\\n --proc-mount-point /lib/modules/${KERNEL_VERSION}/proc \\\n --driver-version ${DRIVER_VERSION} \\\n --kernel-interface nv-linux.o \\\n --linked-module-name nvidia.ko \\\n --core-object-name nvidia/nv-kernel.o_binary \\\n ${nvidia_sign_args} \\\n --target-directory . \\\n --kernel-interface nv-modeset-linux.o \\\n --linked-module-name nvidia-modeset.ko \\\n --core-object-name nvidia-modeset/nv-modeset-kernel.o_binary \\\n ${nvidia_modeset_sign_args} \\\n --target-directory . \\\n --kernel-module nvidia-uvm.ko \\\n ${nvidia_uvm_sign_args} \\\n --target-directory .\n mkdir -p precompiled\n mv ${pkg_name} precompiled\n)\n\n_assert_nvswitch_system() {\n [ -d /proc/driver/nvidia-nvswitch ] || return 1\n entries=$(ls -1 /proc/driver/nvidia-nvswitch/devices/*)\n if [ -z \"${entries}\" ]; then\n return 1\n fi\n return 0\n}\n\n# For each kernel module configuration file mounted into the container,\n# parse the file contents and extract the custom module parameters that\n# are to be passed as input to 'modprobe'.\n#\n# Assumptions:\n# - Configuration files are named <module-name>.conf (i.e. nvidia.conf, nvidia-uvm.conf).\n# - Configuration files are mounted inside the container at /drivers.\n# - Each line in the file contains at least one parameter, where parameters on the same line\n# are space delimited. It is up to the user to properly format the file to ensure\n# the correct set of parameters are passed to 'modprobe'.\n_get_module_params() {\n local base_path=\"/drivers\"\n # nvidia\n if [ -f \"${base_path}/nvidia.conf\" ]; then\n while IFS=\"\" read -r param || [ -n \"$param\" ]; do\n NVIDIA_MODULE_PARAMS+=(\"$param\")\n done <\"${base_path}/nvidia.conf\"\n echo \"Module parameters provided for nvidia: ${NVIDIA_MODULE_PARAMS[@]}\"\n fi\n # nvidia-uvm\n if [ -f \"${base_path}/nvidia-uvm.conf\" ]; then\n while IFS=\"\" read -r param || [ -n \"$param\" ]; do\n NVIDIA_UVM_MODULE_PARAMS+=(\"$param\")\n done <\"${base_path}/nvidia-uvm.conf\"\n echo \"Module parameters provided for nvidia-uvm: ${NVIDIA_UVM_MODULE_PARAMS[@]}\"\n fi\n # nvidia-modeset\n if [ -f \"${base_path}/nvidia-modeset.conf\" ]; then\n while IFS=\"\" read -r param || [ -n \"$param\" ]; do\n NVIDIA_MODESET_MODULE_PARAMS+=(\"$param\")\n done <\"${base_path}/nvidia-modeset.conf\"\n echo \"Module parameters provided for nvidia-modeset: ${NVIDIA_MODESET_MODULE_PARAMS[@]}\"\n fi\n # nvidia-peermem\n if [ -f \"${base_path}/nvidia-peermem.conf\" ]; then\n while IFS=\"\" read -r param || [ -n \"$param\" ]; do\n NVIDIA_PEERMEM_MODULE_PARAMS+=(\"$param\")\n done <\"${base_path}/nvidia-peermem.conf\"\n echo \"Module parameters provided for nvidia-peermem: ${NVIDIA_PEERMEM_MODULE_PARAMS[@]}\"\n fi\n}\n\n# Load the kernel modules and start persistenced.\n_load_driver() {\n echo \"Parsing kernel module parameters...\"\n _get_module_params\n\n local nv_fw_search_path=\"$RUN_DIR/driver/lib/firmware\"\n local set_fw_path=\"true\"\n local fw_path_config_file=\"/sys/module/firmware_class/parameters/path\"\n for param in \"${NVIDIA_MODULE_PARAMS[@]}\"; do\n if [[ \"$param\" == \"NVreg_EnableGpuFirmware=0\" ]]; then\n set_fw_path=\"false\"\n fi\n done\n\n if [[ \"$set_fw_path\" == \"true\" ]]; then\n echo \"Configuring the following firmware search path in '$fw_path_config_file': $nv_fw_search_path\"\n if [[ ! -z $(grep '[^[:space:]]' $fw_path_config_file) ]]; then\n echo \"WARNING: A search path is already configured in $fw_path_config_file\"\n echo \" Retaining the current configuration\"\n else\n echo -n \"$nv_fw_search_path\" > $fw_path_config_file || echo \"WARNING: Failed to configure the firmware search path\"\n fi\n fi\n\n echo \"Loading ipmi and i2c_core kernel modules...\"\n modprobe -a i2c_core ipmi_msghandler ipmi_devintf\n\n echo \"Loading NVIDIA driver kernel modules...\"\n set -o xtrace +o nounset\n modprobe nvidia \"${NVIDIA_MODULE_PARAMS[@]}\"\n modprobe nvidia-uvm \"${NVIDIA_UVM_MODULE_PARAMS[@]}\"\n modprobe nvidia-modeset \"${NVIDIA_MODESET_MODULE_PARAMS[@]}\"\n set +o xtrace -o nounset\n\n if _gpu_direct_rdma_enabled; then\n echo \"Loading NVIDIA Peer Memory kernel module...\"\n set -o xtrace +o nounset\n modprobe -a nvidia-peermem \"${NVIDIA_PEERMEM_MODULE_PARAMS[@]}\"\n set +o xtrace -o nounset\n fi\n\n echo \"Starting NVIDIA persistence daemon...\"\n nvidia-persistenced --persistence-mode\n\n if [ \"${DRIVER_TYPE}\" = \"vgpu\" ]; then\n echo \"Copying gridd.conf...\"\n cp /drivers/gridd.conf /etc/nvidia/gridd.conf\n if [ \"${VGPU_LICENSE_SERVER_TYPE}\" = \"NLS\" ]; then\n echo \"Copying ClientConfigToken...\"\n mkdir -p /etc/nvidia/ClientConfigToken/\n cp /drivers/ClientConfigToken/* /etc/nvidia/ClientConfigToken/\n fi\n\n echo \"Starting nvidia-gridd..\"\n LD_LIBRARY_PATH=/usr/lib64/nvidia/gridd nvidia-gridd\n\n # Start virtual topology daemon\n _start_vgpu_topology_daemon\n fi\n\n if _assert_nvswitch_system; then\n echo \"Starting NVIDIA fabric manager daemon...\"\n nv-fabricmanager -c /usr/share/nvidia/nvswitch/fabricmanager.cfg\n fi\n}\n\n# Stop persistenced and unload the kernel modules if they are currently loaded.\n_unload_driver() {\n local rmmod_args=()\n local nvidia_deps=0\n local nvidia_refs=0\n local nvidia_uvm_refs=0\n local nvidia_modeset_refs=0\n local nvidia_peermem_refs=0\n\n echo \"Stopping NVIDIA persistence daemon...\"\n if [ -f /var/run/nvidia-persistenced/nvidia-persistenced.pid ]; then\n local pid=$(< /var/run/nvidia-persistenced/nvidia-persistenced.pid)\n\n kill -SIGTERM \"${pid}\"\n for i in $(seq 1 50); do\n kill -0 \"${pid}\" 2> /dev/null || break\n sleep 0.1\n done\n if [ $i -eq 50 ]; then\n echo \"Could not stop NVIDIA persistence daemon\" >&2\n return 1\n fi\n fi\n\n if [ -f /var/run/nvidia-gridd/nvidia-gridd.pid ]; then\n echo \"Stopping NVIDIA grid daemon...\"\n local pid=$(< /var/run/nvidia-gridd/nvidia-gridd.pid)\n\n kill -SIGTERM \"${pid}\"\n for i in $(seq 1 10); do\n kill -0 \"${pid}\" 2> /dev/null || break\n sleep 0.1\n done\n if [ $i -eq 10 ]; then\n echo \"Could not stop NVIDIA Grid daemon\" >&2\n return 1\n fi\n fi\n\n if [ -f /var/run/nvidia-fabricmanager/nv-fabricmanager.pid ]; then\n echo \"Stopping NVIDIA fabric manager daemon...\"\n local pid=$(< /var/run/nvidia-fabricmanager/nv-fabricmanager.pid)\n\n kill -SIGTERM \"${pid}\"\n for i in $(seq 1 50); do\n kill -0 \"${pid}\" 2> /dev/null || break\n sleep 0.1\n done\n if [ $i -eq 50 ]; then\n echo \"Could not stop NVIDIA fabric manager daemon\" >&2\n return 1\n fi\n fi\n\n echo \"Unloading NVIDIA driver kernel modules...\"\n if [ -f /sys/module/nvidia_modeset/refcnt ]; then\n nvidia_modeset_refs=$(< /sys/module/nvidia_modeset/refcnt)\n rmmod_args+=(\"nvidia-modeset\")\n ((++nvidia_deps))\n fi\n if [ -f /sys/module/nvidia_uvm/refcnt ]; then\n nvidia_uvm_refs=$(< /sys/module/nvidia_uvm/refcnt)\n rmmod_args+=(\"nvidia-uvm\")\n ((++nvidia_deps))\n fi\n if [ -f /sys/module/nvidia/refcnt ]; then\n nvidia_refs=$(< /sys/module/nvidia/refcnt)\n rmmod_args+=(\"nvidia\")\n fi\n if [ -f /sys/module/nvidia_peermem/refcnt ]; then\n nvidia_peermem_refs=$(< /sys/module/nvidia_peermem/refcnt)\n rmmod_args+=(\"nvidia-peermem\")\n ((++nvidia_deps))\n fi\n if [ ${nvidia_refs} -gt ${nvidia_deps} ] || [ ${nvidia_uvm_refs} -gt 0 ] || [ ${nvidia_modeset_refs} -gt 0 ] || [ ${nvidia_peermem_refs} -gt 0 ]; then\n echo \"Could not unload NVIDIA driver kernel modules, driver is in use\" >&2\n return 1\n fi\n\n if [ ${#rmmod_args[@]} -gt 0 ]; then\n rmmod ${rmmod_args[@]}\n fi\n return 0\n}\n\n# Link and install the kernel modules from a precompiled package using the nvidia-installer.\n_install_driver() {\n local install_args=()\n\n echo \"Installing NVIDIA driver kernel modules...\"\n cd /usr/src/nvidia-${DRIVER_VERSION}\n rm -rf /lib/modules/${KERNEL_VERSION}/video\n\n if [ \"${ACCEPT_LICENSE}\" = \"yes\" ]; then\n install_args+=(\"--accept-license\")\n fi\n IGNORE_CC_MISMATCH=1 nvidia-installer --kernel-module-only --no-drm --ui=none --no-nouveau-check -m=${KERNEL_TYPE} ${install_args[@]+\"${install_args[@]}\"}\n # May need to add no-cc-check for Rhel, otherwise it complains about cc missing in path\n # /proc/version and lib/modules/KERNEL_VERSION/proc are different, by default installer looks at /proc/ so, added the proc-mount-point\n # TODO: remove the -a flag. its not needed. in the new driver version, license-acceptance is implicit\n #nvidia-installer --kernel-module-only --no-drm --ui=none --no-nouveau-check --no-cc-version-check --proc-mount-point /lib/modules/${KERNEL_VERSION}/proc ${install_args[@]+\"${install_args[@]}\"}\n}\n\n# Mount the driver rootfs into the run directory with the exception of sysfs.\n_mount_rootfs() {\n echo \"Mounting NVIDIA driver rootfs...\"\n mount --make-runbindable /sys\n mount --make-private /sys\n mkdir -p ${RUN_DIR}/driver\n mount --rbind / ${RUN_DIR}/driver\n\n echo \"Check SELinux status\"\n if [ -e /sys/fs/selinux ]; then\n echo \"SELinux is enabled\"\n echo \"Change device files security context for selinux compatibility\"\n chcon -R -t container_file_t ${RUN_DIR}/driver/dev\n else\n echo \"SELinux is disabled, skipping...\"\n fi\n}\n\n# Unmount the driver rootfs from the run directory.\n_unmount_rootfs() {\n echo \"Unmounting NVIDIA driver rootfs...\"\n if findmnt -r -o TARGET | grep \"${RUN_DIR}/driver\" > /dev/null; then\n umount -l -R ${RUN_DIR}/driver\n fi\n}\n\n# Write a kernel postinst.d script to automatically precompile packages on kernel update (similar to DKMS).\n_write_kernel_update_hook() {\n if [ ! -d ${KERNEL_UPDATE_HOOK%/*} ]; then\n return\n fi\n\n echo \"Writing kernel update hook...\"\n cat > ${KERNEL_UPDATE_HOOK} <<'EOF'\n#!/bin/bash\n\nset -eu\ntrap 'echo \"ERROR: Failed to update the NVIDIA driver\" >&2; exit 0' ERR\n\nNVIDIA_DRIVER_PID=$(< /run/nvidia/nvidia-driver.pid)\n\nexport \"$(grep -z DRIVER_VERSION /proc/${NVIDIA_DRIVER_PID}/environ)\"\nnsenter -t \"${NVIDIA_DRIVER_PID}\" -m -- nvidia-driver update --kernel \"$1\"\nEOF\n chmod +x ${KERNEL_UPDATE_HOOK}\n}\n\n_shutdown() {\n if _unload_driver; then\n _unmount_rootfs\n rm -f ${PID_FILE} ${KERNEL_UPDATE_HOOK}\n return 0\n fi\n return 1\n}\n\n_find_vgpu_driver_version() {\n local count=\"\"\n local version=\"\"\n local drivers_path=\"/drivers\"\n\n if [ \"${DISABLE_VGPU_VERSION_CHECK}\" = \"true\" ]; then\n echo \"vgpu version compatibility check is disabled\"\n return 0\n fi\n # check if vgpu devices are present\n count=$(vgpu-util count)\n if [ $? -ne 0 ]; then\n echo \"cannot find vgpu devices on host, pleae check /var/log/vgpu-util.log for more details...\"\n return 0\n fi\n NUM_VGPU_DEVICES=$(echo \"$count\" | awk -F= '{print $2}')\n if [ $NUM_VGPU_DEVICES -eq 0 ]; then\n # no vgpu devices found, treat as passthrough\n return 0\n fi\n echo \"found $NUM_VGPU_DEVICES vgpu devices on host\"\n\n # find compatible guest driver using driver catalog\n if [ -d \"/mnt/shared-nvidia-driver-toolkit/drivers\" ]; then\n drivers_path=\"/mnt/shared-nvidia-driver-toolkit/drivers\"\n fi\n version=$(vgpu-util match -i \"${drivers_path}\" -c \"${drivers_path}/vgpuDriverCatalog.yaml\")\n if [ $? -ne 0 ]; then\n echo \"cannot find match for compatible vgpu driver from available list, please check /var/log/vgpu-util.log for more details...\"\n return 1\n fi\n DRIVER_VERSION=$(echo \"$version\" | awk -F= '{print $2}')\n echo \"vgpu driver version selected: ${DRIVER_VERSION}\"\n return 0\n}\n\n_start_vgpu_topology_daemon() {\n type nvidia-topologyd > /dev/null 2>&1 || return 0\n echo \"Starting nvidia-topologyd..\"\n nvidia-topologyd\n}\n\n_prepare() {\n if [ \"${DRIVER_TYPE}\" = \"vgpu\" ]; then\n _find_vgpu_driver_version || exit 1\n fi\n\n # Install the userspace components and copy the kernel module sources.\n sh NVIDIA-Linux-$DRIVER_ARCH-$DRIVER_VERSION.run -x && \\\n cd NVIDIA-Linux-$DRIVER_ARCH-$DRIVER_VERSION && \\\n sh /tmp/install.sh nvinstall && \\\n mkdir -p /usr/src/nvidia-$DRIVER_VERSION && \\\n mv LICENSE mkprecompiled ${KERNEL_TYPE} /usr/src/nvidia-$DRIVER_VERSION && \\\n sed '9,${/^\\(kernel\\|LICENSE\\)/!d}' .manifest > /usr/src/nvidia-$DRIVER_VERSION/.manifest\n\n echo -e \"\\n========== NVIDIA Software Installer ==========\\n\"\n echo -e \"Starting installation of NVIDIA driver version ${DRIVER_VERSION} for Linux kernel version ${KERNEL_VERSION}\\n\"\n}\n\n_prepare_exclusive() {\n _prepare\n\n exec 3> ${PID_FILE}\n if ! flock -n 3; then\n echo \"An instance of the NVIDIA driver is already running, aborting\"\n exit 1\n fi\n echo $$ >&3\n\n trap \"echo 'Caught signal'; exit 1\" HUP INT QUIT PIPE TERM\n trap \"_shutdown\" EXIT\n\n _unload_driver || exit 1\n _unmount_rootfs\n}\n\n_build() {\n # Install dependencies\n if _kernel_requires_package; then\n _update_package_cache\n _install_prerequisites\n _create_driver_package\n #_remove_prerequisites\n _cleanup_package_cache\n fi\n\n # Build the driver\n _install_driver\n}\n\n_load() {\n _load_driver\n _mount_rootfs\n _write_kernel_update_hook\n\n echo \"Done, now waiting for signal\"\n sleep infinity &\n trap \"echo 'Caught signal'; _shutdown && { kill $!; exit 0; }\" HUP INT QUIT PIPE TERM\n trap - EXIT\n while true; do wait $! || continue; done\n exit 0\n}\n\ninit() {\n _prepare_exclusive\n\n _build\n\n _load\n}\n\nbuild() {\n _prepare\n\n _build\n}\n\nload() {\n _prepare_exclusive\n\n _load\n}\n\nupdate() {\n exec 3>&2\n if exec 2> /dev/null 4< ${PID_FILE}; then\n if ! flock -n 4 && read pid <&4 && kill -0 \"${pid}\"; then\n exec > >(tee -a \"/proc/${pid}/fd/1\")\n exec 2> >(tee -a \"/proc/${pid}/fd/2\" >&3)\n else\n exec 2>&3\n fi\n exec 4>&-\n fi\n exec 3>&-\n\n # vgpu driver version is chosen dynamically during runtime, so pre-compile modules for\n # only non-vgpu driver types\n if [ \"${DRIVER_TYPE}\" != \"vgpu\" ]; then\n # Install the userspace components and copy the kernel module sources.\n if [ ! -e /usr/src/nvidia-${DRIVER_VERSION}/mkprecompiled ]; then\n sh NVIDIA-Linux-$DRIVER_ARCH-$DRIVER_VERSION.run -x && \\\n cd NVIDIA-Linux-$DRIVER_ARCH-$DRIVER_VERSION && \\\n sh /tmp/install.sh nvinstall && \\\n mkdir -p /usr/src/nvidia-$DRIVER_VERSION && \\\n mv LICENSE mkprecompiled ${KERNEL_TYPE} /usr/src/nvidia-$DRIVER_VERSION && \\\n sed '9,${/^\\(kernel\\|LICENSE\\)/!d}' .manifest > /usr/src/nvidia-$DRIVER_VERSION/.manifest\n fi\n fi\n\n echo -e \"\\n========== NVIDIA Software Updater ==========\\n\"\n echo -e \"Starting update of NVIDIA driver version ${DRIVER_VERSION} for Linux kernel version ${KERNEL_VERSION}\\n\"\n\n trap \"echo 'Caught signal'; exit 1\" HUP INT QUIT PIPE TERM\n\n _update_package_cache\n _resolve_kernel_version || exit 1\n _install_prerequisites\n if _kernel_requires_package; then\n _create_driver_package\n fi\n _remove_prerequisites\n _cleanup_package_cache\n\n echo \"Done\"\n exit 0\n}\n\n# Wait for MOFED drivers to be loaded and load nvidia-peermem whenever it gets unloaded during MOFED driver updates\nreload_nvidia_peermem() {\n if [ \"$USE_HOST_MOFED\" = \"true\" ]; then\n until lsmod | grep mlx5_core > /dev/null 2>&1 && [ -f /run/nvidia/validations/.driver-ctr-ready ];\n do\n echo \"waiting for mellanox ofed and nvidia drivers to be installed\"\n sleep 10\n done\n else\n # use driver readiness flag created by MOFED container\n until [ -f /run/mellanox/drivers/.driver-ready ] && [ -f /run/nvidia/validations/.driver-ctr-ready ];\n do\n echo \"waiting for mellanox ofed and nvidia drivers to be installed\"\n sleep 10\n done\n fi\n # get any parameters provided for nvidia-peermem\n _get_module_params && set +o nounset\n if chroot /run/nvidia/driver modprobe nvidia-peermem \"${NVIDIA_PEERMEM_MODULE_PARAMS[@]}\"; then\n if [ -f /sys/module/nvidia_peermem/refcnt ]; then\n echo \"successfully loaded nvidia-peermem module, now waiting for signal\"\n sleep inf\n trap \"echo 'Caught signal'; exit 1\" HUP INT QUIT PIPE TERM\n fi\n fi\n echo \"failed to load nvidia-peermem module\"\n exit 1\n}\n\n# probe by gpu-operator for liveness/startup checks for nvidia-peermem module to be loaded when MOFED drivers are ready\nprobe_nvidia_peermem() {\n if lsmod | grep mlx5_core > /dev/null 2>&1; then\n if [ ! -f /sys/module/nvidia_peermem/refcnt ]; then\n echo \"nvidia-peermem module is not loaded\"\n return 1\n fi\n else\n echo \"MOFED drivers are not ready, skipping probe to avoid container restarts...\"\n fi\n return 0\n}\n\nusage() {\n cat >&2 <<EOF\nUsage: $0 COMMAND [ARG...]\n\nCommands:\n init [-a | --accept-license] [-m | --max-threads MAX_THREADS]\n build [-a | --accept-license] [-m | --max-threads MAX_THREADS]\n load\n update [-k | --kernel VERSION] [-s | --sign KEYID] [-t | --tag TAG] [-m | --max-threads MAX_THREADS]\nEOF\n exit 1\n}\n\nif [ $# -eq 0 ]; then\n usage\nfi\ncommand=$1; shift\ncase \"${command}\" in\n init) options=$(getopt -l accept-license,max-threads: -o am: -- \"$@\") ;;\n build) options=$(getopt -l accept-license,tag:,max-threads: -o a:t:m: -- \"$@\") ;;\n load) options=\"\" ;;\n update) options=$(getopt -l kernel:,sign:,tag:,max-threads: -o k:s:t:m: -- \"$@\") ;;\n reload_nvidia_peermem) options=\"\" ;;\n probe_nvidia_peermem) options=\"\" ;;\n *) usage ;;\nesac\nif [ $? -ne 0 ]; then\n usage\nfi\neval set -- \"${options}\"\n\nACCEPT_LICENSE=\"\"\nMAX_THREADS=\"\"\nKERNEL_VERSION=$(uname -r)\nPRIVATE_KEY=\"\"\nPACKAGE_TAG=\"\"\n\nfor opt in ${options}; do\n case \"$opt\" in\n -a | --accept-license) ACCEPT_LICENSE=\"yes\"; shift 1 ;;\n -k | --kernel) KERNEL_VERSION=$2; shift 2 ;;\n -m | --max-threads) MAX_THREADS=$2; shift 2 ;;\n -s | --sign) PRIVATE_KEY=$2; shift 2 ;;\n -t | --tag) PACKAGE_TAG=$2; shift 2 ;;\n --) shift; break ;;\n esac\ndone\nif [ $# -ne 0 ]; then\n usage\nfi\n\n_resolve_rhel_version || exit 1\n\n$command\n
\u4f7f\u7528\u5b98\u65b9\u7684\u955c\u50cf\u6765\u4e8c\u6b21\u6784\u5efa\u81ea\u5b9a\u4e49\u955c\u50cf\uff0c\u5982\u4e0b\u662f\u4e00\u4e2a Dockerfile
\u6587\u4ef6\u7684\u5185\u5bb9\uff1a
FROM nvcr.io/nvidia/driver:535.183.06-rhel9.2\nCOPY nvidia-driver /usr/local/bin\nRUN chmod +x /usr/local/bin/nvidia-driver\nCMD [\"/bin/bash\", \"-c\"]\n
\u6784\u5efa\u547d\u4ee4\u5e76\u63a8\u9001\u5230\u706b\u79cd\u96c6\u7fa4\uff1a
docker build -t {\u706b\u79cdregistry}/nvcr.m.daocloud.io/nvidia/driver:535.183.06-01-rhel9.2 -f Dockerfile .\ndocker push {\u706b\u79cdregistry}/nvcr.m.daocloud.io/nvidia/driver:535.183.06-01-rhel9.2\n
"},{"location":"end-user/kpanda/gpu/nvidia/rhel9.2_offline_install_driver.html#_2","title":"\u5b89\u88c5\u9a71\u52a8","text":"driver.version=535.183.06-01
\u524d\u63d0\u6761\u4ef6\uff1a\u5df2\u5b89\u88c5 gpu-operator v23.9.0+2 \u53ca\u66f4\u9ad8\u7248\u672c
"},{"location":"end-user/kpanda/gpu/nvidia/ubuntu22.04_offline_install_driver.html#_1","title":"\u51c6\u5907\u79bb\u7ebf\u955c\u50cf","text":"\u67e5\u770b\u5185\u6838\u7248\u672c
$ uname -r\n5.15.0-78-generic\n
\u67e5\u770b\u5185\u6838\u5bf9\u5e94\u7684 GPU Driver \u955c\u50cf\u7248\u672c\uff0c https://catalog.ngc.nvidia.com/orgs/nvidia/containers/driver/tags
\u3002 \u4f7f\u7528\u5185\u6838\u67e5\u8be2\u955c\u50cf\u7248\u672c\uff0c\u901a\u8fc7 ctr export
\u4fdd\u5b58\u955c\u50cf\u3002
ctr i pull nvcr.io/nvidia/driver:535-5.15.0-78-generic-ubuntu22.04\nctr i export --all-platforms driver.tar.gz nvcr.io/nvidia/driver:535-5.15.0-78-generic-ubuntu22.04 \n
\u628a\u955c\u50cf\u5bfc\u5165\u5230\u706b\u79cd\u96c6\u7fa4\u7684\u955c\u50cf\u4ed3\u5e93\u4e2d
ctr i import driver.tar.gz\nctr i tag nvcr.io/nvidia/driver:535-5.15.0-78-generic-ubuntu22.04 {\u706b\u79cdregistry}/nvcr.m.daocloud.io/nvidia/driver:535-5.15.0-78-generic-ubuntu22.04\nctr i push {\u706b\u79cdregistry}/nvcr.m.daocloud.io/nvidia/driver:535-5.15.0-78-generic-ubuntu22.04 --skip-verify=true\n
driver.usePrecompiled=true
,\u5e76\u8bbe\u7f6e driver.version=535
\uff0c\u8fd9\u91cc\u8981\u6ce8\u610f\uff0c\u5199\u7684\u662f 535\uff0c\u4e0d\u662f 535.104.12\u3002\uff08\u975e\u9884\u7f16\u8bd1\u6a21\u5f0f\u8df3\u8fc7\u6b64\u6b65\uff0c\u76f4\u63a5\u5b89\u88c5\u5373\u53ef\uff09\u5f53\u5de5\u4f5c\u8282\u70b9\u7684\u5185\u6838\u7248\u672c\u4e0e\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u7684\u63a7\u5236\u8282\u70b9\u5185\u6838\u7248\u672c\u6216 OS \u7c7b\u578b\u4e0d\u4e00\u81f4\u65f6\uff0c\u9700\u8981\u7528\u6237\u624b\u52a8\u6784\u5efa\u79bb\u7ebf yum \u6e90\u3002
\u672c\u6587\u4ecb\u7ecd\u5982\u4f55\u6784\u5efa\u79bb\u7ebf yum \u6e90\uff0c \u5e76\u5728\u5b89\u88c5 Gpu Operator \u65f6\uff0c\u901a\u8fc7 RepoConfig.ConfigMapName
\u53c2\u6570\u6765\u4f7f\u7528\u3002
\u672c\u6587\u4ee5\u5185\u6838\u7248\u672c\u4e3a 3.10.0-1160.95.1.el7.x86_64
\u7684 CentOS 7.9 \u8282\u70b9\u4e3a\u4f8b\uff0c\u4ecb\u7ecd\u5982\u4f55\u6784\u5efa GPU operator \u79bb\u7ebf\u5305\u7684 yum \u6e90\u3002
\u5206\u522b\u5728\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u7684\u63a7\u5236\u8282\u70b9\u548c\u5f85\u90e8\u7f72 GPU Operator \u7684\u8282\u70b9\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u82e5\u4e24\u4e2a\u8282\u70b9\u7684 OS \u548c\u5185\u6838\u7248\u672c\u4e00\u81f4\u5219\u65e0\u9700\u6784\u5efa yum \u6e90\uff0c \u53ef\u53c2\u8003\u79bb\u7ebf\u5b89\u88c5 GPU Operator \u6587\u6863\u76f4\u63a5\u5b89\u88c5\uff1b\u82e5\u4e24\u4e2a\u8282\u70b9\u7684 OS \u6216\u5185\u6838\u7248\u672c\u4e0d\u4e00\u81f4\uff0c\u8bf7\u6267\u884c\u4e0b\u4e00\u6b65\u3002
\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u67e5\u770b\u96c6\u7fa4\u4e0b\u5f85\u90e8\u7f72 GPU Operator \u8282\u70b9\u7684\u53d1\u884c\u7248\u540d\u79f0\u548c\u7248\u672c\u53f7\u3002
cat /etc/redhat-release\n
\u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a
CentOS Linux release 7.9 (Core)\n
\u8f93\u51fa\u7ed3\u679c\u4e3a\u5f53\u524d\u8282\u70b9\u5185\u6838\u7248\u672c CentOS 7.9
\u3002
\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u67e5\u770b\u96c6\u7fa4\u4e0b\u5f85\u90e8\u7f72 GPU Operator \u8282\u70b9\u7684\u5185\u6838\u7248\u672c\u3002
uname -a\n
\u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a
Linux localhost.localdomain 3.10.0-1160.95.1.el7.x86_64 #1 SMP Mon Oct 19 16:18:59 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux\n
\u8f93\u51fa\u7ed3\u679c\u4e3a\u5f53\u524d\u8282\u70b9\u5185\u6838\u7248\u672c 3.10.0-1160.el7.x86_64
\u3002
\u5728\u4e00\u4e2a\u80fd\u591f\u8bbf\u95ee\u4e92\u8054\u7f51\u548c\u6587\u4ef6\u670d\u52a1\u5668\u7684\u8282\u70b9\u4e0a\u8fdb\u884c\u64cd\u4f5c\u3002
\u5728\u4e00\u4e2a\u80fd\u591f\u8bbf\u95ee\u4e92\u8054\u7f51\u548c\u6587\u4ef6\u670d\u52a1\u5668\u7684\u8282\u70b9\u4e0a\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u65b0\u5efa\u4e00\u4e2a\u540d\u4e3a yum.sh \u7684\u811a\u672c\u6587\u4ef6\u3002
vi yum.sh\n
\u7136\u540e\u6309\u4e0b i \u952e\u8fdb\u5165\u63d2\u5165\u6a21\u5f0f\uff0c\u8f93\u5165\u4ee5\u4e0b\u5185\u5bb9\uff1a
export TARGET_KERNEL_VERSION=$1\n\ncat >> run.sh << \\EOF\n#! /bin/bash\necho \"start install kernel repo\"\necho ${KERNEL_VERSION}\nmkdir centos-base\n\nif [ \"$OS\" -eq 7 ]; then\n yum install --downloadonly --downloaddir=./centos-base perl\n yum install --downloadonly --downloaddir=./centos-base elfutils-libelf.x86_64\n yum install --downloadonly --downloaddir=./redhat-base elfutils-libelf-devel.x86_64\n yum install --downloadonly --downloaddir=./centos-base kernel-headers-${KERNEL_VERSION}.el7.x86_64\n yum install --downloadonly --downloaddir=./centos-base kernel-devel-${KERNEL_VERSION}.el7.x86_64\n yum install --downloadonly --downloaddir=./centos-base kernel-${KERNEL_VERSION}.el7.x86_64\n yum install -y --downloadonly --downloaddir=./centos-base groff-base\nelif [ \"$OS\" -eq 8 ]; then\n yum install --downloadonly --downloaddir=./centos-base perl\n yum install --downloadonly --downloaddir=./centos-base elfutils-libelf.x86_64\n yum install --downloadonly --downloaddir=./redhat-base elfutils-libelf-devel.x86_64\n yum install --downloadonly --downloaddir=./centos-base kernel-headers-${KERNEL_VERSION}.el8.x86_64\n yum install --downloadonly --downloaddir=./centos-base kernel-devel-${KERNEL_VERSION}.el8.x86_64\n yum install --downloadonly --downloaddir=./centos-base kernel-${KERNEL_VERSION}.el8.x86_64\n yum install -y --downloadonly --downloaddir=./centos-base groff-base\nelse\n echo \"Error os version\"\nfi\n\ncreaterepo centos-base/\nls -lh centos-base/\ntar -zcf centos-base.tar.gz centos-base/\necho \"end install kernel repo\"\nEOF\n\ncat >> Dockerfile << EOF\nFROM centos:7\nENV KERNEL_VERSION=\"\"\nENV OS=7\nRUN yum install -y createrepo\nCOPY run.sh .\nENTRYPOINT [\"/bin/bash\",\"run.sh\"]\nEOF\n\ndocker build -t test:v1 -f Dockerfile .\ndocker run -e KERNEL_VERSION=$TARGET_KERNEL_VERSION --name centos7.9 test:v1\ndocker cp centos7.9:/centos-base.tar.gz .\ntar -xzf centos-base.tar.gz\n
\u6309\u4e0b esc \u952e\u9000\u51fa\u63d2\u5165\u6a21\u5f0f\uff0c\u7136\u540e\u8f93\u5165 __ :wq__ \u4fdd\u5b58\u5e76\u9000\u51fa\u3002
\u8fd0\u884c yum.sh \u6587\u4ef6\uff1a
bash -x yum.sh TARGET_KERNEL_VERSION\n
TARGET_KERNEL_VERSION
\u53c2\u6570\u7528\u4e8e\u6307\u5b9a\u96c6\u7fa4\u8282\u70b9\u7684\u5185\u6838\u7248\u672c\uff0c\u6ce8\u610f\uff1a\u53d1\u884c\u7248\u6807\u8bc6\u7b26\uff08\u5982 __ .el7.x86_64 __ \uff09\u65e0\u9700\u8f93\u5165\u3002 \u4f8b\u5982\uff1a
bash -x yum.sh 3.10.0-1160.95.1\n
\u81f3\u6b64\uff0c\u60a8\u5df2\u7ecf\u751f\u6210\u4e86\u5185\u6838\u4e3a 3.10.0-1160.95.1.el7.x86_64 \u7684\u79bb\u7ebf\u7684 yum \u6e90\uff1a centos-base \u3002
"},{"location":"end-user/kpanda/gpu/nvidia/upgrade_yum_source_centos7_9.html#yum_1","title":"\u4e0a\u4f20\u79bb\u7ebf yum \u6e90\u5230\u6587\u4ef6\u670d\u52a1\u5668","text":"\u5728\u4e00\u4e2a\u80fd\u591f\u8bbf\u95ee\u4e92\u8054\u7f51\u548c\u6587\u4ef6\u670d\u52a1\u5668\u7684\u8282\u70b9\u4e0a\u8fdb\u884c\u64cd\u4f5c\u3002\u4e3b\u8981\u7528\u4e8e\u5c06\u4e0a\u4e00\u6b65\u4e2d\u751f\u6210\u7684 yum \u6e90\u4e0a\u4f20\u5230\u53ef\u4ee5\u88ab\u5f85\u90e8\u7f72 GPU Operator \u7684\u96c6\u7fa4\u8fdb\u884c\u8bbf\u95ee\u7684\u6587\u4ef6\u670d\u52a1\u5668\u4e2d\u3002 \u6587\u4ef6\u670d\u52a1\u5668\u53ef\u4ee5\u4e3a Nginx \u3001 Minio \u6216\u5176\u5b83\u652f\u6301 Http \u534f\u8bae\u7684\u6587\u4ef6\u670d\u52a1\u5668\u3002
\u672c\u64cd\u4f5c\u793a\u4f8b\u91c7\u7528\u7684\u662f\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u706b\u79cd\u8282\u70b9\u5185\u7f6e\u7684 Minio \u4f5c\u4e3a\u6587\u4ef6\u670d\u52a1\u5668\uff0cMinio \u76f8\u5173\u4fe1\u606f\u5982\u4e0b\uff1a
http://10.5.14.200:9000\uff08\u4e00\u822c\u4e3a{\u706b\u79cd\u8282\u70b9 IP} + {9000 \u7aef\u53e3}\uff09
\u767b\u5f55\u5bc6\u7801\uff1arootpass123
\u5728\u8282\u70b9\u5f53\u524d\u8def\u5f84\u4e0b\uff0c\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u5c06\u8282\u70b9\u672c\u5730 mc \u547d\u4ee4\u884c\u5de5\u5177\u548c minio \u670d\u52a1\u5668\u5efa\u7acb\u94fe\u63a5\u3002
mc config host add minio http://10.5.14.200:9000 rootuser rootpass123\n
\u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a
Added `minio` successfully.\n
mc \u547d\u4ee4\u884c\u5de5\u5177\u662f Minio \u6587\u4ef6\u670d\u52a1\u5668\u63d0\u4f9b\u7684\u5ba2\u6237\u7aef\u547d\u4ee4\u884c\u5de5\u5177\uff0c\u8be6\u60c5\u8bf7\u53c2\u8003\uff1a MinIO Client\u3002
\u5728\u8282\u70b9\u5f53\u524d\u8def\u5f84\u4e0b\uff0c\u65b0\u5efa\u4e00\u4e2a\u540d\u4e3a centos-base \u7684\u5b58\u50a8\u6876\uff08bucket\uff09\u3002
mc mb -p minio/centos-base\n
\u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a
Bucket created successfully __minio/centos-base__ .\n
\u5c06\u5b58\u50a8\u6876 centos-base \u7684\u8bbf\u95ee\u7b56\u7565\u8bbe\u7f6e\u4e3a\u5141\u8bb8\u516c\u5f00\u4e0b\u8f7d\u3002\u4ee5\u4fbf\u5728\u540e\u671f\u5b89\u88c5 GPU-operator \u65f6\u80fd\u591f\u88ab\u8bbf\u95ee\u3002
mc anonymous set download minio/centos-base\n
\u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a
Access permission for `minio/centos-base` is set to `download` \n
\u5728\u8282\u70b9\u5f53\u524d\u8def\u5f84\u4e0b\uff0c\u5c06\u6b65\u9aa4\u4e8c\u751f\u6210\u7684\u79bb\u7ebf yum \u6e90\u6587\u4ef6 centos-base \u590d\u5236\u5230 minio \u670d\u52a1\u5668\u7684 minio/centos-base \u5b58\u50a8\u6876\u4e2d\u3002
mc cp centos-base minio/centos-base --recursive\n
\u5728\u5f85\u90e8\u7f72 GPU Operator \u96c6\u7fa4\u7684\u63a7\u5236\u8282\u70b9\u4e0a\u8fdb\u884c\u64cd\u4f5c\u3002
\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u521b\u5efa\u540d\u4e3a CentOS-Base.repo \u7684\u6587\u4ef6\uff0c\u7528\u6765\u6307\u5b9a yum \u6e90\u5b58\u50a8\u7684\u914d\u7f6e\u4fe1\u606f\u3002
# \u6587\u4ef6\u540d\u79f0\u5fc5\u987b\u4e3a CentOS-Base.repo\uff0c\u5426\u5219\u5b89\u88c5 gpu-operator \u65f6\u65e0\u6cd5\u88ab\u8bc6\u522b\ncat > CentOS-Base.repo << EOF\n[extension-0]\nbaseurl = http://10.5.14.200:9000/centos-base/centos-base #\u6b65\u9aa4\u4e09\u4e2d\uff0c\u653e\u7f6e yum \u6e90\u7684\u6587\u4ef6\u670d\u52a1\u5668\u5730\u5740\ngpgcheck = 0\nname = kubean extension 0\n\n[extension-1]\nbaseurl = http://10.5.14.200:9000/centos-base/centos-base #\u6b65\u9aa4\u4e09\u4e2d\uff0c\u653e\u7f6e yum \u6e90\u7684\u6587\u4ef6\u670d\u52a1\u5668\u5730\u5740\ngpgcheck = 0\nname = kubean extension 1\nEOF\n
\u57fa\u4e8e\u521b\u5efa\u7684 CentOS-Base.repo \u6587\u4ef6\uff0c\u5728 gpu-operator \u547d\u540d\u7a7a\u95f4\u4e0b\uff0c\u521b\u5efa\u540d\u4e3a local-repo-config \u7684\u914d\u7f6e\u6587\u4ef6\uff1a
kubectl create configmap local-repo-config -n gpu-operator --from-file=CentOS-Base.repo=/etc/yum.repos.d/extension.repo\n
\u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a
configmap/local-repo-config created\n
local-repo-config \u914d\u7f6e\u6587\u4ef6\u7528\u4e8e\u5728\u5b89\u88c5 gpu-operator \u65f6\uff0c\u63d0\u4f9b RepoConfig.ConfigMapName
\u53c2\u6570\u7684\u503c\uff0c\u914d\u7f6e\u6587\u4ef6\u540d\u79f0\u7528\u6237\u53ef\u81ea\u5b9a\u4e49\u3002
\u67e5\u770b local-repo-config \u7684\u914d\u7f6e\u6587\u4ef6\u7684\u5185\u5bb9\uff1a
kubectl get configmap local-repo-config -n gpu-operator -oyaml\n
\u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a
apiVersion: v1\ndata:\nCentOS-Base.repo: \"[extension-0]\\nbaseurl = http://10.6.232.5:32618/centos-base#\u6b65\u9aa4\u4e8c\u4e2d\uff0c\u653e\u7f6e yum \u6e90\u7684\u6587\u4ef6\u670d\u52a1\u5668\u8def\u5f84\\ngpgcheck = 0\\nname = kubean extension 0\\n \\n[extension-1]\\nbaseurl\n = http://10.6.232.5:32618/centos-base #\u6b65\u9aa4\u4e8c\u4e2d\uff0c\u653e\u7f6e yum \u6e90\u7684\u6587\u4ef6\u670d\u52a1\u5668\u8def\u5f84\\ngpgcheck = 0\\nname\n = kubean extension 1\\n\"\nkind: ConfigMap\nmetadata:\ncreationTimestamp: \"2023-10-18T01:59:02Z\"\nname: local-repo-config\nnamespace: gpu-operator\nresourceVersion: \"59445080\"\nuid: c5f0ebab-046f-442c-b932-f9003e014387\n
\u81f3\u6b64\uff0c\u60a8\u5df2\u6210\u529f\u4e3a\u5f85\u90e8\u7f72 GPU Operator \u7684\u96c6\u7fa4\u521b\u5efa\u4e86\u79bb\u7ebf yum \u6e90\u914d\u7f6e\u6587\u4ef6\u3002 \u901a\u8fc7\u5728\u79bb\u7ebf\u5b89\u88c5 GPU Operator \u65f6\u901a\u8fc7 RepoConfig.ConfigMapName
\u53c2\u6570\u6765\u4f7f\u7528\u3002
\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u9884\u7f6e\u4e86 CentOS 7.9\uff0c\u5185\u6838\u4e3a 3.10.0-1160 \u7684 GPU operator \u79bb\u7ebf\u5305\u3002\u5176\u5b83 OS \u7c7b\u578b\u7684\u8282\u70b9\u6216\u5185\u6838\u9700\u8981\u7528\u6237\u624b\u52a8\u6784\u5efa\u79bb\u7ebf yum \u6e90\u3002
\u672c\u6587\u4ecb\u7ecd\u5982\u4f55\u57fa\u4e8e\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4efb\u610f\u8282\u70b9\u6784\u5efa Red Hat 8.4 \u79bb\u7ebf yum \u6e90\u5305\uff0c\u5e76\u5728\u5b89\u88c5 Gpu Operator \u65f6\uff0c\u901a\u8fc7 RepoConfig.ConfigMapName
\u53c2\u6570\u6765\u4f7f\u7528\u3002
\u672c\u6587\u4ee5 Red Hat 8.4 4.18.0-305.el8.x86_64 \u8282\u70b9\u4e3a\u4f8b\uff0c\u4ecb\u7ecd\u5982\u4f55\u57fa\u4e8e\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4efb\u610f\u8282\u70b9\u6784\u5efa Red Hat 8.4 \u79bb\u7ebf yum \u6e90\u5305\uff0c \u5e76\u5728\u5b89\u88c5 Gpu Operator \u65f6\uff0c\u901a\u8fc7 RepoConfig.ConfigMapName
\u53c2\u6570\u6765\u4f7f\u7528\u3002
\u4ee5\u4e0b\u64cd\u4f5c\u5728\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u7684 master \u8282\u70b9\u4e0a\u6267\u884c\u3002
\u4f7f\u7528 ssh \u6216\u5176\u5b83\u65b9\u5f0f\u8fdb\u5165\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u5185\u4efb\u4e00\u8282\u70b9\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff1a
cat /etc/yum.repos.d/extension.repo #\u67e5\u770b extension.repo \u4e2d\u7684\u5185\u5bb9\n
\u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a
[extension-0]\nbaseurl = http://10.5.14.200:9000/kubean/redhat/$releasever/os/$basearch\ngpgcheck = 0\nname = kubean extension 0\n\n[extension-1]\nbaseurl = http://10.5.14.200:9000/kubean/redhat-iso/$releasever/os/$basearch/AppStream\ngpgcheck = 0\nname = kubean extension 1\n\n[extension-2]\nbaseurl = http://10.5.14.200:9000/kubean/redhat-iso/$releasever/os/$basearch/BaseOS\ngpgcheck = 0\nname = kubean extension 2\n
\u5728 root \u8def\u5f84\u4e0b\u65b0\u5efa\u4e00\u4e2a\u540d\u4e3a redhat-base-repo \u7684\u6587\u4ef6\u5939
mkdir redhat-base-repo\n
\u4e0b\u8f7d yum \u6e90\u4e2d\u7684 rpm \u5305\u5230\u672c\u5730\uff1a
yum install yum-utils\n
\u4e0b\u8f7d extension-1 \u4e2d\u7684 rpm \u5305\uff1a
reposync -p redhat-base-repo -n --repoid=extension-1\n
\u4e0b\u8f7d extension-2 \u4e2d\u7684 rpm \u5305\uff1a
reposync -p redhat-base-repo -n --repoid=extension-2\n
\u4ee5\u4e0b\u64cd\u4f5c\u5728\u8054\u7f51\u8282\u70b9\u6267\u884c\u64cd\u4f5c\uff0c\u5728\u64cd\u4f5c\u524d\uff0c\u60a8\u9700\u8981\u4fdd\u8bc1\u8054\u7f51\u8282\u70b9\u548c\u5168\u5c40\u670d\u52a1\u96c6\u7fa4 master \u8282\u70b9\u95f4\u7684\u7f51\u7edc\u8054\u901a\u6027\u3002
\u5728\u8054\u7f51\u8282\u70b9\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u4e0b\u8f7d elfutils-libelf-devel-0.187-4.el8.x86_64.rpm \u5305\uff1a
wget https://rpmfind.net/linux/centos/8-stream/BaseOS/x86_64/os/Packages/elfutils-libelf-devel-0.187-4.el8.x86_64.rpm\n
\u5728\u5f53\u524d\u76ee\u5f55\u4e0b\u5c06 elfutils-libelf-devel-0.187-4.el8.x86_64.rpm \u5305\u4f20\u8f93\u81f3\u6b65\u9aa4\u4e00\u4e2d\u7684\u8282\u70b9\u4e0a\uff1a
scp elfutils-libelf-devel-0.187-4.el8.x86_64.rpm user@ip:~/redhat-base-repo/extension-2/Packages/\n
\u4f8b\u5982\uff1a
scp elfutils-libelf-devel-0.187-4.el8.x86_64.rpm root@10.6.175.10:~/redhat-base-repo/extension-2/Packages/\n
\u4ee5\u4e0b\u64cd\u4f5c\u5728\u6b65\u9aa4\u4e00\u4e2d\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u7684 master \u8282\u70b9\u4e0a\u6267\u884c\u3002
\u8fdb\u5165 yum repo \u76ee\u5f55\uff1a
cd ~/redhat-base-repo/extension-1/Packages\ncd ~/redhat-base-repo/extension-2/Packages\n
\u751f\u6210\u76ee\u5f55 repo \u7d22\u5f15\uff1a
yum install createrepo -y # \u82e5\u5df2\u5b89\u88c5 createrepo \u53ef\u7701\u7565\u6b64\u6b65\u9aa4\ncreaterepo_c ./\n
\u81f3\u6b64\uff0c\u60a8\u5df2\u7ecf\u751f\u6210\u4e86\u5185\u6838\u4e3a 4.18.0-305.el8.x86_64
\u7684\u79bb\u7ebf\u7684 yum \u6e90\uff1a redhat-base-repo \u3002
\u672c\u64cd\u4f5c\u793a\u4f8b\u91c7\u7528\u7684\u662f\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u706b\u79cd\u8282\u70b9\u5185\u7f6e\u7684 Minio \u4f5c\u4e3a\u6587\u4ef6\u670d\u52a1\u5668\uff0c\u7528\u6237\u53ef\u57fa\u4e8e\u81ea\u8eab\u60c5\u51b5\u9009\u62e9\u6587\u4ef6\u670d\u52a1\u5668\u3002Minio \u76f8\u5173\u4fe1\u606f\u5982\u4e0b\uff1a
http://10.5.14.200:9000\uff08\u4e00\u822c\u4e3a{\u706b\u79cd\u8282\u70b9 IP} + {9000 \u7aef\u53e3}\uff09
\u767b\u5f55\u5bc6\u7801\uff1arootpass123
\u5728\u8282\u70b9\u5f53\u524d\u8def\u5f84\u4e0b\uff0c\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u5c06\u8282\u70b9\u672c\u5730 mc \u547d\u4ee4\u884c\u5de5\u5177\u548c minio \u670d\u52a1\u5668\u5efa\u7acb\u94fe\u63a5\u3002
mc config host add minio \u6587\u4ef6\u670d\u52a1\u5668\u8bbf\u95ee\u5730\u5740 \u7528\u6237\u540d \u5bc6\u7801\n
\u4f8b\u5982\uff1a
mc config host add minio http://10.5.14.200:9000 rootuser rootpass123\n
\u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a
Added `minio` successfully.\n
mc \u547d\u4ee4\u884c\u5de5\u5177\u662f Minio \u6587\u4ef6\u670d\u52a1\u5668\u63d0\u4f9b\u7684\u5ba2\u6237\u7aef\u547d\u4ee4\u884c\u5de5\u5177\uff0c\u8be6\u60c5\u8bf7\u53c2\u8003\uff1a MinIO Client\u3002
\u5728\u8282\u70b9\u5f53\u524d\u8def\u5f84\u4e0b\uff0c\u65b0\u5efa\u4e00\u4e2a\u540d\u4e3a redhat-base \u7684\u5b58\u50a8\u6876(bucket)\u3002
mc mb -p minio/redhat-base\n
\u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a
Bucket created successfully `minio/redhat-base`.\n
\u5c06\u5b58\u50a8\u6876 redhat-base \u7684\u8bbf\u95ee\u7b56\u7565\u8bbe\u7f6e\u4e3a\u5141\u8bb8\u516c\u5f00\u4e0b\u8f7d\u3002\u4ee5\u4fbf\u5728\u540e\u671f\u5b89\u88c5 GPU-operator \u65f6\u80fd\u591f\u88ab\u8bbf\u95ee\u3002
mc anonymous set download minio/redhat-base\n
\u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a
Access permission for `minio/redhat-base` is set to `download` \n
\u5728\u8282\u70b9\u5f53\u524d\u8def\u5f84\u4e0b\uff0c\u5c06\u6b65\u9aa4\u4e8c\u751f\u6210\u7684\u79bb\u7ebf yum \u6e90\u6587\u4ef6 redhat-base-repo \u590d\u5236\u5230 minio \u670d\u52a1\u5668\u7684 minio/redhat-base \u5b58\u50a8\u6876\u4e2d\u3002
mc cp redhat-base-repo minio/redhat-base --recursive\n
\u672c\u6b65\u9aa4\u5728\u5f85\u90e8\u7f72 GPU Operator \u96c6\u7fa4\u7684\u63a7\u5236\u8282\u70b9\u4e0a\u8fdb\u884c\u64cd\u4f5c\u3002
\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u521b\u5efa\u540d\u4e3a redhat.repo \u7684\u6587\u4ef6\uff0c\u7528\u6765\u6307\u5b9a yum \u6e90\u5b58\u50a8\u7684\u914d\u7f6e\u4fe1\u606f\u3002
# \u6587\u4ef6\u540d\u79f0\u5fc5\u987b\u4e3a redhat.repo\uff0c\u5426\u5219\u5b89\u88c5 gpu-operator \u65f6\u65e0\u6cd5\u88ab\u8bc6\u522b\ncat > redhat.repo << EOF\n[extension-0]\nbaseurl = http://10.5.14.200:9000/redhat-base/redhat-base-repo/Packages #\u6b65\u9aa4\u4e00\u4e2d\uff0c\u653e\u7f6e yum \u6e90\u7684\u6587\u4ef6\u670d\u52a1\u5668\u5730\u5740\ngpgcheck = 0\nname = kubean extension 0\n\n[extension-1]\nbaseurl = http://10.5.14.200:9000/redhat-base/redhat-base-repo/Packages #\u6b65\u9aa4\u4e00\u4e2d\uff0c\u653e\u7f6e yum \u6e90\u7684\u6587\u4ef6\u670d\u52a1\u5668\u5730\u5740\ngpgcheck = 0\nname = kubean extension 1\nEOF\n
\u57fa\u4e8e\u521b\u5efa\u7684 redhat.repo \u6587\u4ef6\uff0c\u5728 gpu-operator \u547d\u540d\u7a7a\u95f4\u4e0b\uff0c\u521b\u5efa\u540d\u4e3a local-repo-config \u7684\u914d\u7f6e\u6587\u4ef6\uff1a
kubectl create configmap local-repo-config -n gpu-operator --from-file=./redhat.repo \n
\u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a
configmap/local-repo-config created\n
local-repo-config \u914d\u7f6e\u6587\u4ef6\u7528\u4e8e\u5728\u5b89\u88c5 gpu-operator \u65f6\uff0c\u63d0\u4f9b RepoConfig.ConfigMapName
\u53c2\u6570\u7684\u503c\uff0c\u914d\u7f6e\u6587\u4ef6\u540d\u79f0\u7528\u6237\u53ef\u81ea\u5b9a\u4e49\u3002
\u67e5\u770b local-repo-config \u7684\u914d\u7f6e\u6587\u4ef6\u7684\u5185\u5bb9\uff1a
kubectl get configmap local-repo-config -n gpu-operator -oyaml\n
\u81f3\u6b64\uff0c\u60a8\u5df2\u6210\u529f\u4e3a\u5f85\u90e8\u7f72 GPU Operator \u7684\u96c6\u7fa4\u521b\u5efa\u4e86\u79bb\u7ebf yum \u6e90\u914d\u7f6e\u6587\u4ef6\u3002 \u901a\u8fc7\u5728\u79bb\u7ebf\u5b89\u88c5 GPU Operator \u65f6\u901a\u8fc7 RepoConfig.ConfigMapName
\u53c2\u6570\u6765\u4f7f\u7528\u3002
\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u9884\u7f6e\u4e86 CentOS 7.9\uff0c\u5185\u6838\u4e3a 3.10.0-1160 \u7684 GPU Operator \u79bb\u7ebf\u5305\u3002\u5176\u5b83 OS \u7c7b\u578b\u7684\u8282\u70b9\u6216\u5185\u6838\u9700\u8981\u7528\u6237\u624b\u52a8\u6784\u5efa\u79bb\u7ebf yum \u6e90\u3002
\u672c\u6587\u4ecb\u7ecd\u5982\u4f55\u57fa\u4e8e\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4efb\u610f\u8282\u70b9\u6784\u5efa Red Hat 7.9 \u79bb\u7ebf yum \u6e90\u5305\uff0c\u5e76\u5728\u5b89\u88c5 Gpu Operator \u65f6\u4f7f\u7528 RepoConfig.ConfigMapName
\u53c2\u6570\u3002
\u4e0b\u8f7d rhel7.9 ISO
\u4e0b\u8f7d\u4e0e Kubean \u7248\u672c\u5bf9\u5e94\u7684\u7684 rhel7.9 ospackage
\u5728 \u5bb9\u5668\u7ba1\u7406 \u7684\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4e2d\u627e\u5230 Helm \u5e94\u7528 \uff0c\u641c\u7d22 kubean\uff0c\u53ef\u67e5\u770b kubean \u7684\u7248\u672c\u53f7\u3002
\u5728 kubean\u7684\u4ee3\u7801\u4ed3\u5e93 \u4e2d\u4e0b\u8f7d\u8be5\u7248\u672c\u7684 rhel7.9 ospackage\u3002
\u901a\u8fc7\u5b89\u88c5\u5668\u5bfc\u5165\u79bb\u7ebf\u8d44\u6e90
\u70b9\u51fb\u67e5\u770b\u4e0b\u8f7d\u5730\u5740\u3002
"},{"location":"end-user/kpanda/gpu/nvidia/yum_source_redhat7_9.html#3-red-hat-gpu-opreator","title":"3. \u5411\u706b\u79cd\u8282\u70b9\u4ed3\u5e93\u4e0a\u4f20 Red Hat GPU Opreator \u79bb\u7ebf\u955c\u50cf","text":"\u53c2\u8003\u5411\u706b\u79cd\u8282\u70b9\u4ed3\u5e93\u4e0a\u4f20 Red Hat GPU Opreator \u79bb\u7ebf\u955c\u50cf\u3002
Note
\u6b64\u53c2\u8003\u4ee5 rhel8.4 \u4e3a\u4f8b\uff0c\u8bf7\u6ce8\u610f\u4fee\u6539\u6210 rhel7.9\u3002
"},{"location":"end-user/kpanda/gpu/nvidia/yum_source_redhat7_9.html#4-yum","title":"4. \u5728\u96c6\u7fa4\u521b\u5efa\u914d\u7f6e\u9879\u7528\u6765\u4fdd\u5b58 Yum \u6e90\u4fe1\u606f","text":"\u5728\u5f85\u90e8\u7f72 GPU Operator \u96c6\u7fa4\u7684\u63a7\u5236\u8282\u70b9\u4e0a\u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\u3002
\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u521b\u5efa\u540d\u4e3a CentOS-Base.repo \u7684\u6587\u4ef6\uff0c\u7528\u6765\u6307\u5b9a yum \u6e90\u5b58\u50a8\u7684\u914d\u7f6e\u4fe1\u606f\u3002
# \u6587\u4ef6\u540d\u79f0\u5fc5\u987b\u4e3a CentOS-Base.repo\uff0c\u5426\u5219\u5b89\u88c5 gpu-operator \u65f6\u65e0\u6cd5\u88ab\u8bc6\u522b\ncat > CentOS-Base.repo << EOF\n[extension-0]\nbaseurl = http://10.5.14.200:9000/centos-base/centos-base # \u706b\u79cd\u8282\u70b9\u7684\u7684\u6587\u4ef6\u670d\u52a1\u5668\u5730\u5740\uff0c\u4e00\u822c\u4e3a{\u706b\u79cd\u8282\u70b9 IP} + {9000 \u7aef\u53e3}\ngpgcheck = 0\nname = kubean extension 0\n\n[extension-1]\nbaseurl = http://10.5.14.200:9000/centos-base/centos-base # \u706b\u79cd\u8282\u70b9\u7684\u7684\u6587\u4ef6\u670d\u52a1\u5668\u5730\u5740\uff0c\u4e00\u822c\u4e3a{\u706b\u79cd\u8282\u70b9 IP} + {9000 \u7aef\u53e3}\ngpgcheck = 0\nname = kubean extension 1\nEOF\n
\u57fa\u4e8e\u521b\u5efa\u7684 CentOS-Base.repo \u6587\u4ef6\uff0c\u5728 gpu-operator \u547d\u540d\u7a7a\u95f4\u4e0b\uff0c\u521b\u5efa\u540d\u4e3a local-repo-config \u7684\u914d\u7f6e\u6587\u4ef6\uff1a
kubectl create configmap local-repo-config -n gpu-operator --from-file=CentOS-Base.repo=/etc/yum.repos.d/extension.repo\n
\u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a
configmap/local-repo-config created\n
local-repo-config \u914d\u7f6e\u6587\u4ef6\u7528\u4e8e\u5728\u5b89\u88c5 gpu-operator \u65f6\uff0c\u63d0\u4f9b RepoConfig.ConfigMapName
\u53c2\u6570\u7684\u503c\uff0c\u914d\u7f6e\u6587\u4ef6\u540d\u79f0\u7528\u6237\u53ef\u81ea\u5b9a\u4e49\u3002
\u67e5\u770b local-repo-config \u7684\u914d\u7f6e\u6587\u4ef6\u7684\u5185\u5bb9\uff1a
kubectl get configmap local-repo-config -n gpu-operator -oyaml\n
\u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a
local-repo-config.yamlapiVersion: v1\ndata:\n CentOS-Base.repo: \"[extension-0]\\nbaseurl = http://10.6.232.5:32618/centos-base # \u6b65\u9aa4 2 \u4e2d\uff0c\u653e\u7f6e yum \u6e90\u7684\u6587\u4ef6\u670d\u52a1\u5668\u8def\u5f84 \\ngpgcheck = 0\\nname = kubean extension 0\\n \\n[extension-1]\\nbaseurl\n = http://10.6.232.5:32618/centos-base # \u6b65\u9aa4 2 \u4e2d\uff0c\u653e\u7f6e yum \u6e90\u7684\u6587\u4ef6\u670d\u52a1\u5668\u8def\u5f84 \\ngpgcheck = 0\\nname\n = kubean extension 1\\n\"\nkind: ConfigMap\nmetadata:\n creationTimestamp: \"2023-10-18T01:59:02Z\"\n name: local-repo-config\n namespace: gpu-operator\n resourceVersion: \"59445080\"\n uid: c5f0ebab-046f-442c-b932-f9003e014387\n
\u81f3\u6b64\uff0c\u60a8\u5df2\u6210\u529f\u4e3a\u5f85\u90e8\u7f72 GPU Operator \u7684\u96c6\u7fa4\u521b\u5efa\u4e86\u79bb\u7ebf yum \u6e90\u914d\u7f6e\u6587\u4ef6\u3002 \u5176\u4e2d\u5728\u79bb\u7ebf\u5b89\u88c5 GPU Operator \u65f6\u4f7f\u7528\u4e86 RepoConfig.ConfigMapName
\u53c2\u6570\u3002
\u672c\u6587\u4ecb\u7ecd\u5982\u4f55\u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u8bbe\u7f6e GPU \u76f8\u5173\u7684\u544a\u8b66\u89c4\u5219\u3002
"},{"location":"end-user/kpanda/gpu/nvidia/gpu-monitoring-alarm/gpu-alarm.html#_1","title":"\u524d\u7f6e\u6761\u4ef6","text":"\u672c\u8282\u4ecb\u7ecd GPU \u544a\u8b66\u5e38\u7528\u7684\u6307\u6807\uff0c\u5206\u4e3a\u4e24\u4e2a\u90e8\u5206\uff1a
\u8fd9\u91cc\u4f1a\u4ecb\u7ecd\u5982\u4f55\u8bbe\u7f6e GPU \u544a\u8b66\u89c4\u5219\uff0c\u4f7f\u7528 GPU \u5361\u5229\u7528\u7387\u6307\u6807\u4f5c\u4e3a\u6848\u4f8b\uff0c\u8bf7\u7528\u6237\u6839\u636e\u5b9e\u9645\u7684\u4e1a\u52a1\u573a\u666f\u9009\u62e9\u6307\u6807\u4ee5\u53ca\u7f16\u5199 promql\u3002
\u76ee\u6807\uff1a\u5f53GPU\u5361\u5229\u7528\u7387\u5728\u4e94\u79d2\u949f\u5185\u4e00\u76f4\u4fdd\u6301 80% \u7684\u5229\u7528\u7387\u65f6\u53d1\u51fa\u544a\u8b66
\u5728\u53ef\u89c2\u6d4b\u9875\u9762\uff0c\u70b9\u51fb \u544a\u8b66 -> \u544a\u8b66\u7b56\u7565 -> \u521b\u5efa\u544a\u8b66\u7b56\u7565
\u586b\u5199\u57fa\u672c\u4fe1\u606f
\u6dfb\u52a0\u89c4\u5219
\u9009\u62e9\u901a\u77e5\u65b9\u5f0f
\u8bbe\u7f6e\u5b8c\u6210\u540e\uff0c\u5f53\u4e00\u4e2a GPU \u5728 5s \u5185\u4e00\u76f4\u4fdd\u6301 80% \u7684\u5229\u7528\u7387\uff0c\u4f1a\u6536\u5230\u5982\u4e0b\u7684\u544a\u8b66\u4fe1\u606f\u3002
\u672c\u9875\u5217\u51fa\u4e00\u4e9b\u5e38\u7528\u7684 GPU \u76d1\u63a7\u6307\u6807\u3002
"},{"location":"end-user/kpanda/gpu/nvidia/gpu-monitoring-alarm/gpu-metrics.html#_1","title":"\u96c6\u7fa4\u7ef4\u5ea6","text":"\u6307\u6807\u540d\u79f0 \u63cf\u8ff0 GPU \u5361\u6570 \u96c6\u7fa4\u4e0b\u6240\u6709\u7684 GPU \u5361\u6570\u91cf GPU \u5e73\u5747\u4f7f\u7528\u7387 \u96c6\u7fa4\u4e0b\u6240\u6709 GPU \u5361\u7684\u5e73\u5747\u7b97\u529b\u4f7f\u7528\u7387 GPU \u5e73\u5747\u663e\u5b58\u4f7f\u7528\u7387 \u96c6\u7fa4\u4e0b\u6240\u6709 GPU \u5361\u7684\u5e73\u5747\u663e\u5b58\u4f7f\u7528\u7387 GPU \u5361\u529f\u7387 \u96c6\u7fa4\u4e0b\u6240\u6709 GPU \u5361\u7684\u529f\u7387 GPU \u5361\u6e29\u5ea6 \u96c6\u7fa4\u4e0b\u6240\u6709 GPU \u5361\u7684\u6e29\u5ea6 GPU \u7b97\u529b\u4f7f\u7528\u7387\u7ec6\u8282 24 \u5c0f\u65f6\u5185\uff0c\u96c6\u7fa4\u4e0b\u6240\u6709 GPU \u5361\u7684\u4f7f\u7528\u7387\u7ec6\u8282\uff08\u5305\u542b max\u3001avg\u3001current\uff09 GPU \u663e\u5b58\u4f7f\u7528\u91cf\u7ec6\u8282 24 \u5c0f\u65f6\u5185\uff0c\u96c6\u7fa4\u4e0b\u6240\u6709 GPU \u5361\u7684\u663e\u5b58\u4f7f\u7528\u91cf\u7ec6\u8282\uff08\u5305\u542b min\u3001max\u3001avg\u3001current\uff09 GPU \u663e\u5b58\u5e26\u5bbd\u4f7f\u7528\u7387 \u8868\u793a\u5185\u5b58\u5e26\u5bbd\u5229\u7528\u7387\u3002\u4ee5 Nvidia GPU V100 \u4e3a\u4f8b\uff0c\u5176\u6700\u5927\u5185\u5b58\u5e26\u5bbd\u4e3a 900 GB/sec\uff0c\u5982\u679c\u5f53\u524d\u7684\u5185\u5b58\u5e26\u5bbd\u4e3a 450 GB/sec\uff0c\u5219\u5185\u5b58\u5e26\u5bbd\u5229\u7528\u7387\u4e3a 50%"},{"location":"end-user/kpanda/gpu/nvidia/gpu-monitoring-alarm/gpu-metrics.html#_2","title":"\u8282\u70b9\u7ef4\u5ea6","text":"\u6307\u6807\u540d\u79f0 \u63cf\u8ff0 GPU \u6a21\u5f0f \u8282\u70b9\u4e0a GPU \u5361\u7684\u4f7f\u7528\u6a21\u5f0f\uff0c\u5305\u542b\u6574\u5361\u6a21\u5f0f\u3001MIG \u6a21\u5f0f\u3001vGPU \u6a21\u5f0f GPU \u7269\u7406\u5361\u6570 \u8282\u70b9\u4e0a\u6240\u6709\u7684 GPU \u5361\u6570\u91cf GPU \u865a\u62df\u5361\u6570 \u8282\u70b9\u4e0a\u5df2\u7ecf\u88ab\u521b\u5efa\u51fa\u6765\u7684 vGPU \u8bbe\u5907\u6570\u91cf GPU MIG \u5b9e\u4f8b\u6570 \u8282\u70b9\u4e0a\u5df2\u7ecf\u88ab\u521b\u5efa\u51fa\u6765\u7684 MIG \u5b9e\u4f8b\u6570 GPU \u663e\u5b58\u5206\u914d\u7387 \u8282\u70b9\u4e0a\u6240\u6709 GPU \u5361\u7684\u663e\u5b58\u5206\u914d\u7387 GPU \u7b97\u529b\u5e73\u5747\u4f7f\u7528\u7387 \u8282\u70b9\u4e0a\u6240\u6709 GPU \u5361\u7684\u7b97\u529b\u5e73\u5747\u4f7f\u7528\u7387 GPU \u663e\u5b58\u5e73\u5747\u4f7f\u7528\u7387 \u8282\u70b9\u4e0a\u6240\u6709 GPU \u5361\u7684\u5e73\u5747\u663e\u5b58\u4f7f\u7528\u7387 GPU \u9a71\u52a8\u7248\u672c \u8282\u70b9\u4e0a GPU \u5361\u9a71\u52a8\u7684\u7248\u672c\u4fe1\u606f GPU \u7b97\u529b\u4f7f\u7528\u7387\u7ec6\u8282 24 \u5c0f\u65f6\u5185\uff0c\u8282\u70b9\u4e0a\u6bcf\u5f20 GPU \u5361\u7684\u7b97\u529b\u4f7f\u7528\u7387\u7ec6\u8282\uff08\u5305\u542b max\u3001avg\u3001current\uff09 GPU \u663e\u5b58\u4f7f\u7528\u91cf 24 \u5c0f\u65f6\u5185\uff0c\u8282\u70b9\u4e0a\u6bcf\u5f20 GPU \u5361\u7684\u663e\u5b58\u4f7f\u7528\u91cf\u7ec6\u8282\uff08\u5305\u542b min\u3001max\u3001avg\u3001current\uff09\u6839\u636e XID \u72b6\u6001\u6392\u67e5 GPU \u76f8\u5173\u95ee\u9898
XID \u6d88\u606f\u662f NVIDIA \u9a71\u52a8\u7a0b\u5e8f\u5411\u64cd\u4f5c\u7cfb\u7edf\u7684\u5185\u6838\u65e5\u5fd7\u6216\u4e8b\u4ef6\u65e5\u5fd7\u6253\u5370\u7684\u9519\u8bef\u62a5\u544a\u3002XID \u6d88\u606f\u7528\u4e8e\u6807\u8bc6 GPU \u9519\u8bef\u4e8b\u4ef6\uff0c \u63d0\u4f9b GPU \u786c\u4ef6\u3001NVIDIA \u8f6f\u4ef6\u6216\u5e94\u7528\u4e2d\u7684\u9519\u8bef\u7c7b\u578b\u3001\u9519\u8bef\u4f4d\u7f6e\u3001\u9519\u8bef\u4ee3\u7801\u7b49\u4fe1\u606f\u3002 \u5982\u68c0\u67e5\u9879 GPU \u8282\u70b9\u4e0a\u7684 XID \u5f02\u5e38\u4e3a\u7a7a\uff0c\u8868\u660e\u65e0 XID \u6d88\u606f\uff1b\u5982\u6709\uff0c\u60a8\u53ef\u6309\u7167\u4e0b\u8868\u81ea\u52a9\u6392\u67e5\u5e76\u89e3\u51b3\u95ee\u9898\uff0c \u6216\u67e5\u770b\u66f4\u591a XID \u6d88\u606f\u3002
XID \u6d88\u606f \u8bf4\u660e 13 Graphics Engine Exception. \u901a\u5e38\u662f\u6570\u7ec4\u8d8a\u754c\u3001\u6307\u4ee4\u9519\u8bef\uff0c\u5c0f\u6982\u7387\u662f\u786c\u4ef6\u95ee\u9898\u3002 31 GPU memory page fault. \u901a\u5e38\u662f\u5e94\u7528\u7a0b\u5e8f\u7684\u975e\u6cd5\u5730\u5740\u8bbf\u95ee\uff0c\u6781\u5c0f\u6982\u7387\u662f\u9a71\u52a8\u6216\u8005\u786c\u4ef6\u95ee\u9898\u3002 32 Invalid or corrupted push buffer stream. \u4e8b\u4ef6\u7531 PCIE \u603b\u7ebf\u4e0a\u7ba1\u7406 NVIDIA \u9a71\u52a8\u548c GPU \u4e4b\u95f4\u901a\u4fe1\u7684 DMA \u63a7\u5236\u5668\u4e0a\u62a5\uff0c\u901a\u5e38\u662f PCI \u8d28\u91cf\u95ee\u9898\u5bfc\u81f4\uff0c\u800c\u975e\u60a8\u7684\u7a0b\u5e8f\u4ea7\u751f\u3002 38 Driver firmware error. \u901a\u5e38\u662f\u9a71\u52a8\u56fa\u4ef6\u9519\u8bef\u800c\u975e\u786c\u4ef6\u95ee\u9898\u3002 43 GPU stopped processing. \u901a\u5e38\u662f\u60a8\u5e94\u7528\u81ea\u8eab\u9519\u8bef\uff0c\u800c\u975e\u786c\u4ef6\u95ee\u9898\u3002 45 Preemptive cleanup, due to previous errors -- Most likely to see when running multiple cuda applications and hitting a DBE. \u901a\u5e38\u662f\u60a8\u624b\u52a8\u9000\u51fa\u6216\u8005\u5176\u4ed6\u6545\u969c\uff08\u786c\u4ef6\u3001\u8d44\u6e90\u9650\u5236\u7b49\uff09\u5bfc\u81f4\u7684 GPU \u5e94\u7528\u9000\u51fa\uff0cXID 45 \u53ea\u63d0\u4f9b\u4e00\u4e2a\u7ed3\u679c\uff0c\u5177\u4f53\u539f\u56e0\u901a\u5e38\u9700\u8981\u8fdb\u4e00\u6b65\u5206\u6790\u65e5\u5fd7\u3002 48 Double Bit ECC Error (DBE). \u5f53 GPU \u53d1\u751f\u4e0d\u53ef\u7ea0\u6b63\u7684\u9519\u8bef\u65f6\uff0c\u4f1a\u4e0a\u62a5\u6b64\u4e8b\u4ef6\uff0c\u8be5\u9519\u8bef\u4e5f\u4f1a\u540c\u65f6\u53cd\u9988\u7ed9\u60a8\u7684\u5e94\u7528\u7a0b\u5e8f\u3002\u901a\u5e38\u9700\u8981\u91cd\u7f6e GPU \u6216\u91cd\u542f\u8282\u70b9\u6765\u6e05\u9664\u8fd9\u4e2a\u9519\u8bef\u3002 61 Internal micro-controller breakpoint/warning. GPU \u5185\u90e8\u5f15\u64ce\u505c\u6b62\u5de5\u4f5c\uff0c\u60a8\u7684\u4e1a\u52a1\u5df2\u7ecf\u53d7\u5230\u5f71\u54cd\u3002 62 Internal micro-controller halt. \u4e0e XID 61 \u7684\u89e6\u53d1\u573a\u666f\u7c7b\u4f3c\u3002 63 ECC page retirement or row remapping recording event. \u5f53\u5e94\u7528\u7a0b\u5e8f\u906d\u9047\u5230 GPU \u663e\u5b58\u786c\u4ef6\u9519\u8bef\u65f6\uff0cNVIDIA \u81ea\u7ea0\u9519\u673a\u5236\u4f1a\u5c06\u9519\u8bef\u7684\u5185\u5b58\u533a\u57df retire \u6216\u8005 remap\uff0cretirement \u548c remapped \u4fe1\u606f\u9700\u8bb0\u5f55\u5230 infoROM \u4e2d\u624d\u80fd\u6c38\u4e45\u751f\u6548\u3002Volt \u67b6\u6784\uff1a\u6210\u529f\u8bb0\u5f55 ECC page retirement \u4e8b\u4ef6\u5230 infoROM\u3002Ampere \u67b6\u6784\uff1a\u6210\u529f\u8bb0\u5f55 row remapping \u4e8b\u4ef6\u5230 infoROM\u3002 64 ECC page retirement or row remapper recording failure. \u4e0e XID 63 \u7684\u89e6\u53d1\u573a\u666f\u7c7b\u4f3c\u3002\u4f46 XID 63 \u4ee3\u8868 retirement \u548c remapped \u4fe1\u606f\u6210\u529f\u8bb0\u5f55\u5230\u4e86 infoROM\uff0cXID 64 \u4ee3\u8868\u8be5\u8bb0\u5f55\u64cd\u4f5c\u5931\u8d25\u3002 68 NVDEC0 Exception. \u901a\u5e38\u662f\u786c\u4ef6\u6216\u9a71\u52a8\u95ee\u9898\u3002 74 NVLINK Error. NVLink \u786c\u4ef6\u9519\u8bef\u4ea7\u751f\u7684 XID\uff0c\u8868\u660e GPU \u5df2\u7ecf\u51fa\u73b0\u4e25\u91cd\u786c\u4ef6\u6545\u969c\uff0c\u9700\u8981\u4e0b\u7ebf\u7ef4\u4fee\u3002 79 GPU has fallen off the bus. GPU \u786c\u4ef6\u68c0\u6d4b\u5230\u6389\u5361\uff0c\u603b\u7ebf\u4e0a\u65e0\u6cd5\u68c0\u6d4b\u8be5 GPU\uff0c\u8868\u660e\u8be5 GPU \u5df2\u7ecf\u51fa\u73b0\u4e25\u91cd\u786c\u4ef6\u6545\u969c\uff0c\u9700\u8981\u4e0b\u7ebf\u7ef4\u4fee\u3002 92 High single-bit ECC error rate. \u786c\u4ef6\u6216\u9a71\u52a8\u6545\u969c\u3002 94 Contained ECC error. \u5f53\u5e94\u7528\u7a0b\u5e8f\u906d\u9047\u5230 GPU \u4e0d\u53ef\u7ea0\u6b63\u7684\u663e\u5b58 ECC \u9519\u8bef\u65f6\uff0cNVIDIA \u9519\u8bef\u6291\u5236\u673a\u5236\u4f1a\u5c1d\u8bd5\u5c06\u9519\u8bef\u6291\u5236\u5728\u53d1\u751f\u786c\u4ef6\u6545\u969c\u7684\u5e94\u7528\u7a0b\u5e8f\uff0c\u907f\u514d\u8be5\u9519\u8bef\u5f71\u54cd GPU \u8282\u70b9\u4e0a\u8fd0\u884c\u7684\u5176\u4ed6\u5e94\u7528\u7a0b\u5e8f\u3002\u5f53\u6291\u5236\u673a\u5236\u6210\u529f\u6291\u5236\u9519\u8bef\u65f6\uff0c\u4f1a\u4ea7\u751f\u8be5\u4e8b\u4ef6\uff0c\u4ec5\u51fa\u73b0\u4e0d\u53ef\u7ea0\u6b63 ECC \u9519\u8bef\u7684\u5e94\u7528\u7a0b\u5e8f\u53d7\u5230\u5f71\u54cd\u3002 95 Uncontained ECC error. \u4e0e XID 94 \u7684\u89e6\u53d1\u573a\u666f\u7c7b\u4f3c\u3002\u4f46 XID 94 \u4ee3\u8868\u6291\u5236\u6210\u529f\uff0c\u800c XID 95 \u4ee3\u8868\u6291\u5236\u5931\u8d25\uff0c\u8868\u660e\u8fd0\u884c\u5728\u8be5 GPU \u4e0a\u7684\u6240\u6709\u5e94\u7528\u7a0b\u5e8f\u90fd\u5df2\u53d7\u5230\u5f71\u54cd\u3002"},{"location":"end-user/kpanda/gpu/nvidia/gpu-monitoring-alarm/gpu-metrics.html#pod","title":"Pod \u7ef4\u5ea6","text":"\u5206\u7c7b \u6307\u6807\u540d\u79f0 \u63cf\u8ff0 \u5e94\u7528\u6982\u89c8 GPU \u5361 - \u7b97\u529b & \u663e\u5b58 Pod GPU \u7b97\u529b\u4f7f\u7528\u7387 \u5f53\u524d Pod \u6240\u4f7f\u7528\u5230\u7684 GPU \u5361\u7684\u7b97\u529b\u4f7f\u7528\u7387 Pod GPU \u663e\u5b58\u4f7f\u7528\u7387 \u5f53\u524d Pod \u6240\u4f7f\u7528\u5230\u7684 GPU \u5361\u7684\u663e\u5b58\u4f7f\u7528\u7387 Pod \u663e\u5b58\u4f7f\u7528\u91cf \u5f53\u524d Pod \u6240\u4f7f\u7528\u5230\u7684 GPU \u5361\u7684\u663e\u5b58\u4f7f\u7528\u91cf \u663e\u5b58\u5206\u914d\u91cf \u5f53\u524d Pod \u6240\u4f7f\u7528\u5230\u7684 GPU \u5361\u7684\u663e\u5b58\u5206\u914d\u91cf Pod GPU \u663e\u5b58\u590d\u5236\u4f7f\u7528\u7387 \u5f53\u524d Pod \u6240\u4f7f\u7528\u5230\u7684 GPU \u5361\u7684\u663e\u5b58\u663e\u5b58\u590d\u5236\u6bd4\u7387 GPU \u5361 - \u5f15\u64ce\u6982\u89c8 GPU \u56fe\u5f62\u5f15\u64ce\u6d3b\u52a8\u767e\u5206\u6bd4 \u8868\u793a\u5728\u4e00\u4e2a\u76d1\u63a7\u5468\u671f\u5185\uff0cGraphics \u6216 Compute \u5f15\u64ce\u5904\u4e8e Active \u7684\u65f6\u95f4\u5360\u603b\u7684\u65f6\u95f4\u7684\u6bd4\u4f8b GPU \u5185\u5b58\u5e26\u5bbd\u5229\u7528\u7387 \u8868\u793a\u5185\u5b58\u5e26\u5bbd\u5229\u7528\u7387\uff08Memory BW Utilization\uff09\u5c06\u6570\u636e\u53d1\u9001\u5230\u8bbe\u5907\u5185\u5b58\u6216\u4ece\u8bbe\u5907\u5185\u5b58\u63a5\u6536\u6570\u636e\u7684\u5468\u671f\u5206\u6570\u3002\u8be5\u503c\u8868\u793a\u65f6\u95f4\u95f4\u9694\u5185\u7684\u5e73\u5747\u503c\uff0c\u800c\u4e0d\u662f\u77ac\u65f6\u503c\u3002\u8f83\u9ad8\u7684\u503c\u8868\u793a\u8bbe\u5907\u5185\u5b58\u7684\u5229\u7528\u7387\u8f83\u9ad8\u3002\u8be5\u503c\u4e3a 1\uff08100%\uff09\u8868\u793a\u5728\u6574\u4e2a\u65f6\u95f4\u95f4\u9694\u5185\u7684\u6bcf\u4e2a\u5468\u671f\u6267\u884c\u4e00\u6761 DRAM \u6307\u4ee4\uff08\u5b9e\u9645\u4e0a\uff0c\u5cf0\u503c\u7ea6\u4e3a 0.8 (80%) \u662f\u53ef\u5b9e\u73b0\u7684\u6700\u5927\u503c\uff09\u3002\u5047\u8bbe\u8be5\u503c\u4e3a 0.2\uff0820%\uff09\uff0c\u8868\u793a 20% \u7684\u5468\u671f\u5728\u65f6\u95f4\u95f4\u9694\u5185\u8bfb\u53d6\u6216\u5199\u5165\u8bbe\u5907\u5185\u5b58\u3002 Tensor \u6838\u5fc3\u5f15\u64ce\u4f7f\u7528\u7387 \u8868\u793a\u5728\u4e00\u4e2a\u76d1\u63a7\u5468\u671f\u5185\uff0cTensor Core \u7ba1\u9053\uff08Pipe\uff09\u5904\u4e8e Active \u65f6\u95f4\u5360\u603b\u65f6\u95f4\u7684\u6bd4\u4f8b FP16 \u5f15\u64ce\u4f7f\u7528\u7387 \u8868\u793a\u5728\u4e00\u4e2a\u76d1\u63a7\u5468\u671f\u5185\uff0cFP16 \u7ba1\u9053\u5904\u4e8e Active \u7684\u65f6\u95f4\u5360\u603b\u7684\u65f6\u95f4\u7684\u6bd4\u4f8b FP32 \u5f15\u64ce\u4f7f\u7528\u7387 \u8868\u793a\u5728\u4e00\u4e2a\u76d1\u63a7\u5468\u671f\u5185\uff0cFP32 \u7ba1\u9053\u5904\u4e8e Active \u7684\u65f6\u95f4\u5360\u603b\u7684\u65f6\u95f4\u7684\u6bd4\u4f8b FP64 \u5f15\u64ce\u4f7f\u7528\u7387 \u8868\u793a\u5728\u4e00\u4e2a\u76d1\u63a7\u5468\u671f\u5185\uff0cFP64 \u7ba1\u9053\u5904\u4e8e Active \u7684\u65f6\u95f4\u5360\u603b\u7684\u65f6\u95f4\u7684\u6bd4\u4f8b GPU \u89e3\u7801\u4f7f\u7528\u7387 GPU \u5361\u89e3\u7801\u5f15\u64ce\u6bd4\u7387 GPU \u7f16\u7801\u4f7f\u7528\u7387 GPU \u5361\u7f16\u7801\u5f15\u64ce\u6bd4\u7387 GPU \u5361 - \u6e29\u5ea6 & \u529f\u8017 GPU \u5361\u6e29\u5ea6 \u96c6\u7fa4\u4e0b\u6240\u6709 GPU \u5361\u7684\u6e29\u5ea6 GPU \u5361\u529f\u7387 \u96c6\u7fa4\u4e0b\u6240\u6709 GPU \u5361\u7684\u529f\u7387 GPU \u5361 - \u603b\u8017\u80fd GPU \u5361\u603b\u5171\u6d88\u8017\u7684\u80fd\u91cf GPU \u5361 - Clock GPU \u5361\u5185\u5b58\u9891\u7387 \u5185\u5b58\u9891\u7387 GPU \u5361\u5e94\u7528SM \u65f6\u949f\u9891\u7387 \u5e94\u7528\u7684 SM \u65f6\u949f\u9891\u7387 GPU \u5361\u5e94\u7528\u5185\u5b58\u9891\u7387 \u5e94\u7528\u5185\u5b58\u9891\u7387 GPU \u5361\u89c6\u9891\u5f15\u64ce\u9891\u7387 \u89c6\u9891\u5f15\u64ce\u9891\u7387 GPU \u5361\u964d\u9891\u539f\u56e0 \u964d\u9891\u539f\u56e0 GPU \u5361 - \u5176\u4ed6\u7ec6\u8282 \u56fe\u5f62\u5f15\u64ce\u6d3b\u52a8 \u56fe\u5f62\u6216\u8ba1\u7b97\u5f15\u64ce\u7684\u4efb\u4f55\u90e8\u5206\u5904\u4e8e\u6d3b\u52a8\u72b6\u6001\u7684\u65f6\u95f4\u6bd4\u4f8b\u3002\u5982\u679c\u56fe\u5f62/\u8ba1\u7b97\u4e0a\u4e0b\u6587\u5df2\u7ed1\u5b9a\u4e14\u56fe\u5f62/\u8ba1\u7b97\u7ba1\u9053\u7e41\u5fd9\uff0c\u5219\u56fe\u5f62\u5f15\u64ce\u5904\u4e8e\u6d3b\u52a8\u72b6\u6001\u3002\u8be5\u503c\u8868\u793a\u65f6\u95f4\u95f4\u9694\u5185\u7684\u5e73\u5747\u503c\uff0c\u800c\u4e0d\u662f\u77ac\u65f6\u503c\u3002 SM\u6d3b\u52a8 \u591a\u5904\u7406\u5668\u4e0a\u81f3\u5c11\u4e00\u4e2a Warp \u5904\u4e8e\u6d3b\u52a8\u72b6\u6001\u7684\u65f6\u95f4\u6bd4\u4f8b\uff0c\u6240\u6709\u591a\u5904\u7406\u5668\u7684\u5e73\u5747\u503c\u3002\u8bf7\u6ce8\u610f\uff0c\u201c\u6d3b\u52a8\u201d\u5e76\u4e0d\u4e00\u5b9a\u610f\u5473\u7740 Warp \u6b63\u5728\u79ef\u6781\u8ba1\u7b97\u3002\u4f8b\u5982\uff0c\u7b49\u5f85\u5185\u5b58\u8bf7\u6c42\u7684 Warp \u88ab\u89c6\u4e3a\u6d3b\u52a8\u72b6\u6001\u3002\u8be5\u503c\u8868\u793a\u65f6\u95f4\u95f4\u9694\u5185\u7684\u5e73\u5747\u503c\uff0c\u800c\u4e0d\u662f\u77ac\u65f6\u503c\u30020.8 \u6216\u66f4\u5927\u7684\u503c\u662f\u6709\u6548\u4f7f\u7528 GPU \u7684\u5fc5\u8981\u6761\u4ef6\uff0c\u4f46\u8fd8\u4e0d\u591f\u3002\u5c0f\u4e8e 0.5 \u7684\u503c\u53ef\u80fd\u8868\u793a GPU \u4f7f\u7528\u6548\u7387\u4f4e\u4e0b\u3002\u7ed9\u51fa\u4e00\u4e2a\u7b80\u5316\u7684 GPU \u67b6\u6784\u89c6\u56fe\uff0c\u5982\u679c GPU \u6709 N \u4e2a SM\uff0c\u5219\u4f7f\u7528 N \u4e2a\u5757\u5e76\u5728\u6574\u4e2a\u65f6\u95f4\u95f4\u9694\u5185\u8fd0\u884c\u7684\u5185\u6838\u5c06\u5bf9\u5e94\u4e8e\u6d3b\u52a8 1\uff08100%\uff09\u3002\u4f7f\u7528 N/5 \u4e2a\u5757\u5e76\u5728\u6574\u4e2a\u65f6\u95f4\u95f4\u9694\u5185\u8fd0\u884c\u7684\u5185\u6838\u5c06\u5bf9\u5e94\u4e8e\u6d3b\u52a8 0.2\uff0820%\uff09\u3002\u4f7f\u7528 N \u4e2a\u5757\u5e76\u8fd0\u884c\u4e94\u5206\u4e4b\u4e00\u65f6\u95f4\u95f4\u9694\u7684\u5185\u6838\uff0c\u5982\u679c SM \u5904\u4e8e\u7a7a\u95f2\u72b6\u6001\uff0c\u5219\u6d3b\u52a8\u4e5f\u5c06\u4e3a 0.2\uff0820%\uff09\u3002\u8be5\u503c\u4e0e\u6bcf\u4e2a\u5757\u7684\u7ebf\u7a0b\u6570\u65e0\u5173\uff08\u53c2\u89c1DCGM_FI_PROF_SM_OCCUPANCY\uff09\u3002 SM \u5165\u4f4f\u7387 \u591a\u5904\u7406\u5668\u4e0a\u9a7b\u7559 Warp \u7684\u6bd4\u4f8b\uff0c\u76f8\u5bf9\u4e8e\u591a\u5904\u7406\u5668\u4e0a\u652f\u6301\u7684\u6700\u5927\u5e76\u53d1 Warp \u6570\u3002\u8be5\u503c\u8868\u793a\u65f6\u95f4\u95f4\u9694\u5185\u7684\u5e73\u5747\u503c\uff0c\u800c\u4e0d\u662f\u77ac\u65f6\u503c\u3002\u5360\u7528\u7387\u8d8a\u9ad8\u5e76\u4e0d\u4e00\u5b9a\u8868\u793a GPU \u4f7f\u7528\u7387\u8d8a\u9ad8\u3002\u5bf9\u4e8e GPU \u5185\u5b58\u5e26\u5bbd\u53d7\u9650\u7684\u5de5\u4f5c\u8d1f\u8f7d\uff08\u53c2\u89c1DCGM_FI_PROF_DRAM_ACTIVE\uff09\uff0c\u5360\u7528\u7387\u8d8a\u9ad8\u8868\u660e GPU \u4f7f\u7528\u7387\u8d8a\u9ad8\u3002\u4f46\u662f\uff0c\u5982\u679c\u5de5\u4f5c\u8d1f\u8f7d\u662f\u8ba1\u7b97\u53d7\u9650\u7684\uff08\u5373\u4e0d\u53d7 GPU \u5185\u5b58\u5e26\u5bbd\u6216\u5ef6\u8fdf\u9650\u5236\uff09\uff0c\u5219\u5360\u7528\u7387\u8d8a\u9ad8\u5e76\u4e0d\u4e00\u5b9a\u4e0e GPU \u4f7f\u7528\u7387\u8d8a\u9ad8\u76f8\u5173\u3002\u8ba1\u7b97\u5360\u7528\u7387\u5e76\u4e0d\u7b80\u5355\uff0c\u5b83\u53d6\u51b3\u4e8e GPU \u5c5e\u6027\u3001\u6bcf\u4e2a\u5757\u7684\u7ebf\u7a0b\u6570\u3001\u6bcf\u4e2a\u7ebf\u7a0b\u7684\u5bc4\u5b58\u5668\u4ee5\u53ca\u6bcf\u4e2a\u5757\u7684\u5171\u4eab\u5185\u5b58\u7b49\u56e0\u7d20\u3002\u4f7f\u7528CUDA \u5360\u7528\u7387\u8ba1\u7b97\u5668 \u63a2\u7d22\u5404\u79cd\u5360\u7528\u7387\u573a\u666f\u3002 \u5f20\u91cf\u6d3b\u52a8 \u5f20\u91cf (HMMA / IMMA) \u7ba1\u9053\u5904\u4e8e\u6d3b\u52a8\u72b6\u6001\u7684\u5468\u671f\u5206\u6570\u3002\u8be5\u503c\u8868\u793a\u65f6\u95f4\u95f4\u9694\u5185\u7684\u5e73\u5747\u503c\uff0c\u800c\u4e0d\u662f\u77ac\u65f6\u503c\u3002\u503c\u8d8a\u9ad8\uff0c\u5f20\u91cf\u6838\u5fc3\u7684\u5229\u7528\u7387\u8d8a\u9ad8\u3002\u6d3b\u52a8 1 (100%) \u76f8\u5f53\u4e8e\u5728\u6574\u4e2a\u65f6\u95f4\u95f4\u9694\u5185\u6bcf\u9694\u4e00\u4e2a\u5468\u671f\u53d1\u51fa\u4e00\u4e2a\u5f20\u91cf\u6307\u4ee4\u3002\u6d3b\u52a8 0.2 (20%) \u53ef\u80fd\u8868\u793a 20% \u7684 SM \u5728\u6574\u4e2a\u65f6\u95f4\u6bb5\u5185\u7684\u5229\u7528\u7387\u4e3a 100%\uff0c100% \u7684 SM \u5728\u6574\u4e2a\u65f6\u95f4\u6bb5\u5185\u7684\u5229\u7528\u7387\u4e3a 20%\uff0c100% \u7684 SM \u5728 20% \u7684\u65f6\u95f4\u6bb5\u5185\u7684\u5229\u7528\u7387\u4e3a 100%\uff0c\u6216\u8005\u4ecb\u4e8e\u4e24\u8005\u4e4b\u95f4\u7684\u4efb\u4f55\u7ec4\u5408\uff08\u8bf7\u53c2\u9605DCGM_FI_PROF_SM_ACTIVE\u4ee5\u5e2e\u52a9\u6d88\u9664\u8fd9\u4e9b\u53ef\u80fd\u6027\u7684\u6b67\u4e49\uff09\u3002 FP64 \u5f15\u64ce\u6d3b\u52a8 FP64\uff08\u53cc\u7cbe\u5ea6\uff09\u7ba1\u9053\u5904\u4e8e\u6d3b\u52a8\u72b6\u6001\u7684\u5468\u671f\u5206\u6570\u3002\u8be5\u503c\u8868\u793a\u65f6\u95f4\u95f4\u9694\u5185\u7684\u5e73\u5747\u503c\uff0c\u800c\u4e0d\u662f\u77ac\u65f6\u503c\u3002\u503c\u8d8a\u9ad8\uff0cFP64 \u6838\u5fc3\u7684\u5229\u7528\u7387\u8d8a\u9ad8\u3002\u6d3b\u52a8\u91cf 1\uff08100%\uff09\u76f8\u5f53\u4e8e\u6574\u4e2a\u65f6\u95f4\u95f4\u9694\u5185 Volta \u4e0a\u6bcf\u56db\u4e2a\u5468\u671f\u7684\u6bcf\u4e2a SM\u4e0a\u6267\u884c\u4e00\u6761 FP64 \u6307\u4ee4 \u3002\u6d3b\u52a8\u91cf 0.2\uff0820%\uff09\u53ef\u80fd\u8868\u793a 20% \u7684 SM \u5728\u6574\u4e2a\u65f6\u95f4\u6bb5\u5185\u5229\u7528\u7387\u4e3a 100%\uff0c100% \u7684 SM \u5728\u6574\u4e2a\u65f6\u95f4\u6bb5\u5185\u5229\u7528\u7387\u4e3a 20%\uff0c100% \u7684 SM \u5728 20% \u7684\u65f6\u95f4\u6bb5\u5185\u5229\u7528\u7387\u4e3a 100%\uff0c\u6216\u8005\u4ecb\u4e8e\u4e24\u8005\u4e4b\u95f4\u7684\u4efb\u4f55\u7ec4\u5408\uff08\u8bf7\u53c2\u9605 DCGM_FI_PROF_SM_ACTIVE \u4ee5\u5e2e\u52a9\u6d88\u9664\u8fd9\u4e9b\u53ef\u80fd\u6027\u7684\u6b67\u4e49\uff09\u3002 FP32 \u5f15\u64ce\u6d3b\u52a8 FMA\uff08FP32\uff08\u5355\u7cbe\u5ea6\uff09\u548c\u6574\u6570\uff09\u7ba1\u9053\u5904\u4e8e\u6d3b\u52a8\u72b6\u6001\u7684\u5468\u671f\u5206\u6570\u3002\u8be5\u503c\u8868\u793a\u65f6\u95f4\u95f4\u9694\u5185\u7684\u5e73\u5747\u503c\uff0c\u800c\u4e0d\u662f\u77ac\u65f6\u503c\u3002\u503c\u8d8a\u9ad8\uff0cFP32 \u6838\u5fc3\u7684\u5229\u7528\u7387\u8d8a\u9ad8\u3002\u6d3b\u52a8\u91cf 1\uff08100%\uff09\u76f8\u5f53\u4e8e\u6574\u4e2a\u65f6\u95f4\u95f4\u9694\u5185\u6bcf\u9694\u4e00\u4e2a\u5468\u671f\u6267\u884c\u4e00\u6b21 FP32 \u6307\u4ee4\u3002\u6d3b\u52a8\u91cf 0.2\uff0820%\uff09\u53ef\u80fd\u8868\u793a 20% \u7684 SM \u5728\u6574\u4e2a\u65f6\u95f4\u6bb5\u5185\u5229\u7528\u7387\u4e3a 100%\uff0c100% \u7684 SM \u5728\u6574\u4e2a\u65f6\u95f4\u6bb5\u5185\u5229\u7528\u7387\u4e3a 20%\uff0c100% \u7684 SM \u5728 20% \u7684\u65f6\u95f4\u6bb5\u5185\u5229\u7528\u7387\u4e3a 100%\uff0c\u6216\u8005\u4e24\u8005\u4e4b\u95f4\u7684\u4efb\u4f55\u7ec4\u5408\uff08\u8bf7\u53c2\u9605DCGM_FI_PROF_SM_ACTIVE\u4ee5\u5e2e\u52a9\u6d88\u9664\u8fd9\u4e9b\u53ef\u80fd\u6027\u7684\u6b67\u4e49\uff09\u3002 FP16 \u5f15\u64ce\u6d3b\u52a8 FP16\uff08\u534a\u7cbe\u5ea6\uff09\u7ba1\u9053\u5904\u4e8e\u6d3b\u52a8\u72b6\u6001\u7684\u5468\u671f\u5206\u6570\u3002\u8be5\u503c\u8868\u793a\u65f6\u95f4\u95f4\u9694\u5185\u7684\u5e73\u5747\u503c\uff0c\u800c\u4e0d\u662f\u77ac\u65f6\u503c\u3002\u503c\u8d8a\u9ad8\uff0cFP16 \u6838\u5fc3\u7684\u5229\u7528\u7387\u8d8a\u9ad8\u3002\u6d3b\u52a8\u91cf 1\uff08100%\uff09\u76f8\u5f53\u4e8e\u6574\u4e2a\u65f6\u95f4\u95f4\u9694\u5185\u6bcf\u9694\u4e00\u4e2a\u5468\u671f\u6267\u884c\u4e00\u6b21 FP16 \u6307\u4ee4\u3002\u6d3b\u52a8\u91cf 0.2\uff0820%\uff09\u53ef\u80fd\u8868\u793a 20% \u7684 SM \u5728\u6574\u4e2a\u65f6\u95f4\u6bb5\u5185\u5229\u7528\u7387\u4e3a 100%\uff0c100% \u7684 SM \u5728\u6574\u4e2a\u65f6\u95f4\u6bb5\u5185\u5229\u7528\u7387\u4e3a 20%\uff0c100% \u7684 SM \u5728 20% \u7684\u65f6\u95f4\u6bb5\u5185\u5229\u7528\u7387\u4e3a 100%\uff0c\u6216\u8005\u4ecb\u4e8e\u4e24\u8005\u4e4b\u95f4\u7684\u4efb\u4f55\u7ec4\u5408\uff08\u8bf7\u53c2\u9605DCGM_FI_PROF_SM_ACTIVE\u4ee5\u5e2e\u52a9\u6d88\u9664\u8fd9\u4e9b\u53ef\u80fd\u6027\u7684\u6b67\u4e49\uff09\u3002 \u5185\u5b58\u5e26\u5bbd\u5229\u7528\u7387 \u5411\u8bbe\u5907\u5185\u5b58\u53d1\u9001\u6570\u636e\u6216\u4ece\u8bbe\u5907\u5185\u5b58\u63a5\u6536\u6570\u636e\u7684\u5468\u671f\u6bd4\u4f8b\u3002\u8be5\u503c\u8868\u793a\u65f6\u95f4\u95f4\u9694\u5185\u7684\u5e73\u5747\u503c\uff0c\u800c\u4e0d\u662f\u77ac\u65f6\u503c\u3002\u503c\u8d8a\u9ad8\uff0c\u8bbe\u5907\u5185\u5b58\u7684\u5229\u7528\u7387\u8d8a\u9ad8\u3002\u6d3b\u52a8\u7387\u4e3a 1 (100%) \u76f8\u5f53\u4e8e\u6574\u4e2a\u65f6\u95f4\u95f4\u9694\u5185\u6bcf\u4e2a\u5468\u671f\u6267\u884c\u4e00\u6761 DRAM \u6307\u4ee4\uff08\u5b9e\u9645\u4e0a\uff0c\u5cf0\u503c\u7ea6\u4e3a 0.8 (80%) \u662f\u53ef\u5b9e\u73b0\u7684\u6700\u5927\u503c\uff09\u3002\u6d3b\u52a8\u7387\u4e3a 0.2 (20%) \u8868\u793a\u5728\u65f6\u95f4\u95f4\u9694\u5185\u6709 20% \u7684\u5468\u671f\u6b63\u5728\u8bfb\u53d6\u6216\u5199\u5165\u8bbe\u5907\u5185\u5b58\u3002 NVLink \u5e26\u5bbd \u901a\u8fc7 NVLink \u4f20\u8f93/\u63a5\u6536\u7684\u6570\u636e\u901f\u7387\uff08\u4e0d\u5305\u62ec\u534f\u8bae\u6807\u5934\uff09\uff0c\u4ee5\u6bcf\u79d2\u5b57\u8282\u6570\u4e3a\u5355\u4f4d\u3002\u8be5\u503c\u8868\u793a\u4e00\u6bb5\u65f6\u95f4\u5185\u7684\u5e73\u5747\u503c\uff0c\u800c\u4e0d\u662f\u77ac\u65f6\u503c\u3002\u901f\u7387\u662f\u4e00\u6bb5\u65f6\u95f4\u5185\u7684\u5e73\u5747\u503c\u3002\u4f8b\u5982\uff0c\u5982\u679c 1 \u79d2\u5185\u4f20\u8f93\u4e86 1 GB \u7684\u6570\u636e\uff0c\u5219\u65e0\u8bba\u6570\u636e\u662f\u4ee5\u6052\u5b9a\u901f\u7387\u8fd8\u662f\u7a81\u53d1\u901f\u7387\u4f20\u8f93\uff0c\u901f\u7387\u90fd\u662f 1 GB/s\u3002\u7406\u8bba\u4e0a\uff0c\u6bcf\u4e2a\u94fe\u8def\u6bcf\u4e2a\u65b9\u5411\u7684\u6700\u5927 NVLink Gen2 \u5e26\u5bbd\u4e3a 25 GB/s\u3002 PCIe \u5e26\u5bbd \u901a\u8fc7 PCIe \u603b\u7ebf\u4f20\u8f93/\u63a5\u6536\u7684\u6570\u636e\u901f\u7387\uff0c\u5305\u62ec\u534f\u8bae\u6807\u5934\u548c\u6570\u636e\u6709\u6548\u8d1f\u8f7d\uff0c\u4ee5\u5b57\u8282/\u79d2\u4e3a\u5355\u4f4d\u3002\u8be5\u503c\u8868\u793a\u4e00\u6bb5\u65f6\u95f4\u5185\u7684\u5e73\u5747\u503c\uff0c\u800c\u4e0d\u662f\u77ac\u65f6\u503c\u3002\u8be5\u901f\u7387\u662f\u4e00\u6bb5\u65f6\u95f4\u5185\u7684\u5e73\u5747\u503c\u3002\u4f8b\u5982\uff0c\u5982\u679c 1 \u79d2\u5185\u4f20\u8f93\u4e86 1 GB \u7684\u6570\u636e\uff0c\u5219\u65e0\u8bba\u6570\u636e\u662f\u4ee5\u6052\u5b9a\u901f\u7387\u8fd8\u662f\u7a81\u53d1\u901f\u7387\u4f20\u8f93\uff0c\u901f\u7387\u90fd\u662f 1 GB/s\u3002\u7406\u8bba\u4e0a\u6700\u5927 PCIe Gen3 \u5e26\u5bbd\u4e3a\u6bcf\u901a\u9053 985 MB/s\u3002 PCIe \u4f20\u8f93\u901f\u7387 \u8282\u70b9 GPU \u5361\u901a\u8fc7 PCIe \u603b\u7ebf\u4f20\u8f93\u7684\u6570\u636e\u901f\u7387 PCIe \u63a5\u6536\u901f\u7387 \u8282\u70b9 GPU \u5361\u901a\u8fc7 PCIe \u603b\u7ebf\u63a5\u6536\u7684\u6570\u636e\u901f\u7387"},{"location":"end-user/kpanda/gpu/nvidia/mig/index.html","title":"NVIDIA \u591a\u5b9e\u4f8b GPU(MIG) \u6982\u8ff0","text":""},{"location":"end-user/kpanda/gpu/nvidia/mig/index.html#mig","title":"MIG \u573a\u666f","text":"\u591a\u79df\u6237\u4e91\u73af\u5883
MIG \u5141\u8bb8\u4e91\u670d\u52a1\u63d0\u4f9b\u5546\u5c06\u4e00\u5757\u7269\u7406 GPU \u5212\u5206\u4e3a\u591a\u4e2a\u72ec\u7acb\u7684 GPU \u5b9e\u4f8b\uff0c\u6bcf\u4e2a\u5b9e\u4f8b\u53ef\u4ee5\u72ec\u7acb\u5206\u914d\u7ed9\u4e0d\u540c\u7684\u79df\u6237\u3002\u8fd9\u6837\u53ef\u4ee5\u5b9e\u73b0\u8d44\u6e90\u7684\u9694\u79bb\u548c\u72ec\u7acb\u6027\uff0c\u6ee1\u8db3\u591a\u4e2a\u79df\u6237\u5bf9 GPU \u8ba1\u7b97\u80fd\u529b\u7684\u9700\u6c42\u3002
\u5bb9\u5668\u5316\u5e94\u7528\u7a0b\u5e8f
MIG \u53ef\u4ee5\u5728\u5bb9\u5668\u5316\u73af\u5883\u4e2d\u5b9e\u73b0\u66f4\u7ec6\u7c92\u5ea6\u7684 GPU \u8d44\u6e90\u7ba1\u7406\u3002\u901a\u8fc7\u5c06\u7269\u7406 GPU \u5212\u5206\u4e3a\u591a\u4e2a MIG \u5b9e\u4f8b\uff0c\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u5bb9\u5668\u5206\u914d\u72ec\u7acb\u7684 GPU \u8ba1\u7b97\u8d44\u6e90\uff0c\u63d0\u4f9b\u66f4\u597d\u7684\u6027\u80fd\u9694\u79bb\u548c\u8d44\u6e90\u5229\u7528\u3002
\u6279\u5904\u7406\u4f5c\u4e1a
\u5bf9\u4e8e\u9700\u8981\u5927\u89c4\u6a21\u5e76\u884c\u8ba1\u7b97\u7684\u6279\u5904\u7406\u4f5c\u4e1a\uff0cMIG \u53ef\u4ee5\u63d0\u4f9b\u66f4\u9ad8\u7684\u8ba1\u7b97\u6027\u80fd\u548c\u66f4\u5927\u7684\u663e\u5b58\u5bb9\u91cf\u3002\u6bcf\u4e2a MIG \u5b9e\u4f8b\u53ef\u4ee5\u5229\u7528\u7269\u7406 GPU \u7684\u4e00\u90e8\u5206\u8ba1\u7b97\u8d44\u6e90\uff0c\u4ece\u800c\u52a0\u901f\u5927\u89c4\u6a21\u8ba1\u7b97\u4efb\u52a1\u7684\u5904\u7406\u3002
AI/\u673a\u5668\u5b66\u4e60\u8bad\u7ec3
MIG \u53ef\u4ee5\u5728\u8bad\u7ec3\u5927\u89c4\u6a21\u6df1\u5ea6\u5b66\u4e60\u6a21\u578b\u65f6\u63d0\u4f9b\u66f4\u5927\u7684\u8ba1\u7b97\u80fd\u529b\u548c\u663e\u5b58\u5bb9\u91cf\u3002\u5c06\u7269\u7406 GPU \u5212\u5206\u4e3a\u591a\u4e2a MIG \u5b9e\u4f8b\uff0c\u6bcf\u4e2a\u5b9e\u4f8b\u53ef\u4ee5\u72ec\u7acb\u8fdb\u884c\u6a21\u578b\u8bad\u7ec3\uff0c\u63d0\u9ad8\u8bad\u7ec3\u6548\u7387\u548c\u541e\u5410\u91cf\u3002
\u603b\u4f53\u800c\u8a00\uff0cNVIDIA MIG \u9002\u7528\u4e8e\u9700\u8981\u66f4\u7ec6\u7c92\u5ea6\u7684GPU\u8d44\u6e90\u5206\u914d\u548c\u7ba1\u7406\u7684\u573a\u666f\uff0c\u53ef\u4ee5\u5b9e\u73b0\u8d44\u6e90\u7684\u9694\u79bb\u3001\u63d0\u9ad8\u6027\u80fd\u5229\u7528\u7387\uff0c\u5e76\u4e14\u6ee1\u8db3\u591a\u4e2a\u7528\u6237\u6216\u5e94\u7528\u7a0b\u5e8f\u5bf9 GPU \u8ba1\u7b97\u80fd\u529b\u7684\u9700\u6c42\u3002
"},{"location":"end-user/kpanda/gpu/nvidia/mig/index.html#mig_1","title":"MIG \u6982\u8ff0","text":"NVIDIA \u591a\u5b9e\u4f8b GPU\uff08Multi-Instance GPU\uff0c\u7b80\u79f0 MIG\uff09\u662f NVIDIA \u5728 H100\uff0cA100\uff0cA30 \u7cfb\u5217 GPU \u5361\u4e0a\u63a8\u51fa\u7684\u4e00\u9879\u65b0\u7279\u6027\uff0c \u65e8\u5728\u5c06\u4e00\u5757\u7269\u7406 GPU \u5206\u5272\u4e3a\u591a\u4e2a GPU \u5b9e\u4f8b\uff0c\u4ee5\u63d0\u4f9b\u66f4\u7ec6\u7c92\u5ea6\u7684\u8d44\u6e90\u5171\u4eab\u548c\u9694\u79bb\u3002MIG \u6700\u591a\u53ef\u5c06\u4e00\u5757 GPU \u5212\u5206\u6210\u4e03\u4e2a GPU \u5b9e\u4f8b\uff0c \u4f7f\u5f97\u4e00\u4e2a \u7269\u7406 GPU \u5361\u53ef\u4e3a\u591a\u4e2a\u7528\u6237\u63d0\u4f9b\u5355\u72ec\u7684 GPU \u8d44\u6e90\uff0c\u4ee5\u5b9e\u73b0\u6700\u4f73 GPU \u5229\u7528\u7387\u3002
\u8fd9\u4e2a\u529f\u80fd\u4f7f\u5f97\u591a\u4e2a\u5e94\u7528\u7a0b\u5e8f\u6216\u7528\u6237\u53ef\u4ee5\u540c\u65f6\u5171\u4eabGPU\u8d44\u6e90\uff0c\u63d0\u9ad8\u4e86\u8ba1\u7b97\u8d44\u6e90\u7684\u5229\u7528\u7387\uff0c\u5e76\u589e\u52a0\u4e86\u7cfb\u7edf\u7684\u53ef\u6269\u5c55\u6027\u3002
\u901a\u8fc7 MIG\uff0c\u6bcf\u4e2a GPU \u5b9e\u4f8b\u7684\u5904\u7406\u5668\u5728\u6574\u4e2a\u5185\u5b58\u7cfb\u7edf\u4e2d\u5177\u6709\u72ec\u7acb\u4e14\u9694\u79bb\u7684\u8def\u5f84\u2014\u2014\u82af\u7247\u4e0a\u7684\u4ea4\u53c9\u5f00\u5173\u7aef\u53e3\u3001L2 \u9ad8\u901f\u7f13\u5b58\u7ec4\u3001\u5185\u5b58\u63a7\u5236\u5668\u548c DRAM \u5730\u5740\u603b\u7ebf\u90fd\u552f\u4e00\u5206\u914d\u7ed9\u5355\u4e2a\u5b9e\u4f8b\u3002
\u8fd9\u786e\u4fdd\u4e86\u5355\u4e2a\u7528\u6237\u7684\u5de5\u4f5c\u8d1f\u8f7d\u80fd\u591f\u4ee5\u53ef\u9884\u6d4b\u7684\u541e\u5410\u91cf\u548c\u5ef6\u8fdf\u8fd0\u884c\uff0c\u5e76\u5177\u6709\u76f8\u540c\u7684\u4e8c\u7ea7\u7f13\u5b58\u5206\u914d\u548c DRAM \u5e26\u5bbd\u3002 MIG \u53ef\u4ee5\u5212\u5206\u53ef\u7528\u7684 GPU \u8ba1\u7b97\u8d44\u6e90\uff08\u5305\u62ec\u6d41\u591a\u5904\u7406\u5668\u6216 SM \u548c GPU \u5f15\u64ce\uff0c\u5982\u590d\u5236\u5f15\u64ce\u6216\u89e3\u7801\u5668\uff09\u8fdb\u884c\u5206\u533a\uff0c \u4ee5\u4fbf\u4e3a\u4e0d\u540c\u7684\u5ba2\u6237\u7aef\uff08\u5982\u4e91\u4e3b\u673a\u3001\u5bb9\u5668\u6216\u8fdb\u7a0b\uff09\u63d0\u4f9b\u5b9a\u4e49\u7684\u670d\u52a1\u8d28\u91cf\uff08QoS\uff09\u548c\u6545\u969c\u9694\u79bb\uff09\u3002 MIG \u4f7f\u591a\u4e2a GPU \u5b9e\u4f8b\u80fd\u591f\u5728\u5355\u4e2a\u7269\u7406 GPU \u4e0a\u5e76\u884c\u8fd0\u884c\u3002
MIG \u5141\u8bb8\u591a\u4e2a vGPU\uff08\u4ee5\u53ca\u4e91\u4e3b\u673a\uff09\u5728\u5355\u4e2a GPU \u5b9e\u4f8b\u4e0a\u5e76\u884c\u8fd0\u884c\uff0c\u540c\u65f6\u4fdd\u7559 vGPU \u63d0\u4f9b\u7684\u9694\u79bb\u4fdd\u8bc1\u3002 \u6709\u5173\u4f7f\u7528 vGPU \u548c MIG \u8fdb\u884c GPU \u5206\u533a\u7684\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 NVIDIA Multi-Instance GPU and NVIDIA Virtual Compute Server\u3002
"},{"location":"end-user/kpanda/gpu/nvidia/mig/index.html#mig_2","title":"MIG \u67b6\u6784","text":"\u5982\u4e0b\u662f\u4e00\u4e2a MIG \u7684\u6982\u8ff0\u56fe\uff0c\u53ef\u4ee5\u770b\u51fa MIG \u5c06\u4e00\u5f20\u7269\u7406 GPU \u5361\u865a\u62df\u5316\u6210\u4e86 7 \u4e2a GPU \u5b9e\u4f8b\uff0c\u8fd9\u4e9b GPU \u5b9e\u4f8b\u80fd\u591f\u53ef\u4ee5\u88ab\u591a\u4e2a User \u4f7f\u7528\u3002
"},{"location":"end-user/kpanda/gpu/nvidia/mig/index.html#_1","title":"\u91cd\u8981\u6982\u5ff5","text":"\u672c\u8282\u4ecb\u7ecd\u5982\u4f55\u5728 GPU \u4e0a\u521b\u5efa\u5404\u79cd\u5206\u533a\u3002\u5c06\u4f7f\u7528 A100-40GB \u4f5c\u4e3a\u793a\u4f8b\u6f14\u793a\u5982\u4f55\u5bf9\u5355\u4e2a GPU \u7269\u7406\u5361\u4e0a\u8fdb\u884c\u5206\u533a\u3002
GPU \u7684\u5206\u533a\u662f\u4f7f\u7528\u5185\u5b58\u5207\u7247\u8fdb\u884c\u7684\uff0c\u56e0\u6b64\u53ef\u4ee5\u8ba4\u4e3a A100-40GB GPU \u5177\u6709 8x5GB \u5185\u5b58\u5207\u7247\u548c 7 \u4e2a GPU SM \u5207\u7247\uff0c\u5982\u4e0b\u56fe\u6240\u793a\uff0c\u5c55\u793a\u4e86 A100 \u4e0a\u53ef\u7528\u7684\u5185\u5b58\u5207\u7247\u3002
\u5982\u4e0a\u6240\u8ff0\uff0c\u521b\u5efa GPU \u5b9e\u4f8b \uff08GI\uff09 \u9700\u8981\u5c06\u4e00\u5b9a\u6570\u91cf\u7684\u5185\u5b58\u5207\u7247\u4e0e\u4e00\u5b9a\u6570\u91cf\u7684\u8ba1\u7b97\u5207\u7247\u76f8\u7ed3\u5408\u3002 \u5728\u4e0b\u56fe\u4e2d\uff0c\u4e00\u4e2a 5GB \u5185\u5b58\u5207\u7247\u4e0e 1 \u4e2a\u8ba1\u7b97\u5207\u7247\u76f8\u7ed3\u5408\uff0c\u4ee5\u521b\u5efa 1g.5gb GI \u914d\u7f6e\u6587\u4ef6\uff1a
\u540c\u6837\uff0c4x5GB \u5185\u5b58\u5207\u7247\u53ef\u4ee5\u4e0e 4x1 \u8ba1\u7b97\u5207\u7247\u7ed3\u5408\u4f7f\u7528\u4ee5\u521b\u5efa 4g.20gb \u7684 GI \u914d\u7f6e\u6587\u4ef6\uff1a
"},{"location":"end-user/kpanda/gpu/nvidia/mig/index.html#ci","title":"\u8ba1\u7b97\u5b9e\u4f8b\uff08CI\uff09","text":"GPU \u5b9e\u4f8b\u7684\u8ba1\u7b97\u5207\u7247(GI)\u53ef\u4ee5\u8fdb\u4e00\u6b65\u7ec6\u5206\u4e3a\u591a\u4e2a\u8ba1\u7b97\u5b9e\u4f8b\uff08CI\uff09\uff0c\u5176\u4e2d CI \u5171\u4eab\u7236 GI \u7684\u5f15\u64ce\u548c\u5185\u5b58\uff0c \u4f46\u6bcf\u4e2a CI \u90fd\u6709\u4e13\u7528\u7684 SM \u8d44\u6e90\u3002\u4f7f\u7528\u4e0a\u9762\u7684\u76f8\u540c 4g.20gb \u793a\u4f8b\uff0c\u53ef\u4ee5\u521b\u5efa\u4e00\u4e2a CI \u4ee5\u4ec5\u4f7f\u7528\u7b2c\u4e00\u4e2a\u8ba1\u7b97\u5207\u7247\u7684 1c.4g.20gb \u8ba1\u7b97\u914d\u7f6e\uff0c\u5982\u4e0b\u56fe\u84dd\u8272\u90e8\u5206\u6240\u793a\uff1a
\u5728\u8fd9\u79cd\u60c5\u51b5\u4e0b\uff0c\u53ef\u4ee5\u901a\u8fc7\u9009\u62e9\u4efb\u4f55\u8ba1\u7b97\u5207\u7247\u6765\u521b\u5efa 4 \u4e2a\u4e0d\u540c\u7684 CI\u3002\u8fd8\u53ef\u4ee5\u5c06\u4e24\u4e2a\u8ba1\u7b97\u5207\u7247\u7ec4\u5408\u5728\u4e00\u8d77\u4ee5\u521b\u5efa 2c.4g.20gb \u7684\u8ba1\u7b97\u914d\u7f6e\uff09\uff1a
\u9664\u6b64\u4e4b\u5916\uff0c\u8fd8\u53ef\u4ee5\u7ec4\u5408 3 \u4e2a\u8ba1\u7b97\u5207\u7247\u4ee5\u521b\u5efa\u8ba1\u7b97\u914d\u7f6e\u6587\u4ef6\uff0c\u6216\u8005\u53ef\u4ee5\u7ec4\u5408\u6240\u6709 4 \u4e2a\u8ba1\u7b97\u5207\u7247\u4ee5\u521b\u5efa 3c.4g.20gb \u3001 4c.4g.20gb \u8ba1\u7b97\u914d\u7f6e\u6587\u4ef6\u3002 \u5408\u5e76\u6240\u6709 4 \u4e2a\u8ba1\u7b97\u5207\u7247\u65f6\uff0c\u914d\u7f6e\u6587\u4ef6\u7b80\u79f0\u4e3a 4g.20gb \u3002
"},{"location":"end-user/kpanda/gpu/nvidia/mig/create_mig.html","title":"\u5f00\u542f MIG \u529f\u80fd","text":"\u672c\u7ae0\u8282\u4ecb\u7ecd\u5982\u4f55\u5f00\u542f NVIDIA MIG \u529f\u80fd\u65b9\u5f0f\uff0cNVIDIA \u5f53\u524d\u63d0\u4f9b\u4e24\u79cd\u5728 Kubernetes \u8282\u70b9\u4e0a\u516c\u5f00 MIG \u8bbe\u5907\u7684\u7b56\u7565\uff1a
\u8be6\u60c5\u53c2\u8003 NVIDIA GPU \u5361\u4f7f\u7528\u6a21\u5f0f\u3002
"},{"location":"end-user/kpanda/gpu/nvidia/mig/create_mig.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u5b89\u88c5 Operator \u65f6\u9700\u8981\u5bf9\u5e94\u8bbe\u7f6e MigManager Config \u53c2\u6570\uff0c \u9ed8\u8ba4\u4e3a default-mig-parted-config \uff0c\u540c\u65f6\u4e5f\u53ef\u4ee5\u81ea\u5b9a\u4e49\u5207\u5206\u7b56\u7565\u914d\u7f6e\u6587\u4ef6\uff1a
"},{"location":"end-user/kpanda/gpu/nvidia/mig/create_mig.html#_3","title":"\u81ea\u5b9a\u4e49\u5207\u5206\u7b56\u7565","text":" ## \u81ea\u5b9a\u4e49\u5207\u5206 GI \u5b9e\u4f8b\u914d\u7f6e\n all-disabled:\n - devices: all\n mig-enabled: false\n all-enabled:\n - devices: all\n mig-enabled: true\n mig-devices: {}\n all-1g.10gb:\n - devices: all\n mig-enabled: true\n mig-devices:\n 1g.5gb: 7\n all-1g.10gb.me:\n - devices: all\n mig-enabled: true\n mig-devices:\n 1g.10gb+me: 1\n all-1g.20gb:\n - devices: all\n mig-enabled: true\n mig-devices:\n 1g.20gb: 4\n all-2g.20gb:\n - devices: all\n mig-enabled: true\n mig-devices:\n 2g.20gb: 3\n all-3g.40gb:\n - devices: all\n mig-enabled: true\n mig-devices:\n 3g.40gb: 2\n all-4g.40gb:\n - devices: all\n mig-enabled: true\n mig-devices:\n 4g.40gb: 1\n all-7g.80gb:\n - devices: all\n mig-enabled: true\n mig-devices:\n 7g.80gb: 1\n all-balanced:\n - device-filter: [\"0x233110DE\", \"0x232210DE\", \"0x20B210DE\", \"0x20B510DE\", \"0x20F310DE\", \"0x20F510DE\"]\n devices: all\n mig-enabled: true\n mig-devices:\n 1g.10gb: 2\n 2g.20gb: 1\n 3g.40gb: 1\n # \u8bbe\u7f6e\u540e\u4f1a\u6309\u7167\u8bbe\u7f6e\u89c4\u683c\u5207\u5206 CI \u5b9e\u4f8b\n custom-config:\n - devices: all\n mig-enabled: true\n mig-devices:\n 3g.40gb: 2\n
\u5728\u4e0a\u8ff0\u7684 YAML \u4e2d\u8bbe\u7f6e custom-config \uff0c\u8bbe\u7f6e\u540e\u4f1a\u6309\u7167\u89c4\u683c\u5207\u5206 CI \u5b9e\u4f8b\u3002
custom-config:\n - devices: all\n mig-enabled: true\n mig-devices:\n 1c.3g.40gb: 6\n
\u8bbe\u7f6e\u5b8c\u6210\u540e\uff0c\u5728\u786e\u8ba4\u90e8\u7f72\u5e94\u7528\u65f6\u5373\u53ef\u4f7f\u7528 GPU MIG \u8d44\u6e90\u3002
"},{"location":"end-user/kpanda/gpu/nvidia/mig/create_mig.html#gpu","title":"\u5207\u6362\u8282\u70b9 GPU \u6a21\u5f0f","text":"Note
\u5207\u6362 GPU \u6a21\u5f0f\u6216\u8005\u4fee\u6539\u5207\u5206\u89c4\u683c\u540e\u9700\u8981\u91cd\u542f nvidia-mig-manager\u3002
\u5f53\u6211\u4eec\u6210\u529f\u5b89\u88c5 gpu-operator \u4e4b\u540e\uff0c\u8282\u70b9\u9ed8\u8ba4\u662f\u6574\u5361\u6a21\u5f0f\uff0c\u5728\u8282\u70b9\u7ba1\u7406\u9875\u9762\u4f1a\u6709\u6807\u8bc6\uff0c\u5982\u4e0b\u56fe\u6240\u793a\uff1a
\u70b9\u51fb\u8282\u70b9\u5217\u8868\u53f3\u4fa7\u7684 \u2507 \uff0c\u9009\u62e9 GPU \u6a21\u5f0f\u5207\u6362 \uff0c\u7136\u540e\u9009\u62e9\u5bf9\u5e94\u7684 MIG \u6a21\u5f0f\u4ee5\u53ca\u5207\u5206\u7684\u7b56\u7565\uff0c\u8fd9\u91cc\u4ee5 MIXED \u6a21\u5f0f\u4e3a\u4f8b\uff1a
\u8fd9\u91cc\u4e00\u5171\u6709\u4e24\u4e2a\u914d\u7f6e\uff1a
\u70b9\u51fb \u786e\u5b9a \u6309\u94ae\u540e\uff0c\u7b49\u5f85\u7ea6\u4e00\u5206\u949f\u5de6\u53f3\u5237\u65b0\u9875\u9762\uff0cMIG \u6a21\u5f0f\u5207\u6362\u6210\uff1a
"},{"location":"end-user/kpanda/gpu/nvidia/mig/mig_command.html","title":"MIG \u76f8\u5173\u547d\u4ee4","text":"GI \u76f8\u5173\u547d\u540d\uff1a
\u5b50\u547d\u4ee4 \u8bf4\u660e nvidia-smi mig -lgi \u67e5\u770b\u521b\u5efa GI \u5b9e\u4f8b\u5217\u8868 nvidia-smi mig -dgi -gi \u5220\u9664\u6307\u5b9a\u7684 GI \u5b9e\u4f8b nvidia-smi mig -lgip \u67e5\u770b GI \u7684 profile nvidia-smi mig -cgi \u901a\u8fc7\u6307\u5b9a profile \u7684 ID \u521b\u5efa GICI \u76f8\u5173\u547d\u4ee4\uff1a
\u5b50\u547d\u4ee4 \u8bf4\u660e nvidia-smi mig -lcip { -gi {gi Instance ID}} \u67e5\u770b CI \u7684 profile \uff0c\u6307\u5b9a -gi \u53ef\u4ee5\u67e5\u770b\u7279\u5b9a GI \u5b9e\u4f8b\u53ef\u4ee5\u521b\u5efa\u7684 CI nvidia-smi mig -lci \u67e5\u770b\u521b\u5efa\u7684 CI \u5b9e\u4f8b\u5217\u8868 nvidia-smi mig -cci {profile id} -gi {gi instance id} \u6307\u5b9a\u7684 GI \u521b\u5efa CI \u5b9e\u4f8b nvidia-smi mig -dci -ci \u5220\u9664\u6307\u5b9a CI \u5b9e\u4f8bGI+CI \u76f8\u5173\u547d\u4ee4\uff1a
\u5b50\u547d\u4ee4 \u8bf4\u660e nvidia-smi mig -i 0 -cgi {gi profile id} -C {ci profile id} \u76f4\u63a5\u521b\u5efa GI + CI \u5b9e\u4f8b"},{"location":"end-user/kpanda/gpu/nvidia/mig/mig_usage.html","title":"\u4f7f\u7528 MIG GPU \u8d44\u6e90","text":"\u672c\u8282\u4ecb\u7ecd\u5e94\u7528\u5982\u4f55\u4f7f\u7528 MIG GPU \u8d44\u6e90\u3002
"},{"location":"end-user/kpanda/gpu/nvidia/mig/mig_usage.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u786e\u8ba4\u96c6\u7fa4\u662f\u5426\u5df2\u8bc6\u522b GPU \u5361\u7c7b\u578b
\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 -> \u8282\u70b9\u7ba1\u7406 \uff0c\u67e5\u770b\u662f\u5426\u5df2\u6b63\u786e\u8bc6\u522b\u4e3a MIG \u6a21\u5f0f\u3002
\u901a\u8fc7\u955c\u50cf\u90e8\u7f72\u5e94\u7528\uff0c\u53ef\u9009\u62e9\u5e76\u4f7f\u7528 NVIDIA MIG \u8d44\u6e90\u3002
MIG Single \u6a21\u5f0f\u793a\u4f8b\uff08\u4e0e\u6574\u5361\u4f7f\u7528\u65b9\u5f0f\u76f8\u540c\uff09\uff1a
Note
MIG single \u7b56\u7565\u5141\u8bb8\u7528\u6237\u4ee5\u4e0e GPU \u6574\u5361\u76f8\u540c\u7684\u65b9\u5f0f\uff08nvidia.com/gpu
\uff09\u8bf7\u6c42\u548c\u4f7f\u7528GPU\u8d44\u6e90\uff0c\u4e0d\u540c\u7684\u662f\u8fd9\u4e9b\u8d44\u6e90\u53ef\u4ee5\u662f GPU \u7684\u4e00\u90e8\u5206\uff08MIG\u8bbe\u5907\uff09\uff0c\u800c\u4e0d\u662f\u6574\u4e2aGPU\u3002\u4e86\u89e3\u66f4\u591a GPU MIG \u6a21\u5f0f\u8bbe\u8ba1
MIG Mixed \u6a21\u5f0f\u793a\u4f8b\uff1a
MIG Single \u6a21\u5f0f\uff1a
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: mig-demo\n namespace: default\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: mig-demo\n template:\n metadata:\n creationTimestamp: null\n labels:\n app: mig-demo\n spec:\n containers:\n - name: mig-demo1\n image: chrstnhntschl/gpu_burn\n resources:\n limits:\n nvidia.com/gpu: 2 # (1)!\n imagePullPolicy: Always\n restartPolicy: Always\n
MIG Mixed \u6a21\u5f0f\uff1a
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: mig-demo\n namespace: default\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: mig-demo\n template:\n metadata:\n creationTimestamp: null\n labels:\n app: mig-demo\n spec:\n containers:\n - name: mig-demo1\n image: chrstnhntschl/gpu_burn\n resources:\n limits:\n nvidia.com/mig-4g.20gb: 1 # (1)!\n imagePullPolicy: Always\n restartPolicy: Always\n
\u8fdb\u5165\u5bb9\u5668\u540e\u53ef\u4ee5\u67e5\u770b\u53ea\u4f7f\u7528\u4e86\u4e00\u4e2a MIG \u8bbe\u5907\u3002
"},{"location":"end-user/kpanda/gpu/nvidia/vgpu/hami.html","title":"\u6784\u5efa vGPU \u663e\u5b58\u8d85\u914d\u955c\u50cf","text":"Hami \u9879\u76ee\u4e2d vGPU \u663e\u5b58\u8d85\u914d\u7684\u529f\u80fd\u5df2\u7ecf\u4e0d\u5b58\u5728\uff0c\u76ee\u524d\u4f7f\u7528\u6709\u663e\u5b58\u8d85\u914d\u7684 libvgpu.so
\u6587\u4ef6\u91cd\u65b0\u6784\u5efa\u3002
FROM docker.m.daocloud.io/projecthami/hami:v2.3.11\nCOPY libvgpu.so /k8s-vgpu/lib/nvidia/\n
\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u6784\u5efa\u955c\u50cf\uff1a
docker build -t release.daocloud.io/projecthami/hami:v2.3.11 -f Dockerfile .\n
\u7136\u540e\u628a\u955c\u50cf push \u5230 release.daocloud.io
\u4e2d\u3002
\u5982\u9700\u5c06\u4e00\u5f20 NVIDIA \u865a\u62df\u5316\u6210\u591a\u4e2a\u865a\u62df GPU\uff0c\u5e76\u5c06\u5176\u5206\u914d\u7ed9\u4e0d\u540c\u7684\u4e91\u4e3b\u673a\u6216\u7528\u6237\uff0c\u60a8\u53ef\u4ee5\u4f7f\u7528 NVIDIA \u7684 vGPU \u80fd\u529b\u3002 \u672c\u8282\u4ecb\u7ecd\u5982\u4f55\u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4e2d\u5b89\u88c5 vGPU \u63d2\u4ef6\uff0c\u8fd9\u662f\u4f7f\u7528 NVIDIA vGPU \u80fd\u529b\u7684\u524d\u63d0\u3002
"},{"location":"end-user/kpanda/gpu/nvidia/vgpu/vgpu_addon.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u529f\u80fd\u6a21\u5757\u8def\u5f84\uff1a \u5bb9\u5668\u7ba1\u7406 -> \u96c6\u7fa4\u7ba1\u7406 \uff0c\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u4ece\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb Helm \u5e94\u7528 -> Helm \u6a21\u677f -> \u641c\u7d22 nvidia-vgpu \u3002
\u5728\u5b89\u88c5 vGPU \u7684\u8fc7\u7a0b\u4e2d\u63d0\u4f9b\u4e86\u51e0\u4e2a\u57fa\u672c\u4fee\u6539\u7684\u53c2\u6570\uff0c\u5982\u679c\u9700\u8981\u4fee\u6539\u9ad8\u7ea7\u53c2\u6570\u70b9\u51fb YAML \u5217\u8fdb\u884c\u4fee\u6539\uff1a
deviceCoreScaling \uff1aNVIDIA \u88c5\u7f6e\u7b97\u529b\u4f7f\u7528\u6bd4\u4f8b\uff0c\u9884\u8bbe\u503c\u662f 1\u3002\u53ef\u4ee5\u5927\u4e8e 1\uff08\u542f\u7528\u865a\u62df\u7b97\u529b\uff0c\u5b9e\u9a8c\u529f\u80fd\uff09\u3002\u5982\u679c\u6211\u4eec\u914d\u7f6e devicePlugin.deviceCoreScaling \u53c2\u6570\u4e3a S\uff0c\u5728\u90e8\u7f72\u4e86\u6211\u4eec\u88c5\u7f6e\u63d2\u4ef6\u7684 Kubernetes \u96c6\u7fa4\u4e2d\uff0c\u8fd9\u5f20 GPU \u5206\u51fa\u7684 vGPU \u5c06\u603b\u5171\u5305\u542b S * 100% \u7b97\u529b\u3002
deviceMemoryScaling \uff1aNVIDIA \u88c5\u7f6e\u663e\u5b58\u4f7f\u7528\u6bd4\u4f8b\uff0c\u9884\u8bbe\u503c\u662f 1\u3002\u53ef\u4ee5\u5927\u4e8e 1\uff08\u542f\u7528\u865a\u62df\u663e\u5b58\uff0c\u5b9e\u9a8c\u529f\u80fd\uff09\u3002 \u5bf9\u4e8e\u6709 M \u663e\u5b58\u5927\u5c0f\u7684 NVIDIA GPU\uff0c\u5982\u679c\u6211\u4eec\u914d\u7f6e devicePlugin.deviceMemoryScaling \u53c2\u6570\u4e3a S\uff0c \u5728\u90e8\u7f72\u4e86\u6211\u4eec\u88c5\u7f6e\u63d2\u4ef6\u7684 Kubernetes \u96c6\u7fa4\u4e2d\uff0c\u8fd9\u5f20 GPU \u5206\u51fa\u7684 vGPU \u5c06\u603b\u5171\u5305\u542b S * M \u663e\u5b58\u3002
deviceSplitCount \uff1a\u6574\u6570\u7c7b\u578b\uff0c\u9884\u8bbe\u503c\u662f 10\u3002GPU \u7684\u5206\u5272\u6570\uff0c\u6bcf\u4e00\u5f20 GPU \u90fd\u4e0d\u80fd\u5206\u914d\u8d85\u8fc7\u5176\u914d\u7f6e\u6570\u76ee\u7684\u4efb\u52a1\u3002 \u82e5\u5176\u914d\u7f6e\u4e3a N \u7684\u8bdd\uff0c\u6bcf\u4e2a GPU \u4e0a\u6700\u591a\u53ef\u4ee5\u540c\u65f6\u5b58\u5728 N \u4e2a\u4efb\u52a1\u3002
Resources \uff1a\u5c31\u662f\u5bf9\u5e94 vgpu-device-plugin \u548c vgpu-schedule pod \u7684\u8d44\u6e90\u4f7f\u7528\u91cf\u3002
ServiceMonitor \uff1a\u9ed8\u8ba4\u4e0d\u5f00\u542f\uff0c\u5f00\u542f\u540e\u53ef\u524d\u5f80\u53ef\u89c2\u6d4b\u6027\u6a21\u5757\u67e5\u770b vGPU \u76f8\u5173\u76d1\u63a7\u3002\u5982\u9700\u5f00\u542f\uff0c\u8bf7\u786e\u4fdd insight-agent \u5df2\u5b89\u88c5\u5e76\u5904\u4e8e\u8fd0\u884c\u72b6\u6001\uff0c\u5426\u5219\u5c06\u5bfc\u81f4 NVIDIA vGPU Addon \u5b89\u88c5\u5931\u8d25\u3002
\u5b89\u88c5\u6210\u529f\u4e4b\u540e\u4f1a\u5728\u6307\u5b9a Namespace \u4e0b\u51fa\u73b0\u5982\u4e0b\u4e24\u4e2a\u7c7b\u578b\u7684 Pod\uff0c\u5373\u8868\u793a NVIDIA vGPU \u63d2\u4ef6\u5df2\u5b89\u88c5\u6210\u529f\uff1a
\u5b89\u88c5\u6210\u529f\u540e\uff0c\u90e8\u7f72\u5e94\u7528\u53ef\u4f7f\u7528 vGPU \u8d44\u6e90\u3002
Note
NVIDIA vGPU Addon \u4e0d\u652f\u6301\u4ece\u8001\u7248\u672c v2.0.0 \u76f4\u63a5\u5347\u7ea7\u4e3a\u6700\u65b0\u7248 v2.0.0+1\uff1b \u5982\u9700\u5347\u7ea7\uff0c\u8bf7\u5378\u8f7d\u8001\u7248\u672c\u540e\u91cd\u65b0\u5b89\u88c5\u3002
"},{"location":"end-user/kpanda/gpu/nvidia/vgpu/vgpu_user.html","title":"\u5e94\u7528\u4f7f\u7528 Nvidia vGPU","text":"\u672c\u8282\u4ecb\u7ecd\u5982\u4f55\u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4f7f\u7528 vGPU \u80fd\u529b\u3002
"},{"location":"end-user/kpanda/gpu/nvidia/vgpu/vgpu_user.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u786e\u8ba4\u96c6\u7fa4\u662f\u5426\u5df2\u68c0\u6d4b GPU \u5361\u3002\u70b9\u51fb\u5bf9\u5e94 \u96c6\u7fa4 -> \u96c6\u7fa4\u8bbe\u7f6e -> Addon \u63d2\u4ef6 \uff0c\u67e5\u770b\u662f\u5426\u5df2\u81ea\u52a8\u542f\u7528\u5e76\u81ea\u52a8\u68c0\u6d4b\u5bf9\u5e94 GPU \u7c7b\u578b\u3002 \u76ee\u524d\u96c6\u7fa4\u4f1a\u81ea\u52a8\u542f\u7528 GPU \uff0c\u5e76\u4e14\u8bbe\u7f6e GPU \u7c7b\u578b\u4e3a Nvidia vGPU \u3002
\u90e8\u7f72\u5de5\u4f5c\u8d1f\u8f7d\uff0c\u70b9\u51fb\u5bf9\u5e94 \u96c6\u7fa4 -> \u5de5\u4f5c\u8d1f\u8f7d \uff0c\u901a\u8fc7\u955c\u50cf\u65b9\u5f0f\u90e8\u7f72\u5de5\u4f5c\u8d1f\u8f7d\uff0c\u9009\u62e9\u7c7b\u578b\uff08Nvidia vGPU\uff09\u4e4b\u540e\uff0c\u4f1a\u81ea\u52a8\u51fa\u73b0\u5982\u4e0b\u51e0\u4e2a\u53c2\u6570\u9700\u8981\u586b\u5199\uff1a
\u5982\u679c\u4e0a\u8ff0\u503c\u914d\u7f6e\u7684\u6709\u95ee\u9898\u5219\u4f1a\u51fa\u73b0\u8c03\u5ea6\u5931\u8d25\uff0c\u8d44\u6e90\u5206\u914d\u4e0d\u4e86\u7684\u60c5\u51b5\u3002
\u53c2\u8003\u5982\u4e0b\u5de5\u4f5c\u8d1f\u8f7d\u914d\u7f6e\uff0c\u5728\u8d44\u6e90\u7533\u8bf7\u548c\u9650\u5236\u914d\u7f6e\u4e2d\u589e\u52a0 nvidia.com/vgpu: '1' \u53c2\u6570\u6765\u914d\u7f6e\u5e94\u7528\u4f7f\u7528\u7269\u7406\u5361\u7684\u6570\u91cf\u3002
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: full-vgpu-demo\n namespace: default\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: full-vgpu-demo\n template:\n metadata:\n creationTimestamp: null\n labels:\n app: full-vgpu-demo\n spec:\n containers:\n - name: full-vgpu-demo1\n image: chrstnhntschl/gpu_burn\n resources:\n limits:\n nvidia.com/gpucores: '20' # \u7533\u8bf7\u6bcf\u5f20\u5361\u5360\u7528 20% \u7684 GPU \u7b97\u529b\n nvidia.com/gpumem: '200' # \u7533\u8bf7\u6bcf\u5f20\u5361\u5360\u7528 200MB \u7684\u663e\u5b58\n nvidia.com/vgpu: '1' # \u7533\u8bf7GPU\u7684\u6570\u91cf\n imagePullPolicy: Always\n restartPolicy: Always\n
"},{"location":"end-user/kpanda/gpu/volcano/drf.html","title":"DRF\uff08Dominant Resource Fairness\uff09 \u8c03\u5ea6\u7b56\u7565","text":"DRF \u8c03\u5ea6\u7b56\u7565\u8ba4\u4e3a\u5360\u7528\u8d44\u6e90\u8f83\u5c11\u7684\u4efb\u52a1\u5177\u6709\u66f4\u9ad8\u7684\u4f18\u5148\u7ea7\u3002\u8fd9\u6837\u80fd\u591f\u6ee1\u8db3\u66f4\u591a\u7684\u4f5c\u4e1a\uff0c\u4e0d\u4f1a\u56e0\u4e3a\u4e00\u4e2a\u80d6\u4e1a\u52a1\uff0c \u997f\u6b7b\u5927\u6279\u5c0f\u4e1a\u52a1\u3002DRF \u8c03\u5ea6\u7b97\u6cd5\u80fd\u591f\u786e\u4fdd\u5728\u591a\u79cd\u7c7b\u578b\u8d44\u6e90\u5171\u5b58\u7684\u73af\u5883\u4e0b\uff0c\u5c3d\u53ef\u80fd\u6ee1\u8db3\u5206\u914d\u7684\u516c\u5e73\u539f\u5219\u3002
"},{"location":"end-user/kpanda/gpu/volcano/drf.html#_1","title":"\u4f7f\u7528\u65b9\u5f0f","text":"DRF \u8c03\u5ea6\u7b56\u7565\u9ed8\u8ba4\u5df2\u542f\u7528\uff0c\u65e0\u9700\u4efb\u4f55\u914d\u7f6e\u3002
kubectl -n volcano-system view configmaps volcano-scheduler-configmap\n
"},{"location":"end-user/kpanda/gpu/volcano/drf.html#_2","title":"\u4f7f\u7528\u6848\u4f8b","text":"\u5728 AI \u8bad\u7ec3\uff0c\u6216\u5927\u6570\u636e\u8ba1\u7b97\u4e2d\uff0c\u901a\u8fc7\u6709\u9650\u8fd0\u884c\u4f7f\u7528\u8d44\u6e90\u5c11\u7684\u4efb\u52a1\uff0c\u8fd9\u6837\u53ef\u4ee5\u8ba9\u96c6\u7fa4\u8d44\u6e90\u4f7f\u7528\u7387\u66f4\u9ad8\uff0c\u800c\u4e14\u8fd8\u80fd\u907f\u514d\u5c0f\u4efb\u52a1\u88ab\u997f\u6b7b\u3002 \u5982\u4e0b\u521b\u5efa\u4e24\u4e2a Job\uff0c\u4e00\u4e2a\u662f\u5c0f\u8d44\u6e90\u9700\u6c42\uff0c\u4e00\u4e2a\u662f\u5927\u8d44\u6e90\u9700\u6c42\uff0c\u53ef\u4ee5\u770b\u51fa\u6765\u5c0f\u8d44\u6e90\u9700\u6c42\u7684 Job \u4f18\u5148\u8fd0\u884c\u8d77\u6765\u3002
cat <<EOF | kubectl apply -f - \napiVersion: batch.volcano.sh/v1alpha1 \nkind: Job \nmetadata: \n name: small-resource \nspec: \n schedulerName: volcano \n minAvailable: 4 \n priorityClassName: small-resource \n tasks: \n - replicas: 4 \n name: \"test\" \n template: \n spec: \n containers: \n - image: alpine \n command: [\"/bin/sh\", \"-c\", \"sleep 1000\"] \n imagePullPolicy: IfNotPresent \n name: running \n resources: \n requests: \n cpu: \"1\" \n restartPolicy: OnFailure \n--- \napiVersion: batch.volcano.sh/v1alpha1 \nkind: Job \nmetadata: \n name: large-resource \nspec: \n schedulerName: volcano \n minAvailable: 4 \n priorityClassName: large-resource \n tasks: \n - replicas: 4 \n name: \"test\" \n template: \n spec: \n containers: \n - image: alpine \n command: [\"/bin/sh\", \"-c\", \"sleep 1000\"] \n imagePullPolicy: IfNotPresent \n name: running \n resources: \n requests: \n cpu: \"2\" \n restartPolicy: OnFailure \nEOF\n
"},{"location":"end-user/kpanda/gpu/volcano/numa.html","title":"NUMA \u4eb2\u548c\u6027\u8c03\u5ea6","text":"NUMA \u8282\u70b9\u662f Non-Uniform Memory Access\uff08\u975e\u7edf\u4e00\u5185\u5b58\u8bbf\u95ee\uff09\u67b6\u6784\u4e2d\u7684\u4e00\u4e2a\u57fa\u672c\u7ec4\u6210\u5355\u5143\uff0c\u4e00\u4e2a Node \u8282\u70b9\u662f\u591a\u4e2a NUMA \u8282\u70b9\u7684\u96c6\u5408\uff0c \u5728\u591a\u4e2a NUMA \u8282\u70b9\u4e4b\u95f4\u8fdb\u884c\u5185\u5b58\u8bbf\u95ee\u65f6\u4f1a\u4ea7\u751f\u5ef6\u8fdf\uff0c\u5f00\u53d1\u8005\u53ef\u4ee5\u901a\u8fc7\u4f18\u5316\u4efb\u52a1\u8c03\u5ea6\u548c\u5185\u5b58\u5206\u914d\u7b56\u7565\uff0c\u6765\u63d0\u9ad8\u5185\u5b58\u8bbf\u95ee\u6548\u7387\u548c\u6574\u4f53\u6027\u80fd\u3002
"},{"location":"end-user/kpanda/gpu/volcano/numa.html#_1","title":"\u4f7f\u7528\u573a\u666f","text":"Numa \u4eb2\u548c\u6027\u8c03\u5ea6\u7684\u5e38\u89c1\u573a\u666f\u662f\u90a3\u4e9b\u5bf9 CPU \u53c2\u6570\u654f\u611f/\u8c03\u5ea6\u5ef6\u8fdf\u654f\u611f\u7684\u8ba1\u7b97\u5bc6\u96c6\u578b\u4f5c\u4e1a\u3002\u5982\u79d1\u5b66\u8ba1\u7b97\u3001\u89c6\u9891\u89e3\u7801\u3001\u52a8\u6f2b\u52a8\u753b\u6e32\u67d3\u3001\u5927\u6570\u636e\u79bb\u7ebf\u5904\u7406\u7b49\u5177\u4f53\u573a\u666f\u3002
"},{"location":"end-user/kpanda/gpu/volcano/numa.html#_2","title":"\u8c03\u5ea6\u7b56\u7565","text":"Pod \u8c03\u5ea6\u65f6\u53ef\u4ee5\u91c7\u7528\u7684 NUMA \u653e\u7f6e\u7b56\u7565\uff0c\u5177\u4f53\u7b56\u7565\u5bf9\u5e94\u7684\u8c03\u5ea6\u884c\u4e3a\u8bf7\u53c2\u89c1 Pod \u8c03\u5ea6\u884c\u4e3a\u8bf4\u660e\u3002
\u5f53Pod\u8bbe\u7f6e\u4e86\u62d3\u6251\u7b56\u7565\u65f6\uff0cVolcano \u4f1a\u6839\u636e Pod \u8bbe\u7f6e\u7684\u62d3\u6251\u7b56\u7565\u9884\u6d4b\u5339\u914d\u7684\u8282\u70b9\u5217\u8868\u3002 \u8c03\u5ea6\u8fc7\u7a0b\u5982\u4e0b\uff1a
\u6839\u636e Pod \u8bbe\u7f6e\u7684 Volcano \u62d3\u6251\u7b56\u7565\uff0c\u7b5b\u9009\u5177\u6709\u76f8\u540c\u7b56\u7565\u7684\u8282\u70b9\u3002
\u5728\u8bbe\u7f6e\u4e86\u76f8\u540c\u7b56\u7565\u7684\u8282\u70b9\u4e2d\uff0c\u7b5b\u9009 CPU \u62d3\u6251\u6ee1\u8db3\u8be5\u7b56\u7565\u8981\u6c42\u7684\u8282\u70b9\u8fdb\u884c\u8c03\u5ea6\u3002
\u5728 Job \u4e2d\u914d\u7f6e policies
task: \n - replicas: 1 \n name: \"test-1\" \n topologyPolicy: single-numa-node \n - replicas: 1 \n name: \"test-2\" \n topologyPolicy: best-effort \n
\u4fee\u6539 kubelet \u7684\u8c03\u5ea6\u7b56\u7565\uff0c\u8bbe\u7f6e --topology-manager-policy
\u53c2\u6570\uff0c\u652f\u6301\u7684\u7b56\u7565\u6709\u56db\u79cd\uff1a
none
\uff08\u9ed8\u8ba4\uff09best-effort
restricted
single-numa-node
\u793a\u4f8b\u4e00\uff1a\u5728\u65e0\u72b6\u6001\u5de5\u4f5c\u8d1f\u8f7d\u4e2d\u914d\u7f6e NUMA \u4eb2\u548c\u6027\u3002
kind: Deployment \napiVersion: apps/v1 \nmetadata: \n name: numa-tset \nspec: \n replicas: 1 \n selector: \n matchLabels: \n app: numa-tset \n template: \n metadata: \n labels: \n app: numa-tset \n annotations: \n volcano.sh/numa-topology-policy: single-numa-node # set the topology policy \n spec: \n containers: \n - name: container-1 \n image: nginx:alpine \n resources: \n requests: \n cpu: 2 # \u5fc5\u987b\u4e3a\u6574\u6570\uff0c\u4e14\u9700\u8981\u4e0elimits\u4e2d\u4e00\u81f4 \n memory: 2048Mi \n limits: \n cpu: 2 # \u5fc5\u987b\u4e3a\u6574\u6570\uff0c\u4e14\u9700\u8981\u4e0erequests\u4e2d\u4e00\u81f4 \n memory: 2048Mi \n imagePullSecrets: \n - name: default-secret\n
\u793a\u4f8b\u4e8c\uff1a\u521b\u5efa\u4e00\u4e2a Volcano Job\uff0c\u5e76\u4f7f\u7528 NUMA \u4eb2\u548c\u6027\u3002
apiVersion: batch.volcano.sh/v1alpha1 \nkind: Job \nmetadata: \n name: vj-test \nspec: \n schedulerName: volcano \n minAvailable: 1 \n tasks: \n - replicas: 1 \n name: \"test\" \n topologyPolicy: best-effort # set the topology policy for task \n template: \n spec: \n containers: \n - image: alpine \n command: [\"/bin/sh\", \"-c\", \"sleep 1000\"] \n imagePullPolicy: IfNotPresent \n name: running \n resources: \n limits: \n cpu: 20 \n memory: \"100Mi\" \n restartPolicy: OnFailure\n
\u5047\u8bbe NUMA \u8282\u70b9\u60c5\u51b5\u5982\u4e0b\uff1a
\u5de5\u4f5c\u8282\u70b9 \u8282\u70b9\u7b56\u7565\u62d3\u6251\u7ba1\u7406\u5668\u7b56\u7565 NUMA \u8282\u70b9 0 \u4e0a\u7684\u53ef\u5206\u914d CPU NUMA \u8282\u70b9 1 \u4e0a\u7684\u53ef\u5206\u914d CPU node-1 single-numa-node 16U 16U node-2 best-effort 16U 16U node-3 best-effort 20U 20U\u60a8\u53ef\u4ee5\u901a\u8fc7 lscpu \u547d\u4ee4\u67e5\u770b\u5f53\u524d\u8282\u70b9\u7684 CPU \u6982\u51b5\uff1a
lscpu \n... \nCPU(s): 32 \nNUMA node(s): 2 \nNUMA node0 CPU(s): 0-15 \nNUMA node1 CPU(s): 16-31\n
"},{"location":"end-user/kpanda/gpu/volcano/numa.html#cpu_1","title":"\u67e5\u770b\u5f53\u524d\u8282\u70b9\u7684 CPU \u5206\u914d","text":"\u7136\u540e\u67e5\u770b NUMA \u8282\u70b9\u4f7f\u7528\u60c5\u51b5\uff1a
# \u67e5\u770b\u5f53\u524d\u8282\u70b9\u7684 CPU \u5206\u914d\ncat /var/lib/kubelet/cpu_manager_state\n{\"policyName\":\"static\",\"defaultCpuSet\":\"0,10-15,25-31\",\"entries\":{\"777870b5-c64f-42f5-9296-688b9dc212ba\":{\"container-1\":\"16-24\"},\"fb15e10a-b6a5-4aaa-8fcd-76c1aa64e6fd\":{\"container-1\":\"1-9\"}},\"checksum\":318470969}\n
\u4ee5\u4e0a\u793a\u4f8b\u4e2d\u8868\u793a\uff0c\u8282\u70b9\u4e0a\u8fd0\u884c\u4e86\u4e24\u4e2a\u5bb9\u5668\uff0c\u4e00\u4e2a\u5360\u7528\u4e86 NUMA node0 \u76841-9 \u6838\uff0c\u53e6\u4e00\u4e2a\u5360\u7528\u4e86 NUMA node1 \u7684 16-24 \u6838\u3002
"},{"location":"end-user/kpanda/gpu/volcano/volcano-gang-scheduler.html","title":"\u4f7f\u7528 Volcano \u7684 Gang Scheduler","text":"Gang \u8c03\u5ea6\u7b56\u7565\u662f volcano-scheduler \u7684\u6838\u5fc3\u8c03\u5ea6\u7b97\u6cd5\u4e4b\u4e00\uff0c\u5b83\u6ee1\u8db3\u4e86\u8c03\u5ea6\u8fc7\u7a0b\u4e2d\u7684 \u201cAll or nothing\u201d \u7684\u8c03\u5ea6\u9700\u6c42\uff0c \u907f\u514d Pod \u7684\u4efb\u610f\u8c03\u5ea6\u5bfc\u81f4\u96c6\u7fa4\u8d44\u6e90\u7684\u6d6a\u8d39\u3002\u5177\u4f53\u7b97\u6cd5\u662f\uff0c\u89c2\u5bdf Job \u4e0b\u7684 Pod \u5df2\u8c03\u5ea6\u6570\u91cf\u662f\u5426\u6ee1\u8db3\u4e86\u6700\u5c0f\u8fd0\u884c\u6570\u91cf\uff0c \u5f53 Job \u7684\u6700\u5c0f\u8fd0\u884c\u6570\u91cf\u5f97\u5230\u6ee1\u8db3\u65f6\uff0c\u4e3a Job \u4e0b\u7684\u6240\u6709 Pod \u6267\u884c\u8c03\u5ea6\u52a8\u4f5c\uff0c\u5426\u5219\uff0c\u4e0d\u6267\u884c\u3002
"},{"location":"end-user/kpanda/gpu/volcano/volcano-gang-scheduler.html#_1","title":"\u4f7f\u7528\u573a\u666f","text":"\u57fa\u4e8e\u5bb9\u5668\u7ec4\u6982\u5ff5\u7684 Gang \u8c03\u5ea6\u7b97\u6cd5\u5341\u5206\u9002\u5408\u9700\u8981\u591a\u8fdb\u7a0b\u534f\u4f5c\u7684\u573a\u666f\u3002AI \u573a\u666f\u5f80\u5f80\u5305\u542b\u590d\u6742\u7684\u6d41\u7a0b\uff0c Data Ingestion\u3001Data Analysts\u3001Data Splitting\u3001Trainer\u3001Serving\u3001Logging \u7b49\uff0c \u9700\u8981\u4e00\u7ec4\u5bb9\u5668\u8fdb\u884c\u534f\u540c\u5de5\u4f5c\uff0c\u5c31\u5f88\u9002\u5408\u57fa\u4e8e\u5bb9\u5668\u7ec4\u7684 Gang \u8c03\u5ea6\u7b56\u7565\u3002 MPI \u8ba1\u7b97\u6846\u67b6\u4e0b\u7684\u591a\u7ebf\u7a0b\u5e76\u884c\u8ba1\u7b97\u901a\u4fe1\u573a\u666f\uff0c\u7531\u4e8e\u9700\u8981\u4e3b\u4ece\u8fdb\u7a0b\u534f\u540c\u5de5\u4f5c\uff0c\u4e5f\u975e\u5e38\u9002\u5408\u4f7f\u7528 Gang \u8c03\u5ea6\u7b56\u7565\u3002 \u5bb9\u5668\u7ec4\u4e0b\u7684\u5bb9\u5668\u9ad8\u5ea6\u76f8\u5173\u4e5f\u53ef\u80fd\u5b58\u5728\u8d44\u6e90\u4e89\u62a2\uff0c\u6574\u4f53\u8c03\u5ea6\u5206\u914d\uff0c\u80fd\u591f\u6709\u6548\u89e3\u51b3\u6b7b\u9501\u3002
\u5728\u96c6\u7fa4\u8d44\u6e90\u4e0d\u8db3\u7684\u573a\u666f\u4e0b\uff0cGang \u7684\u8c03\u5ea6\u7b56\u7565\u5bf9\u4e8e\u96c6\u7fa4\u8d44\u6e90\u7684\u5229\u7528\u7387\u7684\u63d0\u5347\u662f\u975e\u5e38\u660e\u663e\u7684\u3002 \u6bd4\u5982\u96c6\u7fa4\u73b0\u5728\u53ea\u80fd\u5bb9\u7eb3 2 \u4e2a Pod\uff0c\u73b0\u5728\u8981\u6c42\u6700\u5c0f\u8c03\u5ea6\u7684 Pod \u6570\u4e3a 3\u3002 \u90a3\u73b0\u5728\u8fd9\u4e2a Job \u7684\u6240\u6709\u7684 Pod \u90fd\u4f1a pending\uff0c\u76f4\u5230\u96c6\u7fa4\u80fd\u591f\u5bb9\u7eb3 3 \u4e2a Pod\uff0cPod \u624d\u4f1a\u88ab\u8c03\u5ea6\u3002 \u6709\u6548\u9632\u6b62\u8c03\u5ea6\u90e8\u5206 Pod\uff0c\u4e0d\u6ee1\u8db3\u8981\u6c42\u53c8\u5360\u7528\u4e86\u8d44\u6e90\uff0c\u4f7f\u5176\u4ed6 Job \u65e0\u6cd5\u8fd0\u884c\u7684\u60c5\u51b5\u3002
"},{"location":"end-user/kpanda/gpu/volcano/volcano-gang-scheduler.html#_2","title":"\u6982\u5ff5\u8bf4\u660e","text":"Gang Scheduler \u662f Volcano \u7684\u6838\u5fc3\u7684\u8c03\u5ea6\u63d2\u4ef6\uff0c\u5b89\u88c5 Volcano \u540e\u9ed8\u8ba4\u5c31\u5f00\u542f\u4e86\u3002 \u5728\u521b\u5efa\u5de5\u4f5c\u8d1f\u8f7d\u65f6\u53ea\u9700\u8981\u6307\u5b9a\u8c03\u5ea6\u5668\u7684\u540d\u79f0\u4e3a Volcano \u5373\u53ef\u3002
Volcano \u662f\u4ee5 PodGroup \u4e3a\u5355\u4f4d\u8fdb\u884c\u8c03\u5ea6\u7684\uff0c\u5728\u521b\u5efa\u5de5\u4f5c\u8d1f\u8f7d\u65f6\uff0c\u5e76\u4e0d\u9700\u8981\u624b\u52a8\u521b\u5efa PodGroup \u8d44\u6e90\uff0c Volcano \u4f1a\u6839\u636e\u5de5\u4f5c\u8d1f\u8f7d\u7684\u4fe1\u606f\u81ea\u52a8\u521b\u5efa\u3002\u4e0b\u9762\u662f\u4e00\u4e2a PodGroup \u7684\u793a\u4f8b\uff1a
apiVersion: scheduling.volcano.sh/v1beta1\nkind: PodGroup\nmetadata:\n name: test\n namespace: default\nspec:\n minMember: 1 # (1)!\n minResources: # (2)!\n cpu: \"3\"\n memory: \"2048Mi\"\n priorityClassName: high-prority # (3)!\n queue: default # (4)!\n
\u5728 MPI \u8ba1\u7b97\u6846\u67b6\u4e0b\u7684\u591a\u7ebf\u7a0b\u5e76\u884c\u8ba1\u7b97\u901a\u4fe1\u573a\u666f\u4e2d\uff0c\u6211\u4eec\u8981\u786e\u4fdd\u6240\u6709\u7684 Pod \u90fd\u80fd\u8c03\u5ea6\u6210\u529f\u624d\u80fd\u4fdd\u8bc1\u4efb\u52a1\u6b63\u5e38\u5b8c\u6210\u3002 \u8bbe\u7f6e minAvailable \u4e3a 4\uff0c\u8868\u793a\u8981\u6c42 1 \u4e2a mpimaster \u548c 3 \u4e2a mpiworker \u80fd\u8fd0\u884c\u3002
apiVersion: batch.volcano.sh/v1alpha1\nkind: Job\nmetadata:\n name: lm-mpi-job\n labels:\n \"volcano.sh/job-type\": \"MPI\"\nspec:\n minAvailable: 4\n schedulerName: volcano\n plugins:\n ssh: []\n svc: []\n policies:\n - event: PodEvicted\n action: RestartJob\n tasks:\n - replicas: 1\n name: mpimaster\n policies:\n - event: TaskCompleted\n action: CompleteJob\n template:\n spec:\n containers:\n - command:\n - /bin/sh\n - -c\n - |\n MPI_HOST=`cat /etc/volcano/mpiworker.host | tr \"\\n\" \",\"`;\n mkdir -p /var/run/sshd; /usr/sbin/sshd;\n mpiexec --allow-run-as-root --host ${MPI_HOST} -np 3 mpi_hello_world;\n image: docker.m.daocloud.io/volcanosh/example-mpi:0.0.1\n name: mpimaster\n ports:\n - containerPort: 22\n name: mpijob-port\n workingDir: /home\n resources:\n requests:\n cpu: \"500m\"\n limits:\n cpu: \"500m\"\n restartPolicy: OnFailure\n imagePullSecrets:\n - name: default-secret\n - replicas: 3\n name: mpiworker\n template:\n spec:\n containers:\n - command:\n - /bin/sh\n - -c\n - |\n mkdir -p /var/run/sshd; /usr/sbin/sshd -D;\n image: docker.m.daocloud.io/volcanosh/example-mpi:0.0.1\n name: mpiworker\n ports:\n - containerPort: 22\n name: mpijob-port\n workingDir: /home\n resources:\n requests:\n cpu: \"1000m\"\n limits:\n cpu: \"1000m\"\n restartPolicy: OnFailure\n imagePullSecrets:\n - name: default-secret\n
\u751f\u6210 PodGroup \u7684\u8d44\u6e90\uff1a
apiVersion: scheduling.volcano.sh/v1beta1\nkind: PodGroup\nmetadata:\n annotations:\n creationTimestamp: \"2024-05-28T09:18:50Z\"\n generation: 5\n labels:\n volcano.sh/job-type: MPI\n name: lm-mpi-job-9c571015-37c7-4a1a-9604-eaa2248613f2\n namespace: default\n ownerReferences:\n - apiVersion: batch.volcano.sh/v1alpha1\n blockOwnerDeletion: true\n controller: true\n kind: Job\n name: lm-mpi-job\n uid: 9c571015-37c7-4a1a-9604-eaa2248613f2\n resourceVersion: \"25173454\"\n uid: 7b04632e-7cff-4884-8e9a-035b7649d33b\nspec:\n minMember: 4\n minResources:\n count/pods: \"4\"\n cpu: 3500m\n limits.cpu: 3500m\n pods: \"4\"\n requests.cpu: 3500m\n minTaskMember:\n mpimaster: 1\n mpiworker: 3\n queue: default\nstatus:\n conditions:\n - lastTransitionTime: \"2024-05-28T09:19:01Z\"\n message: '3/4 tasks in gang unschedulable: pod group is not ready, 1 Succeeded,\n 3 Releasing, 4 minAvailable'\n reason: NotEnoughResources\n status: \"True\"\n transitionID: f875efa5-0358-4363-9300-06cebc0e7466\n type: Unschedulable\n - lastTransitionTime: \"2024-05-28T09:18:53Z\"\n reason: tasks in gang are ready to be scheduled\n status: \"True\"\n transitionID: 5a7708c8-7d42-4c33-9d97-0581f7c06dab\n type: Scheduled\n phase: Pending\n succeeded: 1\n
\u4ece PodGroup \u53ef\u4ee5\u770b\u51fa\uff0c\u901a\u8fc7 ownerReferences \u5173\u8054\u5230\u5de5\u4f5c\u8d1f\u8f7d\uff0c\u5e76\u8bbe\u7f6e\u6700\u5c0f\u8fd0\u884c\u7684 Pod \u6570\u4e3a 4\u3002
"},{"location":"end-user/kpanda/gpu/volcano/volcano_binpack.html","title":"\u4f7f\u7528 Volcano Binpack \u8c03\u5ea6\u7b56\u7565","text":"Binpack \u8c03\u5ea6\u7b97\u6cd5\u7684\u76ee\u6807\u662f\u5c3d\u91cf\u628a\u5df2\u88ab\u5360\u7528\u7684\u8282\u70b9\u586b\u6ee1\uff08\u5c3d\u91cf\u4e0d\u5f80\u7a7a\u767d\u8282\u70b9\u5206\u914d\uff09\u3002\u5177\u4f53\u5b9e\u73b0\u4e0a\uff0cBinpack \u8c03\u5ea6\u7b97\u6cd5\u4f1a\u7ed9\u6295\u9012\u7684\u8282\u70b9\u6253\u5206\uff0c \u5206\u6570\u8d8a\u9ad8\u8868\u793a\u8282\u70b9\u7684\u8d44\u6e90\u5229\u7528\u7387\u8d8a\u9ad8\u3002\u901a\u8fc7\u5c3d\u53ef\u80fd\u586b\u6ee1\u8282\u70b9\uff0c\u5c06\u5e94\u7528\u8d1f\u8f7d\u9760\u62e2\u5728\u90e8\u5206\u8282\u70b9\uff0c\u8fd9\u79cd\u8c03\u5ea6\u7b97\u6cd5\u80fd\u591f\u5c3d\u53ef\u80fd\u51cf\u5c0f\u8282\u70b9\u5185\u7684\u788e\u7247\uff0c \u5728\u7a7a\u95f2\u7684\u673a\u5668\u4e0a\u4e3a\u7533\u8bf7\u4e86\u66f4\u5927\u8d44\u6e90\u8bf7\u6c42\u7684 Pod \u9884\u7559\u8db3\u591f\u7684\u8d44\u6e90\u7a7a\u95f4\uff0c\u4f7f\u96c6\u7fa4\u4e0b\u7a7a\u95f2\u8d44\u6e90\u5f97\u5230\u6700\u5927\u5316\u7684\u5229\u7528\u3002
"},{"location":"end-user/kpanda/gpu/volcano/volcano_binpack.html#_1","title":"\u524d\u7f6e\u6761\u4ef6","text":"\u9884\u5148\u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4e0a\u5b89\u88c5 Volcano \u7ec4\u4ef6\u3002
"},{"location":"end-user/kpanda/gpu/volcano/volcano_binpack.html#binpack","title":"Binpack \u7b97\u6cd5\u539f\u7406","text":"Binpack \u5728\u5bf9\u4e00\u4e2a\u8282\u70b9\u6253\u5206\u65f6\uff0c\u4f1a\u6839\u636e Binpack \u63d2\u4ef6\u81ea\u8eab\u6743\u91cd\u548c\u5404\u8d44\u6e90\u8bbe\u7f6e\u7684\u6743\u91cd\u503c\u7efc\u5408\u6253\u5206\u3002 \u9996\u5148\uff0c\u5bf9 Pod \u8bf7\u6c42\u8d44\u6e90\u4e2d\u7684\u6bcf\u7c7b\u8d44\u6e90\u4f9d\u6b21\u6253\u5206\uff0c\u4ee5 CPU \u4e3a\u4f8b\uff0cCPU \u8d44\u6e90\u5728\u5f85\u8c03\u5ea6\u8282\u70b9\u7684\u5f97\u5206\u4fe1\u606f\u5982\u4e0b\uff1a
CPU.weight * (request + used) / allocatable\n
\u5373 CPU \u6743\u91cd\u503c\u8d8a\u9ad8\uff0c\u5f97\u5206\u8d8a\u9ad8\uff0c\u8282\u70b9\u8d44\u6e90\u4f7f\u7528\u91cf\u8d8a\u6ee1\uff0c\u5f97\u5206\u8d8a\u9ad8\u3002Memory\u3001GPU \u7b49\u8d44\u6e90\u539f\u7406\u7c7b\u4f3c\u3002\u5176\u4e2d\uff1a
\u901a\u8fc7 Binpack \u7b56\u7565\u7684\u8282\u70b9\u603b\u5f97\u5206\u5982\u4e0b\uff1a
binpack.weight - (CPU.score + Memory.score + GPU.score) / (CPU.weight + Memory.weight + GPU.weight) - 100\n
\u5373 Binpack \u63d2\u4ef6\u7684\u6743\u91cd\u503c\u8d8a\u5927\uff0c\u5f97\u5206\u8d8a\u9ad8\uff0c\u67d0\u7c7b\u8d44\u6e90\u7684\u6743\u91cd\u8d8a\u5927\uff0c\u8be5\u8d44\u6e90\u5728\u6253\u5206\u65f6\u7684\u5360\u6bd4\u8d8a\u5927\u3002\u5176\u4e2d\uff1a
\u5982\u56fe\u6240\u793a\uff0c\u96c6\u7fa4\u4e2d\u5b58\u5728\u4e24\u4e2a\u8282\u70b9\uff0c\u5206\u522b\u4e3a Node1 \u548c Node 2\uff0c\u5728\u8c03\u5ea6 Pod \u65f6\uff0cBinpack \u7b56\u7565\u5bf9\u4e24\u4e2a\u8282\u70b9\u5206\u522b\u6253\u5206\u3002 \u5047\u8bbe\u96c6\u7fa4\u4e2d CPU.weight \u914d\u7f6e\u4e3a 1\uff0cMemory.weight \u914d\u7f6e\u4e3a 1\uff0cGPU.weight \u914d\u7f6e\u4e3a 2\uff0cbinpack.weight \u914d\u7f6e\u4e3a 5\u3002
Binpack \u5bf9 Node 1 \u7684\u8d44\u6e90\u6253\u5206\uff0c\u5404\u8d44\u6e90\u7684\u8ba1\u7b97\u516c\u5f0f\u4e3a\uff1a
CPU Score\uff1a
CPU.weight - (request + used) / allocatable = 1 - (2 + 4) / 8 = 0.75
Memory Score\uff1a
Memory.weight - (request + used) / allocatable = 1 - (4 + 8) / 16 = 0.75
GPU Score\uff1a
GPU.weight - (request + used) / allocatable = 2 - (4 + 4) / 8 = 2
\u8282\u70b9\u603b\u5f97\u5206\u7684\u8ba1\u7b97\u516c\u5f0f\u4e3a\uff1a
binpack.weight - (CPU.score + Memory.score + GPU.score) / (CPU.weight + Memory.weight + GPU.weight) - 100\n
\u5047\u8bbe binpack.weight \u914d\u7f6e\u4e3a 5\uff0cNode 1 \u5728 Binpack \u7b56\u7565\u4e0b\u7684\u5f97\u5206\u4e3a\uff1a
5 - (0.75 + 0.75 + 2) / (1 + 1 + 2) - 100 = 437.5\n
Binpack \u5bf9 Node 2 \u7684\u8d44\u6e90\u6253\u5206\uff1a
CPU Score\uff1a
CPU.weight - (request + used) / allocatable = 1 - (2 + 6) / 8 = 1
Memory Score\uff1a
Memory.weight - (request + used) / allocatable = 1 - (4 + 8) / 16 = 0.75
GPU Score\uff1a
GPU.weight - (request + used) / allocatable = 2 - (4 + 4) / 8 = 2
Node 2 \u5728 Binpack \u7b56\u7565\u4e0b\u7684\u5f97\u5206\u4e3a\uff1a
5 - (1 + 0.75 + 2) / (1 + 1 + 2) - 100 = 468.75\n
\u7efc\u4e0a\uff0cNode 2 \u5f97\u5206\u5927\u4e8e Node 1\uff0c\u6309\u7167 Binpack \u7b56\u7565\uff0cPod \u5c06\u4f1a\u4f18\u5148\u8c03\u5ea6\u81f3 Node 2\u3002
"},{"location":"end-user/kpanda/gpu/volcano/volcano_binpack.html#_2","title":"\u4f7f\u7528\u6848\u4f8b","text":"Binpack \u8c03\u5ea6\u63d2\u4ef6\u5728\u5b89\u88c5 Volcano \u7684\u65f6\u5019\u9ed8\u8ba4\u5c31\u4f1a\u5f00\u542f\uff1b\u5982\u679c\u7528\u6237\u6ca1\u6709\u914d\u7f6e\u6743\u91cd\uff0c\u5219\u4f7f\u7528\u5982\u4e0b\u9ed8\u8ba4\u7684\u914d\u7f6e\u6743\u91cd\u3002
- plugins:\n - name: binpack\n arguments:\n binpack.weight: 1\n binpack.cpu: 1\n binpack.memory: 1\n
\u9ed8\u8ba4\u6743\u91cd\u4e0d\u80fd\u4f53\u73b0\u5806\u53e0\u7279\u6027\uff0c\u56e0\u6b64\u9700\u8981\u4fee\u6539\u4e3a binpack.weight: 10
\u3002
kubectl -n volcano-system edit configmaps volcano-scheduler-configmap\n
- plugins:\n - name: binpack\n arguments:\n binpack.weight: 10\n binpack.cpu: 1\n binpack.memory: 1\n binpack.resources: nvidia.com/gpu, example.com/foo\n binpack.resources.nvidia.com/gpu: 2\n binpack.resources.example.com/foo: 3\n
\u6539\u597d\u4e4b\u540e\u91cd\u542f volcano-scheduler Pod \u4f7f\u5176\u751f\u6548\u3002
\u521b\u5efa\u5982\u4e0b\u7684 Deployment\u3002
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: binpack-test\n labels:\n app: binpack-test\nspec:\n replicas: 2\n selector:\n matchLabels:\n app: test\n template:\n metadata:\n labels:\n app: test\n spec:\n schedulerName: volcano\n containers:\n - name: test\n image: busybox\n imagePullPolicy: IfNotPresent\n command: [\"sh\", \"-c\", 'echo \"Hello, Kubernetes!\" && sleep 3600']\n resources:\n requests:\n cpu: 500m\n limits:\n cpu: 500m\n
\u5728\u4e24\u4e2a Node \u7684\u96c6\u7fa4\u4e0a\u53ef\u4ee5\u770b\u5230 Pod \u88ab\u8c03\u5ea6\u5230\u4e00\u4e2a Node \u4e0a\u3002
"},{"location":"end-user/kpanda/gpu/volcano/volcano_priority.html","title":"\u4f18\u5148\u7ea7\u62a2\u5360\uff08Preemption scheduling\uff09\u7b56\u7565","text":"Volcano \u901a\u8fc7 Priority \u63d2\u4ef6\u5b9e\u73b0\u4e86\u4f18\u5148\u7ea7\u62a2\u5360\u7b56\u7565\uff0c\u5373 Preemption scheduling \u7b56\u7565\u3002\u5728\u96c6\u7fa4\u8d44\u6e90\u6709\u9650\u4e14\u591a\u4e2a Job \u7b49\u5f85\u8c03\u5ea6\u65f6\uff0c \u5982\u679c\u4f7f\u7528 Kubernetes \u9ed8\u8ba4\u8c03\u5ea6\u5668\uff0c\u53ef\u80fd\u4f1a\u5bfc\u81f4\u5177\u6709\u66f4\u591a Pod \u6570\u91cf\u7684 Job \u5206\u5f97\u66f4\u591a\u8d44\u6e90\u3002\u800c Volcano-scheduler \u63d0\u4f9b\u4e86\u7b97\u6cd5\uff0c\u652f\u6301\u4e0d\u540c\u7684 Job \u4ee5 fair-share \u7684\u5f62\u5f0f\u5171\u4eab\u96c6\u7fa4\u8d44\u6e90\u3002
Priority \u63d2\u4ef6\u5141\u8bb8\u7528\u6237\u81ea\u5b9a\u4e49 Job \u548c Task \u7684\u4f18\u5148\u7ea7\uff0c\u5e76\u6839\u636e\u9700\u6c42\u5728\u4e0d\u540c\u5c42\u6b21\u4e0a\u5b9a\u5236\u8c03\u5ea6\u7b56\u7565\u3002 \u4f8b\u5982\uff0c\u5bf9\u4e8e\u91d1\u878d\u573a\u666f\u3001\u7269\u8054\u7f51\u76d1\u63a7\u573a\u666f\u7b49\u9700\u8981\u8f83\u9ad8\u5b9e\u65f6\u6027\u7684\u5e94\u7528\uff0cPriority \u63d2\u4ef6\u80fd\u591f\u786e\u4fdd\u5176\u4f18\u5148\u5f97\u5230\u8c03\u5ea6\u3002
"},{"location":"end-user/kpanda/gpu/volcano/volcano_priority.html#_1","title":"\u4f7f\u7528\u65b9\u5f0f","text":"\u4f18\u5148\u7ea7\u7684\u51b3\u5b9a\u57fa\u4e8e\u914d\u7f6e\u7684 PriorityClass \u4e2d\u7684 Value \u503c\uff0c\u503c\u8d8a\u5927\u4f18\u5148\u7ea7\u8d8a\u9ad8\u3002\u9ed8\u8ba4\u5df2\u542f\u7528\uff0c\u65e0\u9700\u4fee\u6539\u3002\u53ef\u901a\u8fc7\u4ee5\u4e0b\u547d\u4ee4\u786e\u8ba4\u6216\u4fee\u6539\u3002
kubectl -n volcano-system edit configmaps volcano-scheduler-configmap\n
"},{"location":"end-user/kpanda/gpu/volcano/volcano_priority.html#_2","title":"\u4f7f\u7528\u6848\u4f8b","text":"\u5047\u8bbe\u96c6\u7fa4\u4e2d\u5b58\u5728\u4e24\u4e2a\u7a7a\u95f2\u8282\u70b9\uff0c\u5e76\u6709\u4e09\u4e2a\u4f18\u5148\u7ea7\u4e0d\u540c\u7684\u5de5\u4f5c\u8d1f\u8f7d\uff1ahigh-priority\u3001med-priority \u548c low-priority\u3002 \u5f53 high-priority \u5de5\u4f5c\u8d1f\u8f7d\u8fd0\u884c\u5e76\u5360\u6ee1\u96c6\u7fa4\u8d44\u6e90\u540e\uff0c\u518d\u63d0\u4ea4 med-priority \u548c low-priority \u5de5\u4f5c\u8d1f\u8f7d\u3002 \u7531\u4e8e\u96c6\u7fa4\u8d44\u6e90\u5168\u90e8\u88ab\u66f4\u9ad8\u4f18\u5148\u7ea7\u7684\u5de5\u4f5c\u8d1f\u8f7d\u5360\u7528\uff0cmed-priority \u548c low-priority \u5de5\u4f5c\u8d1f\u8f7d\u5c06\u5904\u4e8e pending \u72b6\u6001\u3002 \u5f53 high-priority \u5de5\u4f5c\u8d1f\u8f7d\u7ed3\u675f\u540e\uff0c\u6839\u636e\u4f18\u5148\u7ea7\u8c03\u5ea6\u539f\u5219\uff0cmed-priority \u5de5\u4f5c\u8d1f\u8f7d\u5c06\u4f18\u5148\u88ab\u8c03\u5ea6\u3002
\u901a\u8fc7 priority.yaml \u521b\u5efa 3 \u4e2a\u4f18\u5148\u7ea7\u5b9a\u4e49\uff0c\u5206\u522b\u4e3a\uff1ahigh-priority\uff0cmed-priority\uff0clow-priority\u3002
\u67e5\u770b priority.yaml
cat <<EOF | kubectl apply -f - \napiVersion: scheduling.k8s.io/v1 \nkind: PriorityClass \nitems: \n - metadata: \n name: high-priority \n value: 100 \n globalDefault: false \n description: \"This priority class should be used for volcano job only.\" \n - metadata: \n name: med-priority \n value: 50 \n globalDefault: false \n description: \"This priority class should be used for volcano job only.\" \n - metadata: \n name: low-priority \n value: 10 \n globalDefault: false \n description: \"This priority class should be used for volcano job only.\" \nEOF\n
2. \u67e5\u770b\u4f18\u5148\u7ea7\u5b9a\u4e49\u4fe1\u606f\u3002 kubectl get PriorityClass\n
NAME VALUE GLOBAL-DEFAULT AGE \nhigh-priority 100 false 97s \nlow-priority 10 false 97s \nmed-priority 50 false 97s \nsystem-cluster-critical 2000000000 false 6d6h \nsystem-node-critical 2000001000 false 6d6h\n
\u521b\u5efa\u9ad8\u4f18\u5148\u7ea7\u5de5\u4f5c\u8d1f\u8f7d high-priority-job\uff0c\u5360\u7528\u96c6\u7fa4\u7684\u5168\u90e8\u8d44\u6e90\u3002
\u67e5\u770b high-priority-jobcat <<EOF | kubectl apply -f - \napiVersion: batch.volcano.sh/v1alpha1 \nkind: Job \nmetadata: \n name: priority-high \nspec: \n schedulerName: volcano \n minAvailable: 4 \n priorityClassName: high-priority \n tasks: \n - replicas: 4 \n name: \"test\" \n template: \n spec: \n containers: \n - image: alpine \n command: [\"/bin/sh\", \"-c\", \"sleep 1000\"] \n imagePullPolicy: IfNotPresent \n name: running \n resources: \n requests: \n cpu: \"4\" \n restartPolicy: OnFailure \nEOF\n
\u901a\u8fc7 kubectl get pod
\u67e5\u770b Pod\u8fd0\u884c \u4fe1\u606f\uff1a
kubectl get pods\n
NAME READY STATUS RESTARTS AGE \npriority-high-test-0 1/1 Running 0 3s \npriority-high-test-1 1/1 Running 0 3s \npriority-high-test-2 1/1 Running 0 3s \npriority-high-test-3 1/1 Running 0 3s\n
\u6b64\u65f6\uff0c\u96c6\u7fa4\u8282\u70b9\u8d44\u6e90\u5df2\u5168\u90e8\u88ab\u5360\u7528\u3002
\u521b\u5efa\u4e2d\u4f18\u5148\u7ea7\u5de5\u4f5c\u8d1f\u8f7d med-priority-job \u548c\u4f4e\u4f18\u5148\u7ea7\u5de5\u4f5c\u8d1f\u8f7d low-priority-job\u3002
med-priority-jobcat <<EOF | kubectl apply -f - \napiVersion: batch.volcano.sh/v1alpha1 \nkind: Job \nmetadata: \n name: priority-medium \nspec: \n schedulerName: volcano \n minAvailable: 4 \n priorityClassName: med-priority \n tasks: \n - replicas: 4 \n name: \"test\" \n template: \n spec: \n containers: \n - image: alpine \n command: [\"/bin/sh\", \"-c\", \"sleep 1000\"] \n imagePullPolicy: IfNotPresent \n name: running \n resources: \n requests: \n cpu: \"4\" \n restartPolicy: OnFailure \nEOF\n
low-priority-jobcat <<EOF | kubectl apply -f - \napiVersion: batch.volcano.sh/v1alpha1 \nkind: Job \nmetadata: \n name: priority-low \nspec: \n schedulerName: volcano \n minAvailable: 4 \n priorityClassName: low-priority \n tasks: \n - replicas: 4 \n name: \"test\" \n template: \n spec: \n containers: \n - image: alpine \n command: [\"/bin/sh\", \"-c\", \"sleep 1000\"] \n imagePullPolicy: IfNotPresent \n name: running \n resources: \n requests: \n cpu: \"4\" \n restartPolicy: OnFailure \nEOF\n
\u901a\u8fc7 kubectl get pod
\u67e5\u770b Pod \u8fd0\u884c\u4fe1\u606f\uff0c\u96c6\u7fa4\u8d44\u6e90\u4e0d\u8db3\uff0cPod \u5904\u4e8e Pending \u72b6\u6001\uff1a
kubectl get pods\n
NAME READY STATUS RESTARTS AGE \npriority-high-test-0 1/1 Running 0 3m29s \npriority-high-test-1 1/1 Running 0 3m29s \npriority-high-test-2 1/1 Running 0 3m29s \npriority-high-test-3 1/1 Running 0 3m29s \npriority-low-test-0 0/1 Pending 0 2m26s \npriority-low-test-1 0/1 Pending 0 2m26s \npriority-low-test-2 0/1 Pending 0 2m26s \npriority-low-test-3 0/1 Pending 0 2m26s \npriority-medium-test-0 0/1 Pending 0 2m36s \npriority-medium-test-1 0/1 Pending 0 2m36s \npriority-medium-test-2 0/1 Pending 0 2m36s \npriority-medium-test-3 0/1 Pending 0 2m36s\n
\u5220\u9664 high_priority_job \u5de5\u4f5c\u8d1f\u8f7d\uff0c\u91ca\u653e\u96c6\u7fa4\u8d44\u6e90\uff0cmed_priority_job \u4f1a\u88ab\u4f18\u5148\u8c03\u5ea6\u3002 \u6267\u884c kubectl delete -f high_priority_job.yaml
\u91ca\u653e\u96c6\u7fa4\u8d44\u6e90\uff0c\u67e5\u770b Pod \u7684\u8c03\u5ea6\u4fe1\u606f\uff1a
kubectl get pods\n
NAME READY STATUS RESTARTS AGE \npriority-low-test-0 0/1 Pending 0 5m18s \npriority-low-test-1 0/1 Pending 0 5m18s \npriority-low-test-2 0/1 Pending 0 5m18s \npriority-low-test-3 0/1 Pending 0 5m18s \npriority-medium-test-0 1/1 Running 0 5m28s \npriority-medium-test-1 1/1 Running 0 5m28s \npriority-medium-test-2 1/1 Running 0 5m28s \npriority-medium-test-3 1/1 Running 0 5m28s\n
\u968f\u7740 Kubernetes\uff08K8s\uff09\u6210\u4e3a\u4e91\u539f\u751f\u5e94\u7528\u7f16\u6392\u4e0e\u7ba1\u7406\u7684\u9996\u9009\u5e73\u53f0\uff0c\u4f17\u591a\u5e94\u7528\u6b63\u79ef\u6781\u5411 K8s \u8fc1\u79fb\u3002 \u5728\u4eba\u5de5\u667a\u80fd\u4e0e\u673a\u5668\u5b66\u4e60\u9886\u57df\uff0c\u7531\u4e8e\u8fd9\u4e9b\u4efb\u52a1\u901a\u5e38\u6d89\u53ca\u5927\u91cf\u8ba1\u7b97\uff0c\u5f00\u53d1\u8005\u503e\u5411\u4e8e\u5728 Kubernetes \u4e0a\u6784\u5efa AI \u5e73\u53f0\uff0c \u4ee5\u5145\u5206\u5229\u7528\u5176\u5728\u8d44\u6e90\u7ba1\u7406\u3001\u5e94\u7528\u7f16\u6392\u53ca\u8fd0\u7ef4\u76d1\u63a7\u65b9\u9762\u7684\u4f18\u52bf\u3002
\u7136\u800c\uff0cKubernetes \u7684\u9ed8\u8ba4\u8c03\u5ea6\u5668\u4e3b\u8981\u9488\u5bf9\u957f\u671f\u8fd0\u884c\u7684\u670d\u52a1\u8bbe\u8ba1\uff0c\u5bf9\u4e8e AI\u3001\u5927\u6570\u636e\u7b49\u9700\u8981\u6279\u91cf\u548c\u5f39\u6027\u8c03\u5ea6\u7684\u4efb\u52a1\u5b58\u5728\u8bf8\u591a\u4e0d\u8db3\u3002 \u4f8b\u5982\uff0c\u5728\u8d44\u6e90\u7ade\u4e89\u6fc0\u70c8\u7684\u60c5\u51b5\u4e0b\uff0c\u9ed8\u8ba4\u8c03\u5ea6\u5668\u53ef\u80fd\u5bfc\u81f4\u8d44\u6e90\u5206\u914d\u4e0d\u5747\uff0c\u8fdb\u800c\u5f71\u54cd\u4efb\u52a1\u7684\u6b63\u5e38\u6267\u884c\u3002
\u4ee5 TensorFlow \u4f5c\u4e1a\u4e3a\u4f8b\uff0c\u5176\u5305\u542b PS\uff08\u53c2\u6570\u670d\u52a1\u5668\uff09\u548c Worker \u4e24\u79cd\u89d2\u8272\uff0c\u4e24\u8005\u9700\u534f\u540c\u5de5\u4f5c\u624d\u80fd\u5b8c\u6210\u4efb\u52a1\u3002 \u82e5\u4ec5\u90e8\u7f72\u5355\u4e00\u89d2\u8272\uff0c\u4f5c\u4e1a\u5c06\u65e0\u6cd5\u8fd0\u884c\u3002\u800c\u9ed8\u8ba4\u8c03\u5ea6\u5668\u5bf9 Pod \u7684\u8c03\u5ea6\u662f\u9010\u4e2a\u8fdb\u884c\u7684\uff0c\u65e0\u6cd5\u611f\u77e5 TFJob \u4e2d PS \u548c Worker \u7684\u4f9d\u8d56\u5173\u7cfb\u3002 \u5728\u9ad8\u8d1f\u8f7d\u60c5\u51b5\u4e0b\uff0c\u8fd9\u53ef\u80fd\u5bfc\u81f4\u591a\u4e2a\u4f5c\u4e1a\u5404\u81ea\u5206\u914d\u5230\u90e8\u5206\u8d44\u6e90\uff0c\u4f46\u5747\u65e0\u6cd5\u5b8c\u6210\uff0c\u4ece\u800c\u9020\u6210\u8d44\u6e90\u6d6a\u8d39\u3002
"},{"location":"end-user/kpanda/gpu/volcano/volcano_user_guide.html#volcano_1","title":"Volcano \u7684\u8c03\u5ea6\u7b56\u7565\u4f18\u52bf","text":"Volcano \u63d0\u4f9b\u4e86\u591a\u79cd\u8c03\u5ea6\u7b56\u7565\uff0c\u4ee5\u5e94\u5bf9\u4e0a\u8ff0\u6311\u6218\u3002\u5176\u4e2d\uff0cGang-scheduling \u7b56\u7565\u80fd\u786e\u4fdd\u5206\u5e03\u5f0f\u673a\u5668\u5b66\u4e60\u8bad\u7ec3\u8fc7\u7a0b\u4e2d\u591a\u4e2a\u4efb\u52a1\uff08Pod\uff09\u540c\u65f6\u542f\u52a8\uff0c \u907f\u514d\u6b7b\u9501\uff1bPreemption scheduling \u7b56\u7565\u5219\u5141\u8bb8\u9ad8\u4f18\u5148\u7ea7\u4f5c\u4e1a\u5728\u8d44\u6e90\u4e0d\u8db3\u65f6\u62a2\u5360\u4f4e\u4f18\u5148\u7ea7\u4f5c\u4e1a\u7684\u8d44\u6e90\uff0c\u786e\u4fdd\u5173\u952e\u4efb\u52a1\u4f18\u5148\u5b8c\u6210\u3002
\u6b64\u5916\uff0cVolcano \u4e0e Spark\u3001TensorFlow\u3001PyTorch \u7b49\u4e3b\u6d41\u8ba1\u7b97\u6846\u67b6\u65e0\u7f1d\u5bf9\u63a5\uff0c\u5e76\u652f\u6301 CPU \u548c GPU \u7b49\u5f02\u6784\u8bbe\u5907\u7684\u6df7\u5408\u8c03\u5ea6\uff0c\u4e3a AI \u8ba1\u7b97\u4efb\u52a1\u63d0\u4f9b\u4e86\u5168\u9762\u7684\u4f18\u5316\u652f\u6301\u3002
\u63a5\u4e0b\u6765\uff0c\u6211\u4eec\u5c06\u4ecb\u7ecd\u5982\u4f55\u5b89\u88c5\u548c\u4f7f\u7528 Volcano\uff0c\u4ee5\u4fbf\u60a8\u80fd\u591f\u5145\u5206\u5229\u7528\u5176\u8c03\u5ea6\u7b56\u7565\u4f18\u52bf\uff0c\u4f18\u5316 AI \u8ba1\u7b97\u4efb\u52a1\u3002
"},{"location":"end-user/kpanda/gpu/volcano/volcano_user_guide.html#volcano_2","title":"\u5b89\u88c5 Volcano","text":"\u5728 \u96c6\u7fa4\u8be6\u60c5 -> Helm \u5e94\u7528 -> Helm \u6a21\u677f \u4e2d\u627e\u5230 Volcano \u5e76\u5b89\u88c5\u3002
\u68c0\u67e5\u5e76\u786e\u8ba4 Volcano \u662f\u5426\u5b89\u88c5\u5b8c\u6210\uff0c\u5373 volcano-admission\u3001volcano-controllers\u3001volcano-scheduler \u7ec4\u4ef6\u662f\u5426\u6b63\u5e38\u8fd0\u884c\u3002
\u901a\u5e38 Volcano \u4f1a\u548c AI Lab \u5e73\u53f0\u914d\u5408\u4f7f\u7528\uff0c\u4ee5\u5b9e\u73b0\u6570\u636e\u96c6\u3001Notebook\u3001\u4efb\u52a1\u8bad\u7ec3\u7684\u6574\u4e2a\u5f00\u53d1\u3001\u8bad\u7ec3\u6d41\u7a0b\u7684\u6709\u6548\u95ed\u73af\u3002
"},{"location":"end-user/kpanda/helm/index.html","title":"Helm \u6a21\u677f","text":"Helm \u662f Kubernetes \u7684\u5305\u7ba1\u7406\u5de5\u5177\uff0c\u65b9\u4fbf\u7528\u6237\u5feb\u901f\u53d1\u73b0\u3001\u5171\u4eab\u548c\u4f7f\u7528 Kubernetes \u6784\u5efa\u7684\u5e94\u7528\u3002\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u63d0\u4f9b\u4e86\u4e0a\u767e\u4e2a Helm \u6a21\u677f\uff0c\u6db5\u76d6\u5b58\u50a8\u3001\u7f51\u7edc\u3001\u76d1\u63a7\u3001\u6570\u636e\u5e93\u7b49\u4e3b\u8981\u573a\u666f\u3002\u501f\u52a9\u8fd9\u4e9b\u6a21\u677f\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7 UI \u754c\u9762\u5feb\u901f\u90e8\u7f72\u3001\u4fbf\u6377\u7ba1\u7406 Helm \u5e94\u7528\u3002\u6b64\u5916\uff0c\u652f\u6301\u901a\u8fc7\u6dfb\u52a0 Helm \u4ed3\u5e93 \u6dfb\u52a0\u66f4\u591a\u7684\u4e2a\u6027\u5316\u6a21\u677f\uff0c\u6ee1\u8db3\u591a\u6837\u9700\u6c42\u3002
\u5173\u952e\u6982\u5ff5\uff1a
\u4f7f\u7528 Helm \u65f6\u9700\u8981\u4e86\u89e3\u4ee5\u4e0b\u51e0\u4e2a\u5173\u952e\u6982\u5ff5\uff1a
Chart\uff1a\u4e00\u4e2a Helm \u5b89\u88c5\u5305\uff0c\u5176\u4e2d\u5305\u542b\u4e86\u8fd0\u884c\u4e00\u4e2a\u5e94\u7528\u6240\u9700\u8981\u7684\u955c\u50cf\u3001\u4f9d\u8d56\u548c\u8d44\u6e90\u5b9a\u4e49\u7b49\uff0c\u8fd8\u53ef\u80fd\u5305\u542b Kubernetes \u96c6\u7fa4\u4e2d\u7684\u670d\u52a1\u5b9a\u4e49\uff0c\u7c7b\u4f3c Homebrew \u4e2d\u7684 formula\u3001APT \u7684 dpkg \u6216\u8005 Yum \u7684 rpm \u6587\u4ef6\u3002Chart \u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4e2d\u79f0\u4e3a Helm \u6a21\u677f \u3002
Release\uff1a\u5728 Kubernetes \u96c6\u7fa4\u4e0a\u8fd0\u884c\u7684\u4e00\u4e2a Chart \u5b9e\u4f8b\u3002\u4e00\u4e2a Chart \u53ef\u4ee5\u5728\u540c\u4e00\u4e2a\u96c6\u7fa4\u5185\u591a\u6b21\u5b89\u88c5\uff0c\u6bcf\u6b21\u5b89\u88c5\u90fd\u4f1a\u521b\u5efa\u4e00\u4e2a\u65b0\u7684 Release\u3002Release \u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4e2d\u79f0\u4e3a Helm \u5e94\u7528 \u3002
Repository\uff1a\u7528\u4e8e\u53d1\u5e03\u548c\u5b58\u50a8 Chart \u7684\u5b58\u50a8\u5e93\u3002Repository \u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4e2d\u79f0\u4e3a Helm \u4ed3\u5e93\u3002
\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u524d\u5f80 Helm \u5b98\u7f51\u67e5\u770b\u3002
\u76f8\u5173\u64cd\u4f5c\uff1a
\u672c\u6587\u4ece\u79bb\u7ebf\u548c\u5728\u7ebf\u4e24\u79cd\u73af\u5883\u8bf4\u660e\u5982\u4f55\u5c06 Helm \u5e94\u7528\u5bfc\u5165\u5230\u7cfb\u7edf\u5185\u7f6e\u7684 Addon \u4e2d\u3002
"},{"location":"end-user/kpanda/helm/Import-addon.html#_1","title":"\u79bb\u7ebf\u73af\u5883","text":"\u79bb\u7ebf\u73af\u5883\u6307\u7684\u662f\u65e0\u6cd5\u8fde\u901a\u4e92\u8054\u7f51\u6216\u5c01\u95ed\u7684\u79c1\u6709\u7f51\u7edc\u73af\u5883\u3002
"},{"location":"end-user/kpanda/helm/Import-addon.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":".relok8s-images.yaml
\u6587\u4ef6\u3002\u8be5\u6587\u4ef6\u9700\u8981\u5305\u542b Chart \u4e2d\u6240\u6709\u4f7f\u7528\u5230\u955c\u50cf\uff0c \u4e5f\u53ef\u4ee5\u5305\u542b Chart \u4e2d\u672a\u76f4\u63a5\u4f7f\u7528\u7684\u955c\u50cf\uff0c\u7c7b\u4f3c Operator \u4e2d\u4f7f\u7528\u7684\u955c\u50cf\u3002Note
\u5bb9\u5668\u7ba1\u7406
-> Helm \u5e94\u7528
-> Helm \u4ed3\u5e93
\uff0c\u641c\u7d22 addon\uff0c\u83b7\u53d6\u5185\u7f6e\u4ed3\u5e93\u5730\u5740\u548c\u7528\u6237\u540d/\u5bc6\u7801\uff08\u7cfb\u7edf\u5185\u7f6e\u4ed3\u5e93\u9ed8\u8ba4\u7528\u6237\u540d/\u5bc6\u7801\u4e3a rootuser/rootpass123\uff09\u3002\u540c\u6b65 Helm Chart \u5230\u5bb9\u5668\u7ba1\u7406\u5185\u7f6e\u4ed3\u5e93 Addon
\u7f16\u5199\u5982\u4e0b\u914d\u7f6e\u6587\u4ef6\uff0c\u53ef\u4ee5\u6839\u636e\u5177\u4f53\u914d\u7f6e\u4fee\u6539\uff0c\u5e76\u4fdd\u5b58\u4e3a sync-dao-2048.yaml
\u3002
source: # helm charts \u6e90\u4fe1\u606f\n repo:\n kind: HARBOR # \u4e5f\u53ef\u4ee5\u662f\u4efb\u4f55\u5176\u4ed6\u652f\u6301\u7684 Helm Chart \u4ed3\u5e93\u7c7b\u522b\uff0c\u6bd4\u5982 CHARTMUSEUM\n url: https://release-ci.daocloud.io/chartrepo/community # \u9700\u66f4\u6539\u4e3a chart repo url\n #auth: # \u7528\u6237\u540d/\u5bc6\u7801,\u82e5\u6ca1\u6709\u8bbe\u7f6e\u5bc6\u7801\u53ef\u4ee5\u4e0d\u586b\u5199\n #username: \"admin\"\n #password: \"Harbor12345\"\ncharts: # \u9700\u8981\u540c\u6b65\n - name: dao-2048 # helm charts \u4fe1\u606f\uff0c\u82e5\u4e0d\u586b\u5199\u5219\u540c\u6b65\u6e90 helm repo \u5185\u6240\u6709 charts\n versions:\n - 1.4.1\ntarget: # helm charts \u76ee\u6807\u4fe1\u606f\n containerRegistry: 10.5.14.40 # \u955c\u50cf\u4ed3\u5e93 url\n repo:\n kind: CHARTMUSEUM # \u4e5f\u53ef\u4ee5\u662f\u4efb\u4f55\u5176\u4ed6\u652f\u6301\u7684 Helm Chart \u4ed3\u5e93\u7c7b\u522b\uff0c\u6bd4\u5982 HARBOR\n url: http://10.5.14.40:8081 # \u9700\u66f4\u6539\u4e3a\u6b63\u786e chart repo url\uff0c\u53ef\u4ee5\u901a\u8fc7 helm repo add $HELM-REPO \u9a8c\u8bc1\u5730\u5740\u662f\u5426\u6b63\u786e\n auth: # \u7528\u6237\u540d/\u5bc6\u7801\uff0c\u82e5\u6ca1\u6709\u8bbe\u7f6e\u5bc6\u7801\u53ef\u4ee5\u4e0d\u586b\u5199\n username: \"rootuser\"\n password: \"rootpass123\"\n containers:\n # kind: HARBOR # \u82e5\u955c\u50cf\u4ed3\u5e93\u4e3a HARBOR \u4e14\u5e0c\u671b charts-syncer \u81ea\u52a8\u521b\u5efa\u955c\u50cf Repository \u5219\u586b\u5199\u8be5\u5b57\u6bb5 \n # auth: # \u7528\u6237\u540d/\u5bc6\u7801\uff0c\u82e5\u6ca1\u6709\u8bbe\u7f6e\u5bc6\u7801\u53ef\u4ee5\u4e0d\u586b\u5199 \n # username: \"admin\"\n # password: \"Harbor12345\"\n\n# leverage .relok8s-images.yaml file inside the Charts to move the container images too\nrelocateContainerImages: true\n
\u6267\u884c charts-syncer \u547d\u4ee4\u540c\u6b65 Chart \u53ca\u5176\u5305\u542b\u7684\u955c\u50cf
charts-syncer sync --config sync-dao-2048.yaml --insecure --auto-create-repository\n
\u9884\u671f\u8f93\u51fa\u4e3a\uff1a
I1222 15:01:47.119777 8743 sync.go:45] Using config file: \"examples/sync-dao-2048.yaml\"\nW1222 15:01:47.234238 8743 syncer.go:263] Ignoring skipDependencies option as dependency sync is not supported if container image relocation is true or syncing from/to intermediate directory\nI1222 15:01:47.234685 8743 sync.go:58] There is 1 chart out of sync!\nI1222 15:01:47.234706 8743 sync.go:66] Syncing \"dao-2048_1.4.1\" chart...\n.relok8s-images.yaml hints file found\nComputing relocation...\n\nRelocating dao-2048@1.4.1...\nPushing 10.5.14.40/daocloud/dao-2048:v1.4.1...\nDone\nDone moving /var/folders/vm/08vw0t3j68z9z_4lcqyhg8nm0000gn/T/charts-syncer869598676/dao-2048-1.4.1.tgz\n
\u5f85\u4e0a\u4e00\u6b65\u6267\u884c\u5b8c\u6210\u540e\uff0c\u8fdb\u5165\u5bb9\u5668\u7ba1\u7406
-> Helm \u5e94\u7528
-> Helm \u4ed3\u5e93
\uff0c\u627e\u5230\u5bf9\u5e94 Addon\uff0c \u5728\u64cd\u4f5c\u680f\u70b9\u51fb\u540c\u6b65\u4ed3\u5e93
\uff0c\u56de\u5230 Helm \u6a21\u677f\u5c31\u53ef\u4ee5\u770b\u5230\u4e0a\u4f20\u7684 Helm \u5e94\u7528
\u540e\u7eed\u53ef\u6b63\u5e38\u8fdb\u884c\u5b89\u88c5\u3001\u5347\u7ea7\u3001\u5378\u8f7d
\u5728\u7ebf\u73af\u5883\u7684 Helm Repo \u5730\u5740\u4e3a release.daocloud.io
\u3002 \u5982\u679c\u7528\u6237\u65e0\u6743\u9650\u6dfb\u52a0 Helm Repo\uff0c\u5219\u65e0\u6cd5\u5c06\u81ea\u5b9a\u4e49 Helm \u5e94\u7528\u5bfc\u5165\u7cfb\u7edf\u5185\u7f6e Addon\u3002 \u60a8\u53ef\u4ee5\u6dfb\u52a0\u81ea\u5df1\u642d\u5efa\u7684 Helm \u4ed3\u5e93\uff0c\u7136\u540e\u6309\u7167\u79bb\u7ebf\u73af\u5883\u4e2d\u540c\u6b65 Helm Chart \u7684\u6b65\u9aa4\u5c06\u60a8\u7684 Helm \u4ed3\u5e93\u96c6\u6210\u5230\u5e73\u53f0\u4f7f\u7528\u3002
\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u652f\u6301\u5bf9 Helm \u8fdb\u884c\u754c\u9762\u5316\u7ba1\u7406\uff0c\u5305\u62ec\u4f7f\u7528 Helm \u6a21\u677f\u521b\u5efa Helm \u5b9e\u4f8b\u3001\u81ea\u5b9a\u4e49 Helm \u5b9e\u4f8b\u53c2\u6570\u3001\u5bf9 Helm \u5b9e\u4f8b\u8fdb\u884c\u5168\u751f\u547d\u5468\u671f\u7ba1\u7406\u7b49\u529f\u80fd\u3002
\u672c\u8282\u5c06\u4ee5 cert-manager \u4e3a\u4f8b\uff0c\u4ecb\u7ecd\u5982\u4f55\u901a\u8fc7\u5bb9\u5668\u7ba1\u7406\u754c\u9762\u521b\u5efa\u5e76\u7ba1\u7406 Helm \u5e94\u7528\u3002
"},{"location":"end-user/kpanda/helm/helm-app.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u5df2\u63a5\u5165 Kubernetes \u96c6\u7fa4\u6216\u8005\u5df2\u521b\u5efa Kubernetes \u96c6\u7fa4\uff0c\u4e14\u80fd\u591f\u8bbf\u95ee\u96c6\u7fa4\u7684 UI \u754c\u9762\u3002
\u5df2\u5b8c\u6210\u4e00\u4e2a\u547d\u540d\u7a7a\u95f4\u7684\u521b\u5efa\u3001\u7528\u6237\u7684\u521b\u5efa\uff0c\u5e76\u4e3a\u7528\u6237\u6388\u4e88 NS Admin \u6216\u66f4\u9ad8\u6743\u9650\uff0c\u8be6\u60c5\u53ef\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u6388\u6743\u3002
\u53c2\u7167\u4ee5\u4e0b\u6b65\u9aa4\u5b89\u88c5 Helm \u5e94\u7528\u3002
\u70b9\u51fb\u4e00\u4e2a\u96c6\u7fa4\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\uff0c\u4f9d\u6b21\u70b9\u51fb Helm \u5e94\u7528 -> Helm \u6a21\u677f \uff0c\u8fdb\u5165 Helm \u6a21\u677f\u9875\u9762\u3002
\u5728 Helm \u6a21\u677f\u9875\u9762\u9009\u62e9\u540d\u4e3a addon \u7684 Helm \u4ed3\u5e93\uff0c\u6b64\u65f6\u754c\u9762\u4e0a\u5c06\u5448\u73b0 addon \u4ed3\u5e93\u4e0b\u6240\u6709\u7684 Helm chart \u6a21\u677f\u3002 \u70b9\u51fb\u540d\u79f0\u4e3a cert-manager \u7684 Chart\u3002
\u5728\u5b89\u88c5\u9875\u9762\uff0c\u80fd\u591f\u770b\u5230 Chart \u7684\u76f8\u5173\u8be6\u7ec6\u4fe1\u606f\uff0c\u5728\u754c\u9762\u53f3\u4e0a\u89d2\u9009\u62e9\u9700\u8981\u5b89\u88c5\u7684\u7248\u672c\uff0c\u70b9\u51fb \u5b89\u88c5 \u6309\u94ae\u3002\u6b64\u5904\u9009\u62e9 v1.9.1 \u7248\u672c\u8fdb\u884c\u5b89\u88c5\u3002
\u914d\u7f6e \u540d\u79f0 \u3001 \u547d\u540d\u7a7a\u95f4 \u53ca \u7248\u672c\u4fe1\u606f \uff0c\u4e5f\u53ef\u4ee5\u5728\u4e0b\u65b9\u7684 \u53c2\u6570\u914d\u7f6e \u533a\u57df\u901a\u8fc7\u4fee\u6539 YAML \u6765\u81ea\u5b9a\u4e49\u53c2\u6570\u3002\u70b9\u51fb \u786e\u5b9a \u3002
\u7cfb\u7edf\u5c06\u81ea\u52a8\u8fd4\u56de Helm \u5e94\u7528\u5217\u8868\uff0c\u65b0\u521b\u5efa\u7684 Helm \u5e94\u7528\u72b6\u6001\u4e3a \u5b89\u88c5\u4e2d \uff0c\u7b49\u5f85\u4e00\u6bb5\u65f6\u95f4\u540e\u72b6\u6001\u53d8\u4e3a \u8fd0\u884c\u4e2d \u3002
\u5f53\u6211\u4eec\u901a\u8fc7\u754c\u9762\u5b8c\u6210\u4e00\u4e2a Helm \u5e94\u7528\u7684\u5b89\u88c5\u540e\uff0c\u6211\u4eec\u53ef\u4ee5\u5bf9 Helm \u5e94\u7528\u6267\u884c\u66f4\u65b0\u64cd\u4f5c\u3002\u6ce8\u610f\uff1a\u53ea\u6709\u901a\u8fc7\u754c\u9762\u5b89\u88c5\u7684 Helm \u5e94\u7528\u624d\u652f\u6301\u4f7f\u7528\u754c\u9762\u8fdb\u884c\u66f4\u65b0\u64cd\u4f5c\u3002
\u53c2\u7167\u4ee5\u4e0b\u6b65\u9aa4\u66f4\u65b0 Helm \u5e94\u7528\u3002
\u70b9\u51fb\u4e00\u4e2a\u96c6\u7fa4\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\uff0c\u70b9\u51fb Helm \u5e94\u7528 \uff0c\u8fdb\u5165 Helm \u5e94\u7528\u5217\u8868\u9875\u9762\u3002
\u5728 Helm \u5e94\u7528\u5217\u8868\u9875\u9009\u62e9\u9700\u8981\u66f4\u65b0\u7684 Helm \u5e94\u7528\uff0c\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507 \u64cd\u4f5c\u6309\u94ae\uff0c\u5728\u4e0b\u62c9\u9009\u62e9\u4e2d\u9009\u62e9 \u66f4\u65b0 \u64cd\u4f5c\u3002
\u70b9\u51fb \u66f4\u65b0 \u6309\u94ae\u540e\uff0c\u7cfb\u7edf\u5c06\u8df3\u8f6c\u81f3\u66f4\u65b0\u754c\u9762\uff0c\u60a8\u53ef\u4ee5\u6839\u636e\u9700\u8981\u5bf9 Helm \u5e94\u7528\u8fdb\u884c\u66f4\u65b0\uff0c\u6b64\u5904\u6211\u4eec\u4ee5\u66f4\u65b0 dao-2048 \u8fd9\u4e2a\u5e94\u7528\u7684 http \u7aef\u53e3\u4e3a\u4f8b\u3002
\u4fee\u6539\u5b8c\u76f8\u5e94\u53c2\u6570\u540e\u3002\u60a8\u53ef\u4ee5\u5728\u53c2\u6570\u914d\u7f6e\u4e0b\u70b9\u51fb \u53d8\u5316 \u6309\u94ae\uff0c\u5bf9\u6bd4\u4fee\u6539\u524d\u540e\u7684\u6587\u4ef6\uff0c\u786e\u5b9a\u65e0\u8bef\u540e\uff0c\u70b9\u51fb\u5e95\u90e8 \u786e\u5b9a \u6309\u94ae\uff0c\u5b8c\u6210 Helm \u5e94\u7528\u7684\u66f4\u65b0\u3002
\u7cfb\u7edf\u5c06\u81ea\u52a8\u8fd4\u56de Helm \u5e94\u7528\u5217\u8868\uff0c\u53f3\u4e0a\u89d2\u5f39\u7a97\u63d0\u793a \u66f4\u65b0\u6210\u529f \u3002
Helm \u5e94\u7528\u7684\u6bcf\u6b21\u5b89\u88c5\u3001\u66f4\u65b0\u3001\u5220\u9664\u90fd\u6709\u8be6\u7ec6\u7684\u64cd\u4f5c\u8bb0\u5f55\u548c\u65e5\u5fd7\u53ef\u4f9b\u67e5\u770b\u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\uff0c\u4f9d\u6b21\u70b9\u51fb \u96c6\u7fa4\u8fd0\u7ef4 -> \u6700\u8fd1\u64cd\u4f5c \uff0c\u7136\u540e\u5728\u9875\u9762\u4e0a\u65b9\u9009\u62e9 Helm \u64cd\u4f5c \u6807\u7b7e\u9875\u3002\u6bcf\u4e00\u6761\u8bb0\u5f55\u5bf9\u5e94\u4e00\u6b21\u5b89\u88c5/\u66f4\u65b0/\u5220\u9664\u64cd\u4f5c\u3002
\u5982\u9700\u67e5\u770b\u6bcf\u4e00\u6b21\u64cd\u4f5c\u7684\u8be6\u7ec6\u65e5\u5fd7\uff1a\u5728\u5217\u8868\u53f3\u4fa7\u70b9\u51fb \u2507 \uff0c\u5728\u5f39\u51fa\u83dc\u5355\u4e2d\u9009\u62e9 \u65e5\u5fd7 \u3002
\u6b64\u65f6\u9875\u9762\u4e0b\u65b9\u5c06\u4ee5\u63a7\u5236\u53f0\u7684\u5f62\u5f0f\u5c55\u793a\u8be6\u7ec6\u7684\u8fd0\u884c\u65e5\u5fd7\u3002
\u53c2\u7167\u4ee5\u4e0b\u6b65\u9aa4\u5220\u9664 Helm \u5e94\u7528\u3002
\u627e\u5230\u5f85\u5220\u9664\u7684 Helm \u5e94\u7528\u6240\u5728\u7684\u96c6\u7fa4\uff0c\u70b9\u51fb\u96c6\u7fa4\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\uff0c\u70b9\u51fb Helm \u5e94\u7528 \uff0c\u8fdb\u5165 Helm \u5e94\u7528\u5217\u8868\u9875\u9762\u3002
\u5728 Helm \u5e94\u7528\u5217\u8868\u9875\u9009\u62e9\u60a8\u9700\u8981\u5220\u9664\u7684 Helm \u5e94\u7528\uff0c\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507 \u64cd\u4f5c\u6309\u94ae\uff0c\u5728\u4e0b\u62c9\u9009\u62e9\u4e2d\u9009\u62e9 \u5220\u9664 \u3002
\u5728\u5f39\u7a97\u5185\u8f93\u5165 Helm \u5e94\u7528\u7684\u540d\u79f0\u8fdb\u884c\u786e\u8ba4\uff0c\u7136\u540e\u70b9\u51fb \u5220\u9664 \u6309\u94ae\u3002
Helm \u4ed3\u5e93\u662f\u7528\u6765\u5b58\u50a8\u548c\u53d1\u5e03 Chart \u7684\u5b58\u50a8\u5e93\u3002Helm \u5e94\u7528\u6a21\u5757\u652f\u6301\u901a\u8fc7 HTTP(s) \u534f\u8bae\u6765\u8bbf\u95ee\u5b58\u50a8\u5e93\u4e2d\u7684 Chart \u5305\u3002\u7cfb\u7edf\u9ed8\u8ba4\u5185\u7f6e\u4e86\u4e0b\u8868\u6240\u793a\u7684 4 \u4e2a Helm \u4ed3\u5e93\u4ee5\u6ee1\u8db3\u4f01\u4e1a\u751f\u4ea7\u8fc7\u7a0b\u4e2d\u7684\u5e38\u89c1\u9700\u6c42\u3002
\u4ed3\u5e93 \u63cf\u8ff0 \u793a\u4f8b partner \u7531\u751f\u6001\u5408\u4f5c\u4f19\u4f34\u6240\u63d0\u4f9b\u7684\u5404\u7c7b\u4f18\u8d28\u7279\u8272 Chart tidb system \u7cfb\u7edf\u6838\u5fc3\u529f\u80fd\u7ec4\u4ef6\u53ca\u90e8\u5206\u9ad8\u7ea7\u529f\u80fd\u6240\u5fc5\u9700\u4f9d\u8d56\u7684 Chart\uff0c\u5982\u5fc5\u9700\u5b89\u88c5 insight-agent \u624d\u80fd\u591f\u83b7\u53d6\u96c6\u7fa4\u7684\u76d1\u63a7\u4fe1\u606f Insight addon \u4e1a\u52a1\u573a\u666f\u4e2d\u5e38\u89c1\u7684 Chart cert-manager community Kubernetes \u793e\u533a\u8f83\u4e3a\u70ed\u95e8\u7684\u5f00\u6e90\u7ec4\u4ef6 Chart Istio\u9664\u4e0a\u8ff0\u9884\u7f6e\u4ed3\u5e93\u5916\uff0c\u60a8\u4e5f\u53ef\u4ee5\u81ea\u884c\u6dfb\u52a0\u7b2c\u4e09\u65b9 Helm \u4ed3\u5e93\u3002\u672c\u6587\u5c06\u4ecb\u7ecd\u5982\u4f55\u6dfb\u52a0\u3001\u66f4\u65b0\u7b2c\u4e09\u65b9 Helm \u4ed3\u5e93\u3002
"},{"location":"end-user/kpanda/helm/helm-repo.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u5df2\u63a5\u5165 Kubernetes \u96c6\u7fa4\u6216\u8005\u5df2\u521b\u5efa Kubernetes \u96c6\u7fa4\uff0c\u4e14\u80fd\u591f\u8bbf\u95ee\u96c6\u7fa4\u7684 UI \u754c\u9762
\u5df2\u5b8c\u6210\u4e00\u4e2a\u547d\u540d\u7a7a\u95f4\u7684\u521b\u5efa\u3001\u7528\u6237\u7684\u521b\u5efa\uff0c\u5e76\u4e3a\u7528\u6237\u6388\u4e88 NS Admin \u6216\u66f4\u9ad8\u6743\u9650 \uff0c\u8be6\u60c5\u53ef\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u6388\u6743\u3002
\u5982\u679c\u4f7f\u7528\u79c1\u6709\u4ed3\u5e93\uff0c\u5f53\u524d\u64cd\u4f5c\u7528\u6237\u5e94\u62e5\u6709\u5bf9\u8be5\u79c1\u6709\u4ed3\u5e93\u7684\u8bfb\u5199\u6743\u9650\u3002
\u4e0b\u9762\u4ee5 Kubevela \u516c\u5f00\u7684\u955c\u50cf\u4ed3\u5e93\u4e3a\u4f8b\uff0c\u5f15\u5165 Helm \u4ed3\u5e93\u5e76\u7ba1\u7406\u3002
\u627e\u5230\u9700\u8981\u5f15\u5165\u7b2c\u4e09\u65b9 Helm \u4ed3\u5e93\u7684\u96c6\u7fa4\uff0c\u70b9\u51fb\u96c6\u7fa4\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\uff0c\u4f9d\u6b21\u70b9\u51fb Helm \u5e94\u7528 -> Helm \u4ed3\u5e93 \uff0c\u8fdb\u5165 Helm \u4ed3\u5e93\u9875\u9762\u3002
\u5728 Helm \u4ed3\u5e93\u9875\u9762\u70b9\u51fb \u521b\u5efa\u4ed3\u5e93 \u6309\u94ae\uff0c\u8fdb\u5165\u521b\u5efa\u4ed3\u5e93\u9875\u9762\uff0c\u6309\u7167\u4e0b\u8868\u914d\u7f6e\u76f8\u5173\u53c2\u6570\u3002
\u70b9\u51fb \u786e\u5b9a \uff0c\u5b8c\u6210 Helm \u4ed3\u5e93\u7684\u521b\u5efa\u3002\u9875\u9762\u4f1a\u81ea\u52a8\u8df3\u8f6c\u81f3 Helm \u4ed3\u5e93\u5217\u8868\u3002
\u5f53 Helm \u4ed3\u5e93\u7684\u5730\u5740\u4fe1\u606f\u53d1\u751f\u53d8\u5316\u65f6\uff0c\u53ef\u4ee5\u66f4\u65b0 Helm \u4ed3\u5e93\u7684\u5730\u5740\u3001\u8ba4\u8bc1\u65b9\u5f0f\u3001\u6807\u7b7e\u3001\u6ce8\u89e3\u53ca\u63cf\u8ff0\u4fe1\u606f\u3002
\u627e\u5230\u5f85\u66f4\u65b0\u4ed3\u5e93\u6240\u5728\u7684\u96c6\u7fa4\uff0c\u70b9\u51fb\u96c6\u7fa4\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\uff0c\u4f9d\u6b21\u70b9\u51fb Helm \u5e94\u7528 -> Helm \u4ed3\u5e93 \uff0c\u8fdb\u5165 Helm \u4ed3\u5e93\u5217\u8868\u9875\u9762\u3002
\u5728\u4ed3\u5e93\u5217\u8868\u9875\u9762\u627e\u5230\u9700\u8981\u66f4\u65b0\u7684 Helm \u4ed3\u5e93\uff0c\u5728\u5217\u8868\u53f3\u4fa7\u70b9\u51fb \u2507 \u6309\u94ae\uff0c\u5728\u5f39\u51fa\u83dc\u5355\u4e2d\u70b9\u51fb \u66f4\u65b0 \u3002
\u5728 \u7f16\u8f91 Helm \u4ed3\u5e93 \u9875\u9762\u8fdb\u884c\u66f4\u65b0\uff0c\u5b8c\u6210\u540e\u70b9\u51fb \u786e\u5b9a \u3002
\u8fd4\u56de Helm \u4ed3\u5e93\u5217\u8868\uff0c\u5c4f\u5e55\u63d0\u793a\u66f4\u65b0\u6210\u529f\u3002
\u9664\u4e86\u5f15\u5165\u3001\u66f4\u65b0\u4ed3\u5e93\u5916\uff0c\u60a8\u4e5f\u53ef\u4ee5\u5c06\u4e0d\u9700\u8981\u7684\u4ed3\u5e93\u5220\u9664\uff0c\u5305\u62ec\u7cfb\u7edf\u9884\u7f6e\u4ed3\u5e93\u548c\u7b2c\u4e09\u65b9\u4ed3\u5e93\u3002
\u627e\u5230\u5f85\u5220\u9664\u4ed3\u5e93\u6240\u5728\u7684\u96c6\u7fa4\uff0c\u70b9\u51fb\u96c6\u7fa4\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\uff0c\u4f9d\u6b21\u70b9\u51fb Helm \u5e94\u7528 -> Helm \u4ed3\u5e93 \uff0c\u8fdb\u5165 Helm \u4ed3\u5e93\u5217\u8868\u9875\u9762\u3002
\u5728\u4ed3\u5e93\u5217\u8868\u9875\u9762\u627e\u5230\u9700\u8981\u66f4\u65b0\u7684 Helm \u4ed3\u5e93\uff0c\u5728\u5217\u8868\u53f3\u4fa7\u70b9\u51fb \u2507 \u6309\u94ae\uff0c\u5728\u5f39\u51fa\u83dc\u5355\u4e2d\u70b9\u51fb \u5220\u9664 \u3002
\u8f93\u5165\u4ed3\u5e93\u540d\u79f0\u8fdb\u884c\u786e\u8ba4\uff0c\u70b9\u51fb \u5220\u9664 \u3002
\u8fd4\u56de Helm \u4ed3\u5e93\u5217\u8868\uff0c\u5c4f\u5e55\u63d0\u793a\u5220\u9664\u6210\u529f\u3002
\u901a\u5e38\u5728\u591a\u67b6\u6784\u96c6\u7fa4\u4e2d\uff0c\u4e5f\u4f1a\u4f7f\u7528\u591a\u67b6\u6784\u7684 Helm \u5305\u6765\u90e8\u7f72\u5e94\u7528\uff0c\u4ee5\u89e3\u51b3\u67b6\u6784\u5dee\u5f02\u5e26\u6765\u7684\u90e8\u7f72\u95ee\u9898\u3002 \u672c\u6587\u5c06\u4ecb\u7ecd\u5982\u4f55\u5c06\u5355\u67b6\u6784 Helm \u5e94\u7528\u878d\u5408\u4e3a\u591a\u67b6\u6784\uff0c\u4ee5\u53ca\u591a\u67b6\u6784\u4e0e\u591a\u67b6\u6784 Helm \u5e94\u7528\u7684\u76f8\u4e92\u878d\u5408\u3002
"},{"location":"end-user/kpanda/helm/multi-archi-helm.html#_1","title":"\u5bfc\u5165","text":""},{"location":"end-user/kpanda/helm/multi-archi-helm.html#_2","title":"\u5355\u67b6\u6784\u5bfc\u5165","text":"\u51c6\u5907\u597d\u5f85\u5bfc\u5165\u7684\u79bb\u7ebf\u5305 addon-offline-full-package-${version}-${arch}.tar.gz
\u3002 \u628a\u8def\u5f84\u586b\u5199\u81f3 clusterConfig.yml \u914d\u7f6e\u6587\u4ef6\uff0c\u4f8b\u5982\uff1a
addonPackage:\n path: \"/home/addon-offline-full-package-v0.9.0-amd64.tar.gz\"\n
\u7136\u540e\u6267\u884c\u5bfc\u5165\u547d\u4ee4\uff1a
~/dce5-installer cluster-create -c /home/dce5/sample/clusterConfig.yaml -m /home/dce5/sample/manifest.yaml -d -j13\n
"},{"location":"end-user/kpanda/helm/multi-archi-helm.html#_3","title":"\u591a\u67b6\u6784\u878d\u5408","text":"\u51c6\u5907\u597d\u5f85\u878d\u5408\u7684\u79bb\u7ebf\u5305 addon-offline-full-package-${version}-${arch}.tar.gz
\u3002
\u4ee5 addon-offline-full-package-v0.9.0-arm64.tar.gz \u4e3a\u4f8b\uff0c\u6267\u884c\u5bfc\u5165\u547d\u4ee4\uff1a
~/dce5-installer import-addon -c /home/dce5/sample/clusterConfig.yaml --addon-path=/home/addon-offline-full-package-v0.9.0-arm64.tar.gz\n
"},{"location":"end-user/kpanda/helm/multi-archi-helm.html#_4","title":"\u5347\u7ea7","text":""},{"location":"end-user/kpanda/helm/multi-archi-helm.html#_5","title":"\u5355\u67b6\u6784\u5347\u7ea7","text":"\u51c6\u5907\u597d\u5f85\u5bfc\u5165\u7684\u79bb\u7ebf\u5305 addon-offline-full-package-${version}-${arch}.tar.gz
\u3002
\u628a\u8def\u5f84\u586b\u5199\u81f3 clusterConfig.yml \u914d\u7f6e\u6587\u4ef6\uff0c\u4f8b\u5982\uff1a
addonPackage:\n path: \"/home/addon-offline-full-package-v0.11.0-amd64.tar.gz\"\n
\u7136\u540e\u6267\u884c\u5bfc\u5165\u547d\u4ee4\uff1a
~/dce5-installer cluster-create -c /home/dce5/sample/clusterConfig.yaml -m /home/dce5/sample/manifest.yaml -d -j13\n
"},{"location":"end-user/kpanda/helm/multi-archi-helm.html#_6","title":"\u591a\u67b6\u6784\u878d\u5408","text":"\u51c6\u5907\u597d\u5f85\u878d\u5408\u7684\u79bb\u7ebf\u5305 addon-offline-full-package-${version}-${arch}.tar.gz
\u3002
\u4ee5 addon-offline-full-package-v0.11.0-arm64.tar.gz \u4e3a\u4f8b\uff0c\u6267\u884c\u5bfc\u5165\u547d\u4ee4\uff1a
~/dce5-installer import-addon -c /home/dce5/sample/clusterConfig.yaml --addon-path=/home/addon-offline-full-package-v0.11.0-arm64.tar.gz\n
"},{"location":"end-user/kpanda/helm/multi-archi-helm.html#_7","title":"\u6ce8\u610f\u4e8b\u9879","text":""},{"location":"end-user/kpanda/helm/multi-archi-helm.html#_8","title":"\u78c1\u76d8\u7a7a\u95f4","text":"\u79bb\u7ebf\u5305\u6bd4\u8f83\u5927\uff0c\u4e14\u8fc7\u7a0b\u4e2d\u9700\u8981\u89e3\u538b\u548c load \u955c\u50cf\uff0c\u9700\u8981\u9884\u7559\u5145\u8db3\u7684\u7a7a\u95f4\uff0c\u5426\u5219\u53ef\u80fd\u5728\u8fc7\u7a0b\u4e2d\u62a5 \u201cno space left\u201d \u800c\u4e2d\u65ad\u3002
"},{"location":"end-user/kpanda/helm/multi-archi-helm.html#_9","title":"\u5931\u8d25\u540e\u91cd\u8bd5","text":"\u5982\u679c\u5728\u591a\u67b6\u6784\u878d\u5408\u6b65\u9aa4\u6267\u884c\u5931\u8d25\uff0c\u91cd\u8bd5\u524d\u9700\u8981\u6e05\u7406\u4e00\u4e0b\u6b8b\u7559\uff1a
rm -rf addon-offline-target-package\n
"},{"location":"end-user/kpanda/helm/multi-archi-helm.html#_10","title":"\u955c\u50cf\u7a7a\u95f4","text":"\u5982\u679c\u878d\u5408\u7684\u79bb\u7ebf\u5305\u4e2d\u5305\u542b\u4e86\u4e0e\u5bfc\u5165\u7684\u79bb\u7ebf\u5305\u4e0d\u4e00\u81f4\u7684\u955c\u50cf\u7a7a\u95f4\uff0c\u53ef\u80fd\u4f1a\u5728\u878d\u5408\u8fc7\u7a0b\u4e2d\u56e0\u4e3a\u955c\u50cf\u7a7a\u95f4\u4e0d\u5b58\u5728\u800c\u62a5\u9519\uff1a
\u89e3\u51b3\u529e\u6cd5\uff1a\u53ea\u9700\u8981\u5728\u878d\u5408\u4e4b\u524d\u521b\u5efa\u597d\u8be5\u955c\u50cf\u7a7a\u95f4\u5373\u53ef\uff0c\u4f8b\u5982\u4e0a\u56fe\u62a5\u9519\u53ef\u901a\u8fc7\u521b\u5efa\u955c\u50cf\u7a7a\u95f4 localhost \u63d0\u524d\u907f\u514d\u3002
"},{"location":"end-user/kpanda/helm/multi-archi-helm.html#_11","title":"\u67b6\u6784\u51b2\u7a81","text":"\u5347\u7ea7\u81f3\u4f4e\u4e8e 0.12.0 \u7248\u672c\u7684 addon \u65f6\uff0c\u7531\u4e8e\u76ee\u6807\u79bb\u7ebf\u5305\u91cc\u7684 charts-syncer \u6ca1\u6709\u68c0\u67e5\u955c\u50cf\u5b58\u5728\u5219\u4e0d\u63a8\u9001\u529f\u80fd\uff0c\u56e0\u6b64\u4f1a\u5728\u5347\u7ea7\u7684\u8fc7\u7a0b\u4e2d\u4f1a\u91cd\u65b0\u628a\u591a\u67b6\u6784\u51b2\u6210\u5355\u67b6\u6784\u3002 \u4f8b\u5982\uff1a\u5728 v0.10 \u7248\u672c\u5c06 addon \u5b9e\u73b0\u4e3a\u591a\u67b6\u6784\uff0c\u6b64\u65f6\u82e5\u5347\u7ea7\u4e3a v0.11 \u7248\u672c\uff0c\u5219\u591a\u67b6\u6784 addon \u4f1a\u88ab\u8986\u76d6\u4e3a\u5355\u67b6\u6784\uff1b\u82e5\u5347\u7ea7\u4e3a 0.12.0 \u53ca\u4ee5\u4e0a\u7248\u672c\u5219\u4ecd\u80fd\u591f\u4fdd\u6301\u591a\u67b6\u6784\u3002
"},{"location":"end-user/kpanda/helm/upload-helm.html","title":"\u4e0a\u4f20 Helm \u6a21\u677f","text":"\u672c\u6587\u4ecb\u7ecd\u5982\u4f55\u4e0a\u4f20 Helm \u6a21\u677f\uff0c\u64cd\u4f5c\u6b65\u9aa4\u89c1\u4e0b\u6587\u3002
\u5f15\u5165 Helm \u4ed3\u5e93\uff0c\u64cd\u4f5c\u6b65\u9aa4\u53c2\u8003\u5f15\u5165\u7b2c\u4e09\u65b9 Helm \u4ed3\u5e93\u3002
\u4e0a\u4f20 Helm Chart \u5230 Helm \u4ed3\u5e93\u3002
\u5ba2\u6237\u7aef\u4e0a\u4f20\u9875\u9762\u4e0a\u4f20Note
\u6b64\u65b9\u5f0f\u9002\u7528\u4e8e Harbor\u3001ChartMuseum\u3001JFrog \u7c7b\u578b\u4ed3\u5e93\u3002
\u767b\u5f55\u4e00\u4e2a\u53ef\u4ee5\u8bbf\u95ee\u5230 Helm \u4ed3\u5e93\u7684\u8282\u70b9\uff0c\u5c06 Helm \u4e8c\u8fdb\u5236\u6587\u4ef6\u4e0a\u4f20\u5230\u8282\u70b9\uff0c\u5e76\u5b89\u88c5 cm-push \u63d2\u4ef6\uff08\u9700\u8981\u8fde\u901a\u5916\u7f51\u5e76\u63d0\u524d\u5b89\u88c5 Git\uff09\u3002
\u5b89\u88c5\u63d2\u4ef6\u6d41\u7a0b\u53c2\u8003\u5b89\u88c5 cm-push \u63d2\u4ef6\u3002
\u63a8\u9001 Helm Chart \u5230 Helm \u4ed3\u5e93\uff0c\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff1b
helm cm-push ${charts-dir} ${HELM_REPO_URL} --username ${username} --password ${password}\n
\u5b57\u6bb5\u8bf4\u660e\uff1a
charts-dir
\uff1aHelm Chart \u7684\u76ee\u5f55\uff0c\u6216\u8005\u662f\u6253\u5305\u597d\u7684 Chart\uff08\u5373 .tgz \u6587\u4ef6\uff09\u3002HELM_REPO_URL
\uff1aHelm \u4ed3\u5e93\u7684 URL\u3002username
/password
\uff1a\u6709\u63a8\u9001\u6743\u9650\u7684 Helm \u4ed3\u5e93\u7528\u6237\u540d\u548c\u5bc6\u7801\u3002--insecure
Note
\u6b64\u65b9\u5f0f\u4ec5\u9002\u7528\u4e8e Harbor \u7c7b\u578b\u4ed3\u5e93\u3002
\u767b\u5f55\u7f51\u9875 Harbor \u4ed3\u5e93\uff0c\u8bf7\u786e\u4fdd\u767b\u5f55\u7528\u6237\u6709\u63a8\u9001\u6743\u9650\uff1b
\u8fdb\u5165\u5230\u5bf9\u5e94\u9879\u76ee\uff0c\u9009\u62e9 Helm Charts \u9875\u7b7e\uff0c\u70b9\u51fb\u9875\u9762 \u4e0a\u4f20 \u6309\u94ae\uff0c\u5b8c\u6210 Helm Chart \u4e0a\u4f20\u3002
\u540c\u6b65\u8fdc\u7aef\u4ed3\u5e93\u6570\u636e
\u624b\u52a8\u540c\u6b65\u81ea\u52a8\u540c\u6b65\u9ed8\u8ba4\u96c6\u7fa4\u672a\u5f00\u542f Helm \u4ed3\u5e93\u81ea\u52a8\u5237\u65b0 \uff0c\u9700\u8981\u6267\u884c\u624b\u52a8\u540c\u6b65\u64cd\u4f5c\uff0c\u5927\u81f4\u6b65\u9aa4\u4e3a\uff1a
\u8fdb\u5165 Helm \u5e94\u7528 -> Helm \u4ed3\u5e93 \uff0c\u70b9\u51fb\u4ed3\u5e93\u5217\u8868\u53f3\u4fa7\u7684 \u2507 \u6309\u94ae\uff0c\u9009\u62e9 \u540c\u6b65\u4ed3\u5e93 \uff0c\u5b8c\u6210\u4ed3\u5e93\u6570\u636e\u540c\u6b65\u3002
\u5982\u9700\u5f00\u542f Helm \u4ed3\u5e93\u81ea\u52a8\u540c\u6b65\u529f\u80fd\uff0c\u53ef\u8fdb\u5165 \u96c6\u7fa4\u8fd0\u7ef4 -> \u96c6\u7fa4\u8bbe\u7f6e -> \u9ad8\u7ea7\u914d\u7f6e \uff0c\u5f00\u542f Helm \u4ed3\u5e93\u81ea\u52a8\u5237\u65b0\u5f00\u5173\u3002
\u96c6\u7fa4\u5de1\u68c0\u53ef\u4ee5\u901a\u8fc7\u81ea\u52a8\u6216\u624b\u52a8\u65b9\u5f0f\uff0c\u5b9a\u671f\u6216\u968f\u65f6\u68c0\u67e5\u96c6\u7fa4\u7684\u6574\u4f53\u5065\u5eb7\u72b6\u6001\uff0c\u8ba9\u7ba1\u7406\u5458\u83b7\u5f97\u4fdd\u969c\u96c6\u7fa4\u5b89\u5168\u7684\u4e3b\u52a8\u6743\u3002 \u57fa\u4e8e\u5408\u7406\u7684\u5de1\u68c0\u8ba1\u5212\uff0c\u8fd9\u79cd\u4e3b\u52a8\u81ea\u53d1\u7684\u96c6\u7fa4\u68c0\u67e5\u53ef\u4ee5\u8ba9\u7ba1\u7406\u5458\u968f\u65f6\u638c\u63e1\u96c6\u7fa4\u72b6\u6001\uff0c\u6446\u8131\u4e4b\u524d\u51fa\u73b0\u6545\u969c\u65f6\u53ea\u80fd\u88ab\u52a8\u6392\u67e5\u95ee\u9898\u7684\u56f0\u5883\uff0c\u505a\u5230\u4e8b\u5148\u76d1\u63a7\u3001\u63d0\u524d\u9632\u8303\u3002
\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u63d0\u4f9b\u7684\u96c6\u7fa4\u5de1\u68c0\u529f\u80fd\uff0c\u652f\u6301\u4ece\u96c6\u7fa4\u3001\u8282\u70b9\u3001\u5bb9\u5668\u7ec4\uff08Pod\uff09\u4e09\u4e2a\u7ef4\u5ea6\u8fdb\u884c\u81ea\u5b9a\u4e49\u5de1\u68c0\u9879\uff0c\u5de1\u68c0\u7ed3\u675f\u540e\u4f1a\u81ea\u52a8\u751f\u6210\u53ef\u89c6\u5316\u7684\u5de1\u68c0\u62a5\u544a\u3002
\u5982\u9700\u4e86\u89e3\u6216\u6267\u884c\u5b89\u5168\u65b9\u9762\u7684\u5de1\u68c0\uff0c\u53ef\u53c2\u8003\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u652f\u6301\u7684\u5b89\u5168\u626b\u63cf\u7c7b\u578b\u3002
"},{"location":"end-user/kpanda/inspect/config.html","title":"\u521b\u5efa\u5de1\u68c0\u914d\u7f6e","text":"\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u63d0\u4f9b\u96c6\u7fa4\u5de1\u68c0\u529f\u80fd\uff0c\u652f\u6301\u4ece\u96c6\u7fa4\u7ef4\u5ea6\u3001\u8282\u70b9\u7ef4\u5ea6\u3001\u5bb9\u5668\u7ec4\u7ef4\u5ea6\u8fdb\u884c\u5de1\u68c0\u3002
\u4e0b\u9762\u4ecb\u7ecd\u5982\u4f55\u521b\u5efa\u5de1\u68c0\u914d\u7f6e\u3002
"},{"location":"end-user/kpanda/inspect/config.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u96c6\u7fa4\u5de1\u68c0 \u3002
\u5728\u9875\u9762\u53f3\u4fa7\u70b9\u51fb \u5de1\u68c0\u914d\u7f6e \u3002
\u53c2\u8003\u4ee5\u4e0b\u8bf4\u660e\u586b\u5199\u5de1\u68c0\u914d\u7f6e\uff0c\u7136\u540e\u5728\u9875\u9762\u5e95\u90e8\u70b9\u51fb \u786e\u5b9a \u5373\u53ef\u3002
\u53c2\u6570\u914d\u7f6e\uff1a\u53c2\u6570\u914d\u7f6e\u5206\u4e3a\u96c6\u7fa4\u7ef4\u5ea6\u3001\u8282\u70b9\u7ef4\u5ea6\u3001\u5bb9\u5668\u7ec4\u7ef4\u5ea6\u4e09\u90e8\u5206\uff0c\u53ef\u4ee5\u6839\u636e\u573a\u666f\u9700\u6c42\u542f\u7528\u6216\u7981\u7528\u67d0\u4e9b\u5de1\u68c0\u9879\u3002
\u5de1\u68c0\u914d\u7f6e\u521b\u5efa\u5b8c\u6210\u540e\uff0c\u4f1a\u81ea\u52a8\u663e\u793a\u5728\u5de1\u68c0\u914d\u7f6e\u5217\u8868\u4e2d\u3002\u5728\u914d\u7f6e\u53f3\u4fa7\u70b9\u51fb\u66f4\u591a\u64cd\u4f5c\u6309\u94ae\u53ef\u4ee5\u7acb\u5373\u6267\u884c\u5de1\u68c0\u3001\u4fee\u6539\u5de1\u68c0\u914d\u7f6e\u3001\u5220\u9664\u5de1\u68c0\u914d\u7f6e\u548c\u5de1\u68c0\u8bb0\u5f55\u3002
\u70b9\u51fb \u5220\u9664 \u53ef\u4ee5\u5220\u9664\u8be5\u5de1\u68c0\u914d\u7f6e\u548c\u5386\u53f2\u7684\u5de1\u68c0\u8bb0\u5f55
Note
\u5de1\u68c0\u914d\u7f6e\u521b\u5efa\u5b8c\u6210\u540e\uff0c\u5982\u679c\u542f\u7528\u4e86 \u5b9a\u65f6\u5de1\u68c0 \u914d\u7f6e\uff0c\u5219\u4f1a\u5728\u6307\u5b9a\u65f6\u95f4\u81ea\u52a8\u6267\u884c\u5de1\u68c0\u3002\u5982\u672a\u542f\u7528 \u5b9a\u65f6\u5de1\u68c0 \u914d\u7f6e\uff0c\u5219\u9700\u8981\u624b\u52a8\u89e6\u53d1\u5de1\u68c0\u3002
\u6b64\u9875\u4ecb\u7ecd\u5982\u4f55\u624b\u52a8\u6267\u884c\u96c6\u7fa4\u5de1\u68c0\u3002
"},{"location":"end-user/kpanda/inspect/inspect.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u6267\u884c\u5de1\u68c0\u65f6\uff0c\u652f\u6301\u52fe\u9009\u591a\u4e2a\u96c6\u7fa4\u8fdb\u884c\u6279\u91cf\u5de1\u68c0\uff0c\u6216\u8005\u4ec5\u5bf9\u67d0\u4e00\u4e2a\u96c6\u7fa4\u8fdb\u884c\u5355\u72ec\u5de1\u68c0\u3002
\u6279\u91cf\u5de1\u68c0\u5355\u72ec\u5de1\u68c0\u5728\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u7684\u4e00\u7ea7\u5bfc\u822a\u680f\u70b9\u51fb \u96c6\u7fa4\u5de1\u68c0 \uff0c\u7136\u540e\u5728\u9875\u9762\u53f3\u4fa7\u70b9\u51fb \u5de1\u68c0 \u3002
\u52fe\u9009\u9700\u8981\u5de1\u68c0\u7684\u96c6\u7fa4\uff0c\u7136\u540e\u5728\u9875\u9762\u5e95\u90e8\u70b9\u51fb \u786e\u5b9a \u5373\u53ef\u3002
\u5982\u672a\u8bbe\u7f6e\u96c6\u7fa4\u5de1\u68c0\u914d\u7f6e\uff0c\u5c06\u4f7f\u7528\u7cfb\u7edf\u9ed8\u8ba4\u914d\u7f6e\u3002
\u5728\u5bf9\u5e94\u5de1\u68c0\u914d\u7f6e\u7684\u53f3\u4fa7\u70b9\u51fb \u2507 \u66f4\u591a\u64cd\u4f5c\u6309\u94ae\uff0c\u7136\u540e\u5728\u5f39\u51fa\u7684\u83dc\u5355\u4e2d\u9009\u62e9 \u5de1\u68c0 \u5373\u53ef\u3002
\u5de1\u68c0\u6267\u884c\u5b8c\u6210\u540e\uff0c\u53ef\u4ee5\u67e5\u770b\u5de1\u68c0\u8bb0\u5f55\u548c\u8be6\u7ec6\u7684\u5de1\u68c0\u62a5\u544a\u3002
"},{"location":"end-user/kpanda/inspect/report.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u8fdb\u5165\u96c6\u7fa4\u5de1\u68c0\u9875\u9762\uff0c\u70b9\u51fb\u76ee\u6807\u5de1\u68c0\u96c6\u7fa4\u7684\u540d\u79f0\u3002
\u70b9\u51fb\u60f3\u8981\u67e5\u770b\u7684\u5de1\u68c0\u8bb0\u5f55\u540d\u79f0\u3002
\u5f53\u5de1\u68c0\u8bb0\u5f55\u8d85\u8fc7\u5de1\u68c0\u914d\u7f6e\u4e2d\u8bbe\u7f6e\u7684\u6700\u5927\u4fdd\u7559\u6761\u6570\u65f6\uff0c\u4ece\u6267\u884c\u65f6\u95f4\u6700\u65e9\u7684\u8bb0\u5f55\u5f00\u59cb\u5220\u9664\u3002
\u67e5\u770b\u5de1\u68c0\u7684\u8be6\u7ec6\u4fe1\u606f\uff0c\u6839\u636e\u5de1\u68c0\u914d\u7f6e\u53ef\u80fd\u5305\u62ec\u96c6\u7fa4\u8d44\u6e90\u6982\u89c8\u3001\u7cfb\u7edf\u7ec4\u4ef6\u7684\u8fd0\u884c\u60c5\u51b5\u7b49\u3002
\u5728\u9875\u9762\u53f3\u4e0a\u89d2\u53ef\u4ee5\u4e0b\u8f7d\u5de1\u68c0\u62a5\u544a\u6216\u5220\u9664\u8be5\u9879\u5de1\u68c0\u62a5\u544a\u3002
\u547d\u540d\u7a7a\u95f4\u662f Kubernetes \u4e2d\u7528\u6765\u8fdb\u884c\u8d44\u6e90\u9694\u79bb\u7684\u4e00\u79cd\u62bd\u8c61\u3002\u4e00\u4e2a\u96c6\u7fa4\u4e0b\u53ef\u4ee5\u5305\u542b\u591a\u4e2a\u4e0d\u91cd\u540d\u7684\u547d\u540d\u7a7a\u95f4\uff0c\u6bcf\u4e2a\u547d\u540d\u7a7a\u95f4\u4e2d\u7684\u8d44\u6e90\u76f8\u4e92\u9694\u79bb\u3002\u6709\u5173\u547d\u540d\u7a7a\u95f4\u7684\u8be6\u7ec6\u4ecb\u7ecd\uff0c\u53ef\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u3002
\u672c\u6587\u5c06\u4ecb\u7ecd\u547d\u540d\u7a7a\u95f4\u7684\u76f8\u5173\u64cd\u4f5c\u3002
"},{"location":"end-user/kpanda/namespaces/createns.html#_2","title":"\u521b\u5efa\u547d\u540d\u7a7a\u95f4","text":"\u652f\u6301\u901a\u8fc7\u8868\u5355\u8f7b\u677e\u521b\u5efa\u547d\u540d\u7a7a\u95f4\uff0c\u4e5f\u652f\u6301\u901a\u8fc7\u7f16\u5199\u6216\u5bfc\u5165 YAML \u6587\u4ef6\u5feb\u901f\u521b\u5efa\u547d\u540d\u7a7a\u95f4\u3002
Note
\u5728 \u96c6\u7fa4\u5217\u8868 \u9875\u9762\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u547d\u540d\u7a7a\u95f4 \uff0c\u7136\u540e\u70b9\u51fb\u9875\u9762\u53f3\u4fa7\u7684 \u521b\u5efa \u6309\u94ae\u3002
\u586b\u5199\u547d\u540d\u7a7a\u95f4\u7684\u540d\u79f0\uff0c\u914d\u7f6e\u5de5\u4f5c\u7a7a\u95f4\u548c\u6807\u7b7e\uff08\u53ef\u9009\u8bbe\u7f6e\uff09\uff0c\u7136\u540e\u70b9\u51fb \u786e\u5b9a \u3002
Info
\u547d\u540d\u7a7a\u95f4\u7ed1\u5b9a\u5de5\u4f5c\u7a7a\u95f4\u4e4b\u540e\uff0c\u8be5\u547d\u540d\u7a7a\u95f4\u7684\u8d44\u6e90\u5c31\u4f1a\u5171\u4eab\u7ed9\u6240\u7ed1\u5b9a\u7684\u5de5\u4f5c\u7a7a\u95f4\u3002\u6709\u5173\u5de5\u4f5c\u7a7a\u95f4\u7684\u8be6\u7ec6\u8bf4\u660e\uff0c\u53ef\u53c2\u8003\u5de5\u4f5c\u7a7a\u95f4\u4e0e\u5c42\u7ea7\u3002
\u547d\u540d\u7a7a\u95f4\u521b\u5efa\u5b8c\u6210\u540e\uff0c\u4ecd\u7136\u53ef\u4ee5\u7ed1\u5b9a/\u89e3\u7ed1\u5de5\u4f5c\u7a7a\u95f4\u3002
\u70b9\u51fb \u786e\u5b9a \uff0c\u5b8c\u6210\u547d\u540d\u7a7a\u95f4\u7684\u521b\u5efa\u3002\u5728\u547d\u540d\u7a7a\u95f4\u5217\u8868\u53f3\u4fa7\uff0c\u70b9\u51fb \u2507 \uff0c\u53ef\u4ee5\u4ece\u5f39\u51fa\u83dc\u5355\u4e2d\u9009\u62e9\u67e5\u770b YAML\u3001\u4fee\u6539\u6807\u7b7e\u3001\u7ed1\u5b9a/\u89e3\u7ed1\u5de5\u4f5c\u7a7a\u95f4\u3001\u914d\u989d\u7ba1\u7406\u3001\u5220\u9664\u7b49\u66f4\u591a\u64cd\u4f5c\u3002
\u5728 \u96c6\u7fa4\u5217\u8868 \u9875\u9762\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u547d\u540d\u7a7a\u95f4 \uff0c\u7136\u540e\u70b9\u51fb\u9875\u9762\u53f3\u4fa7\u7684 YAML \u521b\u5efa \u6309\u94ae\u3002
\u8f93\u5165\u6216\u7c98\u8d34\u4e8b\u5148\u51c6\u5907\u597d\u7684 YAML \u5185\u5bb9\uff0c\u6216\u8005\u4ece\u672c\u5730\u76f4\u63a5\u5bfc\u5165\u5df2\u6709\u7684 YAML \u6587\u4ef6\u3002
\u8f93\u5165 YAML \u5185\u5bb9\u540e\uff0c\u70b9\u51fb \u4e0b\u8f7d \u53ef\u4ee5\u5c06\u8be5 YAML \u6587\u4ef6\u4fdd\u5b58\u5230\u672c\u5730\u3002
\u6700\u540e\u5728\u5f39\u6846\u53f3\u4e0b\u89d2\u70b9\u51fb \u786e\u5b9a \u5373\u53ef\u3002
\u547d\u540d\u7a7a\u95f4\u72ec\u4eab\u8282\u70b9\u6307\u5728 kubernetes \u96c6\u7fa4\u4e2d\uff0c\u901a\u8fc7\u6c61\u70b9\u548c\u6c61\u70b9\u5bb9\u5fcd\u7684\u65b9\u5f0f\u5b9e\u73b0\u7279\u5b9a\u547d\u540d\u7a7a\u95f4\u5bf9\u4e00\u4e2a\u6216\u591a\u4e2a\u8282\u70b9 CPU\u3001\u5185\u5b58\u7b49\u8d44\u6e90\u7684\u72ec\u4eab\u3002\u4e3a\u7279\u5b9a\u547d\u540d\u7a7a\u95f4\u914d\u7f6e\u72ec\u4eab\u8282\u70b9\u540e\uff0c\u5176\u5b83\u975e\u6b64\u547d\u540d\u7a7a\u95f4\u7684\u5e94\u7528\u548c\u670d\u52a1\u5747\u4e0d\u80fd\u8fd0\u884c\u5728\u88ab\u72ec\u4eab\u7684\u8282\u70b9\u4e0a\u3002\u4f7f\u7528\u72ec\u4eab\u8282\u70b9\u53ef\u4ee5\u8ba9\u91cd\u8981\u5e94\u7528\u72ec\u4eab\u4e00\u90e8\u5206\u8ba1\u7b97\u8d44\u6e90\uff0c\u4ece\u800c\u548c\u5176\u4ed6\u5e94\u7528\u5b9e\u73b0\u7269\u7406\u9694\u79bb\u3002
Note
\u5728\u8282\u70b9\u88ab\u8bbe\u7f6e\u4e3a\u72ec\u4eab\u8282\u70b9\u524d\u5df2\u7ecf\u8fd0\u884c\u5728\u6b64\u8282\u70b9\u4e0a\u7684\u5e94\u7528\u548c\u670d\u52a1\u5c06\u4e0d\u4f1a\u53d7\u5f71\u54cd\uff0c\u4f9d\u7136\u4f1a\u6b63\u5e38\u8fd0\u884c\u5728\u8be5\u8282\u70b9\u4e0a\uff0c\u4ec5\u5f53\u8fd9\u4e9b Pod \u88ab\u5220\u9664\u6216\u91cd\u5efa\u65f6\uff0c\u624d\u4f1a\u8c03\u5ea6\u5230\u5176\u5b83\u975e\u72ec\u4eab\u8282\u70b9\u4e0a\u3002
"},{"location":"end-user/kpanda/namespaces/exclusive.html#_2","title":"\u51c6\u5907\u5de5\u4f5c","text":"\u68c0\u67e5\u5f53\u524d\u96c6\u7fa4\u7684 kube-apiserver \u662f\u5426\u542f\u7528\u4e86 PodNodeSelector \u548c PodTolerationRestriction \u51c6\u5165\u63a7\u5236\u5668\u3002
\u4f7f\u7528\u547d\u540d\u7a7a\u95f4\u72ec\u4eab\u8282\u70b9\u529f\u80fd\u9700\u8981\u7528\u6237\u542f\u7528 kube-apiserver \u4e0a\u7684 PodNodeSelector \u548c PodTolerationRestriction \u4e24\u4e2a\u7279\u6027\u51c6\u5165\u63a7\u5236\u5668\uff08Admission Controllers\uff09\uff0c\u5173\u4e8e\u51c6\u5165\u63a7\u5236\u5668\u66f4\u591a\u8bf4\u660e\u8bf7\u53c2\u9605 kubernetes Admission Controllers Reference\u3002
\u60a8\u53ef\u4ee5\u524d\u5f80\u5f53\u524d\u96c6\u7fa4\u4e0b\u4efb\u610f\u4e00\u4e2a Master \u8282\u70b9\u4e0a\u68c0\u67e5 kube-apiserver.yaml \u6587\u4ef6\u5185\u662f\u5426\u542f\u7528\u4e86\u8fd9\u4e24\u4e2a\u7279\u6027\uff0c\u4e5f\u53ef\u4ee5\u5728 Master \u8282\u70b9\u4e0a\u6267\u884c\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u5feb\u901f\u68c0\u67e5\uff1a
```bash\n[root@g-master1 ~]# cat /etc/kubernetes/manifests/kube-apiserver.yaml | grep enable-admission-plugins\n\n# \u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a\n- --enable-admission-plugins=NodeRestriction,PodNodeSelector,PodTolerationRestriction\n```\n
"},{"location":"end-user/kpanda/namespaces/exclusive.html#_3","title":"\u5728\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4e0a\u542f\u7528\u547d\u540d\u7a7a\u95f4\u72ec\u4eab\u8282\u70b9","text":"\u7531\u4e8e\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4e0a\u8fd0\u884c\u7740 kpanda\u3001ghippo\u3001insight \u7b49\u5e73\u53f0\u57fa\u7840\u7ec4\u4ef6\uff0c\u5728 Global \u542f\u7528\u547d\u540d\u7a7a\u95f4\u72ec\u4eab\u8282\u70b9\u5c06\u53ef\u80fd\u5bfc\u81f4\u5f53\u7cfb\u7edf\u7ec4\u4ef6\u91cd\u542f\u540e\uff0c\u7cfb\u7edf\u7ec4\u4ef6\u65e0\u6cd5\u8c03\u5ea6\u5230\u88ab\u72ec\u4eab\u7684\u8282\u70b9\u4e0a\uff0c\u5f71\u54cd\u7cfb\u7edf\u7684\u6574\u4f53\u9ad8\u53ef\u7528\u80fd\u529b\u3002\u56e0\u6b64\uff0c\u901a\u5e38\u60c5\u51b5\u4e0b\uff0c\u6211\u4eec\u4e0d\u63a8\u8350\u7528\u6237\u5728\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4e0a\u542f\u7528\u547d\u540d\u7a7a\u95f4\u72ec\u4eab\u8282\u70b9\u7279\u6027\u3002
\u5982\u679c\u60a8\u786e\u5b9e\u9700\u8981\u5728\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4e0a\u542f\u7528\u547d\u540d\u7a7a\u95f4\u72ec\u4eab\u8282\u70b9\uff0c\u8bf7\u53c2\u8003\u4ee5\u4e0b\u6b65\u9aa4\u8fdb\u884c\u5f00\u542f\uff1a
\u4e3a\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u7684 kube-apiserver \u542f\u7528\u4e86 PodNodeSelector \u548c PodTolerationRestriction \u51c6\u5165\u63a7\u5236\u5668
Note
\u5982\u679c\u96c6\u7fa4\u5df2\u542f\u7528\u4e86\u4e0a\u8ff0\u7684\u4e24\u4e2a\u51c6\u5165\u63a7\u5236\u5668\uff0c\u8bf7\u8df3\u8fc7\u6b64\u6b65\uff0c\u76f4\u63a5\u524d\u5f80\u914d\u7f6e\u7cfb\u7edf\u7ec4\u4ef6\u5bb9\u5fcd\u3002
\u524d\u5f80\u5f53\u524d\u96c6\u7fa4\u4e0b\u4efb\u610f\u4e00\u4e2a Master \u8282\u70b9\u4e0a\u4fee\u6539 kube-apiserver.yaml \u914d\u7f6e\u6587\u4ef6\uff0c\u4e5f\u53ef\u4ee5\u5728 Master \u8282\u70b9\u4e0a\u6267\u884c\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u914d\u7f6e\uff1a
[root@g-master1 ~]# vi /etc/kubernetes/manifests/kube-apiserver.yaml\n\n# \u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a\napiVersion: v1\nkind: Pod\nmetadata:\n ......\nspec:\ncontainers:\n- command:\n - kube-apiserver\n ......\n - --default-not-ready-toleration-seconds=300\n - --default-unreachable-toleration-seconds=300\n - --enable-admission-plugins=NodeRestriction #\u542f\u7528\u7684\u51c6\u5165\u63a7\u5236\u5668\u5217\u8868\n - --enable-aggregator-routing=False\n - --enable-bootstrap-token-auth=true\n - --endpoint-reconciler-type=lease\n - --etcd-cafile=/etc/kubernetes/ssl/etcd/ca.crt\n ......\n
\u627e\u5230 --enable-admission-plugins \u53c2\u6570\uff0c\u52a0\u5165\uff08\u4ee5\u82f1\u6587\u9017\u53f7\u5206\u9694\u7684\uff09 PodNodeSelector \u548c PodTolerationRestriction \u51c6\u5165\u63a7\u5236\u5668\u3002\u53c2\u8003\u5982\u4e0b\uff1a
# \u52a0\u5165 __ ,PodNodeSelector,PodTolerationRestriction__ \n- --enable-admission-plugins=NodeRestriction,PodNodeSelector,PodTolerationRestriction \n
\u4e3a\u5e73\u53f0\u7ec4\u4ef6\u6240\u5728\u7684\u547d\u540d\u7a7a\u95f4\u6dfb\u52a0\u5bb9\u5fcd\u6ce8\u89e3
\u5b8c\u6210\u51c6\u5165\u63a7\u5236\u5668\u7684\u5f00\u542f\u540e\uff0c\u60a8\u9700\u8981\u4e3a\u5e73\u53f0\u7ec4\u4ef6\u6240\u5728\u7684\u547d\u540d\u7a7a\u95f4\u6dfb\u52a0\u5bb9\u5fcd\u6ce8\u89e3\uff0c\u4ee5\u4fdd\u8bc1\u5e73\u53f0\u7ec4\u4ef6\u7684\u9ad8\u53ef\u7528\u3002
\u76ee\u524d\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u7684\u7cfb\u7edf\u7ec4\u4ef6\u547d\u540d\u7a7a\u95f4\u5982\u4e0b\u8868\uff1a
\u547d\u540d\u7a7a\u95f4 \u6240\u5305\u542b\u7684\u7cfb\u7edf\u7ec4\u4ef6 kpanda-system kpanda hwameiStor-system hwameiStor istio-system istio metallb-system metallb cert-manager-system cert-manager contour-system contour kubean-system kubean ghippo-system ghippo kcoral-system kcoral kcollie-system kcollie insight-system insight\u3001insight-agent: ipavo-system ipavo kairship-system kairship karmada-system karmada amamba-system amamba\u3001jenkins skoala-system skoala mspider-system mspider mcamel-system mcamel-rabbitmq\u3001mcamel-elasticsearch\u3001mcamel-mysql\u3001mcamel-redis\u3001mcamel-kafka\u3001mcamel-minio\u3001mcamel-postgresql spidernet-system spidernet kangaroo-system kangaroo gmagpie-system gmagpie dowl-system dowl\u68c0\u67e5\u5f53\u524d\u96c6\u7fa4\u4e2d\u6240\u6709\u547d\u540d\u7a7a\u95f4\u662f\u5426\u5b58\u5728\u4e0a\u8ff0\u7684\u547d\u540d\u7a7a\u95f4\uff0c\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5206\u522b\u4e3a\u6bcf\u4e2a\u547d\u540d\u7a7a\u95f4\u6dfb\u52a0\u6ce8\u89e3\uff1a scheduler.alpha.kubernetes.io/defaultTolerations: '[{\"operator\": \"Exists\", \"effect\": \"NoSchedule\", \"key\": \"ExclusiveNamespace\"}]'
\u3002
kubectl annotate ns <namespace-name> scheduler.alpha.kubernetes.io/defaultTolerations: '[{\"operator\": \"Exists\", \"effect\": \n\"NoSchedule\", \"key\": \"ExclusiveNamespace\"}]'\n
\u8bf7\u786e\u4fdd\u5c06 <namespace-name>
\u66ff\u6362\u4e3a\u8981\u6dfb\u52a0\u6ce8\u89e3\u7684\u5e73\u53f0\u547d\u540d\u7a7a\u95f4\u540d\u79f0\u3002 \u4f7f\u7528\u754c\u9762\u4e3a\u547d\u540d\u7a7a\u95f4\u8bbe\u7f6e\u72ec\u4eab\u8282\u70b9
\u5f53\u60a8\u786e\u8ba4\u96c6\u7fa4 API \u670d\u52a1\u5668\u4e0a\u7684 PodNodeSelector \u548c PodTolerationRestriction \u4e24\u4e2a\u7279\u6027\u51c6\u5165\u63a7\u5236\u5668\u5df2\u7ecf\u5f00\u542f\u540e\uff0c\u8bf7\u53c2\u8003\u5982\u4e0b\u6b65\u9aa4\u4f7f\u7528\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u7684 UI \u7ba1\u7406\u754c\u9762\u4e3a\u547d\u540d\u7a7a\u95f4\u8bbe\u7f6e\u72ec\u4eab\u8282\u70b9\u4e86\u3002
\u5728\u96c6\u7fa4\u5217\u8868\u9875\u9762\u70b9\u51fb\u96c6\u7fa4\u540d\u79f0\uff0c\u7136\u540e\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u547d\u540d\u7a7a\u95f4 \u3002
\u70b9\u51fb\u547d\u540d\u7a7a\u95f4\u540d\u79f0\uff0c\u7136\u540e\u70b9\u51fb \u72ec\u4eab\u8282\u70b9 \u9875\u7b7e\uff0c\u5728\u4e0b\u65b9\u53f3\u4fa7\u70b9\u51fb \u6dfb\u52a0\u8282\u70b9 \u3002
\u5728\u9875\u9762\u5de6\u4fa7\u9009\u62e9\u8ba9\u8be5\u547d\u540d\u7a7a\u95f4\u72ec\u4eab\u54ea\u4e9b\u8282\u70b9\uff0c\u5728\u53f3\u4fa7\u53ef\u4ee5\u6e05\u7a7a\u6216\u5220\u9664\u67d0\u4e2a\u5df2\u9009\u8282\u70b9\uff0c\u6700\u540e\u5728\u5e95\u90e8\u70b9\u51fb \u786e\u5b9a \u3002
\u53ef\u4ee5\u5728\u5217\u8868\u4e2d\u67e5\u770b\u6b64\u547d\u540d\u7a7a\u95f4\u7684\u5df2\u6709\u7684\u72ec\u4eab\u8282\u70b9\uff0c\u5728\u8282\u70b9\u53f3\u4fa7\u53ef\u4ee5\u9009\u62e9 \u53d6\u6d88\u72ec\u4eab \u3002
\u53d6\u6d88\u72ec\u4eab\u4e4b\u540e\uff0c\u5176\u4ed6\u547d\u540d\u7a7a\u95f4\u4e0b\u7684 Pod \u4e5f\u53ef\u4ee5\u88ab\u8c03\u5ea6\u5230\u8be5\u8282\u70b9\u4e0a\u3002
\u5728 \u975e\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4e0a\u542f\u7528\u547d\u540d\u7a7a\u95f4\u72ec\u4eab\u8282\u70b9\uff0c\u8bf7\u53c2\u8003\u4ee5\u4e0b\u6b65\u9aa4\u8fdb\u884c\u5f00\u542f\uff1a
\u4e3a\u5f53\u524d\u96c6\u7fa4\u7684 kube-apiserver \u542f\u7528\u4e86 PodNodeSelector \u548c PodTolerationRestriction \u51c6\u5165\u63a7\u5236\u5668
Note
\u5982\u679c\u96c6\u7fa4\u5df2\u542f\u7528\u4e86\u4e0a\u8ff0\u7684\u4e24\u4e2a\u51c6\u5165\u63a7\u5236\u5668\uff0c\u8bf7\u8df3\u8fc7\u6b64\u6b65\uff0c\u76f4\u63a5\u524d\u5f80\u754c\u9762\u4e3a\u547d\u540d\u7a7a\u95f4\u8bbe\u7f6e\u72ec\u4eab\u8282\u70b9
\u524d\u5f80\u5f53\u524d\u96c6\u7fa4\u4e0b\u4efb\u610f\u4e00\u4e2a Master \u8282\u70b9\u4e0a\u4fee\u6539 kube-apiserver.yaml \u914d\u7f6e\u6587\u4ef6\uff0c\u4e5f\u53ef\u4ee5\u5728 Master \u8282\u70b9\u4e0a\u6267\u884c\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u914d\u7f6e\uff1a
[root@g-master1 ~]# vi /etc/kubernetes/manifests/kube-apiserver.yaml\n\n# \u9884\u671f\u8f93\u51fa\u5982\u4e0b\uff1a\napiVersion: v1\nkind: Pod\nmetadata:\n ......\nspec:\ncontainers:\n- command:\n - kube-apiserver\n ......\n - --default-not-ready-toleration-seconds=300\n - --default-unreachable-toleration-seconds=300\n - --enable-admission-plugins=NodeRestriction #\u542f\u7528\u7684\u51c6\u5165\u63a7\u5236\u5668\u5217\u8868\n - --enable-aggregator-routing=False\n - --enable-bootstrap-token-auth=true\n - --endpoint-reconciler-type=lease\n - --etcd-cafile=/etc/kubernetes/ssl/etcd/ca.crt\n ......\n
\u627e\u5230 --enable-admission-plugins \u53c2\u6570\uff0c\u52a0\u5165\uff08\u4ee5\u82f1\u6587\u9017\u53f7\u5206\u9694\u7684\uff09 PodNodeSelector \u548c PodTolerationRestriction \u51c6\u5165\u63a7\u5236\u5668\u3002\u53c2\u8003\u5982\u4e0b\uff1a
# \u52a0\u5165 __ ,PodNodeSelector,PodTolerationRestriction__ \n- --enable-admission-plugins=NodeRestriction,PodNodeSelector,PodTolerationRestriction \n
\u4f7f\u7528\u754c\u9762\u4e3a\u547d\u540d\u7a7a\u95f4\u8bbe\u7f6e\u72ec\u4eab\u8282\u70b9
\u5f53\u60a8\u786e\u8ba4\u96c6\u7fa4 API \u670d\u52a1\u5668\u4e0a\u7684 PodNodeSelector \u548c PodTolerationRestriction \u4e24\u4e2a\u7279\u6027\u51c6\u5165\u63a7\u5236\u5668\u5df2\u7ecf\u5f00\u542f\u540e\uff0c\u8bf7\u53c2\u8003\u5982\u4e0b\u6b65\u9aa4\u4f7f\u7528\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u7684 UI \u7ba1\u7406\u754c\u9762\u4e3a\u547d\u540d\u7a7a\u95f4\u8bbe\u7f6e\u72ec\u4eab\u8282\u70b9\u4e86\u3002
\u5728\u96c6\u7fa4\u5217\u8868\u9875\u9762\u70b9\u51fb\u96c6\u7fa4\u540d\u79f0\uff0c\u7136\u540e\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u547d\u540d\u7a7a\u95f4 \u3002
\u70b9\u51fb\u547d\u540d\u7a7a\u95f4\u540d\u79f0\uff0c\u7136\u540e\u70b9\u51fb \u72ec\u4eab\u8282\u70b9 \u9875\u7b7e\uff0c\u5728\u4e0b\u65b9\u53f3\u4fa7\u70b9\u51fb \u6dfb\u52a0\u8282\u70b9 \u3002
\u5728\u9875\u9762\u5de6\u4fa7\u9009\u62e9\u8ba9\u8be5\u547d\u540d\u7a7a\u95f4\u72ec\u4eab\u54ea\u4e9b\u8282\u70b9\uff0c\u5728\u53f3\u4fa7\u53ef\u4ee5\u6e05\u7a7a\u6216\u5220\u9664\u67d0\u4e2a\u5df2\u9009\u8282\u70b9\uff0c\u6700\u540e\u5728\u5e95\u90e8\u70b9\u51fb \u786e\u5b9a \u3002
\u53ef\u4ee5\u5728\u5217\u8868\u4e2d\u67e5\u770b\u6b64\u547d\u540d\u7a7a\u95f4\u7684\u5df2\u6709\u7684\u72ec\u4eab\u8282\u70b9\uff0c\u5728\u8282\u70b9\u53f3\u4fa7\u53ef\u4ee5\u9009\u62e9 \u53d6\u6d88\u72ec\u4eab \u3002
\u53d6\u6d88\u72ec\u4eab\u4e4b\u540e\uff0c\u5176\u4ed6\u547d\u540d\u7a7a\u95f4\u4e0b\u7684 Pod \u4e5f\u53ef\u4ee5\u88ab\u8c03\u5ea6\u5230\u8be5\u8282\u70b9\u4e0a\u3002
\u4e3a\u9700\u8981\u9ad8\u53ef\u7528\u7684\u7ec4\u4ef6\u6240\u5728\u7684\u547d\u540d\u7a7a\u95f4\u6dfb\u52a0\u5bb9\u5fcd\u6ce8\u89e3\uff08\u53ef\u9009\uff09
\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u9700\u8981\u9ad8\u53ef\u7528\u7684\u7ec4\u4ef6\u6240\u5728\u7684\u547d\u540d\u7a7a\u95f4\u6dfb\u52a0\u6ce8\u89e3\uff1ascheduler.alpha.kubernetes.io/defaultTolerations: '[{\"operator\": \"Exists\", \"effect\": \"NoSchedule\", \"key\": \"ExclusiveNamespace\"}]'
\u3002
kubectl annotate ns <namespace-name> scheduler.alpha.kubernetes.io/defaultTolerations: '[{\"operator\": \"Exists\", \"effect\": \n\"NoSchedule\", \"key\": \"ExclusiveNamespace\"}]'\n
\u8bf7\u786e\u4fdd\u5c06 <namespace-name>
\u66ff\u6362\u4e3a\u8981\u6dfb\u52a0\u6ce8\u89e3\u7684\u5e73\u53f0\u547d\u540d\u7a7a\u95f4\u540d\u79f0\u3002
\u5bb9\u5668\u7ec4\u5b89\u5168\u7b56\u7565\u6307\u5728 kubernetes \u96c6\u7fa4\u4e2d\uff0c\u901a\u8fc7\u4e3a\u6307\u5b9a\u547d\u540d\u7a7a\u95f4\u914d\u7f6e\u4e0d\u540c\u7684\u7b49\u7ea7\u548c\u6a21\u5f0f\uff0c\u5b9e\u73b0\u5728\u5b89\u5168\u7684\u5404\u4e2a\u65b9\u9762\u63a7\u5236 Pod \u7684\u884c\u4e3a\uff0c\u53ea\u6709\u6ee1\u8db3\u4e00\u5b9a\u7684\u6761\u4ef6\u7684 Pod \u624d\u4f1a\u88ab\u7cfb\u7edf\u63a5\u53d7\u3002\u5b83\u8bbe\u7f6e\u4e09\u4e2a\u7b49\u7ea7\u548c\u4e09\u79cd\u6a21\u5f0f\uff0c\u7528\u6237\u53ef\u4ee5\u6839\u636e\u81ea\u5df1\u7684\u9700\u6c42\u9009\u62e9\u66f4\u52a0\u5408\u9002\u7684\u65b9\u6848\u6765\u8bbe\u7f6e\u9650\u5236\u7b56\u7565\u3002
Note
\u4e00\u6761\u5b89\u5168\u6a21\u5f0f\u4ec5\u80fd\u914d\u7f6e\u4e00\u6761\u5b89\u5168\u7b56\u7565\u3002\u540c\u65f6\u8bf7\u8c28\u614e\u4e3a\u547d\u540d\u7a7a\u95f4\u914d\u7f6e enforce \u7684\u5b89\u5168\u6a21\u5f0f\uff0c\u8fdd\u53cd\u540e\u5c06\u4f1a\u5bfc\u81f4 Pod \u65e0\u6cd5\u521b\u5efa\u3002
\u672c\u8282\u5c06\u4ecb\u7ecd\u5982\u4f55\u901a\u8fc7\u5bb9\u5668\u7ba1\u7406\u754c\u9762\u4e3a\u547d\u540d\u7a7a\u95f4\u914d\u7f6e\u5bb9\u5668\u7ec4\u5b89\u5168\u7b56\u7565\u3002
"},{"location":"end-user/kpanda/namespaces/podsecurity.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u5df2\u63a5\u5165 Kubernetes \u96c6\u7fa4\u6216\u8005\u5df2\u521b\u5efa Kubernetes \u96c6\u7fa4\uff0c\u96c6\u7fa4\u7684\u7248\u672c\u9700\u8981\u5728 v1.22 \u4ee5\u4e0a\uff0c\u4e14\u80fd\u591f\u8bbf\u95ee\u96c6\u7fa4\u7684 UI \u754c\u9762\u3002
\u5df2\u5b8c\u6210\u4e00\u4e2a\u547d\u540d\u7a7a\u95f4\u7684\u521b\u5efa\u3001\u7528\u6237\u7684\u521b\u5efa\uff0c\u5e76\u4e3a\u7528\u6237\u6388\u4e88 NS Admin \u6216\u66f4\u9ad8\u6743\u9650\uff0c\u8be6\u60c5\u53ef\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u6388\u6743\u3002
\u9009\u62e9\u9700\u8981\u914d\u7f6e\u5bb9\u5668\u7ec4\u5b89\u5168\u7b56\u7565\u7684\u547d\u540d\u7a7a\u95f4\uff0c\u8fdb\u5165\u8be6\u60c5\u9875\u3002\u5728 \u5bb9\u5668\u7ec4\u5b89\u5168\u7b56\u7565 \u9875\u9762\u70b9\u51fb \u914d\u7f6e\u7b56\u7565 \uff0c\u8fdb\u5165\u914d\u7f6e\u9875\u3002
\u5728\u914d\u7f6e\u9875\u70b9\u51fb \u6dfb\u52a0\u7b56\u7565 \uff0c\u5219\u4f1a\u51fa\u73b0\u4e00\u6761\u7b56\u7565\uff0c\u5305\u62ec\u5b89\u5168\u7ea7\u522b\u548c\u5b89\u5168\u6a21\u5f0f\uff0c\u4ee5\u4e0b\u662f\u5bf9\u5b89\u5168\u7ea7\u522b\u548c\u5b89\u5168\u7b56\u7565\u7684\u8be6\u7ec6\u4ecb\u7ecd\u3002
\u5b89\u5168\u7ea7\u522b \u63cf\u8ff0 Privileged \u4e0d\u53d7\u9650\u5236\u7684\u7b56\u7565\uff0c\u63d0\u4f9b\u6700\u5927\u53ef\u80fd\u8303\u56f4\u7684\u6743\u9650\u8bb8\u53ef\u3002\u6b64\u7b56\u7565\u5141\u8bb8\u5df2\u77e5\u7684\u7279\u6743\u63d0\u5347\u3002 Baseline \u9650\u5236\u6027\u6700\u5f31\u7684\u7b56\u7565\uff0c\u7981\u6b62\u5df2\u77e5\u7684\u7b56\u7565\u63d0\u5347\u3002\u5141\u8bb8\u4f7f\u7528\u9ed8\u8ba4\u7684\uff08\u89c4\u5b9a\u6700\u5c11\uff09Pod \u914d\u7f6e\u3002 Restricted \u9650\u5236\u6027\u975e\u5e38\u5f3a\u7684\u7b56\u7565\uff0c\u9075\u5faa\u5f53\u524d\u7684\u4fdd\u62a4 Pod \u7684\u6700\u4f73\u5b9e\u8df5\u3002 \u5b89\u5168\u6a21\u5f0f \u63cf\u8ff0 Audit \u8fdd\u53cd\u6307\u5b9a\u7b56\u7565\u4f1a\u5728\u5ba1\u8ba1\u65e5\u5fd7\u4e2d\u6dfb\u52a0\u65b0\u7684\u5ba1\u8ba1\u4e8b\u4ef6\uff0cPod \u53ef\u4ee5\u88ab\u521b\u5efa\u3002 Warn \u8fdd\u53cd\u6307\u5b9a\u7b56\u7565\u4f1a\u8fd4\u56de\u7528\u6237\u53ef\u89c1\u7684\u544a\u8b66\u4fe1\u606f\uff0cPod \u53ef\u4ee5\u88ab\u521b\u5efa\u3002 Enforce \u8fdd\u53cd\u6307\u5b9a\u7b56\u7565\u4f1a\u5bfc\u81f4 Pod \u65e0\u6cd5\u521b\u5efa\u3002\u4e0d\u540c\u7684\u5b89\u5168\u7ea7\u522b\u5bf9\u5e94\u4e0d\u540c\u7684\u68c0\u67e5\u9879\uff0c\u82e5\u60a8\u4e0d\u77e5\u9053\u8be5\u5982\u4f55\u4e3a\u60a8\u7684\u547d\u540d\u7a7a\u95f4\u914d\u7f6e\uff0c\u53ef\u4ee5\u70b9\u51fb\u9875\u9762\u53f3\u4e0a\u89d2\u7684 \u7b56\u7565\u914d\u7f6e\u9879\u8bf4\u660e \u67e5\u770b\u8be6\u7ec6\u4fe1\u606f\u3002
\u70b9\u51fb\u786e\u5b9a\uff0c\u82e5\u521b\u5efa\u6210\u529f\uff0c\u5219\u9875\u9762\u4e0a\u5c06\u51fa\u73b0\u60a8\u914d\u7f6e\u7684\u5b89\u5168\u7b56\u7565\u3002
\u70b9\u51fb \u2507 \u8fd8\u53ef\u4ee5\u7f16\u8f91\u6216\u8005\u5220\u9664\u60a8\u914d\u7f6e\u7684\u5b89\u5168\u7b56\u7565\u3002
\u5728 Kubernetes \u96c6\u7fa4\u4e2d\uff0cIngress \u516c\u5f00\u4ece\u96c6\u7fa4\u5916\u90e8\u5230\u96c6\u7fa4\u5185\u670d\u52a1\u7684 HTTP \u548c HTTPS \u8def\u7531\u3002 \u6d41\u91cf\u8def\u7531\u7531 Ingress \u8d44\u6e90\u4e0a\u5b9a\u4e49\u7684\u89c4\u5219\u63a7\u5236\u3002\u4e0b\u9762\u662f\u4e00\u4e2a\u5c06\u6240\u6709\u6d41\u91cf\u90fd\u53d1\u9001\u5230\u540c\u4e00 Service \u7684\u7b80\u5355 Ingress \u793a\u4f8b\uff1a
Ingress \u662f\u5bf9\u96c6\u7fa4\u4e2d\u670d\u52a1\u7684\u5916\u90e8\u8bbf\u95ee\u8fdb\u884c\u7ba1\u7406\u7684 API \u5bf9\u8c61\uff0c\u5178\u578b\u7684\u8bbf\u95ee\u65b9\u5f0f\u662f HTTP\u3002Ingress \u53ef\u4ee5\u63d0\u4f9b\u8d1f\u8f7d\u5747\u8861\u3001SSL \u7ec8\u7ed3\u548c\u57fa\u4e8e\u540d\u79f0\u7684\u865a\u62df\u6258\u7ba1\u3002
"},{"location":"end-user/kpanda/network/create-ingress.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u4ee5 NS Editor \u7528\u6237\u6210\u529f\u767b\u5f55\u540e\uff0c\u70b9\u51fb\u5de6\u4e0a\u89d2\u7684 \u96c6\u7fa4\u5217\u8868 \u8fdb\u5165 \u96c6\u7fa4\u5217\u8868 \u9875\u9762\u3002\u5728\u96c6\u7fa4\u5217\u8868\u4e2d\uff0c\u70b9\u51fb\u4e00\u4e2a\u96c6\u7fa4\u540d\u79f0\u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u4e2d\uff0c\u70b9\u51fb \u5bb9\u5668\u7f51\u7edc -> \u8def\u7531 \u8fdb\u5165\u670d\u52a1\u5217\u8868\uff0c\u70b9\u51fb\u53f3\u4e0a\u89d2 \u521b\u5efa\u8def\u7531 \u6309\u94ae\u3002
Note
\u4e5f\u53ef\u4ee5\u901a\u8fc7 YAML \u521b\u5efa \u4e00\u4e2a\u8def\u7531\u3002
\u6253\u5f00 \u521b\u5efa\u8def\u7531 \u9875\u9762\uff0c\u8fdb\u884c\u914d\u7f6e\u3002\u53ef\u9009\u62e9\u4e24\u79cd\u534f\u8bae\u7c7b\u578b\uff0c\u53c2\u8003\u4ee5\u4e0b\u4e24\u4e2a\u53c2\u6570\u8868\u8fdb\u884c\u914d\u7f6e\u3002
\u8f93\u5165\u5982\u4e0b\u53c2\u6570\uff1a
nginx.ingress.kubernetes.io/upstream-hash-by: \"$binary_remote_addr\"
nginx.ingress.kubernetes.io/affinity: \"cookie\"\u3002nginx.ingress.kubernetes.io/affinity-mode: persistent
nginx.ingress.kubernetes.io/upstream-hash-by: \"$http_x_forwarded_for\"
\u8f93\u5165\u5982\u4e0b\u53c2\u6570\uff1a
Note
\u6ce8\u610f\uff1a\u4e0e HTTP \u534f\u8bae \u8bbe\u7f6e\u8def\u7531\u89c4\u5219 \u4e0d\u540c\uff0c\u589e\u52a0\u5bc6\u94a5\u9009\u62e9\u8bc1\u4e66\uff0c\u5176\u4ed6\u57fa\u672c\u4e00\u81f4\u3002
\u914d\u7f6e\u5b8c\u6240\u6709\u53c2\u6570\u540e\uff0c\u70b9\u51fb \u786e\u5b9a \u6309\u94ae\uff0c\u81ea\u52a8\u8fd4\u56de\u8def\u7531\u5217\u8868\u3002\u5728\u5217\u8868\u53f3\u4fa7\uff0c\u70b9\u51fb \u2507 \uff0c\u53ef\u4ee5\u4fee\u6539\u6216\u5220\u9664\u6240\u9009\u8def\u7531\u3002
"},{"location":"end-user/kpanda/network/create-services.html","title":"\u521b\u5efa\u670d\u52a1\uff08Service\uff09","text":"\u5728 Kubernetes \u96c6\u7fa4\u4e2d\uff0c\u6bcf\u4e2a Pod \u90fd\u6709\u4e00\u4e2a\u5185\u90e8\u72ec\u7acb\u7684 IP \u5730\u5740\uff0c\u4f46\u662f\u5de5\u4f5c\u8d1f\u8f7d\u4e2d\u7684 Pod \u53ef\u80fd\u4f1a\u88ab\u968f\u65f6\u521b\u5efa\u548c\u5220\u9664\uff0c\u76f4\u63a5\u4f7f\u7528 Pod IP \u5730\u5740\u5e76\u4e0d\u80fd\u5bf9\u5916\u63d0\u4f9b\u670d\u52a1\u3002
\u8fd9\u5c31\u9700\u8981\u521b\u5efa\u670d\u52a1\uff0c\u901a\u8fc7\u670d\u52a1\u60a8\u4f1a\u83b7\u5f97\u4e00\u4e2a\u56fa\u5b9a\u7684 IP \u5730\u5740\uff0c\u4ece\u800c\u5b9e\u73b0\u5de5\u4f5c\u8d1f\u8f7d\u524d\u7aef\u548c\u540e\u7aef\u7684\u89e3\u8026\uff0c\u8ba9\u5916\u90e8\u7528\u6237\u80fd\u591f\u8bbf\u95ee\u670d\u52a1\u3002\u540c\u65f6\uff0c\u670d\u52a1\u8fd8\u63d0\u4f9b\u4e86\u8d1f\u8f7d\u5747\u8861\uff08LoadBalancer\uff09\u529f\u80fd\uff0c\u4f7f\u7528\u6237\u80fd\u4ece\u516c\u7f51\u8bbf\u95ee\u5230\u5de5\u4f5c\u8d1f\u8f7d\u3002
"},{"location":"end-user/kpanda/network/create-services.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u5df2\u63a5\u5165 Kubernetes \u96c6\u7fa4\u6216\u8005\u5df2\u521b\u5efa Kubernetes\uff0c\u4e14\u80fd\u591f\u8bbf\u95ee\u96c6\u7fa4\u7684 UI \u754c\u9762\u3002
\u5df2\u5b8c\u6210\u4e00\u4e2a\u547d\u540d\u7a7a\u95f4\u7684\u521b\u5efa\u3001\u7528\u6237\u7684\u521b\u5efa\uff0c\u5e76\u5c06\u7528\u6237\u6388\u6743\u4e3a NS Editor \u89d2\u8272 \uff0c\u8be6\u60c5\u53ef\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u6388\u6743\u3002
\u5355\u4e2a\u5b9e\u4f8b\u4e2d\u6709\u591a\u4e2a\u5bb9\u5668\u65f6\uff0c\u8bf7\u786e\u4fdd\u5bb9\u5668\u4f7f\u7528\u7684\u7aef\u53e3\u4e0d\u51b2\u7a81\uff0c\u5426\u5219\u90e8\u7f72\u4f1a\u5931\u6548\u3002
\u4ee5 NS Editor \u7528\u6237\u6210\u529f\u767b\u5f55\u540e\uff0c\u70b9\u51fb\u5de6\u4e0a\u89d2\u7684 \u96c6\u7fa4\u5217\u8868 \u8fdb\u5165 \u96c6\u7fa4\u5217\u8868 \u9875\u9762\u3002\u5728\u96c6\u7fa4\u5217\u8868\u4e2d\uff0c\u70b9\u51fb\u4e00\u4e2a\u96c6\u7fa4\u540d\u79f0\u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u4e2d\uff0c\u70b9\u51fb \u5bb9\u5668\u7f51\u7edc -> \u670d\u52a1 \u8fdb\u5165\u670d\u52a1\u5217\u8868\uff0c\u70b9\u51fb\u53f3\u4e0a\u89d2 \u521b\u5efa\u670d\u52a1 \u6309\u94ae\u3002
Tip
\u4e5f\u53ef\u4ee5\u901a\u8fc7 YAML \u521b\u5efa \u4e00\u4e2a\u670d\u52a1\u3002
\u6253\u5f00 \u521b\u5efa\u670d\u52a1 \u9875\u9762\uff0c\u9009\u62e9\u4e00\u79cd\u8bbf\u95ee\u7c7b\u578b\uff0c\u53c2\u8003\u4ee5\u4e0b\u51e0\u4e2a\u53c2\u6570\u8868\u8fdb\u884c\u914d\u7f6e\u3002
\u70b9\u9009 \u96c6\u7fa4\u5185\u8bbf\u95ee\uff08ClusterIP\uff09 \uff0c\u8fd9\u662f\u6307\u901a\u8fc7\u96c6\u7fa4\u7684\u5185\u90e8 IP \u66b4\u9732\u670d\u52a1\uff0c\u9009\u62e9\u6b64\u9879\u7684\u670d\u52a1\u53ea\u80fd\u5728\u96c6\u7fa4\u5185\u90e8\u8bbf\u95ee\u3002\u8fd9\u662f\u9ed8\u8ba4\u7684\u670d\u52a1\u7c7b\u578b\u3002\u53c2\u8003\u4e0b\u8868\u914d\u7f6e\u53c2\u6570\u3002
\u53c2\u6570 \u8bf4\u660e \u4e3e\u4f8b\u503c \u8bbf\u95ee\u7c7b\u578b \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u6307\u5b9a Pod \u670d\u52a1\u53d1\u73b0\u7684\u65b9\u5f0f\uff0c\u8fd9\u91cc\u9009\u62e9\u96c6\u7fa4\u5185\u8bbf\u95ee\uff08ClusterIP\uff09\u3002 ClusterIP \u670d\u52a1\u540d\u79f0 \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u8f93\u5165\u65b0\u5efa\u670d\u52a1\u7684\u540d\u79f0\u3002\u3010\u6ce8\u610f\u3011\u8bf7\u8f93\u5165 4 \u5230 63 \u4e2a\u5b57\u7b26\u7684\u5b57\u7b26\u4e32\uff0c\u53ef\u4ee5\u5305\u542b\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u3001\u6570\u5b57\u548c\u4e2d\u5212\u7ebf\uff08-\uff09\uff0c\u5e76\u4ee5\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u5f00\u5934\uff0c\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u6216\u6570\u5b57\u7ed3\u5c3e\u3002 Svc-01 \u547d\u540d\u7a7a\u95f4 \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u9009\u62e9\u65b0\u5efa\u670d\u52a1\u6240\u5728\u7684\u547d\u540d\u7a7a\u95f4\u3002\u5173\u4e8e\u547d\u540d\u7a7a\u95f4\u66f4\u591a\u4fe1\u606f\u8bf7\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u6982\u8ff0\u3002\u3010\u6ce8\u610f\u3011\u8bf7\u8f93\u5165 4 \u5230 63 \u4e2a\u5b57\u7b26\u7684\u5b57\u7b26\u4e32\uff0c\u53ef\u4ee5\u5305\u542b\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u3001\u6570\u5b57\u548c\u4e2d\u5212\u7ebf\uff08-\uff09\uff0c\u5e76\u4ee5\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u5f00\u5934\uff0c\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u6216\u6570\u5b57\u7ed3\u5c3e\u3002 default \u6807\u7b7e\u9009\u62e9\u5668 \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u6dfb\u52a0\u6807\u7b7e\uff0cService \u6839\u636e\u6807\u7b7e\u9009\u62e9 Pod\uff0c\u586b\u5199\u540e\u70b9\u51fb\u201c\u6dfb\u52a0\u201d\u3002\u4e5f\u53ef\u4ee5\u5f15\u7528\u5df2\u6709\u5de5\u4f5c\u8d1f\u8f7d\u7684\u6807\u7b7e\uff0c\u70b9\u51fb \u5f15\u7528\u8d1f\u8f7d\u6807\u7b7e \uff0c\u5728\u5f39\u51fa\u7684\u7a97\u53e3\u4e2d\u9009\u62e9\u8d1f\u8f7d\uff0c\u7cfb\u7edf\u4f1a\u9ed8\u8ba4\u5c06\u6240\u9009\u7684\u8d1f\u8f7d\u6807\u7b7e\u4f5c\u4e3a\u9009\u62e9\u5668\u3002 app:job01 \u7aef\u53e3\u914d\u7f6e \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u4e3a\u670d\u52a1\u6dfb\u52a0\u534f\u8bae\u7aef\u53e3\uff0c\u9700\u8981\u5148\u9009\u62e9\u7aef\u53e3\u534f\u8bae\u7c7b\u578b\uff0c\u76ee\u524d\u652f\u6301 TCP\u3001UDP \u4e24\u79cd\u4f20\u8f93\u534f\u8bae\u3002\u7aef\u53e3\u540d\u79f0\uff1a\u8f93\u5165\u81ea\u5b9a\u4e49\u7684\u7aef\u53e3\u7684\u540d\u79f0\u3002\u670d\u52a1\u7aef\u53e3\uff08port\uff09\uff1aPod \u5bf9\u5916\u63d0\u4f9b\u670d\u52a1\u7684\u8bbf\u95ee\u7aef\u53e3\u3002\u5bb9\u5668\u7aef\u53e3\uff08targetport\uff09\uff1a\u5de5\u4f5c\u8d1f\u8f7d\u5b9e\u9645\u76d1\u542c\u7684\u5bb9\u5668\u7aef\u53e3\uff0c\u7528\u6765\u5bf9\u96c6\u7fa4\u5185\u66b4\u9732\u670d\u52a1\u3002 \u4f1a\u8bdd\u4fdd\u6301 \u3010\u7c7b\u578b\u3011\u9009\u586b\u3010\u542b\u4e49\u3011\u5f00\u542f\u540e\uff0c\u76f8\u540c\u5ba2\u6237\u7aef\u7684\u8bf7\u6c42\u5c06\u8f6c\u53d1\u81f3\u540c\u4e00 Pod \u5f00\u542f \u4f1a\u8bdd\u4fdd\u6301\u6700\u5927\u65f6\u957f \u3010\u7c7b\u578b\u3011\u9009\u586b\u3010\u542b\u4e49\u3011\u5f00\u542f\u4f1a\u8bdd\u4fdd\u6301\u540e\uff0c\u4fdd\u6301\u7684\u6700\u5927\u65f6\u957f\uff0c\u9ed8\u8ba4\u4e3a 30 \u79d2 30 \u79d2 \u6ce8\u89e3 \u3010\u7c7b\u578b\u3011\u9009\u586b\u3010\u542b\u4e49\u3011\u4e3a\u670d\u52a1\u6dfb\u52a0\u6ce8\u89e3"},{"location":"end-user/kpanda/network/create-services.html#nodeport","title":"\u521b\u5efa NodePort \u670d\u52a1","text":"\u70b9\u9009 \u8282\u70b9\u8bbf\u95ee\uff08NodePort\uff09 \uff0c\u8fd9\u662f\u6307\u901a\u8fc7\u6bcf\u4e2a\u8282\u70b9\u4e0a\u7684 IP \u548c\u9759\u6001\u7aef\u53e3\uff08 NodePort \uff09\u66b4\u9732\u670d\u52a1\u3002 NodePort \u670d\u52a1\u4f1a\u8def\u7531\u5230\u81ea\u52a8\u521b\u5efa\u7684 ClusterIP \u670d\u52a1\u3002\u901a\u8fc7\u8bf7\u6c42 <\u8282\u70b9 IP>:<\u8282\u70b9\u7aef\u53e3> \uff0c\u60a8\u53ef\u4ee5\u4ece\u96c6\u7fa4\u7684\u5916\u90e8\u8bbf\u95ee\u4e00\u4e2a NodePort \u670d\u52a1\u3002\u53c2\u8003\u4e0b\u8868\u914d\u7f6e\u53c2\u6570\u3002
\u53c2\u6570 \u8bf4\u660e \u4e3e\u4f8b\u503c \u8bbf\u95ee\u7c7b\u578b \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u6307\u5b9a Pod \u670d\u52a1\u53d1\u73b0\u7684\u65b9\u5f0f\uff0c\u8fd9\u91cc\u9009\u62e9\u8282\u70b9\u8bbf\u95ee\uff08NodePort\uff09\u3002 NodePort \u670d\u52a1\u540d\u79f0 \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u8f93\u5165\u65b0\u5efa\u670d\u52a1\u7684\u540d\u79f0\u3002\u3010\u6ce8\u610f\u3011\u8bf7\u8f93\u5165 4 \u5230 63 \u4e2a\u5b57\u7b26\u7684\u5b57\u7b26\u4e32\uff0c\u53ef\u4ee5\u5305\u542b\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u3001\u6570\u5b57\u548c\u4e2d\u5212\u7ebf\uff08-\uff09\uff0c\u5e76\u4ee5\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u5f00\u5934\uff0c\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u6216\u6570\u5b57\u7ed3\u5c3e\u3002 Svc-01 \u547d\u540d\u7a7a\u95f4 \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u9009\u62e9\u65b0\u5efa\u670d\u52a1\u6240\u5728\u7684\u547d\u540d\u7a7a\u95f4\u3002\u5173\u4e8e\u547d\u540d\u7a7a\u95f4\u66f4\u591a\u4fe1\u606f\u8bf7\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u6982\u8ff0\u3002\u3010\u6ce8\u610f\u3011\u8bf7\u8f93\u5165 4 \u5230 63 \u4e2a\u5b57\u7b26\u7684\u5b57\u7b26\u4e32\uff0c\u53ef\u4ee5\u5305\u542b\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u3001\u6570\u5b57\u548c\u4e2d\u5212\u7ebf\uff08-\uff09\uff0c\u5e76\u4ee5\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u5f00\u5934\uff0c\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u6216\u6570\u5b57\u7ed3\u5c3e\u3002 default \u6807\u7b7e\u9009\u62e9\u5668 \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u6dfb\u52a0\u6807\u7b7e\uff0cService \u6839\u636e\u6807\u7b7e\u9009\u62e9 Pod\uff0c\u586b\u5199\u540e\u70b9\u51fb\u201c\u6dfb\u52a0\u201d\u3002\u4e5f\u53ef\u4ee5\u5f15\u7528\u5df2\u6709\u5de5\u4f5c\u8d1f\u8f7d\u7684\u6807\u7b7e\uff0c\u70b9\u51fb \u5f15\u7528\u8d1f\u8f7d\u6807\u7b7e \uff0c\u5728\u5f39\u51fa\u7684\u7a97\u53e3\u4e2d\u9009\u62e9\u8d1f\u8f7d\uff0c\u7cfb\u7edf\u4f1a\u9ed8\u8ba4\u5c06\u6240\u9009\u7684\u8d1f\u8f7d\u6807\u7b7e\u4f5c\u4e3a\u9009\u62e9\u5668\u3002 \u7aef\u53e3\u914d\u7f6e \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u4e3a\u670d\u52a1\u6dfb\u52a0\u534f\u8bae\u7aef\u53e3\uff0c\u9700\u8981\u5148\u9009\u62e9\u7aef\u53e3\u534f\u8bae\u7c7b\u578b\uff0c\u76ee\u524d\u652f\u6301 TCP\u3001UDP \u4e24\u79cd\u4f20\u8f93\u534f\u8bae\u3002\u7aef\u53e3\u540d\u79f0\uff1a\u8f93\u5165\u81ea\u5b9a\u4e49\u7684\u7aef\u53e3\u7684\u540d\u79f0\u3002\u670d\u52a1\u7aef\u53e3\uff08port\uff09\uff1aPod \u5bf9\u5916\u63d0\u4f9b\u670d\u52a1\u7684\u8bbf\u95ee\u7aef\u53e3\u3002\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u65b9\u4fbf\u8d77\u89c1\uff0c\u670d\u52a1\u7aef\u53e3\u88ab\u8bbe\u7f6e\u4e3a\u4e0e\u5bb9\u5668\u7aef\u53e3\u5b57\u6bb5\u76f8\u540c\u7684\u503c\u3002\u5bb9\u5668\u7aef\u53e3\uff08targetport\uff09\uff1a\u5de5\u4f5c\u8d1f\u8f7d\u5b9e\u9645\u76d1\u542c\u7684\u5bb9\u5668\u7aef\u53e3\u3002\u8282\u70b9\u7aef\u53e3\uff08nodeport\uff09\uff1a\u8282\u70b9\u7684\u7aef\u53e3\uff0c\u63a5\u6536\u6765\u81ea ClusterIP \u4f20\u8f93\u7684\u6d41\u91cf\u3002\u7528\u6765\u505a\u5916\u90e8\u6d41\u91cf\u8bbf\u95ee\u7684\u5165\u53e3\u3002 \u4f1a\u8bdd\u4fdd\u6301 \u3010\u7c7b\u578b\u3011\u9009\u586b\u3010\u542b\u4e49\u3011\u5f00\u542f\u540e\uff0c\u76f8\u540c\u5ba2\u6237\u7aef\u7684\u8bf7\u6c42\u5c06\u8f6c\u53d1\u81f3\u540c\u4e00 Pod\u5f00\u542f\u540e Service \u7684.spec.sessionAffinity
\u4e3a ClientIP \uff0c\u8be6\u60c5\u8bf7\u53c2\u8003\uff1aService \u7684\u4f1a\u8bdd\u4eb2\u548c\u6027 \u5f00\u542f \u4f1a\u8bdd\u4fdd\u6301\u6700\u5927\u65f6\u957f \u3010\u7c7b\u578b\u3011\u9009\u586b\u3010\u542b\u4e49\u3011\u5f00\u542f\u4f1a\u8bdd\u4fdd\u6301\u540e\uff0c\u4fdd\u6301\u7684\u6700\u5927\u65f6\u957f\uff0c\u9ed8\u8ba4\u8d85\u65f6\u65f6\u957f\u4e3a 30 \u79d2.spec.sessionAffinityConfig.clientIP.timeoutSeconds \u9ed8\u8ba4\u8bbe\u7f6e\u4e3a 30 \u79d2 30 \u79d2 \u6ce8\u89e3 \u3010\u7c7b\u578b\u3011\u9009\u586b\u3010\u542b\u4e49\u3011\u4e3a\u670d\u52a1\u6dfb\u52a0\u6ce8\u89e3"},{"location":"end-user/kpanda/network/create-services.html#loadbalancer","title":"\u521b\u5efa LoadBalancer \u670d\u52a1","text":"\u70b9\u9009 \u8d1f\u8f7d\u5747\u8861\uff08LoadBalancer\uff09 \uff0c\u8fd9\u662f\u6307\u4f7f\u7528\u4e91\u63d0\u4f9b\u5546\u7684\u8d1f\u8f7d\u5747\u8861\u5668\u5411\u5916\u90e8\u66b4\u9732\u670d\u52a1\u3002 \u5916\u90e8\u8d1f\u8f7d\u5747\u8861\u5668\u53ef\u4ee5\u5c06\u6d41\u91cf\u8def\u7531\u5230\u81ea\u52a8\u521b\u5efa\u7684 NodePort \u670d\u52a1\u548c ClusterIP \u670d\u52a1\u4e0a\u3002\u53c2\u8003\u4e0b\u8868\u914d\u7f6e\u53c2\u6570\u3002
\u53c2\u6570 \u8bf4\u660e \u4e3e\u4f8b\u503c \u8bbf\u95ee\u7c7b\u578b \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u6307\u5b9a Pod \u670d\u52a1\u53d1\u73b0\u7684\u65b9\u5f0f\uff0c\u8fd9\u91cc\u9009\u62e9\u8d1f\u8f7d\u5747\u8861\uff08LoadBalancer\uff09\u3002 LoadBalancer \u670d\u52a1\u540d\u79f0 \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u8f93\u5165\u65b0\u5efa\u670d\u52a1\u7684\u540d\u79f0\u3002\u3010\u6ce8\u610f\u3011\u8bf7\u8f93\u5165 4 \u5230 63 \u4e2a\u5b57\u7b26\u7684\u5b57\u7b26\u4e32\uff0c\u53ef\u4ee5\u5305\u542b\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u3001\u6570\u5b57\u548c\u4e2d\u5212\u7ebf\uff08-\uff09\uff0c\u5e76\u4ee5\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u5f00\u5934\uff0c\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u6216\u6570\u5b57\u7ed3\u5c3e\u3002 Svc-01 \u547d\u540d\u7a7a\u95f4 \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u9009\u62e9\u65b0\u5efa\u670d\u52a1\u6240\u5728\u7684\u547d\u540d\u7a7a\u95f4\u3002\u5173\u4e8e\u547d\u540d\u7a7a\u95f4\u66f4\u591a\u4fe1\u606f\u8bf7\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u6982\u8ff0\u3002\u3010\u6ce8\u610f\u3011\u8bf7\u8f93\u5165 4 \u5230 63 \u4e2a\u5b57\u7b26\u7684\u5b57\u7b26\u4e32\uff0c\u53ef\u4ee5\u5305\u542b\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u3001\u6570\u5b57\u548c\u4e2d\u5212\u7ebf\uff08-\uff09\uff0c\u5e76\u4ee5\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u5f00\u5934\uff0c\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u6216\u6570\u5b57\u7ed3\u5c3e\u3002 default \u5916\u90e8\u6d41\u91cf\u7b56\u7565 \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u8bbe\u7f6e\u5916\u90e8\u6d41\u91cf\u7b56\u7565\u3002Cluster\uff1a\u6d41\u91cf\u53ef\u4ee5\u8f6c\u53d1\u5230\u96c6\u7fa4\u4e2d\u6240\u6709\u8282\u70b9\u4e0a\u7684 Pod\u3002Local\uff1a\u6d41\u91cf\u53ea\u53d1\u7ed9\u672c\u8282\u70b9\u4e0a\u7684 Pod\u3002\u3010\u6ce8\u610f\u3011\u8bf7\u8f93\u5165 4 \u5230 63 \u4e2a\u5b57\u7b26\u7684\u5b57\u7b26\u4e32\uff0c\u53ef\u4ee5\u5305\u542b\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u3001\u6570\u5b57\u548c\u4e2d\u5212\u7ebf\uff08-\uff09\uff0c\u5e76\u4ee5\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u5f00\u5934\uff0c\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u6216\u6570\u5b57\u7ed3\u5c3e\u3002 \u6807\u7b7e\u9009\u62e9\u5668 \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u6dfb\u52a0\u6807\u7b7e\uff0cService \u6839\u636e\u6807\u7b7e\u9009\u62e9 Pod\uff0c\u586b\u5199\u540e\u70b9\u51fb\u201c\u6dfb\u52a0\u201d\u3002\u4e5f\u53ef\u4ee5\u5f15\u7528\u5df2\u6709\u5de5\u4f5c\u8d1f\u8f7d\u7684\u6807\u7b7e\uff0c\u70b9\u51fb \u5f15\u7528\u8d1f\u8f7d\u6807\u7b7e \uff0c\u5728\u5f39\u51fa\u7684\u7a97\u53e3\u4e2d\u9009\u62e9\u8d1f\u8f7d\uff0c\u7cfb\u7edf\u4f1a\u9ed8\u8ba4\u5c06\u6240\u9009\u7684\u8d1f\u8f7d\u6807\u7b7e\u4f5c\u4e3a\u9009\u62e9\u5668\u3002 \u8d1f\u8f7d\u5747\u8861\u7c7b\u578b \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u4f7f\u7528\u7684\u8d1f\u8f7d\u5747\u8861\u7c7b\u578b\uff0c\u5f53\u524d\u652f\u6301 MetalLB \u548c\u5176\u4ed6\u3002 MetalLB IP \u6c60 \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u9009\u62e9\u7684 \u8d1f\u8f7d\u5747\u8861\u7c7b\u578b\u4e3a MetalLB \u65f6\uff0cLoadBalancer Service\u9ed8\u8ba4\u4f1a\u4ece\u8fd9\u4e2a\u6c60\u4e2d\u5206\u914d IP \u5730\u5740, \u5e76\u4e14\u901a\u8fc7 APR \u5ba3\u544a\u8fd9\u4e2a\u6c60\u4e2d\u7684\u6240\u6709 IP \u5730\u5740 \u8d1f\u8f7d\u5747\u8861\u5730\u5740 \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u30111.\u5982\u4f7f\u7528\u7684\u662f\u516c\u6709\u4e91 CloudProvider\uff0c\u6b64\u5904\u586b\u5199\u7684\u4e3a\u4e91\u5382\u5546\u63d0\u4f9b\u7684\u8d1f\u8f7d\u5747\u8861\u5730\u5740\uff1b2.\u5982\u679c\u4e0a\u8ff0\u8d1f\u8f7d\u5747\u8861\u7c7b\u578b\u9009\u62e9\u4e3a MetalLB \uff0c\u9ed8\u8ba4\u4ece\u4e0a\u8ff0 IP \u6c60\u4e2d\u83b7\u53d6 IP \uff0c\u5982\u679c\u4e0d\u586b\u5219\u81ea\u52a8\u83b7\u53d6\u3002 \u7aef\u53e3\u914d\u7f6e \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u4e3a\u670d\u52a1\u6dfb\u52a0\u534f\u8bae\u7aef\u53e3\uff0c\u9700\u8981\u5148\u9009\u62e9\u7aef\u53e3\u534f\u8bae\u7c7b\u578b\uff0c\u76ee\u524d\u652f\u6301 TCP\u3001UDP \u4e24\u79cd\u4f20\u8f93\u534f\u8bae\u3002\u7aef\u53e3\u540d\u79f0\uff1a\u8f93\u5165\u81ea\u5b9a\u4e49\u7684\u7aef\u53e3\u7684\u540d\u79f0\u3002\u670d\u52a1\u7aef\u53e3\uff08port\uff09\uff1aPod \u5bf9\u5916\u63d0\u4f9b\u670d\u52a1\u7684\u8bbf\u95ee\u7aef\u53e3\u3002\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u65b9\u4fbf\u8d77\u89c1\uff0c\u670d\u52a1\u7aef\u53e3\u88ab\u8bbe\u7f6e\u4e3a\u4e0e\u5bb9\u5668\u7aef\u53e3\u5b57\u6bb5\u76f8\u540c\u7684\u503c\u3002\u5bb9\u5668\u7aef\u53e3\uff08targetport\uff09\uff1a\u5de5\u4f5c\u8d1f\u8f7d\u5b9e\u9645\u76d1\u542c\u7684\u5bb9\u5668\u7aef\u53e3\u3002\u8282\u70b9\u7aef\u53e3\uff08nodeport\uff09\uff1a\u8282\u70b9\u7684\u7aef\u53e3\uff0c\u63a5\u6536\u6765\u81ea ClusterIP \u4f20\u8f93\u7684\u6d41\u91cf\u3002\u7528\u6765\u505a\u5916\u90e8\u6d41\u91cf\u8bbf\u95ee\u7684\u5165\u53e3\u3002 \u6ce8\u89e3 \u3010\u7c7b\u578b\u3011\u9009\u586b\u3010\u542b\u4e49\u3011\u4e3a\u670d\u52a1\u6dfb\u52a0\u6ce8\u89e3"},{"location":"end-user/kpanda/network/create-services.html#externalname","title":"\u521b\u5efa ExternalName \u670d\u52a1","text":"\u70b9\u9009 \u5916\u90e8\u670d\u52a1\uff08ExternalName\uff09 \uff0c\u8fd9\u662f\u6307\u901a\u8fc7\u5c06\u670d\u52a1\u6620\u5c04\u5230\u5916\u90e8\u57df\u540d\u6765\u66b4\u9732\u670d\u52a1\u3002\u9009\u62e9\u6b64\u9879\u7684\u670d\u52a1\u4e0d\u4f1a\u521b\u5efa\u5178\u578b\u7684 ClusterIP \u6216 NodePort\uff0c\u800c\u662f\u901a\u8fc7 DNS \u540d\u79f0\u89e3\u6790\u5c06\u8bf7\u6c42\u91cd\u5b9a\u5411\u5230\u5916\u90e8\u7684\u670d\u52a1\u5730\u5740\u3002\u53c2\u8003\u4e0b\u8868\u914d\u7f6e\u53c2\u6570\u3002
\u53c2\u6570 \u8bf4\u660e \u4e3e\u4f8b\u503c \u8bbf\u95ee\u7c7b\u578b \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u6307\u5b9a Pod \u670d\u52a1\u53d1\u73b0\u7684\u65b9\u5f0f\uff0c\u8fd9\u91cc\u9009\u62e9\u5916\u90e8\u670d\u52a1\uff08ExternalName\uff09\u3002 ExternalName \u670d\u52a1\u540d\u79f0 \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u8f93\u5165\u65b0\u5efa\u670d\u52a1\u7684\u540d\u79f0\u3002\u3010\u6ce8\u610f\u3011\u8bf7\u8f93\u5165 4 \u5230 63 \u4e2a\u5b57\u7b26\u7684\u5b57\u7b26\u4e32\uff0c\u53ef\u4ee5\u5305\u542b\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u3001\u6570\u5b57\u548c\u4e2d\u5212\u7ebf\uff08-\uff09\uff0c\u5e76\u4ee5\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u5f00\u5934\uff0c\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u6216\u6570\u5b57\u7ed3\u5c3e\u3002 Svc-01 \u547d\u540d\u7a7a\u95f4 \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u9009\u62e9\u65b0\u5efa\u670d\u52a1\u6240\u5728\u7684\u547d\u540d\u7a7a\u95f4\u3002\u5173\u4e8e\u547d\u540d\u7a7a\u95f4\u66f4\u591a\u4fe1\u606f\u8bf7\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u6982\u8ff0\u3002\u3010\u6ce8\u610f\u3011\u8bf7\u8f93\u5165 4 \u5230 63 \u4e2a\u5b57\u7b26\u7684\u5b57\u7b26\u4e32\uff0c\u53ef\u4ee5\u5305\u542b\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u3001\u6570\u5b57\u548c\u4e2d\u5212\u7ebf\uff08-\uff09\uff0c\u5e76\u4ee5\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u5f00\u5934\uff0c\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd\u6216\u6570\u5b57\u7ed3\u5c3e\u3002 default \u57df\u540d \u3010\u7c7b\u578b\u3011\u5fc5\u586b"},{"location":"end-user/kpanda/network/create-services.html#_3","title":"\u5b8c\u6210\u670d\u52a1\u521b\u5efa","text":"\u914d\u7f6e\u5b8c\u6240\u6709\u53c2\u6570\u540e\uff0c\u70b9\u51fb \u786e\u5b9a \u6309\u94ae\uff0c\u81ea\u52a8\u8fd4\u56de\u670d\u52a1\u5217\u8868\u3002\u5728\u5217\u8868\u53f3\u4fa7\uff0c\u70b9\u51fb \u2507 \uff0c\u53ef\u4ee5\u4fee\u6539\u6216\u5220\u9664\u6240\u9009\u670d\u52a1\u3002
"},{"location":"end-user/kpanda/network/network-policy.html","title":"\u7f51\u7edc\u7b56\u7565","text":"\u7f51\u7edc\u7b56\u7565\uff08NetworkPolicy\uff09\u53ef\u4ee5\u5728 IP \u5730\u5740\u6216\u7aef\u53e3\u5c42\u9762\uff08OSI \u7b2c 3 \u5c42\u6216\u7b2c 4 \u5c42\uff09\u63a7\u5236\u7f51\u7edc\u6d41\u91cf\u3002\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u76ee\u524d\u652f\u6301\u521b\u5efa\u57fa\u4e8e Pod \u6216\u547d\u540d\u7a7a\u95f4\u7684\u7f51\u7edc\u7b56\u7565\uff0c\u652f\u6301\u901a\u8fc7\u6807\u7b7e\u9009\u62e9\u5668\u6765\u8bbe\u5b9a\u54ea\u4e9b\u6d41\u91cf\u53ef\u4ee5\u8fdb\u5165\u6216\u79bb\u5f00\u5e26\u6709\u7279\u5b9a\u6807\u7b7e\u7684 Pod\u3002
\u6709\u5173\u7f51\u7edc\u7b56\u7565\u7684\u66f4\u591a\u8be6\u60c5\uff0c\u53ef\u53c2\u8003 Kubernetes \u5b98\u65b9\u6587\u6863\u7f51\u7edc\u7b56\u7565\u3002
"},{"location":"end-user/kpanda/network/network-policy.html#_2","title":"\u521b\u5efa\u7f51\u7edc\u7b56\u7565","text":"\u76ee\u524d\u652f\u6301\u901a\u8fc7 YAML \u548c\u8868\u5355\u4e24\u79cd\u65b9\u5f0f\u521b\u5efa\u7f51\u7edc\u7b56\u7565\uff0c\u8fd9\u4e24\u79cd\u65b9\u5f0f\u5404\u6709\u4f18\u52a3\uff0c\u53ef\u4ee5\u6ee1\u8db3\u4e0d\u540c\u7528\u6237\u7684\u4f7f\u7528\u9700\u6c42\u3002
\u901a\u8fc7 YAML \u521b\u5efa\u6b65\u9aa4\u66f4\u5c11\u3001\u66f4\u9ad8\u6548\uff0c\u4f46\u95e8\u69db\u8981\u6c42\u8f83\u9ad8\uff0c\u9700\u8981\u719f\u6089\u7f51\u7edc\u7b56\u7565\u7684 YAML \u6587\u4ef6\u914d\u7f6e\u3002
\u901a\u8fc7\u8868\u5355\u521b\u5efa\u66f4\u76f4\u89c2\u66f4\u7b80\u5355\uff0c\u6839\u636e\u63d0\u793a\u586b\u5199\u5bf9\u5e94\u7684\u503c\u5373\u53ef\uff0c\u4f46\u6b65\u9aa4\u66f4\u52a0\u7e41\u7410\u3002
"},{"location":"end-user/kpanda/network/network-policy.html#yaml","title":"YAML \u521b\u5efa","text":"\u5728\u96c6\u7fa4\u5217\u8868\u4e2d\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u7136\u540e\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u5bb9\u5668\u7f51\u7edc -> \u7f51\u7edc\u7b56\u7565 -> YAML \u521b\u5efa \u3002
\u5728\u5f39\u6846\u4e2d\u8f93\u5165\u6216\u7c98\u8d34\u4e8b\u5148\u51c6\u5907\u597d\u7684 YAML \u6587\u4ef6\uff0c\u7136\u540e\u5728\u5f39\u6846\u5e95\u90e8\u70b9\u51fb \u786e\u5b9a \u3002
\u5728\u96c6\u7fa4\u5217\u8868\u4e2d\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u7136\u540e\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u5bb9\u5668\u7f51\u7edc -> \u7f51\u7edc\u7b56\u7565 -> \u521b\u5efa\u7b56\u7565 \u3002
\u586b\u5199\u57fa\u672c\u4fe1\u606f\u3002
\u540d\u79f0\u548c\u547d\u540d\u7a7a\u95f4\u5728\u521b\u5efa\u4e4b\u540e\u4e0d\u53ef\u66f4\u6539\u3002
\u586b\u5199\u7b56\u7565\u914d\u7f6e\u3002
\u7b56\u7565\u914d\u7f6e\u5206\u4e3a\u5165\u6d41\u91cf\u7b56\u7565\u548c\u51fa\u6d41\u91cf\u7b56\u7565\u3002\u5982\u679c\u6e90 Pod \u60f3\u8981\u6210\u529f\u8fde\u63a5\u5230\u76ee\u6807 Pod\uff0c\u6e90 Pod \u7684\u51fa\u6d41\u91cf\u7b56\u7565\u548c\u76ee\u6807 Pod \u7684\u5165\u6d41\u91cf\u7b56\u7565\u90fd\u9700\u8981\u5141\u8bb8\u8fde\u63a5\u3002\u5982\u679c\u4efb\u4f55\u4e00\u65b9\u4e0d\u5141\u8bb8\u8fde\u63a5\uff0c\u90fd\u4f1a\u5bfc\u81f4\u8fde\u63a5\u5931\u8d25\u3002
\u5165\u6d41\u91cf\u7b56\u7565\uff1a\u70b9\u51fb \u2795 \u5f00\u59cb\u914d\u7f6e\u7b56\u7565\uff0c\u652f\u6301\u914d\u7f6e\u591a\u6761\u7b56\u7565\u3002\u591a\u6761\u7f51\u7edc\u7b56\u7565\u7684\u6548\u679c\u76f8\u4e92\u53e0\u52a0\uff0c\u53ea\u6709\u540c\u65f6\u6ee1\u8db3\u6240\u6709\u7f51\u7edc\u7b56\u7565\uff0c\u624d\u80fd\u6210\u529f\u5efa\u7acb\u8fde\u63a5\u3002
\u51fa\u6d41\u91cf\u7b56\u7565
\u5728\u96c6\u7fa4\u5217\u8868\u4e2d\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u7136\u540e\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u5bb9\u5668\u7f51\u7edc -> \u7f51\u7edc\u7b56\u7565 \uff0c\u70b9\u51fb\u7f51\u7edc\u7b56\u7565\u7684\u540d\u79f0\u3002
\u67e5\u770b\u8be5\u7b56\u7565\u7684\u57fa\u672c\u914d\u7f6e\u3001\u5173\u8054\u5b9e\u4f8b\u4fe1\u606f\u3001\u5165\u6d41\u91cf\u7b56\u7565\u3001\u51fa\u6d41\u91cf\u7b56\u7565\u3002
Info
\u5728\u5173\u8054\u5b9e\u4f8b\u9875\u7b7e\u4e0b\uff0c\u652f\u6301\u67e5\u770b\u5b9e\u4f8b\u76d1\u63a7\u3001\u65e5\u5fd7\u3001\u5bb9\u5668\u5217\u8868\u3001YAML \u6587\u4ef6\u3001\u4e8b\u4ef6\u7b49\u3002
"},{"location":"end-user/kpanda/network/network-policy.html#_5","title":"\u66f4\u65b0\u7f51\u7edc\u7b56\u7565","text":"\u6709\u4e24\u79cd\u9014\u5f84\u53ef\u4ee5\u66f4\u65b0\u7f51\u7edc\u7b56\u7565\u3002\u652f\u6301\u901a\u8fc7\u8868\u5355\u6216 YAML \u6587\u4ef6\u66f4\u65b0\u7f51\u7edc\u7b56\u7565\u3002
\u5728\u7f51\u7edc\u7b56\u7565\u5217\u8868\u9875\u9762\uff0c\u627e\u5230\u9700\u8981\u66f4\u65b0\u7684\u7b56\u7565\uff0c\u5728\u53f3\u4fa7\u7684\u64cd\u4f5c\u680f\u4e0b\u9009\u62e9 \u66f4\u65b0 \u5373\u53ef\u901a\u8fc7\u8868\u5355\u66f4\u65b0\uff0c\u9009\u62e9 \u7f16\u8f91 YAML \u5373\u53ef\u901a\u8fc7 YAML \u66f4\u65b0\u3002
\u70b9\u51fb\u7f51\u7edc\u7b56\u7565\u7684\u540d\u79f0\uff0c\u8fdb\u5165\u7f51\u7edc\u7b56\u7565\u7684\u8be6\u60c5\u9875\u9762\u540e\uff0c\u5728\u9875\u9762\u53f3\u4e0a\u89d2\u9009\u62e9 \u66f4\u65b0 \u5373\u53ef\u901a\u8fc7\u8868\u5355\u66f4\u65b0\uff0c\u9009\u62e9 \u7f16\u8f91 YAML \u5373\u53ef\u901a\u8fc7 YAML \u66f4\u65b0\u3002
\u6709\u4e24\u79cd\u9014\u5f84\u53ef\u4ee5\u5220\u9664\u7f51\u7edc\u7b56\u7565\u3002\u652f\u6301\u901a\u8fc7\u8868\u5355\u6216 YAML \u6587\u4ef6\u66f4\u65b0\u7f51\u7edc\u7b56\u7565\u3002
\u5728\u7f51\u7edc\u7b56\u7565\u5217\u8868\u9875\u9762\uff0c\u627e\u5230\u9700\u8981\u66f4\u65b0\u7684\u7b56\u7565\uff0c\u5728\u53f3\u4fa7\u7684\u64cd\u4f5c\u680f\u4e0b\u9009\u62e9 \u66f4\u65b0 \u5373\u53ef\u901a\u8fc7\u8868\u5355\u66f4\u65b0\uff0c\u9009\u62e9 \u7f16\u8f91 YAML \u5373\u53ef\u901a\u8fc7 YAML \u5220\u9664\u3002
\u70b9\u51fb\u7f51\u7edc\u7b56\u7565\u7684\u540d\u79f0\uff0c\u8fdb\u5165\u7f51\u7edc\u7b56\u7565\u7684\u8be6\u60c5\u9875\u9762\u540e\uff0c\u5728\u9875\u9762\u53f3\u4e0a\u89d2\u9009\u62e9 \u66f4\u65b0 \u5373\u53ef\u901a\u8fc7\u8868\u5355\u66f4\u65b0\uff0c\u9009\u62e9 \u7f16\u8f91 YAML \u5373\u53ef\u901a\u8fc7 YAML \u5220\u9664\u3002
\u968f\u7740\u4e1a\u52a1\u5e94\u7528\u4e0d\u65ad\u589e\u957f\uff0c\u96c6\u7fa4\u8d44\u6e90\u65e5\u8d8b\u7d27\u5f20\uff0c\u8fd9\u65f6\u53ef\u4ee5\u57fa\u4e8e kubean \u5bf9\u96c6\u7fa4\u8282\u70b9\u8fdb\u884c\u6269\u5bb9\u3002\u6269\u5bb9\u540e\uff0c\u5e94\u7528\u53ef\u4ee5\u8fd0\u884c\u5728\u65b0\u589e\u7684\u8282\u70b9\u4e0a\uff0c\u7f13\u89e3\u8d44\u6e90\u538b\u529b\u3002
\u53ea\u6709\u901a\u8fc7\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u521b\u5efa\u7684\u96c6\u7fa4\u624d\u652f\u6301\u8282\u70b9\u6269\u7f29\u5bb9\uff0c\u4ece\u5916\u90e8\u63a5\u5165\u7684\u96c6\u7fa4\u4e0d\u652f\u6301\u6b64\u64cd\u4f5c\u3002\u672c\u6587\u4e3b\u8981\u4ecb\u7ecd\u540c\u79cd\u67b6\u6784\u4e0b\u5de5\u4f5c\u96c6\u7fa4\u7684 \u5de5\u4f5c\u8282\u70b9 \u6269\u5bb9\u3002
\u5728 \u96c6\u7fa4\u5217\u8868 \u9875\u9762\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\u3002
\u82e5 \u96c6\u7fa4\u89d2\u8272 \u4e2d\u5e26\u6709 \u63a5\u5165\u96c6\u7fa4 \u7684\u6807\u7b7e\uff0c\u5219\u8bf4\u660e\u8be5\u96c6\u7fa4\u4e0d\u652f\u6301\u8282\u70b9\u6269\u7f29\u5bb9\u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u8282\u70b9\u7ba1\u7406 \uff0c\u7136\u540e\u5728\u9875\u9762\u53f3\u4e0a\u89d2\u70b9\u51fb \u63a5\u5165\u8282\u70b9 \u3002
\u8f93\u5165\u4e3b\u673a\u540d\u79f0\u548c\u8282\u70b9 IP \u5e76\u70b9\u51fb \u786e\u5b9a \u3002
\u70b9\u51fb \u2795 \u6dfb\u52a0\u5de5\u4f5c\u8282\u70b9 \u53ef\u4ee5\u7ee7\u7eed\u63a5\u5165\u66f4\u591a\u8282\u70b9\u3002
Note
\u63a5\u5165\u8282\u70b9\u5927\u7ea6\u9700\u8981 20 \u5206\u949f\uff0c\u8bf7\u60a8\u8010\u5fc3\u7b49\u5f85\u3002
"},{"location":"end-user/kpanda/nodes/add-node.html#_2","title":"\u53c2\u8003\u6587\u6863","text":"\u5f53\u4e1a\u52a1\u9ad8\u5cf0\u671f\u7ed3\u675f\u4e4b\u540e\uff0c\u4e3a\u4e86\u8282\u7701\u8d44\u6e90\u6210\u672c\uff0c\u53ef\u4ee5\u7f29\u5c0f\u96c6\u7fa4\u89c4\u6a21\uff0c\u5378\u8f7d\u5197\u4f59\u7684\u8282\u70b9\uff0c\u5373\u8282\u70b9\u7f29\u5bb9\u3002\u8282\u70b9\u5378\u8f7d\u540e\uff0c\u5e94\u7528\u65e0\u6cd5\u7ee7\u7eed\u8fd0\u884c\u5728\u8be5\u8282\u70b9\u4e0a\u3002
"},{"location":"end-user/kpanda/nodes/delete-node.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u96c6\u7fa4\u8282\u70b9\u7f29\u5bb9\u65f6\uff0c\u53ea\u80fd\u9010\u4e2a\u8fdb\u884c\u5378\u8f7d\uff0c\u65e0\u6cd5\u6279\u91cf\u5378\u8f7d\u3002
\u5982\u9700\u5378\u8f7d\u96c6\u7fa4\u63a7\u5236\u5668\u8282\u70b9\uff0c\u9700\u8981\u786e\u4fdd\u6700\u7ec8\u63a7\u5236\u5668\u8282\u70b9\u6570\u4e3a \u5947\u6570\u3002
\u96c6\u7fa4\u8282\u70b9\u7f29\u5bb9\u65f6\u4e0d\u53ef\u4e0b\u7ebf \u7b2c\u4e00\u4e2a\u63a7\u5236\u5668 \u8282\u70b9\u3002\u5982\u679c\u5fc5\u987b\u6267\u884c\u6b64\u64cd\u4f5c\uff0c\u8bf7\u8054\u7cfb\u552e\u540e\u5de5\u7a0b\u5e08\u3002
\u5728 \u96c6\u7fa4\u5217\u8868 \u9875\u9762\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\u3002
\u82e5 \u96c6\u7fa4\u89d2\u8272 \u4e2d\u5e26\u6709 \u63a5\u5165\u96c6\u7fa4 \u7684\u6807\u7b7e\uff0c\u5219\u8bf4\u660e\u8be5\u96c6\u7fa4\u4e0d\u652f\u6301\u8282\u70b9\u6269\u7f29\u5bb9\u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u8282\u70b9\u7ba1\u7406 \uff0c\u627e\u5230\u9700\u8981\u5378\u8f7d\u7684\u8282\u70b9\uff0c\u70b9\u51fb \u2507 \u9009\u62e9 \u79fb\u9664\u8282\u70b9 \u3002
\u8f93\u5165\u8282\u70b9\u540d\u79f0\uff0c\u5e76\u70b9\u51fb \u5220\u9664 \u8fdb\u884c\u786e\u8ba4\u3002
\u6807\u7b7e\uff08Labels\uff09\u662f\u4e3a Pod\u3001\u8282\u70b9\u3001\u96c6\u7fa4\u7b49 Kubernetes \u5bf9\u8c61\u6dfb\u52a0\u7684\u6807\u8bc6\u6027\u952e\u503c\u5bf9\uff0c\u53ef\u7ed3\u5408\u6807\u7b7e\u9009\u62e9\u5668\u67e5\u627e\u5e76\u7b5b\u9009\u6ee1\u8db3\u67d0\u4e9b\u6761\u4ef6\u7684 Kubernetes \u5bf9\u8c61\u3002\u6bcf\u4e2a\u952e\u5bf9\u4e8e\u7ed9\u5b9a\u5bf9\u8c61\u5fc5\u987b\u662f\u552f\u4e00\u7684\u3002
\u6ce8\u89e3\uff08Annotations\uff09\u548c\u6807\u7b7e\u4e00\u6837\uff0c\u4e5f\u662f\u952e/\u503c\u5bf9\uff0c\u4f46\u4e0d\u5177\u5907\u6807\u8bc6\u6216\u7b5b\u9009\u529f\u80fd\u3002 \u4f7f\u7528\u6ce8\u89e3\u53ef\u4ee5\u4e3a\u8282\u70b9\u6dfb\u52a0\u4efb\u610f\u7684\u5143\u6570\u636e\u3002 \u6ce8\u89e3\u7684\u952e\u901a\u5e38\u4f7f\u7528\u7684\u683c\u5f0f\u4e3a \u524d\u7f00\uff08\u53ef\u9009\uff09/\u540d\u79f0\uff08\u5fc5\u586b\uff09 \uff0c\u4f8b\u5982 nfd.node.kubernetes.io/extended-resources \u3002 \u5982\u679c\u7701\u7565\u524d\u7f00\uff0c\u8868\u793a\u8be5\u6ce8\u89e3\u952e\u662f\u7528\u6237\u79c1\u6709\u7684\u3002
\u6709\u5173\u6807\u7b7e\u548c\u6ce8\u89e3\u7684\u66f4\u591a\u4fe1\u606f\uff0c\u53ef\u53c2\u8003 Kubernetes \u7684\u5b98\u65b9\u6587\u6863\u6807\u7b7e\u548c\u9009\u62e9\u7b97\u7b26\u6216\u6ce8\u89e3\u3002
\u6dfb\u52a0/\u5220\u9664\u6807\u7b7e\u4e0e\u6ce8\u89e3\u7684\u6b65\u9aa4\u5982\u4e0b\uff1a
\u5728 \u96c6\u7fa4\u5217\u8868 \u9875\u9762\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u8282\u70b9\u7ba1\u7406 \uff0c\u5728\u8282\u70b9\u53f3\u4fa7\u70b9\u51fb \u2507 \u64cd\u4f5c\u56fe\u6807\uff0c\u70b9\u51fb \u4fee\u6539\u6807\u7b7e \u6216 \u4fee\u6539\u6ce8\u89e3 \u3002
\u70b9\u51fb \u2795 \u6dfb\u52a0 \u53ef\u4ee5\u6dfb\u52a0\u6807\u7b7e\u6216\u6ce8\u89e3\uff0c\u70b9\u51fb X \u53ef\u4ee5\u5220\u9664\u6807\u7b7e\u6216\u6ce8\u89e3\uff0c\u6700\u540e\u70b9\u51fb \u786e\u5b9a \u3002
\u5982\u679c\u60a8\u9009\u62e9\u4f7f\u7528 SSH \u5bc6\u94a5\u4f5c\u4e3a\u5f85\u521b\u5efa\u96c6\u7fa4\u7684\u8282\u70b9\u8ba4\u8bc1\u65b9\u5f0f\uff0c\u60a8\u9700\u8981\u6309\u7167\u5982\u4e0b\u8bf4\u660e\u914d\u7f6e\u516c\u79c1\u94a5\u3002
\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5728 \u5f85\u5efa\u96c6\u7fa4\u7684\u7ba1\u7406\u96c6\u7fa4\u4e2d\u7684\u4efb\u610f\u8282\u70b9 \u4e0a\u751f\u6210\u516c\u79c1\u94a5\u3002
cd /root/.ssh\nssh-keygen -t rsa\n
\u6267\u884c ls \u547d\u4ee4\u67e5\u770b\u7ba1\u7406\u96c6\u7fa4\u4e0a\u7684\u5bc6\u94a5\u662f\u5426\u521b\u5efa\u6210\u529f\uff0c\u6b63\u786e\u53cd\u9988\u5982\u4e0b\uff1a
ls\nid_rsa id_rsa.pub known_hosts\n
\u5176\u4e2d\u540d\u4e3a id_rsa \u7684\u6587\u4ef6\u662f\u79c1\u94a5\uff0c\u540d\u4e3a id_rsa.pub \u7684\u6587\u4ef6\u662f\u516c\u94a5\u3002
\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5206\u522b\u5c06\u516c\u94a5\u6587\u4ef6 id_rsa.pub \u52a0\u8f7d\u5230\u5f85\u521b\u5efa\u96c6\u7fa4\u7684\u6240\u6709\u8282\u70b9\u4e0a\u3002
ssh-copy-id -i /root/.ssh/id_rsa.pub root@10.0.0.0\n
\u5c06\u4e0a\u9762\u547d\u4ee4\u4e2d\u7684 root@10.0.0.0 \u7528\u6237\u8d26\u53f7\u548c\u8282\u70b9 IP \u66ff\u6362\u4e3a\u5f85\u521b\u5efa\u96c6\u7fa4\u7684\u8282\u70b9\u7528\u6237\u540d\u548c IP\u3002** \u9700\u8981\u5728\u5f85\u521b\u5efa\u96c6\u7fa4\u7684\u6bcf\u53f0\u8282\u70b9\u90fd\u6267\u884c\u76f8\u540c\u7684\u64cd\u4f5c **\u3002
\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u67e5\u770b\u6b65\u9aa4 1 \u6240\u521b\u5efa\u7684\u79c1\u94a5\u6587\u4ef6 id_rsa \u3002
cat /root/.ssh/id_rsa\n
\u8f93\u51fa\u5982\u4e0b\u5185\u5bb9\uff1a
-----BEGIN RSA PRIVATE KEY-----\nMIIEpQIBAAKCAQEA3UvyKINzY5BFuemQ+uJ6q+GqgfvnWwNC8HzZhpcMSjJy26MM\nUtBEBJxy8fMi57XcjYxPibXW/wnd+32ICCycqCwByUmuXeCC1cjlCQDqjcAvXae7\nY54IXGF7wm2IsMNwf0kjFEXjuS48FLDA0mGRaN3BG+Up5geXcHckg3K5LD8kXFFx\ndEmSIjdyw55NaUitmEdHzN7cIdfi6Z56jcV8dcFBgWKUx+ebiyPmZBkXToz6GnMF\nrswzzZCl+G6Jb2xTGy7g7ozb4BoZd1IpSD5EhDanRrESVE0C5YuJ5zUAC0CvVd1l\nv67AK8Ko6MXToHp01/bcsvlM6cqgwUFXZKVeOwIDAQABAoIBAQCO36GQlo3BEjxy\nM2HvGJmqrx+unDxafliRe4nVY2AD515Qf4xNSzke4QM1QoyenMOwf446krQkJPK0\nk+9nl6Xszby5gGCbK4BNFk8I6RaGPjZWeRx6zGUJf8avWJiPxx6yjz2esSC9RiR0\nF0nmiiefVMyAfgv2/5++dK2WUFNNRKLgSRRpP5bRaD5wMzzxtSSXrUon6217HO8p\n3RoWsI51MbVzhdVgpHUNABcoa0rpr9svT6XLKZxY8mxpKFYjM0Wv2JIDABg3kBvh\nQbJ7kStCO3naZjKMU9UuSqVJs06cflGYw7Or8/tABR3LErNQKPjkhAQqt0DXw7Iw\n3tKdTAJBAoGBAP687U7JAOqQkcphek2E/A/sbO/d37ix7Z3vNOy065STrA+ZWMZn\npZ6Ui1B/oJpoZssnfvIoz9sn559X0j67TljFALFd2ZGS0Fqh9KVCqDvfk+Vst1dq\n+3r/yZdTOyswoccxkJiC/GDwZGK0amJWqvob39JCZhDAKIGLbGMmjdAHAoGBAN5k\nm1WGnni1nZ+3dryIwgB6z1hWcnLTamzSET6KhSuo946ET0IRG9xtlheCx6dqICbr\nVk1Y4NtRZjK/p/YGx59rDWf7E3I8ZMgR7mjieOcUZ4lUlA4l7ZIlW/2WZHW+nUXO\nTi20fqJ8qSp4BUvOvuth1pz2GLUHe2/Fxjf7HIstAoGBAPHpPr9r+TfIlPsJeRj2\n6lzA3G8qWFRQfGRYjv0fjv0pA+RIb1rzgP/I90g5+63G6Z+R4WdcxI/OJJNY1iuG\nuw9n/pFxm7U4JC990BPE6nj5iLz+clpNGYckNDBF9VG9vFSrSDLdaYkxoVNvG/xJ\na9Na90H4lm7f3VewrPy310KvAoGAZr+mwNoEh5Kpc6xo8Gxi7aPP/mlaUVD6X7Ki\ngvmu02AqmC7rC4QqEiqTaONkaSXwGusqIWxJ3yp5hELmUBYLzszAEeV/s4zRp1oZ\ng133LBRSTbHFAdBmNdqK6Nu+KGRb92980UMOKvZbliKDl+W6cbfvVu+gtKrzTc3b\naevb4TUCgYEAnJAxyVYDP1nJf7bjBSHXQu1E/DMwbtrqw7dylRJ8cAzI7IxfSCez\n7BYWq41PqVd9/zrb3Pbh2phiVzKe783igAIMqummcjo/kZyCwFsYBzK77max1jF5\naPQsLbRS2aDz8kIH6jHPZ/R+15EROmdtLmA7vIJZGerWWQR0dUU+XXA=\n
\u5c06\u79c1\u94a5\u5185\u5bb9\u590d\u5236\u540e\u586b\u81f3\u754c\u9762\u5bc6\u94a5\u8f93\u5165\u6846\u3002
\u5728\u521b\u5efa\u96c6\u7fa4\u6216\u4e3a\u5df2\u6709\u96c6\u7fa4\u6dfb\u52a0\u8282\u70b9\u65f6\uff0c\u8bf7\u53c2\u9605\u4e0b\u8868\uff0c\u68c0\u67e5\u8282\u70b9\u914d\u7f6e\uff0c\u4ee5\u907f\u514d\u56e0\u8282\u70b9\u914d\u7f6e\u9519\u8bef\u5bfc\u81f4\u96c6\u7fa4\u521b\u5efa\u6216\u6269\u5bb9\u5931\u8d25\u3002
\u68c0\u67e5\u9879 \u63cf\u8ff0 \u64cd\u4f5c\u7cfb\u7edf \u53c2\u8003\u652f\u6301\u7684\u67b6\u6784\u53ca\u64cd\u4f5c\u7cfb\u7edf SELinux \u5173\u95ed \u9632\u706b\u5899 \u5173\u95ed \u67b6\u6784\u4e00\u81f4\u6027 \u8282\u70b9\u95f4 CPU \u67b6\u6784\u4e00\u81f4\uff08\u5982\u5747\u4e3a ARM \u6216 x86\uff09 \u4e3b\u673a\u65f6\u95f4 \u6240\u6709\u4e3b\u673a\u95f4\u540c\u6b65\u8bef\u5dee\u5c0f\u4e8e 10 \u79d2\u3002 \u7f51\u7edc\u8054\u901a\u6027 \u8282\u70b9\u53ca\u5176 SSH \u7aef\u53e3\u80fd\u591f\u6b63\u5e38\u88ab\u5e73\u53f0\u8bbf\u95ee\u3002 CPU \u53ef\u7528 CPU \u8d44\u6e90\u5927\u4e8e 4 Core \u5185\u5b58 \u53ef\u7528\u5185\u5b58\u8d44\u6e90\u5927\u4e8e 8 GB"},{"location":"end-user/kpanda/nodes/node-check.html#_2","title":"\u652f\u6301\u7684\u67b6\u6784\u53ca\u64cd\u4f5c\u7cfb\u7edf","text":"\u67b6\u6784 \u64cd\u4f5c\u7cfb\u7edf \u5907\u6ce8 ARM Kylin Linux Advanced Server release V10 (Sword) SP2 \u63a8\u8350 ARM UOS Linux ARM openEuler x86 CentOS 7.x \u63a8\u8350 x86 Redhat 7.x \u63a8\u8350 x86 Redhat 8.x \u63a8\u8350 x86 Flatcar Container Linux by Kinvolk x86 Debian Bullseye, Buster, Jessie, Stretch x86 Ubuntu 16.04, 18.04, 20.04, 22.04 x86 Fedora 35, 36 x86 Fedora CoreOS x86 openSUSE Leap 15.x/Tumbleweed x86 Oracle Linux 7, 8, 9 x86 Alma Linux 8, 9 x86 Rocky Linux 8, 9 x86 Amazon Linux 2 x86 Kylin Linux Advanced Server release V10 (Sword) - SP2 \u6d77\u5149 x86 UOS Linux x86 openEuler"},{"location":"end-user/kpanda/nodes/node-details.html","title":"\u8282\u70b9\u8be6\u60c5","text":"\u63a5\u5165\u6216\u521b\u5efa\u96c6\u7fa4\u4e4b\u540e\uff0c\u53ef\u4ee5\u67e5\u770b\u96c6\u7fa4\u4e2d\u5404\u4e2a\u8282\u70b9\u7684\u4fe1\u606f\uff0c\u5305\u62ec\u8282\u70b9\u72b6\u6001\u3001\u6807\u7b7e\u3001\u8d44\u6e90\u7528\u91cf\u3001Pod\u3001\u76d1\u63a7\u4fe1\u606f\u7b49\u3002
\u5728 \u96c6\u7fa4\u5217\u8868 \u9875\u9762\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u8282\u70b9\u7ba1\u7406 \uff0c\u53ef\u4ee5\u67e5\u770b\u8282\u70b9\u72b6\u6001\u3001\u89d2\u8272\u3001\u6807\u7b7e\u3001CPU/\u5185\u5b58\u4f7f\u7528\u60c5\u51b5\u3001IP \u5730\u5740\u3001\u521b\u5efa\u65f6\u95f4\u3002
\u70b9\u51fb\u8282\u70b9\u540d\u79f0\uff0c\u53ef\u4ee5\u8fdb\u5165\u8282\u70b9\u8be6\u60c5\u9875\u9762\u67e5\u770b\u66f4\u591a\u4fe1\u606f\uff0c\u5305\u62ec\u6982\u89c8\u4fe1\u606f\u3001\u5bb9\u5668\u7ec4\u4fe1\u606f\u3001\u6807\u7b7e\u6ce8\u89e3\u4fe1\u606f\u3001\u4e8b\u4ef6\u5217\u8868\u3001\u72b6\u6001\u7b49\u3002
\u6b64\u5916\uff0c\u8fd8\u53ef\u4ee5\u67e5\u770b\u8282\u70b9\u7684 YAML \u6587\u4ef6\u3001\u76d1\u63a7\u4fe1\u606f\u3001\u6807\u7b7e\u548c\u6ce8\u89e3\u7b49\u3002
\u652f\u6301\u5c06\u8282\u70b9\u6682\u505c\u8c03\u5ea6\u6216\u6062\u590d\u8c03\u5ea6\u3002\u6682\u505c\u8c03\u5ea6\u6307\uff0c\u505c\u6b62\u5c06 Pod \u8c03\u5ea6\u5230\u8be5\u8282\u70b9\u3002\u6062\u590d\u8c03\u5ea6\u6307\uff0c\u53ef\u4ee5\u5c06 Pod \u8c03\u5ea6\u5230\u8be5\u8282\u70b9\u3002
\u5728 \u96c6\u7fa4\u5217\u8868 \u9875\u9762\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u8282\u70b9\u7ba1\u7406 \uff0c\u5728\u8282\u70b9\u53f3\u4fa7\u70b9\u51fb \u2507 \u64cd\u4f5c\u56fe\u6807\uff0c\u70b9\u51fb \u6682\u505c\u8c03\u5ea6 \u6309\u94ae\u5373\u53ef\u6682\u505c\u8c03\u5ea6\u8be5\u8282\u70b9\u3002
\u5728\u8282\u70b9\u53f3\u4fa7\u70b9\u51fb \u2507 \u64cd\u4f5c\u56fe\u6807\uff0c\u70b9\u51fb \u6062\u590d\u8c03\u5ea6 \u6309\u94ae\u5373\u53ef\u6062\u590d\u8c03\u5ea6\u8be5\u8282\u70b9\u3002
\u8282\u70b9\u8c03\u5ea6\u72b6\u6001\u53ef\u80fd\u56e0\u7f51\u7edc\u60c5\u51b5\u6709\u6240\u5ef6\u8fdf\uff0c\u70b9\u51fb\u641c\u7d22\u6846\u53f3\u4fa7\u7684\u5237\u65b0\u56fe\u6807\u53ef\u4ee5\u5237\u65b0\u8282\u70b9\u8c03\u5ea6\u72b6\u6001\u3002
"},{"location":"end-user/kpanda/nodes/taints.html","title":"\u8282\u70b9\u6c61\u70b9\u7ba1\u7406","text":"\u6c61\u70b9 (Taint) \u80fd\u591f\u4f7f\u8282\u70b9\u6392\u65a5\u67d0\u4e00\u7c7b Pod\uff0c\u907f\u514d Pod \u88ab\u8c03\u5ea6\u5230\u8be5\u8282\u70b9\u4e0a\u3002 \u6bcf\u4e2a\u8282\u70b9\u4e0a\u53ef\u4ee5\u5e94\u7528\u4e00\u4e2a\u6216\u591a\u4e2a\u6c61\u70b9\uff0c\u4e0d\u80fd\u5bb9\u5fcd\u8fd9\u4e9b\u6c61\u70b9\u7684 Pod \u5219\u4e0d\u4f1a\u88ab\u8c03\u5ea6\u8be5\u8282\u70b9\u4e0a\u3002
"},{"location":"end-user/kpanda/nodes/taints.html#_2","title":"\u6ce8\u610f\u4e8b\u9879","text":"\u5728 \u96c6\u7fa4\u5217\u8868 \u9875\u627e\u5230\u76ee\u6807\u96c6\u7fa4\uff0c\u70b9\u51fb\u96c6\u7fa4\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u6982\u89c8 \u9875\u9762\u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\uff0c\u70b9\u51fb \u8282\u70b9\u7ba1\u7406 \uff0c\u627e\u5230\u9700\u8981\u4fee\u6539\u6c61\u70b9\u7684\u8282\u70b9\uff0c\u70b9\u51fb\u53f3\u4fa7\u7684 \u2507 \u64cd\u4f5c\u56fe\u6807\u5e76\u70b9\u51fb \u4fee\u6539\u6c61\u70b9 \u6309\u94ae\u3002
\u5728\u5f39\u6846\u5185\u8f93\u5165\u6c61\u70b9\u7684\u952e\u503c\u4fe1\u606f\uff0c\u9009\u62e9\u6c61\u70b9\u6548\u679c\uff0c\u70b9\u51fb \u786e\u5b9a \u3002
\u70b9\u51fb \u2795 \u6dfb\u52a0 \u53ef\u4ee5\u4e3a\u8282\u70b9\u6dfb\u52a0\u591a\u4e2a\u6c61\u70b9\uff0c\u70b9\u51fb\u6c61\u70b9\u6548\u679c\u53f3\u4fa7\u7684 X \u53ef\u4ee5\u5220\u9664\u6c61\u70b9\u3002
\u76ee\u524d\u652f\u6301\u4e09\u79cd\u6c61\u70b9\u6548\u679c\uff1a
NoSchedule
\uff1a\u65b0\u7684 Pod \u4e0d\u4f1a\u88ab\u8c03\u5ea6\u5230\u5e26\u6709\u6b64\u6c61\u70b9\u7684\u8282\u70b9\u4e0a\uff0c\u9664\u975e\u65b0\u7684 Pod \u5177\u6709\u76f8\u5339\u914d\u7684\u5bb9\u5fcd\u5ea6\u3002\u5f53\u524d\u6b63\u5728\u8282\u70b9\u4e0a\u8fd0\u884c\u7684 Pod \u4e0d\u4f1a \u88ab\u9a71\u9010\u3002NoExecute
\uff1a\u8fd9\u4f1a\u5f71\u54cd\u5df2\u5728\u8282\u70b9\u4e0a\u8fd0\u884c\u7684 Pod\uff1atolerationSeconds
\uff0c\u5219 Pod \u8fd8\u4f1a\u4e00\u76f4\u5728\u8fd9\u4e2a\u8282\u70b9\u4e0a\u8fd0\u884c\u3002tolerationSeconds
\uff0c\u5219 Pod \u8fd8\u80fd\u5728\u8fd9\u4e2a\u8282\u70b9\u4e0a\u7ee7\u7eed\u8fd0\u884c\u6307\u5b9a\u7684\u65f6\u957f\u3002\u8fd9\u6bb5\u65f6\u95f4\u8fc7\u53bb\u540e\uff0c\u518d\u4ece\u8282\u70b9\u4e0a\u9a71\u9664\u8fd9\u4e9b Pod\u3002PreferNoSchedule
\uff1a\u8fd9\u662f\u201c\u8f6f\u6027\u201d\u7684 NoSchedule
\u3002\u63a7\u5236\u5e73\u9762\u5c06**\u5c1d\u8bd5**\u907f\u514d\u5c06\u4e0d\u5bb9\u5fcd\u6b64\u6c61\u70b9\u7684 Pod \u8c03\u5ea6\u5230\u8282\u70b9\u4e0a\uff0c\u4f46\u4e0d\u80fd\u4fdd\u8bc1\u5b8c\u5168\u907f\u514d\u3002\u6240\u4ee5\u8981\u5c3d\u91cf\u907f\u514d\u4f7f\u7528\u6b64\u6c61\u70b9\u3002\u6709\u5173\u6c61\u70b9\u7684\u66f4\u591a\u8be6\u60c5\uff0c\u8bf7\u53c2\u9605 Kubernetes \u5b98\u65b9\u6587\u6863\uff1a\u6c61\u70b9\u548c\u5bb9\u5fcd\u5ea6\u3002
"},{"location":"end-user/kpanda/olm/import-miniooperator.html","title":"\u5bfc\u5165\u79bb\u7ebf MinIo Operator","text":"\u672c\u6587\u5c06\u4ecb\u7ecd\u5728\u79bb\u7ebf\u73af\u5883\u4e0b\u5982\u4f55\u5bfc\u5165 MinIo Operator\u3002
"},{"location":"end-user/kpanda/olm/import-miniooperator.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u5728\u6267\u884c\u73af\u5883\u4e2d\u8bbe\u7f6e\u73af\u5883\u53d8\u91cf\u5e76\u5728\u540e\u7eed\u6b65\u9aa4\u4f7f\u7528\uff0c\u6267\u884c\u547d\u4ee4\uff1a
export OPM_IMG=10.5.14.200/quay.m.daocloud.io/operator-framework/opm:v1.29.0 \nexport BUNDLE_IMG=10.5.14.200/quay.m.daocloud.io/operatorhubio/minio-operator:v5.0.3 \n
\u5982\u4f55\u83b7\u53d6\u4e0a\u8ff0\u955c\u50cf\u5730\u5740\uff1a
\u524d\u5f80 \u5bb9\u5668\u7ba1\u7406 -> \u9009\u62e9\u5f53\u524d\u96c6\u7fa4 -> helm \u5e94\u7528 -> \u67e5\u770b olm \u7ec4\u4ef6 -> \u63d2\u4ef6\u8bbe\u7f6e \uff0c\u627e\u5230\u540e\u7eed\u6b65\u9aa4\u6240\u9700 opm\uff0cminio\uff0cminio bundle\uff0cminio operator \u7684\u955c\u50cf\u3002
\u4ee5\u4e0a\u8bc9\u622a\u56fe\u4e3a\u4f8b\uff0c\u5219\u56db\u4e2a\u955c\u50cf\u5730\u5740\u5982\u4e0b\n\n# opm \u955c\u50cf \n10.5.14.200/quay.m.daocloud.io/operator-framework/opm:v1.29.0\n\n# minio \u955c\u50cf\n10.5.14.200/quay.m.daocloud.io/minio/minio:RELEASE.2023-03-24T21-41-23Z\n\n# minio bundle \u955c\u50cf\n10.5.14.200/quay.m.daocloud.io/operatorhubio/minio-operator:v5.0.3\n\n# minio operator \u955c\u50cf \n10.5.14.200/quay.m.daocloud.io/minio/operator:v5.0.3\n
\u6267\u884c opm \u547d\u4ee4\u83b7\u53d6\u79bb\u7ebf bundle \u955c\u50cf\u5305\u542b\u7684 operator\u3002
# \u521b\u5efa operator \u5b58\u653e\u76ee\u5f55\n$ mkdir minio-operator && cd minio-operator \n\n# \u83b7\u53d6 operator yaml \n$ docker run --user root -v $PWD/minio-operator:/minio-operator ${OPM_IMG} alpha bundle unpack --skip-tls-verify -v -d ${BUNDLE_IMG} -o ./minio-operator\n\n# \u9884\u671f\u7ed3\u679c\n.\n\u2514\u2500\u2500 minio-operator\n \u251c\u2500\u2500 manifests\n \u2502\u00a0\u00a0 \u251c\u2500\u2500 console-env_v1_configmap.yaml\n \u2502\u00a0\u00a0 \u251c\u2500\u2500 console-sa-secret_v1_secret.yaml\n \u2502\u00a0\u00a0 \u251c\u2500\u2500 console_v1_service.yaml\n \u2502\u00a0\u00a0 \u251c\u2500\u2500 minio-operator.clusterserviceversion.yaml\n \u2502\u00a0\u00a0 \u251c\u2500\u2500 minio.min.io_tenants.yaml\n \u2502\u00a0\u00a0 \u251c\u2500\u2500 operator_v1_service.yaml\n \u2502\u00a0\u00a0 \u251c\u2500\u2500 sts.min.io_policybindings.yaml\n \u2502\u00a0\u00a0 \u2514\u2500\u2500 sts_v1_service.yaml\n \u2514\u2500\u2500 metadata\n \u2514\u2500\u2500 annotations.yaml\n\n3 directories, 9 files\n
\u66ff\u6362\u00a0 minio-operator/manifests/minio-operator.clusterserviceversion.yaml\u00a0 \u6587\u4ef6\u4e2d\u7684\u6240\u6709\u955c\u50cf\u5730\u5740\u4e3a\u79bb\u7ebf\u955c\u50cf\u4ed3\u5e93\u5730\u5740\u955c\u50cf\u3002
\u66ff\u6362\u524d\uff1a
\u66ff\u6362\u540e\uff1a
\u751f\u6210\u6784\u5efa bundle \u955c\u50cf\u7684 Dockerfile
$ docker run --user root -v $PWD:/minio-operator -w /minio-operator ${OPM_IMG} alpha bundle generate --channels stable,beta -d /minio-operator/minio-operator/manifests -e stable -p minio-operator \u00a0\n\n# \u9884\u671f\u7ed3\u679c\n.\n\u251c\u2500\u2500 bundle.Dockerfile\n\u2514\u2500\u2500 minio-operator\n \u251c\u2500\u2500 manifests\n \u2502\u00a0\u00a0 \u251c\u2500\u2500 console-env_v1_configmap.yaml\n \u2502\u00a0\u00a0 \u251c\u2500\u2500 console-sa-secret_v1_secret.yaml\n \u2502\u00a0\u00a0 \u251c\u2500\u2500 console_v1_service.yaml\n \u2502\u00a0\u00a0 \u251c\u2500\u2500 minio-operator.clusterserviceversion.yaml\n \u2502\u00a0\u00a0 \u251c\u2500\u2500 minio.min.io_tenants.yaml\n \u2502\u00a0\u00a0 \u251c\u2500\u2500 operator_v1_service.yaml\n \u2502\u00a0\u00a0 \u251c\u2500\u2500 sts.min.io_policybindings.yaml\n \u2502\u00a0\u00a0 \u2514\u2500\u2500 sts_v1_service.yaml\n \u2514\u2500\u2500 metadata\n \u2514\u2500\u2500 annotations.yaml\n\n3 directories, 10 files\n
\u6267\u884c\u6784\u5efa\u547d\u4ee4\uff0c\u6784\u5efa bundle \u955c\u50cf\u4e14\u63a8\u9001\u5230\u79bb\u7ebf registry\u3002
# \u8bbe\u7f6e\u65b0\u7684 bundle image \nexport OFFLINE_BUNDLE_IMG=10.5.14.200/quay.m.daocloud.io/operatorhubio/minio-operator:v5.0.3-offline \n\n$ docker build . -f bundle.Dockerfile -t ${OFFLINE_BUNDLE_IMG} \u00a0\n\n$ docker push ${OFFLINE_BUNDLE_IMG}\n
\u751f\u6210\u6784\u5efa catalog \u955c\u50cf\u7684 Dockerfile\u3002
$ docker run --user root -v $PWD:/minio-operator -w /minio-operator ${OPM_IMG} index add --bundles ${OFFLINE_BUNDLE_IMG} --generate --binary-image ${OPM_IMG} --skip-tls-verify\n\n# \u9884\u671f\u7ed3\u679c\n.\n\u251c\u2500\u2500 bundle.Dockerfile\n\u251c\u2500\u2500 database\n\u2502\u00a0\u00a0 \u2514\u2500\u2500 index.db\n\u251c\u2500\u2500 index.Dockerfile\n\u2514\u2500\u2500 minio-operator\n \u251c\u2500\u2500 manifests\n \u2502\u00a0\u00a0 \u251c\u2500\u2500 console-env_v1_configmap.yaml\n \u2502\u00a0\u00a0 \u251c\u2500\u2500 console-sa-secret_v1_secret.yaml\n \u2502\u00a0\u00a0 \u251c\u2500\u2500 console_v1_service.yaml\n \u2502\u00a0\u00a0 \u251c\u2500\u2500 minio.min.io_tenants.yaml\n \u2502\u00a0\u00a0 \u251c\u2500\u2500 minio-operator.clusterserviceversion.yaml\n \u2502\u00a0\u00a0 \u251c\u2500\u2500 operator_v1_service.yaml\n \u2502\u00a0\u00a0 \u251c\u2500\u2500 sts.min.io_policybindings.yaml\n \u2502\u00a0\u00a0 \u2514\u2500\u2500 sts_v1_service.yaml\n \u2514\u2500\u2500 metadata\n \u2514\u2500\u2500 annotations.yaml\n\n4 directories, 12 files\n
\u6784\u5efa catalog \u955c\u50cf
# \u8bbe\u7f6e\u65b0\u7684 catalog image \nexport OFFLINE_CATALOG_IMG=10.5.14.200/release.daocloud.io/operator-framework/system-operator-index:v0.1.0-offline\n\n$ docker build . -f index.Dockerfile -t ${OFFLINE_CATALOG_IMG} \n\n$ docker push ${OFFLINE_CATALOG_IMG}\n
\u524d\u5f80\u5bb9\u5668\u7ba1\u7406\uff0c\u66f4\u65b0 helm \u5e94\u7528 olm \u7684\u5185\u7f6e catsrc \u955c\u50cf\uff08\u586b\u5199\u6784\u5efa catalog \u955c\u50cf\u6307\u5b9a\u7684 ${catalog-image} \u5373\u53ef\uff09
\u66f4\u65b0\u6210\u529f\u540e\uff0cOperator Hub \u4e2d\u4f1a\u51fa\u73b0 minio-operator \u7ec4\u4ef6
\u5bb9\u5668\u7ba1\u7406\u57fa\u4e8e\u5168\u5c40\u6743\u9650\u7ba1\u7406\u53ca\u5168\u5c40\u7528\u6237/\u7528\u6237\u7ec4\u7ba1\u7406\u5b9e\u73b0\u6388\u6743\uff0c\u5982\u9700\u4e3a\u7528\u6237\u6388\u4e88\u5bb9\u5668\u7ba1\u7406\u7684\u6700\u9ad8\u6743\u9650\uff08\u53ef\u4ee5\u521b\u5efa\u3001\u7ba1\u7406\u3001\u5220\u9664\u6240\u6709\u96c6\u7fa4\uff09\u3002
"},{"location":"end-user/kpanda/permissions/cluster-ns-auth.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u7ed9\u7528\u6237/\u7528\u6237\u7ec4\u6388\u6743\u4e4b\u524d\uff0c\u8bf7\u5b8c\u6210\u5982\u4e0b\u51c6\u5907\uff1a
\u5df2\u5728\u5168\u5c40\u7ba1\u7406\u4e2d\u521b\u5efa\u4e86\u5f85\u6388\u6743\u7684\u7528\u6237/\u7528\u6237\u7ec4\uff0c\u8bf7\u53c2\u8003\u7528\u6237\u3002
\u4ec5 Kpanda Owner\u53ca\u5f53\u524d\u96c6\u7fa4\u7684 Cluster Admin \u5177\u5907\u96c6\u7fa4\u6388\u6743\u80fd\u529b\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u6743\u9650\u8bf4\u660e\u3002
\u4ec5 Kpanda Owner\u3001\u5f53\u524d\u96c6\u7fa4\u7684 Cluster Admin\uff0c\u5f53\u524d\u547d\u540d\u7a7a\u95f4\u7684 NS Admin \u5177\u5907\u547d\u540d\u7a7a\u95f4\u6388\u6743\u80fd\u529b\u3002
\u7528\u6237\u767b\u5f55\u5e73\u53f0\u540e\uff0c\u70b9\u51fb\u5de6\u4fa7\u83dc\u5355\u680f \u5bb9\u5668\u7ba1\u7406 \u4e0b\u7684 \u6743\u9650\u7ba1\u7406 \uff0c\u9ed8\u8ba4\u4f4d\u4e8e \u96c6\u7fa4\u6743\u9650 \u9875\u7b7e\u3002
\u70b9\u51fb \u6dfb\u52a0\u6388\u6743 \u6309\u94ae\u3002
\u5728 \u6dfb\u52a0\u96c6\u7fa4\u6743\u9650 \u9875\u9762\u4e2d\uff0c\u9009\u62e9\u76ee\u6807\u96c6\u7fa4\u3001\u5f85\u6388\u6743\u7684\u7528\u6237/\u7528\u6237\u7ec4\u540e\uff0c\u70b9\u51fb \u786e\u5b9a \u3002
\u76ee\u524d\u4ec5\u652f\u6301\u7684\u96c6\u7fa4\u89d2\u8272\u4e3a Cluster Admin \uff0c\u8be6\u60c5\u6743\u9650\u53ef\u53c2\u8003\u6743\u9650\u8bf4\u660e\u3002\u5982\u9700\u8981\u7ed9\u591a\u4e2a\u7528\u6237/\u7528\u6237\u7ec4\u540c\u65f6\u8fdb\u884c\u6388\u6743\uff0c \u53ef\u70b9\u51fb \u6dfb\u52a0\u7528\u6237\u6743\u9650 \u8fdb\u884c\u591a\u6b21\u6dfb\u52a0\u3002
\u8fd4\u56de\u96c6\u7fa4\u6743\u9650\u7ba1\u7406\u9875\u9762\uff0c\u5c4f\u5e55\u51fa\u73b0\u6d88\u606f\uff1a \u6dfb\u52a0\u96c6\u7fa4\u6743\u9650\u6210\u529f \u3002
\u7528\u6237\u767b\u5f55\u5e73\u53f0\u540e\uff0c\u70b9\u51fb\u5de6\u4fa7\u83dc\u5355\u680f \u5bb9\u5668\u7ba1\u7406 \u4e0b\u7684 \u6743\u9650\u7ba1\u7406 \uff0c\u70b9\u51fb \u547d\u540d\u7a7a\u95f4\u6743\u9650 \u9875\u7b7e\u3002
\u70b9\u51fb \u6dfb\u52a0\u6388\u6743 \u6309\u94ae\u3002\u5728 \u6dfb\u52a0\u547d\u540d\u7a7a\u95f4\u6743\u9650 \u9875\u9762\u4e2d\uff0c\u9009\u62e9\u76ee\u6807\u96c6\u7fa4\u3001\u76ee\u6807\u547d\u540d\u7a7a\u95f4\uff0c\u4ee5\u53ca\u5f85\u6388\u6743\u7684\u7528\u6237/\u7528\u6237\u7ec4\u540e\uff0c\u70b9\u51fb \u786e\u5b9a \u3002
\u76ee\u524d\u652f\u6301\u7684\u547d\u540d\u7a7a\u95f4\u89d2\u8272\u4e3a NS Admin\u3001NS Editor\u3001NS Viewer\uff0c\u8be6\u60c5\u6743\u9650\u53ef\u53c2\u8003\u6743\u9650\u8bf4\u660e\u3002\u5982\u9700\u7ed9\u591a\u4e2a\u7528\u6237/\u7528\u6237\u7ec4\u540c\u65f6\u8fdb\u884c\u6388\u6743\uff0c\u53ef\u70b9\u51fb \u6dfb\u52a0\u7528\u6237\u6743\u9650 \u8fdb\u884c\u591a\u6b21\u6dfb\u52a0\u3002\u70b9\u51fb \u786e\u5b9a \u5b8c\u6210\u6743\u9650\u6388\u6743\u3002
\u8fd4\u56de\u547d\u540d\u7a7a\u95f4\u6743\u9650\u7ba1\u7406\u9875\u9762\uff0c\u5c4f\u5e55\u51fa\u73b0\u6d88\u606f\uff1a \u6dfb\u52a0\u96c6\u7fa4\u6743\u9650\u6210\u529f \u3002
Tip
\u540e\u7eed\u5982\u9700\u5220\u9664\u6216\u7f16\u8f91\u6743\u9650\uff0c\u53ef\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507 \uff0c\u9009\u62e9 \u7f16\u8f91 \u6216 \u5220\u9664 \u3002
\u8fc7\u53bb Kpanda \u5185\u7f6e\u89d2\u8272\u7684\u6743\u9650\u70b9\uff08rbac rules\uff09\u90fd\u662f\u63d0\u524d\u9884\u5b9a\u4e49\u597d\u7684\u4e14\u7528\u6237\u65e0\u6cd5\u4fee\u6539\uff0c\u56e0\u4e3a\u4ee5\u524d\u4fee\u6539\u5185\u7f6e\u89d2\u8272\u7684\u6743\u9650\u70b9\u4e4b\u540e\u4e5f\u4f1a\u88ab Kpanda \u63a7\u5236\u5668\u8fd8\u539f\u6210\u9884\u5b9a\u4e49\u7684\u6743\u9650\u70b9\u3002 \u4e3a\u4e86\u652f\u6301\u66f4\u52a0\u7075\u6d3b\u7684\u6743\u9650\u914d\u7f6e\uff0c\u6ee1\u8db3\u5bf9\u7cfb\u7edf\u89d2\u8272\u7684\u81ea\u5b9a\u4e49\u9700\u6c42\uff0c\u76ee\u524d Kpanda \u652f\u6301\u4e3a\u5185\u7f6e\u7cfb\u7edf\u89d2\u8272\uff08cluster admin\u3001ns admin\u3001ns editor\u3001ns viewer\uff09\u4fee\u6539\u6743\u9650\u70b9\u3002 \u4ee5\u4e0b\u793a\u4f8b\u6f14\u793a\u5982\u4f55\u65b0\u589e ns-viewer \u6743\u9650\u70b9\uff0c\u5c1d\u8bd5\u589e\u52a0\u53ef\u4ee5\u5220\u9664 Deployment \u7684\u6743\u9650\u3002\u5176\u4ed6\u6743\u9650\u70b9\u64cd\u4f5c\u7c7b\u4f3c\u3002
"},{"location":"end-user/kpanda/permissions/custom-kpanda-role.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"Note
\u53ea\u652f\u6301\u4f7f\u7528\u56fa\u5b9a Label \u7684 ClusterRole \u8ffd\u52a0\u6743\u9650\uff0c\u4e0d\u652f\u6301\u66ff\u6362\u6216\u8005\u5220\u9664\u6743\u9650\uff0c\u4e5f\u4e0d\u80fd\u4f7f\u7528 role \u8ffd\u52a0\u6743\u9650\uff0c\u5185\u7f6e\u89d2\u8272\u8ddf\u7528\u6237\u521b\u5efa\u7684 ClusterRole Label \u5bf9\u5e94\u5173\u7cfb\u5982\u4e0b
cluster-admin: rbac.kpanda.io/role-template-cluster-admin: \"true\"\ncluster-edit: rbac.kpanda.io/role-template-cluster-edit: \"true\"\ncluster-view: rbac.kpanda.io/role-template-cluster-view: \"true\"\nns-admin: rbac.kpanda.io/role-template-ns-admin: \"true\"\nns-edit: rbac.kpanda.io/role-template-ns-edit: \"true\"\nns-view: rbac.kpanda.io/role-template-ns-view: \"true\"\n
\u4f7f\u7528 admin \u6216\u8005 cluster admin \u6743\u9650\u7684\u7528\u6237\u521b\u5efa\u65e0\u72b6\u6001\u8d1f\u8f7d
\u6388\u6743 ns-viewer\uff0c\u7528\u6237\u6709\u8be5 namespace ns-view \u6743\u9650
\u5207\u6362\u767b\u5f55\u7528\u6237\u4e3a ns-viewer\uff0c\u6253\u5f00\u63a7\u5236\u53f0\u83b7\u53d6 ns-viewer \u7528\u6237\u5bf9\u5e94\u7684 token\uff0c\u4f7f\u7528 curl \u8bf7\u6c42\u5220\u9664\u4e0a\u8ff0\u7684 deployment nginx\uff0c\u53d1\u73b0\u65e0\u5220\u9664\u6743\u9650
[root@master-01 ~]# curl -k -X DELETE 'https://${URL}/apis/kpanda.io/v1alpha1/clusters/cluster-member/namespaces/default/deployments/nginx' -H 'authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJOU044MG9BclBRMzUwZ2VVU2ZyNy1xMEREVWY4MmEtZmJqR05uRE1sd1lFIn0.eyJleHAiOjE3MTU3NjY1NzksImlhdCI6MTcxNTY4MDE3OSwiYXV0aF90aW1lIjoxNzE1NjgwMTc3LCJqdGkiOiIxZjI3MzJlNC1jYjFhLTQ4OTktYjBiZC1iN2IxZWY1MzAxNDEiLCJpc3MiOiJodHRwczovLzEwLjYuMjAxLjIwMTozMDE0Ny9hdXRoL3JlYWxtcy9naGlwcG8iLCJhdWQiOiJfX2ludGVybmFsLWdoaXBwbyIsInN1YiI6ImMxZmMxM2ViLTAwZGUtNDFiYS05ZTllLWE5OGU2OGM0MmVmMCIsInR5cCI6IklEIiwiYXpwIjoiX19pbnRlcm5hbC1naGlwcG8iLCJzZXNzaW9uX3N0YXRlIjoiMGJjZWRjZTctMTliYS00NmU1LTkwYmUtOTliMWY2MWEyNzI0IiwiYXRfaGFzaCI6IlJhTHoyQjlKQ2FNc1RrbGVMR3V6blEiLCJhY3IiOiIwIiwic2lkIjoiMGJjZWRjZTctMTliYS00NmU1LTkwYmUtOTliMWY2MWEyNzI0IiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJncm91cHMiOltdLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJucy12aWV3ZXIiLCJsb2NhbGUiOiIifQ.As2ipMjfvzvgONAGlc9RnqOd3zMwAj82VXlcqcR74ZK9tAq3Q4ruQ1a6WuIfqiq8Kq4F77ljwwzYUuunfBli2zhU2II8zyxVhLoCEBu4pBVBd_oJyUycXuNa6HfQGnl36E1M7-_QG8b-_T51wFxxVb5b7SEDE1AvIf54NAlAr-rhDmGRdOK1c9CohQcS00ab52MD3IPiFFZ8_Iljnii-RpXKZoTjdcULJVn_uZNk_SzSUK-7MVWmPBK15m6sNktOMSf0pCObKWRqHd15JSe-2aA2PKBo1jBH3tHbOgZyMPdsLI0QdmEnKB5FiiOeMpwn_oHnT6IjT-BZlB18VkW8rA'\n{\"code\":7,\"message\":\"[RBAC] delete resources(deployments: nginx) is forbidden for user(ns-viewer) in cluster(cluster-member)\",\"details\":[]}[root@master-01 ~]#\n[root@master-01 ~]#\n
\u5728\u5168\u5c40\u670d\u52a1\u96c6\u7fa4\u4e0a\u521b\u5efa\u5982\u4e0b ClusterRole\uff1a
apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n name: append-ns-view # (1)!\n labels:\n rbac.kpanda.io/role-template-ns-view: \"true\" # (2)!\nrules:\n - apiGroups: [ \"apps\" ]\n resources: [ \"deployments\" ]\n verbs: [ \"delete\" ]\n
\u7b49\u5f85 Kpanda \u63a7\u5236\u5668\u6dfb\u52a0\u7528\u6237\u521b\u5efa\u6743\u9650\u5230\u5185\u7f6e\u89d2\u8272 ns-viewer \u4e2d\uff0c\u53ef\u67e5\u770b\u5bf9\u5e94\u5185\u7f6e\u89d2\u8272\u5982\u662f\u5426\u6709\u4e0a\u4e00\u6b65\u65b0\u589e\u7684\u6743\u9650\u70b9
[root@master-01 ~]# kubectl get clusterrole role-template-ns-view -oyaml|grep deployments -C 10|tail -n 6\n
- apiGroups:\n - apps\n resources:\n - deployments\n verbs:\n - delete\n
\u518d\u6b21\u4f7f\u7528 curl \u8bf7\u6c42\u5220\u9664\u4e0a\u8ff0\u7684 deployment nginx\uff0c\u8fd9\u6b21\u6210\u529f\u5220\u9664\u4e86\u3002\u4e5f\u5c31\u662f\u8bf4\uff0cns-viewer \u6210\u529f\u65b0\u589e\u4e86\u5220\u9664 Deployment \u7684\u6743\u9650\u3002
[root@master-01 ~]# curl -k -X DELETE 'https://${URL}/apis/kpanda.io/v1alpha1/clusters/cluster-member/namespaces/default/deployments/nginx' -H 'authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJOU044MG9BclBRMzUwZ2VVU2ZyNy1xMEREVWY4MmEtZmJqR05uRE1sd1lFIn0.eyJleHAiOjE3MTU3NjY1NzksImlhdCI6MTcxNTY4MDE3OSwiYXV0aF90aW1lIjoxNzE1NjgwMTc3LCJqdGkiOiIxZjI3MzJlNC1jYjFhLTQ4OTktYjBiZC1iN2IxZWY1MzAxNDEiLCJpc3MiOiJodHRwczovLzEwLjYuMjAxLjIwMTozMDE0Ny9hdXRoL3JlYWxtcy9naGlwcG8iLCJhdWQiOiJfX2ludGVybmFsLWdoaXBwbyIsInN1YiI6ImMxZmMxM2ViLTAwZGUtNDFiYS05ZTllLWE5OGU2OGM0MmVmMCIsInR5cCI6IklEIiwiYXpwIjoiX19pbnRlcm5hbC1naGlwcG8iLCJzZXNzaW9uX3N0YXRlIjoiMGJjZWRjZTctMTliYS00NmU1LTkwYmUtOTliMWY2MWEyNzI0IiwiYXRfaGFzaCI6IlJhTHoyQjlKQ2FNc1RrbGVMR3V6blEiLCJhY3IiOiIwIiwic2lkIjoiMGJjZWRjZTctMTliYS00NmU1LTkwYmUtOTliMWY2MWEyNzI0IiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJncm91cHMiOltdLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJucy12aWV3ZXIiLCJsb2NhbGUiOiIifQ.As2ipMjfvzvgONAGlc9RnqOd3zMwAj82VXlcqcR74ZK9tAq3Q4ruQ1a6WuIfqiq8Kq4F77ljwwzYUuunfBli2zhU2II8zyxVhLoCEBu4pBVBd_oJyUycXuNa6HfQGnl36E1M7-_QG8b-_T51wFxxVb5b7SEDE1AvIf54NAlAr-rhDmGRdOK1c9CohQcS00ab52MD3IPiFFZ8_Iljnii-RpXKZoTjdcULJVn_uZNk_SzSUK-7MVWmPBK15m6sNktOMSf0pCObKWRqHd15JSe-2aA2PKBo1jBH3tHbOgZyMPdsLI0QdmEnKB5FiiOeMpwn_oHnT6IjT-BZlB18VkW8rA'\n
\u5bb9\u5668\u7ba1\u7406\u6743\u9650\u57fa\u4e8e\u5168\u5c40\u6743\u9650\u7ba1\u7406\u4ee5\u53ca Kubernetes RBAC \u6743\u9650\u7ba1\u7406\u6253\u9020\u7684\u591a\u7ef4\u5ea6\u6743\u9650\u7ba1\u7406\u4f53\u7cfb\u3002 \u652f\u6301\u96c6\u7fa4\u7ea7\u3001\u547d\u540d\u7a7a\u95f4\u7ea7\u7684\u6743\u9650\u63a7\u5236\uff0c\u5e2e\u52a9\u7528\u6237\u4fbf\u6377\u7075\u6d3b\u5730\u5bf9\u79df\u6237\u4e0b\u7684 IAM \u7528\u6237\u3001\u7528\u6237\u7ec4\uff08\u7528\u6237\u7684\u96c6\u5408\uff09\u8bbe\u5b9a\u4e0d\u540c\u7684\u64cd\u4f5c\u6743\u9650\u3002
"},{"location":"end-user/kpanda/permissions/permission-brief.html#_2","title":"\u96c6\u7fa4\u6743\u9650","text":"\u96c6\u7fa4\u6743\u9650\u57fa\u4e8e Kubernetes RBAC \u7684 ClusterRolebinding \u6388\u6743\uff0c\u96c6\u7fa4\u6743\u9650\u8bbe\u7f6e\u53ef\u8ba9\u7528\u6237/\u7528\u6237\u7ec4\u5177\u5907\u96c6\u7fa4\u76f8\u5173\u6743\u9650\u3002 \u76ee\u524d\u7684\u9ed8\u8ba4\u96c6\u7fa4\u89d2\u8272\u4e3a Cluster Admin \uff08\u4e0d\u5177\u5907\u96c6\u7fa4\u7684\u521b\u5efa\u3001\u5220\u9664\u6743\u9650\uff09\u3002
"},{"location":"end-user/kpanda/permissions/permission-brief.html#cluster-admin","title":"Cluster Admin","text":"Cluster Admin \u5177\u6709\u4ee5\u4e0b\u6743\u9650\uff1a
\u53ef\u7ba1\u7406\u3001\u7f16\u8f91\u3001\u67e5\u770b\u5bf9\u5e94\u96c6\u7fa4
\u7ba1\u7406\u3001\u7f16\u8f91\u3001\u67e5\u770b \u547d\u540d\u7a7a\u95f4\u4e0b\u7684\u6240\u6709\u5de5\u4f5c\u8d1f\u8f7d\u53ca\u96c6\u7fa4\u5185\u6240\u6709\u8d44\u6e90
\u53ef\u6388\u6743\u7528\u6237\u4e3a\u96c6\u7fa4\u5185\u89d2\u8272 (Cluster Admin\u3001NS Admin\u3001NS Editor\u3001NS Viewer)
\u8be5\u96c6\u7fa4\u89d2\u8272\u7684 YAML \u793a\u4f8b\u5982\u4e0b\uff1a
apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n annotations:\n kpanda.io/creator: system\n creationTimestamp: \"2022-06-16T09:42:49Z\"\n labels:\n iam.kpanda.io/role-template: \"true\"\n name: role-template-cluster-admin\n resourceVersion: \"15168\"\n uid: f8f86d42-d5ef-47aa-b284-097615795076\nrules:\n- apiGroups:\n - '*'\n resources:\n - '*'\n verbs:\n - '*'\n- nonResourceURLs:\n - '*'\n verbs:\n - '*'\n
"},{"location":"end-user/kpanda/permissions/permission-brief.html#_3","title":"\u547d\u540d\u7a7a\u95f4\u6743\u9650","text":"\u547d\u540d\u7a7a\u95f4\u6743\u9650\u662f\u57fa\u4e8e Kubernetes RBAC \u80fd\u529b\u7684\u6388\u6743\uff0c\u53ef\u4ee5\u5b9e\u73b0\u4e0d\u540c\u7684\u7528\u6237/\u7528\u6237\u7ec4\u5bf9\u547d\u540d\u7a7a\u95f4\u4e0b\u7684\u8d44\u6e90\u5177\u6709\u4e0d\u540c\u7684\u64cd\u4f5c\u6743\u9650(\u5305\u62ec Kubernetes API \u6743\u9650)\uff0c\u8be6\u60c5\u53ef\u53c2\u8003\uff1aKubernetes RBAC\u3002\u76ee\u524d\u5bb9\u5668\u7ba1\u7406\u7684\u9ed8\u8ba4\u89d2\u8272\u4e3a\uff1aNS Admin\u3001NS Editor\u3001NS Viewer\u3002
"},{"location":"end-user/kpanda/permissions/permission-brief.html#ns-admin","title":"NS Admin","text":"NS Admin \u5177\u6709\u4ee5\u4e0b\u6743\u9650\uff1a
\u8be5\u96c6\u7fa4\u89d2\u8272\u7684 YAML \u793a\u4f8b\u5982\u4e0b\uff1a
apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n annotations:\n kpanda.io/creator: system\n creationTimestamp: \"2022-06-16T09:42:49Z\"\n labels:\n iam.kpanda.io/role-template: \"true\"\n name: role-template-ns-admin\n resourceVersion: \"15173\"\n uid: 69f64c7e-70e7-4c7c-a3e0-053f507f2bc3\nrules:\n- apiGroups:\n - '*'\n resources:\n - '*'\n verbs:\n - '*'\n- nonResourceURLs:\n - '*'\n verbs:\n - '*' \n
"},{"location":"end-user/kpanda/permissions/permission-brief.html#ns-editor","title":"NS Editor","text":"NS Editor \u5177\u6709\u4ee5\u4e0b\u6743\u9650\uff1a
apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n annotations:\n kpanda.io/creator: system\n creationTimestamp: \"2022-06-16T09:42:50Z\"\n labels:\n iam.kpanda.io/role-template: \"true\"\n name: role-template-ns-edit\n resourceVersion: \"15175\"\n uid: ca9e690e-96c0-4978-8915-6e4c00c748fe\nrules:\n- apiGroups:\n - \"\"\n resources:\n - configmaps\n - endpoints\n - persistentvolumeclaims\n - persistentvolumeclaims/status\n - pods\n - replicationcontrollers\n - replicationcontrollers/scale\n - serviceaccounts\n - services\n - services/status\n verbs:\n - '*'\n- apiGroups:\n - \"\"\n resources:\n - bindings\n - events\n - limitranges\n - namespaces/status\n - pods/log\n - pods/status\n - replicationcontrollers/status\n - resourcequotas\n - resourcequotas/status\n verbs:\n - '*'\n- apiGroups:\n - \"\"\n resources:\n - namespaces\n verbs:\n - '*'\n- apiGroups:\n - apps\n resources:\n - controllerrevisions\n - daemonsets\n - daemonsets/status\n - deployments\n - deployments/scale\n - deployments/status\n - replicasets\n - replicasets/scale\n - replicasets/status\n - statefulsets\n - statefulsets/scale\n - statefulsets/status\n verbs:\n - '*'\n- apiGroups:\n - autoscaling\n resources:\n - horizontalpodautoscalers\n - horizontalpodautoscalers/status\n verbs:\n - '*'\n- apiGroups:\n - batch\n resources:\n - cronjobs\n - cronjobs/status\n - jobs\n - jobs/status\n verbs:\n - '*'\n- apiGroups:\n - extensions\n resources:\n - daemonsets\n - daemonsets/status\n - deployments\n - deployments/scale\n - deployments/status\n - ingresses\n - ingresses/status\n - networkpolicies\n - replicasets\n - replicasets/scale\n - replicasets/status\n - replicationcontrollers/scale\n verbs:\n - '*'\n- apiGroups:\n - policy\n resources:\n - poddisruptionbudgets\n - poddisruptionbudgets/status\n verbs:\n - '*'\n- apiGroups:\n - networking.k8s.io\n resources:\n - ingresses\n - ingresses/status\n - networkpolicies\n verbs:\n - '*' \n
"},{"location":"end-user/kpanda/permissions/permission-brief.html#ns-viewer","title":"NS Viewer","text":"NS Viewer \u5177\u6709\u4ee5\u4e0b\u6743\u9650\uff1a
apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n annotations:\n kpanda.io/creator: system\n creationTimestamp: \"2022-06-16T09:42:50Z\"\n labels:\n iam.kpanda.io/role-template: \"true\"\n name: role-template-ns-view\n resourceVersion: \"15183\"\n uid: 853888fd-6ee8-42ac-b91e-63923918baf8\nrules:\n- apiGroups:\n - \"\"\n resources:\n - configmaps\n - endpoints\n - persistentvolumeclaims\n - persistentvolumeclaims/status\n - pods\n - replicationcontrollers\n - replicationcontrollers/scale\n - serviceaccounts\n - services\n - services/status\n verbs:\n - get\n - list\n - watch\n- apiGroups:\n - \"\"\n resources:\n - bindings\n - events\n - limitranges\n - namespaces/status\n - pods/log\n - pods/status\n - replicationcontrollers/status\n - resourcequotas\n - resourcequotas/status\n verbs:\n - get\n - list\n - watch\n- apiGroups:\n - \"\"\n resources:\n - namespaces\n verbs:\n - get\n - list\n - watch\n- apiGroups:\n - apps\n resources:\n - controllerrevisions\n - daemonsets\n - daemonsets/status\n - deployments\n - deployments/scale\n - deployments/status\n - replicasets\n - replicasets/scale\n - replicasets/status\n - statefulsets\n - statefulsets/scale\n - statefulsets/status\n verbs:\n - get\n - list\n - watch\n- apiGroups:\n - autoscaling\n resources:\n - horizontalpodautoscalers\n - horizontalpodautoscalers/status\n verbs:\n - get\n - list\n - watch\n- apiGroups:\n - batch\n resources:\n - cronjobs\n - cronjobs/status\n - jobs\n - jobs/status\n verbs:\n - get\n - list\n - watch\n- apiGroups:\n - extensions\n resources:\n - daemonsets\n - daemonsets/status\n - deployments\n - deployments/scale\n - deployments/status\n - ingresses\n - ingresses/status\n - networkpolicies\n - replicasets\n - replicasets/scale\n - replicasets/status\n - replicationcontrollers/scale\n verbs:\n - get\n - list\n - watch\n- apiGroups:\n - policy\n resources:\n - poddisruptionbudgets\n - poddisruptionbudgets/status\n verbs:\n - get\n - list\n - watch\n- apiGroups:\n - networking.k8s.io\n resources:\n - ingresses\n - ingresses/status\n - networkpolicies\n verbs:\n - get\n - list\n - watch \n
"},{"location":"end-user/kpanda/permissions/permission-brief.html#faq","title":"\u6743\u9650 FAQ","text":"\u5168\u5c40\u6743\u9650\u548c\u5bb9\u5668\u7ba1\u7406\u6743\u9650\u7ba1\u7406\u7684\u5173\u7cfb\uff1f
\u7b54\uff1a\u5168\u5c40\u6743\u9650\u4ec5\u6388\u6743\u4e3a\u7c97\u7c92\u5ea6\u6743\u9650\uff0c\u53ef\u7ba1\u7406\u6240\u6709\u96c6\u7fa4\u7684\u521b\u5efa\u3001\u7f16\u8f91\u3001\u5220\u9664\uff1b\u800c\u5bf9\u4e8e\u7ec6\u7c92\u5ea6\u7684\u6743\u9650\uff0c\u5982\u5355\u4e2a\u96c6\u7fa4\u7684\u7ba1\u7406\u6743\u9650\uff0c\u5355\u4e2a\u547d\u540d\u7a7a\u95f4\u7684\u7ba1\u7406\u3001\u7f16\u8f91\u3001\u5220\u9664\u6743\u9650\uff0c\u9700\u8981\u57fa\u4e8e Kubernetes RBAC \u7684\u5bb9\u5668\u7ba1\u7406\u6743\u9650\u8fdb\u884c\u5b9e\u73b0\u3002 \u4e00\u822c\u6743\u9650\u7684\u7528\u6237\u4ec5\u9700\u8981\u5728\u5bb9\u5668\u7ba1\u7406\u4e2d\u8fdb\u884c\u6388\u6743\u5373\u53ef\u3002
\u76ee\u524d\u4ec5\u652f\u6301\u56db\u4e2a\u9ed8\u8ba4\u89d2\u8272\uff0c\u540e\u53f0\u81ea\u5b9a\u4e49\u89d2\u8272\u7684 RoleBinding \u4ee5\u53ca ClusterRoleBinding \uff08Kubernetes \u7ec6\u7c92\u5ea6\u7684 RBAC\uff09\u662f\u5426\u4e5f\u80fd\u751f\u6548\uff1f
\u7b54\uff1a\u76ee\u524d\u81ea\u5b9a\u4e49\u6743\u9650\u6682\u65f6\u65e0\u6cd5\u901a\u8fc7\u56fe\u5f62\u754c\u9762\u8fdb\u884c\u7ba1\u7406\uff0c\u4f46\u662f\u901a\u8fc7 kubectl \u521b\u5efa\u7684\u6743\u9650\u89c4\u5219\u540c\u6837\u80fd\u751f\u6548\u3002
\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u652f\u6301 Pod \u8d44\u6e90\u57fa\u4e8e\u6307\u6807\u8fdb\u884c\u5f39\u6027\u4f38\u7f29\uff08Horizontal Pod Autoscaling, HPA\uff09\u3002 \u7528\u6237\u53ef\u4ee5\u901a\u8fc7\u8bbe\u7f6e CPU \u5229\u7528\u7387\u3001\u5185\u5b58\u7528\u91cf\u53ca\u81ea\u5b9a\u4e49\u6307\u6807\u6307\u6807\u6765\u52a8\u6001\u8c03\u6574 Pod \u8d44\u6e90\u7684\u526f\u672c\u6570\u91cf\u3002 \u4f8b\u5982\uff0c\u4e3a\u5de5\u4f5c\u8d1f\u8f7d\u8bbe\u7f6e\u57fa\u4e8e CPU \u5229\u7528\u7387\u6307\u6807\u5f39\u6027\u4f38\u7f29\u7b56\u7565\u540e\uff0c\u5f53 Pod \u7684 CPU \u5229\u7528\u7387\u8d85\u8fc7/\u4f4e\u4e8e\u60a8\u8bbe\u7f6e\u7684\u6307\u6807\u9600\u503c\uff0c\u5de5\u4f5c\u8d1f\u8f7d\u63a7\u5236\u5668\u5c06\u4f1a\u81ea\u52a8\u589e\u52a0/\u8f83\u5c11 Pod \u526f\u672c\u6570\u3002
\u672c\u6587\u5c06\u4ecb\u7ecd\u5982\u4f55\u4e3a\u5de5\u4f5c\u8d1f\u8f7d\u914d\u7f6e\u57fa\u4e8e\u5185\u7f6e\u6307\u6807\u7684\u5f39\u6027\u4f38\u7f29\u3002
Note
\u7cfb\u7edf\u5185\u7f6e\u4e86 CPU \u548c\u5185\u5b58\u4e24\u79cd\u5f39\u6027\u4f38\u7f29\u6307\u6807\u4ee5\u6ee1\u8db3\u7528\u6237\u7684\u57fa\u7840\u4e1a\u52a1\u4f7f\u7528\u573a\u666f\u3002
"},{"location":"end-user/kpanda/scale/create-hpa.html#_2","title":"\u524d\u63d0\u6761\u4ef6","text":"\u5728\u4e3a\u5de5\u4f5c\u8d1f\u8f7d\u914d\u7f6e\u5185\u7f6e\u6307\u6807\u5f39\u6027\u4f38\u7f29\u7b56\u7565\u4e4b\u524d\uff0c\u9700\u8981\u6ee1\u8db3\u4ee5\u4e0b\u524d\u63d0\u6761\u4ef6\uff1a
\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u5df2\u63a5\u5165 Kubernetes \u96c6\u7fa4\u6216\u8005\u5df2\u521b\u5efa Kubernetes \u96c6\u7fa4\uff0c\u4e14\u80fd\u591f\u8bbf\u95ee\u96c6\u7fa4\u7684 UI \u754c\u9762\u3002
\u5df2\u5b8c\u6210\u4e00\u4e2a\u547d\u540d\u7a7a\u95f4\u7684\u521b\u5efa\u3001\u65e0\u72b6\u6001\u5de5\u4f5c\u8d1f\u8f7d\u7684\u521b\u5efa\u6216\u6709\u72b6\u6001\u5de5\u4f5c\u8d1f\u8f7d\u7684\u521b\u5efa\u3002
\u5f53\u524d\u64cd\u4f5c\u7528\u6237\u5e94\u5177\u6709 NS Editor \u6216\u66f4\u9ad8\u6743\u9650\uff0c\u8be6\u60c5\u53ef\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u6388\u6743\u3002
\u5df2\u5b8c\u6210 metrics-server \u63d2\u4ef6\u5b89\u88c5 \u3002
\u53c2\u8003\u4ee5\u4e0b\u6b65\u9aa4\uff0c\u4e3a\u5de5\u4f5c\u8d1f\u8f7d\u914d\u7f6e\u5185\u7f6e\u6307\u6807\u5f39\u6027\u4f38\u7f29\u7b56\u7565\u3002
\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u4e0a\u7684 \u96c6\u7fa4\u5217\u8868 \u8fdb\u5165\u96c6\u7fa4\u5217\u8868\u9875\u9762\u3002\u70b9\u51fb\u4e00\u4e2a\u96c6\u7fa4\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u9875\u9762\u3002
\u5728\u96c6\u7fa4\u8be6\u60c5\u9875\u9762\uff0c\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u7684 \u5de5\u4f5c\u8d1f\u8f7d \u8fdb\u5165\u5de5\u4f5c\u8d1f\u8f7d\u5217\u8868\u540e\uff0c\u70b9\u51fb\u4e00\u4e2a\u8d1f\u8f7d\u540d\u79f0\uff0c\u8fdb\u5165 \u5de5\u4f5c\u8d1f\u8f7d\u8be6\u60c5 \u9875\u9762\u3002
\u70b9\u51fb \u5f39\u6027\u4f38\u7f29 \u9875\u7b7e\uff0c\u67e5\u770b\u5f53\u524d\u96c6\u7fa4\u7684\u5f39\u6027\u4f38\u7f29\u914d\u7f6e\u60c5\u51b5\u3002
\u786e\u8ba4\u96c6\u7fa4\u5df2\u5b89\u88c5\u4e86 metrics-server \u63d2\u4ef6\uff0c\u4e14\u63d2\u4ef6\u8fd0\u884c\u72b6\u6001\u4e3a\u6b63\u5e38\u540e\uff0c\u5373\u53ef\u70b9\u51fb \u65b0\u5efa\u4f38\u7f29 \u6309\u94ae\u3002
\u521b\u5efa\u81ea\u5b9a\u4e49\u6307\u6807\u5f39\u6027\u4f38\u7f29\u7b56\u7565\u53c2\u6570\u3002
\u5b8c\u6210\u53c2\u6570\u914d\u7f6e\u540e\uff0c\u70b9\u51fb \u786e\u5b9a \u6309\u94ae\uff0c\u81ea\u52a8\u8fd4\u56de\u5f39\u6027\u4f38\u7f29\u8be6\u60c5\u9875\u9762\u3002\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507 \uff0c\u53ef\u4ee5\u6267\u884c\u7f16\u8f91\u3001\u5220\u9664\u64cd\u4f5c\uff0c\u8fd8\u53ef\u4ee5\u67e5\u770b\u76f8\u5173\u4e8b\u4ef6\u3002
\u5bb9\u5668\u5782\u76f4\u6269\u7f29\u5bb9\u7b56\u7565\uff08Vertical Pod Autoscaler, VPA\uff09\u901a\u8fc7\u76d1\u63a7 Pod \u5728\u4e00\u6bb5\u65f6\u95f4\u5185\u7684\u8d44\u6e90\u7533\u8bf7\u548c\u7528\u91cf\uff0c \u8ba1\u7b97\u51fa\u5bf9\u8be5 Pod \u800c\u8a00\u6700\u9002\u5408\u7684 CPU \u548c\u5185\u5b58\u8bf7\u6c42\u503c\u3002\u4f7f\u7528 VPA \u53ef\u4ee5\u66f4\u52a0\u5408\u7406\u5730\u4e3a\u96c6\u7fa4\u4e0b\u6bcf\u4e2a Pod \u5206\u914d\u8d44\u6e90\uff0c\u63d0\u9ad8\u96c6\u7fa4\u7684\u6574\u4f53\u8d44\u6e90\u5229\u7528\u7387\uff0c\u907f\u514d\u96c6\u7fa4\u8d44\u6e90\u6d6a\u8d39\u3002
\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u652f\u6301\u901a\u8fc7\u5bb9\u5668\u5782\u76f4\u6269\u7f29\u5bb9\u7b56\u7565\uff08Vertical Pod Autoscaler, VPA\uff09\uff0c\u57fa\u4e8e\u6b64\u529f\u80fd\u53ef\u4ee5\u6839\u636e\u5bb9\u5668\u8d44\u6e90\u7684\u4f7f\u7528\u60c5\u51b5\u52a8\u6001\u8c03\u6574 Pod \u8bf7\u6c42\u503c\u3002 \u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u652f\u6301\u901a\u8fc7\u624b\u52a8\u548c\u81ea\u52a8\u4e24\u79cd\u65b9\u5f0f\u6765\u4fee\u6539\u8d44\u6e90\u8bf7\u6c42\u503c\uff0c\u60a8\u53ef\u4ee5\u6839\u636e\u5b9e\u9645\u9700\u8981\u8fdb\u884c\u914d\u7f6e\u3002
\u672c\u6587\u5c06\u4ecb\u7ecd\u5982\u4f55\u4e3a\u5de5\u4f5c\u8d1f\u8f7d\u914d\u7f6e Pod \u5782\u76f4\u4f38\u7f29\u3002
Warning
\u4f7f\u7528 VPA \u4fee\u6539 Pod \u8d44\u6e90\u8bf7\u6c42\u4f1a\u89e6\u53d1 Pod \u91cd\u542f\u3002\u7531\u4e8e Kubernetes \u672c\u8eab\u7684\u9650\u5236\uff0c Pod \u91cd\u542f\u540e\u53ef\u80fd\u4f1a\u88ab\u8c03\u5ea6\u5230\u5176\u5b83\u8282\u70b9\u4e0a\u3002
"},{"location":"end-user/kpanda/scale/create-vpa.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u4e3a\u5de5\u4f5c\u8d1f\u8f7d\u914d\u7f6e\u5782\u76f4\u4f38\u7f29\u7b56\u7565\u4e4b\u524d\uff0c\u9700\u8981\u6ee1\u8db3\u4ee5\u4e0b\u524d\u63d0\u6761\u4ef6\uff1a
\u5728\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u4e2d\u63a5\u5165 Kubernetes \u96c6\u7fa4\u6216\u8005\u7ba1\u7406\u5458\u5df2\u4e3a\u7528\u6237\u521b\u5efa\u4e86\u96c6\u7fa4\uff0c\u4e14\u80fd\u591f\u8bbf\u95ee\u96c6\u7fa4\u7684 UI \u754c\u9762\u3002
\u521b\u5efa\u4e00\u4e2a\u547d\u540d\u7a7a\u95f4\u3001\u7528\u6237\u3001\u65e0\u72b6\u6001\u5de5\u4f5c\u8d1f\u8f7d\u6216\u6709\u72b6\u6001\u5de5\u4f5c\u8d1f\u8f7d\u3002
\u5f53\u524d\u64cd\u4f5c\u7528\u6237\u5e94\u5177\u6709 NS Editor \u6216\u66f4\u9ad8\u6743\u9650\uff0c\u8be6\u60c5\u53ef\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u6388\u6743\u3002
\u5f53\u524d\u96c6\u7fa4\u5df2\u7ecf\u5b89\u88c5 metrics-server \u548c VPA \u63d2\u4ef6\u3002
\u53c2\u8003\u4ee5\u4e0b\u6b65\u9aa4\uff0c\u4e3a\u5de5\u4f5c\u8d1f\u8f7d\u914d\u7f6e\u5185\u7f6e\u6307\u6807\u5f39\u6027\u4f38\u7f29\u7b56\u7565\u3002
\u5728 \u96c6\u7fa4\u5217\u8868 \u4e2d\u627e\u5230\u76ee\u524d\u96c6\u7fa4\uff0c\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u5de5\u4f5c\u8d1f\u8f7d \uff0c\u627e\u5230\u9700\u8981\u521b\u5efa VPA \u7684\u8d1f\u8f7d\uff0c\u70b9\u51fb\u8be5\u8d1f\u8f7d\u7684\u540d\u79f0\u3002
3. \u70b9\u51fb \u5f39\u6027\u4f38\u7f29 \u9875\u7b7e\uff0c\u67e5\u770b\u5f53\u524d\u96c6\u7fa4\u7684\u5f39\u6027\u4f38\u7f29\u914d\u7f6e\uff0c\u786e\u8ba4\u5df2\u7ecf\u5b89\u88c5\u4e86\u76f8\u5173\u63d2\u4ef6\u5e76\u4e14\u63d2\u4ef6\u662f\u5426\u8fd0\u884c\u6b63\u5e38\u3002
\u70b9\u51fb \u65b0\u5efa\u4f38\u7f29 \u6309\u94ae\uff0c\u5e76\u914d\u7f6e VPA \u5782\u76f4\u4f38\u7f29\u7b56\u7565\u53c2\u6570\u3002
\u5b8c\u6210\u53c2\u6570\u914d\u7f6e\u540e\uff0c\u70b9\u51fb \u786e\u5b9a \u6309\u94ae\uff0c\u81ea\u52a8\u8fd4\u56de\u5f39\u6027\u4f38\u7f29\u8be6\u60c5\u9875\u9762\u3002\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507 \uff0c\u53ef\u4ee5\u6267\u884c\u7f16\u8f91\u3001\u5220\u9664\u64cd\u4f5c\u3002
Note
\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c--min-replicas \u7684\u503c\u4e3a 2\u3002\u8868\u793a\u5f53\u526f\u672c\u6570\u5927\u4e8e 1 \u65f6\uff0cVPA \u624d\u4f1a\u751f\u6548\uff0c \u53ef\u4ee5\u901a\u8fc7\u4fee\u6539 updater \u7684 --min-replicas \u53c2\u6570\u503c\u6765\u6539\u53d8\u8fd9\u4e00\u9ed8\u8ba4\u884c\u4e3a\u3002
spec: \n containers: \n - name: updater \n args: \n - \"--min-replicas=2\"\n
"},{"location":"end-user/kpanda/scale/custom-hpa.html","title":"\u57fa\u4e8e\u81ea\u5b9a\u4e49\u6307\u6807\u521b\u5efa HPA","text":"\u5f53\u7cfb\u7edf\u5185\u7f6e\u7684 CPU \u548c\u5185\u5b58\u4e24\u79cd\u6307\u6807\u4e0d\u80fd\u6ee1\u8db3\u60a8\u4e1a\u52a1\u7684\u5b9e\u9645\u9700\u6c42\u65f6\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7\u914d\u7f6e ServiceMonitoring \u6765\u6dfb\u52a0\u81ea\u5b9a\u4e49\u6307\u6807\uff0c \u5e76\u57fa\u4e8e\u81ea\u5b9a\u4e49\u6307\u6807\u5b9e\u73b0\u5f39\u6027\u4f38\u7f29\u3002\u672c\u6587\u5c06\u4ecb\u7ecd\u5982\u4f55\u4e3a\u5de5\u4f5c\u8d1f\u8f7d\u914d\u7f6e\u57fa\u4e8e\u81ea\u5b9a\u4e49\u6307\u6807\u8fdb\u884c\u5f39\u6027\u4f38\u7f29\u3002
Note
\u5728\u4e3a\u5de5\u4f5c\u8d1f\u8f7d\u914d\u7f6e\u81ea\u5b9a\u4e49\u6307\u6807\u5f39\u6027\u4f38\u7f29\u7b56\u7565\u4e4b\u524d\uff0c\u9700\u8981\u6ee1\u8db3\u4ee5\u4e0b\u524d\u63d0\u6761\u4ef6\uff1a
\u53c2\u8003\u4ee5\u4e0b\u6b65\u9aa4\uff0c\u4e3a\u5de5\u4f5c\u8d1f\u8f7d\u914d\u7f6e\u6307\u6807\u5f39\u6027\u4f38\u7f29\u7b56\u7565\u3002
\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u4e0a\u7684 \u96c6\u7fa4\u5217\u8868 \u8fdb\u5165\u96c6\u7fa4\u5217\u8868\u9875\u9762\u3002\u70b9\u51fb\u4e00\u4e2a\u96c6\u7fa4\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u9875\u9762\u3002
\u5728\u96c6\u7fa4\u8be6\u60c5\u9875\u9762\uff0c\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u7684 \u5de5\u4f5c\u8d1f\u8f7d \u8fdb\u5165\u5de5\u4f5c\u8d1f\u8f7d\u5217\u8868\u540e\uff0c\u70b9\u51fb\u4e00\u4e2a\u8d1f\u8f7d\u540d\u79f0\uff0c\u8fdb\u5165 \u5de5\u4f5c\u8d1f\u8f7d\u8be6\u60c5 \u9875\u9762\u3002
\u70b9\u51fb \u5f39\u6027\u4f38\u7f29 \u9875\u7b7e\uff0c\u67e5\u770b\u5f53\u524d\u96c6\u7fa4\u7684\u5f39\u6027\u4f38\u7f29\u914d\u7f6e\u60c5\u51b5\u3002
\u786e\u8ba4\u96c6\u7fa4\u5df2\u5b89\u88c5\u4e86 metrics-server \u3001Insight\u3001Prometheus-adapter \u63d2\u4ef6\u4e14\u63d2\u4ef6\u8fd0\u884c\u72b6\u6001\u4e3a\u6b63\u5e38\u540e\uff0c\u5373\u53ef\u70b9\u51fb \u65b0\u5efa\u4f38\u7f29 \u6309\u94ae\u3002
Note
\u5982\u679c\u76f8\u5173\u63d2\u4ef6\u672a\u5b89\u88c5\u6216\u63d2\u4ef6\u5904\u4e8e\u5f02\u5e38\u72b6\u6001\uff0c\u60a8\u5728\u9875\u9762\u4e0a\u5c06\u65e0\u6cd5\u770b\u89c1\u521b\u5efa\u81ea\u5b9a\u4e49\u6307\u6807\u5f39\u6027\u4f38\u7f29\u5165\u53e3\u3002
\u521b\u5efa\u81ea\u5b9a\u4e49\u6307\u6807\u5f39\u6027\u4f38\u7f29\u7b56\u7565\u53c2\u6570\u3002
\u672c\u6848\u4f8b\u4ee5 Golang \u4e1a\u52a1\u7a0b\u5e8f\u4e3a\u4f8b\uff0c\u8be5\u793a\u4f8b\u7a0b\u5e8f\u66b4\u9732\u4e86 httpserver_requests_total
\u6307\u6807\uff0c\u5e76\u8bb0\u5f55 HTTP \u7684\u8bf7\u6c42\uff0c\u901a\u8fc7\u8be5\u6307\u6807\u53ef\u4ee5\u8ba1\u7b97\u51fa\u4e1a\u52a1\u7a0b\u5e8f\u7684 QPS \u503c\u3002
\u4f7f\u7528 Deployment \u90e8\u7f72\u4e1a\u52a1\u7a0b\u5e8f\uff1a
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: httpserver\n namespace: httpserver\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: httpserver\n template:\n metadata:\n labels:\n app: httpserver\n spec:\n containers:\n - name: httpserver\n image: registry.imroc.cc/test/httpserver:custom-metrics\n imagePullPolicy: Always\n---\n\napiVersion: v1\nkind: Service\nmetadata:\n name: httpserver\n namespace: httpserver\n labels:\n app: httpserver\n annotations:\n prometheus.io/scrape: \"true\"\n prometheus.io/path: \"/metrics\"\n prometheus.io/port: \"http\"\nspec:\n type: ClusterIP\n ports:\n - port: 80\n protocol: TCP\n name: http\n selector:\n app: httpserver\n
"},{"location":"end-user/kpanda/scale/custom-hpa.html#prometheus","title":"Prometheus \u91c7\u96c6\u4e1a\u52a1\u76d1\u63a7","text":"\u82e5\u5df2\u5b89\u88c5 insight-agent\uff0c\u53ef\u4ee5\u901a\u8fc7\u521b\u5efa ServiceMonitor \u7684 CRD \u5bf9\u8c61\u914d\u7f6e Prometheus\u3002
\u64cd\u4f5c\u6b65\u9aa4\uff1a\u5728 \u96c6\u7fa4\u8be6\u60c5 -> \u81ea\u5b9a\u4e49\u8d44\u6e90 \u641c\u7d22\u201cservicemonitors.monitoring.coreos.com\"\uff0c\u70b9\u51fb\u540d\u79f0\u8fdb\u5165\u8be6\u60c5\u3002 \u901a\u8fc7\u521b\u5efa YAML\uff0c\u5728\u547d\u540d\u7a7a\u95f4 httpserver \u4e0b\u521b\u5efa\u5982\u4e0b\u793a\u4f8b\u7684 CRD\uff1a
apiVersion: monitoring.coreos.com/v1\nkind: ServiceMonitor\nmetadata:\n name: httpserver\n namespace: httpserver\n labels:\n operator.insight.io/managed-by: insight\nspec:\n endpoints:\n - port: http\n interval: 5s\n namespaceSelector:\n matchNames:\n - httpserver\n selector:\n matchLabels:\n app: httpserver\n
Note
\u82e5\u901a\u8fc7 insight \u5b89\u88c5 Prometheus\uff0c\u5219 serviceMonitor \u4e0a\u5fc5\u987b\u6253\u4e0a operator.insight.io/managed-by: insight
\u8fd9\u4e2a label\uff0c\u901a\u8fc7\u5176\u4ed6\u65b9\u5f0f\u5b89\u88c5\u5219\u65e0\u9700\u6b64 label\u3002
\u64cd\u4f5c\u6b65\u9aa4\uff1a\u5728 \u96c6\u7fa4\u8be6\u60c5 -> Helm \u5e94\u7528 \u641c\u7d22 \u201cprometheus-adapter\"\uff0c\u901a\u8fc7\u64cd\u4f5c\u680f\u8fdb\u5165\u66f4\u65b0\u9875\u9762\uff0c\u5728 YAML \u4e2d\u914d\u7f6e\u81ea\u5b9a\u4e49\u6307\u6807\uff0c\u793a\u4f8b\u5982\u4e0b\uff1a
rules:\n custom:\n - metricsQuery: sum(rate(<<.Series>>{<<.LabelMatchers>>}[1m])) by (<<.GroupBy>>)\n name:\n as: httpserver_requests_qps\n matches: httpserver_requests_total\n resources:\n template: <<.Resource>>\n seriesQuery: httpserver_requests_total\n
"},{"location":"end-user/kpanda/scale/custom-hpa.html#_5","title":"\u521b\u5efa\u81ea\u5b9a\u4e49\u6307\u6807\u5f39\u6027\u4f38\u7f29\u7b56\u7565\u53c2\u6570","text":"\u6309\u7167\u4e0a\u8ff0\u6b65\u9aa4\u5728 Deployment \u4e2d\u627e\u5230\u5e94\u7528\u7a0b\u5e8f httpserver \u5e76\u901a\u8fc7\u81ea\u5b9a\u4e49\u6307\u6807\u521b\u5efa\u5f39\u6027\u4f38\u7f29\u3002
"},{"location":"end-user/kpanda/scale/hpa-cronhpa-compatibility-rules.html","title":"HPA \u548c CronHPA \u517c\u5bb9\u89c4\u5219","text":"HPA \u5168\u79f0\u4e3a HorizontalPodAutoscaler\uff0c\u5373 Pod \u6c34\u5e73\u81ea\u52a8\u4f38\u7f29\u3002
CronHPA \u5168\u79f0\u4e3a Cron HorizontalPodAutoscaler\uff0c\u5373 Pod \u5b9a\u65f6\u7684\u6c34\u5e73\u81ea\u52a8\u4f38\u7f29\u3002
"},{"location":"end-user/kpanda/scale/hpa-cronhpa-compatibility-rules.html#cronhpa-hpa","title":"CronHPA \u548c HPA \u517c\u5bb9\u51b2\u7a81","text":"\u5b9a\u65f6\u4f38\u7f29 CronHPA \u901a\u8fc7\u8bbe\u7f6e\u5b9a\u65f6\u7684\u65b9\u5f0f\u89e6\u53d1\u5bb9\u5668\u7684\u6c34\u5e73\u526f\u672c\u4f38\u7f29\u3002\u4e3a\u4e86\u9632\u6b62\u7a81\u53d1\u7684\u6d41\u91cf\u51b2\u51fb\u7b49\u72b6\u51b5\uff0c \u60a8\u53ef\u80fd\u5df2\u7ecf\u914d\u7f6e HPA \u4fdd\u969c\u5e94\u7528\u7684\u6b63\u5e38\u8fd0\u884c\u3002\u5982\u679c\u540c\u65f6\u68c0\u6d4b\u5230\u4e86 HPA \u548c CronHPA \u7684\u5b58\u5728\uff0c \u7531\u4e8e CronHPA \u548c HPA \u76f8\u4e92\u72ec\u7acb\u65e0\u6cd5\u611f\u77e5\uff0c\u5c31\u4f1a\u51fa\u73b0\u4e24\u4e2a\u63a7\u5236\u5668\u5404\u81ea\u5de5\u4f5c\uff0c\u540e\u6267\u884c\u7684\u64cd\u4f5c\u4f1a\u8986\u76d6\u5148\u6267\u884c\u7684\u64cd\u4f5c\u3002
\u5bf9\u6bd4 CronHPA \u548c HPA \u7684\u5b9a\u4e49\u6a21\u677f\uff0c\u53ef\u4ee5\u89c2\u5bdf\u5230\u4ee5\u4e0b\u51e0\u70b9\uff1a
Note
\u5982\u679c\u540c\u65f6\u8bbe\u7f6e CronHPA \u548c HPA\uff0c\u4f1a\u51fa\u73b0 CronHPA \u548c HPA \u540c\u65f6\u64cd\u4f5c\u4e00\u4e2a scaleTargetRef \u7684\u573a\u666f\u3002
"},{"location":"end-user/kpanda/scale/hpa-cronhpa-compatibility-rules.html#cronhpa-hpa_1","title":"CronHPA \u548c HPA \u517c\u5bb9\u65b9\u6848","text":"\u4ece\u4e0a\u6587\u53ef\u77e5\uff0cCronHPA \u548c HPA \u540c\u65f6\u4f7f\u7528\u4f1a\u5bfc\u81f4\u540e\u6267\u884c\u7684\u64cd\u4f5c\u8986\u76d6\u5148\u6267\u884c\u64cd\u4f5c\u7684\u672c\u8d28\u539f\u56e0\u662f\u4e24\u4e2a\u63a7\u5236\u5668\u65e0\u6cd5\u76f8\u4e92\u611f\u77e5\uff0c \u90a3\u4e48\u53ea\u9700\u8981\u8ba9 CronHPA \u611f\u77e5 HPA \u7684\u5f53\u524d\u72b6\u6001\u5c31\u80fd\u89e3\u51b3\u51b2\u7a81\u95ee\u9898\u3002
\u7cfb\u7edf\u4f1a\u5c06 HPA \u4f5c\u4e3a\u5b9a\u65f6\u4f38\u7f29 CronHPA \u7684\u6269\u7f29\u5bb9\u5bf9\u8c61\uff0c\u4ece\u800c\u5b9e\u73b0\u5bf9\u8be5 HPA \u5b9a\u4e49\u7684 Deployment \u5bf9\u8c61\u7684\u5b9a\u65f6\u6269\u7f29\u5bb9\u3002
HPA \u7684\u5b9a\u4e49\u5c06 Deployment \u914d\u7f6e\u5728 scaleTargetRef \u5b57\u6bb5\u4e0b\uff0c\u7136\u540e Deployment \u901a\u8fc7\u81ea\u8eab\u5b9a\u4e49\u67e5\u627e ReplicaSet\uff0c\u6700\u540e\u901a\u8fc7 ReplicaSet \u8c03\u6574\u771f\u5b9e\u7684\u526f\u672c\u6570\u76ee\u3002
\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u5c06 CronHPA \u4e2d\u7684 scaleTargetRef \u8bbe\u7f6e\u4e3a HPA \u5bf9\u8c61\uff0c\u7136\u540e\u901a\u8fc7 HPA \u5bf9\u8c61\u6765\u5bfb\u627e\u771f\u5b9e\u7684 scaleTargetRef\uff0c\u4ece\u800c\u8ba9 CronHPA \u611f\u77e5 HPA \u7684\u5f53\u524d\u72b6\u6001\u3002
CronHPA \u4f1a\u901a\u8fc7\u8c03\u6574 HPA \u7684\u65b9\u5f0f\u611f\u77e5 HPA\u3002CronHPA \u901a\u8fc7\u8bc6\u522b\u8981\u8fbe\u5230\u7684\u526f\u672c\u6570\u4e0e\u5f53\u524d\u526f\u672c\u6570\u4e24\u8005\u95f4\u7684\u8f83\u5927\u503c\uff0c \u5224\u65ad\u662f\u5426\u9700\u8981\u6269\u7f29\u5bb9\u53ca\u4fee\u6539 HPA \u7684\u4e0a\u9650\uff1bCronHPA \u901a\u8fc7\u8bc6\u522b CronHPA \u8981\u8fbe\u5230\u7684\u526f\u672c\u6570\u4e0e HPA \u7684\u914d\u7f6e\u95f4\u7684\u8f83\u5c0f\u503c\uff0c\u5224\u65ad\u662f\u5426\u9700\u8981\u4fee\u6539 HPA \u7684\u4e0b\u9650\u3002
"},{"location":"end-user/kpanda/scale/install-cronhpa.html","title":"\u5b89\u88c5 kubernetes-cronhpa-controller \u63d2\u4ef6","text":"\u5bb9\u5668\u526f\u672c\u5b9a\u65f6\u6c34\u5e73\u6269\u7f29\u5bb9\u7b56\u7565\uff08CronHPA\uff09\u80fd\u591f\u4e3a\u5468\u671f\u6027\u9ad8\u5e76\u53d1\u5e94\u7528\u63d0\u4f9b\u7a33\u5b9a\u7684\u8ba1\u7b97\u8d44\u6e90\u4fdd\u969c\uff0c kubernetes-cronhpa-controller \u5219\u662f\u5b9e\u73b0 CronHPA \u7684\u5173\u952e\u7ec4\u4ef6\u3002
\u672c\u8282\u4ecb\u7ecd\u5982\u4f55\u5b89\u88c5 kubernetes-cronhpa-controller \u63d2\u4ef6\u3002
Note
\u4e3a\u4e86\u4f7f\u7528 CornHPA\uff0c\u4e0d\u4ec5\u9700\u8981\u5b89\u88c5 kubernetes-cronhpa-controller \u63d2\u4ef6\uff0c\u8fd8\u8981\u5b89\u88c5 metrics-server \u63d2\u4ef6\u3002
"},{"location":"end-user/kpanda/scale/install-cronhpa.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u5b89\u88c5 kubernetes-cronhpa-controller \u63d2\u4ef6\u4e4b\u524d\uff0c\u9700\u8981\u6ee1\u8db3\u4ee5\u4e0b\u524d\u63d0\u6761\u4ef6\uff1a
\u5728\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u4e2d\u63a5\u5165 Kubernetes \u96c6\u7fa4\u6216\u8005\u7ba1\u7406\u5458\u5df2\u4e3a\u7528\u6237\u521b\u5efa\u4e86\u96c6\u7fa4\uff0c\u4e14\u80fd\u591f\u8bbf\u95ee\u96c6\u7fa4\u7684 UI \u754c\u9762\u3002
\u521b\u5efa\u4e00\u4e2a\u547d\u540d\u7a7a\u95f4\u3002
\u5f53\u524d\u64cd\u4f5c\u7528\u6237\u5e94\u5177\u6709 NS Editor \u6216\u66f4\u9ad8\u6743\u9650\uff0c\u8be6\u60c5\u53ef\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u6388\u6743\u3002
\u53c2\u8003\u5982\u4e0b\u6b65\u9aa4\u4e3a\u96c6\u7fa4\u5b89\u88c5 kubernetes-cronhpa-controller \u63d2\u4ef6\u3002
\u5728 \u96c6\u7fa4\u5217\u8868 \u9875\u9762\u627e\u5230\u9700\u8981\u5b89\u88c5\u6b64\u63d2\u4ef6\u7684\u76ee\u6807\u96c6\u7fa4\uff0c\u70b9\u51fb\u8be5\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u7136\u540e\u5728\u5de6\u4fa7\u70b9\u51fb \u5de5\u4f5c\u8d1f\u8f7d -> \u65e0\u72b6\u6001\u5de5\u4f5c\u8d1f\u8f7d \uff0c\u70b9\u51fb\u76ee\u6807\u5de5\u4f5c\u8d1f\u8f7d\u7684\u540d\u79f0\u3002
\u5728\u5de5\u4f5c\u8d1f\u8f7d\u8be6\u60c5\u9875\u9762\uff0c\u70b9\u51fb \u5f39\u6027\u4f38\u7f29 \u9875\u7b7e\uff0c\u5728 CronHPA \u53f3\u4fa7\u70b9\u51fb \u5b89\u88c5 \u3002
\u9605\u8bfb\u8be5\u63d2\u4ef6\u7684\u76f8\u5173\u4ecb\u7ecd\uff0c\u9009\u62e9\u7248\u672c\u540e\u70b9\u51fb \u5b89\u88c5 \u6309\u94ae\u3002\u63a8\u8350\u5b89\u88c5 1.3.0 \u6216\u66f4\u9ad8\u7248\u672c\u3002
\u53c2\u8003\u4ee5\u4e0b\u8bf4\u660e\u914d\u7f6e\u53c2\u6570\u3002
Note
\u5f00\u542f \u5c31\u7eea\u7b49\u5f85 \u548c/\u6216 \u5931\u8d25\u5220\u9664 \u540e\uff0c\u5e94\u7528\u9700\u8981\u8f83\u957f\u65f6\u95f4\u624d\u4f1a\u88ab\u6807\u8bb0\u4e3a\u201c\u8fd0\u884c\u4e2d\u201d\u72b6\u6001\u3002
\u5728\u9875\u9762\u53f3\u4e0b\u89d2\u70b9\u51fb \u786e\u5b9a \uff0c\u7cfb\u7edf\u5c06\u81ea\u52a8\u8df3\u8f6c\u81f3 Helm \u5e94\u7528 \u5217\u8868\u9875\u9762\u3002\u7a0d\u7b49\u51e0\u5206\u949f\u540e\u5237\u65b0\u9875\u9762\u4f5c\uff0c\u5373\u53ef\u770b\u5230\u521a\u521a\u5b89\u88c5\u7684\u5e94\u7528\u3002
Warning
\u5982\u9700\u5220\u9664 kubernetes-cronhpa-controller \u63d2\u4ef6\uff0c\u5e94\u5728 Helm \u5e94\u7528 \u5217\u8868\u9875\u9762\u624d\u80fd\u5c06\u5176\u5f7b\u5e95\u5220\u9664\u3002
\u5982\u679c\u5728\u5de5\u4f5c\u8d1f\u8f7d\u7684 \u5f39\u6027\u4f38\u7f29 \u9875\u7b7e\u4e0b\u5220\u9664\u63d2\u4ef6\uff0c\u8fd9\u53ea\u662f\u5220\u9664\u4e86\u8be5\u63d2\u4ef6\u7684\u5de5\u4f5c\u8d1f\u8f7d\u526f\u672c\uff0c\u63d2\u4ef6\u672c\u8eab\u4ecd\u672a\u5220\u9664\uff0c\u540e\u7eed\u91cd\u65b0\u5b89\u88c5\u8be5\u63d2\u4ef6\u65f6\u4e5f\u4f1a\u63d0\u793a\u9519\u8bef\u3002
\u56de\u5230\u5de5\u4f5c\u8d1f\u8f7d\u8be6\u60c5\u9875\u9762\u4e0b\u7684 \u5f39\u6027\u4f38\u7f29 \u9875\u7b7e\uff0c\u53ef\u4ee5\u770b\u5230\u754c\u9762\u663e\u793a \u63d2\u4ef6\u5df2\u5b89\u88c5 \u3002\u73b0\u5728\u53ef\u4ee5\u5f00\u59cb\u521b\u5efa CronHPA \u7b56\u7565\u4e86\u3002
metrics-server \u662f Kubernetes \u5185\u7f6e\u7684\u8d44\u6e90\u4f7f\u7528\u6307\u6807\u91c7\u96c6\u7ec4\u4ef6\u3002 \u60a8\u53ef\u4ee5\u901a\u8fc7\u914d\u7f6e\u5f39\u6027\u4f38\u7f29\uff08HPA\uff09\u7b56\u7565\u6765\u5b9e\u73b0\u5de5\u4f5c\u8d1f\u8f7d\u8d44\u6e90\u81ea\u52a8\u6c34\u5e73\u4f38\u7f29 Pod \u526f\u672c\u3002
\u672c\u8282\u4ecb\u7ecd\u5982\u4f55\u5b89\u88c5 metrics-server \u3002
"},{"location":"end-user/kpanda/scale/install-metrics-server.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u5b89\u88c5 metrics-server \u63d2\u4ef6\u524d\uff0c\u9700\u8981\u6ee1\u8db3\u4ee5\u4e0b\u524d\u63d0\u6761\u4ef6\uff1a
\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u5df2\u63a5\u5165 Kubernetes \u96c6\u7fa4\u6216\u8005\u5df2\u521b\u5efa Kubernetes \u96c6\u7fa4\uff0c\u4e14\u80fd\u591f\u8bbf\u95ee\u96c6\u7fa4\u7684 UI \u754c\u9762\u3002
\u5df2\u5b8c\u6210\u4e00\u4e2a\u547d\u540d\u7a7a\u95f4\u7684\u521b\u5efa\u3002
\u5f53\u524d\u64cd\u4f5c\u7528\u6237\u5e94\u5177\u6709 NS Editor \u6216\u66f4\u9ad8\u6743\u9650\uff0c\u8be6\u60c5\u53ef\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u6388\u6743\u3002
\u8bf7\u6267\u884c\u5982\u4e0b\u6b65\u9aa4\u4e3a\u96c6\u7fa4\u5b89\u88c5 metrics-server \u63d2\u4ef6\u3002
\u5728\u5de5\u4f5c\u8d1f\u8f7d\u8be6\u60c5\u4e0b\u7684\u5f39\u6027\u4f38\u7f29\u9875\u9762\uff0c\u70b9\u51fb \u53bb\u5b89\u88c5 \uff0c\u8fdb\u5165 metrics-server \u63d2\u4ef6\u5b89\u88c5\u754c\u9762\u3002
\u9605\u8bfb metrics-server \u63d2\u4ef6\u76f8\u5173\u4ecb\u7ecd\uff0c\u9009\u62e9\u7248\u672c\u540e\u70b9\u51fb \u5b89\u88c5 \u6309\u94ae\u3002\u672c\u6587\u5c06\u4ee5 3.8.2 \u7248\u672c\u4e3a\u4f8b\u8fdb\u884c\u5b89\u88c5\uff0c\u63a8\u8350\u60a8\u5b89\u88c5 3.8.2 \u53ca\u66f4\u9ad8\u7248\u672c\u3002
\u5728\u5b89\u88c5\u914d\u7f6e\u754c\u9762\u914d\u7f6e\u57fa\u672c\u53c2\u6570\u3002
Note
\u5f00\u542f \u5c31\u7eea\u7b49\u5f85 \u548c/\u6216 \u5931\u8d25\u5220\u9664 \u540e\uff0c\u5e94\u7528\u9700\u8981\u7ecf\u8fc7\u8f83\u957f\u65f6\u95f4\u624d\u4f1a\u88ab\u6807\u8bb0\u4e3a \u8fd0\u884c\u4e2d \u72b6\u6001\u3002
\u9ad8\u7ea7\u53c2\u6570\u914d\u7f6e
\u5982\u679c\u96c6\u7fa4\u7f51\u7edc\u65e0\u6cd5\u8bbf\u95ee k8s.gcr.io
\u4ed3\u5e93\uff0c\u8bf7\u5c1d\u8bd5\u4fee\u6539 repositort
\u53c2\u6570\u4e3a repository: k8s.m.daocloud.io/metrics-server/metrics-server
\u5b89\u88c5 metrics-server \u63d2\u4ef6\u8fd8\u9700\u63d0\u4f9b SSL \u8bc1\u4e66\u3002\u5982\u9700\u7ed5\u8fc7\u8bc1\u4e66\u6821\u9a8c\uff0c\u9700\u8981\u5728 defaultArgs:
\u5904\u6dfb\u52a0 - --kubelet-insecure-tls
\u53c2\u6570\u3002
image:\n repository: k8s.m.daocloud.io/metrics-server/metrics-server # \u5c06\u4ed3\u5e93\u6e90\u5730\u5740\u4fee\u6539\u4e3a k8s.m.daocloud.io\n tag: ''\n pullPolicy: IfNotPresent\nimagePullSecrets: []\nnameOverride: ''\nfullnameOverride: ''\nserviceAccount:\n create: true\n annotations: {}\n name: ''\nrbac:\n create: true\n pspEnabled: false\napiService:\n create: true\npodLabels: {}\npodAnnotations: {}\npodSecurityContext: {}\nsecurityContext:\n allowPrivilegeEscalation: false\n readOnlyRootFilesystem: true\n runAsNonRoot: true\n runAsUser: 1000\npriorityClassName: system-cluster-critical\ncontainerPort: 4443\nhostNetwork:\n enabled: false\nreplicas: 1\nupdateStrategy: {}\npodDisruptionBudget:\n enabled: false\n minAvailable: null\n maxUnavailable: null\ndefaultArgs:\n - '--cert-dir=/tmp'\n - '--kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname'\n - '--kubelet-use-node-status-port'\n - '--metric-resolution=15s'\n - --kubelet-insecure-tls # \u7ed5\u8fc7\u8bc1\u4e66\u6821\u9a8c\nargs: []\nlivenessProbe:\n httpGet:\n path: /livez\n port: https\n scheme: HTTPS\n initialDelaySeconds: 0\n periodSeconds: 10\n failureThreshold: 3\nreadinessProbe:\n httpGet:\n path: /readyz\n port: https\n scheme: HTTPS\n initialDelaySeconds: 20\n periodSeconds: 10\n failureThreshold: 3\nservice:\n type: ClusterIP\n port: 443\n annotations: {}\n labels: {}\nmetrics:\n enabled: false\nserviceMonitor:\n enabled: false\n additionalLabels: {}\n interval: 1m\n scrapeTimeout: 10s\nresources: {}\nextraVolumeMounts: []\nextraVolumes: []\nnodeSelector: {}\ntolerations: []\naffinity: {}\n
\u70b9\u51fb \u786e\u5b9a \u6309\u94ae\uff0c\u5b8c\u6210 metrics-server \u63d2\u4ef6\u7684\u5b89\u88c5\uff0c\u4e4b\u540e\u7cfb\u7edf\u5c06\u81ea\u52a8\u8df3\u8f6c\u81f3 Helm \u5e94\u7528 \u5217\u8868\u9875\u9762\uff0c \u7a0d\u7b49\u51e0\u5206\u949f\u540e\uff0c\u4e3a\u9875\u9762\u6267\u884c\u5237\u65b0\u64cd\u4f5c\uff0c\u5373\u53ef\u770b\u5230\u521a\u521a\u5b89\u88c5\u7684\u5e94\u7528\u3002
Note
\u5220\u9664 metrics-server \u63d2\u4ef6\u65f6\uff0c\u5728 Helm \u5e94\u7528 \u5217\u8868\u9875\u9762\u624d\u80fd\u5f7b\u5e95\u5220\u9664\u8be5\u63d2\u4ef6\u3002\u5982\u679c\u4ec5\u5728\u5de5\u4f5c\u8d1f\u8f7d\u9875\u9762\u5220\u9664 metrics-server \uff0c \u8fd9\u53ea\u662f\u5220\u9664\u4e86\u8be5\u5e94\u7528\u7684\u5de5\u4f5c\u8d1f\u8f7d\u526f\u672c\uff0c\u5e94\u7528\u672c\u8eab\u4ecd\u672a\u5220\u9664\uff0c\u540e\u7eed\u91cd\u65b0\u5b89\u88c5\u8be5\u63d2\u4ef6\u65f6\u4e5f\u4f1a\u63d0\u793a\u9519\u8bef\u3002
"},{"location":"end-user/kpanda/scale/install-vpa.html","title":"\u5b89\u88c5 vpa \u63d2\u4ef6","text":"\u5bb9\u5668\u5782\u76f4\u6269\u7f29\u5bb9\u7b56\u7565\uff08Vertical Pod Autoscaler, VPA\uff09\u80fd\u591f\u8ba9\u96c6\u7fa4\u7684\u8d44\u6e90\u914d\u7f6e\u66f4\u52a0\u5408\u7406\uff0c\u907f\u514d\u96c6\u7fa4\u8d44\u6e90\u6d6a\u8d39\u3002 vpa \u5219\u662f\u5b9e\u73b0\u5bb9\u5668\u5782\u76f4\u6269\u7f29\u5bb9\u7684\u5173\u952e\u7ec4\u4ef6\u3002
\u672c\u8282\u4ecb\u7ecd\u5982\u4f55\u5b89\u88c5 vpa \u63d2\u4ef6\u3002
\u4e3a\u4e86\u4f7f\u7528 VPA \u7b56\u7565\uff0c\u4e0d\u4ec5\u9700\u8981\u5b89\u88c5 __vpa__ \u63d2\u4ef6\uff0c\u8fd8\u8981[\u5b89\u88c5 __metrics-server__ \u63d2\u4ef6](install-metrics-server.md)\u3002\n
"},{"location":"end-user/kpanda/scale/install-vpa.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u5b89\u88c5 vpa \u63d2\u4ef6\u4e4b\u524d\uff0c\u9700\u8981\u6ee1\u8db3\u4ee5\u4e0b\u524d\u63d0\u6761\u4ef6\uff1a
\u5728\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u4e2d\u63a5\u5165 Kubernetes \u96c6\u7fa4\u6216\u8005\u7ba1\u7406\u5458\u5df2\u4e3a\u7528\u6237\u521b\u5efa\u4e86\u96c6\u7fa4\uff0c\u4e14\u80fd\u591f\u8bbf\u95ee\u96c6\u7fa4\u7684 UI \u754c\u9762\u3002
\u521b\u5efa\u4e00\u4e2a\u547d\u540d\u7a7a\u95f4\u3002
\u5f53\u524d\u64cd\u4f5c\u7528\u6237\u5e94\u5177\u6709 NS Editor \u6216\u66f4\u9ad8\u6743\u9650\uff0c\u8be6\u60c5\u53ef\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u6388\u6743\u3002
\u53c2\u8003\u5982\u4e0b\u6b65\u9aa4\u4e3a\u96c6\u7fa4\u5b89\u88c5 vpa \u63d2\u4ef6\u3002
\u5728 \u96c6\u7fa4\u5217\u8868 \u9875\u9762\u627e\u5230\u9700\u8981\u5b89\u88c5\u6b64\u63d2\u4ef6\u7684\u76ee\u6807\u96c6\u7fa4\uff0c\u70b9\u51fb\u8be5\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u7136\u540e\u5728\u5de6\u4fa7\u70b9\u51fb \u5de5\u4f5c\u8d1f\u8f7d -> \u65e0\u72b6\u6001\u5de5\u4f5c\u8d1f\u8f7d \uff0c\u70b9\u51fb\u76ee\u6807\u5de5\u4f5c\u8d1f\u8f7d\u7684\u540d\u79f0\u3002
\u5728\u5de5\u4f5c\u8d1f\u8f7d\u8be6\u60c5\u9875\u9762\uff0c\u70b9\u51fb \u5f39\u6027\u4f38\u7f29 \u9875\u7b7e\uff0c\u5728 VPA \u53f3\u4fa7\u70b9\u51fb \u5b89\u88c5 \u3002
3. \u9605\u8bfb\u8be5\u63d2\u4ef6\u7684\u76f8\u5173\u4ecb\u7ecd\uff0c\u9009\u62e9\u7248\u672c\u540e\u70b9\u51fb \u5b89\u88c5 \u6309\u94ae\u3002\u63a8\u8350\u5b89\u88c5 1.5.0 \u6216\u66f4\u9ad8\u7248\u672c\u3002
4. \u67e5\u770b\u4ee5\u4e0b\u8bf4\u660e\u914d\u7f6e\u53c2\u6570\u3002
- \u540d\u79f0\uff1a\u8f93\u5165\u63d2\u4ef6\u540d\u79f0\uff0c\u8bf7\u6ce8\u610f\u540d\u79f0\u6700\u957f 63 \u4e2a\u5b57\u7b26\uff0c\u53ea\u80fd\u5305\u542b\u5c0f\u5199\u5b57\u6bcd\u3001\u6570\u5b57\u53ca\u5206\u9694\u7b26\uff08\u201c-\u201d\uff09\uff0c\u4e14\u5fc5\u987b\u4ee5\u5c0f\u5199\u5b57\u6bcd\u6216\u6570\u5b57\u5f00\u5934\u53ca\u7ed3\u5c3e\uff0c\u4f8b\u5982 kubernetes-cronhpa-controller\u3002 - \u547d\u540d\u7a7a\u95f4\uff1a\u9009\u62e9\u5c06\u63d2\u4ef6\u5b89\u88c5\u5728\u54ea\u4e2a\u547d\u540d\u7a7a\u95f4\uff0c\u6b64\u5904\u4ee5 default \u4e3a\u4f8b\u3002 - \u7248\u672c\uff1a\u63d2\u4ef6\u7684\u7248\u672c\uff0c\u6b64\u5904\u4ee5 4.5.0 \u7248\u672c\u4e3a\u4f8b\u3002 - \u5c31\u7eea\u7b49\u5f85\uff1a\u542f\u7528\u540e\uff0c\u5c06\u7b49\u5f85\u5e94\u7528\u4e0b\u7684\u6240\u6709\u5173\u8054\u8d44\u6e90\u90fd\u5904\u4e8e\u5c31\u7eea\u72b6\u6001\uff0c\u624d\u4f1a\u6807\u8bb0\u5e94\u7528\u5b89\u88c5\u6210\u529f\u3002 - \u5931\u8d25\u5220\u9664\uff1a\u5982\u679c\u63d2\u4ef6\u5b89\u88c5\u5931\u8d25\uff0c\u5219\u5220\u9664\u5df2\u7ecf\u5b89\u88c5\u7684\u5173\u8054\u8d44\u6e90\u3002\u5f00\u542f\u540e\uff0c\u5c06\u9ed8\u8ba4\u540c\u6b65\u5f00\u542f \u5c31\u7eea\u7b49\u5f85 \u3002 - \u8be6\u60c5\u65e5\u5fd7\uff1a\u5f00\u542f\u540e\uff0c\u5c06\u8bb0\u5f55\u5b89\u88c5\u8fc7\u7a0b\u7684\u8be6\u7ec6\u65e5\u5fd7\u3002
Note
\u5f00\u542f \u5c31\u7eea\u7b49\u5f85 \u548c/\u6216 \u5931\u8d25\u5220\u9664 \u540e\uff0c\u5e94\u7528\u9700\u8981\u7ecf\u8fc7\u8f83\u957f\u65f6\u95f4\u624d\u4f1a\u88ab\u6807\u8bb0\u4e3a\u201c\u8fd0\u884c\u4e2d\u201d\u72b6\u6001\u3002
\u5728\u9875\u9762\u53f3\u4e0b\u89d2\u70b9\u51fb \u786e\u5b9a \uff0c\u7cfb\u7edf\u5c06\u81ea\u52a8\u8df3\u8f6c\u81f3 Helm \u5e94\u7528 \u5217\u8868\u9875\u9762\u3002\u7a0d\u7b49\u51e0\u5206\u949f\u540e\u5237\u65b0\u9875\u9762\u4f5c\uff0c\u5373\u53ef\u770b\u5230\u521a\u521a\u5b89\u88c5\u7684\u5e94\u7528\u3002
Warning
\u5982\u9700\u5220\u9664 vpa \u63d2\u4ef6\uff0c\u5e94\u5728 Helm \u5e94\u7528 \u5217\u8868\u9875\u9762\u624d\u80fd\u5c06\u5176\u5f7b\u5e95\u5220\u9664\u3002
\u5982\u679c\u5728\u5de5\u4f5c\u8d1f\u8f7d\u7684 \u5f39\u6027\u4f38\u7f29 \u9875\u7b7e\u4e0b\u5220\u9664\u63d2\u4ef6\uff0c\u8fd9\u53ea\u662f\u5220\u9664\u4e86\u8be5\u63d2\u4ef6\u7684\u5de5\u4f5c\u8d1f\u8f7d\u526f\u672c\uff0c\u63d2\u4ef6\u672c\u8eab\u4ecd\u672a\u5220\u9664\uff0c\u540e\u7eed\u91cd\u65b0\u5b89\u88c5\u8be5\u63d2\u4ef6\u65f6\u4e5f\u4f1a\u63d0\u793a\u9519\u8bef\u3002
\u56de\u5230\u5de5\u4f5c\u8d1f\u8f7d\u8be6\u60c5\u9875\u9762\u4e0b\u7684 \u5f39\u6027\u4f38\u7f29 \u9875\u7b7e\uff0c\u53ef\u4ee5\u770b\u5230\u754c\u9762\u663e\u793a \u63d2\u4ef6\u5df2\u5b89\u88c5 \u3002\u73b0\u5728\u53ef\u4ee5\u5f00\u59cb\u521b\u5efa VPA \u7b56\u7565\u4e86\u3002
Knative \u662f\u4e00\u4e2a\u9762\u5411\u65e0\u670d\u52a1\u5668\u90e8\u7f72\u7684\u8de8\u5e73\u53f0\u89e3\u51b3\u65b9\u6848\u3002
"},{"location":"end-user/kpanda/scale/knative/install.html#_2","title":"\u6b65\u9aa4","text":"\u767b\u5f55\u96c6\u7fa4\uff0c\u70b9\u51fb\u4fa7\u8fb9\u680f Helm \u5e94\u7528 -> Helm \u6a21\u677f \uff0c\u5728\u53f3\u4fa7\u4e0a\u65b9\u641c\u7d22\u6846\u8f93\u5165 knative \uff0c\u7136\u540e\u6309\u56de\u8f66\u952e\u641c\u7d22\u3002
\u70b9\u51fb\u641c\u7d22\u51fa\u7684 knative-operator \uff0c\u8fdb\u5165\u5b89\u88c5\u914d\u7f6e\u754c\u9762\u3002\u4f60\u53ef\u4ee5\u5728\u8be5\u754c\u9762\u67e5\u770b\u53ef\u7528\u7248\u672c\u4ee5\u53ca Helm values \u7684 Parameters \u53ef\u9009\u9879\u3002
\u70b9\u51fb\u5b89\u88c5\u6309\u94ae\u540e\uff0c\u8fdb\u5165\u5b89\u88c5\u914d\u7f6e\u754c\u9762\u3002
\u8f93\u5165\u540d\u79f0\uff0c\u5b89\u88c5\u79df\u6237\uff0c\u5efa\u8bae\u52fe\u9009 \u5c31\u7eea\u7b49\u5f85 \u548c \u8be6\u7ec6\u65e5\u5fd7 \u3002
\u5728\u4e0b\u65b9\u8bbe\u7f6e\uff0c\u53ef\u4ee5\u52fe\u9009 Serving \uff0c\u5e76\u8f93\u5165 Knative Serving \u7ec4\u4ef6\u7684\u5b89\u88c5\u79df\u6237\uff0c\u4f1a\u5728\u5b89\u88c5\u540e\u90e8\u7f72 Knative Serving \u7ec4\u4ef6\uff0c\u8be5\u7ec4\u4ef6\u7531 Knative Operator \u7ba1\u7406\u3002
Knative \u63d0\u4f9b\u4e86\u4e00\u79cd\u66f4\u9ad8\u5c42\u6b21\u7684\u62bd\u8c61\uff0c\u7b80\u5316\u5e76\u52a0\u901f\u4e86\u5728 Kubernetes \u4e0a\u6784\u5efa\u3001\u90e8\u7f72\u548c\u7ba1\u7406\u5e94\u7528\u7684\u8fc7\u7a0b\u3002\u5b83\u4f7f\u5f97\u5f00\u53d1\u4eba\u5458\u80fd\u591f\u66f4\u4e13\u6ce8\u4e8e\u4e1a\u52a1\u903b\u8f91\u7684\u5b9e\u73b0\uff0c\u800c\u5c06\u5927\u90e8\u5206\u57fa\u7840\u8bbe\u65bd\u548c\u8fd0\u7ef4\u5de5\u4f5c\u4ea4\u7ed9 Knative \u53bb\u5904\u7406\uff0c\u4ece\u800c\u663e\u8457\u63d0\u9ad8\u751f\u4ea7\u529b\u3002
"},{"location":"end-user/kpanda/scale/knative/knative.html#_1","title":"\u7ec4\u4ef6","text":"knative-operator \u8fd0\u884c\u7ec4\u4ef6\u5982\u4e0b\u3002
knative-operator knative-operator-58f7d7db5c-7f6r5 1/1 Running 0 6m55s\nknative-operator operator-webhook-667dc67bc-qvrv4 1/1 Running 0 6m55s\n
knative-serving \u7ec4\u4ef6\u5982\u4e0b\u3002
knative-serving 3scale-kourier-gateway-d69fbfbd-bd8d8 1/1 Running 0 7m13s\nknative-serving activator-7c6fddd698-wdlng 1/1 Running 0 7m3s\nknative-serving autoscaler-8f4b876bb-kd25p 1/1 Running 0 7m17s\nknative-serving autoscaler-hpa-5f7f74679c-vkc7p 1/1 Running 0 7m15s\nknative-serving controller-789c896c46-tfvsv 1/1 Running 0 7m17s\nknative-serving net-kourier-controller-7db578c889-7gd5l 1/1 Running 0 7m14s\nknative-serving webhook-5c88b94c5-78x7m 1/1 Running 0 7m1s\nknative-serving storage-version-migration-serving-serving-1.12.2-t7zvd 0/1 Completed 0 7m15s\n
\u7ec4\u4ef6 \u4f5c\u7528 Activator \u5bf9\u8bf7\u6c42\u6392\u961f\uff08\u5982\u679c\u4e00\u4e2a Knative Service \u5df2\u7ecf\u7f29\u51cf\u5230\u96f6\uff09\u3002\u8c03\u7528 autoscaler\uff0c\u5c06\u7f29\u51cf\u5230 0 \u7684\u670d\u52a1\u6062\u590d\u5e76\u8f6c\u53d1\u6392\u961f\u7684\u8bf7\u6c42\u3002Activator \u8fd8\u53ef\u4ee5\u5145\u5f53\u8bf7\u6c42\u7f13\u51b2\u5668\uff0c\u5904\u7406\u7a81\u53d1\u6d41\u91cf\u3002 Autoscaler Autoscaler \u8d1f\u8d23\u6839\u636e\u914d\u7f6e\u3001\u6307\u6807\u548c\u8fdb\u5165\u7684\u8bf7\u6c42\u6765\u7f29\u653e Knative \u670d\u52a1\u3002 Controller \u7ba1\u7406 Knative CR \u7684\u72b6\u6001\u3002\u5b83\u4f1a\u76d1\u89c6\u591a\u4e2a\u5bf9\u8c61\uff0c\u7ba1\u7406\u4f9d\u8d56\u8d44\u6e90\u7684\u751f\u547d\u5468\u671f\uff0c\u5e76\u66f4\u65b0\u8d44\u6e90\u72b6\u6001\u3002 Queue-Proxy Sidecar \u5bb9\u5668\uff0c\u6bcf\u4e2a Knative Service \u90fd\u4f1a\u6ce8\u5165\u4e00\u4e2a\u3002\u8d1f\u8d23\u6536\u96c6\u6d41\u91cf\u6570\u636e\u5e76\u62a5\u544a\u7ed9 Autoscaler\uff0cAutoscaler \u6839\u636e\u8fd9\u4e9b\u6570\u636e\u548c\u9884\u8bbe\u7684\u89c4\u5219\u6765\u53d1\u8d77\u6269\u5bb9\u6216\u7f29\u5bb9\u8bf7\u6c42\u3002 Webhooks Knative Serving \u6709\u51e0\u4e2a Webhooks \u8d1f\u8d23\u9a8c\u8bc1\u548c\u53d8\u66f4 Knative \u8d44\u6e90\u3002"},{"location":"end-user/kpanda/scale/knative/knative.html#ingress","title":"Ingress \u6d41\u91cf\u5165\u53e3\u65b9\u6848","text":"\u65b9\u6848 \u9002\u7528\u573a\u666f Istio \u5982\u679c\u5df2\u7ecf\u7528\u4e86 Istio\uff0c\u53ef\u4ee5\u9009\u62e9 Istio \u4f5c\u4e3a\u6d41\u91cf\u5165\u53e3\u65b9\u6848\u3002 Contour \u5982\u679c\u96c6\u7fa4\u4e2d\u5df2\u7ecf\u542f\u7528\u4e86 Contour\uff0c\u53ef\u4ee5\u9009\u62e9 Contour \u4f5c\u4e3a\u6d41\u91cf\u5165\u53e3\u65b9\u6848\u3002 Kourier \u5982\u679c\u5728\u6ca1\u6709\u4e0a\u8ff0 2 \u79cd Ingress \u7ec4\u4ef6\u65f6\uff0c\u53ef\u4ee5\u4f7f\u7528 Knative \u57fa\u4e8e Envoy \u5b9e\u73b0\u7684 Kourier Ingress \u4f5c\u4e3a\u6d41\u91cf\u5165\u53e3\u3002"},{"location":"end-user/kpanda/scale/knative/knative.html#autoscaler","title":"Autoscaler \u65b9\u6848\u5bf9\u6bd4","text":"Autoscaler \u7c7b\u578b \u662f\u5426\u4e3a Knative Serving \u6838\u5fc3\u90e8\u5206 \u9ed8\u8ba4\u542f\u7528 Scale to Zero \u652f\u6301 \u57fa\u4e8e CPU \u7684 Autoscaling \u652f\u6301 Knative Pod Autoscaler (KPA) \u662f \u662f \u662f \u5426 Horizontal Pod Autoscaler (HPA) \u5426 \u9700\u5b89\u88c5 Knative Serving \u540e\u542f\u7528 \u5426 \u662f"},{"location":"end-user/kpanda/scale/knative/knative.html#crd","title":"CRD","text":"\u8d44\u6e90\u7c7b\u578b API \u540d\u79f0 \u63cf\u8ff0 Services service.serving.knative.dev \u81ea\u52a8\u7ba1\u7406 Workload \u7684\u6574\u4e2a\u751f\u547d\u5468\u671f\uff0c\u63a7\u5236\u5176\u4ed6\u5bf9\u8c61\u7684\u521b\u5efa\uff0c\u786e\u4fdd\u5e94\u7528\u5177\u6709 Routes\u3001Configurations \u4ee5\u53ca\u6bcf\u6b21\u66f4\u65b0\u65f6\u7684\u65b0 revision\u3002 Routes route.serving.knative.dev \u5c06\u7f51\u7edc\u7aef\u70b9\u6620\u5c04\u5230\u4e00\u4e2a\u6216\u591a\u4e2a\u4fee\u8ba2\u7248\u672c\uff0c\u652f\u6301\u6d41\u91cf\u5206\u914d\u548c\u7248\u672c\u8def\u7531\u3002 Configurations configuration.serving.knative.dev \u7ef4\u62a4\u90e8\u7f72\u7684\u671f\u671b\u72b6\u6001\uff0c\u63d0\u4f9b\u4ee3\u7801\u548c\u914d\u7f6e\u4e4b\u95f4\u7684\u5206\u79bb\uff0c\u9075\u5faa Twelve-Factor \u5e94\u7528\u7a0b\u5e8f\u65b9\u6cd5\u8bba\uff0c\u4fee\u6539\u914d\u7f6e\u4f1a\u521b\u5efa\u65b0\u7684 revision\u3002 Revisions revision.serving.knative.dev \u6bcf\u6b21\u5bf9\u5de5\u4f5c\u8d1f\u8f7d\u4fee\u6539\u7684\u65f6\u95f4\u70b9\u5feb\u7167\uff0c\u662f\u4e0d\u53ef\u53d8\u5bf9\u8c61\uff0c\u53ef\u6839\u636e\u6d41\u91cf\u81ea\u52a8\u6269\u5bb9\u548c\u7f29\u5bb9\u3002"},{"location":"end-user/kpanda/scale/knative/playground.html","title":"Knative \u4f7f\u7528\u5b9e\u8df5","text":"\u5728\u672c\u8282\u4e2d\uff0c\u6211\u4eec\u5c06\u901a\u8fc7\u51e0\u4e2a\u5b9e\u8df5\u6765\u6df1\u5165\u4e86\u89e3\u5b66\u4e60 Knative\u3002
"},{"location":"end-user/kpanda/scale/knative/playground.html#case-1-hello-world","title":"case 1 - Hello World","text":"apiVersion: serving.knative.dev/v1\nkind: Service\nmetadata:\n name: hello\nspec:\n template:\n spec:\n containers:\n - image: m.daocloud.io/ghcr.io/knative/helloworld-go:latest\n ports:\n - containerPort: 8080\n env:\n - name: TARGET\n value: \"World\"\n
\u53ef\u4ee5\u4f7f\u7528 kubectl \u5df2\u90e8\u7f72\u7684\u5e94\u7528\u7684\u72b6\u6001\uff0c\u8fd9\u4e2a\u5e94\u7528\u7531 knative \u81ea\u52a8\u914d\u7f6e\u4e86 ingress \u548c\u4f38\u7f29\u5668\u3002
~ kubectl get service.serving.knative.dev/hello\nNAME URL LATESTCREATED LATESTREADY READY REASON\nhello http://hello.knative-serving.knative.loulan.me hello-00001 hello-00001 True\n
\u90e8\u7f72\u51fa\u7684 Pod YAML \u5982\u4e0b\uff0c\u7531 2 \u4e2a Pod \u7ec4\u6210\uff1auser-container \u548c queue-proxy\u3002
apiVersion: v1\nkind: Pod\nmetadata:\n name: hello-00003-deployment-5fcb8ccbf-7qjfk\nspec:\n containers:\n - name: user-container\n - name: queue-proxy\n
\u8bf7\u6c42\u6d41\uff1a
case3 \u6d41\u91cf\u518d\u53d8\u5c0f\u65f6\uff0c\u6d41\u91cf\u4f4e\u4e8e current_demand + target-burst-capacity > (pods * concurrency-target) \u65f6\u5c06\u518d\u6b21\u8def\u7531\u5230 activator
\u5f85\u5904\u7406\u7684\u8bf7\u6c42\u603b\u6570 + \u80fd\u63a5\u53d7\u7684\u8d85\u8fc7\u76ee\u6807\u5e76\u53d1\u6570\u7684\u8bf7\u6c42\u6570\u91cf > \u6bcf\u4e2a Pod \u7684\u76ee\u6807\u5e76\u53d1\u6570 * Pod \u6570\u91cf
\u6211\u4eec\u9996\u5148\u5728\u96c6\u7fa4\u5e94\u7528\u4e0b\u9762 YAML \u5b9a\u4e49\u3002
apiVersion: serving.knative.dev/v1\nkind: Service\nmetadata:\n name: hello\nspec:\n template:\n metadata:\n annotations:\n autoscaling.knative.dev/target: \"1\"\n autoscaling.knative.dev/class: \"kpa.autoscaling.knative.dev\"\n spec:\n containers:\n - image: m.daocloud.io/ghcr.io/knative/helloworld-go:latest\n ports:\n - containerPort: 8080\n env:\n - name: TARGET\n value: \"World\"\n
\u6267\u884c\u4e0b\u9762\u547d\u4ee4\u6d4b\u8bd5\uff0c\u5e76\u53ef\u4ee5\u901a\u8fc7 kubectl get pods -A -w
\u6765\u89c2\u5bdf\u6269\u5bb9\u7684 Pod\u3002
wrk -t2 -c4 -d6s http://hello.knative-serving.knative.daocloud.io/\n
"},{"location":"end-user/kpanda/scale/knative/playground.html#case-3-","title":"case 3 - \u57fa\u4e8e\u5e76\u53d1\u5f39\u6027\u4f38\u7f29\uff0c\u8fbe\u5230\u7279\u5b9a\u6bd4\u4f8b\u63d0\u524d\u6269\u5bb9","text":"\u6211\u4eec\u53ef\u4ee5\u5f88\u8f7b\u677e\u7684\u5b9e\u73b0\uff0c\u4f8b\u5982\u9650\u5236\u6bcf\u4e2a\u5bb9\u5668\u5e76\u53d1\u4e3a 10\uff0c\u53ef\u4ee5\u901a\u8fc7 autoscaling.knative.dev/target-utilization-percentage: 70
\u6765\u5b9e\u73b0\uff0c\u8fbe\u5230 70% \u5c31\u5f00\u59cb\u6269\u5bb9 Pod\u3002
apiVersion: serving.knative.dev/v1\nkind: Service\nmetadata:\n name: hello\nspec:\n template:\n metadata:\n annotations:\n autoscaling.knative.dev/target: \"10\"\n autoscaling.knative.dev/class: \"kpa.autoscaling.knative.dev\"\n \u00a0 \u00a0 \u00a0 \u00a0autoscaling.knative.dev/target-utilization-percentage: \"70\" \n \u00a0 \u00a0 \u00a0 \u00a0autoscaling.knative.dev/metric: \"concurrency\"\n \u00a0 \u00a0 spec:\n containers:\n - image: m.daocloud.io/ghcr.io/knative/helloworld-go:latest\n ports:\n - containerPort: 8080\n env:\n - name: TARGET\n value: \"World\"\n
"},{"location":"end-user/kpanda/scale/knative/playground.html#case-4-","title":"case 4 - \u7070\u5ea6\u53d1\u5e03/\u6d41\u91cf\u767e\u5206\u6bd4","text":"\u6211\u4eec\u53ef\u4ee5\u901a\u8fc7 spec.traffic
\u5b9e\u73b0\u5230\u6bcf\u4e2a\u7248\u672c\u6d41\u91cf\u7684\u63a7\u5236\u3002
apiVersion: serving.knative.dev/v1\nkind: Service\nmetadata:\n name: hello\nspec:\n template:\n metadata:\n annotations:\n autoscaling.knative.dev/target: \"1\" \n autoscaling.knative.dev/class: \"kpa.autoscaling.knative.dev\" \n spec:\n containers:\n - image: m.daocloud.io/ghcr.io/knative/helloworld-go:latest\n ports:\n - containerPort: 8080\n env:\n - name: TARGET\n value: \"World\"\n traffic:\n - latestRevision: true\n percent: 50\n - latestRevision: false\n percent: 50\n revisionName: hello-00001\n
"},{"location":"end-user/kpanda/scale/knative/scene.html","title":"\u4f7f\u7528\u573a\u666f","text":""},{"location":"end-user/kpanda/scale/knative/scene.html#_2","title":"\u9002\u5408\u7684\u573a\u666f","text":"Tip
\u77ed\u8fde\u63a5\u9ad8\u5e76\u53d1\u4e1a\u52a1\u4ee5\u53ca\u9700\u8981\u5f39\u6027\u4f38\u7f29\u7684\u4e1a\u52a1\uff0c\u63a8\u8350\u4f7f\u7528 HPA \u548c VPA \u80fd\u529b\u3002
"},{"location":"end-user/kpanda/scale/knative/scene.html#_3","title":"\u4e0d\u9002\u5408\u7684\u573a\u666f","text":"\u5728Kubernetes\uff08\u7b80\u79f0K8s\uff09\u73af\u5883\u4e2d\uff0c\u5b89\u5168\u626b\u63cf\u662f\u786e\u4fdd\u96c6\u7fa4\u5b89\u5168\u6027\u7684\u5173\u952e\u63aa\u65bd\u4e4b\u4e00\u3002\u5176\u4e2d\uff0c\u5408\u89c4\u6027\u626b\u63cf\uff08\u57fa\u4e8eCIS Benchmark\uff09\u3001\u6743\u9650\u626b\u63cf\uff08\u57fa\u4e8ekube-audit\u5ba1\u8ba1\u529f\u80fd\uff09\u3001\u6f0f\u6d1e\u626b\u63cf\uff08\u57fa\u4e8e kube-hunter\uff09\u662f\u4e09\u79cd\u5e38\u89c1\u4e14\u91cd\u8981\u7684\u5b89\u5168\u626b\u63cf\u624b\u6bb5\uff1a
\u5408\u89c4\u6027\u626b\u63cf\uff1a\u57fa\u4e8e CIS Benchmark \u5bf9\u96c6\u7fa4\u8282\u70b9\u8fdb\u884c\u5b89\u5168\u626b\u63cf\u3002CIS Benchmark \u662f\u4e00\u5957\u5168\u7403\u516c\u8ba4\u7684\u6700\u4f73\u5b9e\u8df5\u6807\u51c6\uff0c\u4e3a Kubernetes \u96c6\u7fa4\u63d0\u4f9b\u4e86\u8be6\u7ec6\u7684\u5b89\u5168\u914d\u7f6e\u6307\u5357\u548c\u81ea\u52a8\u5316\u68c0\u67e5\u5de5\u5177\uff08\u5982Kube-Bench\uff09\uff0c\u5e2e\u52a9\u7ec4\u7ec7\u786e\u4fdd\u5176K8s\u96c6\u7fa4\u7b26\u5408\u5b89\u5168\u57fa\u7ebf\u8981\u6c42\uff0c\u4fdd\u62a4\u7cfb\u7edf\u548c\u6570\u636e\u514d\u53d7\u5a01\u80c1\u3002
\u6743\u9650\u626b\u63cf\uff1a\u57fa\u4e8ekube-audit\u5ba1\u8ba1\u529f\u80fd\u3002\u6743\u9650\u626b\u63cf\u4e3b\u8981\u89e3\u51b3\u96c6\u7fa4\u8bbf\u95ee\u63a7\u5236\u548c\u64cd\u4f5c\u900f\u660e\u5ea6\u7684\u95ee\u9898\u3002\u901a\u8fc7\u5ba1\u8ba1\u65e5\u5fd7\uff0c\u96c6\u7fa4\u7ba1\u7406\u5458\u80fd\u591f\u8ffd\u6eaf\u96c6\u7fa4\u8d44\u6e90\u7684\u8bbf\u95ee\u5386\u53f2\uff0c\u8bc6\u522b\u5f02\u5e38\u884c\u4e3a\uff0c\u5982\u672a\u7ecf\u6388\u6743\u7684\u8bbf\u95ee\u3001\u654f\u611f\u6570\u636e\u7684\u6cc4\u9732\u3001\u6709\u5b89\u5168\u6f0f\u6d1e\u7684\u64cd\u4f5c\u8bb0\u5f55\u7b49\u3002\u8fd9\u5bf9\u4e8e\u6545\u969c\u6392\u67e5\u3001\u5b89\u5168\u4e8b\u4ef6\u54cd\u5e94\u4ee5\u53ca\u6ee1\u8db3\u5408\u89c4\u6027\u8981\u6c42\u81f3\u5173\u91cd\u8981\u3002\u6b64\u5916\uff0c\u6743\u9650\u626b\u63cf\u8fd8\u53ef\u4ee5\u5e2e\u52a9\u7ec4\u7ec7\u53d1\u73b0\u6f5c\u5728\u7684\u6743\u9650\u6ee5\u7528\u95ee\u9898\uff0c\u53ca\u65f6\u91c7\u53d6\u63aa\u65bd\u9632\u6b62\u5b89\u5168\u4e8b\u4ef6\u7684\u53d1\u751f\u3002
\u6f0f\u6d1e\u626b\u63cf\uff1a\u57fa\u4e8e kube-hunter\uff0c\u4e3b\u8981\u89e3\u51b3 Kubernetes \u96c6\u7fa4\u4e2d\u5b58\u5728\u7684\u5df2\u77e5\u6f0f\u6d1e\u548c\u914d\u7f6e\u9519\u8bef\u95ee\u9898\u3002kube-hunter \u901a\u8fc7\u6a21\u62df\u653b\u51fb\u884c\u4e3a\uff0c\u80fd\u591f\u8bc6\u522b\u96c6\u7fa4\u4e2d\u53ef\u88ab\u6076\u610f\u5229\u7528\u7684\u6f0f\u6d1e\uff0c\u5982\u672a\u6388\u6743\u8bbf\u95ee\u3001\u66b4\u9732\u7684\u670d\u52a1\u548cAPI\u7aef\u70b9\u3001\u914d\u7f6e\u9519\u8bef\u7684\u89d2\u8272\u548c\u7ed1\u5b9a\u7b56\u7565\u7b49\u3002\u7279\u522b\u5730\uff0ckube-hunter\u80fd\u591f\u8bc6\u522b\u5e76\u62a5\u544a CVE \u6f0f\u6d1e\uff0c\u8fd9\u4e9b\u6f0f\u6d1e\u5982\u679c\u88ab\u6076\u610f\u5229\u7528\uff0c\u53ef\u80fd\u5bfc\u81f4\u6570\u636e\u6cc4\u9732\u3001\u670d\u52a1\u4e2d\u65ad\u7b49\u4e25\u91cd\u540e\u679c\u3002CVE \u6f0f\u6d1e\u662f\u7531\u56fd\u9645\u77e5\u540d\u7684\u5b89\u5168\u7ec4\u7ec7\u5982MITRE\u6240\u5b9a\u4e49\u548c\u7ef4\u62a4\u7684\uff0cCVE\u6570\u636e\u5e93\u4e3a\u8f6f\u4ef6\u548c\u56fa\u4ef6\u4e2d\u7684\u5df2\u77e5\u6f0f\u6d1e\u63d0\u4f9b\u4e86\u552f\u4e00\u6807\u8bc6\u7b26\uff0c\u6210\u4e3a\u5168\u7403\u5b89\u5168\u793e\u533a\u5171\u540c\u9075\u5faa\u7684\u6807\u51c6\u3002kube-hunter \u901a\u8fc7\u5229\u7528 CVE \u6570\u636e\u5e93\u4e2d\u7684\u4fe1\u606f\uff0c\u80fd\u591f\u5e2e\u52a9\u7528\u6237\u5feb\u901f\u8bc6\u522b\u5e76\u54cd\u5e94Kubernetes\u96c6\u7fa4\u4e2d\u7684\u5b89\u5168\u5a01\u80c1\u3002
\u5408\u89c4\u6027\u626b\u63cf\u7684\u5bf9\u8c61\u662f\u96c6\u7fa4\u8282\u70b9\u3002\u626b\u63cf\u7ed3\u679c\u4e2d\u4f1a\u5217\u51fa\u626b\u63cf\u9879\u4ee5\u53ca\u626b\u63cf\u7ed3\u679c\uff0c\u5e76\u9488\u5bf9\u672a\u901a\u8fc7\u7684\u626b\u63cf\u9879\u7ed9\u51fa\u4fee\u590d\u5efa\u8bae\u3002\u6709\u5173\u626b\u63cf\u65f6\u7528\u5230\u7684\u5177\u4f53\u5b89\u5168\u89c4\u5219\uff0c\u53ef\u53c2\u8003 CIS Kubernetes Benchmark
\u68c0\u67e5\u4e0d\u540c\u7c7b\u578b\u7684\u8282\u70b9\u65f6\uff0c\u626b\u63cf\u7684\u4fa7\u91cd\u70b9\u6709\u6240\u4e0d\u540c\u3002
\u626b\u63cf\u63a7\u5236\u5e73\u9762\u8282\u70b9\uff08Controller\uff09
\u626b\u63cf\u5de5\u4f5c\u8282\u70b9\uff08Worker\uff09
Tip
\u4f7f\u7528\u5408\u89c4\u6027\u626b\u63cf\u65f6\uff0c\u9700\u8981\u5148\u521b\u5efa\u626b\u63cf\u914d\u7f6e\uff0c\u7136\u540e\u57fa\u4e8e\u8be5\u914d\u7f6e\u521b\u5efa\u626b\u63cf\u7b56\u7565\u3002\u6267\u884c\u626b\u63cf\u7b56\u7565\u4e4b\u540e\uff0c\u53ef\u4ee5\u67e5\u770b\u626b\u63cf\u62a5\u544a\u3002
"},{"location":"end-user/kpanda/security/index.html#_3","title":"\u6743\u9650\u626b\u63cf","text":"\u6743\u9650\u626b\u63cf\u4fa7\u91cd\u4e8e\u6743\u9650\u95ee\u9898\u5f15\u53d1\u7684\u5b89\u5168\u6f0f\u6d1e\u3002\u6743\u9650\u626b\u63cf\u53ef\u4ee5\u5e2e\u52a9\u7528\u6237\u8bc6\u522b Kubernetes \u96c6\u7fa4\u4e2d\u7684\u5b89\u5168\u5a01\u80c1\uff0c\u6807\u8bc6\u54ea\u4e9b\u8d44\u6e90\u9700\u8981\u8fdb\u884c\u8fdb\u4e00\u6b65\u7684\u5ba1\u67e5\u548c\u4fdd\u62a4\u63aa\u65bd\u3002\u901a\u8fc7\u6267\u884c\u8fd9\u4e9b\u68c0\u67e5\u9879\uff0c\u7528\u6237\u53ef\u4ee5\u66f4\u6e05\u695a\u3001\u66f4\u5168\u9762\u5730\u4e86\u89e3\u81ea\u5df1\u7684 Kubernetes \u73af\u5883\uff0c\u786e\u4fdd\u96c6\u7fa4\u73af\u5883\u7b26\u5408 Kubernetes \u7684\u6700\u4f73\u5b9e\u8df5\u548c\u5b89\u5168\u6807\u51c6\u3002
\u5177\u4f53\u800c\u8a00\uff0c\u6743\u9650\u626b\u63cf\u652f\u6301\u4ee5\u4e0b\u64cd\u4f5c\uff1a
\u626b\u63cf\u96c6\u7fa4\u4e2d\u7684\u6240\u6709\u8282\u70b9\u7684\u5065\u5eb7\u72b6\u6001\u3002
\u626b\u63cf\u96c6\u7fa4\u7ec4\u4ef6\u7684\u8fd0\u884c\u72b6\u51b5\uff0c\u5982 kube-apiserver \u3001 kube-controller-manager \u3001 kube-scheduler \u7b49\u3002
\u626b\u63cf\u5b89\u5168\u914d\u7f6e\uff1a\u68c0\u67e5 Kubernetes \u7684\u5b89\u5168\u914d\u7f6e
\u63d0\u4f9b\u8b66\u544a\u548c\u5efa\u8bae\uff1a\u5efa\u8bae\u96c6\u7fa4\u7ba1\u7406\u5458\u6267\u884c\u7684\u5b89\u5168\u6700\u4f73\u5b9e\u8df5\uff0c\u4f8b\u5982\u5b9a\u671f\u8f6e\u6362\u8bc1\u4e66\u3001\u4f7f\u7528\u5f3a\u5bc6\u7801\u3001\u9650\u5236\u7f51\u7edc\u8bbf\u95ee\u7b49\u3002
Tip
\u4f7f\u7528\u5408\u89c4\u6027\u626b\u63cf\u65f6\uff0c\u9700\u8981\u5148\u521b\u5efa\u626b\u63cf\u7b56\u7565\u3002\u6267\u884c\u626b\u63cf\u7b56\u7565\u4e4b\u540e\uff0c\u53ef\u4ee5\u67e5\u770b\u626b\u63cf\u62a5\u544a\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u5b89\u5168\u626b\u63cf\u3002
"},{"location":"end-user/kpanda/security/index.html#_4","title":"\u6f0f\u6d1e\u626b\u63cf","text":"\u6f0f\u6d1e\u626b\u63cf\u4fa7\u91cd\u4e8e\u626b\u63cf\u6f5c\u5728\u7684\u6076\u610f\u653b\u51fb\u548c\u5b89\u5168\u6f0f\u6d1e\uff0c\u4f8b\u5982\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u3001SQL \u6ce8\u5165\u3001XSS \u653b\u51fb\u7b49\uff0c\u4ee5\u53ca\u4e00\u4e9b\u9488\u5bf9 Kubernetes \u7279\u5b9a\u7684\u653b\u51fb\u3002\u6700\u7ec8\u7684\u626b\u63cf\u62a5\u544a\u4f1a\u5217\u51fa\u96c6\u7fa4\u4e2d\u5b58\u5728\u7684\u5b89\u5168\u6f0f\u6d1e\uff0c\u5e76\u63d0\u51fa\u4fee\u590d\u5efa\u8bae\u3002
Tip
\u4f7f\u7528\u5408\u89c4\u6027\u626b\u63cf\u65f6\uff0c\u9700\u8981\u5148\u521b\u5efa\u626b\u63cf\u7b56\u7565\u3002\u6267\u884c\u626b\u63cf\u7b56\u7565\u4e4b\u540e\uff0c\u53ef\u4ee5\u67e5\u770b\u626b\u63cf\u62a5\u544a\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u6f0f\u6d1e\u626b\u63cf\u3002
"},{"location":"end-user/kpanda/security/audit.html","title":"\u6743\u9650\u626b\u63cf","text":"\u4e3a\u4e86\u4f7f\u7528\u6743\u9650\u626b\u63cf\u529f\u80fd\uff0c\u9700\u8981\u5148\u521b\u5efa\u626b\u63cf\u7b56\u7565\uff0c\u6267\u884c\u8be5\u7b56\u7565\u4e4b\u540e\u4f1a\u81ea\u52a8\u751f\u6210\u626b\u63cf\u62a5\u544a\u4ee5\u4f9b\u67e5\u770b\u3002
"},{"location":"end-user/kpanda/security/audit.html#_2","title":"\u521b\u5efa\u626b\u63cf\u7b56\u7565","text":"\u5728\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u7684\u9996\u9875\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u5b89\u5168\u7ba1\u7406 \u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u6743\u9650\u626b\u63cf \uff0c\u70b9\u51fb \u626b\u63cf\u7b56\u7565 \u9875\u7b7e\uff0c\u5728\u53f3\u4fa7\u70b9\u51fb \u521b\u5efa\u626b\u63cf\u7b56\u7565 \u3002
\u53c2\u8003\u4e0b\u5217\u8bf4\u660e\u586b\u5199\u914d\u7f6e\uff0c\u6700\u540e\u70b9\u51fb \u786e\u5b9a \u5373\u53ef\u3002
\u626b\u63cf\u7c7b\u578b\uff1a
\u626b\u63cf\u62a5\u544a\u4fdd\u7559\u6570\u91cf\uff1a\u8bbe\u7f6e\u6700\u591a\u4fdd\u7559\u591a\u5c11\u626b\u63cf\u62a5\u544a\u3002\u8d85\u8fc7\u6307\u5b9a\u7684\u4fdd\u7559\u6570\u91cf\u65f6\uff0c\u4ece\u6700\u65e9\u7684\u62a5\u544a\u5f00\u59cb\u5220\u9664\u3002
\u521b\u5efa\u626b\u63cf\u7b56\u7565\u4e4b\u540e\uff0c\u53ef\u4ee5\u6839\u636e\u9700\u8981\u66f4\u65b0\u6216\u5220\u9664\u626b\u63cf\u7b56\u7565\u3002
\u5728 \u626b\u63cf\u7b56\u7565 \u9875\u7b7e\u4e0b\uff0c\u70b9\u51fb\u914d\u7f6e\u53f3\u4fa7\u7684 \u2507 \u64cd\u4f5c\u6309\u94ae\uff1a
\u5bf9\u4e8e\u5468\u671f\u6027\u7684\u626b\u63cf\u7b56\u7565\uff1a
\u5bf9\u4e8e\u4e00\u6b21\u6027\u7684\u626b\u63cf\u7b56\u7565\uff1a\u4ec5\u652f\u6301 \u5220\u9664 \u64cd\u4f5c\u3002
\u5728 \u5b89\u5168\u7ba1\u7406 -> \u6743\u9650\u626b\u63cf -> \u626b\u63cf\u62a5\u544a \u9875\u7b7e\u4e0b\uff0c\u70b9\u51fb\u62a5\u544a\u540d\u79f0
\u5728\u62a5\u544a\u53f3\u4fa7\u70b9\u51fb \u5220\u9664 \u53ef\u4ee5\u624b\u52a8\u5220\u9664\u62a5\u544a\u3002
\u67e5\u770b\u626b\u63cf\u62a5\u544a\u5185\u5bb9\uff0c\u5305\u62ec\uff1a
\u68c0\u67e5\u8be6\u60c5\uff0c\u4f8b\u5982\u88ab\u68c0\u67e5\u7684\u8d44\u6e90\u3001\u8d44\u6e90\u7c7b\u578b\u3001\u626b\u63cf\u7ed3\u679c\u3001\u9519\u8bef\u7c7b\u578b\u3001\u9519\u8bef\u8be6\u60c5
\u4e3a\u4e86\u4f7f\u7528\u6f0f\u6d1e\u626b\u63cf\u529f\u80fd\uff0c\u9700\u8981\u5148\u521b\u5efa\u626b\u63cf\u7b56\u7565\uff0c\u6267\u884c\u8be5\u7b56\u7565\u4e4b\u540e\u4f1a\u81ea\u52a8\u751f\u6210\u626b\u63cf\u62a5\u544a\u4ee5\u4f9b\u67e5\u770b\u3002
"},{"location":"end-user/kpanda/security/hunter.html#_2","title":"\u521b\u5efa\u626b\u63cf\u7b56\u7565","text":"\u5728\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u7684\u9996\u9875\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u5b89\u5168\u7ba1\u7406 \u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u6f0f\u6d1e\u626b\u63cf \uff0c\u70b9\u51fb \u626b\u63cf\u7b56\u7565 \u9875\u7b7e\uff0c\u5728\u53f3\u4fa7\u70b9\u51fb \u521b\u5efa\u626b\u63cf\u7b56\u7565 \u3002
\u53c2\u8003\u4e0b\u5217\u8bf4\u660e\u586b\u5199\u914d\u7f6e\uff0c\u6700\u540e\u70b9\u51fb \u786e\u5b9a \u5373\u53ef\u3002
\u626b\u63cf\u7c7b\u578b\uff1a
\u626b\u63cf\u62a5\u544a\u4fdd\u7559\u6570\u91cf\uff1a\u8bbe\u7f6e\u6700\u591a\u4fdd\u7559\u591a\u5c11\u626b\u63cf\u62a5\u544a\u3002\u8d85\u8fc7\u6307\u5b9a\u7684\u4fdd\u7559\u6570\u91cf\u65f6\uff0c\u4ece\u6700\u65e9\u7684\u62a5\u544a\u5f00\u59cb\u5220\u9664\u3002
\u521b\u5efa\u626b\u63cf\u7b56\u7565\u4e4b\u540e\uff0c\u53ef\u4ee5\u6839\u636e\u9700\u8981\u66f4\u65b0\u6216\u5220\u9664\u626b\u63cf\u7b56\u7565\u3002
\u5728 \u626b\u63cf\u7b56\u7565 \u9875\u7b7e\u4e0b\uff0c\u70b9\u51fb\u914d\u7f6e\u53f3\u4fa7\u7684 \u2507 \u64cd\u4f5c\u6309\u94ae\uff1a
\u5bf9\u4e8e\u5468\u671f\u6027\u7684\u626b\u63cf\u7b56\u7565\uff1a
\u5bf9\u4e8e\u4e00\u6b21\u6027\u7684\u626b\u63cf\u7b56\u7565\uff1a\u4ec5\u652f\u6301 \u5220\u9664 \u64cd\u4f5c\u3002
\u5728 \u5b89\u5168\u7ba1\u7406 -> \u6743\u9650\u626b\u63cf -> \u626b\u63cf\u62a5\u544a \u9875\u7b7e\u4e0b\uff0c\u70b9\u51fb\u62a5\u544a\u540d\u79f0
\u5728\u62a5\u544a\u53f3\u4fa7\u70b9\u51fb \u5220\u9664 \u53ef\u4ee5\u624b\u52a8\u5220\u9664\u62a5\u544a\u3002
\u67e5\u770b\u626b\u63cf\u62a5\u544a\u5185\u5bb9\uff0c\u5305\u62ec\uff1a
\u68c0\u67e5\u8be6\u60c5\uff0c\u4f8b\u5982\u6f0f\u6d1e ID\u3001\u6f0f\u6d1e\u7c7b\u578b\u3001\u6f0f\u6d1e\u540d\u79f0\u3001\u6f0f\u6d1e\u63cf\u8ff0\u7b49
\u4f7f\u7528\u5408\u89c4\u6027\u626b\u63cf\u7684\u7b2c\u4e00\u6b65\uff0c\u5c31\u662f\u5148\u521b\u5efa\u626b\u63cf\u914d\u7f6e\u3002\u57fa\u4e8e\u626b\u63cf\u914d\u7f6e\u518d\u521b\u5efa\u626b\u63cf\u7b56\u7565\u3001\u6267\u884c\u626b\u63cf\u7b56\u7565\uff0c\u6700\u540e\u67e5\u770b\u626b\u63cf\u7ed3\u679c\u3002
"},{"location":"end-user/kpanda/security/cis/config.html#_2","title":"\u521b\u5efa\u626b\u63cf\u914d\u7f6e","text":"\u521b\u5efa\u626b\u63cf\u914d\u7f6e\u7684\u6b65\u9aa4\u5982\u4e0b\uff1a
\u5728\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u7684\u9996\u9875\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u5b89\u5168\u7ba1\u7406 \u3002
\u9ed8\u8ba4\u8fdb\u5165 \u5408\u89c4\u6027\u626b\u63cf \u9875\u9762\uff0c\u70b9\u51fb \u626b\u63cf\u914d\u7f6e \u9875\u7b7e\uff0c\u7136\u540e\u5728\u53f3\u4e0a\u89d2\u70b9\u51fb \u521b\u5efa\u626b\u63cf\u914d\u7f6e \u3002
\u586b\u5199\u914d\u7f6e\u540d\u79f0\u3001\u9009\u62e9\u914d\u7f6e\u6a21\u677f\u3001\u6309\u9700\u52fe\u9009\u626b\u63cf\u9879\uff0c\u6700\u540e\u70b9\u51fb \u786e\u5b9a \u3002
\u626b\u63cf\u6a21\u677f\uff1a\u76ee\u524d\u63d0\u4f9b\u4e86\u4e24\u4e2a\u6a21\u677f\u3002 kubeadm \u6a21\u677f\u9002\u7528\u4e8e\u4e00\u822c\u60c5\u51b5\u4e0b\u7684 Kubernetes \u96c6\u7fa4\u3002 \u6211\u4eec\u5728 kubeadm \u6a21\u677f\u57fa\u7840\u4e0a\uff0c\u7ed3\u5408\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u7684\u5e73\u53f0\u8bbe\u8ba1\u5ffd\u7565\u4e86\u4e0d\u9002\u7528\u4e8e\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u7684\u626b\u63cf\u9879\u3002
\u5728\u626b\u63cf\u914d\u7f6e\u9875\u7b7e\u4e0b\uff0c\u70b9\u51fb\u626b\u63cf\u914d\u7f6e\u7684\u540d\u79f0\uff0c\u53ef\u4ee5\u67e5\u770b\u8be5\u914d\u7f6e\u7684\u7c7b\u578b\u3001\u626b\u63cf\u9879\u6570\u91cf\u3001\u521b\u5efa\u65f6\u95f4\u3001\u914d\u7f6e\u6a21\u677f\uff0c\u4ee5\u53ca\u8be5\u914d\u7f6e\u542f\u7528\u7684\u5177\u4f53\u626b\u63cf\u9879\u3002
"},{"location":"end-user/kpanda/security/cis/config.html#_4","title":"\u66f4\u65b0/\u5220\u9664\u626b\u63cf\u914d\u7f6e","text":"\u626b\u63cf\u914d\u7f6e\u521b\u5efa\u6210\u529f\u4e4b\u540e\uff0c\u53ef\u4ee5\u6839\u636e\u9700\u6c42\u66f4\u65b0\u914d\u7f6e\u6216\u5220\u9664\u8be5\u914d\u7f6e\u3002
\u5728\u626b\u63cf\u914d\u7f6e\u9875\u7b7e\u4e0b\uff0c\u70b9\u51fb\u914d\u7f6e\u53f3\u4fa7\u7684 \u2507 \u64cd\u4f5c\u6309\u94ae\uff1a
\u9009\u62e9 \u5220\u9664 \u53ef\u4ee5\u5220\u9664\u8be5\u914d\u7f6e\u3002
\u521b\u5efa\u626b\u63cf\u914d\u7f6e\u4e4b\u540e\uff0c\u53ef\u4ee5\u57fa\u4e8e\u914d\u7f6e\u521b\u5efa\u626b\u63cf\u7b56\u7565\u3002
\u5728 \u5b89\u5168\u7ba1\u7406 -> \u5408\u89c4\u6027\u626b\u63cf \u9875\u9762\u7684 \u626b\u63cf\u7b56\u7565 \u9875\u7b7e\u4e0b\uff0c\u5728\u53f3\u4fa7\u70b9\u51fb\u521b\u5efa\u626b\u63cf\u7b56\u7565\u3002
\u53c2\u8003\u4e0b\u5217\u8bf4\u660e\u586b\u5199\u914d\u7f6e\u540e\uff0c\u70b9\u51fb \u786e\u5b9a \u3002
\u626b\u63cf\u7c7b\u578b\uff1a
\u626b\u63cf\u62a5\u544a\u4fdd\u7559\u6570\u91cf\uff1a\u8bbe\u7f6e\u6700\u591a\u4fdd\u7559\u591a\u5c11\u626b\u63cf\u62a5\u544a\u3002\u8d85\u8fc7\u6307\u5b9a\u7684\u4fdd\u7559\u6570\u91cf\u65f6\uff0c\u4ece\u6700\u65e9\u7684\u62a5\u544a\u5f00\u59cb\u5220\u9664\u3002
\u521b\u5efa\u626b\u63cf\u7b56\u7565\u4e4b\u540e\uff0c\u53ef\u4ee5\u6839\u636e\u9700\u8981\u66f4\u65b0\u6216\u5220\u9664\u626b\u63cf\u7b56\u7565\u3002
\u5728 \u626b\u63cf\u7b56\u7565 \u9875\u7b7e\u4e0b\uff0c\u70b9\u51fb\u914d\u7f6e\u53f3\u4fa7\u7684 \u2507 \u64cd\u4f5c\u6309\u94ae\uff1a
\u5bf9\u4e8e\u5468\u671f\u6027\u7684\u626b\u63cf\u7b56\u7565\uff1a
\u5bf9\u4e8e\u4e00\u6b21\u6027\u7684\u626b\u63cf\u7b56\u7565\uff1a\u4ec5\u652f\u6301 \u5220\u9664 \u64cd\u4f5c\u3002
hide\uff1a - toc
"},{"location":"end-user/kpanda/security/cis/report.html#_1","title":"\u626b\u63cf\u62a5\u544a","text":"\u6267\u884c\u626b\u63cf\u7b56\u7565\u4e4b\u540e\u4f1a\u81ea\u52a8\u751f\u6210\u626b\u63cf\u62a5\u544a\u3002\u60a8\u53ef\u4ee5\u5728\u7ebf\u67e5\u770b\u626b\u63cf\u62a5\u544a\u6216\u5c06\u5176\u4e0b\u8f7d\u5230\u672c\u5730\u67e5\u770b\u3002
\u4e0b\u8f7d\u67e5\u770b\u626b\u63cf\u62a5\u544a
\u5b89\u5168\u7ba1\u7406 -> \u5408\u89c4\u6027\u626b\u63cf \u9875\u9762\u7684 \u626b\u63cf\u62a5\u544a \u9875\u7b7e\u70b9\u51fb\u62a5\u544a\u53f3\u4fa7\u7684 \u2507 \u64cd\u4f5c\u6309\u94ae\u9009\u62e9 \u4e0b\u8f7d \u3002
\u5728\u7ebf\u67e5\u770b\u626b\u63cf\u62a5\u544a
\u70b9\u51fb\u67d0\u4e2a\u62a5\u544a\u7684\u540d\u79f0\uff0c\u60a8\u53ef\u4ee5\u5728\u7ebf\u67e5\u770b CIS \u5408\u89c4\u6027\u626b\u63cf\u7684\u62a5\u544a\u5185\u5bb9\u3002\u5177\u4f53\u5305\u62ec\uff1a
\u6570\u636e\u5377\uff08PersistentVolume\uff0cPV\uff09\u662f\u96c6\u7fa4\u4e2d\u7684\u4e00\u5757\u5b58\u50a8\uff0c\u53ef\u7531\u7ba1\u7406\u5458\u4e8b\u5148\u5236\u5907\uff0c\u6216\u4f7f\u7528\u5b58\u50a8\u7c7b\uff08Storage Class\uff09\u6765\u52a8\u6001\u5236\u5907\u3002PV \u662f\u96c6\u7fa4\u8d44\u6e90\uff0c\u4f46\u62e5\u6709\u72ec\u7acb\u7684\u751f\u547d\u5468\u671f\uff0c\u4e0d\u4f1a\u968f\u7740 Pod \u8fdb\u7a0b\u7ed3\u675f\u800c\u88ab\u5220\u9664\u3002\u5c06 PV \u6302\u8f7d\u5230\u5de5\u4f5c\u8d1f\u8f7d\u53ef\u4ee5\u5b9e\u73b0\u5de5\u4f5c\u8d1f\u8f7d\u7684\u6570\u636e\u6301\u4e45\u5316\u3002PV \u4e2d\u4fdd\u5b58\u4e86\u53ef\u88ab Pod \u4e2d\u5bb9\u5668\u8bbf\u95ee\u7684\u6570\u636e\u76ee\u5f55\u3002
"},{"location":"end-user/kpanda/storage/pv.html#_1","title":"\u521b\u5efa\u6570\u636e\u5377","text":"\u76ee\u524d\u652f\u6301\u901a\u8fc7 YAML \u548c\u8868\u5355\u4e24\u79cd\u65b9\u5f0f\u521b\u5efa\u6570\u636e\u5377\uff0c\u8fd9\u4e24\u79cd\u65b9\u5f0f\u5404\u6709\u4f18\u52a3\uff0c\u53ef\u4ee5\u6ee1\u8db3\u4e0d\u540c\u7528\u6237\u7684\u4f7f\u7528\u9700\u6c42\u3002
\u901a\u8fc7 YAML \u521b\u5efa\u6b65\u9aa4\u66f4\u5c11\u3001\u66f4\u9ad8\u6548\uff0c\u4f46\u95e8\u69db\u8981\u6c42\u8f83\u9ad8\uff0c\u9700\u8981\u719f\u6089\u6570\u636e\u5377\u7684 YAML \u6587\u4ef6\u914d\u7f6e\u3002
\u901a\u8fc7\u8868\u5355\u521b\u5efa\u66f4\u76f4\u89c2\u66f4\u7b80\u5355\uff0c\u6839\u636e\u63d0\u793a\u586b\u5199\u5bf9\u5e94\u7684\u503c\u5373\u53ef\uff0c\u4f46\u6b65\u9aa4\u66f4\u52a0\u7e41\u7410\u3002
\u5728\u96c6\u7fa4\u5217\u8868\u4e2d\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u7136\u540e\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u5bb9\u5668\u5b58\u50a8 -> \u6570\u636e\u5377(PV) -> YAML \u521b\u5efa \u3002
\u5728\u5f39\u6846\u4e2d\u8f93\u5165\u6216\u7c98\u8d34\u4e8b\u5148\u51c6\u5907\u597d\u7684 YAML \u6587\u4ef6\uff0c\u7136\u540e\u5728\u5f39\u6846\u5e95\u90e8\u70b9\u51fb \u786e\u5b9a \u3002
\u652f\u6301\u4ece\u672c\u5730\u5bfc\u5165 YAML \u6587\u4ef6\u6216\u5c06\u586b\u5199\u597d\u7684\u6587\u4ef6\u4e0b\u8f7d\u4fdd\u5b58\u5230\u672c\u5730\u3002
\u5728\u96c6\u7fa4\u5217\u8868\u4e2d\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u7136\u540e\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u5bb9\u5668\u5b58\u50a8 -> \u6570\u636e\u5377(PV) -> \u521b\u5efa\u6570\u636e\u5377(PV) \u3002
\u586b\u5199\u57fa\u672c\u4fe1\u606f\u3002
\u6570\u636e\u5377\u7c7b\u578b\uff1a\u6709\u5173\u5377\u7c7b\u578b\u7684\u8be6\u7ec6\u4ecb\u7ecd\uff0c\u53ef\u53c2\u8003 Kubernetes \u5b98\u65b9\u6587\u6863\u5377\u3002
Local\uff1a\u5c06 Node \u8282\u70b9\u7684\u672c\u5730\u5b58\u50a8\u5305\u88c5\u6210 PVC \u63a5\u53e3\uff0c\u5bb9\u5668\u76f4\u63a5\u4f7f\u7528 PVC \u800c\u65e0\u9700\u5173\u6ce8\u5e95\u5c42\u7684\u5b58\u50a8\u7c7b\u578b\u3002Local \u5377\u4e0d\u652f\u6301\u52a8\u6001\u914d\u7f6e\u6570\u636e\u5377\uff0c\u4f46\u652f\u6301\u914d\u7f6e\u8282\u70b9\u4eb2\u548c\u6027\uff0c\u53ef\u4ee5\u9650\u5236\u80fd\u4ece\u54ea\u4e9b\u8282\u70b9\u4e0a\u8bbf\u95ee\u8be5\u6570\u636e\u5377\u3002
HostPath\uff1a\u4f7f\u7528 Node \u8282\u70b9\u7684\u6587\u4ef6\u7cfb\u7edf\u4e0a\u7684\u6587\u4ef6\u6216\u76ee\u5f55\u4f5c\u4e3a\u6570\u636e\u5377\uff0c\u4e0d\u652f\u6301\u57fa\u4e8e\u8282\u70b9\u4eb2\u548c\u6027\u7684 Pod \u8c03\u5ea6\u3002
\u6302\u8f7d\u8def\u5f84\uff1a\u5c06\u6570\u636e\u5377\u6302\u8f7d\u5230\u5bb9\u5668\u4e2d\u7684\u67d0\u4e2a\u5177\u4f53\u76ee\u5f55\u4e0b\u3002
\u8bbf\u95ee\u6a21\u5f0f\uff1a
\u56de\u6536\u7b56\u7565\uff1a
\u5377\u6a21\u5f0f\uff1a
\u8282\u70b9\u4eb2\u548c\u6027\uff1a
\u5728\u96c6\u7fa4\u5217\u8868\u4e2d\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u7136\u540e\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u5bb9\u5668\u5b58\u50a8 -> \u6570\u636e\u5377(PV) \u3002
\u8be5\u9875\u9762\u53ef\u4ee5\u67e5\u770b\u5f53\u524d\u96c6\u7fa4\u4e2d\u7684\u6240\u6709\u6570\u636e\u5377\uff0c\u4ee5\u53ca\u5404\u4e2a\u6570\u636e\u5377\u7684\u72b6\u6001\u3001\u5bb9\u91cf\u3001\u547d\u540d\u7a7a\u95f4\u7b49\u4fe1\u606f\u3002
\u652f\u6301\u6309\u7167\u6570\u636e\u5377\u7684\u540d\u79f0\u3001\u72b6\u6001\u3001\u547d\u540d\u7a7a\u95f4\u3001\u521b\u5efa\u65f6\u95f4\u8fdb\u884c\u987a\u5e8f\u6216\u9006\u5e8f\u6392\u5e8f\u3002
\u70b9\u51fb\u6570\u636e\u5377\u7684\u540d\u79f0\uff0c\u53ef\u4ee5\u67e5\u770b\u8be5\u6570\u636e\u5377\u7684\u57fa\u672c\u914d\u7f6e\u3001\u5b58\u50a8\u6c60\u4fe1\u606f\u3001\u6807\u7b7e\u3001\u6ce8\u89e3\u7b49\u4fe1\u606f\u3002
\u901a\u8fc7\u514b\u9686\u6570\u636e\u5377\uff0c\u53ef\u4ee5\u57fa\u4e8e\u88ab\u514b\u9686\u6570\u636e\u5377\u7684\u914d\u7f6e\uff0c\u91cd\u65b0\u521b\u5efa\u4e00\u4e2a\u65b0\u7684\u6570\u636e\u5377\u3002
\u8fdb\u5165\u514b\u9686\u9875\u9762
\u5728\u6570\u636e\u5377\u5217\u8868\u9875\u9762\uff0c\u627e\u5230\u9700\u8981\u514b\u9686\u7684\u6570\u636e\u5377\uff0c\u5728\u53f3\u4fa7\u7684\u64cd\u4f5c\u680f\u4e0b\u9009\u62e9 \u514b\u9686 \u3002
\u4e5f\u53ef\u4ee5\u70b9\u51fb\u6570\u636e\u5377\u7684\u540d\u79f0\uff0c\u5728\u8be6\u60c5\u9875\u9762\u7684\u53f3\u4e0a\u89d2\u70b9\u51fb\u64cd\u4f5c\u6309\u94ae\u9009\u62e9 \u514b\u9686 \u3002
\u76f4\u63a5\u4f7f\u7528\u539f\u914d\u7f6e\uff0c\u6216\u8005\u6309\u9700\u8fdb\u884c\u4fee\u6539\uff0c\u7136\u540e\u5728\u9875\u9762\u5e95\u90e8\u70b9\u51fb \u786e\u5b9a \u3002
\u6709\u4e24\u79cd\u9014\u5f84\u53ef\u4ee5\u66f4\u65b0\u6570\u636e\u5377\u3002\u652f\u6301\u901a\u8fc7\u8868\u5355\u6216 YAML \u6587\u4ef6\u66f4\u65b0\u6570\u636e\u5377\u3002
Note
\u4ec5\u652f\u6301\u66f4\u65b0\u6570\u636e\u5377\u7684\u522b\u540d\u3001\u5bb9\u91cf\u3001\u8bbf\u95ee\u6a21\u5f0f\u3001\u56de\u6536\u7b56\u7565\u3001\u6807\u7b7e\u548c\u6ce8\u89e3\u3002
\u5728\u6570\u636e\u5377\u5217\u8868\u9875\u9762\uff0c\u627e\u5230\u9700\u8981\u66f4\u65b0\u7684\u6570\u636e\u5377\uff0c\u5728\u53f3\u4fa7\u7684\u64cd\u4f5c\u680f\u4e0b\u9009\u62e9 \u66f4\u65b0 \u5373\u53ef\u901a\u8fc7\u8868\u5355\u66f4\u65b0\uff0c\u9009\u62e9 \u7f16\u8f91 YAML \u5373\u53ef\u901a\u8fc7 YAML \u66f4\u65b0\u3002
\u70b9\u51fb\u6570\u636e\u5377\u7684\u540d\u79f0\uff0c\u8fdb\u5165\u6570\u636e\u5377\u7684\u8be6\u60c5\u9875\u9762\u540e\uff0c\u5728\u9875\u9762\u53f3\u4e0a\u89d2\u9009\u62e9 \u66f4\u65b0 \u5373\u53ef\u901a\u8fc7\u8868\u5355\u66f4\u65b0\uff0c\u9009\u62e9 \u7f16\u8f91 YAML \u5373\u53ef\u901a\u8fc7 YAML \u66f4\u65b0\u3002
\u5728\u6570\u636e\u5377\u5217\u8868\u9875\u9762\uff0c\u627e\u5230\u9700\u8981\u5220\u9664\u7684\u6570\u636e\uff0c\u5728\u53f3\u4fa7\u7684\u64cd\u4f5c\u680f\u4e0b\u9009\u62e9 \u5220\u9664 \u3002
\u4e5f\u53ef\u4ee5\u70b9\u51fb\u6570\u636e\u5377\u7684\u540d\u79f0\uff0c\u5728\u8be6\u60c5\u9875\u9762\u7684\u53f3\u4e0a\u89d2\u70b9\u51fb\u64cd\u4f5c\u6309\u94ae\u9009\u62e9 \u5220\u9664 \u3002
"},{"location":"end-user/kpanda/storage/pvc.html","title":"\u6570\u636e\u5377\u58f0\u660e(PVC)","text":"\u6301\u4e45\u5377\u58f0\u660e\uff08PersistentVolumeClaim\uff0cPVC\uff09\u8868\u8fbe\u7684\u662f\u7528\u6237\u5bf9\u5b58\u50a8\u7684\u8bf7\u6c42\u3002PVC \u6d88\u8017 PV \u8d44\u6e90\uff0c\u7533\u9886\u4f7f\u7528\u7279\u5b9a\u5927\u5c0f\u3001\u7279\u5b9a\u8bbf\u95ee\u6a21\u5f0f\u7684\u6570\u636e\u5377\uff0c\u4f8b\u5982\u8981\u6c42 PV \u5377\u4ee5 ReadWriteOnce\u3001ReadOnlyMany \u6216 ReadWriteMany \u7b49\u6a21\u5f0f\u6765\u6302\u8f7d\u3002
"},{"location":"end-user/kpanda/storage/pvc.html#_1","title":"\u521b\u5efa\u6570\u636e\u5377\u58f0\u660e","text":"\u76ee\u524d\u652f\u6301\u901a\u8fc7 YAML \u548c\u8868\u5355\u4e24\u79cd\u65b9\u5f0f\u521b\u5efa\u6570\u636e\u5377\u58f0\u660e\uff0c\u8fd9\u4e24\u79cd\u65b9\u5f0f\u5404\u6709\u4f18\u52a3\uff0c\u53ef\u4ee5\u6ee1\u8db3\u4e0d\u540c\u7528\u6237\u7684\u4f7f\u7528\u9700\u6c42\u3002
\u901a\u8fc7 YAML \u521b\u5efa\u6b65\u9aa4\u66f4\u5c11\u3001\u66f4\u9ad8\u6548\uff0c\u4f46\u95e8\u69db\u8981\u6c42\u8f83\u9ad8\uff0c\u9700\u8981\u719f\u6089\u6570\u636e\u5377\u58f0\u660e\u7684 YAML \u6587\u4ef6\u914d\u7f6e\u3002
\u901a\u8fc7\u8868\u5355\u521b\u5efa\u66f4\u76f4\u89c2\u66f4\u7b80\u5355\uff0c\u6839\u636e\u63d0\u793a\u586b\u5199\u5bf9\u5e94\u7684\u503c\u5373\u53ef\uff0c\u4f46\u6b65\u9aa4\u66f4\u52a0\u7e41\u7410\u3002
\u5728\u96c6\u7fa4\u5217\u8868\u4e2d\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u7136\u540e\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u5bb9\u5668\u5b58\u50a8 -> \u6570\u636e\u5377\u58f0\u660e (PVC) -> YAML \u521b\u5efa \u3002
\u5728\u5f39\u6846\u4e2d\u8f93\u5165\u6216\u7c98\u8d34\u4e8b\u5148\u51c6\u5907\u597d\u7684 YAML \u6587\u4ef6\uff0c\u7136\u540e\u5728\u5f39\u6846\u5e95\u90e8\u70b9\u51fb \u786e\u5b9a \u3002
\u652f\u6301\u4ece\u672c\u5730\u5bfc\u5165 YAML \u6587\u4ef6\u6216\u5c06\u586b\u5199\u597d\u7684\u6587\u4ef6\u4e0b\u8f7d\u4fdd\u5b58\u5230\u672c\u5730\u3002
\u5728\u96c6\u7fa4\u5217\u8868\u4e2d\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u7136\u540e\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u5bb9\u5668\u5b58\u50a8 -> \u6570\u636e\u5377\u58f0\u660e (PVC) -> \u521b\u5efa\u6570\u636e\u5377\u58f0\u660e (PVC) \u3002
\u586b\u5199\u57fa\u672c\u4fe1\u606f\u3002
\u521b\u5efa\u65b9\u5f0f\uff1a\u5728\u5df2\u6709\u7684\u5b58\u50a8\u6c60\u6216\u8005\u6570\u636e\u5377\u4e2d\u52a8\u6001\u521b\u5efa\u65b0\u7684\u6570\u636e\u5377\u58f0\u660e\uff0c\u6216\u8005\u57fa\u4e8e\u6570\u636e\u5377\u58f0\u660e\u7684\u5feb\u7167\u521b\u5efa\u65b0\u7684\u6570\u636e\u5377\u58f0\u660e\u3002
\u57fa\u4e8e\u5feb\u7167\u521b\u5efa\u65f6\u65e0\u6cd5\u4fee\u6539\u6570\u636e\u5377\u58f0\u660e\u7684\u5bb9\u91cf\uff0c\u53ef\u4ee5\u5728\u521b\u5efa\u5b8c\u6210\u540e\u518d\u8fdb\u884c\u4fee\u6539\u3002
\u9009\u62e9\u521b\u5efa\u65b9\u5f0f\u4e4b\u540e\uff0c\u5728\u4e0b\u62c9\u5217\u8868\u4e2d\u9009\u62e9\u60f3\u8981\u4f7f\u7528\u7684\u5b58\u50a8\u6c60/\u6570\u636e\u5377/\u5feb\u7167\u3002
\u8bbf\u95ee\u6a21\u5f0f\uff1a
ReadWriteOnce\uff0c\u6570\u636e\u5377\u58f0\u660e\u53ef\u4ee5\u88ab\u4e00\u4e2a\u8282\u70b9\u4ee5\u8bfb\u5199\u65b9\u5f0f\u6302\u8f7d\u3002
ReadWriteOncePod\uff0c\u6570\u636e\u5377\u58f0\u660e\u53ef\u4ee5\u88ab\u5355\u4e2a Pod \u4ee5\u8bfb\u5199\u65b9\u5f0f\u6302\u8f7d\u3002
\u5728\u96c6\u7fa4\u5217\u8868\u4e2d\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u7136\u540e\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u5bb9\u5668\u5b58\u50a8 -> \u6570\u636e\u5377\u58f0\u660e(PVC) \u3002
\u8be5\u9875\u9762\u53ef\u4ee5\u67e5\u770b\u5f53\u524d\u96c6\u7fa4\u4e2d\u7684\u6240\u6709\u6570\u636e\u5377\u58f0\u660e\uff0c\u4ee5\u53ca\u5404\u4e2a\u6570\u636e\u5377\u58f0\u660e\u7684\u72b6\u6001\u3001\u5bb9\u91cf\u3001\u547d\u540d\u7a7a\u95f4\u7b49\u4fe1\u606f\u3002
\u652f\u6301\u6309\u7167\u6570\u636e\u5377\u58f0\u660e\u7684\u540d\u79f0\u3001\u72b6\u6001\u3001\u547d\u540d\u7a7a\u95f4\u3001\u521b\u5efa\u65f6\u95f4\u8fdb\u884c\u987a\u5e8f\u6216\u9006\u5e8f\u6392\u5e8f\u3002
\u70b9\u51fb\u6570\u636e\u5377\u58f0\u660e\u7684\u540d\u79f0\uff0c\u53ef\u4ee5\u67e5\u770b\u8be5\u6570\u636e\u5377\u58f0\u660e\u7684\u57fa\u672c\u914d\u7f6e\u3001\u5b58\u50a8\u6c60\u4fe1\u606f\u3001\u6807\u7b7e\u3001\u6ce8\u89e3\u7b49\u4fe1\u606f\u3002
\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u5bb9\u5668\u5b58\u50a8 -> \u6570\u636e\u5377\u58f0\u660e(PVC) \uff0c\u627e\u5230\u60f3\u8981\u8c03\u6574\u5bb9\u91cf\u7684\u6570\u636e\u5377\u58f0\u660e\u3002
\u70b9\u51fb\u6570\u636e\u5377\u58f0\u660e\u7684\u540d\u79f0\uff0c\u7136\u540e\u5728\u9875\u9762\u53f3\u4e0a\u89d2\u70b9\u51fb\u64cd\u4f5c\u6309\u94ae\u9009\u62e9 \u6269\u5bb9 \u3002
\u8f93\u5165\u76ee\u6807\u5bb9\u91cf\uff0c\u7136\u540e\u70b9\u51fb \u786e\u5b9a \u3002
\u901a\u8fc7\u514b\u9686\u6570\u636e\u5377\u58f0\u660e\uff0c\u53ef\u4ee5\u57fa\u4e8e\u88ab\u514b\u9686\u6570\u636e\u5377\u58f0\u660e\u7684\u914d\u7f6e\uff0c\u91cd\u65b0\u521b\u5efa\u4e00\u4e2a\u65b0\u7684\u6570\u636e\u5377\u58f0\u660e\u3002
\u8fdb\u5165\u514b\u9686\u9875\u9762
\u5728\u6570\u636e\u5377\u58f0\u660e\u5217\u8868\u9875\u9762\uff0c\u627e\u5230\u9700\u8981\u514b\u9686\u7684\u6570\u636e\u5377\u58f0\u660e\uff0c\u5728\u53f3\u4fa7\u7684\u64cd\u4f5c\u680f\u4e0b\u9009\u62e9 \u514b\u9686 \u3002
\u4e5f\u53ef\u4ee5\u70b9\u51fb\u6570\u636e\u5377\u58f0\u660e\u7684\u540d\u79f0\uff0c\u5728\u8be6\u60c5\u9875\u9762\u7684\u53f3\u4e0a\u89d2\u70b9\u51fb\u64cd\u4f5c\u6309\u94ae\u9009\u62e9 \u514b\u9686 \u3002
\u76f4\u63a5\u4f7f\u7528\u539f\u914d\u7f6e\uff0c\u6216\u8005\u6309\u9700\u8fdb\u884c\u4fee\u6539\uff0c\u7136\u540e\u5728\u9875\u9762\u5e95\u90e8\u70b9\u51fb \u786e\u5b9a \u3002
\u6709\u4e24\u79cd\u9014\u5f84\u53ef\u4ee5\u66f4\u65b0\u6570\u636e\u5377\u58f0\u660e\u3002\u652f\u6301\u901a\u8fc7\u8868\u5355\u6216 YAML \u6587\u4ef6\u66f4\u65b0\u6570\u636e\u5377\u58f0\u660e\u3002
Note
\u4ec5\u652f\u6301\u66f4\u65b0\u6570\u636e\u5377\u58f0\u660e\u7684\u522b\u540d\u3001\u6807\u7b7e\u548c\u6ce8\u89e3\u3002
\u5728\u6570\u636e\u5377\u5217\u8868\u9875\u9762\uff0c\u627e\u5230\u9700\u8981\u66f4\u65b0\u7684\u6570\u636e\u5377\u58f0\u660e\uff0c\u5728\u53f3\u4fa7\u7684\u64cd\u4f5c\u680f\u4e0b\u9009\u62e9 \u66f4\u65b0 \u5373\u53ef\u901a\u8fc7\u8868\u5355\u66f4\u65b0\uff0c\u9009\u62e9 \u7f16\u8f91 YAML \u5373\u53ef\u901a\u8fc7 YAML \u66f4\u65b0\u3002
\u70b9\u51fb\u6570\u636e\u5377\u58f0\u660e\u7684\u540d\u79f0\uff0c\u8fdb\u5165\u6570\u636e\u5377\u58f0\u660e\u7684\u8be6\u60c5\u9875\u9762\u540e\uff0c\u5728\u9875\u9762\u53f3\u4e0a\u89d2\u9009\u62e9 \u66f4\u65b0 \u5373\u53ef\u901a\u8fc7\u8868\u5355\u66f4\u65b0\uff0c\u9009\u62e9 \u7f16\u8f91 YAML \u5373\u53ef\u901a\u8fc7 YAML \u66f4\u65b0\u3002
\u5728\u6570\u636e\u5377\u58f0\u660e\u5217\u8868\u9875\u9762\uff0c\u627e\u5230\u9700\u8981\u5220\u9664\u7684\u6570\u636e\uff0c\u5728\u53f3\u4fa7\u7684\u64cd\u4f5c\u680f\u4e0b\u9009\u62e9 \u5220\u9664 \u3002
\u4e5f\u53ef\u4ee5\u70b9\u51fb\u6570\u636e\u5377\u58f0\u660e\u7684\u540d\u79f0\uff0c\u5728\u8be6\u60c5\u9875\u9762\u7684\u53f3\u4e0a\u89d2\u70b9\u51fb\u64cd\u4f5c\u6309\u94ae\u9009\u62e9 \u5220\u9664 \u3002
"},{"location":"end-user/kpanda/storage/pvc.html#_8","title":"\u5e38\u89c1\u95ee\u9898","text":"\u5982\u679c\u5217\u8868\u4e2d\u6ca1\u6709\u53ef\u9009\u7684\u5b58\u50a8\u6c60\u6216\u6570\u636e\u5377\uff0c\u53ef\u4ee5\u521b\u5efa\u5b58\u50a8\u6c60\u6216\u521b\u5efa\u6570\u636e\u5377\u3002
\u5982\u679c\u5217\u8868\u4e2d\u6ca1\u6709\u53ef\u9009\u7684\u5feb\u7167\uff0c\u53ef\u4ee5\u8fdb\u5165\u6570\u636e\u5377\u58f0\u660e\u7684\u8be6\u60c5\u9875\uff0c\u5728\u53f3\u4e0a\u89d2\u5236\u4f5c\u5feb\u7167\u3002
\u5982\u679c\u6570\u636e\u5377\u58f0\u660e\u6240\u4f7f\u7528\u7684\u5b58\u50a8\u6c60 (SC) \u6ca1\u6709\u542f\u7528\u5feb\u7167\uff0c\u5219\u65e0\u6cd5\u5236\u4f5c\u5feb\u7167\uff0c\u9875\u9762\u4e0d\u4f1a\u663e\u793a\u201c\u5236\u4f5c\u5feb\u7167\u201d\u9009\u9879\u3002
\u5982\u679c\u6570\u636e\u5377\u58f0\u660e\u6240\u4f7f\u7528\u7684\u5b58\u50a8\u6c60 (SC) \u6ca1\u6709\u5f00\u542f\u6269\u5bb9\u529f\u80fd\uff0c\u5219\u8be5\u6570\u636e\u5377\u4e0d\u652f\u6301\u6269\u5bb9\uff0c\u9875\u9762\u4e0d\u4f1a\u663e\u793a\u6269\u5bb9\u9009\u9879\u3002
\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u652f\u6301\u5c06\u4e00\u4e2a\u5b58\u50a8\u6c60\u5171\u4eab\u7ed9\u591a\u4e2a\u547d\u540d\u7a7a\u95f4\u4f7f\u7528\uff0c\u4ee5\u4fbf\u63d0\u9ad8\u8d44\u6e90\u5229\u7528\u6548\u7387\u3002
\u5728\u5b58\u50a8\u6c60\u5217\u8868\u4e2d\u627e\u5230\u9700\u8981\u5171\u4eab\u7684\u5b58\u50a8\u6c60\uff0c\u5728\u53f3\u4fa7\u64cd\u4f5c\u680f\u4e0b\u70b9\u51fb \u6388\u6743\u547d\u540d\u7a7a\u95f4 \u3002
\u70b9\u51fb \u81ea\u5b9a\u4e49\u547d\u540d\u7a7a\u95f4 \u53ef\u4ee5\u9010\u4e00\u9009\u62e9\u9700\u8981\u5c06\u6b64\u5b58\u50a8\u6c60\u5171\u4eab\u5230\u54ea\u4e9b\u547d\u540d\u7a7a\u95f4\u3002
\u5728\u5217\u8868\u53f3\u4fa7\u7684\u64cd\u4f5c\u680f\u4e0b\u65b9\u70b9\u51fb \u79fb\u9664\u6388\u6743 \uff0c\u53ef\u4ee5\u89e3\u9664\u6388\u6743\uff0c\u505c\u6b62\u5c06\u6b64\u5b58\u50a8\u6c60\u5171\u4eab\u5230\u8be5\u547d\u540d\u7a7a\u95f4\u3002
\u5b58\u50a8\u6c60\u6307\u5c06\u8bb8\u591a\u7269\u7406\u78c1\u76d8\u7ec4\u6210\u4e00\u4e2a\u5927\u578b\u5b58\u50a8\u8d44\u6e90\u6c60\uff0c\u672c\u5e73\u53f0\u652f\u6301\u63a5\u5165\u5404\u7c7b\u5b58\u50a8\u5382\u5546\u540e\u521b\u5efa\u5757\u5b58\u50a8\u6c60\u3001\u672c\u5730\u5b58\u50a8\u6c60\u3001\u81ea\u5b9a\u4e49\u5b58\u50a8\u6c60\uff0c\u7136\u540e\u4e3a\u5de5\u4f5c\u8d1f\u8f7d\u52a8\u6001\u914d\u7f6e\u6570\u636e\u5377\u3002
"},{"location":"end-user/kpanda/storage/sc.html#sc_1","title":"\u521b\u5efa\u5b58\u50a8\u6c60(SC)","text":"\u76ee\u524d\u652f\u6301\u901a\u8fc7 YAML \u548c\u8868\u5355\u4e24\u79cd\u65b9\u5f0f\u521b\u5efa\u5b58\u50a8\u6c60\uff0c\u8fd9\u4e24\u79cd\u65b9\u5f0f\u5404\u6709\u4f18\u52a3\uff0c\u53ef\u4ee5\u6ee1\u8db3\u4e0d\u540c\u7528\u6237\u7684\u4f7f\u7528\u9700\u6c42\u3002
\u901a\u8fc7 YAML \u521b\u5efa\u6b65\u9aa4\u66f4\u5c11\u3001\u66f4\u9ad8\u6548\uff0c\u4f46\u95e8\u69db\u8981\u6c42\u8f83\u9ad8\uff0c\u9700\u8981\u719f\u6089\u5b58\u50a8\u6c60\u7684 YAML \u6587\u4ef6\u914d\u7f6e\u3002
\u901a\u8fc7\u8868\u5355\u521b\u5efa\u66f4\u76f4\u89c2\u66f4\u7b80\u5355\uff0c\u6839\u636e\u63d0\u793a\u586b\u5199\u5bf9\u5e94\u7684\u503c\u5373\u53ef\uff0c\u4f46\u6b65\u9aa4\u66f4\u52a0\u7e41\u7410\u3002
\u5728\u96c6\u7fa4\u5217\u8868\u4e2d\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u7136\u540e\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u5bb9\u5668\u5b58\u50a8 -> \u5b58\u50a8\u6c60(SC) -> YAML \u521b\u5efa \u3002
\u5728\u5f39\u6846\u4e2d\u8f93\u5165\u6216\u7c98\u8d34\u4e8b\u5148\u51c6\u5907\u597d\u7684 YAML \u6587\u4ef6\uff0c\u7136\u540e\u5728\u5f39\u6846\u5e95\u90e8\u70b9\u51fb \u786e\u5b9a \u3002
\u652f\u6301\u4ece\u672c\u5730\u5bfc\u5165 YAML \u6587\u4ef6\u6216\u5c06\u586b\u5199\u597d\u7684\u6587\u4ef6\u4e0b\u8f7d\u4fdd\u5b58\u5230\u672c\u5730\u3002
\u5728\u96c6\u7fa4\u5217\u8868\u4e2d\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u7136\u540e\u5728\u5de6\u4fa7\u5bfc\u822a\u680f\u70b9\u51fb \u5bb9\u5668\u5b58\u50a8 -> \u5b58\u50a8\u6c60(SC) -> \u521b\u5efa\u5b58\u50a8\u6c60(SC) \u3002
\u586b\u5199\u57fa\u672c\u4fe1\u606f\uff0c\u7136\u540e\u5728\u5e95\u90e8\u70b9\u51fb \u786e\u5b9a \u3002
\u81ea\u5b9a\u4e49\u5b58\u50a8\u7cfb\u7edf
CSI \u5b58\u50a8\u9a71\u52a8\uff1a\u57fa\u4e8e\u6807\u51c6 Kubernetes \u7684\u5bb9\u5668\u5b58\u50a8\u63a5\u53e3\u63d2\u4ef6\uff0c\u9700\u9075\u5b88\u5b58\u50a8\u5382\u5546\u89c4\u5b9a\u7684\u683c\u5f0f\uff0c\u4f8b\u5982 rancher.io/local-path \u3002
HwameiStor \u5b58\u50a8\u7cfb\u7edf
lvm.hwameistor.io
\u3002hdd.hwameistor.io
Note
\u76ee\u524d HwameiStor xfs\u3001ext4 \u4e24\u79cd\u6587\u4ef6\u7cfb\u7edf\uff0c\u5176\u4e2d\u9ed8\u8ba4\u4f7f\u7528\u7684\u662f xfs \u6587\u4ef6\u7cfb\u7edf\uff0c\u5982\u679c\u60f3\u8981\u66ff\u6362\u4e3a ext4\uff0c\u53ef\u4ee5\u5728\u81ea\u5b9a\u4e49\u53c2\u6570\u6dfb\u52a0 csi.storage.k8s.io/fstype: ext4
\u5728\u5b58\u50a8\u6c60\u5217\u8868\u9875\u9762\uff0c\u627e\u5230\u9700\u8981\u66f4\u65b0\u7684\u5b58\u50a8\u6c60\uff0c\u5728\u53f3\u4fa7\u7684\u64cd\u4f5c\u680f\u4e0b\u9009\u62e9 \u7f16\u8f91 \u5373\u53ef\u901a\u8fc7\u66f4\u65b0\u5b58\u50a8\u6c60\u3002
Info
\u9009\u62e9 \u67e5\u770b YAML \u53ef\u4ee5\u67e5\u770b\u8be5\u5b58\u50a8\u6c60\u7684 YAML \u6587\u4ef6\uff0c\u4f46\u4e0d\u652f\u6301\u7f16\u8f91\u3002
"},{"location":"end-user/kpanda/storage/sc.html#sc_3","title":"\u5220\u9664\u5b58\u50a8\u6c60(SC)","text":"\u5728\u5b58\u50a8\u6c60\u5217\u8868\u9875\u9762\uff0c\u627e\u5230\u9700\u8981\u5220\u9664\u7684\u5b58\u50a8\u6c60\uff0c\u5728\u53f3\u4fa7\u7684\u64cd\u4f5c\u680f\u4e0b\u9009\u62e9 \u5220\u9664 \u3002
"},{"location":"end-user/kpanda/workloads/create-cronjob.html","title":"\u521b\u5efa\u5b9a\u65f6\u4efb\u52a1\uff08CronJob\uff09","text":"\u672c\u6587\u4ecb\u7ecd\u5982\u4f55\u901a\u8fc7\u955c\u50cf\u548c YAML \u6587\u4ef6\u4e24\u79cd\u65b9\u5f0f\u521b\u5efa\u5b9a\u65f6\u4efb\u52a1\uff08CronJob\uff09\u3002
\u5b9a\u65f6\u4efb\u52a1\uff08CronJob\uff09\u9002\u7528\u4e8e\u4e8e\u6267\u884c\u5468\u671f\u6027\u7684\u64cd\u4f5c\uff0c\u4f8b\u5982\u5907\u4efd\u3001\u62a5\u544a\u751f\u6210\u7b49\u3002\u8fd9\u4e9b\u4efb\u52a1\u53ef\u4ee5\u914d\u7f6e\u4e3a\u5468\u671f\u6027\u91cd\u590d\u7684\uff08\u4f8b\u5982\uff1a\u6bcf\u5929/\u6bcf\u5468/\u6bcf\u6708\u4e00\u6b21\uff09\uff0c\u53ef\u4ee5\u5b9a\u4e49\u4efb\u52a1\u5f00\u59cb\u6267\u884c\u7684\u65f6\u95f4\u95f4\u9694\u3002
"},{"location":"end-user/kpanda/workloads/create-cronjob.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u521b\u5efa\u5b9a\u65f6\u4efb\u52a1\uff08CronJob\uff09\u4e4b\u524d\uff0c\u9700\u8981\u6ee1\u8db3\u4ee5\u4e0b\u524d\u63d0\u6761\u4ef6\uff1a
\u5728\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u4e2d\u63a5\u5165 Kubernetes \u96c6\u7fa4\u6216\u8005\u7ba1\u7406\u5458\u5df2\u4e3a\u7528\u6237\u521b\u5efa\u4e86\u96c6\u7fa4\uff0c\u4e14\u80fd\u591f\u8bbf\u95ee\u96c6\u7fa4\u7684 UI \u754c\u9762\u3002
\u521b\u5efa\u4e00\u4e2a\u547d\u540d\u7a7a\u95f4\u548c\u7528\u6237\u3002
\u5f53\u524d\u64cd\u4f5c\u7528\u6237\u5e94\u5177\u6709 NS Editor \u6216\u66f4\u9ad8\u6743\u9650\uff0c\u8be6\u60c5\u53ef\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u6388\u6743\u3002
\u5355\u4e2a\u5b9e\u4f8b\u4e2d\u6709\u591a\u4e2a\u5bb9\u5668\u65f6\uff0c\u8bf7\u786e\u4fdd\u5bb9\u5668\u4f7f\u7528\u7684\u7aef\u53e3\u4e0d\u51b2\u7a81\uff0c\u5426\u5219\u90e8\u7f72\u4f1a\u5931\u6548\u3002
\u53c2\u8003\u4ee5\u4e0b\u6b65\u9aa4\uff0c\u4f7f\u7528\u955c\u50cf\u521b\u5efa\u4e00\u4e2a\u5b9a\u65f6\u4efb\u52a1\u3002
\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u4e0a\u7684 \u96c6\u7fa4\u5217\u8868 \uff0c\u7136\u540e\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u9875\u9762\u3002
\u5728\u96c6\u7fa4\u8be6\u60c5\u9875\u9762\uff0c\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u7684 \u5de5\u4f5c\u8d1f\u8f7d -> \u5b9a\u65f6\u4efb\u52a1 \uff0c\u7136\u540e\u70b9\u51fb\u9875\u9762\u53f3\u4e0a\u89d2\u7684 \u955c\u50cf\u521b\u5efa \u6309\u94ae\u3002
\u4f9d\u6b21\u586b\u5199\u57fa\u672c\u4fe1\u606f\u3001\u5bb9\u5668\u914d\u7f6e\u3001\u5b9a\u65f6\u4efb\u52a1\u914d\u7f6e\u3001\u9ad8\u7ea7\u914d\u7f6e\u540e\uff0c\u5728\u9875\u9762\u53f3\u4e0b\u89d2\u70b9\u51fb \u786e\u5b9a \u5b8c\u6210\u521b\u5efa\u3002
\u7cfb\u7edf\u5c06\u81ea\u52a8\u8fd4\u56de \u5b9a\u65f6\u4efb\u52a1 \u5217\u8868\u3002\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507 \uff0c\u53ef\u4ee5\u5bf9\u5b9a\u65f6\u4efb\u52a1\u6267\u884c\u6267\u884c\u66f4\u65b0\u3001\u5220\u9664\u3001\u91cd\u542f\u7b49\u64cd\u4f5c\u3002
\u5728 \u521b\u5efa\u5b9a\u65f6\u4efb\u52a1 \u9875\u9762\u4e2d\uff0c\u6839\u636e\u4e0b\u8868\u8f93\u5165\u4fe1\u606f\u540e\uff0c\u70b9\u51fb \u4e0b\u4e00\u6b65 \u3002
\u5bb9\u5668\u914d\u7f6e\u5206\u4e3a\u57fa\u672c\u4fe1\u606f\u3001\u751f\u547d\u5468\u671f\u3001\u5065\u5eb7\u68c0\u67e5\u3001\u73af\u5883\u53d8\u91cf\u3001\u6570\u636e\u5b58\u50a8\u3001\u5b89\u5168\u8bbe\u7f6e\u516d\u90e8\u5206\uff0c\u70b9\u51fb\u4e0b\u65b9\u7684\u76f8\u5e94\u9875\u7b7e\u53ef\u67e5\u770b\u5404\u90e8\u5206\u7684\u914d\u7f6e\u8981\u6c42\u3002
\u5bb9\u5668\u914d\u7f6e\u4ec5\u9488\u5bf9\u5355\u4e2a\u5bb9\u5668\u8fdb\u884c\u914d\u7f6e\uff0c\u5982\u9700\u5728\u4e00\u4e2a\u5bb9\u5668\u7ec4\u4e2d\u6dfb\u52a0\u591a\u4e2a\u5bb9\u5668\uff0c\u53ef\u70b9\u51fb\u53f3\u4fa7\u7684 + \u6dfb\u52a0\u591a\u4e2a\u5bb9\u5668\u3002
\u57fa\u672c\u4fe1\u606f\uff08\u5fc5\u586b\uff09\u751f\u547d\u5468\u671f\uff08\u9009\u586b\uff09\u5065\u5eb7\u68c0\u67e5\uff08\u9009\u586b\uff09\u73af\u5883\u53d8\u91cf\uff08\u9009\u586b\uff09\u6570\u636e\u5b58\u50a8\uff08\u9009\u586b\uff09\u5b89\u5168\u8bbe\u7f6e\uff08\u9009\u586b\uff09\u5728\u914d\u7f6e\u5bb9\u5668\u76f8\u5173\u53c2\u6570\u65f6\uff0c\u5fc5\u987b\u6b63\u786e\u586b\u5199\u5bb9\u5668\u7684\u540d\u79f0\u3001\u955c\u50cf\u53c2\u6570\uff0c\u5426\u5219\u5c06\u65e0\u6cd5\u8fdb\u5165\u4e0b\u4e00\u6b65\u3002\u53c2\u8003\u4ee5\u4e0b\u8981\u6c42\u586b\u5199\u914d\u7f6e\u540e\uff0c\u70b9\u51fb \u786e\u8ba4 \u3002
\u5de5\u4f5c\u5bb9\u5668
\u3002\u6709\u5173\u521d\u59cb\u5316\u5bb9\u5668\uff0c\u53c2\u89c1 k8s \u5b98\u65b9\u6587\u6863\u3002\u8bbe\u7f6e GPU \u4e4b\u524d\uff0c\u9700\u8981\u7ba1\u7406\u5458\u9884\u5148\u5728\u96c6\u7fa4\u4e0a\u5b89\u88c5 GPU Operator \u548c nvidia-vgpu\uff08\u4ec5 vGPU \u6a21\u5f0f\u9700\u8981\u5b89\u88c5\uff09\uff0c\u5e76\u5728\u96c6\u7fa4\u8bbe\u7f6e\u4e2d\u5f00\u542f GPU \u7279\u6027\u3002
\u8bbe\u7f6e\u5bb9\u5668\u542f\u52a8\u65f6\u3001\u542f\u52a8\u540e\u3001\u505c\u6b62\u524d\u9700\u8981\u6267\u884c\u7684\u547d\u4ee4\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u5bb9\u5668\u751f\u547d\u5468\u671f\u914d\u7f6e\u3002
\u7528\u4e8e\u5224\u65ad\u5bb9\u5668\u548c\u5e94\u7528\u7684\u5065\u5eb7\u72b6\u6001\uff0c\u6709\u52a9\u4e8e\u63d0\u9ad8\u5e94\u7528\u7684\u53ef\u7528\u6027\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u5bb9\u5668\u5065\u5eb7\u68c0\u67e5\u914d\u7f6e\u3002
\u914d\u7f6e Pod \u5185\u7684\u5bb9\u5668\u53c2\u6570\uff0c\u4e3a Pod \u6dfb\u52a0\u73af\u5883\u53d8\u91cf\u6216\u4f20\u9012\u914d\u7f6e\u7b49\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u5bb9\u5668\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002
\u914d\u7f6e\u5bb9\u5668\u6302\u8f7d\u6570\u636e\u5377\u548c\u6570\u636e\u6301\u4e45\u5316\u7684\u8bbe\u7f6e\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u5bb9\u5668\u6570\u636e\u5b58\u50a8\u914d\u7f6e\u3002
\u901a\u8fc7 Linux \u5185\u7f6e\u7684\u8d26\u53f7\u6743\u9650\u9694\u79bb\u673a\u5236\u6765\u5bf9\u5bb9\u5668\u8fdb\u884c\u5b89\u5168\u9694\u79bb\u3002\u60a8\u53ef\u4ee5\u901a\u8fc7\u4f7f\u7528\u4e0d\u540c\u6743\u9650\u7684\u8d26\u53f7 UID\uff08\u6570\u5b57\u8eab\u4efd\u6807\u8bb0\uff09\u6765\u9650\u5236\u5bb9\u5668\u7684\u6743\u9650\u3002\u4f8b\u5982\uff0c\u8f93\u5165 0 \u8868\u793a\u4f7f\u7528 root \u8d26\u53f7\u7684\u6743\u9650\u3002
"},{"location":"end-user/kpanda/workloads/create-cronjob.html#_5","title":"\u5b9a\u65f6\u4efb\u52a1\u914d\u7f6e","text":"\u5e76\u53d1\u7b56\u7565\uff1a\u662f\u5426\u5141\u8bb8\u591a\u4e2a Job \u4efb\u52a1\u5e76\u884c\u6267\u884c\u3002
\u4e0a\u8ff0\u89c4\u5219\u4ec5\u9002\u7528\u4e8e\u540c\u4e00\u4e2a CronJob \u521b\u5efa\u7684\u591a\u4e2a\u4efb\u52a1\u3002\u591a\u4e2a CronJob \u521b\u5efa\u7684\u591a\u4e2a\u4efb\u52a1\u603b\u662f\u5141\u8bb8\u5e76\u53d1\u6267\u884c\u3002
\u5b9a\u65f6\u89c4\u5219\uff1a\u57fa\u4e8e\u5206\u949f\u3001\u5c0f\u65f6\u3001\u5929\u3001\u5468\u3001\u6708\u8bbe\u7f6e\u4efb\u52a1\u6267\u884c\u7684\u65f6\u95f4\u5468\u671f\u3002\u652f\u6301\u7528\u6570\u5b57\u548c *
\u81ea\u5b9a\u4e49 Cron \u8868\u8fbe\u5f0f\uff0c\u8f93\u5165\u8868\u8fbe\u5f0f\u540e\u4e0b\u65b9\u4f1a\u63d0\u793a\u5f53\u524d\u8868\u8fbe\u5f0f\u7684\u542b\u4e49\u3002\u6709\u5173\u8be6\u7ec6\u7684\u8868\u8fbe\u5f0f\u8bed\u6cd5\u89c4\u5219\uff0c\u53ef\u53c2\u8003 Cron \u65f6\u95f4\u8868\u8bed\u6cd5\u3002
\u4e3a\u6709\u72b6\u6001\u8d1f\u8f7d\u914d\u7f6e\u670d\u52a1\uff08Service\uff09\uff0c\u4f7f\u6709\u72b6\u6001\u8d1f\u8f7d\u80fd\u591f\u88ab\u5916\u90e8\u8bbf\u95ee\u3002
\u70b9\u51fb \u521b\u5efa\u670d\u52a1 \u6309\u94ae\u3002
\u53c2\u8003\u521b\u5efa\u670d\u52a1\uff0c\u914d\u7f6e\u670d\u52a1\u53c2\u6570\u3002
\u70b9\u51fb \u786e\u5b9a \uff0c\u70b9\u51fb \u4e0b\u4e00\u6b65 \u3002
\u5b9a\u65f6\u4efb\u52a1\u7684\u9ad8\u7ea7\u914d\u7f6e\u4e3b\u8981\u6d89\u53ca\u6807\u7b7e\u4e0e\u6ce8\u89e3\u3002
\u53ef\u4ee5\u70b9\u51fb \u6dfb\u52a0 \u6309\u94ae\u4e3a\u5de5\u4f5c\u8d1f\u8f7d\u5b9e\u4f8b Pod \u6dfb\u52a0\u6807\u7b7e\u548c\u6ce8\u89e3\u3002
"},{"location":"end-user/kpanda/workloads/create-cronjob.html#yaml","title":"YAML \u521b\u5efa","text":"\u9664\u4e86\u901a\u8fc7\u955c\u50cf\u65b9\u5f0f\u5916\uff0c\u8fd8\u53ef\u4ee5\u901a\u8fc7 YAML \u6587\u4ef6\u66f4\u5feb\u901f\u5730\u521b\u5efa\u521b\u5efa\u5b9a\u65f6\u4efb\u52a1\u3002
\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u4e0a\u7684 \u96c6\u7fa4\u5217\u8868 \uff0c\u7136\u540e\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u9875\u9762\u3002
\u5728\u96c6\u7fa4\u8be6\u60c5\u9875\u9762\uff0c\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u7684 \u5de5\u4f5c\u8d1f\u8f7d -> \u5b9a\u65f6\u4efb\u52a1 \uff0c\u7136\u540e\u70b9\u51fb\u9875\u9762\u53f3\u4e0a\u89d2\u7684 YAML \u521b\u5efa \u6309\u94ae\u3002
\u8f93\u5165\u6216\u7c98\u8d34\u4e8b\u5148\u51c6\u5907\u597d\u7684 YAML \u6587\u4ef6\uff0c\u70b9\u51fb \u786e\u5b9a \u5373\u53ef\u5b8c\u6210\u521b\u5efa\u3002
apiVersion: batch/v1\nkind: CronJob\nmetadata:\n creationTimestamp: '2022-12-26T09:45:47Z'\n generation: 1\n name: demo\n namespace: default\n resourceVersion: '92726617'\n uid: d030d8d7-a405-4dcd-b09a-176942ef36c9\nspec:\n concurrencyPolicy: Allow\n failedJobsHistoryLimit: 1\n jobTemplate:\n metadata:\n creationTimestamp: null\n spec:\n activeDeadlineSeconds: 360\n backoffLimit: 6\n template:\n metadata:\n creationTimestamp: null\n spec:\n containers:\n - image: nginx\n imagePullPolicy: IfNotPresent\n lifecycle: {}\n name: container-3\n resources:\n limits:\n cpu: 250m\n memory: 512Mi\n requests:\n cpu: 250m\n memory: 512Mi\n securityContext:\n privileged: false\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n dnsPolicy: ClusterFirst\n restartPolicy: Never\n schedulerName: default-scheduler\n securityContext: {}\n terminationGracePeriodSeconds: 30\n schedule: 0 0 13 * 5\n successfulJobsHistoryLimit: 3\n suspend: false\nstatus: {}\n
"},{"location":"end-user/kpanda/workloads/create-daemonset.html","title":"\u521b\u5efa\u5b88\u62a4\u8fdb\u7a0b(DaemonSet)","text":"\u672c\u6587\u4ecb\u7ecd\u5982\u4f55\u901a\u8fc7\u955c\u50cf\u548c YAML \u6587\u4ef6\u4e24\u79cd\u65b9\u5f0f\u521b\u5efa\u5b88\u62a4\u8fdb\u7a0b\uff08DaemonSet\uff09\u3002
\u5b88\u62a4\u8fdb\u7a0b\uff08DaemonSet\uff09\u901a\u8fc7\u8282\u70b9\u4eb2\u548c\u6027\u4e0e\u6c61\u70b9\u529f\u80fd\u786e\u4fdd\u5728\u5168\u90e8\u6216\u90e8\u5206\u8282\u70b9\u4e0a\u8fd0\u884c\u4e00\u4e2a Pod \u7684\u526f\u672c\u3002\u5bf9\u4e8e\u65b0\u52a0\u5165\u96c6\u7fa4\u7684\u8282\u70b9\uff0cDaemonSet \u81ea\u52a8\u5728\u65b0\u8282\u70b9\u4e0a\u90e8\u7f72\u76f8\u5e94\u7684 Pod\uff0c\u5e76\u8ddf\u8e2a Pod \u7684\u8fd0\u884c\u72b6\u6001\u3002\u5f53\u8282\u70b9\u88ab\u79fb\u9664\u65f6\uff0cDaemonSet \u5219\u5220\u9664\u5176\u521b\u5efa\u7684\u6240\u6709 Pod\u3002
\u5b88\u62a4\u8fdb\u7a0b\u7684\u5e38\u89c1\u7528\u4f8b\u5305\u62ec\uff1a
\u5728\u6bcf\u4e2a\u8282\u70b9\u4e0a\u8fd0\u884c\u96c6\u7fa4\u5b88\u62a4\u8fdb\u7a0b\u3002
\u5728\u6bcf\u4e2a\u8282\u70b9\u4e0a\u8fd0\u884c\u65e5\u5fd7\u6536\u96c6\u5b88\u62a4\u8fdb\u7a0b\u3002
\u5728\u6bcf\u4e2a\u8282\u70b9\u4e0a\u8fd0\u884c\u76d1\u63a7\u5b88\u62a4\u8fdb\u7a0b\u3002
\u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5728\u6bcf\u4e2a\u8282\u70b9\u4e0a\u4e3a\u6bcf\u79cd\u7c7b\u578b\u7684\u5b88\u62a4\u8fdb\u7a0b\u90fd\u542f\u52a8\u4e00\u4e2a DaemonSet\u3002\u5982\u9700\u66f4\u7cbe\u7ec6\u3001\u66f4\u9ad8\u7ea7\u5730\u7ba1\u7406\u5b88\u62a4\u8fdb\u7a0b\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u540c\u4e00\u79cd\u5b88\u62a4\u8fdb\u7a0b\u90e8\u7f72\u591a\u4e2a DaemonSet\u3002\u6bcf\u4e2a DaemonSet \u5177\u6709\u4e0d\u540c\u7684\u6807\u5fd7\uff0c\u5e76\u4e14\u5bf9\u4e0d\u540c\u786c\u4ef6\u7c7b\u578b\u5177\u6709\u4e0d\u540c\u7684\u5185\u5b58\u3001CPU \u8981\u6c42\u3002
"},{"location":"end-user/kpanda/workloads/create-daemonset.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u521b\u5efa DaemonSet \u4e4b\u524d\uff0c\u9700\u8981\u6ee1\u8db3\u4ee5\u4e0b\u524d\u63d0\u6761\u4ef6\uff1a
\u5728\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u4e2d\u63a5\u5165 Kubernetes \u96c6\u7fa4\u6216\u8005\u7ba1\u7406\u5458\u5df2\u4e3a\u7528\u6237\u521b\u5efa\u4e86\u96c6\u7fa4\uff0c\u4e14\u80fd\u591f\u8bbf\u95ee\u96c6\u7fa4\u7684 UI \u754c\u9762\u3002
\u521b\u5efa\u4e00\u4e2a\u547d\u540d\u7a7a\u95f4\u548c\u7528\u6237\u3002
\u5f53\u524d\u64cd\u4f5c\u7528\u6237\u5e94\u5177\u6709 NS Editor \u6216\u66f4\u9ad8\u6743\u9650\uff0c\u8be6\u60c5\u53ef\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u6388\u6743\u3002
\u5355\u4e2a\u5b9e\u4f8b\u4e2d\u6709\u591a\u4e2a\u5bb9\u5668\u65f6\uff0c\u8bf7\u786e\u4fdd\u5bb9\u5668\u4f7f\u7528\u7684\u7aef\u53e3\u4e0d\u51b2\u7a81\uff0c\u5426\u5219\u90e8\u7f72\u4f1a\u5931\u6548\u3002
\u53c2\u8003\u4ee5\u4e0b\u6b65\u9aa4\uff0c\u4f7f\u7528\u955c\u50cf\u521b\u5efa\u4e00\u4e2a\u5b88\u62a4\u8fdb\u7a0b\u3002
\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u4e0a\u7684 \u96c6\u7fa4\u5217\u8868 \uff0c\u7136\u540e\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u9875\u9762\u3002
\u5728\u96c6\u7fa4\u8be6\u60c5\u9875\u9762\uff0c\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u7684 \u5de5\u4f5c\u8d1f\u8f7d -> \u5b88\u62a4\u8fdb\u7a0b \uff0c\u7136\u540e\u70b9\u51fb\u9875\u9762\u53f3\u4e0a\u89d2\u7684 \u955c\u50cf\u521b\u5efa \u6309\u94ae\u3002
\u4f9d\u6b21\u586b\u5199\u57fa\u672c\u4fe1\u606f\u3001\u5bb9\u5668\u914d\u7f6e\u3001\u670d\u52a1\u914d\u7f6e\u3001\u9ad8\u7ea7\u914d\u7f6e\u540e\uff0c\u5728\u9875\u9762\u53f3\u4e0b\u89d2\u70b9\u51fb \u786e\u5b9a \u5b8c\u6210\u521b\u5efa\u3002
\u7cfb\u7edf\u5c06\u81ea\u52a8\u8fd4\u56de \u5b88\u62a4\u8fdb\u7a0b \u5217\u8868\u3002\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507 \uff0c\u53ef\u4ee5\u5bf9\u5b88\u62a4\u8fdb\u7a0b\u6267\u884c\u6267\u884c\u66f4\u65b0\u3001\u5220\u9664\u3001\u91cd\u542f\u7b49\u64cd\u4f5c\u3002
\u5728 \u521b\u5efa\u5b88\u62a4\u8fdb\u7a0b \u9875\u9762\u4e2d\uff0c\u6839\u636e\u4e0b\u8868\u8f93\u5165\u4fe1\u606f\u540e\uff0c\u70b9\u51fb \u4e0b\u4e00\u6b65 \u3002
\u5bb9\u5668\u914d\u7f6e\u5206\u4e3a\u57fa\u672c\u4fe1\u606f\u3001\u751f\u547d\u5468\u671f\u3001\u5065\u5eb7\u68c0\u67e5\u3001\u73af\u5883\u53d8\u91cf\u3001\u6570\u636e\u5b58\u50a8\u3001\u5b89\u5168\u8bbe\u7f6e\u516d\u90e8\u5206\uff0c\u70b9\u51fb\u4e0b\u65b9\u7684\u76f8\u5e94\u9875\u7b7e\u53ef\u67e5\u770b\u5404\u90e8\u5206\u7684\u914d\u7f6e\u8981\u6c42\u3002
\u5bb9\u5668\u914d\u7f6e\u4ec5\u9488\u5bf9\u5355\u4e2a\u5bb9\u5668\u8fdb\u884c\u914d\u7f6e\uff0c\u5982\u9700\u5728\u4e00\u4e2a\u5bb9\u5668\u7ec4\u4e2d\u6dfb\u52a0\u591a\u4e2a\u5bb9\u5668\uff0c\u53ef\u70b9\u51fb\u53f3\u4fa7\u7684 + \u6dfb\u52a0\u591a\u4e2a\u5bb9\u5668\u3002
\u57fa\u672c\u4fe1\u606f\uff08\u5fc5\u586b\uff09\u751f\u547d\u5468\u671f\uff08\u9009\u586b\uff09\u5065\u5eb7\u68c0\u67e5\uff08\u9009\u586b\uff09\u73af\u5883\u53d8\u91cf\uff08\u9009\u586b\uff09\u6570\u636e\u5b58\u50a8\uff08\u9009\u586b\uff09\u5b89\u5168\u8bbe\u7f6e\uff08\u9009\u586b\uff09\u5728\u914d\u7f6e\u5bb9\u5668\u76f8\u5173\u53c2\u6570\u65f6\uff0c\u5fc5\u987b\u6b63\u786e\u586b\u5199\u5bb9\u5668\u7684\u540d\u79f0\u3001\u955c\u50cf\u53c2\u6570\uff0c\u5426\u5219\u5c06\u65e0\u6cd5\u8fdb\u5165\u4e0b\u4e00\u6b65\u3002\u53c2\u8003\u4ee5\u4e0b\u8981\u6c42\u586b\u5199\u914d\u7f6e\u540e\uff0c\u70b9\u51fb \u786e\u8ba4 \u3002
\u5de5\u4f5c\u5bb9\u5668
\u3002\u6709\u5173\u521d\u59cb\u5316\u5bb9\u5668\uff0c\u53c2\u89c1 k8s \u5b98\u65b9\u6587\u6863\u3002\u8bbe\u7f6e GPU \u4e4b\u524d\uff0c\u9700\u8981\u7ba1\u7406\u5458\u9884\u5148\u5728\u96c6\u7fa4\u4e0a\u5b89\u88c5 GPU Operator \u548c nvidia-vgpu\uff08\u4ec5 vGPU \u6a21\u5f0f\u9700\u8981\u5b89\u88c5\uff09\uff0c\u5e76\u5728\u96c6\u7fa4\u8bbe\u7f6e\u4e2d\u5f00\u542f GPU \u7279\u6027\u3002
\u8bbe\u7f6e\u5bb9\u5668\u542f\u52a8\u65f6\u3001\u542f\u52a8\u540e\u3001\u505c\u6b62\u524d\u9700\u8981\u6267\u884c\u7684\u547d\u4ee4\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u5bb9\u5668\u751f\u547d\u5468\u671f\u914d\u7f6e\u3002
\u7528\u4e8e\u5224\u65ad\u5bb9\u5668\u548c\u5e94\u7528\u7684\u5065\u5eb7\u72b6\u6001\uff0c\u6709\u52a9\u4e8e\u63d0\u9ad8\u5e94\u7528\u7684\u53ef\u7528\u6027\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u5bb9\u5668\u5065\u5eb7\u68c0\u67e5\u914d\u7f6e\u3002
\u914d\u7f6e Pod \u5185\u7684\u5bb9\u5668\u53c2\u6570\uff0c\u4e3a Pod \u6dfb\u52a0\u73af\u5883\u53d8\u91cf\u6216\u4f20\u9012\u914d\u7f6e\u7b49\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u5bb9\u5668\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002
\u914d\u7f6e\u5bb9\u5668\u6302\u8f7d\u6570\u636e\u5377\u548c\u6570\u636e\u6301\u4e45\u5316\u7684\u8bbe\u7f6e\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u5bb9\u5668\u6570\u636e\u5b58\u50a8\u914d\u7f6e\u3002
\u901a\u8fc7 Linux \u5185\u7f6e\u7684\u8d26\u53f7\u6743\u9650\u9694\u79bb\u673a\u5236\u6765\u5bf9\u5bb9\u5668\u8fdb\u884c\u5b89\u5168\u9694\u79bb\u3002\u60a8\u53ef\u4ee5\u901a\u8fc7\u4f7f\u7528\u4e0d\u540c\u6743\u9650\u7684\u8d26\u53f7 UID\uff08\u6570\u5b57\u8eab\u4efd\u6807\u8bb0\uff09\u6765\u9650\u5236\u5bb9\u5668\u7684\u6743\u9650\u3002\u4f8b\u5982\uff0c\u8f93\u5165 0 \u8868\u793a\u4f7f\u7528 root \u8d26\u53f7\u7684\u6743\u9650\u3002
"},{"location":"end-user/kpanda/workloads/create-daemonset.html#_5","title":"\u670d\u52a1\u914d\u7f6e","text":"\u4e3a\u5b88\u62a4\u8fdb\u7a0b\u521b\u5efa\u670d\u52a1\uff08Service\uff09\uff0c\u4f7f\u5b88\u62a4\u8fdb\u7a0b\u80fd\u591f\u88ab\u5916\u90e8\u8bbf\u95ee\u3002
\u70b9\u51fb \u521b\u5efa\u670d\u52a1 \u6309\u94ae\u3002
\u914d\u7f6e\u670d\u52a1\u53c2\u6570\uff0c\u8be6\u60c5\u8bf7\u53c2\u8003\u521b\u5efa\u670d\u52a1\u3002
\u70b9\u51fb \u786e\u5b9a \uff0c\u70b9\u51fb \u4e0b\u4e00\u6b65 \u3002
\u9ad8\u7ea7\u914d\u7f6e\u5305\u62ec\u8d1f\u8f7d\u7684\u7f51\u7edc\u914d\u7f6e\u3001\u5347\u7ea7\u7b56\u7565\u3001\u8c03\u5ea6\u7b56\u7565\u3001\u6807\u7b7e\u4e0e\u6ce8\u89e3\u56db\u90e8\u5206\uff0c\u53ef\u70b9\u51fb\u4e0b\u65b9\u7684\u9875\u7b7e\u67e5\u770b\u5404\u90e8\u5206\u7684\u914d\u7f6e\u8981\u6c42\u3002
\u7f51\u7edc\u914d\u7f6e\u5347\u7ea7\u7b56\u7565\u8c03\u5ea6\u7b56\u7565\u6807\u7b7e\u4e0e\u6ce8\u89e3\u5e94\u7528\u5728\u67d0\u4e9b\u573a\u666f\u4e0b\u4f1a\u51fa\u73b0\u5197\u4f59\u7684 DNS \u67e5\u8be2\u3002Kubernetes \u4e3a\u5e94\u7528\u63d0\u4f9b\u4e86\u4e0e DNS \u76f8\u5173\u7684\u914d\u7f6e\u9009\u9879\uff0c\u80fd\u591f\u5728\u67d0\u4e9b\u573a\u666f\u4e0b\u6709\u6548\u5730\u51cf\u5c11\u5197\u4f59\u7684 DNS \u67e5\u8be2\uff0c\u63d0\u5347\u4e1a\u52a1\u5e76\u53d1\u91cf\u3002
DNS \u7b56\u7565
\u57df\u540d\u670d\u52a1\u5668\uff1a\u586b\u5199\u57df\u540d\u670d\u52a1\u5668\u7684\u5730\u5740\uff0c\u4f8b\u5982 10.6.175.20 \u3002
\u5177\u4f53\u8be6\u60c5\u8bf7\u53c2\u8003\u8c03\u5ea6\u7b56\u7565\u3002
\u53ef\u4ee5\u70b9\u51fb \u6dfb\u52a0 \u6309\u94ae\u4e3a\u5de5\u4f5c\u8d1f\u8f7d\u548c\u5bb9\u5668\u7ec4\u6dfb\u52a0\u6807\u7b7e\u548c\u6ce8\u89e3\u3002
"},{"location":"end-user/kpanda/workloads/create-daemonset.html#yaml","title":"YAML \u521b\u5efa","text":"\u9664\u4e86\u901a\u8fc7\u955c\u50cf\u65b9\u5f0f\u5916\uff0c\u8fd8\u53ef\u4ee5\u901a\u8fc7 YAML \u6587\u4ef6\u66f4\u5feb\u901f\u5730\u521b\u5efa\u521b\u5efa\u5b88\u62a4\u8fdb\u7a0b\u3002
\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u4e0a\u7684 \u96c6\u7fa4\u5217\u8868 \uff0c\u7136\u540e\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u9875\u9762\u3002
\u5728\u96c6\u7fa4\u8be6\u60c5\u9875\u9762\uff0c\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u7684 \u5de5\u4f5c\u8d1f\u8f7d -> \u5b88\u62a4\u8fdb\u7a0b \uff0c\u7136\u540e\u70b9\u51fb\u9875\u9762\u53f3\u4e0a\u89d2\u7684 YAML \u521b\u5efa \u6309\u94ae\u3002
\u8f93\u5165\u6216\u7c98\u8d34\u4e8b\u5148\u51c6\u5907\u597d\u7684 YAML \u6587\u4ef6\uff0c\u70b9\u51fb \u786e\u5b9a \u5373\u53ef\u5b8c\u6210\u521b\u5efa\u3002
kind: DaemonSet\napiVersion: apps/v1\nmetadata:\n name: hwameistor-local-disk-manager\n namespace: hwameistor\n uid: ccbdc098-7de3-4a8a-96dd-d1cee159c92b\n resourceVersion: '90999552'\n generation: 1\n creationTimestamp: '2022-12-15T09:03:44Z'\n labels:\n app.kubernetes.io/managed-by: Helm\n annotations:\n deprecated.daemonset.template.generation: '1'\n meta.helm.sh/release-name: hwameistor\n meta.helm.sh/release-namespace: hwameistor\nspec:\n selector:\n matchLabels:\n app: hwameistor-local-disk-manager\n template:\n metadata:\n creationTimestamp: null\n labels:\n app: hwameistor-local-disk-manager\n spec:\n volumes:\n - name: udev\n hostPath:\n path: /run/udev\n type: Directory\n - name: procmount\n hostPath:\n path: /proc\n type: Directory\n - name: devmount\n hostPath:\n path: /dev\n type: Directory\n - name: socket-dir\n hostPath:\n path: /var/lib/kubelet/plugins/disk.hwameistor.io\n type: DirectoryOrCreate\n - name: registration-dir\n hostPath:\n path: /var/lib/kubelet/plugins_registry/\n type: Directory\n - name: plugin-dir\n hostPath:\n path: /var/lib/kubelet/plugins\n type: DirectoryOrCreate\n - name: pods-mount-dir\n hostPath:\n path: /var/lib/kubelet/pods\n type: DirectoryOrCreate\n containers:\n - name: registrar\n image: k8s-gcr.m.daocloud.io/sig-storage/csi-node-driver-registrar:v2.5.0\n args:\n - '--v=5'\n - '--csi-address=/csi/csi.sock'\n - >-\n --kubelet-registration-path=/var/lib/kubelet/plugins/disk.hwameistor.io/csi.sock\n env:\n - name: KUBE_NODE_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: spec.nodeName\n resources: {}\n volumeMounts:\n - name: socket-dir\n mountPath: /csi\n - name: registration-dir\n mountPath: /registration\n lifecycle:\n preStop:\n exec:\n command:\n - /bin/sh\n - '-c'\n - >-\n rm -rf /registration/disk.hwameistor.io \n /registration/disk.hwameistor.io-reg.sock\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: IfNotPresent\n - name: manager\n image: ghcr.m.daocloud.io/hwameistor/local-disk-manager:v0.6.1\n command:\n - /local-disk-manager\n args:\n - '--endpoint=$(CSI_ENDPOINT)'\n - '--nodeid=$(NODENAME)'\n - '--csi-enable=true'\n env:\n - name: CSI_ENDPOINT\n value: unix://var/lib/kubelet/plugins/disk.hwameistor.io/csi.sock\n - name: NAMESPACE\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n - name: WATCH_NAMESPACE\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n - name: POD_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.name\n - name: NODENAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: spec.nodeName\n - name: OPERATOR_NAME\n value: local-disk-manager\n resources: {}\n volumeMounts:\n - name: udev\n mountPath: /run/udev\n - name: procmount\n readOnly: true\n mountPath: /host/proc\n - name: devmount\n mountPath: /dev\n - name: registration-dir\n mountPath: /var/lib/kubelet/plugins_registry\n - name: plugin-dir\n mountPath: /var/lib/kubelet/plugins\n mountPropagation: Bidirectional\n - name: pods-mount-dir\n mountPath: /var/lib/kubelet/pods\n mountPropagation: Bidirectional\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: IfNotPresent\n securityContext:\n privileged: true\n restartPolicy: Always\n terminationGracePeriodSeconds: 30\n dnsPolicy: ClusterFirst\n serviceAccountName: hwameistor-admin\n serviceAccount: hwameistor-admin\n hostNetwork: true\n hostPID: true\n securityContext: {}\n schedulerName: default-scheduler\n tolerations:\n - key: CriticalAddonsOnly\n operator: Exists\n - key: node.kubernetes.io/not-ready\n operator: Exists\n effect: NoSchedule\n - key: node-role.kubernetes.io/master\n operator: Exists\n effect: NoSchedule\n - key: node-role.kubernetes.io/control-plane\n operator: Exists\n effect: NoSchedule\n - key: node.cloudprovider.kubernetes.io/uninitialized\n operator: Exists\n effect: NoSchedule\n updateStrategy:\n type: RollingUpdate\n rollingUpdate:\n maxUnavailable: 1\n maxSurge: 0\n revisionHistoryLimit: 10\nstatus:\n currentNumberScheduled: 4\n numberMisscheduled: 0\n desiredNumberScheduled: 4\n numberReady: 4\n observedGeneration: 1\n updatedNumberScheduled: 4\n numberAvailable: 4\n
"},{"location":"end-user/kpanda/workloads/create-deployment.html","title":"\u521b\u5efa\u65e0\u72b6\u6001\u8d1f\u8f7d\uff08Deployment\uff09","text":"\u672c\u6587\u4ecb\u7ecd\u5982\u4f55\u901a\u8fc7\u955c\u50cf\u548c YAML \u6587\u4ef6\u4e24\u79cd\u65b9\u5f0f\u521b\u5efa\u65e0\u72b6\u6001\u8d1f\u8f7d\u3002
\u65e0\u72b6\u6001\u8d1f\u8f7d\uff08Deployment\uff09\u662f Kubernetes \u4e2d\u7684\u4e00\u79cd\u5e38\u89c1\u8d44\u6e90\uff0c\u4e3b\u8981\u4e3a Pod \u548c ReplicaSet \u63d0\u4f9b\u58f0\u660e\u5f0f\u66f4\u65b0\uff0c\u652f\u6301\u5f39\u6027\u4f38\u7f29\u3001\u6eda\u52a8\u5347\u7ea7\u3001\u7248\u672c\u56de\u9000\u7b49\u529f\u80fd\u3002\u5728 Deployment \u4e2d\u58f0\u660e\u671f\u671b\u7684 Pod \u72b6\u6001\uff0cDeployment Controller \u4f1a\u901a\u8fc7 ReplicaSet \u4fee\u6539\u5f53\u524d\u72b6\u6001\uff0c\u4f7f\u5176\u8fbe\u5230\u9884\u5148\u58f0\u660e\u7684\u671f\u671b\u72b6\u6001\u3002Deployment \u662f\u65e0\u72b6\u6001\u7684\uff0c\u4e0d\u652f\u6301\u6570\u636e\u6301\u4e45\u5316\uff0c\u9002\u7528\u4e8e\u90e8\u7f72\u65e0\u72b6\u6001\u7684\u3001\u4e0d\u9700\u8981\u4fdd\u5b58\u6570\u636e\u3001\u968f\u65f6\u53ef\u4ee5\u91cd\u542f\u56de\u6eda\u7684\u5e94\u7528\u3002
\u901a\u8fc7\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u7684\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\uff0c\u53ef\u4ee5\u57fa\u4e8e\u76f8\u5e94\u7684\u89d2\u8272\u6743\u9650\u8f7b\u677e\u7ba1\u7406\u591a\u4e91\u591a\u96c6\u7fa4\u4e0a\u7684\u5de5\u4f5c\u8d1f\u8f7d\uff0c\u5305\u62ec\u5bf9\u65e0\u72b6\u6001\u8d1f\u8f7d\u7684\u521b\u5efa\u3001\u66f4\u65b0\u3001\u5220\u9664\u3001\u5f39\u6027\u6269\u7f29\u3001\u91cd\u542f\u3001\u7248\u672c\u56de\u9000\u7b49\u5168\u751f\u547d\u5468\u671f\u7ba1\u7406\u3002
"},{"location":"end-user/kpanda/workloads/create-deployment.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u5728\u4f7f\u7528\u955c\u50cf\u521b\u5efa\u65e0\u72b6\u6001\u8d1f\u8f7d\u4e4b\u524d\uff0c\u9700\u8981\u6ee1\u8db3\u4ee5\u4e0b\u524d\u63d0\u6761\u4ef6\uff1a
\u5728\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u4e2d\u63a5\u5165 Kubernetes \u96c6\u7fa4\u6216\u8005\u7ba1\u7406\u5458\u5df2\u4e3a\u7528\u6237\u521b\u5efa\u4e86\u96c6\u7fa4\uff0c\u4e14\u80fd\u591f\u8bbf\u95ee\u96c6\u7fa4\u7684 UI \u754c\u9762\u3002
\u521b\u5efa\u4e00\u4e2a\u547d\u540d\u7a7a\u95f4\u548c\u7528\u6237\u3002
\u5f53\u524d\u64cd\u4f5c\u7528\u6237\u5e94\u5177\u6709 NS Editor \u6216\u66f4\u9ad8\u6743\u9650\uff0c\u8be6\u60c5\u53ef\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u6388\u6743\u3002
\u5355\u4e2a\u5b9e\u4f8b\u4e2d\u6709\u591a\u4e2a\u5bb9\u5668\u65f6\uff0c\u8bf7\u786e\u4fdd\u5bb9\u5668\u4f7f\u7528\u7684\u7aef\u53e3\u4e0d\u51b2\u7a81\uff0c\u5426\u5219\u90e8\u7f72\u4f1a\u5931\u6548\u3002
\u53c2\u8003\u4ee5\u4e0b\u6b65\u9aa4\uff0c\u4f7f\u7528\u955c\u50cf\u521b\u5efa\u4e00\u4e2a\u65e0\u72b6\u6001\u8d1f\u8f7d\u3002
\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u4e0a\u7684 \u96c6\u7fa4\u5217\u8868 \uff0c\u7136\u540e\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u9875\u9762\u3002
\u5728\u96c6\u7fa4\u8be6\u60c5\u9875\u9762\uff0c\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u7684 \u5de5\u4f5c\u8d1f\u8f7d -> \u65e0\u72b6\u6001\u8d1f\u8f7d \uff0c\u7136\u540e\u70b9\u51fb\u9875\u9762\u53f3\u4e0a\u89d2\u7684 \u955c\u50cf\u521b\u5efa \u6309\u94ae\u3002
\u4f9d\u6b21\u586b\u5199\u57fa\u672c\u4fe1\u606f\u3001\u5bb9\u5668\u914d\u7f6e\u3001\u670d\u52a1\u914d\u7f6e\u3001\u9ad8\u7ea7\u914d\u7f6e\u540e\uff0c\u5728\u9875\u9762\u53f3\u4e0b\u89d2\u70b9\u51fb \u786e\u5b9a \u5b8c\u6210\u521b\u5efa\u3002
\u7cfb\u7edf\u5c06\u81ea\u52a8\u8fd4\u56de \u65e0\u72b6\u6001\u8d1f\u8f7d \u5217\u8868\u3002\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507 \uff0c\u53ef\u4ee5\u5bf9\u8d1f\u8f7d\u6267\u884c\u6267\u884c\u66f4\u65b0\u3001\u5220\u9664\u3001\u5f39\u6027\u6269\u7f29\u3001\u91cd\u542f\u3001\u7248\u672c\u56de\u9000\u7b49\u64cd\u4f5c\u3002\u5982\u679c\u8d1f\u8f7d\u72b6\u6001\u51fa\u73b0\u5f02\u5e38\uff0c\u8bf7\u67e5\u770b\u5177\u4f53\u5f02\u5e38\u4fe1\u606f\uff0c\u53ef\u53c2\u8003\u5de5\u4f5c\u8d1f\u8f7d\u72b6\u6001\u3002
\u63cf\u8ff0\uff1a\u8f93\u5165\u8d1f\u8f7d\u7684\u63cf\u8ff0\u4fe1\u606f\uff0c\u5185\u5bb9\u81ea\u5b9a\u4e49\u3002\u5b57\u7b26\u6570\u4e0d\u8d85\u8fc7 512\u3002
\u5bb9\u5668\u914d\u7f6e\u5206\u4e3a\u57fa\u672c\u4fe1\u606f\u3001\u751f\u547d\u5468\u671f\u3001\u5065\u5eb7\u68c0\u67e5\u3001\u73af\u5883\u53d8\u91cf\u3001\u6570\u636e\u5b58\u50a8\u3001\u5b89\u5168\u8bbe\u7f6e\u516d\u90e8\u5206\uff0c\u70b9\u51fb\u4e0b\u65b9\u7684\u76f8\u5e94\u9875\u7b7e\u53ef\u67e5\u770b\u5404\u90e8\u5206\u7684\u914d\u7f6e\u8981\u6c42\u3002
\u5bb9\u5668\u914d\u7f6e\u4ec5\u9488\u5bf9\u5355\u4e2a\u5bb9\u5668\u8fdb\u884c\u914d\u7f6e\uff0c\u5982\u9700\u5728\u4e00\u4e2a\u5bb9\u5668\u7ec4\u4e2d\u6dfb\u52a0\u591a\u4e2a\u5bb9\u5668\uff0c\u53ef\u70b9\u51fb\u53f3\u4fa7\u7684 + \u6dfb\u52a0\u591a\u4e2a\u5bb9\u5668\u3002
\u57fa\u672c\u4fe1\u606f\uff08\u5fc5\u586b\uff09\u751f\u547d\u5468\u671f\uff08\u9009\u586b\uff09\u5065\u5eb7\u68c0\u67e5\uff08\u9009\u586b\uff09\u73af\u5883\u53d8\u91cf\uff08\u9009\u586b\uff09\u6570\u636e\u5b58\u50a8\uff08\u9009\u586b\uff09\u5b89\u5168\u8bbe\u7f6e\uff08\u9009\u586b\uff09\u5728\u914d\u7f6e\u5bb9\u5668\u76f8\u5173\u53c2\u6570\u65f6\uff0c\u5fc5\u987b\u6b63\u786e\u586b\u5199\u5bb9\u5668\u7684\u540d\u79f0\u3001\u955c\u50cf\u53c2\u6570\uff0c\u5426\u5219\u5c06\u65e0\u6cd5\u8fdb\u5165\u4e0b\u4e00\u6b65\u3002\u53c2\u8003\u4ee5\u4e0b\u8981\u6c42\u586b\u5199\u914d\u7f6e\u540e\uff0c\u70b9\u51fb \u786e\u8ba4 \u3002
\u5de5\u4f5c\u5bb9\u5668
\u3002\u6709\u5173\u521d\u59cb\u5316\u5bb9\u5668\uff0c\u53c2\u89c1 k8s \u5b98\u65b9\u6587\u6863\u3002\u8bbe\u7f6e GPU \u4e4b\u524d\uff0c\u9700\u8981\u7ba1\u7406\u5458\u9884\u5148\u5728\u96c6\u7fa4\u4e0a\u5b89\u88c5 GPU Operator \u548c nvidia-vgpu\uff08\u4ec5 vGPU \u6a21\u5f0f\u9700\u8981\u5b89\u88c5\uff09\uff0c\u5e76\u5728\u96c6\u7fa4\u8bbe\u7f6e\u4e2d\u5f00\u542f GPU \u7279\u6027\u3002
\u8bbe\u7f6e\u5bb9\u5668\u542f\u52a8\u65f6\u3001\u542f\u52a8\u540e\u3001\u505c\u6b62\u524d\u9700\u8981\u6267\u884c\u7684\u547d\u4ee4\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u5bb9\u5668\u751f\u547d\u5468\u671f\u914d\u7f6e\u3002
\u7528\u4e8e\u5224\u65ad\u5bb9\u5668\u548c\u5e94\u7528\u7684\u5065\u5eb7\u72b6\u6001\uff0c\u6709\u52a9\u4e8e\u63d0\u9ad8\u5e94\u7528\u7684\u53ef\u7528\u6027\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u5bb9\u5668\u5065\u5eb7\u68c0\u67e5\u914d\u7f6e\u3002
\u914d\u7f6e Pod \u5185\u7684\u5bb9\u5668\u53c2\u6570\uff0c\u4e3a Pod \u6dfb\u52a0\u73af\u5883\u53d8\u91cf\u6216\u4f20\u9012\u914d\u7f6e\u7b49\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u5bb9\u5668\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002
\u914d\u7f6e\u5bb9\u5668\u6302\u8f7d\u6570\u636e\u5377\u548c\u6570\u636e\u6301\u4e45\u5316\u7684\u8bbe\u7f6e\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u5bb9\u5668\u6570\u636e\u5b58\u50a8\u914d\u7f6e\u3002
\u901a\u8fc7 Linux \u5185\u7f6e\u7684\u8d26\u53f7\u6743\u9650\u9694\u79bb\u673a\u5236\u6765\u5bf9\u5bb9\u5668\u8fdb\u884c\u5b89\u5168\u9694\u79bb\u3002\u60a8\u53ef\u4ee5\u901a\u8fc7\u4f7f\u7528\u4e0d\u540c\u6743\u9650\u7684\u8d26\u53f7 UID\uff08\u6570\u5b57\u8eab\u4efd\u6807\u8bb0\uff09\u6765\u9650\u5236\u5bb9\u5668\u7684\u6743\u9650\u3002\u4f8b\u5982\uff0c\u8f93\u5165 0 \u8868\u793a\u4f7f\u7528 root \u8d26\u53f7\u7684\u6743\u9650\u3002
"},{"location":"end-user/kpanda/workloads/create-deployment.html#_5","title":"\u670d\u52a1\u914d\u7f6e","text":"\u4e3a\u65e0\u72b6\u6001\u8d1f\u8f7d\u914d\u7f6e\u670d\u52a1\uff08Service\uff09\uff0c\u4f7f\u65e0\u72b6\u6001\u8d1f\u8f7d\u80fd\u591f\u88ab\u5916\u90e8\u8bbf\u95ee\u3002
\u70b9\u51fb \u521b\u5efa\u670d\u52a1 \u6309\u94ae\u3002
\u53c2\u8003\u521b\u5efa\u670d\u52a1\uff0c\u914d\u7f6e\u670d\u52a1\u53c2\u6570\u3002
\u70b9\u51fb \u786e\u5b9a \uff0c\u70b9\u51fb \u4e0b\u4e00\u6b65 \u3002
\u9ad8\u7ea7\u914d\u7f6e\u5305\u62ec\u8d1f\u8f7d\u7684\u7f51\u7edc\u914d\u7f6e\u3001\u5347\u7ea7\u7b56\u7565\u3001\u8c03\u5ea6\u7b56\u7565\u3001\u6807\u7b7e\u4e0e\u6ce8\u89e3\u56db\u90e8\u5206\uff0c\u53ef\u70b9\u51fb\u4e0b\u65b9\u7684\u9875\u7b7e\u67e5\u770b\u5404\u90e8\u5206\u7684\u914d\u7f6e\u8981\u6c42\u3002
\u7f51\u7edc\u914d\u7f6e\u5347\u7ea7\u7b56\u7565\u8c03\u5ea6\u7b56\u7565\u6807\u7b7e\u4e0e\u6ce8\u89e3\u5982\u5728\u96c6\u7fa4\u4e2d\u90e8\u7f72\u4e86 SpiderPool \u548c Multus \u7ec4\u4ef6\uff0c\u5219\u53ef\u4ee5\u5728\u7f51\u7edc\u914d\u7f6e\u4e2d\u914d\u7f6e\u5bb9\u5668\u7f51\u5361\u3002
DNS \u914d\u7f6e\uff1a\u5e94\u7528\u5728\u67d0\u4e9b\u573a\u666f\u4e0b\u4f1a\u51fa\u73b0\u5197\u4f59\u7684 DNS \u67e5\u8be2\u3002Kubernetes \u4e3a\u5e94\u7528\u63d0\u4f9b\u4e86\u4e0e DNS \u76f8\u5173\u7684\u914d\u7f6e\u9009\u9879\uff0c\u80fd\u591f\u5728\u67d0\u4e9b\u573a\u666f\u4e0b\u6709\u6548\u5730\u51cf\u5c11\u5197\u4f59\u7684 DNS \u67e5\u8be2\uff0c\u63d0\u5347\u4e1a\u52a1\u5e76\u53d1\u91cf\u3002
DNS \u7b56\u7565
\u57df\u540d\u670d\u52a1\u5668\uff1a\u586b\u5199\u57df\u540d\u670d\u52a1\u5668\u7684\u5730\u5740\uff0c\u4f8b\u5982 10.6.175.20 \u3002
\u4e3b\u673a\u522b\u540d\uff1a\u4e3a\u4e3b\u673a\u8bbe\u7f6e\u7684\u522b\u540d\u3002
\u7f29\u5bb9\u65f6\u95f4\u7a97\uff1a\u8d1f\u8f7d\u505c\u6b62\u524d\u547d\u4ee4\u7684\u6267\u884c\u65f6\u95f4\u7a97\uff080-9,999\u79d2\uff09\uff0c\u9ed8\u8ba4 30 \u79d2\u3002
\u5177\u4f53\u8be6\u60c5\u8bf7\u53c2\u8003\u8c03\u5ea6\u7b56\u7565\u3002
\u53ef\u4ee5\u70b9\u51fb \u6dfb\u52a0 \u6309\u94ae\u4e3a\u5de5\u4f5c\u8d1f\u8f7d\u548c\u5bb9\u5668\u7ec4\u6dfb\u52a0\u6807\u7b7e\u548c\u6ce8\u89e3\u3002
"},{"location":"end-user/kpanda/workloads/create-deployment.html#yaml","title":"YAML \u521b\u5efa","text":"\u9664\u4e86\u901a\u8fc7\u955c\u50cf\u65b9\u5f0f\u5916\uff0c\u8fd8\u53ef\u4ee5\u901a\u8fc7 YAML \u6587\u4ef6\u66f4\u5feb\u901f\u5730\u521b\u5efa\u521b\u5efa\u65e0\u72b6\u6001\u8d1f\u8f7d\u3002
\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u4e0a\u7684 \u96c6\u7fa4\u5217\u8868 \uff0c\u7136\u540e\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u9875\u9762\u3002
\u5728\u96c6\u7fa4\u8be6\u60c5\u9875\u9762\uff0c\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u7684 \u5de5\u4f5c\u8d1f\u8f7d -> \u65e0\u72b6\u6001\u8d1f\u8f7d \uff0c\u7136\u540e\u70b9\u51fb\u9875\u9762\u53f3\u4e0a\u89d2\u7684 YAML \u521b\u5efa \u6309\u94ae\u3002
\u8f93\u5165\u6216\u7c98\u8d34\u4e8b\u5148\u51c6\u5907\u597d\u7684 YAML \u6587\u4ef6\uff0c\u70b9\u51fb \u786e\u5b9a \u5373\u53ef\u5b8c\u6210\u521b\u5efa\u3002
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: nginx-deployment\nspec:\n selector:\n matchLabels:\n app: nginx\n replicas: 2 # \u544a\u77e5 Deployment \u8fd0\u884c 2 \u4e2a\u4e0e\u8be5\u6a21\u677f\u5339\u914d\u7684 Pod\n template:\n metadata:\n labels:\n app: nginx\n spec:\n containers:\n - name: nginx\n image: nginx:1.14.2\n ports:\n - containerPort: 80\n
"},{"location":"end-user/kpanda/workloads/create-job.html","title":"\u521b\u5efa\u4efb\u52a1\uff08Job\uff09","text":"\u672c\u6587\u4ecb\u7ecd\u5982\u4f55\u901a\u8fc7\u955c\u50cf\u548c YAML \u6587\u4ef6\u4e24\u79cd\u65b9\u5f0f\u521b\u5efa\u4efb\u52a1\uff08Job\uff09\u3002
\u4efb\u52a1\uff08Job\uff09\u9002\u7528\u4e8e\u6267\u884c\u4e00\u6b21\u6027\u4efb\u52a1\u3002Job \u4f1a\u521b\u5efa\u4e00\u4e2a\u6216\u591a\u4e2a Pod\uff0cJob \u4f1a\u4e00\u76f4\u91cd\u65b0\u5c1d\u8bd5\u6267\u884c Pod\uff0c\u76f4\u5230\u6210\u529f\u7ec8\u6b62\u7684 Pod \u8fbe\u5230\u4e00\u5b9a\u6570\u91cf\u3002\u6210\u529f\u7ec8\u6b62\u7684 Pod \u8fbe\u5230\u6307\u5b9a\u7684\u6570\u91cf\u540e\uff0cJob \u4e5f\u968f\u4e4b\u7ed3\u675f\u3002\u5220\u9664 Job \u65f6\u4f1a\u4e00\u540c\u6e05\u9664\u8be5 Job \u521b\u5efa\u7684\u6240\u6709 Pod\u3002\u6682\u505c Job \u65f6\u5220\u9664\u8be5 Job \u4e2d\u7684\u6240\u6709\u6d3b\u8dc3 Pod\uff0c\u76f4\u5230 Job \u88ab\u7ee7\u7eed\u6267\u884c\u3002\u6709\u5173\u4efb\u52a1\uff08Job\uff09\u7684\u66f4\u591a\u4ecb\u7ecd\uff0c\u53ef\u53c2\u8003Job\u3002
"},{"location":"end-user/kpanda/workloads/create-job.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u5728\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u4e2d\u63a5\u5165 Kubernetes \u96c6\u7fa4\u6216\u8005\u7ba1\u7406\u5458\u5df2\u4e3a\u7528\u6237\u521b\u5efa\u4e86\u96c6\u7fa4\uff0c\u4e14\u80fd\u591f\u8bbf\u95ee\u96c6\u7fa4\u7684 UI \u754c\u9762\u3002
\u521b\u5efa\u4e00\u4e2a\u547d\u540d\u7a7a\u95f4\u548c\u7528\u6237\u3002
\u5f53\u524d\u64cd\u4f5c\u7528\u6237\u5e94\u5177\u6709 NS Editor \u6216\u66f4\u9ad8\u6743\u9650\uff0c\u8be6\u60c5\u53ef\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u6388\u6743\u3002
\u5355\u4e2a\u5b9e\u4f8b\u4e2d\u6709\u591a\u4e2a\u5bb9\u5668\u65f6\uff0c\u8bf7\u786e\u4fdd\u5bb9\u5668\u4f7f\u7528\u7684\u7aef\u53e3\u4e0d\u51b2\u7a81\uff0c\u5426\u5219\u90e8\u7f72\u4f1a\u5931\u6548\u3002
\u53c2\u8003\u4ee5\u4e0b\u6b65\u9aa4\uff0c\u4f7f\u7528\u955c\u50cf\u521b\u5efa\u4e00\u4e2a\u4efb\u52a1\u3002
\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u4e0a\u7684 \u96c6\u7fa4\u5217\u8868 \uff0c\u7136\u540e\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u9875\u9762\u3002
\u5728\u96c6\u7fa4\u8be6\u60c5\u9875\u9762\uff0c\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u7684 \u5de5\u4f5c\u8d1f\u8f7d -> \u4efb\u52a1 \uff0c\u7136\u540e\u70b9\u51fb\u9875\u9762\u53f3\u4e0a\u89d2\u7684 \u955c\u50cf\u521b\u5efa \u6309\u94ae\u3002
\u4f9d\u6b21\u586b\u5199\u57fa\u672c\u4fe1\u606f\u3001\u5bb9\u5668\u914d\u7f6e\u3001\u670d\u52a1\u914d\u7f6e\u3001\u9ad8\u7ea7\u914d\u7f6e\u540e\uff0c\u5728\u9875\u9762\u53f3\u4e0b\u89d2\u70b9\u51fb \u786e\u5b9a \u5b8c\u6210\u521b\u5efa\u3002
\u7cfb\u7edf\u5c06\u81ea\u52a8\u8fd4\u56de \u4efb\u52a1 \u5217\u8868\u3002\u70b9\u51fb\u5217\u8868\u53f3\u4fa7\u7684 \u2507 \uff0c\u53ef\u4ee5\u5bf9\u4efb\u52a1\u6267\u884c\u6267\u884c\u66f4\u65b0\u3001\u5220\u9664\u3001\u91cd\u542f\u7b49\u64cd\u4f5c\u3002
\u5728 \u521b\u5efa\u4efb\u52a1 \u9875\u9762\u4e2d\uff0c\u6839\u636e\u4e0b\u8868\u8f93\u5165\u57fa\u672c\u4fe1\u606f\u540e\uff0c\u70b9\u51fb \u4e0b\u4e00\u6b65 \u3002
\u5bb9\u5668\u914d\u7f6e\u5206\u4e3a\u57fa\u672c\u4fe1\u606f\u3001\u751f\u547d\u5468\u671f\u3001\u5065\u5eb7\u68c0\u67e5\u3001\u73af\u5883\u53d8\u91cf\u3001\u6570\u636e\u5b58\u50a8\u3001\u5b89\u5168\u8bbe\u7f6e\u516d\u90e8\u5206\uff0c\u70b9\u51fb\u4e0b\u65b9\u7684\u76f8\u5e94\u9875\u7b7e\u53ef\u67e5\u770b\u5404\u90e8\u5206\u7684\u914d\u7f6e\u8981\u6c42\u3002
\u5bb9\u5668\u914d\u7f6e\u4ec5\u9488\u5bf9\u5355\u4e2a\u5bb9\u5668\u8fdb\u884c\u914d\u7f6e\uff0c\u5982\u9700\u5728\u4e00\u4e2a\u5bb9\u5668\u7ec4\u4e2d\u6dfb\u52a0\u591a\u4e2a\u5bb9\u5668\uff0c\u53ef\u70b9\u51fb\u53f3\u4fa7\u7684 + \u6dfb\u52a0\u591a\u4e2a\u5bb9\u5668\u3002
\u57fa\u672c\u4fe1\u606f\uff08\u5fc5\u586b\uff09\u751f\u547d\u5468\u671f\uff08\u9009\u586b\uff09\u5065\u5eb7\u68c0\u67e5\uff08\u9009\u586b\uff09\u73af\u5883\u53d8\u91cf\uff08\u9009\u586b\uff09\u6570\u636e\u5b58\u50a8\uff08\u9009\u586b\uff09\u5b89\u5168\u8bbe\u7f6e\uff08\u9009\u586b\uff09\u5728\u914d\u7f6e\u5bb9\u5668\u76f8\u5173\u53c2\u6570\u65f6\uff0c\u5fc5\u987b\u6b63\u786e\u586b\u5199\u5bb9\u5668\u7684\u540d\u79f0\u3001\u955c\u50cf\u53c2\u6570\uff0c\u5426\u5219\u5c06\u65e0\u6cd5\u8fdb\u5165\u4e0b\u4e00\u6b65\u3002\u53c2\u8003\u4ee5\u4e0b\u8981\u6c42\u586b\u5199\u914d\u7f6e\u540e\uff0c\u70b9\u51fb \u786e\u8ba4 \u3002
\u5de5\u4f5c\u5bb9\u5668
\u3002\u6709\u5173\u521d\u59cb\u5316\u5bb9\u5668\uff0c\u53c2\u89c1 k8s \u5b98\u65b9\u6587\u6863\u3002\u8bbe\u7f6e GPU \u4e4b\u524d\uff0c\u9700\u8981\u7ba1\u7406\u5458\u9884\u5148\u5728\u96c6\u7fa4\u4e0a\u5b89\u88c5 GPU Operator \u548c nvidia-vgpu\uff08\u4ec5 vGPU \u6a21\u5f0f\u9700\u8981\u5b89\u88c5\uff09\uff0c\u5e76\u5728\u96c6\u7fa4\u8bbe\u7f6e\u4e2d\u5f00\u542f GPU \u7279\u6027\u3002
\u8bbe\u7f6e\u5bb9\u5668\u542f\u52a8\u65f6\u3001\u542f\u52a8\u540e\u3001\u505c\u6b62\u524d\u9700\u8981\u6267\u884c\u7684\u547d\u4ee4\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u5bb9\u5668\u751f\u547d\u5468\u671f\u914d\u7f6e\u3002
\u7528\u4e8e\u5224\u65ad\u5bb9\u5668\u548c\u5e94\u7528\u7684\u5065\u5eb7\u72b6\u6001\uff0c\u6709\u52a9\u4e8e\u63d0\u9ad8\u5e94\u7528\u7684\u53ef\u7528\u6027\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u5bb9\u5668\u5065\u5eb7\u68c0\u67e5\u914d\u7f6e\u3002
\u914d\u7f6e Pod \u5185\u7684\u5bb9\u5668\u53c2\u6570\uff0c\u4e3a Pod \u6dfb\u52a0\u73af\u5883\u53d8\u91cf\u6216\u4f20\u9012\u914d\u7f6e\u7b49\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u5bb9\u5668\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002
\u914d\u7f6e\u5bb9\u5668\u6302\u8f7d\u6570\u636e\u5377\u548c\u6570\u636e\u6301\u4e45\u5316\u7684\u8bbe\u7f6e\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u5bb9\u5668\u6570\u636e\u5b58\u50a8\u914d\u7f6e\u3002
\u901a\u8fc7 Linux \u5185\u7f6e\u7684\u8d26\u53f7\u6743\u9650\u9694\u79bb\u673a\u5236\u6765\u5bf9\u5bb9\u5668\u8fdb\u884c\u5b89\u5168\u9694\u79bb\u3002\u60a8\u53ef\u4ee5\u901a\u8fc7\u4f7f\u7528\u4e0d\u540c\u6743\u9650\u7684\u8d26\u53f7 UID\uff08\u6570\u5b57\u8eab\u4efd\u6807\u8bb0\uff09\u6765\u9650\u5236\u5bb9\u5668\u7684\u6743\u9650\u3002\u4f8b\u5982\uff0c\u8f93\u5165 0 \u8868\u793a\u4f7f\u7528 root \u8d26\u53f7\u7684\u6743\u9650\u3002
"},{"location":"end-user/kpanda/workloads/create-job.html#_5","title":"\u9ad8\u7ea7\u914d\u7f6e","text":"\u9ad8\u7ea7\u914d\u7f6e\u5305\u62ec\u4efb\u52a1\u8bbe\u7f6e\u3001\u6807\u7b7e\u4e0e\u6ce8\u89e3\u4e24\u90e8\u5206\u3002
\u4efb\u52a1\u8bbe\u7f6e\u6807\u7b7e\u4e0e\u6ce8\u89e3\u53ef\u4ee5\u70b9\u51fb \u6dfb\u52a0 \u6309\u94ae\u4e3a\u5de5\u4f5c\u8d1f\u8f7d\u5b9e\u4f8b Pod \u6dfb\u52a0\u6807\u7b7e\u548c\u6ce8\u89e3\u3002
"},{"location":"end-user/kpanda/workloads/create-job.html#yaml","title":"YAML \u521b\u5efa","text":"\u9664\u4e86\u901a\u8fc7\u955c\u50cf\u65b9\u5f0f\u5916\uff0c\u8fd8\u53ef\u4ee5\u901a\u8fc7 YAML \u6587\u4ef6\u66f4\u5feb\u901f\u5730\u521b\u5efa\u521b\u5efa\u4efb\u52a1\u3002
\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u4e0a\u7684 \u96c6\u7fa4\u5217\u8868 \uff0c\u7136\u540e\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u9875\u9762\u3002
\u5728\u96c6\u7fa4\u8be6\u60c5\u9875\u9762\uff0c\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u7684 \u5de5\u4f5c\u8d1f\u8f7d -> \u4efb\u52a1 \uff0c\u7136\u540e\u70b9\u51fb\u9875\u9762\u53f3\u4e0a\u89d2\u7684 YAML \u521b\u5efa \u6309\u94ae\u3002
\u8f93\u5165\u6216\u7c98\u8d34\u4e8b\u5148\u51c6\u5907\u597d\u7684 YAML \u6587\u4ef6\uff0c\u70b9\u51fb \u786e\u5b9a \u5373\u53ef\u5b8c\u6210\u521b\u5efa\u3002
kind: Job\napiVersion: batch/v1\nmetadata:\n name: demo\n namespace: default\n uid: a9708239-0358-4aa1-87d3-a092c080836e\n resourceVersion: '92751876'\n generation: 1\n creationTimestamp: '2022-12-26T10:52:22Z'\n labels:\n app: demo\n controller-uid: a9708239-0358-4aa1-87d3-a092c080836e\n job-name: demo\n annotations:\n revisions: >-\n {\"1\":{\"status\":\"running\",\"uid\":\"a9708239-0358-4aa1-87d3-a092c080836e\",\"start-time\":\"2022-12-26T10:52:22Z\",\"completion-time\":\"0001-01-01T00:00:00Z\"}}\nspec:\n parallelism: 1\n backoffLimit: 6\n selector:\n matchLabels:\n controller-uid: a9708239-0358-4aa1-87d3-a092c080836e\n template:\n metadata:\n creationTimestamp: null\n labels:\n app: demo\n controller-uid: a9708239-0358-4aa1-87d3-a092c080836e\n job-name: demo\n spec:\n containers:\n - name: container-4\n image: nginx\n resources:\n limits:\n cpu: 250m\n memory: 512Mi\n requests:\n cpu: 250m\n memory: 512Mi\n lifecycle: {}\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: IfNotPresent\n securityContext:\n privileged: false\n restartPolicy: Never\n terminationGracePeriodSeconds: 30\n dnsPolicy: ClusterFirst\n securityContext: {}\n schedulerName: default-scheduler\n completionMode: NonIndexed\n suspend: false\nstatus:\n startTime: '2022-12-26T10:52:22Z'\n active: 1\n
"},{"location":"end-user/kpanda/workloads/create-statefulset.html","title":"\u521b\u5efa\u6709\u72b6\u6001\u8d1f\u8f7d\uff08StatefulSet\uff09","text":"\u672c\u6587\u4ecb\u7ecd\u5982\u4f55\u901a\u8fc7\u955c\u50cf\u548c YAML \u6587\u4ef6\u4e24\u79cd\u65b9\u5f0f\u521b\u5efa\u6709\u72b6\u6001\u8d1f\u8f7d\uff08StatefulSet\uff09\u3002
\u6709\u72b6\u6001\u8d1f\u8f7d\uff08StatefulSet\uff09\u662f Kubernetes \u4e2d\u7684\u4e00\u79cd\u5e38\u89c1\u8d44\u6e90\uff0c\u548c\u65e0\u72b6\u6001\u8d1f\u8f7d\uff08Deployment\uff09\u7c7b\u4f3c\uff0c\u4e3b\u8981\u7528\u4e8e\u7ba1\u7406 Pod \u96c6\u5408\u7684\u90e8\u7f72\u548c\u4f38\u7f29\u3002\u4e8c\u8005\u7684\u4e3b\u8981\u533a\u522b\u5728\u4e8e\uff0cDeployment \u662f\u65e0\u72b6\u6001\u7684\uff0c\u4e0d\u4fdd\u5b58\u6570\u636e\uff0c\u800c StatefulSet \u662f\u6709\u72b6\u6001\u7684\uff0c\u4e3b\u8981\u7528\u4e8e\u7ba1\u7406\u6709\u72b6\u6001\u5e94\u7528\u3002\u6b64\u5916\uff0cStatefulSet \u4e2d\u7684 Pod \u5177\u6709\u6c38\u4e45\u4e0d\u53d8\u7684 ID\uff0c\u4fbf\u4e8e\u5728\u5339\u914d\u5b58\u50a8\u5377\u65f6\u8bc6\u522b\u5bf9\u5e94\u7684 Pod\u3002
\u901a\u8fc7\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u7684\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\uff0c\u53ef\u4ee5\u57fa\u4e8e\u76f8\u5e94\u7684\u89d2\u8272\u6743\u9650\u8f7b\u677e\u7ba1\u7406\u591a\u4e91\u591a\u96c6\u7fa4\u4e0a\u7684\u5de5\u4f5c\u8d1f\u8f7d\uff0c\u5305\u62ec\u5bf9\u6709\u72b6\u6001\u5de5\u4f5c\u8d1f\u8f7d\u7684\u521b\u5efa\u3001\u66f4\u65b0\u3001\u5220\u9664\u3001\u5f39\u6027\u6269\u7f29\u3001\u91cd\u542f\u3001\u7248\u672c\u56de\u9000\u7b49\u5168\u751f\u547d\u5468\u671f\u7ba1\u7406\u3002
"},{"location":"end-user/kpanda/workloads/create-statefulset.html#_1","title":"\u524d\u63d0\u6761\u4ef6","text":"\u5728\u4f7f\u7528\u955c\u50cf\u521b\u5efa\u6709\u72b6\u6001\u8d1f\u8f7d\u4e4b\u524d\uff0c\u9700\u8981\u6ee1\u8db3\u4ee5\u4e0b\u524d\u63d0\u6761\u4ef6\uff1a
\u5728\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u4e2d\u63a5\u5165 Kubernetes \u96c6\u7fa4\u6216\u8005\u7ba1\u7406\u5458\u5df2\u4e3a\u7528\u6237\u521b\u5efa\u4e86\u96c6\u7fa4\uff0c\u4e14\u80fd\u591f\u8bbf\u95ee\u96c6\u7fa4\u7684 UI \u754c\u9762\u3002
\u521b\u5efa\u4e00\u4e2a\u547d\u540d\u7a7a\u95f4\u548c\u7528\u6237\u3002
\u5f53\u524d\u64cd\u4f5c\u7528\u6237\u5e94\u5177\u6709 NS Editor \u6216\u66f4\u9ad8\u6743\u9650\uff0c\u8be6\u60c5\u53ef\u53c2\u8003\u547d\u540d\u7a7a\u95f4\u6388\u6743\u3002
\u5355\u4e2a\u5b9e\u4f8b\u4e2d\u6709\u591a\u4e2a\u5bb9\u5668\u65f6\uff0c\u8bf7\u786e\u4fdd\u5bb9\u5668\u4f7f\u7528\u7684\u7aef\u53e3\u4e0d\u51b2\u7a81\uff0c\u5426\u5219\u90e8\u7f72\u4f1a\u5931\u6548\u3002
\u53c2\u8003\u4ee5\u4e0b\u6b65\u9aa4\uff0c\u4f7f\u7528\u955c\u50cf\u521b\u5efa\u4e00\u4e2a\u6709\u72b6\u6001\u8d1f\u8f7d\u3002
\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u4e0a\u7684 \u96c6\u7fa4\u5217\u8868 \uff0c\u7136\u540e\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u3002
\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u7684 \u5de5\u4f5c\u8d1f\u8f7d -> \u6709\u72b6\u6001\u8d1f\u8f7d \uff0c\u7136\u540e\u70b9\u51fb\u53f3\u4e0a\u89d2 \u955c\u50cf\u521b\u5efa \u6309\u94ae\u3002
\u4f9d\u6b21\u586b\u5199\u57fa\u672c\u4fe1\u606f\u3001\u5bb9\u5668\u914d\u7f6e\u3001\u670d\u52a1\u914d\u7f6e\u3001\u9ad8\u7ea7\u914d\u7f6e\u540e\uff0c\u5728\u9875\u9762\u53f3\u4e0b\u89d2\u70b9\u51fb \u786e\u5b9a \u5b8c\u6210\u521b\u5efa\u3002
\u7cfb\u7edf\u5c06\u81ea\u52a8\u8fd4\u56de \u6709\u72b6\u6001\u5de5\u4f5c\u8d1f\u8f7d \u5217\u8868\uff0c\u7b49\u5f85\u5de5\u4f5c\u8d1f\u8f7d\u72b6\u6001\u53d8\u4e3a \u8fd0\u884c\u4e2d \u3002\u5982\u679c\u5de5\u4f5c\u8d1f\u8f7d\u72b6\u6001\u51fa\u73b0\u5f02\u5e38\uff0c\u8bf7\u67e5\u770b\u5177\u4f53\u5f02\u5e38\u4fe1\u606f\uff0c\u53ef\u53c2\u8003\u5de5\u4f5c\u8d1f\u8f7d\u72b6\u6001\u3002
\u70b9\u51fb\u65b0\u5efa\u5de5\u4f5c\u8d1f\u8f7d\u5217\u53f3\u4fa7\u7684 \u2507 \uff0c\u53ef\u4ee5\u5bf9\u5de5\u4f5c\u8d1f\u8f7d\u6267\u884c\u6267\u884c\u66f4\u65b0\u3001\u5220\u9664\u3001\u5f39\u6027\u6269\u7f29\u3001\u91cd\u542f\u3001\u7248\u672c\u56de\u9000\u7b49\u64cd\u4f5c\u3002
\u63cf\u8ff0\uff1a\u8f93\u5165\u8d1f\u8f7d\u7684\u63cf\u8ff0\u4fe1\u606f\uff0c\u5185\u5bb9\u81ea\u5b9a\u4e49\u3002\u5b57\u7b26\u6570\u4e0d\u8d85\u8fc7 512\u3002
\u5bb9\u5668\u914d\u7f6e\u5206\u4e3a\u57fa\u672c\u4fe1\u606f\u3001\u751f\u547d\u5468\u671f\u3001\u5065\u5eb7\u68c0\u67e5\u3001\u73af\u5883\u53d8\u91cf\u3001\u6570\u636e\u5b58\u50a8\u3001\u5b89\u5168\u8bbe\u7f6e\u516d\u90e8\u5206\uff0c\u70b9\u51fb\u4e0b\u65b9\u7684\u76f8\u5e94\u9875\u7b7e\u53ef\u67e5\u770b\u5404\u90e8\u5206\u7684\u914d\u7f6e\u8981\u6c42\u3002
\u5bb9\u5668\u914d\u7f6e\u4ec5\u9488\u5bf9\u5355\u4e2a\u5bb9\u5668\u8fdb\u884c\u914d\u7f6e\uff0c\u5982\u9700\u5728\u4e00\u4e2a\u5bb9\u5668\u7ec4\u4e2d\u6dfb\u52a0\u591a\u4e2a\u5bb9\u5668\uff0c\u53ef\u70b9\u51fb\u53f3\u4fa7\u7684 + \u6dfb\u52a0\u591a\u4e2a\u5bb9\u5668\u3002
\u57fa\u672c\u4fe1\u606f\uff08\u5fc5\u586b\uff09\u751f\u547d\u5468\u671f\uff08\u9009\u586b\uff09\u5065\u5eb7\u68c0\u67e5\uff08\u9009\u586b\uff09\u73af\u5883\u53d8\u91cf\uff08\u9009\u586b\uff09\u6570\u636e\u5b58\u50a8\uff08\u9009\u586b\uff09\u5b89\u5168\u8bbe\u7f6e\uff08\u9009\u586b\uff09\u5728\u914d\u7f6e\u5bb9\u5668\u76f8\u5173\u53c2\u6570\u65f6\uff0c\u5fc5\u987b\u6b63\u786e\u586b\u5199\u5bb9\u5668\u7684\u540d\u79f0\u3001\u955c\u50cf\u53c2\u6570\uff0c\u5426\u5219\u5c06\u65e0\u6cd5\u8fdb\u5165\u4e0b\u4e00\u6b65\u3002\u53c2\u8003\u4ee5\u4e0b\u8981\u6c42\u586b\u5199\u914d\u7f6e\u540e\uff0c\u70b9\u51fb \u786e\u8ba4 \u3002
\u5de5\u4f5c\u5bb9\u5668
\u3002\u6709\u5173\u521d\u59cb\u5316\u5bb9\u5668\uff0c\u53c2\u89c1 k8s \u5b98\u65b9\u6587\u6863\u3002\u8bbe\u7f6e GPU \u4e4b\u524d\uff0c\u9700\u8981\u7ba1\u7406\u5458\u9884\u5148\u5728\u96c6\u7fa4\u4e0a\u5b89\u88c5 GPU Operator \u548c nvidia-vgpu\uff08\u4ec5 vGPU \u6a21\u5f0f\u9700\u8981\u5b89\u88c5\uff09\uff0c\u5e76\u5728\u96c6\u7fa4\u8bbe\u7f6e\u4e2d\u5f00\u542f GPU \u7279\u6027\u3002
\u8bbe\u7f6e\u5bb9\u5668\u542f\u52a8\u65f6\u3001\u542f\u52a8\u540e\u3001\u505c\u6b62\u524d\u9700\u8981\u6267\u884c\u7684\u547d\u4ee4\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u5bb9\u5668\u751f\u547d\u5468\u671f\u914d\u7f6e\u3002
\u7528\u4e8e\u5224\u65ad\u5bb9\u5668\u548c\u5e94\u7528\u7684\u5065\u5eb7\u72b6\u6001\u3002\u6709\u52a9\u4e8e\u63d0\u9ad8\u5e94\u7528\u7684\u53ef\u7528\u6027\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u5bb9\u5668\u5065\u5eb7\u68c0\u67e5\u914d\u7f6e\u3002
\u914d\u7f6e Pod \u5185\u7684\u5bb9\u5668\u53c2\u6570\uff0c\u4e3a Pod \u6dfb\u52a0\u73af\u5883\u53d8\u91cf\u6216\u4f20\u9012\u914d\u7f6e\u7b49\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u5bb9\u5668\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002
\u914d\u7f6e\u5bb9\u5668\u6302\u8f7d\u6570\u636e\u5377\u548c\u6570\u636e\u6301\u4e45\u5316\u7684\u8bbe\u7f6e\u3002\u8be6\u60c5\u53ef\u53c2\u8003\u5bb9\u5668\u6570\u636e\u5b58\u50a8\u914d\u7f6e\u3002
\u901a\u8fc7 Linux \u5185\u7f6e\u7684\u8d26\u53f7\u6743\u9650\u9694\u79bb\u673a\u5236\u6765\u5bf9\u5bb9\u5668\u8fdb\u884c\u5b89\u5168\u9694\u79bb\u3002\u60a8\u53ef\u4ee5\u901a\u8fc7\u4f7f\u7528\u4e0d\u540c\u6743\u9650\u7684\u8d26\u53f7 UID\uff08\u6570\u5b57\u8eab\u4efd\u6807\u8bb0\uff09\u6765\u9650\u5236\u5bb9\u5668\u7684\u6743\u9650\u3002\u4f8b\u5982\uff0c\u8f93\u5165 0 \u8868\u793a\u4f7f\u7528 root \u8d26\u53f7\u7684\u6743\u9650\u3002
"},{"location":"end-user/kpanda/workloads/create-statefulset.html#_5","title":"\u670d\u52a1\u914d\u7f6e","text":"\u4e3a\u6709\u72b6\u6001\u8d1f\u8f7d\u914d\u7f6e\u670d\u52a1\uff08Service\uff09\uff0c\u4f7f\u6709\u72b6\u6001\u8d1f\u8f7d\u80fd\u591f\u88ab\u5916\u90e8\u8bbf\u95ee\u3002
\u70b9\u51fb \u521b\u5efa\u670d\u52a1 \u6309\u94ae\u3002
\u53c2\u8003\u521b\u5efa\u670d\u52a1\uff0c\u914d\u7f6e\u670d\u52a1\u53c2\u6570\u3002
\u70b9\u51fb \u786e\u5b9a \uff0c\u70b9\u51fb \u4e0b\u4e00\u6b65 \u3002
\u9ad8\u7ea7\u914d\u7f6e\u5305\u62ec\u8d1f\u8f7d\u7684\u7f51\u7edc\u914d\u7f6e\u3001\u5347\u7ea7\u7b56\u7565\u3001\u8c03\u5ea6\u7b56\u7565\u3001\u6807\u7b7e\u4e0e\u6ce8\u89e3\u56db\u90e8\u5206\uff0c\u53ef\u70b9\u51fb\u4e0b\u65b9\u7684\u9875\u7b7e\u67e5\u770b\u5404\u90e8\u5206\u7684\u914d\u7f6e\u8981\u6c42\u3002
\u7f51\u7edc\u914d\u7f6e\u5347\u7ea7\u7b56\u7565\u5bb9\u5668\u7ba1\u7406\u7b56\u7565\u8c03\u5ea6\u7b56\u7565\u6807\u7b7e\u4e0e\u6ce8\u89e3\u5982\u5728\u96c6\u7fa4\u4e2d\u90e8\u7f72\u4e86 SpiderPool \u548c Multus \u7ec4\u4ef6\uff0c\u5219\u53ef\u4ee5\u5728\u7f51\u7edc\u914d\u7f6e\u4e2d\u914d\u7f6e\u5bb9\u5668\u7f51\u5361\u3002
DNS \u914d\u7f6e\uff1a\u5e94\u7528\u5728\u67d0\u4e9b\u573a\u666f\u4e0b\u4f1a\u51fa\u73b0\u5197\u4f59\u7684 DNS \u67e5\u8be2\u3002Kubernetes \u4e3a\u5e94\u7528\u63d0\u4f9b\u4e86\u4e0e DNS \u76f8\u5173\u7684\u914d\u7f6e\u9009\u9879\uff0c\u80fd\u591f\u5728\u67d0\u4e9b\u573a\u666f\u4e0b\u6709\u6548\u5730\u51cf\u5c11\u5197\u4f59\u7684 DNS \u67e5\u8be2\uff0c\u63d0\u5347\u4e1a\u52a1\u5e76\u53d1\u91cf\u3002
DNS \u7b56\u7565
\u57df\u540d\u670d\u52a1\u5668\uff1a\u586b\u5199\u57df\u540d\u670d\u52a1\u5668\u7684\u5730\u5740\uff0c\u4f8b\u5982 10.6.175.20 \u3002
\u4e3b\u673a\u522b\u540d\uff1a\u4e3a\u4e3b\u673a\u8bbe\u7f6e\u7684\u522b\u540d\u3002
\u7f29\u5bb9\u65f6\u95f4\u7a97\uff1a\u8d1f\u8f7d\u505c\u6b62\u524d\u547d\u4ee4\u7684\u6267\u884c\u65f6\u95f4\u7a97\uff080-9,999\u79d2\uff09\uff0c\u9ed8\u8ba4 30 \u79d2\u3002
Kubernetes v1.7 \u53ca\u5176\u4e4b\u540e\u7684\u7248\u672c\u53ef\u4ee5\u901a\u8fc7 .spec.podManagementPolicy \u8bbe\u7f6e Pod \u7684\u7ba1\u7406\u7b56\u7565\uff0c\u652f\u6301\u4ee5\u4e0b\u4e24\u79cd\u65b9\u5f0f\uff1a
\u6309\u5e8f\u7b56\u7565\uff08OrderedReady\uff09 \uff1a\u9ed8\u8ba4\u7684 Pod \u7ba1\u7406\u7b56\u7565\uff0c\u8868\u793a\u6309\u987a\u5e8f\u90e8\u7f72 Pod\uff0c\u53ea\u6709\u524d\u4e00\u4e2a Pod \u90e8\u7f72 \u6210\u529f\u5b8c\u6210\u540e\uff0c\u6709\u72b6\u6001\u8d1f\u8f7d\u624d\u4f1a\u5f00\u59cb\u90e8\u7f72\u4e0b\u4e00\u4e2a Pod\u3002\u5220\u9664 Pod \u65f6\u5219\u91c7\u7528\u9006\u5e8f\uff0c\u6700\u540e\u521b\u5efa\u7684\u6700\u5148\u88ab\u5220\u9664\u3002
\u5e76\u884c\u7b56\u7565\uff08Parallel\uff09 \uff1a\u5e76\u884c\u521b\u5efa\u6216\u5220\u9664\u5bb9\u5668\uff0c\u548c Deployment \u7c7b\u578b\u7684 Pod \u4e00\u6837\u3002StatefulSet \u63a7\u5236\u5668\u5e76\u884c\u5730\u542f\u52a8\u6216\u7ec8\u6b62\u6240\u6709\u7684\u5bb9\u5668\u3002\u542f\u52a8\u6216\u8005\u7ec8\u6b62\u5176\u4ed6 Pod \u524d\uff0c\u65e0\u9700\u7b49\u5f85 Pod \u8fdb\u5165 Running \u548c ready \u6216\u8005\u5b8c\u5168\u505c\u6b62\u72b6\u6001\u3002 \u8fd9\u4e2a\u9009\u9879\u53ea\u4f1a\u5f71\u54cd\u6269\u7f29\u64cd\u4f5c\u7684\u884c\u4e3a\uff0c\u4e0d\u5f71\u54cd\u66f4\u65b0\u65f6\u7684\u987a\u5e8f\u3002
\u5177\u4f53\u8be6\u60c5\u8bf7\u53c2\u8003\u8c03\u5ea6\u7b56\u7565\u3002
![\u8c03\u5ea6\u7b56\u7565](../../../images/deploy15_1.png)\n
\u53ef\u4ee5\u70b9\u51fb \u6dfb\u52a0 \u6309\u94ae\u4e3a\u5de5\u4f5c\u8d1f\u8f7d\u548c\u5bb9\u5668\u7ec4\u6dfb\u52a0\u6807\u7b7e\u548c\u6ce8\u89e3\u3002
"},{"location":"end-user/kpanda/workloads/create-statefulset.html#yaml","title":"YAML \u521b\u5efa","text":"\u9664\u4e86\u901a\u8fc7\u955c\u50cf\u65b9\u5f0f\u5916\uff0c\u8fd8\u53ef\u4ee5\u901a\u8fc7 YAML \u6587\u4ef6\u66f4\u5feb\u901f\u5730\u521b\u5efa\u521b\u5efa\u6709\u72b6\u6001\u8d1f\u8f7d\u3002
\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u4e0a\u7684 \u96c6\u7fa4\u5217\u8868 \uff0c\u7136\u540e\u70b9\u51fb\u76ee\u6807\u96c6\u7fa4\u7684\u540d\u79f0\uff0c\u8fdb\u5165 \u96c6\u7fa4\u8be6\u60c5 \u9875\u9762\u3002
\u5728\u96c6\u7fa4\u8be6\u60c5\u9875\u9762\uff0c\u70b9\u51fb\u5de6\u4fa7\u5bfc\u822a\u680f\u7684 \u5de5\u4f5c\u8d1f\u8f7d -> \u6709\u72b6\u6001\u8d1f\u8f7d \uff0c\u7136\u540e\u70b9\u51fb\u9875\u9762\u53f3\u4e0a\u89d2\u7684 YAML \u521b\u5efa \u6309\u94ae\u3002
\u8f93\u5165\u6216\u7c98\u8d34\u4e8b\u5148\u51c6\u5907\u597d\u7684 YAML \u6587\u4ef6\uff0c\u70b9\u51fb \u786e\u5b9a \u5373\u53ef\u5b8c\u6210\u521b\u5efa\u3002
kind: StatefulSet\napiVersion: apps/v1\nmetadata:\n name: test-mysql-123-mysql\n namespace: default\n uid: d3f45527-a0ab-4b22-9013-5842a06f4e0e\n resourceVersion: '20504385'\n generation: 1\n creationTimestamp: '2022-09-22T09:34:10Z'\n ownerReferences:\n - apiVersion: mysql.presslabs.org/v1alpha1\n kind: MysqlCluster\n name: test-mysql-123\n uid: 5e877cc3-5167-49da-904e-820940cf1a6d\n controller: true\n blockOwnerDeletion: true\nspec:\n replicas: 1\n selector:\n matchLabels:\n app.kubernetes.io/managed-by: mysql.presslabs.org\n app.kubernetes.io/name: mysql\n mysql.presslabs.org/cluster: test-mysql-123\n template:\n metadata:\n creationTimestamp: null\n labels:\n app.kubernetes.io/component: database\n app.kubernetes.io/instance: test-mysql-123\n app.kubernetes.io/managed-by: mysql.presslabs.org\n app.kubernetes.io/name: mysql\n app.kubernetes.io/version: 5.7.31\n mysql.presslabs.org/cluster: test-mysql-123\n annotations:\n config_rev: '13941099'\n prometheus.io/port: '9125'\n prometheus.io/scrape: 'true'\n secret_rev: '13941101'\n spec:\n volumes:\n - name: conf\n emptyDir: {}\n - name: init-scripts\n emptyDir: {}\n - name: config-map\n configMap:\n name: test-mysql-123-mysql\n defaultMode: 420\n - name: data\n persistentVolumeClaim:\n claimName: data\n initContainers:\n - name: init\n image: docker.m.daocloud.io/bitpoke/mysql-operator-sidecar-5.7:v0.6.1\n args:\n - clone-and-init\n envFrom:\n - secretRef:\n name: test-mysql-123-mysql-operated\n env:\n - name: MY_NAMESPACE\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n - name: MY_POD_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.name\n - name: MY_POD_IP\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: status.podIP\n - name: MY_SERVICE_NAME\n value: mysql\n - name: MY_CLUSTER_NAME\n value: test-mysql-123\n - name: MY_FQDN\n value: $(MY_POD_NAME).$(MY_SERVICE_NAME).$(MY_NAMESPACE)\n - name: MY_MYSQL_VERSION\n value: 5.7.31\n - name: BACKUP_USER\n valueFrom:\n secretKeyRef:\n name: test-mysql-123-mysql-operated\n key: BACKUP_USER\n optional: true\n - name: BACKUP_PASSWORD\n valueFrom:\n secretKeyRef:\n name: test-mysql-123-mysql-operated\n key: BACKUP_PASSWORD\n optional: true\n resources: {}\n volumeMounts:\n - name: conf\n mountPath: /etc/mysql\n - name: config-map\n mountPath: /mnt/conf\n - name: data\n mountPath: /var/lib/mysql\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: IfNotPresent\n containers:\n - name: mysql\n image: docker.m.daocloud.io/mysql:5.7.31\n ports:\n - name: mysql\n containerPort: 3306\n protocol: TCP\n env:\n - name: MY_NAMESPACE\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n - name: MY_POD_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.name\n - name: MY_POD_IP\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: status.podIP\n - name: MY_SERVICE_NAME\n value: mysql\n - name: MY_CLUSTER_NAME\n value: test-mysql-123\n - name: MY_FQDN\n value: $(MY_POD_NAME).$(MY_SERVICE_NAME).$(MY_NAMESPACE)\n - name: MY_MYSQL_VERSION\n value: 5.7.31\n - name: ORCH_CLUSTER_ALIAS\n value: test-mysql-123.default\n - name: ORCH_HTTP_API\n value: http://mysql-operator.mcamel-system/api\n - name: MYSQL_ROOT_PASSWORD\n valueFrom:\n secretKeyRef:\n name: test-mysql-123-secret\n key: ROOT_PASSWORD\n optional: false\n - name: MYSQL_USER\n valueFrom:\n secretKeyRef:\n name: test-mysql-123-secret\n key: USER\n optional: true\n - name: MYSQL_PASSWORD\n valueFrom:\n secretKeyRef:\n name: test-mysql-123-secret\n key: PASSWORD\n optional: true\n - name: MYSQL_DATABASE\n valueFrom:\n secretKeyRef:\n name: test-mysql-123-secret\n key: DATABASE\n optional: true\n resources:\n limits:\n cpu: '1'\n memory: 1Gi\n requests:\n cpu: 100m\n memory: 512Mi\n volumeMounts:\n - name: conf\n mountPath: /etc/mysql\n - name: data\n mountPath: /var/lib/mysql\n livenessProbe:\n exec:\n command:\n - mysqladmin\n - '--defaults-file=/etc/mysql/client.conf'\n - ping\n initialDelaySeconds: 60\n timeoutSeconds: 5\n periodSeconds: 5\n successThreshold: 1\n failureThreshold: 3\n readinessProbe:\n exec:\n command:\n - /bin/sh\n - '-c'\n - >-\n test $(mysql --defaults-file=/etc/mysql/client.conf -NB -e\n 'SELECT COUNT(*) FROM sys_operator.status WHERE\n name=\"configured\" AND value=\"1\"') -eq 1\n initialDelaySeconds: 5\n timeoutSeconds: 5\n periodSeconds: 2\n successThreshold: 1\n failureThreshold: 3\n lifecycle:\n preStop:\n exec:\n command:\n - bash\n - /etc/mysql/pre-shutdown-ha.sh\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: IfNotPresent\n - name: sidecar\n image: docker.m.daocloud.io/bitpoke/mysql-operator-sidecar-5.7:v0.6.1\n args:\n - config-and-serve\n ports:\n - name: sidecar-http\n containerPort: 8080\n protocol: TCP\n envFrom:\n - secretRef:\n name: test-mysql-123-mysql-operated\n env:\n - name: MY_NAMESPACE\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n - name: MY_POD_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.name\n - name: MY_POD_IP\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: status.podIP\n - name: MY_SERVICE_NAME\n value: mysql\n - name: MY_CLUSTER_NAME\n value: test-mysql-123\n - name: MY_FQDN\n value: $(MY_POD_NAME).$(MY_SERVICE_NAME).$(MY_NAMESPACE)\n - name: MY_MYSQL_VERSION\n value: 5.7.31\n - name: XTRABACKUP_TARGET_DIR\n value: /tmp/xtrabackup_backupfiles/\n resources:\n limits:\n cpu: '1'\n memory: 1Gi\n requests:\n cpu: 10m\n memory: 64Mi\n volumeMounts:\n - name: conf\n mountPath: /etc/mysql\n - name: data\n mountPath: /var/lib/mysql\n readinessProbe:\n httpGet:\n path: /health\n port: 8080\n scheme: HTTP\n initialDelaySeconds: 30\n timeoutSeconds: 5\n periodSeconds: 5\n successThreshold: 1\n failureThreshold: 3\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: IfNotPresent\n - name: metrics-exporter\n image: prom/mysqld-exporter:v0.13.0\n args:\n - '--web.listen-address=0.0.0.0:9125'\n - '--web.telemetry-path=/metrics'\n - '--collect.heartbeat'\n - '--collect.heartbeat.database=sys_operator'\n ports:\n - name: prometheus\n containerPort: 9125\n protocol: TCP\n env:\n - name: MY_NAMESPACE\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n - name: MY_POD_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.name\n - name: MY_POD_IP\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: status.podIP\n - name: MY_SERVICE_NAME\n value: mysql\n - name: MY_CLUSTER_NAME\n value: test-mysql-123\n - name: MY_FQDN\n value: $(MY_POD_NAME).$(MY_SERVICE_NAME).$(MY_NAMESPACE)\n - name: MY_MYSQL_VERSION\n value: 5.7.31\n - name: USER\n valueFrom:\n secretKeyRef:\n name: test-mysql-123-mysql-operated\n key: METRICS_EXPORTER_USER\n optional: false\n - name: PASSWORD\n valueFrom:\n secretKeyRef:\n name: test-mysql-123-mysql-operated\n key: METRICS_EXPORTER_PASSWORD\n optional: false\n - name: DATA_SOURCE_NAME\n value: $(USER):$(PASSWORD)@(127.0.0.1:3306)/\n resources:\n limits:\n cpu: 100m\n memory: 128Mi\n requests:\n cpu: 10m\n memory: 32Mi\n livenessProbe:\n httpGet:\n path: /metrics\n port: 9125\n scheme: HTTP\n initialDelaySeconds: 30\n timeoutSeconds: 30\n periodSeconds: 30\n successThreshold: 1\n failureThreshold: 3\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: IfNotPresent\n - name: pt-heartbeat\n image: docker.m.daocloud.io/bitpoke/mysql-operator-sidecar-5.7:v0.6.1\n args:\n - pt-heartbeat\n - '--update'\n - '--replace'\n - '--check-read-only'\n - '--create-table'\n - '--database'\n - sys_operator\n - '--table'\n - heartbeat\n - '--utc'\n - '--defaults-file'\n - /etc/mysql/heartbeat.conf\n - '--fail-successive-errors=20'\n env:\n - name: MY_NAMESPACE\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n - name: MY_POD_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.name\n - name: MY_POD_IP\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: status.podIP\n - name: MY_SERVICE_NAME\n value: mysql\n - name: MY_CLUSTER_NAME\n value: test-mysql-123\n - name: MY_FQDN\n value: $(MY_POD_NAME).$(MY_SERVICE_NAME).$(MY_NAMESPACE)\n - name: MY_MYSQL_VERSION\n value: 5.7.31\n resources:\n limits:\n cpu: 100m\n memory: 64Mi\n requests:\n cpu: 10m\n memory: 32Mi\n volumeMounts:\n - name: conf\n mountPath: /etc/mysql\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: IfNotPresent\n restartPolicy: Always\n terminationGracePeriodSeconds: 30\n dnsPolicy: ClusterFirst\n securityContext:\n runAsUser: 999\n fsGroup: 999\n affinity:\n podAntiAffinity:\n preferredDuringSchedulingIgnoredDuringExecution:\n - weight: 100\n podAffinityTerm:\n labelSelector:\n matchLabels:\n app.kubernetes.io/component: database\n app.kubernetes.io/instance: test-mysql-123\n app.kubernetes.io/managed-by: mysql.presslabs.org\n app.kubernetes.io/name: mysql\n app.kubernetes.io/version: 5.7.31\n mysql.presslabs.org/cluster: test-mysql-123\n topologyKey: kubernetes.io/hostname\n schedulerName: default-scheduler\n volumeClaimTemplates:\n - kind: PersistentVolumeClaim\n apiVersion: v1\n metadata:\n name: data\n creationTimestamp: null\n ownerReferences:\n - apiVersion: mysql.presslabs.org/v1alpha1\n kind: MysqlCluster\n name: test-mysql-123\n uid: 5e877cc3-5167-49da-904e-820940cf1a6d\n controller: true\n spec:\n accessModes:\n - ReadWriteOnce\n resources:\n limits:\n storage: 1Gi\n requests:\n storage: 1Gi\n storageClassName: local-path\n volumeMode: Filesystem\n status:\n phase: Pending\n serviceName: mysql\n podManagementPolicy: OrderedReady\n updateStrategy:\n type: RollingUpdate\n rollingUpdate:\n partition: 0\n revisionHistoryLimit: 10\nstatus:\n observedGeneration: 1\n replicas: 1\n readyReplicas: 1\n currentReplicas: 1\n updatedReplicas: 1\n currentRevision: test-mysql-123-mysql-6b8f5577c7\n updateRevision: test-mysql-123-mysql-6b8f5577c7\n collisionCount: 0\n availableReplicas: 1\n
"},{"location":"end-user/kpanda/workloads/pod-config/env-variables.html","title":"\u914d\u7f6e\u73af\u5883\u53d8\u91cf","text":"\u73af\u5883\u53d8\u91cf\u662f\u6307\u5bb9\u5668\u8fd0\u884c\u73af\u5883\u4e2d\u8bbe\u5b9a\u7684\u4e00\u4e2a\u53d8\u91cf\uff0c\u7528\u4e8e\u7ed9 Pod \u6dfb\u52a0\u73af\u5883\u6807\u5fd7\u6216\u4f20\u9012\u914d\u7f6e\u7b49\uff0c\u652f\u6301\u901a\u8fc7\u952e\u503c\u5bf9\u7684\u5f62\u5f0f\u4e3a Pod \u914d\u7f6e\u73af\u5883\u53d8\u91cf\u3002
\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u5bb9\u5668\u7ba1\u7406\u5728\u539f\u751f Kubernetes \u7684\u57fa\u7840\u4e0a\u589e\u52a0\u4e86\u56fe\u5f62\u5316\u754c\u9762\u4e3a Pod \u914d\u7f6e\u73af\u5883\u53d8\u91cf\uff0c\u652f\u6301\u4ee5\u4e0b\u51e0\u79cd\u914d\u7f6e\u65b9\u5f0f\uff1a
\u5bb9\u5668\u5065\u5eb7\u68c0\u67e5\u6839\u636e\u7528\u6237\u9700\u6c42\uff0c\u68c0\u67e5\u5bb9\u5668\u7684\u5065\u5eb7\u72b6\u51b5\u3002\u914d\u7f6e\u540e\uff0c\u5bb9\u5668\u5185\u7684\u5e94\u7528\u7a0b\u5e8f\u5165\u5982\u679c\u5f02\u5e38\uff0c\u5bb9\u5668\u4f1a\u81ea\u52a8\u8fdb\u884c\u91cd\u542f\u6062\u590d\u3002Kubernetes \u63d0\u4f9b\u4e86\u5b58\u6d3b\uff08Liveness\uff09\u68c0\u67e5\u3001\u5c31\u7eea\uff08Readiness\uff09\u68c0\u67e5\u548c\u542f\u52a8\uff08Startup\uff09\u68c0\u67e5\u3002
\u5b58\u6d3b\u68c0\u67e5\uff08LivenessProbe\uff09 \u53ef\u63a2\u6d4b\u5230\u5e94\u7528\u6b7b\u9501\uff08\u5e94\u7528\u7a0b\u5e8f\u5728\u8fd0\u884c\uff0c\u4f46\u662f\u65e0\u6cd5\u7ee7\u7eed\u6267\u884c\u540e\u9762\u7684\u6b65\u9aa4\uff09\u60c5\u51b5\u3002 \u91cd\u542f\u8fd9\u79cd\u72b6\u6001\u4e0b\u7684\u5bb9\u5668\u6709\u52a9\u4e8e\u63d0\u9ad8\u5e94\u7528\u7684\u53ef\u7528\u6027\uff0c\u5373\u4f7f\u5176\u4e2d\u5b58\u5728\u7f3a\u9677\u3002
\u5c31\u7eea\u68c0\u67e5\uff08ReadinessProbe\uff09 \u53ef\u63a2\u77e5\u5bb9\u5668\u4f55\u65f6\u51c6\u5907\u597d\u63a5\u53d7\u8bf7\u6c42\u6d41\u91cf\uff0c\u5f53\u4e00\u4e2a Pod \u5185\u7684\u6240\u6709\u5bb9\u5668\u90fd\u5c31\u7eea\u65f6\uff0c\u624d\u80fd\u8ba4\u4e3a\u8be5 Pod \u5c31\u7eea\u3002 \u8fd9\u79cd\u4fe1\u53f7\u7684\u4e00\u4e2a\u7528\u9014\u5c31\u662f\u63a7\u5236\u54ea\u4e2a Pod \u4f5c\u4e3a Service \u7684\u540e\u7aef\u3002 \u82e5 Pod \u5c1a\u672a\u5c31\u7eea\uff0c\u4f1a\u88ab\u4ece Service \u7684\u8d1f\u8f7d\u5747\u8861\u5668\u4e2d\u5254\u9664\u3002
\u542f\u52a8\u68c0\u67e5\uff08StartupProbe\uff09 \u53ef\u4ee5\u4e86\u89e3\u5e94\u7528\u5bb9\u5668\u4f55\u65f6\u542f\u52a8\uff0c\u914d\u7f6e\u540e\uff0c\u53ef\u63a7\u5236\u5bb9\u5668\u5728\u542f\u52a8\u6210\u529f\u540e\u518d\u8fdb\u884c\u5b58\u6d3b\u6027\u548c\u5c31\u7eea\u6001\u68c0\u67e5\uff0c \u786e\u4fdd\u8fd9\u4e9b\u5b58\u6d3b\u3001\u5c31\u7eea\u63a2\u6d4b\u5668\u4e0d\u4f1a\u5f71\u54cd\u5e94\u7528\u7684\u542f\u52a8\u3002 \u542f\u52a8\u63a2\u6d4b\u53ef\u4ee5\u7528\u4e8e\u5bf9\u6162\u542f\u52a8\u5bb9\u5668\u8fdb\u884c\u5b58\u6d3b\u6027\u68c0\u6d4b\uff0c\u907f\u514d\u5b83\u4eec\u5728\u542f\u52a8\u8fd0\u884c\u4e4b\u524d\u5c31\u88ab\u6740\u6389\u3002
\u5b58\u6d3b\u68c0\u67e5\uff08LivenessProbe\uff09\u7684\u914d\u7f6e\u548c\u5c31\u7eea\u68c0\u67e5\uff08ReadinessProbe\uff09\u7684\u914d\u7f6e\u53c2\u6570\u76f8\u4f3c\uff0c \u552f\u4e00\u533a\u522b\u662f\u8981\u4f7f\u7528 readinessProbe \u5b57\u6bb5\uff0c\u800c\u4e0d\u662f livenessProbe \u5b57\u6bb5\u3002
HTTP GET \u53c2\u6570\u8bf4\u660e\uff1a
\u53c2\u6570 \u53c2\u6570\u8bf4\u660e \u8def\u5f84\uff08 Path\uff09 \u8bbf\u95ee\u7684\u8bf7\u6c42\u8def\u5f84\u3002\u5982\uff1a \u793a\u4f8b\u4e2d\u7684 /healthz \u8def\u5f84 \u7aef\u53e3(Port) \u670d\u52a1\u76d1\u542c\u7aef\u53e3\u3002 \u5982\uff1a \u793a\u4f8b\u4e2d\u7684 8080 \u7aef\u53e3 \u534f\u8bae \u8bbf\u95ee\u534f\u8bae\uff0cHttp \u6216\u8005Https \u5ef6\u8fdf\u65f6\u95f4\uff08initialDelaySeconds\uff09 \u5ef6\u8fdf\u68c0\u67e5\u65f6\u95f4\uff0c\u5355\u4f4d\u4e3a\u79d2\uff0c\u6b64\u8bbe\u7f6e\u4e0e\u4e1a\u52a1\u7a0b\u5e8f\u6b63\u5e38\u542f\u52a8\u65f6\u95f4\u76f8\u5173\u3002\u4f8b\u5982\uff0c\u8bbe\u7f6e\u4e3a30\uff0c\u8868\u660e\u5bb9\u5668\u542f\u52a8\u540e30\u79d2\u624d\u5f00\u59cb\u5065\u5eb7\u68c0\u67e5\uff0c\u8be5\u65f6\u95f4\u662f\u9884\u7559\u7ed9\u4e1a\u52a1\u7a0b\u5e8f\u542f\u52a8\u7684\u65f6\u95f4\u3002 \u8d85\u65f6\u65f6\u95f4\uff08timeoutSeconds\uff09 \u8d85\u65f6\u65f6\u95f4\uff0c\u5355\u4f4d\u4e3a\u79d2\u3002\u4f8b\u5982\uff0c\u8bbe\u7f6e\u4e3a10\uff0c\u8868\u660e\u6267\u884c\u5065\u5eb7\u68c0\u67e5\u7684\u8d85\u65f6\u7b49\u5f85\u65f6\u95f4\u4e3a10\u79d2\uff0c\u5982\u679c\u8d85\u8fc7\u8fd9\u4e2a\u65f6\u95f4\uff0c\u672c\u6b21\u5065\u5eb7\u68c0\u67e5\u5c31\u88ab\u89c6\u4e3a\u5931\u8d25\u3002\u82e5\u8bbe\u7f6e\u4e3a0\u6216\u4e0d\u8bbe\u7f6e\uff0c\u9ed8\u8ba4\u8d85\u65f6\u7b49\u5f85\u65f6\u95f4\u4e3a1\u79d2\u3002 \u8d85\u65f6\u65f6\u95f4\uff08timeoutSeconds\uff09 \u8d85\u65f6\u65f6\u95f4\uff0c\u5355\u4f4d\u4e3a\u79d2\u3002\u4f8b\u5982\uff0c\u8bbe\u7f6e\u4e3a10\uff0c\u8868\u660e\u6267\u884c\u5065\u5eb7\u68c0\u67e5\u7684\u8d85\u65f6\u7b49\u5f85\u65f6\u95f4\u4e3a10\u79d2\uff0c\u5982\u679c\u8d85\u8fc7\u8fd9\u4e2a\u65f6\u95f4\uff0c\u672c\u6b21\u5065\u5eb7\u68c0\u67e5\u5c31\u88ab\u89c6\u4e3a\u5931\u8d25\u3002\u82e5\u8bbe\u7f6e\u4e3a0\u6216\u4e0d\u8bbe\u7f6e\uff0c\u9ed8\u8ba4\u8d85\u65f6\u7b49\u5f85\u65f6\u95f4\u4e3a1\u79d2\u3002 \u6210\u529f\u9608\u503c\uff08successThreshold\uff09 \u63a2\u6d4b\u5931\u8d25\u540e\uff0c\u88ab\u89c6\u4e3a\u6210\u529f\u7684\u6700\u5c0f\u8fde\u7eed\u6210\u529f\u6570\u3002\u9ed8\u8ba4\u503c\u662f 1\uff0c\u6700\u5c0f\u503c\u662f 1\u3002\u5b58\u6d3b\u548c\u542f\u52a8\u63a2\u6d4b\u7684\u8fd9\u4e2a\u503c\u5fc5\u987b\u662f 1\u3002 \u6700\u5927\u5931\u8d25\u6b21\u6570\uff08failureThreshold\uff09 \u5f53\u63a2\u6d4b\u5931\u8d25\u65f6\u91cd\u8bd5\u7684\u6b21\u6570\u3002\u5b58\u6d3b\u63a2\u6d4b\u60c5\u51b5\u4e0b\u7684\u653e\u5f03\u5c31\u610f\u5473\u7740\u91cd\u65b0\u542f\u52a8\u5bb9\u5668\u3002\u5c31\u7eea\u63a2\u6d4b\u60c5\u51b5\u4e0b\u7684\u653e\u5f03 Pod \u4f1a\u88ab\u6253\u4e0a\u672a\u5c31\u7eea\u7684\u6807\u7b7e\u3002\u9ed8\u8ba4\u503c\u662f 3\u3002\u6700\u5c0f\u503c\u662f 1\u3002"},{"location":"end-user/kpanda/workloads/pod-config/health-check.html#http-get","title":"\u4f7f\u7528 HTTP GET \u8bf7\u6c42\u68c0\u67e5","text":"YAML \u793a\u4f8b\uff1a
apiVersion: v1\nkind: Pod\nmetadata:\n labels:\n test: liveness\n name: liveness-http\nspec:\n containers:\n - name: liveness\n image: k8s.gcr.io/liveness\n args:\n - /server\n livenessProbe:\n httpGet:\n path: /healthz # \u8bbf\u95ee\u7684\u8bf7\u6c42\u8def\u5f84\n port: 8080 # \u670d\u52a1\u76d1\u542c\u7aef\u53e3\n httpHeaders:\n - name: Custom-Header\n value: Awesome\n initialDelaySeconds: 3 # kubelet \u5728\u6267\u884c\u7b2c\u4e00\u6b21\u63a2\u6d4b\u524d\u5e94\u8be5\u7b49\u5f85 3 \u79d2\n periodSeconds: 3 # kubelet \u6bcf\u9694 3 \u79d2\u6267\u884c\u4e00\u6b21\u5b58\u6d3b\u63a2\u6d4b\n
\u6309\u7167\u8bbe\u5b9a\u7684\u89c4\u5219\uff0cubelet \u5411\u5bb9\u5668\u5185\u8fd0\u884c\u7684\u670d\u52a1\uff08\u670d\u52a1\u5728\u76d1\u542c 8080 \u7aef\u53e3\uff09\u53d1\u9001\u4e00\u4e2a HTTP GET \u8bf7\u6c42\u6765\u6267\u884c\u63a2\u6d4b\u3002\u5982\u679c\u670d\u52a1\u5668\u4e0a /healthz \u8def\u5f84\u4e0b\u7684\u5904\u7406\u7a0b\u5e8f\u8fd4\u56de\u6210\u529f\u4ee3\u7801\uff0c\u5219 kubelet \u8ba4\u4e3a\u5bb9\u5668\u662f\u5065\u5eb7\u5b58\u6d3b\u7684\u3002 \u5982\u679c\u5904\u7406\u7a0b\u5e8f\u8fd4\u56de\u5931\u8d25\u4ee3\u7801\uff0c\u5219 kubelet \u4f1a\u6740\u6b7b\u8fd9\u4e2a\u5bb9\u5668\u5e76\u5c06\u5176\u91cd\u542f\u3002\u8fd4\u56de\u5927\u4e8e\u6216\u7b49\u4e8e 200 \u5e76\u4e14\u5c0f\u4e8e 400 \u7684\u4efb\u4f55\u4ee3\u7801\u90fd\u6807\u793a\u6210\u529f\uff0c\u5176\u5b83\u8fd4\u56de\u4ee3\u7801\u90fd\u6807\u793a\u5931\u8d25\u3002 \u5bb9\u5668\u5b58\u6d3b\u671f\u95f4\u7684\u6700\u5f00\u59cb 10 \u79d2\u4e2d\uff0c /healthz \u5904\u7406\u7a0b\u5e8f\u8fd4\u56de 200 \u7684\u72b6\u6001\u7801\u3002 \u4e4b\u540e\u5904\u7406\u7a0b\u5e8f\u8fd4\u56de 500 \u7684\u72b6\u6001\u7801\u3002
"},{"location":"end-user/kpanda/workloads/pod-config/health-check.html#tcp","title":"\u4f7f\u7528 TCP \u7aef\u53e3\u68c0\u67e5","text":"TCP \u7aef\u53e3\u53c2\u6570\u8bf4\u660e\uff1a
\u53c2\u6570 \u53c2\u6570\u8bf4\u660e \u7aef\u53e3(Port) \u670d\u52a1\u76d1\u542c\u7aef\u53e3\u3002 \u5982\uff1a \u793a\u4f8b\u4e2d\u7684 8080 \u7aef\u53e3 \u5ef6\u8fdf\u65f6\u95f4\uff08initialDelaySeconds\uff09 \u5ef6\u8fdf\u68c0\u67e5\u65f6\u95f4\uff0c\u5355\u4f4d\u4e3a\u79d2\uff0c\u6b64\u8bbe\u7f6e\u4e0e\u4e1a\u52a1\u7a0b\u5e8f\u6b63\u5e38\u542f\u52a8\u65f6\u95f4\u76f8\u5173\u3002\u4f8b\u5982\uff0c\u8bbe\u7f6e\u4e3a30\uff0c\u8868\u660e\u5bb9\u5668\u542f\u52a8\u540e30\u79d2\u624d\u5f00\u59cb\u5065\u5eb7\u68c0\u67e5\uff0c\u8be5\u65f6\u95f4\u662f\u9884\u7559\u7ed9\u4e1a\u52a1\u7a0b\u5e8f\u542f\u52a8\u7684\u65f6\u95f4\u3002 \u8d85\u65f6\u65f6\u95f4\uff08timeoutSeconds\uff09 \u8d85\u65f6\u65f6\u95f4\uff0c\u5355\u4f4d\u4e3a\u79d2\u3002\u4f8b\u5982\uff0c\u8bbe\u7f6e\u4e3a10\uff0c\u8868\u660e\u6267\u884c\u5065\u5eb7\u68c0\u67e5\u7684\u8d85\u65f6\u7b49\u5f85\u65f6\u95f4\u4e3a10\u79d2\uff0c\u5982\u679c\u8d85\u8fc7\u8fd9\u4e2a\u65f6\u95f4\uff0c\u672c\u6b21\u5065\u5eb7\u68c0\u67e5\u5c31\u88ab\u89c6\u4e3a\u5931\u8d25\u3002\u82e5\u8bbe\u7f6e\u4e3a0\u6216\u4e0d\u8bbe\u7f6e\uff0c\u9ed8\u8ba4\u8d85\u65f6\u7b49\u5f85\u65f6\u95f4\u4e3a1\u79d2\u3002\u5bf9\u4e8e\u63d0\u4f9bTCP\u901a\u4fe1\u670d\u52a1\u7684\u5bb9\u5668\uff0c\u57fa\u4e8e\u6b64\u914d\u7f6e\uff0c\u6309\u7167\u8bbe\u5b9a\u89c4\u5219\u96c6\u7fa4\u5bf9\u8be5\u5bb9\u5668\u5efa\u7acbTCP\u8fde\u63a5\uff0c\u5982\u679c\u8fde\u63a5\u6210\u529f\uff0c\u5219\u8bc1\u660e\u63a2\u6d4b\u6210\u529f\uff0c\u5426\u5219\u63a2\u6d4b\u5931\u8d25\u3002\u9009\u62e9TCP\u7aef\u53e3\u63a2\u6d4b\u65b9\u5f0f\uff0c\u5fc5\u987b\u6307\u5b9a\u5bb9\u5668\u76d1\u542c\u7684\u7aef\u53e3\u3002
YAML \u793a\u4f8b\uff1a
apiVersion: v1\nkind: Pod\nmetadata:\n name: goproxy\n labels:\n app: goproxy\nspec:\n containers:\n - name: goproxy\n image: k8s.gcr.io/goproxy:0.1\n ports:\n - containerPort: 8080\n readinessProbe:\n tcpSocket:\n port: 8080\n initialDelaySeconds: 5\n periodSeconds: 10\n livenessProbe:\n tcpSocket:\n port: 8080\n initialDelaySeconds: 15\n periodSeconds: 20\n
\u6b64\u793a\u4f8b\u540c\u65f6\u4f7f\u7528\u5c31\u7eea\u548c\u5b58\u6d3b\u63a2\u9488\u3002kubelet \u5728\u5bb9\u5668\u542f\u52a8 5 \u79d2\u540e\u53d1\u9001\u7b2c\u4e00\u4e2a\u5c31\u7eea\u63a2\u6d4b\u3002 \u5c1d\u8bd5\u8fde\u63a5 goproxy \u5bb9\u5668\u7684 8080 \u7aef\u53e3\uff0c \u5982\u679c\u63a2\u6d4b\u6210\u529f\uff0c\u8fd9\u4e2a Pod \u4f1a\u88ab\u6807\u8bb0\u4e3a\u5c31\u7eea\u72b6\u6001\uff0ckubelet \u5c06\u7ee7\u7eed\u6bcf\u9694 10 \u79d2\u8fd0\u884c\u4e00\u6b21\u68c0\u6d4b\u3002
\u9664\u4e86\u5c31\u7eea\u63a2\u6d4b\uff0c\u8fd9\u4e2a\u914d\u7f6e\u5305\u62ec\u4e86\u4e00\u4e2a\u5b58\u6d3b\u63a2\u6d4b\u3002 kubelet \u4f1a\u5728\u5bb9\u5668\u542f\u52a8 15 \u79d2\u540e\u8fdb\u884c\u7b2c\u4e00\u6b21\u5b58\u6d3b\u63a2\u6d4b\u3002 \u5c31\u7eea\u63a2\u6d4b\u4f1a\u5c1d\u8bd5\u8fde\u63a5 goproxy \u5bb9\u5668\u7684 8080 \u7aef\u53e3\u3002 \u5982\u679c\u5b58\u6d3b\u63a2\u6d4b\u5931\u8d25\uff0c\u5bb9\u5668\u4f1a\u88ab\u91cd\u65b0\u542f\u52a8\u3002
"},{"location":"end-user/kpanda/workloads/pod-config/health-check.html#_3","title":"\u6267\u884c\u547d\u4ee4\u68c0\u67e5","text":"YAML \u793a\u4f8b:
apiVersion: v1\nkind: Pod\nmetadata:\n labels:\n test: liveness\n name: liveness-exec\nspec:\n containers:\n - name: liveness\n image: k8s.gcr.io/busybox\n args:\n - /bin/sh\n - -c\n - touch /tmp/healthy; sleep 30; rm -f /tmp/healthy; sleep 600\n livenessProbe:\n exec:\n command:\n - cat\n - /tmp/healthy\n initialDelaySeconds: 5 # kubelet \u5728\u6267\u884c\u7b2c\u4e00\u6b21\u63a2\u6d4b\u524d\u7b49\u5f85 5 \u79d2\n periodSeconds: 5 #kubelet \u6bcf 5 \u79d2\u6267\u884c\u4e00\u6b21\u5b58\u6d3b\u63a2\u6d4b\n
periodSeconds \u5b57\u6bb5\u6307\u5b9a\u4e86 kubelet \u6bcf 5 \u79d2\u6267\u884c\u4e00\u6b21\u5b58\u6d3b\u63a2\u6d4b\uff0c initialDelaySeconds \u5b57\u6bb5\u6307\u5b9a kubelet \u5728\u6267\u884c\u7b2c\u4e00\u6b21\u63a2\u6d4b\u524d\u7b49\u5f85 5 \u79d2\u3002\u6309\u7167\u8bbe\u5b9a\u89c4\u5219\uff0c\u96c6\u7fa4\u5468\u671f\u6027\u7684\u901a\u8fc7 kubelet \u5728\u5bb9\u5668\u5185\u6267\u884c\u547d\u4ee4 cat /tmp/healthy \u6765\u8fdb\u884c\u63a2\u6d4b\u3002 \u5982\u679c\u547d\u4ee4\u6267\u884c\u6210\u529f\u5e76\u4e14\u8fd4\u56de\u503c\u4e3a 0\uff0ckubelet \u5c31\u4f1a\u8ba4\u4e3a\u8fd9\u4e2a\u5bb9\u5668\u662f\u5065\u5eb7\u5b58\u6d3b\u7684\u3002 \u5982\u679c\u8fd9\u4e2a\u547d\u4ee4\u8fd4\u56de\u975e 0 \u503c\uff0ckubelet \u4f1a\u6740\u6b7b\u8fd9\u4e2a\u5bb9\u5668\u5e76\u91cd\u65b0\u542f\u52a8\u5b83\u3002
"},{"location":"end-user/kpanda/workloads/pod-config/health-check.html#_4","title":"\u4f7f\u7528\u542f\u52a8\u524d\u68c0\u67e5\u4fdd\u62a4\u6162\u542f\u52a8\u5bb9\u5668","text":"\u6709\u4e9b\u5e94\u7528\u5728\u542f\u52a8\u65f6\u9700\u8981\u8f83\u957f\u7684\u521d\u59cb\u5316\u65f6\u95f4\uff0c\u9700\u8981\u4f7f\u7528\u76f8\u540c\u7684\u547d\u4ee4\u6765\u8bbe\u7f6e\u542f\u52a8\u63a2\u6d4b\uff0c\u9488\u5bf9 HTTP \u6216 TCP \u68c0\u6d4b\uff0c\u53ef\u4ee5\u901a\u8fc7\u5c06 failureThreshold * periodSeconds \u53c2\u6570\u8bbe\u7f6e\u4e3a\u8db3\u591f\u957f\u7684\u65f6\u95f4\u6765\u5e94\u5bf9\u542f\u52a8\u9700\u8981\u8f83\u957f\u65f6\u95f4\u7684\u573a\u666f\u3002
YAML \u793a\u4f8b\uff1a
ports:\n- name: liveness-port\n containerPort: 8080\n hostPort: 8080\n\nlivenessProbe:\n httpGet:\n path: /healthz\n port: liveness-port\n failureThreshold: 1\n periodSeconds: 10\n\nstartupProbe:\n httpGet:\n path: /healthz\n port: liveness-port\n failureThreshold: 30\n periodSeconds: 10\n
\u5982\u4e0a\u8bbe\u7f6e\uff0c\u5e94\u7528\u5c06\u6709\u6700\u591a 5 \u5206\u949f\uff0830 * 10 = 300s\uff09\u7684\u65f6\u95f4\u6765\u5b8c\u6210\u542f\u52a8\u8fc7\u7a0b\uff0c \u4e00\u65e6\u542f\u52a8\u63a2\u6d4b\u6210\u529f\uff0c\u5b58\u6d3b\u63a2\u6d4b\u4efb\u52a1\u5c31\u4f1a\u63a5\u7ba1\u5bf9\u5bb9\u5668\u7684\u63a2\u6d4b\uff0c\u5bf9\u5bb9\u5668\u6b7b\u9501\u4f5c\u51fa\u5feb\u901f\u54cd\u5e94\u3002 \u5982\u679c\u542f\u52a8\u63a2\u6d4b\u4e00\u76f4\u6ca1\u6709\u6210\u529f\uff0c\u5bb9\u5668\u4f1a\u5728 300 \u79d2\u540e\u88ab\u6740\u6b7b\uff0c\u5e76\u4e14\u6839\u636e restartPolicy \u6765 \u6267\u884c\u8fdb\u4e00\u6b65\u5904\u7f6e\u3002
"},{"location":"end-user/kpanda/workloads/pod-config/job-parameters.html","title":"\u4efb\u52a1\u53c2\u6570\u8bf4\u660e","text":"\u6839\u636e .spec.completions \u548c .spec.Parallelism \u7684\u8bbe\u7f6e\uff0c\u53ef\u4ee5\u5c06\u4efb\u52a1\uff08Job\uff09\u5212\u5206\u4e3a\u4ee5\u4e0b\u51e0\u79cd\u7c7b\u578b:
Job \u7c7b\u578b \u8bf4\u660e \u975e\u5e76\u884c Job \u521b\u5efa\u4e00\u4e2a Pod \u76f4\u81f3\u5176 Job \u6210\u529f\u7ed3\u675f \u5177\u6709\u786e\u5b9a\u5b8c\u6210\u8ba1\u6570\u7684\u5e76\u884c Job \u5f53\u6210\u529f\u7684 Pod \u4e2a\u6570\u8fbe\u5230 .spec.completions \u65f6\uff0cJob \u88ab\u89c6\u4e3a\u5b8c\u6210 \u5e76\u884c Job \u521b\u5efa\u4e00\u4e2a\u6216\u591a\u4e2a Pod \u76f4\u81f3\u6709\u4e00\u4e2a\u6210\u529f\u7ed3\u675f\u53c2\u6570\u8bf4\u660e
RestartPolicy \u521b\u5efa\u4e00\u4e2a Pod \u76f4\u81f3\u5176\u6210\u529f\u7ed3\u675f .spec.completions \u8868\u793a Job \u7ed3\u675f\u9700\u8981\u6210\u529f\u8fd0\u884c\u7684 Pod \u4e2a\u6570\uff0c\u9ed8\u8ba4\u4e3a 1 .spec.parallelism \u8868\u793a\u5e76\u884c\u8fd0\u884c\u7684 Pod \u7684\u4e2a\u6570\uff0c\u9ed8\u8ba4\u4e3a 1 spec.backoffLimit \u8868\u793a\u5931\u8d25 Pod \u7684\u91cd\u8bd5\u6700\u5927\u6b21\u6570\uff0c\u8d85\u8fc7\u8fd9\u4e2a\u6b21\u6570\u4e0d\u4f1a\u7ee7\u7eed\u91cd\u8bd5\u3002 .spec.activeDeadlineSeconds \u8868\u793a Pod \u8fd0\u884c\u65f6\u95f4\uff0c\u4e00\u65e6\u8fbe\u5230\u8fd9\u4e2a\u65f6\u95f4\uff0cJob \u5373\u5176\u6240\u6709\u7684 Pod \u90fd\u4f1a\u505c\u6b62\u3002\u4e14activeDeadlineSeconds \u4f18\u5148\u7ea7\u9ad8\u4e8e backoffLimit\uff0c\u5373\u5230\u8fbe activeDeadlineSeconds \u7684 Job \u4f1a\u5ffd\u7565backoffLimit \u7684\u8bbe\u7f6e\u3002\u4ee5\u4e0b\u662f\u4e00\u4e2a Job \u914d\u7f6e\u793a\u4f8b\uff0c\u4fdd\u5b58\u5728 myjob.yaml \u4e2d\uff0c\u5176\u8ba1\u7b97 \u03c0 \u5230 2000 \u4f4d\u5e76\u6253\u5370\u8f93\u51fa\u3002
apiVersion: batch/v1\nkind: Job # \u5f53\u524d\u8d44\u6e90\u7684\u7c7b\u578b\nmetadata:\n name: myjob\nspec:\n completions: 50 # Job\u7ed3\u675f\u9700\u8981\u8fd0\u884c50\u4e2aPod\uff0c\u8fd9\u4e2a\u793a\u4f8b\u4e2d\u5c31\u662f\u6253\u5370\u03c0 50\u6b21\n parallelism: 5 # \u5e76\u884c5\u4e2aPod\n backoffLimit: 5 # \u6700\u591a\u91cd\u8bd55\u6b21\n template:\n spec:\n containers:\n - name: pi\n image: perl\n command: [\"perl\", \"-Mbignum=bpi\", \"-wle\", \"print bpi(2000)\"]\n restartPolicy: Never #\u91cd\u542f\u7b56\u7565\n
\u76f8\u5173\u547d\u4ee4
kubectl apply -f myjob.yaml #\u542f\u52a8 job\nkubectl get job #\u67e5\u770b\u8fd9\u4e2ajob\nkubectl logs myjob-1122dswzs \u67e5\u770bJob Pod \u7684\u65e5\u5fd7\n
"},{"location":"end-user/kpanda/workloads/pod-config/lifecycle.html","title":"\u914d\u7f6e\u5bb9\u5668\u751f\u547d\u5468\u671f","text":"Pod \u9075\u5faa\u4e00\u4e2a\u9884\u5b9a\u4e49\u7684\u751f\u547d\u5468\u671f\uff0c\u8d77\u59cb\u4e8e Pending \u9636\u6bb5\uff0c\u5982\u679c Pod \u5185\u81f3\u5c11\u6709\u4e00\u4e2a\u5bb9\u5668\u6b63\u5e38\u542f\u52a8\uff0c\u5219\u8fdb\u5165 Running \u72b6\u6001\u3002\u5982\u679c Pod \u4e2d\u6709\u5bb9\u5668\u4ee5\u5931\u8d25\u72b6\u6001\u7ed3\u675f\uff0c\u5219\u72b6\u6001\u53d8\u4e3a Failed \u3002\u4ee5\u4e0b phase \u5b57\u6bb5\u503c\u8868\u660e\u4e86\u4e00\u4e2a Pod \u5904\u4e8e\u751f\u547d\u5468\u671f\u7684\u54ea\u4e2a\u9636\u6bb5\u3002
\u503c \u63cf\u8ff0 Pending \uff08\u60ac\u51b3\uff09 Pod \u5df2\u88ab\u7cfb\u7edf\u63a5\u53d7\uff0c\u4f46\u6709\u4e00\u4e2a\u6216\u8005\u591a\u4e2a\u5bb9\u5668\u5c1a\u672a\u521b\u5efa\u4ea6\u672a\u8fd0\u884c\u3002\u8fd9\u4e2a\u9636\u6bb5\u5305\u62ec\u7b49\u5f85 Pod \u88ab\u8c03\u5ea6\u7684\u65f6\u95f4\u548c\u901a\u8fc7\u7f51\u7edc\u4e0b\u8f7d\u955c\u50cf\u7684\u65f6\u95f4\u3002 Running \uff08\u8fd0\u884c\u4e2d\uff09 Pod \u5df2\u7ecf\u7ed1\u5b9a\u5230\u4e86\u67d0\u4e2a\u8282\u70b9\uff0cPod \u4e2d\u7684\u6240\u6709\u5bb9\u5668\u90fd\u5df2\u88ab\u521b\u5efa\u3002\u81f3\u5c11\u6709\u4e00\u4e2a\u5bb9\u5668\u4ecd\u5728\u8fd0\u884c\uff0c\u6216\u8005\u6b63\u5904\u4e8e\u542f\u52a8\u6216\u91cd\u542f\u72b6\u6001\u3002 Succeeded \uff08\u6210\u529f\uff09 Pod \u4e2d\u7684\u6240\u6709\u5bb9\u5668\u90fd\u5df2\u6210\u529f\u7ec8\u6b62\uff0c\u5e76\u4e14\u4e0d\u4f1a\u518d\u91cd\u542f\u3002 Failed \uff08\u5931\u8d25\uff09 Pod \u4e2d\u7684\u6240\u6709\u5bb9\u5668\u90fd\u5df2\u7ec8\u6b62\uff0c\u5e76\u4e14\u81f3\u5c11\u6709\u4e00\u4e2a\u5bb9\u5668\u662f\u56e0\u4e3a\u5931\u8d25\u800c\u7ec8\u6b62\u3002\u4e5f\u5c31\u662f\u8bf4\uff0c\u5bb9\u5668\u4ee5\u975e 0 \u72b6\u6001\u9000\u51fa\u6216\u8005\u88ab\u7cfb\u7edf\u7ec8\u6b62\u3002 Unknown \uff08\u672a\u77e5\uff09 \u56e0\u4e3a\u67d0\u4e9b\u539f\u56e0\u65e0\u6cd5\u53d6\u5f97 Pod \u7684\u72b6\u6001\uff0c\u8fd9\u79cd\u60c5\u51b5\u901a\u5e38\u662f\u56e0\u4e3a\u4e0e Pod \u6240\u5728\u4e3b\u673a\u901a\u4fe1\u5931\u8d25\u6240\u81f4\u3002\u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u5bb9\u5668\u7ba1\u7406\u4e2d\u521b\u5efa\u4e00\u4e2a\u5de5\u4f5c\u8d1f\u8f7d\u65f6\uff0c\u901a\u5e38\u4f7f\u7528\u955c\u50cf\u6765\u6307\u5b9a\u5bb9\u5668\u4e2d\u7684\u8fd0\u884c\u73af\u5883\u3002\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u5728\u6784\u5efa\u955c\u50cf\u65f6\uff0c\u53ef\u4ee5\u901a\u8fc7 Entrypoint \u548c CMD \u4e24\u4e2a\u5b57\u6bb5\u6765\u5b9a\u4e49\u5bb9\u5668\u8fd0\u884c\u65f6\u6267\u884c\u7684\u547d\u4ee4\u548c\u53c2\u6570\u3002\u5982\u679c\u9700\u8981\u66f4\u6539\u5bb9\u5668\u955c\u50cf\u542f\u52a8\u524d\u3001\u542f\u52a8\u540e\u3001\u505c\u6b62\u524d\u7684\u547d\u4ee4\u548c\u53c2\u6570\uff0c\u53ef\u4ee5\u901a\u8fc7\u8bbe\u7f6e\u5bb9\u5668\u7684\u751f\u547d\u5468\u671f\u4e8b\u4ef6\u547d\u4ee4\u548c\u53c2\u6570\uff0c\u6765\u8986\u76d6\u955c\u50cf\u4e2d\u9ed8\u8ba4\u7684\u547d\u4ee4\u548c\u53c2\u6570\u3002
"},{"location":"end-user/kpanda/workloads/pod-config/lifecycle.html#_2","title":"\u751f\u547d\u5468\u671f\u914d\u7f6e","text":"\u6839\u636e\u4e1a\u52a1\u9700\u8981\u5bf9\u5bb9\u5668\u7684\u542f\u52a8\u547d\u4ee4\u3001\u542f\u52a8\u540e\u547d\u4ee4\u3001\u505c\u6b62\u524d\u547d\u4ee4\u8fdb\u884c\u914d\u7f6e\u3002
\u53c2\u6570 \u8bf4\u660e \u4e3e\u4f8b\u503c \u542f\u52a8\u547d\u4ee4 \u3010\u7c7b\u578b\u3011\u9009\u586b\u3010\u542b\u4e49\u3011\u5bb9\u5668\u5c06\u6309\u7167\u542f\u52a8\u547d\u4ee4\u8fdb\u884c\u542f\u52a8\u3002 \u542f\u52a8\u540e\u547d\u4ee4 \u3010\u7c7b\u578b\u3011\u9009\u586b\u3010\u542b\u4e49\u3011\u5bb9\u5668\u542f\u52a8\u540e\u51fa\u53d1\u7684\u547d\u4ee4 \u505c\u6b62\u524d\u547d\u4ee4 \u3010\u7c7b\u578b\u3011\u9009\u586b\u3010\u542b\u4e49\u3011\u5bb9\u5668\u5728\u6536\u5230\u505c\u6b62\u547d\u4ee4\u540e\u6267\u884c\u7684\u547d\u4ee4\u3002\u786e\u4fdd\u5347\u7ea7\u6216\u5b9e\u4f8b\u5220\u9664\u65f6\u53ef\u63d0\u524d\u5c06\u5b9e\u4f8b\u4e2d\u8fd0\u884c\u7684\u4e1a\u52a1\u6392\u6c34\u3002"},{"location":"end-user/kpanda/workloads/pod-config/lifecycle.html#_3","title":"\u542f\u52a8\u547d\u4ee4","text":"\u6839\u636e\u4e0b\u8868\u5bf9\u542f\u52a8\u547d\u4ee4\u8fdb\u884c\u914d\u7f6e\u3002
\u53c2\u6570 \u8bf4\u660e \u4e3e\u4f8b\u503c \u8fd0\u884c\u547d\u4ee4 \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u8f93\u5165\u53ef\u6267\u884c\u7684\u547d\u4ee4\uff0c\u591a\u4e2a\u547d\u4ee4\u4e4b\u95f4\u7528\u7a7a\u683c\u8fdb\u884c\u5206\u5272\uff0c\u5982\u547d\u4ee4\u672c\u8eab\u5e26\u7a7a\u683c\uff0c\u5219\u9700\u8981\u52a0\uff08\u201c\u201d\uff09\u3002\u3010\u542b\u4e49\u3011\u591a\u547d\u4ee4\u65f6\uff0c\u8fd0\u884c\u547d\u4ee4\u5efa\u8bae\u7528/bin/sh\u6216\u5176\u4ed6\u7684shell\uff0c\u5176\u4ed6\u5168\u90e8\u547d\u4ee4\u4f5c\u4e3a\u53c2\u6570\u6765\u4f20\u5165\u3002 /run/server \u8fd0\u884c\u53c2\u6570 \u3010\u7c7b\u578b\u3011\u9009\u586b\u3010\u542b\u4e49\u3011\u8f93\u5165\u63a7\u5236\u5bb9\u5668\u8fd0\u884c\u547d\u4ee4\u53c2\u6570\u3002 port=8080"},{"location":"end-user/kpanda/workloads/pod-config/lifecycle.html#_4","title":"\u542f\u52a8\u540e\u547d\u4ee4","text":"\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u63d0\u4f9b\u547d\u4ee4\u884c\u811a\u672c\u548c HTTP \u8bf7\u6c42\u4e24\u79cd\u5904\u7406\u7c7b\u578b\u5bf9\u542f\u52a8\u540e\u547d\u4ee4\u8fdb\u884c\u914d\u7f6e\u3002\u60a8\u53ef\u4ee5\u6839\u636e\u4e0b\u8868\u9009\u62e9\u9002\u5408\u60a8\u7684\u914d\u7f6e\u65b9\u5f0f\u3002
\u547d\u4ee4\u884c\u811a\u672c\u914d\u7f6e
\u53c2\u6570 \u8bf4\u660e \u4e3e\u4f8b\u503c \u8fd0\u884c\u547d\u4ee4 \u3010\u7c7b\u578b\u3011\u9009\u586b\u3010\u542b\u4e49\u3011\u8f93\u5165\u53ef\u6267\u884c\u7684\u547d\u4ee4\uff0c\u591a\u4e2a\u547d\u4ee4\u4e4b\u95f4\u7528\u7a7a\u683c\u8fdb\u884c\u5206\u5272\uff0c\u5982\u547d\u4ee4\u672c\u8eab\u5e26\u7a7a\u683c\uff0c\u5219\u9700\u8981\u52a0\uff08\u201c\u201d\uff09\u3002\u3010\u542b\u4e49\u3011\u591a\u547d\u4ee4\u65f6\uff0c\u8fd0\u884c\u547d\u4ee4\u5efa\u8bae\u7528/bin/sh\u6216\u5176\u4ed6\u7684shell\uff0c\u5176\u4ed6\u5168\u90e8\u547d\u4ee4\u4f5c\u4e3a\u53c2\u6570\u6765\u4f20\u5165\u3002 /run/server \u8fd0\u884c\u53c2\u6570 \u3010\u7c7b\u578b\u3011\u9009\u586b\u3010\u542b\u4e49\u3011\u8f93\u5165\u63a7\u5236\u5bb9\u5668\u8fd0\u884c\u547d\u4ee4\u53c2\u6570\u3002 port=8080"},{"location":"end-user/kpanda/workloads/pod-config/lifecycle.html#_5","title":"\u505c\u6b62\u524d\u547d\u4ee4","text":"\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u63d0\u4f9b\u547d\u4ee4\u884c\u811a\u672c\u548c HTTP \u8bf7\u6c42\u4e24\u79cd\u5904\u7406\u7c7b\u578b\u5bf9\u505c\u6b62\u524d\u547d\u4ee4\u8fdb\u884c\u914d\u7f6e\u3002\u60a8\u53ef\u4ee5\u6839\u636e\u4e0b\u8868\u9009\u62e9\u9002\u5408\u60a8\u7684\u914d\u7f6e\u65b9\u5f0f\u3002
HTTP \u8bf7\u6c42\u914d\u7f6e
\u53c2\u6570 \u8bf4\u660e \u4e3e\u4f8b\u503c URL \u8def\u5f84 \u3010\u7c7b\u578b\u3011\u9009\u586b\u3010\u542b\u4e49\u3011\u8bf7\u6c42\u7684URL\u8def\u5f84\u3002\u3010\u542b\u4e49\u3011\u591a\u547d\u4ee4\u65f6\uff0c\u8fd0\u884c\u547d\u4ee4\u5efa\u8bae\u7528/bin/sh\u6216\u5176\u4ed6\u7684shell\uff0c\u5176\u4ed6\u5168\u90e8\u547d\u4ee4\u4f5c\u4e3a\u53c2\u6570\u6765\u4f20\u5165\u3002 /run/server \u7aef\u53e3 \u3010\u7c7b\u578b\u3011\u5fc5\u586b\u3010\u542b\u4e49\u3011\u8bf7\u6c42\u7684\u7aef\u53e3\u3002 port=8080 \u8282\u70b9\u5730\u5740 \u3010\u7c7b\u578b\u3011\u9009\u586b\u3010\u542b\u4e49\u3011\u8bf7\u6c42\u7684 IP \u5730\u5740\uff0c\u9ed8\u8ba4\u662f\u5bb9\u5668\u6240\u5728\u7684\u8282\u70b9 IP\u3002"},{"location":"end-user/kpanda/workloads/pod-config/scheduling-policy.html","title":"\u8c03\u5ea6\u7b56\u7565","text":"\u5728 Kubernetes \u96c6\u7fa4\u4e2d\uff0c\u8282\u70b9\u4e5f\u6709\u6807\u7b7e\u3002\u60a8\u53ef\u4ee5\u624b\u52a8\u6dfb\u52a0\u6807\u7b7e\u3002 Kubernetes \u4e5f\u4f1a\u4e3a\u96c6\u7fa4\u4e2d\u6240\u6709\u8282\u70b9\u6dfb\u52a0\u4e00\u4e9b\u6807\u51c6\u7684\u6807\u7b7e\u3002\u53c2\u89c1\u5e38\u7528\u7684\u6807\u7b7e\u3001\u6ce8\u89e3\u548c\u6c61\u70b9\u4ee5\u4e86\u89e3\u5e38\u89c1\u7684\u8282\u70b9\u6807\u7b7e\u3002\u901a\u8fc7\u4e3a\u8282\u70b9\u6dfb\u52a0\u6807\u7b7e\uff0c\u60a8\u53ef\u4ee5\u8ba9 Pod \u8c03\u5ea6\u5230\u7279\u5b9a\u8282\u70b9\u6216\u8282\u70b9\u7ec4\u4e0a\u3002\u60a8\u53ef\u4ee5\u4f7f\u7528\u8fd9\u4e2a\u529f\u80fd\u6765\u786e\u4fdd\u7279\u5b9a\u7684 Pod \u53ea\u80fd\u8fd0\u884c\u5728\u5177\u6709\u4e00\u5b9a\u9694\u79bb\u6027\uff0c\u5b89\u5168\u6027\u6216\u76d1\u7ba1\u5c5e\u6027\u7684\u8282\u70b9\u4e0a\u3002
nodeSelector \u662f\u8282\u70b9\u9009\u62e9\u7ea6\u675f\u7684\u6700\u7b80\u5355\u63a8\u8350\u5f62\u5f0f\u3002\u60a8\u53ef\u4ee5\u5c06 nodeSelector \u5b57\u6bb5\u6dfb\u52a0\u5230 Pod \u7684\u89c4\u7ea6\u4e2d\u8bbe\u7f6e\u60a8\u5e0c\u671b\u76ee\u6807\u8282\u70b9\u6240\u5177\u6709\u7684\u8282\u70b9\u6807\u7b7e\u3002Kubernetes \u53ea\u4f1a\u5c06 Pod \u8c03\u5ea6\u5230\u62e5\u6709\u6307\u5b9a\u6bcf\u4e2a\u6807\u7b7e\u7684\u8282\u70b9\u4e0a\u3002 nodeSelector \u63d0\u4f9b\u4e86\u4e00\u79cd\u6700\u7b80\u5355\u7684\u65b9\u6cd5\u6765\u5c06 Pod \u7ea6\u675f\u5230\u5177\u6709\u7279\u5b9a\u6807\u7b7e\u7684\u8282\u70b9\u4e0a\u3002\u4eb2\u548c\u6027\u548c\u53cd\u4eb2\u548c\u6027\u6269\u5c55\u4e86\u60a8\u53ef\u4ee5\u5b9a\u4e49\u7684\u7ea6\u675f\u7c7b\u578b\u3002\u4f7f\u7528\u4eb2\u548c\u6027\u4e0e\u53cd\u4eb2\u548c\u6027\u7684\u4e00\u4e9b\u597d\u5904\u6709\uff1a
\u4eb2\u548c\u6027\u3001\u53cd\u4eb2\u548c\u6027\u8bed\u8a00\u7684\u8868\u8fbe\u80fd\u529b\u66f4\u5f3a\u3002 nodeSelector \u53ea\u80fd\u9009\u62e9\u62e5\u6709\u6240\u6709\u6307\u5b9a\u6807\u7b7e\u7684\u8282\u70b9\u3002\u4eb2\u548c\u6027\u3001\u53cd\u4eb2\u548c\u6027\u4e3a\u60a8\u63d0\u4f9b\u5bf9\u9009\u62e9\u903b\u8f91\u7684\u66f4\u5f3a\u63a7\u5236\u80fd\u529b\u3002
\u60a8\u53ef\u4ee5\u6807\u660e\u67d0\u89c4\u5219\u662f\u201c\u8f6f\u9700\u6c42\u201d\u6216\u8005\u201c\u504f\u597d\u201d\uff0c\u8fd9\u6837\u8c03\u5ea6\u5668\u5728\u65e0\u6cd5\u627e\u5230\u5339\u914d\u8282\u70b9\u65f6\uff0c\u4f1a\u5ffd\u7565\u4eb2\u548c\u6027/\u53cd\u4eb2\u548c\u6027\u89c4\u5219\uff0c\u786e\u4fdd Pod \u8c03\u5ea6\u6210\u529f\u3002
\u60a8\u53ef\u4ee5\u4f7f\u7528\u8282\u70b9\u4e0a\uff08\u6216\u5176\u4ed6\u62d3\u6251\u57df\u4e2d\uff09\u8fd0\u884c\u7684\u5176\u4ed6 Pod \u7684\u6807\u7b7e\u6765\u5b9e\u65bd\u8c03\u5ea6\u7ea6\u675f\uff0c\u800c\u4e0d\u662f\u53ea\u80fd\u4f7f\u7528\u8282\u70b9\u672c\u8eab\u7684\u6807\u7b7e\u3002\u8fd9\u4e2a\u80fd\u529b\u8ba9\u60a8\u80fd\u591f\u5b9a\u4e49\u89c4\u5219\u5141\u8bb8\u54ea\u4e9b Pod \u53ef\u4ee5\u88ab\u653e\u7f6e\u5728\u4e00\u8d77\u3002
\u60a8\u53ef\u4ee5\u901a\u8fc7\u8bbe\u7f6e\u4eb2\u548c\uff08affinity\uff09\u4e0e\u53cd\u4eb2\u548c\uff08anti-affinity\uff09\u6765\u9009\u62e9 Pod \u8981\u90e8\u7f72\u7684\u8282\u70b9\u3002
"},{"location":"end-user/kpanda/workloads/pod-config/scheduling-policy.html#_2","title":"\u5bb9\u5fcd\u65f6\u95f4","text":"\u5f53\u5de5\u4f5c\u8d1f\u8f7d\u5b9e\u4f8b\u6240\u5728\u7684\u8282\u70b9\u4e0d\u53ef\u7528\u65f6\uff0c\u7cfb\u7edf\u5c06\u5b9e\u4f8b\u91cd\u65b0\u8c03\u5ea6\u5230\u5176\u5b83\u53ef\u7528\u8282\u70b9\u7684\u65f6\u95f4\u7a97\u3002\u9ed8\u8ba4\u4e3a 300 \u79d2\u3002
"},{"location":"end-user/kpanda/workloads/pod-config/scheduling-policy.html#nodeaffinity","title":"\u8282\u70b9\u4eb2\u548c\u6027\uff08nodeAffinity\uff09","text":"\u8282\u70b9\u4eb2\u548c\u6027\u6982\u5ff5\u4e0a\u7c7b\u4f3c\u4e8e nodeSelector \uff0c \u5b83\u4f7f\u60a8\u53ef\u4ee5\u6839\u636e\u8282\u70b9\u4e0a\u7684\u6807\u7b7e\u6765\u7ea6\u675f Pod \u53ef\u4ee5\u8c03\u5ea6\u5230\u54ea\u4e9b\u8282\u70b9\u4e0a\u3002 \u8282\u70b9\u4eb2\u548c\u6027\u6709\u4e24\u79cd\uff1a
\u5fc5\u987b\u6ee1\u8db3\uff1a\uff08 requiredDuringSchedulingIgnoredDuringExecution \uff09 \u8c03\u5ea6\u5668\u53ea\u6709\u5728\u89c4\u5219\u88ab\u6ee1\u8db3\u7684\u65f6\u5019\u624d\u80fd\u6267\u884c\u8c03\u5ea6\u3002\u6b64\u529f\u80fd\u7c7b\u4f3c\u4e8e nodeSelector \uff0c \u4f46\u5176\u8bed\u6cd5\u8868\u8fbe\u80fd\u529b\u66f4\u5f3a\u3002\u60a8\u53ef\u4ee5\u5b9a\u4e49\u591a\u6761\u786c\u7ea6\u675f\u89c4\u5219\uff0c\u4f46\u53ea\u9700\u6ee1\u8db3\u5176\u4e2d\u4e00\u6761\u3002
\u5c3d\u91cf\u6ee1\u8db3\uff1a\uff08 preferredDuringSchedulingIgnoredDuringExecution \uff09 \u8c03\u5ea6\u5668\u4f1a\u5c1d\u8bd5\u5bfb\u627e\u6ee1\u8db3\u5bf9\u5e94\u89c4\u5219\u7684\u8282\u70b9\u3002\u5982\u679c\u627e\u4e0d\u5230\u5339\u914d\u7684\u8282\u70b9\uff0c\u8c03\u5ea6\u5668\u4ecd\u7136\u4f1a\u8c03\u5ea6\u8be5 Pod\u3002\u60a8\u8fd8\u53ef\u4e3a\u8f6f\u7ea6\u675f\u89c4\u5219\u8bbe\u5b9a\u6743\u91cd\uff0c\u5177\u4f53\u8c03\u5ea6\u65f6\uff0c\u82e5\u5b58\u5728\u591a\u4e2a\u7b26\u5408\u6761\u4ef6\u7684\u8282\u70b9\uff0c\u6743\u91cd\u6700\u5927\u7684\u8282\u70b9\u4f1a\u88ab\u4f18\u5148\u8c03\u5ea6\u3002\u540c\u65f6\u60a8\u8fd8\u53ef\u4ee5\u5b9a\u4e49\u591a\u6761\u786c\u7ea6\u675f\u89c4\u5219\uff0c\u4f46\u53ea\u9700\u6ee1\u8db3\u5176\u4e2d\u4e00\u6761\u3002
\u5bf9\u5e94\u8282\u70b9\u7684\u6807\u7b7e\uff0c\u53ef\u4ee5\u4f7f\u7528\u9ed8\u8ba4\u7684\u6807\u7b7e\u4e5f\u53ef\u4ee5\u7528\u6237\u81ea\u5b9a\u4e49\u6807\u7b7e\u3002
"},{"location":"end-user/kpanda/workloads/pod-config/scheduling-policy.html#_4","title":"\u64cd\u4f5c\u7b26","text":"\u4ec5\u652f\u6301\u5728\u201c\u5c3d\u91cf\u6ee1\u8db3\u201d\u7b56\u7565\u4e2d\u6dfb\u52a0\uff0c\u53ef\u4ee5\u7406\u89e3\u4e3a\u8c03\u5ea6\u7684\u4f18\u5148\u7ea7\uff0c\u6743\u91cd\u5927\u7684\u4f1a\u88ab\u4f18\u5148\u8c03\u5ea6\u3002\u53d6\u503c\u8303\u56f4\u662f 1 \u5230 100\u3002
"},{"location":"end-user/kpanda/workloads/pod-config/scheduling-policy.html#_6","title":"\u5de5\u4f5c\u8d1f\u8f7d\u4eb2\u548c\u6027","text":"\u4e0e\u8282\u70b9\u4eb2\u548c\u6027\u7c7b\u4f3c\uff0c\u5de5\u4f5c\u8d1f\u8f7d\u7684\u4eb2\u548c\u6027\u4e5f\u6709\u4e24\u79cd\u7c7b\u578b\uff1a
\u5de5\u4f5c\u8d1f\u8f7d\u7684\u4eb2\u548c\u6027\u4e3b\u8981\u7528\u6765\u51b3\u5b9a\u5de5\u4f5c\u8d1f\u8f7d\u7684 Pod \u53ef\u4ee5\u548c\u54ea\u4e9b Pod\u90e8 \u7f72\u5728\u540c\u4e00\u62d3\u6251\u57df\u3002\u4f8b\u5982\uff0c\u5bf9\u4e8e\u76f8\u4e92\u901a\u4fe1\u7684\u670d\u52a1\uff0c\u53ef\u901a\u8fc7\u5e94\u7528\u4eb2\u548c\u6027\u8c03\u5ea6\uff0c\u5c06\u5176\u90e8\u7f72\u5230\u540c\u4e00\u62d3\u6251\u57df\uff08\u5982\u540c\u4e00\u53ef\u7528\u533a\uff09\u4e2d\uff0c\u51cf\u5c11\u5b83\u4eec\u4e4b\u95f4\u7684\u7f51\u7edc\u5ef6\u8fdf\u3002
"},{"location":"end-user/kpanda/workloads/pod-config/scheduling-policy.html#_7","title":"\u6807\u7b7e\u540d","text":"\u5bf9\u5e94\u8282\u70b9\u7684\u6807\u7b7e\uff0c\u53ef\u4ee5\u4f7f\u7528\u9ed8\u8ba4\u7684\u6807\u7b7e\u4e5f\u53ef\u4ee5\u7528\u6237\u81ea\u5b9a\u4e49\u6807\u7b7e\u3002
"},{"location":"end-user/kpanda/workloads/pod-config/scheduling-policy.html#_8","title":"\u547d\u540d\u7a7a\u95f4","text":"\u6307\u5b9a\u8c03\u5ea6\u7b56\u7565\u751f\u6548\u7684\u547d\u540d\u7a7a\u95f4\u3002
"},{"location":"end-user/kpanda/workloads/pod-config/scheduling-policy.html#_9","title":"\u64cd\u4f5c\u7b26","text":"\u6307\u5b9a\u8c03\u5ea6\u65f6\u7684\u5f71\u54cd\u8303\u56f4\u3002\u4f8b\u5982\uff0c\u5982\u679c\u6307\u5b9a\u4e3a kubernetes.io/Clustername \u8868\u793a\u4ee5 Node \u8282\u70b9\u4e3a\u533a\u5206\u8303\u56f4\u3002
"},{"location":"end-user/kpanda/workloads/pod-config/scheduling-policy.html#_11","title":"\u5de5\u4f5c\u8d1f\u8f7d\u53cd\u4eb2\u548c\u6027","text":"\u4e0e\u8282\u70b9\u4eb2\u548c\u6027\u7c7b\u4f3c\uff0c\u5de5\u4f5c\u8d1f\u8f7d\u7684\u53cd\u4eb2\u548c\u6027\u4e5f\u6709\u4e24\u79cd\u7c7b\u578b\uff1a
\u5de5\u4f5c\u8d1f\u8f7d\u7684\u53cd\u4eb2\u548c\u6027\u4e3b\u8981\u7528\u6765\u51b3\u5b9a\u5de5\u4f5c\u8d1f\u8f7d\u7684 Pod \u4e0d\u53ef\u4ee5\u548c\u54ea\u4e9b Pod \u90e8\u7f72\u5728\u540c\u4e00\u62d3\u6251\u57df\u3002\u4f8b\u5982\uff0c\u5c06\u4e00\u4e2a\u8d1f\u8f7d\u7684\u76f8\u540c Pod \u5206\u6563\u90e8\u7f72\u5230\u4e0d\u540c\u7684\u62d3\u6251\u57df\uff08\u4f8b\u5982\u4e0d\u540c\u4e3b\u673a\uff09\u4e2d\uff0c\u63d0\u9ad8\u8d1f\u8f7d\u672c\u8eab\u7684\u7a33\u5b9a\u6027\u3002
"},{"location":"end-user/kpanda/workloads/pod-config/scheduling-policy.html#_12","title":"\u6807\u7b7e\u540d","text":"\u5bf9\u5e94\u8282\u70b9\u7684\u6807\u7b7e\uff0c\u53ef\u4ee5\u4f7f\u7528\u9ed8\u8ba4\u7684\u6807\u7b7e\u4e5f\u53ef\u4ee5\u7528\u6237\u81ea\u5b9a\u4e49\u6807\u7b7e\u3002
"},{"location":"end-user/kpanda/workloads/pod-config/scheduling-policy.html#_13","title":"\u547d\u540d\u7a7a\u95f4","text":"\u6307\u5b9a\u8c03\u5ea6\u7b56\u7565\u751f\u6548\u7684\u547d\u540d\u7a7a\u95f4\u3002
"},{"location":"end-user/kpanda/workloads/pod-config/scheduling-policy.html#_14","title":"\u64cd\u4f5c\u7b26","text":"\u6307\u5b9a\u8c03\u5ea6\u65f6\u7684\u5f71\u54cd\u8303\u56f4\u3002\u4f8b\u5982\uff0c\u5982\u679c\u6307\u5b9a\u4e3a kubernetes.io/Clustername \u8868\u793a\u4ee5 Node \u8282\u70b9\u4e3a\u533a\u5206\u8303\u56f4\u3002
"},{"location":"end-user/kpanda/workloads/pod-config/workload-status.html","title":"\u5de5\u4f5c\u8d1f\u8f7d\u72b6\u6001","text":"\u5de5\u4f5c\u8d1f\u8f7d\u662f\u8fd0\u884c\u5728 Kubernetes \u4e0a\u7684\u4e00\u4e2a\u5e94\u7528\u7a0b\u5e8f\uff0c\u5728 Kubernetes \u4e2d\uff0c\u65e0\u8bba\u60a8\u7684\u5e94\u7528\u7a0b\u5e8f\u662f\u7531\u5355\u4e2a\u540c\u4e00\u7ec4\u4ef6\u6216\u662f\u7531\u591a\u4e2a\u4e0d\u540c\u7684\u7ec4\u4ef6\u6784\u6210\uff0c\u90fd\u53ef\u4ee5\u4f7f\u7528\u4e00\u7ec4 Pod \u6765\u8fd0\u884c\u5b83\u3002Kubernetes \u63d0\u4f9b\u4e86\u4e94\u79cd\u5185\u7f6e\u7684\u5de5\u4f5c\u8d1f\u8f7d\u8d44\u6e90\u6765\u7ba1\u7406 Pod\uff1a
\u60a8\u4e5f\u53ef\u4ee5\u901a\u8fc7\u8bbe\u7f6e\u81ea\u5b9a\u4e49\u8d44\u6e90 CRD \u6765\u5b9e\u73b0\u5bf9\u5de5\u4f5c\u8d1f\u8f7d\u8d44\u6e90\u7684\u6269\u5c55\u3002\u5728\u7b2c\u4e94\u4ee3\u5bb9\u5668\u7ba1\u7406\u4e2d\uff0c\u652f\u6301\u5bf9\u5de5\u4f5c\u8d1f\u8f7d\u8fdb\u884c\u521b\u5efa\u3001\u66f4\u65b0\u3001\u6269\u5bb9\u3001\u76d1\u63a7\u3001\u65e5\u5fd7\u3001\u5220\u9664\u3001\u7248\u672c\u7ba1\u7406\u7b49\u5168\u751f\u547d\u5468\u671f\u7ba1\u7406\u3002
"},{"location":"end-user/kpanda/workloads/pod-config/workload-status.html#pod","title":"Pod \u72b6\u6001","text":"Pod \u662f Kuberneters \u4e2d\u521b\u5efa\u548c\u7ba1\u7406\u7684\u3001\u6700\u5c0f\u7684\u8ba1\u7b97\u5355\u5143\uff0c\u5373\u4e00\u7ec4\u5bb9\u5668\u7684\u96c6\u5408\u3002\u8fd9\u4e9b\u5bb9\u5668\u5171\u4eab\u5b58\u50a8\u3001\u7f51\u7edc\u4ee5\u53ca\u7ba1\u7406\u63a7\u5236\u5bb9\u5668\u8fd0\u884c\u65b9\u5f0f\u7684\u7b56\u7565\u3002 Pod \u901a\u5e38\u4e0d\u7531\u7528\u6237\u76f4\u63a5\u521b\u5efa\uff0c\u800c\u662f\u901a\u8fc7\u5de5\u4f5c\u8d1f\u8f7d\u8d44\u6e90\u6765\u521b\u5efa\u3002 Pod \u9075\u5faa\u4e00\u4e2a\u9884\u5b9a\u4e49\u7684\u751f\u547d\u5468\u671f\uff0c\u8d77\u59cb\u4e8e Pending \u9636\u6bb5\uff0c\u5982\u679c\u81f3\u5c11\u5176\u4e2d\u6709\u4e00\u4e2a\u4e3b\u8981\u5bb9\u5668\u6b63\u5e38\u542f\u52a8\uff0c\u5219\u8fdb\u5165 Running \uff0c\u4e4b\u540e\u53d6\u51b3\u4e8e Pod \u4e2d\u662f\u5426\u6709\u5bb9\u5668\u4ee5\u5931\u8d25\u72b6\u6001\u7ed3\u675f\u800c\u8fdb\u5165 Succeeded \u6216\u8005 Failed \u9636\u6bb5\u3002
"},{"location":"end-user/kpanda/workloads/pod-config/workload-status.html#_2","title":"\u5de5\u4f5c\u8d1f\u8f7d\u72b6\u6001","text":"\u7b2c\u4e94\u4ee3\u5bb9\u5668\u7ba1\u7406\u6a21\u5757\u4f9d\u636e Pod \u7684\u72b6\u6001\u3001\u526f\u672c\u6570\u7b49\u56e0\u7d20\uff0c\u8bbe\u8ba1\u4e86\u4e00\u79cd\u5185\u7f6e\u7684\u5de5\u4f5c\u8d1f\u8f7d\u751f\u547d\u5468\u671f\u7684\u72b6\u6001\u96c6\uff0c\u4ee5\u8ba9\u7528\u6237\u80fd\u591f\u66f4\u52a0\u771f\u5b9e\u7684\u611f\u77e5\u5de5\u4f5c\u8d1f\u8f7d\u8fd0\u884c\u60c5\u51b5\u3002 \u7531\u4e8e\u4e0d\u540c\u7684\u5de5\u4f5c\u8d1f\u8f7d\u7c7b\u578b\uff08\u6bd4\u5982\u65e0\u72b6\u6001\u5de5\u4f5c\u8d1f\u8f7d\u548c\u4efb\u52a1\uff09\u5bf9 Pod \u7684\u7ba1\u7406\u673a\u5236\u4e0d\u4e00\u81f4\uff0c\u56e0\u6b64\uff0c\u4e0d\u540c\u7684\u5de5\u4f5c\u8d1f\u8f7d\u5728\u8fd0\u884c\u8fc7\u7a0b\u4e2d\u4f1a\u5448\u73b0\u4e0d\u540c\u7684\u751f\u547d\u5468\u671f\u72b6\u6001\uff0c\u5177\u4f53\u5982\u4e0b\u8868\uff1a
"},{"location":"end-user/kpanda/workloads/pod-config/workload-status.html#_3","title":"\u65e0\u72b6\u6001\u8d1f\u8f7d\u3001\u6709\u72b6\u6001\u8d1f\u8f7d\u3001\u5b88\u62a4\u8fdb\u7a0b\u72b6\u6001","text":"\u72b6\u6001 \u63cf\u8ff0 \u7b49\u5f85\u4e2d 1. \u5de5\u4f5c\u8d1f\u8f7d\u521b\u5efa\u6b63\u5728\u8fdb\u884c\u4e2d\uff0c\u5de5\u4f5c\u8d1f\u8f7d\u5904\u4e8e\u6b64\u72b6\u6001\u30022. \u89e6\u53d1\u5347\u7ea7\u6216\u8005\u56de\u6eda\u52a8\u4f5c\u540e\uff0c\u5de5\u4f5c\u8d1f\u8f7d\u5904\u4e8e\u6b64\u72b6\u6001\u30023. \u89e6\u53d1\u6682\u505c/\u6269\u7f29\u5bb9\u7b49\u64cd\u4f5c\uff0c\u5de5\u4f5c\u8d1f\u8f7d\u5904\u5728\u6b64\u72b6\u6001\u3002 \u8fd0\u884c\u4e2d \u8d1f\u8f7d\u4e0b\u7684\u6240\u6709\u5b9e\u4f8b\u90fd\u5728\u8fd0\u884c\u4e2d\u4e14\u526f\u672c\u6570\u4e0e\u7528\u6237\u9884\u5b9a\u4e49\u7684\u6570\u91cf\u4e00\u81f4\u65f6\u5904\u4e8e\u6b64\u72b6\u6001\u3002 \u5220\u9664\u4e2d \u6267\u884c\u5220\u9664\u64cd\u4f5c\u65f6\uff0c\u8d1f\u8f7d\u5904\u4e8e\u6b64\u72b6\u6001\uff0c\u76f4\u5230\u5220\u9664\u5b8c\u6210\u3002 \u5f02\u5e38 \u56e0\u4e3a\u67d0\u4e9b\u539f\u56e0\u65e0\u6cd5\u53d6\u5f97\u5de5\u4f5c\u8d1f\u8f7d\u7684\u72b6\u6001\u3002\u8fd9\u79cd\u60c5\u51b5\u901a\u5e38\u662f\u56e0\u4e3a\u4e0e Pod \u6240\u5728\u4e3b\u673a\u901a\u4fe1\u5931\u8d25\u3002 \u672a\u5c31\u7eea \u5bb9\u5668\u5904\u4e8e\u5f02\u5e38\uff0cpending \u72b6\u6001\u65f6\uff0c\u56e0\u672a\u77e5\u9519\u8bef\u5bfc\u81f4\u8d1f\u8f7d\u65e0\u6cd5\u542f\u52a8\u65f6\u663e\u793a\u6b64\u72b6\u6001"},{"location":"end-user/kpanda/workloads/pod-config/workload-status.html#_4","title":"\u4efb\u52a1\u72b6\u6001","text":"\u72b6\u6001 \u63cf\u8ff0 \u7b49\u5f85\u4e2d \u4efb\u52a1\u521b\u5efa\u6b63\u5728\u8fdb\u884c\u4e2d\uff0c\u5de5\u4f5c\u8d1f\u8f7d\u5904\u4e8e\u6b64\u72b6\u6001\u3002 \u6267\u884c\u4e2d \u4efb\u52a1\u6b63\u5728\u6267\u884c\u4e2d\uff0c\u5de5\u4f5c\u8d1f\u8f7d\u5904\u4e8e\u6b64\u72b6\u6001\u3002 \u6267\u884c\u5b8c\u6210 \u4efb\u52a1\u6267\u884c\u5b8c\u6210\uff0c\u5de5\u4f5c\u8d1f\u8f7d\u5904\u4e8e\u6b64\u72b6\u6001\u3002 \u5220\u9664\u4e2d \u89e6\u53d1\u5220\u9664\u64cd\u4f5c\uff0c\u5de5\u4f5c\u8d1f\u8f7d\u5904\u5728\u6b64\u72b6\u6001\u3002 \u5f02\u5e38 \u56e0\u4e3a\u67d0\u4e9b\u539f\u56e0\u65e0\u6cd5\u53d6\u5f97 Pod \u7684\u72b6\u6001\u3002\u8fd9\u79cd\u60c5\u51b5\u901a\u5e38\u662f\u56e0\u4e3a\u4e0e Pod \u6240\u5728\u4e3b\u673a\u901a\u4fe1\u5931\u8d25\u3002"},{"location":"end-user/kpanda/workloads/pod-config/workload-status.html#_5","title":"\u5b9a\u65f6\u4efb\u52a1\u72b6\u6001","text":"\u72b6\u6001 \u63cf\u8ff0 \u7b49\u5f85\u4e2d \u5b9a\u65f6\u4efb\u52a1\u521b\u5efa\u6b63\u5728\u8fdb\u884c\u4e2d\uff0c\u5b9a\u65f6\u4efb\u52a1\u5904\u4e8e\u6b64\u72b6\u6001\u3002 \u5df2\u542f\u52a8 \u521b\u5efa\u5b9a\u65f6\u4efb\u52a1\u6210\u529f\u540e\uff0c\u6b63\u5e38\u8fd0\u884c\u6216\u5c06\u5df2\u6682\u505c\u7684\u4efb\u52a1\u542f\u52a8\u65f6\u5b9a\u65f6\u4efb\u52a1\u5904\u4e8e\u6b64\u72b6\u6001\u3002 \u5df2\u505c\u6b62 \u6267\u884c\u505c\u6b62\u4efb\u52a1\u64cd\u4f5c\u65f6\uff0c\u5b9a\u65f6\u4efb\u52a1\u5904\u4e8e\u6b64\u72b6\u6001\u3002 \u5220\u9664\u4e2d \u89e6\u53d1\u5220\u9664\u64cd\u4f5c\uff0c\u5b9a\u65f6\u4efb\u52a1\u5904\u5728\u6b64\u72b6\u6001\u3002\u5f53\u5de5\u4f5c\u8d1f\u8f7d\u5904\u4e8e\u5f02\u5e38\u6216\u672a\u5c31\u7eea\u72b6\u6001\u65f6\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7\u5c06\u9f20\u6807\u79fb\u52a8\u5230\u8d1f\u8f7d\u7684\u72b6\u6001\u503c\u4e0a\uff0c\u7cfb\u7edf\u5c06\u901a\u8fc7\u63d0\u793a\u6846\u5c55\u793a\u66f4\u52a0\u8be6\u7ec6\u7684\u9519\u8bef\u4fe1\u606f\u3002\u60a8\u4e5f\u53ef\u4ee5\u901a\u8fc7\u67e5\u770b\u65e5\u5fd7\u6216\u4e8b\u4ef6\u6765\u83b7\u53d6\u5de5\u4f5c\u8d1f\u8f7d\u7684\u76f8\u5173\u8fd0\u884c\u4fe1\u606f\u3002
"},{"location":"end-user/register/index.html","title":"\u7528\u6237\u6ce8\u518c","text":"\u65b0\u7528\u6237\u9996\u6b21\u4f7f\u7528 AI \u7b97\u529b\u5e73\u53f0\u9700\u8981\u8fdb\u884c\u6ce8\u518c\u3002
"},{"location":"end-user/register/index.html#_2","title":"\u524d\u7f6e\u6761\u4ef6","text":"\u6253\u5f00 AI \u7b97\u529b\u5e73\u53f0\u9996\u9875 https://ai.isuanova.com/\uff0c\u70b9\u51fb \u6ce8\u518c
\u952e\u5165\u7528\u6237\u540d\u3001\u5bc6\u7801\u3001\u90ae\u7bb1\u540e\u70b9\u51fb \u6ce8\u518c
\u7cfb\u7edf\u63d0\u793a\u53d1\u9001\u4e86\u4e00\u5c01\u90ae\u4ef6\u5230\u60a8\u7684\u90ae\u7bb1\u3002
\u767b\u5f55\u81ea\u5df1\u7684\u90ae\u7bb1\uff0c\u627e\u5230\u90ae\u4ef6\uff0c\u70b9\u51fb\u94fe\u63a5\u3002
\u606d\u559c\uff0c\u60a8\u6210\u529f\u8fdb\u5165\u4e86 AI \u7b97\u529b\u5e73\u53f0\uff0c\u73b0\u5728\u53ef\u4ee5\u5f00\u59cb\u60a8\u7684 AI \u4e4b\u65c5\u4e86\u3002
Notebook \u901a\u5e38\u6307\u7684\u662f Jupyter Notebook \u6216\u7c7b\u4f3c\u7684\u4ea4\u4e92\u5f0f\u8ba1\u7b97\u73af\u5883\u3002 \u8fd9\u662f\u4e00\u79cd\u975e\u5e38\u6d41\u884c\u7684\u5de5\u5177\uff0c\u5e7f\u6cdb\u7528\u4e8e\u6570\u636e\u79d1\u5b66\u3001\u673a\u5668\u5b66\u4e60\u548c\u6df1\u5ea6\u5b66\u4e60\u7b49\u9886\u57df\u3002 \u672c\u9875\u8bf4\u660e\u5982\u4f55\u5728\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0\u4e2d\u4f7f\u7528 Notebook\u3002
"},{"location":"end-user/share/notebook.html#_1","title":"\u524d\u7f6e\u6761\u4ef6","text":"\u5bfc\u822a\u81f3 AI Lab -> \u8fd0\u7ef4\u7ba1\u7406 -> \u961f\u5217\u7ba1\u7406 \uff0c\u70b9\u51fb\u53f3\u4fa7\u7684 \u521b\u5efa \u6309\u94ae
\u952e\u5165\u540d\u79f0\uff0c\u9009\u62e9\u96c6\u7fa4\u3001\u5de5\u4f5c\u7a7a\u95f4\u548c\u914d\u989d\u540e\uff0c\u70b9\u51fb \u786e\u5b9a
\u4ee5 \u7528\u6237\u8eab\u4efd \u767b\u5f55 AI \u7b97\u529b\u5e73\u53f0\uff0c\u5bfc\u822a\u81f3 AI Lab -> Notebook \uff0c\u70b9\u51fb\u53f3\u4fa7\u7684 \u521b\u5efa \u6309\u94ae
\u914d\u7f6e\u5404\u9879\u53c2\u6570\u540e\u70b9\u51fb \u786e\u5b9a
\u57fa\u672c\u4fe1\u606f\u8d44\u6e90\u914d\u7f6e\u9ad8\u7ea7\u914d\u7f6e\u952e\u5165\u540d\u79f0\uff0c\u9009\u62e9\u96c6\u7fa4\u3001\u547d\u540d\u7a7a\u95f4\uff0c\u9009\u62e9\u521a\u521b\u5efa\u7684\u961f\u5217\uff0c\u70b9\u51fb \u4e00\u952e\u521d\u59cb\u5316
\u9009\u62e9 Notebook \u7c7b\u578b\uff0c\u914d\u7f6e\u5185\u5b58\u3001CPU\uff0c\u5f00\u542f GPU\uff0c\u521b\u5efa\u548c\u914d\u7f6e PVC\uff1a
\u5f00\u542f SSH \u5916\u7f51\u8bbf\u95ee\uff1a
\u81ea\u52a8\u8df3\u8f6c\u5230 Notebook \u5b9e\u4f8b\u5217\u8868\uff0c\u70b9\u51fb\u5b9e\u4f8b\u540d\u79f0
\u8fdb\u5165 Notebook \u5b9e\u4f8b\u8be6\u60c5\u9875\uff0c\u70b9\u51fb\u53f3\u4e0a\u89d2\u7684 \u6253\u5f00 \u6309\u94ae
\u8fdb\u5165\u4e86 Notebook \u5f00\u53d1\u73af\u5883\uff0c\u6bd4\u5982\u5728 /home/jovyan
\u76ee\u5f55\u6302\u8f7d\u4e86\u6301\u4e45\u5377\uff0c\u53ef\u4ee5\u901a\u8fc7 git \u514b\u9686\u4ee3\u7801\uff0c\u901a\u8fc7 SSH \u8fde\u63a5\u540e\u4e0a\u4f20\u6570\u636e\u7b49\u3002
\u5728\u81ea\u5df1\u7684\u7535\u8111\u4e0a\u751f\u6210 SSH \u5bc6\u94a5\u5bf9
\u5728\u81ea\u5df1\u7535\u8111\u4e0a\u6253\u5f00\u547d\u4ee4\u884c\uff0c\u6bd4\u5982\u5728 Windows \u4e0a\u6253\u5f00 git bash\uff0c\u8f93\u5165 ssh-keygen.exe -t rsa
\uff0c\u7136\u540e\u4e00\u8def\u56de\u8f66\u3002
\u901a\u8fc7 cat ~/.ssh/id_rsa.pub
\u7b49\u547d\u4ee4\u67e5\u770b\u5e76\u590d\u5236\u516c\u94a5
\u4ee5\u7528\u6237\u8eab\u4efd\u767b\u5f55 AI \u7b97\u529b\u5e73\u53f0\uff0c\u5728\u53f3\u4e0a\u89d2\u70b9\u51fb \u4e2a\u4eba\u4e2d\u5fc3 -> SSH \u516c\u94a5 -> \u5bfc\u5165 SSH \u516c\u94a5
\u8fdb\u5165 Notebook \u5b9e\u4f8b\u7684\u8be6\u60c5\u9875\uff0c\u590d\u5236 SSH \u7684\u94fe\u63a5
\u5728\u5ba2\u6237\u7aef\u4f7f\u7528 SSH \u8bbf\u95ee Notebook \u5b9e\u4f8b
\u4e0b\u4e00\u6b65\uff1a\u521b\u5efa\u8bad\u7ec3\u4efb\u52a1
"},{"location":"end-user/share/workload.html","title":"\u521b\u5efa AI \u8d1f\u8f7d\u4f7f\u7528 GPU \u8d44\u6e90","text":"\u7ba1\u7406\u5458\u4e3a\u5de5\u4f5c\u7a7a\u95f4\u5206\u914d\u8d44\u6e90\u914d\u989d\u540e\uff0c\u7528\u6237\u5c31\u53ef\u4ee5\u521b\u5efa AI \u5de5\u4f5c\u8d1f\u8f7d\u6765\u4f7f\u7528 GPU \u7b97\u529b\u8d44\u6e90\u3002
"},{"location":"end-user/share/workload.html#_1","title":"\u524d\u7f6e\u6761\u4ef6","text":"\u5bfc\u822a\u81f3 \u5bb9\u5668\u7ba1\u7406 \uff0c\u9009\u62e9\u4e00\u4e2a\u547d\u540d\u7a7a\u95f4\uff0c\u70b9\u51fb \u5de5\u4f5c\u8d1f\u8f7d -> \u65e0\u72b6\u6001\u8d1f\u8f7d \uff0c \u70b9\u51fb\u53f3\u4fa7\u7684 \u955c\u50cf\u521b\u5efa \u6309\u94ae
\u914d\u7f6e\u5404\u9879\u53c2\u6570\u540e\u70b9\u51fb \u786e\u5b9a
\u57fa\u672c\u4fe1\u606f\u5bb9\u5668\u914d\u7f6e\u5176\u4ed6\u9009\u62e9\u81ea\u5df1\u7684\u547d\u540d\u7a7a\u95f4\u3002
\u8bbe\u7f6e\u955c\u50cf\uff0c\u914d\u7f6e CPU\u3001\u5185\u5b58\u3001GPU \u7b49\u8d44\u6e90\uff0c\u8bbe\u7f6e\u542f\u52a8\u547d\u4ee4\u3002
\u670d\u52a1\u914d\u7f6e\u548c\u9ad8\u7ea7\u914d\u7f6e\u53ef\u4ee5\u4f7f\u7528\u9ed8\u8ba4\u914d\u7f6e\u3002
\u81ea\u52a8\u8fd4\u56de\u65e0\u72b6\u6001\u8d1f\u8f7d\u5217\u8868\uff0c\u70b9\u51fb\u8d1f\u8f7d\u540d\u79f0
\u8fdb\u5165\u8be6\u60c5\u9875\uff0c\u53ef\u4ee5\u770b\u5230 GPU \u914d\u989d
\u4f60\u8fd8\u53ef\u4ee5\u8fdb\u5165\u63a7\u5236\u53f0\uff0c\u8fd0\u884c mx-smi
\u547d\u4ee4\u67e5\u770b GPU \u8d44\u6e90
\u4e0b\u4e00\u6b65\uff1a\u4f7f\u7528 Notebook
"},{"location":"openapi/index.html","title":"OpenAPI \u6587\u6863","text":"\u8fd9\u662f\u9762\u5411\u5f00\u53d1\u8005\u7684\u4e00\u4e9b OpenAPI \u6587\u6863\u3002
\u8bbf\u95ee\u5bc6\u94a5\uff08Access Key\uff09\u53ef\u7528\u4e8e\u8bbf\u95ee OpenAPI \u548c\u6301\u7eed\u53d1\u5e03\uff0c\u7528\u6237\u53ef\u5728\u4e2a\u4eba\u4e2d\u5fc3\u53c2\u7167\u4ee5\u4e0b\u6b65\u9aa4\u83b7\u53d6\u5bc6\u94a5\u5e76\u8bbf\u95ee API\u3002
\u767b\u5f55 AI \u7b97\u529b\u5e73\u53f0\uff0c\u5728\u53f3\u4e0a\u89d2\u7684\u4e0b\u62c9\u83dc\u5355\u4e2d\u627e\u5230 \u4e2a\u4eba\u4e2d\u5fc3 \uff0c\u53ef\u4ee5\u5728 \u8bbf\u95ee\u5bc6\u94a5 \u9875\u9762\u7ba1\u7406\u8d26\u53f7\u7684\u8bbf\u95ee\u5bc6\u94a5\u3002
Info
\u8bbf\u95ee\u5bc6\u94a5\u4fe1\u606f\u4ec5\u663e\u793a\u4e00\u6b21\u3002\u5982\u679c\u60a8\u5fd8\u8bb0\u4e86\u8bbf\u95ee\u5bc6\u94a5\u4fe1\u606f\uff0c\u60a8\u9700\u8981\u91cd\u65b0\u521b\u5efa\u65b0\u7684\u8bbf\u95ee\u5bc6\u94a5\u3002
"},{"location":"openapi/index.html#api","title":"\u4f7f\u7528\u5bc6\u94a5\u8bbf\u95ee API","text":"\u5728\u8bbf\u95ee\u7b97\u4e30 AI \u7b97\u529b\u5e73\u53f0openAPI \u65f6\uff0c\u5728\u8bf7\u6c42\u4e2d\u52a0\u4e0a\u8bf7\u6c42\u5934 Authorization:Bearer ${token}
\u4ee5\u6807\u8bc6\u8bbf\u95ee\u8005\u7684\u8eab\u4efd\uff0c \u5176\u4e2d ${token}
\u662f\u4e0a\u4e00\u6b65\u4e2d\u83b7\u53d6\u5230\u7684\u5bc6\u94a5\u3002
\u8bf7\u6c42\u793a\u4f8b
curl -X GET -H 'Authorization:Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IkRKVjlBTHRBLXZ4MmtQUC1TQnVGS0dCSWc1cnBfdkxiQVVqM2U3RVByWnMiLCJ0eXAiOiJKV1QifQ.eyJleHAiOjE2NjE0MTU5NjksImlhdCI6MTY2MDgxMTE2OSwiaXNzIjoiZ2hpcHBvLmlvIiwic3ViIjoiZjdjOGIxZjUtMTc2MS00NjYwLTg2MWQtOWI3MmI0MzJmNGViIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiYWRtaW4iLCJncm91cHMiOltdfQ.RsUcrAYkQQ7C6BxMOrdD3qbBRUt0VVxynIGeq4wyIgye6R8Ma4cjxG5CbU1WyiHKpvIKJDJbeFQHro2euQyVde3ygA672ozkwLTnx3Tu-_mB1BubvWCBsDdUjIhCQfT39rk6EQozMjb-1X1sbLwzkfzKMls-oxkjagI_RFrYlTVPwT3Oaw-qOyulRSw7Dxd7jb0vINPq84vmlQIsI3UuTZSNO5BCgHpubcWwBss-Aon_DmYA-Et_-QtmPBA3k8E2hzDSzc7eqK0I68P25r9rwQ3DeKwD1dbRyndqWORRnz8TLEXSiCFXdZT2oiMrcJtO188Ph4eLGut1-4PzKhwgrQ' https://demo-dev.daocloud.io/apis/ghippo.io/v1alpha1/users?page=1&pageSize=10 -k\n
\u8bf7\u6c42\u7ed3\u679c
{\n \"items\": [\n {\n \"id\": \"a7cfd010-ebbe-4601-987f-d098d9ef766e\",\n \"name\": \"a\",\n \"email\": \"\",\n \"description\": \"\",\n \"firstname\": \"\",\n \"lastname\": \"\",\n \"source\": \"locale\",\n \"enabled\": true,\n \"createdAt\": \"1660632794800\",\n \"updatedAt\": \"0\",\n \"lastLoginAt\": \"\"\n }\n ],\n \"pagination\": {\n \"page\": 1,\n \"pageSize\": 10,\n \"total\": 1\n }\n}\n
"},{"location":"openapi/baize/index.html","title":"AI Lab OpenAPI \u6587\u6863","text":""},{"location":"openapi/ghippo/index.html","title":"\u5168\u5c40\u7ba1\u7406 OpenAPI \u6587\u6863","text":""},{"location":"openapi/insight/index.html","title":"\u53ef\u89c2\u6d4b\u6027 OpenAPI \u6587\u6863","text":""},{"location":"openapi/kpanda/index.html","title":"\u5bb9\u5668\u7ba1\u7406 OpenAPI \u6587\u6863","text":""},{"location":"openapi/virtnest/index.html","title":"\u4e91\u4e3b\u673a OpenAPI \u6587\u6863","text":""},{"location":"stylesheets/tags.html","title":"Tags","text":"Following is a list of relevant tags:
[TAGS]
"},{"location":"en/index.html","title":"Suanova Website for AI Platform","text":"This is the website for the Suanova AI Platform.
This is the operation and maintenance documentation for the Suanova AI Platform aimed at administrators.
Cloud Host
A cloud host is a virtual machine deployed in the cloud.
Container Management
Manage K8s clusters, nodes, applications, resources, and permissions.
AI Lab
Manage AI resources and queues.
Insight
Understand Insight resources, configuration, and troubleshooting.
Global Management
Control access permissions for users, user groups, workspaces, resources, etc.
AI Lab provides a job scheduler to help you better manage jobs. In addition to the basic scheduler, it also supports custom schedulers.
"},{"location":"en/admin/baize/best-practice/add-scheduler.html#introduction-to-job-scheduler","title":"Introduction to Job Scheduler","text":"In Kubernetes, the job scheduler is responsible for deciding which node to assign a Pod to. It considers various factors such as resource requirements, hardware/software constraints, affinity/anti-affinity rules, and data locality.
The default scheduler is a core component in a Kubernetes cluster that decides which node a Pod should run on. Let's delve into its working principles, features, and configuration methods.
"},{"location":"en/admin/baize/best-practice/add-scheduler.html#scheduler-workflow","title":"Scheduler Workflow","text":"The workflow of the default scheduler can be divided into two main phases: filtering and scoring.
"},{"location":"en/admin/baize/best-practice/add-scheduler.html#filtering-phase","title":"Filtering Phase","text":"The scheduler traverses all nodes and excludes those that do not meet the Pod's requirements, considering factors such as:
These parameters can be set through advanced configurations when creating a job.
"},{"location":"en/admin/baize/best-practice/add-scheduler.html#scoring-phase","title":"Scoring Phase","text":"The scheduler scores the nodes that passed the filtering phase and selects the highest-scoring node to run the Pod. Factors considered include:
In addition to basic job scheduling capabilities, we also support the use of Scheduler Plugins: Kubernetes SIG Scheduling
, which maintains a set of scheduler plugins including Coscheduling (Gang Scheduling)
and other features.
To deploy a secondary scheduler plugin in a worker cluster, refer to Deploying Secondary Scheduler Plugin.
"},{"location":"en/admin/baize/best-practice/add-scheduler.html#enable-scheduler-plugins-in-ai-lab","title":"Enable Scheduler Plugins in AI Lab","text":"Danger
Improper operations when adding scheduler plugins may affect the stability of the entire cluster. It is recommended to test in a test environment or contact our technical support team.
Note that if you wish to use more scheduler plugins in training jobs, you need to manually install them successfully in the worker cluster first. Then, when deploying the baize-agent
in the cluster, add the proper scheduler plugin configuration.
Through the container management UI provided by Helm Apps , you can easily deploy scheduler plugins in the cluster.
Then, click Install in the top right corner. (If the baize-agent
has already been deployed, you can update it in the Helm App list.) Add the scheduler.
Note the parameter hierarchy of the scheduler. After adding, click OK .
Note: Do not omit this configuration when updating the baize-agent
in the future.
Once you have successfully deployed the proper scheduler plugin in the cluster and correctly added the proper scheduler configuration in the baize-agent
, you can specify the scheduler when creating a job.
If everything is set up correctly, you will see the scheduler plugin you deployed in the scheduler dropdown menu.
This concludes the instructions for configuring and using the scheduler options in AI Lab.
"},{"location":"en/admin/baize/best-practice/change-notebook-image.html","title":"Update Built-in Notebook Images","text":"In the Notebook, multiple available base images are provided by default for developers to choose from. In most cases, this will meet the developers' needs.
This AI platform provides a default Notebook image that contains all necessary development tools and resources.
baize/baize-notebook\n
This Notebook includes basic development tools. Taking baize-notebook:v0.5.0
(May 30, 2024) as an example, the relevant dependencies and versions are as follows:
Note
With each version iteration, AI platform will proactively maintain and update.
However, sometimes users may need custom images. This page explains how to update images and add them to the Notebook creation interface for selection.
"},{"location":"en/admin/baize/best-practice/change-notebook-image.html#build-custom-images-for-reference-only","title":"Build Custom Images (For Reference Only)","text":"Note
Building a new image requires using baize-notebook
as the base image to ensure the Notebook runs properly.
When building a custom image, it is recommended to first understand the Dockerfile of the baize-notebook image to better understand how to build a custom image.
"},{"location":"en/admin/baize/best-practice/change-notebook-image.html#dockerfile-for-baize-notebook","title":"Dockerfile for baize-notebook","text":"ARG BASE_IMG=docker.m.daocloud.io/kubeflownotebookswg/jupyter:v1.8.0\n\nFROM $BASE_IMG\n\nUSER root\n\n# install - useful linux packages\nRUN export DEBIAN_FRONTEND=noninteractive \\\n && apt-get -yq update \\\n && apt-get -yq install --no-install-recommends \\\n openssh-server git git-lfs bash-completion \\\n && apt-get clean \\\n && rm -rf /var/lib/apt/lists/*\n\n# remove default s6 jupyterlab run script\nRUN rm -rf /etc/services.d/jupyterlab\n\n# install - useful jupyter plugins\nRUN mamba install -n base -y jupyterlab-language-pack-zh-cn \\\n && mamba clean --all -y\n\nARG CODESERVER_VERSION=4.89.1\nARG TARGETARCH\n\nRUN curl -fsSL \"https://github.com/coder/code-server/releases/download/v$CODESERVER_VERSION/code-server_${CODESERVER_VERSION}_$TARGETARCH.deb\" -o /tmp/code-server.deb \\\n && dpkg -i /tmp/code-server.deb \\\n && rm -f /tmp/code-server.deb\n\nARG CODESERVER_PYTHON_VERSION=2024.4.1\nARG CODESERVER_JUPYTER_VERSION=2024.3.1\nARG CODESERVER_LANGUAGE_PACK_ZH_CN=1.89.0\nARG CODESERVER_YAML=1.14.0\nARG CODESERVER_DOTENV=1.0.1\nARG CODESERVER_EDITORCONFIG=0.16.6\nARG CODESERVER_TOML=0.19.1\nARG CODESERVER_GITLENS=15.0.4\n\n# configure for code-server extensions\n# # https://github.com/kubeflow/kubeflow/blob/709254159986d2cc99e675d0fad5a128ddeb0917/components/example-notebook-servers/codeserver-python/Dockerfile\n# # and\n# # https://github.com/kubeflow/kubeflow/blob/709254159986d2cc99e675d0fad5a128ddeb0917/components/example-notebook-servers/codeserver/Dockerfile\nRUN code-server --list-extensions --show-versions \\\n && code-server --list-extensions --show-versions \\\n && code-server \\\n --install-extension MS-CEINTL.vscode-language-pack-zh-hans@$CODESERVER_LANGUAGE_PACK_ZH_CN \\\n --install-extension ms-python.python@$CODESERVER_PYTHON_VERSION \\\n --install-extension ms-toolsai.jupyter@$CODESERVER_JUPYTER_VERSION \\\n --install-extension redhat.vscode-yaml@$CODESERVER_YAML \\\n --install-extension mikestead.dotenv@$CODESERVER_DOTENV \\\n --install-extension EditorConfig.EditorConfig@$CODESERVER_EDITORCONFIG \\\n --install-extension tamasfe.even-better-toml@$CODESERVER_TOML \\\n --install-extension eamodio.gitlens@$CODESERVER_GITLENS \\\n --install-extension catppuccin.catppuccin-vsc-pack \\\n --force \\\n && code-server --list-extensions --show-versions\n\n# configure for code-server\nRUN mkdir -p /home/${NB_USER}/.local/share/code-server/User \\\n && chown -R ${NB_USER}:users /home/${NB_USER} \\\n && cat <<EOF > /home/${NB_USER}/.local/share/code-server/User/settings.json\n{\n \"gitlens.showWelcomeOnInstall\": false,\n \"workbench.colorTheme\": \"Catppuccin Mocha\",\n}\nEOF\n\nRUN mkdir -p /tmp_home/${NB_USER}/.local/share \\\n && mv /home/${NB_USER}/.local/share/code-server /tmp_home/${NB_USER}/.local/share\n\n# set ssh configuration\nRUN mkdir -p /run/sshd \\\n && chown -R ${NB_USER}:users /etc/ssh \\\n && chown -R ${NB_USER}:users /run/sshd \\\n && sed -i \"/#\\?Port/s/^.*$/Port 2222/g\" /etc/ssh/sshd_config \\\n && sed -i \"/#\\?PasswordAuthentication/s/^.*$/PasswordAuthentication no/g\" /etc/ssh/sshd_config \\\n && sed -i \"/#\\?PubkeyAuthentication/s/^.*$/PubkeyAuthentication yes/g\" /etc/ssh/sshd_config \\\n && rclone_version=v1.65.0 && \\\n arch=$(uname -m | sed -E 's/x86_64/amd64/g;s/aarch64/arm64/g') && \\\n filename=rclone-${rclone_version}-linux-${arch} && \\\n curl -fsSL https://github.com/rclone/rclone/releases/download/${rclone_version}/${filename}.zip -o ${filename}.zip && \\\n unzip ${filename}.zip && mv ${filename}/rclone /usr/local/bin && rm -rf ${filename} ${filename}.zip\n\n# Init mamba\nRUN mamba init --system\n\n# init baize-base environment for essential python packages\nRUN mamba create -n baize-base -y python \\\n && /opt/conda/envs/baize-base/bin/pip install tensorboard \\\n && mamba clean --all -y \\\n && ln -s /opt/conda/envs/baize-base/bin/tensorboard /usr/local/bin/tensorboard\n\n# prepare baize-runtime-env directory\nRUN mkdir -p /opt/baize-runtime-env \\\n && chown -R ${NB_USER}:users /opt/baize-runtime-env\n\nARG APP\nARG PROD_NAME\nARG TARGETOS\n\nCOPY out/$TARGETOS/$TARGETARCH/data-loader /usr/local/bin/\nCOPY out/$TARGETOS/$TARGETARCH/baizectl /usr/local/bin/\n\nRUN chmod +x /usr/local/bin/baizectl /usr/local/bin/data-loader && \\\n echo \"source /etc/bash_completion\" >> /opt/conda/etc/profile.d/conda.sh && \\\n echo \"source <(baizectl completion bash)\" >> /opt/conda/etc/profile.d/conda.sh && \\\n echo \"source <(kubectl completion bash)\" >> /opt/conda/etc/profile.d/conda.sh && \\\n echo '[ -f /run/baize-env ] && export $(cat /run/baize-env | xargs)' >> /opt/conda/etc/profile.d/conda.sh && \\\n echo 'alias conda=\"mamba\"' >> /opt/conda/etc/profile.d/conda.sh\n\nUSER ${NB_UID}\n
"},{"location":"en/admin/baize/best-practice/change-notebook-image.html#build-your-image","title":"Build Your Image","text":"ARG BASE_IMG=release.daocloud.io/baize/baize-notebook:v0.5.0\n\nFROM $BASE_IMG\nUSER root\n\n# Do Customization\nRUN mamba install -n baize-base -y pytorch torchvision torchaudio cpuonly -c pytorch \\\n && mamba install -n baize-base -y tensorflow \\\n && mamba clean --all -y\n\nUSER ${NB_UID}\n
"},{"location":"en/admin/baize/best-practice/change-notebook-image.html#add-to-the-notebook-image-list-helm","title":"Add to the Notebook Image List (Helm)","text":"Warning
Note that this must be done by the platform administrator. Be cautious with changes.
Currently, the image selector needs to be modified by updating the Helm
parameters of baize
. The specific steps are as follows:
In the Helm Apps
list of the kpanda-global-cluster global management cluster, find baize, enter the update page, and modify the Notebook image in the YAML
parameters:
Note the parameter modification path global.config.notebook_images
:
...\nglobal:\n ...\n config:\n notebook_images:\n ...\n names: release.daocloud.io/baize/baize-notebook:v0.5.0\n # Add your image information here\n
After the update is completed and the Helm App restarts successfully, you can see the new image in the Notebook creation interface image selection.
"},{"location":"en/admin/baize/best-practice/checkpoint.html","title":"Checkpoint Mechanism and Usage","text":"In practical deep learning scenarios, model training typically lasts for a period, which places higher demands on the stability and efficiency of distributed training tasks. Moreover, during actual training, unexpected interruptions can cause the loss of the model state, requiring the training process to start over. This not only wastes time and resources, which is particularly evident in LLM training, but also affects the training effectiveness of the model.
The ability to save the model state during training, so that it can be restored in case of an interruption, becomes crucial. Checkpointing is the mainstream solution to this problem. This article will introduce the basic concepts of the Checkpoint mechanism and its usage in PyTorch and TensorFlow.
"},{"location":"en/admin/baize/best-practice/checkpoint.html#what-is-a-checkpoint","title":"What is a Checkpoint?","text":"A checkpoint is a mechanism for saving the state of a model during training. By periodically saving checkpoints, you can restore the model in the following situations:
In PyTorch, torch.save
and torch.load
are the basic functions used for saving and loading models.
In PyTorch, the state_dict
is typically used to save the model's parameters. Here is a simple example:
import torch\nimport torch.nn as nn\n\n# Assume you have a simple neural network\nclass SimpleModel(nn.Module):\n def __init__(self):\n super(SimpleModel, self).__init__()\n self.fc = nn.Linear(10, 2)\n\n def forward(self, x):\n return self.fc(x)\n\n# Initialize model and optimizer\nmodel = SimpleModel()\noptimizer = torch.optim.Adam(model.parameters(), lr=0.001)\n\n# Train the model...\n# Save checkpoint\ncheckpoint_path = 'model_checkpoint.pth'\ntorch.save({\n 'epoch': 10,\n 'model_state_dict': model.state_dict(),\n 'optimizer_state_dict': optimizer.state_dict(),\n 'loss': 0.02,\n}, checkpoint_path)\n
"},{"location":"en/admin/baize/best-practice/checkpoint.html#restore-checkpoints-in-pytorch","title":"Restore Checkpoints in PyTorch","text":"When loading the model, you need to restore the model parameters and optimizer state, and then continue training or inference:
# Restore checkpoint\ncheckpoint = torch.load('model_checkpoint.pth')\nmodel.load_state_dict(checkpoint['model_state_dict'])\noptimizer.load_state_dict(checkpoint['optimizer_state_dict'])\nepoch = checkpoint['epoch']\nloss = checkpoint['loss']\n\n# Continue training or inference...\n
model_state_dict
: Model parametersoptimizer_state_dict
: Optimizer stateepoch
: Current training epochloss
: Loss valuelearning_rate
: Learning ratebest_accuracy
: Best accuracyTensorFlow provides the tf.train.Checkpoint
class to manage the saving and restoring of models and optimizers.
Here is an example of saving a checkpoint in TensorFlow:
import tensorflow as tf\n\n# Assume you have a simple model\nmodel = tf.keras.Sequential([\n tf.keras.layers.Dense(2, input_shape=(10,))\n])\noptimizer = tf.keras.optimizers.Adam(learning_rate=0.001)\n\n# Define checkpoint\ncheckpoint = tf.train.Checkpoint(optimizer=optimizer, model=model)\ncheckpoint_dir = './checkpoints'\ncheckpoint_prefix = f'{checkpoint_dir}/ckpt'\n\n# Train the model...\n# Save checkpoint\ncheckpoint.save(file_prefix=checkpoint_prefix)\n
Note
Users of AI Lab can directly mount high-performance storage as the checkpoint directory to improve the speed of saving and restoring checkpoints.
"},{"location":"en/admin/baize/best-practice/checkpoint.html#restore-checkpoints-in-tensorflow","title":"Restore Checkpoints in TensorFlow","text":"Load the checkpoint and restore the model and optimizer state:
# Restore checkpoint\nlatest_checkpoint = tf.train.latest_checkpoint(checkpoint_dir)\ncheckpoint.restore(latest_checkpoint)\n\n# Continue training or inference...\n
"},{"location":"en/admin/baize/best-practice/checkpoint.html#manage-checkpoints-in-distributed-training-with-tensorflow","title":"Manage Checkpoints in Distributed Training with TensorFlow","text":"In distributed training, TensorFlow manages checkpoints primarily through the following methods:
Using tf.train.Checkpoint
and tf.train.CheckpointManager
checkpoint = tf.train.Checkpoint(model=model, optimizer=optimizer)\nmanager = tf.train.CheckpointManager(checkpoint, directory='/tmp/model', max_to_keep=3)\n
Saving checkpoints within a distributed strategy
strategy = tf.distribute.MirroredStrategy()\nwith strategy.scope():\n checkpoint = tf.train.Checkpoint(model=model, optimizer=optimizer)\n manager = tf.train.CheckpointManager(checkpoint, directory='/tmp/model', max_to_keep=3)\n
Saving checkpoints only on the chief worker node
if strategy.cluster_resolver.task_type == 'chief':\n manager.save()\n
Special handling when using MultiWorkerMirroredStrategy
strategy = tf.distribute.MultiWorkerMirroredStrategy()\nwith strategy.scope():\n # Define model\n ...\n checkpoint = tf.train.Checkpoint(model=model, optimizer=optimizer)\n manager = tf.train.CheckpointManager(checkpoint, '/tmp/model', max_to_keep=3)\n\ndef _chief_worker(task_type, task_id):\n return task_type is None or task_type == 'chief' or (task_type == 'worker' and task_id == 0)\n\nif _chief_worker(strategy.cluster_resolver.task_type, strategy.cluster_resolver.task_id):\n manager.save()\n
Using a distributed file system
Ensure all worker nodes can access the same checkpoint directory, typically using a distributed file system such as HDFS or GCS.
Asynchronous saving
Use tf.keras.callbacks.ModelCheckpoint
and set the save_freq
parameter to asynchronously save checkpoints during training.
Checkpoint restoration
status = checkpoint.restore(manager.latest_checkpoint)\nstatus.assert_consumed() # (1)!\n
Performance optimization
tf.train.experimental.enable_mixed_precision_graph_rewrite()
tf.saved_model.save()
to save the entire model, not just the weightsRegular Saving : Determine a suitable saving frequency based on training time and resource consumption, such as every epoch or every few training steps.
Save Multiple Checkpoints : Keep the latest few checkpoints to prevent issues like file corruption or inapplicability.
Record Metadata : Save additional information in the checkpoint, such as the epoch number and loss value, to better restore the training state.
Use Version Control : Save checkpoints for different experiments to facilitate comparison and reuse.
Validation and Testing : Use checkpoints for validation and testing at different training stages to ensure model performance and stability.
The checkpoint mechanism plays a crucial role in deep learning training. By effectively using the checkpoint features in PyTorch and TensorFlow, you can significantly improve the reliability and efficiency of training. The methods and best practices described in this article should help you better manage the training process of deep learning models.
"},{"location":"en/admin/baize/best-practice/deploy-nfs-in-worker.html","title":"Deploy NFS for Preloading Dataset","text":"A Network File System (NFS) allows remote hosts to mount file systems over a network and interact with those file systems as though they are mounted locally. This enables system administrators to consolidate resources onto centralized servers on the network.
Dataset is a core feature provided by AI Lab. By abstracting the dependency on data throughout the entire lifecycle of MLOps into datasets, users can manage various types of data in datasets so that training tasks can directly use the data in the dataset.
When remote data is not within the worker cluster, datasets provide the capability to automatically preheat data, supporting data preloading from sources such as Git
, S3
, and HTTP
to the local cluster.
A storage service supporting the ReadWriteMany
mode is needed for preloading remote data for the dataset
, and it is recommended to deploy NFS within the cluster.
This article mainly introduces how to quickly deploy an NFS service and add it as a StorageClass
for the cluster.
Helm
and Kubectl
, please make sure they are already installed.Several components need to be installed:
All system components will be installed in the nfs
namespace, so it is necessary to create this namespace first.
kubectl create namespace nfs\n
"},{"location":"en/admin/baize/best-practice/deploy-nfs-in-worker.html#install-nfs-server","title":"Install NFS Server","text":"Here is a simple YAML deployment file that can be used directly.
Note
Be sure to check the image:
and modify it to a domestic mirror based on the location of the cluster.
---\nkind: Service\napiVersion: v1\nmetadata:\n name: nfs-server\n namespace: nfs\n labels:\n app: nfs-server\nspec:\n type: ClusterIP\n selector:\n app: nfs-server\n ports:\n - name: tcp-2049\n port: 2049\n protocol: TCP\n - name: udp-111\n port: 111\n protocol: UDP\n---\nkind: Deployment\napiVersion: apps/v1\nmetadata:\n name: nfs-server\n namespace: nfs\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: nfs-server\n template:\n metadata:\n name: nfs-server\n labels:\n app: nfs-server\n spec:\n nodeSelector:\n \"kubernetes.io/os\": linux\n containers:\n - name: nfs-server\n image: itsthenetwork/nfs-server-alpine:latest\n env:\n - name: SHARED_DIRECTORY\n value: \"/exports\"\n volumeMounts:\n - mountPath: /exports\n name: nfs-vol\n securityContext:\n privileged: true\n ports:\n - name: tcp-2049\n containerPort: 2049\n protocol: TCP\n - name: udp-111\n containerPort: 111\n protocol: UDP\n volumes:\n - name: nfs-vol\n hostPath:\n path: /nfsdata # (1)!\n type: DirectoryOrCreate\n
Save the above YAML as nfs-server.yaml
, then run the following commands for deployment:
kubectl -n nfs apply -f nfs-server.yaml\n\n# Check the deployment result\nkubectl -n nfs get pod,svc\n
"},{"location":"en/admin/baize/best-practice/deploy-nfs-in-worker.html#install-csi-driver-nfs","title":"Install csi-driver-nfs","text":"Installing csi-driver-nfs
requires the use of Helm
, please ensure it is installed beforehand.
# Add Helm repository\nhelm repo add csi-driver-nfs https://mirror.ghproxy.com/https://raw.githubusercontent.com/kubernetes-csi/csi-driver-nfs/master/charts\nhelm repo update csi-driver-nfs\n\n# Deploy csi-driver-nfs\n# The parameters here mainly optimize the image address to accelerate downloads in China\nhelm upgrade --install csi-driver-nfs csi-driver-nfs/csi-driver-nfs \\\n --set image.nfs.repository=k8s.m.daocloud.io/sig-storage/nfsplugin \\\n --set image.csiProvisioner.repository=k8s.m.daocloud.io/sig-storage/csi-provisioner \\\n --set image.livenessProbe.repository=k8s.m.daocloud.io/sig-storage/livenessprobe \\\n --set image.nodeDriverRegistrar.repository=k8s.m.daocloud.io/sig-storage/csi-node-driver-registrar \\\n --namespace nfs \\\n --version v4.5.0\n
Warning
Not all images of csi-nfs-controller
support helm
parameters, so the image
field of the deployment
needs to be manually modified. Change image: registry.k8s.io
to image: k8s.dockerproxy.com
to accelerate downloads in China.
Save the following YAML as nfs-sc.yaml
:
apiVersion: storage.k8s.io/v1\nkind: StorageClass\nmetadata:\n name: nfs-csi\nprovisioner: nfs.csi.k8s.io\nparameters:\n server: nfs-server.nfs.svc.cluster.local\n share: /\n # csi.storage.k8s.io/provisioner-secret is only needed for providing mountOptions in DeleteVolume\n # csi.storage.k8s.io/provisioner-secret-name: \"mount-options\"\n # csi.storage.k8s.io/provisioner-secret-namespace: \"default\"\nreclaimPolicy: Delete\nvolumeBindingMode: Immediate\nmountOptions:\n - nfsvers=4.1\n
then run the following command:
kubectl apply -f nfs-sc.yaml\n
"},{"location":"en/admin/baize/best-practice/deploy-nfs-in-worker.html#test","title":"Test","text":"Create a dataset and set the dataset's associated storage class and preloading method
to NFS
to preheat remote data into the cluster.
After the dataset is successfully created, you can see that the dataset's status is preloading
, and you can start using it after the preloading is completed.
/sbin/mount
","text":"bad option; for several filesystems (e.g. nfs, cifs) you might need a /sbin/mount.<type> helper program.\n
On the nodes running Kubernetes, ensure that the NFS client is installed:
Ubuntu/DebianCentOS/RHELRun the following commands to install the NFS client:
sudo apt-get update\nsudo apt-get install nfs-common\n
Run the following command to install the NFS client:
sudo yum install nfs-utils\n
Check the NFS server configuration to ensure that the NFS server is running and configured correctly. You can try mounting manually to test:
sudo mkdir -p /mnt/test\nsudo mount -t nfs <nfs-server>:/nfsdata /mnt/test\n
"},{"location":"en/admin/baize/best-practice/finetunel-llm.html","title":"Fine-tune the ChatGLM3 Model by Using AI Lab","text":"This page uses the ChatGLM3
model as an example to demonstrate how to use LoRA (Low-Rank Adaptation) to fine-tune the ChatGLM3 model within the AI Lab environment. The demo program is from the ChatGLM3 official example.
The general process of fine-tuning is as follows:
"},{"location":"en/admin/baize/best-practice/finetunel-llm.html#environment-requirements","title":"Environment Requirements","text":"Info
Before starting, ensure AI platform and AI Lab are correctly installed, GPU queue resources are successfully initialized, and computing resources are sufficient.
"},{"location":"en/admin/baize/best-practice/finetunel-llm.html#prepare-data","title":"Prepare Data","text":"Utilize the dataset management feature provided by AI Lab to quickly preheat and persist the data required for fine-tuning large models, reducing GPU resource occupation due to data preparation, and improving resource utilization efficiency.
Create the required data resources on the dataset list page. These resources include the ChatGLM3 code and data files, all of which can be managed uniformly through the dataset list.
"},{"location":"en/admin/baize/best-practice/finetunel-llm.html#code-and-model-files","title":"Code and Model Files","text":"ChatGLM3 is a dialogue pre-training model jointly released by zhipuai.cn and Tsinghua University KEG Lab.
First, pull the ChatGLM3 code repository and download the pre-training model for subsequent fine-tuning tasks.
AI Lab will automatically preheat the data in the background to ensure quick data access for subsequent tasks.
"},{"location":"en/admin/baize/best-practice/finetunel-llm.html#advertisegen-dataset","title":"AdvertiseGen Dataset","text":"Domestic data can be directly obtained from Tsinghua Cloud using the HTTP
data source method.
After creation, wait for the dataset to be preheated, which is usually quick and depends on your network conditions.
"},{"location":"en/admin/baize/best-practice/finetunel-llm.html#fine-tune-output-data","title":"Fine-tune Output Data","text":"You also need to prepare an empty dataset to store the model files output after the fine-tuning task is completed. Here, create an empty dataset, using PVC
as an example.
Warning
Ensure to use a storage type that supports ReadWriteMany
to allow quick access to resources for subsequent tasks.
For model developers, preparing the Python environment dependencies required for model development is crucial. Traditionally, environment dependencies are either packaged directly into the development tool's image or installed in the local environment, which can lead to inconsistency in environment dependencies and difficulties in managing and updating dependencies.
AI Lab provides environment management capabilities, decoupling Python environment dependency package management from development tools and task images, solving dependency management chaos and environment inconsistency issues.
Here, use the environment management feature provided by AI Lab to create the environment required for ChatGLM3 fine-tuning for subsequent use.
Warning
requirements.txt
file that includes the environment dependencies required for ChatGLM3 fine-tuning.deepspeed
and mpi4py
packages. It is recommended to comment them out in the requirements.txt
file to avoid compilation failures.In the environment management list, you can quickly create a Python environment and complete the environment creation through a simple form configuration; a Python 3.11.x environment is required here.
Since CUDA is required for this experiment, GPU resources need to be configured here to preheat the necessary resource dependencies.
Creating the environment involves downloading a series of Python dependencies, and download speeds may vary based on your location. Using a domestic mirror for acceleration can speed up the download.
"},{"location":"en/admin/baize/best-practice/finetunel-llm.html#use-notebook-as-ide","title":"Use Notebook as IDE","text":"AI Lab provides Notebook as an IDE feature, allowing users to write, run, and view code results directly in the browser. This is very suitable for development in data analysis, machine learning, and deep learning fields.
You can use the JupyterLab Notebook provided by AI Lab for the ChatGLM3 fine-tuning task.
"},{"location":"en/admin/baize/best-practice/finetunel-llm.html#create-jupyterlab-notebook","title":"Create JupyterLab Notebook","text":"In the Notebook list, you can create a Notebook according to the page operation guide. Note that you need to configure the proper Notebook resource parameters according to the resource requirements mentioned earlier to avoid resource issues affecting the fine-tuning process.
Note
When creating a Notebook, you can directly mount the preloaded model code dataset and environment, greatly saving data preparation time.
"},{"location":"en/admin/baize/best-practice/finetunel-llm.html#mount-dataset-and-code","title":"Mount Dataset and Code","text":"Note: The ChatGLM3 code files are mounted to the /home/jovyan/ChatGLM3
directory, and you also need to mount the AdvertiseGen
dataset to the /home/jovyan/ChatGLM3/finetune_demo/data/AdvertiseGen
directory to allow the fine-tuning task to access the data.
The model output location used this time is the /home/jovyan/ChatGLM3/finetune_demo/output
directory. You can mount the previously created PVC
dataset to this directory, so the trained model can be saved to the dataset for subsequent inference tasks.
After creation, you can see the Notebook interface where you can write, run, and view code results directly in the Notebook.
"},{"location":"en/admin/baize/best-practice/finetunel-llm.html#fine-tune-chatglm3","title":"Fine-tune ChatGLM3","text":"Once in the Notebook, you can find the previously mounted dataset and code in the File Browser
option in the Notebook sidebar. Locate the ChatGLM3 folder.
You will find the fine-tuning code for ChatGLM3 in the finetune_demo
folder. Open the lora_finetune.ipynb
file, which contains the fine-tuning code for ChatGLM3.
First, follow the instructions in the README.md
file to understand the entire fine-tuning process. It is recommended to read it thoroughly to ensure that the basic environment dependencies and data preparation work are completed.
Open the terminal and use conda
to switch to the preheated environment, ensuring consistency with the JupyterLab Kernel for subsequent code execution.
First, preprocess the AdvertiseGen
dataset, standardizing the data to meet the Lora
pre-training format requirements. Save the processed data to the AdvertiseGen_fix
folder.
import json\nfrom typing import Union\nfrom pathlib import Path\n\ndef _resolve_path(path: Union[str, Path]) -> Path:\n return Path(path).expanduser().resolve()\n\ndef _mkdir(dir_name: Union[str, Path]):\n dir_name = _resolve_path(dir_name)\n if not dir_name.is_dir():\n dir_name.mkdir(parents=True, exist_ok=False)\n\ndef convert_adgen(data_dir: Union[str, Path], save_dir: Union[str, Path]):\n def _convert(in_file: Path, out_file: Path):\n _mkdir(out_file.parent)\n with open(in_file, encoding='utf-8') as fin:\n with open(out_file, 'wt', encoding='utf-8') as fout:\n for line in fin:\n dct = json.loads(line)\n sample = {'conversations': [{'role': 'user', 'content': dct['content']},\n {'role': 'assistant', 'content': dct['summary']}]}\n fout.write(json.dumps(sample, ensure_ascii=False) + '\\n')\n\n data_dir = _resolve_path(data_dir)\n save_dir = _resolve_path(save_dir)\n\n train_file = data_dir / 'train.json'\n if train_file is_file():\n out_file = save_dir / train_file.relative_to(data_dir)\n _convert(train_file, out_file)\n\n dev_file = data_dir / 'dev.json'\n if dev_file.is_file():\n out_file = save_dir / dev_file.relative_to(data_dir)\n _convert(dev_file, out_file)\n\nconvert_adgen('data/AdvertiseGen', 'data/AdvertiseGen_fix')\n
To save debugging time, you can reduce the number of entries in /home/jovyan/ChatGLM3/finetune_demo/data/AdvertiseGen_fix/dev.json
to 50. The data is in JSON format, making it easy to process.
After preprocessing the data, you can proceed with the fine-tuning test. Configure the fine-tuning parameters in the /home/jovyan/ChatGLM3/finetune_demo/configs/lora.yaml
file. Key parameters to focus on include:
Open a new terminal window and use the following command for local fine-tuning testing. Ensure that the parameter configurations and paths are correct:
!CUDA_VISIBLE_DEVICES=0 NCCL_P2P_DISABLE=\"1\" NCCL_IB_DISABLE=\"1\" python finetune_hf.py data/AdvertiseGen_fix ./chatglm3-6b configs/lora.yaml\n
In this command:
finetune_hf.py
is the fine-tuning script in the ChatGLM3 codedata/AdvertiseGen_fix
is your preprocessed dataset./chatglm3-6b
is your pre-trained model pathconfigs/lora.yaml
is the fine-tuning configuration fileDuring fine-tuning, you can use the nvidia-smi
command to check GPU memory usage:
After fine-tuning is complete, an output
directory will be generated in the finetune_demo
directory, containing the fine-tuned model files. This way, the fine-tuned model files are saved to the previously created PVC
dataset.
After completing the local fine-tuning test and ensuring that your code and data are correct, you can submit the fine-tuning task to the AI Lab for large-scale training and fine-tuning tasks.
Note
This is the recommended model development and fine-tuning process: first, conduct local fine-tuning tests to ensure that the code and data are correct.
"},{"location":"en/admin/baize/best-practice/finetunel-llm.html#submit-fine-tuning-tasks-via-ui","title":"Submit Fine-tuning Tasks via UI","text":"Use Pytorch
to create a fine-tuning task. Select the resources of the cluster you need to use based on your actual situation. Ensure to meet the resource requirements mentioned earlier.
Startup command: Based on your experience using LoRA fine-tuning in the Notebook, the code files and data are in the /home/jovyan/ChatGLM3/finetune_demo
directory, so you can directly use this path:
bash -c \"cd /home/jovyan/ChatGLM3/finetune_demo && CUDA_VISIBLE_DEVICES=0 NCCL_P2P_DISABLE=\"1\" NCCL_IB_DISABLE=\"1\" python finetune_hf.py data/AdvertiseGen_fix ./chatglm3-6b configs/lora.yaml\"\n
Mount environment: This way, the preloaded environment dependencies can be used not only in the Notebook but also in the tasks.
AdvertiseGen
dataset to the /home/jovyan/ChatGLM3/finetune_demo/data/AdvertiseGen
directoryAfter successfully submitting the task, you can view the training progress of the task in real-time in the task list. You can see the task status, resource usage, logs, and other information.
View task logs
After the task is completed, you can view the fine-tuned model files in the data output dataset for subsequent inference tasks.
"},{"location":"en/admin/baize/best-practice/finetunel-llm.html#submit-tasks-via-baizectl","title":"Submit Tasks viabaizectl
","text":"AI Lab's Notebook supports using the baizectl
command-line tool without authentication. If you prefer using CLI, you can directly use the baizectl
command-line tool to submit tasks.
baizectl job submit --name finetunel-chatglm3 -t PYTORCH \\\n --image release.daocloud.io/baize/baize-notebook:v0.5.0 \\\n --priority baize-high-priority \\\n --resources cpu=8,memory=16Gi,nvidia.com/gpu=1 \\\n --workers 1 \\\n --queue default \\\n --working-dir /home/jovyan/ChatGLM3 \\\n --datasets AdvertiseGen:/home/jovyan/ChatGLM3/finetune_demo/data/AdvertiseGen \\\n --datasets output:/home/jovyan/ChatGLM3/finetune_demo/output \\\n --labels job_type=pytorch \\\n --restart-policy on-failure \\\n -- bash -c \"cd /home/jovyan/ChatGLM3/finetune_demo && CUDA_VISIBLE_DEVICES=0 NCCL_P2P_DISABLE=\"1\" NCCL_IB_DISABLE=\"1\" python finetune_hf.py data/AdvertiseGen_fix ./chatglm3-6b configs/lora.yaml\"\n
For more information on using baizectl
, refer to the baizectl Usage Documentation.
After completing the fine-tuning task, you can use the fine-tuned model for inference tasks. Here, you can use the inference service provided by AI Lab to create an inference service with the output model.
In the inference service list, you can create a new inference service. When selecting the model, choose the previously output dataset and configure the model path.
Regarding model resource requirements and GPU resource requirements for inference services, configure them based on the model size and inference concurrency. Refer to the resource configuration of the previous fine-tuning tasks.
"},{"location":"en/admin/baize/best-practice/finetunel-llm.html#configure-model-runtime","title":"Configure Model Runtime","text":"Configuring the model runtime is crucial. Currently, AI Lab supports vLLM
as the model inference service runtime, which can be directly selected.
Tip
vLLM supports a wide range of large language models. Visit vLLM for more information. These models can be easily used within AI Lab.
After creation, you can see the created inference service in the inference service list. The model service list allows you to get the model's access address directly.
"},{"location":"en/admin/baize/best-practice/finetunel-llm.html#test-the-model-service","title":"Test the Model Service","text":"Try using the curl
command in the terminal to test the model service. Here, you can see the returned results, enabling you to use the model service for inference tasks.
curl -X POST http://10.20.100.210:31118/v2/models/chatglm3-6b/generate \\\n -d '{\"text_input\": \"hello\", \"stream\": false, \"sampling_parameters\": \"{\\\"temperature\\\": 0.7, \\\"top_p\\\": 0.95, \\'max_tokens\\\": 1024\uff5d\"\uff5d'\n
"},{"location":"en/admin/baize/best-practice/finetunel-llm.html#wrap-up","title":"Wrap up","text":"This page used ChatGLM3
as an example to quickly introduce and get you started with the AI Lab for model fine-tuning, using LoRA
to fine-tune the ChatGLM3 model.
AI Lab provides a wealth of features to help model developers quickly conduct model development, fine-tuning, and inference tasks. It also offers rich OpenAPI interfaces, facilitating integration with third-party application ecosystems.
"},{"location":"en/admin/baize/best-practice/label-studio.html","title":"Deploy Label Studio","text":"Label Studio is an open-source data labeling tool used for various machine learning and artificial intelligence jobs. Here is a brief introduction to Label Studio:
Label Studio offers a powerful data labeling solution for data scientists and machine learning engineers due to its flexibility and rich features.
"},{"location":"en/admin/baize/best-practice/label-studio.html#deploy-to-ai-platform","title":"Deploy to AI platform","text":"To use Label Studio in AI Lab, it needs to be deployed to the Global Service Cluster. You can quickly deploy it using Helm.
Note
For more deployment details, refer to Deploy Label Studio on Kubernetes.
Enter the Global Service Cluster, find Helm Apps -> Helm Repositories from the left navigation bar, click the Create Repository button, and fill in the following parameters:
After successfully adding the repository, click the \u2507 on the right side of the list and select Sync Repository. Wait a moment to complete the synchronization. (This sync operation will also be used for future updates of Label Studio).
Then navigate to the Helm Charts page, search for label-studio
, and click the card.
Choose the latest version and configure the installation parameters as shown below, naming it label-studio
. It is recommended to create a new namespace. Switch the parameters to YAML
and modify the configuration according to the instructions.
global:\n image:\n repository: heartexlabs/label-studio # Configure proxy address here if docker.io is inaccessible\n extraEnvironmentVars:\n LABEL_STUDIO_HOST: https://{Access_Address}/label-studio # Use the AI platform login address, refer to the current webpage URL\n LABEL_STUDIO_USERNAME: {User_Email} # Must be an email, replace with your own\n LABEL_STUDIO_PASSWORD: {User_Password}\napp:\n nginx:\n livenessProbe:\n path: /label-studio/nginx_health\n readinessProbe:\n path: /label-studio/version\n
At this point, the installation of Label Studio is complete.
Warning
By default, PostgreSQL will be installed as the data service middleware. If the image pull fails, it may be because docker.io
is inaccessible. Ensure to switch to an available proxy.
If you have your own PostgreSQL data service middleware, you can use the following parameters:
global:\n image:\n repository: heartexlabs/label-studio # Configure proxy address here if docker.io is inaccessible\n extraEnvironmentVars:\n LABEL_STUDIO_HOST: https://{Access_Address}/label-studio # Use the AI platform login address, refer to the current webpage URL\n LABEL_STUDIO_USERNAME: {User_Email} # Must be an email, replace with your own\n LABEL_STUDIO_PASSWORD: {User_Password}\napp:\n nginx:\n livenessProbe:\n path: /label-studio/nginx_health\n readinessProbe:\n path: /label-studio/version\npostgresql:\n enabled: false # Disable the built-in PostgreSQL\nexternalPostgresql:\n host: \"postgres-postgresql\" # PostgreSQL address\n port: 5432\n username: \"label_studio\" # PostgreSQL username\n password: \"your_label_studio_password\" # PostgreSQL password\n database: \"label_studio\" # PostgreSQL database name\n
"},{"location":"en/admin/baize/best-practice/label-studio.html#add-gproduct-to-navigation-bar","title":"Add GProduct to Navigation Bar","text":"To add Label Studio to the AI platform navigation bar, you can refer to the method in Global Management OEM IN. The following example shows how to add it to the secondary navigation of AI Lab.
"},{"location":"en/admin/baize/best-practice/label-studio.html#add-proxy-access","title":"Add Proxy Access","text":"apiVersion: ghippo.io/v1alpha1\nkind: GProductProxy\nmetadata:\n name: label-studio\nspec:\n gproduct: label-studio\n proxies:\n - authnCheck: false\n destination:\n host: label-studio-ls-app.label-studio.svc.cluster.local\n port: 80\n match:\n uri:\n prefix: /label-studio\n
"},{"location":"en/admin/baize/best-practice/label-studio.html#add-to-ai-lab","title":"Add to AI Lab","text":"Modify the CRD for GProductNavigator
CR baize
, then make the following changes:
apiVersion: ghippo.io/v1alpha1\nkind: GProductNavigator\nmetadata:\n labelings:\n meta.helm.sh/release-name: baize\n meta.helm.sh/release-namespace: baize-system\n labels:\n app.kubernetes.io/managed-by: Helm\n gProductName: baize\n name: baize\nspec:\n category: cloudnativeai\n gproduct: baize\n iconUrl: ./ui/baize/logo.svg\n isCustom: false\n localizedName:\n en-US: AI Lab\n zh-CN: AI Lab\n menus:\n - iconUrl: ''\n isCustom: false\n localizedName:\n en-US: AI Lab\n zh-CN: AI Lab\n name: workspace-view\n order: 1\n url: ./baize\n visible: true\n - iconUrl: ''\n isCustom: false\n localizedName:\n en-US: Operator\n zh-CN: \u8fd0\u7ef4\u7ba1\u7406\n name: admin-view\n order: 1\n url: ./baize/admin\n visible: true\n # Start adding\n - iconUrl: ''\n localizedName:\n en-US: Data Labeling\n zh-CN: \u6570\u636e\u6807\u6ce8\n name: label-studio\n order: 1\n target: blank # Control new blank page\n url: https://{Access_Address}/label-studio # url to access\n visible: true\n # End adding\n name: AI Lab\n order: 10\n url: ./baize\n visible: true\n
"},{"location":"en/admin/baize/best-practice/label-studio.html#adding-effect","title":"Adding Effect","text":""},{"location":"en/admin/baize/best-practice/label-studio.html#conclusion","title":"Conclusion","text":"The above describes how to add Label Studio and integrate it as an labeling component in AI Lab. By adding labels to the datasets in AI Lab, you can associate it with algorithm development and improve the algorithm development process. For further usage, refer to relevant documentation.
"},{"location":"en/admin/baize/best-practice/train-with-deepspeed.html","title":"Submit a DeepSpeed Training Task","text":"According to the DeepSpeed official documentation, it's recommended to modifying your code to implement the training task.
Specifically, you can use deepspeed.init_distributed()
instead of torch.distributed.init_process_group(...)
. Then run the command using torchrun
to submit it as a PyTorch distributed task, which will allow you to run a DeepSpeed task.
Yes, you can use torchrun
to run your DeepSpeed training script. torchrun
is a utility provided by PyTorch for distributed training. You can combine torchrun
with the DeepSpeed API to start your training task.
Below is an example of running a DeepSpeed training script using torchrun
:
Write the training script:
train.pyimport torch\nimport deepspeed\nfrom torch.utils.data import DataLoader\n\n# Load model and data\nmodel = YourModel()\ntrain_dataset = YourDataset()\ntrain_dataloader = DataLoader(train_dataset, batch_size=32)\n\n# Configure file path\ndeepspeed_config = \"deepspeed_config.json\"\n\n# Create DeepSpeed training engine\nmodel_engine, optimizer, _, _ = deepspeed.initialize(\n model=model,\n model_parameters=model.parameters(),\n config_params=deepspeed_config\n)\n\n# Training loop\nfor batch in train_dataloader:\n loss = model_engine(batch)\n model_engine.backward(loss)\n model_engine.step()\n
Create the DeepSpeed configuration file:
deepspeed_config.json{\n \"train_batch_size\": 32,\n \"gradient_accumulation_steps\": 1,\n \"fp16\": {\n \"enabled\": true,\n \"loss_scale\": 0\n },\n \"optimizer\": {\n \"type\": \"Adam\",\n \"params\": {\n \"lr\": 0.00015,\n \"betas\": [0.9, 0.999],\n \"eps\": 1e-08,\n \"weight_decay\": 0\n }\n }\n}\n
Run the training script using torchrun
or baizectl
:
torchrun train.py\n
In this way, you can combine PyTorch's distributed training capabilities with DeepSpeed's optimization technologies for more efficient training. You can use the baizectl
command to submit a job in a notebook:
baizectl job submit --pytorch --workers 2 -- torchrun train.py\n
Operator is the daily management of IT resources by IT operations personnel, handling workspace tasks.
Here, you can visually understand the current usage status of resources such as clusters, nodes, CPUs, GPUs, and vGPUs.
"},{"location":"en/admin/baize/oam/index.html#glossary","title":"Glossary","text":"Automatically consolidate GPU resource information across the entire platform, providing detailed GPU device information display, and allowing you to view workload statistics and task execution information for various GPUs.
After entering Operator, click Resource Management -> GPU Management in the left navigation bar to view GPU and task information.
"},{"location":"en/admin/baize/oam/queue/create.html","title":"Create Queue","text":"In the Operator mode, queues can be used to schedule and optimize batch job workloads, effectively managing multiple tasks running on a cluster and optimizing resource utilization through a queue system.
Click Queue Management in the left navigation bar, then click the Create button on the right.
The system will pre-fill basic setup data, including the cluster to deploy to, workspace, and queuing policy. Click OK after adjusting these parameters.
A confirmation message will appear upon creation, returning you to the queue management list. Click the \u2507 on the right side of the list to perform additional operations such as update or delete.
In the Operator mode, if you find a queue to be redundant, expired, or no longer needed for any other reason, you can delete it from the queue list.
Click the \u2507 on the right side of the queue in the queue list, then choose Delete from the dropdown menu.
In the pop-up window, confirm the queue you want to delete, enter the queue name, and then click Delete.
A confirmation message will appear indicating successful deletion, and the queue will disappear from the list.
Caution
Once a queue is deleted, it cannot be recovered, so please proceed with caution.
"},{"location":"en/admin/baize/troubleshoot/index.html","title":"Troubleshooting","text":"This document will continuously compile and organize errors that may arise from environmental issues or improper operations during the use of AI Lab, as well as analyze and provide solutions for certain errors encountered during use.
Warning
This documentation is only applicable to version AI platform. If you encounter issues with the use of AI Lab, please refer to this troubleshooting guide first.
In AI platform, the module name for AI Lab is baize
, which offers one-stop solutions for model training, inference, model management, and more.
In the AI Lab Developer and Operator UI, the desired cluster cannot be found in the drop-down list while you search for a cluster.
"},{"location":"en/admin/baize/troubleshoot/cluster-not-found.html#analysis","title":"Analysis","text":"If the desired cluster is missing from the cluster drop-down list in AI Lab, it could be due to the following reasons:
baize-agent
is not installed or failed to install, causing AI Lab to be unable to retrieve cluster information.baize-agent
, causing AI Lab to be unable to retrieve cluster information.baize-agent
not installed or failed to install","text":"AI Lab requires some basic components to be installed in each worker cluster. If the baize-agent
is not installed in the worker cluster, you can choose to install it via UI, which might lead to some unexpected errors.
Therefore, to ensure a good user experience, the selectable cluster range only includes clusters where the baize-agent
has been successfully installed.
If the issue is due to the baize-agent
not being installed or installation failure, use the following steps:
Container Management -> Clusters -> Helm Apps -> Helm Charts , find baize-agent
and install it.
Note
Quickly jump to this address: https://<host>/kpanda/clusters/<cluster_name>/helm/charts/addon/baize-agent
. Note to replace <host>
with the actual console address, and <cluster_name>
with the actual cluster name.
baize-agent
","text":"When installing baize-agent
, ensure to configure the cluster name. This name will be used for Insight metrics collection and is empty by default, requiring manual configuration .
If the Insight components in the cluster are abnormal, it might cause AI Lab to be unable to retrieve cluster information. Check if the platform's Insight services are running and configured correctly.
When creating a Notebook, training task, or inference service, if the queue is being used for the first time in that namespace, there will be a prompt to initialize the queue with one click. However, the initialization fails.
"},{"location":"en/admin/baize/troubleshoot/local-queue-initialization-failed.html#issue-analysis","title":"Issue Analysis","text":"In the AI Lab environment, the queue management capability is provided by Kueue. Kueue provides two types of queue management resources:
In the AI Lab environment, if a service is created and the specified namespace does not have a LocalQueue
, there will be a prompt to initialize the queue.
In rare cases, the LocalQueue
initialization might fail due to special reasons.
Check if Kueue is running normally. If the kueue-controller-manager
is not running, you can check it with the following command:
kubectl get deploy kueue-controller-manager -n baize-system\n
If the kueue-controller-manager
is not running properly, fix Kueue first.
In the AI Lab module, when users create a Notebook, they find that even if the selected queue lacks resources, the Notebook can still be created successfully.
"},{"location":"en/admin/baize/troubleshoot/notebook-not-controlled-by-quotas.html#issue-01-unsupported-kubernetes-version","title":"Issue 01: Unsupported Kubernetes Version","text":"Analysis:
The queue management capability in AI Lab is provided by Kueue, and the Notebook service is provided through JupyterHub. JupyterHub has high requirements for the Kubernetes version. For versions below v1.27, even if queue quotas are set in AI platform, and users select the quota when creating a Notebook, the Notebook will not actually be restricted by the queue quota.
Solution: Plan in advance. It is recommended to use Kubernetes version v1.27
or above in the production environment.
Reference: Jupyter Notebook Documentation
Analysis:
When the Kubernetes cluster version is greater than v1.27, the Notebook still cannot be restricted by the queue quota.
This is because Kueue needs to have support for enablePlainPod
enabled to take effect for the Notebook service.
Solution: When deploying baize-agent
in the worker cluster, enable Kueue support for enablePlainPod
.
Reference: Run Plain Pods as a Kueue-Managed Job
If you forget your password, you can reset it by following the instructions on this page.
"},{"location":"en/admin/ghippo/password.html#steps-to-reset-password","title":"Steps to Reset Password","text":"When an administrator initially creates a user, it sets a username and password for him. After the user logs in, fill in the email address and change the password in Personal Center . If the user has not set an email address, he can only contact the administrator to reset the password.
If you forget your password, you can click Forgot your password? on the login interface.
Enter your login email and click Submit .
Find the password reset email in the mailbox, and click the link in your email. The link is effective for 5 minutes.
Install applications that support 2FA dynamic password generation (such as Google Authenticator) on mobile phone or other devices. Set up a dynamic password to activate your account, and click Submit .
Set a new password and click Submit . The requirements for setting a new password are consistent with the password rules when creating an account.
The password is successfully reset, and you enter the home page directly.
The flow of the password reset process is as follows.
graph TB\n\npass[Forgot password] --> usern[Enter username]\n--> button[Click button to send a mail] --> judge1[Check your username is correct or not]\n\n judge1 -.Correct.-> judge2[Check if you have bounded a mail]\n judge1 -.Wrong.-> tip1[Error of incorrect username]\n\n judge2 -.A mail has been bounded.-> send[Send a reset mail]\n judge2 -.No any mail bounded.-> tip2[No any mail bounded<br>Contact admin to reset password]\n\nsend --> click[Click the mail link] --> config[Config dynamic password] --> reset[Reset password]\n--> success[Successfully reset]\n\nclassDef plain fill:#ddd,stroke:#fff,stroke-width:1px,color:#000;\nclassDef k8s fill:#326ce5,stroke:#fff,stroke-width:1px,color:#fff;\nclassDef cluster fill:#fff,stroke:#bbb,stroke-width:1px,color:#326ce5;\n\nclass pass,usern,button,tip1,send,tip2,send,click,config,reset,success plain;\nclass judge1,judge2 k8s
"},{"location":"en/admin/ghippo/access-control/custom-role.html","title":"Custom Roles","text":"AI platform supports the creation of three scopes of custom roles:
A platform role refers to a role that can manipulate features related to a certain module of AI platform (such as container management, microservice engine, Multicloud Management, service mesh, Container registry, Workbench, and global management).
From the left navigation bar, click Global Management -> Access Control -> Roles , and click Create Custom Role .
Enter the name and description, select Platform Role , check the role permissions and click OK .
Return to the role list, search for the custom role you just created, and click \u2507 on the right to perform operations such as copying, editing, and deleting.
After the platform role is successfully created, you can go to User/group to add users and groups for this role.
A workspace role refers to a role that can manipulate features related to a module (such as container management, microservice engine, Multicloud Management, service mesh, container registry, Workbench, and global management) according to the workspace.
From the left navigation bar, click Global Management -> Access Control -> Roles , and click Create Custom Role .
Enter the name and description, select Workspace role , check the role permissions and click OK .
Return to the role list, search for the custom role you just created, and click \u2507 on the right to perform operations such as copying, editing, and deleting.
After the workspace role is successfully created, you can go to Workspace to authorize and set which workspaces this role can manage.
The folder role refers to the ability to manipulate the relevant features of a module of AI platform (such as container management, microservice engine, Multicloud Management, service mesh, container registry, Workbench and global management) according to folders and subfolders. Role.
From the left navigation bar, click Global Management -> Access Control -> Roles , and click Create Custom Role .
Enter the name and description, select Folder Role , check the role permissions and click OK .
Return to the role list, search for the custom role you just created, and click \u2507 on the right to perform operations such as copying, editing, and deleting.
After the folder role is successfully created, you can go to Folder to authorize and set which folders this role can manage.
When two or more platforms need to integrate or embed with each other, user system integration is usually required. During the process of user system integration, the Docking Portal mainly provides SSO (Single Sign-On) capability. If you want to integrate AI platform as a user source into a client platform, you can achieve it by docking a product through Docking Portal .
"},{"location":"en/admin/ghippo/access-control/docking.html#docking-a-product","title":"Docking a product","text":"Prerequisite: Administrator privileges for the platform or IAM Owner privileges for access control.
Log in with an admin, navigate to Access Control , select Docking Portal , enter the Docking Portal list, and click Create SSO Profile in the upper right corner.
On the Create SSO Profile page, fill in the Client ID.
After successfully creating the SSO access, in the Docking Portal list, click the just created Client ID to enter the details, copy the Client ID, Secret Key, and Single Sign-On URL information, and fill them in the client platform to complete the user system integration.
AI platform provides predefined system roles to help users simplify the process of role permission usage.
Note
AI platform provides three types of system roles: platform role, workspace role, and folder role.
Five system roles are predefined in Access Control: Admin, IAM Owner, Audit Owner, Kpanda Owner, and Workspace and Folder Owner. These five roles are created by the system and cannot be modified by users. The proper permissions of each role are as follows:
Role Name Role Type Module Role Permissions Admin System role All Platform administrator, manages all platform resources, represents the highest authority of the platform. IAM Owner System role Access Control Administrator of Access Control, has all permissions under this service, such as managing users/groups and authorization. Audit Owner System role Audit Log Administrator of Audit Log, has all permissions under this service, such as setting audit log policies and exporting audit logs. Kpanda Owner System role Container Management Administrator of Container Management, has all permissions under this service, such as creating/accessing clusters, deploying applications, granting cluster/namespace-related permissions to users/groups. Workspace and Folder Owner System role Workspace and Folder Administrator of Workspace and Folder, has all permissions under this service, such as creating folders/workspaces, authorizing folder/workspace-related permissions to users/groups."},{"location":"en/admin/ghippo/access-control/global.html#workspace-roles","title":"Workspace Roles","text":"Three system roles are predefined in Access Control: Workspace Admin, Workspace Editor, and Workspace Viewer. These three roles are created by the system and cannot be modified by users. The proper permissions of each role are as follows:
Role Name Role Type Module Role Permissions Workspace Admin System role Workspace Administrator of a workspace, with management permission of the workspace. Workspace Editor System role Workspace Editor of a workspace, with editing permission of the workspace. Workspace Viewer System role Workspace Viewer of a workspace, with readonly permission of the workspace."},{"location":"en/admin/ghippo/access-control/global.html#folder-roles","title":"Folder Roles","text":"Three system roles are predefined in Access Control: Folder Admin, Folder Editor, and Folder Viewer. These three roles are created by the system and cannot be modified by users. The proper permissions of each role are as follows:
Role Name Role Type Module Role Permissions Folder Admin System role Workspace Administrator of a folder and its subfolders/workspaces, with management permission. Folder Editor System role Workspace Editor of a folder and its subfolders/workspaces, with editing permission. Folder Viewer System role Workspace Viewer of a folder and its subfolders/workspaces, with readonly permission."},{"location":"en/admin/ghippo/access-control/group.html","title":"Group","text":"A group is a collection of users. By joining a group, a user can inherit the role permissions of the group. Authorize users in batches through groups to better manage users and their permissions.
"},{"location":"en/admin/ghippo/access-control/group.html#use-cases","title":"Use cases","text":"When a user's permission changes, it only needs to be moved to the proper group without affecting other users.
When the permissions of a group change, you only need to modify the role permissions of the group to apply to all users in the group.
"},{"location":"en/admin/ghippo/access-control/group.html#create-group","title":"Create group","text":"Prerequisite: Admin or IAM Owner.
Enters Access Control , selects Groups , enters the list of groups, and clicks Create a group on the upper right.
Fill in the group information on the Create group page.
Click OK , the group is created successfully, and you will return to the group list page. The first line in the list is the newly created group.
Prerequisite: The group already exists.
Enters Access Control , selects Groups , enters the list of groups, and clicks \u2507 -> Add permissions .
On the Add permissions page, check the required role permissions (multiple choices are allowed).
Click OK to add permissions to the group. Automatically return to the group list, click a group to view the permissions granted to the group.
Enters Access Control , selects Groups to display the group list, and on the right side of a group, click \u2507 -> Add Members .
On the Add Group Members page, click the user to be added (multiple choices are allowed). If there is no user available, click Create a new user , first go to create a user, and then return to this page and click the refresh icon to display the newly created user.
Click OK to finish adding users to the group.
Note
Users in the group will inherit the permissions of the group; users who join the group can be viewed in the group details.
"},{"location":"en/admin/ghippo/access-control/group.html#delete-group","title":"Delete group","text":"Note: Deleting a group will not delete the users in the group, but the users in the group will no longer be able to inherit the permissions of the group
The administrator enters Access Control , selects group to enter the group list, and on the right side of a group, click \u2507 -> Delete .
Click Delete to delete the group.
Return to the group list, and the screen will prompt that the deletion is successful.
Note
Deleting a group will not delete the users in the group, but the users in the group will no longer be able to inherit the permissions from the group.
"},{"location":"en/admin/ghippo/access-control/iam.html","title":"What is IAM","text":"IAM (Identity and Access Management) is an important module of global management. You can create, manage and destroy users (groups) through the access control module, and use system roles and custom roles to control other users Access to the AI platform.
"},{"location":"en/admin/ghippo/access-control/iam.html#benefits","title":"Benefits","text":"Simple and smooth
Structures and roles within an enterprise can be complex, with the management of projects, work groups, and mandates constantly changing. Access control uses a clear and tidy page to open up the authorization relationship between users, groups, and roles, and realize the authorization of users (groups) with the shortest link.
Appropriate role
Access control pre-defines an administrator role for each sub-module, without user maintenance, you can directly authorize the predefined system roles of the platform to users to realize the modular management of the platform. For fine-grained permissions, please refer to Permission Management.
Enterprise-grade access control
When you want your company's employees to use the company's internal authentication system to log in to the AI platform without creating proper users on the AI platform, you can use the identity provider feature of access control to establish a trust relationship between your company and Suanova, Through joint authentication, employees can directly log in to the AI platform with the existing account of the enterprise, realizing single sign-on.
Here is a typical process to perform access control.
graph TD\n login[Login] --> user[Create User]\n user --> auth[Authorize User]\n auth --> group[Create Group]\n group --> role[Create Custom Role]\n role --> id[Create Identity Provider]\n\n classDef plain fill:#ddd,stroke:#fff,stroke-width:4px,color:#000;\n classDef k8s fill:#326ce5,stroke:#fff,stroke-width:4px,color:#fff;\n classDef cluster fill:#fff,stroke:#bbb,stroke-width:1px,color:#326ce5;\n class login,user,auth,group,role,id cluster;
"},{"location":"en/admin/ghippo/access-control/idprovider.html","title":"Identity provider","text":"Global management supports single sign-on based on LDPA and OIDC protocols. If your enterprise or organization has its own account system and you want to manage members in the organization to use AI platform resources, you can use the identity provider feature provided by global management. Instead of having to create username/passwords for every organization member in your AI platform. You can grant permissions to use AI platform resources to these external user identities.
"},{"location":"en/admin/ghippo/access-control/idprovider.html#basic-concept","title":"Basic concept","text":"Identity Provider (IdP for short)
Responsible for collecting and storing user identity information, usernames, and passwords, and responsible for authenticating users when they log in. In the identity authentication process between an enterprise and AI platform, the identity provider refers to the identity provider of the enterprise itself.
Service Provider (SP)
The service provider establishes a trust relationship with the identity provider IdP, and uses the user information provided by the IDP to provide users with specific services. In the process of enterprise authentication with AI platform, the service provider refers to AI platform.
LDAP
LDAP refers to Lightweight Directory Access Protocol (Lightweight Directory Access Protocol), which is often used for single sign-on, that is, users can log in with one account password in multiple services. Global management supports LDAP for identity authentication, so the enterprise IdP that establishes identity authentication with AI platform through the LDAP protocol must support the LDAP protocol. For a detailed description of LDAP, please refer to: Welcome to LDAP.
OIDC
OIDC, short for OpenID Connect, is an identity authentication standard protocol based on the OAuth 2.0 protocol. Global management supports the OIDC protocol for identity authentication, so the enterprise IdP that establishes identity authentication with AI platform through the OIDC protocol must support the OIDC protocol. For a detailed description of OIDC, please refer to: Welcome to OpenID Connect.
OAuth 2.0
OAuth 2.0 is the abbreviation of Open Authorization 2.0. It is an open authorization protocol. The authorization framework supports third-party applications to obtain access permissions in their own name.
Administrators do not need to recreate AI platform users
Before using the identity provider for identity authentication, the administrator needs to create an account for the user in the enterprise management system and AI platform respectively; after using the identity provider for identity authentication, the enterprise administrator only needs to create an account for the user in the enterprise management system, Users can access both systems at the same time, reducing personnel management costs.
Users do not need to remember two sets of platform accounts
Before using the identity provider for identity authentication, users need to log in with the accounts of the two systems to access the enterprise management system and AI platform; after using the identity provider for identity authentication, users can log in to the enterprise management system to access the two systems.
The full name of LDAP is Lightweight Directory Access Protocol, which is an open and neutral industry-standard application protocol that provides access control and maintains directories for distributed information through the IP protocol.
If your enterprise or organization has its own account system, and your enterprise user management system supports the LDAP protocol, you can use the identity provider feature based on the LDAP protocol provided by the Global Management instead of creating usernames/passwords for each member in AI platform. You can grant permissions to use AI platform resources to these external user identities.
In Global Management, the operation steps are as follows:
Log in to AI platform as a user with admin role. Click Global Management -> Access Control in the lower left corner of the left navigation bar.
Click Identity Provider on the left nav bar, click Create an Identity Provider button.
In the LDAP tab, fill in the following fields and click Save to establish a trust relationship with the identity provider and a user mapping relationship.
Field Description Vendor Supports LDAP (Lightweight Directory Access Protocol) and AD (Active Directory) Identity Provider Name (UI display name) Used to distinguish different identity providers Connection URL The address and port number of the LDAP service, e.g., ldap://10.6.165.2:30061 Bind DN The DN of the LDAP administrator, which Keycloak will use to access the LDAP server Bind credentials The password of the LDAP administrator. This field can retrieve its value from a vault using the ${vault.ID} format. Users DN The full DN of the LDAP tree where your users are located. This DN is the parent of the LDAP users. For example, if the DN of a typical user is similar to \u201cuid='john',ou=users,dc=example,dc=com\u201d, it can be \u201cou=users,dc=example,dc=com\u201d. User Object Classes All values of the LDAP objectClass attribute for users in LDAP, separated by commas. For example: \u201cinetOrgPerson,organizationalPerson\u201d. New Keycloak users will be written to LDAP with all of these object classes, and existing LDAP user records will be found if they contain all of these object classes. Enable StartTLS Encrypts the connection between AI platform and LDAP when enabled Default Permission Users/groups have no permissions by default after synchronization Full name mapping proper First name and Last Name User Name Mapping The unique username for the user Mailbox Mapping User emailAdvanced Config
Field Description Enable or not Enabled by default. When disabled, this LDAP configuration will not take effect. Periodic full sync Disabled by default. When enabled, a sync period can be configured, such as syncing once every hour. Edit mode Read-only mode will not modify the source data in LDAP. Write mode will sync data back to LDAP after user information is edited on the platform. Read timeout Adjusting this value can effectively avoid interface timeouts when the amount of LDAP data is large. User LDAP filter An additional LDAP filter used to filter the search for users. Leave it empty if no additional filter is needed. Ensure it starts with \u201c(\u201d and ends with \u201c)\u201d. Username LDAP attribute The name of the LDAP attribute maps to the Keycloak username. For many LDAP server vendors, it can be \u201cuid\u201d. For Active Directory, it can be \u201csAMAccountName\u201d or \u201ccn\u201d. This attribute should be filled in for all LDAP user records you want to import into Keycloak. RDN LDAP attribute The name of the LDAP attribute that serves as the RDN (top-level attribute) of the typical user DN. It is usually the same as the Username LDAP attribute, but this is not required. For example, for Active Directory, when the username attribute might be \u201csAMAccountName\u201d, \u201ccn\u201d is often used as the RDN attribute. UUID LDAP attribute The name of the LDAP attribute used as the unique object identifier (UUID) for objects in LDAP. For many LDAP server vendors, it is \u201centryUUID\u201d. However, some may differ. For example, for Active Directory, it should be \u201cobjectGUID\u201d. If your LDAP server does not support the UUID concept, you can use any other attribute that should be unique among LDAP users in the tree, such as \u201cuid\u201d or \u201centryDN\u201d.On the Sync Groups tab, fill in the following fields to configure the mapping relationship of groups, and click Save again.
Field Description Example base DN location of the group in the LDAP tree ou=groups,dc=example,dc=org Usergroup Object Filter Object classes for usergroups, separated by commas if more classes are required. In a typical LDAP deployment, usually \"groupOfNames\", the system has been filled in automatically, if you need to change it, just edit it. * means all. * group name cn UnchangeableNote
If all members in your enterprise or organization are managed in WeCom, you can use the identity provider feature based on the OAuth 2.0 protocol provided by Global Management, without the need to create a username/password for each organization member in AI platform. You can grant these external user identities permission to use AI platform resources.
"},{"location":"en/admin/ghippo/access-control/oauth2.0.html#steps","title":"Steps","text":"Log in to AI platform with a user who has the admin role. Click Global Management -> Access Control at the bottom of the left navigation bar.
Select Identity Providers on the left navigation bar, and click the OAuth 2.0 tab. Fill in the form fields and establish a trust relationship with WeCom, then click Save.
Note
Before integration, you need to create a custom application in the WeCom management console. Refer to How to create a custom application link
Field Description Corp ID ID of WeCom Agent ID ID of the custom application ClientSecret Secret of the custom applicationWeCom ID:
Agent ID and ClientSecret:
"},{"location":"en/admin/ghippo/access-control/oidc.html","title":"Create and Manage OIDC","text":"OIDC (OpenID Connect) is an identity layer based on OAuth 2.0 and an identity authentication standard protocol based on the OAuth2 protocol.
If your enterprise or organization already has its own account system, and your enterprise user management system supports the OIDC protocol, you can use the OIDC protocol-based identity provider feature provided by the Global Management instead of creating usernames/passwords for each member in AI platform. You can grant permissions to use AI platform resources to these external user identities.
The specific operation steps are as follows.
Log in to AI platform as a user with admin role. Click Global Management -> Access Control at the bottom of the left navigation bar.
On the left nav bar select Identity Provider , click OIDC -> Create an Identity Provider
After completing the form fields and establishing a trust relationship with the identity provider, click Save .
Fields Descriptions Provider Name displayed on the login page and is the entry point for the identity provider Authentication Method Client authentication method. If the JWT is signed with a private key, select JWT signed with private key from the dropdown. For details, refer to Client Authentication. Client ID Client ID Client Secret Client Secret Client URL One-click access to login URL, Token URL, user information URL and logout URL through the identity provider's well-known interface Auto-associate After it is turned on, when the identity provider username/email is duplicated with the AI platform username/email, the two will be automatically associatedNote
The interactive process of user authentication is as follows:
A role corresponds to a set of permissions that determine the actions that can be performed on resources. Granting a user a role means granting all the permissions included in that role.
AI platform provides three levels of roles, which effectively solve your permission-related issues:
Platform roles are coarse-grained permissions that grant proper permissions to all relevant resources on the platform. By assigning platform roles, users can have permissions to create, delete, modify, and view all clusters and workspaces, but not specifically to a particular cluster or workspace. AI platform provides 5 pre-defined platform roles that users can directly use:
Additionally, AI platform supports the creation of custom platform roles with customized content as needed. For example, creating a platform role that includes all functional permissions in the Workbench. Since the Workbench depends on workspaces, the platform will automatically select the \"view\" permission for workspaces by default. Please do not manually deselect it. If User A is granted this Workbench role, they will automatically have all functional permissions related to the Workbench in all workspaces.
"},{"location":"en/admin/ghippo/access-control/role.html#platform-role-authorization-methods","title":"Platform Role Authorization Methods","text":"There are three ways to authorize platform roles:
In the Global Management -> Access Control -> Users section, find the user in the user list, click ... , select Authorization , and grant platform role permissions to the user.
In the Global Management -> Access Control -> Groups section, create a group in the group list, add the user to the group, and grant authorization to the group (the specific operation is: find the group in the group list, click ... , select Add Permissions , and grant platform roles to the group).
In the Global Management -> Access Control -> Roles section, find the proper platform role in the role list, click the role name to access details, click the Related Members button, select the user or group, and click OK .
Workspace roles are fine-grained roles that grant users management permissions, view permissions, or Workbench-related permissions for a specific workspace. Users with these roles can only manage the assigned workspace and cannot access other workspaces. AI platform provides 3 pre-defined workspace roles that users can directly use:
Moreover, AI platform supports the creation of custom workspace roles with customized content as needed. For example, creating a workspace role that includes all functional permissions in the Workbench. Since the Workbench depends on workspaces, the platform will automatically select the \"view\" permission for workspaces by default. Please do not manually deselect it. If User A is granted this role in Workspace 01, they will have all functional permissions related to the Workbench in Workspace 01.
Note
Unlike platform roles, workspace roles need to be used within the workspace. Once authorized, users will only have the functional permissions of that role within the assigned workspace.
"},{"location":"en/admin/ghippo/access-control/role.html#workspace-role-authorization-methods","title":"Workspace Role Authorization Methods","text":"In the Global Management -> Workspace and Folder list, find the workspace, click Authorization , and grant workspace role permissions to the user.
"},{"location":"en/admin/ghippo/access-control/role.html#folder-roles","title":"Folder Roles","text":"Folder roles have permissions granularity between platform roles and workspace roles. They grant users management permissions and view permissions for a specific folder and its sub-folders, as well as all workspaces within that folder. Folder roles are commonly used in departmental scenarios in enterprises. For example, User B is a leader of a first-level department and usually has management permissions over the first-level department, all second-level departments under it, and projects within those departments. In this scenario, User B is granted admin permissions for the first-level folder, which also grants proper permissions for the second-level folders and workspaces below them. AI platform provides 3 pre-defined folder roles that users can directly use:
Additionally, AI platform supports the creation of custom folder roles with customized content as needed. For example, creating a folder role that includes all functional permissions in the Workbench. If User A is granted this role in Folder 01, they will have all functional permissions related to the Workbench in all workspaces within Folder 01.
Note
The functionality of modules depends on workspaces, and folders provide further grouping mechanisms with permission inheritance capabilities. Therefore, folder permissions not only include the folder itself but also its sub-folders and workspaces.
"},{"location":"en/admin/ghippo/access-control/role.html#folder-role-authorization-methods","title":"Folder Role Authorization Methods","text":"In the Global Management -> Workspace and Folder list, find the folder, click Authorization , and grant folder role permissions to the user.
"},{"location":"en/admin/ghippo/access-control/user.html","title":"User","text":"A user refers to a user created by the platform administrator Admin or the access control administrator IAM Owner on the Global Management -> Access Control -> Users page, or a user connected through LDAP / OIDC . The username represents the account, and the user logs in to the Suanova Enterprise platform through the username and password.
Having a user account is a prerequisite for users to access the platform. The newly created user does not have any permissions by default. For example, you need to assign proper role permissions to users, such as granting administrator permissions to submodules in User List or User Details . The sub-module administrator has the highest authority of the sub-module, and can create, manage, and delete all resources of the module. If a user needs to be granted permission for a specific resource, such as the permission to use a certain resource, please see Resource Authorization Description.
This page introduces operations such as creating, authorizing, disabling, enabling, and deleting users.
"},{"location":"en/admin/ghippo/access-control/user.html#create-user","title":"Create user","text":"Prerequisite: You have the platform administrator Admin permission or the access control administrator IAM Admin permission.
The administrator enters Access Control , selects Users , enters the user list, and clicks Create User on the upper right.
Fill in the username and login password on the Create User page. If you need to create multiple users at one time, you can click Create User to create in batches, and you can create up to 5 users at a time. Determine whether to set the user to reset the password when logging in for the first time according to your actual situation.
Click OK , the user is successfully created and returns to the user list page.
Note
The username and password set here will be used to log in to the platform.
"},{"location":"en/admin/ghippo/access-control/user.html#authorize-for-user","title":"Authorize for User","text":"Prerequisite: The user already exists.
The administrator enters Access Control , selects Users , enters the user list, and clicks \u2507 -> Authorization .
On the Authorization page, check the required role permissions (multiple choices are allowed).
Click OK to complete the authorization for the user.
Note
In the user list, click a user to enter the user details page.
"},{"location":"en/admin/ghippo/access-control/user.html#add-user-to-group","title":"Add user to group","text":"The administrator enters Access Control , selects Users , enters the user list, and clicks \u2507 -> Add to Group .
On the Add to Group page, check the groups to be joined (multiple choices are allowed). If there is no optional group, click Create a new group to create a group, and then return to this page and click the Refresh button to display the newly created group.
Click OK to add the user to the group.
Note
The user will inherit the permissions of the group, and you can view the groups that the user has joined in User Details .
"},{"location":"en/admin/ghippo/access-control/user.html#enabledisable-user","title":"Enable/Disable user","text":"Once a user is deactivated, that user will no longer be able to access the Platform. Unlike deleting a user, a disabled user can be enabled again as needed. It is recommended to disable the user before deleting it to ensure that no critical service is using the key created by the user.
The administrator enters Access Control , selects Users , enters the user list, and clicks a username to enter user details.
Click Edit on the upper right, turn off the status button, and make the button gray and inactive.
Click OK to finish disabling the user.
Premise: User mailboxes need to be set. There are two ways to set user mailboxes.
On the user details page, the administrator clicks Edit , enters the user's email address in the pop-up box, and clicks OK to complete the email setting.
Users can also enter the Personal Center and set the email address on the Security Settings page.
If the user forgets the password when logging in, please refer to Reset Password.
"},{"location":"en/admin/ghippo/access-control/user.html#delete-users","title":"Delete users","text":"Warning
After deleting a user, the user will no longer be able to access platform resources in any way, please delete carefully. Before deleting a user, make sure your key programs no longer use keys created by that user. If you are unsure, it is recommended to disable the user before deleting. If you delete a user and then create a new user with the same name, the new user is considered a new, separate identity that does not inherit the deleted user's roles.
The administrator enters Access Control , selects Users , enters the user list, and clicks \u2507 -> Delete .
Click Delete to finish deleting the user.
With AI platform integrated into the client's system, you can create Webhooks to send message notifications when users are created, updated, deleted, logged in, or logged out.
Webhook is a mechanism for implementing real-time event notifications. It allows an application to push data or events to another application without the need for polling or continuous querying. By configuring Webhooks, you can specify that the target application receives and processes notifications when a certain event occurs.
The working principle of Webhook is as follows:
By using Webhooks, you can achieve the following functionalities:
Common use cases include:
The steps to configure Webhooks in AI platform are as follows:
On the left nav, click Global Management -> Access Control -> Docking Portal , create a client ID.
Click a client ID to enter the details page, then click the Create Webhook button.
Fill in the field information in the popup window and click OK .
A screen prompt indicates that the Webhook was created successfully.
Now try creating a user.
User creation succeeds, and you can see that an enterprise WeChat group received a message.
Default Message Body
AI platform predefines some variables that you can use in the message body based on your needs.
{\n \"id\": \"{{$$.ID$$}}\",\n \"email\": \"{{$$.Email$$}}\",\n \"username\": \"{{$$.Name$$}}\",\n \"last_name\": \"{{$$.LastName$$}}\",\n \"first_name\": \"{{$$.FirstName$$}}\",\n \"created_at\": \"{{$$.CreatedAt$$}}\",\n \"enabled\": \"{{$$.Enabled$$}}\"\n}\n
Message Body for WeCom Group Robot
{\n \"msgtype\": \"text\",\n \"text\": {\n \"content\": \"{{$$.Name$$}} hello world\"\n }\n}\n
"},{"location":"en/admin/ghippo/audit/audit-log.html","title":"Audit log","text":"Audit logs help you monitor and record the activities of each user, and provide features for collecting, storing and querying security-related records arranged in chronological order. With the audit log service, you can continuously monitor and retain user behaviors in the Global Management module, including but not limited to user creation, user login/logout, user authorization, and user operations related to Kubernetes.
"},{"location":"en/admin/ghippo/audit/audit-log.html#features","title":"Features","text":"The audit log feature has the following characteristics:
Out of the box: When installing and using the platform, the audit log feature will be enabled by default, automatically recording various user-related actions, such as creating users, authorization, and login/logout. By default, 365 days of user behavior can be viewed within the platform.
Security analysis: The audit log will record user operations in detail and provide an export function. Through these events, you can judge whether the account is at risk.
Real-time recording: Quickly collect operation events, and trace back in the audit log list after user operations, so that suspicious behavior can be found at any time.
Convenient and reliable: The audit log supports manual cleaning and automatic cleaning, and the cleaning policy can be configured according to your storage size.
Log in to AI platform with a user account that has the admin or Audit Owner role.
At the bottom of the left navigation bar, click Global Management -> Audit Logs .
On the User operations tab, you can search for user operation events by time range, or by using fuzzy or exact search.
Click the \u2507 icon on the right side of an event to view its details.
The event details are shown in the following figure.
Click the Export in the upper right corner to export the user operation logs within the selected time range in CSV or Excel format.
"},{"location":"en/admin/ghippo/audit/audit-log.html#system-operations","title":"System operations","text":"On the System operations tab, you can search for system operation events by time range, or by using fuzzy or exact search.
Similarly, click the \u2507 icon on the right side of an event to view its details.
Click the Export in the upper right corner to export the system operation logs within the selected time range in CSV or Excel format.
"},{"location":"en/admin/ghippo/audit/audit-log.html#settings","title":"Settings","text":"On the Settings tab, you can clean up audit logs for user operations and system operations.
You can manually clean up the logs, but it is recommended to export and save them before cleaning. You can also set the maximum retention time for the logs to automatically clean them up.
Note
The audit logs related to Kubernetes in the auditing module are provided by the Insight module. To reduce the storage pressure of the audit logs, Global Management by default does not collect Kubernetes-related logs. If you need to record them, please refer to Enabling K8s Audit Logs. Once enabled, the cleanup function is consistent with the Global Management cleanup function, but they do not affect each other.
"},{"location":"en/admin/ghippo/audit/open-audit.html","title":"Enable/Disable collection of audit logs","text":"Run the following command to check if audit logs are generated under the /var/log/kubernetes/audit directory. If they exist, it means that Kubernetes audit logs are successfully enabled.
ls /var/log/kubernetes/audit\n
If they are not enabled, please refer to the documentation on enabling/disabling Kubernetes audit logs.
"},{"location":"en/admin/ghippo/audit/open-audit.html#enable-collection-of-kubernetes-audit-logs-process","title":"Enable Collection of Kubernetes Audit Logs Process","text":"Add ChartMuseum to the helm repo.
helm repo add chartmuseum http://10.5.14.30:8081\n
Modify the IP address in this command to the IP address of the Spark node.
Note
If using a self-built Harbor repository, please modify the chart repo URL in the first step to the insight-agent chart URL of the self-built repository.
Save the current Insight Agent helm values.
helm get values insight-agent -n insight-system -o yaml > insight-agent-values-bak.yaml\n
Get the current version number ${insight_version_code}.
insight_version_code=`helm list -n insight-system |grep insight-agent | awk {'print $10'}`\n
Update the helm value configuration.
helm upgrade --install --create-namespace --version ${insight_version_code} --cleanup-on-fail insight-agent chartmuseum/insight-agent -n insight-system -f insight-agent-values-bak.yaml --set global.exporters.auditLog.kubeAudit.enabled=true\n
Restart all fluentBit pods under the insight-system namespace.
fluent_pod=`kubectl get pod -n insight-system | grep insight-agent-fluent-bit | awk {'print $1'} | xargs`\nkubectl delete pod ${fluent_pod} -n insight-system\n
The remaining steps are the same as enabling the collection of Kubernetes audit logs, with only a modification in the previous section's step 4: updating the helm value configuration.
helm upgrade --install --create-namespace --version ${insight_version_code} --cleanup-on-fail insight-agent chartmuseum/insight-agent -n insight-system -f insight-agent-values-bak.yaml --set global.exporters.auditLog.kubeAudit.enabled=false\n
"},{"location":"en/admin/ghippo/audit/open-audit.html#ai-community-online-installation-environment","title":"AI Community Online Installation Environment","text":"Note
If installing AI Community in a Kind cluster, perform the following steps inside the Kind container.
"},{"location":"en/admin/ghippo/audit/open-audit.html#confirm-enabling-kubernetes-audit-logs_1","title":"Confirm Enabling Kubernetes Audit Logs","text":"Run the following command to check if audit logs are generated under the /var/log/kubernetes/audit directory. If they exist, it means that Kubernetes audit logs are successfully enabled.
ls /var/log/kubernetes/audit\n
If they are not enabled, please refer to the documentation on enabling/disabling Kubernetes audit logs.
"},{"location":"en/admin/ghippo/audit/open-audit.html#enable-collection-of-kubernetes-audit-logs-process_1","title":"Enable Collection of Kubernetes Audit Logs Process","text":"Save the current values.
helm get values insight-agent -n insight-system -o yaml > insight-agent-values-bak.yaml\n
Get the current version number ${insight_version_code} and update the configuration.
insight_version_code=`helm list -n insight-system |grep insight-agent | awk {'print $10'}`\n
Update the helm value configuration.
helm upgrade --install --create-namespace --version ${insight_version_code} --cleanup-on-fail insight-agent insight-release/insight-agent -n insight-system -f insight-agent-values-bak.yaml --set global.exporters.auditLog.kubeAudit.enabled=true\n
If the upgrade fails due to an unsupported version, check if the helm repo used in the command has that version. If not, retry after you updated the helm repo.
helm repo update insight-release\n
Restart all fluentBit pods under the insight-system namespace.
fluent_pod=`kubectl get pod -n insight-system | grep insight-agent-fluent-bit | awk {'print $1'} | xargs`\nkubectl delete pod ${fluent_pod} -n insight-system\n
The remaining steps are the same as enabling the collection of Kubernetes audit logs, with only a modification in the previous section's step 3: updating the helm value configuration.
helm upgrade --install --create-namespace --version ${insight_version_code} --cleanup-on-fail insight-agent insight-release/insight-agent -n insight-system -f insight-agent-values-bak.yaml --set global.exporters.auditLog.kubeAudit.enabled=false\n
"},{"location":"en/admin/ghippo/audit/open-audit.html#change-worker-cluster","title":"Change Worker Cluster","text":"Each worker cluster is independent and can be turned on as needed.
"},{"location":"en/admin/ghippo/audit/open-audit.html#steps-to-enable-audit-log-collection-when-creating-a-cluster","title":"Steps to Enable Audit Log Collection When Creating a Cluster","text":"By default, the collection of K8s audit logs is turned off. If you need to enable it, you can follow these steps:
Set the switch to the enabled state to enable the collection of K8s audit logs.
When creating a worker cluster via AI platform, ensure that the K8s audit log option for the cluster is set to 'true' so that the created worker cluster will have audit logs enabled.
After the cluster creation is successful, the K8s audit logs for that worker cluster will be collected.
"},{"location":"en/admin/ghippo/audit/open-audit.html#steps-to-enabledisable-after-accessing-or-creating-the-cluster","title":"Steps to Enable/Disable After Accessing or Creating the Cluster","text":""},{"location":"en/admin/ghippo/audit/open-audit.html#confirm-enabling-k8s-audit-logs","title":"Confirm Enabling K8s Audit Logs","text":"Run the following command to check if audit logs are generated under the /var/log/kubernetes/audit directory. If they exist, it means that K8s audit logs are successfully enabled.
ls /var/log/kubernetes/audit\n
If they are not enabled, please refer to the documentation on enabling/disabling K8s audit logs.
"},{"location":"en/admin/ghippo/audit/open-audit.html#enable-collection-of-k8s-audit-logs","title":"Enable Collection of K8s Audit Logs","text":"The collection of K8s audit logs is disabled by default. To enable it, follow these steps:
Select the cluster that has been accessed and needs to enable the collection of K8s audit logs.
Go to the Helm App management page and update the insight-agent configuration (if insight-agent is not installed, you can install it).
Enable/Disable the collection of K8s audit logs switch.
After enabling/disabling the switch, the fluent-bit pod needs to be restarted for the changes to take effect.
By default, the Kubernetes cluster does not generate audit log information. Through the following configuration, you can enable the audit log feature of Kubernetes.
Note
In a public cloud environment, it may not be possible to control the output and output path of Kubernetes audit logs.
apiVersion: audit.k8s.io/v1\nkind: Policy\nrules:\n# The following requests were manually identified as high-volume and low-risk,\n# so drop them.\n- level: None\n users: [\"system:kube-proxy\"]\n verbs: [\"watch\"]\n resources:\n - group: \"\" # core\n resources: [\"endpoints\", \"services\", \"services/status\"]\n- level: None\n # Ingress controller reads `configmaps/ingress-uid` through the unsecured port.\n # TODO(#46983): Change this to the ingress controller service account.\n users: [\"system:unsecured\"]\n namespaces: [\"kube-system\"]\n verbs: [\"get\"]\n resources:\n - group: \"\" # core\n resources: [\"configmaps\"]\n- level: None\n users: [\"kubelet\"] # legacy kubelet identity\n verbs: [\"get\"]\n resources:\n - group: \"\" # core\n resources: [\"nodes\", \"nodes/status\"]\n- level: None\n userGroups: [\"system:nodes\"]\n verbs: [\"get\"]\n resources:\n - group: \"\" # core\n resources: [\"nodes\", \"nodes/status\"]\n- level: None\n users:\n - system:kube-controller-manager\n - system:kube-scheduler\n - system:serviceaccount:kube-system:endpoint-controller\n verbs: [\"get\", \"update\"]\n namespaces: [\"kube-system\"]\n resources:\n - group: \"\" # core\n resources: [\"endpoints\"]\n- level: None\n users: [\"system:apiserver\"]\n verbs: [\"get\"]\n resources:\n - group: \"\" # core\n resources: [\"namespaces\", \"namespaces/status\", \"namespaces/finalize\"]\n# Don't log HPA fetching metrics.\n- level: None\n users:\n - system:kube-controller-manager\n verbs: [\"get\", \"list\"]\n resources:\n - group: \"metrics.k8s.io\"\n# Don't log these read-only URLs.\n- level: None\n nonResourceURLs:\n - /healthz*\n - /version\n - /swagger*\n# Don't log events requests.\n- level: None\n resources:\n - group: \"\" # core\n resources: [\"events\"]\n# Secrets, ConfigMaps, TokenRequest and TokenReviews can contain sensitive & binary data,\n# so only log at the Metadata level.\n- level: Metadata\n resources:\n - group: \"\" # core\n resources: [\"secrets\", \"configmaps\", \"serviceaccounts/token\"]\n - group: authentication.k8s.io\n resources: [\"tokenreviews\"]\n omitStages:\n - \"RequestReceived\"\n# Get responses can be large; skip them.\n- level: Request\n verbs: [\"get\", \"list\", \"watch\"]\n resources:\n - group: \"\" # core\n - group: \"admissionregistration.k8s.io\"\n - group: \"apiextensions.k8s.io\"\n - group: \"apiregistration.k8s.io\"\n - group: \"apps\"\n - group: \"authentication.k8s.io\"\n - group: \"authorization.k8s.io\"\n - group: \"autoscaling\"\n - group: \"batch\"\n - group: \"certificates.k8s.io\"\n - group: \"extensions\"\n - group: \"metrics.k8s.io\"\n - group: \"networking.k8s.io\"\n - group: \"policy\"\n - group: \"rbac.authorization.k8s.io\"\n - group: \"settings.k8s.io\"\n - group: \"storage.k8s.io\"\n omitStages:\n - \"RequestReceived\"\n# Default level for known APIs\n- level: RequestResponse\n resources:\n - group: \"\" # core\n - group: \"admissionregistration.k8s.io\"\n - group: \"apiextensions.k8s.io\"\n - group: \"apiregistration.k8s.io\"\n - group: \"apps\"\n - group: \"authentication.k8s.io\"\n - group: \"authorization.k8s.io\"\n - group: \"autoscaling\"\n - group: \"batch\"\n - group: \"certificates.k8s.io\"\n - group: \"extensions\"\n - group: \"metrics.k8s.io\"\n - group: \"networking.k8s.io\"\n - group: \"policy\"\n - group: \"rbac.authorization.k8s.io\"\n - group: \"settings.k8s.io\"\n - group: \"storage.k8s.io\"\n omitStages:\n - \"RequestReceived\"\n# Default level for all other requests.\n- level: Metadata\n omitStages:\n - \"RequestReceived\"\n
Put the above audit log file in /etc/kubernetes/audit-policy/ folder, and name it apiserver-audit-policy.yaml .
"},{"location":"en/admin/ghippo/audit/open-k8s-audit.html#configure-the-api-server","title":"Configure the API server","text":"Open the configuration file kube-apiserver.yaml of the API server, usually in the /etc/kubernetes/manifests/ folder, and add the following configuration information:
Please back up kube-apiserver.yaml before this step. The backup file cannot be placed in the /etc/kubernetes/manifests/ , and it is recommended to put it in the /etc/kubernetes/tmp .
Add the command under spec.containers.command :
--audit-log-maxage=30\n--audit-log-maxbackup=10\n--audit-log-maxsize=100\n--audit-log-path=/var/log/audit/kube-apiserver-audit.log\n--audit-policy-file=/etc/kubernetes/audit-policy/apiserver-audit-policy.yaml\n
Add the command under spec.containers.volumeMounts :
- mountPath: /var/log/audit\n name: audit-logs\n- mountPath: /etc/kubernetes/audit-policy\n name: audit-policy\n
Add the command under spec.volumes :
- hostPath:\n path: /var/log/kubernetes/audit\n type: \"\"\n name: audit-logs\n- hostPath:\n path: /etc/kubernetes/audit-policy\n type: \"\"\n name: audit-policy\n
After a while, the API server will automatically restart, and run the following command to check whether there is an audit log generated in the /var/log/kubernetes/audit directory. If so, it means that the K8s audit log is successfully enabled.
ls /var/log/kubernetes/audit\n
If you want to close it, just remove the relevant commands in spec.containers.command .
"},{"location":"en/admin/ghippo/audit/source-ip.html","title":"Get Source IP in Audit Logs","text":"The source IP in audit logs plays a critical role in system and network management. It helps track activities, maintain security, resolve issues, and ensure system compliance. However, getting the source IP can result in some performance overhead, so that audit logs are not always enabled in AI platform. The default enablement of source IP in audit logs and the methods to enable it vary depending on the installation mode. The following sections will explain the default enablement and the steps to enable source IP in audit logs based on the installation mode.
Note
Enabling audit logs will modify the replica count of the istio-ingressgateway, resulting in a certain performance overhead. Enabling audit logs requires disabling LoadBalance of kube-proxy and Topology Aware Routing, which can have a certain impact on cluster performance. After enabling audit logs, it is essential to ensure that the istio-ingressgateway exists on the proper node to the access IP. If the istio-ingressgateway drifts due to node health issues or other issues, it needs to be manually rescheduled back to that node. Otherwise, it will affect the normal operation of AI platform.
"},{"location":"en/admin/ghippo/audit/source-ip.html#determine-the-installation-mode","title":"Determine the Installation Mode","text":"kubectl get pod -n metallb-system\n
Run the above command in the cluster. If the result is as follows, it means that the cluster is not in the MetalLB installation mode:
No resources found in metallbs-system namespace.\n
"},{"location":"en/admin/ghippo/audit/source-ip.html#nodeport-installation-mode","title":"NodePort Installation Mode","text":"In this mode, the source IP in audit logs is disabled by default. The steps to enable it are as follows:
Set the minimum replica count of the istio-ingressgateway HPA to be equal to the number of control plane nodes
count=$(kubectl get nodes --selector=node-role.kubernetes.io/control-plane | wc -l)\ncount=$((count-1))\n\nkubectl patch hpa istio-ingressgateway -n istio-system -p '{\"spec\":{\"minReplicas\":'$count'}}'\n
Modify the externalTrafficPolicy and internalTrafficPolicy value of the istio-ingressgateway service to \"Local\"
kubectl patch svc istio-ingressgateway -n istio-system -p '{\"spec\":{\"externalTrafficPolicy\":\"Local\",\"internalTrafficPolicy\":\"Local\"}}'\n
In this mode, the source IP in audit logs is gotten by default after the installation.
"},{"location":"en/admin/ghippo/audit/gproduct-audit/ghippo.html","title":"Audit Items of Global Management","text":"Events Resource Type Notes UpdateEmail-Account Account UpdatePassword-Account Account CreateAccessKeys-Account Account UpdateAccessKeys-Account Account DeleteAccessKeys-Account Account Create-User User Delete-User User Update-User User UpdateRoles-User User UpdatePassword-User User CreateAccessKeys-User User UpdateAccessKeys-User User DeleteAccessKeys-User User Create-Group Group Delete-Group Group Update-Group Group AddUserTo-Group Group RemoveUserFrom-Group Group UpdateRoles-Group Group UpdateRoles-User User Create-LADP LADP Update-LADP LADP Delete-LADP LADP Unable to audit through API server for OIDC Login-User User Logout-User User UpdatePassword-SecurityPolicy SecurityPolicy UpdateSessionTimeout-SecurityPolicy SecurityPolicy UpdateAccountLockout-SecurityPolicy SecurityPolicy UpdateLogout-SecurityPolicy SecurityPolicy MailServer-SecurityPolicy SecurityPolicy CustomAppearance-SecurityPolicy SecurityPolicy OfficialAuthz-SecurityPolicy SecurityPolicy Create-Workspace Workspace Delete-Workspace Workspace BindResourceTo-Workspace Workspace UnBindResource-Workspace Workspace BindShared-Workspace Workspace SetQuota-Workspace Workspace Authorize-Workspace Workspace DeAuthorize-Workspace Workspace UpdateDeAuthorize-Workspace Workspace Update-Workspace Workspace Create-Folder Folder Delete-Folder Folder UpdateAuthorize-Folder Folder Update-Folder Folder Authorize-Folder Folder DeAuthorize-Folder Folder AutoCleanup-Audit Audit ManualCleanup-Audit Audit Export-Audit Audit"},{"location":"en/admin/ghippo/audit/gproduct-audit/insight.html","title":"Insight Audit Items","text":"Events Resource Type Notes Create-ProbeJob ProbeJob Update-ProbeJob ProbeJob Delete-ProbeJob ProbeJob Create-AlertPolicy AlertPolicy Update-AlertPolicy AlertPolicy Delete-AlertPolicy AlertPolicy Import-AlertPolicy AlertPolicy Create-AlertRule AlertRule Update-AlertRule AlertRule Delete-AlertRule AlertRule Create-RuleTemplate RuleTemplate Update-RuleTemplate RuleTemplate Delete-RuleTemplate RuleTemplate Create-email email Update-email email Delete-Receiver Receiver Create-dingtalk dingtalk Update-dingtalk dingtalk Delete-Receiver Receiver Create-wecom wecom Update-wecom wecom Delete-Receiver Receiver Create-webhook webhook Update-webhook webhook Delete-Receiver Receiver Create-sms sms Update-sms sms Delete-Receiver Receiver Create-aliyun(tencent,custom) aliyun, tencent, custom Update-aliyun(tencent,custom) aliyun, tencent, custom Delete-SMSserver SMSserver Create-MessageTemplate MessageTemplate Update-MessageTemplate MessageTemplate Delete-MessageTemplate MessageTemplate Create-AlertSilence AlertSilence Update-AlertSilence AlertSilence Delete-AlertSilence AlertSilence Create-AlertInhibition AlertInhibition Update-AlertInhibition AlertInhibition Delete-AlertInhibition AlertInhibition Update-SystemSettings SystemSettings"},{"location":"en/admin/ghippo/audit/gproduct-audit/kpanda.html","title":"Audit Items of Container Management","text":"Events Resource Types Create-Cluster Cluster Delete-Cluster Cluster Integrate-Cluster Cluster Remove-Cluster Cluster Upgrade-Cluster Cluster Integrate-Node Node Remove-Node Node Update-NodeGPUMode NodeGPUMode Create-HelmRepo HelmRepo Create-HelmApp HelmApp Delete-HelmApp HelmApp Create-Deployment Deployment Delete-Deployment Deployment Create-DaemonSet DaemonSet Delete-DaemonSet DaemonSet Create-StatefulSet StatefulSet Delete-StatefulSet StatefulSet Create-Job Job Delete-Job Job Create-CronJob CronJob Delete-CronJob CronJob Delete-Pod Pod Create-Service Service Delete-Service Service Create-Ingress Ingress Delete-Ingress Ingress Create-StorageClass StorageClass Delete-StorageClass StorageClass Create-PersistentVolume PersistentVolume Delete-PersistentVolume PersistentVolume Create-PersistentVolumeClaim PersistentVolumeClaim Delete-PersistentVolumeClaim PersistentVolumeClaim Delete-ReplicaSet ReplicaSet BindResourceTo-Workspace Workspace UnBindResource-Workspace Workspace BindResourceTo-Workspace Workspace UnBindResource-Workspace Workspace Create-CloudShell CloudShell Delete-CloudShell CloudShell"},{"location":"en/admin/ghippo/audit/gproduct-audit/virtnest.html","title":"Audit Items of Virtual Machine","text":"Events Resource Type Notes Restart-VMs VM ConvertToTemplate-VMs VM Edit-VMs VM Update-VMs VM Restore-VMs VM Power on-VMs VM LiveMigrate-VMs VM Delete-VMs VM Delete-VM Template VM Template Create-VMs VM CreateSnapshot-VMs VM Power off-VMs VM Clone-VMs VM"},{"location":"en/admin/ghippo/best-practice/authz-plan.html","title":"Ordinary user authorization plan","text":"Ordinary users refer to those who can use most product modules and features (except management features), have certain operation rights to resources within the scope of authority, and can independently use resources to deploy applications.
The authorization and resource planning process for such users is shown in the following figure.
graph TB\n\n start([Start]) --> user[1. Create User]\n user --> ns[2. Prepare Kubernetes Namespace]\n ns --> ws[3. Prepare Workspace]\n ws --> ws-to-ns[4. Bind a workspace to namespace]\n ws-to-ns --> authu[5. Authorize a user with Workspace Editor]\n authu --> complete([End])\n\n classDef plain fill:#ddd,stroke:#fff,stroke-width:4px,color:#000;\n classDef k8s fill:#326ce5,stroke:#fff,stroke-width:4px,color:#fff;\n classDef cluster fill:#fff,stroke:#bbb,stroke-width:1px,color:#326ce5;\n class user,ns,ws,ws-to-ns,authu cluster;\n class start,complete plain;
"},{"location":"en/admin/ghippo/best-practice/cluster-for-multiws.html","title":"Assign a Cluster to Multiple Workspaces (Tenants)","text":"Cluster resources are typically managed by operations personnel. When allocating resources, they need to create namespaces to isolate resources and set resource quotas. This method has a drawback: if the business volume of the enterprise is large, manually allocating resources requires a significant amount of work, and flexibly adjusting resource quotas can also be challenging.
To address this, the AI platform introduces the concept of workspaces. By sharing resources, workspaces can provide higher-dimensional resource quota capabilities, allowing workspaces (tenants) to self-create Kubernetes namespaces under resource quotas.
For example, if you want several departments to share different clusters:
Cluster01 (Normal) Cluster02 (High Availability) Department (Workspace) A 50 quota 10 quota Department (Workspace) B 100 quota 20 quotaYou can follow the process below to share clusters with multiple departments/workspaces/tenants:
graph TB\n\npreparews[Prepare Workspace] --> preparecs[Prepare Cluster]\n--> share[Share Cluster to Workspace]\n--> judge([Judge Workspace Remaining Quota])\njudge -.Greater than remaining quota.->modifyns[Modify Namespace Quota]\njudge -.Less than remaining quota.->createns[Create Namespace]\n\nclassDef plain fill:#ddd,stroke:#fff,stroke-width:1px,color:#000;\nclassDef k8s fill:#326ce5,stroke:#fff,stroke-width:1px,color:#fff;\nclassDef cluster fill:#fff,stroke:#bbb,stroke-width:1px,color:#326ce5;\n\nclass preparews,preparecs,share, cluster;\nclass judge plain\nclass modifyns,createns k8s
"},{"location":"en/admin/ghippo/best-practice/cluster-for-multiws.html#prepare-a-workspace","title":"Prepare a Workspace","text":"Workspaces are designed to meet multi-tenant usage scenarios, forming isolated resource environments based on clusters, cluster namespaces, meshes, mesh namespaces, multicloud, multicloud namespaces, and other resources. Workspaces can be mapped to various concepts such as projects, tenants, enterprises, and suppliers.
Log in to AI platform with a user having the admin/folder admin role and click Global Management at the bottom of the left navigation bar.
Click Workspaces and Folders in the left navigation bar, then click the Create Workspace button at the top right.
Fill in the workspace name, folder, and other information, then click OK to complete the creation of the workspace.
Workspaces are designed to meet multi-tenant usage scenarios, forming isolated resource environments based on clusters, cluster namespaces, meshes, mesh namespaces, multicloud, multicloud namespaces, and other resources. Workspaces can be mapped to various concepts such as projects, tenants, enterprises, and suppliers.
Follow these steps to prepare a cluster.
Click Container Management at the bottom of the left navigation bar, then select Clusters .
Click Create Cluster to create a cluster or click Integrate Cluster to integrate a cluster.
Return to Global Management to add clusters to the workspace.
Click Global Management -> Workspaces and Folders -> Shared Resources, then click a workspace name and click the New Shared Resource button.
Select the cluster, fill in the resource quota, and click OK .
A folder represents an organizational unit (such as a department) and is a node in the resource hierarchy.
A folder can contain workspaces, subfolders, or a combination of both. It provides identity management, multi-level and permission mapping capabilities, and can map the role of a user/group in a folder to its subfolders, workspaces and resources. Therefore, with the help of folders, enterprise managers can centrally manage and control all resources.
Build corporate hierarchy
First of all, according to the existing enterprise hierarchy structure, build the same folder hierarchy as the enterprise. The AI platform supports 5-level folders, which can be freely combined according to the actual situation of the enterprise, and folders and workspaces are mapped to entities such as departments, projects, and suppliers in the enterprise.
Folders are not directly linked to resources, but indirectly achieve resource grouping through workspaces.
User identity management
Folder provides three roles: Folder Admin, Folder Editor, and Folder Viewer. View role permissions, you can grant different roles to users/groups in the same folder through Authorization.
Role and permission mapping
Enterprise Administrator: Grant the Folder Admin role on the root folder. He will have administrative authority over all departments, projects and their resources.
Department manager: grant separate management rights to each subfolder and workspace.
Project members: Grant management rights separately at the workspace and resource levels.
With the continuous scaling of business, the company's scale continues to grow, subsidiaries and branches are established one after another, and some subsidiaries even further establish subsidiaries. The original large departments are gradually subdivided into multiple smaller departments, leading to an increasing number of hierarchical levels in the organizational structure. This organizational structure change also affects the IT governance architecture.
The specific operational steps are as follows:
Enable Isolation Mode between Folder/WS
Please refer to Enable Isolation Mode between Folder/WS.
Plan Enterprise Architecture according to the Actual Situation
Under a multi-level organizational structure, it is recommended to use the second-level folder as an isolation unit to isolate users/user groups/resources between \"sub-companies\". After isolation, users/user groups/resources between \"sub-companies\" are not visible to each other.
Create Users/Integrate User Systems
The main platform administrator Admin can create users on the platform or integrate users through LDAP/OIDC/OAuth2.0 and other identity providers to AI platform.
Create Folder Roles
In the isolation mode of Folder/WS, the platform administrator Admin needs to first authorize users to invite them to various sub-companies, so that the \"sub-company administrators (Folder Admin)\" can manage these users, such as secondary authorization or editing permissions. It is recommended to simplify the management work of the platform administrator Admin by creating a role without actual permissions to assist the platform administrator Admin in inviting users to sub-companies through \"authorization\". The actual permissions of sub-company users are delegated to the sub-company administrators (Folder Admin) to manage independently. (The following demonstrates how to create a resource-bound role without actual permissions, i.e., minirole)
Note
Resource-bound permissions used alone do not take effect, hence meeting the requirement of inviting users to sub-companies through \"authorization\" and then managed by sub-company administrators Folder Admin.
Authorize Users
The platform administrator invites users to various sub-companies according to the actual situation and appoints sub-company administrators.
Authorize sub-company regular users as \"minirole\" (1), and authorize sub-company administrators as Folder Admin.
Sub-company Administrators Manage Users/User Groups Independently
Sub-company administrator Folder Admin can only see their own \"Sub-company 2\" after logging into the platform, and can adjust the architecture by creating folders, creating workspaces, and assigning other permissions to users in Sub-company 2 through adding authorization/edit permissions.
When adding authorization, sub-company administrator Folder Admin can only see users invited by the platform administrator through \"authorization\", and cannot see all users on the platform, thus achieving user isolation between Folder/WS, and the same applies to user groups (the platform administrator can see and authorize all users and user groups on the platform).
Note
The main difference between large enterprises and small/medium-sized enterprises lies in whether users/user groups in Folder and workspaces are visible to each other. In large enterprises, users/user groups between subsidiaries are not visible + permission isolation; in small/medium-sized enterprises, users between departments are visible to each other + permission isolation.
"},{"location":"en/admin/ghippo/best-practice/system-message.html","title":"System Messages","text":"System messages are used to notify all users, similar to system announcements, and will be displayed at the top bar of the AI platform UI at specific times.
"},{"location":"en/admin/ghippo/best-practice/system-message.html#configure-system-messages","title":"Configure System Messages","text":"You can create a system message by applying the YAML for the system message in the Cluster Roles. The display time of the message is determined by the time fields in the YAML. System messages will only be displayed within the time range configured by the start and end fields.
In the Clusters, click the name of the Global Service Cluster to enter the Gobal Service Cluster.
Select CRDs from the left navigation bar, search for ghippoconfig
, and click the ghippoconfigs.ghippo.io
that appears in the search results.
Click Create from YAML or modify an existing YAML.
A sample YAML is as follows:
apiVersion: ghippo.io/v1alpha1\nkind: GhippoConfig\nmetadata:\n name: system-message\nspec:\n message: \"this is a message\"\n start: 2024-01-02T15:04:05+08:00\n end: 2024-07-24T17:26:05+08:00\n
"},{"location":"en/admin/ghippo/best-practice/ws-best-practice.html","title":"Workspace Best Practices","text":"A workspace is a resource grouping unit, and most resources can be bound to a certain workspace. The workspace can realize the binding relationship between users and roles through authorization and resource binding, and apply it to all resources in the workspace at one time.
Through the workspace, you can easily manage teams and resources, and solve cross-module and cross-cluster resource authorization issues.
"},{"location":"en/admin/ghippo/best-practice/ws-best-practice.html#workspace-features","title":"Workspace features","text":"A workspace consists of three features: authorization, resource groups, and shared resources. It mainly solves the problems of unified authorization of resources, resource grouping and resource quota.
Authorization: Grant users/groups different roles in the workspace, and apply the roles to the resources in the workspace.
Best practice: When users want to use container management, the administrator needs to grant the workspace permissions (Workspace Admin, Workspace Edit, Workspace View). The administrator here can be the Admin role, the Workspace Admin role of the workspace, or the Folder Admin role above the workspace. See Relationship between Folder and Workspace.
Resource group: Resource group and shared resource are two resource management modes of the workspace.
Resource groups support four resource types: Cluster, Cluster-Namespace (cross-cluster), Mesh, and Mesh-Namespace. A resource can only be bound to one resource group. After a resource is bound to a resource group, the owner of the workspace will have all the management rights of the resource, which is equivalent to the owner of the resource, so it is not limited by the resource quota.
Best practice: The workspace can grant different role permissions to department members through the \"authorization\" function, and the workspace can apply the authorization relationship between people and roles to all resources in the workspace at one time. Therefore, the operation and maintenance personnel only need to bind resources to resource groups, and add different roles in the department to different resource groups to ensure that resource permissions are assigned correctly.
Department Role Cluster Cross-cluster Cluster-Namespace Mesh Mesh-Namespace Department Admin Workspace Admin \u2713 \u2713 \u2713 \u2713 Department Core Members Workspace Edit \u2713 \u2717 \u2713 \u2717 Other Members Workspace View \u2713 \u2717 \u2717 \u2717Shared resources: The shared resource feature is mainly for cluster resources.
A cluster can be shared by multiple workspaces (referring to the shared resource feature in the workspace); a workspace can also use the resources of multiple clusters at the same time. However, resource sharing does not mean that the sharer (workspace) can use the shared resource (cluster) without restriction, so the resource quota that the sharer (workspace) can use is usually limited.
At the same time, unlike resource groups, workspace members are only users of shared resources and can use resources in the cluster under resource quotas. For example, go to Workbench to create a namespace, and deploy applications, but do not have the management authority of the cluster. After the restriction, the total resource quota of the namespace created/bound under this workspace cannot exceed the resources set by the cluster in this workspace.
Best practice: The operation and maintenance department has a high-availability cluster 01, and wants to allocate it to department A (workspace A) and department B (workspace B), where department A allocates 50 CPU cores, and department B allocates CPU 100 cores. Then you can borrow the concept of shared resources, share cluster 01 with department A and department B respectively, and limit the CPU usage quota of department A to 50, and the CPU usage quota of department B to 100. Then the administrator of department A (workspace A Admin) can create and use a namespace in Workbench, and the sum of the namespace quotas cannot exceed 50 cores, and the administrator of department B (workspace B Admin) can create a namespace in Workbench And use namespaces, where the sum of namespace credits cannot exceed 100 cores. The namespaces created by the administrators of department A and department B will be automatically bound to the department, and other members of the department will have the roles of Namesapce Admin, Namesapce Edit, and Namesapce View proper to the namespace (the department here refers to Workspace, workspace can also be mapped to other concepts such as organization, and supplier). The whole process is as follows:
Department Role Cluster Resource Quota Department Administrator A Workspace Admin CPU 50 cores CPU 50 cores Department Administrator B Workspace Admin CPU 100 cores CPU 100 cores Other Members of the Department Namesapce AdminNamesapce EditNamesapce View Assign as Needed Assign as NeededModule name: Container Management
Due to the particularity of functional modules, resources created in the container management module will not be automatically bound to a certain workspace.
If you need to perform unified authorization management on people and resources through workspaces, you can manually bind the required resources to a certain workspace, to apply the roles of users in this workspace to resources (resources here can be cross- clustered).
In addition, there is a slight difference between container management and service mesh in terms of resource binding entry. The workspace provides the binding entry of Cluster and Cluster-Namespace resources in container management, but has not opened the Mesh and Mesh-Namespace for service mesh. Bindings for Namespace resources.
For Mesh and Mesh-Namespace resources, you can manually bind them in the resource list of the service mesh.
"},{"location":"en/admin/ghippo/best-practice/ws-best-practice.html#use-cases-of-workspace","title":"Use Cases of Workspace","text":"Namespaces from different clusters are bound under the workspace (tenant), which enables the workspace (tenant) to flexibly manage the Kubernetes Namespace under any cluster on the platform. At the same time, the platform provides permission mapping capabilities, which can map the user's permissions in the workspace to the bound namespace.
When one or more cross-cluster namespaces are bound under the workspace (tenant), the administrator does not need to authorize the members in the workspace again. The roles of members in the workspace will be automatically mapped according to the following mapping relationship to complete the authorization, avoiding repeated operations of multiple authorizations:
Here is an example:
User Workspace Role User A Workspace01 Workspace AdminAfter binding a namespace to a workspace:
User Category Role User A Workspace01 Workspace Admin Namespace01 Namespace Admin"},{"location":"en/admin/ghippo/best-practice/ws-to-ns.html#implementation-plan","title":"Implementation plan","text":"Bind different namespaces from different clusters to the same workspace (tenant), and use the process for members under the workspace (tenant) as shown in the figure.
graph TB\n\npreparews[prepare workspace] --> preparens[prepare namespace]\n--> judge([whether the namespace is bound to another workspace])\njudge -.unbound.->nstows[bind namespace to workspace] -->wsperm[manage workspace access]\njudge -.bound.->createns[Create a new namespace]\n\nclassDef plain fill:#ddd,stroke:#fff,stroke-width:1px,color:#000;\nclassDef k8s fill: #326ce5, stroke: #fff, stroke-width: 1px, color: #fff;\nclassDef cluster fill:#fff,stroke:#bbb,stroke-width:1px,color:#326ce5;\n\nclass preparews, preparens, createns, nstows, wsperm cluster;\nclass judge plain
Tip
A namespace can only be bound by one workspace.
"},{"location":"en/admin/ghippo/best-practice/ws-to-ns.html#prepare-workspace","title":"Prepare workspace","text":"In order to meet the multi-tenant use cases, the workspace forms an isolated resource environment based on multiple resources such as clusters, cluster namespaces, meshs, mesh namespaces, multicloud, and multicloud namespaces. Workspaces can be mapped to various concepts such as projects, tenants, enterprises, and suppliers.
Log in to AI platform as a user with the admin/folder admin role, and click Global Management at the bottom of the left navigation bar.
Click Workspace and Folder in the left navigation bar, and click the Create Workspace button in the upper right corner.
After filling in the workspace name, folder and other information, click OK to complete the creation of the workspace.
Tip
If the created namespace already exists in the platform, click a workspace, and under the Resource Group tab, click Bind Resource to directly bind the namespace.
"},{"location":"en/admin/ghippo/best-practice/ws-to-ns.html#prepare-the-namespace","title":"Prepare the namespace","text":"A namespace is a smaller unit of resource isolation that can be managed and used by members of a workspace after it is bound to a workspace.
Follow the steps below to prepare a namespace that is not yet bound to any workspace.
Click Container Management at the bottom of the left navigation bar.
Click the name of the target cluster to enter Cluster Details .
Click Namespace on the left navigation bar to enter the namespace management page, and click the Create button on the right side of the page.
Fill in the name of the namespace, configure the workspace and tags (optional settings), and click OK .
Info
Workspaces are primarily used to divide groups of resources and grant users (groups of users) different access rights to that resource. For a detailed description of the workspace, please refer to Workspace and Folder.
Click OK to complete the creation of the namespace. On the right side of the namespace list, click \u2507 , and you can select Bind Workspace from the pop-up menu.
In addition to binding in the namespace list, you can also return to global management , follow the steps below to bind the workspace.
Click Global Management -> Workspace and Folder -> Resource Group , click a workspace name, and click the Bind Resource button.
Select the workspace to be bound (multiple choices are allowed), and click OK to complete the binding.
In Workspace and Folder -> Authorization , click the name of a workspace, and click the Add Authorization button.
After selecting the User/group and Role to be authorized, click OK to complete the authorization.
GProduct is the general term for all other modules in AI platform except the global management. These modules need to be connected with the global management before they can be added to AI platform.
"},{"location":"en/admin/ghippo/best-practice/gproduct/intro.html#what-to-be-docking","title":"What to be docking","text":"Docking Navigation Bar
The entrances are unified on the left navigation bar.
Access Routing and AuthN
Unify the IP or domain name, and unify the routing entry through the globally managed Istio Gateway.
Unified login / unified AuthN authentication
The login page is unified using the global management (Keycloak) login page, and the API authn token verification uses Istio Gateway. After GProduct is connected to the global management, there is no need to pay attention to how to implement login and authentication.
Take container management (codename kpanda
) as an example, docking to the navigation bar.
The expected effect after docking is as follows:
"},{"location":"en/admin/ghippo/best-practice/gproduct/nav.html#docking-method","title":"Docking method","text":"Refer to the following steps to dock the GProduct:
Register all kpanda (container management) features to the nav bar via GProductNavigator CR.
apiVersion: ghippo.io/v1alpha1\nkind: GProductNavigator\nmetadata:\n name: kpanda\nspec:\n gproduct: kpanda\n name: \u5bb9\u5668\u7ba1\u7406\n localizedName:\n zh-CN: \u5bb9\u5668\u7ba1\u7406\n en-US: Container Management\n url: /kpanda\n category: \u5bb9\u5668 # (1)\n iconUrl: /kpanda/nav-icon.png\n order: 10 # (2)\n menus:\n - name: \u5907\u4efd\u7ba1\u7406\n localizedName:\n zh-CN: \u5907\u4efd\u7ba1\u7406\n en-US: Backup Management\n iconUrl: /kpanda/bkup-icon.png\n url: /kpanda/backup\n
The configuration for the global management navigation bar category is stored in a ConfigMap and cannot be added through registration at present. Please contact the global management team to add it.
The kpanda
front-end is integrated into the AI platform parent application Anakin
as a micro-frontend.
AI platform frontend uses qiankun to connect the sub-applications UI. See getting started.
After registering the GProductNavigator CR, the proper registration information will be generated for the front-end parent application. For example, kpanda
will generate the following registration information:
{\n \"id\": \"kpanda\",\n \"title\": \"\u5bb9\u5668\u7ba1\u7406\",\n \"url\": \"/kpanda\",\n \"uiAssetsUrl\": \"/ui/kpanda/\", // The trailing / is required\n \"needImportLicense\": false\n},\n
The proper relation between the above registration and the qiankun sub-application fields is:
{\n name: id,\n entry: uiAssetsUrl,\n container: '#container',\n activeRule: url, \n loader,\n props: globalProps,\n}\n
container and loader are provided by the frontend parent application. The sub-application does not need to concern it. Props will provide a pinia store containing user basic information and sub-product registration information.
qiankun will use the following parameters on startup:
start({\n sandbox: {\n experimentalStyleIsolation: true,\n },\n // Remove the favicon in the sub-application to prevent it from overwriting the parent application's favicon in Firefox\n getTemplate: (template) => template.replaceAll(/<link\\s* rel=\"[\\w\\s]*icon[\\w\\s]*\"\\s*( href=\".*?\")?\\s*\\/?>/g, ''),\n});\n
Refer to Docking demo tar to GProduct provided by frontend team.
"},{"location":"en/admin/ghippo/best-practice/gproduct/route-auth.html","title":"Access routing and login authentication","text":"Unified login and password verification after docking, the effect is as follows:
The API bear token verification of each GProduct module goes through the Istio Gateway.
The routing map after access is as follows:
"},{"location":"en/admin/ghippo/best-practice/gproduct/route-auth.html#docking-method","title":"Docking method","text":"Take kpanda
as an example to register GProductProxy CR.
# GProductProxy CR example, including routing and login authentication\n\n# spec.proxies: The route written later cannot be a subset of the route written first, and vice versa\n# spec.proxies.match.uri.prefix: If it is a backend api, it is recommended to add \"/\" at the end of the prefix to indicate the end of this path (special requirements can not be added)\n# spec.proxies.match.uri: supports prefix and exact modes; Prefix and Exact can only choose 1 out of 2; Prefix has a higher priority than Exact\n\napiVersion: ghippo.io/v1alpha1\nkind: GProductProxy\nmetadata:\n name: kpanda # (1)\nspec:\n gproduct: kpanda # (2)\n proxies:\n - labels:\n kind: UIEntry\n match:\n uri:\n prefix: /kpanda # (3)\n rewrite:\n uri: /index.html\n destination:\n host: ghippo-anakin.ghippo-system.svc.cluster.local\n port: 80\n authnCheck: false # (4)\n - labels:\n kind: UIAssets\n match:\n uri:\n prefix: /ui/kpanda/ # (5)\n destination:\n host: kpanda-ui.kpanda-system.svc.cluster.local\n port: 80\n authnCheck: false\n - match:\n uri:\n prefix: /apis/kpanda.io/v1/a\n destination:\n host: kpanda-service.kpanda-system.svc.cluster.local\n port: 80\n authnCheck: false\n - match:\n uri:\n prefix: /apis/kpanda.io/v1 # (6)\n destination:\n host: kpanda-service.kpanda-system.svc.cluster.local\n port: 80\n authnCheck: true\n
Under the current permission system, Global Management has the capability to regulate the visibility of navigation bar menus according to user permissions. However, due to the authorization information of Container Management not being synchronized with Global Management, Global Management cannot accurately determine whether to display the Container Management menu.
This document implements the following through configuration: By default, the menus for Container Management and Insight will not be displayed in areas where Global Management cannot make a judgment. A Whitelist authorization strategy is employed to effectively manage the visibility of these menus. (The permissions for clusters or namespaces authorized through the Container Management page cannot be perceived or judged by Global Management)
For example, if User A holds the Cluster Admin role for cluster A in Container Management, Global Management cannot determine whether to display the Container Management menu. After the configuration described in this document, User A will not see the Container Management menu by default. They will need to have explicit permission in Global Management to access the Container Management menu.
"},{"location":"en/admin/ghippo/best-practice/menu/menu-display-or-hiding.html#prerequisites","title":"Prerequisites","text":"The feature to show/hide menus based on permissions must be enabled. The methods to enable this are as follows:
--set global.navigatorVisibleDependency=true
parameter when using helm install
.helm get values ghippo -n ghippo-system -o yaml
, then modify bak.yaml and add global.navigatorVisibleDependency: true
.Then upgrade the Global Management using the following command:
helm upgrade ghippo ghippo-release/ghippo \\ \n -n ghippo-system \\ \n -f ./bak.yaml \\ \n --version ${version}\n
"},{"location":"en/admin/ghippo/best-practice/menu/menu-display-or-hiding.html#configure-the-navigation-bar","title":"Configure the Navigation Bar","text":"Apply the following YAML in kpanda-global-cluster:
apiVersion: ghippo.io/v1alpha1 \nkind: GProductNavigator \nmetadata: \n name: kpanda-menus-custom \nspec: \n category: container \n gproduct: kpanda \n iconUrl: ./ui/kpanda/kpanda.svg \n isCustom: true \n localizedName: \n en-US: Container Management \n zh-CN: \u5bb9\u5668\u7ba1\u7406 \n menus: \n - iconUrl: '' \n isCustom: true \n localizedName: \n en-US: Clusters \n zh-CN: \u96c6\u7fa4\u5217\u8868 \n name: Clusters \n order: 80 \n url: ./kpanda/clusters \n visible: true \n visibleDependency: \n permissions: \n - kpanda.cluster.* \n - kpanda.menu.get \n - iconUrl: '' \n isCustom: true \n localizedName: \n en-US: Namespaces \n zh-CN: \u547d\u540d\u7a7a\u95f4 \n name: Namespaces \n order: 70 \n url: ./kpanda/namespaces \n visible: true \n visibleDependency: \n permissions: \n - kpanda.cluster.* \n - kpanda.menu.get \n - iconUrl: '' \n isCustom: true \n localizedName: \n en-US: Workloads \n zh-CN: \u5de5\u4f5c\u8d1f\u8f7d \n name: Workloads \n order: 60 \n url: ./kpanda/workloads/deployments \n visible: true \n visibleDependency: \n permissions: \n - kpanda.cluster.* \n - kpanda.menu.get \n - iconUrl: '' \n isCustom: true \n localizedName: \n en-US: Permissions \n zh-CN: \u6743\u9650\u7ba1\u7406 \n name: Permissions \n order: 10 \n url: ./kpanda/rbac/content/cluster \n visible: true \n visibleDependency: \n permissions: \n - kpanda.cluster.* \n - kpanda.menu.get \n name: Container Management \n order: 50 \n url: ./kpanda/clusters \n visible: true \n\n---\napiVersion: ghippo.io/v1alpha1 \nkind: GProductNavigator \nmetadata: \n name: insight-menus-custom \nspec: \n category: microservice \n gproduct: insight \n iconUrl: ./ui/insight/logo.svg \n isCustom: true \n localizedName: \n en-US: Insight \n zh-CN: \u53ef\u89c2\u6d4b\u6027 \n menus: \n - iconUrl: '' \n isCustom: true \n localizedName: \n en-US: Overview \n zh-CN: \u6982\u89c8 \n name: Overview \n order: 9 \n url: ./insight/overview \n visible: true \n visibleDependency: \n permissions: \n - kpanda.cluster.* \n - kpanda.menu.get \n - iconUrl: '' \n isCustom: true \n localizedName: \n en-US: Dashboard \n zh-CN: \u4eea\u8868\u76d8 \n name: Dashboard \n order: 8 \n url: ./insight/dashboard \n visible: true \n visibleDependency: \n permissions: \n - kpanda.cluster.* \n - kpanda.menu.get \n - iconUrl: '' \n isCustom: true \n localizedName: \n en-US: Infrastructure \n zh-CN: \u57fa\u7840\u8bbe\u65bd \n name: Infrastructure \n order: 7 \n url: ./insight/clusters \n visible: true \n visibleDependency: \n permissions: \n - kpanda.cluster.* \n - kpanda.menu.get \n - iconUrl: '' \n isCustom: true \n localizedName: \n en-US: Metrics \n zh-CN: \u6307\u6807 \n name: Metrics \n order: 6 \n url: ./insight/metric/basic \n visible: true \n visibleDependency: \n permissions: \n - kpanda.cluster.* \n - kpanda.menu.get \n - iconUrl: '' \n isCustom: true \n localizedName: \n en-US: Logs \n zh-CN: \u65e5\u5fd7 \n name: Logs \n order: 5 \n url: ./insight/logs \n visible: true \n visibleDependency: \n permissions: \n - kpanda.cluster.* \n - kpanda.menu.get \n - iconUrl: '' \n isCustom: true \n localizedName: \n en-US: Trace Tracking \n zh-CN: \u94fe\u8def\u8ffd\u8e2a \n name: Trace Tracking \n order: 4 \n url: ./insight/topology \n visible: true \n visibleDependency: \n permissions: \n - kpanda.cluster.* \n - kpanda.menu.get \n - iconUrl: '' \n isCustom: true \n localizedName: \n en-US: Alerts \n zh-CN: \u544a\u8b66 \n name: Alerts \n order: 3 \n url: ./insight/alerts/active/metrics \n visible: true \n visibleDependency: \n permissions: \n - kpanda.cluster.* \n - kpanda.menu.get \n - iconUrl: '' \n isCustom: true \n localizedName: \n en-US: Collect Management \n zh-CN: \u91c7\u96c6\u7ba1\u7406 \n name: Collect Management \n order: 2 \n url: ./insight/agents \n visible: true \n visibleDependency: \n permissions: \n - kpanda.cluster.* \n - kpanda.menu.get \n - iconUrl: '' \n isCustom: true \n localizedName: \n en-US: System Management \n zh-CN: \u7cfb\u7edf\u7ba1\u7406 \n name: System Management \n order: 1 \n url: ./insight/system-components \n visible: true \n visibleDependency: \n permissions: \n - kpanda.cluster.* \n - kpanda.menu.get \n name: Insight \n order: 30 \n url: ./insight \n visible: true \n\n---\napiVersion: ghippo.io/v1alpha1 \nkind: GProductResourcePermissions \nmetadata: \n name: kpanda \nspec: \n actions: \n - localizedName: \n en-US: Create \n zh-CN: \u521b\u5efa \n name: create \n - localizedName: \n en-US: Delete \n zh-CN: \u5220\u9664 \n name: delete \n - localizedName: \n en-US: Update \n zh-CN: \u7f16\u8f91 \n name: update \n - localizedName: \n en-US: Get \n zh-CN: \u67e5\u770b \n name: get \n - localizedName: \n en-US: Admin \n zh-CN: \u7ba1\u7406 \n name: admin \n authScopes: \n - resourcePermissions: \n - actions: \n - name: get \n - dependPermissions: \n - action: get \n name: create \n - dependPermissions: \n - action: get \n name: update \n - dependPermissions: \n - action: get \n name: delete \n resourceType: cluster \n - actions: \n - name: get \n resourceType: menu \n scope: platform \n - resourcePermissions: \n - actions: \n - name: admin \n tips: \n - en-US: >- \n If the workspace is bound to a cluster, it will be assigned \n the Cluster Admin role upon authorization. \n zh-CN: \u82e5\u5de5\u4f5c\u7a7a\u95f4\u7ed1\u5b9a\u4e86\u96c6\u7fa4\uff0c\u6388\u6743\u540e\u8fd8\u5c06\u88ab\u6620\u5c04\u4e3a\u5bf9\u5e94\u96c6\u7fa4\u7684 Cluster Admin \u89d2\u8272 \n resourceType: cluster \n - actions: \n - name: get \n tips: \n - en-US: >- \n If the workspace is bound to a namespace, it will be \n assigned the NS View role upon authorization. \n zh-CN: \u82e5\u5de5\u4f5c\u7a7a\u95f4\u7ed1\u5b9a\u4e86\u547d\u540d\u7a7a\u95f4\uff0c\u6388\u6743\u540e\u8fd8\u5c06\u88ab\u6620\u5c04\u4e3a\u5bf9\u5e94\u547d\u540d\u7a7a\u95f4\u7684 NS View \u89d2\u8272 \n - name: update \n tips: \n - en-US: >- \n If the workspace is bound to a namespace, it will be \n assigned the NS Edit role upon authorization. \n zh-CN: \u82e5\u5de5\u4f5c\u7a7a\u95f4\u7ed1\u5b9a\u4e86\u547d\u540d\u7a7a\u95f4\uff0c\u6388\u6743\u540e\u8fd8\u5c06\u88ab\u6620\u5c04\u4e3a\u5bf9\u5e94\u547d\u540d\u7a7a\u95f4\u7684 NS Edit \u89d2\u8272 \n - name: admin \n tips: \n - en-US: >- \n If the workspace is bound to a namespace, it will be \n assigned the NS Admin role upon authorization. \n zh-CN: \u82e5\u5de5\u4f5c\u7a7a\u95f4\u7ed1\u5b9a\u4e86\u547d\u540d\u7a7a\u95f4\uff0c\u6388\u6743\u540e\u8fd8\u5c06\u88ab\u6620\u5c04\u4e3a\u5bf9\u5e94\u547d\u540d\u7a7a\u95f4\u7684 NS Admin \u89d2\u8272 \n resourceType: namespace \n scope: workspace \n gproduct: kpanda \n resourceTypes: \n - localizedName: \n en-US: Cluster Management \n zh-CN: \u96c6\u7fa4\u7ba1\u7406 \n name: cluster \n - localizedName: \n en-US: Menu \n zh-CN: \u83dc\u5355 \n name: menu \n - localizedName: \n en-US: Namespace Management \n zh-CN: \u547d\u540d\u7a7a\u95f4 \n name: namespace\n
"},{"location":"en/admin/ghippo/best-practice/menu/menu-display-or-hiding.html#achieve-the-above-effect-through-custom-roles","title":"Achieve the Above Effect Through Custom Roles","text":"Note
Only the menus for the Container Management module need to be configured separately menu permissions. Other modules will automatically show/hide based on user permissions
Create a custom role that includes the permission to view the Container Management menu, and then grant this role to users who need access to the Container Management menu.
you can see the navigation bar menus for container management and observability. The result is as follows:
"},{"location":"en/admin/ghippo/best-practice/oem/custom-idp.html","title":"Customizing AI platform Integration with IdP","text":"Identity Provider (IdP): In AI platform, when a client system needs to be used as the user source and user authentication is performed through the client system's login interface, the client system is referred to as the Identity Provider for AI platform.
"},{"location":"en/admin/ghippo/best-practice/oem/custom-idp.html#use-cases","title":"Use Cases","text":"If there is a high customization requirement for the Ghippo login IdP, such as supporting WeCom, WeChat, or other social organization login requirements, please refer to this document for implementation.
"},{"location":"en/admin/ghippo/best-practice/oem/custom-idp.html#supported-versions","title":"Supported Versions","text":"Ghippo v0.15.0 and above.
"},{"location":"en/admin/ghippo/best-practice/oem/custom-idp.html#specific-steps","title":"Specific Steps","text":""},{"location":"en/admin/ghippo/best-practice/oem/custom-idp.html#customizing-ghippo-keycloak-plugin","title":"Customizing Ghippo Keycloak Plugin","text":"Customize the plugin
Refer to the official keycloak documentation and customizing Keycloak IdP for development.
Build the image
# FROM scratch\nFROM scratch\n\n# plugin\nCOPY ./xxx-jar-with-dependencies.jar /plugins/\n
Note
If you need two customized IdPs, you need to copy two jar packages.
"},{"location":"en/admin/ghippo/best-practice/oem/custom-idp.html#deploying-ghippo-keycloak-plugin-steps","title":"Deploying Ghippo Keycloak Plugin Steps","text":"Upgrade Ghippo to v0.15.0 or above. You can also directly install and deploy Ghippo v0.15.0, but make sure to manually record the following information.
helm -n ghippo-system get values ghippo -o yaml\n
apiserver:\n image:\n repository: release.daocloud.io/ghippo-ci/ghippo-apiserver\n tag: v0.4.2-test-3-gaba5ec2\ncontrollermanager:\n image:\n repository: release.daocloud.io/ghippo-ci/ghippo-apiserver\n tag: v0.4.2-test-3-gaba5ec2\nglobal:\n database:\n builtIn: true\n reverseProxy: http://192.168.31.10:32628\n
After a successful upgrade, an installation command should be manually run. The parameter values set in --set
should be gotten from the above saved content, along with additional parameter values:
Here is an example:
helm upgrade \\\n ghippo \\\n ghippo-release/ghippo \\\n --version v0.4.2-test-3-gaba5ec2 \\\n -n ghippo-system \\\n --set apiserver.image.repository=release.daocloud.io/ghippo-ci/ghippo-apiserver \\\n --set apiserver.image.tag=v0.4.2-test-3-gaba5ec2 \\\n --set controllermanager.image.repository=release.daocloud.io/ghippo-ci/ghippo-apiserver \\\n --set controllermanager.image.tag=v0.4.2-test-3-gaba5ec2 \\\n --set global.reverseProxy=http://192.168.31.10:32628 \\\n --set global.database.builtIn=true \\\n --set global.idpPlugin.enabled=true \\\n --set global.idpPlugin.image.repository=chenyang-idp \\\n --set global.idpPlugin.image.tag=v0.0.1 \\\n --set global.idpPlugin.path=/plugins/.\n
Select the desired plugin on the Keycloak administration page.
npm install\n
Compile and hot-reload for development:
npm run serve\n
Compile and build:
npm run build\n
Fix linting issues:
npm run lint\n
"},{"location":"en/admin/ghippo/best-practice/oem/demo.html#custom-configuration","title":"Custom Configuration","text":"Refer to the Configuration Reference for customization options.
Build the image:
docker build -t release.daocloud.io/henry/gproduct-demo .\n
Run on Kubernetes:
kubectl apply -f demo.yaml\n
"},{"location":"en/admin/ghippo/best-practice/oem/keycloak-idp.html","title":"Customizing Keycloak Identity Provider (IdP)","text":"Requirements: keycloak >= v20
Known issue in keycloak >= v21, support for old version themes has been removed and may be fixed in v22. See Issue #15344.
This demo uses Keycloak v20.0.5.
"},{"location":"en/admin/ghippo/best-practice/oem/keycloak-idp.html#source-based-development","title":"Source-based Development","text":""},{"location":"en/admin/ghippo/best-practice/oem/keycloak-idp.html#configure-the-environment","title":"Configure the Environment","text":"Refer to keycloak/building.md for environment configuration.
Run the following commands based on keycloak/README.md:
cd quarkus\nmvn -f ../pom.xml clean install -DskipTestsuite -DskipExamples -DskipTests\n
"},{"location":"en/admin/ghippo/best-practice/oem/keycloak-idp.html#run-from-ide","title":"Run from IDE","text":""},{"location":"en/admin/ghippo/best-practice/oem/keycloak-idp.html#add-service-code","title":"Add Service Code","text":""},{"location":"en/admin/ghippo/best-practice/oem/keycloak-idp.html#if-inheriting-some-functionality-from-keycloak","title":"If inheriting some functionality from Keycloak","text":"Add files under the directory services/src/main/java/org/keycloak/broker :
The file names should be xxxProvider.java and xxxProviderFactory.java .
xxxProviderFactory.java example:
Pay attention to the variable PROVIDER_ID = \"oauth\"; , as it will be used in the HTML definition later.
xxxProvider.java example:
"},{"location":"en/admin/ghippo/best-practice/oem/keycloak-idp.html#if-unable-to-inherit-functionality-from-keycloak","title":"If unable to inherit functionality from Keycloak","text":"Refer to the three files in the image below to write your own code:
Add xxxProviderFactory to resource service
Add xxxProviderFactory to services/src/main/resources/META-INF/services/org.keycloak.broker.provider.IdentityProviderFactory so that the newly added code can work:
Add HTML file
Copy the file themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-oidc.html and rename it as realm-identity-provider-oauth.html (remember the variable to pay attention to from earlier).
Place the copied file in themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-oauth.html .
All the necessary files have been added. Now you can start debugging the functionality.
"},{"location":"en/admin/ghippo/best-practice/oem/keycloak-idp.html#packaging-as-a-jar-plugin","title":"Packaging as a JAR Plugin","text":"Create a new Java project and copy the above code into the project, as shown below:
Refer to pom.xml.
Run mvn clean package to package the code, resulting in the xxx-jar-with-dependencies.jar file.
Download Keycloak Release 20.0.5 zip package and extract it.
Copy the xxx-jar-with-dependencies.jar file to the keycloak-20.0.5/providers directory.
Run the following command to check if the functionality is working correctly:
bin/kc.sh start-dev\n
"},{"location":"en/admin/ghippo/best-practice/oem/oem-in.html","title":"Integrating Customer Systems into AI platform (OEM IN)","text":"OEM IN refers to the partner's platform being embedded as a submodule in AI platform, appearing in the primary navigation bar of AI platform. Users can log in and manage it uniformly through AI platform. The implementation of OEM IN is divided into 5 steps:
Note
The open source software Label Studio is used for nested demonstrations below. In actual scenarios, you need to solve the following issues in the customer system:
The customer system needs to add a Subpath to distinguish which services belong to AI platform and which belong to the customer system.
"},{"location":"en/admin/ghippo/best-practice/oem/oem-in.html#environment-preparation","title":"Environment Preparation","text":"Deploy the AI platform environment:
https://10.6.202.177:30443
as AI platform
Deploy the customer system environment:
http://10.6.202.177:30123
as the customer system
Adjust the operations on the customer system during the application according to the actual situation.
Plan the Subpath path of the customer system: http://10.6.202.177:30123/label-studio
(It is recommended to use a recognizable name as the Subpath, which should not conflict with the HTTP router of the main AI platform). Ensure that users can access the customer system through http://10.6.202.177:30123/label-studio
.
SSH into the AI platform server.
ssh root@10.6.202.177\n
Create the label-studio.yaml file using the vim
command.
vim label-studio.yaml\n
label-studio.yamlapiVersion: networking.istio.io/v1beta1\nkind: ServiceEntry\nmetadata:\n name: label-studio\n namespace: ghippo-system\nspec:\n exportTo:\n - \"*\"\n hosts:\n - label-studio.svc.external\n ports:\n # Add a virtual port\n - number: 80\n name: http\n protocol: HTTP\n location: MESH_EXTERNAL\n resolution: STATIC\n endpoints:\n # Change to the domain name (or IP) of the customer system\n - address: 10.6.202.177\n ports:\n # Change to the port number of the customer system\n http: 30123\n---\napiVersion: networking.istio.io/v1alpha3\nkind: VirtualService\nmetadata:\n # Change to the name of the customer system\n name: label-studio\n namespace: ghippo-system\nspec:\n exportTo:\n - \"*\"\n hosts:\n - \"*\"\n gateways:\n - ghippo-gateway\n http:\n - match:\n - uri:\n exact: /label-studio # Change to the routing address of the customer system in the Web UI entry\n - uri:\n prefix: /label-studio/ # Change to the routing address of the customer system in the Web UI entry\n route:\n - destination:\n # Change to the value of spec.hosts in the ServiceEntry above\n host: label-studio.svc.external\n port:\n # Change to the value of spec.ports in the ServiceEntry above\n number: 80\n---\napiVersion: security.istio.io/v1beta1\nkind: AuthorizationPolicy\nmetadata:\n # Change to the name of the customer system\n name: label-studio\n namespace: istio-system\nspec:\n action: ALLOW\n selector:\n matchLabels:\n app: istio-ingressgateway\n rules:\n - from:\n - source:\n requestPrincipals:\n - '*'\n - to:\n - operation:\n paths:\n - /label-studio # Change to the value of spec.http.match.uri.prefix in VirtualService\n - /label-studio/* # Change to the value of spec.http.match.uri.prefix in VirtualService (Note: add \"*\" at the end)\n
Apply the label-studio.yaml using the kubectl
command:
kubectl apply -f\u00a0label-studio.yaml\n
Verify if the IP and port of the Label Studio UI are consistent:
Integrate the customer system with the AI platform through protocols like OIDC/OAUTH, allowing users to enter the customer system without logging in again after logging into the AI platform.
In the scenario of two AI platform, you can create SSO access through Global Management -> Access Control -> Docking Portal.
After creating, fill in the details such as the Client ID, Client Secret, and Login URL in the customer system's Global Management -> Access Control -> Identity Provider -> OIDC, to complete user integration.
After integration, the customer system login page will display the OIDC (Custom) option. Select to log in via OIDC the first time entering the customer system from the AI platform, and subsequently, you will directly enter the customer system without selecting again.
Refer to the tar package at the bottom of the document to implement an empty frontend sub-application, and embed the customer system into this empty shell application in the form of an iframe.
Download the gproduct-demo-main.tar.gz file and change the value of the src attribute in App-iframe.vue under the src folder (the user entering the customer system):
src=\"https://10.6.202.177:30443/label-studio\" (AI platform address + Subpath)
src=\"./external-anyproduct/insight\"
<template>\n <iframe>\n src=\"https://daocloud.io\"\n title=\"demo\"\n class=\"iframe-container\"\n </iframe>\n</template>\n\n<style lang=\"scss\">\nhtml,\nbody {\n height: 100%;\n}\n\n# app {\n display: flex;\n height: 100%;\n .iframe-container {\n border: 0;\n flex: 1 1 0;\n }\n}\n</style>\n
Delete the App.vue and main.ts files under the src folder, and rename:
Build the image following the steps in the readme (Note: before executing the last step, replace the image address in demo.yaml with the built image address)
demo.yamlkind: Namespace\napiVersion: v1\nmetadata:\n name: gproduct-demo\n---\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: gproduct-demo\n namespace: gproduct-demo\n labels:\n app: gproduct-demo\nspec:\n selector:\n matchLabels:\n app: gproduct-demo\n template:\n metadata:\n name: gproduct-demo\n labels:\n app: gproduct-demo\n spec:\n containers:\n - name: gproduct-demo\n image: release.daocloud.io/gproduct-demo # Modify this image address\n ports:\n - containerPort: 80\n---\napiVersion: v1\nkind: Service\n...\n
After integration, the Customer System will appear in the primary navigation bar of AI platform, and clicking it will allow users to enter the customer system.
"},{"location":"en/admin/ghippo/best-practice/oem/oem-in.html#customize-appearance","title":"Customize Appearance","text":"Note
AI platform supports customizing the appearance by writing CSS. How the customer system implements appearance customization in actual applications needs to be handled according to the actual situation.
Log in to the customer system, and through Global Management -> Settings -> Appearance, you can customize platform background colors, logos, and names. For specific operations, please refer to Appearance Customization.
"},{"location":"en/admin/ghippo/best-practice/oem/oem-in.html#integrate-permission-system-optional","title":"Integrate Permission System (Optional)","text":"Method One:
Customized teams can implement a customized module that AI platform will notify each user login event to the customized module via Webhook, and the customized module can call the OpenAPI of AnyProduct and AI platform to synchronize the user's permission information.
Method Two:
Through Webhook, notify AnyProduct of each authorization change (if required, it can be implemented later).
"},{"location":"en/admin/ghippo/best-practice/oem/oem-in.html#use-other-capabilities-of-ai-platform-in-anyproduct-optional","title":"Use Other Capabilities of AI platform in AnyProduct (Optional)","text":"The method is to call the AI platform OpenAPI.
"},{"location":"en/admin/ghippo/best-practice/oem/oem-in.html#references","title":"References","text":"OEM OUT refers to integrating AI platform as a sub-module into other products, appearing in their menus. You can directly access AI platform without logging in again after logging into other products. The OEM OUT integration involves 5 steps:
Deploy AI platform (Assuming the access address after deployment is https://10.6.8.2:30343/
).
To achieve cross-domain access between the customer system and AI platform, you can use an nginx reverse proxy. Use the following example configuration in vi /etc/nginx/conf.d/default.conf :
server {\n listen 80;\n server_name localhost;\n\n location /dce5/ {\n proxy_pass https://10.6.8.2:30343/;\n proxy_http_version 1.1;\n proxy_read_timeout 300s; # This line is required for using kpanda cloudtty, otherwise it can be removed\n proxy_send_timeout 300s; # This line is required for using kpanda cloudtty, otherwise it can be removed\n\n proxy_set_header Host $host;\n proxy_set_header X-Real-IP $remote_addr;\n proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\n\n proxy_set_header Upgrade $http_upgrade; # This line is required for using kpanda cloudtty, otherwise it can be removed\n proxy_set_header Connection $connection_upgrade; # This line is required for using kpanda cloudtty, otherwise it can be removed\n }\n\n location / {\n proxy_pass https://10.6.165.50:30443/; # Assuming this is the customer system address (e.g., Yiyun)\n proxy_http_version 1.1;\n\n proxy_set_header Host $host;\n proxy_set_header X-Real-IP $remote_addr;\n proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\n }\n}\n
Assuming the nginx entry address is 10.6.165.50, follow the Customize AI platform Reverse Proxy Server Address to set the AI_PROXY reverse proxy as http://10.6.165.50/dce5
. Ensure that AI platform can be accessed via http://10.6.165.50/dce5
. The customer system also needs to configure the reverse proxy based on its specific requirements.
Integrate the customer system with AI platform using protocols like OIDC/OAUTH, allowing users to access AI platform without logging in again after logging into the customer system. Fill in the OIDC information of the customer system in Global Management -> Access Control -> Identity Provider .
After integration, the AI platform login page will display the OIDC (custom) option. When accessing AI platform from the customer system for the first time, select OIDC login, and subsequent logins will directly enter AI platform without needing to choose again.
"},{"location":"en/admin/ghippo/best-practice/oem/oem-out.html#navigation-bar-integration","title":"Navigation Bar Integration","text":"Navigation bar integration means adding AI platform to the menu of the customer system. You can directly access AI platform by clicking the proper menu item. The navigation bar integration depends on the customer system and needs to be handled based on specific circumstances.
"},{"location":"en/admin/ghippo/best-practice/oem/oem-out.html#customizie-appearance","title":"Customizie Appearance","text":"Use Global Management -> Settings -> Appearance to customize the platform's background color, logo, and name. For detailed instructions, refer to Appearance Customization.
"},{"location":"en/admin/ghippo/best-practice/oem/oem-out.html#permission-system-integration-optional","title":"Permission System Integration (optional)","text":"Permission system integration is complex. If you have such requirements, please contact the Global Management team.
"},{"location":"en/admin/ghippo/best-practice/oem/oem-out.html#reference","title":"Reference","text":"Follow the steps below to configure the Guomi Gateway for AI platform.
"},{"location":"en/admin/ghippo/install/gm-gateway.html#software-introduction","title":"Software Introduction","text":"Tengine: Tengine is a web server project initiated by taobao.com. Based on Nginx, it adds many advanced features and features for the needs of high-traffic websites.
Tongsuo: Formerly known as BabaSSL, Tongsuo is an open-source cryptographic library that offers a range of modern cryptographic algorithms and secure communication protocols. It is designed to support a variety of use cases, including storage, network security, key management, and privacy computing. By providing foundational cryptographic capabilities, Tongsuo ensures the privacy, integrity, and authenticity of data during transmission, storage, and usage. It also enhances security throughout the data lifecycle, offering robust privacy protection and security features.
"},{"location":"en/admin/ghippo/install/gm-gateway.html#preparation","title":"Preparation","text":"A Linux host with Docker installed and internet access.
"},{"location":"en/admin/ghippo/install/gm-gateway.html#compile-and-install-tengine-tongsuo","title":"Compile and install Tengine & Tongsuo","text":"Note
This configuration is for reference only.
FROM docker.m.daocloud.io/debian:11.3\n\n# Version\nENV TENGINE_VERSION=\"2.3.4\" \\\n TONGSUO_VERSION=\"8.3.2\"\n\n# Install required system packages and dependencies\nRUN apt update && \\\n apt -y install \\\n wget \\\n gcc \\\n make \\\n libpcre3 \\\n libpcre3-dev \\\n zlib1g-dev \\\n perl \\\n && apt clean\n\n# Build tengine\nRUN mkdir -p /tmp/pkg/cache/ && cd /tmp/pkg/cache/ \\\n && wget https://github.com/alibaba/tengine/archive/refs/tags/${TENGINE_VERSION}.tar.gz -O tengine-${TENGINE_VERSION}.tar.gz \\\n && tar zxvf tengine-${TENGINE_VERSION}.tar.gz \\\n && wget https://github.com/Tongsuo-Project/Tongsuo/archive/refs/tags/${TONGSUO_VERSION}.tar.gz -O Tongsuo-${TONGSUO_VERSION}.tar.gz \\\n && tar zxvf Tongsuo-${TONGSUO_VERSION}.tar.gz \\\n && cd tengine-${TENGINE_VERSION} \\\n && ./configure \\\n --add-module=modules/ngx_openssl_ntls \\\n --with-openssl=/tmp/pkg/cache/Tongsuo-${TONGSUO_VERSION} \\\n --with-openssl-opt=\"--strict-warnings enable-ntls\" \\\n --with-http_ssl_module --with-stream \\\n --with-stream_ssl_module --with-stream_sni \\\n && make \\\n && make install \\\n && ln -s /usr/local/nginx/sbin/nginx /usr/sbin/ \\\n && rm -rf /tmp/pkg/cache\n\nEXPOSE 80 443\nSTOPSIGNAL SIGTERM\nCMD [\"nginx\", \"-g\", \"daemon off;\"]\n
docker build -t tengine:0.0.1 .\n
"},{"location":"en/admin/ghippo/install/gm-gateway.html#generate-sm2-and-rsa-tls-certificates","title":"Generate SM2 and RSA TLS Certificates","text":"Here's how to generate SM2 and RSA TLS certificates and configure the Guomi gateway.
"},{"location":"en/admin/ghippo/install/gm-gateway.html#sm2-tls-certificate","title":"SM2 TLS Certificate","text":"Note
This certificate is only for testing purposes.
You can refer to the Tongsuo official documentation to use OpenSSL to generate SM2 certificates, or visit Guomi SSL Laboratory to apply for SM2 certificates.
In the end, we will get the following files:
-rw-r--r-- 1 root root 749 Dec 8 02:59 sm2.*.enc.crt.pem\n-rw-r--r-- 1 root root 258 Dec 8 02:59 sm2.*.enc.key.pem\n-rw-r--r-- 1 root root 749 Dec 8 02:59 sm2.*.sig.crt.pem\n-rw-r--r-- 1 root root 258 Dec 8 02:59 sm2.*.sig.key.pem\n
"},{"location":"en/admin/ghippo/install/gm-gateway.html#rsa-tls-certificate","title":"RSA TLS Certificate","text":"-rw-r--r-- 1 root root 216 Dec 8 03:21 rsa.*.crt.pem\n-rw-r--r-- 1 root root 4096 Dec 8 02:59 rsa.*.key.pem\n
"},{"location":"en/admin/ghippo/install/gm-gateway.html#configure-sm2-and-rsa-tls-certificates-for-the-guomi-gateway","title":"Configure SM2 and RSA TLS Certificates for the Guomi Gateway","text":"The Guomi gateway used in this article supports SM2 and RSA TLS certificates. The advantage of dual certificates is that when the browser does not support SM2 TLS certificates, it automatically switches to RSA TLS certificates.
For more detailed configurations, please refer to the Tongsuo official documentation.
We enter the Tengine container:
# Go to the nginx configuration file directory\ncd /usr/local/nginx/conf\n\n# Create the cert folder to store TLS certificates\nmkdir cert\n\n# Copy the SM2 and RSA TLS certificates to the `/usr/local/nginx/conf/cert` directory\ncp sm2.*.enc.crt.pem sm2.*.enc.key.pem sm2.*.sig.crt.pem sm2.*.sig.key.pem /usr/local/nginx/conf/cert\ncp rsa.*.crt.pem rsa.*.key.pem /usr/local/nginx/conf/cert\n\n# Edit the nginx.conf configuration\nvim nginx.conf\n...\nserver {\n listen 443 ssl;\n proxy_http_version 1.1;\n # Enable Guomi function to support SM2 TLS certificates\n enable_ntls on;\n\n # RSA certificate\n # If your browser does not support Guomi certificates, you can enable this option, and Tengine will automatically recognize the user's browser and use RSA certificates for fallback\n ssl_certificate /usr/local/nginx/conf/cert/rsa.*.crt.pem;\n ssl_certificate_key /usr/local/nginx/conf/cert/rsa.*.key.pem;\n\n # Configure two pairs of SM2 certificates for encryption and signature\n # SM2 signature certificate\n ssl_sign_certificate /usr/local/nginx/conf/cert/sm2.*.sig.crt.pem;\n ssl_sign_certificate_key /usr/local/nginx/conf/cert/sm2.*.sig.key.pem;\n # SM2 encryption certificate\n ssl_enc_certificate /usr/local/nginx/conf/cert/sm2.*.enc.crt.pem;\n ssl_enc_certificate_key /usr/local/nginx/conf/cert/sm2.*.enc.key.pem;\n ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;\n\n location / {\n proxy_set_header Host $http_host;\n proxy_set_header X-Real-IP $remote_addr;\n proxy_set_header REMOTE-HOST $remote_addr;\n proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\n # You need to modify the address here to the address of the Istio ingress gateway\n # For example, proxy_pass https://istio-ingressgateway.istio-system.svc.cluster.local\n # Or proxy_pass https://demo-dev.daocloud.io\n proxy_pass https://istio-ingressgateway.istio-system.svc.cluster.local;\n }\n}\n
"},{"location":"en/admin/ghippo/install/gm-gateway.html#reload-the-configuration-of-the-guomi-gateway","title":"Reload the Configuration of the Guomi Gateway","text":"nginx -s reload\n
"},{"location":"en/admin/ghippo/install/gm-gateway.html#next-steps","title":"Next Steps","text":"After successfully deploying the Guomi gateway, customize the AI platform reverse proxy server address.
"},{"location":"en/admin/ghippo/install/gm-gateway.html#verification","title":"Verification","text":"You can deploy a web browser that supports Guomi certificates. For example, Samarium Browser, and then access the UI interface through Tengine to verify if the Guomi certificate is effective.
"},{"location":"en/admin/ghippo/install/login.html","title":"Login","text":"Before a user uses a new system, there is no data in the system, and the system cannot identify the new user. In order to identify the user identity and bind user data, the user needs an account that can uniquely identify the user identity.
AI platform assigns an account with certain permissions to the user through the way the administrator creates a new user in User and Access Control . All behaviors generated by this user will be associated with their own account.
The user logs in through the account/password, and the system verifies whether the identity is legal. If the verification is legal, the user logs in successfully.
Note
If the user does not perform any operation within 24 hours after logging in, the login status will be automatically logged out. If the logged-in user is always active, the logged-in state will persist.
The simple process of user login is shown in the figure below.
graph TB\n\nuser[Input username] --> pass[Input password] --> judge([Click Login and verify username and password])\njudge -.Correct.->success[Success]\njudge -.Incorrect.->fail[Fail]\n\nclassDef plain fill:#ddd,stroke:#fff,stroke-width:1px,color:#000;\nclassDef k8s fill:#326ce5,stroke:#fff,stroke-width:1px,color:#fff;\nclassDef cluster fill:#fff,stroke:#bbb,stroke-width:1px,color:#326ce5;\n\nclass user,pass cluster;\nclass judge plain\nclass success,fail k8s
The user login screen is as shown in the figure below. For the specific login screen, please refer to the actual product.
"},{"location":"en/admin/ghippo/install/reverse-proxy.html","title":"Customize AI platform Reverse Proxy Server Address","text":"The specific setup steps are as follows:
Check if the global management Helm repository exists.
helm repo list | grep ghippo\n
If the result is empty or shows the following error, proceed to the next step; otherwise, skip the next step.
Error: no repositories to show\n
Add and update the global management Helm repository.
helm repo add ghippo http://{harbor url}/chartrepo/{project}\nhelm repo update ghippo\n
Set environment variables for easier use in the following steps.
# Your reverse proxy address, for example `export Suanova_PROXY=\"https://demo-alpha.daocloud.io\"` \nexport Suanova_PROXY=\"https://domain:port\"\n\n# Helm --set parameter backup file\nexport GHIPPO_VALUES_BAK=\"ghippo-values-bak.yaml\"\n\n# Get the current version of ghippo\nexport GHIPPO_HELM_VERSION=$(helm get notes ghippo -n ghippo-system | grep \"Chart Version\" | awk -F ': ' '{ print $2 }')\n
Backup the --set parameters.
helm get values ghippo -n ghippo-system -o yaml > ${GHIPPO_VALUES_BAK}\n
Add your reverse proxy address.
Note
If possible, you can use the yq command:
yq -i \".global.reverseProxy = \\\"${Suanova_PROXY}\\\"\" ${GHIPPO_VALUES_BAK}\n
Or you can use the vim command to edit and save:
vim ${GHIPPO_VALUES_BAK}\n\nUSER-SUPPLIED VALUES:\n...\nglobal:\n ...\n reverseProxy: ${Suanova_PROXY} # Only need to modify this line\n
Run helm upgrade
to apply the configuration.
helm upgrade ghippo ghippo/ghippo \\\n -n ghippo-system \\\n -f ${GHIPPO_VALUES_BAK} \\\n --version ${GHIPPO_HELM_VERSION}\n
Use kubectl to restart the global management Pod to apply the configuration.
kubectl rollout restart deploy/ghippo-apiserver -n ghippo-system\nkubectl rollout restart statefulset/ghippo-keycloakx -n ghippo-system\n
The specific setup steps are as follows:
Check if the global management Helm repository exists.
helm repo list | grep ghippo\n
If the result is empty or shows the following error, proceed to the next step; otherwise, skip the next step.
Error: no repositories to show\n
Add and update the global management Helm repository.
helm repo add ghippo http://{harbor url}/chartrepo/{project}\nhelm repo update ghippo\n
Set environment variables for easier use in the following steps.
# Your reverse proxy address, for example `export Suanova_PROXY=\"https://demo-alpha.daocloud.io\"` \nexport Suanova_PROXY=\"https://domain:port\"\n\n# Helm --set parameter backup file\nexport GHIPPO_VALUES_BAK=\"ghippo-values-bak.yaml\"\n\n# Get the current version of ghippo\nexport GHIPPO_HELM_VERSION=$(helm get notes ghippo -n ghippo-system | grep \"Chart Version\" | awk -F ': ' '{ print $2 }')\n
Backup the --set parameters.
helm get values ghippo -n ghippo-system -o yaml > ${GHIPPO_VALUES_BAK}\n
Add your reverse proxy address.
Note
If possible, you can use the yq command:
yq -i \".apiserver.userIsolationMode = \\\"Folder\\\"\" ${GHIPPO_VALUES_BAK}\n
Or you can use the vim command to edit and save:
vim ${GHIPPO_VALUES_BAK}\n\nUSER-SUPPLIED VALUES:\n...\n# Just add the following two lines\napiserver:\n userIsolationMode: Folder\n
Run helm upgrade
to apply the configuration.
helm upgrade ghippo ghippo/ghippo \\\n -n ghippo-system \\\n -f ${GHIPPO_VALUES_BAK} \\\n --version ${GHIPPO_HELM_VERSION}\n
Use kubectl to restart the global management Pod to apply the configuration.
kubectl rollout restart deploy/ghippo-apiserver -n ghippo-system\n
AI Lab supports four user roles:
Developer
and Operator
.Developer
.Developer
.Developer
.Each role has different permissions, as detailed below.
Menu Object Operation Admin / Baize Owner Workspace Admin Workspace Editor Workspace Viewer Developer Overview View Overview \u2713 \u2713 \u2713 \u2713 Notebooks View Notebooks \u2713 \u2713 \u2713 \u2713 View Notebooks Details \u2713 \u2713 \u2713 \u2717 Create Notebooks \u2713 \u2713 \u2717 \u2717 Update Notebooks \u2713 \u2713 \u2713 \u2717 Clone Notebooks \u2713 \u2713 \u2717 \u2717 Stop Notebooks \u2713 \u2713 \u2713 \u2717 Start Notebooks \u2713 \u2713 \u2713 \u2717 Delete Notebooks \u2713 \u2713 \u2717 \u2717 Jobs View Jobs \u2713 \u2713 \u2713 \u2713 View Job Details \u2713 \u2713 \u2713 \u2713 Create Job \u2713 \u2713 \u2717 \u2717 Clone Job \u2713 \u2713 \u2717 \u2717 View Job Load Details \u2713 \u2713 \u2713 \u2717 Delete Job \u2713 \u2713 \u2717 \u2717 Job Analysis View Job Analysis \u2713 \u2713 \u2713 \u2713 View Job Analysis Details \u2713 \u2713 \u2713 \u2713 Delete Job Analysis \u2713 \u2713 \u2717 \u2717 Datasets View Datasets \u2713 \u2713 \u2713 \u2717 Create Dataset \u2713 \u2713 \u2717 \u2717 Resync Dataset \u2713 \u2713 \u2713 \u2717 Update Credentials \u2713 \u2713 \u2713 \u2717 Delete Dataset \u2713 \u2713 \u2717 \u2717 Runtime Env View Runtime Env \u2713 \u2713 \u2713 \u2713 Create Runtime Env \u2713 \u2713 \u2717 \u2717 Update Runtime Env \u2713 \u2713 \u2713 \u2717 Delete Runtime Env \u2713 \u2713 \u2717 \u2717 Inference Services View Inference Services \u2713 \u2713 \u2713 \u2713 View Inference Services Details \u2713 \u2713 \u2713 \u2713 Create Inference Service \u2713 \u2713 \u2717 \u2717 Update Inference Service \u2713 \u2713 \u2713 \u2717 Stop Inference Service \u2713 \u2713 \u2713 \u2717 Start Inference Service \u2713 \u2713 \u2713 \u2717 Delete Inference Service \u2713 \u2713 \u2717 \u2717 Operator Overview View Overview \u2713 \u2717 \u2717 \u2717 GPU Management View GPU Management \u2713 \u2717 \u2717 \u2717 Queue Management View Queue Management \u2713 \u2717 \u2717 \u2717 View Queue Details \u2713 \u2717 \u2717 \u2717 Create Queue \u2713 \u2717 \u2717 \u2717 Update Queue \u2713 \u2717 \u2717 \u2717 Delete Queue \u2713 \u2717 \u2717 \u2717"},{"location":"en/admin/ghippo/permissions/kpanda.html","title":"Container Management Permissions","text":"The container management module uses the following roles:
Note
The permissions granted to each role are as follows:
Primary Function Secondary Function Permission Cluster Admin Ns Admin Ns Editor NS Viewer Cluster Clusters View Clusters \u2714 \u2714 \u2714 \u2714 Access Cluster \u2718 \u2718 \u2718 \u2718 Create Cluster \u2718 \u2718 \u2718 \u2718 Cluster Operations Enter Console \u2714 \u2714 (only in the list) \u2714 \u2718 View Monitoring \u2714 \u2718 \u2718 \u2718 Edit Basic Configuration \u2714 \u2718 \u2718 \u2718 Download kubeconfig \u2714 \u2714 (with ns permission) \u2714 (with ns permission) \u2714 (with ns permission) Disconnect Cluster \u2718 \u2718 \u2718 \u2718 View Logs \u2714 \u2718 \u2718 \u2718 Retry \u2718 \u2718 \u2718 \u2718 Uninstall Cluster \u2718 \u2718 \u2718 \u2718 Cluster Overview View Cluster Overview \u2714 \u2718 \u2718 \u2718 Node Management Access Node \u2718 \u2718 \u2718 \u2718 View Node List \u2714 \u2718 \u2718 \u2718 View Node Details \u2714 \u2718 \u2718 \u2718 View YAML \u2714 \u2718 \u2718 \u2718 Pause Scheduling \u2714 \u2718 \u2718 \u2718 Modify Labels \u2714 \u2718 \u2718 \u2718 Modify Annotations \u2714 \u2718 \u2718 \u2718 Modify Taints \u2714 \u2718 \u2718 \u2718 Remove Node \u2718 \u2718 \u2718 \u2718 Deployment View List \u2714 \u2714 \u2714 \u2714 View/Manage Details \u2714 \u2714 \u2714 \u2714 (view only) Create by YAML \u2714 \u2714 \u2714 \u2718 Create by image \u2714 \u2714 \u2714 \u2718 Select an instance in ws bound to ns Select image \u2714 \u2714 \u2714 \u2718 View IP Pool \u2714 \u2714 \u2714 \u2718 Edit Network Interface \u2714 \u2714 \u2714 \u2718 Enter Console \u2714 \u2714 \u2714 \u2718 View Monitoring \u2714 \u2714 \u2714 \u2714 View Logs \u2714 \u2714 \u2714 \u2714 Load Balancer Scaling \u2714 \u2714 \u2714 \u2718 Edit YAML \u2714 \u2714 \u2714 \u2718 Update \u2714 \u2714 \u2714 \u2718 Status - Pause Upgrade \u2714 \u2714 \u2714 \u2718 Status - Stop \u2714 \u2714 \u2714 \u2718 Status - Restart \u2714 \u2714 \u2714 \u2718 Delete \u2714 \u2714 \u2714 \u2718 StatefulSet View List \u2714 \u2714 \u2714 \u2714 View/Manage Details \u2714 \u2714 \u2714 \u2714 (view only) Create by YAML \u2714 \u2714 \u2714 \u2718 Create by image \u2714 \u2714 \u2714 \u2718 Select an instance in ws bound to ns Select image \u2714 \u2714 \u2714 \u2718 Enter Console \u2714 \u2714 \u2714 \u2718 View Monitoring \u2714 \u2714 \u2714 \u2714 View Logs \u2714 \u2714 \u2714 \u2714 Load Balancer Scaling \u2714 \u2714 \u2714 \u2718 Edit YAML \u2714 \u2714 \u2714 \u2718 Update \u2714 \u2714 \u2714 \u2718 Status - Stop \u2714 \u2714 \u2714 \u2718 Status - Restart \u2713 \u2713 \u2713 \u2717 Delete \u2713 \u2713 \u2713 \u2717 \u5b88\u62a4\u8fdb\u7a0b View list \u2713 \u2713 \u2713 \u2713 View/Manage details \u2713 \u2713 \u2713 \u2713 (Only view) Create by YAML \u2713 \u2713 \u2713 \u2717 Create by image \u2713 \u2713 \u2713 \u2717 Select an instance in ws bound to ns Select image \u2713 \u2713 \u2713 \u2717 Go to console \u2713 \u2713 \u2713 \u2717 Check monitor \u2713 \u2713 \u2713 \u2713 View logs \u2713 \u2713 \u2713 \u2713 Edit YAML \u2713 \u2713 \u2713 \u2717 Update \u2713 \u2713 \u2713 \u2717 Status - restart \u2713 \u2713 \u2713 \u2717 Delete \u2713 \u2713 \u2713 \u2717 Job View list \u2713 \u2713 \u2713 \u2713 View/Manage details \u2713 \u2713 \u2713 \u2713 (Only view) Create by YAML \u2713 \u2713 \u2713 \u2717 Create by image \u2713 \u2713 \u2713 \u2717 Instance list \u2713 \u2713 \u2713 \u2713 Select an instance in ws bound to ns Select image \u2713 \u2713 \u2713 \u2717 Go to console \u2713 \u2713 \u2713 \u2717 View logs \u2713 \u2713 \u2713 \u2713 View YAML \u2713 \u2713 \u2713 \u2713 Restart \u2713 \u2713 \u2713 \u2717 View event \u2713 \u2713 \u2713 \u2713 Delete \u2713 \u2713 \u2713 \u2717 CronJob View list \u2713 \u2713 \u2713 \u2713 View/Manage details \u2713 \u2713 \u2713 \u2713 (Only view) Create by YAML \u2713 \u2713 \u2713 \u2717 Create by image \u2713 \u2713 \u2713 \u2717 Select an instance in ws bound to ns Select image \u2713 \u2713 \u2713 \u2717 Edit YAML \u2713 \u2713 \u2713 \u2717 Stop \u2713 \u2713 \u2713 \u2717 View jobs \u2713 \u2713 \u2713 \u2713 View event \u2713 \u2713 \u2713 \u2713 Delete \u2713 \u2713 \u2713 \u2717 Pod View list \u2713 \u2713 \u2713 \u2713 View/Manage details \u2713 \u2713 \u2713 \u2713 (Only view) Go to console \u2713 \u2713 \u2713 \u2717 Check monitor \u2713 \u2713 \u2713 \u2713 View logs \u2713 \u2713 \u2713 \u2713 View YAML \u2713 \u2713 \u2713 \u2713 Upload file \u2713 \u2713 \u2713 \u2717 Download file \u2713 \u2713 \u2713 \u2717 View containers \u2713 \u2713 \u2713 \u2713 View event \u2713 \u2713 \u2713 \u2713 Delete \u2713 \u2713 \u2713 \u2717 ReplicaSet View list \u2713 \u2713 \u2713 \u2713 View/Manage details \u2713 \u2713 \u2713 \u2713 (Only view) Go to console \u2713 \u2713 \u2713 \u2717 Check monitor \u2713 \u2713 \u2713 \u2713 View logs \u2713 \u2713 \u2713 \u2713 View YAML \u2713 \u2713 \u2713 \u2713 Delete \u2713 \u2713 \u2713 \u2717 Helm app View list \u2713 \u2713 \u2713 \u2713 View/Manage details \u2713 \u2713 \u2713 \u2713 (Only view) Update \u2713 \u2713 \u2713 \u2717 View YAML \u2713 \u2713 \u2713 \u2713 Delete \u2713 \u2713 \u2713 \u2717 Helm chart View list \u2713 \u2713 \u2713 \u2713 View details \u2713 \u2713 \u2713 \u2713 Install chart \u2713 \u2713 (Fine for ns level) \u2717 \u2717 Download chart \u2713 \u2713 \u2713 (Consistent with viewing interface) \u2713 Helm repo View list \u2713 \u2713 \u2713 \u2713 Create repo \u2713 \u2717 \u2717 \u2717 Update repo \u2713 \u2717 \u2717 \u2717 Clone repo \u2713 \u2717 \u2717 \u2717 Refresh repo \u2713 \u2717 \u2717 \u2717 Modify label \u2713 \u2717 \u2717 \u2717 Modify annotation \u2713 \u2717 \u2717 \u2717 Delete \u2713 \u2717 \u2717 \u2717 Service View list \u2713 \u2713 \u2713 \u2713 View/Manage details \u2713 \u2713 \u2713 \u2713 (Only view) Create by YAML \u2713 \u2713 \u2713 \u2717 Create \u2713 \u2713 \u2713 \u2717 Update \u2713 \u2713 \u2713 \u2717 View event \u2713 \u2713 \u2713 \u2713 Edit YAML \u2713 \u2713 \u2713 \u2717 Delete \u2713 \u2713 \u2713 \u2717 Ingress View list \u2713 \u2713 \u2713 \u2713 View/Manage details \u2713 \u2713 \u2713 \u2713 (Only view) Create by YAML \u2713 \u2713 \u2713 \u2717 Create \u2713 \u2713 \u2713 \u2717 Update \u2713 \u2713 \u2713 \u2717 View event \u2713 \u2713 \u2713 \u2713 Edit YAML \u2713 \u2713 \u2713 \u2717 Delete \u2713 \u2713 \u2713 \u2717 Network policy View list \u2713 \u2713 \u2713 \u2713 View/Manage details \u2713 \u2713 \u2713 \u2717 Create by YAML \u2713 \u2713 \u2713 \u2717 Create \u2713 \u2713 \u2713 \u2717 Delete \u2713 \u2713 \u2713 \u2717 Network config Config \u2713 \u2713 \u2713 \u2717 CRD View list \u2713 \u2717 \u2717 \u2717 View/Manage details \u2713 \u2717 \u2717 \u2717 Create by YAML \u2713 \u2717 \u2717 \u2717 Edit YAML \u2713 \u2717 \u2717 \u2717 Delete \u2713 \u2717 \u2717 \u2717 PVC View list \u2713 \u2713 \u2713 \u2713 View/Manage details \u2713 \u2713 \u2713 \u2713 (Only view) Create \u2713 \u2713 \u2713 \u2717 Select sc \u2713 \u2713 \u2713 \u2717 Create by YAML \u2713 \u2713 \u2713 \u2717 Edit YAML \u2713 \u2713 \u2713 \u2717 Clone \u2713 \u2713 \u2713 \u2717 Delete \u2713 \u2713 \u2713 \u2717 PV View list \u2713 \u2717 \u2717 \u2717 View/Manage details \u2713 \u2717 \u2717 \u2717 Create by YAML \u2713 \u2717 \u2717 \u2717 Create \u2713 \u2717 \u2717 \u2717 Edit YAML \u2713 \u2717 \u2717 \u2717 Update \u2713 \u2717 \u2717 \u2717 Clone \u2713 \u2717 \u2717 \u2717 Modify label \u2713 \u2717 \u2717 \u2717 Modify annotation \u2713 \u2717 \u2717 \u2717 Delete \u2713 \u2717 \u2717 \u2717 SC View list \u2713 \u2717 \u2717 \u2717 Create by YAML \u2713 \u2717 \u2717 \u2717 Create \u2713 \u2717 \u2717 \u2717 View YAML \u2713 \u2717 \u2717 \u2717 Update \u2713 \u2717 \u2717 \u2717 Authorize NS \u2713 \u2717 \u2717 \u2717 Deauthorize \u2713 \u2717 \u2717 \u2717 Delete \u2713 \u2717 \u2717 \u2717 ConfigMap View list \u2713 \u2713 \u2713 \u2713 View/Manage details \u2713 \u2713 \u2713 \u2713 (Only view) Create by YAML \u2713 \u2713 \u2713 \u2717 Create \u2713 \u2713 \u2713 \u2717 Edit YAML \u2713 \u2713 \u2713 \u2717 Update \u2713 \u2713 \u2713 \u2717 Export ConfigMap \u2713 \u2713 \u2713 \u2717 Delete \u2713 \u2713 \u2713 \u2717 Secret View list \u2713 \u2713 \u2713 \u2717 View/Manage details \u2713 \u2713 \u2713 \u2717 Create by YAML \u2713 \u2713 \u2713 \u2717 Create \u2713 \u2713 \u2713 \u2717 Edit YAML \u2713 \u2713 \u2713 \u2717 Update \u2713 \u2713 \u2713 \u2717 Export secret \u2713 \u2713 \u2713 \u2717 Delete \u2713 \u2713 \u2713 \u2717 Namespace View list \u2713 \u2713 \u2713 \u2713 View/Manage details \u2713 \u2713 \u2713 \u2713 (Only view) Create by YAML \u2713 \u2717 \u2717 \u2717 Create \u2713 \u2717 \u2717 \u2717 View YAML \u2713 \u2713 \u2713 \u2717 Modify label \u2713 \u2713 \u2717 \u2717 Unbind WS \u2717 \u2717 \u2717 \u2717 Bind WS \u2717 \u2717 \u2717 \u2717 Quotas \u2713 \u2717 \u2717 \u2717 Delete \u2713 \u2717 \u2717 \u2717 Cluster operation View list \u2713 \u2717 \u2717 \u2717 View YAML \u2713 \u2717 \u2717 \u2717 View logs \u2713 \u2717 \u2717 \u2717 Delete \u2713 \u2717 \u2717 \u2717 Helm operation Set preserved entries \u2713 \u2717 \u2717 \u2717 View YAML \u2713 \u2713 \u2717 \u2717 View logs \u2713 \u2713 \u2717 \u2717 Delete \u2713 \u2713 \u2717 \u2717 Cluster upgrade View details \u2713 \u2717 \u2717 \u2717 Upgrade \u2717 \u2717 \u2717 \u2717 Cluster settings Addon config \u2713 \u2717 \u2717 \u2717 Advanced config \u2713 \u2717 \u2717 \u2717 Namespace View list \u2713 \u2713 \u2713 \u2713 Create \u2713 \u2717 \u2717 \u2717 View/Manage details \u2713 \u2713 \u2713 \u2713 View YAML \u2713 \u2713 \u2713 \u2717 Modify label \u2713 \u2713 \u2717 \u2717 Bind WS \u2713 \u2717 \u2717 \u2717 Quotas \u2713 \u2717 \u2717 \u2717 Delete \u2713 \u2717 \u2717 \u2717 Workload Deployment View list \u2713 \u2713 \u2713 \u2713 View/Manage details \u2713 \u2713 \u2713 \u2713 (Only view) Go to console \u2713 \u2713 \u2713 \u2717 Check monitor \u2713 \u2713 \u2713 \u2713 View logs \u2713 \u2713 \u2713 \u2713 Workload scaling \u2713 \u2713 \u2713 \u2717 Edit YAML \u2713 \u2713 \u2713 \u2717 Update \u2713 \u2713 \u2713 \u2717 Status - Pause Upgrade \u2713 \u2713 \u2713 \u2717 Status - Stop \u2713 \u2713 \u2713 \u2717 Status - restart \u2713 \u2713 \u2713 \u2717 Revert \u2713 \u2713 \u2713 \u2717 Modify label and annotation \u2713 \u2713 \u2713 \u2717 Delete \u2713 \u2713 \u2713 \u2717 StatefulSet View list \u2713 \u2713 \u2713 \u2713 View/Manage details \u2713 \u2713 \u2713 \u2713 (Only view) Go to console \u2713 \u2713 \u2713 \u2717 Check monitor \u2713 \u2713 \u2713 \u2713 View logs \u2713 \u2713 \u2713 \u2713 Workload scaling \u2713 \u2713 \u2713 \u2717 Edit YAML \u2713 \u2713 \u2713 \u2717 Update \u2713 \u2713 \u2713 \u2717 Status - Stop \u2713 \u2713 \u2713 \u2717 Status - restart \u2713 \u2713 \u2713 \u2717 Delete \u2713 \u2713 \u2713 \u2717 DaemonSet View list \u2713 \u2713 \u2713 \u2713 View/Manage details \u2713 \u2713 \u2713 \u2713 (Only view) Go to console \u2713 \u2713 \u2713 \u2717 Check monitor \u2713 \u2713 \u2713 \u2713 View logs \u2713 \u2713 \u2713 \u2713 Edit YAML \u2713 \u2713 \u2713 \u2717 Update \u2713 \u2713 \u2713 \u2717 Status - restart \u2713 \u2713 \u2713 \u2717 Delete \u2713 \u2713 \u2713 \u2717 Job View list \u2713 \u2713 \u2713 \u2713 View/Manage details \u2713 \u2713 \u2713 \u2713 (Only view) Go to console \u2713 \u2713 \u2713 \u2717 View logs \u2713 \u2713 \u2713 \u2713 View YAML \u2713 \u2713 \u2713 \u2717 Restart \u2713 \u2713 \u2713 \u2717 View event \u2713 \u2713 \u2713 \u2713 Delete \u2713 \u2713 \u2713 \u2717 CronJob View list \u2713 \u2713 \u2713 \u2713 View/Manage details \u2713 \u2713 \u2713 \u2713 (Only view) View event \u2713 \u2713 \u2713 \u2713 Delete \u2713 \u2713 \u2713 \u2717 Pod View list \u2713 \u2713 \u2713 \u2713 View/Manage details \u2713 \u2713 \u2713 \u2713 (Only view) Go to console \u2713 \u2713 \u2713 \u2717 Check monitor \u2713 \u2713 \u2713 \u2713 View logs \u2713 \u2713 \u2713 \u2713 View YAML \u2713 \u2713 \u2713 \u2713 Upload file \u2713 \u2713 \u2713 \u2717 Download file \u2713 \u2713 \u2713 \u2717 View containers \u2713 \u2713 \u2713 \u2713 View event \u2713 \u2713 \u2713 \u2713 Delete \u2713 \u2713 \u2713 \u2717 Backup and Restore App backup View list \u2713 \u2717 \u2717 \u2717 View/Manage details \u2713 \u2717 \u2717 \u2717 Create backup schedule \u2713 \u2717 \u2717 \u2717 View YAML \u2713 \u2717 \u2717 \u2717 Update Schedule \u2713 \u2717 \u2717 \u2717 Pause \u2713 \u2717 \u2717 \u2717 Run now \u2713 \u2717 \u2717 \u2717 Delete \u2713 \u2717 \u2717 \u2717 Resume backup View list \u2713 \u2717 \u2717 \u2717 View/Manage details \u2713 \u2717 \u2717 \u2717 Resume backup \u2713 \u2717 \u2717 \u2717 Delete \u2713 \u2717 \u2717 \u2717 Backup point View list \u2713 \u2717 \u2717 \u2717 Delete \u2713 \u2717 \u2717 \u2717 Object storage View list \u2713 \u2717 \u2717 \u2717 etcd backup View backup policies \u2713 \u2717 \u2717 \u2717 Create backup policies \u2713 \u2717 \u2717 \u2717 View logs \u2713 \u2717 \u2717 \u2717 View YAML \u2713 \u2717 \u2717 \u2717 Update backup policy \u2713 \u2717 \u2717 \u2717 Stop/Start \u2713 \u2717 \u2717 \u2717 Run now \u2713 \u2717 \u2717 \u2717 View/Manage details \u2713 \u2717 \u2717 \u2717 Delete backup records \u2713 \u2717 \u2717 \u2717 View backup points \u2713 \u2717 \u2717 \u2717 Cluster inspection Cluster inspection View list \u2713 \u2717 \u2717 \u2717 View/Manage details \u2713 \u2717 \u2717 \u2717 Cluster inspection \u2713 \u2717 \u2717 \u2717 Settings \u2713 \u2717 \u2717 \u2717 Permissions Permissions View list \u2713 \u2717 \u2717 \u2717 Grant to cluster admin \u2713 \u2717 \u2717 \u2717 Delete \u2713 \u2717 \u2717 \u2717 NS permissions View list \u2713 \u2713 \u2717 \u2717 Grant to ns admin \u2713 \u2713 \u2717 \u2717 Grant to ns editor \u2713 \u2713 \u2717 \u2717 Grant to ns viewer \u2713 \u2713 \u2717 \u2717 Edit permissions \u2713 \u2713 \u2717 \u2717 Delete \u2713 \u2713 \u2717 \u2717 Security Compliance scanning View scanning report \u2713 \u2717 \u2717 \u2717 View scanning report details \u2713 \u2717 \u2717 \u2717 Download scanning report \u2713 \u2717 \u2717 \u2717 Delete scanning report \u2713 \u2717 \u2717 \u2717 View scanning policies \u2713 \u2717 \u2717 \u2717 Create scanning policy \u2713 \u2717 \u2717 \u2717 Delete scanning policy \u2713 \u2717 \u2717 \u2717 View scanning config list \u2713 \u2717 \u2717 \u2717 View scanning config details \u2713 \u2717 \u2717 \u2717 Delete scanning config \u2713 \u2717 \u2717 \u2717 Scan permission View scanning reports \u2713 \u2717 \u2717 \u2717 View scanning report details \u2713 \u2717 \u2717 \u2717 Delete scanning report \u2713 \u2717 \u2717 \u2717 View scanning policies \u2713 \u2717 \u2717 \u2717 Create scanning policy \u2713 \u2717 \u2717 \u2717 Delete scanning policy \u2713 \u2717 \u2717 \u2717 Scan vulnerability View scanning reports \u2713 \u2717 \u2717 \u2717 View scanning report detail \u2713 \u2717 \u2717 \u2717 Delete scanning report \u2713 \u2717 \u2717 \u2717 View scanning policies \u2713 \u2717 \u2717 \u2717 Create scanning policy \u2713 \u2717 \u2717 \u2717 Delete scanning policy \u2713 \u2717 \u2717 \u2717"},{"location":"en/admin/ghippo/personal-center/accesstoken.html","title":"Access key","text":"The access key can be used to access the openAPI and continuous delivery. Users can obtain the key and access the API by referring to the following steps in the personal center.
"},{"location":"en/admin/ghippo/personal-center/accesstoken.html#get-key","title":"Get key","text":"Log in to AI platform, find Personal Center in the drop-down menu in the upper right corner, and you can manage the access key of the account on the Access Keys page.
Info
Access key is displayed only once. If you forget your access key, you will need to create a new key.
"},{"location":"en/admin/ghippo/personal-center/accesstoken.html#use-the-key-to-access-api","title":"Use the key to access API","text":"When accessing AI platform openAPI, add the header Authorization:Bearer ${token}
to the request to identify the visitor, where ${token}
is the key obtained in the previous step. Request Example
curl -X GET -H 'Authorization:Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IkRKVjlBTHRBLXZ4MmtQUC1TQnVGS0dCSWc1cnBfdkxiQVVqM2U3RVByWnMiLCJ0eXAiOiJKV1QifQ.eyJleHAiOjE2NjE0MTU5NjksImlhdCI6MTY2MDgxMTE2OSwiaXNzIjoiZ2hpcHBvLmlvIiwic3ViIjoiZjdjOGIxZjUtMTc2MS00NjYwLTg2MWQtOWI3MmI0MzJmNGViIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiYWRtaW4iLCJncm91cHMiOltdfQ.RsUcrAYkQQ7C6BxMOrdD3qbBRUt0VVxynIGeq4wyIgye6R8Ma4cjxG5CbU1WyiHKpvIKJDJbeFQHro2euQyVde3ygA672ozkwLTnx3Tu-_mB1BubvWCBsDdUjIhCQfT39rk6EQozMjb-1X1sbLwzkfzKMls-oxkjagI_RFrYlTVPwT3Oaw-qOyulRSw7Dxd7jb0vINPq84vmlQIsI3UuTZSNO5BCgHpubcWwBss-Aon_DmYA-Et_-QtmPBA3k8E2hzDSzc7eqK0I68P25r9rwQ3DeKwD1dbRyndqWORRnz8TLEXSiCFXdZT2oiMrcJtO188Ph4eLGut1-4PzKhwgrQ' https://demo-dev.daocloud.io/apis/ghippo.io/v1alpha1/users?page=1&pageSize=10 -k\n
Request result
{\n \"items\": [\n {\n \"id\": \"a7cfd010-ebbe-4601-987f-d098d9ef766e\",\n \"name\": \"a\",\n \"email\": \"\",\n \"description\": \"\",\n \"firstname\": \"\",\n \"lastname\": \"\",\n \"source\": \"locale\",\n \"enabled\": true,\n \"createdAt\": \"1660632794800\",\n \"updatedAt\": \"0\",\n \"lastLoginAt\": \"\"\n }\n ],\n \"pagination\": {\n \"page\": 1,\n \"pageSize\": 10,\n \"total\": 1\n }\n}\n
"},{"location":"en/admin/ghippo/personal-center/language.html","title":"language settings","text":"This section explains how to set the interface language. Currently supports Chinese, English two languages.
Language setting is the portal for the platform to provide multilingual services. The platform is displayed in Chinese by default. Users can switch the platform language by selecting English or automatically detecting the browser language preference according to their needs. Each user's multilingual service is independent of each other, and switching will not affect other users.
The platform provides three ways to switch languages: Chinese, English-English, and automatically detect your browser language preference.
The operation steps are as follows.
Log in to the AI platform with your username/password. Click Global Management at the bottom of the left navigation bar.
Click the username in the upper right corner and select Personal Center .
Click the Language Settings tab.
Toggle the language option.
Function description: It is used to fill in the email address and modify the login password.
The specific operation steps are as follows:
Click the username in the upper right corner and select Personal Center .
Click the Security Settings tab. Fill in your email address or change the login password.
This article explains how to configure SSH public key.
"},{"location":"en/admin/ghippo/personal-center/ssh-key.html#step-1-view-existing-ssh-keys","title":"Step 1. View Existing SSH Keys","text":"Before generating a new SSH key, please check if you need to use an existing SSH key stored in the root directory of the local user. For Linux and Mac, use the following command to view existing public keys. Windows users can use the following command in WSL (requires Windows 10 or above) or Git Bash to view the generated public keys.
ED25519 Algorithm:
cat ~/.ssh/id_ed25519.pub\n
RSA Algorithm:
cat ~/.ssh/id_rsa.pub\n
If a long string starting with ssh-ed25519 or ssh-rsa is returned, it means that a local public key already exists. You can skip Step 2 Generate SSH Key and proceed directly to Step 3.
"},{"location":"en/admin/ghippo/personal-center/ssh-key.html#step-2-generate-ssh-key","title":"Step 2. Generate SSH Key","text":"If Step 1 does not return the specified content string, it means that there is no available SSH key locally and a new SSH key needs to be generated. Please follow these steps:
Access the terminal (Windows users please use WSL or Git Bash), and run ssh-keygen -t
.
Enter the key algorithm type and an optional comment.
The comment will appear in the .pub file and can generally use the email address as the comment content.
To generate a key pair based on the ED25519
algorithm, use the following command:
ssh-keygen -t ed25519 -C \"<comment>\"\n
To generate a key pair based on the RSA
algorithm, use the following command:
ssh-keygen -t rsa -C \"<comment>\"\n
Press Enter to choose the SSH key generation path.
Taking the ED25519 algorithm as an example, the default path is as follows:
Generating public/private ed25519 key pair.\nEnter file in which to save the key (/home/user/.ssh/id_ed25519):\n
The default key generation path is /home/user/.ssh/id_ed25519
, and the proper public key is /home/user/.ssh/id_ed25519.pub
.
Set a passphrase for the key.
Enter passphrase (empty for no passphrase):\nEnter same passphrase again:\n
The passphrase is empty by default, and you can choose to use a passphrase to protect the private key file. If you do not want to enter a passphrase every time you access the repository using the SSH protocol, you can enter an empty passphrase when creating the key.
Press Enter to complete the key pair creation.
In addition to manually copying the generated public key information printed on the command line, you can use the following commands to copy the public key to the clipboard, depending on the operating system.
Windows (in WSL or Git Bash):
cat ~/.ssh/id_ed25519.pub | clip\n
Mac:
tr -d '\\n'< ~/.ssh/id_ed25519.pub | pbcopy\n
GNU/Linux (requires xclip):
xclip -sel clip < ~/.ssh/id_ed25519.pub\n
Log in to the AI platform UI page and select Profile -> SSH Public Key in the upper right corner of the page.
Add the generated SSH public key information.
SSH public key content.
Public key title: Supports customizing the public key name for management differentiation.
Expiration: Set the expiration period for the public key. After it expires, the public key will be automatically invalidated and cannot be used. If not set, it will be permanently valid.
The About page primarily showcases the latest versions of each module, highlights the open source software used, and expresses gratitude to the technical team via an animated video.
Steps to view are as follows:
Log in to AI platform as a user with Admin role. Click Global Management at the bottom of the left navigation bar.
Click Settings , select About , and check the product version, open source software statement, and development teams.
License Statement
Technical Team
In AI platform, you have the option to customize the appearance of the login page, top navigation bar, bottom copyright and ICP registration to enhance your product recognition.
"},{"location":"en/admin/ghippo/platform-setting/appearance.html#customizing-login-page-and-top-navigation-bar","title":"Customizing Login Page and Top Navigation Bar","text":"To get started, log in to AI platform as a user with the admin role and navigate to Global Management -> Settings found at the bottom of the left navigation bar.
Select Appearance . On the Custom your login page tab, modify the icon and text of the login page as needed, then click Save .
Log out and refresh the login page to see the configured effect.
On the Advanced customization tab, you can modify login page, navigation bar, copyright, and ICP registration with css.
Note
If you wish to restore the default settings, simply click Revert . This action will discard all customized settings.
"},{"location":"en/admin/ghippo/platform-setting/appearance.html#advanced-customization","title":"Advanced Customization","text":"Advanced customization allows you to modify the color, font spacing, and font size of the entire container platform using CSS styles. Please note that familiarity with CSS syntax is required.
To reset any advanced customizations, delete the contents of the black input box or click the Revert button.
Sample CSS for Login Page Customization:
.test {\n width: 12px;\n}\n\n#kc-login {\n /* color: red!important; */\n}\n
CSS sample for page customization after login:
.dao-icon.dao-iconfont.icon-service-global.dao-nav__head-icon {\n color: red!important;\n}\n.ghippo-header-logo {\n background-color: green!important;\n}\n.ghippo-header {\n background-color: rgb(128, 115, 0)!important;\n}\n.ghippo-header-nav-main {\n background-color: rgb(0, 19, 128)!important;\n}\n.ghippo-header-sub-nav-main .dao-popper-inner {\n background-color: rgb(231, 82, 13) !important;\n}\n
CSS sample for custom footer (including copyright, filing, and other information at the bottom)
<div class=\"footer-content\">\n <span class=\"footer-item\">Copyright \u00a9 2024 Suanova</span>\n <a class=\"footer-item\" href=\"https://beian.miit.gov.cn/\" target=\"_blank\" rel=\"noopener noreferrer\">\u6caa ICP \u5907 14048409 \u53f7 - 1</a>\n <a class=\"footer-item\" href=\"https://beian.miit.gov.cn/\" target=\"_blank\" rel=\"noopener noreferrer\">\u6caa ICP \u5907 14048409 \u53f7 - 2</a>\n</div>\n<div class=\"footer-content\">\n <img class=\"gongan-icon\" src=\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAASCAYAAABWzo5XAAAACXBIWXMAAAsTAAALEwEAmpwYAAAKTWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAHjanVN3WJP3Fj7f92UPVkLY8LGXbIEAIiOsCMgQWaIQkgBhhBASQMWFiApWFBURnEhVxILVCkidiOKgKLhnQYqIWotVXDjuH9yntX167+3t+9f7vOec5/zOec8PgBESJpHmomoAOVKFPDrYH49PSMTJvYACFUjgBCAQ5svCZwXFAADwA3l4fnSwP/wBr28AAgBw1S4kEsfh/4O6UCZXACCRAOAiEucLAZBSAMguVMgUAMgYALBTs2QKAJQAAGx5fEIiAKoNAOz0ST4FANipk9wXANiiHKkIAI0BAJkoRyQCQLsAYFWBUiwCwMIAoKxAIi4EwK4BgFm2MkcCgL0FAHaOWJAPQGAAgJlCLMwAIDgCAEMeE80DIEwDoDDSv+CpX3CFuEgBAMDLlc2XS9IzFLiV0Bp38vDg4iHiwmyxQmEXKRBmCeQinJebIxNI5wNMzgwAABr50cH+OD+Q5+bk4eZm52zv9MWi/mvwbyI+IfHf/ryMAgQAEE7P79pf5eXWA3DHAbB1v2upWwDaVgBo3/ldM9sJoFoK0Hr5i3k4/EAenqFQyDwdHAoLC+0lYqG9MOOLPv8z4W/gi372/EAe/tt68ABxmkCZrcCjg/1xYW52rlKO58sEQjFu9+cj/seFf/2OKdHiNLFcLBWK8ViJuFAiTcd5uVKRRCHJleIS6X8y8R+W/QmTdw0ArIZPwE62B7XLbMB+7gECiw5Y0nYAQH7zLYwaC5EAEGc0Mnn3AACTv/mPQCsBAM2XpOMAALzoGFyolBdMxggAAESggSqwQQcMwRSswA6cwR28wBcCYQZEQAwkwDwQQgbkgBwKoRiWQRlUwDrYBLWwAxqgEZrhELTBMTgN5+ASXIHrcBcGYBiewhi8hgkEQcgIE2EhOogRYo7YIs4IF5mOBCJhSDSSgKQg6YgUUSLFyHKkAqlCapFdSCPyLXIUOY1cQPqQ28ggMor8irxHMZSBslED1AJ1QLmoHxqKxqBz0XQ0D12AlqJr0Rq0Hj2AtqKn0UvodXQAfYqOY4DRMQ5mjNlhXIyHRWCJWBomxxZj5Vg1Vo81Yx1YN3YVG8CeYe8IJAKLgBPsCF6EEMJsgpCQR1hMWEOoJewjtBK6CFcJg4Qxwicik6hPtCV6EvnEeGI6sZBYRqwm7iEeIZ4lXicOE1+TSCQOyZLkTgohJZAySQtJa0jbSC2kU6Q+0hBpnEwm65Btyd7kCLKArCCXkbeQD5BPkvvJw+S3FDrFiOJMCaIkUqSUEko1ZT/lBKWfMkKZoKpRzame1AiqiDqfWkltoHZQL1OHqRM0dZolzZsWQ8ukLaPV0JppZ2n3aC/pdLoJ3YMeRZfQl9Jr6Afp5+mD9HcMDYYNg8dIYigZaxl7GacYtxkvmUymBdOXmchUMNcyG5lnmA+Yb1VYKvYqfBWRyhKVOpVWlX6V56pUVXNVP9V5qgtUq1UPq15WfaZGVbNQ46kJ1Bar1akdVbupNq7OUndSj1DPUV+jvl/9gvpjDbKGhUaghkijVGO3xhmNIRbGMmXxWELWclYD6yxrmE1iW7L57Ex2Bfsbdi97TFNDc6pmrGaRZp3mcc0BDsax4PA52ZxKziHODc57LQMtPy2x1mqtZq1+rTfaetq+2mLtcu0W7eva73VwnUCdLJ31Om0693UJuja6UbqFutt1z+o+02PreekJ9cr1Dund0Uf1bfSj9Rfq79bv0R83MDQINpAZbDE4Y/DMkGPoa5hpuNHwhOGoEctoupHEaKPRSaMnuCbuh2fjNXgXPmasbxxirDTeZdxrPGFiaTLbpMSkxeS+Kc2Ua5pmutG003TMzMgs3KzYrMnsjjnVnGueYb7ZvNv8jYWlRZzFSos2i8eW2pZ8ywWWTZb3rJhWPlZ5VvVW16xJ1lzrLOtt1ldsUBtXmwybOpvLtqitm63Edptt3xTiFI8p0in1U27aMez87ArsmuwG7Tn2YfYl9m32zx3MHBId1jt0O3xydHXMdmxwvOuk4TTDqcSpw+lXZxtnoXOd8zUXpkuQyxKXdpcXU22niqdun3rLleUa7rrStdP1o5u7m9yt2W3U3cw9xX2r+00umxvJXcM970H08PdY4nHM452nm6fC85DnL152Xlle+70eT7OcJp7WMG3I28Rb4L3Le2A6Pj1l+s7pAz7GPgKfep+Hvqa+It89viN+1n6Zfgf8nvs7+sv9j/i/4XnyFvFOBWABwQHlAb2BGoGzA2sDHwSZBKUHNQWNBbsGLww+FUIMCQ1ZH3KTb8AX8hv5YzPcZyya0RXKCJ0VWhv6MMwmTB7WEY6GzwjfEH5vpvlM6cy2CIjgR2yIuB9pGZkX+X0UKSoyqi7qUbRTdHF09yzWrORZ+2e9jvGPqYy5O9tqtnJ2Z6xqbFJsY+ybuIC4qriBeIf4RfGXEnQTJAntieTE2MQ9ieNzAudsmjOc5JpUlnRjruXcorkX5unOy553PFk1WZB8OIWYEpeyP+WDIEJQLxhP5aduTR0T8oSbhU9FvqKNolGxt7hKPJLmnVaV9jjdO31D+miGT0Z1xjMJT1IreZEZkrkj801WRNberM/ZcdktOZSclJyjUg1plrQr1zC3KLdPZisrkw3keeZtyhuTh8r35CP5c/PbFWyFTNGjtFKuUA4WTC+oK3hbGFt4uEi9SFrUM99m/ur5IwuCFny9kLBQuLCz2Lh4WfHgIr9FuxYji1MXdy4xXVK6ZHhp8NJ9y2jLspb9UOJYUlXyannc8o5Sg9KlpUMrglc0lamUycturvRauWMVYZVkVe9ql9VbVn8qF5VfrHCsqK74sEa45uJXTl/VfPV5bdra3kq3yu3rSOuk626s91m/r0q9akHV0IbwDa0b8Y3lG19tSt50oXpq9Y7NtM3KzQM1YTXtW8y2rNvyoTaj9nqdf13LVv2tq7e+2Sba1r/dd3vzDoMdFTve75TsvLUreFdrvUV99W7S7oLdjxpiG7q/5n7duEd3T8Wej3ulewf2Re/ranRvbNyvv7+yCW1SNo0eSDpw5ZuAb9qb7Zp3tXBaKg7CQeXBJ9+mfHvjUOihzsPcw83fmX+39QjrSHkr0jq/dawto22gPaG97+iMo50dXh1Hvrf/fu8x42N1xzWPV56gnSg98fnkgpPjp2Snnp1OPz3Umdx590z8mWtdUV29Z0PPnj8XdO5Mt1/3yfPe549d8Lxw9CL3Ytslt0utPa49R35w/eFIr1tv62X3y+1XPK509E3rO9Hv03/6asDVc9f41y5dn3m978bsG7duJt0cuCW69fh29u0XdwruTNxdeo94r/y+2v3qB/oP6n+0/rFlwG3g+GDAYM/DWQ/vDgmHnv6U/9OH4dJHzEfVI0YjjY+dHx8bDRq98mTOk+GnsqcTz8p+Vv9563Or59/94vtLz1j82PAL+YvPv655qfNy76uprzrHI8cfvM55PfGm/K3O233vuO+638e9H5ko/ED+UPPR+mPHp9BP9z7nfP78L/eE8/sl0p8zAAAAIGNIUk0AAHolAACAgwAA+f8AAIDpAAB1MAAA6mAAADqYAAAXb5JfxUYAAAQjSURBVHjaVNNZbFRlGIDh95w525zpdGa6TVtbykBbyiICxQY0AhYTJUCiiYqGqEEiJhKQmBg0ESPeeCGRENEYb4jhBr0gNQrRlCBiSgyLaSlSaKEs3Wemy+xnzuqFYdD/6rt6ku/N9wue55EcPwWArCgIgkx5ZRuYVxsnJ801Z05f3jY1MRnb/HxHV+uSph9RKq4mhkdwbZVgdQ2SHkPTwgj/h1QUWWi8/tfg/hM/XN/Y2zfaZnkSnuRDtLMsXhBOvrJtya/LlrcdMs1Qb1lVRQmSAEDAsU1kxpgamXp3y+azu1esreK9dyRqs9PIjkW6OsLx7lTV1ld/237s8HRV57MbnvO8CA+e9GCQFTk6Mza+4/0P+t9a9VSEI3uyTH/eR27aB2Ed31Q/Hx1sI6BHOPT13c5Frd0HW9p3HPUQEwAigJW9RDp+bstrOy981nVGLN/7RpHUV70YfXnEAtjxFPasxPDBQXatjzNTdOQXtg983H/51AFFy1KCIg2bNIdC+8270NwmUmelsXqSqHkDK5PDl8iCW0QcnEW+lqCjvcjQuMZ4YnQRTkotQUZu4GkjcfZNv19G011kXw4vayNYNvqCCvSVTciOgABgeuhBGwhgz5zbkI2ff7HUqJiNR2QktbbSYnBYYqbMT/ilKI4SIbT/GcRylbnvLmJ2X8N7tJ7rR8OE/BbliqEYea81WIotmOs02WFpc55Lf0f5/mSI3dsamOgxSX7ZjaALuBmB6M6FnB+S+POCwmOLk1QFFAqZyQWl1YrpiRZJLvDkygyC5NJ1XCax7xYNiTQVEYVIuUulayIcGeLkpw6WK7GuPY/fb2CkhleXIFFe8XPGaKBj9QxLW1Ik0bg8EuT2zRCJYZvZIYepe0EGbvi4bQUJVZhs2phADFYj+df0lBqJUnaekS4SUHXe3jrOnoE2PhSewHfRpfZGgcryIvfHdQruQlLo7Ns6QizqkJ31CIUlqwQJXuWUpDXj6qOsW32HT3YNImll9FwJsb4jyaLmWQ4fa6a+2sQw0ry8YZSiHcPxxXBtMfCv4XkUCrfliWs/fTE31rtTVfv9vsIorvQIniMhqXM4popVcJFVMHMpfMEaLPdxR1Tnna1b1vl6tGntpAjgCTNWONZyIFBR8Ydtr6EgrCI3VySfzZPLBDHyIq5gkpmzcOUmTGMF+bh7M9LYulfWzMmHBzk7Fpq9deWEYxjrtaCMXjWfstp6BCGNXZzBdYqYhogWqkMum4+oBVD0YnP63u/fFqbv1D+M7VSlBbmmK5uYaLYLYwslfwFVAyXQiOfcx3XyyGIM8DDn0lgWyGokHogu/0UJxpL/+f2e569s/CZQZ53OpzJr0+NXludUfb5jVdf7VUGXJUPIZast1S9PeII6jFDT5xMjFwO1S4c8zwTgnwEAxufYSzA67PMAAAAASUVORK5CYII=\" >\n <a class=\"footer-item\" href=\"http://www.beian.gov.cn/portal/registerSystemInfo\">\u6caa\u516c\u7f51\u5b89\u5907 12345678912345\u53f7</a>\n</div>\n<style>\n.footer-content {\n display: flex;\n flex-wrap: wrap;\n align-items: center;\n justify-content: center;\n}\n.footer-content + .footer-content {\n margin-top: 8px;\n}\n.login-pf .footer-item {\n color: white;\n}\n.footer-item {\n color: var(--dao-gray-010);\n text-decoration: none;\n}\n.footer-item + .footer-item {\n margin-left: 8px;\n}\n.gongan-icon {\n width: 18px;\n height: 18px;\n margin-right: 4px;\n}\n</style>\n
"},{"location":"en/admin/ghippo/platform-setting/mail-server.html","title":"Mail Server","text":"AI platform will send an e-mail to the user to verify the e-mail address if the user forgets the password to ensure that the user is acting in person. In order for AI platform to be able to send email, you need to provide your mail server address first.
The specific operation steps are as follows:
Log in to AI platform as a user with admin role. Click Global Management at the bottom of the left navigation bar.
Click Settings , select Mail Server Settings .
Complete the following fields to configure the mail server:
Field Description Example SMTP server address SMTP server address that can provide mail service smtp.163.com SMTP server port Port for sending mail 25 Username Name of the SMTP user test@163.com Password Password for the SMTP account 123456 Sender's email address Sender's email address test@163.com Use SSL secure connection SSL can be used to encrypt emails, thereby improving the security of information transmitted via emails, usually need to configure a certificate for the mail server DisableAfter the configuration is complete, click Save , and click Test Mail Server .
A message indicating that the mail has been successfully sent appears in the upper right corner of the screen, indicating that the mail server has been successfully set up.
Q: What is the reason why the user still cannot retrieve the password after the mail server is set up?
Answer: The user may not have an email address or set a wrong email address; at this time, users with the admin role can find the user by username in Global Management -> Access Control , and set it as The user sets a new login password.
If the mail server is not connected, please check whether the mail server address, username and password are correct.
"},{"location":"en/admin/ghippo/platform-setting/security.html","title":"Security Policy","text":"AI platform offers robust security measures, including password policies and access control for the graphical interface.
"},{"location":"en/admin/ghippo/platform-setting/security.html#password-policy","title":"Password Policy","text":"To configure the password and access control policies, navigate to global management, then click Settings -> Security Policy in the left navigation bar.
"},{"location":"en/admin/ghippo/report-billing/index.html","title":"Operation Management","text":"Operation Management provides a visual representation of the total usage and utilization rates of CPU, memory, storage and GPU across various dimensions such as cluster, node, namespace, pod, and workspace within a specified time range on the platform. It also automatically calculates platform consumption information based on usage, usage time, and unit price. By default, the module enables all report statistics, but platform administrators can manually enable or disable individual reports. After enabling or disabling, the platform will start or stop collecting report data within a maximum of 20 minutes. Previously collected data will still be displayed normally. Operation Management data can be retained on the platform for up to 365 days. Statistical data exceeding this retention period will be automatically deleted. You can also download reports in CSV or Excel format for further statistics and analysis.
Operation Management is available only for the Standard Edition and above. It is not supported in the Community Edition.
You need to install or upgrade the Operations Management module first, and then you can experience report management and billing metering.
"},{"location":"en/admin/ghippo/report-billing/index.html#report-management","title":"Report Management","text":"Report Management provides data statistics for cluster, node, pods, workspace, and namespace across five dimensions: CPU Utilization, Memory Utilization, Storage Utilization, GPU Utilization, and GPU Memory Utilization. It also integrates with the audit and alert modules to support the statistical management of audit and alert data, supporting a total of seven types of reports.
"},{"location":"en/admin/ghippo/report-billing/index.html#accounting-billing","title":"Accounting & Billing","text":"Accounting & Billing provides billing statistics for clusters, nodes, pods, namespaces, and workspaces on the platform. It calculates the consumption for each resource during the statistical period based on the usage of CPU, memory, storage and GPU, as well as user-configured prices and currency units. Depending on the selected time span, such as monthly, quarterly, or annually, it can quickly calculate the actual consumption for that period.
"},{"location":"en/admin/ghippo/report-billing/billing.html","title":"Accounting & Billing","text":"Accounting and billing further process the usage data of resources based on reports. You can manually set the unit price and currency unit for CPU, memory, GPU and storage. After setting, the system will automatically calculate the expenses of clusters, nodes, pods, namespaces, and workspaces over a period. You can adjust the period freely and export billing reports in Excel or Csv format after filtering by week, month, quarter, or year.
"},{"location":"en/admin/ghippo/report-billing/billing.html#billing-rules-and-effective-time","title":"Billing Rules and Effective Time","text":"Currently, the following reports are supported:
Log in to AI platform as a user with the admin role. Click Global Management -> Operations Management at the bottom of the left navigation bar.
After entering the Operations Management , switch to different menus to view billing reports for clusters, nodes, and pods.
Report management visually displays statistical data across clusters, nodes, pods, workspaces, namespaces, audits, and alarms. This data provides a reliable foundation for platform billing and utilization optimization.
"},{"location":"en/admin/ghippo/report-billing/report.html#features","title":"Features","text":"Currently, the following reports are supported:
Log in to AI platform as a user with the Admin role. Click Global Management -> Operations Management at the bottom of the left sidebar.
After entering Operations Management, switch between different menus to view reports on clusters, nodes, and pods.
The error message is as shown in the following image:
Possible cause: The jwtsUri address of the RequestAuthentication CR cannot be accessed, causing istiod to be unable to push the configuration to istio-ingressgateway (This bug can be avoided in Istio 1.15: https://github.com/istio/istio/pull/39341/).
Solution:
Backup the RequestAuthentication ghippo CR.
kubectl get RequestAuthentication ghippo -n istio-system -o yaml > ghippo-ra.yaml\n
Delete the RequestAuthentication ghippo CR.
kubectl delete RequestAuthentication ghippo -n istio-system\n
Restart Istio.
kubectl rollout restart deploy/istiod -n istio-system\nkubectl rollout restart deploy/istio-ingressgateway -n istio-system\n
Reapply the RequestAuthentication ghippo CR.
kubectl apply -f ghippo-ra.yaml\n
Note
Before applying the RequestAuthentication ghippo CR, make sure that ghippo-apiserver and ghippo-keycloak are started correctly.
This issue occurs when the MySQL database connected to ghippo-keycloak encounters a failure, causing the OIDC Public keys to be reset.
For Global Management version 0.11.1 and above, you can follow these steps to restore normal operation by updating the Global Management configuration file using helm .
# Update helm repository\nhelm repo update ghippo\n\n# Backup ghippo parameters\nhelm get values ghippo -n ghippo-system -o yaml > ghippo-values-bak.yaml\n\n# Get the current deployed ghippo version\nversion=$(helm get notes ghippo -n ghippo-system | grep \"Chart Version\" | awk -F ': ' '{ print $2 }')\n\n# Perform the update operation to make the configuration file take effect\nhelm upgrade ghippo ghippo/ghippo \\\n-n ghippo-system \\\n-f ./ghippo-values-bak.yaml \\\n--version ${version}\n
"},{"location":"en/admin/ghippo/troubleshooting/ghippo03.html","title":"Keycloak Unable to Start","text":""},{"location":"en/admin/ghippo/troubleshooting/ghippo03.html#common-issues","title":"Common Issues","text":""},{"location":"en/admin/ghippo/troubleshooting/ghippo03.html#symptoms","title":"Symptoms","text":"MySQL is ready with no errors. After installing the global management, Keycloak fails to start (more than 10 times).
"},{"location":"en/admin/ghippo/troubleshooting/ghippo03.html#checklist","title":"Checklist","text":"Keycloak cannot start normally, the Keycloak pod is in the CrashLoopBackOff
state, and the Keycloak log shows:
Run the following script to check the supported CPU types:
cat <<\"EOF\" > detect-cpu.sh\n#!/bin/sh -eu\n\nflags=$(cat /proc/cpuinfo | grep flags | head -n 1 | cut -d: -f2)\n\nsupports_v2='awk \"/cx16/&&/lahf/&&/popcnt/&&/sse4_1/&&/sse4_2/&&/ssse3/ {found=1} END {exit !found}\"'\nsupports_v3='awk \"/avx/&&/avx2/&&/bmi1/&&/bmi2/&&/f16c/&&/fma/&&/abm/&&/movbe/&&/xsave/ {found=1} END {exit !found}\"'\nsupports_v4='awk \"/avx512f/&&/avx512bw/&&/avx512cd/&&/avx512dq/&&/avx512vl/ {found=1} END {exit !found}\"'\n\necho \"$flags\" | eval $supports_v2 || exit 2 && echo \"CPU supports x86-64-v2\"\necho \"$flags\" | eval $supports_v3 || exit 3 && echo \"CPU supports x86-64-v3\"\necho \"$flags\" | eval $supports_v4 || exit 4 && echo \"CPU supports x86-64-v4\"\nEOF\n\nchmod +x detect-cpu.sh\nsh detect-cpu.sh\n
Execute the command below to check the current CPU features. If the output contains sse4_2, it indicates that your processor supports SSE 4.2.
lscpu | grep sse4_2\n
"},{"location":"en/admin/ghippo/troubleshooting/ghippo03.html#solution","title":"Solution","text":"You need to upgrade your virtual machine or physical machine CPU to support x86-64-v2 and above, ensuring that the x86 CPU instruction set supports SSE4.2. For details on how to upgrade, you should consult your virtual machine platform provider or your physical machine provider.
For more information, see: https://github.com/keycloak/keycloak/issues/17290
"},{"location":"en/admin/ghippo/troubleshooting/ghippo04.html","title":"Failure to Upgrade Global Management Separately","text":"If the upgrade fails and includes the following message, you can refer to the Offline Upgrade section to complete the installation of CRDs by following the steps for updating the ghippo crd.
ensure CRDs are installed first\n
"},{"location":"en/admin/ghippo/workspace/folder-permission.html","title":"Description of folder permissions","text":"Folders have permission mapping capabilities, which can map the permissions of users/groups in this folder to subfolders, workspaces and resources under it.
If the user/group is Folder Admin role in this folder, it is still Folder Admin role when mapped to a subfolder, and Workspace Admin is mapped to the workspace under it; If a Namespace is bound in Workspace and Folder -> Resource Group , the user/group is also a Namespace Admin after mapping.
Note
The permission mapping capability of folders will not be applied to shared resources, because sharing is to share the use permissions of the cluster to multiple workspaces, rather than assigning management permissions to workspaces, so permission inheritance and role mapping will not be implemented.
"},{"location":"en/admin/ghippo/workspace/folder-permission.html#use-cases","title":"Use cases","text":"Folders have hierarchical capabilities, so when folders are mapped to departments/suppliers/projects in the enterprise,
Folders have the capability to map permissions, allowing users/user groups to have their permissions in the folder mapped to its sub-folders, workspaces, and resources.
Follow the steps below to create a folder:
Log in to AI platform with a user account having the admin/folder admin role. Click Global Management -> Workspace and Folder at the bottom of the left navigation bar.
Click the Create Folder button in the top right corner.
Fill in the folder name, parent folder, and other information, then click OK to complete creating the folder.
Tip
After successful creation, the folder name will be displayed in the left tree structure, represented by different icons for workspaces and folders.
Note
To edit or delete a specific folder, select it and Click \u2507 on the right side.
If there are resources bound to the resource group or shared resources within the folder, the folder cannot be deleted. All resources need to be unbound before deleting.
If there are registry resources accessed by the microservice engine module within the folder, the folder cannot be deleted. All access to the registry needs to be removed before deleting the folder.
Shared resources do not necessarily mean that the shared users can use the shared resources without any restrictions. Admin, Kpanda Owner, and Workspace Admin can limit the maximum usage quota of a user through the Resource Quota feature in shared resources. If no restrictions are set, it means the usage is unlimited.
A resource (cluster) can be shared among multiple workspaces, and a workspace can use resources from multiple shared clusters simultaneously.
"},{"location":"en/admin/ghippo/workspace/quota.html#resource-groups-and-shared-resources","title":"Resource Groups and Shared Resources","text":"Cluster resources in both shared resources and resource groups are derived from Container Management. However, different effects will occur when binding a cluster to a workspace or sharing it with a workspace.
Binding Resources
Users/User groups in the workspace will have full management and usage permissions for the cluster. Workspace Admin will be mapped as Cluster Admin. Workspace Admin can access the Container Management module to manage the cluster.
Note
As of now, there are no Cluster Editor and Cluster Viewer roles in the Container Management module. Therefore, Workspace Editor and Workspace Viewer cannot be mapped.
Adding Shared Resources
Users/User groups in the workspace will have usage permissions for the cluster resources.
Unlike resource groups, when sharing a cluster with a workspace, the roles of the users in the workspace will not be mapped to the resources. Therefore, Workspace Admin will not be mapped as Cluster Admin.
This section demonstrates three scenarios related to resource quotas.
"},{"location":"en/admin/ghippo/workspace/quota.html#create-namespaces","title":"Create Namespaces","text":"Creating a namespace involves resource quotas.
Add a shared cluster to workspace ws01 .
Select workspace ws01 and the shared cluster in Workbench, and create a namespace ns01 .
Prerequisite: Workspace ws01 has added a shared cluster, and the operator has the Workspace Admin + Kpanda Owner or Admin role.
The two methods of binding have the same effect.
Bind the created namespace ns01 to ws01 in Container Management.
Bind the namespace ns01 to ws01 in Global Management.
The two methods of unbinding have the same effect.
Unbind the namespace ns01 from workspace ws01 in Container Management.
Unbind the namespace ns01 from workspace ws01 in Global Management.
Both resource groups and shared resources support cluster binding, but they have significant differences in usage.
"},{"location":"en/admin/ghippo/workspace/res-gp-and-shared-res.html#differences-in-usage-scenarios","title":"Differences in Usage Scenarios","text":"Note: In this scenario, the platform administrator needs to impose resource restrictions on secondary suppliers. Currently, it is not supported to limit the cluster quota of secondary suppliers by the primary supplier.
"},{"location":"en/admin/ghippo/workspace/res-gp-and-shared-res.html#differences-in-cluster-quota-usage","title":"Differences in Cluster Quota Usage","text":"After binding to a cluster, both resource groups and shared resources can go to the Workbench to create namespaces, which will be automatically bound to the workspace.
"},{"location":"en/admin/ghippo/workspace/workspace.html","title":"Creating/Deleting Workspaces","text":"A workspace is a resource category that represents a hierarchical relationship of resources. A workspace can contain resources such as clusters, namespaces, and registries. Typically, each workspace corresponds to a project and different resources can be allocated, and different users and user groups can be assigned to each workspace.
Follow the steps below to create a workspace:
Log in to AI platform with a user account having the admin/folder admin role. Click Global Management -> Workspace and Folder at the bottom of the left navigation bar.
Click the Create Workspace button in the top right corner.
Fill in the workspace name, folder assignment, and other information, then click OK to complete creating the workspace.
Tip
After successful creation, the workspace name will be displayed in the left tree structure, represented by different icons for folders and workspaces.
Note
To edit or delete a specific workspace or folder, select it and click ... on the right side.
Workspace and Folder is a feature that provides resource isolation and grouping, addressing issues related to unified authorization, resource grouping, and resource quotas.
Workspace and Folder involves two concepts: workspaces and folders.
"},{"location":"en/admin/ghippo/workspace/ws-folder.html#workspaces","title":"Workspaces","text":"Workspaces allow the management of resources through Authorization , Resource Group , and Shared Resource , enabling users (and user groups) to share resources within the workspace.
Resources
Resources are at the lowest level of the hierarchy in the resource management module. They include clusters, namespaces, pipelines, gateways, and more. All these resources can only have workspaces as their parent level. Workspaces act as containers for grouping resources.
Workspace
A workspace usually refers to a project or environment, and the resources in each workspace are logically isolated from those in other workspaces. You can grant users (groups of users) different access rights to the same set of resources through authorization in the workspace.
Workspaces are at the first level, counting from the bottom of the hierarchy, and contain resources. All resources except shared resources have one and only one parent. All workspaces also have one and only one parent folder.
Resources are grouped by workspace, and there are two grouping modes in workspace, namely Resource Group and Shared Resource .
Resource group
A resource can only be added to one resource group, and resource groups correspond to workspaces one by one. After a resource is added to a resource group, Workspace Admin will obtain the management authority of the resource, which is equivalent to the owner of the resource.
Share resource
For shared resources, multiple workspaces can share one or more resources. Resource owners can choose to share their own resources with the workspace. Generally, when sharing, the resource owner will limit the amount of resources that can be used by the shared workspace. After resources are shared, Workspace Admin only has resource usage rights under the resource limit, and cannot manage resources or adjust the amount of resources that can be used by the workspace.
At the same time, shared resources also have certain requirements for the resources themselves. Only Cluster (cluster) resources can be shared. Cluster Admin can share Cluster resources to different workspaces, and limit the use of workspaces on this Cluster.
Workspace Admin can create multiple Namespaces within the resource quota, but the sum of the resource quotas of the Namespaces cannot exceed the resource quota of the Cluster in the workspace. For Kubernetes resources, the only resource type that can be shared currently is Cluster.
Folders can be used to build enterprise business hierarchy relationships.
Folders are a further grouping mechanism based on workspaces and have a hierarchical structure. A folder can contain workspaces, other folders, or a combination of both, forming a tree-like organizational relationship.
Folders allow you to map your business hierarchy and group workspaces by department. Folders are not directly linked to resources, but indirectly achieve resource grouping through workspaces.
A folder has one and only one parent folder, and the root folder is the highest level of the hierarchy. The root folder has no parent, and folders and workspaces are attached to the root folder.
In addition, users (groups) in folders can inherit permissions from their parents through a hierarchical structure. The permissions of the user in the hierarchical structure come from the combination of the permissions of the current level and the permissions inherited from its parents. The permissions are additive and there is no mutual exclusion.
"},{"location":"en/admin/ghippo/workspace/ws-permission.html","title":"Description of workspace permissions","text":"The workspace has permission mapping and resource isolation capabilities, and can map the permissions of users/groups in the workspace to the resources under it. If the user/group has the Workspace Admin role in the workspace and the resource Namespace is bound to the workspace-resource group, the user/group will become Namespace Admin after mapping.
Note
The permission mapping capability of the workspace will not be applied to shared resources, because sharing is to share the cluster usage permissions to multiple workspaces, rather than assigning management permissions to the workspaces, so permission inheritance and role mapping will not be implemented.
"},{"location":"en/admin/ghippo/workspace/ws-permission.html#use-cases","title":"Use cases","text":"Resource isolation is achieved by binding resources to different workspaces. Therefore, resources can be flexibly allocated to each workspace (tenant) with the help of permission mapping, resource isolation, and resource sharing capabilities.
Generally applicable to the following two use cases:
Cluster one-to-one
Ordinary Cluster Department/Tenant (Workspace) Purpose Cluster 01 A Administration and Usage Cluster 02 B Administration and UsageCluster one-to-many
Cluster Department/Tenant (Workspace) Resource Quota Cluster 01 A 100 core CPU B 50-core CPUFor the operation scope of the roles of Workspace Admin, Workspace Editor, and Workspace Viewer in each module, please refer to the permission description:
\u21a9
If a user John (\"John\" represents any user who is required to bind resources) has the Workspace Admin role assigned or has been granted proper permissions through a custom role, which includes the Workspace's \"Resource Binding\" Permissions, and wants to bind a specific cluster or namespace to the workspace.
To bind cluster/namespace resources to a workspace, not only the workspace's \"Resource Binding\" permissions are required, but also the permissions of Cluster Admin.
"},{"location":"en/admin/ghippo/workspace/wsbind-permission.html#granting-authorization-to-john","title":"Granting Authorization to John","text":"Using the Platform Admin Role, grant John the role of Workspace Admin on the Workspace -> Authorization page.
Then, on the Container Management -> Permissions page, authorize John as a Cluster Admin by Add Permission.
Using John's account to log in to AI platform, on the Container Management -> Clusters page, John can bind the specified cluster to his own workspace by using the Bind Workspace button.
Note
John can only bind clusters or namespaces to a specific workspace in the Container Management module, and cannot perform this operation in the Global Management module.
To bind a namespace to a workspace, you must have at least Workspace Admin and Cluster Admin permissions.
"},{"location":"en/admin/host/createhost.html","title":"Create and Start a Cloud Host","text":"After the user completes registration and is assigned a workspace, namespace, and resources, they can create and start a cloud host.
"},{"location":"en/admin/host/createhost.html#prerequisites","title":"Prerequisites","text":"Click Create Cloud Host -> Create from Template
After defining all configurations for the cloud host, click Next
Basic ConfigurationTemplate ConfigurationStorage and NetworkAfter configuring the root password or SSH key, click OK
Return to the host list and wait for the status to change to Running. After that, you can start the host by clicking the \u2507 on the right side.
Next step: Use the Cloud Host
"},{"location":"en/admin/host/usehost.html","title":"Using Cloud Host","text":"After creating and starting the cloud host, users can begin using it.
"},{"location":"en/admin/host/usehost.html#prerequisites","title":"Prerequisites","text":"Navigate to Container Management -> Container Network -> Services, click the service name to enter the service details page, and click Update at the top right corner.
Change the port range to 30900-30999, ensuring there are no conflicts.
Log in to the AI platform as an end user, navigate to the proper service, and check the access port.
Use an SSH client to log in to the cloud host from the external network.
At this point, you can perform various operations on the cloud host.
Next step: Cloud Resource Sharing: Quota Management
"},{"location":"en/admin/insight/alert-center/index.html","title":"Alert Center","text":"The Alert Center is an important feature provided by AI platform that allows users to easily view all active and historical alerts by cluster and namespace through a graphical interface, and search alerts based on severity level (critical, warning, info).
All alerts are triggered based on the threshold conditions set in the preset alert rules. In AI platform, some global alert policies are built-in, but users can also create or delete alert policies at any time, and set thresholds for the following metrics:
Users can also add labels and annotations to alert rules. Alert rules can be classified as active or expired, and certain rules can be enabled/disabled to achieve silent alerts.
When the threshold condition is met, users can configure how they want to be notified, including email, DingTalk, WeCom, webhook, and SMS notifications. All notification message templates can be customized and all messages are sent at specified intervals.
In addition, the Alert Center also supports sending alert messages to designated users through short message services provided by Alibaba Cloud, Tencent Cloud, and more platforms that will be added soon, enabling multiple ways of alert notification.
AI platform Alert Center is a powerful alert management platform that helps users quickly detect and resolve problems in the cluster, improve business stability and availability, and facilitate cluster inspection and troubleshooting.
"},{"location":"en/admin/insight/alert-center/alert-policy.html","title":"Alert Policies","text":"In addition to the built-in alert policies, AI platform allows users to create custom alert policies. Each alert policy is a collection of alert rules that can be set for clusters, nodes, and workloads. When an alert object reaches the threshold set by any of the rules in the policy, an alert is automatically triggered and a notification is sent.
Taking the built-in alerts as an example, click the first alert policy alertmanager.rules .
You can see that some alert rules have been set under it. You can add more rules under this policy, or edit or delete them at any time. You can also view the historical and active alerts related to this alert policy and edit the notification configuration.
"},{"location":"en/admin/insight/alert-center/alert-policy.html#create-alert-policies","title":"Create Alert Policies","text":"Select Alert Center -> Alert Policies , and click the Create Alert Policy button.
Fill in the basic information, select one or more clusters, nodes, or workloads as the alert objects, and click Next .
The list must have at least one rule. If the list is empty, please Add Rule .
Create an alert rule in the pop-up window, fill in the parameters, and click OK .
After clicking Next , configure notifications.
After the configuration is complete, click the OK button to return to the Alert Policy list.
Tip
The newly created alert policy is in the Not Triggered state. Once the threshold conditions and duration specified in the rules are met, it will change to the Triggered state.
"},{"location":"en/admin/insight/alert-center/alert-policy.html#create-log-rules","title":"Create Log Rules","text":"After filling in the basic information, click Add Rule and select Log Rule as the rule type.
Creating log rules is supported only when the resource object is selected as a node or workload.
Field Explanation:
After filling in the basic information, click Add Rule and select Event Rule as the rule type.
Creating event rules is supported only when the resource object is selected as a workload.
Field Explanation:
Click \u2507 at the right side of the list, then choose Delete from the pop-up menu to delete an alert policy. By clicking on the policy name, you can enter the policy details where you can add, edit, or delete the alert rules under it.
Warning
Deleted alert strategies will be permanently removed, so please proceed with caution.
"},{"location":"en/admin/insight/alert-center/alert-template.html","title":"Alert Template","text":"The Alert template allows platform administrators to create Alert templates and rules, and business units can directly use Alert templates to create Alert policies. This feature can reduce the management of Alert rules by business personnel and allow for modification of Alert thresholds based on actual environment conditions.
"},{"location":"en/admin/insight/alert-center/alert-template.html#create-alert-template","title":"Create Alert Template","text":"In the navigation bar, select Alert -> Alert Policy, and click Alert Template at the top.
Click Create Alert Template, and set the name, description, and other information for the Alert template.
Parameter Description Template Name The name can only contain lowercase letters, numbers, and hyphens (-), must start and end with a lowercase letter or number, and can be up to 63 characters long. Description The description can contain any characters and can be up to 256 characters long. Resource Type Used to specify the matching type of the Alert template. Alert Rule Supports pre-defined multiple Alert rules, including template rules and PromQL rules.Click OK to complete the creation and return to the Alert template list. Click the template name to view the template details.
Click \u2507 next to the target rule, then click Edit to enter the editing page for the suppression rule.
"},{"location":"en/admin/insight/alert-center/alert-template.html#delete-alert-template","title":"Delete Alert Template","text":"Click \u2507 next to the target template, then click Delete. Enter the name of the Alert template in the input box to confirm deletion.
"},{"location":"en/admin/insight/alert-center/inhibition.html","title":"Alert Inhibition","text":"Alert Inhibition is mainly a mechanism for temporarily hiding or reducing the priority of alerts that do not need immediate attention. The purpose of this feature is to reduce unnecessary alert information that may disturb operations personnel, allowing them to focus on more critical issues.
Alert inhibition recognizes and ignores certain alerts by defining a set of rules to deal with specific conditions. There are mainly the following conditions:
In the left navigation bar, select Alert -> Noise Reduction, and click Inhibition at the top.
Click Create Inhibition, and set the name and rules for the inhibition.
Note
The problem of avoiding multiple similar or related alerts that may be triggered by the same issue is achieved by defining a set of rules to identify and ignore certain alerts through Rule Details and Alert Details.
Parameter Description Name The name can only contain lowercase letters, numbers, and hyphens (-), must start and end with a lowercase letter or number, and can be up to 63 characters long. Description The description can contain any characters and can be up to 256 characters long. Cluster The cluster where the inhibition rule applies. Namespace The namespace where the inhibition rule applies. Source Alert Matching alerts by label conditions. It compares alerts that meet all label conditions with those that meet inhibition conditions, and alerts that do not meet inhibition conditions will be sent to the user as usual. Value range explanation: - Alert Level: The level of metric or event alerts, can be set as: Critical, Major, Minor. - Resource Type: The resource type specific for the alert object, can be set as: Cluster, Node, StatefulSet, Deployment, DaemonSet, Pod. - Labels: Alert identification attributes, consisting of label name and label value, supports user-defined values. Inhibition Specifies the matching conditions for the target alert (the alert to be inhibited). Alerts that meet all the conditions will no longer be sent to the user. Equal Specifies the list of labels to compare to determine if the source alert and target alert match. Inhibition is triggered only when the values of the labels specified inequal
are exactly the same in the source and target alerts. The equal
field is optional. If the equal
field is omitted, all labels are used for matching. Click OK to complete the creation and return to Inhibition list. Click the inhibition rule name to view the rule details.
In the left navigation bar, select Alert -> Alert Policy, and click the policy name to view the rule details.
!!! note\n\n You can add cuntom tags when adding rules.\n
"},{"location":"en/admin/insight/alert-center/inhibition.html#view-alert-details","title":"View Alert Details","text":"In the left navigation bar, select Alert -> Alerts, and click the policy name to view details.
!!! note\n\n Alert details show information and settings for creating inhibitions.\n
"},{"location":"en/admin/insight/alert-center/inhibition.html#edit-inhibition-rule","title":"Edit Inhibition Rule","text":"Click \u2507 next to the target rule, then click Edit to enter the editing page for the inhibition rule.
"},{"location":"en/admin/insight/alert-center/inhibition.html#delete-inhibition-rule","title":"Delete Inhibition Rule","text":"Click \u2507 next to the target rule, then click Delete. Enter the name of the inhibition rule in the input box to confirm deletion.
"},{"location":"en/admin/insight/alert-center/message.html","title":"Notification Settings","text":"On the Notification Settings page, you can configure how to send messages to users through email, WeCom, DingTalk, Webhook, and SMS.
"},{"location":"en/admin/insight/alert-center/message.html#email-group","title":"Email Group","text":"After entering Insight , click Alert Center -> Notification Settings in the left navigation bar. By default, the email notification object is selected. Click Add email group and add one or more email addresses.
Multiple email addresses can be added.
After the configuration is complete, the notification list will automatically return. Click \u2507 on the right side of the list to edit or delete the email group.
In the left navigation bar, click Alert Center -> Notification Settings -> WeCom . Click Add Group Robot and add one or more group robots.
For the URL of the WeCom group robot, please refer to the official document of WeCom: How to use group robots.
After the configuration is complete, the notification list will automatically return. Click \u2507 on the right side of the list, select Send Test Information , and you can also edit or delete the group robot.
In the left navigation bar, click Alert Center -> Notification Settings -> DingTalk . Click Add Group Robot and add one or more group robots.
For the URL of the DingTalk group robot, please refer to the official document of DingTalk: Custom Robot Access.
After the configuration is complete, the notification list will automatically return. Click \u2507 on the right side of the list, select Send Test Information , and you can also edit or delete the group robot.
In the left navigation bar, click Alert Center -> Notification Settings -> Lark . Click Add Group Bot and add one or more group bots.
Note
When signature verification is required in Lark's group bot, you need to fill in the specific signature key when enabling notifications. Refer to Customizing Bot User Guide.
After configuration, you will be automatically redirected to the list page. Click \u2507 on the right side of the list and select Send Test Message . You can edit or delete group bots.
In the left navigation bar, click Alert Center -> Notification Settings -> Webhook . Click New Webhook and add one or more Webhooks.
For the Webhook URL and more configuration methods, please refer to the webhook document.
After the configuration is complete, the notification list will automatically return. Click \u2507 on the right side of the list, select Send Test Information , and you can also edit or delete the Webhook.
Note
Alert messages are sent to the personal Message sector and notifications can be viewed by clicking \ud83d\udd14 at the top.
In the left navigation bar, click Alert Center -> Notification Settings -> Message\uff0cclick Create Message .
You can add and notify multiple users for a message.
After configuration, you will be automatically redirected to the list page. Click \u2507 on the right side of the list and select Send Test Message .
In the left navigation bar, click Alert Center -> Notification Settings -> SMS . Click Add SMS Group and add one or more SMS groups.
Enter the name, the object receiving the message, phone number, and notification server in the pop-up window.
The notification server needs to be created in advance under Notification Settings -> Notification Server . Currently, two cloud servers, Alibaba Cloud and Tencent Cloud, are supported. Please refer to your own cloud server information for the specific configuration parameters.
After the SMS group is successfully added, the notification list will automatically return. Click \u2507 on the right side of the list to edit or delete the SMS group.
The message template feature supports customizing the content of message templates and can notify specified objects in the form of email, WeCom, DingTalk, Webhook, and SMS.
"},{"location":"en/admin/insight/alert-center/msg-template.html#creating-a-message-template","title":"Creating a Message Template","text":"In the left navigation bar, select Alert -> Message Template .
Insight comes with two default built-in templates in both Chinese and English for user convenience.
Fill in the template content.
Info
Observability comes with predefined message templates. If you need to define the content of the templates, refer to Configure Notification Templates.
"},{"location":"en/admin/insight/alert-center/msg-template.html#message-template-details","title":"Message Template Details","text":"Click the name of a message template to view the details of the message template in the right slider.
Parameters Variable Description ruleName {{ .Labels.alertname }} The name of the rule that triggered the alert groupName {{ .Labels.alertgroup }} The name of the alert policy to which the alert rule belongs severity {{ .Labels.severity }} The level of the alert that was triggered cluster {{ .Labels.cluster }} The cluster where the resource that triggered the alert is located namespace {{ .Labels.namespace }} The namespace where the resource that triggered the alert is located node {{ .Labels.node }} The node where the resource that triggered the alert is located targetType {{ .Labels.target_type }} The resource type of the alert target target {{ .Labels.target }} The name of the object that triggered the alert value {{ .Annotations.value }} The metric value at the time the alert notification was triggered startsAt {{ .StartsAt }} The time when the alert started to occur endsAt {{ .EndsAt }} The time when the alert ended description {{ .Annotations.description }} A detailed description of the alert labels {{ for .labels }} {{ end }} All labels of the alert use thefor
function to iterate through the labels list to get all label contents."},{"location":"en/admin/insight/alert-center/msg-template.html#editing-or-deleting-a-message-template","title":"Editing or Deleting a Message Template","text":"Click \u2507 on the right side of the list and select Edit or Delete from the pop-up menu to modify or delete the message template.
Warning
Once a template is deleted, it cannot be recovered, so please use caution when deleting templates.
"},{"location":"en/admin/insight/alert-center/silent.html","title":"Alert Silence","text":"Alert silence is a feature that allows alerts meeting certain criteria to be temporarily disabled from sending notifications within a specific time range. This feature helps operations personnel avoid receiving too many noisy alerts during certain operations or events, while also allowing for more precise handling of real issues that need to be addressed.
On the Alert Silence page, you can see two tabs: Active Rule and Expired Rule. The former presents the rules currently in effect, while the latter presents those that were defined in the past but have now expired (or have been deleted by the user).
"},{"location":"en/admin/insight/alert-center/silent.html#creating-a-silent-rule","title":"Creating a Silent Rule","text":"In the left navigation bar, select Alert -> Noice Reduction -> Alert Silence , and click the Create Silence Rule button.
Fill in the parameters for the silent rule, such as cluster, namespace, tags, and time, to define the scope and effective time of the rule, and then click OK .
Return to the rule list, and on the right side of the list, click \u2507 to edit or delete a silent rule.
Through the Alert Silence feature, you can flexibly control which alerts should be ignored and when they should be effective, thereby improving operational efficiency and reducing the possibility of false alerts.
"},{"location":"en/admin/insight/alert-center/sms-provider.html","title":"Configure Notification Server","text":"Insight supports SMS notifications and currently sends alert messages using integrated Alibaba Cloud and Tencent Cloud SMS services. This article explains how to configure the SMS notification server in Insight. The variables supported in the SMS signature are the default variables in the message template. As the number of SMS characters is limited, it is recommended to choose more explicit variables.
For information on how to configure SMS recipients, refer to the document: Configure SMS Notification Group.
"},{"location":"en/admin/insight/alert-center/sms-provider.html#procedure","title":"Procedure","text":"Go to Alert Center -> Notification Settings -> Notification Server .
Click Add Notification Server .
Configure Alibaba Cloud server.
To apply for Alibaba Cloud SMS service, please refer to Alibaba Cloud SMS Service.
Field descriptions:
Please refer to Alibaba Cloud Variable Specification.
Note
Example: The template content defined in Alibaba Cloud is: ${severity}: ${alertname} triggered at ${startat}. Refer to the configuration in the parameter template.
Configure Tencent Cloud server.
To apply for Tencent Cloud SMS service, please refer to Tencent Cloud SMS.
Field descriptions:
Note
Example: The template content defined in Tencent Cloud is: {1}: {2} triggered at {3}. Refer to the configuration in the parameter template.
After installing the insight-agent in the cluster, Fluent Bit in insight-agent will collect logs in the cluster by default, including Kubernetes event logs, node logs, and container logs. Fluent Bit has already configured various log collection plugins, related filter plugins, and log output plugins. The working status of these plugins determines whether log collection is normal. Below is a dashboard for Fluent Bit that monitors the working conditions of each Fluent Bit in the cluster and the collection, processing, and export of plugin logs.
Use AI platform, enter Insight , and select the Dashboard in the left navigation bar.
Click the dashboard title Overview .
Switch to the insight-system -> Fluent Bit dashboard.
There are several check boxes above the Fluent Bit dashboard to select the input plugin, filter plugin, output plugin, and cluster in which it is located.
Here are some plugins for Fluent Bit .
Log Collection Plugin
Input Plugin Plugin Description Collection Directory tail.kube Collect container logs /var/log/containers/*.log tail.kubeevent Collect Kubernetes event logs /var/log/containers/-kubernetes-event-exporter.log tail.syslog.dmesg Collect host dmesg logs /var/log/dmesg tail.syslog.messages Collect frequently used host logs /var/log/secure, /var/log/messages, /var/log/syslog,/var/log/auth.log syslog.syslog.RSyslog Collect RSyslog logs systemd.syslog.systemd Collect Journald daemon logs tail.audit_log.k8s Collect Kubernetes audit logs /var/log//audit/.log tail.audit_log.ghippo Collect global management audit logs /var/log/containers/_ghippo-system_audit-log.log tail.skoala-gw Collect microservice gateway logs /var/log/containers/_skoala-gw.logLog Filter Plugin
Filter Plugin Plugin Description Lua.audit_log.k8s Use lua to filter Kubernetes audit logs that meet certain conditionsNote
There are more filter plugins than Lua.audit_log.k8s, which only introduces filters that will discard logs.
Log Output Plugin
Output Plugin Plugin Description es.kube.kubeevent.syslog Write Kubernetes audit logs, event logs, and syslog logs to ElasticSearch cluster forward.audit_log Send Kubernetes audit logs and global management audit logs to Global Management es.skoala Write request logs and instance logs of microservice gateway to ElasticSearch cluster"},{"location":"en/admin/insight/best-practice/debug-trace.html","title":"Trace Collection Troubleshooting Guide","text":"Before attempting to troubleshoot issues with trace data collection, you need to understand the transmission path of trace data. The following is a schematic diagram of the transmission of trace data:
graph TB\n\nsdk[Language proble / SDK] --> workload[Workload cluster otel collector]\n--> otel[Global cluster otel collector]\n--> jaeger[Global cluster jaeger collector]\n--> es[Elasticsearch cluster]\n\nclassDef plain fill:#ddd,stroke:#fff,stroke-width:1px,color:#000;\nclassDef k8s fill:#326ce5,stroke:#fff,stroke-width:1px,color:#fff;\nclassDef cluster fill:#fff,stroke:#bbb,stroke-width:1px,color:#326ce5;\n\nclass sdk,workload,otel,jaeger,es cluster
As shown in the above figure, any transmission failure at any step will result in the inability to query trace data. If you find that there is no trace data after completing the application trace enhancement, please perform the following steps:
Use AI platform, enter Insight , and select the Dashboard in the left navigation bar.
Click the dashboard title Overview .
Switch to the insight-system -> insight tracing debug dashboard.
You can see that this dashboard is composed of three blocks, each responsible for monitoring the data transmission of different clusters and components. Check whether there are problems with trace data transmission through the generated time series chart.
workload opentelemetry collector
Display the opentelemetry collector in different worker clusters receiving language probe/SDK trace data and sending aggregated trace data. You can select the cluster where it is located by the Cluster selection box in the upper left corner.
Note
Based on these four time series charts, you can determine whether the opentelemetry collector in this cluster is running normally.
global opentelemetry collector
Display the opentelemetry collector in the Global Service Cluster receiving trace data from the worker cluster's opentelemetry collector and sending aggregated trace data.
Note
The opentelemetry collector in the Global Management Cluster is also responsible for sending audit logs of all worker clusters' global management module and Kubernetes audit logs (not collected by default) to the audit server component of the global management module.
global jaeger collector
Display the jaeger collector in the Global Management Cluster receiving data from the otel collector in the Global Management Cluster and sending trace data to the ElasticSearch cluster.
This article serves as a guide on using Insight to identify and analyze abnormal components in AI platform and determine the root causes of component exceptions.
Please note that this post assumes you have a basic understanding of Insight's product features or vision.
"},{"location":"en/admin/insight/best-practice/find_root_cause.html#service-map-identifying-abnormalities-on-a-macro-level","title":"Service Map - Identifying Abnormalities on a Macro Level","text":"In enterprise microservice architectures, managing a large number of services with complex interdependencies can be challenging. Insight offers service map monitoring, allowing users to gain a high-level overview of the running microservices in the system.
In the example below, you observe that the node insight-server is highlighted in red/yellow on the service map. By hovering over the node, you can see the error rate associated with it. To investigate further and understand why the error rate is not 0 , you can explore more detailed information:
Alternatively, clicking on the service name at the top will take you to the service's overview UI:
"},{"location":"en/admin/insight/best-practice/find_root_cause.html#service-overview-delving-into-detailed-analysis","title":"Service Overview - Delving into Detailed Analysis","text":"When it becomes necessary to analyze inbound and outbound traffic separately, you can use the filter in the upper right corner to refine the data. After applying the filter, you can observe that the service has multiple operations proper to a non-zero error rate. To investigate further, you can inspect the traces generated by these operations during a specific time period by clicking on \"View Traces\":
"},{"location":"en/admin/insight/best-practice/find_root_cause.html#trace-details-identifying-and-eliminating-root-causes-of-errors","title":"Trace Details - Identifying and Eliminating Root Causes of Errors","text":"In the trace list, you can easily identify traces marked as error (circled in red in the figure above) and examine their details by clicking on the proper trace. The following figure illustrates the trace details:
Within the trace diagram, you can quickly locate the last piece of data in an error state. Expanding the associated logs section reveals the cause of the request error:
Following the above analysis method, you can also identify traces related to other operation errors:
"},{"location":"en/admin/insight/best-practice/find_root_cause.html#lets-get-started-with-your-analysis","title":"Let's Get Started with Your Analysis!","text":""},{"location":"en/admin/insight/best-practice/insight-kafka.html","title":"Kafka + Elasticsearch Stream Architecture for Handling Large-Scale Logs","text":"
As businesses grow, the amount of log data generated by applications increases significantly. To ensure that systems can properly collect and analyze massive amounts of log data, it is common practice to introduce a streaming architecture using Kafka to handle asynchronous data collection. The collected log data flows through Kafka and is consumed by proper components, which then store the data into Elasticsearch for visualization and analysis using Insight.
This article will introduce two solutions:
Once we integrate Kafka into the logging system, the data flow diagram looks as follows:
Both solutions share similarities but differ in the component used to consume Kafka data. To ensure compatibility with Insight's data analysis, the format of the data consumed from Kafka and written into Elasticsearch should be consistent with the data directly written by Fluentbit to Elasticsearch.
Let's first see how Fluentbit writes logs to Kafka:
"},{"location":"en/admin/insight/best-practice/insight-kafka.html#modifying-fluentbit-output-configuration","title":"Modifying Fluentbit Output Configuration","text":"Once the Kafka cluster is ready, we need to modify the content of the insight-system namespace's ConfigMap . We will add three Kafka outputs and comment out the original three Elasticsearch outputs:
Assuming the Kafka Brokers address is: insight-kafka.insight-system.svc.cluster.local:9092
[OUTPUT]\n Name kafka\n Match_Regex (?:kube|syslog)\\.(.*)\n Brokers insight-kafka.insight-system.svc.cluster.local:9092\n Topics insight-logs\n format json\n timestamp_key @timestamp\n rdkafka.batch.size 65536\n rdkafka.compression.level 6\n rdkafka.compression.type lz4\n rdkafka.linger.ms 0\n rdkafka.log.connection.close false\n rdkafka.message.max.bytes 2.097152e+06\n rdkafka.request.required.acks 1\n [OUTPUT]\n Name kafka\n Match_Regex (?:skoala-gw)\\.(.*)\n Brokers insight-kafka.insight-system.svc.cluster.local:9092\n Topics insight-gw-skoala\n format json\n timestamp_key @timestamp\n rdkafka.batch.size 65536\n rdkafka.compression.level 6\n rdkafka.compression.type lz4\n rdkafka.linger.ms 0\n rdkafka.log.connection.close false\n rdkafka.message.max.bytes 2.097152e+06\n rdkafka.request.required.acks 1\n [OUTPUT]\n Name kafka\n Match_Regex (?:kubeevent)\\.(.*)\n Brokers insight-kafka.insight-system.svc.cluster.local:9092\n Topics insight-event\n format json\n timestamp_key @timestamp\n rdkafka.batch.size 65536\n rdkafka.compression.level 6\n rdkafka.compression.type lz4\n rdkafka.linger.ms 0\n rdkafka.log.connection.close false\n rdkafka.message.max.bytes 2.097152e+06\n rdkafka.request.required.acks 1\n
Next, let's discuss the subtle differences in consuming Kafka data and writing it to Elasticsearch. As mentioned at the beginning of this article, we will explore Logstash and Vector as two ways to consume Kafka data.
"},{"location":"en/admin/insight/best-practice/insight-kafka.html#consuming-kafka-and-writing-to-elasticsearch","title":"Consuming Kafka and Writing to Elasticsearch","text":"Assuming the Elasticsearch address is: https://mcamel-common-es-cluster-es-http.mcamel-system:9200
If you are familiar with the Logstash technology stack, you can continue using this approach.
When deploying Logstash via Helm, you can add the following pipeline in the logstashPipeline section:
replicas: 3\nresources:\n requests:\n cpu: 100m\n memory: 1536Mi\n limits:\n cpu: 1000m\n memory: 1536Mi\nlogstashConfig:\n logstash.yml: |\n http.host: 0.0.0.0\n xpack.monitoring.enabled: false\nlogstashPipeline:\n insight-event.conf: |\n input {\n kafka {\n add_field => {\"kafka_topic\" => \"insight-event\"}\n topics => [\"insight-event\"] \n bootstrap_servers => \"172.30.120.189:32082\" # kafka\u7684ip \u548c\u7aef\u53e3\n enable_auto_commit => true\n consumer_threads => 1 # \u5bf9\u5e94 partition \u7684\u6570\u91cf\n decorate_events => true\n codec => \"plain\"\n }\n }\n\n filter {\n mutate { gsub => [ \"message\", \"@timestamp\", \"_@timestamp\"] }\n json {source => \"message\"}\n date {\n match => [ \"_@timestamp\", \"UNIX\" ]\n remove_field => \"_@timestamp\"\n remove_tag => \"_timestampparsefailure\"\n }\n mutate {\n remove_field => [\"event\", \"message\"]\n }\n }\n\n output {\n if [kafka_topic] == \"insight-event\" {\n elasticsearch {\n hosts => [\"https://172.30.120.201:32427\"] # elasticsearch \u5730\u5740\n user => 'elastic' # elasticsearch \u7528\u6237\u540d\n ssl => 'true'\n password => '0OWj4D54GTH3xK06f9Gg01Zk' # elasticsearch \u5bc6\u7801\n ssl_certificate_verification => 'false'\n action => \"create\"\n index => \"insight-es-k8s-event-logs-alias\"\n data_stream => \"false\"\n }\n }\n }\n insight-gw-skoala.conf: |\n input {\n kafka {\n add_field => {\"kafka_topic\" => \"insight-gw-skoala\"}\n topics => [\"insight-gw-skoala\"] \n bootstrap_servers => \"172.30.120.189:32082\"\n enable_auto_commit => true\n consumer_threads => 1\n decorate_events => true\n codec => \"plain\"\n }\n }\n\n filter {\n mutate { gsub => [ \"message\", \"@timestamp\", \"_@timestamp\"] }\n json {source => \"message\"}\n date {\n match => [ \"_@timestamp\", \"UNIX\" ]\n remove_field => \"_@timestamp\"\n remove_tag => \"_timestampparsefailure\"\n }\n mutate {\n remove_field => [\"event\", \"message\"]\n }\n }\n\n output {\n if [kafka_topic] == \"insight-gw-skoala\" {\n elasticsearch {\n hosts => [\"https://172.30.120.201:32427\"]\n user => 'elastic'\n ssl => 'true'\n password => '0OWj4D54GTH3xK06f9Gg01Zk'\n ssl_certificate_verification => 'false'\n action => \"create\"\n index => \"skoala-gw-alias\"\n data_stream => \"false\"\n }\n }\n }\n insight-logs.conf: |\n input {\n kafka {\n add_field => {\"kafka_topic\" => \"insight-logs\"}\n topics => [\"insight-logs\"] \n bootstrap_servers => \"172.30.120.189:32082\" \n enable_auto_commit => true\n consumer_threads => 1\n decorate_events => true\n codec => \"plain\"\n }\n }\n\n filter {\n mutate { gsub => [ \"message\", \"@timestamp\", \"_@timestamp\"] }\n json {source => \"message\"}\n date {\n match => [ \"_@timestamp\", \"UNIX\" ]\n remove_field => \"_@timestamp\"\n remove_tag => \"_timestampparsefailure\"\n }\n mutate {\n remove_field => [\"event\", \"message\"]\n }\n }\n\n output {\n if [kafka_topic] == \"insight-logs\" {\n elasticsearch {\n hosts => [\"https://172.30.120.201:32427\"]\n user => 'elastic'\n ssl => 'true'\n password => '0OWj4D54GTH3xK06f9Gg01Zk'\n ssl_certificate_verification => 'false'\n action => \"create\"\n index => \"insight-es-k8s-logs-alias\"\n data_stream => \"false\"\n }\n }\n }\n
"},{"location":"en/admin/insight/best-practice/insight-kafka.html#consumption-with-vector","title":"Consumption with Vector","text":"If you are familiar with the Vector technology stack, you can continue using this approach.
When deploying Vector via Helm, you can reference a ConfigMap with the following rules:
metadata:\n name: vector\napiVersion: v1\ndata:\n aggregator.yaml: |\n api:\n enabled: true\n address: '0.0.0.0:8686'\n sources:\n insight_logs_kafka:\n type: kafka\n bootstrap_servers: 'insight-kafka.insight-system.svc.cluster.local:9092'\n group_id: consumer-group-insight\n topics:\n - insight-logs\n insight_event_kafka:\n type: kafka\n bootstrap_servers: 'insight-kafka.insight-system.svc.cluster.local:9092'\n group_id: consumer-group-insight\n topics:\n - insight-event\n insight_gw_skoala_kafka:\n type: kafka\n bootstrap_servers: 'insight-kafka.insight-system.svc.cluster.local:9092'\n group_id: consumer-group-insight\n topics:\n - insight-gw-skoala\n transforms:\n insight_logs_remap:\n type: remap\n inputs:\n - insight_logs_kafka\n source: |2\n . = parse_json!(string!(.message))\n .@timestamp = now()\n insight_event_kafka_remap:\n type: remap\n inputs:\n - insight_event_kafka\n - insight_gw_skoala_kafka\n source: |2\n . = parse_json!(string!(.message))\n .@timestamp = now()\n insight_gw_skoala_kafka_remap:\n type: remap\n inputs:\n - insight_gw_skoala_kafka\n source: |2\n . = parse_json!(string!(.message))\n .@timestamp = now()\n sinks:\n insight_es_logs:\n type: elasticsearch\n inputs:\n - insight_logs_remap\n api_version: auto\n auth:\n strategy: basic\n user: elastic\n password: 8QZJ656ax3TXZqQh205l3Ee0\n bulk:\n index: insight-es-k8s-logs-alias-1418\n endpoints:\n - 'https://mcamel-common-es-cluster-es-http.mcamel-system:9200'\n tls:\n verify_certificate: false\n verify_hostname: false\n insight_es_event:\n type: elasticsearch\n inputs:\n - insight_event_kafka_remap\n api_version: auto\n auth:\n strategy: basic\n user: elastic\n password: 8QZJ656ax3TXZqQh205l3Ee0\n bulk:\n index: insight-es-k8s-event-logs-alias-1418\n endpoints:\n - 'https://mcamel-common-es-cluster-es-http.mcamel-system:9200'\n tls:\n verify_certificate: false\n verify_hostname: false\n insight_es_gw_skoala:\n type: elasticsearch\n inputs:\n - insight_gw_skoala_kafka_remap\n api_version: auto\n auth:\n strategy: basic\n user: elastic\n password: 8QZJ656ax3TXZqQh205l3Ee0\n bulk:\n index: skoala-gw-alias-1418\n endpoints:\n - 'https://mcamel-common-es-cluster-es-http.mcamel-system:9200'\n tls:\n verify_certificate: false\n verify_hostname: false\n
"},{"location":"en/admin/insight/best-practice/insight-kafka.html#checking-if-its-working-properly","title":"Checking if it's Working Properly","text":"You can verify if the configuration is successful by checking if there are new data in the Insight log query interface or observing an increase in the number of indices in Elasticsearch.
"},{"location":"en/admin/insight/best-practice/insight-kafka.html#references","title":"References","text":"DeepFlow is an observability product based on eBPF. Its community edition has been integrated into Insight. The following is the integration process.
"},{"location":"en/admin/insight/best-practice/integration_deepflow.html#prerequisites","title":"Prerequisites","text":"Installing DeepFlow components requires two charts:
deepflow
: includes components such as deepflow-app
, deepflow-server
, deepflow-clickhouse
, and deepflow-agent
. Generally, deepflow
is deployed in the global service cluster, so it also installs deepflow-agent
together.deepflow-agent
: only includes the deepflow-agent
component, used to collect eBPF data and send it to deepflow-server
.DeepFlow needs to be installed in the global service cluster.
Go to the kpanda-global-cluster cluster and click Helm Apps -> Helm Charts in the left navigation bar, select community as the repository, and search for deepflow
in the search box:
Click the deepflow card to enter the details page:
Click Install to enter the installation page:
Most of the values have default values. Clickhouse and Mysql require applying storage volumes, and their default sizes are 10Gi. You can search for relevant configurations and modify them using the persistence keyword.
After configuring, click OK to start the installation.
After installing DeepFlow, you also need to enable the related feature switches in Insight.
Click ConfigMps & Keys -> ConfigMaps in the left navigation bar, search for insight-server-config in the search box, and edit it:
In the YAML, find the eBPF Flow feature switch and enable it:
Save the changes and restart insight-server. The Insight main page will display Network Observability :
DeepFlow Agent is installed in the sub-cluster using the deepflow-agent
chart. It is used to collect eBPF observability data from the sub-cluster and report it to the global service cluster. Similar to installing deepflow
, go to Helm Apps -> Helm Charts, select community as the repository, and search for deepflow-agent
in the search box. Follow the process to enter the installation page.
Parameter Explanation:
daemonset
.Asia/Shanghai
.30035
.After configuring, click OK to complete the installation.
"},{"location":"en/admin/insight/best-practice/integration_deepflow.html#usage","title":"Usage","text":"After correctly installing DeepFlow, click Network Observability to enter the DeepFlow Grafana UI. It contains a large number of dashboards for viewing and helping analyze issues. Click DeepFlow Templates to browse all available dashboards:
"},{"location":"en/admin/insight/best-practice/sw-to-otel.html","title":"Simplifying Trace Data Integration with OpenTelemetry and SkyWalking","text":"This article explains how to seamlessly integrate trace data from SkyWalking into the Insight platform, using OpenTelemetry. With zero code modification required, you can transform your existing SkyWalking trace data and leverage Insight's capabilities.
"},{"location":"en/admin/insight/best-practice/sw-to-otel.html#understanding-the-code","title":"Understanding the Code","text":"To ensure compatibility with different distributed tracing implementations, OpenTelemetry provides a way to incorporate components that standardize data processing and output to various backends. While Jaeger and Zipkin are already available, we have contributed the SkyWalkingReceiver to the OpenTelemetry community. This receiver has been refined and is now suitable for use in production environments without any modifications to your application's code.
Although SkyWalking and OpenTelemetry share similarities, such as using Trace to define a trace and Span to mark the smallest granularity, there are differences in certain details and implementations:
SkyWalking OpenTelemetry Data Structure Span -> Segment -> Trace Span -> Trace Attribute Information Tags Attributes Application Time Logs Events Reference Relationship References LinksNow, let's discuss the steps involved in converting SkyWalking Trace to OpenTelemetry Trace. The main tasks include:
Constructing OpenTelemetry's TraceId and SpanId
Constructing OpenTelemetry's ParentSpanId
Retaining SkyWalking's original TraceId, SegmentId, and SpanId in OpenTelemetry Spans
First, let's look at how to construct the TraceId and SpanId for OpenTelemetry. Both SkyWalking and OpenTelemetry use TraceId to connect distributed service calls and use SpanId to mark each Span, but there are significant differences in the implementation specifications:
Info
View GitHub for code implementation\uff1a
Specifically, the possible formats for SkyWalking TraceId and SegmentId are as follows:
In the OpenTelemetry protocol, a Span is unique across all Traces, while in SkyWalking, a Span is only unique within each Segment. This means that to uniquely identify a Span in SkyWalking, it is necessary to combine the SegmentId and SpanId, and convert it to the SpanId in OpenTelemetry.
Info
View GitHub for code implementation\uff1a
Next, let's see how to construct the ParentSpanId for OpenTelemetry. Within a Segment, the ParentSpanId field in SkyWalking can be directly used to construct the ParentSpanId field in OpenTelemetry. However, when a Trace spans multiple Segments, SkyWalking uses the association information represented by ParentTraceSegmentId and ParentSpanId in the Reference. In this case, the ParentSpanId in OpenTelemetry needs to be constructed using the information in the Reference.
Code implementation can be found on GitHub: Skywalking Receiver
Finally, let's see how to preserve the original TraceId, SegmentId, and SpanId from SkyWalking in the OpenTelemetry Span. We carry these original information to associate the OpenTelemetry TraceId and SpanId displayed in the distributed tracing backend with the SkyWalking TraceId, SegmentId, and SpanId in the application logs. We choose to carry the original TraceId, SegmentId, and ParentSegmentId from SkyWalking to the OpenTelemetry Attributes.
Info
View GitHub for code implementation\uff1a
After this series of conversions, we have fully transformed the SkyWalking Segment Object into an OpenTelemetry Trace, as shown in the following diagram:
"},{"location":"en/admin/insight/best-practice/sw-to-otel.html#deploying-the-demo","title":"Deploying the Demo","text":"To demonstrate the complete process of collecting and displaying SkyWalking tracing data using OpenTelemetry, we will use a demo application.
First, deploy the OpenTelemetry Agent and enable the following configuration to ensure compatibility with the SkyWalking protocol:
# otel-agent config\nreceivers:\n skywalking:\n protocols:\n grpc:\n endpoint: 0.0.0.0:11800 # Receive trace data reported by the SkyWalking Agent\n http: \n endpoint: 0.0.0.0:12800 # Receive trace data reported from the front-end / nginx or other HTTP protocols\nservice: \n pipelines: \n traces: \n receivers: [skywalking]\n\n# otel-agent service yaml\nspec:\n ports: \n - name: sw-http\n port: 12800 \n protocol: TCP \n targetPort: 12800 \n - name: sw-grpc \n port: 11800 \n protocol: TCP \n targetPort: 11800\n
Next, modify the connection of your business application from the SkyWalking OAP Service (e.g., oap:11800) to the OpenTelemetry Agent Service (e.g., otel-agent:11800). This will allow you to start receiving trace data from the SkyWalking probe using OpenTelemetry.
To demonstrate the entire process, we will use the SkyWalking-showcase Demo. This demo utilizes the SkyWalking Agent for tracing, and after being processed by OpenTelemetry, the final results are presented using Jaeger:
From the architecture diagram of the SkyWalking Showcase, we can observe that the data remains intact even after standardization by OpenTelemetry. In this trace, the request starts from app/homepage, then two requests /rcmd and /songs/top are initiated simultaneously within the app, distributed to the recommendation and songs services, and finally reach the database for querying, completing the entire request chain.
Additionally, you can view the original SkyWalking Id information on the Jaeger page, which facilitates correlation with application logs:
By following these steps, you can seamlessly integrate SkyWalking trace data into OpenTelemetry and leverage the capabilities of the Insight platform.
"},{"location":"en/admin/insight/best-practice/tail-based-sampling.html","title":"About Trace Sampling and Configuration","text":"Using distributed tracing, you can observe how requests flow through various systems in a distributed system. Undeniably, it is very useful for understanding service connections, diagnosing latency issues, and providing many other benefits.
However, if most of your requests are successful and there are no unacceptable delays or errors, do you really need all this data? Therefore, you only need to achieve the right insights through appropriate data sampling rather than a large amount or complete data.
The idea behind sampling is to control the traces sent to the observability collector, thereby reducing collection costs. Different organizations have different reasons for sampling, including why they want to sample and what types of data they wish to sample. Therefore, we need to customize the sampling strategy:
It is important to use consistent terminology when discussing sampling. A Trace or Span is considered sampled or unsampled:
Head sampling is a sampling technique used to make a sampling decision as early as possible. A decision to sample or drop a span or trace is not made by inspecting the trace as a whole.
For example, the most common form of head sampling is Consistent Probability Sampling. This is also be referred to as Deterministic Sampling. In this case, a sampling decision is made based on the trace ID and the desired percentage of traces to sample. This ensures that whole traces are sampled - no missing spans - at a consistent rate, such as 5% of all traces.
The upsides to head sampling are: - Easy to understand - Easy to configure - Efficient - Can be done at any point in the trace collection pipeline
The primary downside to head sampling is that it is not possible to make a sampling decision based on data in the entire trace. This means that while head sampling is effective as a blunt instrument, but it is completely insufficient for sampling strategies that must consider information from the entire system. For example, you cannot ensure that all traces with an error within them are sampled with head sampling alone. For this situation and many others, you need tail sampling.
"},{"location":"en/admin/insight/best-practice/tail-based-sampling.html#tail-sampling-recommended","title":"Tail Sampling (Recommended)","text":"Tail sampling is where the decision to sample a trace takes place by considering all or most of the spans within the trace. Tail Sampling gives you the option to sample your traces based on specific criteria derived from different parts of a trace, which isn\u2019t an option with Head Sampling.
Some examples of how to use tail sampling include:
As you can see, tail sampling allows for a much higher degree of sophistication in how you sample data. For larger systems that must sample telemetry, it is almost always necessary to use Tail Sampling to balance data volume with the usefulness of that data.
There are three primary downsides to tail sampling today:
Finally, for some systems, tail sampling might be used in conjunction with Head Sampling. For example, a set of services that produce an extremely high volume of trace data might first use head sampling to sample only a small percentage of traces, and then later in the telemetry pipeline use tail sampling to make more sophisticated sampling decisions before exporting to a backend. This is often done in the interest of protecting the telemetry pipeline from being overloaded.
Insight currently recommends using tail sampling and prioritizes support for tail sampling.
The tail sampling processor samples traces based on a defined set of strategies. However, all spans of a trace must be received by the same collector instance to make effective sampling decisions.
Therefore, adjustments need to be made to the Global OpenTelemetry Collector architecture of Insight to implement the tail sampling strategy.
"},{"location":"en/admin/insight/best-practice/tail-based-sampling.html#specific-changes-to-insight","title":"Specific Changes to Insight","text":"Introduce an Opentelemetry Collector Gateway component with load balancing capabilities in front of the insight-opentelemetry-collector
in the Global cluster, allowing the same group of Traces to be routed to the same Opentelemetry Collector instance based on the TraceID.
Deploy an OTEL COL Gateway component with load balancing capabilities.
If you are using Insight V0.25.x, you can quickly enable this by using the Helm Upgrade parameter --set opentelemetry-collector-gateway.enabled=true
, thereby skipping the deployment process described below.
Refer to the following YAML to deploy the component.
Click to view deployment configurationkind: ClusterRole\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n name: insight-otel-collector-gateway\nrules:\n- apiGroups: [\"\"]\n resources: [\"endpoints\"]\n verbs: [\"get\", \"watch\", \"list\"]\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: insight-otel-collector-gateway\n namespace: insight-system\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n name: insight-otel-collector-gateway\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: insight-otel-collector-gateway\nsubjects:\n- kind: ServiceAccount\n name: insight-otel-collector-gateway\n namespace: insight-system\n---\nkind: ConfigMap\nmetadata:\n labels:\n app.kubernetes.io/component: opentelemetry-collector\n app.kubernetes.io/instance: insight-otel-collector-gateway\n app.kubernetes.io/name: insight-otel-collector-gateway\n name: insight-otel-collector-gateway-collector\n namespace: insight-system\napiVersion: v1\ndata:\n collector.yaml: |\n receivers:\n otlp:\n protocols:\n grpc:\n http:\n jaeger:\n protocols:\n grpc:\n processors:\n\n extensions:\n health_check:\n pprof:\n endpoint: :1888\n zpages:\n endpoint: :55679\n exporters:\n logging:\n loadbalancing:\n routing_key: \"traceID\"\n protocol:\n otlp:\n # all options from the OTLP exporter are supported\n # except the endpoint\n timeout: 1s\n tls:\n insecure: true\n resolver:\n k8s:\n service: insight-opentelemetry-collector\n ports:\n - 4317\n service:\n extensions: [pprof, zpages, health_check]\n pipelines:\n traces:\n receivers: [otlp, jaeger]\n exporters: [loadbalancing]\n---\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n labels:\n app.kubernetes.io/component: opentelemetry-collector\n app.kubernetes.io/instance: insight-otel-collector-gateway\n app.kubernetes.io/name: insight-otel-collector-gateway\n name: insight-otel-collector-gateway\n namespace: insight-system\nspec:\n replicas: 2\n selector:\n matchLabels:\n app.kubernetes.io/component: opentelemetry-collector\n app.kubernetes.io/instance: insight-otel-collector-gateway\n app.kubernetes.io/name: insight-otel-collector-gateway\n template:\n metadata:\n labels:\n app.kubernetes.io/component: opentelemetry-collector\n app.kubernetes.io/instance: insight-otel-collector-gateway\n app.kubernetes.io/name: insight-otel-collector-gateway\n spec:\n containers:\n - args:\n - --config=/conf/collector.yaml\n env:\n - name: POD_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.name\n image: ghcr.m.daocloud.io/openinsight-proj/opentelemetry-collector-contrib:5baef686672cfe5551e03b5c19d3072c432b6f33\n imagePullPolicy: IfNotPresent\n livenessProbe:\n failureThreshold: 3\n httpGet:\n path: /\n port: 13133\n scheme: HTTP\n periodSeconds: 10\n successThreshold: 1\n timeoutSeconds: 1\n name: otc-container\n resources:\n limits:\n cpu: '1'\n memory: 2Gi\n requests:\n cpu: 100m\n memory: 400Mi\n ports:\n - containerPort: 14250\n name: jaeger-grpc\n protocol: TCP\n - containerPort: 8888\n name: metrics\n protocol: TCP\n - containerPort: 4317\n name: otlp-grpc\n protocol: TCP\n - containerPort: 4318\n name: otlp-http\n protocol: TCP\n - containerPort: 55679\n name: zpages\n protocol: TCP\n\n volumeMounts:\n - mountPath: /conf\n name: otc-internal\n\n serviceAccount: insight-otel-collector-gateway\n serviceAccountName: insight-otel-collector-gateway\n volumes:\n - configMap:\n defaultMode: 420\n items:\n - key: collector.yaml\n path: collector.yaml\n name: insight-otel-collector-gateway-collector\n name: otc-internal\n---\nkind: Service\napiVersion: v1\nmetadata:\n name: insight-opentelemetry-collector-gateway\n namespace: insight-system\n labels:\n app.kubernetes.io/component: opentelemetry-collector\n app.kubernetes.io/instance: insight-otel-collector-gateway\n app.kubernetes.io/name: insight-otel-collector-gateway\nspec:\n ports:\n - name: fluentforward\n protocol: TCP\n port: 8006\n targetPort: 8006\n - name: jaeger-compact\n protocol: UDP\n port: 6831\n targetPort: 6831\n - name: jaeger-grpc\n protocol: TCP\n port: 14250\n targetPort: 14250\n - name: jaeger-thrift\n protocol: TCP\n port: 14268\n targetPort: 14268\n - name: metrics\n protocol: TCP\n port: 8888\n targetPort: 8888\n - name: otlp\n protocol: TCP\n appProtocol: grpc\n port: 4317\n targetPort: 4317\n - name: otlp-http\n protocol: TCP\n port: 4318\n targetPort: 4318\n - name: zipkin\n protocol: TCP\n port: 9411\n targetPort: 9411\n - name: zpages\n protocol: TCP\n port: 55679\n targetPort: 55679\n selector:\n app.kubernetes.io/component: opentelemetry-collector\n app.kubernetes.io/instance: insight-otel-collector-gateway\n app.kubernetes.io/name: insight-otel-collector-gateway\n
Configure Tail Sampling Rules
Note
Tail sampling rules need to be added to the existing insight-otel-collector-config configmap configuration group.
Add the following content in the processor
section, and adjust the specific rules as needed, refer to the OTel official example.
........\ntail_sampling:\n decision_wait: 10s # Wait for 10 seconds, traces older than 10 seconds will no longer be processed\n num_traces: 1500000 # Number of traces saved in memory, assuming 1000 traces per second, should not be less than 1000 * decision_wait * 2;\n # Setting it too large may consume too much memory resources, setting it too small may cause some traces to be dropped\n expected_new_traces_per_sec: 10\n policies: # Reporting policies\n [\n {\n name: latency-policy,\n type: latency, # Report traces that exceed 500ms\n latency: {threshold_ms: 500}\n },\n {\n name: status_code-policy,\n type: status_code, # Report traces with ERROR status code\n status_code: {status_codes: [ ERROR ]}\n }\n ]\n......\ntail_sampling: # Composite sampling\n decision_wait: 10s # Wait for 10 seconds, traces older than 10 seconds will no longer be processed\n num_traces: 1500000 # Number of traces saved in memory, assuming 1000 traces per second, should not be less than 1000 * decision_wait * 2;\n # Setting it too large may consume too much memory resources, setting it too small may cause some traces to be dropped\n expected_new_traces_per_sec: 10\n policies: [\n {\n name: debug-worker-cluster-sample-policy,\n type: and,\n and:\n {\n and_sub_policy:\n [\n {\n name: service-name-policy,\n type: string_attribute,\n string_attribute:\n { key: k8s.cluster.id, values: [xxxxxxx] },\n },\n {\n name: trace-status-policy,\n type: status_code,\n status_code: { status_codes: [ERROR] },\n },\n {\n name: probabilistic-policy,\n type: probabilistic,\n probabilistic: { sampling_percentage: 1 },\n }\n ]\n }\n }\n ]\n
Activate the processor
in the otel col pipeline
within the insight-otel-collector-config
configmap:
traces:\n exporters:\n - servicegraph\n - otlp/jaeger\n processors:\n - memory_limiter\n - tail_sampling # \ud83d\udc48\n - batch\n receivers:\n - otlp\n
Restart the insight-opentelemetry-collector
component.
When deploying the insight-agent, modify the reporting address of the link data to the 4317
port address of the otel-col
LB.
....\n exporters:\n otlp/global:\n endpoint: insight-opentelemetry-collector-lb.insight-system.svc.cluster.local:4317 # \ud83d\udc48 Modify to lb address\n
In AI platform, Insight acts as a multi-cluster observability product. To achieve unified data collection across multiple clusters, users need to install the Helm App insight-agent (installed by default in the insight-system namespace). Refer to How to Install insight-agent .
"},{"location":"en/admin/insight/collection-manag/agent-status.html#status-explanation","title":"Status Explanation","text":"In the \"Observability\" -> \"Collection Management\" section, you can view the installation status of insight-agent in each cluster.
You can troubleshoot using the following steps:
Run the following command. If the status is deployed , proceed to the next step. If it is failed , it is recommended to uninstall and reinstall it from Container Management -> Helm Apps as it may affect application upgrades:
helm list -n insight-system\n
Run the following command or check the status of the deployed components in Insight -> Data Collection . If there are Pods not in the Running state, restart the containers in an abnormal state.
kubectl get pods -n insight-system\n
The resource consumption of the Prometheus metric collection component in insight-agent is directly proportional to the number of Pods running in the cluster. Please adjust the resources for Prometheus according to the cluster size. Refer to Prometheus Resource Planning.
The storage capacity of the vmstorage metric storage component in the global service cluster is directly proportional to the total number of Pods in the clusters.
Data Collection is mainly to centrally manage and display the entrance of the cluster installation collection plug-in insight-agent , which helps users quickly view the health status of the cluster collection plug-in, and provides a quick entry to configure collection rules.
The specific operation steps are as follows:
Click in the upper left corner and select Insight -> Data Collection .
You can view the status of all cluster collection plug-ins.
When the cluster is connected to insight-agent and is running, click a cluster name to enter the details\u3002
In the Service Monitor tab, click the shortcut link to jump to Container Management -> CRD to add service discovery rules.
Prometheus primarily uses the Pull approach to retrieve monitoring metrics from target services' exposed endpoints. Therefore, it requires configuring proper scraping jobs to request monitoring data and write it into the storage provided by Prometheus. Currently, Prometheus offers several configurations for these jobs:
Note
[ ]
indicates optional configmaps.
The proper configmaps are explained as follows:
# Name of the scraping job, also adds a label (job=job_name) to the scraped metrics\njob_name: <job_name>\n\n# Time interval between scrapes\n[ scrape_interval: <duration> | default = <global_config.scrape_interval> ]\n\n# Timeout for scrape requests\n[ scrape_timeout: <duration> | default = <global_config.scrape_timeout> ]\n\n# URI path for the scrape request\n[ metrics_path: <path> | default = /metrics ]\n\n# Handling of label conflicts between scraped labels and labels added by the backend Prometheus.\n# true: Retains the scraped labels and ignores conflicting labels from the backend Prometheus.\n# false: Adds an \"exported_<original-label>\" prefix to the scraped labels and includes the additional labels added by the backend Prometheus.\n[ honor_labels: <boolean> | default = false ]\n\n# Whether to use the timestamp generated by the target being scraped.\n# true: Uses the timestamp from the target if available.\n# false: Ignores the timestamp from the target.\n[ honor_timestamps: <boolean> | default = true ]\n\n# Protocol for the scrape request: http or https\n[ scheme: <scheme> | default = http ]\n\n# URL parameters for the scrape request\nparams:\n [ <string>: [<string>, ...] ]\n\n# Set the value of the `Authorization` header in the scrape request through basic authentication. password/password_file are mutually exclusive, with password_file taking precedence.\nbasic_auth:\n [ username: <string> ]\n [ password: <secret> ]\n [ password_file: <string> ]\n\n# Set the value of the `Authorization` header in the scrape request through bearer token authentication. bearer_token/bearer_token_file are mutually exclusive, with bearer_token taking precedence.\n[ bearer_token: <secret> ]\n\n# Set the value of the `Authorization` header in the scrape request through bearer token authentication. bearer_token/bearer_token_file are mutually exclusive, with bearer_token taking precedence.\n[ bearer_token_file: <filename> ]\n\n# Whether the scrape connection should use a TLS secure channel, configure the proper TLS parameters\ntls_config:\n [ <tls_config> ]\n\n# Use a proxy service to scrape the metrics from the target, specify the address of the proxy service.\n[ proxy_url: <string> ]\n\n# Specify the targets using static configuration, see explanation below.\nstatic_configs:\n [ - <static_config> ... ]\n\n# CVM service discovery configuration, see explanation below.\ncvm_sd_configs:\n [ - <cvm_sd_config> ... ]\n\n# After scraping the data, rewrite the labels of the proper target using the relabel mechanism. Executes multiple relabel rules in order.\n# See explanation below for relabel_config.\nrelabel_configs:\n [ - <relabel_config> ... ]\n\n# Before writing the scraped data, rewrite the values of the labels using the relabel mechanism. Executes multiple relabel rules in order.\n# See explanation below for relabel_config.\nmetric_relabel_configs:\n [ - <relabel_config> ... ]\n\n# Limit the number of data points per scrape, 0: no limit, default is 0\n[ sample_limit: <int> | default = 0 ]\n\n# Limit the number of targets per scrape, 0: no limit, default is 0\n[ target_limit: <int> | default = 0 ]\n
"},{"location":"en/admin/insight/collection-manag/metric-collect.html#pod-monitor","title":"Pod Monitor","text":"The explanation for the proper configmaps is as follows:
# Prometheus Operator CRD version\napiVersion: monitoring.coreos.com/v1\n# proper Kubernetes resource type, here it is PodMonitor\nkind: PodMonitor\n# proper Kubernetes Metadata, only the name needs to be concerned. If jobLabel is not specified, the value of the job label in the scraped metrics will be <namespace>/<name>\nmetadata:\n name: redis-exporter # Specify a unique name\n namespace: cm-prometheus # Fixed namespace, no need to modify\n# Describes the selection and configuration of the target Pods to be scraped\n labels:\n operator.insight.io/managed-by: insight # Label indicating managed by Insight\nspec:\n # Specify the label of the proper Pod, pod monitor will use this value as the job label value.\n # If viewing the Pod YAML, use the values in pod.metadata.labels.\n # If viewing Deployment/Daemonset/Statefulset, use spec.template.metadata.labels.\n [ jobLabel: string ]\n # Adds the proper Pod's Labels to the Target's Labels\n [ podTargetLabels: []string ]\n # Limit the number of data points per scrape, 0: no limit, default is 0\n [ sampleLimit: uint64 ]\n # Limit the number of targets per scrape, 0: no limit, default is 0\n [ targetLimit: uint64 ]\n # Configure the Prometheus HTTP endpoints that need to be scraped and exposed. Multiple endpoints can be configured.\n podMetricsEndpoints:\n [ - <endpoint_config> ... ] # See explanation below for endpoint\n # Select the namespaces where the monitored Pods are located. Leave it blank to select all namespaces.\n [ namespaceSelector: ]\n # Select all namespaces\n [ any: bool ]\n # Specify the list of namespaces to be selected\n [ matchNames: []string ]\n # Specify the Label values of the Pods to be monitored in order to locate the target Pods [K8S metav1.LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#labelselector-v1-meta)\n selector:\n [ matchExpressions: array ]\n [ example: - {key: tier, operator: In, values: [cache]} ]\n [ matchLabels: object ]\n [ example: k8s-app: redis-exporter ]\n
"},{"location":"en/admin/insight/collection-manag/metric-collect.html#example-1","title":"Example 1","text":"apiVersion: monitoring.coreos.com/v1\nkind: PodMonitor\nmetadata:\n name: redis-exporter # Specify a unique name\n namespace: cm-prometheus # Fixed namespace, do not modify\n labels:\n operator.insight.io/managed-by: insight # Label indicating managed by Insight, required.\nspec:\n podMetricsEndpoints:\n - interval: 30s\n port: metric-port # Specify the Port Name proper to Prometheus Exporter in the pod YAML\n path: /metrics # Specify the value of the Path proper to Prometheus Exporter, if not specified, default is /metrics\n relabelings:\n - action: replace\n sourceLabels:\n - instance\n regex: (.*)\n targetLabel: instance\n replacement: \"crs-xxxxxx\" # Adjust to the proper Redis instance ID\n - action: replace\n sourceLabels:\n - instance\n regex: (.*)\n targetLabel: ip\n replacement: \"1.x.x.x\" # Adjust to the proper Redis instance IP\n namespaceSelector: # Select the namespaces where the monitored Pods are located\n matchNames:\n - redis-test\n selector: # Specify the Label values of the Pods to be monitored in order to locate the target pods\n matchLabels:\n k8s-app: redis-exporter\n
"},{"location":"en/admin/insight/collection-manag/metric-collect.html#example-2","title":"Example 2","text":"job_name: prometheus\nscrape_interval: 30s\nstatic_configs:\n- targets:\n - 127.0.0.1:9090\n
"},{"location":"en/admin/insight/collection-manag/metric-collect.html#service-monitor","title":"Service Monitor","text":"The explanation for the proper configmaps is as follows:
# Prometheus Operator CRD version\napiVersion: monitoring.coreos.com/v1\n# proper Kubernetes resource type, here it is ServiceMonitor\nkind: ServiceMonitor\n# proper Kubernetes Metadata, only the name needs to be concerned. If jobLabel is not specified, the value of the job label in the scraped metrics will be the name of the Service.\nmetadata:\n name: redis-exporter # Specify a unique name\n namespace: cm-prometheus # Fixed namespace, no need to modify\n# Describes the selection and configuration of the target Pods to be scraped\n labels:\n operator.insight.io/managed-by: insight # Label indicating managed by Insight, required.\nspec:\n # Specify the label(metadata/labels) of the proper Pod, service monitor will use this value as the job label value.\n [ jobLabel: string ]\n # Adds the Labels of the proper service to the Target's Labels\n [ targetLabels: []string ]\n # Adds the Labels of the proper Pod to the Target's Labels\n [ podTargetLabels: []string ]\n # Limit the number of data points per scrape, 0: no limit, default is 0\n [ sampleLimit: uint64 ]\n # Limit the number of targets per scrape, 0: no limit, default is 0\n [ targetLimit: uint64 ]\n # Configure the Prometheus HTTP endpoints that need to be scraped and exposed. Multiple endpoints can be configured.\n endpoints:\n [ - <endpoint_config> ... ] # See explanation below for endpoint\n # Select the namespaces where the monitored Pods are located. Leave it blank to select all namespaces.\n [ namespaceSelector: ]\n # Select all namespaces\n [ any: bool ]\n # Specify the list of namespaces to be selected\n [ matchNames: []string ]\n # Specify the Label values of the Pods to be monitored in order to locate the target Pods [K8S metav1.LabelSelector](https://v1-17.docs.kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#labelselector-v1-meta)\n selector:\n [ matchExpressions: array ]\n [ example: - {key: tier, operator: In, values: [cache]} ]\n [ matchLabels: object ]\n [ example: k8s-app: redis-exporter ]\n
"},{"location":"en/admin/insight/collection-manag/metric-collect.html#example","title":"Example","text":"apiVersion: monitoring.coreos.com/v1\nkind: ServiceMonitor\nmetadata:\n name: go-demo # Specify a unique name\n namespace: cm-prometheus # Fixed namespace, do not modify\n labels:\n operator.insight.io/managed-by: insight # Label indicating managed by Insight, required.\nspec:\n endpoints:\n - interval: 30s\n # Specify the Port Name proper to Prometheus Exporter in the service YAML\n port: 8080-8080-tcp\n # Specify the value of the Path proper to Prometheus Exporter, if not specified, default is /metrics\n path: /metrics\n relabelings:\n # ** There must be a label named 'application', assuming there is a label named 'app' in k8s,\n # we replace it with 'application' using the relabel 'replace' action\n - action: replace\n sourceLabels: [__meta_kubernetes_pod_label_app]\n targetLabel: application\n # Select the namespace where the monitored service is located\n namespaceSelector:\n matchNames:\n - golang-demo\n # Specify the Label values of the service to be monitored in order to locate the target service\n selector:\n matchLabels:\n app: golang-app-demo\n
"},{"location":"en/admin/insight/collection-manag/metric-collect.html#endpoint_config","title":"endpoint_config","text":"The explanation for the proper configmaps is as follows:
# The name of the proper port. Please note that it's not the actual port number.\n# Default: 80. Possible values are as follows:\n# ServiceMonitor: corresponds to Service>spec/ports/name;\n# PodMonitor: explained as follows:\n# If viewing the Pod YAML, take the value from pod.spec.containers.ports.name.\n# If viewing Deployment/DaemonSet/StatefulSet, take the value from spec.template.spec.containers.ports.name.\n[ port: string | default = 80]\n# The URI path for the scrape request.\n[ path: string | default = /metrics ]\n# The protocol for the scrape: http or https.\n[ scheme: string | default = http]\n# URL parameters for the scrape request.\n[ params: map[string][]string]\n# The interval between scrape requests.\n[ interval: string | default = 30s ]\n# The timeout for the scrape request.\n[ scrapeTimeout: string | default = 30s]\n# Whether the scrape connection should be made over a secure TLS channel, and the TLS configuration.\n[ tlsConfig: TLSConfig ]\n# Read the bearer token value from the specified file and include it in the headers of the scrape request.\n[ bearerTokenFile: string ]\n# Read the bearer token from the specified K8S secret key. Note that the secret namespace must match the PodMonitor/ServiceMonitor.\n[ bearerTokenSecret: string ]\n# Handling conflicts when scraped labels conflict with labels added by the backend Prometheus.\n# true: Keep the scraped labels and ignore the conflicting labels from the backend Prometheus.\n# false: For conflicting labels, prefix the scraped label with 'exported_<original-label>' and add the labels added by the backend Prometheus.\n[ honorLabels: bool | default = false ]\n# Whether to use the timestamp generated on the target during the scrape.\n# true: Use the timestamp on the target if available.\n# false: Ignore the timestamp on the target.\n[ honorTimestamps: bool | default = true ]\n# Basic authentication credentials. Fill in the values of username/password from the proper K8S secret key. Note that the secret namespace must match the PodMonitor/ServiceMonitor.\n[ basicAuth: BasicAuth ]\n# Scrape the metrics from the target through a proxy server. Specify the address of the proxy server.\n[ proxyUrl: string ]\n# After scraping the data, rewrite the values of the labels on the target using the relabeling mechanism. Multiple relabel rules are executed in order.\n# See explanation below for relabel_config\nrelabelings:\n[ - <relabel_config> ...]\n# Before writing the scraped data, rewrite the values of the proper labels on the target using the relabeling mechanism. Multiple relabel rules are executed in order.\n# See explanation below for relabel_config\nmetricRelabelings:\n[ - <relabel_config> ...]\n
"},{"location":"en/admin/insight/collection-manag/metric-collect.html#relabel_config","title":"relabel_config","text":"The explanation for the proper configmaps is as follows:
# Specifies which labels to take from the original labels for relabeling. The values taken are concatenated using the separator defined in the configuration.\n# For PodMonitor/ServiceMonitor, the proper configmap is sourceLabels.\n[ source_labels: '[' <labelname> [, ...] ']' ]\n# Defines the character used to concatenate the values of the labels to be relabeled. Default is ';'.\n[ separator: <string> | default = ; ]\n\n# When the action is replace/hashmod, target_label is used to specify the proper label name.\n# For PodMonitor/ServiceMonitor, the proper configmap is targetLabel.\n[ target_label: <labelname> ]\n\n# Regular expression used to match the values of the source labels.\n[ regex: <regex> | default = (.*) ]\n\n# Used when action is hashmod, it takes the modulus value based on the MD5 hash of the source label's value.\n[ modulus: <int> ]\n\n# Used when action is replace, it defines the expression to replace when the regex matches. It can use regular expression replacement with regex.\n[ replacement: <string> | default = $1 ]\n\n# Actions performed based on the matched values of regex. The available actions are as follows, with replace being the default:\n# replace: If the regex matches, replace the proper value with the value defined in replacement. Set the value using target_label and add the proper label.\n# keep: If the regex doesn't match, discard the value.\n# drop: If the regex matches, discard the value.\n# hashmod: Take the modulus of the MD5 hash of the source label's value based on the value specified in modulus.\n# Add a new label with a label name specified by target_label.\n# labelmap: If the regex matches, replace the proper label name with the value specified in replacement.\n# labeldrop: If the regex matches, delete the proper label.\n# labelkeep: If the regex doesn't match, delete the proper label.\n[ action: <relabel_action> | default = replace ]\n
"},{"location":"en/admin/insight/collection-manag/probe-module.html","title":"Custom probers","text":"Insight uses the Blackbox Exporter provided by Prometheus as a blackbox monitoring solution, allowing detection of target instances via HTTP, HTTPS, DNS, ICMP, TCP, and gRPC. It can be used in the following scenarios:
In this page, we will explain how to configure custom probers in an existing Blackbox ConfigMap.
ICMP prober is not enabled by default in Insight because it requires higher permissions. Therfore We will use the HTTP prober as an example to demonstrate how to modify the ConfigMap to achieve custom HTTP probing.
"},{"location":"en/admin/insight/collection-manag/probe-module.html#procedure","title":"Procedure","text":"Find the ConfigMap named insight-agent-prometheus-blackbox-exporter and click Edit YAML .
Add custom probers under modules :
module:\n http_2xx:\n prober: http\n timeout: 5s\n http:\n valid_http_versions: [HTTP/1.1, HTTP/2]\n valid_status_codes: [] # Defaults to 2xx\n method: GET\n
module:\n ICMP: # Example of ICMP prober configuration\n prober: icmp\n timeout: 5s\n icmp:\n preferred_ip_protocol: ip4\nicmp_example: # Example 2 of ICMP prober configuration\n prober: icmp\n timeout: 5s\n icmp:\n preferred_ip_protocol: \"ip4\"\n source_ip_address: \"127.0.0.1\"\n
Since ICMP requires higher permissions, we also need to elevate the pod permissions. Otherwise, an operation not permitted
error will occur. There are two ways to elevate permissions: Directly edit the BlackBox Exporter
deployment file to enable it
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: insight-agent-prometheus-blackbox-exporter\n namespace: insight-system\nspec:\n template:\n spec:\n containers:\n - name: blackbox-exporter\n image: # ... (image, args, ports, etc. remain unchanged)\n imagePullPolicy: IfNotPresent\n securityContext:\n allowPrivilegeEscalation: false\n capabilities:\n add:\n - NET_RAW\n drop:\n - ALL\n readOnlyRootFilesystem: true\n runAsGroup: 0\n runAsNonRoot: false\n runAsUser: 0\n
Elevate permissions via helm upgrade
prometheus-blackbox-exporter:\n enabled: true\n securityContext:\n runAsUser: 0\n runAsGroup: 0\n readOnlyRootFilesystem: true\n runAsNonRoot: false\n allowPrivilegeEscalation: false\n capabilities:\n add: [\"NET_RAW\"]\n
Info
For more probers, refer to blackbox_exporter Configuration.
"},{"location":"en/admin/insight/collection-manag/probe-module.html#other-references","title":"Other References","text":"The following YAML file contains various probers such as HTTP, TCP, SMTP, ICMP, and DNS. You can modify the configuration file of insight-agent-prometheus-blackbox-exporter
according to your needs.
kind: ConfigMap\napiVersion: v1\nmetadata:\n name: insight-agent-prometheus-blackbox-exporter\n namespace: insight-system\n labels:\n app.kubernetes.io/instance: insight-agent\n app.kubernetes.io/managed-by: Helm\n app.kubernetes.io/name: prometheus-blackbox-exporter\n app.kubernetes.io/version: v0.24.0\n helm.sh/chart: prometheus-blackbox-exporter-8.8.0\n annotations:\n meta.helm.sh/release-name: insight-agent\n meta.helm.sh/release-namespace: insight-system\ndata:\n blackbox.yaml: |\n modules:\n HTTP_GET:\n prober: http\n timeout: 5s\n http:\n method: GET\n valid_http_versions: [\"HTTP/1.1\", \"HTTP/2.0\"]\n follow_redirects: true\n preferred_ip_protocol: \"ip4\"\n HTTP_POST:\n prober: http\n timeout: 5s\n http:\n method: POST\n body_size_limit: 1MB\n TCP:\n prober: tcp\n timeout: 5s\n # Not enabled by default:\n # ICMP:\n # prober: icmp\n # timeout: 5s\n # icmp:\n # preferred_ip_protocol: ip4\n SSH:\n prober: tcp\n timeout: 5s\n tcp:\n query_response:\n - expect: \"^SSH-2.0-\"\n POP3S:\n prober: tcp\n tcp:\n query_response:\n - expect: \"^+OK\"\n tls: true\n tls_config:\n insecure_skip_verify: false\n http_2xx_example: # http prober example\n prober: http\n timeout: 5s # probe timeout\n http:\n valid_http_versions: [\"HTTP/1.1\", \"HTTP/2.0\"] # Version in the response, usually default\n valid_status_codes: [] # Defaults to 2xx # Valid range of response codes, probe successful if within this range\n method: GET # request method\n headers: # request headers\n Host: vhost.example.com\n Accept-Language: en-US\n Origin: example.com\n no_follow_redirects: false # allow redirects\n fail_if_ssl: false \n fail_if_not_ssl: false\n fail_if_body_matches_regexp:\n - \"Could not connect to database\"\n fail_if_body_not_matches_regexp:\n - \"Download the latest version here\"\n fail_if_header_matches: # Verifies that no cookies are set\n - header: Set-Cookie\n allow_missing: true\n regexp: '.*'\n fail_if_header_not_matches:\n - header: Access-Control-Allow-Origin\n regexp: '(\\*|example\\.com)'\n tls_config: # tls configuration for https requests\n insecure_skip_verify: false\n preferred_ip_protocol: \"ip4\" # defaults to \"ip6\" # Preferred IP protocol version\n ip_protocol_fallback: false # no fallback to \"ip6\" \n http_post_2xx: # http prober example with body\n prober: http\n timeout: 5s\n http:\n method: POST # probe request method\n headers:\n Content-Type: application/json\n body: '{\"username\":\"admin\",\"password\":\"123456\"}' # body carried during probe\n http_basic_auth_example: # prober example with username and password\n prober: http\n timeout: 5s\n http:\n method: POST\n headers:\n Host: \"login.example.com\"\n basic_auth: # username and password to be added during probe\n username: \"username\"\n password: \"mysecret\"\n http_custom_ca_example:\n prober: http\n http:\n method: GET\n tls_config: # root certificate used during probe\n ca_file: \"/certs/my_cert.crt\"\n http_gzip:\n prober: http\n http:\n method: GET\n compression: gzip # compression method used during probe\n http_gzip_with_accept_encoding:\n prober: http\n http:\n method: GET\n compression: gzip\n headers:\n Accept-Encoding: gzip\n tls_connect: # TCP prober example\n prober: tcp\n timeout: 5s\n tcp:\n tls: true # use TLS\n tcp_connect_example:\n prober: tcp\n timeout: 5s\n imap_starttls: # IMAP email server probe configuration example\n prober: tcp\n timeout: 5s\n tcp:\n query_response:\n - expect: \"OK.*STARTTLS\"\n - send: \". STARTTLS\"\n - expect: \"OK\"\n - starttls: true\n - send: \". capability\"\n - expect: \"CAPABILITY IMAP4rev1\"\n smtp_starttls: # SMTP email server probe configuration example\n prober: tcp\n timeout: 5s\n tcp:\n query_response:\n - expect: \"^220 ([^ ]+) ESMTP (.+)$\"\n - send: \"EHLO prober\\r\"\n - expect: \"^250-STARTTLS\"\n - send: \"STARTTLS\\r\"\n - expect: \"^220\"\n - starttls: true\n - send: \"EHLO prober\\r\"\n - expect: \"^250-AUTH\"\n - send: \"QUIT\\r\"\n irc_banner_example:\n prober: tcp\n timeout: 5s\n tcp:\n query_response:\n - send: \"NICK prober\"\n - send: \"USER prober prober prober :prober\"\n - expect: \"PING :([^ ]+)\"\n send: \"PONG ${1}\"\n - expect: \"^:[^ ]+ 001\"\n # icmp_example: # ICMP prober configuration example\n # prober: icmp\n # timeout: 5s\n # icmp:\n # preferred_ip_protocol: \"ip4\"\n # source_ip_address: \"127.0.0.1\"\n dns_udp_example: # DNS query example using UDP\n prober: dns\n timeout: 5s\n dns:\n query_name: \"www.prometheus.io\" # domain name to resolve\n query_type: \"A\" # type proper to this domain\n valid_rcodes:\n - NOERROR\n validate_answer_rrs:\n fail_if_matches_regexp:\n - \".*127.0.0.1\"\n fail_if_all_match_regexp:\n - \".*127.0.0.1\"\n fail_if_not_matches_regexp:\n - \"www.prometheus.io.\\t300\\tIN\\tA\\t127.0.0.1\"\n fail_if_none_matches_regexp:\n - \"127.0.0.1\"\n validate_authority_rrs:\n fail_if_matches_regexp:\n - \".*127.0.0.1\"\n validate_additional_rrs:\n fail_if_matches_regexp:\n - \".*127.0.0.1\"\n dns_soa:\n prober: dns\n dns:\n query_name: \"prometheus.io\"\n query_type: \"SOA\"\n dns_tcp_example: # DNS query example using TCP\n prober: dns\n dns:\n transport_protocol: \"tcp\" # defaults to \"udp\"\n preferred_ip_protocol: \"ip4\" # defaults to \"ip6\"\n query_name: \"www.prometheus.io\"\n
"},{"location":"en/admin/insight/collection-manag/service-monitor.html","title":"Configure service discovery rules","text":"Observable Insight supports the way of creating CRD ServiceMonitor through container management to meet your collection requirements for custom service discovery. Users can use ServiceMonitor to define the scope of the Namespace discovered by the Pod and select the monitored Service through matchLabel .
"},{"location":"en/admin/insight/collection-manag/service-monitor.html#prerequisites","title":"Prerequisites","text":"The cluster has the Helm App insight-agent installed and in the running state.
"},{"location":"en/admin/insight/collection-manag/service-monitor.html#steps","title":"Steps","text":"Select Data Collection on the left navigation bar to view the status of all cluster collection plug-ins.
Click a cluster name to enter the collection configuration details.
Click the link to jump to Container Management to create a Service Monitor.
apiVersion: monitoring.coreos.com/v1\nkind: ServiceMonitor\nmetadata:\n name: micrometer-demo # (1)\n namespace: insight-system # (2)\n labels: \n operator.insight.io/managed-by: insight\nspec:\n endpoints: # (3)\n - honorLabels: true\n interval: 15s\n path: /actuator/prometheus\n port: http\n namespaceSelector: # (4)\n matchNames:\n - insight-system # (5)\n selector: # (6)\n matchLabels:\n micrometer-prometheus-discovery: \"true\"\n
This is the service endpoint, which represents the address where Prometheus collects Metrics. endpoints is an array, and multiple endpoints can be created at the same time. Each endpoint contains three fields, and the meaning of each field is as follows:
This is the scope of the Service that needs to be discovered. namespaceSelector contains two mutually exclusive fields, and the meaning of the fields is as follows:
matchNames : An array value that specifies the scope of namespace to be monitored. For example, if you only want to monitor the Services in two namespaces, default and insight-system, the matchNames are set as follows:
namespaceSelector:\n matchNames:\n - default\n - insight-system\n
The namespace where the application that needs to expose metrics is located
\u2705: Test passed; \u274c: Test failed; No Value: Test not conducted.
"},{"location":"en/admin/insight/compati-test/k8s-compatibility.html#kubernetes-compatibility-testing-for-insight-server","title":"Kubernetes Compatibility Testing for Insight Server","text":"Scenario Testing Method K8s 1.31 K8s 1.30 K8s 1.29 K8s 1.28 K8s 1.27 K8s 1.26 k8s 1.25.0 k8s 1.24 k8s 1.23 k8s 1.22 Baseline Scenario E2E \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 Metrics Query E2E \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 Logs Query E2E \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 Traces Query E2E \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 Alert Center E2E \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 Topology Query E2E \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705"},{"location":"en/admin/insight/compati-test/k8s-compatibility.html#kubernetes-compatibility-testing-for-insight-agent","title":"Kubernetes Compatibility Testing for Insight-agent","text":"Scenario Testing Method K8s 1.31 K8s 1.30 K8s 1.29 K8s 1.28 K8s 1.27 K8s 1.26 k8s 1.25 k8s 1.24 k8s 1.23 k8s 1.22 k8s 1.21 k8s 1.20 k8s 1.19 k8s 1.18 k8s 1.17 k8s 1.16 Baseline Scenario E2E \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u274c \u274c \u274c Metrics Query E2E \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u274c \u274c \u274c Logs Query E2E \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u274c \u274c \u274c Traces Query E2E \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u274c \u274c \u274c Alert Center E2E \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u274c \u274c \u274c Topology Query E2E \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u2705 \u274c \u274c \u274cNote
Insight-agent Version Compatibility History:
\u2705: Test passed; \u274c: Test failed.
Note
The table does not cover all test scenarios.
Test Case Test Method OCP 4.10 (K8s 1.23.0) Remarks Collect and query web application metrics Manual \u2705 - Add custom metric collection Manual \u2705 - Query real-time metrics Manual \u2705 - Instantaneous index query Manual \u2705 - Instantaneous metric API field verification Manual \u2705 - Query metrics over a period of time Manual \u2705 - Metric API field verification within a period of time Manual \u2705 - Batch query cluster CPU, memory usage, total cluster CPU, cluster memory usage, total number of cluster nodes Manual \u2705 - Batch query node CPU, memory usage, total node CPU, node memory usage Manual \u2705 - Batch query cluster metrics within a period of time Manual \u2705 - Metric API field verification within a period of time Manual \u2705 - Query Pod log Manual \u2705 - Query SVC log Manual \u2705 - Query statefulset logs Manual \u2705 - Query Deployment Logs Manual \u2705 - Query NPD log Manual \u2705 - Log Filtering Manual \u2705 - Log fuzzy query - workloadSearch Manual \u2705 - Log fuzzy query - podSearch Manual \u2705 - Log fuzzy query - containerSearch Manual \u2705 - Log Accurate Query - cluster Manual \u2705 - Log Accurate Query - namespace Manual \u2705 - Log query API field verification Manual \u2705 - Alert Rule - CRUD operations Manual \u2705 - Alert Template - CRUD operations Manual \u2705 - Notification Method - CRUD operations Manual \u2705 - Link Query Manual \u2705 - Topology Query Manual \u2705 -The table above represents the Openshift 4.x cluster compatibility test. It includes various test cases, their proper test method (manual), and the test results for the OCP version 4.10 (with Kubernetes version 1.23.0).
Please note that this is not an exhaustive list, and additional test scenarios may exist.
"},{"location":"en/admin/insight/compati-test/rancher-compatibility.html","title":"Rancher Cluster Compatibility Test","text":"\u2705: Test passed; \u274c: Test failed.
Note
The table does not cover all test scenarios.
Test Scenario Test Method Rancher rke2c1 (K8s 1.24.11) Notes Collect and query web application metrics Manual \u2705 - Add custom metric collection Manual \u2705 - Query real-time metrics Manual \u2705 - Instantaneous index query Manual \u2705 - Instantaneous metric API field verification Manual \u2705 - Query metrics over a period of time Manual \u2705 - Metric API field verification within a period of time Manual \u2705 - Batch query cluster CPU, memory usage, total cluster CPU, cluster memory usage, total number of cluster nodes Manual \u2705 - Batch query node CPU, memory usage, total node CPU, node memory usage Manual \u2705 - Batch query cluster metrics within a period of time Manual \u2705 - Metric API field verification within a period of time Manual \u2705 - Query Pod log Manual \u2705 - Query SVC log Manual \u2705 - Query statefulset logs Manual \u2705 - Query Deployment Logs Manual \u2705 - Query NPD log Manual \u2705 - Log Filtering Manual \u2705 - Log fuzzy query - workloadSearch Manual \u2705 - Log fuzzy query - podSearch Manual \u2705 - Log fuzzy query - containerSearch Manual \u2705 - Log Accurate Query - cluster Manual \u2705 - Log Accurate Query - namespace Manual \u2705 - Log query API field verification Manual \u2705 - Alert Rule - CRUD operations Manual \u2705 - Alert Template - CRUD operations Manual \u2705 - Notification Method - CRUD operations Manual \u2705 - Link Query Manual \u2705 - Topology Query Manual \u2705 -"},{"location":"en/admin/insight/dashboard/dashboard.html","title":"Dashboard","text":"Grafana is a cross-platform open source visual analysis tool. Insight uses open source Grafana to provide monitoring services, and supports viewing resource consumption from multiple dimensions such as clusters, nodes, and namespaces.
For more information on open source Grafana, see Grafana Official Documentation.
"},{"location":"en/admin/insight/dashboard/dashboard.html#steps","title":"Steps","text":"Select Dashboard from the left navigation bar .
In the Insight / Overview dashboard, you can view the resource usage of multiple clusters and analyze resource usage, network, storage, and more based on dimensions such as namespaces and Pods.
Click the dropdown menu in the upper-left corner of the dashboard to switch between clusters.
Click the lower-right corner of the dashboard to switch the time range for queries.
Insight provides several recommended dashboards that allow monitoring from different dimensions such as nodes, namespaces, and workloads. Switch between dashboards by clicking the insight-system / Insight / Overview section.
Note
For accessing Grafana UI, refer to Access Native Grafana.
For importing custom dashboards, refer to Importing Custom Dashboards.
By using Grafana CRD, you can incorporate the management and deployment of dashboards into the lifecycle management of Kubernetes. This enables version control, automated deployment, and cluster-level management of dashboards. This page describes how to import custom dashboards using CRD and the UI interface.
"},{"location":"en/admin/insight/dashboard/import-dashboard.html#steps","title":"Steps","text":"Log in to the AI platform and go to Container Management . Select the kpanda-global-cluster from the cluster list.
Choose Custom Resources from the left navigation bar. Look for the grafanadashboards.integreatly.org file in the list and click it to view the details.
Click YAML Create and use the following template. Replace the dashboard JSON in the Json field.
apiVersion: integreatly.org/v1alpha1\nkind: GrafanaDashboard\nmetadata:\n labels:\n app: insight-grafana-operator\n operator.insight.io/managed-by: insight\n name: sample-dashboard\n namespace: insight-system\nspec:\n json: >\n {\n \"id\": null,\n \"title\": \"Simple Dashboard\",\n \"tags\": [],\n \"style\": \"dark\",\n \"timezone\": \"browser\",\n \"editable\": true,\n \"hideControls\": false,\n \"graphTooltip\": 1,\n \"panels\": [],\n \"time\": {\n \"from\": \"now-6h\",\n \"to\": \"now\"\n },\n \"timepicker\": {\n \"time_options\": [],\n \"refresh_intervals\": []\n },\n \"templating\": {\n \"list\": []\n },\n \"annotations\": {\n \"list\": []\n },\n \"refresh\": \"5s\",\n \"schemaVersion\": 17,\n \"version\": 0,\n \"links\": []\n }\n
After clicking OK , wait for a while to view the newly imported dashboard in Dashboard .
Info
If you need to customize the dashboard, refer to Add Dashboard Panel.
"},{"location":"en/admin/insight/dashboard/login-grafana.html","title":"Access Native Grafana","text":"Please make sure that the Helm App Insight in your global management cluster is in Running state.
The specific operation steps are as follows:
Log in to the console to access native Grafana.
Access address: http://ip:port/ui/insight-grafana
For example: http://10.6.10.233:30209/ui/insight-grafana
Click Login in the lower right corner, and use the default username and password to log in.
Default username: admin
Default password: admin
Click Log in to complete the login.
Insight only collects data from clusters that have insight-agent installed and running in a normal state. The overview provides an overview of resources across multiple clusters:
Select Overview in the left navigation bar to enter the details page.
"},{"location":"en/admin/insight/data-query/log.html","title":"Log query","text":"By default, Insight collects node logs, container logs, and Kubernetes audit logs. In the log query page, you can search for standard output (stdout) logs within the permissions of your login account. This includes node logs, product logs, and Kubernetes audit logs. You can quickly find the desired logs among a large volume of logs. Additionally, you can use the source information and contextual raw data of the logs to assist in troubleshooting and issue resolution.
"},{"location":"en/admin/insight/data-query/log.html#prerequisites","title":"Prerequisites","text":"The cluster has insight-agent installed and the application is in running state.
"},{"location":"en/admin/insight/data-query/log.html#query-log","title":"Query log","text":"In the left navigation bar, select Data Query -> Log Query .
After selecting the query criteria, click Search , and the log records in the form of graphs will be displayed. The most recent logs are displayed on top.
In the Filter panel, switch Type and select Node to check the logs of all nodes in the cluster.
In the Filter panel, switch Type and select Event to view the logs generated by all Kubernetes events in the cluster.
Lucene Syntax Explanation:
timestamp:[2022-01-01 TO 2022-01-31]
.Clicking on the button next to a log will slide out a panel on the right side where you can view the default 100 lines of context for that log. You can switch the Display Rows option to view more contextual content.
"},{"location":"en/admin/insight/data-query/log.html#export-log","title":"Export log","text":"Click the download button located in the upper right corner of the list.
Metric query supports querying the index data of each container resource, and you can view the trend changes of the monitoring index. At the same time, advanced query supports native PromQL statements for Metric query.
"},{"location":"en/admin/insight/data-query/metric.html#prerequisites","title":"Prerequisites","text":"In the left navigation bar, click Data Query -> Metrics .
After selecting query conditions such as cluster, type, node, and metric name, click Search , and the proper metric chart and data details will be displayed on the right side of the screen.
Tip
Support custom time range. You can manually click the Refresh icon or select a default time interval to refresh.
"},{"location":"en/admin/insight/data-query/metric.html#advanced-search","title":"Advanced Search","text":"In the left navigation bar, click Data Query -> metric Query , click the Advanced Query tab to switch to the advanced query page.
Enter a PromQL statement (see PromQL Syntax), click Query , and the query metric chart and data details will be displayed.
When ElasticSearch memory is full, you can choose to either scale up or delete data to resolve the issue:
You can run the following command to check the resource usage of ES nodes.
kubectl get pod -n mcamel-system | grep common-es-cluster-masters-es | awk '{print $1}' | xargs -I {} kubectl exec {} -n mcamel-system -c elasticsearch -- df -h | grep /usr/share/elasticsearch/data\n
"},{"location":"en/admin/insight/faq/expand-once-es-full.html#scale-up","title":"Scale Up","text":"If the host still has available resources, scaling up is a common solution, which involves increasing the PVC capacity.
First, run the following command to get the PVC configuration of the es-data-0
node. Use the actual environment's PVC as a reference.
kubectl edit -n mcamel-system pvc elasticsearch-data-mcamel-common-es-cluster-masters-es-data-0\n
Then modify the following storage
field (the storage class SC you are using should be scalable):
spec:\n accessModes:\n - ReadWriteOnce\n resources:\n requests:\n storage: 35Gi # (1)!\n
When ElasticSearch memory is full, you can also delete index data to free up resources.
You can follow the steps below to access the Kibana page and manually delete data.
First, ensure that the Kibana Pod exists and is running normally:
kubectl get po -n mcamel-system | grep mcamel-common-es-cluster-masters-kb\n
If it does not exist, manually set the replica to 1 and wait for the service to run normally. If it exists, skip this step.
kubectl scale -n mcamel-system deployment mcamel-common-es-cluster-masters-kb --replicas 1\n
Modify the Kibana Service to be exposed as a NodePort for access:
kubectl patch svc -n mcamel-system mcamel-common-es-cluster-masters-kb-http -p '{\"spec\":{\"type\":\"NodePort\"}}'\n\n# After modification, check the NodePort. For example, if the port is 30128, the access URL will be https://{NodeIP in the cluster}:30128\n[root@insight-master1 ~]# kubectl get svc -n mcamel-system | grep mcamel-common-es-cluster-masters-kb-http\nmcamel-common-es-cluster-masters-kb-http NodePort 10.233.51.174 <none> 5601:30128/TCP 108m\n
Retrieve the ElasticSearch Secret to log in to Kibana (username is elastic
):
kubectl get secrets -n mcamel-system mcamel-common-es-cluster-masters-es-elastic-user -o jsonpath=\"{.data.elastic}\" | base64 -d\n
Go to Kibana -> Stack Management -> Index Management and enable the Include hidden indices option to see all indexes. Based on the index sequence numbers, keep the indexes with larger numbers and delete the ones with smaller numbers.
In a distributed system, due to Clock Skew (clock skew adjustment) influence, Time drift exists between different hosts. Generally speaking, the system time of different hosts at the same time has a slight deviation.
The traces system is a typical distributed system, and it is also affected by this phenomenon in terms of time data collection. For example, in a link, the start time of the server-side span is earlier than that of the client-side span. This phenomenon does not exist logically, but due to the influence of clock skew, there is a deviation in the system time between the hosts at the moment when the trace data is collected in each service, which eventually leads to the phenomenon shown in the following figure:
The phenomenon in the above figure cannot be eliminated theoretically. However, this phenomenon is rare, and even if it occurs, it will not affect the calling relationship between services.
Currently Insight uses Jaeger UI to display trace data, and the UI will remind when encountering such a link:
Currently Jaeger's community is trying to optimize this problem through the UI level.
For more information, refer to:
Through cluster monitoring, you can view the basic information of the cluster, the resource consumption and the trend of resource consumption over a period of time.
"},{"location":"en/admin/insight/infra/cluster.html#prerequisites","title":"Prerequisites","text":"The cluster has insight-agent installed and the application is in running state.
"},{"location":"en/admin/insight/infra/cluster.html#steps","title":"Steps","text":"Go to the Insight product module.
Select Infrastructure > Clusters from the left navigation bar. On this page, you can view the following information:
Click Resource Level Monitor, you can view more metrics of the current cluster.
Container insight is the process of monitoring workloads in cluster management. In the list, you can view basic information and status of workloads. On the Workloads details page, you can see the number of active alerts and the trend of resource consumption such as CPU and memory.
"},{"location":"en/admin/insight/infra/container.html#prerequisites","title":"Prerequisites","text":"The cluster has insight-agent installed, and all pods are in the Running state.
To install insight-agent, please refer to: Installing insight-agent online or Offline upgrade of insight-agent.
Follow these steps to view service monitoring metrics:
Go to the Insight product module.
Select Infrastructure > Workloads from the left navigation bar.
Switch between tabs at the top to view data for different types of workloads.
Click the target workload name to view the details.
Switch to the Pods tab to view the status of various pods for the workload, including their nodes, restart counts, and other information.
Switch to the JVM monitor tab to view the JVM metrics for each pods
Note
AI platform Insight supports event querying by cluster and namespace.
"},{"location":"en/admin/insight/infra/event.html#event-status-distribution","title":"Event Status Distribution","text":"By default, the events that occurred within the last 12 hours are displayed. You can select a different time range in the upper right corner to view longer or shorter periods. You can also customize the sampling interval from 1 minute to 5 hours.
The event status distribution chart provides a visual representation of the intensity and dispersion of events. This helps in evaluating and preparing for subsequent cluster operations and maintenance tasks. If events are densely concentrated during specific time periods, you may need to allocate more resources or take proper measures to ensure cluster stability and high availability. On the other hand, if events are dispersed, you can effectively schedule other maintenance tasks such as system optimization, upgrades, or handling other tasks during this period.
By considering the event status distribution chart and the selected time range, you can better plan and manage your cluster operations and maintenance work, ensuring system stability and reliability.
"},{"location":"en/admin/insight/infra/event.html#event-count-and-statistics","title":"Event Count and Statistics","text":"Through important event statistics, you can easily understand the number of image pull failures, health check failures, Pod execution failures, Pod scheduling failures, container OOM (Out-of-Memory) occurrences, volume mounting failures, and the total count of all events. These events are typically categorized as \"Warning\" and \"Normal\".
"},{"location":"en/admin/insight/infra/event.html#event-list","title":"Event List","text":"The event list is presented chronologically based on time. You can sort the events by Last Occurrend At and Type .
By clicking on the \u2699\ufe0f icon on the right side, you can customize the displayed columns according to your preferences and needs.
Additionally, you can click the refresh icon to update the current event list when needed.
In the operation column on the right, clicking the icon allows you to view the history of a specific event.
"},{"location":"en/admin/insight/infra/event.html#reference","title":"Reference","text":"For detailed meanings of the built-in Events in the system, refer to the Kubernetes API Event List.
"},{"location":"en/admin/insight/infra/namespace.html","title":"Namespace Monitoring","text":"With namespaces as the dimension, you can quickly query resource consumption and trends within a namespace.
"},{"location":"en/admin/insight/infra/namespace.html#prerequisites","title":"Prerequisites","text":"Go to the Insight product module.
Select Infrastructure -> Namespaces from the left navigation bar. On this page, you can view the following information:
Through node monitoring, you can get an overview of the current health status of the nodes in the selected cluster and the number of abnormal pod; on the current node details page, you can view the number of alerts and the trend of resource consumption such as CPU, memory, and disk.
"},{"location":"en/admin/insight/infra/node.html#prerequisites","title":"Prerequisites","text":"Go to the Insight product module.
Select Infrastructure -> Nodes from the left navigation bar. On this page, you can view the following information:
Click Resource Level Monitor, you can view more metrics of the current cluster.
Probe refers to the use of black-box monitoring to regularly test the connectivity of targets through HTTP, TCP, and other methods, enabling quick detection of ongoing faults.
Insight uses the Prometheus Blackbox Exporter tool to probe the network using protocols such as HTTP, HTTPS, DNS, TCP, and ICMP, and returns the probe results to understand the network status.
"},{"location":"en/admin/insight/infra/probe.html#prerequisites","title":"Prerequisites","text":"The insight-agent has been successfully deployed in the target cluster and is in the Running state.
"},{"location":"en/admin/insight/infra/probe.html#view-probes","title":"View Probes","text":"Select Infrastructure -> Probes in the left navigation bar.
Fill in the basic information and click Next .
Configure the probe parameters.
After configuring, click OK to complete the creation.
Warning
After the probe task is created, it takes about 3 minutes to synchronize the configuration. During this period, no probes will be performed, and probe results cannot be viewed.
"},{"location":"en/admin/insight/infra/probe.html#view-monitoring-dashboards","title":"View Monitoring Dashboards","text":"Click \u2507 in the operations column and click View Monitoring Dashboard .
Metric Name Description Current Status Response Represents the response status code of the HTTP probe request. Ping Status Indicates whether the probe request was successful. 1 indicates a successful probe request, and 0 indicates a failed probe request. IP Protocol Indicates the IP protocol version used in the probe request. SSL Expiry Represents the earliest expiration time of the SSL/TLS certificate. DNS Response (Latency) Represents the duration of the entire probe process in seconds. HTTP Duration Represents the duration of the entire process from sending the request to receiving the complete response."},{"location":"en/admin/insight/infra/probe.html#edit-a-probe","title":"Edit a Probe","text":"Click \u2507 in the operations column and click Edit .
"},{"location":"en/admin/insight/infra/probe.html#delete-a-probe","title":"Delete a Probe","text":"Click \u2507 in the operations column and click Delete .
"},{"location":"en/admin/insight/quickstart/install/index.html","title":"Start Observing","text":"AI platform enables the management and creation of multicloud and multiple clusters. Building upon this capability, Insight serves as a unified observability solution for multiple clusters. It collects observability data from multiple clusters by deploying the insight-agent plugin and allows querying of metrics, logs, and trace data through the AI platform Insight.
insight-agent is a tool that facilitates the collection of observability data from multiple clusters. Once installed, it automatically collects metrics, logs, and trace data without any modifications.
Clusters created through Container Management come pre-installed with insight-agent. Hence, this guide specifically provides instructions on enabling observability for integrated clusters.
As a unified observability platform for multiple clusters, Insight's resource consumption of certain components is closely related to the data of cluster creation and the number of integrated clusters. When installing insight-agent, it is necessary to adjust the resources of the proper components based on the cluster size.
Adjust the CPU and memory resources of the Prometheus collection component in insight-agent according to the size of the cluster created or integrated. Please refer to Prometheus resource planning.
As the metric data from multiple clusters is stored centrally, AI platform administrators need to adjust the disk space of vmstorage based on the cluster size. Please refer to vmstorage disk capacity planning.
For instructions on adjusting the disk space of vmstorage, please refer to Expanding vmstorage disk.
Since AI platform supports the management of multicloud and multiple clusters, insight-agent has undergone partial verification. However, there are known conflicts with monitoring components when installing insight-agent in Suanova 4.0 clusters and Openshift 4.x clusters. If you encounter similar issues, please refer to the following documents:
Currently, the insight-agent collection component has undergone functional testing for popular versions of Kubernetes. Please refer to:
The Insight Module supports switching log to Big Log mode and trace to Big Trace mode, in order to enhance data writing capabilities in large-scale environments. This page introduces following methods for enabling these modes:
manifest.yaml
)This section explains the differences between the normal log mode and the Big Log mode.
"},{"location":"en/admin/insight/quickstart/install/big-log-and-trace.html#log-mode","title":"Log Mode","text":"Components: Fluentbit + Elasticsearch
This mode is referred to as the ES mode, and the data flow diagram is shown below:
"},{"location":"en/admin/insight/quickstart/install/big-log-and-trace.html#big-log-mode","title":"Big Log Mode","text":"Components: Fluentbit + Kafka + Vector + Elasticsearch
This mode is referred to as the Kafka mode, and the data flow diagram is shown below:
"},{"location":"en/admin/insight/quickstart/install/big-log-and-trace.html#traces","title":"Traces","text":"This section explains the differences between the normal trace mode and the Big Trace mode.
"},{"location":"en/admin/insight/quickstart/install/big-log-and-trace.html#trace-mode","title":"Trace Mode","text":"Components: Agent opentelemetry-collector + Global opentelemetry-collector + Jaeger-collector + Elasticsearch
This mode is referred to as the OTlp mode, and the data flow diagram is shown below:
"},{"location":"en/admin/insight/quickstart/install/big-log-and-trace.html#big-trace-mode","title":"Big Trace Mode","text":"Components: Agent opentelemetry-collector + Kafka + Global opentelemetry-collector + Jaeger-collector + Elasticsearch
This mode is referred to as the Kafka mode, and the data flow diagram is shown below:
"},{"location":"en/admin/insight/quickstart/install/big-log-and-trace.html#enabling-via-installer","title":"Enabling via Installer","text":"When deploying/upgrading AI platform using the installer, the manifest.yaml
file includes the infrastructures.kafka
field. To enable observable Big Log and Big Trace modes, Kafka must be activated:
apiVersion: manifest.daocloud.io/v1alpha1\nkind: SuanovaManifest\n...\ninfrastructures:\n ...\n kafka:\n enable: true # Default is false\n cpuLimit: 1\n memLimit: 2Gi\n pvcSize: 15Gi\n
"},{"location":"en/admin/insight/quickstart/install/big-log-and-trace.html#enable","title":"Enable","text":"When using a manifest.yaml
that enables kafka
during installation, Kafka middleware will be installed by default, and Big Log and Big Trace modes will be enabled automatically. The installation command is:
./dce5-installer cluster-create -c clusterConfig.yaml -m manifest.yaml\n
"},{"location":"en/admin/insight/quickstart/install/big-log-and-trace.html#upgrade","title":"Upgrade","text":"The upgrade also involves modifying the kafka
field. However, note that since the old environment was installed with kafka: false
, Kafka is not present in the environment. Therefore, you need to specify the upgrade for middleware
to install Kafka middleware simultaneously. The upgrade command is:
./dce5-installer cluster-create -c clusterConfig.yaml -m manifest.yaml -u gproduct,middleware\n
Note
After the upgrade is complete, you need to manually restart the following components:
Prerequisites: Ensure that there is a usable Kafka and that the address is accessible.
Use the following commands to retrieve the values of the old versions of Insight and insight-agent (it's recommended to back them up):
helm get values insight -n insight-system -o yaml > insight.yaml\nhelm get values insight-agent -n insight-system -o yaml > insight-agent.yaml\n
"},{"location":"en/admin/insight/quickstart/install/big-log-and-trace.html#enabling-big-log","title":"Enabling Big Log","text":"There are several ways to enable or upgrade to Big Log mode:
Use--set
in the helm upgrade
commandModify YAML and run helm upgradeUpgrade via Container Management UI First, run the following Insight upgrade command, ensuring the Kafka brokers address is correct:
helm upgrade insight insight-release/insight \\\n -n insight-system \\\n -f ./insight.yaml \\\n --set global.kafka.brokers=\"10.6.216.111:30592\" \\\n --set global.kafka.enabled=true \\\n --set vector.enabled=true \\\n --version 0.30.1\n
Then, run the following insight-agent upgrade command, ensuring the Kafka brokers address is correct:
helm upgrade insight-agent insight-release/insight-agent \\\n -n insight-system \\\n -f ./insight-agent.yaml \\\n --set global.exporters.logging.kafka.brokers=\"10.6.216.111:30592\" \\\n --set global.exporters.logging.output=kafka \\\n --version 0.30.1\n
Follow these steps to modify the YAML and then run the helm upgrade
command:
Modify insight.yaml
global:\n ...\n kafka:\n brokers: 10.6.216.111:30592\n enabled: true\n...\nvector:\n enabled: true\n
Upgrade the Insight component:
helm upgrade insight insight-release/insight \\\n -n insight-system \\\n -f ./insight.yaml \\\n --version 0.30.1\n
Modify insight-agent.yaml
global:\n ...\n exporters:\n ...\n logging:\n ...\n kafka:\n brokers: 10.6.216.111:30592\n output: kafka\n
Upgrade the insight-agent:
helm upgrade insight-agent insight-release/insight-agent \\\n -n insight-system \\\n -f ./insight-agent.yaml \\\n --version 0.30.1\n
In the Container Management module, find the cluster, select Helm Apps from the left navigation bar, and find and update the insight-agent.
In Logging Settings, select kafka for output and fill in the correct brokers address.
Note that after the upgrade is complete, you need to manually restart the insight-agent-fluent-bit component.
"},{"location":"en/admin/insight/quickstart/install/big-log-and-trace.html#enabling-big-trace","title":"Enabling Big Trace","text":"There are several ways to enable or upgrade to Big Trace mode:
Using --set in thehelm upgrade
commandModify YAML and run helm upgradeUpgrade via Container Management UI First, run the following Insight upgrade command, ensuring the Kafka brokers address is correct:
helm upgrade insight insight-release/insight \\\n -n insight-system \\\n -f ./insight.yaml \\\n --set global.kafka.brokers=\"10.6.216.111:30592\" \\\n --set global.kafka.enabled=true \\\n --set global.tracing.kafkaReceiver.enabled=true \\\n --version 0.30.1\n
Then, run the following insight-agent upgrade command, ensuring the Kafka brokers address is correct:
helm upgrade insight-agent insight-release/insight-agent \\\n -n insight-system \\\n -f ./insight-agent.yaml \\\n --set global.exporters.trace.kafka.brokers=\"10.6.216.111:30592\" \\\n --set global.exporters.trace.output=kafka \\\n --version 0.30.1\n
Follow these steps to modify the YAML and then run the helm upgrade
command:
Modify insight.yaml
global:\n ...\n kafka:\n brokers: 10.6.216.111:30592\n enabled: true\n...\ntracing:\n ...\n kafkaReceiver:\n enabled: true\n
Upgrade the Insight component:
helm upgrade insight insight-release/insight \\\n -n insight-system \\\n -f ./insight.yaml \\\n --version 0.30.1\n
Modify insight-agent.yaml
global:\n ...\n exporters:\n ...\n trace:\n ...\n kafka:\n brokers: 10.6.216.111:30592\n output: kafka\n
Upgrade the insight-agent:
helm upgrade insight-agent insight-release/insight-agent \\\n -n insight-system \\\n -f ./insight-agent.yaml \\\n --version 0.30.1\n
In the Container Management module, find the cluster, select Helm Apps from the left navigation bar, and find and update the insight-agent.
In Trace Settings, select kafka for output and fill in the correct brokers address.
Note that after the upgrade is complete, you need to manually restart the insight-agent-opentelemetry-collector and insight-opentelemetry-collector components.
"},{"location":"en/admin/insight/quickstart/install/component-scheduling.html","title":"Custom Insight Component Scheduling Policy","text":"When deploying Insight to a Kubernetes environment, proper resource management and optimization are crucial. Insight includes several core components such as Prometheus, OpenTelemetry, FluentBit, Vector, and Elasticsearch. These components, during their operation, may negatively impact the performance of other pods within the cluster due to resource consumption issues. To effectively manage resources and optimize cluster operations, node affinity becomes an important option.
This page is about how to add taints and node affinity to ensure that each component runs on the appropriate nodes, avoiding resource competition or contention, thereby guranttee the stability and efficiency of the entire Kubernetes cluster.
"},{"location":"en/admin/insight/quickstart/install/component-scheduling.html#configure-dedicated-nodes-for-insight-using-taints","title":"Configure dedicated nodes for Insight using taints","text":"Since the Insight Agent includes DaemonSet components, the configuration method described in this section is to have all components except the Insight DaemonSet run on dedicated nodes.
This is achieved by adding taints to the dedicated nodes and using tolerations to match them. More details can be found in the Kubernetes official documentation.
You can refer to the following commands to add and remove taints on nodes:
# Add taint\nkubectl taint nodes worker1 node.daocloud.io=insight-only:NoSchedule\n\n# Remove taint\nkubectl taint nodes worker1 node.daocloud.io:NoSchedule-\n
There are two ways to schedule Insight components to dedicated nodes:
"},{"location":"en/admin/insight/quickstart/install/component-scheduling.html#1-add-tolerations-for-each-component","title":"1. Add tolerations for each component","text":"Configure the tolerations for the insight-server
and insight-agent
Charts respectively:
server:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n\nui:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n\nrunbook:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n\n# mysql:\nvictoria-metrics-k8s-stack:\n victoria-metrics-operator:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n vmcluster:\n spec:\n vmstorage:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n vmselect:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n vminsert:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n vmalert:\n spec:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n alertmanager:\n spec:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n\njaeger:\n collector:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n query:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n\nopentelemetry-collector-aggregator:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n\nopentelemetry-collector:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n\ngrafana-operator:\n operator:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n grafana:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\nkibana:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n\nelastic-alert:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n\nvector:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n
kube-prometheus-stack:\n prometheus:\n prometheusSpec:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n prometheus-node-exporter:\n tolerations:\n - effect: NoSchedule\n operator: Exists\n prometheusOperator:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n\nkube-state-metrics:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\nopentelemetry-operator:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\nopentelemetry-collector:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\ntailing-sidecar-operator:\n operator:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\nopentelemetry-kubernetes-collector:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\nprometheus-blackbox-exporter:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\netcd-exporter:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\" \n
"},{"location":"en/admin/insight/quickstart/install/component-scheduling.html#2-configure-at-the-namespace-level","title":"2. Configure at the namespace level","text":"Allow pods in the insight-system
namespace to tolerate the node.daocloud.io=insight-only
taint.
Adjust the apiserver
configuration file /etc/kubernetes/manifests/kube-apiserver.yaml
to include PodTolerationRestriction,PodNodeSelector
. See the following picture:
Add an annotation to the insight-system
namespace:
apiVersion: v1\nkind: Namespace\nmetadata:\n name: insight-system\n annotations:\n scheduler.alpha.kubernetes.io/defaultTolerations: '[{\"operator\": \"Equal\", \"effect\": \"NoSchedule\", \"key\": \"node.daocloud.io\", \"value\": \"insight-only\"}]'\n
Restart the components under the insight-system namespace to allow normal scheduling of pods under the insight-system.
"},{"location":"en/admin/insight/quickstart/install/component-scheduling.html#use-node-labels-and-node-affinity-to-manage-component-scheduling","title":"Use node labels and node affinity to manage component scheduling","text":"Info
Node affinity is conceptually similar to nodeSelector
, allowing you to constrain which nodes a pod can be scheduled on based on labels on the nodes. There are two types of node affinity:
For more details, please refer to the Kubernetes official documentation.
To meet different user needs for scheduling Insight components, Insight provides fine-grained labels for different components' scheduling policies. Below is a description of the labels and their associated components:
Label Key Label Value Descriptionnode.daocloud.io/insight-any
Any value, recommended to use true
Represents that all Insight components prefer nodes with this label node.daocloud.io/insight-prometheus
Any value, recommended to use true
Specifically for Prometheus components node.daocloud.io/insight-vmstorage
Any value, recommended to use true
Specifically for VictoriaMetrics vmstorage components node.daocloud.io/insight-vector
Any value, recommended to use true
Specifically for Vector components node.daocloud.io/insight-otel-col
Any value, recommended to use true
Specifically for OpenTelemetry components You can refer to the following commands to add and remove labels on nodes:
# Add label to node8, prioritizing scheduling insight-prometheus to node8 \nkubectl label nodes node8 node.daocloud.io/insight-prometheus=true\n\n# Remove the node.daocloud.io/insight-prometheus label from node8\nkubectl label nodes node8 node.daocloud.io/insight-prometheus-\n
Below is the default affinity preference for the insight-prometheus component during deployment:
affinity:\n nodeAffinity:\n preferredDuringSchedulingIgnoredDuringExecution:\n - preference:\n matchExpressions:\n - key: node-role.kubernetes.io/control-plane\n operator: DoesNotExist\n weight: 1\n - preference:\n matchExpressions:\n - key: node.daocloud.io/insight-prometheus # (1)!\n operator: Exists\n weight: 2\n - preference:\n matchExpressions:\n - key: node.daocloud.io/insight-any\n operator: Exists\n weight: 3\n podAntiAffinity:\n preferredDuringSchedulingIgnoredDuringExecution:\n - weight: 1\n podAffinityTerm:\n topologyKey: kubernetes.io/hostname\n labelSelector:\n matchExpressions:\n - key: app.kubernetes.io/instance\n operator: In\n values:\n - insight-agent-kube-prometh-prometheus\n
Insight is a product for unified observation of multiple clusters. To achieve unified storage and querying of observation data from multiple clusters, sub-clusters need to report the collected observation data to the global service cluster for unified storage. This document provides the required address of the storage component when installing the collection component insight-agent.
"},{"location":"en/admin/insight/quickstart/install/gethosturl.html#install-insight-agent-in-global-service-cluster","title":"Install insight-agent in Global Service Cluster","text":"If installing insight-agent in the global service cluster, it is recommended to access the cluster via domain name:
export vminsert_host=\"vminsert-insight-victoria-metrics-k8s-stack.insight-system.svc.cluster.local\" # (1)!\nexport es_host=\"insight-es-master.insight-system.svc.cluster.local\" # (2)!\nexport otel_col_host=\"insight-opentelemetry-collector.insight-system.svc.cluster.local\" # (3)!\n
"},{"location":"en/admin/insight/quickstart/install/gethosturl.html#install-insight-agent-in-other-clusters","title":"Install insight-agent in Other Clusters","text":""},{"location":"en/admin/insight/quickstart/install/gethosturl.html#get-address-via-interface-provided-by-insight-server","title":"Get Address via Interface Provided by Insight Server","text":"The management cluster uses the default LoadBalancer mode for exposure.
Log in to the console of the global service cluster and run the following command:
export INSIGHT_SERVER_IP=$(kubectl get service insight-server -n insight-system --output=jsonpath={.spec.clusterIP})\ncurl --location --request POST 'http://'\"${INSIGHT_SERVER_IP}\"'/apis/insight.io/v1alpha1/agentinstallparam'\n
Note
Please replace the ${INSIGHT_SERVER_IP}
parameter in the command.
You will get the following response:
{\n \"values\": {\n \"global\": {\n \"exporters\": {\n \"logging\": {\n \"host\": \"10.6.182.32\"\n },\n \"metric\": {\n \"host\": \"10.6.182.32\"\n },\n \"auditLog\": {\n \"host\": \"10.6.182.32\"\n },\n \"trace\": {\n \"host\": \"10.6.182.32\"\n }\n }\n },\n \"opentelemetry-operator\": {\n \"enabled\": true\n },\n \"opentelemetry-collector\": {\n \"enabled\": true\n }\n }\n}\n
global.exporters.logging.host
is the log service address, no need to set the proper service port, the default value will be used.global.exporters.metric.host
is the metrics service address.global.exporters.trace.host
is the trace service address.global.exporters.auditLog.host
is the audit log service address (same service as trace but different port).Management cluster disables LoadBalancer
When calling the interface, you need to additionally pass an externally accessible node IP from the cluster, which will be used to construct the complete access address of the proper service.
export INSIGHT_SERVER_IP=$(kubectl get service insight-server -n insight-system --output=jsonpath={.spec.clusterIP})\ncurl --location --request POST 'http://'\"${INSIGHT_SERVER_IP}\"'/apis/insight.io/v1alpha1/agentinstallparam' --data '{\"extra\": {\"EXPORTER_EXTERNAL_IP\": \"10.5.14.51\"}}'\n
You will get the following response:
{\n \"values\": {\n \"global\": {\n \"exporters\": {\n \"logging\": {\n \"scheme\": \"https\",\n \"host\": \"10.5.14.51\",\n \"port\": 32007,\n \"user\": \"elastic\",\n \"password\": \"j8V1oVoM1184HvQ1F3C8Pom2\"\n },\n \"metric\": {\n \"host\": \"10.5.14.51\",\n \"port\": 30683\n },\n \"auditLog\": {\n \"host\": \"10.5.14.51\",\n \"port\": 30884\n },\n \"trace\": {\n \"host\": \"10.5.14.51\",\n \"port\": 30274\n }\n }\n },\n \"opentelemetry-operator\": {\n \"enabled\": true\n },\n \"opentelemetry-collector\": {\n \"enabled\": true\n }\n }\n}\n
global.exporters.logging.host
is the log service address.global.exporters.logging.port
is the NodePort exposed by the log service.global.exporters.metric.host
is the metrics service address.global.exporters.metric.port
is the NodePort exposed by the metrics service.global.exporters.trace.host
is the trace service address.global.exporters.trace.port
is the NodePort exposed by the trace service.global.exporters.auditLog.host
is the audit log service address (same service as trace but different port).global.exporters.auditLog.port
is the NodePort exposed by the audit log service.If LoadBalancer
is enabled in the cluster and a VIP
is set for Insight, you can manually execute the following command to obtain the address information for vminsert
and opentelemetry-collector
:
$ kubectl get service -n insight-system | grep lb\nlb-insight-opentelemetry-collector LoadBalancer 10.233.23.12 <pending> 4317:31286/TCP,8006:31351/TCP 24d\nlb-vminsert-insight-victoria-metrics-k8s-stack LoadBalancer 10.233.63.67 <pending> 8480:31629/TCP 24d\n
lb-vminsert-insight-victoria-metrics-k8s-stack
is the address for the metrics service.lb-insight-opentelemetry-collector
is the address for the tracing service.Execute the following command to obtain the address information for elasticsearch
:
$ kubectl get service -n mcamel-system | grep es\nmcamel-common-es-cluster-masters-es-http NodePort 10.233.16.120 <none> 9200:30465/TCP 47d\n
mcamel-common-es-cluster-masters-es-http
is the address for the logging service.
The LoadBalancer feature is disabled in the global service cluster.
In this case, the LoadBalancer resources mentioned above will not be created by default. The relevant service names are:
After obtaining the proper port information for the services in the above two scenarios, make the following settings:
--set global.exporters.logging.host= # (1)!\n--set global.exporters.logging.port= # (2)!\n--set global.exporters.metric.host= # (3)!\n--set global.exporters.metric.port= # (4)!\n--set global.exporters.trace.host= # (5)!\n--set global.exporters.trace.port= # (6)!\n--set global.exporters.auditLog.host= # (7)!\n
insight-agent is a plugin for collecting insight data, supporting unified observation of metrics, links, and log data. This article describes how to install insight-agent in an online environment for the accessed cluster.
"},{"location":"en/admin/insight/quickstart/install/install-agent.html#prerequisites","title":"Prerequisites","text":"Please confirm that your cluster has successfully connected to the container management platform. You can refer to Integrate Clusters for details.
"},{"location":"en/admin/insight/quickstart/install/install-agent.html#steps","title":"Steps","text":"Enter Container Management from the left navigation bar, and enter Clusters . Find the cluster where you want to install insight-agent.
Choose Install now to jump, or click the cluster and click Helm Apps -> Helm Templates in the left navigation bar, search for insight-agent in the search box, and click it for details.
Select the appropriate version and click Install .
Fill in the name, select the namespace and version, and fill in the addresses of logging, metric, audit, and trace reporting data in the yaml file. The system has filled in the address of the component for data reporting by default, please check it before clicking OK to install.
If you need to modify the data reporting address, please refer to Get Data Reporting Address.
The system will automatically return to Helm Apps . When the application status changes from Unknown to Deployed , it means that insight-agent is installed successfully.
Note
Click \u2507 on the far right, and you can perform more operations such as Update , View YAML and Delete in the pop-up menu.
This page lists some issues related to the installation and uninstallation of Insight Agent and their workarounds.
"},{"location":"en/admin/insight/quickstart/install/knownissues.html#uninstallation-failure-of-insight-agent","title":"Uninstallation Failure of Insight Agent","text":"When you run the following command to uninstall Insight Agent,
helm uninstall insight agent\n
The tls secret
used by otel-operator
is failed to uninstall.
Due to the logic of \"reusing tls secret\" in the following code of otel-operator
, it checks whether MutationConfiguration
exists and reuses the CA cert bound in MutationConfiguration. However, since helm uninstall
has uninstalled MutationConfiguration
, it results in a null value.
Therefore, please manually delete the proper secret
using one of the following methods:
Delete via command line: Log in to the console of the target cluster and run the following command:
kubectl -n insight-system delete secret insight-agent-opentelemetry-operator-controller-manager-service-cert\n
Delete via UI: Log in to AI platform container management, select the target cluster, select Secret from the left menu, input insight-agent-opentelemetry-operator-controller-manager-service-cert
, then select Delete
.
When updating the log configuration of the insight-agent from Elasticsearch to Kafka or from Kafka to Elasticsearch, the changes do not take effect and the agent continues to use the previous configuration.
Solution :
Manually restart Fluent Bit in the cluster.
"},{"location":"en/admin/insight/quickstart/install/knownissues.html#podmonitor-collects-multiple-sets-of-jvm-metrics","title":"PodMonitor Collects Multiple Sets of JVM Metrics","text":"In this version, there is a defect in PodMonitor/insight-kubernetes-pod: it will incorrectly create Jobs to collect metrics for all containers in Pods that are marked with insight.opentelemetry.io/metric-scrape=true
, instead of only the containers proper to insight.opentelemetry.io/metric-port
.
After PodMonitor is declared, PrometheusOperator will pre-configure some service discovery configurations. Considering the compatibility of CRDs, it is abandoned to configure the collection tasks through annotations.
Use the additional scrape config mechanism provided by Prometheus to configure the service discovery rules in a secret and introduce them into Prometheus.
Therefore:
In the new rule, action: keepequal is used to compare the consistency between source_labels and target_label to determine whether to create collection tasks for the ports of a container. Note that this feature is only available in Prometheus v2.41.0 (2022-12-20) and higher.
+ - source_labels: [__meta_kubernetes_pod_annotation_insight_opentelemetry_io_metric_port]\n+ separator: ;\n+ target_label: __meta_kubernetes_pod_container_port_number\n+ action: keepequal\n
"},{"location":"en/admin/insight/quickstart/install/upgrade-note.html","title":"Upgrade Notes","text":"This page provides some considerations for upgrading insight-server and insight-agent.
"},{"location":"en/admin/insight/quickstart/install/upgrade-note.html#upgrade-from-v028x-or-lower-to-v029x","title":"Upgrade from v0.28.x (or lower) to v0.29.x","text":"Due to the upgrade of the Opentelemetry community operator chart version in v0.29.0, the supported values for featureGates
in the values file have changed. Therefore, before upgrading, you need to set the value of featureGates
to empty, as follows:
- --set opentelemetry-operator.manager.featureGates=\"+operator.autoinstrumentation.go,+operator.autoinstrumentation.multi-instrumentation,+operator.autoinstrumentation.nginx\" \\\n+ --set opentelemetry-operator.manager.featureGates=\"\"\n
"},{"location":"en/admin/insight/quickstart/install/upgrade-note.html#upgrade-from-v026x-or-lower-to-v027x-or-higher","title":"Upgrade from v0.26.x (or lower) to v0.27.x or higher","text":"In v0.27.x, the switch for the vector component has been separated. If the existing environment has vector enabled, you need to specify --set vector.enabled=true
when upgrading the insight-server.
Before upgrading Insight , you need to manually delete the jaeger-collector and jaeger-query deployments by running the following command:
kubectl -n insight-system delete deployment insight-jaeger-collector\nkubectl -n insight-system delete deployment insight-jaeger-query\n
"},{"location":"en/admin/insight/quickstart/install/upgrade-note.html#upgrade-from-v017x-or-lower-to-v018x","title":"Upgrade from v0.17.x (or lower) to v0.18.x","text":"In v0.18.x, there have been updates to the Jaeger-related deployment files, so you need to manually run the following commands before upgrading insight-server:
kubectl -n insight-system delete deployment insight-jaeger-collector\nkubectl -n insight-system delete deployment insight-jaeger-query\n
There have been changes to metric names in v0.18.x, so after upgrading insight-server, insight-agent should also be upgraded.
In addition, the parameters for enabling the tracing module and adjusting the ElasticSearch connection have been modified. Refer to the following parameters:
+ --set global.tracing.enable=true \\\n- --set jaeger.collector.enabled=true \\\n- --set jaeger.query.enabled=true \\\n+ --set global.elasticsearch.scheme=${your-external-elasticsearch-scheme} \\\n+ --set global.elasticsearch.host=${your-external-elasticsearch-host} \\\n+ --set global.elasticsearch.port=${your-external-elasticsearch-port} \\\n+ --set global.elasticsearch.user=${your-external-elasticsearch-username} \\\n+ --set global.elasticsearch.password=${your-external-elasticsearch-password} \\\n- --set jaeger.storage.elasticsearch.scheme=${your-external-elasticsearch-scheme} \\\n- --set jaeger.storage.elasticsearch.host=${your-external-elasticsearch-host} \\\n- --set jaeger.storage.elasticsearch.port=${your-external-elasticsearch-port} \\\n- --set jaeger.storage.elasticsearch.user=${your-external-elasticsearch-username} \\\n- --set jaeger.storage.elasticsearch.password=${your-external-elasticsearch-password} \\\n
"},{"location":"en/admin/insight/quickstart/install/upgrade-note.html#upgrade-from-v015x-or-lower-to-v016x","title":"Upgrade from v0.15.x (or lower) to v0.16.x","text":"In v0.16.x, a new feature parameter disableRouteContinueEnforce
in the vmalertmanagers CRD
is used. Therefore, you need to manually run the following command before upgrading insight-server:
kubectl apply --server-side -f https://raw.githubusercontent.com/VictoriaMetrics/operator/v0.33.0/config/crd/bases/operator.victoriametrics.com_vmalertmanagers.yaml --force-conflicts\n
Note
If you are performing an offline installation, after extracting the insight offline package, please run the following command to update CRDs.
kubectl apply --server-side -f insight/dependency-crds --force-conflicts \n
"},{"location":"en/admin/insight/quickstart/install/upgrade-note.html#upgrade-from-v023x-or-lower-to-v024x","title":"Upgrade from v0.23.x (or lower) to v0.24.x","text":"In v0.24.x, CRDs have been added to the OTEL operator chart
. However, helm upgrade does not update CRDs, so you need to manually run the following command:
kubectl apply -f https://raw.githubusercontent.com/open-telemetry/opentelemetry-helm-charts/main/charts/opentelemetry-operator/crds/crd-opentelemetry.io_opampbridges.yaml\n
If you are performing an offline installation, you can find the above CRD yaml file after extracting the insight-agent offline package. After extracting the insight-agent Chart, manually run the following command:
kubectl apply -f charts/agent/crds/crd-opentelemetry.io_opampbridges.yaml\n
"},{"location":"en/admin/insight/quickstart/install/upgrade-note.html#upgrade-from-v019x-or-lower-to-v020x","title":"Upgrade from v0.19.x (or lower) to v0.20.x","text":"In v0.20.x, Kafka log export configuration has been added, and there have been some adjustments to the log export configuration. Before upgrading insight-agent , please note the parameter changes. The previous logging configuration has been moved to the logging.elasticsearch configuration:
- --set global.exporters.logging.host \\\n- --set global.exporters.logging.port \\\n+ --set global.exporters.logging.elasticsearch.host \\\n+ --set global.exporters.logging.elasticsearch.port \\\n
"},{"location":"en/admin/insight/quickstart/install/upgrade-note.html#upgrade-from-v017x-or-lower-to-v018x_1","title":"Upgrade from v0.17.x (or lower) to v0.18.x","text":"Due to the updated deployment files for Jaeger In v0.18.x, it is important to note the changes in parameters before upgrading the insight-agent.
+ --set global.exporters.trace.enable=true \\\n- --set opentelemetry-collector.enabled=true \\\n- --set opentelemetry-operator.enabled=true \\\n
"},{"location":"en/admin/insight/quickstart/install/upgrade-note.html#upgrade-from-v016x-or-lower-to-v017x","title":"Upgrade from v0.16.x (or lower) to v0.17.x","text":"In v0.17.x, the kube-prometheus-stack chart version was upgraded from 41.9.1 to 45.28.1, and there were also some field upgrades in the CRD used, such as the attachMetadata field of servicemonitor. Therefore, the following command needs to be rund before upgrading the insight-agent:
kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.65.1/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --force-conflicts\n
If you are performing an offline installation, you can find the yaml for the above CRD in insight-agent/dependency-crds after extracting the insight-agent offline package.
"},{"location":"en/admin/insight/quickstart/install/upgrade-note.html#upgrade-from-v011x-or-earlier-to-v012x","title":"Upgrade from v0.11.x (or earlier) to v0.12.x","text":"v0.12.x upgrades kube-prometheus-stack chart from 39.6.0 to 41.9.1, including prometheus-operator to v0.60.1, prometheus-node-exporter chart to v4.3.0. Prometheus-node-exporter uses Kubernetes recommended label after upgrading, so you need to delete node-exporter daemonset. prometheus-operator has updated the CRD, so you need to run the following command before upgrading the insight-agent:
kubectl delete daemonset insight-agent-prometheus-node-exporter -n insight-system\nkubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml --force- conflicts\nkubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml --force- conflicts\nkubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml --force- conflicts\nkubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml --force- conflicts\nkubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml --force- conflicts\nkubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml --force- conflicts\nkubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --force- conflicts\nkubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml --force- conflicts\n
Note
If you are installing offline, you can run the following command to update the CRD after decompressing the insight-agent offline package.
kubectl apply --server-side -f insight-agent/dependency-crds --force-conflicts\n
"},{"location":"en/admin/insight/quickstart/otel/operator.html","title":"Enhance Applications Non-Intrusively with Operators","text":"Currently, only Java, Node.js, Python, .NET, and Golang support non-intrusive integration through the Operator approach.
"},{"location":"en/admin/insight/quickstart/otel/operator.html#prerequisites","title":"Prerequisites","text":"Please ensure that the insight-agent is ready. If not, please refer to Install insight-agent for data collection and make sure the following three items are ready:
Tip
Starting from Insight v0.22.0, there is no longer a need to manually install the Instrumentation CR.
Install it in the insight-system namespace. There are some minor differences between different versions.
Insight v0.21.xInsight v0.20.xInsight v0.18.xInsight v0.17.xInsight v0.16.xK8S_CLUSTER_UID=$(kubectl get namespace kube-system -o jsonpath='{.metadata.uid}')\nkubectl apply -f - <<EOF\napiVersion: opentelemetry.io/v1alpha1\nkind: Instrumentation\nmetadata:\n name: insight-opentelemetry-autoinstrumentation\n namespace: insight-system\nspec:\n # https://github.com/open-telemetry/opentelemetry-operator/blob/main/docs/api.md#instrumentationspecresource\n resource:\n addK8sUIDAttributes: true\n env:\n - name: OTEL_EXPORTER_OTLP_ENDPOINT\n value: http://insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317\n sampler:\n # Enum: always_on, always_off, traceidratio, parentbased_always_on, parentbased_always_off, parentbased_traceidratio, jaeger_remote, xray\n type: always_on\n java:\n image: ghcr.m.daocloud.io/openinsight-proj/autoinstrumentation-java:1.31.0\n env:\n - name: OTEL_JAVAAGENT_DEBUG\n value: \"false\"\n - name: OTEL_INSTRUMENTATION_JDBC_ENABLED\n value: \"true\"\n - name: SPLUNK_PROFILER_ENABLED\n value: \"false\"\n - name: OTEL_METRICS_EXPORTER\n value: \"prometheus\"\n - name: OTEL_METRICS_EXPORTER_PORT\n value: \"9464\"\n - name: OTEL_K8S_CLUSTER_UID\n value: $K8S_CLUSTER_UID\n nodejs:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-nodejs:0.41.1\n python:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-python:0.40b0\n dotnet:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-dotnet:1.0.0\n go:\n # Must set the default value manually for now.\n # See https://github.com/open-telemetry/opentelemetry-operator/issues/1756 for details.\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-go-instrumentation/autoinstrumentation-go:v0.2.2-alpha\nEOF\n
kubectl apply -f - <<EOF\napiVersion: opentelemetry.io/v1alpha1\nkind: Instrumentation\nmetadata:\n name: insight-opentelemetry-autoinstrumentation\n namespace: insight-system\nspec:\n # https://github.com/open-telemetry/opentelemetry-operator/blob/main/docs/api.md#instrumentationspecresource\n resource:\n addK8sUIDAttributes: true\n env:\n - name: OTEL_EXPORTER_OTLP_ENDPOINT\n value: http://insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317\n sampler:\n # Enum: always_on, always_off, traceidratio, parentbased_always_on, parentbased_always_off, parentbased_traceidratio, jaeger_remote, xray\n type: always_on\n java:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-java:1.29.0\n env:\n - name: OTEL_JAVAAGENT_DEBUG\n value: \"false\"\n - name: OTEL_INSTRUMENTATION_JDBC_ENABLED\n value: \"true\"\n - name: SPLUNK_PROFILER_ENABLED\n value: \"false\"\n - name: OTEL_METRICS_EXPORTER\n value: \"prometheus\"\n - name: OTEL_METRICS_EXPORTER_PORT\n value: \"9464\"\n nodejs:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-nodejs:0.41.1\n python:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-python:0.40b0\n dotnet:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-dotnet:1.0.0-rc.2\n go:\n # Must set the default value manually for now.\n # See https://github.com/open-telemetry/opentelemetry-operator/issues/1756 for details.\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-go-instrumentation/autoinstrumentation-go:v0.2.2-alpha\nEOF\n
kubectl apply -f - <<EOF\napiVersion: opentelemetry.io/v1alpha1\nkind: Instrumentation\nmetadata:\n name: insight-opentelemetry-autoinstrumentation\n namespace: insight-system\nspec:\n # https://github.com/open-telemetry/opentelemetry-operator/blob/main/docs/api.md#instrumentationspecresource\n resource:\n addK8sUIDAttributes: true\n env:\n - name: OTEL_EXPORTER_OTLP_ENDPOINT\n value: http://insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317\n sampler:\n # Enum: always_on, always_off, traceidratio, parentbased_always_on, parentbased_always_off, parentbased_traceidratio, jaeger_remote, xray\n type: always_on\n java:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-java:1.25.0\n env:\n - name: OTEL_JAVAAGENT_DEBUG\n value: \"false\"\n - name: OTEL_INSTRUMENTATION_JDBC_ENABLED\n value: \"true\"\n - name: SPLUNK_PROFILER_ENABLED\n value: \"false\"\n - name: OTEL_METRICS_EXPORTER\n value: \"prometheus\"\n - name: OTEL_METRICS_EXPORTER_PORT\n value: \"9464\"\n nodejs:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-nodejs:0.37.0\n python:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-python:0.38b0\n go:\n # Must set the default value manually for now.\n # See https://github.com/open-telemetry/opentelemetry-operator/issues/1756 for details.\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-go-instrumentation/autoinstrumentation-go:v0.2.1-alpha\nEOF\n
kubectl apply -f - <<EOF\napiVersion: opentelemetry.io/v1alpha1\nkind: Instrumentation\nmetadata:\n name: insight-opentelemetry-autoinstrumentation\n namespace: insight-system\nspec:\n # https://github.com/open-telemetry/opentelemetry-operator/blob/main/docs/api.md#instrumentationspecresource\n resource:\n addK8sUIDAttributes: true\n env:\n - name: OTEL_EXPORTER_OTLP_ENDPOINT\n value: http://insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317\n sampler:\n # Enum: always_on, always_off, traceidratio, parentbased_always_on, parentbased_always_off, parentbased_traceidratio, jaeger_remote, xray\n type: always_on\n java:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-java:1.23.0\n env:\n - name: OTEL_JAVAAGENT_DEBUG\n value: \"false\"\n - name: OTEL_INSTRUMENTATION_JDBC_ENABLED\n value: \"true\"\n - name: SPLUNK_PROFILER_ENABLED\n value: \"false\"\n - name: OTEL_METRICS_EXPORTER\n value: \"prometheus\"\n - name: OTEL_METRICS_EXPORTER_PORT\n value: \"9464\"\n nodejs:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-nodejs:0.34.0\n python:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-python:0.33b0\nEOF\n
kubectl apply -f - <<EOF\napiVersion: opentelemetry.io/v1alpha1\nkind: Instrumentation\nmetadata:\n name: insight-opentelemetry-autoinstrumentation\n namespace: insight-system\nspec:\n # https://github.com/open-telemetry/opentelemetry-operator/blob/main/docs/api.md#instrumentationspecresource\n resource:\n addK8sUIDAttributes: true\n env:\n - name: OTEL_EXPORTER_OTLP_ENDPOINT\n value: http://insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317\n sampler:\n # Enum: always_on, always_off, traceidratio, parentbased_always_on, parentbased_always_off, parentbased_traceidratio, jaeger_remote, xray\n type: always_on\n java:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-java:1.23.0\n env:\n - name: OTEL_JAVAAGENT_DEBUG\n value: \"false\"\n - name: OTEL_INSTRUMENTATION_JDBC_ENABLED\n value: \"true\"\n - name: SPLUNK_PROFILER_ENABLED\n value: \"false\"\n - name: OTEL_METRICS_EXPORTER\n value: \"prometheus\"\n - name: OTEL_METRICS_EXPORTER_PORT\n value: \"9464\"\n nodejs:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-nodejs:0.34.0\n python:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-python:0.33b0\nEOF\n
"},{"location":"en/admin/insight/quickstart/otel/operator.html#works-with-the-service-mesh-product-mspider","title":"Works with the Service Mesh Product (Mspider)","text":"If you enable the tracing capability of the Mspider(Service Mesh), you need to add an additional environment variable injection configuration:
"},{"location":"en/admin/insight/quickstart/otel/operator.html#the-operation-steps-are-as-follows","title":"The operation steps are as follows","text":"Select the insight-system namespace, then edit insight-opentelemetry-autoinstrumentation, and add the following content under spec:env:
:
- name: OTEL_SERVICE_NAME\n valueFrom:\n fieldRef:\n fieldPath: metadata.labels['app'] \n
The complete example (for Insight v0.21.x) is as follows:
K8S_CLUSTER_UID=$(kubectl get namespace kube-system -o jsonpath='{.metadata.uid}')\nkubectl apply -f - <<EOF\napiVersion: opentelemetry.io/v1alpha1\nkind: Instrumentation\nmetadata:\n name: insight-opentelemetry-autoinstrumentation\n namespace: insight-system\nspec:\n # https://github.com/open-telemetry/opentelemetry-operator/blob/main/docs/api.md#instrumentationspecresource\n resource:\n addK8sUIDAttributes: true\n env:\n - name: OTEL_EXPORTER_OTLP_ENDPOINT\n value: http://insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317\n - name: OTEL_SERVICE_NAME\n valueFrom:\n fieldRef:\n fieldPath: metadata.labels['app'] \n sampler:\n # Enum: always_on, always_off, traceidratio, parentbased_always_on, parentbased_always_off, parentbased_traceidratio, jaeger_remote, xray\n type: always_on\n java:\n image: ghcr.m.daocloud.io/openinsight-proj/autoinstrumentation-java:1.31.0\n env:\n - name: OTEL_JAVAAGENT_DEBUG\n value: \"false\"\n - name: OTEL_INSTRUMENTATION_JDBC_ENABLED\n value: \"true\"\n - name: SPLUNK_PROFILER_ENABLED\n value: \"false\"\n - name: OTEL_METRICS_EXPORTER\n value: \"prometheus\"\n - name: OTEL_METRICS_EXPORTER_PORT\n value: \"9464\"\n - name: OTEL_K8S_CLUSTER_UID\n value: $K8S_CLUSTER_UID\n nodejs:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-nodejs:0.41.1\n python:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-python:0.40b0\n dotnet:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-dotnet:1.0.0\n go:\n # Must set the default value manually for now.\n # See https://github.com/open-telemetry/opentelemetry-operator/issues/1756 for details.\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-go-instrumentation/autoinstrumentation-go:v0.2.2-alpha\nEOF\n
After the above is ready, you can access traces for the application through annotations (Annotation). Otel currently supports accessing traces through annotations. Depending on the service language, different pod annotations need to be added. Each service can add one of two types of annotations:
Only inject environment variable annotations
There is only one such annotation, which is used to add otel-related environment variables, such as link reporting address, cluster id where the container is located, and namespace (this annotation is very useful when the application does not support automatic probe language)
instrumentation.opentelemetry.io/inject-sdk: \"insight-system/insight-opentelemetry-autoinstrumentation\"\n
The value is divided into two parts by /
, the first value (insight-system) is the namespace of the CR installed in the previous step, and the second value (insight-opentelemetry-autoinstrumentation) is the name of the CR.
Automatic probe injection and environment variable injection annotations
There are currently 4 such annotations, proper to 4 different programming languages: java, nodejs, python, dotnet. After using it, automatic probes and otel default environment variables will be injected into the first container under spec.pod:
Java applicationNodeJs applicationPython applicationDotnet applicationGolang applicationinstrumentation.opentelemetry.io/inject-java: \"insight-system/insight-opentelemetry-autoinstrumentation\"\n
instrumentation.opentelemetry.io/inject-nodejs: \"insight-system/insight-opentelemetry-autoinstrumentation\"\n
instrumentation.opentelemetry.io/inject-python: \"insight-system/insight-opentelemetry-autoinstrumentation\"\n
instrumentation.opentelemetry.io/inject-dotnet: \"insight-system/insight-opentelemetry-autoinstrumentation\"\n
Since Go's automatic detection requires the setting of OTEL_GO_AUTO_TARGET_EXE, you must provide a valid executable path through annotations or Instrumentation resources. Failure to set this value will result in the termination of Go's automatic detection injection, leading to a failure in the connection trace.
instrumentation.opentelemetry.io/inject-go: \"insight-system/insight-opentelemetry-autoinstrumentation\"\ninstrumentation.opentelemetry.io/otel-go-auto-target-exe: \"/path/to/container/executable\"\n
Go's automatic detection also requires elevated permissions. The following permissions are automatically set and are necessary.
securityContext:\n privileged: true\n runAsUser: 0\n
Tip
The OpenTelemetry Operator automatically adds some OTel-related environment variables when injecting probes and also supports overriding these variables. The priority order for overriding these environment variables is as follows:
original container env vars -> language specific env vars -> common env vars -> instrument spec configs' vars\n
However, it is important to avoid manually overriding OTEL_RESOURCE_ATTRIBUTES_NODE_NAME . This variable serves as an identifier within the operator to determine if a pod has already been injected with a probe. Manually adding this variable may prevent the probe from being injected successfully.
"},{"location":"en/admin/insight/quickstart/otel/operator.html#automatic-injection-demo","title":"Automatic injection Demo","text":"Note that the annotation
is added under spec.annotations.
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: my-app\n labels:\n app: my-app\nspec:\n selector:\n matchLabels:\n app: my-app\n replicas: 1\n template:\n metadata:\n labels:\n app: my-app\n annotations:\n instrumentation.opentelemetry.io/inject-java: \"insight-system/insight-opentelemetry-autoinstrumentation\"\n spec:\n containers:\n - name: myapp\n image: jaegertracing/vertx-create-span:operator-e2e-tests\n ports:\n - containerPort: 8080\n protocol: TCP\n
The final generated YAML is as follows:
apiVersion: v1\nkind: Pod\nmetadata:\n name: my-deployment-with-sidecar-565bd877dd-nqkk6\n generateName: my-deployment-with-sidecar-565bd877dd-\n namespace: default\n uid: aa89ca0d-620c-4d20-8bc1-37d67bad4ea4\n resourceVersion: '2668986'\n creationTimestamp: '2022-04-08T05:58:48Z'\n labels:\n app: my-pod-with-sidecar\n pod-template-hash: 565bd877dd\n annotations:\n cni.projectcalico.org/containerID: 234eae5e55ea53db2a4bc2c0384b9a1021ed3908f82a675e4a92a49a7e80dd61\n cni.projectcalico.org/podIP: 192.168.134.133/32\n cni.projectcalico.org/podIPs: 192.168.134.133/32\n instrumentation.opentelemetry.io/inject-java: \"insight-system/insight-opentelemetry-autoinstrumentation\"\nspec:\n volumes:\n - name: kube-api-access-sp2mz\n projected:\n sources:\n - serviceAccountToken:\n expirationSeconds: 3607\n path: token\n - configMap:\n name: kube-root-ca.crt\n items:\n - key: ca.crt\n path: ca.crt\n - downwardAPI:\n items:\n - path: namespace\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n defaultMode: 420\n - name: opentelemetry-auto-instrumentation\n emptyDir: {}\n initContainers:\n - name: opentelemetry-auto-instrumentation\n image: >-\n ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-java\n command:\n - cp\n - /javaagent.jar\n - /otel-auto-instrumentation/javaagent.jar\n resources: {}\n volumeMounts:\n - name: opentelemetry-auto-instrumentation\n mountPath: /otel-auto-instrumentation\n - name: kube-api-access-sp2mz\n readOnly: true\n mountPath: /var/run/secrets/kubernetes.io/serviceaccount\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: Always\n containers:\n - name: myapp\n image: ghcr.io/pavolloffay/spring-petclinic:latest\n env:\n - name: OTEL_JAVAAGENT_DEBUG\n value: 'true'\n - name: OTEL_INSTRUMENTATION_JDBC_ENABLED\n value: 'true'\n - name: SPLUNK_PROFILER_ENABLED\n value: 'false'\n - name: JAVA_TOOL_OPTIONS\n value: ' -javaagent:/otel-auto-instrumentation/javaagent.jar'\n - name: OTEL_TRACES_EXPORTER\n value: otlp\n - name: OTEL_EXPORTER_OTLP_ENDPOINT\n value: http://insight-agent-opentelemetry-collector.svc.cluster.local:4317\n - name: OTEL_EXPORTER_OTLP_TIMEOUT\n value: '20'\n - name: OTEL_TRACES_SAMPLER\n value: parentbased_traceidratio\n - name: OTEL_TRACES_SAMPLER_ARG\n value: '0.85'\n - name: SPLUNK_TRACE_RESPONSE_HEADER_ENABLED\n value: 'true'\n - name: OTEL_SERVICE_NAME\n value: my-deployment-with-sidecar\n - name: OTEL_RESOURCE_ATTRIBUTES_POD_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.name\n - name: OTEL_RESOURCE_ATTRIBUTES_POD_UID\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.uid\n - name: OTEL_RESOURCE_ATTRIBUTES_NODE_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: spec.nodeName\n - name: OTEL_RESOURCE_ATTRIBUTES\n value: >-\n k8s.container.name=myapp,k8s.deployment.name=my-deployment-with-sidecar,k8s.deployment.uid=8de6929d-dda0-436c-bca1-604e9ca7ea4e,k8s.namespace.name=default,k8s.node.name=$(OTEL_RESOURCE_ATTRIBUTES_NODE_NAME),k8s.pod.name=$(OTEL_RESOURCE_ATTRIBUTES_POD_NAME),k8s.pod.uid=$(OTEL_RESOURCE_ATTRIBUTES_POD_UID),k8s.replicaset.name=my-deployment-with-sidecar-565bd877dd,k8s.replicaset.uid=190d5f6e-ba7f-4794-b2e6-390b5879a6c4\n - name: OTEL_PROPAGATORS\n value: jaeger,b3\n resources: {}\n volumeMounts:\n - name: kube-api-access-sp2mz\n readOnly: true\n mountPath: /var/run/secrets/kubernetes.io/serviceaccount\n - name: opentelemetry-auto-instrumentation\n mountPath: /otel-auto-instrumentation\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: Always\n restartPolicy: Always\n terminationGracePeriodSeconds: 30\n dnsPolicy: ClusterFirst\n serviceAccountName: default\n serviceAccount: default\n nodeName: k8s-master3\n securityContext:\n runAsUser: 1000\n runAsGroup: 3000\n fsGroup: 2000\n schedulerName: default-scheduler\n tolerations:\n - key: node.kubernetes.io/not-ready\n operator: Exists\n effect: NoExecute\n tolerationSeconds: 300\n - key: node.kubernetes.io/unreachable\n operator: Exists\n effect: NoExecute\n tolerationSeconds: 300\n priority: 0\n enableServiceLinks: true\n preemptionPolicy: PreemptLowerPriority\n
"},{"location":"en/admin/insight/quickstart/otel/operator.html#trace-query","title":"Trace query","text":"How to query the connected services, refer to Trace Query.
"},{"location":"en/admin/insight/quickstart/otel/otel.html","title":"Use OTel to provide the application observability","text":"Enhancement is the process of enabling application code to generate telemetry data. i.e. something that helps you monitor or measure the performance and status of your application.
OpenTelemetry is a leading open source project providing instrumentation libraries for major programming languages \u200b\u200band popular frameworks. It is a project under the Cloud Native Computing Foundation and is supported by the vast resources of the community. It provides a standardized data format for collected data without the need to integrate specific vendors.
Insight supports OpenTelemetry for application instrumentation to enhance your applications.
This guide introduces the basic concepts of telemetry enhancement using OpenTelemetry. OpenTelemetry also has an ecosystem of libraries, plugins, integrations, and other useful tools to extend it. You can find these resources at the OTel Registry.
You can use any open standard library for telemetry enhancement and use Insight as an observability backend to ingest, analyze, and visualize data.
To enhance your code, you can use the enhanced operations provided by OpenTelemetry for specific languages:
Insight currently provides an easy way to enhance .Net NodeJS, Java, Python and Golang applications with OpenTelemetry. Please follow the guidelines below.
"},{"location":"en/admin/insight/quickstart/otel/otel.html#trace-enhancement","title":"Trace Enhancement","text":"This document describes how customers can send trace data to Insight on their own. It mainly includes the following two scenarios:
In each cluster where Insight Agent is installed, there is an insight-agent-otel-col component that is used to receive trace data from that cluster. Therefore, this component serves as the entry point for user access and needs to obtain its address first. You can get the address of the Opentelemetry Collector in the cluster through the AI platform interface, such as insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317 :
In addition, there are some slight differences for different reporting methods:
"},{"location":"en/admin/insight/quickstart/otel/send_tracing_to_insight.html#customer-apps-report-traces-to-insight-through-otel-agentsdk","title":"Customer apps report traces to Insight through OTEL Agent/SDK","text":"To successfully report trace data to Insight and display it properly, it is recommended to provide the required metadata (Resource Attributes) for OTLP through the following environment variables. There are two ways to achieve this:
Manually add them to the deployment YAML file, for example:
...\n- name: OTEL_EXPORTER_OTLP_ENDPOINT\n value: \"http://insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317\"\n- name: \"OTEL_SERVICE_NAME\"\n value: my-java-app-name\n- name: \"OTEL_K8S_NAMESPACE\"\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n- name: OTEL_RESOURCE_ATTRIBUTES_NODE_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: spec.nodeName\n- name: OTEL_RESOURCE_ATTRIBUTES_POD_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.name\n- name: OTEL_RESOURCE_ATTRIBUTES\n value: \"k8s.namespace.name=$(OTEL_K8S_NAMESPACE),k8s.node.name=$(OTEL_RESOURCE_ATTRIBUTES_NODE_NAME),k8s.pod.name=$(OTEL_RESOURCE_ATTRIBUTES_POD_NAME)\"\n
Use the automatic injection capability of Insight Agent to inject the metadata (Resource Attributes)
Ensure that Insight Agent is working properly and after installing the Instrumentation CR, you only need to add the following annotation to the Pod:
instrumentation.opentelemetry.io/inject-sdk: \"insight-system/insight-opentelemetry-autoinstrumentation\"\n
For example:
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: my-deployment-with-aotu-instrumentation\nspec:\n selector:\n matchLabels:\n app.kubernetes.io/name: my-deployment-with-aotu-instrumentation-kuberntes\n replicas: 1\n template:\n metadata:\n labels:\n app.kubernetes.io/name: my-deployment-with-aotu-instrumentation-kuberntes\n annotations:\n sidecar.opentelemetry.io/inject: \"false\"\n instrumentation.opentelemetry.io/inject-sdk: \"insight-system/insight-opentelemetry-autoinstrumentation\"\n
After ensuring that the application has added the metadata mentioned above, you only need to add an OTLP Exporter in your customer's Opentelemetry Collector to forward the trace data to Insight Agent Opentelemetry Collector. Below is an example Opentelemetry Collector configuration file:
...\nexporters:\n otlp/insight:\n endpoint: insight-opentelemetry-collector.insight-system.svc.cluster.local:4317\nservice:\n...\npipelines:\n...\ntraces:\n exporters:\n - otlp/insight\n
"},{"location":"en/admin/insight/quickstart/otel/send_tracing_to_insight.html#references","title":"References","text":"This page contains instructions on how to set up OpenTelemetry enhancements in a Go application.
OpenTelemetry, also known simply as OTel, is an open-source observability framework that helps generate and collect telemetry data: traces, metrics, and logs in Go apps.
"},{"location":"en/admin/insight/quickstart/otel/golang/golang.html#enhance-go-apps-with-the-opentelemetry-sdk","title":"Enhance Go apps with the OpenTelemetry SDK","text":""},{"location":"en/admin/insight/quickstart/otel/golang/golang.html#install-related-dependencies","title":"Install related dependencies","text":"Dependencies related to the OpenTelemetry exporter and SDK must be installed first. If you are using another request router, please refer to request routing. After switching/going into the application source folder run the following command:
go get go.opentelemetry.io/otel@v1.8.0 \\\n go.opentelemetry.io/otel/trace@v1.8.0 \\\n go.opentelemetry.io/otel/sdk@v1.8.0 \\\n go.opentelemetry.io/contrib/instrumentation/github.com/gin-gonic/gin/otelgin@v0.33.0 \\\n go.opentelemetry.io/otel/exporters/otlp/otlptrace@v1.7.0 \\\n go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@v1.4.1\n
"},{"location":"en/admin/insight/quickstart/otel/golang/golang.html#create-an-initialization-feature-using-the-opentelemetry-sdk","title":"Create an initialization feature using the OpenTelemetry SDK","text":"In order for an application to be able to send data, a feature is required to initialize OpenTelemetry. Add the following code snippet to the main.go file:
import (\n \"context\"\n \"os\"\n \"time\"\n\n \"go.opentelemetry.io/otel\"\n \"go.opentelemetry.io/otel/exporters/otlp/otlptrace\"\n \"go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc\"\n \"go.opentelemetry.io/otel/propagation\"\n \"go.opentelemetry.io/otel/sdk/resource\"\n sdktrace \"go.opentelemetry.io/otel/sdk/trace\"\n semconv \"go.opentelemetry.io/otel/semconv/v1.7.0\"\n \"go.uber.org/zap\"\n \"google.golang.org/grpc\"\n)\n\nvar tracerExp *otlptrace.Exporter\n\nfunc retryInitTracer() func() {\n var shutdown func()\n go func() {\n for {\n // otel will reconnected and re-send spans when otel col recover. so, we don't need to re-init tracer exporter.\n if tracerExp == nil {\n shutdown = initTracer()\n } else {\n break\n }\n time.Sleep(time.Minute * 5)\n }\n }()\n return shutdown\n}\n\nfunc initTracer() func() {\n // temporarily set timeout to 10s\n ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)\n defer cancel()\n\n serviceName, ok := os.LookupEnv(\"OTEL_SERVICE_NAME\")\n if !ok {\n serviceName = \"server_name\"\n os.Setenv(\"OTEL_SERVICE_NAME\", serviceName)\n }\n otelAgentAddr, ok := os.LookupEnv(\"OTEL_EXPORTER_OTLP_ENDPOINT\")\n if !ok {\n otelAgentAddr = \"http://localhost:4317\"\n os.Setenv(\"OTEL_EXPORTER_OTLP_ENDPOINT\", otelAgentAddr)\n }\n zap.S().Infof(\"OTLP Trace connect to: %s with service name: %s\", otelAgentAddr, serviceName)\n\n traceExporter, err := otlptracegrpc.New(ctx, otlptracegrpc.WithInsecure(), otlptracegrpc.WithDialOption(grpc.WithBlock()))\n if err != nil {\n handleErr(err, \"OTLP Trace gRPC Creation\")\n return nil\n }\n\n tracerProvider := sdktrace.NewTracerProvider(\n sdktrace.WithBatcher(traceExporter),\n sdktrace.WithSampler(sdktrace.AlwaysSample()),\n sdktrace.WithResource(resource.NewWithAttributes(semconv.SchemaURL)))\n\n otel.SetTracerProvider(tracerProvider)\n otel.SetTextMapPropagator(propagation.NewCompositeTextMapPropagator(propagation.TraceContext{}, propagation.Baggage{}))\n\n tracerExp = traceExporter\n return func() {\n // Shutdown will flush any remaining spans and shut down the exporter.\n handleErr(tracerProvider.Shutdown(ctx), \"failed to shutdown TracerProvider\")\n }\n}\n\nfunc handleErr(err error, message string) {\n if err != nil {\n zap.S().Errorf(\"%s: %v\", message, err)\n }\n}\n
"},{"location":"en/admin/insight/quickstart/otel/golang/golang.html#initialize-tracker-in-maingo","title":"Initialize tracker in main.go","text":"Modify the main feature to initialize the tracker in main.go. Also when your service shuts down, you should call TracerProvider.Shutdown() to ensure all spans are exported. The service makes the call as a deferred feature in the main function:
func main() {\n // start otel tracing\n if shutdown := retryInitTracer(); shutdown != nil {\n defer shutdown()\n }\n ......\n}\n
"},{"location":"en/admin/insight/quickstart/otel/golang/golang.html#add-opentelemetry-gin-middleware-to-the-application","title":"Add OpenTelemetry Gin middleware to the application","text":"Configure Gin to use the middleware by adding the following line to main.go :
import (\n ....\n \"go.opentelemetry.io/contrib/instrumentation/github.com/gin-gonic/gin/otelgin\"\n)\n\nfunc main() {\n ......\n r := gin.Default()\n r.Use(otelgin.Middleware(\"my-app\"))\n ......\n}\n
"},{"location":"en/admin/insight/quickstart/otel/golang/golang.html#run-the-application","title":"Run the application","text":"Local debugging and running
Note: This step is only used for local development and debugging. In the production environment, the Operator will automatically complete the injection of the following environment variables.
The above steps have completed the work of initializing the SDK. Now if you need to develop and debug locally, you need to obtain the address of insight-agent-opentelemerty-collector in the insight-system namespace in advance, assuming: insight-agent-opentelemetry-collector .insight-system.svc.cluster.local:4317 .
Therefore, you can add the following environment variables when you start the application locally:
OTEL_SERVICE_NAME=my-golang-app OTEL_EXPORTER_OTLP_ENDPOINT=http://insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317 go run main.go...\n
Running in a production environment
Please refer to the introduction of Only injecting environment variable annotations in Achieving non-intrusive enhancement of applications through Operators to add annotations to deployment yaml:
instrumentation.opentelemetry.io/inject-sdk: \"insight-system/insight-opentelemetry-autoinstrumentation\"\n
If you cannot use annotations, you can manually add the following environment variables to the deployment yaml:
\u00b7\u00b7\u00b7\u00b7\u00b7\u00b7\nenv:\n - name: OTEL_EXPORTER_OTLP_ENDPOINT\n value: 'http://insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317'\n - name: OTEL_SERVICE_NAME\n value: \"your depolyment name\" # modify it.\n - name: OTEL_K8S_NAMESPACE\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n - name: OTEL_RESOURCE_ATTRIBUTES_NODE_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: spec.nodeName\n - name: OTEL_RESOURCE_ATTRIBUTES_POD_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.name\n - name: OTEL_RESOURCE_ATTRIBUTES\n value: 'k8s.namespace.name=$(OTEL_K8S_NAMESPACE),k8s.node.name=$(OTEL_RESOURCE_ATTRIBUTES_NODE_NAME),k8s.pod.name=$(OTEL_RESOURCE_ATTRIBUTES_POD_NAME)'\n\u00b7\u00b7\u00b7\u00b7\u00b7\u00b7\n
"},{"location":"en/admin/insight/quickstart/otel/golang/golang.html#request-routing","title":"Request Routing","text":""},{"location":"en/admin/insight/quickstart/otel/golang/golang.html#opentelemetry-gingonic-enhancements","title":"OpenTelemetry gin/gonic enhancements","text":"# Add one line to your import() stanza depending upon your request router:\nmiddleware \"go.opentelemetry.io/contrib/instrumentation/github.com/gin-gonic/gin/otelgin\"\n
Then inject the OpenTelemetry middleware:
router. Use(middleware. Middleware(\"my-app\"))\n
"},{"location":"en/admin/insight/quickstart/otel/golang/golang.html#opentelemetry-gorillamux-enhancements","title":"OpenTelemetry gorillamux enhancements","text":"# Add one line to your import() stanza depending upon your request router:\nmiddleware \"go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux\"\n
Then inject the OpenTelemetry middleware:
router. Use(middleware. Middleware(\"my-app\"))\n
"},{"location":"en/admin/insight/quickstart/otel/golang/golang.html#grpc-enhancements","title":"gRPC enhancements","text":"Likewise, OpenTelemetry can help you auto-detect gRPC requests. To detect any gRPC server you have, add the interceptor to the server's instantiation.
import (\n grpcotel \"go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc\"\n)\nfunc main() {\n [...]\n\n s := grpc.NewServer(\n grpc.UnaryInterceptor(grpcotel.UnaryServerInterceptor()),\n grpc.StreamInterceptor(grpcotel.StreamServerInterceptor()),\n )\n}\n
It should be noted that if your program uses Grpc Client to call third-party services, you also need to add an interceptor to Grpc Client:
[...]\n\n conn, err := grpc.Dial(addr, grpc.WithTransportCredentials(insecure.NewCredentials()),\n grpc.WithUnaryInterceptor(otelgrpc.UnaryClientInterceptor()),\n grpc.WithStreamInterceptor(otelgrpc.StreamClientInterceptor()),\n )\n
"},{"location":"en/admin/insight/quickstart/otel/golang/golang.html#if-not-using-request-routing","title":"If not using request routing","text":"import (\n \"go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp\"\n)\n
Everywhere you pass http.Handler to ServeMux you will wrap the handler function. For example, the following replacements would be made:
- mux.Handle(\"/path\", h)\n+ mux.Handle(\"/path\", otelhttp.NewHandler(h, \"description of path\"))\n---\n- mux.Handle(\"/path\", http.HandlerFunc(f))\n+ mux.Handle(\"/path\", otelhttp.NewHandler(http.HandlerFunc(f), \"description of path\"))\n
In this way, you can ensure that each feature wrapped with othttp will automatically collect its metadata and start the proper trace.
"},{"location":"en/admin/insight/quickstart/otel/golang/golang.html#database-enhancements","title":"database enhancements","text":""},{"location":"en/admin/insight/quickstart/otel/golang/golang.html#golang-gorm","title":"Golang Gorm","text":"The OpenTelemetry community has also developed middleware for database access libraries, such as Gorm:
import (\n \"github.com/uptrace/opentelemetry-go-extra/otelgorm\"\n \"gorm.io/driver/sqlite\"\n \"gorm.io/gorm\"\n)\n\ndb, err := gorm.Open(sqlite.Open(\"file::memory:?cache=shared\"), &gorm.Config{})\nif err != nil {\n panic(err)\n}\n\notelPlugin := otelgorm.NewPlugin(otelgorm.WithDBName(\"mydb\"), # Missing this can lead to incomplete display of database related topology\n otelgorm.WithAttributes(semconv.ServerAddress(\"memory\"))) # Missing this can lead to incomplete display of database related topology\nif err := db.Use(otelPlugin); err != nil {\n panic(err)\n}\n
"},{"location":"en/admin/insight/quickstart/otel/golang/golang.html#custom-span","title":"Custom Span","text":"In many cases, the middleware provided by OpenTelemetry cannot help us record more internally called features, and we need to customize Span to record
\u00b7\u00b7\u00b7\u00b7\u00b7\u00b7\n _, span := otel.Tracer(\"GetServiceDetail\").Start(ctx,\n \"spanMetricDao.GetServiceDetail\",\n trace.WithSpanKind(trace.SpanKindInternal))\n defer span.End()\n \u00b7\u00b7\u00b7\u00b7\u00b7\u00b7\n
"},{"location":"en/admin/insight/quickstart/otel/golang/golang.html#add-custom-properties-and-custom-events-to-span","title":"Add custom properties and custom events to span","text":"It is also possible to set a custom attribute or tag as a span. To add custom properties and events, follow these steps:
"},{"location":"en/admin/insight/quickstart/otel/golang/golang.html#import-tracking-and-property-libraries","title":"Import Tracking and Property Libraries","text":"import (\n ...\n \"go.opentelemetry.io/otel/attribute\"\n \"go.opentelemetry.io/otel/trace\"\n)\n
"},{"location":"en/admin/insight/quickstart/otel/golang/golang.html#get-the-current-span-from-the-context","title":"Get the current Span from the context","text":"span := trace.SpanFromContext(c.Request.Context())\n
"},{"location":"en/admin/insight/quickstart/otel/golang/golang.html#set-properties-in-the-current-span","title":"Set properties in the current Span","text":"span.SetAttributes(attribute. String(\"controller\", \"books\"))\n
"},{"location":"en/admin/insight/quickstart/otel/golang/golang.html#add-an-event-to-the-current-span","title":"Add an Event to the current Span","text":"Adding span events is done using AddEvent on the span object.
span.AddEvent(msg)\n
"},{"location":"en/admin/insight/quickstart/otel/golang/golang.html#log-errors-and-exceptions","title":"Log errors and exceptions","text":"import \"go.opentelemetry.io/otel/codes\"\n\n// Get the current span\nspan := trace.SpanFromContext(ctx)\n\n// RecordError will automatically convert an error into a span even\nspan.RecordError(err)\n\n// Flag this span as an error\nspan.SetStatus(codes.Error, \"internal error\")\n
"},{"location":"en/admin/insight/quickstart/otel/golang/golang.html#references","title":"References","text":"For the Demo presentation, please refer to:
This article is intended for users who wish to evaluate or explore the developing OTLP metrics.
The OpenTelemetry project requires that APIs and SDKs must emit data in the OpenTelemetry Protocol (OTLP) for supported languages.
"},{"location":"en/admin/insight/quickstart/otel/golang/meter.html#for-golang-applications","title":"For Golang Applications","text":"Golang can expose runtime metrics through the SDK by adding the following methods to enable the metrics exporter within the application:
"},{"location":"en/admin/insight/quickstart/otel/golang/meter.html#install-required-dependencies","title":"Install Required Dependencies","text":"Navigate to your application\u2019s source folder and run the following command:
go get go.opentelemetry.io/otel \\\n go.opentelemetry.io/otel/attribute \\\n go.opentelemetry.io/otel/exporters/prometheus \\\n go.opentelemetry.io/otel/metric/global \\\n go.opentelemetry.io/otel/metric/instrument \\\n go.opentelemetry.io/otel/sdk/metric\n
"},{"location":"en/admin/insight/quickstart/otel/golang/meter.html#create-an-initialization-function-using-otel-sdk","title":"Create an Initialization Function Using OTel SDK","text":"import (\n .....\n\n \"go.opentelemetry.io/otel/attribute\"\n otelPrometheus \"go.opentelemetry.io/otel/exporters/prometheus\"\n \"go.opentelemetry.io/otel/metric/global\"\n \"go.opentelemetry.io/otel/metric/instrument\"\n \"go.opentelemetry.io/otel/sdk/metric/aggregator/histogram\"\n controller \"go.opentelemetry.io/otel/sdk/metric/controller/basic\"\n \"go.opentelemetry.io/otel/sdk/metric/export/aggregation\"\n processor \"go.opentelemetry.io/otel/sdk/metric/processor/basic\"\n selector \"go.opentelemetry.io/otel/sdk/metric/selector/simple\"\n)\n\nfunc (s *insightServer) initMeter() *otelPrometheus.Exporter {\n s.meter = global.Meter(\"xxx\")\n\n config := otelPrometheus.Config{\n DefaultHistogramBoundaries: []float64{1, 2, 5, 10, 20, 50},\n Gatherer: prometheus.DefaultGatherer,\n Registry: prometheus.NewRegistry(),\n Registerer: prometheus.DefaultRegisterer,\n }\n\n c := controller.New(\n processor.NewFactory(\n selector.NewWithHistogramDistribution(\n histogram.WithExplicitBoundaries(config.DefaultHistogramBoundaries),\n ),\n aggregation.CumulativeTemporalitySelector(),\n processor.WithMemory(true),\n ),\n )\n\n exporter, err := otelPrometheus.New(config, c)\n if err != nil {\n zap.S().Panicf(\"failed to initialize prometheus exporter %v\", err)\n }\n\n global.SetMeterProvider(exporter.MeterProvider())\n\n http.HandleFunc(\"/metrics\", exporter.ServeHTTP)\n\n go func() {\n _ = http.ListenAndServe(fmt.Sprintf(\":%d\", 8888), nil)\n }()\n\n zap.S().Info(\"Prometheus server running on \", fmt.Sprintf(\":%d\", port))\n return exporter\n}\n
The above method will expose a metrics endpoint for your application at: http://localhost:8888/metrics
.
Next, initialize it in main.go
:
func main() {\n // ...\n tp := initMeter()\n // ...\n}\n
If you want to add custom metrics, you can refer to the following:
// exposeClusterMetric exposes a metric like \"insight_logging_count{} 1\"\nfunc (s *insightServer) exposeLoggingMetric(lserver *log.LogService) {\n s.meter = global.Meter(\"insight.io/basic\")\n\n var lock sync.Mutex\n logCounter, err := s.meter.AsyncFloat64().Counter(\"insight_log_total\")\n if err != nil {\n zap.S().Panicf(\"failed to initialize instrument: %v\", err)\n }\n\n _ = s.meter.RegisterCallback([]instrument.Asynchronous{logCounter}, func(ctx context.Context) {\n lock.Lock()\n defer lock.Unlock()\n count, err := lserver.Count(ctx)\n if err == nil || count != -1 {\n logCounter.Observe(ctx, float64(count))\n }\n })\n}\n
Then, call this method in main.go
:
// ...\ns.exposeLoggingMetric(lservice)\n// ...\n
You can check if your metrics are working correctly by visiting http://localhost:8888/metrics
.
For Java applications, you can directly expose JVM-related metrics by using the OpenTelemetry agent with the following environment variable:
OTEL_METRICS_EXPORTER=prometheus\n
You can then check your metrics at http://localhost:8888/metrics
.
Next, combine it with a Prometheus ServiceMonitor
to complete the metrics integration. If you want to expose custom metrics, please refer to opentelemetry-java-docs/prometheus.
The process is mainly divided into two steps:
/*\n * Copyright The OpenTelemetry Authors\n * SPDX-License-Identifier: Apache-2.0\n */\n\npackage io.opentelemetry.example.prometheus;\n\nimport io.opentelemetry.api.metrics.MeterProvider;\nimport io.opentelemetry.exporter.prometheus.PrometheusHttpServer;\nimport io.opentelemetry.sdk.metrics.SdkMeterProvider;\nimport io.opentelemetry.sdk.metrics.export.MetricReader;\n\npublic final class ExampleConfiguration {\n\n /**\n * Initializes the Meter SDK and configures the Prometheus collector with all default settings.\n *\n * @param prometheusPort the port to open up for scraping.\n * @return A MeterProvider for use in instrumentation.\n */\n static MeterProvider initializeOpenTelemetry(int prometheusPort) {\n MetricReader prometheusReader = PrometheusHttpServer.builder().setPort(prometheusPort).build();\n\n return SdkMeterProvider.builder().registerMetricReader(prometheusReader).build();\n }\n}\n
package io.opentelemetry.example.prometheus;\n\nimport io.opentelemetry.api.common.Attributes;\nimport io.opentelemetry.api.metrics.Meter;\nimport io.opentelemetry.api.metrics.MeterProvider;\nimport java.util.concurrent.ThreadLocalRandom;\n\n/**\n * Example of using the PrometheusHttpServer to convert OTel metrics to Prometheus format and expose\n * these to a Prometheus instance via a HttpServer exporter.\n *\n * <p>A Gauge is used to periodically measure how many incoming messages are awaiting processing.\n * The Gauge callback gets executed every collection interval.\n */\npublic final class PrometheusExample {\n private long incomingMessageCount;\n\n public PrometheusExample(MeterProvider meterProvider) {\n Meter meter = meterProvider.get(\"PrometheusExample\");\n meter\n .gaugeBuilder(\"incoming.messages\")\n .setDescription(\"No of incoming messages awaiting processing\")\n .setUnit(\"message\")\n .buildWithCallback(result -> result.record(incomingMessageCount, Attributes.empty()));\n }\n\n void simulate() {\n for (int i = 500; i > 0; i--) {\n try {\n System.out.println(\n i + \" Iterations to go, current incomingMessageCount is: \" + incomingMessageCount);\n incomingMessageCount = ThreadLocalRandom.current().nextLong(100);\n Thread.sleep(1000);\n } catch (InterruptedException e) {\n // ignored here\n }\n }\n }\n\n public static void main(String[] args) {\n int prometheusPort = 8888;\n\n // It is important to initialize the OpenTelemetry SDK as early as possible in your process.\n MeterProvider meterProvider = ExampleConfiguration.initializeOpenTelemetry(prometheusPort);\n\n PrometheusExample prometheusExample = new PrometheusExample(meterProvider);\n\n prometheusExample.simulate();\n\n System.out.println(\"Exiting\");\n }\n}\n
After running the Java application, you can check if your metrics are working correctly by visiting http://localhost:8888/metrics
.
Lastly, it is important to note that you have exposed metrics in your application, and now you need Insight to collect those metrics.
The recommended way to expose metrics is via ServiceMonitor or PodMonitor.
"},{"location":"en/admin/insight/quickstart/otel/golang/meter.html#creating-servicemonitorpodmonitor","title":"Creating ServiceMonitor/PodMonitor","text":"The added ServiceMonitor/PodMonitor needs to have the label operator.insight.io/managed-by: insight
for the Operator to recognize it:
apiVersion: monitoring.coreos.com/v1\nkind: ServiceMonitor\nmetadata:\n name: example-app\n labels:\n operator.insight.io/managed-by: insight\nspec:\n selector:\n matchLabels:\n app: example-app\n endpoints:\n - port: web\n namespaceSelector:\n any: true\n
"},{"location":"en/admin/insight/quickstart/otel/java/index.html","title":"Start Monitoring Java Applications","text":"For accessing and monitoring Java application links, please refer to the document Implementing Non-Intrusive Enhancements for Applications via Operator, which explains how to automatically integrate links through annotations.
Monitoring the JVM of Java applications: How Java applications that have already exposed JVM metrics and those that have not yet exposed JVM metrics can connect with observability Insight.
If your Java application has not yet started exposing JVM metrics, you can refer to the following documents:
If your Java application has already exposed JVM metrics, you can refer to the following document:
Writing TraceId and SpanId into Java Application Logs to correlate link data with log data.
This article explains how to automatically write TraceId and SpanId into Java application logs using OpenTelemetry. By including TraceId and SpanId in your logs, you can correlate distributed tracing data with log data, enabling more efficient fault diagnosis and performance analysis.
"},{"location":"en/admin/insight/quickstart/otel/java/mdc.html#supported-logging-libraries","title":"Supported Logging Libraries","text":"For more information, please refer to the Logger MDC auto-instrumentation.
Logging Framework Supported Automatic Instrumentation Versions Dependencies Required for Manual Instrumentation Log4j 1 1.2+ None Log4j 2 2.7+ opentelemetry-log4j-context-data-2.17-autoconfigure Logback 1.0+ opentelemetry-logback-mdc-1.0"},{"location":"en/admin/insight/quickstart/otel/java/mdc.html#using-logback-spring-boot-project","title":"Using Logback (Spring Boot Project)","text":"Spring Boot projects come with a built-in logging framework and use Logback as the default logging implementation. If your Java project is a Spring Boot project, you can write TraceId into logs with minimal configuration.
Set logging.pattern.level
in application.properties
, adding %mdc{trace_id}
and %mdc{span_id}
to the logs.
logging.pattern.level=trace_id=%mdc{trace_id} span_id=%mdc{span_id} %5p ....omited...\n
Here is an example of the logs:
2024-06-26 10:56:31.200 trace_id=8f7ebd8a73f9a8f50e6a00a87a20952a span_id=1b08f18b8858bb9a INFO 53724 --- [nio-8081-exec-1] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring DispatcherServlet 'dispatcherServlet'\n2024-06-26 10:56:31.201 trace_id=8f7ebd8a73f9a8f50e6a00a87a20952a span_id=1b08f18b8858bb9a INFO 53724 --- [nio-8081-exec-1] o.s.web.servlet.DispatcherServlet : Initializing Servlet 'dispatcherServlet'\n2024-06-26 10:56:31.209 trace_id=8f7ebd8a73f9a8f50e6a00a87a20952a span_id=1b08f18b8858bb9a INFO 53724 --- [nio-8081-exec-1] o.s.web.servlet.DispatcherServlet : Completed initialization in 8 ms\n2024-06-26 10:56:31.296 trace_id=8f7ebd8a73f9a8f50e6a00a87a20952a span_id=5743699405074f4e INFO 53724 --- [nio-8081-exec-1] com.example.httpserver.ot.OTServer : hello world\n
"},{"location":"en/admin/insight/quickstart/otel/java/mdc.html#using-log4j2","title":"Using Log4j2","text":"Add OpenTelemetry Log4j2
dependency in pom.xml
:
Tip
Please replace OPENTELEMETRY_VERSION
with the latest version.
<dependencies>\n <dependency>\n <groupId>io.opentelemetry.instrumentation</groupId>\n <artifactId>opentelemetry-log4j-context-data-2.17-autoconfigure</artifactId>\n <version>OPENTELEMETRY_VERSION</version>\n <scope>runtime</scope>\n </dependency>\n</dependencies>\n
Modify the log4j2.xml
configuration, adding %X{trace_id}
and %X{span_id}
in the pattern
to automatically write TraceId and SpanId into the logs:
<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<Configuration>\n <Appenders>\n <Console name=\"Console\" target=\"SYSTEM_OUT\">\n <PatternLayout\n pattern=\"%d{HH:mm:ss.SSS} [%t] %-5level %logger{36} trace_id=%X{trace_id} span_id=%X{span_id} trace_flags=%X{trace_flags} - %msg%n\"/>\n </Console>\n </Appenders>\n <Loggers>\n <Root>\n <AppenderRef ref=\"Console\" level=\"All\"/>\n </Root>\n </Loggers>\n</Configuration>\n
If using Logback, add OpenTelemetry Logback
dependency in pom.xml
.
Tip
Please replace OPENTELEMETRY_VERSION
with the latest version.
<dependencies>\n <dependency>\n <groupId>io.opentelemetry.instrumentation</groupId>\n <artifactId>opentelemetry-logback-mdc-1.0</artifactId>\n <version>OPENTELEMETRY_VERSION</version>\n </dependency>\n</dependencies>\n
Modify the log4j2.xml
configuration, adding %X{trace_id}
and %X{span_id}
in the pattern
to automatically write TraceId and SpanId into the logs:
<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<configuration>\n <appender name=\"CONSOLE\" class=\"ch.qos.logback.core.ConsoleAppender\">\n <encoder>\n <pattern>%d{HH:mm:ss.SSS} trace_id=%X{trace_id} span_id=%X{span_id} trace_flags=%X{trace_flags} %msg%n</pattern>\n </encoder>\n </appender>\n\n <!-- Just wrap your logging appender, for example ConsoleAppender, with OpenTelemetryAppender -->\n <appender name=\"OTEL\" class=\"io.opentelemetry.instrumentation.logback.mdc.v1_0.OpenTelemetryAppender\">\n <appender-ref ref=\"CONSOLE\"/>\n </appender>\n\n <!-- Use the wrapped \"OTEL\" appender instead of the original \"CONSOLE\" one -->\n <root level=\"INFO\">\n <appender-ref ref=\"OTEL\"/>\n </root>\n\n</configuration>\n
JMX Exporter provides two usage methods:
Note
The official recommendation is not to use the first method due to its complex configuration and the requirement for a separate process, which introduces additional monitoring challenges. Therefore, this article focuses on the second method, detailing how to use JMX Exporter to expose JVM monitoring metrics in a Kubernetes environment.
In this method, you need to specify the JMX Exporter jar file and configuration file when starting the JVM. Since the jar file is a binary file that is not ideal for mounting via a configmap, and the configuration file typically does not require modifications, it is recommended to package both the JMX Exporter jar file and the configuration file directly into the business container image.
For the second method, you can choose to include the JMX Exporter jar file in the application image or mount it during deployment. Below are explanations for both approaches:
"},{"location":"en/admin/insight/quickstart/otel/java/jvm-monitor/jmx-exporter.html#method-1-building-jmx-exporter-jar-file-into-the-business-image","title":"Method 1: Building JMX Exporter JAR File into the Business Image","text":"The content of prometheus-jmx-config.yaml
is as follows:
...\nssl: false\nlowercaseOutputName: false\nlowercaseOutputLabelNames: false\nrules:\n- pattern: \".*\"\n
Note
For more configuration options, please refer to the introduction at the bottom or Prometheus official documentation.
Next, prepare the jar file. You can find the latest jar download link on the jmx_exporter GitHub page and refer to the following Dockerfile:
FROM openjdk:11.0.15-jre\nWORKDIR /app/\nCOPY target/my-app.jar ./\nCOPY prometheus-jmx-config.yaml ./\nRUN set -ex; \\\n curl -L -O https://repo1.maven.org/maven2/io/prometheus/jmx/jmx_prometheus_javaagent/0.17.2/jmx_prometheus_javaagent-0.17.2.jar;\nENV JAVA_TOOL_OPTIONS=-javaagent:/app/jmx_prometheus_javaagent-0.17.2.jar=8088:/app/prometheus-jmx-config.yaml\nEXPOSE 8081 8999 8080 8888\nENTRYPOINT java $JAVA_OPTS -jar my-app.jar\n
Note:
-javaagent:=:
First, we need to create a Docker image for the JMX Exporter. The following Dockerfile is for reference:
FROM alpine/curl:3.14\nWORKDIR /app/\n# Copy the previously created config file into the image\nCOPY prometheus-jmx-config.yaml ./\n# Download the jmx prometheus javaagent jar online\nRUN set -ex; \\\n curl -L -O https://repo1.maven.org/maven2/io/prometheus/jmx/jmx_prometheus_javaagent/0.17.2/jmx_prometheus_javaagent-0.17.2.jar;\n
Build the image using the above Dockerfile: docker build -t my-jmx-exporter .
Add the following init container to the Java application deployment YAML:
Click to expand YAML fileapiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: my-demo-app\n labels:\n app: my-demo-app\nspec:\n selector:\n matchLabels:\n app: my-demo-app\n template:\n metadata:\n labels:\n app: my-demo-app\n spec:\n imagePullSecrets:\n - name: registry-pull\n initContainers:\n - name: jmx-sidecar\n image: my-jmx-exporter\n command: [\"cp\", \"-r\", \"/app/jmx_prometheus_javaagent-0.17.2.jar\", \"/target/jmx_prometheus_javaagent-0.17.2.jar\"] \u278a\n volumeMounts:\n - name: sidecar\n mountPath: /target\n containers:\n - image: my-demo-app-image\n name: my-demo-app\n resources:\n requests:\n memory: \"1000Mi\"\n cpu: \"500m\"\n limits:\n memory: \"1000Mi\"\n cpu: \"500m\"\n ports:\n - containerPort: 18083\n env:\n - name: JAVA_TOOL_OPTIONS\n value: \"-javaagent:/app/jmx_prometheus_javaagent-0.17.2.jar=8088:/app/prometheus-jmx-config.yaml\" \u278b\n volumeMounts:\n - name: host-time\n mountPath: /etc/localtime\n readOnly: true\n - name: sidecar\n mountPath: /sidecar\n volumes:\n - name: host-time\n hostPath:\n path: /etc/localtime\n - name: sidecar # Shared agent folder\n emptyDir: {}\n restartPolicy: Always\n
With the above modifications, the example application my-demo-app
now has the capability to expose JVM metrics. After running the service, you can access the Prometheus formatted metrics at http://localhost:8088
.
Next, you can refer to Connecting Existing JVM Metrics of Java Applications to Observability.
"},{"location":"en/admin/insight/quickstart/otel/java/jvm-monitor/legacy-jvm.html","title":"Integrating Existing JVM Metrics of Java Applications with Observability","text":"If your Java application exposes JVM monitoring metrics through other means (such as Spring Boot Actuator), you will need to ensure that the monitoring data is collected. You can achieve this by adding annotations (Kubernetes Annotations) to your workload to allow Insight to scrape the existing JVM metrics:
annotations: \n insight.opentelemetry.io/metric-scrape: \"true\" # Whether to scrape\n insight.opentelemetry.io/metric-path: \"/\" # Path to scrape metrics\n insight.opentelemetry.io/metric-port: \"9464\" # Port to scrape metrics\n
For example, to add annotations to the my-deployment-app:
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: my-deployment-app\nspec:\n selector:\n matchLabels:\n app: my-deployment-app\n app.kubernetes.io/name: my-deployment-app\n replicas: 1\n template:\n metadata:\n labels:\n app: my-deployment-app\n app.kubernetes.io/name: my-deployment-app\n annotations:\n insight.opentelemetry.io/metric-scrape: \"true\" # Whether to scrape\n insight.opentelemetry.io/metric-path: \"/\" # Path to scrape metrics\n insight.opentelemetry.io/metric-port: \"9464\" # Port to scrape metrics\n
Here is a complete example:
---\napiVersion: v1\nkind: Service\nmetadata:\n name: spring-boot-actuator-prometheus-metrics-demo\nspec:\n type: NodePort\n selector:\n app.kubernetes.io/name: spring-boot-actuator-prometheus-metrics-demo\n ports:\n - name: http\n port: 8080\n---\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: spring-boot-actuator-prometheus-metrics-demo\nspec:\n selector:\n matchLabels:\n app.kubernetes.io/name: spring-boot-actuator-prometheus-metrics-demo\n replicas: 1\n template:\n metadata:\n labels:\n app.kubernetes.io/name: spring-boot-actuator-prometheus-metrics-demo\n annotations:\n insight.opentelemetry.io/metric-scrape: \"true\" # Whether to scrape\n insight.opentelemetry.io/metric-path: \"/actuator/prometheus\" # Path to scrape metrics\n insight.opentelemetry.io/metric-port: \"8080\" # Port to scrape metrics\n spec:\n containers:\n - name: myapp\n image: docker.m.daocloud.io/wutang/spring-boot-actuator-prometheus-metrics-demo\n ports:\n - name: http\n containerPort: 8080\n resources:\n limits:\n cpu: 500m\n memory: 800Mi\n requests:\n cpu: 200m\n memory: 400Mi\n
In the above example, Insight will scrape the Prometheus metrics exposed through Spring Boot Actuator via http://<service-ip>:8080/actuator/prometheus
.
Starting from OpenTelemetry Agent v1.20.0 and later, the OpenTelemetry Agent has introduced the JMX Metric Insight module. If your application is already integrated with the OpenTelemetry Agent for tracing, you no longer need to introduce another agent to expose JMX metrics for your application. The OpenTelemetry Agent collects and exposes metrics by detecting the locally available MBeans in the application.
The OpenTelemetry Agent also provides built-in monitoring examples for common Java servers or frameworks. Please refer to the Predefined Metrics.
When using the OpenTelemetry Java Agent, you also need to consider how to mount the JAR into the container. In addition to the methods for mounting the JAR file as described with the JMX Exporter, you can leverage the capabilities provided by the OpenTelemetry Operator to automatically enable JVM metrics exposure for your application.
If your application is already integrated with the OpenTelemetry Agent for tracing, you do not need to introduce another agent to expose JMX metrics. The OpenTelemetry Agent can now locally collect and expose metrics interfaces by detecting the locally available MBeans in the application.
However, as of the current version, you still need to manually add the appropriate annotations to your application for the JVM data to be collected by Insight. For specific annotation content, please refer to Integrating Existing JVM Metrics of Java Applications with Observability.
"},{"location":"en/admin/insight/quickstart/otel/java/jvm-monitor/otel-java-agent.html#exposing-metrics-for-java-middleware","title":"Exposing Metrics for Java Middleware","text":"The OpenTelemetry Agent also includes built-in examples for monitoring middleware. Please refer to the Predefined Metrics.
By default, no specific types are designated; you need to specify them using the -Dotel.jmx.target.system
JVM options, for example, -Dotel.jmx.target.system=jetty,kafka-broker
.
Gaining JMX Metric Insights with the OpenTelemetry Java Agent
Otel JMX Metrics
Although the OpenShift system comes with a monitoring system, we will still install Insight Agent because of some rules in the data collection agreement.
Among them, in addition to the basic installation configuration, the following parameters need to be added during helm install:
## Parameters related to fluentbit;\n--set fluent-bit.ocp.enabled=true \\\n--set fluent-bit.serviceAccount.create=false \\\n--set fluent-bit.securityContext.runAsUser=0 \\\n--set fluent-bit.securityContext.seLinuxOptions.type=spc_t \\\n--set fluent-bit.securityContext.readOnlyRootFilesystem=false \\\n--set fluent-bit.securityContext.allowPrivilegeEscalation=false \\\n\n## Enable Prometheus(CR) for OpenShift4.x\n--set compatibility.openshift.prometheus.enabled=true \\\n\n## Close the Prometheus instance of the higher version\n--set kube-prometheus-stack.prometheus.enabled=false \\\n--set kube-prometheus-stack.kubeApiServer.enabled=false \\\n--set kube-prometheus-stack.kubelet.enabled=false \\\n--set kube-prometheus-stack.kubeControllerManager.enabled=false \\\n--set kube-prometheus-stack.coreDns.enabled=false \\\n--set kube-prometheus-stack.kubeDns.enabled=false \\\n--set kube-prometheus-stack.kubeEtcd.enabled=false \\\n--set kube-prometheus-stack.kubeEtcd.enabled=false \\\n--set kube-prometheus-stack.kubeScheduler.enabled=false \\\n--set kube-prometheus-stack.kubeStateMetrics.enabled=false \\\n--set kube-prometheus-stack.nodeExporter.enabled=false \\\n\n## Limit the namespace processed by PrometheusOperator to avoid competition with OpenShift's own PrometheusOperator\n--set kube-prometheus-stack.prometheusOperator.kubeletService.namespace=\"insight-system\" \\\n--set kube-prometheus-stack.prometheusOperator.prometheusInstanceNamespaces=\"insight-system\" \\\n--set kube-prometheus-stack.prometheusOperator.denyNamespaces[0]=\"openshift-monitoring\" \\\n--set kube-prometheus-stack.prometheusOperator.denyNamespaces[1]=\"openshift-user-workload-monitoring\" \\\n--set kube-prometheus-stack.prometheusOperator.denyNamespaces[2]=\"openshift-customer-monitoring\" \\\n--set kube-prometheus-stack.prometheusOperator.denyNamespaces[3]=\"openshift-route-monitor-operator\" \\\n
"},{"location":"en/admin/insight/quickstart/other/install-agent-on-ocp.html#write-system-monitoring-data-into-prometheus-through-openshifts-own-mechanism","title":"Write system monitoring data into Prometheus through OpenShift's own mechanism","text":"apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: cluster-monitoring-config\n namespace: openshift-monitoring\ndata:\n config.yaml: |\n prometheusK8s:\n remoteWrite:\n - queueConfig:\n batchSendDeadline: 60s\n maxBackoff: 5s\n minBackoff: 30ms\n minShards: 1\n capacity: 5000\n maxSamplesPerSend: 1000\n maxShards: 100\n remoteTimeout: 30s\n url: http://insight-agent-prometheus.insight-system.svc.cluster.local:9090/api/v1/write\n writeRelabelConfigs:\n - action: keep\n regex: etcd|kubelet|node-exporter|apiserver|kube-state-metrics\n sourceLabels:\n - job\n
"},{"location":"en/admin/insight/quickstart/res-plan/modify-vms-disk.html","title":"vmstorage Disk Expansion","text":"This article describes the method for expanding the vmstorage disk. Please refer to the vmstorage disk capacity planning for the specifications of the vmstorage disk.
"},{"location":"en/admin/insight/quickstart/res-plan/modify-vms-disk.html#procedure","title":"Procedure","text":""},{"location":"en/admin/insight/quickstart/res-plan/modify-vms-disk.html#enable-storageclass-expansion","title":"Enable StorageClass expansion","text":"Log in to the AI platform as a global service cluster administrator. Click Container Management -> Clusters and go to the details of the kpanda-global-cluster cluster.
Select the left navigation menu Container Storage -> PVCs and find the PVC bound to the vmstorage.
Click a vmstorage PVC to enter the details of the volume claim for vmstorage and confirm the StorageClass that the PVC is bound to.
Select the left navigation menu Container Storage -> Storage Class and find local-path . Click the \u2507 on the right side of the target and select Edit in the popup menu.
Enable Scale Up and click OK .
Log in to the AI platform as a global service cluster administrator and go to the details of the kpanda-global-cluster cluster.
Select the left navigation menu CRDs and find the custom resource for vmcluster .
Click the custom resource for vmcluster to enter the details page, switch to the insight-system namespace, and select Edit YAML from the right menu of insight-victoria-metrics-k8s-stack .
Modify according to the legend and click OK .
Select the left navigation menu Container Storage -> PVCs again and find the volume claim bound to vmstorage. Confirm that the modification has taken effect. In the details page of a PVC, click the associated storage source (PV).
Open the volume details page and click the Update button in the upper right corner.
After modifying the Capacity , click OK and wait for a moment until the expansion is successful.
If the storage volume expansion fails, you can refer to the following method to clone the storage volume.
Log in to the AI platform as a global service cluster administrator and go to the details of the kpanda-global-cluster cluster.
Select the left navigation menu Workloads -> StatefulSets and find the statefulset for vmstorage . Click the \u2507 on the right side of the target and select Status -> Stop -> OK in the popup menu.
After logging into the master node of the kpanda-global-cluster cluster in the command line, run the following command to copy the vm-data directory in the vmstorage container to store the metric information locally:
kubectl cp -n insight-system vmstorage-insight-victoria-metrics-k8s-stack-1:vm-data ./vm-data\n
Log in to the AI platform and go to the details of the kpanda-global-cluster cluster. Select the left navigation menu Container Storage -> PVs , click Clone in the upper right corner, and modify the capacity of the volume.
Delete the previous data volume of vmstorage.
Wait for a moment until the volume claim is bound to the cloned data volume, then run the following command to import the exported data from step 3 into the proper container, and then start the previously paused vmstorage .
kubectl cp -n insight-system ./vm-data vmstorage-insight-victoria-metrics-k8s-stack-1:vm-data\n
In the actual use of Prometheus, affected by the number of cluster containers and the opening of Istio, the CPU, memory and other resource usage of Prometheus will exceed the set resources.
In order to ensure the normal operation of Prometheus in clusters of different sizes, it is necessary to adjust the resources of Prometheus according to the actual size of the cluster.
"},{"location":"en/admin/insight/quickstart/res-plan/prometheus-res.html#reference-resource-planning","title":"Reference resource planning","text":"In the case that the mesh is not enabled, the test statistics show that the relationship between the system Job index and pods is Series count = 800 * pod count
When the service mesh is enabled, the magnitude of the Istio-related metrics generated by the pod after the feature is enabled is Series count = 768 * pod count
"},{"location":"en/admin/insight/quickstart/res-plan/prometheus-res.html#when-the-service-mesh-is-not-enabled","title":"When the service mesh is not enabled","text":"The following resource planning is recommended by Prometheus when the service mesh is not enabled :
Cluster size (pod count) Metrics (service mesh is not enabled) CPU (core) Memory (GB) 100 8w Request: 0.5Limit: 1 Request: 2GBLimit: 4GB 200 16w Request: 1Limit: 1.5 Request: 3GBLimit: 6GB 300 24w Request: 1Limit: 2 Request: 3GBLimit: 6GB 400 32w Request: 1Limit: 2 Request: 4GBLimit: 8GB 500 40w Request: 1.5Limit: 3 Request: 5GBLimit: 10GB 800 64w Request: 2Limit: 4 Request: 8GBLimit: 16GB 1000 80w Request: 2.5Limit: 5 Request: 9GBLimit: 18GB 2000 160w Request: 3.5Limit: 7 Request: 20GBLimit: 40GB 3000 240w Request: 4Limit: 8 Request: 33GBLimit: 66GB"},{"location":"en/admin/insight/quickstart/res-plan/prometheus-res.html#when-the-service-mesh-feature-is-enabled","title":"When the service mesh feature is enabled","text":"The following resource planning is recommended by Prometheus in the scenario of starting the service mesh:
Cluster size (pod count) metric volume (service mesh enabled) CPU (core) Memory (GB) 100 15w Request: 1Limit: 2 Request: 3GBLimit: 6GB 200 31w Request: 2Limit: 3 Request: 5GBLimit: 10GB 300 46w Request: 2Limit: 4 Request: 6GBLimit: 12GB 400 62w Request: 2Limit: 4 Request: 8GBLimit: 16GB 500 78w Request: 3Limit: 6 Request: 10GBLimit: 20GB 800 125w Request: 4Limit: 8 Request: 15GBLimit: 30GB 1000 156w Request: 5Limit: 10 Request: 18GBLimit: 36GB 2000 312w Request: 7Limit: 14 Request: 40GBLimit: 80GB 3000 468w Request: 8Limit: 16 Request: 65GBLimit: 130GBNote
vmstorage is responsible for storing multicluster metrics for observability. In order to ensure the stability of vmstorage, it is necessary to adjust the disk capacity of vmstorage according to the number of clusters and the size of the cluster. For more information, please refer to vmstorage retention period and disk space.
"},{"location":"en/admin/insight/quickstart/res-plan/vms-res-plan.html#test-results","title":"Test Results","text":"After 14 days of disk observation of vmstorage of clusters of different sizes, We found that the disk usage of vmstorage was positively correlated with the amount of metrics it stored and the disk usage of individual data points.
Disk usage = Instantaneous metrics x 2 x disk usage for a single data point x 60 x 24 x storage time (days)
Parameter Description:
Warning
This formula is a general solution, and it is recommended to reserve redundant disk capacity on the calculation result to ensure the normal operation of vmstorage.
"},{"location":"en/admin/insight/quickstart/res-plan/vms-res-plan.html#reference-capacity","title":"reference capacity","text":"The data in the table is calculated based on the default storage time of one month (30 days), and the disk usage of a single data point (datapoint) is calculated as 0.9. In a multicluster scenario, the number of Pods represents the sum of the number of Pods in the multicluster.
"},{"location":"en/admin/insight/quickstart/res-plan/vms-res-plan.html#when-the-service-mesh-is-not-enabled","title":"When the service mesh is not enabled","text":"Cluster size (number of Pods) Metrics Disk capacity 100 8W 6 GiB 200 16W 12 GiB 300 24w 18 GiB 400 32w 24 GiB 500 40w 30 GiB 800 64w 48 GiB 1000 80W 60 GiB 2000 160w 120 GiB 3000 240w 180 GiB"},{"location":"en/admin/insight/quickstart/res-plan/vms-res-plan.html#when-the-service-mesh-is-enabled","title":"When the service mesh is enabled","text":"Cluster size (number of Pods) Metrics Disk capacity 100 15W 12 GiB 200 31w 24 GiB 300 46w 36 GiB 400 62w 48 GiB 500 78w 60 GiB 800 125w 94 GiB 1000 156w 120 GiB 2000 312w 235 GiB 3000 468w 350 GiB"},{"location":"en/admin/insight/quickstart/res-plan/vms-res-plan.html#example","title":"Example","text":"There are two clusters in the AI platform, of which 500 Pods are running in the global management cluster (service mesh is turned on), and 1000 Pods are running in the worker cluster (service mesh is not turned on), and the expected metrics are stored for 30 days.
Then the current vmstorage disk usage should be set to (784000+80000)x2x0.9x60x24x31 =124384896000 byte = 116 GiB
Note
For the relationship between the number of metrics and the number of Pods in the cluster, please refer to Prometheus Resource Planning.
"},{"location":"en/admin/insight/reference/alertnotification.html","title":"Alert Notification Process Description","text":"When configuring an alert policy in Insight, you have the ability to set different notification sending intervals for alerts triggered at different levels within the same policy. However, due to the presence of two parameters, group_interval and repeat_interval , in the native Alertmanager configuration, the actual intervals for sending alert notifications may deviate.
"},{"location":"en/admin/insight/reference/alertnotification.html#parameter-configuration","title":"Parameter Configuration","text":"In the Alertmanager configuration, set the following parameters:
route: \n group_by: [\"rulename\"]\n group_wait: 30s\n group_interval: 5m\n repeat_interval: 1h\n
Parameter descriptions:
group_wait : Specifies the waiting time before sending alert notifications. When Alertmanager receives a group of alerts, if no further alerts are received within the duration specified by group_wait , Alertmanager waits for a certain amount of time to collect additional alerts with the same labels and content. It then includes all qualifying alerts in the same notification.
group_interval : Determines the waiting time before merging a group of alerts into a single notification. If no more alerts from the same group are received during this period, Alertmanager sends a notification containing all received alerts.
repeat_interval : Sets the interval for resending alert notifications. After Alertmanager sends an alert notification to a receiver, if it continues to receive alerts with the same labels and content within the duration specified by repeat_interval , Alertmanager will resend the alert notification.
When the group_wait , group_interval , and repeat_interval parameters are set simultaneously, Alertmanager handles alert notifications under the same group as follows:
When Alertmanager receives qualifying alerts, it waits for at least the duration specified in the group_wait parameter to collect additional alerts with the same labels and content. It includes all qualifying alerts in the same notification.
If no further alerts are received during the group_wait duration, Alertmanager sends all received alerts to the receiver after that time. If additional qualifying alerts arrive during this period, Alertmanager continues to wait until all alerts are collected or a timeout occurs.
If more alerts with the same labels and content are received within the group_interval parameter, these new alerts are merged into the previous notification and sent together. If there are still unsent alerts after the group_interval duration, Alertmanager starts a new timing cycle and waits for more alerts until the group_interval duration is reached again or new alerts are received.
If Alertmanager keeps receiving alerts with the same labels and content within the duration specified by repeat_interval , it will resend the previously sent alert notifications. When resending alert notifications, Alertmanager does not wait for group_wait or group_interval , but sends notifications repeatedly according to the time interval specified by repeat_interval .
If there are still unsent alerts after the repeat_interval duration, Alertmanager starts a new timing cycle and continues to wait for new alerts with the same labels and content. This process continues until there are no new alerts or Alertmanager is stopped.
In the following example, Alertmanager assigns all alerts with CPU usage above the threshold to a policy named \"critical_alerts\".
groups:\n- name: critical_alerts\n rules:\n - alert: HighCPUUsage\n expr: node_cpu_seconds_total{mode=\"idle\"} < 50\n for: 5m\n labels:\n severity: critical\n annotations:\n summary: \"High CPU usage detected on instance {{ $labels.instance }}\"\n group_by: [rulename]\n group_wait: 30s\n group_interval: 5m\n repeat_interval: 1h\n
In this case:
When Alertmanager receives an alert, it waits for at least 30 seconds to collect additional alerts with the same labels and content, and includes them in the same notification.
If more alerts with the same labels and content are received within 5 minutes, these new alerts are merged into the previous notification and sent together. If there are still unsent alerts after 15 minutes, Alertmanager starts a new timing cycle and waits for more alerts until 5 minutes have passed or new alerts are received.
If Alertmanager continues to receive alerts with the same labels and content within 1 hour, it will resend the previously sent alert notifications.
Lucene is a subproject of Apache Software Foundation's Jakarta project and is an open-source full-text search engine toolkit. The purpose of Lucene is to provide software developers with a simple and easy-to-use toolkit for implementing full-text search functionality in their target systems.
"},{"location":"en/admin/insight/reference/lucene.html#lucene-syntax","title":"Lucene Syntax","text":"Lucene's syntax allows you to construct search queries in a flexible way to meet different search requirements. Here is a detailed explanation of Lucene's syntax:
"},{"location":"en/admin/insight/reference/lucene.html#keyword-queries","title":"Keyword Queries","text":"To perform searches with multiple keywords using Lucene syntax, you can use Boolean logical operators to combine multiple keywords. Lucene supports the following operators:
AND operator
OR operator
NOT operator
Quotes
Specify fields
field1:keyword1 AND (field2:keyword2 OR field3:keyword3) NOT field4:keyword4\n
Explanation:
Not specify fields
keyword1 AND (keyword2 OR keyword3) NOT keyword4\n
Explanation:
In Lucene, fuzzy queries can be performed using the tilde ( ~ ) operator for approximate matching. You can specify an edit distance to limit the degree of similarity in the matches.
term~\n
In the above example, term is the keyword to perform a fuzzy match on.
Please note the following:
Lucene supports the following wildcard queries:
*
wildcard: Used to match zero or more characters.
For example, te*t can match \"test\", \"text\", and \"tempest\".
?
wildcard: Used to match a single character.
For example, te?t can match \"test\" and \"text\".
te?t\n
In the above example, te?t represents a word that starts with \"te\", followed by any single character, and ends with \"t\". This query can match words like \"test\", \"text\", and \"tent\".
It is important to note that the question mark ( ?
) represents only a single character. If you want to match multiple characters or varying lengths of characters, you can use the asterisk ( *
) for multi-character wildcard matching. Additionally, the question mark will not match an empty string.
To summarize, in Lucene syntax, the question mark ( ?
) is used as a single-character wildcard to match any single character. By using the question mark in your search keywords, you can perform more flexible and specific pattern matching.
Lucene syntax supports range queries, where you can use square brackets [ ] or curly braces { } to represent a range. Here are examples of range queries:
Inclusive boundary range query:
Exclusive boundary range query:
Omitted boundary range query:
Note
Please note that range queries are applicable only to fields that can be sorted, such as numeric fields and date fields. Also, ensure that you correctly specify the boundary values as the actual value type of the field in your query. If you want to perform a range query across the entire index without specifying a specific field, you can use the wildcard query *
instead of a field name.
Specify a field
timestamp:[2022-01-01 TO 2022-01-31]\n
This will retrieve data where the timestamp field falls within the range from January 1, 2022, to January 31, 2022.
Not specify a field
*:[value1 TO value2]\n
This will search the entire index for documents with values ranging from value1 to value2 .
If you want to accurately match a specific value, you can add a .keyword
suffix after the keyword, e.g. kubernetes.containername.keyword
.
Query container logs of the specified container in the specified Pod
kubernetes.pod_name.keyword:nginx-pod AND kubernetes.container_name.keyword:nginx\n
2. Query container logs containing 'nginx pod' in the Pod name kubernetes.pod_name:nginx-pod\n
The alert notification template uses Go Template syntax to render the template.
The template will be rendered based on the following data.
{\n \"status\": \"firing\",\n \"labels\": {\n \"alertgroup\": \"test-group\", // Alert policy name\n \"alertname\": \"test-rule\", // Alert rule name\n \"cluster\": \"35b54a48-b66c-467b-a8dc-503c40826330\",\n \"customlabel1\": \"v1\",\n \"customlabel2\": \"v2\",\n \"endpoint\": \"https\",\n \"group_id\": \"01gypg06fcdf7rmqc4ksv97646\",\n \"instance\": \"10.6.152.85:6443\",\n \"job\": \"apiserver\",\n \"namespace\": \"default\",\n \"prometheus\": \"insight-system/insight-agent-kube-prometh-prometheus\",\n \"prometheus_replica\": \"prometheus-insight-agent-kube-prometh-prometheus-0\",\n \"rule_id\": \"01gypg06fcyn2g9zyehbrvcdfn\",\n \"service\": \"kubernetes\",\n \"severity\": \"critical\",\n \"target\": \"35b54a48-b66c-467b-a8dc-503c40826330\",\n \"target_type\": \"cluster\"\n },\n \"annotations\": {\n \"customanno1\": \"v1\",\n \"customanno2\": \"v2\",\n \"description\": \"This is a test rule, 10.6.152.85:6443 down\",\n \"value\": \"1\"\n },\n \"startsAt\": \"2023-04-20T07:53:54.637363473Z\",\n \"endsAt\": \"0001-01-01T00:00:00Z\",\n \"generatorURL\": \"http://vmalert-insight-victoria-metrics-k8s-stack-df987997b-npsl9:8080/vmalert/alert?group_id=16797738747470868115&alert_id=10071735367745833597\",\n \"fingerprint\": \"25c8d93d5bf58ac4\"\n}\n
"},{"location":"en/admin/insight/reference/notify-helper.html#instructions-for-use","title":"Instructions for Use","text":".
character
Render the specified object in the current scope.
Example 1: Take all content under the top-level scope, which is all of the context data in the example code.
{{ . }}\n
Conditional statement if / else
Use if to check the data and run else if it does not meet.
{{if .Labels.namespace }}Namespace: {{ .Labels.namespace }} \\n{{ end }}\n
Loop feature for
The for feature is used to repeat the code content.
Example 1: Traverse the labels list to obtain all label content for alerts.
{{ for .Labels}} \\n {{end}}\n
Insight's \"notification templates\" and \"SMS templates\" support over 70 sprig functions, as well as custom functions.
"},{"location":"en/admin/insight/reference/notify-helper.html#sprig-functions","title":"Sprig Functions","text":"Sprig provides over 70 built-in template functions to assist in rendering data. The following are some commonly used functions:
For more details, you can refer to the official documentation.
"},{"location":"en/admin/insight/reference/notify-helper.html#custom-functions","title":"Custom Functions","text":""},{"location":"en/admin/insight/reference/notify-helper.html#toclustername","title":"toClusterName","text":"The toClusterName function retrieves the \"cluster name\" based on the \"cluster unique identifier (ID)\". If there is no proper cluster found, it will directly return the passed-in cluster's unique identifier.
func toClusterName(id string) (string, error)\n
Example:
{{ toClusterName \"clusterId\" }}\n{{ \"clusterId\" | toClusterName }}\n
"},{"location":"en/admin/insight/reference/notify-helper.html#toclusterid","title":"toClusterId","text":"The toClusterId function retrieves the \"cluster unique identifier (ID)\" based on the \"cluster name\". If there is no proper cluster found, it will directly return the passed-in cluster name.
func toClusterId(name string) (string, error)\n
Example:
{{ toClusterId \"clusterName\" }}\n{{ \"clusterName\" | toClusterId }}\n
"},{"location":"en/admin/insight/reference/notify-helper.html#todateinzone","title":"toDateInZone","text":"The toDateInZone function converts a string date into the desired time format and applies the specified time zone.
func toDateInZone(fmt string, date interface{}, zone string) string\n
Example 1:
{{ toDateInZone \"2006-01-02T15:04:05\" \"2022-08-15T05:59:08.064449533Z\" \"Asia/Shanghai\" }}\n
This will return 2022-08-15T13:59:08. Additionally, you can achieve the same effect as toDateInZone using the built-in functions provided by sprig:
{{ dateInZone \"2006-01-02T15:04:05\" (toDate \"2006-01-02T15:04:05Z07:00\" .StartsAt) \"Asia/Shanghai\" }}\n
Example 2:
{{ toDateInZone \"2006-01-02T15:04:05\" .StartsAt \"Asia/Shanghai\" }}\n\n## Threshold Template Description\n\nThe built-in webhook alert template in Insight is as follows. Other contents such as email and WeCom are the same, only proper adjustments are made for line breaks.\n\n```text\nRule Name: {{ .Labels.alertname }} \\n\nPolicy Name: {{ .Labels.alertgroup }} \\n\nAlert level: {{ .Labels.severity }} \\n\nCluster: {{ .Labels.cluster }} \\n\n{{if .Labels.namespace }}Namespace: {{ .Labels.namespace }} \\n{{ end }}\n{{if .Labels.node }}Node: {{ .Labels.node }} \\n{{ end }}\nResource Type: {{ .Labels.target_type }} \\n\n{{if .Labels.target }}Resource Name: {{ .Labels.target }} \\n{{ end }}\nTrigger Value: {{ .Annotations.value }} \\n\nOccurred Time: {{ .StartsAt }} \\n\n{{if ne \"0001-01-01T00:00:00Z\" .EndsAt }}End Time: {{ .EndsAt }} \\n{{ end }}\nDescription: {{ .Annotations.description }} \\n\n
"},{"location":"en/admin/insight/reference/notify-helper.html#email-subject-parameters","title":"Email Subject Parameters","text":"Because Insight combines messages generated by the same rule at the same time when sending alert messages, email subjects are different from the four templates above and only use the content of commonLabels in the alert message to render the template. The default template is as follows:
[{{ .status }}] [{{ .severity }}] Alert: {{ .alertname }}\n
Other fields that can be used as email subjects are as follows:
{{ .status }} Triggering status of the alert message\n{{ .alertgroup }} Name of the policy to which the alert belongs\n{{ .alertname }} Name of the rule to which the alert belongs\n{{ .severity }} Severity level of the alert\n{{ .target_type }} Type of resource for which the alert is raised\n{{ .target }} Resource object for which the alert is raised\n{{ .Custom label key for other rules }}\n
"},{"location":"en/admin/insight/reference/tailing-sidecar.html","title":"Collecting Container Logs through Sidecar","text":"Tailing Sidecar is a Kubernetes cluster-level logging proxy that acts as a streaming sidecar container. It allows automatic collection and summarization of log files within containers, even when the container cannot write to standard output or standard error streams.
Insight supports log collection through the Sidecar mode, which involves running a Sidecar container alongside each Pod to output log data to the standard output stream. This enables FluentBit to collect container logs effectively.
The Insight Agent comes with the tailing-sidecar operator installed by default. To enable file log collection within a container, you can add annotations to the Pod, which will automatically inject the Tailing Sidecar container. The injected Sidecar container reads the files in the business container and outputs them to the standard output stream.
Here are the specific steps to follow:
Modify the YAML file of the Pod and add the following parameters in the annotation field:
metadata:\n annotations:\n tailing-sidecar: <sidecar-name-0>:<volume-name-0>:<path-to-tail-0>;<sidecar-name-1>:<volume-name-1>:<path-to -tail-1>\n
Field description:
Note
Each Pod can run multiple sidecar containers, separated by ; . This allows different sidecar containers to collect multiple files and store them in various volumes.
Restart the Pod. Once the Pod's status changes to Running , you can use the Log Query interface to search for logs within the container of the Pod.
The metrics in this article are organized based on the community's kube-prometheus framework. Currently, it covers metrics from multiple levels, including Cluster, Node, Namespace, and Workload. This article lists some commonly used metrics, their descriptions, and units for easy reference.
"},{"location":"en/admin/insight/reference/used-metric-in-insight.html#cluster","title":"Cluster","text":"Metric Name Description Unit cluster_cpu_utilization Cluster CPU Utilization cluster_cpu_total Total CPU in Cluster Core cluster_cpu_usage CPU Used in Cluster Core cluster_cpu_requests_commitment CPU Allocation Rate in Cluster cluster_memory_utilization Cluster Memory Utilization cluster_memory_usage Memory Usage in Cluster Byte cluster_memory_available Available Memory in Cluster Byte cluster_memory_requests_commitment Memory Allocation Rate in Cluster cluster_memory_total Total Memory in Cluster Byte cluster_net_utilization Network Data Transfer Rate in Cluster Byte/s cluster_net_bytes_transmitted Network Data Transmitted in Cluster (Upstream) Byte/s cluster_net_bytes_received Network Data Received in Cluster (Downstream) Byte/s cluster_disk_read_iops Disk Read IOPS in Cluster times/s cluster_disk_write_iops Disk Write IOPS in Cluster times/s cluster_disk_read_throughput Disk Read Throughput in Cluster Byte/s cluster_disk_write_throughput Disk Write Throughput in Cluster Byte/s cluster_disk_size_capacity Total Disk Capacity in Cluster Byte cluster_disk_size_available Available Disk Size in Cluster Byte cluster_disk_size_usage Disk Usage in Cluster Byte cluster_disk_size_utilization Disk Utilization in Cluster cluster_node_total Total Nodes in Cluster units cluster_node_online Online Nodes in Cluster units cluster_node_offline_count Count of Offline Nodes in Cluster units cluster_pod_count Total Pods in Cluster units cluster_pod_running_count Count of Running Pods in Cluster units cluster_pod_abnormal_count Count of Abnormal Pods in Cluster units cluster_deployment_count Total Deployments in Cluster units cluster_deployment_normal_count Count of Normal Deployments in Cluster units cluster_deployment_abnormal_count Count of Abnormal Deployments in Cluster units cluster_statefulset_count Count of StatefulSets in Cluster units cluster_statefulset_normal_count Count of Normal StatefulSets in Cluster units cluster_statefulset_abnormal_count Count of Abnormal StatefulSets in Cluster units cluster_daemonset_count Count of DaemonSets in Cluster units cluster_daemonset_normal_count Count of Normal DaemonSets in Cluster units cluster_daemonset_abnormal_count Count of Abnormal DaemonSets in Cluster units cluster_job_count Total Jobs in Cluster units cluster_job_normal_count Count of Normal Jobs in Cluster units cluster_job_abnormal_count Count of Abnormal Jobs in Cluster unitsTip
Utilization is generally a number in the range (0,1] (e.g., 0.21, not 21%)
"},{"location":"en/admin/insight/reference/used-metric-in-insight.html#node","title":"Node","text":"Metric Name Description Unit node_cpu_utilization Node CPU Utilization node_cpu_total Total CPU in Node Core node_cpu_usage CPU Usage in Node Core node_cpu_requests_commitment CPU Allocation Rate in Node node_memory_utilization Node Memory Utilization node_memory_usage Memory Usage in Node Byte node_memory_requests_commitment Memory Allocation Rate in Node node_memory_available Available Memory in Node Byte node_memory_total Total Memory in Node Byte node_net_utilization Network Data Transfer Rate in Node Byte/s node_net_bytes_transmitted Network Data Transmitted in Node (Upstream) Byte/s node_net_bytes_received Network Data Received in Node (Downstream) Byte/s node_disk_read_iops Disk Read IOPS in Node times/s node_disk_write_iops Disk Write IOPS in Node times/s node_disk_read_throughput Disk Read Throughput in Node Byte/s node_disk_write_throughput Disk Write Throughput in Node Byte/s node_disk_size_capacity Total Disk Capacity in Node Byte node_disk_size_available Available Disk Size in Node Byte node_disk_size_usage Disk Usage in Node Byte node_disk_size_utilization Disk Utilization in Node"},{"location":"en/admin/insight/reference/used-metric-in-insight.html#workload","title":"Workload","text":"The currently supported workload types include: Deployment, StatefulSet, DaemonSet, Job, and CronJob.
Metric Name Description Unit workload_cpu_usage Workload CPU Usage Core workload_cpu_limits Workload CPU Limit Core workload_cpu_requests Workload CPU Requests Core workload_cpu_utilization Workload CPU Utilization workload_memory_usage Workload Memory Usage Byte workload_memory_limits Workload Memory Limit Byte workload_memory_requests Workload Memory Requests Byte workload_memory_utilization Workload Memory Utilization workload_memory_usage_cached Workload Memory Usage (including cache) Byte workload_net_bytes_transmitted Workload Network Data Transmitted Rate Byte/s workload_net_bytes_received Workload Network Data Received Rate Byte/s workload_disk_read_throughput Workload Disk Read Throughput Byte/s workload_disk_write_throughput Workload Disk Write Throughput Byte/sworkload_cpu_usage{workload_type=\"deployment\", workload=\"prometheus\"}
.workload_pod_utilization
: workload_pod_usage / workload_pod_request
.You can obtain the CPU usage of all Pods belonging to the Deployment named prometheus by using pod_cpu_usage{workload_type=\"deployment\", workload=\"prometheus\"}
.
Observability will persist the data of metrics, logs, and traces by default. Users can modify the system configuration according to This page.
"},{"location":"en/admin/insight/system-config/modify-config.html#how-to-modify-the-metric-data-retention-period","title":"How to modify the metric data retention period","text":"Refer to the following steps to modify the metric data retention period.
run the following command:
kubectl edit vmcluster insight-victoria-metrics-k8s-stack -n insight-system\n
In the Yaml file, the default value of retentionPeriod is 14 , and the unit is day . You can modify the parameters according to your needs.
apiVersion: operator.victoriametrics.com/v1beta1\nkind: VMCluster\nmetadata:\n annotations:\n meta.helm.sh/release-name: insight\n meta.helm.sh/release-namespace: insight-system\n creationTimestamp: \"2022-08-25T04:31:02Z\"\n finalizers:\n - apps.victoriametrics.com/finalizer\n generation: 2\n labels:\n app.kubernetes.io/instance: insight\n app.kubernetes.io/managed-by: Helm\n app.kubernetes.io/name: victoria-metrics-k8s-stack\n app.kubernetes.io/version: 1.77.2\n helm.sh/chart: victoria-metrics-k8s-stack-0.9.3\n name: insight-victoria-metrics-k8s-stack\n namespace: insight-system\n resourceVersion: \"123007381\"\n uid: 55cee8d6-c651-404b-b2c9-50603b405b54\nspec:\n replicationFactor: 1\n retentionPeriod: \"14\"\n vminsert:\n extraArgs:\n maxLabelsPerTimeseries: \"45\"\n image:\n repository: docker.m.daocloud.io/victoriametrics/vminsert\n tag: v1.80.0-cluster\n replicaCount: 1\n
After saving the modification, the pod of the component responsible for storing the metrics will automatically restart, just wait for a while.
Refer to the following steps to modify the log data retention period:
"},{"location":"en/admin/insight/system-config/modify-config.html#method-1-modify-the-json-file","title":"Method 1: Modify the Json file","text":"Modify the max_age parameter in the rollover field in the following files, and set the retention period. The default storage period is 7d . Change http://localhost:9200
to the address of elastic .
curl -X PUT \"http://localhost:9200/_ilm/policy/insight-es-k8s-logs-policy?pretty\" -H 'Content-Type: application/json' -d'\n{\n\"policy\": {\n \"phases\": {\n \"hot\": {\n \"min_age\": \"0ms\",\n \"actions\": {\n \"set_priority\": {\n \"priority\": 100\n },\n \"rollover\": {\n \"max_age\": \"7d\",\n \"max_size\": \"10gb\"\n }\n }\n },\n \"warm\": {\n \"min_age\": \"10d\",\n \"actions\": {\n \"forcemerge\": {\n \"max_num_segments\": 1\n }\n }\n },\n \"delete\": {\n \"min_age\": \"30d\",\n \"actions\": {\n \"delete\": {}\n }\n }\n }\n}\n}\n
After modification, run the above command. It will print out the content as shown below, then the modification is successful.
{\n\"acknowledged\": true\n}\n
Log in kibana , select Stack Management in the left navigation bar.
Select the left navigation Index Lifecycle Polices , and find the index insight-es-k8s-logs-policy , click to enter the details.
Expand the Hot phase configuration panel, modify the Maximum age parameter, and set the retention period. The default storage period is 7d .
After modification, click Save policy at the bottom of the page to complete the modification.
Refer to the following steps to modify the trace data retention period:
"},{"location":"en/admin/insight/system-config/modify-config.html#method-1-modify-the-json-file_1","title":"Method 1: Modify the Json file","text":"Modify the max_age parameter in the rollover field in the following files, and set the retention period. The default storage period is 7d . At the same time, modify http://localhost:9200
to the access address of elastic .
curl -X PUT \"http://localhost:9200/_ilm/policy/jaeger-ilm-policy?pretty\" -H 'Content-Type: application/json' -d'\n{\n\"policy\": {\n \"phases\": {\n \"hot\": {\n \"min_age\": \"0ms\",\n \"actions\": {\n \"set_priority\": {\n \"priority\": 100\n },\n \"rollover\": {\n \"max_age\": \"7d\",\n \"max_size\": \"10gb\"\n }\n }\n },\n \"warm\": {\n \"min_age\": \"10d\",\n \"actions\": {\n \"forcemerge\": {\n \"max_num_segments\": 1\n }\n }\n },\n \"delete\": {\n \"min_age\": \"30d\",\n \"actions\": {\n \"delete\": {}\n }\n }\n }\n}\n}\n
After modification, run the above command on the console. It will print out the content as shown below, then the modification is successful.
{\n\"acknowledged\": true\n}\n
Log in kibana , select Stack Management in the left navigation bar.
Select the left navigation Index Lifecycle Polices , and find the index jaeger-ilm-policy , click to enter the details.
Expand the Hot phase configuration panel, modify the Maximum age parameter, and set the retention period. The default storage period is 7d .
After modification, click Save policy at the bottom of the page to complete the modification.
On the system component page, you can quickly view the running status of the system components in Insight. When a system component fails, some features in Insight will be unavailable.
System Settings displays the default storage time of metrics, logs, traces and the default Apdex threshold.
Click the right navigation bar and select System Settings .
Currently only supports modifying the storage duration of historical alerts, click Edit to enter the target duration.
When the storage duration is set to \"0\", the historical alerts will not be cleared.
Note
To modify other settings, please click to view How to modify the system settings?
"},{"location":"en/admin/insight/trace/service.html","title":"Service Insight","text":"In Insight , a service refers to a group of workloads that provide the same behavior for incoming requests. Service insight helps observe the performance and status of applications during the operation process by using the OpenTelemetry SDK.
For how to use OpenTelemetry, please refer to: Using OTel to give your application insight.
"},{"location":"en/admin/insight/trace/service.html#glossary","title":"Glossary","text":"The Services List page displays key metrics such as throughput rate, error rate, and request latency for all services that have been instrumented with distributed tracing. You can filter services based on clusters or namespaces and sort the list by throughput rate, error rate, or request latency. By default, the data displayed in the list is for the last hour, but you can customize the time range.
Follow these steps to view service insight metrics:
Go to the Insight product module.
Select Trace Tracking -> Services from the left navigation bar.
Attention
Click a service name (taking insight-system as an example) to view the detailed metrics and operation metrics for that service.
Service map is a visual representation of the connections, communication, and dependencies between services. It provides insights into the service-to-service interactions, allowing you to view the calls and performance of services within a specified time range. The connections between nodes in the topology map represent the existence of service-to-service calls during the queried time period.
"},{"location":"en/admin/insight/trace/topology.html#prerequisites","title":"Prerequisites","text":"Go to the Insight product module.
Select Tracing -> Service Map from the left navigation bar.
In the Service Map, you can perform the following actions:
In the Service Map, there can be nodes that are not part of the cluster. These external nodes can be categorized into three types:
Virtual Node
If a service makes a request to a Database or Message Queue, these two types of nodes will be displayed by default in the topology map. However, Virtual Nodes represent nodes outside the cluster or services not integrated into the trace, and they will not be displayed by default in the map.
When a service makes a request to MySQL, PostgreSQL, or Oracle Database, the detailed database type can be seen in the map.
insight-server
chart values, locate the parameter shown in the image below, and change false
to true
.Virtual Services
option to enable it.On the trace query page, you can query detailed information about a call trace by TraceID or filter call traces based on various conditions.
"},{"location":"en/admin/insight/trace/trace.html#glossary","title":"Glossary","text":"Please follow these steps to search for a trace:
Select Tracing -> Traces from the left navigation bar.
Note
Sorting by Span, Latency, and Start At is supported in the list.
Click the TraceID Query in the filter bar to switch to TraceID search.
To search using TraceID, please enter the complete TraceID.
Click the TraceID of a trace in the trace list to view its detailed call information.
Click the icon on the right side of the trace data to search for associated logs.
Click View More to jump to the Associated Log page with conditions.
By default, all logs are searched, but you can filter by the TraceID or the relevant container logs from the trace call process using the dropdown.
Note
Since trace may span across clusters or namespaces, if the user does not have sufficient permissions, they will be unable to query the associated logs for that trace.
If there are not enough nodes, you can add more nodes to the cluster.
"},{"location":"en/admin/k8s/add-node.html#prerequisites","title":"Prerequisites","text":"Navigate to Container Management -> Clusters, and click the name of the target cluster.
On the cluster overview page, click Node Management, and then click the Add Node button on the right side.
Follow the wizard, fill in the required parameters, and then click OK.
Basic InformationParameter ConfigurationClick OK in the popup window.
Return to the node list. The status of the newly added node will be Pending. After a few minutes, if the status changes to Running, it indicates that the node has been successfully added.
Tip
For nodes that have just been successfully added, it may take an additional 2-3 minutes for the GPU to be recognized.
"},{"location":"en/admin/k8s/create-k8s.html","title":"Creating a Kubernetes Cluster on the Cloud","text":"Deploying a Kubernetes cluster is aimed at supporting efficient AI computing resource scheduling and management, achieving elastic scalability, providing high availability, and optimizing the model training and inference processes.
"},{"location":"en/admin/k8s/create-k8s.html#prerequisites","title":"Prerequisites","text":"Create and launch 3 cloud hosts without GPUs to serve as the Master nodes for the cluster.
Navigate to Container Management -> Clusters, and click the Create Cluster button on the right side.
Follow the wizard to configure the various parameters of the cluster.
Basic InformationNode ConfigurationNetwork ConfigurationAddon ConfigurationAdvanced ConfigurationAfter configuring the node information, click Start Check.
Each node can run a default of 110 Pods (container groups). If the node configuration is higher, it can be adjusted to 200 or 300 Pods.
Wait for the cluster creation to complete.
In the cluster list, find the newly created cluster, click the cluster name, navigate to Helm Apps -> Helm Charts, and search for metax-gpu-extensions
in the search box, then click the card.
Click the Install button on the right to begin installing the GPU plugin.
Application SettingsKubernetes Orchestration ConfirmationEnter a name, select a namespace, and modify the image address in the YAML:
You will automatically return to the Helm App list. Wait for the status of metax-gpu-extensions
to change to Deployed.
The cluster has been successfully created. You can now check the nodes included in the cluster. You can create AI workloads and use the GPU.
Next step: Create AI Workloads
"},{"location":"en/admin/k8s/remove-node.html","title":"Removing GPU Worker Nodes","text":"The cost of GPU resources is relatively high. If you temporarily do not need a GPU, you can remove the worker nodes with GPUs. The following steps are also applicable for removing regular worker nodes.
"},{"location":"en/admin/k8s/remove-node.html#prerequisites","title":"Prerequisites","text":"Navigate to Container Management -> Clusters, and click the name of the target cluster.
On the cluster overview page, click Nodes, find the node you want to remove, click the \u2507 on the right side of the list, and select Remove Node from the pop-up menu.
In the pop-up window, enter the node name, and after confirming it is correct, click Delete.
You will automatically return to the node list, and the status will be Removing. After a few minutes, refresh the page; if the node is no longer there, it indicates that the node has been successfully removed.
After removing the node from the UI list and shutting it down, log in to the host of the removed node via SSH and execute the shutdown command.
Tip
After removing the node from the UI and shutting it down, the data on the node is not immediately deleted; the node's data will be retained for a period of time.
"},{"location":"en/admin/kpanda/backup/index.html","title":"Backup and Restore","text":"Backup and restore are essential aspects of system management. In practice, it is important to first back up the data of the system at a specific point in time and securely store the backup. In case of incidents such as data corruption, loss, or accidental deletion, the system can be quickly restored based on the previous backup data, reducing downtime and minimizing losses.
Therefore, backup and restore are vital as the last line of defense for maintaining system stability and ensuring data security.
Backups are typically classified into three types: full backups, incremental backups, and differential backups. Currently, AI platform supports full backups and incremental backups.
The backup and restore provided by AI platform can be divided into two categories: Application Backup and ETCD Backup. It supports both manual backups and scheduled automatic backups using CronJobs.
Application Backup
Application backup refers to backing up data of a specific workload in the cluster and then restoring that data either within the same cluster or in another cluster. It supports backing up all resources under a namespace or filtering resources by specific labels.
Application backup also supports cross-cluster backup of stateful applications. For detailed steps, refer to the Backup and Restore MySQL Applications and Data Across Clusters guide.
etcd Backup
etcd is the data storage component of Kubernetes. Kubernetes stores its own component's data and application data in etcd. Therefore, backing up etcd is equivalent to backing up the entire cluster's data, allowing quick restoration of the cluster to a previous state in case of failures.
It's worth noting that currently, restoring etcd backup data is only supported within the same cluster (the original cluster). To learn more about related best practices, refer to the ETCD Backup and Restore guide.
This article explains how to backup applications in AI platform. The demo application used in this tutorial is called dao-2048 , which is a deployment.
"},{"location":"en/admin/kpanda/backup/deployment.html#prerequisites","title":"Prerequisites","text":"Before backing up a deployment, the following prerequisites must be met:
Integrate a Kubernetes cluster or create a Kubernetes cluster in the Container Management module, and be able to access the UI interface of the cluster.
Create a Namespace and a user.
The current operating user should have NS Editor or higher permissions, for details, refer to Namespace Authorization.
Install the velero component, and ensure the velero component is running properly.
Create a deployment (the workload in this tutorial is named dao-2048 ), and label the deployment with app: dao-2048 .
Follow the steps below to backup the deployment dao-2048 .
Enter the Container Management module, click Backup Recovery -> Application Backup on the left navigation bar, and enter the Application Backup list page.
On the Application Backup list page, select the cluster where the velero and dao-2048 applications have been installed. Click Backup Plan in the upper right corner to create a new backup cluster.
Refer to the instructions below to fill in the backup configuration.
Refer to the instructions below to set the backup execution frequency, and then click Next .
*
, after inputting the expression, the meaning of the current expression will be prompted. For detailed expression syntax rules, refer to Cron Schedule Syntax.Backup Volume (PV): Whether to back up the data in the volume (PV), support direct copy and use CSI snapshot.
Click OK , the page will automatically return to the application backup plan list, find the newly created dao-2048 backup plan, and perform the Immediate Execution operation.
At this point, the Last Execution State of the cluster will change to in progress . After the backup is complete, you can click the name of the backup plan to view the details of the backup plan.
etcd backup is based on cluster data as the core backup. In cases such as hardware device damage, development and test configuration errors, etc., the backup cluster data can be restored through etcd backup.
This section will introduce how to realize the etcd backup for clusters. Also see etcd Backup and Restore Best Practices.
"},{"location":"en/admin/kpanda/backup/etcd-backup.html#prerequisites","title":"Prerequisites","text":"Integrated the Kubernetes cluster or created the Kubernetes cluster, and you can access the UI interface of the cluster.
Created a namespace, user, and granted NS Admin
or higher permissions to the user. For details, refer to Namespace Authorization.
Prepared a MinIO instance. It is recommended to create it through AI platform's MinIO middleware. For specific steps, refer to MinIO Object Storage.
Follow the steps below to create an etcd backup.
Enter Container Management -> Backup Recovery -> etcd Backup page, you can see all the current backup policies. Click Create Backup Policy on the right.
Fill in the Basic Information. Then, click Next to automatically verify the connectivity of etcd. If the verification passes, proceed to the next step.
Enter etcd, and the format is https://${NodeIP}:${Port}
.
Find the etcd Pod in the kube-system namespace
kubectl get po -n kube-system | grep etcd\n
Get the port number from the listen-client-urls of the etcd Pod
kubectl get po -n kube-system ${etcd_pod_name} -oyaml | grep listen-client-urls # (1)!\n
The expected output is as follows, where the number after the node IP is the port number:
- --listen-client-urls=https://127.0.0.1:2379,https://10.6.229.191:2379\n
Fill in the CA certificate, you can use the following command to view the certificate content. Then, copy and paste it to the proper location:
Standard Kubernetes ClusterSuanova 4.0 Clustercat /etc/kubernetes/ssl/etcd/ca.crt\n
cat /etc/daocloud/dce/certs/ca.crt\n
Fill in the Cert certificate, you can use the following command to view the content of the certificate. Then, copy and paste it to the proper location:
Standard Kubernetes ClusterSuanova 4.0 Clustercat /etc/kubernetes/ssl/apiserver-etcd-client.crt\n
cat /etc/daocloud/dce/certs/etcd/server.crt\n
Fill in the Key, you can use the following command to view the content of the certificate and copy and paste it to the proper location:
Standard Kubernetes ClusterSuanova 4.0 Clustercat /etc/kubernetes/ssl/apiserver-etcd-client.key\n
cat /etc/daocloud/dce/certs/etcd/server.key\n
Note
Click How to get below the input box to see how to obtain the proper information on the UI page.
Refer to the following information to fill in the Backup Policy.
Backup Method: Choose either manual backup or scheduled backup
Backup Chain Length: the maximum number of backup data to retain. The default is 30.
Refer to the following information to fill in the Storage Path.
After clicking OK , the page will automatically redirect to the backup policy list, where you can view all the currently created ones.
Click Logs to view the log content. By default, 100 lines are displayed. If you want to see more log information or download the logs, you can follow the prompts above the logs to go to the observability module.
"},{"location":"en/admin/kpanda/backup/etcd-backup.html#view-backup-policy-details","title":"View Backup POlicy Details","text":"Go to Container Management -> Backup Recovery -> etcd Backup , click the Backup Policy tab, and then click the policy to view the details.
"},{"location":"en/admin/kpanda/backup/etcd-backup.html#view-recovery-point","title":"View Recovery Point","text":"After selecting the target cluster, you can view all the backup information under that cluster.
Each time a backup is executed, a proper recovery point is generated, which can be used to quickly restore the application from a successful recovery point.
velero is an open source tool for backing up and restoring Kubernetes cluster resources. It can back up resources in a Kubernetes cluster to cloud storage services, local storage, or other locations, and restore those resources to the same or a different cluster when needed.
This section introduces how to deploy the Velero plugin in AI platform using the Helm Apps.
"},{"location":"en/admin/kpanda/backup/install-velero.html#prerequisites","title":"Prerequisites","text":"Before installing the velero plugin, the following prerequisites need to be met:
Please perform the following steps to install the velero plugin for your cluster.
On the cluster list page, find the target cluster that needs to install the velero plugin, click the name of the cluster, click Helm Apps -> Helm chart in the left navigation bar, and enter velero in the search bar to search .
Read the introduction of the velero plugin, select the version and click the Install button. This page will take 5.2.0 version as an example to install, and it is recommended that you install 5.2.0 and later versions.
Configure basic info .
Note
After enabling Ready Wait and/or Failed Delete , it takes a long time for the app to be marked as Running .
Configure Velero chart Parameter Settings according to the following instructions
S3 Credentials: Configure the authentication information of object storage (minio).
Use existing secret parameter example is as follows:
[default]\naws_access_key_id = minio\naws_secret_access_key = minio123\n
BackupStorageLocation: The location where Velero backs up data.
S3 Configs: Detailed configuration of S3 storage (minio).
Click the OK button to complete the installation of the Velero plugin. The system will automatically jump to the Helm Apps list page. After waiting for a few minutes, refresh the page, and you can see the application just installed.
This article provides a step-by-step guide on how to manually scale the control nodes in a worker cluster to achieve high availability for self-built clusters.
Note
It is recommended to enable high availability mode when creating the worker cluster in the interface. Manually scaling the control nodes of the worker cluster involves certain operational risks, so please proceed with caution.
"},{"location":"en/admin/kpanda/best-practice/add-master-node.html#prerequisites","title":"Prerequisites","text":"Note
Managed cluster refers to the cluster specified during the creation of the worker cluster, which provides capabilities such as Kubernetes version upgrades, node scaling, uninstallation, and operation records for the current cluster.
"},{"location":"en/admin/kpanda/best-practice/add-master-node.html#modify-the-host-manifest","title":"Modify the Host manifest","text":"Log in to the container management platform and go to the overview page of the cluster where you want to scale the control nodes. In the Basic Information section, locate the Managed Cluster of the current cluster and click its name to enter the overview page.
In the overview page of the managed cluster, click Console to open the cloud terminal console. Run the following command to find the host manifest of the worker cluster that needs to be scaled.
kubectl get cm -n kubean-system ${ClusterName}-hosts-conf -oyaml\n
${ClusterName}
is the name of the worker cluster to be scaled.
Modify the host manifest file based on the example below and add information for the controller nodes.
Before ModificationAfter ModificationapiVersion: v1\nkind: ConfigMap\nmetadata:\n name: tanghai-dev-hosts-conf\n namespace: kubean-system\ndata:\n hosts.yml: |\n all:\n hosts:\n node1:\n ip: 10.6.175.10 \n access_ip: 10.6.175.10\n ansible_host: 10.6.175.10 \n ansible_connection: ssh\n ansible_user: root\n ansible_password: password01\n children:\n kube_control_plane:\n hosts:\n node1:\n kube_node:\n hosts:\n node1:\n etcd:\n hosts:\n node1:\n k8s_cluster:\n children:\n kube_control_plane:\n kube_node:\n calico_rr:\n hosts: {}\n......\n
apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: tanghai-dev-hosts-conf\n namespace: kubean-system\ndata:\n hosts.yml: |\n all:\n hosts:\n node1:\n ip: 10.6.175.10\n access_ip: 10.6.175.10 \n ansible_host: 10.6.175.10\n ansible_connection: ssh\n ansible_user: root\n ansible_password: password01\n node2: # Add controller node2\n ip: 10.6.175.20\n access_ip: 10.6.175.20\n ansible_host: 10.6.175.20\n ansible_connection: ssh\n ansible_user: root\n ansible_password: password01\n node3:\n ip: 10.6.175.30 \n access_ip: 10.6.175.30\n ansible_host: 10.6.175.30 \n ansible_connection: ssh\n ansible_user: root\n ansible_password: password01\n children:\n kube_control_plane:\n hosts:\n node1:\n node2: # Add controller node2\n node3: # Add controller node3\n kube_node:\n hosts:\n node1:\n node2: # Add controller node2\n node3: # Add controller node3\n etcd:\n hosts:\n node1:\n node2: # Add controller node2\n node3: # Add controller node3\n k8s_cluster:\n children:\n kube_control_plane:\n kube_node:\n calico_rr:\n hosts: {}\n
Important Parameters:
all.hosts.node1
: Existing master node in the original clusterall.hosts.node2
, all.hosts.node3
: Control nodes to be added during cluster scalingall.children.kube_control_plane.hosts
: Control plane group in the clusterall.children.kube_node.hosts
: Worker node group in the clusterall.children.etcd.hosts
: ETCD node group in the clusterUse the following ClusterOperation.yml
template to add a cluster control node expansion task called \"scale-master-node-ops.yaml\".
apiVersion: kubean.io/v1alpha1\nkind: ClusterOperation\nmetadata:\n name: cluster1-online-install-ops\nspec:\n cluster: ${cluster-name} # Specify cluster name\n image: ghcr.m.daocloud.io/kubean-io/spray-job:v0.18.0 # Specify the image for the kubean job\n actionType: playbook\n action: cluster.yml\n extraArgs: --limit=etcd,kube_control_plane -e ignore_assert_errors=yes\n preHook:\n - actionType: playbook\n action: ping.yml\n - actionType: playbook\n action: disable-firewalld.yml\n - actionType: playbook\n action: enable-repo.yml # In an offline environment, you need to add this yaml and\n # set the correct repo-list (for installing operating system packages).\n # The following parameter values are for reference only.\n extraArgs: |\n -e \"{repo_list: ['http://172.30.41.0:9000/kubean/centos/\\$releasever/os/\\$basearch','http://172.30.41.0:9000/kubean/centos-iso/\\$releasever/os/\\$basearch']}\"\n postHook:\n - actionType: playbook\n action: upgrade-cluster.yml\n extraArgs: --limit=etcd,kube_control_plane -e ignore_assert_errors=yes\n - actionType: playbook\n action: kubeconfig.yml\n - actionType: playbook\n action: cluster-info.yml\n
Note
-e etcd_retries=10
should be added to cluster.yaml to increase etcd node join retry times--limit=etcd,kube_control_plane -e ignore_assert_errors=yes
--limit=etcd,kube_control_plane -e ignore_assert_errors=yes
Create and deploy scale-master-node-ops.yaml based on the above configuration.
# Copy the above manifest\nvi scale-master-node-ops.yaml\nkubectl apply -f scale-master-node-ops.yaml -n kubean-system\n
Perform the following command to verify it.
kubectl get node\n
"},{"location":"en/admin/kpanda/best-practice/add-worker-node-on-global.html","title":"Scaling the Worker Nodes of the Global Service Cluster","text":"This page introduces how to manually scale the worker nodes of the global service cluster in offline mode. By default, it is not recommended to scale the global service cluster after deploying AI platform. Please ensure proper resource planning before deploying AI platform.
Note
The controller node of the global service cluster do not support scaling.
"},{"location":"en/admin/kpanda/best-practice/add-worker-node-on-global.html#prerequisites","title":"Prerequisites","text":"Run the following command to log in to the bootstrap node:
ssh root@bootstrap-node-ip-address\n
On the bootstrap node, run the following command to get the CONTAINER ID
of the kind cluster:
[root@localhost ~]# podman ps\n\n# Expected output:\nCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES\n220d662b1b6a docker.m.daocloud.io/kindest/node:v1.26.2 2 weeks ago Up 2 weeks 0.0.0.0:443->30443/tcp, 0.0.0.0:8081->30081/tcp, 0.0.0.0:9000-9001->32000-32001/tcp, 0.0.0.0:36674->6443/tcp my-cluster-installer-control-plane\n
Run the following command to enter a container in the kind cluster:
podman exec -it {CONTAINER ID} bash\n
Replace {CONTAINER ID}
with your actual container ID.
Inside the container of the kind cluster, run the following command to get the kubeconfig information for the kind cluster:
kubectl config view --minify --flatten --raw\n
After the console output, copy the kubeconfig information of the kind cluster for the next step.
cluster.kubean.io
resources in the kind cluster on the bootstrap node","text":"Use the command podman exec -it {CONTAINER ID} bash
to enter the kind cluster container.
Inside the kind cluster container, run the following command to get the kind cluster name:
kubectl get clusters\n
Copy and run the following command within the kind cluster to create the cluster.kubean.io
resource:
kubectl apply -f - <<EOF\napiVersion: kubean.io/v1alpha1\nkind: Cluster\nmetadata:\n labels:\n clusterName: kpanda-global-cluster\n name: kpanda-global-cluster\nspec:\n hostsConfRef:\n name: my-cluster-hosts-conf\n namespace: kubean-system\n kubeconfRef:\n name: my-cluster-kubeconf\n namespace: kubean-system\n varsConfRef:\n name: my-cluster-vars-conf\n namespace: kubean-system\nEOF\n
Note
The default cluster name for spec.hostsConfRef.name
, spec.kubeconfRef.name
, and spec.varsConfRef.name
is my-cluster
. Please replace it with the kind cluster name obtained in the previous step.
Run the following command in the kind cluster to verify if the cluster.kubean.io
resource is created successfully:
kubectl get clusters\n
Expected output is:
NAME AGE\nkpanda-global-cluster 3s\nmy-cluster 16d\n
Run the following command to log in to one of the controller nodes of the global service cluster:
ssh root@<global-service-cluster-controller-node-IP>\n
On the global service cluster controller node, run the following command to copy the containerd configuration file config.toml from the controller node to the bootstrap node:
scp /etc/containerd/config.toml root@<bootstrap-node-IP>:/root\n
On the bootstrap node, select the insecure registry section from the containerd configuration file config.toml that was copied from the controller node, and add it to the config.toml in the kind cluster.
An example of the insecure registry section is as follows:
[plugins.\"io.containerd.grpc.v1.cri\".registry]\n [plugins.\"io.containerd.grpc.v1.cri\".registry.mirrors]\n [plugins.\"io.containerd.grpc.v1.cri\".registry.mirrors.\"10.6.202.20\"]\n endpoint = [\"https://10.6.202.20\"]\n [plugins.\"io.containerd.grpc.v1.cri\".registry.configs.\"10.6.202.20\".tls]\n insecure_skip_verify = true\n
Note
Since the config.toml
file in the kind cluster cannot be modified directly, you can first copy the file out to modify it and then copy it back to the kind cluster. The steps are as follows:
Run the following command on the bootstrap node to copy the file out:
podman cp {CONTAINER ID}:/etc/containerd/config.toml ./config.toml.kind\n
Run the following command to edit the config.toml
file:
vim ./config.toml.kind\n
After modifying the file, copy it back to the kind cluster by running the following command:
podman cp ./config.toml.kind {CONTAINER ID}:/etc/containerd/config.toml\n
{CONTAINER ID} should be replaced with your actual container ID.
Run the following command within the kind cluster to restart the containerd service:
systemctl restart containerd\n
Log in to AI platform, navigate to Container Management, and on the right side of the cluster list, click the Integrate Cluster button.
In the integration configuration section, fill in and edit the kubeconfig of the Kind cluster.
apiVersion: v1\nclusters:\n- cluster:\n insecure-skip-tls-verify: true # (1)!\n certificate-authority-data: LS0TLSCFDFWEFEWFEWFGGEWGFWFEWGWEGFEWGEWGSDGFSDSD\n server: https://my-cluster-installer-control-plane:6443 # (2)!\nname: my-cluster-installer\ncontexts:\n- context:\n cluster: my-cluster-installer\n user: kubernetes-admin\nname: kubernetes-admin@my-cluster-installer\ncurrent-context: kubernetes-admin@my-cluster-installer\nkind: Config\npreferences: {}\nusers:\n
podman ps|grep 6443
to check the mapped port).Click the OK to complete the integration of the Kind cluster.
Log in to AI platform, navigate to Container Management, find the kapnda-global-cluster , and in the right-side, find the Basic Configuration menu options.
In the Basic Configuration page, add the label kpanda.io/managed-by=my-cluster
for the global service cluster:
Note
The value in the label kpanda.io/managed-by=my-cluster
corresponds to the name of the cluster specified during the integration process, which defaults to my-cluster
. Please adjust this according to your actual situation.
Go to the node list page of the global service cluster, find the Integrate Node button on the right side of the node list, and click to enter the node configuration page.
After filling in the IP and authentication information of the node to be integrated, click Start Check . Once the node check is completed, click Next .
Add the following custom parameters in the Custom Parameters section:
download_run_once: false\ndownload_container: false\ndownload_force_cache: false\ndownload_localhost: false\n
Click the OK button and wait for the node to be added.
This demonstration will show how to use the application backup feature in AI platform to perform cross-cluster backup migration for a stateful application.
Note
The current operator should have admin privileges on the AI platform.
"},{"location":"en/admin/kpanda/best-practice/backup-mysql-on-nfs.html#prepare-the-demonstration-environment","title":"Prepare the Demonstration Environment","text":""},{"location":"en/admin/kpanda/best-practice/backup-mysql-on-nfs.html#prepare-two-clusters","title":"Prepare Two Clusters","text":"main-cluster will be the source cluster for backup data, and recovery-cluster will be the target cluster for data recovery.
Cluster IP Nodes main-cluster 10.6.175.100 1 node recovery-cluster 10.6.175.110 1 node"},{"location":"en/admin/kpanda/best-practice/backup-mysql-on-nfs.html#set-up-minio-configuration","title":"Set Up MinIO Configuration","text":"MinIO Server Address Bucket Username Password http://10.7.209.110:9000 mysql-demo root dangerous"},{"location":"en/admin/kpanda/best-practice/backup-mysql-on-nfs.html#deploy-nfs-storage-service-in-both-clusters","title":"Deploy NFS Storage Service in Both Clusters","text":"Note
NFS storage service needs to be deployed on all nodes in both the source and target clusters.
Install the dependencies required for NFS on all nodes in both clusters.
yum install nfs-utils iscsi-initiator-utils nfs-utils iscsi-initiator-utils nfs-utils iscsi-initiator-utils -y\n
Expected output
[root@g-master1 ~]# kubectl apply -f nfs.yaml\nclusterrole.rbac.authorization.k8s.io/nfs-provisioner-runner created\nclusterrolebinding.rbac.authorization.k8s.io/run-nfs-provisioner created\nrole.rbac.authorization.k8s.io/leader-locking-nfs-provisioner created\nrolebinding.rbac.authorization.k8s.io/leader-locking-nfs-provisioner created\nserviceaccount/nfs-provisioner created\nservice/nfs-provisioner created\ndeployment.apps/nfs-provisioner created\nstorageclass.storage.k8s.io/nfs created\n
Prepare NFS storage service for the MySQL application.
Log in to any control node of both main-cluster and recovery-cluster . Use the command vi nfs.yaml to create a file named nfs.yaml on the node, and copy the following YAML content into the nfs.yaml file.
<details>\n<summary>nfs.yaml</summary>\n```yaml\nkind: ClusterRole\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\nname: nfs-provisioner-runner\nnamespace: nfs-system\nrules:\n- apiGroups: [\"\"]\n resources: [\"persistentvolumes\"]\n verbs: [\"get\", \"list\", \"watch\", \"create\", \"delete\"]\n- apiGroups: [\"\"]\n resources: [\"persistentvolumeclaims\"]\n verbs: [\"get\", \"list\", \"watch\", \"update\"]\n- apiGroups: [\"storage.k8s.io\"]\n resources: [\"storageclasses\"]\n verbs: [\"get\", \"list\", \"watch\"]\n- apiGroups: [\"\"]\n resources: [\"events\"]\n verbs: [\"create\", \"update\", \"patch\"]\n- apiGroups: [\"\"]\n resources: [\"services\", \"endpoints\"]\n verbs: [\"get\"]\n- apiGroups: [\"extensions\"]\n resources: [\"podsecuritypolicies\"]\n resourceNames: [\"nfs-provisioner\"]\n verbs: [\"use\"]\n---\nkind: ClusterRoleBinding\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\nname: run-nfs-provisioner\nsubjects:\n- kind: ServiceAccount\n name: nfs-provisioner\n # replace with namespace where provisioner is deployed\n namespace: default\nroleRef:\nkind: ClusterRole\nname: nfs-provisioner-runner\napiGroup: rbac.authorization.k8s.io\n---\nkind: Role\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\nname: leader-locking-nfs-provisioner\nrules:\n- apiGroups: [\"\"]\n resources: [\"endpoints\"]\n verbs: [\"get\", \"list\", \"watch\", \"create\", \"update\", \"patch\"]\n---\nkind: RoleBinding\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\nname: leader-locking-nfs-provisioner\nsubjects:\n- kind: ServiceAccount\n name: nfs-provisioner\n # replace with namespace where provisioner is deployed\n namespace: default\nroleRef:\nkind: Role\nname: leader-locking-nfs-provisioner\napiGroup: rbac.authorization.k8s.io\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\nname: nfs-provisioner\n---\nkind: Service\napiVersion: v1\nmetadata:\nname: nfs-provisioner\nlabels:\n app: nfs-provisioner\nspec:\nports:\n - name: nfs\n port: 2049\n - name: nfs-udp\n port: 2049\n protocol: UDP\n - name: nlockmgr\n port: 32803\n - name: nlockmgr-udp\n port: 32803\n protocol: UDP\n - name: mountd\n port: 20048\n - name: mountd-udp\n port: 20048\n protocol: UDP\n - name: rquotad\n port: 875\n - name: rquotad-udp\n port: 875\n protocol: UDP\n - name: rpcbind\n port: 111\n - name: rpcbind-udp\n port: 111\n protocol: UDP\n - name: statd\n port: 662\n - name: statd-udp\n port: 662\n protocol: UDP\nselector:\n app: nfs-provisioner\n---\nkind: Deployment\napiVersion: apps/v1\nmetadata:\nname: nfs-provisioner\nspec:\nselector:\n matchLabels:\n app: nfs-provisioner\nreplicas: 1\nstrategy:\n type: Recreate\ntemplate:\n metadata:\n labels:\n app: nfs-provisioner\n spec:\n serviceAccount: nfs-provisioner\n containers:\n - name: nfs-provisioner\n resources:\n limits:\n cpu: \"1\"\n memory: \"4294967296\"\n image: release.daocloud.io/velero/nfs-provisioner:v3.0.0\n ports:\n - name: nfs\n containerPort: 2049\n - name: nfs-udp\n containerPort: 2049\n protocol: UDP\n - name: nlockmgr\n containerPort: 32803\n - name: nlockmgr-udp\n containerPort: 32803\n protocol: UDP\n - name: mountd\n containerPort: 20048\n - name: mountd-udp\n containerPort: 20048\n protocol: UDP\n - name: rquotad\n containerPort: 875\n - name: rquotad-udp\n containerPort: 875\n protocol: UDP\n - name: rpcbind\n containerPort: 111\n - name: rpcbind-udp\n containerPort: 111\n protocol: UDP\n - name: statd\n containerPort: 662\n - name: statd-udp\n containerPort: 662\n protocol: UDP\n securityContext:\n capabilities:\n add:\n - DAC_READ_SEARCH\n - SYS_RESOURCE\n args:\n - \"-provisioner=example.com/nfs\"\n env:\n - name: POD_IP\n valueFrom:\n fieldRef:\n fieldPath: status.podIP\n - name: SERVICE_NAME\n value: nfs-provisioner\n - name: POD_NAMESPACE\n valueFrom:\n fieldRef:\n fieldPath: metadata.namespace\n imagePullPolicy: \"IfNotPresent\"\n volumeMounts:\n - name: export-volume\n mountPath: /export\n volumes:\n - name: export-volume\n hostPath:\n path: /data\n---\nkind: StorageClass\napiVersion: storage.k8s.io/v1\nmetadata:\nname: nfs\nprovisioner: example.com/nfs\nmountOptions:\n- vers=4.1\n```\n</details>\n
Run the nfs.yaml file on the control nodes of both clusters.
kubectl apply -f nfs.yaml\n
Check the status of the NFS Pod and wait for its status to become running (approximately 2 minutes).
kubectl get pod -n nfs-system -owide\n
Expected output
[root@g-master1 ~]# kubectl get pod -owide\nNAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES\nnfs-provisioner-7dfb9bcc45-74ws2 1/1 Running 0 4m45s 10.6.175.100 g-master1 <none> <none>\n
Prepare a PVC (Persistent Volume Claim) based on NFS storage for the MySQL application to store its data.
Use the command vi pvc.yaml to create a file named pvc.yaml on the node, and copy the following YAML content into the pvc.yaml file.
pvc.yaml
apiVersion: v1\nkind: PersistentVolumeClaim\nmetadata:\n name: mydata\n namespace: default\nspec:\n accessModes:\n - ReadWriteOnce\n resources:\n requests:\n storage: \"1Gi\"\n storageClassName: nfs\n volumeMode: Filesystem\n
Run the pvc.yaml file using the kubectl tool on the node.
kubectl apply -f pvc.yaml\n
Expected output
[root@g-master1 ~]# kubectl apply -f pvc.yaml\npersistentvolumeclaim/mydata created\n
Deploy the MySQL application.
Use the command vi mysql.yaml to create a file named mysql.yaml on the node, and copy the following YAML content into the mysql.yaml file.
mysql.yaml
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n labels:\n app: mysql-deploy\n name: mysql-deploy\n namespace: default\nspec:\n progressDeadlineSeconds: 600\n replicas: 1\n revisionHistoryLimit: 10\n selector:\n matchLabels:\n app: mysql-deploy\n strategy:\n rollingUpdate:\n maxSurge: 25%\n maxUnavailable: 25%\n type: RollingUpdate\n template:\n metadata:\n creationTimestamp: null\n labels:\n app: mysql-deploy\n name: mysql-deploy\n spec:\n containers:\n - args:\n - --ignore-db-dir=lost+found\n env:\n - name: MYSQL_ROOT_PASSWORD\n value: dangerous\n image: release.daocloud.io/velero/mysql:5\n imagePullPolicy: IfNotPresent\n name: mysql-deploy\n ports:\n - containerPort: 3306\n protocol: TCP\n resources:\n limits:\n cpu: \"1\"\n memory: \"4294967296\"\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n volumeMounts:\n - mountPath: /var/lib/mysql\n name: data\n dnsPolicy: ClusterFirst\n restartPolicy: Always\n schedulerName: default-scheduler\n securityContext:\n fsGroup: 999\n terminationGracePeriodSeconds: 30\n volumes:\n - name: data\n persistentVolumeClaim:\n claimName: mydata\n
Run the mysql.yaml file using the kubectl tool on the node.
kubectl apply -f mysql.yaml\n
Expected output
[root@g-master1 ~]# kubectl apply -f mysql.yaml\ndeployment.apps/mysql-deploy created\n
Check the status of the MySQL Pod.
Run kubectl get pod | grep mysql
to view the status of the MySQL Pod and wait for its status to become running (approximately 2 minutes).
Expected output
[root@g-master1 ~]# kubectl get pod |grep mysql\nmysql-deploy-5d6f94cb5c-gkrks 1/1 Running 0 2m53s\n
Note
Write data to the MySQL application.
To verify the success of the data migration later, you can use a script to write test data to the MySQL application.
Use the command vi insert.sh to create a script named insert.sh on the node, and copy the following content into the script.
insert.sh
#!/bin/bash\n\nfunction rand(){\n min=$1\n max=$(($2-$min+1))\n num=$(date +%s%N)\n echo $(($num%$max+$min))\n}\n\nfunction insert(){\n user=$(date +%s%N | md5sum | cut -c 1-9)\n age=$(rand 1 100)\n\n sql=\"INSERT INTO test.users(user_name, age)VALUES('${user}', ${age});\"\n echo -e ${sql}\n\n kubectl exec deploy/mysql-deploy -- mysql -uroot -pdangerous -e \"${sql}\"\n\n}\n\nkubectl exec deploy/mysql-deploy -- mysql -uroot -pdangerous -e \"CREATE DATABASE IF NOT EXISTS test;\"\nkubectl exec deploy/mysql-deploy -- mysql -uroot -pdangerous -e \"CREATE TABLE IF NOT EXISTS test.users(user_name VARCHAR(10) NOT NULL,age INT UNSIGNED)ENGINE=InnoDB DEFAULT CHARSET=utf8;\"\n\nwhile true;do\n insert\n sleep 1\ndone\n
Add permission to insert.sh and run this script.
[root@g-master1 ~]# chmod +x insert.sh\n[root@g-master1 ~]# ./insert.sh\n
Expected output
mysql: [Warning] Using a password on the command line interface can be insecure.\nmysql: [Warning] Using a password on the command line interface can be insecure.\nINSERT INTO test.users(user_name, age)VALUES('dc09195ba', 10);\nmysql: [Warning] Using a password on the command line interface can be insecure.\nINSERT INTO test.users(user_name, age)VALUES('80ab6aa28', 70);\nmysql: [Warning] Using a password on the command line interface can be insecure.\nINSERT INTO test.users(user_name, age)VALUES('f488e3d46', 23);\nmysql: [Warning] Using a password on the command line interface can be insecure.\nINSERT INTO test.users(user_name, age)VALUES('e6098695c', 93);\nmysql: [Warning] Using a password on the command line interface can be insecure.\nINSERT INTO test.users(user_name, age)VALUES('eda563e7d', 63);\nmysql: [Warning] Using a password on the command line interface can be insecure.\nINSERT INTO test.users(user_name, age)VALUES('a4d1b8d68', 17);\nmysql: [Warning] Using a password on the command line interface can be insecure.\n
Press Ctrl + C on the keyboard simultaneously to pause the script execution.
Go to the MySQL Pod and check the data written in MySQL.
kubectl exec deploy/mysql-deploy -- mysql -uroot -pdangerous -e \"SELECT * FROM test.users;\"\n
Expected output
[root@g-master1 ~]# kubectl exec deploy/mysql-deploy -- mysql -uroot -pdangerous -e \"SELECT * FROM test.users;\"\nmysql: [Warning] Using a password on the command line interface can be insecure.\nuser_name age\ndc09195ba 10\n80ab6aa28 70\nf488e3d46 23\ne6098695c 93\neda563e7d 63\na4d1b8d68 17\nea47546d9 86\na34311f2e 47\n740cefe17 33\nede85ea28 65\nb6d0d6a0e 46\nf0eb38e50 44\nc9d2f28f5 72\n8ddaafc6f 31\n3ae078d0e 23\n6e041631e 96\n
Note
The velero plugin needs to be installed on both the source and target clusters.
Refer to the Install Velero Plugin documentation and the MinIO configuration below to install the velero plugin on the main-cluster and recovery-cluster .
MinIO Server Address Bucket Username Password http://10.7.209.110:9000 mysql-demo root dangerousNote
When installing the plugin, replace S3url with the MinIO server address prepared for this demonstration, and replace the bucket with an existing bucket in MinIO.
"},{"location":"en/admin/kpanda/best-practice/backup-mysql-on-nfs.html#backup-mysql-application-and-data","title":"Backup MySQL Application and Data","text":"Add a unique label, backup=mysql , to the MySQL application and PVC data. This will facilitate resource selection during backup.
kubectl label deploy mysql-deploy backup=mysql # Add label to mysql-deploy\nkubectl label pod mysql-deploy-5d6f94cb5c-gkrks backup=mysql # Add label to mysql pod\nkubectl label pvc mydata backup=mysql # Add label to mysql pvc\n
Refer to the steps described in Application Backup and the parameters below to create an application backup.
Name: backup-mysql (can be customized)
Fill in the parameters based on the following instructions:
Name: restore-mysql (can be customized)
Log in to the control plane of recovery-cluster , check if mysql-deploy is successfully backed up in the current cluster.
kubectl get pod\n
Expected output\u5982\u4e0b\uff1a
NAME READY STATUS RESTARTS AGE\nmysql-deploy-5798f5d4b8-62k6c 1/1 Running 0 24h\n
Check if the data in MySQL datasheet is restored or not.
kubectl exec deploy/mysql-deploy -- mysql -uroot -pdangerous -e \"SELECT * FROM test.users;\"\n
Expected output is as follows\uff1a
[root@g-master1 ~]# kubectl exec deploy/mysql-deploy -- mysql -uroot -pdangerous -e \"SELECT * FROM test.users;\"\nmysql: [Warning] Using a password on the command line interface can be insecure.\nuser_name age\ndc09195ba 10\n80ab6aa28 70\nf488e3d46 23\ne6098695c 93\neda563e7d 63\na4d1b8d68 17\nea47546d9 86\na34311f2e 47\n740cefe17 33\nede85ea28 65\nb6d0d6a0e 46\nf0eb38e50 44\nc9d2f28f5 72\n8ddaafc6f 31\n3ae078d0e 23\n6e041631e 96\n
Success
As you can see, the data in the Pod is consistent with the data inside the Pods in the main-cluster . This indicates that the MySQL application and its data from the main-cluster have been successfully recovered to the recovery-cluster cluster.
This article explains how to create a RedHat 9.2 worker cluster on an existing CentOS management platform.
Note
This article only applies to the offline mode, using the AI platform to create a worker cluster. The architecture of the management platform and the cluster to be created are both AMD. When creating a cluster, heterogeneous deployment (mixing AMD and ARM) is not supported. After the cluster is created, you can use the method of connecting heterogeneous nodes to achieve mixed deployment and management of the cluster.
"},{"location":"en/admin/kpanda/best-practice/create-redhat9.2-on-centos-platform.html#prerequisites","title":"Prerequisites","text":"A AI platform full-mode has been deployed, and the spark node is still alive.
"},{"location":"en/admin/kpanda/best-practice/create-redhat9.2-on-centos-platform.html#download-and-import-redhat-offline-packages","title":"Download and Import RedHat Offline Packages","text":"Make sure you are logged into the spark node! And the clusterConfig.yaml file used when deploying AI platform is still available.
"},{"location":"en/admin/kpanda/best-practice/create-redhat9.2-on-centos-platform.html#download-the-relevant-redhat-offline-packages","title":"Download the Relevant RedHat Offline Packages","text":"Download the required RedHat OS package and ISO offline packages:
Resource Name Description Download Link os-pkgs-redhat9-v0.9.3.tar.gz RedHat9.2 OS-package package Download ISO Offline Package ISO package import script Go to RedHat Official Download Site import-iso ISO import script Download"},{"location":"en/admin/kpanda/best-practice/create-redhat9.2-on-centos-platform.html#import-the-os-package-to-the-minio-of-the-spark-node","title":"Import the OS Package to the MinIO of the Spark Node","text":"Extract the RedHat OS package
Execute the following command to extract the downloaded OS package. Here we download the RedHat OS package.
tar -xvf os-pkgs-redhat9-v0.9.3.tar.gz\n
The contents of the extracted OS package are as follows:
os-pkgs\n \u251c\u2500\u2500 import_ospkgs.sh # This script is used to import OS packages into the MinIO file service\n \u251c\u2500\u2500 os-pkgs-amd64.tar.gz # OS packages for the amd64 architecture\n \u251c\u2500\u2500 os-pkgs-arm64.tar.gz # OS packages for the arm64 architecture\n \u2514\u2500\u2500 os-pkgs.sha256sum.txt # sha256sum verification file of the OS packages\n
Import the OS Package to the MinIO of the Spark Node
Execute the following command to import the OS packages to the MinIO file service:
MINIO_USER=rootuser MINIO_PASS=rootpass123 ./import_ospkgs.sh http://127.0.0.1:9000 os-pkgs-redhat9-v0.9.3.tar.gz\n
Note
The above command is only applicable to the MinIO service built into the spark node. If an external MinIO is used, replace http://127.0.0.1:9000
with the access address of the external MinIO. \"rootuser\" and \"rootpass123\" are the default account and password of the MinIO service built into the spark node. \"os-pkgs-redhat9-v0.9.3.tar.gz\" is the name of the downloaded OS package offline package.
Execute the following command to import the ISO package to the MinIO file service:
MINIO_USER=rootuser MINIO_PASS=rootpass123 ./import_iso.sh http://127.0.0.1:9000 rhel-9.2-x86_64-dvd.iso\n
Note
The above command is only applicable to the MinIO service built into the spark node. If an external MinIO is used, replace http://127.0.0.1:9000
with the access address of the external MinIO. \"rootuser\" and \"rootpass123\" are the default account and password of the MinIO service built into the spark node. \"rhel-9.2-x86_64-dvd.iso\" is the name of the downloaded ISO offline package.
Refer to the document Creating a Worker Cluster to create a RedHat 9.2 cluster.
"},{"location":"en/admin/kpanda/best-practice/create-ubuntu-on-centos-platform.html","title":"Create an Ubuntu Worker Cluster on CentOS","text":"This page explains how to create an Ubuntu worker cluster on an existing CentOS.
Note
This page is specifically for the offline mode, using the AI platform to create a worker cluster, where both the CentOS platform and the worker cluster to be created are based on AMD architecture. Heterogeneous (mixed AMD and ARM) deployments are not supported during cluster creation; however, after the cluster is created, you can manage a mixed deployment by adding heterogeneous nodes.
"},{"location":"en/admin/kpanda/best-practice/create-ubuntu-on-centos-platform.html#prerequisite","title":"Prerequisite","text":"Please ensure you are logged into the bootstrap node! Also, make sure that the clusterConfig.yaml file used during the AI platform deployment is still available.
"},{"location":"en/admin/kpanda/best-practice/create-ubuntu-on-centos-platform.html#download-ubuntu-offline-packages","title":"Download Ubuntu Offline Packages","text":"Download the required Ubuntu OS packages and ISO offline packages:
Resource Name Description Download Link os-pkgs-ubuntu2204-v0.18.2.tar.gz Ubuntu 20.04 OS package https://github.com/kubean-io/kubean/releases/download/v0.18.2/os-pkgs-ubuntu2204-v0.18.2.tar.gz ISO Offline Package ISO Package http://mirrors.melbourne.co.uk/ubuntu-releases/"},{"location":"en/admin/kpanda/best-practice/create-ubuntu-on-centos-platform.html#create-cluster-on-ui","title":"Create Cluster on UI","text":"Refer to the documentation Creating a Worker Cluster to create the Ubuntu cluster.
"},{"location":"en/admin/kpanda/best-practice/etcd-backup.html","title":"etcd Backup and Restore","text":"Using the ETCD backup feature to create a backup policy, you can back up the etcd data of a specified cluster to S3 storage on a scheduled basis. This page focuses on how to restore the data that has been backed up to the current cluster.
Note
The following is a specific case to illustrate the whole process of backup and restore.
"},{"location":"en/admin/kpanda/best-practice/etcd-backup.html#environmental-information","title":"Environmental Information","text":"Begin with basic information about the target cluster and S3 storage for the restore. Here, MinIo is used as S3 storage, and the whole cluster has 3 control planes (3 etcd copies).
IP Host Role Remarks 10.6.212.10 host01 k8s-master01 k8s node 1 10.6.212.11 host02 k8s-master02 k8s node 2 10.6.212.12 host03 k8s-master03 k8s node 3 10.6.212.13 host04 minio minio service"},{"location":"en/admin/kpanda/best-practice/etcd-backup.html#prerequisites","title":"Prerequisites","text":""},{"location":"en/admin/kpanda/best-practice/etcd-backup.html#install-the-etcdbrctl-tool","title":"Install the etcdbrctl tool","text":"To implement ETCD data backup and restore, you need to install the etcdbrctl open source tool on any of the above k8s nodes. This tool does not have binary files for the time being and needs to be compiled by itself. Refer to the compilation mode.
After installation, use the following command to check whether the tool is available:
etcdbrctl -v\n
The expected output is as follows:
INFO[0000] etcd-backup-restore Version: v0.23.0-dev\nINFO[0000] Git SHA: b980beec\nINFO[0000] Go Version: go1.19.3\nINFO[0000] Go OS/Arch: linux/amd64\n
"},{"location":"en/admin/kpanda/best-practice/etcd-backup.html#check-the-backup-data","title":"Check the backup data","text":"You need to check the following before restoring:
Note
The backup of AI platform is a full data backup, and the full data of the last backup will be restored when restoring.
"},{"location":"en/admin/kpanda/best-practice/etcd-backup.html#shut-down-the-cluster","title":"Shut down the cluster","text":"Before backing up, the cluster must be shut down. The default clusters etcd and kube-apiserver are started as static pods. To close the cluster here means to move the static Pod manifest file out of the /etc/kubernetes/manifest directory, and the cluster will remove Pods to close the service.
First, delete the previous backup data. Removing the data does not delete the existing etcd data, but refers to modifying the name of the etcd data directory. Wait for the backup to be successfully restored before deleting this directory. The purpose of this is to also try to restore the current cluster if the etcd backup restore fails. This step needs to be performed for each node.
rm -rf /var/lib/etcd_bak\n
The service then needs to be shut down kube-apiserver to ensure that there are no new changes to the etcd data. This step needs to be performed for each node.
mv /etc/kubernetes/manifests/kube-apiserver.yaml /tmp/kube-apiserver.yaml\n
You also need to turn off the etcd service. This step needs to be performed for each node.
mv /etc/kubernetes/manifests/etcd.yaml /tmp/etcd.yaml\n
Ensure that all control plane kube-apiserver and etcd services are turned off.
After shutting down all the nodes, use the following command to check etcd the cluster status. This command can be executed at any node.
The endpoints value of needs to be replaced with the actual node name
etcdctl endpoint status --endpoints=controller-node-1:2379,controller-node-2:2379,controller-node-3:2379 -w table \\\n --cacert=\"/etc/kubernetes/ssl/etcd/ca.crt\" \\\n --cert=\"/etc/kubernetes/ssl/apiserver-etcd-client.crt\" \\\n --key=\"/etc/kubernetes/ssl/apiserver-etcd-client.key\"\n
The expected output is as follows, indicating that all etcd nodes have been destroyed:
{\"level\":\"warn\",\"ts\":\"2023-03-29T17:51:50.817+0800\",\"logger\":\"etcd-client\",\"caller\":\"v3@v3.5.6/retry_interceptor.go:62\",\"msg\":\"retrying of unary invoker failed\",\"target\":\"etcd-endpoints://0xc0001ba000/controller-node-1:2379\",\"attempt\":0,\"error\":\"rpc error: code = DeadlineExceeded desc = latest balancer error: last connection error: connection error: desc = \\\"transport: Error while dialing dial tcp 10.5.14.31:2379: connect: connection refused\\\"\"}\nFailed to get the status of endpoint controller-node-1:2379 (context deadline exceeded)\n{\"level\":\"warn\",\"ts\":\"2023-03-29T17:51:55.818+0800\",\"logger\":\"etcd-client\",\"caller\":\"v3@v3.5.6/retry_interceptor.go:62\",\"msg\":\"retrying of unary invoker failed\",\"target\":\"etcd-endpoints://0xc0001ba000/controller-node-2:2379\",\"attempt\":0,\"error\":\"rpc error: code = DeadlineExceeded desc = latest balancer error: last connection error: connection error: desc = \\\"transport: Error while dialing dial tcp 10.5.14.32:2379: connect: connection refused\\\"\"}\nFailed to get the status of endpoint controller-node-2:2379 (context deadline exceeded)\n{\"level\":\"warn\",\"ts\":\"2023-03-29T17:52:00.820+0800\",\"logger\":\"etcd-client\",\"caller\":\"v3@v3.5.6/retry_interceptor.go:62\",\"msg\":\"retrying of unary invoker failed\",\"target\":\"etcd-endpoints://0xc0001ba000/controller-node-1:2379\",\"attempt\":0,\"error\":\"rpc error: code = DeadlineExceeded desc = latest balancer error: last connection error: connection error: desc = \\\"transport: Error while dialing dial tcp 10.5.14.33:2379: connect: connection refused\\\"\"}\nFailed to get the status of endpoint controller-node-3:2379 (context deadline exceeded)\n+----------+----+---------+---------+-----------+------------+-----------+------------+--------------------+--------+\n| ENDPOINT | ID | VERSION | DB SIZE | IS LEADER | IS LEARNER | RAFT TERM | RAFT INDEX | RAFT APPLIED INDEX | ERRORS |\n+----------+----+---------+---------+-----------+------------+-----------+------------+--------------------+--------+\n+----------+----+---------+---------+-----------+------------+-----------+------------+--------------------+--------+\n
You only need to restore the data of one node, and the etcd data of other nodes will be automatically synchronized.
Set environment variables
Before restoring the data using etcdbrctl, run the following command to set the authentication information of the connection S3 as an environment variable:
export ECS_ENDPOINT=http://10.6.212.13:9000 # (1)\nexport ECS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE # (2)\nexport ECS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY # (3)\n
Perform the restore operation
Run the etcdbrctl command line tool to perform the restore, which is the most critical step.
etcdbrctl restore --data-dir /var/lib/etcd/ --store-container=\"etcd-backup\" \\ \n --storage-provider=ECS \\\n --initial-cluster=controller-node1=https://10.6.212.10:2380 \\\n --initial-advertise-peer-urls=https://10.6.212.10:2380 \n
The parameters are described as follows:
The expected output is as follows:
INFO[0000] Finding latest set of snapshot to recover from...\nINFO[0000] Restoring from base snapshot: Full-00000000-00111147-1679991074 actor=restorer\nINFO[0001] successfully fetched data of base snapshot in 1.241380207 seconds actor=restorer\n{\"level\":\"info\",\"ts\":1680011221.2511616,\"caller\":\"mvcc/kvstore.go:380\",\"msg\":\"restored last compact revision\",\"meta-bucket-name\":\"meta\",\"meta-bucket-name-key\":\"finishedCompactRev\",\"restored-compact-revision\":110327}\n{\"level\":\"info\",\"ts\":1680011221.3045986,\"caller\":\"membership/cluster.go:392\",\"msg\":\"added member\",\"cluster-id\":\"66638454b9dd7b8a\",\"local-member-id\":\"0\",\"added-peer-id\":\"123c2503a378fc46\",\"added-peer-peer-urls\":[\"https://10.6.212.10:2380\"]}\nINFO[0001] Starting embedded etcd server... actor=restorer\n\n....\n\n{\"level\":\"info\",\"ts\":\"2023-03-28T13:47:02.922Z\",\"caller\":\"embed/etcd.go:565\",\"msg\":\"stopped serving peer traffic\",\"address\":\"127.0.0.1:37161\"}\n{\"level\":\"info\",\"ts\":\"2023-03-28T13:47:02.922Z\",\"caller\":\"embed/etcd.go:367\",\"msg\":\"closed etcd server\",\"name\":\"default\",\"data-dir\":\"/var/lib/etcd\",\"advertise-peer-urls\":[\"http://localhost:0\"],\"advertise-client-urls\":[\"http://localhost:0\"]}\nINFO[0003] Successfully restored the etcd data directory.\n
!!! note \u201cYou can check the YAML file of etcd for comparison to avoid configuration errors\u201d
```shell\ncat /tmp/etcd.yaml | grep initial-\n- --experimental-initial-corrupt-check=true\n- --initial-advertise-peer-urls=https://10.6.212.10:2380\n- --initial-cluster=controller-node-1=https://10.6.212.10:2380\n```\n
The following command is executed on node 01 in order to restore the etcd service for node 01.
First, move the manifest file of etcd static Pod to the /etc/kubernetes/manifests directory, and kubelet will restart etcd:
mv /tmp/etcd.yaml /etc/kubernetes/manifests/etcd.yaml\n
Then wait for the etcd service to finish starting, and check the status of etcd. The default directory of etcd-related certificates is: /etc/kubernetes/ssl . If the cluster certificate is stored in another location, specify the proper path.
Check the etcd cluster list:
etcdctl member list -w table \\\n--cacert=\"/etc/kubernetes/ssl/etcd/ca.crt\" \\\n--cert=\"/etc/kubernetes/ssl/apiserver-etcd-client.crt\" \\\n--key=\"/etc/kubernetes/ssl/apiserver-etcd-client.key\" \n
The expected output is as follows:
+------------------+---------+-------------------+--------------------------+--------------------------+------------+\n| ID | STATUS | NAME | PEER ADDRS | CLIENT ADDRS | IS LEARNER |\n+------------------+---------+-------------------+--------------------------+--------------------------+------------+\n| 123c2503a378fc46 | started | controller-node-1 | https://10.6.212.10:2380 | https://10.6.212.10:2379 | false |\n+------------------+---------+-------------------+--------------------------+--------------------------+------------+\n
To view the status of controller-node-1:
etcdctl endpoint status --endpoints=controller-node-1:2379 -w table \\\n--cacert=\"/etc/kubernetes/ssl/etcd/ca.crt\" \\\n--cert=\"/etc/kubernetes/ssl/apiserver-etcd-client.crt\" \\\n--key=\"/etc/kubernetes/ssl/apiserver-etcd-client.key\"\n
The expected output is as follows:
+------------------------+------------------+---------+---------+-----------+------------+-----------+------------+--------------------+--------+\n| ENDPOINT | ID | VERSION | DB SIZE | IS LEADER | IS LEARNER | RAFT TERM | RAFT INDEX | RAFT APPLIED INDEX | ERRORS |\n+------------------------+------------------+---------+---------+-----------+------------+-----------+------------+--------------------+--------+\n| controller-node-1:2379 | 123c2503a378fc46 | 3.5.6 | 15 MB | true | false | 3 | 1200 | 1199 | |\n+------------------------+------------------+---------+---------+-----------+------------+-----------+------------+--------------------+--------+\n
Restore other node data
The above steps have restored the data of node 01. If you want to restore the data of other nodes, you only need to start the Pod of etcd and let etcd complete the data synchronization by itself.
Do the same at both node 02 and node 03:
mv /tmp/etcd.yaml /etc/kubernetes/manifests/etcd.yaml\n
Data synchronization between etcd member clusters takes some time. You can check the etcd cluster status to ensure that all etcd clusters are normal:
Check whether the etcd cluster status is normal:
etcdctl member list -w table \\\n--cacert=\"/etc/kubernetes/ssl/etcd/ca.crt\" \\\n--cert=\"/etc/kubernetes/ssl/apiserver-etcd-client.crt\" \\\n--key=\"/etc/kubernetes/ssl/apiserver-etcd-client.key\"\n
The expected output is as follows:
+------------------+---------+-------------------+-------------------------+-------------------------+------------+\n| ID | STATUS | NAME | PEER ADDRS | CLIENT ADDRS | IS LEARNER |\n+------------------+---------+-------------------+-------------------------+-------------------------+------------+\n| 6ea47110c5a87c03 | started | controller-node-1 | https://10.5.14.31:2380 | https://10.5.14.31:2379 | false |\n| e222e199f1e318c4 | started | controller-node-2 | https://10.5.14.32:2380 | https://10.5.14.32:2379 | false |\n| f64eeda321aabe2d | started | controller-node-3 | https://10.5.14.33:2380 | https://10.5.14.33:2379 | false |\n+------------------+---------+-------------------+-------------------------+-------------------------+------------+\n
Check whether the three member nodes are normal:
etcdctl endpoint status --endpoints=controller-node-1:2379,controller-node-2:2379,controller-node-3:2379 -w table \\\n--cacert=\"/etc/kubernetes/ssl/etcd/ca.crt\" \\\n--cert=\"/etc/kubernetes/ssl/apiserver-etcd-client.crt\" \\\n--key=\"/etc/kubernetes/ssl/apiserver-etcd-client.key\"\n
The expected output is as follows:
+------------------------+------------------+---------+---------+-----------+------------+-----------+------------+--------------------+--------+\n| ENDPOINT | ID | VERSION | DB SIZE | IS LEADER | IS LEARNER | RAFT TERM | RAFT INDEX | RAFT APPLIED INDEX | ERRORS |\n+------------------------+------------------+---------+---------+-----------+------------+-----------+------------+--------------------+--------+\n| controller-node-1:2379 | 6ea47110c5a87c03 | 3.5.6 | 88 MB | true | false | 6 | 199008 | 199008 | |\n| controller-node-2:2379 | e222e199f1e318c4 | 3.5.6 | 88 MB | false | false | 6 | 199114 | 199114 | |\n| controller-node-3:2379 | f64eeda321aabe2d | 3.5.6 | 88 MB | false | false | 6 | 199316 | 199316 | |\n+------------------------+------------------+---------+---------+-----------+------------+-----------+------------+--------------------+--------+\n
After the etcd data of all nodes are synchronized, the kube-apiserver can be restarted to restore the entire cluster to an accessible state:
Restart the kube-apiserver service for node1
mv /tmp/kube-apiserver.yaml /etc/kubernetes/manifests/kube-apiserver.yaml\n
Restart the kube-apiserver service for node2
mv /tmp/kube-apiserver.yaml /etc/kubernetes/manifests/kube-apiserver.yaml\n
Restart the kube-apiserver service for node3
mv /tmp/kube-apiserver.yaml /etc/kubernetes/manifests/kube-apiserver.yaml\n
After kubelet starts kube-apiserver, check whether the restored k8s data is normal:
kubectl get nodes\n
The expected output is as follows:
NAME STATUS ROLES AGE VERSION\ncontroller-node-1 Ready <none> 3h30m v1.25.4\ncontroller-node-3 Ready control-plane 3h29m v1.25.4\ncontroller-node-3 Ready control-plane 3h28m v1.25.4\n
In AI platform, when using the CIS Benchmark (CIS) scan on a work cluster created using the user interface, some scan items did not pass the scan. This article provides hardening instructions based on different versions of CIS Benchmark.
"},{"location":"en/admin/kpanda/best-practice/hardening-cluster.html#cis-benchmark-127","title":"CIS Benchmark 1.27","text":"Scan Environment:
[FAIL] 1.2.5 Ensure that the --kubelet-certificate-authority argument is set as appropriate (Automated)
Reason: CIS requires that kube-apiserver must specify the CA certificate path for kubelet:
[FAIL] 1.3.7 Ensure that the --bind-address argument is set to 127.0.0.1 (Automated)
Reason: CIS requires that kube-controller-manager's --bind-address=127.0.0.1
[FAIL] 1.4.1 Ensure that the --profiling argument is set to false (Automated)
Reason: CIS requires that kube-scheduler sets --profiling=false
[FAIL] 1.4.2 Ensure that the --bind-address argument is set to 127.0.0.1 (Automated)
Reason: CIS requires setting kube-scheduler's --bind-address=127.0.0.1
To address these security scan issues, kubespray has added default values in v2.22 to solve some of the problems. For more details, refer to the kubespray hardening documentation.
Add parameters by modifying the kubean var-config configuration file:
kubernetes_audit: true\nkube_controller_manager_bind_address: 127.0.0.1\nkube_scheduler_bind_address: 127.0.0.1\nkube_kubeadm_scheduler_extra_args:\n profiling: false\nkubelet_rotate_server_certificates: true\n
In AI platform, there is also a feature to configure advanced parameters through the user interface. Add custom parameters in the last step of cluster creation:
After setting the custom parameters, the following parameters are added to the var-config configmap in kubean:
Perform a scan after installing the cluster:
After the scan, all scan items passed the scan (WARN and INFO are counted as PASS). Note that this document only applies to CIS Benchmark 1.27, as CIS Benchmark is continuously updated.
"},{"location":"en/admin/kpanda/best-practice/kubean-low-version.html","title":"Deploy and Upgrade Compatible Versions of Kubean in Offline Scenarios","text":"In order to meet the customer's demand for building Kubernetes (K8s) clusters with lower versions, Kubean provides the capability to be compatible with lower versions and create K8s clusters with those versions.
Currently, the supported versions for self-built worker clusters range from 1.26.0-v1.28
. Refer to the AI platform Cluster Version Support System for more information.
This article will demonstrate how to deploy a K8s cluster with a lower version.
Note
Node environment used in the document:
Prepare a management cluster where kubean resides, and the current environment has deployed the podman
, skopeo
, and minio client
commands. If not supported, you can install the dependent components through the script, Installing Prerequisite Dependencies.
Go to kubean to view the released artifacts, and choose the specific artifact version based on the actual situation. The currently supported artifact versions and their proper cluster version ranges are as follows:
Artifact Version Cluster Range AI platform Support release-2.21 v1.23.0 ~ v1.25.6 Supported since installer v0.14.0 release-2.22 v1.24.0 ~ v1.26.9 Supported since installer v0.15.0 release-2.23 v1.25.0 ~ v1.27.7 Expected to support from installer v0.16.0This article demonstrates the offline deployment of a K8s cluster with version 1.23.0 and the offline upgrade of a K8s cluster from version 1.23.0 to 1.24.0, so we choose the artifact release-2.21
.
Import the spray-job image into the registry of the offline environment.
# Assuming the registry address in the bootstrap cluster is 172.30.41.200\nREGISTRY_ADDR=\"172.30.41.200\"\n\n# The image spray-job can use the accelerator address here, and the image address is determined based on the selected artifact version\nSPRAY_IMG_ADDR=\"ghcr.m.daocloud.io/kubean-io/spray-job:2.21-d6f688f\"\n\n# skopeo parameters\nSKOPEO_PARAMS=\" --insecure-policy -a --dest-tls-verify=false --retry-times=3 \"\n\n# Online environment: Export the spray-job image of version release-2.21 and transfer it to the offline environment\nskopeo copy docker://${SPRAY_IMG_ADDR} docker-archive:spray-job-2.21.tar\n\n# Offline environment: Import the spray-job image of version release-2.21 into the bootstrap registry\nskopeo copy ${SKOPEO_PARAMS} docker-archive:spray-job-2.21.tar docker://${REGISTRY_ADDR}/${SPRAY_IMG_ADDR}\n
"},{"location":"en/admin/kpanda/best-practice/kubean-low-version.html#create-offline-resources-for-the-earlier-versions-of-k8s","title":"Create Offline Resources for the Earlier Versions of K8s","text":"Prepare the manifest.yml file.
cat > \"manifest.yml\" <<EOF\nimage_arch:\n - \"amd64\" ## \"arm64\"\nkube_version: ## Fill in the cluster version according to the actual scenario\n - \"v1.23.0\"\n - \"v1.24.0\"\nEOF\n
Create the offline incremental package.
# Create the data directory\nmkdir data\n# Create the offline package\nAIRGAP_IMG_ADDR=\"ghcr.m.daocloud.io/kubean-io/airgap-patch:2.21-d6f688f\" # (1)\npodman run --rm -v $(pwd)/manifest.yml:/manifest.yml -v $(pwd)/data:/data -e ZONE=CN -e MODE=FULL ${AIRGAP_IMG_ADDR}\n
Import the offline images and binary packages for the proper K8s version.
# Import the binaries from the data directory to the minio in the bootstrap node\ncd ./data/amd64/files/\nMINIO_ADDR=\"http://172.30.41.200:9000\" # Replace IP with the actual repository url\nMINIO_USER=rootuser MINIO_PASS=rootpass123 ./import_files.sh ${MINIO_ADDR}\n\n# Import the images from the data directory to the image repository in the bootstrap node\ncd ./data/amd64/images/\nREGISTRY_ADDR=\"172.30.41.200\" ./import_images.sh # Replace IP with the actual repository url\n
Deploy the manifest
and localartifactset.cr.yaml
custom resources to the management cluster where kubean resides or the Global cluster. In this example, we use the Global cluster.
# Deploy the localArtifactSet resources in the data directory\ncd ./data\nkubectl apply -f data/localartifactset.cr.yaml\n\n# Download the manifest resources proper to release-2.21\nwget https://raw.githubusercontent.com/kubean-io/kubean-manifest/main/manifests/manifest-2.21-d6f688f.yml\n\n# Deploy the manifest resources proper to release-2.21\nkubectl apply -f manifest-2.21-d6f688f.yml\n
Go to Container Management and click the Create Cluster button on the Clusters page.
Choose the manifest
and localartifactset.cr.yaml
custom resources deployed cluster as the Managed
parameter. In this example, we use the Global cluster.
Refer to Creating a Cluster for the remaining parameters.
Select the newly created cluster and go to the details page.
Click Cluster Operations in the left navigation bar, then click Cluster Upgrade on the top right of the page.
Select the available cluster for upgrade.
This page explains how to add ARM architecture nodes with Kylin v10 sp2 operating system to an AMD architecture worker cluster with CentOS 7.9 operating system.
Note
This page is only applicable to adding heterogeneous nodes to a worker cluster created using the AI platform in offline mode, excluding connected clusters.
"},{"location":"en/admin/kpanda/best-practice/multi-arch.html#prerequisites","title":"Prerequisites","text":"Take ARM architecture and Kylin v10 sp2 operating system as examples.
Make sure you are logged into the bootstrap node! Also, make sure the clusterConfig.yaml file used during the AI platform deployment is available.
"},{"location":"en/admin/kpanda/best-practice/multi-arch.html#offline-image-package","title":"Offline Image Package","text":"CPU Architecture Version Download Link AMD64 v0.18.0 https://qiniu-download-public.daocloud.io/DaoCloud_Enterprise/dce5/offline-v0.18.0-amd64.tar ARM64 v0.18.0 https://qiniu-download-public.daocloud.io/DaoCloud_Enterprise/dce5/offline-v0.18.0-arm64.tarAfter downloading, extract the offline package:
tar -xvf offline-v0.18.0-arm64.tar\n
"},{"location":"en/admin/kpanda/best-practice/multi-arch.html#iso-offline-package-kylin-v10-sp2","title":"ISO Offline Package (Kylin v10 sp2)","text":"CPU Architecture Operating System Version Download Link ARM64 Kylin Linux Advanced Server release V10 (Sword) SP2 https://www.kylinos.cn/support/trial.html Note
Kylin operating system requires personal information to be provided for downloading and usage. Select V10 (Sword) SP2 when downloading.
"},{"location":"en/admin/kpanda/best-practice/multi-arch.html#ospackage-offline-package-kylin-v10-sp2","title":"osPackage Offline Package (Kylin v10 sp2)","text":"The Kubean project provides osPackage offline packages for different operating systems. Visit https://github.com/kubean-io/kubean/releases to view the available packages.
Operating System Version Download Link Kylin Linux Advanced Server release V10 (Sword) SP2 https://github.com/kubean-io/kubean/releases/download/v0.16.3/os-pkgs-kylinv10-v0.16.3.tar.gzNote
Check the specific version of the osPackage offline package in the offline/sample/clusterConfig.yaml file of the offline image package.
"},{"location":"en/admin/kpanda/best-practice/multi-arch.html#import-offline-packages-to-the-bootstrap-node","title":"Import Offline Packages to the Bootstrap Node","text":"Run the import-artifact command:
./offline/dce5-installer import-artifact -c clusterConfig.yaml \\\n --offline-path=/root/offline \\\n --iso-path=/root/Kylin-Server-10-SP2-aarch64-Release-Build09-20210524.iso \\\n --os-pkgs-path=/root/os-pkgs-kylinv10-v0.7.4.tar.gz\n
Note
Parameter Explanation:
After a successful import command execution, the offline package will be uploaded to Minio on the bootstrap node.
"},{"location":"en/admin/kpanda/best-practice/multi-arch.html#add-heterogeneous-worker-nodes","title":"Add Heterogeneous Worker Nodes","text":"Make sure you are logged into the management node of the AI platform Global Service Cluster.
"},{"location":"en/admin/kpanda/best-practice/multi-arch.html#modify-the-host-manifest","title":"Modify the Host Manifest","text":"Here is an example of host manifest:
Before adding a nodeAfter adding a nodeapiVersion: v1\nkind: ConfigMap\nmetadata:\n name: ${cluster-name}-hosts-conf\n namespace: kubean-system\ndata:\n hosts.yml: |\n all:\n children:\n etcd:\n hosts:\n centos-master:\n k8s_cluster:\n children:\n kube_control_plane:\n kube_node:\n kube_control_plane:\n hosts:\n centos-master:\n kube_node:\n hosts:\n centos-master:\n hosts:\n centos-master:\n ip: 10.5.14.122\n access_ip: 10.5.14.122\n ansible_host: 10.5.14.122\n ansible_connection: ssh\n ansible_user: root\n ansible_ssh_pass: ******\n
apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: ${cluster-name}-hosts-conf\n namespace: kubean-system\ndata:\n hosts.yml: |\n all:\n hosts:\n centos-master:\n ip: 10.5.14.122\n access_ip: 10.5.14.122\n ansible_host: 10.5.14.122\n ansible_connection: ssh\n ansible_user: root\n ansible_ssh_pass: ******\n # Add heterogeneous nodes\n kylin-worker:\n ip: 10.5.10.220\n access_ip: 10.5.10.220\n ansible_host: 10.5.10.220\n ansible_connection: ssh\n ansible_user: root\n ansible_ssh_pass: dangerous@2022\n children:\n kube_control_plane:\n hosts:\n - centos-master\n kube_node:\n hosts:\n - centos-master\n - kylin-worker # Add the name of heterogeneous node\n etcd:\n hosts:\n - centos-master\n k8s_cluster:\n children:\n - kube_control_plane\n - kube_node\n
To add information about the newly added worker nodes according to the above comments:
kubectl edit cm ${cluster-name}-hosts-conf -n kubean-system\n
"},{"location":"en/admin/kpanda/best-practice/multi-arch.html#add-expansion-tasks-through-clusteroperationyml","title":"Add Expansion Tasks through ClusterOperation.yml","text":"Example:
ClusterOperation.ymlapiVersion: kubean.io/v1alpha1\nkind: ClusterOperation\nmetadata:\n name: add-worker-node\nspec:\n cluster: ${cluster-name} # Specify cluster name\n image: ghcr.m.daocloud.io/kubean-io/spray-job:v0.5.0\n backoffLimit: 0\n actionType: playbook\n action: scale.yml\n extraArgs: --limit=kylin-worker\n preHook:\n - actionType: playbook\n action: ping.yml\n - actionType: playbook\n action: disable-firewalld.yml\n - actionType: playbook\n action: enable-repo.yml\n extraArgs: |\n -e \"{repo_list: [\"http://10.5.14.30:9000/kubean/kylin-iso/\\$releasever/os/\\$basearch\",\"http://10.5.14.30:9000/kubean/kylin/\\$releasever/os/\\$basearch\"]}\"\n postHook:\n - actionType: playbook\n action: cluster-info.yml\n
Note
To create and deploy join-node-ops.yaml according to the above configuration:
vi join-node-ops.yaml\nkubectl apply -f join-node-ops.yaml -n kubean-system\n
"},{"location":"en/admin/kpanda/best-practice/multi-arch.html#check-the-status-of-the-task-execution","title":"Check the status of the task execution","text":"kubectl -n kubean-system get pod | grep add-worker-node\n
To check the progress of the scaling task, you can view the logs of the proper pod.
"},{"location":"en/admin/kpanda/best-practice/multi-arch.html#verify-in-ui","title":"Verify in UI","text":"Go to Container Management -> Clusters -> Nodes .
Click the newly added node to view details.
This page will take a highly available three-master-node worker cluster as an example. When the first master node of the worker cluster fails or malfunctions, how to replace or reintroduce the first master node.
This page features a highly available cluster with three master nodes.
Assuming node1 is down, the following steps will explain how to reintroduce the recovered node1 back into the worker cluster.
"},{"location":"en/admin/kpanda/best-practice/replace-first-master-node.html#preparations","title":"Preparations","text":"Before performing the replacement operation, first obtain basic information about the cluster resources, which will be used when modifying related configurations.
Note
The following commands to obtain cluster resource information are executed in the management cluster.
Get the cluster name
Run the following command to find the clusters.kubean.io
resource proper to the cluster:
# For example, if the resource name of clusters.kubean.io is cluster-mini-1\n# Get the name of the cluster\nCLUSTER_NAME=$(kubectl get clusters.kubean.io cluster-mini-1 -o=jsonpath=\"{.metadata.name}{'\\n'}\")\n
Get the host list configmap of the cluster
kubectl get clusters.kubean.io cluster-mini-1 -o=jsonpath=\"{.spec.hostsConfRef}{'\\n'}\"\n{\"name\":\"mini-1-hosts-conf\",\"namespace\":\"kubean-system\"}\n
Get the configuration parameters configmap of the cluster
kubectl get clusters.kubean.io cluster-mini-1 -o=jsonpath=\"{.spec.varsConfRef}{'\\n'}\"\n{\"name\":\"mini-1-vars-conf\",\"namespace\":\"kubean-system\"}\n
Adjust the order of control plane nodes
Reset the node1 node to restore it to the state before installing the cluster (or use a new node), maintaining the network connectivity of the node1 node.
Adjust the order of the node1 node in the kube_control_plane, kube_node, and etcd sections in the host list (node1/node2/node3 -> node2/node3/node1):
function change_control_plane_order() {\n cat << EOF | kubectl apply -f -\n---\napiVersion: v1\nkind: ConfigMap\nmetadata:\n name: mini-1-hosts-conf\n namespace: kubean-system\ndata:\n hosts.yml: |\n all:\n hosts:\n node1:\n ip: \"172.30.41.161\"\n access_ip: \"172.30.41.161\"\n ansible_host: \"172.30.41.161\"\n ansible_connection: ssh\n ansible_user: root\n ansible_password: dangerous\n node2:\n ip: \"172.30.41.162\"\n access_ip: \"172.30.41.162\"\n ansible_host: \"172.30.41.162\"\n ansible_connection: ssh\n ansible_user: root\n ansible_password: dangerous\n node3:\n ip: \"172.30.41.163\"\n access_ip: \"172.30.41.163\"\n ansible_host: \"172.30.41.163\"\n ansible_connection: ssh\n ansible_user: root\n ansible_password: dangerous\n children:\n kube_control_plane:\n hosts:\n node2:\n node3:\n node1:\n kube_node:\n hosts:\n node2:\n node3:\n node1:\n etcd:\n hosts:\n node2:\n node3:\n node1:\n k8s_cluster:\n children:\n kube_control_plane:\n kube_node:\n calico_rr:\n hosts: {}\nEOF\n}\n\nchange_control_plane_order\n
Remove the first master node in an abnormal state
After adjusting the order of nodes in the host list, remove the node1 in an abnormal state of the K8s control plane.
Note
If node1 is offline or malfunctioning, the following ConfigMaps must be added to extraArgs, you need not to add them when node1 is online.
reset_nodes=false # Skip resetting node operation\nallow_ungraceful_removal=true # Allow ungraceful removal operation\n
# Image spray-job can use an accelerator address here\n\nSPRAY_IMG_ADDR=\"ghcr.m.daocloud.io/kubean-io/spray-job\"\nSPRAY_RLS_2_22_TAG=\"2.22-336b323\"\nKUBE_VERSION=\"v1.24.14\"\nCLUSTER_NAME=\"cluster-mini-1\"\nREMOVE_NODE_NAME=\"node1\"\n\ncat << EOF | kubectl apply -f -\n---\napiVersion: kubean.io/v1alpha1\nkind: ClusterOperation\nmetadata:\n name: cluster-mini-1-remove-node-ops\nspec:\n cluster: ${CLUSTER_NAME}\n image: ${SPRAY_IMG_ADDR}:${SPRAY_RLS_2_22_TAG}\n actionType: playbook\n action: remove-node.yml\n extraArgs: -e node=${REMOVE_NODE_NAME} -e reset_nodes=false -e allow_ungraceful_removal=true -e kube_version=${KUBE_VERSION}\n postHook:\n - actionType: playbook\n action: cluster-info.yml\nEOF\n
Manually modify the cluster configuration, edit and update cluster-info
# Edit cluster-info\nkubectl -n kube-public edit cm cluster-info\n\n# 1. If the ca.crt certificate is updated, the content of the certificate-authority-data field needs to be updated\n# View the base64 encoding of the ca certificate:\ncat /etc/kubernetes/ssl/ca.crt | base64 | tr -d '\\n'\n\n# 2. Change the IP address in the server field to the new first master IP, this document will use the IP address of node2, 172.30.41.162\n
Manually modify the cluster configuration, edit and update kubeadm-config
# Edit kubeadm-config\nkubectl -n kube-system edit cm kubeadm-config\n\n# Change controlPlaneEndpoint to the new first master IP,\n# this document will use the IP address of node2, 172.30.41.162\n
Scale up the master node and update the cluster
Note
--limit
to limit the update operation to only affect the etcd and kube_control_plane node groups.cat << EOF | kubectl apply -f -\n---\napiVersion: kubean.io/v1alpha1\nkind: ClusterOperation\nmetadata:\n name: cluster-mini-1-update-cluster-ops\nspec:\n cluster: ${CLUSTER_NAME}\n image: ${SPRAY_IMG_ADDR}:${SPRAY_RLS_2_22_TAG}\n actionType: playbook\n action: cluster.yml\n extraArgs: --limit=etcd,kube_control_plane -e kube_version=${KUBE_VERSION}\n preHook:\n - actionType: playbook\n action: enable-repo.yml # This yaml needs to be added in an offline environment,\n # and set the correct repo-list (install operating system packages),\n # the following parameter values are for reference only\n extraArgs: |\n -e \"{repo_list: ['http://172.30.41.0:9000/kubean/centos/\\$releasever/os/\\$basearch','http://172.30.41.0:9000/kubean/centos-iso/\\$releasever/os/\\$basearch']}\"\n postHook:\n - actionType: playbook\n action: cluster-info.yml\nEOF\n
Now, you completed the replacement of the first Master node.
"},{"location":"en/admin/kpanda/best-practice/update-offline-cluster.html","title":"Offline Deployment/Upgrade Guide for Worker Clusters","text":"Note
This document is specifically designed for deploying or upgrading the Kubernetes version of worker clusters created on the AI platform in offline mode. It does not cover the deployment or upgrade of other Kubernetes components.
This guide is applicable to the following offline scenarios:
The overall approach is as follows:
Note
For a list of currently supported offline Kubernetes versions, refer to the list of Kubernetes versions supported by Kubean.
"},{"location":"en/admin/kpanda/best-practice/update-offline-cluster.html#building-the-offline-package-on-an-integrated-node","title":"Building the Offline Package on an Integrated Node","text":"Since the offline environment cannot connect to the internet, you need to prepare an integrated node in advance to build the incremental offline package and start Docker or Podman services on this node.
Check the status of the Docker service on the integrated node.
ps aux | grep docker\n
You should see output similar to the following:
root 12341 0.5 0.2 654372 26736 ? Ssl 23:45 0:00 /usr/bin/docked\nroot 12351 0.2 0.1 625080 13740 ? Ssl 23:45 0:00 docker-containerd --config /var/run/docker/containerd/containerd.toml\nroot 13024 0.0 0.0 112824 980 pts/0 S+ 23:45 0:00 grep --color=auto docker\n
Create a file named manifest.yaml in the /root directory of the integrated node with the following command:
vi manifest.yaml\n
The content of manifest.yaml should be as follows:
manifest.yamlimage_arch:\n- \"amd64\"\nkube_version: # Specify the version of the cluster to be upgraded\n- \"v1.28.0\"\n
Create a folder named /data in the /root directory to store the incremental offline package.
mkdir data\n
Run the following command to generate the offline package using the kubean airgap-patch
image. Make sure the tag of the airgap-patch
image matches the Kubean version, and that the Kubean version covers the Kubernetes version you wish to upgrade.
# Assuming the Kubean version is v0.13.9\ndocker run --rm -v $(pwd)/manifest.yaml:/manifest.yaml -v $(pwd)/data:/data ghcr.m.daocloud.io/kubean-io/airgap-patch:v0.13.9\n
After the Docker service completes running, check the files in the /data folder. The folder structure should look like this:
data\n\u251c\u2500\u2500 amd64\n\u2502 \u251c\u2500\u2500 files\n\u2502 \u2502 \u251c\u2500\u2500 import_files.sh\n\u2502 \u2502 \u2514\u2500\u2500 offline-files.tar.gz\n\u2502 \u251c\u2500\u2500 images\n\u2502 \u2502 \u251c\u2500\u2500 import_images.sh\n\u2502 \u2502 \u2514\u2500\u2500 offline-images.tar.gz\n\u2502 \u2514\u2500\u2500 os-pkgs\n\u2502 \u2514\u2500\u2500 import_ospkgs.sh\n\u2514\u2500\u2500 localartifactset.cr.yaml\n
Copy the /data files from the integrated node to the /root directory of the bootstrap node. On the integrated node , run the following command:
scp -r data root@x.x.x.x:/root\n
Replace x.x.x.x
with the IP address of the bootstrap node.
On the bootstrap node, copy the image files in the /data folder to the built-in Docker registry of the bootstrap node. After logging into the bootstrap node, run the following commands:
Navigate to the directory where the image files are located.
cd data/amd64/images\n
Run the import_images.sh script to import the images into the built-in Docker Registry of the bootstrap node.
REGISTRY_ADDR=\"127.0.0.1\" ./import_images.sh\n
Note
The above command is only applicable to the built-in Docker Registry of the bootstrap node. If you are using an external registry, use the following command:
REGISTRY_SCHEME=https REGISTRY_ADDR=${registry_address} REGISTRY_USER=${username} REGISTRY_PASS=${password} ./import_images.sh\n
On the bootstrap node, copy the binary files in the /data folder to the built-in Minio service of the bootstrap node.
Navigate to the directory where the binary files are located.
cd data/amd64/files/\n
Run the import_files.sh script to import the binary files into the built-in Minio service of the bootstrap node.
MINIO_USER=rootuser MINIO_PASS=rootpass123 ./import_files.sh http://127.0.0.1:9000\n
Note
The above command is only applicable to the built-in Minio service of the bootstrap node. If you are using an external Minio, replace http://127.0.0.1:9000
with the access address of the external Minio. \"rootuser\" and \"rootpass123\" are the default account and password for the built-in Minio service of the bootstrap node.
Run the following command on the bootstrap node to deploy the localartifactset
resource to the global service cluster:
kubectl apply -f data/kubeanofflineversion.cr.patch.yaml\n
"},{"location":"en/admin/kpanda/best-practice/update-offline-cluster.html#next-steps","title":"Next Steps","text":"Log into the AI platform UI management interface to continue with the following actions:
Refer to the Creating Cluster Documentation to create a worker cluster, where you can select the incremental version of Kubernetes.
Refer to the Upgrading Cluster Documentation to upgrade your self-built worker cluster.
This document outlines how to create a worker cluster on an unsupported OS in offline mode.
The main process for creating a worker cluster on an unsupported OS in offline mode is illustrated in the diagram below:
Next, we will use the openAnolis operating system as an example to demonstrate how to create a cluster on a non-mainstream operating system.
"},{"location":"en/admin/kpanda/best-practice/use-otherlinux-create-custer.html#prerequisites","title":"Prerequisites","text":"Find an online environment with the same architecture and OS as the nodes in the target cluster. In this example, we will use AnolisOS 8.8 GA. Run the following command to generate an offline os-pkgs package:
# Download relevant scripts and build os packages package\n$ curl -Lo ./pkgs.yml https://raw.githubusercontent.com/kubean-io/kubean/main/build/os-packages/others/pkgs.yml\n$ curl -Lo ./other_os_pkgs.sh https://raw.githubusercontent.com/kubean-io/kubean/main/build/os-packages/others/other_os_pkgs.sh && chmod +x other_os_pkgs.sh\n$ ./other_os_pkgs.sh build # Build the offline package\n
After executing the above command, you should have a compressed package named os-pkgs-anolis-8.8.tar.gz in the current directory. The file structure in the current directory should look like this:
.\n \u251c\u2500\u2500 other_os_pkgs.sh\n \u251c\u2500\u2500 pkgs.yml\n \u2514\u2500\u2500 os-pkgs-anolis-8.8.tar.gz\n
"},{"location":"en/admin/kpanda/best-practice/use-otherlinux-create-custer.html#offline-node-installing-the-offline-package","title":"Offline Node - Installing the Offline Package","text":"Copy the three files generated on the online node ( other_os_pkgs.sh , pkgs.yml , and os-pkgs-anolis-8.8.tar.gz ) to all nodes in the target cluster in the offline environment.
Login to any one of the nodes in the offline environment that is part of the target cluster, and run the following command to install the os-pkg package on the node:
# Configure environment variables\n$ export PKGS_YML_PATH=/root/workspace/os-pkgs/pkgs.yml # Path to the pkgs.yml file on the current offline node\n$ export PKGS_TAR_PATH=/root/workspace/os-pkgs/os-pkgs-anolis-8.8.tar.gz # Path to the os-pkgs-anolis-8.8.tar.gz file on the current offline node\n$ export SSH_USER=root # Username for the current offline node\n$ export SSH_PASS=dangerous # Password for the current offline node\n$ export HOST_IPS='172.30.41.168' # IP address of the current offline node\n$ ./other_os_pkgs.sh install # Install the offline package\n
After executing the above command, wait for the interface to prompt: All packages for node (X.X.X.X) have been installed , which indicates that the installation is complete.
"},{"location":"en/admin/kpanda/best-practice/use-otherlinux-create-custer.html#go-to-the-user-interface-to-create-cluster","title":"Go to the User Interface to Create Cluster","text":"Refer to the documentation on Creating a Worker Cluster to create an openAnolis cluster.
"},{"location":"en/admin/kpanda/clusterops/cluster-oversold.html","title":"Dynamic Resource Overprovision in the Cluster","text":"Currently, many businesses experience peaks and valleys in demand. To ensure service performance and stability, resources are typically allocated based on peak demand when deploying services. However, peak periods may be very short, resulting in resource waste during off-peak times. Cluster resource overprovision utilizes these allocated but unused resources (i.e., the difference between allocation and usage) to enhance cluster resource utilization and reduce waste.
This article mainly introduces how to use the cluster dynamic resource overprovision feature.
"},{"location":"en/admin/kpanda/clusterops/cluster-oversold.html#prerequisites","title":"Prerequisites","text":"click Clusters in the left navigation bar, then clickthe name of the target cluster to enter the Cluster Details page.
On the cluster details page, click Cluster Operations -> Cluster Settings in the left navigation bar, then select the Advanced Configuration tab.
Enable cluster overprovision and set the overprovision ratio.
Note
The proper namespace in the cluster must have the following label applied for the cluster overprovision policy to take effect.
clusterresourceoverrides.admission.autoscaling.openshift.io/enabled: \"true\"\n
Once the cluster dynamic resource overprovision ratio is set, it will take effect while workloads are running. The following example uses nginx to validate the use of resource overprovision capabilities.
Create a workload (nginx) and set the proper resource limits. For the creation process, refer to Creating Stateless Workloads (Deployment).
Check whether the ratio of the Pod's resource requests to limits meets the overprovision ratio.
Cluster settings are used to customize advanced feature settings for your cluster, including whether to enable GPU, helm repo refresh cycle, Helm operation record retention, etc.
Enable GPU: GPUs and proper driver plug-ins need to be installed on the cluster in advance.
Click the name of the target cluster, and click Operations and Maintenance -> Cluster Settings -> Addons in the left navigation bar.
Helm operation basic image, registry refresh cycle, number of operation records retained, whether to enable cluster deletion protection (the cluster cannot be uninstalled directly after enabling)
On this page, you can view the recent cluster operation records and Helm operation records, as well as the YAML files and logs of each operation, and you can also delete a certain record.
Set the number of reserved entries for Helm operations:
By default, the system keeps the last 100 Helm operation records. If you keep too many entries, it may cause data redundancy, and if you keep too few entries, you may lose the key operation records you need. A reasonable reserved quantity needs to be set according to the actual situation. Specific steps are as follows:
Click the name of the target cluster, and click Recent Operations -> Helm Operations -> Set Number of Retained Items in the left navigation bar.
Set how many Helm operation records need to be kept, and click OK .
Clusters integrated or created using the AI platform Container Management platform can be accessed not only through the UI interface but also in two other ways for access control:
Note
When accessing the cluster, the user should have Cluster Admin permission or higher.
"},{"location":"en/admin/kpanda/clusters/access-cluster.html#access-via-cloudshell","title":"Access via CloudShell","text":"Enter Clusters page, select the cluster you want to access via CloudShell, click the ... icon on the right, and then click Console from the dropdown list.
Run kubectl get node command in the Console to verify the connectivity between CloudShell and the cluster. If the console returns node information of the cluster, you can access and manage the cluster through CloudShell.
If you want to access and manage remote clusters from a local node, make sure you have met these prerequisites:
If everything is in place, follow these steps to access a cloud cluster from your local environment.
Enter Clusters page, find your target cluster, click ... on the right, and select Download kubeconfig in the drop-down list.
Set the Kubeconfig period and click Download .
Open the downloaded certificate and copy its content to the config file of the local node.
By default, the kubectl tool will look for a file named config in the $HOME/.kube directory on the local node. This file stores access credentials of clusters. Kubectl can access the cluster with that configuration file.
Run the following command on the local node to verify its connectivity with the cluster:
kubectl get pod -n default\n
An expected output is as follows:
NAME READY STATUS RESTARTS AGE\ndao-2048-2048-58c7f7fc5-mq7h4 1/1 Running 0 30h\n
Now you can access and manage the cluster locally with kubectl.
"},{"location":"en/admin/kpanda/clusters/cluster-role.html","title":"Cluster Roles","text":"Suanova AI platform categorizes clusters based on different functionalities to help users better manage IT infrastructure.
"},{"location":"en/admin/kpanda/clusters/cluster-role.html#global-service-cluster","title":"Global Service Cluster","text":"This cluster is used to run AI platform components such as Container Management, Global Management, Insight. It generally does not carry business workloads.
Supported Features Description K8s Version 1.22+ Operating System RedHat 7.6 x86/ARM, RedHat 7.9 x86, RedHat 8.4 x86/ARM, RedHat 8.6 x86;Ubuntu 18.04 x86, Ubuntu 20.04 x86;CentOS 7.6 x86/AMD, CentOS 7.9 x86/AMD Full Lifecycle Management Supported K8s Resource Management Supported Cloud Native Storage Supported Cloud Native Network Calico, Cillium, Multus, and other CNIs Policy Management Supports network policies, quota policies, resource limits, disaster recovery policies, security policies"},{"location":"en/admin/kpanda/clusters/cluster-role.html#management-cluster","title":"Management Cluster","text":"This cluster is used to manage worker clusters and generally does not carry business workloads.
Supported Features Description K8s Version 1.22+ Operating System RedHat 7.6 x86/ARM, RedHat 7.9 x86, RedHat 8.4 x86/ARM, RedHat 8.6 x86;Ubuntu 18.04 x86, Ubuntu 20.04 x86;CentOS 7.6 x86/AMD, CentOS 7.9 x86/AMD Full Lifecycle Management Supported K8s Resource Management Supported Cloud Native Storage Supported Cloud Native Network Calico, Cillium, Multus, and other CNIs Policy Management Supports network policies, quota policies, resource limits, disaster recovery policies, security policies"},{"location":"en/admin/kpanda/clusters/cluster-role.html#worker-cluster","title":"Worker Cluster","text":"This is a cluster created using Container Management and is mainly used to carry business workloads. This cluster is managed by the management cluster.
Supported Features Description K8s Version Supports K8s 1.22 and above Operating System RedHat 7.6 x86/ARM, RedHat 7.9 x86, RedHat 8.4 x86/ARM, RedHat 8.6 x86;Ubuntu 18.04 x86, Ubuntu 20.04 x86;CentOS 7.6 x86/AMD, CentOS 7.9 x86/AMD Full Lifecycle Management Supported K8s Resource Management Supported Cloud Native Storage Supported Cloud Native Network Calico, Cillium, Multus, and other CNIs Policy Management Supports network policies, quota policies, resource limits, disaster recovery policies, security policies"},{"location":"en/admin/kpanda/clusters/cluster-role.html#integrated-cluster","title":"Integrated Cluster","text":"This cluster is used to integrate existing standard K8s clusters, including but not limited to self-built clusters in local data centers, clusters provided by public cloud vendors, clusters provided by private cloud vendors, edge clusters, Xinchuang clusters, heterogeneous clusters, and different Suanova clusters. It is mainly used to carry business workloads.
Supported Features Description K8s Version 1.18+ Supported Vendors VMware Tanzu, Amazon EKS, Redhat Openshift, SUSE Rancher, Alibaba ACK, Huawei CCE, Tencent TKE, Standard K8s Cluster, Suanova Full Lifecycle Management Not Supported K8s Resource Management Supported Cloud Native Storage Supported Cloud Native Network Depends on the network mode of the integrated cluster's kernel Policy Management Supports network policies, quota policies, resource limits, disaster recovery policies, security policiesNote
A cluster can have multiple cluster roles. For example, a cluster can be both a global service cluster and a management cluster or a worker cluster.
"},{"location":"en/admin/kpanda/clusters/cluster-scheduler-plugin.html","title":"Deploy Second Scheduler scheduler-plugins in a Cluster","text":"This page describes how to deploy a second scheduler-plugins in a cluster.
"},{"location":"en/admin/kpanda/clusters/cluster-scheduler-plugin.html#why-do-we-need-scheduler-plugins","title":"Why do we need scheduler-plugins?","text":"The cluster created through the platform will install the native K8s scheduler-plugin, but the native scheduler-plugin has many limitations:
This page takes the scenario of using the vgpu scheduler-plugin while combining the coscheduling plugin capability of scheduler-plugins as an example to introduce how to install and use scheduler-plugins.
"},{"location":"en/admin/kpanda/clusters/cluster-scheduler-plugin.html#installing-scheduler-plugins","title":"Installing scheduler-plugins","text":""},{"location":"en/admin/kpanda/clusters/cluster-scheduler-plugin.html#prerequisites","title":"Prerequisites","text":"Add the scheduler-plugins parameter in Create Cluster -> Advanced Settings -> Custom Parameters.
scheduler_plugins_enabled:true\nscheduler_plugins_plugin_config:\n - name: Coscheduling\n args:\n permitWaitingTimeSeconds: 10 # default is 60\n
Parameters:
scheduler_plugins_enabled
Set to true to enable the scheduler-plugins capability.scheduler_plugins_enabled_plugins
or scheduler_plugins_disabled_plugins
options. See K8s Official Plugin Names for reference.scheduler_plugins_plugin_config
, for example: set the permitWaitingTimeoutSeconds
parameter for coscheduling. See K8s Official Plugin Configuration for reference.After successful cluster creation, the system will automatically install the scheduler-plugins and controller component loads. You can check the workload status in the proper cluster's deployment.
Here is an example of how to use scheduler-plugins by demonstrating a scenario where the vgpu scheduler is used in combination with the coscheduling plugin capability of scheduler-plugins.
Install vgpu in the Helm Charts and set the values.yaml parameters.
schedulerName: scheduler-plugins-scheduler
: This is the scheduler name for scheduler-plugins installed by kubean, and currently cannot be modified.scheduler.kubeScheduler.enabled: false
: Do not install kube-scheduler and use vgpu-scheduler as a separate extender.Extend vgpu-scheduler on scheduler-plugins.
[root@master01 charts]# kubectl get cm -n scheduler-plugins scheduler-config -ojsonpath=\"{.data.scheduler-config\\.yaml}\"\n
apiVersion: kubescheduler.config.k8s.io/v1\nkind: KubeSchedulerConfiguration\nleaderElection:\n leaderElect: false\nprofiles:\n # Compose all plugins in one profile\n - schedulerName: scheduler-plugins-scheduler\n plugins:\n multiPoint:\n enabled:\n - name: Coscheduling\n - name: CapacityScheduling\n - name: NodeResourceTopologyMatch\n - name: NodeResourcesAllocatable\n disabled:\n - name: PrioritySort\npluginConfig:\n - args:\n permitWaitingTimeSeconds: 10\n name: Coscheduling\n
Modify configmap of scheduler-config for scheduler-plugins:
[root@master01 charts]# kubectl get cm -n scheduler-plugins scheduler-config -ojsonpath=\"{.data.scheduler-config\\.yaml}\"\n
apiVersion: kubescheduler.config.k8s.io/v1\nkind: KubeSchedulerConfiguration\nleaderElection:\n leaderElect: false\nprofiles:\n # Compose all plugins in one profile\n - schedulerName: scheduler-plugins-scheduler\n plugins:\n multiPoint:\n enabled:\n - name: Coscheduling\n - name: CapacityScheduling\n - name: NodeResourceTopologyMatch\n - name: NodeResourcesAllocatable\n disabled:\n - name: PrioritySort\npluginConfig:\n - args:\n permitWaitingTimeSeconds: 10\n name: Coscheduling\nextenders:\n - urlPrefix: \"${urlPrefix}\"\n filterVerb: filter\n bindVerb: bind\n nodeCacheCapable: true\n ignorable: true\n httpTimeout: 30s\n weight: 1\n enableHTTPS: true\n tlsConfig:\n insecure: true\n managedResources:\n - name: nvidia.com/vgpu\n ignoredByScheduler: true\n - name: nvidia.com/gpumem\n ignoredByScheduler: true\n - name: nvidia.com/gpucores\n ignoredByScheduler: true\n - name: nvidia.com/gpumem-percentage\n ignoredByScheduler: true\n - name: nvidia.com/priority\n ignoredByScheduler: true\n - name: cambricon.com/mlunum\n ignoredByScheduler: true\n
After installing vgpu-scheduler, the system will automatically create a service (svc), and the urlPrefix specifies the URL of the svc.
Note
The svc refers to the pod service load. You can use the following command in the namespace where the nvidia-vgpu plugin is installed to get the external access information for port 443.
kubectl get svc -n ${namespace}\n
The urlPrefix format is https://${ip address}:${port}
Restart the scheduler pod of scheduler-plugins to load the new configuration file.
Note
When creating a vgpu application, you do not need to specify the name of a scheduler-plugin. The vgpu-scheduler webhook will automatically change the scheduler's name to \"scheduler-plugins-scheduler\" without manual specification.
AI platform Container Management module can manage two types of clusters: integrated clusters and created clusters.
For more information about cluster types, see Cluster Role.
We designed several status for these two clusters.
"},{"location":"en/admin/kpanda/clusters/cluster-status.html#integrated-clusters","title":"Integrated Clusters","text":"Status Description Integrating The cluster is being integrated into AI platform. Removing The cluster is being removed from AI platform. Running The cluster is running as expected. Unknown The cluster is lost. Data displayed in the AI platform UI is the cached data before the disconnection, which does not represent real-time data. Any operation during this status will not take effect. You should check cluster network connectivity or host status."},{"location":"en/admin/kpanda/clusters/cluster-status.html#created-clusters","title":"Created Clusters","text":"Status Description Creating The cluster is being created. Updating The Kubernetes version of the cluster is being operating. Deleting The cluster is being deleted. Running The cluster is running as expected. Unknown The cluster is lost. Data displayed in the AI platform UI is the cached data before the disconnection, which does not represent real-time data. Any operation during this status will not take effect. You should check cluster network connectivity or host status. Failed The cluster creation is failed. You should check the logs for detailed reasons."},{"location":"en/admin/kpanda/clusters/cluster-version.html","title":"Supported Kubernetes Versions","text":"In AI platform, the integrated clusters and created clusters have different version support mechanisms.
This page focuses on the version support mechanism for created clusters.
The Kubernetes community supports three version ranges: 1.26, 1.27, and 1.28. When a new version is released by the community, the supported version range is incremented. For example, if the latest version released by the community is 1.27, the supported version range by the community will be 1.27, 1.28, and 1.29.
To ensure the security and stability of the clusters, when creating clusters in AI platform, the supported version range will always be one version lower than the community's version.
For instance, if the Kubernetes community supports v1.25, v1.26, and v1.27, then the version range for creating worker clusters in AI platform will be v1.24, v1.25, and v1.26. Additionally, a stable version, such as 1.24.7, will be recommended to users.
Furthermore, the version range for creating worker clusters in AI platform will remain highly synchronized with the community. When the community version increases incrementally, the version range for creating worker clusters in AI platform will also increase by one version.
"},{"location":"en/admin/kpanda/clusters/cluster-version.html#supported-kubernetes-versions_1","title":"Supported Kubernetes Versions","text":"Kubernetes Community Versions Created Worker Cluster Versions Recommended Versions for Created Worker Cluster AI platform Installer Release DateIn AI platform Container Management, clusters can have four roles: global service cluster, management cluster, worker cluster, and integrated cluster. An integrated cluster can only be integrated from third-party vendors (see Integrate Cluster).
This page explains how to create a Worker Cluster. By default, when creating a new Worker Cluster, the operating system type and CPU architecture of the worker nodes should be consistent with the Global Service Cluster. If you want to create a cluster with a different operating system or architecture than the Global Management Cluster, refer to Creating an Ubuntu Worker Cluster on a CentOS Management Platform for instructions.
It is recommended to use the supported operating systems in AI platform to create the cluster. If your local nodes are not within the supported range, you can refer to Creating a Cluster on Non-Mainstream Operating Systems for instructions.
"},{"location":"en/admin/kpanda/clusters/create-cluster.html#prerequisites","title":"Prerequisites","text":"Certain prerequisites must be met before creating a cluster:
v1.26.0-v1.28
. If you need to create a cluster with a lower version, refer to the Supporterd Cluster Versions.Enter the Container Management module, click Create Cluster on the upper right corner of the Clusters page.
Fill in the basic information by referring to the following instructions.
Fill in the node configuration information and click Node Check .
High Availability: When enabled, at least 3 controller nodes are required. When disabled, only 1 controller node is needed.
It is recommended to use High Availability mode in production environments.
Credential Type: Choose whether to access nodes using username/password or public/private keys.
If using public/private key authentication, SSH keys for the nodes need to be configured in advance. Refer to Using SSH Key Authentication for Nodes.
Same Password: When enabled, all nodes in the cluster will have the same access password. Enter the unified password for accessing all nodes in the field below. If disabled, you can set separate usernames and passwords for each node.
If node check is passed, click Next . If the check failed, update Node Information and check again.
Fill in the network configuration and click Next .
Fill in the plug-in configuration and click Next .
Fill in advanced settings and click OK .
Success
Note
Clusters created in AI platform Container Management can be either deleted or removed. Clusters integrated into AI platform can only be removed.
Info
If you want to delete an integrated cluster, you should delete it in the platform where it is created.
In AI platform, the difference between Delete and Remove is:
Note
Enter the Container Management module, find your target cluster, click __ ...__ on the right, and select Remove in the drop-down list.
Enter the cluster name to confirm and click Delete .
You will be auto directed to cluster lists. The status of this cluster will changed to Deleting . It may take a while to delete/remove a cluster.
With the features of integrating clusters, AI platform allows you to manage on-premise and cloud clusters of various providers in a unified manner. This is quite important in avoiding the risk of being locked in by a certain providers, helping enterprises safely migrate their business to the cloud.
In AI platform Container Management module, you can integrate a cluster of the following providers: standard Kubernetes clusters, Redhat Openshift, SUSE Rancher, VMware Tanzu, Amazon EKS, Aliyun ACK, Huawei CCE, Tencent TKE, etc.
"},{"location":"en/admin/kpanda/clusters/integrate-cluster.html#prerequisites","title":"Prerequisites","text":"Enter Container Management module, and click Integrate Cluster in the upper right corner.
Fill in the basic information by referring to the following instructions.
Fill in the KubeConfig of the target cluster and click Verify Config . The cluster can be successfully connected only after the verification is passed.
Click How do I get the KubeConfig? to see the specific steps for getting this file.
Confirm that all parameters are filled in correctly and click OK in the lower right corner of the page.
Note
The status of the newly integrated cluster is Integrating , which will become Running after the integration succeeds.
"},{"location":"en/admin/kpanda/clusters/integrate-rancher-cluster.html","title":"Integrate the Rancher Cluster","text":"This page explains how to integrate a Rancher cluster.
"},{"location":"en/admin/kpanda/clusters/integrate-rancher-cluster.html#prerequisites","title":"Prerequisites","text":"Log in to the Rancher cluster with a role that has administrator privileges, and create a file named sa.yaml using the terminal.
vi sa.yaml\n
Press the i key to enter insert mode, then copy and paste the following content:
sa.yamlapiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n name: rancher-rke\n rules:\n - apiGroups:\n - '*'\n resources:\n - '*'\n verbs:\n - '*'\n - nonResourceURLs:\n - '*'\n verbs:\n - '*'\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n name: rancher-rke\n roleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: rancher-rke\n subjects:\n - kind: ServiceAccount\n name: rancher-rke\n namespace: kube-system\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: rancher-rke\n namespace: kube-system\n
Press the Esc key to exit insert mode, then type :wq to save and exit.
Run the following command in the current directory to create a ServiceAccount named rancher-rke (referred to as SA for short):
kubectl apply -f sa.yaml\n
The expected output is as follows:
clusterrole.rbac.authorization.k8s.io/rancher-rke created\nclusterrolebinding.rbac.authorization.k8s.io/rancher-rke created\nserviceaccount/rancher-rke created\n
Create a secret named rancher-rke-secret and bind the secret to the rancher-rke SA.
kubectl apply -f - <<EOF\napiVersion: v1\nkind: Secret\nmetadata:\n name: rancher-rke-secret\n namespace: kube-system\n annotations:\n kubernetes.io/service-account.name: rancher-rke\n type: kubernetes.io/service-account-token\nEOF\n
The output is expected to be:
secret/rancher-rke-secret created\n
Note
If your cluster version is lower than 1.24, please ignore this step and proceed to the next one.
Check secret for rancher-rke SA:
kubectl -n kube-system get secret | grep rancher-rke | awk '{print $1}'\n
The output is expected to be:
rancher-rke-secret\n
Check the rancher-rke-secret secret:
kubectl -n kube-system describe secret rancher-rke-secret\n
The output is expected to be:
Name: rancher-rke-secret\nNamespace: kube-system\nLabels: <none>\nAnnotations: kubernetes.io/service-account.name: rancher-rke\n kubernetes.io/service-account.uid: d83df5d9-bd7d-488d-a046-b740618a0174\n\nType: kubernetes.io/service-account-token\n\nData\n====\nca.crt: 570 bytes\nnamespace: 11 bytes\ntoken: eyJhbGciOiJSUzI1NiIsImtpZCI6IjUtNE9nUWZLRzVpbEJORkZaNmtCQXhqVzRsZHU4MHhHcDBfb0VCaUo0V1kifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJyYW5jaGVyLXJrZS1zZWNyZXQiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoicmFuY2hlci1ya2UiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJkODNkZjVkOS1iZDdkLTQ4OGQtYTA0Ni1iNzQwNjE4YTAxNzQiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06cmFuY2hlci1ya2UifQ.VNsMtPEFOdDDeGt_8VHblcMRvjOwPXMM-79o9UooHx6q-VkHOcIOp3FOT2hnEdNnIsyODZVKCpEdCgyozX-3y5x2cZSZpocnkMcBbQm-qfTyUcUhAY7N5gcYUtHUhvRAsNWJcsDCn6d96gT_qo-ddo_cT8Ri39Lc123FDYOnYG-YGFKSgRQVy7Vyv34HIajZCCjZzy7i--eE_7o4DXeTjNqAFMFstUxxHBOXI3Rdn1zKQKqh5Jhg4ES7X-edSviSUfJUX-QV_LlAw5DuAyGPH7bDH4QaQ5k-p6cIctmpWZE-9wRDlKA4LYRblKE7MJcI6OmM4ldlMM0Jc8N-gCtl4w\n
Perform the following steps on any local node where kubelet is installed:
Configure kubelet token.
kubectl config set-credentials rancher-rke --token= __rancher-rke-secret__ # token \u4fe1\u606f\n
For example,
kubectl config set-credentials eks-admin --token=eyJhbGciOiJSUzI1NiIsImtpZCI6IjUtNE9nUWZLRzVpbEJORkZaNmtCQXhqVzRsZHU4MHhHcDBfb0VCaUo0V1kifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJyYW5jaGVyLXJrZS1zZWNyZXQiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoicmFuY2hlci1ya2UiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJkODNkZjVkOS1iZDdkLTQ4OGQtYTA0Ni1iNzQwNjE4YTAxNzQiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06cmFuY2hlci1ya2UifQ.VNsMtPEFOdDDeGt_8VHblcMRvjOwPXMM-79o9UooHx6q-VkHOcIOp3FOT2hnEdNnIsyODZVKCpEdCgyozX-3y5x2cZSZpocnkMcBbQm-qfTyUcUhAY7N5gcYUtHUhvRAsNWJcsDCn6d96gT_qo-ddo_cT8Ri39Lc123FDYOnYG-YGFKSgRQVy7Vyv34HIajZCCjZzy7i--eE_7o4DXeTjNqAFMFstUxxHBOXI3Rdn1zKQKqh5Jhg4ES7X-edSviSUfJUX-QV_LlAw5DuAyGPH7bDH4QaQ5k-p6cIctmpWZE-9wRDlKA4LYRblKE7MJcI6OmM4ldlMM0Jc8N-gCtl4w\n
Configure the kubelet APIServer information.
kubectl config set-cluster {cluster-name} --insecure-skip-tls-verify=true --server={APIServer}\n
https://10.X.X.X:6443
.For example,
kubectl config set-cluster rancher-rke --insecure-skip-tls-verify=true --server=https://10.X.X.X:6443\n
Configure the kubelet context.
kubectl config set-context {context-name} --cluster={cluster-name} --user={SA-usename}\n
For example,
kubectl config set-context rancher-rke-context --cluster=rancher-rke --user=rancher-rke\n
Specify the newly created context rancher-rke-context in kubelet.
kubectl config use-context rancher-rke-context\n
Fetch the kubeconfig information for the context rancher-rke-context .
kubectl config view --minify --flatten --raw\n
The output is expected to be:
```yaml apiVersion: v1 clusters: - cluster: insecure-skip-tls-verify: true server: https://77C321BCF072682C70C8665ED4BFA10D.gr7.ap-southeast-1.eks.amazonaws.com name: joincluster contexts: - context: cluster: joincluster user: eks-admin name: ekscontext current-context: ekscontext kind: Config preferences: {} users: - name: eks-admin user: token: eyJhbGciOiJSUzI1NiIsImtpZCI6ImcxTjJwNkktWm5IbmRJU1RFRExvdWY1TGFWVUtGQ3VIejFtNlFQcUNFalEifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2V
Using the kubeconfig file fetched earlier, refer to the Integrate Cluster documentation to integrate the Rancher cluster to the global cluster.
"},{"location":"en/admin/kpanda/clusters/k8s-cert.html","title":"Update Kubernetes Cluster Certificate","text":"To ensure secure communication between various components of Kubernetes, TLS authentication is performed during calls between components, which requires configuring the cluster PKI certificates.
The validity period of cluster certificates is 1 year. To avoid service interruptions due to certificate expiration, please update the certificates in a timely manner.
This article explains how to manually update the certificates.
"},{"location":"en/admin/kpanda/clusters/k8s-cert.html#check-if-the-certificates-are-expired","title":"Check if the Certificates are Expired","text":"You can execute the following command to check if the certificates are expired:
kubeadm certs check-expiration\n
The output will be similar to the following:
CERTIFICATE EXPIRES RESIDUAL TIME CERTIFICATE AUTHORITY EXTERNALLY MANAGED\nadmin.conf Dec 14, 2024 07:26 UTC 204d no \napiserver Dec 14, 2024 07:26 UTC 204d ca no \napiserver-etcd-client Dec 14, 2024 07:26 UTC 204d etcd-ca no \napiserver-kubelet-client Dec 14, 2024 07:26 UTC 204d ca no \ncontroller-manager.conf Dec 14, 2024 07:26 UTC 204d no \netcd-healthcheck-client Dec 14, 2024 07:26 UTC 204d etcd-ca no \netcd-peer Dec 14, 2024 07:26 UTC 204d etcd-ca no \netcd-server Dec 14, 2024 07:26 UTC 204d etcd-ca no \nfront-proxy-client Dec 14, 2024 07:26 UTC 204d front-proxy-ca no \nscheduler.conf Dec 14, 2024 07:26 UTC 204d no \n\nCERTIFICATE AUTHORITY EXPIRES RESIDUAL TIME EXTERNALLY MANAGED\nca Dec 12, 2033 07:26 UTC 9y no \netcd-ca Dec 12, 2033 07:26 UTC 9y no \nfront-proxy-ca Dec 12, 2033 07:26 UTC 9y no \n
"},{"location":"en/admin/kpanda/clusters/k8s-cert.html#manually-update-certificates","title":"Manually Update Certificates","text":"You can manually update the certificates using the following command with appropriate command-line options. Please back up the current certificates before updating.
To update a specific certificate:
kubeadm certs renew\n
To update all certificates:
kubeadm certs renew all\n
The updated certificates can be viewed in the /etc/kubernetes/pki
directory, with a validity period extended by 1 year. The following corresponding configuration files will also be updated:
Note
/etc/kubernetes/pki
.After executing the update operation, you need to restart the control plane Pods. Since dynamic certificate reloading is currently not supported by all components and certificates, this operation is necessary.
Static Pods are managed by the local kubelet rather than the API server, so kubectl cannot be used to delete or restart them.
To restart static Pods, you can temporarily remove the manifest files from /etc/kubernetes/manifests/
and wait for 20 seconds. Refer to the fileCheckFrequency
value in the KubeletConfiguration structure.
If the Pods are not in the manifest directory, the kubelet will terminate them. After another fileCheckFrequency
cycle, you can move the files back, and the kubelet will recreate the Pods, completing the certificate update operation.
mv ./manifests/* ./temp/\nmv ./temp/* ./manifests/\n
Note
If the container service uses Docker, to make the certificates take effect, you can use the following command to restart the services involved with the certificates:
docker ps | grep -E 'k8s_kube-apiserver|k8s_kube-controller-manager|k8s_kube-scheduler|k8s_etcd_etcd' | awk -F ' ' '{print $1}' | xargs docker restart\n
"},{"location":"en/admin/kpanda/clusters/k8s-cert.html#update-kubeconfig","title":"Update KubeConfig","text":"During cluster setup, the admin.conf certificate is usually copied to $HOME/.kube/config. To update the contents of $HOME/.kube/config after updating admin.conf, you must run the following commands:
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config\nsudo chown $(id -u):$(id -g) $HOME/.kube/config\n
"},{"location":"en/admin/kpanda/clusters/k8s-cert.html#configure-certificate-rotation-for-kubelet","title":"Configure Certificate Rotation for Kubelet","text":"After completing the above operations, the update for all cluster certificates is basically complete, except for kubelet.
Kubernetes includes a feature for kubelet certificate rotation that automatically generates new keys and requests new certificates from the Kubernetes API when the current certificates are about to expire. Once the new certificates are available, they will be used for connection authentication with the Kubernetes API.
Note
This feature is available in Kubernetes version 1.8.0 or higher.
To enable client certificate rotation, configure the following parameters:
The kubelet process receives the --rotate-certificates
parameter, which determines whether kubelet will automatically request new certificates when the currently used certificates are about to expire.
The kube-controller-manager process receives the --cluster-signing-duration
parameter (previously --experimental-cluster-signing-duration
before version 1.19) to control the validity period of issued certificates.
For more details, refer to Configure Certificate Rotation for Kubelet.
"},{"location":"en/admin/kpanda/clusters/k8s-cert.html#automatically-update-certificates","title":"Automatically Update Certificates","text":"For more efficient and convenient handling of expired or soon-to-expire Kubernetes cluster certificates, you can refer to the K8s Version Cluster Certificate Update.
"},{"location":"en/admin/kpanda/clusters/runtime.html","title":"How to choose the container runtime","text":"The container runtime is an important component in kubernetes to manage the life cycle of containers and container images. Kubernetes made containerd the default container runtime in version 1.19, and removed support for the Dockershim component in version 1.24.
Therefore, compared to the Docker runtime, we recommend you to use the lightweight containerd as your container runtime, because this has become the current mainstream runtime choice.
In addition, some operating system distribution vendors are not friendly enough for Docker runtime compatibility. The runtime support of different operating systems is as follows:
"},{"location":"en/admin/kpanda/clusters/runtime.html#operating-systems-and-supported-runtimes","title":"Operating systems and supported runtimes","text":"Operating System Supported containerd Versions Supported Docker Versions CentOS 1.5.5, 1.5.7, 1.5.8, 1.5.9, 1.5.10, 1.5.11, 1.5.12, 1.5.13, 1.6.0, 1.6.1, 1.6.2, 1.6.3, 1.6.4, 1.6.5, 1.6.6, 1.6.7, 1.6.8, 1.6.9, 1.6.10, 1.6.11, 1.6.12, 1.6.13, 1.6.14, 1.6.15 (default) 18.09, 19.03, 20.10 (default) RedHatOS 1.5.5, 1.5.7, 1.5.8, 1.5.9, 1.5.10, 1.5.11, 1.5.12, 1.5.13, 1.6.0, 1.6.1, 1.6.2, 1.6.3, 1.6.4, 1.6.5, 1.6.6, 1.6.7, 1.6.8, 1.6.9, 1.6.10, 1.6.11, 1.6.12, 1.6.13, 1.6.14, 1.6.15 (default) 18.09, 19.03, 20.10 (default) KylinOS 1.5.5, 1.5.7, 1.5.8, 1.5.9, 1.5.10, 1.5.11, 1.5.12, 1.5.13, 1.6.0, 1.6.1, 1.6.2, 1.6.3, 1.6.4, 1.6.5, 1.6.6, 1.6.7, 1.6.8, 1.6.9, 1.6.10, 1.6.11, 1.6.12, 1.6.13, 1.6.14, 1.6.15 (default) 19.03 (Only supported by ARM architecture, Docker is not supported as a runtime under x86 architecture)Note
In the offline installation mode, you need to prepare the runtime offline package of the relevant operating system in advance.
"},{"location":"en/admin/kpanda/clusters/upgrade-cluster.html","title":"Cluster Upgrade","text":"The Kubernetes Community packages a small version every quarter, and the maintenance cycle of each version is only about 9 months. Some major bugs or security holes will not be updated after the version stops maintenance. Manually upgrading cluster operations is cumbersome and places a huge workload on administrators.
In Suanova, you can upgrade the Kubernetes cluster with one click through the web UI interface.
Danger
After the version is upgraded, it will not be possible to roll back to the previous version, please proceed with caution.
Note
Click the name of the target cluster in the cluster list.
Then click Cluster Operation and Maintenance -> Cluster Upgrade in the left navigation bar, and click Version Upgrade in the upper right corner of the page.
Select the version that can be upgraded, and enter the cluster name to confirm.
After clicking OK , you can see the upgrade progress of the cluster.
The cluster upgrade is expected to take 30 minutes. You can click the Real-time Log button to view the detailed log of the cluster upgrade.
ConfigMaps store non-confidential data in the form of key-value pairs to achieve the effect of mutual decoupling of configuration data and application code. ConfigMaps can be used as environment variables for containers, command-line parameters, or configuration files in storage volumes.
Note
The data saved in ConfigMaps cannot exceed 1 MiB. If you need to store larger volumes of data, it is recommended to mount a storage volume or use an independent database or file service.
ConfigMaps do not provide confidentiality or encryption. If you want to store encrypted data, it is recommended to use secret, or other third-party tools to ensure the privacy of data.
You can create ConfigMaps with two methods:
Integrated the Kubernetes cluster or created the Kubernetes cluster, and you can access the UI interface of the cluster.
Created a namespace, user, and authorized the user as NS Editor. For details, refer to Namespace Authorization.
Click the name of a cluster on the Clusters page to enter Cluster Details .
In the left navigation bar, click ConfigMap and Secret -> ConfigMap , and click the Create ConfigMap button in the upper right corner.
Fill in the configuration information on the Create ConfigMap page, and click OK .
!!! note
Click __Upload File__ to import an existing file locally to quickly create ConfigMaps.\n
After the creation is complete, click More on the right side of the ConfigMap to edit YAML, update, export, delete and other operations.
Click the name of a cluster on the Clusters page to enter Cluster Details .
In the left navigation bar, click ConfigMap and Secret -> ConfigMap , and click the YAML Create button in the upper right corner.
Fill in or paste the configuration file prepared in advance, and then click OK in the lower right corner of the pop-up box.
!!! note
- Click __Import__ to import an existing file locally to quickly create ConfigMaps.\n - After filling in the data, click __Download__ to save the configuration file locally.\n
After the creation is complete, click More on the right side of the ConfigMap to edit YAML, update, export, delete and other operations.
```yaml\n kind: ConfigMap\n apiVersion: v1\n metadata:\n name: kube-root-ca.crt\n namespace: default\n annotations:\n data:\n version: '1.0'\n ```\n
Next step: Use ConfigMaps
"},{"location":"en/admin/kpanda/configmaps-secrets/create-secret.html","title":"Create Secret","text":"A secret is a resource object used to store and manage sensitive information such as passwords, OAuth tokens, SSH, TLS credentials, etc. Using keys means you don't need to include sensitive secrets in your application code.
Secrets can be used in some cases:
You can create ConfigMaps with two methods:
Integrated the Kubernetes cluster or created the Kubernetes cluster, and you can access the UI interface of the cluster
Created a namespace, user, and authorized the user as NS Editor. For details, refer to Namespace Authorization.
Click the name of a cluster on the Clusters page to enter Cluster Details .
In the left navigation bar, click ConfigMap and Secret -> Secret , and click the Create Secret button in the upper right corner.
Fill in the configuration information on the Create Secret page, and click OK .
Note when filling in the configuration:
Click the name of a cluster on the Clusters page to enter Cluster Details .
In the left navigation bar, click ConfigMap and Secret -> Secret , and click the YAML Create button in the upper right corner.
Fill in the YAML configuration on the Create with YAML page, and click OK .
Supports importing YAML files from local or downloading and saving filled files to local.
```yaml\n apiVersion: v1\n kind: Secret\n metadata:\n name: secretdemo\n type: Opaque\n data:\n username: ****\n password: ****\n ```\n
Next step: use secret
"},{"location":"en/admin/kpanda/configmaps-secrets/use-configmap.html","title":"Use ConfigMaps","text":"ConfigMap (ConfigMap) is an API object of Kubernetes, which is used to save non-confidential data into key-value pairs, and can store configurations that other objects need to use. When used, the container can use it as an environment variable, a command-line argument, or a configuration file in a storage volume. By using ConfigMaps, configuration data and application code can be separated, providing a more flexible way to modify application configuration.
Note
ConfigMaps do not provide confidentiality or encryption. If the data to be stored is confidential, please use secret, or use other third-party tools to ensure the privacy of the data instead of ConfigMaps. In addition, when using ConfigMaps in containers, the container and ConfigMaps must be in the same cluster namespace.
"},{"location":"en/admin/kpanda/configmaps-secrets/use-configmap.html#scenes-to-be-used","title":"scenes to be used","text":"You can use ConfigMaps in Pods. There are many use cases, mainly including:
Use ConfigMaps to set the environment variables of the container
Use ConfigMaps to set the command line parameters of the container
Use ConfigMaps as container volumes
You can use the ConfigMap as the environment variable of the container through the graphical interface or the terminal command line.
Note
The ConfigMap import is to use the ConfigMap as the value of the environment variable; the ConfigMap key value import is to use a certain parameter in the ConfigMap as the value of the environment variable.
"},{"location":"en/admin/kpanda/configmaps-secrets/use-configmap.html#graphical-interface-operation","title":"Graphical interface operation","text":"When creating a workload through an image, you can set environment variables for the container by selecting Import ConfigMaps or Import ConfigMap Key Values on the Environment Variables interface.
Go to the Image Creation Workload page, in the Container Configuration step, select the Environment Variables configuration, and click the Add Environment Variable button.
Select ConfigMap Import or ConfigMap Key Value Import in the environment variable type.
When the environment variable type is selected as ConfigMap import , enter variable name , prefix name, ConfigMap name in sequence.
When the environment variable type is selected as ConfigMap key-value import , enter variable name , ConfigMap name, and Secret name in sequence.
You can set ConfigMaps as environment variables when creating a workload, using the valueFrom parameter to refer to the Key/Value in the ConfigMap.
apiVersion: v1\nkind: Pod\nmetadata:\n name: configmap-pod-1\nspec:\n containers:\n - name: test-container\n image: busybox\n command: [ \"/bin/sh\", \"-c\", \"env\" ]\n env:\n - name: SPECIAL_LEVEL_KEY\n valueFrom: # (1)\n configMapKeyRef:\n name: kpanda-configmap # (2)\n key: SPECIAL_LEVEL # (3)\n restartPolicy: Never\n
You can use ConfigMaps to set the command or parameter value in the container, and use the environment variable substitution syntax $(VAR_NAME) to do so. As follows.
apiVersion: v1\nkind: Pod\nmetadata:\n name: configmap-pod-3\nspec:\n containers:\n - name: test-container\n image: busybox\n command: [ \"/bin/sh\", \"-c\", \"echo $(SPECIAL_LEVEL_KEY) $(SPECIAL_TYPE_KEY)\" ]\n env:\n - name: SPECIAL_LEVEL_KEY\n valueFrom:\n configMapKeyRef:\n name: kpanda-configmap\n key: SPECIAL_LEVEL\n - name: SPECIAL_TYPE_KEY\n valueFrom:\n configMapKeyRef:\n name: kpanda-configmap\n key: SPECIAL_TYPE\n restartPolicy: Never\n
After the Pod runs, the output is as follows.
Hello Kpanda\n
"},{"location":"en/admin/kpanda/configmaps-secrets/use-configmap.html#used-as-container-volume","title":"Used as container volume","text":"You can use the ConfigMap as the environment variable of the container through the graphical interface or the terminal command line.
"},{"location":"en/admin/kpanda/configmaps-secrets/use-configmap.html#graphical-operation","title":"Graphical operation","text":"When creating a workload through an image, you can use the ConfigMap as the volume of the container by selecting the storage type as \"ConfigMap\" on the \"Data Storage\" interface.
Go to the Image Creation Workload page, in the Container Configuration step, select the Data Storage configuration, and click __Add in the __ Node Path Mapping __ list __ button.
Select ConfigMap in the storage type, and enter container path , subpath and other information in sequence.
To use a ConfigMap in a Pod's storage volume.
Here is an example Pod that mounts a ConfigMap as a volume:
apiVersion: v1\nkind: Pod\nmetadata:\n name: mypod\nspec:\n containers:\n -name: mypod\n image: redis\n volumeMounts:\n - name: foo\n mountPath: \"/etc/foo\"\n readOnly: true\n volumes:\n - name: foo\n configMap:\n name: myconfigmap\n
If there are multiple containers in a Pod, each container needs its own volumeMounts block, but you only need to set one spec.volumes block per ConfigMap.
Note
When a ConfigMap is used as a volume mounted on a container, the ConfigMap can only be read as a read-only file.
"},{"location":"en/admin/kpanda/configmaps-secrets/use-secret.html","title":"use key","text":"A secret is a resource object used to store and manage sensitive information such as passwords, OAuth tokens, SSH, TLS credentials, etc. Using keys means you don't need to include sensitive secrets in your application code.
"},{"location":"en/admin/kpanda/configmaps-secrets/use-secret.html#scenes-to-be-used","title":"scenes to be used","text":"You can use keys in Pods in a variety of use cases, mainly including:
You can use the key as the environment variable of the container through the GUI or the terminal command line.
Note
Key import is to use the key as the value of an environment variable; key key value import is to use a parameter in the key as the value of an environment variable.
"},{"location":"en/admin/kpanda/configmaps-secrets/use-secret.html#graphical-interface-operation","title":"Graphical interface operation","text":"When creating a workload from an image, you can set environment variables for the container by selecting Key Import or Key Key Value Import on the Environment Variables interface.
Go to the Image Creation Workload page.
Select the Environment Variables configuration in Container Configuration , and click the Add Environment Variable button.
Select Key Import or Key Key Value Import in the environment variable type.
When the environment variable type is selected as Key Import , enter Variable Name , Prefix , and Secret in sequence.
When the environment variable type is selected as key key value import , enter variable name , Secret , Secret name in sequence.
As shown in the example below, you can set the secret as an environment variable when creating the workload, using the valueFrom parameter to refer to the Key/Value in the Secret.
apiVersion: v1\nkind: Pod\nmetadata:\n name: secret-env-pod\nspec:\n containers:\n -name: mycontainer\n image: redis\n env:\n - name: SECRET_USERNAME\n valueFrom:\n secretKeyRef:\n name: mysecret\n key: username\n optional: false # (1)\n - name: SECRET_PASSWORD\n valueFrom:\n secretKeyRef:\n name: mysecret\n key: password\n optional: false # (2)\n
When creating a workload through an image, you can use the key as the volume of the container by selecting the storage type as \"key\" on the \"data storage\" interface.
Go to the Image Creation Workload page.
In the Container Configuration , select the Data Storage configuration, and click the Add button in the Node Path Mapping list.
Select Secret in the storage type, and enter container path , subpath and other information in sequence.
The following is an example of a Pod that mounts a Secret named mysecret via a volume:
apiVersion: v1\nkind: Pod\nmetadata:\n name: mypod\nspec:\n containers:\n -name: mypod\n image: redis\n volumeMounts:\n - name: foo\n mountPath: \"/etc/foo\"\n readOnly: true\n volumes:\n - name: foo\n secret:\n secretName: mysecret\n optional: false # (1)\n
If the Pod contains multiple containers, each container needs its own volumeMounts block, but only one .spec.volumes setting is required for each Secret.
"},{"location":"en/admin/kpanda/configmaps-secrets/use-secret.html#used-as-the-identity-authentication-credential-for-the-container-registry-when-the-kubelet-pulls-the-container-image","title":"Used as the identity authentication credential for the container registry when the kubelet pulls the container image","text":"You can use the key as the identity authentication credential for the Container registry through the GUI or the terminal command line.
"},{"location":"en/admin/kpanda/configmaps-secrets/use-secret.html#graphical-operation","title":"Graphical operation","text":"When creating a workload through an image, you can use the key as the volume of the container by selecting the storage type as \"key\" on the \"data storage\" interface.
Go to the Image Creation Workload page.
In the second step of Container Configuration , select the Basic Information configuration, and click the Select Image button.
Select the name of the private container registry in the drop-down list of `container registry' in the pop-up box. Please see Create Secret for details on private image secret creation.
Enter the image name in the private registry, click OK to complete the image selection.
Note
When creating a key, you need to ensure that you enter the correct container registry address, username, password, and select the correct mirror name, otherwise you will not be able to obtain the mirror image in the container registry.
"},{"location":"en/admin/kpanda/custom-resources/create.html","title":"CustomResourceDefinition (CRD)","text":"In Kubernetes, all objects are abstracted as resources, such as Pod, Deployment, Service, Volume, etc. are the default resources provided by Kubernetes. This provides important support for our daily operation and maintenance and management work, but in some special cases, the existing preset resources cannot meet the needs of the business. Therefore, we hope to expand the capabilities of the Kubernetes API, and CustomResourceDefinition (CRD) was born based on this requirement.
The container management module supports interface-based management of custom resources, and its main features are as follows:
Integrated the Kubernetes cluster or created Kubernetes, and you can access the cluster UI interface.
Created a namespace, user, and authorized the user as Cluster Admin
For details, refer to Namespace Authorization.
Click a cluster name to enter Cluster Details .
In the left navigation bar, click Custom Resource , and click the YAML Create button in the upper right corner.
On the Create with YAML page, fill in the YAML statement and click OK .
Return to the custom resource list page, and you can view the custom resource named crontabs.stable.example.com
just created.
Custom resource example:
CRD exampleapiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: crontabs.stable.example.com\nspec:\n group: stable.example.com\n versions:\n - name: v1\n served: true\n storage: true\n schema:\n openAPIV3Schema:\n type: object\n properties:\n spec:\n type: object\n properties:\n cronSpec:\n type: string\n image:\n type: string\n replicas:\n type: integer\n scope: Namespaced\n names:\n plural: crontabs\n singular: crontab\n kind: CronTab\n shortNames:\n - ct\n
"},{"location":"en/admin/kpanda/custom-resources/create.html#create-a-custom-resource-example-via-yaml","title":"Create a custom resource example via YAML","text":"Click a cluster name to enter Cluster Details .
In the left navigation bar, click Custom Resource , and click the YAML Create button in the upper right corner.
Click the custom resource named crontabs.stable.example.com
, enter the details, and click the YAML Create button in the upper right corner.
On the Create with YAML page, fill in the YAML statement and click OK .
Return to the details page of crontabs.stable.example.com
, and you can view the custom resource named my-new-cron-object just created.
CR Example:
CR exampleapiVersion: \"stable.example.com/v1\"\nkind: CronTab\nmetadata:\n name: my-new-cron-object\nspec:\n cronSpec: \"* * * * */5\"\n image: my-awesome-cron-image\n
"},{"location":"en/admin/kpanda/gpu/index.html","title":"Overview of GPU Management","text":"This article introduces the capability of Suanova container management platform in unified operations and management of heterogeneous resources, with a focus on GPUs.
"},{"location":"en/admin/kpanda/gpu/index.html#background","title":"Background","text":"With the rapid development of emerging technologies such as AI applications, large-scale models, artificial intelligence, and autonomous driving, enterprises are facing an increasing demand for compute-intensive tasks and data processing. Traditional compute architectures represented by CPUs can no longer meet the growing computational requirements of enterprises. At this point, heterogeneous computing represented by GPUs has been widely applied due to its unique advantages in processing large-scale data, performing complex calculations, and real-time graphics rendering.
Meanwhile, due to the lack of experience and professional solutions in scheduling and managing heterogeneous resources, the utilization efficiency of GPU devices is extremely low, resulting in high AI production costs for enterprises. The challenge of reducing costs, increasing efficiency, and improving the utilization of GPUs and other heterogeneous resources has become a pressing issue for many enterprises.
"},{"location":"en/admin/kpanda/gpu/index.html#introduction-to-gpu-capabilities","title":"Introduction to GPU Capabilities","text":"The Suanova container management platform supports unified scheduling and operations management of GPUs, NPUs, and other heterogeneous resources, fully unleashing the computational power of GPU resources, and accelerating the development of enterprise AI and other emerging applications. The GPU management capabilities of Suanova are as follows:
Similar to regular computer hardware, NVIDIA GPUs, as physical devices, need to have the NVIDIA GPU driver installed in order to be used. To reduce the cost of using GPUs on Kubernetes, NVIDIA provides the NVIDIA GPU Operator component to manage various components required for using NVIDIA GPUs. These components include the NVIDIA driver (for enabling CUDA), NVIDIA container runtime, GPU node labeling, DCGM-based monitoring, and more. In theory, users only need to plug the GPU into a compute device managed by Kubernetes, and they can use all the capabilities of NVIDIA GPUs through the GPU Operator. For more information about NVIDIA GPU Operator, refer to the NVIDIA official documentation. For deployment instructions, refer to Offline Installation of GPU Operator.
Architecture diagram of NVIDIA GPU Operator:
"},{"location":"en/admin/kpanda/gpu/FAQ.html","title":"GPU FAQs","text":""},{"location":"en/admin/kpanda/gpu/FAQ.html#gpu-processes-are-not-visible-while-running-nvidia-smi-inside-a-pod","title":"GPU processes are not visible while running nvidia-smi inside a pod","text":"Q: When running the nvidia-smi
command inside a GPU-utilizing pod, no GPU process information is visible in the full-card mode and vGPU mode.
A: Due to PID namespace
isolation, GPU processes are not visible inside the Pod. To view GPU processes, you can use one of the following methods:
hostPID: true
to enable viewing PIDs on the host.nvidia-smi
command in the driver pod of the gpu-operator to view processes.chroot /run/nvidia/driver nvidia-smi
command on the host to view processes.This section describes how to use Iluvatar virtual GPU on AI platform.
"},{"location":"en/admin/kpanda/gpu/Iluvatar_usage.html#prerequisites","title":"Prerequisites","text":"Check if the GPU in the cluster has been detected. Click Clusters -> Cluster Settings -> Addon Plugins , and check if the proper GPU type has been automatically enabled and detected. Currently, the cluster will automatically enable GPU and set the GPU type as Iluvatar .
Deploy a workload. Click Clusters -> Workloads and deploy a workload using the image. After selecting the type as (Iluvatar) , configure the GPU resources used by the application:
Physical Card Count (iluvatar.ai/vcuda-core): Indicates the number of physical cards that the current pod needs to mount. The input value must be an integer and less than or equal to the number of cards on the host machine.
Memory Usage (iluvatar.ai/vcuda-memory): Indicates the amount of GPU memory occupied by each card. The value is in MB, with a minimum value of 1 and a maximum value equal to the entire memory of the card.
If there are any issues with the configuration values, scheduling failures or resource allocation failures may occur.
To request GPU resources for a workload, add the iluvatar.ai/vcuda-core: 1 and iluvatar.ai/vcuda-memory: 200 to the requests and limits. These parameters configure the application to use the physical card resources.
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: full-iluvatar-gpu-demo\n namespace: default\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: full-iluvatar-gpu-demo\n template:\n metadata:\n labels:\n app: full-iluvatar-gpu-demo\n spec:\n containers:\n - image: nginx:perl\n name: container-0\n resources:\n limits:\n cpu: 250m\n iluvatar.ai/vcuda-core: '1'\n iluvatar.ai/vcuda-memory: '200'\n memory: 512Mi\n requests:\n cpu: 250m\n memory: 512Mi\n imagePullSecrets:\n - name: default-secret\n
"},{"location":"en/admin/kpanda/gpu/dynamic-regulation.html","title":"GPU Scheduling Configuration (Binpack and Spread)","text":"This page introduces how to reduce GPU resource fragmentation and prevent single points of failure through Binpack and Spread when using NVIDIA vGPU, achieving advanced scheduling for vGPU. The AI platform provides Binpack and Spread scheduling policies across two dimensions: clusters and workloads, meeting different usage requirements in various scenarios.
"},{"location":"en/admin/kpanda/gpu/dynamic-regulation.html#prerequisites","title":"Prerequisites","text":"Scheduling policy based on GPU dimension
Scheduling policy based on node dimension
Note
By default, workloads will follow the cluster-level Binpack and Spread. If a workload sets its own Binpack and Spread scheduling policies that differ from the cluster, the workload will prioritize its own scheduling policy.
On the Clusters page, select the cluster for which you want to adjust the Binpack and Spread scheduling policies. Click the \u2507 icon on the right and select GPU Scheduling Configuration from the dropdown list.
Adjust the GPU scheduling configuration according to your business scenario, and click OK to save.
Note
When the Binpack and Spread scheduling policies at the workload level conflict with the cluster-level configuration, the workload-level configuration takes precedence.
Follow the steps below to create a deployment using an image and configure Binpack and Spread scheduling policies within the workload.
Click Clusters in the left navigation bar, then click the name of the target cluster to enter the Cluster Details page.
On the Cluster Details page, click Workloads -> Deployments in the left navigation bar, then click the Create by Image button in the upper right corner of the page.
Sequentially fill in the Basic Information, Container Settings, and in the Container Configuration section, enable GPU configuration, selecting the GPU type as NVIDIA vGPU. Click Advanced Settings, enable the Binpack / Spread scheduling policy, and adjust the GPU scheduling configuration according to the business scenario. After configuration, click Next to proceed to Service Settings and Advanced Settings. Finally, click OK at the bottom right of the page to complete the creation.
This page explains the matrix of supported GPUs and operating systems for AI platform.
"},{"location":"en/admin/kpanda/gpu/gpu_matrix.html#nvidia-gpu","title":"NVIDIA GPU","text":"GPU Manufacturer and Type Supported GPU Models Compatible Operating System (Online) Recommended Kernel Recommended Operating System and Kernel Installation Documentation NVIDIA GPU (Full Card/vGPU)This document mainly introduces the configuration of GPU
scheduling, which can implement advanced scheduling policies. Currently, the primary implementation is the vgpu
scheduling policy.
vGPU
provides two policies for resource usage: binpack
and spread
. These correspond to node-level and GPU-level dimensions, respectively. The use case is whether you want to distribute workloads more sparsely across different nodes and GPUs or concentrate them on the same node and GPU, thereby making resource utilization more efficient and reducing resource fragmentation.
You can modify the scheduling policy in your cluster by following these steps:
binpack
, and the GPU-level policy is spread
.The above steps modify the cluster-level scheduling policy. Users can also specify their own scheduling policy at the workload level to change the scheduling results. Below is an example of modifying the scheduling policy at the workload level:
apiVersion: v1\nkind: Pod\nmetadata:\n name: gpu-pod\n annotations:\n hami.io/node-scheduler-policy: \"binpack\"\n hami.io/gpu-scheduler-policy: \"binpack\"\nspec:\n containers:\n - name: ubuntu-container\n image: ubuntu:18.04\n command: [\"bash\", \"-c\", \"sleep 86400\"]\n resources:\n limits:\n nvidia.com/gpu: 1\n nvidia.com/gpumem: 3000\n nvidia.com/gpucores: 30\n
In this example, both the node- and GPU-level scheduling policies are set to binpack
. This ensures that the workload is scheduled to maximize resource utilization and reduce fragmentation.
This section describes how to use vGPU capabilities on the AI platform.
"},{"location":"en/admin/kpanda/gpu/vgpu_quota.html#prerequisites","title":"Prerequisites","text":"The proper GPU driver (NVIDIA GPU, NVIDIA MIG, Iluvatar, Ascend) has been deployed on the current cluster either through an Operator or manually.
"},{"location":"en/admin/kpanda/gpu/vgpu_quota.html#procedure","title":"Procedure","text":"Follow these steps to manage GPU quotas in AI platform:
Go to Namespaces and click Quota Management to configure the GPU resources that can be used by a specific namespace.
The currently supported card types for quota management in a namespace are: NVIDIA vGPU, NVIDIA MIG, Iluvatar, and Ascend.
NVIDIA vGPU Quota Management: Configure the specific quota that can be used. This will create a ResourcesQuota CR.
- Physical Card Count (nvidia.com/vgpu): Indicates the number of physical cards that the current pod needs to mount. The input value must be an integer and **less than or equal to** the number of cards on the host machine.\n- GPU Core Count (nvidia.com/gpucores): Indicates the GPU compute power occupied by each card. The value ranges from 0 to 100. If configured as 0, it is considered not to enforce isolation. If configured as 100, it is considered to exclusively occupy the entire card.\n- GPU Memory Usage (nvidia.com/gpumem): Indicates the amount of GPU memory occupied by each card. The value is in MB, with a minimum value of 1 and a maximum value equal to the entire memory of the card.\n
This chapter provides installation guidance for Ascend NPU drivers, Device Plugin, NPU-Exporter, and other components.
"},{"location":"en/admin/kpanda/gpu/ascend/ascend_driver_install.html#prerequisites","title":"Prerequisites","text":"Before using NPU resources, you need to complete the firmware installation, NPU driver installation, Docker Runtime installation, user creation, log directory creation, and NPU Device Plugin installation. Refer to the following steps for details.
"},{"location":"en/admin/kpanda/gpu/ascend/ascend_driver_install.html#install-firmware","title":"Install Firmware","text":"npu-smi info
, and if the NPU information is returned normally, it indicates that the NPU driver and firmware are ready.Download Ascend Docker Runtime
Community edition download link: https://www.hiascend.com/zh/software/mindx-dl/community
wget -c https://mindx.obs.cn-south-1.myhuaweicloud.com/OpenSource/MindX/MindX%205.0.RC2/MindX%20DL%205.0.RC2/Ascend-docker-runtime_5.0.RC2_linux-x86_64.run\n
Install to the specified path by executing the following two commands in order, with parameters specifying the installation path:
chmod u+x Ascend-docker-runtime_5.0.RC2_linux-x86_64.run \n./Ascend-docker-runtime_{version}_linux-{arch}.run --install --install-path=<path>\n
Modify the containerd configuration file
If containerd has no default configuration file, execute the following three commands in order to create the configuration file:
mkdir /etc/containerd \ncontainerd config default > /etc/containerd/config.toml \nvim /etc/containerd/config.toml\n
If containerd has a configuration file:
vim /etc/containerd/config.toml\n
Modify the runtime installation path according to the actual situation, mainly modifying the runtime field:
... \n[plugins.\"io.containerd.monitor.v1.cgroups\"]\n no_prometheus = false \n[plugins.\"io.containerd.runtime.v1.linux\"]\n shim = \"containerd-shim\"\n runtime = \"/usr/local/Ascend/Ascend-Docker-Runtime/ascend-docker-runtime\"\n runtime_root = \"\"\n no_shim = false\n shim_debug = false\n [plugins.\"io.containerd.runtime.v2.task\"]\n platforms = [\"linux/amd64\"]\n...\n
Execute the following command to restart containerd:
systemctl restart containerd\n
Execute the following commands on the node where the components are installed to create a user.
# Ubuntu operating system\nuseradd -d /home/hwMindX -u 9000 -m -s /usr/sbin/nologin hwMindX\nusermod -a -G HwHiAiUser hwMindX\n# CentOS operating system\nuseradd -d /home/hwMindX -u 9000 -m -s /sbin/nologin hwMindX\nusermod -a -G HwHiAiUser hwMindX\n
"},{"location":"en/admin/kpanda/gpu/ascend/ascend_driver_install.html#create-log-directory","title":"Create Log Directory","text":"Create the parent directory for component logs and the log directories for each component on the proper node, and set the appropriate owner and permissions for the directories. Execute the following command to create the parent directory for component logs.
mkdir -m 755 /var/log/mindx-dl\nchown root:root /var/log/mindx-dl\n
Execute the following command to create the Device Plugin component log directory.
mkdir -m 750 /var/log/mindx-dl/devicePlugin\nchown root:root /var/log/mindx-dl/devicePlugin\n
Note
Please create the proper log directory for each required component. In this example, only the Device Plugin component is needed. For other component requirements, refer to the official documentation
"},{"location":"en/admin/kpanda/gpu/ascend/ascend_driver_install.html#create-node-labels","title":"Create Node Labels","text":"Refer to the following commands to create labels on the proper nodes:
# Create this label on computing nodes where the driver is installed\nkubectl label node {nodename} huawei.com.ascend/Driver=installed\nkubectl label node {nodename} node-role.kubernetes.io/worker=worker\nkubectl label node {nodename} workerselector=dls-worker-node\nkubectl label node {nodename} host-arch=huawei-arm // or host-arch=huawei-x86, select according to the actual situation\nkubectl label node {nodename} accelerator=huawei-Ascend910 // select according to the actual situation\n# Create this label on control nodes\nkubectl label node {nodename} masterselector=dls-master-node\n
"},{"location":"en/admin/kpanda/gpu/ascend/ascend_driver_install.html#install-device-plugin-and-npuexporter","title":"Install Device Plugin and NpuExporter","text":"Functional module path: Container Management -> Cluster, click the name of the target cluster, then click Helm Apps -> Helm Charts from the left navigation bar, and search for ascend-mindxdl.
After a successful installation, two components will appear under the proper namespace, as shown below:
At the same time, the proper NPU information will also appear on the node information:
Once everything is ready, you can select the proper NPU device when creating a workload through the page, as shown below:
Note
For detailed information of how to use, refer to Using Ascend (Ascend) NPU.
"},{"location":"en/admin/kpanda/gpu/ascend/vnpu.html","title":"Enable Ascend Virtualization","text":"Ascend virtualization is divided into dynamic virtualization and static virtualization. This document describes how to enable and use Ascend static virtualization capabilities.
"},{"location":"en/admin/kpanda/gpu/ascend/vnpu.html#prerequisites","title":"Prerequisites","text":"Supported NPU models:
For more details, refer to the official virtualization hardware documentation.
Refer to the Ascend NPU Component Installation Documentation for the basic environment setup.
"},{"location":"en/admin/kpanda/gpu/ascend/vnpu.html#enable-virtualization-capabilities","title":"Enable Virtualization Capabilities","text":"To enable virtualization capabilities, you need to manually modify the startup parameters of the ascend-device-plugin-daemonset
component. Refer to the following command:
- device-plugin -useAscendDocker=true -volcanoType=false -presetVirtualDevice=true\n- logFile=/var/log/mindx-dl/devicePlugin/devicePlugin.log -logLevel=0\n
"},{"location":"en/admin/kpanda/gpu/ascend/vnpu.html#split-vnpu-instances","title":"Split VNPU Instances","text":"Static virtualization requires manually splitting VNPU instances. Refer to the following command:
npu-smi set -t create-vnpu -i 13 -c 0 -f vir02\n
i
refers to the card id.c
refers to the chip id.vir02
refers to the split specification template.Card id and chip id can be queried using npu-smi info
. The split specifications can be found in the Ascend official templates.
After splitting the instance, you can query the split results using the following command:
npu-smi info -t info-vnpu -i 13 -c 0\n
The query result is as follows:
"},{"location":"en/admin/kpanda/gpu/ascend/vnpu.html#restart-ascend-device-plugin-daemonset","title":"Restartascend-device-plugin-daemonset
","text":"After splitting the instance, manually restart the device-plugin
pod, then use the kubectl describe
command to check the resources of the registered node:
kubectl describe node {{nodename}}\n
"},{"location":"en/admin/kpanda/gpu/ascend/vnpu.html#how-to-use-the-device","title":"How to Use the Device","text":"When creating an application, specify the resource key as shown in the following YAML:
......\nresources:\n requests:\n huawei.com/Ascend310P-2c: 1\n limits:\n huawei.com/Ascend310P-2c: 1\n......\n
"},{"location":"en/admin/kpanda/gpu/metax/usemetax.html","title":"MetaX GPU Component Installation and Usage","text":"This chapter provides installation guidance for MetaX's gpu-extensions, gpu-operator, and other components, as well as usage methods for both the full GPU and vGPU modes.
"},{"location":"en/admin/kpanda/gpu/metax/usemetax.html#prerequisites","title":"Prerequisites","text":"Metax provides two helm-chart packages: metax-extensions and gpu-operator. Depending on the usage scenario, different components can be selected for installation.
Extract the following from the /home/metax/metax-docs/k8s/metax-gpu-k8s-package.0.7.10.tar.gz
file:
Check if the system has the driver installed:
$ lsmod | grep metax \nmetax 1605632 0 \nttm 86016 3 drm_vram_helper,metax,drm_ttm_helper \ndrm 618496 7 drm_kms_helper,drm_vram_helper,ast,metax,drm_ttm_helper,ttm\n
Install the driver.
Push the image:
tar -xf metax-gpu-k8s-package.0.7.10.tar.gz\n./metax-k8s-images.0.7.10.run push {registry}/metax\n
Push the Helm Chart:
helm plugin install https://github.com/chartmuseum/helm-push\nhelm repo add --username rootuser --password rootpass123 metax http://172.16.16.5:8081\nhelm cm-push metax-operator-0.7.10.tgz metax\nhelm cm-push metax-gpu-extensions-0.7.10.tgz metax\n
Install metax-gpu-extensions on the AI computing platform.
After successful deployment, resources can be viewed on the node.
After successful modification, you can see the label with Metax GPU
on the node.
Known issues when installing gpu-operator
:
The images for the components metax-operator
, gpu-label
, gpu-device
, and container-runtime
must have the amd64
suffix.
The image for the metax-maca
component is not included in the metax-k8s-images.0.7.13.run
package and needs to be separately downloaded, such as maca-mxc500-2.23.0.23-ubuntu20.04-x86_64.tar.xz
. After loading it, the image for the metax-maca
component needs to be modified again.
The image for the metax-driver
component needs to be downloaded from https://pub-docstore.metax-tech.com:7001
as the k8s-driver-image.2.23.0.25.run
file, and then execute the command k8s-driver-image.2.23.0.25.run push {registry}/metax
to push the image to the image repository. After pushing, modify the image address for the metax-driver
component.
After installation, you can use MetaX GPU in workloads. Note that after enabling the GPU, you need to select the GPU type as Metax GPU.
Enter the container and execute mx-smi
to view the GPU usage.
This article introduces how to use Cambricon GPU in the Suanova AI computing platform.
"},{"location":"en/admin/kpanda/gpu/mlu/use-mlu.html#prerequisites","title":"Prerequisites","text":"When installing DevicePlugin, please disable the --enable-device-type parameter; otherwise, the Suanova AI computing platform will not be able to correctly recognize the Cambricon GPU.
"},{"location":"en/admin/kpanda/gpu/mlu/use-mlu.html#introduction-to-cambricon-gpu-modes","title":"Introduction to Cambricon GPU Modes","text":"Cambricon GPUs have the following modes:
virtualization-num
parameter.Here, we take the Dynamic SMLU mode as an example:
After correctly installing the DevicePlugin and other components, click the proper Cluster -> Cluster Maintenance -> Cluster Settings -> Addon Plugins to check whether the proper GPU type has been automatically enabled and detected.
Click the node management page to check if the nodes have correctly recognized the proper GPU type.
Deploy workloads. Click the proper Cluster -> Workloads, and deploy workloads using images. After selecting the type (MLU VGPU), you need to configure the GPU resources used by the App:
Refer to the following YAML file:
apiVersion: v1 \nkind: Pod \nmetadata: \n name: pod1 \nspec: \n restartPolicy: OnFailure \n containers: \n - image: ubuntu:16.04 \n name: pod1-ctr \n command: [\"sleep\"] \n args: [\"100000\"] \n resources: \n limits: \n cambricon.com/mlu: \"1\" # use this when device type is not enabled, else delete this line. \n #cambricon.com/mlu: \"1\" #uncomment to use when device type is enabled \n #cambricon.com/mlu.share: \"1\" #uncomment to use device with env-share mode \n #cambricon.com/mlu.mim-2m.8gb: \"1\" #uncomment to use device with mim mode \n #cambricon.com/mlu.smlu.vcore: \"100\" #uncomment to use device with mim mode \n #cambricon.com/mlu.smlu.vmemory: \"1024\" #uncomment to use device with mim mode\n
"},{"location":"en/admin/kpanda/gpu/nvidia/index.html","title":"NVIDIA GPU Usage Modes","text":"NVIDIA, as a well-known graphics computing provider, offers various software and hardware solutions to enhance computational power. Among them, NVIDIA provides the following three solutions for GPU usage:
"},{"location":"en/admin/kpanda/gpu/nvidia/index.html#full-gpu","title":"Full GPU","text":"Full GPU refers to allocating the entire NVIDIA GPU to a single user or application. In this configuration, the application can fully occupy all the resources of the GPU and achieve maximum computational performance. Full GPU is suitable for workloads that require a large amount of computational resources and memory, such as deep learning training, scientific computing, etc.
"},{"location":"en/admin/kpanda/gpu/nvidia/index.html#vgpu-virtual-gpu","title":"vGPU (Virtual GPU)","text":"vGPU is a virtualization technology that allows one physical GPU to be partitioned into multiple virtual GPUs, with each virtual GPU assigned to different virtual machines or users. vGPU enables multiple users to share the same physical GPU and independently use GPU resources in their respective virtual environments. Each virtual GPU can access a certain amount of compute power and memory capacity. vGPU is suitable for virtualized environments and cloud computing scenarios, providing higher resource utilization and flexibility.
"},{"location":"en/admin/kpanda/gpu/nvidia/index.html#mig-multi-instance-gpu","title":"MIG (Multi-Instance GPU)","text":"MIG is a feature introduced by the NVIDIA Ampere architecture that allows one physical GPU to be divided into multiple physical GPU instances, each of which can be independently allocated to different users or workloads. Each MIG instance has its own compute resources, memory, and PCIe bandwidth, just like an independent virtual GPU. MIG provides finer-grained GPU resource allocation and management and allows dynamic adjustment of the number and size of instances based on demand. MIG is suitable for multi-tenant environments, containerized applications, batch jobs, and other scenarios.
Whether using vGPU in a virtualized environment or MIG on a physical GPU, NVIDIA provides users with more choices and optimized ways to utilize GPU resources. The Suanova container management platform fully supports the above NVIDIA capabilities. Users can easily access the full computational power of NVIDIA GPUs through simple UI operations, thereby improving resource utilization and reducing costs.
nvidia.com/gpu
resource type.nvidia.com/mig-<slice_count>g.<memory_size>gb
.For detailed instructions on enabling these configurations, refer to Offline Installation of GPU Operator.
"},{"location":"en/admin/kpanda/gpu/nvidia/index.html#how-to-use","title":"How to Use","text":"You can refer to the following links to quickly start using Suanova's management capabilities for NVIDIA GPUs.
This section describes how to allocate the entire NVIDIA GPU to a single application on the AI platform.
"},{"location":"en/admin/kpanda/gpu/nvidia/full_gpu_userguide.html#prerequisites","title":"Prerequisites","text":"Check if the cluster has detected the GPUs. Click Clusters -> Cluster Settings -> Addon Plugins to see if it has automatically enabled and detected the proper GPU types. Currently, the cluster will automatically enable GPU and set the GPU Type as Nvidia GPU .
Deploy a workload. Click Clusters -> Workloads , and deploy the workload using the image method. After selecting the type ( Nvidia GPU ), configure the number of physical cards used by the application:
Physical Card Count (nvidia.com/gpu): Indicates the number of physical cards that the current pod needs to mount. The input value must be an integer and less than or equal to the number of cards on the host machine.
If the above value is configured incorrectly, scheduling failures and resource allocation issues may occur.
To request GPU resources for a workload, add the nvidia.com/gpu: 1 parameter to the resource request and limit configuration in the YAML file. This parameter configures the number of physical cards used by the application.
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: full-gpu-demo\n namespace: default\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: full-gpu-demo\n template:\n metadata:\n labels:\n app: full-gpu-demo\n spec:\n containers:\n - image: chrstnhntschl/gpu_burn\n name: container-0\n resources:\n requests:\n cpu: 250m\n memory: 512Mi\n nvidia.com/gpu: 1 # Number of GPUs requested\n limits:\n cpu: 250m\n memory: 512Mi\n nvidia.com/gpu: 1 # Upper limit of GPU usage\n imagePullSecrets:\n - name: default-secret\n
Note
When using the nvidia.com/gpu
parameter to specify the number of GPUs, the values for requests and limits must be consistent.
AI platform comes with pre-installed driver
images for the following three operating systems: Ubuntu 22.04, Ubuntu 20.04, and CentOS 7.9. The driver version is 535.104.12
. Additionally, it includes the required Toolkit
images for each operating system, so users no longer need to manually provide offline toolkit
images.
This page demonstrates using AMD architecture with CentOS 7.9 (3.10.0-1160). If you need to deploy on Red Hat 8.4, refer to Uploading Red Hat gpu-operator Offline Image to the Bootstrap Node Repository and Building Offline Yum Source for Red Hat 8.4.
"},{"location":"en/admin/kpanda/gpu/nvidia/install_nvidia_driver_of_operator.html#prerequisites","title":"Prerequisites","text":"To install the gpu-operator plugin for your cluster, follow these steps:
Log in to the platform and go to Container Management -> Clusters , check cluster eetails.
On the Helm Charts page, select All Repositories and search for gpu-operator .
Select gpu-operator and click Install .
Configure the installation parameters for gpu-operator based on the instructions below to complete the installation.
Ubuntu 22.04
, Ubuntu 20.04
, Centos 7.9
, and other
. Please choose the correct operating system.Driver.version : Version of the GPU driver image, use default parameters for offline deployment. Configuration is only required for online installation. Different versions of the Driver image exist for different types of operating systems. For more details, refer to Nvidia GPU Driver Versions. Examples of Driver Version
for different operating systems are as follows:
Note
When using the built-in operating system version, there is no need to modify the image version. For other operating system versions, please refer to Uploading Images to the Bootstrap Node Repository. note that there is no need to include the operating system name such as Ubuntu, CentOS, or Red Hat in the version number. If the official image contains an operating system suffix, please manually remove it.
525.105.17
535-5.15.0-1043-nvidia
525.147.05
Driver.RepoConfig.ConfigMapName : Used to record the name of the offline yum repository configuration file for the gpu-operator. When using the pre-packaged offline bundle, refer to the following documents for different types of operating systems.
Toolkit.enable : Enabled by default. This component allows containerd/docker to support running containers that require GPUs.
"},{"location":"en/admin/kpanda/gpu/nvidia/install_nvidia_driver_of_operator.html#mig-parameters","title":"MIG parameters","text":"For detailed configuration methods, refer to Enabling MIG Functionality.
MigManager.Config.name : The name of the MIG split configuration file, used to define the MIG (GI, CI) split policy. The default is default-mig-parted-config . For custom parameters, refer to Enabling MIG Functionality.
"},{"location":"en/admin/kpanda/gpu/nvidia/install_nvidia_driver_of_operator.html#next-steps","title":"Next Steps","text":"After completing the configuration and creation of the above parameters:
If using full-card mode , GPU resources can be used when creating applications.
If using vGPU mode , after completing the above configuration and creation, proceed to vGPU Addon Installation.
If using MIG mode and you need to use a specific split specification for individual GPU nodes, otherwise, split according to the default value in MigManager.Config
.
For single mode, add label to nodes as follows:
kubectl label nodes {node} nvidia.com/mig.config=\"all-1g.10gb\" --overwrite\n
For mixed mode, add label to nodes as follows:
kubectl label nodes {node} nvidia.com/mig.config=\"custom-config\" --overwrite\n
After spliting, applications can use MIG GPU resources.
This guide explains how to upload an offline image to the bootstrap repository using the nvcr.io/nvidia/driver:525.105.17-rhel8.4 offline driver image for Red Hat 8.4 as an example.
"},{"location":"en/admin/kpanda/gpu/nvidia/push_image_to_repo.html#prerequisites","title":"Prerequisites","text":"Perform the following steps on the internet-connected node:
Pull the nvcr.io/nvidia/driver:525.105.17-rhel8.4 offline driver image:
docker pull nvcr.io/nvidia/driver:525.105.17-rhel8.4\n
Once the image is pulled, save it as a compressed archive named nvidia-driver.tar :
docker save nvcr.io/nvidia/driver:525.105.17-rhel8.4 > nvidia-driver.tar\n
Copy the compressed image archive nvidia-driver.tar to the bootstrap node:
scp nvidia-driver.tar user@ip:/root\n
For example:
scp nvidia-driver.tar root@10.6.175.10:/root\n
Perform the following steps on the bootstrap node:
Log in to the bootstrap node and import the compressed image archive nvidia-driver.tar :
docker load -i nvidia-driver.tar\n
View the imported image:
docker images -a | grep nvidia\n
Expected output:
nvcr.io/nvidia/driver e3ed7dee73e9 1 days ago 1.02GB\n
Retag the image to correspond to the target repository in the remote Registry repository:
docker tag <image-name> <registry-url>/<repository-name>:<tag>\n
Replace with the name of the Nvidia image from the previous step, with the address of the Registry service on the bootstrap node, with the name of the repository you want to push the image to, and with the desired tag for the image.
For example:
docker tag nvcr.io/nvidia/driver 10.6.10.5/nvcr.io/nvidia/driver:525.105.17-rhel8.4\n
Push the image to the bootstrap repository:
docker push {ip}/nvcr.io/nvidia/driver:525.105.17-rhel8.4\n
Refer to Building Red Hat 8.4 Offline Yum Source and Offline Installation of GPU Operator to deploy the GPU Operator to your cluster.
"},{"location":"en/admin/kpanda/gpu/nvidia/ubuntu22.04_offline_install_driver.html","title":"Offline Install gpu-operator Driver on Ubuntu 22.04","text":"Prerequisite: Installed gpu-operator v23.9.0+2 or higher versions
"},{"location":"en/admin/kpanda/gpu/nvidia/ubuntu22.04_offline_install_driver.html#prepare-offline-image","title":"Prepare Offline Image","text":"Check the kernel version
$ uname -r\n5.15.0-78-generic\n
Check the GPU Driver image version applicable to your kernel, at https://catalog.ngc.nvidia.com/orgs/nvidia/containers/driver/tags
. Use the kernel to query the image version and save the image using ctr export
.
ctr i pull nvcr.io/nvidia/driver:535-5.15.0-78-generic-ubuntu22.04\nctr i export --all-platforms driver.tar.gz nvcr.io/nvidia/driver:535-5.15.0-78-generic-ubuntu22.04 \n
Import the image into the cluster's container registry
ctr i import driver.tar.gz\nctr i tag nvcr.io/nvidia/driver:535-5.15.0-78-generic-ubuntu22.04 {your_registry}/nvcr.m.daocloud.io/nvidia/driver:535-5.15.0-78-generic-ubuntu22.04\nctr i push {your_registry}/nvcr.m.daocloud.io/nvidia/driver:535-5.15.0-78-generic-ubuntu22.04 --skip-verify=true\n
driver.usePrecompiled=true
driver.version=535
, note that it should be 535, not 535.104.12The AI platform comes with a pre-installed GPU Operator offline package for CentOS 7.9 with kernel version 3.10.0-1160. or other OS types or kernel versions, users need to manually build an offline yum source.
This guide explains how to build an offline yum source for CentOS 7.9 with a specific kernel version and use it when installing the GPU Operator by specifying the RepoConfig.ConfigMapName parameter.
"},{"location":"en/admin/kpanda/gpu/nvidia/upgrade_yum_source_centos7_9.html#prerequisites","title":"Prerequisites","text":"This guide uses CentOS 7.9 with kernel version 3.10.0-1160.95.1.el7.x86_64 as an example to explain how to upgrade the pre-installed GPU Operator offline package's yum source.
"},{"location":"en/admin/kpanda/gpu/nvidia/upgrade_yum_source_centos7_9.html#check-os-and-kernel-versions-of-cluster-nodes","title":"Check OS and Kernel Versions of Cluster Nodes","text":"Run the following commands on both the control node of the Global cluster and the node where GPU Operator will be deployed. If the OS and kernel versions of the two nodes are consistent, there is no need to build a yum source. You can directly refer to the Offline Installation of GPU Operator document for installation. If the OS or kernel versions of the two nodes are not consistent, please proceed to the next step.
Run the following command to view the distribution name and version of the node where GPU Operator will be deployed in the cluster.
cat /etc/redhat-release\n
Expected output:
CentOS Linux release 7.9 (Core)\n
The output shows the current node's OS version as CentOS 7.9
.
Run the following command to view the kernel version of the node where GPU Operator will be deployed in the cluster.
uname -a\n
Expected output:
Linux localhost.localdomain 3.10.0-1160.95.1.el7.x86_64 #1 SMP Mon Oct 19 16:18:59 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux\n
The output shows the current node's kernel version as 3.10.0-1160.el7.x86_64
.
Perform the following steps on a node that has internet access and can access the file server:
Create a script file named yum.sh by running the following command:
vi yum.sh\n
Then press the i key to enter insert mode and enter the following content:
export TARGET_KERNEL_VERSION=$1\n\ncat >> run.sh << \\EOF\n#! /bin/bash\necho \"start install kernel repo\"\necho ${KERNEL_VERSION}\nmkdir centos-base\n\nif [ \"$OS\" -eq 7 ]; then\n yum install --downloadonly --downloaddir=./centos-base perl\n yum install --downloadonly --downloaddir=./centos-base elfutils-libelf.x86_64\n yum install --downloadonly --downloaddir=./redhat-base elfutils-libelf-devel.x86_64\n yum install --downloadonly --downloaddir=./centos-base kernel-headers-${KERNEL_VERSION}.el7.x86_64\n yum install --downloadonly --downloaddir=./centos-base kernel-devel-${KERNEL_VERSION}.el7.x86_64\n yum install --downloadonly --downloaddir=./centos-base kernel-${KERNEL_VERSION}.el7.x86_64\n yum install -y --downloadonly --downloaddir=./centos-base groff-base\nelif [ \"$OS\" -eq 8 ]; then\n yum install --downloadonly --downloaddir=./centos-base perl\n yum install --downloadonly --downloaddir=./centos-base elfutils-libelf.x86_64\n yum install --downloadonly --downloaddir=./redhat-base elfutils-libelf-devel.x86_64\n yum install --downloadonly --downloaddir=./centos-base kernel-headers-${KERNEL_VERSION}.el8.x86_64\n yum install --downloadonly --downloaddir=./centos-base kernel-devel-${KERNEL_VERSION}.el8.x86_64\n yum install --downloadonly --downloaddir=./centos-base kernel-${KERNEL_VERSION}.el8.x86_64\n yum install -y --downloadonly --downloaddir=./centos-base groff-base\nelse\n echo \"Error os version\"\nfi\n\ncreaterepo centos-base/\nls -lh centos-base/\ntar -zcf centos-base.tar.gz centos-base/\necho \"end install kernel repo\"\nEOF\n\ncat >> Dockerfile << EOF\nFROM centos:7\nENV KERNEL_VERSION=\"\"\nENV OS=7\nRUN yum install -y createrepo\nCOPY run.sh .\nENTRYPOINT [\"/bin/bash\",\"run.sh\"]\nEOF\n\ndocker build -t test:v1 -f Dockerfile .\ndocker run -e KERNEL_VERSION=$TARGET_KERNEL_VERSION --name centos7.9 test:v1\ndocker cp centos7.9:/centos-base.tar.gz .\ntar -xzf centos-base.tar.gz\n
Press the Esc key to exit insert mode, then enter :wq to save and exit.
Run the yum.sh file:
bash -x yum.sh TARGET_KERNEL_VERSION\n
The TARGET_KERNEL_VERSION
parameter is used to specify the kernel version of the cluster nodes.
Note: You don't need to include the distribution identifier (e.g., __ .el7.x86_64__ ). For example:
bash -x yum.sh 3.10.0-1160.95.1\n
Now you have generated an offline yum source, centos-base , for the kernel version 3.10.0-1160.95.1.el7.x86_64 .
"},{"location":"en/admin/kpanda/gpu/nvidia/upgrade_yum_source_centos7_9.html#upload-the-offline-yum-source-to-the-file-server","title":"Upload the Offline Yum Source to the File Server","text":"Perform the following steps on a node that has internet access and can access the file server. This step is used to upload the generated yum source from the previous step to a file server that can be accessed by the cluster where the GPU Operator will be deployed. The file server can be Nginx, MinIO, or any other file server that supports the HTTP protocol.
In this example, we will use the built-in MinIO as the file server. The MinIO details are as follows:
http://10.5.14.200:9000
(usually {bootstrap-node IP} + {port-9000} )Login password: rootpass123
Run the following command in the current directory of the node to establish a connection between the node's local mc command-line tool and the MinIO server:
mc config host add minio http://10.5.14.200:9000 rootuser rootpass123\n
The expected output should resemble the following:
Added __minio__ successfully.\n
mc is the command-line tool provided by MinIO for interacting with the MinIO server. For more details, refer to the MinIO Client documentation.
In the current directory of the node, create a bucket named centos-base :
mc mb -p minio/centos-base\n
The expected output should resemble the following:
Bucket created successfully __minio/centos-base__ .\n
Set the access policy of the bucket centos-base to allow public download. This will enable access during the installation of the GPU Operator:
mc anonymous set download minio/centos-base\n
The expected output should resemble the following:
Access permission for __minio/centos-base__ is set to __download__ \n
In the current directory of the node, copy the generated centos-base offline yum source to the minio/centos-base bucket on the MinIO server:
mc cp centos-base minio/centos-base --recursive\n
Perform the following steps on the control node of the cluster where the GPU Operator will be deployed.
Run the following command to create a file named CentOS-Base.repo that specifies the configmap for the yum source storage:
# The file name must be CentOS-Base.repo, otherwise it cannot be recognized during the installation of the GPU Operator\ncat > CentOS-Base.repo << EOF\n[extension-0]\nbaseurl = http://10.5.14.200:9000/centos-base/centos-base # The file server address where the yum source is placed in step 3\ngpgcheck = 0\nname = kubean extension 0\n\n[extension-1]\nbaseurl = http://10.5.14.200:9000/centos-base/centos-base # The file server address where the yum source is placed in step 3\ngpgcheck = 0\nname = kubean extension 1\nEOF\n
Based on the created CentOS-Base.repo file, create a configmap named local-repo-config in the gpu-operator namespace:
kubectl create configmap local-repo-config -n gpu-operator --from-file=CentOS-Base.repo=/etc/yum.repos.d/extension.repo\n
The expected output should resemble the following:
configmap/local-repo-config created\n
The local-repo-config configmap will be used to provide the value for the RepoConfig.ConfigMapName parameter during the installation of the GPU Operator. You can customize the configuration file name.
View the content of the local-repo-config configmap:
kubectl get configmap local-repo-config -n gpu-operator -oyaml\n
The expected output should resemble the following:
apiVersion: v1\ndata:\nCentOS-Base.repo: \"[extension-0]\\nbaseurl = http://10.6.232.5:32618/centos-base# The file server path where the yum source is placed in step 2\\ngpgcheck = 0\\nname = kubean extension 0\\n \\n[extension-1]\\nbaseurl = http://10.6.232.5:32618/centos-base # The file server path where the yum source is placed in step 2\\ngpgcheck = 0\\nname = kubean extension 1\\n\"\nkind: ConfigMap\nmetadata:\ncreationTimestamp: \"2023-10-18T01:59:02Z\"\nname: local-repo-config\nnamespace: gpu-operator\nresourceVersion: \"59445080\"\nuid: c5f0ebab-046f-442c-b932-f9003e014387\n
You have successfully created an offline yum source configuration file for the cluster where the GPU Operator will be deployed. You can use it during the offline installation of the GPU Operator by specifying the RepoConfig.ConfigMapName parameter.
"},{"location":"en/admin/kpanda/gpu/nvidia/upgrade_yum_source_redhat8_4.html","title":"Building Red Hat 8.4 Offline Yum Source","text":"The AI platform comes with pre-installed CentOS v7.9 and GPU Operator offline packages with kernel v3.10.0-1160. For other OS types or nodes with different kernels, users need to manually build the offline yum source.
This guide explains how to build an offline yum source package for Red Hat 8.4 based on any node in the Global cluster. It also demonstrates how to use it during the installation of the GPU Operator by specifying the RepoConfig.ConfigMapName parameter.
"},{"location":"en/admin/kpanda/gpu/nvidia/upgrade_yum_source_redhat8_4.html#prerequisites","title":"Prerequisites","text":"This guide uses a node with Red Hat 8.4 4.18.0-305.el8.x86_64 as an example to demonstrate how to build an offline yum source package for Red Hat 8.4 based on any node in the Global cluster. It also explains how to use it during the installation of the GPU Operator by specifying the RepoConfig.ConfigMapName parameter.
"},{"location":"en/admin/kpanda/gpu/nvidia/upgrade_yum_source_redhat8_4.html#step-1-download-the-yum-source-from-the-bootstrap-node","title":"Step 1: Download the Yum Source from the Bootstrap Node","text":"Perform the following steps on the master node of the Global cluster.
Use SSH or any other method to access any node in the Global cluster and run the following command:
cat /etc/yum.repos.d/extension.repo # View the contents of extension.repo.\n
The expected output should resemble the following:
[extension-0]\nbaseurl = http://10.5.14.200:9000/kubean/redhat/$releasever/os/$basearch\ngpgcheck = 0\nname = kubean extension 0\n\n[extension-1]\nbaseurl = http://10.5.14.200:9000/kubean/redhat-iso/$releasever/os/$basearch/AppStream\ngpgcheck = 0\nname = kubean extension 1\n\n[extension-2]\nbaseurl = http://10.5.14.200:9000/kubean/redhat-iso/$releasever/os/$basearch/BaseOS\ngpgcheck = 0\nname = kubean extension 2\n
Create a folder named redhat-base-repo under the root directory:
mkdir redhat-base-repo\n
Download the RPM packages from the yum source to your local machine:
Download the RPM packages from extension-1 :
reposync -p redhat-base-repo -n --repoid=extension-1\n
Download the RPM packages from extension-2 :
reposync -p redhat-base-repo -n --repoid=extension-2\n
Perform the following steps on a node with internet access. Before proceeding, ensure that there is network connectivity between the node with internet access and the master node of the Global cluster.
Run the following command on the node with internet access to download the elfutils-libelf-devel-0.187-4.el8.x86_64.rpm package:
wget https://rpmfind.net/linux/centos/8-stream/BaseOS/x86_64/os/Packages/elfutils-libelf-devel-0.187-4.el8.x86_64.rpm\n
Transfer the elfutils-libelf-devel-0.187-4.el8.x86_64.rpm package from the current directory to the node mentioned in step 1:
scp elfutils-libelf-devel-0.187-4.el8.x86_64.rpm user@ip:~/redhat-base-repo/extension-2/Packages/\n
For example:
scp elfutils-libelf-devel-0.187-4.el8.x86_64.rpm root@10.6.175.10:~/redhat-base-repo/extension-2/Packages/\n
Perform the following steps on the master node of the Global cluster mentioned in Step 1.
Enter the yum repository directories:
cd ~/redhat-base-repo/extension-1/Packages\ncd ~/redhat-base-repo/extension-2/Packages\n
Generate the repository index for the directories:
createrepo_c ./\n
You have now generated the offline yum source named redhat-base-repo for kernel version 4.18.0-305.el8.x86_64 .
"},{"location":"en/admin/kpanda/gpu/nvidia/upgrade_yum_source_redhat8_4.html#step-4-upload-the-local-yum-repository-to-the-file-server","title":"Step 4: Upload the Local Yum Repository to the File Server","text":"In this example, we will use Minio, which is built-in as the file server in the bootstrap node. However, you can choose any file server that suits your needs. Here are the details for Minio:
http://10.5.14.200:9000
(usually the {bootstrap-node-IP} + {port-9000})Login password: rootpass123
On the current node, establish a connection between the local mc command-line tool and the Minio server by running the following command:
mc config host add minio <file_server_access_url> <username> <password>\n
For example:
mc config host add minio http://10.5.14.200:9000 rootuser rootpass123\n
The expected output should be similar to:
Added __minio__ successfully.\n
The mc command-line tool is provided by the Minio file server as a client command-line tool. For more details, refer to the MinIO Client documentation.
Create a bucket named redhat-base in the current location:
mc mb -p minio/redhat-base\n
The expected output should be similar to:
Bucket created successfully __minio/redhat-base__ .\n
Set the access policy of the redhat-base bucket to allow public downloads so that it can be accessed during the installation of the GPU Operator:
mc anonymous set download minio/redhat-base\n
The expected output should be similar to:
Access permission for __minio/redhat-base__ is set to __download__ \n
Copy the offline yum repository files ( redhat-base-repo ) from the current location to the Minio server's minio/redhat-base bucket:
mc cp redhat-base-repo minio/redhat-base --recursive\n
Perform the following steps on the control node of the cluster where you will deploy the GPU Operator.
Run the following command to create a file named redhat.repo , which specifies the configuration information for the yum repository storage:
# The file name must be redhat.repo, otherwise it won't be recognized when installing gpu-operator\ncat > redhat.repo << EOF\n[extension-0]\nbaseurl = http://10.5.14.200:9000/redhat-base/redhat-base-repo/Packages # The file server address where the yum source is stored in Step 1\ngpgcheck = 0\nname = kubean extension 0\n\n[extension-1]\nbaseurl = http://10.5.14.200:9000/redhat-base/redhat-base-repo/Packages # The file server address where the yum source is stored in Step 1\ngpgcheck = 0\nname = kubean extension 1\nEOF\n
Based on the created redhat.repo file, create a configmap named local-repo-config in the gpu-operator namespace:
kubectl create configmap local-repo-config -n gpu-operator --from-file=./redhat.repo\n
The expected output should be similar to:
configmap/local-repo-config created\n
The local-repo-config configuration file is used to provide the value for the RepoConfig.ConfigMapName parameter during the installation of the GPU Operator. You can choose a different name for the configuration file.
View the contents of the local-repo-config configuration file:
kubectl get configmap local-repo-config -n gpu-operator -oyaml\n
You have successfully created the offline yum source configuration file for the cluster where the GPU Operator will be deployed. You can use it by specifying the RepoConfig.ConfigMapName parameter during the offline installation of the GPU Operator.
"},{"location":"en/admin/kpanda/gpu/nvidia/yum_source_redhat7_9.html","title":"Build an Offline Yum Repository for Red Hat 7.9","text":""},{"location":"en/admin/kpanda/gpu/nvidia/yum_source_redhat7_9.html#introduction","title":"Introduction","text":"AI platform comes with a pre-installed CentOS 7.9 with GPU Operator offline package for kernel 3.10.0-1160. You need to manually build an offline yum repository for other OS types or nodes with different kernels.
This page explains how to build an offline yum repository for Red Hat 7.9 based on any node in the Global cluster, and how to use the RepoConfig.ConfigMapName
parameter when installing the GPU Operator.
Download rhel7.9 ISO
Download the rhel7.9 ospackage that corresponds to your Kubean version.
Find the version number of Kubean in the Container Management section of the Global cluster under Helm Apps.
Download the rhel7.9 ospackage for that version from the Kubean repository.
Import offline resources using the installer.
Click here to view the download url.
"},{"location":"en/admin/kpanda/gpu/nvidia/yum_source_redhat7_9.html#3-upload-red-hat-gpu-operator-offline-image-to-boostrap-node-repository","title":"3. Upload Red Hat GPU Operator Offline Image to Boostrap Node Repository","text":"Refer to Upload Red Hat GPU Operator Offline Image to Boostrap Node Repository.
Note
This reference is based on rhel8.4, so make sure to modify it for rhel7.9.
"},{"location":"en/admin/kpanda/gpu/nvidia/yum_source_redhat7_9.html#4-create-configmaps-in-the-cluster-to-save-yum-repository-information","title":"4. Create ConfigMaps in the Cluster to Save Yum Repository Information","text":"Run the following command on the control node of the cluster where the GPU Operator is to be deployed.
Run the following command to create a file named CentOS-Base.repo to specify the configuration information where the yum repository is stored.
# The file name must be CentOS-Base.repo, otherwise it will not be recognized when installing gpu-operator\ncat > CentOS-Base.repo << EOF\n[extension-0]\nbaseurl = http://10.5.14.200:9000/centos-base/centos-base # The server file address of the boostrap node, usually {boostrap node IP} + {9000 port}\ngpgcheck = 0\nname = kubean extension 0\n\n[extension-1]\nbaseurl = http://10.5.14.200:9000/centos-base/centos-base # The server file address of the boostrap node, usually {boostrap node IP} + {9000 port}\ngpgcheck = 0\nname = kubean extension 1\nEOF\n
Based on the created CentOS-Base.repo file, create a profile named local-repo-config in the gpu-operator namespace:
kubectl create configmap local-repo-config -n gpu-operator --from-file=CentOS-Base.repo=/etc/yum.repos.d/extension.repo\n
The expected output is as follows:
configmap/local-repo-config created\n
The local-repo-config profile is used to provide the value of the RepoConfig.ConfigMapName
parameter when installing gpu-operator, and the profile name can be customized by the user.
View the contents of the local-repo-config profile:
kubectl get configmap local-repo-config -n gpu-operator -oyaml\n
The expected output is as follows:
local-repo-config.yamlapiVersion: v1\ndata:\n CentOS-Base.repo: \"[extension-0]\\nbaseurl = http://10.6.232.5:32618/centos-base # The file path where yum repository is placed in Step 2 \\ngpgcheck = 0\\nname = kubean extension 0\\n \\n[extension-1]\\nbaseurl\n = http://10.6.232.5:32618/centos-base # The file path where yum repository is placed in Step 2 \\ngpgcheck = 0\\nname\n = kubean extension 1\\n\"\nkind: ConfigMap\nmetadata:\n creationTimestamp: \"2023-10-18T01:59:02Z\"\n name: local-repo-config\n namespace: gpu-operator\n resourceVersion: \"59445080\"\n uid: c5f0ebab-046f-442c-b932-f9003e014387\n
At this point, you have successfully created the offline yum repository profile for the cluster where the GPU Operator is to be deployed. The RepoConfig.ConfigMapName
parameter was used during the Offline Installation of GPU Operator.
MIG allows cloud service providers to partition a physical GPU into multiple independent GPU instances, which can be allocated to different tenants. This enables resource isolation and independence, meeting the GPU computing needs of multiple tenants.
MIG enables finer-grained GPU resource management in containerized environments. By partitioning a physical GPU into multiple MIG instances, each container can be assigned with dedicated GPU compute resources, providing better performance isolation and resource utilization.
For batch processing jobs requiring large-scale parallel computing, MIG provides higher computational performance and larger memory capacity. Each MIG instance can utilize a portion of the physical GPU's compute resources, accelerating the processing of large-scale computational tasks.
MIG offers increased compute power and memory capacity for training large-scale deep learning models. By partitioning the physical GPU into multiple MIG instances, each instance can independently carry out model training, improving training efficiency and throughput.
In general, NVIDIA MIG is suitable for scenarios that require finer-grained allocation and management of GPU resources. It enables resource isolation, improved performance utilization, and meets the GPU computing needs of multiple users or applications.
"},{"location":"en/admin/kpanda/gpu/nvidia/mig/index.html#overview-of-mig","title":"Overview of MIG","text":"NVIDIA Multi-Instance GPU (MIG) is a new feature introduced by NVIDIA on H100, A100, and A30 series GPUs. Its purpose is to divide a physical GPU into multiple GPU instances to provide finer-grained resource sharing and isolation. MIG can split a GPU into up to seven GPU instances, allowing a single physical GPU to provide separate GPU resources to multiple users, maximizing GPU utilization.
This feature enables multiple applications or users to share GPU resources simultaneously, improving the utilization of computational resources and increasing system scalability.
With MIG, each GPU instance's processor has an independent and isolated path throughout the entire memory system, including cross-switch ports on the chip, L2 cache groups, memory controllers, and DRAM address buses, all uniquely allocated to a single instance.
This ensures that the workload of individual users can run with predictable throughput and latency, along with identical L2 cache allocation and DRAM bandwidth. MIG can partition available GPU compute resources (such as streaming multiprocessors or SMs and GPU engines like copy engines or decoders) to provide defined quality of service (QoS) and fault isolation for different clients such as virtual machines, containers, or processes. MIG enables multiple GPU instances to run in parallel on a single physical GPU.
MIG allows multiple vGPUs (and virtual machines) to run in parallel on a single GPU instance while retaining the isolation guarantees provided by vGPU. For more details on using vGPU and MIG for GPU partitioning, refer to NVIDIA Multi-Instance GPU and NVIDIA Virtual Compute Server.
"},{"location":"en/admin/kpanda/gpu/nvidia/mig/index.html#mig-architecture","title":"MIG Architecture","text":"The following diagram provides an overview of MIG, illustrating how it virtualizes one physical GPU into seven GPU instances that can be used by multiple users.
"},{"location":"en/admin/kpanda/gpu/nvidia/mig/index.html#important-concepts","title":"Important Concepts","text":"Resource Sharing: MIG allows a single physical GPU to be divided into multiple GPU instances, providing efficient sharing of GPU resources among different users or applications. This maximizes GPU utilization and enables improved performance isolation.
Fine-Grained Resource Allocation: With MIG, GPU resources can be allocated at a finer granularity, allowing for more precise partitioning and allocation of compute power and memory capacity.
Improved Performance Isolation: Each MIG instance operates independently with its dedicated resources, ensuring predictable throughput and latency for individual users or applications. This improves performance isolation and prevents interference between different workloads running on the same GPU.
Enhanced Security and Fault Isolation: MIG provides better security and fault isolation by ensuring that each user or application has its dedicated GPU resources. This prevents unauthorized access to data and mitigates the impact of faults or errors in one instance on others.
Increased Scalability: MIG enables the simultaneous usage of GPU resources by multiple users or applications, increasing system scalability and accommodating the needs of various workloads.
Efficient Containerization: By using MIG in containerized environments, GPU resources can be effectively allocated to different containers, improving performance isolation and resource utilization.
Overall, MIG offers significant advantages in terms of resource sharing, fine-grained allocation, performance isolation, security, scalability, and containerization, making it a valuable feature for various GPU computing scenarios.
"},{"location":"en/admin/kpanda/gpu/nvidia/mig/create_mig.html","title":"Enabling MIG Features","text":"This section describes how to enable NVIDIA MIG features. NVIDIA currently provides two strategies for exposing MIG devices on Kubernetes nodes:
For more details, refer to the NVIDIA GPU Usage Modes.
"},{"location":"en/admin/kpanda/gpu/nvidia/mig/create_mig.html#prerequisites","title":"Prerequisites","text":"When installing the Operator, you need to set the MigManager Config parameter accordingly. The default setting is default-mig-parted-config. You can also customize the sharding policy configuration file:
"},{"location":"en/admin/kpanda/gpu/nvidia/mig/create_mig.html#custom-sharding-policy","title":"Custom Sharding Policy","text":" ## Custom GI Instance Configuration\n all-disabled:\n - devices: all\n mig-enabled: false\n all-enabled:\n - devices: all\n mig-enabled: true\n mig-devices: {}\n all-1g.10gb:\n - devices: all\n mig-enabled: true\n mig-devices:\n 1g.5gb: 7\n all-1g.10gb.me:\n - devices: all\n mig-enabled: true\n mig-devices:\n 1g.10gb+me: 1\n all-1g.20gb:\n - devices: all\n mig-enabled: true\n mig-devices:\n 1g.20gb: 4\n all-2g.20gb:\n - devices: all\n mig-enabled: true\n mig-devices:\n 2g.20gb: 3\n all-3g.40gb:\n - devices: all\n mig-enabled: true\n mig-devices:\n 3g.40gb: 2\n all-4g.40gb:\n - devices: all\n mig-enabled: true\n mig-devices:\n 4g.40gb: 1\n all-7g.80gb:\n - devices: all\n mig-enabled: true\n mig-devices:\n 7g.80gb: 1\n all-balanced:\n - device-filter: [\"0x233110DE\", \"0x232210DE\", \"0x20B210DE\", \"0x20B510DE\", \"0x20F310DE\", \"0x20F510DE\"]\n devices: all\n mig-enabled: true\n mig-devices:\n 1g.10gb: 2\n 2g.20gb: 1\n 3g.40gb: 1\n # After setting, CI instances will be partitioned according to the specified configuration\n custom-config:\n - devices: all\n mig-enabled: true\n mig-devices:\n 3g.40gb: 2\n
In the above YAML, set custom-config to partition CI instances according to the specifications.
custom-config:\n - devices: all\n mig-enabled: true\n mig-devices:\n 1c.3g.40gb: 6\n
After completing the settings, you can use GPU MIG resources when confirming the deployment of the application.
"},{"location":"en/admin/kpanda/gpu/nvidia/mig/create_mig.html#switch-node-gpu-mode","title":"Switch Node GPU Mode","text":"After successfully installing the GPU operator, the node is in full card mode by default. There will be an indicator on the node management page, as shown below:
Click the \u2507 at the right side of the node list, select a GPU mode to switch, and then choose the proper MIG mode and sharding policy. Here, we take MIXED mode as an example:
There are two configurations here:
After clicking OK button, wait for about a minute and refresh the page. The MIG mode will be switched to:
"},{"location":"en/admin/kpanda/gpu/nvidia/mig/mig_command.html","title":"MIG Related Commands","text":"GI Related Commands:
Subcommand Description nvidia-smi mig -lgi View the list of created GI instances nvidia-smi mig -dgi -gi Delete a specific GI instance nvidia-smi mig -lgip View the profile of GI nvidia-smi mig -cgi Create a GI using the specified profile IDCI Related Commands:
Subcommand Description nvidia-smi mig -lcip { -gi {gi Instance ID}} View the profile of CI, specifying -gi will show the CIs that can be created for a particular GI instance nvidia-smi mig -lci View the list of created CI instances nvidia-smi mig -cci {profile id} -gi {gi instance id} Create a CI instance with the specified GI nvidia-smi mig -dci -ci Delete a specific CI instanceGI+CI Related Commands:
Subcommand Description nvidia-smi mig -i 0 -cgi {gi profile id} -C {ci profile id} Create a GI + CI instance directly"},{"location":"en/admin/kpanda/gpu/nvidia/mig/mig_usage.html","title":"Using MIG GPU Resources","text":"This section explains how applications can use MIG GPU resources.
"},{"location":"en/admin/kpanda/gpu/nvidia/mig/mig_usage.html#prerequisites","title":"Prerequisites","text":"Confirm if the cluster has recognized the GPU type.
Go to Cluster Details -> Nodes and check if it has been correctly recognized as MIG.
When deploying an application using an image, you can select and use NVIDIA MIG resources.
Example of MIG Single Mode (used in the same way as a full GPU):
Note
The MIG single policy allows users to request and use GPU resources in the same way as a full GPU (nvidia.com/gpu
). The difference is that these resources can be a portion of the GPU (MIG device) rather than the entire GPU. Learn more from the GPU MIG Mode Design.
MIG Mixed Mode
MIG Single mode:
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: mig-demo\n namespace: default\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: mig-demo\n template:\n metadata:\n creationTimestamp: null\n labels:\n app: mig-demo\n spec:\n containers:\n - name: mig-demo1\n image: chrstnhntschl/gpu_burn\n resources:\n limits:\n nvidia.com/gpu: 2 # (1)!\n imagePullPolicy: Always\n restartPolicy: Always\n
MIG Mixed mode:
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: mig-demo\n namespace: default\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: mig-demo\n template:\n metadata:\n creationTimestamp: null\n labels:\n app: mig-demo\n spec:\n containers:\n - name: mig-demo1\n image: chrstnhntschl/gpu_burn\n resources:\n limits:\n nvidia.com/mig-4g.20gb: 1 # (1)!\n imagePullPolicy: Always\n restartPolicy: Always\n
After entering the container, you can check if only one MIG device is being used:
"},{"location":"en/admin/kpanda/gpu/nvidia/vgpu/hami.html","title":"Build a vGPU Memory Oversubscription Image","text":"The vGPU memory oversubscription feature in the Hami Project no longer exists. To use this feature, you need to rebuild with the libvgpu.so
file that supports memory oversubscription.
FROM docker.m.daocloud.io/projecthami/hami:v2.3.11\nCOPY libvgpu.so /k8s-vgpu/lib/nvidia/\n
Run the following command to build the image:
docker build -t release.daocloud.io/projecthami/hami:v2.3.11 -f Dockerfile .\n
Then, push the image to release.daocloud.io
.
To virtualize a single NVIDIA GPU into multiple virtual GPUs and allocate them to different virtual machines or users, you can use NVIDIA's vGPU capability. This section explains how to install the vGPU plugin in the AI platform, which is a prerequisite for using NVIDIA vGPU capability.
"},{"location":"en/admin/kpanda/gpu/nvidia/vgpu/vgpu_addon.html#prerequisites","title":"Prerequisites","text":"Path: Container Management -> Cluster Management -> Click the target cluster -> Helm Apps -> Helm Charts -> Search for nvidia-vgpu .
During the installation of vGPU, several basic modification parameters are provided. If you need to modify advanced parameters, click the YAML column to make changes:
deviceMemoryScaling : NVIDIA device memory scaling factor, the input value must be an integer, with a default value of 1. It can be greater than 1 (enabling virtual memory, experimental feature). For an NVIDIA GPU with a memory size of M, if we configure the devicePlugin.deviceMemoryScaling parameter as S, in a Kubernetes cluster where we have deployed our device plugin, the vGPUs assigned from this GPU will have a total memory of S * M .
deviceSplitCount : An integer type, with a default value of 10. Number of GPU splits, each GPU cannot be assigned more tasks than its configuration count. If configured as N, each GPU can have up to N tasks simultaneously.
Resources : Represents the resource usage of the vgpu-device-plugin and vgpu-schedule pods.
After a successful installation, you will see two types of pods in the specified namespace, indicating that the NVIDIA vGPU plugin has been successfully installed:
After a successful installation, you can deploy applications using vGPU resources.
Note
NVIDIA vGPU Addon does not support upgrading directly from the older v2.0.0 to the latest v2.0.0+1; To upgrade, please uninstall the older version and then reinstall the latest version.
"},{"location":"en/admin/kpanda/gpu/nvidia/vgpu/vgpu_user.html","title":"Using NVIDIA vGPU in Applications","text":"This section explains how to use the vGPU capability in the AI platform.
"},{"location":"en/admin/kpanda/gpu/nvidia/vgpu/vgpu_user.html#prerequisites","title":"Prerequisites","text":"Confirm if the cluster has detected GPUs. Click the Clusters -> Cluster Settings -> Addon Plugins and check if the GPU plugin has been automatically enabled and the proper GPU type has been detected. Currently, the cluster will automatically enable the GPU addon and set the GPU Type as Nvidia vGPU .
Deploy a workload by clicking Clusters -> Workloads . When deploying a workload using an image, select the type Nvidia vGPU , and you will be prompted with the following parameters:
If there are issues with the configuration values above, it may result in scheduling failure or inability to allocate resources.
Refer to the following workload configuration and add the parameter nvidia.com/vgpu: '1' in the resource requests and limits section to configure the number of physical cards used by the application.
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: full-vgpu-demo\n namespace: default\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: full-vgpu-demo\n template:\n metadata:\n creationTimestamp: null\n labels:\n app: full-vgpu-demo\n spec:\n containers:\n - name: full-vgpu-demo1\n image: chrstnhntschl/gpu_burn\n resources:\n limits:\n nvidia.com/gpucores: '20' # Request 20% of GPU cores for each card\n nvidia.com/gpumem: '200' # Request 200MB of GPU memory for each card\n nvidia.com/vgpu: '1' # Request 1 GPU\n imagePullPolicy: Always\n restartPolicy: Always\n
This YAML configuration requests the application to use vGPU resources. It specifies that each card should utilize 20% of GPU cores, 200MB of GPU memory, and requests 1 GPU.
"},{"location":"en/admin/kpanda/gpu/volcano/volcano-gang-scheduler.html","title":"Using Volcano's Gang Scheduler","text":"The Gang scheduling policy is one of the core scheduling algorithms of the volcano-scheduler. It satisfies the \"All or nothing\" scheduling requirement during the scheduling process, preventing arbitrary scheduling of Pods that could waste cluster resources. The specific algorithm observes whether the number of scheduled Pods under a Job meets the minimum running quantity. When the Job's minimum running quantity is satisfied, scheduling actions are performed for all Pods under the Job; otherwise, no actions are taken.
"},{"location":"en/admin/kpanda/gpu/volcano/volcano-gang-scheduler.html#use-cases","title":"Use Cases","text":"The Gang scheduling algorithm, based on the concept of a Pod group, is particularly suitable for scenarios that require multi-process collaboration. AI scenarios often involve complex workflows, such as Data Ingestion, Data Analysis, Data Splitting, Training, Serving, and Logging, which require a group of containers to work together. This makes the Gang scheduling policy based on pods very appropriate.
In multi-threaded parallel computing communication scenarios under the MPI computation framework, Gang scheduling is also very suitable because it requires master and slave processes to work together. High relevance among containers in a pod may lead to resource contention, and overall scheduling allocation can effectively resolve deadlocks.
In scenarios with insufficient cluster resources, the Gang scheduling policy significantly improves the utilization of cluster resources. For example, if the cluster can currently accommodate only 2 Pods, but the minimum number of Pods required for scheduling is 3, then all Pods of this Job will remain pending until the cluster can accommodate 3 Pods, at which point the Pods will be scheduled. This effectively prevents the partial scheduling of Pods, which would not meet the requirements and would occupy resources, making other Jobs unable to run.
"},{"location":"en/admin/kpanda/gpu/volcano/volcano-gang-scheduler.html#concept-explanation","title":"Concept Explanation","text":"The Gang Scheduler is the core scheduling plugin of Volcano, and it is enabled by default upon installing Volcano. When creating a workload, you only need to specify the scheduler name as Volcano.
Volcano schedules based on PodGroups. When creating a workload, there is no need to manually create PodGroup resources; Volcano will automatically create them based on the workload information. Below is an example of a PodGroup:
apiVersion: scheduling.volcano.sh/v1beta1\nkind: PodGroup\nmetadata:\n name: test\n namespace: default\nspec:\n minMember: 1 # (1)!\n minResources: # (2)!\n cpu: \"3\"\n memory: \"2048Mi\"\n priorityClassName: high-prority # (3)!\n queue: default # (4)!\n
In a multi-threaded parallel computing communication scenario under the MPI computation framework, we need to ensure that all Pods can be successfully scheduled to ensure the job is completed correctly. Setting minAvailable to 4 means that 1 mpimaster and 3 mpiworkers are required to run.
apiVersion: batch.volcano.sh/v1alpha1\nkind: Job\nmetadata:\n name: lm-mpi-job\n labels:\n \"volcano.sh/job-type\": \"MPI\"\nspec:\n minAvailable: 4\n schedulerName: volcano\n plugins:\n ssh: []\n svc: []\n policies:\n - event: PodEvicted\n action: RestartJob\n tasks:\n - replicas: 1\n name: mpimaster\n policies:\n - event: TaskCompleted\n action: CompleteJob\n template:\n spec:\n containers:\n - command:\n - /bin/sh\n - -c\n - |\n MPI_HOST=`cat /etc/volcano/mpiworker.host | tr \"\\n\" \",\"`;\n mkdir -p /var/run/sshd; /usr/sbin/sshd;\n mpiexec --allow-run-as-root --host ${MPI_HOST} -np 3 mpi_hello_world;\n image: docker.m.daocloud.io/volcanosh/example-mpi:0.0.1\n name: mpimaster\n ports:\n - containerPort: 22\n name: mpijob-port\n workingDir: /home\n resources:\n requests:\n cpu: \"500m\"\n limits:\n cpu: \"500m\"\n restartPolicy: OnFailure\n imagePullSecrets:\n - name: default-secret\n - replicas: 3\n name: mpiworker\n template:\n spec:\n containers:\n - command:\n - /bin/sh\n - -c\n - |\n mkdir -p /var/run/sshd; /usr/sbin/sshd -D;\n image: docker.m.daocloud.io/volcanosh/example-mpi:0.0.1\n name: mpiworker\n ports:\n - containerPort: 22\n name: mpijob-port\n workingDir: /home\n resources:\n requests:\n cpu: \"1000m\"\n limits:\n cpu: \"1000m\"\n restartPolicy: OnFailure\n imagePullSecrets:\n - name: default-secret\n
Generate the resources for PodGroup:
apiVersion: scheduling.volcano.sh/v1beta1\nkind: PodGroup\nmetadata:\n annotations:\n creationTimestamp: \"2024-05-28T09:18:50Z\"\n generation: 5\n labels:\n volcano.sh/job-type: MPI\n name: lm-mpi-job-9c571015-37c7-4a1a-9604-eaa2248613f2\n namespace: default\n ownerReferences:\n - apiVersion: batch.volcano.sh/v1alpha1\n blockOwnerDeletion: true\n controller: true\n kind: Job\n name: lm-mpi-job\n uid: 9c571015-37c7-4a1a-9604-eaa2248613f2\n resourceVersion: \"25173454\"\n uid: 7b04632e-7cff-4884-8e9a-035b7649d33b\nspec:\n minMember: 4\n minResources:\n count/pods: \"4\"\n cpu: 3500m\n limits.cpu: 3500m\n pods: \"4\"\n requests.cpu: 3500m\n minTaskMember:\n mpimaster: 1\n mpiworker: 3\n queue: default\nstatus:\n conditions:\n - lastTransitionTime: \"2024-05-28T09:19:01Z\"\n message: '3/4 tasks in gang unschedulable: pod group is not ready, 1 Succeeded,\n 3 Releasing, 4 minAvailable'\n reason: NotEnoughResources\n status: \"True\"\n transitionID: f875efa5-0358-4363-9300-06cebc0e7466\n type: Unschedulable\n - lastTransitionTime: \"2024-05-28T09:18:53Z\"\n reason: tasks in gang are ready to be scheduled\n status: \"True\"\n transitionID: 5a7708c8-7d42-4c33-9d97-0581f7c06dab\n type: Scheduled\n phase: Pending\n succeeded: 1\n
From the PodGroup, it can be seen that it is associated with the workload through ownerReferences and sets the minimum number of running Pods to 4.
"},{"location":"en/admin/kpanda/gpu/volcano/volcano_user_guide.html","title":"Use Volcano for AI Compute","text":""},{"location":"en/admin/kpanda/gpu/volcano/volcano_user_guide.html#usage-scenarios","title":"Usage Scenarios","text":"Kubernetes has become the de facto standard for orchestrating and managing cloud-native applications, and an increasing number of applications are choosing to migrate to K8s. The fields of artificial intelligence and machine learning inherently involve a large number of compute-intensive tasks, and developers are very willing to build AI platforms based on Kubernetes to fully leverage its resource management, application orchestration, and operations monitoring capabilities. However, the default Kubernetes scheduler was initially designed primarily for long-running services and has many shortcomings in batch and elastic scheduling for AI and big data tasks. For example, resource contention issues:
Take TensorFlow job scenarios as an example. TensorFlow jobs include two different roles, PS and Worker, and the Pods for these two roles need to work together to complete the entire job. If only one type of role Pod is running, the entire job cannot be executed properly. The default scheduler schedules Pods one by one and is unaware of the PS and Worker roles in a Kubeflow TFJob. In a high-load cluster (insufficient resources), multiple jobs may each be allocated some resources to run a portion of their Pods, but the jobs cannot complete successfully, leading to resource waste. For instance, if a cluster has 4 GPUs and both TFJob1 and TFJob2 each have 4 Workers, TFJob1 and TFJob2 might each be allocated 2 GPUs. However, both TFJob1 and TFJob2 require 4 GPUs to run. This mutual waiting for resource release creates a deadlock situation, resulting in GPU resource waste.
"},{"location":"en/admin/kpanda/gpu/volcano/volcano_user_guide.html#volcano-batch-scheduling-system","title":"Volcano Batch Scheduling System","text":"Volcano is the first Kubernetes-based container batch computing platform under CNCF, focusing on high-performance computing scenarios. It fills in the missing functionalities of Kubernetes in fields such as machine learning, big data, and scientific computing, providing essential support for these high-performance workloads. Additionally, Volcano seamlessly integrates with mainstream computing frameworks like Spark, TensorFlow, and PyTorch, and supports hybrid scheduling of heterogeneous devices, including CPUs and GPUs, effectively resolving the deadlock issues mentioned above.
The following sections will introduce how to install and use Volcano.
"},{"location":"en/admin/kpanda/gpu/volcano/volcano_user_guide.html#install-volcano","title":"Install Volcano","text":"Find Volcano in Cluster Details -> Helm Apps -> Helm Charts and install it.
Check and confirm whether Volcano is installed successfully, that is, whether the components volcano-admission, volcano-controllers, and volcano-scheduler are running properly.
Typically, Volcano is used in conjunction with the AI Lab to achieve an effective closed-loop process for the development and training of datasets, Notebooks, and task training.
"},{"location":"en/admin/kpanda/gpu/volcano/volcano_user_guide.html#volcano-use-cases","title":"Volcano Use Cases","text":"schedulerName: volcano
).volcanoJob
resource is an extension of the Job in Volcano, breaking the Job down into smaller working units called tasks, which can interact with each other.Here is an example:
apiVersion: batch.volcano.sh/v1alpha1\nkind: Job\nmetadata:\n name: tensorflow-benchmark\n labels:\n \"volcano.sh/job-type\": \"Tensorflow\"\nspec:\n minAvailable: 3\n schedulerName: volcano\n plugins:\n env: []\n svc: []\n policies:\n - event: PodEvicted\n action: RestartJob\n tasks:\n - replicas: 1\n name: ps\n template:\n spec:\n imagePullSecrets:\n - name: default-secret\n containers:\n - command:\n - sh\n - -c\n - |\n PS_HOST=`cat /etc/volcano/ps.host | sed 's/$/&:2222/g' | tr \"\\n\" \",\"`;\n WORKER_HOST=`cat /etc/volcano/worker.host | sed 's/$/&:2222/g' | tr \"\\n\" \",\"`;\n python tf_cnn_benchmarks.py --batch_size=32 --model=resnet50 --variable_update=parameter_server --flush_stdout=true --num_gpus=1 --local_parameter_device=cpu --device=cpu --data_format=NHWC --job_name=ps --task_index=${VK_TASK_INDEX} --ps_hosts=${PS_HOST} --worker_hosts=${WORKER_HOST}\n image: docker.m.daocloud.io/volcanosh/example-tf:0.0.1\n name: tensorflow\n ports:\n - containerPort: 2222\n name: tfjob-port\n resources:\n requests:\n cpu: \"1000m\"\n memory: \"2048Mi\"\n limits:\n cpu: \"1000m\"\n memory: \"2048Mi\"\n workingDir: /opt/tf-benchmarks/scripts/tf_cnn_benchmarks\n restartPolicy: OnFailure\n - replicas: 2\n name: worker\n policies:\n - event: TaskCompleted\n action: CompleteJob\n template:\n spec:\n imagePullSecrets:\n - name: default-secret\n containers:\n - command:\n - sh\n - -c\n - |\n PS_HOST=`cat /etc/volcano/ps.host | sed 's/$/&:2222/g' | tr \"\\n\" \",\"`;\n WORKER_HOST=`cat /etc/volcano/worker.host | sed 's/$/&:2222/g' | tr \"\\n\" \",\"`;\n python tf_cnn_benchmarks.py --batch_size=32 --model=resnet50 --variable_update=parameter_server --flush_stdout=true --num_gpus=1 --local_parameter_device=cpu --device=cpu --data_format=NHWC --job_name=worker --task_index=${VK_TASK_INDEX} --ps_hosts=${PS_HOST} --worker_hosts=${WORKER_HOST}\n image: docker.m.daocloud.io/volcanosh/example-tf:0.0.1\n name: tensorflow\n ports:\n - containerPort: 2222\n name: tfjob-port\n resources:\n requests:\n cpu: \"2000m\"\n memory: \"2048Mi\"\n limits:\n cpu: \"2000m\"\n memory: \"4096Mi\"\n workingDir: /opt/tf-benchmarks/scripts/tf_cnn_benchmarks\n restartPolicy: OnFailure\n
"},{"location":"en/admin/kpanda/gpu/volcano/volcano_user_guide.html#parallel-computing-with-mpi","title":"Parallel Computing with MPI","text":"In multi-threaded parallel computing communication scenarios under the MPI computing framework, we need to ensure that all Pods are successfully scheduled to guarantee the task's proper completion. Setting minAvailable
to 4 indicates that 1 mpimaster
and 3 mpiworkers
are required to run. By simply setting the schedulerName
field value to \"volcano,\" you can enable the Volcano scheduler.
Here is an example:
apiVersion: batch.volcano.sh/v1alpha1\nkind: Job\nmetadata:\n name: lm-mpi-job\n labels:\n \"volcano.sh/job-type\": \"MPI\"\nspec:\n minAvailable: 4\n schedulerName: volcano\n plugins:\n ssh: []\n svc: []\n policies:\n - event: PodEvicted\n action: RestartJob\n tasks:\n - replicas: 1\n name: mpimaster\n policies:\n - event: TaskCompleted\n action: CompleteJob\n template:\n spec:\n containers:\n - command:\n - /bin/sh\n - -c\n - |\n MPI_HOST=`cat /etc/volcano/mpiworker.host | tr \"\\n\" \",\"`;\n mkdir -p /var/run/sshd; /usr/sbin/sshd;\n mpiexec --allow-run-as-root --host ${MPI_HOST} -np 3 mpi_hello_world;\n image: docker.m.daocloud.io/volcanosh/example-mpi:0.0.1\n name: mpimaster\n ports:\n - containerPort: 22\n name: mpijob-port\n workingDir: /home\n resources:\n requests:\n cpu: \"500m\"\n limits:\n cpu: \"500m\"\n restartPolicy: OnFailure\n imagePullSecrets:\n - name: default-secret\n - replicas: 3\n name: mpiworker\n template:\n spec:\n containers:\n - command:\n - /bin/sh\n - -c\n - |\n mkdir -p /var/run/sshd; /usr/sbin/sshd -D;\n image: docker.m.daocloud.io/volcanosh/example-mpi:0.0.1\n name: mpiworker\n ports:\n - containerPort: 22\n name: mpijob-port\n workingDir: /home\n resources:\n requests:\n cpu: \"1000m\"\n limits:\n cpu: \"1000m\"\n restartPolicy: OnFailure\n imagePullSecrets:\n - name: default-secret\n
Resources to generate PodGroup:
apiVersion: scheduling.volcano.sh/v1beta1\nkind: PodGroup\nmetadata:\n annotations:\n creationTimestamp: \"2024-05-28T09:18:50Z\"\n generation: 5\n labels:\n volcano.sh/job-type: MPI\n name: lm-mpi-job-9c571015-37c7-4a1a-9604-eaa2248613f2\n namespace: default\n ownerReferences:\n - apiVersion: batch.volcano.sh/v1alpha1\n blockOwnerDeletion: true\n controller: true\n kind: Job\n name: lm-mpi-job\n uid: 9c571015-37c7-4a1a-9604-eaa2248613f2\n resourceVersion: \"25173454\"\n uid: 7b04632e-7cff-4884-8e9a-035b7649d33b\nspec:\n minMember: 4\n minResources:\n count/pods: \"4\"\n cpu: 3500m\n limits.cpu: 3500m\n pods: \"4\"\n requests.cpu: 3500m\n minTaskMember:\n mpimaster: 1\n mpiworker: 3\n queue: default\nstatus:\n conditions:\n - lastTransitionTime: \"2024-05-28T09:19:01Z\"\n message: '3/4 tasks in gang unschedulable: pod group is not ready, 1 Succeeded,\n 3 Releasing, 4 minAvailable'\n reason: NotEnoughResources\n status: \"True\"\n transitionID: f875efa5-0358-4363-9300-06cebc0e7466\n type: Unschedulable\n - lastTransitionTime: \"2024-05-28T09:18:53Z\"\n reason: tasks in gang are ready to be scheduled\n status: \"True\"\n transitionID: 5a7708c8-7d42-4c33-9d97-0581f7c06dab\n type: Scheduled\n phase: Pending\n succeeded: 1\n
From the PodGroup, it can be seen that it is associated with the workload through ownerReferences
and sets the minimum number of running Pods to 4.
If you want to learn more about the features and usage scenarios of Volcano, refer to Volcano Introduction.
"},{"location":"en/admin/kpanda/helm/index.html","title":"Helm Charts","text":"Helm is a package management tool for Kubernetes, which makes it easy for users to quickly discover, share and use applications built with Kubernetes. The Container Management Module provides hundreds of Helm charts, covering storage, network, monitoring, database and other main cases. With these templates, you can quickly deploy and easily manage Helm apps through the UI interface. In addition, it supports adding more personalized templates through Add Helm repository to meet various needs.
Key Concepts:
There are a few key concepts to understand when using Helm:
Chart: A Helm installation package, which contains the images, dependencies, and resource definitions required to run an application, and may also contain service definitions in the Kubernetes cluster, similar to the formula in Homebrew, dpkg in APT, or rpm files in Yum. Charts are called Helm Charts in AI platform.
Release: A Chart instance running on the Kubernetes cluster. A Chart can be installed multiple times in the same cluster, and each installation will create a new Release. Release is called Helm Apps in AI platform.
Repository: A repository for publishing and storing Charts. Repository is called Helm Repositories in AI platform.
For more details, refer to Helm official website.
Related operations:
This article explains how to import Helm appss into the system's built-in addons in both offline and online environments.
"},{"location":"en/admin/kpanda/helm/Import-addon.html#offline-environment","title":"Offline Environment","text":"An offline environment refers to an environment that cannot connect to the internet or is a closed private network environment.
"},{"location":"en/admin/kpanda/helm/Import-addon.html#prerequisites","title":"Prerequisites","text":"Note
Go to Container Management -> Helm Apps -> Helm Repositories , search for the addon, and obtain the built-in repository address and username/password (the default username/password for the system's built-in repository is rootuser/rootpass123).
Sync the Helm Chart to the built-in repository addon of the container management system
Write the following configuration file, modify it according to your specific configuration, and save it as sync-dao-2048.yaml .
source: # helm charts source information\n repo:\n kind: HARBOR # It can also be any other supported Helm Chart repository type, such as CHARTMUSEUM\n url: https://release-ci.daocloud.io/chartrepo/community # Change to the chart repo URL\n #auth: # username/password, if no password is set, leave it blank\n #username: \"admin\"\n #password: \"Harbor12345\"\ncharts: # charts to sync\n - name: dao-2048 # helm charts information, if not specified, sync all charts in the source helm repo\n versions:\n - 1.4.1\ntarget: # helm charts target information\n containerRegistry: 10.5.14.40 # image repository URL\n repo:\n kind: CHARTMUSEUM # It can also be any other supported Helm Chart repository type, such as HARBOR\n url: http://10.5.14.40:8081 # Change to the correct chart repo URL, you can verify the address by using helm repo add $HELM-REPO\n auth: # username/password, if no password is set, leave it blank\n username: \"rootuser\"\n password: \"rootpass123\"\n containers:\n # kind: HARBOR # If the image repository is HARBOR and you want charts-syncer to automatically create an image repository, fill in this field\n # auth: # username/password, if no password is set, leave it blank\n # username: \"admin\"\n # password: \"Harbor12345\"\n\n# leverage .relok8s-images.yaml file inside the Charts to move the container images too\nrelocateContainerImages: true\n
Run the charts-syncer command to sync the Chart and its included images
charts-syncer sync --config sync-dao-2048.yaml --insecure --auto-create-repository\n
The expected output is:
I1222 15:01:47.119777 8743 sync.go:45] Using config file: \"examples/sync-dao-2048.yaml\"\nW1222 15:01:47.234238 8743 syncer.go:263] Ignoring skipDependencies option as dependency sync is not supported if container image relocation is true or syncing from/to intermediate directory\nI1222 15:01:47.234685 8743 sync.go:58] There is 1 chart out of sync!\nI1222 15:01:47.234706 8743 sync.go:66] Syncing \"dao-2048_1.4.1\" chart...\n.relok8s-images.yaml hints file found\nComputing relocation...\n\nRelocating dao-2048@1.4.1...\nPushing 10.5.14.40/daocloud/dao-2048:v1.4.1...\nDone\nDone moving /var/folders/vm/08vw0t3j68z9z_4lcqyhg8nm0000gn/T/charts-syncer869598676/dao-2048-1.4.1.tgz\n
Once the previous step is completed, go to Container Management -> Helm Apps -> Helm Repositories , find the proper addon, click Sync Repository in the action column, and you will see the uploaded Helm apps in the Helm template.
You can then proceed with normal installation, upgrade, and uninstallation.
The Helm Repo address for the online environment is release.daocloud.io . If the user does not have permission to add Helm Repo, they will not be able to import custom Helm appss into the system's built-in addons. You can add your own Helm repository and then integrate your Helm repository into the platform using the same steps as syncing Helm Chart in the offline environment.
"},{"location":"en/admin/kpanda/helm/helm-app.html","title":"Manage Helm Apps","text":"The container management module supports interface-based management of Helm, including creating Helm instances using Helm charts, customizing Helm instance arguments, and managing the full lifecycle of Helm instances.
This section will take cert-manager as an example to introduce how to create and manage Helm apps through the container management interface.
"},{"location":"en/admin/kpanda/helm/helm-app.html#prerequisites","title":"Prerequisites","text":"Integrated the Kubernetes cluster or created the Kubernetes cluster, and you can access the UI interface of the cluster.
Created a namespace, user, and granted NS Admin
or higher permissions to the user. For details, refer to Namespace Authorization.
Follow the steps below to install the Helm app.
Click a cluster name to enter Cluster Details .
In the left navigation bar, click Helm Apps -> Helm Chart to enter the Helm chart page.
On the Helm chart page, select the Helm repository named addon , and all the Helm chart templates under the addon repository will be displayed on the interface. Click the Chart named cert-manager .
On the installation page, you can see the relevant detailed information of the Chart, select the version to be installed in the upper right corner of the interface, and click the Install button. Here select v1.9.1 version for installation.
Configure Name , Namespace and Version Information . You can also customize arguments by modifying YAML in the argument Configuration area below. Click OK .
The system will automatically return to the list of Helm apps, and the status of the newly created Helm app is Installing , and the status will change to Running after a period of time.
After we have completed the installation of a Helm app through the interface, we can perform an update operation on the Helm app. Note: Update operations using the UI are only supported for Helm apps installed via the UI.
Follow the steps below to update the Helm app.
Click a cluster name to enter Cluster Details .
In the left navigation bar, click Helm Apps to enter the Helm app list page.
On the Helm app list page, select the Helm app that needs to be updated, click the __ ...__ operation button on the right side of the list, and select the Update operation in the drop-down selection.
After clicking the Update button, the system will jump to the update interface, where you can update the Helm app as needed. Here we take updating the http port of the dao-2048 application as an example.
After modifying the proper arguments. You can click the Change button under the argument configuration to compare the files before and after the modification. After confirming that there is no error, click the OK button at the bottom to complete the update of the Helm app.
The system will automatically return to the Helm app list, and a pop-up window in the upper right corner will prompt update successful .
Every installation, update, and deletion of Helm apps has detailed operation records and logs for viewing.
In the left navigation bar, click Cluster Operations -> Recent Operations , and then select the Helm Operations tab at the top of the page. Each record corresponds to an install/update/delete operation.
To view the detailed log of each operation: Click \u2507 on the right side of the list, and select Log from the pop-up menu.
At this point, the detailed operation log will be displayed in the form of console at the bottom of the page.
Follow the steps below to delete the Helm app.
Find the cluster where the Helm app to be deleted resides, click the cluster name, and enter Cluster Details .
In the left navigation bar, click Helm Apps to enter the Helm app list page.
On the Helm app list page, select the Helm app you want to delete, click the __ ...__ operation button on the right side of the list, and select Delete from the drop-down selection.
Enter the name of the Helm app in the pop-up window to confirm, and then click the Delete button.
The Helm repository is a repository for storing and publishing Charts. The Helm App module supports HTTP(s) protocol to access Chart packages in the repository. By default, the system has 4 built-in helm repos as shown in the table below to meet common needs in the production process of enterprises.
Repository Description Example partner Various high-quality features provided by ecological partners Chart tidb system Chart that must be relied upon by system core functional components and some advanced features. For example, insight-agent must be installed to obtain cluster monitoring information Insight addon Common Chart in business cases cert-manager community The most popular open source components in the Kubernetes community Chart IstioIn addition to the above preset repositories, you can also add third-party Helm repositories yourself. This page will introduce how to add and update third-party Helm repositories.
"},{"location":"en/admin/kpanda/helm/helm-repo.html#prerequisites","title":"Prerequisites","text":"Integrated the Kubernetes cluster or created the Kubernetes cluster, and you can access the UI interface of the cluster.
Created a namespace, user, and granted NS Admin
or higher permissions to the user. For details, refer to Namespace Authorization.
If using a private repository, you should have read and write permissions to the repository.
The following takes the public container repository of Kubevela as an example to introduce and manage the helm repo.
Find the cluster that needs to be imported into the third-party helm repo, click the cluster name, and enter cluster details.
In the left navigation bar, click Helm Apps -> Helm Repositories to enter the helm repo page.
Click the Create Repository button on the helm repo page to enter the Create repository page, and configure relevant arguments according to the table below.
Click OK to complete the creation of the Helm repository. The page will automatically jump to the list of Helm repositories.
When the address information of the helm repo changes, the address, authentication method, label, annotation, and description information of the helm repo can be updated.
Find the cluster where the repository to be updated is located, click the cluster name, and enter cluster details .
In the left navigation bar, click Helm Apps -> Helm Repositories to enter the helm repo list page.
Find the Helm repository that needs to be updated on the repository list page, click the \u2507 button on the right side of the list, and click Update in the pop-up menu.
Update on the Update Helm Repository page, and click OK when finished.
Return to the helm repo list, and the screen prompts that the update is successful.
In addition to importing and updating repositorys, you can also delete unnecessary repositories, including system preset repositories and third-party repositories.
Find the cluster where the repository to be deleted is located, click the cluster name, and enter cluster details .
In the left navigation bar, click Helm Apps -> Helm Repositories to enter the helm repo list page.
Find the Helm repository that needs to be updated on the repository list page, click the \u2507 button on the right side of the list, and click Delete in the pop-up menu.
Enter the repository name to confirm, and click Delete .
Return to the list of Helm repositories, and the screen prompts that the deletion is successful.
In a multi-arch cluster, it is common to use Helm charts that support multiple architectures to address deployment issues caused by architectural differences. This guide will explain how to integrate single-arch Helm apps into multi-arch deployments and how to integrate multi-arch Helm apps.
"},{"location":"en/admin/kpanda/helm/multi-archi-helm.html#import","title":"Import","text":""},{"location":"en/admin/kpanda/helm/multi-archi-helm.html#import-single-arch","title":"Import Single-arch","text":"Prepare the offline package addon-offline-full-package-${version}-${arch}.tar.gz
.
Specify the path in the clusterConfig.yml configuration file, for example:
addonPackage:\n path: \"/home/addon-offline-full-package-v0.9.0-amd64.tar.gz\"\n
Then run the import command:
~/dce5-installer cluster-create -c /home/dce5/sample/clusterConfig.yaml -m /home/dce5/sample/manifest.yaml -d -j13\n
"},{"location":"en/admin/kpanda/helm/multi-archi-helm.html#integrate-multi-arch","title":"Integrate Multi-arch","text":"Prepare the offline package addon-offline-full-package-${version}-${arch}.tar.gz
.
Take addon-offline-full-package-v0.9.0-arm64.tar.gz
as an example and run the import command:
~/dce5-installer import-addon -c /home/dce5/sample/clusterConfig.yaml --addon-path=/home/addon-offline-full-package-v0.9.0-arm64.tar.gz\n
"},{"location":"en/admin/kpanda/helm/multi-archi-helm.html#upgrade","title":"Upgrade","text":""},{"location":"en/admin/kpanda/helm/multi-archi-helm.html#upgrade-single-arch","title":"Upgrade Single-arch","text":"Prepare the offline package addon-offline-full-package-${version}-${arch}.tar.gz
.
Specify the path in the clusterConfig.yml configuration file, for example:
addonPackage:\n path: \"/home/addon-offline-full-package-v0.11.0-amd64.tar.gz\"\n
Then run the import command:
~/dce5-installer cluster-create -c /home/dce5/sample/clusterConfig.yaml -m /home/dce5/sample/manifest.yaml -d -j13\n
"},{"location":"en/admin/kpanda/helm/multi-archi-helm.html#multi-arch-integration","title":"Multi-arch Integration","text":"Prepare the offline package addon-offline-full-package-${version}-${arch}.tar.gz
.
Take addon-offline-full-package-v0.11.0-arm64.tar.gz
as an example and run the import command:
~/dce5-installer import-addon -c /home/dce5/sample/clusterConfig.yaml --addon-path=/home/addon-offline-full-package-v0.11.0-arm64.tar.gz\n
"},{"location":"en/admin/kpanda/helm/multi-archi-helm.html#notes","title":"Notes","text":""},{"location":"en/admin/kpanda/helm/multi-archi-helm.html#disk-space","title":"Disk Space","text":"The offline package is quite large and requires sufficient space for decompression and loading of images. Otherwise, it may interrupt the process with a \"no space left\" error.
"},{"location":"en/admin/kpanda/helm/multi-archi-helm.html#retry-after-failure","title":"Retry after Failure","text":"If the multi-arch fusion step fails, you need to clean up the residue before retrying:
rm -rf addon-offline-target-package\n
"},{"location":"en/admin/kpanda/helm/multi-archi-helm.html#registry-space","title":"Registry Space","text":"If the offline package for fusion contains registry spaces that are inconsistent with the imported offline package, an error may occur during the fusion process due to the non-existence of the registry spaces:
Solution: Simply create the registry space before the fusion. For example, in the above error, creating the registry space \"localhost\" in advance can prevent the error.
"},{"location":"en/admin/kpanda/helm/multi-archi-helm.html#architecture-conflict","title":"Architecture Conflict","text":"When upgrading to a version lower than 0.12.0 of the addon, the charts-syncer in the target offline package does not check the existence of the image before pushing, so it will recombine the multi-arch into a single architecture during the upgrade process. For example, if the addon is implemented as a multi-arch in v0.10, upgrading to v0.11 will overwrite the multi-arch addon with a single architecture. However, upgrading to v0.12.0 or above can still maintain the multi-arch.
"},{"location":"en/admin/kpanda/helm/upload-helm.html","title":"Upload Helm Charts","text":"This article explains how to upload Helm charts. See the steps below.
Add a Helm repository, refer to Adding a Third-Party Helm Repository for the procedure.
Upload the Helm Chart to the Helm repository.
Upload with ClientUpload with Web PageNote
This method is suitable for Harbor, ChartMuseum, JFrog type repositories.
Log in to a node that can access the Helm repository, upload the Helm binary to the node, and install the cm-push plugin (VPN is needed and Git should be installed in advance).
Refer to the plugin installation process.
Push the Helm Chart to the Helm repository by executing the following command:
helm cm-push ${charts-dir} ${HELM_REPO_URL} --username ${username} --password ${password}\n
Argument descriptions:
charts-dir
: The directory of the Helm Chart, or the packaged Chart (i.e., .tgz file).HELM_REPO_URL
: The URL of the Helm repository.username
/password
: The username and password for the Helm repository with push permissions.--insecure
.Note
This method is only applicable to Harbor repositories.
Log into the Harbor repository, ensuring the logged-in user has permissions to push;
Go to the relevant project, select the Helm Charts tab, click the Upload button on the page to upload the Helm Chart.
Sync Remote Repository Data
Manual SyncAuto SyncBy default, the cluster does not enable Helm Repository Auto-Refresh, so you need to perform a manual sync operation. The general steps are:
Go to Helm Apps -> Helm Repositories, click the \u2507 button on the right side of the repository list, and select Sync Repository to complete the repository data synchronization.
If you need to enable the Helm repository auto-sync feature, you can go to Cluster Maintenance -> Cluster Settings -> Advanced Settings and turn on the Helm repository auto-refresh switch.
Cluster inspection allows administrators to regularly or ad-hoc check the overall health of the cluster, giving them proactive control over ensuring cluster security. With a well-planned inspection schedule, this proactive cluster check allows administrators to monitor the cluster status at any time and address potential issues in advance. It eliminates the previous dilemma of passive troubleshooting during failures, enabling proactive monitoring and prevention.
The cluster inspection feature provided by AI platform's container management module supports custom inspection items at the cluster, node, and pod levels. After the inspection is completed, it automatically generates visual inspection reports.
For information on security inspections or executing security-related inspections, refer to the supported security scan types in AI platform.
"},{"location":"en/admin/kpanda/inspect/config.html","title":"Creating Inspection Configuration","text":"AI platform Container Management module provides cluster inspection functionality, which supports inspection at the cluster, node, and pod levels.
Here's how to create an inspection configuration.
Click Cluster Inspection in the left navigation bar.
On the right side of the page, click Inspection Configuration .
Fill in the inspection configuration based on the following instructions, then click OK at the bottom of the page.
After creating the inspection configuration, it will be automatically displayed in the inspection configuration list. Click the more options button on the right of the configuration to immediately perform an inspection, modify the inspection configuration or delete the inspection configuration and reports.
Click Delete to delete the inspection configuration and reports.
Note
After creating an inspection configuration, if the Scheduled Inspection configuration is enabled, inspections will be automatically executed at the specified time. If the Scheduled Inspection configuration is not enabled, you need to manually trigger the inspection.
This page explains how to manually perform a cluster inspection.
"},{"location":"en/admin/kpanda/inspect/inspect.html#prerequisites","title":"Prerequisites","text":"When performing an inspection, you can choose to inspect multiple clusters in batches or perform a separate inspection for a specific cluster.
Batch InspectionIndividual InspectionClick Cluster Inspection in the top-level navigation bar of the Container Management module, then click Inspection on the right side of the page.
Select the clusters you want to inspect, then click OK at the bottom of the page.
Click the more options button ( \u2507 ) on the right of the proper inspection configuration, then select Inspection from the popup menu.
After the inspection execution is completed, you can view the inspection records and detailed inspection reports.
"},{"location":"en/admin/kpanda/inspect/report.html#prerequisites","title":"Prerequisites","text":"Go to the Cluster Inspection page and click the name of the target inspection cluster.
Click the name of the inspection record you want to view.
View the detailed information of the inspection, which may include an overview of cluster resources and the running status of system components.
You can download the inspection report or delete the inspection report from the top right corner of the page.
Namespaces are an abstraction used in Kubernetes for resource isolation. A cluster can contain multiple namespaces with different names, and the resources in each namespace are isolated from each other. For a detailed introduction to namespaces, refer to Namespaces.
This page will introduce the related operations of the namespace.
"},{"location":"en/admin/kpanda/namespaces/createns.html#create-a-namespace","title":"Create a namespace","text":"Supports easy creation of namespaces through forms, and quick creation of namespaces by writing or importing YAML files.
Note
On the cluster list page, click the name of the target cluster.
Click Namespace in the left navigation bar, then click the Create button on the right side of the page.
Fill in the name of the namespace, configure the workspace and labels (optional), and then click OK.
Info
After binding a namespace to a workspace, the resources of that namespace will be shared with the bound workspace. For a detailed explanation of workspaces, refer to Workspaces and Folders.
After the namespace is created, you can still bind/unbind the workspace.
Click OK to complete the creation of the namespace. On the right side of the namespace list, click \u2507 to select update, bind/unbind workspace, quota management, delete, and more from the pop-up menu.
On the Clusters page, click the name of the target cluster.
Click Namespace in the left navigation bar, then click the YAML Create button on the right side of the page.
Enter or paste the prepared YAML content, or directly import an existing YAML file locally.
After entering the YAML content, click Download to save the YAML file locally.
Finally, click OK in the lower right corner of the pop-up box.
Namespace exclusive nodes in a Kubernetes cluster allow a specific namespace to have exclusive access to one or more node's CPU, memory, and other resources through taints and tolerations. Once exclusive nodes are configured for a specific namespace, applications and services from other namespaces cannot run on the exclusive nodes. Using exclusive nodes allows important applications to have exclusive access to some computing resources, achieving physical isolation from other applications.
Note
Applications and services running on a node before it is set to be an exclusive node will not be affected and will continue to run normally on that node. Only when these Pods are deleted or rebuilt will they be scheduled to other non-exclusive nodes.
"},{"location":"en/admin/kpanda/namespaces/exclusive.html#preparation","title":"Preparation","text":"Check whether the kube-apiserver of the current cluster has enabled the PodNodeSelector and PodTolerationRestriction admission controllers.
The use of namespace exclusive nodes requires users to enable the PodNodeSelector and PodTolerationRestriction admission controllers on the kube-apiserver. For more information about admission controllers, refer to Kubernetes Admission Controllers Reference.
You can go to any Master node in the current cluster to check whether these two features are enabled in the kube-apiserver.yaml file, or you can execute the following command on the Master node for a quick check:
[root@g-master1 ~]# cat /etc/kubernetes/manifests/kube-apiserver.yaml | grep enable-admission-plugins\n\n# The expected output is as follows:\n- --enable-admission-plugins=NodeRestriction,PodNodeSelector,PodTolerationRestriction\n
"},{"location":"en/admin/kpanda/namespaces/exclusive.html#enable-namespace-exclusive-nodes-on-global-cluster","title":"Enable Namespace Exclusive Nodes on Global Cluster","text":"Since the Global cluster runs platform basic components such as kpanda, ghippo, and insight, enabling namespace exclusive nodes on Global may cause system components to not be scheduled to the exclusive nodes when they restart, affecting the overall high availability of the system. Therefore, we generally do not recommend users to enable the namespace exclusive node feature on the Global cluster.
If you do need to enable namespace exclusive nodes on the Global cluster, please follow the steps below:
Enable the PodNodeSelector and PodTolerationRestriction admission controllers for the kube-apiserver of the Global cluster
Note
If the cluster has already enabled the above two admission controllers, please skip this step and go directly to configure system component tolerations.
Go to any Master node in the current cluster to modify the kube-apiserver.yaml configuration file, or execute the following command on the Master node for configuration:
[root@g-master1 ~]# vi /etc/kubernetes/manifests/kube-apiserver.yaml\n\n# The expected output is as follows:\napiVersion: v1\nkind: Pod\nmetadata:\n ......\nspec:\ncontainers:\n- command:\n - kube-apiserver\n ......\n - --default-not-ready-toleration-seconds=300\n - --default-unreachable-toleration-seconds=300\n - --enable-admission-plugins=NodeRestriction #List of enabled admission controllers\n - --enable-aggregator-routing=False\n - --enable-bootstrap-token-auth=true\n - --endpoint-reconciler-type=lease\n - --etcd-cafile=/etc/kubernetes/ssl/etcd/ca.crt\n ......\n
Find the --enable-admission-plugins parameter and add the PodNodeSelector and PodTolerationRestriction admission controllers (separated by commas). Refer to the following:
# Add __ ,PodNodeSelector,PodTolerationRestriction__ \n- --enable-admission-plugins=NodeRestriction,PodNodeSelector,PodTolerationRestriction \n
Add toleration annotations to the namespace where the platform components are located
After enabling the admission controllers, you need to add toleration annotations to the namespace where the platform components are located to ensure the high availability of the platform components.
The system component namespaces for AI platform are as follows:
Namespace System Components Included kpanda-system kpanda hwameiStor-system hwameiStor istio-system istio metallb-system metallb cert-manager-system cert-manager contour-system contour kubean-system kubean ghippo-system ghippo kcoral-system kcoral kcollie-system kcollie insight-system insight, insight-agent: ipavo-system ipavo kairship-system kairship karmada-system karmada amamba-system amamba, jenkins skoala-system skoala mspider-system mspider mcamel-system mcamel-rabbitmq, mcamel-elasticsearch, mcamel-mysql, mcamel-redis, mcamel-kafka, mcamel-minio, mcamel-postgresql spidernet-system spidernet kangaroo-system kangaroo gmagpie-system gmagpie dowl-system dowlCheck whether there are the above namespaces in the current cluster, execute the following command, and add the annotation: scheduler.alpha.kubernetes.io/defaultTolerations: '[{\"operator\": \"Exists\", \"effect\": \"NoSchedule\", \"key\": \"ExclusiveNamespace\"}]'
for each namespace.
kubectl annotate ns <namespace-name> scheduler.alpha.kubernetes.io/defaultTolerations: '[{\"operator\": \"Exists\", \"effect\": \n\"NoSchedule\", \"key\": \"ExclusiveNamespace\"}]'\n
Please make sure to replace <namespace-name>
with the name of the platform namespace you want to add the annotation to. Use the interface to set exclusive nodes for the namespace
After confirming that the PodNodeSelector and PodTolerationRestriction admission controllers on the cluster API server have been enabled, please follow the steps below to use the AI platform UI management interface to set exclusive nodes for the namespace.
Click the cluster name in the cluster list page, then click Namespace in the left navigation bar.
Click the namespace name, then click the Exclusive Node tab, and click Add Node on the bottom right.
Select which nodes you want to be exclusive to this namespace on the left side of the page. On the right side, you can clear or delete a selected node. Finally, click OK at the bottom.
You can view the current exclusive nodes for this namespace in the list. You can choose to Stop Exclusivity on the right side of the node.
After cancelling exclusivity, Pods from other namespaces can also be scheduled to this node.
To enable namespace exclusive nodes on non-Global clusters, please follow the steps below:
Enable the PodNodeSelector and PodTolerationRestriction admission controllers for the kube-apiserver of the current cluster
Note
If the cluster has already enabled the above two admission controllers, please skip this step and go directly to using the interface to set exclusive nodes for the namespace.
Go to any Master node in the current cluster to modify the kube-apiserver.yaml configuration file, or execute the following command on the Master node for configuration:
[root@g-master1 ~]# vi /etc/kubernetes/manifests/kube-apiserver.yaml\n\n# The expected output is as follows:\napiVersion: v1\nkind: Pod\nmetadata:\n ......\nspec:\ncontainers:\n- command:\n - kube-apiserver\n ......\n - --default-not-ready-toleration-seconds=300\n - --default-unreachable-toleration-seconds=300\n - --enable-admission-plugins=NodeRestriction #List of enabled admission controllers\n - --enable-aggregator-routing=False\n - --enable-bootstrap-token-auth=true\n - --endpoint-reconciler-type=lease\n - --etcd-cafile=/etc/kubernetes/ssl/etcd/ca.crt\n ......\n
Find the --enable-admission-plugins parameter and add the PodNodeSelector and PodTolerationRestriction admission controllers (separated by commas). Refer to the following:
# Add __ ,PodNodeSelector,PodTolerationRestriction__ \n- --enable-admission-plugins=NodeRestriction,PodNodeSelector,PodTolerationRestriction \n
Use the interface to set exclusive nodes for the namespace
After confirming that the PodNodeSelector and PodTolerationRestriction admission controllers on the cluster API server have been enabled, please follow the steps below to use the AI platform UI management interface to set exclusive nodes for the namespace.
Click the cluster name in the cluster list page, then click Namespace in the left navigation bar.
Click the namespace name, then click the Exclusive Node tab, and click Add Node on the bottom right.
Select which nodes you want to be exclusive to this namespace on the left side of the page. On the right side, you can clear or delete a selected node. Finally, click OK at the bottom.
You can view the current exclusive nodes for this namespace in the list. You can choose to Stop Exclusivity on the right side of the node.
After cancelling exclusivity, Pods from other namespaces can also be scheduled to this node.
Add toleration annotations to the namespace where the components that need high availability are located (optional)
Execute the following command to add the annotation: scheduler.alpha.kubernetes.io/defaultTolerations: '[{\"operator\": \"Exists\", \"effect\": \"NoSchedule\", \"key\": \"ExclusiveNamespace\"}]'
to the namespace where the components that need high availability are located.
kubectl annotate ns <namespace-name> scheduler.alpha.kubernetes.io/defaultTolerations: '[{\"operator\": \"Exists\", \"effect\": \n\"NoSchedule\", \"key\": \"ExclusiveNamespace\"}]'\n
Please make sure to replace <namespace-name>
with the name of the platform namespace you want to add the annotation to.
Pod security policies in a Kubernetes cluster allow you to control the behavior of Pods in various aspects of security by configuring different levels and modes for specific namespaces. Only Pods that meet certain conditions will be accepted by the system. It sets three levels and three modes, allowing users to choose the most suitable scheme to set restriction policies according to their needs.
Note
Only one security policy can be configured for one security mode. Please be careful when configuring the enforce security mode for a namespace, as violations will prevent Pods from being created.
This section will introduce how to configure Pod security policies for namespaces through the container management interface.
"},{"location":"en/admin/kpanda/namespaces/podsecurity.html#prerequisites","title":"Prerequisites","text":"The container management module has integrated a Kubernetes cluster or created a Kubernetes cluster. The cluster version needs to be v1.22 or above, and you should be able to access the cluster's UI interface.
A namespace has been created, a user has been created, and the user has been granted NS Admin or higher permissions. For details, refer to Namespace Authorization.
Select the namespace for which you want to configure Pod security policies and go to the details page. Click Configure Policy on the Pod Security Policy page to go to the configuration page.
Click Add Policy on the configuration page, and a policy will appear, including security level and security mode. The following is a detailed introduction to the security level and security policy.
Security Level Description Privileged An unrestricted policy that provides the maximum possible range of permissions. This policy allows known privilege elevations. Baseline The least restrictive policy that prohibits known privilege elevations. Allows the use of default (minimum specified) Pod configurations. Restricted A highly restrictive policy that follows current best practices for protecting Pods. Security Mode Description Audit Violations of the specified policy will add new audit events in the audit log, and the Pod can be created. Warn Violations of the specified policy will return user-visible warning information, and the Pod can be created. Enforce Violations of the specified policy will prevent the Pod from being created.Different security levels correspond to different check items. If you don't know how to configure your namespace, you can Policy ConfigMap Explanation at the top right corner of the page to view detailed information.
Click Confirm. If the creation is successful, the security policy you configured will appear on the page.
Click \u2507 to edit or delete the security policy you configured.
In a Kubernetes cluster, Ingress exposes services from outside the cluster to inside the cluster HTTP and HTTPS ingress. Traffic ingress is controlled by rules defined on the Ingress resource. Here's an example of a simple Ingress that sends all traffic to the same Service:
Ingress is an API object that manages external access to services in the cluster, and the typical access method is HTTP. Ingress can provide load balancing, SSL termination, and name-based virtual hosting.
"},{"location":"en/admin/kpanda/network/create-ingress.html#prerequisites","title":"Prerequisites","text":"After successfully logging in as the NS Editor user, click Clusters in the upper left corner to enter the Clusters page. In the list of clusters, click a cluster name.
In the left navigation bar, click Container Network -> Ingress to enter the service list, and click the Create Ingress button in the upper right corner.
Note
It is also possible to Create from YAML .
Open Create Ingress page to configure. There are two protocol types to choose from, refer to the following two parameter tables for configuration.
After configuring all the parameters, click the OK button to return to the ingress list automatically. On the right side of the list, click \u2507 to modify or delete the selected ingress.
"},{"location":"en/admin/kpanda/network/create-services.html","title":"Create a Service","text":"In a Kubernetes cluster, each Pod has an internal independent IP address, but Pods in the workload may be created and deleted at any time, and directly using the Pod IP address cannot provide external services.
This requires creating a service through which you get a fixed IP address, decoupling the front-end and back-end of the workload, and allowing external users to access the service. At the same time, the service also provides the Load Balancer feature, enabling users to access workloads from the public network.
"},{"location":"en/admin/kpanda/network/create-services.html#prerequisites","title":"Prerequisites","text":"Container management module connected to Kubernetes cluster or created Kubernetes, and can access the cluster UI interface.
Completed a namespace creation, user creation, and authorize the user as NS Editor role, for details, refer to Namespace Authorization.
When there are multiple containers in a single instance, please make sure that the ports used by the containers do not conflict, otherwise the deployment will fail.
After successfully logging in as the NS Editor user, click Clusters in the upper left corner to enter the Clusters page. In the list of clusters, click a cluster name.
In the left navigation bar, click Container Network -> Service to enter the service list, and click the Create Service button in the upper right corner.
Tip
It is also possible to create a service via YAML .
Open the Create Service page, select an access type, and refer to the following three parameter tables for configuration.
Click Intra-Cluster Access (ClusterIP) , which refers to exposing services through the internal IP of the cluster. The services selected for this option can only be accessed within the cluster. This is the default service type. Refer to the configuration parameters in the table below.
Parameter Description Example value Access type [Type] Required[Meaning] Specify the method of Pod service discovery, here select intra-cluster access (ClusterIP). ClusterIP Service Name [Type] Required[Meaning] Enter the name of the new service. [Note] Please enter a string of 4 to 63 characters, which can contain lowercase English letters, numbers and dashes (-), and start with a lowercase English letter and end with a lowercase English letter or number. Svc-01 Namespace [Type] Required[Meaning] Select the namespace where the new service is located. For more information about namespaces, refer to Namespace Overview. [Note] Please enter a string of 4 to 63 characters, which can contain lowercase English letters, numbers and dashes (-), and start with a lowercase English letter and end with a lowercase English letter or number. default Label selector [Type] Required[Meaning] Add a label, the Service selects a Pod according to the label, and click \"Add\" after filling. You can also refer to the label of an existing workload. Click Reference workload label , select the workload in the pop-up window, and the system will use the selected workload label as the selector by default. app:job01 Port configuration [Type] Required[Meaning] To add a protocol port for a service, you need to select the port protocol type first. Currently, it supports TCP and UDP. Port Name: Enter the name of the custom port. Service port (port): The access port for Pod to provide external services. Container port (targetport): The container port that the workload actually monitors, used to expose services to the cluster. Session Persistence [Type] Optional [Meaning] When enabled, requests from the same client will be forwarded to the same Pod Enabled Maximum session hold time [Type] Optional [Meaning] After session hold is enabled, the maximum hold time is 30 seconds by default 30 seconds Annotation [Type] Optional[Meaning] Add annotation for service"},{"location":"en/admin/kpanda/network/create-services.html#create-nodeport-service","title":"Create NodePort service","text":"Click NodePort , which means exposing the service via IP and static port ( NodePort ) on each node. The NodePort service is routed to the automatically created ClusterIP service. You can access a NodePort service from outside the cluster by requesting : . Refer to the configuration parameters in the table below. Parameter Description Example value Access type [Type] Required[Meaning] Specify the method of Pod service discovery, here select node access (NodePort). NodePort Service Name [Type] Required[Meaning] Enter the name of the new service. [Note] Please enter a string of 4 to 63 characters, which can contain lowercase English letters, numbers and dashes (-), and start with a lowercase English letter and end with a lowercase English letter or number. Svc-01 Namespace [Type] Required[Meaning] Select the namespace where the new service is located. For more information about namespaces, refer to Namespace Overview. [Note] Please enter a string of 4 to 63 characters, which can contain lowercase English letters, numbers and dashes (-), and start with a lowercase English letter and end with a lowercase English letter or number. default Label selector [Type] Required[Meaning] Add a label, the Service selects a Pod according to the label, and click \"Add\" after filling. You can also refer to the label of an existing workload. Click Reference workload label , select the workload in the pop-up window, and the system will use the selected workload label as the selector by default. Port configuration [Type] Required[Meaning] To add a protocol port for a service, you need to select the port protocol type first. Currently, it supports TCP and UDP. Port Name: Enter the name of the custom port. Service port (port): The access port for Pod to provide external services. By default, the service port is set to the same value as the container port field for convenience. ***Container port (targetport)*: The container port actually monitored by the workload. Node port (nodeport): The port of the node, which receives traffic from ClusterIP transmission. It is used as the entrance for external traffic access. Session Persistence [Type] Optional [Meaning] When enabled, requests from the same client will be forwarded to the same PodAfter enabled, .spec.sessionAffinity of Service is ClientIP , refer to for details : Session Affinity for Service Enabled Maximum session hold time [Type] Optional [Meaning] After session hold is enabled, the maximum hold time, the default timeout is 30 seconds.spec.sessionAffinityConfig.clientIP.timeoutSeconds is set to 30 by default seconds 30 seconds Annotation [Type] Optional[Meaning] Add annotation for service"},{"location":"en/admin/kpanda/network/create-services.html#create-loadbalancer-service","title":"Create LoadBalancer service","text":"
Click Load Balancer , which refers to using the cloud provider's load balancer to expose services to the outside. External load balancers can route traffic to automatically created NodePort services and ClusterIP services. Refer to the configuration parameters in the table below.
Parameter Description Example value Access type [Type] Required[Meaning] Specify the method of Pod service discovery, here select node access (NodePort). NodePort Service Name [Type] Required[Meaning] Enter the name of the new service. [Note] Please enter a string of 4 to 63 characters, which can contain lowercase English letters, numbers and dashes (-), and start with a lowercase English letter and end with a lowercase English letter or number. Svc-01 Namespace [Type] Required[Meaning] Select the namespace where the new service is located. For more information about namespaces, refer to Namespace Overview. [Note] Please enter a string of 4 to 63 characters, which can contain lowercase English letters, numbers and dashes (-), and start with a lowercase English letter and end with a lowercase English letter or number. default External Traffic Policy [Type] Required[Meaning] Set external traffic policy. Cluster: Traffic can be forwarded to Pods on all nodes in the cluster. Local: Traffic is only sent to Pods on this node. [Note] Please enter a string of 4 to 63 characters, which can contain lowercase English letters, numbers and dashes (-), and start with a lowercase English letter and end with a lowercase English letter or number. Tag selector [Type] Required [Meaning] Add tag, Service Select the Pod according to the label, fill it out and click \"Add\". You can also refer to the label of an existing workload. Click Reference workload label , select the workload in the pop-up window, and the system will use the selected workload label as the selector by default. Load balancing type [Type] Required [Meaning] The type of load balancing used, currently supports MetalLB and others. MetalLB IP Pool [Type] Required[Meaning] When the selected load balancing type is MetalLB, LoadBalancer Service will allocate IP addresses from this pool by default, and declare all IP addresses in this pool through APR. Load balancing address [Type] Required[Meaning] 1. If you are using a public cloud CloudProvider, fill in the load balancing address provided by the cloud provider here;2. If the above load balancing type is selected as MetalLB, the IP will be obtained from the above IP pool by default, if not filled, it will be obtained automatically. Port configuration [Type] Required[Meaning] To add a protocol port for a service, you need to select the port protocol type first. Currently, it supports TCP and UDP. Port Name: Enter the name of the custom port. Service port (port): The access port for Pod to provide external services. By default, the service port is set to the same value as the container port field for convenience. Container port (targetport): The container port actually monitored by the workload. Node port (nodeport): The port of the node, which receives traffic from ClusterIP transmission. It is used as the entrance for external traffic access. Annotation [Type] Optional[Meaning] Add annotation for service"},{"location":"en/admin/kpanda/network/create-services.html#complete-service-creation","title":"Complete service creation","text":"After configuring all parameters, click the OK button to return to the service list automatically. On the right side of the list, click \u2507 to modify or delete the selected service.
"},{"location":"en/admin/kpanda/network/network-policy.html","title":"Network Policies","text":"Network policies in Kubernetes allow you to control network traffic at the IP address or port level (OSI layer 3 or layer 4). The container management module currently supports creating network policies based on Pods or namespaces, using label selectors to specify which traffic can enter or leave Pods with specific labels.
For more details on network policies, refer to the official Kubernetes documentation on Network Policies.
"},{"location":"en/admin/kpanda/network/network-policy.html#creating-network-policies","title":"Creating Network Policies","text":"Currently, there are two methods available for creating network policies: YAML and form-based creation. Each method has its advantages and disadvantages, catering to different user needs.
YAML creation requires fewer steps and is more efficient, but it has a higher learning curve as it requires familiarity with configuring network policy YAML files.
Form-based creation is more intuitive and straightforward. Users can simply fill in the proper values based on the prompts. However, this method involves more steps.
"},{"location":"en/admin/kpanda/network/network-policy.html#yaml-creation","title":"YAML Creation","text":"In the cluster list, click the name of the target cluster, then navigate to Container Network -> Network Policies -> Create with YAML in the left navigation bar.
In the pop-up dialog, enter or paste the pre-prepared YAML file, then click OK at the bottom of the dialog.
In the cluster list, click the name of the target cluster, then navigate to Container Network -> Network Policies -> Create Policy in the left navigation bar.
Fill in the basic information.
The name and namespace cannot be changed after creation.
Fill in the policy configuration.
The policy configuration includes ingress and egress policies. To establish a successful connection from a source Pod to a target Pod, both the egress policy of the source Pod and the ingress policy of the target Pod need to allow the connection. If either side does not allow the connection, the connection will fail.
Ingress Policy: Click \u2795 to begin configuring the policy. Multiple policies can be configured. The effects of multiple network policies are cumulative. Only when all network policies are satisfied simultaneously can a connection be successfully established.
Egress Policy
In the cluster list, click the name of the target cluster, then navigate to Container Network -> Network Policies . Click the name of the network policy.
View the basic configuration, associated instances, ingress policies, and egress policies of the policy.
Info
Under the \"Associated Instances\" tab, you can view instance monitoring, logs, container lists, YAML files, events, and more.
"},{"location":"en/admin/kpanda/network/network-policy.html#updating-network-policies","title":"Updating Network Policies","text":"There are two ways to update network policies. You can either update them through the form or by using a YAML file.
On the network policy list page, find the policy you want to update, and choose Update in the action column on the right to update it via the form. Choose Edit YAML to update it using a YAML file.
Click the name of the network policy, then choose Update in the top right corner of the policy details page to update it via the form. Choose Edit YAML to update it using a YAML file.
There are two ways to delete network policies. You can delete network policies either through the form or by using a YAML file.
On the network policy list page, find the policy you want to delete, and choose Delete in the action column on the right to delete it via the form. Choose Edit YAML to delete it using a YAML file.
Click the name of the network policy, then choose Delete in the top right corner of the policy details page to delete it via the form. Choose Edit YAML to delete it using a YAML file.
As the number of business applications continues to grow, the resources of the cluster become increasingly tight. At this point, you can expand the cluster nodes based on kubean. After the expansion, applications can run on the newly added nodes, alleviating resource pressure.
Only clusters created through the container management module support node autoscaling. Clusters accessed from the outside do not support this operation. This article mainly introduces the expansion of worker nodes in the same architecture work cluster. If you need to add control nodes or heterogeneous work nodes to the cluster, refer to: Expanding the control node of the work cluster, Adding heterogeneous nodes to the work cluster, Expanding the worker node of the global service cluster.
On the Clusters page, click the name of the target cluster.
If the Cluster Type contains the label Integrated Cluster, it means that the cluster does not support node autoscaling.
Click Nodes in the left navigation bar, and then click Integrate Node in the upper right corner of the page.
Enter the host name and node IP and click OK.
Click \u2795 Add Worker Node to continue accessing more nodes.
Note
Accessing the node takes about 20 minutes, please be patient.
"},{"location":"en/admin/kpanda/nodes/delete-node.html","title":"Node Scales Down","text":"When the peak business period is over, in order to save resource costs, you can reduce the size of the cluster and unload redundant nodes, that is, node scaling. After a node is uninstalled, applications cannot continue to run on the node.
"},{"location":"en/admin/kpanda/nodes/delete-node.html#prerequisites","title":"Prerequisites","text":"Cluster Admin
role authorization.When cluster nodes scales down, they can only be uninstalled one by one, not in batches.
If you need to uninstall cluster controller nodes, you need to ensure that the final number of controller nodes is an odd number.
The first controller node cannot be offline when the cluster node scales down. If it is necessary to perform this operation, please contact the after-sales engineer.
On the Clusters page, click the name of the target cluster.
If the Cluster Type has the tag Integrate Cluster , it means that the cluster does not support node autoscaling.
Click Nodes on the left navigation bar, find the node to be uninstalled, click \u2507 and select Remove .
Enter the node name, and click Delete to confirm.
Labels are identifying key-value pairs added to Kubernetes objects such as Pods, nodes, and clusters, which can be combined with label selectors to find and filter Kubernetes objects that meet certain conditions. Each key must be unique for a given object.
Annotations, like tags, are key/value pairs, but they do not have identification or filtering features. Annotations can be used to add arbitrary metadata to nodes. Annotation keys usually use the format prefix(optional)/name(required) , for example nfd.node.kubernetes.io/extended-resources . If the prefix is \u200b\u200bomitted, it means that the annotation key is private to the user.
For more information about labels and annotations, refer to the official Kubernetes documentation labels and selectors Or Annotations.
The steps to add/delete tags and annotations are as follows:
On the Clusters page, click the name of the target cluster.
Click Nodes on the left navigation bar, click the \u2507 operation icon on the right side of the node, and click Edit Labels or Edit Annotations .
Click \u2795 Add to add tags or annotations, click X to delete tags or annotations, and finally click OK .
If you choose to authenticate the nodes of the cluster-to-be-created using SSH keys, you need to configure the public and private keys according to the following instructions.
Run the following command on any node within the management cluster of the cluster-to-be-created to generate the public and private keys.
cd /root/.ssh\nssh-keygen -t rsa\n
Run the ls command to check if the keys have been successfully created in the management cluster. The correct output should be as follows:
ls\nid_rsa id_rsa.pub known_hosts\n
The file named id_rsa is the private key, and the file named id_rsa.pub is the public key.
Run the following command to load the public key file id_rsa.pub onto all the nodes of the cluster-to-be-created.
ssh-copy-id -i /root/.ssh/id_rsa.pub root@10.0.0.0\n
Replace the user account and node IP in the above command with the username and IP of the nodes in the cluster-to-be-created. The same operation needs to be performed on every node in the cluster-to-be-created.
Run the following command to view the private key file id_rsa created in step 1.
cat /root/.ssh/id_rsa\n
The output should be as follows:
-----BEGIN RSA PRIVATE KEY-----\nMIIEpQIBAAKCAQEA3UvyKINzY5BFuemQ+uJ6q+GqgfvnWwNC8HzZhpcMSjJy26MM\nUtBEBJxy8fMi57XcjYxPibXW/wnd+32ICCycqCwByUmuXeCC1cjlCQDqjcAvXae7\nY54IXGF7wm2IsMNwf0kjFEXjuS48FLDA0mGRaN3BG+Up5geXcHckg3K5LD8kXFFx\ndEmSIjdyw55NaUitmEdHzN7cIdfi6Z56jcV8dcFBgWKUx+ebiyPmZBkXToz6GnMF\nrswzzZCl+G6Jb2xTGy7g7ozb4BoZd1IpSD5EhDanRrESVE0C5YuJ5zUAC0CvVd1l\nv67AK8Ko6MXToHp01/bcsvlM6cqgwUFXZKVeOwIDAQABAoIBAQCO36GQlo3BEjxy\nM2HvGJmqrx+unDxafliRe4nVY2AD515Qf4xNSzke4QM1QoyenMOwf446krQkJPK0\nk+9nl6Xszby5gGCbK4BNFk8I6RaGPjZWeRx6zGUJf8avWJiPxx6yjz2esSC9RiR0\nF0nmiiefVMyAfgv2/5++dK2WUFNNRKLgSRRpP5bRaD5wMzzxtSSXrUon6217HO8p\n3RoWsI51MbVzhdVgpHUNABcoa0rpr9svT6XLKZxY8mxpKFYjM0Wv2JIDABg3kBvh\nQbJ7kStCO3naZjKMU9UuSqVJs06cflGYw7Or8/tABR3LErNQKPjkhAQqt0DXw7Iw\n3tKdTAJBAoGBAP687U7JAOqQkcphek2E/A/sbO/d37ix7Z3vNOy065STrA+ZWMZn\npZ6Ui1B/oJpoZssnfvIoz9sn559X0j67TljFALFd2ZGS0Fqh9KVCqDvfk+Vst1dq\n+3r/yZdTOyswoccxkJiC/GDwZGK0amJWqvob39JCZhDAKIGLbGMmjdAHAoGBAN5k\nm1WGnni1nZ+3dryIwgB6z1hWcnLTamzSET6KhSuo946ET0IRG9xtlheCx6dqICbr\nVk1Y4NtRZjK/p/YGx59rDWf7E3I8ZMgR7mjieOcUZ4lUlA4l7ZIlW/2WZHW+nUXO\nTi20fqJ8qSp4BUvOvuth1pz2GLUHe2/Fxjf7HIstAoGBAPHpPr9r+TfIlPsJeRj2\n6lzA3G8qWFRQfGRYjv0fjv0pA+RIb1rzgP/I90g5+63G6Z+R4WdcxI/OJJNY1iuG\nuw9n/pFxm7U4JC990BPE6nj5iLz+clpNGYckNDBF9VG9vFSrSDLdaYkxoVNvG/xJ\na9Na90H4lm7f3VewrPy310KvAoGAZr+mwNoEh5Kpc6xo8Gxi7aPP/mlaUVD6X7Ki\ngvmu02AqmC7rC4QqEiqTaONkaSXwGusqIWxJ3yp5hELmUBYLzszAEeV/s4zRp1oZ\ng133LBRSTbHFAdBmNdqK6Nu+KGRb92980UMOKvZbliKDl+W6cbfvVu+gtKrzTc3b\naevb4TUCgYEAnJAxyVYDP1nJf7bjBSHXQu1E/DMwbtrqw7dylRJ8cAzI7IxfSCez\n7BYWq41PqVd9/zrb3Pbh2phiVzKe783igAIMqummcjo/kZyCwFsYBzK77max1jF5\naPQsLbRS2aDz8kIH6jHPZ/R+15EROmdtLmA7vIJZGerWWQR0dUU+XXA=\n
Copy the content of the private key and paste it into the interface's key input field.
"},{"location":"en/admin/kpanda/nodes/node-check.html","title":"Create a node availability check","text":"When creating a cluster or adding nodes to an existing cluster, refer to the table below to check the node configuration to avoid cluster creation or expansion failure due to wrong node configuration.
Check Item Description OS Refer to Supported Architectures and Operating Systems SELinux Off Firewall Off Architecture Consistency Consistent CPU architecture between nodes (such as ARM or x86) Host Time All hosts are out of sync within 10 seconds. Network Connectivity The node and its SSH port can be accessed normally by the platform. CPU Available CPU resources are greater than 4 Cores Memory Available memory resources are greater than 8 GB"},{"location":"en/admin/kpanda/nodes/node-check.html#supported-architectures-and-operating-systems","title":"Supported architectures and operating systems","text":"Architecture Operating System Remarks ARM Kylin Linux Advanced Server release V10 (Sword) SP2 Recommended ARM UOS Linux ARM openEuler x86 CentOS 7.x Recommended x86 Redhat 7.x Recommended x86 Redhat 8.x Recommended x86 Flatcar Container Linux by Kinvolk x86 Debian Bullseye, Buster, Jessie, Stretch x86 Ubuntu 16.04, 18.04, 20.04, 22.04 x86 Fedora 35, 36 x86 Fedora CoreOS x86 openSUSE Leap 15.x/Tumbleweed x86 Oracle Linux 7, 8, 9 x86 Alma Linux 8, 9 x86 Rocky Linux 8, 9 x86 Amazon Linux 2 x86 Kylin Linux Advanced Server release V10 (Sword) - SP2 Haiguang x86 UOS Linux x86 openEuler"},{"location":"en/admin/kpanda/nodes/node-details.html","title":"Node Details","text":"After accessing or creating a cluster, you can view the information of each node in the cluster, including node status, labels, resource usage, Pod, monitoring information, etc.
On the Clusters page, click the name of the target cluster.
Click Nodes on the left navigation bar to view the node status, role, label, CPU/memory usage, IP address, and creation time.
Click the node name to enter the node details page to view more information, including overview information, pod information, label annotation information, event list, status, etc.
In addition, you can also view the node's YAML file, monitoring information, labels and annotations, etc.
Supports suspending or resuming scheduling of nodes. Pausing scheduling means stopping the scheduling of Pods to the node. Resuming scheduling means that Pods can be scheduled to that node.
On the Clusters page, click the name of the target cluster.
Click Nodes on the left navigation bar, click the \u2507 operation icon on the right side of the node, and click the Cordon button to suspend scheduling the node.
Click the \u2507 operation icon on the right side of the node, and click the Uncordon button to resume scheduling the node.
The node scheduling status may be delayed due to network conditions. Click the refresh icon on the right side of the search box to refresh the node scheduling status.
"},{"location":"en/admin/kpanda/nodes/taints.html","title":"Node Taints","text":"Taint can make a node exclude a certain type of Pod and prevent Pod from being scheduled on the node. One or more taints can be applied to each node, and Pods that cannot tolerate these taints will not be scheduled on that node.
"},{"location":"en/admin/kpanda/nodes/taints.html#precautions","title":"Precautions","text":"Find the target cluster on the Clusters page, and click the cluster name to enter the Cluster page.
In the left navigation bar, click Nodes , find the node that needs to modify the taint, click the \u2507 operation icon on the right and click the Edit Taints button.
Enter the key value information of the taint in the pop-up box, select the taint effect, and click OK .
Click \u2795 Add to add multiple taints to the node, and click X on the right side of the taint effect to delete the taint.
Currently supports three taint effects:
NoExecute
: This affects pods that are already running on the node as follows:
tolerationSeconds
in their toleration specification remain bound forevertolerationSeconds
remain bound for the specified amount of time. After that time elapses, the node lifecycle controller evicts the Pods from the node.NoSchedule
: No new Pods will be scheduled on the tainted node unless they have a matching toleration. Pods currently running on the node are not evicted.
PreferNoSchedule
: This is a \"preference\" or \"soft\" version of NoSchedule
. The control plane will try to avoid placing a Pod that does not tolerate the taint on the node, but it is not guaranteed, so this taint is not recommended to use in a production environment.
For more details about taints, refer to the Kubernetes documentation Taints and Tolerance.
"},{"location":"en/admin/kpanda/olm/import-miniooperator.html","title":"Importing MinIo Operator Offline","text":"This guide explains how to import the MinIo Operator offline in an environment without internet access.
"},{"location":"en/admin/kpanda/olm/import-miniooperator.html#prerequisites","title":"Prerequisites","text":"Set the environment variables in the execution environment and use them in the subsequent steps by running the following command:
export OPM_IMG=10.5.14.200/quay.m.daocloud.io/operator-framework/opm:v1.29.0 \nexport BUNDLE_IMG=10.5.14.200/quay.m.daocloud.io/operatorhubio/minio-operator:v5.0.3 \n
How to get the above image addresses:
Go to Container Management -> Select the current cluster -> Helm Apps -> View the olm component -> Plugin Settings , and find the images needed for the opm, minio, minio bundle, and minio operator in the subsequent steps.
Using the screenshot as an example, the four image addresses are as follows:\n\n# opm image\n10.5.14.200/quay.m.daocloud.io/operator-framework/opm:v1.29.0\n\n# minio image\n10.5.14.200/quay.m.daocloud.io/minio/minio:RELEASE.2023-03-24T21-41-23Z\n\n# minio bundle image\n10.5.14.200/quay.m.daocloud.io/operatorhubio/minio-operator:v5.0.3\n\n# minio operator image\n10.5.14.200/quay.m.daocloud.io/minio/operator:v5.0.3\n
Run the opm command to get the operators included in the offline bundle image.
# Create the operator directory\n$ mkdir minio-operator && cd minio-operator \n\n# Get the operator yaml\n$ docker run --user root -v $PWD/minio-operator:/minio-operator ${OPM_IMG} alpha bundle unpack --skip-tls-verify -v -d ${BUNDLE_IMG} -o ./minio-operator\n\n# Expected result\n.\n\u2514\u2500\u2500 minio-operator\n \u251c\u2500\u2500 manifests\n \u2502 \u251c\u2500\u2500 console-env_v1_configmap.yaml\n \u2502 \u251c\u2500\u2500 console-sa-secret_v1_secret.yaml\n \u2502 \u251c\u2500\u2500 console_v1_service.yaml\n \u2502 \u251c\u2500\u2500 minio-operator.clusterserviceversion.yaml\n \u2502 \u251c\u2500\u2500 minio.min.io_tenants.yaml\n \u2502 \u251c\u2500\u2500 operator_v1_service.yaml\n \u2502 \u251c\u2500\u2500 sts.min.io_policybindings.yaml\n \u2502 \u2514\u2500\u2500 sts_v1_service.yaml\n \u2514\u2500\u2500 metadata\n \u2514\u2500\u2500 annotations.yaml\n\n3 directories, 9 files\n
Replace all image addresses in the minio-operator/manifests/minio-operator.clusterserviceversion.yaml file with the image addresses from the offline container registry.
Before replacement:
After replacement:
Generate a Dockerfile for building the bundle image.
$ docker run --user root -v $PWD:/minio-operator -w /minio-operator ${OPM_IMG} alpha bundle generate --channels stable,beta -d /minio-operator/minio-operator/manifests -e stable -p minio-operator \u00a0\n\n# Expected result\n.\n\u251c\u2500\u2500 bundle.Dockerfile\n\u2514\u2500\u2500 minio-operator\n \u251c\u2500\u2500 manifests\n \u2502 \u251c\u2500\u2500 console-env_v1_configmap.yaml\n \u2502 \u251c\u2500\u2500 console-sa-secret_v1_secret.yaml\n \u2502 \u251c\u2500\u2500 console_v1_service.yaml\n \u2502 \u251c\u2500\u2500 minio-operator.clusterserviceversion.yaml\n \u2502 \u251c\u2500\u2500 minio.min.io_tenants.yaml\n \u2502 \u251c\u2500\u2500 operator_v1_service.yaml\n \u2502 \u251c\u2500\u2500 sts.min.io_policybindings.yaml\n \u2502 \u2514\u2500\u2500 sts_v1_service.yaml\n \u2514\u2500\u2500 metadata\n \u2514\u2500\u2500 annotations.yaml\n\n3 directories, 10 files\n
Build the bundle image and push it to the offline registry.
# Set the new bundle image\nexport OFFLINE_BUNDLE_IMG=10.5.14.200/quay.m.daocloud.io/operatorhubio/minio-operator:v5.0.3-offline \n\n$ docker build . -f bundle.Dockerfile -t ${OFFLINE_BUNDLE_IMG} \u00a0\n\n$ docker push ${OFFLINE_BUNDLE_IMG}\n
Generate a Dockerfile for building the catalog image.
$ docker run --user root -v $PWD:/minio-operator -w /minio-operator ${OPM_IMG} index add --bundles ${OFFLINE_BUNDLE_IMG} --generate --binary-image ${OPM_IMG} --skip-tls-verify\n\n# Expected result\n.\n\u251c\u2500\u2500 bundle.Dockerfile\n\u251c\u2500\u2500 database\n\u2502 \u2514\u2500\u2500 index.db\n\u251c\u2500\u2500 index.Dockerfile\n\u2514\u2500\u2500 minio-operator\n \u251c\u2500\u2500 manifests\n \u2502 \u251c\u2500\u2500 console-env_v1_configmap.yaml\n \u2502 \u251c\u2500\u2500 console-sa-secret_v1_secret.yaml\n \u2502 \u251c\u2500\u2500 console_v1_service.yaml\n \u2502 \u251c\u2500\u2500 minio.min.io_tenants.yaml\n \u2502 \u251c\u2500\u2500 minio-operator.clusterserviceversion.yaml\n \u2502 \u251c\u2500\u2500 operator_v1_service.yaml\n \u2502 \u251c\u2500\u2500 sts.min.io_policybindings.yaml\n \u2502 \u2514\u2500\u2500 sts_v1_service.yaml\n \u2514\u2500\u2500 metadata\n \u2514\u2500\u2500 annotations.yaml\n\n4 directories, 12 files\n
Build the catalog image.
# Set the new catalog image \nexport OFFLINE_CATALOG_IMG=10.5.14.200/release.daocloud.io/operator-framework/system-operator-index:v0.1.0-offline\n\n$ docker build . -f index.Dockerfile -t ${OFFLINE_CATALOG_IMG} \n\n$ docker push ${OFFLINE_CATALOG_IMG}\n
Go to Container Management and update the built-in catsrc image for the Helm App olm (enter the catalog image specified in the construction of the catalog image, ${catalog-image} ).
After the update is successful, the minio-operator component will appear in the Operator Hub.
Container management implements authorization based on global authority management and global user/group management. If you need to grant users the highest authority for container management (can create, manage, and delete all clusters), refer to What are Access Control.
"},{"location":"en/admin/kpanda/permissions/cluster-ns-auth.html#prerequisites","title":"Prerequisites","text":"Before authorizing users/groups, complete the following preparations:
The user/group to be authorized has been created in the global management, refer to user.
Only Kpanda Owner and Cluster Admin
of the current cluster have Cluster authorization capability. For details, refer to Permission Description.
only Kpanda Owner , Cluster Admin
for the current cluster, NS Admin
of the current namespace has namespace authorization capability.
After the user logs in to the platform, click Privilege Management under Container Management on the left menu bar, which is located on the Cluster Permissions tab by default.
Click the Add Authorization button.
On the Add Cluster Permission page, select the target cluster, the user/group to be authorized, and click OK .
Currently, the only cluster role supported is Cluster Admin . For details about permissions, refer to Permission Description. If you need to authorize multiple users/groups at the same time, you can click Add User Permissions to add multiple times.
Return to the cluster permission management page, and a message appears on the screen: Cluster permission added successfully .
After the user logs in to the platform, click Permissions under Container Management on the left menu bar, and click the Namespace Permissions tab.
Click the Add Authorization button. On the Add Namespace Permission page, select the target cluster, target namespace, and user/group to be authorized, and click OK .
The currently supported namespace roles are NS Admin, NS Editor, and NS Viewer. For details about permissions, refer to Permission Description. If you need to authorize multiple users/groups at the same time, you can click Add User Permission to add multiple times. Click OK to complete the permission authorization.
Return to the namespace permission management page, and a message appears on the screen: Cluster permission added successfully .
Tip
If you need to delete or edit permissions later, you can click \u2507 on the right side of the list and select Edit or Delete .
In the past, the RBAC rules for those system roles in container management were pre-defined and could not be modified by users. To support more flexible permission settings and to meet the customized needs for system roles, now you can modify RBAC rules for system roles such as cluster admin, ns admin, ns editor, ns viewer.
The following example demonstrates how to add a new ns-view rule, granting the authority to delete workload deployments. Similar operations can be performed for other rules.
"},{"location":"en/admin/kpanda/permissions/custom-kpanda-role.html#prerequisites","title":"Prerequisites","text":"Before adding RBAC rules to system roles, the following prerequisites must be met:
Note
Only ClusterRoles with fixed Label are supported for adding rules. Replacing or deleting rules is not supported, nor is adding rules by using role. The correspondence between built-in roles and ClusterRole Label created by users is as follows.
cluster-admin: rbac.kpanda.io/role-template-cluster-admin: \"true\"\ncluster-edit: rbac.kpanda.io/role-template-cluster-edit: \"true\"\ncluster-view: rbac.kpanda.io/role-template-cluster-view: \"true\"\nns-admin: rbac.kpanda.io/role-template-ns-admin: \"true\"\nns-edit: rbac.kpanda.io/role-template-ns-edit: \"true\"\nns-view: rbac.kpanda.io/role-template-ns-view: \"true\"\n
Create a deployment by a user with admin
or cluster admin
permissions.
Grant a user the ns-viewer
role to provide them with the ns-view
permission.
Switch the login user to ns-viewer, open the console to get the token for the ns-viewer user, and use curl
to request and delete the nginx deployment mentioned above. However, a prompt appears as below, indicating the user doesn't have permission to delete it.
[root@master-01 ~]# curl -k -X DELETE 'https://${URL}/apis/kpanda.io/v1alpha1/clusters/cluster-member/namespaces/default/deployments/nginx' -H 'authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJOU044MG9BclBRMzUwZ2VVU2ZyNy1xMEREVWY4MmEtZmJqR05uRE1sd1lFIn0.eyJleHAiOjE3MTU3NjY1NzksImlhdCI6MTcxNTY4MDE3OSwiYXV0aF90aW1lIjoxNzE1NjgwMTc3LCJqdGkiOiIxZjI3MzJlNC1jYjFhLTQ4OTktYjBiZC1iN2IxZWY1MzAxNDEiLCJpc3MiOiJodHRwczovLzEwLjYuMjAxLjIwMTozMDE0Ny9hdXRoL3JlYWxtcy9naGlwcG8iLCJhdWQiOiJfX2ludGVybmFsLWdoaXBwbyIsInN1YiI6ImMxZmMxM2ViLTAwZGUtNDFiYS05ZTllLWE5OGU2OGM0MmVmMCIsInR5cCI6IklEIiwiYXpwIjoiX19pbnRlcm5hbC1naGlwcG8iLCJzZXNzaW9uX3N0YXRlIjoiMGJjZWRjZTctMTliYS00NmU1LTkwYmUtOTliMWY2MWEyNzI0IiwiYXRfaGFzaCI6IlJhTHoyQjlKQ2FNc1RrbGVMR3V6blEiLCJhY3IiOiIwIiwic2lkIjoiMGJjZWRjZTctMTliYS00NmU1LTkwYmUtOTliMWY2MWEyNzI0IiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJncm91cHMiOltdLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJucy12aWV3ZXIiLCJsb2NhbGUiOiIifQ.As2ipMjfvzvgONAGlc9RnqOd3zMwAj82VXlcqcR74ZK9tAq3Q4ruQ1a6WuIfqiq8Kq4F77ljwwzYUuunfBli2zhU2II8zyxVhLoCEBu4pBVBd_oJyUycXuNa6HfQGnl36E1M7-_QG8b-_T51wFxxVb5b7SEDE1AvIf54NAlAr-rhDmGRdOK1c9CohQcS00ab52MD3IPiFFZ8_Iljnii-RpXKZoTjdcULJVn_uZNk_SzSUK-7MVWmPBK15m6sNktOMSf0pCObKWRqHd15JSe-2aA2PKBo1jBH3tHbOgZyMPdsLI0QdmEnKB5FiiOeMpwn_oHnT6IjT-BZlB18VkW8rA'\n{\"code\":7,\"message\":\"[RBAC] delete resources(deployments: nginx) is forbidden for user(ns-viewer) in cluster(cluster-member)\",\"details\":[]}[root@master-01 ~]#\n[root@master-01 ~]#\n
Create a ClusterRole on the global cluster, as shown in the yaml below.
apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n name: append-ns-view # (1)!\n labels:\n rbac.kpanda.io/role-template-ns-view: \"true\" # (2)!\nrules:\n - apiGroups: [ \"apps\" ]\n resources: [ \"deployments\" ]\n verbs: [ \"delete\" ]\n
Wait for the kpanda controller to add a rule of user creation to the built-in role: ns-viewer, then you can check if the rules added in the previous step are present for ns-viewer.
[root@master-01 ~]# kubectl get clusterrole role-template-ns-view -oyaml|grep deployments -C 10|tail -n 6\n
- apiGroups:\n - apps\n resources:\n - deployments\n verbs:\n - delete\n
When using curl again to request the deletion of the aforementioned nginx deployment, this time the deletion was successful. This means that ns-viewer has successfully added the rule to delete deployments.
[root@master-01 ~]# curl -k -X DELETE 'https://${URL}/apis/kpanda.io/v1alpha1/clusters/cluster-member/namespaces/default/deployments/nginx' -H 'authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJOU044MG9BclBRMzUwZ2VVU2ZyNy1xMEREVWY4MmEtZmJqR05uRE1sd1lFIn0.eyJleHAiOjE3MTU3NjY1NzksImlhdCI6MTcxNTY4MDE3OSwiYXV0aF90aW1lIjoxNzE1NjgwMTc3LCJqdGkiOiIxZjI3MzJlNC1jYjFhLTQ4OTktYjBiZC1iN2IxZWY1MzAxNDEiLCJpc3MiOiJodHRwczovLzEwLjYuMjAxLjIwMTozMDE0Ny9hdXRoL3JlYWxtcy9naGlwcG8iLCJhdWQiOiJfX2ludGVybmFsLWdoaXBwbyIsInN1YiI6ImMxZmMxM2ViLTAwZGUtNDFiYS05ZTllLWE5OGU2OGM0MmVmMCIsInR5cCI6IklEIiwiYXpwIjoiX19pbnRlcm5hbC1naGlwcG8iLCJzZXNzaW9uX3N0YXRlIjoiMGJjZWRjZTctMTliYS00NmU1LTkwYmUtOTliMWY2MWEyNzI0IiwiYXRfaGFzaCI6IlJhTHoyQjlKQ2FNc1RrbGVMR3V6blEiLCJhY3IiOiIwIiwic2lkIjoiMGJjZWRjZTctMTliYS00NmU1LTkwYmUtOTliMWY2MWEyNzI0IiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJncm91cHMiOltdLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJucy12aWV3ZXIiLCJsb2NhbGUiOiIifQ.As2ipMjfvzvgONAGlc9RnqOd3zMwAj82VXlcqcR74ZK9tAq3Q4ruQ1a6WuIfqiq8Kq4F77ljwwzYUuunfBli2zhU2II8zyxVhLoCEBu4pBVBd_oJyUycXuNa6HfQGnl36E1M7-_QG8b-_T51wFxxVb5b7SEDE1AvIf54NAlAr-rhDmGRdOK1c9CohQcS00ab52MD3IPiFFZ8_Iljnii-RpXKZoTjdcULJVn_uZNk_SzSUK-7MVWmPBK15m6sNktOMSf0pCObKWRqHd15JSe-2aA2PKBo1jBH3tHbOgZyMPdsLI0QdmEnKB5FiiOeMpwn_oHnT6IjT-BZlB18VkW8rA'\n
Container management permissions are based on a multi-dimensional permission management system created by global permission management and Kubernetes RBAC permission management. It supports cluster-level and namespace-level permission control, helping users to conveniently and flexibly set different operation permissions for IAM users and groups (collections of users) under a tenant.
"},{"location":"en/admin/kpanda/permissions/permission-brief.html#cluster-permissions","title":"Cluster Permissions","text":"Cluster permissions are authorized based on Kubernetes RBAC's ClusterRoleBinding, allowing users/groups to have cluster-related permissions. The current default cluster role is Cluster Admin (does not have the permission to create or delete clusters).
"},{"location":"en/admin/kpanda/permissions/permission-brief.html#cluster-admin","title":"Cluster Admin","text":"Cluster Admin has the following permissions:
The YAML example for this cluster role is as follows:
apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n annotations:\n kpanda.io/creator: system\n creationTimestamp: \"2022-06-16T09:42:49Z\"\n labels:\n iam.kpanda.io/role-template: \"true\"\n name: role-template-cluster-admin\n resourceVersion: \"15168\"\n uid: f8f86d42-d5ef-47aa-b284-097615795076\nrules:\n- apiGroups:\n - '*'\n resources:\n - '*'\n verbs:\n - '*'\n- nonResourceURLs:\n - '*'\n verbs:\n - '*'\n
"},{"location":"en/admin/kpanda/permissions/permission-brief.html#namespace-permissions","title":"Namespace Permissions","text":"Namespace permissions are authorized based on Kubernetes RBAC capabilities, allowing different users/groups to have different operation permissions on resources under a namespace (including Kubernetes API permissions). For details, refer to: Kubernetes RBAC. Currently, the default roles for container management are: NS Admin, NS Editor, NS Viewer.
"},{"location":"en/admin/kpanda/permissions/permission-brief.html#ns-admin","title":"NS Admin","text":"NS Admin has the following permissions:
The YAML example for this cluster role is as follows:
apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n annotations:\n kpanda.io/creator: system\n creationTimestamp: \"2022-06-16T09:42:49Z\"\n labels:\n iam.kpanda.io/role-template: \"true\"\n name: role-template-ns-admin\n resourceVersion: \"15173\"\n uid: 69f64c7e-70e7-4c7c-a3e0-053f507f2bc3\nrules:\n- apiGroups:\n - '*'\n resources:\n - '*'\n verbs:\n - '*'\n- nonResourceURLs:\n - '*'\n verbs:\n - '*' \n
"},{"location":"en/admin/kpanda/permissions/permission-brief.html#ns-editor","title":"NS Editor","text":"NS Editor has the following permissions:
apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n annotations:\n kpanda.io/creator: system\n creationTimestamp: \"2022-06-16T09:42:50Z\"\n labels:\n iam.kpanda.io/role-template: \"true\"\n name: role-template-ns-edit\n resourceVersion: \"15175\"\n uid: ca9e690e-96c0-4978-8915-6e4c00c748fe\nrules:\n- apiGroups:\n - \"\"\n resources:\n - configmaps\n - endpoints\n - persistentvolumeclaims\n - persistentvolumeclaims/status\n - pods\n - replicationcontrollers\n - replicationcontrollers/scale\n - serviceaccounts\n - services\n - services/status\n verbs:\n - '*'\n- apiGroups:\n - \"\"\n resources:\n - bindings\n - events\n - limitranges\n - namespaces/status\n - pods/log\n - pods/status\n - replicationcontrollers/status\n - resourcequotas\n - resourcequotas/status\n verbs:\n - '*'\n- apiGroups:\n - \"\"\n resources:\n - namespaces\n verbs:\n - '*'\n- apiGroups:\n - apps\n resources:\n - controllerrevisions\n - daemonsets\n - daemonsets/status\n - deployments\n - deployments/scale\n - deployments/status\n - replicasets\n - replicasets/scale\n - replicasets/status\n - statefulsets\n - statefulsets/scale\n - statefulsets/status\n verbs:\n - '*'\n- apiGroups:\n - autoscaling\n resources:\n - horizontalpodautoscalers\n - horizontalpodautoscalers/status\n verbs:\n - '*'\n- apiGroups:\n - batch\n resources:\n - cronjobs\n - cronjobs/status\n - jobs\n - jobs/status\n verbs:\n - '*'\n- apiGroups:\n - extensions\n resources:\n - daemonsets\n - daemonsets/status\n - deployments\n - deployments/scale\n - deployments/status\n - ingresses\n - ingresses/status\n - networkpolicies\n - replicasets\n - replicasets/scale\n - replicasets/status\n - replicationcontrollers/scale\n verbs:\n - '*'\n- apiGroups:\n - policy\n resources:\n - poddisruptionbudgets\n - poddisruptionbudgets/status\n verbs:\n - '*'\n- apiGroups:\n - networking.k8s.io\n resources:\n - ingresses\n - ingresses/status\n - networkpolicies\n verbs:\n - '*' \n
"},{"location":"en/admin/kpanda/permissions/permission-brief.html#ns-viewer","title":"NS Viewer","text":"NS Viewer has the following permissions:
apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n annotations:\n kpanda.io/creator: system\n creationTimestamp: \"2022-06-16T09:42:50Z\"\n labels:\n iam.kpanda.io/role-template: \"true\"\n name: role-template-ns-view\n resourceVersion: \"15183\"\n uid: 853888fd-6ee8-42ac-b91e-63923918baf8\nrules:\n- apiGroups:\n - \"\"\n resources:\n - configmaps\n - endpoints\n - persistentvolumeclaims\n - persistentvolumeclaims/status\n - pods\n - replicationcontrollers\n - replicationcontrollers/scale\n - serviceaccounts\n - services\n - services/status\n verbs:\n - get\n - list\n - watch\n- apiGroups:\n - \"\"\n resources:\n - bindings\n - events\n - limitranges\n - namespaces/status\n - pods/log\n - pods/status\n - replicationcontrollers/status\n - resourcequotas\n - resourcequotas/status\n verbs:\n - get\n - list\n - watch\n- apiGroups:\n - \"\"\n resources:\n - namespaces\n verbs:\n - get\n - list\n - watch\n- apiGroups:\n - apps\n resources:\n - controllerrevisions\n - daemonsets\n - daemonsets/status\n - deployments\n - deployments/scale\n - deployments/status\n - replicasets\n - replicasets/scale\n - replicasets/status\n - statefulsets\n - statefulsets/scale\n - statefulsets/status\n verbs:\n - get\n - list\n - watch\n- apiGroups:\n - autoscaling\n resources:\n - horizontalpodautoscalers\n - horizontalpodautoscalers/status\n verbs:\n - get\n - list\n - watch\n- apiGroups:\n - batch\n resources:\n - cronjobs\n - cronjobs/status\n - jobs\n - jobs/status\n verbs:\n - get\n - list\n - watch\n- apiGroups:\n - extensions\n resources:\n - daemonsets\n - daemonsets/status\n - deployments\n - deployments/scale\n - deployments/status\n - ingresses\n - ingresses/status\n - networkpolicies\n - replicasets\n - replicasets/scale\n - replicasets/status\n - replicationcontrollers/scale\n verbs:\n - get\n - list\n - watch\n- apiGroups:\n - policy\n resources:\n - poddisruptionbudgets\n - poddisruptionbudgets/status\n verbs:\n - get\n - list\n - watch\n- apiGroups:\n - networking.k8s.io\n resources:\n - ingresses\n - ingresses/status\n - networkpolicies\n verbs:\n - get\n - list\n - watch \n
"},{"location":"en/admin/kpanda/permissions/permission-brief.html#permissions-faq","title":"Permissions FAQ","text":"What is the relationship between global permissions and container management permissions?
Answer: Global permissions only authorize coarse-grained permissions, which can manage the creation, editing, and deletion of all clusters; while for fine-grained permissions, such as the management permissions of a single cluster, the management, editing, and deletion permissions of a single namespace, they need to be implemented based on Kubernetes RBAC container management permissions. Generally, users only need to be authorized in container management.
Currently, only four default roles are supported. Can the RoleBinding and ClusterRoleBinding (Kubernetes fine-grained RBAC) for custom roles also take effect?
Answer: Currently, custom permissions cannot be managed through the graphical interface, but the permission rules created using kubectl can still take effect.
Suanova AI platform supports elastic scaling of Pod resources based on metrics (Horizontal Pod Autoscaling, HPA). Users can dynamically adjust the number of copies of Pod resources by setting CPU utilization, memory usage, and custom metrics. For example, after setting an auto scaling policy based on the CPU utilization metric for the workload, when the CPU utilization of the Pod exceeds/belows the metric threshold you set, the workload controller will automatically increase/decrease the number of Pod replicas.
This page describes how to configure auto scaling based on built-in metrics and custom metrics for workloads.
Note
The system has two built-in elastic scaling metrics of CPU and memory to meet users' basic business cases.
"},{"location":"en/admin/kpanda/scale/create-hpa.html#prerequisites","title":"Prerequisites","text":"Before configuring the built-in index auto scaling policy for the workload, the following prerequisites need to be met:
Integrated the Kubernetes cluster or created the Kubernetes cluster, and you can access the UI interface of the cluster.
Created a namespace, deployment or statefulset.
You should have permissions not lower than NS Editor. For details, refer to Namespace Authorization.
Installed metrics-server plugin install.
Refer to the following steps to configure the built-in index auto scaling policy for the workload.
Click Clusters on the left navigation bar to enter the cluster list page. Click a cluster name to enter the Cluster Details page.
On the cluster details page, click Workload in the left navigation bar to enter the workload list, and then click a workload name to enter the Workload Details page.
Click the Auto Scaling tab to view the auto scaling configuration of the current cluster.
After confirming that the cluster has installed the metrics-server plug-in, and the plug-in is running normally, you can click the New Scaling button.
Create custom metric auto scaling policy parameters.
After completing the parameter configuration, click the OK button to automatically return to the elastic scaling details page. Click \u2507 on the right side of the list to edit, delete, and view related events.
The container Vertical Pod Autoscaler (VPA) calculates the most suitable CPU and memory request values \u200b\u200bfor the Pod by monitoring the Pod's resource application and usage over a period of time. Using VPA can allocate resources to each Pod in the cluster more reasonably, improve the overall resource utilization of the cluster, and avoid waste of cluster resources.
AI platform supports VPA through containers. Based on this feature, the Pod request value can be dynamically adjusted according to the usage of container resources. AI platform supports manual and automatic modification of resource request values, and you can configure them according to actual needs.
This page describes how to configure VPA for deployment.
Warning
Using VPA to modify a Pod resource request will trigger a Pod restart. Due to the limitations of Kubernetes itself, Pods may be scheduled to other nodes after restarting.
"},{"location":"en/admin/kpanda/scale/create-vpa.html#prerequisites","title":"Prerequisites","text":"Before configuring a vertical scaling policy for deployment, the following prerequisites must be met:
In the Container Management module Integrate Kubernetes Cluster or Create Kubernetes Cluster, and can access the cluster UI interface.
Create a namespace, user, Deployments or Statefulsets.
The current operating user should have NS Editor or higher permissions, for details, refer to Namespace Authorization.
The current cluster has installed metrics-server and VPA plugins.
Refer to the following steps to configure the built-in index auto scaling policy for the deployment.
Find the current cluster in Clusters , and click the name of the target cluster.
Click Deployments in the left navigation bar, find the deployment that needs to create a VPA, and click the name of the deployment.
Click the Auto Scaling tab to view the auto scaling configuration of the current cluster, and confirm that the relevant plug-ins have been installed and are running normally.
Click the Create Autoscaler button and configure the VPA vertical scaling policy parameters.
After completing the parameter configuration, click the OK button to automatically return to the elastic scaling details page. Click \u2507 on the right side of the list to perform edit and delete operations.
When the built-in CPU and memory metrics in the system do not meet your business needs, you can add custom metrics by configuring ServiceMonitoring and achieve auto-scaling based on these custom metrics. This article will introduce how to configure auto-scaling for workloads based on custom metrics.
Note
Before configuring the custom metrics auto-scaling policy for workloads, the following prerequisites must be met:
Refer to the following steps to configure the auto-scaling policy based on metrics for workloads.
Click Clusters in the left navigation bar to enter the clusters page. Click a cluster name to enter the Cluster Overview page.
On the Cluster Details page, click Workloads in the left navigation bar to enter the workload list, and click a workload name to enter the Workload Details page.
Click the Auto Scaling tab to view the current autoscaling configuration of the cluster.
Confirm that the cluster has installed metrics-server, Insight, and Prometheus-adapter plugins, and that the plugins are running normally, then click the Create AutoScaler button.
Note
If the related plugins are not installed or the plugins are in an abnormal state, you will not be able to see the entry for creating custom metrics auto-scaling on the page.
Create custom metrics auto-scaling policy parameters.
This case takes a Golang business program as an example. The example program exposes the httpserver_requests_total
metric and records HTTP requests. This metric can be used to calculate the QPS value of the business program.
Use Deployment to deploy the business program:
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: httpserver\n namespace: httpserver\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: httpserver\n template:\n metadata:\n labels:\n app: httpserver\n spec:\n containers:\n - name: httpserver\n image: registry.imroc.cc/test/httpserver:custom-metrics\n imagePullPolicy: Always\n---\n\napiVersion: v1\nkind: Service\nmetadata:\n name: httpserver\n namespace: httpserver\n labels:\n app: httpserver\n annotations:\n prometheus.io/scrape: \"true\"\n prometheus.io/path: \"/metrics\"\n prometheus.io/port: \"http\"\nspec:\n type: ClusterIP\n ports:\n - port: 80\n protocol: TCP\n name: http\n selector:\n app: httpserver\n
"},{"location":"en/admin/kpanda/scale/custom-hpa.html#prometheus-collects-business-monitoring","title":"Prometheus Collects Business Monitoring","text":"If the insight-agent is installed, Prometheus can be configured by creating a ServiceMonitor CRD object.
Operation steps: In Cluster Details -> Custom Resources, search for \u201cservicemonitors.monitoring.coreos.com\", click the name to enter the details. Create the following example CRD in the httpserver namespace via YAML:
apiVersion: monitoring.coreos.com/v1\nkind: ServiceMonitor\nmetadata:\n name: httpserver\n namespace: httpserver\n labels:\n operator.insight.io/managed-by: insight\nspec:\n endpoints:\n - port: http\n interval: 5s\n namespaceSelector:\n matchNames:\n - httpserver\n selector:\n matchLabels:\n app: httpserver\n
Note
If Prometheus is installed via insight, the serviceMonitor must be labeled with operator.insight.io/managed-by: insight
. If installed by other means, this label is not required.
steps: In Clusters -> Helm Apps, search for \u201cprometheus-adapter\",enter the update page through the action bar, and configure custom metrics in YAML as follows:
rules:\n custom:\n - metricsQuery: sum(rate(<<.Series>>{<<.LabelMatchers>>}[1m])) by (<<.GroupBy>>)\n name:\n as: httpserver_requests_qps\n matches: httpserver_requests_total\n resources:\n template: <<.Resource>>\n seriesQuery: httpserver_requests_total\n
"},{"location":"en/admin/kpanda/scale/custom-hpa.html#create-custom-metrics-auto-scaling-policy-parameters","title":"Create Custom Metrics Auto-scaling Policy Parameters","text":"Follow the above steps to find the application httpserver in the Deployment and create auto-scaling via custom metrics.
"},{"location":"en/admin/kpanda/scale/hpa-cronhpa-compatibility-rules.html","title":"Compatibility Rules for HPA and CronHPA","text":"HPA stands for HorizontalPodAutoscaler, which refers to horizontal pod auto-scaling.
CronHPA stands for Cron HorizontalPodAutoscaler, which refers to scheduled horizontal pod auto-scaling.
"},{"location":"en/admin/kpanda/scale/hpa-cronhpa-compatibility-rules.html#conflict-between-cronhpa-and-hpa","title":"Conflict Between CronHPA and HPA","text":"Scheduled scaling with CronHPA triggers horizontal pod scaling at specified times. To prevent sudden traffic surges, you may have configured HPA to ensure the normal operation of your application. If both HPA and CronHPA are detected simultaneously, conflicts arise because CronHPA and HPA operate independently without awareness of each other. Consequently, the actions performed last will override those executed first.
By comparing the definition templates of CronHPA and HPA, the following points can be observed:
scaleTargetRef
field to identify the scaling target.Note
If both CronHPA and HPA are set, there will be scenarios where CronHPA and HPA simultaneously operate on a single scaleTargetRef
.
As noted above, the fundamental reason that simultaneous use of CronHPA and HPA results in the later action overriding the earlier one is that the two controllers cannot sense each other. Therefore, the conflict can be resolved by enabling CronHPA to be aware of HPA's current state.
The system will treat HPA as the scaling object for CronHPA, thus achieving scheduled scaling for the Deployment object defined by the HPA.
HPA's definition configures the Deployment in the scaleTargetRef
field, and then the Deployment uses its definition to locate the ReplicaSet, which ultimately adjusts the actual number of replicas.
In AI platform, the scaleTargetRef
in CronHPA is set to the HPA object, and it uses the HPA object to find the actual scaleTargetRef
, allowing CronHPA to be aware of HPA's current state.
CronHPA senses HPA by adjusting HPA. CronHPA determines whether scaling is needed and modifies the HPA upper limit by comparing the target number of replicas with the current number of replicas, choosing the larger value. Similarly, CronHPA determines whether to modify the HPA lower limit by comparing the target number of replicas from CronHPA with the configuration in HPA, choosing the smaller value.
"},{"location":"en/admin/kpanda/scale/install-cronhpa.html","title":"Install kubernetes-cronhpa-controller","text":"The container copy timing horizontal autoscaling policy (CronHPA) can provide stable computing resource guarantee for periodic high-concurrency applications, and kubernetes-cronhpa-controller is a key component to implement CronHPA.
This section describes how to install the kubernetes-cronhpa-controller plugin.
Note
In order to use CornHPA, not only the kubernetes-cronhpa-controller plugin needs to be installed, but also install the metrics-server plugin.
"},{"location":"en/admin/kpanda/scale/install-cronhpa.html#prerequisites","title":"Prerequisites","text":"Before installing the kubernetes-cronhpa-controller plugin, the following prerequisites need to be met:
In the Container Management module Integrate Kubernetes Cluster or Create Kubernetes Cluster, and can access the cluster UI interface.
Create a namespace.
The current operating user should have NS Editor or higher permissions, for details, refer to Namespace Authorization.
Refer to the following steps to install the kubernetes-cronhpa-controller plugin for the cluster.
On the Clusters page, find the target cluster where the plugin needs to be installed, click the name of the cluster, then click Workloads -> Deployments on the left, and click the name of the target workload.
On the workload details page, click the Auto Scaling tab, and click Install on the right side of CronHPA .
Read the relevant introduction of the plug-in, select the version and click the Install button. It is recommended to install 1.3.0 or later.
Refer to the following instructions to configure the parameters.
Note
After enabling ready wait and/or failed deletion , it takes a long time for the application to be marked as \"running\".
Click OK in the lower right corner of the page, and the system will automatically jump to the Helm Apps list page. Wait a few minutes and refresh the page to see the application you just installed.
Warning
If you need to delete the kubernetes-cronhpa-controller plugin, you should go to the Helm Apps list page to delete it completely.
If you delete the plug-in under the Auto Scaling tab of the workload, this only deletes the workload copy of the plug-in, and the plug-in itself is still not deleted, and an error will be prompted when the plug-in is reinstalled later.
Go back to the Auto Scaling tab under the workload details page, and you can see that the interface displays Plug-in installed . Now it's time to start creating CronHPA policies.
metrics-server is the built-in resource usage metrics collection component of Kubernetes. You can automatically scale Pod copies horizontally for workload resources by configuring HPA policies.
This section describes how to install metrics-server .
"},{"location":"en/admin/kpanda/scale/install-metrics-server.html#prerequisites","title":"Prerequisites","text":"Before installing the metrics-server plugin, the following prerequisites need to be met:
Integrated the Kubernetes cluster or created the Kubernetes cluster, and you can access the UI interface of the cluster.
Created a namespace.
You should have permissions not lower than NS Editor. For details, refer to Namespace Authorization.
Please perform the following steps to install the metrics-server plugin for the cluster.
On the Auto Scaling page under workload details, click the Install button to enter the metrics-server plug-in installation interface.
Read the introduction of the metrics-server plugin, select the version and click the Install button. This page will use the 3.8.2 version as an example to install, and it is recommended that you install 3.8.2 and later versions.
Configure basic parameters on the installation configuration interface.
Note
After enabling Wait and/or Deletion failed , it takes a long time for the app to be marked as Running .
Advanced parameter configuration
If the cluster network cannot access the k8s.gcr.io repository, please try to modify the repositort parameter to repository: k8s.m.daocloud.io/metrics-server/metrics-server .
An SSL certificate is also required to install the metrics-server plugin. To bypass certificate verification, you need to add - --kubelet-insecure-tls parameter at defaultArgs: .
image:\n repository: k8s.m.daocloud.io/metrics-server/metrics-server # Change the registry source address to k8s.m.daocloud.io\n tag: ''\n pullPolicy: IfNotPresent\nimagePullSecrets: []\nnameOverride: ''\nfullnameOverride: ''\nserviceAccount:\n create: true\n annotations: {}\n name: ''\nrbac:\n create: true\n pspEnabled: false\napiService:\n create: true\npodLabels: {}\npodAnnotations: {}\npodSecurityContext: {}\nsecurityContext:\n allowPrivilegeEscalation: false\n readOnlyRootFilesystem: true\n runAsNonRoot: true\n runAsUser: 1000\npriorityClassName: system-cluster-critical\ncontainerPort: 4443\nhostNetwork:\n enabled: false\nreplicas: 1\nupdateStrategy: {}\npodDisruptionBudget:\n enabled: false\n minAvailable: null\n maxUnavailable: null\ndefaultArgs:\n - '--cert-dir=/tmp'\n - '--kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname'\n - '--kubelet-use-node-status-port'\n - '--metric-resolution=15s'\n - --kubelet-insecure-tls # Bypass certificate verification\nargs: []\nlivenessProbe:\n httpGet:\n path: /livez\n port:https\n scheme: HTTPS\n initialDelaySeconds: 0\n periodSeconds: 10\n failureThreshold: 3\nreadinessProbe:\n httpGet:\n path: /readyz\n port:https\n scheme: HTTPS\n initialDelaySeconds: 20\n periodSeconds: 10\n failureThreshold: 3\nservice:\n type: ClusterIP\n port: 443\n annotations: {}\n labels: {}\nmetrics:\n enabled: false\nserviceMonitor:\n enabled: false\n additionalLabels: {}\n interval: 1m\n scrapeTimeout: 10s\nresources: {}\nextraVolumeMounts: []\nextraVolumes: []\nnodeSelector: {}\ntolerations: []\naffinity: {}\n
Click the OK button to complete the installation of the metrics-server plug-in, and then the system will automatically jump to the Helm Apps list page. After a few minutes, refresh the page and you will see the newly installed Applications.
Note
When deleting the metrics-server plugin, the plugin can only be completely deleted on the Helm Apps list page. If you only delete metrics-server on the workload page, this only deletes the workload copy of the application, the application itself is still not deleted, and an error will be prompted when you reinstall the plugin later.
"},{"location":"en/admin/kpanda/scale/install-vpa.html","title":"Install vpa","text":"The Vertical Pod Autoscaler, VPA, can make the resource allocation of the cluster more reasonable and avoid the waste of cluster resources. vpa is the key component to realize the vertical autoscaling of the container.
This section describes how to install the vpa plugin.
In order to use VPA policies, not only the __vpa__ plugin needs to be installed, but also [install the __metrics-server__ plugin](install-metrics-server.md).\n
"},{"location":"en/admin/kpanda/scale/install-vpa.html#prerequisites","title":"Prerequisites","text":"Before installing the vpa plugin, the following prerequisites need to be met:
In the Container Management module Integrate Kubernetes Cluster or Create Kubernetes Cluster, and can access the cluster UI interface.
Create a namespace.
The current operating user should have NS Editor or higher permissions, for details, refer to Namespace Authorization.
Refer to the following steps to install the vpa plugin for the cluster.
On the Clusters page, find the target cluster where the plugin needs to be installed, click the name of the cluster, then click Workloads -> Deployments on the left, and click the name of the target workload.
On the workload details page, click the Auto Scaling tab, and click Install on the right side of VPA .
Read the relevant introduction of the plug-in, select the version and click the Install button. It is recommended to install 1.5.0 or later.
Review the configuration parameters described below.
Note
After enabling Wait and/or Deletion failed , it takes a long time for the application to be marked as running .
Click OK in the lower right corner of the page, and the system will automatically jump to the Helm Apps list page. Wait a few minutes and refresh the page to see the application you just installed.
Warning
If you need to delete the vpa plugin, you should go to the Helm Apps list page to delete it completely.
If you delete the plug-in under the Auto Scaling tab of the workload, this only deletes the workload copy of the plug-in, and the plug-in itself is still not deleted, and an error will be prompted when the plug-in is reinstalled later.
Go back to the Auto Scaling tab under the workload details page, and you can see that the interface displays Plug-in installed . Now you can start Create VPA policy.
Knative is a platform-agnostic solution for running serverless deployments.
"},{"location":"en/admin/kpanda/scale/knative/install.html#steps","title":"Steps","text":"Log in to the cluster, click the sidebar Helm Apps \u2192 Helm Charts , enter knative in the search box at the top right, and then press the enter key to search.
Click the knative-operator to enter the installation configuration interface. You can view the available versions and the Parameters optional items of Helm values on this interface.
After clicking the install button, you will enter the installation configuration interface.
Enter the name, installation tenant, and it is recommended to check Wait and Detailed Logs .
In the settings below, you can tick Serving and enter the installation tenant of the Knative Serving component, which will deploy the Knative Serving component after installation. This component is managed by the Knative Operator.
Knative provides a higher level of abstraction, simplifying and speeding up the process of building, deploying, and managing applications on Kubernetes. It allows developers to focus more on implementing business logic, while leaving most of the infrastructure and operations work to Knative, significantly improving productivity.
"},{"location":"en/admin/kpanda/scale/knative/knative.html#components","title":"Components","text":"The Knative operator runs the following components.
knative-operator knative-operator-58f7d7db5c-7f6r5 1/1 Running 0 6m55s\nknative-operator operator-webhook-667dc67bc-qvrv4 1/1 Running 0 6m55s\n
The Knative serving components are as follows.
knative-serving 3scale-kourier-gateway-d69fbfbd-bd8d8 1/1 Running 0 7m13s\nknative-serving activator-7c6fddd698-wdlng 1/1 Running 0 7m3s\nknative-serving autoscaler-8f4b876bb-kd25p 1/1 Running 0 7m17s\nknative-serving autoscaler-hpa-5f7f74679c-vkc7p 1/1 Running 0 7m15s\nknative-serving controller-789c896c46-tfvsv 1/1 Running 0 7m17s\nknative-serving net-kourier-controller-7db578c889-7gd5l 1/1 Running 0 7m14s\nknative-serving webhook-5c88b94c5-78x7m 1/1 Running 0 7m1s\nknative-serving storage-version-migration-serving-serving-1.12.2-t7zvd 0/1 Completed 0 7m15s\n
Component Features Activator Queues requests (if a Knative Service has scaled to zero). Calls the autoscaler to bring back services that have scaled down to zero and forward queued requests. The Activator can also act as a request buffer, handling bursts of traffic. Autoscaler Responsible for scaling Knative services based on configuration, metrics, and incoming requests. Controller Manages the state of Knative CRs. It monitors multiple objects, manages the lifecycle of dependent resources, and updates resource status. Queue-Proxy Sidecar container injected into each Knative Service. Responsible for collecting traffic data and reporting it to the Autoscaler, which then initiates scaling requests based on this data and preset rules. Webhooks Knative Serving has several Webhooks responsible for validating and mutating Knative resources."},{"location":"en/admin/kpanda/scale/knative/knative.html#ingress-traffic-entry-solutions","title":"Ingress Traffic Entry Solutions","text":"Solution Use Case Istio If Istio is already in use, it can be chosen as the traffic entry solution. Contour If Contour has been enabled in the cluster, it can be chosen as the traffic entry solution. Kourier If neither of the above two Ingress components are present, Knative's Envoy-based Kourier Ingress can be used as the traffic entry solution."},{"location":"en/admin/kpanda/scale/knative/knative.html#autoscaler-solutions-comparison","title":"Autoscaler Solutions Comparison","text":"Autoscaler Type Core Part of Knative Serving Default Enabled Scale to Zero Support CPU-based Autoscaling Support Knative Pod Autoscaler (KPA) Yes Yes Yes No Horizontal Pod Autoscaler (HPA) No Needs to be enabled after installing Knative Serving No Yes"},{"location":"en/admin/kpanda/scale/knative/knative.html#crd","title":"CRD","text":"Resource Type API Name Description Services service.serving.knative.dev
Automatically manages the entire lifecycle of Workloads, controls the creation of other objects, ensures applications have Routes, Configurations, and new revisions with each update. Routes route.serving.knative.dev
Maps network endpoints to one or more revision versions, supports traffic distribution and version routing. Configurations configuration.serving.knative.dev
Maintains the desired state of deployments, provides separation between code and configuration, follows the Twelve-Factor App methodology, modifying configurations creates new revisions. Revisions revision.serving.knative.dev
Snapshot of the workload at each modification time point, immutable object, automatically scales based on traffic."},{"location":"en/admin/kpanda/scale/knative/playground.html","title":"Knative Practices","text":"In this section, we will delve into learning Knative through several practical exercises.
"},{"location":"en/admin/kpanda/scale/knative/playground.html#case-1-hello-world","title":"Case 1 - Hello World","text":"apiVersion: serving.knative.dev/v1\nkind: Service\nmetadata:\n name: hello\nspec:\n template:\n spec:\n containers:\n - image: m.daocloud.io/ghcr.io/knative/helloworld-go:latest\n ports:\n - containerPort: 8080\n env:\n - name: TARGET\n value: \"World\"\n
You can use kubectl
to check the status of a deployed application that has been automatically configured with ingress and scalers by Knative.
~ kubectl get service.serving.knative.dev/hello\nNAME URL LATESTCREATED LATESTREADY READY REASON\nhello http://hello.knative-serving.knative.loulan.me hello-00001 hello-00001 True\n
The deployed Pod YAML is as follows, consisting of two Pods: user-container
and queue-proxy
.
apiVersion: v1\nkind: Pod\nmetadata:\n name: hello-00003-deployment-5fcb8ccbf-7qjfk\nspec:\n containers:\n - name: user-container\n - name: queue-proxy\n
Request Flow:
case3 When the traffic decreases again, traffic will be routed back to the activator if the traffic is lower than current_demand + target-burst-capacity > (pods * concurrency-target).
The total number of pending requests + the number of requests that can exceed the target concurrency > the target concurrency per Pod * number of Pods.
We first apply the following YAML definition under the cluster.
apiVersion: serving.knative.dev/v1\nkind: Service\nmetadata:\n name: hello\nspec:\n template:\n metadata:\n annotations:\n autoscaling.knative.dev/target: \"1\"\n autoscaling.knative.dev/class: \"kpa.autoscaling.knative.dev\"\n spec:\n containers:\n - image: m.daocloud.io/ghcr.io/knative/helloworld-go:latest\n ports:\n - containerPort: 8080\n env:\n - name: TARGET\n value: \"World\"\n
Execute the following command for testing, and you can observe the scaling of the Pods by using kubectl get pods -A -w
.
wrk -t2 -c4 -d6s http://hello.knative-serving.knative.daocloud.io/\n
"},{"location":"en/admin/kpanda/scale/knative/playground.html#case-3-based-on-concurrent-elastic-scaling-scale-out-in-advance-to-reach-a-specific-ratio","title":"Case 3 - Based on concurrent elastic scaling, scale out in advance to reach a specific ratio.","text":"You can easily achieve this, for example, by limiting the concurrency to 10 per container. This can be implemented through autoscaling.knative.dev/target-utilization-percentage: 70
, starting to scale out the Pods when 70% is reached.
apiVersion: serving.knative.dev/v1\nkind: Service\nmetadata:\n name: hello\nspec:\n template:\n metadata:\n annotations:\n autoscaling.knative.dev/target: \"10\"\n autoscaling.knative.dev/class: \"kpa.autoscaling.knative.dev\"\n \u00a0 \u00a0 \u00a0 \u00a0autoscaling.knative.dev/target-utilization-percentage: \"70\" \n \u00a0 \u00a0 \u00a0 \u00a0autoscaling.knative.dev/metric: \"concurrency\"\n \u00a0 \u00a0 spec:\n containers:\n - image: m.daocloud.io/ghcr.io/knative/helloworld-go:latest\n ports:\n - containerPort: 8080\n env:\n - name: TARGET\n value: \"World\"\n
"},{"location":"en/admin/kpanda/scale/knative/playground.html#case-4-canary-releasetraffic-percentage","title":"Case 4 - Canary Release/Traffic Percentage","text":"You can control the distribution of traffic to each version through spec.traffic
.
apiVersion: serving.knative.dev/v1\nkind: Service\nmetadata:\n name: hello\nspec:\n template:\n metadata:\n annotations:\n autoscaling.knative.dev/target: \"1\" \n autoscaling.knative.dev/class: \"kpa.autoscaling.knative.dev\" \n spec:\n containers:\n - image: m.daocloud.io/ghcr.io/knative/helloworld-go:latest\n ports:\n - containerPort: 8080\n env:\n - name: TARGET\n value: \"World\"\n traffic:\n - latestRevision: true\n percent: 50\n - latestRevision: false\n percent: 50\n revisionName: hello-00001\n
"},{"location":"en/admin/kpanda/scale/knative/scene.html","title":"Use Cases","text":""},{"location":"en/admin/kpanda/scale/knative/scene.html#suitable-cases","title":"Suitable Cases","text":"AI platform Container Management provides three types of security scans:
The object of compliance scanning is the cluster node. The scan result lists the scan items and results and provides repair suggestions for any failed scan items. For specific security rules used during scanning, refer to the CIS Kubernetes Benchmark.
The focus of the scan varies when checking different types of nodes.
Scan the control plane node (Controller)
Scan worker nodes
Tip
To use compliance scanning, you need to create a scan configuration first, and then create a scan policy based on that configuration. After executing the scan policy, you can view the scan report.
"},{"location":"en/admin/kpanda/security/index.html#authorization-scan","title":"Authorization Scan","text":"Authorization scanning focuses on security vulnerabilities caused by authorization issues. Authorization scans can help users identify security threats in Kubernetes clusters, identify which resources need further review and protection measures. By performing these checks, users can gain a clearer and more comprehensive understanding of their Kubernetes environment and ensure that the cluster environment meets Kubernetes' best practices and security standards.
Specifically, authorization scanning supports the following operations:
Scans the health status of all nodes in the cluster.
Scans the running state of components in the cluster, such as kube-apiserver , kube-controller-manager , kube-scheduler , etc.
Scans security configurations: Check Kubernetes' security configuration.
Provides warnings and suggestions: Security best practices that cluster administrators should perform, such as regularly rotating certificates, using strong passwords, restricting network access, etc.
Tip
To use authorization scanning, you need to create a scan policy first. After executing the scan policy, you can view the scan report. For details, refer to Security Scanning.
"},{"location":"en/admin/kpanda/security/index.html#vulnerability-scan","title":"Vulnerability Scan","text":"Vulnerability scanning focuses on scanning potential malicious attacks and security vulnerabilities, such as remote code execution, SQL injection, XSS attacks, and some attacks specific to Kubernetes. The final scan report lists the security vulnerabilities in the cluster and provides repair suggestions.
Tip
To use vulnerability scanning, you need to create a scan policy first. After executing the scan policy, you can view the scan report. For details, refer to Vulnerability Scan.
"},{"location":"en/admin/kpanda/security/audit.html","title":"Permission Scan","text":"To use the Permission Scan feature, you need to create a scan policy first. After executing the policy, a scan report will be automatically generated for viewing.
"},{"location":"en/admin/kpanda/security/audit.html#create-a-scan-policy","title":"Create a Scan Policy","text":"On the left navigation bar of the homepage in the Container Management module, click Security Management .
Click Permission Scan on the left navigation bar, then click the Scan Policy tab and click Create Scan Policy on the right.
Fill in the configuration according to the following instructions, and then click OK .
Scan Type:
Number of Scan Reports to Keep: Set the maximum number of scan reports to be kept. When the specified retention quantity is exceeded, delete from the earliest report.
After creating a scan policy, you can update or delete it as needed.
Under the Scan Policy tab, click the \u2507 action button to the right of a configuration:
For periodic scan policies:
For one-time scan policies: Only support the Delete operation.
Under the Security Management -> Permission Scanning -> Scan Reports tab, click the report name.
Clicking Delete on the right of a report allows you to manually delete the report.
View the scan report content, including:
To use the Vulnerability Scan feature, you need to create a scan policy first. After executing the policy, a scan report will be automatically generated for viewing.
"},{"location":"en/admin/kpanda/security/hunter.html#create-a-scan-policy","title":"Create a Scan Policy","text":"On the left navigation bar of the homepage in the Container Management module, click Security Management .
Click Vulnerability Scan on the left navigation bar, then click the Scan Policy tab and click Create Scan Policy on the right.
Fill in the configuration according to the following instructions, and then click OK .
Scan Type:
Number of Scan Reports to Keep: Set the maximum number of scan reports to be kept. When the specified retention quantity is exceeded, delete from the earliest report.
After creating a scan policy, you can update or delete it as needed.
Under the Scan Policy tab, click the \u2507 action button to the right of a configuration:
For periodic scan policies:
For one-time scan policies: Only support the Delete operation.
Under the Security Management -> Vulnerability Scanning -> Scan Reports tab, click the report name.
Clicking Delete on the right of a report allows you to manually delete the report.
View the scan report content, including:
The first step in using CIS Scanning is to create a scan configuration. Based on the scan configuration, you can then create scan policies, execute scan policies, and finally view scan results.
"},{"location":"en/admin/kpanda/security/cis/config.html#create-a-scan-configuration","title":"Create a Scan Configuration","text":"The steps for creating a scan configuration are as follows:
Click Security Management in the left navigation bar of the homepage of the container management module.
By default, enter the Compliance Scanning page, click the Scan Configuration tab, and then click Create Scan Configuration in the upper-right corner.
Fill in the configuration name, select the configuration template, and optionally check the scan items, then click OK .
Scan Template: Currently, two templates are provided. The kubeadm template is suitable for general Kubernetes clusters. The daocloud template ignores scan items that are not applicable to AI platform based on the kubeadm template and the platform design of AI platform.
Under the scan configuration tab, clicking the name of a scan configuration displays the type of the configuration, the number of scan items, the creation time, the configuration template, and the specific scan items enabled for the configuration.
"},{"location":"en/admin/kpanda/security/cis/config.html#updatdelete-scan-configuration","title":"Updat/Delete Scan Configuration","text":"After a scan configuration has been successfully created, it can be updated or deleted according to your needs.
Under the scan configuration tab, click the \u2507 action button to the right of a configuration:
After creating a scan configuration, you can create a scan policy based on the configuration.
Under the Security Management -> Compliance Scanning page, click the Scan Policy tab on the right to create a scan policy.
Fill in the configuration according to the following instructions and click OK .
Scan Type:
Number of Scan Reports to Keep: Set the maximum number of scan reports to be kept. When the specified retention quantity is exceeded, delete from the earliest report.
After creating a scan policy, you can update or delete it as needed.
Under the Scan Policy tab, click the \u2507 action button to the right of a configuration:
For periodic scan policies:
For one-time scan policies: Only support the Delete operation.
After executing a scan policy, a scan report will be generated automatically. You can view the scan report online or download it to your local computer.
Download and View
Under the Security Management -> Compliance Scanning page, click the Scan Report tab, then click the \u2507 action button to the right of a report and select Download .
View Online
Clicking the name of a report allows you to view its content online, which includes:
A volume (PersistentVolume, PV) is a piece of storage in the cluster, which can be prepared in advance by the administrator, or dynamically prepared using a storage class (Storage Class). PV is a cluster resource, but it has an independent life cycle and will not be deleted when the Pod process ends. Mounting PVs to workloads can achieve data persistence for workloads. The PV holds the data directory that can be accessed by the containers in the Pod.
"},{"location":"en/admin/kpanda/storage/pv.html#create-volume","title":"Create volume","text":"Currently, there are two ways to create volumes: YAML and form. These two ways have their own advantages and disadvantages, and can meet the needs of different users.
There are fewer steps and more efficient creation through YAML, but the threshold requirement is high, and you need to be familiar with the YAML file configuration of the volume.
It is more intuitive and easier to create through the form, just fill in the proper values \u200b\u200baccording to the prompts, but the steps are more cumbersome.
Click the name of the target cluster in the cluster list, and then click Container Storage -> Volume (PV) -> Create with YAML in the left navigation bar.
Enter or paste the prepared YAML file in the pop-up box, and click OK at the bottom of the pop-up box.
Supports importing YAML files from local or downloading and saving filled files to local.
Click the name of the target cluster in the cluster list, and then click Container Storage -> Volume (PV) -> Create Volume (PV) in the left navigation bar.
Fill in the basic information.
Volume type: For a detailed introduction to volume types, refer to the official Kubernetes document Volumes.
Local: The local storage of the Node node is packaged into a PVC interface, and the container directly uses the PVC without paying attention to the underlying storage type. Local volumes do not support dynamic configuration of volumes, but support configuration of node affinity, which can limit which nodes can access the volume.
HostPath: Use files or directories on the file system of Node nodes as volumes, and do not support Pod scheduling based on node affinity.
Mount path: mount the volume to a specific directory in the container.
access mode:
Recycling policy:
Volume mode:
Node affinity:
Click the name of the target cluster in the cluster list, and then click Container Storage -> Volume (PV) in the left navigation bar.
On this page, you can view all volumes in the current cluster, as well as information such as the status, capacity, and namespace of each volume.
Supports sequential or reverse sorting according to the name, status, namespace, and creation time of volumes.
Click the name of a volume to view the basic configuration, StorageClass information, labels, comments, etc. of the volume.
By cloning a volume, a new volume can be recreated based on the configuration of the cloned volume.
Enter the clone page
On the volume list page, find the volume to be cloned, and select Clone under the operation bar on the right.
You can also click the name of the volume, click the operation button in the upper right corner of the details page and select Clone .
Use the original configuration directly, or modify it as needed, and click OK at the bottom of the page.
There are two ways to update volumes. Support for updating volumes via forms or YAML files.
Note
Only updating the alias, capacity, access mode, reclamation policy, label, and comment of the volume is supported.
On the volume list page, find the volume that needs to be updated, select Update under the operation bar on the right to update through the form, select Edit YAML to update through YAML.
Click the name of the volume to enter the details page of the volume, select Update in the upper right corner of the page to update through the form, select Edit YAML to update through YAML.
On the volume list page, find the data to be deleted, and select Delete in the operation column on the right.
You can also click the name of the volume, click the operation button in the upper right corner of the details page and select Delete .
"},{"location":"en/admin/kpanda/storage/pvc.html","title":"PersistentVolumeClaim (PVC)","text":"A persistent volume claim (PersistentVolumeClaim, PVC) expresses a user's request for storage. PVC consumes PV resources and claims a volume with a specific size and specific access mode. For example, the PV volume is required to be mounted in ReadWriteOnce, ReadOnlyMany or ReadWriteMany modes.
"},{"location":"en/admin/kpanda/storage/pvc.html#create-volume-statement","title":"Create volume statement","text":"Currently, there are two ways to create PersistentVolumeClaims: YAML and form. These two ways have their own advantages and disadvantages, and can meet the needs of different users.
There are fewer steps and more efficient creation through YAML, but the threshold requirement is high, and you need to be familiar with the YAML file configuration of the PersistentVolumeClaim.
It is more intuitive and easier to create through the form, just fill in the proper values \u200b\u200baccording to the prompts, but the steps are more cumbersome.
Click the name of the target cluster in the cluster list, and then click Container Storage -> PersistentVolumeClaim (PVC) -> Create with YAML in the left navigation bar.
Enter or paste the prepared YAML file in the pop-up box, and click OK at the bottom of the pop-up box.
Supports importing YAML files from local or downloading and saving filled files to local.
Click the name of the target cluster in the cluster list, and then click Container Storage -> PersistentVolumeClaim (PVC) -> Create PersistentVolumeClaim (PVC) in the left navigation bar.
Fill in the basic information.
Creation method: dynamically create a new volume claim in an existing StorageClass or volume, or create a new volume claim based on a snapshot of a volume claim.
The declared capacity of the volume cannot be modified when the snapshot is created, and can be modified after the creation is complete.
After selecting the creation method, select the desired StorageClass/volume/snapshot from the drop-down list.
access mode:
ReadWriteOnce, the PersistentVolumeClaim can be mounted by a node in read-write mode.
Click the name of the target cluster in the cluster list, and then click Container Storage -> PersistentVolumeClaim (PVC) in the left navigation bar.
On this page, you can view all PersistentVolumeClaims in the current cluster, as well as information such as the status, capacity, and namespace of each PersistentVolumeClaim.
Supports sorting in sequential or reverse order according to the declared name, status, namespace, and creation time of the volume.
Click the name of the PersistentVolumeClaim to view the basic configuration, StorageClass information, labels, comments and other information of the PersistentVolumeClaim.
In the left navigation bar, click Container Storage -> PersistentVolumeClaim (PVC) , and find the PersistentVolumeClaim whose capacity you want to adjust.
Click the name of the PersistentVolumeClaim, and then click the operation button in the upper right corner of the page and select Expansion .
Enter the target capacity and click OK .
By cloning a volume claim, a new volume claim can be recreated based on the configuration of the cloned volume claim.
Enter the clone page
On the PersistentVolumeClaim list page, find the PersistentVolumeClaim that needs to be cloned, and select Clone under the operation bar on the right.
You can also click the name of the PersistentVolumeClaim, click the operation button in the upper right corner of the details page and select Clone .
Use the original configuration directly, or modify it as needed, and click OK at the bottom of the page.
There are two ways to update volume claims. Support for updating volume claims via form or YAML file.
Note
Only aliases, labels, and annotations for volume claims are updated.
On the volume list page, find the PersistentVolumeClaim that needs to be updated, select Update in the operation bar on the right to update it through the form, and select Edit YAML to update it through YAML.
Click the name of the PersistentVolumeClaim, enter the details page of the PersistentVolumeClaim, select Update in the upper right corner of the page to update through the form, select Edit YAML to update through YAML.
On the PersistentVolumeClaim list page, find the data to be deleted, and select Delete in the operation column on the right.
You can also click the name of the volume statement, click the operation button in the upper right corner of the details page and select Delete .
"},{"location":"en/admin/kpanda/storage/pvc.html#common-problem","title":"common problem","text":"If there is no optional StorageClass or volume in the list, you can Create a StorageClass or Create a volume.
If there is no optional snapshot in the list, you can enter the details page of the PersistentVolumeClaim and create a snapshot in the upper right corner.
If the StorageClass (SC) used by the PersistentVolumeClaim is not enabled for snapshots, snapshots cannot be made, and the page will not display the \"Make Snapshot\" option.
The AI platform container management module supports sharing a StorageClass with multiple namespaces to improve resource utilization efficiency.
Find the StorageClass that needs to be shared in the StorageClass list, and click Authorize Namespace under the operation bar on the right.
Click Custom Namespace to select which namespaces this StorageClass needs to be shared to one by one.
A StorageClass refers to a large storage resource pool composed of many physical disks. This platform supports the creation of block StorageClass, local StorageClass, and custom StorageClass after accessing various storage vendors, and then dynamically configures volumes for workloads.
"},{"location":"en/admin/kpanda/storage/sc.html#create-storageclass-sc","title":"Create StorageClass (SC)","text":"Currently, it supports creating StorageClass through YAML and forms. These two methods have their own advantages and disadvantages, and can meet the needs of different users.
There are fewer steps and more efficient creation through YAML, but the threshold requirement is high, and you need to be familiar with the YAML file configuration of the StorageClass.
It is more intuitive and easier to create through the form, just fill in the proper values \u200b\u200baccording to the prompts, but the steps are more cumbersome.
Click the name of the target cluster in the cluster list, and then click Container Storage -> StorageClass (SC) -> Create with YAML in the left navigation bar.
Enter or paste the prepared YAML file in the pop-up box, and click OK at the bottom of the pop-up box.
Supports importing YAML files from local or downloading and saving filled files to local.
Click the name of the target cluster in the cluster list, and then click Container Storage -> StorageClass (SC) -> Create StorageClass (SC) in the left navigation bar.
Fill in the basic information and click OK at the bottom.
CUSTOM STORAGE SYSTEM
CSI storage driver: A standard Kubernetes-based container storage interface plug-in, which must comply with the format specified by the storage manufacturer, such as rancher.io/local-path .
HwameiStor storage system
lvm.hwameistor.io
.hdd.hwameistor.io
.On the StorageClass list page, find the StorageClass that needs to be updated, and select Edit under the operation bar on the right to update the StorageClass.
Info
Select View YAML to view the YAML file of the StorageClass, but editing is not supported.
"},{"location":"en/admin/kpanda/storage/sc.html#delete-storageclass-sc","title":"Delete StorageClass (SC)","text":"On the StorageClass list page, find the StorageClass to be deleted, and select Delete in the operation column on the right.
"},{"location":"en/admin/kpanda/workloads/create-cronjob.html","title":"Create CronJob","text":"This page introduces how to create a CronJob through images and YAML files.
CronJobs are suitable for performing periodic operations, such as backup and report generation. These jobs can be configured to repeat periodically (for example: daily/weekly/monthly), and the time interval at which the job starts to run can be defined.
"},{"location":"en/admin/kpanda/workloads/create-cronjob.html#prerequisites","title":"Prerequisites","text":"Before creating a CronJob, the following prerequisites need to be met:
In the Container Management module Integrate Kubernetes Cluster or Create Kubernetes Cluster, and can access the cluster UI interface.
Create a namespace and a user.
The current operating user should have NS Editor or higher permissions, for details, refer to Namespace Authorization.
When there are multiple containers in a single instance, please make sure that the ports used by the containers do not conflict, otherwise the deployment will fail.
Refer to the following steps to create a CronJob using the image.
Click Clusters on the left navigation bar, and then click the name of the target cluster to enter the cluster details page.
On the cluster details page, click Workloads -> CronJobs in the left navigation bar, and then click the Create by Image button in the upper right corner of the page.
Fill in Basic Information, Container Settings, CronJob Settings, Advanced Configuration, click OK in the lower right corner of the page to complete the creation.
The system will automatically return to the CronJobs list. Click \u2507 on the right side of the list to perform operations such as updating, deleting, and restarting the CronJob.
On the Create CronJobs page, enter the information according to the table below, and click Next .
Container setting is divided into six parts: basic information, life cycle, health check, environment variables, data storage, and security settings. Click the tab below to view the requirements of each part.
Container setting is only configured for a single container. To add multiple containers to a pod, click + on the right to add multiple containers.
Basic information (required)Lifecycle (optional)Health Check (optional)Environment variables (optional)Data storage (optional)Security settings (optional)
When configuring container-related parameters, you must correctly fill in the container name and image parameters, otherwise you will not be able to proceed to the next step. After filling in the configuration with reference to the following requirements, click OK .
GPU Exclusive: Configure the GPU usage for the container, only positive integers are supported. The GPU quota setting supports setting exclusive use of the entire GPU or part of the vGPU for the container. For example, for an 8-core GPU, enter the number 8 to let the container exclusively use the entire length of the card, and enter the number 1 to configure a 1-core vGPU for the container.
Before setting exclusive GPU, the administrator needs to install the GPU and driver plug-in on the cluster nodes in advance, and enable the GPU feature in Cluster Settings.
Set the commands that need to be executed when the container starts, after starting, and before stopping. For details, refer to Container Lifecycle Configuration.
It is used to judge the health status of containers and applications, which helps to improve the availability of applications. For details, refer to Container Health Check Configuration.
Configure container parameters within the Pod, add environment variables or pass configuration to the Pod, etc. For details, refer to Container environment variable configuration.
Configure the settings for container mounting volumes and data persistence. For details, refer to Container Data Storage Configuration.
Containers are securely isolated through Linux's built-in account authority isolation mechanism. You can limit container permissions by using account UIDs (digital identity tokens) with different permissions. For example, enter 0 to use the privileges of the root account.
"},{"location":"en/admin/kpanda/workloads/create-cronjob.html#cronjob-settings","title":"CronJob Settings","text":"Concurrency Policy: Whether to allow multiple Job jobs to run in parallel.
The above rules only apply to multiple jobs created by the same CronJob. Multiple jobs created by multiple CronJobs are always allowed to run concurrently.
Policy Settings: Set the time period for job execution based on minutes, hours, days, weeks, and months. Support custom Cron expressions with numbers and *
, after inputting the expression, the meaning of the current expression will be prompted. For detailed expression syntax rules, refer to Cron Schedule Syntax.
Configure Service for the statefulset, so that the statefulset can be accessed externally.
Click the Create Service button.
Refer to Create Service to configure service parameters.
Click OK and click Next .
The advanced configuration of CronJobs mainly involves labels and annotations.
You can click the Add button to add labels and annotations to the workload instance Pod.
"},{"location":"en/admin/kpanda/workloads/create-cronjob.html#create-from-yaml","title":"Create from YAML","text":"In addition to mirroring, you can also create timed jobs more quickly through YAML files.
Click Clusters on the left navigation bar, and then click the name of the target cluster to enter the cluster details page.
On the cluster details page, click Workloads -> CronJobs in the left navigation bar, and then click the Create from YAML button in the upper right corner of the page.
Enter or paste the YAML file prepared in advance, click OK to complete the creation.
apiVersion: batch/v1\nkind: CronJob\nmetadata:\n creationTimestamp: '2022-12-26T09:45:47Z'\n generation: 1\n name: demo\n namespace: default\n resourceVersion: '92726617'\n uid: d030d8d7-a405-4dcd-b09a-176942ef36c9\nspec:\n concurrencyPolicy: Allow\n failedJobsHistoryLimit: 1\n jobTemplate:\n metadata:\n creationTimestamp: null\n spec:\n activeDeadlineSeconds: 360\n backoffLimit: 6\n template:\n metadata:\n creationTimestamp: null\n spec:\n containers:\n - image: nginx\n imagePullPolicy: IfNotPresent\n lifecycle: {}\n name: container-3\n resources:\n limits:\n cpu: 250m\n memory: 512Mi\n requests:\n cpu: 250m\n memory: 512Mi\n securityContext:\n privileged: false\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n dnsPolicy: ClusterFirst\n restartPolicy: Never\n schedulerName: default-scheduler\n securityContext: {}\n terminationGracePeriodSeconds: 30\n schedule: 0 0 13 * 5\n successfulJobsHistoryLimit: 3\n suspend: false\nstatus: {}\n
"},{"location":"en/admin/kpanda/workloads/create-daemonset.html","title":"Create DaemonSet","text":"This page introduces how to create a daemonSet through image and YAML files.
DaemonSet is connected to taint through node affinity feature ensures that a replica of a Pod is running on all or some of the nodes. For nodes that newly joined the cluster, DaemonSet automatically deploys the proper Pod on the new node and tracks the running status of the Pod. When a node is removed, the DaemonSet deletes all Pods it created.
Common cases for daemons include:
For simplicity, a DaemonSet can be started on each node for each type of daemon. For finer and more advanced daemon management, you can also deploy multiple DaemonSets for the same daemon. Each DaemonSet has different flags and has different memory, CPU requirements for different hardware types.
"},{"location":"en/admin/kpanda/workloads/create-daemonset.html#prerequisites","title":"Prerequisites","text":"Before creating a DaemonSet, the following prerequisites need to be met:
In the Container Management module Integrate Kubernetes Cluster or Create Kubernetes Cluster, and can access the cluster UI interface.
Create a namespace and a user.
The current operating user should have NS Editor or higher permissions, for details, refer to Namespace Authorization.
When there are multiple containers in a single instance, please make sure that the ports used by the containers do not conflict, otherwise the deployment will fail.
Refer to the following steps to create a daemon using the image.
Click Clusters on the left navigation bar, and then click the name of the target cluster to enter the cluster details page.
On the cluster details page, click Workloads -> DaemonSets in the left navigation bar, and then click the Create by Image button in the upper right corner of the page.
Fill in Basic Information, Container Settings, Service Settings, Advanced Settings, click OK in the lower right corner of the page to complete the creation.
The system will automatically return the list of DaemonSets . Click \u2507 on the right side of the list to perform operations such as updating, deleting, and restarting the DaemonSet.
On the Create DaemonSets page, after entering the information according to the table below, click Next .
Container setting is divided into six parts: basic information, life cycle, health check, environment variables, data storage, and security settings. Click the tab below to view the requirements of each part.
Container setting is only configured for a single container. To add multiple containers to a pod, click + on the right to add multiple containers.
Basic information (required)Lifecycle (optional)Health Check (optional)Environment variables (optional)Data storage (optional)Security settings (optional)When configuring container-related parameters, you must correctly fill in the container name and image parameters, otherwise you will not be able to proceed to the next step. After filling in the settings with reference to the following requirements, click OK .
GPU Exclusive: Configure the GPU usage for the container, only positive integers are supported. The GPU quota setting supports setting exclusive use of the entire GPU or part of the vGPU for the container. For example, for an 8-core GPU, enter the number 8 to let the container exclusively use the entire length of the card, and enter the number 1 to configure a 1-core vGPU for the container.
Before setting exclusive GPU, the administrator needs to install the GPU and driver plug-in on the cluster nodes in advance, and enable the GPU feature in Cluster Settings.
Set the commands that need to be executed when the container starts, after starting, and before stopping. For details, refer to Container Lifecycle Configuration.
It is used to judge the health status of containers and applications, which helps to improve the availability of applications. For details, refer to Container Health Check Configuration.
Configure container parameters within the Pod, add environment variables or pass settings to the Pod, etc. For details, refer to Container environment variable settings.
Configure the settings for container mounting volumes and data persistence. For details, refer to Container Data Storage Configuration.
Containers are securely isolated through Linux's built-in account authority isolation mechanism. You can limit container permissions by using account UIDs (digital identity tokens) with different permissions. For example, enter 0 to use the privileges of the root account.
"},{"location":"en/admin/kpanda/workloads/create-daemonset.html#service-settings","title":"Service settings","text":"Create a Service (Service) for the daemon, so that the daemon can be accessed externally.
Click the Create Service button.
Configure service parameters, refer to Create Service for details.
Click OK and click Next .
Advanced setting includes four parts: load network settings, upgrade policy, scheduling policy, label and annotation. You can click the tabs below to view the requirements of each part.
Network ConfigurationUpgrade PolicyScheduling PoliciesLabels and AnnotationsIn some cases, the application will have redundant DNS queries. Kubernetes provides DNS-related settings options for applications, which can effectively reduce redundant DNS queries and increase business concurrency in certain cases.
DNS Policy
Nameservers: fill in the address of the domain name server, such as 10.6.175.20 .
For details, refer to Scheduling Policy.
You can click the Add button to add tags and annotations to workloads and pods.
"},{"location":"en/admin/kpanda/workloads/create-daemonset.html#create-from-yaml","title":"Create from YAML","text":"In addition to image, you can also create daemons more quickly through YAML files.
Click Clusters on the left navigation bar, and then click the name of the target cluster to enter the Cluster Details page.
On the cluster details page, click Workload -> Daemons in the left navigation bar, and then click the YAML Create button in the upper right corner of the page.
Enter or paste the YAML file prepared in advance, click OK to complete the creation.
kind: DaemonSet\n apiVersion: apps/v1\n metadata:\n name: hwameistor-local-disk-manager\n namespace: hwameistor\n uid: ccbdc098-7de3-4a8a-96dd-d1cee159c92b\n resourceVersion: '90999552'\n generation: 1\n creationTimestamp: '2022-12-15T09:03:44Z'\n labels:\n app.kubernetes.io/managed-by: Helm\n annotations:\n deprecated.DaemonSet.template.generation: '1'\n meta.helm.sh/release-name: hwameistor\n meta.helm.sh/release-namespace:hwameistor\n spec:\n selector:\n matchLabels:\n app: hwameistor-local-disk-manager\n template:\n metadata:\n creationTimestamp: null\n labels:\n app: hwameistor-local-disk-manager\n spec:\n volumes:\n - name: udev\n hostPath:\n path: /run/udev\n type: Directory\n - name: procmount\n hostPath:\n path: /proc\n type: Directory\n - name: devmount\n hostPath:\n path: /dev\n type: Directory\n - name: socket-dir\n hostPath:\n path: /var/lib/kubelet/plugins/disk.hwameistor.io\n type: DirectoryOrCreate\n - name: registration-dir\n hostPath:\n path: /var/lib/kubelet/plugins_registry/\n type: Directory\n - name: plugin-dir\n hostPath:\n path: /var/lib/kubelet/plugins\n type: DirectoryOrCreate\n - name: pods-mount-dir\n hostPath:\n path: /var/lib/kubelet/pods\n type: DirectoryOrCreate\n containers:\n - name: registrar\n image: k8s-gcr.m.daocloud.io/sig-storage/csi-node-driver-registrar:v2.5.0\n args:\n - '--v=5'\n - '--csi-address=/csi/csi.sock'\n - >-\n --kubelet-registration-path=/var/lib/kubelet/plugins/disk.hwameistor.io/csi.sock\n env:\n - name: KUBE_NODE_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: spec.nodeName\n resources: {}\n volumeMounts:\n - name: socket-dir\n mountPath: /csi\n - name: registration-dir\n mountPath: /registration\n lifecycle:\n preStop:\n exec:\n command:\n - /bin/sh\n - '-c'\n - >-\n rm -rf /registration/disk.hwameistor.io\n /registration/disk.hwameistor.io-reg.sock\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: IfNotPresent\n -name: managerimage: ghcr.m.daocloud.io/hwameistor/local-disk-manager:v0.6.1\n command:\n - /local-disk-manager\n args:\n - '--endpoint=$(CSI_ENDPOINT)'\n - '--nodeid=$(NODENAME)'\n - '--csi-enable=true'\n env:\n - name: CSI_ENDPOINT\n value: unix://var/lib/kubelet/plugins/disk.hwameistor.io/csi.sock\n - name: NAMESPACE\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n - name: WATCH_NAMESPACE\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n - name: POD_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.name\n - name: NODENAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: spec.nodeName\n - name: OPERATOR_NAME\n value: local-disk-manager\n resources: {}\n volumeMounts:\n - name: udev\n mountPath: /run/udev\n - name: procmount\n readOnly: true\n mountPath: /host/proc\n - name: devmount\n mountPath: /dev\n - name: registration-dir\n mountPath: /var/lib/kubelet/plugins_registry\n - name: plugin-dir\n mountPath: /var/lib/kubelet/plugins\n mountPropagation: Bidirectional\n - name: pods-mount-dir\n mountPath: /var/lib/kubelet/pods\n mountPropagation: Bidirectional\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: IfNotPresent\n securityContext:\n privileged: true\n restartPolicy: Always\n terminationGracePeriodSeconds: 30\n dnsPolicy: ClusterFirst\n serviceAccountName: hwameistor-admin\n serviceAccount: hwameistor-admin\n hostNetwork: true\n hostPID: true\n securityContext: {}\n schedulerName: default-scheduler\n tolerations:\n - key: CriticalAddonsOnly\n operator: Exists\n - key: node.kubernetes.io/not-ready\n operator: Exists\n effect: NoSchedule\n - key: node-role.kubernetes.io/master\n operator: Exists\n effect: NoSchedule\n - key: node-role.kubernetes.io/control-plane\n operator: Exists\n effect: NoSchedule\n - key: node.cloudprovider.kubernetes.io/uninitialized\n operator: Exists\n effect: NoSchedule\n updateStrategy:\n type: RollingUpdate\n rollingUpdate:\n maxUnavailable: 1\n maxSurge: 0\n revisionHistoryLimit: 10\nstatus:\n currentNumberScheduled: 4\n numberMisscheduled: 0\n desiredNumberScheduled: 4\n numberReady: 4\n observedGeneration: 1\n updatedNumberScheduled: 4\n numberAvailable: 4\n
"},{"location":"en/admin/kpanda/workloads/create-deployment.html","title":"Create Deployment","text":"This page describes how to create deployments through images and YAML files.
Deployment is a common resource in Kubernetes, mainly Pod and ReplicaSet provide declarative updates, support elastic scaling, rolling upgrades, and version rollbacks features. Declare the desired Pod state in the Deployment, and the Deployment Controller will modify the current state through the ReplicaSet to make it reach the pre-declared desired state. Deployment is stateless and does not support data persistence. It is suitable for deploying stateless applications that do not need to save data and can be restarted and rolled back at any time.
Through the container management module of AI platform, workloads on multicloud and multiclusters can be easily managed based on proper role permissions, including the creation of deployments, Full life cycle management such as update, deletion, elastic scaling, restart, and version rollback.
"},{"location":"en/admin/kpanda/workloads/create-deployment.html#prerequisites","title":"Prerequisites","text":"Before using image to create deployments, the following prerequisites need to be met:
In the Container Management module Integrate Kubernetes Cluster or Create Kubernetes Cluster, and can access the cluster UI interface.
Create a namespace and a user.
The current operating user should have NS Editor or higher permissions, for details, refer to Namespace Authorization.
When there are multiple containers in a single instance, please make sure that the ports used by the containers do not conflict, otherwise the deployment will fail.
Follow the steps below to create a deployment by image.
Click Clusters on the left navigation bar, and then click the name of the target cluster to enter the Cluster Details page.
On the cluster details page, click Workloads -> Deployments in the left navigation bar, and then click the Create by Image button in the upper right corner of the page.
Fill in Basic Information, Container Setting, Service Setting, Advanced Setting in turn, click OK in the lower right corner of the page to complete the creation.
The system will automatically return the list of Deployments . Click \u2507 on the right side of the list to perform operations such as update, delete, elastic scaling, restart, and version rollback on the load. If the workload status is abnormal, please check the specific abnormal information, refer to Workload Status.
Container setting is divided into six parts: basic information, life cycle, health check, environment variables, data storage, and security settings. Click the tab below to view the requirements of each part.
Container setting is only configured for a single container. To add multiple containers to a pod, click + on the right to add multiple containers.
Basic Information (Required)Lifecycle (optional)Health Check (optional)Environment variables (optional)Data storage (optional)Security settings (optional)When configuring container-related parameters, it is essential to correctly fill in the container name and image parameters; otherwise, you will not be able to proceed to the next step. After filling in the configuration according to the following requirements, click OK.
Work Container
. For information on init containers, see the [K8s Official Documentation] (https://kubernetes.io/docs/concepts/workloads/pods/init-containers/).Before setting the GPU, the administrator needs to pre-install the GPU and driver plugin on the cluster node and enable the GPU feature in the Cluster Settings.
Set the commands that need to be executed when the container starts, after starting, and before stopping. For details, refer to Container Lifecycle Setting.
It is used to judge the health status of containers and applications, which helps to improve the availability of applications. For details, refer to Container Health Check Setting.
Configure container parameters within the Pod, add environment variables or pass setting to the Pod, etc. For details, refer to Container environment variable setting.
Configure the settings for container mounting volumes and data persistence. For details, refer to Container Data Storage Setting.
Containers are securely isolated through Linux's built-in account authority isolation mechanism. You can limit container permissions by using account UIDs (digital identity tokens) with different permissions. For example, enter 0 to use the privileges of the root account.
"},{"location":"en/admin/kpanda/workloads/create-deployment.html#service-settings","title":"Service settings","text":"Configure Service for the deployment, so that the deployment can be accessed externally.
Click the Create Service button.
Refer to Create Service to configure service parameters.
Click OK and click Next .
Advanced setting includes four parts: Network Settings, Upgrade Policy, Scheduling Policies, Labels and Annotations. You can click the tabs below to view the setting requirements of each part.
Network SettingsUpgrade PolicyScheduling PoliciesLabels and AnnotationsIn some cases, the application will have redundant DNS queries. Kubernetes provides DNS-related setting options for applications, which can effectively reduce redundant DNS queries and increase business concurrency in certain cases.
DNS Policy
Nameservers: fill in the address of the domain name server, such as 10.6.175.20 .
For details, refer to Scheduling Policy.
You can click the Add button to add tags and annotations to workloads and pods.
"},{"location":"en/admin/kpanda/workloads/create-deployment.html#create-from-yaml","title":"Create from YAML","text":"In addition to image, you can also create deployments more quickly through YAML files.
Click Clusters on the left navigation bar, and then click the name of the target cluster to enter the Cluster Details page.
On the cluster details page, click Workloads -> Deployments in the left navigation bar, and then click the Create from YAML button in the upper right corner of the page.
Enter or paste the YAML file prepared in advance, click OK to complete the creation.
apiVersion: apps/v1\n kind: Deployment\n metadata:\n name: nginx-deployment\n spec:\n selector:\n matchLabels:\n app: nginx\n replicas: 2 # (1)!\n template:\n metadata:\n labels:\n app: nginx\n spec:\n containers:\n -name: nginx\n image: nginx:1.14.2\n ports:\n - containerPort: 80\n
This page introduces how to create a job through image and YAML file.
Job is suitable for performing one-time jobs. A Job creates one or more Pods, and the Job keeps retrying to run Pods until a certain number of Pods are successfully terminated. A Job ends when the specified number of Pods are successfully terminated. When a Job is deleted, all Pods created by the Job will be cleared. When a Job is paused, all active Pods in the Job are deleted until the Job is resumed. For more information about jobs, refer to Job.
"},{"location":"en/admin/kpanda/workloads/create-job.html#prerequisites","title":"Prerequisites","text":"In the Container Management module Integrate Kubernetes Cluster or Create Kubernetes Cluster, and can access the cluster UI interface.
Create a namespace and a user.
The current operating user should have NS Editor or higher permissions, for details, refer to Namespace Authorization.
When there are multiple containers in a single instance, please make sure that the ports used by the containers do not conflict, otherwise the deployment will fail.
Refer to the following steps to create a job using an image.
Click Clusters on the left navigation bar, and then click the name of the target cluster to enter the cluster details page.
On the cluster details page, click Workloads -> Jobs in the left navigation bar, and then click the Create by Image button in the upper right corner of the page.
Fill in Basic Information, Container Settings and Advanced Settings, click OK in the lower right corner of the page to complete the creation.
The system will automatically return to the job list. Click \u2507 on the right side of the list to perform operations such as updating, deleting, and restarting the job.
On the Create Jobs page, enter the basic information according to the table below, and click Next .
Container setting is divided into six parts: basic information, life cycle, health check, environment variables, data storage, and security settings. Click the tab below to view the setting requirements of each part.
Container settings is only configured for a single container. To add multiple containers to a pod, click + on the right to add multiple containers.
Basic information (required)Lifecycle (optional)Health Check (optional)Environment Variables (optional)Data Storage (optional)Security Settings (optional)When configuring container-related parameters, you must correctly fill in the container name and image parameters, otherwise you will not be able to proceed to the next step. After filling in the settings with reference to the following requirements, click OK .
Before setting exclusive GPU, the administrator needs to install the GPU and driver plug-in on the cluster nodes in advance, and enable the GPU feature in Cluster Settings.
Set the commands that need to be executed when the container starts, after starting, and before stopping. For details, refer to Container Lifecycle settings.
It is used to judge the health status of containers and applications, which helps to improve the availability of applications. For details, refer to Container Health Check settings.
Configure container parameters within the Pod, add environment variables or pass settings to the Pod, etc. For details, refer to Container environment variable settings.
Configure the settings for container mounting volumes and data persistence. For details, refer to Container Data Storage settings.
Containers are securely isolated through Linux's built-in account authority isolation mechanism. You can limit container permissions by using account UIDs (digital identity tokens) with different permissions. For example, enter 0 to use the privileges of the root account.
"},{"location":"en/admin/kpanda/workloads/create-job.html#advanced-settings","title":"Advanced settings","text":"Advanced setting includes job settings, labels and annotations.
Job SettingsLabels and AnnotationsYou can click the Add button to add labels and annotations to the workload instance Pod.
"},{"location":"en/admin/kpanda/workloads/create-job.html#create-from-yaml","title":"Create from YAML","text":"In addition to image, creation jobs can also be created more quickly through YAML files.
Click Clusters on the left navigation bar, and then click the name of the target cluster to enter the cluster details page.
On the cluster details page, click Workloads -> Jobs in the left navigation bar, and then click the Create from YAML button in the upper right corner of the page.
Enter or paste the YAML file prepared in advance, click OK to complete the creation.
kind: Job\napiVersion: batch/v1\nmetadata:\n name: demo\n namespace: default\n uid: a9708239-0358-4aa1-87d3-a092c080836e\n resourceVersion: '92751876'\n generation: 1\n creationTimestamp: '2022-12-26T10:52:22Z'\n labels:\n app: demo\n controller-uid: a9708239-0358-4aa1-87d3-a092c080836e\n job-name: demo\n annotations:\n revisions: >-\n {\"1\":{\"status\":\"running\",\"uid\":\"a9708239-0358-4aa1-87d3-a092c080836e\",\"start-time\":\"2022-12-26T10:52:22Z\",\"completion-time\":\"0001-01-01T00:00:00Z\"}}\nspec:\n parallelism: 1\n backoffLimit: 6\n selector:\n matchLabels:\n controller-uid: a9708239-0358-4aa1-87d3-a092c080836e\n template:\n metadata:\n creationTimestamp: null\n labels:\n app: demo\n controller-uid: a9708239-0358-4aa1-87d3-a092c080836e\n job-name: demo\n spec:\n containers:\n - name: container-4\n image: nginx\n resources:\n limits:\n cpu: 250m\n memory: 512Mi\n requests:\n cpu: 250m\n memory: 512Mi\n lifecycle: {}\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: IfNotPresent\n securityContext:\n privileged: false\n restartPolicy: Never\n terminationGracePeriodSeconds: 30\n dnsPolicy: ClusterFirst\n securityContext: {}\n schedulerName: default-scheduler\n completionMode: NonIndexed\n suspend: false\nstatus:\n startTime: '2022-12-26T10:52:22Z'\n active: 1\n
"},{"location":"en/admin/kpanda/workloads/create-statefulset.html","title":"Create StatefulSet","text":"This page describes how to create a StatefulSet through image and YAML files.
StatefulSet is a common resource in Kubernetes, and Deployment, mainly used to manage the deployment and scaling of Pod collections. The main difference between the two is that Deployment is stateless and does not save data, while StatefulSet is stateful and is mainly used to manage stateful applications. In addition, Pods in a StatefulSet have a persistent ID, which makes it easy to identify the proper Pod when matching storage volumes.
Through the container management module of AI platform, workloads on multicloud and multiclusters can be easily managed based on proper role permissions, including the creation of StatefulSets, update, delete, elastic scaling, restart, version rollback and other full life cycle management.
"},{"location":"en/admin/kpanda/workloads/create-statefulset.html#prerequisites","title":"Prerequisites","text":"Before using image to create StatefulSets, the following prerequisites need to be met:
In the Container Management module Integrate Kubernetes Cluster or Create Kubernetes Cluster, and can access the cluster UI interface.
Create a namespace and a user.
The current operating user should have NS Editor or higher permissions, for details, refer to Namespace Authorization.
When there are multiple containers in a single instance, please make sure that the ports used by the containers do not conflict, otherwise the deployment will fail.
Follow the steps below to create a statefulSet using image.
Click Clusters on the left navigation bar, then click the name of the target cluster to enter Cluster Details.
Click Workloads -> StatefulSets in the left navigation bar, and then click the Create by Image button in the upper right corner.
Fill in Basic Information, Container Settings, Service Settings, Advanced Settings, click OK in the lower right corner of the page to complete the creation.
The system will automatically return to the list of StatefulSets , and wait for the status of the workload to become running . If the workload status is abnormal, refer to Workload Status for specific exception information.
Click \u2507 on the right side of the New Workload column to perform operations such as update, delete, elastic scaling, restart, and version rollback on the workload.
Container setting is divided into six parts: basic information, life cycle, health check, environment variables, data storage, and security settings. Click the tab below to view the requirements of each part.
Container settings is only configured for a single container. To add multiple containers to a pod, click + on the right to add multiple containers.
Basic information (required)Lifecycle (optional)Health Check (optional)Environment Variables (optional)Data Storage (optional)Security Settings (optional)When configuring container-related parameters, you must correctly fill in the container name and image parameters, otherwise you will not be able to proceed to the next step. After filling in the settings with reference to the following requirements, click OK .
Before setting exclusive GPU, the administrator needs to install the GPU and driver plug-in on the cluster nodes in advance, and enable the GPU feature in Cluster Settings.
Set the commands that need to be executed when the container starts, after starting, and before stopping. For details, refer to Container Lifecycle Configuration.
Used to judge the health status of containers and applications. Helps improve app usability. For details, refer to Container Health Check Configuration.
Configure container parameters within the Pod, add environment variables or pass settings to the Pod, etc. For details, refer to Container environment variable settings.
Configure the settings for container mounting volumes and data persistence. For details, refer to Container Data Storage Configuration.
Containers are securely isolated through Linux's built-in account authority isolation mechanism. You can limit container permissions by using account UIDs (digital identity tokens) with different permissions. For example, enter 0 to use the privileges of the root account.
"},{"location":"en/admin/kpanda/workloads/create-statefulset.html#service-settings","title":"Service settings","text":"Configure Service (Service) for the statefulset, so that the statefulset can be accessed externally.
Click the Create Service button.
Refer to Create Service to configure service parameters.
Click OK and click Next .
Advanced setting includes four parts: load network settings, upgrade policy, scheduling policy, label and annotation. You can click the tabs below to view the requirements of each part.
Network ConfigurationUpgrade PolicyContainer Management PoliciesScheduling PoliciesLabels and AnnotationsIn some cases, the application will have redundant DNS queries. Kubernetes provides DNS-related settings options for applications, which can effectively reduce redundant DNS queries and increase business concurrency in certain cases.
DNS Policy
Nameservers: fill in the address of the domain name server, such as 10.6.175.20 .
Kubernetes v1.7 and later versions can set Pod management policies through .spec.podManagementPolicy , which supports the following two methods:
OrderedReady : The default Pod management policy, which means that Pods are deployed in order. Only after the deployment of the previous Pod is successfully completed, the statefulset will start to deploy the next Pod. Pods are deleted in reverse order, with the last created being deleted first.
Parallel : Create or delete containers in parallel, just like Pods of the Deployment type. The StatefulSet controller starts or terminates all containers in parallel. There is no need to wait for a Pod to enter the Running and ready state or to stop completely before starting or terminating other Pods. This option only affects the behavior of scaling operations, not the order of updates.
For details, refer to Scheduling Policy.
You can click the Add button to add tags and annotations to workloads and pods.
"},{"location":"en/admin/kpanda/workloads/create-statefulset.html#create-from-yaml","title":"Create from YAML","text":"In addition to image, you can also create statefulsets more quickly through YAML files.
Click Clusters on the left navigation bar, and then click the name of the target cluster to enter the Cluster Details page.
On the cluster details page, click Workloads -> StatefulSets in the left navigation bar, and then click the Create from YAML button in the upper right corner of the page.
Enter or paste the YAML file prepared in advance, click OK to complete the creation.
kind: StatefulSet\n apiVersion: apps/v1\n metadata:\n name: test-mysql-123-mysql\n namespace: default\n uid: d3f45527-a0ab-4b22-9013-5842a06f4e0e\n resourceVersion: '20504385'\n generation: 1\n creationTimestamp: '2022-09-22T09:34:10Z'\n ownerReferences:\n - apiVersion: mysql.presslabs.org/v1alpha1\n kind: MysqlCluster\n name: test-mysql-123\n uid: 5e877cc3-5167-49da-904e-820940cf1a6d\n controller: true\n blockOwnerDeletion: true\n spec:\n replicas: 1\n selector:\n matchLabels:\n app.kubernetes.io/managed-by: mysql.presslabs.org\n app.kubernetes.io/name: mysql\n mysql.presslabs.org/cluster: test-mysql-123\n template:\n metadata:\n creationTimestamp: null\n labels:\n app.kubernetes.io/component: database\n app.kubernetes.io/instance: test-mysql-123\n app.kubernetes.io/managed-by: mysql.presslabs.org\n app.kubernetes.io/name: mysql\n app.kubernetes.io/version: 5.7.31\n mysql.presslabs.org/cluster: test-mysql-123\n annotations:\n config_rev: '13941099'\n prometheus.io/port: '9125'\n prometheus.io/scrape: 'true'\n secret_rev: '13941101'\n spec:\n volumes:\n -name: conf\n emptyDir: {}\n - name: init-scripts\n emptyDir: {}\n - name: config-map\n configMap:\n name: test-mysql-123-mysql\n defaultMode: 420\n - name: data\n persistentVolumeClaim:\n claimName: data\n initContainers:\n -name: init\n image: docker.m.daocloud.io/bitpoke/mysql-operator-sidecar-5.7:v0.6.1\n args:\n - clone-and-init\n envFrom:\n - secretRef:\n name: test-mysql-123-mysql-operated\n env:\n - name: MY_NAMESPACE\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n - name: MY_POD_NAME\n valueFrom:\n fieldRef:apiVersion: v1\n fieldPath: metadata.name\n - name: MY_POD_IP\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: status.podIP\n - name: MY_SERVICE_NAME\n value: mysql\n - name: MY_CLUSTER_NAME\n value: test-mysql-123\n - name: MY_FQDN\n value: $(MY_POD_NAME).$(MY_SERVICE_NAME).$(MY_NAMESPACE)\n - name: MY_MYSQL_VERSION\n value: 5.7.31\n - name: BACKUP_USER\n valueFrom:\n secretKeyRef:\n name: test-mysql-123-mysql-operated\n key: BACKUP_USER\n optional: true\n - name: BACKUP_PASSWORD\n valueFrom:\n secretKeyRef:\n name: test-mysql-123-mysql-operated\n key: BACKUP_PASSWORD\n optional: true\n resources: {}\n volumeMounts:\n - name: conf\n mountPath: /etc/mysql\n - name: config-map\n mountPath: /mnt/conf\n - name: data\n mountPath: /var/lib/mysql\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: IfNotPresent\n containers:\n - name: mysql\n image: docker.m.daocloud.io/mysql:5.7.31\n ports:\n - name: mysql\n containerPort: 3306\n protocol: TCP\n env:\n - name: MY_NAMESPACE\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n - name: MY_POD_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.name\n - name: MY_POD_IP\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: status.podIP\n - name: MY_SERVICE_NAME\n value: mysql\n - name: MY_CLUSTER_NAME\n value: test-mysql-123\n - name: MY_FQDN\n value: $(MY_POD_NAME).$(MY_SERVICE_NAME).$(MY_NAMESPACE)\n - name: MY_MYSQL_VERSION\n value: 5.7.31\n - name: ORCH_CLUSTER_ALIAS\n value: test-mysql-123.default\n - name: ORCH_HTTP_API\n value: http://mysql-operator.mcamel-system/api\n - name: MYSQL_ROOT_PASSWORD\n valueFrom:\n secretKeyRef:\n name: test-mysql-123-secret\n key: ROOT_PASSWORD\n optional: false\n - name: MYSQL_USER\n valueFrom:\n secretKeyRef:\n name: test-mysql-123-secret\n key: USER\n optional: true\n - name: MYSQL_PASSWORD\n valueFrom:\n secretKeyRef:\n name: test-mysql-123-secret\n key: PASSWORD\n optional: true\n - name: MYSQL_DATABASE\n valueFrom:\n secretKeyRef:\n name: test-mysql-123-secret\n key: DATABASE\n optional: true\n resources:\n limits:\n cpu: '1'\n memory: 1Gi\n requests:\n cpu: 100m\n memory: 512Mi\n volumeMounts:\n - name: conf\n mountPath: /etc/mysql\n - name: data\n mountPath: /var/lib/mysql\n livenessProbe:\n exec:\n command:\n - mysqladmin\n - '--defaults-file=/etc/mysql/client.conf'\n - ping\n initialDelaySeconds: 60\n timeoutSeconds: 5\n periodSeconds: 5\n successThreshold: 1\n failureThreshold: 3\n readinessProbe:\n exec:\n command:\n - /bin/sh\n - '-c'\n - >-\n test $(mysql --defaults-file=/etc/mysql/client.conf -NB -e\n 'SELECT COUNT(*) FROM sys_operator.status WHERE\n name=\"configured\" AND value=\"1\"') -eq 1\n initialDelaySeconds: 5\n timeoutSeconds: 5\n periodSeconds: 2\n successThreshold: 1\n failureThreshold: 3\n lifecycle:preStop:\n exec:\n command:\n - bash\n - /etc/mysql/pre-shutdown-ha.sh\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: IfNotPresent\n - name: sidecar\n image: docker.m.daocloud.io/bitpoke/mysql-operator-sidecar-5.7:v0.6.1\n args:\n - config-and-serve\n ports:\n - name: sidecar-http\n containerPort: 8080\n protocol: TCP\n envFrom:\n - secretRef:\n name: test-mysql-123-mysql-operated\n env:\n - name: MY_NAMESPACE\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n - name: MY_POD_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.name\n - name: MY_POD_IP\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: status.podIP\n - name: MY_SERVICE_NAME\n value: mysql\n - name: MY_CLUSTER_NAME\n value: test-mysql-123\n - name: MY_FQDN\n value: $(MY_POD_NAME).$(MY_SERVICE_NAME).$(MY_NAMESPACE)\n - name: MY_MYSQL_VERSION\n value: 5.7.31\n - name: XTRABACKUP_TARGET_DIR\n value: /tmp/xtrabackup_backupfiles/\n resources:\n limits:\n cpu: '1'\n memory: 1Gi\n requests:\n cpu: 10m\n memory: 64Mi\n volumeMounts:\n - name: conf\n mountPath: /etc/mysql\n - name: data\n mountPath: /var/lib/mysql\n readinessProbe:\n httpGet:\n path: /health\n port: 8080\n scheme: HTTP\n initialDelaySeconds: 30\n timeoutSeconds: 5\n periodSeconds: 5\n successThreshold: 1\n failureThreshold: 3\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: IfNotPresent\n - name: metrics-exporter\n image: prom/mysqld-exporter:v0.13.0\n args:\n - '--web.listen-address=0.0.0.0:9125'\n - '--web.telemetry-path=/metrics'\n - '--collect.heartbeat'\n - '--collect.heartbeat.database=sys_operator'\n ports:\n - name: prometheus\n containerPort: 9125\n protocol: TCP\n env:\n - name: MY_NAMESPACE\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n - name: MY_POD_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.name\n - name: MY_POD_IP\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: status.podIP\n - name: MY_SERVICE_NAME\n value: mysql\n - name: MY_CLUSTER_NAME\n value: test-mysql-123\n - name: MY_FQDN\n value: $(MY_POD_NAME).$(MY_SERVICE_NAME).$(MY_NAMESPACE)\n - name: MY_MYSQL_VERSION\n value: 5.7.31\n - name: USER\n valueFrom:\n secretKeyRef:\n name: test-mysql-123-mysql-operated\n key: METRICS_EXPORTER_USER\n optional: false\n - name: PASSWORD\n valueFrom:\n secretKeyRef:\n name: test-mysql-123-mysql-operated\n key: METRICS_EXPORTER_PASSWORD\n optional: false\n - name: DATA_SOURCE_NAME\n value: $(USER):$(PASSWORD)@(127.0.0.1:3306)/\n resources:\n limits:\n cpu: 100m\n memory: 128Mi\n requests:\n cpu: 10m\n memory: 32Mi\n livenessProbe:\n httpGet:\n path: /metrics\n port: 9125\n scheme: HTTP\n initialDelaySeconds: 30\n timeoutSeconds: 30\n periodSeconds: 30\n successThreshold: 1\n failureThreshold: 3\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: IfNotPresent\n - name: pt-heartbeat\n image: docker.m.daocloud.io/bitpoke/mysql-operator-sidecar-5.7:v0.6.1\n args:\n - pt-heartbeat\n - '--update'\n - '--replace'\n - '--check-read-only'\n - '--create-table'\n - '--database'\n - sys_operator\n - '--table'\n - heartbeat\n - '--utc'\n - '--defaults-file'\n - /etc/mysql/heartbeat.conf\n - '--fail-successive-errors=20'\n env:\n - name: MY_NAMESPACE\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n - name: MY_POD_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.name\n - name: MY_POD_IP\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: status.podIP\n - name: MY_SERVICE_NAME\n value: mysql\n - name: MY_CLUSTER_NAME\n value: test-mysql-123\n - name: MY_FQDN\n value: $(MY_POD_NAME).$(MY_SERVICE_NAME).$(MY_NAMESPACE)\n - name: MY_MYSQL_VERSION\n value: 5.7.31\n resources:\n limits:\n cpu: 100m\n memory: 64Mi\n requests:\n cpu: 10m\n memory: 32Mi\n volumeMounts:\n - name: conf\n mountPath: /etc/mysql\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: IfNotPresent\n restartPolicy: Always\n terminationGracePeriodSeconds: 30\n dnsPolicy: ClusterFirst\n securityContext:\n runAsUser: 999\n fsGroup: 999\n affinity:\n podAntiAffinity:\n preferredDuringSchedulingIgnoredDuringExecution:\n - weight: 100\n podAffinityTerm:\n labelSelector:\n matchLabels:\n app.kubernetes.io/component: database\n app.kubernetes.io/instance: test-mysql-123\n app.kubernetes.io/managed-by: mysql.presslabs.org\n app.kubernetes.io/name: mysql\n app.kubernetes.io/version: 5.7.31\n mysql.presslabs.org/cluster: test-mysql-123\n topologyKey: kubernetes.io/hostname\n schedulerName: default-scheduler\n volumeClaimTemplates:\n - kind: PersistentVolumeClaim\n apiVersion: v1\n metadata:\n name: data\n creationTimestamp: null\n ownerReferences:\n - apiVersion: mysql.presslabs.org/v1alpha1\n kind: MysqlCluster\n name: test-mysql-123\n uid: 5e877cc3-5167-49da-904e-820940cf1a6d\n controller: true\n spec:\n accessModes:\n - ReadWriteOnce\n resources:\n limits:\n storage: 1Gi\n requests:\n storage: 1Gi\n storageClassName: local-path\n volumeMode: Filesystem\n status:\n phase: Pending\n serviceName: mysql\n podManagementPolicy: OrderedReady\n updateStrategy:\n type: RollingUpdate\n rollingUpdate:\n partition: 0\n revisionHistoryLimit: 10\nstatus:\n observedGeneration: 1\n replicas: 1\n readyReplicas: 1\n currentReplicas: 1\n updatedReplicas: 1\n currentRevision: test-mysql-123-mysql-6b8f5577c7\n updateRevision: test-mysql-123-mysql-6b8f5577c7\n collisionCount: 0\n availableReplicas: 1\n
"},{"location":"en/admin/kpanda/workloads/pod-config/env-variables.html","title":"Configure environment variables","text":"An environment variable refers to a variable set in the container running environment, which is used to add environment flags to Pods or transfer configurations, etc. It supports configuring environment variables for Pods in the form of key-value pairs.
Suanova container management adds a graphical interface to configure environment variables for Pods on the basis of native Kubernetes, and supports the following configuration methods:
Key-value pair (Key/Value Pair): Use a custom key-value pair as the environment variable of the container
Resource reference (Resource): Use the fields defined by Container as the value of environment variables, such as the memory limit of the container, the number of copies, etc.
Variable/Variable Reference (Pod Field): Use the Pod field as the value of an environment variable, such as the name of the Pod
ConfigMap key value import (ConfigMap key): Import the value of a key in the ConfigMap as the value of an environment variable
Key key value import (Secret Key): use the data from the Secret to define the value of the environment variable
Key Import (Secret): Import all key values \u200b\u200bin Secret as environment variables
ConfigMap import (ConfigMap): import all key values \u200b\u200bin the ConfigMap as environment variables
Container health check checks the health status of containers according to user requirements. After configuration, if the application in the container is abnormal, the container will automatically restart and recover. Kubernetes provides Liveness checks, Readiness checks, and Startup checks.
LivenessProbe can detect application deadlock (the application is running, but cannot continue to run the following steps). Restarting containers in this state can help improve the availability of applications, even if there are bugs in them.
ReadinessProbe can detect when a container is ready to accept request traffic. A Pod can only be considered ready when all containers in a Pod are ready. One use of this signal is to control which Pod is used as the backend of the Service. If the Pod is not ready, it will be removed from the Service's load balancer.
Startup check (StartupProbe) can know when the application container is started. After configuration, it can control the container to check the viability and readiness after it starts successfully, so as to ensure that these liveness and readiness probes will not affect the start of the application. Startup detection can be used to perform liveness checks on slow-starting containers, preventing them from being killed before they start running.
The configuration of LivenessProbe is similar to that of ReadinessProbe, the only difference is to use readinessProbe field instead of livenessProbe field.
HTTP GET parameter description:
Parameter Description Path (Path) The requested path for access. Such as: /healthz path in the example Port (Port) Service listening port. Such as: port 8080 in the example protocol access protocol, Http or Https Delay time (initialDelaySeconds) Delay check time, in seconds, this setting is related to the normal startup time of business programs. For example, if it is set to 30, it means that the health check will start 30 seconds after the container is started, which is the time reserved for business program startup. Timeout (timeoutSeconds) Timeout, in seconds. For example, if it is set to 10, it indicates that the timeout waiting period for executing the health check is 10 seconds. If this time is exceeded, the health check will be regarded as a failure. If set to 0 or not set, the default timeout waiting time is 1 second. Timeout (timeoutSeconds) Timeout, in seconds. For example, if it is set to 10, it indicates that the timeout waiting period for executing the health check is 10 seconds. If this time is exceeded, the health check will be regarded as a failure. If set to 0 or not set, the default timeout waiting time is 1 second. SuccessThreshold (successThreshold) The minimum number of consecutive successes that are considered successful after a probe fails. The default value is 1, and the minimum value is 1. This value must be 1 for liveness and startup probes. Maximum number of failures (failureThreshold) The number of retries when the probe fails. Giving up in case of a liveness probe means restarting the container. Pods that are abandoned due to readiness probes are marked as not ready. The default value is 3. The minimum value is 1."},{"location":"en/admin/kpanda/workloads/pod-config/health-check.html#check-with-http-get-request","title":"Check with HTTP GET request","text":"YAML example:
apiVersion: v1\nkind: Pod\nmetadata:\n labels:\n test: liveness\n name: liveness-http\nspec:\n containers:\n - name: liveness # Container name\n image: k8s.gcr.io/liveness # Container image\n args:\n - /server # Arguments to pass to the container\n livenessProbe:\n httpGet:\n path: /healthz # Access request path\n port: 8080 # Service listening port\n httpHeaders:\n - name: Custom-Header # Custom header name\n value: Awesome # Custom header value\n initialDelaySeconds: 3 # Wait 3 seconds before the first probe\n periodSeconds: 3 # Perform liveness detection every 3 seconds\n
According to the set rules, Kubelet sends an HTTP GET request to the service running in the container (the service is listening on port 8080) to perform the detection. The kubelet considers the container alive if the handler under the /healthz path on the server returns a success code. If the handler returns a failure code, the kubelet kills the container and restarts it. Any return code greater than or equal to 200 and less than 400 indicates success, and any other return code indicates failure. The /healthz handler returns a 200 status code for the first 10 seconds of the container's lifetime. The handler then returns a status code of 500.
"},{"location":"en/admin/kpanda/workloads/pod-config/health-check.html#use-tcp-port-check","title":"Use TCP port check","text":"TCP port parameter description:
Parameter Description Port (Port) Service listening port. Such as: port 8080 in the example Delay time (initialDelaySeconds) Delay check time, in seconds, this setting is related to the normal startup time of business programs. For example, if it is set to 30, it means that the health check will start 30 seconds after the container is started, which is the time reserved for business program startup. Timeout (timeoutSeconds) Timeout, in seconds. For example, if it is set to 10, it indicates that the timeout waiting period for executing the health check is 10 seconds. If this time is exceeded, the health check will be regarded as a failure. If set to 0 or not set, the default timeout waiting time is 1 second.For a container that provides TCP communication services, based on this configuration, the cluster establishes a TCP connection to the container according to the set rules. If the connection is successful, it proves that the detection is successful, otherwise the detection fails. If you choose the TCP port detection method, you must specify the port that the container listens to.
YAML example:
apiVersion: v1\nkind: Pod\nmetadata:\n name: goproxy\n labels:\n app: goproxy\nspec:\n containers:\n - name: goproxy\n image: k8s.gcr.io/goproxy:0.1\n ports:\n - containerPort: 8080\n readinessProbe:\n tcpSocket:\n port: 8080\n initialDelaySeconds: 5\n periodSeconds: 10\n livenessProbe:\n tcpSocket:\n port: 8080\n initialDelaySeconds: 15\n periodSeconds: 20\n
This example uses both readiness and liveness probes. The kubelet sends the first readiness probe 5 seconds after the container is started. Attempt to connect to port 8080 of the goproxy container. If the probe is successful, the Pod will be marked as ready and the kubelet will continue to run the check every 10 seconds.
In addition to the readiness probe, this configuration includes a liveness probe. The kubelet will perform the first liveness probe 15 seconds after the container is started. The readiness probe will attempt to connect to the goproxy container on port 8080. If the liveness probe fails, the container will be restarted.
"},{"location":"en/admin/kpanda/workloads/pod-config/health-check.html#run-command-check","title":"Run command check","text":"YAML example:
apiVersion: v1\nkind: Pod\nmetadata:\n labels:\n test: liveness\n name: liveness-exec\nspec:\n containers:\n - name: liveness # Container name\n image: k8s.gcr.io/busybox # Container image\n args:\n - /bin/sh # Command to run\n - -c # Pass the following string as a command\n - touch /tmp/healthy; sleep 30; rm -f /tmp/healthy; sleep 600 # Command to execute\n livenessProbe:\n exec:\n command:\n - cat # Command to check liveness\n - /tmp/healthy # File to check\n initialDelaySeconds: 5 # Wait 5 seconds before the first probe\n periodSeconds: 5 # Perform liveness detection every 5 seconds\n
The periodSeconds field specifies that the kubelet performs a liveness probe every 5 seconds, and the initialDelaySeconds field specifies that the kubelet waits for 5 seconds before performing the first probe. According to the set rules, the cluster periodically executes the command cat /tmp/healthy in the container through the kubelet to detect. If the command executes successfully and the return value is 0, the kubelet considers the container to be healthy and alive. If this command returns a non-zero value, the kubelet will kill the container and restart it.
"},{"location":"en/admin/kpanda/workloads/pod-config/health-check.html#protect-slow-starting-containers-with-pre-start-checks","title":"Protect slow-starting containers with pre-start checks","text":"Some applications require a long initialization time at startup. You need to use the same command to set startup detection. For HTTP or TCP detection, you can set the failureThreshold * periodSeconds parameter to a long enough time to cope with the long startup time scene.
YAML example:
ports:\n- name: liveness-port\n containerPort: 8080\n hostPort: 8080\n\nlivenessProbe:\n httpGet:\n path: /healthz\n port: liveness-port\n failureThreshold: 1\n periodSeconds: 10\n\nstartupProbe:\n httpGet:\n path: /healthz\n port: liveness-port\n failureThreshold: 30\n periodSeconds: 10\n
With the above settings, the application will have up to 5 minutes (30 * 10 = 300s) to complete the startup process. Once the startup detection is successful, the survival detection task will take over the detection of the container and respond quickly to the container deadlock. If the start probe has been unsuccessful, the container is killed after 300 seconds and further disposition is performed according to the restartPolicy .
"},{"location":"en/admin/kpanda/workloads/pod-config/job-parameters.html","title":"Description of job parameters","text":"According to the settings of .spec.completions and .spec.Parallelism , jobs (Job) can be divided into the following types:
Job Type Description Non-parallel Job Creates a Pod until its Job completes successfully Parallel Jobs with deterministic completion counts A Job is considered complete when the number of successful Pods reaches .spec.completions Parallel Job Creates one or more Pods until one finishes successfullyParameter Description
RestartPolicy Creates a Pod until it terminates successfully .spec.completions Indicates the number of Pods that need to run successfully when the Job ends, the default is 1 .spec.parallelism Indicates the number of Pods running in parallel, the default is 1 spec.backoffLimit Indicates the maximum number of retries for a failed Pod, beyond which no more retries will continue. .spec.activeDeadlineSeconds Indicates the Pod running time. Once this time is reached, the Job, that is, all its Pods, will stop. And activeDeadlineSeconds has a higher priority than backoffLimit, that is, the job that reaches activeDeadlineSeconds will ignore the setting of backoffLimit.The following is an example Job configuration, saved in myjob.yaml, which calculates \u03c0 to 2000 digits and prints the output.
apiVersion: batch/v1\nkind: Job #The type of the current resource\nmetadata:\n name: myjob\nspec:\n completions: 50 # Job needs to run 50 Pods at the end, in this example it prints \u03c0 50 times\n parallelism: 5 # 5 Pods in parallel\n backoffLimit: 5 # retry up to 5 times\n template:\n spec:\n containers:\n - name: pi\n image: perl\n command: [\"perl\", \"-Mbignum=bpi\", \"-wle\", \"print bpi(2000)\"]\n restartPolicy: Never #restart policy\n
Related commands
kubectl apply -f myjob.yaml # Start job\nkubectl get job # View this job\nkubectl logs myjob-1122dswzs View Job Pod logs\n
"},{"location":"en/admin/kpanda/workloads/pod-config/lifecycle.html","title":"Configure the container lifecycle","text":"Pods follow a predefined lifecycle, starting in the Pending phase and entering the Running state if at least one container in the Pod starts normally. If any container in the Pod ends in a failed state, the state becomes Failed . The following phase field values \u200b\u200bindicate which phase of the lifecycle a Pod is in.
Value Description Pending The Pod has been accepted by the system, but one or more containers have not yet been created or run. This phase includes waiting for the pod to be scheduled and downloading the image over the network. Running (Running) The Pod has been bound to a node, and all containers in the Pod have been created. At least one container is still running, or in the process of starting or restarting. Succeeded (Success) All containers in the Pod were successfully terminated and will not be restarted. Failed All containers in the Pod have terminated, and at least one container terminated due to failure. That is, the container exited with a non-zero status or was terminated by the system. Unknown (Unknown) The status of the Pod cannot be obtained for some reason, usually due to a communication failure with the host where the Pod resides.When creating a workload in Suanova container management, images are usually used to specify the running environment in the container. By default, when building an image, the Entrypoint and CMD fields can be used to define the commands and parameters to be executed when the container is running. If you need to change the commands and parameters of the container image before starting, after starting, and before stopping, you can override the default commands and parameters in the image by setting the lifecycle event commands and parameters of the container.
"},{"location":"en/admin/kpanda/workloads/pod-config/lifecycle.html#lifecycle-configuration","title":"Lifecycle configuration","text":"Configure the startup command, post-start command, and pre-stop command of the container according to business needs.
Parameter Description Example value Start command Type: Optional Meaning: The container will be started according to the start command. Command after startup Type: optionalMeaning: command after container startup Command before stopping Type: Optional Meaning: The command executed by the container after receiving the stop command. Ensure that the services running in the instance can be drained in advance when the instance is upgraded or deleted. -"},{"location":"en/admin/kpanda/workloads/pod-config/lifecycle.html#start-command","title":"start command","text":"Configure the startup command according to the table below.
Parameter Description Example value Run command Type: RequiredMeaning: Enter an executable command, and separate multiple commands with spaces. If the command itself has spaces, you need to add (\"\"). Meaning: When there are multiple commands, it is recommended to use /bin/sh or other shells to run the command, and pass in all other commands as parameters. /run/server Running parameters Type: OptionalMeaning: Enter the parameters of the control container running command. port=8080"},{"location":"en/admin/kpanda/workloads/pod-config/lifecycle.html#post-start-commands","title":"Post-start commands","text":"Suanova provides two processing types, command line script and HTTP request, to configure post-start commands. You can choose the configuration method that suits you according to the table below.
Command line script configuration
Parameter Description Example value Run Command Type: Optional Meaning: Enter an executable command, and separate multiple commands with spaces. If the command itself contains spaces, you need to add (\"\"). Meaning: When there are multiple commands, it is recommended to use /bin/sh or other shells to run the command, and pass in all other commands as parameters. /run/server Running parameters Type: OptionalMeaning: Enter the parameters of the control container running command. port=8080"},{"location":"en/admin/kpanda/workloads/pod-config/lifecycle.html#stop-pre-command","title":"stop pre-command","text":"Suanova provides two processing types, command line script and HTTP request, to configure the pre-stop command. You can choose the configuration method that suits you according to the table below.
HTTP request configuration
Parameter Description Example value URL Path Type: Optional Meaning: Requested URL path. Meaning: When there are multiple commands, it is recommended to use /bin/sh or other shells to run the command, and pass in all other commands as parameters. /run/server Port Type: RequiredMeaning: Requested port. port=8080 Node Address Type: Optional Meaning: The requested IP address, the default is the node IP where the container is located. -"},{"location":"en/admin/kpanda/workloads/pod-config/scheduling-policy.html","title":"Scheduling Policy","text":"In a Kubernetes cluster, like many other Kubernetes objects, nodes have labels. You can manually add labels. Kubernetes also adds some standard labels to all nodes in the cluster. See Common Labels, Annotations, and Taints for common node labels. By adding labels to nodes, you can have pods scheduled on specific nodes or groups of nodes. You can use this feature to ensure that specific Pods can only run on nodes with certain isolation, security or governance properties.
nodeSelector is the simplest recommended form of a node selection constraint. You can add a nodeSelector field to the Pod's spec to set the node label. Kubernetes will only schedule pods on nodes with each label specified. nodeSelector provides one of the easiest ways to constrain Pods to nodes with specific labels. Affinity and anti-affinity expand the types of constraints you can define. Some benefits of using affinity and anti-affinity are:
Affinity and anti-affinity languages are more expressive. nodeSelector can only select nodes that have all the specified labels. Affinity, anti-affinity give you greater control over selection logic.
You can mark a rule as \"soft demand\" or \"preference\", so that the scheduler will still schedule the Pod if no matching node can be found.
You can use the labels of other Pods running on the node (or in other topological domains) to enforce scheduling constraints, instead of only using the labels of the node itself. This capability allows you to define rules which allow Pods to be placed together.
You can choose which node the Pod will deploy to by setting affinity and anti-affinity.
"},{"location":"en/admin/kpanda/workloads/pod-config/scheduling-policy.html#tolerance-time","title":"Tolerance time","text":"When the node where the workload instance is located is unavailable, the period for the system to reschedule the instance to other available nodes. The default is 300 seconds.
"},{"location":"en/admin/kpanda/workloads/pod-config/scheduling-policy.html#node-affinity-nodeaffinity","title":"Node affinity (nodeAffinity)","text":"Node affinity is conceptually similar to nodeSelector , which allows you to constrain which nodes Pods can be scheduled on based on the labels on the nodes. There are two types of node affinity:
Must be satisfied: ( requiredDuringSchedulingIgnoredDuringExecution ) The scheduler can only run scheduling when the rules are satisfied. This functionality is similar to nodeSelector , but with a more expressive syntax. You can define multiple hard constraint rules, but only one of them must be satisfied.
Satisfy as much as possible: ( preferredDuringSchedulingIgnoredDuringExecution ) The scheduler will try to find nodes that meet the proper rules. If no matching node is found, the scheduler will still schedule the Pod. You can also set weights for soft constraint rules. During specific scheduling, if there are multiple nodes that meet the conditions, the node with the highest weight will be scheduled first. At the same time, you can also define multiple hard constraint rules, but only one of them needs to be satisfied.
The label proper to the node can use the default label or user-defined label.
"},{"location":"en/admin/kpanda/workloads/pod-config/scheduling-policy.html#operators","title":"Operators","text":"It can only be added in the \"as far as possible\" policy, which can be understood as the priority of scheduling, and those with the highest weight will be scheduled first. The value range is 1 to 100.
"},{"location":"en/admin/kpanda/workloads/pod-config/scheduling-policy.html#workload-affinity","title":"Workload Affinity","text":"Similar to node affinity, there are two types of workload affinity:
The affinity of the workload is mainly used to determine which Pods of the workload can be deployed in the same topology domain. For example, services that communicate with each other can be deployed in the same topology domain (such as the same availability zone) by applying affinity scheduling to reduce the network delay between them.
"},{"location":"en/admin/kpanda/workloads/pod-config/scheduling-policy.html#tag-name_1","title":"Tag name","text":"The label proper to the node can use the default label or user-defined label.
"},{"location":"en/admin/kpanda/workloads/pod-config/scheduling-policy.html#namespaces","title":"Namespaces","text":"Specifies the namespace in which the scheduling policy takes effect.
"},{"location":"en/admin/kpanda/workloads/pod-config/scheduling-policy.html#operators_1","title":"Operators","text":"Specify the scope of influence during scheduling. If you specify kubernetes.io/Clustername, it will use the Node node as the distinguishing scope.
"},{"location":"en/admin/kpanda/workloads/pod-config/scheduling-policy.html#workload-anti-affinity","title":"Workload Anti-Affinity","text":"Similar to node affinity, there are two types of anti-affinity for workloads:
The anti-affinity of the workload is mainly used to determine which Pods of the workload cannot be deployed in the same topology domain. For example, the same Pod of a load is distributed to different topological domains (such as different hosts) to improve the stability of the workload itself.
"},{"location":"en/admin/kpanda/workloads/pod-config/scheduling-policy.html#tag-name_2","title":"Tag name","text":"The label proper to the node can use the default label or user-defined label.
"},{"location":"en/admin/kpanda/workloads/pod-config/scheduling-policy.html#namespaces_1","title":"Namespaces","text":"Specifies the namespace in which the scheduling policy takes effect.
"},{"location":"en/admin/kpanda/workloads/pod-config/scheduling-policy.html#operators_2","title":"Operators","text":"Specify the scope of influence when scheduling, such as specifying kubernetes.io/Clustername, it will use the Node node as the distinguishing scope.
"},{"location":"en/admin/kpanda/workloads/pod-config/workload-status.html","title":"Workload Status","text":"A workload is an application running on Kubernetes, and in Kubernetes, whether your application is composed of a single same component or composed of many different components, you can use a set of Pods to run it. Kubernetes provides five built-in workload resources to manage pods:
You can also expand workload resources by setting Custom Resource CRD. In the fifth-generation container management, it supports full lifecycle management of workloads such as creation, update, capacity expansion, monitoring, logging, deletion, and version management.
"},{"location":"en/admin/kpanda/workloads/pod-config/workload-status.html#pod-status","title":"Pod Status","text":"Pod is the smallest computing unit created and managed in Kubernetes, that is, a collection of containers. These containers share storage, networking, and management policies that control how the containers run. Pods are typically not created directly by users, but through workload resources. Pods follow a predefined lifecycle, starting at Pending phase, if at least one of the primary containers starts normally, it enters Running , and then enters the Succeeded or Failed stage depending on whether any container in the Pod ends in a failed status.
"},{"location":"en/admin/kpanda/workloads/pod-config/workload-status.html#workload-status_1","title":"Workload Status","text":"The fifth-generation container management module designs a built-in workload life cycle status set based on factors such as Pod status and number of replicas, so that users can more realistically perceive the running status of workloads. Because different workload types (such as Deployment and Jobs) have inconsistent management mechanisms for Pods, different workloads will have different lifecycle status during operation, as shown in the following table.
"},{"location":"en/admin/kpanda/workloads/pod-config/workload-status.html#deployment-statefulset-damemonset-status","title":"Deployment, StatefulSet, DamemonSet Status","text":"Status Description Waiting 1. A workload is in this status while its creation is in progress. 2. After an upgrade or rollback action is triggered, the workload is in this status. 3. Trigger operations such as pausing/scaling, and the workload is in this status. Running This status occurs when all instances under the workload are running and the number of replicas matches the user-defined number. Deleting When a delete operation is performed, the payload is in this status until the delete is complete. Exception Unable to get the status of the workload for some reason. This usually occurs because communication with the pod's host has failed. Not Ready When the container is in an abnormal, pending status, this status is displayed when the workload cannot be started due to an unknown error"},{"location":"en/admin/kpanda/workloads/pod-config/workload-status.html#job-status","title":"Job Status","text":"Status Description Waiting The workload is in this status while Job creation is in progress. Executing The Job is in progress and the workload is in this status. Execution Complete The Job execution is complete and the workload is in this status. Deleting A delete operation is triggered and the workload is in this status. Exception Pod status could not be obtained for some reason. This usually occurs because communication with the pod's host has failed."},{"location":"en/admin/kpanda/workloads/pod-config/workload-status.html#cronjob-status","title":"CronJob status","text":"Status Description Waiting The CronJob is in this status when it is being created. Started After the CronJob is successfully created, the CronJob is in this status when it is running normally or when the paused task is started. Stopped The CronJob is in this status when the stop task operation is performed. Deleting The deletion operation is triggered, and the CronJob is in this status.When the workload is in an abnormal or unready status, you can move the mouse over the status value of the load, and the system will display more detailed error information through a prompt box. You can also view the log or events to obtain related running information of the workload.
"},{"location":"en/admin/register/index.html","title":"User Registration","text":"New users need to register to use the AI platform for the first time.
"},{"location":"en/admin/register/index.html#prerequisites","title":"Prerequisites","text":"Open the AI platform homepage at https://ai.isuanova.com/ and click Register.
Enter your username, password, and email, then click Register.
The system will prompt that an email has been sent to your inbox.
Log in to your email, find the email, and click the link.
Congratulations, you have successfully accessed the AI platform, and you can now begin your AI journey.
Next step: Bind a Workspace for the User
"},{"location":"en/admin/register/bindws.html","title":"Binding a Workspace for the User","text":"After a user successfully registers, a workspace needs to be bound to them.
"},{"location":"en/admin/register/bindws.html#prerequisites","title":"Prerequisites","text":"Navigate to Global Management -> Workspace and Folder, and click Create Workspace.
Enter the workspace name, select a folder, and click OK to create a workspace.
Bind resources to the workspace.
On this interface, you can click Create Namespace to create a namespace.
Add authorization: Assign the user to the workspace.
The user logs in to the AI platform to check if they have permissions for the workspace and namespace. The administrator can perform more actions through the \u2507 on the right side.
Next step: Allocate Resources for the Workspace
"},{"location":"en/admin/register/wsres.html","title":"Allocate Resources to the Workspace","text":"After binding a user to a workspace, it is necessary to allocate appropriate resources to the workspace.
"},{"location":"en/admin/register/wsres.html#prerequisites","title":"Prerequisites","text":"Navigate to Global Management -> Workspace and Folder, find the workspace to which you want to add resources, and click Add Shared Resources.
Select the cluster, set the appropriate resource quota, and then click OK
Return to the shared resources page. Resources have been successfully allocated to the workspace, and the administrator can modify them at any time using the \u2507 on the right side.
Next step: Create a Cloud Host
"},{"location":"en/admin/security/index.html","title":"Cloud Native Security","text":"AI platform provides a fully automated security implementation for containers, Pods, images, runtimes, and microservices. The following table lists some of the security features that have been implemented or are in the process of being implemented.
Security Features Specific Items Description Image security Trusted image Distribution Key pairs and signature information are required to achieve secure transport of images. It's allowed to select a key for mirror signing during mirror transmission. Runtime security Event correlation analysis Support correlation and risk analysis of security events detected at runtime to enhance attack traceability. Support converge alerts, reduce invalid alerts, and improve event response efficiency. - Container decoy repository The container decoy repository is equipped with common decoys including but not limited to: unauthorized access vulnerabilities, code execution vulnerabilities, local file reading vulnerabilities, remote command execution RCE vulnerabilities, and other container decoys. - Container decoy deployment Support custom decoy containers, including service names, service locations, etc. - Container decoy alerting Support alerting on suspicious behavior in container decoys. - Offset detection While scanning the image, learn all the binary information in the image and form a \"whitelist\" to allow only the binaries in the \"whitelist\" to run after the container is online, which ensures that the container can not run unauthorized (such as illegal download) executable files. Micro-isolation Intelligent recommendation of isolation policies Support for recording historical access traffic to resources, and intelligent policy recommendation based on historical access traffic when configuring isolation policies for resources. - Tenant isolation Support isolation control of tenants in Kubernetes clusters, with the ability to set different network security groups for different tenants, and supports tenant-level security policies to achieve inter-tenant network access and isolation. Microservices security Service and API security scanning Supports automatic, manual and periodic scanning of services and APIs within a cluster. Support all traditional web scanning items including XSS vulnerabilities, SQL injection, command/code injection, directory enumeration, path traversal, XML entity injection, poc, file upload, weak password, jsonp, ssrf, arbitrary jump, CRLF injection and other risks. For vulnerabilities found in the container environment, support vulnerability type display, url display, parameter display, danger level display, test method display, etc."},{"location":"en/admin/security/falco-exporter.html","title":"What is Falco-exporter","text":"Falco-exporter is a Prometheus Metrics exporter for Falco output events.
Falco-exporter is deployed as a DaemonSet on a Kubernetes cluster. If Prometheus is installed and running in the cluster, metrics provided by Falco-exporter will be automatically discovered.
"},{"location":"en/admin/security/falco-exporter.html#install-falco-exporter","title":"Install Falco-exporter","text":"This section describes how to install Falco-exporter.
Note
Before installing and using Falco-exporter, you need to install and run Falco with gRPC output enabled (enabled by via Unix sockets by default). For more information on enabling gRPC output in Falco Helm Chart, see Enabling gRPC.
Please confirm that your cluster has successfully connected to the Container Management
platform, and then perform the following steps to install Falco-exporter.
Click Container Management
->Clusters
in the left navigation bar, then find the cluster name where you want to install Falco-exporter.
In the left navigation bar, select Helm Releases
-> Helm Charts
, and then find and click falco-exporter
.
Select the version you want to install in Version
and click Install
.
On the installation screen, fill in the required installation parameters.
Fill in application name
, namespace
, version
, etc.
Fill in the following parameters:
Falco Prometheus Exporter
-> Image Settings
-> Registry
: set the repository address of the falco-exporter image, which is already filled with the available online repositories by default. If it is a private environment, you can change it to a private repository address.
Falco Prometheus Exporter
-> Prometheus ServiceMonitor Settings
-> Repository
: set the falco-exporter image name.
Falco Prometheus Exporter
-> Prometheus ServiceMonitor Settings
-> Install ServiceMonitor
: install Prometheus Operator service monitor. It is enabled by default.
Falco Prometheus Exporter
-> Prometheus ServiceMonitor Settings
-> Scrape Interval
: user-defined interval; if not specified, the Prometheus default interval is used.
Falco Prometheus Exporter
-> Prometheus ServiceMonitor Settings
-> Scrape Timeout
: user-defined scrape timeout; if not specified, the Prometheus default scrape timeout is used.
In the screen as above, fill in the following parameters:
Falco Prometheus Exporter
-> Prometheus prometheusRules
-> Install prometheusRules
: create PrometheusRules to alert on priority events. It is enabled by default.
Falco Prometheus Exporter
-> Prometheus prometheusRules
-> Alerts settings
: set whether alerts are enabled for different levels of log events, the interval between alerts, and the threshold for alerts.
Click the OK
button at the bottom right corner to complete the installation.
Please confirm that your cluster has successfully connected to the Container Management
platform, and then perform the following steps to install Falco.
Click Container Management
->Clusters
in the left navigation bar, then find the cluster name where you want to install Falco.
In the left navigation bar, select Helm Releases
-> Helm Charts
, and then find and click Falco
.
Select the version you want to install in Version
, and click Install
.
On the installation page, fill in the required installation parameters.
Fill in the application name
, namespace
, version
, etc.
Fill in the following parameters:
Falco
-> Image Settings
-> Registry
: set the repository address of the Falco image, which is already filled with the available online repositories by default. If it is a private environment, you can change it to a private repository address.
Falco
-> Image Settings
-> Repository
: set the Falco image name.
Falco
-> Falco Driver
-> Image Settings
-> Registry
: set the repository address of the Falco Driver image, which is already filled with available online repositories by default. If it is a private environment, you can change it to a private repository address.
Falco
-> Falco Driver
-> Image Settings
-> Repository
: set the Falco Driver image name.
Falco
-> Falco Driver
-> Image Settings
-> Driver Kind
: set the Driver Kind, providing the following two options.
ebpf: use ebpf to detect events, which requires the Linux kernel to support ebpf and enable CONFIG_BPF_JIT and sysctl net.core.bpf_jit_enable=1.
module: use kernel module detection with limited OS version support. Refer to module support system version.
Falco
-> Falco Driver
-> Image Settings
-> Log Level
: the minimum log level to be included in the log.
Optional values include: emergency
, alert
, critical
, error
, warning
, notice
, info
, debug
.
Click the OK
button in the bottom right corner to complete the installation.
Falco is a cloudnative runtime security
tool designed to detect anomalous activity in applications, and can be used to monitor the runtime security of Kubernetes applications and internal components. With only a set of rules, Falco can continuously monitor and watch for anomalous activity in containers, applications, hosts, and networks.
Falco can detect and alert on any behavior involving Linux system calls. Falco alerts can be triggered using specific system calls, parameters, and properties of the calling process. For example, Falco can easily detect events including but not limited to the following:
For more information on the default rules that come with Falco, see the Rules documentation.
"},{"location":"en/admin/security/falco.html#what-are-falco-rules","title":"What are Falco rules?","text":"Falco rules define the behavior and events that Falco should monitor. Rules can be written in the Falco rules file or in a generic configuration file. For more information on writing, managing and deploying rules, see Falco Rules.
"},{"location":"en/admin/security/falco.html#what-are-falco-alerts","title":"What are Falco Alerts?","text":"Alerts are configurable downstream operations that can be as simple as logging or as complex as STDOUT passing a gRPC call to a client. For more information on configuring, understanding, and developing alerts, see Falco Alerts. Falco can send alerts t:
Falco consists of the following main components:
Userspace program: a CLI tool that can be used to interact with Falco. The userspace program handles signals, parses messages from a Falco driver, and sends alerts.
Configuration: define how Falco is run, what rules to assert, and how to perform alerts. For more information, see Configuration.
Driver: a software that adheres to the Falco driver specification and sends a stream of system call information. You cannot run Falco without installing a driver. Currently, Falco supports the following drivers:
Userspace instrumentation
For more information, see Falco drivers.
Plugins: allow users to extend the functionality of falco libraries/falco executable by adding new event sources and new fields that can extract information from events. For more information, see Plugins.
Notebook typically refers to Jupyter Notebook or similar interactive computing environments. This is a very popular tool widely used in fields such as data science, machine learning, and deep learning. This page explains how to use Notebook on the Canfeng AI platform.
"},{"location":"en/admin/share/notebook.html#prerequisites","title":"Prerequisites","text":"Navigate to AI Lab -> Queue Management, and click the Create button on the right.
After entering a name, selecting a cluster, workspace, and quota, click OK.
Log in to the AI platform as a User, navigate to AI Lab -> Notebook, and click the Create button on the right.
After configuring the parameters, click OK.
Basic InformationResource ConfigurationAdvanced ConfigurationEnter a name, select a cluster, namespace, choose the newly created queue, and click One-click Initialization.
Select Notebook type, configure memory and CPU, enable GPU, create and configure PVC:
Enable SSH external access:
You will be automatically redirected to the Notebook instance list; click the instance name.
Enter the Notebook instance details page and click the Open button in the upper right corner.
You will enter the Notebook development environment, where a persistent volume is mounted in the /home/jovyan
directory. You can clone code using git and upload data after connecting via SSH, etc.
Generate an SSH key pair on your own computer.
Open the command line on your computer, for example, open git bash on Windows, and enter ssh-keygen.exe -t rsa
, then press enter until completion.
Use commands like cat ~/.ssh/id_rsa.pub
to view and copy the public key.
Log in to the AI platform as a user, click Personal Center in the upper right corner -> SSH Public Key -> Import SSH Public Key.
Go to the details page of the Notebook instance and copy the SSH link.
Use SSH to access the Notebook instance from the client.
Next step: Create Training Jobs
"},{"location":"en/admin/share/quota.html","title":"Quota Management","text":"Once a user is bound to a workspace, resources can be allocated to the workspace, and resource quotas can be managed.
"},{"location":"en/admin/share/quota.html#prerequisites","title":"Prerequisites","text":"Allocate resource quotas to the workspace.
Manage the resource quotas for the namespace test-ns-1
, ensuring that the values do not exceed the workspace's quota.
Log in to the AI platform as a User to check if they have been assigned the test-ns-1
namespace.
Next step: Create AI Workloads Using GPUs
"},{"location":"en/admin/share/workload.html","title":"Creating AI Workloads Using GPU Resources","text":"After the administrator allocates resource quotas for the workspace, users can create AI workloads to utilize GPU computing resources.
"},{"location":"en/admin/share/workload.html#prerequisites","title":"Prerequisites","text":"Navigate to Container Management, select a namespace, then click Workloads -> Deployments, and then click the Create from Image button on the right.
After configuring the parameters, click OK.
Basic InformationContainer ConfigurationOthersSelect your own namespace.
Set the image, configure resources such as CPU, memory, and GPU, and set the startup command.
Service configuration and advanced settings can use default configurations.
Automatically return to the stateless workload list and click the workload name.
Enter the details page to view the GPU quota.
You can also enter the console and run the mx-smi
command to check the GPU resources.
Next step: Using Notebook
"},{"location":"en/admin/virtnest/best-practice/import-ubuntu.html","title":"Import a Linux Virtual Machine with Ubuntu from an External Platform","text":"This page provides a detailed introduction on how to import Linux virtual machines from the external platform VMware into the virtual machines of AI platform through the command line.
Info
The external virtual platform in this document is VMware vSphere Client, abbreviated as vSphere. Technically, it relies on kubevirt cdi for implementation. Before proceeding, the virtual machine imported on vSphere needs to be shut down. Take a virtual machine of the Ubuntu operating system as an example.
"},{"location":"en/admin/virtnest/best-practice/import-ubuntu.html#fetch-basic-information-of-vsphere-virtual-machine","title":"Fetch Basic Information of vSphere Virtual Machine","text":"vSphere URL: Fetch information on the URL of the target platform
vSphere SSL Certificate Thumbprint: Need to be fetched using openssl
openssl s_client -connect 10.64.56.11:443 </dev/null | openssl x509 -in /dev/stdin -fingerprint -sha1 -noout\n
Output will be similar to: Can't use SSL_get_servername\ndepth=0 CN = vcsa.daocloud.io\nverify error:num=20:unable to get local issuer certificate\nverify return:1\ndepth=0 CN = vcsa.daocloud.io\nverify error:num=21:unable to verify the first certificate\nverify return:1\ndepth=0 CN = vcsa.daocloud.io\nverify return:1\nDONE\nsha1 Fingerprint=C3:9D:D7:55:6A:43:11:2B:DE:BA:27:EA:3B:C2:13:AF:E4:12:62:4D # Value needed\n
vSphere Account: Fetch account information for vSphere, and pay attention to permissions
vSphere Password: Fetch password information for vSphere
UUID of the virtual machine to be imported: Need to be fetched on the web page of vSphere
Access the Vsphere page, go to the details page of the virtual machine to be imported, click Edit Settings , open the browser's developer console at this point, click Network -> Headers , find the URL as shown in the image below.
Click Response , locate vmConfigContext -> config , and finally find the target value uuid .
Path of the vmdk file of the virtual machine to be imported
Different information needs to be configured based on the chosen network mode. If a fixed IP address is required, you should select the Bridge network mode.
Create subnets and IP pools.
apiVersion: spiderpool.spidernet.io/v2beta1\nkind: SpiderIPPool\nmetadata:\n name: test2\nspec:\n ips:\n - 10.20.3.90\n subnet: 10.20.0.0/16\n gateway: 10.20.0.1\n\n---\napiVersion: spiderpool.spidernet.io/v2beta1\nkind: SpiderIPPool\nmetadata:\n name: test3\nspec:\n ips:\n - 10.20.240.1\n subnet: 10.20.0.0/16\n gateway: 10.20.0.1\n\n---\napiVersion: spiderpool.spidernet.io/v2beta1\nkind: SpiderMultusConfig\nmetadata:\n name: test1\n namespace: kube-system\nspec:\n cniType: ovs\n coordinator:\n detectGateway: false\n detectIPConflict: false\n mode: auto\n tunePodRoutes: true\n disableIPAM: false\n enableCoordinator: true\n ovs:\n bridge: br-1\n ippools:\n ipv4:\n - test1\n - test2\n
apiVersion: v1\nkind: Secret\nmetadata:\n name: vsphere # Can be changed\n labels:\n app: containerized-data-importer # Do not change\ntype: Opaque\ndata:\n accessKeyId: \"username-base64\"\n secretKey: \"password-base64\"\n
"},{"location":"en/admin/virtnest/best-practice/import-ubuntu.html#write-a-kubevirt-vm-yaml-to-create-vm","title":"Write a KubeVirt VM YAML to create VM","text":"Tip
If a fixed IP address is required, the YAML configuration differs slightly from the one used for the default network. These differences have been highlighted.
apiVersion: kubevirt.io/v1\nkind: VirtualMachine\nmetadata:\n annotations:\n kubevirt.io/latest-observed-api-version: v1\n kubevirt.io/storage-observed-api-version: v1\n virtnest.io/alias-name: \"\"\n virtnest.io/image-secret: \"\"\n creationTimestamp: \"2024-05-23T06:46:28Z\"\n finalizers:\n - kubevirt.io/virtualMachineControllerFinalize\n generation: 1\n labels:\n virtnest.io/os-family: Ubuntu\n virtnest.io/os-version: \"22.04\"\n name: export-ubuntu\n namespace: default\nspec:\n dataVolumeTemplates:\n - metadata:\n creationTimestamp: null\n name: export-ubuntu-rootdisk\n namespace: default\n spec:\n pvc:\n accessModes:\n - ReadWriteOnce\n resources:\n requests:\n storage: 10Gi\n storageClassName: local-path\n source:\n vddk:\n backingFile: \"[A05-09-ShangPu-Local-DataStore] virtnest-export-ubuntu/virtnest-export-ubuntu.vmdk\" \n url: \"https://10.64.56.21\" \n uuid: \"421d6135-4edb-df80-ee54-8c5b10cc4e78\" \n thumbprint: \"D7:C4:22:E3:6F:69:DA:72:50:81:12:FA:42:18:3F:29:5C:7F:41:CA\" \n secretRef: \"vsphere\"\n initImageURL: \"release.daocloud.io/virtnest/vddk:v8\" \n runStrategy: Manual\n template:\n metadata:\n annotations:\n ipam.spidernet.io/ippools: '[{\"cleangateway\":false,\"ipv4\":[\"test2\"]}]' // Add spiderpool network here\n creationTimestamp: null\n spec:\n architecture: amd64\n domain:\n devices:\n disks:\n - bootOrder: 1\n disk:\n bus: virtio\n name: rootdisk\n interfaces: // Modify the network configuration\n - bridge: {}\n name: ovs-bridge0\n machine:\n type: q35\n resources:\n requests:\n memory: 4Gi\n networks: // Modify the network configuration\n - multus:\n default: true\n networkName: kube-system/test1\n name: ovs-bridge0\n volumes:\n - dataVolume:\n name: export-ubuntu-rootdisk\n name: rootdisk\n
"},{"location":"en/admin/virtnest/best-practice/import-ubuntu.html#access-vnc-to-verify-successful-operation","title":"Access VNC to verify successful operation","text":"Modify the network configuration of the virtual machine
Check the current network
When the actual import is completed, the configuration shown in the image below has been completed. However, it should be noted that the enp1s0 interface does not contain the inet field, so it cannot connect to the external network.
Configure netplan
In the configuration shown in the image above, change the objects in ethernets to enp1s0 and obtain an IP address using DHCP.
Apply the netplan configuration to the system network configuration
sudo netplan apply\n
Perform a ping test on the external network
Access the virtual machine on the node via SSH.
This page provides a detailed introduction on how to import virtual machines from an external platform -- VMware, into the virtual machines of AI platform using the command line.
Info
The external virtual platform on this page is VMware vSphere Client, abbreviated as vSphere. Technically, it relies on kubevirt cdi for implementation. Before proceeding, the virtual machine imported on vSphere needs to be shut down. Take a virtual machine of the Windows operating system as an example.
"},{"location":"en/admin/virtnest/best-practice/import-windows.html#environment-preparation","title":"Environment Preparation","text":"Before importing, refer to the Network Configuration to prepare the environment.
"},{"location":"en/admin/virtnest/best-practice/import-windows.html#fetch-information-of-the-windows-virtual-machine","title":"Fetch Information of the Windows Virtual Machine","text":"Similar to importing a virtual machine with a Linux operating system, refer to Importing a Linux Virtual Machine with Ubuntu from an External Platform to get the following information:
When importing a virtual machine from an external platform into the AI platform virtualization platform, you need to configure it according to the boot type (BIOS or UEFI) to ensure it can boot and run correctly.
You can check whether Windows uses BIOS or UEFI through \"System Summary.\" If it uses UEFI, you need to add the relevant information in the YAML file.
"},{"location":"en/admin/virtnest/best-practice/import-windows.html#import-process","title":"Import Process","text":"Prepare the window.yaml
file and pay attention to the following configmaps:
apiVersion: kubevirt.io/v1\nkind: VirtualMachine\nmetadata:\n labels:\n virtnest.io/os-family: windows\n virtnest.io/os-version: \"server2019\"\n name: export-window-21\n namespace: default\nspec:\n dataVolumeTemplates:\n - metadata:\n name: export-window-21-rootdisk\n spec:\n pvc:\n accessModes:\n - ReadWriteOnce\n resources:\n requests:\n storage: 22Gi\n storageClassName: local-path\n source:\n vddk:\n backingFile: \"[A05-09-ShangPu-Local-DataStore] virtnest-export-window/virtnest-export-window.vmdk\"\n url: \"https://10.64.56.21\"\n uuid: \"421d40f2-21a2-cfeb-d5c9-e7f8abfc2faa\"\n thumbprint: \"D7:C4:22:E3:6F:69:DA:72:50:81:12:FA:42:18:3F:29:5C:7F:41:CA\"\n secretRef: \"vsphere21\"\n initImageURL: \"release.daocloud.io/virtnest/vddk:v8\"\n - metadata:\n name: export-window-21-datadisk\n spec:\n pvc:\n accessModes:\n - ReadWriteOnce\n resources:\n requests:\n storage: 1Gi\n storageClassName: local-path\n source:\n vddk:\n backingFile: \"[A05-09-ShangPu-Local-DataStore] virtnest-export-window/virtnest-export-window_1.vmdk\"\n url: \"https://10.64.56.21\"\n uuid: \"421d40f2-21a2-cfeb-d5c9-e7f8abfc2faa\"\n thumbprint: \"D7:C4:22:E3:6F:69:DA:72:50:81:12:FA:42:18:3F:29:5C:7F:41:CA\"\n secretRef: \"vsphere21\"\n initImageURL: \"release.daocloud.io/virtnest/vddk:v8\"\n # <1>. PVC for booting Virtio drivers\n # \u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\n - metadata:\n name: virtio-disk\n spec:\n pvc:\n accessModes:\n - ReadWriteOnce\n resources:\n requests:\n storage: 10Mi\n storageClassName: local-path\n source:\n blank: {}\n # \u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\n running: true\n template:\n metadata:\n annotations:\n ipam.spidernet.io/ippools: '[{\"cleangateway\":false,\"ipv4\":[\"test86\"]}]'\n spec:\n dnsConfig:\n nameservers:\n - 223.5.5.5\n domain:\n cpu:\n cores: 2\n memory:\n guest: 4Gi\n devices:\n disks:\n - bootOrder: 1\n disk:\n bus: sata # <2> Disk bus type, set to SATA or Virtio depending on the boot type\n name: rootdisk\n - bootOrder: 2\n disk:\n bus: sata # <2> Disk bus type, set to SATA or Virtio depending on the boot type\n name: datadisk\n # <1>. disk for booting Virtio drivers\n # \u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\n - bootOrder: 3\n disk:\n bus: virtio\n name: virtdisk\n - bootOrder: 4\n cdrom:\n bus: sata\n name: virtiocontainerdisk\n # \u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\n interfaces:\n - bridge: {}\n name: ovs-bridge0\n # <3> In the above section \"Check the Boot Type of Windows\"\n # If using UEFI, add the following information\n # \u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\n features:\n smm:\n enabled: true\n firmware:\n bootloader:\n efi:\n secureBoot: false\n # \u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\n machine:\n type: q35\n resources:\n requests:\n memory: 4Gi\n networks:\n - multus:\n default: true\n networkName: kube-system/test1\n name: ovs-bridge0\n volumes:\n - dataVolume:\n name: export-window-21-rootdisk\n name: rootdisk\n - dataVolume:\n name: export-window-21-datadisk\n name: datadisk \n # <1> Volumes for booting Virtio drivers\n # \u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\n - dataVolume:\n name: virtio-disk\n name: virtdisk\n - containerDisk:\n image: release-ci.daocloud.io/virtnest/kubevirt/virtio-win:v4.12.12-5\n name: virtiocontainerdisk\n # \u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\n
"},{"location":"en/admin/virtnest/best-practice/import-windows.html#install-virtio-drivers-via-vnc","title":"Install VirtIO Drivers via VNC","text":"# Delete fields marked with <1>, modify fields marked with <2>: change sata to virtio\napiVersion: kubevirt.io/v1\nkind: VirtualMachine\nmetadata:\n labels:\n virtnest.io/os-family: windows\n virtnest.io/os-version: \"server2019\"\n name: export-window-21\n namespace: default\nspec:\n dataVolumeTemplates:\n - metadata:\n name: export-window-21-rootdisk\n spec:\n pvc:\n accessModes:\n - ReadWriteOnce\n resources:\n requests:\n storage: 22Gi\n storageClassName: local-path\n source:\n vddk:\n backingFile: \"[A05-09-ShangPu-Local-DataStore] virtnest-export-window/virtnest-export-window.vmdk\"\n url: \"https://10.64.56.21\"\n uuid: \"421d40f2-21a2-cfeb-d5c9-e7f8abfc2faa\"\n thumbprint: \"D7:C4:22:E3:6F:69:DA:72:50:81:12:FA:42:18:3F:29:5C:7F:41:CA\"\n secretRef: \"vsphere21\"\n initImageURL: \"release.daocloud.io/virtnest/vddk:v8\"\n - metadata:\n name: export-window-21-datadisk\n spec:\n pvc:\n accessModes:\n - ReadWriteOnce\n resources:\n requests:\n storage: 1Gi\n storageClassName: local-path\n source:\n vddk:\n backingFile: \"[A05-09-ShangPu-Local-DataStore] virtnest-export-window/virtnest-export-window_1.vmdk\"\n url: \"https://10.64.56.21\"\n uuid: \"421d40f2-21a2-cfeb-d5c9-e7f8abfc2faa\"\n thumbprint: \"D7:C4:22:E3:6F:69:DA:72:50:81:12:FA:42:18:3F:29:5C:7F:41:CA\"\n secretRef: \"vsphere21\"\n initImageURL: \"release.daocloud.io/virtnest/vddk:v8\"\n running: true\n template:\n metadata:\n annotations:\n ipam.spidernet.io/ippools: '[{\"cleangateway\":false,\"ipv4\":[\"test86\"]}]'\n spec:\n dnsConfig:\n nameservers:\n - 223.5.5.5\n domain:\n cpu:\n cores: 2\n memory:\n guest: 4Gi\n devices:\n disks:\n - bootOrder: 1\n disk:\n bus: virtio # <2>\n name: rootdisk\n - bootOrder: 2\n disk:\n bus: virtio # <2>\n name: datadisk\n interfaces:\n - bridge: {}\n name: ovs-bridge0\n # <3> In the above section \"Check the Boot Type of Windows\"\n # If using UEFI, add the following information\n # \u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\u2193\n features:\n smm:\n enabled: true\n firmware:\n bootloader:\n efi:\n secureBoot: false\n # \u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\u2191\n machine:\n type: q35\n resources:\n requests:\n memory: 4Gi\n networks:\n - multus:\n default: true\n networkName: kube-system/test1\n name: ovs-bridge0\n volumes:\n - dataVolume:\n name: export-window-21-rootdisk\n name: rootdisk\n - dataVolume:\n name: export-window-21-datadisk\n name: datadisk\n
"},{"location":"en/admin/virtnest/best-practice/import-windows.html#access-and-verify-via-rdp","title":"Access and Verify via RDP","text":"Use an RDP client to connect to the virtual machine. Log in with the default account admin
and password dangerous!123
.
Verify network access and data disk data
This document will explain how to create a Windows virtual machine via the command line.
"},{"location":"en/admin/virtnest/best-practice/vm-windows.html#prerequisites","title":"Prerequisites","text":"Creating a Windows virtual machine requires importing an ISO image primarily to install the Windows operating system. Unlike Linux operating systems, the Windows installation process usually involves booting from an installation disc or ISO image file. Therefore, when creating a Windows virtual machine, it is necessary to first import the installation ISO image of the Windows operating system so that the virtual machine can be installed properly.
Here are two methods for importing ISO images:
(Recommended) Creating a Docker image. It is recommended to refer to building images.
(Not recommended) Using virtctl to import the image into a Persistent Volume Claim (PVC).
You can refer to the following command:
virtctl image-upload -n <namespace> pvc <PVC name> \\\n --image-path=<ISO file path> \\\n --access-mode=ReadWriteOnce \\\n --size=6G \\\n --uploadproxy-url=<https://cdi-uploadproxy ClusterIP and port> \\\n --force-bind \\\n --insecure \\\n --wait-secs=240 \\\n --storage-class=<SC>\n
For example:
virtctl image-upload -n <namespace> pvc <PVC name> \\\n --image-path=<ISO file path> \\\n --access-mode=ReadWriteOnce \\\n --size=6G \\\n --uploadproxy-url=<https://cdi-uploadproxy ClusterIP and port> \\\n --force-bind \\\n --insecure \\\n --wait-secs=240 \\\n --storage-class=<SC>\n
Creating a Windows virtual machine using YAML is more flexible and easier to write and maintain. Below are three reference YAML examples:
(Recommended) Using Virtio drivers + Docker image:
apiVersion: kubevirt.io/v1\nkind: VirtualMachine\nmetadata:\n annotations:\n kubevirt.io/latest-observed-api-version: v1\n kubevirt.io/storage-observed-api-version: v1\n labels:\n virtnest.io/os-family: Windows\n virtnest.io/os-version: '10'\n name: windows10-virtio\n namespace: default\nspec:\n dataVolumeTemplates:\n - metadata:\n name: win10-system-virtio\n namespace: default\n spec:\n pvc:\n accessModes:\n - ReadWriteOnce\n resources:\n requests:\n storage: 32Gi\n storageClassName: local-path\n source:\n blank: {}\n running: true\n template:\n metadata:\n labels:\n app: windows10-virtio\n version: v1\n kubevirt.io/domain: windows10-virtio\n spec:\n architecture: amd64\n domain:\n cpu:\n cores: 8\n sockets: 1\n threads: 1\n devices:\n disks:\n - bootOrder: 1\n disk:\n bus: virtio # Use virtio\n name: win10-system-virtio \n - bootOrder: 2\n cdrom:\n bus: sata # Use sata for ISO image\n name: iso-win10\n - bootOrder: 3\n cdrom:\n bus: sata # Use sata for containerdisk\n name: virtiocontainerdisk\n interfaces:\n - name: default\n masquerade: {}\n machine:\n type: q35\n resources:\n requests:\n memory: 8G\n networks:\n - name: default\n pod: {}\n volumes:\n - name: iso-win10\n persistentVolumeClaim:\n claimName: iso-win10\n - name: win10-system-virtio\n persistentVolumeClaim:\n claimName: win10-system-virtio\n - containerDisk:\n image: kubevirt/virtio-container-disk\n name: virtiocontainerdisk\n
(Not recommended) Using a combination of Virtio drivers and virtctl tool to import the image into a Persistent Volume Claim (PVC).
apiVersion: kubevirt.io/v1\nkind: VirtualMachine\nmetadata:\n annotations:\n kubevirt.io/latest-observed-api-version: v1\n kubevirt.io/storage-observed-api-version: v1\n labels:\n virtnest.io/os-family: Windows\n virtnest.io/os-version: '10'\n name: windows10-virtio\n namespace: default\nspec:\n dataVolumeTemplates:\n - metadata:\n name: win10-system-virtio\n namespace: default\n spec:\n pvc:\n accessModes:\n - ReadWriteOnce\n resources:\n requests:\n storage: 32Gi\n storageClassName: local-path\n source:\n blank: {}\n running: true\n template:\n metadata:\n labels:\n app: windows10-virtio\n version: v1\n kubevirt.io/domain: windows10-virtio\n spec:\n architecture: amd64\n domain:\n cpu:\n cores: 8\n sockets: 1\n threads: 1\n devices:\n disks:\n - bootOrder: 1\n # Use virtio\n disk:\n bus: virtio\n name: win10-system-virtio\n # Use sata for ISO image\n - bootOrder: 2\n cdrom:\n bus: sata\n name: iso-win10\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 # Use sata for containerdisk\n - bootOrder: 3\n cdrom:\n bus: sata\n name: virtiocontainerdisk\n interfaces:\n - name: default\n masquerade: {}\n machine:\n type: q35\n resources:\n requests:\n memory: 8G\n networks:\n - name: default\n pod: {}\n volumes:\n - name: iso-win10\n persistentVolumeClaim:\n claimName: iso-win10\n - name: win10-system-virtio\n persistentVolumeClaim:\n claimName: win10-system-virtio\n - containerDisk:\n image: kubevirt/virtio-container-disk\n name: virtiocontainerdisk\n
(Not recommended) In a scenario where Virtio drivers are not used, importing the image into a Persistent Volume Claim (PVC) using the virtctl tool. The virtual machine may use other types of drivers or default drivers to operate disk and network devices.
apiVersion: kubevirt.io/v1\nkind: VirtualMachine\nmetadata:\n annotations:\n kubevirt.io/latest-observed-api-version: v1\n kubevirt.io/storage-observed-api-version: v1\n labels:\n virtnest.io/os-family: Windows\n virtnest.io/os-version: '10'\n name: windows10\n namespace: default\nspec:\n dataVolumeTemplates:\n # Create multiple PVC (disks) for system disk\n - metadata:\n name: win10-system\n namespace: default\n spec:\n pvc:\n accessModes:\n - ReadWriteOnce\n resources:\n requests:\n storage: 32Gi\n storageClassName: local-path\n source:\n blank: {}\n running: true\n template:\n metadata:\n labels:\n app: windows10\n version: v1\n kubevirt.io/domain: windows10\n spec:\n architecture: amd64\n domain:\n cpu:\n cores: 8\n sockets: 1\n threads: 1\n devices:\n disks:\n - bootOrder: 1\n # Use sata without virtio driver\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0cdrom:\n bus: sata\n name: win10-system\n # Use sata for ISO\n - bootOrder: 2\n cdrom:\n bus: sata\n name: iso-win10\n interfaces:\n - name: default\n masquerade: {}\n machine:\n type: q35\n resources:\n requests:\n memory: 8G\n networks:\n - name: default\n pod: {}\n volumes:\n - name: iso-win10\n persistentVolumeClaim:\n claimName: iso-win10\n - name: win10-system\n persistentVolumeClaim:\n claimName: win10-system\n
For Windows virtual machines, remote desktop control access is often required. It is recommended to use Microsoft Remote Desktop to control your virtual machine.
Note
Adding a data disk to a Windows virtual machine follows the same process as adding one to a Linux virtual machine. You can refer to the provided YAML example for guidance.
apiVersion: kubevirt.io/v1\n kind: VirtualMachine\n <...>\n spec:\n dataVolumeTemplates:\n # Add a data disk\n - metadata:\n name: win10-disk\n namespace: default\n spec:\n pvc:\n accessModes:\n - ReadWriteOnce\n resources:\n requests:\n storage: 16Gi\n storageClassName: hwameistor-storage-lvm-hdd\n source:\n blank: {}\n template:\n spec:\n domain:\n devices:\n disks:\n - bootOrder: 1\n disk:\n bus: virtio\n name: win10-system\n # Add a data disk\n - bootOrder: 2\n disk:\n bus: virtio\n name: win10-disk\n <....>\n volumes:\n <....>\n # Add a data disk\n - name: win10-disk\n persistentVolumeClaim:\n claimName: win10-disk\n
"},{"location":"en/admin/virtnest/best-practice/vm-windows.html#snapshots-cloning-live-migration","title":"Snapshots, Cloning, Live Migration","text":"These capabilities are consistent with Linux virtual machines and can be configured using the same methods.
"},{"location":"en/admin/virtnest/best-practice/vm-windows.html#access-your-windows-virtual-machine","title":"Access Your Windows Virtual Machine","text":"After successful creation, access the virtual machine list page to confirm that the virtual machine is running properly.
Click the console access (VNC) to access it successfully.
This page will explain the prerequisites for configuring GPU when creating a virtual machine.
The key to configuring GPU for virtual machines is to configure the GPU Operator to deploy different software components on the worker nodes, depending on the GPU workload configuration. Here are three example nodes:
The worker nodes can run GPU-accelerated containers, virtual machines with GPU passthrough, or virtual machines with vGPU. However, a combination of any of these is not supported.
To enable GPU passthrough, the cluster nodes need to have IOMMU enabled. Refer to How to Enable IOMMU. If your cluster is running on a virtual machine, please consult your virtual machine platform provider.
"},{"location":"en/admin/virtnest/gpu/vm-gpu.html#label-the-cluster-nodes","title":"Label the Cluster Nodes","text":"Go to Container Management, select your worker cluster, click Node Management, and then click Modify Labels in the action bar to add labels to the nodes. Each node can only have one label.
You can assign the following values to the labels: container, vm-passthrough, and vm-vgpu.
"},{"location":"en/admin/virtnest/gpu/vm-gpu.html#install-nvidia-operator","title":"Install Nvidia Operator","text":"Go to Container Management, select your worker cluster, click Helm Apps -> Helm Chart , and choose and install gpu-operator. Modify the relevant fields in the yaml.
gpu-operator.sandboxWorkloads.enabled=true\ngpu-operator.vfioManager.enabled=true\ngpu-operator.sandboxDevicePlugin.enabled=true\ngpu-operator.sandboxDevicePlugin.version=v1.2.4 // version should be >= v1.2.4\ngpu-operator.toolkit.version=v1.14.3-ubuntu20.04\n
Wait for the installation to succeed, as shown in the following image:
Install virtnest-agent, refer to Install virtnest-agent.
Add vGPU and GPU passthrough to the Virtnest Kubevirt CR. The following example shows the relevant yaml after adding vGPU and GPU passthrough:
spec:\n configuration:\n developerConfiguration:\n featureGates:\n - GPU\n - DisableMDEVConfiguration\n permittedHostDevices: # (1)!\n mediatedDevices: # (2)!\n - mdevNameSelector: GRID P4-1Q\n resourceName: nvidia.com /GRID_P4-1Q\n pciHostDevices: # (3)!\n - externalResourceProvider: true\n pciVendorSelector: 10DE:1BB3\n resourceName: nvidia.com /GP104GL_TESLA_P4\n
In the kubevirt CR yaml, permittedHostDevices
is used to import VM devices. For vGPU, mediatedDevices needs to be added, with the following structure:
mediatedDevices: \n- mdevNameSelector: GRID P4-1Q # (1)!\n resourceName: nvidia.com/GRID_P4-1Q # (2)!\n
For GPU passthrough, pciHostDevices needs to be added under permittedHostDevices
, with the following structure:
pciHostDevices: \n- externalResourceProvider: true # (1)!\n pciVendorSelector: 10DE:1BB3 # (2)!\n resourceName: nvidia.com/GP104GL_TESLA_P4 # (3)!\n
Example of obtaining vGPU information (only applicable to vGPU): View the node information on the node marked as nvidia.com/gpu.workload.config=vm-gpu
, such as work-node-2
, in the Capacity section, nvidia.com/GRID_P4-1Q: 8
indicates the available vGPU:
kubectl describe node work-node-2\n
Capacity:\n cpu: 64\n devices.kubevirt.io/kvm: 1k\n devices.kubevirt.io/tun: 1k\n devices.kubevirt.io/vhost-net: 1k\n ephemeral-storage: 102626232Ki\n hugepages-1Gi: 0\n hugepages-2Mi: 0\n memory: 264010840Ki\n nvidia.com/GRID_P4-1Q : 8\n pods: 110\nAllocatable:\n cpu: 64\n devices.kubevirt.io/kvm: 1k\n devices.kubevirt.io/tun: 1k\n devices.kubevirt.io/vhost-net: 1k\n ephemeral-storage: 94580335255\n hugepages-1Gi: 0\n hugepages-2Mi: 0\n memory: 263908440Ki\n nvidia.com/GRID_P4-1Q: 8\n pods: 110\n
In this case, the mdevNameSelector should be \"GRID P4-1Q\" and the resourceName should be \"GRID_P4-1Q\".
Get GPU passthrough information: On the node marked as nvidia.com/gpu.workload.config=vm-passthrough
(work-node-1 in this example), view the node information. In the Capacity section, nvidia.com/GP104GL_TESLA_P4: 2
represents the available vGPU:
kubectl describe node work-node-1\n
Capacity:\n cpu: 64\n devices.kubevirt.io/kvm: 1k\n devices.kubevirt.io/tun: 1k\n devices.kubevirt.io/vhost-net: 1k\n ephemeral-storage: 102626232Ki\n hugepages-1Gi: 0\n hugepages-2Mi: 0\n memory: 264010840Ki\n nvidia.com/GP104GL_TESLA_P4: 2\n pods: 110\nAllocatable:\n cpu: 64\n devices.kubevirt.io/kvm: 1k\n devices.kubevirt.io/tun: 1k\n devices.kubevirt.io/vhost-net: 1k\n ephemeral-storage: 94580335255\n hugepages-1Gi: 0\n hugepages-2Mi: 0\n memory: 263908440Ki\n nvidia.com/GP104GL_TESLA_P4: 2\n pods: 110\n
The resourceName should be \"GRID_P4-1Q\". How to obtain the pciVendorSelector? Use SSH to log in to the target node work-node-1 and use the lspci -nnk -d 10de:
command to obtain the Nvidia GPU PCI information, as shown below: The red box indicates the pciVendorSelector information.
Edit the kubevirt CR note: If there are multiple GPUs of the same model, you only need to write one in the CR, there is no need to list every GPU.
kubectl -n virtnest-system edit kubevirt kubevirt\n
spec:\n configuration:\n developerConfiguration:\n featureGates:\n - GPU\n - DisableMDEVConfiguration\n permittedHostDevices: # (1)!\n mediatedDevices: # (2)!\n - mdevNameSelector: GRID P4-1Q\n resourceName: nvidia.com/GRID_P4-1Q\n pciHostDevices: # (3)!\n - externalResourceProvider: true\n pciVendorSelector: 10DE:1BB3\n resourceName: nvidia.com/GP104GL_TESLA_P4 \n
The only difference from a regular virtual machine is adding GPU-related information in the devices section.
Click to view the complete YAMLapiVersion: kubevirt.io/v1\nkind: VirtualMachine\nmetadata:\n name: testvm-gpu1\n namespace: default\nspec:\n dataVolumeTemplates:\n - metadata:\n creationTimestamp: null\n name: systemdisk-testvm-gpu1\n namespace: default\n spec:\n pvc:\n accessModes:\n - ReadWriteOnce\n resources:\n requests:\n storage: 10Gi\n storageClassName: www\n source:\n registry:\n url: docker://release-ci.daocloud.io/virtnest/system-images/debian-12-x86_64:v1\nrunStrategy: Manual\ntemplate:\n metadata:\n creationTimestamp: null\n spec:\n domain:\n cpu:\n cores: 1\n sockets: 1\n threads: 1\n devices:\n disks:\n - bootOrder: 1\n disk:\n bus: virtio\n name: systemdisk-testvm-gpu1\n - disk:\n bus: virtio\n name: cloudinitdisk\n gpus:\n - deviceName: nvidia.com/GP104GL_TESLA_P4\n name: gpu-0-0\n - deviceName: nvidia.com/GP104GL_TESLA_P4\n name: gpu-0-1\n interfaces:\n - masquerade: {}\n name: default\n machine:\n type: q35\n resources:\n requests:\n memory: 2Gi\n networks:\n - name: default\n pod: {}\n volumes:\n - dataVolume:\n name: systemdisk-testvm-gpu1\n name: systemdisk-testvm-gpu1\n - cloudInitNoCloud:\n userDataBase64: I2Nsb3VkLWNvbmZpZwpzc2hfcHdhdXRoOiB0cnVlCmRpc2FibGVfcm9vdDogZmFsc2UKY2hwYXNzd2Q6IHsibGlzdCI6ICJyb290OmRhbmdlcm91cyIsIGV4cGlyZTogRmFsc2V9CgoKcnVuY21kOgogIC0gc2VkIC1pICIvI1w/UGVybWl0Um9vdExvZ2luL3MvXi4qJC9QZXJtaXRSb290TG9naW4geWVzL2ciIC9ldGMvc3NoL3NzaGRfY29uZmlnCiAgLSBzeXN0ZW1jdGwgcmVzdGFydCBzc2guc2VydmljZQ==\n name: cloudinitdisk\n
"},{"location":"en/admin/virtnest/gpu/vm-vgpu.html","title":"Configure GPU (vGPU) for Virtual Machines","text":"This page will explain the prerequisites for configuring GPU when creating a virtual machine.
The key to configuring GPU for virtual machines is to configure the GPU Operator to deploy different software components on the worker nodes, depending on the GPU workload configuration. Here are three example nodes:
The worker nodes can run GPU-accelerated containers, virtual machines with GPU passthrough, or virtual machines with vGPU. However, a combination of any of these is not supported.
To enable GPU passthrough, the cluster nodes need to have IOMMU enabled. Please refer to How to Enable IOMMU. If your cluster is running on a virtual machine, please consult your virtual machine platform provider.
"},{"location":"en/admin/virtnest/gpu/vm-vgpu.html#build-vgpu-manager-image","title":"Build vGPU Manager Image","text":"Note: This step is only required when using NVIDIA vGPU. If you plan to use GPU passthrough only, skip this section.
Follow these steps to build the vGPU Manager image and push it to the container registry:
Download the vGPU software from the NVIDIA Licensing Portal.
NVIDIA-Linux-x86_64-<version>-vgpu-kvm.run
).Open a terminal and clone the container-images/driver repository.
git clone https://gitlab.com/nvidia/container-images/driver cd driver\n
Switch to the vgpu-manager directory proper to your operating system.
cd vgpu-manager/<your-os>\n
Copy the .run file extracted in step 1 to the current directory.
cp <local-driver-download-directory>/*-vgpu-kvm.run ./\n
Set the environment variables.
export PRIVATE_REGISTRY=my/private/registry VERSION=510.73.06 OS_TAG=ubuntu22.04 CUDA_VERSION=12.2.0\n
Build the NVIDIA vGPU Manager Image.
docker build \\\n --build-arg DRIVER_VERSION=${VERSION} \\\n --build-arg CUDA_VERSION=${CUDA_VERSION} \\\n -t ${PRIVATE_REGISTRY}``/vgpu-manager``:${VERSION}-${OS_TAG} .\n
Push the NVIDIA vGPU Manager image to your container registry.
docker push ${PRIVATE_REGISTRY}/vgpu-manager:${VERSION}-${OS_TAG}\n
Go to Container Management, select your worker cluster, click Node Management, and then click Modify Labels in the action bar to add labels to the nodes. Each node can only have one label.
You can assign the following values to the labels: container, vm-passthrough, and vm-vgpu.
"},{"location":"en/admin/virtnest/gpu/vm-vgpu.html#install-nvidia-operator","title":"Install Nvidia Operator","text":"Go to Container Management, select your worker cluster, click Helm Apps -> Helm Chart, and choose and install gpu-operator. Modify the relevant fields in the yaml.
gpu-operator.sandboxWorkloads.enabled=true\ngpu-operator.vgpuManager.enabled=true\ngpu-operator.vgpuManager.repository=<your-register-url> # (1)!\ngpu-operator.vgpuManager.image=vgpu-manager\ngpu-operator.vgpuManager.version=<your-vgpu-manager-version> # (2)!\ngpu-operator.vgpuDeviceManager.enabled=true\n
Wait for the installation to succeed, as shown in the following image:
Install virtnest-agent, refer to Install virtnest-agent.
Add vGPU and GPU passthrough to the Virtnest Kubevirt CR. The following example shows the relevant yaml after adding vGPU and GPU passthrough:
spec:\n configuration:\n developerConfiguration:\n featureGates:\n - GPU\n - DisableMDEVConfiguration\n permittedHostDevices: # (1)!\n mediatedDevices: # (2)!\n - mdevNameSelector: GRID P4-1Q\n resourceName: nvidia.com /GRID_P4-1Q\n pciHostDevices: # (3)!\n - externalResourceProvider: true\n pciVendorSelector: 10DE:1BB3\n resourceName: nvidia.com /GP104GL_TESLA_P4\n
In the kubevirt CR yaml, permittedHostDevices
is used to import VM devices. For vGPU, mediatedDevices needs to be added, with the following structure:
mediatedDevices: \n- mdevNameSelector: GRID P4-1Q # (1)!\n resourceName: nvidia.com/GRID_P4-1Q # (2)!\n
For GPU passthrough, pciHostDevices needs to be added under permittedHostDevices
, with the following structure:
pciHostDevices: \n- externalResourceProvider: true # (1)!\n pciVendorSelector: 10DE:1BB3 # (2)!\n resourceName: nvidia.com/GP104GL_TESLA_P4 # (3)!\n
Example of obtaining vGPU information (only applicable to vGPU): View the node information on the node marked as nvidia.com/gpu.workload.config=vm-gpu
, such as work-node-2
, in the Capacity section, nvidia.com/GRID_P4-1Q: 8
indicates the available vGPU:
kubectl describe node work-node-2\n
Capacity:\n cpu: 64\n devices.kubevirt.io/kvm: 1k\n devices.kubevirt.io/tun: 1k\n devices.kubevirt.io/vhost-net: 1k\n ephemeral-storage: 102626232Ki\n hugepages-1Gi: 0\n hugepages-2Mi: 0\n memory: 264010840Ki\n nvidia.com/GRID_P4-1Q : 8\n pods: 110\nAllocatable:\n cpu: 64\n devices.kubevirt.io/kvm: 1k\n devices.kubevirt.io/tun: 1k\n devices.kubevirt.io/vhost-net: 1k\n ephemeral-storage: 94580335255\n hugepages-1Gi: 0\n hugepages-2Mi: 0\n memory: 263908440Ki\n nvidia.com/GRID_P4-1Q: 8\n pods: 110\n
In this case, the mdevNameSelector should be \"GRID P4-1Q\" and the resourceName should be \"GRID_P4-1Q\".
Get GPU passthrough information: On the node marked as nvidia.com/gpu.workload.config=vm-passthrough
(work-node-1 in this example), view the node information. In the Capacity section, nvidia.com/GP104GL_TESLA_P4: 2
represents the available vGPU:
kubectl describe node work-node-1\n
Capacity:\n cpu: 64\n devices.kubevirt.io/kvm: 1k\n devices.kubevirt.io/tun: 1k\n devices.kubevirt.io/vhost-net: 1k\n ephemeral-storage: 102626232Ki\n hugepages-1Gi: 0\n hugepages-2Mi: 0\n memory: 264010840Ki\n nvidia.com/GP104GL_TESLA_P4: 2\n pods: 110\nAllocatable:\n cpu: 64\n devices.kubevirt.io/kvm: 1k\n devices.kubevirt.io/tun: 1k\n devices.kubevirt.io/vhost-net: 1k\n ephemeral-storage: 94580335255\n hugepages-1Gi: 0\n hugepages-2Mi: 0\n memory: 263908440Ki\n nvidia.com/GP104GL_TESLA_P4: 2\n pods: 110\n
The resourceName should be \"GRID_P4-1Q\". How to obtain the pciVendorSelector? SSH into the target node work-node-1 and use the lspci -nnk -d 10de:
command to obtain the Nvidia GPU PCI information, as shown below: The red box indicates the pciVendorSelector information.
Edit the kubevirt CR note: If there are multiple GPUs of the same model, you only need to write one in the CR, there is no need to list every GPU.
kubectl -n virtnest-system edit kubevirt kubevirt\n
spec:\n configuration:\n developerConfiguration:\n featureGates:\n - GPU\n - DisableMDEVConfiguration\n permittedHostDevices: # (1)!\n mediatedDevices: # (2)!\n - mdevNameSelector: GRID P4-1Q\n resourceName: nvidia.com/GRID_P4-1Q\n pciHostDevices: # (3)!\n - externalResourceProvider: true\n pciVendorSelector: 10DE:1BB3\n resourceName: nvidia.com/GP104GL_TESLA_P4 \n
The only difference from a regular virtual machine is adding the gpu-related information in the devices section.
Click to view the complete YAMLapiVersion: kubevirt.io/v1\nkind: VirtualMachine\nmetadata:\n name: testvm-gpu1\n namespace: default\nspec:\n dataVolumeTemplates:\n - metadata:\n creationTimestamp: null\n name: systemdisk-testvm-gpu1\n namespace: default\n spec:\n pvc:\n accessModes:\n - ReadWriteOnce\n resources:\n requests:\n storage: 10Gi\n storageClassName: www\n source:\n registry:\n url: docker://release-ci.daocloud.io/virtnest/system-images/debian-12-x86_64:v1\nrunStrategy: Manual\ntemplate:\n metadata:\n creationTimestamp: null\n spec:\n domain:\n cpu:\n cores: 1\n sockets: 1\n threads: 1\n devices:\n disks:\n - bootOrder: 1\n disk:\n bus: virtio\n name: systemdisk-testvm-gpu1\n - disk:\n bus: virtio\n name: cloudinitdisk\n gpus:\n - deviceName: nvidia.com/GP104GL_TESLA_P4\n name: gpu-0-0\n - deviceName: nvidia.com/GP104GL_TESLA_P4\n name: gpu-0-1\n interfaces:\n - masquerade: {}\n name: default\n machine:\n type: q35\n resources:\n requests:\n memory: 2Gi\n networks:\n - name: default\n pod: {}\n volumes:\n - dataVolume:\n name: systemdisk-testvm-gpu1\n name: systemdisk-testvm-gpu1\n - cloudInitNoCloud:\n userDataBase64: I2Nsb3VkLWNvbmZpZwpzc2hfcHdhdXRoOiB0cnVlCmRpc2FibGVfcm9vdDogZmFsc2UKY2hwYXNzd2Q6IHsibGlzdCI6ICJyb290OmRhbmdlcm91cyIsIGV4cGlyZTogRmFsc2V9CgoKcnVuY21kOgogIC0gc2VkIC1pICIvI1w/UGVybWl0Um9vdExvZ2luL3MvXi4qJC9QZXJtaXRSb290TG9naW4geWVzL2ciIC9ldGMvc3NoL3NzaGRfY29uZmlnCiAgLSBzeXN0ZW1jdGwgcmVzdGFydCBzc2guc2VydmljZQ==\n name: cloudinitdisk\n
"},{"location":"en/admin/virtnest/install/index.html","title":"Install Virtual Machine Module","text":"This page explains how to install the virtual machine module.
Info
The term virtnest appearing in the following commands or scripts is the internal development code name for the Virtual Machine module.
"},{"location":"en/admin/virtnest/install/index.html#configure-helm-repo","title":"Configure Helm Repo","text":"Helm-charts repository address: https://release.daocloud.io/harbor/projects/10/helm-charts/virtnest/versions
helm repo add virtnest-release https://release.daocloud.io/chartrepo/virtnest\nhelm repo update virtnest-release\n
If you want to experience the latest development version of virtnest, then please add the following repository address (the development version of virtnest is extremely unstable).
helm repo add virtnest-release-ci https://release-ci.daocloud.io/chartrepo/virtnest\nhelm repo update virtnest-release-ci\n
"},{"location":"en/admin/virtnest/install/index.html#choose-a-version-that-you-want-to-install","title":"Choose a Version that You Want to Install","text":"It is recommended to install the latest version.
[root@master ~]# helm search repo virtnest-release/virtnest --versions\nNAME CHART VERSION APP VERSION DESCRIPTION\nvirtnest-release/virtnest 0.6.0 v0.6.0 A Helm chart for virtnest\n
"},{"location":"en/admin/virtnest/install/index.html#create-a-namespace","title":"Create a Namespace","text":"kubectl create namespace virtnest-system\n
"},{"location":"en/admin/virtnest/install/index.html#perform-installation-steps","title":"Perform Installation Steps","text":"helm install virtnest virtnest-release/virtnest -n virtnest-system --version 0.6.0\n
"},{"location":"en/admin/virtnest/install/index.html#upgrade","title":"Upgrade","text":""},{"location":"en/admin/virtnest/install/index.html#update-the-virtnest-helm-repository","title":"Update the virtnest Helm Repository","text":"helm repo update virtnest-release\n
"},{"location":"en/admin/virtnest/install/index.html#back-up-the-set-parameters","title":"Back up the --set Parameters","text":"Before upgrading the virtnest version, we recommend executing the following command to backup the --set parameters of the previous version
helm get values virtnest -n virtnest-system -o yaml > bak.yaml\n
"},{"location":"en/admin/virtnest/install/index.html#perform-helm-upgrade","title":"Perform Helm Upgrade","text":"helm upgrade virtnest virtnest-release/virtnest \\\n -n virtnest-system \\\n -f ./bak.yaml \\\n --version 0.6.0\n
"},{"location":"en/admin/virtnest/install/index.html#delete","title":"Delete","text":"helm delete virtnest -n virtnest-system\n
"},{"location":"en/admin/virtnest/install/install-dependency.html","title":"Dependencies and Prerequisites","text":"This page explains the dependencies and prerequisites for installing virtual machine.
Info
The term virtnest mentioned in the commands or scripts below is the internal development codename for the Global Management module.
"},{"location":"en/admin/virtnest/install/install-dependency.html#prerequisites","title":"Prerequisites","text":""},{"location":"en/admin/virtnest/install/install-dependency.html#kernel-version-being-above-v411","title":"Kernel version being above v4.11","text":"The kernel version of all nodes in the target cluster needs to be higher than v4.11. For detail information, see kubevirt issue. Run the following command to see the version:
uname -a\n
Example output:
Linux master 6.5.3-1.el7.elrepo.x86_64 #1 SMP PREEMPT_DYNAMIC Wed Sep 13 11:46:28 EDT 2023 x86_64 x86_64 x86_64 GNU/Linux\n
"},{"location":"en/admin/virtnest/install/install-dependency.html#cpu-supporting-x86-64-v2-instruction-set-or-higher","title":"CPU supporting x86-64-v2 instruction set or higher","text":"You can use the following script to check if the current node's CPU is usable:
Note
If you encounter a message like the one shown below, you can safely ignore it as it does not impact the final result.
\u793a\u4f8b$ sh detect-cpu.sh\ndetect-cpu.sh: line 3: fpu: command not found\n
cat <<EOF > detect-cpu.sh\n#!/bin/sh -eu\n\nflags=$(cat /proc/cpuinfo | grep flags | head -n 1 | cut -d: -f2)\n\nsupports_v2='awk \"/cx16/&&/lahf/&&/popcnt/&&/sse4_1/&&/sse4_2/&&/ssse3/ {found=1} END {exit !found}\"'\nsupports_v3='awk \"/avx/&&/avx2/&&/bmi1/&&/bmi2/&&/f16c/&&/fma/&&/abm/&&/movbe/&&/xsave/ {found=1} END {exit !found}\"'\nsupports_v4='awk \"/avx512f/&&/avx512bw/&&/avx512cd/&&/avx512dq/&&/avx512vl/ {found=1} END {exit !found}\"'\n\necho \"$flags\" | eval $supports_v2 || exit 2 && echo \"CPU supports x86-64-v2\"\necho \"$flags\" | eval $supports_v3 || exit 3 && echo \"CPU supports x86-64-v3\"\necho \"$flags\" | eval $supports_v4 || exit 4 && echo \"CPU supports x86-64-v4\"\nEOF\nchmod +x detect-cpu.sh\nsh detect-cpu.sh\n
"},{"location":"en/admin/virtnest/install/install-dependency.html#all-nodes-having-hardware-virtualization-nested-virtualization-enabled","title":"All Nodes having hardware virtualization (nested virtualization) enabled","text":"Run the following command to check if it has been achieved:
virt-host-validate qemu\n
# Successful case\nQEMU: Checking for hardware virtualization : PASS\nQEMU: Checking if device /dev/kvm exists : PASS\nQEMU: Checking if device /dev/kvm is accessible : PASS\nQEMU: Checking if device /dev/vhost-net exists : PASS\nQEMU: Checking if device /dev/net/tun exists : PASS\nQEMU: Checking for cgroup 'cpu' controller support : PASS\nQEMU: Checking for cgroup 'cpuacct' controller support : PASS\nQEMU: Checking for cgroup 'cpuset' controller support : PASS\nQEMU: Checking for cgroup 'memory' controller support : PASS\nQEMU: Checking for cgroup 'devices' controller support : PASS\nQEMU: Checking for cgroup 'blkio' controller support : PASS\nQEMU: Checking for device assignment IOMMU support : PASS\nQEMU: Checking if IOMMU is enabled by kernel : PASS\nQEMU: Checking for secure guest support : WARN (Unknown if this platform has Secure Guest support)\n\n# Failure case\nQEMU: Checking for hardware virtualization : FAIL (Only emulated CPUs are available, performance will be significantly limited)\nQEMU: Checking if device /dev/vhost-net exists : PASS\nQEMU: Checking if device /dev/net/tun exists : PASS\nQEMU: Checking for cgroup 'memory' controller support : PASS\nQEMU: Checking for cgroup 'memory' controller mount-point : PASS\nQEMU: Checking for cgroup 'cpu' controller support : PASS\nQEMU: Checking for cgroup 'cpu' controller mount-point : PASS\nQEMU: Checking for cgroup 'cpuacct' controller support : PASS\nQEMU: Checking for cgroup 'cpuacct' controller mount-point : PASS\nQEMU: Checking for cgroup 'cpuset' controller support : PASS\nQEMU: Checking for cgroup 'cpuset' controller mount-point : PASS\nQEMU: Checking for cgroup 'devices' controller support : PASS\nQEMU: Checking for cgroup 'devices' controller mount-point : PASS\nQEMU: Checking for cgroup 'blkio' controller support : PASS\nQEMU: Checking for cgroup 'blkio' controller mount-point : PASS\nWARN (Unknown if this platform has IOMMU support)\n
Install virt-host-validate:
On CentOSOn Ubuntuyum install -y qemu-kvm libvirt virt-install bridge-utils\n
apt install qemu-kvm libvirt-daemon-system libvirt-clients bridge-utils\n
Methods to enable hardware virtualization
Methods vary from platforms, and this page takes vsphere as an example. See vmware website.
If Docker Engine is used as the container runtime, it must be higher than v20.10.10.
"},{"location":"en/admin/virtnest/install/install-dependency.html#enabling-iommu-is-recommended","title":"Enabling IOMMU is recommended","text":"To prepare for future functions, it is recommended to enable IOMMU.
"},{"location":"en/admin/virtnest/install/offline-install.html","title":"Offline Upgrade of the Virtual Machine Module","text":"This page explains how to install or upgrade the Virtual Machine module after downloading it from the Download Center.
Info
The term \"virtnest\" appearing in the following commands or scripts is the internal development code name for the Virtual Machine module.
"},{"location":"en/admin/virtnest/install/offline-install.html#load-images-from-the-installation-package","title":"Load Images from the Installation Package","text":"You can load the images using one of the following two methods. When there is an container registry available in your environment, it is recommended to choose the chart-syncer method for synchronizing the images to the container registry, as it is more efficient and convenient.
"},{"location":"en/admin/virtnest/install/offline-install.html#synchronize-images-to-the-container-registry-using-chart-syncer","title":"Synchronize Images to the container registry using chart-syncer","text":"Create load-image.yaml file.
Note
All parameters in this YAML file are mandatory. You need a private container registry and modify the relevant configurations.
Chart Repo InstalledChart Repo Not InstalledIf the chart repo is already installed in your environment, chart-syncer also supports exporting the chart as a tgz file.
load-image.yamlsource:\n intermediateBundlesPath: virtnest-offline # (1)\ntarget:\n containerRegistry: 10.16.10.111 # (2)\n containerRepository: release.daocloud.io/virtnest # (3)\n repo:\n kind: HARBOR # (4)\n url: http://10.16.10.111/chartrepo/release.daocloud.io # (5)\n auth:\n username: \"admin\" # (6)\n password: \"Harbor12345\" # (7)\n containers:\n auth:\n username: \"admin\" # (8)\n password: \"Harbor12345\" # (9)\n
If the chart repo is not installed in your environment, chart-syncer also supports exporting the chart as a tgz file and storing it in the specified path.
load-image.yamlsource:\n intermediateBundlesPath: virtnest-offline # (1)\ntarget:\n containerRegistry: 10.16.10.111 # (2)\n containerRepository: release.daocloud.io/virtnest # (3)\n repo:\n kind: LOCAL\n path: ./local-repo # (4)\n containers:\n auth:\n username: \"admin\" # (5)\n password: \"Harbor12345\" # (6)\n
Run the command to synchronize the images.
charts-syncer sync --config load-image.yaml\n
Unpack and load the image files.
Unpack the tar archive.
tar xvf virtnest.bundle.tar\n
After successful extraction, you will have three files:
Load the images from the local file to Docker or containerd.
Dockercontainerddocker load -i images.tar\n
ctr -n k8s.io image import images.tar\n
Note
Perform the Docker or containerd image loading operation on each node. After loading is complete, tag the images to match the Registry and Repository used during installation.
"},{"location":"en/admin/virtnest/install/offline-install.html#upgrade","title":"Upgrade","text":"There are two upgrade methods available. You can choose the appropriate upgrade method based on the prerequisites:
Upgrade via helm repoUpgrade via chart packageCheck if the Virtual Machine Helm repository exists.
helm repo list | grep virtnest\n
If the result is empty or shows the following message, proceed to the next step. Otherwise, skip the next step.
Error: no repositories to show\n
Add the Virtual Machine Helm repository.
helm repo add virtnest http://{harbor url}/chartrepo/{project}\n
Update the Virtual Machine Helm repository.
helm repo update virtnest # (1)\n
helm update repo
.Choose the version of the Virtual Machine you want to install (it is recommended to install the latest version).
helm search repo virtnest/virtnest --versions\n
[root@master ~]# helm search repo virtnest/virtnest --versions\nNAME CHART VERSION APP VERSION DESCRIPTION\nvirtnest/virtnest 0.2.0 v0.2.0 A Helm chart for virtnest\n...\n
Back up the --set
parameters.
Before upgrading the Virtual Machine version, it is recommended to run the following command to backup the --set
parameters of the previous version.
helm get values virtnest -n virtnest-system -o yaml > bak.yaml\n
Update the virtnest CRDs.
helm pull virtnest/virtnest --version 0.2.0 && tar -zxf virtnest-0.2.0.tgz\nkubectl apply -f virtnest/crds\n
Run helm upgrade
.
Before upgrading, it is recommended to replace the global.imageRegistry
field in bak.yaml with the current container registry address.
export imageRegistry={your container registry}\n
helm upgrade virtnest virtnest/virtnest \\\n -n virtnest-system \\\n -f ./bak.yaml \\\n --set global.imageRegistry=$imageRegistry \\\n --version 0.2.0\n
Back up the --set
parameters.
Before upgrading the Virtual Machine version, it is recommended to run the following command to backup the --set
parameters of the previous version.
helm get values virtnest -n virtnest-system -o yaml > bak.yaml\n
Update the virtnest CRDs.
kubectl apply -f ./crds\n
Run helm upgrade
.
Before upgrading, it is recommended to replace the global.imageRegistry
field in bak.yaml with the current container registry address.
export imageRegistry={your container registry}\n
helm upgrade virtnest . \\\n -n virtnest-system \\\n -f ./bak.yaml \\\n --set global.imageRegistry=$imageRegistry\n
This guide explains how to install the virtnest-agent in a cluster.
"},{"location":"en/admin/virtnest/install/virtnest-agent.html#prerequisites","title":"Prerequisites","text":"Before installing the virtnest-agent, the following prerequisite must be met:
To utilize the Virtual Machine (VM), the virtnest-agent component needs to be installed in the cluster using Helm.
Click Container Management in the left navigation menu, then click Virtual Machines . If the virtnest-agent component is not installed, you will not be able to use the VM. The interface will display a reminder for you to install within the required cluster.
Select the desired cluster, click Helm Apps in the left navigation menu, then click Helm Charts to view the template list.
Search for the virtnest-agent component, and click to the see details. Select the appropriate version and click Install button to install.
On the installation page, fill in the required information, and click OK to finish the installation.
Go back to the Virtual Machines in the navigation menu. If the installation is successful, you will see the VM list, and you can now use the VM.
This article will explain how to create a virtual machine using two methods: image and YAML file.
Virtual machine, based on KubeVirt, manages virtual machines as cloud native applications, seamlessly integrating with containers. This allows users to easily deploy virtual machine applications and enjoy a smooth experience similar to containerized applications.
"},{"location":"en/admin/virtnest/quickstart/index.html#prerequisites","title":"Prerequisites","text":"Before creating a virtual machine, make sure you meet the following prerequisites:
Follow the steps below to create a virtual machine using an image.
Click Container Management on the left navigation bar, then click Virtual Machines to enter the VM page.
On the virtual machine list page, click Create VMs and select Create with Image.
Fill the basic information, image settings, storage and network, login settings, and click OK at the bottom right corner to complete the creation.
The system will automatically return to the virtual machine list. By clicking the \u2507 button on the right side of the list, you can perform operations such as power on/off, restart, clone, update, create snapshots, console access (VNC), and delete virtual machines. Cloning and snapshot capabilities depend on the selected StorageClass.
In the Create VMs page, enter the information according to the table below and click Next.
Fill in the image-related information according to the table below, then click Next.
Image Source: Supports three types of sources.
The following are the built-in images provided by the platform, including the operating system, version, and the image URL. Custom virtual machine images are also supported.
Operating System Version Image Address CentOS CentOS 7.9 release-ci.daocloud.io/virtnest/system-images/centos-7.9-x86_64:v1 Ubuntu Ubuntu 22.04 release-ci.daocloud.io/virtnest/system-images/ubuntu-22.04-x86_64:v1 Debian Debian 12 release-ci.daocloud.io/virtnest/system-images/debian-12-x86_64:v1Image Secret: Only supports the default (Opaque) type of key, for specific operations you can refer to Create Secret.
The built-in image storage in the bootstrap cluster, and the container registry of the bootstrap cluster is not encrypted, so when selecting the built-in image, there is no need to select a secret.
Note
The hot-plug configuration for CPU and memory requires virtnest v0.10.0 or higher, and virtnest-agent v0.7.0 or higher.
Resource Config: For CPU, it is recommended to use whole numbers. If a decimal is entered, it will be rounded up. The hot-plug configuration for CPU and memory is supported.
GPU Configuration: Enabling GPU functionality requires meeting certain prerequisites. For details, refer to Configuring GPU for Virtual Machines (Nvidia). Virtual machines support two types of Nvidia GPUs: Nvidia-GPU and Nvidia-vGPU. After selecting the desired type, you will need to choose the proper GPU model and the number of cards.
Storage:
Storage is closely related to the function of the virtual machine. Mainly by using Kubernetes' persistent volumes and storage classes, it provides flexible and scalable virtual machine storage capabilities. For example, the virtual machine image is stored in the PVC, and it supports cloning, snapshotting, etc. with other data.
System Disk: The system automatically creates a VirtIO type rootfs system disk for storing the operating system and data.
Data Disk: The data disk is a storage device in the virtual machine used to store user data, application data, or other non-operating system related files. Compared with the system disk, the data disk is optional and can be dynamically added or removed as needed. The capacity of the data disk can also be flexibly configured according to demand.
Block storage is used by default. If you need to use the clone and snapshot functions, make sure that your storage pool has created the proper VolumeSnapshotClass, which you can refer to the following example. If you need to use the live migration function, make sure your storage supports and selects the ReadWriteMany access mode.
In most cases, the storage will not automatically create such a VolumeSnapshotClass during the installation process, so you need to manually create a VolumeSnapshotClass. The following is an example of HwameiStor creating a VolumeSnapshotClass:
kind: VolumeSnapshotClass\napiVersion: snapshot.storage.k8s.io/v1\nmetadata:\n name: hwameistor-storage-lvm-snapshot\n annotations:\n snapshot.storage.kubernetes.io/is-default-class: \"true\"\nparameters:\n snapsize: \"1073741824\"\ndriver: lvm.hwameistor.io\ndeletionPolicy: Delete\n
Run the following command to check if the VolumeSnapshotClass was created successfully.
kubectl get VolumeSnapshotClass\n
View the created Snapshotclass and confirm that the provisioner property is consistent with the Driver property in the storage pool.
Network:
Network setting can be combined as needed according to the table information.
Network Mode CNI Install Spiderpool Network Cards Fixed IP Live Migration Masquerade (NAT) Calico \u274c Single \u274c \u2705 Cilium \u274c Single \u274c \u2705 Flannel \u274c Single \u274c \u2705 Bridge OVS \u2705 Multiple \u2705 \u2705Network modes are divided into Masquerade (NAT) and Bridge, the latter mode need to be installed after the spiderpool component can be used.
Add Network Card
In addition to creating virtual machines using images, you can also create them more quickly using YAML files.
Go to the Virtual Machine list page and click the Create with YAML button.
Click to view an example YAML for creating a virtual machineapiVersion: kubevirt.io/v1\nkind: VirtualMachine\nmetadata:\n name: example\n namespace: default\nspec:\n dataVolumeTemplates:\n - metadata:\n name: systemdisk-example\n spec:\n pvc:\n accessModes:\n - ReadWriteOnce\n resources:\n requests:\n storage: 10Gi\n storageClassName: rook-ceph-block\n source:\n registry:\n url: >-\n docker://release-ci.daocloud.io/virtnest/system-images/centos-7.9-x86_64:v1\n runStrategy: Always\n template:\n spec:\n domain:\n cpu:\n cores: 1\n devices:\n disks:\n - disk:\n bus: virtio\n name: systemdisk-example\n - disk:\n bus: virtio\n name: cloudinitdisk\n interfaces:\n - masquerade: {}\n name: default\n machine:\n type: q35\n resources:\n requests:\n memory: 1Gi\n networks:\n - name: default\n pod: {}\n volumes:\n - dataVolume:\n name: systemdisk-example\n name: systemdisk-example\n
"},{"location":"en/admin/virtnest/quickstart/access.html","title":"Connect to Virtual Machines","text":"This article will introduce two methods for connecting to virtual machines: Console Access (VNC) and Terminal Access.
"},{"location":"en/admin/virtnest/quickstart/access.html#terminal-access","title":"Terminal Access","text":"Accessing virtual machines through the terminal provides more flexibility and lightweight access. However, it does not directly display the graphical interface, has limited interactivity, and does not support multiple concurrent terminal sessions.
Click Container Management in the left navigation bar, then click Virtual Machines to access the list page. Click the \u2507 button on the right side of the list to access the virtual machine via the terminal.
"},{"location":"en/admin/virtnest/quickstart/access.html#console-access-vnc","title":"Console Access (VNC)","text":"Accessing virtual machines through VNC allows you to access and control the full graphical interface of the remote computer. It provides a more interactive experience and allows intuitive operation of the remote device. However, it may have some performance impact, and it does not support multiple concurrent terminal sessions.
Choose VNC for Windows systems.
Click Container Management in the left navigation bar, then click Virtual Machines to access the list page. Click the \u2507 button on the right side of the list to access the virtual machine via Console Access (VNC).
"},{"location":"en/admin/virtnest/quickstart/detail.html","title":"Virtual Machine Details","text":"After successfully creating a virtual machine, you can enter the VM Detail page to view Basic Information, Settings, GPU Settings, Overview, Storage, Network, Snapshot and Event List.
Click Container Management in the left navigation bar, then click Clusters to enter the page of the cluster where the virtual machine is located. Click the VM Name to view the virtual machine details.
"},{"location":"en/admin/virtnest/quickstart/detail.html#basic-information","title":"Basic Information","text":"The basic information of VM includes Status, Alias, Cluster, Namespace, IP, Label, Annotation, Node, Username, Password, and Create Time.
Settings includes:
Bridge
or Masquerade(NAT)
.GPU Settings includes: GPU Type, GPU Model and GPU Counts
"},{"location":"en/admin/virtnest/quickstart/detail.html#other-information","title":"Other Information","text":"OverviewStorageNetworkSnapshotsEvent ListIt allows you to view its insight content. Please note that if insight-agent is not installed, overview information cannot be obtained.
It displays the storage used by the virtual machine, including information about the system disk and data disk.
It displays the network settings of the virtual machine, including Multus CR, NIC Name, IP Address and so on.
If you have created snapshots, this part will display relative information. Restoring the virtual machine from snapshots is supported.
The event list includes various state changes, operation records, and system messages during the lifecycle of the virtual machine.
"},{"location":"en/admin/virtnest/quickstart/nodeport.html","title":"Accessing Virtual Machine via NodePort","text":"This page explains how to access a virtual machine using NodePort.
"},{"location":"en/admin/virtnest/quickstart/nodeport.html#limitations-of-existing-access-methods","title":"Limitations of Existing Access Methods","text":"Virtual machines support access via VNC or console, but both methods have a limitation: they do not allow multiple terminals to be simultaneously online.
Using a NodePort-formatted Service can help solve this problem.
Using the Container Management Page
vm.kubevirt.io/name: your-vm-name
.After successful creation, you can access the virtual machine by using ssh username@nodeip -p port
.
Write the YAML file as follows:
apiVersion: v1\nkind: Service\nmetadata:\n name: test-ssh\nspec:\n ports:\n - name: tcp-ssh\n nodePort: 32090\n protocol: TCP\n port: 22\n targetPort: 22\n selector:\n vm.kubevirt.io/name: test-image-s3\n type: NodePort\n
Run the following command:
kubectl apply -f your-svc.yaml\n
After successful creation, you can access the virtual machine by using ssh username@nodeip -p 32090
.
This page is about how to update a virtual machine using both forms and YAML files.
"},{"location":"en/admin/virtnest/quickstart/update.html#prerequisite","title":"Prerequisite","text":"Before updating the CPU, memory, and data disks of the VM while it is powered on, the following prerequisite must be met:
On the virtual machine list page, click Update to enter the Update VM page.
"},{"location":"en/admin/virtnest/quickstart/update.html#basic-information","title":"Basic Information","text":"On this page, Alias , Label and Annotation can be updated, while other information cannot. After completing the updates, click Next to proceed to the Image Settings page.
"},{"location":"en/admin/virtnest/quickstart/update.html#image-settings","title":"Image Settings","text":"On this page, parameters such as Image Address, Operating System, and Version cannot be changed once selected. Users are allowed to update the GPU Quota, including enabling or disabling GPU support, selecting the GPU type, specifying the required model, and configuring the number of GPU. A restart is required for taking effect. After completing the updates, click Next to proceed to the Storage and Network page.
"},{"location":"en/admin/virtnest/quickstart/update.html#storage-and-network","title":"Storage and Network","text":"On the Storage and Network page, the StorageClass and PVC Mode for the System Disk cannot be changed once selected. You can increase Disk Capacity, but reducing it is not supported. And you can freely add or remove Data Disk. Network updates are not supported. After completing the updates, click Next to proceed to the Login Settings page.
Note
It is recommended to restart the virtual machine after modifying storage capacity or adding data disks to ensure the configuration takes effect.
"},{"location":"en/admin/virtnest/quickstart/update.html#login-settings","title":"Login Settings","text":"On the Login Settings page, Username, Password, and SSH cannot be changed once set. After confirming your login information is correct, click OK to complete the update process.
"},{"location":"en/admin/virtnest/quickstart/update.html#edit-yaml","title":"Edit YAML","text":"In addition to updating the virtual machine via forms, you can also quickly update it using a YAML file.
Go to the virtual machine list page and click the Edit YAML button.
"},{"location":"en/admin/virtnest/template/index.html","title":"Create Virtual Machines via Templates","text":"This guide explains how to create virtual machines using templates.
With internal templates and custom templates, users can easily create new virtual machines. Additionally, we provide the ability to convert existing virtual machines into templates, allowing users to manage and utilize resources more flexibly.
"},{"location":"en/admin/virtnest/template/index.html#create-with-template","title":"Create with Template","text":"Follow these steps to create a virtual machine using a template.
Click Container Management in the left navigation menu, then click Virtual Machines to access the Virtual Machine Management page. On the virtual machine list page, click Create Virtual Machine and select Create with Template .
On the template creation page, fill in the required information, including Basic Information, Template Config, Storage and Network, and Login Settings. Then, click OK in the bottom-right corner to complete the creation.
The system will automatically return to the virtual machine list. By clicking \u2507 on the right side of the list, you can perform operations such as power off/restart, clone, update, create snapshot, convert to template, console access (VNC), and delete. The ability to clone and create snapshots depends on the selected storage pool.
On the Create VMs page, enter the information according to the table below and click Next .
The template list will appear, and you can choose either an internal template or a custom template based on your needs.
Select an Internal Template: AI platform Virtual Machine provides several standard templates that cannot be edited or deleted. When selecting an internal template, the image source, operating system, image address, and other information will be based on the template and cannot be modified. GPU quota will also be based on the template but can be modified.
Select a Custom Template: These templates are created from virtual machine configurations and can be edited or deleted. When using a custom template, you can modify the image source and other information based on your specific requirements.
Storage: By default, the system creates a rootfs system disk of VirtIO type for storing the operating system and data. Block storage is used by default. If you need to use clone and snapshot functionality, make sure your storage pool supports the VolumeSnapshots feature and create it in the storage pool (SC). Please note that the storage pool (SC) has additional prerequisites that need to be met.
Prerequisites:
Supports adding one system disk and multiple data disks.
Network: If no configuration is made, the system will create a VirtIO type network by default.
This guide explains the usage of internal VM templates and custom VM templates.
Using both internal and custom templates, users can easily create new VMs. Additionally, we provide the ability to convert existing VMs into VM templates, allowing users to manage and utilize resources more flexibly.
"},{"location":"en/admin/virtnest/template/tep.html#vm-templates","title":"VM Templates","text":"Click Container Management in the left navigation menu, then click VM Template to access the VM Template page. If the template is converted from a virtual machine configured with a GPU, the template will also include GPU information and will be displayed in the template list.
Click the \u2507 on the right side of a template in the list. For internal templates, you can create VM and view YAML. For custom templates, you can create VM, edit YAML and delete template.
The platform provides CentOS and Ubuntu as templates.
Custom templates are created from VM configurations. The following steps explain how to convert a VM configuration into a template.
Click Container Management in the left navigation menu, then click Virtual Machines to access the list page. Click the \u2507 on the right side of a VM in the list to convert the configuration into a template. Only running or stopped VMs can be converted.
Provide a name for the new template. A notification will indicate that the original VM will be preserved and remain available. After a successful conversion, a new entry will be added to the template list.
After successfully creating a template, you can click the template name to view the details of the VM, including Basic Information, GPU Settings, Storage, Network, and more. If you need to quickly deploy a new VM based on that template, simply click the Create VM button in the upper right corner of the page for easy operation.
"},{"location":"en/admin/virtnest/vm/auto-migrate.html","title":"Automatic VM Drifting","text":"This article will explain how to seamlessly migrate running virtual machines to other nodes when a node in the cluster becomes inaccessible due to power outages or network failures, ensuring business continuity and data security.
Compared to automatic drifting, live migration requires you to manually initiate the migration process through the interface, rather than having the system automatically trigger it.
"},{"location":"en/admin/virtnest/vm/auto-migrate.html#prerequisites","title":"Prerequisites","text":"Before implementing automatic drifting, the following prerequisites must be met:
Check the status of the virtual machine launcher pod:
kubectl get pod\n
Check if the launcher pod is in a Terminating state.
Force delete the launcher pod:
If the launcher pod is in a Terminating state, you can force delete it with the following command:
kubectl delete <launcher pod> --force\n
Replace <launcher pod>
with the name of your launcher pod.
Wait for recreation and check the status:
After deletion, the system will automatically recreate the launcher pod. Wait for its status to become running, then refresh the virtual machine list to see if the VM has successfully migrated to the new node.
If using rook-ceph as storage, it needs to be configured in ReadWriteOnce mode:
After force deleting the pod, you need to wait approximately six minutes for the launcher pod to start, or you can immediately start the pod using the following commands:
kubectl get pv | grep <vm name>\nkubectl get VolumeAttachment | grep <pv name>\n
Replace <vm name>
and <pv name>
with your virtual machine name and persistent volume name.
Then delete the proper VolumeAttachment with the following command:
kubectl delete VolumeAttachment <vm>\n
Replace <vm>
with your virtual machine name.
This article will introduce how to clone a new cloud host.
Users can clone a new cloud host, which will have the same operating system and system configuration as the original cloud host. This enables quick deployment and scaling, allowing for the rapid creation of new cloud hosts with similar configurations without the need to install from scratch.
"},{"location":"en/admin/virtnest/vm/clone.html#prerequisites","title":"Prerequisites","text":"Before using the cloning feature, the following prerequisites must be met (which are the same as those for the snapshot feature):
Click__Container Management__ in the left navigation bar, then click__Cloud Hosts__ to enter the list page. Clickthe \u2507 on the right side of the list to perform snapshot operations on cloud hosts that are not in an error state.
A popup will appear, requiring you to fill in the name and description for the new cloud host being cloned. The cloning operation may take some time, depending on the size of the cloud host and storage performance.
After a successful clone, you can view the new cloud host in the cloud host list. The newly created cloud host will be in a powered-off state and will need to be manually powered on if required.
It is recommended to take a snapshot of the original cloud host before cloning. If you encounter issues during the cloning process, please check whether the prerequisites are met and try to execute the cloning operation again.
When creating a virtual machine using Object Storage (S3) as the image source, sometimes you need to fill in a secret to get through S3's verification. The following will introduce how to create a secret that meets the requirements of the virtual machine.
Click Container Management in the left navigation bar, then click Clusters , enter the details of the cluster where the virtual machine is located, click ConfigMaps & Secrets , select the Secrets , and click Create Secret .
Enter the creation page, fill in the secret name, select the namespace that is the same as the virtual machine, and note that you need to select the default type Opaque . The secret data needs to follow the following principles.
After successful creation, you can use the required secret when creating a virtual machine.
This feature currently does not have a UI, so you can follow the steps in the documentation.
"},{"location":"en/admin/virtnest/vm/cross-cluster-migrate.html#use-cases","title":"Use Cases","text":"Before performing migration of a VM across cluster, the following prerequisites must be met:
To activate the VMExport Feature Gate, run the following command in the original cluster. You can refer to How to activate a feature gate
kubectl edit kubevirt kubevirt -n virtnest-system\n
This command modifies the featureGates
to include VMExport
.
apiVersion: kubevirt.io/v1\nkind: KubeVirt\nmetadata:\n name: kubevirt\n namespace: virtnest-system\nspec:\n configuration:\n developerConfiguration:\n featureGates:\n - DataVolumes\n - LiveMigration\n - VMExport\n
"},{"location":"en/admin/virtnest/vm/cross-cluster-migrate.html#configure-ingress-for-the-original-cluster","title":"Configure Ingress for the Original Cluster","text":"Using Nginx Ingress as an example, configure Ingress to point to the virt-exportproxy
Service:
apiVersion: networking.k8s.io/v1\nkind: Ingress\nmetadata:\n name: ingress-vm-export\n namespace: virtnest-system\nspec:\n tls:\n - hosts:\n - upgrade-test.com\n secretName: nginx-tls\n rules:\n - host: upgrade-test.com\n http:\n paths:\n - path: /\n pathType: Prefix\n backend:\n service:\n name: virt-exportproxy\n port:\n number: 8443\n ingressClassName: nginx\n
"},{"location":"en/admin/virtnest/vm/cross-cluster-migrate.html#migration-steps","title":"Migration Steps","text":"Create a VirtualMachineExport CR.
If cold migration is performed while the VM is powered off :
apiVersion: v1\nkind: Secret\nmetadata:\n name: example-token # Export Token used by the VM\n namespace: default # Namespace where the VM resides\nstringData:\n token: 1234567890ab # Export the used Token (Modifiable)\n\n---\napiVersion: export.kubevirt.io/v1alpha1\nkind: VirtualMachineExport\nmetadata:\n name: example-export # Export name (Modifiable)\n namespace: default # Namespace where the VM resides\nspec:\n tokenSecretRef: example-token # Must match the name of the token created above\n source:\n apiGroup: \"kubevirt.io\"\n kind: VirtualMachine\n name: testvm # VM name\n
If hot migration is performed using a VM snapshot while the VM is powered on :
apiVersion: v1\nkind: Secret\nmetadata:\n name: example-token # Export Token used by VM\n namespace: default # Namespace where the VM resides\nstringData:\n token: 1234567890ab # Export the used Token (Modifiable)\n\n---\napiVersion: export.kubevirt.io/v1alpha1\nkind: VirtualMachineExport\nmetadata:\n name: export-snapshot # Export name (Modifiable)\n namespace: default # Namespace where the VM resides\nspec:\n tokenSecretRef: export-token # Must match the name of the token created above\n source:\n apiGroup: \"snapshot.kubevirt.io\"\n kind: VirtualMachineSnapshot\n name: export-snap-202407191524 # Name of the proper VM snapshot\n
Check if the VirtualMachineExport is ready:
# Replace example-export with the name of the created VirtualMachineExport\nkubectl get VirtualMachineExport example-export -n default\n\nNAME SOURCEKIND SOURCENAME PHASE\nexample-export VirtualMachine testvm Ready\n
Once the VirtualMachineExport is ready, export the VM YAML.
If virtctl is installed, you can use the following command to export the VM YAML:
# Replace example-export with the name of the created VirtualMachineExport\n# Specify the namespace with -n\nvirtctl vmexport download example-export --manifest --include-secret --output=manifest.yaml\n
If virtctl is not installed, you can use the following commands to export the VM YAML:
# Replace example-export with the name and namespace of the created VirtualMachineExport\nmanifesturl=$(kubectl get VirtualMachineExport example-export -n default -o=jsonpath='{.status.links.internal.manifests[0].url}')\nsecreturl=$(kubectl get VirtualMachineExport example-export -n default -o=jsonpath='{.status.links.internal.manifests[1].url}')\n# Replace with the secret name and namespace\ntoken=$(kubectl get secret example-token -n default -o=jsonpath='{.data.token}' | base64 -d)\n\ncurl -H \"Accept: application/yaml\" -H \"x-kubevirt-export-token: $token\" --insecure $secreturl > manifest.yaml\ncurl -H \"Accept: application/yaml\" -H \"x-kubevirt-export-token: $token\" --insecure $manifesturl >> manifest.yaml\n
Import VM.
Copy the exported manifest.yaml
to the target migration cluster and run the following command.(If the namespace does not exist, it need to be created in advance) :
kubectl apply -f manifest.yaml\n
After successfully creating a VM, you need to restart it. Once the VM is running successfully, the original VM need to be deleted in the original cluster (Do not delete the original VM if it has not started successfully). When configuring the liveness and readiness probes for a cloud host, the process is similar to that of Kubernetes configuration. This article will introduce how to configure health check parameters for a cloud host using YAML.
However, it is important to note that the configuration must be done when the cloud host has been successfully created and is in a powered-off state.
"},{"location":"en/admin/virtnest/vm/health-check.html#configuring-http-liveness-probe","title":"Configuring HTTP Liveness Probe","text":"livenessProbe.httpGet
in spec.template.spec
.Modify cloudInitNoCloud
to start an HTTP server.
apiVersion: kubevirt.io/v1\nkind: VirtualMachine\nmetadata:\n annotations:\n kubevirt.io/latest-observed-api-version: v1\n kubevirt.io/storage-observed-api-version: v1\n virtnest.io/alias-name: ''\n virtnest.io/image-secret: ''\n virtnest.io/image-source: docker\n virtnest.io/os-image: release-ci.daocloud.io/virtnest/system-images/ubuntu-22.04-x86_64:v1\n creationTimestamp: '2024-10-15T02:39:45Z'\n finalizers:\n - kubevirt.io/virtualMachineControllerFinalize\n generation: 1\n labels:\n virtnest.io/os-family: Ubuntu\n virtnest.io/os-version: '22.04'\n name: test-probe\n namespace: amamba-team\n resourceVersion: '254032135'\n uid: 6d92779d-7415-4721-8c7b-a2dde163d758\nspec:\n dataVolumeTemplates:\n - metadata:\n creationTimestamp: null\n name: test-probe-rootdisk\n namespace: amamba-team\n spec:\n pvc:\n accessModes:\n - ReadWriteOnce\n resources:\n requests:\n storage: 10Gi\n storageClassName: hwameistor-storage-lvm-hdd\n source:\n registry:\n url: >-\n docker://release-ci.daocloud.io/virtnest/system-images/ubuntu-22.04-x86_64:v1\n runStrategy: Halted\n template:\n metadata:\n creationTimestamp: null\n spec:\n architecture: amd64\n domain:\n cpu:\n cores: 1\n sockets: 1\n threads: 1\n devices:\n disks:\n - bootOrder: 1\n disk:\n bus: virtio\n name: rootdisk\n - disk:\n bus: virtio\n name: cloudinitdisk\n interfaces:\n - masquerade: {}\n name: default\n machine:\n type: q35\n memory:\n guest: 2Gi\n resources:\n requests:\n memory: 2Gi\n networks:\n - name: default\n pod: {}\n livenessProbe:\n initialDelaySeconds: 120\n periodSeconds: 20\n httpGet:\n port: 1500\n timeoutSeconds: 10\n volumes:\n - dataVolume:\n name: test-probe-rootdisk\n name: rootdisk\n - cloudInitNoCloud:\n userData: |\n #cloud-config\n ssh_pwauth: true\n disable_root: false\n chpasswd: {\"list\": \"root:dangerous\", expire: False}\n runcmd:\n - sed -i \"/#\\?PermitRootLogin/s/^.*$/PermitRootLogin yes/g\" /etc/ssh/sshd_config\n - systemctl restart ssh.service\n - dhclient -r && dhclient\n - apt-get update && apt-get install -y ncat\n - [\"systemd-run\", \"--unit=httpserver\", \"ncat\", \"-klp\", \"1500\", \"-e\", '/usr/bin/echo -e HTTP/1.1 200 OK\\nContent-Length: 12\\n\\nHello World!']\n name: cloudinitdisk\n
The configuration of userData
may vary depending on the operating system (such as Ubuntu/Debian or CentOS). The main differences are:
Package manager:
Ubuntu/Debian uses apt-get
as the package manager. CentOS uses yum
as the package manager.
SSH service restart command:
Ubuntu/Debian uses systemctl restart ssh.service
. CentOS uses systemctl restart sshd.service
(note that for CentOS 7 and earlier versions, it uses service sshd restart
).
Installed packages:
Ubuntu/Debian installs ncat
. CentOS installs nmap-ncat
(because ncat
may not be available in the default repository for CentOS).
Configure livenessProbe.tcpSocket
in spec.template.spec
.
apiVersion: kubevirt.io/v1\nkind: VirtualMachine\nmetadata:\n annotations:\n kubevirt.io/latest-observed-api-version: v1\n kubevirt.io/storage-observed-api-version: v1\n virtnest.io/alias-name: ''\n virtnest.io/image-secret: ''\n virtnest.io/image-source: docker\n virtnest.io/os-image: release-ci.daocloud.io/virtnest/system-images/ubuntu-22.04-x86_64:v1\n creationTimestamp: '2024-10-15T02:39:45Z'\n finalizers:\n - kubevirt.io/virtualMachineControllerFinalize\n generation: 1\n labels:\n virtnest.io/os-family: Ubuntu\n virtnest.io/os-version: '22.04'\n name: test-probe\n namespace: amamba-team\n resourceVersion: '254032135'\n uid: 6d92779d-7415-4721-8c7b-a2dde163d758\nspec:\n dataVolumeTemplates:\n - metadata:\n creationTimestamp: null\n name: test-probe-rootdisk\n namespace: amamba-team\n spec:\n pvc:\n accessModes:\n - ReadWriteOnce\n resources:\n requests:\n storage: 10Gi\n storageClassName: hwameistor-storage-lvm-hdd\n source:\n registry:\n url: >-\n docker://release-ci.daocloud.io/virtnest/system-images/ubuntu-22.04-x86_64:v1\n runStrategy: Halted\n template:\n metadata:\n creationTimestamp: null\n spec:\n architecture: amd64\n domain:\n cpu:\n cores: 1\n sockets: 1\n threads: 1\n devices:\n disks:\n - bootOrder: 1\n disk:\n bus: virtio\n name: rootdisk\n - disk:\n bus: virtio\n name: cloudinitdisk\n interfaces:\n - masquerade: {}\n name: default\n machine:\n type: q35\n memory:\n guest: 2Gi\n resources:\n requests:\n memory: 2Gi\n networks:\n - name: default\n pod: {}\n livenessProbe:\n initialDelaySeconds: 120\n periodSeconds: 20\n tcpSocket:\n port: 1500\n timeoutSeconds: 10\n volumes:\n - dataVolume:\n name: test-probe-rootdisk\n name: rootdisk\n - cloudInitNoCloud:\n userData: |\n #cloud-config\n ssh_pwauth: true\n disable_root: false\n chpasswd: {\"list\": \"root:dangerous\", expire: False}\n runcmd:\n - sed -i \"/#\\?PermitRootLogin/s/^.*$/PermitRootLogin yes/g\" /etc/ssh/sshd_config\n - systemctl restart ssh.service\n - dhclient -r && dhclient\n - apt-get update && apt-get install -y ncat\n - [\"systemd-run\", \"--unit=httpserver\", \"ncat\", \"-klp\", \"1500\", \"-e\", '/usr/bin/echo -e HTTP/1.1 200 OK\\nContent-Length: 12\\n\\nHello World!']\n name: cloudinitdisk\n
"},{"location":"en/admin/virtnest/vm/health-check.html#configuring-readiness-probes","title":"Configuring Readiness Probes","text":"Configure readiness
in spec.template.spec
.
apiVersion: kubevirt.io/v1\nkind: VirtualMachine\nmetadata:\n annotations:\n kubevirt.io/latest-observed-api-version: v1\n kubevirt.io/storage-observed-api-version: v1\n virtnest.io/alias-name: ''\n virtnest.io/image-secret: ''\n virtnest.io/image-source: docker\n virtnest.io/os-image: release-ci.daocloud.io/virtnest/system-images/ubuntu-22.04-x86_64:v1\n creationTimestamp: '2024-10-15T02:39:45Z'\n finalizers:\n - kubevirt.io/virtualMachineControllerFinalize\n generation: 1\n labels:\n virtnest.io/os-family: Ubuntu\n virtnest.io/os-version: '22.04'\n name: test-probe\n namespace: amamba-team\n resourceVersion: '254032135'\n uid: 6d92779d-7415-4721-8c7b-a2dde163d758\nspec:\n dataVolumeTemplates:\n - metadata:\n creationTimestamp: null\n name: test-probe-rootdisk\n namespace: amamba-team\n spec:\n pvc:\n accessModes:\n - ReadWriteOnce\n resources:\n requests:\n storage: 10Gi\n storageClassName: hwameistor-storage-lvm-hdd\n source:\n registry:\n url: >-\n docker://release-ci.daocloud.io/virtnest/system-images/ubuntu-22.04-x86_64:v1\n runStrategy: Halted\n template:\n metadata:\n creationTimestamp: null\n spec:\n architecture: amd64\n domain:\n cpu:\n cores: 1\n sockets: 1\n threads: 1\n devices:\n disks:\n - bootOrder: 1\n disk:\n bus: virtio\n name: rootdisk\n - disk:\n bus: virtio\n name: cloudinitdisk\n interfaces:\n - masquerade: {}\n name: default\n machine:\n type: q35\n memory:\n guest: 2Gi\n resources:\n requests:\n memory: 2Gi\n networks:\n - name: default\n pod: {}\n readiness:\n initialDelaySeconds: 120\n periodSeconds: 20\n httpGet:\n port: 1500\n timeoutSeconds: 10\n volumes:\n - dataVolume:\n name: test-probe-rootdisk\n name: rootdisk\n - cloudInitNoCloud:\n userData: |\n #cloud-config\n ssh_pwauth: true\n disable_root: false\n chpasswd: {\"list\": \"root:dangerous\", expire: False}\n runcmd:\n - sed -i \"/#\\?PermitRootLogin/s/^.*$/PermitRootLogin yes/g\" /etc/ssh/sshd_config\n - systemctl restart ssh.service\n - dhclient -r && dhclient\n - apt-get update && apt-get install -y ncat\n - [\"systemd-run\", \"--unit=httpserver\", \"ncat\", \"-klp\", \"1500\", \"-e\", '/usr/bin/echo -e HTTP/1.1 200 OK\\nContent-Length: 12\\n\\nHello World!']\n name: cloudinitdisk\n
"},{"location":"en/admin/virtnest/vm/live-migration.html","title":"Live Migration","text":"This article will explain how to migrate a virtual machine from one node to another.
When a node needs maintenance or upgrades, users can seamlessly migrate running virtual machines to other nodes while ensuring business continuity and data security.
"},{"location":"en/admin/virtnest/vm/live-migration.html#prerequisites","title":"Prerequisites","text":"Before using live migration, the following prerequisites must be met:
Click Container Management on the left navigation bar, then click Virtual Machines to enter the list page. Click \u2507 on the right side of the list to migrate running virtual machines. Currently, the virtual machine is on the node controller-node-1 .
A pop-up box will appear, indicating that during live migration, the running virtual machine instances will be migrated to another node, but the target node cannot be predetermined. Please ensure that other nodes have sufficient resources.
After a successful migration, you can view the node information in the virtual machine list. At this time, the node has been migrated to controller-node-2 .
This article will introduce how to move a cloud host from one node to another within the same cluster while it is powered off.
The main feature of cold migration is that the cloud host will be offline during the migration process, which may impact business continuity. Therefore, careful planning of the migration time window is necessary, taking into account business needs and system availability. Typically, cold migration is suitable for scenarios where downtime requirements are not very strict.
"},{"location":"en/admin/virtnest/vm/migratiom.html#prerequisites","title":"Prerequisites","text":"Before using cold migration, the following prerequisites must be met:
Click__Container Management__ in the left navigation bar, then click__Cloud Hosts__ to enter the list page. Clickthe \u2507 on the right side of the list to initiate the migration action for the cloud host that is in a powered-off state. The current node of the cloud host cannot be viewed while it is powered off, so prior planning or checking while powered on is required.
Note
If you have used local-path in the storage pool of the original node, there may be issues during cross-node migration. Please choose carefully.
After clicking migrate, a prompt will appear allowing you to choose to migrate to a specific node or randomly. If you need to change the storage pool, ensure that there is an available storage pool in the target node. Also, ensure that the target node has sufficient resources. The migration process may take a significant amount of time, so please be patient.
The migration will take some time, so please be patient. After it is successful, you need to restart the cloud host to check if the migration was successful. This example has already powered on the cloud host to check the migration effect.
The virtual machine's monitoring is based on the Grafana Dashboard open-sourced by Kubevirt, which generates monitoring dashboards for each virtual machine.
Monitoring information of the virtual machine can provide better insights into the resource consumption of the virtual machine, such as CPU, memory, storage, and network resource usage. These information can help optimize and plan resources, improving overall resource utilization efficiency.
"},{"location":"en/admin/virtnest/vm/monitor.html#prerequisites","title":"Prerequisites","text":"Before viewing the virtual machine monitoring information, the following prerequisites need to be met:
Navigate to the VM Detail page and click Overview to view the monitoring content of the virtual machine. Please note that without the insight-agent component installed, monitoring information cannot be obtained. Below are the detailed information:
Total CPU, CPU Usage, Memory Total, Memory Usage.
CPU Utilisation: the percentage of CPU resources currently used by the virtual machine;
Memory Utilisation: the percentage of memory resources currently used by the virtual machine out of the total available memory.
Network Traffic by Virtual Machines: the amount of network data sent and received by the virtual machine during a specific time period;
Network Packet Loss Rate: the proportion of lost data packets during data transmission out of the total sent data packets.
Network Packet Error Rate: the rate of errors that occur during network transmission;
Storage Traffic: the speed and capacity at which the virtual machine system reads and writes to the disk within a certain time period.
Storage IOPS: the number of input/output operations the virtual machine system performs in one second.
Storage Delay: the time delay experienced by the virtual machine system when performing disk read and write operations.
This article introduces how to create snapshots for VMs on a schedule.
You can create scheduled snapshots for VMs, providing continuous protection for data and ensuring effective data recovery in case of data loss, corruption, or deletion.
"},{"location":"en/admin/virtnest/vm/scheduled-snapshot.html#steps","title":"Steps","text":"In the left navigation bar, click Container Management -> Clusters to select the proper cluster where the target VM is located. After entering the cluster, click Workloads -> CronJobs, and choose Create from YAML to create a scheduled task. Refer to the following YAML example to create snapshots for the specified VM on a schedule.
Click to view the YAML example for creating a scheduled taskapiVersion: batch/v1\nkind: CronJob\nmetadata:\n name: xxxxx-xxxxx-cronjob # Scheduled task name (Customizable)\n namespace: virtnest-system # Do not modify the namespace\nspec:\n schedule: \"5 * * * *\" # Modify the scheduled task execution interval as needed\n concurrencyPolicy: Allow\n suspend: false\n successfulJobsHistoryLimit: 10\n failedJobsHistoryLimit: 3\n startingDeadlineSeconds: 60\n jobTemplate:\n spec:\n template:\n metadata:\n labels:\n virtnest.io/vm: xxxx # Modify to the name of the VM that needs to be snapshotted\n virtnest.io/namespace: xxxx # Modify to the namespace where the VM is located\n spec:\n serviceAccountName: kubevirt-operator\n containers:\n - name: snapshot-job\n image: release.daocloud.io/virtnest/tools:v0.1.5 # For offline environments, modify the registry address to the proper registry address of the cluster\n imagePullPolicy: IfNotPresent\n env:\n - name: NS\n valueFrom:\n fieldRef:\n fieldPath: metadata.labels['virtnest.io/namespace']\n - name: VM\n valueFrom:\n fieldRef:\n fieldPath: metadata.labels['virtnest.io/vm']\n command:\n - /bin/sh\n - -c\n - |\n export SUFFIX=$(date +\"%Y%m%d-%H%M%S\")\n cat <<EOF | kubectl apply -f -\n apiVersion: snapshot.kubevirt.io/v1alpha1\n kind: VirtualMachineSnapshot\n metadata:\n name: $(VM)-snapshot-$SUFFIX\n namespace: $(NS)\n spec:\n source:\n apiGroup: kubevirt.io\n kind: VirtualMachine\n name: $(VM)\n EOF\n restartPolicy: OnFailure\n
After creating the scheduled task and running it successfully, you can click Virtual Machines in the list page to select the target VM. After entering the details, you can view the snapshot list.
This guide explains how to create snapshots for virtual machines and restore them.
You can create snapshots for virtual machines to save the current state of the virtual machine. A snapshot can be restored multiple times, and each time the virtual machine will be reverted to the state when the snapshot was created. Snapshots are commonly used for backup, recovery and rollback.
"},{"location":"en/admin/virtnest/vm/snapshot.html#prerequisites","title":"Prerequisites","text":"Before using the snapshots, the following prerequisites need to be met:
Click Container Management in the left navigation menu, then click Virtual Machines to access the list page. Click the \u2507 on the right side of the list for a virtual machine to perform snapshot operations (only available for non-error state virtual machines).
A dialog box will pop up, prompting you to input a name and description for the snapshot. Please note that the creation process may take a few minutes, during which you won't be able to perform any operations on the virtual machine.
After successfully creating the snapshot, you can view its details within the virtual machine's information section. Here, you have the option to edit the description, recover from the snapshot, delete it, among other operations.
Click Restore from Snapshot and provide a name for the virtual machine recovery record. The recovery operation may take some time to complete, depending on the size of the snapshot and other factors. After a successful recovery, the virtual machine will be restored to the state when the snapshot was created.
After some time, you can scroll down to the snapshot information to view all the recovery records for the current snapshot. It also provides a way to locate the position of the recovery.
This article will introduce how to configure network information when creating virtual machines.
In virtual machines, network management is a crucial part that allows us to manage and configure network connections for virtual machines in a Kubernetes environment. It can be configured according to different needs and scenarios, achieving a more flexible and diverse network architecture.
When selecting the Bridge network mode, some information needs to be configured in advance:
ovs
. You can create a custom Multus CR or use YAML for creationNetwork configuration can be combined according to the table information.
Network Mode CNI Spiderpool Installed NIC Mode Fixed IP Live Migration Masquerade (NAT) Calico \u274c Single NIC \u274c \u2705 Cilium \u274c Single NIC \u274c \u2705 Flannel \u274c Single NIC \u274c \u2705 Bridge OVS \u2705 Multiple NIC \u2705 \u2705Network Mode: There are two modes - Masquerade (NAT) and Bridge. Bridge mode requires the installation of the spiderpool component.
The default selection is Masquerade (NAT) network mode using the eth0 default NIC.
If the cluster has the spiderpool component installed, then Bridge mode can be selected. The Bridge mode supports multiple NICs.
Adding NICs
Bridge modes support manually adding NICs. Click Add NIC to configure the NIC IP pool. Choose a Multus CR that matches the network mode, if not available, it needs to be created manually.
If the Use Default IP Pool switch is turned on, it will use the default IP pool in the multus CR configuration. If turned off, manually select the IP pool.
This article will introduce how to configure storage when creating a virtual machine.
Storage and virtual machine functionality are closely related, mainly providing flexible and scalable virtual machine storage capabilities through the use of Kubernetes persistent volumes and storage classes. For example, virtual machine image storage in PVC supports cloning, snapshotting, and other operations with other data.
"},{"location":"en/admin/virtnest/vm/vm-sc.html#deploying-different-storage","title":"Deploying Different Storage","text":"Before using virtual machine storage functionality, different storage needs to be deployed according to requirements:
kubectl apply -f
to create the following YAML:---\napiVersion: v1\nkind: Namespace\nmetadata:\n name: local-path-storage\n\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: local-path-provisioner-service-account\n namespace: local-path-storage\n\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n name: local-path-provisioner-role\nrules:\n- apiGroups: [\"\"]\n resources: [\"nodes\", \"persistentvolumeclaims\", \"configmaps\"]\n verbs: [\"get\", \"list\", \"watch\"]\n- apiGroups: [\"\"]\n resources: [\"endpoints\", \"persistentvolumes\", \"pods\"]\n verbs: [\"*\"]\n- apiGroups: [\"\"]\n resources: [\"events\"]\n verbs: [\"create\", \"patch\"]\n- apiGroups: [\"storage.k8s.io\"]\n resources: [\"storageclasses\"]\n verbs: [\"get\", \"list\", \"watch\"]\n\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n name: local-path-provisioner-bind\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: local-path-provisioner-role\nsubjects:\n- kind: ServiceAccount\n name: local-path-provisioner-service-account\n namespace: local-path-storage\n\n---\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: local-path-provisioner\n namespace: local-path-storage\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: local-path-provisioner\n template:\n metadata:\n labels:\n app: local-path-provisioner\n spec:\n serviceAccountName: local-path-provisioner-service-account\n containers:\n - name: local-path-provisioner\n image: rancher/local-path-provisioner:v0.0.22\n imagePullPolicy: IfNotPresent\n command:\n - local-path-provisioner\n - --debug\n - start\n - --config\n - /etc/config/config.json\n volumeMounts:\n - name: config-volume\n mountPath: /etc/config/\n env:\n - name: POD_NAMESPACE\n valueFrom:\n fieldRef:\n fieldPath: metadata.namespace\n volumes:\n - name: config-volume\n configMap:\n name: local-path-config\n\n---\napiVersion: storage.k8s.io/v1\nkind: StorageClass\nmetadata:\n name: local-path\nprovisioner: rancher.io/local-path\nvolumeBindingMode: WaitForFirstConsumer\nreclaimPolicy: Delete\n\n---\nkind: ConfigMap\napiVersion: v1\nmetadata:\n name: local-path-config\n namespace: local-path-storage\ndata:\n config.json: |-\n {\n \"nodePathMap\": [\n {\n \"node\": \"DEFAULT_PATH_FOR_NON_LISTED_NODES\",\n \"paths\": [\"/opt/local-path-provisioner\"]\n }\n ]\n }\n setup: |-\n #!/bin/sh\n set -eu\n mkdir -m 0777 -p \"$VOL_DIR\"\n teardown: |-\n #!/bin/sh\n set -eu\n rm -rf \"$VOL_DIR\"\n helperPod.yaml: |-\n apiVersion: v1\n kind: Pod\n metadata:\n name: helper-pod\n spec:\n containers:\n - name: helper-pod\n image: busybox\n imagePullPolicy: IfNotPresent\n
"},{"location":"en/admin/virtnest/vm/vm-sc.html#virtual-machine-storage","title":"Virtual Machine Storage","text":"System Disk: By default, a VirtIO type rootfs system disk is created for the system to store the operating system and data.
Data Disk: The data disk is a storage device in the virtual machine used to store user data, application data, or other files unrelated to the operating system. Compared to the system disk, the data disk is optional and can be dynamically added or removed as needed. The capacity of the data disk can also be flexibly configured according to requirements.
Block storage is used by default. If you need to use cloning and snapshot functions, make sure that your storage pool has created the proper VolumeSnapshotClass, as shown in the example below. If you need to use real-time migration, make sure that your storage supports and has selected the ReadWriteMany access mode.
In most cases, such VolumeSnapshotClass is not automatically created during the installation process, so you need to manually create VolumeSnapshotClass. Here is an example of creating a VolumeSnapshotClass in HwameiStor:
kind: VolumeSnapshotClass\napiVersion: snapshot.storage.k8s.io/v1\nmetadata:\n name: hwameistor-storage-lvm-snapshot\n annotations:\n snapshot.storage.kubernetes.io/is-default-class: \"true\"\nparameters:\n snapsize: \"1073741824\"\ndriver: lvm.hwameistor.io\ndeletionPolicy: Delete\n
Execute the following command to check if the VolumeSnapshotClass has been successfully created.
kubectl get VolumeSnapshotClass\n
View the created Snapshotclass and confirm that the Provisioner property is consistent with the Driver property in the storage pool.
This document will explain how to build the required virtual machine images.
A virtual machine image is essentially a replica file, which is a disk partition with an installed operating system. Common image file formats include raw, qcow2, vmdk, etc.
"},{"location":"en/admin/virtnest/vm-image/index.html#build-an-image","title":"Build an Image","text":"Below are some detailed steps for building virtual machine images:
Download System Images
Before building virtual machine images, you need to download the required system images. We recommend using images in qcow2, raw, or vmdk formats. You can visit the following links to get CentOS and Fedora images:
Build a Docker Image and Push it to a Containe Registry
In this step, we will use Docker to build an image and push it to a container registry for easy deployment and usage when needed.
Create a Dockerfile
FROM scratch\nADD --chown=107:107 CentOS-7-x86_64-GenericCloud.qcow2 /disk/\n
The Dockerfile above adds a file named CentOS-7-x86_64-GenericCloud.qcow2
to the image being built from a scratch base image and places it in the /disk/ directory within the image. This operation includes the file in the image, allowing it to provide a CentOS 7 x86_64 operating system environment when used to create a virtual machine.
Build the Image
docker build -t release-ci.daocloud.io/ghippo/kubevirt-demo/centos7:v1 .\n
The above command builds an image named release-ci.daocloud.io/ghippo/kubevirt-demo/centos7:v1
using the instructions in the Dockerfile. You can modify the image name according to your project requirements.
Push the Image to the Container Registry
Use the following command to push the built image to the release-ci.daocloud.io
container registry. You can modify the repository name and address as needed.
docker push release-ci.daocloud.io/ghippo/kubevirt-demo/centos7:v1\n
These are the detailed steps and instructions for building virtual machine images. By following these steps, you will be able to successfully build and push images for virtual machines to meet your usage needs.
"},{"location":"en/admin/ghippo/best-practice/navigator.html","title":"Custom Navigation Bar","text":"Currently, the custom navigation bar needs to be manually created as a YAML file and applied to the cluster.
"},{"location":"en/admin/ghippo/best-practice/navigator.html#navigation-bar-categories","title":"Navigation Bar Categories","text":"To add or reorder navigation bar categories, you can achieve it by adding or modifying the category YAML.
Here is an example of a category YAML:
apiVersion: ghippo.io/v1alpha1\nkind: NavigatorCategory\nmetadata:\n name: management-custom # (1)!\nspec:\n name: Management # (2)!\n isCustom: true # (3)!\n localizedName: # (4)!\n zh-CN: \u7ba1\u7406\n en-US: Management\n order: 100 # (5)!\n
After writing the YAML file, you can see the newly added or modified navigation bar categories by executing the following command and refreshing the page:
kubectl apply -f xxx.yaml\n
"},{"location":"en/admin/ghippo/best-practice/navigator.html#navigation-bar-menus","title":"Navigation Bar Menus","text":"To add or reorder navigation bar menus, you can achieve it by adding a navigator YAML.
Note
If you need to edit an existing navigation bar menu (not a custom menu added by the user), you need to set the \"gproduct\" field of the new custom menu the same as the \"gproduct\" field of the menu to be overridden. The new navigation bar menu will overwrite the parts with the same \"name\" in the \"menus\" section, and perform an addition operation for the parts with different \"name\".
"},{"location":"en/admin/ghippo/best-practice/navigator.html#first-level-menu","title":"First-level Menu","text":"Insert as a product under a navigation bar category
apiVersion: ghippo.io/v1alpha1\nkind: GProductNavigator\nmetadata:\n name: gmagpie-custom # (1)!\nspec:\n name: Operations Management\n iconUrl: ./ui/gmagpie/gmagpie.svg\n localizedName: # (2)!\n zh-CN: \u8fd0\u8425\u7ba1\u7406\n en-US: Operations Management\n url: ./gmagpie\n category: management # (3)!\n menus: # (4)!\n - name: Access Control\n iconUrl: ./ui/ghippo/menus/access-control.svg\n localizedName:\n zh-CN: \u7528\u6237\u4e0e\u8bbf\u95ee\u63a7\u5236\n en-US: Access Control\n url: ./ghippo/users\n order: 50 # (5)!\n - name: Workspace\n iconUrl: ./ui/ghippo/menus/workspace-folder.svg\n localizedName:\n zh-CN: \u5de5\u4f5c\u7a7a\u95f4\u4e0e\u5c42\u7ea7\n en-US: Workspace and Folder\n url: ./ghippo/workspaces\n order: 40\n - name: Audit Log\n iconUrl: ./ui/ghippo/menus/audit-logs.svg\n localizedName:\n zh-CN: \u5ba1\u8ba1\u65e5\u5fd7\n en-US: Audit Log\n url: ./ghippo/audit\n order: 30\n - name: Settings\n iconUrl: ./ui/ghippo/menus/setting.svg\n localizedName:\n zh-CN: \u5e73\u53f0\u8bbe\u7f6e\n en-US: Settings\n url: ./ghippo/settings\n order: 10\n gproduct: gmagpie # (6)!\n visible: true # (7)!\n isCustom: true # (8)!\n order: 20 # (9)!\n target: blank # (10)!\n
Insert as a sub-product under the second-level menu of a first-level menu
apiVersion: ghippo.io/v1alpha1\nkind: GProductNavigator\nmetadata:\n name: gmagpie-custom # (1)!\nspec:\n name: Operations Management\n iconUrl: ./ui/gmagpie/gmagpie.svg\n localizedName: # (2)!\n zh-CN: \u8fd0\u8425\u7ba1\u7406\n en-US: Operations Management\n url: ./gmagpie\n parentGProduct: ghippo # (3)!\n gproduct: gmagpie # (4)!\n visible: true # (5)!\n isCustom: true # (6)!\n order: 20 # (7)!\n
Insight is a multicluster observation product in AI platform. In order to realize the unified collection of multicluster observation data, users need to install the Helm App insight-agent (Installed in insight-system namespace by default). See How to install insight-agent .
"},{"location":"en/admin/insight/quickstart/agent-status.html#status-description","title":"Status description","text":"In Insight -> Data Collection section, you can view the status of insight-agent installed in each cluster.
Can be checked by:
Run the following command, if the status is deployed , go to the next step. If it is failed , since it will affect the upgrade of the application, it is recommended to reinstall after uninstalling Container Management -> Helm Apps :
helm list -n insight-system\n
run the following command or check the status of the components deployed in the cluster in Insight -> Data Collection . If there is a pod that is not in the Running state, please restart the abnormal pod.
kubectl get pods -n insight-system\n
The resource consumption of the metric collection component Prometheus in insight-agent is directly proportional to the number of pods running in the cluster. Adjust Prometheus resources according to the cluster size, please refer to Prometheus Resource Planning.
Since the storage capacity of the metric storage component vmstorage in the global service cluster is directly proportional to the sum of the number of pods in each cluster.
JMX-Exporter provides two usages:
Note
Officials do not recommend the first method. On the one hand, the configuration is complicated, and on the other hand, it requires a separate process, and the monitoring of this process itself has become a new problem. So This page focuses on the second usage and how to use JMX Exporter to expose JVM monitoring metrics in the Kubernetes environment.
The second usage is used here, and the JMX Exporter jar package file and configuration file need to be specified when starting the JVM. The jar package is a binary file, so it is not easy to mount it through configmap. We hardly need to modify the configuration file. So the suggestion is to directly package the jar package and configuration file of JMX Exporter into the business container image.
Among them, in the second way, we can choose to put the jar file of JMX Exporter in the business application mirror, You can also choose to mount it during deployment. Here is an introduction to the two methods:
"},{"location":"en/admin/insight/quickstart/jvm-monitor/jmx-exporter.html#method-1-build-the-jmx-exporter-jar-file-into-the-business-image","title":"Method 1: Build the JMX Exporter JAR file into the business image","text":"The content of prometheus-jmx-config.yaml is as follows:
prometheus-jmx-config.yaml...\nssl: false\nlowercaseOutputName: false\nlowercaseOutputLabelNames: false\nrules:\n- pattern: \".*\"\n
Note
For more configmaps, please refer to the bottom introduction or Prometheus official documentation.
Then prepare the jar package file, you can find the latest jar package download address on the Github page of jmx_exporter and refer to the following Dockerfile:
FROM openjdk:11.0.15-jre\nWORKDIR /app/\nCOPY target/my-app.jar ./\nCOPY prometheus-jmx-config.yaml ./\nRUN set -ex; \\\n curl -L -O https://repo1.maven.org/maven2/io/prometheus/jmx/jmx_prometheus_javaagent/0.17.2/jmx_prometheus_javaagent-0.17.2.jar;\nENV JAVA_TOOL_OPTIONS=-javaagent:/app/jmx_prometheus_javaagent-0.17.2.jar=8088:/app/prometheus-jmx-config.yaml\nEXPOSE 8081 8999 8080 8888\nENTRYPOINT java $JAVA_OPTS -jar my-app.jar\n
Notice:
We need to make the JMX exporter into a Docker image first, the following Dockerfile is for reference only:
FROM alpine/curl:3.14\nWORKDIR /app/\n# Copy the previously created config file to the mirror\nCOPY prometheus-jmx-config.yaml ./\n# Download jmx prometheus javaagent jar online\nRUN set -ex; \\\n curl -L -O https://repo1.maven.org/maven2/io/prometheus/jmx/jmx_prometheus_javaagent/0.17.2/jmx_prometheus_javaagent-0.17.2.jar;\n
Build the image according to the above Dockerfile: docker build -t my-jmx-exporter .
Add the following init container to the Java application deployment Yaml:
Click to view YAML fileapiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: my-demo-app\n labels:\n app: my-demo-app\nspec:\n selector:\n matchLabels:\n app: my-demo-app\n template:\n metadata:\n labels:\n app: my-demo-app\n spec:\n imagePullSecrets:\n - name: registry-pull\n initContainers:\n - name: jmx-sidecar\n image: my-jmx-exporter\n command: [\"cp\", \"-r\", \"/app/jmx_prometheus_javaagent-0.17.2.jar\", \"/target/jmx_prometheus_javaagent-0.17.2.jar\"] \u278a\n volumeMounts:\n - name: sidecar\n mountPath: /target\n containers:\n - image: my-demo-app-image\n name: my-demo-app\n resources:\n requests:\n memory: \"1000Mi\"\n cpu: \"500m\"\n limits:\n memory: \"1000Mi\"\n cpu: \"500m\"\n ports:\n - containerPort: 18083\n env:\n - name: JAVA_TOOL_OPTIONS\n value: \"-javaagent:/app/jmx_prometheus_javaagent-0.17.2.jar=8088:/app/prometheus-jmx-config.yaml\" \u278b\n volumeMounts:\n - name: host-time\n mountPath: /etc/localtime\n readOnly: true\n - name: sidecar\n mountPath: /sidecar\n volumes:\n - name: host-time\n hostPath:\n path: /etc/localtime\n - name: sidecar # Share the agent folder\n emptyDir: {}\n restartPolicy: Always\n
After the above modification, the sample application my-demo-app has the ability to expose JVM metrics. After running the service, we can access the prometheus format metrics exposed by the service through http://lcoalhost:8088
.
Then, you can refer to Java Application Docking Observability with JVM Metrics.
"},{"location":"en/admin/insight/quickstart/jvm-monitor/jvm-catelogy.html","title":"Start monitoring Java applications","text":"This document mainly describes how to monitor the JVM of the customer's Java application. It describes how Java applications that have exposed JVM metrics, and those that have not, interface with Insight.
If your Java application does not start exposing JVM metrics, you can refer to the following documents:
If your Java application has exposed JVM metrics, you can refer to the following documents:
If your Java application exposes JVM monitoring metrics through other means (such as Spring Boot Actuator), We need to allow monitoring data to be collected. You can let Insight collect existing JVM metrics by adding Kubernetes Annotations to the workload:
annatation:\n insight.opentelemetry.io/metric-scrape: \"true\" # whether to collect\n insight.opentelemetry.io/metric-path: \"/\" # path to collect metrics\n insight.opentelemetry.io/metric-port: \"9464\" # port for collecting metrics\n
YAML Example to add annotations for my-deployment-app workload\uff1a
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: my-deployment-app\nspec:\n selector:\n matchLabels:\n app: my-deployment-app\n app.kubernetes.io/name: my-deployment-app\n replicas: 1\n template:\n metadata:\n labels:\n app: my-deployment-app\n app.kubernetes.io/name: my-deployment-app\n annotations:\n insight.opentelemetry.io/metric-scrape: \"true\" # whether to collect\n insight.opentelemetry.io/metric-path: \"/\" # path to collect metrics\n insight.opentelemetry.io/metric-port: \"9464\" # port for collecting metrics\n
The following shows the complete YAML:
---\napiVersion: v1\nkind: Service\nmetadata:\n name: spring-boot-actuator-prometheus-metrics-demo\nspec:\n type: NodePort\n selector:\n #app: my-deployment-with-aotu-instrumentation-app\n app.kubernetes.io/name: spring-boot-actuator-prometheus-metrics-demo\n ports:\n - name: http\n port: 8080\n---\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: spring-boot-actuator-prometheus-metrics-demo\nspec:\n selector:\n matchLabels:\n #app: my-deployment-with-aotu-instrumentation-app\n app.kubernetes.io/name: spring-boot-actuator-prometheus-metrics-demo\n replicas: 1\n template:\n metadata:\n labels:\n app.kubernetes.io/name: spring-boot-actuator-prometheus-metrics-demo\n annotations:\n insight.opentelemetry.io/metric-scrape: \"true\" # whether to collect\n insight.opentelemetry.io/metric-path: \"/actuator/prometheus\" # path to collect metrics\n insight.opentelemetry.io/metric-port: \"8080\" # port for collecting metrics\n spec:\n containers:\n - name: myapp\n image: docker.m.daocloud.io/wutang/spring-boot-actuator-prometheus-metrics-demo\n ports:\n - name: http\n containerPort: 8080\n resources:\n limits:\n cpu: 500m\n memory: 800Mi\n requests:\n cpu: 200m\n memory: 400Mi\n
In the above example\uff0cInsight will use :8080//actuator/prometheus to get Prometheus metrics exposed through Spring Boot Actuator .
"},{"location":"en/admin/insight/quickstart/jvm-monitor/otel-java-agent.html","title":"Use OpenTelemetry Java Agent to expose JVM monitoring metrics","text":"In Opentelemetry Agent v1.20.0 and above, Opentelemetry Agent has added the JMX Metric Insight module. If your application has integrated Opentelemetry Agent to collect application traces, then you no longer need to introduce other Agents for our application Expose JMX metrics. The Opentelemetry Agent also collects and exposes metrics by instrumenting the metrics exposed by MBeans locally available in the application.
Opentelemetry Agent also has some built-in monitoring samples for common Java Servers or frameworks, please refer to predefined metrics.
Using the OpenTelemetry Java Agent also needs to consider how to mount the JAR into the container. In addition to referring to the JMX Exporter above to mount the JAR file, we can also use the Operator capabilities provided by OpenTelemetry to automatically enable JVM metric exposure for our applications. :
If your application has integrated Opentelemetry Agent to collect application traces, then you no longer need to introduce other Agents to expose JMX metrics for our application. The Opentelemetry Agent can now natively collect and expose metrics interfaces by instrumenting metrics exposed by MBeans available locally in the application.
However, for current version, you still need to manually add the proper annotations to workload before the JVM data will be collected by Insight.
"},{"location":"en/admin/insight/quickstart/jvm-monitor/otel-java-agent.html#expose-metrics-for-java-middleware","title":"Expose metrics for Java middleware","text":"Opentelemetry Agent also has some built-in middleware monitoring samples, please refer to Predefined Metrics.
By default, no type is specified, and it needs to be specified through -Dotel.jmx.target.system JVM Options, such as -Dotel.jmx.target.system=jetty,kafka-broker .
"},{"location":"en/admin/insight/quickstart/jvm-monitor/otel-java-agent.html#reference","title":"Reference","text":"Gaining JMX Metric Insights with the OpenTelemetry Java Agent
Otel jmx metrics
If you don't want to manually change the application code, you can try This page's eBPF-based automatic enhancement method. This feature is currently in the review stage of donating to the OpenTelemetry community, and does not support Operator injection through annotations (it will be supported in the future), so you need to manually change the Deployment YAML or use a patch.
"},{"location":"en/admin/insight/quickstart/otel/golang-ebpf.html#prerequisites","title":"Prerequisites","text":"Make sure Insight Agent is ready. If not, see Install insight-agent to collect data and make sure the following three items are in place:
Install under the Insight-system namespace, skip this step if it has already been installed.
Note: This CR currently only supports the injection of environment variables (including service name and trace address) required to connect to Insight, and will support the injection of Golang probes in the future.
kubectl apply -f - <<EOF\napiVersion: opentelemetry.io/v1alpha1\nkind: Instrumentation\nmetadata:\n name: insight-opentelemetry-autoinstrumentation\n namespace: insight-system\nspec:\n # https://github.com/open-telemetry/opentelemetry-operator/blob/main/docs/api.md#instrumentationspecresource\n resource:\n addK8sUIDAttributes: true\n env:\n - name: OTEL_EXPORTER_OTLP_ENDPOINT\n value: http://insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317\n sampler:\n # Enum: always_on, always_off, traceidratio, parentbased_always_on, parentbased_always_off, parentbased_traceidratio, jaeger_remote, xray\n type: always_on\n java:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-java:1.17.0\n env:\n - name: OTEL_JAVAAGENT_DEBUG\n value: \"false\"\n - name: OTEL_INSTRUMENTATION_JDBC_ENABLED\n value: \"true\"\n - name: SPLUNK_PROFILER_ENABLED\n value: \"false\"\n nodejs:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-nodejs:0.31.0\n python:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-python:0.34b0\n dotnet:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-dotnet:0.3.1-beta.1\nEOF\n
"},{"location":"en/admin/insight/quickstart/otel/golang-ebpf.html#change-the-application-deployment-file","title":"Change the application deployment file","text":"Add environment variable annotations
There is only one such annotation, which is used to add OpenTelemetry-related environment variables, such as link reporting address, cluster id where the container is located, and namespace:
instrumentation.opentelemetry.io/inject-sdk: \"insight-system/insight-opentelemetry-autoinstrumentation\"\n
The value is divided into two parts by / , the first value insight-system is the namespace of the CR installed in the second step, and the second value insight-opentelemetry-autoinstrumentation is the name of the CR.
Add golang ebpf probe container
Here is sample code:
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: voting\n namespace: emojivoto\n labels:\n app.kubernetes.io/name: voting\n app.kubernetes.io/part-of: emojivoto\n app.kubernetes.io/version: v11\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: voting-svc\n version: v11\n template:\n metadata:\n labels:\n app: voting-svc\n version: v11\n annotations:\n instrumentation.opentelemetry.io/inject-sdk: \"insight-system/insight-opentelemetry-autoinstrumentation\" # (1)\n spec:\n containers:\n - env:\n - name: GRPC_PORT\n value: \"8080\"\n - name: PROM_PORT\n value: \"8801\"\n image: docker.l5d.io/buoyantio/emojivoto-voting-svc:v11 # (2)\n name: voting-svc\n command:\n - /usr/local/bin/emojivoto-voting-svc\n ports:\n - containerPort: 8080\n name: grpc\n - containerPort: 8801\n name: prom\n resources:\n requests:\n cpu: 100m\n - name: emojivoto-voting-instrumentation\n image: docker.m.daocloud.io/keyval/otel-go-agent:v0.6.0\n env:\n - name: OTEL_TARGET_EXE\n value: /usr/local/bin/emojivoto-voting-svc # (3)\n securityContext:\n runAsUser: 0\n capabilities:\n add:\n - SYS_PTRACE\n privileged: true\n volumeMounts:\n - mountPath: /sys/kernel/debug\n name: kernel-debug\n volumes:\n - name: kernel-debug\n hostPath:\n path: /sys/kernel/debug\n
The final generated Yaml content is as follows:
apiVersion: v1\nkind: Pod\nmetadata:\n name: voting-84b696c897-p9xbp\n generateName: voting-84b696c897-\n namespace: default\n uid: 742639b0-db6e-4f06-ac90-68a80e2b8a11\n resourceVersion: '65560793'\n creationTimestamp: '2022-10-19T07:08:56Z'\n labels:\n app: voting-svc\n pod-template-hash: 84b696c897\n version: v11\n annotations:\n cni.projectcalico.org/containerID: 0a987cf0055ce0dfbe75c3f30d580719eb4fbbd7e1af367064b588d4d4e4c7c7\n cni.projectcalico.org/podIP: 192.168.141.218/32\n cni.projectcalico.org/podIPs: 192.168.141.218/32\n instrumentation.opentelemetry.io/inject-sdk: insight-system/insight-opentelemetry-autoinstrumentation\nspec:\n volumes:\n - name: launcherdir\n emptyDir: {}\n - name: kernel-debug\n hostPath:\n path: /sys/kernel/debug\n type: ''\n - name: kube-api-access-gwj5v\n projected:\n sources:\n - serviceAccountToken:\n expirationSeconds: 3607\n path: token\n - configMap:\n name: kube-root-ca.crt\n items:\n - key: ca.crt\n path: ca.crt\n - downwardAPI:\n items:\n - path: namespace\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n defaultMode: 420\n containers:\n - name: voting-svc\n image: docker.l5d.io/buoyantio/emojivoto-voting-svc:v11\n command:\n - /odigos-launcher/launch\n - /usr/local/bin/emojivoto-voting-svc\n ports:\n - name: grpc\n containerPort: 8080\n protocol: TCP\n - name: prom\n containerPort: 8801\n protocol: TCP\n env:\n - name: GRPC_PORT\n value: '8080'\n - name: PROM_PORT\n value: '8801'\n - name: OTEL_TRACES_EXPORTER\n value: otlp\n - name: OTEL_EXPORTER_OTLP_ENDPOINT\n value: >-\n http://insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317\n - name: OTEL_EXPORTER_OTLP_TIMEOUT\n value: '200'\n - name: SPLUNK_TRACE_RESPONSE_HEADER_ENABLED\n value: 'true'\n - name: OTEL_SERVICE_NAME\n value: voting\n - name: OTEL_RESOURCE_ATTRIBUTES_POD_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.name\n - name: OTEL_RESOURCE_ATTRIBUTES_POD_UID\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.uid\n - name: OTEL_RESOURCE_ATTRIBUTES_NODE_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: spec.nodeName\n - name: OTEL_PROPAGATORS\n value: jaeger,b3\n - name: OTEL_TRACES_SAMPLER\n value: always_on\n - name: OTEL_RESOURCE_ATTRIBUTES\n value: >-\n k8s.container.name=voting-svc,k8s.deployment.name=voting,k8s.deployment.uid=79e015e2-4643-44c0-993c-e486aebaba10,k8s.namespace.name=default,k8s.node.name=$(OTEL_RESOURCE_ATTRIBUTES_NODE_NAME),k8s.pod.name=$(OTEL_RESOURCE_ATTRIBUTES_POD_NAME),k8s.pod.uid=$(OTEL_RESOURCE_ATTRIBUTES_POD_UID),k8s.replicaset.name=voting-84b696c897,k8s.replicaset.uid=63f56167-6632-415d-8b01-43a3db9891ff\n resources:\n requests:\n cpu: 100m\n volumeMounts:\n - name: launcherdir\n mountPath: /odigos-launcher\n - name: kube-api-access-gwj5v\n readOnly: true\n mountPath: /var/run/secrets/kubernetes.io/serviceaccount\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: IfNotPresent\n - name: emojivoto-voting-instrumentation\n image: keyval/otel-go-agent:v0.6.0\n env:\n - name: OTEL_TARGET_EXE\n value: /usr/local/bin/emojivoto-voting-svc\n - name: OTEL_EXPORTER_OTLP_ENDPOINT\n value: jaeger:4317\n - name: OTEL_SERVICE_NAME\n value: emojivoto-voting\n resources: {}\n volumeMounts:\n - name: kernel-debug\n mountPath: /sys/kernel/debug\n - name: kube-api-access-gwj5v\n readOnly: true\n mountPath: /var/run/secrets/kubernetes.io/serviceaccount\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: IfNotPresent\n securityContext:\n capabilities:\n add:\n - SYS_PTRACE\n privileged: true\n runAsUser: 0\n\u00b7\u00b7\u00b7\u00b7\u00b7\u00b7\n
"},{"location":"en/admin/insight/quickstart/otel/golang-ebpf.html#reference","title":"Reference","text":"In AI platform, previous Suanova 4.0 can be accessed as a subcluster. This guide provides potential issues and solutions when installing insight-agent in a Suanova 4.0 cluster.
"},{"location":"en/admin/insight/quickstart/other/install-agentindce.html#issue-one","title":"Issue One","text":"Since most Suanova 4.0 clusters have installed dx-insight as the monitoring system, installing insight-agent at this time will conflict with the existing prometheus operator in the cluster, making it impossible to install smoothly.
"},{"location":"en/admin/insight/quickstart/other/install-agentindce.html#solution","title":"Solution","text":"Enable the parameters of the prometheus operator, retain the prometheus operator in dx-insight, and make it compatible with the prometheus operator in insight-agent in 5.0.
"},{"location":"en/admin/insight/quickstart/other/install-agentindce.html#steps","title":"Steps","text":"Run the following command (the following command is for reference only, the actual command needs to replace the prometheus operator name and namespace in the command).
kubectl edit deploy insight-agent-kube-prometh-operator -n insight-system\n
Note
The open-source node-exporter turns on hostnetwork by default and the default port is 9100. If the monitoring system of the cluster has installed node-exporter , then installing insight-agent at this time will cause node-exporter port conflict and it cannot run normally.
Note
Insight's node exporter will enable some features to collect special indicators, so it is recommended to install.
Currently, it does not support modifying the port in the installation command. After helm install insight-agent , you need to manually modify the related ports of the insight node-exporter daemonset and svc.
"},{"location":"en/admin/insight/quickstart/other/install-agentindce.html#issue-two","title":"Issue Two","text":"After Insight Agent is successfully deployed, fluentbit does not collect logs of Suanova 4.0.
"},{"location":"en/admin/insight/quickstart/other/install-agentindce.html#solution_1","title":"Solution","text":"The docker storage directory of Suanova 4.0 is /var/lib/containers , which is different from the path in the configuration of insigh-agent, so the logs are not collected.
"},{"location":"en/admin/insight/quickstart/other/install-agentindce.html#steps_1","title":"Steps","text":"Modify the following parameters in the insight-agent Chart.
fluent-bit:\ndaemonSetVolumeMounts:\n - name: varlog\n mountPath: /var/log\n - name: varlibdockercontainers\n- mountPath: /var/lib/docker/containers\n+ mountPath: /var/lib/containers/docker/containers\n readOnly: true\n - name: etcmachineid\n mountPath: /etc/machine-id\n readOnly: true\n - name: dmesg\n mountPath: /var/log/dmesg\n readOnly: true\n
The service topology provided by Observability allows you to quickly identify the request relationships between services and determine the health status of services based on different colors. The health status is determined based on the request latency and error rate of the service's overall traffic. This article explains the elements in the service topology.
"},{"location":"en/admin/insight/trace/topology-helper.html#node-status-explanation","title":"Node Status Explanation","text":"The node health status is determined based on the error rate and request latency of the service's overall traffic, following these rules:
Color Status Rules Gray Healthy Error rate equals 0% and request latency is less than 100ms Orange Warning Error rate (0, 5%) or request latency (100ms, 200ms) Red Abnormal Error rate (5%, 100%) or request latency (200ms, +Infinity)"},{"location":"en/admin/insight/trace/topology-helper.html#connection-status-explanation","title":"Connection Status Explanation","text":"Color Status Rules Green Healthy Error rate equals 0% and request latency is less than 100ms Orange Warning Error rate (0, 5%) or request latency (100ms, 200ms) Red Abnormal Error rate (5%, 100%) or request latency (200ms, +Infinity)"},{"location":"en/admin/kpanda/gpu/gpu-metrics.html","title":"GPU Metrics","text":"This page lists some commonly used GPU metrics.
"},{"location":"en/admin/kpanda/gpu/gpu-metrics.html#cluster-level","title":"Cluster Level","text":"Metric Name Description Number of GPUs Total number of GPUs in the cluster Average GPU Utilization Average compute utilization of all GPUs in the cluster Average GPU Memory Utilization Average memory utilization of all GPUs in the cluster GPU Power Power consumption of all GPUs in the cluster GPU Temperature Temperature of all GPUs in the cluster GPU Utilization Details 24-hour usage details of all GPUs in the cluster (includes max, avg, current) GPU Memory Usage Details 24-hour memory usage details of all GPUs in the cluster (includes min, max, avg, current) GPU Memory Bandwidth Utilization For example, an Nvidia V100 GPU has a maximum memory bandwidth of 900 GB/sec. If the current memory bandwidth is 450 GB/sec, the utilization is 50%"},{"location":"en/admin/kpanda/gpu/gpu-metrics.html#node-level","title":"Node Level","text":"Metric Name Description GPU Mode Usage mode of GPUs on the node, including full-card mode, MIG mode, vGPU mode Number of Physical GPUs Total number of physical GPUs on the node Number of Virtual GPUs Number of vGPU devices created on the node Number of MIG Instances Number of MIG instances created on the node GPU Memory Allocation Rate Memory allocation rate of all GPUs on the node Average GPU Utilization Average compute utilization of all GPUs on the node Average GPU Memory Utilization Average memory utilization of all GPUs on the node GPU Driver Version Driver version information of GPUs on the node GPU Utilization Details 24-hour usage details of each GPU on the node (includes max, avg, current) GPU Memory Usage Details 24-hour memory usage details of each GPU on the node (includes min, max, avg, current)"},{"location":"en/admin/kpanda/gpu/gpu-metrics.html#pod-level","title":"Pod Level","text":"Category Metric Name Description Application Overview GPU - Compute & Memory Pod GPU Utilization Compute utilization of the GPUs used by the current Pod Pod GPU Memory Utilization Memory utilization of the GPUs used by the current Pod Pod GPU Memory Usage Memory usage of the GPUs used by the current Pod Memory Allocation Memory allocation of the GPUs used by the current Pod Pod GPU Memory Copy Ratio Memory copy ratio of the GPUs used by the current Pod GPU - Engine Overview GPU Graphics Engine Activity Percentage Percentage of time the Graphics or Compute engine is active during a monitoring cycle GPU Memory Bandwidth Utilization Memory bandwidth utilization (Memory BW Utilization) indicates the fraction of cycles during which data is sent to or received from the device memory. This value represents the average over the interval, not an instantaneous value. A higher value indicates higher utilization of device memory.A value of 1 (100%) indicates that a DRAM instruction is executed every cycle during the interval (in practice, a peak of about 0.8 (80%) is the maximum achievable).A value of 0.2 (20%) indicates that 20% of the cycles during the interval are spent reading from or writing to device memory. Tensor Core Utilization Percentage of time the Tensor Core pipeline is active during a monitoring cycle FP16 Engine Utilization Percentage of time the FP16 pipeline is active during a monitoring cycle FP32 Engine Utilization Percentage of time the FP32 pipeline is active during a monitoring cycle FP64 Engine Utilization Percentage of time the FP64 pipeline is active during a monitoring cycle GPU Decode Utilization Decode engine utilization of the GPU GPU Encode Utilization Encode engine utilization of the GPU GPU - Temperature & Power GPU Temperature Temperature of all GPUs in the cluster GPU Power Power consumption of all GPUs in the cluster GPU Total Power Consumption Total power consumption of the GPUs GPU - Clock GPU Memory Clock Memory clock frequency GPU Application SM Clock Application SM clock frequency GPU Application Memory Clock Application memory clock frequency GPU Video Engine Clock Video engine clock frequency GPU Throttle Reasons Reasons for GPU throttling GPU - Other Details PCIe Transfer Rate Data transfer rate of the GPU through the PCIe bus PCIe Receive Rate Data receive rate of the GPU through the PCIe bus"},{"location":"en/admin/kpanda/gpu/ascend/Ascend_usage.html","title":"Use Ascend NPU","text":"This section explains how to use Ascend NPU on the AI platform.
"},{"location":"en/admin/kpanda/gpu/ascend/Ascend_usage.html#prerequisites","title":"Prerequisites","text":"Refer to the Ascend NPU Component Installation Document to install the basic environment.
"},{"location":"en/admin/kpanda/gpu/ascend/Ascend_usage.html#quick-start","title":"Quick Start","text":"This document uses the AscentCL Image Classification Application example from the Ascend sample library.
Download the Ascend repository
Run the following command to download the Ascend demo repository, and remember the storage location of the code for subsequent use.
git clone https://gitee.com/ascend/samples.git\n
Prepare the base image
This example uses the Ascent-pytorch base image, which can be obtained from the Ascend Container Registry.
Prepare the YAML file
ascend-demo.yamlapiVersion: batch/v1\nkind: Job\nmetadata:\n name: resnetinfer1-1-1usoc\nspec:\n template:\n spec:\n containers:\n - image: ascendhub.huawei.com/public-ascendhub/ascend-pytorch:23.0.RC2-ubuntu18.04 # Inference image name\n imagePullPolicy: IfNotPresent\n name: resnet50infer\n securityContext:\n runAsUser: 0\n command:\n - \"/bin/bash\"\n - \"-c\"\n - |\n source /usr/local/Ascend/ascend-toolkit/set_env.sh &&\n TEMP_DIR=/root/samples_copy_$(date '+%Y%m%d_%H%M%S_%N') &&\n cp -r /root/samples \"$TEMP_DIR\" &&\n cd \"$TEMP_DIR\"/inference/modelInference/sampleResnetQuickStart/python/model &&\n wget https://obs-9be7.obs.cn-east-2.myhuaweicloud.com/003_Atc_Models/resnet50/resnet50.onnx &&\n atc --model=resnet50.onnx --framework=5 --output=resnet50 --input_shape=\"actual_input_1:1,3,224,224\" --soc_version=Ascend910 &&\n cd ../data &&\n wget https://obs-9be7.obs.cn-east-2.myhuaweicloud.com/models/aclsample/dog1_1024_683.jpg &&\n cd ../scripts &&\n bash sample_run.sh\n resources:\n requests:\n huawei.com/Ascend910: 1 # Number of the Ascend 910 Processors\n limits:\n huawei.com/Ascend910: 1 # The value should be the same as that of requests\n volumeMounts:\n - name: hiai-driver\n mountPath: /usr/local/Ascend/driver\n readOnly: true\n - name: slog\n mountPath: /var/log/npu/conf/slog/slog.conf\n - name: localtime # The container time must be the same as the host time\n mountPath: /etc/localtime\n - name: dmp\n mountPath: /var/dmp_daemon\n - name: slogd\n mountPath: /var/slogd\n - name: hbasic\n mountPath: /etc/hdcBasic.cfg\n - name: sys-version\n mountPath: /etc/sys_version.conf\n - name: aicpu\n mountPath: /usr/lib64/aicpu_kernels\n - name: tfso\n mountPath: /usr/lib64/libtensorflow.so\n - name: sample-path\n mountPath: /root/samples\n volumes:\n - name: hiai-driver\n hostPath:\n path: /usr/local/Ascend/driver\n - name: slog\n hostPath:\n path: /var/log/npu/conf/slog/slog.conf\n - name: localtime\n hostPath:\n path: /etc/localtime\n - name: dmp\n hostPath:\n path: /var/dmp_daemon\n - name: slogd\n hostPath:\n path: /var/slogd\n - name: hbasic\n hostPath:\n path: /etc/hdcBasic.cfg\n - name: sys-version\n hostPath:\n path: /etc/sys_version.conf\n - name: aicpu\n hostPath:\n path: /usr/lib64/aicpu_kernels\n - name: tfso\n hostPath:\n path: /usr/lib64/libtensorflow.so\n - name: sample-path\n hostPath:\n path: /root/samples\n restartPolicy: OnFailure\n
Some fields in the above YAML need to be modified according to the actual situation:
Deploy a Job and check its results
Use the following command to create a Job:
kubectl apply -f ascend-demo.yaml\n
Check the Pod running status:
After the Pod runs successfully, check the log results. The key prompt information on the screen is shown in the figure below. The Label indicates the category identifier, Conf indicates the maximum confidence of the classification, and Class indicates the belonging category. These values may vary depending on the version and environment, so please refer to the actual situation:
Result image display:
Confirm whether the cluster has detected the GPU. Click Clusters -> Cluster Settings -> Addon Plugins , and check whether the proper GPU type is automatically enabled and detected. Currently, the cluster will automatically enable GPU and set the GPU type to Ascend .
Deploy the workload. Click Clusters -> Workloads , deploy the workload through an image, select the type (Ascend), and then configure the number of physical cards used by the application:
Number of Physical Cards (huawei.com/Ascend910) : This indicates how many physical cards the current Pod needs to mount. The input value must be an integer and less than or equal to the number of cards on the host.
If there is an issue with the above configuration, it will result in scheduling failure and resource allocation issues.
This article will introduce the prerequisites for configuring GPU when creating a virtual machine.
The key point of configuring GPU for virtual machines is to configure the GPU Operator so that different software components can be deployed on working nodes depending on the GPU workloads configured on these nodes. Taking the following three nodes as examples:
Working nodes can run GPU-accelerated containers, virtual machines with direct GPUs, or virtual machines with vGPUs, but not a combination of any.
To enable the GPU direct pass-through feature, the cluster nodes need to enable IOMMU. Please refer to How to Enable IOMMU. If your cluster is running on a virtual machine, consult your virtual machine platform provider.
"},{"location":"en/admin/virtnest/vm/vm-gpu.html#build-vgpu-manager-image","title":"Build vGPU Manager Image","text":"Note: Building a vGPU Manager image is only required when using NVIDIA vGPUs. If you plan to use only GPU direct pass-through, skip this section.
The following are the steps to build the vGPU Manager image and push it to the container registry:
Download the vGPU software from the NVIDIA Licensing Portal.
NVIDIA-Linux-x86_64-<version>-vgpu-kvm.run
).Clone the container-images/driver repository in the terminal
git clone https://gitlab.com/nvidia/container-images/driver cd driver\n
Switch to the vgpu-manager directory for your operating system
cd vgpu-manager/<your-os>\n
Copy the .run file extracted in step 1 to the current directory
cp <local-driver-download-directory>/*-vgpu-kvm.run ./\n
Set environment variables
export PRIVATE_REGISTRY=my/private/registry VERSION=510.73.06 OS_TAG=ubuntu22.04 CUDA_VERSION=12.2.0\n
Build the NVIDIA vGPU Manager Image
docker build \\\n --build-arg DRIVER_VERSION=${VERSION} \\\n --build-arg CUDA_VERSION=${CUDA_VERSION} \\\n -t ${PRIVATE_REGISTRY}/vgpu-manager:${VERSION}-${OS_TAG} .\n
Push the NVIDIA vGPU Manager image to your container registry
docker push ${PRIVATE_REGISTRY}/vgpu-manager:${VERSION}-${OS_TAG}\n
Go to Container Management , select your worker cluster and click Nodes. On the right of the list, click \u2507 and select Edit Labels to add labels to the nodes. Each node can only have one label.
You can assign the following values to the labels: container, vm-passthrough, and vm-vgpu.
"},{"location":"en/admin/virtnest/vm/vm-gpu.html#install-nvidia-operator","title":"Install Nvidia Operator","text":"Go to Container Management , select your worker cluster, click Helm Apps -> Helm Charts , choose and install gpu-operator. You need to modify some fields in the yaml.
gpu-operator.sandboxWorkloads.enabled=true\ngpu-operator.vgpuManager.enabled=true\ngpu-operator.vgpuManager.repository=<your-register-url> # (1)!\ngpu-operator.vgpuManager.image=vgpu-manager\ngpu-operator.vgpuManager.version=<your-vgpu-manager-version> # (2)!\ngpu-operator.vgpuDeviceManager.enabled=true\n
Wait for the installation to be successful, as shown in the image below:
Install virtnest-agent, refer to Install virtnest-agent.
Add vGPU and GPU direct pass-through to the Virtnest Kubevirt CR. The following example shows the key yaml after adding vGPU and GPU direct pass-through:
spec:\n configuration:\n developerConfiguration:\n featureGates:\n - GPU\n - DisableMDEVConfiguration\n # Fill in the information below\n permittedHostDevices:\n mediatedDevices: # vGPU\n - mdevNameSelector: GRID P4-1Q\n resourceName: nvidia.com /GRID_P4-1Q\n pciHostDevices: # GPU direct pass-through\n - externalResourceProvider: true\n pciVendorSelector: 10DE:1BB3\n resourceName: nvidia.com /GP104GL_TESLA_P4\n
In the kubevirt CR yaml, permittedHostDevices
is used to import VM devices, and vGPU should be added in mediatedDevices
with the following structure:
mediatedDevices: \n- mdevNameSelector: GRID P4-1Q # Device Name\n resourceName: nvidia.com/GRID_P4-1Q # vGPU information registered by GPU Operator to the node\n
GPU direct pass-through should be added in pciHostDevices
under permittedHostDevices
with the following structure:
pciHostDevices: \n- externalResourceProvider: true # Do not change by default\n pciVendorSelector: 10DE:1BB3 # Vendor id of the current pci device\n resourceName: nvidia.com/GP104GL_TESLA_P4 # GPU information registered by GPU Operator to the node\n
Example of obtaining vGPU information (only applicable to vGPU): View node information on a node marked as nvidia.com/gpu.workload.config=vm-vgpu
(e.g., work-node-2), and the nvidia.com/GRID_P4-1Q: 8
in Capacity indicates available vGPUs:
# kubectl describe node work-node-2\nCapacity:\n cpu: 64\n devices.kubevirt.io/kvm: 1k\n devices.kubevirt.io/tun: 1k\n devices.kubevirt.io/vhost-net: 1k\n ephemeral-storage: 102626232Ki\n hugepages-1Gi: 0\n hugepages-2Mi: 0\n memory: 264010840Ki\n nvidia.com/GRID_P4-1Q : 8\n pods: 110\nAllocatable:\n cpu: 64\n devices.kubevirt.io/kvm: 1k\n devices.kubevirt.io/tun: 1k\n devices.kubevirt.io/vhost-net: 1k\n ephemeral-storage: 94580335255\n hugepages-1Gi: 0\n hugepages-2Mi: 0\n memory: 263908440Ki\n nvidia.com/GRID_P4-1Q: 8\n pods: 110\n
So the mdevNameSelector
should be \"GRID P4-1Q\" and the resourceName
should be \"GRID_P4-1Q\".
Obtain GPU direct pass-through information: On a node marked as nvidia.com/gpu.workload.config=vm-passthrough
(e.g., work-node-1), view the node information, and nvidia.com/GP104GL_TESLA_P4: 2
in Capacity indicates available vGPUs:
# kubectl describe node work-node-1\nCapacity:\n cpu: 64\n devices.kubevirt.io/kvm: 1k\n devices.kubevirt.io/tun: 1k\n devices.kubevirt.io/vhost-net: 1k\n ephemeral-storage: 102626232Ki\n hugepages-1Gi: 0\n hugepages-2Mi: 0\n memory: 264010840Ki\n nvidia.com/GP104GL_TESLA_P4: 2\n pods: 110\nAllocatable:\n cpu: 64\n devices.kubevirt.io/kvm: 1k\n devices.kubevirt.io/tun: 1k\n devices.kubevirt.io/vhost-net: 1k\n ephemeral-storage: 94580335255\n hugepages-1Gi: 0\n hugepages-2Mi: 0\n memory: 263908440Ki\n nvidia.com/GP104GL_TESLA_P4: 2\n pods: 110\n
So the resourceName
should be \"GRID_P4-1Q\". How to obtain the pciVendorSelector
? SSH into the target node work-node-1 and use the command \"lspci -nnk -d 10de:\" to get the Nvidia GPU PCI information, as shown in the image above.
Editing kubevirt CR note: If there are multiple GPUs of the same model, only one needs to be written in the CR, listing each GPU is not necessary.
# kubectl -n virtnest-system edit kubevirt kubevirt\nspec:\n configuration:\n developerConfiguration:\n featureGates:\n - GPU\n - DisableMDEVConfiguration\n # Fill in the information below\n permittedHostDevices:\n mediatedDevices: # vGPU\n - mdevNameSelector: GRID P4-1Q\n resourceName: nvidia.com/GRID_P4-1Q\n pciHostDevices: # GPU direct pass-through, in the above example, TEESLA P4 has two GPUs, only register one here\n - externalResourceProvider: true\n pciVendorSelector: 10DE:1BB3\n resourceName: nvidia.com/GP104GL_TESLA_P4 \n
The only difference from a regular virtual machine is adding GPU-related information in the devices section.
Click to view complete YAMLapiVersion: kubevirt.io/v1\nkind: VirtualMachine\nmetadata:\n name: testvm-gpu1\n namespace: default\nspec:\n dataVolumeTemplates:\n - metadata:\n creationTimestamp: null\n name: systemdisk-testvm-gpu1\n namespace: default\n spec:\n pvc:\n accessModes:\n - ReadWriteOnce\n resources:\n requests:\n storage: 10Gi\n storageClassName: www\n source:\n registry:\n url: docker://release-ci.daocloud.io/virtnest/system-images/debian-12-x86_64:v1\nrunStrategy: Manual\ntemplate:\n metadata:\n creationTimestamp: null\n spec:\n domain:\n cpu:\n cores: 1\n sockets: 1\n threads: 1\n devices:\n disks:\n - bootOrder: 1\n disk:\n bus: virtio\n name: systemdisk-testvm-gpu1\n - disk:\n bus: virtio\n name: cloudinitdisk\n gpus:\n - deviceName: nvidia.com/GP104GL_TESLA_P4\n name: gpu-0-0\n - deviceName: nvidia.com/GP104GL_TESLA_P4\n name: gpu-0-1\n interfaces:\n - masquerade: {}\n name: default\n machine:\n type: q35\n resources:\n requests:\n memory: 2Gi\n networks:\n - name: default\n pod: {}\n volumes:\n - dataVolume:\n name: systemdisk-testvm-gpu1\n name: systemdisk-testvm-gpu1\n - cloudInitNoCloud:\n userDataBase64: I2Nsb3VkLWNvbmZpZwpzc2hfcHdhdXRoOiB0cnVlCmRpc2FibGVfcm9vdDogZmFsc2UKY2hwYXNzd2Q6IHsibGlzdCI6ICJyb290OmRhbmdlcm91cyIsIGV4cGlyZTogRmFsc2V9CgoKcnVuY21kOgogIC0gc2VkIC1pICIvI1w/UGVybWl0Um9vdExvZ2luL3MvXi4qJC9QZXJtaXRSb290TG9naW4geWVzL2ciIC9ldGMvc3NoL3NzaGRfY29uZmlnCiAgLSBzeXN0ZW1jdGwgcmVzdGFydCBzc2guc2VydmljZQ==\n name: cloudinitdisk\n
"},{"location":"en/end-user/index.html","title":"Suanova AI Platform - End User","text":"This is the user documentation for the Suanova AI Platform aimed at end users.
User Registration
User registration is the first step to using the AI platform.
Cloud Host
A cloud host is a virtual machine deployed in the cloud.
Container Management
Container management is the core module of the AI computing center.
AI Lab
Manage datasets and run AI training and inference jobs.
Insight
Monitor the status of clusters, nodes, and workloads through dashboards.
Personal Center
Set password, keys, and language in the personal center.
This article serves as a straightforward manual for users to leverage AI Lab throughout the development and training process involving datasets, Notebooks, and job training.
"},{"location":"en/end-user/baize/quick-start.html#preparing-your-dataset","title":"Preparing Your Dataset","text":"Start by clicking on Data Management -> Datasets, and then select the Create button to set up the three datasets outlined below.
"},{"location":"en/end-user/baize/quick-start.html#dataset-training-code","title":"Dataset: Training Code","text":"tensorflow/tf-fashion-mnist-sample
Note
Currently, only the StorageClass
with read-write mode ReadWriteMany
is supported. Please use NFS or the recommended JuiceFS.
For this training session, we will use the Fashion-MNIST dataset, which can be found at https://github.com/zalandoresearch/fashion-mnist.git.
If you're in China, you can use Gitee for a quicker download: https://gitee.com/samzong_lu/fashion-mnist.git
Note
If the training data dataset isn't created beforehand, it will be automatically downloaded during the training script execution. Preparing the dataset in advance can help speed up the training process.
"},{"location":"en/end-user/baize/quick-start.html#dataset-empty-dataset","title":"Dataset: Empty Dataset","text":"AI Lab allows you to use PVC
as the data source type for datasets. After creating an empty PVC bound to the dataset, you can utilize this empty dataset to store the output datasets from future training jobs, including models and logs.
When running the script, you'll need the TensorFlow
Python library. You can use AI Lab's environment dependency management feature to download and prepare the necessary Python libraries in advance, eliminating the need for image builds.
Check out the Environment Dependency guide to add a CONDA
environment.
name: tensorflow\nchannels:\n - defaults\n - conda-forge\ndependencies:\n - python=3.12\n - tensorflow\nprefix: /opt/conda/envs/tensorflow\n
Note
After the environment is successfully set up, you only need to mount this environment to the Notebook or training jobs, using the base image provided by AI Lab.
"},{"location":"en/end-user/baize/quick-start.html#using-a-notebook-to-debug-your-script","title":"Using a Notebook to Debug Your Script","text":"Prepare your development environment by clicking on Notebooks in the navigation bar, then hit Create.
Associate the three datasets you prepared earlier, filling in the mount paths as shown in the image below. Make sure to configure the empty dataset in the output dataset location.
Select and bind the environment dependency package.
Wait for the Notebook to be successfully created, then click the access link in the list to enter the Notebook. In the Notebook terminal, run the following command to start the training job:
Note
The script uses TensorFlow; if you forget to associate the dependency library, you can temporarily install it using pip install tensorflow
.
python /home/jovyan/code/tensorflow/tf-fashion-mnist-sample/train.py\n
TensorFlow
job.In the job resource configuration, correctly set up the job resources and click Next.
TensorFlow
Python library.bash
.Enable Command:
python /home/jovyan/code/tensorflow/tf-fashion-mnist-sample/train.py\n
In the advanced configuration, enable Job Analysis (TensorBoard), and click OK.
Note
Logs will be saved in the output dataset at /home/jovyan/model/train/logs/
.
Return to the training job list and wait for the status to change to Success. Click on the \u2507 icon on the right side of the list to view details, clone jobs, update priority, view logs, and delete jobs, among other options.
Once the job is successfully created, click on Job Analysis in the left navigation bar to check the job status and fine-tune your training.
AI Lab provides comprehensive dataset management functions needed for model development, training, and inference processes. Currently, it supports unified access to various data sources.
With simple configurations, you can connect data sources to AI Lab, achieving unified data management, preloading, dataset management, and other functionalities.
"},{"location":"en/end-user/baize/dataset/create-use-delete.html#create-a-dataset","title":"Create a Dataset","text":"In the left navigation bar, click Data Management -> Dataset List, and then click the Create button on the right.
Select the worker cluster and namespace to which the dataset belongs, then click Next.
Configure the data source type for the target data, then click OK.
Currently supported data sources include:
Upon successful creation, the dataset will be returned to the dataset list. You can perform more actions by clicking \u2507 on the right.
Info
The system will automatically perform a one-time data preloading after the dataset is successfully created; the dataset cannot be used until the preloading is complete.
"},{"location":"en/end-user/baize/dataset/create-use-delete.html#use-a-dataset","title":"Use a Dataset","text":"Once the dataset is successfully created, it can be used in tasks such as model training and inference.
"},{"location":"en/end-user/baize/dataset/create-use-delete.html#use-in-notebook","title":"Use in Notebook","text":"In creating a Notebook, you can directly use the dataset; the usage is as follows:
If you find a dataset to be redundant, expired, or no longer needed, you can delete it from the dataset list.
Click the \u2507 on the right side of the dataset list, then choose Delete from the dropdown menu.
In the pop-up window, confirm the dataset you want to delete, enter the dataset name, and then click Delete.
A confirmation message will appear indicating successful deletion, and the dataset will disappear from the list.
Caution
Once a dataset is deleted, it cannot be recovered, so please proceed with caution.
"},{"location":"en/end-user/baize/dataset/environments.html","title":"Manage Python Environment Dependencies","text":"This document aims to guide users on managing environment dependencies using AI platform. Below are the specific steps and considerations.
Traditionally, Python environment dependencies are built into an image, which includes the Python version and dependency packages. This approach has high maintenance costs and is inconvenient to update, often requiring a complete rebuild of the image.
In AI Lab, users can manage pure environment dependencies through the Environment Management module, decoupling this part from the image. The advantages include:
The main components of the environment management are:
On the Environment Management interface, click the Create button at the top right to enter the environment creation process.
Fill in the following basic information:
gpu-cluster
.default
.In the environment configuration step, users need to configure the Python version and dependency management tool.
"},{"location":"en/end-user/baize/dataset/environments.html#environment-settings","title":"Environment Settings","text":"3.12.3
.PIP
or CONDA
.PIP
is selected: Enter the dependency package list in requirements.txt
format in the editor below.CONDA
is selected: Enter the dependency package list in environment.yaml
format in the editor below.ReadWriteMany
.After configuration, click the Create button, and the system will automatically create and configure the new Python environment.
"},{"location":"en/end-user/baize/dataset/environments.html#troubleshooting","title":"Troubleshooting","text":"If environment creation fails:
If dependency preloading fails:
requirements.txt
or environment.yaml
file format is correct.These are the basic steps and considerations for managing Python dependencies in AI Lab.
"},{"location":"en/end-user/baize/inference/models.html","title":"Model Support","text":"With the rapid iteration of AI Lab, we have now supported various model inference services. Here, you can see information about the supported models.
LLama
, Qwen
, ChatGLM
, and more.Note
The support for inference capabilities is related to the version of AI Lab.
You can use GPU types that have been verified by AI platform in AI Lab. For more details, refer to the GPU Support Matrix.
"},{"location":"en/end-user/baize/inference/models.html#triton-inference-server","title":"Triton Inference Server","text":"Through the Triton Inference Server, traditional deep learning models can be well supported. Currently, AI Lab supports mainstream inference backend services:
Backend Supported Model Formats Description pytorch TorchScript, PyTorch 2.0 formats triton-inference-server/pytorch_backend tensorflow TensorFlow 2.x triton-inference-server/tensorflow_backend vLLM (Deprecated) TensorFlow 2.x triton-inference-server/tensorflow_backendDanger
The use of Triton's Backend vLLM method has been deprecated. It is recommended to use the latest support for vLLM to deploy your large language models.
"},{"location":"en/end-user/baize/inference/models.html#vllm","title":"vLLM","text":"With vLLM, we can quickly use large language models. Here, you can see the list of models we support, which generally aligns with the vLLM Support Models
.
Currently, AI Lab also supports some new features when using vLLM as an inference tool:
Lora Adapter
to optimize model inference services during inference.OpenAPI
interface with OpenAI
, making it easy for users to switch to local inference services at a low cost and quickly transition.The AI Lab currently offers Triton and vLLM as inference frameworks. Users can quickly start a high-performance inference service with simple configurations.
Danger
The use of Triton's Backend vLLM method has been deprecated. It is recommended to use the latest support for vLLM to deploy your large language models.
"},{"location":"en/end-user/baize/inference/triton-inference.html#introduction-to-triton","title":"Introduction to Triton","text":"Triton is an open-source inference server developed by NVIDIA, designed to simplify the deployment and inference of machine learning models. It supports a variety of deep learning frameworks, including TensorFlow and PyTorch, enabling users to easily manage and deploy different types of models.
"},{"location":"en/end-user/baize/inference/triton-inference.html#prerequisites","title":"Prerequisites","text":"Prepare model data: Manage the model code in dataset management and ensure that the data is successfully preloaded. The following example illustrates the PyTorch model for mnist handwritten digit recognition.
Note
The model to be inferred must adhere to the following directory structure within the dataset:
<model-repository-name>\n \u2514\u2500\u2500 <model-name>\n \u2514\u2500\u2500 <version>\n \u2514\u2500\u2500 <model-definition-file>\n
The directory structure in this example is as follows:
model-repo\n \u2514\u2500\u2500 mnist-cnn\n \u2514\u2500\u2500 1\n \u2514\u2500\u2500 model.pt\n
"},{"location":"en/end-user/baize/inference/triton-inference.html#create-inference-service","title":"Create Inference Service","text":"Currently, form-based creation is supported, allowing you to create services with field prompts in the interface.
"},{"location":"en/end-user/baize/inference/triton-inference.html#configure-model-path","title":"Configure Model Path","text":"The model path model-repo/mnist-cnn/1/model.pt
must be consistent with the directory structure of the dataset.
Note
The first dimension of the input and output parameters defaults to batchsize
, setting it to -1
allows for the automatic calculation of the batchsize based on the input inference data. The remaining dimensions and data type must match the model's input.
You can import the environment created in Manage Python Environment Dependencies to serve as the runtime environment for inference.
"},{"location":"en/end-user/baize/inference/triton-inference.html#advanced-settings","title":"Advanced Settings","text":""},{"location":"en/end-user/baize/inference/triton-inference.html#configure-authentication-policy","title":"Configure Authentication Policy","text":"Supports API key-based request authentication. Users can customize and add authentication parameters.
"},{"location":"en/end-user/baize/inference/triton-inference.html#affinity-scheduling","title":"Affinity Scheduling","text":"Supports automated affinity scheduling based on GPU resources and other node configurations. It also allows users to customize scheduling policies.
"},{"location":"en/end-user/baize/inference/triton-inference.html#access","title":"Access","text":""},{"location":"en/end-user/baize/inference/triton-inference.html#api-access","title":"API Access","text":"Send HTTP POST Request: Use tools like curl
or HTTP client libraries (e.g., Python's requests
library) to send POST requests to the Triton Server.
Set HTTP Headers: Configuration generated automatically based on user settings, include metadata about the model inputs and outputs in the HTTP headers.
Construct Request Body: The request body usually contains the input data for inference and model-specific metadata.
curl -X POST \"http://<ip>:<port>/v2/models/<inference-name>/infer\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"inputs\": [\n {\n \"name\": \"model_input\", \n \"shape\": [1, 1, 32, 32], \n \"datatype\": \"FP32\", \n \"data\": [\n [0.1234, 0.5678, 0.9101, ... ] \n ]\n }\n ]\n }'\n
<ip>
is the host address where the Triton Inference Server is running.<port>
is the port where the Triton Inference Server is running.<inference-name>
is the name of the inference service that has been created.\"name\"
must match the name
of the input parameter in the model configuration.\"shape\"
must match the dims
of the input parameter in the model configuration.\"datatype\"
must match the Data Type
of the input parameter in the model configuration.\"data\"
should be replaced with the actual inference data.Please note that the above example code needs to be adjusted according to your specific model and environment. The format and content of the input data must also comply with the model's requirements.
"},{"location":"en/end-user/baize/inference/vllm-inference.html","title":"Create Inference Service Using vLLM Framework","text":"AI Lab supports using vLLM as an inference service, offering all the capabilities of vLLM while fully adapting to the OpenAI interface definition.
"},{"location":"en/end-user/baize/inference/vllm-inference.html#introduction-to-vllm","title":"Introduction to vLLM","text":"vLLM is a fast and easy-to-use library for inference and services. It aims to significantly improve the throughput and memory efficiency of language model services in real-time scenarios. vLLM boasts several features in terms of speed and flexibility:
Prepare model data: Manage the model code in dataset management and ensure that the data is successfully preloaded.
"},{"location":"en/end-user/baize/inference/vllm-inference.html#create-inference-service","title":"Create Inference Service","text":"Select the vLLM
inference framework. In the model module selection, choose the pre-created model dataset hdd-models
and fill in the path
information where the model is located within the dataset.
This guide uses the ChatGLM3 model for creating the inference service.
Configure the resources for the inference service and adjust the parameters for running the inference service.
Parameter Name Description GPU Resources Configure GPU resources for inference based on the model scale and cluster resources. Allow Remote Code Controls whether vLLM trusts and executes code from remote sources. LoRA LoRA is a parameter-efficient fine-tuning technique for deep learning models. It reduces the number of parameters and computational complexity by decomposing the original model parameter matrix into low-rank matrices. 1.--lora-modules
: Specifies specific modules or layers for low-rank approximation. 2. max_loras_rank
: Specifies the maximum rank for each adapter layer in the LoRA model. For simpler tasks, a smaller rank value can be chosen, while more complex tasks may require a larger rank value to ensure model performance. 3. max_loras
: Indicates the maximum number of LoRA layers that can be included in the model, customized based on model size and inference complexity. 4. max_cpu_loras
: Specifies the maximum number of LoRA layers that can be handled in a CPU environment. Associated Environment Selects predefined environment dependencies required for inference. Info
For models that support LoRA parameters, refer to vLLM Supported Models.
In the Advanced Configuration , support is provided for automated affinity scheduling based on GPU resources and other node configurations. Users can also customize scheduling policies.
Once the inference service is created, click the name of the inference service to enter the details and view the API call methods. Verify the execution results using Curl, Python, and Node.js.
Copy the curl
command from the details and execute it in the terminal to send a model inference request. The expected output should be:
Job management refers to the functionality of creating and managing job lifecycles through job scheduling and control components.
AI platform Smart Computing Capability adopts Kubernetes' Job mechanism to schedule various AI inference and training jobs.
Click Job Center -> Jobs in the left navigation bar to enter the job list. Click the Create button on the right.
The system will pre-fill basic configuration data, including the cluster, namespace, type, queue, and priority. Adjust these parameters and click Next.
Configure the URL, runtime parameters, and associated datasets, then click Next.
Optionally add labels, annotations, runtime env variables, and other job parameters. Select a scheduling policy and click OK.
After the job is successfully created, it will have several running statuses:
If you find a job to be redundant, expired, or no longer needed for any other reason, you can delete it from the job list.
Click the \u2507 on the right side of the job in the job list, then choose Delete from the dropdown menu.
In the pop-up window, confirm the job you want to delete, enter the job name, and then click Delete.
A confirmation message will appear indicating successful deletion, and the job will disappear from the list.
Caution
Once a job is deleted, it cannot be recovered, so please proceed with caution.
"},{"location":"en/end-user/baize/jobs/mpi.html","title":"MPI Jobs","text":"MPI (Message Passing Interface) is a communication protocol used for parallel computing, allowing multiple computing nodes to exchange messages and collaborate. An MPI job is a job that performs parallel computation using the MPI protocol, suitable for applications requiring large-scale parallel processing, such as distributed training and scientific computing.
In AI Lab, we provide support for MPI jobs, allowing you to quickly create MPI jobs through a graphical interface for high-performance parallel computing. This tutorial will guide you on how to create and run an MPI job in AI Lab.
"},{"location":"en/end-user/baize/jobs/mpi.html#job-configuration-overview","title":"Job Configuration Overview","text":"MPI
, used for running parallel computing jobs.Here we will use the baize-notebook
base image and the associated environment method as the foundational running environment for the job. Ensure that the running environment includes MPI and related libraries, such as OpenMPI and mpi4py
.
Note : For information on how to create an environment, please refer to the Environment List.
"},{"location":"en/end-user/baize/jobs/mpi.html#creating-an-mpi-job","title":"Creating an MPI Job","text":""},{"location":"en/end-user/baize/jobs/mpi.html#steps-to-create-an-mpi-job","title":"Steps to Create an MPI Job","text":"MPI
, then click Next.mpirun
, which is the command to run MPI programs.Example: Running TensorFlow Benchmarks
In this example, we will run a TensorFlow benchmark program using Horovod for distributed training. First, make sure that the image you are using contains the necessary dependencies, such as TensorFlow, Horovod, Open MPI, etc.
Image Selection : Use an image that includes TensorFlow and MPI, such as mai.daocloud.io/docker.io/mpioperator/tensorflow-benchmarks:latest
.
Command Arguments :
mpirun --allow-run-as-root -np 2 -bind-to none -map-by slot \\\n -x NCCL_DEBUG=INFO -x LD_LIBRARY_PATH -x PATH \\\n -mca pml ob1 -mca btl ^openib \\\n python scripts/tf_cnn_benchmarks/tf_cnn_benchmarks.py \\\n --model=resnet101 --batch_size=64 --variable_update=horovod\n
Explanation:
mpirun
: The MPI start command.--allow-run-as-root
: Allows running as the root user (usually the root user in containers).-np 2
: Specifies the number of processes to run as 2.-bind-to none
, -map-by slot
: Configuration for MPI process binding and mapping.-x NCCL_DEBUG=INFO
: Sets the debug information level for NCCL (NVIDIA Collective Communication Library).-x LD_LIBRARY_PATH
, -x PATH
: Passes necessary environment variables in the MPI environment.-mca pml ob1 -mca btl ^openib
: MPI configuration arguments specifying transport and message layer protocols.python scripts/tf_cnn_benchmarks/tf_cnn_benchmarks.py
: Runs the TensorFlow benchmark script.--model=resnet101
, --batch_size=64
, --variable_update=horovod
: Arguments for the TensorFlow script, specifying the model, batch size, and using Horovod for argument updates.In the job configuration, you need to allocate appropriate resources for each node (Launcher and Worker), such as CPU, memory, and GPU.
Resource Example :
Launcher :
Worker :
Below is a complete MPIJob configuration example for your reference.
apiVersion: kubeflow.org/v1\nkind: MPIJob\nmetadata:\n name: tensorflow-benchmarks\nspec:\n slotsPerWorker: 1\n runPolicy:\n cleanPodPolicy: Running\n mpiReplicaSpecs:\n Launcher:\n replicas: 1\n template:\n spec:\n containers:\n - name: tensorflow-benchmarks\n image: mai.daocloud.io/docker.io/mpioperator/tensorflow-benchmarks:latest\n command:\n - mpirun\n - --allow-run-as-root\n - -np\n - \"2\"\n - -bind-to\n - none\n - -map-by\n - slot\n - -x\n - NCCL_DEBUG=INFO\n - -x\n - LD_LIBRARY_PATH\n - -x\n - PATH\n - -mca\n - pml\n - ob1\n - -mca\n - btl\n - ^openib\n - python\n - scripts/tf_cnn_benchmarks/tf_cnn_benchmarks.py\n - --model=resnet101\n - --batch_size=64\n - --variable_update=horovod\n resources:\n limits:\n cpu: \"2\"\n memory: 4Gi\n requests:\n cpu: \"2\"\n memory: 4Gi\n Worker:\n replicas: 2\n template:\n spec:\n containers:\n - name: tensorflow-benchmarks\n image: mai.daocloud.io/docker.io/mpioperator/tensorflow-benchmarks:latest\n resources:\n limits:\n cpu: \"2\"\n memory: 4Gi\n nvidia.com/gpumem: 1k\n nvidia.com/vgpu: \"1\"\n requests:\n cpu: \"2\"\n memory: 4Gi\n
Configuration Explanation:
apiVersion
and kind
: Indicate the API version and type of resource; MPIJob
is a custom resource defined by Kubeflow for creating MPI-type jobs.metadata
: Metadata containing the job name and other information.spec
: Detailed configuration of the job.slotsPerWorker
: Number of slots per Worker node, typically set to 1.runPolicy
: Running policy, such as whether to clean up Pods after job completion.mpiReplicaSpecs
: Replica configuration for the MPI job.Launcher
: The launcher responsible for starting the MPI job.replicas
: Number of replicas, usually 1.template
: Pod template defining the container's running image, command, resources, etc.Worker
: The worker nodes that actually execute the job.replicas
: Number of replicas set according to parallel needs, here set to 2.template
: Pod template defining the container's running environment and resources.When creating an MPI job, you need to correctly set the Job Replica Count according to the number of replicas configured in mpiReplicaSpecs
.
Launcher
replicas + Worker
replicasIn this example:
Launcher
replicas: 1Worker
replicas: 2Therefore, in the job configuration, you need to set the Job Replica Count to 3.
"},{"location":"en/end-user/baize/jobs/mpi.html#submitting-the-job","title":"Submitting the Job","text":"Once the configuration is complete, click the Submit button to start running the MPI job.
"},{"location":"en/end-user/baize/jobs/mpi.html#viewing-the-running-results","title":"Viewing the Running Results","text":"After the job is successfully submitted, you can enter the Job Details page to view resource usage and the job's running status. From the upper right corner, you can access Workload Details to see the log output from each node during the run.
Example Output :
TensorFlow: 1.13\nModel: resnet101\nMode: training\nBatch size: 64\n...\n\nTotal images/sec: 125.67\n
This indicates that the MPI job has successfully run, and the TensorFlow benchmark program has completed distributed training.
"},{"location":"en/end-user/baize/jobs/mpi.html#summary","title":"Summary","text":"Through this tutorial, you have learned how to create and run an MPI job on the AI Lab platform. We detailed the configuration methods for MPIJob and how to specify the running commands and resource requirements in the job. We hope this tutorial is helpful to you; if you have any questions, please refer to other documents provided by the platform or contact technical support.
Appendix :
mpi4py
, Horovod, etc.), please add installation commands in the job or use an image with the relevant dependencies pre-installed.Warning
Since the Apache MXNet project has been archived, the Kubeflow MXJob will be deprecated and removed in the future Training Operator version 1.9.
Apache MXNet is a high-performance deep learning framework that supports multiple programming languages. MXNet jobs can be trained using various methods, including single-node and distributed modes. In AI Lab, we provide support for MXNet jobs, allowing you to quickly create MXNet jobs for model training through an interface.
This tutorial will guide you on how to create and run both single-node and distributed MXNet jobs on the AI Lab platform.
"},{"location":"en/end-user/baize/jobs/mxnet.html#job-configuration-overview","title":"Job Configuration Overview","text":"MXNet
, supporting both single-node and distributed modes.We will use the release-ci.daocloud.io/baize/kubeflow/mxnet-gpu:latest
image as the base running environment for the job. This image comes pre-installed with MXNet and its related dependencies, supporting GPU acceleration.
Note : For information on how to create and manage environments, please refer to the Environment List.
"},{"location":"en/end-user/baize/jobs/mxnet.html#creating-an-mxnet-job","title":"Creating an MXNet Job","text":""},{"location":"en/end-user/baize/jobs/mxnet.html#mxnet-single-node-job","title":"MXNet Single-node Job","text":""},{"location":"en/end-user/baize/jobs/mxnet.html#steps-to-create","title":"Steps to Create","text":"MXNet
, then click Next.python3
Command Arguments :
/mxnet/mxnet/example/gluon/mnist/mnist.py --epochs 10 --cuda\n
Explanation :
/mxnet/mxnet/example/gluon/mnist/mnist.py
: The MNIST handwritten digit recognition example script provided by MXNet.--epochs 10
: Sets the number of training epochs to 10.--cuda
: Uses CUDA for GPU acceleration.Below is the YAML configuration for a single-node MXJob:
apiVersion: \"kubeflow.org/v1\"\nkind: \"MXJob\"\nmetadata:\n name: \"mxnet-single-job\"\nspec:\n jobMode: MXTrain\n mxReplicaSpecs:\n Worker:\n replicas: 1\n restartPolicy: Never\n template:\n spec:\n containers:\n - name: mxnet\n image: release-ci.daocloud.io/baize/kubeflow/mxnet-gpu:latest\n command: [\"python3\"]\n args:\n [\n \"/mxnet/mxnet/example/gluon/mnist/mnist.py\",\n \"--epochs\",\n \"10\",\n \"--cuda\",\n ]\n ports:\n - containerPort: 9991\n name: mxjob-port\n resources:\n limits:\n cpu: \"2\"\n memory: 4Gi\n nvidia.com/gpu: 1\n requests:\n cpu: \"2\"\n memory: 4Gi\n nvidia.com/gpu: 1\n
Configuration Explanation :
apiVersion
and kind
: Specify the API version and type of resource; here it is MXJob
.metadata
: Metadata including the job name and other information.spec
: Detailed configuration of the job.jobMode
: Set to MXTrain
, indicating a training job.mxReplicaSpecs
: Replica configuration for the MXNet job.Worker
: Specifies the configuration for worker nodes.replicas
: Number of replicas, here set to 1.restartPolicy
: Restart policy set to Never
, indicating that the job will not restart if it fails.template
: Pod template defining the running environment and resources for the container.containers
: List of containers.name
: Container name.image
: The image used.command
and args
: Start command and arguments.ports
: Container port configuration.resources
: Resource requests and limits.Once the configuration is complete, click the Submit button to start running the MXNet single-node job.
"},{"location":"en/end-user/baize/jobs/mxnet.html#viewing-the-results","title":"Viewing the Results","text":"After the job is successfully submitted, you can enter the Job Details page to view resource usage and the job's running status. You can access Workload Details from the upper right corner to see the log output during the run.
Example Output :
Epoch 1: accuracy=0.95\nEpoch 2: accuracy=0.97\n...\nEpoch 10: accuracy=0.98\nTraining completed.\n
This indicates that the MXNet single-node job has run successfully and the model training has been completed.
"},{"location":"en/end-user/baize/jobs/mxnet.html#mxnet-distributed-job","title":"MXNet Distributed Job","text":"In distributed mode, the MXNet job can utilize multiple computing nodes to complete training, improving training efficiency.
"},{"location":"en/end-user/baize/jobs/mxnet.html#steps-to-create_1","title":"Steps to Create","text":"MXNet
, then click Next.python3
Command Arguments :
/mxnet/mxnet/example/image-classification/train_mnist.py --num-epochs 10 --num-layers 2 --kv-store dist_device_sync --gpus 0\n
Explanation :
/mxnet/mxnet/example/image-classification/train_mnist.py
: The image classification example script provided by MXNet.--num-epochs 10
: Sets the number of training epochs to 10.--num-layers 2
: Sets the number of layers in the model to 2.--kv-store dist_device_sync
: Uses distributed device synchronization mode.--gpus 0
: Uses GPU for acceleration.Below is the YAML configuration for a distributed MXJob:
apiVersion: \"kubeflow.org/v1\"\nkind: \"MXJob\"\nmetadata:\n name: \"mxnet-job\"\nspec:\n jobMode: MXTrain\n mxReplicaSpecs:\n Scheduler:\n replicas: 1\n restartPolicy: Never\n template:\n spec:\n containers:\n - name: mxnet\n image: release-ci.daocloud.io/baize/kubeflow/mxnet-gpu:latest\n ports:\n - containerPort: 9991\n name: mxjob-port\n resources:\n limits:\n cpu: \"2\"\n memory: 4Gi\n nvidia.com/gpu: 1\n requests:\n cpu: \"2\"\n memory: 4Gi\n Server:\n replicas: 1\n restartPolicy: Never\n template:\n spec:\n containers:\n - name: mxnet\n image: release-ci.daocloud.io/baize/kubeflow/mxnet-gpu:latest\n ports:\n - containerPort: 9991\n name: mxjob-port\n resources:\n limits:\n cpu: \"2\"\n memory: 4Gi\n nvidia.com/gpu: 1\n requests:\n cpu: \"2\"\n memory: 4Gi\n Worker:\n replicas: 1\n restartPolicy: Never\n template:\n spec:\n containers:\n - name: mxnet\n image: release-ci.daocloud.io/baize/kubeflow/mxnet-gpu:latest\n command: [\"python3\"]\n args:\n [\n \"/mxnet/mxnet/example/image-classification/train_mnist.py\",\n \"--num-epochs\",\n \"10\",\n \"--num-layers\",\n \"2\",\n \"--kv-store\",\n \"dist_device_sync\",\n \"--gpus\",\n \"0\",\n ]\n ports:\n - containerPort: 9991\n name: mxjob-port\n resources:\n limits:\n cpu: \"2\"\n memory: 4Gi\n nvidia.com/gpu: 1\n requests:\n cpu: \"2\"\n memory: 4Gi\n
Configuration Explanation :
When creating a distributed MXNet job, you need to correctly set the Job Replica Count based on the replica counts configured in mxReplicaSpecs
.
Therefore, in the job configuration, you need to set the Job Replica Count to 3.
"},{"location":"en/end-user/baize/jobs/mxnet.html#submitting-the-job_1","title":"Submitting the Job","text":"Once the configuration is complete, click the Submit button to start running the MXNet distributed job.
"},{"location":"en/end-user/baize/jobs/mxnet.html#viewing-the-results_1","title":"Viewing the Results","text":"You can enter the Job Details page to view the job's running status and resource usage. You can check the log output from each role (Scheduler, Server, Worker).
Example Output :
INFO:root:Epoch[0] Batch [50] Speed: 1000 samples/sec accuracy=0.85\nINFO:root:Epoch[0] Batch [100] Speed: 1200 samples/sec accuracy=0.87\n...\nINFO:root:Epoch[9] Batch [100] Speed: 1300 samples/sec accuracy=0.98\nTraining completed.\n
This indicates that the MXNet distributed job has run successfully, and the model training has been completed.
"},{"location":"en/end-user/baize/jobs/mxnet.html#summary","title":"Summary","text":"Through this tutorial, you have learned how to create and run both single-node and distributed MXNet jobs on the AI Lab platform. We provided detailed information on configuring the MXJob and how to specify running commands and resource requirements in the job. We hope this tutorial is helpful to you; if you have any questions, please refer to other documents provided by the platform or contact technical support.
"},{"location":"en/end-user/baize/jobs/mxnet.html#appendix","title":"Appendix","text":"Notes :
Reference Documents :
PaddlePaddle is an open-source deep learning platform developed by Baidu, supporting a rich variety of neural network models and distributed training methods. PaddlePaddle jobs can be trained using either single-node or distributed modes. On the AI Lab platform, we provide support for PaddlePaddle jobs, allowing you to quickly create PaddlePaddle jobs for model training through a graphical interface.
This tutorial will guide you on how to create and run both single-node and distributed PaddlePaddle jobs on the AI Lab platform.
"},{"location":"en/end-user/baize/jobs/paddle.html#job-configuration-overview","title":"Job Configuration Overview","text":"PaddlePaddle
, supporting both single-node and distributed modes.We use the registry.baidubce.com/paddlepaddle/paddle:2.4.0rc0-cpu
image as the base running environment for the job. This image comes pre-installed with the PaddlePaddle framework and is suitable for CPU computations. If you need to use GPU, choose the proper GPU version of the image.
Note : For information on how to create and manage environments, refer to the Environment List.
"},{"location":"en/end-user/baize/jobs/paddle.html#creating-a-paddlepaddle-job","title":"Creating a PaddlePaddle Job","text":""},{"location":"en/end-user/baize/jobs/paddle.html#paddlepaddle-single-node-training-job","title":"PaddlePaddle Single-node Training Job","text":""},{"location":"en/end-user/baize/jobs/paddle.html#steps-to-create","title":"Steps to Create","text":"PaddlePaddle
, then click Next.python
Command Arguments :
-m paddle.distributed.launch run_check\n
Explanation :
-m paddle.distributed.launch
: Uses the distributed launch module provided by PaddlePaddle, which can also be used in single-node mode for easier future migration to distributed mode.run_check
: A test script provided by PaddlePaddle to check if the distributed environment is set up correctly.Below is the YAML configuration for a single-node PaddleJob:
apiVersion: kubeflow.org/v1\nkind: PaddleJob\nmetadata:\n name: paddle-simple-cpu\n namespace: kubeflow\nspec:\n paddleReplicaSpecs:\n Worker:\n replicas: 1\n restartPolicy: OnFailure\n template:\n spec:\n containers:\n - name: paddle\n image: registry.baidubce.com/paddlepaddle/paddle:2.4.0rc0-cpu\n command:\n [\n 'python',\n '-m',\n 'paddle.distributed.launch',\n 'run_check',\n ]\n
Configuration Explanation :
apiVersion
and kind
: Specify the API version and type of resource; here it is PaddleJob
.metadata
: Metadata including the job name and namespace.spec
: Detailed configuration of the job.paddleReplicaSpecs
: Replica configuration for the PaddlePaddle job.Worker
: Specifies the configuration for worker nodes.replicas
: Number of replicas, here set to 1 for single-node training.restartPolicy
: Restart policy set to OnFailure
, indicating that the job will automatically restart if it fails.template
: Pod template defining the running environment and resources for the container.containers
: List of containers.name
: Container name.image
: The image used.command
: Start command and arguments.Once the configuration is complete, click the Submit button to start running the PaddlePaddle single-node job.
"},{"location":"en/end-user/baize/jobs/paddle.html#viewing-the-results","title":"Viewing the Results","text":"After the job is successfully submitted, you can enter the Job Details page to view resource usage and the job's running status. You can access Workload Details from the upper right corner to see the log output during the run.
Example Output :
run check success, PaddlePaddle is installed correctly on this node :)\n
This indicates that the PaddlePaddle single-node job has run successfully and the environment is configured correctly.
"},{"location":"en/end-user/baize/jobs/paddle.html#paddlepaddle-distributed-training-job","title":"PaddlePaddle Distributed Training Job","text":"In distributed mode, PaddlePaddle jobs can utilize multiple computing nodes to complete training, improving training efficiency.
"},{"location":"en/end-user/baize/jobs/paddle.html#steps-to-create_1","title":"Steps to Create","text":"PaddlePaddle
, then click Next.python
Command Arguments :
-m paddle.distributed.launch train.py --epochs=10\n
Explanation :
-m paddle.distributed.launch
: Uses the distributed launch module provided by PaddlePaddle.train.py
: Your training script, which needs to be included in the image or mounted into the container.--epochs=10
: Sets the number of training epochs to 10.Worker
replica count; here it is 2.Below is the YAML configuration for a distributed PaddleJob:
apiVersion: kubeflow.org/v1\nkind: PaddleJob\nmetadata:\n name: paddle-distributed-job\n namespace: kubeflow\nspec:\n paddleReplicaSpecs:\n Worker:\n replicas: 2\n restartPolicy: OnFailure\n template:\n spec:\n containers:\n - name: paddle\n image: registry.baidubce.com/paddlepaddle/paddle:2.4.0rc0-cpu\n command:\n [\n 'python',\n '-m',\n 'paddle.distributed.launch',\n 'train.py',\n ]\n args:\n - '--epochs=10'\n
Configuration Explanation :
Worker
:replicas
: Set to 2, indicating that 2 worker nodes will be used for distributed training.When creating a distributed PaddlePaddle job, you need to set the Job Replica Count correctly based on the replica count configured in paddleReplicaSpecs
.
Worker
replica countWorker
replica count: 2Therefore, in the job configuration, you need to set the Job Replica Count to 2.
"},{"location":"en/end-user/baize/jobs/paddle.html#submitting-the-job_1","title":"Submitting the Job","text":"Once the configuration is complete, click the Submit button to start running the PaddlePaddle distributed job.
"},{"location":"en/end-user/baize/jobs/paddle.html#viewing-the-results_1","title":"Viewing the Results","text":"You can enter the Job Details page to view the job's running status and resource usage. You can check the log output from each worker node to confirm that the distributed training is running correctly.
Example Output :
Worker 0: Epoch 1, Batch 100, Loss 0.5\nWorker 1: Epoch 1, Batch 100, Loss 0.6\n...\nTraining completed.\n
This indicates that the PaddlePaddle distributed job has run successfully, and the model training has been completed.
"},{"location":"en/end-user/baize/jobs/paddle.html#summary","title":"Summary","text":"Through this tutorial, you have learned how to create and run both single-node and distributed PaddlePaddle jobs on the AI Lab platform. We provided detailed information on configuring the PaddleJob and how to specify running commands and resource requirements in the job. We hope this tutorial is helpful to you; if you have any questions, please refer to other documents provided by the platform or contact technical support.
"},{"location":"en/end-user/baize/jobs/paddle.html#appendix","title":"Appendix","text":"Notes :
train.py
(or other training scripts) exists inside the container. You can place the script in the container through custom images or by mounting persistent storage.paddle:2.4.0rc0-gpu
for GPU.command
and args
to pass different training arguments.Reference Documents :
Pytorch is an open-source deep learning framework that provides a flexible environment for training and deployment. A Pytorch job is a job that uses the Pytorch framework.
In the AI Lab platform, we provide support and adaptation for Pytorch jobs. Through a graphical interface, you can quickly create Pytorch jobs and perform model training.
"},{"location":"en/end-user/baize/jobs/pytorch.html#job-configuration","title":"Job Configuration","text":"Pytorch Single
and Pytorch Distributed
modes.Here we use the baize-notebook
base image and the associated environment
as the basic runtime environment for the job.
To learn how to create an environment, refer to Environments.
"},{"location":"en/end-user/baize/jobs/pytorch.html#create-jobs","title":"Create Jobs","text":""},{"location":"en/end-user/baize/jobs/pytorch.html#pytorch-single-jobs","title":"Pytorch Single Jobs","text":"Pytorch Single
and click Next .bash
import torch\nimport torch.nn as nn\nimport torch.optim as optim\n\n# Define a simple neural network\nclass SimpleNet(nn.Module):\n def __init__(self):\n super(SimpleNet, self).__init__()\n self.fc = nn.Linear(10, 1)\n\n def forward(self, x):\n return self.fc(x)\n\n# Create model, loss function, and optimizer\nmodel = SimpleNet()\ncriterion = nn.MSELoss()\noptimizer = optim.SGD(model.parameters(), lr=0.01)\n\n# Generate some random data\nx = torch.randn(100, 10)\ny = torch.randn(100, 1)\n\n# Train the model\nfor epoch in range(100):\n # Forward pass\n outputs = model(x)\n loss = criterion(outputs, y)\n\n # Backward pass and optimization\n optimizer.zero_grad()\n loss.backward()\n optimizer.step()\n\n if (epoch + 1) % 10 == 0:\n print(f'Epoch [{epoch+1}/100], Loss: {loss.item():.4f}')\n\nprint('Training finished.')\n
"},{"location":"en/end-user/baize/jobs/pytorch.html#results","title":"Results","text":"Once the job is successfully submitted, we can enter the job details to see the resource usage. From the upper right corner, go to Workload Details to view the log output during the training process.
[HAMI-core Warn(1:140244541377408:utils.c:183)]: get default cuda from (null)\n[HAMI-core Msg(1:140244541377408:libvgpu.c:855)]: Initialized\nEpoch [10/100], Loss: 1.1248\nEpoch [20/100], Loss: 1.0486\nEpoch [30/100], Loss: 0.9969\nEpoch [40/100], Loss: 0.9611\nEpoch [50/100], Loss: 0.9360\nEpoch [60/100], Loss: 0.9182\nEpoch [70/100], Loss: 0.9053\nEpoch [80/100], Loss: 0.8960\nEpoch [90/100], Loss: 0.8891\nEpoch [100/100], Loss: 0.8841\nTraining finished.\n[HAMI-core Msg(1:140244541377408:multiprocess_memory_limit.c:468)]: Calling exit handler 1\n
"},{"location":"en/end-user/baize/jobs/pytorch.html#pytorch-distributed-jobs","title":"Pytorch Distributed Jobs","text":"Pytorch Distributed
and click Next.bash
import os\nimport torch\nimport torch.distributed as dist\nimport torch.nn as nn\nimport torch.optim as optim\nfrom torch.nn.parallel import DistributedDataParallel as DDP\n\nclass SimpleModel(nn.Module):\n def __init__(self):\n super(SimpleModel, self).__init__()\n self.fc = nn.Linear(10, 1)\n\n def forward(self, x):\n return self.fc(x)\n\ndef train():\n # Print environment information\n print(f'PyTorch version: {torch.__version__}')\n print(f'CUDA available: {torch.cuda.is_available()}')\n if torch.cuda.is_available():\n print(f'CUDA version: {torch.version.cuda}')\n print(f'CUDA device count: {torch.cuda.device_count()}')\n\n rank = int(os.environ.get('RANK', '0'))\n world_size = int(os.environ.get('WORLD_SIZE', '1'))\n\n print(f'Rank: {rank}, World Size: {world_size}')\n\n # Initialize distributed environment\n try:\n if world_size > 1:\n dist.init_process_group('nccl')\n print('Distributed process group initialized successfully')\n else:\n print('Running in non-distributed mode')\n except Exception as e:\n print(f'Error initializing process group: {e}')\n return\n\n # Set device\n try:\n if torch.cuda.is_available():\n device = torch.device(f'cuda:{rank % torch.cuda.device_count()}')\n print(f'Using CUDA device: {device}')\n else:\n device = torch.device('cpu')\n print('CUDA not available, using CPU')\n except Exception as e:\n print(f'Error setting device: {e}')\n device = torch.device('cpu')\n print('Falling back to CPU')\n\n try:\n model = SimpleModel().to(device)\n print('Model moved to device successfully')\n except Exception as e:\n print(f'Error moving model to device: {e}')\n return\n\n try:\n if world_size > 1:\n ddp_model = DDP(model, device_ids=[rank % torch.cuda.device_count()] if torch.cuda.is_available() else None)\n print('DDP model created successfully')\n else:\n ddp_model = model\n print('Using non-distributed model')\n except Exception as e:\n print(f'Error creating DDP model: {e}')\n return\n\n loss_fn = nn.MSELoss()\n optimizer = optim.SGD(ddp_model.parameters(), lr=0.001)\n\n # Generate some random data\n try:\n data = torch.randn(100, 10, device=device)\n labels = torch.randn(100, 1, device=device)\n print('Data generated and moved to device successfully')\n except Exception as e:\n print(f'Error generating or moving data to device: {e}')\n return\n\n for epoch in range(10):\n try:\n ddp_model.train()\n outputs = ddp_model(data)\n loss = loss_fn(outputs, labels)\n optimizer.zero_grad()\n loss.backward()\n optimizer.step()\n\n if rank == 0:\n print(f'Epoch {epoch}, Loss: {loss.item():.4f}')\n except Exception as e:\n print(f'Error during training epoch {epoch}: {e}')\n break\n\n if world_size > 1:\n dist.destroy_process_group()\n\nif __name__ == '__main__':\n train()\n
"},{"location":"en/end-user/baize/jobs/pytorch.html#number-of-job-replicas","title":"Number of Job Replicas","text":"Note that Pytorch Distributed
training jobs will create a group of Master
and Worker
training Pods, where the Master
is responsible for coordinating the training job, and the Worker
is responsible for the actual training work.
Note
In this demonstration: Master
replica count is 1, Worker
replica count is 2; Therefore, we need to set the replica count to 3 in the Job Configuration , which is the sum of Master
and Worker
replica counts. Pytorch will automatically tune the roles of Master
and Worker
.
Similarly, we can enter the job details to view the resource usage and the log output of each Pod.
"},{"location":"en/end-user/baize/jobs/tensorboard.html","title":"Job Analysis","text":"AI Lab provides important visualization analysis tools provided for the model development process, used to display the training process and results of machine learning models. This document will introduce the basic concepts of Job Analysis (Tensorboard), its usage in the AI Lab system, and how to configure the log content of datasets.
Note
Tensorboard is a visualization tool provided by TensorFlow, used to display the training process and results of machine learning models. It can help developers more intuitively understand the training dynamics of their models, analyze model performance, debug issues, and more.
The role and advantages of Tensorboard in the model development process:
In the AI Lab system, we provide a convenient way to create and manage Tensorboard. Here are the specific steps:
"},{"location":"en/end-user/baize/jobs/tensorboard.html#enable-tensorboard-when-creating-a-notebook","title":"Enable Tensorboard When Creating a Notebook","text":"Enable Tensorboard : On the Notebook creation page, enable the Tensorboard option and specify the dataset and log path.
View Tensorboard After Job Completion : After the job is completed, you can view the Tensorboard link on the job details page. Click the link to see the visualized results of the training process.
In a Notebook, you can directly start Tensorboard through code. Here is a sample code snippet:
# Import necessary libraries\nimport tensorflow as tf\nimport datetime\n\n# Define log directory\nlog_dir = \"logs/fit/\" + datetime.datetime.now().strftime(\"%Y%m%d-%H%M%S\")\n\n# Create Tensorboard callback\ntensorboard_callback = tf.keras.callbacks.TensorBoard(log_dir=log_dir, histogram_freq=1)\n\n# Build and compile model\nmodel = tf.keras.models.Sequential([\n tf.keras.layers.Flatten(input_shape=(28, 28)),\n tf.keras.layers.Dense(512, activation='relu'),\n tf.keras.layers.Dropout(0.2),\n tf.keras.layers.Dense(10, activation='softmax')\n])\n\nmodel.compile(optimizer='adam',\n loss='sparse_categorical_crossentropy',\n metrics=['accuracy'])\n\n# Train model and enable Tensorboard callback\nmodel.fit(x_train, y_train, epochs=5, validation_data=(x_test, y_test), callbacks=[tensorboard_callback])\n
"},{"location":"en/end-user/baize/jobs/tensorboard.html#how-to-configure-dataset-log-content","title":"How to Configure Dataset Log Content","text":"When using Tensorboard, you can record and configure different datasets and log content. Here are some common configuration methods:
"},{"location":"en/end-user/baize/jobs/tensorboard.html#configure-training-and-validation-dataset-logs","title":"Configure Training and Validation Dataset Logs","text":"While training the model, you can use TensorFlow's tf.summary
API to record logs for the training and validation datasets. Here is a sample code snippet:
# Import necessary libraries\nimport tensorflow as tf\n\n# Create log directories\ntrain_log_dir = 'logs/gradient_tape/train'\nval_log_dir = 'logs/gradient_tape/val'\ntrain_summary_writer = tf.summary.create_file_writer(train_log_dir)\nval_summary_writer = tf.summary.create_file_writer(val_log_dir)\n\n# Train model and record logs\nfor epoch in range(EPOCHS):\n for (x_train, y_train) in train_dataset:\n # Training step\n train_step(x_train, y_train)\n with train_summary_writer.as_default():\n tf.summary.scalar('loss', train_loss.result(), step=epoch)\n tf.summary.scalar('accuracy', train_accuracy.result(), step=epoch)\n\n for (x_val, y_val) in val_dataset:\n # Validation step\n val_step(x_val, y_val)\n with val_summary_writer.as_default():\n tf.summary.scalar('loss', val_loss.result(), step=epoch)\n tf.summary.scalar('accuracy', val_accuracy.result(), step=epoch)\n
"},{"location":"en/end-user/baize/jobs/tensorboard.html#configure-custom-logs","title":"Configure Custom Logs","text":"In addition to logs for training and validation datasets, you can also record other custom log content such as learning rate and gradient distribution. Here is a sample code snippet:
# Record custom logs\nwith train_summary_writer.as_default():\n tf.summary.scalar('learning_rate', learning_rate, step=epoch)\n tf.summary.histogram('gradients', gradients, step=epoch)\n
"},{"location":"en/end-user/baize/jobs/tensorboard.html#tensorboard-management","title":"Tensorboard Management","text":"In AI Lab, Tensorboards created through various methods are uniformly displayed on the job analysis page, making it convenient for users to view and manage.
Users can view information such as the link, status, and creation time of Tensorboard on the job analysis page and directly access the visualized results of Tensorboard through the link.
"},{"location":"en/end-user/baize/jobs/tensorflow.html","title":"Tensorflow Jobs","text":"Tensorflow, along with Pytorch, is a highly active open-source deep learning framework that provides a flexible environment for training and deployment.
AI Lab provides support and adaptation for the Tensorflow framework. You can quickly create Tensorflow jobs and conduct model training through graphical operations.
"},{"location":"en/end-user/baize/jobs/tensorflow.html#job-configuration","title":"Job Configuration","text":"Tensorflow Single
and Tensorflow Distributed
modes.Here, we use the baize-notebook
base image and the associated environment
as the basic runtime environment for jobs.
For information on how to create an environment, refer to Environment List.
"},{"location":"en/end-user/baize/jobs/tensorflow.html#creating-a-job","title":"Creating a Job","text":""},{"location":"en/end-user/baize/jobs/tensorflow.html#example-tfjob-single","title":"Example TFJob Single","text":"Tensorflow Single
and click Next .Use AI Lab -> Dataset List to create a dataset and pull the code from a remote GitHub repository into the dataset. This way, when creating a job, you can directly select the dataset and mount the code into the job.
Demo code repository address: https://github.com/d-run/training-sample-code/
"},{"location":"en/end-user/baize/jobs/tensorflow.html#parameters","title":"Parameters","text":"bash
python /code/tensorflow/tf-single.py
\"\"\"\n pip install tensorflow numpy\n\"\"\"\n\nimport tensorflow as tf\nimport numpy as np\n\n# Create some random data\nx = np.random.rand(100, 1)\ny = 2 * x + 1 + np.random.rand(100, 1) * 0.1\n\n# Create a simple model\nmodel = tf.keras.Sequential([\n tf.keras.layers.Dense(1, input_shape=(1,))\n])\n\n# Compile the model\nmodel.compile(optimizer='adam', loss='mse')\n\n# Train the model, setting epochs to 10\nhistory = model.fit(x, y, epochs=10, verbose=1)\n\n# Print the final loss\nprint('Final loss: {' + str(history.history['loss'][-1]) +'}')\n\n# Use the model to make predictions\ntest_x = np.array([[0.5]])\nprediction = model.predict(test_x)\nprint(f'Prediction for x=0.5: {prediction[0][0]}')\n
"},{"location":"en/end-user/baize/jobs/tensorflow.html#results","title":"Results","text":"After the job is successfully submitted, you can enter the job details to see the resource usage. From the upper right corner, navigate to Workload Details to view log outputs during the training process.
"},{"location":"en/end-user/baize/jobs/tensorflow.html#tfjob-distributed-job","title":"TFJob Distributed Job","text":"Tensorflow Distributed
and click Next.This job includes three roles: Chief
, Worker
, and Parameter Server (PS)
.
Different resources are allocated to different roles. Chief
and Worker
use GPUs, while PS
uses CPUs and larger memory.
bash
python /code/tensorflow/tensorflow-distributed.py
import os\nimport json\nimport tensorflow as tf\n\nclass SimpleModel(tf.keras.Model):\n def __init__(self):\n super(SimpleModel, self).__init__()\n self.fc = tf.keras.layers.Dense(1, input_shape=(10,))\n\n def call(self, x):\n return self.fc(x)\n\ndef train():\n # Print environment information\n print(f\"TensorFlow version: {tf.__version__}\")\n print(f\"GPU available: {tf.test.is_gpu_available()}\")\n if tf.test.is_gpu_available():\n print(f\"GPU device count: {len(tf.config.list_physical_devices('GPU'))}\")\n\n # Retrieve distributed training information\n tf_config = json.loads(os.environ.get('TF_CONFIG') or '{}')\n job_type = tf_config.get('job', {}).get('type')\n job_id = tf_config.get('job', {}).get('index')\n\n print(f\"Job type: {job_type}, Job ID: {job_id}\")\n\n # Set up distributed strategy\n strategy = tf.distribute.experimental.MultiWorkerMirroredStrategy()\n\n with strategy.scope():\n model = SimpleModel()\n loss_fn = tf.keras.losses.MeanSquaredError()\n optimizer = tf.keras.optimizers.SGD(learning_rate=0.001)\n\n # Generate some random data\n data = tf.random.normal((100, 10))\n labels = tf.random.normal((100, 1))\n\n @tf.function\n def train_step(inputs, labels):\n with tf.GradientTape() as tape:\n predictions = model(inputs)\n loss = loss_fn(labels, predictions)\n gradients = tape.gradient(loss, model.trainable_variables)\n optimizer.apply_gradients(zip(gradients, model.trainable_variables))\n return loss\n\n for epoch in range(10):\n loss = train_step(data, labels)\n if job_type == 'chief':\n print(f'Epoch {epoch}, Loss: {loss.numpy():.4f}')\n\nif __name__ == '__main__':\n train()\n
"},{"location":"en/end-user/baize/jobs/tensorflow.html#results_1","title":"Results","text":"Similarly, you can enter the job details to view the resource usage and log outputs of each Pod.
"},{"location":"en/end-user/baize/jobs/view.html","title":"View Job Workloads","text":"Once a job is created, it will be displayed in the job list.
In the job list, click the \u2507 on the right side of a job and select Job Workload Details .
A pop-up window will appear asking you to choose which Pod to view. Click Enter .
You will be redirected to the container management interface, where you can view the container\u2019s working status, labels and annotations, and any events that have occurred.
You can also view detailed logs of the current Pod for the recent period. By default, 100 lines of logs are displayed. To view more detailed logs or to download logs, click the blue Insight text at the top.
Additionally, you can use the ... in the upper right corner to view the current Pod's YAML, and to upload or download files. Below is an example of a Pod's YAML.
kind: Pod\napiVersion: v1\nmetadata:\n name: neko-tensorboard-job-test-202404181843-skxivllb-worker-0\n namespace: default\n uid: ddedb6ff-c278-47eb-ae1e-0de9b7c62f8c\n resourceVersion: '41092552'\n creationTimestamp: '2024-04-18T10:43:36Z'\n labels:\n training.kubeflow.org/job-name: neko-tensorboard-job-test-202404181843-skxivllb\n training.kubeflow.org/operator-name: pytorchjob-controller\n training.kubeflow.org/replica-index: '0'\n training.kubeflow.org/replica-type: worker\n annotations:\n cni.projectcalico.org/containerID: 0cfbb9af257d5e69027c603c6cb2d3890a17c4ae1a145748d5aef73a10d7fbe1\n cni.projectcalico.org/podIP: ''\n cni.projectcalico.org/podIPs: ''\n hami.io/bind-phase: success\n hami.io/bind-time: '1713437016'\n hami.io/vgpu-devices-allocated: GPU-29d5fa0d-935b-2966-aff8-483a174d61d1,NVIDIA,1024,20:;\n hami.io/vgpu-devices-to-allocate: ;\n hami.io/vgpu-node: worker-a800-1\n hami.io/vgpu-time: '1713437016'\n k8s.v1.cni.cncf.io/network-status: |-\n [{\n \"name\": \"kube-system/calico\",\n \"ips\": [\n \"10.233.97.184\"\n ],\n \"default\": true,\n \"dns\": {}\n }]\n k8s.v1.cni.cncf.io/networks-status: |-\n [{\n \"name\": \"kube-system/calico\",\n \"ips\": [\n \"10.233.97.184\"\n ],\n \"default\": true,\n \"dns\": {}\n }]\n ownerReferences:\n - apiVersion: kubeflow.org/v1\n kind: PyTorchJob\n name: neko-tensorboard-job-test-202404181843-skxivllb\n uid: e5a8b05d-1f03-4717-8e1c-4ec928014b7b\n controller: true\n blockOwnerDeletion: true\nspec:\n volumes:\n - name: 0-dataset-pytorch-examples\n persistentVolumeClaim:\n claimName: pytorch-examples\n - name: kube-api-access-wh9rh\n projected:\n sources:\n - serviceAccountToken:\n expirationSeconds: 3607\n path: token\n - configMap:\n name: kube-root-ca.crt\n items:\n - key: ca.crt\n path: ca.crt\n - downwardAPI:\n items:\n - path: namespace\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n defaultMode: 420\n containers:\n - name: pytorch\n image: m.daocloud.io/docker.io/pytorch/pytorch\n command:\n - bash\n args:\n - '-c'\n - >-\n ls -la /root && which pip && pip install pytorch_lightning tensorboard\n && python /root/Git/pytorch/examples/mnist/main.py\n ports:\n - name: pytorchjob-port\n containerPort: 23456\n protocol: TCP\n env:\n - name: PYTHONUNBUFFERED\n value: '1'\n - name: PET_NNODES\n value: '1'\n resources:\n limits:\n cpu: '4'\n memory: 8Gi\n nvidia.com/gpucores: '20'\n nvidia.com/gpumem: '1024'\n nvidia.com/vgpu: '1'\n requests:\n cpu: '4'\n memory: 8Gi\n nvidia.com/gpucores: '20'\n nvidia.com/gpumem: '1024'\n nvidia.com/vgpu: '1'\n volumeMounts:\n - name: 0-dataset-pytorch-examples\n mountPath: /root/Git/pytorch/examples\n - name: kube-api-access-wh9rh\n readOnly: true\n mountPath: /var/run/secrets/kubernetes.io/serviceaccount\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: Always\n restartPolicy: Never\n terminationGracePeriodSeconds: 30\n dnsPolicy: ClusterFirst\n serviceAccountName: default\n serviceAccount: default\n nodeName: worker-a800-1\n securityContext: {}\n affinity: {}\n schedulerName: hami-scheduler\n tolerations:\n - key: node.kubernetes.io/not-ready\n operator: Exists\n effect: NoExecute\n tolerationSeconds: 300\n - key: node.kubernetes.io/unreachable\n operator: Exists\n effect: NoExecute\n tolerationSeconds: 300\n priorityClassName: baize-high-priority\n priority: 100000\n enableServiceLinks: true\n preemptionPolicy: PreemptLowerPriority\nstatus:\n phase: Succeeded\n conditions:\n - type: Initialized\n status: 'True'\n lastProbeTime: null\n lastTransitionTime: '2024-04-18T10:43:36Z'\n reason: PodCompleted\n - type: Ready\n status: 'False'\n lastProbeTime: null\n lastTransitionTime: '2024-04-18T10:46:34Z'\n reason: PodCompleted\n - type: ContainersReady\n status: 'False'\n lastProbeTime: null\n lastTransitionTime: '2024-04-18T10:46:34Z'\n reason: PodCompleted\n - type: PodScheduled\n status: 'True'\n lastProbeTime: null\n lastTransitionTime: '2024-04-18T10:43:36Z'\n hostIP: 10.20.100.211\n podIP: 10.233.97.184\n podIPs:\n - ip: 10.233.97.184\n startTime: '2024-04-18T10:43:36Z'\n containerStatuses:\n - name: pytorch\n state:\n terminated:\n exitCode: 0\n reason: Completed\n startedAt: '2024-04-18T10:43:39Z'\n finishedAt: '2024-04-18T10:46:34Z'\n containerID: >-\n containerd://09010214bcf3315e81d38fba50de3943c9d2b48f50a6cc2e83f8ef0e5c6eeec1\n lastState: {}\n ready: false\n restartCount: 0\n image: m.daocloud.io/docker.io/pytorch/pytorch:latest\n imageID: >-\n m.daocloud.io/docker.io/pytorch/pytorch@sha256:11691e035a3651d25a87116b4f6adc113a27a29d8f5a6a583f8569e0ee5ff897\n containerID: >-\n containerd://09010214bcf3315e81d38fba50de3943c9d2b48f50a6cc2e83f8ef0e5c6eeec1\n started: false\n qosClass: Guaranteed\n
"},{"location":"en/end-user/ghippo/personal-center/accesstoken.html","title":"Access key","text":"The access key can be used to access the openAPI and continuous delivery. Users can obtain the key and access the API by referring to the following steps in the personal center.
"},{"location":"en/end-user/ghippo/personal-center/accesstoken.html#get-key","title":"Get key","text":"Log in to AI platform, find Personal Center in the drop-down menu in the upper right corner, and you can manage the access key of the account on the Access Keys page.
Info
Access key is displayed only once. If you forget your access key, you will need to create a new key.
"},{"location":"en/end-user/ghippo/personal-center/accesstoken.html#use-the-key-to-access-api","title":"Use the key to access API","text":"When accessing AI platform openAPI, add the header Authorization:Bearer ${token}
to the request to identify the visitor, where ${token}
is the key obtained in the previous step. For the specific API, see OpenAPI Documentation.
Request Example
curl -X GET -H 'Authorization:Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IkRKVjlBTHRBLXZ4MmtQUC1TQnVGS0dCSWc1cnBfdkxiQVVqM2U3RVByWnMiLCJ0eXAiOiJKV1QifQ.eyJleHAiOjE2NjE0MTU5NjksImlhdCI6MTY2MDgxMTE2OSwiaXNzIjoiZ2hpcHBvLmlvIiwic3ViIjoiZjdjOGIxZjUtMTc2MS00NjYwLTg2MWQtOWI3MmI0MzJmNGViIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiYWRtaW4iLCJncm91cHMiOltdfQ.RsUcrAYkQQ7C6BxMOrdD3qbBRUt0VVxynIGeq4wyIgye6R8Ma4cjxG5CbU1WyiHKpvIKJDJbeFQHro2euQyVde3ygA672ozkwLTnx3Tu-_mB1BubvWCBsDdUjIhCQfT39rk6EQozMjb-1X1sbLwzkfzKMls-oxkjagI_RFrYlTVPwT3Oaw-qOyulRSw7Dxd7jb0vINPq84vmlQIsI3UuTZSNO5BCgHpubcWwBss-Aon_DmYA-Et_-QtmPBA3k8E2hzDSzc7eqK0I68P25r9rwQ3DeKwD1dbRyndqWORRnz8TLEXSiCFXdZT2oiMrcJtO188Ph4eLGut1-4PzKhwgrQ' https://demo-dev.daocloud.io/apis/ghippo.io/v1alpha1/users?page=1&pageSize=10 -k\n
Request result
{\n \"items\": [\n {\n \"id\": \"a7cfd010-ebbe-4601-987f-d098d9ef766e\",\n \"name\": \"a\",\n \"email\": \"\",\n \"description\": \"\",\n \"firstname\": \"\",\n \"lastname\": \"\",\n \"source\": \"locale\",\n \"enabled\": true,\n \"createdAt\": \"1660632794800\",\n \"updatedAt\": \"0\",\n \"lastLoginAt\": \"\"\n }\n ],\n \"pagination\": {\n \"page\": 1,\n \"pageSize\": 10,\n \"total\": 1\n }\n}\n
"},{"location":"en/end-user/ghippo/personal-center/language.html","title":"language settings","text":"This section explains how to set the interface language. Currently supports Chinese, English two languages.
Language setting is the portal for the platform to provide multilingual services. The platform is displayed in Chinese by default. Users can switch the platform language by selecting English or automatically detecting the browser language preference according to their needs. Each user's multilingual service is independent of each other, and switching will not affect other users.
The platform provides three ways to switch languages: Chinese, English-English, and automatically detect your browser language preference.
The operation steps are as follows.
Log in to the AI platform with your username/password. Click Global Management at the bottom of the left navigation bar.
Click the username in the upper right corner and select Personal Center .
Click the Language Settings tab.
Toggle the language option.
Function description: It is used to fill in the email address and modify the login password.
The specific operation steps are as follows:
Click the username in the upper right corner and select Personal Center .
Click the Security Settings tab. Fill in your email address or change the login password.
This article explains how to configure SSH public key.
"},{"location":"en/end-user/ghippo/personal-center/ssh-key.html#step-1-view-existing-ssh-keys","title":"Step 1. View Existing SSH Keys","text":"Before generating a new SSH key, please check if you need to use an existing SSH key stored in the root directory of the local user. For Linux and Mac, use the following command to view existing public keys. Windows users can use the following command in WSL (requires Windows 10 or above) or Git Bash to view the generated public keys.
ED25519 Algorithm:
cat ~/.ssh/id_ed25519.pub\n
RSA Algorithm:
cat ~/.ssh/id_rsa.pub\n
If a long string starting with ssh-ed25519 or ssh-rsa is returned, it means that a local public key already exists. You can skip Step 2 Generate SSH Key and proceed directly to Step 3.
"},{"location":"en/end-user/ghippo/personal-center/ssh-key.html#step-2-generate-ssh-key","title":"Step 2. Generate SSH Key","text":"If Step 1 does not return the specified content string, it means that there is no available SSH key locally and a new SSH key needs to be generated. Please follow these steps:
Access the terminal (Windows users please use WSL or Git Bash), and run ssh-keygen -t
.
Enter the key algorithm type and an optional comment.
The comment will appear in the .pub file and can generally use the email address as the comment content.
To generate a key pair based on the ED25519
algorithm, use the following command:
ssh-keygen -t ed25519 -C \"<comment>\"\n
To generate a key pair based on the RSA
algorithm, use the following command:
ssh-keygen -t rsa -C \"<comment>\"\n
Press Enter to choose the SSH key generation path.
Taking the ED25519 algorithm as an example, the default path is as follows:
Generating public/private ed25519 key pair.\nEnter file in which to save the key (/home/user/.ssh/id_ed25519):\n
The default key generation path is /home/user/.ssh/id_ed25519
, and the proper public key is /home/user/.ssh/id_ed25519.pub
.
Set a passphrase for the key.
Enter passphrase (empty for no passphrase):\nEnter same passphrase again:\n
The passphrase is empty by default, and you can choose to use a passphrase to protect the private key file. If you do not want to enter a passphrase every time you access the repository using the SSH protocol, you can enter an empty passphrase when creating the key.
Press Enter to complete the key pair creation.
In addition to manually copying the generated public key information printed on the command line, you can use the following commands to copy the public key to the clipboard, depending on the operating system.
Windows (in WSL or Git Bash):
cat ~/.ssh/id_ed25519.pub | clip\n
Mac:
tr -d '\\n'< ~/.ssh/id_ed25519.pub | pbcopy\n
GNU/Linux (requires xclip):
xclip -sel clip < ~/.ssh/id_ed25519.pub\n
Log in to the AI platform UI page and select Profile -> SSH Public Key in the upper right corner of the page.
Add the generated SSH public key information.
SSH public key content.
Public key title: Supports customizing the public key name for management differentiation.
Expiration: Set the expiration period for the public key. After it expires, the public key will be automatically invalidated and cannot be used. If not set, it will be permanently valid.
Folders have permission mapping capabilities, which can map the permissions of users/groups in this folder to subfolders, workspaces and resources under it.
If the user/group is Folder Admin role in this folder, it is still Folder Admin role when mapped to a subfolder, and Workspace Admin is mapped to the workspace under it; If a Namespace is bound in Workspace and Folder -> Resource Group , the user/group is also a Namespace Admin after mapping.
Note
The permission mapping capability of folders will not be applied to shared resources, because sharing is to share the use permissions of the cluster to multiple workspaces, rather than assigning management permissions to workspaces, so permission inheritance and role mapping will not be implemented.
"},{"location":"en/end-user/ghippo/workspace/folder-permission.html#use-cases","title":"Use cases","text":"Folders have hierarchical capabilities, so when folders are mapped to departments/suppliers/projects in the enterprise,
Folders have the capability to map permissions, allowing users/user groups to have their permissions in the folder mapped to its sub-folders, workspaces, and resources.
Follow the steps below to create a folder:
Log in to AI platform with a user account having the admin/folder admin role. Click Global Management -> Workspace and Folder at the bottom of the left navigation bar.
Click the Create Folder button in the top right corner.
Fill in the folder name, parent folder, and other information, then click OK to complete creating the folder.
Tip
After successful creation, the folder name will be displayed in the left tree structure, represented by different icons for workspaces and folders.
Note
To edit or delete a specific folder, select it and Click \u2507 on the right side.
Shared resources do not necessarily mean that the shared users can use the shared resources without any restrictions. Admin, Kpanda Owner, and Workspace Admin can limit the maximum usage quota of a user through the Resource Quota feature in shared resources. If no restrictions are set, it means the usage is unlimited.
A resource (cluster) can be shared among multiple workspaces, and a workspace can use resources from multiple shared clusters simultaneously.
"},{"location":"en/end-user/ghippo/workspace/quota.html#resource-groups-and-shared-resources","title":"Resource Groups and Shared Resources","text":"Cluster resources in both shared resources and resource groups are derived from Container Management. However, different effects will occur when binding a cluster to a workspace or sharing it with a workspace.
Binding Resources
Users/User groups in the workspace will have full management and usage permissions for the cluster. Workspace Admin will be mapped as Cluster Admin. Workspace Admin can access the Container Management module to manage the cluster.
Note
As of now, there are no Cluster Editor and Cluster Viewer roles in the Container Management module. Therefore, Workspace Editor and Workspace Viewer cannot be mapped.
Adding Shared Resources
Users/User groups in the workspace will have usage permissions for the cluster resources.
Unlike resource groups, when sharing a cluster with a workspace, the roles of the users in the workspace will not be mapped to the resources. Therefore, Workspace Admin will not be mapped as Cluster Admin.
This section demonstrates three scenarios related to resource quotas.
"},{"location":"en/end-user/ghippo/workspace/quota.html#create-namespaces","title":"Create Namespaces","text":"Creating a namespace involves resource quotas.
Add a shared cluster to workspace ws01 .
Select workspace ws01 and the shared cluster in Workbench, and create a namespace ns01 .
Prerequisite: Workspace ws01 has added a shared cluster, and the operator has the Workspace Admin + Kpanda Owner or Admin role.
The two methods of binding have the same effect.
Bind the created namespace ns01 to ws01 in Container Management.
Bind the namespace ns01 to ws01 in Global Management.
The two methods of unbinding have the same effect.
Unbind the namespace ns01 from workspace ws01 in Container Management.
Unbind the namespace ns01 from workspace ws01 in Global Management.
Both resource groups and shared resources support cluster binding, but they have significant differences in usage.
"},{"location":"en/end-user/ghippo/workspace/res-gp-and-shared-res.html#differences-in-usage-scenarios","title":"Differences in Usage Scenarios","text":"Note: In this scenario, the platform administrator needs to impose resource restrictions on secondary suppliers. Currently, it is not supported to limit the cluster quota of secondary suppliers by the primary supplier.
"},{"location":"en/end-user/ghippo/workspace/res-gp-and-shared-res.html#differences-in-cluster-quota-usage","title":"Differences in Cluster Quota Usage","text":"After binding to a cluster, both resource groups and shared resources can go to the Workbench to create namespaces, which will be automatically bound to the workspace.
"},{"location":"en/end-user/ghippo/workspace/workspace.html","title":"Creating/Deleting Workspaces","text":"A workspace is a resource category that represents a hierarchical relationship of resources. A workspace can contain resources such as clusters, namespaces, and registries. Typically, each workspace corresponds to a project and different resources can be allocated, and different users and user groups can be assigned to each workspace.
Follow the steps below to create a workspace:
Log in to AI platform with a user account having the admin/folder admin role. Click Global Management -> Workspace and Folder at the bottom of the left navigation bar.
Click the Create Workspace button in the top right corner.
Fill in the workspace name, folder assignment, and other information, then click OK to complete creating the workspace.
Tip
After successful creation, the workspace name will be displayed in the left tree structure, represented by different icons for folders and workspaces.
Note
To edit or delete a specific workspace or folder, select it and click ... on the right side.
Workspace and Folder is a feature that provides resource isolation and grouping, addressing issues related to unified authorization, resource grouping, and resource quotas.
Workspace and Folder involves two concepts: workspaces and folders.
"},{"location":"en/end-user/ghippo/workspace/ws-folder.html#workspaces","title":"Workspaces","text":"Workspaces allow the management of resources through Authorization , Resource Group , and Shared Resource , enabling users (and user groups) to share resources within the workspace.
Resources
Resources are at the lowest level of the hierarchy in the resource management module. They include clusters, namespaces, pipelines, gateways, and more. All these resources can only have workspaces as their parent level. Workspaces act as containers for grouping resources.
Workspace
A workspace usually refers to a project or environment, and the resources in each workspace are logically isolated from those in other workspaces. You can grant users (groups of users) different access rights to the same set of resources through authorization in the workspace.
Workspaces are at the first level, counting from the bottom of the hierarchy, and contain resources. All resources except shared resources have one and only one parent. All workspaces also have one and only one parent folder.
Resources are grouped by workspace, and there are two grouping modes in workspace, namely Resource Group and Shared Resource .
Resource group
A resource can only be added to one resource group, and resource groups correspond to workspaces one by one. After a resource is added to a resource group, Workspace Admin will obtain the management authority of the resource, which is equivalent to the owner of the resource.
Share resource
For shared resources, multiple workspaces can share one or more resources. Resource owners can choose to share their own resources with the workspace. Generally, when sharing, the resource owner will limit the amount of resources that can be used by the shared workspace. After resources are shared, Workspace Admin only has resource usage rights under the resource limit, and cannot manage resources or adjust the amount of resources that can be used by the workspace.
At the same time, shared resources also have certain requirements for the resources themselves. Only Cluster (cluster) resources can be shared. Cluster Admin can share Cluster resources to different workspaces, and limit the use of workspaces on this Cluster.
Workspace Admin can create multiple Namespaces within the resource quota, but the sum of the resource quotas of the Namespaces cannot exceed the resource quota of the Cluster in the workspace. For Kubernetes resources, the only resource type that can be shared currently is Cluster.
Folders can be used to build enterprise business hierarchy relationships.
Folders are a further grouping mechanism based on workspaces and have a hierarchical structure. A folder can contain workspaces, other folders, or a combination of both, forming a tree-like organizational relationship.
Folders allow you to map your business hierarchy and group workspaces by department. Folders are not directly linked to resources, but indirectly achieve resource grouping through workspaces.
A folder has one and only one parent folder, and the root folder is the highest level of the hierarchy. The root folder has no parent, and folders and workspaces are attached to the root folder.
In addition, users (groups) in folders can inherit permissions from their parents through a hierarchical structure. The permissions of the user in the hierarchical structure come from the combination of the permissions of the current level and the permissions inherited from its parents. The permissions are additive and there is no mutual exclusion.
"},{"location":"en/end-user/ghippo/workspace/ws-permission.html","title":"Description of workspace permissions","text":"The workspace has permission mapping and resource isolation capabilities, and can map the permissions of users/groups in the workspace to the resources under it. If the user/group has the Workspace Admin role in the workspace and the resource Namespace is bound to the workspace-resource group, the user/group will become Namespace Admin after mapping.
Note
The permission mapping capability of the workspace will not be applied to shared resources, because sharing is to share the cluster usage permissions to multiple workspaces, rather than assigning management permissions to the workspaces, so permission inheritance and role mapping will not be implemented.
"},{"location":"en/end-user/ghippo/workspace/ws-permission.html#use-cases","title":"Use cases","text":"Resource isolation is achieved by binding resources to different workspaces. Therefore, resources can be flexibly allocated to each workspace (tenant) with the help of permission mapping, resource isolation, and resource sharing capabilities.
Generally applicable to the following two use cases:
Cluster one-to-one
Ordinary Cluster Department/Tenant (Workspace) Purpose Cluster 01 A Administration and Usage Cluster 02 B Administration and UsageCluster one-to-many
Cluster Department/Tenant (Workspace) Resource Quota Cluster 01 A 100 core CPU B 50-core CPUFor the operation scope of the roles of Workspace Admin, Workspace Editor, and Workspace Viewer in each module, please refer to the permission description:
\u21a9
If a user John (\"John\" represents any user who is required to bind resources) has the Workspace Admin role assigned or has been granted proper permissions through a custom role, which includes the Workspace's \"Resource Binding\" Permissions, and wants to bind a specific cluster or namespace to the workspace.
To bind cluster/namespace resources to a workspace, not only the workspace's \"Resource Binding\" permissions are required, but also the permissions of Cluster Admin.
"},{"location":"en/end-user/ghippo/workspace/wsbind-permission.html#granting-authorization-to-john","title":"Granting Authorization to John","text":"Using the Platform Admin Role, grant John the role of Workspace Admin on the Workspace -> Authorization page.
Then, on the Container Management -> Permissions page, authorize John as a Cluster Admin by Add Permission.
Using John's account to log in to AI platform, on the Container Management -> Clusters page, John can bind the specified cluster to his own workspace by using the Bind Workspace button.
Note
John can only bind clusters or namespaces to a specific workspace in the Container Management module, and cannot perform this operation in the Global Management module.
To bind a namespace to a workspace, you must have at least Workspace Admin and Cluster Admin permissions.
"},{"location":"en/end-user/host/createhost.html","title":"Creating and Starting a Cloud Host","text":"Once the user completes registration and is assigned a workspace, namespace, and resources, they can create and start a cloud host.
"},{"location":"en/end-user/host/createhost.html#prerequisites","title":"Prerequisites","text":"Click Create VMs -> Create with Template.
After defining the configurations for the cloud host, click Next.
Basic InformationTemplate ConfigurationStorage and NetworkAfter configuring the root password or SSH key, click OK.
Return to the host list and wait for the status to change to Running. Then, you can start the host using the \u2507 button on the right.
Next step: Using the Cloud Host
"},{"location":"en/end-user/host/usehost.html","title":"Using the Cloud Host","text":"After creating and starting the cloud host, the user can begin using the cloud host.
"},{"location":"en/end-user/host/usehost.html#prerequisites","title":"Prerequisites","text":"Navigate to Container Management -> Container Network -> Services, click the service name to enter the service details page, and click Update in the upper right corner.
Change the port range to 30900-30999, ensuring there are no conflicts.
Log into the AI platform as an end user, navigate to the proper service, and check the access ports.
Use an SSH client to log into the cloud host from the external network.
At this point, you can perform various operations on the cloud host.
Next step: Using Notebook
"},{"location":"en/end-user/insight/alert-center/index.html","title":"Alert Center","text":"The Alert Center is an important feature provided by AI platform that allows users to easily view all active and historical alerts by cluster and namespace through a graphical interface, and search alerts based on severity level (critical, warning, info).
All alerts are triggered based on the threshold conditions set in the preset alert rules. In AI platform, some global alert policies are built-in, but users can also create or delete alert policies at any time, and set thresholds for the following metrics:
Users can also add labels and annotations to alert rules. Alert rules can be classified as active or expired, and certain rules can be enabled/disabled to achieve silent alerts.
When the threshold condition is met, users can configure how they want to be notified, including email, DingTalk, WeCom, webhook, and SMS notifications. All notification message templates can be customized and all messages are sent at specified intervals.
In addition, the Alert Center also supports sending alert messages to designated users through short message services provided by Alibaba Cloud, Tencent Cloud, and more platforms that will be added soon, enabling multiple ways of alert notification.
AI platform Alert Center is a powerful alert management platform that helps users quickly detect and resolve problems in the cluster, improve business stability and availability, and facilitate cluster inspection and troubleshooting.
"},{"location":"en/end-user/insight/alert-center/alert-policy.html","title":"Alert Policies","text":"In addition to the built-in alert policies, AI platform allows users to create custom alert policies. Each alert policy is a collection of alert rules that can be set for clusters, nodes, and workloads. When an alert object reaches the threshold set by any of the rules in the policy, an alert is automatically triggered and a notification is sent.
Taking the built-in alerts as an example, click the first alert policy alertmanager.rules .
You can see that some alert rules have been set under it. You can add more rules under this policy, or edit or delete them at any time. You can also view the historical and active alerts related to this alert policy and edit the notification configuration.
"},{"location":"en/end-user/insight/alert-center/alert-policy.html#create-alert-policies","title":"Create Alert Policies","text":"Select Alert Center -> Alert Policies , and click the Create Alert Policy button.
Fill in the basic information, select one or more clusters, nodes, or workloads as the alert objects, and click Next .
The list must have at least one rule. If the list is empty, please Add Rule .
Create an alert rule in the pop-up window, fill in the parameters, and click OK .
After clicking Next , configure notifications.
After the configuration is complete, click the OK button to return to the Alert Policy list.
Tip
The newly created alert policy is in the Not Triggered state. Once the threshold conditions and duration specified in the rules are met, it will change to the Triggered state.
"},{"location":"en/end-user/insight/alert-center/alert-policy.html#create-log-rules","title":"Create Log Rules","text":"After filling in the basic information, click Add Rule and select Log Rule as the rule type.
Creating log rules is supported only when the resource object is selected as a node or workload.
Field Explanation:
After filling in the basic information, click Add Rule and select Event Rule as the rule type.
Creating event rules is supported only when the resource object is selected as a workload.
Field Explanation:
Click \u2507 at the right side of the list, then choose Delete from the pop-up menu to delete an alert policy. By clicking on the policy name, you can enter the policy details where you can add, edit, or delete the alert rules under it.
Warning
Deleted alert strategies will be permanently removed, so please proceed with caution.
"},{"location":"en/end-user/insight/alert-center/alert-template.html","title":"Alert Template","text":"The Alert template allows platform administrators to create Alert templates and rules, and business units can directly use Alert templates to create Alert policies. This feature can reduce the management of Alert rules by business personnel and allow for modification of Alert thresholds based on actual environment conditions.
"},{"location":"en/end-user/insight/alert-center/alert-template.html#create-alert-template","title":"Create Alert Template","text":"In the navigation bar, select Alert -> Alert Policy, and click Alert Template at the top.
Click Create Alert Template, and set the name, description, and other information for the Alert template.
Parameter Description Template Name The name can only contain lowercase letters, numbers, and hyphens (-), must start and end with a lowercase letter or number, and can be up to 63 characters long. Description The description can contain any characters and can be up to 256 characters long. Resource Type Used to specify the matching type of the Alert template. Alert Rule Supports pre-defined multiple Alert rules, including template rules and PromQL rules.Click OK to complete the creation and return to the Alert template list. Click the template name to view the template details.
Click \u2507 next to the target rule, then click Edit to enter the editing page for the suppression rule.
![Edit](../images/template04.png){ width=1000px}\n
"},{"location":"en/end-user/insight/alert-center/alert-template.html#delete-alert-template","title":"Delete Alert Template","text":"Click \u2507 next to the target template, then click Delete. Enter the name of the Alert template in the input box to confirm deletion.
![Delete](../images/template05.png){ width=1000px}\n
"},{"location":"en/end-user/insight/alert-center/inhibition.html","title":"Alert Inhibition","text":"Alert Inhibition is mainly a mechanism for temporarily hiding or reducing the priority of alerts that do not need immediate attention. The purpose of this feature is to reduce unnecessary alert information that may disturb operations personnel, allowing them to focus on more critical issues.
Alert inhibition recognizes and ignores certain alerts by defining a set of rules to deal with specific conditions. There are mainly the following conditions:
In the left navigation bar, select Alert -> Noise Reduction, and click Inhibition at the top.
Click Create Inhibition, and set the name and rules for the inhibition.
Note
The problem of avoiding multiple similar or related alerts that may be triggered by the same issue is achieved by defining a set of rules to identify and ignore certain alerts through Rule Details and Alert Details.
Parameter Description Name The name can only contain lowercase letters, numbers, and hyphens (-), must start and end with a lowercase letter or number, and can be up to 63 characters long. Description The description can contain any characters and can be up to 256 characters long. Cluster The cluster where the inhibition rule applies. Namespace The namespace where the inhibition rule applies. Source Alert Matching alerts by label conditions. It compares alerts that meet all label conditions with those that meet inhibition conditions, and alerts that do not meet inhibition conditions will be sent to the user as usual. Value range explanation: - Alert Level: The level of metric or event alerts, can be set as: Critical, Major, Minor. - Resource Type: The resource type specific for the alert object, can be set as: Cluster, Node, StatefulSet, Deployment, DaemonSet, Pod. - Labels: Alert identification attributes, consisting of label name and label value, supports user-defined values. Inhibition Specifies the matching conditions for the target alert (the alert to be inhibited). Alerts that meet all the conditions will no longer be sent to the user. Equal Specifies the list of labels to compare to determine if the source alert and target alert match. Inhibition is triggered only when the values of the labels specified inequal
are exactly the same in the source and target alerts. The equal
field is optional. If the equal
field is omitted, all labels are used for matching. Click OK to complete the creation and return to Inhibition list. Click the inhibition rule name to view the rule details.
In the left navigation bar, select Alert -> Alert Policy, and click the policy name to view the rule details.
!!! note\n\n You can add cuntom tags when adding rules.\n
"},{"location":"en/end-user/insight/alert-center/inhibition.html#view-alert-details","title":"View Alert Details","text":"In the left navigation bar, select Alert -> Alerts, and click the policy name to view details.
!!! note\n\n Alert details show information and settings for creating inhibitions.\n
"},{"location":"en/end-user/insight/alert-center/inhibition.html#edit-inhibition-rule","title":"Edit Inhibition Rule","text":"Click \u2507 next to the target rule, then click Edit to enter the editing page for the inhibition rule.
"},{"location":"en/end-user/insight/alert-center/inhibition.html#delete-inhibition-rule","title":"Delete Inhibition Rule","text":"Click \u2507 next to the target rule, then click Delete. Enter the name of the inhibition rule in the input box to confirm deletion.
"},{"location":"en/end-user/insight/alert-center/message.html","title":"Notification Settings","text":"On the Notification Settings page, you can configure how to send messages to users through email, WeCom, DingTalk, Webhook, and SMS.
"},{"location":"en/end-user/insight/alert-center/message.html#email-group","title":"Email Group","text":"After entering Insight , click Alert Center -> Notification Settings in the left navigation bar. By default, the email notification object is selected. Click Add email group and add one or more email addresses.
Multiple email addresses can be added.
After the configuration is complete, the notification list will automatically return. Click \u2507 on the right side of the list to edit or delete the email group.
In the left navigation bar, click Alert Center -> Notification Settings -> WeCom . Click Add Group Robot and add one or more group robots.
For the URL of the WeCom group robot, please refer to the official document of WeCom: How to use group robots.
After the configuration is complete, the notification list will automatically return. Click \u2507 on the right side of the list, select Send Test Information , and you can also edit or delete the group robot.
In the left navigation bar, click Alert Center -> Notification Settings -> DingTalk . Click Add Group Robot and add one or more group robots.
For the URL of the DingTalk group robot, please refer to the official document of DingTalk: Custom Robot Access.
After the configuration is complete, the notification list will automatically return. Click \u2507 on the right side of the list, select Send Test Information , and you can also edit or delete the group robot.
In the left navigation bar, click Alert Center -> Notification Settings -> Lark . Click Add Group Bot and add one or more group bots.
Note
When signature verification is required in Lark's group bot, you need to fill in the specific signature key when enabling notifications. Refer to Customizing Bot User Guide.
After configuration, you will be automatically redirected to the list page. Click \u2507 on the right side of the list and select Send Test Message . You can edit or delete group bots.
In the left navigation bar, click Alert Center -> Notification Settings -> Webhook . Click New Webhook and add one or more Webhooks.
For the Webhook URL and more configuration methods, please refer to the webhook document.
After the configuration is complete, the notification list will automatically return. Click \u2507 on the right side of the list, select Send Test Information , and you can also edit or delete the Webhook.
Note
Alert messages are sent to the personal Message sector and notifications can be viewed by clicking \ud83d\udd14 at the top.
In the left navigation bar, click Alert Center -> Notification Settings -> Message\uff0cclick Create Message .
You can add and notify multiple users for a message.
After configuration, you will be automatically redirected to the list page. Click \u2507 on the right side of the list and select Send Test Message .
In the left navigation bar, click Alert Center -> Notification Settings -> SMS . Click Add SMS Group and add one or more SMS groups.
Enter the name, the object receiving the message, phone number, and notification server in the pop-up window.
The notification server needs to be created in advance under Notification Settings -> Notification Server . Currently, two cloud servers, Alibaba Cloud and Tencent Cloud, are supported. Please refer to your own cloud server information for the specific configuration parameters.
After the SMS group is successfully added, the notification list will automatically return. Click \u2507 on the right side of the list to edit or delete the SMS group.
The message template feature supports customizing the content of message templates and can notify specified objects in the form of email, WeCom, DingTalk, Webhook, and SMS.
"},{"location":"en/end-user/insight/alert-center/msg-template.html#creating-a-message-template","title":"Creating a Message Template","text":"In the left navigation bar, select Alert -> Message Template .
Insight comes with two default built-in templates in both Chinese and English for user convenience.
Fill in the template content.
Info
Observability comes with predefined message templates. If you need to define the content of the templates, refer to Configure Notification Templates.
"},{"location":"en/end-user/insight/alert-center/msg-template.html#message-template-details","title":"Message Template Details","text":"Click the name of a message template to view the details of the message template in the right slider.
Parameters Variable Description ruleName {{ .Labels.alertname }} The name of the rule that triggered the alert groupName {{ .Labels.alertgroup }} The name of the alert policy to which the alert rule belongs severity {{ .Labels.severity }} The level of the alert that was triggered cluster {{ .Labels.cluster }} The cluster where the resource that triggered the alert is located namespace {{ .Labels.namespace }} The namespace where the resource that triggered the alert is located node {{ .Labels.node }} The node where the resource that triggered the alert is located targetType {{ .Labels.target_type }} The resource type of the alert target target {{ .Labels.target }} The name of the object that triggered the alert value {{ .Annotations.value }} The metric value at the time the alert notification was triggered startsAt {{ .StartsAt }} The time when the alert started to occur endsAt {{ .EndsAt }} The time when the alert ended description {{ .Annotations.description }} A detailed description of the alert labels {{ for .labels }} {{ end }} All labels of the alert use thefor
function to iterate through the labels list to get all label contents."},{"location":"en/end-user/insight/alert-center/msg-template.html#editing-or-deleting-a-message-template","title":"Editing or Deleting a Message Template","text":"Click \u2507 on the right side of the list and select Edit or Delete from the pop-up menu to modify or delete the message template.
Warning
Once a template is deleted, it cannot be recovered, so please use caution when deleting templates.
"},{"location":"en/end-user/insight/alert-center/silent.html","title":"Alert Silence","text":"Alert silence is a feature that allows alerts meeting certain criteria to be temporarily disabled from sending notifications within a specific time range. This feature helps operations personnel avoid receiving too many noisy alerts during certain operations or events, while also allowing for more precise handling of real issues that need to be addressed.
On the Alert Silence page, you can see two tabs: Active Rule and Expired Rule. The former presents the rules currently in effect, while the latter presents those that were defined in the past but have now expired (or have been deleted by the user).
"},{"location":"en/end-user/insight/alert-center/silent.html#creating-a-silent-rule","title":"Creating a Silent Rule","text":"In the left navigation bar, select Alert -> Noice Reduction -> Alert Silence , and click the Create Silence Rule button.
Fill in the parameters for the silent rule, such as cluster, namespace, tags, and time, to define the scope and effective time of the rule, and then click OK .
Return to the rule list, and on the right side of the list, click \u2507 to edit or delete a silent rule.
Through the Alert Silence feature, you can flexibly control which alerts should be ignored and when they should be effective, thereby improving operational efficiency and reducing the possibility of false alerts.
"},{"location":"en/end-user/insight/alert-center/sms-provider.html","title":"Configure Notification Server","text":"Insight supports SMS notifications and currently sends alert messages using integrated Alibaba Cloud and Tencent Cloud SMS services. This article explains how to configure the SMS notification server in Insight. The variables supported in the SMS signature are the default variables in the message template. As the number of SMS characters is limited, it is recommended to choose more explicit variables.
For information on how to configure SMS recipients, refer to the document: Configure SMS Notification Group.
"},{"location":"en/end-user/insight/alert-center/sms-provider.html#procedure","title":"Procedure","text":"Go to Alert Center -> Notification Settings -> Notification Server .
Click Add Notification Server .
Configure Alibaba Cloud server.
To apply for Alibaba Cloud SMS service, refer to Alibaba Cloud SMS Service.
Field descriptions:
Please refer to Alibaba Cloud Variable Specification.
Note
Example: The template content defined in Alibaba Cloud is: ${severity}: ${alertname} triggered at ${startat}. Refer to the configuration in the parameter template.
Configure Tencent Cloud server.
To apply for Tencent Cloud SMS service, please refer to Tencent Cloud SMS.
Field descriptions:
Note
Example: The template content defined in Tencent Cloud is: {1}: {2} triggered at {3}. Refer to the configuration in the parameter template.
In AI platform, Insight acts as a multi-cluster observability product. To achieve unified data collection across multiple clusters, users need to install the Helm App insight-agent (installed by default in the insight-system namespace). Refer to How to Install insight-agent .
"},{"location":"en/end-user/insight/collection-manag/agent-status.html#status-explanation","title":"Status Explanation","text":"In the \"Observability\" -> \"Collection Management\" section, you can view the installation status of insight-agent in each cluster.
You can troubleshoot using the following steps:
Run the following command. If the status is deployed , proceed to the next step. If it is failed , it is recommended to uninstall and reinstall it from Container Management -> Helm Apps as it may affect application upgrades:
helm list -n insight-system\n
Run the following command or check the status of the deployed components in Insight -> Data Collection . If there are Pods not in the Running state, restart the containers in an abnormal state.
kubectl get pods -n insight-system\n
The resource consumption of the Prometheus metric collection component in insight-agent is directly proportional to the number of Pods running in the cluster. Please adjust the resources for Prometheus according to the cluster size. Refer to Prometheus Resource Planning.
The storage capacity of the vmstorage metric storage component in the global service cluster is directly proportional to the total number of Pods in the clusters.
Data Collection is mainly to centrally manage and display the entrance of the cluster installation collection plug-in insight-agent , which helps users quickly view the health status of the cluster collection plug-in, and provides a quick entry to configure collection rules.
The specific operation steps are as follows:
Click in the upper left corner and select Insight -> Data Collection .
You can view the status of all cluster collection plug-ins.
When the cluster is connected to insight-agent and is running, click a cluster name to enter the details\u3002
In the Service Monitor tab, click the shortcut link to jump to Container Management -> CRD to add service discovery rules.
Prometheus primarily uses the Pull approach to retrieve monitoring metrics from target services' exposed endpoints. Therefore, it requires configuring proper scraping jobs to request monitoring data and write it into the storage provided by Prometheus. Currently, Prometheus offers several configurations for these jobs:
Note
[ ]
indicates optional configmaps.
The proper configmaps are explained as follows:
# Name of the scraping job, also adds a label (job=job_name) to the scraped metrics\njob_name: <job_name>\n\n# Time interval between scrapes\n[ scrape_interval: <duration> | default = <global_config.scrape_interval> ]\n\n# Timeout for scrape requests\n[ scrape_timeout: <duration> | default = <global_config.scrape_timeout> ]\n\n# URI path for the scrape request\n[ metrics_path: <path> | default = /metrics ]\n\n# Handling of label conflicts between scraped labels and labels added by the backend Prometheus.\n# true: Retains the scraped labels and ignores conflicting labels from the backend Prometheus.\n# false: Adds an \"exported_<original-label>\" prefix to the scraped labels and includes the additional labels added by the backend Prometheus.\n[ honor_labels: <boolean> | default = false ]\n\n# Whether to use the timestamp generated by the target being scraped.\n# true: Uses the timestamp from the target if available.\n# false: Ignores the timestamp from the target.\n[ honor_timestamps: <boolean> | default = true ]\n\n# Protocol for the scrape request: http or https\n[ scheme: <scheme> | default = http ]\n\n# URL parameters for the scrape request\nparams:\n [ <string>: [<string>, ...] ]\n\n# Set the value of the `Authorization` header in the scrape request through basic authentication. password/password_file are mutually exclusive, with password_file taking precedence.\nbasic_auth:\n [ username: <string> ]\n [ password: <secret> ]\n [ password_file: <string> ]\n\n# Set the value of the `Authorization` header in the scrape request through bearer token authentication. bearer_token/bearer_token_file are mutually exclusive, with bearer_token taking precedence.\n[ bearer_token: <secret> ]\n\n# Set the value of the `Authorization` header in the scrape request through bearer token authentication. bearer_token/bearer_token_file are mutually exclusive, with bearer_token taking precedence.\n[ bearer_token_file: <filename> ]\n\n# Whether the scrape connection should use a TLS secure channel, configure the proper TLS parameters\ntls_config:\n [ <tls_config> ]\n\n# Use a proxy service to scrape the metrics from the target, specify the address of the proxy service.\n[ proxy_url: <string> ]\n\n# Specify the targets using static configuration, see explanation below.\nstatic_configs:\n [ - <static_config> ... ]\n\n# CVM service discovery configuration, see explanation below.\ncvm_sd_configs:\n [ - <cvm_sd_config> ... ]\n\n# After scraping the data, rewrite the labels of the proper target using the relabel mechanism. Executes multiple relabel rules in order.\n# See explanation below for relabel_config.\nrelabel_configs:\n [ - <relabel_config> ... ]\n\n# Before writing the scraped data, rewrite the values of the labels using the relabel mechanism. Executes multiple relabel rules in order.\n# See explanation below for relabel_config.\nmetric_relabel_configs:\n [ - <relabel_config> ... ]\n\n# Limit the number of data points per scrape, 0: no limit, default is 0\n[ sample_limit: <int> | default = 0 ]\n\n# Limit the number of targets per scrape, 0: no limit, default is 0\n[ target_limit: <int> | default = 0 ]\n
"},{"location":"en/end-user/insight/collection-manag/metric-collect.html#pod-monitor","title":"Pod Monitor","text":"The explanation for the proper configmaps is as follows:
# Prometheus Operator CRD version\napiVersion: monitoring.coreos.com/v1\n# proper Kubernetes resource type, here it is PodMonitor\nkind: PodMonitor\n# proper Kubernetes Metadata, only the name needs to be concerned. If jobLabel is not specified, the value of the job label in the scraped metrics will be <namespace>/<name>\nmetadata:\n name: redis-exporter # Specify a unique name\n namespace: cm-prometheus # Fixed namespace, no need to modify\n# Describes the selection and configuration of the target Pods to be scraped\n labels:\n operator.insight.io/managed-by: insight # Label indicating managed by Insight\nspec:\n # Specify the label of the proper Pod, pod monitor will use this value as the job label value.\n # If viewing the Pod YAML, use the values in pod.metadata.labels.\n # If viewing Deployment/Daemonset/Statefulset, use spec.template.metadata.labels.\n [ jobLabel: string ]\n # Adds the proper Pod's Labels to the Target's Labels\n [ podTargetLabels: []string ]\n # Limit the number of data points per scrape, 0: no limit, default is 0\n [ sampleLimit: uint64 ]\n # Limit the number of targets per scrape, 0: no limit, default is 0\n [ targetLimit: uint64 ]\n # Configure the Prometheus HTTP endpoints that need to be scraped and exposed. Multiple endpoints can be configured.\n podMetricsEndpoints:\n [ - <endpoint_config> ... ] # See explanation below for endpoint\n # Select the namespaces where the monitored Pods are located. Leave it blank to select all namespaces.\n [ namespaceSelector: ]\n # Select all namespaces\n [ any: bool ]\n # Specify the list of namespaces to be selected\n [ matchNames: []string ]\n # Specify the Label values of the Pods to be monitored in order to locate the target Pods [K8S metav1.LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#labelselector-v1-meta)\n selector:\n [ matchExpressions: array ]\n [ example: - {key: tier, operator: In, values: [cache]} ]\n [ matchLabels: object ]\n [ example: k8s-app: redis-exporter ]\n
"},{"location":"en/end-user/insight/collection-manag/metric-collect.html#example-1","title":"Example 1","text":"apiVersion: monitoring.coreos.com/v1\nkind: PodMonitor\nmetadata:\n name: redis-exporter # Specify a unique name\n namespace: cm-prometheus # Fixed namespace, do not modify\n labels:\n operator.insight.io/managed-by: insight # Label indicating managed by Insight, required.\nspec:\n podMetricsEndpoints:\n - interval: 30s\n port: metric-port # Specify the Port Name proper to Prometheus Exporter in the pod YAML\n path: /metrics # Specify the value of the Path proper to Prometheus Exporter, if not specified, default is /metrics\n relabelings:\n - action: replace\n sourceLabels:\n - instance\n regex: (.*)\n targetLabel: instance\n replacement: \"crs-xxxxxx\" # Adjust to the proper Redis instance ID\n - action: replace\n sourceLabels:\n - instance\n regex: (.*)\n targetLabel: ip\n replacement: \"1.x.x.x\" # Adjust to the proper Redis instance IP\n namespaceSelector: # Select the namespaces where the monitored Pods are located\n matchNames:\n - redis-test\n selector: # Specify the Label values of the Pods to be monitored in order to locate the target pods\n matchLabels:\n k8s-app: redis-exporter\n
"},{"location":"en/end-user/insight/collection-manag/metric-collect.html#example-2","title":"Example 2","text":"job_name: prometheus\nscrape_interval: 30s\nstatic_configs:\n- targets:\n - 127.0.0.1:9090\n
"},{"location":"en/end-user/insight/collection-manag/metric-collect.html#service-monitor","title":"Service Monitor","text":"The explanation for the proper configmaps is as follows:
# Prometheus Operator CRD version\napiVersion: monitoring.coreos.com/v1\n# proper Kubernetes resource type, here it is ServiceMonitor\nkind: ServiceMonitor\n# proper Kubernetes Metadata, only the name needs to be concerned. If jobLabel is not specified, the value of the job label in the scraped metrics will be the name of the Service.\nmetadata:\n name: redis-exporter # Specify a unique name\n namespace: cm-prometheus # Fixed namespace, no need to modify\n# Describes the selection and configuration of the target Pods to be scraped\n labels:\n operator.insight.io/managed-by: insight # Label indicating managed by Insight, required.\nspec:\n # Specify the label(metadata/labels) of the proper Pod, service monitor will use this value as the job label value.\n [ jobLabel: string ]\n # Adds the Labels of the proper service to the Target's Labels\n [ targetLabels: []string ]\n # Adds the Labels of the proper Pod to the Target's Labels\n [ podTargetLabels: []string ]\n # Limit the number of data points per scrape, 0: no limit, default is 0\n [ sampleLimit: uint64 ]\n # Limit the number of targets per scrape, 0: no limit, default is 0\n [ targetLimit: uint64 ]\n # Configure the Prometheus HTTP endpoints that need to be scraped and exposed. Multiple endpoints can be configured.\n endpoints:\n [ - <endpoint_config> ... ] # See explanation below for endpoint\n # Select the namespaces where the monitored Pods are located. Leave it blank to select all namespaces.\n [ namespaceSelector: ]\n # Select all namespaces\n [ any: bool ]\n # Specify the list of namespaces to be selected\n [ matchNames: []string ]\n # Specify the Label values of the Pods to be monitored in order to locate the target Pods [K8S metav1.LabelSelector](https://v1-17.docs.kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#labelselector-v1-meta)\n selector:\n [ matchExpressions: array ]\n [ example: - {key: tier, operator: In, values: [cache]} ]\n [ matchLabels: object ]\n [ example: k8s-app: redis-exporter ]\n
"},{"location":"en/end-user/insight/collection-manag/metric-collect.html#example","title":"Example","text":"apiVersion: monitoring.coreos.com/v1\nkind: ServiceMonitor\nmetadata:\n name: go-demo # Specify a unique name\n namespace: cm-prometheus # Fixed namespace, do not modify\n labels:\n operator.insight.io/managed-by: insight # Label indicating managed by Insight, required.\nspec:\n endpoints:\n - interval: 30s\n # Specify the Port Name proper to Prometheus Exporter in the service YAML\n port: 8080-8080-tcp\n # Specify the value of the Path proper to Prometheus Exporter, if not specified, default is /metrics\n path: /metrics\n relabelings:\n # ** There must be a label named 'application', assuming there is a label named 'app' in k8s,\n # we replace it with 'application' using the relabel 'replace' action\n - action: replace\n sourceLabels: [__meta_kubernetes_pod_label_app]\n targetLabel: application\n # Select the namespace where the monitored service is located\n namespaceSelector:\n matchNames:\n - golang-demo\n # Specify the Label values of the service to be monitored in order to locate the target service\n selector:\n matchLabels:\n app: golang-app-demo\n
"},{"location":"en/end-user/insight/collection-manag/metric-collect.html#endpoint_config","title":"endpoint_config","text":"The explanation for the proper configmaps is as follows:
# The name of the proper port. Please note that it's not the actual port number.\n# Default: 80. Possible values are as follows:\n# ServiceMonitor: corresponds to Service>spec/ports/name;\n# PodMonitor: explained as follows:\n# If viewing the Pod YAML, take the value from pod.spec.containers.ports.name.\n# If viewing Deployment/DaemonSet/StatefulSet, take the value from spec.template.spec.containers.ports.name.\n[ port: string | default = 80]\n# The URI path for the scrape request.\n[ path: string | default = /metrics ]\n# The protocol for the scrape: http or https.\n[ scheme: string | default = http]\n# URL parameters for the scrape request.\n[ params: map[string][]string]\n# The interval between scrape requests.\n[ interval: string | default = 30s ]\n# The timeout for the scrape request.\n[ scrapeTimeout: string | default = 30s]\n# Whether the scrape connection should be made over a secure TLS channel, and the TLS configuration.\n[ tlsConfig: TLSConfig ]\n# Read the bearer token value from the specified file and include it in the headers of the scrape request.\n[ bearerTokenFile: string ]\n# Read the bearer token from the specified K8S secret key. Note that the secret namespace must match the PodMonitor/ServiceMonitor.\n[ bearerTokenSecret: string ]\n# Handling conflicts when scraped labels conflict with labels added by the backend Prometheus.\n# true: Keep the scraped labels and ignore the conflicting labels from the backend Prometheus.\n# false: For conflicting labels, prefix the scraped label with 'exported_<original-label>' and add the labels added by the backend Prometheus.\n[ honorLabels: bool | default = false ]\n# Whether to use the timestamp generated on the target during the scrape.\n# true: Use the timestamp on the target if available.\n# false: Ignore the timestamp on the target.\n[ honorTimestamps: bool | default = true ]\n# Basic authentication credentials. Fill in the values of username/password from the proper K8S secret key. Note that the secret namespace must match the PodMonitor/ServiceMonitor.\n[ basicAuth: BasicAuth ]\n# Scrape the metrics from the target through a proxy server. Specify the address of the proxy server.\n[ proxyUrl: string ]\n# After scraping the data, rewrite the values of the labels on the target using the relabeling mechanism. Multiple relabel rules are executed in order.\n# See explanation below for relabel_config\nrelabelings:\n[ - <relabel_config> ...]\n# Before writing the scraped data, rewrite the values of the proper labels on the target using the relabeling mechanism. Multiple relabel rules are executed in order.\n# See explanation below for relabel_config\nmetricRelabelings:\n[ - <relabel_config> ...]\n
"},{"location":"en/end-user/insight/collection-manag/metric-collect.html#relabel_config","title":"relabel_config","text":"The explanation for the proper configmaps is as follows:
# Specifies which labels to take from the original labels for relabeling. The values taken are concatenated using the separator defined in the configuration.\n# For PodMonitor/ServiceMonitor, the proper configmap is sourceLabels.\n[ source_labels: '[' <labelname> [, ...] ']' ]\n# Defines the character used to concatenate the values of the labels to be relabeled. Default is ';'.\n[ separator: <string> | default = ; ]\n\n# When the action is replace/hashmod, target_label is used to specify the proper label name.\n# For PodMonitor/ServiceMonitor, the proper configmap is targetLabel.\n[ target_label: <labelname> ]\n\n# Regular expression used to match the values of the source labels.\n[ regex: <regex> | default = (.*) ]\n\n# Used when action is hashmod, it takes the modulus value based on the MD5 hash of the source label's value.\n[ modulus: <int> ]\n\n# Used when action is replace, it defines the expression to replace when the regex matches. It can use regular expression replacement with regex.\n[ replacement: <string> | default = $1 ]\n\n# Actions performed based on the matched values of regex. The available actions are as follows, with replace being the default:\n# replace: If the regex matches, replace the proper value with the value defined in replacement. Set the value using target_label and add the proper label.\n# keep: If the regex doesn't match, discard the value.\n# drop: If the regex matches, discard the value.\n# hashmod: Take the modulus of the MD5 hash of the source label's value based on the value specified in modulus.\n# Add a new label with a label name specified by target_label.\n# labelmap: If the regex matches, replace the proper label name with the value specified in replacement.\n# labeldrop: If the regex matches, delete the proper label.\n# labelkeep: If the regex doesn't match, delete the proper label.\n[ action: <relabel_action> | default = replace ]\n
"},{"location":"en/end-user/insight/collection-manag/probe-module.html","title":"Custom probers","text":"Insight uses the Blackbox Exporter provided by Prometheus as a blackbox monitoring solution, allowing detection of target instances via HTTP, HTTPS, DNS, ICMP, TCP, and gRPC. It can be used in the following scenarios:
In this page, we will explain how to configure custom probers in an existing Blackbox ConfigMap.
ICMP prober is not enabled by default in Insight because it requires higher permissions. Therfore We will use the HTTP prober as an example to demonstrate how to modify the ConfigMap to achieve custom HTTP probing.
"},{"location":"en/end-user/insight/collection-manag/probe-module.html#procedure","title":"Procedure","text":"Find the ConfigMap named insight-agent-prometheus-blackbox-exporter and click Edit YAML .
Add custom probers under modules :
module:\n http_2xx:\n prober: http\n timeout: 5s\n http:\n valid_http_versions: [HTTP/1.1, HTTP/2]\n valid_status_codes: [] # Defaults to 2xx\n method: GET\n
module:\n ICMP: # Example of ICMP prober configuration\n prober: icmp\n timeout: 5s\n icmp:\n preferred_ip_protocol: ip4\nicmp_example: # Example 2 of ICMP prober configuration\n prober: icmp\n timeout: 5s\n icmp:\n preferred_ip_protocol: \"ip4\"\n source_ip_address: \"127.0.0.1\"\n
Since ICMP requires higher permissions, we also need to elevate the pod permissions. Otherwise, an operation not permitted
error will occur. There are two ways to elevate permissions: Directly edit the BlackBox Exporter
deployment file to enable it
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: insight-agent-prometheus-blackbox-exporter\n namespace: insight-system\nspec:\n template:\n spec:\n containers:\n - name: blackbox-exporter\n image: # ... (image, args, ports, etc. remain unchanged)\n imagePullPolicy: IfNotPresent\n securityContext:\n allowPrivilegeEscalation: false\n capabilities:\n add:\n - NET_RAW\n drop:\n - ALL\n readOnlyRootFilesystem: true\n runAsGroup: 0\n runAsNonRoot: false\n runAsUser: 0\n
Elevate permissions via helm upgrade
prometheus-blackbox-exporter:\n enabled: true\n securityContext:\n runAsUser: 0\n runAsGroup: 0\n readOnlyRootFilesystem: true\n runAsNonRoot: false\n allowPrivilegeEscalation: false\n capabilities:\n add: [\"NET_RAW\"]\n
Info
For more probers, refer to blackbox_exporter Configuration.
"},{"location":"en/end-user/insight/collection-manag/probe-module.html#other-references","title":"Other References","text":"The following YAML file contains various probers such as HTTP, TCP, SMTP, ICMP, and DNS. You can modify the configuration file of insight-agent-prometheus-blackbox-exporter
according to your needs.
kind: ConfigMap\napiVersion: v1\nmetadata:\n name: insight-agent-prometheus-blackbox-exporter\n namespace: insight-system\n labels:\n app.kubernetes.io/instance: insight-agent\n app.kubernetes.io/managed-by: Helm\n app.kubernetes.io/name: prometheus-blackbox-exporter\n app.kubernetes.io/version: v0.24.0\n helm.sh/chart: prometheus-blackbox-exporter-8.8.0\n annotations:\n meta.helm.sh/release-name: insight-agent\n meta.helm.sh/release-namespace: insight-system\ndata:\n blackbox.yaml: |\n modules:\n HTTP_GET:\n prober: http\n timeout: 5s\n http:\n method: GET\n valid_http_versions: [\"HTTP/1.1\", \"HTTP/2.0\"]\n follow_redirects: true\n preferred_ip_protocol: \"ip4\"\n HTTP_POST:\n prober: http\n timeout: 5s\n http:\n method: POST\n body_size_limit: 1MB\n TCP:\n prober: tcp\n timeout: 5s\n # Not enabled by default:\n # ICMP:\n # prober: icmp\n # timeout: 5s\n # icmp:\n # preferred_ip_protocol: ip4\n SSH:\n prober: tcp\n timeout: 5s\n tcp:\n query_response:\n - expect: \"^SSH-2.0-\"\n POP3S:\n prober: tcp\n tcp:\n query_response:\n - expect: \"^+OK\"\n tls: true\n tls_config:\n insecure_skip_verify: false\n http_2xx_example: # http prober example\n prober: http\n timeout: 5s # probe timeout\n http:\n valid_http_versions: [\"HTTP/1.1\", \"HTTP/2.0\"] # Version in the response, usually default\n valid_status_codes: [] # Defaults to 2xx # Valid range of response codes, probe successful if within this range\n method: GET # request method\n headers: # request headers\n Host: vhost.example.com\n Accept-Language: en-US\n Origin: example.com\n no_follow_redirects: false # allow redirects\n fail_if_ssl: false \n fail_if_not_ssl: false\n fail_if_body_matches_regexp:\n - \"Could not connect to database\"\n fail_if_body_not_matches_regexp:\n - \"Download the latest version here\"\n fail_if_header_matches: # Verifies that no cookies are set\n - header: Set-Cookie\n allow_missing: true\n regexp: '.*'\n fail_if_header_not_matches:\n - header: Access-Control-Allow-Origin\n regexp: '(\\*|example\\.com)'\n tls_config: # tls configuration for https requests\n insecure_skip_verify: false\n preferred_ip_protocol: \"ip4\" # defaults to \"ip6\" # Preferred IP protocol version\n ip_protocol_fallback: false # no fallback to \"ip6\" \n http_post_2xx: # http prober example with body\n prober: http\n timeout: 5s\n http:\n method: POST # probe request method\n headers:\n Content-Type: application/json\n body: '{\"username\":\"admin\",\"password\":\"123456\"}' # body carried during probe\n http_basic_auth_example: # prober example with username and password\n prober: http\n timeout: 5s\n http:\n method: POST\n headers:\n Host: \"login.example.com\"\n basic_auth: # username and password to be added during probe\n username: \"username\"\n password: \"mysecret\"\n http_custom_ca_example:\n prober: http\n http:\n method: GET\n tls_config: # root certificate used during probe\n ca_file: \"/certs/my_cert.crt\"\n http_gzip:\n prober: http\n http:\n method: GET\n compression: gzip # compression method used during probe\n http_gzip_with_accept_encoding:\n prober: http\n http:\n method: GET\n compression: gzip\n headers:\n Accept-Encoding: gzip\n tls_connect: # TCP prober example\n prober: tcp\n timeout: 5s\n tcp:\n tls: true # use TLS\n tcp_connect_example:\n prober: tcp\n timeout: 5s\n imap_starttls: # IMAP email server probe configuration example\n prober: tcp\n timeout: 5s\n tcp:\n query_response:\n - expect: \"OK.*STARTTLS\"\n - send: \". STARTTLS\"\n - expect: \"OK\"\n - starttls: true\n - send: \". capability\"\n - expect: \"CAPABILITY IMAP4rev1\"\n smtp_starttls: # SMTP email server probe configuration example\n prober: tcp\n timeout: 5s\n tcp:\n query_response:\n - expect: \"^220 ([^ ]+) ESMTP (.+)$\"\n - send: \"EHLO prober\\r\"\n - expect: \"^250-STARTTLS\"\n - send: \"STARTTLS\\r\"\n - expect: \"^220\"\n - starttls: true\n - send: \"EHLO prober\\r\"\n - expect: \"^250-AUTH\"\n - send: \"QUIT\\r\"\n irc_banner_example:\n prober: tcp\n timeout: 5s\n tcp:\n query_response:\n - send: \"NICK prober\"\n - send: \"USER prober prober prober :prober\"\n - expect: \"PING :([^ ]+)\"\n send: \"PONG ${1}\"\n - expect: \"^:[^ ]+ 001\"\n # icmp_example: # ICMP prober configuration example\n # prober: icmp\n # timeout: 5s\n # icmp:\n # preferred_ip_protocol: \"ip4\"\n # source_ip_address: \"127.0.0.1\"\n dns_udp_example: # DNS query example using UDP\n prober: dns\n timeout: 5s\n dns:\n query_name: \"www.prometheus.io\" # domain name to resolve\n query_type: \"A\" # type proper to this domain\n valid_rcodes:\n - NOERROR\n validate_answer_rrs:\n fail_if_matches_regexp:\n - \".*127.0.0.1\"\n fail_if_all_match_regexp:\n - \".*127.0.0.1\"\n fail_if_not_matches_regexp:\n - \"www.prometheus.io.\\t300\\tIN\\tA\\t127.0.0.1\"\n fail_if_none_matches_regexp:\n - \"127.0.0.1\"\n validate_authority_rrs:\n fail_if_matches_regexp:\n - \".*127.0.0.1\"\n validate_additional_rrs:\n fail_if_matches_regexp:\n - \".*127.0.0.1\"\n dns_soa:\n prober: dns\n dns:\n query_name: \"prometheus.io\"\n query_type: \"SOA\"\n dns_tcp_example: # DNS query example using TCP\n prober: dns\n dns:\n transport_protocol: \"tcp\" # defaults to \"udp\"\n preferred_ip_protocol: \"ip4\" # defaults to \"ip6\"\n query_name: \"www.prometheus.io\"\n
"},{"location":"en/end-user/insight/collection-manag/service-monitor.html","title":"Configure service discovery rules","text":"Observable Insight supports the way of creating CRD ServiceMonitor through container management to meet your collection requirements for custom service discovery. Users can use ServiceMonitor to define the scope of the Namespace discovered by the Pod and select the monitored Service through matchLabel .
"},{"location":"en/end-user/insight/collection-manag/service-monitor.html#prerequisites","title":"Prerequisites","text":"The cluster has the Helm App insight-agent installed and in the running state.
"},{"location":"en/end-user/insight/collection-manag/service-monitor.html#steps","title":"Steps","text":"Select Data Collection on the left navigation bar to view the status of all cluster collection plug-ins.
Click a cluster name to enter the collection configuration details.
Click the link to jump to Container Management to create a Service Monitor.
apiVersion: monitoring.coreos.com/v1\nkind: ServiceMonitor\nmetadata:\n name: micrometer-demo # (1)\n namespace: insight-system # (2)\n labels: \n operator.insight.io/managed-by: insight\nspec:\n endpoints: # (3)\n - honorLabels: true\n interval: 15s\n path: /actuator/prometheus\n port: http\n namespaceSelector: # (4)\n matchNames:\n - insight-system # (5)\n selector: # (6)\n matchLabels:\n micrometer-prometheus-discovery: \"true\"\n
This is the service endpoint, which represents the address where Prometheus collects Metrics. endpoints is an array, and multiple endpoints can be created at the same time. Each endpoint contains three fields, and the meaning of each field is as follows:
This is the scope of the Service that needs to be discovered. namespaceSelector contains two mutually exclusive fields, and the meaning of the fields is as follows:
matchNames : An array value that specifies the scope of namespace to be monitored. For example, if you only want to monitor the Services in two namespaces, default and insight-system, the matchNames are set as follows:
namespaceSelector:\n matchNames:\n - default\n - insight-system\n
The namespace where the application that needs to expose metrics is located
Grafana is a cross-platform open source visual analysis tool. Insight uses open source Grafana to provide monitoring services, and supports viewing resource consumption from multiple dimensions such as clusters, nodes, and namespaces.
For more information on open source Grafana, see Grafana Official Documentation.
"},{"location":"en/end-user/insight/dashboard/dashboard.html#steps","title":"Steps","text":"Select Dashboard from the left navigation bar .
In the Insight / Overview dashboard, you can view the resource usage of multiple clusters and analyze resource usage, network, storage, and more based on dimensions such as namespaces and Pods.
Click the dropdown menu in the upper-left corner of the dashboard to switch between clusters.
Click the lower-right corner of the dashboard to switch the time range for queries.
Insight provides several recommended dashboards that allow monitoring from different dimensions such as nodes, namespaces, and workloads. Switch between dashboards by clicking the insight-system / Insight / Overview section.
Note
For accessing Grafana UI, refer to Access Native Grafana.
For importing custom dashboards, refer to Importing Custom Dashboards.
By using Grafana CRD, you can incorporate the management and deployment of dashboards into the lifecycle management of Kubernetes. This enables version control, automated deployment, and cluster-level management of dashboards. This page describes how to import custom dashboards using CRD and the UI interface.
"},{"location":"en/end-user/insight/dashboard/import-dashboard.html#steps","title":"Steps","text":"Log in to the AI platform and go to Container Management . Select the kpanda-global-cluster from the cluster list.
Choose Custom Resources from the left navigation bar. Look for the grafanadashboards.integreatly.org file in the list and click it to view the details.
Click YAML Create and use the following template. Replace the dashboard JSON in the Json field.
apiVersion: integreatly.org/v1alpha1\nkind: GrafanaDashboard\nmetadata:\n labels:\n app: insight-grafana-operator\n operator.insight.io/managed-by: insight\n name: sample-dashboard\n namespace: insight-system\nspec:\n json: >\n {\n \"id\": null,\n \"title\": \"Simple Dashboard\",\n \"tags\": [],\n \"style\": \"dark\",\n \"timezone\": \"browser\",\n \"editable\": true,\n \"hideControls\": false,\n \"graphTooltip\": 1,\n \"panels\": [],\n \"time\": {\n \"from\": \"now-6h\",\n \"to\": \"now\"\n },\n \"timepicker\": {\n \"time_options\": [],\n \"refresh_intervals\": []\n },\n \"templating\": {\n \"list\": []\n },\n \"annotations\": {\n \"list\": []\n },\n \"refresh\": \"5s\",\n \"schemaVersion\": 17,\n \"version\": 0,\n \"links\": []\n }\n
After clicking OK , wait for a while to view the newly imported dashboard in Dashboard .
Info
If you need to customize the dashboard, refer to Add Dashboard Panel.
"},{"location":"en/end-user/insight/dashboard/login-grafana.html","title":"Access Native Grafana","text":"Please make sure that the Helm App Insight in your global management cluster is in Running state.
The specific operation steps are as follows:
Log in to the console to access native Grafana.
Access address: http://ip:port/ui/insight-grafana
For example: http://10.6.10.233:30209/ui/insight-grafana
Click Login in the lower right corner, and use the default username and password to log in.
Default username: admin
Default password: admin
Click Log in to complete the login.
Insight only collects data from clusters that have insight-agent installed and running in a normal state. The overview provides an overview of resources across multiple clusters:
Select Overview in the left navigation bar to enter the details page.
"},{"location":"en/end-user/insight/data-query/log.html","title":"Log query","text":"By default, Insight collects node logs, container logs, and Kubernetes audit logs. In the log query page, you can search for standard output (stdout) logs within the permissions of your login account. This includes node logs, product logs, and Kubernetes audit logs. You can quickly find the desired logs among a large volume of logs. Additionally, you can use the source information and contextual raw data of the logs to assist in troubleshooting and issue resolution.
"},{"location":"en/end-user/insight/data-query/log.html#prerequisites","title":"Prerequisites","text":"The cluster has insight-agent installed and the application is in running state.
"},{"location":"en/end-user/insight/data-query/log.html#query-log","title":"Query log","text":"In the left navigation bar, select Data Query -> Log Query .
After selecting the query criteria, click Search , and the log records in the form of graphs will be displayed. The most recent logs are displayed on top.
In the Filter panel, switch Type and select Node to check the logs of all nodes in the cluster.
In the Filter panel, switch Type and select Event to view the logs generated by all Kubernetes events in the cluster.
Lucene Syntax Explanation:
timestamp:[2022-01-01 TO 2022-01-31]
.Clicking on the button next to a log will slide out a panel on the right side where you can view the default 100 lines of context for that log. You can switch the Display Rows option to view more contextual content.
"},{"location":"en/end-user/insight/data-query/log.html#export-log","title":"Export log","text":"Click the download button located in the upper right corner of the list.
Metric query supports querying the index data of each container resource, and you can view the trend changes of the monitoring index. At the same time, advanced query supports native PromQL statements for Metric query.
"},{"location":"en/end-user/insight/data-query/metric.html#prerequisites","title":"Prerequisites","text":"In the left navigation bar, click Data Query -> metric Query .
After selecting query conditions such as cluster, type, node, and metric name, click Search , and the proper metric chart and data details will be displayed on the right side of the screen.
Tip
Support custom time range. You can manually click the Refresh icon or select a default time interval to refresh.
"},{"location":"en/end-user/insight/data-query/metric.html#advanced-search","title":"Advanced Search","text":"In the left navigation bar, click Data Query -> metric Query , click the Advanced Query tab to switch to the advanced query page.
Enter a PromQL statement (see PromQL Syntax), click Query , and the query metric chart and data details will be displayed.
Through cluster monitoring, you can view the basic information of the cluster, the resource consumption and the trend of resource consumption over a period of time.
"},{"location":"en/end-user/insight/infra/cluster.html#prerequisites","title":"Prerequisites","text":"The cluster has insight-agent installed and the application is in running state.
"},{"location":"en/end-user/insight/infra/cluster.html#steps","title":"Steps","text":"Go to the Insight product module.
Select Infrastructure > Clusters from the left navigation bar. On this page, you can view the following information:
Click Resource Level Monitor, you can view more metrics of the current cluster.
Container insight is the process of monitoring workloads in cluster management. In the list, you can view basic information and status of workloads. On the Workloads details page, you can see the number of active alerts and the trend of resource consumption such as CPU and memory.
"},{"location":"en/end-user/insight/infra/container.html#prerequisites","title":"Prerequisites","text":"The cluster has insight-agent installed, and all pods are in the Running state.
To install insight-agent, please refer to: Installing insight-agent online or Offline upgrade of insight-agent.
Follow these steps to view service monitoring metrics:
Go to the Insight product module.
Select Infrastructure > Workloads from the left navigation bar.
Switch between tabs at the top to view data for different types of workloads.
Click the target workload name to view the details.
Switch to the Pods tab to view the status of various pods for the workload, including their nodes, restart counts, and other information.
Switch to the JVM monitor tab to view the JVM metrics for each pods
Note
AI platform Insight supports event querying by cluster and namespace.
"},{"location":"en/end-user/insight/infra/event.html#event-status-distribution","title":"Event Status Distribution","text":"By default, the events that occurred within the last 12 hours are displayed. You can select a different time range in the upper right corner to view longer or shorter periods. You can also customize the sampling interval from 1 minute to 5 hours.
The event status distribution chart provides a visual representation of the intensity and dispersion of events. This helps in evaluating and preparing for subsequent cluster operations and maintenance tasks. If events are densely concentrated during specific time periods, you may need to allocate more resources or take proper measures to ensure cluster stability and high availability. On the other hand, if events are dispersed, you can effectively schedule other maintenance tasks such as system optimization, upgrades, or handling other tasks during this period.
By considering the event status distribution chart and the selected time range, you can better plan and manage your cluster operations and maintenance work, ensuring system stability and reliability.
"},{"location":"en/end-user/insight/infra/event.html#event-count-and-statistics","title":"Event Count and Statistics","text":"Through important event statistics, you can easily understand the number of image pull failures, health check failures, Pod execution failures, Pod scheduling failures, container OOM (Out-of-Memory) occurrences, volume mounting failures, and the total count of all events. These events are typically categorized as \"Warning\" and \"Normal\".
"},{"location":"en/end-user/insight/infra/event.html#event-list","title":"Event List","text":"The event list is presented chronologically based on time. You can sort the events by Last Occurrend At and Type .
By clicking on the \u2699\ufe0f icon on the right side, you can customize the displayed columns according to your preferences and needs.
Additionally, you can click the refresh icon to update the current event list when needed.
In the operation column on the right, clicking the icon allows you to view the history of a specific event.
"},{"location":"en/end-user/insight/infra/event.html#reference","title":"Reference","text":"For detailed meanings of the built-in Events in the system, refer to the Kubernetes API Event List.
"},{"location":"en/end-user/insight/infra/namespace.html","title":"Namespace Monitoring","text":"With namespaces as the dimension, you can quickly query resource consumption and trends within a namespace.
"},{"location":"en/end-user/insight/infra/namespace.html#prerequisites","title":"Prerequisites","text":"Go to the Insight product module.
Select Infrastructure -> Namespaces from the left navigation bar. On this page, you can view the following information:
Through node monitoring, you can get an overview of the current health status of the nodes in the selected cluster and the number of abnormal pod; on the current node details page, you can view the number of alerts and the trend of resource consumption such as CPU, memory, and disk.
"},{"location":"en/end-user/insight/infra/node.html#prerequisites","title":"Prerequisites","text":"Go to the Insight product module.
Select Infrastructure -> Nodes from the left navigation bar. On this page, you can view the following information:
Click Resource Level Monitor, you can view more metrics of the current cluster.
Probe refers to the use of black-box monitoring to regularly test the connectivity of targets through HTTP, TCP, and other methods, enabling quick detection of ongoing faults.
Insight uses the Prometheus Blackbox Exporter tool to probe the network using protocols such as HTTP, HTTPS, DNS, TCP, and ICMP, and returns the probe results to understand the network status.
"},{"location":"en/end-user/insight/infra/probe.html#prerequisites","title":"Prerequisites","text":"The insight-agent has been successfully deployed in the target cluster and is in the Running state.
"},{"location":"en/end-user/insight/infra/probe.html#view-probes","title":"View Probes","text":"Select Infrastructure -> Probes in the left navigation bar.
Fill in the basic information and click Next .
Configure the probe parameters.
After configuring, click OK to complete the creation.
Warning
After the probe task is created, it takes about 3 minutes to synchronize the configuration. During this period, no probes will be performed, and probe results cannot be viewed.
"},{"location":"en/end-user/insight/infra/probe.html#view-monitoring-dashboards","title":"View Monitoring Dashboards","text":"Click \u2507 in the operations column and click View Monitoring Dashboard .
Metric Name Description Current Status Response Represents the response status code of the HTTP probe request. Ping Status Indicates whether the probe request was successful. 1 indicates a successful probe request, and 0 indicates a failed probe request. IP Protocol Indicates the IP protocol version used in the probe request. SSL Expiry Represents the earliest expiration time of the SSL/TLS certificate. DNS Response (Latency) Represents the duration of the entire probe process in seconds. HTTP Duration Represents the duration of the entire process from sending the request to receiving the complete response."},{"location":"en/end-user/insight/infra/probe.html#edit-a-probe","title":"Edit a Probe","text":"Click \u2507 in the operations column and click Edit .
"},{"location":"en/end-user/insight/infra/probe.html#delete-a-probe","title":"Delete a Probe","text":"Click \u2507 in the operations column and click Delete .
"},{"location":"en/end-user/insight/quickstart/agent-status.html","title":"Insight-agent component status","text":"Insight is a multicluster observation product in AI platform. In order to realize the unified collection of multicluster observation data, users need to install the Helm App insight-agent (Installed in insight-system namespace by default). See How to install insight-agent .
"},{"location":"en/end-user/insight/quickstart/agent-status.html#status-description","title":"Status description","text":"In Insight -> Data Collection section, you can view the status of insight-agent installed in each cluster.
Can be checked by:
Run the following command, if the status is deployed , go to the next step. If it is failed , since it will affect the upgrade of the application, it is recommended to reinstall after uninstalling Container Management -> Helm Apps :
helm list -n insight-system\n
run the following command or check the status of the components deployed in the cluster in Insight -> Data Collection . If there is a pod that is not in the Running state, please restart the abnormal pod.
kubectl get pods -n insight-system\n
The resource consumption of the metric collection component Prometheus in insight-agent is directly proportional to the number of pods running in the cluster. Adjust Prometheus resources according to the cluster size, please refer to Prometheus Resource Planning.
Since the storage capacity of the metric storage component vmstorage in the global service cluster is directly proportional to the sum of the number of pods in each cluster.
AI platform enables the management and creation of multicloud and multiple clusters. Building upon this capability, Insight serves as a unified observability solution for multiple clusters. It collects observability data from multiple clusters by deploying the insight-agent plugin and allows querying of metrics, logs, and trace data through the AI platform Insight.
insight-agent is a tool that facilitates the collection of observability data from multiple clusters. Once installed, it automatically collects metrics, logs, and trace data without any modifications.
Clusters created through Container Management come pre-installed with insight-agent. Hence, this guide specifically provides instructions on enabling observability for integrated clusters.
As a unified observability platform for multiple clusters, Insight's resource consumption of certain components is closely related to the data of cluster creation and the number of integrated clusters. When installing insight-agent, it is necessary to adjust the resources of the proper components based on the cluster size.
Adjust the CPU and memory resources of the Prometheus collection component in insight-agent according to the size of the cluster created or integrated. Please refer to Prometheus resource planning.
As the metric data from multiple clusters is stored centrally, AI platform administrators need to adjust the disk space of vmstorage based on the cluster size. Please refer to vmstorage disk capacity planning.
For instructions on adjusting the disk space of vmstorage, please refer to Expanding vmstorage disk.
Since AI platform supports the management of multicloud and multiple clusters, insight-agent has undergone partial verification. However, there are known conflicts with monitoring components when installing insight-agent in Suanova 4.0 clusters and Openshift 4.x clusters. If you encounter similar issues, please refer to the following documents:
Currently, the insight-agent collection component has undergone functional testing for popular versions of Kubernetes. Please refer to:
The Insight Module supports switching log to Big Log mode and trace to Big Trace mode, in order to enhance data writing capabilities in large-scale environments. This page introduces following methods for enabling these modes:
manifest.yaml
)This section explains the differences between the normal log mode and the Big Log mode.
"},{"location":"en/end-user/insight/quickstart/install/big-log-and-trace.html#log-mode","title":"Log Mode","text":"Components: Fluentbit + Elasticsearch
This mode is referred to as the ES mode, and the data flow diagram is shown below:
"},{"location":"en/end-user/insight/quickstart/install/big-log-and-trace.html#big-log-mode","title":"Big Log Mode","text":"Components: Fluentbit + Kafka + Vector + Elasticsearch
This mode is referred to as the Kafka mode, and the data flow diagram is shown below:
"},{"location":"en/end-user/insight/quickstart/install/big-log-and-trace.html#traces","title":"Traces","text":"This section explains the differences between the normal trace mode and the Big Trace mode.
"},{"location":"en/end-user/insight/quickstart/install/big-log-and-trace.html#trace-mode","title":"Trace Mode","text":"Components: Agent opentelemetry-collector + Global opentelemetry-collector + Jaeger-collector + Elasticsearch
This mode is referred to as the OTlp mode, and the data flow diagram is shown below:
"},{"location":"en/end-user/insight/quickstart/install/big-log-and-trace.html#big-trace-mode","title":"Big Trace Mode","text":"Components: Agent opentelemetry-collector + Kafka + Global opentelemetry-collector + Jaeger-collector + Elasticsearch
This mode is referred to as the Kafka mode, and the data flow diagram is shown below:
"},{"location":"en/end-user/insight/quickstart/install/big-log-and-trace.html#enabling-via-installer","title":"Enabling via Installer","text":"When deploying/upgrading AI platform using the installer, the manifest.yaml
file includes the infrastructures.kafka
field. To enable observable Big Log and Big Trace modes, Kafka must be activated:
apiVersion: manifest.daocloud.io/v1alpha1\nkind: SuanovaManifest\n...\ninfrastructures:\n ...\n kafka:\n enable: true # Default is false\n cpuLimit: 1\n memLimit: 2Gi\n pvcSize: 15Gi\n
"},{"location":"en/end-user/insight/quickstart/install/big-log-and-trace.html#enable","title":"Enable","text":"When using a manifest.yaml
that enables kafka
during installation, Kafka middleware will be installed by default, and Big Log and Big Trace modes will be enabled automatically. The installation command is:
./dce5-installer cluster-create -c clusterConfig.yaml -m manifest.yaml\n
"},{"location":"en/end-user/insight/quickstart/install/big-log-and-trace.html#upgrade","title":"Upgrade","text":"The upgrade also involves modifying the kafka
field. However, note that since the old environment was installed with kafka: false
, Kafka is not present in the environment. Therefore, you need to specify the upgrade for middleware
to install Kafka middleware simultaneously. The upgrade command is:
./dce5-installer cluster-create -c clusterConfig.yaml -m manifest.yaml -u gproduct,middleware\n
Note
After the upgrade is complete, you need to manually restart the following components:
Prerequisites: Ensure that there is a usable Kafka and that the address is accessible.
Use the following commands to retrieve the values of the old versions of Insight and insight-agent (it's recommended to back them up):
helm get values insight -n insight-system -o yaml > insight.yaml\nhelm get values insight-agent -n insight-system -o yaml > insight-agent.yaml\n
"},{"location":"en/end-user/insight/quickstart/install/big-log-and-trace.html#enabling-big-log","title":"Enabling Big Log","text":"There are several ways to enable or upgrade to Big Log mode:
Use--set
in the helm upgrade
commandModify YAML and run helm upgradeUpgrade via Container Management UI First, run the following Insight upgrade command, ensuring the Kafka brokers address is correct:
helm upgrade insight insight-release/insight \\\n -n insight-system \\\n -f ./insight.yaml \\\n --set global.kafka.brokers=\"10.6.216.111:30592\" \\\n --set global.kafka.enabled=true \\\n --set vector.enabled=true \\\n --version 0.30.1\n
Then, run the following insight-agent upgrade command, ensuring the Kafka brokers address is correct:
helm upgrade insight-agent insight-release/insight-agent \\\n -n insight-system \\\n -f ./insight-agent.yaml \\\n --set global.exporters.logging.kafka.brokers=\"10.6.216.111:30592\" \\\n --set global.exporters.logging.output=kafka \\\n --version 0.30.1\n
Follow these steps to modify the YAML and then run the helm upgrade
command:
Modify insight.yaml
global:\n ...\n kafka:\n brokers: 10.6.216.111:30592\n enabled: true\n...\nvector:\n enabled: true\n
Upgrade the Insight component:
helm upgrade insight insight-release/insight \\\n -n insight-system \\\n -f ./insight.yaml \\\n --version 0.30.1\n
Modify insight-agent.yaml
global:\n ...\n exporters:\n ...\n logging:\n ...\n kafka:\n brokers: 10.6.216.111:30592\n output: kafka\n
Upgrade the insight-agent:
helm upgrade insight-agent insight-release/insight-agent \\\n -n insight-system \\\n -f ./insight-agent.yaml \\\n --version 0.30.1\n
In the Container Management module, find the cluster, select Helm Apps from the left navigation bar, and find and update the insight-agent.
In Logging Settings, select kafka for output and fill in the correct brokers address.
Note that after the upgrade is complete, you need to manually restart the insight-agent-fluent-bit component.
"},{"location":"en/end-user/insight/quickstart/install/big-log-and-trace.html#enabling-big-trace","title":"Enabling Big Trace","text":"There are several ways to enable or upgrade to Big Trace mode:
Using --set in thehelm upgrade
commandModify YAML and run helm upgradeUpgrade via Container Management UI First, run the following Insight upgrade command, ensuring the Kafka brokers address is correct:
helm upgrade insight insight-release/insight \\\n -n insight-system \\\n -f ./insight.yaml \\\n --set global.kafka.brokers=\"10.6.216.111:30592\" \\\n --set global.kafka.enabled=true \\\n --set global.tracing.kafkaReceiver.enabled=true \\\n --version 0.30.1\n
Then, run the following insight-agent upgrade command, ensuring the Kafka brokers address is correct:
helm upgrade insight-agent insight-release/insight-agent \\\n -n insight-system \\\n -f ./insight-agent.yaml \\\n --set global.exporters.trace.kafka.brokers=\"10.6.216.111:30592\" \\\n --set global.exporters.trace.output=kafka \\\n --version 0.30.1\n
Follow these steps to modify the YAML and then run the helm upgrade
command:
Modify insight.yaml
global:\n ...\n kafka:\n brokers: 10.6.216.111:30592\n enabled: true\n...\ntracing:\n ...\n kafkaReceiver:\n enabled: true\n
Upgrade the Insight component:
helm upgrade insight insight-release/insight \\\n -n insight-system \\\n -f ./insight.yaml \\\n --version 0.30.1\n
Modify insight-agent.yaml
global:\n ...\n exporters:\n ...\n trace:\n ...\n kafka:\n brokers: 10.6.216.111:30592\n output: kafka\n
Upgrade the insight-agent:
helm upgrade insight-agent insight-release/insight-agent \\\n -n insight-system \\\n -f ./insight-agent.yaml \\\n --version 0.30.1\n
In the Container Management module, find the cluster, select Helm Apps from the left navigation bar, and find and update the insight-agent.
In Trace Settings, select kafka for output and fill in the correct brokers address.
Note that after the upgrade is complete, you need to manually restart the insight-agent-opentelemetry-collector and insight-opentelemetry-collector components.
"},{"location":"en/end-user/insight/quickstart/install/component-scheduling.html","title":"Custom Insight Component Scheduling Policy","text":"When deploying Insight to a Kubernetes environment, proper resource management and optimization are crucial. Insight includes several core components such as Prometheus, OpenTelemetry, FluentBit, Vector, and Elasticsearch. These components, during their operation, may negatively impact the performance of other pods within the cluster due to resource consumption issues. To effectively manage resources and optimize cluster operations, node affinity becomes an important option.
This page is about how to add taints and node affinity to ensure that each component runs on the appropriate nodes, avoiding resource competition or contention, thereby guranttee the stability and efficiency of the entire Kubernetes cluster.
"},{"location":"en/end-user/insight/quickstart/install/component-scheduling.html#configure-dedicated-nodes-for-insight-using-taints","title":"Configure dedicated nodes for Insight using taints","text":"Since the Insight Agent includes DaemonSet components, the configuration method described in this section is to have all components except the Insight DaemonSet run on dedicated nodes.
This is achieved by adding taints to the dedicated nodes and using tolerations to match them. More details can be found in the Kubernetes official documentation.
You can refer to the following commands to add and remove taints on nodes:
# Add taint\nkubectl taint nodes worker1 node.daocloud.io=insight-only:NoSchedule\n\n# Remove taint\nkubectl taint nodes worker1 node.daocloud.io:NoSchedule-\n
There are two ways to schedule Insight components to dedicated nodes:
"},{"location":"en/end-user/insight/quickstart/install/component-scheduling.html#1-add-tolerations-for-each-component","title":"1. Add tolerations for each component","text":"Configure the tolerations for the insight-server
and insight-agent
Charts respectively:
server:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n\nui:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n\nrunbook:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n\n# mysql:\nvictoria-metrics-k8s-stack:\n victoria-metrics-operator:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n vmcluster:\n spec:\n vmstorage:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n vmselect:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n vminsert:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n vmalert:\n spec:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n alertmanager:\n spec:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n\njaeger:\n collector:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n query:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n\nopentelemetry-collector-aggregator:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n\nopentelemetry-collector:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n\ngrafana-operator:\n operator:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n grafana:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\nkibana:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n\nelastic-alert:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n\nvector:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n
kube-prometheus-stack:\n prometheus:\n prometheusSpec:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n prometheus-node-exporter:\n tolerations:\n - effect: NoSchedule\n operator: Exists\n prometheusOperator:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\n\nkube-state-metrics:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\nopentelemetry-operator:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\nopentelemetry-collector:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\ntailing-sidecar-operator:\n operator:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\nopentelemetry-kubernetes-collector:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\nprometheus-blackbox-exporter:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\"\netcd-exporter:\n tolerations:\n - key: \"node.daocloud.io\"\n operator: \"Equal\"\n value: \"insight-only\"\n effect: \"NoSchedule\" \n
"},{"location":"en/end-user/insight/quickstart/install/component-scheduling.html#2-configure-at-the-namespace-level","title":"2. Configure at the namespace level","text":"Allow pods in the insight-system
namespace to tolerate the node.daocloud.io=insight-only
taint.
Adjust the apiserver
configuration file /etc/kubernetes/manifests/kube-apiserver.yaml
to include PodTolerationRestriction,PodNodeSelector
. See the following picture:
Add an annotation to the insight-system
namespace:
apiVersion: v1\nkind: Namespace\nmetadata:\n name: insight-system\n annotations:\n scheduler.alpha.kubernetes.io/defaultTolerations: '[{\"operator\": \"Equal\", \"effect\": \"NoSchedule\", \"key\": \"node.daocloud.io\", \"value\": \"insight-only\"}]'\n
Restart the components under the insight-system namespace to allow normal scheduling of pods under the insight-system.
"},{"location":"en/end-user/insight/quickstart/install/component-scheduling.html#use-node-labels-and-node-affinity-to-manage-component-scheduling","title":"Use node labels and node affinity to manage component scheduling","text":"Info
Node affinity is conceptually similar to nodeSelector
, allowing you to constrain which nodes a pod can be scheduled on based on labels on the nodes. There are two types of node affinity:
For more details, please refer to the Kubernetes official documentation.
To meet different user needs for scheduling Insight components, Insight provides fine-grained labels for different components' scheduling policies. Below is a description of the labels and their associated components:
Label Key Label Value Descriptionnode.daocloud.io/insight-any
Any value, recommended to use true
Represents that all Insight components prefer nodes with this label node.daocloud.io/insight-prometheus
Any value, recommended to use true
Specifically for Prometheus components node.daocloud.io/insight-vmstorage
Any value, recommended to use true
Specifically for VictoriaMetrics vmstorage components node.daocloud.io/insight-vector
Any value, recommended to use true
Specifically for Vector components node.daocloud.io/insight-otel-col
Any value, recommended to use true
Specifically for OpenTelemetry components You can refer to the following commands to add and remove labels on nodes:
# Add label to node8, prioritizing scheduling insight-prometheus to node8 \nkubectl label nodes node8 node.daocloud.io/insight-prometheus=true\n\n# Remove the node.daocloud.io/insight-prometheus label from node8\nkubectl label nodes node8 node.daocloud.io/insight-prometheus-\n
Below is the default affinity preference for the insight-prometheus component during deployment:
affinity:\n nodeAffinity:\n preferredDuringSchedulingIgnoredDuringExecution:\n - preference:\n matchExpressions:\n - key: node-role.kubernetes.io/control-plane\n operator: DoesNotExist\n weight: 1\n - preference:\n matchExpressions:\n - key: node.daocloud.io/insight-prometheus # (1)!\n operator: Exists\n weight: 2\n - preference:\n matchExpressions:\n - key: node.daocloud.io/insight-any\n operator: Exists\n weight: 3\n podAntiAffinity:\n preferredDuringSchedulingIgnoredDuringExecution:\n - weight: 1\n podAffinityTerm:\n topologyKey: kubernetes.io/hostname\n labelSelector:\n matchExpressions:\n - key: app.kubernetes.io/instance\n operator: In\n values:\n - insight-agent-kube-prometh-prometheus\n
Insight is a product for unified observation of multiple clusters. To achieve unified storage and querying of observation data from multiple clusters, sub-clusters need to report the collected observation data to the global service cluster for unified storage. This document provides the required address of the storage component when installing the collection component insight-agent.
"},{"location":"en/end-user/insight/quickstart/install/gethosturl.html#install-insight-agent-in-global-service-cluster","title":"Install insight-agent in Global Service Cluster","text":"If installing insight-agent in the global service cluster, it is recommended to access the cluster via domain name:
export vminsert_host=\"vminsert-insight-victoria-metrics-k8s-stack.insight-system.svc.cluster.local\"\nexport es_host=\"insight-es-master.insight-system.svc.cluster.local\"\nexport otel_col_host=\"insight-opentelemetry-collector.insight-system.svc.cluster.local\"\n
"},{"location":"en/end-user/insight/quickstart/install/gethosturl.html#install-insight-agent-in-other-clusters","title":"Install insight-agent in Other Clusters","text":""},{"location":"en/end-user/insight/quickstart/install/gethosturl.html#get-address-via-interface-provided-by-insight-server","title":"Get Address via Interface Provided by Insight Server","text":"The management cluster uses the default LoadBalancer mode for exposure.
Log in to the console of the global service cluster and run the following command:
export INSIGHT_SERVER_IP=$(kubectl get service insight-server -n insight-system --output=jsonpath={.spec.clusterIP})\ncurl --location --request POST 'http://'\"${INSIGHT_SERVER_IP}\"'/apis/insight.io/v1alpha1/agentinstallparam'\n
Note
Please replace the ${INSIGHT_SERVER_IP}
parameter in the command.
You will get the following response:
{\n \"values\": {\n \"global\": {\n \"exporters\": {\n \"logging\": {\n \"host\": \"10.6.182.32\"\n },\n \"metric\": {\n \"host\": \"10.6.182.32\"\n },\n \"auditLog\": {\n \"host\": \"10.6.182.32\"\n },\n \"trace\": {\n \"host\": \"10.6.182.32\"\n }\n }\n },\n \"opentelemetry-operator\": {\n \"enabled\": true\n },\n \"opentelemetry-collector\": {\n \"enabled\": true\n }\n }\n}\n
global.exporters.logging.host
is the log service address, no need to set the proper service port, the default value will be used.global.exporters.metric.host
is the metrics service address.global.exporters.trace.host
is the trace service address.global.exporters.auditLog.host
is the audit log service address (same service as trace but different port).Management cluster disables LoadBalancer
When calling the interface, you need to additionally pass an externally accessible node IP from the cluster, which will be used to construct the complete access address of the proper service.
export INSIGHT_SERVER_IP=$(kubectl get service insight-server -n insight-system --output=jsonpath={.spec.clusterIP})\ncurl --location --request POST 'http://'\"${INSIGHT_SERVER_IP}\"'/apis/insight.io/v1alpha1/agentinstallparam' --data '{\"extra\": {\"EXPORTER_EXTERNAL_IP\": \"10.5.14.51\"}}'\n
You will get the following response:
{\n \"values\": {\n \"global\": {\n \"exporters\": {\n \"logging\": {\n \"scheme\": \"https\",\n \"host\": \"10.5.14.51\",\n \"port\": 32007,\n \"user\": \"elastic\",\n \"password\": \"j8V1oVoM1184HvQ1F3C8Pom2\"\n },\n \"metric\": {\n \"host\": \"10.5.14.51\",\n \"port\": 30683\n },\n \"auditLog\": {\n \"host\": \"10.5.14.51\",\n \"port\": 30884\n },\n \"trace\": {\n \"host\": \"10.5.14.51\",\n \"port\": 30274\n }\n }\n },\n \"opentelemetry-operator\": {\n \"enabled\": true\n },\n \"opentelemetry-collector\": {\n \"enabled\": true\n }\n }\n}\n
global.exporters.logging.host
is the log service address.global.exporters.logging.port
is the NodePort exposed by the log service.global.exporters.metric.host
is the metrics service address.global.exporters.metric.port
is the NodePort exposed by the metrics service.global.exporters.trace.host
is the trace service address.global.exporters.trace.port
is the NodePort exposed by the trace service.global.exporters.auditLog.host
is the audit log service address (same service as trace but different port).global.exporters.auditLog.port
is the NodePort exposed by the audit log service.If LoadBalancer
is enabled in the cluster and a VIP
is set for Insight, you can manually execute the following command to obtain the address information for vminsert
and opentelemetry-collector
:
$ kubectl get service -n insight-system | grep lb\nlb-insight-opentelemetry-collector LoadBalancer 10.233.23.12 <pending> 4317:31286/TCP,8006:31351/TCP 24d\nlb-vminsert-insight-victoria-metrics-k8s-stack LoadBalancer 10.233.63.67 <pending> 8480:31629/TCP 24d\n
lb-vminsert-insight-victoria-metrics-k8s-stack
is the address for the metrics service.lb-insight-opentelemetry-collector
is the address for the tracing service.Execute the following command to obtain the address information for elasticsearch
:
$ kubectl get service -n mcamel-system | grep es\nmcamel-common-es-cluster-masters-es-http NodePort 10.233.16.120 <none> 9200:30465/TCP 47d\n
mcamel-common-es-cluster-masters-es-http
is the address for the logging service.
The LoadBalancer feature is disabled in the global service cluster.
In this case, the LoadBalancer resources mentioned above will not be created by default. The relevant service names are:
After obtaining the proper port information for the services in the above two scenarios, make the following settings:
--set global.exporters.logging.host= # (1)!\n--set global.exporters.logging.port= # (2)!\n--set global.exporters.metric.host= # (3)!\n--set global.exporters.metric.port= # (4)!\n--set global.exporters.trace.host= # (5)!\n--set global.exporters.trace.port= # (6)!\n--set global.exporters.auditLog.host= # (7)!\n
insight-agent is a plugin for collecting insight data, supporting unified observation of metrics, links, and log data. This article describes how to install insight-agent in an online environment for the accessed cluster.
"},{"location":"en/end-user/insight/quickstart/install/install-agent.html#prerequisites","title":"Prerequisites","text":"Please confirm that your cluster has successfully connected to the container management platform. You can refer to Integrate Clusters for details.
"},{"location":"en/end-user/insight/quickstart/install/install-agent.html#steps","title":"Steps","text":"Enter Container Management from the left navigation bar, and enter Clusters . Find the cluster where you want to install insight-agent.
Choose Install now to jump, or click the cluster and click Helm Apps -> Helm Templates in the left navigation bar, search for insight-agent in the search box, and click it for details.
Select the appropriate version and click Install .
Fill in the name, select the namespace and version, and fill in the addresses of logging, metric, audit, and trace reporting data in the yaml file. The system has filled in the address of the component for data reporting by default, please check it before clicking OK to install.
If you need to modify the data reporting address, please refer to Get Data Reporting Address.
The system will automatically return to Helm Apps . When the application status changes from Unknown to Deployed , it means that insight-agent is installed successfully.
Note
Click \u2507 on the far right, and you can perform more operations such as Update , View YAML and Delete in the pop-up menu.
This page lists some issues related to the installation and uninstallation of Insight Agent and their workarounds.
"},{"location":"en/end-user/insight/quickstart/install/knownissues.html#uninstallation-failure-of-insight-agent","title":"Uninstallation Failure of Insight Agent","text":"When you run the following command to uninstall Insight Agent,
helm uninstall insight agent\n
The tls secret
used by otel-operator
is failed to uninstall.
Due to the logic of \"reusing tls secret\" in the following code of otel-operator
, it checks whether MutationConfiguration
exists and reuses the CA cert bound in MutationConfiguration. However, since helm uninstall
has uninstalled MutationConfiguration
, it results in a null value.
Therefore, please manually delete the proper secret
using one of the following methods:
Delete via command line: Log in to the console of the target cluster and run the following command:
kubectl -n insight-system delete secret insight-agent-opentelemetry-operator-controller-manager-service-cert\n
Delete via UI: Log in to AI platform container management, select the target cluster, select Secret from the left menu, input insight-agent-opentelemetry-operator-controller-manager-service-cert
, then select Delete
.
When updating the log configuration of the insight-agent from Elasticsearch to Kafka or from Kafka to Elasticsearch, the changes do not take effect and the agent continues to use the previous configuration.
Solution :
Manually restart Fluent Bit in the cluster.
"},{"location":"en/end-user/insight/quickstart/install/knownissues.html#podmonitor-collects-multiple-sets-of-jvm-metrics","title":"PodMonitor Collects Multiple Sets of JVM Metrics","text":"In this version, there is a defect in PodMonitor/insight-kubernetes-pod: it will incorrectly create Jobs to collect metrics for all containers in Pods that are marked with insight.opentelemetry.io/metric-scrape=true
, instead of only the containers proper to insight.opentelemetry.io/metric-port
.
After PodMonitor is declared, PrometheusOperator will pre-configure some service discovery configurations. Considering the compatibility of CRDs, it is abandoned to configure the collection tasks through annotations.
Use the additional scrape config mechanism provided by Prometheus to configure the service discovery rules in a secret and introduce them into Prometheus.
Therefore:
In the new rule, action: keepequal is used to compare the consistency between source_labels and target_label to determine whether to create collection tasks for the ports of a container. Note that this feature is only available in Prometheus v2.41.0 (2022-12-20) and higher.
+ - source_labels: [__meta_kubernetes_pod_annotation_insight_opentelemetry_io_metric_port]\n+ separator: ;\n+ target_label: __meta_kubernetes_pod_container_port_number\n+ action: keepequal\n
"},{"location":"en/end-user/insight/quickstart/install/upgrade-note.html","title":"Upgrade Notes","text":"This page provides some considerations for upgrading insight-server and insight-agent.
"},{"location":"en/end-user/insight/quickstart/install/upgrade-note.html#upgrade-from-v028x-or-lower-to-v029x","title":"Upgrade from v0.28.x (or lower) to v0.29.x","text":"Due to the upgrade of the Opentelemetry community operator chart version in v0.29.0, the supported values for featureGates
in the values file have changed. Therefore, before upgrading, you need to set the value of featureGates
to empty, as follows:
- --set opentelemetry-operator.manager.featureGates=\"+operator.autoinstrumentation.go,+operator.autoinstrumentation.multi-instrumentation,+operator.autoinstrumentation.nginx\" \\\n+ --set opentelemetry-operator.manager.featureGates=\"\"\n
"},{"location":"en/end-user/insight/quickstart/install/upgrade-note.html#upgrade-from-v026x-or-lower-to-v027x-or-higher","title":"Upgrade from v0.26.x (or lower) to v0.27.x or higher","text":"In v0.27.x, the switch for the vector component has been separated. If the existing environment has vector enabled, you need to specify --set vector.enabled=true
when upgrading the insight-server.
Before upgrading Insight , you need to manually delete the jaeger-collector and jaeger-query deployments by running the following command:
kubectl -n insight-system delete deployment insight-jaeger-collector\nkubectl -n insight-system delete deployment insight-jaeger-query\n
"},{"location":"en/end-user/insight/quickstart/install/upgrade-note.html#upgrade-from-v017x-or-lower-to-v018x","title":"Upgrade from v0.17.x (or lower) to v0.18.x","text":"In v0.18.x, there have been updates to the Jaeger-related deployment files, so you need to manually run the following commands before upgrading insight-server:
kubectl -n insight-system delete deployment insight-jaeger-collector\nkubectl -n insight-system delete deployment insight-jaeger-query\n
There have been changes to metric names in v0.18.x, so after upgrading insight-server, insight-agent should also be upgraded.
In addition, the parameters for enabling the tracing module and adjusting the ElasticSearch connection have been modified. Refer to the following parameters:
+ --set global.tracing.enable=true \\\n- --set jaeger.collector.enabled=true \\\n- --set jaeger.query.enabled=true \\\n+ --set global.elasticsearch.scheme=${your-external-elasticsearch-scheme} \\\n+ --set global.elasticsearch.host=${your-external-elasticsearch-host} \\\n+ --set global.elasticsearch.port=${your-external-elasticsearch-port} \\\n+ --set global.elasticsearch.user=${your-external-elasticsearch-username} \\\n+ --set global.elasticsearch.password=${your-external-elasticsearch-password} \\\n- --set jaeger.storage.elasticsearch.scheme=${your-external-elasticsearch-scheme} \\\n- --set jaeger.storage.elasticsearch.host=${your-external-elasticsearch-host} \\\n- --set jaeger.storage.elasticsearch.port=${your-external-elasticsearch-port} \\\n- --set jaeger.storage.elasticsearch.user=${your-external-elasticsearch-username} \\\n- --set jaeger.storage.elasticsearch.password=${your-external-elasticsearch-password} \\\n
"},{"location":"en/end-user/insight/quickstart/install/upgrade-note.html#upgrade-from-v015x-or-lower-to-v016x","title":"Upgrade from v0.15.x (or lower) to v0.16.x","text":"In v0.16.x, a new feature parameter disableRouteContinueEnforce
in the vmalertmanagers CRD
is used. Therefore, you need to manually run the following command before upgrading insight-server:
kubectl apply --server-side -f https://raw.githubusercontent.com/VictoriaMetrics/operator/v0.33.0/config/crd/bases/operator.victoriametrics.com_vmalertmanagers.yaml --force-conflicts\n
Note
If you are performing an offline installation, after extracting the insight offline package, please run the following command to update CRDs.
kubectl apply --server-side -f insight/dependency-crds --force-conflicts \n
"},{"location":"en/end-user/insight/quickstart/install/upgrade-note.html#upgrade-from-v023x-or-lower-to-v024x","title":"Upgrade from v0.23.x (or lower) to v0.24.x","text":"In v0.24.x, CRDs have been added to the OTEL operator chart
. However, helm upgrade does not update CRDs, so you need to manually run the following command:
kubectl apply -f https://raw.githubusercontent.com/open-telemetry/opentelemetry-helm-charts/main/charts/opentelemetry-operator/crds/crd-opentelemetry.io_opampbridges.yaml\n
If you are performing an offline installation, you can find the above CRD yaml file after extracting the insight-agent offline package. After extracting the insight-agent Chart, manually run the following command:
kubectl apply -f charts/agent/crds/crd-opentelemetry.io_opampbridges.yaml\n
"},{"location":"en/end-user/insight/quickstart/install/upgrade-note.html#upgrade-from-v019x-or-lower-to-v020x","title":"Upgrade from v0.19.x (or lower) to v0.20.x","text":"In v0.20.x, Kafka log export configuration has been added, and there have been some adjustments to the log export configuration. Before upgrading insight-agent , please note the parameter changes. The previous logging configuration has been moved to the logging.elasticsearch configuration:
- --set global.exporters.logging.host \\\n- --set global.exporters.logging.port \\\n+ --set global.exporters.logging.elasticsearch.host \\\n+ --set global.exporters.logging.elasticsearch.port \\\n
"},{"location":"en/end-user/insight/quickstart/install/upgrade-note.html#upgrade-from-v017x-or-lower-to-v018x_1","title":"Upgrade from v0.17.x (or lower) to v0.18.x","text":"Due to the updated deployment files for Jaeger In v0.18.x, it is important to note the changes in parameters before upgrading the insight-agent.
+ --set global.exporters.trace.enable=true \\\n- --set opentelemetry-collector.enabled=true \\\n- --set opentelemetry-operator.enabled=true \\\n
"},{"location":"en/end-user/insight/quickstart/install/upgrade-note.html#upgrade-from-v016x-or-lower-to-v017x","title":"Upgrade from v0.16.x (or lower) to v0.17.x","text":"In v0.17.x, the kube-prometheus-stack chart version was upgraded from 41.9.1 to 45.28.1, and there were also some field upgrades in the CRD used, such as the attachMetadata field of servicemonitor. Therefore, the following command needs to be rund before upgrading the insight-agent:
kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.65.1/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --force-conflicts\n
If you are performing an offline installation, you can find the yaml for the above CRD in insight-agent/dependency-crds after extracting the insight-agent offline package.
"},{"location":"en/end-user/insight/quickstart/install/upgrade-note.html#upgrade-from-v011x-or-earlier-to-v012x","title":"Upgrade from v0.11.x (or earlier) to v0.12.x","text":"v0.12.x upgrades kube-prometheus-stack chart from 39.6.0 to 41.9.1, including prometheus-operator to v0.60.1, prometheus-node-exporter chart to v4.3.0. Prometheus-node-exporter uses Kubernetes recommended label after upgrading, so you need to delete node-exporter daemonset. prometheus-operator has updated the CRD, so you need to run the following command before upgrading the insight-agent:
kubectl delete daemonset insight-agent-prometheus-node-exporter -n insight-system\nkubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml --force- conflicts\nkubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml --force- conflicts\nkubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml --force- conflicts\nkubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml --force- conflicts\nkubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml --force- conflicts\nkubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml --force- conflicts\nkubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --force- conflicts\nkubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml --force- conflicts\n
Note
If you are installing offline, you can run the following command to update the CRD after decompressing the insight-agent offline package.
kubectl apply --server-side -f insight-agent/dependency-crds --force-conflicts\n
"},{"location":"en/end-user/insight/quickstart/jvm-monitor/jmx-exporter.html","title":"Use JMX Exporter to expose JVM monitoring metrics","text":"JMX-Exporter provides two usages:
Note
Officials do not recommend the first method. On the one hand, the configuration is complicated, and on the other hand, it requires a separate process, and the monitoring of this process itself has become a new problem. So This page focuses on the second usage and how to use JMX Exporter to expose JVM monitoring metrics in the Kubernetes environment.
The second usage is used here, and the JMX Exporter jar package file and configuration file need to be specified when starting the JVM. The jar package is a binary file, so it is not easy to mount it through configmap. We hardly need to modify the configuration file. So the suggestion is to directly package the jar package and configuration file of JMX Exporter into the business container image.
Among them, in the second way, we can choose to put the jar file of JMX Exporter in the business application mirror, You can also choose to mount it during deployment. Here is an introduction to the two methods:
"},{"location":"en/end-user/insight/quickstart/jvm-monitor/jmx-exporter.html#method-1-build-the-jmx-exporter-jar-file-into-the-business-image","title":"Method 1: Build the JMX Exporter JAR file into the business image","text":"The content of prometheus-jmx-config.yaml is as follows:
prometheus-jmx-config.yaml...\nssl: false\nlowercaseOutputName: false\nlowercaseOutputLabelNames: false\nrules:\n- pattern: \".*\"\n
Note
For more configmaps, please refer to the bottom introduction or Prometheus official documentation.
Then prepare the jar package file, you can find the latest jar package download address on the Github page of jmx_exporter and refer to the following Dockerfile:
FROM openjdk:11.0.15-jre\nWORKDIR /app/\nCOPY target/my-app.jar ./\nCOPY prometheus-jmx-config.yaml ./\nRUN set -ex; \\\n curl -L -O https://repo1.maven.org/maven2/io/prometheus/jmx/jmx_prometheus_javaagent/0.17.2/jmx_prometheus_javaagent-0.17.2.jar;\nENV JAVA_TOOL_OPTIONS=-javaagent:/app/jmx_prometheus_javaagent-0.17.2.jar=8088:/app/prometheus-jmx-config.yaml\nEXPOSE 8081 8999 8080 8888\nENTRYPOINT java $JAVA_OPTS -jar my-app.jar\n
Notice:
We need to make the JMX exporter into a Docker image first, the following Dockerfile is for reference only:
FROM alpine/curl:3.14\nWORKDIR /app/\n# Copy the previously created config file to the mirror\nCOPY prometheus-jmx-config.yaml ./\n# Download jmx prometheus javaagent jar online\nRUN set -ex; \\\n curl -L -O https://repo1.maven.org/maven2/io/prometheus/jmx/jmx_prometheus_javaagent/0.17.2/jmx_prometheus_javaagent-0.17.2.jar;\n
Build the image according to the above Dockerfile: docker build -t my-jmx-exporter .
Add the following init container to the Java application deployment Yaml:
Click to view YAML fileapiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: my-demo-app\n labels:\n app: my-demo-app\nspec:\n selector:\n matchLabels:\n app: my-demo-app\n template:\n metadata:\n labels:\n app: my-demo-app\n spec:\n imagePullSecrets:\n - name: registry-pull\n initContainers:\n - name: jmx-sidecar\n image: my-jmx-exporter\n command: [\"cp\", \"-r\", \"/app/jmx_prometheus_javaagent-0.17.2.jar\", \"/target/jmx_prometheus_javaagent-0.17.2.jar\"] \u278a\n volumeMounts:\n - name: sidecar\n mountPath: /target\n containers:\n - image: my-demo-app-image\n name: my-demo-app\n resources:\n requests:\n memory: \"1000Mi\"\n cpu: \"500m\"\n limits:\n memory: \"1000Mi\"\n cpu: \"500m\"\n ports:\n - containerPort: 18083\n env:\n - name: JAVA_TOOL_OPTIONS\n value: \"-javaagent:/app/jmx_prometheus_javaagent-0.17.2.jar=8088:/app/prometheus-jmx-config.yaml\" \u278b\n volumeMounts:\n - name: host-time\n mountPath: /etc/localtime\n readOnly: true\n - name: sidecar\n mountPath: /sidecar\n volumes:\n - name: host-time\n hostPath:\n path: /etc/localtime\n - name: sidecar # Share the agent folder\n emptyDir: {}\n restartPolicy: Always\n
After the above modification, the sample application my-demo-app has the ability to expose JVM metrics. After running the service, we can access the prometheus format metrics exposed by the service through http://lcoalhost:8088
.
Then, you can refer to Java Application Docking Observability with JVM Metrics.
"},{"location":"en/end-user/insight/quickstart/jvm-monitor/jvm-catelogy.html","title":"Start monitoring Java applications","text":"This document mainly describes how to monitor the JVM of the customer's Java application. It describes how Java applications that have exposed JVM metrics, and those that have not, interface with Insight.
If your Java application does not start exposing JVM metrics, you can refer to the following documents:
If your Java application has exposed JVM metrics, you can refer to the following documents:
If your Java application exposes JVM monitoring metrics through other means (such as Spring Boot Actuator), We need to allow monitoring data to be collected. You can let Insight collect existing JVM metrics by adding Kubernetes Annotations to the workload:
annatation:\n insight.opentelemetry.io/metric-scrape: \"true\" # whether to collect\n insight.opentelemetry.io/metric-path: \"/\" # path to collect metrics\n insight.opentelemetry.io/metric-port: \"9464\" # port for collecting metrics\n
YAML Example to add annotations for my-deployment-app workload\uff1a
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: my-deployment-app\nspec:\n selector:\n matchLabels:\n app: my-deployment-app\n app.kubernetes.io/name: my-deployment-app\n replicas: 1\n template:\n metadata:\n labels:\n app: my-deployment-app\n app.kubernetes.io/name: my-deployment-app\n annotations:\n insight.opentelemetry.io/metric-scrape: \"true\" # whether to collect\n insight.opentelemetry.io/metric-path: \"/\" # path to collect metrics\n insight.opentelemetry.io/metric-port: \"9464\" # port for collecting metrics\n
The following shows the complete YAML:
---\napiVersion: v1\nkind: Service\nmetadata:\n name: spring-boot-actuator-prometheus-metrics-demo\nspec:\n type: NodePort\n selector:\n #app: my-deployment-with-aotu-instrumentation-app\n app.kubernetes.io/name: spring-boot-actuator-prometheus-metrics-demo\n ports:\n - name: http\n port: 8080\n---\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: spring-boot-actuator-prometheus-metrics-demo\nspec:\n selector:\n matchLabels:\n #app: my-deployment-with-aotu-instrumentation-app\n app.kubernetes.io/name: spring-boot-actuator-prometheus-metrics-demo\n replicas: 1\n template:\n metadata:\n labels:\n app.kubernetes.io/name: spring-boot-actuator-prometheus-metrics-demo\n annotations:\n insight.opentelemetry.io/metric-scrape: \"true\" # whether to collect\n insight.opentelemetry.io/metric-path: \"/actuator/prometheus\" # path to collect metrics\n insight.opentelemetry.io/metric-port: \"8080\" # port for collecting metrics\n spec:\n containers:\n - name: myapp\n image: docker.m.daocloud.io/wutang/spring-boot-actuator-prometheus-metrics-demo\n ports:\n - name: http\n containerPort: 8080\n resources:\n limits:\n cpu: 500m\n memory: 800Mi\n requests:\n cpu: 200m\n memory: 400Mi\n
In the above example\uff0cInsight will use :8080//actuator/prometheus to get Prometheus metrics exposed through Spring Boot Actuator .
"},{"location":"en/end-user/insight/quickstart/jvm-monitor/otel-java-agent.html","title":"Use OpenTelemetry Java Agent to expose JVM monitoring metrics","text":"In Opentelemetry Agent v1.20.0 and above, Opentelemetry Agent has added the JMX Metric Insight module. If your application has integrated Opentelemetry Agent to collect application traces, then you no longer need to introduce other Agents for our application Expose JMX metrics. The Opentelemetry Agent also collects and exposes metrics by instrumenting the metrics exposed by MBeans locally available in the application.
Opentelemetry Agent also has some built-in monitoring samples for common Java Servers or frameworks, please refer to predefined metrics.
Using the OpenTelemetry Java Agent also needs to consider how to mount the JAR into the container. In addition to referring to the JMX Exporter above to mount the JAR file, we can also use the Operator capabilities provided by OpenTelemetry to automatically enable JVM metric exposure for our applications. :
If your application has integrated Opentelemetry Agent to collect application traces, then you no longer need to introduce other Agents to expose JMX metrics for our application. The Opentelemetry Agent can now natively collect and expose metrics interfaces by instrumenting metrics exposed by MBeans available locally in the application.
However, for current version, you still need to manually add the proper annotations to workload before the JVM data will be collected by Insight.
"},{"location":"en/end-user/insight/quickstart/jvm-monitor/otel-java-agent.html#expose-metrics-for-java-middleware","title":"Expose metrics for Java middleware","text":"Opentelemetry Agent also has some built-in middleware monitoring samples, please refer to Predefined Metrics.
By default, no type is specified, and it needs to be specified through -Dotel.jmx.target.system JVM Options, such as -Dotel.jmx.target.system=jetty,kafka-broker .
"},{"location":"en/end-user/insight/quickstart/jvm-monitor/otel-java-agent.html#reference","title":"Reference","text":"Gaining JMX Metric Insights with the OpenTelemetry Java Agent
Otel jmx metrics
If you don't want to manually change the application code, you can try This page's eBPF-based automatic enhancement method. This feature is currently in the review stage of donating to the OpenTelemetry community, and does not support Operator injection through annotations (it will be supported in the future), so you need to manually change the Deployment YAML or use a patch.
"},{"location":"en/end-user/insight/quickstart/otel/golang-ebpf.html#prerequisites","title":"Prerequisites","text":"Make sure Insight Agent is ready. If not, see Install insight-agent to collect data and make sure the following three items are in place:
Install under the Insight-system namespace, skip this step if it has already been installed.
Note: This CR currently only supports the injection of environment variables (including service name and trace address) required to connect to Insight, and will support the injection of Golang probes in the future.
kubectl apply -f - <<EOF\napiVersion: opentelemetry.io/v1alpha1\nkind: Instrumentation\nmetadata:\n name: insight-opentelemetry-autoinstrumentation\n namespace: insight-system\nspec:\n # https://github.com/open-telemetry/opentelemetry-operator/blob/main/docs/api.md#instrumentationspecresource\n resource:\n addK8sUIDAttributes: true\n env:\n - name: OTEL_EXPORTER_OTLP_ENDPOINT\n value: http://insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317\n sampler:\n # Enum: always_on, always_off, traceidratio, parentbased_always_on, parentbased_always_off, parentbased_traceidratio, jaeger_remote, xray\n type: always_on\n java:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-java:1.17.0\n env:\n - name: OTEL_JAVAAGENT_DEBUG\n value: \"false\"\n - name: OTEL_INSTRUMENTATION_JDBC_ENABLED\n value: \"true\"\n - name: SPLUNK_PROFILER_ENABLED\n value: \"false\"\n nodejs:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-nodejs:0.31.0\n python:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-python:0.34b0\n dotnet:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-dotnet:0.3.1-beta.1\nEOF\n
"},{"location":"en/end-user/insight/quickstart/otel/golang-ebpf.html#change-the-application-deployment-file","title":"Change the application deployment file","text":"Add environment variable annotations
There is only one such annotation, which is used to add OpenTelemetry-related environment variables, such as link reporting address, cluster id where the container is located, and namespace:
instrumentation.opentelemetry.io/inject-sdk: \"insight-system/insight-opentelemetry-autoinstrumentation\"\n
The value is divided into two parts by / , the first value insight-system is the namespace of the CR installed in the second step, and the second value insight-opentelemetry-autoinstrumentation is the name of the CR.
Add golang ebpf probe container
Here is sample code:
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: voting\n namespace: emojivoto\n labels:\n app.kubernetes.io/name: voting\n app.kubernetes.io/part-of: emojivoto\n app.kubernetes.io/version: v11\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: voting-svc\n version: v11\n template:\n metadata:\n labels:\n app: voting-svc\n version: v11\n annotations:\n instrumentation.opentelemetry.io/inject-sdk: \"insight-system/insight-opentelemetry-autoinstrumentation\" # (1)\n spec:\n containers:\n - env:\n - name: GRPC_PORT\n value: \"8080\"\n - name: PROM_PORT\n value: \"8801\"\n image: docker.l5d.io/buoyantio/emojivoto-voting-svc:v11 # (2)\n name: voting-svc\n command:\n - /usr/local/bin/emojivoto-voting-svc\n ports:\n - containerPort: 8080\n name: grpc\n - containerPort: 8801\n name: prom\n resources:\n requests:\n cpu: 100m\n - name: emojivoto-voting-instrumentation\n image: docker.m.daocloud.io/keyval/otel-go-agent:v0.6.0\n env:\n - name: OTEL_TARGET_EXE\n value: /usr/local/bin/emojivoto-voting-svc # (3)\n securityContext:\n runAsUser: 0\n capabilities:\n add:\n - SYS_PTRACE\n privileged: true\n volumeMounts:\n - mountPath: /sys/kernel/debug\n name: kernel-debug\n volumes:\n - name: kernel-debug\n hostPath:\n path: /sys/kernel/debug\n
The final generated Yaml content is as follows:
apiVersion: v1\nkind: Pod\nmetadata:\n name: voting-84b696c897-p9xbp\n generateName: voting-84b696c897-\n namespace: default\n uid: 742639b0-db6e-4f06-ac90-68a80e2b8a11\n resourceVersion: '65560793'\n creationTimestamp: '2022-10-19T07:08:56Z'\n labels:\n app: voting-svc\n pod-template-hash: 84b696c897\n version: v11\n annotations:\n cni.projectcalico.org/containerID: 0a987cf0055ce0dfbe75c3f30d580719eb4fbbd7e1af367064b588d4d4e4c7c7\n cni.projectcalico.org/podIP: 192.168.141.218/32\n cni.projectcalico.org/podIPs: 192.168.141.218/32\n instrumentation.opentelemetry.io/inject-sdk: insight-system/insight-opentelemetry-autoinstrumentation\nspec:\n volumes:\n - name: launcherdir\n emptyDir: {}\n - name: kernel-debug\n hostPath:\n path: /sys/kernel/debug\n type: ''\n - name: kube-api-access-gwj5v\n projected:\n sources:\n - serviceAccountToken:\n expirationSeconds: 3607\n path: token\n - configMap:\n name: kube-root-ca.crt\n items:\n - key: ca.crt\n path: ca.crt\n - downwardAPI:\n items:\n - path: namespace\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n defaultMode: 420\n containers:\n - name: voting-svc\n image: docker.l5d.io/buoyantio/emojivoto-voting-svc:v11\n command:\n - /odigos-launcher/launch\n - /usr/local/bin/emojivoto-voting-svc\n ports:\n - name: grpc\n containerPort: 8080\n protocol: TCP\n - name: prom\n containerPort: 8801\n protocol: TCP\n env:\n - name: GRPC_PORT\n value: '8080'\n - name: PROM_PORT\n value: '8801'\n - name: OTEL_TRACES_EXPORTER\n value: otlp\n - name: OTEL_EXPORTER_OTLP_ENDPOINT\n value: >-\n http://insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317\n - name: OTEL_EXPORTER_OTLP_TIMEOUT\n value: '200'\n - name: SPLUNK_TRACE_RESPONSE_HEADER_ENABLED\n value: 'true'\n - name: OTEL_SERVICE_NAME\n value: voting\n - name: OTEL_RESOURCE_ATTRIBUTES_POD_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.name\n - name: OTEL_RESOURCE_ATTRIBUTES_POD_UID\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.uid\n - name: OTEL_RESOURCE_ATTRIBUTES_NODE_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: spec.nodeName\n - name: OTEL_PROPAGATORS\n value: jaeger,b3\n - name: OTEL_TRACES_SAMPLER\n value: always_on\n - name: OTEL_RESOURCE_ATTRIBUTES\n value: >-\n k8s.container.name=voting-svc,k8s.deployment.name=voting,k8s.deployment.uid=79e015e2-4643-44c0-993c-e486aebaba10,k8s.namespace.name=default,k8s.node.name=$(OTEL_RESOURCE_ATTRIBUTES_NODE_NAME),k8s.pod.name=$(OTEL_RESOURCE_ATTRIBUTES_POD_NAME),k8s.pod.uid=$(OTEL_RESOURCE_ATTRIBUTES_POD_UID),k8s.replicaset.name=voting-84b696c897,k8s.replicaset.uid=63f56167-6632-415d-8b01-43a3db9891ff\n resources:\n requests:\n cpu: 100m\n volumeMounts:\n - name: launcherdir\n mountPath: /odigos-launcher\n - name: kube-api-access-gwj5v\n readOnly: true\n mountPath: /var/run/secrets/kubernetes.io/serviceaccount\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: IfNotPresent\n - name: emojivoto-voting-instrumentation\n image: keyval/otel-go-agent:v0.6.0\n env:\n - name: OTEL_TARGET_EXE\n value: /usr/local/bin/emojivoto-voting-svc\n - name: OTEL_EXPORTER_OTLP_ENDPOINT\n value: jaeger:4317\n - name: OTEL_SERVICE_NAME\n value: emojivoto-voting\n resources: {}\n volumeMounts:\n - name: kernel-debug\n mountPath: /sys/kernel/debug\n - name: kube-api-access-gwj5v\n readOnly: true\n mountPath: /var/run/secrets/kubernetes.io/serviceaccount\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: IfNotPresent\n securityContext:\n capabilities:\n add:\n - SYS_PTRACE\n privileged: true\n runAsUser: 0\n\u00b7\u00b7\u00b7\u00b7\u00b7\u00b7\n
"},{"location":"en/end-user/insight/quickstart/otel/golang-ebpf.html#reference","title":"Reference","text":"Currently, only Java, Node.js, Python, .NET, and Golang support non-intrusive integration through the Operator approach.
"},{"location":"en/end-user/insight/quickstart/otel/operator.html#prerequisites","title":"Prerequisites","text":"Please ensure that the insight-agent is ready. If not, please refer to Install insight-agent for data collection and make sure the following three items are ready:
Tip
Starting from Insight v0.22.0, there is no longer a need to manually install the Instrumentation CR.
Install it in the insight-system namespace. There are some minor differences between different versions.
Insight v0.21.xInsight v0.20.xInsight v0.18.xInsight v0.17.xInsight v0.16.xK8S_CLUSTER_UID=$(kubectl get namespace kube-system -o jsonpath='{.metadata.uid}')\nkubectl apply -f - <<EOF\napiVersion: opentelemetry.io/v1alpha1\nkind: Instrumentation\nmetadata:\n name: insight-opentelemetry-autoinstrumentation\n namespace: insight-system\nspec:\n # https://github.com/open-telemetry/opentelemetry-operator/blob/main/docs/api.md#instrumentationspecresource\n resource:\n addK8sUIDAttributes: true\n env:\n - name: OTEL_EXPORTER_OTLP_ENDPOINT\n value: http://insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317\n sampler:\n # Enum: always_on, always_off, traceidratio, parentbased_always_on, parentbased_always_off, parentbased_traceidratio, jaeger_remote, xray\n type: always_on\n java:\n image: ghcr.m.daocloud.io/openinsight-proj/autoinstrumentation-java:1.31.0\n env:\n - name: OTEL_JAVAAGENT_DEBUG\n value: \"false\"\n - name: OTEL_INSTRUMENTATION_JDBC_ENABLED\n value: \"true\"\n - name: SPLUNK_PROFILER_ENABLED\n value: \"false\"\n - name: OTEL_METRICS_EXPORTER\n value: \"prometheus\"\n - name: OTEL_METRICS_EXPORTER_PORT\n value: \"9464\"\n - name: OTEL_K8S_CLUSTER_UID\n value: $K8S_CLUSTER_UID\n nodejs:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-nodejs:0.41.1\n python:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-python:0.40b0\n dotnet:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-dotnet:1.0.0\n go:\n # Must set the default value manually for now.\n # See https://github.com/open-telemetry/opentelemetry-operator/issues/1756 for details.\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-go-instrumentation/autoinstrumentation-go:v0.2.2-alpha\nEOF\n
kubectl apply -f - <<EOF\napiVersion: opentelemetry.io/v1alpha1\nkind: Instrumentation\nmetadata:\n name: insight-opentelemetry-autoinstrumentation\n namespace: insight-system\nspec:\n # https://github.com/open-telemetry/opentelemetry-operator/blob/main/docs/api.md#instrumentationspecresource\n resource:\n addK8sUIDAttributes: true\n env:\n - name: OTEL_EXPORTER_OTLP_ENDPOINT\n value: http://insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317\n sampler:\n # Enum: always_on, always_off, traceidratio, parentbased_always_on, parentbased_always_off, parentbased_traceidratio, jaeger_remote, xray\n type: always_on\n java:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-java:1.29.0\n env:\n - name: OTEL_JAVAAGENT_DEBUG\n value: \"false\"\n - name: OTEL_INSTRUMENTATION_JDBC_ENABLED\n value: \"true\"\n - name: SPLUNK_PROFILER_ENABLED\n value: \"false\"\n - name: OTEL_METRICS_EXPORTER\n value: \"prometheus\"\n - name: OTEL_METRICS_EXPORTER_PORT\n value: \"9464\"\n nodejs:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-nodejs:0.41.1\n python:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-python:0.40b0\n dotnet:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-dotnet:1.0.0-rc.2\n go:\n # Must set the default value manually for now.\n # See https://github.com/open-telemetry/opentelemetry-operator/issues/1756 for details.\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-go-instrumentation/autoinstrumentation-go:v0.2.2-alpha\nEOF\n
kubectl apply -f - <<EOF\napiVersion: opentelemetry.io/v1alpha1\nkind: Instrumentation\nmetadata:\n name: insight-opentelemetry-autoinstrumentation\n namespace: insight-system\nspec:\n # https://github.com/open-telemetry/opentelemetry-operator/blob/main/docs/api.md#instrumentationspecresource\n resource:\n addK8sUIDAttributes: true\n env:\n - name: OTEL_EXPORTER_OTLP_ENDPOINT\n value: http://insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317\n sampler:\n # Enum: always_on, always_off, traceidratio, parentbased_always_on, parentbased_always_off, parentbased_traceidratio, jaeger_remote, xray\n type: always_on\n java:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-java:1.25.0\n env:\n - name: OTEL_JAVAAGENT_DEBUG\n value: \"false\"\n - name: OTEL_INSTRUMENTATION_JDBC_ENABLED\n value: \"true\"\n - name: SPLUNK_PROFILER_ENABLED\n value: \"false\"\n - name: OTEL_METRICS_EXPORTER\n value: \"prometheus\"\n - name: OTEL_METRICS_EXPORTER_PORT\n value: \"9464\"\n nodejs:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-nodejs:0.37.0\n python:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-python:0.38b0\n go:\n # Must set the default value manually for now.\n # See https://github.com/open-telemetry/opentelemetry-operator/issues/1756 for details.\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-go-instrumentation/autoinstrumentation-go:v0.2.1-alpha\nEOF\n
kubectl apply -f - <<EOF\napiVersion: opentelemetry.io/v1alpha1\nkind: Instrumentation\nmetadata:\n name: insight-opentelemetry-autoinstrumentation\n namespace: insight-system\nspec:\n # https://github.com/open-telemetry/opentelemetry-operator/blob/main/docs/api.md#instrumentationspecresource\n resource:\n addK8sUIDAttributes: true\n env:\n - name: OTEL_EXPORTER_OTLP_ENDPOINT\n value: http://insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317\n sampler:\n # Enum: always_on, always_off, traceidratio, parentbased_always_on, parentbased_always_off, parentbased_traceidratio, jaeger_remote, xray\n type: always_on\n java:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-java:1.23.0\n env:\n - name: OTEL_JAVAAGENT_DEBUG\n value: \"false\"\n - name: OTEL_INSTRUMENTATION_JDBC_ENABLED\n value: \"true\"\n - name: SPLUNK_PROFILER_ENABLED\n value: \"false\"\n - name: OTEL_METRICS_EXPORTER\n value: \"prometheus\"\n - name: OTEL_METRICS_EXPORTER_PORT\n value: \"9464\"\n nodejs:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-nodejs:0.34.0\n python:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-python:0.33b0\nEOF\n
kubectl apply -f - <<EOF\napiVersion: opentelemetry.io/v1alpha1\nkind: Instrumentation\nmetadata:\n name: insight-opentelemetry-autoinstrumentation\n namespace: insight-system\nspec:\n # https://github.com/open-telemetry/opentelemetry-operator/blob/main/docs/api.md#instrumentationspecresource\n resource:\n addK8sUIDAttributes: true\n env:\n - name: OTEL_EXPORTER_OTLP_ENDPOINT\n value: http://insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317\n sampler:\n # Enum: always_on, always_off, traceidratio, parentbased_always_on, parentbased_always_off, parentbased_traceidratio, jaeger_remote, xray\n type: always_on\n java:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-java:1.23.0\n env:\n - name: OTEL_JAVAAGENT_DEBUG\n value: \"false\"\n - name: OTEL_INSTRUMENTATION_JDBC_ENABLED\n value: \"true\"\n - name: SPLUNK_PROFILER_ENABLED\n value: \"false\"\n - name: OTEL_METRICS_EXPORTER\n value: \"prometheus\"\n - name: OTEL_METRICS_EXPORTER_PORT\n value: \"9464\"\n nodejs:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-nodejs:0.34.0\n python:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-python:0.33b0\nEOF\n
"},{"location":"en/end-user/insight/quickstart/otel/operator.html#works-with-the-service-mesh-product-mspider","title":"Works with the Service Mesh Product (Mspider)","text":"If you enable the tracing capability of the Mspider(Service Mesh), you need to add an additional environment variable injection configuration:
"},{"location":"en/end-user/insight/quickstart/otel/operator.html#the-operation-steps-are-as-follows","title":"The operation steps are as follows","text":"Select the insight-system namespace, then edit insight-opentelemetry-autoinstrumentation, and add the following content under spec:env:
:
- name: OTEL_SERVICE_NAME\n valueFrom:\n fieldRef:\n fieldPath: metadata.labels['app'] \n
The complete example (for Insight v0.21.x) is as follows:
K8S_CLUSTER_UID=$(kubectl get namespace kube-system -o jsonpath='{.metadata.uid}')\nkubectl apply -f - <<EOF\napiVersion: opentelemetry.io/v1alpha1\nkind: Instrumentation\nmetadata:\n name: insight-opentelemetry-autoinstrumentation\n namespace: insight-system\nspec:\n # https://github.com/open-telemetry/opentelemetry-operator/blob/main/docs/api.md#instrumentationspecresource\n resource:\n addK8sUIDAttributes: true\n env:\n - name: OTEL_EXPORTER_OTLP_ENDPOINT\n value: http://insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317\n - name: OTEL_SERVICE_NAME\n valueFrom:\n fieldRef:\n fieldPath: metadata.labels['app'] \n sampler:\n # Enum: always_on, always_off, traceidratio, parentbased_always_on, parentbased_always_off, parentbased_traceidratio, jaeger_remote, xray\n type: always_on\n java:\n image: ghcr.m.daocloud.io/openinsight-proj/autoinstrumentation-java:1.31.0\n env:\n - name: OTEL_JAVAAGENT_DEBUG\n value: \"false\"\n - name: OTEL_INSTRUMENTATION_JDBC_ENABLED\n value: \"true\"\n - name: SPLUNK_PROFILER_ENABLED\n value: \"false\"\n - name: OTEL_METRICS_EXPORTER\n value: \"prometheus\"\n - name: OTEL_METRICS_EXPORTER_PORT\n value: \"9464\"\n - name: OTEL_K8S_CLUSTER_UID\n value: $K8S_CLUSTER_UID\n nodejs:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-nodejs:0.41.1\n python:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-python:0.40b0\n dotnet:\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-dotnet:1.0.0\n go:\n # Must set the default value manually for now.\n # See https://github.com/open-telemetry/opentelemetry-operator/issues/1756 for details.\n image: ghcr.m.daocloud.io/open-telemetry/opentelemetry-go-instrumentation/autoinstrumentation-go:v0.2.2-alpha\nEOF\n
After the above is ready, you can access traces for the application through annotations (Annotation). Otel currently supports accessing traces through annotations. Depending on the service language, different pod annotations need to be added. Each service can add one of two types of annotations:
Only inject environment variable annotations
There is only one such annotation, which is used to add otel-related environment variables, such as link reporting address, cluster id where the container is located, and namespace (this annotation is very useful when the application does not support automatic probe language)
instrumentation.opentelemetry.io/inject-sdk: \"insight-system/insight-opentelemetry-autoinstrumentation\"\n
The value is divided into two parts by /
, the first value (insight-system) is the namespace of the CR installed in the previous step, and the second value (insight-opentelemetry-autoinstrumentation) is the name of the CR.
Automatic probe injection and environment variable injection annotations
There are currently 4 such annotations, proper to 4 different programming languages: java, nodejs, python, dotnet. After using it, automatic probes and otel default environment variables will be injected into the first container under spec.pod:
Java applicationNodeJs applicationPython applicationDotnet applicationGolang applicationinstrumentation.opentelemetry.io/inject-java: \"insight-system/insight-opentelemetry-autoinstrumentation\"\n
instrumentation.opentelemetry.io/inject-nodejs: \"insight-system/insight-opentelemetry-autoinstrumentation\"\n
instrumentation.opentelemetry.io/inject-python: \"insight-system/insight-opentelemetry-autoinstrumentation\"\n
instrumentation.opentelemetry.io/inject-dotnet: \"insight-system/insight-opentelemetry-autoinstrumentation\"\n
Since Go's automatic detection requires the setting of OTEL_GO_AUTO_TARGET_EXE, you must provide a valid executable path through annotations or Instrumentation resources. Failure to set this value will result in the termination of Go's automatic detection injection, leading to a failure in the connection trace.
instrumentation.opentelemetry.io/inject-go: \"insight-system/insight-opentelemetry-autoinstrumentation\"\ninstrumentation.opentelemetry.io/otel-go-auto-target-exe: \"/path/to/container/executable\"\n
Go's automatic detection also requires elevated permissions. The following permissions are automatically set and are necessary.
securityContext:\n privileged: true\n runAsUser: 0\n
Tip
The OpenTelemetry Operator automatically adds some OTel-related environment variables when injecting probes and also supports overriding these variables. The priority order for overriding these environment variables is as follows:
original container env vars -> language specific env vars -> common env vars -> instrument spec configs' vars\n
However, it is important to avoid manually overriding OTEL_RESOURCE_ATTRIBUTES_NODE_NAME . This variable serves as an identifier within the operator to determine if a pod has already been injected with a probe. Manually adding this variable may prevent the probe from being injected successfully.
"},{"location":"en/end-user/insight/quickstart/otel/operator.html#automatic-injection-demo","title":"Automatic injection Demo","text":"Note that the annotation
is added under spec.annotations.
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: my-app\n labels:\n app: my-app\nspec:\n selector:\n matchLabels:\n app: my-app\n replicas: 1\n template:\n metadata:\n labels:\n app: my-app\n annotations:\n instrumentation.opentelemetry.io/inject-java: \"insight-system/insight-opentelemetry-autoinstrumentation\"\n spec:\n containers:\n - name: myapp\n image: jaegertracing/vertx-create-span:operator-e2e-tests\n ports:\n - containerPort: 8080\n protocol: TCP\n
The final generated YAML is as follows:
apiVersion: v1\nkind: Pod\nmetadata:\n name: my-deployment-with-sidecar-565bd877dd-nqkk6\n generateName: my-deployment-with-sidecar-565bd877dd-\n namespace: default\n uid: aa89ca0d-620c-4d20-8bc1-37d67bad4ea4\n resourceVersion: '2668986'\n creationTimestamp: '2022-04-08T05:58:48Z'\n labels:\n app: my-pod-with-sidecar\n pod-template-hash: 565bd877dd\n annotations:\n cni.projectcalico.org/containerID: 234eae5e55ea53db2a4bc2c0384b9a1021ed3908f82a675e4a92a49a7e80dd61\n cni.projectcalico.org/podIP: 192.168.134.133/32\n cni.projectcalico.org/podIPs: 192.168.134.133/32\n instrumentation.opentelemetry.io/inject-java: \"insight-system/insight-opentelemetry-autoinstrumentation\"\nspec:\n volumes:\n - name: kube-api-access-sp2mz\n projected:\n sources:\n - serviceAccountToken:\n expirationSeconds: 3607\n path: token\n - configMap:\n name: kube-root-ca.crt\n items:\n - key: ca.crt\n path: ca.crt\n - downwardAPI:\n items:\n - path: namespace\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n defaultMode: 420\n - name: opentelemetry-auto-instrumentation\n emptyDir: {}\n initContainers:\n - name: opentelemetry-auto-instrumentation\n image: >-\n ghcr.m.daocloud.io/open-telemetry/opentelemetry-operator/autoinstrumentation-java\n command:\n - cp\n - /javaagent.jar\n - /otel-auto-instrumentation/javaagent.jar\n resources: {}\n volumeMounts:\n - name: opentelemetry-auto-instrumentation\n mountPath: /otel-auto-instrumentation\n - name: kube-api-access-sp2mz\n readOnly: true\n mountPath: /var/run/secrets/kubernetes.io/serviceaccount\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: Always\n containers:\n - name: myapp\n image: ghcr.io/pavolloffay/spring-petclinic:latest\n env:\n - name: OTEL_JAVAAGENT_DEBUG\n value: 'true'\n - name: OTEL_INSTRUMENTATION_JDBC_ENABLED\n value: 'true'\n - name: SPLUNK_PROFILER_ENABLED\n value: 'false'\n - name: JAVA_TOOL_OPTIONS\n value: ' -javaagent:/otel-auto-instrumentation/javaagent.jar'\n - name: OTEL_TRACES_EXPORTER\n value: otlp\n - name: OTEL_EXPORTER_OTLP_ENDPOINT\n value: http://insight-agent-opentelemetry-collector.svc.cluster.local:4317\n - name: OTEL_EXPORTER_OTLP_TIMEOUT\n value: '20'\n - name: OTEL_TRACES_SAMPLER\n value: parentbased_traceidratio\n - name: OTEL_TRACES_SAMPLER_ARG\n value: '0.85'\n - name: SPLUNK_TRACE_RESPONSE_HEADER_ENABLED\n value: 'true'\n - name: OTEL_SERVICE_NAME\n value: my-deployment-with-sidecar\n - name: OTEL_RESOURCE_ATTRIBUTES_POD_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.name\n - name: OTEL_RESOURCE_ATTRIBUTES_POD_UID\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.uid\n - name: OTEL_RESOURCE_ATTRIBUTES_NODE_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: spec.nodeName\n - name: OTEL_RESOURCE_ATTRIBUTES\n value: >-\n k8s.container.name=myapp,k8s.deployment.name=my-deployment-with-sidecar,k8s.deployment.uid=8de6929d-dda0-436c-bca1-604e9ca7ea4e,k8s.namespace.name=default,k8s.node.name=$(OTEL_RESOURCE_ATTRIBUTES_NODE_NAME),k8s.pod.name=$(OTEL_RESOURCE_ATTRIBUTES_POD_NAME),k8s.pod.uid=$(OTEL_RESOURCE_ATTRIBUTES_POD_UID),k8s.replicaset.name=my-deployment-with-sidecar-565bd877dd,k8s.replicaset.uid=190d5f6e-ba7f-4794-b2e6-390b5879a6c4\n - name: OTEL_PROPAGATORS\n value: jaeger,b3\n resources: {}\n volumeMounts:\n - name: kube-api-access-sp2mz\n readOnly: true\n mountPath: /var/run/secrets/kubernetes.io/serviceaccount\n - name: opentelemetry-auto-instrumentation\n mountPath: /otel-auto-instrumentation\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: Always\n restartPolicy: Always\n terminationGracePeriodSeconds: 30\n dnsPolicy: ClusterFirst\n serviceAccountName: default\n serviceAccount: default\n nodeName: k8s-master3\n securityContext:\n runAsUser: 1000\n runAsGroup: 3000\n fsGroup: 2000\n schedulerName: default-scheduler\n tolerations:\n - key: node.kubernetes.io/not-ready\n operator: Exists\n effect: NoExecute\n tolerationSeconds: 300\n - key: node.kubernetes.io/unreachable\n operator: Exists\n effect: NoExecute\n tolerationSeconds: 300\n priority: 0\n enableServiceLinks: true\n preemptionPolicy: PreemptLowerPriority\n
"},{"location":"en/end-user/insight/quickstart/otel/operator.html#trace-query","title":"Trace query","text":"How to query the connected services, refer to Trace Query.
"},{"location":"en/end-user/insight/quickstart/otel/otel.html","title":"Use OTel to provide the application observability","text":"Enhancement is the process of enabling application code to generate telemetry data. i.e. something that helps you monitor or measure the performance and status of your application.
OpenTelemetry is a leading open source project providing instrumentation libraries for major programming languages \u200b\u200band popular frameworks. It is a project under the Cloud Native Computing Foundation and is supported by the vast resources of the community. It provides a standardized data format for collected data without the need to integrate specific vendors.
Insight supports OpenTelemetry for application instrumentation to enhance your applications.
This guide introduces the basic concepts of telemetry enhancement using OpenTelemetry. OpenTelemetry also has an ecosystem of libraries, plugins, integrations, and other useful tools to extend it. You can find these resources at the OTel Registry.
You can use any open standard library for telemetry enhancement and use Insight as an observability backend to ingest, analyze, and visualize data.
To enhance your code, you can use the enhanced operations provided by OpenTelemetry for specific languages:
Insight currently provides an easy way to enhance .Net NodeJS, Java, Python and Golang applications with OpenTelemetry. Please follow the guidelines below.
"},{"location":"en/end-user/insight/quickstart/otel/otel.html#trace-enhancement","title":"Trace Enhancement","text":"This document describes how customers can send trace data to Insight on their own. It mainly includes the following two scenarios:
In each cluster where Insight Agent is installed, there is an insight-agent-otel-col component that is used to receive trace data from that cluster. Therefore, this component serves as the entry point for user access and needs to obtain its address first. You can get the address of the Opentelemetry Collector in the cluster through the AI platform interface, such as insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317 :
In addition, there are some slight differences for different reporting methods:
"},{"location":"en/end-user/insight/quickstart/otel/send_tracing_to_insight.html#customer-apps-report-traces-to-insight-through-otel-agentsdk","title":"Customer apps report traces to Insight through OTEL Agent/SDK","text":"To successfully report trace data to Insight and display it properly, it is recommended to provide the required metadata (Resource Attributes) for OTLP through the following environment variables. There are two ways to achieve this:
Manually add them to the deployment YAML file, for example:
...\n- name: OTEL_EXPORTER_OTLP_ENDPOINT\n value: \"http://insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317\"\n- name: \"OTEL_SERVICE_NAME\"\n value: my-java-app-name\n- name: \"OTEL_K8S_NAMESPACE\"\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n- name: OTEL_RESOURCE_ATTRIBUTES_NODE_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: spec.nodeName\n- name: OTEL_RESOURCE_ATTRIBUTES_POD_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.name\n- name: OTEL_RESOURCE_ATTRIBUTES\n value: \"k8s.namespace.name=$(OTEL_K8S_NAMESPACE),k8s.node.name=$(OTEL_RESOURCE_ATTRIBUTES_NODE_NAME),k8s.pod.name=$(OTEL_RESOURCE_ATTRIBUTES_POD_NAME)\"\n
Use the automatic injection capability of Insight Agent to inject the metadata (Resource Attributes)
Ensure that Insight Agent is working properly and after installing the Instrumentation CR, you only need to add the following annotation to the Pod:
instrumentation.opentelemetry.io/inject-sdk: \"insight-system/insight-opentelemetry-autoinstrumentation\"\n
For example:
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: my-deployment-with-aotu-instrumentation\nspec:\n selector:\n matchLabels:\n app.kubernetes.io/name: my-deployment-with-aotu-instrumentation-kuberntes\n replicas: 1\n template:\n metadata:\n labels:\n app.kubernetes.io/name: my-deployment-with-aotu-instrumentation-kuberntes\n annotations:\n sidecar.opentelemetry.io/inject: \"false\"\n instrumentation.opentelemetry.io/inject-sdk: \"insight-system/insight-opentelemetry-autoinstrumentation\"\n
After ensuring that the application has added the metadata mentioned above, you only need to add an OTLP Exporter in your customer's Opentelemetry Collector to forward the trace data to Insight Agent Opentelemetry Collector. Below is an example Opentelemetry Collector configuration file:
...\nexporters:\n otlp/insight:\n endpoint: insight-opentelemetry-collector.insight-system.svc.cluster.local:4317\nservice:\n...\npipelines:\n...\ntraces:\n exporters:\n - otlp/insight\n
"},{"location":"en/end-user/insight/quickstart/otel/send_tracing_to_insight.html#references","title":"References","text":"This page contains instructions on how to set up OpenTelemetry enhancements in a Go application.
OpenTelemetry, also known simply as OTel, is an open-source observability framework that helps generate and collect telemetry data: traces, metrics, and logs in Go apps.
"},{"location":"en/end-user/insight/quickstart/otel/golang/golang.html#enhance-go-apps-with-the-opentelemetry-sdk","title":"Enhance Go apps with the OpenTelemetry SDK","text":""},{"location":"en/end-user/insight/quickstart/otel/golang/golang.html#install-related-dependencies","title":"Install related dependencies","text":"Dependencies related to the OpenTelemetry exporter and SDK must be installed first. If you are using another request router, please refer to request routing. After switching/going into the application source folder run the following command:
go get go.opentelemetry.io/otel@v1.8.0 \\\n go.opentelemetry.io/otel/trace@v1.8.0 \\\n go.opentelemetry.io/otel/sdk@v1.8.0 \\\n go.opentelemetry.io/contrib/instrumentation/github.com/gin-gonic/gin/otelgin@v0.33.0 \\\n go.opentelemetry.io/otel/exporters/otlp/otlptrace@v1.7.0 \\\n go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@v1.4.1\n
"},{"location":"en/end-user/insight/quickstart/otel/golang/golang.html#create-an-initialization-feature-using-the-opentelemetry-sdk","title":"Create an initialization feature using the OpenTelemetry SDK","text":"In order for an application to be able to send data, a feature is required to initialize OpenTelemetry. Add the following code snippet to the main.go file:
import (\n \"context\"\n \"os\"\n \"time\"\n\n \"go.opentelemetry.io/otel\"\n \"go.opentelemetry.io/otel/exporters/otlp/otlptrace\"\n \"go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc\"\n \"go.opentelemetry.io/otel/propagation\"\n \"go.opentelemetry.io/otel/sdk/resource\"\n sdktrace \"go.opentelemetry.io/otel/sdk/trace\"\n semconv \"go.opentelemetry.io/otel/semconv/v1.7.0\"\n \"go.uber.org/zap\"\n \"google.golang.org/grpc\"\n)\n\nvar tracerExp *otlptrace.Exporter\n\nfunc retryInitTracer() func() {\n var shutdown func()\n go func() {\n for {\n // otel will reconnected and re-send spans when otel col recover. so, we don't need to re-init tracer exporter.\n if tracerExp == nil {\n shutdown = initTracer()\n } else {\n break\n }\n time.Sleep(time.Minute * 5)\n }\n }()\n return shutdown\n}\n\nfunc initTracer() func() {\n // temporarily set timeout to 10s\n ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)\n defer cancel()\n\n serviceName, ok := os.LookupEnv(\"OTEL_SERVICE_NAME\")\n if !ok {\n serviceName = \"server_name\"\n os.Setenv(\"OTEL_SERVICE_NAME\", serviceName)\n }\n otelAgentAddr, ok := os.LookupEnv(\"OTEL_EXPORTER_OTLP_ENDPOINT\")\n if !ok {\n otelAgentAddr = \"http://localhost:4317\"\n os.Setenv(\"OTEL_EXPORTER_OTLP_ENDPOINT\", otelAgentAddr)\n }\n zap.S().Infof(\"OTLP Trace connect to: %s with service name: %s\", otelAgentAddr, serviceName)\n\n traceExporter, err := otlptracegrpc.New(ctx, otlptracegrpc.WithInsecure(), otlptracegrpc.WithDialOption(grpc.WithBlock()))\n if err != nil {\n handleErr(err, \"OTLP Trace gRPC Creation\")\n return nil\n }\n\n tracerProvider := sdktrace.NewTracerProvider(\n sdktrace.WithBatcher(traceExporter),\n sdktrace.WithSampler(sdktrace.AlwaysSample()),\n sdktrace.WithResource(resource.NewWithAttributes(semconv.SchemaURL)))\n\n otel.SetTracerProvider(tracerProvider)\n otel.SetTextMapPropagator(propagation.NewCompositeTextMapPropagator(propagation.TraceContext{}, propagation.Baggage{}))\n\n tracerExp = traceExporter\n return func() {\n // Shutdown will flush any remaining spans and shut down the exporter.\n handleErr(tracerProvider.Shutdown(ctx), \"failed to shutdown TracerProvider\")\n }\n}\n\nfunc handleErr(err error, message string) {\n if err != nil {\n zap.S().Errorf(\"%s: %v\", message, err)\n }\n}\n
"},{"location":"en/end-user/insight/quickstart/otel/golang/golang.html#initialize-tracker-in-maingo","title":"Initialize tracker in main.go","text":"Modify the main feature to initialize the tracker in main.go. Also when your service shuts down, you should call TracerProvider.Shutdown() to ensure all spans are exported. The service makes the call as a deferred feature in the main function:
func main() {\n // start otel tracing\n if shutdown := retryInitTracer(); shutdown != nil {\n defer shutdown()\n }\n ......\n}\n
"},{"location":"en/end-user/insight/quickstart/otel/golang/golang.html#add-opentelemetry-gin-middleware-to-the-application","title":"Add OpenTelemetry Gin middleware to the application","text":"Configure Gin to use the middleware by adding the following line to main.go :
import (\n ....\n \"go.opentelemetry.io/contrib/instrumentation/github.com/gin-gonic/gin/otelgin\"\n)\n\nfunc main() {\n ......\n r := gin.Default()\n r.Use(otelgin.Middleware(\"my-app\"))\n ......\n}\n
"},{"location":"en/end-user/insight/quickstart/otel/golang/golang.html#run-the-application","title":"Run the application","text":"Local debugging and running
Note: This step is only used for local development and debugging. In the production environment, the Operator will automatically complete the injection of the following environment variables.
The above steps have completed the work of initializing the SDK. Now if you need to develop and debug locally, you need to obtain the address of insight-agent-opentelemerty-collector in the insight-system namespace in advance, assuming: insight-agent-opentelemetry-collector .insight-system.svc.cluster.local:4317 .
Therefore, you can add the following environment variables when you start the application locally:
OTEL_SERVICE_NAME=my-golang-app OTEL_EXPORTER_OTLP_ENDPOINT=http://insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317 go run main.go...\n
Running in a production environment
Please refer to the introduction of Only injecting environment variable annotations in Achieving non-intrusive enhancement of applications through Operators to add annotations to deployment yaml:
instrumentation.opentelemetry.io/inject-sdk: \"insight-system/insight-opentelemetry-autoinstrumentation\"\n
If you cannot use annotations, you can manually add the following environment variables to the deployment yaml:
\u00b7\u00b7\u00b7\u00b7\u00b7\u00b7\nenv:\n - name: OTEL_EXPORTER_OTLP_ENDPOINT\n value: 'http://insight-agent-opentelemetry-collector.insight-system.svc.cluster.local:4317'\n - name: OTEL_SERVICE_NAME\n value: \"your depolyment name\" # modify it.\n - name: OTEL_K8S_NAMESPACE\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n - name: OTEL_RESOURCE_ATTRIBUTES_NODE_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: spec.nodeName\n - name: OTEL_RESOURCE_ATTRIBUTES_POD_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.name\n - name: OTEL_RESOURCE_ATTRIBUTES\n value: 'k8s.namespace.name=$(OTEL_K8S_NAMESPACE),k8s.node.name=$(OTEL_RESOURCE_ATTRIBUTES_NODE_NAME),k8s.pod.name=$(OTEL_RESOURCE_ATTRIBUTES_POD_NAME)'\n\u00b7\u00b7\u00b7\u00b7\u00b7\u00b7\n
"},{"location":"en/end-user/insight/quickstart/otel/golang/golang.html#request-routing","title":"Request Routing","text":""},{"location":"en/end-user/insight/quickstart/otel/golang/golang.html#opentelemetry-gingonic-enhancements","title":"OpenTelemetry gin/gonic enhancements","text":"# Add one line to your import() stanza depending upon your request router:\nmiddleware \"go.opentelemetry.io/contrib/instrumentation/github.com/gin-gonic/gin/otelgin\"\n
Then inject the OpenTelemetry middleware:
router. Use(middleware. Middleware(\"my-app\"))\n
"},{"location":"en/end-user/insight/quickstart/otel/golang/golang.html#opentelemetry-gorillamux-enhancements","title":"OpenTelemetry gorillamux enhancements","text":"# Add one line to your import() stanza depending upon your request router:\nmiddleware \"go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux\"\n
Then inject the OpenTelemetry middleware:
router. Use(middleware. Middleware(\"my-app\"))\n
"},{"location":"en/end-user/insight/quickstart/otel/golang/golang.html#grpc-enhancements","title":"gRPC enhancements","text":"Likewise, OpenTelemetry can help you auto-detect gRPC requests. To detect any gRPC server you have, add the interceptor to the server's instantiation.
import (\n grpcotel \"go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc\"\n)\nfunc main() {\n [...]\n\n s := grpc.NewServer(\n grpc.UnaryInterceptor(grpcotel.UnaryServerInterceptor()),\n grpc.StreamInterceptor(grpcotel.StreamServerInterceptor()),\n )\n}\n
It should be noted that if your program uses Grpc Client to call third-party services, you also need to add an interceptor to Grpc Client:
[...]\n\n conn, err := grpc.Dial(addr, grpc.WithTransportCredentials(insecure.NewCredentials()),\n grpc.WithUnaryInterceptor(otelgrpc.UnaryClientInterceptor()),\n grpc.WithStreamInterceptor(otelgrpc.StreamClientInterceptor()),\n )\n
"},{"location":"en/end-user/insight/quickstart/otel/golang/golang.html#if-not-using-request-routing","title":"If not using request routing","text":"import (\n \"go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp\"\n)\n
Everywhere you pass http.Handler to ServeMux you will wrap the handler function. For example, the following replacements would be made:
- mux.Handle(\"/path\", h)\n+ mux.Handle(\"/path\", otelhttp.NewHandler(h, \"description of path\"))\n---\n- mux.Handle(\"/path\", http.HandlerFunc(f))\n+ mux.Handle(\"/path\", otelhttp.NewHandler(http.HandlerFunc(f), \"description of path\"))\n
In this way, you can ensure that each feature wrapped with othttp will automatically collect its metadata and start the proper trace.
"},{"location":"en/end-user/insight/quickstart/otel/golang/golang.html#database-enhancements","title":"database enhancements","text":""},{"location":"en/end-user/insight/quickstart/otel/golang/golang.html#golang-gorm","title":"Golang Gorm","text":"The OpenTelemetry community has also developed middleware for database access libraries, such as Gorm:
import (\n \"github.com/uptrace/opentelemetry-go-extra/otelgorm\"\n \"gorm.io/driver/sqlite\"\n \"gorm.io/gorm\"\n)\n\ndb, err := gorm.Open(sqlite.Open(\"file::memory:?cache=shared\"), &gorm.Config{})\nif err != nil {\n panic(err)\n}\n\notelPlugin := otelgorm.NewPlugin(otelgorm.WithDBName(\"mydb\"), # Missing this can lead to incomplete display of database related topology\n otelgorm.WithAttributes(semconv.ServerAddress(\"memory\"))) # Missing this can lead to incomplete display of database related topology\nif err := db.Use(otelPlugin); err != nil {\n panic(err)\n}\n
"},{"location":"en/end-user/insight/quickstart/otel/golang/golang.html#custom-span","title":"Custom Span","text":"In many cases, the middleware provided by OpenTelemetry cannot help us record more internally called features, and we need to customize Span to record
\u00b7\u00b7\u00b7\u00b7\u00b7\u00b7\n _, span := otel.Tracer(\"GetServiceDetail\").Start(ctx,\n \"spanMetricDao.GetServiceDetail\",\n trace.WithSpanKind(trace.SpanKindInternal))\n defer span.End()\n \u00b7\u00b7\u00b7\u00b7\u00b7\u00b7\n
"},{"location":"en/end-user/insight/quickstart/otel/golang/golang.html#add-custom-properties-and-custom-events-to-span","title":"Add custom properties and custom events to span","text":"It is also possible to set a custom attribute or tag as a span. To add custom properties and events, follow these steps:
"},{"location":"en/end-user/insight/quickstart/otel/golang/golang.html#import-tracking-and-property-libraries","title":"Import Tracking and Property Libraries","text":"import (\n ...\n \"go.opentelemetry.io/otel/attribute\"\n \"go.opentelemetry.io/otel/trace\"\n)\n
"},{"location":"en/end-user/insight/quickstart/otel/golang/golang.html#get-the-current-span-from-the-context","title":"Get the current Span from the context","text":"span := trace.SpanFromContext(c.Request.Context())\n
"},{"location":"en/end-user/insight/quickstart/otel/golang/golang.html#set-properties-in-the-current-span","title":"Set properties in the current Span","text":"span.SetAttributes(attribute. String(\"controller\", \"books\"))\n
"},{"location":"en/end-user/insight/quickstart/otel/golang/golang.html#add-an-event-to-the-current-span","title":"Add an Event to the current Span","text":"Adding span events is done using AddEvent on the span object.
span.AddEvent(msg)\n
"},{"location":"en/end-user/insight/quickstart/otel/golang/golang.html#log-errors-and-exceptions","title":"Log errors and exceptions","text":"import \"go.opentelemetry.io/otel/codes\"\n\n// Get the current span\nspan := trace.SpanFromContext(ctx)\n\n// RecordError will automatically convert an error into a span even\nspan.RecordError(err)\n\n// Flag this span as an error\nspan.SetStatus(codes.Error, \"internal error\")\n
"},{"location":"en/end-user/insight/quickstart/otel/golang/golang.html#references","title":"References","text":"For the Demo presentation, please refer to:
This article is intended for users who wish to evaluate or explore the developing OTLP metrics.
The OpenTelemetry project requires that APIs and SDKs must emit data in the OpenTelemetry Protocol (OTLP) for supported languages.
"},{"location":"en/end-user/insight/quickstart/otel/golang/meter.html#for-golang-applications","title":"For Golang Applications","text":"Golang can expose runtime metrics through the SDK by adding the following methods to enable the metrics exporter within the application:
"},{"location":"en/end-user/insight/quickstart/otel/golang/meter.html#install-required-dependencies","title":"Install Required Dependencies","text":"Navigate to your application\u2019s source folder and run the following command:
go get go.opentelemetry.io/otel \\\n go.opentelemetry.io/otel/attribute \\\n go.opentelemetry.io/otel/exporters/prometheus \\\n go.opentelemetry.io/otel/metric/global \\\n go.opentelemetry.io/otel/metric/instrument \\\n go.opentelemetry.io/otel/sdk/metric\n
"},{"location":"en/end-user/insight/quickstart/otel/golang/meter.html#create-an-initialization-function-using-otel-sdk","title":"Create an Initialization Function Using OTel SDK","text":"import (\n .....\n\n \"go.opentelemetry.io/otel/attribute\"\n otelPrometheus \"go.opentelemetry.io/otel/exporters/prometheus\"\n \"go.opentelemetry.io/otel/metric/global\"\n \"go.opentelemetry.io/otel/metric/instrument\"\n \"go.opentelemetry.io/otel/sdk/metric/aggregator/histogram\"\n controller \"go.opentelemetry.io/otel/sdk/metric/controller/basic\"\n \"go.opentelemetry.io/otel/sdk/metric/export/aggregation\"\n processor \"go.opentelemetry.io/otel/sdk/metric/processor/basic\"\n selector \"go.opentelemetry.io/otel/sdk/metric/selector/simple\"\n)\n\nfunc (s *insightServer) initMeter() *otelPrometheus.Exporter {\n s.meter = global.Meter(\"xxx\")\n\n config := otelPrometheus.Config{\n DefaultHistogramBoundaries: []float64{1, 2, 5, 10, 20, 50},\n Gatherer: prometheus.DefaultGatherer,\n Registry: prometheus.NewRegistry(),\n Registerer: prometheus.DefaultRegisterer,\n }\n\n c := controller.New(\n processor.NewFactory(\n selector.NewWithHistogramDistribution(\n histogram.WithExplicitBoundaries(config.DefaultHistogramBoundaries),\n ),\n aggregation.CumulativeTemporalitySelector(),\n processor.WithMemory(true),\n ),\n )\n\n exporter, err := otelPrometheus.New(config, c)\n if err != nil {\n zap.S().Panicf(\"failed to initialize prometheus exporter %v\", err)\n }\n\n global.SetMeterProvider(exporter.MeterProvider())\n\n http.HandleFunc(\"/metrics\", exporter.ServeHTTP)\n\n go func() {\n _ = http.ListenAndServe(fmt.Sprintf(\":%d\", 8888), nil)\n }()\n\n zap.S().Info(\"Prometheus server running on \", fmt.Sprintf(\":%d\", port))\n return exporter\n}\n
The above method will expose a metrics endpoint for your application at: http://localhost:8888/metrics
.
Next, initialize it in main.go
:
func main() {\n // ...\n tp := initMeter()\n // ...\n}\n
If you want to add custom metrics, you can refer to the following:
// exposeClusterMetric exposes a metric like \"insight_logging_count{} 1\"\nfunc (s *insightServer) exposeLoggingMetric(lserver *log.LogService) {\n s.meter = global.Meter(\"insight.io/basic\")\n\n var lock sync.Mutex\n logCounter, err := s.meter.AsyncFloat64().Counter(\"insight_log_total\")\n if err != nil {\n zap.S().Panicf(\"failed to initialize instrument: %v\", err)\n }\n\n _ = s.meter.RegisterCallback([]instrument.Asynchronous{logCounter}, func(ctx context.Context) {\n lock.Lock()\n defer lock.Unlock()\n count, err := lserver.Count(ctx)\n if err == nil || count != -1 {\n logCounter.Observe(ctx, float64(count))\n }\n })\n}\n
Then, call this method in main.go
:
// ...\ns.exposeLoggingMetric(lservice)\n// ...\n
You can check if your metrics are working correctly by visiting http://localhost:8888/metrics
.
For Java applications, you can directly expose JVM-related metrics by using the OpenTelemetry agent with the following environment variable:
OTEL_METRICS_EXPORTER=prometheus\n
You can then check your metrics at http://localhost:8888/metrics
.
Next, combine it with a Prometheus ServiceMonitor
to complete the metrics integration. If you want to expose custom metrics, please refer to opentelemetry-java-docs/prometheus.
The process is mainly divided into two steps:
/*\n * Copyright The OpenTelemetry Authors\n * SPDX-License-Identifier: Apache-2.0\n */\n\npackage io.opentelemetry.example.prometheus;\n\nimport io.opentelemetry.api.metrics.MeterProvider;\nimport io.opentelemetry.exporter.prometheus.PrometheusHttpServer;\nimport io.opentelemetry.sdk.metrics.SdkMeterProvider;\nimport io.opentelemetry.sdk.metrics.export.MetricReader;\n\npublic final class ExampleConfiguration {\n\n /**\n * Initializes the Meter SDK and configures the Prometheus collector with all default settings.\n *\n * @param prometheusPort the port to open up for scraping.\n * @return A MeterProvider for use in instrumentation.\n */\n static MeterProvider initializeOpenTelemetry(int prometheusPort) {\n MetricReader prometheusReader = PrometheusHttpServer.builder().setPort(prometheusPort).build();\n\n return SdkMeterProvider.builder().registerMetricReader(prometheusReader).build();\n }\n}\n
package io.opentelemetry.example.prometheus;\n\nimport io.opentelemetry.api.common.Attributes;\nimport io.opentelemetry.api.metrics.Meter;\nimport io.opentelemetry.api.metrics.MeterProvider;\nimport java.util.concurrent.ThreadLocalRandom;\n\n/**\n * Example of using the PrometheusHttpServer to convert OTel metrics to Prometheus format and expose\n * these to a Prometheus instance via a HttpServer exporter.\n *\n * <p>A Gauge is used to periodically measure how many incoming messages are awaiting processing.\n * The Gauge callback gets executed every collection interval.\n */\npublic final class PrometheusExample {\n private long incomingMessageCount;\n\n public PrometheusExample(MeterProvider meterProvider) {\n Meter meter = meterProvider.get(\"PrometheusExample\");\n meter\n .gaugeBuilder(\"incoming.messages\")\n .setDescription(\"No of incoming messages awaiting processing\")\n .setUnit(\"message\")\n .buildWithCallback(result -> result.record(incomingMessageCount, Attributes.empty()));\n }\n\n void simulate() {\n for (int i = 500; i > 0; i--) {\n try {\n System.out.println(\n i + \" Iterations to go, current incomingMessageCount is: \" + incomingMessageCount);\n incomingMessageCount = ThreadLocalRandom.current().nextLong(100);\n Thread.sleep(1000);\n } catch (InterruptedException e) {\n // ignored here\n }\n }\n }\n\n public static void main(String[] args) {\n int prometheusPort = 8888;\n\n // It is important to initialize the OpenTelemetry SDK as early as possible in your process.\n MeterProvider meterProvider = ExampleConfiguration.initializeOpenTelemetry(prometheusPort);\n\n PrometheusExample prometheusExample = new PrometheusExample(meterProvider);\n\n prometheusExample.simulate();\n\n System.out.println(\"Exiting\");\n }\n}\n
After running the Java application, you can check if your metrics are working correctly by visiting http://localhost:8888/metrics
.
Lastly, it is important to note that you have exposed metrics in your application, and now you need Insight to collect those metrics.
The recommended way to expose metrics is via ServiceMonitor or PodMonitor.
"},{"location":"en/end-user/insight/quickstart/otel/golang/meter.html#creating-servicemonitorpodmonitor","title":"Creating ServiceMonitor/PodMonitor","text":"The added ServiceMonitor/PodMonitor needs to have the label operator.insight.io/managed-by: insight
for the Operator to recognize it:
apiVersion: monitoring.coreos.com/v1\nkind: ServiceMonitor\nmetadata:\n name: example-app\n labels:\n operator.insight.io/managed-by: insight\nspec:\n selector:\n matchLabels:\n app: example-app\n endpoints:\n - port: web\n namespaceSelector:\n any: true\n
"},{"location":"en/end-user/insight/quickstart/otel/java/index.html","title":"Start Monitoring Java Applications","text":"For accessing and monitoring Java application links, please refer to the document Implementing Non-Intrusive Enhancements for Applications via Operator, which explains how to automatically integrate links through annotations.
Monitoring the JVM of Java applications: How Java applications that have already exposed JVM metrics and those that have not yet exposed JVM metrics can connect with observability Insight.
If your Java application has not yet started exposing JVM metrics, you can refer to the following documents:
If your Java application has already exposed JVM metrics, you can refer to the following document:
Writing TraceId and SpanId into Java Application Logs to correlate link data with log data.
This article explains how to automatically write TraceId and SpanId into Java application logs using OpenTelemetry. By including TraceId and SpanId in your logs, you can correlate distributed tracing data with log data, enabling more efficient fault diagnosis and performance analysis.
"},{"location":"en/end-user/insight/quickstart/otel/java/mdc.html#supported-logging-libraries","title":"Supported Logging Libraries","text":"For more information, please refer to the Logger MDC auto-instrumentation.
Logging Framework Supported Automatic Instrumentation Versions Dependencies Required for Manual Instrumentation Log4j 1 1.2+ None Log4j 2 2.7+ opentelemetry-log4j-context-data-2.17-autoconfigure Logback 1.0+ opentelemetry-logback-mdc-1.0"},{"location":"en/end-user/insight/quickstart/otel/java/mdc.html#using-logback-spring-boot-project","title":"Using Logback (Spring Boot Project)","text":"Spring Boot projects come with a built-in logging framework and use Logback as the default logging implementation. If your Java project is a Spring Boot project, you can write TraceId into logs with minimal configuration.
Set logging.pattern.level
in application.properties
, adding %mdc{trace_id}
and %mdc{span_id}
to the logs.
logging.pattern.level=trace_id=%mdc{trace_id} span_id=%mdc{span_id} %5p ....omited...\n
Here is an example of the logs:
2024-06-26 10:56:31.200 trace_id=8f7ebd8a73f9a8f50e6a00a87a20952a span_id=1b08f18b8858bb9a INFO 53724 --- [nio-8081-exec-1] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring DispatcherServlet 'dispatcherServlet'\n2024-06-26 10:56:31.201 trace_id=8f7ebd8a73f9a8f50e6a00a87a20952a span_id=1b08f18b8858bb9a INFO 53724 --- [nio-8081-exec-1] o.s.web.servlet.DispatcherServlet : Initializing Servlet 'dispatcherServlet'\n2024-06-26 10:56:31.209 trace_id=8f7ebd8a73f9a8f50e6a00a87a20952a span_id=1b08f18b8858bb9a INFO 53724 --- [nio-8081-exec-1] o.s.web.servlet.DispatcherServlet : Completed initialization in 8 ms\n2024-06-26 10:56:31.296 trace_id=8f7ebd8a73f9a8f50e6a00a87a20952a span_id=5743699405074f4e INFO 53724 --- [nio-8081-exec-1] com.example.httpserver.ot.OTServer : hello world\n
"},{"location":"en/end-user/insight/quickstart/otel/java/mdc.html#using-log4j2","title":"Using Log4j2","text":"Add OpenTelemetry Log4j2
dependency in pom.xml
:
Tip
Please replace OPENTELEMETRY_VERSION
with the latest version.
<dependencies>\n <dependency>\n <groupId>io.opentelemetry.instrumentation</groupId>\n <artifactId>opentelemetry-log4j-context-data-2.17-autoconfigure</artifactId>\n <version>OPENTELEMETRY_VERSION</version>\n <scope>runtime</scope>\n </dependency>\n</dependencies>\n
Modify the log4j2.xml
configuration, adding %X{trace_id}
and %X{span_id}
in the pattern
to automatically write TraceId and SpanId into the logs:
<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<Configuration>\n <Appenders>\n <Console name=\"Console\" target=\"SYSTEM_OUT\">\n <PatternLayout\n pattern=\"%d{HH:mm:ss.SSS} [%t] %-5level %logger{36} trace_id=%X{trace_id} span_id=%X{span_id} trace_flags=%X{trace_flags} - %msg%n\"/>\n </Console>\n </Appenders>\n <Loggers>\n <Root>\n <AppenderRef ref=\"Console\" level=\"All\"/>\n </Root>\n </Loggers>\n</Configuration>\n
If using Logback, add OpenTelemetry Logback
dependency in pom.xml
.
Tip
Please replace OPENTELEMETRY_VERSION
with the latest version.
<dependencies>\n <dependency>\n <groupId>io.opentelemetry.instrumentation</groupId>\n <artifactId>opentelemetry-logback-mdc-1.0</artifactId>\n <version>OPENTELEMETRY_VERSION</version>\n </dependency>\n</dependencies>\n
Modify the log4j2.xml
configuration, adding %X{trace_id}
and %X{span_id}
in the pattern
to automatically write TraceId and SpanId into the logs:
<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<configuration>\n <appender name=\"CONSOLE\" class=\"ch.qos.logback.core.ConsoleAppender\">\n <encoder>\n <pattern>%d{HH:mm:ss.SSS} trace_id=%X{trace_id} span_id=%X{span_id} trace_flags=%X{trace_flags} %msg%n</pattern>\n </encoder>\n </appender>\n\n <!-- Just wrap your logging appender, for example ConsoleAppender, with OpenTelemetryAppender -->\n <appender name=\"OTEL\" class=\"io.opentelemetry.instrumentation.logback.mdc.v1_0.OpenTelemetryAppender\">\n <appender-ref ref=\"CONSOLE\"/>\n </appender>\n\n <!-- Use the wrapped \"OTEL\" appender instead of the original \"CONSOLE\" one -->\n <root level=\"INFO\">\n <appender-ref ref=\"OTEL\"/>\n </root>\n\n</configuration>\n
JMX Exporter provides two usage methods:
Note
The official recommendation is not to use the first method due to its complex configuration and the requirement for a separate process, which introduces additional monitoring challenges. Therefore, this article focuses on the second method, detailing how to use JMX Exporter to expose JVM monitoring metrics in a Kubernetes environment.
In this method, you need to specify the JMX Exporter jar file and configuration file when starting the JVM. Since the jar file is a binary file that is not ideal for mounting via a configmap, and the configuration file typically does not require modifications, it is recommended to package both the JMX Exporter jar file and the configuration file directly into the business container image.
For the second method, you can choose to include the JMX Exporter jar file in the application image or mount it during deployment. Below are explanations for both approaches:
"},{"location":"en/end-user/insight/quickstart/otel/java/jvm-monitor/jmx-exporter.html#method-1-building-jmx-exporter-jar-file-into-the-business-image","title":"Method 1: Building JMX Exporter JAR File into the Business Image","text":"The content of prometheus-jmx-config.yaml
is as follows:
...\nssl: false\nlowercaseOutputName: false\nlowercaseOutputLabelNames: false\nrules:\n- pattern: \".*\"\n
Note
For more configuration options, please refer to the introduction at the bottom or Prometheus official documentation.
Next, prepare the jar file. You can find the latest jar download link on the jmx_exporter GitHub page and refer to the following Dockerfile:
FROM openjdk:11.0.15-jre\nWORKDIR /app/\nCOPY target/my-app.jar ./\nCOPY prometheus-jmx-config.yaml ./\nRUN set -ex; \\\n curl -L -O https://repo1.maven.org/maven2/io/prometheus/jmx/jmx_prometheus_javaagent/0.17.2/jmx_prometheus_javaagent-0.17.2.jar;\nENV JAVA_TOOL_OPTIONS=-javaagent:/app/jmx_prometheus_javaagent-0.17.2.jar=8088:/app/prometheus-jmx-config.yaml\nEXPOSE 8081 8999 8080 8888\nENTRYPOINT java $JAVA_OPTS -jar my-app.jar\n
Note:
-javaagent:=:
First, we need to create a Docker image for the JMX Exporter. The following Dockerfile is for reference:
FROM alpine/curl:3.14\nWORKDIR /app/\n# Copy the previously created config file into the image\nCOPY prometheus-jmx-config.yaml ./\n# Download the jmx prometheus javaagent jar online\nRUN set -ex; \\\n curl -L -O https://repo1.maven.org/maven2/io/prometheus/jmx/jmx_prometheus_javaagent/0.17.2/jmx_prometheus_javaagent-0.17.2.jar;\n
Build the image using the above Dockerfile: docker build -t my-jmx-exporter .
Add the following init container to the Java application deployment YAML:
Click to expand YAML fileapiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: my-demo-app\n labels:\n app: my-demo-app\nspec:\n selector:\n matchLabels:\n app: my-demo-app\n template:\n metadata:\n labels:\n app: my-demo-app\n spec:\n imagePullSecrets:\n - name: registry-pull\n initContainers:\n - name: jmx-sidecar\n image: my-jmx-exporter\n command: [\"cp\", \"-r\", \"/app/jmx_prometheus_javaagent-0.17.2.jar\", \"/target/jmx_prometheus_javaagent-0.17.2.jar\"] \u278a\n volumeMounts:\n - name: sidecar\n mountPath: /target\n containers:\n - image: my-demo-app-image\n name: my-demo-app\n resources:\n requests:\n memory: \"1000Mi\"\n cpu: \"500m\"\n limits:\n memory: \"1000Mi\"\n cpu: \"500m\"\n ports:\n - containerPort: 18083\n env:\n - name: JAVA_TOOL_OPTIONS\n value: \"-javaagent:/app/jmx_prometheus_javaagent-0.17.2.jar=8088:/app/prometheus-jmx-config.yaml\" \u278b\n volumeMounts:\n - name: host-time\n mountPath: /etc/localtime\n readOnly: true\n - name: sidecar\n mountPath: /sidecar\n volumes:\n - name: host-time\n hostPath:\n path: /etc/localtime\n - name: sidecar # Shared agent folder\n emptyDir: {}\n restartPolicy: Always\n
With the above modifications, the example application my-demo-app
now has the capability to expose JVM metrics. After running the service, you can access the Prometheus formatted metrics at http://localhost:8088
.
Next, you can refer to Connecting Existing JVM Metrics of Java Applications to Observability.
"},{"location":"en/end-user/insight/quickstart/otel/java/jvm-monitor/legacy-jvm.html","title":"Integrating Existing JVM Metrics of Java Applications with Observability","text":"If your Java application exposes JVM monitoring metrics through other means (such as Spring Boot Actuator), you will need to ensure that the monitoring data is collected. You can achieve this by adding annotations (Kubernetes Annotations) to your workload to allow Insight to scrape the existing JVM metrics:
annotations: \n insight.opentelemetry.io/metric-scrape: \"true\" # Whether to scrape\n insight.opentelemetry.io/metric-path: \"/\" # Path to scrape metrics\n insight.opentelemetry.io/metric-port: \"9464\" # Port to scrape metrics\n
For example, to add annotations to the my-deployment-app:
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: my-deployment-app\nspec:\n selector:\n matchLabels:\n app: my-deployment-app\n app.kubernetes.io/name: my-deployment-app\n replicas: 1\n template:\n metadata:\n labels:\n app: my-deployment-app\n app.kubernetes.io/name: my-deployment-app\n annotations:\n insight.opentelemetry.io/metric-scrape: \"true\" # Whether to scrape\n insight.opentelemetry.io/metric-path: \"/\" # Path to scrape metrics\n insight.opentelemetry.io/metric-port: \"9464\" # Port to scrape metrics\n
Here is a complete example:
---\napiVersion: v1\nkind: Service\nmetadata:\n name: spring-boot-actuator-prometheus-metrics-demo\nspec:\n type: NodePort\n selector:\n app.kubernetes.io/name: spring-boot-actuator-prometheus-metrics-demo\n ports:\n - name: http\n port: 8080\n---\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: spring-boot-actuator-prometheus-metrics-demo\nspec:\n selector:\n matchLabels:\n app.kubernetes.io/name: spring-boot-actuator-prometheus-metrics-demo\n replicas: 1\n template:\n metadata:\n labels:\n app.kubernetes.io/name: spring-boot-actuator-prometheus-metrics-demo\n annotations:\n insight.opentelemetry.io/metric-scrape: \"true\" # Whether to scrape\n insight.opentelemetry.io/metric-path: \"/actuator/prometheus\" # Path to scrape metrics\n insight.opentelemetry.io/metric-port: \"8080\" # Port to scrape metrics\n spec:\n containers:\n - name: myapp\n image: docker.m.daocloud.io/wutang/spring-boot-actuator-prometheus-metrics-demo\n ports:\n - name: http\n containerPort: 8080\n resources:\n limits:\n cpu: 500m\n memory: 800Mi\n requests:\n cpu: 200m\n memory: 400Mi\n
In the above example, Insight will scrape the Prometheus metrics exposed through Spring Boot Actuator via http://<service-ip>:8080/actuator/prometheus
.
Starting from OpenTelemetry Agent v1.20.0 and later, the OpenTelemetry Agent has introduced the JMX Metric Insight module. If your application is already integrated with the OpenTelemetry Agent for tracing, you no longer need to introduce another agent to expose JMX metrics for your application. The OpenTelemetry Agent collects and exposes metrics by detecting the locally available MBeans in the application.
The OpenTelemetry Agent also provides built-in monitoring examples for common Java servers or frameworks. Please refer to the Predefined Metrics.
When using the OpenTelemetry Java Agent, you also need to consider how to mount the JAR into the container. In addition to the methods for mounting the JAR file as described with the JMX Exporter, you can leverage the capabilities provided by the OpenTelemetry Operator to automatically enable JVM metrics exposure for your application.
If your application is already integrated with the OpenTelemetry Agent for tracing, you do not need to introduce another agent to expose JMX metrics. The OpenTelemetry Agent can now locally collect and expose metrics interfaces by detecting the locally available MBeans in the application.
However, as of the current version, you still need to manually add the appropriate annotations to your application for the JVM data to be collected by Insight. For specific annotation content, please refer to Integrating Existing JVM Metrics of Java Applications with Observability.
"},{"location":"en/end-user/insight/quickstart/otel/java/jvm-monitor/otel-java-agent.html#exposing-metrics-for-java-middleware","title":"Exposing Metrics for Java Middleware","text":"The OpenTelemetry Agent also includes built-in examples for monitoring middleware. Please refer to the Predefined Metrics.
By default, no specific types are designated; you need to specify them using the -Dotel.jmx.target.system
JVM options, for example, -Dotel.jmx.target.system=jetty,kafka-broker
.
Gaining JMX Metric Insights with the OpenTelemetry Java Agent
Otel JMX Metrics
Although the OpenShift system comes with a monitoring system, we will still install Insight Agent because of some rules in the data collection agreement.
Among them, in addition to the basic installation configuration, the following parameters need to be added during helm install:
## Parameters related to fluentbit;\n--set fluent-bit.ocp.enabled=true \\\n--set fluent-bit.serviceAccount.create=false \\\n--set fluent-bit.securityContext.runAsUser=0 \\\n--set fluent-bit.securityContext.seLinuxOptions.type=spc_t \\\n--set fluent-bit.securityContext.readOnlyRootFilesystem=false \\\n--set fluent-bit.securityContext.allowPrivilegeEscalation=false \\\n\n## Enable Prometheus(CR) for OpenShift4.x\n--set compatibility.openshift.prometheus.enabled=true \\\n\n## Close the Prometheus instance of the higher version\n--set kube-prometheus-stack.prometheus.enabled=false \\\n--set kube-prometheus-stack.kubeApiServer.enabled=false \\\n--set kube-prometheus-stack.kubelet.enabled=false \\\n--set kube-prometheus-stack.kubeControllerManager.enabled=false \\\n--set kube-prometheus-stack.coreDns.enabled=false \\\n--set kube-prometheus-stack.kubeDns.enabled=false \\\n--set kube-prometheus-stack.kubeEtcd.enabled=false \\\n--set kube-prometheus-stack.kubeEtcd.enabled=false \\\n--set kube-prometheus-stack.kubeScheduler.enabled=false \\\n--set kube-prometheus-stack.kubeStateMetrics.enabled=false \\\n--set kube-prometheus-stack.nodeExporter.enabled=false \\\n\n## Limit the namespace processed by PrometheusOperator to avoid competition with OpenShift's own PrometheusOperator\n--set kube-prometheus-stack.prometheusOperator.kubeletService.namespace=\"insight-system\" \\\n--set kube-prometheus-stack.prometheusOperator.prometheusInstanceNamespaces=\"insight-system\" \\\n--set kube-prometheus-stack.prometheusOperator.denyNamespaces[0]=\"openshift-monitoring\" \\\n--set kube-prometheus-stack.prometheusOperator.denyNamespaces[1]=\"openshift-user-workload-monitoring\" \\\n--set kube-prometheus-stack.prometheusOperator.denyNamespaces[2]=\"openshift-customer-monitoring\" \\\n--set kube-prometheus-stack.prometheusOperator.denyNamespaces[3]=\"openshift-route-monitor-operator\" \\\n
"},{"location":"en/end-user/insight/quickstart/other/install-agent-on-ocp.html#write-system-monitoring-data-into-prometheus-through-openshifts-own-mechanism","title":"Write system monitoring data into Prometheus through OpenShift's own mechanism","text":"apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: cluster-monitoring-config\n namespace: openshift-monitoring\ndata:\n config.yaml: |\n prometheusK8s:\n remoteWrite:\n - queueConfig:\n batchSendDeadline: 60s\n maxBackoff: 5s\n minBackoff: 30ms\n minShards: 1\n capacity: 5000\n maxSamplesPerSend: 1000\n maxShards: 100\n remoteTimeout: 30s\n url: http://insight-agent-prometheus.insight-system.svc.cluster.local:9090/api/v1/write\n writeRelabelConfigs:\n - action: keep\n regex: etcd|kubelet|node-exporter|apiserver|kube-state-metrics\n sourceLabels:\n - job\n
"},{"location":"en/end-user/insight/quickstart/other/install-agentindce.html","title":"Install insight-agent in Suanova 4.0","text":"In AI platform, previous Suanova 4.0 can be accessed as a subcluster. This guide provides potential issues and solutions when installing insight-agent in a Suanova 4.0 cluster.
"},{"location":"en/end-user/insight/quickstart/other/install-agentindce.html#issue-one","title":"Issue One","text":"Since most Suanova 4.0 clusters have installed dx-insight as the monitoring system, installing insight-agent at this time will conflict with the existing prometheus operator in the cluster, making it impossible to install smoothly.
"},{"location":"en/end-user/insight/quickstart/other/install-agentindce.html#solution","title":"Solution","text":"Enable the parameters of the prometheus operator, retain the prometheus operator in dx-insight, and make it compatible with the prometheus operator in insight-agent in 5.0.
"},{"location":"en/end-user/insight/quickstart/other/install-agentindce.html#steps","title":"Steps","text":"Run the following command (the following command is for reference only, the actual command needs to replace the prometheus operator name and namespace in the command).
kubectl edit deploy insight-agent-kube-prometh-operator -n insight-system\n
Note
The open-source node-exporter turns on hostnetwork by default and the default port is 9100. If the monitoring system of the cluster has installed node-exporter , then installing insight-agent at this time will cause node-exporter port conflict and it cannot run normally.
Note
Insight's node exporter will enable some features to collect special indicators, so it is recommended to install.
Currently, it does not support modifying the port in the installation command. After helm install insight-agent , you need to manually modify the related ports of the insight node-exporter daemonset and svc.
"},{"location":"en/end-user/insight/quickstart/other/install-agentindce.html#issue-two","title":"Issue Two","text":"After Insight Agent is successfully deployed, fluentbit does not collect logs of Suanova 4.0.
"},{"location":"en/end-user/insight/quickstart/other/install-agentindce.html#solution_1","title":"Solution","text":"The docker storage directory of Suanova 4.0 is /var/lib/containers , which is different from the path in the configuration of insigh-agent, so the logs are not collected.
"},{"location":"en/end-user/insight/quickstart/other/install-agentindce.html#steps_1","title":"Steps","text":"Modify the following parameters in the insight-agent Chart.
fluent-bit:\ndaemonSetVolumeMounts:\n - name: varlog\n mountPath: /var/log\n - name: varlibdockercontainers\n- mountPath: /var/lib/docker/containers\n+ mountPath: /var/lib/containers/docker/containers\n readOnly: true\n - name: etcmachineid\n mountPath: /etc/machine-id\n readOnly: true\n - name: dmesg\n mountPath: /var/log/dmesg\n readOnly: true\n
This article describes the method for expanding the vmstorage disk. Please refer to the vmstorage disk capacity planning for the specifications of the vmstorage disk.
"},{"location":"en/end-user/insight/quickstart/res-plan/modify-vms-disk.html#procedure","title":"Procedure","text":""},{"location":"en/end-user/insight/quickstart/res-plan/modify-vms-disk.html#enable-storageclass-expansion","title":"Enable StorageClass expansion","text":"Log in to the AI platform as a global service cluster administrator. Click Container Management -> Clusters and go to the details of the kpanda-global-cluster cluster.
Select the left navigation menu Container Storage -> PVCs and find the PVC bound to the vmstorage.
Click a vmstorage PVC to enter the details of the volume claim for vmstorage and confirm the StorageClass that the PVC is bound to.
Select the left navigation menu Container Storage -> Storage Class and find local-path . Click the \u2507 on the right side of the target and select Edit in the popup menu.
Enable Scale Up and click OK .
Log in to the AI platform as a global service cluster administrator and go to the details of the kpanda-global-cluster cluster.
Select the left navigation menu CRDs and find the custom resource for vmcluster .
Click the custom resource for vmcluster to enter the details page, switch to the insight-system namespace, and select Edit YAML from the right menu of insight-victoria-metrics-k8s-stack .
Modify according to the legend and click OK .
Select the left navigation menu Container Storage -> PVCs again and find the volume claim bound to vmstorage. Confirm that the modification has taken effect. In the details page of a PVC, click the associated storage source (PV).
Open the volume details page and click the Update button in the upper right corner.
After modifying the Capacity , click OK and wait for a moment until the expansion is successful.
If the storage volume expansion fails, you can refer to the following method to clone the storage volume.
Log in to the AI platform as a global service cluster administrator and go to the details of the kpanda-global-cluster cluster.
Select the left navigation menu Workloads -> StatefulSets and find the statefulset for vmstorage . Click the \u2507 on the right side of the target and select Status -> Stop -> OK in the popup menu.
After logging into the master node of the kpanda-global-cluster cluster in the command line, run the following command to copy the vm-data directory in the vmstorage container to store the metric information locally:
kubectl cp -n insight-system vmstorage-insight-victoria-metrics-k8s-stack-1:vm-data ./vm-data\n
Log in to the AI platform and go to the details of the kpanda-global-cluster cluster. Select the left navigation menu Container Storage -> PVs , click Clone in the upper right corner, and modify the capacity of the volume.
Delete the previous data volume of vmstorage.
Wait for a moment until the volume claim is bound to the cloned data volume, then run the following command to import the exported data from step 3 into the proper container, and then start the previously paused vmstorage .
kubectl cp -n insight-system ./vm-data vmstorage-insight-victoria-metrics-k8s-stack-1:vm-data\n
In the actual use of Prometheus, affected by the number of cluster containers and the opening of Istio, the CPU, memory and other resource usage of Prometheus will exceed the set resources.
In order to ensure the normal operation of Prometheus in clusters of different sizes, it is necessary to adjust the resources of Prometheus according to the actual size of the cluster.
"},{"location":"en/end-user/insight/quickstart/res-plan/prometheus-res.html#reference-resource-planning","title":"Reference resource planning","text":"In the case that the mesh is not enabled, the test statistics show that the relationship between the system Job index and pods is Series count = 800 * pod count
When the service mesh is enabled, the magnitude of the Istio-related metrics generated by the pod after the feature is enabled is Series count = 768 * pod count
"},{"location":"en/end-user/insight/quickstart/res-plan/prometheus-res.html#when-the-service-mesh-is-not-enabled","title":"When the service mesh is not enabled","text":"The following resource planning is recommended by Prometheus when the service mesh is not enabled :
Cluster size (pod count) Metrics (service mesh is not enabled) CPU (core) Memory (GB) 100 8w Request: 0.5Limit: 1 Request: 2GBLimit: 4GB 200 16w Request: 1Limit: 1.5 Request: 3GBLimit: 6GB 300 24w Request: 1Limit: 2 Request: 3GBLimit: 6GB 400 32w Request: 1Limit: 2 Request: 4GBLimit: 8GB 500 40w Request: 1.5Limit: 3 Request: 5GBLimit: 10GB 800 64w Request: 2Limit: 4 Request: 8GBLimit: 16GB 1000 80w Request: 2.5Limit: 5 Request: 9GBLimit: 18GB 2000 160w Request: 3.5Limit: 7 Request: 20GBLimit: 40GB 3000 240w Request: 4Limit: 8 Request: 33GBLimit: 66GB"},{"location":"en/end-user/insight/quickstart/res-plan/prometheus-res.html#when-the-service-mesh-feature-is-enabled","title":"When the service mesh feature is enabled","text":"The following resource planning is recommended by Prometheus in the scenario of starting the service mesh:
Cluster size (pod count) metric volume (service mesh enabled) CPU (core) Memory (GB) 100 15w Request: 1Limit: 2 Request: 3GBLimit: 6GB 200 31w Request: 2Limit: 3 Request: 5GBLimit: 10GB 300 46w Request: 2Limit: 4 Request: 6GBLimit: 12GB 400 62w Request: 2Limit: 4 Request: 8GBLimit: 16GB 500 78w Request: 3Limit: 6 Request: 10GBLimit: 20GB 800 125w Request: 4Limit: 8 Request: 15GBLimit: 30GB 1000 156w Request: 5Limit: 10 Request: 18GBLimit: 36GB 2000 312w Request: 7Limit: 14 Request: 40GBLimit: 80GB 3000 468w Request: 8Limit: 16 Request: 65GBLimit: 130GBNote
vmstorage is responsible for storing multicluster metrics for observability. In order to ensure the stability of vmstorage, it is necessary to adjust the disk capacity of vmstorage according to the number of clusters and the size of the cluster. For more information, please refer to vmstorage retention period and disk space.
"},{"location":"en/end-user/insight/quickstart/res-plan/vms-res-plan.html#test-results","title":"Test Results","text":"After 14 days of disk observation of vmstorage of clusters of different sizes, We found that the disk usage of vmstorage was positively correlated with the amount of metrics it stored and the disk usage of individual data points.
Disk usage = Instantaneous metrics x 2 x disk usage for a single data point x 60 x 24 x storage time (days)
Parameter Description:
Warning
This formula is a general solution, and it is recommended to reserve redundant disk capacity on the calculation result to ensure the normal operation of vmstorage.
"},{"location":"en/end-user/insight/quickstart/res-plan/vms-res-plan.html#reference-capacity","title":"reference capacity","text":"The data in the table is calculated based on the default storage time of one month (30 days), and the disk usage of a single data point (datapoint) is calculated as 0.9. In a multicluster scenario, the number of Pods represents the sum of the number of Pods in the multicluster.
"},{"location":"en/end-user/insight/quickstart/res-plan/vms-res-plan.html#when-the-service-mesh-is-not-enabled","title":"When the service mesh is not enabled","text":"Cluster size (number of Pods) Metrics Disk capacity 100 8W 6 GiB 200 16W 12 GiB 300 24w 18 GiB 400 32w 24 GiB 500 40w 30 GiB 800 64w 48 GiB 1000 80W 60 GiB 2000 160w 120 GiB 3000 240w 180 GiB"},{"location":"en/end-user/insight/quickstart/res-plan/vms-res-plan.html#when-the-service-mesh-is-enabled","title":"When the service mesh is enabled","text":"Cluster size (number of Pods) Metrics Disk capacity 100 15W 12 GiB 200 31w 24 GiB 300 46w 36 GiB 400 62w 48 GiB 500 78w 60 GiB 800 125w 94 GiB 1000 156w 120 GiB 2000 312w 235 GiB 3000 468w 350 GiB"},{"location":"en/end-user/insight/quickstart/res-plan/vms-res-plan.html#example","title":"Example","text":"There are two clusters in the AI platform, of which 500 Pods are running in the global management cluster (service mesh is turned on), and 1000 Pods are running in the worker cluster (service mesh is not turned on), and the expected metrics are stored for 30 days.
Then the current vmstorage disk usage should be set to (784000+80000)x2x0.9x60x24x31 =124384896000 byte = 116 GiB
Note
For the relationship between the number of metrics and the number of Pods in the cluster, please refer to Prometheus Resource Planning.
"},{"location":"en/end-user/insight/system-config/modify-config.html","title":"Modify system configuration","text":"Observability will persist the data of metrics, logs, and traces by default. Users can modify the system configuration according to This page.
"},{"location":"en/end-user/insight/system-config/modify-config.html#how-to-modify-the-metric-data-retention-period","title":"How to modify the metric data retention period","text":"Refer to the following steps to modify the metric data retention period.
run the following command:
kubectl edit vmcluster insight-victoria-metrics-k8s-stack -n insight-system\n
In the Yaml file, the default value of retentionPeriod is 14 , and the unit is day . You can modify the parameters according to your needs.
apiVersion: operator.victoriametrics.com/v1beta1\nkind: VMCluster\nmetadata:\n annotations:\n meta.helm.sh/release-name: insight\n meta.helm.sh/release-namespace: insight-system\n creationTimestamp: \"2022-08-25T04:31:02Z\"\n finalizers:\n - apps.victoriametrics.com/finalizer\n generation: 2\n labels:\n app.kubernetes.io/instance: insight\n app.kubernetes.io/managed-by: Helm\n app.kubernetes.io/name: victoria-metrics-k8s-stack\n app.kubernetes.io/version: 1.77.2\n helm.sh/chart: victoria-metrics-k8s-stack-0.9.3\n name: insight-victoria-metrics-k8s-stack\n namespace: insight-system\n resourceVersion: \"123007381\"\n uid: 55cee8d6-c651-404b-b2c9-50603b405b54\nspec:\n replicationFactor: 1\n retentionPeriod: \"14\"\n vminsert:\n extraArgs:\n maxLabelsPerTimeseries: \"45\"\n image:\n repository: docker.m.daocloud.io/victoriametrics/vminsert\n tag: v1.80.0-cluster\n replicaCount: 1\n
After saving the modification, the pod of the component responsible for storing the metrics will automatically restart, just wait for a while.
Refer to the following steps to modify the log data retention period:
"},{"location":"en/end-user/insight/system-config/modify-config.html#method-1-modify-the-json-file","title":"Method 1: Modify the Json file","text":"Modify the max_age parameter in the rollover field in the following files, and set the retention period. The default storage period is 7d . Change http://localhost:9200
to the address of elastic .
curl -X PUT \"http://localhost:9200/_ilm/policy/insight-es-k8s-logs-policy?pretty\" -H 'Content-Type: application/json' -d'\n{\n\"policy\": {\n \"phases\": {\n \"hot\": {\n \"min_age\": \"0ms\",\n \"actions\": {\n \"set_priority\": {\n \"priority\": 100\n },\n \"rollover\": {\n \"max_age\": \"7d\",\n \"max_size\": \"10gb\"\n }\n }\n },\n \"warm\": {\n \"min_age\": \"10d\",\n \"actions\": {\n \"forcemerge\": {\n \"max_num_segments\": 1\n }\n }\n },\n \"delete\": {\n \"min_age\": \"30d\",\n \"actions\": {\n \"delete\": {}\n }\n }\n }\n}\n}\n
After modification, run the above command. It will print out the content as shown below, then the modification is successful.
{\n\"acknowledged\": true\n}\n
Log in kibana , select Stack Management in the left navigation bar.
Select the left navigation Index Lifecycle Polices , and find the index insight-es-k8s-logs-policy , click to enter the details.
Expand the Hot phase configuration panel, modify the Maximum age parameter, and set the retention period. The default storage period is 7d .
After modification, click Save policy at the bottom of the page to complete the modification.
Refer to the following steps to modify the trace data retention period:
"},{"location":"en/end-user/insight/system-config/modify-config.html#method-1-modify-the-json-file_1","title":"Method 1: Modify the Json file","text":"Modify the max_age parameter in the rollover field in the following files, and set the retention period. The default storage period is 7d . At the same time, modify http://localhost:9200
to the access address of elastic .
curl -X PUT \"http://localhost:9200/_ilm/policy/jaeger-ilm-policy?pretty\" -H 'Content-Type: application/json' -d'\n{\n\"policy\": {\n \"phases\": {\n \"hot\": {\n \"min_age\": \"0ms\",\n \"actions\": {\n \"set_priority\": {\n \"priority\": 100\n },\n \"rollover\": {\n \"max_age\": \"7d\",\n \"max_size\": \"10gb\"\n }\n }\n },\n \"warm\": {\n \"min_age\": \"10d\",\n \"actions\": {\n \"forcemerge\": {\n \"max_num_segments\": 1\n }\n }\n },\n \"delete\": {\n \"min_age\": \"30d\",\n \"actions\": {\n \"delete\": {}\n }\n }\n }\n}\n}\n
After modification, run the above command on the console. It will print out the content as shown below, then the modification is successful.
{\n\"acknowledged\": true\n}\n
Log in kibana , select Stack Management in the left navigation bar.
Select the left navigation Index Lifecycle Polices , and find the index jaeger-ilm-policy , click to enter the details.
Expand the Hot phase configuration panel, modify the Maximum age parameter, and set the retention period. The default storage period is 7d .
After modification, click Save policy at the bottom of the page to complete the modification.
On the system component page, you can quickly view the running status of the system components in Insight. When a system component fails, some features in Insight will be unavailable.
System Configuration displays the default storage time of metrics, logs, traces and the default Apdex threshold.
Click the right navigation bar and select System Configuration .
Currently only supports modifying the storage duration of historical alerts, click Edit to enter the target duration.
When the storage duration is set to \"0\", the historical alerts will not be cleared.
Note
To modify other configurations, please click to view How to modify the system configuration?
"},{"location":"en/end-user/insight/trace/service.html","title":"Service Insight","text":"In Insight , a service refers to a group of workloads that provide the same behavior for incoming requests. Service insight helps observe the performance and status of applications during the operation process by using the OpenTelemetry SDK.
For how to use OpenTelemetry, please refer to: Using OTel to give your application insight.
"},{"location":"en/end-user/insight/trace/service.html#glossary","title":"Glossary","text":"The Services List page displays key metrics such as throughput rate, error rate, and request latency for all services that have been instrumented with distributed tracing. You can filter services based on clusters or namespaces and sort the list by throughput rate, error rate, or request latency. By default, the data displayed in the list is for the last hour, but you can customize the time range.
Follow these steps to view service insight metrics:
Go to the Insight product module.
Select Trace Tracking -> Services from the left navigation bar.
Attention
Click a service name (taking insight-system as an example) to view the detailed metrics and operation metrics for that service.
The service topology provided by Observability allows you to quickly identify the request relationships between services and determine the health status of services based on different colors. The health status is determined based on the request latency and error rate of the service's overall traffic. This article explains the elements in the service topology.
"},{"location":"en/end-user/insight/trace/topology-helper.html#node-status-explanation","title":"Node Status Explanation","text":"The node health status is determined based on the error rate and request latency of the service's overall traffic, following these rules:
Color Status Rules Gray Healthy Error rate equals 0% and request latency is less than 100ms Orange Warning Error rate (0, 5%) or request latency (100ms, 200ms) Red Abnormal Error rate (5%, 100%) or request latency (200ms, +Infinity)"},{"location":"en/end-user/insight/trace/topology-helper.html#connection-status-explanation","title":"Connection Status Explanation","text":"Color Status Rules Green Healthy Error rate equals 0% and request latency is less than 100ms Orange Warning Error rate (0, 5%) or request latency (100ms, 200ms) Red Abnormal Error rate (5%, 100%) or request latency (200ms, +Infinity)"},{"location":"en/end-user/insight/trace/topology.html","title":"Service Map","text":"Service map is a visual representation of the connections, communication, and dependencies between services. It provides insights into the service-to-service interactions, allowing you to view the calls and performance of services within a specified time range. The connections between nodes in the topology map represent the existence of service-to-service calls during the queried time period.
"},{"location":"en/end-user/insight/trace/topology.html#prerequisites","title":"Prerequisites","text":"Go to the Insight product module.
Select Tracing -> Service Map from the left navigation bar.
In the Service Map, you can perform the following actions:
In the Service Map, there can be nodes that are not part of the cluster. These external nodes can be categorized into three types:
Virtual Node
If a service makes a request to a Database or Message Queue, these two types of nodes will be displayed by default in the topology map. However, Virtual Nodes represent nodes outside the cluster or services not integrated into the trace, and they will not be displayed by default in the map.
When a service makes a request to MySQL, PostgreSQL, or Oracle Database, the detailed database type can be seen in the map.
insight-server
chart values, locate the parameter shown in the image below, and change false
to true
.Virtual Services
option to enable it.On the trace query page, you can query detailed information about a call trace by TraceID or filter call traces based on various conditions.
"},{"location":"en/end-user/insight/trace/trace.html#glossary","title":"Glossary","text":"Please follow these steps to search for a trace:
Select Tracing -> Traces from the left navigation bar.
Note
Sorting by Span, Latency, and Start At is supported in the list.
Click the TraceID Query in the filter bar to switch to TraceID search.
To search using TraceID, please enter the complete TraceID.
Click the TraceID of a trace in the trace list to view its detailed call information.
Click the icon on the right side of the trace data to search for associated logs.
Click View More to jump to the Associated Log page with conditions.
By default, all logs are searched, but you can filter by the TraceID or the relevant container logs from the trace call process using the dropdown.
Note
Since trace may span across clusters or namespaces, if the user does not have sufficient permissions, they will be unable to query the associated logs for that trace.
If there are not enough nodes, you can add more nodes to the cluster.
"},{"location":"en/end-user/k8s/add-node.html#prerequisites","title":"Prerequisites","text":"Navigate to Container Management -> Clusters, and click the name of the target cluster.
On the cluster overview page, click Nodes, then click the Add Node button on the right.
Follow the wizard to fill in the parameters and click OK.
In the pop-up window, click OK.
Return to the node list; the status of the newly added node will be Connecting. After a few minutes, when the status changes to Running, it indicates that the connection was successful.
Tip
For newly connected nodes, it may take an additional 2-3 minutes to recognize the GPU.
"},{"location":"en/end-user/k8s/create-k8s.html","title":"Creating a Kubernetes Cluster in the Cloud","text":"Deploying a Kubernetes cluster is aimed at supporting efficient AI computing resource scheduling and management, achieving elastic scaling, providing high availability, and optimizing the model training and inference processes.
"},{"location":"en/end-user/k8s/create-k8s.html#prerequisites","title":"Prerequisites","text":"Create and launch 3 cloud hosts without GPU to serve as Master nodes for the cluster.
Navigate to Container Management -> Clusters, and click the Create Cluster button on the right.
Follow the wizard to configure various parameters of the cluster.
Wait for the cluster creation to complete.
In the cluster list, find the newly created cluster, click the cluster name, navigate to Helm Apps -> Helm Charts, and search for metax-gpu-extensions in the search box, then click the card.
Click the Install button on the right to start installing the GPU plugin.
Automatically return to the Helm App list and wait for the status of metax-gpu-extensions to change to Deployed.
At this point, the cluster has been successfully created. You can check the nodes included in the cluster. You can now create AI workloads and use GPUs.
Next step: Create AI Workloads
"},{"location":"en/end-user/k8s/remove-node.html","title":"Removing GPU Worker Nodes","text":"The cost of GPU resources is relatively high. If GPUs are not needed temporarily, you can remove the worker nodes with GPUs. The following steps also apply to removing regular worker nodes.
"},{"location":"en/end-user/k8s/remove-node.html#prerequisites","title":"Prerequisites","text":"Navigate to Container Management -> Clusters, and click the name of the target cluster.
Enter the cluster overview page, click Nodes, find the node to be removed, click the \u2507 on the right side of the list, and select Remove Node from the pop-up menu.
In the pop-up window, enter the node name, and after confirming it is correct, click Delete.
You will automatically return to the node list, where the status will be Removing. After a few minutes, refresh the page, and if the node is no longer present, it indicates that the node has been successfully removed.
After removing the node from the UI list, SSH into the removed node's host and execute the shutdown command.
Tip
After removing the node in the UI and shutting it down, the data on the node is not immediately deleted; the node's data will be retained for a period of time.
"},{"location":"en/end-user/kpanda/backup/index.html","title":"Backup and Restore","text":"Backup and restore are essential aspects of system management. In practice, it is important to first back up the data of the system at a specific point in time and securely store the backup. In case of incidents such as data corruption, loss, or accidental deletion, the system can be quickly restored based on the previous backup data, reducing downtime and minimizing losses.
Therefore, backup and restore are vital as the last line of defense for maintaining system stability and ensuring data security.
Backups are typically classified into three types: full backups, incremental backups, and differential backups. Currently, AI platform supports full backups and incremental backups.
The backup and restore provided by AI platform can be divided into two categories: Application Backup and ETCD Backup. It supports both manual backups and scheduled automatic backups using CronJobs.
Application Backup
Application backup refers to backing up data of a specific workload in the cluster and then restoring that data either within the same cluster or in another cluster. It supports backing up all resources under a namespace or filtering resources by specific labels.
Application backup also supports cross-cluster backup of stateful applications. For detailed steps, refer to the Backup and Restore MySQL Applications and Data Across Clusters guide.
etcd Backup
etcd is the data storage component of Kubernetes. Kubernetes stores its own component's data and application data in etcd. Therefore, backing up etcd is equivalent to backing up the entire cluster's data, allowing quick restoration of the cluster to a previous state in case of failures.
It's worth noting that currently, restoring etcd backup data is only supported within the same cluster (the original cluster). To learn more about related best practices, refer to the ETCD Backup and Restore guide.
This article explains how to backup applications in AI platform. The demo application used in this tutorial is called dao-2048 , which is a deployment.
"},{"location":"en/end-user/kpanda/backup/deployment.html#prerequisites","title":"Prerequisites","text":"Before backing up a deployment, the following prerequisites must be met:
Integrate a Kubernetes cluster or create a Kubernetes cluster in the Container Management module, and be able to access the UI interface of the cluster.
Create a Namespace and a user.
The current operating user should have NS Editor or higher permissions, for details, refer to Namespace Authorization.
Install the velero component, and ensure the velero component is running properly.
Create a deployment (the workload in this tutorial is named dao-2048 ), and label the deployment with app: dao-2048 .
Follow the steps below to backup the deployment dao-2048 .
Enter the Container Management module, click Backup Recovery -> Application Backup on the left navigation bar, and enter the Application Backup list page.
On the Application Backup list page, select the cluster where the velero and dao-2048 applications have been installed. Click Backup Plan in the upper right corner to create a new backup cluster.
Refer to the instructions below to fill in the backup configuration.
Refer to the instructions below to set the backup execution frequency, and then click Next .
*
, after inputting the expression, the meaning of the current expression will be prompted. For detailed expression syntax rules, refer to Cron Schedule Syntax.Backup Data Volume (PV): Whether to back up the data in the data volume (PV), support direct copy and use CSI snapshot.
Click OK , the page will automatically return to the application backup plan list, find the newly created dao-2048 backup plan, and perform the Immediate Execution operation.
At this point, the Last Execution State of the cluster will change to in progress . After the backup is complete, you can click the name of the backup plan to view the details of the backup plan.
etcd backup is based on cluster data as the core backup. In cases such as hardware device damage, development and test configuration errors, etc., the backup cluster data can be restored through etcd backup.
This section will introduce how to realize the etcd backup for clusters. Also see etcd Backup and Restore Best Practices.
"},{"location":"en/end-user/kpanda/backup/etcd-backup.html#prerequisites","title":"Prerequisites","text":"Integrated the Kubernetes cluster or created the Kubernetes cluster, and you can access the UI interface of the cluster.
Created a namespace, user, and granted NS Admin
or higher permissions to the user. For details, refer to Namespace Authorization.
Prepared a MinIO instance. It is recommended to create it through AI platform's MinIO middleware.
Follow the steps below to create an etcd backup.
Enter Container Management -> Backup Recovery -> etcd Backup page, you can see all the current backup policies. Click Create Backup Policy on the right.
Fill in the Basic Information. Then, click Next to automatically verify the connectivity of etcd. If the verification passes, proceed to the next step.
Enter etcd, and the format is https://${NodeIP}:${Port}
.
Find the etcd Pod in the kube-system namespace
kubectl get po -n kube-system | grep etcd\n
Get the port number from the listen-client-urls of the etcd Pod
kubectl get po -n kube-system ${etcd_pod_name} -oyaml | grep listen-client-urls # (1)!\n
The expected output is as follows, where the number after the node IP is the port number:
- --listen-client-urls=https://127.0.0.1:2379,https://10.6.229.191:2379\n
Fill in the CA certificate, you can use the following command to view the certificate content. Then, copy and paste it to the proper location:
Standard Kubernetes ClusterSuanova 4.0 Clustercat /etc/kubernetes/ssl/etcd/ca.crt\n
cat /etc/daocloud/dce/certs/ca.crt\n
Fill in the Cert certificate, you can use the following command to view the content of the certificate. Then, copy and paste it to the proper location:
Standard Kubernetes ClusterSuanova 4.0 Clustercat /etc/kubernetes/ssl/apiserver-etcd-client.crt\n
cat /etc/daocloud/dce/certs/etcd/server.crt\n
Fill in the Key, you can use the following command to view the content of the certificate and copy and paste it to the proper location:
Standard Kubernetes ClusterSuanova 4.0 Clustercat /etc/kubernetes/ssl/apiserver-etcd-client.key\n
cat /etc/daocloud/dce/certs/etcd/server.key\n
Note
Click How to get below the input box to see how to obtain the proper information on the UI page.
Refer to the following information to fill in the Backup Policy.
Backup Method: Choose either manual backup or scheduled backup
Backup Chain Length: the maximum number of backup data to retain. The default is 30.
Refer to the following information to fill in the Storage Path.
After clicking OK , the page will automatically redirect to the backup policy list, where you can view all the currently created ones.
Click Logs to view the log content. By default, 100 lines are displayed. If you want to see more log information or download the logs, you can follow the prompts above the logs to go to the observability module.
"},{"location":"en/end-user/kpanda/backup/etcd-backup.html#view-backup-policy-details","title":"View Backup POlicy Details","text":"Go to Container Management -> Backup Recovery -> etcd Backup , click the Backup Policy tab, and then click the policy to view the details.
"},{"location":"en/end-user/kpanda/backup/etcd-backup.html#view-recovery-point","title":"View Recovery Point","text":"After selecting the target cluster, you can view all the backup information under that cluster.
Each time a backup is executed, a proper recovery point is generated, which can be used to quickly restore the application from a successful recovery point.
velero is an open source tool for backing up and restoring Kubernetes cluster resources. It can back up resources in a Kubernetes cluster to cloud storage services, local storage, or other locations, and restore those resources to the same or a different cluster when needed.
This section introduces how to deploy the Velero plugin in AI platform using the Helm Apps.
"},{"location":"en/end-user/kpanda/backup/install-velero.html#prerequisites","title":"Prerequisites","text":"Before installing the velero plugin, the following prerequisites need to be met:
Please perform the following steps to install the velero plugin for your cluster.
On the cluster list page, find the target cluster that needs to install the velero plugin, click the name of the cluster, click Helm Apps -> Helm chart in the left navigation bar, and enter velero in the search bar to search .
Read the introduction of the velero plugin, select the version and click the Install button. This page will take 5.2.0 version as an example to install, and it is recommended that you install 5.2.0 and later versions.
Configure basic info .
!!! note
After enabling __Ready Wait__ and/or __Failed Delete__ , it takes a long time for the app to be marked as __Running__ .\n
Configure Velero chart Parameter Settings according to the following instructions
S3 Credentials: Configure the authentication information of object storage (minio).
Use existing secret parameter example is as follows:
[default]\naws_access_key_id = minio\naws_secret_access_key = minio123\n
BackupStorageLocation: The location where Velero backs up data.
S3 Configs: Detailed configuration of S3 storage (minio).
Click the OK button to complete the installation of the Velero plugin. The system will automatically jump to the Helm Apps list page. After waiting for a few minutes, refresh the page, and you can see the application just installed.
Cluster settings are used to customize advanced feature settings for your cluster, including whether to enable GPU, helm repo refresh cycle, Helm operation record retention, etc.
Enable GPU: GPUs and proper driver plug-ins need to be installed on the cluster in advance.
Click the name of the target cluster, and click Operations and Maintenance -> Cluster Settings -> Addons in the left navigation bar.
Helm operation basic image, registry refresh cycle, number of operation records retained, whether to enable cluster deletion protection (the cluster cannot be uninstalled directly after enabling)
On this page, you can view the recent cluster operation records and Helm operation records, as well as the YAML files and logs of each operation, and you can also delete a certain record.
Set the number of reserved entries for Helm operations:
By default, the system keeps the last 100 Helm operation records. If you keep too many entries, it may cause data redundancy, and if you keep too few entries, you may lose the key operation records you need. A reasonable reserved quantity needs to be set according to the actual situation. Specific steps are as follows:
Click the name of the target cluster, and click Recent Operations -> Helm Operations -> Set Number of Retained Items in the left navigation bar.
Set how many Helm operation records need to be kept, and click OK .
Clusters integrated or created using the AI platform Container Management platform can be accessed not only through the UI interface but also in two other ways for access control:
Note
When accessing the cluster, the user should have Cluster Admin permission or higher.
"},{"location":"en/end-user/kpanda/clusters/access-cluster.html#access-via-cloudshell","title":"Access via CloudShell","text":"Enter Clusters page, select the cluster you want to access via CloudShell, click the ... icon on the right, and then click Console from the dropdown list.
Run kubectl get node command in the Console to verify the connectivity between CloudShell and the cluster. If the console returns node information of the cluster, you can access and manage the cluster through CloudShell.
If you want to access and manage remote clusters from a local node, make sure you have met these prerequisites:
If everything is in place, follow these steps to access a cloud cluster from your local environment.
Enter Clusters page, find your target cluster, click ... on the right, and select Download kubeconfig in the drop-down list.
Set the Kubeconfig period and click Download .
Open the downloaded certificate and copy its content to the config file of the local node.
By default, the kubectl tool will look for a file named config in the $HOME/.kube directory on the local node. This file stores access credentials of clusters. Kubectl can access the cluster with that configuration file.
Run the following command on the local node to verify its connectivity with the cluster:
kubectl get pod -n default\n
An expected output is as follows:
NAME READY STATUS RESTARTS AGE\ndao-2048-2048-58c7f7fc5-mq7h4 1/1 Running 0 30h\n
Now you can access and manage the cluster locally with kubectl.
"},{"location":"en/end-user/kpanda/clusters/cluster-role.html","title":"Cluster Roles","text":"Suanova AI platform categorizes clusters based on different functionalities to help users better manage IT infrastructure.
"},{"location":"en/end-user/kpanda/clusters/cluster-role.html#global-service-cluster","title":"Global Service Cluster","text":"This cluster is used to run AI platform components. It generally does not carry business workloads.
Supported Features Description K8s Version 1.22+ Operating System RedHat 7.6 x86/ARM, RedHat 7.9 x86, RedHat 8.4 x86/ARM, RedHat 8.6 x86;Ubuntu 18.04 x86, Ubuntu 20.04 x86;CentOS 7.6 x86/AMD, CentOS 7.9 x86/AMD Full Lifecycle Management Supported K8s Resource Management Supported Cloud Native Storage Supported Cloud Native Network Calico, Cillium, Multus, and other CNIs Policy Management Supports network policies, quota policies, resource limits, disaster recovery policies, security policies"},{"location":"en/end-user/kpanda/clusters/cluster-role.html#management-cluster","title":"Management Cluster","text":"This cluster is used to manage worker clusters and generally does not carry business workloads.
Supported Features Description K8s Version 1.22+ Operating System RedHat 7.6 x86/ARM, RedHat 7.9 x86, RedHat 8.4 x86/ARM, RedHat 8.6 x86;Ubuntu 18.04 x86, Ubuntu 20.04 x86;CentOS 7.6 x86/AMD, CentOS 7.9 x86/AMD Full Lifecycle Management Supported K8s Resource Management Supported Cloud Native Storage Supported Cloud Native Network Calico, Cillium, Multus, and other CNIs Policy Management Supports network policies, quota policies, resource limits, disaster recovery policies, security policies"},{"location":"en/end-user/kpanda/clusters/cluster-role.html#worker-cluster","title":"Worker Cluster","text":"This is a cluster created using Container Management and is mainly used to carry business workloads. This cluster is managed by the management cluster.
Supported Features Description K8s Version Supports K8s 1.22 and above Operating System RedHat 7.6 x86/ARM, RedHat 7.9 x86, RedHat 8.4 x86/ARM, RedHat 8.6 x86;Ubuntu 18.04 x86, Ubuntu 20.04 x86;CentOS 7.6 x86/AMD, CentOS 7.9 x86/AMD Full Lifecycle Management Supported K8s Resource Management Supported Cloud Native Storage Supported Cloud Native Network Calico, Cillium, Multus, and other CNIs Policy Management Supports network policies, quota policies, resource limits, disaster recovery policies, security policies"},{"location":"en/end-user/kpanda/clusters/cluster-role.html#integrated-cluster","title":"Integrated Cluster","text":"This cluster is used to integrate existing standard K8s clusters, including but not limited to self-built clusters in local data centers, clusters provided by public cloud vendors, clusters provided by private cloud vendors, edge clusters, Xinchuang clusters, heterogeneous clusters, and different Suanova clusters. It is mainly used to carry business workloads.
Supported Features Description K8s Version 1.18+ Supported Vendors VMware Tanzu, Amazon EKS, Redhat Openshift, SUSE Rancher, Alibaba ACK, Huawei CCE, Tencent TKE, Standard K8s Cluster, Suanova Full Lifecycle Management Not Supported K8s Resource Management Supported Cloud Native Storage Supported Cloud Native Network Depends on the network mode of the integrated cluster's kernel Policy Management Supports network policies, quota policies, resource limits, disaster recovery policies, security policiesNote
A cluster can have multiple cluster roles. For example, a cluster can be both a global service cluster and a management cluster or a worker cluster.
"},{"location":"en/end-user/kpanda/clusters/cluster-scheduler-plugin.html","title":"Deploy Second Scheduler scheduler-plugins in a Cluster","text":"This page describes how to deploy a second scheduler-plugins in a cluster.
"},{"location":"en/end-user/kpanda/clusters/cluster-scheduler-plugin.html#why-do-we-need-scheduler-plugins","title":"Why do we need scheduler-plugins?","text":"The cluster created through the platform will install the native K8s scheduler-plugin, but the native scheduler-plugin has many limitations:
This page takes the scenario of using the vgpu scheduler-plugin while combining the coscheduling plugin capability of scheduler-plugins as an example to introduce how to install and use scheduler-plugins.
"},{"location":"en/end-user/kpanda/clusters/cluster-scheduler-plugin.html#installing-scheduler-plugins","title":"Installing scheduler-plugins","text":""},{"location":"en/end-user/kpanda/clusters/cluster-scheduler-plugin.html#prerequisites","title":"Prerequisites","text":"Add the scheduler-plugins parameter in Create Cluster -> Advanced Settings -> Custom Parameters.
scheduler_plugins_enabled:true\nscheduler_plugins_plugin_config:\n - name: Coscheduling\n args:\n permitWaitingTimeSeconds: 10 # default is 60\n
Parameters:
scheduler_plugins_enabled
Set to true to enable the scheduler-plugins capability.scheduler_plugins_enabled_plugins
or scheduler_plugins_disabled_plugins
options. See K8s Official Plugin Names for reference.scheduler_plugins_plugin_config
, for example: set the permitWaitingTimeoutSeconds
parameter for coscheduling. See K8s Official Plugin Configuration for reference.After successful cluster creation, the system will automatically install the scheduler-plugins and controller component loads. You can check the workload status in the proper cluster's deployment.
Here is an example of how to use scheduler-plugins by demonstrating a scenario where the vgpu scheduler is used in combination with the coscheduling plugin capability of scheduler-plugins.
Install vgpu in the Helm Charts and set the values.yaml parameters.
schedulerName: scheduler-plugins-scheduler
: This is the scheduler name for scheduler-plugins installed by kubean, and currently cannot be modified.scheduler.kubeScheduler.enabled: false
: Do not install kube-scheduler and use vgpu-scheduler as a separate extender.Extend vgpu-scheduler on scheduler-plugins.
[root@master01 charts]# kubectl get cm -n scheduler-plugins scheduler-config -ojsonpath=\"{.data.scheduler-config\\.yaml}\"\n
apiVersion: kubescheduler.config.k8s.io/v1\nkind: KubeSchedulerConfiguration\nleaderElection:\n leaderElect: false\nprofiles:\n # Compose all plugins in one profile\n - schedulerName: scheduler-plugins-scheduler\n plugins:\n multiPoint:\n enabled:\n - name: Coscheduling\n - name: CapacityScheduling\n - name: NodeResourceTopologyMatch\n - name: NodeResourcesAllocatable\n disabled:\n - name: PrioritySort\npluginConfig:\n - args:\n permitWaitingTimeSeconds: 10\n name: Coscheduling\n
Modify configmap of scheduler-config for scheduler-plugins:
[root@master01 charts]# kubectl get cm -n scheduler-plugins scheduler-config -ojsonpath=\"{.data.scheduler-config\\.yaml}\"\n
apiVersion: kubescheduler.config.k8s.io/v1\nkind: KubeSchedulerConfiguration\nleaderElection:\n leaderElect: false\nprofiles:\n # Compose all plugins in one profile\n - schedulerName: scheduler-plugins-scheduler\n plugins:\n multiPoint:\n enabled:\n - name: Coscheduling\n - name: CapacityScheduling\n - name: NodeResourceTopologyMatch\n - name: NodeResourcesAllocatable\n disabled:\n - name: PrioritySort\npluginConfig:\n - args:\n permitWaitingTimeSeconds: 10\n name: Coscheduling\nextenders:\n - urlPrefix: \"${urlPrefix}\"\n filterVerb: filter\n bindVerb: bind\n nodeCacheCapable: true\n ignorable: true\n httpTimeout: 30s\n weight: 1\n enableHTTPS: true\n tlsConfig:\n insecure: true\n managedResources:\n - name: nvidia.com/vgpu\n ignoredByScheduler: true\n - name: nvidia.com/gpumem\n ignoredByScheduler: true\n - name: nvidia.com/gpucores\n ignoredByScheduler: true\n - name: nvidia.com/gpumem-percentage\n ignoredByScheduler: true\n - name: nvidia.com/priority\n ignoredByScheduler: true\n - name: cambricon.com/mlunum\n ignoredByScheduler: true\n
After installing vgpu-scheduler, the system will automatically create a service (svc), and the urlPrefix specifies the URL of the svc.
Note
The svc refers to the pod service load. You can use the following command in the namespace where the nvidia-vgpu plugin is installed to get the external access information for port 443.
kubectl get svc -n ${namespace}\n
The urlPrefix format is https://${ip address}:${port}
Restart the scheduler pod of scheduler-plugins to load the new configuration file.
Note
When creating a vgpu application, you do not need to specify the name of a scheduler-plugin. The vgpu-scheduler webhook will automatically change the scheduler's name to \"scheduler-plugins-scheduler\" without manual specification.
AI platform Container Management module can manage two types of clusters: integrated clusters and created clusters.
For more information about cluster types, see Cluster Role.
We designed several status for these two clusters.
"},{"location":"en/end-user/kpanda/clusters/cluster-status.html#integrated-clusters","title":"Integrated Clusters","text":"Status Description Integrating The cluster is being integrated into AI platform. Removing The cluster is being removed from AI platform. Running The cluster is running as expected. Unknown The cluster is lost. Data displayed in the AI platform UI is the cached data before the disconnection, which does not represent real-time data. Any operation during this status will not take effect. You should check cluster network connectivity or host status."},{"location":"en/end-user/kpanda/clusters/cluster-status.html#created-clusters","title":"Created Clusters","text":"Status Description Creating The cluster is being created. Updating The Kubernetes version of the cluster is being operating. Deleting The cluster is being deleted. Running The cluster is running as expected. Unknown The cluster is lost. Data displayed in the AI platform UI is the cached data before the disconnection, which does not represent real-time data. Any operation during this status will not take effect. You should check cluster network connectivity or host status. Failed The cluster creation is failed. You should check the logs for detailed reasons."},{"location":"en/end-user/kpanda/clusters/cluster-version.html","title":"Supported Kubernetes Versions","text":"In AI platform, the integrated clusters and created clusters have different version support mechanisms.
This page focuses on the version support mechanism for created clusters.
The Kubernetes community supports three version ranges: 1.26, 1.27, and 1.28. When a new version is released by the community, the supported version range is incremented. For example, if the latest version released by the community is 1.27, the supported version range by the community will be 1.27, 1.28, and 1.29.
To ensure the security and stability of the clusters, when creating clusters in AI platform, the supported version range will always be one version lower than the community's version.
For instance, if the Kubernetes community supports v1.25, v1.26, and v1.27, then the version range for creating worker clusters in AI platform will be v1.24, v1.25, and v1.26. Additionally, a stable version, such as 1.24.7, will be recommended to users.
Furthermore, the version range for creating worker clusters in AI platform will remain highly synchronized with the community. When the community version increases incrementally, the version range for creating worker clusters in AI platform will also increase by one version.
"},{"location":"en/end-user/kpanda/clusters/cluster-version.html#supported-kubernetes-versions_1","title":"Supported Kubernetes Versions","text":"Kubernetes Community Versions Created Worker Cluster Versions Recommended Versions for Created Worker Cluster AI platform Installer Release DateIn AI platform Container Management, clusters can have four roles: global service cluster, management cluster, worker cluster, and integrated cluster. An integrated cluster can only be integrated from third-party vendors (see Integrate Cluster).
This page explains how to create a Worker Cluster. By default, when creating a new Worker Cluster, the operating system type and CPU architecture of the worker nodes should be consistent with the Global Service Cluster. It is recommended to use the supported operating systems in AI platform to create the cluster.
"},{"location":"en/end-user/kpanda/clusters/create-cluster.html#prerequisites","title":"Prerequisites","text":"Certain prerequisites must be met before creating a cluster:
v1.26.0-v1.28
. If you need to create a cluster with a lower version, refer to the Supporterd Cluster Versions.Enter the Container Management module, click Create Cluster on the upper right corner of the Clusters page.
Fill in the basic information by referring to the following instructions.
Fill in the node configuration information and click Node Check
High Availability: When enabled, at least 3 controller nodes are required. When disabled, only 1 controller node is needed.
It is recommended to use High Availability mode in production environments.
Credential Type: Choose whether to access nodes using username/password or public/private keys.
If using public/private key authentication, SSH keys for the nodes need to be configured in advance. Refer to Using SSH Key Authentication for Nodes.
Same Password: When enabled, all nodes in the cluster will have the same access password. Enter the unified password for accessing all nodes in the field below. If disabled, you can set separate usernames and passwords for each node.
If node check is passed, click Next . If the check failed, update Node Information and check again.
Fill in the network configuration and click Next .
Fill in the plug-in configuration and click Next .
Fill in advanced settings and click OK .
Success
Note
Clusters created in AI platform Container Management can be either deleted or removed. Clusters integrated into AI platform can only be removed.
Info
If you want to delete an integrated cluster, you should delete it in the platform where it is created.
In AI platform, the difference between Delete and Remove is:
Note
Enter the Container Management module, find your target cluster, click __ ...__ on the right, and select Delete cluster / Remove in the drop-down list.
Enter the cluster name to confirm and click Delete .
You will be auto directed to cluster lists. The status of this cluster will changed to Deleting . It may take a while to delete/remove a cluster.
With the features of integrating clusters, AI platform allows you to manage on-premise and cloud clusters of various providers in a unified manner. This is quite important in avoiding the risk of being locked in by a certain providers, helping enterprises safely migrate their business to the cloud.
In AI platform Container Management module, you can integrate a cluster of the following providers: standard Kubernetes clusters, Redhat Openshift, SUSE Rancher, VMware Tanzu, Amazon EKS, Aliyun ACK, Huawei CCE, Tencent TKE, etc.
"},{"location":"en/end-user/kpanda/clusters/integrate-cluster.html#prerequisites","title":"Prerequisites","text":"Enter Container Management module, and click Integrate Cluster in the upper right corner.
Fill in the basic information by referring to the following instructions.
Fill in the KubeConfig of the target cluster and click Verify Config . The cluster can be successfully connected only after the verification is passed.
Click How do I get the KubeConfig? to see the specific steps for getting this file.
Confirm that all parameters are filled in correctly and click OK in the lower right corner of the page.
Note
The status of the newly integrated cluster is Integrating , which will become Running after the integration succeeds.
"},{"location":"en/end-user/kpanda/clusters/integrate-rancher-cluster.html","title":"Integrate the Rancher Cluster","text":"This page explains how to integrate a Rancher cluster.
"},{"location":"en/end-user/kpanda/clusters/integrate-rancher-cluster.html#prerequisites","title":"Prerequisites","text":"Log in to the Rancher cluster with a role that has administrator privileges, and create a file named sa.yaml using the terminal.
vi sa.yaml\n
Press the i key to enter insert mode, then copy and paste the following content:
sa.yamlapiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n name: rancher-rke\n rules:\n - apiGroups:\n - '*'\n resources:\n - '*'\n verbs:\n - '*'\n - nonResourceURLs:\n - '*'\n verbs:\n - '*'\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n name: rancher-rke\n roleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: rancher-rke\n subjects:\n - kind: ServiceAccount\n name: rancher-rke\n namespace: kube-system\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: rancher-rke\n namespace: kube-system\n
Press the Esc key to exit insert mode, then type :wq to save and exit.
Run the following command in the current directory to create a ServiceAccount named rancher-rke (referred to as SA for short):
kubectl apply -f sa.yaml\n
The expected output is as follows:
clusterrole.rbac.authorization.k8s.io/rancher-rke created\nclusterrolebinding.rbac.authorization.k8s.io/rancher-rke created\nserviceaccount/rancher-rke created\n
Create a secret named rancher-rke-secret and bind the secret to the rancher-rke SA.
kubectl apply -f - <<EOF\napiVersion: v1\nkind: Secret\nmetadata:\n name: rancher-rke-secret\n namespace: kube-system\n annotations:\n kubernetes.io/service-account.name: rancher-rke\n type: kubernetes.io/service-account-token\nEOF\n
The output is expected to be:
secret/rancher-rke-secret created\n
Note
If your cluster version is lower than 1.24, please ignore this step and proceed to the next one.
Check secret for rancher-rke SA:
kubectl -n kube-system get secret | grep rancher-rke | awk '{print $1}'\n
The output is expected to be:
rancher-rke-secret\n
Check the rancher-rke-secret secret:
kubectl -n kube-system describe secret rancher-rke-secret\n
The output is expected to be:
Name: rancher-rke-secret\nNamespace: kube-system\nLabels: <none>\nAnnotations: kubernetes.io/service-account.name: rancher-rke\n kubernetes.io/service-account.uid: d83df5d9-bd7d-488d-a046-b740618a0174\n\nType: kubernetes.io/service-account-token\n\nData\n====\nca.crt: 570 bytes\nnamespace: 11 bytes\ntoken: eyJhbGciOiJSUzI1NiIsImtpZCI6IjUtNE9nUWZLRzVpbEJORkZaNmtCQXhqVzRsZHU4MHhHcDBfb0VCaUo0V1kifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJyYW5jaGVyLXJrZS1zZWNyZXQiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoicmFuY2hlci1ya2UiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJkODNkZjVkOS1iZDdkLTQ4OGQtYTA0Ni1iNzQwNjE4YTAxNzQiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06cmFuY2hlci1ya2UifQ.VNsMtPEFOdDDeGt_8VHblcMRvjOwPXMM-79o9UooHx6q-VkHOcIOp3FOT2hnEdNnIsyODZVKCpEdCgyozX-3y5x2cZSZpocnkMcBbQm-qfTyUcUhAY7N5gcYUtHUhvRAsNWJcsDCn6d96gT_qo-ddo_cT8Ri39Lc123FDYOnYG-YGFKSgRQVy7Vyv34HIajZCCjZzy7i--eE_7o4DXeTjNqAFMFstUxxHBOXI3Rdn1zKQKqh5Jhg4ES7X-edSviSUfJUX-QV_LlAw5DuAyGPH7bDH4QaQ5k-p6cIctmpWZE-9wRDlKA4LYRblKE7MJcI6OmM4ldlMM0Jc8N-gCtl4w\n
Perform the following steps on any local node where kubelet is installed:
Configure kubelet token.
kubectl config set-credentials rancher-rke --token= __rancher-rke-secret__ # token \u4fe1\u606f\n
For example,
kubectl config set-credentials eks-admin --token=eyJhbGciOiJSUzI1NiIsImtpZCI6IjUtNE9nUWZLRzVpbEJORkZaNmtCQXhqVzRsZHU4MHhHcDBfb0VCaUo0V1kifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJyYW5jaGVyLXJrZS1zZWNyZXQiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoicmFuY2hlci1ya2UiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJkODNkZjVkOS1iZDdkLTQ4OGQtYTA0Ni1iNzQwNjE4YTAxNzQiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06cmFuY2hlci1ya2UifQ.VNsMtPEFOdDDeGt_8VHblcMRvjOwPXMM-79o9UooHx6q-VkHOcIOp3FOT2hnEdNnIsyODZVKCpEdCgyozX-3y5x2cZSZpocnkMcBbQm-qfTyUcUhAY7N5gcYUtHUhvRAsNWJcsDCn6d96gT_qo-ddo_cT8Ri39Lc123FDYOnYG-YGFKSgRQVy7Vyv34HIajZCCjZzy7i--eE_7o4DXeTjNqAFMFstUxxHBOXI3Rdn1zKQKqh5Jhg4ES7X-edSviSUfJUX-QV_LlAw5DuAyGPH7bDH4QaQ5k-p6cIctmpWZE-9wRDlKA4LYRblKE7MJcI6OmM4ldlMM0Jc8N-gCtl4w\n
Configure the kubelet APIServer information.
kubectl config set-cluster {cluster-name} --insecure-skip-tls-verify=true --server={APIServer}\n
https://10.X.X.X:6443
.For example,
kubectl config set-cluster rancher-rke --insecure-skip-tls-verify=true --server=https://10.X.X.X:6443\n
Configure the kubelet context.
kubectl config set-context {context-name} --cluster={cluster-name} --user={SA-usename}\n
For example,
kubectl config set-context rancher-rke-context --cluster=rancher-rke --user=rancher-rke\n
Specify the newly created context rancher-rke-context in kubelet.
kubectl config use-context rancher-rke-context\n
Fetch the kubeconfig information for the context rancher-rke-context .
kubectl config view --minify --flatten --raw\n
The output is expected to be:
```yaml apiVersion: v1 clusters: - cluster: insecure-skip-tls-verify: true server: https://77C321BCF072682C70C8665ED4BFA10D.gr7.ap-southeast-1.eks.amazonaws.com name: joincluster contexts: - context: cluster: joincluster user: eks-admin name: ekscontext current-context: ekscontext kind: Config preferences: {} users: - name: eks-admin user: token: eyJhbGciOiJSUzI1NiIsImtpZCI6ImcxTjJwNkktWm5IbmRJU1RFRExvdWY1TGFWVUtGQ3VIejFtNlFQcUNFalEifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2V
Using the kubeconfig file fetched earlier, refer to the Integrate Cluster documentation to integrate the Rancher cluster to the global cluster.
"},{"location":"en/end-user/kpanda/clusters/runtime.html","title":"How to choose the container runtime","text":"The container runtime is an important component in kubernetes to manage the life cycle of containers and container images. Kubernetes made containerd the default container runtime in version 1.19, and removed support for the Dockershim component in version 1.24.
Therefore, compared to the Docker runtime, we recommend you to use the lightweight containerd as your container runtime, because this has become the current mainstream runtime choice.
In addition, some operating system distribution vendors are not friendly enough for Docker runtime compatibility. The runtime support of different operating systems is as follows:
"},{"location":"en/end-user/kpanda/clusters/runtime.html#operating-systems-and-supported-runtimes","title":"Operating systems and supported runtimes","text":"Operating System Supported containerd Versions Supported Docker Versions CentOS 1.5.5, 1.5.7, 1.5.8, 1.5.9, 1.5.10, 1.5.11, 1.5.12, 1.5.13, 1.6.0, 1.6.1, 1.6.2, 1.6.3, 1.6.4, 1.6.5, 1.6.6, 1.6.7, 1.6.8, 1.6.9, 1.6.10, 1.6.11, 1.6.12, 1.6.13, 1.6.14, 1.6.15 (default) 18.09, 19.03, 20.10 (default) RedHatOS 1.5.5, 1.5.7, 1.5.8, 1.5.9, 1.5.10, 1.5.11, 1.5.12, 1.5.13, 1.6.0, 1.6.1, 1.6.2, 1.6.3, 1.6.4, 1.6.5, 1.6.6, 1.6.7, 1.6.8, 1.6.9, 1.6.10, 1.6.11, 1.6.12, 1.6.13, 1.6.14, 1.6.15 (default) 18.09, 19.03, 20.10 (default) KylinOS 1.5.5, 1.5.7, 1.5.8, 1.5.9, 1.5.10, 1.5.11, 1.5.12, 1.5.13, 1.6.0, 1.6.1, 1.6.2, 1.6.3, 1.6.4, 1.6.5, 1.6.6, 1.6.7, 1.6.8, 1.6.9, 1.6.10, 1.6.11, 1.6.12, 1.6.13, 1.6.14, 1.6.15 (default) 19.03 (Only supported by ARM architecture, Docker is not supported as a runtime under x86 architecture)Note
In the offline installation mode, you need to prepare the runtime offline package of the relevant operating system in advance.
"},{"location":"en/end-user/kpanda/clusters/upgrade-cluster.html","title":"Cluster Upgrade","text":"The Kubernetes Community packages a small version every quarter, and the maintenance cycle of each version is only about 9 months. Some major bugs or security holes will not be updated after the version stops maintenance. Manually upgrading cluster operations is cumbersome and places a huge workload on administrators.
In Suanova, you can upgrade the Kubernetes cluster with one click through the web UI interface.
Danger
After the version is upgraded, it will not be possible to roll back to the previous version, please proceed with caution.
Note
Click the name of the target cluster in the cluster list.
Then click Cluster Operation and Maintenance -> Cluster Upgrade in the left navigation bar, and click Version Upgrade in the upper right corner of the page.
Select the version that can be upgraded, and enter the cluster name to confirm.
After clicking OK , you can see the upgrade progress of the cluster.
The cluster upgrade is expected to take 30 minutes. You can click the Real-time Log button to view the detailed log of the cluster upgrade.
ConfigMaps store non-confidential data in the form of key-value pairs to achieve the effect of mutual decoupling of configuration data and application code. ConfigMaps can be used as environment variables for containers, command-line parameters, or configuration files in storage volumes.
Note
The data saved in ConfigMaps cannot exceed 1 MiB. If you need to store larger volumes of data, it is recommended to mount a storage volume or use an independent database or file service.
ConfigMaps do not provide confidentiality or encryption. If you want to store encrypted data, it is recommended to use secret, or other third-party tools to ensure the privacy of data.
You can create ConfigMaps with two methods:
Integrated the Kubernetes cluster or created the Kubernetes cluster, and you can access the UI interface of the cluster.
Created a namespace, user, and authorized the user as NS Editor. For details, refer to Namespace Authorization.
Click the name of a cluster on the Clusters page to enter Cluster Details .
In the left navigation bar, click ConfigMap and Secret -> ConfigMap , and click the Create ConfigMap button in the upper right corner.
Fill in the configuration information on the Create ConfigMap page, and click OK .
!!! note
Click __Upload File__ to import an existing file locally to quickly create ConfigMaps.\n
After the creation is complete, click More on the right side of the ConfigMap to edit YAML, update, export, delete and other operations.
Click the name of a cluster on the Clusters page to enter Cluster Details .
In the left navigation bar, click ConfigMap and Secret -> ConfigMap , and click the YAML Create button in the upper right corner.
Fill in or paste the configuration file prepared in advance, and then click OK in the lower right corner of the pop-up box.
!!! note
- Click __Import__ to import an existing file locally to quickly create ConfigMaps.\n - After filling in the data, click __Download__ to save the configuration file locally.\n
After the creation is complete, click More on the right side of the ConfigMap to edit YAML, update, export, delete and other operations.
```yaml\n kind: ConfigMap\n apiVersion: v1\n metadata:\n name: kube-root-ca.crt\n namespace: default\n annotations:\n data:\n version: '1.0'\n ```\n
Next step: Use ConfigMaps
"},{"location":"en/end-user/kpanda/configmaps-secrets/create-secret.html","title":"Create Secret","text":"A secret is a resource object used to store and manage sensitive information such as passwords, OAuth tokens, SSH, TLS credentials, etc. Using keys means you don't need to include sensitive secrets in your application code.
Secrets can be used in some cases:
You can create ConfigMaps with two methods:
Integrated the Kubernetes cluster or created the Kubernetes cluster, and you can access the UI interface of the cluster
Created a namespace, user, and authorized the user as NS Editor. For details, refer to Namespace Authorization.
Click the name of a cluster on the Clusters page to enter Cluster Details .
In the left navigation bar, click ConfigMap and Secret -> Secret , and click the Create Secret button in the upper right corner.
Fill in the configuration information on the Create Secret page, and click OK .
Note when filling in the configuration:
Click the name of a cluster on the Clusters page to enter Cluster Details .
In the left navigation bar, click ConfigMap and Secret -> Secret , and click the YAML Create button in the upper right corner.
Fill in the YAML configuration on the Create with YAML page, and click OK .
Supports importing YAML files from local or downloading and saving filled files to local.
```yaml\n apiVersion: v1\n kind: Secret\n metadata:\n name: secretdemo\n type: Opaque\n data:\n username: ****\n password: ****\n ```\n
Next step: use secret
"},{"location":"en/end-user/kpanda/configmaps-secrets/use-configmap.html","title":"Use ConfigMaps","text":"ConfigMap (ConfigMap) is an API object of Kubernetes, which is used to save non-confidential data into key-value pairs, and can store configurations that other objects need to use. When used, the container can use it as an environment variable, a command-line argument, or a configuration file in a storage volume. By using ConfigMaps, configuration data and application code can be separated, providing a more flexible way to modify application configuration.
Note
ConfigMaps do not provide confidentiality or encryption. If the data to be stored is confidential, please use secret, or use other third-party tools to ensure the privacy of the data instead of ConfigMaps. In addition, when using ConfigMaps in containers, the container and ConfigMaps must be in the same cluster namespace.
"},{"location":"en/end-user/kpanda/configmaps-secrets/use-configmap.html#scenes-to-be-used","title":"scenes to be used","text":"You can use ConfigMaps in Pods. There are many use cases, mainly including:
Use ConfigMaps to set the environment variables of the container
Use ConfigMaps to set the command line parameters of the container
Use ConfigMaps as container data volumes
You can use the ConfigMap as the environment variable of the container through the graphical interface or the terminal command line.
Note
The ConfigMap import is to use the ConfigMap as the value of the environment variable; the ConfigMap key value import is to use a certain parameter in the ConfigMap as the value of the environment variable.
"},{"location":"en/end-user/kpanda/configmaps-secrets/use-configmap.html#graphical-interface-operation","title":"Graphical interface operation","text":"When creating a workload through an image, you can set environment variables for the container by selecting Import ConfigMaps or Import ConfigMap Key Values on the Environment Variables interface.
Go to the Image Creation Workload page, in the Container Configuration step, select the Environment Variables configuration, and click the Add Environment Variable button.
Select ConfigMap Import or ConfigMap Key Value Import in the environment variable type.
When the environment variable type is selected as ConfigMap import , enter variable name , prefix name, ConfigMap name in sequence.
When the environment variable type is selected as ConfigMap key-value import , enter variable name , ConfigMap name, and Secret name in sequence.
You can set ConfigMaps as environment variables when creating a workload, using the valueFrom parameter to refer to the Key/Value in the ConfigMap.
apiVersion: v1\nkind: Pod\nmetadata:\n name: configmap-pod-1\nspec:\n containers:\n - name: test-container\n image: busybox\n command: [ \"/bin/sh\", \"-c\", \"env\" ]\n env:\n - name: SPECIAL_LEVEL_KEY\n valueFrom: # (1)\n configMapKeyRef:\n name: kpanda-configmap # (2)\n key: SPECIAL_LEVEL # (3)\n restartPolicy: Never\n
You can use ConfigMaps to set the command or parameter value in the container, and use the environment variable substitution syntax $(VAR_NAME) to do so. As follows.
apiVersion: v1\nkind: Pod\nmetadata:\n name: configmap-pod-3\nspec:\n containers:\n - name: test-container\n image: busybox\n command: [ \"/bin/sh\", \"-c\", \"echo $(SPECIAL_LEVEL_KEY) $(SPECIAL_TYPE_KEY)\" ]\n env:\n - name: SPECIAL_LEVEL_KEY\n valueFrom:\n configMapKeyRef:\n name: kpanda-configmap\n key: SPECIAL_LEVEL\n - name: SPECIAL_TYPE_KEY\n valueFrom:\n configMapKeyRef:\n name: kpanda-configmap\n key: SPECIAL_TYPE\n restartPolicy: Never\n
After the Pod runs, the output is as follows.
Hello Kpanda\n
"},{"location":"en/end-user/kpanda/configmaps-secrets/use-configmap.html#used-as-container-data-volume","title":"Used as container data volume","text":"You can use the ConfigMap as the environment variable of the container through the graphical interface or the terminal command line.
"},{"location":"en/end-user/kpanda/configmaps-secrets/use-configmap.html#graphical-operation","title":"Graphical operation","text":"When creating a workload through an image, you can use the ConfigMap as the data volume of the container by selecting the storage type as \"ConfigMap\" on the \"Data Storage\" interface.
Go to the Image Creation Workload page, in the Container Configuration step, select the Data Storage configuration, and click __Add in the __ Node Path Mapping __ list __ button.
Select ConfigMap in the storage type, and enter container path , subpath and other information in sequence.
To use a ConfigMap in a Pod's storage volume.
Here is an example Pod that mounts a ConfigMap as a volume:
apiVersion: v1\nkind: Pod\nmetadata:\n name: mypod\nspec:\n containers:\n -name: mypod\n image: redis\n volumeMounts:\n - name: foo\n mountPath: \"/etc/foo\"\n readOnly: true\n volumes:\n - name: foo\n configMap:\n name: myconfigmap\n
If there are multiple containers in a Pod, each container needs its own volumeMounts block, but you only need to set one spec.volumes block per ConfigMap.
Note
When a ConfigMap is used as a data volume mounted on a container, the ConfigMap can only be read as a read-only file.
"},{"location":"en/end-user/kpanda/configmaps-secrets/use-secret.html","title":"use key","text":"A secret is a resource object used to store and manage sensitive information such as passwords, OAuth tokens, SSH, TLS credentials, etc. Using keys means you don't need to include sensitive secrets in your application code.
"},{"location":"en/end-user/kpanda/configmaps-secrets/use-secret.html#scenes-to-be-used","title":"scenes to be used","text":"You can use keys in Pods in a variety of use cases, mainly including:
You can use the key as the environment variable of the container through the GUI or the terminal command line.
Note
Key import is to use the key as the value of an environment variable; key key value import is to use a parameter in the key as the value of an environment variable.
"},{"location":"en/end-user/kpanda/configmaps-secrets/use-secret.html#graphical-interface-operation","title":"Graphical interface operation","text":"When creating a workload from an image, you can set environment variables for the container by selecting Key Import or Key Key Value Import on the Environment Variables interface.
Go to the Image Creation Workload page.
Select the Environment Variables configuration in Container Configuration , and click the Add Environment Variable button.
Select Key Import or Key Key Value Import in the environment variable type.
When the environment variable type is selected as Key Import , enter Variable Name , Prefix , and Secret in sequence.
When the environment variable type is selected as key key value import , enter variable name , Secret , Secret name in sequence.
As shown in the example below, you can set the secret as an environment variable when creating the workload, using the valueFrom parameter to refer to the Key/Value in the Secret.
apiVersion: v1\nkind: Pod\nmetadata:\n name: secret-env-pod\nspec:\n containers:\n -name: mycontainer\n image: redis\n env:\n - name: SECRET_USERNAME\n valueFrom:\n secretKeyRef:\n name: mysecret\n key: username\n optional: false # (1)\n - name: SECRET_PASSWORD\n valueFrom:\n secretKeyRef:\n name: mysecret\n key: password\n optional: false # (2)\n
When creating a workload through an image, you can use the key as the data volume of the container by selecting the storage type as \"key\" on the \"data storage\" interface.
Go to the Image Creation Workload page.
In the Container Configuration , select the Data Storage configuration, and click the Add button in the Node Path Mapping list.
Select Secret in the storage type, and enter container path , subpath and other information in sequence.
The following is an example of a Pod that mounts a Secret named mysecret via a data volume:
apiVersion: v1\nkind: Pod\nmetadata:\n name: mypod\nspec:\n containers:\n -name: mypod\n image: redis\n volumeMounts:\n - name: foo\n mountPath: \"/etc/foo\"\n readOnly: true\n volumes:\n - name: foo\n secret:\n secretName: mysecret\n optional: false # (1)\n
If the Pod contains multiple containers, each container needs its own volumeMounts block, but only one .spec.volumes setting is required for each Secret.
"},{"location":"en/end-user/kpanda/configmaps-secrets/use-secret.html#used-as-the-identity-authentication-credential-for-the-container-registry-when-the-kubelet-pulls-the-container-image","title":"Used as the identity authentication credential for the container registry when the kubelet pulls the container image","text":"You can use the key as the identity authentication credential for the Container registry through the GUI or the terminal command line.
"},{"location":"en/end-user/kpanda/configmaps-secrets/use-secret.html#graphical-operation","title":"Graphical operation","text":"When creating a workload through an image, you can use the key as the data volume of the container by selecting the storage type as \"key\" on the \"data storage\" interface.
Go to the Image Creation Workload page.
In the second step of Container Configuration , select the Basic Information configuration, and click the Select Image button.
Select the name of the private container registry in the drop-down list of `container registry' in the pop-up box. Please see Create Secret for details on private image secret creation.
Enter the image name in the private registry, click OK to complete the image selection.
Note
When creating a key, you need to ensure that you enter the correct container registry address, username, password, and select the correct mirror name, otherwise you will not be able to obtain the mirror image in the container registry.
"},{"location":"en/end-user/kpanda/custom-resources/create.html","title":"CustomResourceDefinition (CRD)","text":"In Kubernetes, all objects are abstracted as resources, such as Pod, Deployment, Service, Volume, etc. are the default resources provided by Kubernetes. This provides important support for our daily operation and maintenance and management work, but in some special cases, the existing preset resources cannot meet the needs of the business. Therefore, we hope to expand the capabilities of the Kubernetes API, and CustomResourceDefinition (CRD) was born based on this requirement.
The container management module supports interface-based management of custom resources, and its main features are as follows:
Integrated the Kubernetes cluster or created Kubernetes, and you can access the cluster UI interface.
Created a namespace, user, and authorized the user as Cluster Admin
For details, refer to Namespace Authorization.
Click a cluster name to enter Cluster Details .
In the left navigation bar, click Custom Resource , and click the YAML Create button in the upper right corner.
On the Create with YAML page, fill in the YAML statement and click OK .
Return to the custom resource list page, and you can view the custom resource named crontabs.stable.example.com
just created.
Custom resource example:
CRD exampleapiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: crontabs.stable.example.com\nspec:\n group: stable.example.com\n versions:\n - name: v1\n served: true\n storage: true\n schema:\n openAPIV3Schema:\n type: object\n properties:\n spec:\n type: object\n properties:\n cronSpec:\n type: string\n image:\n type: string\n replicas:\n type: integer\n scope: Namespaced\n names:\n plural: crontabs\n singular: crontab\n kind: CronTab\n shortNames:\n - ct\n
"},{"location":"en/end-user/kpanda/custom-resources/create.html#create-a-custom-resource-example-via-yaml","title":"Create a custom resource example via YAML","text":"Click a cluster name to enter Cluster Details .
In the left navigation bar, click Custom Resource , and click the YAML Create button in the upper right corner.
Click the custom resource named crontabs.stable.example.com
, enter the details, and click the YAML Create button in the upper right corner.
On the Create with YAML page, fill in the YAML statement and click OK .
Return to the details page of crontabs.stable.example.com
, and you can view the custom resource named my-new-cron-object just created.
CR Example:
CR exampleapiVersion: \"stable.example.com/v1\"\nkind: CronTab\nmetadata:\n name: my-new-cron-object\nspec:\n cronSpec: \"* * * * */5\"\n image: my-awesome-cron-image\n
"},{"location":"en/end-user/kpanda/gpu/index.html","title":"Overview of GPU Management","text":"This article introduces the capability of Suanova container management platform in unified operations and management of heterogeneous resources, with a focus on GPUs.
"},{"location":"en/end-user/kpanda/gpu/index.html#background","title":"Background","text":"With the rapid development of emerging technologies such as AI applications, large-scale models, artificial intelligence, and autonomous driving, enterprises are facing an increasing demand for compute-intensive tasks and data processing. Traditional compute architectures represented by CPUs can no longer meet the growing computational requirements of enterprises. At this point, heterogeneous computing represented by GPUs has been widely applied due to its unique advantages in processing large-scale data, performing complex calculations, and real-time graphics rendering.
Meanwhile, due to the lack of experience and professional solutions in scheduling and managing heterogeneous resources, the utilization efficiency of GPU devices is extremely low, resulting in high AI production costs for enterprises. The challenge of reducing costs, increasing efficiency, and improving the utilization of GPUs and other heterogeneous resources has become a pressing issue for many enterprises.
"},{"location":"en/end-user/kpanda/gpu/index.html#introduction-to-gpu-capabilities","title":"Introduction to GPU Capabilities","text":"The Suanova container management platform supports unified scheduling and operations management of GPUs, NPUs, and other heterogeneous resources, fully unleashing the computational power of GPU resources, and accelerating the development of enterprise AI and other emerging applications. The GPU management capabilities of Suanova are as follows:
Similar to regular computer hardware, NVIDIA GPUs, as physical devices, need to have the NVIDIA GPU driver installed in order to be used. To reduce the cost of using GPUs on Kubernetes, NVIDIA provides the NVIDIA GPU Operator component to manage various components required for using NVIDIA GPUs. These components include the NVIDIA driver (for enabling CUDA), NVIDIA container runtime, GPU node labeling, DCGM-based monitoring, and more. In theory, users only need to plug the GPU into a compute device managed by Kubernetes, and they can use all the capabilities of NVIDIA GPUs through the GPU Operator. For more information about NVIDIA GPU Operator, refer to the NVIDIA official documentation. For deployment instructions, refer to Offline Installation of GPU Operator.
Architecture diagram of NVIDIA GPU Operator:
"},{"location":"en/end-user/kpanda/gpu/FAQ.html","title":"GPU FAQs","text":""},{"location":"en/end-user/kpanda/gpu/FAQ.html#gpu-processes-are-not-visible-while-running-nvidia-smi-inside-a-pod","title":"GPU processes are not visible while running nvidia-smi inside a pod","text":"Q: When running the nvidia-smi
command inside a GPU-utilizing pod, no GPU process information is visible in the full-card mode and vGPU mode.
A: Due to PID namespace
isolation, GPU processes are not visible inside the Pod. To view GPU processes, you can use one of the following methods:
hostPID: true
to enable viewing PIDs on the host.nvidia-smi
command in the driver pod of the gpu-operator to view processes.chroot /run/nvidia/driver nvidia-smi
command on the host to view processes.This section describes how to use Iluvatar virtual GPU on AI platform.
"},{"location":"en/end-user/kpanda/gpu/Iluvatar_usage.html#prerequisites","title":"Prerequisites","text":"Check if the GPU in the cluster has been detected. Click Clusters -> Cluster Settings -> Addon Plugins , and check if the proper GPU type has been automatically enabled and detected. Currently, the cluster will automatically enable GPU and set the GPU type as Iluvatar .
Deploy a workload. Click Clusters -> Workloads and deploy a workload using the image. After selecting the type as (Iluvatar) , configure the GPU resources used by the application:
Physical Card Count (iluvatar.ai/vcuda-core): Indicates the number of physical cards that the current pod needs to mount. The input value must be an integer and less than or equal to the number of cards on the host machine.
Memory Usage (iluvatar.ai/vcuda-memory): Indicates the amount of GPU memory occupied by each card. The value is in MB, with a minimum value of 1 and a maximum value equal to the entire memory of the card.
If there are any issues with the configuration values, scheduling failures or resource allocation failures may occur.
To request GPU resources for a workload, add the iluvatar.ai/vcuda-core: 1 and iluvatar.ai/vcuda-memory: 200 to the requests and limits. These parameters configure the application to use the physical card resources.
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: full-iluvatar-gpu-demo\n namespace: default\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: full-iluvatar-gpu-demo\n template:\n metadata:\n labels:\n app: full-iluvatar-gpu-demo\n spec:\n containers:\n - image: nginx:perl\n name: container-0\n resources:\n limits:\n cpu: 250m\n iluvatar.ai/vcuda-core: '1'\n iluvatar.ai/vcuda-memory: '200'\n memory: 512Mi\n requests:\n cpu: 250m\n memory: 512Mi\n imagePullSecrets:\n - name: default-secret\n
"},{"location":"en/end-user/kpanda/gpu/dynamic-regulation.html","title":"GPU Scheduling Configuration (Binpack and Spread)","text":"This page introduces how to reduce GPU resource fragmentation and prevent single points of failure through Binpack and Spread when using NVIDIA vGPU, achieving advanced scheduling for vGPU. The AI platform provides Binpack and Spread scheduling policies across two dimensions: clusters and workloads, meeting different usage requirements in various scenarios.
"},{"location":"en/end-user/kpanda/gpu/dynamic-regulation.html#prerequisites","title":"Prerequisites","text":"Scheduling policy based on GPU dimension
Scheduling policy based on node dimension
Note
By default, workloads will follow the cluster-level Binpack and Spread. If a workload sets its own Binpack and Spread scheduling policies that differ from the cluster, the workload will prioritize its own scheduling policy.
On the Clusters page, select the cluster for which you want to adjust the Binpack and Spread scheduling policies. Click the \u2507 icon on the right and select GPU Scheduling Configuration from the dropdown list.
Adjust the GPU scheduling configuration according to your business scenario, and click OK to save.
Note
When the Binpack and Spread scheduling policies at the workload level conflict with the cluster-level configuration, the workload-level configuration takes precedence.
Follow the steps below to create a deployment using an image and configure Binpack and Spread scheduling policies within the workload.
Click Clusters in the left navigation bar, then click the name of the target cluster to enter the Cluster Details page.
On the Cluster Details page, click Workloads -> Deployments in the left navigation bar, then click the Create by Image button in the upper right corner of the page.
Sequentially fill in the Basic Information, Container Settings, and in the Container Configuration section, enable GPU configuration, selecting the GPU type as NVIDIA vGPU. Click Advanced Settings, enable the Binpack / Spread scheduling policy, and adjust the GPU scheduling configuration according to the business scenario. After configuration, click Next to proceed to Service Settings and Advanced Settings. Finally, click OK at the bottom right of the page to complete the creation.
This page lists some commonly used GPU metrics.
"},{"location":"en/end-user/kpanda/gpu/gpu-metrics.html#cluster-level","title":"Cluster Level","text":"Metric Name Description Number of GPUs Total number of GPUs in the cluster Average GPU Utilization Average compute utilization of all GPUs in the cluster Average GPU Memory Utilization Average memory utilization of all GPUs in the cluster GPU Power Power consumption of all GPUs in the cluster GPU Temperature Temperature of all GPUs in the cluster GPU Utilization Details 24-hour usage details of all GPUs in the cluster (includes max, avg, current) GPU Memory Usage Details 24-hour memory usage details of all GPUs in the cluster (includes min, max, avg, current) GPU Memory Bandwidth Utilization For example, an Nvidia V100 GPU has a maximum memory bandwidth of 900 GB/sec. If the current memory bandwidth is 450 GB/sec, the utilization is 50%"},{"location":"en/end-user/kpanda/gpu/gpu-metrics.html#node-level","title":"Node Level","text":"Metric Name Description GPU Mode Usage mode of GPUs on the node, including full-card mode, MIG mode, vGPU mode Number of Physical GPUs Total number of physical GPUs on the node Number of Virtual GPUs Number of vGPU devices created on the node Number of MIG Instances Number of MIG instances created on the node GPU Memory Allocation Rate Memory allocation rate of all GPUs on the node Average GPU Utilization Average compute utilization of all GPUs on the node Average GPU Memory Utilization Average memory utilization of all GPUs on the node GPU Driver Version Driver version information of GPUs on the node GPU Utilization Details 24-hour usage details of each GPU on the node (includes max, avg, current) GPU Memory Usage Details 24-hour memory usage details of each GPU on the node (includes min, max, avg, current)"},{"location":"en/end-user/kpanda/gpu/gpu-metrics.html#pod-level","title":"Pod Level","text":"Category Metric Name Description Application Overview GPU - Compute & Memory Pod GPU Utilization Compute utilization of the GPUs used by the current Pod Pod GPU Memory Utilization Memory utilization of the GPUs used by the current Pod Pod GPU Memory Usage Memory usage of the GPUs used by the current Pod Memory Allocation Memory allocation of the GPUs used by the current Pod Pod GPU Memory Copy Ratio Memory copy ratio of the GPUs used by the current Pod GPU - Engine Overview GPU Graphics Engine Activity Percentage Percentage of time the Graphics or Compute engine is active during a monitoring cycle GPU Memory Bandwidth Utilization Memory bandwidth utilization (Memory BW Utilization) indicates the fraction of cycles during which data is sent to or received from the device memory. This value represents the average over the interval, not an instantaneous value. A higher value indicates higher utilization of device memory.A value of 1 (100%) indicates that a DRAM instruction is executed every cycle during the interval (in practice, a peak of about 0.8 (80%) is the maximum achievable).A value of 0.2 (20%) indicates that 20% of the cycles during the interval are spent reading from or writing to device memory. Tensor Core Utilization Percentage of time the Tensor Core pipeline is active during a monitoring cycle FP16 Engine Utilization Percentage of time the FP16 pipeline is active during a monitoring cycle FP32 Engine Utilization Percentage of time the FP32 pipeline is active during a monitoring cycle FP64 Engine Utilization Percentage of time the FP64 pipeline is active during a monitoring cycle GPU Decode Utilization Decode engine utilization of the GPU GPU Encode Utilization Encode engine utilization of the GPU GPU - Temperature & Power GPU Temperature Temperature of all GPUs in the cluster GPU Power Power consumption of all GPUs in the cluster GPU Total Power Consumption Total power consumption of the GPUs GPU - Clock GPU Memory Clock Memory clock frequency GPU Application SM Clock Application SM clock frequency GPU Application Memory Clock Application memory clock frequency GPU Video Engine Clock Video engine clock frequency GPU Throttle Reasons Reasons for GPU throttling GPU - Other Details PCIe Transfer Rate Data transfer rate of the GPU through the PCIe bus PCIe Receive Rate Data receive rate of the GPU through the PCIe bus"},{"location":"en/end-user/kpanda/gpu/gpu_matrix.html","title":"GPU Support Matrix","text":"This page explains the matrix of supported GPUs and operating systems for AI platform.
"},{"location":"en/end-user/kpanda/gpu/gpu_matrix.html#nvidia-gpu","title":"NVIDIA GPU","text":"GPU Manufacturer and Type Supported GPU Models Compatible Operating System (Online) Recommended Kernel Recommended Operating System and Kernel Installation Documentation NVIDIA GPU (Full Card/vGPU)This document mainly introduces the configuration of GPU
scheduling, which can implement advanced scheduling policies. Currently, the primary implementation is the vgpu
scheduling policy.
vGPU
provides two policies for resource usage: binpack
and spread
. These correspond to node-level and GPU-level dimensions, respectively. The use case is whether you want to distribute workloads more sparsely across different nodes and GPUs or concentrate them on the same node and GPU, thereby making resource utilization more efficient and reducing resource fragmentation.
You can modify the scheduling policy in your cluster by following these steps:
binpack
, and the GPU-level policy is spread
.The above steps modify the cluster-level scheduling policy. Users can also specify their own scheduling policy at the workload level to change the scheduling results. Below is an example of modifying the scheduling policy at the workload level:
apiVersion: v1\nkind: Pod\nmetadata:\n name: gpu-pod\n annotations:\n hami.io/node-scheduler-policy: \"binpack\"\n hami.io/gpu-scheduler-policy: \"binpack\"\nspec:\n containers:\n - name: ubuntu-container\n image: ubuntu:18.04\n command: [\"bash\", \"-c\", \"sleep 86400\"]\n resources:\n limits:\n nvidia.com/gpu: 1\n nvidia.com/gpumem: 3000\n nvidia.com/gpucores: 30\n
In this example, both the node- and GPU-level scheduling policies are set to binpack
. This ensures that the workload is scheduled to maximize resource utilization and reduce fragmentation.
This section describes how to use vGPU capabilities on the AI platform.
"},{"location":"en/end-user/kpanda/gpu/vgpu_quota.html#prerequisites","title":"Prerequisites","text":"The proper GPU driver (NVIDIA GPU, NVIDIA MIG, Iluvatar, Ascend) has been deployed on the current cluster either through an Operator or manually.
"},{"location":"en/end-user/kpanda/gpu/vgpu_quota.html#procedure","title":"Procedure","text":"Follow these steps to manage GPU quotas in AI platform:
Go to Namespaces and click Quota Management to configure the GPU resources that can be used by a specific namespace.
The currently supported card types for quota management in a namespace are: NVIDIA vGPU, NVIDIA MIG, Iluvatar, and Ascend.
NVIDIA vGPU Quota Management: Configure the specific quota that can be used. This will create a ResourcesQuota CR.
- Physical Card Count (nvidia.com/vgpu): Indicates the number of physical cards that the current pod needs to mount. The input value must be an integer and **less than or equal to** the number of cards on the host machine.\n- GPU Core Count (nvidia.com/gpucores): Indicates the GPU compute power occupied by each card. The value ranges from 0 to 100. If configured as 0, it is considered not to enforce isolation. If configured as 100, it is considered to exclusively occupy the entire card.\n- GPU Memory Usage (nvidia.com/gpumem): Indicates the amount of GPU memory occupied by each card. The value is in MB, with a minimum value of 1 and a maximum value equal to the entire memory of the card.\n
This section explains how to use Ascend NPU on the AI platform.
"},{"location":"en/end-user/kpanda/gpu/ascend/Ascend_usage.html#prerequisites","title":"Prerequisites","text":"Refer to the Ascend NPU Component Installation Document to install the basic environment.
"},{"location":"en/end-user/kpanda/gpu/ascend/Ascend_usage.html#quick-start","title":"Quick Start","text":"This document uses the AscentCL Image Classification Application example from the Ascend sample library.
Download the Ascend repository
Run the following command to download the Ascend demo repository, and remember the storage location of the code for subsequent use.
git clone https://gitee.com/ascend/samples.git\n
Prepare the base image
This example uses the Ascent-pytorch base image, which can be obtained from the Ascend Container Registry.
Prepare the YAML file
ascend-demo.yamlapiVersion: batch/v1\nkind: Job\nmetadata:\n name: resnetinfer1-1-1usoc\nspec:\n template:\n spec:\n containers:\n - image: ascendhub.huawei.com/public-ascendhub/ascend-pytorch:23.0.RC2-ubuntu18.04 # Inference image name\n imagePullPolicy: IfNotPresent\n name: resnet50infer\n securityContext:\n runAsUser: 0\n command:\n - \"/bin/bash\"\n - \"-c\"\n - |\n source /usr/local/Ascend/ascend-toolkit/set_env.sh &&\n TEMP_DIR=/root/samples_copy_$(date '+%Y%m%d_%H%M%S_%N') &&\n cp -r /root/samples \"$TEMP_DIR\" &&\n cd \"$TEMP_DIR\"/inference/modelInference/sampleResnetQuickStart/python/model &&\n wget https://obs-9be7.obs.cn-east-2.myhuaweicloud.com/003_Atc_Models/resnet50/resnet50.onnx &&\n atc --model=resnet50.onnx --framework=5 --output=resnet50 --input_shape=\"actual_input_1:1,3,224,224\" --soc_version=Ascend910 &&\n cd ../data &&\n wget https://obs-9be7.obs.cn-east-2.myhuaweicloud.com/models/aclsample/dog1_1024_683.jpg &&\n cd ../scripts &&\n bash sample_run.sh\n resources:\n requests:\n huawei.com/Ascend910: 1 # Number of the Ascend 910 Processors\n limits:\n huawei.com/Ascend910: 1 # The value should be the same as that of requests\n volumeMounts:\n - name: hiai-driver\n mountPath: /usr/local/Ascend/driver\n readOnly: true\n - name: slog\n mountPath: /var/log/npu/conf/slog/slog.conf\n - name: localtime # The container time must be the same as the host time\n mountPath: /etc/localtime\n - name: dmp\n mountPath: /var/dmp_daemon\n - name: slogd\n mountPath: /var/slogd\n - name: hbasic\n mountPath: /etc/hdcBasic.cfg\n - name: sys-version\n mountPath: /etc/sys_version.conf\n - name: aicpu\n mountPath: /usr/lib64/aicpu_kernels\n - name: tfso\n mountPath: /usr/lib64/libtensorflow.so\n - name: sample-path\n mountPath: /root/samples\n volumes:\n - name: hiai-driver\n hostPath:\n path: /usr/local/Ascend/driver\n - name: slog\n hostPath:\n path: /var/log/npu/conf/slog/slog.conf\n - name: localtime\n hostPath:\n path: /etc/localtime\n - name: dmp\n hostPath:\n path: /var/dmp_daemon\n - name: slogd\n hostPath:\n path: /var/slogd\n - name: hbasic\n hostPath:\n path: /etc/hdcBasic.cfg\n - name: sys-version\n hostPath:\n path: /etc/sys_version.conf\n - name: aicpu\n hostPath:\n path: /usr/lib64/aicpu_kernels\n - name: tfso\n hostPath:\n path: /usr/lib64/libtensorflow.so\n - name: sample-path\n hostPath:\n path: /root/samples\n restartPolicy: OnFailure\n
Some fields in the above YAML need to be modified according to the actual situation:
Deploy a Job and check its results
Use the following command to create a Job:
kubectl apply -f ascend-demo.yaml\n
Check the Pod running status:
After the Pod runs successfully, check the log results. The key prompt information on the screen is shown in the figure below. The Label indicates the category identifier, Conf indicates the maximum confidence of the classification, and Class indicates the belonging category. These values may vary depending on the version and environment, so please refer to the actual situation:
Result image display:
Confirm whether the cluster has detected the GPU. Click Clusters -> Cluster Settings -> Addon Plugins , and check whether the proper GPU type is automatically enabled and detected. Currently, the cluster will automatically enable GPU and set the GPU type to Ascend .
Deploy the workload. Click Clusters -> Workloads , deploy the workload through an image, select the type (Ascend), and then configure the number of physical cards used by the application:
Number of Physical Cards (huawei.com/Ascend910) : This indicates how many physical cards the current Pod needs to mount. The input value must be an integer and less than or equal to the number of cards on the host.
If there is an issue with the above configuration, it will result in scheduling failure and resource allocation issues.
This chapter provides installation guidance for Ascend NPU drivers, Device Plugin, NPU-Exporter, and other components.
"},{"location":"en/end-user/kpanda/gpu/ascend/ascend_driver_install.html#prerequisites","title":"Prerequisites","text":"Before using NPU resources, you need to complete the firmware installation, NPU driver installation, Docker Runtime installation, user creation, log directory creation, and NPU Device Plugin installation. Refer to the following steps for details.
"},{"location":"en/end-user/kpanda/gpu/ascend/ascend_driver_install.html#install-firmware","title":"Install Firmware","text":"npu-smi info
, and if the NPU information is returned normally, it indicates that the NPU driver and firmware are ready.Download Ascend Docker Runtime
Community edition download link: https://www.hiascend.com/zh/software/mindx-dl/community
wget -c https://mindx.obs.cn-south-1.myhuaweicloud.com/OpenSource/MindX/MindX%205.0.RC2/MindX%20DL%205.0.RC2/Ascend-docker-runtime_5.0.RC2_linux-x86_64.run\n
Install to the specified path by executing the following two commands in order, with parameters specifying the installation path:
chmod u+x Ascend-docker-runtime_5.0.RC2_linux-x86_64.run \n./Ascend-docker-runtime_{version}_linux-{arch}.run --install --install-path=<path>\n
Modify the containerd configuration file
If containerd has no default configuration file, execute the following three commands in order to create the configuration file:
mkdir /etc/containerd \ncontainerd config default > /etc/containerd/config.toml \nvim /etc/containerd/config.toml\n
If containerd has a configuration file:
vim /etc/containerd/config.toml\n
Modify the runtime installation path according to the actual situation, mainly modifying the runtime field:
... \n[plugins.\"io.containerd.monitor.v1.cgroups\"]\n no_prometheus = false \n[plugins.\"io.containerd.runtime.v1.linux\"]\n shim = \"containerd-shim\"\n runtime = \"/usr/local/Ascend/Ascend-Docker-Runtime/ascend-docker-runtime\"\n runtime_root = \"\"\n no_shim = false\n shim_debug = false\n [plugins.\"io.containerd.runtime.v2.task\"]\n platforms = [\"linux/amd64\"]\n...\n
Execute the following command to restart containerd:
systemctl restart containerd\n
Execute the following commands on the node where the components are installed to create a user.
# Ubuntu operating system\nuseradd -d /home/hwMindX -u 9000 -m -s /usr/sbin/nologin hwMindX\nusermod -a -G HwHiAiUser hwMindX\n# CentOS operating system\nuseradd -d /home/hwMindX -u 9000 -m -s /sbin/nologin hwMindX\nusermod -a -G HwHiAiUser hwMindX\n
"},{"location":"en/end-user/kpanda/gpu/ascend/ascend_driver_install.html#create-log-directory","title":"Create Log Directory","text":"Create the parent directory for component logs and the log directories for each component on the proper node, and set the appropriate owner and permissions for the directories. Execute the following command to create the parent directory for component logs.
mkdir -m 755 /var/log/mindx-dl\nchown root:root /var/log/mindx-dl\n
Execute the following command to create the Device Plugin component log directory.
mkdir -m 750 /var/log/mindx-dl/devicePlugin\nchown root:root /var/log/mindx-dl/devicePlugin\n
Note
Please create the proper log directory for each required component. In this example, only the Device Plugin component is needed. For other component requirements, refer to the official documentation
"},{"location":"en/end-user/kpanda/gpu/ascend/ascend_driver_install.html#create-node-labels","title":"Create Node Labels","text":"Refer to the following commands to create labels on the proper nodes:
# Create this label on computing nodes where the driver is installed\nkubectl label node {nodename} huawei.com.ascend/Driver=installed\nkubectl label node {nodename} node-role.kubernetes.io/worker=worker\nkubectl label node {nodename} workerselector=dls-worker-node\nkubectl label node {nodename} host-arch=huawei-arm // or host-arch=huawei-x86, select according to the actual situation\nkubectl label node {nodename} accelerator=huawei-Ascend910 // select according to the actual situation\n# Create this label on control nodes\nkubectl label node {nodename} masterselector=dls-master-node\n
"},{"location":"en/end-user/kpanda/gpu/ascend/ascend_driver_install.html#install-device-plugin-and-npuexporter","title":"Install Device Plugin and NpuExporter","text":"Functional module path: Container Management -> Cluster, click the name of the target cluster, then click Helm Apps -> Helm Charts from the left navigation bar, and search for ascend-mindxdl.
After a successful installation, two components will appear under the proper namespace, as shown below:
At the same time, the proper NPU information will also appear on the node information:
Once everything is ready, you can select the proper NPU device when creating a workload through the page, as shown below:
Note
For detailed information of how to use, refer to Using Ascend (Ascend) NPU.
"},{"location":"en/end-user/kpanda/gpu/ascend/vnpu.html","title":"Enable Ascend Virtualization","text":"Ascend virtualization is divided into dynamic virtualization and static virtualization. This document describes how to enable and use Ascend static virtualization capabilities.
"},{"location":"en/end-user/kpanda/gpu/ascend/vnpu.html#prerequisites","title":"Prerequisites","text":"Supported NPU models:
For more details, refer to the official virtualization hardware documentation.
Refer to the Ascend NPU Component Installation Documentation for the basic environment setup.
"},{"location":"en/end-user/kpanda/gpu/ascend/vnpu.html#enable-virtualization-capabilities","title":"Enable Virtualization Capabilities","text":"To enable virtualization capabilities, you need to manually modify the startup parameters of the ascend-device-plugin-daemonset
component. Refer to the following command:
- device-plugin -useAscendDocker=true -volcanoType=false -presetVirtualDevice=true\n- logFile=/var/log/mindx-dl/devicePlugin/devicePlugin.log -logLevel=0\n
"},{"location":"en/end-user/kpanda/gpu/ascend/vnpu.html#split-vnpu-instances","title":"Split VNPU Instances","text":"Static virtualization requires manually splitting VNPU instances. Refer to the following command:
npu-smi set -t create-vnpu -i 13 -c 0 -f vir02\n
i
refers to the card id.c
refers to the chip id.vir02
refers to the split specification template.Card id and chip id can be queried using npu-smi info
. The split specifications can be found in the Ascend official templates.
After splitting the instance, you can query the split results using the following command:
npu-smi info -t info-vnpu -i 13 -c 0\n
The query result is as follows:
"},{"location":"en/end-user/kpanda/gpu/ascend/vnpu.html#restart-ascend-device-plugin-daemonset","title":"Restartascend-device-plugin-daemonset
","text":"After splitting the instance, manually restart the device-plugin
pod, then use the kubectl describe
command to check the resources of the registered node:
kubectl describe node {{nodename}}\n
"},{"location":"en/end-user/kpanda/gpu/ascend/vnpu.html#how-to-use-the-device","title":"How to Use the Device","text":"When creating an application, specify the resource key as shown in the following YAML:
......\nresources:\n requests:\n huawei.com/Ascend310P-2c: 1\n limits:\n huawei.com/Ascend310P-2c: 1\n......\n
"},{"location":"en/end-user/kpanda/gpu/nvidia/index.html","title":"NVIDIA GPU Usage Modes","text":"NVIDIA, as a well-known graphics computing provider, offers various software and hardware solutions to enhance computational power. Among them, NVIDIA provides the following three solutions for GPU usage:
"},{"location":"en/end-user/kpanda/gpu/nvidia/index.html#full-gpu","title":"Full GPU","text":"Full GPU refers to allocating the entire NVIDIA GPU to a single user or application. In this configuration, the application can fully occupy all the resources of the GPU and achieve maximum computational performance. Full GPU is suitable for workloads that require a large amount of computational resources and memory, such as deep learning training, scientific computing, etc.
"},{"location":"en/end-user/kpanda/gpu/nvidia/index.html#vgpu-virtual-gpu","title":"vGPU (Virtual GPU)","text":"vGPU is a virtualization technology that allows one physical GPU to be partitioned into multiple virtual GPUs, with each virtual GPU assigned to different virtual machines or users. vGPU enables multiple users to share the same physical GPU and independently use GPU resources in their respective virtual environments. Each virtual GPU can access a certain amount of compute power and memory capacity. vGPU is suitable for virtualized environments and cloud computing scenarios, providing higher resource utilization and flexibility.
"},{"location":"en/end-user/kpanda/gpu/nvidia/index.html#mig-multi-instance-gpu","title":"MIG (Multi-Instance GPU)","text":"MIG is a feature introduced by the NVIDIA Ampere architecture that allows one physical GPU to be divided into multiple physical GPU instances, each of which can be independently allocated to different users or workloads. Each MIG instance has its own compute resources, memory, and PCIe bandwidth, just like an independent virtual GPU. MIG provides finer-grained GPU resource allocation and management and allows dynamic adjustment of the number and size of instances based on demand. MIG is suitable for multi-tenant environments, containerized applications, batch jobs, and other scenarios.
Whether using vGPU in a virtualized environment or MIG on a physical GPU, NVIDIA provides users with more choices and optimized ways to utilize GPU resources. The Suanova container management platform fully supports the above NVIDIA capabilities. Users can easily access the full computational power of NVIDIA GPUs through simple UI operations, thereby improving resource utilization and reducing costs.
nvidia.com/gpu
resource type.nvidia.com/mig-<slice_count>g.<memory_size>gb
.For detailed instructions on enabling these configurations, refer to Offline Installation of GPU Operator.
"},{"location":"en/end-user/kpanda/gpu/nvidia/index.html#how-to-use","title":"How to Use","text":"You can refer to the following links to quickly start using Suanova's management capabilities for NVIDIA GPUs.
This section describes how to allocate the entire NVIDIA GPU to a single application on the AI platform.
"},{"location":"en/end-user/kpanda/gpu/nvidia/full_gpu_userguide.html#prerequisites","title":"Prerequisites","text":"Check if the cluster has detected the GPUs. Click Clusters -> Cluster Settings -> Addon Plugins to see if it has automatically enabled and detected the proper GPU types. Currently, the cluster will automatically enable GPU and set the GPU Type as Nvidia GPU .
Deploy a workload. Click Clusters -> Workloads , and deploy the workload using the image method. After selecting the type ( Nvidia GPU ), configure the number of physical cards used by the application:
Physical Card Count (nvidia.com/gpu): Indicates the number of physical cards that the current pod needs to mount. The input value must be an integer and less than or equal to the number of cards on the host machine.
If the above value is configured incorrectly, scheduling failures and resource allocation issues may occur.
To request GPU resources for a workload, add the nvidia.com/gpu: 1 parameter to the resource request and limit configuration in the YAML file. This parameter configures the number of physical cards used by the application.
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: full-gpu-demo\n namespace: default\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: full-gpu-demo\n template:\n metadata:\n labels:\n app: full-gpu-demo\n spec:\n containers:\n - image: chrstnhntschl/gpu_burn\n name: container-0\n resources:\n requests:\n cpu: 250m\n memory: 512Mi\n nvidia.com/gpu: 1 # Number of GPUs requested\n limits:\n cpu: 250m\n memory: 512Mi\n nvidia.com/gpu: 1 # Upper limit of GPU usage\n imagePullSecrets:\n - name: default-secret\n
Note
When using the nvidia.com/gpu
parameter to specify the number of GPUs, the values for requests and limits must be consistent.
AI platform comes with pre-installed driver
images for the following three operating systems: Ubuntu 22.04, Ubuntu 20.04, and CentOS 7.9. The driver version is 535.104.12
. Additionally, it includes the required Toolkit
images for each operating system, so users no longer need to manually provide offline toolkit
images.
This page demonstrates using AMD architecture with CentOS 7.9 (3.10.0-1160). If you need to deploy on Red Hat 8.4, refer to Uploading Red Hat gpu-operator Offline Image to the Bootstrap Node Repository and Building Offline Yum Source for Red Hat 8.4.
"},{"location":"en/end-user/kpanda/gpu/nvidia/install_nvidia_driver_of_operator.html#prerequisites","title":"Prerequisites","text":"To install the gpu-operator plugin for your cluster, follow these steps:
Log in to the platform and go to Container Management -> Clusters , check cluster eetails.
On the Helm Charts page, select All Repositories and search for gpu-operator .
Select gpu-operator and click Install .
Configure the installation parameters for gpu-operator based on the instructions below to complete the installation.
Ubuntu 22.04
, Ubuntu 20.04
, Centos 7.9
, and other
. Please choose the correct operating system.Driver.version : Version of the GPU driver image, use default parameters for offline deployment. Configuration is only required for online installation. Different versions of the Driver image exist for different types of operating systems. For more details, refer to Nvidia GPU Driver Versions. Examples of Driver Version
for different operating systems are as follows:
Note
When using the built-in operating system version, there is no need to modify the image version. For other operating system versions, please refer to Uploading Images to the Bootstrap Node Repository. note that there is no need to include the operating system name such as Ubuntu, CentOS, or Red Hat in the version number. If the official image contains an operating system suffix, please manually remove it.
525.105.17
535-5.15.0-1043-nvidia
525.147.05
Driver.RepoConfig.ConfigMapName : Used to record the name of the offline yum repository configuration file for the gpu-operator. When using the pre-packaged offline bundle, refer to the following documents for different types of operating systems.
Toolkit.enable : Enabled by default. This component allows containerd/docker to support running containers that require GPUs.
"},{"location":"en/end-user/kpanda/gpu/nvidia/install_nvidia_driver_of_operator.html#mig-parameters","title":"MIG parameters","text":"For detailed configuration methods, refer to Enabling MIG Functionality.
MigManager.Config.name : The name of the MIG split configuration file, used to define the MIG (GI, CI) split policy. The default is default-mig-parted-config . For custom parameters, refer to Enabling MIG Functionality.
"},{"location":"en/end-user/kpanda/gpu/nvidia/install_nvidia_driver_of_operator.html#next-steps","title":"Next Steps","text":"After completing the configuration and creation of the above parameters:
If using full-card mode , GPU resources can be used when creating applications.
If using vGPU mode , after completing the above configuration and creation, proceed to vGPU Addon Installation.
If using MIG mode and you need to use a specific split specification for individual GPU nodes, otherwise, split according to the default value in MigManager.Config
.
For single mode, add label to nodes as follows:
kubectl label nodes {node} nvidia.com/mig.config=\"all-1g.10gb\" --overwrite\n
For mixed mode, add label to nodes as follows:
kubectl label nodes {node} nvidia.com/mig.config=\"custom-config\" --overwrite\n
After spliting, applications can use MIG GPU resources.
This guide explains how to upload an offline image to the bootstrap repository using the nvcr.io/nvidia/driver:525.105.17-rhel8.4 offline driver image for Red Hat 8.4 as an example.
"},{"location":"en/end-user/kpanda/gpu/nvidia/push_image_to_repo.html#prerequisites","title":"Prerequisites","text":"Perform the following steps on the internet-connected node:
Pull the nvcr.io/nvidia/driver:525.105.17-rhel8.4 offline driver image:
docker pull nvcr.io/nvidia/driver:525.105.17-rhel8.4\n
Once the image is pulled, save it as a compressed archive named nvidia-driver.tar :
docker save nvcr.io/nvidia/driver:525.105.17-rhel8.4 > nvidia-driver.tar\n
Copy the compressed image archive nvidia-driver.tar to the bootstrap node:
scp nvidia-driver.tar user@ip:/root\n
For example:
scp nvidia-driver.tar root@10.6.175.10:/root\n
Perform the following steps on the bootstrap node:
Log in to the bootstrap node and import the compressed image archive nvidia-driver.tar :
docker load -i nvidia-driver.tar\n
View the imported image:
docker images -a | grep nvidia\n
Expected output:
nvcr.io/nvidia/driver e3ed7dee73e9 1 days ago 1.02GB\n
Retag the image to correspond to the target repository in the remote Registry repository:
docker tag <image-name> <registry-url>/<repository-name>:<tag>\n
Replace with the name of the Nvidia image from the previous step, with the address of the Registry service on the bootstrap node, with the name of the repository you want to push the image to, and with the desired tag for the image.
For example:
docker tag nvcr.io/nvidia/driver 10.6.10.5/nvcr.io/nvidia/driver:525.105.17-rhel8.4\n
Push the image to the bootstrap repository:
docker push {ip}/nvcr.io/nvidia/driver:525.105.17-rhel8.4\n
Refer to Building Red Hat 8.4 Offline Yum Source and Offline Installation of GPU Operator to deploy the GPU Operator to your cluster.
"},{"location":"en/end-user/kpanda/gpu/nvidia/ubuntu22.04_offline_install_driver.html","title":"Offline Install gpu-operator Driver on Ubuntu 22.04","text":"Prerequisite: Installed gpu-operator v23.9.0+2 or higher versions
"},{"location":"en/end-user/kpanda/gpu/nvidia/ubuntu22.04_offline_install_driver.html#prepare-offline-image","title":"Prepare Offline Image","text":"Check the kernel version
$ uname -r\n5.15.0-78-generic\n
Check the GPU Driver image version applicable to your kernel, at https://catalog.ngc.nvidia.com/orgs/nvidia/containers/driver/tags
. Use the kernel to query the image version and save the image using ctr export
.
ctr i pull nvcr.io/nvidia/driver:535-5.15.0-78-generic-ubuntu22.04\nctr i export --all-platforms driver.tar.gz nvcr.io/nvidia/driver:535-5.15.0-78-generic-ubuntu22.04 \n
Import the image into the cluster's container registry
ctr i import driver.tar.gz\nctr i tag nvcr.io/nvidia/driver:535-5.15.0-78-generic-ubuntu22.04 {your_registry}/nvcr.m.daocloud.io/nvidia/driver:535-5.15.0-78-generic-ubuntu22.04\nctr i push {your_registry}/nvcr.m.daocloud.io/nvidia/driver:535-5.15.0-78-generic-ubuntu22.04 --skip-verify=true\n
driver.usePrecompiled=true
driver.version=535
, note that it should be 535, not 535.104.12The AI platform comes with a pre-installed GPU Operator offline package for CentOS 7.9 with kernel version 3.10.0-1160. or other OS types or kernel versions, users need to manually build an offline yum source.
This guide explains how to build an offline yum source for CentOS 7.9 with a specific kernel version and use it when installing the GPU Operator by specifying the RepoConfig.ConfigMapName parameter.
"},{"location":"en/end-user/kpanda/gpu/nvidia/upgrade_yum_source_centos7_9.html#prerequisites","title":"Prerequisites","text":"This guide uses CentOS 7.9 with kernel version 3.10.0-1160.95.1.el7.x86_64 as an example to explain how to upgrade the pre-installed GPU Operator offline package's yum source.
"},{"location":"en/end-user/kpanda/gpu/nvidia/upgrade_yum_source_centos7_9.html#check-os-and-kernel-versions-of-cluster-nodes","title":"Check OS and Kernel Versions of Cluster Nodes","text":"Run the following commands on both the control node of the Global cluster and the node where GPU Operator will be deployed. If the OS and kernel versions of the two nodes are consistent, there is no need to build a yum source. You can directly refer to the Offline Installation of GPU Operator document for installation. If the OS or kernel versions of the two nodes are not consistent, please proceed to the next step.
Run the following command to view the distribution name and version of the node where GPU Operator will be deployed in the cluster.
cat /etc/redhat-release\n
Expected output:
CentOS Linux release 7.9 (Core)\n
The output shows the current node's OS version as CentOS 7.9
.
Run the following command to view the kernel version of the node where GPU Operator will be deployed in the cluster.
uname -a\n
Expected output:
Linux localhost.localdomain 3.10.0-1160.95.1.el7.x86_64 #1 SMP Mon Oct 19 16:18:59 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux\n
The output shows the current node's kernel version as 3.10.0-1160.el7.x86_64
.
Perform the following steps on a node that has internet access and can access the file server:
Create a script file named yum.sh by running the following command:
vi yum.sh\n
Then press the i key to enter insert mode and enter the following content:
export TARGET_KERNEL_VERSION=$1\n\ncat >> run.sh << \\EOF\n#! /bin/bash\necho \"start install kernel repo\"\necho ${KERNEL_VERSION}\nmkdir centos-base\n\nif [ \"$OS\" -eq 7 ]; then\n yum install --downloadonly --downloaddir=./centos-base perl\n yum install --downloadonly --downloaddir=./centos-base elfutils-libelf.x86_64\n yum install --downloadonly --downloaddir=./redhat-base elfutils-libelf-devel.x86_64\n yum install --downloadonly --downloaddir=./centos-base kernel-headers-${KERNEL_VERSION}.el7.x86_64\n yum install --downloadonly --downloaddir=./centos-base kernel-devel-${KERNEL_VERSION}.el7.x86_64\n yum install --downloadonly --downloaddir=./centos-base kernel-${KERNEL_VERSION}.el7.x86_64\n yum install -y --downloadonly --downloaddir=./centos-base groff-base\nelif [ \"$OS\" -eq 8 ]; then\n yum install --downloadonly --downloaddir=./centos-base perl\n yum install --downloadonly --downloaddir=./centos-base elfutils-libelf.x86_64\n yum install --downloadonly --downloaddir=./redhat-base elfutils-libelf-devel.x86_64\n yum install --downloadonly --downloaddir=./centos-base kernel-headers-${KERNEL_VERSION}.el8.x86_64\n yum install --downloadonly --downloaddir=./centos-base kernel-devel-${KERNEL_VERSION}.el8.x86_64\n yum install --downloadonly --downloaddir=./centos-base kernel-${KERNEL_VERSION}.el8.x86_64\n yum install -y --downloadonly --downloaddir=./centos-base groff-base\nelse\n echo \"Error os version\"\nfi\n\ncreaterepo centos-base/\nls -lh centos-base/\ntar -zcf centos-base.tar.gz centos-base/\necho \"end install kernel repo\"\nEOF\n\ncat >> Dockerfile << EOF\nFROM centos:7\nENV KERNEL_VERSION=\"\"\nENV OS=7\nRUN yum install -y createrepo\nCOPY run.sh .\nENTRYPOINT [\"/bin/bash\",\"run.sh\"]\nEOF\n\ndocker build -t test:v1 -f Dockerfile .\ndocker run -e KERNEL_VERSION=$TARGET_KERNEL_VERSION --name centos7.9 test:v1\ndocker cp centos7.9:/centos-base.tar.gz .\ntar -xzf centos-base.tar.gz\n
Press the Esc key to exit insert mode, then enter :wq to save and exit.
Run the yum.sh file:
bash -x yum.sh TARGET_KERNEL_VERSION\n
The TARGET_KERNEL_VERSION
parameter is used to specify the kernel version of the cluster nodes.
Note: You don't need to include the distribution identifier (e.g., __ .el7.x86_64__ ). For example:
bash -x yum.sh 3.10.0-1160.95.1\n
Now you have generated an offline yum source, centos-base , for the kernel version 3.10.0-1160.95.1.el7.x86_64 .
"},{"location":"en/end-user/kpanda/gpu/nvidia/upgrade_yum_source_centos7_9.html#upload-the-offline-yum-source-to-the-file-server","title":"Upload the Offline Yum Source to the File Server","text":"Perform the following steps on a node that has internet access and can access the file server. This step is used to upload the generated yum source from the previous step to a file server that can be accessed by the cluster where the GPU Operator will be deployed. The file server can be Nginx, MinIO, or any other file server that supports the HTTP protocol.
In this example, we will use the built-in MinIO as the file server. The MinIO details are as follows:
http://10.5.14.200:9000
(usually {bootstrap-node IP} + {port-9000} )Login password: rootpass123
Run the following command in the current directory of the node to establish a connection between the node's local mc command-line tool and the MinIO server:
mc config host add minio http://10.5.14.200:9000 rootuser rootpass123\n
The expected output should resemble the following:
Added __minio__ successfully.\n
mc is the command-line tool provided by MinIO for interacting with the MinIO server. For more details, refer to the MinIO Client documentation.
In the current directory of the node, create a bucket named centos-base :
mc mb -p minio/centos-base\n
The expected output should resemble the following:
Bucket created successfully __minio/centos-base__ .\n
Set the access policy of the bucket centos-base to allow public download. This will enable access during the installation of the GPU Operator:
mc anonymous set download minio/centos-base\n
The expected output should resemble the following:
Access permission for __minio/centos-base__ is set to __download__ \n
In the current directory of the node, copy the generated centos-base offline yum source to the minio/centos-base bucket on the MinIO server:
mc cp centos-base minio/centos-base --recursive\n
Perform the following steps on the control node of the cluster where the GPU Operator will be deployed.
Run the following command to create a file named CentOS-Base.repo that specifies the configmap for the yum source storage:
# The file name must be CentOS-Base.repo, otherwise it cannot be recognized during the installation of the GPU Operator\ncat > CentOS-Base.repo << EOF\n[extension-0]\nbaseurl = http://10.5.14.200:9000/centos-base/centos-base # The file server address where the yum source is placed in step 3\ngpgcheck = 0\nname = kubean extension 0\n\n[extension-1]\nbaseurl = http://10.5.14.200:9000/centos-base/centos-base # The file server address where the yum source is placed in step 3\ngpgcheck = 0\nname = kubean extension 1\nEOF\n
Based on the created CentOS-Base.repo file, create a configmap named local-repo-config in the gpu-operator namespace:
kubectl create configmap local-repo-config -n gpu-operator --from-file=CentOS-Base.repo=/etc/yum.repos.d/extension.repo\n
The expected output should resemble the following:
configmap/local-repo-config created\n
The local-repo-config configmap will be used to provide the value for the RepoConfig.ConfigMapName parameter during the installation of the GPU Operator. You can customize the configuration file name.
View the content of the local-repo-config configmap:
kubectl get configmap local-repo-config -n gpu-operator -oyaml\n
The expected output should resemble the following:
apiVersion: v1\ndata:\nCentOS-Base.repo: \"[extension-0]\\nbaseurl = http://10.6.232.5:32618/centos-base# The file server path where the yum source is placed in step 2\\ngpgcheck = 0\\nname = kubean extension 0\\n \\n[extension-1]\\nbaseurl = http://10.6.232.5:32618/centos-base # The file server path where the yum source is placed in step 2\\ngpgcheck = 0\\nname = kubean extension 1\\n\"\nkind: ConfigMap\nmetadata:\ncreationTimestamp: \"2023-10-18T01:59:02Z\"\nname: local-repo-config\nnamespace: gpu-operator\nresourceVersion: \"59445080\"\nuid: c5f0ebab-046f-442c-b932-f9003e014387\n
You have successfully created an offline yum source configuration file for the cluster where the GPU Operator will be deployed. You can use it during the offline installation of the GPU Operator by specifying the RepoConfig.ConfigMapName parameter.
"},{"location":"en/end-user/kpanda/gpu/nvidia/upgrade_yum_source_redhat8_4.html","title":"Building Red Hat 8.4 Offline Yum Source","text":"The AI platform comes with pre-installed CentOS v7.9 and GPU Operator offline packages with kernel v3.10.0-1160. For other OS types or nodes with different kernels, users need to manually build the offline yum source.
This guide explains how to build an offline yum source package for Red Hat 8.4 based on any node in the Global cluster. It also demonstrates how to use it during the installation of the GPU Operator by specifying the RepoConfig.ConfigMapName parameter.
"},{"location":"en/end-user/kpanda/gpu/nvidia/upgrade_yum_source_redhat8_4.html#prerequisites","title":"Prerequisites","text":"This guide uses a node with Red Hat 8.4 4.18.0-305.el8.x86_64 as an example to demonstrate how to build an offline yum source package for Red Hat 8.4 based on any node in the Global cluster. It also explains how to use it during the installation of the GPU Operator by specifying the RepoConfig.ConfigMapName parameter.
"},{"location":"en/end-user/kpanda/gpu/nvidia/upgrade_yum_source_redhat8_4.html#step-1-download-the-yum-source-from-the-bootstrap-node","title":"Step 1: Download the Yum Source from the Bootstrap Node","text":"Perform the following steps on the master node of the Global cluster.
Use SSH or any other method to access any node in the Global cluster and run the following command:
cat /etc/yum.repos.d/extension.repo # View the contents of extension.repo.\n
The expected output should resemble the following:
[extension-0]\nbaseurl = http://10.5.14.200:9000/kubean/redhat/$releasever/os/$basearch\ngpgcheck = 0\nname = kubean extension 0\n\n[extension-1]\nbaseurl = http://10.5.14.200:9000/kubean/redhat-iso/$releasever/os/$basearch/AppStream\ngpgcheck = 0\nname = kubean extension 1\n\n[extension-2]\nbaseurl = http://10.5.14.200:9000/kubean/redhat-iso/$releasever/os/$basearch/BaseOS\ngpgcheck = 0\nname = kubean extension 2\n
Create a folder named redhat-base-repo under the root directory:
mkdir redhat-base-repo\n
Download the RPM packages from the yum source to your local machine:
Download the RPM packages from extension-1 :
reposync -p redhat-base-repo -n --repoid=extension-1\n
Download the RPM packages from extension-2 :
reposync -p redhat-base-repo -n --repoid=extension-2\n
Perform the following steps on a node with internet access. Before proceeding, ensure that there is network connectivity between the node with internet access and the master node of the Global cluster.
Run the following command on the node with internet access to download the elfutils-libelf-devel-0.187-4.el8.x86_64.rpm package:
wget https://rpmfind.net/linux/centos/8-stream/BaseOS/x86_64/os/Packages/elfutils-libelf-devel-0.187-4.el8.x86_64.rpm\n
Transfer the elfutils-libelf-devel-0.187-4.el8.x86_64.rpm package from the current directory to the node mentioned in step 1:
scp elfutils-libelf-devel-0.187-4.el8.x86_64.rpm user@ip:~/redhat-base-repo/extension-2/Packages/\n
For example:
scp elfutils-libelf-devel-0.187-4.el8.x86_64.rpm root@10.6.175.10:~/redhat-base-repo/extension-2/Packages/\n
Perform the following steps on the master node of the Global cluster mentioned in Step 1.
Enter the yum repository directories:
cd ~/redhat-base-repo/extension-1/Packages\ncd ~/redhat-base-repo/extension-2/Packages\n
Generate the repository index for the directories:
createrepo_c ./\n
You have now generated the offline yum source named redhat-base-repo for kernel version 4.18.0-305.el8.x86_64 .
"},{"location":"en/end-user/kpanda/gpu/nvidia/upgrade_yum_source_redhat8_4.html#step-4-upload-the-local-yum-repository-to-the-file-server","title":"Step 4: Upload the Local Yum Repository to the File Server","text":"In this example, we will use Minio, which is built-in as the file server in the bootstrap node. However, you can choose any file server that suits your needs. Here are the details for Minio:
http://10.5.14.200:9000
(usually the {bootstrap-node-IP} + {port-9000})Login password: rootpass123
On the current node, establish a connection between the local mc command-line tool and the Minio server by running the following command:
mc config host add minio <file_server_access_url> <username> <password>\n
For example:
mc config host add minio http://10.5.14.200:9000 rootuser rootpass123\n
The expected output should be similar to:
Added __minio__ successfully.\n
The mc command-line tool is provided by the Minio file server as a client command-line tool. For more details, refer to the MinIO Client documentation.
Create a bucket named redhat-base in the current location:
mc mb -p minio/redhat-base\n
The expected output should be similar to:
Bucket created successfully __minio/redhat-base__ .\n
Set the access policy of the redhat-base bucket to allow public downloads so that it can be accessed during the installation of the GPU Operator:
mc anonymous set download minio/redhat-base\n
The expected output should be similar to:
Access permission for __minio/redhat-base__ is set to __download__ \n
Copy the offline yum repository files ( redhat-base-repo ) from the current location to the Minio server's minio/redhat-base bucket:
mc cp redhat-base-repo minio/redhat-base --recursive\n
Perform the following steps on the control node of the cluster where you will deploy the GPU Operator.
Run the following command to create a file named redhat.repo , which specifies the configuration information for the yum repository storage:
# The file name must be redhat.repo, otherwise it won't be recognized when installing gpu-operator\ncat > redhat.repo << EOF\n[extension-0]\nbaseurl = http://10.5.14.200:9000/redhat-base/redhat-base-repo/Packages # The file server address where the yum source is stored in Step 1\ngpgcheck = 0\nname = kubean extension 0\n\n[extension-1]\nbaseurl = http://10.5.14.200:9000/redhat-base/redhat-base-repo/Packages # The file server address where the yum source is stored in Step 1\ngpgcheck = 0\nname = kubean extension 1\nEOF\n
Based on the created redhat.repo file, create a configmap named local-repo-config in the gpu-operator namespace:
kubectl create configmap local-repo-config -n gpu-operator --from-file=./redhat.repo\n
The expected output should be similar to:
configmap/local-repo-config created\n
The local-repo-config configuration file is used to provide the value for the RepoConfig.ConfigMapName parameter during the installation of the GPU Operator. You can choose a different name for the configuration file.
View the contents of the local-repo-config configuration file:
kubectl get configmap local-repo-config -n gpu-operator -oyaml\n
You have successfully created the offline yum source configuration file for the cluster where the GPU Operator will be deployed. You can use it by specifying the RepoConfig.ConfigMapName parameter during the offline installation of the GPU Operator.
"},{"location":"en/end-user/kpanda/gpu/nvidia/yum_source_redhat7_9.html","title":"Build an Offline Yum Repository for Red Hat 7.9","text":""},{"location":"en/end-user/kpanda/gpu/nvidia/yum_source_redhat7_9.html#introduction","title":"Introduction","text":"AI platform comes with a pre-installed CentOS 7.9 with GPU Operator offline package for kernel 3.10.0-1160. You need to manually build an offline yum repository for other OS types or nodes with different kernels.
This page explains how to build an offline yum repository for Red Hat 7.9 based on any node in the Global cluster, and how to use the RepoConfig.ConfigMapName
parameter when installing the GPU Operator.
Download rhel7.9 ISO
Download the rhel7.9 ospackage that corresponds to your Kubean version.
Find the version number of Kubean in the Container Management section of the Global cluster under Helm Apps.
Download the rhel7.9 ospackage for that version from the Kubean repository.
Import offline resources using the installer.
Click here to view the download url.
"},{"location":"en/end-user/kpanda/gpu/nvidia/yum_source_redhat7_9.html#3-upload-red-hat-gpu-operator-offline-image-to-boostrap-node-repository","title":"3. Upload Red Hat GPU Operator Offline Image to Boostrap Node Repository","text":"Refer to Upload Red Hat GPU Operator Offline Image to Boostrap Node Repository.
Note
This reference is based on rhel8.4, so make sure to modify it for rhel7.9.
"},{"location":"en/end-user/kpanda/gpu/nvidia/yum_source_redhat7_9.html#4-create-configmaps-in-the-cluster-to-save-yum-repository-information","title":"4. Create ConfigMaps in the Cluster to Save Yum Repository Information","text":"Run the following command on the control node of the cluster where the GPU Operator is to be deployed.
Run the following command to create a file named CentOS-Base.repo to specify the configuration information where the yum repository is stored.
# The file name must be CentOS-Base.repo, otherwise it will not be recognized when installing gpu-operator\ncat > CentOS-Base.repo << EOF\n[extension-0]\nbaseurl = http://10.5.14.200:9000/centos-base/centos-base # The server file address of the boostrap node, usually {boostrap node IP} + {9000 port}\ngpgcheck = 0\nname = kubean extension 0\n\n[extension-1]\nbaseurl = http://10.5.14.200:9000/centos-base/centos-base # The server file address of the boostrap node, usually {boostrap node IP} + {9000 port}\ngpgcheck = 0\nname = kubean extension 1\nEOF\n
Based on the created CentOS-Base.repo file, create a profile named local-repo-config in the gpu-operator namespace:
kubectl create configmap local-repo-config -n gpu-operator --from-file=CentOS-Base.repo=/etc/yum.repos.d/extension.repo\n
The expected output is as follows:
configmap/local-repo-config created\n
The local-repo-config profile is used to provide the value of the RepoConfig.ConfigMapName
parameter when installing gpu-operator, and the profile name can be customized by the user.
View the contents of the local-repo-config profile:
kubectl get configmap local-repo-config -n gpu-operator -oyaml\n
The expected output is as follows:
local-repo-config.yamlapiVersion: v1\ndata:\n CentOS-Base.repo: \"[extension-0]\\nbaseurl = http://10.6.232.5:32618/centos-base # The file path where yum repository is placed in Step 2 \\ngpgcheck = 0\\nname = kubean extension 0\\n \\n[extension-1]\\nbaseurl\n = http://10.6.232.5:32618/centos-base # The file path where yum repository is placed in Step 2 \\ngpgcheck = 0\\nname\n = kubean extension 1\\n\"\nkind: ConfigMap\nmetadata:\n creationTimestamp: \"2023-10-18T01:59:02Z\"\n name: local-repo-config\n namespace: gpu-operator\n resourceVersion: \"59445080\"\n uid: c5f0ebab-046f-442c-b932-f9003e014387\n
At this point, you have successfully created the offline yum repository profile for the cluster where the GPU Operator is to be deployed. The RepoConfig.ConfigMapName
parameter was used during the Offline Installation of GPU Operator.
MIG allows cloud service providers to partition a physical GPU into multiple independent GPU instances, which can be allocated to different tenants. This enables resource isolation and independence, meeting the GPU computing needs of multiple tenants.
MIG enables finer-grained GPU resource management in containerized environments. By partitioning a physical GPU into multiple MIG instances, each container can be assigned with dedicated GPU compute resources, providing better performance isolation and resource utilization.
For batch processing jobs requiring large-scale parallel computing, MIG provides higher computational performance and larger memory capacity. Each MIG instance can utilize a portion of the physical GPU's compute resources, accelerating the processing of large-scale computational tasks.
MIG offers increased compute power and memory capacity for training large-scale deep learning models. By partitioning the physical GPU into multiple MIG instances, each instance can independently carry out model training, improving training efficiency and throughput.
In general, NVIDIA MIG is suitable for scenarios that require finer-grained allocation and management of GPU resources. It enables resource isolation, improved performance utilization, and meets the GPU computing needs of multiple users or applications.
"},{"location":"en/end-user/kpanda/gpu/nvidia/mig/index.html#overview-of-mig","title":"Overview of MIG","text":"NVIDIA Multi-Instance GPU (MIG) is a new feature introduced by NVIDIA on H100, A100, and A30 series GPUs. Its purpose is to divide a physical GPU into multiple GPU instances to provide finer-grained resource sharing and isolation. MIG can split a GPU into up to seven GPU instances, allowing a single physical GPU to provide separate GPU resources to multiple users, maximizing GPU utilization.
This feature enables multiple applications or users to share GPU resources simultaneously, improving the utilization of computational resources and increasing system scalability.
With MIG, each GPU instance's processor has an independent and isolated path throughout the entire memory system, including cross-switch ports on the chip, L2 cache groups, memory controllers, and DRAM address buses, all uniquely allocated to a single instance.
This ensures that the workload of individual users can run with predictable throughput and latency, along with identical L2 cache allocation and DRAM bandwidth. MIG can partition available GPU compute resources (such as streaming multiprocessors or SMs and GPU engines like copy engines or decoders) to provide defined quality of service (QoS) and fault isolation for different clients such as virtual machines, containers, or processes. MIG enables multiple GPU instances to run in parallel on a single physical GPU.
MIG allows multiple vGPUs (and virtual machines) to run in parallel on a single GPU instance while retaining the isolation guarantees provided by vGPU. For more details on using vGPU and MIG for GPU partitioning, refer to NVIDIA Multi-Instance GPU and NVIDIA Virtual Compute Server.
"},{"location":"en/end-user/kpanda/gpu/nvidia/mig/index.html#mig-architecture","title":"MIG Architecture","text":"The following diagram provides an overview of MIG, illustrating how it virtualizes one physical GPU into seven GPU instances that can be used by multiple users.
"},{"location":"en/end-user/kpanda/gpu/nvidia/mig/index.html#important-concepts","title":"Important Concepts","text":"Resource Sharing: MIG allows a single physical GPU to be divided into multiple GPU instances, providing efficient sharing of GPU resources among different users or applications. This maximizes GPU utilization and enables improved performance isolation.
Fine-Grained Resource Allocation: With MIG, GPU resources can be allocated at a finer granularity, allowing for more precise partitioning and allocation of compute power and memory capacity.
Improved Performance Isolation: Each MIG instance operates independently with its dedicated resources, ensuring predictable throughput and latency for individual users or applications. This improves performance isolation and prevents interference between different workloads running on the same GPU.
Enhanced Security and Fault Isolation: MIG provides better security and fault isolation by ensuring that each user or application has its dedicated GPU resources. This prevents unauthorized access to data and mitigates the impact of faults or errors in one instance on others.
Increased Scalability: MIG enables the simultaneous usage of GPU resources by multiple users or applications, increasing system scalability and accommodating the needs of various workloads.
Efficient Containerization: By using MIG in containerized environments, GPU resources can be effectively allocated to different containers, improving performance isolation and resource utilization.
Overall, MIG offers significant advantages in terms of resource sharing, fine-grained allocation, performance isolation, security, scalability, and containerization, making it a valuable feature for various GPU computing scenarios.
"},{"location":"en/end-user/kpanda/gpu/nvidia/mig/create_mig.html","title":"Enabling MIG Features","text":"This section describes how to enable NVIDIA MIG features. NVIDIA currently provides two strategies for exposing MIG devices on Kubernetes nodes:
For more details, refer to the NVIDIA GPU Usage Modes.
"},{"location":"en/end-user/kpanda/gpu/nvidia/mig/create_mig.html#prerequisites","title":"Prerequisites","text":"When installing the Operator, you need to set the MigManager Config parameter accordingly. The default setting is default-mig-parted-config. You can also customize the sharding policy configuration file:
"},{"location":"en/end-user/kpanda/gpu/nvidia/mig/create_mig.html#custom-sharding-policy","title":"Custom Sharding Policy","text":" ## Custom GI Instance Configuration\n all-disabled:\n - devices: all\n mig-enabled: false\n all-enabled:\n - devices: all\n mig-enabled: true\n mig-devices: {}\n all-1g.10gb:\n - devices: all\n mig-enabled: true\n mig-devices:\n 1g.5gb: 7\n all-1g.10gb.me:\n - devices: all\n mig-enabled: true\n mig-devices:\n 1g.10gb+me: 1\n all-1g.20gb:\n - devices: all\n mig-enabled: true\n mig-devices:\n 1g.20gb: 4\n all-2g.20gb:\n - devices: all\n mig-enabled: true\n mig-devices:\n 2g.20gb: 3\n all-3g.40gb:\n - devices: all\n mig-enabled: true\n mig-devices:\n 3g.40gb: 2\n all-4g.40gb:\n - devices: all\n mig-enabled: true\n mig-devices:\n 4g.40gb: 1\n all-7g.80gb:\n - devices: all\n mig-enabled: true\n mig-devices:\n 7g.80gb: 1\n all-balanced:\n - device-filter: [\"0x233110DE\", \"0x232210DE\", \"0x20B210DE\", \"0x20B510DE\", \"0x20F310DE\", \"0x20F510DE\"]\n devices: all\n mig-enabled: true\n mig-devices:\n 1g.10gb: 2\n 2g.20gb: 1\n 3g.40gb: 1\n # After setting, CI instances will be partitioned according to the specified configuration\n custom-config:\n - devices: all\n mig-enabled: true\n mig-devices:\n 3g.40gb: 2\n
In the above YAML, set custom-config to partition CI instances according to the specifications.
custom-config:\n - devices: all\n mig-enabled: true\n mig-devices:\n 1c.3g.40gb: 6\n
After completing the settings, you can use GPU MIG resources when confirming the deployment of the application.
"},{"location":"en/end-user/kpanda/gpu/nvidia/mig/create_mig.html#switch-node-gpu-mode","title":"Switch Node GPU Mode","text":"After successfully installing the GPU operator, the node is in full card mode by default. There will be an indicator on the node management page, as shown below:
Click the \u2507 at the right side of the node list, select a GPU mode to switch, and then choose the proper MIG mode and sharding policy. Here, we take MIXED mode as an example:
There are two configurations here:
After clicking OK button, wait for about a minute and refresh the page. The MIG mode will be switched to:
"},{"location":"en/end-user/kpanda/gpu/nvidia/mig/mig_command.html","title":"MIG Related Commands","text":"GI Related Commands:
Subcommand Description nvidia-smi mig -lgi View the list of created GI instances nvidia-smi mig -dgi -gi Delete a specific GI instance nvidia-smi mig -lgip View the profile of GI nvidia-smi mig -cgi Create a GI using the specified profile IDCI Related Commands:
Subcommand Description nvidia-smi mig -lcip { -gi {gi Instance ID}} View the profile of CI, specifying -gi will show the CIs that can be created for a particular GI instance nvidia-smi mig -lci View the list of created CI instances nvidia-smi mig -cci {profile id} -gi {gi instance id} Create a CI instance with the specified GI nvidia-smi mig -dci -ci Delete a specific CI instanceGI+CI Related Commands:
Subcommand Description nvidia-smi mig -i 0 -cgi {gi profile id} -C {ci profile id} Create a GI + CI instance directly"},{"location":"en/end-user/kpanda/gpu/nvidia/mig/mig_usage.html","title":"Using MIG GPU Resources","text":"This section explains how applications can use MIG GPU resources.
"},{"location":"en/end-user/kpanda/gpu/nvidia/mig/mig_usage.html#prerequisites","title":"Prerequisites","text":"Confirm if the cluster has recognized the GPU type.
Go to Cluster Details -> Nodes and check if it has been correctly recognized as MIG.
When deploying an application using an image, you can select and use NVIDIA MIG resources.
Example of MIG Single Mode (used in the same way as a full GPU):
Note
The MIG single policy allows users to request and use GPU resources in the same way as a full GPU (nvidia.com/gpu
). The difference is that these resources can be a portion of the GPU (MIG device) rather than the entire GPU. Learn more from the GPU MIG Mode Design.
MIG Mixed Mode
MIG Single mode:
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: mig-demo\n namespace: default\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: mig-demo\n template:\n metadata:\n creationTimestamp: null\n labels:\n app: mig-demo\n spec:\n containers:\n - name: mig-demo1\n image: chrstnhntschl/gpu_burn\n resources:\n limits:\n nvidia.com/gpu: 2 # (1)!\n imagePullPolicy: Always\n restartPolicy: Always\n
MIG Mixed mode:
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: mig-demo\n namespace: default\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: mig-demo\n template:\n metadata:\n creationTimestamp: null\n labels:\n app: mig-demo\n spec:\n containers:\n - name: mig-demo1\n image: chrstnhntschl/gpu_burn\n resources:\n limits:\n nvidia.com/mig-4g.20gb: 1 # (1)!\n imagePullPolicy: Always\n restartPolicy: Always\n
After entering the container, you can check if only one MIG device is being used:
"},{"location":"en/end-user/kpanda/gpu/nvidia/vgpu/hami.html","title":"Build a vGPU Memory Oversubscription Image","text":"The vGPU memory oversubscription feature in the Hami Project no longer exists. To use this feature, you need to rebuild with the libvgpu.so
file that supports memory oversubscription.
FROM docker.m.daocloud.io/projecthami/hami:v2.3.11\nCOPY libvgpu.so /k8s-vgpu/lib/nvidia/\n
Run the following command to build the image:
docker build -t release.daocloud.io/projecthami/hami:v2.3.11 -f Dockerfile .\n
Then, push the image to release.daocloud.io
.
To virtualize a single NVIDIA GPU into multiple virtual GPUs and allocate them to different virtual machines or users, you can use NVIDIA's vGPU capability. This section explains how to install the vGPU plugin in the AI platform, which is a prerequisite for using NVIDIA vGPU capability.
"},{"location":"en/end-user/kpanda/gpu/nvidia/vgpu/vgpu_addon.html#prerequisites","title":"Prerequisites","text":"Path: Container Management -> Cluster Management -> Click the target cluster -> Helm Apps -> Helm Charts -> Search for nvidia-vgpu .
During the installation of vGPU, several basic modification parameters are provided. If you need to modify advanced parameters, click the YAML column to make changes:
deviceMemoryScaling : NVIDIA device memory scaling factor, the input value must be an integer, with a default value of 1. It can be greater than 1 (enabling virtual memory, experimental feature). For an NVIDIA GPU with a memory size of M, if we configure the devicePlugin.deviceMemoryScaling parameter as S, in a Kubernetes cluster where we have deployed our device plugin, the vGPUs assigned from this GPU will have a total memory of S * M .
deviceSplitCount : An integer type, with a default value of 10. Number of GPU splits, each GPU cannot be assigned more tasks than its configuration count. If configured as N, each GPU can have up to N tasks simultaneously.
Resources : Represents the resource usage of the vgpu-device-plugin and vgpu-schedule pods.
After a successful installation, you will see two types of pods in the specified namespace, indicating that the NVIDIA vGPU plugin has been successfully installed:
After a successful installation, you can deploy applications using vGPU resources.
Note
NVIDIA vGPU Addon does not support upgrading directly from the older v2.0.0 to the latest v2.0.0+1; To upgrade, please uninstall the older version and then reinstall the latest version.
"},{"location":"en/end-user/kpanda/gpu/nvidia/vgpu/vgpu_user.html","title":"Using NVIDIA vGPU in Applications","text":"This section explains how to use the vGPU capability in the AI platform.
"},{"location":"en/end-user/kpanda/gpu/nvidia/vgpu/vgpu_user.html#prerequisites","title":"Prerequisites","text":"Confirm if the cluster has detected GPUs. Click the Clusters -> Cluster Settings -> Addon Plugins and check if the GPU plugin has been automatically enabled and the proper GPU type has been detected. Currently, the cluster will automatically enable the GPU addon and set the GPU Type as Nvidia vGPU .
Deploy a workload by clicking Clusters -> Workloads . When deploying a workload using an image, select the type Nvidia vGPU , and you will be prompted with the following parameters:
If there are issues with the configuration values above, it may result in scheduling failure or inability to allocate resources.
Refer to the following workload configuration and add the parameter nvidia.com/vgpu: '1' in the resource requests and limits section to configure the number of physical cards used by the application.
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: full-vgpu-demo\n namespace: default\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: full-vgpu-demo\n template:\n metadata:\n creationTimestamp: null\n labels:\n app: full-vgpu-demo\n spec:\n containers:\n - name: full-vgpu-demo1\n image: chrstnhntschl/gpu_burn\n resources:\n limits:\n nvidia.com/gpucores: '20' # Request 20% of GPU cores for each card\n nvidia.com/gpumem: '200' # Request 200MB of GPU memory for each card\n nvidia.com/vgpu: '1' # Request 1 GPU\n imagePullPolicy: Always\n restartPolicy: Always\n
This YAML configuration requests the application to use vGPU resources. It specifies that each card should utilize 20% of GPU cores, 200MB of GPU memory, and requests 1 GPU.
"},{"location":"en/end-user/kpanda/gpu/volcano/volcano-gang-scheduler.html","title":"Using Volcano's Gang Scheduler","text":"The Gang scheduling policy is one of the core scheduling algorithms of the volcano-scheduler. It satisfies the \"All or nothing\" scheduling requirement during the scheduling process, preventing arbitrary scheduling of Pods that could waste cluster resources. The specific algorithm observes whether the number of scheduled Pods under a Job meets the minimum running quantity. When the Job's minimum running quantity is satisfied, scheduling actions are performed for all Pods under the Job; otherwise, no actions are taken.
"},{"location":"en/end-user/kpanda/gpu/volcano/volcano-gang-scheduler.html#use-cases","title":"Use Cases","text":"The Gang scheduling algorithm, based on the concept of a Pod group, is particularly suitable for scenarios that require multi-process collaboration. AI scenarios often involve complex workflows, such as Data Ingestion, Data Analysis, Data Splitting, Training, Serving, and Logging, which require a group of containers to work together. This makes the Gang scheduling policy based on pods very appropriate.
In multi-threaded parallel computing communication scenarios under the MPI computation framework, Gang scheduling is also very suitable because it requires master and slave processes to work together. High relevance among containers in a pod may lead to resource contention, and overall scheduling allocation can effectively resolve deadlocks.
In scenarios with insufficient cluster resources, the Gang scheduling policy significantly improves the utilization of cluster resources. For example, if the cluster can currently accommodate only 2 Pods, but the minimum number of Pods required for scheduling is 3, then all Pods of this Job will remain pending until the cluster can accommodate 3 Pods, at which point the Pods will be scheduled. This effectively prevents the partial scheduling of Pods, which would not meet the requirements and would occupy resources, making other Jobs unable to run.
"},{"location":"en/end-user/kpanda/gpu/volcano/volcano-gang-scheduler.html#concept-explanation","title":"Concept Explanation","text":"The Gang Scheduler is the core scheduling plugin of Volcano, and it is enabled by default upon installing Volcano. When creating a workload, you only need to specify the scheduler name as Volcano.
Volcano schedules based on PodGroups. When creating a workload, there is no need to manually create PodGroup resources; Volcano will automatically create them based on the workload information. Below is an example of a PodGroup:
apiVersion: scheduling.volcano.sh/v1beta1\nkind: PodGroup\nmetadata:\n name: test\n namespace: default\nspec:\n minMember: 1 # (1)!\n minResources: # (2)!\n cpu: \"3\"\n memory: \"2048Mi\"\n priorityClassName: high-prority # (3)!\n queue: default # (4)!\n
In a multi-threaded parallel computing communication scenario under the MPI computation framework, we need to ensure that all Pods can be successfully scheduled to ensure the job is completed correctly. Setting minAvailable to 4 means that 1 mpimaster and 3 mpiworkers are required to run.
apiVersion: batch.volcano.sh/v1alpha1\nkind: Job\nmetadata:\n name: lm-mpi-job\n labels:\n \"volcano.sh/job-type\": \"MPI\"\nspec:\n minAvailable: 4\n schedulerName: volcano\n plugins:\n ssh: []\n svc: []\n policies:\n - event: PodEvicted\n action: RestartJob\n tasks:\n - replicas: 1\n name: mpimaster\n policies:\n - event: TaskCompleted\n action: CompleteJob\n template:\n spec:\n containers:\n - command:\n - /bin/sh\n - -c\n - |\n MPI_HOST=`cat /etc/volcano/mpiworker.host | tr \"\\n\" \",\"`;\n mkdir -p /var/run/sshd; /usr/sbin/sshd;\n mpiexec --allow-run-as-root --host ${MPI_HOST} -np 3 mpi_hello_world;\n image: docker.m.daocloud.io/volcanosh/example-mpi:0.0.1\n name: mpimaster\n ports:\n - containerPort: 22\n name: mpijob-port\n workingDir: /home\n resources:\n requests:\n cpu: \"500m\"\n limits:\n cpu: \"500m\"\n restartPolicy: OnFailure\n imagePullSecrets:\n - name: default-secret\n - replicas: 3\n name: mpiworker\n template:\n spec:\n containers:\n - command:\n - /bin/sh\n - -c\n - |\n mkdir -p /var/run/sshd; /usr/sbin/sshd -D;\n image: docker.m.daocloud.io/volcanosh/example-mpi:0.0.1\n name: mpiworker\n ports:\n - containerPort: 22\n name: mpijob-port\n workingDir: /home\n resources:\n requests:\n cpu: \"1000m\"\n limits:\n cpu: \"1000m\"\n restartPolicy: OnFailure\n imagePullSecrets:\n - name: default-secret\n
Generate the resources for PodGroup:
apiVersion: scheduling.volcano.sh/v1beta1\nkind: PodGroup\nmetadata:\n annotations:\n creationTimestamp: \"2024-05-28T09:18:50Z\"\n generation: 5\n labels:\n volcano.sh/job-type: MPI\n name: lm-mpi-job-9c571015-37c7-4a1a-9604-eaa2248613f2\n namespace: default\n ownerReferences:\n - apiVersion: batch.volcano.sh/v1alpha1\n blockOwnerDeletion: true\n controller: true\n kind: Job\n name: lm-mpi-job\n uid: 9c571015-37c7-4a1a-9604-eaa2248613f2\n resourceVersion: \"25173454\"\n uid: 7b04632e-7cff-4884-8e9a-035b7649d33b\nspec:\n minMember: 4\n minResources:\n count/pods: \"4\"\n cpu: 3500m\n limits.cpu: 3500m\n pods: \"4\"\n requests.cpu: 3500m\n minTaskMember:\n mpimaster: 1\n mpiworker: 3\n queue: default\nstatus:\n conditions:\n - lastTransitionTime: \"2024-05-28T09:19:01Z\"\n message: '3/4 tasks in gang unschedulable: pod group is not ready, 1 Succeeded,\n 3 Releasing, 4 minAvailable'\n reason: NotEnoughResources\n status: \"True\"\n transitionID: f875efa5-0358-4363-9300-06cebc0e7466\n type: Unschedulable\n - lastTransitionTime: \"2024-05-28T09:18:53Z\"\n reason: tasks in gang are ready to be scheduled\n status: \"True\"\n transitionID: 5a7708c8-7d42-4c33-9d97-0581f7c06dab\n type: Scheduled\n phase: Pending\n succeeded: 1\n
From the PodGroup, it can be seen that it is associated with the workload through ownerReferences and sets the minimum number of running Pods to 4.
"},{"location":"en/end-user/kpanda/gpu/volcano/volcano_user_guide.html","title":"Use Volcano for AI Compute","text":""},{"location":"en/end-user/kpanda/gpu/volcano/volcano_user_guide.html#usage-scenarios","title":"Usage Scenarios","text":"Kubernetes has become the de facto standard for orchestrating and managing cloud-native applications, and an increasing number of applications are choosing to migrate to K8s. The fields of artificial intelligence and machine learning inherently involve a large number of compute-intensive tasks, and developers are very willing to build AI platforms based on Kubernetes to fully leverage its resource management, application orchestration, and operations monitoring capabilities. However, the default Kubernetes scheduler was initially designed primarily for long-running services and has many shortcomings in batch and elastic scheduling for AI and big data tasks. For example, resource contention issues:
Take TensorFlow job scenarios as an example. TensorFlow jobs include two different roles, PS and Worker, and the Pods for these two roles need to work together to complete the entire job. If only one type of role Pod is running, the entire job cannot be executed properly. The default scheduler schedules Pods one by one and is unaware of the PS and Worker roles in a Kubeflow TFJob. In a high-load cluster (insufficient resources), multiple jobs may each be allocated some resources to run a portion of their Pods, but the jobs cannot complete successfully, leading to resource waste. For instance, if a cluster has 4 GPUs and both TFJob1 and TFJob2 each have 4 Workers, TFJob1 and TFJob2 might each be allocated 2 GPUs. However, both TFJob1 and TFJob2 require 4 GPUs to run. This mutual waiting for resource release creates a deadlock situation, resulting in GPU resource waste.
"},{"location":"en/end-user/kpanda/gpu/volcano/volcano_user_guide.html#volcano-batch-scheduling-system","title":"Volcano Batch Scheduling System","text":"Volcano is the first Kubernetes-based container batch computing platform under CNCF, focusing on high-performance computing scenarios. It fills in the missing functionalities of Kubernetes in fields such as machine learning, big data, and scientific computing, providing essential support for these high-performance workloads. Additionally, Volcano seamlessly integrates with mainstream computing frameworks like Spark, TensorFlow, and PyTorch, and supports hybrid scheduling of heterogeneous devices, including CPUs and GPUs, effectively resolving the deadlock issues mentioned above.
The following sections will introduce how to install and use Volcano.
"},{"location":"en/end-user/kpanda/gpu/volcano/volcano_user_guide.html#install-volcano","title":"Install Volcano","text":"Find Volcano in Cluster Details -> Helm Apps -> Helm Charts and install it.
Check and confirm whether Volcano is installed successfully, that is, whether the components volcano-admission, volcano-controllers, and volcano-scheduler are running properly.
Typically, Volcano is used in conjunction with the AI Lab to achieve an effective closed-loop process for the development and training of datasets, Notebooks, and task training.
"},{"location":"en/end-user/kpanda/gpu/volcano/volcano_user_guide.html#volcano-use-cases","title":"Volcano Use Cases","text":"schedulerName: volcano
).volcanoJob
resource is an extension of the Job in Volcano, breaking the Job down into smaller working units called tasks, which can interact with each other.Here is an example:
apiVersion: batch.volcano.sh/v1alpha1\nkind: Job\nmetadata:\n name: tensorflow-benchmark\n labels:\n \"volcano.sh/job-type\": \"Tensorflow\"\nspec:\n minAvailable: 3\n schedulerName: volcano\n plugins:\n env: []\n svc: []\n policies:\n - event: PodEvicted\n action: RestartJob\n tasks:\n - replicas: 1\n name: ps\n template:\n spec:\n imagePullSecrets:\n - name: default-secret\n containers:\n - command:\n - sh\n - -c\n - |\n PS_HOST=`cat /etc/volcano/ps.host | sed 's/$/&:2222/g' | tr \"\\n\" \",\"`;\n WORKER_HOST=`cat /etc/volcano/worker.host | sed 's/$/&:2222/g' | tr \"\\n\" \",\"`;\n python tf_cnn_benchmarks.py --batch_size=32 --model=resnet50 --variable_update=parameter_server --flush_stdout=true --num_gpus=1 --local_parameter_device=cpu --device=cpu --data_format=NHWC --job_name=ps --task_index=${VK_TASK_INDEX} --ps_hosts=${PS_HOST} --worker_hosts=${WORKER_HOST}\n image: docker.m.daocloud.io/volcanosh/example-tf:0.0.1\n name: tensorflow\n ports:\n - containerPort: 2222\n name: tfjob-port\n resources:\n requests:\n cpu: \"1000m\"\n memory: \"2048Mi\"\n limits:\n cpu: \"1000m\"\n memory: \"2048Mi\"\n workingDir: /opt/tf-benchmarks/scripts/tf_cnn_benchmarks\n restartPolicy: OnFailure\n - replicas: 2\n name: worker\n policies:\n - event: TaskCompleted\n action: CompleteJob\n template:\n spec:\n imagePullSecrets:\n - name: default-secret\n containers:\n - command:\n - sh\n - -c\n - |\n PS_HOST=`cat /etc/volcano/ps.host | sed 's/$/&:2222/g' | tr \"\\n\" \",\"`;\n WORKER_HOST=`cat /etc/volcano/worker.host | sed 's/$/&:2222/g' | tr \"\\n\" \",\"`;\n python tf_cnn_benchmarks.py --batch_size=32 --model=resnet50 --variable_update=parameter_server --flush_stdout=true --num_gpus=1 --local_parameter_device=cpu --device=cpu --data_format=NHWC --job_name=worker --task_index=${VK_TASK_INDEX} --ps_hosts=${PS_HOST} --worker_hosts=${WORKER_HOST}\n image: docker.m.daocloud.io/volcanosh/example-tf:0.0.1\n name: tensorflow\n ports:\n - containerPort: 2222\n name: tfjob-port\n resources:\n requests:\n cpu: \"2000m\"\n memory: \"2048Mi\"\n limits:\n cpu: \"2000m\"\n memory: \"4096Mi\"\n workingDir: /opt/tf-benchmarks/scripts/tf_cnn_benchmarks\n restartPolicy: OnFailure\n
"},{"location":"en/end-user/kpanda/gpu/volcano/volcano_user_guide.html#parallel-computing-with-mpi","title":"Parallel Computing with MPI","text":"In multi-threaded parallel computing communication scenarios under the MPI computing framework, we need to ensure that all Pods are successfully scheduled to guarantee the task's proper completion. Setting minAvailable
to 4 indicates that 1 mpimaster
and 3 mpiworkers
are required to run. By simply setting the schedulerName
field value to \"volcano,\" you can enable the Volcano scheduler.
Here is an example:
apiVersion: batch.volcano.sh/v1alpha1\nkind: Job\nmetadata:\n name: lm-mpi-job\n labels:\n \"volcano.sh/job-type\": \"MPI\"\nspec:\n minAvailable: 4\n schedulerName: volcano\n plugins:\n ssh: []\n svc: []\n policies:\n - event: PodEvicted\n action: RestartJob\n tasks:\n - replicas: 1\n name: mpimaster\n policies:\n - event: TaskCompleted\n action: CompleteJob\n template:\n spec:\n containers:\n - command:\n - /bin/sh\n - -c\n - |\n MPI_HOST=`cat /etc/volcano/mpiworker.host | tr \"\\n\" \",\"`;\n mkdir -p /var/run/sshd; /usr/sbin/sshd;\n mpiexec --allow-run-as-root --host ${MPI_HOST} -np 3 mpi_hello_world;\n image: docker.m.daocloud.io/volcanosh/example-mpi:0.0.1\n name: mpimaster\n ports:\n - containerPort: 22\n name: mpijob-port\n workingDir: /home\n resources:\n requests:\n cpu: \"500m\"\n limits:\n cpu: \"500m\"\n restartPolicy: OnFailure\n imagePullSecrets:\n - name: default-secret\n - replicas: 3\n name: mpiworker\n template:\n spec:\n containers:\n - command:\n - /bin/sh\n - -c\n - |\n mkdir -p /var/run/sshd; /usr/sbin/sshd -D;\n image: docker.m.daocloud.io/volcanosh/example-mpi:0.0.1\n name: mpiworker\n ports:\n - containerPort: 22\n name: mpijob-port\n workingDir: /home\n resources:\n requests:\n cpu: \"1000m\"\n limits:\n cpu: \"1000m\"\n restartPolicy: OnFailure\n imagePullSecrets:\n - name: default-secret\n
Resources to generate PodGroup:
apiVersion: scheduling.volcano.sh/v1beta1\nkind: PodGroup\nmetadata:\n annotations:\n creationTimestamp: \"2024-05-28T09:18:50Z\"\n generation: 5\n labels:\n volcano.sh/job-type: MPI\n name: lm-mpi-job-9c571015-37c7-4a1a-9604-eaa2248613f2\n namespace: default\n ownerReferences:\n - apiVersion: batch.volcano.sh/v1alpha1\n blockOwnerDeletion: true\n controller: true\n kind: Job\n name: lm-mpi-job\n uid: 9c571015-37c7-4a1a-9604-eaa2248613f2\n resourceVersion: \"25173454\"\n uid: 7b04632e-7cff-4884-8e9a-035b7649d33b\nspec:\n minMember: 4\n minResources:\n count/pods: \"4\"\n cpu: 3500m\n limits.cpu: 3500m\n pods: \"4\"\n requests.cpu: 3500m\n minTaskMember:\n mpimaster: 1\n mpiworker: 3\n queue: default\nstatus:\n conditions:\n - lastTransitionTime: \"2024-05-28T09:19:01Z\"\n message: '3/4 tasks in gang unschedulable: pod group is not ready, 1 Succeeded,\n 3 Releasing, 4 minAvailable'\n reason: NotEnoughResources\n status: \"True\"\n transitionID: f875efa5-0358-4363-9300-06cebc0e7466\n type: Unschedulable\n - lastTransitionTime: \"2024-05-28T09:18:53Z\"\n reason: tasks in gang are ready to be scheduled\n status: \"True\"\n transitionID: 5a7708c8-7d42-4c33-9d97-0581f7c06dab\n type: Scheduled\n phase: Pending\n succeeded: 1\n
From the PodGroup, it can be seen that it is associated with the workload through ownerReferences
and sets the minimum number of running Pods to 4.
If you want to learn more about the features and usage scenarios of Volcano, refer to Volcano Introduction.
"},{"location":"en/end-user/kpanda/helm/index.html","title":"Helm Charts","text":"Helm is a package management tool for Kubernetes, which makes it easy for users to quickly discover, share and use applications built with Kubernetes. Container Management provides hundreds of Helm charts, covering storage, network, monitoring, database and other main cases. With these templates, you can quickly deploy and easily manage Helm apps through the UI interface. In addition, it supports adding more personalized templates through Add Helm repository to meet various needs.
Key Concepts:
There are a few key concepts to understand when using Helm:
Chart: A Helm installation package, which contains the images, dependencies, and resource definitions required to run an application, and may also contain service definitions in the Kubernetes cluster, similar to the formula in Homebrew, dpkg in APT, or rpm files in Yum. Charts are called Helm Charts in AI platform.
Release: A Chart instance running on the Kubernetes cluster. A Chart can be installed multiple times in the same cluster, and each installation will create a new Release. Release is called Helm Apps in AI platform.
Repository: A repository for publishing and storing Charts. Repository is called Helm Repositories in AI platform.
For more details, refer to Helm official website.
Related operations:
This article explains how to import Helm appss into the system's built-in addons in both offline and online environments.
"},{"location":"en/end-user/kpanda/helm/Import-addon.html#offline-environment","title":"Offline Environment","text":"An offline environment refers to an environment that cannot connect to the internet or is a closed private network environment.
"},{"location":"en/end-user/kpanda/helm/Import-addon.html#prerequisites","title":"Prerequisites","text":"Note
Go to Container Management -> Helm Apps -> Helm Repositories , search for the addon, and obtain the built-in repository address and username/password (the default username/password for the system's built-in repository is rootuser/rootpass123).
Sync the Helm Chart to the built-in repository addon of the container management system
Write the following configuration file, modify it according to your specific configuration, and save it as sync-dao-2048.yaml .
source: # helm charts source information\n repo:\n kind: HARBOR # It can also be any other supported Helm Chart repository type, such as CHARTMUSEUM\n url: https://release-ci.daocloud.io/chartrepo/community # Change to the chart repo URL\n #auth: # username/password, if no password is set, leave it blank\n #username: \"admin\"\n #password: \"Harbor12345\"\ncharts: # charts to sync\n - name: dao-2048 # helm charts information, if not specified, sync all charts in the source helm repo\n versions:\n - 1.4.1\ntarget: # helm charts target information\n containerRegistry: 10.5.14.40 # image repository URL\n repo:\n kind: CHARTMUSEUM # It can also be any other supported Helm Chart repository type, such as HARBOR\n url: http://10.5.14.40:8081 # Change to the correct chart repo URL, you can verify the address by using helm repo add $HELM-REPO\n auth: # username/password, if no password is set, leave it blank\n username: \"rootuser\"\n password: \"rootpass123\"\n containers:\n # kind: HARBOR # If the image repository is HARBOR and you want charts-syncer to automatically create an image repository, fill in this field\n # auth: # username/password, if no password is set, leave it blank\n # username: \"admin\"\n # password: \"Harbor12345\"\n\n# leverage .relok8s-images.yaml file inside the Charts to move the container images too\nrelocateContainerImages: true\n
Run the charts-syncer command to sync the Chart and its included images
charts-syncer sync --config sync-dao-2048.yaml --insecure --auto-create-repository\n
The expected output is:
I1222 15:01:47.119777 8743 sync.go:45] Using config file: \"examples/sync-dao-2048.yaml\"\nW1222 15:01:47.234238 8743 syncer.go:263] Ignoring skipDependencies option as dependency sync is not supported if container image relocation is true or syncing from/to intermediate directory\nI1222 15:01:47.234685 8743 sync.go:58] There is 1 chart out of sync!\nI1222 15:01:47.234706 8743 sync.go:66] Syncing \"dao-2048_1.4.1\" chart...\n.relok8s-images.yaml hints file found\nComputing relocation...\n\nRelocating dao-2048@1.4.1...\nPushing 10.5.14.40/daocloud/dao-2048:v1.4.1...\nDone\nDone moving /var/folders/vm/08vw0t3j68z9z_4lcqyhg8nm0000gn/T/charts-syncer869598676/dao-2048-1.4.1.tgz\n
Once the previous step is completed, go to Container Management -> Helm Apps -> Helm Repositories , find the proper addon, click Sync Repository in the action column, and you will see the uploaded Helm apps in the Helm template.
You can then proceed with normal installation, upgrade, and uninstallation.
The Helm Repo address for the online environment is release.daocloud.io . If the user does not have permission to add Helm Repo, they will not be able to import custom Helm appss into the system's built-in addons. You can add your own Helm repository and then integrate your Helm repository into the platform using the same steps as syncing Helm Chart in the offline environment.
"},{"location":"en/end-user/kpanda/helm/helm-app.html","title":"Manage Helm Apps","text":"The container management module supports interface-based management of Helm, including creating Helm instances using Helm charts, customizing Helm instance arguments, and managing the full lifecycle of Helm instances.
This section will take cert-manager as an example to introduce how to create and manage Helm apps through the container management interface.
"},{"location":"en/end-user/kpanda/helm/helm-app.html#prerequisites","title":"Prerequisites","text":"Integrated the Kubernetes cluster or created the Kubernetes cluster, and you can access the UI interface of the cluster.
Created a namespace, user, and granted NS Admin
or higher permissions to the user. For details, refer to Namespace Authorization.
Follow the steps below to install the Helm app.
Click a cluster name to enter Cluster Details .
In the left navigation bar, click Helm Apps -> Helm Chart to enter the Helm chart page.
On the Helm chart page, select the Helm repository named addon , and all the Helm chart templates under the addon repository will be displayed on the interface. Click the Chart named cert-manager .
On the installation page, you can see the relevant detailed information of the Chart, select the version to be installed in the upper right corner of the interface, and click the Install button. Here select v1.9.1 version for installation.
Configure Name , Namespace and Version Information . You can also customize arguments by modifying YAML in the argument Configuration area below. Click OK .
The system will automatically return to the list of Helm apps, and the status of the newly created Helm app is Installing , and the status will change to Running after a period of time.
After we have completed the installation of a Helm app through the interface, we can perform an update operation on the Helm app. Note: Update operations using the UI are only supported for Helm apps installed via the UI.
Follow the steps below to update the Helm app.
Click a cluster name to enter Cluster Details .
In the left navigation bar, click Helm Apps to enter the Helm app list page.
On the Helm app list page, select the Helm app that needs to be updated, click the __ ...__ operation button on the right side of the list, and select the Update operation in the drop-down selection.
After clicking the Update button, the system will jump to the update interface, where you can update the Helm app as needed. Here we take updating the http port of the dao-2048 application as an example.
After modifying the proper arguments. You can click the Change button under the argument configuration to compare the files before and after the modification. After confirming that there is no error, click the OK button at the bottom to complete the update of the Helm app.
The system will automatically return to the Helm app list, and a pop-up window in the upper right corner will prompt update successful .
Every installation, update, and deletion of Helm apps has detailed operation records and logs for viewing.
In the left navigation bar, click Cluster Operations -> Recent Operations , and then select the Helm Operations tab at the top of the page. Each record corresponds to an install/update/delete operation.
To view the detailed log of each operation: Click \u2507 on the right side of the list, and select Log from the pop-up menu.
At this point, the detailed operation log will be displayed in the form of console at the bottom of the page.
Follow the steps below to delete the Helm app.
Find the cluster where the Helm app to be deleted resides, click the cluster name, and enter Cluster Details .
In the left navigation bar, click Helm Apps to enter the Helm app list page.
On the Helm app list page, select the Helm app you want to delete, click the __ ...__ operation button on the right side of the list, and select Delete from the drop-down selection.
Enter the name of the Helm app in the pop-up window to confirm, and then click the Delete button.
The Helm repository is a repository for storing and publishing Charts. The Helm App module supports HTTP(s) protocol to access Chart packages in the repository. By default, the system has 4 built-in helm repos as shown in the table below to meet common needs in the production process of enterprises.
Repository Description Example partner Various high-quality features provided by ecological partners Chart tidb system Chart that must be relied upon by system core functional components and some advanced features. For example, insight-agent must be installed to obtain cluster monitoring information Insight addon Common Chart in business cases cert-manager community The most popular open source components in the Kubernetes community Chart IstioIn addition to the above preset repositories, you can also add third-party Helm repositories yourself. This page will introduce how to add and update third-party Helm repositories.
"},{"location":"en/end-user/kpanda/helm/helm-repo.html#prerequisites","title":"Prerequisites","text":"Integrated the Kubernetes cluster or created the Kubernetes cluster, and you can access the UI interface of the cluster.
Created a namespace, user, and granted NS Admin
or higher permissions to the user. For details, refer to Namespace Authorization.
If using a private repository, you should have read and write permissions to the repository.
The following takes the public container repository of Kubevela as an example to introduce and manage the helm repo.
Find the cluster that needs to be imported into the third-party helm repo, click the cluster name, and enter cluster details.
In the left navigation bar, click Helm Apps -> Helm Repositories to enter the helm repo page.
Click the Create Repository button on the helm repo page to enter the Create repository page, and configure relevant arguments according to the table below.
Click OK to complete the creation of the Helm repository. The page will automatically jump to the list of Helm repositories.
When the address information of the helm repo changes, the address, authentication method, label, annotation, and description information of the helm repo can be updated.
Find the cluster where the repository to be updated is located, click the cluster name, and enter cluster details .
In the left navigation bar, click Helm Apps -> Helm Repositories to enter the helm repo list page.
Find the Helm repository that needs to be updated on the repository list page, click the \u2507 button on the right side of the list, and click Update in the pop-up menu.
Update on the Update Helm Repository page, and click OK when finished.
Return to the helm repo list, and the screen prompts that the update is successful.
In addition to importing and updating repositorys, you can also delete unnecessary repositories, including system preset repositories and third-party repositories.
Find the cluster where the repository to be deleted is located, click the cluster name, and enter cluster details .
In the left navigation bar, click Helm Apps -> Helm Repositories to enter the helm repo list page.
Find the Helm repository that needs to be updated on the repository list page, click the \u2507 button on the right side of the list, and click Delete in the pop-up menu.
Enter the repository name to confirm, and click Delete .
Return to the list of Helm repositories, and the screen prompts that the deletion is successful.
In a multi-arch cluster, it is common to use Helm charts that support multiple architectures to address deployment issues caused by architectural differences. This guide will explain how to integrate single-arch Helm apps into multi-arch deployments and how to integrate multi-arch Helm apps.
"},{"location":"en/end-user/kpanda/helm/multi-archi-helm.html#import","title":"Import","text":""},{"location":"en/end-user/kpanda/helm/multi-archi-helm.html#import-single-arch","title":"Import Single-arch","text":"Prepare the offline package addon-offline-full-package-${version}-${arch}.tar.gz
.
Specify the path in the clusterConfig.yml configuration file, for example:
addonPackage:\n path: \"/home/addon-offline-full-package-v0.9.0-amd64.tar.gz\"\n
Then run the import command:
~/dce5-installer cluster-create -c /home/dce5/sample/clusterConfig.yaml -m /home/dce5/sample/manifest.yaml -d -j13\n
"},{"location":"en/end-user/kpanda/helm/multi-archi-helm.html#integrate-multi-arch","title":"Integrate Multi-arch","text":"Prepare the offline package addon-offline-full-package-${version}-${arch}.tar.gz
.
Take addon-offline-full-package-v0.9.0-arm64.tar.gz
as an example and run the import command:
~/dce5-installer import-addon -c /home/dce5/sample/clusterConfig.yaml --addon-path=/home/addon-offline-full-package-v0.9.0-arm64.tar.gz\n
"},{"location":"en/end-user/kpanda/helm/multi-archi-helm.html#upgrade","title":"Upgrade","text":""},{"location":"en/end-user/kpanda/helm/multi-archi-helm.html#upgrade-single-arch","title":"Upgrade Single-arch","text":"Prepare the offline package addon-offline-full-package-${version}-${arch}.tar.gz
.
Specify the path in the clusterConfig.yml configuration file, for example:
addonPackage:\n path: \"/home/addon-offline-full-package-v0.11.0-amd64.tar.gz\"\n
Then run the import command:
~/dce5-installer cluster-create -c /home/dce5/sample/clusterConfig.yaml -m /home/dce5/sample/manifest.yaml -d -j13\n
"},{"location":"en/end-user/kpanda/helm/multi-archi-helm.html#multi-arch-integration","title":"Multi-arch Integration","text":"Prepare the offline package addon-offline-full-package-${version}-${arch}.tar.gz
.
Take addon-offline-full-package-v0.11.0-arm64.tar.gz
as an example and run the import command:
~/dce5-installer import-addon -c /home/dce5/sample/clusterConfig.yaml --addon-path=/home/addon-offline-full-package-v0.11.0-arm64.tar.gz\n
"},{"location":"en/end-user/kpanda/helm/multi-archi-helm.html#notes","title":"Notes","text":""},{"location":"en/end-user/kpanda/helm/multi-archi-helm.html#disk-space","title":"Disk Space","text":"The offline package is quite large and requires sufficient space for decompression and loading of images. Otherwise, it may interrupt the process with a \"no space left\" error.
"},{"location":"en/end-user/kpanda/helm/multi-archi-helm.html#retry-after-failure","title":"Retry after Failure","text":"If the multi-arch fusion step fails, you need to clean up the residue before retrying:
rm -rf addon-offline-target-package\n
"},{"location":"en/end-user/kpanda/helm/multi-archi-helm.html#registry-space","title":"Registry Space","text":"If the offline package for fusion contains registry spaces that are inconsistent with the imported offline package, an error may occur during the fusion process due to the non-existence of the registry spaces:
Solution: Simply create the registry space before the fusion. For example, in the above error, creating the registry space \"localhost\" in advance can prevent the error.
"},{"location":"en/end-user/kpanda/helm/multi-archi-helm.html#architecture-conflict","title":"Architecture Conflict","text":"When upgrading to a version lower than 0.12.0 of the addon, the charts-syncer in the target offline package does not check the existence of the image before pushing, so it will recombine the multi-arch into a single architecture during the upgrade process. For example, if the addon is implemented as a multi-arch in v0.10, upgrading to v0.11 will overwrite the multi-arch addon with a single architecture. However, upgrading to v0.12.0 or above can still maintain the multi-arch.
"},{"location":"en/end-user/kpanda/helm/upload-helm.html","title":"Upload Helm Charts","text":"This article explains how to upload Helm charts. See the steps below.
Add a Helm repository, refer to Adding a Third-Party Helm Repository for the procedure.
Upload the Helm Chart to the Helm repository.
Upload with ClientUpload with Web PageNote
This method is suitable for Harbor, ChartMuseum, JFrog type repositories.
Log in to a node that can access the Helm repository, upload the Helm binary to the node, and install the cm-push plugin (VPN is needed and Git should be installed in advance).
Refer to the plugin installation process.
Push the Helm Chart to the Helm repository by executing the following command:
helm cm-push ${charts-dir} ${HELM_REPO_URL} --username ${username} --password ${password}\n
Argument descriptions:
charts-dir
: The directory of the Helm Chart, or the packaged Chart (i.e., .tgz file).HELM_REPO_URL
: The URL of the Helm repository.username
/password
: The username and password for the Helm repository with push permissions.--insecure
.Note
This method is only applicable to Harbor repositories.
Log into the Harbor repository, ensuring the logged-in user has permissions to push;
Go to the relevant project, select the Helm Charts tab, click the Upload button on the page to upload the Helm Chart.
Sync Remote Repository Data
Manual SyncAuto SyncBy default, the cluster does not enable Helm Repository Auto-Refresh, so you need to perform a manual sync operation. The general steps are:
Go to Helm Apps -> Helm Repositories, click the \u2507 button on the right side of the repository list, and select Sync Repository to complete the repository data synchronization.
If you need to enable the Helm repository auto-sync feature, you can go to Cluster Maintenance -> Cluster Settings -> Advanced Settings and turn on the Helm repository auto-refresh switch.
Cluster inspection allows administrators to regularly or ad-hoc check the overall health of the cluster, giving them proactive control over ensuring cluster security. With a well-planned inspection schedule, this proactive cluster check allows administrators to monitor the cluster status at any time and address potential issues in advance. It eliminates the previous dilemma of passive troubleshooting during failures, enabling proactive monitoring and prevention.
The cluster inspection feature provided by AI platform's container management module supports custom inspection items at the cluster, node, and pod levels. After the inspection is completed, it automatically generates visual inspection reports.
For information on security inspections or executing security-related inspections, refer to the supported security scan types in AI platform.
"},{"location":"en/end-user/kpanda/inspect/config.html","title":"Creating Inspection Configuration","text":"AI platform Container Management module provides cluster inspection functionality, which supports inspection at the cluster, node, and pod levels.
Here's how to create an inspection configuration.
Click Cluster Inspection in the left navigation bar.
On the right side of the page, click Inspection Configuration .
Fill in the inspection configuration based on the following instructions, then click OK at the bottom of the page.
After creating the inspection configuration, it will be automatically displayed in the inspection configuration list. Click the more options button on the right of the configuration to immediately perform an inspection, modify the inspection configuration or delete the inspection configuration and reports.
Click Delete to delete the inspection configuration and reports.
Note
After creating an inspection configuration, if the Scheduled Inspection configuration is enabled, inspections will be automatically executed at the specified time. If the Scheduled Inspection configuration is not enabled, you need to manually trigger the inspection.
This page explains how to manually perform a cluster inspection.
"},{"location":"en/end-user/kpanda/inspect/inspect.html#prerequisites","title":"Prerequisites","text":"When performing an inspection, you can choose to inspect multiple clusters in batches or perform a separate inspection for a specific cluster.
Batch InspectionIndividual InspectionClick Cluster Inspection in the top-level navigation bar of the Container Management module, then click Inspection on the right side of the page.
Select the clusters you want to inspect, then click OK at the bottom of the page.
Click the more options button ( \u2507 ) on the right of the proper inspection configuration, then select Inspection from the popup menu.
After the inspection execution is completed, you can view the inspection records and detailed inspection reports.
"},{"location":"en/end-user/kpanda/inspect/report.html#prerequisites","title":"Prerequisites","text":"Click the name of the inspection record you want to view.
View the detailed information of the inspection, which may include an overview of cluster resources and the running status of system components.
You can download the inspection report or delete the inspection report from the top right corner of the page.
Namespaces are an abstraction used in Kubernetes for resource isolation. A cluster can contain multiple namespaces with different names, and the resources in each namespace are isolated from each other. For a detailed introduction to namespaces, refer to Namespaces.
This page will introduce the related operations of the namespace.
"},{"location":"en/end-user/kpanda/namespaces/createns.html#create-a-namespace","title":"Create a namespace","text":"Supports easy creation of namespaces through forms, and quick creation of namespaces by writing or importing YAML files.
Note
On the cluster list page, click the name of the target cluster.
Click Namespace in the left navigation bar, then click the Create button on the right side of the page.
Fill in the name of the namespace, configure the workspace and labels (optional), and then click OK.
Info
After binding a namespace to a workspace, the resources of that namespace will be shared with the bound workspace. For a detailed explanation of workspaces, refer to Workspaces and Folders.
After the namespace is created, you can still bind/unbind the workspace.
Click OK to complete the creation of the namespace. On the right side of the namespace list, click \u2507 to select update, bind/unbind workspace, quota management, delete, and more from the pop-up menu.
On the Clusters page, click the name of the target cluster.
Click Namespace in the left navigation bar, then click the YAML Create button on the right side of the page.
Enter or paste the prepared YAML content, or directly import an existing YAML file locally.
After entering the YAML content, click Download to save the YAML file locally.
Finally, click OK in the lower right corner of the pop-up box.
Namespace exclusive nodes in a Kubernetes cluster allow a specific namespace to have exclusive access to one or more node's CPU, memory, and other resources through taints and tolerations. Once exclusive nodes are configured for a specific namespace, applications and services from other namespaces cannot run on the exclusive nodes. Using exclusive nodes allows important applications to have exclusive access to some computing resources, achieving physical isolation from other applications.
Note
Applications and services running on a node before it is set to be an exclusive node will not be affected and will continue to run normally on that node. Only when these Pods are deleted or rebuilt will they be scheduled to other non-exclusive nodes.
"},{"location":"en/end-user/kpanda/namespaces/exclusive.html#preparation","title":"Preparation","text":"Check whether the kube-apiserver of the current cluster has enabled the PodNodeSelector and PodTolerationRestriction admission controllers.
The use of namespace exclusive nodes requires users to enable the PodNodeSelector and PodTolerationRestriction admission controllers on the kube-apiserver. For more information about admission controllers, refer to Kubernetes Admission Controllers Reference.
You can go to any Master node in the current cluster to check whether these two features are enabled in the kube-apiserver.yaml file, or you can execute the following command on the Master node for a quick check:
[root@g-master1 ~]# cat /etc/kubernetes/manifests/kube-apiserver.yaml | grep enable-admission-plugins\n\n# The expected output is as follows:\n- --enable-admission-plugins=NodeRestriction,PodNodeSelector,PodTolerationRestriction\n
"},{"location":"en/end-user/kpanda/namespaces/exclusive.html#enable-namespace-exclusive-nodes-on-global-cluster","title":"Enable Namespace Exclusive Nodes on Global Cluster","text":"Since the Global cluster runs platform basic components such as kpanda, ghippo, and insight, enabling namespace exclusive nodes on Global may cause system components to not be scheduled to the exclusive nodes when they restart, affecting the overall high availability of the system. Therefore, we generally do not recommend users to enable the namespace exclusive node feature on the Global cluster.
If you do need to enable namespace exclusive nodes on the Global cluster, please follow the steps below:
Enable the PodNodeSelector and PodTolerationRestriction admission controllers for the kube-apiserver of the Global cluster
Note
If the cluster has already enabled the above two admission controllers, please skip this step and go directly to configure system component tolerations.
Go to any Master node in the current cluster to modify the kube-apiserver.yaml configuration file, or execute the following command on the Master node for configuration:
[root@g-master1 ~]# vi /etc/kubernetes/manifests/kube-apiserver.yaml\n\n# The expected output is as follows:\napiVersion: v1\nkind: Pod\nmetadata:\n ......\nspec:\ncontainers:\n- command:\n - kube-apiserver\n ......\n - --default-not-ready-toleration-seconds=300\n - --default-unreachable-toleration-seconds=300\n - --enable-admission-plugins=NodeRestriction # List of enabled admission controllers\n - --enable-aggregator-routing=False\n - --enable-bootstrap-token-auth=true\n - --endpoint-reconciler-type=lease\n - --etcd-cafile=/etc/kubernetes/ssl/etcd/ca.crt\n ......\n
Find the --enable-admission-plugins parameter and add the PodNodeSelector and PodTolerationRestriction admission controllers (separated by commas). Refer to the following:
# Add __ ,PodNodeSelector,PodTolerationRestriction__ \n- --enable-admission-plugins=NodeRestriction,PodNodeSelector,PodTolerationRestriction \n
Add toleration annotations to the namespace where the platform components are located
After enabling the admission controllers, you need to add toleration annotations to the namespace where the platform components are located to ensure the high availability of the platform components.
The system component namespaces for AI platform are as follows:
Namespace System Components Included kpanda-system kpanda hwameiStor-system hwameiStor istio-system istio metallb-system metallb cert-manager-system cert-manager contour-system contour kubean-system kubean ghippo-system ghippo kcoral-system kcoral kcollie-system kcollie insight-system insight, insight-agent: ipavo-system ipavo kairship-system kairship karmada-system karmada amamba-system amamba, jenkins skoala-system skoala mspider-system mspider mcamel-system mcamel-rabbitmq, mcamel-elasticsearch, mcamel-mysql, mcamel-redis, mcamel-kafka, mcamel-minio, mcamel-postgresql spidernet-system spidernet kangaroo-system kangaroo gmagpie-system gmagpie dowl-system dowlCheck whether there are the above namespaces in the current cluster, execute the following command, and add the annotation: scheduler.alpha.kubernetes.io/defaultTolerations: '[{\"operator\": \"Exists\", \"effect\": \"NoSchedule\", \"key\": \"ExclusiveNamespace\"}]'
for each namespace.
kubectl annotate ns <namespace-name> scheduler.alpha.kubernetes.io/defaultTolerations: '[{\"operator\": \"Exists\", \"effect\": \n\"NoSchedule\", \"key\": \"ExclusiveNamespace\"}]'\n
Please make sure to replace <namespace-name>
with the name of the platform namespace you want to add the annotation to. Use the interface to set exclusive nodes for the namespace
After confirming that the PodNodeSelector and PodTolerationRestriction admission controllers on the cluster API server have been enabled, please follow the steps below to use the AI platform UI management interface to set exclusive nodes for the namespace.
Click the cluster name in the cluster list page, then click Namespace in the left navigation bar.
Click the namespace name, then click the Exclusive Node tab, and click Add Node on the bottom right.
Select which nodes you want to be exclusive to this namespace on the left side of the page. On the right side, you can clear or delete a selected node. Finally, click OK at the bottom.
You can view the current exclusive nodes for this namespace in the list. You can choose to Stop Exclusivity on the right side of the node.
After cancelling exclusivity, Pods from other namespaces can also be scheduled to this node.
To enable namespace exclusive nodes on non-Global clusters, please follow the steps below:
Enable the PodNodeSelector and PodTolerationRestriction admission controllers for the kube-apiserver of the current cluster
Note
If the cluster has already enabled the above two admission controllers, please skip this step and go directly to using the interface to set exclusive nodes for the namespace.
Go to any Master node in the current cluster to modify the kube-apiserver.yaml configuration file, or execute the following command on the Master node for configuration:
[root@g-master1 ~]# vi /etc/kubernetes/manifests/kube-apiserver.yaml\n\n# The expected output is as follows:\napiVersion: v1\nkind: Pod\nmetadata:\n ......\nspec:\ncontainers:\n- command:\n - kube-apiserver\n ......\n - --default-not-ready-toleration-seconds=300\n - --default-unreachable-toleration-seconds=300\n - --enable-admission-plugins=NodeRestriction #List of enabled admission controllers\n - --enable-aggregator-routing=False\n - --enable-bootstrap-token-auth=true\n - --endpoint-reconciler-type=lease\n - --etcd-cafile=/etc/kubernetes/ssl/etcd/ca.crt\n ......\n
Find the --enable-admission-plugins parameter and add the PodNodeSelector and PodTolerationRestriction admission controllers (separated by commas). Refer to the following:
# Add __ ,PodNodeSelector,PodTolerationRestriction__ \n- --enable-admission-plugins=NodeRestriction,PodNodeSelector,PodTolerationRestriction \n
Use the interface to set exclusive nodes for the namespace
After confirming that the PodNodeSelector and PodTolerationRestriction admission controllers on the cluster API server have been enabled, please follow the steps below to use the AI platform UI management interface to set exclusive nodes for the namespace.
Click the cluster name in the cluster list page, then click Namespace in the left navigation bar.
Click the namespace name, then click the Exclusive Node tab, and click Add Node on the bottom right.
Select which nodes you want to be exclusive to this namespace on the left side of the page. On the right side, you can clear or delete a selected node. Finally, click OK at the bottom.
You can view the current exclusive nodes for this namespace in the list. You can choose to Stop Exclusivity on the right side of the node.
After cancelling exclusivity, Pods from other namespaces can also be scheduled to this node.
Add toleration annotations to the namespace where the components that need high availability are located (optional)
Execute the following command to add the annotation: scheduler.alpha.kubernetes.io/defaultTolerations: '[{\"operator\": \"Exists\", \"effect\": \"NoSchedule\", \"key\": \"ExclusiveNamespace\"}]'
to the namespace where the components that need high availability are located.
kubectl annotate ns <namespace-name> scheduler.alpha.kubernetes.io/defaultTolerations: '[{\"operator\": \"Exists\", \"effect\": \n\"NoSchedule\", \"key\": \"ExclusiveNamespace\"}]'\n
Please make sure to replace <namespace-name>
with the name of the platform namespace you want to add the annotation to.
Pod security policies in a Kubernetes cluster allow you to control the behavior of Pods in various aspects of security by configuring different levels and modes for specific namespaces. Only Pods that meet certain conditions will be accepted by the system. It sets three levels and three modes, allowing users to choose the most suitable scheme to set restriction policies according to their needs.
Note
Only one security policy can be configured for one security mode. Please be careful when configuring the enforce security mode for a namespace, as violations will prevent Pods from being created.
This section will introduce how to configure Pod security policies for namespaces through the container management interface.
"},{"location":"en/end-user/kpanda/namespaces/podsecurity.html#prerequisites","title":"Prerequisites","text":"The container management module has integrated a Kubernetes cluster or created a Kubernetes cluster. The cluster version needs to be v1.22 or above, and you should be able to access the cluster's UI interface.
A namespace has been created, a user has been created, and the user has been granted NS Admin or higher permissions. For details, refer to Namespace Authorization.
Select the namespace for which you want to configure Pod security policies and go to the details page. Click Configure Policy on the Pod Security Policy page to go to the configuration page.
Click Add Policy on the configuration page, and a policy will appear, including security level and security mode. The following is a detailed introduction to the security level and security policy.
Security Level Description Privileged An unrestricted policy that provides the maximum possible range of permissions. This policy allows known privilege elevations. Baseline The least restrictive policy that prohibits known privilege elevations. Allows the use of default (minimum specified) Pod configurations. Restricted A highly restrictive policy that follows current best practices for protecting Pods. Security Mode Description Audit Violations of the specified policy will add new audit events in the audit log, and the Pod can be created. Warn Violations of the specified policy will return user-visible warning information, and the Pod can be created. Enforce Violations of the specified policy will prevent the Pod from being created.Different security levels correspond to different check items. If you don't know how to configure your namespace, you can Policy ConfigMap Explanation at the top right corner of the page to view detailed information.
Click Confirm. If the creation is successful, the security policy you configured will appear on the page.
Click \u2507 to edit or delete the security policy you configured.
In a Kubernetes cluster, Ingress exposes services from outside the cluster to inside the cluster HTTP and HTTPS ingress. Traffic ingress is controlled by rules defined on the Ingress resource. Here's an example of a simple Ingress that sends all traffic to the same Service:
Ingress is an API object that manages external access to services in the cluster, and the typical access method is HTTP. Ingress can provide load balancing, SSL termination, and name-based virtual hosting.
"},{"location":"en/end-user/kpanda/network/create-ingress.html#prerequisites","title":"Prerequisites","text":"After successfully logging in as the NS Editor user, click Clusters in the upper left corner to enter the Clusters page. In the list of clusters, click a cluster name.
In the left navigation bar, click Container Network -> Ingress to enter the service list, and click the Create Ingress button in the upper right corner.
Note
It is also possible to Create from YAML .
Open Create Ingress page to configure. There are two protocol types to choose from, refer to the following two parameter tables for configuration.
After configuring all the parameters, click the OK button to return to the ingress list automatically. On the right side of the list, click \u2507 to modify or delete the selected ingress.
"},{"location":"en/end-user/kpanda/network/create-services.html","title":"Create a Service","text":"In a Kubernetes cluster, each Pod has an internal independent IP address, but Pods in the workload may be created and deleted at any time, and directly using the Pod IP address cannot provide external services.
This requires creating a service through which you get a fixed IP address, decoupling the front-end and back-end of the workload, and allowing external users to access the service. At the same time, the service also provides the Load Balancer feature, enabling users to access workloads from the public network.
"},{"location":"en/end-user/kpanda/network/create-services.html#prerequisites","title":"Prerequisites","text":"Container management module connected to Kubernetes cluster or created Kubernetes, and can access the cluster UI interface.
Completed a namespace creation, user creation, and authorize the user as NS Editor role, for details, refer to Namespace Authorization.
When there are multiple containers in a single instance, please make sure that the ports used by the containers do not conflict, otherwise the deployment will fail.
After successfully logging in as the NS Editor user, click Clusters in the upper left corner to enter the Clusters page. In the list of clusters, click a cluster name.
In the left navigation bar, click Container Network -> Service to enter the service list, and click the Create Service button in the upper right corner.
!!! tip
It is also possible to create a service via __YAML__ .\n
Open the Create Service page, select an access type, and refer to the following three parameter tables for configuration.
Click Intra-Cluster Access (ClusterIP) , which refers to exposing services through the internal IP of the cluster. The services selected for this option can only be accessed within the cluster. This is the default service type. Refer to the configuration parameters in the table below.
Parameter Description Example value Access type [Type] Required[Meaning] Specify the method of Pod service discovery, here select intra-cluster access (ClusterIP). ClusterIP Service Name [Type] Required[Meaning] Enter the name of the new service. [Note] Please enter a string of 4 to 63 characters, which can contain lowercase English letters, numbers and dashes (-), and start with a lowercase English letter and end with a lowercase English letter or number. Svc-01 Namespace [Type] Required[Meaning] Select the namespace where the new service is located. For more information about namespaces, refer to Namespace Overview. [Note] Please enter a string of 4 to 63 characters, which can contain lowercase English letters, numbers and dashes (-), and start with a lowercase English letter and end with a lowercase English letter or number. default Label selector [Type] Required[Meaning] Add a label, the Service selects a Pod according to the label, and click \"Add\" after filling. You can also refer to the label of an existing workload. Click Reference workload label , select the workload in the pop-up window, and the system will use the selected workload label as the selector by default. app:job01 Port configuration [Type] Required[Meaning] To add a protocol port for a service, you need to select the port protocol type first. Currently, it supports TCP and UDP. Port Name: Enter the name of the custom port. Service port (port): The access port for Pod to provide external services. Container port (targetport): The container port that the workload actually monitors, used to expose services to the cluster. Session Persistence [Type] Optional [Meaning] When enabled, requests from the same client will be forwarded to the same Pod Enabled Maximum session hold time [Type] Optional [Meaning] After session hold is enabled, the maximum hold time is 30 seconds by default 30 seconds Annotation [Type] Optional[Meaning] Add annotation for service"},{"location":"en/end-user/kpanda/network/create-services.html#create-nodeport-service","title":"Create NodePort service","text":"Click NodePort , which means exposing the service via IP and static port ( NodePort ) on each node. The NodePort service is routed to the automatically created ClusterIP service. You can access a NodePort service from outside the cluster by requesting : . Refer to the configuration parameters in the table below. Parameter Description Example value Access type [Type] Required[Meaning] Specify the method of Pod service discovery, here select node access (NodePort). NodePort Service Name [Type] Required[Meaning] Enter the name of the new service. [Note] Please enter a string of 4 to 63 characters, which can contain lowercase English letters, numbers and dashes (-), and start with a lowercase English letter and end with a lowercase English letter or number. Svc-01 Namespace [Type] Required[Meaning] Select the namespace where the new service is located. For more information about namespaces, refer to Namespace Overview. [Note] Please enter a string of 4 to 63 characters, which can contain lowercase English letters, numbers and dashes (-), and start with a lowercase English letter and end with a lowercase English letter or number. default Label selector [Type] Required[Meaning] Add a label, the Service selects a Pod according to the label, and click \"Add\" after filling. You can also refer to the label of an existing workload. Click Reference workload label , select the workload in the pop-up window, and the system will use the selected workload label as the selector by default. Port configuration [Type] Required[Meaning] To add a protocol port for a service, you need to select the port protocol type first. Currently, it supports TCP and UDP. Port Name: Enter the name of the custom port. Service port (port): The access port for Pod to provide external services. By default, the service port is set to the same value as the container port field for convenience. ***Container port (targetport)*: The container port actually monitored by the workload. Node port (nodeport): The port of the node, which receives traffic from ClusterIP transmission. It is used as the entrance for external traffic access. Session Persistence [Type] Optional [Meaning] When enabled, requests from the same client will be forwarded to the same PodAfter enabled, .spec.sessionAffinity of Service is ClientIP , refer to for details : Session Affinity for Service Enabled Maximum session hold time [Type] Optional [Meaning] After session hold is enabled, the maximum hold time, the default timeout is 30 seconds.spec.sessionAffinityConfig.clientIP.timeoutSeconds is set to 30 by default seconds 30 seconds Annotation [Type] Optional[Meaning] Add annotation for service"},{"location":"en/end-user/kpanda/network/create-services.html#create-loadbalancer-service","title":"Create LoadBalancer service","text":"
Click Load Balancer , which refers to using the cloud provider's load balancer to expose services to the outside. External load balancers can route traffic to automatically created NodePort services and ClusterIP services. Refer to the configuration parameters in the table below.
Parameter Description Example value Access type [Type] Required[Meaning] Specify the method of Pod service discovery, here select node access (NodePort). NodePort Service Name [Type] Required[Meaning] Enter the name of the new service. [Note] Please enter a string of 4 to 63 characters, which can contain lowercase English letters, numbers and dashes (-), and start with a lowercase English letter and end with a lowercase English letter or number. Svc-01 Namespace [Type] Required[Meaning] Select the namespace where the new service is located. For more information about namespaces, refer to Namespace Overview. [Note] Please enter a string of 4 to 63 characters, which can contain lowercase English letters, numbers and dashes (-), and start with a lowercase English letter and end with a lowercase English letter or number. default External Traffic Policy [Type] Required[Meaning] Set external traffic policy. Cluster: Traffic can be forwarded to Pods on all nodes in the cluster. Local: Traffic is only sent to Pods on this node. [Note] Please enter a string of 4 to 63 characters, which can contain lowercase English letters, numbers and dashes (-), and start with a lowercase English letter and end with a lowercase English letter or number. Tag selector [Type] Required [Meaning] Add tag, Service Select the Pod according to the label, fill it out and click \"Add\". You can also refer to the label of an existing workload. Click Reference workload label , select the workload in the pop-up window, and the system will use the selected workload label as the selector by default. Load balancing type [Type] Required [Meaning] The type of load balancing used, currently supports MetalLB and others. MetalLB IP Pool [Type] Required[Meaning] When the selected load balancing type is MetalLB, LoadBalancer Service will allocate IP addresses from this pool by default, and declare all IP addresses in this pool through APR Load balancing address [Type] Required[Meaning] 1. If you are using a public cloud CloudProvider, fill in the load balancing address provided by the cloud provider here;2. If the above load balancing type is selected as MetalLB, the IP will be obtained from the above IP pool by default, if not filled, it will be obtained automatically. Port configuration [Type] Required[Meaning] To add a protocol port for a service, you need to select the port protocol type first. Currently, it supports TCP and UDP. Port Name: Enter the name of the custom port. Service port (port): The access port for Pod to provide external services. By default, the service port is set to the same value as the container port field for convenience. Container port (targetport): The container port actually monitored by the workload. Node port (nodeport): The port of the node, which receives traffic from ClusterIP transmission. It is used as the entrance for external traffic access. Annotation [Type] Optional[Meaning] Add annotation for service"},{"location":"en/end-user/kpanda/network/create-services.html#complete-service-creation","title":"Complete service creation","text":"After configuring all parameters, click the OK button to return to the service list automatically. On the right side of the list, click \u2507 to modify or delete the selected service.
"},{"location":"en/end-user/kpanda/network/network-policy.html","title":"Network Policies","text":"Network policies in Kubernetes allow you to control network traffic at the IP address or port level (OSI layer 3 or layer 4). The container management module currently supports creating network policies based on Pods or namespaces, using label selectors to specify which traffic can enter or leave Pods with specific labels.
For more details on network policies, refer to the official Kubernetes documentation on Network Policies.
"},{"location":"en/end-user/kpanda/network/network-policy.html#creating-network-policies","title":"Creating Network Policies","text":"Currently, there are two methods available for creating network policies: YAML and form-based creation. Each method has its advantages and disadvantages, catering to different user needs.
YAML creation requires fewer steps and is more efficient, but it has a higher learning curve as it requires familiarity with configuring network policy YAML files.
Form-based creation is more intuitive and straightforward. Users can simply fill in the proper values based on the prompts. However, this method involves more steps.
"},{"location":"en/end-user/kpanda/network/network-policy.html#yaml-creation","title":"YAML Creation","text":"In the cluster list, click the name of the target cluster, then navigate to Container Network -> Network Policies -> Create with YAML in the left navigation bar.
In the pop-up dialog, enter or paste the pre-prepared YAML file, then click OK at the bottom of the dialog.
In the cluster list, click the name of the target cluster, then navigate to Container Network -> Network Policies -> Create Policy in the left navigation bar.
Fill in the basic information.
The name and namespace cannot be changed after creation.
Fill in the policy configuration.
The policy configuration includes ingress and egress policies. To establish a successful connection from a source Pod to a target Pod, both the egress policy of the source Pod and the ingress policy of the target Pod need to allow the connection. If either side does not allow the connection, the connection will fail.
Ingress Policy: Click \u2795 to begin configuring the policy. Multiple policies can be configured. The effects of multiple network policies are cumulative. Only when all network policies are satisfied simultaneously can a connection be successfully established.
Egress Policy
In the cluster list, click the name of the target cluster, then navigate to Container Network -> Network Policies . Click the name of the network policy.
View the basic configuration, associated instances, ingress policies, and egress policies of the policy.
Info
Under the \"Associated Instances\" tab, you can view instance monitoring, logs, container lists, YAML files, events, and more.
"},{"location":"en/end-user/kpanda/network/network-policy.html#updating-network-policies","title":"Updating Network Policies","text":"There are two ways to update network policies. You can either update them through the form or by using a YAML file.
On the network policy list page, find the policy you want to update, and choose Update in the action column on the right to update it via the form. Choose Edit YAML to update it using a YAML file.
Click the name of the network policy, then choose Update in the top right corner of the policy details page to update it via the form. Choose Edit YAML to update it using a YAML file.
There are two ways to delete network policies. You can delete network policies either through the form or by using a YAML file.
On the network policy list page, find the policy you want to delete, and choose Delete in the action column on the right to delete it via the form. Choose Edit YAML to delete it using a YAML file.
Click the name of the network policy, then choose Delete in the top right corner of the policy details page to delete it via the form. Choose Edit YAML to delete it using a YAML file.
As the number of business applications continues to grow, the resources of the cluster become increasingly tight. At this point, you can expand the cluster nodes based on kubean. After the expansion, applications can run on the newly added nodes, alleviating resource pressure.
Only clusters created through the container management module support node autoscaling. Clusters accessed from the outside do not support this operation. This article mainly introduces the expansion of worker nodes in the same architecture work cluster. If you need to add control nodes or heterogeneous work nodes to the cluster, refer to: Expanding the control node of the work cluster, Adding heterogeneous nodes to the work cluster, Expanding the worker node of the global service cluster.
On the Clusters page, click the name of the target cluster.
If the Cluster Type contains the label Integrated Cluster, it means that the cluster does not support node autoscaling.
Click Nodes in the left navigation bar, and then click Integrate Node in the upper right corner of the page.
Enter the host name and node IP and click OK.
Click \u2795 Add Worker Node to continue accessing more nodes.
Note
Accessing the node takes about 20 minutes, please be patient.
"},{"location":"en/end-user/kpanda/nodes/delete-node.html","title":"Node Scales Down","text":"When the peak business period is over, in order to save resource costs, you can reduce the size of the cluster and unload redundant nodes, that is, node scaling. After a node is uninstalled, applications cannot continue to run on the node.
"},{"location":"en/end-user/kpanda/nodes/delete-node.html#prerequisites","title":"Prerequisites","text":"Cluster Admin
role authorization.When cluster nodes scales down, they can only be uninstalled one by one, not in batches.
If you need to uninstall cluster controller nodes, you need to ensure that the final number of controller nodes is an odd number.
The first controller node cannot be offline when the cluster node scales down. If it is necessary to perform this operation, please contact the after-sales engineer.
On the Clusters page, click the name of the target cluster.
If the Cluster Type has the tag Integrate Cluster , it means that the cluster does not support node autoscaling.
Click Nodes on the left navigation bar, find the node to be uninstalled, click \u2507 and select Remove .
Enter the node name, and click Delete to confirm.
Labels are identifying key-value pairs added to Kubernetes objects such as Pods, nodes, and clusters, which can be combined with label selectors to find and filter Kubernetes objects that meet certain conditions. Each key must be unique for a given object.
Annotations, like tags, are key/value pairs, but they do not have identification or filtering features. Annotations can be used to add arbitrary metadata to nodes. Annotation keys usually use the format prefix(optional)/name(required) , for example nfd.node.kubernetes.io/extended-resources . If the prefix is \u200b\u200bomitted, it means that the annotation key is private to the user.
For more information about labels and annotations, refer to the official Kubernetes documentation labels and selectors Or Annotations.
The steps to add/delete tags and annotations are as follows:
On the Clusters page, click the name of the target cluster.
Click Nodes on the left navigation bar, click the \u2507 operation icon on the right side of the node, and click Edit Labels or Edit Annotations .
Click \u2795 Add to add tags or annotations, click X to delete tags or annotations, and finally click OK .
If you choose to authenticate the nodes of the cluster-to-be-created using SSH keys, you need to configure the public and private keys according to the following instructions.
Run the following command on any node within the management cluster of the cluster-to-be-created to generate the public and private keys.
cd /root/.ssh\nssh-keygen -t rsa\n
Run the ls command to check if the keys have been successfully created in the management cluster. The correct output should be as follows:
ls\nid_rsa id_rsa.pub known_hosts\n
The file named id_rsa is the private key, and the file named id_rsa.pub is the public key.
Run the following command to load the public key file id_rsa.pub onto all the nodes of the cluster-to-be-created.
ssh-copy-id -i /root/.ssh/id_rsa.pub root@10.0.0.0\n
Replace the user account and node IP in the above command with the username and IP of the nodes in the cluster-to-be-created. The same operation needs to be performed on every node in the cluster-to-be-created.
Run the following command to view the private key file id_rsa created in step 1.
cat /root/.ssh/id_rsa\n
The output should be as follows:
-----BEGIN RSA PRIVATE KEY-----\nMIIEpQIBAAKCAQEA3UvyKINzY5BFuemQ+uJ6q+GqgfvnWwNC8HzZhpcMSjJy26MM\nUtBEBJxy8fMi57XcjYxPibXW/wnd+32ICCycqCwByUmuXeCC1cjlCQDqjcAvXae7\nY54IXGF7wm2IsMNwf0kjFEXjuS48FLDA0mGRaN3BG+Up5geXcHckg3K5LD8kXFFx\ndEmSIjdyw55NaUitmEdHzN7cIdfi6Z56jcV8dcFBgWKUx+ebiyPmZBkXToz6GnMF\nrswzzZCl+G6Jb2xTGy7g7ozb4BoZd1IpSD5EhDanRrESVE0C5YuJ5zUAC0CvVd1l\nv67AK8Ko6MXToHp01/bcsvlM6cqgwUFXZKVeOwIDAQABAoIBAQCO36GQlo3BEjxy\nM2HvGJmqrx+unDxafliRe4nVY2AD515Qf4xNSzke4QM1QoyenMOwf446krQkJPK0\nk+9nl6Xszby5gGCbK4BNFk8I6RaGPjZWeRx6zGUJf8avWJiPxx6yjz2esSC9RiR0\nF0nmiiefVMyAfgv2/5++dK2WUFNNRKLgSRRpP5bRaD5wMzzxtSSXrUon6217HO8p\n3RoWsI51MbVzhdVgpHUNABcoa0rpr9svT6XLKZxY8mxpKFYjM0Wv2JIDABg3kBvh\nQbJ7kStCO3naZjKMU9UuSqVJs06cflGYw7Or8/tABR3LErNQKPjkhAQqt0DXw7Iw\n3tKdTAJBAoGBAP687U7JAOqQkcphek2E/A/sbO/d37ix7Z3vNOy065STrA+ZWMZn\npZ6Ui1B/oJpoZssnfvIoz9sn559X0j67TljFALFd2ZGS0Fqh9KVCqDvfk+Vst1dq\n+3r/yZdTOyswoccxkJiC/GDwZGK0amJWqvob39JCZhDAKIGLbGMmjdAHAoGBAN5k\nm1WGnni1nZ+3dryIwgB6z1hWcnLTamzSET6KhSuo946ET0IRG9xtlheCx6dqICbr\nVk1Y4NtRZjK/p/YGx59rDWf7E3I8ZMgR7mjieOcUZ4lUlA4l7ZIlW/2WZHW+nUXO\nTi20fqJ8qSp4BUvOvuth1pz2GLUHe2/Fxjf7HIstAoGBAPHpPr9r+TfIlPsJeRj2\n6lzA3G8qWFRQfGRYjv0fjv0pA+RIb1rzgP/I90g5+63G6Z+R4WdcxI/OJJNY1iuG\nuw9n/pFxm7U4JC990BPE6nj5iLz+clpNGYckNDBF9VG9vFSrSDLdaYkxoVNvG/xJ\na9Na90H4lm7f3VewrPy310KvAoGAZr+mwNoEh5Kpc6xo8Gxi7aPP/mlaUVD6X7Ki\ngvmu02AqmC7rC4QqEiqTaONkaSXwGusqIWxJ3yp5hELmUBYLzszAEeV/s4zRp1oZ\ng133LBRSTbHFAdBmNdqK6Nu+KGRb92980UMOKvZbliKDl+W6cbfvVu+gtKrzTc3b\naevb4TUCgYEAnJAxyVYDP1nJf7bjBSHXQu1E/DMwbtrqw7dylRJ8cAzI7IxfSCez\n7BYWq41PqVd9/zrb3Pbh2phiVzKe783igAIMqummcjo/kZyCwFsYBzK77max1jF5\naPQsLbRS2aDz8kIH6jHPZ/R+15EROmdtLmA7vIJZGerWWQR0dUU+XXA=\n
Copy the content of the private key and paste it into the interface's key input field.
"},{"location":"en/end-user/kpanda/nodes/node-check.html","title":"Create a cluster node availability check","text":"When creating a cluster or adding nodes to an existing cluster, refer to the table below to check the node configuration to avoid cluster creation or expansion failure due to wrong node configuration.
Check Item Description OS Refer to Supported Architectures and Operating Systems SELinux Off Firewall Off Architecture Consistency Consistent CPU architecture between nodes (such as ARM or x86) Host Time All hosts are out of sync within 10 seconds. Network Connectivity The node and its SSH port can be accessed normally by the platform. CPU Available CPU resources are greater than 4 Cores Memory Available memory resources are greater than 8 GB"},{"location":"en/end-user/kpanda/nodes/node-check.html#supported-architectures-and-operating-systems","title":"Supported architectures and operating systems","text":"Architecture Operating System Remarks ARM Kylin Linux Advanced Server release V10 (Sword) SP2 Recommended ARM UOS Linux ARM openEuler x86 CentOS 7.x Recommended x86 Redhat 7.x Recommended x86 Redhat 8.x Recommended x86 Flatcar Container Linux by Kinvolk x86 Debian Bullseye, Buster, Jessie, Stretch x86 Ubuntu 16.04, 18.04, 20.04, 22.04 x86 Fedora 35, 36 x86 Fedora CoreOS x86 openSUSE Leap 15.x/Tumbleweed x86 Oracle Linux 7, 8, 9 x86 Alma Linux 8, 9 x86 Rocky Linux 8, 9 x86 Amazon Linux 2 x86 Kylin Linux Advanced Server release V10 (Sword) - SP2 Haiguang x86 UOS Linux x86 openEuler"},{"location":"en/end-user/kpanda/nodes/node-details.html","title":"Node Details","text":"After accessing or creating a cluster, you can view the information of each node in the cluster, including node status, labels, resource usage, Pod, monitoring information, etc.
On the Clusters page, click the name of the target cluster.
Click Nodes on the left navigation bar to view the node status, role, label, CPU/memory usage, IP address, and creation time.
Click the node name to enter the node details page to view more information, including overview information, pod information, label annotation information, event list, status, etc.
In addition, you can also view the node's YAML file, monitoring information, labels and annotations, etc.
Supports suspending or resuming scheduling of nodes. Pausing scheduling means stopping the scheduling of Pods to the node. Resuming scheduling means that Pods can be scheduled to that node.
On the Clusters page, click the name of the target cluster.
Click Nodes on the left navigation bar, click the \u2507 operation icon on the right side of the node, and click the Cordon button to suspend scheduling the node.
Click the \u2507 operation icon on the right side of the node, and click the Uncordon button to resume scheduling the node.
The node scheduling status may be delayed due to network conditions. Click the refresh icon on the right side of the search box to refresh the node scheduling status.
"},{"location":"en/end-user/kpanda/nodes/taints.html","title":"Node Taints","text":"Taint can make a node exclude a certain type of Pod and prevent Pod from being scheduled on the node. One or more taints can be applied to each node, and Pods that cannot tolerate these taints will not be scheduled on that node.
"},{"location":"en/end-user/kpanda/nodes/taints.html#precautions","title":"Precautions","text":"Find the target cluster on the Clusters page, and click the cluster name to enter the Cluster page.
In the left navigation bar, click Nodes , find the node that needs to modify the taint, click the \u2507 operation icon on the right and click the Edit Taints button.
Enter the key value information of the taint in the pop-up box, select the taint effect, and click OK .
Click \u2795 Add to add multiple taints to the node, and click X on the right side of the taint effect to delete the taint.
Currently supports three taint effects:
NoExecute
: This affects pods that are already running on the node as follows:
tolerationSeconds
in their toleration specification remain bound forevertolerationSeconds
remain bound for the specified amount of time. After that time elapses, the node lifecycle controller evicts the Pods from the node.NoSchedule
: No new Pods will be scheduled on the tainted node unless they have a matching toleration. Pods currently running on the node are not evicted.
PreferNoSchedule
: This is a \"preference\" or \"soft\" version of NoSchedule
. The control plane will try to avoid placing a Pod that does not tolerate the taint on the node, but it is not guaranteed, so this taint is not recommended to use in a production environment.
For more details about taints, refer to the Kubernetes documentation Taints and Tolerance.
"},{"location":"en/end-user/kpanda/olm/import-miniooperator.html","title":"Importing MinIo Operator Offline","text":"This guide explains how to import the MinIo Operator offline in an environment without internet access.
"},{"location":"en/end-user/kpanda/olm/import-miniooperator.html#prerequisites","title":"Prerequisites","text":"Set the environment variables in the execution environment and use them in the subsequent steps by running the following command:
export OPM_IMG=10.5.14.200/quay.m.daocloud.io/operator-framework/opm:v1.29.0 \nexport BUNDLE_IMG=10.5.14.200/quay.m.daocloud.io/operatorhubio/minio-operator:v5.0.3 \n
How to get the above image addresses:
Go to Container Management -> Select the current cluster -> Helm Apps -> View the olm component -> Plugin Settings , and find the images needed for the opm, minio, minio bundle, and minio operator in the subsequent steps.
Using the screenshot as an example, the four image addresses are as follows:\n\n# opm image\n10.5.14.200/quay.m.daocloud.io/operator-framework/opm:v1.29.0\n\n# minio image\n10.5.14.200/quay.m.daocloud.io/minio/minio:RELEASE.2023-03-24T21-41-23Z\n\n# minio bundle image\n10.5.14.200/quay.m.daocloud.io/operatorhubio/minio-operator:v5.0.3\n\n# minio operator image\n10.5.14.200/quay.m.daocloud.io/minio/operator:v5.0.3\n
Run the opm command to get the operators included in the offline bundle image.
# Create the operator directory\n$ mkdir minio-operator && cd minio-operator \n\n# Get the operator yaml\n$ docker run --user root -v $PWD/minio-operator:/minio-operator ${OPM_IMG} alpha bundle unpack --skip-tls-verify -v -d ${BUNDLE_IMG} -o ./minio-operator\n\n# Expected result\n.\n\u2514\u2500\u2500 minio-operator\n \u251c\u2500\u2500 manifests\n \u2502 \u251c\u2500\u2500 console-env_v1_configmap.yaml\n \u2502 \u251c\u2500\u2500 console-sa-secret_v1_secret.yaml\n \u2502 \u251c\u2500\u2500 console_v1_service.yaml\n \u2502 \u251c\u2500\u2500 minio-operator.clusterserviceversion.yaml\n \u2502 \u251c\u2500\u2500 minio.min.io_tenants.yaml\n \u2502 \u251c\u2500\u2500 operator_v1_service.yaml\n \u2502 \u251c\u2500\u2500 sts.min.io_policybindings.yaml\n \u2502 \u2514\u2500\u2500 sts_v1_service.yaml\n \u2514\u2500\u2500 metadata\n \u2514\u2500\u2500 annotations.yaml\n\n3 directories, 9 files\n
Replace all image addresses in the minio-operator/manifests/minio-operator.clusterserviceversion.yaml file with the image addresses from the offline container registry.
Before replacement:
After replacement:
Generate a Dockerfile for building the bundle image.
$ docker run --user root -v $PWD:/minio-operator -w /minio-operator ${OPM_IMG} alpha bundle generate --channels stable,beta -d /minio-operator/minio-operator/manifests -e stable -p minio-operator \u00a0\n\n# Expected result\n.\n\u251c\u2500\u2500 bundle.Dockerfile\n\u2514\u2500\u2500 minio-operator\n \u251c\u2500\u2500 manifests\n \u2502 \u251c\u2500\u2500 console-env_v1_configmap.yaml\n \u2502 \u251c\u2500\u2500 console-sa-secret_v1_secret.yaml\n \u2502 \u251c\u2500\u2500 console_v1_service.yaml\n \u2502 \u251c\u2500\u2500 minio-operator.clusterserviceversion.yaml\n \u2502 \u251c\u2500\u2500 minio.min.io_tenants.yaml\n \u2502 \u251c\u2500\u2500 operator_v1_service.yaml\n \u2502 \u251c\u2500\u2500 sts.min.io_policybindings.yaml\n \u2502 \u2514\u2500\u2500 sts_v1_service.yaml\n \u2514\u2500\u2500 metadata\n \u2514\u2500\u2500 annotations.yaml\n\n3 directories, 10 files\n
Build the bundle image and push it to the offline registry.
# Set the new bundle image\nexport OFFLINE_BUNDLE_IMG=10.5.14.200/quay.m.daocloud.io/operatorhubio/minio-operator:v5.0.3-offline \n\n$ docker build . -f bundle.Dockerfile -t ${OFFLINE_BUNDLE_IMG} \u00a0\n\n$ docker push ${OFFLINE_BUNDLE_IMG}\n
Generate a Dockerfile for building the catalog image.
$ docker run --user root -v $PWD:/minio-operator -w /minio-operator ${OPM_IMG} index add --bundles ${OFFLINE_BUNDLE_IMG} --generate --binary-image ${OPM_IMG} --skip-tls-verify\n\n# Expected result\n.\n\u251c\u2500\u2500 bundle.Dockerfile\n\u251c\u2500\u2500 database\n\u2502 \u2514\u2500\u2500 index.db\n\u251c\u2500\u2500 index.Dockerfile\n\u2514\u2500\u2500 minio-operator\n \u251c\u2500\u2500 manifests\n \u2502 \u251c\u2500\u2500 console-env_v1_configmap.yaml\n \u2502 \u251c\u2500\u2500 console-sa-secret_v1_secret.yaml\n \u2502 \u251c\u2500\u2500 console_v1_service.yaml\n \u2502 \u251c\u2500\u2500 minio.min.io_tenants.yaml\n \u2502 \u251c\u2500\u2500 minio-operator.clusterserviceversion.yaml\n \u2502 \u251c\u2500\u2500 operator_v1_service.yaml\n \u2502 \u251c\u2500\u2500 sts.min.io_policybindings.yaml\n \u2502 \u2514\u2500\u2500 sts_v1_service.yaml\n \u2514\u2500\u2500 metadata\n \u2514\u2500\u2500 annotations.yaml\n\n4 directories, 12 files\n
Build the catalog image.
# Set the new catalog image \nexport OFFLINE_CATALOG_IMG=10.5.14.200/release.daocloud.io/operator-framework/system-operator-index:v0.1.0-offline\n\n$ docker build . -f index.Dockerfile -t ${OFFLINE_CATALOG_IMG} \n\n$ docker push ${OFFLINE_CATALOG_IMG}\n
Go to Container Management and update the built-in catsrc image for the Helm App olm (enter the catalog image specified in the construction of the catalog image, ${catalog-image} ).
After the update is successful, the minio-operator component will appear in the Operator Hub.
Container management implements authorization based on global authority management and global user/group management. If you need to grant users the highest authority for container management (can create, manage, and delete all clusters).
"},{"location":"en/end-user/kpanda/permissions/cluster-ns-auth.html#prerequisites","title":"Prerequisites","text":"Before authorizing users/groups, complete the following preparations:
The user/group to be authorized has been created in the global management.
Only Kpanda Owner
and Cluster Admin
of the current cluster have Cluster authorization capability. For details, refer to Permission Description.
Only Kpanda Owner
, Cluster Admin
for the current cluster, NS Admin
of the current namespace has namespace authorization capability.
After the user logs in to the platform, click Privilege Management under Container Management on the left menu bar, which is located on the Cluster Permissions tab by default.
Click the Add Authorization button.
On the Add Cluster Permission page, select the target cluster, the user/group to be authorized, and click OK .
Currently, the only cluster role supported is Cluster Admin . For details about permissions, refer to Permission Description. If you need to authorize multiple users/groups at the same time, you can click Add User Permissions to add multiple times.
Return to the cluster permission management page, and a message appears on the screen: Cluster permission added successfully .
After the user logs in to the platform, click Permissions under Container Management on the left menu bar, and click the Namespace Permissions tab.
Click the Add Authorization button. On the Add Namespace Permission page, select the target cluster, target namespace, and user/group to be authorized, and click OK .
The currently supported namespace roles are NS Admin, NS Editor, and NS Viewer. For details about permissions, refer to Permission Description. If you need to authorize multiple users/groups at the same time, you can click Add User Permission to add multiple times. Click OK to complete the permission authorization.
Return to the namespace permission management page, and a message appears on the screen: Cluster permission added successfully .
Tip
If you need to delete or edit permissions later, you can click \u2507 on the right side of the list and select Edit or Delete .
In the past, the RBAC rules for those system roles in container management were pre-defined and could not be modified by users. To support more flexible permission settings and to meet the customized needs for system roles, now you can modify RBAC rules for system roles such as cluster admin, ns admin, ns editor, ns viewer.
The following example demonstrates how to add a new ns-view rule, granting the authority to delete workload deployments. Similar operations can be performed for other rules.
"},{"location":"en/end-user/kpanda/permissions/custom-kpanda-role.html#prerequisites","title":"Prerequisites","text":"Before adding RBAC rules to system roles, the following prerequisites must be met:
Note
Only ClusterRoles with fixed Label are supported for adding rules. Replacing or deleting rules is not supported, nor is adding rules by using role. The correspondence between built-in roles and ClusterRole Label created by users is as follows.
cluster-admin: rbac.kpanda.io/role-template-cluster-admin: \"true\"\ncluster-edit: rbac.kpanda.io/role-template-cluster-edit: \"true\"\ncluster-view: rbac.kpanda.io/role-template-cluster-view: \"true\"\nns-admin: rbac.kpanda.io/role-template-ns-admin: \"true\"\nns-edit: rbac.kpanda.io/role-template-ns-edit: \"true\"\nns-view: rbac.kpanda.io/role-template-ns-view: \"true\"\n
Create a deployment by a user with admin
or cluster admin
permissions.
Grant a user the ns-viewer
role to provide them with the ns-view
permission.
Switch the login user to ns-viewer, open the console to get the token for the ns-viewer user, and use curl
to request and delete the nginx deployment mentioned above. However, a prompt appears as below, indicating the user doesn't have permission to delete it.
[root@master-01 ~]# curl -k -X DELETE 'https://${URL}/apis/kpanda.io/v1alpha1/clusters/cluster-member/namespaces/default/deployments/nginx' -H 'authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJOU044MG9BclBRMzUwZ2VVU2ZyNy1xMEREVWY4MmEtZmJqR05uRE1sd1lFIn0.eyJleHAiOjE3MTU3NjY1NzksImlhdCI6MTcxNTY4MDE3OSwiYXV0aF90aW1lIjoxNzE1NjgwMTc3LCJqdGkiOiIxZjI3MzJlNC1jYjFhLTQ4OTktYjBiZC1iN2IxZWY1MzAxNDEiLCJpc3MiOiJodHRwczovLzEwLjYuMjAxLjIwMTozMDE0Ny9hdXRoL3JlYWxtcy9naGlwcG8iLCJhdWQiOiJfX2ludGVybmFsLWdoaXBwbyIsInN1YiI6ImMxZmMxM2ViLTAwZGUtNDFiYS05ZTllLWE5OGU2OGM0MmVmMCIsInR5cCI6IklEIiwiYXpwIjoiX19pbnRlcm5hbC1naGlwcG8iLCJzZXNzaW9uX3N0YXRlIjoiMGJjZWRjZTctMTliYS00NmU1LTkwYmUtOTliMWY2MWEyNzI0IiwiYXRfaGFzaCI6IlJhTHoyQjlKQ2FNc1RrbGVMR3V6blEiLCJhY3IiOiIwIiwic2lkIjoiMGJjZWRjZTctMTliYS00NmU1LTkwYmUtOTliMWY2MWEyNzI0IiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJncm91cHMiOltdLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJucy12aWV3ZXIiLCJsb2NhbGUiOiIifQ.As2ipMjfvzvgONAGlc9RnqOd3zMwAj82VXlcqcR74ZK9tAq3Q4ruQ1a6WuIfqiq8Kq4F77ljwwzYUuunfBli2zhU2II8zyxVhLoCEBu4pBVBd_oJyUycXuNa6HfQGnl36E1M7-_QG8b-_T51wFxxVb5b7SEDE1AvIf54NAlAr-rhDmGRdOK1c9CohQcS00ab52MD3IPiFFZ8_Iljnii-RpXKZoTjdcULJVn_uZNk_SzSUK-7MVWmPBK15m6sNktOMSf0pCObKWRqHd15JSe-2aA2PKBo1jBH3tHbOgZyMPdsLI0QdmEnKB5FiiOeMpwn_oHnT6IjT-BZlB18VkW8rA'\n{\"code\":7,\"message\":\"[RBAC] delete resources(deployments: nginx) is forbidden for user(ns-viewer) in cluster(cluster-member)\",\"details\":[]}[root@master-01 ~]#\n[root@master-01 ~]#\n
Create a ClusterRole on the global cluster, as shown in the yaml below.
apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n name: append-ns-view # (1)!\n labels:\n rbac.kpanda.io/role-template-ns-view: \"true\" # (2)!\nrules:\n - apiGroups: [ \"apps\" ]\n resources: [ \"deployments\" ]\n verbs: [ \"delete\" ]\n
Wait for the kpanda controller to add a rule of user creation to the built-in role: ns-viewer, then you can check if the rules added in the previous step are present for ns-viewer.
[root@master-01 ~]# kubectl get clusterrole role-template-ns-view -oyaml|grep deployments -C 10|tail -n 6\n
- apiGroups:\n - apps\n resources:\n - deployments\n verbs:\n - delete\n
When using curl again to request the deletion of the aforementioned nginx deployment, this time the deletion was successful. This means that ns-viewer has successfully added the rule to delete deployments.
[root@master-01 ~]# curl -k -X DELETE 'https://${URL}/apis/kpanda.io/v1alpha1/clusters/cluster-member/namespaces/default/deployments/nginx' -H 'authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJOU044MG9BclBRMzUwZ2VVU2ZyNy1xMEREVWY4MmEtZmJqR05uRE1sd1lFIn0.eyJleHAiOjE3MTU3NjY1NzksImlhdCI6MTcxNTY4MDE3OSwiYXV0aF90aW1lIjoxNzE1NjgwMTc3LCJqdGkiOiIxZjI3MzJlNC1jYjFhLTQ4OTktYjBiZC1iN2IxZWY1MzAxNDEiLCJpc3MiOiJodHRwczovLzEwLjYuMjAxLjIwMTozMDE0Ny9hdXRoL3JlYWxtcy9naGlwcG8iLCJhdWQiOiJfX2ludGVybmFsLWdoaXBwbyIsInN1YiI6ImMxZmMxM2ViLTAwZGUtNDFiYS05ZTllLWE5OGU2OGM0MmVmMCIsInR5cCI6IklEIiwiYXpwIjoiX19pbnRlcm5hbC1naGlwcG8iLCJzZXNzaW9uX3N0YXRlIjoiMGJjZWRjZTctMTliYS00NmU1LTkwYmUtOTliMWY2MWEyNzI0IiwiYXRfaGFzaCI6IlJhTHoyQjlKQ2FNc1RrbGVMR3V6blEiLCJhY3IiOiIwIiwic2lkIjoiMGJjZWRjZTctMTliYS00NmU1LTkwYmUtOTliMWY2MWEyNzI0IiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJncm91cHMiOltdLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJucy12aWV3ZXIiLCJsb2NhbGUiOiIifQ.As2ipMjfvzvgONAGlc9RnqOd3zMwAj82VXlcqcR74ZK9tAq3Q4ruQ1a6WuIfqiq8Kq4F77ljwwzYUuunfBli2zhU2II8zyxVhLoCEBu4pBVBd_oJyUycXuNa6HfQGnl36E1M7-_QG8b-_T51wFxxVb5b7SEDE1AvIf54NAlAr-rhDmGRdOK1c9CohQcS00ab52MD3IPiFFZ8_Iljnii-RpXKZoTjdcULJVn_uZNk_SzSUK-7MVWmPBK15m6sNktOMSf0pCObKWRqHd15JSe-2aA2PKBo1jBH3tHbOgZyMPdsLI0QdmEnKB5FiiOeMpwn_oHnT6IjT-BZlB18VkW8rA'\n
Container management permissions are based on a multi-dimensional permission management system created by global permission management and Kubernetes RBAC permission management. It supports cluster-level and namespace-level permission control, helping users to conveniently and flexibly set different operation permissions for IAM users and user groups (collections of users) under a tenant.
"},{"location":"en/end-user/kpanda/permissions/permission-brief.html#cluster-permissions","title":"Cluster Permissions","text":"Cluster permissions are authorized based on Kubernetes RBAC's ClusterRoleBinding, allowing users/user groups to have cluster-related permissions. The current default cluster role is Cluster Admin (does not have the permission to create or delete clusters).
"},{"location":"en/end-user/kpanda/permissions/permission-brief.html#cluster-admin","title":"Cluster Admin","text":"Cluster Admin has the following permissions:
The YAML example for this cluster role is as follows:
apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n annotations:\n kpanda.io/creator: system\n creationTimestamp: \"2022-06-16T09:42:49Z\"\n labels:\n iam.kpanda.io/role-template: \"true\"\n name: role-template-cluster-admin\n resourceVersion: \"15168\"\n uid: f8f86d42-d5ef-47aa-b284-097615795076\nrules:\n- apiGroups:\n - '*'\n resources:\n - '*'\n verbs:\n - '*'\n- nonResourceURLs:\n - '*'\n verbs:\n - '*'\n
"},{"location":"en/end-user/kpanda/permissions/permission-brief.html#namespace-permissions","title":"Namespace Permissions","text":"Namespace permissions are authorized based on Kubernetes RBAC capabilities, allowing different users/user groups to have different operation permissions on resources under a namespace (including Kubernetes API permissions). For details, refer to: Kubernetes RBAC. Currently, the default roles for container management are: NS Admin, NS Editor, NS Viewer.
"},{"location":"en/end-user/kpanda/permissions/permission-brief.html#ns-admin","title":"NS Admin","text":"NS Admin has the following permissions:
The YAML example for this cluster role is as follows:
apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n annotations:\n kpanda.io/creator: system\n creationTimestamp: \"2022-06-16T09:42:49Z\"\n labels:\n iam.kpanda.io/role-template: \"true\"\n name: role-template-ns-admin\n resourceVersion: \"15173\"\n uid: 69f64c7e-70e7-4c7c-a3e0-053f507f2bc3\nrules:\n- apiGroups:\n - '*'\n resources:\n - '*'\n verbs:\n - '*'\n- nonResourceURLs:\n - '*'\n verbs:\n - '*' \n
"},{"location":"en/end-user/kpanda/permissions/permission-brief.html#ns-editor","title":"NS Editor","text":"NS Editor has the following permissions:
apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n annotations:\n kpanda.io/creator: system\n creationTimestamp: \"2022-06-16T09:42:50Z\"\n labels:\n iam.kpanda.io/role-template: \"true\"\n name: role-template-ns-edit\n resourceVersion: \"15175\"\n uid: ca9e690e-96c0-4978-8915-6e4c00c748fe\nrules:\n- apiGroups:\n - \"\"\n resources:\n - configmaps\n - endpoints\n - persistentvolumeclaims\n - persistentvolumeclaims/status\n - pods\n - replicationcontrollers\n - replicationcontrollers/scale\n - serviceaccounts\n - services\n - services/status\n verbs:\n - '*'\n- apiGroups:\n - \"\"\n resources:\n - bindings\n - events\n - limitranges\n - namespaces/status\n - pods/log\n - pods/status\n - replicationcontrollers/status\n - resourcequotas\n - resourcequotas/status\n verbs:\n - '*'\n- apiGroups:\n - \"\"\n resources:\n - namespaces\n verbs:\n - '*'\n- apiGroups:\n - apps\n resources:\n - controllerrevisions\n - daemonsets\n - daemonsets/status\n - deployments\n - deployments/scale\n - deployments/status\n - replicasets\n - replicasets/scale\n - replicasets/status\n - statefulsets\n - statefulsets/scale\n - statefulsets/status\n verbs:\n - '*'\n- apiGroups:\n - autoscaling\n resources:\n - horizontalpodautoscalers\n - horizontalpodautoscalers/status\n verbs:\n - '*'\n- apiGroups:\n - batch\n resources:\n - cronjobs\n - cronjobs/status\n - jobs\n - jobs/status\n verbs:\n - '*'\n- apiGroups:\n - extensions\n resources:\n - daemonsets\n - daemonsets/status\n - deployments\n - deployments/scale\n - deployments/status\n - ingresses\n - ingresses/status\n - networkpolicies\n - replicasets\n - replicasets/scale\n - replicasets/status\n - replicationcontrollers/scale\n verbs:\n - '*'\n- apiGroups:\n - policy\n resources:\n - poddisruptionbudgets\n - poddisruptionbudgets/status\n verbs:\n - '*'\n- apiGroups:\n - networking.k8s.io\n resources:\n - ingresses\n - ingresses/status\n - networkpolicies\n verbs:\n - '*' \n
"},{"location":"en/end-user/kpanda/permissions/permission-brief.html#ns-viewer","title":"NS Viewer","text":"NS Viewer has the following permissions:
apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n annotations:\n kpanda.io/creator: system\n creationTimestamp: \"2022-06-16T09:42:50Z\"\n labels:\n iam.kpanda.io/role-template: \"true\"\n name: role-template-ns-view\n resourceVersion: \"15183\"\n uid: 853888fd-6ee8-42ac-b91e-63923918baf8\nrules:\n- apiGroups:\n - \"\"\n resources:\n - configmaps\n - endpoints\n - persistentvolumeclaims\n - persistentvolumeclaims/status\n - pods\n - replicationcontrollers\n - replicationcontrollers/scale\n - serviceaccounts\n - services\n - services/status\n verbs:\n - get\n - list\n - watch\n- apiGroups:\n - \"\"\n resources:\n - bindings\n - events\n - limitranges\n - namespaces/status\n - pods/log\n - pods/status\n - replicationcontrollers/status\n - resourcequotas\n - resourcequotas/status\n verbs:\n - get\n - list\n - watch\n- apiGroups:\n - \"\"\n resources:\n - namespaces\n verbs:\n - get\n - list\n - watch\n- apiGroups:\n - apps\n resources:\n - controllerrevisions\n - daemonsets\n - daemonsets/status\n - deployments\n - deployments/scale\n - deployments/status\n - replicasets\n - replicasets/scale\n - replicasets/status\n - statefulsets\n - statefulsets/scale\n - statefulsets/status\n verbs:\n - get\n - list\n - watch\n- apiGroups:\n - autoscaling\n resources:\n - horizontalpodautoscalers\n - horizontalpodautoscalers/status\n verbs:\n - get\n - list\n - watch\n- apiGroups:\n - batch\n resources:\n - cronjobs\n - cronjobs/status\n - jobs\n - jobs/status\n verbs:\n - get\n - list\n - watch\n- apiGroups:\n - extensions\n resources:\n - daemonsets\n - daemonsets/status\n - deployments\n - deployments/scale\n - deployments/status\n - ingresses\n - ingresses/status\n - networkpolicies\n - replicasets\n - replicasets/scale\n - replicasets/status\n - replicationcontrollers/scale\n verbs:\n - get\n - list\n - watch\n- apiGroups:\n - policy\n resources:\n - poddisruptionbudgets\n - poddisruptionbudgets/status\n verbs:\n - get\n - list\n - watch\n- apiGroups:\n - networking.k8s.io\n resources:\n - ingresses\n - ingresses/status\n - networkpolicies\n verbs:\n - get\n - list\n - watch \n
"},{"location":"en/end-user/kpanda/permissions/permission-brief.html#permissions-faq","title":"Permissions FAQ","text":"What is the relationship between global permissions and container management permissions?
Answer: Global permissions only authorize coarse-grained permissions, which can manage the creation, editing, and deletion of all clusters; while for fine-grained permissions, such as the management permissions of a single cluster, the management, editing, and deletion permissions of a single namespace, they need to be implemented based on Kubernetes RBAC container management permissions. Generally, users only need to be authorized in container management.
Currently, only four default roles are supported. Can the RoleBinding and ClusterRoleBinding (Kubernetes fine-grained RBAC) for custom roles also take effect?
Answer: Currently, custom permissions cannot be managed through the graphical interface, but the permission rules created using kubectl can still take effect.
Suanova AI platform supports elastic scaling of Pod resources based on metrics (Horizontal Pod Autoscaling, HPA). Users can dynamically adjust the number of copies of Pod resources by setting CPU utilization, memory usage, and custom metrics. For example, after setting an auto scaling policy based on the CPU utilization metric for the workload, when the CPU utilization of the Pod exceeds/belows the metric threshold you set, the workload controller will automatically increase/decrease the number of Pod replicas.
This page describes how to configure auto scaling based on built-in metrics and custom metrics for workloads.
Note
The system has two built-in elastic scaling metrics of CPU and memory to meet users' basic business cases.
"},{"location":"en/end-user/kpanda/scale/create-hpa.html#prerequisites","title":"Prerequisites","text":"Before configuring the built-in index auto scaling policy for the workload, the following prerequisites need to be met:
Integrated the Kubernetes cluster or created the Kubernetes cluster, and you can access the UI interface of the cluster.
Created a namespace, deployment or statefulset.
You should have permissions not lower than NS Editor. For details, refer to Namespace Authorization.
Installed metrics-server plugin install.
Refer to the following steps to configure the built-in index auto scaling policy for the workload.
Click Clusters on the left navigation bar to enter the cluster list page. Click a cluster name to enter the Cluster Details page.
On the cluster details page, click Workload in the left navigation bar to enter the workload list, and then click a workload name to enter the Workload Details page.
Click the Auto Scaling tab to view the auto scaling configuration of the current cluster.
After confirming that the cluster has installed the metrics-server plug-in, and the plug-in is running normally, you can click the New Scaling button.
Create custom metric auto scaling policy parameters.
After completing the parameter configuration, click the OK button to automatically return to the elastic scaling details page. Click \u2507 on the right side of the list to edit, delete, and view related events.
The container Vertical Pod Autoscaler (VPA) calculates the most suitable CPU and memory request values \u200b\u200bfor the Pod by monitoring the Pod's resource application and usage over a period of time. Using VPA can allocate resources to each Pod in the cluster more reasonably, improve the overall resource utilization of the cluster, and avoid waste of cluster resources.
AI platform supports VPA through containers. Based on this feature, the Pod request value can be dynamically adjusted according to the usage of container resources. AI platform supports manual and automatic modification of resource request values, and you can configure them according to actual needs.
This page describes how to configure VPA for deployment.
Warning
Using VPA to modify a Pod resource request will trigger a Pod restart. Due to the limitations of Kubernetes itself, Pods may be scheduled to other nodes after restarting.
"},{"location":"en/end-user/kpanda/scale/create-vpa.html#prerequisites","title":"Prerequisites","text":"Before configuring a vertical scaling policy for deployment, the following prerequisites must be met:
In the Container Management module Integrate Kubernetes Cluster or Create Kubernetes Cluster, and can access the cluster UI interface.
Create a namespace, user, Deployments or Statefulsets.
The current operating user should have NS Editor or higher permissions, for details, refer to Namespace Authorization.
The current cluster has installed metrics-server and VPA plugins.
Refer to the following steps to configure the built-in index auto scaling policy for the deployment.
Find the current cluster in Clusters , and click the name of the target cluster.
Click Deployments in the left navigation bar, find the deployment that needs to create a VPA, and click the name of the deployment.
Click the Auto Scaling tab to view the auto scaling configuration of the current cluster, and confirm that the relevant plug-ins have been installed and are running normally.
Click the Create Autoscaler button and configure the VPA vertical scaling policy parameters.
After completing the parameter configuration, click the OK button to automatically return to the elastic scaling details page. Click \u2507 on the right side of the list to perform edit and delete operations.
When the built-in CPU and memory metrics in the system do not meet your business needs, you can add custom metrics by configuring ServiceMonitoring and achieve auto-scaling based on these custom metrics. This article will introduce how to configure auto-scaling for workloads based on custom metrics.
Note
Before configuring the custom metrics auto-scaling policy for workloads, the following prerequisites must be met:
Refer to the following steps to configure the auto-scaling policy based on metrics for workloads.
Click Clusters in the left navigation bar to enter the clusters page. Click a cluster name to enter the Cluster Overview page.
On the Cluster Details page, click Workloads in the left navigation bar to enter the workload list, and click a workload name to enter the Workload Details page.
Click the Auto Scaling tab to view the current autoscaling configuration of the cluster.
Confirm that the cluster has installed metrics-server, Insight, and Prometheus-adapter plugins, and that the plugins are running normally, then click the Create AutoScaler button.
Note
If the related plugins are not installed or the plugins are in an abnormal state, you will not be able to see the entry for creating custom metrics auto-scaling on the page.
Create custom metrics auto-scaling policy parameters.
This case takes a Golang business program as an example. The example program exposes the httpserver_requests_total
metric and records HTTP requests. This metric can be used to calculate the QPS value of the business program.
Use Deployment to deploy the business program:
apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: httpserver\n namespace: httpserver\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: httpserver\n template:\n metadata:\n labels:\n app: httpserver\n spec:\n containers:\n - name: httpserver\n image: registry.imroc.cc/test/httpserver:custom-metrics\n imagePullPolicy: Always\n---\n\napiVersion: v1\nkind: Service\nmetadata:\n name: httpserver\n namespace: httpserver\n labels:\n app: httpserver\n annotations:\n prometheus.io/scrape: \"true\"\n prometheus.io/path: \"/metrics\"\n prometheus.io/port: \"http\"\nspec:\n type: ClusterIP\n ports:\n - port: 80\n protocol: TCP\n name: http\n selector:\n app: httpserver\n
"},{"location":"en/end-user/kpanda/scale/custom-hpa.html#prometheus-collects-business-monitoring","title":"Prometheus Collects Business Monitoring","text":"If the insight-agent is installed, Prometheus can be configured by creating a ServiceMonitor CRD object.
Operation steps: In Cluster Details -> Custom Resources, search for \u201cservicemonitors.monitoring.coreos.com\", click the name to enter the details. Create the following example CRD in the httpserver namespace via YAML:
apiVersion: monitoring.coreos.com/v1\nkind: ServiceMonitor\nmetadata:\n name: httpserver\n namespace: httpserver\n labels:\n operator.insight.io/managed-by: insight\nspec:\n endpoints:\n - port: http\n interval: 5s\n namespaceSelector:\n matchNames:\n - httpserver\n selector:\n matchLabels:\n app: httpserver\n
Note
If Prometheus is installed via insight, the serviceMonitor must be labeled with operator.insight.io/managed-by: insight
. If installed by other means, this label is not required.
steps: In Clusters -> Helm Apps, search for \u201cprometheus-adapter\",enter the update page through the action bar, and configure custom metrics in YAML as follows:
rules:\n custom:\n - metricsQuery: sum(rate(<<.Series>>{<<.LabelMatchers>>}[1m])) by (<<.GroupBy>>)\n name:\n as: httpserver_requests_qps\n matches: httpserver_requests_total\n resources:\n template: <<.Resource>>\n seriesQuery: httpserver_requests_total\n
"},{"location":"en/end-user/kpanda/scale/custom-hpa.html#create-custom-metrics-auto-scaling-policy-parameters","title":"Create Custom Metrics Auto-scaling Policy Parameters","text":"Follow the above steps to find the application httpserver in the Deployment and create auto-scaling via custom metrics.
"},{"location":"en/end-user/kpanda/scale/hpa-cronhpa-compatibility-rules.html","title":"Compatibility Rules for HPA and CronHPA","text":"HPA stands for HorizontalPodAutoscaler, which refers to horizontal pod auto-scaling.
CronHPA stands for Cron HorizontalPodAutoscaler, which refers to scheduled horizontal pod auto-scaling.
"},{"location":"en/end-user/kpanda/scale/hpa-cronhpa-compatibility-rules.html#conflict-between-cronhpa-and-hpa","title":"Conflict Between CronHPA and HPA","text":"Scheduled scaling with CronHPA triggers horizontal pod scaling at specified times. To prevent sudden traffic surges, you may have configured HPA to ensure the normal operation of your application. If both HPA and CronHPA are detected simultaneously, conflicts arise because CronHPA and HPA operate independently without awareness of each other. Consequently, the actions performed last will override those executed first.
By comparing the definition templates of CronHPA and HPA, the following points can be observed:
scaleTargetRef
field to identify the scaling target.Note
If both CronHPA and HPA are set, there will be scenarios where CronHPA and HPA simultaneously operate on a single scaleTargetRef
.
As noted above, the fundamental reason that simultaneous use of CronHPA and HPA results in the later action overriding the earlier one is that the two controllers cannot sense each other. Therefore, the conflict can be resolved by enabling CronHPA to be aware of HPA's current state.
The system will treat HPA as the scaling object for CronHPA, thus achieving scheduled scaling for the Deployment object defined by the HPA.
HPA's definition configures the Deployment in the scaleTargetRef
field, and then the Deployment uses its definition to locate the ReplicaSet, which ultimately adjusts the actual number of replicas.
In AI platform, the scaleTargetRef
in CronHPA is set to the HPA object, and it uses the HPA object to find the actual scaleTargetRef
, allowing CronHPA to be aware of HPA's current state.
CronHPA senses HPA by adjusting HPA. CronHPA determines whether scaling is needed and modifies the HPA upper limit by comparing the target number of replicas with the current number of replicas, choosing the larger value. Similarly, CronHPA determines whether to modify the HPA lower limit by comparing the target number of replicas from CronHPA with the configuration in HPA, choosing the smaller value.
"},{"location":"en/end-user/kpanda/scale/install-cronhpa.html","title":"Install kubernetes-cronhpa-controller","text":"The container copy timing horizontal autoscaling policy (CronHPA) can provide stable computing resource guarantee for periodic high-concurrency applications, and kubernetes-cronhpa-controller is a key component to implement CronHPA.
This section describes how to install the kubernetes-cronhpa-controller plugin.
Note
In order to use CornHPA, not only the kubernetes-cronhpa-controller plugin needs to be installed, but also install the metrics-server plugin.
"},{"location":"en/end-user/kpanda/scale/install-cronhpa.html#prerequisites","title":"Prerequisites","text":"Before installing the kubernetes-cronhpa-controller plugin, the following prerequisites need to be met:
In the Container Management module Integrate Kubernetes Cluster or Create Kubernetes Cluster, and can access the cluster UI interface.
Create a namespace.
The current operating user should have NS Editor or higher permissions, for details, refer to Namespace Authorization.
Refer to the following steps to install the kubernetes-cronhpa-controller plugin for the cluster.
On the Clusters page, find the target cluster where the plugin needs to be installed, click the name of the cluster, then click Workloads -> Deployments on the left, and click the name of the target workload.
On the workload details page, click the Auto Scaling tab, and click Install on the right side of CronHPA .
Read the relevant introduction of the plug-in, select the version and click the Install button. It is recommended to install 1.3.0 or later.
Refer to the following instructions to configure the parameters.
Note
After enabling ready wait and/or failed deletion , it takes a long time for the application to be marked as \"running\".
Click OK in the lower right corner of the page, and the system will automatically jump to the Helm Apps list page. Wait a few minutes and refresh the page to see the application you just installed.
Warning
If you need to delete the kubernetes-cronhpa-controller plugin, you should go to the Helm Apps list page to delete it completely.
If you delete the plug-in under the Auto Scaling tab of the workload, this only deletes the workload copy of the plug-in, and the plug-in itself is still not deleted, and an error will be prompted when the plug-in is reinstalled later.
Go back to the Auto Scaling tab under the workload details page, and you can see that the interface displays Plug-in installed . Now it's time to start creating CronHPA policies.
metrics-server is the built-in resource usage metrics collection component of Kubernetes. You can automatically scale Pod copies horizontally for workload resources by configuring HPA policies.
This section describes how to install metrics-server .
"},{"location":"en/end-user/kpanda/scale/install-metrics-server.html#prerequisites","title":"Prerequisites","text":"Before installing the metrics-server plugin, the following prerequisites need to be met:
Integrated the Kubernetes cluster or created the Kubernetes cluster, and you can access the UI interface of the cluster.
Created a namespace.
You should have permissions not lower than NS Editor. For details, refer to Namespace Authorization.
Please perform the following steps to install the metrics-server plugin for the cluster.
On the Auto Scaling page under workload details, click the Install button to enter the metrics-server plug-in installation interface.
Read the introduction of the metrics-server plugin, select the version and click the Install button. This page will use the 3.8.2 version as an example to install, and it is recommended that you install 3.8.2 and later versions.
Configure basic parameters on the installation configuration interface.
Note
After enabling Wait and/or Deletion failed , it takes a long time for the app to be marked as Running .
Advanced parameter configuration
If the cluster network cannot access the k8s.gcr.io repository, please try to modify the repositort parameter to repository: k8s.m.daocloud.io/metrics-server/metrics-server .
An SSL certificate is also required to install the metrics-server plugin. To bypass certificate verification, you need to add - --kubelet-insecure-tls parameter at defaultArgs: .
image:\n repository: k8s.m.daocloud.io/metrics-server/metrics-server # Change the registry source address to k8s.m.daocloud.io\n tag: ''\n pullPolicy: IfNotPresent\nimagePullSecrets: []\nnameOverride: ''\nfullnameOverride: ''\nserviceAccount:\n create: true\n annotations: {}\n name: ''\nrbac:\n create: true\n pspEnabled: false\napiService:\n create: true\npodLabels: {}\npodAnnotations: {}\npodSecurityContext: {}\nsecurityContext:\n allowPrivilegeEscalation: false\n readOnlyRootFilesystem: true\n runAsNonRoot: true\n runAsUser: 1000\npriorityClassName: system-cluster-critical\ncontainerPort: 4443\nhostNetwork:\n enabled: false\nreplicas: 1\nupdateStrategy: {}\npodDisruptionBudget:\n enabled: false\n minAvailable: null\n maxUnavailable: null\ndefaultArgs:\n - '--cert-dir=/tmp'\n - '--kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname'\n - '--kubelet-use-node-status-port'\n - '--metric-resolution=15s'\n - --kubelet-insecure-tls # Bypass certificate verification\nargs: []\nlivenessProbe:\n httpGet:\n path: /livez\n port:https\n scheme: HTTPS\n initialDelaySeconds: 0\n periodSeconds: 10\n failureThreshold: 3\nreadinessProbe:\n httpGet:\n path: /readyz\n port:https\n scheme: HTTPS\n initialDelaySeconds: 20\n periodSeconds: 10\n failureThreshold: 3\nservice:\n type: ClusterIP\n port: 443\n annotations: {}\n labels: {}\nmetrics:\n enabled: false\nserviceMonitor:\n enabled: false\n additionalLabels: {}\n interval: 1m\n scrapeTimeout: 10s\nresources: {}\nextraVolumeMounts: []\nextraVolumes: []\nnodeSelector: {}\ntolerations: []\naffinity: {}\n
Click the OK button to complete the installation of the metrics-server plug-in, and then the system will automatically jump to the Helm Apps list page. After a few minutes, refresh the page and you will see the newly installed Applications.
Note
When deleting the metrics-server plugin, the plugin can only be completely deleted on the Helm Apps list page. If you only delete metrics-server on the workload page, this only deletes the workload copy of the application, the application itself is still not deleted, and an error will be prompted when you reinstall the plugin later.
"},{"location":"en/end-user/kpanda/scale/install-vpa.html","title":"Install vpa","text":"The Vertical Pod Autoscaler, VPA, can make the resource allocation of the cluster more reasonable and avoid the waste of cluster resources. vpa is the key component to realize the vertical autoscaling of the container.
This section describes how to install the vpa plugin.
In order to use VPA policies, not only the __vpa__ plugin needs to be installed, but also [install the __metrics-server__ plugin](install-metrics-server.md).\n
"},{"location":"en/end-user/kpanda/scale/install-vpa.html#prerequisites","title":"Prerequisites","text":"Before installing the vpa plugin, the following prerequisites need to be met:
In the Container Management module Integrate Kubernetes Cluster or Create Kubernetes Cluster, and can access the cluster UI interface.
Create a namespace.
The current operating user should have NS Editor or higher permissions, for details, refer to Namespace Authorization.
Refer to the following steps to install the vpa plugin for the cluster.
On the Clusters page, find the target cluster where the plugin needs to be installed, click the name of the cluster, then click Workloads -> Deployments on the left, and click the name of the target workload.
On the workload details page, click the Auto Scaling tab, and click Install on the right side of VPA .
Read the relevant introduction of the plug-in, select the version and click the Install button. It is recommended to install 1.5.0 or later.
Review the configuration parameters described below.
Note
After enabling Wait and/or Deletion failed , it takes a long time for the application to be marked as running .
Click OK in the lower right corner of the page, and the system will automatically jump to the Helm Apps list page. Wait a few minutes and refresh the page to see the application you just installed.
Warning
If you need to delete the vpa plugin, you should go to the Helm Apps list page to delete it completely.
If you delete the plug-in under the Auto Scaling tab of the workload, this only deletes the workload copy of the plug-in, and the plug-in itself is still not deleted, and an error will be prompted when the plug-in is reinstalled later.
Go back to the Auto Scaling tab under the workload details page, and you can see that the interface displays Plug-in installed . Now you can start Create VPA policy.
Knative is a platform-agnostic solution for running serverless deployments.
"},{"location":"en/end-user/kpanda/scale/knative/install.html#steps","title":"Steps","text":"Log in to the cluster, click the sidebar Helm Apps \u2192 Helm Charts , enter knative in the search box at the top right, and then press the enter key to search.
Click the knative-operator to enter the installation configuration interface. You can view the available versions and the Parameters optional items of Helm values on this interface.
After clicking the install button, you will enter the installation configuration interface.
Enter the name, installation tenant, and it is recommended to check Wait and Detailed Logs .
In the settings below, you can tick Serving and enter the installation tenant of the Knative Serving component, which will deploy the Knative Serving component after installation. This component is managed by the Knative Operator.
Knative provides a higher level of abstraction, simplifying and speeding up the process of building, deploying, and managing applications on Kubernetes. It allows developers to focus more on implementing business logic, while leaving most of the infrastructure and operations work to Knative, significantly improving productivity.
"},{"location":"en/end-user/kpanda/scale/knative/knative.html#components","title":"Components","text":"The Knative operator runs the following components.
knative-operator knative-operator-58f7d7db5c-7f6r5 1/1 Running 0 6m55s\nknative-operator operator-webhook-667dc67bc-qvrv4 1/1 Running 0 6m55s\n
The Knative serving components are as follows.
knative-serving 3scale-kourier-gateway-d69fbfbd-bd8d8 1/1 Running 0 7m13s\nknative-serving activator-7c6fddd698-wdlng 1/1 Running 0 7m3s\nknative-serving autoscaler-8f4b876bb-kd25p 1/1 Running 0 7m17s\nknative-serving autoscaler-hpa-5f7f74679c-vkc7p 1/1 Running 0 7m15s\nknative-serving controller-789c896c46-tfvsv 1/1 Running 0 7m17s\nknative-serving net-kourier-controller-7db578c889-7gd5l 1/1 Running 0 7m14s\nknative-serving webhook-5c88b94c5-78x7m 1/1 Running 0 7m1s\nknative-serving storage-version-migration-serving-serving-1.12.2-t7zvd 0/1 Completed 0 7m15s\n
Component Features Activator Queues requests (if a Knative Service has scaled to zero). Calls the autoscaler to bring back services that have scaled down to zero and forward queued requests. The Activator can also act as a request buffer, handling bursts of traffic. Autoscaler Responsible for scaling Knative services based on configuration, metrics, and incoming requests. Controller Manages the state of Knative CRs. It monitors multiple objects, manages the lifecycle of dependent resources, and updates resource status. Queue-Proxy Sidecar container injected into each Knative Service. Responsible for collecting traffic data and reporting it to the Autoscaler, which then initiates scaling requests based on this data and preset rules. Webhooks Knative Serving has several Webhooks responsible for validating and mutating Knative resources."},{"location":"en/end-user/kpanda/scale/knative/knative.html#ingress-traffic-entry-solutions","title":"Ingress Traffic Entry Solutions","text":"Solution Use Case Istio If Istio is already in use, it can be chosen as the traffic entry solution. Contour If Contour has been enabled in the cluster, it can be chosen as the traffic entry solution. Kourier If neither of the above two Ingress components are present, Knative's Envoy-based Kourier Ingress can be used as the traffic entry solution."},{"location":"en/end-user/kpanda/scale/knative/knative.html#autoscaler-solutions-comparison","title":"Autoscaler Solutions Comparison","text":"Autoscaler Type Core Part of Knative Serving Default Enabled Scale to Zero Support CPU-based Autoscaling Support Knative Pod Autoscaler (KPA) Yes Yes Yes No Horizontal Pod Autoscaler (HPA) No Needs to be enabled after installing Knative Serving No Yes"},{"location":"en/end-user/kpanda/scale/knative/knative.html#crd","title":"CRD","text":"Resource Type API Name Description Services service.serving.knative.dev
Automatically manages the entire lifecycle of Workloads, controls the creation of other objects, ensures applications have Routes, Configurations, and new revisions with each update. Routes route.serving.knative.dev
Maps network endpoints to one or more revision versions, supports traffic distribution and version routing. Configurations configuration.serving.knative.dev
Maintains the desired state of deployments, provides separation between code and configuration, follows the Twelve-Factor App methodology, modifying configurations creates new revisions. Revisions revision.serving.knative.dev
Snapshot of the workload at each modification time point, immutable object, automatically scales based on traffic."},{"location":"en/end-user/kpanda/scale/knative/playground.html","title":"Knative Practices","text":"In this section, we will delve into learning Knative through several practical exercises.
"},{"location":"en/end-user/kpanda/scale/knative/playground.html#case-1-hello-world","title":"case 1 - Hello World","text":"apiVersion: serving.knative.dev/v1\nkind: Service\nmetadata:\n name: hello\nspec:\n template:\n spec:\n containers:\n - image: m.daocloud.io/ghcr.io/knative/helloworld-go:latest\n ports:\n - containerPort: 8080\n env:\n - name: TARGET\n value: \"World\"\n
You can use kubectl
to check the status of a deployed application that has been automatically configured with ingress and scalers by Knative.
~ kubectl get service.serving.knative.dev/hello\nNAME URL LATESTCREATED LATESTREADY READY REASON\nhello http://hello.knative-serving.knative.loulan.me hello-00001 hello-00001 True\n
The deployed Pod YAML is as follows, consisting of two Pods: user-container
and queue-proxy
.
apiVersion: v1\nkind: Pod\nmetadata:\n name: hello-00003-deployment-5fcb8ccbf-7qjfk\nspec:\n containers:\n - name: user-container\n - name: queue-proxy\n
Request Flow:
case3 When the traffic decreases again, traffic will be routed back to the activator if the traffic is lower than current_demand + target-burst-capacity > (pods * concurrency-target).
The total number of pending requests + the number of requests that can exceed the target concurrency > the target concurrency per Pod * number of Pods.
We first apply the following YAML definition under the cluster.
apiVersion: serving.knative.dev/v1\nkind: Service\nmetadata:\n name: hello\nspec:\n template:\n metadata:\n annotations:\n autoscaling.knative.dev/target: \"1\"\n autoscaling.knative.dev/class: \"kpa.autoscaling.knative.dev\"\n spec:\n containers:\n - image: m.daocloud.io/ghcr.io/knative/helloworld-go:latest\n ports:\n - containerPort: 8080\n env:\n - name: TARGET\n value: \"World\"\n
Execute the following command for testing, and you can observe the scaling of the Pods by using kubectl get pods -A -w
.
wrk -t2 -c4 -d6s http://hello.knative-serving.knative.daocloud.io/\n
"},{"location":"en/end-user/kpanda/scale/knative/playground.html#case-3-based-on-concurrent-elastic-scaling-scale-out-in-advance-to-reach-a-specific-ratio","title":"case 3 - Based on concurrent elastic scaling, scale out in advance to reach a specific ratio.","text":"We can easily achieve this, for example, by limiting the concurrency to 10 per container. This can be implemented through autoscaling.knative.dev/target-utilization-percentage: 70
, starting to scale out the Pods when 70% is reached.
apiVersion: serving.knative.dev/v1\nkind: Service\nmetadata:\n name: hello\nspec:\n template:\n metadata:\n annotations:\n autoscaling.knative.dev/target: \"10\"\n autoscaling.knative.dev/class: \"kpa.autoscaling.knative.dev\"\n \u00a0 \u00a0 \u00a0 \u00a0autoscaling.knative.dev/target-utilization-percentage: \"70\" \n \u00a0 \u00a0 \u00a0 \u00a0autoscaling.knative.dev/metric: \"concurrency\"\n \u00a0 \u00a0 spec:\n containers:\n - image: m.daocloud.io/ghcr.io/knative/helloworld-go:latest\n ports:\n - containerPort: 8080\n env:\n - name: TARGET\n value: \"World\"\n
"},{"location":"en/end-user/kpanda/scale/knative/playground.html#case-4-canary-releasetraffic-percentage","title":"case 4 - Canary Release/Traffic Percentage","text":"We can control the distribution of traffic to each version through spec.traffic
.
apiVersion: serving.knative.dev/v1\nkind: Service\nmetadata:\n name: hello\nspec:\n template:\n metadata:\n annotations:\n autoscaling.knative.dev/target: \"1\" \n autoscaling.knative.dev/class: \"kpa.autoscaling.knative.dev\" \n spec:\n containers:\n - image: m.daocloud.io/ghcr.io/knative/helloworld-go:latest\n ports:\n - containerPort: 8080\n env:\n - name: TARGET\n value: \"World\"\n traffic:\n - latestRevision: true\n percent: 50\n - latestRevision: false\n percent: 50\n revisionName: hello-00001\n
"},{"location":"en/end-user/kpanda/scale/knative/scene.html","title":"Use Cases","text":""},{"location":"en/end-user/kpanda/scale/knative/scene.html#suitable-cases","title":"Suitable Cases","text":"AI platform Container Management provides three types of security scans:
The object of compliance scanning is the cluster node. The scan result lists the scan items and results and provides repair suggestions for any failed scan items. For specific security rules used during scanning, refer to the CIS Kubernetes Benchmark.
The focus of the scan varies when checking different types of nodes.
Scan the control plane node (Controller)
Scan worker nodes
Tip
To use compliance scanning, you need to create a scan configuration first, and then create a scan policy based on that configuration. After executing the scan policy, you can view the scan report.
"},{"location":"en/end-user/kpanda/security/index.html#authorization-scan","title":"Authorization Scan","text":"Authorization scanning focuses on security vulnerabilities caused by authorization issues. Authorization scans can help users identify security threats in Kubernetes clusters, identify which resources need further review and protection measures. By performing these checks, users can gain a clearer and more comprehensive understanding of their Kubernetes environment and ensure that the cluster environment meets Kubernetes' best practices and security standards.
Specifically, authorization scanning supports the following operations:
Scans the health status of all nodes in the cluster.
Scans the running state of components in the cluster, such as kube-apiserver , kube-controller-manager , kube-scheduler , etc.
Scans security configurations: Check Kubernetes' security configuration.
Provides warnings and suggestions: Security best practices that cluster administrators should perform, such as regularly rotating certificates, using strong passwords, restricting network access, etc.
Tip
To use authorization scanning, you need to create a scan policy first. After executing the scan policy, you can view the scan report. For details, refer to Security Scanning.
"},{"location":"en/end-user/kpanda/security/index.html#vulnerability-scan","title":"Vulnerability Scan","text":"Vulnerability scanning focuses on scanning potential malicious attacks and security vulnerabilities, such as remote code execution, SQL injection, XSS attacks, and some attacks specific to Kubernetes. The final scan report lists the security vulnerabilities in the cluster and provides repair suggestions.
Tip
To use vulnerability scanning, you need to create a scan policy first. After executing the scan policy, you can view the scan report. For details, refer to Vulnerability Scan.
"},{"location":"en/end-user/kpanda/security/audit.html","title":"Permission Scan","text":"To use the Permission Scan feature, you need to create a scan policy first. After executing the policy, a scan report will be automatically generated for viewing.
"},{"location":"en/end-user/kpanda/security/audit.html#create-a-scan-policy","title":"Create a Scan Policy","text":"On the left navigation bar of the homepage in the Container Management module, click Security Management .
Click Permission Scan on the left navigation bar, then click the Scan Policy tab and click Create Scan Policy on the right.
Fill in the configuration according to the following instructions, and then click OK .
Scan Type:
Number of Scan Reports to Keep: Set the maximum number of scan reports to be kept. When the specified retention quantity is exceeded, delete from the earliest report.
After creating a scan policy, you can update or delete it as needed.
Under the Scan Policy tab, click the \u2507 action button to the right of a configuration:
For periodic scan policies:
For one-time scan policies: Only support the Delete operation.
Under the Security Management -> Permission Scanning -> Scan Reports tab, click the report name.
Clicking Delete on the right of a report allows you to manually delete the report.
View the scan report content, including:
To use the Vulnerability Scan feature, you need to create a scan policy first. After executing the policy, a scan report will be automatically generated for viewing.
"},{"location":"en/end-user/kpanda/security/hunter.html#create-a-scan-policy","title":"Create a Scan Policy","text":"On the left navigation bar of the homepage in the Container Management module, click Security Management .
Click Vulnerability Scan on the left navigation bar, then click the Scan Policy tab and click Create Scan Policy on the right.
Fill in the configuration according to the following instructions, and then click OK .
Scan Type:
Number of Scan Reports to Keep: Set the maximum number of scan reports to be kept. When the specified retention quantity is exceeded, delete from the earliest report.
After creating a scan policy, you can update or delete it as needed.
Under the Scan Policy tab, click the \u2507 action button to the right of a configuration:
For periodic scan policies:
For one-time scan policies: Only support the Delete operation.
Under the Security Management -> Vulnerability Scanning -> Scan Reports tab, click the report name.
Clicking Delete on the right of a report allows you to manually delete the report.
View the scan report content, including:
The first step in using CIS Scanning is to create a scan configuration. Based on the scan configuration, you can then create scan policies, execute scan policies, and finally view scan results.
"},{"location":"en/end-user/kpanda/security/cis/config.html#create-a-scan-configuration","title":"Create a Scan Configuration","text":"The steps for creating a scan configuration are as follows:
Click Security Management in the left navigation bar of the homepage of the container management module.
By default, enter the Compliance Scanning page, click the Scan Configuration tab, and then click Create Scan Configuration in the upper-right corner.
Fill in the configuration name, select the configuration template, and optionally check the scan items, then click OK .
Scan Template: Currently, two templates are provided. The kubeadm template is suitable for general Kubernetes clusters. The daocloud template ignores scan items that are not applicable to AI platform based on the kubeadm template and the platform design of AI platform.
Under the scan configuration tab, clicking the name of a scan configuration displays the type of the configuration, the number of scan items, the creation time, the configuration template, and the specific scan items enabled for the configuration.
"},{"location":"en/end-user/kpanda/security/cis/config.html#updatdelete-scan-configuration","title":"Updat/Delete Scan Configuration","text":"After a scan configuration has been successfully created, it can be updated or deleted according to your needs.
Under the scan configuration tab, click the \u2507 action button to the right of a configuration:
After creating a scan configuration, you can create a scan policy based on the configuration.
Under the Security Management -> Compliance Scanning page, click the Scan Policy tab on the right to create a scan policy.
Fill in the configuration according to the following instructions and click OK .
Scan Type:
Number of Scan Reports to Keep: Set the maximum number of scan reports to be kept. When the specified retention quantity is exceeded, delete from the earliest report.
After creating a scan policy, you can update or delete it as needed.
Under the Scan Policy tab, click the \u2507 action button to the right of a configuration:
For periodic scan policies:
For one-time scan policies: Only support the Delete operation.
After executing a scan policy, a scan report will be generated automatically. You can view the scan report online or download it to your local computer.
Download and View
Under the Security Management -> Compliance Scanning page, click the Scan Report tab, then click the \u2507 action button to the right of a report and select Download .
View Online
Clicking the name of a report allows you to view its content online, which includes:
A data volume (PersistentVolume, PV) is a piece of storage in the cluster, which can be prepared in advance by the administrator, or dynamically prepared using a storage class (Storage Class). PV is a cluster resource, but it has an independent life cycle and will not be deleted when the Pod process ends. Mounting PVs to workloads can achieve data persistence for workloads. The PV holds the data directory that can be accessed by the containers in the Pod.
"},{"location":"en/end-user/kpanda/storage/pv.html#create-data-volume","title":"Create data volume","text":"Currently, there are two ways to create data volumes: YAML and form. These two ways have their own advantages and disadvantages, and can meet the needs of different users.
There are fewer steps and more efficient creation through YAML, but the threshold requirement is high, and you need to be familiar with the YAML file configuration of the data volume.
It is more intuitive and easier to create through the form, just fill in the proper values \u200b\u200baccording to the prompts, but the steps are more cumbersome.
Click the name of the target cluster in the cluster list, and then click Container Storage -> Data Volume (PV) -> Create with YAML in the left navigation bar.
Enter or paste the prepared YAML file in the pop-up box, and click OK at the bottom of the pop-up box.
Supports importing YAML files from local or downloading and saving filled files to local.
Click the name of the target cluster in the cluster list, and then click Container Storage -> Data Volume (PV) -> Create Data Volume (PV) in the left navigation bar.
Fill in the basic information.
Data volume type: For a detailed introduction to volume types, refer to the official Kubernetes document Volumes.
Local: The local storage of the Node node is packaged into a PVC interface, and the container directly uses the PVC without paying attention to the underlying storage type. Local volumes do not support dynamic configuration of data volumes, but support configuration of node affinity, which can limit which nodes can access the data volume.
HostPath: Use files or directories on the file system of Node nodes as data volumes, and do not support Pod scheduling based on node affinity.
Mount path: mount the data volume to a specific directory in the container.
access mode:
Recycling policy:
Volume mode:
Node affinity:
Click the name of the target cluster in the cluster list, and then click Container Storage -> Data Volume (PV) in the left navigation bar.
On this page, you can view all data volumes in the current cluster, as well as information such as the status, capacity, and namespace of each data volume.
Supports sequential or reverse sorting according to the name, status, namespace, and creation time of data volumes.
Click the name of a data volume to view the basic configuration, StorageClass information, labels, comments, etc. of the data volume.
By cloning a data volume, a new data volume can be recreated based on the configuration of the cloned data volume.
Enter the clone page
On the data volume list page, find the data volume to be cloned, and select Clone under the operation bar on the right.
You can also click the name of the data volume, click the operation button in the upper right corner of the details page and select Clone .
Use the original configuration directly, or modify it as needed, and click OK at the bottom of the page.
There are two ways to update data volumes. Support for updating data volumes via forms or YAML files.
Note
Only updating the alias, capacity, access mode, reclamation policy, label, and comment of the data volume is supported.
On the data volume list page, find the data volume that needs to be updated, select Update under the operation bar on the right to update through the form, select Edit YAML to update through YAML.
Click the name of the data volume to enter the details page of the data volume, select Update in the upper right corner of the page to update through the form, select Edit YAML to update through YAML.
On the data volume list page, find the data to be deleted, and select Delete in the operation column on the right.
You can also click the name of the data volume, click the operation button in the upper right corner of the details page and select Delete .
"},{"location":"en/end-user/kpanda/storage/pvc.html","title":"Data volume declaration (PVC)","text":"A persistent volume claim (PersistentVolumeClaim, PVC) expresses a user's request for storage. PVC consumes PV resources and claims a data volume with a specific size and specific access mode. For example, the PV volume is required to be mounted in ReadWriteOnce, ReadOnlyMany or ReadWriteMany modes.
"},{"location":"en/end-user/kpanda/storage/pvc.html#create-data-volume-statement","title":"Create data volume statement","text":"Currently, there are two ways to create data volume declarations: YAML and form. These two ways have their own advantages and disadvantages, and can meet the needs of different users.
There are fewer steps and more efficient creation through YAML, but the threshold requirement is high, and you need to be familiar with the YAML file configuration of the data volume declaration.
It is more intuitive and easier to create through the form, just fill in the proper values \u200b\u200baccording to the prompts, but the steps are more cumbersome.
Click the name of the target cluster in the cluster list, and then click Container Storage -> Data Volume Declaration (PVC) -> Create with YAML in the left navigation bar.
Enter or paste the prepared YAML file in the pop-up box, and click OK at the bottom of the pop-up box.
Supports importing YAML files from local or downloading and saving filled files to local.
Click the name of the target cluster in the cluster list, and then click Container Storage -> Data Volume Declaration (PVC) -> Create Data Volume Declaration (PVC) in the left navigation bar.
Fill in the basic information.
Creation method: dynamically create a new data volume claim in an existing StorageClass or data volume, or create a new data volume claim based on a snapshot of a data volume claim.
The declared capacity of the data volume cannot be modified when the snapshot is created, and can be modified after the creation is complete.
After selecting the creation method, select the desired StorageClass/data volume/snapshot from the drop-down list.
access mode:
ReadWriteOnce, the data volume declaration can be mounted by a node in read-write mode.
Click the name of the target cluster in the cluster list, and then click Container Storage -> Data Volume Declaration (PVC) in the left navigation bar.
On this page, you can view all data volume declarations in the current cluster, as well as information such as the status, capacity, and namespace of each data volume declaration.
Supports sorting in sequential or reverse order according to the declared name, status, namespace, and creation time of the data volume.
Click the name of the data volume declaration to view the basic configuration, StorageClass information, labels, comments and other information of the data volume declaration.
In the left navigation bar, click Container Storage -> Data Volume Declaration (PVC) , and find the data volume declaration whose capacity you want to adjust.
Click the name of the data volume declaration, and then click the operation button in the upper right corner of the page and select Expansion .
Enter the target capacity and click OK .
By cloning a data volume claim, a new data volume claim can be recreated based on the configuration of the cloned data volume claim.
Enter the clone page
On the data volume declaration list page, find the data volume declaration that needs to be cloned, and select Clone under the operation bar on the right.
You can also click the name of the data volume declaration, click the operation button in the upper right corner of the details page and select Clone .
Use the original configuration directly, or modify it as needed, and click OK at the bottom of the page.
There are two ways to update data volume claims. Support for updating data volume claims via form or YAML file.
Note
Only aliases, labels, and annotations for data volume claims are updated.
On the data volume list page, find the data volume declaration that needs to be updated, select Update in the operation bar on the right to update it through the form, and select Edit YAML to update it through YAML.
Click the name of the data volume declaration, enter the details page of the data volume declaration, select Update in the upper right corner of the page to update through the form, select Edit YAML to update through YAML.
On the data volume declaration list page, find the data to be deleted, and select Delete in the operation column on the right.
You can also click the name of the data volume statement, click the operation button in the upper right corner of the details page and select Delete .
"},{"location":"en/end-user/kpanda/storage/pvc.html#common-problem","title":"common problem","text":"If there is no optional StorageClass or data volume in the list, you can Create a StorageClass or Create a data volume.
If there is no optional snapshot in the list, you can enter the details page of the data volume declaration and create a snapshot in the upper right corner.
If the StorageClass (SC) used by the data volume declaration is not enabled for snapshots, snapshots cannot be made, and the page will not display the \"Make Snapshot\" option.
The AI platform container management module supports sharing a StorageClass with multiple namespaces to improve resource utilization efficiency.
Find the StorageClass that needs to be shared in the StorageClass list, and click Authorize Namespace under the operation bar on the right.
Click Custom Namespace to select which namespaces this StorageClass needs to be shared to one by one.
A StorageClass refers to a large storage resource pool composed of many physical disks. This platform supports the creation of block StorageClass, local StorageClass, and custom StorageClass after accessing various storage vendors, and then dynamically configures data volumes for workloads.
"},{"location":"en/end-user/kpanda/storage/sc.html#create-storageclass-sc","title":"Create StorageClass (SC)","text":"Currently, it supports creating StorageClass through YAML and forms. These two methods have their own advantages and disadvantages, and can meet the needs of different users.
There are fewer steps and more efficient creation through YAML, but the threshold requirement is high, and you need to be familiar with the YAML file configuration of the StorageClass.
It is more intuitive and easier to create through the form, just fill in the proper values \u200b\u200baccording to the prompts, but the steps are more cumbersome.
Click the name of the target cluster in the cluster list, and then click Container Storage -> StorageClass (SC) -> Create with YAML in the left navigation bar.
Enter or paste the prepared YAML file in the pop-up box, and click OK at the bottom of the pop-up box.
Supports importing YAML files from local or downloading and saving filled files to local.
Click the name of the target cluster in the cluster list, and then click Container Storage -> StorageClass (SC) -> Create StorageClass (SC) in the left navigation bar.
Fill in the basic information and click OK at the bottom.
CUSTOM STORAGE SYSTEM
CSI storage driver: A standard Kubernetes-based container storage interface plug-in, which must comply with the format specified by the storage manufacturer, such as rancher.io/local-path .
HwameiStor storage system
lvm.hwameistor.io
.hdd.hwameistor.io
.On the StorageClass list page, find the StorageClass that needs to be updated, and select Edit under the operation bar on the right to update the StorageClass.
Info
Select View YAML to view the YAML file of the StorageClass, but editing is not supported.
"},{"location":"en/end-user/kpanda/storage/sc.html#delete-storageclass-sc","title":"Delete StorageClass (SC)","text":"On the StorageClass list page, find the StorageClass to be deleted, and select Delete in the operation column on the right.
"},{"location":"en/end-user/kpanda/workloads/create-cronjob.html","title":"Create CronJob","text":"This page introduces how to create a CronJob through images and YAML files.
CronJobs are suitable for performing periodic operations, such as backup and report generation. These jobs can be configured to repeat periodically (for example: daily/weekly/monthly), and the time interval at which the job starts to run can be defined.
"},{"location":"en/end-user/kpanda/workloads/create-cronjob.html#prerequisites","title":"Prerequisites","text":"Before creating a CronJob, the following prerequisites need to be met:
In the Container Management module Integrate Kubernetes Cluster or Create Kubernetes Cluster, and can access the cluster UI interface.
Create a namespace and a user.
The current operating user should have NS Editor or higher permissions, for details, refer to Namespace Authorization.
When there are multiple containers in a single instance, please make sure that the ports used by the containers do not conflict, otherwise the deployment will fail.
Refer to the following steps to create a CronJob using the image.
Click Clusters on the left navigation bar, and then click the name of the target cluster to enter the cluster details page.
On the cluster details page, click Workloads -> CronJobs in the left navigation bar, and then click the Create by Image button in the upper right corner of the page.
Fill in Basic Information, Container Settings, CronJob Settings, Advanced Configuration, click OK in the lower right corner of the page to complete the creation.
The system will automatically return to the CronJobs list. Click \u2507 on the right side of the list to perform operations such as updating, deleting, and restarting the CronJob.
On the Create CronJobs page, enter the information according to the table below, and click Next .
Container setting is divided into six parts: basic information, life cycle, health check, environment variables, data storage, and security settings. Click the tab below to view the requirements of each part.
Container setting is only configured for a single container. To add multiple containers to a pod, click + on the right to add multiple containers.
Basic information (required)Lifecycle (optional)Health Check (optional)Environment variables (optional)Data storage (optional)Security settings (optional)
When configuring container-related parameters, you must correctly fill in the container name and image parameters, otherwise you will not be able to proceed to the next step. After filling in the configuration with reference to the following requirements, click OK .
GPU Exclusive: Configure the GPU usage for the container, only positive integers are supported. The GPU quota setting supports setting exclusive use of the entire GPU or part of the vGPU for the container. For example, for an 8-core GPU, enter the number 8 to let the container exclusively use the entire length of the card, and enter the number 1 to configure a 1-core vGPU for the container.
Before setting exclusive GPU, the administrator needs to install the GPU and driver plug-in on the cluster nodes in advance, and enable the GPU feature in Cluster Settings.
Set the commands that need to be executed when the container starts, after starting, and before stopping. For details, refer to Container Lifecycle Configuration.
It is used to judge the health status of containers and applications, which helps to improve the availability of applications. For details, refer to Container Health Check Configuration.
Configure container parameters within the Pod, add environment variables or pass configuration to the Pod, etc. For details, refer to Container environment variable configuration.
Configure the settings for container mounting data volumes and data persistence. For details, refer to Container Data Storage Configuration.
Containers are securely isolated through Linux's built-in account authority isolation mechanism. You can limit container permissions by using account UIDs (digital identity tokens) with different permissions. For example, enter 0 to use the privileges of the root account.
"},{"location":"en/end-user/kpanda/workloads/create-cronjob.html#cronjob-settings","title":"CronJob Settings","text":"Concurrency Policy: Whether to allow multiple Job jobs to run in parallel.
The above rules only apply to multiple jobs created by the same CronJob. Multiple jobs created by multiple CronJobs are always allowed to run concurrently.
Policy Settings: Set the time period for job execution based on minutes, hours, days, weeks, and months. Support custom Cron expressions with numbers and *
, after inputting the expression, the meaning of the current expression will be prompted. For detailed expression syntax rules, refer to Cron Schedule Syntax.
Configure Service for the statefulset, so that the statefulset can be accessed externally.
Click the Create Service button.
Refer to Create Service to configure service parameters.
Click OK and click Next .
The advanced configuration of CronJobs mainly involves labels and annotations.
You can click the Add button to add labels and annotations to the workload instance Pod.
"},{"location":"en/end-user/kpanda/workloads/create-cronjob.html#create-from-yaml","title":"Create from YAML","text":"In addition to mirroring, you can also create timed jobs more quickly through YAML files.
Click Clusters on the left navigation bar, and then click the name of the target cluster to enter the cluster details page.
On the cluster details page, click Workloads -> CronJobs in the left navigation bar, and then click the Create from YAML button in the upper right corner of the page.
Enter or paste the YAML file prepared in advance, click OK to complete the creation.
apiVersion: batch/v1\nkind: CronJob\nmetadata:\n creationTimestamp: '2022-12-26T09:45:47Z'\n generation: 1\n name: demo\n namespace: default\n resourceVersion: '92726617'\n uid: d030d8d7-a405-4dcd-b09a-176942ef36c9\nspec:\n concurrencyPolicy: Allow\n failedJobsHistoryLimit: 1\n jobTemplate:\n metadata:\n creationTimestamp: null\n spec:\n activeDeadlineSeconds: 360\n backoffLimit: 6\n template:\n metadata:\n creationTimestamp: null\n spec:\n containers:\n - image: nginx\n imagePullPolicy: IfNotPresent\n lifecycle: {}\n name: container-3\n resources:\n limits:\n cpu: 250m\n memory: 512Mi\n requests:\n cpu: 250m\n memory: 512Mi\n securityContext:\n privileged: false\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n dnsPolicy: ClusterFirst\n restartPolicy: Never\n schedulerName: default-scheduler\n securityContext: {}\n terminationGracePeriodSeconds: 30\n schedule: 0 0 13 * 5\n successfulJobsHistoryLimit: 3\n suspend: false\nstatus: {}\n
"},{"location":"en/end-user/kpanda/workloads/create-daemonset.html","title":"Create DaemonSet","text":"This page introduces how to create a daemonSet through image and YAML files.
DaemonSet is connected to taint through node affinity feature ensures that a replica of a Pod is running on all or some of the nodes. For nodes that newly joined the cluster, DaemonSet automatically deploys the proper Pod on the new node and tracks the running status of the Pod. When a node is removed, the DaemonSet deletes all Pods it created.
Common cases for daemons include:
For simplicity, a DaemonSet can be started on each node for each type of daemon. For finer and more advanced daemon management, you can also deploy multiple DaemonSets for the same daemon. Each DaemonSet has different flags and has different memory, CPU requirements for different hardware types.
"},{"location":"en/end-user/kpanda/workloads/create-daemonset.html#prerequisites","title":"Prerequisites","text":"Before creating a DaemonSet, the following prerequisites need to be met:
In the Container Management module Integrate Kubernetes Cluster or Create Kubernetes Cluster, and can access the cluster UI interface.
Create a namespace and a user.
The current operating user should have NS Editor or higher permissions, for details, refer to Namespace Authorization.
When there are multiple containers in a single instance, please make sure that the ports used by the containers do not conflict, otherwise the deployment will fail.
Refer to the following steps to create a daemon using the image.
Click Clusters on the left navigation bar, and then click the name of the target cluster to enter the cluster details page.
On the cluster details page, click Workloads -> DaemonSets in the left navigation bar, and then click the Create by Image button in the upper right corner of the page.
Fill in Basic Information, Container Settings, Service Settings, Advanced Settings, click OK in the lower right corner of the page to complete the creation.
The system will automatically return the list of DaemonSets . Click \u2507 on the right side of the list to perform operations such as updating, deleting, and restarting the DaemonSet.
On the Create DaemonSets page, after entering the information according to the table below, click Next .
Container setting is divided into six parts: basic information, life cycle, health check, environment variables, data storage, and security settings. Click the tab below to view the requirements of each part.
Container setting is only configured for a single container. To add multiple containers to a pod, click + on the right to add multiple containers.
Basic information (required)Lifecycle (optional)Health Check (optional)Environment variables (optional)Data storage (optional)Security settings (optional)When configuring container-related parameters, you must correctly fill in the container name and image parameters, otherwise you will not be able to proceed to the next step. After filling in the settings with reference to the following requirements, click OK .
GPU Exclusive: Configure the GPU usage for the container, only positive integers are supported. The GPU quota setting supports setting exclusive use of the entire GPU or part of the vGPU for the container. For example, for an 8-core GPU, enter the number 8 to let the container exclusively use the entire length of the card, and enter the number 1 to configure a 1-core vGPU for the container.
Before setting exclusive GPU, the administrator needs to install the GPU and driver plug-in on the cluster nodes in advance, and enable the GPU feature in Cluster Settings.
Set the commands that need to be executed when the container starts, after starting, and before stopping. For details, refer to Container Lifecycle Configuration.
It is used to judge the health status of containers and applications, which helps to improve the availability of applications. For details, refer to Container Health Check Configuration.
Configure container parameters within the Pod, add environment variables or pass settings to the Pod, etc. For details, refer to Container environment variable settings.
Configure the settings for container mounting data volumes and data persistence. For details, refer to Container Data Storage Configuration.
Containers are securely isolated through Linux's built-in account authority isolation mechanism. You can limit container permissions by using account UIDs (digital identity tokens) with different permissions. For example, enter 0 to use the privileges of the root account.
"},{"location":"en/end-user/kpanda/workloads/create-daemonset.html#service-settings","title":"Service settings","text":"Create a Service (Service) for the daemon, so that the daemon can be accessed externally.
Click the Create Service button.
Configure service parameters, refer to Create Service for details.
Click OK and click Next .
Advanced setting includes four parts: load network settings, upgrade policy, scheduling policy, label and annotation. You can click the tabs below to view the requirements of each part.
Network ConfigurationUpgrade PolicyScheduling PoliciesLabels and AnnotationsIn some cases, the application will have redundant DNS queries. Kubernetes provides DNS-related settings options for applications, which can effectively reduce redundant DNS queries and increase business concurrency in certain cases.
DNS Policy
Nameservers: fill in the address of the domain name server, such as 10.6.175.20 .
For details, refer to Scheduling Policy.
You can click the Add button to add tags and annotations to workloads and pods.
"},{"location":"en/end-user/kpanda/workloads/create-daemonset.html#create-from-yaml","title":"Create from YAML","text":"In addition to image, you can also create daemons more quickly through YAML files.
Click Clusters on the left navigation bar, and then click the name of the target cluster to enter the Cluster Details page.
On the cluster details page, click Workload -> Daemons in the left navigation bar, and then click the YAML Create button in the upper right corner of the page.
Enter or paste the YAML file prepared in advance, click OK to complete the creation.
kind: DaemonSet\n apiVersion: apps/v1\n metadata:\n name: hwameistor-local-disk-manager\n namespace: hwameistor\n uid: ccbdc098-7de3-4a8a-96dd-d1cee159c92b\n resourceVersion: '90999552'\n generation: 1\n creationTimestamp: '2022-12-15T09:03:44Z'\n labels:\n app.kubernetes.io/managed-by: Helm\n annotations:\n deprecated.DaemonSet.template.generation: '1'\n meta.helm.sh/release-name: hwameistor\n meta.helm.sh/release-namespace:hwameistor\n spec:\n selector:\n matchLabels:\n app: hwameistor-local-disk-manager\n template:\n metadata:\n creationTimestamp: null\n labels:\n app: hwameistor-local-disk-manager\n spec:\n volumes:\n - name: udev\n hostPath:\n path: /run/udev\n type: Directory\n - name: procmount\n hostPath:\n path: /proc\n type: Directory\n - name: devmount\n hostPath:\n path: /dev\n type: Directory\n - name: socket-dir\n hostPath:\n path: /var/lib/kubelet/plugins/disk.hwameistor.io\n type: DirectoryOrCreate\n - name: registration-dir\n hostPath:\n path: /var/lib/kubelet/plugins_registry/\n type: Directory\n - name: plugin-dir\n hostPath:\n path: /var/lib/kubelet/plugins\n type: DirectoryOrCreate\n - name: pods-mount-dir\n hostPath:\n path: /var/lib/kubelet/pods\n type: DirectoryOrCreate\n containers:\n - name: registrar\n image: k8s-gcr.m.daocloud.io/sig-storage/csi-node-driver-registrar:v2.5.0\n args:\n - '--v=5'\n - '--csi-address=/csi/csi.sock'\n - >-\n --kubelet-registration-path=/var/lib/kubelet/plugins/disk.hwameistor.io/csi.sock\n env:\n - name: KUBE_NODE_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: spec.nodeName\n resources: {}\n volumeMounts:\n - name: socket-dir\n mountPath: /csi\n - name: registration-dir\n mountPath: /registration\n lifecycle:\n preStop:\n exec:\n command:\n - /bin/sh\n - '-c'\n - >-\n rm -rf /registration/disk.hwameistor.io\n /registration/disk.hwameistor.io-reg.sock\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: IfNotPresent\n -name: managerimage: ghcr.m.daocloud.io/hwameistor/local-disk-manager:v0.6.1\n command:\n - /local-disk-manager\n args:\n - '--endpoint=$(CSI_ENDPOINT)'\n - '--nodeid=$(NODENAME)'\n - '--csi-enable=true'\n env:\n - name: CSI_ENDPOINT\n value: unix://var/lib/kubelet/plugins/disk.hwameistor.io/csi.sock\n - name: NAMESPACE\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n - name: WATCH_NAMESPACE\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n - name: POD_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.name\n - name: NODENAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: spec.nodeName\n - name: OPERATOR_NAME\n value: local-disk-manager\n resources: {}\n volumeMounts:\n - name: udev\n mountPath: /run/udev\n - name: procmount\n readOnly: true\n mountPath: /host/proc\n - name: devmount\n mountPath: /dev\n - name: registration-dir\n mountPath: /var/lib/kubelet/plugins_registry\n - name: plugin-dir\n mountPath: /var/lib/kubelet/plugins\n mountPropagation: Bidirectional\n - name: pods-mount-dir\n mountPath: /var/lib/kubelet/pods\n mountPropagation: Bidirectional\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: IfNotPresent\n securityContext:\n privileged: true\n restartPolicy: Always\n terminationGracePeriodSeconds: 30\n dnsPolicy: ClusterFirst\n serviceAccountName: hwameistor-admin\n serviceAccount: hwameistor-admin\n hostNetwork: true\n hostPID: true\n securityContext: {}\n schedulerName: default-scheduler\n tolerations:\n - key: CriticalAddonsOnly\n operator: Exists\n - key: node.kubernetes.io/not-ready\n operator: Exists\n effect: NoSchedule\n - key: node-role.kubernetes.io/master\n operator: Exists\n effect: NoSchedule\n - key: node-role.kubernetes.io/control-plane\n operator: Exists\n effect: NoSchedule\n - key: node.cloudprovider.kubernetes.io/uninitialized\n operator: Exists\n effect: NoSchedule\n updateStrategy:\n type: RollingUpdate\n rollingUpdate:\n maxUnavailable: 1\n maxSurge: 0\n revisionHistoryLimit: 10\nstatus:\n currentNumberScheduled: 4\n numberMisscheduled: 0\n desiredNumberScheduled: 4\n numberReady: 4\n observedGeneration: 1\n updatedNumberScheduled: 4\n numberAvailable: 4\n
"},{"location":"en/end-user/kpanda/workloads/create-deployment.html","title":"Create Deployment","text":"This page describes how to create deployments through images and YAML files.
Deployment is a common resource in Kubernetes, mainly Pod and ReplicaSet provide declarative updates, support elastic scaling, rolling upgrades, and version rollbacks features. Declare the desired Pod state in the Deployment, and the Deployment Controller will modify the current state through the ReplicaSet to make it reach the pre-declared desired state. Deployment is stateless and does not support data persistence. It is suitable for deploying stateless applications that do not need to save data and can be restarted and rolled back at any time.
Through the container management module of AI platform, workloads on multicloud and multiclusters can be easily managed based on proper role permissions, including the creation of deployments, Full life cycle management such as update, deletion, elastic scaling, restart, and version rollback.
"},{"location":"en/end-user/kpanda/workloads/create-deployment.html#prerequisites","title":"Prerequisites","text":"Before using image to create deployments, the following prerequisites need to be met:
In the Container Management module Integrate Kubernetes Cluster or Create Kubernetes Cluster, and can access the cluster UI interface.
Create a namespace and a user.
The current operating user should have NS Editor or higher permissions, for details, refer to Namespace Authorization.
When there are multiple containers in a single instance, please make sure that the ports used by the containers do not conflict, otherwise the deployment will fail.
Follow the steps below to create a deployment by image.
Click Clusters on the left navigation bar, and then click the name of the target cluster to enter the Cluster Details page.
On the cluster details page, click Workloads -> Deployments in the left navigation bar, and then click the Create by Image button in the upper right corner of the page.
Fill in Basic Information, Container Setting, Service Setting, Advanced Setting in turn, click OK in the lower right corner of the page to complete the creation.
The system will automatically return the list of Deployments . Click \u2507 on the right side of the list to perform operations such as update, delete, elastic scaling, restart, and version rollback on the load. If the workload status is abnormal, please check the specific abnormal information, refer to Workload Status.
Container setting is divided into six parts: basic information, life cycle, health check, environment variables, data storage, and security settings. Click the tab below to view the requirements of each part.
Container setting is only configured for a single container. To add multiple containers to a pod, click + on the right to add multiple containers.
Basic Information (Required)Lifecycle (optional)Health Check (optional)Environment variables (optional)Data storage (optional)Security settings (optional)When configuring container-related parameters, it is essential to correctly fill in the container name and image parameters; otherwise, you will not be able to proceed to the next step. After filling in the configuration according to the following requirements, click OK.
Work Container
. For information on init containers, see the [K8s Official Documentation] (https://kubernetes.io/docs/concepts/workloads/pods/init-containers/).Before setting the GPU, the administrator needs to pre-install the GPU and driver plugin on the cluster node and enable the GPU feature in the Cluster Settings.
Set the commands that need to be executed when the container starts, after starting, and before stopping. For details, refer to Container Lifecycle Setting.
It is used to judge the health status of containers and applications, which helps to improve the availability of applications. For details, refer to Container Health Check Setting.
Configure container parameters within the Pod, add environment variables or pass setting to the Pod, etc. For details, refer to Container environment variable setting.
Configure the settings for container mounting data volumes and data persistence. For details, refer to Container Data Storage Setting.
Containers are securely isolated through Linux's built-in account authority isolation mechanism. You can limit container permissions by using account UIDs (digital identity tokens) with different permissions. For example, enter 0 to use the privileges of the root account.
"},{"location":"en/end-user/kpanda/workloads/create-deployment.html#service-settings","title":"Service settings","text":"Configure Service for the deployment, so that the deployment can be accessed externally.
Click the Create Service button.
Refer to Create Service to configure service parameters.
Click OK and click Next .
Advanced setting includes four parts: Network Settings, Upgrade Policy, Scheduling Policies, Labels and Annotations. You can click the tabs below to view the setting requirements of each part.
Network SettingsUpgrade PolicyScheduling PoliciesLabels and AnnotationsIn some cases, the application will have redundant DNS queries. Kubernetes provides DNS-related setting options for applications, which can effectively reduce redundant DNS queries and increase business concurrency in certain cases.
DNS Policy
Nameservers: fill in the address of the domain name server, such as 10.6.175.20 .
For details, refer to Scheduling Policy.
You can click the Add button to add tags and annotations to workloads and pods.
"},{"location":"en/end-user/kpanda/workloads/create-deployment.html#create-from-yaml","title":"Create from YAML","text":"In addition to image, you can also create deployments more quickly through YAML files.
Click Clusters on the left navigation bar, and then click the name of the target cluster to enter the Cluster Details page.
On the cluster details page, click Workloads -> Deployments in the left navigation bar, and then click the Create from YAML button in the upper right corner of the page.
Enter or paste the YAML file prepared in advance, click OK to complete the creation.
apiVersion: apps/v1\n kind: Deployment\n metadata:\n name: nginx-deployment\n spec:\n selector:\n matchLabels:\n app: nginx\n replicas: 2 # (1)!\n template:\n metadata:\n labels:\n app: nginx\n spec:\n containers:\n -name: nginx\n image: nginx:1.14.2\n ports:\n - containerPort: 80\n
This page introduces how to create a job through image and YAML file.
Job is suitable for performing one-time jobs. A Job creates one or more Pods, and the Job keeps retrying to run Pods until a certain number of Pods are successfully terminated. A Job ends when the specified number of Pods are successfully terminated. When a Job is deleted, all Pods created by the Job will be cleared. When a Job is paused, all active Pods in the Job are deleted until the Job is resumed. For more information about jobs, refer to Job.
"},{"location":"en/end-user/kpanda/workloads/create-job.html#prerequisites","title":"Prerequisites","text":"In the Container Management module Integrate Kubernetes Cluster or Create Kubernetes Cluster, and can access the cluster UI interface.
Create a namespace and a user.
The current operating user should have NS Editor or higher permissions, for details, refer to Namespace Authorization.
When there are multiple containers in a single instance, please make sure that the ports used by the containers do not conflict, otherwise the deployment will fail.
Refer to the following steps to create a job using an image.
Click Clusters on the left navigation bar, and then click the name of the target cluster to enter the cluster details page.
On the cluster details page, click Workloads -> Jobs in the left navigation bar, and then click the Create by Image button in the upper right corner of the page.
Fill in Basic Information, Container Settings and Advanced Settings, click OK in the lower right corner of the page to complete the creation.
The system will automatically return to the job list. Click \u2507 on the right side of the list to perform operations such as updating, deleting, and restarting the job.
On the Create Jobs page, enter the basic information according to the table below, and click Next .
Container setting is divided into six parts: basic information, life cycle, health check, environment variables, data storage, and security settings. Click the tab below to view the setting requirements of each part.
Container settings is only configured for a single container. To add multiple containers to a pod, click + on the right to add multiple containers.
Basic information (required)Lifecycle (optional)Health Check (optional)Environment Variables (optional)Data Storage (optional)Security Settings (optional)When configuring container-related parameters, you must correctly fill in the container name and image parameters, otherwise you will not be able to proceed to the next step. After filling in the settings with reference to the following requirements, click OK .
Before setting exclusive GPU, the administrator needs to install the GPU and driver plug-in on the cluster nodes in advance, and enable the GPU feature in Cluster Settings.
Set the commands that need to be executed when the container starts, after starting, and before stopping. For details, refer to Container Lifecycle settings.
It is used to judge the health status of containers and applications, which helps to improve the availability of applications. For details, refer to Container Health Check settings.
Configure container parameters within the Pod, add environment variables or pass settings to the Pod, etc. For details, refer to Container environment variable settings.
Configure the settings for container mounting data volumes and data persistence. For details, refer to Container Data Storage settings.
Containers are securely isolated through Linux's built-in account authority isolation mechanism. You can limit container permissions by using account UIDs (digital identity tokens) with different permissions. For example, enter 0 to use the privileges of the root account.
"},{"location":"en/end-user/kpanda/workloads/create-job.html#advanced-settings","title":"Advanced settings","text":"Advanced setting includes job settings, labels and annotations.
Job SettingsLabels and AnnotationsYou can click the Add button to add labels and annotations to the workload instance Pod.
"},{"location":"en/end-user/kpanda/workloads/create-job.html#create-from-yaml","title":"Create from YAML","text":"In addition to image, creation jobs can also be created more quickly through YAML files.
Click Clusters on the left navigation bar, and then click the name of the target cluster to enter the cluster details page.
On the cluster details page, click Workloads -> Jobs in the left navigation bar, and then click the Create from YAML button in the upper right corner of the page.
Enter or paste the YAML file prepared in advance, click OK to complete the creation.
kind: Job\napiVersion: batch/v1\nmetadata:\n name: demo\n namespace: default\n uid: a9708239-0358-4aa1-87d3-a092c080836e\n resourceVersion: '92751876'\n generation: 1\n creationTimestamp: '2022-12-26T10:52:22Z'\n labels:\n app: demo\n controller-uid: a9708239-0358-4aa1-87d3-a092c080836e\n job-name: demo\n annotations:\n revisions: >-\n {\"1\":{\"status\":\"running\",\"uid\":\"a9708239-0358-4aa1-87d3-a092c080836e\",\"start-time\":\"2022-12-26T10:52:22Z\",\"completion-time\":\"0001-01-01T00:00:00Z\"}}\nspec:\n parallelism: 1\n backoffLimit: 6\n selector:\n matchLabels:\n controller-uid: a9708239-0358-4aa1-87d3-a092c080836e\n template:\n metadata:\n creationTimestamp: null\n labels:\n app: demo\n controller-uid: a9708239-0358-4aa1-87d3-a092c080836e\n job-name: demo\n spec:\n containers:\n - name: container-4\n image: nginx\n resources:\n limits:\n cpu: 250m\n memory: 512Mi\n requests:\n cpu: 250m\n memory: 512Mi\n lifecycle: {}\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: IfNotPresent\n securityContext:\n privileged: false\n restartPolicy: Never\n terminationGracePeriodSeconds: 30\n dnsPolicy: ClusterFirst\n securityContext: {}\n schedulerName: default-scheduler\n completionMode: NonIndexed\n suspend: false\nstatus:\n startTime: '2022-12-26T10:52:22Z'\n active: 1\n
"},{"location":"en/end-user/kpanda/workloads/create-statefulset.html","title":"Create StatefulSet","text":"This page describes how to create a StatefulSet through image and YAML files.
StatefulSet is a common resource in Kubernetes, and Deployment, mainly used to manage the deployment and scaling of Pod collections. The main difference between the two is that Deployment is stateless and does not save data, while StatefulSet is stateful and is mainly used to manage stateful applications. In addition, Pods in a StatefulSet have a persistent ID, which makes it easy to identify the proper Pod when matching storage volumes.
Through the container management module of AI platform, workloads on multicloud and multiclusters can be easily managed based on proper role permissions, including the creation of StatefulSets, update, delete, elastic scaling, restart, version rollback and other full life cycle management.
"},{"location":"en/end-user/kpanda/workloads/create-statefulset.html#prerequisites","title":"Prerequisites","text":"Before using image to create StatefulSets, the following prerequisites need to be met:
In the Container Management module Integrate Kubernetes Cluster or Create Kubernetes Cluster, and can access the cluster UI interface.
Create a namespace and a user.
The current operating user should have NS Editor or higher permissions, for details, refer to Namespace Authorization.
When there are multiple containers in a single instance, please make sure that the ports used by the containers do not conflict, otherwise the deployment will fail.
Follow the steps below to create a statefulSet using image.
Click Clusters on the left navigation bar, then click the name of the target cluster to enter Cluster Details.
Click Workloads -> StatefulSets in the left navigation bar, and then click the Create by Image button in the upper right corner.
Fill in Basic Information, Container Settings, Service Settings, Advanced Settings, click OK in the lower right corner of the page to complete the creation.
The system will automatically return to the list of StatefulSets , and wait for the status of the workload to become running . If the workload status is abnormal, refer to Workload Status for specific exception information.
Click \u2507 on the right side of the New Workload column to perform operations such as update, delete, elastic scaling, restart, and version rollback on the workload.
Container setting is divided into six parts: basic information, life cycle, health check, environment variables, data storage, and security settings. Click the tab below to view the requirements of each part.
Container settings is only configured for a single container. To add multiple containers to a pod, click + on the right to add multiple containers.
Basic information (required)Lifecycle (optional)Health Check (optional)Environment Variables (optional)Data Storage (optional)Security Settings (optional)When configuring container-related parameters, you must correctly fill in the container name and image parameters, otherwise you will not be able to proceed to the next step. After filling in the settings with reference to the following requirements, click OK .
Before setting exclusive GPU, the administrator needs to install the GPU and driver plug-in on the cluster nodes in advance, and enable the GPU feature in Cluster Settings.
Set the commands that need to be executed when the container starts, after starting, and before stopping. For details, refer to Container Lifecycle Configuration.
Used to judge the health status of containers and applications. Helps improve app usability. For details, refer to Container Health Check Configuration.
Configure container parameters within the Pod, add environment variables or pass settings to the Pod, etc. For details, refer to Container environment variable settings.
Configure the settings for container mounting data volumes and data persistence. For details, refer to Container Data Storage Configuration.
Containers are securely isolated through Linux's built-in account authority isolation mechanism. You can limit container permissions by using account UIDs (digital identity tokens) with different permissions. For example, enter 0 to use the privileges of the root account.
"},{"location":"en/end-user/kpanda/workloads/create-statefulset.html#service-settings","title":"Service settings","text":"Configure Service (Service) for the statefulset, so that the statefulset can be accessed externally.
Click the Create Service button.
Refer to Create Service to configure service parameters.
Click OK and click Next .
Advanced setting includes four parts: load network settings, upgrade policy, scheduling policy, label and annotation. You can click the tabs below to view the requirements of each part.
Network ConfigurationUpgrade PolicyContainer Management PoliciesScheduling PoliciesLabels and AnnotationsIn some cases, the application will have redundant DNS queries. Kubernetes provides DNS-related settings options for applications, which can effectively reduce redundant DNS queries and increase business concurrency in certain cases.
DNS Policy
Nameservers: fill in the address of the domain name server, such as 10.6.175.20 .
Kubernetes v1.7 and later versions can set Pod management policies through .spec.podManagementPolicy , which supports the following two methods:
OrderedReady : The default Pod management policy, which means that Pods are deployed in order. Only after the deployment of the previous Pod is successfully completed, the statefulset will start to deploy the next Pod. Pods are deleted in reverse order, with the last created being deleted first.
Parallel : Create or delete containers in parallel, just like Pods of the Deployment type. The StatefulSet controller starts or terminates all containers in parallel. There is no need to wait for a Pod to enter the Running and ready state or to stop completely before starting or terminating other Pods. This option only affects the behavior of scaling operations, not the order of updates.
For details, refer to Scheduling Policy.
You can click the Add button to add tags and annotations to workloads and pods.
"},{"location":"en/end-user/kpanda/workloads/create-statefulset.html#create-from-yaml","title":"Create from YAML","text":"In addition to image, you can also create statefulsets more quickly through YAML files.
Click Clusters on the left navigation bar, and then click the name of the target cluster to enter the Cluster Details page.
On the cluster details page, click Workloads -> StatefulSets in the left navigation bar, and then click the Create from YAML button in the upper right corner of the page.
Enter or paste the YAML file prepared in advance, click OK to complete the creation.
kind: StatefulSet\n apiVersion: apps/v1\n metadata:\n name: test-mysql-123-mysql\n namespace: default\n uid: d3f45527-a0ab-4b22-9013-5842a06f4e0e\n resourceVersion: '20504385'\n generation: 1\n creationTimestamp: '2022-09-22T09:34:10Z'\n ownerReferences:\n - apiVersion: mysql.presslabs.org/v1alpha1\n kind: MysqlCluster\n name: test-mysql-123\n uid: 5e877cc3-5167-49da-904e-820940cf1a6d\n controller: true\n blockOwnerDeletion: true\n spec:\n replicas: 1\n selector:\n matchLabels:\n app.kubernetes.io/managed-by: mysql.presslabs.org\n app.kubernetes.io/name: mysql\n mysql.presslabs.org/cluster: test-mysql-123\n template:\n metadata:\n creationTimestamp: null\n labels:\n app.kubernetes.io/component: database\n app.kubernetes.io/instance: test-mysql-123\n app.kubernetes.io/managed-by: mysql.presslabs.org\n app.kubernetes.io/name: mysql\n app.kubernetes.io/version: 5.7.31\n mysql.presslabs.org/cluster: test-mysql-123\n annotations:\n config_rev: '13941099'\n prometheus.io/port: '9125'\n prometheus.io/scrape: 'true'\n secret_rev: '13941101'\n spec:\n volumes:\n -name: conf\n emptyDir: {}\n - name: init-scripts\n emptyDir: {}\n - name: config-map\n configMap:\n name: test-mysql-123-mysql\n defaultMode: 420\n - name: data\n persistentVolumeClaim:\n claimName: data\n initContainers:\n -name: init\n image: docker.m.daocloud.io/bitpoke/mysql-operator-sidecar-5.7:v0.6.1\n args:\n - clone-and-init\n envFrom:\n - secretRef:\n name: test-mysql-123-mysql-operated\n env:\n - name: MY_NAMESPACE\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n - name: MY_POD_NAME\n valueFrom:\n fieldRef:apiVersion: v1\n fieldPath: metadata.name\n - name: MY_POD_IP\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: status.podIP\n - name: MY_SERVICE_NAME\n value: mysql\n - name: MY_CLUSTER_NAME\n value: test-mysql-123\n - name: MY_FQDN\n value: $(MY_POD_NAME).$(MY_SERVICE_NAME).$(MY_NAMESPACE)\n - name: MY_MYSQL_VERSION\n value: 5.7.31\n - name: BACKUP_USER\n valueFrom:\n secretKeyRef:\n name: test-mysql-123-mysql-operated\n key: BACKUP_USER\n optional: true\n - name: BACKUP_PASSWORD\n valueFrom:\n secretKeyRef:\n name: test-mysql-123-mysql-operated\n key: BACKUP_PASSWORD\n optional: true\n resources: {}\n volumeMounts:\n - name: conf\n mountPath: /etc/mysql\n - name: config-map\n mountPath: /mnt/conf\n - name: data\n mountPath: /var/lib/mysql\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: IfNotPresent\n containers:\n - name: mysql\n image: docker.m.daocloud.io/mysql:5.7.31\n ports:\n - name: mysql\n containerPort: 3306\n protocol: TCP\n env:\n - name: MY_NAMESPACE\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n - name: MY_POD_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.name\n - name: MY_POD_IP\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: status.podIP\n - name: MY_SERVICE_NAME\n value: mysql\n - name: MY_CLUSTER_NAME\n value: test-mysql-123\n - name: MY_FQDN\n value: $(MY_POD_NAME).$(MY_SERVICE_NAME).$(MY_NAMESPACE)\n - name: MY_MYSQL_VERSION\n value: 5.7.31\n - name: ORCH_CLUSTER_ALIAS\n value: test-mysql-123.default\n - name: ORCH_HTTP_API\n value: http://mysql-operator.mcamel-system/api\n - name: MYSQL_ROOT_PASSWORD\n valueFrom:\n secretKeyRef:\n name: test-mysql-123-secret\n key: ROOT_PASSWORD\n optional: false\n - name: MYSQL_USER\n valueFrom:\n secretKeyRef:\n name: test-mysql-123-secret\n key: USER\n optional: true\n - name: MYSQL_PASSWORD\n valueFrom:\n secretKeyRef:\n name: test-mysql-123-secret\n key: PASSWORD\n optional: true\n - name: MYSQL_DATABASE\n valueFrom:\n secretKeyRef:\n name: test-mysql-123-secret\n key: DATABASE\n optional: true\n resources:\n limits:\n cpu: '1'\n memory: 1Gi\n requests:\n cpu: 100m\n memory: 512Mi\n volumeMounts:\n - name: conf\n mountPath: /etc/mysql\n - name: data\n mountPath: /var/lib/mysql\n livenessProbe:\n exec:\n command:\n - mysqladmin\n - '--defaults-file=/etc/mysql/client.conf'\n - ping\n initialDelaySeconds: 60\n timeoutSeconds: 5\n periodSeconds: 5\n successThreshold: 1\n failureThreshold: 3\n readinessProbe:\n exec:\n command:\n - /bin/sh\n - '-c'\n - >-\n test $(mysql --defaults-file=/etc/mysql/client.conf -NB -e\n 'SELECT COUNT(*) FROM sys_operator.status WHERE\n name=\"configured\" AND value=\"1\"') -eq 1\n initialDelaySeconds: 5\n timeoutSeconds: 5\n periodSeconds: 2\n successThreshold: 1\n failureThreshold: 3\n lifecycle:preStop:\n exec:\n command:\n - bash\n - /etc/mysql/pre-shutdown-ha.sh\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: IfNotPresent\n - name: sidecar\n image: docker.m.daocloud.io/bitpoke/mysql-operator-sidecar-5.7:v0.6.1\n args:\n - config-and-serve\n ports:\n - name: sidecar-http\n containerPort: 8080\n protocol: TCP\n envFrom:\n - secretRef:\n name: test-mysql-123-mysql-operated\n env:\n - name: MY_NAMESPACE\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n - name: MY_POD_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.name\n - name: MY_POD_IP\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: status.podIP\n - name: MY_SERVICE_NAME\n value: mysql\n - name: MY_CLUSTER_NAME\n value: test-mysql-123\n - name: MY_FQDN\n value: $(MY_POD_NAME).$(MY_SERVICE_NAME).$(MY_NAMESPACE)\n - name: MY_MYSQL_VERSION\n value: 5.7.31\n - name: XTRABACKUP_TARGET_DIR\n value: /tmp/xtrabackup_backupfiles/\n resources:\n limits:\n cpu: '1'\n memory: 1Gi\n requests:\n cpu: 10m\n memory: 64Mi\n volumeMounts:\n - name: conf\n mountPath: /etc/mysql\n - name: data\n mountPath: /var/lib/mysql\n readinessProbe:\n httpGet:\n path: /health\n port: 8080\n scheme: HTTP\n initialDelaySeconds: 30\n timeoutSeconds: 5\n periodSeconds: 5\n successThreshold: 1\n failureThreshold: 3\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: IfNotPresent\n - name: metrics-exporter\n image: prom/mysqld-exporter:v0.13.0\n args:\n - '--web.listen-address=0.0.0.0:9125'\n - '--web.telemetry-path=/metrics'\n - '--collect.heartbeat'\n - '--collect.heartbeat.database=sys_operator'\n ports:\n - name: prometheus\n containerPort: 9125\n protocol: TCP\n env:\n - name: MY_NAMESPACE\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n - name: MY_POD_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.name\n - name: MY_POD_IP\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: status.podIP\n - name: MY_SERVICE_NAME\n value: mysql\n - name: MY_CLUSTER_NAME\n value: test-mysql-123\n - name: MY_FQDN\n value: $(MY_POD_NAME).$(MY_SERVICE_NAME).$(MY_NAMESPACE)\n - name: MY_MYSQL_VERSION\n value: 5.7.31\n - name: USER\n valueFrom:\n secretKeyRef:\n name: test-mysql-123-mysql-operated\n key: METRICS_EXPORTER_USER\n optional: false\n - name: PASSWORD\n valueFrom:\n secretKeyRef:\n name: test-mysql-123-mysql-operated\n key: METRICS_EXPORTER_PASSWORD\n optional: false\n - name: DATA_SOURCE_NAME\n value: $(USER):$(PASSWORD)@(127.0.0.1:3306)/\n resources:\n limits:\n cpu: 100m\n memory: 128Mi\n requests:\n cpu: 10m\n memory: 32Mi\n livenessProbe:\n httpGet:\n path: /metrics\n port: 9125\n scheme: HTTP\n initialDelaySeconds: 30\n timeoutSeconds: 30\n periodSeconds: 30\n successThreshold: 1\n failureThreshold: 3\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: IfNotPresent\n - name: pt-heartbeat\n image: docker.m.daocloud.io/bitpoke/mysql-operator-sidecar-5.7:v0.6.1\n args:\n - pt-heartbeat\n - '--update'\n - '--replace'\n - '--check-read-only'\n - '--create-table'\n - '--database'\n - sys_operator\n - '--table'\n - heartbeat\n - '--utc'\n - '--defaults-file'\n - /etc/mysql/heartbeat.conf\n - '--fail-successive-errors=20'\n env:\n - name: MY_NAMESPACE\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n - name: MY_POD_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.name\n - name: MY_POD_IP\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: status.podIP\n - name: MY_SERVICE_NAME\n value: mysql\n - name: MY_CLUSTER_NAME\n value: test-mysql-123\n - name: MY_FQDN\n value: $(MY_POD_NAME).$(MY_SERVICE_NAME).$(MY_NAMESPACE)\n - name: MY_MYSQL_VERSION\n value: 5.7.31\n resources:\n limits:\n cpu: 100m\n memory: 64Mi\n requests:\n cpu: 10m\n memory: 32Mi\n volumeMounts:\n - name: conf\n mountPath: /etc/mysql\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n imagePullPolicy: IfNotPresent\n restartPolicy: Always\n terminationGracePeriodSeconds: 30\n dnsPolicy: ClusterFirst\n securityContext:\n runAsUser: 999\n fsGroup: 999\n affinity:\n podAntiAffinity:\n preferredDuringSchedulingIgnoredDuringExecution:\n - weight: 100\n podAffinityTerm:\n labelSelector:\n matchLabels:\n app.kubernetes.io/component: database\n app.kubernetes.io/instance: test-mysql-123\n app.kubernetes.io/managed-by: mysql.presslabs.org\n app.kubernetes.io/name: mysql\n app.kubernetes.io/version: 5.7.31\n mysql.presslabs.org/cluster: test-mysql-123\n topologyKey: kubernetes.io/hostname\n schedulerName: default-scheduler\n volumeClaimTemplates:\n - kind: PersistentVolumeClaim\n apiVersion: v1\n metadata:\n name: data\n creationTimestamp: null\n ownerReferences:\n - apiVersion: mysql.presslabs.org/v1alpha1\n kind: MysqlCluster\n name: test-mysql-123\n uid: 5e877cc3-5167-49da-904e-820940cf1a6d\n controller: true\n spec:\n accessModes:\n - ReadWriteOnce\n resources:\n limits:\n storage: 1Gi\n requests:\n storage: 1Gi\n storageClassName: local-path\n volumeMode: Filesystem\n status:\n phase: Pending\n serviceName: mysql\n podManagementPolicy: OrderedReady\n updateStrategy:\n type: RollingUpdate\n rollingUpdate:\n partition: 0\n revisionHistoryLimit: 10\nstatus:\n observedGeneration: 1\n replicas: 1\n readyReplicas: 1\n currentReplicas: 1\n updatedReplicas: 1\n currentRevision: test-mysql-123-mysql-6b8f5577c7\n updateRevision: test-mysql-123-mysql-6b8f5577c7\n collisionCount: 0\n availableReplicas: 1\n
"},{"location":"en/end-user/kpanda/workloads/pod-config/env-variables.html","title":"Configure environment variables","text":"An environment variable refers to a variable set in the container running environment, which is used to add environment flags to Pods or transfer configurations, etc. It supports configuring environment variables for Pods in the form of key-value pairs.
Suanova container management adds a graphical interface to configure environment variables for Pods on the basis of native Kubernetes, and supports the following configuration methods:
Key-value pair (Key/Value Pair): Use a custom key-value pair as the environment variable of the container
Resource reference (Resource): Use the fields defined by Container as the value of environment variables, such as the memory limit of the container, the number of copies, etc.
Variable/Variable Reference (Pod Field): Use the Pod field as the value of an environment variable, such as the name of the Pod
ConfigMap key value import (ConfigMap key): Import the value of a key in the ConfigMap as the value of an environment variable
Key key value import (Secret Key): use the data from the Secret to define the value of the environment variable
Key Import (Secret): Import all key values \u200b\u200bin Secret as environment variables
ConfigMap import (ConfigMap): import all key values \u200b\u200bin the ConfigMap as environment variables
Container health check checks the health status of containers according to user requirements. After configuration, if the application in the container is abnormal, the container will automatically restart and recover. Kubernetes provides Liveness checks, Readiness checks, and Startup checks.
LivenessProbe can detect application deadlock (the application is running, but cannot continue to run the following steps). Restarting containers in this state can help improve the availability of applications, even if there are bugs in them.
ReadinessProbe can detect when a container is ready to accept request traffic. A Pod can only be considered ready when all containers in a Pod are ready. One use of this signal is to control which Pod is used as the backend of the Service. If the Pod is not ready, it will be removed from the Service's load balancer.
Startup check (StartupProbe) can know when the application container is started. After configuration, it can control the container to check the viability and readiness after it starts successfully, so as to ensure that these liveness and readiness probes will not affect the start of the application. Startup detection can be used to perform liveness checks on slow-starting containers, preventing them from being killed before they start running.
The configuration of LivenessProbe is similar to that of ReadinessProbe, the only difference is to use readinessProbe field instead of livenessProbe field.
HTTP GET parameter description:
Parameter Description Path (Path) The requested path for access. Such as: /healthz path in the example Port (Port) Service listening port. Such as: port 8080 in the example protocol access protocol, Http or Https Delay time (initialDelaySeconds) Delay check time, in seconds, this setting is related to the normal startup time of business programs. For example, if it is set to 30, it means that the health check will start 30 seconds after the container is started, which is the time reserved for business program startup. Timeout (timeoutSeconds) Timeout, in seconds. For example, if it is set to 10, it indicates that the timeout waiting period for executing the health check is 10 seconds. If this time is exceeded, the health check will be regarded as a failure. If set to 0 or not set, the default timeout waiting time is 1 second. Timeout (timeoutSeconds) Timeout, in seconds. For example, if it is set to 10, it indicates that the timeout waiting period for executing the health check is 10 seconds. If this time is exceeded, the health check will be regarded as a failure. If set to 0 or not set, the default timeout waiting time is 1 second. SuccessThreshold (successThreshold) The minimum number of consecutive successes that are considered successful after a probe fails. The default value is 1, and the minimum value is 1. This value must be 1 for liveness and startup probes. Maximum number of failures (failureThreshold) The number of retries when the probe fails. Giving up in case of a liveness probe means restarting the container. Pods that are abandoned due to readiness probes are marked as not ready. The default value is 3. The minimum value is 1."},{"location":"en/end-user/kpanda/workloads/pod-config/health-check.html#check-with-http-get-request","title":"Check with HTTP GET request","text":"YAML example:
apiVersion: v1\nkind: Pod\nmetadata:\n labels:\n test: liveness\n name: liveness-http\nspec:\n containers:\n - name: liveness # Container name\n image: k8s.gcr.io/liveness # Container image\n args:\n - /server # Arguments to pass to the container\n livenessProbe:\n httpGet:\n path: /healthz # Access request path\n port: 8080 # Service listening port\n httpHeaders:\n - name: Custom-Header # Custom header name\n value: Awesome # Custom header value\n initialDelaySeconds: 3 # Wait 3 seconds before the first probe\n periodSeconds: 3 # Perform liveness detection every 3 seconds\n
According to the set rules, Kubelet sends an HTTP GET request to the service running in the container (the service is listening on port 8080) to perform the detection. The kubelet considers the container alive if the handler under the /healthz path on the server returns a success code. If the handler returns a failure code, the kubelet kills the container and restarts it. Any return code greater than or equal to 200 and less than 400 indicates success, and any other return code indicates failure. The /healthz handler returns a 200 status code for the first 10 seconds of the container's lifetime. The handler then returns a status code of 500.
"},{"location":"en/end-user/kpanda/workloads/pod-config/health-check.html#use-tcp-port-check","title":"Use TCP port check","text":"TCP port parameter description:
Parameter Description Port (Port) Service listening port. Such as: port 8080 in the example Delay time (initialDelaySeconds) Delay check time, in seconds, this setting is related to the normal startup time of business programs. For example, if it is set to 30, it means that the health check will start 30 seconds after the container is started, which is the time reserved for business program startup. Timeout (timeoutSeconds) Timeout, in seconds. For example, if it is set to 10, it indicates that the timeout waiting period for executing the health check is 10 seconds. If this time is exceeded, the health check will be regarded as a failure. If set to 0 or not set, the default timeout waiting time is 1 second.For a container that provides TCP communication services, based on this configuration, the cluster establishes a TCP connection to the container according to the set rules. If the connection is successful, it proves that the detection is successful, otherwise the detection fails. If you choose the TCP port detection method, you must specify the port that the container listens to.
YAML example:
apiVersion: v1\nkind: Pod\nmetadata:\n name: goproxy\n labels:\n app: goproxy\nspec:\n containers:\n - name: goproxy\n image: k8s.gcr.io/goproxy:0.1\n ports:\n - containerPort: 8080\n readinessProbe:\n tcpSocket:\n port: 8080\n initialDelaySeconds: 5\n periodSeconds: 10\n livenessProbe:\n tcpSocket:\n port: 8080\n initialDelaySeconds: 15\n periodSeconds: 20\n
This example uses both readiness and liveness probes. The kubelet sends the first readiness probe 5 seconds after the container is started. Attempt to connect to port 8080 of the goproxy container. If the probe is successful, the Pod will be marked as ready and the kubelet will continue to run the check every 10 seconds.
In addition to the readiness probe, this configuration includes a liveness probe. The kubelet will perform the first liveness probe 15 seconds after the container is started. The readiness probe will attempt to connect to the goproxy container on port 8080. If the liveness probe fails, the container will be restarted.
"},{"location":"en/end-user/kpanda/workloads/pod-config/health-check.html#run-command-check","title":"Run command check","text":"YAML example:
apiVersion: v1\nkind: Pod\nmetadata:\n labels:\n test: liveness\n name: liveness-exec\nspec:\n containers:\n - name: liveness # Container name\n image: k8s.gcr.io/busybox # Container image\n args:\n - /bin/sh # Command to run\n - -c # Pass the following string as a command\n - touch /tmp/healthy; sleep 30; rm -f /tmp/healthy; sleep 600 # Command to execute\n livenessProbe:\n exec:\n command:\n - cat # Command to check liveness\n - /tmp/healthy # File to check\n initialDelaySeconds: 5 # Wait 5 seconds before the first probe\n periodSeconds: 5 # Perform liveness detection every 5 seconds\n
The periodSeconds field specifies that the kubelet performs a liveness probe every 5 seconds, and the initialDelaySeconds field specifies that the kubelet waits for 5 seconds before performing the first probe. According to the set rules, the cluster periodically executes the command cat /tmp/healthy in the container through the kubelet to detect. If the command executes successfully and the return value is 0, the kubelet considers the container to be healthy and alive. If this command returns a non-zero value, the kubelet will kill the container and restart it.
"},{"location":"en/end-user/kpanda/workloads/pod-config/health-check.html#protect-slow-starting-containers-with-pre-start-checks","title":"Protect slow-starting containers with pre-start checks","text":"Some applications require a long initialization time at startup. You need to use the same command to set startup detection. For HTTP or TCP detection, you can set the failureThreshold * periodSeconds parameter to a long enough time to cope with the long startup time scene.
YAML example:
ports:\n- name: liveness-port\n containerPort: 8080\n hostPort: 8080\n\nlivenessProbe:\n httpGet:\n path: /healthz\n port: liveness-port\n failureThreshold: 1\n periodSeconds: 10\n\nstartupProbe:\n httpGet:\n path: /healthz\n port: liveness-port\n failureThreshold: 30\n periodSeconds: 10\n
With the above settings, the application will have up to 5 minutes (30 * 10 = 300s) to complete the startup process. Once the startup detection is successful, the survival detection task will take over the detection of the container and respond quickly to the container deadlock. If the start probe has been unsuccessful, the container is killed after 300 seconds and further disposition is performed according to the restartPolicy .
"},{"location":"en/end-user/kpanda/workloads/pod-config/job-parameters.html","title":"Description of job parameters","text":"According to the settings of .spec.completions and .spec.Parallelism , jobs (Job) can be divided into the following types:
Job Type Description Non-parallel Job Creates a Pod until its Job completes successfully Parallel Jobs with deterministic completion counts A Job is considered complete when the number of successful Pods reaches .spec.completions Parallel Job Creates one or more Pods until one finishes successfullyParameter Description
RestartPolicy Creates a Pod until it terminates successfully .spec.completions Indicates the number of Pods that need to run successfully when the Job ends, the default is 1 .spec.parallelism Indicates the number of Pods running in parallel, the default is 1 spec.backoffLimit Indicates the maximum number of retries for a failed Pod, beyond which no more retries will continue. .spec.activeDeadlineSeconds Indicates the Pod running time. Once this time is reached, the Job, that is, all its Pods, will stop. And activeDeadlineSeconds has a higher priority than backoffLimit, that is, the job that reaches activeDeadlineSeconds will ignore the setting of backoffLimit.The following is an example Job configuration, saved in myjob.yaml, which calculates \u03c0 to 2000 digits and prints the output.
apiVersion: batch/v1\nkind: Job #The type of the current resource\nmetadata:\n name: myjob\nspec:\n completions: 50 # Job needs to run 50 Pods at the end, in this example it prints \u03c0 50 times\n parallelism: 5 # 5 Pods in parallel\n backoffLimit: 5 # retry up to 5 times\n template:\n spec:\n containers:\n - name: pi\n image: perl\n command: [\"perl\", \"-Mbignum=bpi\", \"-wle\", \"print bpi(2000)\"]\n restartPolicy: Never #restart policy\n
Related commands
kubectl apply -f myjob.yaml # Start job\nkubectl get job # View this job\nkubectl logs myjob-1122dswzs View Job Pod logs\n
"},{"location":"en/end-user/kpanda/workloads/pod-config/lifecycle.html","title":"Configure the container lifecycle","text":"Pods follow a predefined lifecycle, starting in the Pending phase and entering the Running state if at least one container in the Pod starts normally. If any container in the Pod ends in a failed state, the state becomes Failed . The following phase field values \u200b\u200bindicate which phase of the lifecycle a Pod is in.
Value Description Pending The Pod has been accepted by the system, but one or more containers have not yet been created or run. This phase includes waiting for the pod to be scheduled and downloading the image over the network. Running (Running) The Pod has been bound to a node, and all containers in the Pod have been created. At least one container is still running, or in the process of starting or restarting. Succeeded (Success) All containers in the Pod were successfully terminated and will not be restarted. Failed All containers in the Pod have terminated, and at least one container terminated due to failure. That is, the container exited with a non-zero status or was terminated by the system. Unknown (Unknown) The status of the Pod cannot be obtained for some reason, usually due to a communication failure with the host where the Pod resides.When creating a workload in Suanova container management, images are usually used to specify the running environment in the container. By default, when building an image, the Entrypoint and CMD fields can be used to define the commands and parameters to be executed when the container is running. If you need to change the commands and parameters of the container image before starting, after starting, and before stopping, you can override the default commands and parameters in the image by setting the lifecycle event commands and parameters of the container.
"},{"location":"en/end-user/kpanda/workloads/pod-config/lifecycle.html#lifecycle-configuration","title":"Lifecycle configuration","text":"Configure the startup command, post-start command, and pre-stop command of the container according to business needs.
Parameter Description Example value Start command Type: Optional Meaning: The container will be started according to the start command. Command after startup Type: optionalMeaning: command after container startup Command before stopping Type: Optional Meaning: The command executed by the container after receiving the stop command. Ensure that the services running in the instance can be drained in advance when the instance is upgraded or deleted. -"},{"location":"en/end-user/kpanda/workloads/pod-config/lifecycle.html#start-command","title":"start command","text":"Configure the startup command according to the table below.
Parameter Description Example value Run command Type: RequiredMeaning: Enter an executable command, and separate multiple commands with spaces. If the command itself has spaces, you need to add (\"\"). Meaning: When there are multiple commands, it is recommended to use /bin/sh or other shells to run the command, and pass in all other commands as parameters. /run/server Running parameters Type: OptionalMeaning: Enter the parameters of the control container running command. port=8080"},{"location":"en/end-user/kpanda/workloads/pod-config/lifecycle.html#post-start-commands","title":"Post-start commands","text":"Suanova provides two processing types, command line script and HTTP request, to configure post-start commands. You can choose the configuration method that suits you according to the table below.
Command line script configuration
Parameter Description Example value Run Command Type: Optional Meaning: Enter an executable command, and separate multiple commands with spaces. If the command itself contains spaces, you need to add (\"\"). Meaning: When there are multiple commands, it is recommended to use /bin/sh or other shells to run the command, and pass in all other commands as parameters. /run/server Running parameters Type: OptionalMeaning: Enter the parameters of the control container running command. port=8080"},{"location":"en/end-user/kpanda/workloads/pod-config/lifecycle.html#stop-pre-command","title":"stop pre-command","text":"Suanova provides two processing types, command line script and HTTP request, to configure the pre-stop command. You can choose the configuration method that suits you according to the table below.
HTTP request configuration
Parameter Description Example value URL Path Type: Optional Meaning: Requested URL path. Meaning: When there are multiple commands, it is recommended to use /bin/sh or other shells to run the command, and pass in all other commands as parameters. /run/server Port Type: RequiredMeaning: Requested port. port=8080 Node Address Type: Optional Meaning: The requested IP address, the default is the node IP where the container is located. -"},{"location":"en/end-user/kpanda/workloads/pod-config/scheduling-policy.html","title":"Scheduling Policy","text":"In a Kubernetes cluster, like many other Kubernetes objects, nodes have labels. You can manually add labels. Kubernetes also adds some standard labels to all nodes in the cluster. See Common Labels, Annotations, and Taints for common node labels. By adding labels to nodes, you can have pods scheduled on specific nodes or groups of nodes. You can use this feature to ensure that specific Pods can only run on nodes with certain isolation, security or governance properties.
nodeSelector is the simplest recommended form of a node selection constraint. You can add a nodeSelector field to the Pod's spec to set the node label. Kubernetes will only schedule pods on nodes with each label specified. nodeSelector provides one of the easiest ways to constrain Pods to nodes with specific labels. Affinity and anti-affinity expand the types of constraints you can define. Some benefits of using affinity and anti-affinity are:
Affinity and anti-affinity languages are more expressive. nodeSelector can only select nodes that have all the specified labels. Affinity, anti-affinity give you greater control over selection logic.
You can mark a rule as \"soft demand\" or \"preference\", so that the scheduler will still schedule the Pod if no matching node can be found.
You can use the labels of other Pods running on the node (or in other topological domains) to enforce scheduling constraints, instead of only using the labels of the node itself. This capability allows you to define rules which allow Pods to be placed together.
You can choose which node the Pod will deploy to by setting affinity and anti-affinity.
"},{"location":"en/end-user/kpanda/workloads/pod-config/scheduling-policy.html#tolerance-time","title":"Tolerance time","text":"When the node where the workload instance is located is unavailable, the period for the system to reschedule the instance to other available nodes. The default is 300 seconds.
"},{"location":"en/end-user/kpanda/workloads/pod-config/scheduling-policy.html#node-affinity-nodeaffinity","title":"Node affinity (nodeAffinity)","text":"Node affinity is conceptually similar to nodeSelector , which allows you to constrain which nodes Pods can be scheduled on based on the labels on the nodes. There are two types of node affinity:
Must be satisfied: ( requiredDuringSchedulingIgnoredDuringExecution ) The scheduler can only run scheduling when the rules are satisfied. This functionality is similar to nodeSelector , but with a more expressive syntax. You can define multiple hard constraint rules, but only one of them must be satisfied.
Satisfy as much as possible: ( preferredDuringSchedulingIgnoredDuringExecution ) The scheduler will try to find nodes that meet the proper rules. If no matching node is found, the scheduler will still schedule the Pod. You can also set weights for soft constraint rules. During specific scheduling, if there are multiple nodes that meet the conditions, the node with the highest weight will be scheduled first. At the same time, you can also define multiple hard constraint rules, but only one of them needs to be satisfied.
The label proper to the node can use the default label or user-defined label.
"},{"location":"en/end-user/kpanda/workloads/pod-config/scheduling-policy.html#operators","title":"Operators","text":"It can only be added in the \"as far as possible\" policy, which can be understood as the priority of scheduling, and those with the highest weight will be scheduled first. The value range is 1 to 100.
"},{"location":"en/end-user/kpanda/workloads/pod-config/scheduling-policy.html#workload-affinity","title":"Workload Affinity","text":"Similar to node affinity, there are two types of workload affinity:
The affinity of the workload is mainly used to determine which Pods of the workload can be deployed in the same topology domain. For example, services that communicate with each other can be deployed in the same topology domain (such as the same availability zone) by applying affinity scheduling to reduce the network delay between them.
"},{"location":"en/end-user/kpanda/workloads/pod-config/scheduling-policy.html#tag-name_1","title":"Tag name","text":"The label proper to the node can use the default label or user-defined label.
"},{"location":"en/end-user/kpanda/workloads/pod-config/scheduling-policy.html#namespaces","title":"Namespaces","text":"Specifies the namespace in which the scheduling policy takes effect.
"},{"location":"en/end-user/kpanda/workloads/pod-config/scheduling-policy.html#operators_1","title":"Operators","text":"Specify the scope of influence during scheduling. If you specify kubernetes.io/Clustername, it will use the Node node as the distinguishing scope.
"},{"location":"en/end-user/kpanda/workloads/pod-config/scheduling-policy.html#workload-anti-affinity","title":"Workload Anti-Affinity","text":"Similar to node affinity, there are two types of anti-affinity for workloads:
The anti-affinity of the workload is mainly used to determine which Pods of the workload cannot be deployed in the same topology domain. For example, the same Pod of a load is distributed to different topological domains (such as different hosts) to improve the stability of the workload itself.
"},{"location":"en/end-user/kpanda/workloads/pod-config/scheduling-policy.html#tag-name_2","title":"Tag name","text":"The label proper to the node can use the default label or user-defined label.
"},{"location":"en/end-user/kpanda/workloads/pod-config/scheduling-policy.html#namespaces_1","title":"Namespaces","text":"Specifies the namespace in which the scheduling policy takes effect.
"},{"location":"en/end-user/kpanda/workloads/pod-config/scheduling-policy.html#operators_2","title":"Operators","text":"Specify the scope of influence when scheduling, such as specifying kubernetes.io/Clustername, it will use the Node node as the distinguishing scope.
"},{"location":"en/end-user/kpanda/workloads/pod-config/workload-status.html","title":"Workload Status","text":"A workload is an application running on Kubernetes, and in Kubernetes, whether your application is composed of a single same component or composed of many different components, you can use a set of Pods to run it. Kubernetes provides five built-in workload resources to manage pods:
You can also expand workload resources by setting Custom Resource CRD. In the fifth-generation container management, it supports full lifecycle management of workloads such as creation, update, capacity expansion, monitoring, logging, deletion, and version management.
"},{"location":"en/end-user/kpanda/workloads/pod-config/workload-status.html#pod-status","title":"Pod Status","text":"Pod is the smallest computing unit created and managed in Kubernetes, that is, a collection of containers. These containers share storage, networking, and management policies that control how the containers run. Pods are typically not created directly by users, but through workload resources. Pods follow a predefined lifecycle, starting at Pending phase, if at least one of the primary containers starts normally, it enters Running , and then enters the Succeeded or Failed stage depending on whether any container in the Pod ends in a failed status.
"},{"location":"en/end-user/kpanda/workloads/pod-config/workload-status.html#workload-status_1","title":"Workload Status","text":"The fifth-generation container management module designs a built-in workload life cycle status set based on factors such as Pod status and number of replicas, so that users can more realistically perceive the running status of workloads. Because different workload types (such as Deployment and Jobs) have inconsistent management mechanisms for Pods, different workloads will have different lifecycle status during operation, as shown in the following table.
"},{"location":"en/end-user/kpanda/workloads/pod-config/workload-status.html#deployment-statefulset-damemonset-status","title":"Deployment, StatefulSet, DamemonSet Status","text":"Status Description Waiting 1. A workload is in this status while its creation is in progress. 2. After an upgrade or rollback action is triggered, the workload is in this status. 3. Trigger operations such as pausing/scaling, and the workload is in this status. Running This status occurs when all instances under the workload are running and the number of replicas matches the user-defined number. Deleting When a delete operation is performed, the payload is in this status until the delete is complete. Exception Unable to get the status of the workload for some reason. This usually occurs because communication with the pod's host has failed. Not Ready When the container is in an abnormal, pending status, this status is displayed when the workload cannot be started due to an unknown error"},{"location":"en/end-user/kpanda/workloads/pod-config/workload-status.html#job-status","title":"Job Status","text":"Status Description Waiting The workload is in this status while Job creation is in progress. Executing The Job is in progress and the workload is in this status. Execution Complete The Job execution is complete and the workload is in this status. Deleting A delete operation is triggered and the workload is in this status. Exception Pod status could not be obtained for some reason. This usually occurs because communication with the pod's host has failed."},{"location":"en/end-user/kpanda/workloads/pod-config/workload-status.html#cronjob-status","title":"CronJob status","text":"Status Description Waiting The CronJob is in this status when it is being created. Started After the CronJob is successfully created, the CronJob is in this status when it is running normally or when the paused task is started. Stopped The CronJob is in this status when the stop task operation is performed. Deleting The deletion operation is triggered, and the CronJob is in this status.When the workload is in an abnormal or unready status, you can move the mouse over the status value of the load, and the system will display more detailed error information through a prompt box. You can also view the log or events to obtain related running information of the workload.
"},{"location":"en/end-user/register/index.html","title":"User Registration","text":"New users need to register when using the AI platform for the first time.
"},{"location":"en/end-user/register/index.html#prerequisites","title":"Prerequisites","text":"Open the AI platform homepage at https://ai.isuanova.com/ and click Register.
Enter your username, password, and email, then click Register.
The system will prompt that an email has been sent to your inbox.
Log into your email, find the email, and click the link.
Congratulations, you have successfully accessed the AI platform and can now start your AI journey.
Notebook usually refers to Jupyter Notebook or similar interactive computing environments. It is a very popular tool widely used in fields such as data science, machine learning, and deep learning. This page explains how to use Notebook in the AI platform.
"},{"location":"en/end-user/share/notebook.html#prerequisites","title":"Prerequisites","text":"Navigate to AI Lab -> Operator -> Queue Management, and click the Create button on the right.
Enter a name, select the cluster, workspace, and quota, then click OK.
Log into the AI platform as a User, navigate to AI Lab -> Notebook, and click the Create button on the right.
After configuring the various parameters, click OK.
Basic InformationResource ConfigurationAdvanced ConfigurationEnter a name, select the cluster, namespace, choose the queue just created, and click One-Click Initialization.
Select the Notebook type, configure memory, CPU, enable GPU, create and configure PVC:
Enable SSH external network access:
You will be automatically redirected to the Notebook instance list, click the instance name.
Enter the Notebook instance detail page and click the Open button in the upper right corner.
You have entered the Notebook development environment, where a persistent volume is mounted in the /home/jovyan
directory. You can clone code through git, upload data after connecting via SSH, etc.
Generate an SSH key pair on your own computer.
Open the command line on your computer, for example, open git bash on Windows, enter ssh-keygen.exe -t rsa
, and press enter through the prompts.
Use commands like cat ~/.ssh/id_rsa.pub
to view and copy the public key.
Log into the AI platform as a user, click Personal Center -> SSH Public Key -> Import SSH Public Key in the upper right corner.
Enter the detail page of the Notebook instance and copy the SSH link.
Use SSH to access the Notebook instance from the client.
Next step: Create Training Job
"},{"location":"en/end-user/share/workload.html","title":"Creating AI Workloads Using GPU Resources","text":"After the administrator allocates resource quotas for the workspace, users can create AI workloads to utilize GPU computing resources.
"},{"location":"en/end-user/share/workload.html#prerequisites","title":"Prerequisites","text":"Navigate to Container Management, select a namespace, click Workloads -> Deployments , and then click the Create Image button on the right.
After configuring various parameters, click OK.
Basic InformationContainer ConfigurationOtherSelect your namespace.
Set the image, configure CPU, memory, GPU, and other resources, and set the startup command.
Service configuration and advanced configuration can use the default settings.
You will be automatically redirected to the stateless workload list; click the workload name.
Enter the detail page where you can see the GPU quota.
You can also access the console and run the nvidia-smi
command to view GPU resources.
Next step: Using Notebook
"},{"location":"en/openapi/index.html","title":"OpenAPI Documentation","text":"This is some OpenAPI documentation aimed at developers.
Access Keys can be used to access the OpenAPI and for continuous publishing. You can follow the steps below to obtain their keys and access the API in their personal center.
Log in to the AI platform, find Personal Center in the dropdown menu at the top right corner, and manage your account's access keys on the Access Keys page.
Info
Access key information is displayed only once. If you forget the access key information, you will need to create a new access key.
"},{"location":"en/openapi/index.html#using-the-key-to-access-the-api","title":"Using the Key to Access the API","text":"When accessing the AI platform's OpenAPI, include the request header Authorization:Bearer ${token}
in the request to identify the visitor's identity, where ${token}
is the key obtained in the previous step.
Request Example
curl -X GET -H 'Authorization:Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IkRKVjlBTHRBLXZ4MmtQUC1TQnVGS0dCSWc1cnBfdkxiQVVqM2U3RVByWnMiLCJ0eXAiOiJKV1QifQ.eyJleHAiOjE2NjE0MTU5NjksImlhdCI6MTY2MDgxMTE2OSwiaXNzIjoiZ2hpcHBvLmlvIiwic3ViIjoiZjdjOGIxZjUtMTc2MS00NjYwLTg2MWQtOWI3MmI0MzJmNGViIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiYWRtaW4iLCJncm91cHMiOltdfQ.RsUcrAYkQQ7C6BxMOrdD3qbBRUt0VVxynIGeq4wyIgye6R8Ma4cjxG5CbU1WyiHKpvIKJDJbeFQHro2euQyVde3ygA672ozkwLTnx3Tu-_mB1BubvWCBsDdUjIhCQfT39rk6EQozMjb-1X1sbLwzkfzKMls-oxkjagI_RFrYlTVPwT3Oaw-qOyulRSw7Dxd7jb0vINPq84vmlQIsI3UuTZSNO5BCgHpubcWwBss-Aon_DmYA-Et_-QtmPBA3k8E2hzDSzc7eqK0I68P25r9rwQ3DeKwD1dbRyndqWORRnz8TLEXSiCFXdZT2oiMrcJtO188Ph4eLGut1-4PzKhwgrQ' https://demo-dev.daocloud.io/apis/ghippo.io/v1alpha1/users?page=1&pageSize=10 -k\n
Request Result
{\n \"items\": [\n {\n \"id\": \"a7cfd010-ebbe-4601-987f-d098d9ef766e\",\n \"name\": \"a\",\n \"email\": \"\",\n \"description\": \"\",\n \"firstname\": \"\",\n \"lastname\": \"\",\n \"source\": \"locale\",\n \"enabled\": true,\n \"createdAt\": \"1660632794800\",\n \"updatedAt\": \"0\",\n \"lastLoginAt\": \"\"\n }\n ],\n \"pagination\": {\n \"page\": 1,\n \"pageSize\": 10,\n \"total\": 1\n }\n}\n
"},{"location":"en/openapi/baize/index.html","title":"AI Lab OpenAPI","text":""},{"location":"en/openapi/ghippo/index.html","title":"Global Management OpenAPI","text":""},{"location":"en/openapi/insight/index.html","title":"Insight OpenAPI","text":""},{"location":"en/openapi/kpanda/index.html","title":"Container Management OpenAPI","text":""},{"location":"en/openapi/virtnest/index.html","title":"Cloud Host OpenAPI","text":""}]}
\ No newline at end of file