部署K8S流程: 1、基础环境准备,并关闭防火墙 selinux 和 swap,更新软件源、时间同步、安装常用命、开启路由转发。 2、部署 harbor 及 haproxy keeplivad高可用反向代理 3、在所有 master 安装指定版本的 kubeadm 、kubelet、kubectl、docker 4、在所有 node 节点安装指定版本的 kubeadm 、kubelet、docker,在 node 节点 kubectl 为可选安装,看是否需要在 node 执行 kubectl 命令进行集群管理及 pod 管理等操作。 5、master 节点运行 kubeadm init 初始化命令 6、验证 master 节点状态 7、在 node 节点使用 kubeadm 命令将自己加入 k8s master(需要使用 master 生成 token 认 证) 8、验证 node 节点状态 9、创建 pod 并测试网络通信 10、部署 web 服务 Dashboard 11、k8s 集群升级 192.168.80.100 localhost7A.localdomain harbor CentOS 7.7 192.168.80.110 localhost7B.localdomain keepalived haproxy 192.168.80.222 CentOS 7.7 192.168.80.120 localhost7C.localdomain master 192.168.80.222 CentOS 7.7 192.168.80.130 localhost7D.localdomain master 192.168.80.222 CentOS 7.7 192.168.80.140 localhost7E.localdomain master 192.168.80.222 CentOS 7.7 192.168.80.150 localhost7F.localdomain node1 CentOS 7.7 192.168.80.160 localhost7G.localdomain node2 CentOS 7.7 192.168.80.170 localhost7H.localdomain node3 CentOS 7.7
一、部署 harbor
1.同步时间服务 并关闭防火墙和selinux 开启路由转发 [root@localhost7A ~]# ntpdate time1.aliyun.com && hwclock -w [root@localhost7A ~]# echo 1 > /proc/sys/net/ipv4/ip_forward 2.下载YUM源 wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo wget -O /etc/yum.repos.d/docker-ce.repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo 3.安装docker docker-compose yum list docker-ce --showduplicates yum install docker-ce-19.03.15-3.el7 docker-ce-cli-19.03.15-3.el7 -y yum install docker-compose -y systemctl enable docker && systemctl start docker 4.下载harbor 解压 https://github.com/goharbor/harbor/releases/download/v1.7.6/harbor-offline-installer-v1.7.6 tar xvf harbor-offline-installer-v1.7.6.tgz ln -sv /usr/local/src/harbor /usr/local/ cd /usr/local/harbor/ 5.设置harbor配置文件,启动。 [root@localhost7A ~]# grep "^[a-Z]" /usr/local/harbor/harbor.cfg hostname = harbor.zzhz.com ui_url_protocol = http harbor_admin_password = Harbor12345 5.启动 ./install.sh 6.docker 命令登录测试 设置要登录harbor服务器的各节点.master和node节点要下载镜像。 默认下harbor是采用的https登录,如果使用http登录.使用此参数:非安全登录方式,--insecure-registry harbor.zzhz.com [root@localhost7C ~] cat /usr/lib/systemd/system/docker.service [Service] Type=notify # the default is not to use systemd for cgroups because the delegate issues still # exists and systemd currently does not support the cgroup feature set required # for containers run by docker ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --insecure-registry harbor.zzhz.com ExecReload=/bin/kill -s HUP $MAINPID TimeoutSec=0 RestartSec=2 Restart=always [root@localhost7C ~]# systemctl daemon-reload && systemctl restart docker [root@localhost7C ~]# docker login harbor.zzhz.com Username: admin Password: WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded #下载 [root@localhost7C ~]# docker pull nginx [root@localhost7C ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE nginx latest 12766a6745ee 2 weeks ago 141MB #打标签,baseimage先要创建。 [root@localhost7C ~]# docker tag 12766a6745ee harbor.zzhz.com/baseimage/nginx:latest #上传Harbor [root@localhost7C ~]# docker push harbor.zzhz.com/baseimage/nginx:latest 7.web页面登录查看
二、部署haproxy keeplivad高可用反向代理
1.同步时间服务
[root@localhost7B ~]# ntpdate time1.aliyun.com && hwclock -w
开启路由转发
[root@localhost7B ~]# echo 1 > /proc/sys/net/ipv4/ip_forward
2.下载YUM源
[root@localhost7B ~]# wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
[root@localhost7B ~]# wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
3.安装软件
[root@localhost7B ~]# yum install keepalived haproxy -y
4.配置keepalived
[root@localhost7B ~]# cat /etc/keepalived/keepalived.conf
global_defs {
notification_email {
root@localhost
}
notification_email_from root@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id localhost7B
vrrp_iptables
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.18
}
vrrp_instance zzhz {
state MASTER
interface eth0
virtual_router_id 51
priority 95
advert_int 2
authentication {
auth_type PASS
auth_pass centos
}
virtual_ipaddress {
192.168.80.222/24 dev eth0 label eth0:1
}
}
5.配置haproxy
[root@localhost7B ~]# cat /etc/haproxy/haproxy.cfg
global
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
stats socket /var/lib/haproxy/stats
defaults
mode http
option httplog
option dontlognull
option http-server-close
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
listen stats
mode http
bind 0.0.0.0:9999
stats enable
log global
stats uri /haproxy-status
stats auth haadmin:12345
listen k8s-6443
bind 192.168.80.222:6443
mode tcp
balance roundrobin
server 192.168.80.120 192.168.80.120:6443 check inter 2s fall 3 rise 5
server 192.168.80.130 192.168.80.130:6443 check inter 2s fall 3 rise 5
server 192.168.80.140 192.168.80.140:6443 check inter 2s fall 3 rise 5
6.启动服务
[root@localhost7B ~]# systemctl enable keepalived.service haproxy.service
[root@localhost7B ~]# systemctl start keepalived.service
[root@localhost7B ~]# systemctl status keepalived.service
[root@localhost7B ~]# systemctl start haproxy.service
[root@localhost7B ~]# systemctl status haproxy.service
三、部署master
四、部署Node节点设置
五、部署网络组件 flannel
标签:haproxy,harbor,com,192.168,docker,k8s,root From: https://www.cnblogs.com/Yuanbangchen/p/17158579.html