K8s
系统架构: Red Hat Enterprise Linux 7.9
1.下载rpm镜像
1.1 Docker 官方源 被禁用 使用阿里云源
echo -e "[docker-ce-stable]\nname=Docker CE Stable - x86_64\nbaseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/\$basearch/stable\nenabled=1\ngpgcheck=1\ngpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg" > /etc/yum.repos.d/docker-ce.repo
1.2 下载docker-rpm包
yum install --downloadonly --downloaddir=/home/docker-rpms -y docker-ce docker-ce-cli containerd.io
这里红帽系统会出现依赖地狱,为什么会这样? docker-ce 本身依赖一些系统底层的网络和文件系统组件(例如 container-selinux、libcgroup、fuse-overlayfs 等)。而这些基础组件不在 Docker 的源里,它们属于红帽官方的 extras 或 base 基础软件源。
因为你的系统提示了 This system is not registered…(这台红帽系统没有注册订阅,无法使用红帽官方源),导致 yum 找不到这些最基础的依赖包。 解决:借用 阿里云的CentOS 7 基础源
# 添加 CentOS 7 基础源 (提供 libcgroup 等)
echo -e "[base]\nname=CentOS-7 - Base\nbaseurl=https://mirrors.aliyun.com/centos/7/os/\$basearch/\nenabled=1\ngpgcheck=0" > /etc/yum.repos.d/centos-base.repo
# 添加 CentOS 7 扩展源 (提供 container-selinux, fuse-overlayfs, slirp4netns 等)
echo -e "[extras]\nname=CentOS-7 - Extras\nbaseurl=https://mirrors.aliyun.com/centos/7/extras/\$basearch/\nenabled=1\ngpgcheck=0" > /etc/yum.repos.d/centos-extras.repo
# 刷新缓存
yum clean all
yum makecache
1.3 下载k8s rpm包
# 1. 写入阿里云 K8s 源
echo -e "[kubernetes]\nname=Kubernetes\nbaseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/\nenabled=1\ngpgcheck=1\ngpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/idx-gpg.key" > /etc/yum.repos.d/kubernetes.repo
# 2. 仅下载 v1.23.17 的组件及其系统依赖包
mkdir /home/k8s-rpms
yum install --downloadonly --downloaddir=/home/k8s-rpms -y kubelet-1.23.17 kubeadm-1.23.17 kubectl-1.23.17
2.安装docker
cd /home/docker-rpms
# 使用 yum 本地安装该目录下的所有包
yum localinstall -y *.rpm
#设置开机自启
systemctl start docker
systemctl enable docker
2.1.1 修改 Docker 的 Cgroup 驱动为 systemd(K8s 强依赖此设置):
mkdir -p /etc/docker && echo -e "{\n \"exec-opts\": [\"native.cgroupdriver=systemd\"]\n}" > /etc/docker/daemon.json
# 重启 Docker 让配置生效
systemctl daemon-reload
systemctl restart docker
2.2 安装 Kubernetes 组件
cd /home/k8s-rpms
yum localinstall -y *.rpm
#设置 kubelet 开机自启
systemctl enable kubelet
3.系统底层环境调整
# 1. 关闭 Swap 分区
swapoff -a && sed -i '/swap/d' /etc/fstab
# 2. 关闭 SELinux
setenforce 0 && sed -i 's/^SELINUX=enforcing$/SELINUX=disabled/' /etc/selinux/config
# 3. 关闭系统自带防火墙
systemctl stop firewalld && systemctl disable firewalld
# 4. 开启内核网卡桥接和转发权限
echo -e "net.bridge.bridge-nf-call-ip6tables = 1\nnet.bridge.bridge-nf-call-iptables = 1\nnet.ipv4.ip_forward = 1" > /etc/sysctl.d/k8s.conf && sysctl --system
4.初始化 Kubernetes 集群
4.1 通过阿里云拉取K8s核心系统镜像
kubeadm init --apiserver-advertise-address=$(ip route get 1 | awk '{print $7;exit}') --image-repository registry.aliyuncs.com/google_containers --pod-network-cidr=10.244.0.0/16 --kubernetes-version=v1.23.17
5.配置权限与安装网络
mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config
5.1 安装网络插件
kubectl apply -f https://github.com/flannel-io/flannel/releases/latest/download/kube-flannel.yml
5.2 单机解除污点限制:默认情况下 K8s 不允许在 Master 节点上运行你的业务容器。如果你这台服务器既当管理节点又想跑业务,执行这一行解除限制:
kubectl taint nodes --all node-role.kubernetes.io/master-
K8s安装完成
6 安装springboot项目相关依赖服务
6.1 安装 Helm
wget https://get.helm.sh/helm-v3.12.3-linux-amd64.tar.gz && tar -zxvf helm-v3.12.3-linux-amd64.tar.gz && mv linux-amd64/helm /usr/local/bin/helm &&
6.2 安装nacos
#下载nacos镜像
kubectl create deployment nacos --image=swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/nacos/nacos-server:v2.2.3 --port=8848
#设置为单机运行
kubectl patch deployment nacos -p '{"spec":{"template":{"spec":{"containers":[{"name":"nacos-server","env":[{"name":"MODE","value":"standalone"}]}]}}}}'
#暴露服务
kubectl expose deployment nacos --type=NodePort --port=8848 --target-port=8848
#暴露集群内部所需的 gRPC 端口
kubectl expose deployment nacos --name=nacos-grpc --port=9848 --target-port=9848
nacos安装成功
6.3 安装Elasticsearch 7.17.3 + Kibana
#下载es镜像
kubectl create deployment elasticsearch --image=swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/library/elasticsearch:7.17.3 --port=9200
#设置为单机运行
kubectl patch deployment elasticsearch -p '{"spec":{"template":{"spec":{"containers":[{"name":"elasticsearch","env":[{"name":"ES_JAVA_OPTS","value":"-Xm12m -Xmx512m"},{"name":"discovery.type","value":"single-node"}]}]}}}}'
#暴露服务端口
kubectl expose deployment elasticsearch --type=NodePort --port=9200 --target-port=9200
#下载Kibana镜像
kubectl create deployment kibana --image=swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/library/kibana:7.17.3 --port=5601
#暴露kibana服务端口
kubectl expose deployment kibana --type=NodePort --port=5601 --target-port=5601
6.4 安装sky-walking
#安装 sky-oap
kubectl create deployment sky-oap --image=swr.cn-north-4.myhuaweicloud.com/ddn-k8s/skywalking.docker.scarf.sh/apache/skywalking-oap-server:9.2.0 --port=11800
#安装sky-ui
kubectl create deployment sky-ui --image=swr.cn-north-4.myhuaweicloud.com/ddn-k8s/skywalking.docker.scarf.sh/apache/skywalking-ui:9.2.0 --port=8080
#暴露sky-ui端口
kubectl expose deployment sky-ui --type=NodePort --port=8080 --target-port=8080
#暴露sky-oap通信端口在K8s中
kubectl expose deployment sky-oap --name=sky-oap-rest --port=12800 --target-port=12800
#前端 sky-ui 注入后端地址变量
kubectl patch deployment sky-ui -p '{"spec":{"template":{"spec":{"containers":[{"name":"skywalking-ui","env":[{"name":"SW_OAP_ADDRESS","value":"http://sky-oap-rest:12800"}]}]}}}}'
做完这些,在浏览器就能看到skywalking的web页面。
6.5 安装apollo
#下载阿波罗镜像
kubectl create deployment apollo --image=swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/nobodyiam/apollo-quick-start:2.4.0 --port=8070
#暴露阿波罗端口
kubectl expose deployment apollo --type=NodePort --port=8070 --target-port=8070
6.6 安装k8s网页版后管
docker run -d --restart=unless-stopped --name=kuboard -p 80:80 -p 10081:10081 -v /root/.kube/:/root/.kube swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/eipwork/kuboard:v3
6.7 安装 Prometheus + Grafana 监控 因为我搭建过Kuboard 网页端 所以直接通过yml导入
apiVersion: v1
kind: ConfigMap
metadata:
name: prometheus-config
namespace: default
data:
prometheus.yml: |
global:
scrape_interval: 15s
scrape_configs:
- job_name: 'kubernetes-nodes'
kubernetes_sd_configs:
- role: node
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: prometheus
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app: prometheus
template:
metadata:
labels:
app: prometheus
spec:
containers:
- name: prometheus
image: swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/prom/prometheus:v2.36.2
args:
- "--config.file=/etc/prometheus/prometheus.yml"
ports:
- containerPort: 9090
volumeMounts:
- name: config-volume
mountPath: /etc/prometheus
volumes:
- name: config-volume
configMap:
name: prometheus-config
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: grafana
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app: grafana
template:
metadata:
labels:
app: grafana
spec:
containers:
- name: grafana
image: swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/grafana/grafana:8.5.27
ports:
- containerPort: 3000
env:
- name: GF_SECURITY_ADMIN_PASSWORD
value: "prom-operator"
---
apiVersion: v1
kind: Service
metadata:
name: grafana-service
namespace: default
spec:
type: NodePort
ports:
- port: 3000
targetPort: 3000
nodePort: 31030
selector:
app: grafana
安装成功
