systemctl stop firewalld #关闭自启动 systemctl disable firewalld #关闭selinux: $ sed -i 's/enforcing/disabled/' /etc/selinux/config #查看 $ setenforce 0 #关闭swap分许 #临时关闭:swapoff -a #永久关闭:注释掉/etc/fstab文件中的swap行
系统不是最简安装
关闭防火墙后会有安全问题
为了方便先关闭,后续优化
#服务端安装 curl -sfL http://rancher-mirror.cnrancher.com/k3s/k3s-install.sh | INSTALL_K3S_MIRROR=cn INSTALL_K3S_EXEC="server --docker" sh -
INSTALL_K3S_EXEC="server --docker”参数改为docker
#node 安装 curl -sfL http://rancher-mirror.cnrancher.com/k3s/k3s-install.sh | INSTALL_K3S_MIRROR=cn K3S_URL=https://你的服务端ip:6443 K3S_TOKEN=你的token sh -
token 获取方法
cat /var/lib/rancher/k3s/server/node-token
#查看node # kubectl get node链接harbor 拉去镜像 生成凭证
cat /etc/docker/daemon.json
{
"insecure-registries": ["https://harbor.*****.com"],
"registry-mirrors": ["https://gbpursha.mirror.aliyuncs.com"]
}
配置完成后重启docker
systemctl restart docker
登录Docker
docker login https://harbor.*****.com
登陆完成后
获取加密串
cat ~/.docker/config.json |base64 -w 0
写ymal
vim secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: harbor-registry-90
type: kubernetes.io/dockerconfigjson
data:
.dockerconfigjson: 拷贝到这里
生成
kubectl apply -f secret.yaml
部署的时候加入
apiVersion: apps/v1
kind: Deployment
metadata:
name: stzz-dev
spec:
replicas: 1
selector:
matchLabels:
app: stzz-dev
template:
metadata:
labels:
app: stzz-dev
spec:
containers:
- name: stzz-dev
image: harbor.***.com/yunxue-test/stzz:v5
imagePullPolicy: Always
ports:
- containerPort: 8080
resources:
requests:
cpu: 0.1
memory: 500Mi
limits:
cpu: 0.3
memory: 1024Mi
imagePullSecrets:
- name: harbor-registry-90 #生成的密钥名称
然后部署就可以了
相关操作命令
部署 应用和服务
kubectl apply -f **.yaml
查看状态
systemctl status k3s.service
查看pod日志
kubectl logs pod名称
