Linux随记（十八）

Nightwish5

已于 2025-06-05 20:41:17 修改

阅读量686

点赞数 4

分类专栏： linux随记文章标签： linux 运维服务器

于 2025-06-03 20:41:33 首次发布

本文链接：https://blog.csdn.net/Nightwish5/article/details/148409246

版权

linux随记专栏收录该内容

18 篇文章

订阅专栏

一、k8s的node节点磁盘 /data已使用率超过 85% , 出现disk pressure ，驱逐pod现象

evicted ， the node had condition:[DiskPressure]
在这里插入图片描述

#修改/var/lib/kubelet/config.yaml
]# cat /var/lib/kubelet/config.yaml
apiVersion: kubelet.config.k8s.io/v1beta1
authentication:
  anonymous:
    enabled: false
  webhook:
    cacheTTL: 0s
    enabled: true
  x509:
    clientCAFile: /etc/kubernetes/pki/ca.crt
authorization:
  mode: Webhook
  webhook:
    cacheAuthorizedTTL: 0s
    cacheUnauthorizedTTL: 0s
cgroupDriver: systemd
clusterDNS:
- 10.96.0.10
clusterDomain: cluster.local
cpuManagerReconcilePeriod: 0s
evictionPressureTransitionPeriod: 0s
fileCheckFrequency: 0s
healthzBindAddress: 127.0.0.1
healthzPort: 10248
httpCheckFrequency: 0s
imageMinimumGCAge: 0s
kind: KubeletConfiguration
logging:
  flushFrequency: 0
  options:
    json:
      infoBufferSize: "0"
  verbosity: 0
memorySwap: {}
nodeStatusReportFrequency: 0s
nodeStatusUpdateFrequency: 0s
rotateCertificates: true
runtimeRequestTimeout: 0s
shutdownGracePeriod: 0s
shutdownGracePeriodCriticalPods: 0s
staticPodPath: /etc/kubernetes/manifests
streamingConnectionIdleTimeout: 0s
syncFrequency: 0s
volumeStatsAggPeriod: 0s

#202506 添加：
evictionHard:
  imagefs.available: 1%
  memory.available: 100Mi
  nodefs.available: 1%
  nodefs.inodesFree: 1%



#重启该node节点的 kubelet
systemctl restart kubelet
systemctl status kubelet

在这里插入图片描述

#参考文章：
https://blog.csdn.net/qq_59634082/article/details/136868417   《k8s资源不足时驱赶pod阈值调整》
https://stackoverflow.com/questions/54155534/kubernetes-eviction-manager-evicting-control-plane-pods-to-reclaim-ephemeral-sto/60068671#60068671  
https://devpress.csdn.net/k8s/62ffc7fac67703293080625f.html  《Kubernetes 驱逐管理器驱逐控制平面 pod 以回收临时存储》

END

二、删除ES索引和其数据。

k8s上部署3个ES节点 ， 版本elasticsearch:7.6.0 。 删除索引名称带202407的索引。

 kubectl exec -it  es-new-0 -n test bash
#查看索引名称
curl -s "http://192.168.1.100:9200/_cat/indices?h=index"  | grep -i "202407"
#删除索引 【三个ES节点的IP 都要执行】
curl -X DELETE "http://192.168.1.100:9200/api_xxx_202407*"
curl -X DELETE "http://192.168.1.101:9200/api_xxx_202407*"
curl -X DELETE "http://192.168.1.102:9200/api_xxx_202407*"


###查看占用容量 ， 单位MB
curl "http://192.168.1.100:9200/_cat/allocation?v&bytes=gb"
curl "http://192.168.1.100:9200/_cat/indices/api_xxx_202407*?v&h=index,store.size,pri.store.size,status&bytes=mb&s=store.size:desc"

参考文章：
https://blog.csdn.net/weixin_44711737/article/details/125833601  《ES索引清理脚本-总结》 （清理脚本：ES有密码，索引按（周、日）时间命名的清理脚本）

END

三、nginx设置反向代理到mysql服务

#环境信息：
192.168.1.100 ，端口 33306，nginx反代
192.168.1.101 ，端口 3306 ，mysql服务

#具体配置：
root@7zbkt:/etc/nginx# cat nginx.conf
user  nginx;
worker_processes 1;
error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;
events {
  worker_connections  1024;
}
stream {
    # mysql生产环境
    upstream mysqlprod {
        server 192.168.1.101:3306 weight=5 max_fails=3 fail_timeout=30s;
    }
    server {
        listen 33306; # 数据库服务器监听端口
        proxy_pass mysqlprod;
        proxy_timeout 30000s; # 设置客户端和代理服务之间的超时时间，如果5分钟内没有操作将自动断开
        proxy_connect_timeout 10s;
    }
}
http {
  include       /etc/nginx/mime.types;
  default_type  application/octet-stream;
  log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                    '$status $body_bytes_sent "$http_referer" '
                    '"$http_user_agent" "$http_x_forwarded_for"';
  access_log /var/log/nginx/access.log main;
  sendfile        on;   # 开启高效文件传输模式
  tcp_nopush      on;   # 防止网络阻塞
  tcp_nodelay     on;   # 防止网络阻塞
  server_tokens   off;  # 屏蔽nginx版本号
  keepalive_timeout  120;  # 用于设置客户端连接保持活动的超时时间，在超过这个时间之后服务器会关闭该链接。
  client_header_buffer_size 16k;  # 用于指定来自客户端请求头headerbuffer大小
  large_client_header_buffers 4 128k;  # 用来指定客户端请求中较大的消息头的缓存最大数量和大小
  server_names_hash_bucket_size 128;  # 服务器名字的hash表大小
  proxy_headers_hash_max_size 51200;  # 设置头部哈希表的最大值
  proxy_headers_hash_bucket_size 6400;  # 设置头部哈希表大小
  client_body_buffer_size 256k;  # 缓冲区代理缓冲用户端请求的最大字节数
  # header安全配置
  add_header X-Frame-Options "SAMEORIGIN";
  add_header X-XSS-Protection "1; mode=block";
  add_header X-Content-Type-Options "nosniff";
  add_header Content-Security-Policy "frame-ancestors 'self'; object-src 'none'";
  add_header Strict-Transport-Security "max-age=31536000;includeSubDomains";
  send_timeout 3m;  # 服务器超时设置
  gzip  on;  # 开启gzip压缩输出
  gzip_vary on;
  gzip_proxied any;
  gzip_comp_level 6;
  gzip_buffers 4 16k;  # 表示申请4个单位为16k的内存作为压缩结果流缓存，默认值是申请与原始数据大小相同的内存空间来存储gzip压缩结果
  gzip_http_version 1.1;
  gzip_min_length 1k;  # 用于设置允许压缩的页面最小字节数
  gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript application/vnd.ms-fontobject application/x-font-ttf font/opentype image/svg+xml image/x-icon;
  include /etc/nginx/conf.d/*.conf;
}