K8S安装部署

一、准备工作

在vmware中安装,创建三台centos服务器

主机 ip 配置
master 192.168.42.188 4核,6g内存,40g硬盘
node1 192.168.42.189 2核,2g内存,20g硬盘
node2 192.168.42.190 2核,2g内存,20g硬盘

二、环境配置

1、修改hosts配置(所有节点执行)

vim /etc/hosts
192.168.42.188 master
192.168.42.189 node1
192.168.42.190 node2

2、配置ssh免密登录(master节点)

先生成密钥,再复制到所有节点

ssh-keygen
ssh-copy-id master
ssh-copy-id node1
ssh-copy-id node2

#测试连接

ssh node1

3、关闭swap分区(所有节点执行)

kubelet要求必须禁用交换分区,所以kubeadm初始化时回检测swap是否关闭,如果没有关闭会报错,如果不想关闭安装时命令行可以指定
-ignore-preflight-errors=Swap,关闭Swap分区在所有节点上执行如下命令:

#临时关闭
swapoff -a
#永久关闭
echo vm.swappiness = 0 >> /etc/sysctl.conf
sysctl -p

#我在虚拟机中重启后状态仍然是开启,不知道是什么原因,没有影响流程,就没有继续查下去

4、关闭防火墙(所有节点执行)

systemctl disable firewalld
systemctl stop firewalld

5、修改内核参数(所有节点执行)

modprobe br_netfilter
 
echo "modprobe br_netfilter" >> /etc/profile
 
tee /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
 

#重新加载配置

sysctl -p /etc/sysctl.d/k8s.conf

6、配置集群时间同步(所有节点执行)

#安装日期插件
yum install -y ntp ntpdate
 
ntpdate cn.pool.ntp.org
 
systemctl start ntpd
systemctl enable ntpd

7、配置k8s的yum源(所有节点执行)

这里配置k8s的aliyun源

vim /etc/yum.repos.d/kubernetes.repo
#将以下内容复制进去
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=0

三、安装docker

1、先卸载docker(所有节点执行)

yum remove docker \
                  docker-client \
                  docker-client-latest \
                  docker-common \
                  docker-latest \
                  docker-latest-logrotate \
                  docker-logrotate

2、配置yum仓库(所有节点执行)

配置阿里云的yum仓库地址,默认国外的下载速度比较慢

yum install -y yum-utils \
  device-mapper-persistent-data \
  lvm2
 
yum-config-manager \
    --add-repo \
    https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

3、安装docker(所有节点执行)

yum install docker-ce-20.10.9-3.el7 docker-ce-cli-20.10.9-3.el7 docker-compose-plugin containerd.io
 
#启动docker
systemctl start docker
 
#设置开机自启
systemctl enable docker
 
#验证安装
docker -v
 
配置阿里云镜像加速器
cat > /etc/docker/daemon.json << EOF
{
  "registry-mirrors": ["https://p59n3y39.mirror.aliyuncs.com"]
}
> EOF
 重新加载并重启
sudo systemctl daemon-reload
sudo systemctl restart docke

四、安装k8s

1、安装三大组件-kubeadm、kubelet、kubectl(所有节点执行)

kubeadm:用来初始化k8s集群的指令。
kubelet:在集群的每个节点上用来启动 Pod 和容器等。
kubectl:用来与k8s集群通信的命令行工具,查看、创建、更新和删除各种资源。

yum install -y kubelet-1.23.17 kubeadm-1.23.17 kubectl-1.23.17

所有节点设置开机自启

systemctl enable kubelet

2、添加主节点hosts(所有节点添加)

echo "192.168.42.188 cluster-endpoint" >> /etc/hosts

3、初始化k8s集群(master节点)

kubeadm init \
--apiserver-advertise-address=192.168.199.128 \
--control-plane-endpoint=cluster-endpoint \
--image-repository  registry.cn-hangzhou.aliyuncs.com/google_containers \
--kubernetes-version v1.23.17 \
--service-cidr=10.96.0.0/12 \
--pod-network-cidr=172.20.0.0/16

成功界面

Your Kubernetes control-plane has initialized successfully!
 
To start using your cluster, you need to run the following as a regular user:
 
  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config
 
Alternatively, if you are the root user, you can run:
 
  export KUBECONFIG=/etc/kubernetes/admin.conf
 
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/
 
Then you can join any number of worker nodes by running the following on each as root:
 
kubeadm join cluster-endpoint:6443 --token e8enii.joiejbe3xoj6v9mt \
        --discovery-token-ca-cert-hash sha256:5756518626710f38bc3b7d4a405990c6274b513628467df94d1aa0a5c5b6f196

4、加入节点(所有node节点)

kubeadm join cluster-endpoint:6443 --token e8enii.joiejbe3xoj6v9mt \
        --discovery-token-ca-cert-hash sha256:5756518626710f38bc3b7d4a405990c6274b513628467df94d1aa0a5c5b6f196

查看token列表,可观察到每个token的剩余有效时间

TOKEN                     TTL         EXPIRES                USAGES                   DESCRIPTION                                                EXTRA GROUPS
p2hjar.gvqyz2ip3nqyac2c   23h         2024-09-01T08:56:31Z   authentication,signing                                                        system:bootstrappers:kubeadm:default-node-token

默认token有效期为24小时,过期之后token失效,可重新生成token

kubeadm token create --print-join-command

五、安装网络插件Calico(所有节点执行)

下载calico.yml保存

curl https://docs.projectcalico.org/v3.15/manifests/calico.yaml -O

修改配置

3727行             - name: CALICO_IPV4POOL_CIDR
3728行               value: "172.20.0.0/16"

安装至kubectl

kubectl apply -f calico.yaml

验证是否成功

kubectl get pod -A | grep calico

六、安装kuboard图形化工具(master节点)

1、下载kuboard插件

curl https://addons.kuboard.cn/kuboard/kuboard-v3.yaml -O

2、安装kuboard

kubectl apply -f kuboard-v3.yaml

查询安装状态

[root@master soft]# kubectl get pods -n kuboard
NAME                                   READY   STATUS    RESTARTS           AGE
kuboard-agent-2-65fdb5df8b-27chx       1/1     Running   13                 26d
kuboard-agent-57ffc5f966-8nnbd         1/1     Running   13                 26d
kuboard-etcd-xtzrb                     1/1     Running   6                  26d
kuboard-loki-0                         1/1     Running   2 (2d ago)         22d
kuboard-loki-grafana-f78869978-qq9kp   1/1     Running   2 (2d ago)         22d
kuboard-promtail-85227                 1/1     Running   5                  22d
kuboard-promtail-kv8b9                 1/1     Running   2 (2d ago)         22d
kuboard-promtail-xhh8z                 1/1     Running   2 (2d ago)         22d
kuboard-pv-browser-cq6v8               2/2     Running   2782 (4m35s ago)   26d
kuboard-pv-browser-xljll               2/2     Running   2776 (2m19s ago)   26d
kuboard-pv-browser-xtpfx               2/2     Running   2779 (4m35s ago)   26d
kuboard-questdb-78d884c786-nrb99       1/1     Running   6                  26d
kuboard-v3-56b4b954c9-zwhtc            1/1     Running   6                  26d

七、安装jenkins(master节点)

1、文件授权

cd /var/run
 
#修改docker.sock 文件所属组
chown root:root docker.sock
 
#修改权限
chmod o+rw docker.sock

2、配置Jenkins挂载目录

mkdir -p /home/jenkins/jenkins_mount
chmod 777 /home/jenkins/jenkins_mount

3、编写docker-compose.yml文件

vim docker-compose.yml
 
#设置容器外访问端口8085
 
version: '3.1'
services:
  jenkins:
    image: jenkins/jenkins
    privileged: true
    user: root
    ports:
      - 8085:8080
      - 50000:50000
    container_name: jy_jenkins
    volumes:
      - /home/jenkins/jenkins_mount:/var/jenkins_home
      - /etc/localtime:/etc/localtime
      - /var/run/docker.sock:/var/run/docker.sock
      - /usr/bin/docker:/usr/bin/docker
      - /etc/docker/daemon.json:/etc/docker/daemon.json

4、启动compose

docker compose up -d

5、配置镜像加速

[root@master jenkins_mount]# pwd
/home/jenkins/jenkins_mount
修改挂载目录的hudson.model.UpdateCenter.xml文件 添加清华源加速



  
    default
    https://mirrors.tuna.tsinghua.edu.cn/jenkins/updates/update-center.json
  

6、获取Jenkins登录密码

cat /home/jenkins/jenkins_mount/secrets/initialAdminPassword
 
710f38bc3b7d4a405990c6274b513628467df94d1aa0a5

7、升级jenkins

下载jenkins的war包

wget https://mirrors.tuna.tsinghua.edu.cn/jenkins/war-stable/latest/jenkins.war
然后停止jenkins容器,记得是停止!

查找jenkins服务
docker ps -a|grep jenkins
 
docker stop 
 
执行docker cp命令,将war拉取到jenkins容器内
 
docker cp jenkins.war :/usr/share/jenkins/jenkins.war
 
再启动容器
 
docker start 

8、登录jenkins

账号是:admin 密码是:710f38bc3b7d4a405990c6274b513628467df94d1aa0a5

选择安装推荐的插件就可以了

9、下载插件

系统管理->插件管理->Available plugins

搜索插件安装

Git Parameter Plug-In
Publish Over SSH

10、将jdk和maven 上传到挂载目录并解压

修改maven仓库地址

添加阿里云镜像地址


 	
        alimaven
        aliyun maven
        https://maven.aliyun.com/repository/public/
        central
    
 
添加jdk8编译

  
    jdk8
    
        true
        1.8
    
    
        1.8
        1.8
        1.8
    
 

激活profile

    jdk8
 

11、进入jenkins容器

docker ps -a|grep jenkins
 
#进入容器
docker exec -it  bash
 
root@26a9d00b6a4c:/var/jenkins_home/apache-maven-3.9.6# pwd
/var/jenkins_home/apache-maven-3.9.6

12、在jenkins的全局配置中配置jdk和maven

13、在系统管理->系统配置修改publish over SSH

14、配置服务器无密码连接jenkins容器

# 进入jenkins容器
docker exec -it b5a49147b7f5 bash
# 创建密钥对,一路默认回车
ssh-keygen
#复制密钥
cat ~/.ssh/id_rsa.pub

在master服务器中添加密钥

cd /root
mkdir .ssh
cd .ssh
#将密钥拷贝进去
vim authorized_keys

八、安装harbor(master节点)

1、下载harbor

#wget下载不了的话,下载后上传到服务器
wget https://github.com/goharbor/harbor/releases/download/v2.10.0/harbor-offline-installer-v2.10.0.tgz

2、解压

tar -xzvf harbor-offline-installer-v2.10.0.tgz
#进入目录
cd ./harbor

3、修改harbor.yml配置

vim harbor.yml
 设置hostname地址,端口,密码

注释掉https模块,不然保存ERROR:root:Error: The protocol is https but attribute ssl_cert is not set

4、执行安装

./prepare
./install.sh

安装完成

你可能感兴趣的:(kubernetes,linux,容器)