1 主机/服务规划
| 主机IP | 主机名 | 节点功能类型 | 服务分布 |
|---|---|---|---|
| 192.168.199.20 | k8s.master.vip vip | 虚拟IP | |
| 192.168.199.21 | k8s01 | k8s-Master | Keepalived、HAProxy、Docker |
| 192.168.199.22 | k8s02 | k8s-Master | Keepalived、HAProxy、Docker |
| 192.168.199.23 | k8s03 | k8s-Node | Docker |
| 192.168.199.24 | k8s04 | k8s-Node | Docker |
| 192.168.199.25 | k8s05 | k8s-Node | Docker |
2 主机初始化
参考https://blog.csdn.net/lilinxi001/article/details/140184722
2.1 配置主机名
hostnamectl set-hostname [主机名]
2.2 配置/etc/hosts
vi /etc/hosts
#添加
192.168.199.20 k8s.master.vip vip
192.168.199.21 k8s01
192.168.199.22 k8s02
192.168.199.23 k8s03
192.168.199.24 k8s04
192.168.199.25 k8s05
2.3 配置桥接的IPv4传递到iptables
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOFsysctl --system #执行生效
2.4 部署时间同步服务
yum install ntpdate -y
ntpdate time.windows.com
3 在两台Master节点部署keeplived,即k8s01、k8s02
3.1 keepalived安装
yum -y install conntrack-tools
yum -y install libseccomp
yum -y install libtool-ltdl
yum -y install keepalived
3.2 k8s01配置
vi keepalived.conf
#替换
! Configuration File for keepalivedglobal_defs {router_id k8s
}vrrp_script check_haproxy {script "killall -0 haproxy"interval 3weight -2fall 10rise 2
}vrrp_instance VI_1 {state MASTERinterface ens33 #根据实际网卡名配置virtual_router_id 51priority 250advert_int 1authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {192.168.199.20}track_script {check_haproxy}
}3.3 k8s01配置
vi keepalived.conf
#替换
! Configuration File for keepalivedglobal_defs {router_id k8s
}vrrp_script check_haproxy {script "killall -0 haproxy"interval 3weight -2fall 10rise 2
}vrrp_instance VI_1 {state BACKUPinterface ens33virtual_router_id 51priority 250advert_int 1authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {192.168.199.20}track_script {check_haproxy}
}4 在两台Master节点部署HAProxy,即k8s01、k8s02
yum install -y haproxy
4.1 haproxy配置
vi /etc/haproxy/haproxy.cfg
#替换
#---------------------------------------------------------------------
# Example configuration for a possible web application. See the
# full configuration options online.
#
# http://haproxy.1wt.eu/download/1.4/doc/configuration.txt
#
#---------------------------------------------------------------------#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global# to have these messages end up in /var/log/haproxy.log you will# need to:## 1) configure syslog to accept network log events. This is done# by adding the '-r' option to the SYSLOGD_OPTIONS in# /etc/sysconfig/syslog## 2) configure local2 events to go to the /var/log/haproxy.log# file. A line like the following can be added to# /etc/sysconfig/syslog## local2.* /var/log/haproxy.log#log 127.0.0.1 local2chroot /var/lib/haproxypidfile /var/run/haproxy.pidmaxconn 4000user haproxygroup haproxydaemon# turn on stats unix socketstats socket /var/lib/haproxy/stats#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaultsmode httplog globaloption httplogoption dontlognulloption http-server-closeoption forwardfor except 127.0.0.0/8option redispatchretries 3timeout http-request 10stimeout queue 1mtimeout connect 10stimeout client 1mtimeout server 1mtimeout http-keep-alive 10stimeout check 10smaxconn 3000#---------------------------------------------------------------------
# kubernetes apiserver frontend which proxys to the backends
#---------------------------------------------------------------------
frontend kubernetes-apiservermode tcpbind *:16443option tcplogdefault_backend kubernetes-apiserver#---------------------------------------------------------------------
# static backend for serving up images, stylesheets and such
#---------------------------------------------------------------------
backend kubernetes-apiservermode tcpbalance roundrobinserver k8s01 192.168.199.21:6443 checkserver k8s02 192.168.199.22:6443 checklisten statsbind *:1080stats auth admin:awesomePasswordstats refresh 5sstats realm HAProxy\ Statisticsstats uri /admin?stats
5 部署Docker、kubeadm、kubelet
5.1 安装Docker
yum -y install wgetwget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo
#此处docker版本可以根据个人情况修改
yum install -y docker-ce-19.03.0 docker-ce-cli-19.03.0
systemctl enable docker && systemctl start docker
#修改仓库地址
vi /etc/docker/daemon.json
#替换
{
"exec-opts": ["native.cgroupdriver=systemd"],
"registry-mirrors": ["https://5w5kf152.mirror.aliyuncs.com"]
}
5.2 kubeadm,kubelet 和 kubectl
vi /etc/yum.repos.d/kubernetes.repo
#添加
[Kubernetes]
name=kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
yum install -y kubelet-1.18.0 kubeadm-1.18.0 kubectl-1.18.0systemctl enable kubelet
kubernetes_Master__k8s01_254">5.3 部署kubernetes Master 即k8s01执行
kubeadm in it \
--apiserver-advertise-address=192.168.199.21 \
--image-repository registry.aliyuncs.com/google_containers \
--kubernetes-version v1.17.0 \
--service-cidr=10.96.0.0/12 \
--pod-network-cidr=10.244.0.0/16
![buuctf-[SUCTF 2019]EasySQL 1解题记录](https://i-blog.csdnimg.cn/direct/3c327b39aaba4871a64c13e677fa7ee4.png)
