基础环境说明

安装运行环境系统要求为CentOS7.5,内核版本不低于3.10。
Docker版本为docker-ce-19.03.13。

安装所需镜像:chinaskills_cloud_paas.iso

网络架构及配置说明

节点角色主机名内存硬盘IP
Master Nodemaster8g100g10.16.106.50
Worker Nodenode8g100g10.16.106.51
Harbormaster8g100g10.16.106.50

注:配置不足时可适当缩减node节点配置

基础环境配置

本次实验环境采用master + node两个节点部署,node节点可以根据需求自主扩展。
注:安装docker并不需要node节点,node节点是为后期部署kubernetes准备的

修改主机名并配置映射

master:

# hostnamectl set-hostname master
# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
10.16.106.50 master
10.16.106.51 node

node:

# hostnamectl set-hostname node
# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
10.16.106.50 master
10.16.106.51 node

关闭SELinux和防火墙

# sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
# setenforce 0
# systemctl stop firewalld
# systemctl disable firewalld

删除iptables防火墙规则

# iptables –F
# iptables –X
# iptables –Z
# /usr/sbin/iptables-save

挂载镜像并配置yum源

将chinaskills_cloud_paas.iso镜像包上传到master节点

挂载镜像
# mount -o loop chinaskills_cloud_paas.iso /mnt
# cp -rvf /mnt/* /opt
# umount /mnt
配置yum源

master:

# rm -rf /etc/yum.repos.d/*
# cat << EOF >/etc/yum.repos.d/local.repo
[k8s]
name=k8s
baseurl=file:///opt/kubernetes-repo
gpgcheck=0
enabled=1
EOF
# yum clean all
# yum repolist

master节点安装ftp给node提供服务

# yum install -y vsftpd
# vi /etc/vsftpd/vsftpd.conf 
anon_root=/opt
# systemctl start vsftpd && systemctl enable vsftpd

node:

# rm -rf /etc/yum.repos.d/*
# cat << EOF >/etc/yum.repos.d/local.repo
[k8s]
name=k8s
baseurl=ftp://master/kubernetes-repo
gpgcheck=0
enabled=1
EOF
# yum clean all
# yum repolist

使用chrony进行时间同步

# yum install -y chrony //双节点
# vim /etc/chrony.conf  //controller更改配置文件
server master iburst
allow 10.16.106.0/24 
local stratum 10
# systemctl restart chronyd //启动服务
# systemctl enable chronyd

# vim /etc/chrony.conf  //添加一条按ip自动同步
server master iburst
# systemctl restart chronyd //启动服务
# systemctl enable chronyd

配置免密钥

master:

# ssh-keygen
# ssh-copy-id node

node:

# ssh-keygen
# ssh-copy-id master

关闭swap分区

# swapoff -a
# sed -i 's/.*swap.*/#&/' /etc/fstab

修改 /etc/sysctl.conf开启内核转发

# modprobe br_netfilter
# echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
# echo "net.bridge.bridge-nf-call-ip6tables = 1" >> /etc/sysctl.conf
# echo "net.bridge.bridge-nf-call-iptables = 1" >> /etc/sysctl.conf
# sysctl -p

部署Docker

安装docker-ce

# yum install -y yum-utils device-mapper-persistent-data lvm2
# yum install -y docker-ce
# systemctl enable docker
# systemctl start docker

修改 Docker Cgroup Driver为systemd

# tee /etc/docker/daemon.json <<-'EOF'
{
  "insecure-registries" : ["0.0.0.0/0"],
"registry-mirrors": ["https://5twf62k1.mirror.aliyuncs.com"],
  "exec-opts": ["native.cgroupdriver=systemd"]
}
EOF
# systemctl restart docker

安装docker-compose

# chmod +x /opt/docker-compose/v1.25.5-docker-compose-Linux-x86_64
# mv /opt/docker-compose/v1.25.5-docker-compose-Linux-x86_64 /usr/local/bin/docker-compose

部署Harbor仓库

导入/opt/images中所有的镜像

for i in $(ls /opt/images|grep tar)
do
  docker load -i /opt/images/$i
done

解压安装包

# cd /opt/harbor
# tar -zxvf harbor-offline-installer-v2.1.0.tgz
# cd harbor

修改Harbor配置信息

# cp harbor.yml.tmpl harbor.yml
# vi harbor.yml
hostname: 10.16.106.50 # 将域名修改为本机IP
harbor_admin_password: Harbor12345
#https:  # 禁用https
  # https port for harbor, default is 443
  # port: 443
  # The path of cert and key files for nginx
  # certificate: /your/certificate/path
  # private_key: /your/private/key/path

启动Harbor

# ./prepare
# ./install.sh --with-clair
# docker-compose ps 查看是否启动成功

node节点登陆Harbor

# docker login -u admin -p Harbor12345 10.16.106.50

web访问

请在浏览器通过http://$IP访问Harbor

Q.E.D.


你笑的时候一晃便是经年