基础环境说明
安装运行环境系统要求为CentOS7.5,内核版本不低于3.10。
Docker版本为docker-ce-19.03.13。
安装所需镜像:chinaskills_cloud_paas.iso
网络架构及配置说明
节点角色 | 主机名 | 内存 | 硬盘 | IP |
---|---|---|---|---|
Master Node | master | 8g | 100g | 10.16.106.50 |
Worker Node | node | 8g | 100g | 10.16.106.51 |
Harbor | master | 8g | 100g | 10.16.106.50 |
注:配置不足时可适当缩减node节点配置
基础环境配置
本次实验环境采用master + node两个节点部署,node节点可以根据需求自主扩展。
注:安装docker并不需要node节点,node节点是为后期部署kubernetes准备的
修改主机名并配置映射
master:
# hostnamectl set-hostname master
# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.16.106.50 master
10.16.106.51 node
node:
# hostnamectl set-hostname node
# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.16.106.50 master
10.16.106.51 node
关闭SELinux和防火墙
# sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
# setenforce 0
# systemctl stop firewalld
# systemctl disable firewalld
删除iptables防火墙规则
# iptables –F
# iptables –X
# iptables –Z
# /usr/sbin/iptables-save
挂载镜像并配置yum源
将chinaskills_cloud_paas.iso镜像包上传到master节点
挂载镜像
# mount -o loop chinaskills_cloud_paas.iso /mnt
# cp -rvf /mnt/* /opt
# umount /mnt
配置yum源
master:
# rm -rf /etc/yum.repos.d/*
# cat << EOF >/etc/yum.repos.d/local.repo
[k8s]
name=k8s
baseurl=file:///opt/kubernetes-repo
gpgcheck=0
enabled=1
EOF
# yum clean all
# yum repolist
master节点安装ftp给node提供服务
# yum install -y vsftpd
# vi /etc/vsftpd/vsftpd.conf
anon_root=/opt
# systemctl start vsftpd && systemctl enable vsftpd
node:
# rm -rf /etc/yum.repos.d/*
# cat << EOF >/etc/yum.repos.d/local.repo
[k8s]
name=k8s
baseurl=ftp://master/kubernetes-repo
gpgcheck=0
enabled=1
EOF
# yum clean all
# yum repolist
使用chrony进行时间同步
# yum install -y chrony //双节点
# vim /etc/chrony.conf //controller更改配置文件
server master iburst
allow 10.16.106.0/24
local stratum 10
# systemctl restart chronyd //启动服务
# systemctl enable chronyd
# vim /etc/chrony.conf //添加一条按ip自动同步
server master iburst
# systemctl restart chronyd //启动服务
# systemctl enable chronyd
配置免密钥
master:
# ssh-keygen
# ssh-copy-id node
node:
# ssh-keygen
# ssh-copy-id master
关闭swap分区
# swapoff -a
# sed -i 's/.*swap.*/#&/' /etc/fstab
修改 /etc/sysctl.conf开启内核转发
# modprobe br_netfilter
# echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
# echo "net.bridge.bridge-nf-call-ip6tables = 1" >> /etc/sysctl.conf
# echo "net.bridge.bridge-nf-call-iptables = 1" >> /etc/sysctl.conf
# sysctl -p
部署Docker
安装docker-ce
# yum install -y yum-utils device-mapper-persistent-data lvm2
# yum install -y docker-ce
# systemctl enable docker
# systemctl start docker
修改 Docker Cgroup Driver为systemd
# tee /etc/docker/daemon.json <<-'EOF'
{
"insecure-registries" : ["0.0.0.0/0"],
"registry-mirrors": ["https://5twf62k1.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"]
}
EOF
# systemctl restart docker
安装docker-compose
# chmod +x /opt/docker-compose/v1.25.5-docker-compose-Linux-x86_64
# mv /opt/docker-compose/v1.25.5-docker-compose-Linux-x86_64 /usr/local/bin/docker-compose
部署Harbor仓库
导入/opt/images中所有的镜像
for i in $(ls /opt/images|grep tar)
do
docker load -i /opt/images/$i
done
解压安装包
# cd /opt/harbor
# tar -zxvf harbor-offline-installer-v2.1.0.tgz
# cd harbor
修改Harbor配置信息
# cp harbor.yml.tmpl harbor.yml
# vi harbor.yml
hostname: 10.16.106.50 # 将域名修改为本机IP
harbor_admin_password: Harbor12345
#https: # 禁用https
# https port for harbor, default is 443
# port: 443
# The path of cert and key files for nginx
# certificate: /your/certificate/path
# private_key: /your/private/key/path
启动Harbor
# ./prepare
# ./install.sh --with-clair
# docker-compose ps 查看是否启动成功
node节点登陆Harbor
# docker login -u admin -p Harbor12345 10.16.106.50
web访问
请在浏览器通过http://$IP访问Harbor
Q.E.D.