k8s—admin部署dashboard部署harbor仓库搭建
Posted 丁CCCCC
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了k8s—admin部署dashboard部署harbor仓库搭建相关的知识,希望对你有一定的参考价值。
步骤
一、集群部署
1.1 准备工作
master :192.168.253.11(2c4g)
服务:docker、kubeadm、kubelet、kubectl、flannel
node1 :192.168.253.22(2c2g)
服务:docker、kubeadm、kubelet、kubectl、flannel
node2:192.168.253.33(2c2g)
服务:docker、kubeadm、kubelet、kubectl、flannel
#关闭防火墙
systemctl stop firewalld
systemctl disable firewalld
setenforce 0
#情况防火墙规则
iptables -F
#关闭交换分区
swapoff -a
#加载ip_vs模块
for i in $(ls /usr/lib/modules/$(uname -r)/kernel/net/netfilter/ipvs|grep -o "^[^.]*");do echo $i; /sbin/modinfo -F filename $i >/dev/null 2>&1 && /sbin/modprobe $i;done
#修改各节点名字
hostnamectl set-hostname master
hostnamectl set-hostname node1
hostnamectl set-hostname node2
#各节点hosts文件内添加
vim /etc/hosts
192.168.253.11 master
192.168.253.22 node1
192.168.253.33 node2
#调整内核参数
cat > /etc/sysctl.d/kubernetes.conf << EOF
net.bridge.bridge-nf-call-ip6tables=1
net.bridge.bridge-nf-call-iptables=1
net.ipv6.conf.all.disable_ipv6=1
net.ipv4.ip_forward=1
EOF
#生效参数
sysctl --system
1.2 全节点安装服务
安装docker服务
#安装
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum install -y docker-ce docker-ce-cli containerd.io
#systemd管理的cgroup进行资源管理和控制
#日志用json-file格式存储,大小为100m
mkdir /etc/docker
cat > /etc/docker/daemon.json <<EOF
"registry-mirrors": ["https://6ijb8ubo.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts":
"max-size": "100m"
EOF
#重启并设置自启
systemctl daemon-reload
systemctl restart docker.service
systemctl enable docker.service
docker info | grep "Cgroup Driver"
安装kubeadm、kubelet、kubectl
#kubernetes源
cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
#安装
yum install -y kubelet-1.15.1 kubeadm-1.15.1 kubectl-1.15.1
#开机自启kubelet
systemctl enable kubelet.service
1.3 各节点设置
上传压缩包
cd /opt
tar zxvf kubeadm-basic.images.tar.gz
for i in $(ls /opt/kubeadm-basic.images/*.tar); do docker load -i $i; done
#发送至其他节点
scp -r kubeadm-basic.images root@192.168.253.22:/opt
scp -r kubeadm-basic.images root@192.168.253.33:/opt
#node节点也需要执行
for i in $(ls /opt/kubeadm-basic.images/*.tar); do docker load -i $i; done
初始化kubeadm
kubeadm config print init-defaults > /opt/kubeadm-config.yaml
cd /opt/
vim kubeadm-config.yaml
#指定master节点的IP地址
12 advertiseAddress: 192.168.253.11
#指定kubernetes版本号
34 kubernetesVersion: v1.15.1
#36行下添加pod网段
37 podSubnet: "10.244.0.0/16"
#指定service网段
38 serviceSubnet: 10.96.0.0/16
#39行下添加
---
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
featureGates:
SupportIPVSProxyMode: true
mode: ipvs
#--experimental-upload-certs 参数可以在后续执行加入节点时自动分发证书文件,k8sV1.16版本开始替换为 --upload-certs
#tee kubeadm-init.log 用以输出日志
kubeadm init --config=kubeadm-config.yaml --experimental-upload-certs | tee kubeadm-init.log
#查看 kubeadm-init 日志
less kubeadm-init.log
#kubernetes配置文件目录
ls /etc/kubernetes/
#存放ca等证书和密码的目录
ls /etc/kubernetes/pki
根据提示信息完成下一步
#设定kubectl
kubectl需经由API server认证及授权后方能执行相应的管理操作,kubeadm 部署的集群为其生成了一个具有管理员权限的认证配置文件 /etc/kubernetes/admin.conf,它可由 kubectl 通过默认的 “$HOME/.kube/config” 的路径进行加载。
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
#在 node 节点上执行 kubeadm join 命令加入群集
kubeadm join 192.168.253.11:6443 --token abcdef.0123456789abcdef \\
--discovery-token-ca-cert-hash sha256:75db3743f5c5194d1077a5293099e9022095dd6b094186c8cb860edb7c8f31b4
所有节点部署网络插件flannel
#所有节点上传flannel镜像 flannel.tar 到 /opt 目录,master节点上传 kube-flannel.yml 文件
#解压缩
cd /opt
docker load < flannel.tar
在 master 节点创建 flannel 资源
kubectl apply -f kube-flannel.yml
查看节点状态
kubectl get pods -n kube-system
kubectl get nodes
1.4 测试
#创建一个pod资源
kubectl create deployment nginx --image=nginx
kubectl get pods -o wide
#暴露端口提供服务
kubectl expose deployment nginx --port=80 --type=NodePort
kubectl get svc
测试网页
curl 192.168.253.22:31939
扩展多个副本
kubectl scale deployment nginx --replicas=3
二、dashboard部署
全节点设置
#全节点上传dashboard镜像 dashboard.tar 到 /opt 目录
#master节点再上传kubernetes-dashboard.yaml文件
cd /opt/
docker load < dashboard.tar
#master节点
kubectl apply -f kubernetes-dashboard.yaml
#查看状态
kubectl get pods,svc -n kube-system -o wide
访问网站
https://192.168.253.33:30001
创建service account并绑定默认cluster-admin管理员集群角色
kubectl create serviceaccount dashboard-admin -n kube-system
kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
获取令牌密钥
kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk '/dashboard-admin/print $1')
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4td3Q3amsiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiZDBhZjk2NDUtZjZjZi00MTE3LTkyNzQtY2NhOTM1NzNlMmM2Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.tga62VbNuY1TocRJY34oN4mwpnrW1YHKke2fj2Pr_lJnTO1KIF7zaTo29cTpR9mYeUP-Ytw8mQXy3cCLOGSzNSLHGbjAY10qOBsOPETcd3ML5XU0Dc0kwS5yr2YP8hrWjBvoRNbHNTVoSX28f-CfAGcn3DcsT3uYzT0-nb3xt-IVdchQHgMhLZQCnv-mzN623Py5K2voKFVue8NmOGI6zSaJA8pxAuLs7jLAG1ikedqzOmw61bm-4VfVqcr5Esne9XNosQA-oj2loHU9AW4haYHJCwQgJTLlQtcQEhwizUfKA4zNX3A0tqeUjmdcBzKXfqhMphv3RvH35FYffZEpxQ
复制token令牌直接登录网站
三、harbor私有仓库部署
3.1 准备工作
harbor服务器:192.168.253.44
#修改主机名
hostnamectl set-hostname hub.dcc.com
#所有节点加上主机名映射
echo '192.168.253.44 hub.dcc.com' >> /etc/hosts
3.2 服务设置
docker安装
#安装 docker
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum install -y docker-ce docker-ce-cli containerd.io
#全节点添加以下内容
mkdir /etc/docker
cat > /etc/docker/daemon.json <<EOF
"registry-mirrors": ["https://6ijb8ubo.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts":
"max-size": "100m"
,
"insecure-registries": ["https://hub.dcc.com"]
EOF
systemctl start docker
systemctl enable docker
安装harbor
#上传软件包
cd /opt
cp docker-compose /usr/local/bin/
chmod +x /usr/local/bin/docker-compose
tar zxvf harbor-offline-installer-v1.2.2.tgz
修改配置文件
cd harbor/
vim harbor.cfg
#修改以下行数
5 hostname = hub.dcc.com
9 ui_url_protocol = https
24 ssl_cert = /data/cert/server.crt
25 ssl_cert_key = /data/cert/server.key
59 harbor_admin_password = Harbor12345
生成证书及私钥
mkdir -p /data/cert
cd /data/cert
openssl genrsa -des3 -out server.key 2048
密码输入:123456
生成证书签名请求文件
openssl req -new -key server.key -out server.csr
Enter pass phrase for server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:js
Locality Name (eg, city) [Default City]:nj
Organization Name (eg, company) [Default Company Ltd]:dcc
Organizational Unit Name (eg, section) []:dcc
Common Name (eg, your name or your server's hostname) []:hub.dcc.com
Email Address []:admin@dcc.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
备份私钥
cp server.key server.key.org
清除私钥密码
openssl rsa -in server.key.org -out server.key
输入私钥密码:123456
签名证书
openssl x509 -req -days 1000 -in server.csr -signkey server.key -out server.crt
chmod +x /data/cert/*
cd /opt/harbor/
./install.sh
访问
浏览器访问:https://hub.dcc.com
用户名:admin
密码:Harbor12345
其他节点登录
docker login -u admin -p Harbor12345 https://hub.dcc.com
上传镜像
#改名
docker tag nginx:latest hub.dcc.com/library/nginx:v1
#上传
docker push hub.dcc.com/library/nginx:v1
master节点测试
#删除现有nginx镜像
kubectl delete deployment nginx
#下载三个
kubectl run nginx-deployment --image=hub.dcc.com/library/nginx:v1 --port=80 --replicas=3
kubectl expose deployment nginx-deployment --port=30000 --target-port=80
kubectl get svc,pods
kubectl edit svc nginx-deployment
#修改调度策略
25 type: NodePort
kubectl get svc
浏览器访问
http://192.168.253.11:32628/
http://192.168.253.22:32628/
http://192.168.253.33:32628/
以上是关于k8s—admin部署dashboard部署harbor仓库搭建的主要内容,如果未能解决你的问题,请参考以下文章
k8s—admin部署dashboard部署harbor仓库搭建