https://xiongan.host/index.php/tag/%E4%BB%93%E5%BA%93/ https://xiongan.host/index.php/archives/225/ 2023-10-20T18:44:00+08:00 //主节点代码 apt update apt install -y wireguard echo "net.ipv4.ip_forward = 1" >/etc/sysctl.d/ip_forward.conf sysctl -p /etc/sysctl.d/ip_forward.conf export SERVER_TOKEN=r83nui54eg8wihyiteshuo3o43gbf7u9er63o43gbf7uitujg8wihyitr6 export PUBLIC_IP=$(curl -Ls http://metadata.tencentyun.com/latest/meta-data/public-ipv4) export PRIVATE_IP=$(curl -Ls http://metadata.tencentyun.com/latest/meta-data/local-ipv4) export INSTALL_K3S_SKIP_DOWNLOAD=true export DOWNLOAD_K3S_BIN_URL=https://github.com/k3s-io/k3s/releases/download/v1.28.2%2Bk3s1/k3s if [ $(curl -Ls http://ipip.rehi.org/country_code) == "CN" ]; then DOWNLOAD_K3S_BIN_URL=https://ghproxy.com/${DOWNLOAD_K3S_BIN_URL} fi curl -Lo /usr/local/bin/k3s $DOWNLOAD_K3S_BIN_URL chmod a+x /usr/local/bin/k3s curl -Ls https://get.k3s.io | sh -s - server \ --cluster-init \ --token $SERVER_TOKEN \ --node-ip $PRIVATE_IP \ --node-external-ip $PUBLIC_IP \ --advertise-address $PRIVATE_IP \ --service-node-port-range 5432-9876 \ --flannel-backend wireguard-native \ --flannel-external-ip //子节点代码 apt update apt install -y wireguard echo "net.ipv4.ip_forward = 1" >/etc/sysctl.d/ip_forward.conf sysctl -p /etc/sysctl.d/ip_forward.conf export SERVER_IP=43.129.195.33 export SERVER_TOKEN=r83nui54eg8wihyiteshuo3o43gbf7u9er63o43gbf7uitujg8wihyitr6 export PUBLIC_IP=$(curl -Ls http://metadata.tencentyun.com/latest/meta-data/public-ipv4) export PRIVATE_IP=$(curl -Ls http://metadata.tencentyun.com/latest/meta-data/local-ipv4) export INSTALL_K3S_SKIP_DOWNLOAD=true export DOWNLOAD_K3S_BIN_URL=https://github.com/k3s-io/k3s/releases/download/v1.28.2%2Bk3s1/k3s if [ $(curl -Ls http://ipip.rehi.org/country_code) == "CN" ]; then DOWNLOAD_K3S_BIN_URL=https://ghproxy.com/${DOWNLOAD_K3S_BIN_URL} fi curl -Lo /usr/local/bin/k3s $DOWNLOAD_K3S_BIN_URL chmod a+x /usr/local/bin/k3s curl -Ls https://get.k3s.io | sh -s - agent \ --server https://$SERVER_IP:6443 \ --token $SERVER_TOKEN \ --node-ip $PRIVATE_IP \ --node-external-ip $PUBLIC_IP //docker配置镜像加速器 sudo mkdir -p /etc/docker sudo tee /etc/docker/daemon.json <<-'EOF' { "registry-mirrors": ["https://wml59v5w.mirror.aliyuncs.com"] } EOF sudo systemctl daemon-reload sudo systemctl restart docker //非集群机器安装集群管理面板kuboard sudo docker run -d \ --restart=unless-stopped \ --name=kuboard \ -p 80:80/tcp \ -p 10081:10081/udp \ -p 10081:10081/tcp \ -e KUBOARD_ENDPOINT="http://kuboard.my-company.com:80" \ -e KUBOARD_AGENT_SERVER_UDP_PORT="10081" \ -e KUBOARD_AGENT_SERVER_TCP_PORT="10081" \ -v /root/kuboard-data:/data \ eipwork/kuboard:v3.1.7.1 https://xiongan.host/index.php/archives/20/ 2022-09-28T08:55:00+08:00 要求：实现Harbor私有仓库的上传镜像准备：备注：各主机端关闭防火墙和selinux（方法：①systemctl stop firewalld ②setenforce 0）搭建HarborHarbor仓库端：安装Harbor（离线包方式）[root@harbor~]curl -L https://get.daocloud.io/docker/compose/releases/download/1.24.1/docker-compose-uname -s-uname -m > /usr/local/bin/docker-compose在根目录上传harbor程序压缩包 点此处下载上传成功后在/usr/local/ 创建一个harbor目录在根目录出 tar harbor-offline-installer-v1.8.2 /usr/local/harbor/[root@harbor~]chmod +x /usr/local/bin/docker-compose #给docker-compose一个可执行权限修改harbor配置文件之后执行./install.sh同步时间ntpdate 182.92.12.11 （成功后data测试查看时间）在harbor仓库中添加一个测试私有项目 3.测试私有项目的上传在客户端docker端修改vim /etc/docker/daemon.json 修改ip为harbor地址修改保存后执行重启命令①systemctl daemon-reload ②systemctl restart docker登陆仓库：docker login 192.168.123.27上传镜像docker push 项目名称:tag【扩展】上述过程完成后，虚拟机重启再尝试操作，可能会出现原始密码不正确的错误提示，这样我们可以先去修改密码docker exec -it harbor-db /bin/bash psql -U postgres -d postgres -h 127.0.0.1 -p 5432 #或者用这个可以不输入密码。 \c registry 切换到registry库 select * from harbor_user; 查看所有用户信息例如修改admin的密码，修改为初始化密码 Harbor12345 ，修改好了之后再可以从web ui上再改一次。update harbor_user set password='a71a7d0df981a61cbb53a97ed8d78f3e',salt='ah3fdh5b7yxepalg9z45bu8zb36sszmr' where username='admin';之后重启docker、harbor systemctl daemon-reload systemctl restart docker即可生效