typora-root-url: ./
一:基础集群环境搭建:
k8s基础集群环境主要是运行kubernetes管理端服务以及node节点上的服务部署及使用。
Kubernetes设计架构:
CNCF 云原生容器生态系统概要:
1.1:k8s高可用集群环境规划信息:
安装实际需求,进行规划与部署相应的单master或者多master的高可用k8s运行环境。
1.1.1:单master:
见 kubeadm 安装k8s
https://www.kubernetes.org.cn/kubernetes%E8%AE%BE%E8%AE%A1%E6%9E%B6%E6%9E%84
http://dockone.io/article/3006
类型 服务器IP地址 备注
Ansible(2台) 192.168.7.101/102 K8S集群部署服务器,可以和在一起
K8S Master(2台) 192.168.7.101/102 K8s控制端,通过一个VIP做主备高可用
Harbor(2台) 192.168.7.103/104 高可用镜像服务器
Etcd(最少3台) 192.168.7.105/106/107 保存k8s集群数据的服务器
Hproxy(2台) 192.168.7.108/109 高可用etcd代理服务器
Node节点(2-N台) 192.168.7.111/112/xxx 真正运行容器的服务器,高可用环境至少两台
1.1.2:多master:
1.1.3:服务器统计:
1.2:主机名设置:
类型 服务器IP 主机名 VIP
K8S Master1 192.168.7.101 k8s-master1.magedu.net 192.168.7.248
K8S Master2 192.168.7.102 k8s-master2.magedu.net 192.168.7.248
Harbor1 192.168.7.103 k8s-harbor1.magedu.net
Harbor2 192.168.7.104 k8s-harbor2.magedu.net
etcd节点1 192.168.7.105 k8s-etcd1.magedu.net
etcd节点2 192.168.7.106 k8s-etcd2.magedu.net
etcd节点3 192.168.7.107 k8s-etcd3.magedu.net
Haproxy1 192.168.7.108 k8s-ha1.magedu.net
Haproxy2 192.168.7.109 k8s-ha2.magedu.net
Node节点1 192.168.7.110 k8s-node1.magedu.net
Node节点2 192.168.7.111 k8s-node2.magedu.net
1.3:软件清单:
见当前目录下 kubernetes软件清单
API端口:
1.4:基础环境准备:
http://releases.ubuntu.com/
系统主机名配置、IP配置、系统参数优化,以及依赖的负载均衡和Harbor部署
1.4.1:系统配置:
主机名等系统配置略
1.4.2:高可用负载均衡:
k8s高可用反向代理
参见博客http://blogs.studylinux.net/?p=4579
端口:192.168.7.248:6443 #需要配置在负载均衡上实现反向代理,dashboard的端口为8443
操作系统:ubuntu server 1804
k8s版本: 1.13.5
calico:3.4.4
1.4.2.1:keepalived:
1.4.2.2:haproxy:
1.4.3:Harbor之https:
内部镜像将统一保存在内部Harbor服务器,不再通过互联网在线下载。
root@k8s-ha1:~# cat /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 1
priority 100
advert_int 3
unicast_src_ip 192.168.7.108
unicast_peer {
192.168.7.109
}
authentication {
auth_type PASS
auth_pass 123abc
}
virtual_ipaddress {
192.168.7.248 dev eth0 label eth0:1
}
}
listen k8s_api_nodes_6443
bind 192.168.7.248:6443
mode tcp
#balance leastconn
server 192.168.7.101 192.168.7.101:6443 check inter 2000 fall 3 rise 5
#server 192.168.100.202 192.168.100.202:6443 check inter 2000 fall 3 rise 5
root@k8s-harbor1:/usr/local/src/harbor# pwd
/usr/local/src/harbor
root@k8s-harbor1:/usr/local/src/harbor# mkdir certs/
# openssl genrsa -out /usr/local/src/harbor/certs/harbor-ca.key #生成私有key
# openssl req -x509 -new -nodes -key /usr/local/src/harbor/certs/harbor-ca.key -subj
"/CN=harbor.magedu.net" -days 7120 -out /usr/local/src/harbor/certs/harbor-ca.crt #签证
# vim harbor.cfg
hostname = harbor.magedu.net
ui_url_protocol = https
ssl_cert = /usr/local/src/harbor/certs/harbor-ca.crt
ssl_cert_key = /usr/local/src/harbor/certs/harbor-ca.key
client 同步在crt证书:
测试登录harbor:
测试push镜像到harbor:
1.5:手动二进制部署:
见 k8s 1.11 ubuntu1804部署文档
1.6:ansible部署:
1.6.1:基础环境准备:
harbor_admin_password = 123456
# ./install.sh
master1:~# mkdir /etc/docker/certs.d/harbor.magedu.net -p
harbor1:~# scp /usr/local/src/harbor/certs/harbor-ca.crt
192.168.7.101:/etc/docker/certs.d/harbor.magedu.net
master1:~# vim /etc/hosts #添加host文件解析
192.168.7.103 harbor.magedu.net
master1:~# systemctl restart docker #重启docker
root@k8s-master1:~# docker login harbor.magedu.net
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
master1:~# docker pull alpine
root@k8s-master1:~# docker tag alpine harbor.magedu.net/library/alpine:linux36
root@k8s-master1:~# docker push harbor.magedu.net/library/alpine:linux36
The push refers to repository [harbor.magedu.net/library/alpine]
256a7af3acb1: Pushed
linux36: digest:
sha256:97a042bf09f1bf78c8cf3dcebef94614f2b95fa2f988a5c07314031bc2570c7a size: 528