我正在尝试在 k3s 上部署 AWX,一切正常,但我想强制执行 SSL - 因此,将 HTTP 重定向到 HTTPS。
我一直在尝试测试 SSL 强制部分,但它无法正常工作。这是我的 traefik 配置:
apiVersion: helm.cattle.io/v1
kind: HelmChart
metadata:
name: traefik-crd
namespace: kube-system
spec:
chart: https://%{KUBERNETES_API}%/static/charts/traefik-crd-9.18.2.tgz
---
apiVersion: helm.cattle.io/v1
kind: HelmChart
metadata:
name: traefik
namespace: kube-system
spec:
chart: https://%{KUBERNETES_API}%/static/charts/traefik-9.18.2.tgz
set:
global.systemDefaultRegistry: ""
valuesContent: |-
ssl:
enforced: true
rbac:
enabled: true
ports:
websecure:
tls:
enabled: true
podAnnotations:
prometheus.io/port: "8082"
prometheus.io/scrape: "true"
providers:
kubernetesIngress:
publishedService:
enabled: true
priorityClassName: "system-cluster-critical"
image:
name: "rancher/library-traefik"
tolerations:
- key: "CriticalAddonsOnly"
operator: "Exists"
- key: "node-role.kubernetes.io/control-plane" …我正在尝试在 Kustomize 中使用修补来修改 Kubernetes 资源,我想知道是否有一种巧妙的方法来更新列表中的每个项目。
这是我想要自定义的 yaml:
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
annotations:
name: validating-webhook-configuration
webhooks:
- admissionReviewVersions:
- v1
clientConfig:
service:
name: webhook-service
namespace: rabbitmq-system
path: /validate-rabbitmq-com-v1beta1-binding
- admissionReviewVersions:
- v1
clientConfig:
service:
name: webhook-service
namespace: rabbitmq-system
path: /validate-rabbitmq-com-v1beta1-exchange
- admissionReviewVersions:
- v1
clientConfig:
service:
name: webhook-service
namespace: rabbitmq-system
path: /validate-rabbitmq-com-v1beta1-federation
这是我想要实现的最终效果(请参阅NEWVALUE):
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
annotations:
name: validating-webhook-configuration
webhooks:
- admissionReviewVersions:
- v1
clientConfig:
NEWVALUE: value
service:
name: webhook-service
namespace: rabbitmq-system
path: /validate-rabbitmq-com-v1beta1-binding
- admissionReviewVersions: …我对 Prometheus 警报规则有疑问。我设置了各种 cAdvisor 特定警报,例如:
- alert: ContainerCpuUsage
expr: (sum(rate(container_cpu_usage_seconds_total[3m])) BY (instance, name) * 100) > 80
for: 2m
labels:
severity: warning
annotations:
title: 'Container CPU usage (instance {{ $labels.instance }})'
description: 'Container CPU usage is above 80%\n VALUE = {{ $value }}\n LABELS: {{ $labels }}'
当条件满足时,我可以在 Prometheus 的“警报”选项卡中看到警报,但是缺少一些标签,因此不允许 Alertmanager 通过 Slack 发送通知。具体来说,我将自定义“env”标签附加到每个目标:
{
"targets": [
"localhost:8080",
],
"labels": {
"job": "cadvisor",
"env": "production",
"__metrics_path__": "/metrics"
}
}
但是,当基于 cadvisor 指标的警报触发时,标签为:警报名称、实例和严重性 - 无作业标签、无环境标签。来自其他导出器(fe 节点导出器)的所有其他警报都工作正常并且标签存在。