docs: 初始化技术知识库和资料目录
- 添加金鹏、containerd、声纹模型等技术知识文档 - 添加相关参考资料和图片素材
420
知识/Kubernetes.md
Normal file
@@ -0,0 +1,420 @@
|
||||
# Kubernetes
|
||||
|
||||
## 安装 Kubernetes
|
||||
|
||||
### 更新系统并安装依赖
|
||||
|
||||
```bash
|
||||
# 更新系统并安装依赖
|
||||
sudo apt-get update
|
||||
sudo apt-get install -y apt-transport-https ca-certificates curl gnupg
|
||||
|
||||
# 临时关闭
|
||||
sudo swapoff -a
|
||||
|
||||
# 永久禁用:编辑 /etc/fstab 文件,注释掉 swap 相关的行
|
||||
# 找到类似下面这行,在行首加上 #
|
||||
# /swap.img none swap sw 0 0
|
||||
sudo sed -i 's/\/swap.img/#\/swap.img/g' /etc/fstab
|
||||
|
||||
# 关闭防火墙(生产环境建议配置规则)
|
||||
sudo ufw disable
|
||||
|
||||
# 禁用 SELinux(如已安装)
|
||||
sudo setenforce 0
|
||||
sudo sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
|
||||
|
||||
# 配置主机名和 hosts 文件 (可选,但强烈推荐)
|
||||
sudo hostnamectl set-hostname k8s-master
|
||||
|
||||
# 配置系统参数
|
||||
cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
|
||||
overlay
|
||||
br_netfilter
|
||||
EOF
|
||||
|
||||
sudo modprobe overlay
|
||||
sudo modprobe br_netfilter
|
||||
|
||||
# 设置网络参数
|
||||
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
|
||||
net.bridge.bridge-nf-call-iptables = 1
|
||||
net.bridge.bridge-nf-call-ip6tables = 1
|
||||
net.ipv4.ip_forward = 1
|
||||
EOF
|
||||
sudo sysctl --system
|
||||
```
|
||||
|
||||
### 安装 Kubernetes 依赖的 containerd
|
||||
|
||||
```bash
|
||||
# 清理旧的配置
|
||||
sudo rm /etc/apt/sources.list.d/kubernetes.list
|
||||
|
||||
# 创建用于存放密钥的目录
|
||||
sudo mkdir -p /etc/apt/keyrings
|
||||
|
||||
# 下载阿里云的 Kubernetes GPG 密钥并保存
|
||||
curl -fsSL https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-archive-keyring.gpg
|
||||
|
||||
# 添加 Kubernetes 的阿里云软件源,并指定使用我们刚刚下载的密钥
|
||||
echo "deb [signed-by=/etc/apt/keyrings/kubernetes-archive-keyring.gpg] https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list > /dev/null
|
||||
|
||||
# 安装kubelet/kubeadm/kubectl
|
||||
sudo apt update
|
||||
|
||||
# 取消保持状态
|
||||
sudo apt-mark unhold kubelet kubeadm kubectl
|
||||
|
||||
# 安装最新版本
|
||||
sudo apt install -y kubelet kubeadm kubectl
|
||||
|
||||
# 锁定版本(避免自动升级)
|
||||
sudo apt-mark hold kubelet kubeadm kubectl
|
||||
```
|
||||
|
||||
### 将镜像文件保存到指定的路径(可选)
|
||||
|
||||
```bash
|
||||
# 停止服务
|
||||
sudo systemctl stop containerd
|
||||
sudo systemctl stop kubelet
|
||||
|
||||
# Generate default containerd config
|
||||
sudo mkdir -p /etc/containerd
|
||||
sudo containerd config default | sudo tee /etc/containerd/config.toml
|
||||
|
||||
# Edit the config to enable SystemdCgroup
|
||||
sudo mkdir -p /data/containerd/root
|
||||
|
||||
# 修改 containerd 服务的默认存储路径
|
||||
sudo sed -i 's/root = "\/var\/lib\/containerd"/root = "\/data\/containerd\/root"/' /etc/containerd/config.toml
|
||||
|
||||
# 迁移现有数据
|
||||
sudo rsync -avz /var/lib/containerd/ /data/containerd/root/
|
||||
sudo mv /var/lib/containerd /var/lib/containerd-bak
|
||||
|
||||
sudo systemctl daemon-reload
|
||||
sudo systemctl start containerd
|
||||
sudo systemctl enable containerd
|
||||
sudo systemctl start kubelet
|
||||
sudo systemctl status containerd
|
||||
```
|
||||
|
||||
### 配置镜像加速
|
||||
|
||||
```bash
|
||||
# 注意:配置镜像加速器
|
||||
# k8s、crictl 可以使用 config.toml 中的镜像配置
|
||||
# ctr 需要指定 --hosts-dir
|
||||
# config_path 和 plugins."io.containerd.grpc.v1.cri".registry.mirrors 是互斥的,只能配置一个,优先使用 config_path
|
||||
|
||||
# 配置镜像加速器配置文件路径
|
||||
# [plugins."io.containerd.grpc.v1.cri".registry]
|
||||
# config_path = "
|
||||
# ...
|
||||
# [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
|
||||
# [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
|
||||
# endpoint = ["https://docker.m.daocloud.io"]
|
||||
|
||||
# 启用 SystemdCgroup
|
||||
sudo sed -i 's/SystemdCgroup = false/SystemdCgroup = true/' /etc/containerd/config.toml
|
||||
# 配置镜像加速器配置文件路径
|
||||
sudo sed -i 's/registry.k8s.io\/pause:3.8/registry.aliyuncs.com\/google_containers\/pause:3.9/' /etc/containerd/config.toml
|
||||
|
||||
# 创建配置文件
|
||||
sudo mkdir -p /etc/containerd/certs.d/docker.io
|
||||
sudo tee /etc/containerd/certs.d/docker.io/hosts.toml << EOF
|
||||
server = "https://docker.io"
|
||||
|
||||
[host."https://docker.m.daocloud.io"]
|
||||
capabilities = ["pull", "resolve"]
|
||||
|
||||
[host."https://docker.m.daocloud.io/library"]
|
||||
capabilities = ["pull", "resolve"]
|
||||
EOF
|
||||
sudo mkdir -p /etc/containerd/certs.d/registry.k8s.io
|
||||
sudo tee /etc/containerd/certs.d/registry.k8s.io/hosts.toml << EOF
|
||||
server = "https://registry.k8s.io"
|
||||
|
||||
[host."https://k8s.m.daocloud.io"]
|
||||
capabilities = ["pull", "resolve"]
|
||||
EOF
|
||||
|
||||
# 在 config.toml 中启用镜像加速器
|
||||
# 源站 --> 替换为
|
||||
# https://github.com/DaoCloud/public-image-mirror
|
||||
# docker.elastic.co --> elastic.m.daocloud.io
|
||||
# docker.io --> docker.m.daocloud.io
|
||||
# gcr.io --> gcr.m.daocloud.io
|
||||
# ghcr.io --> ghcr.m.daocloud.io
|
||||
# k8s.gcr.io --> k8s-gcr.m.daocloud.io # k8s.gcr.io 已被迁移到 registry.k8s.io
|
||||
# registry.k8s.io --> k8s.m.daocloud.io
|
||||
# mcr.microsoft.com --> mcr.m.daocloud.io
|
||||
# nvcr.io --> nvcr.m.daocloud.io
|
||||
# quay.io --> quay.m.daocloud.io
|
||||
# registry.ollama.ai --> ollama.m.daocloud.io # 实验内测中
|
||||
[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
|
||||
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.elastic.co"]
|
||||
endpoint = ["https://elastic.m.daocloud.io"]
|
||||
|
||||
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
|
||||
endpoint = ["https://docker.m.daocloud.io"]
|
||||
|
||||
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io/library"]
|
||||
endpoint = ["https://docker.m.daocloud.io/library"]
|
||||
|
||||
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."gcr.io"]
|
||||
endpoint = ["https://gcr.m.daocloud.io"]
|
||||
|
||||
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."ghcr.io"]
|
||||
endpoint = ["https://ghcr.m.daocloud.io"]
|
||||
|
||||
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."k8s.gcr.io"]
|
||||
endpoint = ["https://k8s-gcr.m.daocloud.io"]
|
||||
|
||||
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."registry.k8s.io"]
|
||||
endpoint = ["https://k8s.m.daocloud.io"]
|
||||
|
||||
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."mcr.microsoft.com"]
|
||||
endpoint = ["https://mcr.m.daocloud.io"]
|
||||
|
||||
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."nvcr.io"]
|
||||
endpoint = ["https://nvcr.m.daocloud.io"]
|
||||
|
||||
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."quay.io"]
|
||||
endpoint = ["https://quay.m.daocloud.io"]
|
||||
|
||||
# 检查配置是否生效
|
||||
sudo systemctl restart containerd
|
||||
sudo systemctl status containerd
|
||||
sudo containerd config dump | grep -A 5 'plugins."io.containerd.grpc.v1.cri".registry'
|
||||
sudo ctr plugins ls | grep -i cri
|
||||
# io.containerd.grpc.v1 cri linux/amd64 ok
|
||||
```
|
||||
|
||||
## 初始化 Kubernetes 集群
|
||||
|
||||
```bash
|
||||
# 拉取镜像
|
||||
sudo kubeadm config images pull \
|
||||
--image-repository=registry.aliyuncs.com/google_containers \
|
||||
--kubernetes-version=v1.28.15
|
||||
|
||||
sudo ctr -n k8s.io image ls
|
||||
|
||||
# # 拉取一个测试镜像
|
||||
# sudo ctr images pull --hosts-dir "/etc/containerd/certs.d" docker.io/calico/cni:v3.28.0
|
||||
# sudo ctr -n k8s.io image pull --hosts-dir "/etc/containerd/certs.d" registry.k8s.io/pause:3.9
|
||||
# # 检查新目录的磁盘使用情况
|
||||
# sudo du -sh /data/containerd
|
||||
|
||||
# Restart containerd
|
||||
sudo systemctl restart containerd
|
||||
|
||||
sudo ctr version
|
||||
|
||||
# 通过阿里云获取镜像文件
|
||||
sudo ctr images pull registry.aliyuncs.com/google_containers/coredns:v1.10.1
|
||||
sudo ctr images tag registry.aliyuncs.com/google_containers/coredns:v1.10.1 registry.k8s.io/coredns/coredns:v1.10.1
|
||||
|
||||
sudo ctr images pull registry.aliyuncs.com/google_containers/etcd:3.5.9-0
|
||||
sudo ctr images tag registry.aliyuncs.com/google_containers/etcd:3.5.9-0 registry.k8s.io/etcd:3.5.9-0
|
||||
|
||||
sudo ctr images pull registry.aliyuncs.com/google_containers/kube-apiserver:v1.28.15
|
||||
sudo ctr images tag registry.aliyuncs.com/google_containers/kube-apiserver:v1.28.15 registry.k8s.io/kube-apiserver:v1.28.15
|
||||
|
||||
sudo ctr images pull registry.aliyuncs.com/google_containers/kube-controller-manager:v1.28.15
|
||||
sudo ctr images tag registry.aliyuncs.com/google_containers/kube-controller-manager:v1.28.15 registry.k8s.io/kube-controller-manager:v1.28.15
|
||||
|
||||
sudo ctr images pull registry.aliyuncs.com/google_containers/kube-proxy:v1.28.15
|
||||
sudo ctr images tag registry.aliyuncs.com/google_containers/kube-proxy:v1.28.15 registry.k8s.io/kube-proxy:v1.28.15
|
||||
|
||||
sudo ctr images pull registry.aliyuncs.com/google_containers/kube-scheduler:v1.28.15
|
||||
sudo ctr images tag registry.aliyuncs.com/google_containers/kube-scheduler:v1.28.15 registry.k8s.io/kube-scheduler:v1.28.15
|
||||
|
||||
sudo ctr images pull registry.aliyuncs.com/google_containers/registry.k8s.io/pause:3.9
|
||||
sudo ctr images tag registry.aliyuncs.com/google_containers/registry.k8s.io/pause:3.9 registry.k8s.io/pause:3.9
|
||||
|
||||
#获取本机内网IP
|
||||
ip addr show eth0
|
||||
# 192.168.0.196
|
||||
|
||||
# 初始化集群
|
||||
sudo kubeadm init \
|
||||
--apiserver-advertise-address=192.168.0.196 \
|
||||
--image-repository=registry.aliyuncs.com/google_containers \
|
||||
--pod-network-cidr=192.168.0.0/16 \
|
||||
--kubernetes-version=v1.28.15
|
||||
|
||||
# 配置kubectl(普通用户)
|
||||
mkdir -p $HOME/.kube
|
||||
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
|
||||
sudo chown $(id -u):$(id -g) $HOME/.kube/config
|
||||
|
||||
# 设置环境变量(永久设置)
|
||||
echo "export KUBECONFIG=$HOME/.kube/config" >> ~/.bashrc
|
||||
source ~/.bashrc
|
||||
|
||||
# 检查节点状态
|
||||
kubectl get nodes
|
||||
kubectl get pods -A
|
||||
kubectl get pods --all-namespaces
|
||||
# 如果你還沒有安裝 CNI,你很可能會看到 coredns 的 Pods 處於 Pending (等待中) 狀態。
|
||||
kubectl cluster-info
|
||||
|
||||
# Then install a CNI plugin (e.g., Calico):
|
||||
sudo ctr images pull --hosts-dir "/etc/containerd/certs.d" docker.io/calico/cni:v3.27.0
|
||||
sudo ctr images pull --hosts-dir "/etc/containerd/certs.d" docker.io/calico/node:v3.27.0
|
||||
sudo ctr images pull --hosts-dir "/etc/containerd/certs.d" docker.io/calico/kube-controllers:v3.27.0
|
||||
|
||||
# 安装 Calico 网络插件
|
||||
# 方式一:
|
||||
wget https://raw.githubusercontent.com/projectcalico/calico/v3.27.0/manifests/tigera-operator.yaml
|
||||
wget https://raw.githubusercontent.com/projectcalico/calico/v3.27.0/manifests/custom-resources.yaml
|
||||
|
||||
kubectl create -f ./tigera-operator.yaml
|
||||
kubectl create -f ./custom-resources.yaml
|
||||
|
||||
# 方式二:
|
||||
wget https://raw.githubusercontent.com/projectcalico/calico/v3.27.0/manifests/calico.yaml
|
||||
kubectl apply -f ./calico.yaml
|
||||
|
||||
# 查看 Calico 插件的 Pods 是否正常运行
|
||||
watch -n 1 kubectl get pods -A
|
||||
kubectl describe pod calico-node-4q9kh -n kube-system
|
||||
|
||||
# 配置 crictl 让其使用 containerd 作为运行时
|
||||
sudo tee /etc/crictl.yaml << EOF
|
||||
runtime-endpoint: unix:///run/containerd/containerd.sock
|
||||
image-endpoint: unix:///run/containerd/containerd.sock
|
||||
timeout: 10
|
||||
debug: false
|
||||
EOF
|
||||
|
||||
# 检查配置是否生效
|
||||
sudo crictl info
|
||||
sudo crictl pull docker.io/library/mysql:8
|
||||
sudo crictl images
|
||||
|
||||
# 通过 crictl 获取镜像文件
|
||||
sudo crictl pull registry.k8s.io/coredns/coredns:v1.10.1
|
||||
sudo crictl pull registry.k8s.io/etcd:3.5.9-0
|
||||
sudo crictl pull registry.k8s.io/kube-apiserver:v1.28.15
|
||||
sudo crictl pull registry.k8s.io/kube-controller-manager:v1.28.15
|
||||
sudo crictl pull registry.k8s.io/kube-proxy:v1.28.15
|
||||
sudo crictl pull registry.k8s.io/kube-scheduler:v1.28.15
|
||||
sudo crictl pull registry.k8s.io/pause:3.9
|
||||
```
|
||||
|
||||
### 设置集群单节点可以使用
|
||||
|
||||
```bash
|
||||
# 重要:设置集群单节点可以使用,否则服务由于不能分配到资源,不能正常启动
|
||||
kubectl describe node arno | grep Taints
|
||||
# 你可以直接使用節點的角色來移除,或者指定節點名稱
|
||||
# --all 會對所有擁有該角色的節點生效,在單節點環境中很方便
|
||||
kubectl taint nodes --all node-role.kubernetes.io/control-plane-
|
||||
# 再次检查
|
||||
kubectl describe node arno | grep Taints
|
||||
```
|
||||
|
||||
### 测试功能
|
||||
|
||||
```bash
|
||||
# 测试
|
||||
kubectl create deployment nginx-test --image=nginx
|
||||
kubectl get pods
|
||||
kubectl expose deployment nginx-test --type=NodePort --port=80
|
||||
kubectl get services
|
||||
curl http://localhost:30209
|
||||
```
|
||||
|
||||
### 修改 containerd 以指定组的权限来运行
|
||||
|
||||
```bash
|
||||
# 让 containerd 以指定组的权限来运行
|
||||
sudo groupadd containerd
|
||||
sudo usermod -aG containerd $USER
|
||||
getent group containerd
|
||||
# containerd:x:1002:arno
|
||||
|
||||
# 修改 /etc/containerd/config.toml 以下内容
|
||||
[grpc]
|
||||
address = "/run/containerd/containerd.sock"
|
||||
uid = 0
|
||||
gid = 1002
|
||||
|
||||
# 重启服务
|
||||
sudo systemctl restart containerd
|
||||
|
||||
# 查看是否生效
|
||||
newgrp containerd
|
||||
ls -l /run/containerd/containerd.sock
|
||||
crictl images
|
||||
```
|
||||
|
||||
## Deployment、StatefulSet 和 DaemonSet 的区别
|
||||
|
||||
`Deployment`、`StatefulSet` 和 `DaemonSet` 是三种最常用的应用部署控制器,但它们的设计目标和适用场景完全不同。
|
||||
|
||||
简单来说:
|
||||
|
||||
- **Deployment**:用于部署**无状态应用**,核心是“随意扩缩、随意替换”。
|
||||
- **StatefulSet**:用于部署**有状态应用**,核心是“身份唯一、顺序稳定”。
|
||||
- **DaemonSet**:用于确保**每个节点上都运行一个副本**,核心是“节点覆盖、常驻运行”。
|
||||
|
||||
下面我们用一个更生动的比喻,然后进行详细的技术对比。
|
||||
|
||||
### 核心比喻:公司员工安排
|
||||
|
||||
想象一下你要为一个新公司安排三种不同类型的员工:
|
||||
|
||||
- **Deployment (客服团队)**
|
||||
- **特点**:团队里有10个客服人员。他们每个人都做完全一样的工作,没有名字,只有工号(比如 `客服-A`, `客服-B`)。客户打进电话,随便接给谁都行。
|
||||
- **扩缩容**:业务忙了,老板说:“客服加到20人!” 于是就新招10个一模一样的人。业务闲了,就随便裁掉几个,剩下的继续工作,不受影响。
|
||||
- **替换**:某个客服(Pod)生病请假了(挂了),公司会立刻招一个新人来顶替他的位置,保证总人数不变。这个新人是全新的,和之前那个没任何关系。
|
||||
- **核心**:员工之间**可随意替换**,不关心具体是哪个人,只关心总人数。
|
||||
|
||||
- **StatefulSet (管理层团队)**
|
||||
- **特点**:公司有CEO、CTO、CFO三位高管。他们每个人都有**唯一的身份和职责**。CEO的位子只能是CEO,不能随便换成CTO。
|
||||
- **身份和顺序**:他们的职位是固定的 (`ceo-0`, `cto-1`, `cfo-2`)。招聘时必须按顺序来:先招CEO,CEO到位了再招CTO,最后招CFO。离职时也得按相反顺序来,保证权力平稳交接。
|
||||
- **专属资源**:每个人都有自己**专属的办公室和电脑**(稳定的存储和网络标识)。即使CEO离职了,新来的CEO也会接管原来的办公室和电脑,里面的文件资料都在。
|
||||
- **核心**:每个成员**身份唯一、不可替代**,并且有严格的顺序和专属资源。
|
||||
|
||||
- **DaemonSet (安保/保洁团队)**
|
||||
- **特点**:公司有3层楼,老板要求**每一层楼都必须有一个保安和一个保洁员**。
|
||||
- **节点绑定**:公司新租了一层楼(增加一个Node),就必须自动为这层楼配一个保安和保洁(自动部署一个Pod)。如果退租一层楼(移除一个Node),这层楼的保安和保洁也就自动撤离了。
|
||||
- **数量**:团队总人数不固定,取决于楼层(Node)的数量。你不能说“我要5个保安”,你只能说“每层楼都要有保安”。
|
||||
- **核心**:确保**每个单元(Node)上都有一个副本**,用于执行该单元的特定任务(如监控、日志收集)。
|
||||
|
||||
---
|
||||
|
||||
### 详细技术对比表
|
||||
|
||||
| 特性 | Deployment | StatefulSet | DaemonSet |
|
||||
| :--- | :--- | :--- | :--- |
|
||||
| **核心用途** | 管理**无状态**应用。 | 管理**有状态**应用。 | 在集群中**每个(或部分)节点**上运行一个 Pod 副本。 |
|
||||
| **Pod 身份** | Pod 是**可互换的(Fungible)**,没有唯一身份。Pod 名称是随机的,如 `myapp-deploy-random-string`。 | Pod 拥有**稳定且唯一的身份**。Pod 名称是**有序且可预测的**,如 `web-0`, `web-1`。 | Pod 名称包含节点名,如 `fluentd-abc12`,但身份不重要,重要的是它所在的节点。 |
|
||||
| **网络** | 所有 Pod 共享一个 Service IP。Pod 自身的 IP 和主机名在重启后会改变。 | 每个 Pod 拥有**稳定的、唯一的网络标识**(DNS 条目),如 `web-0.svc.cluster.local`。重启后不变。 | Pod 使用所在节点的网络,通常配置 `hostPort` 或 `hostNetwork`。 |
|
||||
| **存储** | 通常使用共享存储(如 ReadWriteMany)或不使用持久化存储。所有副本共享同一个 PVC。 | 每个 Pod 副本拥有**自己独立的、持久化的存储卷(PVC)**。Pod `web-0` 始终绑定 `pvc-web-0`。 | 通常直接访问节点的文件系统,或使用 `hostPath` 卷来读写节点上的数据。 |
|
||||
| **伸缩与部署** | **并行、无序**。可以一次性创建或删除多个副本。支持滚动更新(Rolling Update)。 | **有序、串行**。部署、扩容、缩容、更新都按 Pod 序号(0, 1, 2...)**顺序执行**。 | **自动**。当一个新节点加入集群时,DaemonSet 会自动在该节点上部署一个 Pod。节点移除时,Pod 也被回收。 |
|
||||
| **`replicas` 字段** | **需要**。用户明确指定需要运行的 Pod 数量。 | **需要**。用户明确指定需要运行的 Pod 数量。 | **不需要**。Pod 的数量由匹配 `nodeSelector` 的节点数量决定。 |
|
||||
| **适用场景** | - Web 服务器 (Nginx, Apache)<br>- API 网关<br>- 无状态的微服务 | - 数据库 (MySQL, PostgreSQL, MongoDB)<br>- 消息队列 (Kafka, RabbitMQ)<br>- 分布式文件系统 (Zookeeper) | - 日志收集器 (Fluentd, Logstash)<br>- 监控代理 (Prometheus Node Exporter, Datadog Agent)<br>- 网络插件 (Calico, Flannel)<br>- 存储插件 (Ceph, GlusterFS) |
|
||||
|
||||
---
|
||||
|
||||
### 如何选择?
|
||||
|
||||
你可以通过问自己以下几个问题来决定使用哪一个:
|
||||
|
||||
- **我的应用需要在集群的每个节点上都运行一个实例吗?**
|
||||
- **是** -> 使用 **DaemonSet**。 (例如,为了从每个节点收集日志)
|
||||
|
||||
- **我的应用需要稳定的网络标识(固定的DNS名)或每个实例需要独立的持久化数据吗?**
|
||||
- **是** -> 使用 **StatefulSet**。 (例如,部署一个主从复制的数据库,每个节点的数据都不能丢失)
|
||||
|
||||
- **以上都不是?我的应用是无状态的,可以随意创建和销毁,而不用担心数据丢失或实例身份吗?**
|
||||
- **是** -> 使用 **Deployment**。 (这是最常见的情况,例如部署一个网站后端服务)
|
||||
|
||||
掌握这三者的区别,你就掌握了在 Kubernetes 中部署不同类型应用的核心武器。
|
||||
143
知识/containerd.md
Normal file
@@ -0,0 +1,143 @@
|
||||
# containerd
|
||||
|
||||
## 安装 containerd & runc
|
||||
|
||||
### 更新系统并安装依赖
|
||||
|
||||
```bash
|
||||
# 更新系统并安装依赖
|
||||
sudo apt update && sudo apt upgrade -y
|
||||
sudo apt install -y apt-transport-https ca-certificates curl gnupg
|
||||
|
||||
# 临时关闭
|
||||
sudo swapoff -a
|
||||
|
||||
# 永久禁用:编辑 /etc/fstab 文件,注释掉 swap 相关的行
|
||||
# 找到类似下面这行,在行首加上 #
|
||||
# /swap.img none swap sw 0 0
|
||||
sudo sed -i 's/\/swap.img/#\/swap.img/g' /etc/fstab
|
||||
sudo cat /etc/fstab
|
||||
|
||||
# 关闭防火墙(生产环境建议配置规则)
|
||||
sudo ufw status
|
||||
sudo ufw disable
|
||||
|
||||
# 禁用 SELinux(如已安装)
|
||||
sudo setenforce 0
|
||||
sudo sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
|
||||
|
||||
# 配置主机名和 hosts 文件 (可选,但强烈推荐)
|
||||
sudo hostnamectl set-hostname agent
|
||||
|
||||
# 配置系统参数
|
||||
cat <<EOF | sudo tee /etc/modules-load.d/containerd.conf
|
||||
overlay
|
||||
br_netfilter
|
||||
EOF
|
||||
|
||||
sudo modprobe overlay
|
||||
sudo modprobe br_netfilter
|
||||
|
||||
# 设置网络参数
|
||||
cat <<EOF | sudo tee /etc/sysctl.d/containerd.conf
|
||||
net.bridge.bridge-nf-call-iptables = 1
|
||||
net.bridge.bridge-nf-call-ip6tables = 1
|
||||
net.ipv4.ip_forward = 1
|
||||
EOF
|
||||
sudo sysctl --system
|
||||
```
|
||||
|
||||
### 安装 containerd
|
||||
|
||||
- 安装 containerd
|
||||
|
||||
```bash
|
||||
cd
|
||||
wget https://github.com/containerd/containerd/releases/download/v2.1.4/containerd-2.1.4-linux-amd64.tar.gz
|
||||
sudo tar Cxzvf /usr/local containerd-2.1.4-linux-amd64.tar.gz
|
||||
wget https://raw.githubusercontent.com/containerd/containerd/main/containerd.service
|
||||
sudo cp containerd.service /etc/systemd/system/
|
||||
sudo systemctl daemon-reload
|
||||
sudo systemctl enable --now containerd
|
||||
sudo systemctl status containerd
|
||||
ctr --version
|
||||
```
|
||||
|
||||
- 安装 runc
|
||||
|
||||
```bash
|
||||
wget https://github.com/opencontainers/runc/releases/download/v1.3.0/runc.amd64
|
||||
sudo install -m 755 runc.amd64 /usr/local/bin/runc
|
||||
runc --version
|
||||
```
|
||||
|
||||
- 测试
|
||||
|
||||
```bash
|
||||
# 拉取镜像
|
||||
sudo ctr image pull docker.io/library/alpine:latest
|
||||
# 运行容器,进入
|
||||
sudo ctr run --rm -t docker.io/library/alpine:latest alpine sh
|
||||
# 查看运行中容器
|
||||
sudo ctr task ls
|
||||
# 查看镜像
|
||||
sudo ctr image ls
|
||||
# 查看容器
|
||||
sudo ctr container ls
|
||||
|
||||
sudo ctr image pull docker.io/library/nginx:latest
|
||||
sudo ctr run \
|
||||
-d \
|
||||
--net-host \
|
||||
docker.io/library/nginx:latest \
|
||||
nginx
|
||||
curl localhost
|
||||
sudo ctr task kill nginx
|
||||
sudo ctr container rm nginx
|
||||
```
|
||||
|
||||
### 安装 nginx
|
||||
|
||||
```bash
|
||||
sudo mkdir -p /data/nginx/{cert,conf.d,html}
|
||||
sudo cat > /data/nginx/html/index.html << 'EOF'
|
||||
hello world !
|
||||
EOF
|
||||
sudo cat > /data/nginx/nginx.conf << 'EOF'
|
||||
user www-data;
|
||||
worker_processes auto;
|
||||
pid /run/nginx.pid;
|
||||
error_log /var/log/nginx/error.log;
|
||||
include /etc/nginx/modules-enabled/*.conf;
|
||||
|
||||
events {
|
||||
worker_connections 768;
|
||||
}
|
||||
|
||||
http {
|
||||
sendfile on;
|
||||
tcp_nopush on;
|
||||
types_hash_max_size 2048;
|
||||
resolver 8.8.8.8 8.8.4.4 valid=300s ipv6=off;
|
||||
include /etc/nginx/mime.types;
|
||||
default_type application/octet-stream;
|
||||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
|
||||
ssl_prefer_server_ciphers on;
|
||||
access_log /var/log/nginx/access.log;
|
||||
gzip on;
|
||||
include /etc/nginx/conf.d/*.conf;
|
||||
include /etc/nginx/sites-enabled/*;
|
||||
}
|
||||
EOF
|
||||
sudo ctr run \
|
||||
-d \
|
||||
--net-host \
|
||||
--mount type=bind,src=/data/nginx/cert,dst=/etc/nginx/cert,options=rbind \
|
||||
--mount type=bind,src=/data/nginx/conf.d,dst=/etc/nginx/conf.d,options=rbind \
|
||||
--mount type=bind,src=/data/nginx/nginx.conf,dst=/etc/nginx/nginx.conf,options=rbind \
|
||||
--mount type=bind,src=/data/nginx/html,dst=/usr/share/nginx/html,options=rbind \
|
||||
docker.io/library/nginx:latest \
|
||||
nginx
|
||||
curl localhost
|
||||
sudo ctr t exec --exec-id my1 nginx bash
|
||||
```
|
||||
99
知识/声纹模型.md
Normal file
@@ -0,0 +1,99 @@
|
||||
# 声纹模型
|
||||
|
||||
## 开源
|
||||
|
||||
### VoxCeleb
|
||||
|
||||
- 概述
|
||||
- VoxCeleb是一个用于大规模语音识别的开源数据集和预训练模型,包含了来自成千上万人的语音样本。它支持基于深度学习的声纹识别。
|
||||
- 优点
|
||||
- 大量的训练数据支持,能够支持多种语言。
|
||||
- 免费且容易获取,可以用于研究和开发。
|
||||
- 可在不同硬件环境下运行,具有很好的灵活性。
|
||||
- 缺点
|
||||
- 需要强大的计算资源来训练和运行,尤其是在进行大规模识别时。
|
||||
- 如果没有专门的专业知识,可能会面临调优模型和技术难题。
|
||||
|
||||
### Kaldi
|
||||
|
||||
- 概述
|
||||
- Kaldi是一个开源的语音识别工具包,广泛用于语音处理研究。它支持多种语音识别任务,包括声纹识别。
|
||||
- 优点
|
||||
- 提供丰富的功能,灵活且模块化,适用于多种语音处理任务。
|
||||
- 经过业界验证,功能强大,支持复杂的深度学习模型。
|
||||
- 社区活跃,提供了丰富的文档和示例代码。
|
||||
- 缺点
|
||||
- 配置复杂,需要一定的学习成本。
|
||||
- 对于没有语音处理背景的人来说,使用上可能存在困难。
|
||||
|
||||
### DeepSBD (Deep Speaker Identification)
|
||||
|
||||
- 概述
|
||||
- DeepSBD是一个开源的深度学习声纹识别项目,它通过卷积神经网络(CNN)来进行声纹识别。
|
||||
- 优点
|
||||
- 简单易用,适合新手入门。
|
||||
- 基于现代深度学习框架(如TensorFlow),兼容性好,易于集成。
|
||||
- 高准确度,适合大规模应用。
|
||||
- 缺点
|
||||
- 相较于更复杂的框架,它的功能可能不够全面,适用性有限。
|
||||
- 训练数据集较小,可能需要自定义扩展训练集。
|
||||
|
||||
### pyAudioAnalysis
|
||||
|
||||
- 概述
|
||||
- pyAudioAnalysis是一个Python库,用于音频分析,包括语音和音频分类。它支持声纹识别模型,但不是专门为此而设计。
|
||||
- 优点
|
||||
- 功能广泛,支持音频特征提取、分类、聚类等多种音频分析任务。
|
||||
- 使用Python开发,集成和部署方便。
|
||||
- 缺点
|
||||
- 声纹识别的效果可能不如专门的声纹识别系统。
|
||||
- 对于大规模数据集的支持和训练性能有限。
|
||||
|
||||
## 非开源
|
||||
|
||||
### Microsoft Azure Cognitive Services (Speaker Recognition)
|
||||
|
||||
- 概述
|
||||
- 微软的Azure提供了一个完整的声纹识别API,支持多种语言,能够通过声纹进行身份验证。
|
||||
- 优点
|
||||
- 高度集成、易于使用,支持快速部署。
|
||||
- 云端服务,避免了本地计算资源的负担。
|
||||
- 高度可靠,微软提供支持和维护。
|
||||
缺点
|
||||
- 需要付费,根据使用量计费,长期使用成本较高。
|
||||
- 依赖于云服务,需要稳定的网络连接。
|
||||
- 不适合需要完全私密处理的场合。
|
||||
|
||||
### Google Cloud Speech-to-Text + Voice Match
|
||||
|
||||
- 概述
|
||||
- Google的云语音服务也提供了声纹识别功能,通过其“Voice Match”技术,识别和验证语音身份。
|
||||
- 优点
|
||||
- 精度高,基于Google强大的语音识别技术。
|
||||
- 支持多种设备和平台,易于集成。
|
||||
- 缺点
|
||||
- 云端服务,费用较高,特别是大规模部署时。
|
||||
- 对于用户隐私可能存在一定的风险,尤其在数据传输和存储上。
|
||||
|
||||
### Amazon Web Services (AWS) - Amazon Polly & Amazon Rekognition
|
||||
|
||||
- 概述
|
||||
- AWS提供语音识别和声纹验证服务,利用Amazon Polly进行语音合成,Amazon Rekognition用于身份识别。
|
||||
- 优点
|
||||
- AWS强大的基础设施和全球化支持。
|
||||
- 支持多种语言,API简单易用。
|
||||
- 集成度高,可以与其他AWS服务配合使用。
|
||||
- 缺点
|
||||
- 付费方式与使用量相关,可能会导致高额的运营成本。
|
||||
- 数据存储在AWS服务器上,可能不适合非常注重隐私的项目。
|
||||
|
||||
### iFlytek Voiceprint Recognition
|
||||
|
||||
- 概述
|
||||
- 科大讯飞提供的声纹识别解决方案,广泛应用于中国市场。
|
||||
- 优点
|
||||
- 性能优秀,特别在中文语音识别方面具有很高的准确率。
|
||||
- 专业化的技术支持和服务,适用于各种行业应用。
|
||||
- 缺点
|
||||
- 面向中国市场,国际化支持较弱。
|
||||
- 同样依赖云端服务,存在隐私和数据安全问题。
|
||||
BIN
知识/金鹏/20250418/20250418-001.png
Normal file
|
After Width: | Height: | Size: 45 KiB |
BIN
知识/金鹏/20250418/20250418-002.png
Normal file
|
After Width: | Height: | Size: 117 KiB |
BIN
知识/金鹏/20250418/20250418-003.png
Normal file
|
After Width: | Height: | Size: 311 KiB |
BIN
知识/金鹏/20250418/20250418-004.png
Normal file
|
After Width: | Height: | Size: 165 KiB |
BIN
知识/金鹏/20250418/20250418-005.png
Normal file
|
After Width: | Height: | Size: 71 KiB |
BIN
知识/金鹏/20250418/20250418-006.png
Normal file
|
After Width: | Height: | Size: 116 KiB |
BIN
知识/金鹏/20250418/20250418-007.png
Normal file
|
After Width: | Height: | Size: 312 KiB |
BIN
知识/金鹏/20250425/20250425-001.png
Normal file
|
After Width: | Height: | Size: 303 KiB |
BIN
知识/金鹏/20250425/20250425-002.png
Normal file
|
After Width: | Height: | Size: 47 KiB |
BIN
知识/金鹏/20250425/20250425-003.png
Normal file
|
After Width: | Height: | Size: 361 KiB |
BIN
知识/金鹏/20250425/20250425-004.png
Normal file
|
After Width: | Height: | Size: 39 KiB |
BIN
知识/金鹏/20250425/20250425-005.png
Normal file
|
After Width: | Height: | Size: 96 KiB |
BIN
知识/金鹏/20250425/20250425-006.png
Normal file
|
After Width: | Height: | Size: 128 KiB |
BIN
知识/金鹏/20250509/20250509-001.png
Normal file
|
After Width: | Height: | Size: 55 KiB |
BIN
知识/金鹏/20250509/20250509-002.png
Normal file
|
After Width: | Height: | Size: 111 KiB |
BIN
知识/金鹏/20250509/20250509-003.png
Normal file
|
After Width: | Height: | Size: 168 KiB |
BIN
知识/金鹏/20250509/20250509-004.png
Normal file
|
After Width: | Height: | Size: 56 KiB |
BIN
知识/金鹏/20250509/20250509-005.png
Normal file
|
After Width: | Height: | Size: 54 KiB |
BIN
知识/金鹏/20250509/20250509-006.png
Normal file
|
After Width: | Height: | Size: 216 KiB |
BIN
知识/金鹏/20250509/20250509-007.png
Normal file
|
After Width: | Height: | Size: 581 KiB |
BIN
知识/金鹏/20250509/20250509-008.png
Normal file
|
After Width: | Height: | Size: 298 KiB |
BIN
知识/金鹏/20250509/20250509-009.png
Normal file
|
After Width: | Height: | Size: 185 KiB |
BIN
知识/金鹏/20250509/20250509-010.png
Normal file
|
After Width: | Height: | Size: 451 KiB |
BIN
知识/金鹏/20250509/20250509-011.png
Normal file
|
After Width: | Height: | Size: 208 KiB |
BIN
知识/金鹏/20250509/20250509-012.png
Normal file
|
After Width: | Height: | Size: 74 KiB |
BIN
知识/金鹏/20250509/20250509-013.png
Normal file
|
After Width: | Height: | Size: 286 KiB |
BIN
知识/金鹏/20250516/20250516-001.png
Normal file
|
After Width: | Height: | Size: 138 KiB |
BIN
知识/金鹏/20250516/20250516-002.png
Normal file
|
After Width: | Height: | Size: 87 KiB |
BIN
知识/金鹏/20250516/20250516-003.png
Normal file
|
After Width: | Height: | Size: 415 KiB |
BIN
知识/金鹏/20250516/20250516-004.png
Normal file
|
After Width: | Height: | Size: 198 KiB |
BIN
知识/金鹏/20250516/20250516-005.png
Normal file
|
After Width: | Height: | Size: 48 KiB |
BIN
知识/金鹏/20250516/20250516-006.png
Normal file
|
After Width: | Height: | Size: 41 KiB |
BIN
知识/金鹏/20250516/20250516-007.png
Normal file
|
After Width: | Height: | Size: 40 KiB |
BIN
知识/金鹏/20250523/20250523-001.png
Normal file
|
After Width: | Height: | Size: 1.1 MiB |
BIN
知识/金鹏/20250523/20250523-002.png
Normal file
|
After Width: | Height: | Size: 541 KiB |
BIN
知识/金鹏/20250523/20250523-003.png
Normal file
|
After Width: | Height: | Size: 1.1 MiB |
BIN
知识/金鹏/20250523/20250523-004.png
Normal file
|
After Width: | Height: | Size: 42 KiB |
BIN
知识/金鹏/20250523/20250523-005.png
Normal file
|
After Width: | Height: | Size: 384 KiB |
BIN
知识/金鹏/20250523/20250523-006.png
Normal file
|
After Width: | Height: | Size: 53 KiB |
BIN
知识/金鹏/20250523/20250523-007.png
Normal file
|
After Width: | Height: | Size: 365 KiB |
BIN
知识/金鹏/20250523/20250523-008.png
Normal file
|
After Width: | Height: | Size: 1.7 MiB |
BIN
知识/金鹏/20250523/20250523-009.gif
Normal file
|
After Width: | Height: | Size: 2.2 MiB |
BIN
知识/金鹏/20250523/20250523-010.png
Normal file
|
After Width: | Height: | Size: 1.4 MiB |
BIN
知识/金鹏/20250523/20250523-011.png
Normal file
|
After Width: | Height: | Size: 22 KiB |
BIN
知识/金鹏/20250530/20250530-001.png
Normal file
|
After Width: | Height: | Size: 85 KiB |
BIN
知识/金鹏/20250530/20250530-002.png
Normal file
|
After Width: | Height: | Size: 58 KiB |
BIN
知识/金鹏/20250530/20250530-003.png
Normal file
|
After Width: | Height: | Size: 44 KiB |
BIN
知识/金鹏/20250530/20250530-004.png
Normal file
|
After Width: | Height: | Size: 126 KiB |
BIN
知识/金鹏/20250530/20250530-005.png
Normal file
|
After Width: | Height: | Size: 68 KiB |
BIN
知识/金鹏/20250606/20250606-001.png
Normal file
|
After Width: | Height: | Size: 266 KiB |
BIN
知识/金鹏/20250606/20250606-002.png
Normal file
|
After Width: | Height: | Size: 222 KiB |
BIN
知识/金鹏/20250606/20250606-003.png
Normal file
|
After Width: | Height: | Size: 440 KiB |
BIN
知识/金鹏/20250606/20250606-004.png
Normal file
|
After Width: | Height: | Size: 280 KiB |
BIN
知识/金鹏/20250606/20250606-005.png
Normal file
|
After Width: | Height: | Size: 154 KiB |
BIN
知识/金鹏/20250606/20250606-006.png
Normal file
|
After Width: | Height: | Size: 174 KiB |
BIN
知识/金鹏/20250606/20250606-007.png
Normal file
|
After Width: | Height: | Size: 195 KiB |
BIN
知识/金鹏/20250613/20250613-001.png
Normal file
|
After Width: | Height: | Size: 302 KiB |
BIN
知识/金鹏/20250613/20250613-002.png
Normal file
|
After Width: | Height: | Size: 174 KiB |
BIN
知识/金鹏/20250620/20250620-001.gif
Normal file
|
After Width: | Height: | Size: 1.3 MiB |
BIN
知识/金鹏/20250620/20250620-002.gif
Normal file
|
After Width: | Height: | Size: 1.1 MiB |
BIN
知识/金鹏/20250620/20250620-003.png
Normal file
|
After Width: | Height: | Size: 466 KiB |
BIN
知识/金鹏/20250620/20250620-004.png
Normal file
|
After Width: | Height: | Size: 298 KiB |
BIN
知识/金鹏/20250627/20250627-001.png
Normal file
|
After Width: | Height: | Size: 32 KiB |
BIN
知识/金鹏/20250627/20250627-002.png
Normal file
|
After Width: | Height: | Size: 120 KiB |
BIN
知识/金鹏/20250704/20250704-001.png
Normal file
|
After Width: | Height: | Size: 82 KiB |
BIN
知识/金鹏/20250704/20250704-002.png
Normal file
|
After Width: | Height: | Size: 573 KiB |
BIN
知识/金鹏/20250711/20250711-001.png
Normal file
|
After Width: | Height: | Size: 370 KiB |
BIN
知识/金鹏/20250711/20250711-002.png
Normal file
|
After Width: | Height: | Size: 353 KiB |
BIN
知识/金鹏/20250711/20250711-003.png
Normal file
|
After Width: | Height: | Size: 163 KiB |
BIN
知识/金鹏/20250711/20250711-004.png
Normal file
|
After Width: | Height: | Size: 61 KiB |
BIN
知识/金鹏/20250718/20250718-001.png
Normal file
|
After Width: | Height: | Size: 206 KiB |
BIN
知识/金鹏/20250718/20250718-002.png
Normal file
|
After Width: | Height: | Size: 301 KiB |
BIN
知识/金鹏/20250718/20250718-003.png
Normal file
|
After Width: | Height: | Size: 106 KiB |
BIN
知识/金鹏/20250718/20250718-004.png
Normal file
|
After Width: | Height: | Size: 210 KiB |
BIN
知识/金鹏/20250718/20250718-005.png
Normal file
|
After Width: | Height: | Size: 70 KiB |
BIN
知识/金鹏/20250718/20250718-006.png
Normal file
|
After Width: | Height: | Size: 81 KiB |
BIN
知识/金鹏/20250718/20250718-007.png
Normal file
|
After Width: | Height: | Size: 59 KiB |
BIN
知识/金鹏/20250718/20250718-008.png
Normal file
|
After Width: | Height: | Size: 185 KiB |
BIN
知识/金鹏/20250718/20250718-009.png
Normal file
|
After Width: | Height: | Size: 188 KiB |
BIN
知识/金鹏/20250718/20250718-010.png
Normal file
|
After Width: | Height: | Size: 120 KiB |
BIN
知识/金鹏/20250725/20250725-001.png
Normal file
|
After Width: | Height: | Size: 248 KiB |
BIN
知识/金鹏/20250725/20250725-002.png
Normal file
|
After Width: | Height: | Size: 76 KiB |
BIN
知识/金鹏/20250725/20250725-003.png
Normal file
|
After Width: | Height: | Size: 77 KiB |
BIN
知识/金鹏/20250725/20250725-004.png
Normal file
|
After Width: | Height: | Size: 63 KiB |
BIN
知识/金鹏/20250725/20250725-005.png
Normal file
|
After Width: | Height: | Size: 73 KiB |
BIN
知识/金鹏/20250725/20250725-006.png
Normal file
|
After Width: | Height: | Size: 403 KiB |
BIN
知识/金鹏/20250725/20250725-007.png
Normal file
|
After Width: | Height: | Size: 92 KiB |
BIN
知识/金鹏/20250725/20250725-008.png
Normal file
|
After Width: | Height: | Size: 88 KiB |
BIN
知识/金鹏/20250725/20250725-009.png
Normal file
|
After Width: | Height: | Size: 64 KiB |
BIN
知识/金鹏/20250801/20250801-001.png
Normal file
|
After Width: | Height: | Size: 313 KiB |
BIN
知识/金鹏/20250801/20250801-002.png
Normal file
|
After Width: | Height: | Size: 234 KiB |
BIN
知识/金鹏/20250808/20250808-001.png
Normal file
|
After Width: | Height: | Size: 339 KiB |
BIN
知识/金鹏/20250808/20250808-002.png
Normal file
|
After Width: | Height: | Size: 224 KiB |
BIN
知识/金鹏/20250808/20250808-003.png
Normal file
|
After Width: | Height: | Size: 186 KiB |
BIN
知识/金鹏/20250808/20250808-004.png
Normal file
|
After Width: | Height: | Size: 133 KiB |
BIN
知识/金鹏/20250808/20250808-005.png
Normal file
|
After Width: | Height: | Size: 76 KiB |