文章目录
1.实验环境准备
192.168.221.128 master
192.168.221.153 node01
192.168.221.136 node02
192.168.221.141 harbor
2.部署单节点的etcd
1.在192.168.221.128节点安装etcd服务
yum -y install etcd
2.修改etcd的配置文件
cp /etc/etcd/etcd.conf /etc/etcd/etcd.conf-`date +%F`
vim /etc/etcd/etcd.conf # 只修改以下2行即可。
ETCD_LISTEN_CLIENT_URLS="http://0.0.0.0:2379"
ETCD_ADVERTISE_CLIENT_URLS="http://192.168.221.128:2379"
常见的参数说明:
ETCD_NAME :
ETCD的节点名
ETCD_DATA_DIR:
ETCD的数据存储目录
ETCD_SNAPSHOT_COUNTER:
多少次的事务提交将触发一次快照
ETCD_HEARTBEAT_INTERVAL:
ETCD节点之间心跳传输的间隔,单位毫秒
ETCD_ELECTION_TIMEOUT:
该节点参与选举的最大超时时间,单位毫秒
ETCD_LISTEN_PEER_URLS:
该节点与其他节点通信时所监听的地址列表,多个地址使用逗号隔开,其格式可以划分为scheme://IP:PORT,这里的scheme可以是http、https
ETCD_LISTEN_CLIENT_URLS:
该节点与客户端通信时监听的地址列表
ETCD_INITIAL_ADVERTISE_PEER_URLS:
该成员节点在整个集群中的通信地址列表,这个地址用来传输集群数据的地址。因此这个地址必须是可以连接集群中所有的成员的。
ETCD_INITIAL_CLUSTER:
配置集群内部所有成员地址,其格式为:ETCD_NAME=ETCD_INITIAL_ADVERTISE_PEER_URLS,如果有多个使用逗号隔开
ETCD_ADVERTISE_CLIENT_URLS:
广播给集群中其他成员自己的客户端地址列表
ETCD_INITIAL_CLUSTER_STATE:
初始化集群状态,new表示新建
ETCD_INITIAL_CLUSTER_TOKEN:
初始化集群token
3.启动etcd并设置开机自启动
systemctl start etcd
systemctl enable etcd
4.检查集群的健康状态
etcdctl -C http://192.168.221.128:2379 cluster-health
也可以使用:
etcdctl --endpoints http://192.168.221.128:2379 cluster-health
5.操作etcd服务
增:
mk:
创建key.
mkdir:
创建目录.
删:
rm:
删除key和目录的.
rmdir:
删除key或者空目录.
改:
set:
修改key的value.
update:
修改已经存在key的value.
查:
ls:
查看某个目录.
get:
查看某个key的value.
温馨提示:
key被抽象为2中类型的资源,即文件和目录.
3. master 组件部署
1.在192.168.221.128节点安装master服务
[root@192.168.221.128 ~]# yum -y install kubernetes-master
2.配置apiserver组件
cp /etc/kubernetes/apiserver /etc/kubernetes/apiserver-`date +%F`
vim /etc/kubernetes/apiserver
# 指定apiserver的监听地址,建议绑定所有地址。只能配置IP地址。
KUBE_API_ADDRESS="--insecure-bind-address=0.0.0.0"
# 指定apiserver的监听端口。
KUBE_API_PORT="--port=8080"
# 指定KUBELET_PORT的端口
KUBELET_PORT="--kubelet-port=10250"
# etcd集群中以逗号分隔的节点列表
KUBE_ETCD_SERVERS="--etcd-servers=http://192.168.221.128:2379"
# 要用于服务(SERVICE)的地址范围
KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=192.168.0.0/16"
3.配置master的组件
cp /etc/kubernetes/config /etc/kubernetes/config-`date +%F`
vim /etc/kubernetes/config
KUBE_MASTER="--master=http://192.168.221.133:8080"
如下图所示,相关参数说明如下:
KUBE_LOGTOSTDERR="--logtostderr=true"
生成系统日志,会存放在"/var/log"目录。
KUBE_LOG_LEVEL="--v=0"
设置日志消息级别,0代表的是debug模式。
KUBE_ALLOW_PRIV="--allow-privileged=false"
是否允许使用特权容器,默认是不允许使用特权容器的。
KUBE_MASTER="--master=http://192.168.221.128:8080"
指定kube master的地址。
温馨提示:
在启动容时时,我们默认启动的容器时系统的内核参数是以只读的方式挂载,因此在容器内默认是无法修改内核参数的。
如果非要在容器内部修改系统的内核参数,则在启动时应该使用"--privileged"让该容器称为特权容器。
4.启动服务
systemctl enable kube-apiserver.service kube-controller-manager.service kube-scheduler.service
systemctl restart kube-apiserver.service kube-controller-manager.service kube-scheduler.service
温馨提示:
服务启动成功后,会监听多个端口哟~
5.检查服务是否安装正常
kubectl get componentstatus
4. node组件部署
1.在所有的node节点上安装node服务
yum -y install kubernetes-node
温馨提示:
如果你的环境足够"干净",则会自行安装相关的环境,当然也包括docker环境哟~
2.修改配置文件指定master节点信息
[root@k8s102.oldboyedu.com ~]# vim /etc/kubernetes/config
KUBE_MASTER="--master=http://192.168.221.128:8080"
温馨提示:
我们应该将所有的node节点都指向master节点。
3.修改Kubelet组件的配置文件
vim /etc/kubernetes/kubelet
# 指定kubelet组件监听的地址,建议设置为'0.0.0.0',不能设置为主机名,否则不会监听相应的端口。
KUBELET_ADDRESS="--address=0.0.0.0"
# 指定kubelet组件监听的地址端口。
KUBELET_PORT="--port=10250"
# 指定主机名。
KUBELET_HOSTNAME="--hostname-override=192.168.221.153"
# 指定apiserver的地址。
KUBELET_API_SERVER="--api-servers=http://192.168.221.128:8080"
温馨提示:
我们可以将当前的配置文件移动到其它node节点稍作修改即可,比如只需改动"KUBELET_HOSTNAME"。
4.启动服务并设置开机自启动
systemctl restart kubelet.service kube-proxy.service
systemctl enable kubelet.service kube-proxy.service
温馨提示:
如下图所示,当我们成功启动服务时。
5.所有节点部署flannel网络插件
1.安装flannel网络插件
yum -y install flannel
温馨提示:
在master节点和所有的node节点部署flannel网络插件。
2.修改flannel的配置文件
sed -i 's#127.0.0.1#192.168.221.128#' /etc/sysconfig/flanneld
温馨提示:
所有节点都需要修改etcd的数据库地址,由于咱们的环境仅有一台,生产环境中是需要使用逗号分割指定集群的哟~
3.修改etcd数据库信息
etcdctl mk /atomic.io/network/config '{"Network":"172.18.0.0/16","Backend": {"Type": "vxlan"}}'
相关参数说明:
/atomic.io/network/config
指定KEY的名称。
"Network":"172.18.0.0/16",
指定网段为"172.18.0.0/16"。
"Backend": {"Type": "vxlan"}
指定flannel的类型为"vxlan"。
温馨提示:
由于在flannel的配置文件中名为"FLANNEL_ETCD_PREFIX"的默认值为"/atomic.io/network",因此我们的需要手动指定该值的前缀,当然,该前缀咱们也可以自定义哟。
4.重启服务
#每一个节点都重启
systemctl enable flanneld.service
systemctl restart flanneld.service
systemctl restart docker
再启动flannel,通过ifconfig可以查看到flannel0
5.修改docker的启动脚本
(1)修改docker服务的启动脚本
vim /usr/lib/systemd/system/docker.service
#在[Service]区域下增加一行
ExecStartPost=/usr/sbin/iptables -P FORWARD ACCEPT
(2)使得文件生效并重启服务
systemctl daemon-reload && systemctl restart docker
温馨提示:
这是docker的一个小bug,请在所有的节点上都执行上述操作,包括master节点,因为后续会用到它。
6.配置 harbor为镜像仓库
6.1 部署镜像仓库
[root@harbor harbor]# cat docker-compose.yml
version: '2.3'
services:
log:
image: goharbor/harbor-log:v2.3.1
container_name: harbor-log
restart: always
dns_search: .
cap_drop:
- ALL
cap_add:
- CHOWN
- DAC_OVERRIDE
- SETGID
- SETUID
volumes:
- /var/log/harbor/:/var/log/docker/:z
- type: bind
source: ./common/config/log/logrotate.conf
target: /etc/logrotate.d/logrotate.conf
- type: bind
source: ./common/config/log/rsyslog_docker.conf
target: /etc/rsyslog.d/rsyslog_docker.conf
ports:
- 127.0.0.1:1514:10514
networks:
- harbor
registry:
image: goharbor/registry-photon:v2.3.1
container_name: registry
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
volumes:
- /data/registry:/storage:z
- ./common/config/registry/:/etc/registry/:z
- type: bind
source: /data/secret/registry/root.crt
target: /etc/registry/root.crt
- type: bind
source: ./common/config/shared/trust-certificates
target: /harbor_cust_cert
networks:
- harbor
dns_search: .
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "registry"
registryctl:
image: goharbor/harbor-registryctl:v2.3.1
container_name: registryctl
env_file:
- ./common/config/registryctl/env
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
volumes:
- /data/registry:/storage:z
- ./common/config/registry/:/etc/registry/:z
- type: bind
source: ./common/config/registryctl/config.yml
target: /etc/registryctl/config.yml
- type: bind
source: ./common/config/shared/trust-certificates
target: /harbor_cust_cert
networks:
- harbor
dns_search: .
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "registryctl"
postgresql:
image: goharbor/harbor-db:v2.3.1
container_name: harbor-db
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- DAC_OVERRIDE
- SETGID
- SETUID
volumes:
- /data/database:/var/lib/postgresql/data:z
networks:
harbor:
dns_search: .
env_file:
- ./common/config/db/env
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "postgresql"
shm_size: '1gb'
core:
image: goharbor/harbor-core:v2.3.1
container_name: harbor-core
env_file:
- ./common/config/core/env
restart: always
cap_drop:
- ALL
cap_add:
- SETGID
- SETUID
volumes:
- /data/ca_download/:/etc/core/ca/:z
- /data/:/data/:z
- ./common/config/core/certificates/:/etc/core/certificates/:z
- type: bind
source: ./common/config/core/app.conf
target: /etc/core/app.conf
- type: bind
source: /data/secret/core/private_key.pem
target: /etc/core/private_key.pem
- type: bind
source: /data/secret/keys/secretkey
target: /etc/core/key
- type: bind
source: ./common/config/shared/trust-certificates
target: /harbor_cust_cert
networks:
harbor:
dns_search: .
depends_on:
- log
- registry
- redis
- postgresql
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "core"
portal:
image: goharbor/harbor-portal:v2.3.1
container_name: harbor-portal
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
- NET_BIND_SERVICE
volumes:
- type: bind
source: ./common/config/portal/nginx.conf
target: /etc/nginx/nginx.conf
networks:
- harbor
dns_search: .
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "portal"
jobservice:
image: goharbor/harbor-jobservice:v2.3.1
container_name: harbor-jobservice
env_file:
- ./common/config/jobservice/env
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
volumes:
- /data/job_logs:/var/log/jobs:z
- type: bind
source: ./common/config/jobservice/config.yml
target: /etc/jobservice/config.yml
- type: bind
source: ./common/config/shared/trust-certificates
target: /harbor_cust_cert
networks:
- harbor
dns_search: .
depends_on:
- core
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "jobservice"
redis:
image: goharbor/redis-photon:v2.3.1
container_name: redis
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
volumes:
- /data/redis:/var/lib/redis
networks:
harbor:
dns_search: .
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "redis"
proxy:
image: goharbor/nginx-photon:v2.3.1
container_name: nginx
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
- NET_BIND_SERVICE
volumes:
- ./common/config/nginx:/etc/nginx:z
- type: bind
source: ./common/config/shared/trust-certificates
target: /harbor_cust_cert
networks:
- harbor
dns_search: .
ports:
- 80:8080
depends_on:
- registry
- core
- portal
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "proxy"
networks:
harbor:
external: false
启动harbor
docker-compose up -d
6.2 harbor 使用
6.2.1 修改/etc/docker/daemon.json
#每个节点都做
cat /etc/docker/daemon.json
{
"registry-mirrors": [
"https://kv3qfp85.mirror.aliyuncs.com"
],
"insecure-registries": [
"idy.com"
]
}
重新启动
systemctl daemon-reload
systemctl restart docker.service
6.2.2 登录harbor认证
docker login 192.168.221.141
admin
idy123456
6.2.3 网页新建项目
6.2.4 推送测试
[root@master ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
idy.com/harbor/registry latest 3a0f7b0a13ef 3 months ago 24.1 MB
idy.com/library/registry latest 3a0f7b0a13ef 3 months ago 24.1 MB
docker.io/centos latest 5d0da3dc9764 14 months ago 231 MB
#1.打标签——[规则](域名/仓库名/镜像名)
docker tag docker.io/centos:latest idy.com/harbor/centos:latest
#推送镜像
[root@master ~]# docker push idy.com/harbor/centos:latest
The push refers to a repository [idy.com/harbor/centos]
74ddd0ec08fa: Pushed
latest: digest: sha256:a1801b843b1bfaf77c501e7a6d3f709401a1e0c83863037fa3aab063a7fdb9dc size: 529
查看镜像仓库
7. K8S troubleshooting
2154
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
