春风十里不如你 —— Taozi - 仓库 2023-10-20T18:44:00+08:00 Typecho https://xiongan.host/index.php/feed/atom/tag/%E4%BB%93%E5%BA%93/ <![CDATA[Debian和Ubuntu安装k8s]]> https://xiongan.host/index.php/archives/225/ 2023-10-20T18:44:00+08:00 2023-10-20T18:44:00+08:00 admin https://www.xiongan.host //主节点代码 apt update apt install -y wireguard echo "net.ipv4.ip_forward = 1" >/etc/sysctl.d/ip_forward.conf sysctl -p /etc/sysctl.d/ip_forward.conf export SERVER_TOKEN=r83nui54eg8wihyiteshuo3o43gbf7u9er63o43gbf7uitujg8wihyitr6 export PUBLIC_IP=$(curl -Ls http://metadata.tencentyun.com/latest/meta-data/public-ipv4) export PRIVATE_IP=$(curl -Ls http://metadata.tencentyun.com/latest/meta-data/local-ipv4) export INSTALL_K3S_SKIP_DOWNLOAD=true export DOWNLOAD_K3S_BIN_URL=https://github.com/k3s-io/k3s/releases/download/v1.28.2%2Bk3s1/k3s if [ $(curl -Ls http://ipip.rehi.org/country_code) == "CN" ]; then DOWNLOAD_K3S_BIN_URL=https://ghproxy.com/${DOWNLOAD_K3S_BIN_URL} fi curl -Lo /usr/local/bin/k3s $DOWNLOAD_K3S_BIN_URL chmod a+x /usr/local/bin/k3s curl -Ls https://get.k3s.io | sh -s - server \ --cluster-init \ --token $SERVER_TOKEN \ --node-ip $PRIVATE_IP \ --node-external-ip $PUBLIC_IP \ --advertise-address $PRIVATE_IP \ --service-node-port-range 5432-9876 \ --flannel-backend wireguard-native \ --flannel-external-ip //子节点代码 apt update apt install -y wireguard echo "net.ipv4.ip_forward = 1" >/etc/sysctl.d/ip_forward.conf sysctl -p /etc/sysctl.d/ip_forward.conf export SERVER_IP=43.129.195.33 export SERVER_TOKEN=r83nui54eg8wihyiteshuo3o43gbf7u9er63o43gbf7uitujg8wihyitr6 export PUBLIC_IP=$(curl -Ls http://metadata.tencentyun.com/latest/meta-data/public-ipv4) export PRIVATE_IP=$(curl -Ls http://metadata.tencentyun.com/latest/meta-data/local-ipv4) export INSTALL_K3S_SKIP_DOWNLOAD=true export DOWNLOAD_K3S_BIN_URL=https://github.com/k3s-io/k3s/releases/download/v1.28.2%2Bk3s1/k3s if [ $(curl -Ls http://ipip.rehi.org/country_code) == "CN" ]; then DOWNLOAD_K3S_BIN_URL=https://ghproxy.com/${DOWNLOAD_K3S_BIN_URL} fi curl -Lo /usr/local/bin/k3s $DOWNLOAD_K3S_BIN_URL chmod a+x /usr/local/bin/k3s curl -Ls https://get.k3s.io | sh -s - agent \ --server https://$SERVER_IP:6443 \ --token $SERVER_TOKEN \ --node-ip $PRIVATE_IP \ --node-external-ip $PUBLIC_IP //docker配置镜像加速器 sudo mkdir -p /etc/docker sudo tee /etc/docker/daemon.json <<-'EOF' { "registry-mirrors": ["https://wml59v5w.mirror.aliyuncs.com"] } EOF sudo systemctl daemon-reload sudo systemctl restart docker //非集群机器安装集群管理面板kuboard sudo docker run -d \ --restart=unless-stopped \ --name=kuboard \ -p 80:80/tcp \ -p 10081:10081/udp \ -p 10081:10081/tcp \ -e KUBOARD_ENDPOINT="http://kuboard.my-company.com:80" \ -e KUBOARD_AGENT_SERVER_UDP_PORT="10081" \ -e KUBOARD_AGENT_SERVER_TCP_PORT="10081" \ -v /root/kuboard-data:/data \ eipwork/kuboard:v3.1.7.1 ]]> <![CDATA[搭建Harbor私有仓库【docker】]]> https://xiongan.host/index.php/archives/20/ 2022-09-28T08:55:00+08:00 2022-09-28T08:55:00+08:00 admin https://www.xiongan.host 要求:实现Harbor私有仓库的上传镜像
准备:
主机表
备注:各主机端关闭防火墙和selinux(方法:①systemctl stop firewalld ②setenforce 0)

  1. 搭建Harbor

Harbor仓库端:

  • 安装Harbor(离线包方式)

[root@harbor~]curl -L https://get.daocloud.io/docker/compose/releases/download/1.24.1/docker-compose-uname -s-uname -m > /usr/local/bin/docker-compose
在根目录上传harbor程序压缩包 点此处下载
上传成功后在/usr/local/ 创建一个harbor目录
在根目录出 tar harbor-offline-installer-v1.8.2 /usr/local/harbor/
[root@harbor~]chmod +x /usr/local/bin/docker-compose #给docker-compose一个可执行权限

  • 修改harbor配置文件

harbor.yml
之后执行./install.sh
测试页面

  • 同步时间

ntpdate 182.92.12.11 (成功后data测试查看时间)

  1. 在harbor仓库中添加一个测试私有项目

添加私有项目
3.测试私有项目的上传
在客户端docker端修改vim /etc/docker/daemon.json 修改ip为harbor地址
daemon.json
修改保存后执行重启命令
①systemctl daemon-reload ②systemctl restart docker
登陆仓库:docker login 192.168.123.27
上传镜像docker push 项目名称:tag
上传成功


【扩展】
上述过程完成后,虚拟机重启再尝试操作,可能会出现原始密码不正确的错误提示,这样我们可以先去修改密码

docker exec -it harbor-db /bin/bash
psql -U postgres -d postgres -h 127.0.0.1 -p 5432 #或者用这个可以不输入密码。
\c registry  切换到registry库
select * from harbor_user;  查看所有用户信息

例如修改admin的密码,修改为初始化密码 Harbor12345 ,修改好了之后再可以从web ui上再改一次。
update harbor_user set password='a71a7d0df981a61cbb53a97ed8d78f3e',salt='ah3fdh5b7yxepalg9z45bu8zb36sszmr' where username='admin';
之后重启docker、harbor

  systemctl daemon-reload
  systemctl restart docker

即可生效

]]>