k8s—admin部署dashboard部署harbor仓库搭建

Posted 丁CCCCC

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了k8s—admin部署dashboard部署harbor仓库搭建相关的知识,希望对你有一定的参考价值。

步骤

一、集群部署

1.1 准备工作

master :192.168.253.11(2c4g)
服务:docker、kubeadm、kubelet、kubectl、flannel

node1 :192.168.253.22(2c2g)
服务:docker、kubeadm、kubelet、kubectl、flannel

node2:192.168.253.33(2c2g)
服务:docker、kubeadm、kubelet、kubectl、flannel

#关闭防火墙
systemctl stop firewalld
systemctl disable firewalld
setenforce 0

#情况防火墙规则
iptables -F

#关闭交换分区
swapoff -a


#加载ip_vs模块
for i in $(ls /usr/lib/modules/$(uname -r)/kernel/net/netfilter/ipvs|grep -o "^[^.]*");do echo $i; /sbin/modinfo -F filename $i >/dev/null 2>&1 && /sbin/modprobe $i;done

#修改各节点名字
hostnamectl set-hostname master
hostnamectl set-hostname node1
hostnamectl set-hostname node2

#各节点hosts文件内添加
vim /etc/hosts
192.168.253.11 master
192.168.253.22 node1
192.168.253.33 node2

#调整内核参数
cat > /etc/sysctl.d/kubernetes.conf << EOF
net.bridge.bridge-nf-call-ip6tables=1
net.bridge.bridge-nf-call-iptables=1
net.ipv6.conf.all.disable_ipv6=1
net.ipv4.ip_forward=1
EOF

#生效参数
sysctl --system

1.2 全节点安装服务

安装docker服务

#安装
yum install -y yum-utils device-mapper-persistent-data lvm2 
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo 
yum install -y docker-ce docker-ce-cli containerd.io

#systemd管理的cgroup进行资源管理和控制
#日志用json-file格式存储,大小为100m
mkdir /etc/docker
cat > /etc/docker/daemon.json <<EOF

  "registry-mirrors": ["https://6ijb8ubo.mirror.aliyuncs.com"],
  "exec-opts": ["native.cgroupdriver=systemd"],
  "log-driver": "json-file",
  "log-opts": 
    "max-size": "100m"
  

EOF

#重启并设置自启
systemctl daemon-reload
systemctl restart docker.service
systemctl enable docker.service 

docker info | grep "Cgroup Driver"

安装kubeadm、kubelet、kubectl

#kubernetes源
cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

#安装
yum install -y kubelet-1.15.1 kubeadm-1.15.1 kubectl-1.15.1

#开机自启kubelet
systemctl enable kubelet.service

1.3 各节点设置

上传压缩包

cd /opt
tar zxvf kubeadm-basic.images.tar.gz

for i in $(ls /opt/kubeadm-basic.images/*.tar); do docker load -i $i; done

#发送至其他节点
scp -r kubeadm-basic.images root@192.168.253.22:/opt
scp -r kubeadm-basic.images root@192.168.253.33:/opt

#node节点也需要执行
for i in $(ls /opt/kubeadm-basic.images/*.tar); do docker load -i $i; done

初始化kubeadm

kubeadm config print init-defaults > /opt/kubeadm-config.yaml

cd /opt/
vim kubeadm-config.yaml

#指定master节点的IP地址
12   advertiseAddress: 192.168.253.11

#指定kubernetes版本号
34 kubernetesVersion: v1.15.1

#36行下添加pod网段
37   podSubnet: "10.244.0.0/16"

#指定service网段
38   serviceSubnet: 10.96.0.0/16

#39行下添加
---
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
featureGates:
  SupportIPVSProxyMode: true
mode: ipvs

#--experimental-upload-certs 参数可以在后续执行加入节点时自动分发证书文件,k8sV1.16版本开始替换为 --upload-certs
#tee kubeadm-init.log 用以输出日志
kubeadm init --config=kubeadm-config.yaml --experimental-upload-certs | tee kubeadm-init.log

#查看 kubeadm-init 日志
less kubeadm-init.log

#kubernetes配置文件目录
ls /etc/kubernetes/

#存放ca等证书和密码的目录
ls /etc/kubernetes/pki

根据提示信息完成下一步

#设定kubectl
kubectl需经由API server认证及授权后方能执行相应的管理操作,kubeadm 部署的集群为其生成了一个具有管理员权限的认证配置文件 /etc/kubernetes/admin.conf,它可由 kubectl 通过默认的 “$HOME/.kube/config” 的路径进行加载。

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config


#在 node 节点上执行 kubeadm join 命令加入群集
kubeadm join 192.168.253.11:6443 --token abcdef.0123456789abcdef \\
    --discovery-token-ca-cert-hash sha256:75db3743f5c5194d1077a5293099e9022095dd6b094186c8cb860edb7c8f31b4

所有节点部署网络插件flannel

#所有节点上传flannel镜像 flannel.tar 到 /opt 目录,master节点上传 kube-flannel.yml 文件
#解压缩
cd /opt
docker load < flannel.tar

在 master 节点创建 flannel 资源

kubectl apply -f kube-flannel.yml

查看节点状态

kubectl get pods -n kube-system

kubectl get nodes

1.4 测试

#创建一个pod资源
kubectl create deployment nginx --image=nginx

kubectl get pods -o wide

#暴露端口提供服务
kubectl expose deployment nginx --port=80 --type=NodePort


kubectl get svc

测试网页

curl 192.168.253.22:31939

扩展多个副本

kubectl scale deployment nginx --replicas=3

二、dashboard部署

全节点设置

#全节点上传dashboard镜像 dashboard.tar 到 /opt 目录
#master节点再上传kubernetes-dashboard.yaml文件
cd /opt/
docker load < dashboard.tar

#master节点
kubectl apply -f kubernetes-dashboard.yaml

#查看状态
kubectl get pods,svc -n kube-system -o wide

访问网站

https://192.168.253.33:30001

创建service account并绑定默认cluster-admin管理员集群角色

kubectl create serviceaccount dashboard-admin -n kube-system

kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin

获取令牌密钥

kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk '/dashboard-admin/print $1')

token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4td3Q3amsiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiZDBhZjk2NDUtZjZjZi00MTE3LTkyNzQtY2NhOTM1NzNlMmM2Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.tga62VbNuY1TocRJY34oN4mwpnrW1YHKke2fj2Pr_lJnTO1KIF7zaTo29cTpR9mYeUP-Ytw8mQXy3cCLOGSzNSLHGbjAY10qOBsOPETcd3ML5XU0Dc0kwS5yr2YP8hrWjBvoRNbHNTVoSX28f-CfAGcn3DcsT3uYzT0-nb3xt-IVdchQHgMhLZQCnv-mzN623Py5K2voKFVue8NmOGI6zSaJA8pxAuLs7jLAG1ikedqzOmw61bm-4VfVqcr5Esne9XNosQA-oj2loHU9AW4haYHJCwQgJTLlQtcQEhwizUfKA4zNX3A0tqeUjmdcBzKXfqhMphv3RvH35FYffZEpxQ

复制token令牌直接登录网站

三、harbor私有仓库部署

3.1 准备工作

harbor服务器:192.168.253.44

#修改主机名
hostnamectl set-hostname hub.dcc.com

#所有节点加上主机名映射
echo '192.168.253.44 hub.dcc.com' >> /etc/hosts

3.2 服务设置

docker安装

#安装 docker
yum install -y yum-utils device-mapper-persistent-data lvm2 
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo 
yum install -y docker-ce docker-ce-cli containerd.io

#全节点添加以下内容
mkdir /etc/docker
cat > /etc/docker/daemon.json <<EOF

  "registry-mirrors": ["https://6ijb8ubo.mirror.aliyuncs.com"],
  "exec-opts": ["native.cgroupdriver=systemd"],
  "log-driver": "json-file",
  "log-opts": 
    "max-size": "100m"
  ,
  "insecure-registries": ["https://hub.dcc.com"]

EOF

systemctl start docker
systemctl enable docker

安装harbor

#上传软件包
cd /opt
cp docker-compose /usr/local/bin/
chmod +x /usr/local/bin/docker-compose

tar zxvf harbor-offline-installer-v1.2.2.tgz

修改配置文件

cd harbor/
vim harbor.cfg

#修改以下行数
5  hostname = hub.dcc.com
9  ui_url_protocol = https
24 ssl_cert = /data/cert/server.crt
25 ssl_cert_key = /data/cert/server.key
59 harbor_admin_password = Harbor12345

生成证书及私钥

mkdir -p /data/cert
cd /data/cert

openssl genrsa -des3 -out server.key 2048
密码输入:123456

生成证书签名请求文件

openssl req -new -key server.key -out server.csr

Enter pass phrase for server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:js
Locality Name (eg, city) [Default City]:nj
Organization Name (eg, company) [Default Company Ltd]:dcc
Organizational Unit Name (eg, section) []:dcc
Common Name (eg, your name or your server's hostname) []:hub.dcc.com
Email Address []:admin@dcc.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

备份私钥

cp server.key server.key.org

清除私钥密码

openssl rsa -in server.key.org -out server.key
输入私钥密码:123456

签名证书

openssl x509 -req -days 1000 -in server.csr -signkey server.key -out server.crt

chmod +x /data/cert/*

cd /opt/harbor/
./install.sh

访问

浏览器访问:https://hub.dcc.com

用户名:admin

密码:Harbor12345

其他节点登录

docker login -u admin -p Harbor12345 https://hub.dcc.com

上传镜像

#改名
docker tag nginx:latest hub.dcc.com/library/nginx:v1

#上传
docker push hub.dcc.com/library/nginx:v1

master节点测试

#删除现有nginx镜像
kubectl delete deployment nginx

#下载三个
kubectl run nginx-deployment --image=hub.dcc.com/library/nginx:v1 --port=80 --replicas=3

kubectl expose deployment nginx-deployment --port=30000 --target-port=80
kubectl get svc,pods

kubectl edit svc nginx-deployment
#修改调度策略
  25   type: NodePort

kubectl get svc

浏览器访问

http://192.168.253.11:32628/
http://192.168.253.22:32628/
http://192.168.253.33:32628/


以上是关于k8s—admin部署dashboard部署harbor仓库搭建的主要内容,如果未能解决你的问题,请参考以下文章

k8s—admin部署dashboard部署harbor仓库搭建

k8s—admin部署dashboard部署harbor仓库搭建

K8S各部署方式

K8S各部署方式

K8S各部署方式

K8S各部署方式