Ubuntu环境准备及K8s安装环境准备(5)

---

highlight: a11y-dark

theme: cyanosis

101Master1

克隆指定版本号 git clone -b 0.6.1 https://github.com/easzlab/kubeasz.git 安装ansible apt install ansible -y 免密钥 ssh-keygen 102Master2

免密钥 ssh-keygen 脚本 ``` cat docker-install.sh

!/bin/bash

step 1: 安装必要的一些系统工具

sudo apt-get update sudo apt-get -y install apt-transport-https ca-certificates curl software-properties-common

step 2: 安装GPG证书

curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo apt-key add -

Step 3: 写入软件源信息

sudo add-apt-repository "deb [arch=amd64] https://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable"

Step 4: 更新并安装Docker-CE

sudo apt-get -y update apt install docker-ce-cli=5:19.03.9~3-0~ubuntu-bionic docker-ce=5:19.03.9~3-0~ubuntu-bionic -y ```

执行脚本 bash docker-install.sh

101Master1

上传文件:limits.conf、sysctl.conf ```

替换

cp limits.conf /etc/security/limits.conf cp sysctl.conf /etc/sysctl.conf 拷贝证书等信息 scp -r /etc/docker/certs.d 192.168.37.102:/etc/docker/ scp -r /root/.docker 192.168.37.102:/root/ ```

拷贝密钥脚本：批量分发 ``` cat scp.sh

!/bin/bash

目标主机列表

IP=" 192.168.37.101 192.168.37.102 192.168.37.105 192.168.37.106 192.168.37.107 192.168.37.110 192.168.37.111 "

安装命令

apt install sshpass -y

for node in ${IP};do

拷贝密钥、注意密码要一致 如：'123.com'

sshpass -p 123.com ssh-copy-id ${node} -o StrictHostKeyChecking=no if [ $? -eq 0 ];then echo "${node} 密钥copy完成" else
echo "${node} 密钥copy失败" fi

安装docker

scp /root/docker-install.sh ${node}:/opt/

安装harbor证书

scp -r /etc/docker/certs.d ${node}:/etc/docker/

hosts文件解析

scp -r /etc/hosts ${node}:/etc/

替换内核参数

scp /etc/security/limits.conf ${node}:/etc/security/limits.conf
scp /etc/sysctl.conf ${node}:/etc/sysctl.conf

重启主机

ssh ${node} "reboot"

echo ${node},"重启成功"

done 执行脚本

执行脚本

bash scp.sh ```

102Master2

重启服务 systemctl restart docker systemctl enable docker

测试能否上传 ``` docker pull alpine

docker images

docker tag b2aa39c304c2 harbor.123.com/linux01/alpine:v2

docker push harbor.123.com/linux01/alpine:v2 ```

配置keepalived

ha108和ha109

两台负载服务器上都要部署，提前在/etc/sysctl.conf配置文件将net.ipv4.ipnonlocalbind 的值改为1并执行sysctl –p生效 ``` vim /etc/sysctl.conf ... net.ipv4.ipnonlocalbind = 1 <--允许非本地IP地址socket监听

生效

sysctl -p apt install keepalived haproxy -y ```

ha108

拷贝模板文件 cp /usr/share/doc/keepalived/samples/keepalived.conf.vrrp /etc/keepalived/keepalived.conf 编辑配置文件 ``` cat /etc/keepalived/keepalived.conf ! Configuration File for keepalived

globaldefs { notificationemail { acassen } notificationemailfrom Alexandre.Cassen@firewall.loc smtpserver 192.168.200.1 smtpconnecttimeout 30 routerid LVS_DEVEL }

vrrpinstance VI1 { state MASTER interface eth0 garpmasterdelay 10 smtpalert virtualrouterid 51 priority 100 advertint 1 authentication { authtype PASS authpass 1111 } virtual_ipaddress { 192.168.37.240 dev eth0 label eth0:1 <-- } } 重启服务并设为开机启动 systemctl restart keepalived systemctl enable keepalived 拷贝 scp /etc/keepalived/keepalived.conf 192.168.37.109:/etc/keepalived/keepalived.conf ```

ha109

``` cat /etc/keepalived/keepalived.conf ! Configuration File for keepalived

globaldefs { notificationemail { acassen } notificationemailfrom Alexandre.Cassen@firewall.loc smtpserver 192.168.200.1 smtpconnecttimeout 30 routerid LVS_DEVEL }

vrrpinstance VI1 { state BACKUP <-- interface eth0 garpmasterdelay 10 smtpalert virtualrouterid 51 priority 80 <-- advertint 1 authentication { authtype PASS authpass 1111 } virtual_ipaddress { 192.168.37.240 dev eth0 label eth0:1 } } 重启服务并设为开机启动 systemctl restart keepalived systemctl enable keepalived ```

ha108

配置haproxy ``` vim /etc/haproxy/haproxy.cfg ...

结尾添加

listen k8s-api-6443 bind 192.168.37.240:6443 mode tcp server 192.168.37.101 192.168.37.101:6443 check fall 3 rise 3 inter 3s server 192.168.37.102 192.168.37.102:6443 check fall 3 rise 3 inter 3s 启动服务并设为开机启动 systemctl restart haproxy systemctl enable haproxy 拷贝 scp /etc/haproxy/haproxy.cfg 192.168.37.109:/etc/haproxy ```

ha109

启动服务并设为开机启动 systemctl restart haproxy systemctl enable haproxy