惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
腾讯CDC
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
L
LINUX DO - 热门话题
D
Darknet – Hacking Tools, Hacker News & Cyber Security
Project Zero
Project Zero
V
Vulnerabilities – Threatpost
Cisco Talos Blog
Cisco Talos Blog
P
Palo Alto Networks Blog
C
Cisco Blogs
A
Arctic Wolf
月光博客
月光博客
The GitHub Blog
The GitHub Blog
T
The Blog of Author Tim Ferriss
量子位
小众软件
小众软件
Latest news
Latest news
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
Microsoft Security Blog
Microsoft Security Blog
T
The Exploit Database - CXSecurity.com
Security Latest
Security Latest
N
Netflix TechBlog - Medium
K
Kaspersky official blog
人人都是产品经理
人人都是产品经理
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
博客园_首页
Y
Y Combinator Blog
P
Proofpoint News Feed
H
Hackread – Cybersecurity News, Data Breaches, AI and More
M
MIT News - Artificial intelligence
T
Threat Research - Cisco Blogs
S
Schneier on Security
D
Docker
Scott Helme
Scott Helme
MyScale Blog
MyScale Blog
Spread Privacy
Spread Privacy
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
GbyAI
GbyAI
有赞技术团队
有赞技术团队
Google DeepMind News
Google DeepMind News
The Hacker News
The Hacker News
H
Help Net Security
Simon Willison's Weblog
Simon Willison's Weblog
J
Java Code Geeks
C
Cyber Attacks, Cyber Crime and Cyber Security
T
Tenable Blog
B
Blog
Know Your Adversary
Know Your Adversary
IT之家
IT之家

博客园 - NewSea

Linux 安装IntelAx211无线网卡 解决 K8sApi 部署后报 Unknown apiVersionKind apps/v1/Deployment is it registered? Docker 启动前后端脚本 docker 一键启动 mariadb 分区脚本 Spring笔记--@ConditionalOnBean坑 K8s笔记 yapi 自定义Json的数据类型 Nginx笔记 k3s+rancher+harbor 笔记 postgresql 笔记 vscode 笔记 发布Jar包到中央仓库 Java开发笔记汇总 - NewSea - 博客园 css 适配 nui-app 笔记 Java里的不能与无用. SSH 配置 Swagger 配置
ubuntu18+k8s单机版+kuboard+harbor安装笔记
NewSea · 2020-09-17 · via 博客园 - NewSea

准备环境

所有操作切换到 root

sudo -s

禁用 ipv6

sed -i 's/^GRUB_CMDLINE_LINUX=.*/GRUB_CMDLINE_LINUX="ipv6.disable=1"/' /etc/default/grub
update-grub

重启 reboot
执行 ifconfig 检查是否包含 inet6 ,如果没有则没有启用 ipv6

/etc/hosts

127.0.0.1 harbor1

关闭 swap

swapoff -akubeadm token create --ttl 0

sed -i "s/([#].* swap .*$)/#\1/" /etc/fstab

修改 /etc/fstab 并不能禁用 swap , 每次重启,还要运行 swapoff -a ,然后手动重启服务: systemctl restart kubelet。想要重启禁用swap: 打开工具,磁盘,找到Swap分区,编辑挂载选项,取消选中 用户启动挂载,保存,重启即可。

执行 free -h 查看内存是否使用交换空间。

安装 docker , docker-compose

curl -fsSL http://dev8.cn:8000/static/ops/ubuntu-docker.sh | bash

添加k8s源

cat <<EOF >/etc/apt/sources.list.d/docker-k8s.list
deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main
EOF

docker 源,设置 cgroup

cat <<EOF > /etc/docker/daemon.json
{
"exec-opts": ["native.cgroupdriver=systemd"],
"insecure-registries": [
    "localhost:808"
  ],
"registry-mirrors":[
    "https://hub-mirror.c.163.com",
    "https://registry.aliyuncs.com",
    "http://7e61f7f9.m.daocloud.io",
    "https://docker.mirrors.ustc.edu.cn",
    "https://registry.docker-cn.com",
    "https://reg-mirror.qiniu.com"
],
"graph":"/var/lib/docker"
}
EOF
modprobe br_netfilter
lsmod | grep br_netfilter

安装

定义变量

export version=1.13.10

curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add -
apt-get update && apt-get install -y apt-transport-https
apt-get install -y kubeadm=$version* kubectl=$version* kubelet=$version*
systemctl start kubelet
systemctl enable kubelet

拉镜像

docker pull mirrorgooglecontainers/kube-apiserver:v$version
docker pull mirrorgooglecontainers/kube-controller-manager:v$version
docker pull mirrorgooglecontainers/kube-scheduler:v$version
docker pull mirrorgooglecontainers/kube-proxy:v$version
docker pull mirrorgooglecontainers/pause:3.1
docker pull mirrorgooglecontainers/etcd:3.2.24
docker pull coredns/coredns:1.2.6

docker tag mirrorgooglecontainers/kube-apiserver:v$version k8s.gcr.io/kube-apiserver:v$version
docker tag mirrorgooglecontainers/kube-controller-manager:v$version k8s.gcr.io/kube-controller-manager:v$version
docker tag mirrorgooglecontainers/kube-scheduler:v$version k8s.gcr.io/kube-scheduler:v$version
docker tag mirrorgooglecontainers/kube-proxy:v$version k8s.gcr.io/kube-proxy:v$version
docker tag mirrorgooglecontainers/pause:3.1 k8s.gcr.io/pause:3.1
docker tag mirrorgooglecontainers/etcd:3.2.24 k8s.gcr.io/etcd:3.2.24
docker tag coredns/coredns:1.2.6 k8s.gcr.io/coredns:1.2.6

启动

kubeadm init --kubernetes-version=v$version --service-cidr=10.1.0.0/16 --pod-network-cidr=10.244.0.0/16

mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config

初始化

kubectl apply -f https://cloud.weave.works/k8s/net?k8s-version=$(kubectl version | base64 | tr -d '\n')
kubectl taint nodes --all node-role.kubernetes.io/master-

kuboard

kubectl apply -f https://kuboard.cn/install-script/kuboard.yaml

harbor

wget https://github.com/goharbor/harbor/releases/download/v1.10.4/harbor-online-installer-v1.10.4.tgz  -P /opt/docker -N
tar zxvf /opt/docker/harbor-online-installer-v1.10.4.tgz -C /opt/docker
wget $host/ops/harbor.yml -O /opt/docker/harbor/harbor.yml      #配置文件里配置的密码没起作用
/opt/docker/harbor/install.sh

使用

获取 kuboard token

kubectl -n kube-system get secret $(kubectl -n kube-system get secret | grep kuboard-user | awk '{print $1}') -o go-template='{{.data.token}}' | base64 -d

登录kuboard

http://localhost:32567/login

登录 harbor

http://localhost:808

admin
Harbor12345

1. docker login -u admin -p Harbor12345 harbor1:808
2. docker tag 本地镜像:版本   harborIP:harborPort/harbor项目/名称:版本    (格式是必须这样的。)
3. docker push harborIP:harborPort/harbor项目/名称:版本
4. docker pull harborIP:harborPort/harbor项目/名称:版本

完成。

卸载k8s

kubeadm reset -f
rm -rf ~/.kube/
rm -rf /etc/kubernetes/

k8s查看token,discovery-token-ca-cert-hash

https://blog.csdn.net/weixin_43968936/article/details/103688562

openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
kubeadm token list
如果没有,生成一条:
kubeadm token create --ttl 0

kubeadm join 192.168.29.137:6443 --token 5w6qwh.8n0ektfrjdct3ib4 --discovery-token-ca-cert-hash sha256:af9e070ea723dd2281c2ae2414c932832a012d40bc55dc9c747bb00e68602388