推介网站,怎样让网站做301处理,营销网站方案设计,哈尔滨市建设网站目录 一、环境规划#xff1a;
二、注意事项#xff1a;
三、环境准备#xff1a; 1. 关闭防火墙规则#xff0c;关闭selinux#xff0c;关闭swap交换#xff1a; 2. 修改主机名#xff1a; 3. 有节点修改hosts文件#xff1a; 4. 所有节点时间同步#xff1a; 5. 所…目录 一、环境规划
二、注意事项
三、环境准备 1. 关闭防火墙规则关闭selinux关闭swap交换 2. 修改主机名 3. 有节点修改hosts文件 4. 所有节点时间同步 5. 所有节点实现Linux的资源限制 6. 所有节点升级内核可选 7. 调整内核参数 8. 加载 ip_vs 模块
四、所有节点安装docker 1. 安装 2. 更改daemon.json配置
五、安装kubeadmkubelet和kubectl 1. 定义kubernetes源 2. 配置Kubelet使用阿里云的pause镜像 3. 开机自启kubelet
六、高可用组件安装、配置 1. 所有 master 节点部署 Haproxy 2. 配置haproxy代理 3. 所有 master 节点部署 keepalived 4. 配置keepalived 高可用 5. 编写健康检测脚本 6. 启动高可用代理集群
七、部署K8S集群 1. 在 master01 节点上设置集群初始化配置文件 2. 更新集群初始化配置文件 3. 所有节点拉取镜像 4. master01 节点进行初始化 5. 修改controller-manager和scheduler配置文件 6. 部署网络插件flannel 7. 所有节点加入集群: 7.1 所有master 节点加入集群: 7.2 node 节点加入集群 8. 查看集群信息
八、安装Harbor私有仓库 1. 安装docker 2. 所有 node 节点都修改配置文件加上私有仓库配置 3. 安装Harbor: 4. 生成证书: 5. 访问 一、环境规划
服务器类型ip地址master01192.168.88.100master02192.168.88.101master03192.168.88.103node01192.168.88.104node02192.168.88.105hub.wzw.com192.168.88.106
二、注意事项
master节点cpu核心数要求大于2最新的版本不一定好但相对于旧版本核心功能稳定但新增功能、接口相对不稳学会一个版本的 高可用部署其他版本操作都差不多宿主机尽量升级到CentOS 7.9内核kernel升级到 4.19 这种稳定的内核部署k8s版本时尽量找 1.xx.5 这种大于5的小版本这种一般是比较稳定的版本
三、环境准备 1. 关闭防火墙规则关闭selinux关闭swap交换
systemctl stop firewalld
systemctl disable firewalld
setenforce 0
sed -i s/enforcing/disabled/ /etc/selinux/config
iptables -F iptables -t nat -F iptables -t mangle -F iptables -X
swapoff -a
sed -ri s/.*swap.*/#/ /etc/fstab 2. 修改主机名
hostnamectl set-hostname master01
hostnamectl set-hostname master02
hostnamectl set-hostname master03
hostnamectl set-hostname node01
hostnamectl set-hostname node02 3. 有节点修改hosts文件
cat /etc/hosts EOF
192.168.88.100 master01
192.168.88.101 master02
192.168.88.103 master03
192.168.88.104 node01
192.168.88.105 node02
EOF 4. 所有节点时间同步
yum -y install ntpdate
ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
echo Asia/Shanghai /etc/timezone
ntpdate time2.aliyun.comsystemctl enable --now crondcrontab -e
*/30 * * * * /usr/sbin/ntpdate time2.aliyun.com5. 所有节点实现Linux的资源限制
vim /etc/security/limits.conf
* soft nofile 65536
* hard nofile 131072
* soft nproc 65535
* hard nproc 655350
* soft memlock unlimited
* hard memlock unlimited 6. 所有节点升级内核可选
wget http://193.49.22.109/elrepo/kernel/el7/x86_64/RPMS/kernel-ml-devel-4.19.12-1.el7.elrepo.x86_64.rpm -O /opt/kernel-ml-devel-4.19.12-1.el7.elrepo.x86_64.rpm
wget http://193.49.22.109/elrepo/kernel/el7/x86_64/RPMS/kernel-ml-4.19.12-1.el7.elrepo.x86_64.rpm -O /opt/kernel-ml-4.19.12-1.el7.elrepo.x86_64.rpmcd /opt/
yum localinstall -y kernel-ml*#更改内核启动方式
grub2-set-default 0 grub2-mkconfig -o /etc/grub2.cfg
grubby --argsuser_namespace.enable1 --update-kernel$(grubby --default-kernel)
grubby --default-kernel
reboot 7. 调整内核参数
cat /etc/sysctl.d/k8s.conf EOF
net.ipv4.ip_forward 1
net.bridge.bridge-nf-call-iptables 1
net.bridge.bridge-nf-call-ip6tables 1
fs.may_detach_mounts 1
vm.overcommit_memory1
vm.panic_on_oom0
fs.inotify.max_user_watches89100
fs.file-max52706963
fs.nr_open52706963
net.netfilter.nf_conntrack_max2310720net.ipv4.tcp_keepalive_time 600
net.ipv4.tcp_keepalive_probes 3
net.ipv4.tcp_keepalive_intvl 15
net.ipv4.tcp_max_tw_buckets 36000
net.ipv4.tcp_tw_reuse 1
net.ipv4.tcp_max_orphans 327680
net.ipv4.tcp_orphan_retries 3
net.ipv4.tcp_syncookies 1
net.ipv4.tcp_max_syn_backlog 16384
net.ipv4.ip_conntrack_max 65536
net.ipv4.tcp_max_syn_backlog 16384
net.ipv4.tcp_timestamps 0
net.core.somaxconn 16384
EOF#生效参数
sysctl --system 8. 加载 ip_vs 模块
for i in $(ls /usr/lib/modules/$(uname -r)/kernel/net/netfilter/ipvs|grep -o ^[^.]*);do echo $i; /sbin/modinfo -F filename $i /dev/null 21 /sbin/modprobe $i;done四、所有节点安装docker 1. 安装
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum install -y docker-ce docker-ce-cli containerd.io2. 更改daemon.json配置
cat /etc/docker/daemon.json EOF
{registry-mirrors: [https://6ijb8ubo.mirror.aliyuncs.com],exec-opts: [native.cgroupdriversystemd],log-driver: json-file,log-opts: {max-size: 500m, max-file: 3}
}
EOF#将docker的资源限制更改为systemd保持与k8s一致systemctl daemon-reload
systemctl restart docker.service
systemctl enable docker.service
五、安装kubeadmkubelet和kubectl 所有节点安装kubeadmkubelet和kubectl 1. 定义kubernetes源
cat /etc/yum.repos.d/kubernetes.repo EOF
[kubernetes]
nameKubernetes
baseurlhttps://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled1
gpgcheck0
repo_gpgcheck0
gpgkeyhttps://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOFyum install -y kubelet-1.20.15 kubeadm-1.20.15 kubectl-1.20.15 2. 配置Kubelet使用阿里云的pause镜像
cat /etc/sysconfig/kubelet EOF
KUBELET_EXTRA_ARGS--cgroup-driversystemd --pod-infra-container-imageregistry.cn-hangzhou.aliyuncs.com/google_containers/pause-amd64:3.2
EOF 3. 开机自启kubelet
systemctl enable --now kubelet
六、高可用组件安装、配置 1. 所有 master 节点部署 Haproxy
yum -y install haproxy 2. 配置haproxy代理
cat /etc/haproxy/haproxy.cfg EOF
globallog 127.0.0.1 local0 infolog 127.0.0.1 local1 warningchroot /var/lib/haproxypidfile /var/run/haproxy.pidmaxconn 4000user haproxygroup haproxydaemonstats socket /var/lib/haproxy/statsdefaultsmode tcplog globaloption tcplogoption dontlognulloption redispatchretries 3timeout queue 1mtimeout connect 10stimeout client 1mtimeout server 1mtimeout check 10smaxconn 3000frontend monitor-inbind *:33305mode httpoption httplogmonitor-uri /monitorfrontend k8s-masterbind *:16443 #如果与apiserver部署在同一台机器上监听端口会冲突更改监听端口mode tcpoption tcplogdefault_backend k8s-masterbackend k8s-mastermode tcpoption tcplogoption tcp-checkbalance roundrobinserver k8s-master1 192.168.88.100:6443 check inter 10000 fall 2 rise 2 weight 1server k8s-master2 192.168.88.101:6443 check inter 10000 fall 2 rise 2 weight 1server k8s-master3 192.168.88.103:6443 check inter 10000 fall 2 rise 2 weight 1
EOF 3. 所有 master 节点部署 keepalived
yum -y install keepalived 4. 配置keepalived 高可用
cd /etc/keepalived/
vim keepalived.conf
! Configuration File for keepalived
global_defs {router_id LVS_HA1
}vrrp_script chk_haproxy {script /etc/keepalived/check_haproxy.shinterval 2weight 2
}vrrp_instance VI_1 {state MASTERinterface ens33virtual_router_id 51priority 100advert_int 1virtual_ipaddress {192.168.80.200}track_script {chk_haproxy}
} 5. 编写健康检测脚本
vim check_haproxy.sh
#!/bin/bash
if ! killall -0 haproxy; thensystemctl stop keepalived
fi
chmod x check_haproxy.sh6. 启动高可用代理集群
systemctl enable --now haproxy
systemctl enable --now keepalived
七、部署K8S集群 1. 在 master01 节点上设置集群初始化配置文件
kubeadm config print init-defaults /opt/kubeadm-config.yamlcd /opt/
vim kubeadm-config.yaml
......
11 localAPIEndpoint:
12 advertiseAddress: 192.168.80.10 #指定当前master节点的IP地址
13 bindPort: 644321 apiServer:
22 certSANs: #在apiServer属性下面添加一个certsSANs的列表添加所有master节点的IP地址和集群VIP地址
23 - 192.168.80.100
24 - 192.168.80.10
25 - 192.168.80.11
26 - 192.168.80.1230 clusterName: kubernetes
31 controlPlaneEndpoint: 192.168.80.100:16444 #指定集群VIP地址
32 controllerManager: {}38 imageRepository: registry.cn-hangzhou.aliyuncs.com/google_containers #指定镜像下载地址
39 kind: ClusterConfiguration
40 kubernetesVersion: v1.20.15 #指定kubernetes版本号
41 networking:
42 dnsDomain: cluster.local
43 podSubnet: 10.244.0.0/16 #指定pod网段10.244.0.0/16用于匹配flannel默认网段
44 serviceSubnet: 10.96.0.0/16 #指定service网段
45 scheduler: {}
#末尾再添加以下内容
---
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
mode: ipvs #把默认的kube-proxy调度方式改为ipvs模式 2. 更新集群初始化配置文件
kubeadm config migrate --old-config kubeadm-config.yaml --new-config new.yaml 3. 所有节点拉取镜像
#拷贝yaml配置文件给其他主机通过配置文件进行拉取镜像
for i in master02 master03 node01 node02; do scp /opt/new.yaml $i:/opt/; donekubeadm config images pull --config /opt/new.yaml4. master01 节点进行初始化
kubeadm init --config new.yaml --upload-certs | tee kubeadm-init.log 初始化后会出现以下信息用来加入k8s集群
#提示
.........
Your Kubernetes control-plane has initialized successfully!To start using your cluster, you need to run the following as a regular user:mkdir -p $HOME/.kubesudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/configsudo chown $(id -u):$(id -g) $HOME/.kube/config#这个命令是常规用户身份运行在master01节点执行此命令
Alternatively, if you are the root user, you can run:export KUBECONFIG/etc/kubernetes/admin.conf#如果是root用户在master01节点执行此命令两种都行自己选You should now deploy a pod network to the cluster.
Run kubectl apply -f [podnetwork].yaml with one of the options listed at:https://kubernetes.io/docs/concepts/cluster-administration/addons/You can now join any number of the control-plane node running the following command on each as root:
#master节点加入使用的命令记录kubeadm join 192.168.88.200:16443 --token 7t2weq.bjbawausm0jaxury \--discovery-token-ca-cert-hash sha256:e76e4525ca29a9ccd5c24142a724bdb6ab86512420215242c4313fb830a4eb98 \--control-plane --certificate-key 0f2a7ff2c46ec172f834e237fcca8a02e7c29500746594c25d995b78c92dde96Please note that the certificate-key gives access to cluster sensitive data, keep it secret!
As a safeguard, uploaded-certs will be deleted in two hours; If necessary, you can use
kubeadm init phase upload-certs --upload-certs to reload certs afterward.Then you can join any number of worker nodes by running the following on each as root:
#node节点加入使用的命令。记录
kubeadm join 192.168.88.200:16443 --token 7t2weq.bjbawausm0jaxury \--discovery-token-ca-cert-hash sha256:e76e4525ca29a9ccd5c24142a724bdb6ab86512420215242c4313fb830a4eb985. 修改controller-manager和scheduler配置文件
vim /etc/kubernetes/manifests/kube-scheduler.yaml
vim /etc/kubernetes/manifests/kube-controller-manager.yaml
......#- --port0 #搜索port0把这一行注释掉systemctl restart kubelet所有master节点配置 6. 部署网络插件flannel
所有节点上传 flannel 镜像 flannel.tar 和网络插件 cni-plugins-linux-amd64-v0.8.6.tgz 到 /opt 目录master节点上传 kube-flannel.yml 文件
cd /opt
docker load flannel.tarmv /opt/cni /opt/cni_bak
mkdir -p /opt/cni/bin
tar zxvf cni-plugins-linux-amd64-v0.8.6.tgz -C /opt/cni/bin
#注意自己使用的版本kubectl apply -f kube-flannel.yml 7. 所有节点加入集群: 7.1 所有master 节点加入集群: 使用自己的token kubeadm join 192.168.88.200:16443 --token 7t2weq.bjbawausm0jaxury \--discovery-token-ca-cert-hash sha256:e76e4525ca29a9ccd5c24142a724bdb6ab86512420215242c4313fb830a4eb98 \--control-plane --certificate-key 0f2a7ff2c46ec172f834e237fcca8a02e7c29500746594c25d995b78c92dde96mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config 7.2 node 节点加入集群
kubeadm join 192.168.88.200:16443 --token 7t2weq.bjbawausm0jaxury \--discovery-token-ca-cert-hash sha256:e76e4525ca29a9ccd5c24142a724bdb6ab86512420215242c4313fb830a4eb98 8. 查看集群信息
#在 master01 查看集群信息
kubectl get nodeskubectl get pod -A
八、安装Harbor私有仓库 新开一台服务器ip地址为192.168.88.106 1. 安装docker //修改主机名
hostnamectl set-hostname hub.wzw.com//所有节点加上主机名映射
echo 192.168.88.106 hub.wzw.com /etc/hosts//安装 docker
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum install -y docker-ce docker-ce-cli containerd.iomkdir /etc/docker
cat /etc/docker/daemon.json EOF
{registry-mirrors: [https://6ijb8ubo.mirror.aliyuncs.com],exec-opts: [native.cgroupdriversystemd],log-driver: json-file,log-opts: {max-size: 100m},insecure-registries: [https://hub.wzw.com]
}
EOFsystemctl start docker
systemctl enable docker2. 所有 node 节点都修改配置文件加上私有仓库配置
cat /etc/docker/daemon.json EOF
{registry-mirrors: [https://6ijb8ubo.mirror.aliyuncs.com],exec-opts: [native.cgroupdriversystemd],log-driver: json-file,log-opts: {max-size: 100m},insecure-registries: [https://hub.wzw.com]
}
EOFsystemctl daemon-reload
systemctl restart docker 3. 安装Harbor:
cd /opt/
#上传 harbor-offline-installer-v1.2.2.tgz 和 docker-compose 文件到 /opt 目录
cp docker-compose /usr/local/bin
chmod x /usr/local/bin/docker-compose
#将docker-compose编排工具复制到bin目录,并添加执行权限tar -zxvf harbor-offline0installer-v1.2.2.tgz
#将harbor包解包cd harbor.cfgvim harbor.cfg
5 hostname hub.wzw.com
9 ui_url_protocol https
24 ssl_cert /data/cert/server.crt
25 ssl_cert_key /data/cert/server.key
59 harbor_admin_password Harbor12345 4. 生成证书:
mkdir -p /data/cert
#创建证书目录cd /data/cert
openssl genrsa -des3 -out server.key 2048
#生成私钥
//输入两遍密码:123456openssl req -new -key server.key -out server.csr
#生成证书签名请求文件
//输入私钥密码123456
//输入国家名CN
//输入省名BJ
//输入市名BJ
//输入组织名www
//输入机构名www
//输入域名hub.wzw.com
//输入管理员邮箱adminydq.com
//其它全部直接回车cp server.key server.key.org
#备份私钥openssl rsa -in server.key.org -out server.key
#清除私钥密码:123456,重新生成一个文件覆盖以前的带密码的。openssl x509 -req -days 1000 -in server.csr -signkey server.key -out server.crt
#签名证书chmod x /data/cert/*
#全部添加执行权限
cd /opt/harbor/
./install.sh
#执行脚本 5. 访问
在本地使用火狐浏览器访问https://hub.wzw.com添加例外 - 确认安全例外
用户名admin
密码Harbor12345
