Kubernetes集群证书过期解决方案:使用kubeadm为证书续期
一.系统环境
本文主要基于Kubernetes1.22.2和Linux操作系统Ubuntu 18.04。
| 服务器版本 | docker软件版本 | Kubernetes(k8s)集群版本 | CPU架构 |
|---|---|---|---|
| Ubuntu 18.04.5 LTS | Docker version 20.10.14 | v1.22.2 | x86_64 |
Kubernetes集群架构:k8scludes1作为master节点,k8scludes2,k8scludes3作为worker节点。
| 服务器 | 操作系统版本 | CPU架构 | 进程 | 功能描述 |
|---|---|---|---|---|
| k8scludes1/192.168.110.128 | Ubuntu 18.04.5 LTS | x86_64 | docker,kube-apiserver,etcd,kube-scheduler,kube-controller-manager,kubelet,kube-proxy,coredns,calico | k8s master节点 |
| k8scludes2/192.168.110.129 | Ubuntu 18.04.5 LTS | x86_64 | docker,kubelet,kube-proxy,calico | k8s worker节点 |
| k8scludes3/192.168.110.130 | Ubuntu 18.04.5 LTS | x86_64 | docker,kubelet,kube-proxy,calico | k8s worker节点 |
二.前言
Kubernetes集群的证书对于集群的安全性和稳定性至关重要。然而,随着时间的推移,这些证书会过期,导致集群服务不可用。本文将详细介绍如何使用kubeadm工具为Kubernetes集群续期证书。
给Kubernetes集群证书续期的前提是已经有一套可以正常运行的Kubernetes集群,关于Kubernetes(k8s)集群的安装部署,可以查看博客《Ubuntu 安装部署Kubernetes(k8s)集群》https://www.cnblogs.com/renshengdezheli/p/17632858.html,如果你的操作系统是RHEL的,可以查看博客《Centos7 安装部署Kubernetes(k8s)集群》https://www.cnblogs.com/renshengdezheli/p/16686769.html。
三.Kubernetes证书过期及续期简介
Kubernetes集群在初始化时,会自动生成一系列证书,包括API服务器证书、CA证书、Kubelet证书等。这些证书通常有1年的有效期。当证书过期后,Kubernetes集群的某些服务可能会受到影响,例如API服务器无法访问。为了解决证书过期的问题,我们可以使用kubeadm工具进行证书续期。
四.使用kubeadm为Kubernetes集群证书续期
4.1 查看k8s集群证书过期时间
现在k8s集群已经不能正常运行了,查询pod报错,可以看到报错信息为:“连接API服务器拒绝”。
root@k8scludes1:~# kubectl get pod -o wie
The connection to the server 192.168.110.128:6443 was refused - did you specify the right host or port?
master节点的/etc/kubernetes/pki/目录下存的是各个组件的证书。
root@k8scludes1:~# ls /etc/kubernetes/pki/
apiserver.crt apiserver-etcd-client.key apiserver-kubelet-client.crt ca.crt ca.srl front-proxy-ca.crt front-proxy-ca.srl front-proxy-client.key sa.key
apiserver-etcd-client.crt apiserver.key apiserver-kubelet-client.key ca.key etcd front-proxy-ca.key front-proxy-client.crt mytok.csv sa.pub
查看master节点的apiserver证书有效期,可以看到证书在2023年4月16号就过期了,证书已经过期一年多了。
root@k8scludes1:~# openssl x509 -in /etc/kubernetes/pki/apiserver.crt -noout -text | grep Not
Not Before: Apr 16 14:57:44 2022 GMT
Not After : Apr 16 14:57:44 2023 GMT
在master节点查看各个组件的证书过期时间。
root@k8scludes1:~# kubeadm certs check-expiration
[check-expiration] Reading configuration from the cluster...
[check-expiration] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
[check-expiration] Error reading configuration from the Cluster. Falling back to default configuration
CERTIFICATE EXPIRES RESIDUAL TIME CERTIFICATE AUTHORITY EXTERNALLY MANAGED
admin.conf Oct 21, 2023 14:25 UTC 9y no
apiserver Oct 21, 2023 14:25 UTC 9y ca no
apiserver-etcd-client Oct 21, 2023 14:25 UTC 9y etcd-ca no
apiserver-kubelet-client Oct 21, 2023 14:25 UTC 9y ca no
controller-manager.conf Oct 21, 2023 14:25 UTC 9y no
etcd-healthcheck-client Oct 21, 2023 14:25 UTC 9y etcd-ca no
etcd-peer Oct 21, 2023 14:25 UTC 9y etcd-ca no
etcd-server Oct 21, 2023 14:25 UTC 9y etcd-ca no
front-proxy-client Oct 21, 2023 14:25 UTC 9y front-proxy-ca no
scheduler.conf Oct 21, 2023 14:25 UTC 9y no
CERTIFICATE AUTHORITY EXPIRES RESIDUAL TIME EXTERNALLY MANAGED
ca Apr 13, 2023 14:57 UTC 7y no
etcd-ca Apr 13, 2023 14:57 UTC 7y no
front-proxy-ca Apr 13, 2023 14:57 UTC 7y no
查看master节点的kubelet证书过期时间。
root@k8scludes1:~# ls /var/lib/kubelet/pki/
kubelet-client-2022-04-16-22-57-47.pem kubelet-client-current.pem kubelet.crt kubelet.key
root@k8scludes1:~# openssl x509 -in /var/lib/kubelet/pki/kubelet-client-current.pem -noout -text |grep Not
Not Before: Apr 16 14:57:44 2022 GMT
Not After : Apr 16 14:57:46 2023 GMT
4.2 为master节点续期证书
在master节点给各个组件续签证书。
root@k8scludes1:~# kubeadm certs renew all
[renew] Reading configuration from the cluster...
[renew] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
[renew] Error reading configuration from the Cluster. Falling back to default configuration
certificate embedded in the kubeconfig file for the admin to use and for kubeadm itself renewed
certificate for serving the Kubernetes API renewed
certificate the apiserver uses to access etcd renewed
certificate for the API server to connect to kubelet renewed
certificate embedded in the kubeconfig file for the controller manager to use renewed
certificate for liveness probes to healthcheck etcd renewed
certificate for etcd nodes to communicate with each other renewed
certificate for serving etcd renewed
certificate for the front proxy client renewed
certificate embedded in the kubeconfig file for the scheduler manager to use renewed
Done renewing certificates. You must restart the kube-apiserver, kube-controller-manager, kube-scheduler and etcd, so that they can use the new certificates.
在master节点再次查看各个组件的证书过期时间,可以看到证书续签了一年。
root@k8scludes1:~# kubeadm certs check-expiration
[check-expiration] Reading configuration from the cluster...
[check-expiration] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
[check-expiration] Error reading configuration from the Cluster. Falling back to default configuration
CERTIFICATE EXPIRES RESIDUAL TIME CERTIFICATE AUTHORITY EXTERNALLY MANAGED
admin.conf Oct 24, 2025 02:53 UTC 364d no
apiserver Oct 24, 2025 02:53 UTC 364d ca no
apiserver-etcd-client Oct 24, 2025 02:53 UTC 364d etcd-ca no
apiserver-kubelet-client Oct 24, 2025 02:53 UTC 364d ca no
controller-manager.conf Oct 24, 2025 02:53 UTC 364d no
etcd-healthcheck-client Oct 24, 2025 02:53 UTC 364d etcd-ca no
etcd-peer Oct 24, 2025 02:53 UTC 364d etcd-ca no
etcd-server Oct 24, 2025 02:53 UTC 364d etcd-ca no
front-proxy-client Oct 24, 2025 02:53 UTC 364d front-proxy-ca no
scheduler.conf Oct 24, 2025 02:53 UTC 364d no
CERTIFICATE AUTHORITY EXPIRES RESIDUAL TIME EXTERNALLY MANAGED
ca Apr 13, 2025 14:57 UTC 7y no
etcd-ca Apr 13, 2025 14:57 UTC 7y no
front-proxy-ca Apr 13, 2025 14:57 UTC 7y no
当前kubernetes各个组件所使用的kubecong文件都在/etc/kubernetes/里。
root@k8scludes1:~# ls /etc/kubernetes/
admin.conf admission-control-config-file audit controller-manager.conf kubelet.conf manifests pki scheduler.conf
文件后缀为conf的都是各个组件所需的kubeconfig文件,但是这些文件里使用的证书都是之前过期的证书,需要把conf文件删除并重新生成。
root@k8scludes1:~# ls /etc/kubernetes/*.conf
/etc/kubernetes/admin.conf /etc/kubernetes/controller-manager.conf /etc/kubernetes/kubelet.conf /etc/kubernetes/scheduler.conf
root@k8scludes1:~# mkdir k8sconf_bak
root@k8scludes1:~# cp /etc/kubernetes/*.conf k8sconf_bak/
root@k8scludes1:~# ls k8sconf_bak/
admin.conf controller-manager.conf kubelet.conf scheduler.conf
root@k8scludes1:~# rm -rf /etc/kubernetes/*.conf
root@k8scludes1:~# ls /etc/kubernetes/
admission-control-config-file audit manifests pki
为k8s的各个组件重新生成kubeconfig文件。
root@k8scludes1:~# kubeadm init --kubernetes-version=v1.22.2 phase kubeconfig all
[kubeconfig] Using kubeconfig folder "/etc/kubernetes"
[kubeconfig] Writing "admin.conf" kubeconfig file
[kubeconfig] Writing "kubelet.conf" kubeconfig file
[kubeconfig] Writing "controller-manager.conf" kubeconfig file
[kubeconfig] Writing "scheduler.conf" kubeconfig file
root@k8scludes1:~# ls /etc/kubernetes/
admin.conf admission-control-config-file audit controller-manager.conf kubelet.conf manifests pki scheduler.conf
替换管理员所用的kubeconfig文件。
root@k8scludes1:~# ls ~/.kube/config
/root/.kube/config
root@k8scludes1:~# rm -rf ~/.kube/config
root@k8scludes1:~# ls ~/.kube/
cache config.old-20241023 kubens
root@k8scludes1:~# cp /etc/kubernetes/admin.conf ~/.kube/config
root@k8scludes1:~# ls ~/.kube/config
/root/.kube/config
重启kube-scheduler。
root@k8scludes1:~# docker ps | grep kube-scheduler
47ac8592cf5c b51ddc1014b0 "kube-scheduler --au…" 6 minutes ago Up 6 minutes k8s_kube-scheduler_kube-scheduler-k8scludes1_kube-system_f637e8449089a70204a39d176f936bc7_289
6e65a5b16329 registry.aliyuncs.com/google_containers/pause:3.5 "/pause" 6 minutes ago Up 6 minutes k8s_POD_kube-scheduler-k8scludes1_kube-system_f637e8449089a70204a39d176f936bc7_75
root@k8scludes1:~# docker ps | awk '/kube-scheduler /{print $1}'
47ac8592cf5c
root@k8scludes1:~# docker rm -f $(docker ps | awk '/kube-scheduler /{print $1}')
47ac8592cf5c
root@k8scludes1:~# kubectl get pods -n kube-system | grep scheduler
kube-scheduler-k8scludes1 1/1 Running 289 (2y120d ago) 2y191d
查看master节点的kubelet当前使用的证书,kubelet-client-current.pem软链接到了kubelet-client-2024-10-24-11-08-14.pem,说明现在kubelet使用的是最新的证书。
root@k8scludes1:~# ls /var/lib/kubelet/pki/
kubelet-client-2022-04-16-22-57-47.pem kubelet-client-2024-10-24-11-05-29.pem kubelet-client-2024-10-24-11-08-14.pem kubelet-client-current.pem kubelet.crt kubelet.key
root@k8scludes1:~# ls /var/lib/kubelet/pki/kubelet-client-current.pem -l
lrwxrwxrwx 1 root root 59 Oct 24 11:08 /var/lib/kubelet/pki/kubelet-client-current.pem -> /var/lib/kubelet/pki/kubelet-client-2024-10-24-11-08-14.pem
如果kubelet-client-current.pem软链接到kubelet-client-2022-04-16-22-57-47.pem,说明kubelet使用的是旧的证书,重启kebelet即可。
root@k8scludes1:~# systemctl restart kubelet
root@k8scludes1:~# ls /var/lib/kubelet/pki/
kubelet-client-2022-04-16-22-57-47.pem kubelet-client-2024-10-24-11-05-29.pem kubelet-client-2024-10-24-11-08-14.pem kubelet-client-current.pem kubelet.crt kubelet.key
root@k8scludes1:~# ls -l /var/lib/kubelet/pki/kubelet-client-current.pem
lrwxrwxrwx 1 root root 59 Oct 24 11:08 /var/lib/kubelet/pki/kubelet-client-current.pem -> /var/lib/kubelet/pki/kubelet-client-2024-10-24-11-08-14.pem
在master节点上查看证书签名请求(简称为CSR),如果CONDITION显示的是Approved,Issued,说明证书签名请求CSR已经被批准,则不需要执行kubectl certificate approve csr-htp29,如果CONDITION显示的是Pending,则需要手动批准证书签名请求CSR,语法为:kubectl certificate approve CSR名。
root@k8scludes1:~# kubectl get csr
NAME AGE SIGNERNAME REQUESTOR REQUESTEDDURATION CONDITION
csr-htp29 12m kubernetes.io/kube-apiserver-client-kubelet system:node:k8scludes1 <none> Approved,Issued
#批准证书签名请求CSR
root@k8scludes1:~# kubectl certificate approve csr-htp29
certificatesigningrequest.certificates.k8s.io/csr-rn8xc approved
在master节点查看kubelet的证书过期时间,到2025年才过期了。
root@k8scludes1:~# openssl x509 -in /var/lib/kubelet/pki/kubelet-client-current.pem -noout -text |grep Not
Not Before: Oct 24 03:03:14 2024 GMT
Not After : Oct 24 03:03:14 2025 GMT
查看k8s集群状态,可以发现k8scludes1节点已经正常了,但是两个worker节点还是不正常,原因是两个worker节点的证书还是旧的,需要替换为最新的证书。
root@k8scludes1:~# kubectl get node
NAME STATUS ROLES AGE VERSION
k8scludes1 Ready control-plane,master 2y191d v1.22.2
k8scludes2 NotReady <none> 2y191d v1.22.2
k8scludes3 NotReady <none> 2y191d v1.22.2
4.3 为worker节点替换最新的证书
k8scludes2节点的kubelet使用的还是旧的证书。
root@k8scludes2:~# ls /var/lib/kubelet/pki/
kubelet-client-2022-04-17-01-59-26.pem kubelet-client-current.pem kubelet.crt kubelet.key
root@k8scludes2:~# openssl x509 -in /var/lib/kubelet/pki/kubelet-client-current.pem -noout -text |grep Not
Not Before: Apr 16 17:54:26 2022 GMT
Not After : Apr 16 17:54:26 2023 GMT
在master节点生成k8scludes2节点所需的kubelet.conf文件,把kubelet.conf文件放在/tmp/目录。
root@k8scludes1:~# kubeadm init --kubernetes-version=v1.22.2 phase kubeconfig kubelet --node-name k8scludes2 --kubeconfig-dir /tmp/
[kubeconfig] Writing "kubelet.conf" kubeconfig file
root@k8scludes1:~# ls /tmp/
kubelet.conf systemd-private-3e6f81ffe01748ec8909700ec12195cb-systemd-resolved.service-kzxcft systemd-private-3e6f81ffe01748ec8909700ec12195cb-systemd-timesyncd.service-Uop8xG vmware-root_751-4290559920
复制文件到k8scludes2节点的/etc/kubernetes/目录下。
root@k8scludes1:~# scp /tmp/kubelet.conf 192.168.110.129:/etc/kubernetes/
root@192.168.110.129's password:
kubelet.conf 100% 5671 1.4MB/s 00:00
k8scludes2节点重启kubelet。
root@k8scludes2:~# systemctl restart kubelet
再次查看k8scludes2节点的kubelet证书,现在已经是最新的证书了。
root@k8scludes2:~# ls /var/lib/kubelet/pki/
kubelet-client-2022-04-17-01-59-26.pem kubelet-client-2024-10-24-11-29-31.pem kubelet-client-2024-10-24-11-29-40.pem kubelet-client-current.pem kubelet.crt kubelet.key
root@k8scludes2:~# ls -l /var/lib/kubelet/pki/kubelet-client-current.pem
lrwxrwxrwx 1 root root 59 Oct 24 11:29 /var/lib/kubelet/pki/kubelet-client-current.pem -> /var/lib/kubelet/pki/kubelet-client-2024-10-24-11-29-40.pem
root@k8scludes2:~# openssl x509 -in /var/lib/kubelet/pki/kubelet-client-current.pem -noout -text |grep Not
Not Before: Oct 24 03:24:40 2024 GMT
Not After : Oct 24 03:24:40 2025 GMT
k8scludes3节点也是类似的操作。
在master节点生成k8scludes3节点所需的kubelet.conf文件,把kubelet.conf文件放在/tmp/目录。
root@k8scludes1:~# rm -rf /tmp/* ; ls /tmp/
root@k8scludes1:~# kubeadm init --kubernetes-version=v1.22.2 phase kubeconfig kubelet --node-name k8scludes3 --kubeconfig-dir /tmp/
[kubeconfig] Writing "kubelet.conf" kubeconfig file
复制kubelet.conf到k8scludes3节点的/etc/kubernetes/目录下
root@k8scludes1:~# scp /tmp/kubelet.conf 192.168.110.130:/etc/kubernetes/
root@192.168.110.130's password:
kubelet.conf 100% 5671 2.6MB/s 00:00
重启k8scludes3节点的kubelet,现在kubelet使用的是最新的证书了。
root@k8scludes3:~# systemctl restart kubelet
root@k8scludes3:~# ls /var/lib/kubelet/pki/
kubelet-client-2022-04-17-01-59-29.pem kubelet-client-2024-10-24-11-34-49.pem kubelet-client-2024-10-24-11-34-57.pem kubelet-client-current.pem kubelet.crt kubelet.key
root@k8scludes3:~# ls -l /var/lib/kubelet/pki/kubelet-client-current.pem
lrwxrwxrwx 1 root root 59 Oct 24 11:34 /var/lib/kubelet/pki/kubelet-client-current.pem -> /var/lib/kubelet/pki/kubelet-client-2024-10-24-11-34-57.pem
root@k8scludes3:~# openssl x509 -in /var/lib/kubelet/pki/kubelet-client-current.pem -noout -text |grep Not
Not Before: Oct 24 03:29:57 2024 GMT
Not After : Oct 24 03:29:57 2025 GMT
查看k8s集群状态,现在集群恢复正常了。
root@k8scludes1:~# kubectl get node
NAME STATUS ROLES AGE VERSION
k8scludes1 Ready control-plane,master 2y191d v1.22.2
k8scludes2 Ready <none> 2y191d v1.22.2
k8scludes3 Ready <none> 2y191d v1.22.2
五.总结
本文介绍了如何使用kubeadm工具为Kubernetes集群续期证书。通过定期检查和续期证书,可以确保Kubernetes集群的安全性和稳定性。
- 在进行证书续期时,请确保有足够的磁盘空间来存储新的证书文件;
- 如果你的集群配置了自动化工具或脚本来管理Kubernetes集群,确保这些工具和脚本也更新为处理新的证书;
- 在生产环境中,建议设置证书到期提醒,以便提前进行维护工作。
Kubernetes集群证书过期解决方案:使用kubeadm为证书续期的更多相关文章
- 【云原生 · Kubernetes】部署Kubernetes集群
[云原生 · Kubernetes]搭建Harbor仓库 接着上次的内容,后续来了! 在master节点执行脚本k8s_master_install.sh即可完成K8S集群的部署,具体步骤参考如下(1 ...
- [云原生]Kubernetes - 集群搭建(第2章)
目录 一.前置知识点 二.kubeadm部署方式介绍 三.安装要求 四.最终目标 五.准备环境 六.环境初始化 6.1 设置系统主机名以及Hosts文件的相互解析 6.2 安装依赖文件(所有节点) 6 ...
- 监控Kubernetes集群证书过期时间的三种方案
前言 Kubernetes 中大量用到了证书, 比如 ca证书.以及 kubelet.apiserver.proxy.etcd等组件,还有 kubeconfig 文件. 如果证书过期,轻则无法登录 K ...
- 3、kubeadm初始化Kubernetes集群
同步时间 # ntpdate time.nist.gov k8s集群组成 k8s部署环境 https://kubernetes.io/docs/setup/independent/create-cl ...
- Kubernetes(K8s) 安装(使用kubeadm安装Kubernetes集群)
背景: 由于工作发生了一些变动,很长时间没有写博客了. 概述: 这篇文章是为了介绍使用kubeadm安装Kubernetes集群(可以用于生产级别).使用了Centos 7系统. 一.Centos7 ...
- 【Kubernetes学习笔记】-kubeadm 手动搭建kubernetes 集群
目录 K8S 组件构成 环境准备 (以ubuntu系统为例) 1. kubernetes集群机器 2. 安装 docker. kubeadm.kubelet.kubectl 2.1 在每台机器上安装 ...
- 使用Kubeadm搭建高可用Kubernetes集群
1.概述 Kubenetes集群的控制平面节点(即Master节点)由数据库服务(Etcd)+其他组件服务(Apiserver.Controller-manager.Scheduler...)组成. ...
- kubernetes-使用kubeadm部署kubernetes集群
k8s官网介绍 Kubernetes是一个可移植的,可扩展的开源平台,用于管理容器化的工作负载和服务,可促进声明式配置和自动化.它拥有一个庞大且快速增长的生态系统.Kubernetes的服务,支持和工 ...
- 【k8s学习笔记】使用 kubeadm 部署 v1.18.5 版本 Kubernetes集群
说明 本文系搭建kubernetes v1.18.5 集群笔记,使用三台虚拟机作为 CentOS 测试机,安装kubeadm.kubelet.kubectl均使用yum安装,网络组件选用的是 flan ...
- K8s 二、(1、kubeadm部署Kubernetes集群)
准备工作 满足安装 Docker 项目所需的要求,比如 64 位的 Linux 操作系统.3.10 及以上的内核版本: x86 或者 ARM 架构均可: 机器之间网络互通,这是将来容器之间网络互通的前 ...
随机推荐
- Go 监控告警入门 Opentelemetry
前言 Opentelemetry 分布式链路跟踪( Distributed Tracing )的概念最早是由 Google 提出来的,发展至今技术已经比较成熟,也是有一些协议标准可以参考.目前在 Tr ...
- 从0实现基于Linux socket聊天室-实现聊天室的公聊、私聊功能-4
前面文章链接如下: <从0实现基于Linux socket聊天室-多线程服务器模型-1> <从0实现基于Linux socket聊天室-多线程服务器一个很隐晦的错误-2> &l ...
- **错误积累&&防止GG写法总结
19.3.20 关于int与ll 1.如果一道题时间充足,把全部变量定义成long long 2.特别注意最上面宏定义的变量类型,特别是FOR 3.如果是int,用1LL* ...... **实例,让 ...
- Graphics2D绘图方法总结
一.简介 在开发中可能会遇到这样一类场景,业务复杂度不算太高,技术难度不算太深,但是做起来就很容易把人整破防,伤害很高侮辱性很强的:绘图. 绘图最怕有人挑刺:这里变形,那里不对,全图失真. 最近在处理 ...
- LaTeX 插入矢量图
首先将矢量图保存为 PDF 格式. 使用 pdfcrop 工具裁剪 PDF 页面空白: pdfcrop <input.pdf> [output.pdf] 在 .tex 文件中使用 grap ...
- 远距离跨网络实现windows远程桌面连接
1.保证已经打开被连接电脑---远程访问---权限. 我的电脑--右键--属性--远程设置 2.选择允许连接 (选择用户和高级没有特殊设置可以不动,被连接电脑当前登陆的账号就可以满足权限) 3.打开- ...
- 【漏洞分析】Penpie 攻击事件:重入攻击构造奖励金额
背景信息 2024 年 9月 3日,Penpie 合约遭受重入攻击,攻击者在重入阶段向合约添加流动性来冒充奖励金额,从而获取合约内原有的奖励代币.资产损失高达 2734 万美元. 2024 年 5月, ...
- webpack笔记-webpack之模块module、路径解析、resolve 配置(三)
module webpack 的初衷是让 js 支持模块化管理,并且将前端中的各种资源都纳入到对应的模块管理中来,所以在 webpack 的设计中,最重要的部分就是管理模块和模块之间的关系. 在 we ...
- CSS – BEM (Block__Element--Modifier)
前言 BEM 是一种 CSS class 命名规范. 目的是防止大家名字取太短, 不小撞名字后果很麻烦. 参考: Youtube – You Probably Need BEM CSS in Your ...
- 记一次 公司.NET项目部署在Linux环境压测时 内存暴涨分析
一:背景 讲故事 公司部署在某碟上的项目在9月份压测50并发时,发现某个容器线程.内存非正常的上涨,导致功能出现了异常无法使用.根据所学,自己分析了下线程和内存问题,分析时可以使用lldb或者wind ...