101Master1
克隆指定版本号
git clone -b 0.6.1 https://github.com/easzlab/kubeasz.git
安装ansible
apt install ansible -y
免密钥
ssh-keygen
102Master2
免密钥
ssh-keygen
脚本
cat docker-install.sh
#!/bin/bash
# step 1: 安装必要的一些系统工具
sudo apt-get update
sudo apt-get -y install apt-transport-https ca-certificates curl software-properties-common
# step 2: 安装GPG证书
curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo apt-key add -
# Step 3: 写入软件源信息
sudo add-apt-repository "deb [arch=amd64] https://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable"
# Step 4: 更新并安装Docker-CE
sudo apt-get -y update
apt install docker-ce-cli=5:19.03.9~3-0~ubuntu-bionic docker-ce=5:19.03.9~3-0~ubuntu-bionic -y
执行脚本
bash docker-install.sh
101Master1
#替换
cp limits.conf /etc/security/limits.conf
cp sysctl.conf /etc/sysctl.conf
拷贝证书等信息
scp -r /etc/docker/certs.d 192.168.37.102:/etc/docker/
scp -r /root/.docker 192.168.37.102:/root/
拷贝密钥脚本:批量分发
cat scp.sh
#!/bin/bash
#目标主机列表
IP="
192.168.37.101
192.168.37.102
192.168.37.105
192.168.37.106
192.168.37.107
192.168.37.110
192.168.37.111
"
#安装命令
apt install sshpass -y
for node in ${IP};do
#拷贝密钥、注意密码要一致 如:'123.com'
sshpass -p 123.com ssh-copy-id ${node} -o StrictHostKeyChecking=no
if [ $? -eq 0 ];then
echo "${node} 密钥copy完成"
else
echo "${node} 密钥copy失败"
fi
#安装docker
scp /root/docker-install.sh ${node}:/opt/
#安装harbor证书
scp -r /etc/docker/certs.d ${node}:/etc/docker/
#hosts文件解析
scp -r /etc/hosts ${node}:/etc/
#替换内核参数
scp /etc/security/limits.conf ${node}:/etc/security/limits.conf
scp /etc/sysctl.conf ${node}:/etc/sysctl.conf
#重启主机
# ssh ${node} "reboot"
# echo ${node},"重启成功"
done
执行脚本
#执行脚本
bash scp.sh
102Master2
重启服务
systemctl restart docker
systemctl enable docker
测试能否上传
docker pull alpine
docker images
docker tag b2aa39c304c2 harbor.123.com/linux01/alpine:v2
docker push harbor.123.com/linux01/alpine:v2
配置keepalived
ha108和ha109
两台负载服务器上都要部署,提前在/etc/sysctl.conf配置文件将net.ipv4.ip_nonlocal_bind 的值改为1并执行sysctl –p生效
vim /etc/sysctl.conf
...
net.ipv4.ip_nonlocal_bind = 1 <--允许非本地IP地址socket监听
#生效
sysctl -p
apt install keepalived haproxy -y
ha108
拷贝模板文件
cp /usr/share/doc/keepalived/samples/keepalived.conf.vrrp /etc/keepalived/keepalived.conf
编辑配置文件
cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_instance VI_1 {
state MASTER
interface eth0
garp_master_delay 10
smtp_alert
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.37.240 dev eth0 label eth0:1 <--
}
}
重启服务并设为开机启动
systemctl restart keepalived
systemctl enable keepalived
拷贝
scp /etc/keepalived/keepalived.conf 192.168.37.109:/etc/keepalived/keepalived.conf
ha109
cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_instance VI_1 {
state BACKUP <--
interface eth0
garp_master_delay 10
smtp_alert
virtual_router_id 51
priority 80 <--
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.37.240 dev eth0 label eth0:1
}
}
重启服务并设为开机启动
systemctl restart keepalived
systemctl enable keepalived
ha108
配置haproxy
vim /etc/haproxy/haproxy.cfg
...
#结尾添加
listen k8s-api-6443
bind 192.168.37.240:6443
mode tcp
server 192.168.37.101 192.168.37.101:6443 check fall 3 rise 3 inter 3s
server 192.168.37.102 192.168.37.102:6443 check fall 3 rise 3 inter 3s
启动服务并设为开机启动
systemctl restart haproxy
systemctl enable haproxy
拷贝
scp /etc/haproxy/haproxy.cfg 192.168.37.109:/etc/haproxy
ha109
启动服务并设为开机启动
systemctl restart haproxy
systemctl enable haproxy
