目录
- k8s kubeadm在安装 基于arm架构
- 第一章 k8s及中间件安装
- 1.主机名解析
- 2.主机名设置
- 3.禁用iptables和firewalld
- 4. 禁用selinux(linux下的一个安全服务,必须禁用)
- 5.禁用swap分区(主要是注释最后一行)
- 6.修改系统的内核参数
- 7.配置ipvs功能
- 8.安装docker
- 9.安装kubernetes1.23.9
- 10. 集群初始化
- 11. 安装ingress
- 11. 文件存储NAS
- 12. mysql
- 13. nacos安装
- 14. redis安装
- 15. rabbitmq安装
- 16. rocketmq安装
- 17. pgsql 控制台(pgadmin)页面安装
- 18. mysql 控制台(phpmyadmin)页面安装
- 19. redis 控制台(redis-sinsight)页面安装
- 第二章:离线软件包下载
- 第三章:本地仓库配置YUM
- 第一章 k8s及中间件安装
k8s kubeadm在安装 基于arm架构
第一章 k8s及中间件安装
1.主机名解析
- 10.129.148.4 hangkong-k8s-node01
- 10.129.148.5 hangkong-k8s-node02
- 10.129.148.6 hangkong-k8s-node03
- 10.129.148.4 hangkong-k8s.vip.com
2.主机名设置
- echo 'hangkong-k8s-node01' > /etc/hostname
- echo 'hangkong-k8s-node02' > /etc/hostname
- echo 'hangkong-k8s-node03' > /etc/hostname
-
- hostname hangkong-k8s-node01
- hostname hangkong-k8s-node02
- hostname hangkong-k8s-node03
3.禁用iptables和firewalld
- systemctl stop firewalld
- systemctl disable firewalld
- systemctl stop iptables
- systemctl disable iptables
4. 禁用selinux(linux下的一个安全服务,必须禁用)
- vim /etc/selinux/config
- SELINUX=disabled
- setenforce 0
5.禁用swap分区(主要是注释最后一行)
- vim /etc/fstab
- UUID=455cc753-7a60-4c17-a424-7741728c44a1 /boot xfs defaults 0 0
- /dev/mapper/centos-home /home xfs defaults 0 0
- # /dev/mapper/centos-swap swap swap defaults 0 0 //注释这条
6.修改系统的内核参数
- vim /etc/sysctl.conf
-
- 添加以下内容:
- net.bridge.bridge-nf-call-ip6tables = 1
- net.bridge.bridge-nf-call-iptables = 1
- 修改net.ipv4.ip_forward = 1
-
-
- 重新加载配置:
- sysctl -p
-
- 加载网桥过滤模块:
- modprobe br_netfilter
-
- 查看网桥过滤模块是否加载成功:
- lsmod | grep br_netfilter
7.配置ipvs功能
- dnf install ipvsadm
-
- 添加需要加载的模块写入脚本文件:
-
-
- cat <<EOF > /etc/sysconfig/modules/ipvs.modules
-
- #!/bin/bash
- modprobe -- ip_vs
- modprobe -- ip_vs_rr
- modprobe -- ip_vs_wrr
- modprobe -- ip_vs_sh
- modprobe -- nf_conntrack
-
- EOF
-
-
-
- 为脚本文件添加执行权限:
- chmod +x /etc/sysconfig/modules/ipvs.modules
-
- 执行脚本文件:
- /bin/bash /etc/sysconfig/modules/ipvs.modules
-
- 查看对应的模块是否加载成功:
- lsmod | grep -e ip_vs -e nf_conntrack
8.安装docker
- 下载安装包
-
- wget https://download.docker.com/linux/static/stable/aarch64/docker-20.10.19.tgz
- 安装
-
- tar -xzf docker-20.10.19.tgz
- 移动解压后的全部内容到/usr/bin/下
-
- mv docker/* /usr/bin/
-
- 编辑docker.service文件
- vi /usr/lib/systemd/system/docker.service
- [Unit]
-
- Description=Docker Application Container Engine
- Documentation=https://docs.docker.com
- After=network-online.target firewalld.service
- Wants=network-online.target
-
- [Service]
- Type=notify
- ExecStart=/usr/bin/dockerd
- ExecReload=/bin/kill -s HUP $MAINPID
- LimitNOFILE=infinity
- LimitNPROC=infinity
- TimeoutStartSec=0
- Delegate=yes
- KillMode=process
- Restart=on-failure
- StartLimitBurst=3
- StartLimitInterval=60s
-
- [Install]
- WantedBy=multi-user.target
-
-
- 添加docker.service文件的权限
-
- chmod +x /usr/lib/systemd/system/docker.service
- systemctl daemon-reload
-
- 创建daemon.json文件
- mkdir /etc/docker
- vim daemon.json
-
- {
- "live-restore": true,
- "exec-opts": ["native.cgroupdriver=systemd"],
- "log-driver": "json-file",
- "graph":"/data/docker/graph",
- "registry-mirrors": ["https://v16stybc.mirror.aliyuncs.com"],
- "insecure-registries": ["192.168.8.73:18888","uat-harbor.bigfintax.com"],
- "log-opts": {
- "max-size": "100m"
- },
- "storage-driver": "overlay2",
- "storage-opts": [
- "overlay2.override_kernel_check=true"
- ]
- }
-
-
-
-
-
- reload内容、启动docker、设置开机启动
- systemctl daemon-reload
- systemctl start docker
- systemctl enable docker
-
-
- 验证docker安装是否成功
- docker -v &&. docker info
9.安装kubernetes1.23.9
- [root@hangkong-k8s-node02 kubernetes]# pwd
- /root/package/kubernetes
- [root@hangkong-k8s-node02 kubernetes]#
- [root@hangkong-k8s-node02 kubernetes]# ls -l
- total 68408
- -rw-r--r-- 1 root root 9014454 May 10 13:54 3f5ba2b53701ac9102ea7c7ab2ca6616a8cd5966591a77577585fde1c434ef74-cri-tools-1.26.0-0.x86_64.rpm
- -rw-r--r-- 1 root root 9921370 May 10 13:54 49658d033fddfa48e1345c21498197642b376412bfa4ba72ce36eb3f360f81d7-kubectl-1.23.9-0.x86_64.rpm
- -rw-r--r-- 1 root root 9476670 May 10 13:54 4f2cd27ecd6913e34408df70f465a104feb1fbe1f73c8d828ce5bd0ab9c37c3c-kubeadm-1.23.9-0.x86_64.rpm
- -rw-r--r-- 1 root root 208824 May 10 13:53 conntrack-tools-1.4.4-10.el8.x86_64.rpm
- -rw-r--r-- 1 root root 21510866 May 10 13:56 d3abccc1e93912e877085abf9e1daa3e2b3b2bb360df93eb6411510e81c9399c-kubelet-1.23.9-0.x86_64.rpm
- -rw-r--r-- 1 root root 19487362 May 10 13:57 db7cb5cb0b3f6875f54d10f02e625573988e3e91fd4fc5eef0b1876bb18604ad-kubernetes-cni-0.8.7-0.x86_64.rpm
- -rw-r--r-- 1 root root 24660 May 10 13:53 libnetfilter_cthelper-1.0.0-15.el8.x86_64.rpm
- -rw-r--r-- 1 root root 24700 May 10 13:53 libnetfilter_cttimeout-1.0.0-11.el8.x86_64.rpm
- -rw-r--r-- 1 root root 31976 May 10 13:53 libnetfilter_queue-1.0.4-3.el8.x86_64.rpm
- -rw-r--r-- 1 root root 330692 May 10 13:53 socat-1.7.4.1-1.el8.x86_64.rpm
- [root@hangkong-k8s-node02 kubernetes]#
- [root@hangkong-k8s-node02 kubernetes]# yum localinstall *^C
- [root@hangkong-k8s-node02 kubernetes]#
- [root@hangkong-k8s-node02 kubernetes]# rpm -qa|grep kube
- kubectl-1.23.9-0.x86_64
- kubelet-1.23.9-0.x86_64
- kubernetes-cni-0.8.7-0.x86_64
- kubeadm-1.23.9-0.x86_64
10. 集群初始化
- kubeadm init --control-plane-endpoint hangkong-k8s.vip.com:6443 --image-repository registry.aliyuncs.com/google_containers --service-cidr=10.96.0.0/16 --pod-network-cidr=10.244.0.0/16 --kubernetes-version=1.23.9 --upload-certs
-
-
-
- master可以调度
-
- kubectl taint node hangkong-k8s-node01 node-role.kubernetes.io/master-
11. 安装ingress
编辑ingress的 yaml
- apiVersion: v1
- kind: Namespace
- metadata:
- name: ingress-nginx
- labels:
- app.kubernetes.io/name: ingress-nginx
- app.kubernetes.io/instance: ingress-nginx
-
- ---
- # Source: ingress-nginx/templates/controller-serviceaccount.yaml
- apiVersion: v1
- kind: ServiceAccount
- metadata:
- labels:
- helm.sh/chart: ingress-nginx-4.0.15
- app.kubernetes.io/name: ingress-nginx
- app.kubernetes.io/instance: ingress-nginx
- app.kubernetes.io/version: 1.1.1
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: controller
- name: ingress-nginx
- namespace: ingress-nginx
- automountServiceAccountToken: true
- ---
- # Source: ingress-nginx/templates/controller-configmap.yaml
- apiVersion: v1
- kind: ConfigMap
- metadata:
- labels:
- helm.sh/chart: ingress-nginx-4.0.15
- app.kubernetes.io/name: ingress-nginx
- app.kubernetes.io/instance: ingress-nginx
- app.kubernetes.io/version: 1.1.1
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: controller
- name: ingress-nginx-controller
- namespace: ingress-nginx
- data:
- allow-snippet-annotations: 'true'
- ---
- # Source: ingress-nginx/templates/clusterrole.yaml
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRole
- metadata:
- labels:
- helm.sh/chart: ingress-nginx-4.0.15
- app.kubernetes.io/name: ingress-nginx
- app.kubernetes.io/instance: ingress-nginx
- app.kubernetes.io/version: 1.1.1
- app.kubernetes.io/managed-by: Helm
- name: ingress-nginx
- rules:
- - apiGroups:
- - ''
- resources:
- - configmaps
- - endpoints
- - nodes
- - pods
- - secrets
- - namespaces
- verbs:
- - list
- - watch
- - apiGroups:
- - ''
- resources:
- - nodes
- verbs:
- - get
- - apiGroups:
- - ''
- resources:
- - services
- verbs:
- - get
- - list
- - watch
- - apiGroups:
- - networking.k8s.io
- resources:
- - ingresses
- verbs:
- - get
- - list
- - watch
- - apiGroups:
- - ''
- resources:
- - events
- verbs:
- - create
- - patch
- - apiGroups:
- - networking.k8s.io
- resources:
- - ingresses/status
- verbs:
- - update
- - apiGroups:
- - networking.k8s.io
- resources:
- - ingressclasses
- verbs:
- - get
- - list
- - watch
- ---
- # Source: ingress-nginx/templates/clusterrolebinding.yaml
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRoleBinding
- metadata:
- labels:
- helm.sh/chart: ingress-nginx-4.0.15
- app.kubernetes.io/name: ingress-nginx
- app.kubernetes.io/instance: ingress-nginx
- app.kubernetes.io/version: 1.1.1
- app.kubernetes.io/managed-by: Helm
- name: ingress-nginx
- roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: ingress-nginx
- subjects:
- - kind: ServiceAccount
- name: ingress-nginx
- namespace: ingress-nginx
- ---
- # Source: ingress-nginx/templates/controller-role.yaml
- apiVersion: rbac.authorization.k8s.io/v1
- kind: Role
- metadata:
- labels:
- helm.sh/chart: ingress-nginx-4.0.15
- app.kubernetes.io/name: ingress-nginx
- app.kubernetes.io/instance: ingress-nginx
- app.kubernetes.io/version: 1.1.1
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: controller
- name: ingress-nginx
- namespace: ingress-nginx
- rules:
- - apiGroups:
- - ''
- resources:
- - namespaces
- verbs:
- - get
- - apiGroups:
- - ''
- resources:
- - configmaps
- - pods
- - secrets
- - endpoints
- verbs:
- - get
- - list
- - watch
- - apiGroups:
- - ''
- resources:
- - services
- verbs:
- - get
- - list
- - watch
- - apiGroups:
- - networking.k8s.io
- resources:
- - ingresses
- verbs:
- - get
- - list
- - watch
- - apiGroups:
- - networking.k8s.io
- resources:
- - ingresses/status
- verbs:
- - update
- - apiGroups:
- - networking.k8s.io
- resources:
- - ingressclasses
- verbs:
- - get
- - list
- - watch
- - apiGroups:
- - ''
- resources:
- - configmaps
- resourceNames:
- - ingress-controller-leader
- verbs:
- - get
- - update
- - apiGroups:
- - ''
- resources:
- - configmaps
- verbs:
- - create
- - apiGroups:
- - ''
- resources:
- - events
- verbs:
- - create
- - patch
- ---
- # Source: ingress-nginx/templates/controller-rolebinding.yaml
- apiVersion: rbac.authorization.k8s.io/v1
- kind: RoleBinding
- metadata:
- labels:
- helm.sh/chart: ingress-nginx-4.0.15
- app.kubernetes.io/name: ingress-nginx
- app.kubernetes.io/instance: ingress-nginx
- app.kubernetes.io/version: 1.1.1
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: controller
- name: ingress-nginx
- namespace: ingress-nginx
- roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: Role
- name: ingress-nginx
- subjects:
- - kind: ServiceAccount
- name: ingress-nginx
- namespace: ingress-nginx
- ---
- # Source: ingress-nginx/templates/controller-service-webhook.yaml
- apiVersion: v1
- kind: Service
- metadata:
- labels:
- helm.sh/chart: ingress-nginx-4.0.15
- app.kubernetes.io/name: ingress-nginx
- app.kubernetes.io/instance: ingress-nginx
- app.kubernetes.io/version: 1.1.1
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: controller
- name: ingress-nginx-controller-admission
- namespace: ingress-nginx
- spec:
- type: ClusterIP
- ports:
- - name: https-webhook
- port: 443
- targetPort: webhook
- appProtocol: https
- selector:
- app.kubernetes.io/name: ingress-nginx
- app.kubernetes.io/instance: ingress-nginx
- app.kubernetes.io/component: controller
- ---
- # Source: ingress-nginx/templates/controller-service.yaml
- apiVersion: v1
- kind: Service
- metadata:
- annotations:
- labels:
- helm.sh/chart: ingress-nginx-4.0.15
- app.kubernetes.io/name: ingress-nginx
- app.kubernetes.io/instance: ingress-nginx
- app.kubernetes.io/version: 1.1.1
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: controller
- name: ingress-nginx-controller
- namespace: ingress-nginx
- spec:
- type: LoadBalancer
- externalTrafficPolicy: Local
- ipFamilyPolicy: SingleStack
- ipFamilies:
- - IPv4
- ports:
- - name: http
- port: 80
- protocol: TCP
- targetPort: http
- appProtocol: http
- - name: https
- port: 443
- protocol: TCP
- targetPort: https
- appProtocol: https
- selector:
- app.kubernetes.io/name: ingress-nginx
- app.kubernetes.io/instance: ingress-nginx
- app.kubernetes.io/component: controller
- ---
- # Source: ingress-nginx/templates/controller-deployment.yaml
- apiVersion: apps/v1
- kind: Deployment
- metadata:
- labels:
- helm.sh/chart: ingress-nginx-4.0.15
- app.kubernetes.io/name: ingress-nginx
- app.kubernetes.io/instance: ingress-nginx
- app.kubernetes.io/version: 1.1.1
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: controller
- name: ingress-nginx-controller
- namespace: ingress-nginx
- spec:
- replicas: 3
- selector:
- matchLabels:
- app.kubernetes.io/name: ingress-nginx
- app.kubernetes.io/instance: ingress-nginx
- app.kubernetes.io/component: controller
- revisionHistoryLimit: 10
- minReadySeconds: 0
- template:
- metadata:
- labels:
- app.kubernetes.io/name: ingress-nginx
- app.kubernetes.io/instance: ingress-nginx
- app.kubernetes.io/component: controller
- spec:
- dnsPolicy: ClusterFirst
- containers:
- - name: controller
- #image: registry.baidubce.com/k8s.gcr.io/ingress-nginx/controller:v1.1.0
- image: aaa.big.com/ingress-nginx-arm/ingress-nginx-controller:v1.1.1
- imagePullPolicy: IfNotPresent
- lifecycle:
- preStop:
- exec:
- command:
- - /wait-shutdown
- args:
- - /nginx-ingress-controller
- - --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller
- - --election-id=ingress-controller-leader
- - --controller-class=k8s.io/ingress-nginx
- - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller
- - --validating-webhook=:8443
- - --validating-webhook-certificate=/usr/local/certificates/cert
- - --validating-webhook-key=/usr/local/certificates/key
- securityContext:
- capabilities:
- drop:
- - ALL
- add:
- - NET_BIND_SERVICE
- runAsUser: 101
- allowPrivilegeEscalation: true
- env:
- - name: POD_NAME
- valueFrom:
- fieldRef:
- fieldPath: metadata.name
- - name: POD_NAMESPACE
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
- - name: LD_PRELOAD
- value: /usr/local/lib/libmimalloc.so
- livenessProbe:
- failureThreshold: 5
- httpGet:
- path: /healthz
- port: 10254
- scheme: HTTP
- initialDelaySeconds: 10
- periodSeconds: 10
- successThreshold: 1
- timeoutSeconds: 1
- readinessProbe:
- failureThreshold: 3
- httpGet:
- path: /healthz
- port: 10254
- scheme: HTTP
- initialDelaySeconds: 10
- periodSeconds: 10
- successThreshold: 1
- timeoutSeconds: 1
- ports:
- - name: http
- containerPort: 80
- hostPort: 80
- protocol: TCP
- - name: https
- containerPort: 443
- hostPort: 443
- protocol: TCP
- - name: webhook
- containerPort: 8443
- protocol: TCP
- volumeMounts:
- - name: webhook-cert
- mountPath: /usr/local/certificates/
- readOnly: true
- resources:
- requests:
- cpu: 100m
- memory: 90Mi
- nodeSelector:
- kubernetes.io/os: linux
- serviceAccountName: ingress-nginx
- terminationGracePeriodSeconds: 300
- volumes:
- - name: webhook-cert
- secret:
- secretName: ingress-nginx-admission
- ---
- # Source: ingress-nginx/templates/controller-ingressclass.yaml
- # We don't support namespaced ingressClass yet
- # So a ClusterRole and a ClusterRoleBinding is required
- apiVersion: networking.k8s.io/v1
- kind: IngressClass
- metadata:
- labels:
- helm.sh/chart: ingress-nginx-4.0.15
- app.kubernetes.io/name: ingress-nginx
- app.kubernetes.io/instance: ingress-nginx
- app.kubernetes.io/version: 1.1.1
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: controller
- name: nginx
- namespace: ingress-nginx
- spec:
- controller: k8s.io/ingress-nginx
- ---
- # Source: ingress-nginx/templates/admission-webhooks/validating-webhook.yaml
- # before changing this value, check the required kubernetes version
- # https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#prerequisites
- apiVersion: admissionregistration.k8s.io/v1
- kind: ValidatingWebhookConfiguration
- metadata:
- labels:
- helm.sh/chart: ingress-nginx-4.0.15
- app.kubernetes.io/name: ingress-nginx
- app.kubernetes.io/instance: ingress-nginx
- app.kubernetes.io/version: 1.1.1
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: admission-webhook
- name: ingress-nginx-admission
- webhooks:
- - name: validate.nginx.ingress.kubernetes.io
- matchPolicy: Equivalent
- rules:
- - apiGroups:
- - networking.k8s.io
- apiVersions:
- - v1
- operations:
- - CREATE
- - UPDATE
- resources:
- - ingresses
- failurePolicy: Fail
- sideEffects: None
- admissionReviewVersions:
- - v1
- clientConfig:
- service:
- namespace: ingress-nginx
- name: ingress-nginx-controller-admission
- path: /networking/v1/ingresses
- ---
- # Source: ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml
- apiVersion: v1
- kind: ServiceAccount
- metadata:
- name: ingress-nginx-admission
- namespace: ingress-nginx
- annotations:
- helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
- helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
- labels:
- helm.sh/chart: ingress-nginx-4.0.15
- app.kubernetes.io/name: ingress-nginx
- app.kubernetes.io/instance: ingress-nginx
- app.kubernetes.io/version: 1.1.1
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: admission-webhook
- ---
- # Source: ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRole
- metadata:
- name: ingress-nginx-admission
- annotations:
- helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
- helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
- labels:
- helm.sh/chart: ingress-nginx-4.0.15
- app.kubernetes.io/name: ingress-nginx
- app.kubernetes.io/instance: ingress-nginx
- app.kubernetes.io/version: 1.1.1
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: admission-webhook
- rules:
- - apiGroups:
- - admissionregistration.k8s.io
- resources:
- - validatingwebhookconfigurations
- verbs:
- - get
- - update
- ---
- # Source: ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRoleBinding
- metadata:
- name: ingress-nginx-admission
- annotations:
- helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
- helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
- labels:
- helm.sh/chart: ingress-nginx-4.0.15
- app.kubernetes.io/name: ingress-nginx
- app.kubernetes.io/instance: ingress-nginx
- app.kubernetes.io/version: 1.1.1
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: admission-webhook
- roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: ingress-nginx-admission
- subjects:
- - kind: ServiceAccount
- name: ingress-nginx-admission
- namespace: ingress-nginx
- ---
- # Source: ingress-nginx/templates/admission-webhooks/job-patch/role.yaml
- apiVersion: rbac.authorization.k8s.io/v1
- kind: Role
- metadata:
- name: ingress-nginx-admission
- namespace: ingress-nginx
- annotations:
- helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
- helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
- labels:
- helm.sh/chart: ingress-nginx-4.0.15
- app.kubernetes.io/name: ingress-nginx
- app.kubernetes.io/instance: ingress-nginx
- app.kubernetes.io/version: 1.1.1
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: admission-webhook
- rules:
- - apiGroups:
- - ''
- resources:
- - secrets
- verbs:
- - get
- - create
- ---
- # Source: ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml
- apiVersion: rbac.authorization.k8s.io/v1
- kind: RoleBinding
- metadata:
- name: ingress-nginx-admission
- namespace: ingress-nginx
- annotations:
- helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
- helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
- labels:
- helm.sh/chart: ingress-nginx-4.0.15
- app.kubernetes.io/name: ingress-nginx
- app.kubernetes.io/instance: ingress-nginx
- app.kubernetes.io/version: 1.1.1
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: admission-webhook
- roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: Role
- name: ingress-nginx-admission
- subjects:
- - kind: ServiceAccount
- name: ingress-nginx-admission
- namespace: ingress-nginx
- ---
- # Source: ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml
- apiVersion: batch/v1
- kind: Job
- metadata:
- name: ingress-nginx-admission-create
- namespace: ingress-nginx
- annotations:
- helm.sh/hook: pre-install,pre-upgrade
- helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
- labels:
- helm.sh/chart: ingress-nginx-4.0.15
- app.kubernetes.io/name: ingress-nginx
- app.kubernetes.io/instance: ingress-nginx
- app.kubernetes.io/version: 1.1.1
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: admission-webhook
- spec:
- template:
- metadata:
- name: ingress-nginx-admission-create
- labels:
- helm.sh/chart: ingress-nginx-4.0.15
- app.kubernetes.io/name: ingress-nginx
- app.kubernetes.io/instance: ingress-nginx
- app.kubernetes.io/version: 1.1.1
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: admission-webhook
- spec:
- containers:
- - name: create
- image: aaa.big.com/ingress-nginx-arm/kube-webhook-certgen:v1.1.1
- imagePullPolicy: IfNotPresent
- args:
- - create
- - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc
- - --namespace=$(POD_NAMESPACE)
- - --secret-name=ingress-nginx-admission
- env:
- - name: POD_NAMESPACE
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
- securityContext:
- allowPrivilegeEscalation: false
- restartPolicy: OnFailure
- serviceAccountName: ingress-nginx-admission
- nodeSelector:
- kubernetes.io/os: linux
- securityContext:
- runAsNonRoot: true
- runAsUser: 2000
- ---
- # Source: ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml
- apiVersion: batch/v1
- kind: Job
- metadata:
- name: ingress-nginx-admission-patch
- namespace: ingress-nginx
- annotations:
- helm.sh/hook: post-install,post-upgrade
- helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
- labels:
- helm.sh/chart: ingress-nginx-4.0.15
- app.kubernetes.io/name: ingress-nginx
- app.kubernetes.io/instance: ingress-nginx
- app.kubernetes.io/version: 1.1.1
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: admission-webhook
- spec:
- template:
- metadata:
- name: ingress-nginx-admission-patch
- labels:
- helm.sh/chart: ingress-nginx-4.0.15
- app.kubernetes.io/name: ingress-nginx
- app.kubernetes.io/instance: ingress-nginx
- app.kubernetes.io/version: 1.1.1
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: admission-webhook
- spec:
- containers:
- - name: patch
- image: aaa.big.com/ingress-nginx-arm/kube-webhook-certgen:v1.1.1
- imagePullPolicy: IfNotPresent
- args:
- - patch
- - --webhook-name=ingress-nginx-admission
- - --namespace=$(POD_NAMESPACE)
- - --patch-mutating=false
- - --secret-name=ingress-nginx-admission
- - --patch-failure-policy=Fail
- env:
- - name: POD_NAMESPACE
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
- securityContext:
- allowPrivilegeEscalation: false
- restartPolicy: OnFailure
- serviceAccountName: ingress-nginx-admission
- nodeSelector:
- kubernetes.io/os: linux
- securityContext:
- runAsNonRoot: true
- runAsUser: 2000
- # 镜像地址改为,这里是我们公司的harbor地址,镜像我们自己可以去dockerhub上搜 ingress-nginx-controller:v1.1.1 就可以,我们这个也是从官网拉下来没改直接推到harbor上的
- - image:aaa.com/ingress-nginx-arm/ingress-nginx-controller:v1.1.1
- aaa.bigfintax.com/ingress-nginx-arm/kube-webhook-certgen:v1.1.1 #修改两次
- #安装ingress
- kubectl apply -f ingress-deploy.yaml
到这里,k8s已经安装完成了,下面是我们其他中间件的安装,请忽略。
11. 文件存储NAS
- dnf -y install
- nfs-utils-2.5.1-5.ky10.x86_64
- nfs-utils-help-2.5.1-5.ky10.x86_6
-
- 创建目录:mkdir /data/nfs/cge/
- mkdir /data/nfs/cbest/
- mkdir /data/nfs/package/
-
- vim /etc/exports
- /data/nfs/cge/ *(insecure,rw,sync,no_root_squash,no_subtree_check)
- /data/nfs/cbest/ *(insecure,rw,sync,no_root_squash,no_subtree_check)
- /data/nfs/package *(insecure,rw,sync,no_root_squash,no_subtree_check)
-
-
- 如果/etc/exports文件被修改,我们需要运行下面的命令使之生效。exportfs -ra
- 启动rpcbind服务
- sudo systemctl enable rpcbind
- sudo systemctl restart rpcbind
-
- 启动nfs服务
- sudo systemctl enable nfs-server
- sudo systemctl start nfs-server
12. mysql
- # 镜像地址改为
- - image: aaa.big.com/store-arm/mysql:5.7.43 #镜像tag修改
-
- # 给node节点添加标签
- kubectl label node zhongliang-k8s-node1 mysql=
- #创建挂载目录及授权
- mkdir /data/mysql
- chown -R 1001 /data/mysql/
- #修改 02-mysql-dep.yaml
- volumeMounts:
- - name: mysql-data
- mountPath: /bitnami/mysql/data #pod内的数据挂载到该目录
- - name: localtime # 新增
- mountPath: /etc/localtime # 新增 挂载本地时间到pod
- readOnly: true # 新增
- volumes:
- - hostPath:
- path: /data/mysql # 外挂持久化到本地
- type: "DirectoryOrCreate"
- name: mysql-data
- - name: localtime # 新增 挂载本地时间到pod内
- hostPath:
- path: /etc/localtime
-
-
- # 挂载到 /data/mysql后,mysql没有权限写入,可以先挂载到一个临时权限较高的目录,查看文件的属主,然后修改外面/data/mysql的属主, chown -R 1001 /data/mysql
- kubectl apply -f 01-mysql-svc.yaml
- kubectl apply -f 02-mysql-dep.yaml
13. nacos安装
- # 镜像地址改为
- - image: aaa.big.com/store-arm/nacos:1.4.2
- # 获取mysql的pod
- kubectl get pods -n store | grep mysql
- # 将sql导入mysql
- bash 05-nacos-mysql-import.sh mysql-64846d7d58-f47pg
- # 登陆mysql的pod查看数据是否导入成功
- kubectl exec -it MYSQLPOD -n store bash
- mysql -uroot -pMhxzKhl@123 -e "show databases;"
-
- # 给node节点添加标签
- kubectl label node zhongliang-k8s-node3 nacos=
-
- # 创建无头服务和nodeport
- kubectl apply -f 01-nacos-cluster.yml
- # 创建confimap 配置文件
- kubectl apply -f 02-nacos-configmap.yaml
- # 创建pod
- kubectl apply -f 03-nacos-deployment.yml
- # 修改ingress
- - host: "nacos.cofco.com" #修改域名
- # 创建ingress
- kubectl apply -f 04-nacos-ingress.yaml
-
- # 查看日志是否正常
- kubectl logs -f nacos-0 -n store
14. redis安装
- # 03-redis-master-sts.yaml 镜像地址改为
- - image: aaa.big.com/store-arm/redis:4.0.14
- # 07-create-redis-cluster.yaml 镜像地址改为
- - image: aaa.big.com/store-arm/redis:6.0
-
- # 给node节点添加标签
- kubectl label node zhongliang-k8s-node1 redis-cluster=
- kubectl label node zhongliang-k8s-node2 redis-cluster=
- kubectl label node zhongliang-k8s-node3 redis-cluster=
-
- # 部署完成后,登陆redis6的pod,通过redis6自带的cli,将另外启动的6个pod做成cluster集群 (下面地址需要替换成实际的ip地址)
- # 查看6个端口IP
- kubectl get pods -A -o wide | grep redis
- redis-cli --cluster create 192.168.210.108:6379 192.168.210.250:6379 192.168.210.170:6379 192.168.210.108:7379 192.168.210.250:7379 192.168.210.170:7379 --cluster-replicas 1
-
- # 登陆redis6的pod验证
- kubectl exec -it redis-6b4bbf7bd8-dv5zf -n store bash
- redis-cli -h 192.168.210.250 -c # 登陆redis cluster集群
- cluster info # 执行命令查看集群信息
- cluster nodes # 执行命令查看主从节点
-
- #验证没问题后删除这个单点的redis6
- kubectl delete -f 07-create-redis-cluster.yaml
15. rabbitmq安装
- # 03-ss.yaml 镜像地址改为
- - image: aaa.big.com/store-arm/rabbitmq:3.8
-
- # 给node节点添加标签
- kubectl label node zhongliang-k8s-node1 rabbitmq=
- kubectl label node zhongliang-k8s-node2 rabbitmq=
- kubectl label node zhongliang-k8s-node3 rabbitmq=
-
- # 创建rbac
- kubectl apply -f 00-rabc.yaml
- # 创建配置文件
- kubectl apply -f 01-cm.yaml
- # 创建svc
- kubectl apply -f 02-svc.yaml
- # 创建deployment
- kubectl apply -f 03-ss.yaml
- # 修改ingress
- - host: "rabbitmq.cofco.com" #修改域名
- # 创建ingress
- kubectl apply -f 04-ingress.yaml
-
- # 查看日志
- kubectl logs -f rabbitmq-0 -n store
- kubectl logs -f rabbitmq-1 -n store
16. rocketmq安装
- # 02-rocketmq-namesrv-prod.yaml 镜像地址改为
- - image: aaa.big.com/store-arm/rocketmq-namesrv:4.5.1_centos8
- # 04-rocketmq-broker-master-prod.yaml 镜像地址改为
- - image: aaa.big.com/store-arm/rocketmq-broker:4.5.1_centos8
-
- # 给node节点添加标签
- kubectl label node zhongliang-k8s-node1 node-role.kubernetes.io/rocketmq="true"
- kubectl label node zhongliang-k8s-node2 node-role.kubernetes.io/rocketmq-master: "true"
-
- # 创建namesrv的pod
- kubectl apply -f 02-rocketmq-namesrv-prod.yaml
- # 创建svc服务发现
- kubectl apply -f 03-rocketmq-broker-master-svc.yaml
- # 创建broker的pod
- kubectl apply -f 04-rocketmq-broker-master-prod.yaml
- # 创建console控制台
- kubectl apply -f 07-rocketmq-console-ng-prod-ingress.yaml
- # 修改ingress
- - host: "rocketmq.cofco.com" #修改域名
- #创建ingress
- kubectl apply -f 07-rocketmq-console-ng-prod-ingress.yaml
- # 当broker需要创建slave备份节点的时候才会执行
- 05-rocketmq-broker-slave-svc.yaml
- 06-rocketmq-broker-slave-prod.yaml
-
-
- # 验证
- kubectl logs -f rocketmq-broker-master-0 -n store
- kubectl logs -f namesrv-0 -n store
17. pgsql 控制台(pgadmin)页面安装
- # 02-pgadmin-dep.yaml 镜像地址改为
- - image: aaa.big.com/tool-arm/pgadmin4:8.6
- # 03-pgadmin-ingress.yaml 修改域名地址
- - host: "pgadmin.cofco.com" # 这里是示例,需要修改双引号内部分
- # 通过kubectl创建svc,pod,ingress
- kubectl apply ...
- # 验证 ,修改本地的host文件,
- 123.249.91.174 pgadmin.cofco.com # 123.249.91.174为公网地址,修改完成后浏览器访问pgadmin.cofco.com测试
18. mysql 控制台(phpmyadmin)页面安装
- # 02-phpmyadmin-dep.yaml 镜像地址改为
- - image: aaa.big.com/tool-arm/phpmyadmin:latest
- # 03-phpmyadmin-ingress.yaml 修改域名地址
- - host: "phpadmin.cofco.com" # 这里是示例,需要修改双引号内部分
- # 通过kubectl创建svc,pod,ingress
- kubectl apply ...
- # 验证 ,修改本地的host文件,
- 123.249.91.174 phpadmin.cofco.com # 123.249.91.174为公网地址,修改完成后浏览器访问 phpadmin.cofco.com 测试
19. redis 控制台(redis-sinsight)页面安装
- # 01-redis-sinsight-dep.yaml 镜像地址改为
- - image: aaa.big.com/tool-arm/redisinsight:1.13.1
- # 03-redis-sinsight-ingress.yaml 修改域名地址
- - host: "redisinsight.cofco.com" # 这里是示例,需要修改双引号内部分
- # 通过kubectl创建svc,pod,ingress
- kubectl apply ...
- # 验证 ,修改本地的host文件,
- 123.249.91.174 redisinsight.cofco.com # 123.249.91.174为公网地址,修改完成后浏览器访问redisinsight.cofco.com测试
第二章:离线软件包下载
使用repotrack下载指定rpm包及其全量依赖
先添加kubernetes.repo
- vim /etc/yum.repos.d/kubernetes.repo
-
- [kubernetes]
- name=Kubernetes
- baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-aarch64
- enabled=1
- gpgcheck=0
- repo_gpgcheck=0
- gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
-
- kylin sp1验证
-
- dnf -y install kubeadm-1.23.9-0 kubernetes-cni-0.8.7 kubelet-1.23.9-0 kubectl-1.23.9-0 kubernetes-cni-0.8.7-0 --downloadonly --destdir=/root/package/kubernetes/
-
- 安装软件包
-
- cd /root/package/kubernetes/
-
- yum localinstall *.rpm -y
第三章:本地仓库配置YUM
- 创建一个新的目录来存储你的RPM包:
- mkdir /path/to/myrepo
-
- 将你的RPM包复制到这个目录中。
-
- 安装createrepo工具,如果尚未安装
- yum install createrepo
-
- 运行createrepo来创建仓库元数据:
- createrepo /path/to/myrepo/
-
- 创建一个新的repo文件,在/etc/yum.repos.d/目录下:
- vi /etc/yum.repos.d/myrepo.repo
-
- 在myrepo.repo文件中添加以下内容
- [myrepo]
- name=My Local Repository
- baseurl=file:///path/to/myrepo/
- enabled=1
- gpgcheck=0
-
- yum命令来安装、更新或者搜索仓库中的包
- yum install package-name
