1、摆设harbor https认证实战
1.1 安装docker
(1)下载docker的rpm包
- [root@harbor.oldboyedu.com ~]# yum -y install wget
- [root@harbor.oldboyedu.com ~]# wget http://192.168.15.253/Kubernetes/Day01-/softwares/oldboyedu-docker-ce-23_0_1.tar.gz
- [root@harbor.oldboyedu.com ~]# tar xf oldboyedu-docker-ce-23_0_1.tar.gz
- [root@harbor.oldboyedu.com ~]# yum -y localinstall oldboyedu-docker-ce-23_0_1/*.rpm
- [root@harbor.oldboyedu.com ~]# yum -y install bash-completion
- [root@harbor.oldboyedu.com ~]# source /usr/share/bash-completion/bash_completion
- mkdir -p /etc/docker
- tee /etc/docker/daemon.json <<-'EOF'
- {
- "registry-mirrors": ["https://tuv7rqqq.mirror.aliyuncs.com"]
- }
- EOF
- systemctl daemon-reload
- systemctl restart docker
- [root@harbor.oldboyedu.com ~]# docker info | grep "Registry Mirrors" -A 1
- Registry Mirrors:
- https://tuv7rqqq.mirror.aliyuncs.com/
- [root@harbor.oldboyedu.com ~]# systemctl enable --now docker
- Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.
(1)添加epel源
- [root@harbor.oldboyedu.com ~]# curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
- [root@harbor.oldboyedu.com ~]# yum -y install docker-compose
- [root@harbor.oldboyedu.com ~]# docker-compose version
- docker-compose version 1.18.0, build 8dd22a9
- docker-py version: 2.6.1
- CPython version: 3.6.8
- OpenSSL version: OpenSSL 1.0.2k-fips 26 Jan 2017
(1)下载harbor软件包
- [root@harbor.oldboyedu.com ~]# wget http://192.168.15.253/Kubernetes/Day01-/softwares/harbor-offline-installer-v1.10.10.tgz
- [root@harbor.oldboyedu.com ~]# mkdir -pv /oldboyedu/softwares
- [root@harbor.oldboyedu.com ~]# tar xf harbor-offline-installer-v1.10.10.tgz -C /oldboyedu/softwares/
- [root@harbor.oldboyedu.com ~]# mkdir -pv /oldboyedu/softwares
- /harbor/certs/{ca,server,client}
- # 5.1 进入证书目录
- [root@harbor.oldboyedu.com ~]# cd /oldboyedu/softwares/harbor/certs/
- # 5.2 生成CA私钥
- [root@harbor.oldboyedu.com certs]# openssl genrsa -out ca/ca.key 4096
- # 5.3 生成ca的自签名证书
- [root@harbor.oldboyedu.com certs]# openssl req -x509 -new -nodes -sha512 -days 3650 \
- -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=oldboyedu.com" \
- -key ca/ca.key \
- -out ca/ca.crt
- # 6.1 生成harbor主机的私钥
- [root@harbor.oldboyedu.com certs]# openssl genrsa -out server/harbor.oldboyedu.com.key 4096
- # 6.2 生成harbor主机的证书申请
- [root@harbor.oldboyedu.com certs]# openssl req -sha512 -new \
- -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=harbor.oldboyedu.com" \
- -key server/harbor.oldboyedu.com.key \
- -out server/harbor.oldboyedu.com.csr
-
- # 6.3 生成x509 v3扩展文件
- [root@harbor.oldboyedu.com certs]# cat > v3.ext <<-EOF
- authorityKeyIdentifier=keyid,issuer
- basicConstraints=CA:FALSE
- keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
- extendedKeyUsage = serverAuth
- subjectAltName = @alt_names
- [alt_names]
- DNS.1=oldboyedu.com
- DNS.2=oldboyedu
- DNS.3=harbor.oldboyedu.com
- EOF
- # 6.4 使用"v3.ext"给harbor主机签发证书
- [root@harbor.oldboyedu.com certs]# openssl x509 -req -sha512 -days 3650 \
- -extfile v3.ext \
- -CA ca/ca.crt -CAkey ca/ca.key -CAcreateserial \
- -in server/harbor.oldboyedu.com.csr \
- -out server/harbor.oldboyedu.com.crt
-
- # 6.5 将crt文件转换为cert客户端证书文件
- [root@harbor.oldboyedu.com certs]# openssl x509 -inform PEM -in server/harbor.oldboyedu.com.crt -out server/harbor.oldboyedu.com.cert
- # 6.6 准备docker客户端证书
- [root@harbor.oldboyedu.com certs]# cp server/harbor.oldboyedu.com.{cert,key} client/
- [root@harbor.oldboyedu.com certs]# cp ca/ca.crt client/
- [root@harbor.oldboyedu.com certs]# ll client/
- total 12
- -rw-r--r-- 1 root root 2033 Apr 12 10:09 ca.crt
- -rw-r--r-- 1 root root 2122 Apr 12 10:09 harbor.oldboyedu.com.cert
- -rw-r--r-- 1 root root 3247 Apr 12 10:09 harbor.oldboyedu.com.key
- # 6.7 查看所有证书文件结果
- [root@harbor.oldboyedu.com certs]# ll -R
- .:
- total 4
- drwxr-xr-x 2 root root 48 Apr 12 09:46 ca
- drwxr-xr-x 2 root root 85 Apr 12 10:09 client
- drwxr-xr-x 2 root root 135 Apr 12 09:47 server
- -rw-r--r-- 1 root root 275 Apr 12 09:45 v3.ext
- ./ca:
- total 12
- -rw-r--r-- 1 root root 2033 Apr 12 09:41 ca.crt
- -rw-r--r-- 1 root root 3243 Apr 12 09:40 ca.key
- -rw-r--r-- 1 root root 17 Apr 12 09:46 ca.srl
- ./client:
- total 12
- -rw-r--r-- 1 root root 2033 Apr 12 10:09 ca.crt
- -rw-r--r-- 1 root root 2122 Apr 12 10:09 harbor.oldboyedu.com.cert
- -rw-r--r-- 1 root root 3247 Apr 12 10:09 harbor.oldboyedu.com.key
- ./server:
- total 16
- -rw-r--r-- 1 root root 2122 Apr 12 09:47 harbor.oldboyedu.com.cert
- -rw-r--r-- 1 root root 2122 Apr 12 09:46 harbor.oldboyedu.com.crt
- -rw-r--r-- 1 root root 1716 Apr 12 09:44 harbor.oldboyedu.com.csr
- -rw-r--r-- 1 root root 3247 Apr 12 09:43 harbor.oldboyedu.com.key
- # 7.1 切换工作目录
- [root@harbor.oldboyedu.com certs]# cd ..
- [root@harbor.oldboyedu.com harbor]# pwd
- /oldboyedu/softwares/harbor
- # 7.2 修改配置文件
- [root@harbor.oldboyedu.com harbor]# echo alias yy=\'egrep -v "\^.*#\|\^\$"\' >> /root/.bashrc
- [root@harbor.oldboyedu.com harbor]# source /root/.bashrc
- [root@harbor.oldboyedu.com harbor]# yy harbor.yml
- hostname: harbor.oldboyedu.com
- ...
- https:
- port: 443
- certificate: /oldboyedu/softwares/harbor/certs/server/harbor.oldboyedu.com.crt
- private_key: /oldboyedu/softwares/harbor/certs/server/harbor.oldboyedu.com.key
- harbor_admin_password: 1
- ...
- [root@harbor.oldboyedu.com harbor]# ./install.sh
- # 9.1 windows配置主机解析
- # C:\Windows\System32\drivers\etc\hosts
- ...
- 10.0.0.250 harbor.oldboyedu.com
- # 9.2 浏览器访问
- https://harbor.oldboyedu.com
- # 10.1 配置地址解析
- [root@harbor.oldboyedu.com ~]# echo 10.0.0.250 harbor.oldboyedu.com >> /etc/hosts
- # 10.2 在docker客户端节点创建自签证书域名存放路径
- [root@harbor.oldboyedu.com ~]# mkdir -pv /etc/docker/certs.d/harbor.oldboyedu.com
- # 10.3 服务端将证书文件拷贝到客户端docker节点,若不执行该操作,则会报错"x509: certificate signed by unknown authority"
- [root@harbor.oldboyedu.com ~]# cp /oldboyedu/softwares/harbor/certs/client/* /etc/docker/certs.d/harbor.oldboyedu.com/
- [root@harbor.oldboyedu.com ~]# ll /etc/docker/certs.d/harbor.oldboyedu.com/
- total 12
- -rw-r--r-- 1 root root 2033 Apr 12 10:11 ca.crt
- -rw-r--r-- 1 root root 2122 Apr 12 10:11 harbor.oldboyedu.com.cert
- -rw-r--r-- 1 root root 3247 Apr 12 10:11 harbor.oldboyedu.com.key
- # 10.4 登录验证
- [root@harbor.oldboyedu.com ~]# docker login -u admin -p 1 harbor.oldboyedu.com
- WARNING! Using --password via the CLI is insecure. Use --password-stdin.
- WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
- Configure a credential helper to remove this warning. See
- https://docs.docker.com/engine/reference/commandline/login/#credentials-store
- Login Succeeded
- # 10.5 退出登录
- [root@harbor.oldboyedu.com ~]# more /root/.docker/config.json
- {
- "auths": {
- "harbor.oldboyedu.com": {
- "auth": "YWRtaW46MQ=="
- }
- }
- }
- [root@harbor.oldboyedu.com ~]# echo YWRtaW46MQ==
- YWRtaW46MQ==
- [root@harbor.oldboyedu.com ~]# echo YWRtaW46MQ== | base64 -d | more
- admin:1
-
- [root@harbor.oldboyedu.com ~]# docker logout harbor.oldboyedu.com
- Removing login credentials for harbor.oldboyedu.com
- [root@harbor.oldboyedu.com ~]# more /root/.docker/config.json
- {
- "auths": {}
- }
2、Docker简介
- 2013年docker开源。
- 2014年Google关注了docker,容器编排工具Kubernetes(简称K8S)。
- - 可以原生支持docker编排,解决docker编排问题
- - 以集群方式工作;
- 2014-03:
- 2014-06: 发布版本... k8s采用Golang语言研发。
- docker inc ---> 201406 ----> docker swarm
- ----> docker machine
- ----> docker compose
- 2014 ---> coreOS ---> rkt
- ----> rkt ---> k8s
- 2014 ---> K8S ----> CNCF组织。 Google,RedHat,.....
- 2017.12 ----> 白热化 ----> Google 占用市场70% + docker swarm 不足20% + 其他编排工具....
- ---> coreOS ---> 2018.01 ---> RedHat收购。
- ---> RedHat ---> 2019. ---> IBM收购。
- ---> docker inc ---> Mirantis ----> 2019收购,对docker swarm最少支持2年+,但是重心放在kubernetes。
Kubernetes集群架构图解
CRI:
Container Runtime Interface
符合CRI的接口的容器均可以运行在K8S集群上。
CNI:
Container Network Interface
使得多个K8S集群节点的容器实现网络互通。
3、kubernetes集群摆设方式
目前生产环境摆设kubernetes集群重要由两种方式:
- - kubeadm:
- kubeadm是一个K8S部署工具,提供kubeadm init和kubejoin,用于快速部署kubernetes集群。
- 你可以使用kubeadm工具来创建和管理Kubernetes集群,适合在生产环境部署。
- 该工具能够执行必要的动作并用一种用户友好的方式启动一个可用的、安全的集群。
- 推荐阅读:
- https://kubernetes.io/zh/docs/setup/production-environment/tools/kubeadm/
- https://kubernetes.io/zh/docs/setup/production-environment/tools/kubeadm/install-kubeadm/
- https://kubernetes.io/zh/docs/setup/production-environment/tools/kubeadm/create-cluster-kubeadm/
- - 二进制部署:
- 从GitHub下载发行版的二进制包,手动部署每个组件,组成kubernetes集群。
-
- 除了上述介绍的两种方式部署外,还有其他部署方式的途径:
- - yum:
- 已废弃,目前支持的最新版本为2017年发行的1.5.2版本。
- - kind安装:
- kind让你能够在本地计算机上运行Kubernetes。 kind要求你安装并配置好Docker。
- 推荐阅读:
- https://kind.sigs.k8s.io/docs/user/quick-start/
- - minikube:
- 适合开发环境,能够快速在Windows或者Linux构建K8S集群。
- 参考链接:
- https://minikube.sigs.k8s.io/docs/
- - rancher:
- 基于K8S改进发行了轻量级K8S,让K3S孕育而生。
- 参考链接:
- https://www.rancher.com/
- - KubeSphere:
- 青云科技基于开源KubeSphere快速部署K8S集群。
- 参考链接:
- https://kubesphere.com.cn
- - kuboard:
- 也是对k8s进行二次开发的产品,新增了很多独有的功能。
- 参考链接:
- https://kuboard.cn/
- - kubeasz:
- 使用ansible部署,扩容,缩容kubernetes集群,安装步骤官方文档已经非常详细了。
- 参考链接:
- https://github.com/easzlab/kubeasz/
- - 第三方云厂商:
- 比如aws,阿里云,腾讯云,京东云等云厂商均有K8S的相关SAAS产品。
- - 更多的第三方部署工具:
- 参考链接:
- https://landscape.cncf.io/
4、K8S全部节点环境准备
(1)虚拟机操作系统环境准备
参考链接:
https://kubernetes.io/zh/docs/setup/production-environment/tools/kubeadm/install-kubeadm/
(2)关闭swap分区
- # 2.1 临时关闭
- swapoff -a && sysctl -w vm.swappiness=0
- # 2.2 基于配置文件关闭
- sed -ri '/^[^#]*swap/s@^@#@' /etc/fstab
- ifconfig eth0 | grep ether | awk '{print $2}'
- cat /sys/class/dmi/id/product_uuid
- 温馨提示:
- 一般来讲,硬件设备会拥有唯一的地址,但是有些虚拟机的地址可能会重复。
- Kubernetes使用这些值来唯一确定集群中的节点。 如果这些值在每个节点上不唯一,可能会导致安装失败。
- 简而言之,就是检查你的k8s集群各节点是否互通,可以使用ping命令来测试。
- cat <<EOF | tee /etc/modules-load.d/k8s.conf
- br_netfilter
- EOF
- cat <<EOF | tee /etc/sysctl.d/k8s.conf
- net.bridge.bridge-nf-call-ip6tables = 1
- net.bridge.bridge-nf-call-iptables = 1
- EOF
- sysctl --system
- 参考链接: https://kubernetes.io/zh/docs/reference/ports-and-protocols/
- 参考链接:
- https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.15.md#unchanged
-
- # 7.1 配置docker源
- curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
- curl -o /etc/yum.repos.d/docker-ce.repo https://download.docker.com/linux/centos/docker-ce.repo
- yum install -y yum-utils device-mapper-persistent-data lvm2
- yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
- sed -i 's+download.docker.com+mirrors.tuna.tsinghua.edu.cn/docker-ce+' /etc/yum.repos.d/docker-ce.repo
- yum list docker-ce --showduplicates
- # 7.2 安装指定的docker版本
- yum -y install docker-ce-20.10.24 docker-ce-cli-20.10.24
- yum -y install bash-completion
- source /usr/share/bash-completion/bash_completion
- 注意,如果网速慢的小伙伴,可以直接使用我下载好的软件包,执行操作如下:
- curl -o oldboyedu-docker-rpm-20_10_24.tar.gz http://192.168.15.253/Kubernetes/Day01-/softwares/oldboyedu-docker-rpm-20_10_24.tar.gz
- tar xf oldboyedu-docker-rpm-20_10_24.tar.gz && yum -y localinstall oldboyedu-docker-rpm-20.10/*.rpm && rm -rf oldboyedu-docker-rpm-20*
- # 7.3 配置docker优化
- mkdir -pv /etc/docker && cat <<EOF | tee /etc/docker/daemon.json
- {
- "registry-mirrors": ["https://tuv7rqqq.mirror.aliyuncs.com"],
- "exec-opts": ["native.cgroupdriver=systemd"]
- }
- EOF
- # 7.4 将harbor服务器的客户端证书拷贝到k8s集群 *****
- # 7.4.1 k8s所有节点创建自建证书目录
- mkdir -pv /etc/docker/certs.d/harbor.oldboyedu.com
- # 7.4.2 登录harbor服务器将自建证书拷贝到K8S集群的所有节点
- [root@harbor.oldboyedu.com ~]# scp /oldboyedu/softwares/harbor/certs/client/* 10.0.0.231:/etc/docker/certs.d/harbor.oldboyedu.com
- [root@harbor.oldboyedu.com ~]# scp /oldboyedu/softwares/harbor/certs/client/* 10.0.0.232:/etc/docker/certs.d/harbor.oldboyedu.com
- [root@harbor.oldboyedu.com ~]# scp /oldboyedu/softwares/harbor/certs/client/* 10.0.0.233:/etc/docker/certs.d/harbor.oldboyedu.com
- # 7.5 配置docker开机自启动
- systemctl enable --now docker
- systemctl status docker
- systemctl disable --now firewalld
- sed -i 's/^SELINUX=enforcing$/SELINUX=disabled/' /etc/selinux/config
- grep ^SELINUX= /etc/selinux/config
- cat >> /etc/hosts <<'EOF'
- 10.0.0.231 k8s231.oldboyedu.com
- 10.0.0.232 k8s232.oldboyedu.com
- 10.0.0.233 k8s233.oldboyedu.com
- 10.0.0.250 harbor.oldboyedu.com
- EOF
- cat /etc/hosts
- [root@k8s231.oldboyedu.com ~]# docker login -u admin -p 1 harbor.oldboyedu.com
- 你需要在每台机器上安装以下的软件包:
- kubeadm:
- 用来初始化集群的指令。
- kubelet:
- 在集群中的每个节点上用来启动Pod和容器等。
- kubectl:
- 用来与集群通信的命令行工具。
-
- kubeadm不能帮你安装或者管理kubelet或kubectl,所以你需要确保它们与通过kubeadm安装的控制平面(master)的版本相匹配。 如果不这样做,则存在发生版本偏差的风险,可能会导致一些预料之外的错误和问题。
- 然而,控制平面与kubelet间的相差一个次要版本不一致是支持的,但kubelet的版本不可以超过"API SERVER"的版本。 例如,1.7.0版本的kubelet可以完全兼容1.8.0版本的"API SERVER",反之则不可以。
(1)配置软件源
- cat > /etc/yum.repos.d/kubernetes.repo <<EOF
- [kubernetes]
- name=Kubernetes
- baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
- enabled=1
- gpgcheck=0
- repo_gpgcheck=0
- EOF
- yum -y list kubeadm --showduplicates | sort -r
- yum -y install kubeadm-1.23.17-0 kubelet-1.23.17-0 kubectl-1.23.17-0
- 注意,如果网速慢的小伙伴,可以直接使用我下载好的软件包,执行操作如下:
- curl -o oldboyedu-kubeadmin-rpm-1_23_17.tar.gz http://192.168.15.253/Kubernetes/Day01-/softwares/oldboyedu-kubeadmin-rpm-1_23_17.tar.gz
- tar xf oldboyedu-kubeadmin-rpm-1_23_17.tar.gz && yum -y localinstall oldboyedu-kubeadmin-rpm-1_23_17/*.rpm && rm -rf oldboyedu-kubeadmin-rpm-1_23_17*
- systemctl enable --now kubelet
- systemctl status kubelet
- 参考链接:
- https://kubernetes.io/zh/docs/tasks/tools/install-kubectl-linux/
(1)使用kubeadm初始化master节点
- [root@k8s231.oldboyedu.com ~]# kubeadm init --kubernetes-version=v1.23.17 --image-repository registry.aliyuncs.com/google_containers --pod-network-cidr=10.100.0.0/16 --service-cidr=10.200.0.0/16 --service-dns-domain=oldboyedu.com
- 相关参数说明:
- --kubernetes-version:
- 指定K8S master组件的版本号。
-
- --image-repository:
- 指定下载k8s master组件的镜像仓库地址。
-
- --pod-network-cidr:
- 指定Pod的网段地址。
-
- --service-cidr:
- 指定SVC的网段
- --service-dns-domain:
- 指定service的域名。若不指定,默认为"cluster.local"。
- [init]
- 使用初始化的K8S版本。
-
- [preflight]
- 主要是做安装K8S集群的前置工作,比如下载镜像,这个时间取决于你的网速。
- [certs]
- 生成证书文件,默认存储在"/etc/kubernetes/pki"目录哟。
- [kubeconfig]
- 生成K8S集群的默认配置文件,默认存储在"/etc/kubernetes"目录哟。
- [kubelet-start]
- 启动kubelet,
- 环境变量默认写入:"/var/lib/kubelet/kubeadm-flags.env"
- 配置文件默认写入:"/var/lib/kubelet/config.yaml"
- [control-plane]
- 使用静态的目录,默认的资源清单存放在:"/etc/kubernetes/manifests"。
- 此过程会创建静态Pod,包括"kube-apiserver","kube-controller-manager"和"kube-scheduler"
- [etcd]
- 创建etcd的静态Pod,默认的资源清单存放在:""/etc/kubernetes/manifests"
-
- [wait-control-plane]
- 等待kubelet从资源清单目录"/etc/kubernetes/manifests"启动静态Pod。
- [apiclient]
- 等待所有的master组件正常运行。
-
- [upload-config]
- 创建名为"kubeadm-config"的ConfigMap在"kube-system"名称空间中。
-
- [kubelet]
- 创建名为"kubelet-config-1.22"的ConfigMap在"kube-system"名称空间中,其中包含集群中kubelet的配置
- [upload-certs]
- 跳过此节点,详情请参考”--upload-certs"
-
- [mark-control-plane]
- 标记控制面板,包括打标签和污点,目的是为了标记master节点。
-
- [bootstrap-token]
- 创建token口令,例如:"kbkgsa.fc97518diw8bdqid"。
- 如下图所示,这个口令将来在加入集群节点时很有用,而且对于RBAC控制也很有用处哟。
- [kubelet-finalize]
- 更新kubelet的证书文件信息
- [addons]
- 添加附加组件,例如:"CoreDNS"和"kube-proxy”
- [root@k8s231.oldboyedu.com ~]# mkdir -p $HOME/.kube
- [root@k8s231.oldboyedu.com ~]# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
- [root@k8s231.oldboyedu.com ~]# sudo chown $(id -u):$(id -g) $HOME/.kube/config
- [root@k8s231.oldboyedu.com ~]# kubectl get componentstatuses
- [root@k8s231.oldboyedu.com ~]# kubectl get cs
(1)全部节点加入K8S集群,留意,你的token和我不一样哟~(******,复制你自己的token)
- [root@k8s232.oldboyedu.com ~]# kubeadm join 10.0.0.231:6443 --token uh78rb.9nyqap0zrn5sj7wd \
- --discovery-token-ca-cert-hash sha256:27b747e1e77c00f5684301a5e76a51eb4634fb80a76e7bd30113ac347e03aaf1
- [root@k8s233.oldboyedu.com ~]# kubeadm join 10.0.0.231:6443 --token uh78rb.9nyqap0zrn5sj7wd \
- --discovery-token-ca-cert-hash sha256:27b747e1e77c00f5684301a5e76a51eb4634fb80a76e7bd30113ac347e03aaf1
- [root@k8s231.oldboyedu.com ~]# kubectl get nodes
- NAME STATUS ROLES AGE VERSION
- k8s231.oldboyedu.com NotReady control-plane,master 15m v1.23.17
- k8s232.oldboyedu.com NotReady <none> 3m39s v1.23.17
- k8s233.oldboyedu.com NotReady <none> 3m6s v1.23.17
- [root@k8s231.oldboyedu.com ~]# echo "source <(kubectl completion bash)" >> ~/.bashrc && source ~/.bashrc
(1)下载flannel的资源清单
- [root@k8s231.oldboyedu.com ~]# wget http://192.168.15.253/Kubernetes/Day01-/config/kube-flannel.yml
- [root@k8s231.oldboyedu.com ~]# kubectl apply -f kube-flannel.yml
- [root@k8s231.oldboyedu.com ~]# kubectl get pods -A -o wide| grep kube-flannel
- kube-flannel kube-flannel-ds-c9k8g 1/1 Running 0 77s 10.0.0.232 k8s232.oldboyedu.com <none> <none>
- kube-flannel kube-flannel-ds-kgndk 1/1 Running 0 77s 10.0.0.233 k8s233.oldboyedu.com <none> <none>
- kube-flannel kube-flannel-ds-nc67r 1/1 Running 0 77s 10.0.0.231 k8s231.oldboyedu.com <none> <none>
- [root@k8s231.oldboyedu.com ~]#
- [root@k8s231.oldboyedu.com ~]# cat oldboyedu-linux85-ds.yaml
- kind: DaemonSet
- apiVersion: apps/v1
- metadata:
- name: linux85-ds
- spec:
- selector:
- matchLabels:
- school: oldboyedu
- class: linux85
- template:
- metadata:
- labels:
- school: oldboyedu
- class: linux85
- spec:
- containers:
- - image: alpine
- stdin: true
- name: mylinux
- [root@k8s231.oldboyedu.com ~]# kubectl apply -f oldboyedu-linux85-ds.yaml
- daemonset.apps/linux85-ds created
- [root@k8s231.oldboyedu.com ~]# kubectl get pods -o wide
- NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
- linux85-ds-2ks6n 1/1 Running 0 2m48s 10.100.2.2 k8s233.oldboyedu.com <none> <none>
- linux85-ds-m5zd8 1/1 Running 0 2m49s 10.100.1.2 k8s232.oldboyedu.com <none> <none>
- [root@k8s231.oldboyedu.com ~]# kubectl exec linux85-ds-m5zd8 -- ping -c 3 10.100.2.2
- PING 10.100.2.2 (10.100.2.2): 56 data bytes
- 64 bytes from 10.100.2.2: seq=0 ttl=62 time=0.417 ms
- 64 bytes from 10.100.2.2: seq=1 ttl=62 time=0.299 ms
- 64 bytes from 10.100.2.2: seq=2 ttl=62 time=0.404 ms
- --- 10.100.2.2 ping statistics ---
- 3 packets transmitted, 3 packets received, 0% packet loss
- round-trip min/avg/max = 0.299/0.373/0.417 ms
- [root@k8s231.oldboyedu.com ~]#
- [root@k8s231.oldboyedu.com ~]# kubectl delete -f oldboyedu-linux85-ds.yaml
- daemonset.apps "linux85-ds" deleted
- [root@harbor ~]# cd /oldboyedu/softwares/harbor/
- [root@harbor harbor]# ll
- 总用量 597996
- drwxr-xr-x 5 root root 58 2024-06-12 09:06 certs
- drwxr-xr-x 3 root root 20 2024-06-12 09:09 common
- -rw-r--r-- 1 root root 3398 2022-01-12 12:08 common.sh
- -rw-r--r-- 1 root root 5412 2024-06-12 09:09 docker-compose.yml
- -rw-r--r-- 1 root root 612306524 2022-01-12 12:09 harbor.v1.10.10.tar.gz
- -rw-r--r-- 1 root root 5962 2024-06-12 09:09 harbor.yml
- -rwxr-xr-x 1 root root 2284 2022-01-12 12:08 install.sh
- -rw-r--r-- 1 root root 11347 2022-01-12 12:08 LICENSE
- -rwxr-xr-x 1 root root 1750 2022-01-12 12:08 prepare
- [root@harbor harbor]# docker-compose ps
- Name Command State Ports
- --------------------------------------------------------------------------------------------------
- harbor-core /harbor/harbor_core Up
- harbor-db /docker-entrypoint.sh Up 5432/tcp
- harbor-jobservice /harbor/harbor_jobservice ... Up
- harbor-log /bin/sh -c /usr/local/bin/ ... Up 127.0.0.1:1514->10514/tcp
- harbor-portal nginx -g daemon off; Up 8080/tcp
- nginx nginx -g daemon off; Up 0.0.0.0:80->8080/tcp,:::80->8080/tcp,
- 0.0.0.0:443->8443/tcp,:::443->8443/tc
- p
- redis redis-server /etc/redis.conf Up 6379/tcp
- registry /home/harbor/entrypoint.sh Up 5000/tcp
- registryctl /home/harbor/start.sh Up
- [root@harbor harbor]# docker-compose ps
- Name Command State Ports
- -----------------------------------------------------------------------------------------
- harbor-core /harbor/harbor_core Exit 128
- harbor-db /docker-entrypoint.sh Exit 137
- harbor-jobservice /harbor/harbor_jobservice ... Exit 128
- harbor-log /bin/sh -c /usr/local/bin/ ... Up 127.0.0.1:1514->10514/tcp
- harbor-portal nginx -g daemon off; Exit 128
- nginx nginx -g daemon off; Exit 128
- redis redis-server /etc/redis.conf Exit 128
- registry /home/harbor/entrypoint.sh Exit 137
- registryctl /home/harbor/start.sh Exit 137
- [root@harbor harbor]# docker-compose down -v -t 1
- Stopping harbor-log ... done
- Removing harbor-jobservice ... done
- Removing nginx ... done
- Removing harbor-core ... done
- Removing harbor-db ... done
- Removing redis ... done
- Removing registry ... done
- Removing registryctl ... done
- Removing harbor-portal ... done
- Removing harbor-log ... done
- Removing network harbor_harbor
- # 启动
- [root@harbor harbor]# docker-compose up -d
- [root@harbor harbor]# docker-compose ps
- Name Command State Ports
- --------------------------------------------------------------------------------------------------
- harbor-core /harbor/harbor_core Up
- harbor-db /docker-entrypoint.sh Up 5432/tcp
- harbor-jobservice /harbor/harbor_jobservice ... Up
- harbor-log /bin/sh -c /usr/local/bin/ ... Up 127.0.0.1:1514->10514/tcp
- harbor-portal nginx -g daemon off; Up 8080/tcp
- nginx nginx -g daemon off; Up 0.0.0.0:80->8080/tcp,:::80->8080/tcp,
- 0.0.0.0:443->8443/tcp,:::443->8443/tc
- p
- redis redis-server /etc/redis.conf Up 6379/tcp
- registry /home/harbor/entrypoint.sh Up 5000/tcp
- registryctl /home/harbor/start.sh Up
(1)完成的全部训练并整理头脑导图;
(2)手绘K8S架构图并可以或许清晰每个组件的作用;
扩展作业:
使用ansible的基于kubeadm一键构建K8S集群。
免责声明:如果侵犯了您的权益,请联系站长,我们会及时删除侵权内容,谢谢合作!更多信息从访问主页:qidao123.com:ToB企服之家,中国第一个企服评测及商务社交产业平台。 |
