miaoyun+Rancher+K8S学习与实践


01 miaoyun安装步骤

<p>[TOC]</p> <p>秒云在线文档 <a href="http://docs.miaoyun.net.cn/">http://docs.miaoyun.net.cn/</a> 秒云安装包下载 <a href="https://miaoyun.net.cn/download.html">https://miaoyun.net.cn/download.html</a></p> <h1>1、安装CentOS7</h1> <p><strong>注意:</strong>磁盘/var分区的大小;</p> <h1>2、Update CentOS7</h1> <pre><code class="language-bash">yum update -y</code></pre> <h1>3、CentOS7内核版本须升级⾄4.12+</h1> <pre><code class="language-bash">rpm -ivh kernel-ml-5.5.11-1.el7.elrepo.x86_64.rpm grub2-set-default 0 reboot uname -r</code></pre> <h1>4、关闭主机系统防⽕墙</h1> <pre><code class="language-bash">systemctl stop firewalld systemctl disable firewalld</code></pre> <h1>5、关闭主机SElinux。</h1> <p>永久关闭</p> <pre><code class="language-bash">setenforce 0 sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config reboot</code></pre> <h1>6、修改主机名:/etc/hosts,/etc/hostname</h1> <p>Miaoyun VIP 172.16.7.63 K8S VIP 172.16.7.69</p> <pre><code class="language-bash">hostnamectl set-hostname 主机名 echo &amp;quot;172.16.7.61 pm01.gfkd.com pm01&amp;quot; &amp;gt;&amp;gt; /etc/hosts echo &amp;quot;172.16.7.62 pm01.gfkd.com pm02&amp;quot; &amp;gt;&amp;gt; /etc/hosts echo &amp;quot;172.16.7.64 k8s01.gfkd.com k8s01&amp;quot; &amp;gt;&amp;gt; /etc/hosts echo &amp;quot;172.16.7.65 k8s02.gfkd.com k8s02&amp;quot; &amp;gt;&amp;gt; /etc/hosts echo &amp;quot;172.16.7.66 k8s03.gfkd.com k8s03&amp;quot; &amp;gt;&amp;gt; /etc/hosts echo &amp;quot;172.16.7.68 nfs.gfkd.com nfs&amp;quot; &amp;gt;&amp;gt; /etc/hosts</code></pre> <h1>7 检查并配置ipv4,将内容修改为如下</h1> <p>cat /usr/lib/sysctl.d/00-system.conf</p> <pre><code class="language-bash">net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 net.bridge.bridge-nf-call-arptables = 0 net.ipv4.ip_forward = 1</code></pre> <p>保存并重启网卡</p> <pre><code class="language-bash">systemctl restart network</code></pre> <h1>8、创建普通用户(非root)用来运行程序</h1> <p>为安全考虑,需创建一个非root用户(如:easytong),用来运行程序,并设置easytong用户组、密码,免密权限并加入docker组。</p> <h2>8.1 创建easytong用户</h2> <p>创建非root用户来运行easytong</p> <pre><code class="language-bash">groupadd -g 2001 easytong useradd -u 2001 -g 2001 easytong echo &amp;quot;easytong:310012&amp;quot; | chpasswd 修改命令如下: usermod -u 2001 easytong groupmod -g 2001 easytong 将用户从一个组中移除: gpasswd -d userName groupName</code></pre> <h2>8.2 将easytong用户加⼊docker⽤户组</h2> <p>在docker安装完成后再把easytogn用户加入到docker用户组。</p> <pre><code class="language-bash">usermod -aG docker easytong</code></pre> <h2>8.3 设置easytong⽤户sudo免密权限</h2> <p>在/etc/sudoers中添加如下一行:</p> <pre><code class="language-bash">easytong ALL=(ALL) NOPASSWD:ALL</code></pre> <h1>9、主机时间:各主机时间同步;</h1> <h2>9.1、修改时区</h2> <p>查询服务器时间</p> <pre><code class="language-bash">timedatectl</code></pre> <p>修改时区为Asia/Shanghai</p> <pre><code class="language-bash">timedatectl set-timezone Asia/Shanghai</code></pre> <p>查看修改后的结果</p> <pre><code class="language-bash">timedatectl</code></pre> <h2>9.2、配置NTP时间同步服务器</h2> <p>CentOS7 配置NTP时间同步服务器 <a href="https://www.wanhebin.com/linux/590.html">https://www.wanhebin.com/linux/590.html</a></p> <h3>9.2.1 服务端配置</h3> <p>检查服务器是否安装了ntp,ntpdate</p> <pre><code class="language-bash">rpm -qa |grep ntp ntp-4.2.6p5-29.el7.centos.2.x86_64 ntpdate-4.2.6p5-29.el7.centos.2.x86_64</code></pre> <h3>9.2.2 如果没有,需要安装</h3> <pre><code class="language-bash">yum -y install ntp ntpdate</code></pre> <h3>9.2.3 修改ntp配置文件/etc/ntp.conf</h3> <p>注释以下配置</p> <pre><code class="language-bash">#server 0.centos.pool.ntp.org iburst #server 1.centos.pool.ntp.org iburst #server 2.centos.pool.ntp.org iburst #server 3.centos.pool.ntp.org iburst</code></pre> <h3>9.2.4 新增以下配置</h3> <pre><code class="language-bash">#日志文件 logfile /var/log/ntpd.log #授权172.16.7.0网段上所有机器可以从这台机器上查询和时间同步 restrict 172.16.7.0 mask 255.255.255.0 nomotify notrap #时间服务器列表 server 210.72.145.44 #中国国家授时中心 server ntp1.aliyun.com server ntp2.aliyun.com server ntp3.aliyun.com #当外部时间不可用时,使用本地时间 server 127.0.0.1 fudge 127.0.0.1 stratum 10 #允许上层时间服务器主动修改本机时间 restrict 210.72.145.44 restrict ntp1.aliyun.com nomodify notrap noquery restrict ntp2.aliyun.com nomodify notrap noquery restrict ntp3.aliyun.com nomodify notrap noquery</code></pre> <h3>9.2.5 客户端</h3> <h4>9.2.5.1 安装ntp,ntpdate</h4> <pre><code class="language-bash">yum install ntp ntpdate</code></pre> <h4>9.2.5.2 修改配置文件/etc/ntp.conf</h4> <p>注释以下配置</p> <pre><code class="language-bash">#server 0.centos.pool.ntp.org iburst #server 1.centos.pool.ntp.org iburst #server 2.centos.pool.ntp.org iburst #server 3.centos.pool.ntp.org iburst</code></pre> <h4>9.2.5.3 增加以下配置</h4> <pre><code class="language-bash">#ntp服务器地址 server 172.16.7.64 #新增:允许上层时间服务器主动修改本机时间 restrict 172.16.7.64 nomodify nortap noquery #新增:当外部时间不可用时,使用本地时间 server 127.0.0.1 #local clock fudge 127.0.0.1 stratum 10</code></pre> <h4>9.2.5.4 保存配置,重启ntp服务并加入开启自启</h4> <pre><code class="language-bash">systemctl enable ntpd systemctl restart ntpd</code></pre> <h3>9.2.6 查看服务器信息</h3> <pre><code class="language-bash">ntpq -p remote refid st t when poll reach delay offset jitter ============================================================================== 172.16.7.64 120.25.115.20 3 u 22 64 1 0.499 -31.451 0.000 localhost .INIT. 16 l - 64 0 0.000 0.000 0.000</code></pre> <h3>9.2.7 测试</h3> <h4>9.2.7.1 查看ntp服务端时间</h4> <pre><code class="language-bash">date</code></pre> <h4>9.2.7.2 修改客户端时间</h4> <pre><code class="language-bash">date -s 2020-01-01 date</code></pre> <p>等待一段时间后客户端时间自动同步,这里用手动同步验证</p> <pre><code class="language-bash">ntpdate -u 172.16.7.64 date</code></pre> <p>如果觉得自动同步时间间隔比较久,可以设定一个定时任务,使用ntpdate命令来同步服务端时间 这里以每分钟同步为例</p> <pre><code class="language-bash">crontab -e * * * * * /usr/sbin/ntpdate -u 172.16.7.64 &amp;amp; &amp;gt; /dev/null</code></pre> <p>至此,ntp时间同步服务器搭建完成。</p> <h1>10、安装与配置NFS</h1> <p>平台高可用和集群高可用,都需要部署NFS服务。 <strong>下面是平台高可用部署NFS服务。</strong> NFS服务器搭建请参考链接: <a href="https://www.showdoc.com.cn/p/f347725025ea6fc5a9a16f45f202b3b0">https://www.showdoc.com.cn/p/f347725025ea6fc5a9a16f45f202b3b0</a></p> <p><strong>集群高可用部署NFS服务</strong> 同上步骤10</p> <h1>11、安装docker</h1> <p>秒云已支持最新稳定版:Docker version 19.03.12</p> <h2>11.1 安装所需的软件包</h2> <pre><code class="language-bash">$ sudo yum install -y yum-utils \ device-mapper-persistent-data \ lvm2``` ## 11.2 设置稳定版的YUM源 ```bash $ sudo yum-config-manager \ --add-repo \ https://download.docker.com/linux/centos/docker-ce.repo</code></pre> <h2>11.3 安装最新版本的Docker社区版和containerd</h2> <pre><code class="language-bash">$ sudo yum install docker-ce docker-ce-cli containerd.io</code></pre> <h2>11.4 设置随机启动并启动docker</h2> <pre><code class="language-bash">systemctl start docker systemctl enable docker</code></pre> <h2>11.5 将easytong用户加⼊docker⽤户组</h2> <pre><code class="language-bash">usermod -aG docker easytong</code></pre> <h1>12、安装平台管理节点</h1> <p>安装流程: (1)在主节点上执行:miaoyun_deploy_offline.sh (2)在备节点上执行:my deploy --backup (3)在主节点上执行:my stack keepalived (4)在备节点上执行:my stack keepalived</p> <h2>12.1 主节点安装</h2> <pre><code class="language-bash">[easytong@miaoyun-k8s-adm1 miaoyuninstallpackage]$ sudo ./miaoyun_deploy_offline.sh _ _ __ __ __ _ _ _ _ __ _ ( \/ )( ) / _\ / \( \/ )/ )( \( ( \ / \/ \ )( / \( O )) / ) \/ (/ / \_)(_/(__)\_/\_/ \__/(__/ \____/\_)__) v20.03.2 ✔ HA Mode: Enable HA ✔ Virtual IP Address: 172.16.7.63 ✔ Network Interface of Virtual IP Address: ens192 ✔ Shared Mountpoint: /opt/miaoyunk8sadmnfs/ ✔ Domain: 172.16.7.63 ✔ Offline Packages Folder: /opt/miaoyuninstallpackage/packages ✔ Host IP: 172.16.7.64 ✔ Etcd Endpoints: https://172.16.7.63:20409 [ OK ] Checking environment Kernel version: 5.5.11-1.el7.elrepo.x86_64 Docker version: 19.03.12 Firewalld: inactive [ OK ] Preparing configuration file [ OK ] Preparing certificates [ OK ] Installing registry certificate [ OK ] Loading boot images [ OK ] Deploying offline registry [ OK ] Preparing deploy.yml [ OK ] (1/11) Creating volume: chiwen.alertmanager [ OK ] (2/11) Creating volume: chiwen.clair [ OK ] (3/11) Creating volume: chiwen.data [ OK ] (4/11) Creating volume: chiwen.jenkins [ OK ] (5/11) Creating volume: chiwen.keystone [ OK ] (6/11) Creating volume: chiwen.mysql [ OK ] (7/11) Creating volume: chiwen.chartmuseum [ OK ] (8/11) Creating volume: chiwen.postgres [ OK ] (9/11) Creating volume: chiwen.prometheus [ OK ] (10/11) Creating volume: chiwen.registry [ OK ] (11/11) Creating volume: chiwen.web [ OK ] (1/16) Creating container: miaoyun.POD [ OK ] (2/16) Creating container: miaoyun.keeper [ OK ] (3/16) Creating container: miaoyun.mysql [ OK ] (4/16) Creating container: miaoyun.keystone [ OK ] (5/16) Creating container: miaoyun.etcd [ OK ] (6/16) Creating container: miaoyun.registry [ OK ] (7/16) Creating container: miaoyun.coredns [ OK ] (8/16) Creating container: miaoyun.chartmuseum [ OK ] (9/16) Creating container: miaoyun.prometheus [ OK ] (10/16) Creating container: miaoyun.alertmanager [ OK ] (11/16) Creating container: miaoyun.chiwen-web [ OK ] (12/16) Creating container: miaoyun.jenkins-master [ OK ] (13/16) Creating container: miaoyun.jenkins-exporter [ OK ] (14/16) Creating container: miaoyun.clair [ OK ] (15/16) Creating container: miaoyun.postgres [ OK ] (16/16) Creating container: miaoyun.chiwen [ OK ] Waiting for ready Deploy miaoyun successfully! (3m22s) To deploy backup, use: my deploy --backup #在此不执行。 To deploy keepalived and assign virtual IP, use: my stack keepalived #可以在后面步骤(12.3.1 在主节点上安装keepalived)中执行 </code></pre> <h2>12.2 备节点安装</h2> <h3>12.2.1 复制秒云安装包到备节点并授权</h3> <h3>12.2.2 安装</h3> <pre><code class="language-bash">[easytong@miaoyun-k8s-adm2 miaoyuninstallpackage]$ sudo ./my deploy --backup _ _ __ __ __ _ _ _ _ __ _ ( \/ )( ) / _\ / \( \/ )/ )( \( ( \ / \/ \ )( / \( O )) / ) \/ (/ / \_)(_/(__)\_/\_/ \__/(__/ \____/\_)__) v20.03.2 Enter Shared Mountpoint/opt/miaoyunk8sadmnfs ✔ Network Interface of Virtual IP Address: ens192 ✔ Offline miaoyun Boot Archive File: /opt/miaoyuninstallpackage/miaoyun-boot-20.03.2.tar ✔ Host IP: 172.16.7.65 [ OK ] Checking environment Kernel version: 5.5.11-1.el7.elrepo.x86_64 Docker version: 19.03.12 Firewalld: inactive [ OK ] Preparing configuration file [ OK ] Preparing certificates [ OK ] Installing registry certificate [ OK ] Loading boot images [ OK ] Deploying offline registry [ OK ] Preparing deploy.yml [ OK ] (1/11) Creating volume: chiwen.alertmanager [ OK ] (2/11) Creating volume: chiwen.clair [ OK ] (3/11) Creating volume: chiwen.data [ OK ] (4/11) Creating volume: chiwen.jenkins [ OK ] (5/11) Creating volume: chiwen.keystone [ OK ] (6/11) Creating volume: chiwen.mysql [ OK ] (7/11) Creating volume: chiwen.chartmuseum [ OK ] (8/11) Creating volume: chiwen.postgres [ OK ] (9/11) Creating volume: chiwen.prometheus [ OK ] (10/11) Creating volume: chiwen.registry [ OK ] (11/11) Creating volume: chiwen.web [ OK ] (1/16) Creating container: miaoyun.POD [ OK ] (2/16) Creating container: miaoyun.keeper [ OK ] (3/16) Creating container: miaoyun.mysql [ OK ] (4/16) Creating container: miaoyun.keystone [ OK ] (5/16) Creating container: miaoyun.etcd [ OK ] (6/16) Creating container: miaoyun.registry [ OK ] (7/16) Creating container: miaoyun.coredns [ OK ] (8/16) Creating container: miaoyun.chartmuseum [ OK ] (9/16) Creating container: miaoyun.prometheus [ OK ] (10/16) Creating container: miaoyun.alertmanager [ OK ] (11/16) Creating container: miaoyun.chiwen-web [ OK ] (12/16) Creating container: miaoyun.jenkins-master [ OK ] (13/16) Creating container: miaoyun.jenkins-exporter [ OK ] (14/16) Creating container: miaoyun.clair [ OK ] (15/16) Creating container: miaoyun.postgres [ OK ] (16/16) Creating container: miaoyun.chiwen Deploy miaoyun successfully! (1m24s) To deploy keepalived, use: my stack keepalived #可以在后面步骤(12.3.2 在备节点上安装keepalived)中执行 [easytong@miaoyun-k8s-adm2 miaoyuninstallpackage]$ </code></pre> <h2>12.3 安装keepalived</h2> <h3>12.3.1 在主节点上安装keepalived</h3> <pre><code class="language-bash">执行如下命令: [easytong@miaoyun-k8s-adm1 miaoyuninstallpackage]$ sudo ./my stack keepalived _ _ __ __ __ _ _ _ _ __ _ ( \/ )( ) / _\ / \( \/ )/ )( \( ( \ / \/ \ )( / \( O )) / ) \/ (/ / \_)(_/(__)\_/\_/ \__/(__/ \____/\_)__) v20.03.2 [ OK ] Deploying keepalived (master) [easytong@miaoyun-k8s-adm1 miaoyuninstallpackage]$ </code></pre> <h3>12.3.2 在备节点上安装keepalived</h3> <pre><code class="language-bash">执行如下命令: [easytong@miaoyun-k8s-adm2 miaoyuninstallpackage]$ sudo ./my stack keepalived _ _ __ __ __ _ _ _ _ __ _ ( \/ )( ) / _\ / \( \/ )/ )( \( ( \ / \/ \ )( / \( O )) / ) \/ (/ / \_)(_/(__)\_/\_/ \__/(__/ \____/\_)__) v20.03.2 [ OK ] Deploying keepalived (backup) [easytong@miaoyun-k8s-adm2 miaoyuninstallpackage]$</code></pre> <h1>13、访问平台说明</h1> <p>安装完成后,在浏览器地址栏中输⼊<a href="https://domain_ip访问平台。即">https://domain_ip访问平台。即</a>: <a href="https://172.16.7.63/">https://172.16.7.63/</a> 默认⽤户名:admin 默认密码:admin 如果能正常访问平台,则代表安装完成。</p> <h2>13.1 验证主备是否安装正确</h2> <p>系统视角/控制台/部署模式,查看高可用: (1)主节点运行,备节点就绪 (2)主节点关机,查看备节点是否切换为主节点,同时秒云管理平台是否可正常访问 (3)主节点开机,查看高可用模式是否为备节点运行,主节点就结绪,秒云管理平台是否可正常访问 (4)备节点关机,查看高可用模式是否为主节点运行,备节点就结绪,秒云管理平台是否可正常访问 (5)备节点开机,查看高可用模式是否为主节点运行,备节点就结绪,秒云管理平台是否可正常访问</p> <h1>14、集群管理(请参考《秒云用户使用手册.pdf》)</h1> <h2>14.1.1 添加主机</h2> <p>操作步骤 </p> <pre><code class="language-bash">主机池添加主机步骤如下。 1. 在浏览器地址栏中输⼊https:// domain_ip访问平台。 2. 在左侧导航栏中选择“主机池”。 3. 单击⻚⾯右上⻆“添加主机”。 4. 选择主机操作系统,分为Linux和Windows两种。 5. 填写主机基础设置信息。</code></pre> <h2>14.1.2 创建集群</h2> <p>操作步骤 </p> <pre><code class="language-bash">创建集群的步骤如下。 1. 在浏览器地址栏中输⼊https:// domain_ip访问平台。 2. 在左侧导航栏中选择“集群”。 3. 单击⻚⾯右上⻆“创建新集群”。 4. 填写集群基础设置信息。 详细信息,请参看《秒云安装部署指南》。</code></pre> <p>单击“⽴即创建”。 创建成功后,新创建的主机集群在“集群”列表中显示。</p> <h2>14.1.3 添加节点</h2> <p>集群创建后,请添加节点,包括集群管理节点和集群计算节点。 添加说明 开启管理节点⾼可⽤时,添加的前三台主机需要选择⻆⾊,可以为“管理/计算节点”,也可以为“管 理节点”,后续添加的节点为“计算节点”,⽀持批量添加管理节点和计算节点。 操作步骤 </p> <pre><code class="language-bash">添加集群管理节点和集群计算节点的步骤相同。 1. 单击创建的集群名称后的 ,选择“添加节点”。 2. 在弹出的节点列表中,选择需要加⼊集群的节点。</code></pre> <p>注意: 节点添加完成后,等待节点的状态为“就绪”时再添加下⼀个节点。</p> <h2>14.1.4 集群绑定给默认域</h2> <p>操作步骤:</p> <pre><code class="language-bash">1、在&amp;quot;系统视角&amp;quot;下,点击“域管理”打开域管理页面; 2、在右侧域管理界面,点击“默认域”,进入默认域详情页面; 3、点“编辑集群”按钮,在关联集群列表,勾选集群“easytong”; 4、在分配置节点中,选择所有节点; 5、点“确认硬改”按钮,完成集群与默认域绑定。</code></pre> <h2>14.1.5 绑定项目与集群</h2> <p>1、切换到域视角,选择“默认域”; 2、在左侧菜单列表中,选择“项目”; 3、在右侧项目页面的项目名称列表中,点击项目名“default”,进入项目详情页面; 4、在项目/default详情页面,点“编辑集群”按钮; 5、在关联集群列表中,勾选集群“easytong”,在分配节点中,选择所有节点,点“确认更改”按钮;</p> <h1>15 部署应用</h1> <h2></h2> <h1>16 手工部署应用服务</h1> <p>项目视角(default)/应用applications,页上右上解点“创建新应用”进入‘应用&gt;高级创建’。</p> <h3>15.1.1 应用名称</h3> <p>应用名称:有启动依赖的服务需分在同一个应用里。</p> <h3>15.1.2 工作负载Workload</h3> <p>点 +添加/部署Deployment, 部署设置:base-deploy-0,默认值可修改为:easytong-server |--窗口组设置: |----容器设置:选择镜像easytong_server:5.1.20.0531,点 ‘拉取镜像配置’; CPU限制(默认)、内存限制(默认),启动命令(从images中读取),虚拟终端,环境变量(从images中读取),容器端口(从images中读取,可根据需要再添加) 添加存储挂载说明:需先将配置文件上传,在配置文件+添加; 添加存储挂载(文件):存储卷:easytong-server-cm-0 &gt; jdbc.properties,存储卷子路径:文件类型,容器内路径:/opt/easytong_server/bin/jdbc.properties,默认权限644,读读:yes 存储卷:easytong-server-cm-0 &gt; resources.properties,存储卷子路径:文件类型,容器内路径:/opt/easytong_server/bin/resources.properties,默认权限644,读读:yes 添加存储挂载(目录):宿主机路径:/opt/data-volumes/easytong_server/logs,容器内路径:/opt/easytong_server/logs,只读:no</p> <h3>15.1.3 配置文件</h3> <p>配置文件 |--配置集ConfigMap: 配置集名称:base-cm-0 可自定义输入 easytong-server-cm-0 通过上传文件:从电脑中选择</p> <h3>15.1.4 服务与访问</h3> <p>在 访问与入口ingresses 页面中设置 <img src="https://www.showdoc.com.cn/server/api/attachment/visitfile/sign/c0873a4a5dd699a305fb024e146ec887?showdoc=.jpg" alt="" /> 上图页面上不同步,建议按下面页中进行设置 <img src="https://www.showdoc.com.cn/server/api/attachment/visitfile/sign/a6ded6ba06df7465e9eb5abea23c52ae?showdoc=.jpg" alt="" /> /easytong_app(/|$)(.*) 说明: | 为右方括号】右边的按钮,如下图: <img src="https://www.showdoc.com.cn/server/api/attachment/visitfile/sign/8ff35aa001250f3653c73a3cb2d2cd39?showdoc=.jpg" alt="" /></p> <h2>15.2 导出模板</h2> <h2>15.1 导入应用模板</h2> <h1>16 NFS双机热备</h1> <p>NFS双机热备 <a href="https://blog.csdn.net/weixin_43695104/article/details/90181114">https://blog.csdn.net/weixin_43695104/article/details/90181114</a> nfs 研究双机热备记录 <a href="https://blog.51cto.com/5437315/2420126">https://blog.51cto.com/5437315/2420126</a></p> <h2>14.1.6 启用域名访问</h2> <p>根据项目实际需要决定是否设置此项。</p> <pre><code class="language-bash">在项目视角的左侧菜单中,选择“应用applications”, 在右边页面中,点“创建新应用”进入页面, 在应用/高级创建页面中,服务设置/访问入口设置页中,域名一栏中输入域名; 需要在访问域名的电脑的host文件种添加域名和vip; </code></pre>

页面列表

ITEM_HTML