当前位置：首页 > news >正文

离线wordpressseo每天一贴博客

news 2025/8/13 7:07:17

离线wordpress,seo每天一贴博客,企业 wordpress 主题,给公司做网站多钱华子目录 Kubernetes部署说明环境准备工作主机准备harbor搭建k8s集群中的主机名和ip设定k8s集群中设置hosts解析k8s中的所有节点关闭防火墙和selinuxk8s集群中禁用swap分区k8s集群中安装docker-cek8s集群中下载harbor证书k8s集群中配置harbor镜像加速器 k8s节点登录harbor测试 …

华子目录

`Kubernetes`部署说明
环境准备工作
- 主机准备
- `harbor`搭建
- `k8s`集群中的`主机名`和`ip`设定
- `k8s`集群中设置`hosts解析`
- `k8s`中的所有节点关闭`防火墙`和`selinux`
- `k8s`集群中`禁用swap分区`
- `k8s`集群中安装`docker-ce`
- `k8s`集群中`下载harbor证书`
- `k8s`集群中配置`harbor镜像加速器`
`k8s`节点登录`harbor`测试

`Kubernetes`部署说明

K8S中文官网：https://kubernetes.io/zh-cn

主机名	ip	角色
`harbor.huazi.org`	`172.25.254.250`	`harbor仓库`
`k8s-master.org`	`172.25.254.100`	`master`，`k8s`集群`控制节点`
`k8s-node1.org`	`172.25.254.10`	`worker`，`k8s`集群`工作节点`
`k8s-node2.org`	`172.25.254.20`	`worker`，`k8s`集群`工作节点`

要求：除了harbor服务器的所有k8s节点

所有节点禁用selinux和防火墙
所有节点同步时间和解析
所有节点安装docker-ce
所有节点禁用swap，注意注释掉/etc/fstab文件中的定义（因为k8s集群中容器对内存要求非常高，如果不禁用swap，一些容器就会存到swap中，这样可能会使你的容器暂停或者运行缓慢）

环境准备工作

主机准备

在这里插入图片描述

`harbor`搭建

harbor的搭建，我们可以参考这篇博客：
https://blog.csdn.net/huaz_md/article/details/142671140?spm=1001.2014.3001.5501

这里博主只写出几个关键的操作

制作https的证书和key

[root@harbor ~]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout certs/huazi.org.key -addext "subjectAltName = DNS:harbor.huazi.org" -x509 -days 365 -out certs/huazi.org.crt
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:shanxi
Locality Name (eg, city) [Default City]:xi'an
Organization Name (eg, company) [Default Company Ltd]:docker
Organizational Unit Name (eg, section) []:registry
Common Name (eg, your name or your server's hostname) []:harbor.huazi.org
Email Address []:admin@huazi.org

修改harbor的配置文件

[root@harbor harbor]# cp harbor.yml.tmpl harbor.yml
[root@harbor harbor]# vim harbor.yml

在这里插入图片描述

启动harbor

[root@harbor harbor]# ./install.sh --with-chartmuseum

关闭防火墙和selinux

[root@harbor ~]# systemctl is-active firewalld.service
inactive
[root@harbor ~]# getenforce
Disabled

`k8s`集群中的`主机名`和`ip`设定

k8s-master

[root@k8s-master ~]# hostname -I
172.25.254.100

[root@k8s-master ~]# hostnamectl hostname k8s-master.org
[root@k8s-master ~]# hostname
k8s-master.org

k8s-node1

[root@k8s-node1 ~]# hostname -I
172.25.254.10

[root@k8s-node1 ~]# hostnamectl hostname k8s-node1.org
[root@k8s-node1 ~]# hostname
k8s-node1.org

k8s-node2

[root@k8s-node2 ~]# hostname -I
172.25.254.20

[root@k8s-node2 ~]# hostnamectl hostname k8s-node2.org
[root@k8s-node2 ~]# hostname
k8s-node2.org

`k8s`集群中设置`hosts解析`

k8s-master

[root@k8s-master ~]# vim /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
172.25.254.100   k8s-master.org
172.25.254.10    k8s-node1.org
172.25.254.20    k8s-node2.org
172.25.254.250   harbor.huazi.org

k8s-node1（这里我们使用scp命令）

[root@k8s-master ~]# scp   /etc/hosts   root@172.25.254.10:/etc/hosts
The authenticity of host '172.25.254.10 (172.25.254.10)' can't be established.
ED25519 key fingerprint is SHA256:oRI0QHrpuaAH8E6hepK2f2FymklDq9LifjGxkU86pMg.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '172.25.254.10' (ED25519) to the list of known hosts.
root@172.25.254.10's password:
hosts                                                         100%  286   253.6KB/s   00:00[root@k8s-node1 ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
172.25.254.100   k8s-master.org
172.25.254.10    k8s-node1.org
172.25.254.20    k8s-node2.org
172.25.254.250   harbor.huazi.org

k8s-node2（这里我们使用scp命令）

[root@k8s-master ~]# scp   /etc/hosts   root@172.25.254.20:/etc/hosts
The authenticity of host '172.25.254.20 (172.25.254.20)' can't be established.
ED25519 key fingerprint is SHA256:oRI0QHrpuaAH8E6hepK2f2FymklDq9LifjGxkU86pMg.
This host key is known by the following other names/addresses:~/.ssh/known_hosts:1: 172.25.254.10
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '172.25.254.20' (ED25519) to the list of known hosts.
root@172.25.254.20's password:
hosts                                                         100%  286   431.8KB/s   00:00[root@k8s-node2 ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
172.25.254.100   k8s-master.org
172.25.254.10    k8s-node1.org
172.25.254.20    k8s-node2.org
172.25.254.250   harbor.huazi.org

ping测试

[root@k8s-master ~]# ping harbor.huazi.org
PING harbor.huazi.org (172.25.254.250) 56(84) 比特的数据。
64 比特，来自 harbor.huazi.org (172.25.254.250): icmp_seq=1 ttl=64 时间=0.629 毫秒
64 比特，来自 harbor.huazi.org (172.25.254.250): icmp_seq=2 ttl=64 时间=0.288 毫秒
^C
--- harbor.huazi.org ping 统计 ---
已发送 2 个包， 已接收 2 个包, 0% packet loss, time 1061ms
rtt min/avg/max/mdev = 0.288/0.458/0.629/0.170 ms
[root@k8s-master ~]# ping k8s-node1.org
PING k8s-node1.org (172.25.254.10) 56(84) 比特的数据。
64 比特，来自 k8s-node1.org (172.25.254.10): icmp_seq=1 ttl=64 时间=0.422 毫秒
64 比特，来自 k8s-node1.org (172.25.254.10): icmp_seq=2 ttl=64 时间=0.339 毫秒
^C
--- k8s-node1.org ping 统计 ---
已发送 2 个包， 已接收 2 个包, 0% packet loss, time 1038ms
rtt min/avg/max/mdev = 0.339/0.380/0.422/0.041 ms
[root@k8s-master ~]# ping k8s-node2.org
PING k8s-node2.org (172.25.254.20) 56(84) 比特的数据。
64 比特，来自 k8s-node2.org (172.25.254.20): icmp_seq=1 ttl=64 时间=0.660 毫秒
64 比特，来自 k8s-node2.org (172.25.254.20): icmp_seq=2 ttl=64 时间=0.256 毫秒
64 比特，来自 k8s-node2.org (172.25.254.20): icmp_seq=3 ttl=64 时间=0.666 毫秒
^C
--- k8s-node2.org ping 统计 ---
已发送 3 个包， 已接收 3 个包, 0% packet loss, time 2078ms
rtt min/avg/max/mdev = 0.256/0.527/0.666/0.191 ms

`k8s`中的所有节点关闭`防火墙`和`selinux`

k8s-master

[root@k8s-master ~]# systemctl is-active firewalld.service
inactive
[root@k8s-master ~]# getenforce
Disabled

k8s-node1

[root@k8s-node1 ~]# systemctl is-active firewalld.service
inactive
[root@k8s-node1 ~]# getenforce
Disabled

k8s-node2

[root@k8s-node2 ~]# systemctl is-active firewalld.service
inactive
[root@k8s-node2 ~]# getenforce
Disabled

`k8s`集群中`禁用swap分区`

k8s-master

[root@k8s-master ~]# vim /etc/fstab

在这里插入图片描述

[root@k8s-master ~]# swapon -s
Filename                                Type            Size            Used            Priority
/dev/nvme0n1p2                          partition       2097148         0               -2
[root@k8s-master ~]# swapoff -a
[root@k8s-master ~]# swapon -s  #发现swap分区已经没了
[root@k8s-master ~]#

k8s-node1

[root@k8s-node1 ~]# vim /etc/fstab

在这里插入图片描述

[root@k8s-node1 ~]# systemctl mask swap.target
Created symlink /etc/systemd/system/swap.target → /dev/null.
[root@k8s-node1 ~]# swapoff -a
[root@k8s-node1 ~]# swapon -s

k8s-node2

[root@k8s-node2 ~]# vim /etc/fstab

在这里插入图片描述

[root@k8s-node2 ~]# systemctl mask swap.target
Created symlink /etc/systemd/system/swap.target → /dev/null.
[root@k8s-node2 ~]# swapoff -a
[root@k8s-node2 ~]# swapon -s

`k8s`集群中安装`docker-ce`

[root@k8s-master yum.repos.d]# vim redhat.repo
[docker]
name=docker-ce
baseurl=https://mirrors.aliyun.com/docker-ce/linux/rhel/9/x86_64/stable/
gpgcheck=0[root@k8s-master yum.repos.d]# scp /etc/yum.repos.d/redhat.repo root@172.25.254.10:/etc/yum.repos.d/
root@172.25.254.10's password:
redhat.repo                                                   100%  108   130.7KB/s   00:00[root@k8s-master yum.repos.d]# scp /etc/yum.repos.d/redhat.repo root@172.25.254.20:/etc/yum.repos.d/
root@172.25.254.20's password:
redhat.repo                                                   100%  108   180.7KB/s   00:00

k8s-master

[root@k8s-master ~]# yum install docker-ce -y[root@k8s-master ~]# systemctl enable --now docker

k8s-node1

[root@k8s-node1 ~]# yum install docker-ce -y[root@k8s-node1 ~]# systemctl enable --now docker

k8s-node2

[root@k8s-node2 ~]# yum install docker-ce -y[root@k8s-node2 ~]# systemctl enable --now docker

当我们在执行docker info后，出现了如下WARNING，如何处理呢

[root@k8s-master ~]# docker info
......
......
......
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled

[root@k8s-master ~]# echo br_netfilter > /etc/modules-load.d/docker_mod.conf[root@k8s-master ~]# modprobe br_netfilter[root@k8s-master ~]# vim /etc/sysctl.d/docker.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1[root@k8s-master ~]# sysctl --system[root@k8s-master ~]# systemctl restart docker

[root@k8s-node1 ~]# echo br_netfilter > /etc/modules-load.d/docker_mod.conf[root@k8s-node1 ~]# modprobe br_netfilter[root@k8s-node1 ~]# vim /etc/sysctl.d/docker.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1[root@k8s-node1 ~]# sysctl --system[root@k8s-node1 ~]# systemctl restart docker

[root@k8s-node2 ~]# echo br_netfilter > /etc/modules-load.d/docker_mod.conf[root@k8s-node2 ~]# modprobe br_netfilter[root@k8s-node2 ~]# vim /etc/sysctl.d/docker.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1[root@k8s-node2 ~]# sysctl --system[root@k8s-node2 ~]# systemctl restart docker

再次docker info时，就没有WARNING了

`k8s`集群中`下载harbor证书`

k8s-master

[root@k8s-master ~]# mkdir -p /etc/docker/certs.d/harbor.huazi.org/[root@k8s-master ~]# scp    root@harbor.huazi.org:/root/certs/huazi.org.crt   /etc/docker/certs.d/harbor.huazi.org/ca.crt
The authenticity of host 'harbor.huazi.org (172.25.254.250)' can't be established.
ED25519 key fingerprint is SHA256:wkrDVNwOtwB4XhstKSlH+BEeO8JE3gp9NDIKRe6aMu0.
This host key is known by the following other names/addresses:~/.ssh/known_hosts:5: 172.25.254.250
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'harbor.huazi.org' (ED25519) to the list of known hosts.
root@harbor.huazi.org's password:
huazi.org.crt                                                          100% 2175     1.9MB/s   00:00[root@k8s-master ~]# ll /etc/docker/certs.d/harbor.huazi.org/ca.crt
-rw-r--r-- 1 root root 2163 10月  2 05:19 /etc/docker/certs.d/harbor.huazi.org/ca.crt[root@k8s-master ~]# systemctl restart docker

k8s-node1

[root@k8s-node1 ~]# mkdir -p /etc/docker/certs.d/harbor.huazi.org/[root@k8s-node1 ~]# scp    root@harbor.huazi.org:/root/certs/huazi.org.crt   /etc/docker/certs.d/harbor.huazi.org/ca.crt
root@harbor.huazi.org's password:
huazi.org.crt                                                          100% 2175     2.4MB/s   00:00[root@k8s-node1 ~]# ll /etc/docker/certs.d/harbor.huazi.org/ca.crt
-rw-r--r-- 1 root root 2175 10月  2 05:55 /etc/docker/certs.d/harbor.huazi.org/ca.crt[root@k8s-node1 ~]# systemctl restart docker

k8s-node2

[root@k8s-node2 ~]# mkdir -p /etc/docker/certs.d/harbor.huazi.org/[root@k8s-node2 ~]# scp    root@harbor.huazi.org:/root/certs/huazi.org.crt   /etc/docker/certs.d/harbor.huazi.org/ca.crt
root@harbor.huazi.org's password:
huazi.org.crt                                                          100% 2175     2.5MB/s   00:00[root@k8s-node2 ~]# ll /etc/docker/certs.d/harbor.huazi.org/ca.crt
-rw-r--r-- 1 root root 2175 10月  2 05:57 /etc/docker/certs.d/harbor.huazi.org/ca.crt[root@k8s-node2 ~]# systemctl restart docker

`k8s`集群中配置`harbor镜像加速器`

k8s-master

[root@k8s-master ~]# cd /etc/docker/
[root@k8s-master docker]# ls
certs.d
[root@k8s-master docker]# vim daemon.json
{"registry-mirrors": ["https://harbor.huazi.org"]
}
[root@k8s-master docker]# systemctl restart docker[root@k8s-master ~]# docker info
......
......
......Registry Mirrors:https://harbor.huazi.org/

k8s-node1

[root@k8s-node1 ~]# cd /etc/docker/
[root@k8s-node1 docker]# ls
certs.d
[root@k8s-node1 docker]# vim daemon.json
{"registry-mirrors": ["https://harbor.huazi.org"]
}
[root@k8s-node1 docker]# cd
[root@k8s-node1 ~]# systemctl restart docker[root@k8s-node1 ~]# docker info
......
......
......Registry Mirrors:https://harbor.huazi.org/

k8s-node2

[root@k8s-node2 ~]# cd /etc/docker/
[root@k8s-node2 docker]# ls
certs.d
[root@k8s-node2 docker]# vim daemon.json
{"registry-mirrors": ["https://harbor.huazi.org"]
}
[root@k8s-node2 docker]# cd
[root@k8s-node2 ~]# systemctl restart docker[root@k8s-node2 ~]# docker info
......
......
......Registry Mirrors:https://harbor.huazi.org/

`k8s`节点登录`harbor`测试

k8s-master

[root@k8s-master ~]# docker login harbor.huazi.org
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credential-storesLogin Succeeded

k8s-node1

[root@k8s-node1 ~]# docker login harbor.huazi.org
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credential-storesLogin Succeeded

k8s-node2

[root@k8s-node2 ~]# docker login harbor.huazi.org
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credential-storesLogin Succeeded

至此kubernetes环境搭建成功