Linux学习-基于kubeadm部署Kubernetes

资源下载

资源文件里面包含有kubenetes安装时所需要的包和镜像文件(网络插件)，先下载资源解压

部署Harbor

安装docker

# 1: 安装必要的一些系统工具
yum install -y yum-utils device-mapper-persistent-data lvm2
# 2: 添加软件源信息
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
# 3: 更新并安装Docker-CE
dnf makecache fast
[root@harbor ~]# dnf install -y docker-ce docker-compose-plugin
# 4:启动docker服务并开机自启
[root@harbor ~]# systemctl enable --now docker

创建https证书

# 导入 harbor 项目镜像
[root@harbor ~]# tar -zxf harbor-v2.7.0.tgz -C /usr/local/
[root@harbor ~]# cd /usr/local/harbor
[root@harbor harbor]# docker load -i harbor.v2.7.0.tar.gz
# 创建 https 证书
[root@harbor harbor]# mkdir tls
[root@harbor harbor]# openssl genrsa -out tls/cert.key 2048
[root@harbor harbor]# openssl req -new -x509 -days 3650 \
                         -key tls/cert.key -out tls/cert.crt \
                         -subj "/C=CN/ST=BJ/L=BJ/O=Tedu/OU=NSD/CN=harbor"

创建并启动项目

# 修改配置文件
[root@harbor harbor]# cp harbor.yml.tmpl harbor.yml
[root@harbor harbor]# vim harbor.yml
05:    hostname: harbor
08:    # http:
10:      # port: 80
17:    certificate: /usr/local/harbor/tls/cert.crt
18:    private_key: /usr/local/harbor/tls/cert.key
34:    harbor_admin_password: admin123

# 预安装环境检查，生成项目文件
[root@harbor harbor]# /usr/local/harbor/prepare
# 创建并启动项目
[root@harbor harbor]# docker compose -f docker-compose.yml up -d
# 添加开机自启动
[root@harbor harbor]# chmod 0755 /etc/rc.d/rc.local
[root@harbor harbor]# echo "/usr/bin/docker compose -p harbor start" >>/etc/rc.d/rc.local

查看验证项目

# 查看项目
[root@harbor harbor]# docker compose ls
NAME                STATUS              CONFIG FILES
harbor              running(9)          /usr/local/harbor/docker-compose.yml
# 查看容器状态
[root@harbor harbor]# docker compose -p harbor ps
NAME                COMMAND                  SERVICE       STATUS
harbor-core         "/harbor/entrypoint.…"   core          running (healthy)
harbor-db           "/docker-entrypoint.…"   postgresql    running (healthy)
harbor-jobservice   "/harbor/entrypoint.…"   jobservice    running (healthy)
harbor-log          "/bin/sh -c /usr/loc…"   log           running (healthy)
harbor-portal       "nginx -g 'daemon of…"   portal        running (healthy)
nginx               "nginx -g 'daemon of…"   proxy         running (healthy)
redis               "redis-server /etc/r…"   redis         running (healthy)
registry            "/home/harbor/entryp…"   registry      running (healthy)
registryctl         "/home/harbor/start.…"   registryctl   running (healthy)

登录私有仓库

# 添加主机配置
[root@docker ~]# vim /etc/hosts
192.168.88.30    harbor
# 添加私有仓库配置
[root@docker ~]# vim /etc/docker/daemon.json
{
    "registry-mirrors": ["https://harbor:443"],
    "insecure-registries":["harbor:443"]
}
[root@docker ~]# systemctl restart docker
# 登录 harbor 仓库
[root@docker ~]# docker login harbor:443
Username: luck
Password: ********
... ...
Login Succeeded
# 认证信息记录文件
[root@docker ~]# cat /root/.docker/config.json 
{
    "auths": {
        "harbor:443": {
            "auth": "bHVjazoqKioqKioqKg=="
        }
    }
}

配置软件仓库

# 在harbor主机上创建一个http的yum仓库源，将下载的kubernetes目录中packages目录中的文件同步,在master和node节点上都需要配置此yum源
[root@harbor s4]# rsync -av docker/ /var/www/html/docker/
[root@harbor s4]# rsync -av kubernetes/packages/ /var/www/html/k8s/
[root@harbor s4]# createrepo --update /var/www/html/