一,硬件
虚拟机 4 台,nfs 和 Docker Harbor 共用 一台(1C 2G 2T),Git 一台(2C 4G 200G), master (2C 4G 200G),node (8C 16G)
二,过程
1. 安装 Git
Docker 安装 GitLab、 Artifactory、Jenkins_我去找小伙伴了的博客-CSDN博客_docker 安装artifactory
2. 新建 nfs,安装 Docker Harbor
基于 Harbor 搭建 Docker 私有镜像仓库 - 知乎
3,master、node 同时安装基础及 k8s
k8s 的安装方式是 kubeadm
先执行 common.sh 脚本,master,node 都需要执行
#!/bin/bash
sed -i 's/dhcp/static/g' /etc/sysconfig/network-scripts/ifcfg-ens33
cat >> /etc/sysconfig/network-scripts/ifcfg-ens33 <<EOF
IPADDR="192.168.1.25" // 根据 master 或 node 更改该地址
NETMASK="255.255.255.0"
GATEWAY="192.168.1.1"
DNS1="192.168.1.10"
DNS2="192.168.1.11"
EOF
systemctl restart network
timedatectl set-timezone Asia/Shanghai
hostnamectl set-hostname master // 根据 master 或者 node 更改该值
cat >> /etc/hosts <<EOF
192.168.1.86 node
192.168.1.25 master
192.168.1.26 nfs
192.168.1.78 git
EOF
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
setenforce 0
systemctl disable firewalld
systemctl stop firewalld
curl -fsSL https://get.docker.com | bash -s docker --mirror Aliyun
sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-'EOF'
{
"exec-opts": ["native.cgroupdriver=systemd"],
"registry-mirrors": ["https://xxxx.mirror.aliyuncs.com"]
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker
systemctl enable docker
systemctl start docker
swapoff -a
cat >> /etc/yum.repos.d/k8s.repo <<EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=0
EOF
yum -y install ntp ntpdate
ntpdate cn.pool.ntp.org
hwclock --systohc
yum install -y kubectl-1.23.0 kubeadm-1.23.0 kubelet-1.23.0
systemctl enable kubelet
systemctl start kubelet
yum install -y nfs-utils
mkdir -p /data/k8s
systemctl enable rpcbind.service
systemctl enable nfs-server.service
systemctl stop firewalld
systemctl start rpcbind
mount -t nfs nfs:/data/k8s /data/k8s
cat >> /etc/rc.local << EOF
mount -t nfs nfs:/data/k8s /data/k8s
EOF
yum install -y wget
wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
shutdown -h now
k8s 所需的镜像都已经拉取到了
执行完之后,需要手动禁用交换分区:
vi /etc/fstab
将最后一行注释,swapon -s 无输出则表示成功
master 执行 初始化 k8s
#!/bin/bash
#kubeadm config print init-defaults >> init.yaml
#sed -i 's/1.2.3.4/192.168.1.25/g' init.yaml
#sed -i 's/k8s.gcr.io/registry.aliyuncs.com\/google_containers/g' init.yaml
#kubeadm config images list --config init.yaml
#kubeadm config images pull --config init.yaml
#kubeadm init --config init.yaml
kubeadm config images list --image-repository registry.aliyuncs.com/google_containers --kubernetes-version 1.23.0
kubeadm config images pull --image-repository registry.aliyuncs.com/google_containers --kubernetes-version 1.23.0
kubeadm init --apiserver-advertise-address 192.168.1.25 --apiserver-bind-port 6443 --kubernetes-version 1.23.0 --pod-network-cidr 10.244.0.0/16 --image-repository registry.aliyuncs.com/google_containers
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
执行完之后,k8s 就初始化成功了
node执行:
kubeadm join 192.168.1.25:6443 --token abcdef.0123456789abcdef --discovery-token-ca-cert-hash sha256:d9ea893184ba27915ff03a6547fadc1b0d1acd57db06737e46b5818ca053425
4,设置 RemoveSelfLink=false
k8s 1.21之后 selfLink 有变化,需要设置
vi /etc/kubernetes/manifests/kube-apiserver.yaml
箭头处,为新增:
- --feature-gates=RemoveSelfLink=false
5,设置 k8s 默认存储
#!/bin/bash
cat >>nfs-client.yaml <<EOF
kind: Deployment
apiVersion: apps/v1
metadata:
name: nfs-client-provisioner
spec:
replicas: 1
selector:
matchLabels:
app: nfs-client-provisioner
strategy:
type: Recreate
template:
metadata:
labels:
app: nfs-client-provisioner
spec:
serviceAccountName: nfs-client-provisioner
containers:
- name: nfs-client-provisioner
image: quay.io/external_storage/nfs-client-provisioner:latest
volumeMounts:
- name: nfs-client-root
mountPath: /persistentvolumes
env:
- name: PROVISIONER_NAME
value: fuseim.pri/ifs
- name: NFS_SERVER
value: 192.168.1.26 # nfs 的 ip 地址
- name: NFS_PATH
value: /data/k8s
volumes:
- name: nfs-client-root
nfs:
server: 192.168.1.26 # nfs 的 ip 地址
path: /data/k8s
EOF
cat >> nfs-client-sa.yaml <<EOF
apiVersion: v1
kind: ServiceAccount
metadata:
name: nfs-client-provisioner
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: nfs-client-provisioner-runner
rules:
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch", "create", "delete"]
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["events"]
verbs: ["list", "watch", "create", "update", "patch"]
- apiGroups: [""]
resources: ["endpoints"]
verbs: ["create", "delete", "get", "list", "watch", "patch", "update"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: run-nfs-client-provisioner
subjects:
- kind: ServiceAccount
name: nfs-client-provisioner
namespace: default
roleRef:
kind: ClusterRole
name: nfs-client-provisioner-runner
apiGroup: rbac.authorization.k8s.io
EOF
cat >> nfs-client-class.yaml <<EOF
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: course-nfs-storage
provisioner: fuseim.pri/ifs # or choose another name, must match deployment's env PROVISIONER_NAME'
EOF
kubectl apply -f nfs-client.yaml
kubectl apply -f nfs-client-sa.yaml
kubectl apply -f nfs-client-class.yaml
kubectl get pods
kubectl get storageclass
kubectl patch storageclass course-nfs-storage -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'
kubectl get storageclass
执行完之后:
至此,kubesphere 安装前的准备工作就结束了
三,安装 kubesphere
在 Kubernetes 上最小化安装 KubeSphere
中间需要开启 devops 项目:KubeSphere DevOps 系统