1.说明
本次服务器两台,一个域名
2.安装acme 生成证书
参考上篇
base64 证书
base64 -w 0 ~/.acme.sh/${<your domian path>}/fullchain.cer
base64 -w 0 ~/.acme.sh/${<your domian path>}/${<your domian>}.key
3.升级内核
rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-2.el7.elrepo.noarch.rpm
yum --enablerepo=elrepo-kernel install kernel-lt -y #稳定版
打开并编辑 /etc/default/grub 并设置 GRUB_DEFAULT=0。
执行命令:grub2-mkconfig -o /boot/grub2/grub.cfg
reboot
4.安装sealos
wget https://github.com/labring/sealos/releases/download/v4.3.3/sealos_4.3.3_linux_amd64.tar.gz && tar zxvf sealos_4.3.3_linux_amd64.tar.gz sealos && chmod +x sealos && mv sealos /usr/bin
5.安装k8s
提前安装iptables
环境配置
modprobe br_netfilter
echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables
echo 1 > /proc/sys/net/ipv4/ip_forward
制作sh:init-1
# 注意:helm 版本需要在 3.12.0 及以上!
sealos gen labring/kubernetes:v1.25.6 \
labring/helm:v3.12.0 \
labring/calico:v3.24.1 \
labring/cert-manager:v1.8.0 \
labring/openebs:v3.4.0 \
--masters x.x.x.x \
--nodes y.y.y.y -p [ssh密码] > Clusterfile
# 请修改 Clusterfile 中的 PodSubnet 及 ServiceSubnet
# 默认的 PodSubnet: 100.64.0.0/10
# 默认的 ServiceSubnet: 10.96.0.0/22
sealos apply -f Clusterfile
kubectl get pods -A
~
制作sh:init-2
#!/bin/bash
set -e
cat << EOF > ingress-nginx-config.yaml
apiVersion: apps.sealos.io/v1beta1
kind: Config
metadata:
creationTimestamp: null
name: ingress-nginx-config
spec:
data: |
controller:
hostNetwork: true
kind: DaemonSet
service:
type: NodePort
match: docker.io/labring/ingress-nginx:v1.5.1
path: charts/ingress-nginx/values.yaml
strategy: merge
EOF
sealos run docker.io/labring/kubernetes-reflector:v7.0.151\
docker.io/labring/ingress-nginx:v1.5.1\
docker.io/labring/zot:v1.4.3\
docker.io/labring/kubeblocks:v0.6.2\
--env policy=anonymousPolicy\
--config-file ingress-nginx-config.yaml
echo "patch ingress-nginx-controller tolerations to allow run on master node, if you don't want to run on master node, please ignore this step"
kubectl -n ingress-nginx patch ds ingress-nginx-controller -p '{"spec":{"template":{"spec":{"tolerations":[{"key":"node-role.kubernetes.io/control-plane","operator":"Exists","effect":"NoSchedule"}]}}}}'
echo "waitting for kubeblocks crd created, this may take a while"
while ! kubectl get clusterdefinitions.apps.kubeblocks.io redis >/dev/null 2>&1; do
sleep 5
done
echo "start patch redis clusterdefinition"
kubectl patch clusterdefinitions.apps.kubeblocks.io redis --type='json' -p '[{"op": "add", "path": "/spec/componentDefs/0/podSpec/containers/1/resources/limits", "value": {"cpu":"100m", "memory":"100Mi"}}]'
echo "patch redis success"
echo "wait for all pod to be ready then install Sealos"
kubectl get po -A
制作sh:init-3
#!/bin/bash
# 读取原始证书和密钥文件
tls_crt_file="/root/.acme.sh/[domain]/fullchain.cer"
tls_key_file="/root/.acme.sh/[domain]/[domain].key"
# 使用 base64 转换
tls_crt_base64=$(cat $tls_crt_file | base64 | tr -d '\n')
tls_key_base64=$(cat $tls_key_file | base64 | tr -d '\n')
# 定义 YAML 文件内容
yaml_content="
apiVersion: apps.sealos.io/v1beta1
kind: Config
metadata:
name: secret
spec:
path: manifests/tls-secret.yaml
# please change the match image to your own image
match: docker.io/labring/sealos-cloud:latest
strategy: merge
data: |
data:
tls.crt: $tls_crt_base64
tls.key: $tls_key_base64
"
# 创建新的 cloud-config.yaml 文件
echo "$yaml_content" > tls-secret.yaml
sealos run docker.io/labring/sealos-cloud:latest --env cloudDomain="sealos.wll.wang" --config-file tls-secret.yaml
依次执行