yum install epel-release
rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
yum install https://www.elrepo.org/elrepo-release-8.el8.elrepo.noarch.rpm -y
dnf --enablerepo=elrepo-kernel install kernel-lt
Open the following configuration file vi /etc/sysctl.conf to enable enable TCP BBR.
vi /etc/sysctl.conf
At the end of the config file, add the following lines.
net.core.default_qdisc=fq
net.ipv4.tcp_congestion_control=bbr
Save the file, and refresh your configuration by using this command,
sysctl -p
yum update -y
1.选择 最小化安装
2.升级系统
sudo apt update
sudo apt upgrade
3.Enabling TCP BBR in Ubuntu
Open the following configuration file vi /etc/sysctl.conf to enable enable TCP BBR.
vi /etc/sysctl.conf
At the end of the config file, add the following lines.
net.core.default_qdisc=fq
net.ipv4.tcp_congestion_control=bbr
Save the file, and refresh your configuration by using this command,
sysctl -p
sudo yum install -y yum-utils
sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
Older versions of Docker were called docker, docker.io, or docker-engine. If these are installed, uninstall them:
$ sudo apt-get remove docker docker-engine docker.io containerd runc
-
$ sudo apt-get update $ sudo apt-get install \ ca-certificates \ curl \ gnupg \ lsb-release -
$ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
Use the following command to set up the stable repository. To add the nightly or test repository, add the word nightly or test (or both) after the word stable in the commands below. Learn about nightly and test channels.
$ echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
Update the apt package index, and install the latest version of Docker Engine and containerd, or go to the next step to install a specific version:
Install Docker Engine (for CentOS)
sudo yum install docker-ce docker-ce-cli containerd.io
sudo systemctl start docker
1).Create a systemd drop-in directory for the docker service:
sudo mkdir -p /etc/systemd/system/docker.service.d
2).Create a file named /etc/systemd/system/docker.service.d/http-proxy.conf that adds the HTTP_PROXY environment variable:
[Service]
Environment="HTTP_PROXY=http://proxy.example.com:80"
Environment="HTTPS_PROXY=http://proxy.example.com:443"
Environment="NO_PROXY=localhost,127.0.0.1,docker-registry.example.com,.corp"
3).Flush changes and restart Docker
sudo systemctl daemon-reload
sudo systemctl restart docker
4).Verify that the configuration has been loaded and matches the changes you made, for example:
sudo systemctl show --property=Environment docker
registry.aliyuncs.com/google_containers
sudo mkdir /etc/docker
cat <<EOF | sudo tee /etc/docker/daemon.json
{
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2"
}
EOF
sudo systemctl enable docker
sudo systemctl daemon-reload
sudo systemctl restart dockercat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
br_netfilter
EOF
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sudo sysctl --system
cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-\$basearch
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
exclude=kubelet kubeadm kubectl
EOF
# Set SELinux in permissive mode (effectively disabling it)
sudo setenforce 0
sudo sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
sudo yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
sudo systemctl enable --now kubelet
注意:因为安装Kubernetes需要从Google获取安装源,可以修改 /etc/yum.repos.d/kubernetes.repo,在文件添加 proxy=http://user:[email protected]:3128,即可单独为这个yum源添加代理。
-
sudo apt-get update sudo apt-get install -y apt-transport-https ca-certificates curl
-
sudo curl -fsSLo /usr/share/keyrings/kubernetes-archive-keyring.gpg https://packages.cloud.google.com/apt/doc/apt-key.gpg
注意:curl 可以添加 --socks5 或者 proxy 参数,指定代理服务器下载
-
echo "deb [signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list
-
You will need to set up a proxy for APT if you want to install the package from the Ubuntu repository. You can do it by creating a new configuration file at /etc/apt/apt.conf.d/:
nano /etc/apt/apt.conf.d/proxy.confAdd the following lines:
Acquire::http::Proxy "http://username:password@proxy-server-ip:8181/"; Acquire::https::Proxy "http://username:password@proxy-server-ip:8182/"; Acquire::http::Proxy { your.local.repository DIRECT; //请修改为不需要代理的repo源,例如cn.archive.ubuntu.com DIRECT; your1.local.repository DIRECT;//请修改为不需要代理的repo源,例如download.docker.com DIRECT; your2.local.repository DIRECT;//同上 };Save and close the file when you are finished. You can now install any packages from the Ubuntu repository in your system
-
sudo apt-get update sudo apt-get install -y kubelet kubeadm kubectl sudo apt-mark hold kubelet kubeadm kubectl
yum install bash-completion
source /usr/share/bash-completion/bash_completion
echo 'source <(kubectl completion bash)' >>~/.bashrc
kubeadm config print init-defaults > init.yaml
修改init.yaml 中的 advertiseAddress 字段为 master 服务器的IP 地址
由于k8s.gcr.io 在大陆无法使用,registry.aliyuncs.com/google_containers 替代
a. 可以先使用 kubeadm config images list 查看 kubeadm 需要的镜像
b. 使用 docker pull registry.aliyuncs.com/google_containers/ xx_a.b.c.d 拉取所有的镜像
c. 使用ducker tag 修改 拉取回来的镜像的TAG为 k8s.gcr.io/xxx.x.x.xabc
kubeadm init --config init.yaml
curl https://docs.projectcalico.org/manifests/calico.yaml -O
kubeadm join --token <token> <control-plane-host>:<control-plane-port> --discovery-token-ca-cert-hash sha256:<hash>kubeadm token listkubeadm token create
openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
1)ingress 项目地址: https://kubernetes.github.io/ingress-nginx/
2)ingress 裸机部署模式: https://kubernetes.github.io/ingress-nginx/deploy/#bare-metal-clusters
3)下载裸机部署yaml文件 https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.1.1/deploy/static/provider/baremetal/deploy.yaml
4)启用hostNetwork的方法
# 定义工作负载,名称为:ingress-nginx-controller(DaemonSet hostNetwork 模式下主要修改此段清单)
# Source: ingress-nginx/templates/controller-deployment.yaml
apiVersion: apps/v1
kind: DaemonSet # 将“Deployment”修改为“DaemonSet”
metadata:
labels:
helm.sh/chart: ingress-nginx-3.34.0
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.48.1
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller
name: ingress-nginx-controller
namespace: ingress-nginx
spec:
selector:
matchLabels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/component: controller
revisionHistoryLimit: 10
minReadySeconds: 0
template:
metadata:
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/component: controller
spec:
hostNetwork: true # 启用主机网络
dnsPolicy: ClusterFirstWithHostNet # 将“ClusterFirst”修改为“ClusterFirstWithHostNet”,使Nginx可以解析K8s集群内部名称
containers:
- name: controller
image: k8s.gcr.io/ingress-nginx/controller:v0.48.1@sha256:e9fb216ace49dfa4a5983b183067e97496e7a8b307d2093f4278cd550c303899
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
exec:
command:
- /wait-shutdown
args:
- /nginx-ingress-controller
- --election-id=ingress-controller-leader
- --ingress-class=nginx
- --configmap=$(POD_NAMESPACE)/ingress-nginx-controller
- --validating-webhook=:8443
- --validating-webhook-certificate=/usr/local/certificates/cert
- --validating-webhook-key=/usr/local/certificates/key
- --report-node-internal-ip-address # 报告ingress对象的ADDRESS状态
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-myservicea
spec:
rules:
- host: myservicea.foo.org
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: myservicea
port:
number: 80
ingressClassName: nginx
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-myserviceb
spec:
rules:
- host: myserviceb.foo.org
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: myserviceb
port:
number: 80
ingressClassName: nginx #这个字段非常重要,ingress-controler识别使用
Nginx is configured to automatically discover all ingress with the kubernetes.io/ingress.class: "nginx" annotation or where ingressClassName: nginx is present.
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent