惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

S
Secure Thoughts
罗磊的独立博客
T
The Blog of Author Tim Ferriss
人人都是产品经理
人人都是产品经理
博客园 - 叶小钗
Last Week in AI
Last Week in AI
美团技术团队
Google Online Security Blog
Google Online Security Blog
Application and Cybersecurity Blog
Application and Cybersecurity Blog
D
Docker
G
Google Developers Blog
大猫的无限游戏
大猫的无限游戏
酷 壳 – CoolShell
酷 壳 – CoolShell
小众软件
小众软件
月光博客
月光博客
L
LINUX DO - 最新话题
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
W
WeLiveSecurity
H
Heimdal Security Blog
Vercel News
Vercel News
SecWiki News
SecWiki News
Forbes - Security
Forbes - Security
Blog — PlanetScale
Blog — PlanetScale
Google DeepMind News
Google DeepMind News
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
www.infosecurity-magazine.com
www.infosecurity-magazine.com
TaoSecurity Blog
TaoSecurity Blog
T
Troy Hunt's Blog
A
About on SuperTechFans
C
Check Point Blog
S
Security Affairs
Hacker News - Newest:
Hacker News - Newest: "LLM"
AI
AI
WordPress大学
WordPress大学
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
Help Net Security
Help Net Security
博客园_首页
The Last Watchdog
The Last Watchdog
S
SegmentFault 最新的问题
Hugging Face - Blog
Hugging Face - Blog
Security Archives - TechRepublic
Security Archives - TechRepublic
Engineering at Meta
Engineering at Meta
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
I
Intezer
K
Kaspersky official blog
M
MIT News - Artificial intelligence
J
Java Code Geeks
G
GRAHAM CLULEY
P
Palo Alto Networks Blog

博客园 - NewSea

Linux 安装IntelAx211无线网卡 解决 K8sApi 部署后报 Unknown apiVersionKind apps/v1/Deployment is it registered? Docker 启动前后端脚本 docker 一键启动 mariadb 分区脚本 Spring笔记--@ConditionalOnBean坑 K8s笔记 yapi 自定义Json的数据类型 Nginx笔记 k3s+rancher+harbor 笔记 postgresql 笔记 vscode 笔记 发布Jar包到中央仓库 Java开发笔记汇总 - NewSea - 博客园 css 适配 nui-app 笔记 Java里的不能与无用. SSH 配置 Swagger 配置
ubuntu18+k8s单机版+kuboard+harbor安装笔记
NewSea · 2020-09-17 · via 博客园 - NewSea

准备环境

所有操作切换到 root

sudo -s

禁用 ipv6

sed -i 's/^GRUB_CMDLINE_LINUX=.*/GRUB_CMDLINE_LINUX="ipv6.disable=1"/' /etc/default/grub
update-grub

重启 reboot
执行 ifconfig 检查是否包含 inet6 ,如果没有则没有启用 ipv6

/etc/hosts

127.0.0.1 harbor1

关闭 swap

swapoff -akubeadm token create --ttl 0

sed -i "s/([#].* swap .*$)/#\1/" /etc/fstab

修改 /etc/fstab 并不能禁用 swap , 每次重启,还要运行 swapoff -a ,然后手动重启服务: systemctl restart kubelet。想要重启禁用swap: 打开工具,磁盘,找到Swap分区,编辑挂载选项,取消选中 用户启动挂载,保存,重启即可。

执行 free -h 查看内存是否使用交换空间。

安装 docker , docker-compose

curl -fsSL http://dev8.cn:8000/static/ops/ubuntu-docker.sh | bash

添加k8s源

cat <<EOF >/etc/apt/sources.list.d/docker-k8s.list
deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main
EOF

docker 源,设置 cgroup

cat <<EOF > /etc/docker/daemon.json
{
"exec-opts": ["native.cgroupdriver=systemd"],
"insecure-registries": [
    "localhost:808"
  ],
"registry-mirrors":[
    "https://hub-mirror.c.163.com",
    "https://registry.aliyuncs.com",
    "http://7e61f7f9.m.daocloud.io",
    "https://docker.mirrors.ustc.edu.cn",
    "https://registry.docker-cn.com",
    "https://reg-mirror.qiniu.com"
],
"graph":"/var/lib/docker"
}
EOF
modprobe br_netfilter
lsmod | grep br_netfilter

安装

定义变量

export version=1.13.10

curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add -
apt-get update && apt-get install -y apt-transport-https
apt-get install -y kubeadm=$version* kubectl=$version* kubelet=$version*
systemctl start kubelet
systemctl enable kubelet

拉镜像

docker pull mirrorgooglecontainers/kube-apiserver:v$version
docker pull mirrorgooglecontainers/kube-controller-manager:v$version
docker pull mirrorgooglecontainers/kube-scheduler:v$version
docker pull mirrorgooglecontainers/kube-proxy:v$version
docker pull mirrorgooglecontainers/pause:3.1
docker pull mirrorgooglecontainers/etcd:3.2.24
docker pull coredns/coredns:1.2.6

docker tag mirrorgooglecontainers/kube-apiserver:v$version k8s.gcr.io/kube-apiserver:v$version
docker tag mirrorgooglecontainers/kube-controller-manager:v$version k8s.gcr.io/kube-controller-manager:v$version
docker tag mirrorgooglecontainers/kube-scheduler:v$version k8s.gcr.io/kube-scheduler:v$version
docker tag mirrorgooglecontainers/kube-proxy:v$version k8s.gcr.io/kube-proxy:v$version
docker tag mirrorgooglecontainers/pause:3.1 k8s.gcr.io/pause:3.1
docker tag mirrorgooglecontainers/etcd:3.2.24 k8s.gcr.io/etcd:3.2.24
docker tag coredns/coredns:1.2.6 k8s.gcr.io/coredns:1.2.6

启动

kubeadm init --kubernetes-version=v$version --service-cidr=10.1.0.0/16 --pod-network-cidr=10.244.0.0/16

mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config

初始化

kubectl apply -f https://cloud.weave.works/k8s/net?k8s-version=$(kubectl version | base64 | tr -d '\n')
kubectl taint nodes --all node-role.kubernetes.io/master-

kuboard

kubectl apply -f https://kuboard.cn/install-script/kuboard.yaml

harbor

wget https://github.com/goharbor/harbor/releases/download/v1.10.4/harbor-online-installer-v1.10.4.tgz  -P /opt/docker -N
tar zxvf /opt/docker/harbor-online-installer-v1.10.4.tgz -C /opt/docker
wget $host/ops/harbor.yml -O /opt/docker/harbor/harbor.yml      #配置文件里配置的密码没起作用
/opt/docker/harbor/install.sh

使用

获取 kuboard token

kubectl -n kube-system get secret $(kubectl -n kube-system get secret | grep kuboard-user | awk '{print $1}') -o go-template='{{.data.token}}' | base64 -d

登录kuboard

http://localhost:32567/login

登录 harbor

http://localhost:808

admin
Harbor12345

1. docker login -u admin -p Harbor12345 harbor1:808
2. docker tag 本地镜像:版本   harborIP:harborPort/harbor项目/名称:版本    (格式是必须这样的。)
3. docker push harborIP:harborPort/harbor项目/名称:版本
4. docker pull harborIP:harborPort/harbor项目/名称:版本

完成。

卸载k8s

kubeadm reset -f
rm -rf ~/.kube/
rm -rf /etc/kubernetes/

k8s查看token,discovery-token-ca-cert-hash

https://blog.csdn.net/weixin_43968936/article/details/103688562

openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
kubeadm token list
如果没有,生成一条:
kubeadm token create --ttl 0

kubeadm join 192.168.29.137:6443 --token 5w6qwh.8n0ektfrjdct3ib4 --discovery-token-ca-cert-hash sha256:af9e070ea723dd2281c2ae2414c932832a012d40bc55dc9c747bb00e68602388