Linux搭建kubernetes集群_v1.15.1版(非高可用)+Harbor私有仓库搭建(二)
2021/5/6 7:27:29
本文主要是介绍Linux搭建kubernetes集群_v1.15.1版(非高可用)+Harbor私有仓库搭建(二),对大家解决编程问题具有一定的参考价值,需要的程序猿们随着小编来一起学习吧!
linux搭建k8s集群1.15.1版+K8s搭建Harbor私有仓库(二)
Harbor私有仓库搭建
前期准备:
一台虚拟机:
配置:2G内存 +1核处理器+100G硬盘+1张NAT网卡
镜像:CentOS-7-x86_64-DVD-1810.iso
虚拟机安装完成之后对其进行配网
ip为:192.168.66.100
主机名:hub.atguigu.com
基本配置
1.1 修改主机名
[root@localhost ~]# hostnamectl set-hostname hub.atguigu.com [root@localhost ~]# bash [root@hub ~]#
1.2 编写hosts配置文件
[root@hub ~]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.66.100 hub.atguigu.com 192.168.66.10 k8s-master 192.168.66.20 k8s-node1 192.168.66.21 k8s-node2
1.3 安装所需依赖包
[root@hub ~]# yum install -y conntrack ntpdate ntp ipvsadm ipset jq iptables curl sysstat libseccomp wget vim net-tools git
1.4 关闭防火墙+iptables设置空规则
[root@hub ~]# systemctl stop firewalld && systemctl disable firewalld Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service. Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service. [root@hub ~]# yum -y install iptables-services && systemctl start iptables && systemctl enable iptables && iptables -F && service iptables save
1.4 关闭Selinux
[root@hub ~]# swapoff -a && sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab [root@hub ~]# setenforce 0 && sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config
1.5 设置rsyslogd和systemd journal
[root@hub ~]# mkdir /var/log/journal [root@hub ~]# mkdir /etc/systemd/journald.conf.d [root@hub ~]# cat > /etc/systemd/journald.conf.d/99-prophet.conf <<EOF [Journal] Storage=persistent Compress=yes SyncIntervalSec=5m RateLimitInterval=30s RateLimitBurst=1000 SystemMaxUse=10G SystemMaxFileSize=200M MaxRetentionSec=2week ForwardToSyslog=no EOF [root@hub ~]# systemctl restart systemd-journald
1.6 调整系统时区
设置系统时区为 中国/shanghai
[root@hub ~]# timedatectl set-timezone Asia/Shanghai
将当前的 UTC 时间写入硬件时钟
[root@hub ~]# timedatectl set-local-rtc 0
安装时间同步
时间需与当前物理机时间一致(与本机电脑时间)
[root@hub ~]# systemctl enable chronyd && systemctl restart chronyd [root@hub ~]# date 2021年 05月 05日 星期三 17:51:23 CST
1.7 关闭系统不需要的服务避免资源被占用
[root@hub ~]# systemctl stop postfix && systemctl disable postfix Removed symlink /etc/systemd/system/multi-user.target.wants/postfix.service.
1.8 升级系统内核
[root@hub ~]# rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm [root@hub ~]# yum --enablerepo=elrepo-kernel install -y kernel-lt
设置开机从新内核启动
随着时间推移内核版本也会更新,升级完成以后内核版本号你我可能会不一致,只需在cat查看时选择你当前系统中所在的版本号即可
[root@hub ~]# grub2-editenv list
saved_entry=CentOS Linux (3.10.0-957.el7.x86_64) 7 (Core)
[root@hub ~]# cat /boot/grub2/grub.cfg | grep menuentry
if [ x"${feature_menuentry_id}" = xy ]; then
menuentry_id_option="--id"
menuentry_id_option=""
export menuentry_id_option
menuentry 'CentOS Linux (5.4.116-1.el7.elrepo.x86_64) 7 (Core)' --class centos --class gnu-linux --class gnu --class os --unrestricted $menuentry_id_option 'gnulinux-3.10.0-957.el7.x86_64-advanced-3ee9ae23-a36c-4ffd-b36f-6473baf41db7' {
menuentry 'CentOS Linux (3.10.0-957.el7.x86_64) 7 (Core)' --class centos --class gnu-linux --class gnu --class os --unrestricted $menuentry_id_option 'gnulinux-3.10.0-957.el7.x86_64-advanced-3ee9ae23-a36c-4ffd-b36f-6473baf41db7' {
menuentry 'CentOS Linux (0-rescue-398e147a6c18425291ece7dc6ec0c7dc) 7 (Core)' --class centos --class gnu-linux --class gnu --class os --unrestricted $menuentry_id_option 'gnulinux-0-rescue-398e147a6c18425291ece7dc6ec0c7dc-advanced-3ee9ae23-a36c-4ffd-b36f-6473baf41db7' {
[root@hub ~]# grub2-set-default 'CentOS Linux (5.4.116-1.el7.elrepo.x86_64) 7 (Core)'
[root@hub ~]# grub2-editenv list
saved_entry=CentOS Linux (5.4.116-1.el7.elrepo.x86_64) 7 (Core)
[root@hub ~]# reboot
查看内核是否升级成功
Last login: Thu May 6 01:16:13 2021 from 192.168.66.1 [root@hub ~]# [root@hub ~]# uname -r 5.4.116-1.el7.elrepo.x86_64 [root@hub ~]#
安装docker
2.1安装docker软件
[root@hub ~]# yum install -y yum-utils device-mapper-persistent-data lvm2 [root@hub ~]# yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo [root@hub ~]# yum upgrade -y && yum install -y docker-ce
2.2设置docker镜像加速和daemon安全
注:此操作在其余三个节点都要重新设置,需添加一个docker私人的认证
[root@hub ~]# mkdir /etc/docker
[root@hub ~]# cat > /etc/docker/daemon.json <<EOF
> {
> "exec-opts": ["native.cgroupdriver=systemd"],
> "log-driver": "json-file",
> "log-opts": {
> "max-size": "100m"
> },
"insecure-registries": ["https://hub.atguigu.com"]
> }
> EOF
[root@hub ~]#
[root@hub ~]# mkdir -p /etc/systemd/system/docker.service.d
[root@hub ~]# systemctl daemon-reload && systemctl restart docker && systemctl enable docker
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.
2.3 使harbor节点与k8s集群的三个节点互通
[root@k8s-master ~]# echo "192.168.66.100 hub.atguigu.com" >>/etc/hosts [root@k8s-node1 ~]# echo "192.168.66.100 hub.atguigu.com" >>/etc/hosts [root@k8s-node2 ~]# echo "192.168.66.100 hub.atguigu.com" >>/etc/hosts
将harbor节点的daemon认证cp到三个节点
[root@hub ~]# scp /etc/docker/daemon.json k8s-master:/etc/docker/daemon.json [root@hub ~]# scp /etc/docker/daemon.json k8s-node1:/etc/docker/daemon.json [root@hub ~]# scp /etc/docker/daemon.json k8s-node2:/etc/docker/daemon.json
然后分别重启docker
[root@k8s-master ~]# systemctl daemon-reload && systemctl restart docker
2.4添加docker-compose
[root@hub ~]# curl -L https://github.com/docker/compose/releases/download/1.9.0/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose [root@hub ~]# cd /usr/local/bin/ [root@hub bin]# chmod +x docker-compose [root@hub bin]# ls docker-compose
安装harbor
3.1导入harbor的安装包
[root@hub ~]# ls harbor-offline-installer-v1.2.0.tgz [root@hub ~]# tar -xzvf harbor-offline-installer-v1.2.0.tgz
3.2 修改harbor脚本配置文件
[root@hub ~]# mv harbor /usr/local/ [root@hub ~]# cd /usr/local/harbor/ [root@hub harbor]# vim harbor.cfg hostname = hub.atguigu.com ui_url_protocol = https
3.3 harbor证书创建
[root@hub harbor]# mkdir -p /data/cert/ [root@hub harbor]# cd !$ cd /data/cert/
生成私钥
此处输入两次相同的密码
[root@hub cert]# openssl genrsa -des3 -out server.key 2048 Generating RSA private key, 2048 bit long modulus ..................................................................................+++ ............+++ e is 65537 (0x10001) Enter pass phrase for server.key: Verifying - Enter pass phrase for server.key:
生产证书请求
Enter pass phrase for server.key: 输入上一步骤中的密码
[root@hub cert]# openssl req -new -key server.key -out server.csr Enter pass phrase for server.key: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:Bj Locality Name (eg, city) [Default City]:BJ Organization Name (eg, company) [Default Company Ltd]:atguigu Organizational Unit Name (eg, section) []:atguigu Common Name (eg, your name or your server's hostname) []:hub.atguigu.com Email Address []:wangyanglinux@163.com Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []:
备份私钥+退出私钥密码+
[root@hub cert]# cp server.key server.key.org [root@hub cert]# openssl rsa -in server.key.org -out server.key Enter pass phrase for server.key.org: writing RSA key
将证书请求签名生成证书+所有证书赋予权限
[root@hub cert]# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt Signature ok subject=/C=CN/ST=Bj/L=BJ/O=atguigu/OU=atguigu/CN=hub.atguigu.com/emailAddress=wangyanglinux@163.com Getting Private key [root@hub cert]# chmod a+x * [root@hub cert]# ls server.crt server.csr server.key server.key.org
3.4 执行脚本安装harbor
[root@hub cert]# cd - /usr/local/harbor [root@hub harbor]# ls common docker-compose.notary.yml harbor_1_1_0_template harbor.v1.2.0.tar.gz LICENSE prepare docker-compose.clair.yml docker-compose.yml harbor.cfg install.sh NOTICE upgrade [root@hub harbor]# ./install.sh [Step 0]: checking installation environment ... Note: docker version: 20.10.6 Note: docker-compose version: 1.9.0 [Step 1]: loading Harbor images ...
3.5 修改本机上的hosts文件
3.6 访问harbor的web页面
安装完成以后,查看docker运行的容器,然后访问 hub.atguigu.com
[root@hub harbor]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES e3c3b6ef277e vmware/harbor-jobservice:v1.2.0 "/harbor/harbor_jobs…" 5 minutes ago Up 5 minutes harbor-jobservice 81cb93eff75d vmware/nginx-photon:1.11.13 "nginx -g 'daemon of…" 5 minutes ago Up 5 minutes 0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp, 0.0.0.0:4443->4443/tcp, :::4443->4443/tcp nginx 25bf5d9cec46 vmware/harbor-ui:v1.2.0 "/harbor/harbor_ui" 5 minutes ago Up 5 minutes harbor-ui d7cca953bae8 vmware/harbor-adminserver:v1.2.0 "/harbor/harbor_admi…" 5 minutes ago Up 5 minutes harbor-adminserver d4f7f19896af vmware/harbor-db:v1.2.0 "docker-entrypoint.s…" 5 minutes ago Up 5 minutes 3306/tcp harbor-db 7e7e12c4d3d7 vmware/registry:2.6.2-photon "/entrypoint.sh serv…" 5 minutes ago Up 5 minutes 5000/tcp registry e9dce126f215 vmware/harbor-log:v1.2.0 "/bin/sh -c 'crond &…" 5 minutes ago Up 5 minutes 127.0.0.1:1514->514/tcp harbor-log
浏览器访问:https://hub.atguigu.com
admin
Harbor12345
3.7 镜像测试
在node1节点进行测试:
[root@k8s-node1 ~]# docker login https://hub.atguigu.com Username: admin Password: Harbor12345 WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded
拉取镜像测试:
[root@k8s-node1 ~]# docker pull wangyanglinux/myapp:v1 v1: Pulling from wangyanglinux/myapp 550fe1bea624: Pull complete af3988949040: Pull complete d6642feac728: Pull complete c20f0a205eaa: Pull complete fe78b5db7c4e: Pull complete 6565e38e67fe: Pull complete Digest: sha256:9c3dc30b5219788b2b8a4b065f548b922a34479577befb54b03330999d30d513 Status: Downloaded newer image for wangyanglinux/myapp:v1 docker.io/wangyanglinux/myapp:v1 [root@k8s-node1 ~]# docker images |grep myapp wangyanglinux/myapp v1 d4a5e0eaa84f 3 years ago 15.5MB
重新打标+上传到harbor
[root@k8s-node1 ~]# docker tag wangyanglinux/myapp:v1 hub.atguigu.com/library/myapp:v1 [root@k8s-node1 ~]# docker images |grep myapp wangyanglinux/myapp v1 d4a5e0eaa84f 3 years ago 15.5MB hub.atguigu.com/library/myapp v1 d4a5e0eaa84f 3 years ago 15.5MB [root@k8s-node1 ~]# docker push hub.atguigu.com/library/myapp:v1 The push refers to repository [hub.atguigu.com/library/myapp] a0d2c4392b06: Pushed 05a9e65e2d53: Pushed 68695a6cfd7d: Pushed c1dc81a64903: Pushed 8460a579ab63: Pushed d39d92664027: Pushed v1: digest: sha256:9eeca44ba2d410e54fccc54cbe9c021802aa8b9836a0bcf3d3229354e4c8870e size: 1569 [root@k8s-node1 ~]#
刷新后即可看到私有仓里有镜像存在
3.8 启动pod测试镜像是否可用
先将node节点中的myapp镜像删除,才可检验是否能够自行拉取私有仓中的镜像
[root@k8s-node1 ~]# docker rmi -f hub.atguigu.com/library/myapp:v1 Untagged: hub.atguigu.com/library/myapp:v1 Untagged: hub.atguigu.com/library/myapp@sha256:9eeca44ba2d410e54fccc54cbe9c021802aa8b9836a0bcf3d3229354e4c8870e [root@k8s-node1 ~]# docker rmi -f wangyanglinux/myapp:v1 Untagged: wangyanglinux/myapp:v1 Untagged: wangyanglinux/myapp@sha256:9c3dc30b5219788b2b8a4b065f548b922a34479577befb54b03330999d30d513 Deleted: sha256:d4a5e0eaa84f28550cb9dd1bde4bfe63a93e3cf88886aa5dad52c9a75dd0e6a9 Deleted: sha256:bf5594a16c1ff32ffe64a68a92ebade1080641f608d299170a2ae403f08764e7 Deleted: sha256:b74f3c20dd90bf6ead520265073c4946461baaa168176424ea7aea1bc7f08c1f Deleted: sha256:8943f94f7db615e453fa88694440f76d65927fa18c6bf69f32ebc9419bfcc04a Deleted: sha256:2020231862738f8ad677bb75020d1dfa34159ad95eef10e790839174bb908908 Deleted: sha256:49757da6049113b08246e77f770f49b1d50bb97c93f19d2eeae62b485b46e489 Deleted: sha256:d39d92664027be502c35cf1bf464c726d15b8ead0e3084be6e252a161730bc82 [root@k8s-node1 ~]# docker images |grep myapp [root@k8s-node1 ~]#
运行一个deployment测试是否成功
[root@k8s-master ~]# kubectl run nginx-deployment --image=hub.atguigu.com/library/myapp:v1 --port=80 --replicas=1 kubectl run --generator=deployment/apps.v1 is DEPRECATED and will be removed in a future version. Use kubectl run --generator=run-pod/v1 or kubectl create instead. deployment.apps/nginx-deployment created [root@k8s-master ~]# kubectl get deployment NAME READY UP-TO-DATE AVAILABLE AGE nginx-deployment 1/1 1 1 13s [root@k8s-master ~]# kubectl get pod NAME READY STATUS RESTARTS AGE nginx-deployment-85756b779-jnw8m 1/1 Running 0 16s [root@k8s-master ~]#
运行成功后查看harbor页面中的下载次数已变为2
到此harbor私有仓已搭建完成!!!
这篇关于Linux搭建kubernetes集群_v1.15.1版(非高可用)+Harbor私有仓库搭建(二)的文章就介绍到这儿,希望我们推荐的文章对大家有所帮助,也希望大家多多支持为之网!
- 2024-11-15在Kubernetes (k8s) 中搭建三台 Nginx 服务器怎么实现?-icode9专业技术文章分享
- 2024-11-05基于Kubernetes的自定义AWS云平台搭建指南
- 2024-11-05基于Kubernetes Gateway API的现代流量管理方案
- 2024-11-05在Kubernetes上部署你的第一个应用:Nginx服务器
- 2024-11-05利用拓扑感知路由控制Kubernetes中的流量
- 2024-11-05Kubernetes中的层次命名空间:更灵活的资源管理方案
- 2024-11-055分钟上手 Kubernetes:精简实用的 Kubectl 命令速查宝典!
- 2024-10-30K8s 容器的定向调度与亲和性
- 2024-10-28云原生周刊:K8s未来三大发展方向 丨2024.10.28
- 2024-10-25亚马逊弹性Kubernetes服务(EKS)实战:轻松搭建Kubernetes平台
