highlight: a11y-dark
theme: cyanosis
101Master1
克隆指定版本号 git clone -b 0.6.1 https://github.com/easzlab/kubeasz.git
安装ansible apt install ansible -y
免密钥 ssh-keygen
102Master2
免密钥 ssh-keygen
脚本 ``` cat docker-install.sh
!/bin/bash
step 1: 安装必要的一些系统工具
sudo apt-get update sudo apt-get -y install apt-transport-https ca-certificates curl software-properties-common
step 2: 安装GPG证书
curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo apt-key add -
Step 3: 写入软件源信息
sudo add-apt-repository "deb [arch=amd64] https://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable"
Step 4: 更新并安装Docker-CE
sudo apt-get -y update apt install docker-ce-cli=5:19.03.9~3-0~ubuntu-bionic docker-ce=5:19.03.9~3-0~ubuntu-bionic -y ```
执行脚本 bash docker-install.sh
101Master1
上传文件:limits.conf、sysctl.conf ```
替换
cp limits.conf /etc/security/limits.conf cp sysctl.conf /etc/sysctl.conf 拷贝证书等信息
scp -r /etc/docker/certs.d 192.168.37.102:/etc/docker/ scp -r /root/.docker 192.168.37.102:/root/ ```
拷贝密钥脚本:批量分发 ``` cat scp.sh
!/bin/bash
目标主机列表
IP=" 192.168.37.101 192.168.37.102 192.168.37.105 192.168.37.106 192.168.37.107 192.168.37.110 192.168.37.111 "
安装命令
apt install sshpass -y
for node in ${IP};do
拷贝密钥、注意密码要一致 如:'123.com'
sshpass -p 123.com ssh-copy-id ${node} -o StrictHostKeyChecking=no if [ $? -eq 0 ];then echo "${node} 密钥copy完成" else
echo "${node} 密钥copy失败" fi
安装docker
scp /root/docker-install.sh ${node}:/opt/
安装harbor证书
scp -r /etc/docker/certs.d ${node}:/etc/docker/
hosts文件解析
scp -r /etc/hosts ${node}:/etc/
替换内核参数
scp /etc/security/limits.conf ${node}:/etc/security/limits.conf
scp /etc/sysctl.conf ${node}:/etc/sysctl.conf
重启主机
ssh ${node} "reboot"
echo ${node},"重启成功"
done 执行脚本
执行脚本
bash scp.sh ```
102Master2
重启服务 systemctl restart docker systemctl enable docker
测试能否上传 ``` docker pull alpine
docker images
docker tag b2aa39c304c2 harbor.123.com/linux01/alpine:v2
docker push harbor.123.com/linux01/alpine:v2 ```
配置keepalived
ha108和ha109
两台负载服务器上都要部署,提前在/etc/sysctl.conf配置文件将net.ipv4.ipnonlocalbind 的值改为1并执行sysctl –p生效 ``` vim /etc/sysctl.conf ... net.ipv4.ipnonlocalbind = 1 <--允许非本地IP地址socket监听
生效
sysctl -p
apt install keepalived haproxy -y ```
ha108
拷贝模板文件 cp /usr/share/doc/keepalived/samples/keepalived.conf.vrrp /etc/keepalived/keepalived.conf
编辑配置文件 ``` cat /etc/keepalived/keepalived.conf ! Configuration File for keepalived
globaldefs { notificationemail { acassen } notificationemailfrom Alexandre.Cassen@firewall.loc smtpserver 192.168.200.1 smtpconnecttimeout 30 routerid LVS_DEVEL }
vrrpinstance VI1 { state MASTER interface eth0 garpmasterdelay 10 smtpalert virtualrouterid 51 priority 100 advertint 1 authentication { authtype PASS authpass 1111 } virtual_ipaddress { 192.168.37.240 dev eth0 label eth0:1 <-- } } 重启服务并设为开机启动
systemctl restart keepalived systemctl enable keepalived 拷贝
scp /etc/keepalived/keepalived.conf 192.168.37.109:/etc/keepalived/keepalived.conf ```
ha109
``` cat /etc/keepalived/keepalived.conf ! Configuration File for keepalived
globaldefs { notificationemail { acassen } notificationemailfrom Alexandre.Cassen@firewall.loc smtpserver 192.168.200.1 smtpconnecttimeout 30 routerid LVS_DEVEL }
vrrpinstance VI1 { state BACKUP <-- interface eth0 garpmasterdelay 10 smtpalert virtualrouterid 51 priority 80 <-- advertint 1 authentication { authtype PASS authpass 1111 } virtual_ipaddress { 192.168.37.240 dev eth0 label eth0:1 } } 重启服务并设为开机启动
systemctl restart keepalived systemctl enable keepalived ```
ha108
配置haproxy ``` vim /etc/haproxy/haproxy.cfg ...
结尾添加
listen k8s-api-6443 bind 192.168.37.240:6443 mode tcp server 192.168.37.101 192.168.37.101:6443 check fall 3 rise 3 inter 3s server 192.168.37.102 192.168.37.102:6443 check fall 3 rise 3 inter 3s 启动服务并设为开机启动
systemctl restart haproxy systemctl enable haproxy 拷贝
scp /etc/haproxy/haproxy.cfg 192.168.37.109:/etc/haproxy ```
ha109
启动服务并设为开机启动 systemctl restart haproxy systemctl enable haproxy