jwcesign
commented
1 year ago get --raw /apis/metrics.k8s.io/v1beta1/nodes/member1-control-plane\?labelSelector\=kubernetes.io\/hostname\=member3-control-plane
Open jwcesign opened 1 year ago
jwcesign
commented
1 year ago get --raw /apis/metrics.k8s.io/v1beta1/nodes/member1-control-plane\?labelSelector\=kubernetes.io\/hostname\=member3-control-plane
jwcesign
commented
1 year ago jwcesign
commented
1 year ago curl -k -v -XPOST -H "Connection: upgrade" -H "Upgrade: SPDY/3.1" -H "Authorization: bearer $token" -H "X-Stream-Protocol-Version: v4.channel.k8s.io" -H "X-Stream-Protocol-Version: v3.channel.k8s.io" -H "X-Stream-Protocol-Version: v2.channel.k8s.io" -H "X-Stream-Protocol-Version: channel.k8s.io" 'https://127.0.0.1:36718/api/v1/namespaces/default/pods/demo-5dc8c8fd57-4txk6/exec?command=ls&container=container-1&stdin=true&stdout=true&tty=true'
jwcesign
commented
1 year ago curl -x http://172.18.0.5:8088 POST "https://10.96.0.1/api/v1/namespaces/ka^Cada-system/pods/proxy-agent-5f785749bc-gsvng" -H "authorization:bearer $token" -H "Host:10.96.0.1:443" -H "Imper sonate-User: system:admin" -H "Impersonate-Group: system:masters" -kiv
jwcesign
commented
1 year ago proxy-server.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
deployment.kubernetes.io/revision: "16"
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"apps/v1","kind":"Deployment","metadata":{"annotations":{},"name":"proxy-server","namespace":"karmada-system"},"spec":{"replicas":1,"selector":{"matchLabels":{"app":"proxy-server"}},"template":{"metadata":{"labels":{"app":"proxy-server"}},"spec":{"containers":[{"args":["--health-port=8092","--cluster-ca-cert=/var/certs/server/cluster-ca-cert.crt","--cluster-cert=/var/certs/server/cluster-cert.crt","--cluster-key=/var/certs/server/cluster-key.key","--mode=http-connect","--proxy-strategies=destHost","--server-ca-cert=/var/certs/server/server-ca-cert.crt","--server-cert=/var/certs/server/server-cert.crt","--server-key=/var/certs/server/server-key.key"],"command":["/proxy-server"],"image":"swr.ap-southeast-1.myhuaweicloud.com/karmada/proxy-server:0.0.24","imagePullPolicy":"IfNotPresent","livenessProbe":{"failureThreshold":3,"httpGet":{"path":"/healthz","port":8092,"scheme":"HTTP"},"initialDelaySeconds":10,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":60},"name":"proxy-server","volumeMounts":[{"mountPath":"/var/certs/server","name":"cert"}]}],"hostNetwork":true,"restartPolicy":"Always","volumes":[{"name":"cert","secret":{"secretName":"proxy-server-cert"}}]}}}}
creationTimestamp: "2023-08-28T06:24:35Z"
generation: 55
name: proxy-server
namespace: karmada-system
resourceVersion: "165635"
uid: c720b288-73a1-438b-8fba-8f5f4676e994
spec:
progressDeadlineSeconds: 600
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
app: proxy-server
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
creationTimestamp: null
labels:
app: proxy-server
spec:
containers:
- args:
- --health-port=8092
- --cluster-ca-cert=/var/certs/server/cluster-ca-cert.crt
- --cluster-cert=/var/certs/server/cluster-cert.crt
- --cluster-key=/var/certs/server/cluster-key.key
- --mode=http-connect
- --proxy-strategies=destHost
- --server-ca-cert=/var/certs/server/server-ca-cert.crt
- --server-cert=/var/certs/server/server-cert.crt
- --server-key=/var/certs/server/server-key.key
- --v=6
command:
- /proxy-server
image: swr.ap-southeast-1.myhuaweicloud.com/karmada/proxy-server:0.0.24-11
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 8092
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 60
name: proxy-server
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /var/certs/server
name: cert
dnsPolicy: ClusterFirst
hostNetwork: true
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
terminationGracePeriodSeconds: 30
volumes:
- name: cert
secret:
defaultMode: 420
secretName: proxy-server-cert
``proxy-agent.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
deployment.kubernetes.io/revision: "6"
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"apps/v1","kind":"Deployment","metadata":{"annotations":{},"labels":{"app":"proxy-agent"},"name":"proxy-agent","namespace":"karmada-system"},"spec":{"replicas":1,"selector":{"matchLabels":{"app":"proxy-agent"}},"template":{"metadata":{"labels":{"app":"proxy-agent"}},"spec":{"containers":[{"args":["--ca-cert=/var/certs/agent/ca.crt","--agent-cert=/var/certs/agent/proxy-agent.crt","--agent-key=/var/certs/agent/proxy-agent.key","--proxy-server-host=172.18.0.5","--proxy-server-port=8091","--agent-identifiers=host=172.18.0.4"],"command":["/proxy-agent"],"image":"swr.ap-southeast-1.myhuaweicloud.com/karmada/proxy-agent:0.0.24","imagePullPolicy":"IfNotPresent","livenessProbe":{"httpGet":{"path":"/healthz","port":8093,"scheme":"HTTP"},"initialDelaySeconds":15,"timeoutSeconds":60},"name":"proxy-agent","volumeMounts":[{"mountPath":"/var/certs/agent","name":"cert"}]}],"volumes":[{"name":"cert","secret":{"secretName":"proxy-agent-cert"}}]}}}}
creationTimestamp: "2023-08-28T06:26:02Z"
generation: 10
labels:
app: proxy-agent
name: proxy-agent
namespace: karmada-system
resourceVersion: "173091"
uid: 32b33057-c071-4a60-b871-13487209df1f
spec:
progressDeadlineSeconds: 600
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
app: proxy-agent
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
creationTimestamp: null
labels:
app: proxy-agent
spec:
containers:
- args:
- --ca-cert=/var/certs/agent/ca.crt
- --agent-cert=/var/certs/agent/proxy-agent.crt
- --agent-key=/var/certs/agent/proxy-agent.key
- --proxy-server-host=172.18.0.5
- --proxy-server-port=8091
- --agent-id=member3
- --agent-identifiers=host=10.96.0.1
- --v=6
command:
- /proxy-agent
image: swr.ap-southeast-1.myhuaweicloud.com/karmada/proxy-agent:0.0.24
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 8093
scheme: HTTP
initialDelaySeconds: 15
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 60
name: proxy-agent
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /var/certs/agent
name: cert
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
terminationGracePeriodSeconds: 30
volumes:
- name: cert
secret:
defaultMode: 420
secretName: proxy-agent-cert
I0831 22:51:20.973510 4172140 round_trippers.go:577] Response Headers: I0831 22:51:20.973530 4172140 round_trippers.go:580] X-Stream-Protocol-Version: v4.channel.k8s.io I0831 22:51:20.973546 4172140 round_trippers.go:580] Date: Thu, 31 Aug 2023 14:51:20 GMT I0831 22:51:20.973560 4172140 round_trippers.go:580] Connection: Upgrade I0831 22:51:20.973572 4172140 round_trippers.go:580] Upgrade: SPDY/3.1
jwcesign
commented
1 year ago apiVersion: v1
kind: ConfigMap
metadata:
name: test1
namespace: default
uid: 184a7754-46e7-4030-9749-b5edc7c292b5
resourceVersion: '325922'
creationTimestamp: '2023-09-05T03:23:33Z'
annotations:
description: ''
managedFields:
- manager: Go-http-client
operation: Update
apiVersion: v1
time: '2023-09-05T03:23:33Z'
fieldsType: FieldsV1
fieldsV1:
f:data:
.: {}
f:a: {}
f:metadata:
f:annotations:
.: {}
f:description: {}
data:
a: a
---
apiVersion: policy.karmada.io/v1alpha1
kind: ClusterPropagationPolicy
metadata:
name: example-policy
spec:
resourceSelectors:
- apiVersion: apps/v1
kind: Deployment
- apiVersion: v1
kind: Service
- apiVersion: v1
kind: Secret
- apiVersion: v1
kind: Configmap
- apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
- apiVersion: policy/v1
kind: PodDisruptionBudget
placement:
clusterAffinity:
clusterNames:
- ucs-cluster1
- ucs-cluster2
server { listen 443 ssl; listen [::]:443 ssl; server_name driver.jwcesign.xyz; ssl_certificate server.crt; ssl_certificate_key server.key; ssl_session_timeout 5m; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; ssl_prefer_server_ciphers on; location / { proxy_pass http://127.0.0.1:5000; proxy_set_header Host $host; } }