热门标签
热门文章
- 1docker容器内访问外部mysql_MySQL 进行 Docker 容器化之体验与感悟
- 2通过 PHP 使用China Azure Blob 存储_azure blob storage php
- 3JVM类加载机制简述以及一个小口诀_类加载 口诀
- 4小波分解、去噪、时频分析画图
- 5Sora-AI视频模型,在数字内容创作的前沿领域继续领跑
- 6ubuntn 16.04 安装fabric 1.0_pip's legacy dependency resolver does not consider
- 7Java IllegalArgumentException:Invalid character found in the request target问题解决_java.lang.illegalargumentexception: invalid charac
- 8Android 常用正则表达式_android toregex() 引用什么包
- 9Random实现验证码的简单示例_验证码的请求问什么加radom
- 10JavaWeb安全漏洞修复总结
当前位置: article > 正文
k8s安装部署详细教程_ks8部署详细介绍
作者:凡人多烦事01 | 2024-03-15 23:04:13
赞
踩
ks8部署详细介绍
目录
1、安装三大组件-kubeadm、kubelet、kubectl(所有节点执行)
13、在系统管理->系统配置修改publish over SSH
6、将yml推送到服务器(分成两个文件,因为我准备使用的yq命令修改yml)
一、准备工作
在vmware中安装,创建三台centos服务器
| 主机 | ip | 配置 |
| master | 192.168.199.128 | 4核,6g内存,40g硬盘 |
| node1 | 192.168.199.130 | 2核,2g内存,20g硬盘 |
| node2 | 192.168.199.131 | 2核,2g内存,20g硬盘 |
二、环境配置
1、修改hosts配置(所有节点执行)
- vim /etc/hosts
- 192.168.199.128 master
- 192.168.199.130 node1
- 192.168.199.131 node2
2、配置ssh免密登录(master节点)
先生成密钥,再复制到所有节点
- ssh-keygen
- ssh-copy-id master
- ssh-copy-id node1
- ssh-copy-id node2
- #测试连接
- ssh node1
3、关闭swap分区(所有节点执行)
kubelet要求必须禁用交换分区,所以kubeadm初始化时回检测swap是否关闭,如果没有关闭会报错,如果不想关闭安装时命令行可以指定-ignore-preflight-errors=Swap,关闭Swap分区在所有节点上执行如下命令:
- #临时关闭
- swapoff -a
- #永久关闭
- echo vm.swappiness = 0 >> /etc/sysctl.conf
- sysctl -p
- #我在虚拟机中重启后状态仍然是开启,不知道是什么原因,没有影响流程,就没有继续查下去
4、关闭防火墙(所有节点执行)
- systemctl disable firewalld
- systemctl stop firewalld
5、修改内核参数(所有节点执行)
- modprobe br_netfilter
-
- echo "modprobe br_netfilter" >> /etc/profile
-
- tee /etc/sysctl.d/k8s.conf << EOF
- net.bridge.bridge-nf-call-ip6tables = 1
- net.bridge.bridge-nf-call-iptables = 1
- EOF
-
- #重新加载配置
- sysctl -p /etc/sysctl.d/k8s.conf
6、配置集群时间同步(所有节点执行)
- #安装日期插件
- yum install -y ntp ntpdate
-
- ntpdate cn.pool.ntp.org
-
- systemctl start ntpd
- systemctl enable ntpd
7、配置k8s的yum源(所有节点执行)
这里配置k8s的aliyun源
- vim /etc/yum.repos.d/kubernetes.repo
- #将以下内容复制进去
- [kubernetes]
- name=Kubernetes
- baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
- enabled=1
- gpgcheck=0
三、安装docker
1、先卸载docker(所有节点执行)
- yum remove docker \
- docker-client \
- docker-client-latest \
- docker-common \
- docker-latest \
- docker-latest-logrotate \
- docker-logrotate
2、配置yum仓库(所有节点执行)
配置阿里云的yum仓库地址,默认国外的下载速度比较慢
- yum install -y yum-utils \
- device-mapper-persistent-data \
- lvm2
-
- yum-config-manager \
- --add-repo \
- https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
3、安装docker(所有节点执行)
- yum install docker-ce-20.10.9-3.el7 docker-ce-cli-20.10.9-3.el7 docker-compose-plugin containerd.io
-
- #启动docker
- systemctl start docker
-
- #设置开机自启
- systemctl enable docker
-
- #验证安装
- docker -v
-
- 配置阿里云镜像加速器
- cat > /etc/docker/daemon.json << EOF
- {
- "registry-mirrors": ["https://p59n3y39.mirror.aliyuncs.com"]
- }
- > EOF
- 重新加载并重启
- sudo systemctl daemon-reload
- sudo systemctl restart docke
四、安装k8s
1、安装三大组件-kubeadm、kubelet、kubectl(所有节点执行)
- kubeadm:用来初始化k8s集群的指令。
- kubelet:在集群的每个节点上用来启动 Pod 和容器等。
- kubectl:用来与k8s集群通信的命令行工具,查看、创建、更新和删除各种资源。
- yum install -y kubelet-1.23.17 kubeadm-1.23.17 kubectl-1.23.17
-
- # 所有节点设置开机自启
- systemctl enable kubelet
2、添加主节点hosts(所有节点添加)
echo "192.168.199.128 cluster-endpoint" >> /etc/hosts3、初始化k8s集群(master节点)
- kubeadm init \
- --apiserver-advertise-address=192.168.199.128 \
- --control-plane-endpoint=cluster-endpoint \
- --image-repository registry.cn-hangzhou.aliyuncs.com/google_containers \
- --kubernetes-version v1.23.17 \
- --service-cidr=10.96.0.0/12 \
- --pod-network-cidr=172.20.0.0/16
成功界面
- Your Kubernetes control-plane has initialized successfully!
-
- To start using your cluster, you need to run the following as a regular user:
-
- mkdir -p $HOME/.kube
- sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
- sudo chown $(id -u):$(id -g) $HOME/.kube/config
-
- Alternatively, if you are the root user, you can run:
-
- export KUBECONFIG=/etc/kubernetes/admin.conf
-
- You should now deploy a pod network to the cluster.
- Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
- https://kubernetes.io/docs/concepts/cluster-administration/addons/
-
- Then you can join any number of worker nodes by running the following on each as root:
-
- kubeadm join cluster-endpoint:6443 --token e8enii.joiejbe3xoj6v9mt \
- --discovery-token-ca-cert-hash sha256:5756518626710f38bc3b7d4a405990c6274b513628467df94d1aa0a5c5b6f196
4、加入节点(所有node节点)
- kubeadm join cluster-endpoint:6443 --token e8enii.joiejbe3xoj6v9mt \
- --discovery-token-ca-cert-hash sha256:5756518626710f38bc3b7d4a405990c6274b513628467df94d1aa0a5c5b6f196
查看token列表,可观察到每个token的剩余有效时间
- TOKEN TTL EXPIRES USAGES DESCRIPTION EXTRA GROUPS
- p2hjar.gvqyz2ip3nqyac2c 23h 2024-02-01T08:56:31Z authentication,signing <none> system:bootstrappers:kubeadm:default-node-token
默认token有效期为24小时,过期之后token失效,可重新生成token
kubeadm token create --print-join-command五、安装网络插件Calico(所有节点执行)
- 下载calico.yml保存
- curl https://docs.projectcalico.org/v3.15/manifests/calico.yaml -O
-
- 修改配置
- 3727行 - name: CALICO_IPV4POOL_CIDR
- 3728行 value: "172.20.0.0/16"
-
- 安装至kubectl
- kubectl apply -f calico.yaml
-
- 验证是否成功
- kubectl get pod -A | grep calico
六、安装kuboard图形化工具(master节点)
1、下载kuboard插件
curl https://addons.kuboard.cn/kuboard/kuboard-v3.yaml -O2、安装kuboard
kubectl apply -f kuboard-v3.yaml查询安装状态
- [root@master soft]# kubectl get pods -n kuboard
- NAME READY STATUS RESTARTS AGE
- kuboard-agent-2-65fdb5df8b-27chx 1/1 Running 13 26d
- kuboard-agent-57ffc5f966-8nnbd 1/1 Running 13 26d
- kuboard-etcd-xtzrb 1/1 Running 6 26d
- kuboard-loki-0 1/1 Running 2 (2d ago) 22d
- kuboard-loki-grafana-f78869978-qq9kp 1/1 Running 2 (2d ago) 22d
- kuboard-promtail-85227 1/1 Running 5 22d
- kuboard-promtail-kv8b9 1/1 Running 2 (2d ago) 22d
- kuboard-promtail-xhh8z 1/1 Running 2 (2d ago) 22d
- kuboard-pv-browser-cq6v8 2/2 Running 2782 (4m35s ago) 26d
- kuboard-pv-browser-xljll 2/2 Running 2776 (2m19s ago) 26d
- kuboard-pv-browser-xtpfx 2/2 Running 2779 (4m35s ago) 26d
- kuboard-questdb-78d884c786-nrb99 1/1 Running 6 26d
- kuboard-v3-56b4b954c9-zwhtc 1/1 Running 6 26d
七、安装jenkins(master节点)
1、文件授权
- cd /var/run
-
- #修改docker.sock 文件所属组
- chown root:root docker.sock
-
- #修改权限
- chmod o+rw docker.sock
2、配置Jenkins挂载目录
- mkdir -p /home/jenkins/jenkins_mount
- chmod 777 /home/jenkins/jenkins_mount
3、编写docker-compose.yml文件
- vim docker-compose.yml
-
- #设置容器外访问端口8085
-
- version: '3.1'
- services:
- jenkins:
- image: jenkins/jenkins
- privileged: true
- user: root
- ports:
- - 8085:8080
- - 50000:50000
- container_name: jy_jenkins
- volumes:
- - /home/jenkins/jenkins_mount:/var/jenkins_home
- - /etc/localtime:/etc/localtime
- - /var/run/docker.sock:/var/run/docker.sock
- - /usr/bin/docker:/usr/bin/docker
- - /etc/docker/daemon.json:/etc/docker/daemon.json
4、启动compose
docker compose up -d5、配置镜像加速
-
- [root@master jenkins_mount]# pwd
- /home/jenkins/jenkins_mount
修改挂载目录的hudson.model.UpdateCenter.xml文件 添加清华源加速
- <?xml version='1.1' encoding='UTF-8'?>
- <sites>
- <site>
- <id>default</id>
- <url>https://mirrors.tuna.tsinghua.edu.cn/jenkins/updates/update-center.json</url>
- </site>
- </sites>
6、获取Jenkins登录密码
- cat /home/jenkins/jenkins_mount/secrets/initialAdminPassword
-
- 710f38bc3b7d4a405990c6274b513628467df94d1aa0a5
7、升级jenkins
下载jenkins的war包
wget https://mirrors.tuna.tsinghua.edu.cn/jenkins/war-stable/latest/jenkins.war然后停止jenkins容器,记得是停止!
- 查找jenkins服务
- docker ps -a|grep jenkins
-
- docker stop <container_id>
-
- 执行docker cp命令,将war拉取到jenkins容器内
-
- docker cp jenkins.war <container_id>:/usr/share/jenkins/jenkins.war
-
- 再启动容器
-
- docker start <container_id>
8、登录jenkins
账号是:admin 密码是:710f38bc3b7d4a405990c6274b513628467df94d1aa0a5
选择安装推荐的插件就可以了
9、下载插件
系统管理->插件管理->Available plugins
搜索插件安装
- Git Parameter Plug-In
- Publish Over SSH
10、将jdk和maven 上传到挂载目录并解压
修改maven仓库地址
- 添加阿里云镜像地址
- </mirrors>
- <mirror>
- <id>alimaven</id>
- <name>aliyun maven</name>
- <url>https://maven.aliyun.com/repository/public/</url>
- <mirrorOf>central</mirrorOf>
- </mirror>
- </mirrors>
- 添加jdk8编译
- </profiles>
- <profile>
- <id>jdk8</id>
- <activation>
- <activeByDefault>true</activeByDefault>
- <jdk>1.8</jdk>
- </activation>
- <properties>
- <maven.compiler.source>1.8</maven.compiler.source>
- <maven.compiler.target>1.8</maven.compiler.target>
- <maven.compiler.compilerVersion>1.8</maven.compiler.compilerVersion>
- </properties>
- </profile>
- </profiles>
- 激活profile
- <activeProfiles>
- <activeProfile>jdk8</activeProfile>
- </activeProfiles>
11、进入jenkins容器
- docker ps -a|grep jenkins
-
- #进入容器
- docker exec -it <container_id> bash
-
- root@26a9d00b6a4c:/var/jenkins_home/apache-maven-3.9.6# pwd
- /var/jenkins_home/apache-maven-3.9.6
12、在jenkins的全局配置中配置jdk和maven
13、在系统管理->系统配置修改publish over SSH
14、配置服务器无密码连接jenkins容器
- # 进入jenkins容器
- docker exec -it b5a49147b7f5 bash
- # 创建密钥对,一路默认回车
- ssh-keygen
- #复制密钥
- cat ~/.ssh/id_rsa.pub
-
- 在master服务器中添加密钥
- cd /root
- mkdir .ssh
- cd .ssh
- #将密钥拷贝进去
- vim authorized_keys
八、安装harbor(master节点)
1、下载harbor
- #wget下载不了的话,下载后上传到服务器
- wget https://github.com/goharbor/harbor/releases/download/v2.10.0/harbor-offline-installer-v2.10.0.tgz
-
2、解压
- tar -xzvf harbor-offline-installer-v2.10.0.tgz
- #进入目录
- cd ./harbor
3、修改harbor.yml配置
vim harbor.yml设置hostname地址,端口,密码
注释掉https模块,不然保存ERROR:root:Error: The protocol is https but attribute ssl_cert is not set
4、执行安装
- ./prepare
- ./install.sh
安装完成
九、配置流水线
1、新建流水线
打开流水线语法
2、拉取git仓库代码(我这里是用的阿里云仓库)
3、通过maven构建项目(没有配置环境变量需要用全路径)
4、通过Docker制作镜像
5、将自定义镜像推送到harbor
- #修改私服在jenkins服务器的/etc/docker/daemon.json
-
- {
- "registry-mirrors" : ["https://q5bf287q.mirror.aliyuncs.com", "https://registry.docker-cn.com","http://hub-mirror.c.163.com"],
- "exec-opts": ["native.cgroupdriver=systemd"],
- "insecure-registries": ["192.168.199.128"]
- }
-
- # 重新加载
- systemctl daemon-reload
- systemctl restart docker
- docker swarm init
将镜像推送到harbor
6、将yml推送到服务器(分成两个文件,因为我准备使用的yq命令修改yml)
配置Deployment和Service
7、远程执行k8s的kubectl命令
8、最终的流水线版本
- def TAG = 'v1.0.0'
- // 所有脚本命令都放在pipline中
- pipeline{
- // 指定任务在哪个集群节点中执行
- agent any
- // 声明全局变量,方便使用
- environment {
- harborUser = 'wuxiong'
- harborPassword = 'Wuxiong1028'
- harborAddress = '192.168.199.128:5000'
- harborRepo = 'harbor'
- }
- stages {
- stage('拉取git仓库代码') {
- steps {
- checkout scmGit(branches: [[name: '*/master']], extensions: [], userRemoteConfigs: [[credentialsId: '2900e7f7-50ed-4b5e-9bc3-758386c5aaa9', url: 'https://codeup.aliyun.com/658a941385f0966eafd09946/springbootdemo.git']])
- script{
- echo '拉取git仓库代码-SUCCESS'
- TAG = sh(script: "git tag --sort=-creatordate |head -n1", returnStdout:true).trim()
- echo TAG
- }
- checkout scmGit(branches: [[name: TAG]], extensions: [], userRemoteConfigs: [[credentialsId: '2900e7f7-50ed-4b5e-9bc3-758386c5aaa9', url: 'https://codeup.aliyun.com/658a941385f0966eafd09946/springbootdemo.git']])
- }
- }
- stage('通过maven构建项目') {
- steps {
- sh '/var/jenkins_home/apache-maven-3.9.6/bin/mvn clean package -DiskpTest'
- }
- }
- stage('通过Docker制作自定义镜像') {
- steps {
- sh '''cp ./target/*.jar ./
- docker build -t ${JOB_NAME}:'''+TAG+''' ./'''
- }
- }
- stage('将自定义镜像推送到harbor') {
- steps {
- sh '''docker login -u ${harborUser} -p ${harborPassword} ${harborAddress}
- docker tag ${JOB_NAME}:'''+TAG+''' ${harborAddress}/${harborRepo}/${JOB_NAME}:'''+TAG+'''
- docker push ${harborAddress}/${harborRepo}/${JOB_NAME}:'''+TAG
- }
- }
- stage('修改k8s的yml文件') {
- steps {
- sh 'ssh root@192.168.199.128 "yq -i \'.spec.template.spec.containers[0].image = \\"${harborAddress}/${harborRepo}/${JOB_NAME}:'+TAG+'\\"\' /usr/local/k8s/k8s-deployment.yml"'
- }
- }
- stage('将yml文件传到k8s-master上') {
- steps {
- sshPublisher(publishers: [sshPublisherDesc(configName: 'k8s', transfers: [sshTransfer(cleanRemote: false, excludes: '', execCommand: '', execTimeout: 120000, flatten: false, makeEmptyDirs: false, noDefaultExcludes: false, patternSeparator: '[, ]+', remoteDirectory: '', remoteDirectorySDF: false, removePrefix: '', sourceFiles: 'k8s-deployment.yml')], usePromotionTimestamp: false, useWorkspaceInPromotion: false, verbose: false), sshPublisherDesc(configName: 'k8s', transfers: [sshTransfer(cleanRemote: false, excludes: '', execCommand: '', execTimeout: 120000, flatten: false, makeEmptyDirs: false, noDefaultExcludes: false, patternSeparator: '[, ]+', remoteDirectory: '', remoteDirectorySDF: false, removePrefix: '', sourceFiles: 'k8s-service.yml')], usePromotionTimestamp: false, useWorkspaceInPromotion: false, verbose: false)])
- }
- }
- stage('远程执行k8s-master的kubectl命令') {
- steps {
- sh '''ssh root@192.168.199.128 kubectl apply -f /usr/local/k8s/k8s-deployment.yml
- ssh root@192.168.199.128 kubectl apply -f /usr/local/k8s/k8s-service.yml'''
- }
- }
- }
- }
十、其他
1、我的dockerfile
- FROM java:8
-
- MAINTAINER wuxiong_sc@163.com
-
- ENV TZ=Asia/Shanghai
-
- RUN ln -sf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
-
- ENV JAVA_OPTS="-Xms128m -Xmx256m -Djava.security.egd=file:/dev/./urandom"
-
- WORKDIR /workdir
-
- ADD ./target/*.jar ./app.jar
-
- EXPOSE 9111
-
- CMD ["sh", "-c","java $JAVA_OPTS -jar app.jar"]
2、 docker-deployment.yml
- apiVersion: apps/v1
- kind: Deployment
- metadata:
- name: springbootdemo-pipe
- namespace: test
- spec:
- replicas: 3
- selector:
- matchLabels:
- app: springbootdemo-pipe-pod
- template:
- metadata:
- labels:
- app: springbootdemo-pipe-pod
- spec:
- containers:
- - name: springbootdemo-pipe
- image: 192.168.199.128:5000/harbor/springbootdemo-pipe:v40
- ports:
- - containerPort: 9111
3、 docker-service.yml
- apiVersion: v1
- kind: Service
- metadata:
- name: springbootdemo-pipe
- namespace: test
- spec:
- selector:
- app: springbootdemo-pipe-pod
- type: NodePort
- ports:
- - port: 31111 # Service的端口
- protocol: TCP
- targetPort: 9111 # Pod的端口
- nodePort: 31111
声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/凡人多烦事01/article/detail/245237
推荐阅读
相关标签
